Put athena-specific krb5.ini in athena subdir

The installer only picks it up if MIT_INTERNAL is defined in
the environment; otherwise it uses the now-empty krb5.ini in
the base directory.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7323 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

CCAPI client rpc fixes

On Windows XP, cci_os_ipc_thread_init() causes additional threads to be
spawned immediately, which results in a vicious cycle until Windows
resources are exhausted.  Instead, defer thread_init() until it is really
needed.

Also, use the MSDN-recommended defaults for RPC calls instead of random
constants.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7322 (new)
target_version: 1.10.4
tags: pullup

Handle missing autocomplete object gracefully

Don't crash if we can't create a CLSID_AutoComplete instance.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7321 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Add both x86 and x64 msm's to x64 installer

Since we have x86 dlls, we need the x86 msm's.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7320 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Use env to determine config in installer build

Use NODEBUG and DEBUG_SYMBOL from the environment to determine whether or
not to define Debug and DebugSyms for the installer build.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7319 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Use release MFC lib for NODEBUG builds

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7318 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Don't require pdbs for make install

When NODEBUG is defined and DEBUG_SYMBOL is not, no pdbs are generated.
This should not cause make install to fail.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7316 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Add MIT krb5.ini to wix install directory

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7315 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Fix installer UI field sizes

Increase title control height to make all text visible.
Adjust position of description controls accordingly.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7314 (new)
queue: kfw
target_version: 1.10.4
tags:pullup

Fix ribbon label hotkeys

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7311 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Fix menu text change breakage

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7310 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Help -- remove principal drop-down refs

Also a couple of minor fixups.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7309 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Disable import/export buttons and checkbox

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7308 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Update kfw installer OS version checks

Require XP SP3 or Vista SP2 or Windows 7 or Server 2003 or Server 2008

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7307 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Call CWinAppEx::InitInstance()

Without this, AfxGlobalsAddRef() is never called, so AfxGlobalsRelease()
does nothing, causing many leaks and a crash on exit in GdiplusShutdown()
on Vista.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7306 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Remove unused leashdll functions

-not_an_API_LeashKRB5GetTickets
-not_an_API_LeashKRB5FreeTickets
and supporting routines.  Also remove the unused support routine one_addr.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
[kaduk@mit.edu: adjust commit message]

ticket: 7305 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

'Destroy tickets on exit' destroys all tickets

Previously destroyed only default ccache and used obsolete functions.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7304 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Use cc_user_set_default_name to 'make default'

In addition to calling krb5_cc_switch(), use
krb5int_cc_user_set_default_name() in CLeashView::OnMakeDefault()
to set the default ccache for all processes for the current user.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7303 (new)
queue: kfw
subject: 'Make default' should apply to all processes of the user
target_version: 1.10.4
tags: pullup

Minor 'Get Tickets' dialog fixes

-Move 'Remember this principal' and keep visible even when 'advanced'
options are hidden.
-Increase size of 'Forwardable and Proxiable' checkbox.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7301 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Help updates for kfw 4.0

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
[kaduk@mit.edu: Squash commits, a couple of grammar fixes, and also turn
 a few instances of "Leash" into "MIT Kerberos".  Trim trailing whitespace
 and other whitespace tweaks to pass the commit hooks.]

ticket: 7300 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>

Reduce 'get tickets' dialog height

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7299 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Add 'Remember this principal' checkbox

Added to the 'Get Tickets' dialog.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7298 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Update kfw change password dialog

Use combined username/realm principal edit control.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7297 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

KfW rename lacFoo -> Leash_pec_

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7294 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

KfW make 64-bit MSI include 32-bit dlls

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7293 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Rename "Leash" to "MIT Kerberos"

In the executable name and many GUI elements.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7292 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

KfW GUI -- clean up 'About' dialog

By default, hide the debug list of loaded modules; change LeashView.cpp
and recompile to get the list.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7291 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

KfW update copyright date (2012) for all modules

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7290 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

KfW WiX installer update copyright notice

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7289 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Remove copyright/version from Get Tickets dialog

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7288 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

KfW GUI -- add 'Options' category

Move 'View' and 'Options' panels from Home to Options category.
Rename to 'View Options' and 'Ticket Options' respectively.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7287 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Use bold for entire row for default principal

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7286 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Rename 'Get Ticket' to 'MIT Kerberos: Get Ticket'

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7284
queue: kfw
target_version: 1.10.4
tags: pullup

KfW GUI -- abbreviate durations

Map days -> d; hours -> h; minutes -> m

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7285 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Change 'Get Ticket' to 'MIT Kerberos: Get Ticket'

Also improve string copy safety.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7284 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Rename and move 'Clear Principal History'

Move it closer to the Principal edit box and rename to 'Clear History'

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7283 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Merge forwardable/proxiable in Get Tickets dialog

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7282 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Update kfw ribbon button graphics

Integrate bmp's from ui team.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7281 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

KfW GUI -- show ticket flags

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7280 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

KfW GUI -- update expand/collapse icon rendering

Use DrawThemeBackground() to draw the icons from the explorer treeview.

ticket: 7279 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Fix leashdll code to search for existing tickets

When we have a desired principal, search the entire credential cache
collection for existing tickets for that principal before using a prompter.
If no principal is specified, check only the default cache.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7278 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Use file mapping to marshall message data

GlobalAlloc() is no longer supported for this purpose.
Also split out leash message marshalling code into a separate function
acquire_tkt_send_message_leash and improve string copy safety.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7276 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Set kfw GUI read-only princ flag when appropriate

When receiving a request to obtain tickets (from another process), if a
particular principal is requested, set the read-only flag to prevent
the user from changing the principal.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7275 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Add 'read-only principal' flag

Reserve the high-order 16 bits of dlgtype for flags.
Add DLGFLAG_READONLY_PRINC.  When specified, the get tickets dialog
does not allow the user to change the principal.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7274 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Send kfw 'obtain ticket' messages to main frame

Previous versions of kfw would attempt to send 'obtain tickets' messages
directly to the 'view' window by sending to the first child of the main
frame.  But with the ribbon UI, the ribbon toolbar is now the first child,
so that method no longer works.  Instead we now send the message to the
main frame and the main frame forwards to the active view.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7273 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Fix 'renewable' checkbox text

fix 'renwable' typo and pad size.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7272 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Fix ribbon breakage

Controls were accidentally broken when moved

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7271 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Add Forget Principals to Get Tickets dialog

And remove remnants of it from the "more" panel.

Clear the registry key that stores the principal list.
Also clear the autocomplete strings on the active control.

[kaduk@mit.edu: squashed commits and rewrote commit message.]

ticket: 7269 (new)
subject: forget principals functionality
queue: kfw
target_version: 1.10.4
tags: pullup

KfW GUI -- add 'More' Panel

'Import Tickets', 'Export Tickets', and 'Forget Principals' buttons.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7268 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Combine username and realm in get tickets dialog

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7266 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Fix NSIS uninstall to work with UAC

Use ShellExecuteEx() to elevate privilege if CreateProcess() fails.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7265 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

KfW auto-complete support

Use the registry to store and retrieve principals for auto-complete.
Remember principals from successful autentications.
TODO: combine realm/username in principal; 'remember principal' checkbox;
reset button; add to support 'change password' dialog as well.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
[kaduk@mit.edu: style cleanup, copyright/license on new file.]

ticket: 7264 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

C++ safety for leashdll.h

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7270 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Minor fixes for leashwin.h

-explicitly include krb5.h (for krb5_timestamp)
-add extern "C" scope for c++ compatibility

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7267 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Remove psapi.dll from installer

psapi.dll is a standard windows component; no need for kfw to redistribute.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7263 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

KfW GUI -- renew selected principals

The renew button should act on the current selection.
-auto-renew still only renews default ccache
-renew doesn't work for UAC-limited MSLSA

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7262 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Update ribbon tooltip text

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7261 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Add leak tracking support to Leash

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7260 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Add defines for debug builds in win-pre.in

define DEBUG and _CRTDBG_MAP_ALLOC except for NODEBUG builds

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7259 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Remove ID_ABOUT, add ID_IMPORT_TICKETS

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7258 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Fix tooltips for ribbon

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7257 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Tooltip text fixes

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7256 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Set fCachesTicket=TRUE when no credentials

It is not really clear this is correct, but neither was the
previous behavior.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7255 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Do not be over-restrictive in the presence of UAC

We used to explicitly check if a process was UAC-limited and deny all
access to the TGT in that case; however, this makes the MSLSA cache
effectively useless.
Do not try to outsmart UAC, and let it do its own checking -- this allows
UAC-limited access to the MSLSA ccache, which should mean read-write
access to service tickets, and write-only access to the TGT.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
[kaduk@mit.edu: delete instead of comment out, move comment.]

ticket: 7254 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

kfw support for multiple identities

We need a sense of what the default identity is, then, with a way
to set it and list it.
The memory management model changes some, as well.
Use a bold font to indicate the current default identity in the
GUI; while here use an italic font for expired credentials.

In the process, rip out some krb4 remenants, and remove ancient
code conditional on the lack of KRB5_TC_NOTICKET.

Define USE_MESSAGE_BOX when building leash and use MessageBox().

[kaduk@mit.edu: adjust for style, flesh out commit message.]

ticket: 7253 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

kfw get tickets dialog tweaks

"Options" button -> "Advanced Settings"
"Renew Till" -> "Renew Until"
"Kerberos 5 Options" -> "Flag this ticket as"

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7252 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

kfw remove status bar

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7251 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Only create toolbar when not using ribbon UI

When we do create the toolbar, dock it.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7250 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Use ListView; add ViewColumn abstraction

Punting FormView since we really only need ListCtrl and using
ListView makes the header column and window resizing work.
The ViewColumn abstraction eliminates some copy/paste code blocks.
HDN_ITEMCHANGED tracks user changes to column widths.
Remove CTreeCtrl-related code.
Also remove some unused code that was generating warnings.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7249 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

kfw implement ribbon UI

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7248 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

kfw "Initialize Ticket" -> "Get Ticket"

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7247 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

MSVC-generated updates to support ribbon UI

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
[kaduk@mit.edu: manually tweak to remove gratuitious churn]

ticket: 7246 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Update leash icon and button graphics

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
[kaduk@mit.edu: While here, remove now-unused doghead icons.]

ticket: 7245 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Prep for KfW conversion to ribbon toolbar

Upgrade classes: CWinApp->CWinAppEx, CFrameWnd->CFrameWndEx,
CStatusBar->CMFCStatusBar, CToolBar->CMFCToolBar.
Call AfxOleInit() from CLeashApp::InitInstance()
Do not call LoadBarState() (crashes)
or GetToolBarCtrl() (no longer exists)

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7244 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Fix portability, printf bugs in preauth_otp.c

unistd.h is not available on Windows and isn't needed for this file,
so don't include it.  Two arguments to asprintf in choose_token() were
reversed.

Doc newly introduced padata types for OTP support

Remove KRB5_PADATA_OTP_CONFIRM pre-authentication data (padata) type
as it is marked as OBSOLETE in RFC 6560.

Leash UI menu updates

Eliminate Action menu:
 -move Ticket manipulation to File menu
 -eliminate "Reset Window Size/Pos", "Synchronize Time", and "Update Display"

Update Options menu:
 -eliminate all the "Properties" items:
"Leash ", "Kerberos ", "Kerberos v4 ", "Kerberos v5 ", and "AFS"
TODO: move functionality to advanced install/registry keys.

Update View menu:
 -add "Time Issued", "Renewable Until", "Flags", "Encryption Type",
   and "Valid Until"
 -remove "Large Icons", "Toolbar", "Status Bar", and "Debug Window"

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7243 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

allow multiple Leash options; add -noribbon

Change option parsing to allow more than one option to be given.
Use the ribbon UI by default; -noribbon reverts to the old UI.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7241 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Target Windows Vista in leash/stdafx.h

Define WINVER and _WIN32_WINNT, to target Vista+ -- required for
ribbon ui.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7240 (new)
queue: kfw
subject: Support the Ribbon UI for Leash
target_version: 1.10.4
tags: pullup

Change kfw destroy ticket confirmation message

OKCANCEL -> YESNO
Add MB_ICONEXCLAMATION
Change text

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7239 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Load additional krb5 and come_err funcs

Required for multiple identity management and for migration of code from
leashdll to leash proper.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7238 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Fix leak in cci_os_ipc_thread_init()

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7237 (new)
subject: CCAPI cleanup and bugfixes
target_version: 1.10.4
tags: pullup

Remove unused struct and switch_to stubs

Only one mslsa ccache is supported, so switch_to is not needed.
Likewise, struct krb5int_lcc_iterator is unneccesary.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7236 (new)
target_version: 1.10.4
tags: pullup

Run "make depend"

Fix minor Makefile.in typos for make depend

Fix minor typos in lib/krb5/krb/Makefile.in and
tests/gssapi/Makefile.in so that "make depend" will work.

Fix version info for Leash.exe

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7235 (new)
queue: kfw
target_version: 1.10.4
tags: pullup

Add otp client preauth plugin

Implements the client side of RFC 6560. Not all features are
implemented, but it should work for the most common cases.

ticket: 7242 (new)

Add ASN.1 support for OTP

Add encoders and decoders for the OTP-TOKENINFO, PA-OTP-CHALLENGE,
PA-OTP-REQUEST, and PA-OTP-ENC-REQUEST types from RFC 6560.  For more
thorough testing, add support for generating test encodings using
asn1c for sample objects (currently only for the OTP types).

Clean up k5buf_to_gss helper

k5buf_to_gss was used in only one place (generic_gss_oid_to_str),
where we want to include the terminating null byte in the GSS buffer.
Remove that assumption from the helper, and instead explicitly append
the null byte to the buffer before translating.

Document preference order of enctypes in krb5.conf

Remove dead code in do_as_req.c

Commit r21692 removed the KRB5_KDB_NON_MS_PRINCIPAL flag.

Updated Supported Versions document

Fix apply_keysalt_policy bug

If apply_keysalt_policy is called with null result arguments (as from
kadm5_setkey_principal_3), we would dereference a null pointer if the
principal has no policy or no policy allowed_keysalts field, due to an
incorrect optimization.  Reported by Nico.

ticket: 7223

Cross-reference documents in mitK5defaults.rst

Edit rcache_def.rst for spelling and grammar

New Replay Cache rst documentation

Remove obsolete function krb5_secure_config_files

Silence a gcc warning in t_export_name

gcc warnings that nametype may be used uninitialized, presumably
failing to deduce that usage() never returns.  Initialize nametype to
make it build.

Add test coverage for gss_export_name

Exercise gss_export_name and importing of exported name tokens in
t_gssapi.py.

Use gssalloc in krb5_gss_export_name

krb5_gss_export_name uses malloc to construct a gss_buffer_desc value,
and should use gssalloc_malloc instead.

ticket: 7233