| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The renew button should act on the current selection.
-auto-renew still only renews default ccache
-renew doesn't work for UAC-limited MSLSA
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7262 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7261 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7260 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
| |
define DEBUG and _CRTDBG_MAP_ALLOC except for NODEBUG builds
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7259 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7258 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7257 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7256 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is not really clear this is correct, but neither was the
previous behavior.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7255 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We used to explicitly check if a process was UAC-limited and deny all
access to the TGT in that case; however, this makes the MSLSA cache
effectively useless.
Do not try to outsmart UAC, and let it do its own checking -- this allows
UAC-limited access to the MSLSA ccache, which should mean read-write
access to service tickets, and write-only access to the TGT.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
[kaduk@mit.edu: delete instead of comment out, move comment.]
ticket: 7254 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We need a sense of what the default identity is, then, with a way
to set it and list it.
The memory management model changes some, as well.
Use a bold font to indicate the current default identity in the
GUI; while here use an italic font for expired credentials.
In the process, rip out some krb4 remenants, and remove ancient
code conditional on the lack of KRB5_TC_NOTICKET.
Define USE_MESSAGE_BOX when building leash and use MessageBox().
[kaduk@mit.edu: adjust for style, flesh out commit message.]
ticket: 7253 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
"Options" button -> "Advanced Settings"
"Renew Till" -> "Renew Until"
"Kerberos 5 Options" -> "Flag this ticket as"
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7252 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7251 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
| |
When we do create the toolbar, dock it.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7250 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Punting FormView since we really only need ListCtrl and using
ListView makes the header column and window resizing work.
The ViewColumn abstraction eliminates some copy/paste code blocks.
HDN_ITEMCHANGED tracks user changes to column widths.
Remove CTreeCtrl-related code.
Also remove some unused code that was generating warnings.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7249 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7248 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7247 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
[kaduk@mit.edu: manually tweak to remove gratuitious churn]
ticket: 7246 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
[kaduk@mit.edu: While here, remove now-unused doghead icons.]
ticket: 7245 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade classes: CWinApp->CWinAppEx, CFrameWnd->CFrameWndEx,
CStatusBar->CMFCStatusBar, CToolBar->CMFCToolBar.
Call AfxOleInit() from CLeashApp::InitInstance()
Do not call LoadBarState() (crashes)
or GetToolBarCtrl() (no longer exists)
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7244 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
| |
unistd.h is not available on Windows and isn't needed for this file,
so don't include it. Two arguments to asprintf in choose_token() were
reversed.
|
|
|
|
|
| |
Remove KRB5_PADATA_OTP_CONFIRM pre-authentication data (padata) type
as it is marked as OBSOLETE in RFC 6560.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Eliminate Action menu:
-move Ticket manipulation to File menu
-eliminate "Reset Window Size/Pos", "Synchronize Time", and "Update Display"
Update Options menu:
-eliminate all the "Properties" items:
"Leash ", "Kerberos ", "Kerberos v4 ", "Kerberos v5 ", and "AFS"
TODO: move functionality to advanced install/registry keys.
Update View menu:
-add "Time Issued", "Renewable Until", "Flags", "Encryption Type",
and "Valid Until"
-remove "Large Icons", "Toolbar", "Status Bar", and "Debug Window"
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7243 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change option parsing to allow more than one option to be given.
Use the ribbon UI by default; -noribbon reverts to the old UI.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7241 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Define WINVER and _WIN32_WINNT, to target Vista+ -- required for
ribbon ui.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7240 (new)
queue: kfw
subject: Support the Ribbon UI for Leash
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OKCANCEL -> YESNO
Add MB_ICONEXCLAMATION
Change text
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7239 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
|
| |
Required for multiple identity management and for migration of code from
leashdll to leash proper.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7238 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7237 (new)
subject: CCAPI cleanup and bugfixes
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
| |
Only one mslsa ccache is supported, so switch_to is not needed.
Likewise, struct krb5int_lcc_iterator is unneccesary.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7236 (new)
target_version: 1.10.4
tags: pullup
|
| |
|
|
|
|
|
| |
Fix minor typos in lib/krb5/krb/Makefile.in and
tests/gssapi/Makefile.in so that "make depend" will work.
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7235 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
| |
Implements the client side of RFC 6560. Not all features are
implemented, but it should work for the most common cases.
ticket: 7242 (new)
|
|
|
|
|
|
|
| |
Add encoders and decoders for the OTP-TOKENINFO, PA-OTP-CHALLENGE,
PA-OTP-REQUEST, and PA-OTP-ENC-REQUEST types from RFC 6560. For more
thorough testing, add support for generating test encodings using
asn1c for sample objects (currently only for the OTP types).
|
|
|
|
|
|
|
| |
k5buf_to_gss was used in only one place (generic_gss_oid_to_str),
where we want to include the terminating null byte in the GSS buffer.
Remove that assumption from the helper, and instead explicitly append
the null byte to the buffer before translating.
|
| |
|
|
|
|
| |
Commit r21692 removed the KRB5_KDB_NON_MS_PRINCIPAL flag.
|
| |
|
|
|
|
|
|
|
|
|
| |
If apply_keysalt_policy is called with null result arguments (as from
kadm5_setkey_principal_3), we would dereference a null pointer if the
principal has no policy or no policy allowed_keysalts field, due to an
incorrect optimization. Reported by Nico.
ticket: 7223
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
gcc warnings that nametype may be used uninitialized, presumably
failing to deduce that usage() never returns. Initialize nametype to
make it build.
|
|
|
|
|
| |
Exercise gss_export_name and importing of exported name tokens in
t_gssapi.py.
|
|
|
|
|
|
|
| |
krb5_gss_export_name uses malloc to construct a gss_buffer_desc value,
and should use gssalloc_malloc instead.
ticket: 7233
|
| |
|
|
|
|
|
|
|
| |
Use free() instead of gss_release_buffer() when freeing the locally
allocated context_token in the sample gss-server program. Use
gssalloc_free() instead of free when freeing buffers in
t_kgss_kernel.c (where we can't use gss_release_buffer).
|
|
|
|
|
|
|
| |
Use free() instead of gss_release_buffer() when freeing buffers in
libgssrpc which weren't constructed by GSSAPI. This mixing is
harmless in normal configurations (since libgssrpc is only used on
Unix), but fails with DEBUG_GSSALLOC.
|
|
|
|
|
|
|
|
|
| |
Fix some GSSAPI buffer allocations which were missed in
800358b1790ef82710af0b6021c6ff2dca2b0de7: gss_export_sec_context,
gss_display_name, and IAKERB and SPNEGO token construction.
ticket: 7233 (new)
tags: pullup
|
|
|
|
|
|
|
|
|
|
| |
Because the gssalloc macros are normally equivalent to malloc and free
on Unix, we cannot use the full test suite to find cases where we
allocate with malloc and free with gssalloc_free or vice versa.
Provide a way to test for this kind of bug (if only in a special build
configuration) by supporting a DEBUG_GSSALLOC symbol, which causes the
gssalloc wrappers to be deliberately incompatible with malloc and
free.
|