| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add new APIs:
* krb5_get_init_creds_opt_set_responder
* krb5_responder_get_challenge
* krb5_responder_list_questions
* krb5_responder_set_answer
If a caller sets a responder, it will be invoked after preauth modules
have had a chance to review their incoming padata but before they produce
outgoing padata. The responder will be presented a set of questions with
optional challenges. The responder should then answer all questions it knows
how to handle. Both the answers and the challenges are printable UTF-8 and
may contain encoded, structured data specific to the question asked.
Add two new callbacks and one optional method to the clpreauth
interface. The new method (prep_questions) allows modules to ask questions
by setting them in the responder context using one of the new callbacks
(ask_responder_question). The other new callback (get_responder_answer) is
used by the process method to read the answers to the questions asked.
ticket: 7355 (new)
|
|
|
|
|
|
|
| |
25ee704e83c2c63d4b5ecd12ea31c1979239041e added three new public GSSAPI
functions; add them to the DLL export file.
ticket: 7217
|
|
|
|
|
|
| |
Since zapfree(str, strlen(str)) won't work for possibly-null values of
str, add a helper zapfreestr() which only calls strlen() if the string
value is non-null.
|
|
|
|
|
|
|
|
|
|
|
| |
The file 'checkbox blank.png' is unneeded and contains a space in the
name, unnecessarily interfering with running find | xargs over the
source tree. Remove it.
ticket: 7352 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
| |
When the rules from util/k5ev/Makefile.in were moved to
util/verto/Makefile.in, the rule to make rename.h was broken on
non-gmake makes because the definition of SED wasn't carried over.
Define it now.
|
|
|
|
|
|
|
|
|
| |
For the test-vectors target in tests/asn.1, add ASN.1 modules from RFC
4556 and draft-ietf-krb-wg-pkinit-alg-agility-06.txt, and output test
encodings for PrincipalName, KRB5PrincipalName, OtherInfo, and
PkinitSuppPubInfo. In the alg-agility module, AuthPack and DHRepInfo
are renamed, as asn1c otherwise rejects them as conflicting with the
RFC 4556 definitions.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The upstream libverto depends on dynamic loading and in particular on
dladdr(), which is not universal. To avoid this dependency, stub out
support for module loading (by replacing module.c) and instead
integrate the k5ev module directly into the bundled verto library.
This change removes the need to link, include, and invoke libverto
differently depending on whether we're using the bundled library; we
can always just link with -lverto and call verto_default().
bigredbutton: whitespace
ticket: 7351 (new)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
We already define EV_USE_REALTIME to 0 to avoid the use of
clock_gettime() (to avoid depending on librt). But in some build
environments libev can detect support for a monotonic clock, which
also results in using clock_gettime(). Define EV_USE_MONOTONIC to 0
as well to prevent this.
ticket: 7350 (new)
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since the Start Menu and Desktop are different folders, we should
use different components for the shortcuts in those folders, given
that components operate at directory granularity.
Take the opportunity to use the newer style for installing shortcuts
and registry keys, and make the names more descriptive.
Increment the buildlevel to ensure new files are installed.
ticket: 7348 (new)
subject: Use more meaningfully named registry keys for shortcuts
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
| |
ticket: 7347 (new)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using v4 file credentials caches, client clock skew offsets
obtained when running with the kdc_timesync option set are persisted in
the ccache. This allows the offsets to be used across separate contexts,
e.g. when obtaining credentials using krb5 interfaces and subsequently
importing those credentials for use in gssapi. This patch adds similar
support for memory credentials caches.
[ghudson@mit.edu: Minor style corrections.]
ticket: 7346 (new)
|
|
|
|
|
| |
The most recent commit to g_acquire_cred.c allocates an OID set to
pass to the mech, but never releases it. Fix that.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These printfs spew to the console when command-line utilities
such as 'klist' and 'aklog' are run, reducing usability.
These printfs can also cause application hangs.
On a multiprocessor machine, when PuTTY and the ccapiserver are
running on different CPUs, PuTTY appears to deadlock with three
concurrent threads inside cci_debug_printf().
ticket: 7342 (new)
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7341 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7237
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allocate thread-local storage on demand; don't rely on
the DLL_THREAD_ATTACH case in DllMain() since pre-existing
threads will never execute that code.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7340 (new)
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
| |
We can't mix the KRB5 and CC error constants; standardize on the CC ones
and translate appropriately.
ticket: 7339 (new)
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7338 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The InstallValidate action of the windows installer will bring up
a dialog informing us that some currently running processes must
be terminated before installation may proceed, and offers to do so,
but does not actually kill the processes. We have our own code to
kill running processes which did not execute, for two reasons:
it was sequenced after InstallValidate, and we did not have a current
list of processes to look for.
Add the right processes to look for and kill, and use our own
process-killing code since it actually works.
ticket: 7343 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Our 64-bit installer provides 32-bit libraries as well as 64-bit
libraries, but not all 32-bit applications (e.g., PuTTY, Pidgin)
are able to locate them in C:\Program Files\MIT\Kerberos .
Including an InstallDir key under the Wow6432Node tree lets them
work out-of-the-box; while here set all the registry keys in this
component in the compatibility tree, for consistency.
ticket: 7337 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Without version info, this library would not get installed during
an upgrade scenario, causing the MIT Kerberos application to crash
on startup.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
[kaduk@mit.edu: add motivation to commit message]
ticket: 7336 (new)
subject: Fix KfW crash on startup after upgrade
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
| |
We use separate UpgradeCodes for 32- and 64-bit installers, so
we must check for both of them when seeing if we are upgrading an
old/existing installation.
ticket: 7335 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of using 3.9.9 as a conditional for the maximum version to
upgrade from, just use the current version.
This seems to pick up beta tags properly (so we can upgrade
from, e.g., beta 6 to beta 7 using the installer's upgrade tools),
and is future-proof.
Note that a 64-bit installer will not pick up an existing 32-bit
install (or vice versa), but there does not seem to be infrastructure
to deal with this situation easily.
Also, "downgrading" by running an older installer with a newer version
already installed will cause both versions to be simultaneously
installed; only do this if you know what you're doing.
ticket: 7334 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
| |
"MIT Kerberos", not "Leash32"
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7333 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
|
| |
Stop filtering out SC_CLOSE. 'X' button works more reliably, also alt-F4.
Remove minimize box from style.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7332 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
|
| |
Set the CLeashApp::m_bUpdateDisplay flag to cause the display to
update on the next WM_IDLE message to the main thread.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7331 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
| |
Replace dogheads with the new 'K'.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7330 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In some cases we could keep stack garbage in a local pointer
variable until the cleanup at the end of the function wherein
krb5_free_context() would choke on the invalid non-NULL value.
Initialize to zero to avoid the issue (should be written as NULL
but stick to the prevailing style).
ticket: 7329 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We want to always use a new krb5.ini (and our search order guarantees
that we will), but users might be confused if there is still a file
named krb5.ini in the old location which is now non-functional.
However, it is rude to unconditionally delete the old file which may
potentially be the only copy a user has of their local changes.
Instead, rename the old file to a non-functioning name that indicates
it is no longer being used, so that it may be consulted if needed.
Only attempt the rename if we found an existing krb5.ini, and ignore errors
since this is not a critical part of the installation.
ticket: 7328 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These seem to be the only bits from the krb5.ini shipped with older
versions of KfW that remain useful.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
[kaduk@mit.edu: add motivation to commit message]
ticket: 7327 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This was completely wrong, but only caused a severe problem on 64 bit
builds. On 32 bit builds the result was effectively always 'success',
so it would always attempt to renew even if there was not sufficient time
left in the renewable lifetime. This did not have much observable
adverse effect. But on 64 bit builds it always failed and so never
attempted renewal.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7326 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7325 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pre-existing krb5.ini files from old kfw versions will be overridden
due to the new search path, but not removed. This is the desired behavior
since old krb5.ini files are far more likely to cause problems than to
contain useful data.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7324 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The installer only picks it up if MIT_INTERNAL is defined in
the environment; otherwise it uses the now-empty krb5.ini in
the base directory.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7323 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On Windows XP, cci_os_ipc_thread_init() causes additional threads to be
spawned immediately, which results in a vicious cycle until Windows
resources are exhausted. Instead, defer thread_init() until it is really
needed.
Also, use the MSDN-recommended defaults for RPC calls instead of random
constants.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7322 (new)
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
| |
Don't crash if we can't create a CLSID_AutoComplete instance.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7321 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
| |
Since we have x86 dlls, we need the x86 msm's.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7320 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use NODEBUG and DEBUG_SYMBOL from the environment to determine whether or
not to define Debug and DebugSyms for the installer build.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7319 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7318 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
|
| |
When NODEBUG is defined and DEBUG_SYMBOL is not, no pdbs are generated.
This should not cause make install to fail.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7316 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7315 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
|
| |
Increase title control height to make all text visible.
Adjust position of description controls accordingly.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7314 (new)
queue: kfw
target_version: 1.10.4
tags:pullup
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7311 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7310 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
| |
Also a couple of minor fixups.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7309 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7308 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
| |
Require XP SP3 or Vista SP2 or Windows 7 or Server 2003 or Server 2008
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7307 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Without this, AfxGlobalsAddRef() is never called, so AfxGlobalsRelease()
does nothing, causing many leaks and a crash on exit in GdiplusShutdown()
on Vista.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7306 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
-not_an_API_LeashKRB5GetTickets
-not_an_API_LeashKRB5FreeTickets
and supporting routines. Also remove the unused support routine one_addr.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
[kaduk@mit.edu: adjust commit message]
ticket: 7305 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
|