summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* KfW GUI -- renew selected principalsKevin Wasserman2012-08-241-5/+99
| | | | | | | | | | | | | The renew button should act on the current selection. -auto-renew still only renews default ccache -renew doesn't work for UAC-limited MSLSA Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7262 (new) queue: kfw target_version: 1.10.4 tags: pullup
* Update ribbon tooltip textBen Kaduk2012-08-241-13/+13
| | | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7261 (new) queue: kfw target_version: 1.10.4 tags: pullup
* Add leak tracking support to LeashKevin Wasserman2012-08-241-0/+12
| | | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7260 (new) queue: kfw target_version: 1.10.4 tags: pullup
* Add defines for debug builds in win-pre.inKevin Wasserman2012-08-241-0/+4
| | | | | | | | | | | define DEBUG and _CRTDBG_MAP_ALLOC except for NODEBUG builds Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7259 (new) queue: kfw target_version: 1.10.4 tags: pullup
* Remove ID_ABOUT, add ID_IMPORT_TICKETSKevin Wasserman2012-08-242-3/+4
| | | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7258 (new) queue: kfw target_version: 1.10.4 tags: pullup
* Fix tooltips for ribbonKevin Wasserman2012-08-241-3/+17
| | | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7257 (new) queue: kfw target_version: 1.10.4 tags: pullup
* Tooltip text fixesKevin Wasserman2012-08-241-12/+13
| | | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7256 (new) queue: kfw target_version: 1.10.4 tags: pullup
* Set fCachesTicket=TRUE when no credentialsKevin Wasserman2012-08-241-1/+2
| | | | | | | | | | | | It is not really clear this is correct, but neither was the previous behavior. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7255 (new) queue: kfw target_version: 1.10.4 tags: pullup
* Do not be over-restrictive in the presence of UACKevin Wasserman2012-08-241-39/+4
| | | | | | | | | | | | | | | | | | We used to explicitly check if a process was UAC-limited and deny all access to the TGT in that case; however, this makes the MSLSA cache effectively useless. Do not try to outsmart UAC, and let it do its own checking -- this allows UAC-limited access to the MSLSA ccache, which should mean read-write access to service tickets, and write-only access to the TGT. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> [kaduk@mit.edu: delete instead of comment out, move comment.] ticket: 7254 (new) queue: kfw target_version: 1.10.4 tags: pullup
* kfw support for multiple identitiesKevin Wasserman2012-08-2417-1332/+1658
| | | | | | | | | | | | | | | | | | | | We need a sense of what the default identity is, then, with a way to set it and list it. The memory management model changes some, as well. Use a bold font to indicate the current default identity in the GUI; while here use an italic font for expired credentials. In the process, rip out some krb4 remenants, and remove ancient code conditional on the lack of KRB5_TC_NOTICKET. Define USE_MESSAGE_BOX when building leash and use MessageBox(). [kaduk@mit.edu: adjust for style, flesh out commit message.] ticket: 7253 (new) queue: kfw target_version: 1.10.4 tags: pullup
* kfw get tickets dialog tweaksKevin Wasserman2012-08-242-18/+16
| | | | | | | | | | | | | "Options" button -> "Advanced Settings" "Renew Till" -> "Renew Until" "Kerberos 5 Options" -> "Flag this ticket as" Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7252 (new) queue: kfw target_version: 1.10.4 tags: pullup
* kfw remove status barKevin Wasserman2012-08-244-6/+16
| | | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7251 (new) queue: kfw target_version: 1.10.4 tags: pullup
* Only create toolbar when not using ribbon UIKevin Wasserman2012-08-241-6/+8
| | | | | | | | | | | When we do create the toolbar, dock it. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7250 (new) queue: kfw target_version: 1.10.4 tags: pullup
* Use ListView; add ViewColumn abstractionKevin Wasserman2012-08-244-277/+139
| | | | | | | | | | | | | | | | Punting FormView since we really only need ListCtrl and using ListView makes the header column and window resizing work. The ViewColumn abstraction eliminates some copy/paste code blocks. HDN_ITEMCHANGED tracks user changes to column widths. Remove CTreeCtrl-related code. Also remove some unused code that was generating warnings. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7249 (new) queue: kfw target_version: 1.10.4 tags: pullup
* kfw implement ribbon UIKevin Wasserman2012-08-245-8/+43
| | | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7248 (new) queue: kfw target_version: 1.10.4 tags: pullup
* kfw "Initialize Ticket" -> "Get Ticket"Kevin Wasserman2012-08-242-6/+7
| | | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7247 (new) queue: kfw target_version: 1.10.4 tags: pullup
* MSVC-generated updates to support ribbon UIKevin Wasserman2012-08-244-8/+21
| | | | | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> [kaduk@mit.edu: manually tweak to remove gratuitious churn] ticket: 7246 (new) queue: kfw target_version: 1.10.4 tags: pullup
* Update leash icon and button graphicsKevin Wasserman2012-08-2413-4/+4
| | | | | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> [kaduk@mit.edu: While here, remove now-unused doghead icons.] ticket: 7245 (new) queue: kfw target_version: 1.10.4 tags: pullup
* Prep for KfW conversion to ribbon toolbarKevin Wasserman2012-08-248-77/+19
| | | | | | | | | | | | | | | Upgrade classes: CWinApp->CWinAppEx, CFrameWnd->CFrameWndEx, CStatusBar->CMFCStatusBar, CToolBar->CMFCToolBar. Call AfxOleInit() from CLeashApp::InitInstance() Do not call LoadBarState() (crashes) or GetToolBarCtrl() (no longer exists) Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7244 (new) queue: kfw target_version: 1.10.4 tags: pullup
* Fix portability, printf bugs in preauth_otp.cGreg Hudson2012-08-241-3/+1
| | | | | | unistd.h is not available on Windows and isn't needed for this file, so don't include it. Two arguments to asprintf in choose_token() were reversed.
* Doc newly introduced padata types for OTP supportZhanna Tsitkov2012-08-232-7/+10
| | | | | Remove KRB5_PADATA_OTP_CONFIRM pre-authentication data (padata) type as it is marked as OBSOLETE in RFC 6560.
* Leash UI menu updatesKevin Wasserman2012-08-235-177/+210
| | | | | | | | | | | | | | | | | | | | | | | Eliminate Action menu: -move Ticket manipulation to File menu -eliminate "Reset Window Size/Pos", "Synchronize Time", and "Update Display" Update Options menu: -eliminate all the "Properties" items: "Leash ", "Kerberos ", "Kerberos v4 ", "Kerberos v5 ", and "AFS" TODO: move functionality to advanced install/registry keys. Update View menu: -add "Time Issued", "Renewable Until", "Flags", "Encryption Type", and "Valid Until" -remove "Large Icons", "Toolbar", "Status Bar", and "Debug Window" Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7243 (new) queue: kfw target_version: 1.10.4 tags: pullup
* allow multiple Leash options; add -noribbonKevin Wasserman2012-08-232-3/+11
| | | | | | | | | | | | Change option parsing to allow more than one option to be given. Use the ribbon UI by default; -noribbon reverts to the old UI. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7241 (new) queue: kfw target_version: 1.10.4 tags: pullup
* Target Windows Vista in leash/stdafx.hKevin Wasserman2012-08-231-1/+2
| | | | | | | | | | | | | Define WINVER and _WIN32_WINNT, to target Vista+ -- required for ribbon ui. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7240 (new) queue: kfw subject: Support the Ribbon UI for Leash target_version: 1.10.4 tags: pullup
* Change kfw destroy ticket confirmation messageKevin Wasserman2012-08-231-2/+2
| | | | | | | | | | | | | OKCANCEL -> YESNO Add MB_ICONEXCLAMATION Change text Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7239 (new) queue: kfw target_version: 1.10.4 tags: pullup
* Load additional krb5 and come_err funcsKevin Wasserman2012-08-236-0/+198
| | | | | | | | | | | | Required for multiple identity management and for migration of code from leashdll to leash proper. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7238 (new) queue: kfw target_version: 1.10.4 tags: pullup
* Fix leak in cci_os_ipc_thread_init()Kevin Wasserman2012-08-231-0/+1
| | | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7237 (new) subject: CCAPI cleanup and bugfixes target_version: 1.10.4 tags: pullup
* Remove unused struct and switch_to stubsKevin Wasserman2012-08-231-11/+1
| | | | | | | | | | | Only one mslsa ccache is supported, so switch_to is not needed. Likewise, struct krb5int_lcc_iterator is unneccesary. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7236 (new) target_version: 1.10.4 tags: pullup
* Run "make depend"Tom Yu2012-08-236-18/+87
|
* Fix minor Makefile.in typos for make dependTom Yu2012-08-232-1/+2
| | | | | Fix minor typos in lib/krb5/krb/Makefile.in and tests/gssapi/Makefile.in so that "make depend" will work.
* Fix version info for Leash.exeKevin Wasserman2012-08-233-3/+3
| | | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7235 (new) queue: kfw target_version: 1.10.4 tags: pullup
* Add otp client preauth pluginNathaniel McCallum2012-08-237-0/+592
| | | | | | | Implements the client side of RFC 6560. Not all features are implemented, but it should work for the most common cases. ticket: 7242 (new)
* Add ASN.1 support for OTPGreg Hudson2012-08-2318-43/+2099
| | | | | | | Add encoders and decoders for the OTP-TOKENINFO, PA-OTP-CHALLENGE, PA-OTP-REQUEST, and PA-OTP-ENC-REQUEST types from RFC 6560. For more thorough testing, add support for generating test encodings using asn1c for sample objects (currently only for the OTP types).
* Clean up k5buf_to_gss helperGreg Hudson2012-08-232-5/+3
| | | | | | | k5buf_to_gss was used in only one place (generic_gss_oid_to_str), where we want to include the terminating null byte in the GSS buffer. Remove that assumption from the helper, and instead explicitly append the null byte to the buffer before translating.
* Document preference order of enctypes in krb5.confZhanna Tsitkov2012-08-221-3/+5
|
* Remove dead code in do_as_req.cZhanna Tsitkov2012-08-221-12/+0
| | | | Commit r21692 removed the KRB5_KDB_NON_MS_PRINCIPAL flag.
* Updated Supported Versions documentZhanna Tsitkov2012-08-211-2/+2
|
* Fix apply_keysalt_policy bugGreg Hudson2012-08-151-1/+1
| | | | | | | | | If apply_keysalt_policy is called with null result arguments (as from kadm5_setkey_principal_3), we would dereference a null pointer if the principal has no policy or no policy allowed_keysalts field, due to an incorrect optimization. Reported by Nico. ticket: 7223
* Cross-reference documents in mitK5defaults.rstZhanna Tsitkov2012-08-151-21/+21
|
* Edit rcache_def.rst for spelling and grammarGreg Hudson2012-08-151-10/+10
|
* New Replay Cache rst documentationZhanna Tsitkov2012-08-152-3/+101
|
* Remove obsolete function krb5_secure_config_filesZhanna Tsitkov2012-08-143-27/+0
|
* Silence a gcc warning in t_export_nameGreg Hudson2012-08-121-1/+1
| | | | | | gcc warnings that nametype may be used uninitialized, presumably failing to deduce that usage() never returns. Initialize nametype to make it build.
* Add test coverage for gss_export_nameGreg Hudson2012-08-113-5/+191
| | | | | Exercise gss_export_name and importing of exported name tokens in t_gssapi.py.
* Use gssalloc in krb5_gss_export_nameGreg Hudson2012-08-111-1/+1
| | | | | | | krb5_gss_export_name uses malloc to construct a gss_buffer_desc value, and should use gssalloc_malloc instead. ticket: 7233
* Fix nitpicky bugs in t_inq_credGreg Hudson2012-08-111-6/+6
|
* Stop misusing gss_release_buffer in test programsGreg Hudson2012-08-112-4/+4
| | | | | | | Use free() instead of gss_release_buffer() when freeing the locally allocated context_token in the sample gss-server program. Use gssalloc_free() instead of free when freeing buffers in t_kgss_kernel.c (where we can't use gss_release_buffer).
* Stop misusing gss_release_buffer in libgssrpcGreg Hudson2012-08-113-15/+11
| | | | | | | Use free() instead of gss_release_buffer() when freeing buffers in libgssrpc which weren't constructed by GSSAPI. This mixing is harmless in normal configurations (since libgssrpc is only used on Unix), but fails with DEBUG_GSSALLOC.
* Use gssalloc in more parts of GSSAPIGreg Hudson2012-08-115-11/+13
| | | | | | | | | Fix some GSSAPI buffer allocations which were missed in 800358b1790ef82710af0b6021c6ff2dca2b0de7: gss_export_sec_context, gss_display_name, and IAKERB and SPNEGO token construction. ticket: 7233 (new) tags: pullup
* Add debug mode to gssapi_alloc.hGreg Hudson2012-08-113-23/+79
| | | | | | | | | | Because the gssalloc macros are normally equivalent to malloc and free on Unix, we cannot use the full test suite to find cases where we allocate with malloc and free with gssalloc_free or vice versa. Provide a way to test for this kind of bug (if only in a special build configuration) by supporting a DEBUG_GSSALLOC symbol, which causes the gssalloc wrappers to be deliberately incompatible with malloc and free.
generated by cgit (git 2.34.1) at 2024-10-01 03:23:00 +0000