summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Only create toolbar when not using ribbon UIKevin Wasserman2012-08-241-6/+8
| | | | | | | | | | | When we do create the toolbar, dock it. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7250 (new) queue: kfw target_version: 1.10.4 tags: pullup
* Use ListView; add ViewColumn abstractionKevin Wasserman2012-08-244-277/+139
| | | | | | | | | | | | | | | | Punting FormView since we really only need ListCtrl and using ListView makes the header column and window resizing work. The ViewColumn abstraction eliminates some copy/paste code blocks. HDN_ITEMCHANGED tracks user changes to column widths. Remove CTreeCtrl-related code. Also remove some unused code that was generating warnings. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7249 (new) queue: kfw target_version: 1.10.4 tags: pullup
* kfw implement ribbon UIKevin Wasserman2012-08-245-8/+43
| | | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7248 (new) queue: kfw target_version: 1.10.4 tags: pullup
* kfw "Initialize Ticket" -> "Get Ticket"Kevin Wasserman2012-08-242-6/+7
| | | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7247 (new) queue: kfw target_version: 1.10.4 tags: pullup
* MSVC-generated updates to support ribbon UIKevin Wasserman2012-08-244-8/+21
| | | | | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> [kaduk@mit.edu: manually tweak to remove gratuitious churn] ticket: 7246 (new) queue: kfw target_version: 1.10.4 tags: pullup
* Update leash icon and button graphicsKevin Wasserman2012-08-2413-4/+4
| | | | | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> [kaduk@mit.edu: While here, remove now-unused doghead icons.] ticket: 7245 (new) queue: kfw target_version: 1.10.4 tags: pullup
* Prep for KfW conversion to ribbon toolbarKevin Wasserman2012-08-248-77/+19
| | | | | | | | | | | | | | | Upgrade classes: CWinApp->CWinAppEx, CFrameWnd->CFrameWndEx, CStatusBar->CMFCStatusBar, CToolBar->CMFCToolBar. Call AfxOleInit() from CLeashApp::InitInstance() Do not call LoadBarState() (crashes) or GetToolBarCtrl() (no longer exists) Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7244 (new) queue: kfw target_version: 1.10.4 tags: pullup
* Fix portability, printf bugs in preauth_otp.cGreg Hudson2012-08-241-3/+1
| | | | | | unistd.h is not available on Windows and isn't needed for this file, so don't include it. Two arguments to asprintf in choose_token() were reversed.
* Doc newly introduced padata types for OTP supportZhanna Tsitkov2012-08-232-7/+10
| | | | | Remove KRB5_PADATA_OTP_CONFIRM pre-authentication data (padata) type as it is marked as OBSOLETE in RFC 6560.
* Leash UI menu updatesKevin Wasserman2012-08-235-177/+210
| | | | | | | | | | | | | | | | | | | | | | | Eliminate Action menu: -move Ticket manipulation to File menu -eliminate "Reset Window Size/Pos", "Synchronize Time", and "Update Display" Update Options menu: -eliminate all the "Properties" items: "Leash ", "Kerberos ", "Kerberos v4 ", "Kerberos v5 ", and "AFS" TODO: move functionality to advanced install/registry keys. Update View menu: -add "Time Issued", "Renewable Until", "Flags", "Encryption Type", and "Valid Until" -remove "Large Icons", "Toolbar", "Status Bar", and "Debug Window" Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7243 (new) queue: kfw target_version: 1.10.4 tags: pullup
* allow multiple Leash options; add -noribbonKevin Wasserman2012-08-232-3/+11
| | | | | | | | | | | | Change option parsing to allow more than one option to be given. Use the ribbon UI by default; -noribbon reverts to the old UI. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7241 (new) queue: kfw target_version: 1.10.4 tags: pullup
* Target Windows Vista in leash/stdafx.hKevin Wasserman2012-08-231-1/+2
| | | | | | | | | | | | | Define WINVER and _WIN32_WINNT, to target Vista+ -- required for ribbon ui. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7240 (new) queue: kfw subject: Support the Ribbon UI for Leash target_version: 1.10.4 tags: pullup
* Change kfw destroy ticket confirmation messageKevin Wasserman2012-08-231-2/+2
| | | | | | | | | | | | | OKCANCEL -> YESNO Add MB_ICONEXCLAMATION Change text Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7239 (new) queue: kfw target_version: 1.10.4 tags: pullup
* Load additional krb5 and come_err funcsKevin Wasserman2012-08-236-0/+198
| | | | | | | | | | | | Required for multiple identity management and for migration of code from leashdll to leash proper. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7238 (new) queue: kfw target_version: 1.10.4 tags: pullup
* Fix leak in cci_os_ipc_thread_init()Kevin Wasserman2012-08-231-0/+1
| | | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7237 (new) subject: CCAPI cleanup and bugfixes target_version: 1.10.4 tags: pullup
* Remove unused struct and switch_to stubsKevin Wasserman2012-08-231-11/+1
| | | | | | | | | | | Only one mslsa ccache is supported, so switch_to is not needed. Likewise, struct krb5int_lcc_iterator is unneccesary. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7236 (new) target_version: 1.10.4 tags: pullup
* Run "make depend"Tom Yu2012-08-236-18/+87
|
* Fix minor Makefile.in typos for make dependTom Yu2012-08-232-1/+2
| | | | | Fix minor typos in lib/krb5/krb/Makefile.in and tests/gssapi/Makefile.in so that "make depend" will work.
* Fix version info for Leash.exeKevin Wasserman2012-08-233-3/+3
| | | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7235 (new) queue: kfw target_version: 1.10.4 tags: pullup
* Add otp client preauth pluginNathaniel McCallum2012-08-237-0/+592
| | | | | | | Implements the client side of RFC 6560. Not all features are implemented, but it should work for the most common cases. ticket: 7242 (new)
* Add ASN.1 support for OTPGreg Hudson2012-08-2318-43/+2099
| | | | | | | Add encoders and decoders for the OTP-TOKENINFO, PA-OTP-CHALLENGE, PA-OTP-REQUEST, and PA-OTP-ENC-REQUEST types from RFC 6560. For more thorough testing, add support for generating test encodings using asn1c for sample objects (currently only for the OTP types).
* Clean up k5buf_to_gss helperGreg Hudson2012-08-232-5/+3
| | | | | | | k5buf_to_gss was used in only one place (generic_gss_oid_to_str), where we want to include the terminating null byte in the GSS buffer. Remove that assumption from the helper, and instead explicitly append the null byte to the buffer before translating.
* Document preference order of enctypes in krb5.confZhanna Tsitkov2012-08-221-3/+5
|
* Remove dead code in do_as_req.cZhanna Tsitkov2012-08-221-12/+0
| | | | Commit r21692 removed the KRB5_KDB_NON_MS_PRINCIPAL flag.
* Updated Supported Versions documentZhanna Tsitkov2012-08-211-2/+2
|
* Fix apply_keysalt_policy bugGreg Hudson2012-08-151-1/+1
| | | | | | | | | If apply_keysalt_policy is called with null result arguments (as from kadm5_setkey_principal_3), we would dereference a null pointer if the principal has no policy or no policy allowed_keysalts field, due to an incorrect optimization. Reported by Nico. ticket: 7223
* Cross-reference documents in mitK5defaults.rstZhanna Tsitkov2012-08-151-21/+21
|
* Edit rcache_def.rst for spelling and grammarGreg Hudson2012-08-151-10/+10
|
* New Replay Cache rst documentationZhanna Tsitkov2012-08-152-3/+101
|
* Remove obsolete function krb5_secure_config_filesZhanna Tsitkov2012-08-143-27/+0
|
* Silence a gcc warning in t_export_nameGreg Hudson2012-08-121-1/+1
| | | | | | gcc warnings that nametype may be used uninitialized, presumably failing to deduce that usage() never returns. Initialize nametype to make it build.
* Add test coverage for gss_export_nameGreg Hudson2012-08-113-5/+191
| | | | | Exercise gss_export_name and importing of exported name tokens in t_gssapi.py.
* Use gssalloc in krb5_gss_export_nameGreg Hudson2012-08-111-1/+1
| | | | | | | krb5_gss_export_name uses malloc to construct a gss_buffer_desc value, and should use gssalloc_malloc instead. ticket: 7233
* Fix nitpicky bugs in t_inq_credGreg Hudson2012-08-111-6/+6
|
* Stop misusing gss_release_buffer in test programsGreg Hudson2012-08-112-4/+4
| | | | | | | Use free() instead of gss_release_buffer() when freeing the locally allocated context_token in the sample gss-server program. Use gssalloc_free() instead of free when freeing buffers in t_kgss_kernel.c (where we can't use gss_release_buffer).
* Stop misusing gss_release_buffer in libgssrpcGreg Hudson2012-08-113-15/+11
| | | | | | | Use free() instead of gss_release_buffer() when freeing buffers in libgssrpc which weren't constructed by GSSAPI. This mixing is harmless in normal configurations (since libgssrpc is only used on Unix), but fails with DEBUG_GSSALLOC.
* Use gssalloc in more parts of GSSAPIGreg Hudson2012-08-115-11/+13
| | | | | | | | | Fix some GSSAPI buffer allocations which were missed in 800358b1790ef82710af0b6021c6ff2dca2b0de7: gss_export_sec_context, gss_display_name, and IAKERB and SPNEGO token construction. ticket: 7233 (new) tags: pullup
* Add debug mode to gssapi_alloc.hGreg Hudson2012-08-113-23/+79
| | | | | | | | | | Because the gssalloc macros are normally equivalent to malloc and free on Unix, we cannot use the full test suite to find cases where we allocate with malloc and free with gssalloc_free or vice versa. Provide a way to test for this kind of bug (if only in a special build configuration) by supporting a DEBUG_GSSALLOC symbol, which causes the gssalloc wrappers to be deliberately incompatible with malloc and free.
* Remove irrelevant to current code Novell copyrightZhanna Tsitkov2012-08-102-54/+0
|
* Add tests for gss_inquire_credGreg Hudson2012-08-103-3/+221
| | | | | | | | | Now that we're doing a kind of deferred credential acquisition for krb5, the behavior of gss_inquire_cred is a bit more subtle because (per RFC 2743 section 2.1.4) we have to choose a credential cache or acceptor name sooner than we would otherwise do so. Add a C program to invoke gss_acquire_cred/gss_inquire_cred and some Python tests using it.
* Rename Kerberos Concepts section in Sphinx docZhanna Tsitkov2012-08-091-2/+2
|
* Remove gss_mechanism_extSimo Sorce2012-08-085-124/+26
| | | | | | | | This function did not serve any useful purpose. Remove it and the special case it creates; move the only function it contained to the main gss_mechanism structure where it belongs. Note that the function name is preserved so that loadable modules are not affected by this change.
* Regression tests for CVE-2012-1014, CVE-2012-1015Tom Yu2012-08-073-0/+71
| | | | | | ticket: 7231 (new) target_version: 1.10.3 tags: pullup
* Add missing quote to install-windowsTom Yu2012-08-071-1/+1
| | | | | | ticket: 7230 (new) target_version: 1.10.3 tags: pullup
* Minor Sphinx html style modificationZhanna Tsitkov2012-08-071-1/+1
|
* Fix memory leak parsing name with default realmGreg Hudson2012-08-071-0/+1
| | | | | | | After 74beb75bb07e3921d10c8eec05eacb1f393e5e44, allocate_princ() allocates a one-byte realm field even if the principal doesn't have one, so if we're replacing it with the default realm, we need to free that.
* Fix HTML rendering of long-form optionsBenjamin Kaduk2012-08-062-69/+69
| | | | | | | | | | | | | | | | | | | We at present only have long-form options for configure, the scope of the change is somewhat limited. Our SmartyPants config for Sphinx causes these options to appear as prefixed with an en dash, instead of the two hyphens that demarcate the (GNU-style) long-form options. Using a different type of markup for command options could work around this, but that would be a much larger patch. Instead, apply a workaround in the markup for display purposes, which makes the source a bit more ugly but the output correct. Man page output is unaffected. This patch was automatically generated with: git grep -- -- doc/rst_source | grep -v -- --- | cut -d ':' -f 1 | uniq | xargs sed -i '' -e 's/\*\*--\([a-zA-Z]\)/**-**\\ **-\1/g' and manually reviewed for correctness. ticket: 7187
* Remove dash from man page rst sourceBen Kaduk2012-08-061-1/+1
| | | | | | | | This page gets rendered for the web with Sphinx but is also turned into the krb5_conf.5 manual page. We need to use three-hyphen em dashes for the Sphynx config, but those are a bit long for monospace terminal output. Since the dash here can easily be changed to a comma, do so, and avoid the conflict of formatting.
* Use '---' for em dashes in rst sourceBen Kaduk2012-08-063-4/+4
| | | | | | | | | Our sphinx configuration uses SmartyPants, which produces smart quotes and dashes in HTML output, using '--' for en dash and '---' for em dash. (This is also the LaTeX convention.) These points in the text are meant to be em dashes, so format them as such. Also standardize on no spaces around the dash per Chicago Manual of Style (and others).
* Turn off replay cache in krb5_verify_init_creds()Nalin Dahyabhai2012-08-061-0/+9
| | | | | | | The library isn't attempting a replay attack on itself, so any detected replays are only going to be false-positives. ticket: 7229 (new)
generated by cgit (git 2.34.1) at 2025-09-26 20:40:07 +0000