Tom Yu [Wed, 29 Mar 2006 03:25:32 +0000 (03:25 +0000)]
Interim commit containing SPNEGO changes resulting from interop
testing with MS. Handle SPNEGO optimistic OID vs mech token OID
mismatches which result from "wrong" MS krb5 OID, at least somewhat,
and don't be as aggressive about mechListMIC.
Tom Yu [Mon, 27 Mar 2006 16:04:16 +0000 (16:04 +0000)]
* g_initialize.c (init_hardcoded): Re-order to put SPNEGO first
for testing purposes.
(gssint_mechglue_init, gssint_mechglue_fini): Initialize and
destroy g_mechSetLock.
Tom Yu [Sun, 5 Mar 2006 22:44:56 +0000 (22:44 +0000)]
* svc_auth_gssapi.c (svcauth_gssapi_unset_names): Don't reset
server_creds_count after the first loop; it counts both
server_creds_list and server_name_list.
Tom Yu [Fri, 30 Dec 2005 22:33:24 +0000 (22:33 +0000)]
* gc_frm_kdc.c: Rewrite to modularize significantly. (~400-line
functions do not deserve to live.) The outer loop no longer
explicitly attempts the direct path to the target; that attempt
has been folded into the inner loop. Remove some redundant
credential lookups present in the old code. Treat unexpected
realm referrals as soft errors, in case some intermediate KDC
disagrees with client regarding a transit path.
Tom Yu [Wed, 28 Dec 2005 23:02:32 +0000 (23:02 +0000)]
* gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): Cause free_tgt and
free_otgt to track the states of tgt and otgt correctly, to avoid
a double-free condition which previously happened when this
function returned to krb5_get_credentials(), which proceeded to
free a previously freed TGT in the returned TGT list.
Jeffrey Altman [Thu, 8 Dec 2005 06:58:15 +0000 (06:58 +0000)]
Network Identity Manager - Fix module loading when en_US locale cannot be loaded
The identity manager is designed for internationalization. However, it only ships with
modules for the en_US locale. Designing modules for other locales was beyond our the
reach of available resources. This patch will force the use of en_US when modules
matching the installed user and system locales cannot be found.
ticket: new
status: resolved
target_version: 1.4.4
tags: pullup
Jeffrey Altman [Fri, 2 Dec 2005 10:34:34 +0000 (10:34 +0000)]
Network Identity Manager updates for KFW 3.0 Beta 3
Fix the handling of case sensitive names being stored in the
registry. Only apply case sensitive encoding logic to the
keys below the NetIdMgr key.
Fix the importing of credentials from MSLSA:
Apply an ugly hack to krb5configcc.c that forces _WIN32_WINNT
to 0x0501 for the one file so that the executable can be built
as APPVER=5.0 and yet still gain access to balloon tips on XP
and above.
ticket: new
component: windows
status: open
target_version: 1.4.4
Jeffrey Altman [Fri, 2 Dec 2005 10:29:29 +0000 (10:29 +0000)]
Wix MSI installer for KFW 3.0 Beta 3
Add operating system version check to ensure it is not
installed on Windows 95, 98, ME or NT 4.0
Break out the license text into its own file
Restructure the installer to allow either NetIdMgr or Leash
to be selected (by transform only) as the credentials manager.
The default is to use NetIdMgr.
ticket: new
component: windows
status: resolved
target_version: 1.4.4
tags: pullup
Jeffrey Altman [Wed, 30 Nov 2005 16:06:00 +0000 (16:06 +0000)]
Remove the case sensitive comparisions of registry entry
and schema strings. Microsoft uses HKLM\"SOFTWARE" and
HKCU\"Software". This means the encoding schema that was
selected does not work and the conflict in case prevents
plugins from being loaded.
Better to enable plugins to work than to allow two realms
that differ only by case on the same platform during the
beta.
Jeffrey Altman [Tue, 29 Nov 2005 22:22:43 +0000 (22:22 +0000)]
KFW Logon Network Provider
The Logon Network Provider works like the OpenAFS Integrated
Logon. It uses the username entered by the user and the
default realm obtained from krb5.ini and the user entered
password. If possible, tickets are obtained and imported
into the user's CCAPI credential cache.
ticket: new
component: windows
target_version: 1.4.4
status: resolved
tags: pullup
Ken Raeburn [Tue, 29 Nov 2005 07:38:45 +0000 (07:38 +0000)]
Tru64 compilation fails after k5-int.h/krb5.h changes
Due to some silliness in db-config.h and the Tru64 system header files, an
accidental change in the order of inclusion of certain headers caused the build
to fail.
With this patch, "make all" succeeds, but "make check" fails partway through;
I'm still investigating, and don't know at this point if there are additional
compilation problems.
* policy_db.h: Include db.h after gssrpc/types.h, to fix compilation on Tru64.
Ken Raeburn [Tue, 29 Nov 2005 04:31:03 +0000 (04:31 +0000)]
* shlib.conf (*-*-solaris*): Include $(CFLAGS) in LDCOMBINE. Don't use
compiler command-line options for initializers for Solaris 7 and earlier native
compilers.
Ken Raeburn [Fri, 18 Nov 2005 01:22:06 +0000 (01:22 +0000)]
Fix additional cases where krb5.h is included before k5-int.h. In most cases,
it suffices to remove the inclusion of k5-int.h, sometimes including errno.h or
another header. In a couple cases, include order has been changed, or k5-int.h
has been included instead of krb5.h.
Jeffrey Altman [Tue, 15 Nov 2005 00:31:41 +0000 (00:31 +0000)]
This commit ensures that all files in the library include
k5-int.h before krb5.h is included either directly or
indirectly. This is to allow Kerberos to use pre-processor
symbols to choose configurations of C run time library headers
without affecting third party applications.
Jeffrey Altman [Tue, 15 Nov 2005 00:16:17 +0000 (00:16 +0000)]
* Correct function prototypes that should have been using
krb5_timestamp in order to prevent type conflicts if
krb5_timestamp ever becomes a 64-bit value
* Force the use of 32-bit time_t with Microsoft's VS 2005
compiler on 32-bit platforms
Jeffrey Altman [Tue, 1 Nov 2005 04:23:52 +0000 (04:23 +0000)]
For KFW 3.0 Beta 1
- supports Network Identity Manager framework
- moves leash32.exe to a new disabled component
- auto-generates a new product id with each build
Jeffrey Altman [Mon, 31 Oct 2005 19:23:19 +0000 (19:23 +0000)]
* acquire_cred.c (acquire_init_cred):
If a specific principal has been requested, attempt to acquire
tickets and set the ccache name in the context to the ccache
containing the tickets if obtained. (KFM/KFW)
* ccdefault.c:
(krb5int_cc_default) - add KFW support for multiple ccaches
When passed GSS_C_INITIATE and a non-NULL desired name, gss_acquire_cred
should search the available credentials caches rather than simply failing
if tickets for the desired client principal are not in the default ccache.
(this is the KfM-specific portion of the patch -- still need KfW portion)
Ken Raeburn [Thu, 27 Oct 2005 09:38:05 +0000 (09:38 +0000)]
If configure scripts set build_dynobj=yes, force build of shared objects and
not static objects; set it in the db2 directories. Fix up some bugs in Mac
support just checked in for building plugin modules.
Ken Raeburn [Thu, 27 Oct 2005 06:59:22 +0000 (06:59 +0000)]
Roll all the "make depend" transformations into one perl script
* util/depfix2.pl: Incorporate all substitutions from depfix.sed.
* util/depfix.sed: Deleted.
* config/post.in (.depend): Don't run sed, just use perl.
Ken Raeburn [Thu, 27 Oct 2005 05:19:45 +0000 (05:19 +0000)]
Allow dynamic-object dependencies and build flags to be specified as distinct from
shared-library dependencies and flags. Define them for the Mac, default to same as
shared-library versions on other platforms.
* config/shlib.conf: Set DYNOBJ_EXPDEPS and DYNOBJ_EXPFLAGS.
(*-*-darwin*): Change MAKE_DYNOBJ_COMMAND definition to use DYNOBJ_EXPFLAGS and
DYNOBJ_LOADER_PROG instead of SHLIB_EXPFLAGS and a hardcoded pathname to the KDC binary,
respectively.
* config/pre.in (DYNOBJ_EXPDEPS, DYNOBJ_EXPFLAGS): New variables.
* config/libnover.in ($(LIBBASE)$(DYNOBJEXT)): Use DYNOBJ_EXPDEPS instead of SHLIB_EXPDEPS
in dependencies.
* aclocal.m4 (KRB5_BUILD_LIBRARY_WITH_DEPS): Substitute DYNOBJ_EXPDEPS and DYNOBJ_EXPFLAGS.
* modules/kdb/db2/Makefile.in (DYNOBJ_LOADER_PROG, DYNOBJ_EXPFLAGS_WITH_LOADER,
DYNOBJ_EXPDEPS_WITH_LOADER): New variables.
Ken Raeburn [Fri, 21 Oct 2005 01:17:20 +0000 (01:17 +0000)]
Jeff's patches for a multi-threaded gss-sample suite, modified to not break the
single-threaded UNIX case. (Tested on Linux/x86.) Needs stylistic cleanup at
some point.
Jeffrey Altman [Thu, 20 Oct 2005 20:03:03 +0000 (20:03 +0000)]
gssapi_krb5.hin: Add missing GSS_DLLIMP modifiers to all exported
data objects exported from the gssapi32.lib so that the applications
that link to it know that it is there.
projects / thirdparty / krb5.git / log
