| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
================================
KfW 3.1 Alpha (NetIDMgr 1.1.11.0)
-- nidmgr32.dll
- Only one action in a menu is allowed to have KHUI_ACTIONREF_DEFAULT
flag set. This marks the action as being the default action for the
menu and will be rendered as such.
- Newly created identities start off with the KCDB_IDENT_FLAG_EMPTY
flag set. Once credentials are associated with the identity and the
identity is refreshed, the flag will be cleared.
- When creating actions, enforce the name length.
- khm_value_exists() now handles shadowed configuration spaces.
- Add new action KHUI_ACTION_LAYOUT_MINI which toggles between
'Advanced' and 'Basic' views.
- Add support for F11 and F12 keys in khui_get_cmd_accel_string().
- New option for alerts to indicate that instead of just setting the
response field in the alert, the UI should dispatch the command
that the user has selected.
-- krb5common.obj
- khm_krb5_initialize() can return a handle to a krb5_ccache that has
already been closed. Now it doesn't.
- Also import 'krb5_string_to_deltat()'.
- Work around conditioned symbol definitions in ntsecapi.h in the
Vista Platform SDK that affect Win 2000.
-- krb5cred.dll
- Don't clear the prompts when the options for an identity changes.
The prompter code relies on the prompts being around so that the
values that the user has entered can be retained if the new set of
prompts is the same as the old one.
- Use the same code in the new credentials acquisition and the
identity configuration code to obtain krb5 parameters for an
identity.
- Reset the 'IMPORTED' flag when we get new credentials using a
password.
- If the validity of a principal is not known, then we restrict the
options that can be specified when calling
krb5_get_init_creds_password() so that we can reliably determine if
the principal is valid. If we need to get new credentials for the
principal, we need to make another call using the correct options.
- The return codes from the prompter need to indicate that the
password read operation was cancelled instead of arbiraty non-zero
values.
- When reading identity settings, if a particular setting is not
defined in the registry, then default to reading the settings out of
krb5.ini.
- Refer to credentials as 'credentials' or 'tickets' instead of
'creds'.
- If an identity has imported credentials, don't import for the same
identity again.
- When importing an identity, create the identity configuration in the
registry if we don't already have any settings there.
- Work around conditioned symbol definitions in ntsecapi.h in the
Vista Platform SDK that affect Win 2000.
- Rearrange declarations for clarity.
- Use the correct APIs to parse configuration values from krb5.ini.
-- krb4cred.dll
- The dialog layout was updated to accomodate a localized string that
no longer fit in its control.
- Remove a spurious inclusion of ntsecapi.h and work around
conditioned symbol definition in the Vista Platform SDK.
-- netidmgr.exe
- Fix the menu creation code to correctly tag the default action so
that it will be rendered properly.
- Update the menu enumeration code to use documented functions instead
of accessing acton lists directly.
- Pool of per-identity actions now include a set of actions for
obtaining credentials for specific identities.
- The default action performed when the notification icon is clicked
is now configurable. When displaying the context menu in the
notification area, the default action is highlighted.
- Remove unnecessary handlers from the notifcation event handler.
- Only handle NIN_SELECT instead of both NIN_SELECT and WM_LBUTTONUP
in the notification event handler. When the user clicks the
notication icon, both events are generated. NIN_SELECT is canonical.
- When the handling NIN_BALLOONUSERCLICK in the notification event
handler, reset balloon_alert before displaying any new alerts so
that we won't overwrite it later.
- Reset the notification alert icon after displaying an alert.
- If a renewal fails, the displayed alert contains a button that the
user can click to initiate the process of acquiring new credentials
for the identity.
- Alerts can optionally dispatch the commands that were added to it
using the KHUI_ALERT_FLAG_DISPATCH_CMD flag.
- Increase the size of the About dialog.
- Correct the action text for the IDS_ACTION_OPEN_APP and
IDS_ACTION_CLOSE_APP to say 'Show' and 'Hide' instead of 'Open' and
'Close'. These actions only control the visible state of the NIM
window.
- Add additional notification which signals that the commandline has
finished processing.
- Add an 'acquire' action to the per-identity actions.
- The per identity actions (renew, destroy, acquire) now have useful
captions, names and tooltips.
- Use WM_NEXTDLGCTL message when changing the focus of dialog
controls. SetFocus() is insufficient.
- If we get a request to show a new credential acquisition dialog and
we are already showing one, bring that one to the foreground instead
of trying to display a new one or waiting quietly.
- New configuration schema for the UI that include definitions for the
new default view.
- The alerter window can now show more than one alert at once.
- If we are about to show queued alerts, then check if the alerts that
are waiting are related and if they can be grouped together. If so,
show them in a single alert window instead of multiple ones.
- If new alerts are issued while a set of alerts are being displayed
and if the new alert is related to the alerts that are being
displayed, then add the new alert to the list being displayed.
- Make sure we have a lock on the alert when we are manipulating or
accessing it.
- Set the focus to the correct control when displaying an alert.
- When adding alerts from the alert queue, make sure we iterate
through the queue properly.
- Allow keyboard navigation inside the alert window and support scroll
bars.
- Check if we have a valid code pointer before invoking a UI callback.
- Make sure the main window is in the normal configuration before
switching to a layout that rquires it.
- When moving the main window around, if it comes close to an edge of
the working area of the display, snap to it.
- Maintain two sets of settings for the main window placement. One
for the mini mode and one for the normal mode.
- When processing saved window placement information from the
configuration, handle docking hints which note which edges of the
screen the main window should be adjacent to, if any.
- Switching to the 'Basic' view disables the layout and column
selection menus.
- Position the new credentials dialog above the main window if the
main window is visible.
- The alert that is displayed to indicate that an identity has
expired, now contains a command button that can be used to invoke
the new credentials dialog for that identity.
-- source
- Update the documentation to reflect the change in behavior regarding
KHUI_ACTIONREF_DEFAULT in khui_menu_insert_action() and
khui_menu_insert_paction().
- Remove notes about menu access functions being not thread safe.
This is no longer true.
- Update the documentation for khui_alert_show() to document new
behavior regarding KHUI_ALERT_FLAG_DISPATCH_CMD.
- Update documentation to indicate which KHUI_ALERT_FLAG_* flags are
internal and document the new KHUI_ALERT_FLAG_DISPATCH_CMD flag.
- Augment the queue handling macros to support additional operations.
Also add new tree data structure with an ordered list of children.
- Code reorganization to reuse code for obtaining the caption and
tooltip for a system defined action in netidmgr.exe.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19238 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The MSLSA: ccache type when used on Windows Vista can take advantage of an ability to write tickets to the LSA credential cache for the current logon session. This is possible due to the addition of the KERB_SUBMIT_TICKET interface.
Also new to Vista is the CACHE_INFO_EX2 interface which permits a much more efficient method of enumerating the contents of the LSA credential cache.
The code to take advantage of these features has been present for more than a year. However, due to the lack of a public SDK that included the necessary data structures the functionality has been disabled. As of this commit, the functionality will be enabled if the version of NTSecAPI.h includes TRUST_ATTRIBUTE_TRUST_USES_AES_KEYS. This is a preprocessor symbol that is new to the Vista SDK.
In order to build with the new Vista functionality when using the XP SP2 SDK, the NTSecAPI.h file from the Vista SDK must be used in place of the version from the XP SP2 SDK.
This commit also addresses the issues associated with the inability to read session keys from a UAC limited process. When UAC limitation is detected by examining the process token elevation level all access to the MSLSA contents is disabled. At some point in the future we can implement an elevated COM service in order to obtain access to the session keys.
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19237 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If we don't zero the struct sockaddrs in fai_add_entry() then any sin_zero
fields will be left as random memory and the memcmp() will return that the
addresses are different even if they aren't.
ticket: new
target_version: 1.6.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19235 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
Updated scripts & additional configuration files.
Ticket: new
Target_Version: 1.6.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19234 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
Ticket: 5409
Target_Version: 1.6.1
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19233 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
Target_Version: 1.6.1
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19232 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
the cost of being able to override the symbol names we export) and
--no-undefined (errors out on shared library generation with undefined
symbols).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19229 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19228 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
ticket: 5425
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19227 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
(add_admin_princs): Use getaddrinfo instead of gethostbyname. Report
the correct message on getaddrinfo errors, and return EINVAL to
caller.
ticket: 5257
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19226 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
existing awk invocation instead. Patch from Robert Basch at MIT.
ticket: 5447
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19225 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
one that exercises the same configuration over TCP.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19224 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
(possibly unaligned) memory in native order.
* lib/krb5/krb/get_in_tkt.c (krb5_get_init_creds): Fetch four random
bytes from the crypto library and generate a 31-bit (non-negative)
nonce, instead of using the timestamp.
ticket: 5425
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19223 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
it open and unbuffered instead of always opening and closing. When
the format string has characters to be copied literally to the output,
write them all at once instead of individually.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19222 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On Windows Vista the GINA architecture was removed. As a side
effect the support for the Logon Event Handlers was also removed.
The KFW Integrated Logon functionality relies on the "Logon"
event handler to migrate the user's tickets from a secure FILE:
ccache to an API: ccache so that the tickets will be available
to NetIDMgr and all other Kerberos applications.
This functionality is especially important on Vista for
accounts that are members of the Administrators group because
the User Account Control (UAC) restricts access to the session
keys of all tickets in the MSLSA ccache. The only way for
tickets to be made available to MIT Kerberos applications is
by obtaining them within the Network Provider and pushing them
into the Logon Session.
This patch replaces the missing Logon Event Handler support
with a new exported function "LogonEventHandler" which adheres
to the rundll32.exe specifications. The "LogonEventHandler"
function accepts as input the name of a FILE ccache and moves
the contents into an API: ccache and then deletes the FILE
ccache.
In order for this to work the FILE ccache must be owned by
the account that was used to logon to the current session.
The NPLogonNotify() function must therefore lookup the SID
for the active account, assign an appropriate DACL to the
ccache file, and change the owner. In addition, when Vista
is in use a LogonScript must be constructed that will perform
the call to rundll32.exe.
Other changes include altering the prototype of
KFW_copy_ccache_system_file to accept a filename instead of
the LogonID. This improves the abstraction and allows the
filename to be computed once and passed into multiple
functions from NPLogonNotify().
Many debugging calls were added to assist with implementation.
#define DEBUG 1 at the top of kfwcommon.c when you wish to
build with debugging that generates entries in the Windows
Application Event Viewer.
It is important to note that Integrated Logon attempts to
logon the username within the default realm within the
krb5.ini file using the provided password. This is so
a local machine account name matching the default realm
can obtain Kerberos tickets by synchronizing the password.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19221 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19215 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
currently
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19212 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Revision 19207 committed by Kevin Koch does not document changes
made to the Wix installer files. The changes that were made remove
the installation of the configuration files and the inclusion of
leash32.chm.
When the decision is made to remove Leash from the installer,
the entire Leash feature and the associated properties used to
determine when it is installed must be removed. Commenting out
individual file components is not sufficient.
Configuration files must be installed as part of KFW. The
source of the configuration files is defined by the variable
"ConfigDir" within the site-local.wxi directory.
Any changes made to the WIX installer must also be made to the NSIS
installer.
The changes to the src/windows/wix directory from 19207 are
therefore reverted.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19211 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The LDCOMBINE setting for Tru64 left out $(CFLAGS), which meant the
-pthread option wasn't being passed in, so the libraries didn't
indicate a dependency on the pthread library despite the fact that we
need it unconditionally (if thread support is enabled). Including
$(CFLAGS) should fix this.
Our own binaries get linked with -pthread anyways, so they build okay,
but other binaries trying to link against or load our libraries could
have problems.
ticket: new
target_version: 1.6.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19208 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
| |
[wix area.]
Add control of the repository access step, fetch all sources from the repository. Track in documentation.
Eliminate unhelpful output during pre-package step.
The next step is to fetch only krb5/src/windows/build and run the entire build.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19207 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
Minor tweaks to script (start adding unzip support) and config (move svn url to right place).
Target_Version: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19206 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
Target_Version: 1.6.1
Component: KfW
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19205 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19204 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
Modify remainder of Makefiles that were sensitive to identity/obj or other cleaned files not being present.
Update util/et/Makefile.in to look for com_err.h in src/include, not src/include/src.
ticket: 5457
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19203 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19202 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19201 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19199 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19198 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The gsstest program exports a GSSAPI security context to a blob in
memory, writes that memory to a file, and reads it back to use it.
Under valgrind, the writing phase triggers a warning about
uninitialized storage.
The "queue" structure as implemented in generic/util_ordering.c holds
an array of values, some of which may never be initialized. As far as
I can tell, those uninitialized values are never used before being
initialized, either, but valgrind doesn't know that.
This patch zaps the structure contents (including the array) before
using the queue object.
ticket: new
target_version: 1.6.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19196 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
if the next tgt in a cross-realm traversal cannot be
obtained find_nxt_kdc() was calling krb5_free_creds()
on the last tgt in the list but was failing to nullify
the pointer to the cred that was just freed.
if there were no additional tgts obtained,
krb5_get_cred_from_kdc() would return a non-NULL terminated
cred list to the caller. This would result in a crash
when attempting to manipulate the non-existent cred past
the end of the list.
This commit nullifies the credential pointer in
find_nxt_kdc() after the call to krb5_free_creds()
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19195 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
revision 19189
ticket: 5452
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19191 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
ticket: new
component: krb5-libs
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19190 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch implements the new Alert Management functionality.
Many improvements to avoid race conditions and improve resource
tracking.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19189 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19183 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
| |
length, set GSS_S_BAD_NAME but not GSS_S_CALL_INACCESSIBLE_READ.
ticket: 5445
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19172 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
argument as well as actually freeing the buffer. (Found while using
the gsstest option to exercise error conditions.)
ticket: 5445
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19171 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
ticket: 5445
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19170 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
| |
I am using an older compiler that is complaining that prototypes
do not match the functions they reference. The issue is that a number
of prototypes are using "const int foo" while the function is "int foo".
From a caller sense it makes no difference - but the compiler is correct
they are different.
All is now consistant.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19169 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19168 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19167 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19165 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
krb5int_server_decrypt_ticket_keyblock()
ticket: 5349
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19159 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
conversion
Windows has a major flaw when it comes to the use of getenv/putenv.
getenv/putenv do not modify the actual environment of the process.
Instead, they modify a copy of the environment block at the time the
C Runtime Library was initialized for the current module. In other
words, the C Runtime Library environment block for the executable
is not the same as the C Runtime Library environment block for the
krb5_32.dll library, etc.
This results in problems when a process wants to set the default
ccache name outside the krb5_context. The krb5_context default ccname
disappears when the context is destroyed. gss_acquire_cred() suffers
from the creation and destruction of krb5_contexts and therefore the
krb5_context default ccname cannot be used to set a default ccname.
Instead, the process environment must be used.
In order to modify the process environment, SetEnvironmentVariable()
must be used. However, this does not result in the C Runtime Library
environment blocks being updated. putenv() does not see the definition
of "KRB5CCNAME".
This patch modifies get_os_ccname() for Windows to check
GetEnvironmentVariable() before checking the registry. This hack will
work as long as there is no "KRB5CCNAME" variable in the C Runtime
Library environment block.
The long term solution is to replace all calls to getenv and putenv
with GetEnvironmentVariable/SetEnvironmentVariable for Windows.
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19154 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
deref of null pointer does not happen.
Also include kt-int.h for prototypes.
ticket: 5411
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19153 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
The internal code to krb5_kt_default_name was casting the length to size_t.
Change prototype to take an unsigned - which makes sense in how the code uses
it.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19144 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The code returns a pointer to static structures. Just to enforce the
assumption that users can not change the returned data.
Change prototype of krb5_kt_get_type to return const char *. The other
changes are to clean up warnings - no change in code - usage assumed const.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19143 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
I developed this program to test functionality of the MEMORY keytab - which
resulted in the numerous fixes that have been committed recently.
Tests all functioanlity of keytabs except for krb5_kt_default() and
krb5_kt_read_service_key() - although essential functionality tested.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19142 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
If one invokes krb5_kt_get_entry() for a memory keytab w/ an unspecified
enctype (i.e. 0) - the returned keytab has it's enctype set to 0 as well.
Also - in copying out the found keytab_entry - when a kvno is unspecified,
the last match found is used - not the one with the highest vno.
This was caused by copying out the variable "entry" and not "match".
Ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19141 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In krb5_kt_add_entry: The MEMORY keytab does not make a copy of the
keytab_entry keyblock contents - but instead retains a pointer to the
incomming one.
In krb5_kt_get_entry and krb5_kt_get_next - a pointer to internal
keyblock contents memory is returned to the caller - which is subsequently
freed when tht caller invokes krb5_free_keytab_entry_contents.
Solution is to use krb5_copy_keyblock_contents() instead of simply copying
the structure.
Ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19140 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
| |
that the valid values for v4_mode are the valid arguments to the -4 flag
to krb5kdc.
Ticket: 2724
Component: krb5-doc
Target_Version: 1.6.1
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19139 dc483132-0cff-0310-8789-dd5450dbe970
|
