| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18871 dc483132-0cff-0310-8789-dd5450dbe970
|
|
r18864@cathode-dark-space: jaltman | 2006-11-27 13:59:21 -0500
ticket: new
subject: documentation updates for KFW 3.1
tags: pullup
Documentation updates including new screen shots for KFW 3.1
ticket: 4921
version_fixed: 1.4.5
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18868 dc483132-0cff-0310-8789-dd5450dbe970
|
|
r18863@cathode-dark-space: jaltman | 2006-11-22 13:11:16 -0500
ticket: new
subject: KFW 3.1 commits for Final Release
tags: pullup
KfW 3.1 final (NetIDMgr 1.1.8.0)
nidmgr32.dll (1.1.8.0)
- When detecting IP address changes, wait for things to settle down
before setting of the IP address change notification.
krb5cred.dll (1.1.8.0)
- Fixed the Kerberos 5 configuration dialog which didn't handle
setting the default realm properly. Setting the default realm now
sets the correct string in krb5.ini.
- Changing the default realm now marks the relevant configuration node
as dirty, and enabled the 'Apply' button.
- Changing the 'renewable', 'forwardable' and 'addressless' checkboxes
in the identity configuration panels now mark the relevant
configuration nodes as dirty, and enables the 'Apply' button.
- The location of the Kerberos 5 configuration file is now read-only
in the Kerberos 5 configuration dialog.
- Set the maximum number of characters for the edit controls in the
configuration dialog.
krb4cred.dll (1.1.8.0)
- The location of the Kerberos 4 configuration files are now read-only
in the Kerberos 4 configuration dialog.
- Handles setting the ticket string.
- Changing the ticket string now marks the relevant configuration node
as dirty, and enables the 'Apply' button.
- Fixed the plug-in initialization code to perform the initial ticket
listing at the end of the initializaton process.
ticket: 4861
version_fixed: 1.4.5
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18867 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18856 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18853 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18852 dc483132-0cff-0310-8789-dd5450dbe970
|
|
r18841@cathode-dark-space: jaltman | 2006-11-17 18:24:59 -0500
ticket: new
subject: one more commit for kfw 3.1 beta 4
tags: pullup
- when the krb5 prompter callback function is called,
set the focus to the first input field provided by
the caller.
ticket: 4803
version_fixed: 1.4.5
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18845 dc483132-0cff-0310-8789-dd5450dbe970
|
|
r18842@cathode-dark-space: jaltman | 2006-11-17 18:41:40 -0500
ticket: 4802
krb5_get_init_creds_password:
remove unintentionally committed code not meant for 1.4 branch
ticket: 4802
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18844 dc483132-0cff-0310-8789-dd5450dbe970
|
|
r18840@cathode-dark-space: jaltman | 2006-11-17 18:14:27 -0500
ticket: new
tags: pullup
subject: reset use_master flag when master_kdc cannot be found
krb5_get_init_creds_password:
if the master_kdc cannot be identified reset the use_master
flag. otherwise, the krb5_get_init_creds("kadmin/changepw")
call will attempt to communicate with the master_kdc that
cannot be reached.
ticket: 4802
version_fixed: 1.4.5
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18843 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18833 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18831 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18830 dc483132-0cff-0310-8789-dd5450dbe970
|
|
r18828@cathode-dark-space: jaltman | 2006-11-17 12:23:24 -0500
ticket: new
subject: commits for KFW 3.1 Beta 4
tags: pullup
KfW 3.1 beta 4 (NetIDMgr 1.1.6.0)
nidmgr32.dll (1.1.6.0)
- Fix a race condition where the initialization process might be
flagged as complete even if the identity provider hasn't finished
initialization yet.
krb5cred.dll (1.1.6.0)
- When assigning the default credentials cache for each identity,
favor API and FILE caches over MSLSA if they exist.
- When renewing an identity which was the result of importing
credentials from the MSLSA cache, attempt to re-import the
credentials from MSLSA instead of renewing the imported credentials.
- Prevent possible crash if a Kerberos 5 context could not be obtained
during the renewal operation.
- Prevent memory leak in the credentials destroy handler due to the
failure to free a Kerberos 5 context.
- Properly match principals and realms when importing credentials from
the MSLSA cache.
- Determine the correct credentials cache to place imported
credentials in by checking the configuration for preferred cache
name.
- Keep track of identities where credentials imports have occurred.
- When setting the default identity, ignore the KRB5CCNAME environment
variable.
- Do not re-compute the credentials cache and timestamps when updating
an identity. The cache and timestamp information is computed when
listing credentials and do not change between listing and identity
update.
- When refreshing the default identity, also handle the case where the
default credentials cache does not contain a principal, but the name
of the cache can be used to infer the principal name.
- Invoke a listing of credentials after a successful import.
- Do not free a Kerberos 5 context prematurely during plug-in
initialization.
netidmgr.exe (1.1.6.0)
- Fix the UI context logic to handle layouts which aren't based around
identities.
- Don't try to show a property sheet when there are no property pages
supplied for the corresponding UI context.
- Use consistent context menus.
- Bring a modal dialog box to the foreground when it should be active.
- Do not accept action triggers when the application is not ready to
process actions yet.
- Do not force the new credentials dialog to the top if there's
already a modal dialog box showing.
- Change the default per-identity layout to also group by location.
ticket: 4798
version_fixed: 1.4.5
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18829 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18785 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18783 dc483132-0cff-0310-8789-dd5450dbe970
|
|
r18781@cathode-dark-space: jaltman | 2006-11-08 18:59:58 -0500
ticket: new
tags: pullup
subject: commit for KFW 3.1 beta 3 (part two)
remove prototype for removed function
ticket: 4675
version_fixed: 1.4.5
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18782 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18780 dc483132-0cff-0310-8789-dd5450dbe970
|
|
r18767@cathode-dark-space: jaltman | 2006-11-08 04:58:49 -0500
ticket:new
tags: pullup
subject: commits for KFW 3.1 Beta 3
KfW 3.1 beta 3 (NetIDMgr 1.1.4.0)
source for 1.1.4.0
- Eliminate unused commented out code.
nidmgr32.dll (1.1.4.0)
- The configuration provider was incorrectly handling the case where a
configuration value also specifies a configuration path, resulting
in the configuration value not being found. Fixed.
- Fix a race condition when refreshing identities where removing an
identity during a refresh cycle may a crash.
- Fix a bug which would cause an assertion to fail if an item was
removed from one of the system defined menus.
- When creating an indirect UI context, khui_context_create() will
correctly fill up a credential set using the selected credentials.
krb5cred.dll (1.1.4.0)
- Fix a race condition during new credentials acquisition which may
cause the Krb5 plug-in to abandon a call to
krb5_get_init_creds_password() and make another call unnecessarily.
- If krb5_get_init_creds_password() KRB5KDC_ERR_KEY_EXP, the new
credentials dialog will automatically prompt for a password change
instead of notifying the user that the password needs to be changed.
- When handling WMNC_DIALOG_PREPROCESS messages, the plug-in thread
would only be notified of any changes to option if the user
confirmed the new credentials operation instead of cancelling it.
- Additional debug output for the DEBUG build.
- Reset the sync flag when reloading new credentials options for an
identity. Earlier, the flag was not being reset, which can result
in the new credentials dialog not obtaining credentials using the
new options.
- Handle the case where the new credentials dialog maybe closed during
the plug-in thread is processing a request.
- Fix a condition which would cause the Krb5 plug-in to clear the
custom prompts even if Krb5 was not the identity provider.
- Once a password is changed, use the new password to obtain new
credentials for the identity.
netidmgr.exe (1.1.4.0)
- Fix a redraw issue which left areas of the credentials window
unupdated if another window was dragged across it.
- Handle WM_PRINTCLIENT messages so that the NetIDMgr window will
support window animation and other features that require a valid
WM_PRINTCLIENT handler.
- During window repaints, NetIDMgr will no longer invoke the default
window procedure.
- Add support for properly activating and bringing the NetIDMgr window
to the foreground when necessary. If the window cannot be brought
to the foreground, it will flash the window to notify the user that
she needs to manually activate the NetIDMgr window.
- When a new credentials dialog is launched as a result of an external
application requesting credentials, if the NetIDMgr application is
not minimized, it will be brought to the foreground before the new
credentials dialog is brought to the foreground. Earlier, the new
credentials dialog may remain hidden behind other windows in some
circumstances.
- When displaying custom prompts for the new credentials dialog, align
the input controls on the right.
ticket: 4667
version_fixed: 1.4.5
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18769 dc483132-0cff-0310-8789-dd5450dbe970
|
|
r18764@cathode-dark-space: jaltman | 2006-11-06 16:55:13 -0500
ticket: new
tags: pullup
subject: krb5_get_init_creds_password does not consistently prompt for password changing
krb5_get_init_creds_password() previously did not consistently
handle KRB5KDC_ERR_KEY_EXP errors. If there is a "master_kdc"
entry for the realm and the KDC is reachable, then the function
will prompt the user for a password change. Otherwise, it will
return the error code to the caller. If the caller is a ticket
manager, it will prompt the user for a password change with a
dialog that is different from the one generated by the prompter
function passed to krb5_get_init_creds_password.
With this change krb5_get_init_creds_password() will always
prompt the user if it would return KRB5KDC_ERR_KEY_EXP unless
the function is compiled with USE_LOGIN_LIBRARY. (KFM)
ticket: 4639
version_fixed: 1.4.5
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18768 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18687 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18685 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ticket: 4407
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18684 dc483132-0cff-0310-8789-dd5450dbe970
|
|
ticket: 4407
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18683 dc483132-0cff-0310-8789-dd5450dbe970
|
|
r18670@cathode-dark-space: jaltman | 2006-10-09 14:08:10 -0400
ticket: new
subject: final commits for KFW 3.1 Beta 2
tags: pullup
krb5cred.dll (1.1.2.0)
- Fix the control logic so that if the password is expired for an
identity, the krb5 credentials provider will initiate a change
password request. Once the password is successfully changed, the
new password will be used to obtain new credentials.
- Fix an incorrect condition which caused the new credentials dialog
to refresh custom prompts unnecessarily.
- Removing an identity from the list of NetIDMgr identities now causes
the corresponding principal to be removed from the LRU principals
list.
- Properly handle KMSG_CRED_PROCESS message when the user is
cancelling out.
- Add more debug output
- Do not renew Kerberos tickets which are not initial tickets.
- Fix whitespace in source code.
- When providing identity selection controls, disable the realm
selector when the user specifies the realm in the username control.
- k5_ident_valiate_name() will refuse principal names with empty or
unspecified realms.
- When updating identity properties, the identity provider will
correctly set the properties for identities that were destroyed.
This fixes a problem where the values may be incorrect if an
identity has two or more credential caches and one of them is
destroyed.
nidmgr32.dll (1.1.2.0)
- Send out a separate notification if the configuration information
associated with an identity is removed.
- If an identity is being removed from the NetIDMgr identity list in
the configuration panel, do not send out APPLY notifications to the
subpanels after the configuration information has been removed.
Otherwise this causes the configuration information to be reinstated
and prevent the identity from being removed.
- Properly initialize the new credentials blob including the UI
context structure.
netidmgr.exe (1.1.2.0)
- When suppressing error messages, make sure that the final
KMSG_CRED_END notification is sent. Otherwise the new credentials
acquisition operation will not be cleaned up.
- Autoinit option now checks to see if there are identity credentials
for the default identity and triggers the new credentials dialog if
there aren't any.
- Properly synchronize the configuration node list when applying
changes (e.g.: when removing or adding an identity).
- Fix a handle leak when removing an identity from the NetIDMgr
identity list.
- Refresh the properties for the active identities before calculating
the renewal and expiration timers. Otherwise the timestamps being
used might be incorrect.
- Add Identity dialog (in the configuration panel) now uses the
identity selection controls provided by the identity provider.
- Improve type safety when handling timer refreshes.
- When getting the expiration times and issue times for an identity,
the timer refresh code may fail over to the expiration and issue
times for the credential it is currently looking at. Now the code
makes sure that both the issue and expiration times come from the
identity or the credential but not mixed.
- Not being able to get the time of issue of a credential now does not
result in the credential being skipped from the timer refresh pass.
However, not having a time of issue will result in the half-life
algorithm not being applied for the renew timer.
- Fix a bug which caused a credential to be abandoned from the timer
refresh pass if the reamining lifetime of the credential is less
than the renewal threshold.
- Fix a bug where the vertical scroll bars for the hypertext window
would not appear when the contents of the window changed.
- Trigger a refresh of the configuration nodes when adding or removing
an identity.
source for (1.1.2.0)
- Explicitly include <prsht.h> so that the SDK can be used in build
environments that define WIN32_LEAN_AND_MEAN.
ticket: 4407
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18682 dc483132-0cff-0310-8789-dd5450dbe970
|
|
r18561@cathode-dark-space: jaltman | 2006-09-05 14:47:29 -0400
ticket: new
subject: windows ccache and keytab file paths without a prefix
ktbase.c, ccbase.c: When a file path is specified without
the prefix we must infer the use of the "FILE" prefix.
However, we were setting the prefix including the colon
separator when the separator should have been ignored.
ticket: 4237
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18624 dc483132-0cff-0310-8789-dd5450dbe970
|
|
r18609@cathode-dark-space: jaltman | 2006-09-24 10:30:29 -0400
ticket: 4312
Implement renew credential functionality which was inadvertently
left out.
ticket: 41312
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18622 dc483132-0cff-0310-8789-dd5450dbe970
|
|
r18604@cathode-dark-space: jaltman | 2006-09-21 17:49:41 -0400
ticket: new
subject: KFW 3.1 Beta 2 NetIDMgr Changes
component: windows
tags: pullup
source for (1.1.0.1)
- Updated documentation with additional information and fixed errors.
nidmgr32.dll (1.1.0.1)
- Fixed a deadlock in the configuration provider that may cause
NetIDMgr to deadlock on load.
- Prevent the configuration provider handle list from getting
corrupted in the event of a plug-in freeing a handle twice.
- Add more parameter validation for the configuration provider.
- If a plug-in is only partially registered (only some of the entries
were set in the registry), the completion of the registration didn't
complete successfully, leaving the plug-in in an unusable state.
This has been fixed. Plug-ins will now successfully complete
registration once they are loaded for the first time, assuming the
correct resources are present in the module.
- Fixed notifications for setting a default identity. Notifications
were not being properly sent out resulting in the credentials window
not being updated when the default identity changed.
- Changes to the API for type safety.
- Handling of binary data fields was changed to support validation and
comparison.
- Data types that do not support KCDB_CBSIZE_AUTO now check for and
report an error if it is specified.
- Password fields in the new credentials dialog will trim leading and
trailing whitespace before using a user-entered value.
- Change password action will no longer be disabled if no identity is
selected. An identity selection control is present in the dialog
making this restriction unnecessary.
- When renewing credentials, error messages will be suppressed if the
renewal was for an identity and the identity does not have any
identity credentials associated with it.
- Error messages that are related to credentials acquisition or
password changes will now display the name of the identity that the
error applies to.
- Automatic renewals now renews all identities that have credentials
associated with them instead of just the default identity.
- Fixed a bug where error messages did not have a default button which
can be invoked with the return key or the space bar.
- The new credentials window will force itself to the top. This can
be disabled via a registry setting, but is on by default.
- Fixed the sort order in the new credentials tabs to respect sort
hints provided by plug-ins.
- If a new credentials operation fails, the password fields will be
cleared.
- Once a new credentials operation starts, the controls for specifying
the identity and password and any other custom prompts will be
disabled until the operation completes.
- Notifications during the new credentials operation now supply a
handle to the proper data structures as documented.
- Hyperlinks in the new credentials dialog now support markup that
will prevent the dialog from switching to the credentials type panel
when the link is activated.
- If there are too many buttons added by plug-ins in the new
credentials dialog, they will be resized to accomodate all of them.
- The options button in the new credentials dialog will be disabled
while a new credentials operation is in progress.
- The 'about' dialog retains the original copyright strings included
in the resource.
- Multiple modal dialogs are now supported. Only the topmost one will
be active. Once it is closed, the other dialogs will gain focus in
turn. This allows for error messages to be displayed from other
modal dialogs.
- The hypertext window supports italics.
krb4cred.dll (1.1.0.1)
- Fixed a bug where the plug-in would attempt to free a handle twice.
- Fixed a handle leak.
- Changed the facility name used for event reporting to match the
credentials type name.
krb5cred.dll (1.1.0.1)
- Fixed handling of expired passwords. If the password for an
identity is found to have expired at the time a new credentials
acquisition is in progress, the user will be given an opportunity to
change the password. If this is successful, the new credentials
operation will continue with the new password.
- Prevent the new credentials dialog from switching to the Kerberos 5
credentials panel during a password change.
- Prompts that were cached indefinitely will now have a limited
lifetime. Prompt caches that were created using prior versions of
the plug-in will automatically expire.
- Multistrings in the resource files were converted to CSV to protect
them against a bug in Visual Studio 2005 which corrupted
multistrings.
- Added handling of and reporting WinSock errors that are returned
from the Kerberos 5 libraries.
- Fixed uninitialized variables.
- The username and realm that is entered when selecting an identity
will be trimmed of leading and trailing whitespace.
- Changed the facility name used for event reporting to match the
credentials type name.
ticket: 4312
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18621 dc483132-0cff-0310-8789-dd5450dbe970
|
|
r18603@cathode-dark-space: jaltman | 2006-09-21 12:18:26 -0400
ticket: new
subject: NSIS installer - update for Win2K NetIDMgr
tags: pullup
Install the Win2K specific binaries for NetIDMgr on Win2K
ticket: 4310
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18618 dc483132-0cff-0310-8789-dd5450dbe970
|
|
r18602@cathode-dark-space: jaltman | 2006-09-21 11:54:05 -0400
ticket: 4309
oops, make sure we install from the correct source file
on Windows 2000
ticket: 4309
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18615 dc483132-0cff-0310-8789-dd5450dbe970
|
|
r18601@cathode-dark-space: jaltman | 2006-09-21 10:58:40 -0400
ticket: new
subject: wix installer - win2k compatibility for netidmgr
tags: pullup
Install the special win2k version of nidmgr32.dll
on Windows 2000 systems.
ticket: 4309
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18614 dc483132-0cff-0310-8789-dd5450dbe970
|
|
r18600@cathode-dark-space: jaltman | 2006-09-20 22:43:12 -0400
ticket: new
subject: windows thread support frees thread local storage after TlsSetValue
tags: pullup
threads.c: The return value of TlsSetValue is non-zero on
success. As a result of misinterpreting the
return value, the memory set in TLS is then freed.
A subsequent call to TlsGetValue returns the
invalid pointer.
ticket: 4305
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18611 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18532 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18530 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18529 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18528 dc483132-0cff-0310-8789-dd5450dbe970
|
|
r18498@cathode-dark-space: jaltman | 2006-08-22 22:28:05 -0400
ticket: 4172
* install NetIDMgr plug-in sample as part of SDK
* install netidmgr.exe (win2000 version)
ticket: 4172
version_fixed: 1.4.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18505 dc483132-0cff-0310-8789-dd5450dbe970
|
|
r18497@cathode-dark-space: jaltman | 2006-08-22 22:18:00 -0400
ticket: 4172
* newcredwnd.c - erase the password field on error
during new credential acquisition
ticket: 4172
version_fixed: 1.4.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18504 dc483132-0cff-0310-8789-dd5450dbe970
|
|
r18496@cathode-dark-space: jaltman | 2006-08-22 22:17:12 -0400
ticket: 4172
* Fix auto-registration of plug-in modules
if there is no plug-in list specified
ticket: 4172
version_fixed: 1.4.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18503 dc483132-0cff-0310-8789-dd5450dbe970
|
|
r18495@cathode-dark-space: jaltman | 2006-08-22 22:15:52 -0400
ticket: 4172
* Makefile - do not etag the Win2000 version of
the NetIDMgr.exe
ticket: 4172
version_fixe: 1.4.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18502 dc483132-0cff-0310-8789-dd5450dbe970
|
|
r18494@cathode-dark-space: jaltman | 2006-08-22 18:12:15 -0400
ticket: new
subject: improvements to netidmgr dialogs
* ensure that buttons are disabled while
actions are in process
* allow plug-ins to specify italic text
* fix some documentation
* reformat langres.rc
ticket: 4172
version_fixed: 1.4.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18501 dc483132-0cff-0310-8789-dd5450dbe970
|
|
r18475@cathode-dark-space: tlyu | 2006-08-21 16:31:51 -0400
ticket: new
subject: clean up mkrel patchlevel.h editing etc.
tags: pullup
target_version: 1.5.1
* src/util/mkrel: Be more careful editing KRB5_RELDATE. Delete
'$ac_config_fragdir' autoconf droppings.
ticket: 4168
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18493 dc483132-0cff-0310-8789-dd5450dbe970
|
|
r18464@cathode-dark-space: jaltman | 2006-08-16 21:21:00 -0400
ticket: new
subject: NetIDMgr Credential Provider Sample Code and Documentation
tags: pullup
This commit provides a template for a Network Identity Manager
Credential Provider. It doesn't provide any real functionality
but it does provide all of the functions that need to be specified
and filled in as part of the process of producing a NetIdMgr plug-in.
This code should be pulled up to 1.4.x for inclusion in the KFW 3.1
SDK as well as to 1.5.x.
ticket: 4147
version_fixed: 1.4.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18490 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18457 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18455 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18454 dc483132-0cff-0310-8789-dd5450dbe970
|
|
r18438@cathode-dark-space: tlyu | 2006-08-15 15:27:08 -0400
ticket: 4137
* src/clients/ksu/main.c (sweep_up): Don't check return value of
krb5_seteuid(0), as it is not harmful for it to fail, and it will
fail after setuid(target_user). Correct error message.
ticket: 4138
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18440 dc483132-0cff-0310-8789-dd5450dbe970
|
|
r18420@cathode-dark-space: tlyu | 2006-08-08 15:26:40 -0400
ticket: new
subject: fix MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities
target_version: 1.5.1
tags: pullup
* src/appl/gssftp/ftpd/ftpd.c (getdatasock, passive):
* src/appl/bsd/v4rcp.c (main):
* src/appl/bsd/krcp.c (main):
* src/appl/bsd/krshd.c (doit):
* src/appl/bsd/login.c (main):
* src/clients/ksu/main.c (sweep_up):
* src/lib/krb4/kuserok.c (kuserok): Check return values from
setuid() and related functions to avoid privilege escalation
vulnerabilities. Fixes MITKRB5-SA-2006-001. [CVE-2006-3083,
VU#580124, CVE-2006-3084, VU#401660]
ticket: 4126
version_fixed: 1.4.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18422 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18393 dc483132-0cff-0310-8789-dd5450dbe970
|
|
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18390 dc483132-0cff-0310-8789-dd5450dbe970
|
|
r18387@cathode-dark-space: jaltman | 2006-07-25 09:59:30 -0400
ticket: new
subject: Windows - fix kfwlogon for Windows 2000
tags: pullup
Windows 2000 does not support the ability to generate SIDs
from symbolic names.
Add more debugging and error condition checks.
ticket: 4053
version_fixed: 1.4.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18388 dc483132-0cff-0310-8789-dd5450dbe970
|
