summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* no c++-style commentsKen Raeburn2006-09-221-0/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18605 dc483132-0cff-0310-8789-dd5450dbe970
* KFW 3.1 Beta 2 NetIDMgr ChangesJeffrey Altman2006-09-2136-161/+843
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | source for (1.1.0.1) - Updated documentation with additional information and fixed errors. nidmgr32.dll (1.1.0.1) - Fixed a deadlock in the configuration provider that may cause NetIDMgr to deadlock on load. - Prevent the configuration provider handle list from getting corrupted in the event of a plug-in freeing a handle twice. - Add more parameter validation for the configuration provider. - If a plug-in is only partially registered (only some of the entries were set in the registry), the completion of the registration didn't complete successfully, leaving the plug-in in an unusable state. This has been fixed. Plug-ins will now successfully complete registration once they are loaded for the first time, assuming the correct resources are present in the module. - Fixed notifications for setting a default identity. Notifications were not being properly sent out resulting in the credentials window not being updated when the default identity changed. - Changes to the API for type safety. - Handling of binary data fields was changed to support validation and comparison. - Data types that do not support KCDB_CBSIZE_AUTO now check for and report an error if it is specified. - Password fields in the new credentials dialog will trim leading and trailing whitespace before using a user-entered value. - Change password action will no longer be disabled if no identity is selected. An identity selection control is present in the dialog making this restriction unnecessary. - When renewing credentials, error messages will be suppressed if the renewal was for an identity and the identity does not have any identity credentials associated with it. - Error messages that are related to credentials acquisition or password changes will now display the name of the identity that the error applies to. - Automatic renewals now renews all identities that have credentials associated with them instead of just the default identity. - Fixed a bug where error messages did not have a default button which can be invoked with the return key or the space bar. - The new credentials window will force itself to the top. This can be disabled via a registry setting, but is on by default. - Fixed the sort order in the new credentials tabs to respect sort hints provided by plug-ins. - If a new credentials operation fails, the password fields will be cleared. - Once a new credentials operation starts, the controls for specifying the identity and password and any other custom prompts will be disabled until the operation completes. - Notifications during the new credentials operation now supply a handle to the proper data structures as documented. - Hyperlinks in the new credentials dialog now support markup that will prevent the dialog from switching to the credentials type panel when the link is activated. - If there are too many buttons added by plug-ins in the new credentials dialog, they will be resized to accomodate all of them. - The options button in the new credentials dialog will be disabled while a new credentials operation is in progress. - The 'about' dialog retains the original copyright strings included in the resource. - Multiple modal dialogs are now supported. Only the topmost one will be active. Once it is closed, the other dialogs will gain focus in turn. This allows for error messages to be displayed from other modal dialogs. - The hypertext window supports italics. krb4cred.dll (1.1.0.1) - Fixed a bug where the plug-in would attempt to free a handle twice. - Fixed a handle leak. - Changed the facility name used for event reporting to match the credentials type name. krb5cred.dll (1.1.0.1) - Fixed handling of expired passwords. If the password for an identity is found to have expired at the time a new credentials acquisition is in progress, the user will be given an opportunity to change the password. If this is successful, the new credentials operation will continue with the new password. - Prevent the new credentials dialog from switching to the Kerberos 5 credentials panel during a password change. - Prompts that were cached indefinitely will now have a limited lifetime. Prompt caches that were created using prior versions of the plug-in will automatically expire. - Multistrings in the resource files were converted to CSV to protect them against a bug in Visual Studio 2005 which corrupted multistrings. - Added handling of and reporting WinSock errors that are returned from the Kerberos 5 libraries. - Fixed uninitialized variables. - The username and realm that is entered when selecting an identity will be trimmed of leading and trailing whitespace. - Changed the facility name used for event reporting to match the credentials type name. ticket: new component: windows tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18604 dc483132-0cff-0310-8789-dd5450dbe970
* NSIS installer - update for Win2K NetIDMgrJeffrey Altman2006-09-211-6/+23
| | | | | | | | | Install the Win2K specific binaries for NetIDMgr on Win2K ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18603 dc483132-0cff-0310-8789-dd5450dbe970
* oops, make sure we install from the correct source fileJeffrey Altman2006-09-211-1/+1
| | | | | | | | on Windows 2000 ticket: 4309 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18602 dc483132-0cff-0310-8789-dd5450dbe970
* wix installer - win2k compatibility for netidmgrJeffrey Altman2006-09-211-7/+7
| | | | | | | | | | Install the special win2k version of nidmgr32.dll on Windows 2000 systems. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18601 dc483132-0cff-0310-8789-dd5450dbe970
* windows thread support frees thread local storage after TlsSetValueJeffrey Altman2006-09-211-2/+2
| | | | | | | | | | | | | threads.c: The return value of TlsSetValue is non-zero on success. As a result of misinterpreting the return value, the memory set in TLS is then freed. A subsequent call to TlsGetValue returns the invalid pointer. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18600 dc483132-0cff-0310-8789-dd5450dbe970
* Set the canonicalize flag in TGS requests and accept cross-realm referral ↵Sam Hartman2006-09-2113-122/+647
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | tickets. We do not yet accept tickets in which the server name changes. * krb5_sname_to_principal: If there is no domain realm mapping return null realm *krb5_get_cred_via_tkt: New behavior as described below 1) the referrals case: - check for TGT for initial realm - if a remote realm was specified (which must have happened via a domain_realm mapping), obtain a TGT for it the standard way and start with that. - use client realm for server if not specified - iterate through this loop: - request ticket with referrals turned on - if that fails: - if this was the first request, punt to non-referrals case - otherwise, retry once without referrals turned on then terminate either way - if it works, either use the service ticket or follow the referral path - if loop count exceeded, hardfail 2) the nonreferrals case - this is mostly the old walk_realm_tree TGT-finding (which allows limited shortcut referrals per 4120) followed by a standard tgs-req. - originally requested principal is used for this, although if we were handed something without a realm, determine a fallback realm based on DNS TXT records or a truncation of the domain name. ticket: 2652 Owner: amb git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18598 dc483132-0cff-0310-8789-dd5450dbe970
* * kdb_ldap.h: If BUILD_WITH_BROKEN_LDAP is defined, skip version checksKen Raeburn2006-09-201-5/+13
| | | | | | ticket: 4292 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18595 dc483132-0cff-0310-8789-dd5450dbe970
* Bad loop logic in krb5_mcc_generate_newAlexandra Ellwood2006-09-191-10/+8
| | | | | | | | | krb5_mcc_generate_new() Error in loop caused first item in the list to not get checked the second time through scanning for duplicates. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18594 dc483132-0cff-0310-8789-dd5450dbe970
* whitespaceKen Raeburn2006-09-182-20/+20
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18593 dc483132-0cff-0310-8789-dd5450dbe970
* Savitha's patches for:Ken Raeburn2006-09-1814-151/+72
| | | | | | | | | - LDAP URI support for specifying server and port - support for ldapi interface - updated to newer LDAP APIs - updated documentation git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18592 dc483132-0cff-0310-8789-dd5450dbe970
* * kdb5.c (kdb_load_library): Make error message a little more accurate.Ken Raeburn2006-09-161-29/+47
| | | | | | | | | | (get_errmsg): New function. Uses errcode_2_string and release_errcode_string functions to copy out an error message from the plugin and store it locally, if the error code supplied is nonzero. Changed other uses of plugin functions to call get_errmsg on returning. (krb5_db_errcode2string): Deleted. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18591 dc483132-0cff-0310-8789-dd5450dbe970
* Update dependenciesKen Raeburn2006-09-161-21/+21
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18590 dc483132-0cff-0310-8789-dd5450dbe970
* Move RPC header files to include/gssrpc, which we copy to them atKen Raeburn2006-09-1630-688/+639
| | | | | | | build time, and which is the only place we use them from anyways. Update Makefile references and dependencies. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18589 dc483132-0cff-0310-8789-dd5450dbe970
* Export krb5_ldap_release_errcode_stringKen Raeburn2006-09-161-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18588 dc483132-0cff-0310-8789-dd5450dbe970
* Make it easier to ignore additional directories, like, oh, say, localKen Raeburn2006-09-151-3/+12
| | | | | | install paths for OpenLDAP. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18587 dc483132-0cff-0310-8789-dd5450dbe970
* whitespaceKen Raeburn2006-09-131-38/+30
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18584 dc483132-0cff-0310-8789-dd5450dbe970
* whitespaceKen Raeburn2006-09-121-292/+285
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18583 dc483132-0cff-0310-8789-dd5450dbe970
* whitespaceKen Raeburn2006-09-121-18/+14
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18582 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile.in (krb5/krb5.h): Wrap the content in macro test forKen Raeburn2006-09-071-0/+3
| | | | | | | | multiple-inclusion protection. ticket: 3522 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18571 dc483132-0cff-0310-8789-dd5450dbe970
* Make database plugin responsible for releasing the error-message string, soKen Raeburn2006-09-065-1/+12
| | | | | | | | | | | that we can use the krb5_get_error_message interface internally. * kdb5.h: Add release_errcode_string field to the interface. * db2_exp.c, ldap_exp.c: Initialize it. * ldap_misc.c: Use krb5_get/free_error_message for error message strings. * kdb_ldap.h: Declare krb5_ldap_release_errcode_string. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18565 dc483132-0cff-0310-8789-dd5450dbe970
* whitespaceKen Raeburn2006-09-061-111/+113
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18564 dc483132-0cff-0310-8789-dd5450dbe970
* comment formatting for 80 columnsKen Raeburn2006-09-061-88/+132
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18563 dc483132-0cff-0310-8789-dd5450dbe970
* (prof_get_integer_def, prof_get_string_def): New functions: check specifiedKen Raeburn2006-09-051-109/+100
| | | | | | | | | config section in the profile, then the default section, then fall back to passed default value (for integer only). Set error string on error. (krb5_ldap_read_server_params): Use them, instead of explicitly doubling each profile_get call. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18562 dc483132-0cff-0310-8789-dd5450dbe970
* windows ccache and keytab file paths without a prefix Jeffrey Altman2006-09-052-4/+4
| | | | | | | | | | | ktbase.c, ccbase.c: When a file path is specified without the prefix we must infer the use of the "FILE" prefix. However, we were setting the prefix including the colon separator when the separator should have been ignored. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18561 dc483132-0cff-0310-8789-dd5450dbe970
* Reject old OpenLDAP versions with bugs tickled by this code.Ken Raeburn2006-09-012-6/+21
| | | | | | | | | | | | | | | Clean up some warnings during the build. * ldap_misc.c (strptime) [NEED_STRPTIME_PROTO]: Declare, conditionally. (krb5_ldap_errcode_2_string): Return string, not error code, to fit with DAL interface spec. * kdb_ldap.h: Error out for OpenLDAP versions before 2.2.24. (LDAP_DEPRECATED): Define; openldap-2.3.27 defaults to undefined. (krb5_ldap_lib_init): Prototype. (krb5_get_policydn): Declare. (krb5_ldap_errcode_2_string): Fix return type. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18558 dc483132-0cff-0310-8789-dd5450dbe970
* (krb5_ldap_destroy_policy): krb5_ldap_delete_policy takes a mask arg, not ↵Ken Raeburn2006-08-311-1/+1
| | | | | | pointer-to git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18557 dc483132-0cff-0310-8789-dd5450dbe970
* Declare get_date() used from kadmin cli code.Ken Raeburn2006-08-312-9/+8
| | | | | | In calls, delete the second argument that get_date doesn't take. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18556 dc483132-0cff-0310-8789-dd5450dbe970
* Remove or conditionalize unused variablesKen Raeburn2006-08-311-11/+4
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18555 dc483132-0cff-0310-8789-dd5450dbe970
* Patches from Will Fiveash to allow for configuration and building onKen Raeburn2006-08-314-11/+55
| | | | | | | Solaris. Tested (configured & built) on RHEL 4 and Solaris 10. One minor bugfix added. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18554 dc483132-0cff-0310-8789-dd5450dbe970
* * shlib.conf (*-*-linux*): Use LDFLAGS in LDCOMBINEKen Raeburn2006-08-301-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18553 dc483132-0cff-0310-8789-dd5450dbe970
* Some mechanical changes (mostly whitespace, like indentation levels)Ken Raeburn2006-08-307-3042/+2911
| | | | | | to match up better with MIT coding style. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18552 dc483132-0cff-0310-8789-dd5450dbe970
* Some mechanical changes (mainly whitespace) to match up better withKen Raeburn2006-08-2918-1988/+1911
| | | | | | MIT coding style. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18551 dc483132-0cff-0310-8789-dd5450dbe970
* Rename KRB5_KDB_PLUGIN_OP_NOTSUPP to KRB5_PLUGIN_OP_NOTSUPP and move to krb5 ↵Ken Raeburn2006-08-294-9/+9
| | | | | | table git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18550 dc483132-0cff-0310-8789-dd5450dbe970
* whitespaceKen Raeburn2006-08-291-5/+8
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18549 dc483132-0cff-0310-8789-dd5450dbe970
* Patch from Savitha R:Ken Raeburn2006-08-2917-495/+204
| | | | | | | | | | | | | | | | | | | | | | ldap_util 1. Kdb5_ldap_util interface Removed supp enctypes, suppsalttypes from create realm and modify realm since they are currently not used 2. memset passwd strings to zero when not used any more 3. Using krb5_sname_to_principal in place of gethostbyname while creating the kadmin principal with hostname. libkdb_ldap 1. Added mandatory functions which were missing in the LDAP plug-in 2. Error handling changes - Setting the error message in the kerberos context when decryption of the service passwd fails or connection to the LDAP server fails during initialization. Additional changes: libkdb_ldap: Link against com_err library, to provide error_message(). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18548 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2006-08-231-6/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18519 dc483132-0cff-0310-8789-dd5450dbe970
* Merge Todd's TCP changepw support, with a few fixupsKen Raeburn2006-08-237-336/+444
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * include/cm.h (state_strings, enum conn_states, struct incoming_krb5_message, struct conn_state): Moved here from lib/krb5/os/sendto_kdc.c. (stuct sendto_callback_info): New type. * lib/krb5/os/sendto_kdc.c (set_conn_state_msg_length): New function. (setup_connection): Deleted argument message_len_buf. Don't store message length; call set_conn_state_msg_length instead. (start_connection): New arguments callback_info and callback_buffer. Invoke callback function if any, and set message length on success. (maybe_send): New arguments callback_info and callback_buffer; pass them to start_connection. (krb5int_sendto): New arguments callback_info, remoteaddr, remoteaddrlen. If callback info is provided, allocate per-connection buffers, and pass them to maybe_send. On cleanup, invoke the cleanup callback function if any. (krb5_sendto_kdc): Update krb5int_sendto call. * include/k5-int.h (struct sendto_callback_info): Add forward declaration. (krb5int_sendto, struct _krb5int_access.sendto_udp): Update for new signature. * lib/krb5/os/send524 (krb5int_524_sendto_kdc): Update krb5int_sendto call. * lib/krb4/send_to_kdc.c (krb5int_send_to_kdc_addr): Update sendto_udp call. * lib/krb5/os/changepw.c (struct sendto_callback_context): New type. (krb5_locate_kpasswd): New argument useTcp, used to select socket type in krb5int_locate_server call. (kpasswd_sendto_msg_cleanup, kpasswd_sendto_msg_callback): New functions. (krb5_change_set_password): Call krb5int_sendto with callbacks, instead of managing the exchange here. On RESPONSE_TOO_BIG error, try again with TCP only. * lib/krb5/krb/chpw.c (krb5int_rd_chpw_rep): If length is wrong, check if a buggy server sent a KRB_ERROR. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18518 dc483132-0cff-0310-8789-dd5450dbe970
* Update auxiliary version number for NetIDMgrJeffrey Altman2006-08-232-4/+4
| | | | | | ticket: 4172 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18499 dc483132-0cff-0310-8789-dd5450dbe970
* * install NetIDMgr plug-in sample as part of SDKJeffrey Altman2006-08-233-3/+59
| | | | | | | | * install netidmgr.exe (win2000 version) ticket: 4172 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18498 dc483132-0cff-0310-8789-dd5450dbe970
* * newcredwnd.c - erase the password field on errorJeffrey Altman2006-08-231-1/+27
| | | | | | | | during new credential acquisition ticket: 4172 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18497 dc483132-0cff-0310-8789-dd5450dbe970
* * Fix auto-registration of plug-in modules Jeffrey Altman2006-08-231-2/+17
| | | | | | | | if there is no plug-in list specified ticket: 4172 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18496 dc483132-0cff-0310-8789-dd5450dbe970
* * Makefile - do not etag the Win2000 version of Jeffrey Altman2006-08-231-1/+2
| | | | | | | | the NetIDMgr.exe ticket: 4172 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18495 dc483132-0cff-0310-8789-dd5450dbe970
* improvements to netidmgr dialogsJeffrey Altman2006-08-229-119/+197
| | | | | | | | | | | | | | | * ensure that buttons are disabled while actions are in process * allow plug-ins to specify italic text * fix some documentation * reformat langres.rc ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18494 dc483132-0cff-0310-8789-dd5450dbe970
* clean up mkrel patchlevel.h editing etcTom Yu2006-08-211-2/+3
| | | | | | | | | | | * src/util/mkrel: Be more careful editing KRB5_RELDATE. Delete '$ac_config_fragdir' autoconf droppings. ticket: new tags: pullup target_version: 1.5.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18475 dc483132-0cff-0310-8789-dd5450dbe970
* NetIDMgr Credential Provider Sample Code and DocumentationJeffrey Altman2006-08-1715-0/+2418
| | | | | | | | | | | | | | | This commit provides a template for a Network Identity Manager Credential Provider. It doesn't provide any real functionality but it does provide all of the functions that need to be specified and filled in as part of the process of producing a NetIdMgr plug-in. This code should be pulled up to 1.4.x for inclusion in the KFW 3.1 SDK as well as to 1.5.x. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18464 dc483132-0cff-0310-8789-dd5450dbe970
* cc_err_xlate: Updated error mappings to generate the same errors as ccapiv2.Alexandra Ellwood2006-08-161-8/+14
| | | | | | | | | | stdccv3_setup: Don't translate errors since cc_err_xlate isn't idempotent. krb5_stdccv3_resolve: Don't fail if we can't open the ccache. ticket: 3936 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18458 dc483132-0cff-0310-8789-dd5450dbe970
* * kdb5_ldap_realm.c (kdb5_ldap_create): In assertion test of hardcoded charKen Raeburn2006-08-151-1/+1
| | | | | | array sizes, test against the size we actually need. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18449 dc483132-0cff-0310-8789-dd5450dbe970
* * kdb_default.c (krb5_def_store_mkey): If the file can't be opened, constructKen Raeburn2006-08-151-0/+3
| | | | | | an error message that includes the file's name. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18448 dc483132-0cff-0310-8789-dd5450dbe970
* Set datarootdir in each Makefile to make Autoconf 2.60 happierRuss Allbery2006-08-151-0/+1
| | | | | | | | | | Ticket: 3965 Component: krb5-build Version_Reported: 1.5 Tags: pullup Target_Version: 1.5.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18444 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-27 06:30:30 +0000