git.ipfire.org Git - thirdparty/krb5.git/log

Add MIT krb5.ini to wix install directory

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit e64881df8e19d05edbc7bd945e2c636c0e0e719d)

ticket: 7315
status: resolved

Fix installer UI field sizes

Increase title control height to make all text visible.
Adjust position of description controls accordingly.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit b0d017d514d6dd31128178e26e90c84c0dbe11d8)

ticket: 7314
status: resolved

KfW release branch updates for kfw-4.0-beta1

In src/windows/kerberos.ver:
define KRB5_RELTAIL "beta1"
define KRB5_RELTAG "KFW 4.0 beta1"
In src/windows/installer/wix/site-local.wxi:
define Beta="1"

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
[tlyu@mit.edu: squashed with a fixup commit]

Fix ribbon label hotkeys

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 29fd9ddb83f010bae29b7caa9b7cf66271ab93e0)

ticket: 7311
status: resolved

Fix menu text change breakage

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 388c05bb286e6db54ef7d9aaf15febea58f25107)

ticket: 7310
status: resolved

Help -- remove principal drop-down refs

Also a couple of minor fixups.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 00094ef726a07f8848627d1d1024008c5bc1d039)

ticket: 7309
status: resolved

Disable import/export buttons and checkbox

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit a356bbf948c9b3773196c337972f26bc091d78a2)

ticket: 7308
status: resolved

Update kfw installer OS version checks

Require XP SP3 or Vista SP2 or Windows 7 or Server 2003 or Server 2008

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 00f5923dd95dac8d98d4058887d144602bbd1f9f)

ticket: 7307
status: resolved

Call CWinAppEx::InitInstance()

Without this, AfxGlobalsAddRef() is never called, so AfxGlobalsRelease()
does nothing, causing many leaks and a crash on exit in GdiplusShutdown()
on Vista.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 78b3e95e27ee1f53fc9e7cb2efda617ccd761bd7)

ticket: 7306
status: resolved

Remove unused leashdll functions

-not_an_API_LeashKRB5GetTickets
-not_an_API_LeashKRB5FreeTickets
and supporting routines. Also remove the unused support routine one_addr.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
[kaduk@mit.edu: adjust commit message]

(cherry picked from commit 4b7fb670f3bad1c4f2251f5d1b7c7047ea6dd744)

ticket: 7305
status: resolved

'Destroy tickets on exit' destroys all tickets

Previously destroyed only default ccache and used obsolete functions.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit cc96011e055131c81f224e126260f25c5318d97b)

ticket: 7304
status: resolved

Use cc_user_set_default_name to 'make default'

In addition to calling krb5_cc_switch(), use
krb5int_cc_user_set_default_name() in CLeashView::OnMakeDefault()
to set the default ccache for all processes for the current user.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 84b0d77e7d9d8f4a733bc0d71afb7815584d1c12)

ticket: 7303
status: resolved

Minor 'Get Tickets' dialog fixes

-Move 'Remember this principal' and keep visible even when 'advanced'
options are hidden.
-Increase size of 'Forwardable and Proxiable' checkbox.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit eb952e349c4e37b81b3f1f30faba6fb707f67dca)

ticket: 7301
status: resolved

Help updates for kfw 4.0

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
[kaduk@mit.edu: Squash commits, a couple of grammar fixes, and also turn
a few instances of "Leash" into "MIT Kerberos". Trim trailing whitespace
and other whitespace tweaks to pass the commit hooks.]

(cherry picked from commit 095ae2aa5072282f4b1842e78baeb4c82bd31098)

ticket: 7300
queue: kfw
status: resolved

Reduce 'get tickets' dialog height

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit bdcc614a53e1567e5e1f23db9c578b482641cf99)

ticket: 7299
status: resolved

Add 'Remember this principal' checkbox

Added to the 'Get Tickets' dialog.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 4c6bbfe0aa0faa166b1a1096a79dfc1d43e77023)

ticket: 7298
status: resolved

Update kfw change password dialog

Use combined username/realm principal edit control.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 16eb02cfaad02444e553c9a7af37917f02c60ba2)

ticket: 7297
status: resolved

KfW rename lacFoo -> Leash_pec_

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit e2b8cf10d536eeb1616f5b5e40fd41c691f24e29)

ticket: 7294
status: resolved

KfW make 64-bit MSI include 32-bit dlls

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 7f73cad3f08eadaa38299d004ac721cea74a0658)

ticket: 7293
status: resolved

Rename "Leash" to "MIT Kerberos"

In the executable name and many GUI elements.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit e2b8ec99dd4a898d29eab8f5ed19f03b238fef0f)

ticket: 7292
status: resolved

KfW GUI -- clean up 'About' dialog

By default, hide the debug list of loaded modules; change LeashView.cpp
and recompile to get the list.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 3b976d4c094f0d0589468fda5f4debbb50345f20)

ticket: 7291
status: resolved

KfW update copyright date (2012) for all modules

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit b9e412c29acc4469b50e86a070d3532751e66b61)

ticket: 7290
status: resolved

KfW WiX installer update copyright notice

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 8ad46fde4b39ac8c3dca1d0eacdf1ee35fa8d8ca)

ticket: 7289
status: resolved

Remove copyright/version from Get Tickets dialog

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 5a00a830a01f1d0699bd316122a1475a4f92e9fb)

ticket: 7288
status: resolved

KfW GUI -- add 'Options' category

Move 'View' and 'Options' panels from Home to Options category.
Rename to 'View Options' and 'Ticket Options' respectively.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit b657cf2a8b0f37d5a9908ba4c078794e54ea9ad7)

ticket: 7287
status: resolved

Use bold for entire row for default principal

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 5d6ed004b535a9d8bd7beb3f543fcf470d9d31fa)

ticket: 7286
status: resolved

Rename 'Get Ticket' to 'MIT Kerberos: Get Ticket'

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 3321554947a7930b0fe9bb6fdd89ccbbc5b4fd1c)

ticket: 7284
status: resolved

KfW GUI -- abbreviate durations

Map days -> d; hours -> h; minutes -> m

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit d3bad500077b597b28864abdbe003dbb99ffcc90)

ticket: 7285
status: resolved

Change 'Get Ticket' to 'MIT Kerberos: Get Ticket'

Also improve string copy safety.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 4ae7790a9be2b7c5534362381f9cf932ae96ff29)

ticket: 7284
status: resolved

Rename and move 'Clear Principal History'

Move it closer to the Principal edit box and rename to 'Clear History'

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit baa28cb97e5129bfa4d8fed37f34d7a688c03f42)

ticket: 7283
status: resolved

Merge forwardable/proxiable in Get Tickets dialog

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit a61dd883285b409ead60e1657b7ff15eb6eb63bb)

ticket: 7282
status: resolved

Update kfw ribbon button graphics

Integrate bmp's from ui team.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit b6c944374e010e6a92c530beac2003c700c5855c)

ticket: 7281
status: resolved

KfW GUI -- show ticket flags

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit ae2b7f989b34e14d03005fb5f45f3314ddab84b9)

ticket: 7280
status: resolved

KfW GUI -- update expand/collapse icon rendering

Use DrawThemeBackground() to draw the icons from the explorer treeview.

(cherry picked from commit 28d8e44e3474afcc1ea3b472c3336bd1017b55a6)

ticket: 7279
status: resolved

Fix leashdll code to search for existing tickets

When we have a desired principal, search the entire credential cache
collection for existing tickets for that principal before using a prompter.
If no principal is specified, check only the default cache.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 0fa2c69633bfcb6c10e50c25c8e7802e7b060d8c)

ticket: 7278
status: resolved

Use file mapping to marshall message data

GlobalAlloc() is no longer supported for this purpose.
Also split out leash message marshalling code into a separate function
acquire_tkt_send_message_leash and improve string copy safety.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit e2ad5d74adbf3edc8a7026cad8283c0077377e81)

ticket: 7276
status: resolved

Set kfw GUI read-only princ flag when appropriate

When receiving a request to obtain tickets (from another process), if a
particular principal is requested, set the read-only flag to prevent
the user from changing the principal.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit b89802f0a491c6e8c6a320bc1af2b2bbbdb92669)

ticket: 7275
status: resolved

Add 'read-only principal' flag

Reserve the high-order 16 bits of dlgtype for flags.
Add DLGFLAG_READONLY_PRINC. When specified, the get tickets dialog
does not allow the user to change the principal.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 88f425a7169a1f1d38b89d80a167f58e8ce475e8)

ticket: 7274
status: resolved

Send kfw 'obtain ticket' messages to main frame

Previous versions of kfw would attempt to send 'obtain tickets' messages
directly to the 'view' window by sending to the first child of the main
frame. But with the ribbon UI, the ribbon toolbar is now the first child,
so that method no longer works. Instead we now send the message to the
main frame and the main frame forwards to the active view.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 648f70f51ce7d130a2ba921c33f6cc152f097440)

ticket: 7273
status: resolved

Fix 'renewable' checkbox text

fix 'renwable' typo and pad size.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit e0026eb4a5c7958d047440e12cc234b7c9a09865)

ticket: 7272
status: resolved

Fix ribbon breakage

Controls were accidentally broken when moved

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit ade099f5ee2febb23e4ece85a20377f2af0b94c2)

ticket: 7271
status: resolved

Add Forget Principals to Get Tickets dialog

And remove remnants of it from the "more" panel.

Clear the registry key that stores the principal list.
Also clear the autocomplete strings on the active control.

[kaduk@mit.edu: squashed commits and rewrote commit message.]

(cherry picked from commit 1b80ae9b2c18a25447372871c48aecd17809e022)

ticket: 7269
status: resolved

KfW GUI -- add 'More' Panel

'Import Tickets', 'Export Tickets', and 'Forget Principals' buttons.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 58441c9c61f332315c8b68dc63e352426a6d7707)

ticket: 7268
status: resolved

Combine username and realm in get tickets dialog

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 1f311623467f479e6d8671c9802fe46e93aeb434)

ticket: 7266
status: resolved

Fix NSIS uninstall to work with UAC

Use ShellExecuteEx() to elevate privilege if CreateProcess() fails.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit d66fcb1784fc6b5a6b01748dda7f99e0afa3fc69)

ticket: 7265
status: resolved

KfW auto-complete support

Use the registry to store and retrieve principals for auto-complete.
Remember principals from successful autentications.
TODO: combine realm/username in principal; 'remember principal' checkbox;
reset button; add to support 'change password' dialog as well.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
[kaduk@mit.edu: style cleanup, copyright/license on new file.]

(cherry picked from commit 6201bbc23f1c307e6278af72eaa8e93dc898fedf)

ticket: 7264
status: resolved

C++ safety for leashdll.h

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 0101affa062aa34398bd571740d8d84f6bf45d4d)

ticket: 7270
status: resolved

Minor fixes for leashwin.h

-explicitly include krb5.h (for krb5_timestamp)
-add extern "C" scope for c++ compatibility

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 68c9b0afef303114c7a43cb90d2516e5d7e2d817)

ticket: 7267
status: resolved

Remove psapi.dll from installer

psapi.dll is a standard windows component; no need for kfw to redistribute.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 2de056b925cc80982d9a1d1c6e9f7c81ad413d68)

ticket: 7263
status: resolved

KfW GUI -- renew selected principals

The renew button should act on the current selection.
-auto-renew still only renews default ccache
-renew doesn't work for UAC-limited MSLSA

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit ba46ce0c0024b58b3d1b2e79384ec6e422ef40dd)

ticket: 7262
status: resolved

Update ribbon tooltip text

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 2db8f553df76e8086c0584e135701e584e83df87)

ticket: 7261

Add leak tracking support to Leash

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 9d7ce5070d6d5f8390b941cdb617c670f1bf0989)

ticket: 7260
status: resolved

Add defines for debug builds in win-pre.in

define DEBUG and _CRTDBG_MAP_ALLOC except for NODEBUG builds

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 768628d32f42027de9e591b2ef21d18bcb82f061)

ticket: 7259
status: resolved

Remove ID_ABOUT, add ID_IMPORT_TICKETS

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 6a4d85a234d08492ce832b90c7a9687f6f120760)

ticket: 7258
status: resolved

Fix tooltips for ribbon

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 4325ac72975587bb04b6cd85d45b4c0d7743b2e3)

ticket: 7257
status: resolved

Tooltip text fixes

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 1fa7efce6f65550dde470700ac8abbc96d532c57)

ticket: 7256
status: resolved

Set fCachesTicket=TRUE when no credentials

It is not really clear this is correct, but neither was the
previous behavior.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit c654e9c7436cdd57cb61c0bd29b26c79e3675a01)

ticket: 7255
status: resolved

Do not be over-restrictive in the presence of UAC

We used to explicitly check if a process was UAC-limited and deny all
access to the TGT in that case; however, this makes the MSLSA cache
effectively useless.
Do not try to outsmart UAC, and let it do its own checking -- this allows
UAC-limited access to the MSLSA ccache, which should mean read-write
access to service tickets, and write-only access to the TGT.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
[kaduk@mit.edu: delete instead of comment out, move comment.]

(cherry picked from commit 8020c64554dd25a4f09df8a28dca924c6ecb5608)

ticket: 7254
status: resolved

kfw support for multiple identities

We need a sense of what the default identity is, then, with a way
to set it and list it.
The memory management model changes some, as well.
Use a bold font to indicate the current default identity in the
GUI; while here use an italic font for expired credentials.

In the process, rip out some krb4 remenants, and remove ancient
code conditional on the lack of KRB5_TC_NOTICKET.

Define USE_MESSAGE_BOX when building leash and use MessageBox().

[kaduk@mit.edu: adjust for style, flesh out commit message.]

(cherry picked from commit 9bc411e72fce5bed3ed00ae5b09f8c239309bae0)

ticket: 7253
status: resolved

kfw get tickets dialog tweaks

"Options" button -> "Advanced Settings"
"Renew Till" -> "Renew Until"
"Kerberos 5 Options" -> "Flag this ticket as"

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit dbfd93ea15b12472e4612af928f8baabb2cda611)

ticket: 7252
status: resolved

kfw remove status bar

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 813ae03da33fc77e1fe0706a5fbbfd4070b79b7a)

ticket: 7251
status: resolved

Only create toolbar when not using ribbon UI

When we do create the toolbar, dock it.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 7fc182b343517278ba7c8dd5b338068c74d032c6)

ticket: 7250
status: resolved

Use ListView; add ViewColumn abstraction

Punting FormView since we really only need ListCtrl and using
ListView makes the header column and window resizing work.
The ViewColumn abstraction eliminates some copy/paste code blocks.
HDN_ITEMCHANGED tracks user changes to column widths.
Remove CTreeCtrl-related code.
Also remove some unused code that was generating warnings.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 9bb69f8f328c763fb5f91e7a0198232eea0c2beb)

ticket: 7249
status: resolved

kfw implement ribbon UI

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit b32bad9b36671702d439ee1089ce0060280f213b)

ticket: 7248
status: resolved

kfw "Initialize Ticket" -> "Get Ticket"

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit d0b0d8e231b27ff9e27b4615fceee094b06cf60c)

ticket: 7247
status: resolved

MSVC-generated updates to support ribbon UI

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
[kaduk@mit.edu: manually tweak to remove gratuitious churn]

(cherry picked from commit bf4cd552cbd64b7ec07dd999602ace7196c9a5f6)

ticket: 7246
status: resolved

Update leash icon and button graphics

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
[kaduk@mit.edu: While here, remove now-unused doghead icons.]

(cherry picked from commit 1f3db78954f891037120d45f9985470d6113421f)

ticket: 7245
status: resolved

Prep for KfW conversion to ribbon toolbar

Upgrade classes: CWinApp->CWinAppEx, CFrameWnd->CFrameWndEx,
CStatusBar->CMFCStatusBar, CToolBar->CMFCToolBar.
Call AfxOleInit() from CLeashApp::InitInstance()
Do not call LoadBarState() (crashes)
or GetToolBarCtrl() (no longer exists)

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 7a53399722e129ed9c00f0c37d0c20c0387c829d)

ticket: 7244
status: resolved

Leash UI menu updates

Eliminate Action menu:
-move Ticket manipulation to File menu
-eliminate "Reset Window Size/Pos", "Synchronize Time", and "Update Display"

Update Options menu:
-eliminate all the "Properties" items:
"Leash ", "Kerberos ", "Kerberos v4 ", "Kerberos v5 ", and "AFS"
TODO: move functionality to advanced install/registry keys.

Update View menu:
-add "Time Issued", "Renewable Until", "Flags", "Encryption Type",
and "Valid Until"
-remove "Large Icons", "Toolbar", "Status Bar", and "Debug Window"

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 3152a4c79e34b1954616a39e24c7d179cd08e0bb)

ticket: 7243
status: resolved

allow multiple Leash options; add -noribbon

Change option parsing to allow more than one option to be given.
Use the ribbon UI by default; -noribbon reverts to the old UI.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit d5cafe2f1016e18ac191528a0c24f8dc6fbeb1f2)

ticket: 7241
status: resolved

Target Windows Vista in leash/stdafx.h

Define WINVER and _WIN32_WINNT, to target Vista+ -- required for
ribbon ui.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit fed20805254a9b49c7e75ba83de2a95348b21c3b)

ticket: 7240
status: resolved

Change kfw destroy ticket confirmation message

OKCANCEL -> YESNO
Add MB_ICONEXCLAMATION
Change text

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 253b9a7f317d03c3392add07d3da2c4c4ecfc08f)

ticket: 7239
status: resolved

Load additional krb5 and come_err funcs

Required for multiple identity management and for migration of code from
leashdll to leash proper.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit fd2d1932d262e6e342f795f9aaab2da62585fae2)

ticket: 7238
status: resolved

Fix leak in cci_os_ipc_thread_init()

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 1aac6932b77e7dd13a43f1d098b39313dc6474ae)

ticket: 7237
version_fixed: 1.10.4
status: resolved

Remove unused struct and switch_to stubs

Only one mslsa ccache is supported, so switch_to is not needed.
Likewise, struct krb5int_lcc_iterator is unneccesary.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit c19826ccddd0d712ca581d67cdcf317c36dfaa85)

ticket: 7236
version_fixed: 1.10.4
status: resolved

Fix version info for Leash.exe

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 25494149ab80332392db396fecaf3e1cea9c1cba)

ticket: 7235
status: resolved

Remove preauth_sam2 from windows build

The source file preauth_sam2.c is not present on the krb5-1.10 branch,
so don't try building it.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
[tlyu@mit.edu: clarify commit message]

ticket: 7277 (new)
version_fixed: 1.10.4
status: resolved

Use gssalloc in krb5_gss_export_name

krb5_gss_export_name uses malloc to construct a gss_buffer_desc value,
and should use gssalloc_malloc instead.

(cherry picked from commit e54c8d7e6c6185ff4d0e1b472f98897c2e3fc5b3)

ticket: 7233
version_fixed: 1.10.4
status: resolved

Use gssalloc in more parts of GSSAPI

Fix some GSSAPI buffer allocations which were missed in
800358b1790ef82710af0b6021c6ff2dca2b0de7: gss_export_sec_context,
gss_display_name, and IAKERB and SPNEGO token construction.

(cherry picked from commit 45e4eaa298e0dcebef46d07a6acb54cd9affb2ca)

ticket: 7233

Avoid mapping GSSAPI minor code on success

In gssint_import_internal_name, don't map the minor code from
mech->gss_duplicate_name if it returned successfully. Fixes an
"unexpected non-zero minor status" error reported by SAP's gsstest
when it invokes gss_canonicalize_name().

(cherry picked from commit a02fcceeaeab1441d815255d569aaa6c193c2725)

ticket: 7194
version_fixed: 1.10.4
status: resolved

Update patchlevel.h for krb5-1.10.3-postrelease

Update README and patchlevel.h for krb5-1.10.3

Announce myself as a member of the Kerberos Team

(cherry picked from commit 1ee791dd47c94fc20a8f89008dfce9d4151f9878)

Regression tests for CVE-2012-1014, CVE-2012-1015

(cherry picked from commit 98d2c88615ebbaf2012d54a2e17aa3863ba4b7f6)

ticket: 7231
version_fixed: 1.10.3
status: resolved

Add missing quote to install-windows

(cherry picked from commit 0474c489f8298b82e33ae96f542484ec2ae6bd27)

ticket: 7230
version_fixed: 1.10.3
status: resolved

Further fixes for WSA/Posix error translation

Don't translate '0' (no error).
Handle WSAEAFNOSUPPORT and WSAEINVAL.
Add Posix->WSA translation.
Add default translation for unrecognized errors.

[ghudson@mit.edu: Merged with master and adjusted comments.]

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 66d8bb6d684f203d008409752c90355964443e3e)

Correct comments in port-sockets.h

(cherry picked from commit 666be8d6bd1063774c4260e2119ba4aed8fbfa9f)

ticket: 7228
version_fixed: 1.10.3

Fix oid set construction in gss_inquire_cred()

Use gssapi calls to construct the oid sets. It is not safe on windows
to use malloc to hand-construct the set and then call gss_release_oid_set()
to clean it up.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 4cfdf8da69f52c778af4faaea663981a67634bb6)

ticket: 7227
version_fixed: 1.10.3
status: resolved

Fix KDC uninit ptrs [CVE-2012-1014 CVE-2012-1015]

Fix KDC heap corruption and crash vulnerabilities [MITKRB5-SA-2012-001
CVE-2012-1014 CVE-2012-1015].

CVE-2012-1015: The cleanup code in kdc_handle_protected_negotiation()
in kdc_util.c could free an uninitialized pointer in some error
conditions involving "similar" enctypes and a failure in
krb5_c_make_checksum(). Initialize the pointer correctly.

Additionally, adjust the handling of "similar" enctypes to avoid
advertising enctypes that could lead to inadvertent triggering of
CVE-2012-1015 (possibly in unpatched KDCs).

CVE-2012-1014: process_as_req() could encounter an error condition
(typically a malformed AS-REQ message) that could cause its cleanup
code to dereference an uninitialized pointer, causing a crash.
Initialize the pointer correctly.

ticket: 7226 (new)
version_fixed: 1.10.3
status: resolved

__func__ -> __FUNCTION__ in disp_status.c

For MSVC compatibility

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 0552f29887201227788d1ca3df9d2b2c4f2447d2)

ticket: 7208
version_fixed: 1.10.3
status: resolved

Don't use syslog / LOG_DEBUG when they don't exist

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 5ae666d1591f5ab8bc1182d053cdda7ce9a855d2)

ticket: 7207
version_fixed: 1.10.3
status: resolved

Fix -DDEBUG compilation errors

(cherry picked from commit 7c3ecf5c77e33f6d04d6226b041071c6ce23b062)

ticket: 7150
version_fixed: 1.10.3
status: resolved

Remove DISABLE_TRACING from windows build

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 6931507c87d6139b1dcea2ea97a6e3b145287438)

ticket: 7215
version_fixed: 1.10.3
status: resolved

krb5_stdccv3_get_principal error handling fixup

Don't treat an error returned by krb5_parse_name as a cc-internal error.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit fbe77b2c7d4340097690cbed7b48fd9888feacd4)

ticket: 7214
version_fixed: 1.10.3
status: resolved

Implement cccol iterators for mslsa

Also implement switch_to stub

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 218193bb93d8cf9fd82087533c45602b6a8c5151)

Fix macro redefinition warnings in cc_mslsa.c

Include ntstatus.h and define WIN32_NO_STATUS before including winnt.h

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit ee6fbe222b34b28c617d4e6df994700af471b1b6)

fix leak in cc_mslsa.c

cc_name needs to be freed in krb5_lcc_close().

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit dcd9202f058830eacbbdfd0dd26bd82d8101e8fd)

ticket: 7213
version_fixed: 1.10.3
status: resolved

MSLSA Don't use lstrcpy on ANSI strings

Also change parameter types to eliminate casts.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 7acb524f5aa00274771dbbfac19d2dd779aad409)

ticket: 7212
version_fixed: 1.10.3
status: resolved

Remove the UNICODE defines from wshelper

wshelper is clearly not intended to use unicode:
wprintf is used extensively and exclusively to write to char[] buffers and
fields in dns structs are used as explicitly ASCII text.

Signed-off-by: Alexey Melnikov <aamelnikov@gmail.com>
(cherry picked from commit 7d156d88ce5cdc40b1df02f051d65b3ad93c60e1)

ticket: 7210
version_fixed: 1.10.3
status: resolved

Define USE_CCAPI_V3 in krb5/ccache on windows

USE_CCAPI_V3 provides cccol iteration support for ccapi.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 227a1b093cb22eb7c6d7fee0759f28816572db70)

Build lib/krb5/ccache/ccapi on Windows only

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 8c3d2bfab7017a587d0c9a7de262cdcf18ce21c8)

ticket: 7209
version_fixed: 1.10.3
status: resolved

Use %i, not %s to Tprintf GetLastError()

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 692c1ccea5af4549437937a424b64ab40178fcc2)

ticket: 7206
version_fixed: 1.10.3
status: resolved

KFW win-mac.h fixes

kfw: add int16_t, uint16_t typedefs to win-mac.h
uint16_t is used in chpw.c

include stdlib.h, crtdbg.h in win-mac.h

Allows leak-tracking using built-in msvc tools on windows.
crtdbg.h needs to come _after_ stdlib.h, but _before_ checking for
strdup. Define DEBUG and CRTDBG_MAP_ALLOC for full tracking.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit 0a27c56e300990909317630e626ccdd8ae8e7f41)

ticket: 7204
version_fixed: 1.10.3
status: resolved

kfw add preauth_sam2 to OBJS for windows build

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
(cherry picked from commit d319617ba9dd1256784fe325ae5a3858cf4603e7)

ticket: 7203
version_fixed: 1.10.3
status: resolved