Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
branch: tags/kfw-3_1_0…
Commits on Oct 11, 2006
  1. tag kfw-3_1_0-beta2

    tlyu authored
    git-svn-id: svn://anonsvn.mit.edu/krb5/tags/kfw-3_1_0-beta2@18686 dc483132-0cff-0310-8789-dd5450dbe970
  2. patchlevel for kfw-3.1-beta2

    tlyu authored
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18685 dc483132-0cff-0310-8789-dd5450dbe970
  3. ticket: 4407

    tlyu authored
    fix mis-merge
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18684 dc483132-0cff-0310-8789-dd5450dbe970
  4. ticket: 4407

    tlyu authored
    fix mis-merge
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18683 dc483132-0cff-0310-8789-dd5450dbe970
  5. ticket: 4407

    tlyu authored
    pull up r18670 from trunk
    
     r18670@cathode-dark-space:  jaltman | 2006-10-09 14:08:10 -0400
     ticket: new
     subject: final commits for KFW 3.1 Beta 2
     tags: pullup
     
       krb5cred.dll (1.1.2.0)
       
       - Fix the control logic so that if the password is expired for an
         identity, the krb5 credentials provider will initiate a change
         password request.  Once the password is successfully changed, the
         new password will be used to obtain new credentials.
       
       - Fix an incorrect condition which caused the new credentials dialog
         to refresh custom prompts unnecessarily.
       
       - Removing an identity from the list of NetIDMgr identities now causes
         the corresponding principal to be removed from the LRU principals
         list.
       
       - Properly handle KMSG_CRED_PROCESS message when the user is
         cancelling out.
       
       - Add more debug output
       
       - Do not renew Kerberos tickets which are not initial tickets.
       
       - Fix whitespace in source code.
       
       - When providing identity selection controls, disable the realm
         selector when the user specifies the realm in the username control.
       
       - k5_ident_valiate_name() will refuse principal names with empty or
         unspecified realms.
       
       - When updating identity properties, the identity provider will
         correctly set the properties for identities that were destroyed.
         This fixes a problem where the values may be incorrect if an
         identity has two or more credential caches and one of them is
         destroyed.
       
       nidmgr32.dll (1.1.2.0)
       
       - Send out a separate notification if the configuration information
         associated with an identity is removed.
       
       - If an identity is being removed from the NetIDMgr identity list in
         the configuration panel, do not send out APPLY notifications to the
         subpanels after the configuration information has been removed.
         Otherwise this causes the configuration information to be reinstated
         and prevent the identity from being removed.
       
       - Properly initialize the new credentials blob including the UI
         context structure.
       
       netidmgr.exe (1.1.2.0)
       
       - When suppressing error messages, make sure that the final
         KMSG_CRED_END notification is sent.  Otherwise the new credentials
         acquisition operation will not be cleaned up.
       
       - Autoinit option now checks to see if there are identity credentials
         for the default identity and triggers the new credentials dialog if
         there aren't any.
       
       - Properly synchronize the configuration node list when applying
         changes (e.g.: when removing or adding an identity).
       
       - Fix a handle leak when removing an identity from the NetIDMgr
         identity list.
       
       - Refresh the properties for the active identities before calculating
         the renewal and expiration timers.  Otherwise the timestamps being
         used might be incorrect.
       
       - Add Identity dialog (in the configuration panel) now uses the
         identity selection controls provided by the identity provider.
       
       - Improve type safety when handling timer refreshes.
       
       - When getting the expiration times and issue times for an identity,
         the timer refresh code may fail over to the expiration and issue
         times for the credential it is currently looking at.  Now the code
         makes sure that both the issue and expiration times come from the
         identity or the credential but not mixed.
       
       - Not being able to get the time of issue of a credential now does not
         result in the credential being skipped from the timer refresh pass.
         However, not having a time of issue will result in the half-life
         algorithm not being applied for the renew timer.
       
       - Fix a bug which caused a credential to be abandoned from the timer
         refresh pass if the reamining lifetime of the credential is less
         than the renewal threshold.
       
       - Fix a bug where the vertical scroll bars for the hypertext window
         would not appear when the contents of the window changed.
       
       - Trigger a refresh of the configuration nodes when adding or removing
         an identity.
       
       source for (1.1.2.0)
       
       - Explicitly include <prsht.h> so that the SDK can be used in build
         environments that define WIN32_LEAN_AND_MEAN.
       
       
     
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18682 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Sep 25, 2006
  1. ticket: 4237

    tlyu authored
    pull up r18561 from trunk
    
     r18561@cathode-dark-space:  jaltman | 2006-09-05 14:47:29 -0400
     ticket: new
     subject: windows ccache and keytab file paths without a prefix 
     
     	ktbase.c, ccbase.c:  When a file path is specified without
             	the prefix we must infer the use of the "FILE" prefix.
      		However, we were setting the prefix including the colon
        		separator when the separator should have been ignored.
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18624 dc483132-0cff-0310-8789-dd5450dbe970
  2. ticket: 41312

    tlyu authored
    pull up r18609 from trunk
    
     r18609@cathode-dark-space:  jaltman | 2006-09-24 10:30:29 -0400
     ticket: 4312
     
     	Implement renew credential functionality which was inadvertently
     	left out.
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18622 dc483132-0cff-0310-8789-dd5450dbe970
  3. ticket: 4312

    tlyu authored
    pull up r18604 from trunk
    
     r18604@cathode-dark-space:  jaltman | 2006-09-21 17:49:41 -0400
     ticket: new
     subject: KFW 3.1 Beta 2 NetIDMgr Changes
     component: windows
     tags: pullup
     
              source for (1.1.0.1)
              
              - Updated documentation with additional information and fixed errors.
              
              nidmgr32.dll (1.1.0.1)
              
              - Fixed a deadlock in the configuration provider that may cause
                NetIDMgr to deadlock on load.
              
              - Prevent the configuration provider handle list from getting
                corrupted in the event of a plug-in freeing a handle twice.
              
              - Add more parameter validation for the configuration provider.
              
              - If a plug-in is only partially registered (only some of the entries
                were set in the registry), the completion of the registration didn't
                complete successfully, leaving the plug-in in an unusable state.
                This has been fixed.  Plug-ins will now successfully complete
                registration once they are loaded for the first time, assuming the
                correct resources are present in the module.
              
              - Fixed notifications for setting a default identity.  Notifications
                were not being properly sent out resulting in the credentials window
                not being updated when the default identity changed.
              
              - Changes to the API for type safety.
              
              - Handling of binary data fields was changed to support validation and
                comparison.
              
              - Data types that do not support KCDB_CBSIZE_AUTO now check for and
                report an error if it is specified.
              
              - Password fields in the new credentials dialog will trim leading and
                trailing whitespace before using a user-entered value.
              
              - Change password action will no longer be disabled if no identity is
                selected.  An identity selection control is present in the dialog
                making this restriction unnecessary.
              
              - When renewing credentials, error messages will be suppressed if the
                renewal was for an identity and the identity does not have any
                identity credentials associated with it.
              
              - Error messages that are related to credentials acquisition or
                password changes will now display the name of the identity that the
                error applies to.
              
              - Automatic renewals now renews all identities that have credentials
                associated with them instead of just the default identity.
              
              - Fixed a bug where error messages did not have a default button which
                can be invoked with the return key or the space bar.
              
              - The new credentials window will force itself to the top.  This can
                be disabled via a registry setting, but is on by default.
              
              - Fixed the sort order in the new credentials tabs to respect sort
                hints provided by plug-ins.
              
              - If a new credentials operation fails, the password fields will be
                cleared.
              
              - Once a new credentials operation starts, the controls for specifying
                the identity and password and any other custom prompts will be
                disabled until the operation completes.
              
              - Notifications during the new credentials operation now supply a
                handle to the proper data structures as documented.
              
              - Hyperlinks in the new credentials dialog now support markup that
                will prevent the dialog from switching to the credentials type panel
                when the link is activated.
              
              - If there are too many buttons added by plug-ins in the new
                credentials dialog, they will be resized to accomodate all of them.
              
              - The options button in the new credentials dialog will be disabled
                while a new credentials operation is in progress.
              
              - The 'about' dialog retains the original copyright strings included
                in the resource.
              
              - Multiple modal dialogs are now supported.  Only the topmost one will
                be active.  Once it is closed, the other dialogs will gain focus in
                turn.  This allows for error messages to be displayed from other
                modal dialogs.
              
              - The hypertext window supports italics.
              
              krb4cred.dll (1.1.0.1)
              
              - Fixed a bug where the plug-in would attempt to free a handle twice.
              
              - Fixed a handle leak.
              
              - Changed the facility name used for event reporting to match the
                credentials type name.
              
              krb5cred.dll (1.1.0.1)
              
              - Fixed handling of expired passwords.  If the password for an
                identity is found to have expired at the time a new credentials
                acquisition is in progress, the user will be given an opportunity to
                change the password.  If this is successful, the new credentials
                operation will continue with the new password.
              
              - Prevent the new credentials dialog from switching to the Kerberos 5
                credentials panel during a password change.
              
              - Prompts that were cached indefinitely will now have a limited
                lifetime.  Prompt caches that were created using prior versions of
                the plug-in will automatically expire.
              
              - Multistrings in the resource files were converted to CSV to protect
                them against a bug in Visual Studio 2005 which corrupted
                multistrings.
              
              - Added handling of and reporting WinSock errors that are returned
                from the Kerberos 5 libraries.
              
              - Fixed uninitialized variables.
              
              - The username and realm that is entered when selecting an identity
                will be trimmed of leading and trailing whitespace.
              
              - Changed the facility name used for event reporting to match the
                credentials type name.
              
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18621 dc483132-0cff-0310-8789-dd5450dbe970
  4. ticket: 4310

    tlyu authored
    pull up r18603 from trunk
    
     r18603@cathode-dark-space:  jaltman | 2006-09-21 12:18:26 -0400
     ticket: new
     subject: NSIS installer - update for Win2K NetIDMgr
     tags: pullup
     
     	Install the Win2K specific binaries for NetIDMgr on Win2K
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18618 dc483132-0cff-0310-8789-dd5450dbe970
  5. ticket: 4309

    tlyu authored
    pull up r18602 from trunk
    
     r18602@cathode-dark-space:  jaltman | 2006-09-21 11:54:05 -0400
     ticket: 4309
     
     	oops, make sure we install from the correct source file
     	on Windows 2000
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18615 dc483132-0cff-0310-8789-dd5450dbe970
  6. ticket: 4309

    tlyu authored
    pull up r18601 from trunk
    
     r18601@cathode-dark-space:  jaltman | 2006-09-21 10:58:40 -0400
     ticket: new
     subject: wix installer - win2k compatibility for netidmgr
     tags: pullup
     
     	Install the special win2k version of nidmgr32.dll 
       	on Windows 2000 systems.  
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18614 dc483132-0cff-0310-8789-dd5450dbe970
  7. ticket: 4305

    tlyu authored
    pull up r18600 from trunk
    
     r18600@cathode-dark-space:  jaltman | 2006-09-20 22:43:12 -0400
     ticket: new
     subject: windows thread support frees thread local storage after TlsSetValue
     tags: pullup
     
      	threads.c: The return value of TlsSetValue is non-zero on 
                        success.  As a result of misinterpreting the 
                        return value, the memory set in TLS is then freed.
     		   A subsequent call to TlsGetValue returns the 
     		   invalid pointer.
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18611 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Aug 24, 2006
  1. krb5-1.4.4-postrelease

    tlyu authored
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18532 dc483132-0cff-0310-8789-dd5450dbe970
  2. krb5-1.4.4

    tlyu authored
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18530 dc483132-0cff-0310-8789-dd5450dbe970
  3. update for krb5-1.4.4

    tlyu authored
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18529 dc483132-0cff-0310-8789-dd5450dbe970
  4. bump

    tlyu authored
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18528 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Aug 23, 2006
  1. ticket: 4172

    tlyu authored
    version_fixed: 1.4.4
    
    pull up r18498 from trunk
    
     r18498@cathode-dark-space:  jaltman | 2006-08-22 22:28:05 -0400
     ticket: 4172
     
     	* install NetIDMgr plug-in sample as part of SDK
     	* install netidmgr.exe (win2000 version)
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18505 dc483132-0cff-0310-8789-dd5450dbe970
  2. ticket: 4172

    tlyu authored
    version_fixed: 1.4.4
    
    pull up r18497 from trunk
    
     r18497@cathode-dark-space:  jaltman | 2006-08-22 22:18:00 -0400
     ticket: 4172
     
     	* newcredwnd.c - erase the password field on error
               during new credential acquisition
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18504 dc483132-0cff-0310-8789-dd5450dbe970
  3. ticket: 4172

    tlyu authored
    version_fixed: 1.4.4
    
    pull up r18496 from trunk
    
     r18496@cathode-dark-space:  jaltman | 2006-08-22 22:17:12 -0400
     ticket: 4172
     
     	* Fix auto-registration of plug-in modules 
       	  if there is no plug-in list specified
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18503 dc483132-0cff-0310-8789-dd5450dbe970
  4. ticket: 4172

    tlyu authored
    version_fixe: 1.4.4
    
    pull up r18495 from trunk
    
     r18495@cathode-dark-space:  jaltman | 2006-08-22 22:15:52 -0400
     ticket: 4172
     
     	* Makefile - do not etag the Win2000 version of 
               the NetIDMgr.exe
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18502 dc483132-0cff-0310-8789-dd5450dbe970
  5. ticket: 4172

    tlyu authored
    version_fixed: 1.4.4
    
    pull up r18494 from trunk
    
     r18494@cathode-dark-space:  jaltman | 2006-08-22 18:12:15 -0400
     ticket: new
     subject: improvements to netidmgr dialogs
     
       	* ensure that buttons are disabled while
               actions are in process
     
       	* allow plug-ins to specify italic text
     
       	* fix some documentation
     
     	* reformat langres.rc 
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18501 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Aug 22, 2006
  1. ticket: 4168

    tlyu authored
    pull up r18475 from trunk
    
     r18475@cathode-dark-space:  tlyu | 2006-08-21 16:31:51 -0400
     ticket: new
     subject: clean up mkrel patchlevel.h editing etc.
     tags: pullup
     target_version: 1.5.1
     
     	* src/util/mkrel: Be more careful editing KRB5_RELDATE.  Delete
     	'$ac_config_fragdir' autoconf droppings.
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18493 dc483132-0cff-0310-8789-dd5450dbe970
  2. ticket: 4147

    tlyu authored
    version_fixed: 1.4.4
    
    pull up r18464 from trunk
    
     r18464@cathode-dark-space:  jaltman | 2006-08-16 21:21:00 -0400
     ticket: new
     subject: NetIDMgr Credential Provider Sample Code and Documentation
     tags: pullup
     
        This commit provides a template for a Network Identity Manager
        Credential Provider.  It doesn't provide any real functionality
        but it does provide all of the functions that need to be specified
        and filled in as part of the process of producing a NetIdMgr plug-in.
     
        This code should be pulled up to 1.4.x for inclusion in the KFW 3.1
        SDK as well as to 1.5.x.  
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18490 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Aug 16, 2006
  1. krb5-1.4.4-beta1-postrelease

    tlyu authored
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18457 dc483132-0cff-0310-8789-dd5450dbe970
  2. krb5-1.4.4-beta1

    tlyu authored
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18455 dc483132-0cff-0310-8789-dd5450dbe970
  3. update for krb5-1.4.4-beta1

    tlyu authored
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18454 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Aug 15, 2006
  1. ticket: 4138

    tlyu authored
    pull up r18438 from trunk
    
     r18438@cathode-dark-space:  tlyu | 2006-08-15 15:27:08 -0400
     ticket: 4137
     
     	* src/clients/ksu/main.c (sweep_up): Don't check return value of
     	krb5_seteuid(0), as it is not harmful for it to fail, and it will
     	fail after setuid(target_user).  Correct error message.
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18440 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Aug 8, 2006
  1. ticket: 4126

    tlyu authored
    version_fixed: 1.4.4
    
    pull up r18420 from trunk
    
     r18420@cathode-dark-space:  tlyu | 2006-08-08 15:26:40 -0400
     ticket: new
     subject: fix MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities
     target_version: 1.5.1
     tags: pullup
     
     	* src/appl/gssftp/ftpd/ftpd.c (getdatasock, passive):
     	* src/appl/bsd/v4rcp.c (main):
     	* src/appl/bsd/krcp.c (main):
     	* src/appl/bsd/krshd.c (doit):
     	* src/appl/bsd/login.c (main): 
     	* src/clients/ksu/main.c (sweep_up):
     	* src/lib/krb4/kuserok.c (kuserok): Check return values from
     	setuid() and related functions to avoid privilege escalation
     	vulnerabilities.  Fixes MITKRB5-SA-2006-001. [CVE-2006-3083,
     	VU#580124, CVE-2006-3084, VU#401660]
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18422 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Jul 25, 2006
  1. back to postrelease

    tlyu authored
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18393 dc483132-0cff-0310-8789-dd5450dbe970
  2. kfw-3.1.0-beta1

    tlyu authored
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18390 dc483132-0cff-0310-8789-dd5450dbe970
  3. ticket: 4053

    tlyu authored
    version_fixed: 1.4.4
    
    pull up r18387 from trunk
    
     r18387@cathode-dark-space:  jaltman | 2006-07-25 09:59:30 -0400
     ticket: new
     subject: Windows - fix kfwlogon for Windows 2000
     tags: pullup
     
         Windows 2000 does not support the ability to generate SIDs
         from symbolic names.
     
         Add more debugging and error condition checks.
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18388 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Jul 24, 2006
  1. ticket: 4048

    tlyu authored
    version_fixed: 1.4.4
    
    pull up r18379 from trunk in order to get correct commit log
    
     r18379@cathode-dark-space:  jaltman | 2006-07-24 02:58:23 -0400
     ticket: new
     subject: Windows Integrated Login Fixes for KFW 3.1
     tags: pullup
     component: windows
     
         KFW integrated login was failing when the user is 
         not a power user or administrator.  This was occurring 
         because the temporary file ccache was being created in
         a directory the user could not read.  While fixing this
         it was noticed that the ACLs on the ccache were too broad.
         Instead of applying a fix to the FILE: krb5_ccache 
         implementation it was decided that simply applying a new
         set of ACLs (SYSTEM and "user" with no inheritance) to 
         the file immediately after the krb5_cc_initialize() call
         would close the broadest security issues.  
     
         The file is initially created in the SYSTEM %TEMP% directory
         with "SYSTEM" ACL only.  Then it is moved to the user's %TEMP%
         directory with "SYSTEM" and "user" ACLs.  Finally, after
         copying the credentials to the API: ccache, the file is deleted.
         
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18385 dc483132-0cff-0310-8789-dd5450dbe970
  2. ticket: 4048

    tlyu authored
    revert previous
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18384 dc483132-0cff-0310-8789-dd5450dbe970
  3. ticket: 4048

    tlyu authored
    version_fixed: 1.4.4
    
    pull up r18382 from trunk
    
     r18382@cathode-dark-space:  jaltman | 2006-07-24 16:39:31 -0400
     ticket: 4048
     
         commit again without using patch to apply the diff
     
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18383 dc483132-0cff-0310-8789-dd5450dbe970
Commits on Jul 22, 2006
  1. ticket: 3945

    tlyu authored
    pull up r18243 from trunk
    
     r18243@cathode-dark-space:  tlyu | 2006-06-27 18:01:22 -0400
     ticket: new
     tags: pullup
     target_version: 1.5
     subject: mkrel should only generate doc/CHANGES for checkouts
     
     	* src/util/mkrel: Only write doc/CHANGES if doing a checkout.
     	This makes nightly snapshots saner.
     
    
    
    
    git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18378 dc483132-0cff-0310-8789-dd5450dbe970
Something went wrong with that request. Please try again.