krb5.git
20 years agopriocntl workaround for Solaris 9 pty-close bug
Tom Yu [Fri, 13 Feb 2004 03:19:30 +0000 (03:19 +0000)]
priocntl workaround for Solaris 9 pty-close bug

Implement gross hack to use priocntl to work around the Solaris 9
pty-close bug.  Run expect at a higher class "FX" priority than
spawned processes, which run at a lower class "FX" priority.  "make
check" needs to start from a process which has FX priority >= 30 and
FX priority limit >= 30.  Thanks to Bill Sommerfeld for the hints.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16069 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoTru64 and Irix have RPATH issues for test suite
Tom Yu [Thu, 12 Feb 2004 18:28:01 +0000 (18:28 +0000)]
Tru64 and Irix have RPATH issues for test suite

Implement hack for faking up _RLD_ROOT with a shadow of the directory
tree up to the installed "lib" directory.  This helps with running
tests on Tru64 and Irix.

ticket: 1793

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16066 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago2004-02-12 Jeffrey Altman <jaltman@mit.edu>
Jeffrey Altman [Thu, 12 Feb 2004 13:52:56 +0000 (13:52 +0000)]
2004-02-12  Jeffrey Altman <jaltman@mit.edu>

    * Fix libpath for krbcc32.lib (only affects KRB5_KFW_COMPILE builds)

ticket: new
target_version: 1.3.2
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16065 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoAdd missing file: gss-misc.h copied from src/appl/gss-sample
Jeffrey Altman [Wed, 11 Feb 2004 22:18:58 +0000 (22:18 +0000)]
Add missing file:  gss-misc.h  copied from src/appl/gss-sample

ticket: new
target_version: 1.3.2
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16062 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoupdate for krb5-1.3.2-beta3
Tom Yu [Wed, 11 Feb 2004 19:03:19 +0000 (19:03 +0000)]
update for krb5-1.3.2-beta3

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16058 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoupdate copyright notices on gss sample apps
Tom Yu [Wed, 11 Feb 2004 18:04:37 +0000 (18:04 +0000)]
update copyright notices on gss sample apps

update copyrights

ticket: new
target_version: 1.3.2
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16056 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoupdate for krb5-1.3.2-beta3
Tom Yu [Wed, 11 Feb 2004 02:49:58 +0000 (02:49 +0000)]
update for krb5-1.3.2-beta3

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16054 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago gss-client.c: remove extraneous parameters from client_establish_context()
Jeffrey Altman [Tue, 10 Feb 2004 19:35:49 +0000 (19:35 +0000)]
 gss-client.c: remove extraneous parameters from client_establish_context()

ticket: new
target_version: 1.3.2
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16052 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* ser_sctx.c (kg_oid_externalize): Check for errors.
Ken Raeburn [Tue, 10 Feb 2004 04:35:14 +0000 (04:35 +0000)]
* ser_sctx.c (kg_oid_externalize): Check for errors.
(kg_oid_internalize): Check for errors.  Free allocated storage on error.
(kg_queue_externalize): Check for errorrs.
(kg_queue_internalize): Check for errors.  Free allocated storage on error.
(kg_ctx_size): Update for new context data.
(kg_ctx_externalize): Update for new context data.  Check for error storing
trailer.
(kg_ctx_internalize): Update for new context data.  Check for errors in a few
more cases.

ticket: 2166
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16050 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* gssapi.exp (doit): Run server with additional options to export and re-import
Ken Raeburn [Tue, 10 Feb 2004 04:28:28 +0000 (04:28 +0000)]
* gssapi.exp (doit): Run server with additional options to export and re-import
the GSSAPI context, and log info to a file in tmpdir.

ticket: 2166
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16049 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoCall htons for default port of password server
Sam Hartman [Mon, 9 Feb 2004 23:20:47 +0000 (23:20 +0000)]
Call htons for default port of password server

Ticket: 2171
Status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16047 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago * main.c (init_realm): Apply patch from Will Fiveash to use
Tom Yu [Mon, 9 Feb 2004 22:55:17 +0000 (22:55 +0000)]
* main.c (init_realm): Apply patch from Will Fiveash to use
correct TCP listening ports.

ticket: 2118
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16042 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoUpdate from autoconf 2.59
Tom Yu [Mon, 9 Feb 2004 22:54:04 +0000 (22:54 +0000)]
Update from autoconf 2.59

ticket: 2196
version_reported: 1.3.2
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16041 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* util_ordering.c (g_queue_externalize, g_queue_internalize): Check for
Ken Raeburn [Mon, 9 Feb 2004 22:10:40 +0000 (22:10 +0000)]
* util_ordering.c (g_queue_externalize, g_queue_internalize): Check for
sufficient buffer space.

ticket: 2166
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16040 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* t_cts.c (test_cts): Process encryption and decryption IVs separately, make
Ken Raeburn [Mon, 9 Feb 2004 22:08:09 +0000 (22:08 +0000)]
* t_cts.c (test_cts): Process encryption and decryption IVs separately, make
sure they match, and display the value.

ticket: 2223
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16039 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* aes.c (krb5int_aes_encrypt, krb5int_aes_decrypt): Copy out value for new IV
Ken Raeburn [Mon, 9 Feb 2004 22:06:23 +0000 (22:06 +0000)]
* aes.c (krb5int_aes_encrypt, krb5int_aes_decrypt): Copy out value for new IV

ticket: 2223
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16038 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* configure.in: Check for sys/time.h and time.h
Ken Raeburn [Mon, 9 Feb 2004 21:46:38 +0000 (21:46 +0000)]
* configure.in: Check for sys/time.h and time.h

ticket: 2224
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16034 dc483132-0cff-0310-8789-dd5450dbe970

20 years agono license on k5sealv3.c
Ken Raeburn [Sun, 8 Feb 2004 08:46:24 +0000 (08:46 +0000)]
no license on k5sealv3.c

Updated copyright notice to include standard license for release.

ticket: new
target_version: 1.3.2
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16028 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* update usage() for gss-client
Jeffrey Altman [Sat, 7 Feb 2004 19:44:24 +0000 (19:44 +0000)]
* update usage() for gss-client

ticket: 2212

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16027 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoEnable aes128-cts for client
Sam Hartman [Fri, 6 Feb 2004 21:12:21 +0000 (21:12 +0000)]
Enable aes128-cts for client

Currently we support aes128-cts but do not enable it by default.  It
looks like interoperability problems will be created by this decision.
So add aes128-cts to the default list of enctypes for client
configuration and for permitted_enctypes.

Ticket: new
Target_Version: 1.3.2
Tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16026 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoDo not consider TGS options to be critical; ignore unknown options
Sam Hartman [Fri, 6 Feb 2004 21:10:15 +0000 (21:10 +0000)]
Do not consider TGS options to be critical; ignore unknown options

Ticket: 2189
Tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16025 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago2004-02-06 Jeffrey Altman <jaltman@mit.edu>
Jeffrey Altman [Fri, 6 Feb 2004 19:48:12 +0000 (19:48 +0000)]
2004-02-06  Jeffrey Altman <jaltman@mit.edu>

    * Add new UI components to the gss.exe client
      to support the use of GSS_C_SEQUENCE_FLAG or to
      disable the use of either GSS_C_MUTUAL_FLAG or
      GSS_C_REPLAY_FLAG

ticket: new
target_version: 1.3.2
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16024 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago2004-02-06 Jeffrey Altman <jaltman@mit.edu>
Jeffrey Altman [Fri, 6 Feb 2004 19:05:47 +0000 (19:05 +0000)]
2004-02-06  Jeffrey Altman <jaltman@mit.edu>

    * Add new command line switches to the gss-client
      to support the use of GSS_C_SEQUENCE_FLAG or to
      disable the use of either GSS_C_MUTUAL_FLAG or
      GSS_C_REPLAY_FLAG

ticket: 2212

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16023 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago2004-02-05 Jeffrey Altman <jaltman@mit.edu>
Jeffrey Altman [Fri, 6 Feb 2004 07:00:51 +0000 (07:00 +0000)]
2004-02-05  Jeffrey Altman <jaltman@mit.edu>

    * gssapiP_krb5.h:  remove KG_IMPLFLAGS macro

    * init_sec_context.c (init_sec_context): Expand KG_IMPLFLAGS
      macro with previous macro definition

    * accept_sec_context.c (accept_sec_context): Replace KG_IMPLFLAGS
      macro with new definition.  As per 1964 the INTEG and CONF flags
      are supposed to indicate the availability of the services in
      the client.  By applying the previous definition of KG_IMPLFLAGS
      the INTEG and CONF flags are always on.  This can be a problem
      because some clients such as Microsoft's Kerberos SSPI allow
      CONF and INTEG to be used independently.  By forcing the flags
      on, we would end up with inconsist state with the client.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16022 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoAdd support for specifying the credential cache to be used as well
Jeffrey Altman [Thu, 5 Feb 2004 08:04:45 +0000 (08:04 +0000)]
Add support for specifying the credential cache to be used as well
as fix a few minor user interface bugs

ticket: new
target_version: 1.3.2
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16021 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoRemove reference to the ntstatus.h header in cc_mslsa.c
Jeffrey Altman [Wed, 4 Feb 2004 17:28:00 +0000 (17:28 +0000)]
Remove reference to the ntstatus.h header in cc_mslsa.c
This header is not present in the August 2001 Platform SDK which is
the current minimum SDK version.

ticket: new
tags: pullup
target_version: 1.3.2

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16020 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoupdate for krb5-1.3.2-beta2
Tom Yu [Tue, 3 Feb 2004 13:08:57 +0000 (13:08 +0000)]
update for krb5-1.3.2-beta2

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16015 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago2004-02-02 Jeffrey Altman <jaltman@mit.edu>
Jeffrey Altman [Tue, 3 Feb 2004 00:50:43 +0000 (00:50 +0000)]
2004-02-02  Jeffrey Altman <jaltman@mit.edu>

   * cc_msla.c:
     GetMSCacheTicketFromCacheInfo() uses the tktinfo->TicketFlags as the
     value to assign to TicketRequest->TicketFlags.  This field is blindly
     inserted into the kdc-options[0] field of the TGS_REQ.  If there are
     bits such as TRANSIT_POLICY_CHECKED in the TicketFlags, this will result
     in an unknown TGS_OPTION being processed by the KDC.

     This has been fixed by mapping the Ticket Flags to KDC options.
     We only map Forwardable, Forwarded, Proxiable, and Renewable.  The others
     should not be used.

ticket: 2190
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16013 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago * cc_mslsa.c: the MSLSA code was crashing on Pismere machines when
Jeffrey Altman [Mon, 2 Feb 2004 17:40:19 +0000 (17:40 +0000)]
   * cc_mslsa.c: the MSLSA code was crashing on Pismere machines when
     logging on with cross realm credentials.  On these machines there are
     8 tickets within the LSA cache from two different realms.  One of the
     krbtgt/CLIENT-REALM@CLIENT-REALM tickets (not the Initial ticket but
     a Forwarded ticket) is inaccessible to the ms2mit.exe and leash32.exe
     processes.  The attempt to access the ticket returns a SubStatus code
     of STATUS_LOGON_FAILURE (0xC000006DL) which is supposed to mean that
     the logon attempt was invalid due to bad authentication information.
     kerbtray has no problem listing this ticket.  The other seven tickets
     in the cache including the Initial Ticket are accessible.  Modified
     krb5_lcc_next_cred() to skip to the next ticket if an attempt to read
     a single ticket fails.

ticket: 2184
tags: pullup
target_version: 1.3.2

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15997 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* Update README to describe the new PreserveInitialTicketIdentity
Jeffrey Altman [Mon, 2 Feb 2004 16:05:12 +0000 (16:05 +0000)]
* Update README to describe the new PreserveInitialTicketIdentity
  registry key.

ticket: 2139

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15996 dc483132-0cff-0310-8789-dd5450dbe970

20 years agomissing header
Jeffrey Altman [Sun, 1 Feb 2004 05:46:56 +0000 (05:46 +0000)]
missing header

ticket: 2183

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15995 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago * Do not perform ticket importing if the initial TGT is not available
Jeffrey Altman [Sun, 1 Feb 2004 05:40:48 +0000 (05:40 +0000)]
 * Do not perform ticket importing if the initial TGT is not available
   from the MSLSA krb5_ccache.  This will be the case if the session key
   enctype is NULL.  (AllowTGTSessionKey regkey = 0)

ticket: new
target: 1.3.2
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15994 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* cc_mslsa.c: optimize the get_next logic by storing a handle to the
Jeffrey Altman [Sun, 1 Feb 2004 01:48:22 +0000 (01:48 +0000)]
* cc_mslsa.c: optimize the get_next logic by storing a handle to the
  MS TGT in the lcc_cursor data structure

ticket:new
tags: pullup
target_version: 1.3.2

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15993 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* gss-misc.c: Include sys/time.h or time.h, to get struct timeval declaration
Ken Raeburn [Sat, 31 Jan 2004 23:32:18 +0000 (23:32 +0000)]
* gss-misc.c: Include sys/time.h or time.h, to get struct timeval declaration

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15992 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoDo not export tickets from the LSA if they contain NULL session keys.
Jeffrey Altman [Sat, 31 Jan 2004 09:29:13 +0000 (09:29 +0000)]
Do not export tickets from the LSA if they contain NULL session keys.
This is primarily to prevent unusable TGTs from being imported into the
MIT Credential Cache

ticket: 2153
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15991 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago2004-01-30 Jeffrey Altman <jaltman@mit.edu>
Jeffrey Altman [Sat, 31 Jan 2004 01:40:58 +0000 (01:40 +0000)]
2004-01-30  Jeffrey Altman <jaltman@mit.edu>

   * cc_mslsa.c: As per extensive conversations with Doug Engert we have
     concluded that MS is not specifying a complete set of domain information
     when it comes to service tickets other than the initial TGT.  What happens
     is the client principal domain cannot be derived from the fields they
     export.  Code has now been added to obtain the domain from the initial
     TGT and use that when constructing the client principals for all tickets.

     This behavior can be turned off by setting a registry either on a per-user
     or a system-wide basis:

        {HKCU,HKLM}\Software\MIT\Kerberos5
            PreserveInitialTicketIdentity = 0x0 (DWORD)

ticket: 2139
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15990 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoAdd support for Addressless Ticket Checkbox. Applied patch from Doug Engert
Jeffrey Altman [Sat, 31 Jan 2004 00:46:38 +0000 (00:46 +0000)]
Add support for Addressless Ticket Checkbox.  Applied patch from Doug Engert

ticket: 982
tags: pullup
target_version: 1.3.2

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15989 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago2004-01-30 Jeffrey Altman <jaltman@mit.edu>
Jeffrey Altman [Sat, 31 Jan 2004 00:31:33 +0000 (00:31 +0000)]
2004-01-30  Jeffrey Altman <jaltman@mit.edu>

Update the README file to include details on the new Windows registry
key necessary to access the TGT session key when importing from MSLSA.

Also, include compatibility details regarding the gss sample client and
the Microsoft Platform SDK distributed versions.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15988 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoA near complete re-write of the gss sample client on windows. Supports the
Jeffrey Altman [Sat, 31 Jan 2004 00:00:51 +0000 (00:00 +0000)]
A near complete re-write of the gss sample client on windows.  Supports the
current protocol implemented in the Unix gss sample applications as well as
a new User Interface making this one neat testing tool.

There are still many little kinks to get out in a future version.  The sliders
for the Call Count and the Message Count do not have text strings indicating
their current value.  They slide from 1 to 20.  And the known Mechanism
strings should be accessible in the drop down list.

A documentation file on how to use the tool would be a good addition.

ticket: 2144
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15987 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoAddress issues discovered while testing updated Windows gss sample client.
Jeffrey Altman [Fri, 30 Jan 2004 23:52:07 +0000 (23:52 +0000)]
Address issues discovered while testing updated Windows gss sample client.
A Missing parameter to a sign_server call in gss-server.c and the need for
a select() call in read_all() to prevent blocking indefinitely.

ticket: new
target_version: 1.3.2
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15986 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoprof-int.h should include pthread.h when USE_PTHREADS is defined
Alexandra Ellwood [Fri, 30 Jan 2004 21:41:20 +0000 (21:41 +0000)]
prof-int.h should include pthread.h when USE_PTHREADS is defined

ticket: 2180

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15985 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoUpdated for new source files in krb5
Alexandra Ellwood [Fri, 30 Jan 2004 21:33:16 +0000 (21:33 +0000)]
Updated for new source files in krb5

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15984 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoneed more testing support for MS
Ken Raeburn [Tue, 27 Jan 2004 06:41:26 +0000 (06:41 +0000)]
need more testing support for MS

This should allow use of the CFX_EXERCISE code to better check interoperability
of MS and MIT code with regard to future extensibility.

* init_sec_context.c (make_gss_checksum) [CFX_EXERCISE]: Don't crash on null
pointer in debugging code.
(new_connection): Disable CFX_EXERCISE unknown-token-id case detection.

* accept_sec_context.c (krb5_gss_accept_sec_context) [CFX_EXERCISE]: Log to
/tmp/gsslog whether delegation or extra option bytes were present.

ticket: new
target_version: 1.3.2
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15983 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoupdate for krb5-1.3.2-beta1
Tom Yu [Wed, 7 Jan 2004 23:24:54 +0000 (23:24 +0000)]
update for krb5-1.3.2-beta1

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15978 dc483132-0cff-0310-8789-dd5450dbe970

20 years agofix typos
Jeffrey Altman [Wed, 7 Jan 2004 00:07:14 +0000 (00:07 +0000)]
fix typos

ticket: 2106
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15975 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoAdd stub function implementations to support krb5_cc_remove_cred() which
Jeffrey Altman [Tue, 6 Jan 2004 23:21:13 +0000 (23:21 +0000)]
Add stub function implementations to support krb5_cc_remove_cred() which
would cause a null pointer dereference if called.  The new KRB5_CC_NOSUPP
error is returned to indicate the lack of implementation.

ticket: 2106
target_version: 1.3.2
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15974 dc483132-0cff-0310-8789-dd5450dbe970

20 years agoOnly backdate the ticket that is created. The KDC reply must contain
Sam Hartman [Mon, 5 Jan 2004 21:42:34 +0000 (21:42 +0000)]
Only backdate the ticket that is created.  The KDC reply must contain
the time from the client's request or the client will fail its
clockskew check if the request is backdated too far.

Ticket: 2058
Target_Version: 1.3.2
Tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15965 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago* init_sec_context.c: Include auth_con.h if CFX_EXERCISE is defined.
Ken Raeburn [Mon, 5 Jan 2004 21:12:23 +0000 (21:12 +0000)]
* init_sec_context.c: Include auth_con.h if CFX_EXERCISE is defined.
(make_gss_checksum) [CFX_EXERCISE]: If the key enctype is aes256, insert some
stuff after the delegation slot.
(new_connection) [CFX_EXERCISE]: Don't send messages with bogus token ids.

* accept_sec_context.c (krb5_gss_accept_sec_context): Don't discard the
delegation flag; only look for a delegation if the flag is set, and only look
for delegation, not other options.  Ignore any other data there.

ticket: 2079
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15964 dc483132-0cff-0310-8789-dd5450dbe970

20 years ago * win-mac.h: conditionally define strcasecmp/strncasecmp macros
Jeffrey Altman [Mon, 5 Jan 2004 03:39:53 +0000 (03:39 +0000)]
* win-mac.h: conditionally define strcasecmp/strncasecmp macros
      only if they do not already exist.

ticket: new
target_version: 1.3.2
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15963 dc483132-0cff-0310-8789-dd5450dbe970

21 years ago* configure.in: Use AC_HELP_STRING for kdc-replay-cache option info
Ken Raeburn [Sun, 28 Dec 2003 03:57:48 +0000 (03:57 +0000)]
* configure.in: Use AC_HELP_STRING for kdc-replay-cache option info

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15962 dc483132-0cff-0310-8789-dd5450dbe970

21 years ago* Makefile.in (LOCAL_SUBDIRS): Fix typo in last (undocumented) change
Ken Raeburn [Sun, 28 Dec 2003 03:51:47 +0000 (03:51 +0000)]
* Makefile.in (LOCAL_SUBDIRS): Fix typo in last (undocumented) change

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15961 dc483132-0cff-0310-8789-dd5450dbe970

21 years agomove some basic header and function checks from lib/krb5 to include
Ken Raeburn [Wed, 24 Dec 2003 05:44:25 +0000 (05:44 +0000)]
move some basic header and function checks from lib/krb5 to include

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15960 dc483132-0cff-0310-8789-dd5450dbe970

21 years ago * README: update requirements for compilation tools, DNS support
Jeffrey Altman [Mon, 22 Dec 2003 23:18:13 +0000 (23:18 +0000)]
  * README: update requirements for compilation tools, DNS support
    and describe new MSLSA: credential cache and how to configure
    Windows to use it.

ticket: new
target_version: 1.3.2
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15959 dc483132-0cff-0310-8789-dd5450dbe970

21 years ago * dnssrv.c: wrap the entire module in #ifdef KRB5_DNS_LOOKUP to prevent
Jeffrey Altman [Mon, 22 Dec 2003 18:24:41 +0000 (18:24 +0000)]
 * dnssrv.c: wrap the entire module in #ifdef KRB5_DNS_LOOKUP to prevent
   the dependency on the resolver library when DNS functionality is not
   being compiled into the krb5 library.

ticket: new
target_version: 1.3.2
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15958 dc483132-0cff-0310-8789-dd5450dbe970

21 years ago* fake-addrinfo.h: Include stdio.h
Ken Raeburn [Sat, 20 Dec 2003 04:39:35 +0000 (04:39 +0000)]
* fake-addrinfo.h: Include stdio.h

ticket: 2016

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15957 dc483132-0cff-0310-8789-dd5450dbe970

21 years ago* util_crypt.c (kg_encrypt, kg_decrypt): Input pointer now points to const.
Ken Raeburn [Sat, 20 Dec 2003 03:52:51 +0000 (03:52 +0000)]
* util_crypt.c (kg_encrypt, kg_decrypt): Input pointer now points to const.
* gssapiP_krb5.h: Declarations updated.
* util_seed.c (zeros): Now const.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15956 dc483132-0cff-0310-8789-dd5450dbe970

21 years ago* gssapi_generic.c (const_oids): Renamed from oids, and now const.
Ken Raeburn [Sat, 20 Dec 2003 03:51:00 +0000 (03:51 +0000)]
* gssapi_generic.c (const_oids): Renamed from oids, and now const.
(oids): New macro, casts const_oids to non-const pointer for use in initializers.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15955 dc483132-0cff-0310-8789-dd5450dbe970

21 years ago* realm_iter.c (krb5_realm_iterator_create): Array NAMES is now const
Ken Raeburn [Sat, 20 Dec 2003 03:25:58 +0000 (03:25 +0000)]
* realm_iter.c (krb5_realm_iterator_create): Array NAMES is now const

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15954 dc483132-0cff-0310-8789-dd5450dbe970

21 years ago* prof_get.c (profile_iterator_create): NAMES argument points to const pointers.
Ken Raeburn [Sat, 20 Dec 2003 03:25:05 +0000 (03:25 +0000)]
* prof_get.c (profile_iterator_create): NAMES argument points to const pointers.
* profile.hin (profile_iterator_create): Declaration updated.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15953 dc483132-0cff-0310-8789-dd5450dbe970

21 years ago* prompter.c (catch_signals, restore_signals): Take pointer to old signal
Ken Raeburn [Sat, 20 Dec 2003 03:19:00 +0000 (03:19 +0000)]
* prompter.c (catch_signals, restore_signals): Take pointer to old signal
handler info as new argument.
(osiginfo): New typedef.
(setup_tty, restore_tty): Take pointer to old signal handler info and old
termios settings as new arguments.
(krb5_prompter_posix): Pass the extra arguments, addresses of new automatic
variables.
(osigint, saveparm): Variables deleted.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15952 dc483132-0cff-0310-8789-dd5450dbe970

21 years ago* Makefile.in (STLIBOBJS, OBJS, SRCS): Don't build promptusr.c
Ken Raeburn [Sat, 20 Dec 2003 02:58:52 +0000 (02:58 +0000)]
* Makefile.in (STLIBOBJS, OBJS, SRCS): Don't build promptusr.c

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15951 dc483132-0cff-0310-8789-dd5450dbe970

21 years agooops. actually do the #undef DEBUG
Ken Raeburn [Sat, 20 Dec 2003 02:48:23 +0000 (02:48 +0000)]
oops.  actually do the #undef DEBUG

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15950 dc483132-0cff-0310-8789-dd5450dbe970

21 years ago* sendto_kdc.c (default_debug_handler, put, putstr): Define only if DEBUG is
Ken Raeburn [Sat, 20 Dec 2003 02:46:49 +0000 (02:46 +0000)]
* sendto_kdc.c (default_debug_handler, put, putstr): Define only if DEBUG is
defined.
(DEBUG): Don't define.
(krb5int_sendtokdc_debug_handler): Initialize to null if DEBUG is not defined.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15949 dc483132-0cff-0310-8789-dd5450dbe970

21 years ago* get_in_tkt.c (get_in_tkt_enctypes): Now const
Ken Raeburn [Sat, 20 Dec 2003 02:37:23 +0000 (02:37 +0000)]
* get_in_tkt.c (get_in_tkt_enctypes): Now const

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15948 dc483132-0cff-0310-8789-dd5450dbe970

21 years ago* arcfour.c (l40): Now const
Ken Raeburn [Sat, 20 Dec 2003 02:28:52 +0000 (02:28 +0000)]
* arcfour.c (l40): Now const

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15947 dc483132-0cff-0310-8789-dd5450dbe970

21 years ago* arcfour.c (arcfour_weakkey1, arcfour_weakkey2, arcfour_weakkeys): Now const
Ken Raeburn [Sat, 20 Dec 2003 02:28:09 +0000 (02:28 +0000)]
* arcfour.c (arcfour_weakkey1, arcfour_weakkey2, arcfour_weakkeys): Now const

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15946 dc483132-0cff-0310-8789-dd5450dbe970

21 years agoReplace the array of 8 mit_des_cblock object 'mit_des_zeroblock' defined
Ken Raeburn [Sat, 20 Dec 2003 02:26:17 +0000 (02:26 +0000)]
Replace the array of 8 mit_des_cblock object 'mit_des_zeroblock' defined
locally in multiple files with one defined in f_cbc.c; make it a single element
rather than an array.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15945 dc483132-0cff-0310-8789-dd5450dbe970

21 years ago * init_sec_context.c: Include k5-int.h for accessor
Tom Yu [Fri, 19 Dec 2003 22:24:04 +0000 (22:24 +0000)]
* init_sec_context.c: Include k5-int.h for accessor

ticket: 2077
component: krb5-libs

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15944 dc483132-0cff-0310-8789-dd5450dbe970

21 years ago* ftp.c (do_auth): Handle a return code of 335, where the authentication
Ken Raeburn [Fri, 19 Dec 2003 21:11:40 +0000 (21:11 +0000)]
* ftp.c (do_auth): Handle a return code of 335, where the authentication
exchange requires more messages.

ticket: 2062
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15943 dc483132-0cff-0310-8789-dd5450dbe970

21 years agoticket 2049
Jeffrey Altman [Fri, 19 Dec 2003 06:53:24 +0000 (06:53 +0000)]
ticket 2049

fix an incorrect level of indirection for a krb5_creds data structure.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15942 dc483132-0cff-0310-8789-dd5450dbe970

21 years agoThe new functions krb5int_c_mandatory_cksumtype, krb5_ser_pack_int64,
Jeffrey Altman [Fri, 19 Dec 2003 05:29:32 +0000 (05:29 +0000)]
The new functions krb5int_c_mandatory_cksumtype, krb5_ser_pack_int64,
and krb5_ser_unpack_int64 are considered private.  Therefore, in order
for them to be used from within gssapi they must be added to the
krb5int_accessor mechanism.  This allows us to not publicize their
existence via exportation on Windows or MacOSX.

ticket: new
tags: pullup
target_version: 1.3.2

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15941 dc483132-0cff-0310-8789-dd5450dbe970

21 years ago * cc_retr.c: Extract the test to determine if a credential matches
Jeffrey Altman [Fri, 19 Dec 2003 00:19:20 +0000 (00:19 +0000)]
   * cc_retr.c:  Extract the test to determine if a credential matches
     a requested credential according to the specified fields into
     a private function: krb5int_cc_creds_match_request()

   * cc_mslsa.c: Extend the functionality of krb5_lcc_retrieve() to
     perform a MS Kerberos LSA ticket request if there is no matching
     credential in the cache.  The MS Kerberos LSA places the following
     restriction on what tickets it will place into the LSA cache:
         tickets obtained by an application request for a specific
         set of kerberos flags or enctype will not be cached.
     Therefore, we first make a request with no flags or enctype in
     the hope that we will be lucky and get the right ones anyway.
     If not, we make the application's request and return that ticket
     if it matches the other criteria.

     Implemented a similar technique for krb5_lcc_store().  Since we
     can not write to the cache, when a store request is made we
     instead perform a ticket request through the lsa for a matching
     credential.  If we receive one, we return success.  Otherwise,
     we return the KRB5_CC_READONLY error.

   With these changes I am now able to operate entirely with the MSLSA
   ccache as the default cache provided the MS LSA credentials are
   for the principal I wish to use.  Obviously, one cannot change
   principals while the MSLSA ccache is the default.

ticket: 2049

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15939 dc483132-0cff-0310-8789-dd5450dbe970

21 years agopreliminary update for 1.3.2
Tom Yu [Wed, 17 Dec 2003 01:11:32 +0000 (01:11 +0000)]
preliminary update for 1.3.2

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15938 dc483132-0cff-0310-8789-dd5450dbe970

21 years ago* conv_creds.c (krb5int_encode_v4tkt): Zero out unused parts of ticket. Use a
Ken Raeburn [Tue, 16 Dec 2003 19:21:49 +0000 (19:21 +0000)]
* conv_creds.c (krb5int_encode_v4tkt): Zero out unused parts of ticket.  Use a
temorary in case krb5_int32 isn't "int".
(decode_v4tkt): Use a temorary in case krb5_int32 isn't "int".

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15936 dc483132-0cff-0310-8789-dd5450dbe970

21 years ago* k5-platform.h (SIZE_MAX): Provide default definition if stdint.h doesn't
Ken Raeburn [Mon, 15 Dec 2003 20:56:47 +0000 (20:56 +0000)]
* k5-platform.h (SIZE_MAX): Provide default definition if stdint.h doesn't
define it.

ticket: 2040

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15929 dc483132-0cff-0310-8789-dd5450dbe970

21 years agomake depend
Ken Raeburn [Mon, 15 Dec 2003 20:14:56 +0000 (20:14 +0000)]
make depend

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15928 dc483132-0cff-0310-8789-dd5450dbe970

21 years ago * win-mac.h: source code written to the C99 standard assumes there
Jeffrey Altman [Mon, 15 Dec 2003 17:54:40 +0000 (17:54 +0000)]
  * win-mac.h: source code written to the C99 standard assumes there
    are standard definitions for the MAX sizes of C types including
    size_t.  The MAX preprocessor variables are declared in limits.h
    but limits.h is not included by any of the other header files.
    We will therefore include it via win-mac.h.  We must also add a
    declaration of SIZE_MAX (for size_t) because Microsoft does not
    provide one.

ticket: 2040

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15927 dc483132-0cff-0310-8789-dd5450dbe970

21 years ago * add missing ChangeLog entry
Jeffrey Altman [Mon, 15 Dec 2003 16:16:28 +0000 (16:16 +0000)]
  * add missing ChangeLog entry

ticket: 1471

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15926 dc483132-0cff-0310-8789-dd5450dbe970

21 years ago * k5-platform.h: apply casts (unsigned char) to the assignments from
Jeffrey Altman [Mon, 15 Dec 2003 16:15:30 +0000 (16:15 +0000)]
  * k5-platform.h: apply casts (unsigned char) to the assignments from
    64-bit ints to unsigned char fields to avoid warnings

ticket: 1471

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15925 dc483132-0cff-0310-8789-dd5450dbe970

21 years ago * cc_msla.c: Enable purging of the MS Kerberos LSA cache when the TGT
Jeffrey Altman [Mon, 15 Dec 2003 15:55:15 +0000 (15:55 +0000)]
   * cc_msla.c:   Enable purging of the MS Kerberos LSA cache when the TGT
     has expired.  This will force the LSA to get a new TGT instead of
     returning the expired version.

ticket: 2049

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15924 dc483132-0cff-0310-8789-dd5450dbe970

21 years agokrb524 subdirectory does not get fully cleaned due to change introduced by 1491
Ezra Peisach [Mon, 15 Dec 2003 15:51:41 +0000 (15:51 +0000)]
krb524 subdirectory does not get fully cleaned due to change introduced by 1491

* Makefile.in (clean-unix): Clean up more files now that STLIBOBS
is not used (introduced in 1491). Some files were missed.

ticket: new
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15923 dc483132-0cff-0310-8789-dd5450dbe970

21 years ago * when initiating an enumeration of the ccache contents perform
Jeffrey Altman [Mon, 15 Dec 2003 13:58:10 +0000 (13:58 +0000)]
  * when initiating an enumeration of the ccache contents perform
    a fetch of the TGT.  This will trigger an update request by
    the MS LSA on Windows 2000 and XP which is perfectly willing
    to allow TGTs to expire.

ticket: 2049

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15922 dc483132-0cff-0310-8789-dd5450dbe970

21 years agomove prof-int.h to be the first include file in order to obtain
Jeffrey Altman [Sun, 14 Dec 2003 15:31:10 +0000 (15:31 +0000)]
move prof-int.h to be the first include file in order to obtain
platform specific preprocessor variables used to selectively
import other header files

ticket: 2068

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15921 dc483132-0cff-0310-8789-dd5450dbe970

21 years ago * krb4_32.def: Remove exports from KfM not yet compiled in KfW
Jeffrey Altman [Sat, 13 Dec 2003 19:51:16 +0000 (19:51 +0000)]
    * krb4_32.def: Remove exports from KfM not yet compiled in KfW
            krb_ad_tkt, krb_pw_tkt, kuserok, tkt_string, FSp_xxx

        * krb5_32.def: Add exports of private functions necessary for
            building new gssapi32.dll:
              krb5int_c_mandatory_cksumtype   ; PRIVATE GSSAPI k5-int.h
              krb5_ser_pack_int64             ; PRIVATE GSSAPI k5-int.h
              krb5_ser_unpack_int64           ; PRIVATE GSSAPI k5-int.h

ticket: 2067

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15920 dc483132-0cff-0310-8789-dd5450dbe970

21 years ago * Makefile.in: Remove extraneous spaces ..
Jeffrey Altman [Sat, 13 Dec 2003 19:13:42 +0000 (19:13 +0000)]
  * Makefile.in: Remove extraneous spaces ..

ticket: 2049

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15919 dc483132-0cff-0310-8789-dd5450dbe970

21 years ago * Makefile.in: remove extraneous spaces from ##WIN32## commented
Jeffrey Altman [Sat, 13 Dec 2003 19:11:34 +0000 (19:11 +0000)]
   * Makefile.in: remove extraneous spaces from ##WIN32## commented
     defines for MSLSA_OBJ and MSLSA_SRC

ticket: 2049

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15918 dc483132-0cff-0310-8789-dd5450dbe970

21 years agoGets a bit closer, still not working..
Ken Raeburn [Sat, 13 Dec 2003 18:16:57 +0000 (18:16 +0000)]
Gets a bit closer, still not working..

* ftpcmd.y (getline): Allow "AUTH" as an unprotected command.
* ftpd.c (login): Fix checks for accept_sec_context status.  Only send back one
message in the CONTINUE_NEEDED case.
(with_gss_error_text): New function, split out from reply_gss_error.
(reply_gss_error): Call it.
(reply_gss_error_1): New function.
(log_gss_error, log_gss_error_1): New functions.
(login): Call log_gss_error instead of syslog on error from gss_display_name.

ticket: 2062
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15917 dc483132-0cff-0310-8789-dd5450dbe970

21 years ago* aclocal.m4 (WITH_CC): Drop -Wno-comment, since we don't support SunOS 4 any longer
Ken Raeburn [Sat, 13 Dec 2003 17:35:13 +0000 (17:35 +0000)]
* aclocal.m4 (WITH_CC): Drop -Wno-comment, since we don't support SunOS 4 any longer

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15916 dc483132-0cff-0310-8789-dd5450dbe970

21 years ago* default.exp (passes): Add an AES-only pass.
Ken Raeburn [Sat, 13 Dec 2003 07:32:01 +0000 (07:32 +0000)]
* default.exp (passes): Add an AES-only pass.
(start_kerberos_daemons): Check for error "No principal in keytab matches
desired name".
(dump_db): New proc, for debugging.
(spawn_xterm): Add GSSCLIENT to list of exported variables.

ticket: 2066
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15915 dc483132-0cff-0310-8789-dd5450dbe970

21 years ago* telnet.exp: Skip tests if no DES key types are enabled
Ken Raeburn [Sat, 13 Dec 2003 07:27:03 +0000 (07:27 +0000)]
* telnet.exp: Skip tests if no DES key types are enabled

ticket: 2066
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15914 dc483132-0cff-0310-8789-dd5450dbe970

21 years ago* gssftp.exp (ftp_test): Look for "GSSAPI authentication failed" error
Ken Raeburn [Sat, 13 Dec 2003 07:22:15 +0000 (07:22 +0000)]
* gssftp.exp (ftp_test): Look for "GSSAPI authentication failed" error

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15913 dc483132-0cff-0310-8789-dd5450dbe970

21 years agodon't limit enctype lists at init time
Ken Raeburn [Sat, 13 Dec 2003 07:10:10 +0000 (07:10 +0000)]
don't limit enctype lists at init time

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15912 dc483132-0cff-0310-8789-dd5450dbe970

21 years agoAdd 64-bit sequence number support. Do sequence number ordering tests relative
Ken Raeburn [Sat, 13 Dec 2003 07:07:23 +0000 (07:07 +0000)]
Add 64-bit sequence number support.  Do sequence number ordering tests relative
to the initial value rather than absolute.  Support tokens without pseudo-ASN.1
wrappers.  Don't restrict enctype lists.  Implement CFX token support.

With CFX_EXERCISE defined, use random padding, random rotates, and bogus
initial tokens, to exercise the associated code paths.

ticket: 2040
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15911 dc483132-0cff-0310-8789-dd5450dbe970

21 years agoadd get_name callback for kdb keytab type, for debugging
Ken Raeburn [Sat, 13 Dec 2003 06:35:15 +0000 (06:35 +0000)]
add get_name callback for kdb keytab type, for debugging

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15910 dc483132-0cff-0310-8789-dd5450dbe970

21 years agoignore extra lines output when debugging code enabled
Ken Raeburn [Sat, 13 Dec 2003 06:30:21 +0000 (06:30 +0000)]
ignore extra lines output when debugging code enabled

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15909 dc483132-0cff-0310-8789-dd5450dbe970

21 years agoAdd platform-dependent 64-bit and inline-function support via new header
Ken Raeburn [Sat, 13 Dec 2003 06:28:35 +0000 (06:28 +0000)]
Add platform-dependent 64-bit and inline-function support via new header
k5-platform.h.  Add 64-bit serializer support.  [Not needed for ticket 1471,
but needed for 2040 and annoying to check in separately.]

Add to (internal for now) crypto API a function to get the mandatory checksum
type associated with an enctype.

New support for server-generated subkey, selected via an auth_context flag.

ticket: 1471
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15908 dc483132-0cff-0310-8789-dd5450dbe970

21 years ago * an_to_ln.c (krb5_aname_to_localname): Don't write one byte past
Tom Yu [Sat, 13 Dec 2003 01:28:08 +0000 (01:28 +0000)]
* an_to_ln.c (krb5_aname_to_localname): Don't write one byte past
the end of a string.  Found by Christopher Nebergall.

ticket: 2024
component: krb5-libs
version_reported: 1.3.1

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15895 dc483132-0cff-0310-8789-dd5450dbe970

21 years ago * Makefile.in: Move ##WIN32## constructs from inside
Tom Yu [Sat, 13 Dec 2003 01:20:56 +0000 (01:20 +0000)]
* Makefile.in: Move ##WIN32## constructs from inside
backslash-continued lists, as it was breaking them.  Move explicit
dependency information from under automatic dependencies.

ticket: 2049
component: krb5-libs

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15894 dc483132-0cff-0310-8789-dd5450dbe970

21 years ago * Added new krb5_ccache type "MSLSA" for Windows only.
Jeffrey Altman [Fri, 12 Dec 2003 22:22:36 +0000 (22:22 +0000)]
 * Added new krb5_ccache type "MSLSA" for Windows only.
   This new ccache type provides an interface for the MIT krb5_cc api
   functions to be used to access the contents of the MS Kerberos LSA
   cache.  The ccache type is read-only because the MS Kerberos LSA
   does not allow third party applications to insert credentials into
   the cache.

   The primary motivation of this work was to encapsulate the complex
   operations necessary to manipulate the MS Kerberos LSA.  The code
   was far from trivial and was often implemented incorrectly.  Worse
   still was the fact that each version of Windows since W2K modified
   the use of the LSA API.

   The code which was originally donated in the form of ms2mit.c had
   many memory and handle leaks which were acceptable for a one time
   application such as ms2mit.c. Unfortunately, this code has started
   to appear in many other applications: KfW's Leash, the AFS Wake
   systray tool, and others.

   By using the new MSLSA ccache the implementation of ms2mit.c went
   from 890 lines to 50 lines of code and comments.  All that is necessary
   is for the MSLSA ccache to be resolved and for its contents to be
   copied with krb5_cc_copy_creds to the default ccache.

   The MSLSA ccache implements all of the functions of a ccache except
   those which would be used to store data into the ccache.  When a
   write attempt is performed the new error KRB5_CC_READONLY is returned.

   The residual portion of the MSLSA ccache name is current ignored
   but preserved.  If you ask for ccache "MSLSA:myname" you will be
   given access to the LSA cache for the current Logon Session.  If
   you later ask for the name of the ccache you will be returned the
   same name.  In the future, the residual might be used to provide
   information necessary to identify a specific logon session whose
   cache it is desired to access.  If this is ever done, the applications
   which use it will have to possess the SeTcbPrivilege privilege.

   Using KfW's Leash it is now possible to set the Krb5 credential
   cache to "MSLSA:" and use it to monitor the contents of the
   MS Kerberos LSA cache.

   As part of adding this functionality, krb5_32.dll is not linked
   against the "secur32.lib" library as the Lsa security sdk routines
   are stored in the SECUR32.DLL file.

ticket: 2049
target_version: 1.3.2
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15886 dc483132-0cff-0310-8789-dd5450dbe970

21 years agoRemove cvsignore files
Sam Hartman [Thu, 11 Dec 2003 23:23:32 +0000 (23:23 +0000)]
Remove cvsignore files

Ticket: 2061

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15881 dc483132-0cff-0310-8789-dd5450dbe970