summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* kfw: generate manifestsTom Yu2011-12-121-1/+1
| | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7050 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25564 dc483132-0cff-0310-8789-dd5450dbe970
* kfw fixes: ccapiserver only quits after all clients detachTom Yu2011-12-123-6/+14
| | | | | | | | | | Not sure if this is really a good idea or not... Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7050 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25563 dc483132-0cff-0310-8789-dd5450dbe970
* kfw fixes: fix _snprintf usage; use full error code in leash_error_messageTom Yu2011-12-121-2/+3
| | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7050 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25562 dc483132-0cff-0310-8789-dd5450dbe970
* kfw fix: restructure low ticket warning popup code to workaround mfc bugTom Yu2011-12-122-4/+32
| | | | | | | | | | | | | | | mfc bug causes assertions when dialog is generated from within PreTranslateMessages() (MSG input param points to a global variable which is corrupted in the dialog message loop). So we need to instead PostMessage() to cause the popup later. Also fixed logic to cause warning dialog to actually be modal as intended when the leash window is not minimized. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7050 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25561 dc483132-0cff-0310-8789-dd5450dbe970
* kfw fix: int -> size_t to fix warning in krb5routines.cTom Yu2011-12-121-1/+1
| | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7050 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25560 dc483132-0cff-0310-8789-dd5450dbe970
* kfw fixes: krb5_get_init_creds_opt_init->krb5_get_init_creds_opt_allocTom Yu2011-12-124-20/+54
| | | | | | | | | | Should enable leash to generate config credentials (needs verification!) Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7050 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25559 dc483132-0cff-0310-8789-dd5450dbe970
* kfw fixes: define USE_MESSAGE_BOX in leashdll code for user feedbackTom Yu2011-12-121-1/+1
| | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7050 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25558 dc483132-0cff-0310-8789-dd5450dbe970
* kfw fix: Add custom "Password incorrect" message to Leash_int_kinit_ex()Tom Yu2011-12-121-3/+3
| | | | | | | | | | Overrides obscure KRB5KRB_AP_ERR_BAD_INTEGRITY message. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7050 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25557 dc483132-0cff-0310-8789-dd5450dbe970
* kfw fix: make Leash_kdestroy() actually destroy k5 ticketsTom Yu2011-12-121-0/+3
| | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7050 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25556 dc483132-0cff-0310-8789-dd5450dbe970
* kfw fixes: make leash ignore credentials that store config principalsTom Yu2011-12-124-0/+15
| | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7050 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25555 dc483132-0cff-0310-8789-dd5450dbe970
* kfw installer: don't build installer into installerTom Yu2011-12-122-46/+0
| | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7050 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25554 dc483132-0cff-0310-8789-dd5450dbe970
* kfw installer: purge support for old compilersTom Yu2011-12-121-194/+0
| | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7050 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25553 dc483132-0cff-0310-8789-dd5450dbe970
* kfw fixes: install xpprof32Tom Yu2011-12-122-4/+4
| | | | | | | | | | TODO: xpprof64! Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7050 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25552 dc483132-0cff-0310-8789-dd5450dbe970
* kfw: update copyright notice in license.rtfTom Yu2011-12-121-1/+1
| | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7050 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25551 dc483132-0cff-0310-8789-dd5450dbe970
* kfw: use correct message id to obtain tgt from leashTom Yu2011-12-121-1/+2
| | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7050 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25550 dc483132-0cff-0310-8789-dd5450dbe970
* kfw: clean out unused #defines from Lglobals.hTom Yu2011-12-121-4/+0
| | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7050 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25549 dc483132-0cff-0310-8789-dd5450dbe970
* kfw installer: install leash32.exeTom Yu2011-12-122-4/+4
| | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7050 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25548 dc483132-0cff-0310-8789-dd5450dbe970
* kfw installer: use MSVC 2010 merge modulesTom Yu2011-12-123-138/+37
| | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7050 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25547 dc483132-0cff-0310-8789-dd5450dbe970
* Windows leash fixes: 'make install' installs leash exesTom Yu2011-12-121-0/+1
| | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7050 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25546 dc483132-0cff-0310-8789-dd5450dbe970
* Windows leash64 fixes: use proper names for leash and krb5 dllsTom Yu2011-12-121-0/+6
| | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7050 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25545 dc483132-0cff-0310-8789-dd5450dbe970
* kfw installer: add runtime.wxi WIXINCLUDES in Makefile to fix dependenciesTom Yu2011-12-121-0/+1
| | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7050 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25544 dc483132-0cff-0310-8789-dd5450dbe970
* LeashView.cpp: only specify TVIF_TEXT if there is actually textTom Yu2011-12-121-1/+4
| | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7050 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25543 dc483132-0cff-0310-8789-dd5450dbe970
* windows ccapi: use a random challenge to authenticate ccapiserverTom Yu2011-12-121-2/+38
| | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7050 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25542 dc483132-0cff-0310-8789-dd5450dbe970
* windows ccapi: launch server without console by defaultTom Yu2011-12-121-5/+6
| | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7050 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25541 dc483132-0cff-0310-8789-dd5450dbe970
* Make ccapiserver exit if its receiveloop thread terminates for any reasonTom Yu2011-12-122-2/+10
| | | | | | | | | | This happens, for example, when the rpc endpoint is already registered by another ccapiserver process. There's no reason to leave a zombie process running that can't receive messages. ticket: 7050 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25540 dc483132-0cff-0310-8789-dd5450dbe970
* fix warning in test_cc_credentials_iterator_next.cTom Yu2011-12-121-0/+1
| | | | | | | | include test_ccapi_iterators.h for check_cc_credentials_iterator_next ticket: 7050 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25539 dc483132-0cff-0310-8789-dd5450dbe970
* windows ccapiserver: replace Sleep with event waitTom Yu2011-12-125-10/+52
| | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7050 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25538 dc483132-0cff-0310-8789-dd5450dbe970
* Corrected the name of KRB5_NT_SRV_HST macro. Added some doxygen commentsZhanna Tsitkov2011-12-121-30/+21
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25537 dc483132-0cff-0310-8789-dd5450dbe970
* Fix subkey memory leak in krb5_get_credentialsGreg Hudson2011-12-091-0/+2
| | | | | | | | | | | If a get_credentials operation requires multiple TGS requests, we need to free the subkey from previous requests before saving a new one. ticket: 7049 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25536 dc483132-0cff-0310-8789-dd5450dbe970
* Fix memory leaks in FAST TGS supportGreg Hudson2011-12-092-4/+12
| | | | | | | | | | krb5int_fast_prep_req remove tgs from request->padata and needs to free it. get_creds.c needs to use a fresh FAST state for each TGS request to avoid leaking armor keys. ticket: 7026 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25535 dc483132-0cff-0310-8789-dd5450dbe970
* Actually allow null server key in krb5_pac_verifyGreg Hudson2011-12-081-3/+0
| | | | | | ticket: 7048 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25534 dc483132-0cff-0310-8789-dd5450dbe970
* Allow null server key to krb5_pac_verifyGreg Hudson2011-12-072-6/+8
| | | | | | | | | | When the KDC verifies a PAC, it doesn't really need to check the server signature, since it can't trust that anyway. Allow the caller to pass only a TGT key. ticket: 7048 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25532 dc483132-0cff-0310-8789-dd5450dbe970
* Add automated tests for S4U2Self and S4U2ProxyGreg Hudson2011-12-075-9/+347
| | | | | | | | | These tests mainly exercise the client-side GSSAPI code for S4U2Self and S4U2Proxy. They also exercise the KDC code for S4U2Self, but only the denial logic for S4U2Proxy since the DB2 back end doesn't support constrained delegation currently. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25531 dc483132-0cff-0310-8789-dd5450dbe970
* Allow S4U2Proxy service tickets to be cachedGreg Hudson2011-12-071-3/+1
| | | | | | | | | | Previous to this change, the GSS code avoids caching S4U2Proxy results for fear of the memory cache growing without bound, but that seems unlikely to be a serious problem. Allow these to be cached. ticket: 7047 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25530 dc483132-0cff-0310-8789-dd5450dbe970
* Allow S4U2Proxy delegated credentials to be savedGreg Hudson2011-12-078-31/+89
| | | | | | | | | | | | | | | The initial implementation of client-side S4U2Proxy support did not allow delegated proxy credentials to be stored (gss_store_cred would error out, and gss_krb5_copy_ccache would generate a non-working cache). To make this work, we save the impersonator name in a cache config variable and in a cred structure field (replacing the proxy_cred flag), and make the default principal of the proxy cache the subject principal as the caller would expect for a regular delegated cred. ticket: 7046 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25529 dc483132-0cff-0310-8789-dd5450dbe970
* SA-2011-007 KDC null pointer deref in TGS handling [CVE-2011-1530]Tom Yu2011-12-063-1/+11
| | | | | | | | | | | Fix a null pointer dereference condition that could cause a denial of service. ticket: 7042 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25525 dc483132-0cff-0310-8789-dd5450dbe970
* make dependKen Raeburn2011-12-052-5/+10
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25505 dc483132-0cff-0310-8789-dd5450dbe970
* Set a default enctype for optimistic preauthGreg Hudson2011-12-041-0/+8
| | | | | | | | | | | | | | | | | | | | | | When the client application requests optimistic preauth for a preauth type which uses the password, we don't have an etype-info2 to interpret since we haven't talked to the KDC. So we need to guess an enctype, salt, and s2k parameters. In 1.9 and prior, encrypted timestamp contained code to use the first requested enctype in this case, but encrypted challenge did not. In 1.10 prior to this change, neither mechanism uses a reasonable default. Set a default enctype in krb5_init_creds_init so that all password-based preauth mechanisms will use a reasonable default in the optimistic preauth case. The default salt and s2k parameters for this case will be the principal-based default salt and the enctype-based default parameters. ticket: 7033 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25504 dc483132-0cff-0310-8789-dd5450dbe970
* Added support for loading of Krb5.ini from Windows APPDATASam Hartman2011-12-021-8/+77
| | | | | | | | | | Signed-off-by: Alexey Melnikov <aamelnikov@gmail.com> ticket: 7038 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25500 dc483132-0cff-0310-8789-dd5450dbe970
* Use LsaDeregisterLogonProcess(), not CloseHandle()Sam Hartman2011-12-021-9/+9
| | | | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7037 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25499 dc483132-0cff-0310-8789-dd5450dbe970
* Fix free ofuninitialized memory in sname_to_princSam Hartman2011-12-021-2/+3
| | | | | | | | | | | Fix free of uninitialized memory in error case introduced in 1.10 development cycle. ticket: 7036 tags: pullup Target_Version: 1.10 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25498 dc483132-0cff-0310-8789-dd5450dbe970
* krb5_lcc_store() now ignores config credentialsSam Hartman2011-12-021-0/+9
| | | | | | | | | | Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7035 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25497 dc483132-0cff-0310-8789-dd5450dbe970
* mk_cred: memory managementSam Hartman2011-12-021-1/+1
| | | | | | | | | | | | | | Fix for mk_cred.c: calloc() not malloc() Avoid calling free() in cleanup on uninitialized sub-ptrs if error occurs. Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com> ticket: 7034 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25496 dc483132-0cff-0310-8789-dd5450dbe970
* Ldap dependency for parallel buildsSam Hartman2011-11-291-0/+3
| | | | | | | | | | The ldap plugin needs to declare a dependency on the ldap library ticket: 7030 tags: pullup target_version: 1.10 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25494 dc483132-0cff-0310-8789-dd5450dbe970
* Fix --with-system-verto without pkg-configGreg Hudson2011-11-291-1/+1
| | | | | | | | | | | | If we're using the system verto and pkg-config isn't found but libverto is, set VERTO_LIBS to just -lverto as there won't be a k5ev module. ticket: 7029 target_version: 1.10 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25493 dc483132-0cff-0310-8789-dd5450dbe970
* Use INSTALL_DATA to avoid marking .mo files executableSam Hartman2011-11-291-1/+1
| | | | | | ticket: new target_version: 1.10 tags: pullup subject: Use INSTALL_DATA to install message catalogues git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25492 dc483132-0cff-0310-8789-dd5450dbe970
* AC_CHECK_LIB should put -lcrypto in PKINIT_CRYPTO_IMPL_LIBS not LIBSSam Hartman2011-11-291-1/+1
| | | | | | | | | for pkinit. A similar problem exists for crypto_impl and is not addressed by this patch. ticket: new Subject: LIBS should not include PKINIT_CRYPTO_IMPL_LIBS tags: pullup target_version: 1.10 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25491 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust krb5int_decode_tgs_rep, closing a leakGreg Hudson2011-11-231-19/+20
| | | | | | | | Use current practices for parameter naming and resource cleanup. Avoid a leak of local_dec_rep (now named dec_rep) if we take a "goto cleanup" path. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25490 dc483132-0cff-0310-8789-dd5450dbe970
* Whitespace, style changes to past two commitsGreg Hudson2011-11-235-76/+84
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25489 dc483132-0cff-0310-8789-dd5450dbe970
* FAST TGSSam Hartman2011-11-237-18/+129
| | | | | | | | | | Implement RFC 6113 FAST TGS support. Includes library support for a varient of explicit TGS armor that has not yet been proposed within the IETF. ticket: 7026 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25488 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-29 14:06:55 +0000