| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
* ensure that buttons are disabled while
actions are in process
* allow plug-ins to specify italic text
* fix some documentation
* reformat langres.rc
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18494 dc483132-0cff-0310-8789-dd5450dbe970
|
|
* src/util/mkrel: Be more careful editing KRB5_RELDATE. Delete
'$ac_config_fragdir' autoconf droppings.
ticket: new
tags: pullup
target_version: 1.5.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18475 dc483132-0cff-0310-8789-dd5450dbe970
|
|
This commit provides a template for a Network Identity Manager
Credential Provider. It doesn't provide any real functionality
but it does provide all of the functions that need to be specified
and filled in as part of the process of producing a NetIdMgr plug-in.
This code should be pulled up to 1.4.x for inclusion in the KFW 3.1
SDK as well as to 1.5.x.
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18464 dc483132-0cff-0310-8789-dd5450dbe970
|
|
stdccv3_setup: Don't translate errors since cc_err_xlate isn't idempotent.
krb5_stdccv3_resolve: Don't fail if we can't open the ccache.
ticket: 3936
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18458 dc483132-0cff-0310-8789-dd5450dbe970
|
|
array sizes, test against the size we actually need.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18449 dc483132-0cff-0310-8789-dd5450dbe970
|
|
an error message that includes the file's name.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18448 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Ticket: 3965
Component: krb5-build
Version_Reported: 1.5
Tags: pullup
Target_Version: 1.5.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18444 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Document the prerequisites for running make check, since some of them are
a bit surprising.
Ticket: new
Component: krb5-doc
Tags: pullup
Version_Reported: 1.5
Target_Version: 1.5.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18441 dc483132-0cff-0310-8789-dd5450dbe970
|
|
krb5_seteuid(0), as it is not harmful for it to fail, and it will
fail after setuid(target_user). Correct error message.
ticket: 4137
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18438 dc483132-0cff-0310-8789-dd5450dbe970
|
|
* src/appl/gssftp/ftpd/ftpd.c (getdatasock, passive):
* src/appl/bsd/v4rcp.c (main):
* src/appl/bsd/krcp.c (main):
* src/appl/bsd/krshd.c (doit):
* src/appl/bsd/login.c (main):
* src/clients/ksu/main.c (sweep_up):
* src/lib/krb4/kuserok.c (kuserok): Check return values from
setuid() and related functions to avoid privilege escalation
vulnerabilities. Fixes MITKRB5-SA-2006-001. [CVE-2006-3083,
VU#580124, CVE-2006-3084, VU#401660]
ticket: new
target_version: 1.5.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18420 dc483132-0cff-0310-8789-dd5450dbe970
|
|
structs of gss_ctx_id_t, gss_name_t, gss_cred_id_t to catch some
application programming errors. Add new macro GSSINT_CHK_LOOP()
which returns non-zero if loopback field doesn't point to itself.
* src/lib/gssapi/mechglue/g_accept_sec_context.c
(gss_accept_sec_context):
* src/lib/gssapi/mechglue/g_acquire_cred.c (gss_add_cred)
(gss_acquire_cred):
* src/lib/gssapi/mechglue/g_delete_sec_context.c
(gss_delete_sec_context):
* src/lib/gssapi/mechglue/g_glue.c
(gssint_convert_name_to_union_name):
* src/lib/gssapi/mechglue/g_imp_name.c (gss_import_name):
* src/lib/gssapi/mechglue/g_imp_sec_context.c
(gss_import_sec_context):
* src/lib/gssapi/mechglue/g_init_sec_context.c
(gss_init_sec_context): Set loopback pointers.
* src/lib/gssapi/mechglue/g_delete_sec_context.c
(gss_delete_sec_context):
* src/lib/gssapi/mechglue/g_rel_cred.c (gss_release_cred):
* src/lib/gssapi/mechglue/g_rel_name.c (gss_release_name): Call
GSSINT_CHK_LOOP() to validate loopback pointer.
ticket: 4063
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18417 dc483132-0cff-0310-8789-dd5450dbe970
|
|
* src/appl/gssftp/ftpd/ftpd.c (auth_data): Initialize stat_maj,
accept_maj, acquire_maj.
* src/appl/telnet/libtelnet/kerberos5.c (kerberos5_send):
Intialize rdata.
* src/kdc/do_tgs_req.c (process_tgs_req): Initialize magic and
tr_contents.magic.
* src/lib/krb5/asn.1/krb5_decode.c (decode_krb5_safe_with_body):
Initialize tmpbody.magic.
* src/plugins/kdb/db2/libdb2/hash/dbm.c (kdb2_fetch)
(kdb2_firstkey, kdb2_nextkey): Initialize dsize.
ticket: 3904
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18404 dc483132-0cff-0310-8789-dd5450dbe970
|
|
gssint_initialize_library to ensure mutex is initialized.
ticket: 4088
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18397 dc483132-0cff-0310-8789-dd5450dbe970
|
|
void* to pointers to opaque structs. This change removed some casts and
introduced or changed a bunch of other casts to suppress warnings.
krb5_gss_accept_sec_context(): Fixed a bug found by the above changes
where krb5_gss_release_cred() was being called with the wrong argument 2
(gss_cred_id_t instead of gss_cred_id_t*).
ticket: 4057
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18396 dc483132-0cff-0310-8789-dd5450dbe970
|
|
warning from if statement.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18395 dc483132-0cff-0310-8789-dd5450dbe970
|
|
(Since there's no universal binary support for CodeWarrior there's
no point in having this here.)
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18394 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Removed Metrowerks "#pragma import" since other framework
headers don't specify it.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18392 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Windows 2000 does not support the ability to generate SIDs
from symbolic names.
Add more debugging and error condition checks.
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18387 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ticket: 4048
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18382 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ticket: 4048
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18381 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Removed Metrowerks "#pragma import" since other framework
headers don't specify it.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18380 dc483132-0cff-0310-8789-dd5450dbe970
|
|
KFW integrated login was failing when the user is
not a power user or administrator. This was occurring
because the temporary file ccache was being created in
a directory the user could not read. While fixing this
it was noticed that the ACLs on the ccache were too broad.
Instead of applying a fix to the FILE: krb5_ccache
implementation it was decided that simply applying a new
set of ACLs (SYSTEM and "user" with no inheritance) to
the file immediately after the krb5_cc_initialize() call
would close the broadest security issues.
The file is initially created in the SYSTEM %TEMP% directory
with "SYSTEM" ACL only. Then it is moved to the user's %TEMP%
directory with "SYSTEM" and "user" ACLs. Finally, after
copying the credentials to the API: ccache, the file is deleted.
ticket: new
tags: pullup
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18379 dc483132-0cff-0310-8789-dd5450dbe970
|
|
options as well. Don't generate help messages for these options.
ticket: 4036
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18352 dc483132-0cff-0310-8789-dd5450dbe970
|
|
back to strerror if needed.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18351 dc483132-0cff-0310-8789-dd5450dbe970
|
|
An LDFLAGS setting at configure time is ignored in parts of the build.
* shlib.conf (*-*-netbsd*): Use $(CC) for LDCOMBINE, and include $(LDFLAGS).
ticket: new
target: 1.5.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18350 dc483132-0cff-0310-8789-dd5450dbe970
|
|
We shouldn't accept --enable-static at configure time when we know
it's not going to work at build time.
* aclocal.m4 (KRB5_LIB_AUX): Error out if --enable-static.
ticket: new
target_version: 1.5.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18348 dc483132-0cff-0310-8789-dd5450dbe970
|
|
documentation updates for the kfw 3.1 msi deployment guide.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18346 dc483132-0cff-0310-8789-dd5450dbe970
|
|
NetIDMgr 1.1 documentation for KFW 3.1 release
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18345 dc483132-0cff-0310-8789-dd5450dbe970
|
|
The following patch updates the NetIDMgr:
* allow plug-ins to be marked "do not unload" in order
to support DLLs that create threads that are not
properly cleaned up as part of library unload.
* allow plug-ins to be marked "disabled"
* Additional changes to deal with Microsoft's efforts
to deprecate all of the str C runtime functions.
* Improvements to Manifest processing in the build
system
* Addition of Tooltip support to the Toolbar. Dragging
the mouse over toolbar buttons displays textual
descriptions.
* Correct the behavior of the New Credentials Dialog
to disable the "Ok" button after it has been pressed.
* Add support to allow plugin configuration data to
be distributed as part of transforms to the MSI
installer.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18344 dc483132-0cff-0310-8789-dd5450dbe970
|
|
and testing the correct thing appears to be to have gss_krb5_ccache_name()
stop gss_acquire_cred() from searching for the desired name in the cache
collection. If the caller sets the ccache name then gss_acquire_cred will only
look in that ccache. Added kg_caller_provided_ccache_name() to tell whether
or not the caller has actually set the ccache. This should fix the problem for
both Mac OS X and Windows.
ticket: 4024
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18343 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Our current scheme doesn't find tclConfig.sh as installed by NetBSD's
pkg system, even if it finds tclsh and gets the library pathname from
it. The problem is that tclConfig.sh is one directory up.
* aclocal.m4 (AC_KRB5_TCL_FIND_CONFIG): Check $tcl_dir/.. for tclConfig.sh.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18342 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ccache over the desired name. Added a KLL function to search for the
desired name, favoring the default ccache.
ticket: 4024
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18341 dc483132-0cff-0310-8789-dd5450dbe970
|
|
it is set.
ticket: 4024
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18340 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ticket: 4023
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18339 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Removed kipc APIs and deleted files.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18338 dc483132-0cff-0310-8789-dd5450dbe970
|
|
instead of NULL with gss_init_sec_context to increase readbility.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18337 dc483132-0cff-0310-8789-dd5450dbe970
|
|
This commit corrects errors in the NSIS installer scripts
that prevent installer builds using NSIS 2.18.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18336 dc483132-0cff-0310-8789-dd5450dbe970
|
|
This commit corrects errors in the Wix installer script
files that violate the Wix schema but which were not
caught by earlier releases of the Wix 2.0 installer.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18335 dc483132-0cff-0310-8789-dd5450dbe970
|
|
svn+ssh://svn.mit.edu/krb5/branches/ldap-integ@18333.
* plugins/kdb/ldap: New directory.
* aclocal.m4 (WITH_LDAP): New macro.
(CONFIG_RULES): Invoke it.
* configure.in: Test ldap option, maybe configure and generate makefiles for
new directories, and set and substitute ldap_plugin_dir.
* Makefile.in (SUBDIRS): Add @ldap_plugin_dir@.
* kdc/krb5kdc.M, kadmin/server/kadmind.M, kadmin/cli/kadmin.M,
config-files/krb5.conf.M: Document LDAP changes (new options, config file
entries, etc).
* lib/kdb/kdb5.c (kdb_load_library): Put more info in error message.
* lib/kadm5/admin.h (KADM5_CPW_FUNCTION, KADM5_RANDKEY_USED,
KADM5_CONFIG_PASSWD_SERVER): New macros, disabled for now.
(struct _kadm5_config_params): New field kpasswd_server, commented out for now.
* lib/krb5/error_tables/kdb5_err.et: Add error codes KRB5_KDB_ACCESS_ERROR,
KRB5_KDB_INTERNAL_ERROR, KRB5_KDB_CONSTRAINT_VIOLATION.
ticket: 2935
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18334 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18332 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ticket: 3971
target_version: 1.5.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18331 dc483132-0cff-0310-8789-dd5450dbe970
|
|
* src/lib/gssapi/krb5/indicate_mechs.c: Reverse sense of test,
since gssint_copy_oid_set() returns 0 on success.
ticket: new
target_version: 1.5.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18330 dc483132-0cff-0310-8789-dd5450dbe970
|
|
cc_open() returning CC_NOEXIST should not be
considered fatal.
ticket: 3961
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18329 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Apply patch from Mike Dopheide to document ktutil add_entry in the man
page and fix some other spelling errors in the ktutil man page.
Ticket: new
Version_Reported: 1.3.6
Target_Version: 1.5.2
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18328 dc483132-0cff-0310-8789-dd5450dbe970
|
|
cc_ccache <-> krb5_ccache translation code. Still testing edge cases but
the code seems to work now with the KfM CCAPI implementation.
ticket: 3936
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18327 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Xcode auto-indenter.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18326 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18325 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18324 dc483132-0cff-0310-8789-dd5450dbe970
|
|
cc_mslsa.c: some versions of Win64 require the extension
to be specified as part of the parameter to GetModuleHandle()
in order to find a match.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18320 dc483132-0cff-0310-8789-dd5450dbe970
|
|
* src/tests/Makefile.in (kdb_check): Run kdb5_util create after
destroying to work around a behavior change from DAL integration.
ticket: new
target_version: 1.5
tags: pullup
version_reported: 1.5
component: test
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18313 dc483132-0cff-0310-8789-dd5450dbe970
|
