Age | Commit message (Collapse) | Author | Files | Lines |
|
git-svn-id: svn://anonsvn.mit.edu/krb5/users/coffman/preauth-plugin@18636 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/users/coffman/preauth-plugin@18631 dc483132-0cff-0310-8789-dd5450dbe970
|
|
drop separate port-number spec so it'll build with current sources. Not
tested because of a bug in the recent Novell patch. :-(
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18616 dc483132-0cff-0310-8789-dd5450dbe970
|
|
left out.
ticket: 4312
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18609 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18608 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Include header instead of duplicating public decls.
Don't use C99-style "//" comments.
Reformat a bit to krb5 tree normal style.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18607 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18606 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18605 dc483132-0cff-0310-8789-dd5450dbe970
|
|
source for (1.1.0.1)
- Updated documentation with additional information and fixed errors.
nidmgr32.dll (1.1.0.1)
- Fixed a deadlock in the configuration provider that may cause
NetIDMgr to deadlock on load.
- Prevent the configuration provider handle list from getting
corrupted in the event of a plug-in freeing a handle twice.
- Add more parameter validation for the configuration provider.
- If a plug-in is only partially registered (only some of the entries
were set in the registry), the completion of the registration didn't
complete successfully, leaving the plug-in in an unusable state.
This has been fixed. Plug-ins will now successfully complete
registration once they are loaded for the first time, assuming the
correct resources are present in the module.
- Fixed notifications for setting a default identity. Notifications
were not being properly sent out resulting in the credentials window
not being updated when the default identity changed.
- Changes to the API for type safety.
- Handling of binary data fields was changed to support validation and
comparison.
- Data types that do not support KCDB_CBSIZE_AUTO now check for and
report an error if it is specified.
- Password fields in the new credentials dialog will trim leading and
trailing whitespace before using a user-entered value.
- Change password action will no longer be disabled if no identity is
selected. An identity selection control is present in the dialog
making this restriction unnecessary.
- When renewing credentials, error messages will be suppressed if the
renewal was for an identity and the identity does not have any
identity credentials associated with it.
- Error messages that are related to credentials acquisition or
password changes will now display the name of the identity that the
error applies to.
- Automatic renewals now renews all identities that have credentials
associated with them instead of just the default identity.
- Fixed a bug where error messages did not have a default button which
can be invoked with the return key or the space bar.
- The new credentials window will force itself to the top. This can
be disabled via a registry setting, but is on by default.
- Fixed the sort order in the new credentials tabs to respect sort
hints provided by plug-ins.
- If a new credentials operation fails, the password fields will be
cleared.
- Once a new credentials operation starts, the controls for specifying
the identity and password and any other custom prompts will be
disabled until the operation completes.
- Notifications during the new credentials operation now supply a
handle to the proper data structures as documented.
- Hyperlinks in the new credentials dialog now support markup that
will prevent the dialog from switching to the credentials type panel
when the link is activated.
- If there are too many buttons added by plug-ins in the new
credentials dialog, they will be resized to accomodate all of them.
- The options button in the new credentials dialog will be disabled
while a new credentials operation is in progress.
- The 'about' dialog retains the original copyright strings included
in the resource.
- Multiple modal dialogs are now supported. Only the topmost one will
be active. Once it is closed, the other dialogs will gain focus in
turn. This allows for error messages to be displayed from other
modal dialogs.
- The hypertext window supports italics.
krb4cred.dll (1.1.0.1)
- Fixed a bug where the plug-in would attempt to free a handle twice.
- Fixed a handle leak.
- Changed the facility name used for event reporting to match the
credentials type name.
krb5cred.dll (1.1.0.1)
- Fixed handling of expired passwords. If the password for an
identity is found to have expired at the time a new credentials
acquisition is in progress, the user will be given an opportunity to
change the password. If this is successful, the new credentials
operation will continue with the new password.
- Prevent the new credentials dialog from switching to the Kerberos 5
credentials panel during a password change.
- Prompts that were cached indefinitely will now have a limited
lifetime. Prompt caches that were created using prior versions of
the plug-in will automatically expire.
- Multistrings in the resource files were converted to CSV to protect
them against a bug in Visual Studio 2005 which corrupted
multistrings.
- Added handling of and reporting WinSock errors that are returned
from the Kerberos 5 libraries.
- Fixed uninitialized variables.
- The username and realm that is entered when selecting an identity
will be trimmed of leading and trailing whitespace.
- Changed the facility name used for event reporting to match the
credentials type name.
ticket: new
component: windows
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18604 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Install the Win2K specific binaries for NetIDMgr on Win2K
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18603 dc483132-0cff-0310-8789-dd5450dbe970
|
|
on Windows 2000
ticket: 4309
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18602 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Install the special win2k version of nidmgr32.dll
on Windows 2000 systems.
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18601 dc483132-0cff-0310-8789-dd5450dbe970
|
|
threads.c: The return value of TlsSetValue is non-zero on
success. As a result of misinterpreting the
return value, the memory set in TLS is then freed.
A subsequent call to TlsGetValue returns the
invalid pointer.
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18600 dc483132-0cff-0310-8789-dd5450dbe970
|
|
tickets.
We do not yet accept tickets in which the server name changes.
* krb5_sname_to_principal: If there is no domain realm mapping return null realm
*krb5_get_cred_via_tkt: New behavior as described below
1) the referrals case:
- check for TGT for initial realm
- if a remote realm was specified (which must have happened via a
domain_realm mapping), obtain a TGT for it the standard way and
start with that.
- use client realm for server if not specified
- iterate through this loop:
- request ticket with referrals turned on
- if that fails:
- if this was the first request, punt to non-referrals case
- otherwise, retry once without referrals turned on then terminate
either way
- if it works, either use the service ticket or follow the referral path
- if loop count exceeded, hardfail
2) the nonreferrals case
- this is mostly the old walk_realm_tree TGT-finding (which allows
limited shortcut referrals per 4120) followed by a standard tgs-req.
- originally requested principal is used for this, although if we were
handed something without a realm, determine a fallback realm based on
DNS TXT records or a truncation of the domain name.
ticket: 2652
Owner: amb
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18598 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ticket: 4292
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18595 dc483132-0cff-0310-8789-dd5450dbe970
|
|
krb5_mcc_generate_new() Error in loop caused first item in the list to not
get checked the second time through scanning for duplicates.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18594 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18593 dc483132-0cff-0310-8789-dd5450dbe970
|
|
- LDAP URI support for specifying server and port
- support for ldapi interface
- updated to newer LDAP APIs
- updated documentation
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18592 dc483132-0cff-0310-8789-dd5450dbe970
|
|
(get_errmsg): New function. Uses errcode_2_string and release_errcode_string
functions to copy out an error message from the plugin and store it locally,
if the error code supplied is nonzero. Changed other uses of plugin functions
to call get_errmsg on returning.
(krb5_db_errcode2string): Deleted.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18591 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18590 dc483132-0cff-0310-8789-dd5450dbe970
|
|
build time, and which is the only place we use them from anyways.
Update Makefile references and dependencies.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18589 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18588 dc483132-0cff-0310-8789-dd5450dbe970
|
|
install paths for OpenLDAP.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18587 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18584 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18583 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18582 dc483132-0cff-0310-8789-dd5450dbe970
|
|
multiple-inclusion protection.
ticket: 3522
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18571 dc483132-0cff-0310-8789-dd5450dbe970
|
|
that we can use the krb5_get_error_message interface internally.
* kdb5.h: Add release_errcode_string field to the interface.
* db2_exp.c, ldap_exp.c: Initialize it.
* ldap_misc.c: Use krb5_get/free_error_message for error message strings.
* kdb_ldap.h: Declare krb5_ldap_release_errcode_string.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18565 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18564 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18563 dc483132-0cff-0310-8789-dd5450dbe970
|
|
config section in the profile, then the default section, then fall back to
passed default value (for integer only). Set error string on error.
(krb5_ldap_read_server_params): Use them, instead of explicitly doubling each
profile_get call.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18562 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ktbase.c, ccbase.c: When a file path is specified without
the prefix we must infer the use of the "FILE" prefix.
However, we were setting the prefix including the colon
separator when the separator should have been ignored.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18561 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Clean up some warnings during the build.
* ldap_misc.c (strptime) [NEED_STRPTIME_PROTO]: Declare, conditionally.
(krb5_ldap_errcode_2_string): Return string, not error code, to fit with DAL
interface spec.
* kdb_ldap.h: Error out for OpenLDAP versions before 2.2.24.
(LDAP_DEPRECATED): Define; openldap-2.3.27 defaults to undefined.
(krb5_ldap_lib_init): Prototype.
(krb5_get_policydn): Declare.
(krb5_ldap_errcode_2_string): Fix return type.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18558 dc483132-0cff-0310-8789-dd5450dbe970
|
|
pointer-to
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18557 dc483132-0cff-0310-8789-dd5450dbe970
|
|
In calls, delete the second argument that get_date doesn't take.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18556 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18555 dc483132-0cff-0310-8789-dd5450dbe970
|
|
Solaris. Tested (configured & built) on RHEL 4 and Solaris 10. One
minor bugfix added.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18554 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18553 dc483132-0cff-0310-8789-dd5450dbe970
|
|
to match up better with MIT coding style.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18552 dc483132-0cff-0310-8789-dd5450dbe970
|
|
MIT coding style.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18551 dc483132-0cff-0310-8789-dd5450dbe970
|
|
table
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18550 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18549 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ldap_util
1. Kdb5_ldap_util interface
Removed supp enctypes, suppsalttypes from create realm and modify
realm since they are currently not used
2. memset passwd strings to zero when not used any more
3. Using krb5_sname_to_principal in place of gethostbyname while
creating the kadmin principal with hostname.
libkdb_ldap
1. Added mandatory functions which were missing in the LDAP plug-in
2. Error handling changes - Setting the error message in the
kerberos context when decryption of the service passwd fails or
connection to the LDAP server fails during initialization.
Additional changes:
libkdb_ldap: Link against com_err library, to provide error_message().
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18548 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18519 dc483132-0cff-0310-8789-dd5450dbe970
|
|
* include/cm.h (state_strings, enum conn_states, struct incoming_krb5_message,
struct conn_state): Moved here from lib/krb5/os/sendto_kdc.c.
(stuct sendto_callback_info): New type.
* lib/krb5/os/sendto_kdc.c (set_conn_state_msg_length): New function.
(setup_connection): Deleted argument message_len_buf. Don't store message
length; call set_conn_state_msg_length instead.
(start_connection): New arguments callback_info and callback_buffer. Invoke
callback function if any, and set message length on success.
(maybe_send): New arguments callback_info and callback_buffer; pass them to
start_connection.
(krb5int_sendto): New arguments callback_info, remoteaddr, remoteaddrlen. If
callback info is provided, allocate per-connection buffers, and pass them to
maybe_send. On cleanup, invoke the cleanup callback function if any.
(krb5_sendto_kdc): Update krb5int_sendto call.
* include/k5-int.h (struct sendto_callback_info): Add forward declaration.
(krb5int_sendto, struct _krb5int_access.sendto_udp): Update for new signature.
* lib/krb5/os/send524 (krb5int_524_sendto_kdc): Update krb5int_sendto call.
* lib/krb4/send_to_kdc.c (krb5int_send_to_kdc_addr): Update sendto_udp call.
* lib/krb5/os/changepw.c (struct sendto_callback_context): New type.
(krb5_locate_kpasswd): New argument useTcp, used to select socket type in
krb5int_locate_server call.
(kpasswd_sendto_msg_cleanup, kpasswd_sendto_msg_callback): New functions.
(krb5_change_set_password): Call krb5int_sendto with callbacks, instead of
managing the exchange here. On RESPONSE_TOO_BIG error, try again with TCP
only.
* lib/krb5/krb/chpw.c (krb5int_rd_chpw_rep): If length is wrong, check if a
buggy server sent a KRB_ERROR.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18518 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ticket: 4172
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18499 dc483132-0cff-0310-8789-dd5450dbe970
|
|
* install netidmgr.exe (win2000 version)
ticket: 4172
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18498 dc483132-0cff-0310-8789-dd5450dbe970
|
|
during new credential acquisition
ticket: 4172
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18497 dc483132-0cff-0310-8789-dd5450dbe970
|
|
if there is no plug-in list specified
ticket: 4172
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18496 dc483132-0cff-0310-8789-dd5450dbe970
|
|
the NetIDMgr.exe
ticket: 4172
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18495 dc483132-0cff-0310-8789-dd5450dbe970
|