| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
and license comments.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
configure script:
$(SRCTOP) --> $(top_srcdir)
$(srcdir)/$(thisconfigdir) --> $(top_srcdir)
$(thisconfigdir) --> $(BUILDTOP)
$(myfulldir) --> $(mydir)
ticket: 6583
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23308 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
make reindent
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
kinit.exe, klist.exe, kdestroy.exe, kvno.exe
kdeltkt.exe, kcpytkt.exe, kfwlogon.dll, kfwcpcc.exe
gss-client.exe, gss-server.exe, kpasswd.exe
Remove resource files: kfwcpcc.rc kfwlogon.rc and use
windows/version.rc in their place
Add resource make rules to Makefile.in files included
in this commit
Add missing _VC_MANIFEST_EMBED_EXE rule to kpasswd/Makefile.in
Comment out addition Windows only make rules with ##WIN32##
ticket: 5529
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19471 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
| |
of library manifests into generated EXEs and DLLs.
Manifests are required for Windows XP and above when
applications are built with Microsoft Visual Studio 2005
(aka VS8) or above.
ticket: 3642
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18930 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
subversion commit log entry needs to include information that would
have been in the changelog.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17893 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
presence of an initial ticket to copy to the MIT cache
ticket: 2688
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16733 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
| |
* mit2ms.c: new command. Copies contents of the mit ccache
to the MSLSA: ccache
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16713 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
subdirs only for the makefile in the directory with the configure
script, and will have only $(LOCAL_SUBDIRS) elsewhere. Drop the use
of "MY_SUBDIRS=." to override SUBDIRS in favor of this way of keeping
SUBDIRS empty. Drop other uses of MY_SUBDIRS in favor of
LOCAL_SUBDIRS or (in one case, the top level) overriding the SUBDIRS
setting from pre.in.
One less thing to keep tweaking as configure scripts get reorganized
and merged.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16158 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
ticket: 2183
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15995 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
from the MSLSA krb5_ccache. This will be the case if the session key
enctype is NULL. (AllowTGTSessionKey regkey = 0)
ticket: new
target: 1.3.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15994 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This new ccache type provides an interface for the MIT krb5_cc api
functions to be used to access the contents of the MS Kerberos LSA
cache. The ccache type is read-only because the MS Kerberos LSA
does not allow third party applications to insert credentials into
the cache.
The primary motivation of this work was to encapsulate the complex
operations necessary to manipulate the MS Kerberos LSA. The code
was far from trivial and was often implemented incorrectly. Worse
still was the fact that each version of Windows since W2K modified
the use of the LSA API.
The code which was originally donated in the form of ms2mit.c had
many memory and handle leaks which were acceptable for a one time
application such as ms2mit.c. Unfortunately, this code has started
to appear in many other applications: KfW's Leash, the AFS Wake
systray tool, and others.
By using the new MSLSA ccache the implementation of ms2mit.c went
from 890 lines to 50 lines of code and comments. All that is necessary
is for the MSLSA ccache to be resolved and for its contents to be
copied with krb5_cc_copy_creds to the default ccache.
The MSLSA ccache implements all of the functions of a ccache except
those which would be used to store data into the ccache. When a
write attempt is performed the new error KRB5_CC_READONLY is returned.
The residual portion of the MSLSA ccache name is current ignored
but preserved. If you ask for ccache "MSLSA:myname" you will be
given access to the LSA cache for the current Logon Session. If
you later ask for the name of the ccache you will be returned the
same name. In the future, the residual might be used to provide
information necessary to identify a specific logon session whose
cache it is desired to access. If this is ever done, the applications
which use it will have to possess the SeTcbPrivilege privilege.
Using KfW's Leash it is now possible to set the Krb5 credential
cache to "MSLSA:" and use it to monitor the contents of the
MS Kerberos LSA cache.
As part of adding this functionality, krb5_32.dll is not linked
against the "secur32.lib" library as the Lsa security sdk routines
are stored in the SECUR32.DLL file.
ticket: 2049
target_version: 1.3.2
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15886 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ticket expiration time management, the MS Kerberos LSA will return
tickets to a calling application with lifetimes as short as one second.
Tickets with lifetimes less than five minutes can cause problems for
most apps. Tickets with lifetimes less than 20 minutes will trigger the
Leash ticket lifetime warnings.
Instead of accepting whatever tickets are returned by MS LSA from the
cache, if the ticket lifetime is less than 20 minutes force a retrieval
operation bypassing the LSA ticket cache.
ticket: 1962
target_version: 1.3.2
tags: pullup
owner: jaltman@mit.edu
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15843 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Functional changes:
(1) do not restrict ourselves to DES-CBC-CRC instead support any
ticket with an enctype we support. as of this date (rev 1.3)
this includes all but RC4-MD4.
(2) do not accept invalid tickets
(3) when attempting to retrieve tickets do not specify either the
enctype or cache options (if possible). doing so will force a
TGS request and prevent the results from being stored into the
cache.
(4) when the LSA cache contains a TGT which has expired Microsoft will
not perform a new TGS request until the cache has been purged.
Instead the expired ticket continues to be used along with its
embedded authorization data. When PURGE_ENABLED is defined, if the
tickets are expired, the cache will be purged before requesting
new tickets, else we ignore the contents of the cache and force
a new TGS request.
(5) when the LSA cache is empty do not abort. On XP or 2003, use
the SecurityLogonSessionData to determine the Realm (UserDnsDomain
in MS-speak) and request an appropriate TGT. On 2000, check the
Registry for the HKCU\"Volatile Environment":"USERDNSDOMAIN"
instead. This will allow ms2mit to be used to repopulate the
LSA cache. If the current session is not Kerberos authenticated
an appropriate error message will be generated.
Code changes:
(1) several memory leaks plugged
(2) several support functions copied from the Leashw32.dll sources
(3) get_STRING_from_registry() uses the ANSI versions of the Registry
functions and should at a later date be converted to use the
Unicode versions.
Notes: an ms2mit.exe based on the Leash_import() function
should be considered. Leash_import() not only imports the TGT from
the LSA but also performs the krb524 conversion and AFS token retrieval.
Of course, that version of ms2mit.exe could not exist within the krb5
source tree.
ticket: 1667
target_version: 1.3.1
tags: pullup
owner: jaltman@mit.edu
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15696 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* ms2mit.c: Windows Credentials are addressless. Do not store the
credentials in the MIT cache with addresses since they do not
contain addresses in the encrypted portion of the credential.
Instead generate a valid empty address list.
ticket: 1618
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15648 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14786 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14761 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
| |
potentially getting whatever happens to be in the cache. Remove
unnecessary static variables. Make function headers use a
consistent format. Rename ShowLastError() to ShowWinError() and
ShowNTError() to ShowLsaError().
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14024 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12563 dc483132-0cff-0310-8789-dd5450dbe970
|
