Permalink
Switch branches/tags
Nothing to show
Commits on Mar 28, 2008
  1. ticket: 5922

    version_fixed: 1.5.5
    
    Apply patch for MITKRB5-SA-2008-001.
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@20294 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Mar 28, 2008
  2. ticket: 5921

    version_fixed: 1.5.5
    
    pull up r20278 from trunk
    
     r20278@cathode-dark-space:  raeburn | 2008-03-18 14:55:26 -0400
     ticket: new
     subject: MITKRB5-SA-2008-002
     target_version: 1.6.4
     tags: pullup
     
     Fix MITKRB5-SA-2008-002: array overrun in libgssrpc.
     
     Don't update the internally-tracked maximum file descriptor value if
     the new one is FD_SETSIZE (or NOFILE) or above.  Reject TCP file
     descriptors of FD_SETSIZE (NOFILE) or above.
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@20293 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Mar 28, 2008
Commits on Mar 25, 2008
  1. ticket: new

    target_version: 1.5.5
    version_fixed: 1.5.5
    subject: (1.5.x) fix MITKRB5-SA-2007-006 modify_policy vulnerability [CVE-2007-4000]
    component: krb5-admin
    
    pull up r19914 from trunk
    
     r19914@cathode-dark-space:  tlyu | 2007-09-04 14:53:09 -0400
     ticket: new
     target_version: 1.6.3
     tags: pullup
     subject: fix CVE-2007-4000 modify_policy vulnerability
     
     In kadm5_modify_policy_internal, check for nonexistence of policy
     before doing anything with it, to avoid memory corruption.
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@20291 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Mar 25, 2008
  2. ticket: 5928

    version_fixed: 1.5.5
    
    pull up r19923 from trunk
    
     r19923@cathode-dark-space:  tlyu | 2007-09-05 15:53:33 -0400
     ticket: 5706
     
     Revise patch to avoid 32-byte overflow which remained after the
     initial patch.  Memory written to by the IXDR macro calls had not been
     accounted for.  Thanks to Kevin Coffman, Will Fiveash, and Nico
     Williams for discovering this bug and assisting with patch
     development.
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@20290 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Mar 25, 2008
  3. ticket: new

    target_version: 1.5.4
    tags: pullup
    subject: (1.5.x) fix MITKRB5-SA-2007-006 svc_auth_gss.c buffer overflow [CVE-2007-3999, CVE-2007-4743]
    component: krb5-libs
    
     r19913@cathode-dark-space:  tlyu | 2007-09-04 14:52:56 -0400
     ticket: new
     subject: fix CVE-2007-3999 svc_auth_gss.c buffer overflow
     target_version: 1.6.3
     tags: pullup
     component: krb5-libs
     
     Make sure svcauth_gss_validate adequately checks oa->oa_length prior
     to copying into rpcbuf.
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@20289 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Mar 25, 2008
Commits on Jul 7, 2007
  1. krb5-1.5.4-postrelease

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@19686 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Jul 7, 2007
  2. README and patchlevel.h for krb5-1.5.4

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@19684 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Jul 7, 2007
Commits on Jul 6, 2007
  1. ticket: new

    subject: (krb5-1.5.x) fix MITKRB5-SA-2007-005 [CVE-2007-2798/VU#554257]
    version_fixed: 1.5.4
    
    pull up r19637 for 1.5-branch
    
     r19637@cathode-dark-space:  tlyu | 2007-06-26 14:08:35 -0400
     ticket: new
     target_version: 1.6.2
     tags: pullup
     subject: fix MITKRB5-SA-2007-005 [CVE-2007-2798/VU#554257]
     
     Truncate the principal names when logging a rename operation to avoid
     a stack buffer overflow.
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@19683 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Jul 6, 2007
  2. ticket: new

    version_fixed: 1.5.4
    subject: (krb5-1.5.x) fix MITKRB5-SA-2007-004 [CVE-2007-2442/VU#356961, CVE-2007-2443/VU#365313]
    
    pull up r19636 for 1.5-branch
    
     r19636@cathode-dark-space:  tlyu | 2007-06-26 14:08:20 -0400
     ticket: new
     target_version: 1.6.2
     tags: pullup
     subject: fix MITKRB5-SA-2007-004 [CVE-2007-2442/VU#356961, CVE-2007-2443/VU#365313]
     
     CVE-2007-2442/VU#356961: The RPC library can free an uninitialized
     pointer.  This may lead to execution of arbitrary code.
     
     CVE-2007-2443/VU#365313: The RPC library can write past the end of a
     stack buffer.  This may (but is unlikely to) lead to execution of
     arbitrary code.
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@19682 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Jul 6, 2007
Commits on Apr 17, 2007
  1. krb5-1.5.3-postrelease

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@19480 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Apr 17, 2007
  2. Update README, patchlevel, and copyrights for krb5-1.5.3

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@19478 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Apr 17, 2007
Commits on Apr 14, 2007
  1. Update team members list. Add iDefense acknowledgment.

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@19470 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Apr 14, 2007
Commits on Apr 11, 2007
  1. ticket: new

    subject: (krb5-1.5.x) fix MITKRB5-SA-2007-003
    tags: pullup
    target_version: 1.5.3
    version_fixed: 1.5.3
    
    pull up r19171 from trunk
    
     r19171@cathode-dark-space:  raeburn | 2007-02-23 19:56:23 -0500
     ticket: 5445
     status: open
     
     If a reflection is detected, zap the message buffer pointer output
     argument as well as actually freeing the buffer.  (Found while using
     the gsstest option to exercise error conditions.)
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@19422 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Apr 11, 2007
Commits on Apr 6, 2007
  1. ticket: 5513

    version_fixed: 1.5.3
    
    pull up r19395 from trunk
    
     r19395@cathode-dark-space:  tlyu | 2007-04-03 15:23:52 -0400
     ticket: new
     subject: MITKRB5-SA-2007-002: buffer overflow in krb5_klog_syslog
     target_version: 1.6.1
     tags: pullup
     
     Fix MITKRB5-SA-2007-002: buffer overflow in krb5_klog_syslog.
     
     	* src/lib/krb5/krb/get_in_tkt.c (krb5_klog_syslog): Use vsnprintf
     	if available.
     
     Everything else: use precision fields on "%s" specifiers to truncate
     logged strings, in case someone doesn't have vsnprintf.
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@19404 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Apr 6, 2007
  2. ticket: 5512

    version_fixed: 1.5.3
    
    pull up r19396 from trunk
    
     r19396@cathode-dark-space:  tlyu | 2007-04-03 17:27:25 -0400
     ticket: new
     subject: MITKRB5-SA-2007-001: telnetd allows login as arbitrary user
     tags: pullup
     target_version: 1.6.1
     
     Fix MITKRB5-SA-2007-001:
     
     	* src/appl/telnet/telnetd/sys_term.c (start_login): Add "--"
     	argument preceding username, in addition to the original patch.
     	Explicitly check for leading hyphen in username.
     
     	* src/appl/telnet/telnetd/state.c (envvarok): Check for leading
     	hyphen in environment variables.  On advice from Shawn Emery, not
     	using strchr() as in the original patch.
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@19403 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Apr 6, 2007
Commits on Jan 11, 2007
  1. krb5-1.5.2-postrelease

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@19055 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Jan 11, 2007
Commits on Jan 10, 2007
  1. README and patchlevel.h for krb5-1.5.2

    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@19051 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Jan 10, 2007
  2. ticket: new

    target_version: 1.5.2
    version_fixed: 1.5.2
    tags: pullup
    subject: fix MITKRB5-SA-2006-003 for 1.5-branch
    component: krb5-libs
    
    pull up r19043 from trunk
    
     r19043@cathode-dark-space:  tlyu | 2007-01-09 14:45:25 -0500
     ticket: new
     target_version: 1.6
     tags: pullup
     subject: MITKRB5-SA-2006-003: mechglue argument handling too lax
     component: krb5-libs
     
     Fix mechglue argument checks so that output pointers are always
     initialized regardless of whether the other arguments fail to validate
     for some reason.  This avoids freeing of uninitialized pointers.
     
     Initialize the gss_buffer_descs in ovsec_kadmd.c.
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@19050 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Jan 10, 2007
  3. ticket: new

    tags: pullup
    target_version: 1.5.2
    version_fixed: 1.5.2
    subject: fix MITKRB5-SA-2006-002 for 1.5-branch
    component: krb5-libs
    
    pull up r19042 from trunk
    
     r19042@cathode-dark-space:  tlyu | 2007-01-09 14:45:10 -0500
     ticket: new
     target_version: 1.6
     tags: pullup
     subject: MITKRB5-SA-2006-002: svctcp_destroy() can call uninitialized function pointer
     component: krb5-libs
     
     Explicitly null out xprt->xp_auth when AUTH_GSSAPI is being used, so
     that svctcp_destroy() will not call through an uninitialized function
     pointer after code in svc_auth_gssapi.c has destroyed expired state
     structures.  We can't unconditionally null it because the RPCSEC_GSS
     implementation needs it to retrieve state.
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@19049 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Jan 10, 2007
Commits on Nov 17, 2006
  1. ticker: 4803

    pull up r18841 from trunk
    
     r18841@cathode-dark-space:  jaltman | 2006-11-17 18:24:59 -0500
     ticket: new
     subject: one more commit for kfw 3.1 beta 4
     tags: pullup
     
       - when the krb5 prompter callback function is called,
         set the focus to the first input field provided by
         the caller.
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@18848 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Nov 17, 2006
  2. ticket: 4802

    pull up r18842 from trunk
    
     r18842@cathode-dark-space:  jaltman | 2006-11-17 18:41:40 -0500
     ticket: 4802
     
         krb5_get_init_creds_password:
     
     	remove unintentionally committed code not meant for 1.4 branch
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@18847 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Nov 17, 2006
  3. ticket: 4802

    pull up r18840 from trunk
    
     r18840@cathode-dark-space:  jaltman | 2006-11-17 18:14:27 -0500
     ticket: new
     tags: pullup
     subject: reset use_master flag when master_kdc cannot be found 
     
        krb5_get_init_creds_password:
     
     	if the master_kdc cannot be identified reset the use_master
        	flag.  otherwise, the krb5_get_init_creds("kadmin/changepw")
     	call will attempt to communicate with the master_kdc that
     	cannot be reached.
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@18846 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Nov 17, 2006
  4. ticket: 4798

    pull up r18828 from trunk
    
     r18828@cathode-dark-space:  jaltman | 2006-11-17 12:23:24 -0500
     ticket: new
     subject: commits for KFW 3.1 Beta 4
     tags: pullup
     
          KfW 3.1 beta 4 (NetIDMgr 1.1.6.0)
          
          nidmgr32.dll (1.1.6.0)
          
          - Fix a race condition where the initialization process might be
            flagged as complete even if the identity provider hasn't finished
            initialization yet.
          
          krb5cred.dll (1.1.6.0)
          
          - When assigning the default credentials cache for each identity,
            favor API and FILE caches over MSLSA if they exist.
          
          - When renewing an identity which was the result of importing
            credentials from the MSLSA cache, attempt to re-import the
            credentials from MSLSA instead of renewing the imported credentials.
          
          - Prevent possible crash if a Kerberos 5 context could not be obtained
            during the renewal operation.
          
          - Prevent memory leak in the credentials destroy handler due to the
            failure to free a Kerberos 5 context.
          
          - Properly match principals and realms when importing credentials from
            the MSLSA cache.
          
          - Determine the correct credentials cache to place imported
            credentials in by checking the configuration for preferred cache
            name.
          
          - Keep track of identities where credentials imports have occurred.
          
          - When setting the default identity, ignore the KRB5CCNAME environment
            variable.
          
          - Do not re-compute the credentials cache and timestamps when updating
            an identity.  The cache and timestamp information is computed when
            listing credentials and do not change between listing and identity
            update.
          
          - When refreshing the default identity, also handle the case where the
            default credentials cache does not contain a principal, but the name
            of the cache can be used to infer the principal name.
          
          - Invoke a listing of credentials after a successful import.
          
          - Do not free a Kerberos 5 context prematurely during plug-in
            initialization.
          
          netidmgr.exe (1.1.6.0)
          
          - Fix the UI context logic to handle layouts which aren't based around
            identities.
          
          - Don't try to show a property sheet when there are no property pages
            supplied for the corresponding UI context.
          
          - Use consistent context menus.
          
          - Bring a modal dialog box to the foreground when it should be active.
          
          - Do not accept action triggers when the application is not ready to
            process actions yet.
          
          - Do not force the new credentials dialog to the top if there's
            already a modal dialog box showing.
          
          - Change the default per-identity layout to also group by location.
          
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@18834 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Nov 17, 2006
Commits on Nov 9, 2006
  1. ticket: 4675

    pull up r18781 from trnk
    
     r18781@cathode-dark-space:  jaltman | 2006-11-08 18:59:58 -0500
     ticket: new
     tags: pullup
     subject: commit for KFW 3.1 beta 3 (part two)
     
     	remove prototype for removed function
     
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@18786 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Nov 9, 2006
Commits on Nov 8, 2006
  1. ticket: 4667

    pull up r18767 from trunk
    
     r18767@cathode-dark-space:  jaltman | 2006-11-08 04:58:49 -0500
     ticket:new
     tags: pullup
     subject: commits for KFW 3.1 Beta 3
     
          KfW 3.1 beta 3 (NetIDMgr 1.1.4.0)
          
          source for 1.1.4.0
          
          - Eliminate unused commented out code.
          
          nidmgr32.dll (1.1.4.0)
          
          - The configuration provider was incorrectly handling the case where a
            configuration value also specifies a configuration path, resulting
            in the configuration value not being found.  Fixed.
          
          - Fix a race condition when refreshing identities where removing an
            identity during a refresh cycle may a crash.
          
          - Fix a bug which would cause an assertion to fail if an item was
            removed from one of the system defined menus.
          
          - When creating an indirect UI context, khui_context_create() will
            correctly fill up a credential set using the selected credentials.
          
          krb5cred.dll (1.1.4.0)
          
          - Fix a race condition during new credentials acquisition which may
            cause the Krb5 plug-in to abandon a call to
            krb5_get_init_creds_password() and make another call unnecessarily.
          
          - If krb5_get_init_creds_password() KRB5KDC_ERR_KEY_EXP, the new
            credentials dialog will automatically prompt for a password change
            instead of notifying the user that the password needs to be changed.
          
          - When handling WMNC_DIALOG_PREPROCESS messages, the plug-in thread
            would only be notified of any changes to option if the user
            confirmed the new credentials operation instead of cancelling it.
          
          - Additional debug output for the DEBUG build.
          
          - Reset the sync flag when reloading new credentials options for an
            identity.  Earlier, the flag was not being reset, which can result
            in the new credentials dialog not obtaining credentials using the
            new options.
          
          - Handle the case where the new credentials dialog maybe closed during
            the plug-in thread is processing a request.
          
          - Fix a condition which would cause the Krb5 plug-in to clear the
            custom prompts even if Krb5 was not the identity provider.
          
          - Once a password is changed, use the new password to obtain new
            credentials for the identity.
          
          netidmgr.exe (1.1.4.0)
          
          - Fix a redraw issue which left areas of the credentials window
            unupdated if another window was dragged across it.
          
          - Handle WM_PRINTCLIENT messages so that the NetIDMgr window will
            support window animation and other features that require a valid
            WM_PRINTCLIENT handler.
          
          - During window repaints, NetIDMgr will no longer invoke the default
            window procedure.
          
          - Add support for properly activating and bringing the NetIDMgr window
            to the foreground when necessary.  If the window cannot be brought
            to the foreground, it will flash the window to notify the user that
            she needs to manually activate the NetIDMgr window.
          
          - When a new credentials dialog is launched as a result of an external
            application requesting credentials, if the NetIDMgr application is
            not minimized, it will be brought to the foreground before the new
            credentials dialog is brought to the foreground.  Earlier, the new
            credentials dialog may remain hidden behind other windows in some
            circumstances.
          
          - When displaying custom prompts for the new credentials dialog, align
            the input controls on the right.
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@18771 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Nov 8, 2006
  2. ticket: 4639

    version_fixed: 1.5.2
    
    pull up r18764 from trunk
    
     r18764@cathode-dark-space:  jaltman | 2006-11-06 16:55:13 -0500
     ticket: new
     tags: pullup
     subject: krb5_get_init_creds_password does not consistently prompt for password changing
     
      	krb5_get_init_creds_password() previously did not consistently
     	handle KRB5KDC_ERR_KEY_EXP errors.  If there is a "master_kdc" 
      	entry for the realm and the KDC is reachable, then the function 
     	will prompt the user for a password change.  Otherwise, it will
     	return the error code to the caller.  If the caller is a ticket 
     	manager, it will prompt the user for a password change with a
     	dialog that is different from the one generated by the prompter
     	function passed to krb5_get_init_creds_password.
     
     	With this change krb5_get_init_creds_password() will always 
     	prompt the user if it would return KRB5KDC_ERR_KEY_EXP unless
     	the function is compiled with USE_LOGIN_LIBRARY.  (KFM)
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@18770 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Nov 8, 2006
Commits on Oct 26, 2006
  1. ticket: 4500

    version_fixed: 1.5.2
    
    pull up r18669 from trunk
    
     r18669@cathode-dark-space:  rra | 2006-10-07 23:22:48 -0400
     Ticket: new
     Subject: Initialize buffer before calling res_ninit
     Component: krb5-libs
     Version_Reported: 1.5.1
     Target_Version: 1.5.2
     Tags: pullup
     
     Per Paul Vixie: It is necessary to zero out the statbuf before calling
     res_ninit(), or else res_vinit() will call res_nclose() and res_ndestroy()
     with stack trash as a statbuf, and they will call free() with stack trash,
     and programs will dump core.
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@18742 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Oct 26, 2006
  2. ticket: 4499

    version_fixed: 1.5.2
    
    pull up r18441 from trunk
    
     r18441@cathode-dark-space:  rra | 2006-08-15 18:27:17 -0400
     Ticket: new
     Subject: Document prerequisites for make check
     Component: krb5-doc
     Tags: pullup
     Version_Reported: 1.5
     Target_Version: 1.5.1
     
     Document the prerequisites for running make check, since some of them are
     a bit surprising.
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@18741 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Oct 26, 2006
  3. ticket: 4368

    version_fixed: 1.5.2
    
    pull up r18635 from trunk
    
     r18635@cathode-dark-space:  epeisach | 2006-10-01 08:05:20 -0400
     ticket: new
     subject: kdc: make_toolong_error does not initialize all fields for krb5_mk_error
     tags: pullup
     
     network.c: make_too_long_error() fails to set the ctime and cusec elements of
     the krb5_error structure. Valgrind detects errors in the asn.1 encoding
     handlers in reading an unitialized value. Initialize to 0.
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@18740 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Oct 26, 2006
  4. ticket: 43355

    version_fixed: 1.5.2
    
    pull up r18691 from trunk
    
     r18691@cathode-dark-space:  raeburn | 2006-10-11 23:47:05 -0400
     ticket: 4355
     tags: pullup
     target_version: 1.5.2
     
     Add a policy to the database, then after the dump and restore, check
     that it's still there.
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@18739 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Oct 26, 2006
  5. ticket: 4354

    version_fixed: 1.5.2
    
    pull up r18692 from trunk
    
     r18692@cathode-dark-space:  raeburn | 2006-10-11 23:50:15 -0400
     ticket: 4354
     version_reported: 1.5
     tags: pullup
     
     (krb5_db2_db_init): When creating a temporary database, use the suffix
     "~.kadm5" for the policy database filename.
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@18738 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Oct 26, 2006
  6. ticket: 3965

    version_fixed: 1.5.2
    
    pull up r18444 from trunk
    
     r18444@cathode-dark-space:  rra | 2006-08-15 18:49:57 -0400
     Ticket: 3965
     Component: krb5-build
     Version_Reported: 1.5
     Tags: pullup
     Target_Version: 1.5.1
     
     Set datarootdir in each Makefile to make Autoconf 2.60 happier.
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@18737 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Oct 26, 2006
Commits on Oct 11, 2006
  1. ticket: 4407

    version_fixed: 1.5.2
    
    pull up r18670 from trunk
    
     r18670@cathode-dark-space:  jaltman | 2006-10-09 14:08:10 -0400
     ticket: new
     subject: final commits for KFW 3.1 Beta 2
     tags: pullup
     
       krb5cred.dll (1.1.2.0)
       
       - Fix the control logic so that if the password is expired for an
         identity, the krb5 credentials provider will initiate a change
         password request.  Once the password is successfully changed, the
         new password will be used to obtain new credentials.
       
       - Fix an incorrect condition which caused the new credentials dialog
         to refresh custom prompts unnecessarily.
       
       - Removing an identity from the list of NetIDMgr identities now causes
         the corresponding principal to be removed from the LRU principals
         list.
       
       - Properly handle KMSG_CRED_PROCESS message when the user is
         cancelling out.
       
       - Add more debug output
       
       - Do not renew Kerberos tickets which are not initial tickets.
       
       - Fix whitespace in source code.
       
       - When providing identity selection controls, disable the realm
         selector when the user specifies the realm in the username control.
       
       - k5_ident_valiate_name() will refuse principal names with empty or
         unspecified realms.
       
       - When updating identity properties, the identity provider will
         correctly set the properties for identities that were destroyed.
         This fixes a problem where the values may be incorrect if an
         identity has two or more credential caches and one of them is
         destroyed.
       
       nidmgr32.dll (1.1.2.0)
       
       - Send out a separate notification if the configuration information
         associated with an identity is removed.
       
       - If an identity is being removed from the NetIDMgr identity list in
         the configuration panel, do not send out APPLY notifications to the
         subpanels after the configuration information has been removed.
         Otherwise this causes the configuration information to be reinstated
         and prevent the identity from being removed.
       
       - Properly initialize the new credentials blob including the UI
         context structure.
       
       netidmgr.exe (1.1.2.0)
       
       - When suppressing error messages, make sure that the final
         KMSG_CRED_END notification is sent.  Otherwise the new credentials
         acquisition operation will not be cleaned up.
       
       - Autoinit option now checks to see if there are identity credentials
         for the default identity and triggers the new credentials dialog if
         there aren't any.
       
       - Properly synchronize the configuration node list when applying
         changes (e.g.: when removing or adding an identity).
       
       - Fix a handle leak when removing an identity from the NetIDMgr
         identity list.
       
       - Refresh the properties for the active identities before calculating
         the renewal and expiration timers.  Otherwise the timestamps being
         used might be incorrect.
       
       - Add Identity dialog (in the configuration panel) now uses the
         identity selection controls provided by the identity provider.
       
       - Improve type safety when handling timer refreshes.
       
       - When getting the expiration times and issue times for an identity,
         the timer refresh code may fail over to the expiration and issue
         times for the credential it is currently looking at.  Now the code
         makes sure that both the issue and expiration times come from the
         identity or the credential but not mixed.
       
       - Not being able to get the time of issue of a credential now does not
         result in the credential being skipped from the timer refresh pass.
         However, not having a time of issue will result in the half-life
         algorithm not being applied for the renew timer.
       
       - Fix a bug which caused a credential to be abandoned from the timer
         refresh pass if the reamining lifetime of the credential is less
         than the renewal threshold.
       
       - Fix a bug where the vertical scroll bars for the hypertext window
         would not appear when the contents of the window changed.
       
       - Trigger a refresh of the configuration nodes when adding or removing
         an identity.
       
       source for (1.1.2.0)
       
       - Explicitly include <prsht.h> so that the SDK can be used in build
         environments that define WIN32_LEAN_AND_MEAN.
       
       
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@18681 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Oct 11, 2006
Commits on Sep 25, 2006
  1. ticket: 4237

    version_fixed: 1.5.2
    
    pull up r18561 from trunk
    
     r18561@cathode-dark-space:  jaltman | 2006-09-05 14:47:29 -0400
     ticket: new
     subject: windows ccache and keytab file paths without a prefix 
     
     	ktbase.c, ccbase.c:  When a file path is specified without
             	the prefix we must infer the use of the "FILE" prefix.
      		However, we were setting the prefix including the colon
        		separator when the separator should have been ignored.
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@18623 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Sep 25, 2006
  2. ticket: 4312

    pull up r18609 from trunk
    
     r18609@cathode-dark-space:  jaltman | 2006-09-24 10:30:29 -0400
     ticket: 4312
     
     	Implement renew credential functionality which was inadvertently
     	left out.
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-5@18620 dc483132-0cff-0310-8789-dd5450dbe970
    tlyu committed Sep 25, 2006