| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Updated Windows specific Makefiles to search for header files in src/windows/include
Signed-off-by: Alexey Melnikov <aamelnikov@gmail.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25279 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
Signed-off-by: Alexey Melnikov <aamelnikov@gmail.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25266 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
| |
Removed dependency on KFW, as it is now a part of the same build.
Signed-off-by: Alexey Melnikov <aamelnikov@gmail.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25258 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
Signed-off-by: Alexey Melnikov <aamelnikov@gmail.com>
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25257 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
configure script:
$(SRCTOP) --> $(top_srcdir)
$(srcdir)/$(thisconfigdir) --> $(top_srcdir)
$(thisconfigdir) --> $(BUILDTOP)
$(myfulldir) --> $(mydir)
ticket: 6583
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23308 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
make reindent
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19972 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Microsoft defaults stack checking (/Gs) to on. This requires
that bufferoverflowU.lib be included in the link step. The
macro SCLIB in the build system specifies this library on
versions of Windows that require it. Include SCLIB on the
link line of the makefile.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19881 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19596 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch addresses a problem discovered on some XP systems.
After rundll32.exe starts, the CreateProcess can fail to
start kfwcpcc.exe if the current directory is not %WinDir%\System32.
CreateProcess() should be called with the lpApplicationName parameter
set to NULL in order to permit the use of the PATH.
Also, in ConfigureLogonScript ensure that the trailing NUL of the
constructed command line is processed when producing the wide
character version of the string.
ticket: new
component: windows
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19488 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
will execute the NPLogonNotify function but if the logon is
re-connecting to an existing session, the LogonScript is ignored.
This leaves orphaned credential cache files.
This commit adds a function, KFW_cleanup_orphaned_caches, which
is called by NPLogonNotify to delete any orphaned cache files.
An orphaned cache file is one that is older than five minutes.
ticket: 5532
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19477 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change event log name from "KFW Logon" to "MIT Kerberos". This
is being done to avoid confusion with the "KFW Logon" functionality
that was provided by older versions of OpenAFS. (kfwlogon.h)
Remove logging of the inability to access the "Debug" registry value.
On Vista, kfwlogon.dll is no longer loaded by winlogin.exe. Instead
it is loaded by mpnotify.exe which is spawned once for each logon
request. (kfwcommon.c)
Add a test to ensure that RegisterEventSource succeeded before calling
ReportEvent. (kfwcommon.c)
Absolutely make sure that krb5_init_context() succeeded before calling
any other krb5 functions. (kfwcommon.c)
Add a comment explaining why NPGetCaps() says we are a file system even
though we are not. "It won't work otherwise." (kfwlogon.c)
Change all comparisions for Windows Station and AuthentInfoType names
to case insensitive comparisons. Vista does not use the same case as XP.
(kfwlogon.c)
Change the requested access to the temporary cache file from "All" to
"Read | Delete" when importing its contents into the API cache.
Otherwise, the access test will fail on Vista. (kfwlogon.c)
ticket: new
component: windows
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19476 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
kinit.exe, klist.exe, kdestroy.exe, kvno.exe
kdeltkt.exe, kcpytkt.exe, kfwlogon.dll, kfwcpcc.exe
gss-client.exe, gss-server.exe, kpasswd.exe
Remove resource files: kfwcpcc.rc kfwlogon.rc and use
windows/version.rc in their place
Add resource make rules to Makefile.in files included
in this commit
Add missing _VC_MANIFEST_EMBED_EXE rule to kpasswd/Makefile.in
Comment out addition Windows only make rules with ##WIN32##
ticket: 5529
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19471 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Non-interactive logons cause two problems:
(1) on XP/2003 the logon event handlers do not get triggered and on
all platforms the LogonScript does not get executed.
As a result, ccache files are not deleted.
(2) on all platforms, accessing the credential cache causes
krbcc32s.exe to be spawned. This process never terminates.
This patch tests for interactive logons. If the logon is not
interactive, the Network Provider exits immediately.
ticket: new
component: windows
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19296 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(1) The registry key used for activating event reporting to
the Windows application log was wrong. It should be
"NetworkProvider" not "Network Provider"
(2) Event logging of the state of the "Debug" value has been
added so that it is possible to debug the use of event
reporting.
(3) The code no longer performs the pre-kinit operations
if a password was not provided.
(4) A new function KFW_copy_file_cache_to_api_cache() has
been added. This is used instead of
KFW_copy_file_cache_to_default_cache() permitting the
default cache to be MSLSA, FILE, or anything else.
The API cache name will be of the form API:principal
just as is done by Network Identity Manager.
ticket: 5469
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19289 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to ensure the _WIN32_WINNT have a value of 0x0501 or greater.
Otherwise, required LSA type declarations are undeclared.
Provide a registry value that can be set to turn on Application
Event log messages for debugging.
HKLM\System\CurrentControlSet\Services\MIT Kerberos\Network Provider
DWORD "Debug"
Ensure that KFW_obtain_user_temp_directory() returns a value on
error.
Correct the declaration of KFW_copy_cache_to_system_file()
to match the prototype.
ticket: 5469
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19240 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On Windows Vista the GINA architecture was removed. As a side
effect the support for the Logon Event Handlers was also removed.
The KFW Integrated Logon functionality relies on the "Logon"
event handler to migrate the user's tickets from a secure FILE:
ccache to an API: ccache so that the tickets will be available
to NetIDMgr and all other Kerberos applications.
This functionality is especially important on Vista for
accounts that are members of the Administrators group because
the User Account Control (UAC) restricts access to the session
keys of all tickets in the MSLSA ccache. The only way for
tickets to be made available to MIT Kerberos applications is
by obtaining them within the Network Provider and pushing them
into the Logon Session.
This patch replaces the missing Logon Event Handler support
with a new exported function "LogonEventHandler" which adheres
to the rundll32.exe specifications. The "LogonEventHandler"
function accepts as input the name of a FILE ccache and moves
the contents into an API: ccache and then deletes the FILE
ccache.
In order for this to work the FILE ccache must be owned by
the account that was used to logon to the current session.
The NPLogonNotify() function must therefore lookup the SID
for the active account, assign an appropriate DACL to the
ccache file, and change the owner. In addition, when Vista
is in use a LogonScript must be constructed that will perform
the call to rundll32.exe.
Other changes include altering the prototype of
KFW_copy_ccache_system_file to accept a filename instead of
the LogonID. This improves the abstraction and allows the
filename to be computed once and passed into multiple
functions from NPLogonNotify().
Many debugging calls were added to assist with implementation.
#define DEBUG 1 at the top of kfwcommon.c when you wish to
build with debugging that generates entries in the Windows
Application Event Viewer.
It is important to note that Integrated Logon attempts to
logon the username within the default realm within the
krb5.ini file using the provided password. This is so
a local machine account name matching the default realm
can obtain Kerberos tickets by synchronizing the password.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19221 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
| |
of library manifests into generated EXEs and DLLs.
Manifests are required for Windows XP and above when
applications are built with Microsoft Visual Studio 2005
(aka VS8) or above.
ticket: 3642
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18930 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
| |
Windows 2000 does not support the ability to generate SIDs
from symbolic names.
Add more debugging and error condition checks.
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18387 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
ticket: 4048
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18382 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
| |
ticket: 4048
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18381 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
KFW integrated login was failing when the user is
not a power user or administrator. This was occurring
because the temporary file ccache was being created in
a directory the user could not read. While fixing this
it was noticed that the ACLs on the ccache were too broad.
Instead of applying a fix to the FILE: krb5_ccache
implementation it was decided that simply applying a new
set of ACLs (SYSTEM and "user" with no inheritance) to
the file immediately after the krb5_cc_initialize() call
would close the broadest security issues.
The file is initially created in the SYSTEM %TEMP% directory
with "SYSTEM" ACL only. Then it is moved to the user's %TEMP%
directory with "SYSTEM" and "user" ACLs. Finally, after
copying the credentials to the API: ccache, the file is deleted.
ticket: new
tags: pullup
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18379 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
krb5 to build under the Microsoft Visual Studio 8 compiler
in 64-bit mode and produce file names that do not conflict
with the names produced by the 32-bit build. That patch
was modified to work on Unix and also include processor
dependent pre-processor definitions to remove warnings.
ticket: 3415
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17680 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
| |
The leashwin.h file needs to be accessible via the INCLUDE path.
ticket: new
tags: pullup
target_version: 1.3.4
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17556 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Wrap debugging statements
Fix bug in KFW_get_cred that prevents acquisition of
credentials.
ticket: new
component: windows
status: resolved
target_version: 1.4.4
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17534 dc483132-0cff-0310-8789-dd5450dbe970
|
|
The Logon Network Provider works like the OpenAFS Integrated
Logon. It uses the username entered by the user and the
default realm obtained from krb5.ini and the user entered
password. If possible, tickets are obtained and imported
into the user's CCAPI credential cache.
ticket: new
component: windows
target_version: 1.4.4
status: resolved
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17518 dc483132-0cff-0310-8789-dd5450dbe970
|