diff -Nru krb5-1.16.2/appveyor.yml krb5-1.17/appveyor.yml --- krb5-1.16.2/appveyor.yml 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/appveyor.yml 2019-01-08 16:02:37.000000000 +0000 @@ -1,16 +1,25 @@ +image: Visual Studio 2017 + build_script: - - call "C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\SetEnv.cmd" /x86 - mkdir C:\kfw - set KRB_INSTALL_DIR=C:\kfw - - set CPU=i386 - - set NO_LEASH=1 - - set - cd %APPVEYOR_BUILD_FOLDER%\src + - set PATH=%PATH%;%wix%bin + - call "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Auxiliary\Build\vcvars32.bat" + - set - nmake -f Makefile.in prep-windows - nmake - nmake install - - set CPU=AMD64 - - setenv /x64 + - cd windows\installer\wix + - nmake + - rename kfw.msi kfw32.msi + - cd ..\..\.. + - call "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Auxiliary\Build\vcvars64.bat" + - set - nmake clean - nmake - nmake install + - cd windows\installer\wix + - nmake clean + - nmake + - rename kfw.msi kfw64.msi diff -Nru krb5-1.16.2/debian/changelog krb5-1.17/debian/changelog --- krb5-1.16.2/debian/changelog 2018-12-31 20:25:16.000000000 +0000 +++ krb5-1.17/debian/changelog 2019-01-13 20:59:40.000000000 +0000 @@ -1,3 +1,13 @@ +krb5 (1.17-1) unstable; urgency=low + + * New Upstream release + * Don't include all memory ccaches in ccache collection, avoids invalid + mutex, Closes: #918088 + * The default path for the KDC database even without a config file is + /var/lib/krb5kdc/principal, Closes: #777579 + + -- Sam Hartman Sun, 13 Jan 2019 15:59:40 -0500 + krb5 (1.16.2-1) unstable; urgency=medium [ Ondřej Nový ] diff -Nru krb5-1.16.2/debian/.git-dpm krb5-1.17/debian/.git-dpm --- krb5-1.16.2/debian/.git-dpm 2018-12-31 20:25:01.000000000 +0000 +++ krb5-1.17/debian/.git-dpm 2019-01-13 20:59:40.000000000 +0000 @@ -1,8 +1,8 @@ # see git-dpm(1) from git-dpm package -2de32da21c17e0daa9a47d610c3fab3f10a58513 -2de32da21c17e0daa9a47d610c3fab3f10a58513 -4fc7671a4f4a9b775762bceb5453d4478735e3b5 -4fc7671a4f4a9b775762bceb5453d4478735e3b5 -krb5_1.16.2.orig.tar.gz -6d6ef205194be386fb5f4e6bef32cb9fc79e853b -9652415 +d2a401455564fa2a51c78a0856492dfe3329a68f +d2a401455564fa2a51c78a0856492dfe3329a68f +a75eb54fd955cbf7a8ac44e527fd0e400e87844a +a75eb54fd955cbf7a8ac44e527fd0e400e87844a +krb5_1.17.orig.tar.gz +0c404b081db9c996c581f636ce450ee28778f338 +8761763 diff -Nru krb5-1.16.2/debian/libgssapi-krb5-2.symbols krb5-1.17/debian/libgssapi-krb5-2.symbols --- krb5-1.16.2/debian/libgssapi-krb5-2.symbols 2018-12-31 20:25:00.000000000 +0000 +++ krb5-1.17/debian/libgssapi-krb5-2.symbols 2019-01-13 20:59:40.000000000 +0000 @@ -39,6 +39,7 @@ GSS_C_SEC_CONTEXT_SASL_SSF@gssapi_krb5_2_MIT 1.16 GSS_KRB5_CRED_NO_CI_FLAGS_X@gssapi_krb5_2_MIT 1.14+dfsg GSS_KRB5_GET_CRED_IMPERSONATOR@gssapi_krb5_2_MIT 1.16 + GSS_KRB5_NT_ENTERPRISE_NAME@gssapi_krb5_2_MIT 1.17 GSS_KRB5_NT_PRINCIPAL_NAME@gssapi_krb5_2_MIT 1.6.dfsg.2 HIDDEN@HIDDEN 1.6.dfsg.2 gss_accept_sec_context@gssapi_krb5_2_MIT 1.14+dfsg @@ -77,7 +78,7 @@ gss_get_mic_iov_length@gssapi_krb5_2_MIT 1.12~alpha1+dfsg gss_get_name_attribute@gssapi_krb5_2_MIT 1.8+dfsg gss_import_cred@gssapi_krb5_2_MIT 1.11+dfsg - gss_import_name@gssapi_krb5_2_MIT 1.6.dfsg.2 + gss_import_name@gssapi_krb5_2_MIT 1.17 gss_import_sec_context@gssapi_krb5_2_MIT 1.14+dfsg gss_indicate_mechs@gssapi_krb5_2_MIT 1.12.1+dfsg-2 gss_indicate_mechs_by_attrs@gssapi_krb5_2_MIT 1.12.1+dfsg-2 diff -Nru krb5-1.16.2/debian/libkadm5clnt-mit11.symbols krb5-1.17/debian/libkadm5clnt-mit11.symbols --- krb5-1.16.2/debian/libkadm5clnt-mit11.symbols 2018-12-31 20:25:00.000000000 +0000 +++ krb5-1.17/debian/libkadm5clnt-mit11.symbols 2019-01-13 20:59:40.000000000 +0000 @@ -66,6 +66,7 @@ krb5_klog_close@kadm5clnt_mit_11_MIT 1.15~beta1 krb5_klog_init@kadm5clnt_mit_11_MIT 1.15~beta1 krb5_klog_reopen@kadm5clnt_mit_11_MIT 1.15~beta1 + krb5_klog_set_context@kadm5clnt_mit_11_MIT 1.17 krb5_klog_syslog@kadm5clnt_mit_11_MIT 1.15~beta1 krb5_string_to_keysalts@kadm5clnt_mit_11_MIT 1.15~beta1 xdr_chpass3_arg@kadm5clnt_mit_11_MIT 1.15~beta1 diff -Nru krb5-1.16.2/debian/libkadm5srv-mit11.symbols krb5-1.17/debian/libkadm5srv-mit11.symbols --- krb5-1.16.2/debian/libkadm5srv-mit11.symbols 2018-12-31 20:25:00.000000000 +0000 +++ krb5-1.17/debian/libkadm5srv-mit11.symbols 2019-01-13 20:59:40.000000000 +0000 @@ -75,6 +75,7 @@ krb5_klog_close@kadm5srv_mit_11_MIT 1.15~beta1 krb5_klog_init@kadm5srv_mit_11_MIT 1.15~beta1 krb5_klog_reopen@kadm5srv_mit_11_MIT 1.15~beta1 + krb5_klog_set_context@kadm5srv_mit_11_MIT 1.17 krb5_klog_syslog@kadm5srv_mit_11_MIT 1.15~beta1 krb5_string_to_keysalts@kadm5srv_mit_11_MIT 1.15~beta1 master_db@kadm5srv_mit_11_MIT 1.15~beta1 diff -Nru krb5-1.16.2/debian/libkrb5-3.install krb5-1.17/debian/libkrb5-3.install --- krb5-1.16.2/debian/libkrb5-3.install 2018-12-31 20:25:00.000000000 +0000 +++ krb5-1.17/debian/libkrb5-3.install 2019-01-13 20:59:40.000000000 +0000 @@ -1 +1,2 @@ usr/lib/*/libkrb5.so.3* +usr/lib/*/krb5/plugins/preauth/spake.so diff -Nru krb5-1.16.2/debian/libkrb5-3.symbols krb5-1.17/debian/libkrb5-3.symbols --- krb5-1.16.2/debian/libkrb5-3.symbols 2018-12-31 20:25:00.000000000 +0000 +++ krb5-1.17/debian/libkrb5-3.symbols 2019-01-13 20:59:40.000000000 +0000 @@ -38,6 +38,7 @@ decode_krb5_pa_otp_req@krb5_3_MIT 1.11+dfsg decode_krb5_pa_pac_req@krb5_3_MIT 1.7dfsg decode_krb5_pa_s4u_x509_user@krb5_3_MIT 1.8+dfsg + decode_krb5_pa_spake@krb5_3_MIT 1.17 decode_krb5_padata_sequence@krb5_3_MIT 1.6.dfsg.2 decode_krb5_priv@krb5_3_MIT 1.6.dfsg.2 decode_krb5_safe@krb5_3_MIT 1.6.dfsg.2 @@ -46,6 +47,7 @@ decode_krb5_sam_response_2@krb5_3_MIT 1.7dfsg decode_krb5_secure_cookie@krb5_3_MIT 1.14+dfsg decode_krb5_setpw_req@krb5_3_MIT 1.7dfsg + decode_krb5_spake_factor@krb5_3_MIT 1.17 decode_krb5_tgs_rep@krb5_3_MIT 1.6.dfsg.2 decode_krb5_tgs_req@krb5_3_MIT 1.6.dfsg.2 decode_krb5_ticket@krb5_3_MIT 1.6.dfsg.2 @@ -87,6 +89,7 @@ encode_krb5_pa_otp_enc_req@krb5_3_MIT 1.11+dfsg encode_krb5_pa_otp_req@krb5_3_MIT 1.11+dfsg encode_krb5_pa_s4u_x509_user@krb5_3_MIT 1.8+dfsg + encode_krb5_pa_spake@krb5_3_MIT 1.17 encode_krb5_padata_sequence@krb5_3_MIT 1.6.dfsg.2 encode_krb5_pkinit_supp_pub_info@krb5_3_MIT 1.10+dfsg~alpha1 encode_krb5_priv@krb5_3_MIT 1.6.dfsg.2 @@ -97,6 +100,7 @@ encode_krb5_sam_response_2@krb5_3_MIT 1.7dfsg encode_krb5_secure_cookie@krb5_3_MIT 1.14+dfsg encode_krb5_sp80056a_other_info@krb5_3_MIT 1.10+dfsg~alpha1 + encode_krb5_spake_factor@krb5_3_MIT 1.17 encode_krb5_tgs_rep@krb5_3_MIT 1.6.dfsg.2 encode_krb5_tgs_req@krb5_3_MIT 1.6.dfsg.2 encode_krb5_ticket@krb5_3_MIT 1.6.dfsg.2 @@ -129,8 +133,10 @@ k5_free_otp_tokeninfo@krb5_3_MIT 1.11+dfsg k5_free_pa_otp_challenge@krb5_3_MIT 1.11+dfsg k5_free_pa_otp_req@krb5_3_MIT 1.11+dfsg + k5_free_pa_spake@krb5_3_MIT 1.17 k5_free_secure_cookie@krb5_3_MIT 1.14+dfsg k5_free_serverlist@krb5_3_MIT 1.10+dfsg~alpha1 + k5_free_spake_factor@krb5_3_MIT 1.17 k5_hostrealm_free_context@krb5_3_MIT 1.12~alpha1+dfsg k5_init_trace@krb5_3_MIT 1.12~alpha1+dfsg k5_is_string_numeric@krb5_3_MIT 1.15~beta1 @@ -371,6 +377,7 @@ krb5_get_default_in_tkt_ktypes@krb5_3_MIT 1.6.dfsg.2 krb5_get_default_realm@krb5_3_MIT 1.6.dfsg.2 krb5_get_error_message@krb5_3_MIT 1.6.dfsg.2 + krb5_get_etype_info@krb5_3_MIT 1.17 krb5_get_fallback_host_realm@krb5_3_MIT 1.7dfsg krb5_get_host_realm@krb5_3_MIT 1.6.dfsg.2 krb5_get_in_tkt_with_keytab@krb5_3_MIT 1.6.dfsg.2 @@ -483,7 +490,9 @@ krb5_pac_init@krb5_3_MIT 1.7dfsg krb5_pac_parse@krb5_3_MIT 1.7dfsg krb5_pac_sign@krb5_3_MIT 1.10+dfsg~alpha1 + krb5_pac_sign_ext@krb5_3_MIT 1.17 krb5_pac_verify@krb5_3_MIT 1.7dfsg + krb5_pac_verify_ext@krb5_3_MIT 1.17 krb5_parse_name@krb5_3_MIT 1.6.dfsg.2 krb5_parse_name_flags@krb5_3_MIT 1.7dfsg krb5_prepend_error_message@krb5_3_MIT 1.14+dfsg diff -Nru krb5-1.16.2/debian/libkrb5support0.symbols krb5-1.17/debian/libkrb5support0.symbols --- krb5-1.16.2/debian/libkrb5support0.symbols 2018-12-31 20:25:00.000000000 +0000 +++ krb5-1.17/debian/libkrb5support0.symbols 2019-01-13 20:59:40.000000000 +0000 @@ -6,15 +6,26 @@ k5_buf_add@krb5support_0_MIT 1.12~alpha1+dfsg k5_buf_add_fmt@krb5support_0_MIT 1.12~alpha1+dfsg k5_buf_add_len@krb5support_0_MIT 1.12~alpha1+dfsg + k5_buf_add_vfmt@krb5support_0_MIT 1.17 k5_buf_free@krb5support_0_MIT 1.13~alpha1+dfsg k5_buf_get_space@krb5support_0_MIT 1.13~alpha1+dfsg k5_buf_init_dynamic@krb5support_0_MIT 1.12~alpha1+dfsg + k5_buf_init_dynamic_zap@krb5support_0_MIT 1.17 k5_buf_init_fixed@krb5support_0_MIT 1.12~alpha1+dfsg k5_buf_status@krb5support_0_MIT 1.13~alpha1+dfsg k5_buf_truncate@krb5support_0_MIT 1.12~alpha1+dfsg k5_clear_error@krb5support_0_MIT 1.12~alpha1+dfsg + k5_dir_filenames@krb5support_0_MIT 1.17 k5_free_error@krb5support_0_MIT 1.12~alpha1+dfsg + k5_free_filenames@krb5support_0_MIT 1.17 k5_get_error@krb5support_0_MIT 1.12~alpha1+dfsg + k5_hashtab_add@krb5support_0_MIT 1.17 + k5_hashtab_create@krb5support_0_MIT 1.17 + k5_hashtab_free@krb5support_0_MIT 1.17 + k5_hashtab_get@krb5support_0_MIT 1.17 + k5_hashtab_remove@krb5support_0_MIT 1.17 + k5_hex_decode@krb5support_0_MIT 1.17 + k5_hex_encode@krb5support_0_MIT 1.17 k5_json_array_add@krb5support_0_MIT 1.11+dfsg k5_json_array_create@krb5support_0_MIT 1.11+dfsg k5_json_array_fmt@krb5support_0_MIT 1.12~alpha1+dfsg diff -Nru krb5-1.16.2/debian/patches/debian-local/0001-Debian-HURD-compatibility.patch krb5-1.17/debian/patches/debian-local/0001-Debian-HURD-compatibility.patch --- krb5-1.16.2/debian/patches/debian-local/0001-Debian-HURD-compatibility.patch 2018-12-31 20:25:00.000000000 +0000 +++ krb5-1.17/debian/patches/debian-local/0001-Debian-HURD-compatibility.patch 2019-01-13 20:59:40.000000000 +0000 @@ -1,4 +1,4 @@ -From a0a91429b7ad38d677ee7b28492dba501156313b Mon Sep 17 00:00:00 2001 +From 85fcf9fc43e0b10fd0f90e056200ed028e50d297 Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Mon, 26 Dec 2011 18:05:13 -0500 Subject: Debian: HURD compatibility @@ -10,10 +10,10 @@ src/clients/ksu/ksu.h | 4 ++++ src/include/k5-int.h | 3 +++ src/kadmin/ktutil/ktutil_funcs.c | 4 ++++ + src/kprop/kprop_util.c | 4 ++++ src/lib/gssapi/spnego/spnego_mech.c | 3 +++ src/lib/krb5/os/sn2princ.c | 4 ++++ src/plugins/kdb/db2/libdb2/include/db-int.h | 4 ++++ - src/slave/kprop_util.c | 4 ++++ src/tests/resolve/resolve.c | 4 ++++ 8 files changed, 30 insertions(+) @@ -33,10 +33,10 @@ extern int optind; extern char * optarg; diff --git a/src/include/k5-int.h b/src/include/k5-int.h -index e1b1cb040d..eadc7360d3 100644 +index 652242207a..e4f1678be6 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h -@@ -581,6 +581,9 @@ extern char *strdup (const char *); +@@ -589,6 +589,9 @@ extern char *strdup (const char *); #ifdef HAVE_SYS_PARAM_H #include /* MAXPATHLEN */ #endif @@ -47,10 +47,10 @@ #ifdef HAVE_SYS_FILE_H #include /* prototypes for file-related diff --git a/src/kadmin/ktutil/ktutil_funcs.c b/src/kadmin/ktutil/ktutil_funcs.c -index 7a3aa0dcad..c9397a4486 100644 +index 6d119a2b64..fb7fa22f54 100644 --- a/src/kadmin/ktutil/ktutil_funcs.c +++ b/src/kadmin/ktutil/ktutil_funcs.c -@@ -33,6 +33,10 @@ +@@ -34,6 +34,10 @@ #include #include @@ -61,6 +61,21 @@ /* * Free a kt_list */ +diff --git a/src/kprop/kprop_util.c b/src/kprop/kprop_util.c +index c32d174b95..d72ab18967 100644 +--- a/src/kprop/kprop_util.c ++++ b/src/kprop/kprop_util.c +@@ -32,6 +32,10 @@ + #include + #include + ++#ifndef MAXHOSTNAMELEN ++#define MAXHOSTNAMELEN 256 ++#endif ++ + /* + * Convert an IPv4 or IPv6 socket address to a newly allocated krb5_address. + * There is similar code elsewhere in the tree, so this should possibly become diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c index 9d6027ce80..585d8a6581 100644 --- a/src/lib/gssapi/spnego/spnego_mech.c @@ -103,21 +118,6 @@ +# define MAXPATHLEN 4096 +#endif #endif /* _DB_INT_H_ */ -diff --git a/src/slave/kprop_util.c b/src/slave/kprop_util.c -index 7e1ec229d0..49030ec020 100644 ---- a/src/slave/kprop_util.c -+++ b/src/slave/kprop_util.c -@@ -32,6 +32,10 @@ - #include - #include - -+#ifndef MAXHOSTNAMELEN -+#define MAXHOSTNAMELEN 256 -+#endif -+ - /* - * Convert an IPv4 or IPv6 socket address to a newly allocated krb5_address. - * There is similar code elsewhere in the tree, so this should possibly become diff --git a/src/tests/resolve/resolve.c b/src/tests/resolve/resolve.c index 7339d21bd9..38f725322b 100644 --- a/src/tests/resolve/resolve.c diff -Nru krb5-1.16.2/debian/patches/debian-local/0002-debian-Handle-multi-arch-paths-in-krb5-config.patch krb5-1.17/debian/patches/debian-local/0002-debian-Handle-multi-arch-paths-in-krb5-config.patch --- krb5-1.16.2/debian/patches/debian-local/0002-debian-Handle-multi-arch-paths-in-krb5-config.patch 2018-12-31 20:25:00.000000000 +0000 +++ krb5-1.17/debian/patches/debian-local/0002-debian-Handle-multi-arch-paths-in-krb5-config.patch 2019-01-13 20:59:40.000000000 +0000 @@ -1,4 +1,4 @@ -From b1f73c56bbac5e2dceed23f2904ffc983c6d6b24 Mon Sep 17 00:00:00 2001 +From 8cbb465da2e4ae37b8afd884910506422eadd0f8 Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Mon, 26 Dec 2011 18:19:53 -0500 Subject: debian: Handle multi-arch paths in krb5-config diff -Nru krb5-1.16.2/debian/patches/debian-local/0003-debian-osconf.hin-path-changes.patch krb5-1.17/debian/patches/debian-local/0003-debian-osconf.hin-path-changes.patch --- krb5-1.16.2/debian/patches/debian-local/0003-debian-osconf.hin-path-changes.patch 2018-12-31 20:25:00.000000000 +0000 +++ krb5-1.17/debian/patches/debian-local/0003-debian-osconf.hin-path-changes.patch 2019-01-13 20:59:40.000000000 +0000 @@ -1,33 +1,35 @@ -From 5ec003b1363ccd4d89d88f83165f850bb082b98a Mon Sep 17 00:00:00 2001 +From d0706297a8a7a9fb45deb0973e15506dc31b1c83 Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Mon, 26 Dec 2011 18:20:11 -0500 Subject: debian: osconf.hin path changes Patch-Category: debian-local --- - src/include/osconf.hin | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) + src/include/osconf.hin | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/include/osconf.hin b/src/include/osconf.hin -index 98a467454b..2f51cc13c7 100644 +index c24717be67..c103424955 100644 --- a/src/include/osconf.hin +++ b/src/include/osconf.hin -@@ -59,7 +59,7 @@ - #define PLUGIN_EXT "@DYNOBJEXT" +@@ -70,8 +70,8 @@ + #endif #define KDC_DIR "@LOCALSTATEDIR/krb5kdc" -#define KDC_RUN_DIR "@RUNSTATEDIR/krb5kdc" +-#define DEFAULT_KDB_FILE KDC_DIR "/principal" +#define KDC_RUN_DIR "/run/krb5kdc" - #define DEFAULT_KDB_FILE KDC_DIR "/principal" ++#define DEFAULT_KDB_FILE "/var/lib/krb5kdc/principal" #define DEFAULT_KEYFILE_STUB KDC_DIR "/.k5." #define KRB5_DEFAULT_ADMIN_ACL KDC_DIR "/krb5_adm.acl" -@@ -114,8 +114,8 @@ - * krb5 slave support follows + /* Used by old admin server */ +@@ -125,8 +125,8 @@ + * krb5 replica support follows */ --#define KPROP_DEFAULT_FILE KDC_DIR "/slave_datatrans" +-#define KPROP_DEFAULT_FILE KDC_DIR "/replica_datatrans" -#define KPROPD_DEFAULT_FILE KDC_DIR "/from_master" -+#define KPROP_DEFAULT_FILE "/var/lib/krb5kdc/slave_datatrans" ++#define KPROP_DEFAULT_FILE "/var/lib/krb5kdc/replica_datatrans" +#define KPROPD_DEFAULT_FILE "/var/lib/krb5kdc/from_master" #define KPROPD_DEFAULT_KDB5_UTIL "@SBINDIR/kdb5_util" #define KPROPD_DEFAULT_KPROP "@SBINDIR/kprop" diff -Nru krb5-1.16.2/debian/patches/debian-local/0004-debian-install-ldap-library-in-subdirectory.patch krb5-1.17/debian/patches/debian-local/0004-debian-install-ldap-library-in-subdirectory.patch --- krb5-1.16.2/debian/patches/debian-local/0004-debian-install-ldap-library-in-subdirectory.patch 2018-12-31 20:25:00.000000000 +0000 +++ krb5-1.17/debian/patches/debian-local/0004-debian-install-ldap-library-in-subdirectory.patch 2019-01-13 20:59:40.000000000 +0000 @@ -1,4 +1,4 @@ -From 738f1fe8e2529f51bc9a50716a8ffcdbaa61b8dd Mon Sep 17 00:00:00 2001 +From de937376c58397109ef2bf087ce4073caa37fb29 Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Mon, 26 Dec 2011 18:12:39 -0500 Subject: debian: install ldap library in subdirectory diff -Nru krb5-1.16.2/debian/patches/debian-local/0005-gssapi-never-unload-mechanisms.patch krb5-1.17/debian/patches/debian-local/0005-gssapi-never-unload-mechanisms.patch --- krb5-1.16.2/debian/patches/debian-local/0005-gssapi-never-unload-mechanisms.patch 2018-12-31 20:25:00.000000000 +0000 +++ krb5-1.17/debian/patches/debian-local/0005-gssapi-never-unload-mechanisms.patch 2019-01-13 20:59:40.000000000 +0000 @@ -1,4 +1,4 @@ -From f88cb0d8e81ba3f8f700ea62d4c770218c29ad20 Mon Sep 17 00:00:00 2001 +From dd3d9bb7d1c07fd5e12b5a0595a8aa351cdaff82 Mon Sep 17 00:00:00 2001 From: Benjamin Kaduk Date: Fri, 29 Mar 2013 17:18:40 -0400 Subject: gssapi: never unload mechanisms @@ -20,10 +20,10 @@ 1 file changed, 2 deletions(-) diff --git a/src/lib/gssapi/mechglue/g_initialize.c b/src/lib/gssapi/mechglue/g_initialize.c -index 9197666e10..890bd2c037 100644 +index 0ad11c0b02..a3926e166e 100644 --- a/src/lib/gssapi/mechglue/g_initialize.c +++ b/src/lib/gssapi/mechglue/g_initialize.c -@@ -562,8 +562,6 @@ releaseMechInfo(gss_mech_info *pCf) +@@ -559,8 +559,6 @@ releaseMechInfo(gss_mech_info *pCf) generic_gss_release_oid(&minor_status, &cf->mech_type); if (cf->freeMech) zapfree(cf->mech, sizeof(*cf->mech)); diff -Nru krb5-1.16.2/debian/patches/debian-local/0006-Add-substpdf-target.patch krb5-1.17/debian/patches/debian-local/0006-Add-substpdf-target.patch --- krb5-1.16.2/debian/patches/debian-local/0006-Add-substpdf-target.patch 2018-12-31 20:25:00.000000000 +0000 +++ krb5-1.17/debian/patches/debian-local/0006-Add-substpdf-target.patch 2019-01-13 20:59:40.000000000 +0000 @@ -1,4 +1,4 @@ -From 05d1fa84b8fef75d33a1fc83093fec390a27bc17 Mon Sep 17 00:00:00 2001 +From cbb7f2bbb739cc8766cacc64141a1a5a87642692 Mon Sep 17 00:00:00 2001 From: Ben Kaduk Date: Fri, 29 Mar 2013 20:53:37 -0400 Subject: Add substpdf target diff -Nru krb5-1.16.2/debian/patches/debian-local/0007-Fix-pkg-config-library-include-paths.patch krb5-1.17/debian/patches/debian-local/0007-Fix-pkg-config-library-include-paths.patch --- krb5-1.16.2/debian/patches/debian-local/0007-Fix-pkg-config-library-include-paths.patch 2018-12-31 20:25:00.000000000 +0000 +++ krb5-1.17/debian/patches/debian-local/0007-Fix-pkg-config-library-include-paths.patch 2019-01-13 20:59:40.000000000 +0000 @@ -1,4 +1,4 @@ -From 764e2ddaab1c9503efd07d08192fbb679fcb25ea Mon Sep 17 00:00:00 2001 +From baeaf3b108107146437608f3fc14249e3cdaed99 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 27 Aug 2014 16:40:29 -0400 Subject: Fix pkg-config library/include paths diff -Nru krb5-1.16.2/debian/patches/debian-local/0008-Use-isystem-for-include-paths.patch krb5-1.17/debian/patches/debian-local/0008-Use-isystem-for-include-paths.patch --- krb5-1.16.2/debian/patches/debian-local/0008-Use-isystem-for-include-paths.patch 2018-12-31 20:25:00.000000000 +0000 +++ krb5-1.17/debian/patches/debian-local/0008-Use-isystem-for-include-paths.patch 2019-01-13 20:59:40.000000000 +0000 @@ -1,4 +1,4 @@ -From bfee7ec7d0e66b80bf034609bfd34cb76bc07137 Mon Sep 17 00:00:00 2001 +From d2a401455564fa2a51c78a0856492dfe3329a68f Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 3 Sep 2014 22:41:55 -0400 Subject: Use -isystem for include paths diff -Nru krb5-1.16.2/debian/patches/series krb5-1.17/debian/patches/series --- krb5-1.16.2/debian/patches/series 2018-12-31 20:25:01.000000000 +0000 +++ krb5-1.17/debian/patches/series 2019-01-13 20:59:40.000000000 +0000 @@ -6,4 +6,3 @@ debian-local/0006-Add-substpdf-target.patch debian-local/0007-Fix-pkg-config-library-include-paths.patch debian-local/0008-Use-isystem-for-include-paths.patch -upstream/0009-Remove-incorrect-KDC-assertion.patch diff -Nru krb5-1.16.2/debian/patches/upstream/0009-Remove-incorrect-KDC-assertion.patch krb5-1.17/debian/patches/upstream/0009-Remove-incorrect-KDC-assertion.patch --- krb5-1.16.2/debian/patches/upstream/0009-Remove-incorrect-KDC-assertion.patch 2018-12-31 20:25:01.000000000 +0000 +++ krb5-1.17/debian/patches/upstream/0009-Remove-incorrect-KDC-assertion.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,43 +0,0 @@ -From 2de32da21c17e0daa9a47d610c3fab3f10a58513 Mon Sep 17 00:00:00 2001 -From: Isaac Boukris -Date: Sat, 15 Dec 2018 11:56:36 +0200 -Subject: Remove incorrect KDC assertion - -The assertion in return_enc_padata() is reachable because -kdc_make_s4u2self_rep() may have previously added encrypted padata. -It is no longer necessary because the code uses add_pa_data_element() -instead of allocating a new list. - -CVE-2018-20217: - -In MIT krb5 1.8 or later, an authenticated user who can obtain a TGT -using an older encryption type (DES, DES3, or RC4) can cause an -assertion failure in the KDC by sending an S4U2Self request. - -[ghudson@mit.edu: rewrote commit message with CVE description] - -ticket: 8767 (new) -tags: pullup -target_version: 1.17 -target_version: 1.16-next -target_version: 1.15-next - -(cherry picked from commit 94e5eda5bb94d1d44733a49c3d9b6d1e42c74def) - -Patch-Category: upstream ---- - src/kdc/kdc_preauth.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c -index 81d0b8cffd..787a09684c 100644 ---- a/src/kdc/kdc_preauth.c -+++ b/src/kdc/kdc_preauth.c -@@ -1640,7 +1640,6 @@ return_enc_padata(krb5_context context, krb5_data *req_pkt, - krb5_error_code code = 0; - /* This should be initialized and only used for Win2K compat and other - * specific standardized uses such as FAST negotiation. */ -- assert(reply_encpart->enc_padata == NULL); - if (is_referral) { - code = return_referral_enc_padata(context, reply_encpart, server); - if (code) diff -Nru krb5-1.16.2/debian/rules krb5-1.17/debian/rules --- krb5-1.16.2/debian/rules 2018-12-31 20:25:00.000000000 +0000 +++ krb5-1.17/debian/rules 2019-01-13 20:59:40.000000000 +0000 @@ -98,7 +98,7 @@ build-indep-stamp: build-stamp ifeq (,$(findstring nodoc,$(DEB_BUILD_OPTIONS))) - cd build/doc && make substhtml substpdf + cd build/doc && make PYTHON=python substhtml substpdf ln -sf /usr/share/javascript/jquery/jquery.js build/doc/html_subst/_static/jquery.js ln -sf /usr/share/javascript/underscore/underscore.js build/doc/html_subst/_static/underscore.js ln -sf /usr/share/javascript/sphinxdoc/1.0/doctools.js build/doc/html_subst/_static/doctools.js diff -Nru krb5-1.16.2/doc/admin/admin_commands/kadmind.rst krb5-1.17/doc/admin/admin_commands/kadmind.rst --- krb5-1.16.2/doc/admin/admin_commands/kadmind.rst 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/doc/admin/admin_commands/kadmind.rst 2019-01-08 16:02:37.000000000 +0000 @@ -49,14 +49,14 @@ disassociates itself from its controlling terminal. kadmind can be configured for incremental database propagation. -Incremental propagation allows slave KDC servers to receive principal -and policy updates incrementally instead of receiving full dumps of -the database. This facility can be enabled in the :ref:`kdc.conf(5)` -file with the **iprop_enable** option. Incremental propagation -requires the principal ``kiprop/MASTER\@REALM`` (where MASTER is the -master KDC's canonical host name, and REALM the realm name). In -release 1.13, this principal is automatically created and registered -into the datebase. +Incremental propagation allows replica KDC servers to receive +principal and policy updates incrementally instead of receiving full +dumps of the database. This facility can be enabled in the +:ref:`kdc.conf(5)` file with the **iprop_enable** option. Incremental +propagation requires the principal ``kiprop/MASTER\@REALM`` (where +MASTER is the master KDC's canonical host name, and REALM the realm +name). In release 1.13, this principal is automatically created and +registered into the datebase. OPTIONS @@ -78,10 +78,10 @@ the server to place itself in the background. **-proponly** - causes the server to only listen and respond to Kerberos slave + causes the server to only listen and respond to Kerberos replica incremental propagation polling requests. This option can be used - to set up a hierarchical propagation topology where a slave KDC - provides incremental updates to other Kerberos slaves. + to set up a hierarchical propagation topology where a replica KDC + provides incremental updates to other Kerberos replicas. **-port** *port-number* specifies the port on which the administration server listens for @@ -100,12 +100,12 @@ **-K** *kprop_path* specifies the path to the kprop command to use to send full dumps - to slaves in response to full resync requests. + to replicas in response to full resync requests. **-k** *kprop_port* - specifies the port by which the kprop process that is spawned by kadmind - connects to the slave kpropd, in order to transfer the dump file during - an iprop full resync request. + specifies the port by which the kprop process that is spawned by + kadmind connects to the replica kpropd, in order to transfer the + dump file during an iprop full resync request. **-F** *dump_file* specifies the file path to be used for dumping the KDB in response diff -Nru krb5-1.16.2/doc/admin/admin_commands/kadmin_local.rst krb5-1.17/doc/admin/admin_commands/kadmin_local.rst --- krb5-1.16.2/doc/admin/admin_commands/kadmin_local.rst 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/doc/admin/admin_commands/kadmin_local.rst 2019-01-08 16:02:37.000000000 +0000 @@ -297,8 +297,9 @@ {-\|+}\ **allow_dup_skey** **-allow_dup_skey** disables user-to-user authentication for this - principal by prohibiting this principal from obtaining a session - key for another user. **+allow_dup_skey** clears this flag. + principal by prohibiting others from obtaining a service ticket + encrypted in this principal's TGT session key. + **+allow_dup_skey** clears this flag. {-\|+}\ **requires_preauth** **+requires_preauth** requires this principal to preauthenticate @@ -325,7 +326,9 @@ {-\|+}\ **allow_svr** **-allow_svr** prohibits the issuance of service tickets for this - principal. **+allow_svr** clears this flag. + principal. In release 1.17 and later, user-to-user service + tickets are still allowed unless the **-allow_dup_skey** flag is + also set. **+allow_svr** clears this flag. {-\|+}\ **allow_tgs_req** **-allow_tgs_req** specifies that a Ticket-Granting Service (TGS) diff -Nru krb5-1.16.2/doc/admin/admin_commands/kdb5_util.rst krb5-1.17/doc/admin/admin_commands/kdb5_util.rst --- krb5-1.16.2/doc/admin/admin_commands/kdb5_util.rst 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/doc/admin/admin_commands/kdb5_util.rst 2019-01-08 16:02:37.000000000 +0000 @@ -277,9 +277,9 @@ values. The **-s** option stashes the new master key in the stash file, which will be created if it doesn't already exist. -After a new master key is added, it should be propagated to slave +After a new master key is added, it should be propagated to replica servers via a manual or periodic invocation of :ref:`kprop(8)`. Then, -the stash files on the slave servers should be updated with the +the stash files on the replica servers should be updated with the kdb5_util **stash** command. Once those steps are complete, the key is ready to be marked active with the kdb5_util **use_mkey** command. diff -Nru krb5-1.16.2/doc/admin/admin_commands/kpropd.rst krb5-1.17/doc/admin/admin_commands/kpropd.rst --- krb5-1.16.2/doc/admin/admin_commands/kpropd.rst 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/doc/admin/admin_commands/kpropd.rst 2019-01-08 16:02:37.000000000 +0000 @@ -10,7 +10,7 @@ [**-r** *realm*] [**-A** *admin_server*] [**-a** *acl_file*] -[**-f** *slave_dumpfile*] +[**-f** *replica_dumpfile*] [**-F** *principal_database*] [**-p** *kdb5_util_prog*] [**-P** *port*] @@ -21,18 +21,19 @@ DESCRIPTION ----------- -The *kpropd* command runs on the slave KDC server. It listens for +The *kpropd* command runs on the replica KDC server. It listens for update requests made by the :ref:`kprop(8)` program. If incremental propagation is enabled, it periodically requests incremental updates from the master KDC. -When the slave receives a kprop request from the master, kpropd +When the replica receives a kprop request from the master, kpropd accepts the dumped KDC database and places it in a file, and then runs :ref:`kdb5_util(8)` to load the dumped database into the active database which is used by :ref:`krb5kdc(8)`. This allows the master Kerberos server to use :ref:`kprop(8)` to propagate its database to -the slave servers. Upon a successful download of the KDC database -file, the slave Kerberos server will have an up-to-date KDC database. +the replica servers. Upon a successful download of the KDC database +file, the replica Kerberos server will have an up-to-date KDC +database. Where incremental propagation is not used, kpropd is commonly invoked out of inetd(8) as a nowait service. This is done by adding a line to @@ -51,15 +52,15 @@ Incremental propagation may be enabled with the **iprop_enable** variable in :ref:`kdc.conf(5)`. If incremental propagation is -enabled, the slave periodically polls the master KDC for updates, at -an interval determined by the **iprop_slave_poll** variable. If the -slave receives updates, kpropd updates its log file with any updates +enabled, the replica periodically polls the master KDC for updates, at +an interval determined by the **iprop_replica_poll** variable. If the +replica receives updates, kpropd updates its log file with any updates from the master. :ref:`kproplog(8)` can be used to view a summary of -the update entry log on the slave KDC. If incremental propagation is -enabled, the principal ``kiprop/slavehostname@REALM`` (where -*slavehostname* is the name of the slave KDC host, and *REALM* is the -name of the Kerberos realm) must be present in the slave's keytab -file. +the update entry log on the replica KDC. If incremental propagation +is enabled, the principal ``kiprop/replicahostname@REALM`` (where +*replicahostname* is the name of the replica KDC host, and *REALM* is +the name of the Kerberos realm) must be present in the replica's +keytab file. :ref:`kproplog(8)` can be used to force full replication when iprop is enabled. diff -Nru krb5-1.16.2/doc/admin/admin_commands/kproplog.rst krb5-1.17/doc/admin/admin_commands/kproplog.rst --- krb5-1.16.2/doc/admin/admin_commands/kproplog.rst 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/doc/admin/admin_commands/kproplog.rst 2019-01-08 16:02:37.000000000 +0000 @@ -17,18 +17,18 @@ log to standard output. It can be used to keep track of incremental updates to the principal database. The update log file contains the update log maintained by the :ref:`kadmind(8)` process on the master -KDC server and the :ref:`kpropd(8)` process on the slave KDC servers. -When updates occur, they are logged to this file. Subsequently any -KDC slave configured for incremental updates will request the current -data from the master KDC and update their log file with any updates -returned. +KDC server and the :ref:`kpropd(8)` process on the replica KDC +servers. When updates occur, they are logged to this file. +Subsequently any KDC replica configured for incremental updates will +request the current data from the master KDC and update their log file +with any updates returned. The kproplog command requires read access to the update log file. It will display update entries only for the KDC it runs on. If no options are specified, kproplog displays a summary of the update log. If invoked on the master, kproplog also displays all of the -update entries. If invoked on a slave KDC server, kproplog displays +update entries. If invoked on a replica KDC server, kproplog displays only a summary of the updates, which includes the serial number of the last update received and the associated time stamp of the last update. @@ -37,9 +37,9 @@ ------- **-R** - Reset the update log. This forces full resynchronization. If used - on a slave then that slave will request a full resync. If used on - the master then all slaves will request full resyncs. + Reset the update log. This forces full resynchronization. If + used on a replica then that replica will request a full resync. + If used on the master then all replicas will request full resyncs. **-h** Display a summary of the update log. This information includes diff -Nru krb5-1.16.2/doc/admin/admin_commands/kprop.rst krb5-1.17/doc/admin/admin_commands/kprop.rst --- krb5-1.16.2/doc/admin/admin_commands/kprop.rst 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/doc/admin/admin_commands/kprop.rst 2019-01-08 16:02:37.000000000 +0000 @@ -12,15 +12,15 @@ [**-d**] [**-P** *port*] [**-s** *keytab*] -*slave_host* +*replica_host* DESCRIPTION ----------- kprop is used to securely propagate a Kerberos V5 database dump file -from the master Kerberos server to a slave Kerberos server, which is -specified by *slave_host*. The dump file must be created by +from the master Kerberos server to a replica Kerberos server, which is +specified by *replica_host*. The dump file must be created by :ref:`kdb5_util(8)`. @@ -33,7 +33,7 @@ **-f** *file* Specifies the filename where the dumped principal database file is to be found; by default the dumped database file is normally - |kdcdir|\ ``/slave_datatrans``. + |kdcdir|\ ``/replica_datatrans``. **-P** *port* Specifies the port to use to contact the :ref:`kpropd(8)` server diff -Nru krb5-1.16.2/doc/admin/admin_commands/krb5kdc.rst krb5-1.17/doc/admin/admin_commands/krb5kdc.rst --- krb5-1.16.2/doc/admin/admin_commands/krb5kdc.rst 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/doc/admin/admin_commands/krb5kdc.rst 2019-01-08 16:02:37.000000000 +0000 @@ -57,12 +57,12 @@ the KDC is still running and to allow init scripts to stop the correct process. -The **-p** *portnum* option specifies the default UDP port numbers -which the KDC should listen on for Kerberos version 5 requests, as a -comma-separated list. This value overrides the UDP port numbers -specified in the :ref:`kdcdefaults` section of :ref:`kdc.conf(5)`, but -may be overridden by realm-specific values. If no value is given from -any source, the default port is 88. +The **-p** *portnum* option specifies the default UDP and TCP port +numbers which the KDC should listen on for Kerberos version 5 +requests, as a comma-separated list. This value overrides the port +numbers specified in the :ref:`kdcdefaults` section of +:ref:`kdc.conf(5)`, but may be overridden by realm-specific values. +If no value is given from any source, the default port is 88. The **-w** *numworkers* option tells the KDC to fork *numworkers* processes to listen to the KDC ports and process requests in parallel. diff -Nru krb5-1.16.2/doc/admin/admin_commands/ktutil.rst krb5-1.17/doc/admin/admin_commands/ktutil.rst --- krb5-1.16.2/doc/admin/admin_commands/ktutil.rst 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/doc/admin/admin_commands/ktutil.rst 2019-01-08 16:02:37.000000000 +0000 @@ -87,9 +87,14 @@ ~~~~~~~~~ **add_entry** {**-key**\|\ **-password**} **-p** *principal* - **-k** *kvno* **-e** *enctype* [**-s** *salt*] + **-k** *kvno* [**-e** *enctype*] [**-f**\|\ **-s** *salt*] -Add *principal* to keylist using key or password. +Add *principal* to keylist using key or password. If the **-f** flag +is specified, salt information will be fetched from the KDC; in this +case the **-e** flag may be omitted, or it may be supplied to force a +particular enctype. If the **-f** flag is not specified, the **-e** +flag must be specified, and the default salt will be used unless +overridden with the **-s** option. Alias: **addent** diff -Nru krb5-1.16.2/doc/admin/advanced/retiring-des.rst krb5-1.17/doc/admin/advanced/retiring-des.rst --- krb5-1.16.2/doc/admin/advanced/retiring-des.rst 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/doc/admin/advanced/retiring-des.rst 2019-01-08 16:02:37.000000000 +0000 @@ -134,11 +134,11 @@ .. note:: - The new ``krbtgt@REALM`` key should be propagated to slave KDCs + The new ``krbtgt@REALM`` key should be propagated to replica KDCs immediately so that TGTs issued by the master KDC can be used to - issue service tickets on slave KDCs. Slave KDCs will refuse requests - using the new TGT kvno until the new krbtgt entry has been propagated - to them. + issue service tickets on replica KDCs. Replica KDCs will refuse + requests using the new TGT kvno until the new krbtgt entry has + been propagated to them. It is necessary to explicitly specify the enctypes for the new database entry, since **supported_enctypes** has not been changed. Leaving @@ -321,8 +321,8 @@ As before, the KDC process must be restarted for this change to take effect. It is best practice to update kdc.conf on all KDCs, not just the - master, to avoid unpleasant surprises should the master fail and a slave - need to be promoted. + master, to avoid unpleasant surprises should the master fail and a + replica need to be promoted. It is now appropriate to remove the legacy single-DES key from the ``krbtgt/REALM`` entry: diff -Nru krb5-1.16.2/doc/admin/appl_servers.rst krb5-1.17/doc/admin/appl_servers.rst --- krb5-1.16.2/doc/admin/appl_servers.rst 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/doc/admin/appl_servers.rst 2019-01-08 16:02:37.000000000 +0000 @@ -121,16 +121,16 @@ If you need off-site users to be able to get Kerberos tickets in your realm, they must be able to get to your KDC. This requires either -that you have a slave KDC outside your firewall, or that you configure -your firewall to allow UDP requests into at least one of your KDCs, on -whichever port the KDC is running. (The default is port 88; other -ports may be specified in the KDC's :ref:`kdc.conf(5)` file.) -Similarly, if you need off-site users to be able to change their -passwords in your realm, they must be able to get to your Kerberos -admin server on the kpasswd port (which defaults to 464). If you need -off-site users to be able to administer your Kerberos realm, they must -be able to get to your Kerberos admin server on the administrative -port (which defaults to 749). +that you have a replica KDC outside your firewall, or that you +configure your firewall to allow UDP requests into at least one of +your KDCs, on whichever port the KDC is running. (The default is port +88; other ports may be specified in the KDC's :ref:`kdc.conf(5)` +file.) Similarly, if you need off-site users to be able to change +their passwords in your realm, they must be able to get to your +Kerberos admin server on the kpasswd port (which defaults to 464). If +you need off-site users to be able to administer your Kerberos realm, +they must be able to get to your Kerberos admin server on the +administrative port (which defaults to 749). If your on-site users inside your firewall will need to get to KDCs in other realms, you will also need to configure your firewall to allow diff -Nru krb5-1.16.2/doc/admin/backup_host.rst krb5-1.17/doc/admin/backup_host.rst --- krb5-1.16.2/doc/admin/backup_host.rst 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/doc/admin/backup_host.rst 2019-01-08 16:02:37.000000000 +0000 @@ -18,17 +18,17 @@ -------------------------------- As with any file, it is possible that your Kerberos database could -become corrupted. If this happens on one of the slave KDCs, you might -never notice, since the next automatic propagation of the database -would install a fresh copy. However, if it happens to the master KDC, -the corrupted database would be propagated to all of the slaves during -the next propagation. For this reason, MIT recommends that you back -up your Kerberos database regularly. Because the master KDC is -continuously dumping the database to a file in order to propagate it -to the slave KDCs, it is a simple matter to have a cron job -periodically copy the dump file to a secure machine elsewhere on your -network. (Of course, it is important to make the host where these -backups are stored as secure as your KDCs, and to encrypt its +become corrupted. If this happens on one of the replica KDCs, you +might never notice, since the next automatic propagation of the +database would install a fresh copy. However, if it happens to the +master KDC, the corrupted database would be propagated to all of the +replicas during the next propagation. For this reason, MIT recommends +that you back up your Kerberos database regularly. Because the master +KDC is continuously dumping the database to a file in order to +propagate it to the replica KDCs, it is a simple matter to have a cron +job periodically copy the dump file to a secure machine elsewhere on +your network. (Of course, it is important to make the host where +these backups are stored as secure as your KDCs, and to encrypt its transmission across your network.) Then if your database becomes corrupted, you can load the most recent dump onto the master KDC. (See :ref:`restore_from_dump`.) diff -Nru krb5-1.16.2/doc/admin/conf_files/kdc_conf.rst krb5-1.17/doc/admin/conf_files/kdc_conf.rst --- krb5-1.16.2/doc/admin/conf_files/kdc_conf.rst 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/doc/admin/conf_files/kdc_conf.rst 2019-01-08 16:02:37.000000000 +0000 @@ -43,10 +43,10 @@ [kdcdefaults] ~~~~~~~~~~~~~ -With two exceptions, relations in the [kdcdefaults] section specify -default values for realm variables, to be used if the [realms] -subsection does not contain a relation for the tag. See the -:ref:`kdc_realms` section for the definitions of these relations. +Some relations in the [kdcdefaults] section specify default values for +realm variables, to be used if the [realms] subsection does not +contain a relation for the tag. See the :ref:`kdc_realms` section for +the definitions of these relations. * **host_based_services** * **kdc_listen** @@ -56,6 +56,8 @@ * **no_host_referral** * **restrict_anonymous_to_tgt** +The following [kdcdefaults] variables have no per-realm equivalent: + **kdc_max_dgram_reply_size** Specifies the maximum packet size that can be sent over UDP. The default value is 4096 bytes. @@ -65,6 +67,12 @@ daemon. The value may be limited by OS settings. The default value is 5. +**spake_preauth_kdc_challenge** + (String.) Specifies the group for a SPAKE optimistic challenge. + See the **spake_preauth_groups** variable in :ref:`libdefaults` + for possible values. The default is not to issue an optimistic + challenge. (New in release 1.17.) + .. _kdc_realms: @@ -126,9 +134,8 @@ the principal within this realm. **dup-skey** - Enabling this flag allows the principal to obtain a session - key for another user, permitting user-to-user authentication - for this principal. + Enabling this flag allows the KDC to issue user-to-user + service tickets for this principal. **forwardable** Enabling this flag allows the principal to obtain forwardable @@ -185,7 +192,9 @@ **service** Enabling this flag allows the the KDC to issue service tickets - for this principal. + for this principal. In release 1.17 and later, user-to-user + service tickets are still allowed if the **dup-skey** flag is + set. **tgt-based** Enabling this flag allows a principal to obtain tickets based @@ -218,10 +227,15 @@ retained for incremental propagation. The default value is 1000. Prior to release 1.11, the maximum value was 2500. +**iprop_replica_poll** + (Delta time string.) Specifies how often the replica KDC polls + for new updates from the master. The default value is ``2m`` + (that is, two minutes). New in release 1.17. + **iprop_slave_poll** - (Delta time string.) Specifies how often the slave KDC polls for - new updates from the master. The default value is ``2m`` (that - is, two minutes). + (Delta time string.) The name for **iprop_replica_poll** prior to + release 1.17. Its value is used as a fallback if + **iprop_replica_poll** is not specified. **iprop_listen** (Whitespace- or comma-separated list.) Specifies the iprop RPC @@ -238,8 +252,8 @@ **iprop_port** (Port number.) Specifies the port number to be used for incremental propagation. When **iprop_enable** is true, this - relation is required in the slave configuration file, and this - relation or **iprop_listen** is required in the master + relation is required in the replica KDC configuration file, and + this relation or **iprop_listen** is required in the master configuration file, as there is no default port number. Port numbers specified in **iprop_listen** entries will override this port number for the :ref:`kadmind(8)` daemon. @@ -247,7 +261,7 @@ **iprop_resync_timeout** (Delta time string.) Specifies the amount of time to wait for a full propagation to complete. This is optional in configuration - files, and is used by slave KDCs only. The default value is 5 + files, and is used by replica KDCs only. The default value is 5 minutes (``5m``). New in release 1.11. **iprop_logfile** @@ -403,6 +417,12 @@ without allowing anonymous authentication to services. The default value is false. New in release 1.9. +**spake_preauth_indicator** + (String.) Specifies an authentication indicator value that the + KDC asserts into tickets obtained using SPAKE pre-authentication. + The default is not to add any indicators. This option may be + specified multiple times. New in release 1.17. + **supported_enctypes** (List of *key*:*salt* strings.) Specifies the default key/salt combinations of principals for this realm. Any principals created @@ -461,8 +481,8 @@ **db_library** This tag indicates the name of the loadable database module. The - value should be ``db2`` for the DB2 module and ``kldap`` for the - LDAP module. + value should be ``db2`` for the DB2 module, ``klmdb`` for the LMDB + module, or ``kldap`` for the LDAP module. **disable_last_success** If set to ``true``, suppresses KDC updates to the "Last successful @@ -537,6 +557,24 @@ **ldap_kdc_sasl_authcid** or **ldap_kadmind_sasl_authcid** names for SASL authentication. This file must be kept secure. +**mapsize** + This LMDB-specific tag indicates the maximum size of the two + database environments in megabytes. The default value is 128. + Increase this value to address "Environment mapsize limit reached" + errors. New in release 1.17. + +**max_readers** + This LMDB-specific tag indicates the maximum number of concurrent + reading processes for the databases. The default value is 128. + New in release 1.17. + +**nosync** + This LMDB-specific tag can be set to improve the throughput of + kadmind and other administrative agents, at the expense of + durability (recent database changes may not survive a power outage + or other sudden reboot). It does not affect the throughput of the + KDC. The default value is false. New in release 1.17. + **unlockiter** If set to ``true``, this DB2-specific tag causes iteration operations to release the database lock while processing each @@ -599,19 +637,15 @@ **SYSLOG**\ [\ **:**\ *severity*\ [\ **:**\ *facility*\ ]] This causes the daemon's logging messages to go to the system log. - The severity argument specifies the default severity of system log - messages. This may be any of the following severities supported - by the syslog(3) call, minus the ``LOG_`` prefix: **EMERG**, - **ALERT**, **CRIT**, **ERR**, **WARNING**, **NOTICE**, **INFO**, - and **DEBUG**. + For backward compatibility, a severity argument may be specified, + and must be specified in order to specify a facility. This + argument will be ignored. The facility argument specifies the facility under which the messages are logged. This may be any of the following facilities supported by the syslog(3) call minus the LOG\_ prefix: **KERN**, **USER**, **MAIL**, **DAEMON**, **AUTH**, **LPR**, **NEWS**, - **UUCP**, **CRON**, and **LOCAL0** through **LOCAL7**. - - If no severity is specified, the default is **ERR**. If no + **UUCP**, **CRON**, and **LOCAL0** through **LOCAL7**. If no facility is specified, the default is **AUTH**. In the following example, the logging messages from the KDC will go to @@ -798,6 +832,10 @@ **pkinit_require_crl_checking** should be set to true if the policy is such that up-to-date CRLs must be present for every CA. +**pkinit_require_freshness** + Specifies whether to require clients to include a freshness token + in PKINIT requests. The default value is false. (New in release + 1.17.) .. _Encryption_types: diff -Nru krb5-1.16.2/doc/admin/conf_files/krb5_conf.rst krb5-1.17/doc/admin/conf_files/krb5_conf.rst --- krb5-1.16.2/doc/admin/conf_files/krb5_conf.rst 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/doc/admin/conf_files/krb5_conf.rst 2019-01-08 16:02:37.000000000 +0000 @@ -60,7 +60,9 @@ 1.15, files with names ending in ".conf" are also included, unless the name begins with ".". Included profile files are syntactically independent of their parents, so each included file must begin with a -section header. +section header. Starting in release 1.17, files are read in +alphanumeric order; in previous releases, they may be read in any +order. The krb5.conf file can specify that configuration should be obtained from a loadable module, rather than the file itself, using the @@ -326,7 +328,8 @@ **plugin_base_dir** If set, determines the base directory where krb5 plugins are located. The default value is the ``krb5/plugins`` subdirectory - of the krb5 library directory. + of the krb5 library directory. This relation is subject to + parameter expansion (see below) in release 1.17 and later. **preferred_preauth_types** This allows you to set the preferred preauthentication types which @@ -367,6 +370,21 @@ with the session key type. See the **kdc_req_checksum_type** configuration option for the possible values and their meanings. +**spake_preauth_groups** + A whitespace or comma-separated list of words which specifies the + groups allowed for SPAKE preauthentication. The possible values + are: + + ============ ================================ + edwards25519 Edwards25519 curve (:rfc:`7748`) + P-256 NIST P-256 curve (:rfc:`5480`) + P-384 NIST P-384 curve (:rfc:`5480`) + P-521 NIST P-521 curve (:rfc:`5480`) + ============ ================================ + + The default value for the client is ``edwards25519``. The default + value for the KDC is empty. New in release 1.17. + **ticket_lifetime** (:ref:`duration` string.) Sets the default lifetime for initial ticket requests. The default value is 1 day. @@ -436,7 +454,7 @@ auth_to_local = RULE:[2:$1](johndoe)s/^.*$/guest/ auth_to_local = RULE:[2:$1;$2](^.*;admin$)s/;admin$// auth_to_local = RULE:[2:$2](^.*;root)s/^.*$/root/ - auto_to_local = DEFAULT + auth_to_local = DEFAULT } would result in any principal without ``root`` or ``admin`` as the @@ -458,6 +476,16 @@ (for example, when converting ``rcmd.hostname`` to ``host/hostname.domain``). +**disable_encrypted_timestamp** + If this flag is true, the client will not perform encrypted + timestamp preauthentication if requested by the KDC. Setting this + flag can help to prevent dictionary attacks by active attackers, + if the realm's KDCs support SPAKE preauthentication or if initial + authentication always uses another mechanism or always uses FAST. + This flag persists across client referrals during initial + authentication. This flag does not prevent the KDC from offering + encrypted timestamp. New in release 1.17. + **http_anchors** When KDCs and kpasswd servers are accessed through HTTPS proxies, this tag can be used to specify the location of the CA certificate which should be @@ -505,8 +533,8 @@ one case: If an attempt to get credentials fails because of an invalid password, the client software will attempt to contact the master KDC, in case the user's password has just been changed, and - the updated database has not been propagated to the slave servers - yet. + the updated database has not been propagated to the replica + servers yet. **v4_instance_convert** This subsection allows the administrator to configure exceptions diff -Nru krb5-1.16.2/doc/admin/conf_ldap.rst krb5-1.17/doc/admin/conf_ldap.rst --- krb5-1.16.2/doc/admin/conf_ldap.rst 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/doc/admin/conf_ldap.rst 2019-01-08 16:02:37.000000000 +0000 @@ -1,3 +1,5 @@ +.. _conf_ldap: + Configuring Kerberos with OpenLDAP back-end =========================================== diff -Nru krb5-1.16.2/doc/admin/database.rst krb5-1.17/doc/admin/database.rst --- krb5-1.16.2/doc/admin/database.rst 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/doc/admin/database.rst 2019-01-08 16:02:37.000000000 +0000 @@ -510,13 +510,13 @@ master key, the new key will have version 2. The new master key will not be used until you make it active. -#. Propagate the database to all slave KDCs, either manually or by +#. Propagate the database to all replica KDCs, either manually or by waiting until the next scheduled propagation. If you do not have - any slave KDCs, you can skip this and the next step. + any replica KDCs, you can skip this and the next step. -#. On each slave KDC, run ``kdb5_util list_mkeys`` to verify that the - new master key is present, and then ``kdb5_util stash`` to write - the new master key to the slave KDC's stash file. +#. On each replica KDC, run ``kdb5_util list_mkeys`` to verify that + the new master key is present, and then ``kdb5_util stash`` to + write the new master key to the replica KDC's stash file. #. On the master KDC, run ``kdb5_util use_mkey 2`` to begin using the new master key. Replace ``2`` with the version of the new master @@ -529,11 +529,15 @@ command will iterate over the database and re-encrypt all keys in the new master key. If the database is large and uses DB2, the master KDC will become unavailable while this command runs, but - clients should fail over to slave KDCs (if any are present) during - this time period. In release 1.13 and later, you can instead run - ``kdb5_util -x unlockiter update_princ_encryption`` to use unlocked - iteration; this variant will take longer, but will keep the - database available to the KDC and kadmind while it runs. + clients should fail over to replica KDCs (if any are present) + during this time period. In release 1.13 and later, you can + instead run ``kdb5_util -x unlockiter update_princ_encryption`` to + use unlocked iteration; this variant will take longer, but will + keep the database available to the KDC and kadmind while it runs. + +#. Wait until the above changes have propagated to all replica KDCs + and until all running KDC and kadmind processes have serviced + requests using updated principal entries. #. On the master KDC, run ``kdb5_util purge_mkeys`` to clean up the old master key. @@ -794,22 +798,22 @@ At some very large sites, dumping and transmitting the database can take more time than is desirable for changes to propagate from the -master KDC to the slave KDCs. The incremental propagation support +master KDC to the replica KDCs. The incremental propagation support added in the 1.7 release is intended to address this. With incremental propagation enabled, all programs on the master KDC that change the database also write information about the changes to an "update log" file, maintained as a circular buffer of a certain -size. A process on each slave KDC connects to a service on the master -KDC (currently implemented in the :ref:`kadmind(8)` server) and +size. A process on each replica KDC connects to a service on the +master KDC (currently implemented in the :ref:`kadmind(8)` server) and periodically requests the changes that have been made since the last check. By default, this check is done every two minutes. If the database has just been modified in the previous several seconds -(currently the threshold is hard-coded at 10 seconds), the slave will -not retrieve updates, but instead will pause and try again soon after. -This reduces the likelihood that incremental update queries will cause -delays for an administrator trying to make a bunch of changes to the -database at the same time. +(currently the threshold is hard-coded at 10 seconds), the replica +will not retrieve updates, but instead will pause and try again soon +after. This reduces the likelihood that incremental update queries +will cause delays for an administrator trying to make a bunch of +changes to the database at the same time. Incremental propagation uses the following entries in the per-realm data in the KDC config file (See :ref:`kdc.conf(5)`): @@ -817,53 +821,54 @@ ====================== =============== =========================================== iprop_enable *boolean* If *true*, then incremental propagation is enabled, and (as noted below) normal kprop propagation is disabled. The default is *false*. iprop_master_ulogsize *integer* Indicates the number of entries that should be retained in the update log. The default is 1000; the maximum number is 2500. -iprop_slave_poll *time interval* Indicates how often the slave should poll the master KDC for changes to the database. The default is two minutes. -iprop_port *integer* Specifies the port number to be used for incremental propagation. This is required in both master and slave configuration files. -iprop_resync_timeout *integer* Specifies the number of seconds to wait for a full propagation to complete. This is optional on slave configurations. Defaults to 300 seconds (5 minutes). +iprop_replica_poll *time interval* Indicates how often the replica should poll the master KDC for changes to the database. The default is two minutes. +iprop_port *integer* Specifies the port number to be used for incremental propagation. This is required in both master and replica configuration files. +iprop_resync_timeout *integer* Specifies the number of seconds to wait for a full propagation to complete. This is optional on replica configurations. Defaults to 300 seconds (5 minutes). iprop_logfile *file name* Specifies where the update log file for the realm database is to be stored. The default is to use the *database_name* entry from the realms section of the config file :ref:`kdc.conf(5)`, with *.ulog* appended. (NOTE: If database_name isn't specified in the realms section, perhaps because the LDAP database back end is being used, or the file name is specified in the *dbmodules* section, then the hard-coded default for *database_name* is used. Determination of the *iprop_logfile* default value will not use values from the *dbmodules* section.) ====================== =============== =========================================== -Both master and slave sides must have a principal named +Both master and replica sides must have a principal named ``kiprop/hostname`` (where *hostname* is the lowercase, fully-qualified, canonical name for the host) registered in the Kerberos database, and have keys for that principal stored in the default keytab file (|keytab|). In release 1.13, the ``kiprop/hostname`` principal is created automatically for the master -KDC, but it must still be created for slave KDCs. +KDC, but it must still be created for replica KDCs. On the master KDC side, the ``kiprop/hostname`` principal must be listed in the kadmind ACL file :ref:`kadm5.acl(5)`, and given the **p** privilege (see :ref:`privileges`). -On the slave KDC side, :ref:`kpropd(8)` should be run. When +On the replica KDC side, :ref:`kpropd(8)` should be run. When incremental propagation is enabled, it will connect to the kadmind on the master KDC and start requesting updates. The normal kprop mechanism is disabled by the incremental propagation -support. However, if the slave has been unable to fetch changes from -the master KDC for too long (network problems, perhaps), the log on -the master may wrap around and overwrite some of the updates that the -slave has not yet retrieved. In this case, the slave will instruct -the master KDC to dump the current database out to a file and invoke a -one-time kprop propagation, with special options to also convey the -point in the update log at which the slave should resume fetching -incremental updates. Thus, all the keytab and ACL setup previously -described for kprop propagation is still needed. - -If an environment has a large number of slaves, it may be desirable to -arrange them in a hierarchy instead of having the master serve updates -to every slave. To do this, run ``kadmind -proponly`` on each -intermediate slave, and ``kpropd -A upstreamhostname`` on downstream -slaves to direct each one to the appropriate upstream slave. +support. However, if the replica has been unable to fetch changes +from the master KDC for too long (network problems, perhaps), the log +on the master may wrap around and overwrite some of the updates that +the replica has not yet retrieved. In this case, the replica will +instruct the master KDC to dump the current database out to a file and +invoke a one-time kprop propagation, with special options to also +convey the point in the update log at which the replica should resume +fetching incremental updates. Thus, all the keytab and ACL setup +previously described for kprop propagation is still needed. + +If an environment has a large number of replicas, it may be desirable +to arrange them in a hierarchy instead of having the master serve +updates to every replica. To do this, run ``kadmind -proponly`` on +each intermediate replica, and ``kpropd -A upstreamhostname`` on +downstream replicas to direct each one to the appropriate upstream +replica. There are several known restrictions in the current implementation: - The incremental update protocol does not transport changes to policy objects. Any policy changes on the master will result in full - resyncs to all slaves. -- The slave's KDB module must support locking; it cannot be using the + resyncs to all replicas. +- The replica's KDB module must support locking; it cannot be using the LDAP KDB module. -- The master and slave must be able to initiate TCP connections in +- The master and replica must be able to initiate TCP connections in both directions, without an intervening NAT. @@ -885,10 +890,10 @@ number to contact. In the MIT implementation, where interaction with some modern versions of rpcbind doesn't always work well, the port number must be specified in the config file on both the master and -slave sides. +replica sides. The Sun implementation hard-codes pathnames in ``/var/krb5`` for the -update log and the per-slave kprop dump files. In the MIT +update log and the per-replica kprop dump files. In the MIT implementation, the pathname for the update log is specified in the -config file, and the per-slave dump files are stored in -|kdcdir|\ ``/slave_datatrans_hostname``. +config file, and the per-replica dump files are stored in +|kdcdir|\ ``/replica_datatrans_hostname``. diff -Nru krb5-1.16.2/doc/admin/dbtypes.rst krb5-1.17/doc/admin/dbtypes.rst --- krb5-1.16.2/doc/admin/dbtypes.rst 1970-01-01 00:00:00.000000000 +0000 +++ krb5-1.17/doc/admin/dbtypes.rst 2019-01-08 16:02:37.000000000 +0000 @@ -0,0 +1,147 @@ +Database types +============== + +A Kerberos database can be implemented with one of three built-in +database providers, called KDB modules. Software which incorporates +the MIT krb5 KDC may also provide its own KDB module. The following +subsections describe the three built-in KDB modules and the +configuration specific to them. + +The database type can be configured with the **db_library** variable +in the :ref:`dbmodules` subsection for the realm. For example:: + + [dbmodules] + ATHENA.MIT.EDU = { + db_library = db2 + } + +If the ``ATHENA.MIT.EDU`` realm subsection contains a +**database_module** setting, then the subsection within +``[dbmodules]`` should use that name instead of ``ATHENA.MIT.EDU``. + +To transition from one database type to another, stop the +:ref:`kadmind(8)` service, use ``kdb5_util dump`` to create a dump +file, change the **db_library** value and set any appropriate +configuration for the new database type, and use ``kdb5_util load`` to +create and populate the new database. If the new database type is +LDAP, create the new database using ``kdb5_ldap_util`` and populate it +from the dump file using ``kdb5_util load -update``. Then restart the +:ref:`krb5kdc(8)` and :ref:`kadmind(8)` services. + + +Berkeley database module (db2) +------------------------------ + +The default KDB module is ``db2``, which uses a version of the +Berkeley DB library. It creates four files based on the database +pathname. If the pathname ends with ``principal`` then the four files +are: + +* ``principal``, containing principal entry data +* ``principal.ok``, a lock file for the principal database +* ``principal.kadm5``, containing policy object data +* ``principal.kadm5.lock``, a lock file for the policy database + +For large databases, the :ref:`kdb5_util(8)` **dump** command (perhaps +invoked by :ref:`kprop(8)` or by :ref:`kadmind(8)` for incremental +propagation) may cause :ref:`krb5kdc(8)` to stop for a noticeable +period of time while it iterates over the database. This delay can be +avoided by disabling account lockout features so that the KDC does not +perform database writes (see :ref:`disable_lockout`). Alternatively, +a slower form of iteration can be enabled by setting the +**unlockiter** variable to ``true``. For example:: + + [dbmodules] + ATHENA.MIT.EDU = { + db_library = db2 + unlockiter = true + } + +In rare cases, a power failure or other unclean system shutdown may +cause inconsistencies in the internal pointers within a database file, +such that ``kdb5_util dump`` cannot retrieve all principal entries in +the database. In this situation, it may be possible to retrieve all +of the principal data by running ``kdb5_util dump -recurse`` to +iterate over the database using the tree pointers instead of the +iteration pointers. Running ``kdb5_util dump -rev`` to iterate over +the database backwards may also retrieve some of the data which is not +retrieved by a normal dump operation. + + +Lightning Memory-Mapped Database module (klmdb) +----------------------------------------------- + +The klmdb module was added in release 1.17. It uses the LMDB library, +and may offer better performance and reliability than the db2 module. +It creates four files based on the database pathname. If the pathname +ends with ``principal``, then the four files are: + +* ``principal.mdb``, containing policy object data and most principal + entry data +* ``principal.mdb-lock``, a lock file for the primary database +* ``principal.lockout.mdb``, containing the account lockout attributes + (last successful authentication time, last failed authentication + time, and number of failed attempts) for each principal entry +* ``principal.lockout.mdb-lock``, a lock file for the lockout database + +Separating out the lockout attributes ensures that the KDC will never +block on an administrative operation such as a database dump or load. +It also allows the KDC to operate without write access to the primary +database. If both account lockout features are disabled (see +:ref:`disable_lockout`), the lockout database files will be created +but will not subsequently be opened, and the account lockout +attributes will always have zero values. + +Because LMDB creates a memory map to the database files, it requires a +configured memory map size which also determines the maximum size of +the database. This size is applied equally to the two databases, so +twice the configured size will be consumed in the process address +space; this is primarily a limitation on 32-bit platforms. The +default value of 128 megabytes should be sufficient for several +hundred thousand principal entries. If the limit is reached, kadmin +operations will fail and the error message "Environment mapsize limit +reached" will appear in the kadmind log file. In this case, the +**mapsize** variable can be used to increase the map size. The +following example sets the map size to 512 megabytes:: + + [dbmodules] + ATHENA.MIT.EDU = { + db_library = klmdb + mapsize = 512 + } + +LMDB has a configurable maximum number of readers. The default value +of 128 should be sufficient for most deployments. If you are going to +use a large number of KDC worker processes, it may be necessary to set +the **max_readers** variable to a larger number. + +By default, LMDB synchronizes database files to disk after each write +transaction to ensure durability in the case of an unclean system +shutdown. The klmdb module always turns synchronization off for the +lockout database to ensure reasonable KDC performance, but leaves it +on for the primary database. If high throughput for administrative +operations (including password changes) is required, the **nosync** +variable can be set to "true" to disable synchronization for the +primary database. + +The klmdb module does not support explicit locking with the +:ref:`kadmin(1)` **lock** command. + + +LDAP module (kldap) +------------------- + +The kldap module stores principal and policy data using an LDAP +server. To use it you must configure an LDAP server to use the +Kerberos schema. See :ref:`conf_ldap` for details. + +Because :ref:`krb5kdc(8)` is single-threaded, latency in LDAP database +accesses may limit KDC operation throughput. If the LDAP server is +located on the same server host as the KDC and accessed through an +``ldapi://`` URL, latency should be minimal. If this is not possible, +consider starting multiple KDC worker processes with the +:ref:`krb5kdc(8)` **-w** option to enable concurrent processing of KDC +requests. + +The kldap module does not support explicit locking with the +:ref:`kadmin(1)` **lock** command. diff -Nru krb5-1.16.2/doc/admin/dictionary.rst krb5-1.17/doc/admin/dictionary.rst --- krb5-1.16.2/doc/admin/dictionary.rst 1970-01-01 00:00:00.000000000 +0000 +++ krb5-1.17/doc/admin/dictionary.rst 2019-01-08 16:02:37.000000000 +0000 @@ -0,0 +1,88 @@ +.. _dictionary: + +Addressing dictionary attack risks +================================== + +Kerberos initial authentication is normally secured using the client +principal's long-term key, which for users is generally derived from a +password. Using a pasword-derived long-term key carries the risk of a +dictionary attack, where an attacker tries a sequence of possible +passwords, possibly requiring much less effort than would be required +to try all possible values of the key. Even if :ref:`password policy +objects ` are used to force users not to pick trivial +passwords, dictionary attacks can sometimes be successful against a +significant fraction of the users in a realm. Dictionary attacks are +not a concern for principals using random keys. + +A dictionary attack may be online or offline. An online dictionary +attack is performed by trying each password in a separate request to +the KDC, and is therefore visible to the KDC and also limited in speed +by the KDC's processing power and the network capacity between the +client and the KDC. Online dictionary attacks can be mitigated using +:ref:`account lockout `. This measure is not totally +satisfactory, as it makes it easy for an attacker to deny access to a +client principal. + +An offline dictionary attack is performed by obtaining a ciphertext +generated using the password-derived key, and trying each password +against the ciphertext. This category of attack is invisible to the +KDC and can be performed much faster than an online attack. The +attack will generally take much longer with more recent encryption +types (particularly the ones based on AES), because those encryption +types use a much more expensive string-to-key function. However, the +best defense is to deny the attacker access to a useful ciphertext. +The required defensive measures depend on the attacker's level of +network access. + +An off-path attacker has no access to packets sent between legitimate +users and the KDC. An off-path attacker could gain access to an +attackable ciphertext either by making an AS request for a client +principal which does not have the **+requires_preauth** flag, or by +making a TGS request (after authenticating as a different user) for a +server principal which does not have the **-allow_svr** flag. To +address off-path attackers, a KDC administrator should set those flags +on principals with password-derived keys:: + + kadmin: add_principal +requires_preauth -allow_svr princname + +An attacker with passive network access (one who can monitor packets +sent between legitimate users and the KDC, but cannot change them or +insert their own packets) can gain access to an attackable ciphertext +by observing an authentication by a user using the most common form of +preauthentication, encrypted timestamp. Any of the following methods +can prevent dictionary attacks by attackers with passive network +access: + +* Enabling :ref:`SPAKE preauthentication ` (added in release + 1.17) on the KDC, and ensuring that all clients are able to support + it. + +* Using an :ref:`HTTPS proxy ` for communication with the KDC, + if the attacker cannot monitor communication between the proxy + server and the KDC. + +* Using FAST, protecting the initial authentication with either a + random key (such as a host key) or with :ref:`anonymous PKINIT + `. + +An attacker with active network access (one who can inject or modify +packets sent between legitimate users and the KDC) can try to fool the +client software into sending an attackable ciphertext using an +encryption type and salt string of the attacker's choosing. Any of the +following methods can prevent dictionary attacks by active attackers: + +* Enabling SPAKE preauthentication and setting the + **disable_encrypted_timestamp** variable to ``true`` in the + :ref:`realms` subsection of the client configuration. + +* Using an HTTPS proxy as described above, configured in the client's + krb5.conf realm configuration. If :ref:`KDC discovery + ` is used to locate a proxy server, an active + attacker may be able to use DNS spoofing to cause the client to use + a different HTTPS server or to not use HTTPS. + +* Using FAST as described above. + +If :ref:`PKINIT ` or :ref:`OTP ` are used for +initial authentication, the principal's long-term keys are not used +and dictionary attacks are usually not a concern. diff -Nru krb5-1.16.2/doc/admin/index.rst krb5-1.17/doc/admin/index.rst --- krb5-1.16.2/doc/admin/index.rst 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/doc/admin/index.rst 2019-01-08 16:02:37.000000000 +0000 @@ -8,6 +8,7 @@ conf_files/index.rst realm_config.rst database.rst + dbtypes.rst lockout.rst conf_ldap.rst appl_servers.rst @@ -15,6 +16,8 @@ backup_host.rst pkinit.rst otp.rst + spake.rst + dictionary.rst princ_dns.rst enctypes.rst https.rst diff -Nru krb5-1.16.2/doc/admin/install_appl_srv.rst krb5-1.17/doc/admin/install_appl_srv.rst --- krb5-1.16.2/doc/admin/install_appl_srv.rst 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/doc/admin/install_appl_srv.rst 2019-01-08 16:02:37.000000000 +0000 @@ -34,7 +34,7 @@ In order to generate a keytab for a host, the host must have a principal in the Kerberos database. The procedure for adding hosts to the database is described fully in :ref:`add_mod_del_princs`. (See -:ref:`slave_host_key` for a brief description.) The keytab is +:ref:`replica_host_key` for a brief description.) The keytab is generated by running :ref:`kadmin(1)` and issuing the :ref:`ktadd` command. diff -Nru krb5-1.16.2/doc/admin/install_kdc.rst krb5-1.17/doc/admin/install_kdc.rst --- krb5-1.16.2/doc/admin/install_kdc.rst 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/doc/admin/install_kdc.rst 2019-01-08 16:02:37.000000000 +0000 @@ -2,23 +2,23 @@ =============== When setting up Kerberos in a production environment, it is best to -have multiple slave KDCs alongside with a master KDC to ensure the +have multiple replica KDCs alongside with a master KDC to ensure the continued availability of the Kerberized services. Each KDC contains a copy of the Kerberos database. The master KDC contains the writable -copy of the realm database, which it replicates to the slave KDCs at +copy of the realm database, which it replicates to the replica KDCs at regular intervals. All database changes (such as password changes) -are made on the master KDC. Slave KDCs provide Kerberos +are made on the master KDC. Replica KDCs provide Kerberos ticket-granting services, but not database administration, when the master KDC is unavailable. MIT recommends that you install all of your KDCs to be able to function as either the master or one of the -slaves. This will enable you to easily switch your master KDC with -one of the slaves if necessary (see :ref:`switch_master_slave`). This -installation procedure is based on that recommendation. +replicas. This will enable you to easily switch your master KDC with +one of the replicas if necessary (see :ref:`switch_master_replica`). +This installation procedure is based on that recommendation. .. warning:: - The Kerberos system relies on the availability of correct time - information. Ensure that the master and all slave KDCs have + information. Ensure that the master and all replica KDCs have properly synchronized clocks. - It is best to install and run KDCs on secured and dedicated @@ -41,7 +41,7 @@ names:: kerberos.mit.edu - master KDC - kerberos-1.mit.edu - slave KDC + kerberos-1.mit.edu - replica KDC ATHENA.MIT.EDU - realm name .k5.ATHENA.MIT.EDU - stash file admin/admin - admin principal @@ -286,23 +286,23 @@ shell% kinit admin/admin@ATHENA.MIT.EDU -Install the slave KDCs ----------------------- +Install the replica KDCs +------------------------ -You are now ready to start configuring the slave KDCs. +You are now ready to start configuring the replica KDCs. .. note:: Assuming you are setting the KDCs up so that you can easily - switch the master KDC with one of the slaves, you should + switch the master KDC with one of the replicas, you should perform each of these steps on the master KDC as well as the - slave KDCs, unless these instructions specify otherwise. + replica KDCs, unless these instructions specify otherwise. -.. _slave_host_key: +.. _replica_host_key: -Create host keytabs for slave KDCs -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Create host keytabs for replica KDCs +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Each KDC needs a ``host`` key in the Kerberos database. These keys are used for mutual authentication when propagating the database dump @@ -311,7 +311,8 @@ On the master KDC, connect to administrative interface and create the host principal for each of the KDCs' ``host`` services. For example, if the master KDC were called ``kerberos.mit.edu``, and you had a -slave KDC named ``kerberos-1.mit.edu``, you would type the following:: +replica KDC named ``kerberos-1.mit.edu``, you would type the +following:: shell% kadmin kadmin: addprinc -randkey host/kerberos.mit.edu @@ -324,13 +325,13 @@ It is not strictly necessary to have the master KDC server in the Kerberos database, but it can be handy if you want to be able to swap -the master KDC with one of the slaves. +the master KDC with one of the replicas. Next, extract ``host`` random keys for all participating KDCs and store them in each host's default keytab file. Ideally, you should extract each keytab locally on its own KDC. If this is not feasible, you should use an encrypted session to send them across the network. -To extract a keytab directly on a slave KDC called +To extract a keytab directly on a replica KDC called ``kerberos-1.mit.edu``, you would execute the following command:: kadmin: ktadd host/kerberos-1.mit.edu @@ -343,7 +344,7 @@ Entry for principal host/kerberos-1.mit.edu with kvno 2, encryption type arcfour-hmac added to keytab FILE:/etc/krb5.keytab. -If you are instead extracting a keytab for the slave KDC called +If you are instead extracting a keytab for the replica KDC called ``kerberos-1.mit.edu`` on the master KDC, you should use a dedicated temporary keytab file for that machine's keytab:: @@ -357,12 +358,12 @@ ``/etc/krb5.keytab`` on the host ``kerberos-1.mit.edu``. -Configure slave KDCs -~~~~~~~~~~~~~~~~~~~~ +Configure replica KDCs +~~~~~~~~~~~~~~~~~~~~~~ Database propagation copies the contents of the master's database, but does not propagate configuration files, stash files, or the kadm5 ACL -file. The following files must be copied by hand to each slave (see +file. The following files must be copied by hand to each replica (see :ref:`mitK5defaults` for the default locations for these files): * krb5.conf @@ -371,27 +372,27 @@ * master key stash file Move the copied files into their appropriate directories, exactly as -on the master KDC. kadm5.acl is only needed to allow a slave to swap -with the master KDC. +on the master KDC. kadm5.acl is only needed to allow a replica to +swap with the master KDC. -The database is propagated from the master KDC to the slave KDCs via +The database is propagated from the master KDC to the replica KDCs via the :ref:`kpropd(8)` daemon. You must explicitly specify the principals which are allowed to provide Kerberos dump updates on the -slave machine with a new database. Create a file named kpropd.acl in -the KDC state directory containing the ``host`` principals for each of -the KDCs:: +replica machine with a new database. Create a file named kpropd.acl +in the KDC state directory containing the ``host`` principals for each +of the KDCs:: host/kerberos.mit.edu@ATHENA.MIT.EDU host/kerberos-1.mit.edu@ATHENA.MIT.EDU .. note:: - If you expect that the master and slave KDCs will be + If you expect that the master and replica KDCs will be switched at some point of time, list the host principals from all participating KDC servers in kpropd.acl files on all of the KDCs. Otherwise, you only need to list the master KDC's host principal in the kpropd.acl files of the - slave KDCs. + replica KDCs. Then, add the following line to ``/etc/inetd.conf`` on each KDC (adjust the path to kpropd):: @@ -402,34 +403,34 @@ KDC, if it is not already present (assuming that the default port is used):: - krb5_prop 754/tcp # Kerberos slave propagation + krb5_prop 754/tcp # Kerberos replica propagation Restart inetd daemon. Alternatively, start :ref:`kpropd(8)` as a stand-alone daemon. This is required when incremental propagation is enabled. -Now that the slave KDC is able to accept database propagation, you’ll -need to propagate the database from the master server. +Now that the replica KDC is able to accept database propagation, +you’ll need to propagate the database from the master server. -NOTE: Do not start the slave KDC yet; you still do not have a copy of -the master's database. +NOTE: Do not start the replica KDC yet; you still do not have a copy +of the master's database. -.. _kprop_to_slaves: +.. _kprop_to_replicas: -Propagate the database to each slave KDC -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Propagate the database to each replica KDC +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ First, create a dump file of the database on the master KDC, as follows:: - shell% kdb5_util dump /usr/local/var/krb5kdc/slave_datatrans + shell% kdb5_util dump /usr/local/var/krb5kdc/replica_datatrans -Then, manually propagate the database to each slave KDC, as in the +Then, manually propagate the database to each replica KDC, as in the following example:: - shell% kprop -f /usr/local/var/krb5kdc/slave_datatrans kerberos-1.mit.edu + shell% kprop -f /usr/local/var/krb5kdc/replica_datatrans kerberos-1.mit.edu Database propagation to kerberos-1.mit.edu: SUCCEEDED @@ -447,17 +448,17 @@ kdclist = "kerberos-1.mit.edu kerberos-2.mit.edu" - kdb5_util dump /usr/local/var/krb5kdc/slave_datatrans + kdb5_util dump /usr/local/var/krb5kdc/replica_datatrans for kdc in $kdclist do - kprop -f /usr/local/var/krb5kdc/slave_datatrans $kdc + kprop -f /usr/local/var/krb5kdc/replica_datatrans $kdc done You will need to set up a cron job to run this script at the intervals you decided on earlier (see :ref:`db_prop`). -Now that the slave KDC has a copy of the Kerberos database, you can +Now that the replica KDC has a copy of the Kerberos database, you can start the krb5kdc daemon:: shell% krb5kdc @@ -487,24 +488,24 @@ services into the Kerberos database. This procedure is described fully in :ref:`add_mod_del_princs`. -You may occasionally want to use one of your slave KDCs as the master. -This might happen if you are upgrading the master KDC, or if your -master KDC has a disk crash. See the following section for the +You may occasionally want to use one of your replica KDCs as the +master. This might happen if you are upgrading the master KDC, or if +your master KDC has a disk crash. See the following section for the instructions. -.. _switch_master_slave: +.. _switch_master_replica: -Switching master and slave KDCs -------------------------------- +Switching master and replica KDCs +--------------------------------- -You may occasionally want to use one of your slave KDCs as the master. -This might happen if you are upgrading the master KDC, or if your -master KDC has a disk crash. +You may occasionally want to use one of your replica KDCs as the +master. This might happen if you are upgrading the master KDC, or if +your master KDC has a disk crash. Assuming you have configured all of your KDCs to be able to function -as either the master KDC or a slave KDC (as this document recommends), -all you need to do to make the changeover is: +as either the master KDC or a replica KDC (as this document +recommends), all you need to do to make the changeover is: If the master KDC is still running, do the following on the *old* master KDC: @@ -512,14 +513,14 @@ #. Kill the kadmind process. #. Disable the cron job that propagates the database. #. Run your database propagation script manually, to ensure that the - slaves all have the latest copy of the database (see - :ref:`kprop_to_slaves`). + replicas all have the latest copy of the database (see + :ref:`kprop_to_replicas`). On the *new* master KDC: #. Start the :ref:`kadmind(8)` daemon (see :ref:`start_kdc_daemons`). #. Set up the cron job to propagate the database (see - :ref:`kprop_to_slaves`). + :ref:`kprop_to_replicas`). #. Switch the CNAMEs of the old and new master KDCs. If you can't do this, you'll need to change the :ref:`krb5.conf(5)` file on every client machine in your Kerberos realm. @@ -529,5 +530,5 @@ -------------------------------- If you expect your Kerberos database to become large, you may wish to -set up incremental propagation to slave KDCs. See :ref:`incr_db_prop` -for details. +set up incremental propagation to replica KDCs. See +:ref:`incr_db_prop` for details. diff -Nru krb5-1.16.2/doc/admin/lockout.rst krb5-1.17/doc/admin/lockout.rst --- krb5-1.16.2/doc/admin/lockout.rst 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/doc/admin/lockout.rst 2019-01-08 16:02:37.000000000 +0000 @@ -1,3 +1,5 @@ +.. _lockout: + Account lockout =============== @@ -100,13 +102,13 @@ this, the number of attempts an attacker can make within a time period is multiplied by the number of KDCs. For instance, if the **maxfailure** parameter on a policy is 10 and there are four KDCs in -the environment (a master and three slaves), an attacker could make as -many as 40 attempts before the principal is locked out on all four +the environment (a master and three replicas), an attacker could make +as many as 40 attempts before the principal is locked out on all four KDCs. -An administrative unlock is propagated from the master to the slave +An administrative unlock is propagated from the master to the replica KDCs during the next propagation. Propagation of an administrative -unlock will cause the counter of failed attempts on each slave to +unlock will cause the counter of failed attempts on each replica to reset to 1 on the next failure. If a KDC environment uses a replication strategy other than kprop or @@ -115,6 +117,8 @@ KDCs and the concerns of this section may not apply. +.. _disable_lockout: + KDC performance and account lockout ----------------------------------- diff -Nru krb5-1.16.2/doc/admin/pkinit.rst krb5-1.17/doc/admin/pkinit.rst --- krb5-1.16.2/doc/admin/pkinit.rst 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/doc/admin/pkinit.rst 2019-01-08 16:02:37.000000000 +0000 @@ -327,3 +327,28 @@ To obtain anonymous credentials on a client, run ``kinit -n``, or ``kinit -n @REALMNAME`` to specify a realm. The resulting tickets will have the client name ``WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS``. + + +Freshness tokens +---------------- + +Freshness tokens can ensure that the client has recently had access to +its certificate private key. If freshness tokens are not required by +the KDC, a client program with temporary possession of the private key +can compose requests for future timestamps and use them later. + +In release 1.17 and later, freshness tokens are supported by the +client and are sent by the KDC when the client indicates support for +them. Because not all clients support freshness tokens yet, they are +not required by default. To check if freshness tokens are supported +by a realm's clients, look in the KDC logs for the lines:: + + PKINIT: freshness token received from + PKINIT: no freshness token received from + +To require freshness tokens for all clients in a realm (except for +clients authenticating anonymously), set the +**pkinit_require_freshness** variable to ``true`` in the appropriate +:ref:`kdc_realms` subsection of the KDC's :ref:`kdc.conf(5)` file. To +test that this option is in effect, run ``kinit -X disable_freshness`` +and verify that authentication is unsuccessful. diff -Nru krb5-1.16.2/doc/admin/realm_config.rst krb5-1.17/doc/admin/realm_config.rst --- krb5-1.16.2/doc/admin/realm_config.rst 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/doc/admin/realm_config.rst 2019-01-08 16:02:37.000000000 +0000 @@ -9,10 +9,10 @@ * How you will assign your hostnames to Kerberos realms. * Which ports your KDC and and kadmind services will use, if they will not be using the default ports. -* How many slave KDCs you need and where they should be located. -* The hostnames of your master and slave KDCs. +* How many replica KDCs you need and where they should be located. +* The hostnames of your master and replica KDCs. * How frequently you will propagate the database from the master KDC - to the slave KDCs. + to the replica KDCs. Realm name @@ -94,28 +94,28 @@ :ref:`conf_firewall`. -Slave KDCs ----------- +Replica KDCs +------------ -Slave KDCs provide an additional source of Kerberos ticket-granting +Replica KDCs provide an additional source of Kerberos ticket-granting services in the event of inaccessibility of the master KDC. The -number of slave KDCs you need and the decision of where to place them, +number of replica KDCs you need and the decision of where to place them, both physically and logically, depends on the specifics of your network. Kerberos authentication requires that each client be able to contact a KDC. Therefore, you need to anticipate any likely reason a KDC might -be unavailable and have a slave KDC to take up the slack. +be unavailable and have a replica KDC to take up the slack. Some considerations include: -* Have at least one slave KDC as a backup, for when the master KDC is - down, is being upgraded, or is otherwise unavailable. +* Have at least one replica KDC as a backup, for when the master KDC + is down, is being upgraded, or is otherwise unavailable. * If your network is split such that a network outage is likely to cause a network partition (some segment or segments of the network - to become cut off or isolated from other segments), have a slave KDC - accessible to each segment. -* If possible, have at least one slave KDC in a different building + to become cut off or isolated from other segments), have a replica + KDC accessible to each segment. +* If possible, have at least one replica KDC in a different building from the master, in case of power outages, fires, or other localized disasters. @@ -127,8 +127,8 @@ MIT recommends that your KDCs have a predefined set of CNAME records (DNS hostname aliases), such as ``kerberos`` for the master KDC and -``kerberos-1``, ``kerberos-2``, ... for the slave KDCs. This way, if -you need to swap a machine, you only need to change a DNS entry, +``kerberos-1``, ``kerberos-2``, ... for the replica KDCs. This way, +if you need to swap a machine, you only need to change a DNS entry, rather than having to change hostnames. As of MIT krb5 1.4, clients can locate a realm's KDCs through DNS @@ -248,7 +248,7 @@ -------------------- The Kerberos database resides on the master KDC, and must be -propagated regularly (usually by a cron job) to the slave KDCs. In +propagated regularly (usually by a cron job) to the replica KDCs. In deciding how frequently the propagation should happen, you will need to balance the amount of time the propagation takes against the maximum reasonable amount of time a user should have to wait for a @@ -256,10 +256,10 @@ If the propagation time is longer than this maximum reasonable time (e.g., you have a particularly large database, you have a lot of -slaves, or you experience frequent network delays), you may wish to +replicas, or you experience frequent network delays), you may wish to cut down on your propagation delay by performing the propagation in parallel. To do this, have the master KDC propagate the database to -one set of slaves, and then have each of these slaves propagate the -database to additional slaves. +one set of replicas, and then have each of these replicas propagate +the database to additional replicas. See also :ref:`incr_db_prop` diff -Nru krb5-1.16.2/doc/admin/spake.rst krb5-1.17/doc/admin/spake.rst --- krb5-1.16.2/doc/admin/spake.rst 1970-01-01 00:00:00.000000000 +0000 +++ krb5-1.17/doc/admin/spake.rst 2019-01-08 16:02:37.000000000 +0000 @@ -0,0 +1,56 @@ +.. _spake: + +SPAKE Preauthentication +======================= + +SPAKE preauthentication (added in release 1.17) uses public key +cryptography techniques to protect against :ref:`password dictionary +attacks `. Unlike :ref:`PKINIT `, it does not +require any additional infrastructure such as certificates; it simply +needs to be turned on. Using SPAKE preauthentication may modestly +increase the CPU and network load on the KDC. + +SPAKE preauthentication can use one of four elliptic curve groups for +its password-authenticated key exchange. The recommended group is +``edwards25519``; three NIST curves (``P-256``, ``P-384``, and +``P-521``) are also supported. + +By default, SPAKE with the ``edwards25519`` group is enabled on +clients, but the KDC does not offer SPAKE by default. To turn it on, +set the **spake_preauth_groups** variable in :ref:`libdefaults` to a +list of allowed groups. This variable affects both the client and the +KDC. Simply setting it to ``edwards25519`` is recommended:: + + [libdefaults] + spake_preauth_groups = edwards25519 + +Set the **+requires_preauth** and **-allow_svr** flags on client +principal entries, as you would for any preauthentication mechanism:: + + kadmin: modprinc +requires_preauth -allow_srv PRINCNAME + +Clients which do not implement SPAKE preauthentication will fall back +to encrypted timestamp. + +An active attacker can force a fallback to encrypted timestamp by +modifying the initial KDC response, defeating the protection against +dictionary attacks. To prevent this fallback on clients which do +implement SPAKE preauthentication, set the +**disable_encrypted_timestamp** variable to ``true`` in the +:ref:`realms` subsection for realms whose KDCs offer SPAKE +preauthentication. + +By default, SPAKE preauthentication requires an extra network round +trip to the KDC during initial authentication. If most of the clients +in a realm support SPAKE, this extra round trip can be eliminated +using an optimistic challenge, by setting the +**spake_preauth_kdc_challenge** variable in :ref:`kdcdefaults` to a +single group name:: + + [kdcdefaults] + spake_preauth_kdc_challenge = edwards25519 + +Using optimistic challenge will cause the KDC to do extra work for +initial authentication requests that do not result in SPAKE +preauthentication, but will save work when SPAKE preauthentication is +used. diff -Nru krb5-1.16.2/doc/admin/troubleshoot.rst krb5-1.17/doc/admin/troubleshoot.rst --- krb5-1.16.2/doc/admin/troubleshoot.rst 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/doc/admin/troubleshoot.rst 2019-01-08 16:02:37.000000000 +0000 @@ -106,20 +106,20 @@ kprop: No route to host while connecting to server .................................................. -Make sure that the hostname of the slave (as given to kprop) is -correct, and that any firewalls between the master and the slave allow -a connection on port 754. +Make sure that the hostname of the replica KDC (as given to kprop) is +correct, and that any firewalls between the master and the replica +allow a connection on port 754. .. _kprop_con_refused: kprop: Connection refused while connecting to server .................................................... -If the slave is intended to run kpropd out of inetd, make sure that -inetd is configured to accept krb5_prop connections. inetd may need -to be restarted or sent a SIGHUP to recognize the new configuration. -If the slave is intended to run kpropd in standalone mode, make sure -that it is running. +If the replica KDC is intended to run kpropd out of inetd, make sure +that inetd is configured to accept krb5_prop connections. inetd may +need to be restarted or sent a SIGHUP to recognize the new +configuration. If the replica is intended to run kpropd in standalone +mode, make sure that it is running. .. _kprop_sendauth_exchange: @@ -128,8 +128,8 @@ Make sure that: -#. The time is synchronized between the master and slave KDCs. +#. The time is synchronized between the master and replica KDCs. #. The master stash file was copied from the master to the expected - location on the slave. -#. The slave has a keytab file in the default location containing a - ``host`` principal for the slave's hostname. + location on the replica. +#. The replica has a keytab file in the default location containing a + ``host`` principal for the replica's hostname. diff -Nru krb5-1.16.2/doc/appdev/gssapi.rst krb5-1.17/doc/appdev/gssapi.rst --- krb5-1.16.2/doc/appdev/gssapi.rst 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/doc/appdev/gssapi.rst 2019-01-08 16:02:37.000000000 +0000 @@ -55,6 +55,12 @@ * **GSS_C_NT_EXPORT_NAME**: The value must be the result of a gss_export_name_ call. +* **GSS_KRB5_NT_ENTERPRISE_NAME**: The value should be a krb5 + enterprise name string (see :rfc:`6806` section 5), in the form + ``user@suffix``. This name type is used to convey alias names, and + is defined in the ```` header. (New in + release 1.17.) + Initiator credentials --------------------- diff -Nru krb5-1.16.2/doc/appdev/refs/api/index.rst krb5-1.17/doc/appdev/refs/api/index.rst --- krb5-1.16.2/doc/appdev/refs/api/index.rst 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/doc/appdev/refs/api/index.rst 2019-01-08 16:02:37.000000000 +0000 @@ -212,6 +212,7 @@ krb5_free_string.rst krb5_free_ticket.rst krb5_free_unparsed_name.rst + krb5_get_etype_info.rst krb5_get_permitted_enctypes.rst krb5_get_server_rcache.rst krb5_get_time_offsets.rst @@ -255,7 +256,9 @@ krb5_pac_init.rst krb5_pac_parse.rst krb5_pac_sign.rst + krb5_pac_sign_ext.rst krb5_pac_verify.rst + krb5_pac_verify_ext.rst krb5_prepend_error_message.rst krb5_principal2salt.rst krb5_rd_cred.rst diff -Nru krb5-1.16.2/doc/appdev/refs/macros/index.rst krb5-1.17/doc/appdev/refs/macros/index.rst --- krb5-1.16.2/doc/appdev/refs/macros/index.rst 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/doc/appdev/refs/macros/index.rst 2019-01-08 16:02:37.000000000 +0000 @@ -181,6 +181,7 @@ KRB5_KEYUSAGE_KRB_ERROR_CKSUM.rst KRB5_KEYUSAGE_KRB_PRIV_ENCPART.rst KRB5_KEYUSAGE_KRB_SAFE_CKSUM.rst + KRB5_KEYUSAGE_PA_AS_FRESHNESS.rst KRB5_KEYUSAGE_PA_FX_COOKIE.rst KRB5_KEYUSAGE_PA_OTP_REQUEST.rst KRB5_KEYUSAGE_PA_PKINIT_KX.rst @@ -189,6 +190,7 @@ KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM.rst KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID.rst KRB5_KEYUSAGE_PA_SAM_RESPONSE.rst + KRB5_KEYUSAGE_SPAKE.rst KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY.rst KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY.rst KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY.rst @@ -241,6 +243,7 @@ KRB5_PADATA_AFS3_SALT.rst KRB5_PADATA_AP_REQ.rst KRB5_PADATA_AS_CHECKSUM.rst + KRB5_PADATA_AS_FRESHNESS.rst KRB5_PADATA_ENCRYPTED_CHALLENGE.rst KRB5_PADATA_ENC_SANDIA_SECURID.rst KRB5_PADATA_ENC_TIMESTAMP.rst @@ -272,6 +275,7 @@ KRB5_PADATA_SAM_RESPONSE.rst KRB5_PADATA_SAM_RESPONSE_2.rst KRB5_PADATA_SESAME.rst + KRB5_PADATA_SPAKE.rst KRB5_PADATA_SVR_REFERRAL_INFO.rst KRB5_PADATA_TGS_REQ.rst KRB5_PADATA_USE_SPECIFIED_KVNO.rst diff -Nru krb5-1.16.2/doc/build/directory_org.rst krb5-1.17/doc/build/directory_org.rst --- krb5-1.16.2/doc/build/directory_org.rst 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/doc/build/directory_org.rst 2019-01-08 16:02:37.000000000 +0000 @@ -17,7 +17,7 @@ plugins Kerberos plugins directory po Localization infrastructure prototype Templates files containing the MIT copyright message and a placeholder for the title and description of the file. -slave Utilities for propagating the database to slave KDCs :ref:`kprop(8)` and :ref:`kpropd(8)` +kprop Utilities for propagating the database to replica KDCs :ref:`kprop(8)` and :ref:`kpropd(8)` tests Test suite util_ Various utilities for building/configuring the code, sending bug reports, etc. windows Source code for building Kerberos V5 on Windows (see windows/README) diff -Nru krb5-1.16.2/doc/build/options2configure.rst krb5-1.17/doc/build/options2configure.rst --- krb5-1.16.2/doc/build/options2configure.rst 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/doc/build/options2configure.rst 2019-01-08 16:02:37.000000000 +0000 @@ -329,6 +329,9 @@ **-**\ **-with-ldap** Compile OpenLDAP database backend module. +**-**\ **-with-lmdb** + Compile LMDB database backend module. + **-**\ **-with-tcl=**\ *path* Specifies that *path* is the location of a Tcl installation. Tcl is needed for some of the tests run by 'make check'; such tests diff -Nru krb5-1.16.2/doc/conf.py krb5-1.17/doc/conf.py --- krb5-1.16.2/doc/conf.py 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/doc/conf.py 2019-01-08 16:02:37.000000000 +0000 @@ -45,12 +45,12 @@ # General information about the project. project = u'MIT Kerberos' -copyright = u'1985-2018, MIT' +copyright = u'1985-2019, MIT' # The version info for the project you're documenting, acts as replacement for # |version| and |release|, also used in various other places throughout the # built documents. -execfile("version.py") +exec(open("version.py").read()) # The short X.Y version. r_list = [r_major, r_minor] if r_patch: @@ -238,7 +238,7 @@ ckeytab = '``@CKTNAME@``' elif 'pathsubs' in tags: # Read configured paths from a file produced by the build system. - execfile('paths.py') + exec(open("paths.py").read()) else: bindir = ':ref:`BINDIR `' sbindir = ':ref:`SBINDIR `' @@ -295,9 +295,9 @@ ('user/user_config/kerberos', 'kerberos', u'Overview of using Kerberos', [u'MIT'], 7), ('admin/admin_commands/krb5kdc', 'krb5kdc', u'Kerberos V5 KDC', [u'MIT'], 8), ('admin/admin_commands/kadmin_local', 'kadmin', u'Kerberos V5 database administration program', [u'MIT'], 1), - ('admin/admin_commands/kprop', 'kprop', u'propagate a Kerberos V5 principal database to a slave server', [u'MIT'], 8), + ('admin/admin_commands/kprop', 'kprop', u'propagate a Kerberos V5 principal database to a replica server', [u'MIT'], 8), ('admin/admin_commands/kproplog', 'kproplog', u'display the contents of the Kerberos principal update log', [u'MIT'], 8), - ('admin/admin_commands/kpropd', 'kpropd', u'Kerberos V5 slave KDC update server', [u'MIT'], 8), + ('admin/admin_commands/kpropd', 'kpropd', u'Kerberos V5 replica KDC update server', [u'MIT'], 8), ('admin/admin_commands/kdb5_util', 'kdb5_util', u'Kerberos database maintenance utility', [u'MIT'], 8), ('admin/admin_commands/ktutil', 'ktutil', u'Kerberos keytab file maintenance utility', [u'MIT'], 1), ('admin/admin_commands/k5srvutil', 'k5srvutil', u'host key table (keytab) manipulation utility', [u'MIT'], 1), diff -Nru krb5-1.16.2/doc/copyright.rst krb5-1.17/doc/copyright.rst --- krb5-1.16.2/doc/copyright.rst 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/doc/copyright.rst 2019-01-08 16:02:37.000000000 +0000 @@ -1,7 +1,7 @@ Copyright ========= -Copyright |copy| 1985-2018 by the Massachusetts Institute of +Copyright |copy| 1985-2019 by the Massachusetts Institute of Technology and its contributors. All rights reserved. See :ref:`mitK5license` for additional copyright and license diff -Nru krb5-1.16.2/doc/formats/cookie.rst krb5-1.17/doc/formats/cookie.rst --- krb5-1.16.2/doc/formats/cookie.rst 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/doc/formats/cookie.rst 2019-01-08 16:02:37.000000000 +0000 @@ -58,3 +58,40 @@ type is used; this allows the KDC to determine whether a cookie is relevant to a request by comparing the request pa-data types to the cookie data types. + +SPAKE cookie format (version 1) +------------------------------- + +Inside the SecureCookie wrapper, a data value of type 151 contains +state for SPAKE pre-authentication. This data is the concatenation of +the following: + +* a two-byte big-endian version number with the value 1 +* a two-byte big-endian stage number +* a four-byte big-endian group number +* a four-byte big-endian length and data for the SPAKE value +* a four-byte big-endian length and data for the transcript hash +* zero or more second factor records, each consisting of: + - a four-byte big-endian second-factor type + - a four-byte big-endian length and data + +The stage value is 0 if the cookie was sent with a challenge message. +Otherwise it is 1 for the first encdata message sent by the KDC during +an exchange, 2 for the second, etc.. + +The group value indicates the group number used in the SPAKE challenge. + +For a stage-0 cookie, the SPAKE value is the KDC private key, +represented in the scalar marshalling form of the group. For other +cookies, the SPAKE value is the SPAKE result K, represented in the +group element marshalling form. + +For a stage-0 cookie, the transcript hash is the intermediate hash +after updating with the client support message (if one was sent) and +challenge. For other cookies it is the final hash. + +For a stage-0 cookie, there may be any number of second-factor +records, including none; a second-factor type need not create a state +field if it does not need one, and no record is created for SF-NONE. +For other cookies, there must be exactly one second-factor record +corresponding to the factor type chosen by the client. diff -Nru krb5-1.16.2/doc/formats/freshness_token.rst krb5-1.17/doc/formats/freshness_token.rst --- krb5-1.16.2/doc/formats/freshness_token.rst 1970-01-01 00:00:00.000000000 +0000 +++ krb5-1.17/doc/formats/freshness_token.rst 2019-01-08 16:02:37.000000000 +0000 @@ -0,0 +1,19 @@ +PKINIT freshness tokens +======================= + +:rfc:`8070` specifies a pa-data type PA_AS_FRESHNESS, which clients +should reflect within signed PKINIT data to prove recent access to the +client certificate private key. The contents of a freshness token are +left to the KDC implementation. The MIT krb5 KDC uses the following +format for freshness tokens (starting in release 1.17): + +* a four-byte big-endian POSIX timestamp +* a four-byte big-endian key version number +* an :rfc:`3961` checksum, with no ASN.1 wrapper + +The checksum is computed using the first key in the local krbtgt +principal entry for the realm (e.g. ``krbtgt/KRBTEST.COM@KRBTEST.COM`` +if the request is to the ``KRBTEST.COM`` realm) of the indicated key +version. The checksum type must be the mandatory checksum type for +the encryption type of the krbtgt key. The key usage value for the +checksum is 514. diff -Nru krb5-1.16.2/doc/formats/index.rst krb5-1.17/doc/formats/index.rst --- krb5-1.16.2/doc/formats/index.rst 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/doc/formats/index.rst 2019-01-08 16:02:37.000000000 +0000 @@ -7,3 +7,4 @@ ccache_file_format keytab_file_format cookie + freshness_token diff -Nru krb5-1.16.2/doc/html/about.html krb5-1.17/doc/html/about.html --- krb5-1.16.2/doc/html/about.html 2018-11-01 23:51:44.000000000 +0000 +++ krb5-1.17/doc/html/about.html 2019-01-08 16:03:14.000000000 +0000 @@ -12,7 +12,7 @@ + + + + + + + + + + + +
+
+ + +

MIT Kerberos Documentation

+ +
+ + Contents | + previous | + next | + index | + Search | + feedback +
+
+
+ +
+
+
+ +
+
+
+ +
+

Database types

+

A Kerberos database can be implemented with one of three built-in +database providers, called KDB modules. Software which incorporates +the MIT krb5 KDC may also provide its own KDB module. The following +subsections describe the three built-in KDB modules and the +configuration specific to them.

+

The database type can be configured with the db_library variable +in the [dbmodules] subsection for the realm. For example:

+
[dbmodules]
+    ATHENA.MIT.EDU = {
+        db_library = db2
+    }
+
+
+

If the ATHENA.MIT.EDU realm subsection contains a +database_module setting, then the subsection within +[dbmodules] should use that name instead of ATHENA.MIT.EDU.

+

To transition from one database type to another, stop the +kadmind service, use kdb5_util dump to create a dump +file, change the db_library value and set any appropriate +configuration for the new database type, and use kdb5_util load to +create and populate the new database. If the new database type is +LDAP, create the new database using kdb5_ldap_util and populate it +from the dump file using kdb5_util load -update. Then restart the +krb5kdc and kadmind services.

+
+

Berkeley database module (db2)

+

The default KDB module is db2, which uses a version of the +Berkeley DB library. It creates four files based on the database +pathname. If the pathname ends with principal then the four files +are:

+
    +
  • principal, containing principal entry data
    • +
  • principal.ok, a lock file for the principal database
    • +
  • principal.kadm5, containing policy object data
    • +
  • principal.kadm5.lock, a lock file for the policy database
    • +
+

For large databases, the kdb5_util dump command (perhaps +invoked by kprop or by kadmind for incremental +propagation) may cause krb5kdc to stop for a noticeable +period of time while it iterates over the database. This delay can be +avoided by disabling account lockout features so that the KDC does not +perform database writes (see KDC performance and account lockout). Alternatively, +a slower form of iteration can be enabled by setting the +unlockiter variable to true. For example:

+
[dbmodules]
+    ATHENA.MIT.EDU = {
+        db_library = db2
+        unlockiter = true
+    }
+
+
+

In rare cases, a power failure or other unclean system shutdown may +cause inconsistencies in the internal pointers within a database file, +such that kdb5_util dump cannot retrieve all principal entries in +the database. In this situation, it may be possible to retrieve all +of the principal data by running kdb5_util dump -recurse to +iterate over the database using the tree pointers instead of the +iteration pointers. Running kdb5_util dump -rev to iterate over +the database backwards may also retrieve some of the data which is not +retrieved by a normal dump operation.

+
+
+

Lightning Memory-Mapped Database module (klmdb)

+

The klmdb module was added in release 1.17. It uses the LMDB library, +and may offer better performance and reliability than the db2 module. +It creates four files based on the database pathname. If the pathname +ends with principal, then the four files are:

+
    +
  • principal.mdb, containing policy object data and most principal +entry data
    • +
  • principal.mdb-lock, a lock file for the primary database
    • +
  • principal.lockout.mdb, containing the account lockout attributes +(last successful authentication time, last failed authentication +time, and number of failed attempts) for each principal entry
    • +
  • principal.lockout.mdb-lock, a lock file for the lockout database
    • +
+

Separating out the lockout attributes ensures that the KDC will never +block on an administrative operation such as a database dump or load. +It also allows the KDC to operate without write access to the primary +database. If both account lockout features are disabled (see +KDC performance and account lockout), the lockout database files will be created +but will not subsequently be opened, and the account lockout +attributes will always have zero values.

+

Because LMDB creates a memory map to the database files, it requires a +configured memory map size which also determines the maximum size of +the database. This size is applied equally to the two databases, so +twice the configured size will be consumed in the process address +space; this is primarily a limitation on 32-bit platforms. The +default value of 128 megabytes should be sufficient for several +hundred thousand principal entries. If the limit is reached, kadmin +operations will fail and the error message “Environment mapsize limit +reached” will appear in the kadmind log file. In this case, the +mapsize variable can be used to increase the map size. The +following example sets the map size to 512 megabytes:

+
[dbmodules]
+    ATHENA.MIT.EDU = {
+        db_library = klmdb
+        mapsize = 512
+    }
+
+
+

LMDB has a configurable maximum number of readers. The default value +of 128 should be sufficient for most deployments. If you are going to +use a large number of KDC worker processes, it may be necessary to set +the max_readers variable to a larger number.

+

By default, LMDB synchronizes database files to disk after each write +transaction to ensure durability in the case of an unclean system +shutdown. The klmdb module always turns synchronization off for the +lockout database to ensure reasonable KDC performance, but leaves it +on for the primary database. If high throughput for administrative +operations (including password changes) is required, the nosync +variable can be set to “true” to disable synchronization for the +primary database.

+

The klmdb module does not support explicit locking with the +kadmin lock command.

+
+
+

LDAP module (kldap)

+

The kldap module stores principal and policy data using an LDAP +server. To use it you must configure an LDAP server to use the +Kerberos schema. See Configuring Kerberos with OpenLDAP back-end for details.

+

Because krb5kdc is single-threaded, latency in LDAP database +accesses may limit KDC operation throughput. If the LDAP server is +located on the same server host as the KDC and accessed through an +ldapi:// URL, latency should be minimal. If this is not possible, +consider starting multiple KDC worker processes with the +krb5kdc -w option to enable concurrent processing of KDC +requests.

+

The kldap module does not support explicit locking with the +kadmin lock command.

+
+
+ + +
+
+
+
+
+

On this page

+ + +
+

Table of contents

+ + +
+

Full Table of Contents

+

Search

+
+ + + + +
+
+
+
+
+ +
+
+
Release: 1.17
+ © Copyright 1985-2019, MIT. +
+
+ + Contents | + previous | + next | + index | + Search | + feedback +
+
+
+ + + \ No newline at end of file diff -Nru krb5-1.16.2/doc/html/admin/dictionary.html krb5-1.17/doc/html/admin/dictionary.html --- krb5-1.16.2/doc/html/admin/dictionary.html 1970-01-01 00:00:00.000000000 +0000 +++ krb5-1.17/doc/html/admin/dictionary.html 2019-01-08 16:03:17.000000000 +0000 @@ -0,0 +1,232 @@ + + + + + + + Addressing dictionary attack risks — MIT Kerberos Documentation + + + + + + + + + + + + + + + +
+
+ + +

MIT Kerberos Documentation

+ +
+ + Contents | + previous | + next | + index | + Search | + feedback +
+
+
+ +
+
+
+ +
+
+
+ +
+

Addressing dictionary attack risks

+

Kerberos initial authentication is normally secured using the client +principal’s long-term key, which for users is generally derived from a +password. Using a pasword-derived long-term key carries the risk of a +dictionary attack, where an attacker tries a sequence of possible +passwords, possibly requiring much less effort than would be required +to try all possible values of the key. Even if password policy +objects are used to force users not to pick trivial +passwords, dictionary attacks can sometimes be successful against a +significant fraction of the users in a realm. Dictionary attacks are +not a concern for principals using random keys.

+

A dictionary attack may be online or offline. An online dictionary +attack is performed by trying each password in a separate request to +the KDC, and is therefore visible to the KDC and also limited in speed +by the KDC’s processing power and the network capacity between the +client and the KDC. Online dictionary attacks can be mitigated using +account lockout. This measure is not totally +satisfactory, as it makes it easy for an attacker to deny access to a +client principal.

+

An offline dictionary attack is performed by obtaining a ciphertext +generated using the password-derived key, and trying each password +against the ciphertext. This category of attack is invisible to the +KDC and can be performed much faster than an online attack. The +attack will generally take much longer with more recent encryption +types (particularly the ones based on AES), because those encryption +types use a much more expensive string-to-key function. However, the +best defense is to deny the attacker access to a useful ciphertext. +The required defensive measures depend on the attacker’s level of +network access.

+

An off-path attacker has no access to packets sent between legitimate +users and the KDC. An off-path attacker could gain access to an +attackable ciphertext either by making an AS request for a client +principal which does not have the +requires_preauth flag, or by +making a TGS request (after authenticating as a different user) for a +server principal which does not have the -allow_svr flag. To +address off-path attackers, a KDC administrator should set those flags +on principals with password-derived keys:

+
kadmin: add_principal +requires_preauth -allow_svr princname
+
+
+

An attacker with passive network access (one who can monitor packets +sent between legitimate users and the KDC, but cannot change them or +insert their own packets) can gain access to an attackable ciphertext +by observing an authentication by a user using the most common form of +preauthentication, encrypted timestamp. Any of the following methods +can prevent dictionary attacks by attackers with passive network +access:

+
    +
  • Enabling SPAKE preauthentication (added in release +1.17) on the KDC, and ensuring that all clients are able to support +it.
    • +
  • Using an HTTPS proxy for communication with the KDC, +if the attacker cannot monitor communication between the proxy +server and the KDC.
    • +
  • Using FAST, protecting the initial authentication with either a +random key (such as a host key) or with anonymous PKINIT.
    • +
+

An attacker with active network access (one who can inject or modify +packets sent between legitimate users and the KDC) can try to fool the +client software into sending an attackable ciphertext using an +encryption type and salt string of the attacker’s choosing. Any of the +following methods can prevent dictionary attacks by active attackers:

+
    +
  • Enabling SPAKE preauthentication and setting the +disable_encrypted_timestamp variable to true in the +[realms] subsection of the client configuration.
    • +
  • Using an HTTPS proxy as described above, configured in the client’s +krb5.conf realm configuration. If KDC discovery is used to locate a proxy server, an active +attacker may be able to use DNS spoofing to cause the client to use +a different HTTPS server or to not use HTTPS.
    • +
  • Using FAST as described above.
    • +
+

If PKINIT or OTP are used for +initial authentication, the principal’s long-term keys are not used +and dictionary attacks are usually not a concern.

+
+ + +
+
+
+
+
+

On this page

+ + +
+

Table of contents

+ + +
+

Full Table of Contents

+

Search

+
+ + + + +
+
+
+
+
+ +
+
+
Release: 1.17
+ © Copyright 1985-2019, MIT. +
+
+ + Contents | + previous | + next | + index | + Search | + feedback +
+
+
+ + + \ No newline at end of file diff -Nru krb5-1.16.2/doc/html/admin/enctypes.html krb5-1.17/doc/html/admin/enctypes.html --- krb5-1.16.2/doc/html/admin/enctypes.html 2018-11-01 23:51:47.000000000 +0000 +++ krb5-1.17/doc/html/admin/enctypes.html 2019-01-08 16:03:17.000000000 +0000 @@ -12,7 +12,7 @@ + + + + + + + + + + + +
+
+ + +

MIT Kerberos Documentation

+ +
+ + Contents | + previous | + next | + index | + Search | + feedback +
+
+
+ +
+
+
+ +
+
+
+ +
+

SPAKE Preauthentication

+

SPAKE preauthentication (added in release 1.17) uses public key +cryptography techniques to protect against password dictionary +attacks. Unlike PKINIT, it does not +require any additional infrastructure such as certificates; it simply +needs to be turned on. Using SPAKE preauthentication may modestly +increase the CPU and network load on the KDC.

+

SPAKE preauthentication can use one of four elliptic curve groups for +its password-authenticated key exchange. The recommended group is +edwards25519; three NIST curves (P-256, P-384, and +P-521) are also supported.

+

By default, SPAKE with the edwards25519 group is enabled on +clients, but the KDC does not offer SPAKE by default. To turn it on, +set the spake_preauth_groups variable in [libdefaults] to a +list of allowed groups. This variable affects both the client and the +KDC. Simply setting it to edwards25519 is recommended:

+
[libdefaults]
+    spake_preauth_groups = edwards25519
+
+
+

Set the +requires_preauth and -allow_svr flags on client +principal entries, as you would for any preauthentication mechanism:

+
kadmin: modprinc +requires_preauth -allow_srv PRINCNAME
+
+
+

Clients which do not implement SPAKE preauthentication will fall back +to encrypted timestamp.

+

An active attacker can force a fallback to encrypted timestamp by +modifying the initial KDC response, defeating the protection against +dictionary attacks. To prevent this fallback on clients which do +implement SPAKE preauthentication, set the +disable_encrypted_timestamp variable to true in the +[realms] subsection for realms whose KDCs offer SPAKE +preauthentication.

+

By default, SPAKE preauthentication requires an extra network round +trip to the KDC during initial authentication. If most of the clients +in a realm support SPAKE, this extra round trip can be eliminated +using an optimistic challenge, by setting the +spake_preauth_kdc_challenge variable in [kdcdefaults] to a +single group name:

+
[kdcdefaults]
+    spake_preauth_kdc_challenge = edwards25519
+
+
+

Using optimistic challenge will cause the KDC to do extra work for +initial authentication requests that do not result in SPAKE +preauthentication, but will save work when SPAKE preauthentication is +used.

+
+ + +
+
+
+
+
+

On this page

+ + +
+

Table of contents

+ + +
+

Full Table of Contents

+

Search

+
+ + + + +
+
+
+
+
+ +
+
+
Release: 1.17
+ © Copyright 1985-2019, MIT. +
+
+ + Contents | + previous | + next | + index | + Search | + feedback +
+
+
+ + + \ No newline at end of file diff -Nru krb5-1.16.2/doc/html/admin/troubleshoot.html krb5-1.17/doc/html/admin/troubleshoot.html --- krb5-1.16.2/doc/html/admin/troubleshoot.html 2018-11-01 23:51:48.000000000 +0000 +++ krb5-1.17/doc/html/admin/troubleshoot.html 2019-01-08 16:03:18.000000000 +0000 @@ -12,7 +12,7 @@ + + + + + + + + + + + +
+
+ + +

MIT Kerberos Documentation

+ +
+ + Contents | + previous | + next | + index | + Search | + feedback +
+
+
+ +
+
+
+ +
+
+
+ +
+

krb5_get_etype_info - Retrieve enctype, salt and s2kparams from KDC.

+
+
+krb5_error_code krb5_get_etype_info(krb5_context context, krb5_principal principal, krb5_get_init_creds_opt * opt, krb5_enctype * enctype_out, krb5_data * salt_out, krb5_data * s2kparams_out)
+
+ + +++ + + + +
param:

[in] context - Library context

+

[in] principal - Principal whose information is requested

+

[in] opt - Initial credential options

+

[out] enctype_out - The enctype chosen by KDC

+

[out] salt_out - Salt returned from KDC

+

[out] s2kparams_out - String-to-key parameters returned from KDC

+
+ +++ + + + + + +
retval:
    +
  • 0 Success
    • +
+
return:
    +
  • A Kerberos error code
    • +
+
+

Send an initial ticket request for principal and extract the encryption type, salt type, and string-to-key parameters from the KDC response. If the KDC provides no etype-info, set enctype_out to ENCTYPE_NULL and set salt_out and s2kparams_out to empty. If the KDC etype-info provides no salt, compute the default salt and place it in salt_out . If the KDC etype-info provides no string-to-key parameters, set s2kparams_out to empty.

+
+
opt may be used to specify options which affect the initial request, such as request encryption types or a FAST armor cache (see krb5_get_init_creds_opt_set_etype_list() and krb5_get_init_creds_opt_set_fast_ccache_name() ).
+

Use krb5_free_data_contents() to free salt_out and s2kparams_out when they are no longer needed.

+
+

Note

+

New in 1.17

+
+
+ + +
+
+
+
+
+

On this page

+ + +
+

Table of contents

+ + +
+

Full Table of Contents

+

Search

+
+ + + + +
+
+
+
+
+ +
+
+
Release: 1.17
+ © Copyright 1985-2019, MIT. +
+
+ + Contents | + previous | + next | + index | + Search | + feedback +
+
+
+ + + \ No newline at end of file diff -Nru krb5-1.16.2/doc/html/appdev/refs/api/krb5_get_fallback_host_realm.html krb5-1.17/doc/html/appdev/refs/api/krb5_get_fallback_host_realm.html --- krb5-1.16.2/doc/html/appdev/refs/api/krb5_get_fallback_host_realm.html 2018-11-01 23:53:17.000000000 +0000 +++ krb5-1.17/doc/html/appdev/refs/api/krb5_get_fallback_host_realm.html 2019-01-08 16:04:46.000000000 +0000 @@ -12,7 +12,7 @@ + + + + + + + + + + + +
+
+ + +

MIT Kerberos Documentation

+ +
+ + Contents | + previous | + next | + index | + Search | + feedback +
+
+
+ +
+
+
+ +
+
+
+ +
+

krb5_pac_sign_ext - Sign a PAC, possibly with a specified realm.

+
+
+krb5_error_code krb5_pac_sign_ext(krb5_context context, krb5_pac pac, krb5_timestamp authtime, krb5_const_principal principal, const krb5_keyblock * server_key, const krb5_keyblock * privsvr_key, krb5_boolean with_realm, krb5_data * data)
+
+ + +++ + + + +
param:

[in] context - Library context

+

[in] pac - PAC handle

+

[in] authtime - Expected timestamp

+

[in] principal - Principal name (or NULL)

+

[in] server_key - Key for server checksum

+

[in] privsvr_key - Key for KDC checksum

+

[in] with_realm - If true, include the realm of principal

+

[out] data - Signed PAC encoding

+
+

This function is similar to krb5_pac_sign() , but adds a parameter with_realm . If with_realm is true, the PAC_CLIENT_INFO field of the signed PAC will include the realm of principal as well as the name. This flag is necessary to generate PACs for cross-realm S4U2Self referrals.

+
+

Note

+

New in 1.17

+
+
+ + +
+
+
+
+
+

On this page

+ + +
+

Table of contents

+ + +
+

Full Table of Contents

+

Search

+
+ + + + +
+
+
+
+
+ +
+
+
Release: 1.17
+ © Copyright 1985-2019, MIT. +
+
+ + Contents | + previous | + next | + index | + Search | + feedback +
+
+
+ + + \ No newline at end of file diff -Nru krb5-1.16.2/doc/html/appdev/refs/api/krb5_pac_sign.html krb5-1.17/doc/html/appdev/refs/api/krb5_pac_sign.html --- krb5-1.16.2/doc/html/appdev/refs/api/krb5_pac_sign.html 2018-11-01 23:54:07.000000000 +0000 +++ krb5-1.17/doc/html/appdev/refs/api/krb5_pac_sign.html 2019-01-08 16:05:35.000000000 +0000 @@ -12,7 +12,7 @@ + + + + + + + + + + + +
+
+ + +

MIT Kerberos Documentation

+ +
+ + Contents | + previous | + next | + index | + Search | + feedback +
+
+
+ +
+
+
+ +
+
+
+ +
+

krb5_pac_verify_ext - Verify a PAC, possibly from a specified realm.

+
+
+krb5_error_code krb5_pac_verify_ext(krb5_context context, const krb5_pac pac, krb5_timestamp authtime, krb5_const_principal principal, const krb5_keyblock * server, const krb5_keyblock * privsvr, krb5_boolean with_realm)
+
+ + +++ + + + +
param:

[in] context - Library context

+

[in] pac - PAC handle

+

[in] authtime - Expected timestamp

+

[in] principal - Expected principal name (or NULL)

+

[in] server - Key to validate server checksum (or NULL)

+

[in] privsvr - Key to validate KDC checksum (or NULL)

+

[in] with_realm - If true, expect the realm of principal

+
+

This function is similar to krb5_pac_verify() , but adds a parameter with_realm . If with_realm is true, the PAC_CLIENT_INFO field is expected to include the realm of principal as well as the name. This flag is necessary to verify PACs in cross-realm S4U2Self referral TGTs.

+
+

Note

+

New in 1.17

+
+
+ + +
+
+
+
+
+

On this page

+ + +
+

Table of contents

+ + +
+

Full Table of Contents

+

Search

+
+ + + + +
+
+
+
+
+ +
+
+
Release: 1.17
+ © Copyright 1985-2019, MIT. +
+
+ + Contents | + previous | + next | + index | + Search | + feedback +
+
+
+ + + \ No newline at end of file diff -Nru krb5-1.16.2/doc/html/appdev/refs/api/krb5_pac_verify.html krb5-1.17/doc/html/appdev/refs/api/krb5_pac_verify.html --- krb5-1.16.2/doc/html/appdev/refs/api/krb5_pac_verify.html 2018-11-01 23:54:07.000000000 +0000 +++ krb5-1.17/doc/html/appdev/refs/api/krb5_pac_verify.html 2019-01-08 16:05:36.000000000 +0000 @@ -12,7 +12,7 @@ + + + + + + + + + + + +
+
+ + +

MIT Kerberos Documentation

+ +
+ + Contents | + previous | + next | + index | + Search | + feedback +
+
+
+ +
+
+
+ +
+
+
+ +
+

KRB5_KEYUSAGE_PA_AS_FRESHNESS

+
+
+KRB5_KEYUSAGE_PA_AS_FRESHNESS
+
+ +

Used for freshness tokens.

+ ++++ + + + + + +
KRB5_KEYUSAGE_PA_AS_FRESHNESS514
+
+ + +
+
+
+
+
+

On this page

+ + +
+

Table of contents

+ + +
+

Full Table of Contents

+

Search

+
+ + + + +
+
+
+
+
+ +
+
+
Release: 1.17
+ © Copyright 1985-2019, MIT. +
+
+ + Contents | + previous | + next | + index | + Search | + feedback +
+
+
+ + + \ No newline at end of file diff -Nru krb5-1.16.2/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_FX_COOKIE.html krb5-1.17/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_FX_COOKIE.html --- krb5-1.16.2/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_FX_COOKIE.html 2018-11-01 23:56:05.000000000 +0000 +++ krb5-1.17/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_FX_COOKIE.html 2019-01-08 16:07:33.000000000 +0000 @@ -12,7 +12,7 @@ + + + + + + + + + + + +
+
+ + +

MIT Kerberos Documentation

+ +
+ + Contents | + previous | + next | + index | + Search | + feedback +
+
+
+ +
+
+
+ +
+
+
+ +
+

KRB5_KEYUSAGE_SPAKE

+
+
+KRB5_KEYUSAGE_SPAKE
+
+ + ++++ + + + + + +
KRB5_KEYUSAGE_SPAKE65
+
+ + +
+
+
+
+
+

On this page

+ + +
+

Table of contents

+ + +
+

Full Table of Contents

+

Search

+
+ + + + +
+
+
+
+
+ +
+
+
Release: 1.17
+ © Copyright 1985-2019, MIT. +
+
+ + Contents | + previous | + next | + index | + Search | + feedback +
+
+
+ + + \ No newline at end of file diff -Nru krb5-1.16.2/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY.html krb5-1.17/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY.html --- krb5-1.16.2/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY.html 2018-11-01 23:56:08.000000000 +0000 +++ krb5-1.17/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY.html 2019-01-08 16:07:37.000000000 +0000 @@ -12,7 +12,7 @@ + + + + + + + + + + + +
+
+ + +

MIT Kerberos Documentation

+ +
+ + Contents | + previous | + next | + index | + Search | + feedback +
+
+
+ +
+
+
+ +
+
+
+ +
+

KRB5_PADATA_AS_FRESHNESS

+
+
+KRB5_PADATA_AS_FRESHNESS
+
+ +

RFC 8070.

+ ++++ + + + + + +
KRB5_PADATA_AS_FRESHNESS150
+
+ + +
+
+
+
+
+

On this page

+ + +
+

Table of contents

+ + +
+

Full Table of Contents

+

Search

+
+ + + + +
+
+
+
+
+ +
+
+
Release: 1.17
+ © Copyright 1985-2019, MIT. +
+
+ + Contents | + previous | + next | + index | + Search | + feedback +
+
+
+ + + \ No newline at end of file diff -Nru krb5-1.16.2/doc/html/appdev/refs/macros/KRB5_PADATA_ENCRYPTED_CHALLENGE.html krb5-1.17/doc/html/appdev/refs/macros/KRB5_PADATA_ENCRYPTED_CHALLENGE.html --- krb5-1.16.2/doc/html/appdev/refs/macros/KRB5_PADATA_ENCRYPTED_CHALLENGE.html 2018-11-01 23:56:33.000000000 +0000 +++ krb5-1.17/doc/html/appdev/refs/macros/KRB5_PADATA_ENCRYPTED_CHALLENGE.html 2019-01-08 16:08:01.000000000 +0000 @@ -12,7 +12,7 @@ + + + + + + + + + + + +
+
+ + +

MIT Kerberos Documentation

+ +
+ + Contents | + previous | + next | + index | + Search | + feedback +
+
+
+ +
+
+
+ +
+
+
+ +
+

KRB5_PADATA_SPAKE

+
+
+KRB5_PADATA_SPAKE
+
+ + ++++ + + + + + +
KRB5_PADATA_SPAKE151
+
+ + +
+
+
+
+
+

On this page

+ + +
+

Table of contents

+ + +
+

Full Table of Contents

+

Search

+
+ + + + +
+
+
+
+
+ +
+
+
Release: 1.17
+ © Copyright 1985-2019, MIT. +
+
+ + Contents | + previous | + next | + index | + Search | + feedback +
+
+
+ + + \ No newline at end of file diff -Nru krb5-1.16.2/doc/html/appdev/refs/macros/KRB5_PADATA_SVR_REFERRAL_INFO.html krb5-1.17/doc/html/appdev/refs/macros/KRB5_PADATA_SVR_REFERRAL_INFO.html --- krb5-1.16.2/doc/html/appdev/refs/macros/KRB5_PADATA_SVR_REFERRAL_INFO.html 2018-11-01 23:56:47.000000000 +0000 +++ krb5-1.17/doc/html/appdev/refs/macros/KRB5_PADATA_SVR_REFERRAL_INFO.html 2019-01-08 16:08:16.000000000 +0000 @@ -12,7 +12,7 @@ + + + + + + + + + + + +
+
+ + +

MIT Kerberos Documentation

+ +
+ + Contents | + previous | + next | + index | + Search | + feedback +
+
+
+ +
+
+
+ +
+
+
+ +
+

PKINIT freshness tokens

+

RFC 8070 specifies a pa-data type PA_AS_FRESHNESS, which clients +should reflect within signed PKINIT data to prove recent access to the +client certificate private key. The contents of a freshness token are +left to the KDC implementation. The MIT krb5 KDC uses the following +format for freshness tokens (starting in release 1.17):

+
    +
  • a four-byte big-endian POSIX timestamp
    • +
  • a four-byte big-endian key version number
    • +
  • an RFC 3961 checksum, with no ASN.1 wrapper
    • +
+

The checksum is computed using the first key in the local krbtgt +principal entry for the realm (e.g. krbtgt/KRBTEST.COM@KRBTEST.COM +if the request is to the KRBTEST.COM realm) of the indicated key +version. The checksum type must be the mandatory checksum type for +the encryption type of the krbtgt key. The key usage value for the +checksum is 514.

+
+ + +
+
+
+
+
+

On this page

+ + +
+

Table of contents

+ + +
+

Full Table of Contents

+

Search

+
+ + + + +
+
+
+
+
+ +
+
+
Release: 1.17
+ © Copyright 1985-2019, MIT. +
+
+ + Contents | + previous | + next | + index | + Search | + feedback +
+
+
+ + + \ No newline at end of file diff -Nru krb5-1.16.2/doc/html/formats/index.html krb5-1.17/doc/html/formats/index.html --- krb5-1.16.2/doc/html/formats/index.html 2018-11-01 23:57:50.000000000 +0000 +++ krb5-1.17/doc/html/formats/index.html 2019-01-08 16:09:18.000000000 +0000 @@ -12,7 +12,7 @@ - - - - - - - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/Distroy_Tickets.htm krb5-1.17/src/windows/leash/htmlhelp/html/Distroy_Tickets.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/Distroy_Tickets.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/Distroy_Tickets.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,11 +0,0 @@ - - - - -Destroy_Tickets - - -

Distroy Tickets

- - - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/Export_Tickets.htm krb5-1.17/src/windows/leash/htmlhelp/html/Export_Tickets.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/Export_Tickets.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/Export_Tickets.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,36 +0,0 @@ - - - - - -Export_Tickets - - -

Export Tickets

-

-You can export tickets into your Windows Logon session so they can be used with Windows services. This is useful when you want to you use a computer that is not part of a Kerberos realm (or Windows domain) to access that realm (or domain).

-

-Note: Exporting tickets will destroy any tickets you already have for your Windows Logon session. If you have unexpired tickets when you run the Export Ticket command, MIT Kerberos will warn you and give you the option to cancel the command.

-

-To export tickets you have already obtained with the Get Ticket window into your Windows Logon session:

-
    -
  1. Click the Export Ticket button in the Home tab.
    2. -
  2. Click Okay to confirm that you want to export the tickets and destroy any you already have for your Windows Logon session. -
- - -

Related help

- - - - - - - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/hid_app_about.htm krb5-1.17/src/windows/leash/htmlhelp/html/hid_app_about.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/hid_app_about.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/hid_app_about.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,16 +0,0 @@ - - - - -(About command (Help menu)) - - - - - -

About command (Help menu)

- -

Use this command to display the copyright notice and version number of your copy of <<YourApp>>.

- - - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/hid_app_exit.htm krb5-1.17/src/windows/leash/htmlhelp/html/hid_app_exit.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/hid_app_exit.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/hid_app_exit.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,22 +0,0 @@ - - - - -(File Exit command) - - - - - - - - - -

Exit command (File menu)

- -

Use this command to end your <<YourApp>> session. You can also use the - Close command on the application Control menu. <<YourApp>> prompts you to save documents with unsaved changes.

- - - - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/hid_context_help.htm krb5-1.17/src/windows/leash/htmlhelp/html/hid_context_help.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/hid_context_help.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/hid_context_help.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,20 +0,0 @@ - - - - -(Help Using Help Command) - - - - - -

Context Help command

- - -

Use this command to obtain help on some portion of <<YourApp>>. When you choose the -toolbar's Context Help button, the mouse pointer will change to an arrow and question mark. Then click somewhere in the <<YourApp>> window, such as another -toolbar button. The help topic will be shown for the item you clicked.

- - - - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/hid_help_index.htm krb5-1.17/src/windows/leash/htmlhelp/html/hid_help_index.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/hid_help_index.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/hid_help_index.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,18 +0,0 @@ - - - - -(Index command (Help menu)) - - - - - -

Index command (Help menu)

- -

Use this command to display the opening screen of help. From the opening screen, you can jump to step-by-step instructions for using <<YourApp>> and various types of reference information.

- -

Once you open help, you can click the Contents button whenever you want to return to the opening screen.

- - - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/hid_help_using.htm krb5-1.17/src/windows/leash/htmlhelp/html/hid_help_using.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/hid_help_using.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/hid_help_using.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,16 +0,0 @@ - - - - -(Using Help command (Help menu)) - - - - - -

Using Help command (Help menu)

- -

Use this command for instructions about using help.

- - - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/hid_sc_close.htm krb5-1.17/src/windows/leash/htmlhelp/html/hid_sc_close.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/hid_sc_close.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/hid_sc_close.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -(Close command (Control menus))

Close command (Control menus)

Use this command to close the active window or dialog box.

Double-clicking a Control menu box is the same as choosing the Close command.

Note: If you have multiple windows open for a single document, the Close command on the document Control menu closes only one window at a time. You can close all windows at once with the Close command on the File menu.

diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/hid_sc_maximize.htm krb5-1.17/src/windows/leash/htmlhelp/html/hid_sc_maximize.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/hid_sc_maximize.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/hid_sc_maximize.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,17 +0,0 @@ - - - - -(Maximize command (System menu)) - - - - - -

Maximize command (System menu)

- -

Use this command to enlarge the active window to fill the available space.

- - - - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/hid_sc_minimize.htm krb5-1.17/src/windows/leash/htmlhelp/html/hid_sc_minimize.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/hid_sc_minimize.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/hid_sc_minimize.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,16 +0,0 @@ - - - - -(System Minimize Command) - - - - - -

Minimize command (application Control menu)

- -

Use this command to reduce the <<YourApp>> window to an icon.

- - - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/hid_sc_move.htm krb5-1.17/src/windows/leash/htmlhelp/html/hid_sc_move.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/hid_sc_move.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/hid_sc_move.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,18 +0,0 @@ - - - - -(Move command (Control menu)) - - - - - -

Move command (Control menu)

- -

Use this command to display a four-headed arrow so you can move the active window or dialog box with the arrow keys.

- -

Note: This command is unavailable if you maximize the window.

- - - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/hid_sc_restore.htm krb5-1.17/src/windows/leash/htmlhelp/html/hid_sc_restore.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/hid_sc_restore.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/hid_sc_restore.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,17 +0,0 @@ - - - - -(Restore command (Control menu)) - - - - - -

Restore command (Control menu)

- -

Use this command to return the active window to its size and position before you chose the - Maximize or Minimize command.

- - - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/hid_sc_size.htm krb5-1.17/src/windows/leash/htmlhelp/html/hid_sc_size.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/hid_sc_size.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/hid_sc_size.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,26 +0,0 @@ - - - - -(Size command (System menu)) - - - - - -

Size command (System menu)

- -

Use this command to display a four-headed arrow so you can size the active window with the arrow keys.

- -

After the pointer changes to the four-headed arrow:

- -

1.Press one of the direction keys (left, right, up, or down arrow key) to move the pointer to the border you want to move.

- -

2.Press a direction key to move the border.

- -

3.Press ENTER when the window is the size you want.

- -

Note: This command is unavailable if you maximize the window.

- - - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/hid_view_status_bar.htm krb5-1.17/src/windows/leash/htmlhelp/html/hid_view_status_bar.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/hid_view_status_bar.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/hid_view_status_bar.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,24 +0,0 @@ - - - - -(View Status Bar Command) - - - - - - - - - -

Status Bar command (View menu)

- -

Use this command to display and hide the status bar, which describes the action to be executed by the selected menu item or -pressed toolbar button, and keyboard latch state. A checkmark appears next to the menu item when the -status bar is displayed.

- -

See Status Bar for help on using the status bar.

- - - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/hid_view_toolbar.htm krb5-1.17/src/windows/leash/htmlhelp/html/hid_view_toolbar.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/hid_view_toolbar.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/hid_view_toolbar.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,23 +0,0 @@ - - - - -(View Toolbar command) - - - - - - - - - -

Toolbar command (View menu)

- -

Use this command to display and hide the toolbar, which includes buttons for some of the most common commands in <<YourApp>>, such as - File Open. A checkmark appears next to the menu item when the toolbar is displayed.

- -

See Toolbar for help on using the toolbar.

- - - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/How_Use_Kerberos.htm krb5-1.17/src/windows/leash/htmlhelp/html/How_Use_Kerberos.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/How_Use_Kerberos.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/How_Use_Kerberos.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,44 +0,0 @@ - - - - - -How_Use_Kerberos - - -

How Do I Use Kerberos?

-

It is simple to use Kerberos through the MIT Kerberos program. Click the Get Ticket button and log on to get a Kerberos ticket. This ticket is proof of your identity and allows you to access all of the network resources you are pemitted to use. For the most part, your tickets are passed on through the network without needing anything more from you.

-

-Kerberos tickets do expire, usually after about the length of a working day.

- -

Related Help

- - - - -It is helpful to understand three concepts before using Kerberos; realms, principals, and tickets. - - - - - - - - -

Realm

- A Kerberos realm is the group of network resources that that you gain access to when you log on with a Kerberos identity and password. For example, a university might have a Kerberos realm that includes all of the servers that students should be allowed to access. Some companies or universities might maintain more than one realm, potentially overlapping them. If you have access to more than one realm, you must log on to each one separately. By definition, each network resource in a Kerberos realm uses the same Kerberos installation for authentication. - -

Principal

-A Kerberos principal is the identity you use to log on through Kerberos. Some people will have more than one principal. For example, an administrator might have a regular principal and a seperate one with admin rights, like root access. - -

Tickets

- - - - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/Import_Status.htm krb5-1.17/src/windows/leash/htmlhelp/html/Import_Status.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/Import_Status.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/Import_Status.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,75 +0,0 @@ - - - - -Import Status - - - -

Import Status

-

-The Import Status column in the main window shows whether tickets were -obtained with the Get Ticket function in MIT Kerberos or if they were -obtained by a Windows Logon session when you logged on to a domain, and -whether they have been imported or exported to the other application.

-

-To show or hide this column, open the Options tab and use the Import -Status checkbox in the View Options panel. Note that Import Status is -only available if you have obtained tickets through a Windows Logon -session.
-How to: Use View Options Panel

- -
Tickets
-To keep passwords from being transmitted in the clear and to provide users the convenience of a single log-on to access multiple services and hosts, Kerberos uses the concept of tickets. Once a user provides a valid identity and password, Kerberos issues the user a ticket with a limited lifetime. In most cases the ticket then allows the user to access all of the servers and hosts he or she should be able to access, for the lifetime of the ticket. -When you get tickets through Leash, Kerberos verfies that you are who you say you are by checking your user name and password and then gives you an initial ticket. When you access a service in your Kerberos realm, Leash passes your initial Kerberos ticket to the service. The service verifies the ticket and then issues you a service ticket that allows you access to that service. You don't have to worry about obtaining these new service tickets; they are automatically given to you. You can view service tickets with Leash but cannot directly obtain or destroy them. -
- - - - - - - - - - - - - - - - - - - - - - -
Import Status Meaning
importedThe tickets were obtained when you started a Windows Logon session by logging in to a domain. - -They have been imported into MIT Kerberos.
importableThe tickets were obtained when you started a Windows Logon session by logging in to a domain. -

-They have not been imported into MIT Kerberos because Automatic Import -has been turned off. To import them, select Automatic Import in the -Ticket Options panel of the Options tab, or click the Import button in the Home tab.
- How to: Use Ticket Options Panel
-How to: Import Tickets
protectedThe tickets were obtained when you started a Windows Logon session by logging in to a domain. -

-They have not been imported into Windows for Kerberos because User -Access Control (UAC) in Windows is preventing that action. If you want -to allow the tickets to be imported, turn off your computer's UAC.
exportable You used the Get Ticket window to obtain these tickets. -

-They have not been exported.

-To export these tickets for use with Windows services, click the Export -Ticket button. Note that exporting your tickets replaces rather than -adds to any existing tickets in your Windows Logon session.
exportedYou used the Get Ticket window to obtain these tickets. -

-They have been exported into your Windows Logon session and can be used with Windows services.
- -

Related Help

- - - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/Import_Tickets.htm krb5-1.17/src/windows/leash/htmlhelp/html/Import_Tickets.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/Import_Tickets.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/Import_Tickets.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,82 +0,0 @@ - - - - - -Import_Tickets - - -

Import Tickets

-

-You can import Windows domain tickets that you have already obtained -through a Windows Logon session. Imported tickets can be fully used by -applications that require the MIT Kerberos interface. In most -installations, MIT Kerberos will automatically import these tickets if -possible.

- - - - - - -
On this pageOn other pages
-How to... - - Learn about... - -
- -

Turn Automatic Import on or off

-

-In most installations, MIT Kerberos will automatically import tickets -if possible. Go to the Options tab and click the Automatic Import -Tickets checkbox in the Ticket Options panel to turn the feature on or -off.
-How to: Use Ticket Options Panel -

-In some cases MIT Kerberos tries to automatically import tickets but is -prevented from doing so by the Windows User Access Control (UAC) -feature. If this happens the tickets are still displayed in the main -window, but have the Import Status of protected. You can turn off UAC on your computer to allow the tickets to be imported. -

-

-Back to top

- - -

Use the Import Ticket button

-

-If the Automatic Import option is turned off, you can still import tickets. -

    -
  1. Go to the Home tab.
    2. -
  2. Click the Import Tickets button.
    3. -
  3. Click Okay to confirm that you want to import your tickets and destroy any that are already in MIT Kerberos.
    4. -
- -

-

-Back to top

- - - - -

Related help

- - - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_acknowledgements.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_acknowledgements.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_acknowledgements.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_acknowledgements.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,76 +0,0 @@ - - - - - The MIT Kerberos Team - - - - -

-

The MIT Kerberos Team

-This is by no means a complete list, as we have contributors and -collaborators from all over the net.
-
-MIT Team Members - -The following people are not officially affiliated with MIT, but -contribute to the MIT Kerberos V5 effort: - -
- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_bug_reports.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_bug_reports.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_bug_reports.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_bug_reports.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,30 +0,0 @@ - - - - - Reporting Bugs and Requesting Assistance - - - - -

-

Reporting Bugs and Requesting -Assistance
-

-

-

If you find bugs, please mail -them to kfw-bugs@MIT.EDU.

-

kerberos@MIT.EDU is a mailing list set up for -discussing -Kerberos issues. It is gatewayed to the Usenet newsgroup -'comp.protocols.kerberos'. If you prefer to read it via mail, send a -request to -kerberos-request@MIT.EDU to get added or subscribe via the web page: 

-

http://mailman.mit.edu/mailman/listinfo/kerberos

-

 

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_command_change_password.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_command_change_password.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_command_change_password.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_command_change_password.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,28 +0,0 @@ - - - - - Change Password Command - - - - -

Change Password Command

-

The Change Password command is found on the Action menu; it is also -the fifth button (from the left) in the toolbar.  This command -changes your Kerberos password.
-

-

Change Password Dialog
-

-

Note: This command will not change your local machine password -unless your Windows Logon Session is authenticated using Kerberos.
-

-

How To -Choose a Password.

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_command_destroy_tickets.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_command_destroy_tickets.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_command_destroy_tickets.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_command_destroy_tickets.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,27 +0,0 @@ - - - - - Destroy Tickets Command - - - - -

Destroy Ticket(s)/Token(s) Command, Ctrl+D

-This command is found on the Action menu; it is also the fourth button -(from the left) in the toolbar.  Use this command to destroy all -of the Kerberos tickets (and perhaps AFS tokens) on your local -machine.  Leash confirms your intentions before completing the -request.  Tickets for individual services may not be destroyed by -the Leash Application.
-
-Once tickets are destroyed, you must Get or Import new tickets before -Kerberized applications can once again access network services.
-
- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_command_get_tickets.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_command_get_tickets.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_command_get_tickets.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_command_get_tickets.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,43 +0,0 @@ - - - - - Get Tickets Command - - - - -

Get Ticket(s)/Token(s) Command, Ctrl+T

-This command is found under the Action menu; it is also the first -button (from the left) in the toolbar.  Use this command to obtain -new Kerberos tickets (and perhaps AFS tokens.)
-
-Advanced Initialize Tickets Dialog
-
-Basic Initialize Tickets Dialog
-
-When you select this commmand, Leash displays a dialog requesting your -Username, Kerberos Realm, and Password; if these are correct, Leash -will obtain tickets for you.  You may optionally specify a ticket -lifetime and various Kerberos 5 ticket options:
-
    -
  • ticket forwarding
    • -
  • addressless tickets
    • -
  • renewable ticket times
    -
    • -
-

See Also

-

Kerberos tickets

-

AFS tokens

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_command_import_tickets.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_command_import_tickets.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_command_import_tickets.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_command_import_tickets.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,27 +0,0 @@ - - - - - Import Tickets Command - - - - -

Import Ticket(s)/Token(s) Command, Ctrl+I

-This command is found on the Action menu; it is the third button (from -the left) in the toolbar.  Use this command to import Kerberos -tickets from your Windows Logon Session.  Importing tickets will -result in the destruction of existing tickets.  Leash will confirm -the operation if necessary.
-
-Note:  This command is only available if your Windows Logon -Session is authenticated using Kerberos.
-

See Also

-

Kerberos tickets

-

AFS tokens

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_command_renew_tickets.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_command_renew_tickets.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_command_renew_tickets.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_command_renew_tickets.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,27 +0,0 @@ - - - - - Renew Tickets Command - - - - -

Renew Ticket(s)/Token(s) Command, Ctrl+R

-This command is found on the Action menu; it is also the second button -(from the left) in the toolbar.  Use this command to renew the -Kerberos tickets (and perhaps AFS tokens) on your local machine without -requiring the use of a password.  If your existing tickets cannot -be renewed the ticket initialization dialog will be displayed allowing -you to request new tickets.
-
-Note: This command is only available if your existing Kerberos tickets -are renewable.
-
-
- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_command_reset_window.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_command_reset_window.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_command_reset_window.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_command_reset_window.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,19 +0,0 @@ - - - - - Reset Window Size/Pos Option - - - - -

Reset Window Size/Pos -Option

-

When you select this from the Options menu, the Leash window moves -to its default size and position, near the upper left corner of the -screen.

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_command_sync_time.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_command_sync_time.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_command_sync_time.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_command_sync_time.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,27 +0,0 @@ - - - - - Synchronize Time Option - - - - -

Synchronize Time

-

This command is found on the Action menu; it is also the sixth -button (from the left) in the toolbar.  When you select this -command, Leash synchronizes the local machine time with the time server -specified in the Leash Properties dialog.
-

-

Note: Kerberos authentication protocol requires loosely synchronized -time between computers.  The local machine clock and the Kerberos -server clock need to be within five minutes of each other for Kerberos -to function properly.  This function can also be performed with -the clock icon on the toolbar and has no keyboard equivalent.
-
-

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_command_update_display.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_command_update_display.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_command_update_display.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_command_update_display.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,30 +0,0 @@ - - - - - Update Display Command - - - - -

Update Display Command, F5

-

Use this command (in the Actions menu, or the black rectangular -icon) to update the display of your current Kerberos tickets. You can -also perform this function by clicking in the main Leash window.

-

Why Use It...

-

Although most end users will likely find this Leash feature -irrelevant, application developers and support staff may occasionally -find it to be useful. For example, you may want an immediate status -check of Kerberos tickets if you have just used command-line kinit or kdestroy and want to check that -they have functioned successfully.

-

How It Works...

-

While Leash automatically checks the status of your Kerberos tickets -every 30 seconds, the Update Display command forces an immediate status -check.

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_copyright.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_copyright.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_copyright.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_copyright.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,45 +0,0 @@ - - - - - Leash Copyright - - - - -

-

Leash Copyright

-

-

This software is being provided to you, the LICENSEE, by the -Massachusetts Institute of Technology (M.I.T) under the following -license. By obtaining, using and/or copying this software, you agree -that you have read, understood, and will comply with these terms and -conditions:

-

Permission to use, copy, modify and distribute this software and its -documentation for any purpose and without fee or royalty is hereby -granted, provided that you agree to comply with the following copyright -notice and statements, including the disclaimer, and that the same -appear on ALL copies of the software and documentation, including -modifications that you make for internal use or for distribution:

-

Copyright 1992-2004 by the Massachusetts Institute of Technology. -All rights reserved.

-

THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO -REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED. By way of example, -but not limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF -MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE -OF THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD -PARTY PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.

-

The name of the Massachusetts Institute of Technology or M.I.T. may -NOT be used in advertising or publicity pertaining to distribution of -the software. Title to copyright in this software and any associated -documentation shall at all times remain with M.I.T., and USER agrees to -preserve same.

-

Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, -Moira, OLC, X Window System, and Zephyr are trademarks of the -Massachusetts Institute of Technology (MIT). No commercial use of these -trademarks may be made without prior written permission of MIT.

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_errors.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_errors.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_errors.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_errors.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,18 +0,0 @@ - - - - - Leash Copyright - - - - -

-

Common Leash Error Messages

-

-This section describes error messages commonly displayed by Leash. - - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_export.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_export.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_export.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_export.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,34 +0,0 @@ - - - - - Kerberos Export Restrictions and Source Code Access - - - - -

-

Kerberos Export Restrictions and Source Code Access

-

-

Copyright (C) 1989-2004 by the Massachusetts Institute of Technology

-

Export of this software from the United States of America may -require a specific license from the United States Government. It is the -responsibility of any person or organization contemplating export to -obtain such a license before exporting.

-

WITHIN THAT CONSTRAINT, permission to use, copy, modify, and -distribute this software and its documentation for any purpose and -without fee is hereby granted, provided that the above copyright notice -appear in all copies and that both that copyright notice and this -permission notice appear in supporting documentation, and that the name -of M.I.T. not be used in advertising or publicity pertaining to -distribution of the software without specific, written prior -permission. M.I.T. makes no representations about the suitability of -this software for any purpose. It is provided "as is" without express -or implied warranty.

-

Export of the documentation is not restricted.

-
- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_external_aklog.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_external_aklog.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_external_aklog.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_external_aklog.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,20 +0,0 @@ - - - - - aklog.exe - - - - -

aklog.exe program

-

aklog is a program which may be used to obtain AFS tokens for a cell -which may or may not be equivalent to the Kerberos realm whose tickets -are used to obtain the tokens.
-
-

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_external_kdestroy.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_external_kdestroy.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_external_kdestroy.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_external_kdestroy.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,19 +0,0 @@ - - - - -kdestroy.exe - - - - - - - - -

kdestroy.exe program

- -

This is another way to destroy your tickets. Running this application will immediately destroy all tickets and tokens you might have, no matter how they were obtained.

- - - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_external_kinit.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_external_kinit.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_external_kinit.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_external_kinit.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,19 +0,0 @@ - - - - -kinit.exe - - - - - - - - -

kinit.exe program

- -

This is a little program which will run a command-prompt, text-based version of the ticket initialization window. (However, unlike in the graphical version, you do not have the option of changing the ticket lifetime.) This can be useful if you have a slow computer, or if you are having difficulty with the graphical version for some reason.

- - - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_external_klist.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_external_klist.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_external_klist.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_external_klist.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,19 +0,0 @@ - - - - -Why Use - - - - - - - - -

klist.exe program

- -

This application will quickly list all of the tickets you have.

- - - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_external_ms2mit.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_external_ms2mit.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_external_ms2mit.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_external_ms2mit.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,20 +0,0 @@ - - - - - ms2mit.exe - - - - -

ms2mit.exe program

-

This is another way to import Windows Logon Session Kerberos tickets -for use by Leash and other Kerberos for Windows applications.  The -functionality is equivalent to the Import Tickets Command.
-
-

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_file_exit.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_file_exit.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_file_exit.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_file_exit.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,24 +0,0 @@ - - - - - Exit/End Leash Program - - - - -

Exit Command

-

From the File menu, you can use this command to exit the Leash -program.  If any other means is used to close the Leash window, -the Leash program will continue to execute and remain present in the -Windows System Tray.
-

-

Important Note...

-

Exiting the Leash program will not destroy your current -Kerberos tickets. Unless you have selected this in the options menu, -you need to use the destroy tickets command.

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_help_about_leash32.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_help_about_leash32.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_help_about_leash32.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_help_about_leash32.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,42 +0,0 @@ - - - - - About Leash Command - - - - -

About Leash

-

When you access this window from the Help menu, you see a Module -list, three radio buttons, and a Properties button. Modules are -executables and dll files that Leash may require.
-

-

About Leash dialog
-

-

The radio buttons let you choose to view a list of: -

-
    -
  • Leash Modules - displays the modules that Leash currently has -loaded for its own use;
    -
    -
    • -
  • All Modules - displays Leash modules as well as those loaded by -the OS;
    -
    -
    • -
  • Missing Modules - displays modules that Leash needs for -complete functionality but that are not found. (Leash can still -function with some modules missing.). This is useful if part of Leash -is missing; you can find which files are needed to restore full -functionality.
    • -
-

If you select a module and click on the Properties button, Leash -displays the properties of the selected module - both the general -properties and those of this particular version.

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_kerberos_copyright.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_kerberos_copyright.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_kerberos_copyright.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_kerberos_copyright.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,45 +0,0 @@ - - - - - Kerberos Copyright - - - - -

-

Kerberos Copyright

-

-

This software is being provided to you, the LICENSEE, by the -Massachusetts Institute of Technology (M.I.T.) under the following -license. By obtaining, using and/or copying this software, you agree -that you have read, understood, and will comply with these terms and -conditions:

-

Permission to use, copy, modify and distribute this software and its -documentation for any purpose and without fee or royalty is hereby -granted, provided that you agree to comply with the following copyright -notice and statements, including the disclaimer, and that the same -appear on ALL copies of the software and documentation, including -modifications that you make for internal use or for distribution:

-

Copyright 1992-2004 by the Massachusetts Institute of Technology. -All rights reserved.

-

THIS SOFTWARE IS PROVIDED "AS IS", AND M.I.T. MAKES NO -REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED. By way of example, -but not limitation, M.I.T. MAKES NO REPRESENTATIONS OR WARRANTIES OF -MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE -OF THE LICENSED SOFTWARE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD -PARTY PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.

-

The name of the Massachusetts Institute of Technology or M.I.T. may -NOT be used in advertising or publicity pertaining to distribution of -the software. Title to copyright in this software and any associated -documentation shall at all times remain with M.I.T., and USER agrees to -preserve same.

-

Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, -Moira, OLC, X Window System, and Zephyr are trademarks of the -Massachusetts Institute of Technology (MIT). No commercial use of these -trademarks may be made without prior written permission of MIT.

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_manpage_aklog.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_manpage_aklog.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_manpage_aklog.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_manpage_aklog.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,17 +0,0 @@ - - - - - AKLOG Command - - - - -

AKLOG Command

-

(from UNIX man page)

-
User Commands                                            AKLOG(1)

NAME
     aklog - Obtain tokens for authentication to AFS

SYNOPSIS
     aklog [ -d ] [ -force ] [ -hosts ] [ -zsubs ] [ -noprdb ]  [
     [ -cell | -c ] cell [ -k kerberos-realm ] ] [ [ -path | -p ]
     pathname ]

DESCRIPTION
     The aklog program is used  to  authenticate  to  a  cell  or
     directory  in  AFS,  the Andrew Filesystem, by obtaining AFS
     tokens. Ordinarily, aklog is not used directly but called by
     attach(1).

     If aklog is invoked with no command line arguments, it  will
     obtain  tokens for the workstation's local cell.  It is pos-
     sible to invoke aklog with arbitrarily many cells and  path-
     names  specified  on  the  command  line. aklog knows how to
     expand cell name abbreviations, so short forms of cell names
     can be use used.  In addition, aklog understands the follow-
     ing command line options:

     -cell | -c cell
         This flag is not ordinarily necessary  since  aklog  can
         usually  figure  out when an argument is a cell.  It can
         be used to introduce a cell name that  would  ordinarily
         be  mistaken for a path name if this should be required.
         If this flag is omitted, an argument will be treated  as
         a cell name if it contains no slashes (/) and is neither
         "." nor ".." .

     -k kerberos-realm
         This flag is valid only when immediately  following  the
         name  of a cell.  It is used to tell aklog what kerberos
         realm should be used while authenticating to the preced-
         ing  cell.  This argument is unnecessary except when the
         workstation is  not  properly  configured.   Ordinarily,
         aklog can determine this information on its own.

     -path | -p pathname
         Like the -cell flag, this flag is  usually  unnecessary.
         When  it  appears,  the  next  command  line argument is
         always treated as a path name.  Ordinarily, an  argument
         is  treated as a path name if it is "." or ".." or if it
         contains a slash (/).

     -hosts
         Prints all the server addresses which may act as a  sin-
         gle  point  of failure in accessing the specified direc-
         tory path.  Each element of the path is examined, and as
         new  volumes  are traversed, if they are not replicated,
         the server's IP address containing the  volume  will  be
         displayed.   Attach(1)  invokes  aklog with this option.
         The output is of the form

         host: IP address

     -zsubs
         Causes the printing of the zephyr subscription  informa-
         tion  that  a  person  using  a given path or cell would
         want. Attach(1) invokes aklog  with  this  option.   The
         output is of the form

         zsub: instance

         where instance is the instance of a class filsrv  zephyr
         subscription.

     -noprdb
         Ordinarily, aklog looks up the AFS ID  corresponding  to
         the name of the person invoking the command.  Specifying
         this flag turns off this  functionality.   This  may  be
         desirable  if the protection database is unavailable for
         some reason and tokens are desired anyway.

     -d  Turns on printing of debugging information.  This option
         is not intended for general users.

     -force
         Forces aklog to obtain  new  tokens  even  if  the  user
         already appears to have tokens identical to the new ones
         they would get.  This option is most often required when
         the user has recently been added to an AFS group.

EXIT CODES
     The exit status of aklog will be one of the following:

     0    Success -- No error occurred.

     1    Usage -- Bad command syntax;  accompanied  by  a  usage
          message.

     2    Something failed -- More than one cell or pathname  was
          given  on  the  command  line  and at least one failure
          occurred.  A more specific  error  status  is  returned
          when only one directive is given.

     3    AFS -- Unable to get AFS configuration or unable to get
          information about a specific cell.

     4    Kerberos -- Unable to get tickets for authentication.

     5    Token -- Unable to get tokens.

     6    Bad pathname -- The path given was not a  directory  or
          lstat(2) failed on some component of the pathname.

     7    Miscellaneous -- An  internal  failure  occurred.   For
          example, aklog returns this if it runs out of memory.

EXAMPLES
     To get tokens for the local cell:
     % aklog

     To get tokens for the athena.mit.edu cell:
     % aklog athena.mit.edu
     or
     % aklog athena

     To       get       tokens       adequate       to       read
     /afs/athena.mit.edu/user/p/potato:
     % aklog /afs/athena.mit.edu/user/p/potato

     To get tokens for a test cell that is  in  a  test  Kerberos
     realm:
     % aklog testcell.mit.edu -k TESTREALM.MIT.EDU

SEE ALSO
     attach(1), tokens(1), unlog(1)


- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_manpage_kdestroy.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_manpage_kdestroy.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_manpage_kdestroy.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_manpage_kdestroy.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,86 +0,0 @@ - - - - -KDESTROY Command - - - - - - - - -

KDESTROY Command

- -

(from UNIX man page)

- -
User Commands  KDESTROY ( 1 )
-
-NAME
- kdestroy - destroy Kerberos tickets
-
-SYNOPSIS
- kdestroy [-5] [-4] [-q] [-c cache_name]
-
-DESCRIPTION
-
- The kdestroy utility destroys the user's active Kerberos
- authorization tickets by writing zeros to the specified credentials
- cache that contains them.  If the credentials cache is not specified,
- the default credentials cache is destroyed.  If kdestroy was built with
- Kerberos 4 support, the default behavior is to destroy both Kerberos 5
- and Kerberos 4 credentials.  Otherwise, kdestroy will default to
- destroying only Kerberos 5 credentials.
-
-OPTIONS
-
- -5 destroy Kerberos 5 credentials.  This overrides whatever the
-    default built-in behavior may be.  This option may be used with -4
-
- -4 destroy Kerberos 4 credentials.  This overrides whatever the
-    default built-in behavior may be.  This option is only available
-    if kinit was built with Kerberos 4 compatibility.  This option may
-    be used with -5
-
- -q Run quietly.  Normally kdestroy beeps if it fails to destroy the
-    user's tickets.  The -q flag suppresses this behavior.
-
- -c cache_name
-    use cache_name as the credentials (ticket) cache name and
-    location; if this option is not used, the default cache name and
-    location are used.
-
- The default credentials cache may vary between systems.  If the
- KRB5CCNAME environment variable is set, its value is used to name the
- default ticket cache.
-
- Most installations recommend that you place the kdestroy command in
- your .logout file, so that your tickets are destroyed automatically
- when you log out.
-
-ENVIRONMENT
- Kdestroy uses the following environment variables:
-
- KRB5CCNAME Location of the Kerberos 5 credentials (ticket) cache.
-
- KRBTKFILE Filename of the Kerberos 4 credentials (ticket) cache.
-
-FILES
- /tmp/krb5cc_[uid] default location of Kerberos 5 credentials cache
- ([uid] is the decimal UID of the user).
-
- /tmp/tkt[uid] default location of Kerberos 4 credentials cache ([uid]
- is the decimal UID of the user).
-
-SEE  ALSO
- kinit(1), klist(1), krb5(3)
-
-BUGS
- Only the tickets in the specified credentials cache are
- destroyed.  Separate ticket caches are used to hold root instance and
- password changing tickets.  These should probably be destroyed too,
- or all of a user's tickets kept in a single credentials cache.
- - - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_manpage_kinit.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_manpage_kinit.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_manpage_kinit.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_manpage_kinit.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,17 +0,0 @@ - - - - - KINIT Command - - - - -

KINIT Command

-

(from UNIX man page)

-
User Commands                                            KINIT(1)

NAME
     kinit - obtain and cache Kerberos ticket-granting ticket

SYNOPSIS
     kinit
          [-5] [-4] [-V] [-l lifetime] [-s start_time] [-r
          renewable_life] [-p | -P] [-f | -F] [-A] [-v] [-R] [-k
          [-t keytab_file]] [-c cache_name] [-S service_name]
          [principal]

DESCRIPTION
     kinit obtains and caches an initial  ticket-granting  ticket
     for  principal.Thetypicaldefaultbehavior Kerberos 5 tickets.
     However, if kinit was built with both Kerberos 4 support and
     with  the  default behavior of acquiring both types of tick-
     ets, it will try to acquire both Kerberos 5 and  Kerberos  4
     by default.  Any documentation particular to Kerberos 4 does
     not apply if Kerberos 4 support was not built into kinit.

OPTIONS
     -5   get Kerberos 5 tickets.  This  overrides  whatever  the
          default  built-in  behavior may be.  This option may be
          used with -4

     -4   get Kerberos 4 tickets.  This  overrides  whatever  the
          default  built-in behavior may be.  This option is only
          available if kinit was built with Kerberos  4  compati-
          bility.  This option may be used with -5

     -V   display verbose output.

     -l lifetime
          requests a ticket  with  the  lifetime  lifetime.   The
          value  for lifetime must be followed immediately by one
          of the following delimiters:

             s  seconds
             m  minutes
             h  hours
             d  days

          as in "kinit -l 90m".  You cannot mix units; a value of
          `3h30m' will result in an error.

          If the -l option is not specified, the  default  ticket
          lifetime (configured by each site) is used.  Specifying
          a ticket lifetime longer than the maximum ticket  life-
          time (configured by each site) results in a ticket with
          the maximum lifetime.

     -s start_time
          requests  a  postdated  ticket,   valid   starting   at
          start_time.   Postdated  tickets  are  issued  with the
          invalid flag set, and need to be fed back  to  the  kdc
          before use.  (Not applicaple to Kerberos 4.)

     -r renewable_life
          requests renewable tickets, with a  total  lifetime  of
          renewable_life.   The duration is in the same format as
          the -l option, with the same delimiters.  (Not applica-
          ple to Kerberos 4.)

     -f   request forwardable tickets.  (Not applicaple  to  Ker-
          beros 4.)

     -F   do not request forwardable tickets.  (Not applicaple to
          Kerberos 4.)

     -p   request proxiable tickets.  (Not applicaple to Kerberos
          4.)

     -P   do not request proxiable tickets.  (Not  applicaple  to
          Kerberos 4.)

     -A   request address-less tickets.  (Not applicaple to  Ker-
          beros 4.)

     -v   requests that the ticket granting ticket in  the  cache
          (with  the  invalid  flag set) be passed to the kdc for
          validation.  If the ticket is within its requested time
          range, the cache is replaced with the validated ticket.
          (Not applicaple to Kerberos 4.)

     -R   requests renewal of the ticket-granting  ticket.   Note
          that  an  expired ticket cannot be renewed, even if the
          ticket is still within its renewable life.  When  using
          this  option with Kerberos 4, the kdc must support Ker-
          beros 5 to Kerberos 4 ticket conversion.

     -k [-t keytab_file]
          requests a host ticket, obtained  from  a  key  in  the
          local host's keytab file.  The name and location of the
          keytab file may be specified with  the  -t  keytab_file
          option; otherwise the default name and location will be
          used.  When using this option with Kerberos 4, the  kdc
          must  support  Kerberos  5 to Kerberos 4 ticket conver-
          sion.

     -c cache_name
          use cache_name as the Kerberos 5  credentials  (ticket)
          cache  name  and  location; if this option is not used,
          the default cache name and location are used.

          The default credentials cache may vary between systems.

          If  the  KRB5CCNAME  environment  variable  is set, its
          value is used to name the default  ticket  cache.   Any
          existing  contents of the cache are destroyed by kinit.
          (Note: The default name for Kerberos 4 comes  from  the
          KRBTKFILE  environment  variable.  This option does not
          apply to Kerberos 4.)

     -S service_name
          specify an alternate service name to use  when  getting
          initial tickets.  (Applicable to Kerberos 5 or if using
          both Kerberos 5 and Kerberos 4 with a kdc that supports
          Kerberos 5 to Kerberos 4 ticket conversion.)

ENVIRONMENT
     Kinit uses the following environment variables:

     KRB5CCNAME      Location  of  the  Kerberos  5   credentials
                     (ticket) cache.

     KRBTKFILE      Filename  of  the  Kerberos   4   credentials
                    (ticket) cache.

FILES
     /tmp/krb5cc_[uid]  default location of  Kerberos  5  creden-
                        tials  cache ([uid] is the decimal UID of
                        the user).

     /tmp/tkt[uid]  default location of  Kerberos  4  credentials
                    cache ([uid] is the decimal UID of the user).

     /etc/krb5.keytab
                    default location for the local host's  keytab
                    file.

SEE ALSO
     klist(1), kdestroy(1), krb5(3)


- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_manpage_klist.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_manpage_klist.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_manpage_klist.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_manpage_klist.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,106 +0,0 @@ - - - - -KLIST Command - - - - - - - - -

KLIST Command

- -

(from UNIX man page)

- -
User Commands  KLIST ( 1 )
-
-NAME
- klist - list cached Kerberos tickets
-
-SYNOPSIS
- klist [-5] [-4] [-e] [[-c] [-f] [-s] [-a [-n]]] [-k [-t] [-K]]
- [cache_name | keytab_name]
-
-DESCRIPTION
-
- Klist lists the Kerberos principal and Kerberos tickets held in a
- credentials cache, or the keys held in a keytab file.  If klist was
- built with Kerberos 4 support, the default behavior is to list both
- Kerberos 5 and Kerberos 4 credentials.  Otherwise, klist will default
- to listing only Kerberos 5 credentials.
-
-OPTIONS
- -5 list Kerberos 5 credentials.  This overrides whatever the default
- built-in behavior may be.  This option may be used with -4
-
- -4 list Kerberos 4 credentials.  This overrides whatever the default
- built-in behavior may be.  This option is only available if kinit was
- built with Kerberos 4 compatibility.  This option may be used with -5
-
- -e displays the encryption types of the session key and the ticket
- for each credential in the credential cache, or each key in the
- keytab file.
-
- -c List tickets held in a credentials cache.  This is the default if
- neither -c nor -k is specified.
-
- -f shows the flags present in the credentials, using the following
- abbreviations:
-
- F Forwardable
- f forwarded
- P Proxiable
- p proxy
- D postDateable
- d postdated
- R Renewable
- I Initial
- i invalid
-
- -s causes klist to run silently (produce no output), but to still set
- the exit status according to whether it finds the credentials cache.
- The exit status is `0' if klist finds a credentials cache, and `1' if
- it does not.
-
- -a display list of addresses in credentials.
-
- -n show numeric addresses instead of reverse-resolving addresses.
-
- -k List keys held in a keytab file.
-
- -t display the time entry timestamps for each keytab entry in the
- keytab file.
-
- -K display the value of the encryption key in each keytab entry in
- the keytab file.
-
- If cache_name or keytab_name is not specified, klist will display the
- credentials in the default credentials cache or keytab file as
- appropriate.  If the KRB5CCNAME environment variable is set, its
- value is used to name the default ticket cache.
-
-ENVIRONMENT
- Klist uses the following environment variables:
-
- KRB5CCNAME Location of the Kerberos 5 credentials (ticket) cache.
-
- KRBTKFILE Filename of the Kerberos 4 credentials (ticket) cache.
-
-FILES
- /tmp/krb5cc_[uid] default location of Kerberos 5 credentials cache
- ([uid] is the decimal UID of the user).
-
- /tmp/tkt[uid] default location of Kerberos 4 credentials cache ([uid]
- is the decimal UID of the user).
-
- /etc/krb5.keytab
- default location for the local host's keytab file.
-
-SEE  ALSO
- kinit(1), kdestroy(1), krb5(3)
- - - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_manpage_ms2mit.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_manpage_ms2mit.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_manpage_ms2mit.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_manpage_ms2mit.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,16 +0,0 @@ - - - - - MS2MIT Command - - - - -

MS2MIT Command

-
NAME
 ms2mit - import Kerberos credentials from the current Windows Logon 
          Session and insert them into the Kerberos for Windows 
          default Credentials Cache

SYNOPSIS
 ms2mit

DESCRIPTION

  

SEE  ALSO
 klist(1), kdestroy(1), krb5(3)
- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_manpages.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_manpages.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_manpages.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_manpages.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,18 +0,0 @@ - - - - - Leash Copyright - - - - -

-

Kerberos for Windows Command Line Tools Manpages

-

-

This section reproduces the manpages for the Kerberos for Windows command line tools.

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_menu_commands.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_menu_commands.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_menu_commands.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_menu_commands.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,58 +0,0 @@ - - - - - Leash Commands - - - - - -

-

Leash Commands

-

-

File:
-File menu
-

-

Exit

-

Action:
-Action Menu
-

-

Get Ticket(s)/Token(s)

-

Renew Ticket(s)/Token(s)

-

Import Ticket(s)/Token(s)

-

Destroy Ticket(s)/Token(s)

-

Change Password

-

Reset Window Size/Pos

-

Synchronize Time

-

Update Display

-

View:
-View menu
-

-

Large Icons

-

Toolbar

-

Status Bar

-

Debug Window

-

Options:
-Options menu
-

-

Upper Case Realm Name

-

Expiration Alarm

-

Destroy Tickets/Tokens on Exit

-

Leash Properties

-

Kerberos Properties

-

Kerberos v4 Properties

-

Kerberos v5 Properties

-

AFS Properties

-

Help:
-Help menu
-

-

About Leash...

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_menu_help_why_use.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_menu_help_why_use.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_menu_help_why_use.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_menu_help_why_use.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,17 +0,0 @@ - - - - - Why Use - - - - -

Why Use Leash

-

This command, found under the Help menu, starts Leash help (the -document you are currently viewing).

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_option_afs_properties.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_option_afs_properties.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_option_afs_properties.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_option_afs_properties.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,27 +0,0 @@ - - - - - AFS Properties Command - - - - -

AFS Properties Command, -Ctrl+A

-

The AFS Properties dialog can be found on the Options menu when AFS -is available.

-

AFS Properties Dialog
-

-

There is a radio button pair to enable or disable the retrieval and -display of AFS tokens. There is also an AFS Properties button to bring -up the AFS Client Configuration program in order to alter settings for -Client Properties, Cell Hosts, and Submounts.

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_option_auto_renewal.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_option_auto_renewal.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_option_auto_renewal.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_option_auto_renewal.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,22 +0,0 @@ - - - - - Automatic Ticket Renewal Option - - - - -

Automatic Ticket -Renewal Option

-When Automatic Ticket Renewal is on, whenever tickets (or tokens) are -near expiration (within 15 minutes) Leash will attempt to extend the -ticket lifetime either via ticket renewal or ticket importation.  -If these attempts fail, Leash will display the ticket initialization -dialog.  In this way, Leash ensures that there are always valid -Kerberos tickets (and AFS tokens).
- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_option_destroy_tickets_on_exit.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_option_destroy_tickets_on_exit.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_option_destroy_tickets_on_exit.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_option_destroy_tickets_on_exit.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,19 +0,0 @@ - - - - - Destroy Tickets/Tokens on Exit Option - - - - -

Destroy Tickets/Tokens -on Exit Option

-

If this option is selected under the Options menu, Leash destroys -your tickets and tokens when you Exit Leash; otherwise, the tickets -remain. This option is turned off by default.

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_option_expiration_alarm.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_option_expiration_alarm.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_option_expiration_alarm.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_option_expiration_alarm.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,25 +0,0 @@ - - - - - Low Ticket/Token Time Alarm Option - - - - -

Expiration Alarm Option

-

Leash will always pop up windows with warnings that your tickets are -about to expire, beginning 15 minutes before the time of expiration and -continuing every 5 minutes. However, when this option is selected under -the Options menu, a bell will ring as well.

-

When you view your tickets and tokens, those shown in yellow are due -to expire in less than 15 minutes; those in green have 15 minutes or -greater. (A red ticket is one you have but is expired; gray tickets are -not available to you at the current time, because Leash or your machine -is missing a requisite module or piece of functionality.)
-

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_option_kerberos_properties.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_option_kerberos_properties.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_option_kerberos_properties.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_option_kerberos_properties.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,133 +0,0 @@ - - - - - Kerberos Properties Command - - - - -

Kerberos Properties Command, Ctrl+K

-

When you select this from the Options menu, Leash will display a -tabbed window. The box within this window has four tabs:
-

-
    -
  • Default Realm Configuration
    • -
  • Ticket Lifetime and Other Initialization Options
    -
    • -
  • Realm/Server Mapping
    -
    • -
  • DNS/Realm Mapping.
    • -
-

Default Realm Configuration:
-Default Realm Configuration
-

-

There are two groups, the Kerberos -Realm/Host Server and the Computer -Host/Domain Name.

-

Kerberos Realm/Host Server: In the Your -Kerberos Realm field, select a Kerberos realm from the dropdown -list. The list is editable using the Realm/Server Mapping tab. Leash -automatically fills in your Kerberos server with the first server in -the "Servers Hosting a KDC" list on the Realm/Server Mappings tab.

-

Computer Host/Domain Name: The field labeled Your Computer's Host Name displays -the name of your local machine.  The Your Computer's Domain Name field -displays the domain to which your local machine currently belongs.
-

-

Ticket Lifetime and Other Initialization Options:
-Ticket Lifetime
-

-

-

-<>There are two expiration times associated with Kerberos -tickets.  The first specifies the length of the time period during -which the tickets are valid for use.  The second specifies the -length of the renewable lifetime.  Valid Kerberos tickets may have -their valid use lifetime repeatedly extended up until the renewable -lifetime expires.  The settings on this page are used to configure -default lifetime values for Leash to use when requesting Kerberos -tickets from the Kerberos server (key distribution center).  The -Kerberos server may issue tickets with shorter lifetimes than were -requested.
-
-The minimum and maximum values are used by the ticket initialization -dialog box when constructing the Lifetime and Renewable Lifetime -sliders.  These sliders can be used to modify the requested ticket -lifetimes when Kerberos tickets are initialized.
-
-When the Request Kerberos 4 -credentials button is checked, Leash will attempt to retrieve -Kerberos 4 -credentials when ticket initialization, renewal, or importation is -performed.  Leash will attempt a Kerberos -5 to Kerberos 4 conversion and if that fails an initial Kerberos 4 -ticket -request will be generated.  Kerberos -realms are increasingly configured to support on Kerberos 5.  If the realms you use do not support Kerberos -4 it is suggested that this button be unchecked. -<> 
-
-When the Preserve Ticket Initialization Options button -is checked, changes -to the Lifetime, Renewable Lifetime, and Kerberos 5 ticket properties -on the -Ticket Initialization Dialog will be saved as the new default values -for the -current user. -

-

-

Realm/Server Mapping:
-Realm / Server Mapping
-

-The Kerberos Realms list box -is used to add, remove or rename realms from the local Kerberos -configuration files. To add a new realm, click on the Insert button -beneath the Kerberos Realms list box.  In the dialog, type the -name of the new realm and click OK.  However, for the realm to be -inserted, it needs one or more servers.  Immediately after you -enter the new realm name, you will be prompted for the names of one -Kerberos server in that realm.  If you do not enter a server name, -Leash will not insert the realm.
-
-To add servers to an existing realm, select the realm from the Kerberos -Realms list box and click the Insert button under Servers Hosting a KDC -list box.  You will be prompted for the name of the new -server.  You can also remove servers, and designate either one or -none as the administrative server.  (The administrative server is -the preferred server for performing password changes.)  
-
-By clicking and dragging on the server that you want to move, you can -change their order; this is important because the server listed at the -top appears in this window under the Default -Realm Configuration tab as the value for Your Kerberos Server.
-
-The Use DNS KDC Lookup -checkbox is used to specify whether or not Kerberos should utilize the -domain name service to attempt to find Kerberos Servers when the -existing listed servers are not available.
-
-

DNS/Realm Mapping:
-DNS / Realm Mapping
-

-

Each entry here consists of two portions: the domain name (such as -.mit.edu) or hostname (such as dialup.athena.mit.edu) followed by a -space and the Kerberos realm (such as ATHENA.MIT.EDU) which is used by -that domain or machine.  You can insert new entries, edit existing -ones, or delete old entries.

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_option_krb4_properties.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_option_krb4_properties.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_option_krb4_properties.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_option_krb4_properties.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,33 +0,0 @@ - - - - - Kerberos Four Properties Command - - - - -

Kerberos v4 Properties Command, Ctrl+4

-

The Kerberos v4 Properties dialog is accessible from the Options -menu.
-

-

Kerberos Four Properties
-

-

Here, you can specify the name of the in-memory cache used to store -the Kerberos 4 tickets.  The format of the name is API: followed -by the cache name.  Disk caches are not supported by Kerberos for -Windows.
-
-The paths to the Kerberos 4 configuration files: krb.con and -krbrealm.con may be changed from this dialog if necessary.  The -default is to store the configuration files in the Windows directory.
-
-

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_option_krb5_properties.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_option_krb5_properties.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_option_krb5_properties.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_option_krb5_properties.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,126 +0,0 @@ - - - - - Kerberos Five Properties Command - - - - -

Kerberos v5 Properties Command, Ctrl+5

-The Kerberos v5 Properties dialog is accessible from the Options menu. -This dialog has two tabs: File -Location and Configuration -Options.
-
-File Location:
-
-Kerberos Five Properties: File Location
-
-

The File -Location -tab allows you to specify the location of the default Kerberos 5 ticket -cache and -configuration file.  The Ticket -File field specifies the name of -the in-memory cache (Ticket File) used to store the Kerberos 5 tickets.  The format of the name is API: followed by -the cache name or "MSLSA:".  Disk caches -(type "FILE:") are not -supported by Kerberos for Windows.  The Configuration File field specifies the -path to the Kerberos 5 configuration file, krb5.ini.  -If Confirm -that new configuration file exists is checked when the -configuration file -location is changed, then Leash will not accept values which are not -pre-existing Kerberos 5 configuration files.
-

-


-Configuration Options:
-

-

Kerberos Five Properties: Configuration Options
-

-

-

On the Configuration -Options page, you provide default attribute values to be used when -requesting Kerberos 5 tickets from the Kerberos server.  -

-

When Forwardable tickets -are received from the Kerberos Server, these tickets can be forwarded -to a -remote host when you connect via telnet, ssh, ftp, rlogin, or similar -applications.  When tickets are -forwarded, there is no need to obtain Kerberos tickets again to access -Kerberized -services on the remote host.

-

When Proxiable tickets -are received from the Kerberos Server, these tickets can be passed onto -Kerberized services which can in turn act on your behalf.  

-

When Renewable -tickets are received from the Kerberos Server, the ticket lifetimes may -be -renewed without prompting the user for her password.  -This allows Kerberos tickets to be issued -with short lifetimes allowing compromised accounts to be disabled on -short -notice without requiring the user to enter a password every few hours.  When combined with Automatic -Ticket Renewal (Option menu), Leash can maintain valid -tickets for a week, a month, or longer by automatically renewing -tickets prior -to their expiration.  The ability to -renew tickets without a password is limited by the tickets renewable -lifetime as -issued by the Kerberos Server.

-

Traditionally, Kerberos tickets have included a -list of -network addresses within the tickets.  -This address list restricts the use of the tickets to the -computers -which are assigned those addresses.  The -use of address lists has become a headache for many users of Kerberos -on -network connections which use either Network Address Translation -(Cable/DSL -routers) or Network Address Hiding (VPN) capabilities.  -On these networks the address of the client -machine appears to be different to the network service than it does to -the -client.  The result is the Kerberos -ticket is deemed to be invalid by the service even though it has not been -stolen.  When No Addresses is -checked, Kerberos will not insert an address list -into the Kerberos tickets.  For -Kerberized services which do not require address lists, this will -enable -Kerberos to be used across NAT and VPN based connections.  

-

Note 1:  As of -Kerberos 5 release 1.3, the library default is to disable the use of -address -lists.  Leash will detect the setting -from the Kerberos 5 configuration and check the No -Addresses box.  If you -attempt to re-enable address lists while the library is configured to -disable -them , Leash will warn you that the Kerberos 5 configuration file must -be -altered.   

-

Note 2: Distributed Computing Environment (DCE) -servers -require the use of address lists.

-
- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_option_leash_properties.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_option_leash_properties.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_option_leash_properties.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_option_leash_properties.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,79 +0,0 @@ - - - - - Leash Properties Command - - - - -

Leash Properties Command, Ctrl+L

-

-

-

The Leash Properties dialog, located on the -Options menu, -allows you to configure operational properties specific to the Leash -application which are not accessible directly via the Options menu.

-


-Leash Properties

-

Here you can set a time server from which Leash -will obtain -the correct time.  Leash needs the -correct time because of the time dependencies in Kerberos tickets.  When you specify a time server, Leash tries -to get the time from that server when you next run the Synchronize Time -command.  The default value for the time -server is "time".  If access to -a time server were to fail, Leash would notify you, and revert to the -server -"time".  Whichever server -succeeds, Leash would tell you where it found the time.  -See the Synchronize Time command for more -information.

-

-

-

The Automatic MSLSA -Ticket Importation radio buttons allow you to configure how Leash -interacts -with the Microsoft Kerberos Authentication Provider.  -Leash will automatically import Kerberos -Tickets from the Microsoft LSA at startup depending upon the selected -option -and whether or not the Kerberos Authentication Provider was used for -Windows -Logon authorization.  Never -means do not import tickets from -the MSLSA; Always means do import -tickets from the MSLSA; and When MSLSA -Principal matches Default Realm means import tickets from the MSLSA -only if -the Kerberos principal belongs to the Kerberos Realm specified within -the Kerberos Properties Dialog.

-

-

When Request Kerberos 4 credentials is -checked, Leash -will attempt to retrieve Kerberos 4 credentials when ticket -initialization, -renewal, or importation is performed.  -Leash will attempt a Kerberos 5 to Kerberos 4 conversion and if -that -fails an initial Kerberos 4 ticket request will be generated.  Kerberos realms are increasingly configured -to support on Kerberos 5.  If the realms -you use do not support Kerberos 4 it is suggested that this button be -unchecked.

-

The Restore Leash Defaults button is used -to restore -user configurable Leash settings to the defaults as configured either -by the -local machine system administrator or by the Kerberos for Windows -distribution.
-
-

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_option_upper_case_realm.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_option_upper_case_realm.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_option_upper_case_realm.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_option_upper_case_realm.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,24 +0,0 @@ - - - - - Upper Case Realm Name Option - - - - -

Upper Case Realm Name -Option

-

-

-

The default for this (accessible from the Options -menu) is -on; when this option is selected, the Kerberos realm name that you type -(such -as ATHENA.MIT.EDU) is converted to upper case regardless of how you -type it.

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_topic_about_kerberos.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_topic_about_kerberos.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_topic_about_kerberos.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_topic_about_kerberos.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,52 +0,0 @@ - - - - -KERBEROS - - - - - - - - -

About Kerberos

- -

In Greek myth, the three-headed dog Kerberos guarded the gates of Hades. -These days, Kerberos is an authentication service developed at -MIT for open network computing environments such as MITnet. Kerberos verifies -that you are who you claim to be by matching your username and password, -called a Kerberos principal, to a -private key encryption.

- -

When you start an application that relies on Kerberos authentication, you -must identify yourself by giving your Kerberos principal. The Kerberos service -checks to make sure that your name and password match the encrypted key before -it gives you access to the service you have requested. The security of the -network environment is maintained by never sending your unencrypted Kerberos -password over the network.

- -

To use the Athena system, you must have a Kerberos username and password. -Some Macintosh and Windows applications at MIT that use Kerberos to -authenticate a user's identity are Eudora, Zephyr and AFS.

- -

See Also

- -

An Authentication Service for Open Network -Systems

- -

(This technical description of Kerberos, by Steiner, Neuman, and Schiller, -is available via anonymous ftp from athena-dist.mit.edu, -/pub/kerberos/doc/usenix.txt.)

- -

Kerberos: How Does the Other Guy Know Who I -Am?.

- -

(This basic introduction to Kerberos and definitions of Kerberos-related -terms is available in the SIPB publication An Inessential Guide to -Athena.)

- - - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_topic_error_57.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_topic_error_57.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_topic_error_57.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_topic_error_57.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,25 +0,0 @@ - - - - - Kerberos Error 57 - - - - -

Kerberos Error 57: Cannot contact the Kerberos server for the selected realm.

-

This error has three common causes:

-

1.The realm is misspelled, e.g. pbh@AHTENA.MIT.EDU instead of -pbh@ATHENA.MIT.EDU (realms are case sensitive).

-

2.Your krb.con file contains an entry for ATHENA.MIT.EDU but not -athena.mit.edu.

-

3.The realm is missing from your KRB.CON file, which should be -located in your \net\kerb directory. If you suspect the problem is with -your KRB.CON file, either call the Network Help Desk, 3-4101, or copy -the /etc/krb.conf file from a nearby UNIX workstation to your -\net\kerb\krb.con file.

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_topic_error_62.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_topic_error_62.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_topic_error_62.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_topic_error_62.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,20 +0,0 @@ - - - - - Kerberos Error 62 - - - - -

Kerberos Error 62: Password incorrect.

-

This means that either you have misspelled your password or you have -gotten the case wrong. Check the state of your CAPS Lock key.

-

Characters do not echo to the screen or cause a beep when you type -your password so that nearby users won't be able to tell how many -letters are in your password.

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_topic_error_8.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_topic_error_8.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_topic_error_8.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_topic_error_8.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,21 +0,0 @@ - - - - - Kerberos Error 8 - - - - -

Kerberos Error 8: Unknown username, instance, or realm.

-

This error usually occurs when the username is not known for the -designated realm. For example, at the time of this writing, there is no -user "zzwn" in the Athena realm, so entering zzwn as a username will -generate this error.

-

Check the entered username or realm name for spelling mistakes or -the wrong case.

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_topic_error_invalid_principal.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_topic_error_invalid_principal.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_topic_error_invalid_principal.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_topic_error_invalid_principal.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,17 +0,0 @@ - - - - - Invalid Principle - - - - -

Invalid principal.

-

This usually means that you just clicked on the OK button or pressed -Enter without typing your username.

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_topic_kerberos_auth_service.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_topic_kerberos_auth_service.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_topic_kerberos_auth_service.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_topic_kerberos_auth_service.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,988 +0,0 @@ - - - - - An Authentication Service for Open Network Systems - - - - -

Kerberos: An Authentication -Service for Open Network Systems

-

Jennifer G. Steiner

-
-
-
Project Athena
-
-
-
-
Massachusetts Institute of Technology
-
-
-
-
Cambridge, MA 02139
-
-
-
-
steiner@ATHENA.MIT.EDU
-
-
-

Clifford Neuman *

-
-
-
Department of Computer Science, FR-35
-
-
-
-
University of Washington
-
-
-
-
Seattle, WA 98195
-
-
-
-
bcn@CS.WASHINGTON.EDU
-
-
-

Jeffrey I. Schiller

-
-
-
Project Athena
-
-
-
-
Massachusetts Institute of Technology
-
-
-
-
Cambridge, MA 02139
-
-
-
-
jis@ATHENA.MIT.EDU
-
-

* Clifford Neuman was a member of the Project Athena staff during -the design and initial implementation phase of Kerberos.

-

-

ABSTRACT

-

In an open network computing -environment, a workstation cannot be trusted to identify its users -correctly to network services. Kerberos provides an alternative -approach whereby a trusted third-party authentication service is used -to verify users' identities. This paper gives an overview of the Kerberos -authentication model as implemented for MIT's Project Athena. It -describes the protocols used by clients, servers, and Kerberos -to achieve authentication. It also describes the management and -replication of the database required. The views of Kerberos as -seen by the user, programmer, and administrator are described. Finally, -the role of Kerberos in the larger Athena picture is given, -along with a list of applications that presently use Kerberos -for user authentication. We describe the addition of Kerberos -authentication to the Sun Network File System as a case study for -integrating Kerberos with an existing application.

-

Introduction

-

This paper gives an overview of Kerberos, an authentication -system designed by Miller and Neumanfor open network computing -environments, and describes our experience using it at MIT's Project -Athena. In the first section of the paper, we explain why a new -authentication model is needed for open networks, and what its -requirements are. The second section lists the components of the Kerberos -software and describes how they interact in providing the -authentication service. In Section 3, we describe the Kerberos -naming scheme.

-

Section 4 presents the building blocks of Kerberos -authentication - the ticket and the authenticator. This -leads to a discussion of the two authentication protocols: the initial -authentication of a user to Kerberos (analogous to logging in), -and the protocol for mutual authentication of a potential consumer and -a potential producer of a network service.

-

Kerberos requires a database of information about its -clients; Section 5 describes the database, its management, and the -protocol for its modification. Section 6 describes the Kerberos -interface to its users, applications programmers, and administrators. -In Section 7, we describe how the Project Athena Kerberos fits -into the rest of the Athena environment. We also describe the -interaction of different Kerberos authentication domains, or realms -; in our case, the relation between the Project Athena Kerberos -and the Kerberos running at MIT's Laboratory for Computer -Science.

-

In Section 8, we mention open issues and problems as yet unsolved. -The last section gives the current status of Kerberos at -Project Athena. In the appendix, we describe in detail how Kerberos -is applied to a network file service to authenticate users who wish to -gain access to remote file systems.

-

Conventions. Throughout this paper we use terms that may be -ambiguous, new to the reader, or used differently elsewhere. Below we -state our use of those terms.

-

User, Client, Server. By user, we mean a human being -who uses a program or service. A client also uses something, -but is not necessarily a person; it can be a program. Often network -applications consist of two parts; one program which runs on one -machine and requests a remote service, and another program which runs -on the remote machine and performs that service. We call those the client -side and server side of the application, respectively. Often, a -client will contact a server on behalf of a user.

-

Each entity that uses the Kerberos system, be it a user or a -network server, is in one sense a client, since it uses the Kerberos -service. So to distinguish Kerberos clients from clients of -other services, we use the term principal to indicate such an -entity. Note that a Kerberos principal can be either a user or -a server. (We describe the naming of Kerberos principals in a -later section.)

-

Service vs. Server. We use service as an abstract -specification of some actions to be performed. A process which performs -those actions is called a server. At a given time, there may be -several servers (usually running on different machines) -performing a given service. For example, at Athena there is one -BSD UNIX rlog-in server running on each of our timesharing -machines.

-

Key, Private Key, Password. Kerberos uses private key -encryption. Each Kerberos principal is assigned a large number, -its private key, known only to that principal and Kerberos. In -the case of a user, the private key is the result of a one-way function -applied to the user's password. We use key as shorthand -for private key.

-

Credentials. Unfortunately, this word has a special meaning -for both the Sun Network File System and the Kerberos system. -We explicitly state whether we mean NFS credentials or Kerberos -credentials, otherwise the term is used in the normal English language -sense.

-

Master and Slave. It is possible to run Kerberos -authentication software on more than one machine. However, there is -always only one definitive copy of the Kerberos database. The -machine which houses this database is called the master -machine, or just the master. Other machines may possess -read-only copies of the Kerberos database, and these are called -slaves.

-

1. Motivation

-

In a non-networked personal computing environment, resources and -information can be protected by physically securing the personal -computer. In a timesharing computing environment, the operating system -protects users from one another and controls resources. In order to -determine what each user is able to read or modify, it is necessary for -the timesharing system to identify each user. This is accomplished when -the user logs in.

-

In a network of users requiring services from many separate -computers, there are three approaches one can take to access control: -One can do nothing, relying on the machine to which the user is logged -in to prevent unauthorized access; one can require the host to prove -its identity, but trust the host's word as to who the user is; or one -can require the user to prove her/his identity for each required -service.

-

In a closed environment where all the machines are under strict -control, one can use the first approach. When the organization controls -all the hosts communicating over the network, this is a reasonable -approach.

-

In a more open environment, one might selectively trust only those -hosts under organizational control. In this case, each host must be -required to prove its identity. The rlog-in and rsh programs use this -approach. In those protocols, authentication is done by checking the -Internet address from which a connection has been established.

-

In the Athena environment, we must be able to honor requests from -hosts that are not under organizational control. Users have complete -control of their workstations: they can reboot them, bring them up -standalone, or even boot off their own tapes. As such, the third -approach must be taken; the user must prove her/his identity for each -desired service. The server must also prove its identity. It is not -sufficient to physically secure the host running a network server; -someone elsewhere on the network may be masquerading as the given -server.

-

Our environment places several requirements on an identification -mechanism. First, it must be secure. Circumventing it must be difficult -enough that a potential attacker does not find the authentication -mechanism to be the weak link. Someone watching the network should not -be able to obtain the information necessary to impersonate another -user. Second, it must be reliable. Access to many services will depend -on the authentication service. If it is not reliable, the system of -services as a whole will not be. Third, it should be transparent. -Ideally, the user should not be aware of authentication taking place. -Finally, it should be scalable. Many systems can communicate with -Athena hosts. Not all of these will support our mechanism, but software -should not break if they did.

-

Kerberos is the result of our work to satisfy the above -requirements. When a user walks up to a workstation s/he "logs in". As -far as the user can tell, this initial identification is sufficient to -prove her/his identity to all the required network servers for the -duration of the log-in session. The security of Kerberos relies on the -security of several authentication servers, but not on the system from -which users log in, nor on the security of the end servers that will be -used. The authentication server provides a properly authenticated user -with a way to prove her/his identity to servers scattered across the -network.

-

Authentication is a fundamental building block for a secure -networked environment. If, for example, a server knows for certain the -identity of a client, it can decide whether to provide the service, -whether the user should be given special privileges, who should receive -the bill for the service, and so forth. In other words, authorization -and accounting schemes can be built on top of the authentication that -Kerberos provides, resulting in equivalent security to the lone -personal computer or the timesharing system.

-

2. What is Kerberos ?

-

Kerberos is a trusted third-party authentication service -based on the model presented by Needham and Schroeder.It is trusted in -the sense that each of its clients believes Kerberos' judgement -as to the identity of each of its other clients to be accurate. Time -stamps (large numbers representing the current date and time) have been -added to the original model to aid in the detection of replay. -Replay occurs when a message is stolen off the network and resent -later. For a more complete description of replay, and other issues of -authentication, see Voydock and Kent.

-

2.1. What Does It Do?

-

Kerberos keeps a database of its clients and their private -keys. The private key is a large number known only to Kerberos -and the client it belongs to. In the case that the client is a user, it -is an encrypted password. Network services requiring authentication -register with Kerberos, as do clients wishing to use those -services. The private keys are negotiated at registration.

-

Because Kerberos knows these private keys, it can create -messages which convince one client that another is really who it claims -to be. Kerberos also generates temporary private keys, called session -keys, which are given to two clients and no one else. A session key -can be used to encrypt messages between two parties.

-

Kerberos provides three distinct levels of protection. The -application programmer determines which is appropriate, according to -the requirements of the application. For example, some applications -require only that authenticity be established at the initiation of a -network connection, and can assume that further messages from a given -network address originate from the authenticated party. Our -authenticated network file system uses this level of security.

-

Other applications require authentication of each message, but do -not care whether the content of the message is disclosed or not. For -these, Kerberos provides safe messages. Yet a higher -level of security is provided by private messages, where each -message is not only authenticated, but also encrypted. Private messages -are used, for example, by the Kerberos server itself for -sending passwords over the network

-

2.2. Software Components

-

The Athena implementation comprises several modules (see Figure 1). -The Kerberos applications library provides an interface for -application clients and application servers. It contains, among others, -routines for creating or reading authentication requests, and the -routines for creating safe or private messages.
-

-
    -
  • Kerberos applications -library
    • -
  • encryption library
    • -
  • database library
    • -
  • database administration programs
    • -
  • administration server
    • -
  • authentication server
    • -
  • propogation software
    • -
  • user programs
    • -
  • applications
    • -
-

Figure 1. Kerberos -Software Components

-

Encryption in Kerberos is based on DES, the Data Encryption -Standard.The encryption library implements those routines. Several -methods of encryption are provided, with tradeoffs between speed and -security. An extension to the DES Cypher Block Chaining (CBC) mode, -called the Propagating CBC mode, is also provided. In CBC, an error is -propagated only through the current block of the cipher, whereas in -PCBC, the error is propagated throughout the message. This renders the -entire message useless if an error occurs, rather than just a portion -of it. The encryption library is an independent module, and may be -replaced with other DES implementations or a different encryption -library.

-

Another replaceable module is the database management system. The -current Athena implementation of the database library uses ndbm, -although INGRES was originally used. Other database management -libraries could be used as well.

-

The Kerberos database needs are straightforward; a record is -held for each principal, containing the name, private key, and -expiration date of the principal, along with some administrative -information. (The expiration date is the date after which an entry is -no longer valid. It is usually set to a few years into the future at -registration.)

-

Other user information, such as real name, phone number, and so -forth, is kept by another server, the Hesiod nameserver. This -way, sensitive information, namely passwords, can be handled by Kerberos, -using fairly high security measures; while the non-sensitive -information kept by Hesiod is dealt with differently; it can, -for example, be sent unencrypted over the network.

-

The Kerberos servers use the database library, as do the -tools for administering the database.

-

The administration server (or KDBM server) provides a -read-write network interface to the database. The client side of the -program may be run on any machine on the network. The server side, -however, must run on the machine housing the Kerberos database -in order to make changes to the database.

-

The authentication server (or Kerberos server), on -the other hand, performs read-only operations on the Kerberos -database, namely, the authentication of principals, and generation of -session keys. Since this server does not modify the Kerberos -database, it may run on a machine housing a read-only copy of the -master Kerberos database.

-

Database propagation software manages replication of the Kerberos -database. It is possible to have copies of the database on several -different machines, with a copy of the authentication server running on -each machine. Each of these slave machines receives an update -of the Kerberos database from the master machine at -given intervals.

-

Finally, there are end-user programs for logging in to Kerberos, -changing a Kerberos password, and displaying or destroying Kerberos -tickets (tickets are explained later on).

-

3. Kerberos Names

-

Part of authenticating an entity is naming it. The process of -authentication is the verification that the client is the one named in -a request. What does a name consist of? In Kerberos, both users -and servers are named. As far as the authentication server is -concerned, they are equivalent. A name consists of a primary name, an -instance, and a realm, expressed as name.instance@realm (see -Figure 2).

-

bcn

-

treese.root

-

jis@LCS.MIT.EDU

-

rlog-in.priam@ATHENA.MIT.EDU

-

Figure 2. Kerberos Names

-

The primary name is the name of the user or the service. The -instance is used to distinguish among variations on the primary -name. For users, an instance may entail special privileges, such as the -"root" or "admin" instances. For services in the Athena environment, -the instance is usually the name of the machine on which the server -runs. For example, the rlog-in service has different instances -on different hosts: rlog-in.priam is the rlog-in server -on the host named priam. A Kerberos ticket is only good for a -single named server. As such, a separate ticket is required to gain -access to different instances of the same service. The realm is -the name of an administrative entity that maintains authentication -data. For example, different institutions may each have their own Kerberos -machine, housing a different database. They have different Kerberos -realms. (Realms are discussed further in section 8.2.).

-

4. How It Works

-

This section describes the Kerberos authentication -protocols. The following abbreviations are used in the figures.
-

-
-
c        ->     client
s        ->     server
addr     ->	client's network address
life	 -> 	lifetime of ticket
tgs, TGS -> 	ticket-granting ticket
Kerberos -> 	authentication server
KDBM	 -> 	administration server
Kx	 -> 	x's private key
Kx,y	  -> 	session key for x and y
{abc}Kx	 ->	abc encrypted in x's key
Tx,y	  ->	x's ticket to use y
Ax	 -> 	authenticator for x
WS	 -> 	workstation
-
-

As mentioned above, the Kerberos authentication model is -based on the Needham and Schroeder key distribution protocol. When a -user requests a service, her/his identity must be established. To do -this, a ticket is presented to the server, along with proof that the -ticket was originally issued to the user, not stolen. There are three -phases to authentication through Kerberos. In the first phase, -the user obtains credentials to be used to request access to other -services. In the second phase, the user requests authentication for a -specific service. In the final phase, the user presents those -credentials to the end server.

-

4.1 Credentials

-

There are two types of credentials used in the Kerberos -authentication model: tickets and authenticators. Both -are based on private key encryption, but they are encrypted using -different keys. A ticket is used to securely pass the identity of the -person to whom the ticket was issued between the authentication server -and the end server. A ticket also passes information that can be used -to make sure that the person using the ticket is the same person to -which it was issued. The authenticator contains the additional -information which, when compared against that in the ticket proves that -the client presenting the ticket is the same one to which the ticket -was issued.

-

A ticket is good for a single server and a single client. It -contains the name of the server, the name of the client, the Internet -address of the client, a time stamp, a lifetime, and a random session -key. This information is encrypted using the key of the server for -which the ticket will be used. Once the ticket has been issued, it may -be used multiple times by the named client to gain access to the named -server, until the ticket expires. Note that because the ticket is -encrypted in the key of the server, it is safe to allow the user to -pass the ticket on to the server without having to worry about the user -modifying the ticket (see Figure 3).
-

-

{s, c, addr, timestamp, life, Ks,c} -Ks
-

-

Figure 3. Kerberos Ticket.

-

Unlike the ticket, the authenticator can only be used once. A new -one must be generated each time a client wants to use a service. This -does not present a problem because the client is able to build the -authenticator itself. An authenticator contains the name of the client, -the workstation's IP address, and the current workstation time. The -authenticator is encrypted in the session key that is part of the -ticket (see Figure 4).

-
{ c, addr, timestamp } Ks,c
-
-

Figure 4. A Kerberos -Authenticator

-

4.2. Getting the Initial Ticket

-

When the user walks up to a workstation, only one piece of -information can prove her/his identity: the user's password. The -initial exchange with the authentication server is designed to minimize -the chance that the password will be compromised, while at the same -time not allowing a user to properly authenticate her/himself without -knowledge of that password. The process of logging in appears to the -user to be the same as logging in to a timesharing system. Behind the -scenes, though, it is quite different (see Figure 5).

-


-Figure 5. Getting the Initial Ticket.

-

The user is prompted for her/his username. Once it has been entered, -a request is sent to the authentication server containing the user's -name and the name of a special service known as the ticket-granting -service.

-

The authentication server checks that it knows about the client. If -so, it generates a random session key which will later be used between -the client and the ticket-granting server. It then creates a ticket for -the ticket-granting server which contains the client's name, the name -of the ticket-granting server, the current time, a lifetime for the -ticket, the client's IP address, and the random session key just -created. This is all encrypted in a key known only to the -ticket-granting server and the authentication server.

-

The authentication server then sends the ticket, along with a copy -of the random session key and some additional information, back to the -client. This response is encrypted in the client's private key, known -only to Kerberos and the client, which is derived from the -user's password.

-

Once the response has been received by the client, the user is asked -for her/his password. The password is converted to a DES key and used -to decrypt the response from the authentication server. The ticket and -the session key, along with some of the other information, are stored -for future use, and the user's password and DES key are erased from -memory.

-

Once the exchange has been completed, the workstation possesses -information that it can use to prove the identity of its user for the -lifetime of the ticket-granting ticket. As long as the software on the -workstation had not been previously tampered with, no information -exists that will allow someone else to impersonate the user beyond the -life of the ticket.

-

4.3. Requesting a Service

-

For the moment, let us pretend that the user already has a ticket -for the desired server. In order to gain access to the server, the -application builds an authenticator containing the client's name and IP -address, and the current time. The authenticator is then encrypted in -the session key that was received with the ticket for the server. The -client then sends the authenticator along with the ticket to the server -in a manner defined by the individual application.

-

Once the authenticator and ticket have been received by the server, -the server decrypts the ticket, uses the session key included in the -ticket to decrypt the authenticator, compares the information in the -ticket with that in the authenticator, the IP address from which the -request was received, and the present time. If everything matches, it -allows the request to proceed (see Figure 6).

-


-Figure 6. Requesting a Service

-

It is assumed that clocks are synchronized to within several -minutes. If the time in the request is too far in the future or the -past, the server treats the request as an attempt to replay a previous -request. The server is also allowed to keep track of all past requests -with time stamps that are still valid. In order to further foil replay -attacks, a request received with the same ticket and time stamp as one -already received can be discarded.

-

Finally, if the client specifies that it wants the server to prove -its identity too, the server adds one to the time stamp the client sent -in the authenticator, encrypts the result in the session key, and sends -the result back to the client (see Figure 7).

-


-Figure 7. Mutual Authentication

-

At the end of this exchange, the server is certain that, according -to Kerberos, the client is who it says it is. If mutual -authentication occurs, the client is also convinced that the server is -authentic. Moreover, the client and server share a key which no one -else knows, and can safely assume that a reasonably recent message -encrypted in that key originated with the other party.

-

4.4 Getting Server Tickets

-

Recall that a ticket is only good for a single server. As such, it -is necessary to obtain a separate ticket for each service the client -wants to use. Tickets for individual servers can be obtained from the -ticket-granting service. Since the ticket-granting service is itself a -service, it makes use of the service access protocol described in the -previous section.

-

When a program requires a ticket that has not already been -requested, it sends a request to the ticket-granting server (see Figure -8). The request contains the name of the server for which a ticket is -requested, along with the ticket-granting ticket and an authenticator -built as described in the previous section.

-


-Figure 8. Getting a Server Ticket

-

The ticket-granting server then checks the authenticator and -ticket-granting ticket as described above. If valid, the -ticket-granting server generates a new random session key to be used -between the client and the new server. It then builds a ticket for the -new server containing the client's name, the server name, the current -time, the client's IP address and the new session key it just -generated. The lifetime of the new ticket is the minimum of the -remaining life for the ticket-granting ticket and the default for the -service.

-

The ticket-granting server then sends the ticket, along with the -session key and other information, back to the client. This time, -however, the reply is encrypted in the session key that was part of the -ticket-granting ticket. This way, there is no need for the user to -enter her/his password again. Figure 9 summarizes the authentication -protocols.

-

-


-Figure 9. Kerberos Authentication Protocols.

-

5. Kerberos Database

-

Up to this point, we have discussed operations requiring read-only -access to the Kerberos database. These operations are performed -by the authentication service, which can run on both master and slave -machines (see Figure 10).

-


-Figure 10. Authentication Requests.

-

In this section, we discuss operations that require write access to -the database. These operations are performed by the administration -service, called the Kerberos Database Management Service (KDBM). -The current implementation stipulates that changes may only be made to -the master Kerberos database; slave copies are read-only. -Therefore, the KDBM server may only run on the master Kerberos -machine (see Figure 11).

-


-Figure 11. Administration Requests

-

Note that, while authentication can still occur (on slaves), -administration requests cannot be serviced if the master machine is -down. In our experience, this has not presented a problem, as -administration requests are infrequent.

-

The KDBM handles requests from users to change their passwords. The -client side of this program, which sends requests to the KDBM over the -network, is the kpasswd program. The KDBM also accepts requests -from Kerberos administrators, who may add principals to the -database, as well as change passwords for existing principals. The -client side of the administration program, which also sends requests to -the KDBM over the network, is the kadmin program.

-

5.1. The KDBM Server

-

The KDBM server accepts requests to add principals to the database -or change the passwords for existing principals. This service is unique -in that the ticket-granting service will not issue tickets for it. -Instead, the authentication service itself must be used (the same -service that is used to get a ticket-granting ticket). The purpose of -this is to require the user to enter a password. If this were not so, -then if a user left her/his workstation unattended, a passerby could -walk up and change her/his password for them, something which should be -prevented. Likewise, if an administrator left her/his workstation -unguarded, a passerby could change any password in the system.

-

When the KDBM server receives a request, it authorizes it by -comparing the authenticated principal name of the requester of the -change to the principal name of the target of the request. If they are -the same, the request is permitted. If they are not the same, the KDBM -server consults an access control list (stored in a file on the master Kerberos -system). If the requester's principal name is found in this file, the -request is permitted, otherwise it is denied.

-

By convention, names with a. NULL instance (the default -instance) do not appear in the access control list file; instead, an admin -instance is used. Therefore, for a user to become an administrator of Kerberos -an admin instance for that username must be created, and added -to the access control list. This convention allows an administrator to -use a different password for Kerberos administration then s/he -would use for normal log-in.

-

All requests to the KDBM program, whether permitted or denied, are -logged.

-

5.2. The kadmin and kpasswd Programs

-

Administrators of Kerberos use the kadmin program to -add principals to the database, or change the passwords of existing -principals. An administrator is required to enter the password for -their admin instance name when they invoke the kadmin -program. This password is used to fetch a ticket for the KDBM server -(see Figure 12).

-

-


-Figure 12. Kerberos Administration Protocol.

-

Users may change their Kerberos passwords using the kpasswd -program. They are required to enter their old password when they invoke -the program. This password is used to fetch a ticket for the KDBM -server.

-

5.3. Database Replication

-

Each Kerberos realm has a master Kerberos -machine, which houses the master copy of the authentication database. -It is possible (although not necessary) to have additional, read-only -copies of the database on slave machines elsewhere in the -system. The advantages of having multiple copies of the database are -those usually cited for replication: higher availability and better -performance. If the master machine is down, authentication can still be -achieved on one of the slave machines. The ability to perform -authentication on any one of several machines reduces the probability -of a bottleneck at the master machine.

-

Keeping multiple copies of the database introduces the problem of -data consistency. We have found that very simple methods suffice for -dealing with inconsistency. The master database is dumped every hour. -The database is sent, in its entirety, to the slave machines, which -then update their own databases. A program on the master host, called kprop, -sends the update to a peer program, called kpropd, running on -each of the slave machines (see Figure 13). First kprop sends a -checksum of the new database it is about to send. The checksum is -encrypted in the Kerberos master database key, which both the -master and slave Kerberos machines possess. The data is then -transferred over the network to the kpropd on the slave -machine. The slave propagation server calculates a checksum of the data -it has received, and if it matches the checksum sent by the master, the -new information is used to update the slave's database.

-


-Figure 13. Database Propagation

-

All passwords in the Kerberos database are encrypted in the -master database key Therefore, the information passed from master to -slave over the network is not useful to an eavesdropper. However, it is -essential that only information from the master host be accepted by the -slaves, and that tampering of data be detected, thus the checksum.

-

6. Kerberos From the Outside Looking In

-

The section will describe Kerberos from the practical point -of view, first as seen by the user, then from the application -programmer's viewpoint, and finally, through the tasks of the Kerberos -administrator.

-

6.1. User's Eye View

-

If all goes well, the user will hardly notice that Kerberos -is present. In our UNIX implementation, the ticket-granting ticket is -obtained from Kerberos as part of the log-in process. -The changing of a user's Kerberos password is part of the passwd -program. And Kerberos tickets are automatically destroyed when -a user logs out.

-

If the user's log-in session lasts longer than the lifetime of the -ticket-granting ticket (currently 8 hours), the user will notice Kerberos' -presence because the next time a Kerberos -authenticated -application is executed, it will fail. The Kerberos ticket for -it will have expired. At that point, the user can run the kinit -program to obtain a new ticket for the ticket-granting server. As when -logging in, a password must be provided in order to get it. A user -executing the klist command out of curiosity may be surprised -at all the tickets which have silently been obtained on her/his behalf -for services which require Kerberos authentication.

-

6.2. From the Programmer's Viewpoint

-

A programmer writing a Kerberos application will often be -adding authentication to an already existing network application -consisting of a client and server side. We call this process -"Kerberizing" a program. Kerberizing usually involves making a call to -the Kerberos library in order to perform authentication at the -initial request for service. It may also involve calls to the DES -library to encrypt messages and data which are subsequently sent -between application client and application server.

-

The most commonly used library functions are krb_mk_req on -the client side, and krb_rd_req on the server side. The krb_mk_req -routine takes as parameters the name, instance, and realm of the target -server, which will be requested, and possibly a checksum of the data to -be sent. The client then sends the message returned by the krb_mk_req -call over the network to the server side of the application. When the -server receives this message, it makes a call to the library routine krb_rd_req. -The routine returns a judgement about the authenticity of the sender's -alleged identity.

-

If the application requires that messages sent between client and -server be secret, then library calls can be made to krb_mk_priv -(krb_rd_priv) to encrypt (decrypt) messages in the session key -which both sides now share.

-

6.3. The Kerberos Administrator's Job

-

The Kerberos administrator's job begins with running a -program to initialize the database. Another program must be run to -register essential principals in the database, such as the Kerberos -administrator's name with an admin instance. The Kerberos -authentication server and the administration server must be started up. -If there are slave databases, the administrator must arrange that the -programs to propagate database updates from master to slaves be kicked -off periodically.

-

After these initial steps have been taken, the administrator -manipulates the database over the network, using the kadmin -program. Through that program, new principals can be added, and -passwords can be changed.

-

In particular, when a new Kerberos application is added to -the system, the Kerberos administrator must take a few steps to -get it working. The server must be registered in the database, and -assigned a private key (usually this is an automatically generated -random key). Then, some data (including the server's key) must be -extracted from the database and installed in a file on the server's -machine. The default file is /etc/srvtab. The krb_rd_req -library routine called by the server (see the previous section) uses -the information in that file to decrypt messages sent encrypted in the -server's private key. The /etc/srvtab file authenticates the -server as a password typed at a terminal authenticates the user.

-

The Kerberos administrator must also ensure that Kerberos -machines are physically secure, and would also be wise to maintain -backups of the Master database.

-

7. The Bigger Picture

-

In this section, we describe how Kerberos fits into the -Athena environment, including its use by other network services and -applications, and how it interacts with remote Kerberos realms. -For a more complete description of the Athena environment, please see -G. W. Treese.

-

7.1. Other Network Services' Use of Kerberos

-

Several network applications have been modified to use Kerberos. -The rlog-in and rsh commands first try to authenticate -using Kerberos. A user with valid Kerberos tickets can -rlog-in to another Athena machine without having to set up.rhosts -files. If the Kerberos authentication fails, the programs fall -back on their usual methods of authorization, in this case, the.rhosts -files.

-

We have modified the Post Office Protocol to use Kerberos -for authenticating users who wish to retrieve their electronic mail -from the "post office". A message delivery program, called Zephyr, -has been recently developed at Athena, and it uses Kerberos for -authentication as well.

-

The program for signing up new users, called register, uses -both the Service Management System (SMS) and Kerberos. From -SMS, it determines whether the information entered by the would-be new -Athena user, such as name and MIT identification number, is valid. It -then checks with Kerberos to see if the requested username is -unique. If all goes well, a new entry is made to the Kerberos -database, containing the username and password.

-

For a detailed discussion of the use of Kerberos to secure -Sun's Network File System, please refer to the appendix..

-

7.2. Interaction with Other Kerberi

-

It is expected that different administrative organizations will want -to use Kerberos for user authentication. It is also expected -that in many cases, users in one organization will want to use services -in another. Kerberos supports multiple administrative domains. -The specification of names in Kerberos includes a field called -the realm. This field contains the name of the administrative -domain within which the user is to be authenticated.

-

Services are usually registered in a single realm and will only -accept credentials issued by an authentication server for that realm. A -user is usually registered in a single realm (the local realm), but it -is possible for her/him to obtain credentials issued by another realm -(the remote realm), on the strength of the authentication provided by -the local realm. Credentials valid in a remote realm indicate the realm -in which the user was originally authenticated. Services in the remote -realm can choose whether to honor those credentials, depending on the -degree of security required and the level of trust in the realm that -initially authenticated the user.

-

In order to perform cross-realm authentication, it is necessary that -the administrators of each pair of realms select a key to be shared -between their realms. A user in the local realm can then request a -ticket-granting ticket from the local authentication server for the -ticket-granting server in the remote realm. When that ticket is used, -the remote ticket-granting server recognizes that the request is not -from its own realm, and it uses the previously exchanged key to decrypt -the ticket-granting ticket. It then issues a ticket as it normally -would, except that the realm field for the client contains the name of -the realm in which the client was originally authenticated.

-

This approach could be extended to allow one to authenticate oneself -through a series of realms until reaching the realm with the desired -service. In order to do this, though, it would be necessary to record -the entire path that was taken, and not just the name of the initial -realm in which the user was authenticated. In such a situation, all -that is known by the server is that A says that B says that C says that -the user is so-and-so. This statement can only be trusted if everyone -along the path is also trusted.

-

8. Issues and Open Problems

-

There are a number of issues and open problems associated with the Kerberos -authentication mechanism. Among the issues are how to decide the -correct lifetime for a ticket, how to allow proxies, and how to -guarantee workstation integrity.

-

The ticket lifetime problem is a matter of choosing the proper -tradeoff between security and convenience. If the life of a ticket is -long, then if a ticket and its associated session key are stolen or -misplaced, they can be used for a longer period of time. Such -information can be stolen if a user forgets to log out of a public -workstation. Alternatively, if a user has been authenticated on a -system that allows multiple users, another user with access to root -might be able to find the information needed to use stolen tickets. The -problem with giving a ticket a short lifetime, however, is that when it -expires, the user will have to obtain a new one which requires the user -to enter the password again.

-

An open problem is the proxy problem. How can an authenticated user -allow a server to acquire other network services on her/his behalf? An -example where this would be important is the use of a service that will -gain access to protected files directly from a fileserver. Another -example of this problem is what we call authentication forwarding. -If a user is logged into a workstation and logs in to a remote host, it -would be nice if the user had access to the same services available -locally, while running a program on the remote host. What makes this -difficult is that the user might not trust the remote host, thus -authentication forwarding is not desirable in all cases. We do not -presently have a solution to this problem.

-

Another problem, and one that is important in the Athena -environment, is how to guarantee the integrity of the software running -on a workstation. This is not so much of a problem on private -workstations since the user that will be using it has control over it. -On public workstations, however, someone might have come along and -modified the log-in program to save the user's password. The -only solution presently available in our environment is to make it -difficult for people to modify software running on the public -workstations. A better solution would require that the user's key never -leave a system that the user knows can be trusted. One way this could -be done would be if the user possessed a smartcard capable of -doing the encryptions required in the authentication protocol.

-

9. Status

-

A prototype version of Kerberos went into production in -September of 1986. Since January of 1987, Kerberos has been -Project Athena's sole means of authenticating its 5,000 users, 650 -workstations, and 65 servers. In addition, Kerberos is now -being used in place of.rhosts files for controlling access in -several of Athena's timesharing systems.

-

10. Acknowledgments

-

Kerberos was initially designed by Steve Miller and Clifford -Neuman with suggestions from Jeff Schiller and Jerry Saltzer. Since -that time, numerous other people have been involved with the project. -Among them are Jim Aspnes, Bob Baldwin, John Barba, Richard Basch, Jim -Bloom, Bill Bryant, Mark Colan, Rob French, Dan Geer, John Kohl, John -Kubiatowicz, Bob Mckie, Brian Murphy, John Ostlund Ken Raeburn, Chris -Reed, Jon Rochlis, Mike Shanzer, Bill Sommerfeld, Ted T'so, Win Treese, -and Stan Zanarotti.

-

We are grateful to Dan Geer, Kathy Lieben, Josh Lubarr, Ken Raeburn, -Jerry Saltzer, Ed Steiner, Robbert van Renesse, and Win Treese whose -suggestions much improved earlier drafts of this paper.

-

The illustration on the title page is by Betsy Bruemmer.

-

Appendix

-

Kerberos Application to Sun's Network File System (NFS)

-

A key component of the Project Athena workstation system is the -interposing of the network between the user's workstation and her/his -private file storage (home directory). All private storage resides on a -set of computers (currently VAX 11/750s) that are dedicated to this -purpose. This allows us to offer services on publicly available UNIX -workstations. When a user logs in to one of these publicly available -workstations, rather then validate her/his name and password against a -locally resident password file, we use Kerberos to determine -her/his authenticity. The log-in program prompts for a username -(as on any UNIX system). This username is used to fetch a Kerberos -ticket-granting ticket. The log-in program uses the password to -generate a DES key for decrypting the ticket. If decryption is -successful, the user's home directory is located by consulting the Hesiod -naming service and mounted through NFS. The log-in program then -turns control over to the user's shell, which then can run the -traditional per-user customization files because the home directory is -now "attached" to the workstation. The Hesiod service is also -used to construct an entry in the local password file. (This is for the -benefit of programs that look up information in /etc/passwd.)

-

From several options for delivery of remote file service, we chose -Sun's Network File System. However this system fails to mesh with our -needs in a crucial way. NFS assumes that all workstations fall into two -categories (as viewed from a file server's point of view): trusted and -untrusted. Untrusted systems cannot access any files at all, trusted -can. Trusted systems are completely trusted. It is assumed that a -trusted system is managed by friendly management. Specifically, it is -possible from a trusted workstation to masquerade as any valid user of -the file service system and thus gain access to just about every file -on the system. (Only files owned by "root" are exempted.).

-

In our environment, the management of a workstation (in the -traditional sense of UNIX system management) is in the hands of the -user currently using it. We make no secret of the root password on our -workstations, as we realize that a truly unfriendly user can break in -by the very fact that s/he is sitting in the same physical location as -the machine and has access to all console functions. Therefore we -cannot truly trust our workstations in the NFS interpretation of trust. -To allow proper access controls in our environment we had to make some -modifications to the base NFS software, and integrate Kerberos -into the scheme.

-

Unmodified NFS

-

In the implementation of NFS that we started with (from the -University of Wisconsin), authentication was provided in the form of a -piece of data included in each NFS request (called a "credential" in -NFS terminology). This credential contains information about the unique -user identifier (UID) of the requester and a list of the group -identifiers (GIDs) of the requester's membership. This information is -then used by the NFS server for access checking. The difference between -a trusted and a non-trusted workstation is whether or not its -credentials are accepted by the NFS server.

-

Modified NFS

-

In our environment, NFS servers must accept credentials from a -workstation if and only if the credentials indicate the UID of the -workstation's user, and no other.

-

One obvious solution would be to change the nature of credentials -from mere indicators of UID and GIDs to full blown Kerberos -authenticated data. However a significant performance penalty would be -paid if this solution were adopted. Credentials are exchanged on every -NFS operation including all disk read and write activities. Including a -Kerberos authentication on each disk transaction would add a -fair number of full-blown encryptions (done in software) per -transaction and, according to our envelope calculations, would have -delivered unacceptable performance. (It would also have required -placing the Kerberos library routines in the kernel address -space.)

-

We needed a hybrid approach, described below. The basic idea is to -have the NFS server map credentials received from client workstations, -to a valid (and possibly different) credential on the server system. -This mapping is performed in the server's kernel on each NFS -transaction and is setup at "mount" time by a user-level process that -engages in Kerberos - moderated authentication prior to -establishing a valid kernel credential mapping.

-

To implement this we added a new system call to the kernel (required -only on server systems, not on client systems) that provides for the -control of the mapping function that maps incoming credentials from -client workstations to credentials valid for use on the server (if -any). The basic mapping function maps the tuple:

-

<CLIENT-IP-ADDRESS, UID-ON-CLIENT>

-

to a valid NFS credential on the server system. The -CLIENT-IP-ADDRESS is extracted from the NFS request packet and the -UID-ON-CLIENT is extracted from the credential supplied by the client -system. Note: all information in the client-generated credential except -the UID-ON-CLIENT is discarded.

-

If no mapping exists, the server reacts in one of two ways, -depending it is configured. In our friendly configuration we default -the unmappable requests into the credentials for the user "nobody" who -has no privileged access and has a unique UID. Unfriendly servers -return an NFS access error when no valid mapping can be found for an -incoming NFS credential.

-

Our new system call is used to add and delete entries from the -kernel resident map. It also provides the ability to flush all entries -that map to a specific UID on the server system, or flush all entries -from a given CLIENT-IP-ADDRESS.

-

We modified the mount daemon (which handles NFS mount requests on -server systems) to accept a new transaction type, the Kerberos -authentication mapping request. Basically, as part of the mounting -process, the client system provides a Kerberos authenticator -along with an indication of her/his UID-ON-CLIENT (encrypted in the Kerberos -authenticator) on the workstation. The server's mount daemon converts -the Kerberos principal name into a local username. This -username is then looked up in a special file to yield the user's UID -and GIDs list. For efficiency, this file is a ndbm database -file with the username as the key. From this information, an NFS -credential is constructed and handed to the kernel as the valid mapping -of the <CLIENT-IP-ADDRESS, CLIENT-UID> tuple for this request.

-

At unmount time a request is sent to the mount daemon to remove the -previously added mapping from the kernel. It is also possible to send a -request at log-out time to invalidate all mapping for the current user -on the server in question, thus cleaning up any remaining mappings that -exist (though they shouldn't) before the workstation is made available -for the next user.

-

Security Implications of the Modified NFS

-

This implementation is not completely secure. For starters, user -data is still sent across the network in an unencrypted, and therefore -interceptable, form. The low-level, per-transaction authentication is -based on a <CLIENT-IP-ADDRESS, CLIENT-UID> pair provided -unencrypted in the request packet. This information could be forged and -thus security compromised. However, it should be noted that only while -a user is actively using her/his files (i.e., while logged in) are -valid mappings in place and therefore this form of attack is limited to -when the user in question is logged in. When a user is not logged in, -no amount of IP address forgery will permit unauthorized access to -her/his files.

-

References

-

1.S. P. Miller, B. C. Neuman, J. I. Schiller, and J. H. Saltzer, Section -E.2.1: Kerberos Authentication and Authorization System, M.I.T. -Project Athena, Cambridge, Massachusetts (December 21, 1987).

-

2.E. Balkovich, S. R. Lerman, and R. P. Parmelee, "Computing in -Higher Education: The Athena Experience," Communications of the ACM. -28(11), pp. 1214-1224, ACM (November, 1985).

-

3.R. M. Needham and M. D. Schroeder, "Using Encryption for -Authentication in Large Networks of Computers," Communications of -the ACM 21(12), pp. 993-999 (December, 1978).

-

4.V. L. Voydock and S. T. Kent, "Security Mechanisms in High-Level -Network Protocols," Computing Surveys 15(2), ACM (June -1983).

-

5.National Bureau of Standards, "Data Encryption Standard," Federal -Information Processing Standards Publication 46, Government Printing -Office, Washington, D.C. (1977).

-

6.S. P. Dyer, "Hesiod," in Usenix Conference Proceedings -(Winter, 1988).

-

7.W. J. Bryant, Kerberos Programmer's Tutorial, M.I.T. -Project Athena (In preparation).

-

8.W. J. Bryant, Kerberos Administrator's Manual, M.I.T. -Project Athena (In preparation).

-

9.G. W. Treese, "Berkeley Unix on 1000 Workstations: Athena Changes -to 4.3BSD," in Usenix Conference Proceedings (Winter, 1988)

-

10.C. A. DellaFera, M. W. Eichin, R. S. French, D. C. Jedlinsky, J. -T. Kohl, and W. E. Sommerfeld, "The Zephyr Notification System," in Usenix -Conference Proceedings (Winter, 1988).

-

11.M. A. Rosenstein, D. E. Geer, and P. J. Levine, in Usenix -Conference Proceedings (Winter, 1988).

-

12.R. Sandberg, D. Goldberg, S. Kleiman, D. Walsh, and B. Lyon, -"Design and Implementation of the Sun Network Filesystem," in Usenix -Conference Proceedings (Summer, 1985).

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_topic_kerberos_command_prompt.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_topic_kerberos_command_prompt.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_topic_kerberos_command_prompt.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_topic_kerberos_command_prompt.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,29 +0,0 @@ - - - - -Using Kerberos in a Command Prompt Environment - - - - - - - - -

Using Kerberos in a Command Prompt Environment

- -

Command Prompt commands that are available to perform Kerberos functions

- -

KINIT - Kerberos log-in utility

- -

KLIST - list currently held Kerberos tickets

- -

KDESTROY - destroy Kerberos tickets

- -

MS2MIT - import Kerberos tickets from Windows Logon Session

- -

AKLOG - obtain AFS tokens

- - - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_topic_kerberos_help_topics.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_topic_kerberos_help_topics.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_topic_kerberos_help_topics.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_topic_kerberos_help_topics.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,26 +0,0 @@ - - - - - Leash Program - - - - -

-

Kerberos Help Topics

-

-

About Kerberos

-

Kerberos Names

-

Kerberos Tickets

-

Using Kerberos in -a Command Prompt Environment

-

Kerberos Copyright

-

Kerberos Export Restrictions and Source -Code Access

-

Kerberos Timing Issues

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_topic_kerberos_names.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_topic_kerberos_names.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_topic_kerberos_names.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_topic_kerberos_names.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,29 +0,0 @@ - - - - -Kerberos Names - - - - - - - - -

Kerberos Names

- -

A Kerberos name contains three parts. The first is the principal name, which is usually a user's or service's name. The second is the instance, which in the case of a user is usually null. Some users may have privileged instances, however, such as "root" or "admin." In the case of a service, the instance is the name of the machine on which it runs; i.e. there can be an rlogin service running on the machine ABC, which is different from the rlogin service running on the machine XYZ. The third part of a Kerberos name is the realm. The realm corresponds to the Kerberos service providing authentication for the principal. For example, at MIT there is a Kerberos running at the Laboratory for Computer Science and one running at Project Athena.

- -

When writing a Kerberos name, the principal name is separated from the instance (if not null) by a period, and the realm (if not the local realm) follows, preceded by an "@" sign. The following are examples of valid Kerberos names:

- -

billb

- -

jis.admin

- -

srz@LCS.MIT.EDU

- -

treese.root@ATHENA.MIT.EDU

- - - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_topic_kerberos_principals.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_topic_kerberos_principals.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_topic_kerberos_principals.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_topic_kerberos_principals.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,125 +0,0 @@ - - - - - Kerberos: How does the other guy know who I am? - - - - -

Kerberos: How Does the Other Guy Know -Who I Am?

-

A portion of the text below was copied with permission from An -Inessential Guide to Athena (5th edition) published by the MIT -Student Information Processing Board.

-

MIT's Athena Project developed a system known as Kerberos to provide -for security on a physically insecure network. A complete description -of the mechanisms used by Kerberos to provide this security is beyond -the scope of this document. This section describes why Kerberos is -necessary in a distributed computing environment, the theory behind -Kerberos (with pointers to further information), and the user commands -which interface to Kerberos. It also gives hints for using Kerberos -more effectively.

-

Why Kerberos is needed. -Most moderately-sized to large computer systems use some form of -password protection scheme to authenticate users; that is, -they require a user who wishes to log in to give both his name and a -secret password which only he and the computer system know. Anyone who -happens to know the password can claim to be that user. It is therefore -desirable to prevent people from listening in on the conversation -between the computer and the user's terminal or workstation.

-

This is relatively easy in the case of terminals directly connected -to the machine, since each terminal has its own cable. In a local-area -network, several (typically between 10 and 200) computers share one -cable, and any computer can listen in on any network traffic. With the -advent of network monitoring packages for IBM PC's and similar -machines, it is relatively easy for a determined user to set up a -program to listen in on a network for any and all passwords being sent -over. This would allow an intruder to masquerade as someone else, -violating their privacy and perhaps stealing information (academic or -otherwise). Note that THE ELECTRONIC COMMUNICATIONS PRIVACY ACT of -1986 makes this a Federal crime punishable by lots of nasty stuff -(ask your lawyer for details).

-

In addition, since Athena (like the Internet) uses a -workstation-based model of computation, with most operations taking -place on a single-user workstation with occasional requests (for files, -etc.) going to other "server" machines, Athena needed to set up some -way to allow users to prove their identity to such server -machines.

-

A few definitions. Knowledge of the following terms is not -essential for use of Kerberos but is helpful in understanding what is -going on:

-

user:A human being who wishes to use a computer system. A -user, through his workstation, may make a series of requests to several -servers in the course of a session, and would like to avoid (due to -sheer laziness, among other things) having to type his password to each -machine in question.

-

service:A program or set of programs running on a computer -which is accessible over the network. The service would like to know -with certainty that the workstation to which it is providing the -service is really being used by the user who claims to be -logged in on the workstation. Note that workstations are not services, -and thus one may not use Kerberos to log into them over the network.

-

principal:An entity which can -both prove its identity and verify the identities of other principals -who wish to communicate with it; each user and each service -registered with Kerberos is thus a principal.

-

ticket: A block of data which, when given to a user, enables -her to prove her identity to a service. Tickets are stored in RAM in an -area of memory reserved by the Kerberos cache. They are automatically -erased when the computer is rebooted or when the user issues the -destroy tickets command from Leash. They may also be destroyed from a -Command Prompt by executing the command: kdestroy. Tickets contain -information which must be considered private to the user, and thus -should be protected. As they contain a time stamp, they cease to be -valid after a limited time. One ticket is needed for each service; -tickets are used to build authenticators, which are sent over -the network to the service.

-

authenticator: A block of data which a user's workstation -sends over the network to a specific service to prove that the -workstation really is in use by that user. An authenticator expires -after five minutes. One authenticator is typically built per session of -use of a service; once the service decodes the authenticator, it -generally permits the user to operate for as long as she wants. This -behavior is not in any way mandated by the Kerberos suite of programs -and libraries (it is just a detail of the implementation), but it is -convenient and considered secure enough for most environments.

-

How It Works...

-

Kerberos uses a standard encryption-based authentication technique -with a few variations designed to increase ease of use across -administrative entities and reduce the number of possible "attacks" on -the system. The system uses cryptographically sealed tickets -and authenticators} which may be passed over the network and -decrypted only by a user or machine which knows the appropriate -encryption/decryption key.

-

Using Kerberos...

-

After obtaining your initial ticket getting ticket either by logging -onto your workstation or by utilizing a Kerberos Ticket Manager (e.g., -Leash), Kerberos aware applications will generate authenticators and -obtain service tickets without further end user interaction.  -Examples of programs which utilize Kerberos authentication include -e-mail, distributed file systems, remote login tools, and browsers.
-

-

Registering with Kerberos...

-

To use Kerberos you must have an account registered in a REALM -associated with the service(s) you wish to access.  Contact your -network administrator to determine the registration procedures for your -organization.
-

-

Once registered with Kerberos, tickets are obtained by the login -program every time you log onto a workstation. You can also manually -obtain new tickets (which you usually do only if your old ones have -expired, 10 hours after you log in) by running the program kinit. -It prompts for a username, requests an initial ticket from Kerberos, -and then asks for your password. If you are not registered with -Kerberos, it will print Principal unknown (Kerberos). -Unless you mistype your username, this should not happen. To correct -this, or any other errors, contact the appropriate Help Desk personnel -for your organization.
-
-

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_topic_kerberos_tickets.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_topic_kerberos_tickets.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_topic_kerberos_tickets.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_topic_kerberos_tickets.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,23 +0,0 @@ - - - - -Kerberos Tickets - - - - -

Kerberos Tickets

- -

When you authenticate yourself with Kerberos, through either the Leash program or the kinit command, Kerberos gives you an initial Kerberos ticket. (A Kerberos ticket is an encrypted protocol message that provides authentication.) Kerberos uses this ticket for network utilities such as telnet, ftp or email. The ticket transactions are done transparently, so you don't have to worry about their management.

- -

Note, however, that tickets expire. Privileged tickets, such as root instance tickets, expire in a few minutes, while tickets that carry more ordinary privileges may be good for several hours or a day, depending on the installation's policy. On Athena, the default time limit is 10 hours; if your login session extends beyond the time limit, you will have to reauthenticate yourself to Kerberos to get new tickets.

- -

See Also

- -

An Authentication Service

- -

How Does the Other Guy Know Who I Am?

- - - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_topic_leash_help_topics.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_topic_leash_help_topics.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_topic_leash_help_topics.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_topic_leash_help_topics.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,33 +0,0 @@ - - - - -Leash Program - - - - - - - - -

Leash Program

- -

leash \'le-sh\ n [ME lees, leshe, fr. OF laisse, fr. laissier] 1: a line for leading or restraining an animal 2a: a set of three animals (as greyhounds, foxes, bucks, or hares) 2b: a set of three - leash vt 3: a Windows program developed at MIT to manage a user's Kerberos tickets.

- -

Leash Help Topics

- -

Leash Screen Display (Kerberometer and Dash Notification)

- -

Leash Commands

- -

How To Use Leash Online Help

- -

Leash Copyright

- -

Acknowledgments

- -

Reporting Problems with Leash

- - - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_topic_leash_systray.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_topic_leash_systray.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_topic_leash_systray.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_topic_leash_systray.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,64 +0,0 @@ - - - - - Leash System Tray Tool - - - - -

-

Leash System Tray Tool

-

While Leash is running one of the following icons -will be -displayed in the system tray based upon the current state of your -Kerberos -tickets.  Clicking on the icon with the -first mouse button will open or close the Leash display window.  Clicking with the second mouse button will -display a menu of commands.

-System Tray Icons
-
-
    -
  • Green:     tickets are -valid and have a lifetime of greater than 20 minutes
    • -
  • Grey:       no -tickets -are present
    • -
  • Orange:  tickets are -valid and about to expire
    • -
  • Red:        tickets -have expired
    -
    • -
-

System Tray Menu
-

-System Tray Menu
-
- -

-
-

-

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_topic_leash_window.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_topic_leash_window.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_topic_leash_window.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_topic_leash_window.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,81 +0,0 @@ - - - - - Leash Screen Display (Kerberometer and Dash Notification) - - - - -

-

Leash Screen Display (Kerberometer and Dash Notification)

-

-

The window -title contains -the name Leash followed by the current date and time.  -Below the title are a menu bar; a tool bar -(optional); a tree view; and a status bar (optional).

-

Leash Display Window
-

-

-

The root of the Leash tree view shows the active -user -principal name (user@REALM).  This entry -appears with a "+" icon and a Kerberos icon to its left.  -Click on this plus icon of a line to expand -the branch, displaying a "-" icon.  -To retract the branch click on the minus sign.

-

Below user principal, the tree contains ticket -categories.  Below each ticket category -are the current tickets belonging to the group.  -Each ticket entry contains the current ticket status, the time -it was -issued, the time it will expire, and the service principal and flags.  For Kerberos 5 tickets, encryption types and -network address information are listed below each ticket.

-

The tree updates once per minute.  -If you need an immediate update of your -ticket status, you can either click in the window or the press the -Update -Display button on the toolbar.

-

On the right of the status bar is a -display of the remaining -time of your tickets (both Kerberos 4 and Kerberos 5, as some programs -obtain -only Kerberos 4 tickets, these are not necessarily the same) in hours, -minutes, -and seconds.  This used to be known as -the Kerberometer. 

-

Each ticket is described and represented by an -icon of a -little ticket. The color of the ticket changes based on its viability:

-

green = normal

-

yellow = tickets are -within 15 -minutes of expiration

-

red = tickets have -expired, or you -have no tickets

-

gray = these tickets -are not available -to you

-

At 15, 10, and 5 -minutes before your Kerberos tickets expire, a screen pops up to warn -that your Kerberos tickets will expire soon and to give you the -opportunity to renew them.  This used to be known as Dash-style -notification.

-

Andrew File System (AFS) tokens information is -displayed -only on machines that have either OpenAFS for Windows http://www.openafs.org or Transarc -AFS 3.6 -for Windows.

-

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_topic_online_help.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_topic_online_help.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_topic_online_help.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_topic_online_help.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,25 +0,0 @@ - - - - - Help on Using Leash Online Help - - - - -

How To Use Leash Online Help

-

In Leash, F1 are the online Help keys. Here's what they do:

-

Pressing F1...gets you...

-

in the Leash main window: Leash -Help Topics -- click the one you need.

-

in Leash Help Topics: Contents for How To Use Help -- list of topics -explaining the features and functions of Windows online help -- click -the one you need.

-

in a Leash dialogue box: context-sensitive help, i.e., the specific -topic that explains where you are and what you're doing.

-

at an error message: explanation for the error message.

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_topic_password_choice.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_topic_password_choice.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_topic_password_choice.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_topic_password_choice.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,91 +0,0 @@ - - - - -How to Choose a Password - - - - - - - - -

How To Choose a Password...

- -

Your passwords are the keys to many computers, from a bank machine to a multiuser mainframe to a server on a network. Your password helps to prove that you are who you say you are, and ensures your privacy.

- -

Compromised passwords are the means by which most unauthorized (and unscrupulous) people gain access to a system. Someone logging on under your name has access not only to your computer files, but to most of the facilities of the computer system. Since tampering can have far-reaching and serious consequences, it's important to take to heart the following guidelines for choosing a password.

- -

Do choose:

- -

*Something easy for you to remember with at least six characters.

- -

*Something obscure. For instance, you might deliberately misspell a term or use an odd character in an otherwise familiar term, such as "phnybon" instead of "funnybone." Or use a combination of two unrelated words or a combination of letters and numbers.

- -

*A combination of letters and numbers, or a phrase like "many colors" and then use only the consonants "mnYc0l0rz."

- -

*An acronym for your favorite saying, for example, "L!isn!" (Live! It's Saturday Night!)

- -

Don't choose:

- -

*Your name in any form - first, middle, last, maiden, spelled backwards, nickname or initials.

- -

*Your userid, or your userid spelled backwards.

- -

*Part of your userid or name.

- -

*Any common name, such as Joe.

- -

*The name of a close relative, friend, or pet.

- -

*Your phone or office number, address, birthday, or anniversary.

- -

*Your license-plate number, your social-security number, or any all numeral password.

- -

*Names from popular culture, e.g., spock, sleepy.

- -

*Any word in a dictionary.

- -

*Passwords of fewer than four characters.

- -

Mum's the Word

- -

Never tell anyone your password -- not even your system administrator or account manager -- and don't write it down. Make sure you have chosen a password that you can remember. And, finally, change your password at regular intervals

- -

Reprinted from i/s, Vol. 4, No. 9,

- -

May 1989. Revised March 1993.

- -

Copyright C 1993 MIT Information Systems

- -

Send comments or questions about this publication to

- -

<comment-ispubs@mit.edu> or call x3-5150

- -

Before You Begin...

- -

Remember that passwords are case-sensitive, and note whether your keyboard has Caps Lock on. Leash is not programmed to inform you about the state of your Caps Lock key.

- -

How To Use Change Password...

- -

1.In Leash, click on the Change Password button (the one that says abc and has a green arrow), type your username in the first field of the dialogue box that opens, and press Enter or click OK. You may start over anytime by clicking Restart, stop at any time by clicking Cancel, or get help at any time with the Help button.

- -

2.Type your current password in the second field and press Enter or click OK.

- -

The program checks the username and password you entered and notifies you if either is invalid.

- -

3.Type your new password in the third field and press Enter or click OK.

- -

4.Retype your new password, to verify it, and press Enter or click OK.

- -

Once you have entered the new password twice with consistent spellings, the Leash program replaces your old password with the new, if it is a strong password. If Kerberos determines the password is weak, a message notifies you, and you need to repeat steps 1 through 4 with a strong password, as described by the "How To Choose a Password" guidelines above.

- -

How Change Password Works...

- -

When you type into the password fields of the dialog box, neither characters nor sounds echo back, thus keeping secret even the number of password characters. The program accepts only printable characters for new passwords, i.e., characters between ASCII codes 0x20 and 0x7E.

- -

When you have entered the new password twice consistently, the program attempts to change the password via a dialogue with the Kerberos administrative server. Some Kerberos sites, including MIT's Athena environment, check the password's strength before allowing the change to take place and notifies you if it determines that the password is weak.

- - - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_topic_timing_issues.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_topic_timing_issues.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_topic_timing_issues.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_topic_timing_issues.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,27 +0,0 @@ - - - - - Kerberos Timing Issues - - - - -

-

Kerberos Timing Issues

-

-

To resynchronize your computer's clock to the network's clock, -manually set it, or run the leash Synchronize Time Command.  If -you are using Windows XP or Windows 2003, the Date and Time Control -Panel contains an Internet Time page which can be used to automatically -synchronize the clock on a regular basis.
-

-

Why Do It...

-

Kerberos authentication uses time stamps as part of its protocol. -When the clocks of the Kerberos server and your computer are too far -out of synchronization, you cannot authenticate properly.

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_topic_why_use.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_topic_why_use.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_topic_why_use.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_topic_why_use.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,77 +0,0 @@ - - - - - Why use Leash? - - - - -

Why -Use Leash?

-

Leash is a graphical system-tray tool designed to -manage for -Kerberos tickets on Microsoft Windows.  Leash -is used to obtain Kerberos tickets, -change your Kerberos password, and obtain Andrew File System (AFS) -tokens.

-

Leash combines the functionality of several command line tools a -user would use to manage Kerberos functions: kinit, klist, kdestroy, ms2mit, aklog, and -passwd or kpasswd. Leash combines all of these functions into one user -interface and supports  auto-renewal or user notification when tickets -are approaching expiration.

-

There are many ways to execute Leash. In addition -to -clicking on a Leash shortcut, you can start Leash from the Windows -command -Prompt or Run... option.  Command-line -options may be specified.  If you run Leash -with the options -i or -kinit, it will display the ticket -initialization dialog -and exit; -m or ms2mit or import will import tickets from the -Microsoft -Windows logon session (if available) and exit; -d or -destroy will -destroy all -existing tickets and exit; -r or renew will renew existing Kerberos -tickets -(if possible) and exit; -a or autoinit will display the ticket -initialization -dialog if you have no Kerberos tickets. 

-

You may create a shortcut to Leash within your -Windows -Startup folder (Start Menu->Programs->Startup).  - A -shortcut to Leash32.exe autoinit ensures that Kerberos tickets are -available -for the use of Kerberized applications throughout your Windows logon -session.

-

If Leash is not executed before using a Kerberized -application, the application may prompt you for your password. Some -applications, like lpr, never prompt you for a password. These -applications -simply terminate with a message indicating that you are not -authenticated. Before -these applications can successfully be used a separate program, such as -Leash -or kinit, must be used to first authenticate you using Kerberos. 

-

Leash does not perform a logon in the sense of the -Windows -Logon Service.  A logon service would do -more than manage Kerberos tickets. A logon service would authenticate -you to -the local machine, validate access to your local file system and -performs -additional set-up tasks. These are beyond the scope of Leash. Leash -simply -allows you to manage Kerberos tickets on behalf of compatible -applications and -to change your Kerberos password.

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_view_debug_window.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_view_debug_window.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_view_debug_window.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_view_debug_window.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,32 +0,0 @@ - - - - - Debug Window Option - - - - -

Debug Window

-

When this item (found under the Action menu) is checked, the Leash -Debug Window appears.
-

-

Debug Window

-

-

From this window, commands that -Leash issues to the Kerberos server are visible. Here, you can see -exactly what -Leash is doing. This action is useful if you are having a problem with -Leash -and want to see more exactly what is going on, or if you are writing -Kerberized -applications dependent on Kerberos tickets or the actions of Leash. 

-

Note: Debugging is only -supported by Kerberos 4 and AFS.  -Kerberos 5 protocol operations cannot be debugged using Leash.

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_view_large_icons.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_view_large_icons.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_view_large_icons.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_view_large_icons.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,25 +0,0 @@ - - - - - Large Icons Option - - - - -

Large Icons

-

-

-

When this option is checked on the View menu, the -icons and -fonts in the main window (such as the picture of Kerberos) will be -about twice -as big as the minimal icon and font size.  -Naturally, smaller icons allow many more tickets to fit into a -nonscrolling window.  The default setting -of Leash is Large Icons.

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_view_status_bar.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_view_status_bar.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_view_status_bar.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_view_status_bar.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,21 +0,0 @@ - - - - - Status Bar Option - - - - -

Status Bar

-

-

-

The Status Bar is on by default; -turning it off causes the bar at the bottom of the Leash window (with -the time -remaining on any tickets that you might have) to disappear.

- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_view_toolbar.htm krb5-1.17/src/windows/leash/htmlhelp/html/leash_view_toolbar.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/leash_view_toolbar.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/leash_view_toolbar.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,49 +0,0 @@ - - - - - Leash Toolbar - - - - -

Leash Toolbar

-

-

-

By default, this option on the View menu is -selected. When -it is checked, the toolbar containing icons for commonly used commands -is -visible. Otherwise, Leash hides it.
-

-

Leash Toolbar
-

-

-

The Leash Toolbar contains buttons which act as -shortcuts to -the most frequently used Actions found on the Menubar.  -From left to right:

-
    -
  1. Get -Tickets
    2. -
  2. Renew Tickets
    3. -
  3. Import Tickets
    4. -
  4. Destroy Tickets
    5. -
  5. Change Password
    6. -
  6. Update Display
    7. -
  7. Synchronize -Time
    8. -
-
- - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/More_Menu.htm krb5-1.17/src/windows/leash/htmlhelp/html/More_Menu.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/More_Menu.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/More_Menu.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,49 +0,0 @@ - - - - - -More Panel - - -

Using the More Panel

- -

-Use the More panel to reach features not needed by all users. -

-

Find the More panel

-

The More panel is the panel on the far right of the ribbon menu. If your Kerberos window is wide enough, you will see the full More panel. If the window is too small to display it, you will see a More button. Click the More button to reach the full panel options.

-

- - - - - - - - - - - - - - - -
OptionSelect if...Details
Forget Principals You have previously entered a principal in the Get Ticket window and saved it, but you no longer want that principal included in the auto-complete feature or list of saved principals. - Select this to delete all saved principals from the auto-complete list in the Get Ticket and Change Password windows. -
-More Forget Principals help
-Allow Mixed Case Realm NameIf your Kerberos realm name uses any lower case letters. -Kerberos realms are a way of logically grouping resources and identities that use Kerberos. By convention, realm names use all upper case letters. This helps distinguish a realm from the DNS domain it corrosponds to. Realm names are case sensitive. So for convenience, anything you enter in the realm field of the Get Ticket window is converted to upper case, unless you turn this option on.
-

Related help

- - - - - - - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/Options_Menu.htm krb5-1.17/src/windows/leash/htmlhelp/html/Options_Menu.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/Options_Menu.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/Options_Menu.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,62 +0,0 @@ - - - - - -Options Panel - - -

Using the Options Panel

-

-Use the Options panel to manage general MIT Kerberos settings. -

-

Find the Options panel

-

Look to the right of the buttons and View panel. If your Kerberos window is wide enough, you will see the Option checkboxes. If the window is too small to display them, you will see an Options button. Click the Options button to reach the option checkboxes.

- -

Turning Options on and off

-

-A checkmark indicates that the option is currently turned on. Click an Option checkbox to turn the option on or off. -

-

- - - - - - - - - - - - - - - - - - - -
-Option -Turn this on to... -Details
Destroy Tickets on Exit Have MIT Kerberos destroy your tickets when you exit the program. -

-Note: MIT Kerberos cannot permanently destroy tickets you've obtained by logging into a Windows domain, even if you've imported them. Those tickets are destroyed when you log out of the domain.		Turning this option on provides greater security. However, you will need to turn this off if you want to exit MIT Kerberos but leave processes running which require your valid tickets.
Automatic Ticket Renewal -Automatically renew tickets flagged as renewable, without promptings or requiring a password, until the renewal lifetime is reached. -Renewing your tickets allows you to run batch jobs without interruption and to work through a long session without continually reentering your -password. About renewable tickets -

-Note: Automatic ticket renewal will not work if you exit MIT Kerberos or if your machine is in hibernation mode. -
Expiration AlarmHave Kerberos provide an audible alarm 15, 10, and 5 minutes before your tickets expire.Regardless of whether this option is on, Kerberos alerts you to expiring tickets at the same intervals with pop up window. However, the pop up -window will not always be visible on a busy desktop. About ticket expiration
-

Related help

- - - - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/Renew_Tickets2.htm krb5-1.17/src/windows/leash/htmlhelp/html/Renew_Tickets2.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/Renew_Tickets2.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/Renew_Tickets2.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,87 +0,0 @@ - - - - -Renew_Tickets - - - -

Renew Tickets

 -

-Renewing your tickets allows you to run batch jobs without interruption and to work through a long session without continually reentering your password. Each time you renew your ticket, Kerberos resets the ticket lifetime to the length of the orginal ticket.

- - - - -

How to...

- -

 -

Get renewable tickets

-

-In most configurations of Kerberos, you can choose to get renewable tickets. In some installations they will even be the default ticket setting. -

    -
  1. Click the Get Ticket button on the top of the window.
    2. -
  2. Enter your user name and password in the Get Ticket window. If the advanced settings are not visible, click Show Advanced Settings.
    3. -
  3. Under "Flag this ticket as, " select Renewable if it is not already checked. -
  4. Use the Renewable Until slider if you want to adjust how many days (or hours) you will be able to renew this ticket.
    5. -
  5. Click OK.
    6. -
-

- -

 -

See which of your tickets are renewable

-

-In the main Kerberos window, click the Flags checkbox. The Flags column is added to your view. Renewable tickets have the word "renewbale" in this column. -

-

 -

Find how long a ticket can be renewed

-

-In the main Kerberos window, click the Renewable Until checkbox. The Renewable Until column will appear. Your can renew your ticket repeatedly until the date and time in this column is reached, as long as you renew it while it is still valid. -

-

 -

Renew ticket once

-

-To renew your existing Kerberos ticket(s) just once, click the Renew Ticket button at the top of the window. Your ticket(s) will be renewed with the same lifespan as the original ticket. The new expiration time is listed in the "Valid Until" column. -

- -

 -

Renew ticket automatically

-

To set your Kerberos tickets to automatically renew for the entire renewable lifetime of the tickets, click the Options drop down button and select Automatic Ticket Renewal. If this option is already checked, selecting it will uncheck it and turn automatic renewal off.

-

-Note: MIT Kerberos can only automatically renew tickets while MIT Kerberos is active and running. This means that if your machine is in hibernation mode or if MIT Kerberos is not running when it is time to renew your tickets, your tickets will not be renewed.

-

- -

Renew Ticket Errors

-If any of the conditions listed below is not met, you will see an error message and then the Get Tickets window will open, allowing you to get a new ticket.

-

-You can renew your existing Kerberos tickets if all of the following are true: -

    -
  • The "Get tickets that can be renewed" box was selected when you obtained the ticket;
    -and
    • -
  • The " renewable by" deadline has not been reached ;
    -and
    • -
  • Your ticket has not already expired.
    • -
- - - -Related help - - - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/View_Menu.htm krb5-1.17/src/windows/leash/htmlhelp/html/View_Menu.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/View_Menu.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/View_Menu.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,99 +0,0 @@ - - - - - -View Panel - - -

Using the View Panel

-

-Use the View panel to choose which information columns are displayed in the main window. The View panel is to the right of the buttons in the top of the Kerberos window.

-

Show or Hide View Columns

-

-A checkmark next to a View option indicates that the View column is currently shown in the main window. For example, "Valid Until" is selected by default, so the main window shows the Valid Until column unless you unselect that checkbox.

- -

Viewing Ticket Information

-

-The columns selected in the View panel show in the main window. -Click and drag the line separating two column headings to make a column wider or narrower. Click the blue triangle next to a principal to see information for all of the principal's tickets. More help about viewing tickets

-

-

-

Column Descriptions

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Checkbox Name -Select this checkbox to... -Details
Issued See the date and time your ticket was originally obtained. If the ticket is imported, this is the time it was originally obtained when you logged on to a Windows domain with a Windows Logon session.
- Renewable UntilSee the date and time that your renewable tickets cannot be renewed any more. After this time you must get a new ticket to access services authenticated by Kerberos. - If this column shows Not Renewable, the ticket was not flagged as renewable when you obtained it. -

-Related Help: -
Valid Until -See when your ticket will expire. Note that you cannot renew a ticket if you let it expire. - Kerberos alerts you to expiring tickets with a warning in a pop up window. -To add an audible warning, select Expiration Alarm in the Options panel.
Using the Options Panel -
Encryption Type See the encryption type used to encrypt each session key and ticket. This can be useful when troubleshooting. Kerberos supports multiple types of encryption. The type used for a particular ticket or session key is automatically negotiated when you request a ticket or a service.
-More About Encryption Types
FlagsSee how the tickets were flagged (renewable and/or fowardable) when you obtained them. - You cannot change how an existing flag is set. If you need a ticket with different flags, you must get a new ticket.
-About ticket settings and flags -
Import Status See which of your tickets have been imported (or can be imported), from a Windows Logon session, and which have been exported (or can be exported) into a Windows Logon session. - -

-This column is only available when you have Kerberos tickets obtained by logging into Windows Logon session to enter a Windows domain. -

-About importable (Windows domain) tickets -		The import status tells you what application was used to obtain the ticket, and what application can fully use it now. Tickets originally obtained by starting a Windows Logon session in a domain are imported or importable to MIT Kerberos, or they are protected from being imported.

Tickets obtained with the Get Ticket window are eithe exportable or exported to the Windows Logon session. Import Status meanings - -
-

Related help

- - - - diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/html/Windows_Logon_Tickets.htm krb5-1.17/src/windows/leash/htmlhelp/html/Windows_Logon_Tickets.htm --- krb5-1.16.2/src/windows/leash/htmlhelp/html/Windows_Logon_Tickets.htm 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/html/Windows_Logon_Tickets.htm 1970-01-01 00:00:00.000000000 +0000 @@ -1,45 +0,0 @@ - - - - -Windows Logon Tickets - - -

Windows Logon Session Tickets

-

-MIT Kerberos is not the only interface for managing Kerberos tickets. -When you log on to a Windows domain, you are issued a Kerberos ticket -for your Windows Logon session. This ticket is automatically renewed -until you log out of the session, when it is destroyed.

-

-Sometimes applications that require Kerberos authentication only work -with MIT Kerberos. Others work only with the interface that is part of -the Windows Logon session. For this reason, you can use MIT Kerberos to -import tickets from your Windows domain or export tickets into your -Windows Logon session for use with Windows services, depending on your -needs. -

- - - - - - - - -
Learn about... How to...
- - - -
- - - - - Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/allowed_mix_case_realm_name.png and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/allowed_mix_case_realm_name.png differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/automatic_ticket_renewal.png and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/automatic_ticket_renewal.png differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Bullet.gif and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Bullet.gif differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Capture.PNG and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Capture.PNG differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/destroy_tickets_on_exit.png and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/destroy_tickets_on_exit.png differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/encryption_type.png and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/encryption_type.png differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/expiration_alarm.png and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/expiration_alarm.png differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/flags.png and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/flags.png differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Get_Ticket_Icon.png and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Get_Ticket_Icon.png differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/issued.png and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/issued.png differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Kerberos_auth_serv_fig_10.jpg and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Kerberos_auth_serv_fig_10.jpg differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Kerberos_auth_serv_fig_11.jpg and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Kerberos_auth_serv_fig_11.jpg differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Kerberos_auth_serv_fig_12.jpg and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Kerberos_auth_serv_fig_12.jpg differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Kerberos_auth_serv_fig_13.jpg and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Kerberos_auth_serv_fig_13.jpg differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Kerberos_auth_serv_fig_5.jpg and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Kerberos_auth_serv_fig_5.jpg differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Kerberos_auth_serv_fig_6.jpg and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Kerberos_auth_serv_fig_6.jpg differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Kerberos_auth_serv_fig_7.jpg and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Kerberos_auth_serv_fig_7.jpg differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Kerberos_auth_serv_fig_8.jpg and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Kerberos_auth_serv_fig_8.jpg differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Kerberos_auth_serv_fig_9.jpg and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Kerberos_auth_serv_fig_9.jpg differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Leash_about_leash.jpg and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Leash_about_leash.jpg differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Leash_change_password.JPG and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Leash_change_password.JPG differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Leash_debug_window.jpg and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Leash_debug_window.jpg differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Leash_display_window.jpg and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Leash_display_window.jpg differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Leash_init_ticket_advanced.jpg and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Leash_init_ticket_advanced.jpg differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Leash_init_ticket_basic.jpg and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Leash_init_ticket_basic.jpg differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Leash_menu_action.jpg and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Leash_menu_action.jpg differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Leash_menu_file.jpg and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Leash_menu_file.jpg differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Leash_menu_help.jpg and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Leash_menu_help.jpg differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Leash_menu_options.jpg and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Leash_menu_options.jpg differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Leash_menu_view.jpg and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Leash_menu_view.jpg differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Leash_properties_afs.jpg and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Leash_properties_afs.jpg differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Leash_properties_krb_1.jpg and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Leash_properties_krb_1.jpg differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Leash_properties_krb_2.jpg and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Leash_properties_krb_2.jpg differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Leash_properties_krb_3.jpg and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Leash_properties_krb_3.jpg differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Leash_properties_krb_4.jpg and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Leash_properties_krb_4.jpg differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Leash_properties_krb4.jpg and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Leash_properties_krb4.jpg differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Leash_properties_krb5_1.jpg and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Leash_properties_krb5_1.jpg differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Leash_properties_krb5_2.jpg and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Leash_properties_krb5_2.jpg differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Leash_properties_leash.jpg and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Leash_properties_leash.jpg differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Leash_systray_icons.jpg and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Leash_systray_icons.jpg differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Leash_systray_menu.jpg and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Leash_systray_menu.jpg differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Leash_toolbar.jpg and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Leash_toolbar.jpg differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Options_Button.PNG and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Options_Button.PNG differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Options_Button_Tiny.png and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Options_Button_Tiny.png differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Options_Menu_Open.png and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Options_Menu_Open.png differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Options_Menu.PNG and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Options_Menu.PNG differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Options_Menu_Tiny.png and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Options_Menu_Tiny.png differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/renewable_until.png and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/renewable_until.png differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/Ticket_Options.PNG and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/Ticket_Options.PNG differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/valid_until.png and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/valid_until.png differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/View_Menu.GIF and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/View_Menu.GIF differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/View_Menu.PNG and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/View_Menu.PNG differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/View_Menu_tiny.png and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/View_Menu_tiny.png differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/leash/htmlhelp/Images/View_Options.PNG and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/leash/htmlhelp/Images/View_Options.PNG differ diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/leash32.hhk krb5-1.17/src/windows/leash/htmlhelp/leash32.hhk --- krb5-1.16.2/src/windows/leash/htmlhelp/leash32.hhk 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/leash32.hhk 1970-01-01 00:00:00.000000000 +0000 @@ -1,364 +0,0 @@ - - - - -
    -
  • - - - - -
  • - - - - -
  • - - - -
      -
    • - - - -
    • - - - -
    -
  • - - - - -
  • - - - - -
  • - - - - -
  • - - - - -
  • - - - -
      -
    • - - - -
    • - - - -
    -
  • - - - - -
  • - - - - - - -
  • - - - - -
  • - - - - -
  • - - - -
      -
    • - - - -
    • - - - -
    • - - - -
    • - - - -
    -
  • - - - - -
  • - - - - -
  • - - - - -
  • - - - - -
  • - - - - -
  • - - - -
  • - - - - -
      -
    • - - - -
    • - - - -
    • - - - -
    • - - - -
    -
  • - - - -
      -
    • - - - -
    • - - - -
    -
  • - - - - -
  • - - - -
      -
    • - - - -
    • - - - -
    • - - - -
    • - - - -
    • - - - -
    • - - - -
    • - - - -
    • - - - -
    • - - - -
    -
  • - - - -
      -
    • - - - -
    -
  • - - - -
      -
    • - - - -
    • - - - -
    -
  • - - - -
      -
    • - - - -
    • - - - -
    -
  • - - - - -
  • - - - - -
  • - - - -
      -
    • - - - -
    • - - - -
    -
  • - - - - -
  • - - - -
      -
    • - - - -
    • - - - -
    • - - - -
    • - - - -
    • - - - -
    -
  • - - - - -
  • - - - - -
  • - - - - -
  • - - - - -
  • - - - - -
  • - - - - -
  • - - - - -
  • - - - - -
  • - - - - -
  • - - - - -
diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/leash32.hhp krb5-1.17/src/windows/leash/htmlhelp/leash32.hhp --- krb5-1.16.2/src/windows/leash/htmlhelp/leash32.hhp 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/leash32.hhp 1970-01-01 00:00:00.000000000 +0000 @@ -1,228 +0,0 @@ -[OPTIONS] -Auto Index=Yes -Auto TOC=9 -Compatibility=1.1 or later -Compiled file=leash.chm -Contents file=Table_of_Contents.hhc -Default Font=Arial,10,0 -Default Window=Default Leash Help Window -Default topic=html\leash_topic_why_use.htm -Display compile progress=Yes -Error log file=.\leash.log -Full-text search=Yes -Index file=leash32.hhk -Language=0x409 English (United States) -Title=Leash Ticket Manager Help - -[WINDOWS] -Default Leash Help Window="Leash Ticket Manager Help","Table_of_Contents.hhc","leash32.hhk","html\leash_topic_leash_help_topics.htm","html\leash_topic_leash_help_topics.htm",,,,,0x42520,320,0x304e,[0,0,800,560],0x7b0000,,,,,,0 - - -[FILES] -html\leash_topic_why_use.htm -html\leash_topic_leash_help_topics.htm -html\leash_topic_leash_window.htm -html\leash_topic_leash_systray.htm -html\leash_menu_commands.htm -html\leash_file_exit.htm -html\leash_command_get_tickets.htm -html\leash_command_import_tickets.htm -html\leash_command_renew_tickets.htm -html\leash_command_destroy_tickets.htm -html\leash_command_change_password.htm -html\leash_topic_password_choice.htm -html\leash_command_reset_window.htm -html\leash_command_sync_time.htm -html\leash_command_update_display.htm -html\leash_view_large_icons.htm -html\leash_view_toolbar.htm -html\leash_view_status_bar.htm -html\leash_view_debug_window.htm -html\leash_option_auto_renewal.htm -html\leash_option_destroy_tickets_on_exit.htm -html\leash_option_expiration_alarm.htm -html\leash_option_upper_case_realm.htm -html\leash_option_leash_properties.htm -html\leash_option_kerberos_properties.htm -html\leash_option_krb4_properties.htm -html\leash_option_krb5_properties.htm -html\leash_option_afs_properties.htm -html\leash_menu_help_why_use.htm -html\leash_help_about_leash32.htm -html\leash_topic_kerberos_help_topics.htm -html\leash_topic_about_kerberos.htm -html\leash_topic_kerberos_names.htm -html\leash_topic_kerberos_tickets.htm -html\leash_topic_kerberos_command_prompt.htm -html\leash_topic_timing_issues.htm -html\leash_external_kdestroy.htm -html\leash_external_kinit.htm -html\leash_external_klist.htm -html\leash_external_ms2mit.htm -html\leash_external_aklog.htm -html\leash_topic_kerberos_principals.htm -html\leash_topic_kerberos_auth_service.htm -html\leash_manpages.htm -html\leash_manpage_kinit.htm -html\leash_manpage_klist.htm -html\leash_manpage_kdestroy.htm -html\leash_manpage_ms2mit.htm -html\leash_manpage_aklog.htm -html\leash_errors.htm -html\leash_topic_error_8.htm -html\leash_topic_error_57.htm -html\leash_topic_error_62.htm -html\leash_topic_error_invalid_principal.htm -html\leash_topic_online_help.htm -html\leash_copyright.htm -html\leash_kerberos_copyright.htm -html\leash_export.htm -html\leash_bug_reports.htm -html\leash_acknowledgements.htm -html\hid_view_toolbar.htm -html\afx_hidw_toolbar.htm -html\hid_view_status_bar.htm -html\afx_hidw_status_bar.htm -html\hid_app_about.htm -html\hid_app_exit.htm -html\hid_help_index.htm -html\hid_help_using.htm -html\hid_context_help.htm -html\hid_sc_size.htm -html\hid_sc_move.htm -html\hid_sc_minimize.htm -html\hid_sc_maximize.htm -html\hid_sc_close.htm -html\hid_sc_restore.htm - -[ALIAS] -HID_ABOUT_KERBEROS = html\leash_topic_about_kerberos.htm -HID_ABOUT_LEASH32_COMMAND = html\leash_menu_commands.htm -HID_ABOUT_LEASH32_MODULES = html\leash_help_about_leash32.htm -HID_AFS_PROPERTIES_COMMAND = html\leash_option_afs_properties.htm -HID_CHANGE_PASSWORD_COMMAND = html\leash_command_change_password.htm -HID_DEBUG_WINDOW = html\leash_view_debug_window.htm -HID_DEBUG_WINDOW_OPTION = html\leash_view_debug_window.htm -HID_DESTROY_TICKETS_COMMAND = html\leash_command_destroy_tickets.htm -HID_DESTROY_TICKETS_ON_EXIT = html\leash_option_destroy_tickets_on_exit.htm -HID_EXIT_COMMAND = html\leash_file_exit.htm -HID_GET_TICKETS_COMMAND = html\leash_command_get_tickets.htm -HID_RENEW_TICKETS_COMMAND = html\leash_command_renew_tickets.htm -HID_IMPORT_TICKETS_COMMAND = html\leash_command_import_tickets.htm -HID_HELP_CONTENTS = html\leash_topic_leash_help_topics.htm -HID_KERBEROS_PROPERTIES_ADDDOM = html\leash_option_kerberos_properties.htm -HID_KERBEROS_PROPERTIES_ADDHOST = html\leash_option_kerberos_properties.htm -HID_KERBEROS_PROPERTIES_ADDHOST = html\leash_option_kerberos_properties.htm -HID_KERBEROS_PROPERTIES_ADDRLM = html\leash_option_kerberos_properties.htm -HID_KERBEROS_PROPERTIES_COMMAND = html\leash_option_kerberos_properties.htm -HID_KERBEROS_PROPERTIES_EDIT = html\leash_option_kerberos_properties.htm -HID_KERBEROS_PROPERTIES_EDITDOM = html\leash_option_kerberos_properties.htm -HID_KERBEROS_PROPERTIES_EDITHOST = html\leash_option_kerberos_properties.htm -HID_KERBEROS_PROPERTIES_LISTDOM = html\leash_option_kerberos_properties.htm -HID_KERBEROS_PROPERTIES_LISTRLM = html\leash_option_kerberos_properties.htm -HID_KRB4_PROPERTIES_COMMAND = html\leash_option_krb4_properties.htm -HID_KRB4_PROPERTIES_EDIT = html\leash_option_krb4_properties.htm -HID_KRB5_PROPERTIES_COMMAND = html\leash_option_krb5_properties.htm -HID_KRB5_PROPERTIES_EDIT = html\leash_option_krb5_properties.htm -HID_KRB5_PROPERTIES_FORWARDING = html\leash_option_krb5_properties.htm -HID_LARGE_ICONS_OPTION = html\leash_view_large_icons.htm -HID_LEASH_COMMANDS = html\leash_menu_commands.htm -HID_LEASH_PROGRAM = html\leash_topic_leash_help_topics.htm -HID_LEASH_PROPERTIES_COMMAND = html\leash_option_leash_properties.htm -HID_LEASH_PROPERTIES_EDIT = html\leash_option_leash_properties.htm -HID_LOW_TICKET_ALARM_OPTION = html\leash_option_expiration_alarm.htm -HID_RESET_WINDOW_OPTION = html\leash_command_reset_window.htm -HID_SCNCHRONIZE_TIME_OPTION = html\leash_command_sync_time.htm -HID_STATUS_BAR_OPTION = html\leash_view_status_bar.htm -HID_TOOLBAR_OPTION = html\leash_view_toolbar.htm -HID_UPDATE_DISPLAY_COMMAND = html\leash_command_update_display.htm -HID_UPPERCASE_REALM_OPTION = html\leash_option_upper_case_realm.htm -HID_WHY_USE_LEASH32 = html\leash_topic_why_use.htm -ID_CHANGEPASSWORD = html\leash_command_change_password.htm -ID_COUNTDOWN = html\leash_option_expiration_alarm.htm -ID_DESTROY = html\leash_command_destroy_tickets.htm -ID_EXIT = html\leash_file_exit.htm -ID_HELP_CHOOSE_PASSWORD = html\leash_topic_password_choice.htm -ID_HELP_KERBEROS = html\leash_topic_kerberos_help_topics.htm -ID_HELP_LEASH = html\leash_topic_leash_help_topics.htm -ID_HELP_PURPOSE = html\leash_topic_why_use.htm -ID_INITTICKETS = html\leash_command_get_tickets.htm -hid_view_toolbar = html\hid_view_toolbar.htm -afx_hidw_toolbar = html\afx_hidw_toolbar.htm -hid_view_status_bar = html\hid_view_status_bar.htm -afx_hidw_status_bar = html\afx_hidw_status_bar.htm -hid_app_about = html\hid_app_about.htm -hid_app_exit = html\hid_app_exit.htm -hid_help_index = html\hid_help_index.htm -hid_help_using = html\hid_help_using.htm -hid_context_help = html\hid_context_help.htm -hid_sc_size = html\hid_sc_size.htm -hid_sc_move = html\hid_sc_move.htm -hid_sc_minimize = html\hid_sc_minimize.htm -hid_sc_maximize = html\hid_sc_maximize.htm -hid_sc_close = html\hid_sc_close.htm -hid_sc_restore = html\hid_sc_restore.htm - -[MAP] -#define HID_ABOUT_KERBEROS 98320 -#define HID_ABOUT_LEASH32_COMMAND 123200 -#define HID_ABOUT_LEASH32_MODULES 131225 -#define HID_AFS_PROPERTIES_COMMAND 98327 -#define HID_CHANGE_PASSWORD_COMMAND 98315 -#define HID_DEBUG_WINDOW 131229 -#define HID_DEBUG_WINDOW_OPTION 98317 -#define HID_DESTROY_TICKETS_COMMAND 98313 -#define HID_DESTROY_TICKETS_ON_EXIT 98321 -#define HID_EXIT_COMMAND 123201 -#define HID_GET_TICKETS_COMMAND 98343 -#define HID_RENEW_TICKETS_COMMAND 98312 -#define HID_IMPORT_TICKETS_COMMAND 98342 -#define HID_HELP_CONTENTS 98340 -#define HID_KERBEROS_PROPERTIES_ADDDOM 131255 -#define HID_KERBEROS_PROPERTIES_ADDHOST 131254 -#define HID_KERBEROS_PROPERTIES_ADDHOST 131269 -#define HID_KERBEROS_PROPERTIES_ADDRLM 131253 -#define HID_KERBEROS_PROPERTIES_COMMAND 98337 -#define HID_KERBEROS_PROPERTIES_EDIT 131233 -#define HID_KERBEROS_PROPERTIES_EDITDOM 131256 -#define HID_KERBEROS_PROPERTIES_EDITHOST 131271 -#define HID_KERBEROS_PROPERTIES_LISTDOM 131279 -#define HID_KERBEROS_PROPERTIES_LISTRLM 131250 -#define HID_KRB4_PROPERTIES_COMMAND 98329 -#define HID_KRB4_PROPERTIES_EDIT 131232 -#define HID_KRB5_PROPERTIES_COMMAND 98330 -#define HID_KRB5_PROPERTIES_EDIT 131241 -#define HID_KRB5_PROPERTIES_FORWARDING 131240 -#define HID_KRBCHECK_OPTION 98335 -#define HID_LARGE_ICONS_OPTION 98322 -#define HID_LEASH_COMMANDS 131200 -#define HID_LEASH_PROGRAM 98319 -#define HID_LEASH_PROPERTIES_COMMAND 98331 -#define HID_LEASH_PROPERTIES_EDIT 131239 -#define HID_LOW_TICKET_ALARM_OPTION 98334 -#define HID_RESET_WINDOW_OPTION 98326 -#define HID_SCNCHRONIZE_TIME_OPTION 98314 -#define HID_STATUS_BAR_OPTION 124929 -#define HID_TOOLBAR_OPTION 124928 -#define HID_UPDATE_DISPLAY_COMMAND 98316 -#define HID_UPPERCASE_REALM_OPTION 98323 -#define HID_WHY_USE_LEASH32 98341 -#define ID_CHANGEPASSWORD 112 -#define ID_COUNTDOWN 101 -#define ID_DESTROY 111 -#define ID_EXIT 200 -#define ID_HELP_CHOOSE_PASSWORD 2511841056 -#define ID_HELP_KERBEROS 211 -#define ID_HELP_LEASH 210 -#define ID_HELP_PURPOSE 115 -#define ID_INITTICKETS 113 -#define KRB_BAD_NAME 39525457 -#define KRB_BAD_TIME 39525413 -#DEFINE KRB_ERROR_78 39525454 -#define KRB_INCORR_PASSWD 39525438 -#define KRB_NO_TKT_FILE 39525446 -#define KRB_UNKNOWN_REALM 39525433 -#define KRB_UNKNOWN_USER 39525384 -#define LSH_INVINSTANCE 40591875 - -[INFOTYPES] diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/LeashHelp.hhp krb5-1.17/src/windows/leash/htmlhelp/LeashHelp.hhp --- krb5-1.16.2/src/windows/leash/htmlhelp/LeashHelp.hhp 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/LeashHelp.hhp 1970-01-01 00:00:00.000000000 +0000 @@ -1,184 +0,0 @@ -[OPTIONS] -Binary Index=No -Compatibility=1.1 or later -Compiled file=LeashHelp.chm -Contents file=TOC.hhc -Default Window=Leash Help -Default topic=Html\Getting_Started.htm -Display compile progress=No -Full text search stop list file=stoplist.stp -Full-text search=Yes -Index file=Index.hhk -Language=0x409 English (United States) - -[WINDOWS] -Leash Help="MIT Kerberos Help","TOC.hhc","Index.hhk",,,,,,,0x62420,,0x100e,[0,0,800,800],,,,,,,0 - - -[FILES] -Html\Getting_Started.htm -Html\Change_Password.htm -Html\Forget_Password.htm -Html\Kerberos.htm -Html\Password_Tips.htm -Html\Passwords.htm -Html\Using_Leash_Menus.htm -Html\Tickets.htm -Html\Destroy_Tickets.htm -Html\Get_Tickets.htm -Html\Import_Tickets.htm -Html\Renew_Tickets.htm -Html\Ticket_Settings.htm -Html\View_Tickets.htm -Leash.css -HTML\FAQ.htm -HTML\Options_Menu.htm -HTML\Command_Line.htm -HTML\MS2MIT.htm -HTML\KDESTROY.htm -HTML\KLIST.htm -HTML\KINIT.htm -HTML\Troubleshooting.htm -HTML\Kerberos_Terminology.htm -HTML\Report_Bugs.htm -HTML\Encryption_Types.htm -HTML\KCPYTKT.htm -HTML\KVNO.htm -HTML\KSWITCH.htm -HTML\KPASSWD.htm -HTML\Export_Tickets.htm -HTML\View_Menu.htm -HTML\Glossary.htm -HTML\Import_Status.htm -HTML\Debugging.htm -HTML\Keyboard_Shortcuts.htm -HTML\Windows_Logon_Tickets.htm -HTML\How_Kerberos_Works.htm -HTML\Principals.htm -HTML\Make_Default.htm -HTML\Manage_Multiple_Principals.htm -HTML\Forget_Principals.htm -HTML\More_Menu.htm -HTML\Home_Tab.htm -HTML\Options_Tab.htm - -[ALIAS] -HID_ABOUT_KERBEROS = html\How_Kerberos_Works.htm -HID_CHANGE_PASSWORD_COMMAND = html\Change_Password.htm -HID_DESTROY_TICKETS_COMMAND = html\Destroy_Tickets.htm -HID_DESTROY_TICKETS_ON_EXIT = html\Options_Tab.htm -HID_EXIT_COMMAND = html\leash_file_exit.htm -HID_GET_TICKETS_COMMAND = html\Get_Tickets.htm -HID_RENEW_TICKETS_COMMAND = html\Renew_Tickets.htm -HID_IMPORT_TICKETS_COMMAND = html\Import_Tickets.htm -HID_HELP_CONTENTS = html\Getting_Started.htm -HID_KERBEROS_PROPERTIES_ADDDOM = html\leash_option_kerberos_properties.htm -HID_KERBEROS_PROPERTIES_ADDHOST = html\leash_option_kerberos_properties.htm -HID_KERBEROS_PROPERTIES_ADDHOST = html\leash_option_kerberos_properties.htm -HID_KERBEROS_PROPERTIES_ADDRLM = html\leash_option_kerberos_properties.htm -HID_KERBEROS_PROPERTIES_COMMAND = html\leash_option_kerberos_properties.htm -HID_KERBEROS_PROPERTIES_EDIT = html\leash_option_kerberos_properties.htm -HID_KERBEROS_PROPERTIES_EDITDOM = html\leash_option_kerberos_properties.htm -HID_KERBEROS_PROPERTIES_EDITHOST = html\leash_option_kerberos_properties.htm -HID_KERBEROS_PROPERTIES_LISTDOM = html\leash_option_kerberos_properties.htm -HID_KERBEROS_PROPERTIES_LISTRLM = html\leash_option_kerberos_properties.htm -HID_KRB5_PROPERTIES_COMMAND = html\leash_option_krb5_properties.htm -HID_KRB5_PROPERTIES_EDIT = html\leash_option_krb5_properties.htm -HID_KRB5_PROPERTIES_FORWARDING = html\leash_option_krb5_properties.htm -HID_LARGE_ICONS_OPTION = html\leash_view_large_icons.htm -HID_LEASH_COMMANDS = html\Getting_Started.htm -HID_LEASH_PROGRAM = html\Getting_Started.htm -HID_LEASH_PROPERTIES_COMMAND = html\leash_option_leash_properties.htm -HID_LEASH_PROPERTIES_EDIT = html\leash_option_leash_properties.htm -HID_LOW_TICKET_ALARM_OPTION = html\leash_option_expiration_alarm.htm -HID_RESET_WINDOW_OPTION = html\leash_command_reset_window.htm -HID_SCNCHRONIZE_TIME_OPTION = html\leash_command_sync_time.htm -HID_STATUS_BAR_OPTION = html\leash_view_status_bar.htm -HID_TOOLBAR_OPTION = html\leash_view_toolbar.htm -HID_UPDATE_DISPLAY_COMMAND = html\leash_command_update_display.htm -HID_UPPERCASE_REALM_OPTION = html\leash_option_upper_case_realm.htm -HID_WHY_USE_LEASH32 = html\leash_topic_why_use.htm -ID_CHANGEPASSWORD = html\leash_command_change_password.htm -ID_COUNTDOWN = html\leash_option_expiration_alarm.htm -ID_DESTROY = html\leash_command_destroy_tickets.htm -ID_EXIT = html\leash_file_exit.htm -ID_HELP_CHOOSE_PASSWORD = html\leash_topic_password_choice.htm -ID_HELP_KERBEROS = html\leash_topic_kerberos_help_topics.htm -ID_HELP_LEASH = html\leash_topic_leash_help_topics.htm -ID_HELP_PURPOSE = html\leash_topic_why_use.htm -ID_INITTICKETS = html\leash_command_get_tickets.htm -hid_app_about = html\hid_app_about.htm -hid_app_exit = html\hid_app_exit.htm -hid_help_index = html\hid_help_index.htm -hid_help_using = html\hid_help_using.htm -hid_context_help = html\hid_context_help.htm -hid_sc_size = html\hid_sc_size.htm -hid_sc_move = html\hid_sc_move.htm -hid_sc_minimize = html\hid_sc_minimize.htm -hid_sc_maximize = html\hid_sc_maximize.htm -hid_sc_close = html\hid_sc_close.htm -hid_sc_restore = html\hid_sc_restore.htm - -[MAP] -#define HID_ABOUT_KERBEROS 98320 -#define HID_ABOUT_LEASH32_COMMAND 123200 -#define HID_ABOUT_LEASH32_MODULES 131225 -#define HID_AFS_PROPERTIES_COMMAND 98327 -#define HID_CHANGE_PASSWORD_COMMAND 98315 -#define HID_DEBUG_WINDOW 131229 -#define HID_DEBUG_WINDOW_OPTION 98317 -#define HID_DESTROY_TICKETS_COMMAND 98313 -#define HID_DESTROY_TICKETS_ON_EXIT 98321 -#define HID_EXIT_COMMAND 123201 -#define HID_GET_TICKETS_COMMAND 98343 -#define HID_RENEW_TICKETS_COMMAND 98312 -#define HID_IMPORT_TICKETS_COMMAND 98342 -#define HID_HELP_CONTENTS 98340 -#define HID_KERBEROS_PROPERTIES_ADDDOM 131255 -#define HID_KERBEROS_PROPERTIES_ADDHOST 131254 -#define HID_KERBEROS_PROPERTIES_ADDHOST 131269 -#define HID_KERBEROS_PROPERTIES_ADDRLM 131253 -#define HID_KERBEROS_PROPERTIES_COMMAND 98337 -#define HID_KERBEROS_PROPERTIES_EDIT 131233 -#define HID_KERBEROS_PROPERTIES_EDITDOM 131256 -#define HID_KERBEROS_PROPERTIES_EDITHOST 131271 -#define HID_KERBEROS_PROPERTIES_LISTDOM 131279 -#define HID_KERBEROS_PROPERTIES_LISTRLM 131250 -#define HID_KRB4_PROPERTIES_COMMAND 98329 -#define HID_KRB4_PROPERTIES_EDIT 131232 -#define HID_KRB5_PROPERTIES_COMMAND 98330 -#define HID_KRB5_PROPERTIES_EDIT 131241 -#define HID_KRB5_PROPERTIES_FORWARDING 131240 -#define HID_KRBCHECK_OPTION 98335 -#define HID_LARGE_ICONS_OPTION 98322 -#define HID_LEASH_COMMANDS 131200 -#define HID_LEASH_PROGRAM 98319 -#define HID_LEASH_PROPERTIES_COMMAND 98331 -#define HID_LEASH_PROPERTIES_EDIT 131239 -#define HID_LOW_TICKET_ALARM_OPTION 98334 -#define HID_RESET_WINDOW_OPTION 98326 -#define HID_SCNCHRONIZE_TIME_OPTION 98314 -#define HID_STATUS_BAR_OPTION 124929 -#define HID_TOOLBAR_OPTION 124928 -#define HID_UPDATE_DISPLAY_COMMAND 98316 -#define HID_UPPERCASE_REALM_OPTION 98323 -#define HID_WHY_USE_LEASH32 98341 -#define ID_CHANGEPASSWORD 112 -#define ID_COUNTDOWN 101 -#define ID_DESTROY 111 -#define ID_EXIT 200 -#define ID_HELP_CHOOSE_PASSWORD 2511841056 -#define ID_HELP_KERBEROS 211 -#define ID_HELP_LEASH 210 -#define ID_HELP_PURPOSE 115 -#define ID_INITTICKETS 113 -#define KRB_BAD_NAME 39525457 -#define KRB_BAD_TIME 39525413 -#DEFINE KRB_ERROR_78 39525454 -#define KRB_INCORR_PASSWD 39525438 -#define KRB_NO_TKT_FILE 39525446 -#define KRB_UNKNOWN_REALM 39525433 -#define KRB_UNKNOWN_USER 39525384 -#define LSH_INVINSTANCE 40591875 - -[INFOTYPES] diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/MITKerberosHelp.hhp krb5-1.17/src/windows/leash/htmlhelp/MITKerberosHelp.hhp --- krb5-1.16.2/src/windows/leash/htmlhelp/MITKerberosHelp.hhp 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/MITKerberosHelp.hhp 2019-01-08 16:02:37.000000000 +0000 @@ -61,46 +61,11 @@ HID_CHANGE_PASSWORD_COMMAND = html\Change_Password.htm HID_DESTROY_TICKETS_COMMAND = html\Destroy_Tickets.htm HID_DESTROY_TICKETS_ON_EXIT = html\Options_Tab.htm -HID_EXIT_COMMAND = html\leash_file_exit.htm HID_GET_TICKETS_COMMAND = html\Get_Tickets.htm HID_RENEW_TICKETS_COMMAND = html\Renew_Tickets.htm -HID_IMPORT_TICKETS_COMMAND = html\Import_Tickets.htm HID_HELP_CONTENTS = html\Getting_Started.htm -HID_KERBEROS_PROPERTIES_ADDDOM = html\leash_option_kerberos_properties.htm -HID_KERBEROS_PROPERTIES_ADDHOST = html\leash_option_kerberos_properties.htm -HID_KERBEROS_PROPERTIES_ADDHOST = html\leash_option_kerberos_properties.htm -HID_KERBEROS_PROPERTIES_ADDRLM = html\leash_option_kerberos_properties.htm -HID_KERBEROS_PROPERTIES_COMMAND = html\leash_option_kerberos_properties.htm -HID_KERBEROS_PROPERTIES_EDIT = html\leash_option_kerberos_properties.htm -HID_KERBEROS_PROPERTIES_EDITDOM = html\leash_option_kerberos_properties.htm -HID_KERBEROS_PROPERTIES_EDITHOST = html\leash_option_kerberos_properties.htm -HID_KERBEROS_PROPERTIES_LISTDOM = html\leash_option_kerberos_properties.htm -HID_KERBEROS_PROPERTIES_LISTRLM = html\leash_option_kerberos_properties.htm -HID_KRB5_PROPERTIES_COMMAND = html\leash_option_krb5_properties.htm -HID_KRB5_PROPERTIES_EDIT = html\leash_option_krb5_properties.htm -HID_KRB5_PROPERTIES_FORWARDING = html\leash_option_krb5_properties.htm -HID_LARGE_ICONS_OPTION = html\leash_view_large_icons.htm HID_LEASH_COMMANDS = html\Getting_Started.htm HID_LEASH_PROGRAM = html\Getting_Started.htm -HID_LEASH_PROPERTIES_COMMAND = html\leash_option_leash_properties.htm -HID_LEASH_PROPERTIES_EDIT = html\leash_option_leash_properties.htm -HID_LOW_TICKET_ALARM_OPTION = html\leash_option_expiration_alarm.htm -HID_RESET_WINDOW_OPTION = html\leash_command_reset_window.htm -HID_SCNCHRONIZE_TIME_OPTION = html\leash_command_sync_time.htm -HID_STATUS_BAR_OPTION = html\leash_view_status_bar.htm -HID_TOOLBAR_OPTION = html\leash_view_toolbar.htm -HID_UPDATE_DISPLAY_COMMAND = html\leash_command_update_display.htm -HID_UPPERCASE_REALM_OPTION = html\leash_option_upper_case_realm.htm -HID_WHY_USE_LEASH32 = html\leash_topic_why_use.htm -ID_CHANGEPASSWORD = html\leash_command_change_password.htm -ID_COUNTDOWN = html\leash_option_expiration_alarm.htm -ID_DESTROY = html\leash_command_destroy_tickets.htm -ID_EXIT = html\leash_file_exit.htm -ID_HELP_CHOOSE_PASSWORD = html\leash_topic_password_choice.htm -ID_HELP_KERBEROS = html\leash_topic_kerberos_help_topics.htm -ID_HELP_LEASH = html\leash_topic_leash_help_topics.htm -ID_HELP_PURPOSE = html\leash_topic_why_use.htm -ID_INITTICKETS = html\leash_command_get_tickets.htm hid_app_about = html\hid_app_about.htm hid_app_exit = html\hid_app_exit.htm hid_help_index = html\hid_help_index.htm @@ -117,55 +82,18 @@ #define HID_ABOUT_KERBEROS 98320 #define HID_ABOUT_LEASH32_COMMAND 123200 #define HID_ABOUT_LEASH32_MODULES 131225 -#define HID_AFS_PROPERTIES_COMMAND 98327 #define HID_CHANGE_PASSWORD_COMMAND 98315 #define HID_DEBUG_WINDOW 131229 #define HID_DEBUG_WINDOW_OPTION 98317 #define HID_DESTROY_TICKETS_COMMAND 98313 #define HID_DESTROY_TICKETS_ON_EXIT 98321 -#define HID_EXIT_COMMAND 123201 #define HID_GET_TICKETS_COMMAND 98343 #define HID_RENEW_TICKETS_COMMAND 98312 -#define HID_IMPORT_TICKETS_COMMAND 98342 #define HID_HELP_CONTENTS 98340 -#define HID_KERBEROS_PROPERTIES_ADDDOM 131255 -#define HID_KERBEROS_PROPERTIES_ADDHOST 131254 -#define HID_KERBEROS_PROPERTIES_ADDHOST 131269 -#define HID_KERBEROS_PROPERTIES_ADDRLM 131253 -#define HID_KERBEROS_PROPERTIES_COMMAND 98337 -#define HID_KERBEROS_PROPERTIES_EDIT 131233 -#define HID_KERBEROS_PROPERTIES_EDITDOM 131256 -#define HID_KERBEROS_PROPERTIES_EDITHOST 131271 -#define HID_KERBEROS_PROPERTIES_LISTDOM 131279 -#define HID_KERBEROS_PROPERTIES_LISTRLM 131250 -#define HID_KRB4_PROPERTIES_COMMAND 98329 -#define HID_KRB4_PROPERTIES_EDIT 131232 -#define HID_KRB5_PROPERTIES_COMMAND 98330 -#define HID_KRB5_PROPERTIES_EDIT 131241 -#define HID_KRB5_PROPERTIES_FORWARDING 131240 #define HID_KRBCHECK_OPTION 98335 -#define HID_LARGE_ICONS_OPTION 98322 #define HID_LEASH_COMMANDS 131200 #define HID_LEASH_PROGRAM 98319 -#define HID_LEASH_PROPERTIES_COMMAND 98331 -#define HID_LEASH_PROPERTIES_EDIT 131239 #define HID_LOW_TICKET_ALARM_OPTION 98334 -#define HID_RESET_WINDOW_OPTION 98326 -#define HID_SCNCHRONIZE_TIME_OPTION 98314 -#define HID_STATUS_BAR_OPTION 124929 -#define HID_TOOLBAR_OPTION 124928 -#define HID_UPDATE_DISPLAY_COMMAND 98316 -#define HID_UPPERCASE_REALM_OPTION 98323 -#define HID_WHY_USE_LEASH32 98341 -#define ID_CHANGEPASSWORD 112 -#define ID_COUNTDOWN 101 -#define ID_DESTROY 111 -#define ID_EXIT 200 -#define ID_HELP_CHOOSE_PASSWORD 2511841056 -#define ID_HELP_KERBEROS 211 -#define ID_HELP_LEASH 210 -#define ID_HELP_PURPOSE 115 -#define ID_INITTICKETS 113 #define KRB_BAD_NAME 39525457 #define KRB_BAD_TIME 39525413 #DEFINE KRB_ERROR_78 39525454 diff -Nru krb5-1.16.2/src/windows/leash/htmlhelp/Table_of_Contents.hhc krb5-1.17/src/windows/leash/htmlhelp/Table_of_Contents.hhc --- krb5-1.16.2/src/windows/leash/htmlhelp/Table_of_Contents.hhc 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/htmlhelp/Table_of_Contents.hhc 1970-01-01 00:00:00.000000000 +0000 @@ -1,232 +0,0 @@ - - - - - - - - - -
    -
  • - - - -
  • - - - -
      -
    • - - - -
    • - - - -
        -
      • - - - -
      -
    • - - - -
        -
      • - - - -
      • - - - -
      • - - - -
      • - - - -
      • - - - -
      • - - - -
      • - - - -
      • - - - -
      • - - - -
      • - - - -
      • - - - -
      • - - - -
      • - - - -
      • - - - -
      • - - - -
      • - - - -
      • - - - -
      • - - - -
      • - - - -
      • - - - -
      • - - - -
      • - - - -
      • - - - -
      -
    -
  • - - - -
      -
    • - - - -
    • - - - -
    • - - - -
    • - - - -
    • - - - -
    -
  • - - - -
      -
    • - - - -
    • - - - -
    • - - - -
    • - - - -
    • - - - -
    -
  • - - - -
      -
    • - - - -
    • - - - -
    • - - - -
    • - - - -
    -
  • - - - -
  • - - - -
  • - - - -
  • - - - -
  • - - - -
  • - - - -
- diff -Nru krb5-1.16.2/src/windows/leash/Krb4AddToDomainRealmList.cpp krb5-1.17/src/windows/leash/Krb4AddToDomainRealmList.cpp --- krb5-1.16.2/src/windows/leash/Krb4AddToDomainRealmList.cpp 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/Krb4AddToDomainRealmList.cpp 1970-01-01 00:00:00.000000000 +0000 @@ -1,107 +0,0 @@ -// File: Krb4AddToDomainRealmList.cpp -// By: Arthur David Leather -// Created: 12/02/98 -// Copyright @1998 Massachusetts Institute of Technology - All rights reserved. -// Description: CPP file for Krb4AddToDomainRealmList.h. Contains variables and functions -// for Kerberos Four Properties -// -// History: -// -// MM/DD/YY Inits Description of Change -// 12/02/98 ADL Original -// ************************************************************************************** - - -#include "stdafx.h" -#include "leash.h" -#include "Krb4AddToDomainRealmList.h" - -#ifdef _DEBUG -#define new DEBUG_NEW -#undef THIS_FILE -static char THIS_FILE[] = __FILE__; -#endif - -///////////////////////////////////////////////////////////////////////////// -// CKrb4AddToDomainRealmList dialog - - -CKrb4AddToDomainRealmList::CKrb4AddToDomainRealmList(CWnd* pParent /*=NULL*/) - : CDialog(CKrb4AddToDomainRealmList::IDD, pParent) -{ - m_newRealm = _T(""); - m_newDomainHost = _T(""); - m_startup = TRUE; - - - //{{AFX_DATA_INIT(CKrb4AddToDomainRealmList) - // NOTE: the ClassWizard will add member initialization here - //}}AFX_DATA_INIT -} - - -void CKrb4AddToDomainRealmList::DoDataExchange(CDataExchange* pDX) -{ - CDialog::DoDataExchange(pDX); - //{{AFX_DATA_MAP(CKrb4AddToDomainRealmList) - // NOTE: the ClassWizard will add DDX and DDV calls here - //}}AFX_DATA_MAP -} - - -BEGIN_MESSAGE_MAP(CKrb4AddToDomainRealmList, CDialog) - //{{AFX_MSG_MAP(CKrb4AddToDomainRealmList) - ON_WM_SHOWWINDOW() - ON_EN_CHANGE(IDC_EDIT_DOMAINHOSTNAME, OnChangeEditDomainhostname) - ON_EN_CHANGE(IDC_EDIT_DOMAINREALMNAME, OnChangeEditDomainrealmname) - //}}AFX_MSG_MAP -END_MESSAGE_MAP() - -///////////////////////////////////////////////////////////////////////////// -// CKrb4AddToDomainRealmList message handlers - -void CKrb4AddToDomainRealmList::OnChangeEditDomainhostname() -{ - if (!m_startup) - GetDlgItemText(IDC_EDIT_DOMAINHOSTNAME, m_newDomainHost); -} - -void CKrb4AddToDomainRealmList::OnChangeEditDomainrealmname() -{ - if (!m_startup) - GetDlgItemText(IDC_EDIT_DOMAINREALMNAME, m_newRealm); -} - -void CKrb4AddToDomainRealmList::OnOK() -{ - //if (m_newRealm.IsEmpty) - - m_newRealm.TrimLeft(); - m_newRealm.TrimRight(); - m_newDomainHost.TrimLeft(); - m_newDomainHost.TrimRight(); - - if (m_newRealm.IsEmpty() || m_newDomainHost.IsEmpty()) - { // stay - MessageBox("OnOK::Both Realm and Domain-Host fields must be filled in!", - "Leash", MB_OK); - } - else if (-1 != m_newRealm.Find(' ') || -1 != m_newDomainHost.Find(' ')) - { // stay - MessageBox("OnOK::Illegal space found!", "Leash", MB_OK); - } - else - CDialog::OnOK(); // exit -} - -void CKrb4AddToDomainRealmList::OnCancel() -{ - - CDialog::OnCancel(); -} - -void CKrb4AddToDomainRealmList::OnShowWindow(BOOL bShow, UINT nStatus) -{ - CDialog::OnShowWindow(bShow, nStatus); - m_startup = FALSE; -} diff -Nru krb5-1.16.2/src/windows/leash/Krb4AddToDomainRealmList.h krb5-1.17/src/windows/leash/Krb4AddToDomainRealmList.h --- krb5-1.16.2/src/windows/leash/Krb4AddToDomainRealmList.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/Krb4AddToDomainRealmList.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,73 +0,0 @@ -// File: Krb4AddToDomainRealmList.h -// By: Arthur David Leather -// Created: 12/02/98 -// Copyright @1998 Massachusetts Institute of Technology - All rights reserved. -// Description: H file for Krb4AddToDomainRealmList.cpp. Contains variables and functions -// for Kerberos Four Properties -// -// History: -// -// MM/DD/YY Inits Description of Change -// 12/02/98 ADL Original -// ************************************************************************************** - - -#if !defined(AFX_KRB4ADDTODOMAINREALMLIST_H__F4D41683_96A4_11D2_94E2_0000861B8A3C__INCLUDED_) -#define AFX_KRB4ADDTODOMAINREALMLIST_H__F4D41683_96A4_11D2_94E2_0000861B8A3C__INCLUDED_ - -#if _MSC_VER > 1000 -#pragma once -#endif // _MSC_VER > 1000 -// Krb4AddToDomainRealmList.h : header file -// - -///////////////////////////////////////////////////////////////////////////// -// CKrb4AddToDomainRealmList dialog - -class CKrb4AddToDomainRealmList : public CDialog -{ -// Construction -private: - CString m_newRealm; - CString m_newDomainHost; - BOOL m_newAdmin; - BOOL m_startup; - -public: - CKrb4AddToDomainRealmList(CWnd* pParent = NULL); // standard constructor - - CString GetNewRealm() {return m_newRealm;} - CString GetNewDomainHost() {return m_newDomainHost;} - -// Dialog Data - //{{AFX_DATA(CKrb4AddToDomainRealmList) - enum { IDD = IDD_KRB4_ADD_DOMAINREALMNAME }; - // NOTE: the ClassWizard will add data members here - //}}AFX_DATA - - -// Overrides - // ClassWizard generated virtual function overrides - //{{AFX_VIRTUAL(CKrb4AddToDomainRealmList) - protected: - virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support - //}}AFX_VIRTUAL - -// Implementation -protected: - - // Generated message map functions - //{{AFX_MSG(CKrb4AddToDomainRealmList) - virtual void OnOK(); - virtual void OnCancel(); - afx_msg void OnShowWindow(BOOL bShow, UINT nStatus); - afx_msg void OnChangeEditDomainhostname(); - afx_msg void OnChangeEditDomainrealmname(); - //}}AFX_MSG - DECLARE_MESSAGE_MAP() -}; - -//{{AFX_INSERT_LOCATION}} -// Microsoft Visual C++ will insert additional declarations immediately before the previous line. - -#endif // !defined(AFX_KRB4ADDTODOMAINREALMLIST_H__F4D41683_96A4_11D2_94E2_0000861B8A3C__INCLUDED_) diff -Nru krb5-1.16.2/src/windows/leash/Krb4AddToRealmHostList.cpp krb5-1.17/src/windows/leash/Krb4AddToRealmHostList.cpp --- krb5-1.16.2/src/windows/leash/Krb4AddToRealmHostList.cpp 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/Krb4AddToRealmHostList.cpp 1970-01-01 00:00:00.000000000 +0000 @@ -1,121 +0,0 @@ -// File: Krb4AddToRealmHostList.cpp -// By: Arthur David Leather -// Created: 12/02/98 -// Copyright @1998 Massachusetts Institute of Technology - All rights reserved. -// Description: CPP file for Krb4AddToRealmHostList.h. Contains variables and functions -// for Kerberos Four Properties -// -// History: -// -// MM/DD/YY Inits Description of Change -// 12/02/98 ADL Original -// ************************************************************************************** - - -#include "stdafx.h" -#include "leash.h" -#include "Krb4AddToRealmHostList.h" - -#ifdef _DEBUG -#define new DEBUG_NEW -#undef THIS_FILE -static char THIS_FILE[] = __FILE__; -#endif - -///////////////////////////////////////////////////////////////////////////// -// CKrb4AddToRealmHostList dialog - - -CKrb4AddToRealmHostList::CKrb4AddToRealmHostList(CWnd* pParent /*=NULL*/) -: CDialog(CKrb4AddToRealmHostList::IDD, pParent) -{ - m_newRealm = _T(""); - m_newHost = _T(""); - m_newAdmin = TRUE; - m_startup = TRUE; - - //{{AFX_DATA_INIT(CKrb4AddToRealmHostList) - // NOTE: the ClassWizard will add member initialization here - //}}AFX_DATA_INIT -} - - -void CKrb4AddToRealmHostList::DoDataExchange(CDataExchange* pDX) -{ - CDialog::DoDataExchange(pDX); - //{{AFX_DATA_MAP(CKrb4AddToRealmHostList) - // NOTE: the ClassWizard will add DDX and DDV calls here - //}}AFX_DATA_MAP -} - - -BEGIN_MESSAGE_MAP(CKrb4AddToRealmHostList, CDialog) - //{{AFX_MSG_MAP(CKrb4AddToRealmHostList) - ON_EN_CHANGE(IDC_EDIT_DEFAULT_REALM, OnChangeEditDefaultRealm) - ON_EN_CHANGE(IDC_EDIT_REALM_HOSTNAME, OnChangeEditRealmHostname) - ON_WM_SHOWWINDOW() - ON_BN_CLICKED(IDC_RADIO_ADMIN_SERVER, OnRadioAdminServer) - ON_BN_CLICKED(IDC_RADIO_NO_ADMIN_SERVER, OnRadioNoAdminServer) - //}}AFX_MSG_MAP -END_MESSAGE_MAP() - -///////////////////////////////////////////////////////////////////////////// -// CKrb4AddToRealmHostList message handlers - -void CKrb4AddToRealmHostList::OnShowWindow(BOOL bShow, UINT nStatus) -{ - CDialog::OnShowWindow(bShow, nStatus); - m_startup = FALSE; -} - -void CKrb4AddToRealmHostList::OnChangeEditDefaultRealm() -{ - if (!m_startup) - GetDlgItemText(IDC_EDIT_DEFAULT_REALM, m_newRealm); -} - -void CKrb4AddToRealmHostList::OnChangeEditRealmHostname() -{ - if (!m_startup) - GetDlgItemText(IDC_EDIT_REALM_HOSTNAME, m_newHost); -} - -void CKrb4AddToRealmHostList::OnRadioAdminServer() -{ - m_newAdmin = TRUE; -} - -void CKrb4AddToRealmHostList::OnRadioNoAdminServer() -{ - m_newAdmin = FALSE; -} - -void CKrb4AddToRealmHostList::OnOK() -{ - m_newRealm.TrimLeft(); - m_newRealm.TrimRight(); - m_newHost.TrimLeft(); - m_newHost.TrimRight(); - - if (m_newRealm.IsEmpty() || m_newHost.IsEmpty()) - { // stay - MessageBox("OnOK::Both Realm and Host fields must be filled in!", - "Leash", MB_OK); - } - else if (-1 != m_newRealm.Find(' ') || -1 != m_newHost.Find(' ')) - { // stay - MessageBox("OnOK::Illegal space found!", "Leash", MB_OK); - } - - else - CDialog::OnOK(); // exit -} - -BOOL CKrb4AddToRealmHostList::OnInitDialog() -{ - CDialog::OnInitDialog(); - - CheckRadioButton(IDC_RADIO_ADMIN_SERVER, IDC_RADIO_NO_ADMIN_SERVER, IDC_RADIO_ADMIN_SERVER); - - return TRUE; -} diff -Nru krb5-1.16.2/src/windows/leash/Krb4AddToRealmHostList.h krb5-1.17/src/windows/leash/Krb4AddToRealmHostList.h --- krb5-1.16.2/src/windows/leash/Krb4AddToRealmHostList.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/Krb4AddToRealmHostList.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,75 +0,0 @@ -// ************************************************************************************** -// File: Krb4AddToRealmHostList.h -// By: Arthur David Leather -// Created: 12/02/98 -// Copyright @1998 Massachusetts Institute of Technology - All rights reserved. -// Description: H file for Krb4AddToRealmHostList.cpp Contains variables and functions -// for Kerberos Four Properties -// -// History: -// -// MM/DD/YY Inits Description of Change -// 12/02/98 ADL Original -// ************************************************************************************** - - -#if !defined(AFX_ADDTOREALMHOSTLIST_H__26A1E1F3_9117_11D2_94D0_0000861B8A3C__INCLUDED_) -#define AFX_ADDTOREALMHOSTLIST_H__26A1E1F3_9117_11D2_94D0_0000861B8A3C__INCLUDED_ - -#if _MSC_VER > 1000 -#pragma once -#endif // _MSC_VER > 1000 -// AddToRealmHostList.h : header file -// - -///////////////////////////////////////////////////////////////////////////// -// CKrb4AddToRealmHostList dialog - -class CKrb4AddToRealmHostList : public CDialog -{ -// Construction - CString m_newRealm; - CString m_newHost; - BOOL m_newAdmin; - BOOL m_startup; - -public: - CKrb4AddToRealmHostList(CWnd* pParent = NULL); // standard constructor - - CString GetNewRealm() {return m_newRealm;} - CString GetNewHost() {return m_newHost;} - BOOL GetNewAdmin() {return m_newAdmin;} - -// Dialog Data - //{{AFX_DATA(CKrb4AddToRealmHostList) - enum { IDD = IDD_KRB4_ADD_REALM }; - //}}AFX_DATA - - -// Overrides - // ClassWizard generated virtual function overrides - //{{AFX_VIRTUAL(CKrb4AddToRealmHostList) - protected: - virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support - //}}AFX_VIRTUAL - -// Implementation -protected: - - // Generated message map functions - //{{AFX_MSG(CKrb4AddToRealmHostList) - afx_msg void OnChangeEditDefaultRealm(); - afx_msg void OnChangeEditRealmHostname(); - afx_msg void OnShowWindow(BOOL bShow, UINT nStatus); - afx_msg void OnRadioAdminServer(); - afx_msg void OnRadioNoAdminServer(); - virtual void OnOK(); - virtual BOOL OnInitDialog(); - //}}AFX_MSG - DECLARE_MESSAGE_MAP() -}; - -//{{AFX_INSERT_LOCATION}} -// Microsoft Visual C++ will insert additional declarations immediately before the previous line. - -#endif // !defined(AFX_ADDTOREALMHOSTLIST_H__26A1E1F3_9117_11D2_94D0_0000861B8A3C__INCLUDED_) diff -Nru krb5-1.16.2/src/windows/leash/Krb4DomainRealmMaintenance.cpp krb5-1.17/src/windows/leash/Krb4DomainRealmMaintenance.cpp --- krb5-1.16.2/src/windows/leash/Krb4DomainRealmMaintenance.cpp 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/Krb4DomainRealmMaintenance.cpp 1970-01-01 00:00:00.000000000 +0000 @@ -1,268 +0,0 @@ -// ************************************************************************************** -// File: Krb4DomainRealmMaintenance.cpp -// By: Arthur David Leather -// Created: 12/02/98 -// Copyright @1998 Massachusetts Institute of Technology - All rights reserved. -// Description: CPP file for Krb4DomainRealmMaintenance.h. Contains variables and functions -// for Kerberos Four Properties -// -// History: -// -// MM/DD/YY Inits Description of Change -// 12/02/98 ADL Original -// ************************************************************************************** - -#include "stdafx.h" -#include "leash.h" -#include "KrbProperties.h" -#include "Krb4Properties.h" -#include "Krb4AddToDomainRealmList.h" -#include "Krb4EditDomainRealmList.h" -#include "Krb4DomainRealmMaintenance.h" -#include "lglobals.h" - -#ifdef _DEBUG -#define new DEBUG_NEW -#undef THIS_FILE -static char THIS_FILE[] = __FILE__; -#endif - -///////////////////////////////////////////////////////////////////////////// -// CKrb4DomainRealmMaintenance dialog - - -IMPLEMENT_DYNCREATE(CKrb4DomainRealmMaintenance, CPropertyPage) - -CKrb4DomainRealmMaintenance::CKrb4DomainRealmMaintenance() : - CPropertyPage(CKrb4DomainRealmMaintenance ::IDD) -{ - m_defectiveLines = 0; -} - -CKrb4DomainRealmMaintenance::~CKrb4DomainRealmMaintenance() -{ -} - -void CKrb4DomainRealmMaintenance::DoDataExchange(CDataExchange* pDX) -{ - CPropertyPage::DoDataExchange(pDX); - //{{AFX_DATA_MAP(CKrb4DomainRealmMaintenance) - DDX_Control(pDX, IDC_LIST_DOMAINREALM, m_realmDomainList); - //}}AFX_DATA_MAP -} - - -BEGIN_MESSAGE_MAP(CKrb4DomainRealmMaintenance, CPropertyPage) - //{{AFX_MSG_MAP(CKrb4DomainRealmMaintenance) - ON_BN_CLICKED(IDC_BUTTON_REALM_HOST_ADD, OnButtonRealmHostAdd) - ON_BN_CLICKED(ID_BUTTON_REALM_HOST_REMOVE, OnButtonRealmHostRemove) - ON_BN_CLICKED(IDC_BUTTON_REALM_HOST_EDIT, OnButtonRealmHostEdit) - ON_LBN_SELCHANGE(IDC_LIST_DOMAINREALM, OnSelchangeListDomainrealm) - ON_LBN_DBLCLK(IDC_LIST_DOMAINREALM, OnDblclkListDomainrealm) - ON_BN_CLICKED(IDC_BUTTON_HOSTMAINT_HELP, OnButtonHostmaintHelp) - //}}AFX_MSG_MAP -END_MESSAGE_MAP() - -///////////////////////////////////////////////////////////////////////////// -// CKrb4DomainRealmMaintenance message handlers - -BOOL CKrb4DomainRealmMaintenance::OnApply() -{ - CStdioFile krbrealmCon; - if (!krbrealmCon.Open(CKrbProperties::m_krbrealmPath, CFile::modeCreate | - CFile::modeNoTruncate | - CFile::modeReadWrite)) - { - LeashErrorBox("OnApply::Can't open Configuration File", - CKrbProperties::m_krbrealmPath); - return TRUE; - } - - memset(lineBuf, '\0', sizeof(lineBuf)); - krbrealmCon.SetLength(0); - krbrealmCon.WriteString(lineBuf); - for (INT maxItems = m_realmDomainList.GetCount(), item = 0; item < maxItems; item++) - { - memset(lineBuf, '\0', sizeof(lineBuf)); - if (!m_realmDomainList.GetText(item, lineBuf)) - break; - - krbrealmCon.WriteString(lineBuf); - krbrealmCon.WriteString("\n"); - } - - krbrealmCon.Close(); - - return TRUE; -} - -BOOL CKrb4DomainRealmMaintenance::OnInitDialog() -{ - CPropertyPage::OnInitDialog(); - CStdioFile krbrealmCon; - - if (!krbrealmCon.Open(CKrbProperties::m_krbrealmPath, CFile::modeReadWrite)) - { // can't find file, so lets set some defaults - CString defaultStr; - defaultStr.Format("%s %s", "MIT.EDU", KRB_REALM); - m_realmDomainList.AddString(defaultStr); - } - else - { - while (TRUE) - { - if (!krbrealmCon.ReadString(lineBuf, sizeof(lineBuf))) - break; - - *(lineBuf + strlen(lineBuf) - 1) = 0; - - if (!strchr(lineBuf, ' ') && !strchr(lineBuf, '\t')) - { // found a defective line - m_defectiveLines++; - } - - if (LB_ERR == m_realmDomainList.AddString(lineBuf)) - { - LeashErrorBox("OnInitDialog::Can't read Configuration File", - CKrbProperties::m_krbrealmPath); - krbrealmCon.Close(); - return FALSE; - } - } - - krbrealmCon.Close(); - } - - m_realmDomainList.SetCurSel(0); - - if (!m_realmDomainList.GetCount()) - { - GetDlgItem(ID_BUTTON_REALM_HOST_REMOVE)->EnableWindow(FALSE); - GetDlgItem(IDC_BUTTON_REALM_HOST_EDIT)->EnableWindow(FALSE); - } - - return TRUE; -} - -void CKrb4DomainRealmMaintenance::OnButtonRealmHostAdd() -{ - CKrb4AddToDomainRealmList addToDomainRealmList; - if (IDOK == addToDomainRealmList.DoModal()) - { - if (addToDomainRealmList.GetNewRealm().IsEmpty()) - ASSERT(0); - - CString newLine; - newLine = addToDomainRealmList.GetNewDomainHost() + " " + addToDomainRealmList.GetNewRealm(); - - // We don't want duplicate items in Listbox - CString ckDups; - for (INT item = 0; item < m_realmDomainList.GetCount(); item++) - { - m_realmDomainList.GetText(item, ckDups); - if (0 == ckDups.CompareNoCase(newLine)) - { // found duplicate item in Listbox - LeashErrorBox("OnButtonRealmHostAdd::Found a Duplicate Item\nCan't add to List", - ckDups); - return; - } - } - - m_realmDomainList.InsertString(0, newLine); - m_realmDomainList.SetCurSel(0); - SetModified(TRUE); - - if (1 == m_realmDomainList.GetCount()) - { - GetDlgItem(ID_BUTTON_REALM_HOST_REMOVE)->EnableWindow();GetDlgItem(IDC_BUTTON_REALM_HOST_EDIT)->EnableWindow(); - } - } -} - -void CKrb4DomainRealmMaintenance::OnButtonRealmHostRemove() -{ - if (IDYES != AfxMessageBox("Your about to remove an item from the list!\n\nContinue?", - MB_YESNO)) - return; - - INT curSel = m_realmDomainList.GetCurSel(); - m_realmDomainList.DeleteString(curSel); // Single Sel Listbox - - if (-1 == m_realmDomainList.SetCurSel(curSel)) - m_realmDomainList.SetCurSel(curSel - 1); - - if (!m_realmDomainList.GetCount()) - { - GetDlgItem(ID_BUTTON_REALM_HOST_REMOVE)->EnableWindow(FALSE); - GetDlgItem(IDC_BUTTON_REALM_HOST_EDIT)->EnableWindow(FALSE); - } - - SetModified(TRUE); -} - -void CKrb4DomainRealmMaintenance::OnButtonRealmHostEdit() -{ - INT selItemIndex = m_realmDomainList.GetCurSel(); - LPSTR pSelItem = new char[m_realmDomainList.GetTextLen(selItemIndex) + 1]; - if (!pSelItem) - ASSERT(0); - - CString selItem; - m_realmDomainList.GetText(selItemIndex, selItem); - strcpy(pSelItem, selItem); - - CKrb4EditDomainRealmList editDomainRealmList(pSelItem); - delete [] pSelItem; - - if (IDOK == editDomainRealmList.DoModal()) - { - CString editedItem = editDomainRealmList.GetEditedItem(); - if (0 != selItem.CompareNoCase(editedItem) && - LB_ERR != m_realmDomainList.FindStringExact(-1, editedItem)) - { - LeashErrorBox("OnButtonRealmHostEdit::Found a Duplicate!\nCan't add to List", - editedItem); - - return; - } - - m_realmDomainList.DeleteString(selItemIndex); - m_realmDomainList.InsertString(selItemIndex, editDomainRealmList.GetEditedItem()); - m_realmDomainList.SetCurSel(selItemIndex); - SetModified(TRUE); - } -} - -void CKrb4DomainRealmMaintenance::OnSelchangeListDomainrealm() -{ - //SetModified(TRUE); -} - -void CKrb4DomainRealmMaintenance::OnDblclkListDomainrealm() -{ - OnButtonRealmHostEdit(); -} - -BOOL CKrb4DomainRealmMaintenance::PreTranslateMessage(MSG* pMsg) -{ - if (m_defectiveLines) - { - if (m_defectiveLines == 1) - LeashErrorBox("Found a defective entry in file", - CKrbProperties::m_krbrealmPath, "Warning"); - else if (m_defectiveLines > 1) - LeashErrorBox("Found more then one defective entry in file", - CKrbProperties::m_krbrealmPath, "Warning"); - } - - m_defectiveLines = 0; - return CPropertyPage::PreTranslateMessage(pMsg); -} - - - - -void CKrb4DomainRealmMaintenance::OnButtonHostmaintHelp() -{ - MessageBox("No Help Available!", "Leash", MB_OK); -} diff -Nru krb5-1.16.2/src/windows/leash/Krb4DomainRealmMaintenance.h krb5-1.17/src/windows/leash/Krb4DomainRealmMaintenance.h --- krb5-1.16.2/src/windows/leash/Krb4DomainRealmMaintenance.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/Krb4DomainRealmMaintenance.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,76 +0,0 @@ -// ************************************************************************************** -// File: Krb4DomainRealmMaintenance.h -// By: Arthur David Leather -// Created: 12/02/98 -// Copyright @1998 Massachusetts Institute of Technology - All rights reserved. -// Description: H file for Krb4DomainRealmMaintenance.cpp. Contains variables and functions -// for Kerberos Four Properties -// -// History: -// -// MM/DD/YY Inits Description of Change -// 12/02/98 ADL Original -// ************************************************************************************** - - -#if !defined(AFX_REALMNAMEMAINTENANCE_H__9CA36918_8FC0_11D2_94CC_0000861B8A3C__INCLUDED_) -#define AFX_REALMNAMEMAINTENANCE_H__9CA36918_8FC0_11D2_94CC_0000861B8A3C__INCLUDED_ - -#if _MSC_VER > 1000 -#pragma once -#endif // _MSC_VER > 1000 -// RealmNameMaintenance.h : header file -// - -///////////////////////////////////////////////////////////////////////////// -// CKrb4DomainRealmMaintenance dialog - -class CKrb4DomainRealmMaintenance : public CPropertyPage -{ -// Construction -private: - DECLARE_DYNCREATE(CKrb4DomainRealmMaintenance) - CHAR lineBuf[MAXLINE]; - INT m_defectiveLines; - -public: - CKrb4DomainRealmMaintenance(); // standard constructor - virtual ~CKrb4DomainRealmMaintenance(); - -// Dialog Data - //{{AFX_DATA(CKrb4DomainRealmMaintenance) - enum { IDD = IDD_KRB4_DOMAINREALM_MAINT }; - CDragListBox m_realmDomainList; - //}}AFX_DATA - - -// Overrides - // ClassWizard generated virtual function overrides - //{{AFX_VIRTUAL(CKrb4DomainRealmMaintenance) - public: - virtual BOOL PreTranslateMessage(MSG* pMsg); - protected: - virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support - //}}AFX_VIRTUAL - -// Implementation -protected: - - // Generated message map functions - //{{AFX_MSG(CKrb4DomainRealmMaintenance) - virtual BOOL OnInitDialog(); - virtual BOOL OnApply(); - afx_msg void OnButtonRealmHostAdd(); - afx_msg void OnButtonRealmHostRemove(); - afx_msg void OnButtonRealmHostEdit(); - afx_msg void OnSelchangeListDomainrealm(); - afx_msg void OnDblclkListDomainrealm(); - afx_msg void OnButtonHostmaintHelp(); - //}}AFX_MSG - DECLARE_MESSAGE_MAP() -}; - -//{{AFX_INSERT_LOCATION}} -// Microsoft Visual C++ will insert additional declarations immediately before the previous line. - -#endif // !defined(AFX_REALMNAMEMAINTENANCE_H__9CA36918_8FC0_11D2_94CC_0000861B8A3C__INCLUDED_) diff -Nru krb5-1.16.2/src/windows/leash/Krb4EditDomainRealmList.cpp krb5-1.17/src/windows/leash/Krb4EditDomainRealmList.cpp --- krb5-1.16.2/src/windows/leash/Krb4EditDomainRealmList.cpp 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/Krb4EditDomainRealmList.cpp 1970-01-01 00:00:00.000000000 +0000 @@ -1,151 +0,0 @@ -// ************************************************************************************** -// File: Krb4EditDomainRealmList.cpp -// By: Arthur David Leather -// Created: 12/02/98 -// Copyright @1998 Massachusetts Institute of Technology - All rights reserved. -// Description: CPP file for Krb4EditDomainRealmList.h. Contains variables and functions -// for Kerberos Four Properites -// -// History: -// -// MM/DD/YY Inits Description of Change -// 12/02/98 ADL Original -// ************************************************************************************** - - -#include "stdafx.h" -#include "leash.h" -#include "Krb4Properties.h" -#include "Krb4EditDomainRealmList.h" -#include "lglobals.h" - -#ifdef _DEBUG -#define new DEBUG_NEW -#undef THIS_FILE -static char THIS_FILE[] = __FILE__; -#endif - -///////////////////////////////////////////////////////////////////////////// -// CKrb4EditDomainRealmList dialog - - -CKrb4EditDomainRealmList::CKrb4EditDomainRealmList(LPSTR editItem, CWnd* pParent) - : CDialog(CKrb4EditDomainRealmList::IDD, pParent) -{ - m_startup = TRUE; - m_editItem = _T(""); - - // Parse the passed in item - LPSTR pEditItem = editItem; - LPSTR findSpace = strchr(editItem, ' '); - if (findSpace) - *findSpace = 0; - else - { -////@#+This hack doesn't seem right -#ifndef NO_KRB4 - - LeashErrorBox("This is a defective entry in file", - CKrb4ConfigFileLocation::m_newKrbrealmFile); -#endif - ASSERT(0); - m_initDomainHost = m_newDomainHost = editItem; - m_initRealm = m_newRealm = _T(""); - return; - } - - m_initDomainHost = m_newDomainHost = editItem; // first token - - pEditItem = strchr(editItem, '\0'); - if (pEditItem) - { - pEditItem++; - findSpace++; - } - else - ASSERT(0); - - findSpace = strchr(pEditItem, ' '); - if (findSpace) - { - *findSpace = 0; - } - - m_initRealm = m_newRealm = pEditItem; // second token - - //{{AFX_DATA_INIT(CKrb4EditDomainRealmList) - // NOTE: the ClassWizard will add member initialization here - //}}AFX_DATA_INIT -} - -void CKrb4EditDomainRealmList::DoDataExchange(CDataExchange* pDX) -{ - CDialog::DoDataExchange(pDX); - //{{AFX_DATA_MAP(CKrb4EditDomainRealmList) - // NOTE: the ClassWizard will add DDX and DDV calls here - //}}AFX_DATA_MAP -} - - -BEGIN_MESSAGE_MAP(CKrb4EditDomainRealmList, CDialog) - //{{AFX_MSG_MAP(CKrb4EditDomainRealmList) - ON_WM_SHOWWINDOW() - ON_EN_CHANGE(IDC_EDIT_REALMNAME, OnChangeEditDefaultRealm) - ON_EN_CHANGE(IDC_EDIT_DOMAINHOST, OnChangeEditRealmHostname) - //}}AFX_MSG_MAP -END_MESSAGE_MAP() - -///////////////////////////////////////////////////////////////////////////// -// CKrb4EditDomainRealmList message handlers - - -void CKrb4EditDomainRealmList::OnShowWindow(BOOL bShow, UINT nStatus) -{ - CDialog::OnShowWindow(bShow, nStatus); - m_startup = FALSE; -} - -BOOL CKrb4EditDomainRealmList::OnInitDialog() -{ - CDialog::OnInitDialog(); - - SetDlgItemText(IDC_EDIT_REALMNAME, m_newRealm); - SetDlgItemText(IDC_EDIT_DOMAINHOST, m_newDomainHost); - - return TRUE; -} - -void CKrb4EditDomainRealmList::OnChangeEditDefaultRealm() -{ - if (!m_startup) - GetDlgItemText(IDC_EDIT_REALMNAME, m_newRealm); -} - -void CKrb4EditDomainRealmList::OnChangeEditRealmHostname() -{ - if (!m_startup) - GetDlgItemText(IDC_EDIT_DOMAINHOST, m_newDomainHost); -} - -void CKrb4EditDomainRealmList::OnOK() -{ - m_newRealm.TrimLeft(); - m_newRealm.TrimRight(); - m_newDomainHost.TrimLeft(); - m_newDomainHost.TrimRight(); - - if (m_newRealm.IsEmpty() || m_newDomainHost.IsEmpty()) - { // stay - MessageBox("OnOK::Both Domain-Host and Realm fields must be filled in!", - "Leash", MB_OK); - } - else if (-1 != m_newRealm.Find(' ') || -1 != m_newDomainHost.Find(' ')) - { // stay - MessageBox("OnOK::Illegal space found!", "Leash", MB_OK); - } - - else - CDialog::OnOK(); // exit - - m_editItem = m_newDomainHost + " " + m_newRealm; -} diff -Nru krb5-1.16.2/src/windows/leash/Krb4EditDomainRealmList.h krb5-1.17/src/windows/leash/Krb4EditDomainRealmList.h --- krb5-1.16.2/src/windows/leash/Krb4EditDomainRealmList.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/Krb4EditDomainRealmList.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,77 +0,0 @@ -// ************************************************************************************** -// File: Krb4EditDomainRealmList.h -// By: Arthur David Leather -// Created: 12/02/98 -// Copyright @1998 Massachusetts Institute of Technology - All rights reserved. -// Description: H file for Krb4EditDomainRealmList.cpp. Contains variables and functions -// for Kerberos Four Properites -// -// History: -// -// MM/DD/YY Inits Description of Change -// 12/02/98 ADL Original -// ************************************************************************************** - - -#if !defined(AFX_KRB4EDITDOMAINREALMLIST_H__F4D41684_96A4_11D2_94E2_0000861B8A3C__INCLUDED_) -#define AFX_KRB4EDITDOMAINREALMLIST_H__F4D41684_96A4_11D2_94E2_0000861B8A3C__INCLUDED_ - -#if _MSC_VER > 1000 -#pragma once -#endif // _MSC_VER > 1000 -// CKrb4EditDomainRealmList.h : header file -// - -///////////////////////////////////////////////////////////////////////////// -// CKrb4EditDomainRealmList dialog - -class CKrb4EditDomainRealmList : public CDialog -{ -// Construction -private: - CString m_editItem; - CString m_initRealm; - CString m_newRealm; - CString m_initDomainHost; - CString m_newDomainHost; - BOOL m_startup; - - -public: - CKrb4EditDomainRealmList(LPSTR editItem, CWnd* pParent = NULL); - CString GetEditedItem() {return m_editItem;} - CString GetRealm() {return m_newRealm;} - CString GetDomainHost() {return m_newDomainHost;} - -// Dialog Data - //{{AFX_DATA(CKrb4EditDomainRealmList) - enum { IDD = IDD_KRB4_EDIT_DOMAINREALMNAME }; - // NOTE: the ClassWizard will add data members here - //}}AFX_DATA - - -// Overrides - // ClassWizard generated virtual function overrides - //{{AFX_VIRTUAL(CKrb4EditDomainRealmList) - protected: - virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support - //}}AFX_VIRTUAL - -// Implementation -protected: - - // Generated message map functions - //{{AFX_MSG(CKrb4EditDomainRealmList) - afx_msg void OnShowWindow(BOOL bShow, UINT nStatus); - virtual BOOL OnInitDialog(); - afx_msg void OnChangeEditDefaultRealm(); - afx_msg void OnChangeEditRealmHostname(); - virtual void OnOK(); - //}}AFX_MSG - DECLARE_MESSAGE_MAP() -}; - -//{{AFX_INSERT_LOCATION}} -// Microsoft Visual C++ will insert additional declarations immediately before the previous line. - -#endif // !defined(AFX_KRB4EDITDOMAINREALMLIST_H__F4D41684_96A4_11D2_94E2_0000861B8A3C__INCLUDED_) diff -Nru krb5-1.16.2/src/windows/leash/Krb4EditRealmHostList.cpp krb5-1.17/src/windows/leash/Krb4EditRealmHostList.cpp --- krb5-1.16.2/src/windows/leash/Krb4EditRealmHostList.cpp 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/Krb4EditRealmHostList.cpp 1970-01-01 00:00:00.000000000 +0000 @@ -1,193 +0,0 @@ -// ************************************************************************************** -// File: Krb4EditRealmHostList.cpp -// By: Arthur David Leather -// Created: 12/02/98 -// Copyright @1998 Massachusetts Institute of Technology - All rights reserved. -// Description: CPP file for Krb4EditRealmHostList.h. Contains variables and functions -// for Kerberos Four Properties -// -// History: -// -// MM/DD/YY Inits Description of Change -// 12/02/98 ADL Original -// ************************************************************************************** - - -#include "stdafx.h" -#include "leash.h" -#include "Krb4Properties.h" -#include "Krb4EditRealmHostList.h" -#include "lglobals.h" - -#ifdef _DEBUG -#define new DEBUG_NEW -#undef THIS_FILE -static char THIS_FILE[] = __FILE__; -#endif - -///////////////////////////////////////////////////////////////////////////// -// CKrb4EditRealmHostList dialog - -CKrb4EditRealmHostList::CKrb4EditRealmHostList(LPSTR editItem, CWnd* pParent) - : CDialog(CKrb4EditRealmHostList::IDD, pParent) -{ - m_startup = TRUE; - m_editItem = _T(""); - -/* - // Parse the passed in item - LPSTR pEditItem = editItem; - LPSTR findSpace = strchr(editItem, ' '); - if (findSpace) - *findSpace = 0; - else - { - LeashErrorBox("This is a defective entry in file", - CKrb4ConfigFileLocation::m_krbFile); - ASSERT(0); - m_initRealm = m_newRealm = editItem; - m_initHost = m_newHost = _T(""); - } - - m_initRealm = m_newRealm = editItem; // first token - - pEditItem = strchr(editItem, '\0'); - if (pEditItem) - { - pEditItem++; - findSpace++; - } - else - ASSERT(0); - - findSpace = strchr(pEditItem, ' '); - if (findSpace) - { - *findSpace = 0; - } - else - { - m_initAdmin = m_newAdmin = FALSE; - m_initHost = m_newHost = pEditItem; // second token - return; - } - - m_initHost = m_newHost = pEditItem; // second token - - findSpace++; - pEditItem = findSpace; - if (pEditItem) - { - if (strstr(pEditItem, "admin server")) - m_initAdmin = m_newAdmin = TRUE; - //else - //; It must be something else??? :( - } - else - ASSERT(0); -*/ - //{{AFX_DATA_INIT(CKrb4EditRealmHostList) - // NOTE: the ClassWizard will add member initialization here - //}}AFX_DATA_INIT -} - -void CKrb4EditRealmHostList::DoDataExchange(CDataExchange* pDX) -{ - CDialog::DoDataExchange(pDX); - //{{AFX_DATA_MAP(CKrb4EditRealmHostList) - // NOTE: the ClassWizard will add DDX and DDV calls here - //}}AFX_DATA_MAP -} - - -BEGIN_MESSAGE_MAP(CKrb4EditRealmHostList, CDialog) - //{{AFX_MSG_MAP(CKrb4EditRealmHostList) - ON_WM_SHOWWINDOW() - ON_EN_CHANGE(IDC_EDIT_DEFAULT_REALM, OnChangeEditDefaultRealm) - ON_EN_CHANGE(IDC_EDIT_REALM_HOSTNAME, OnChangeEditRealmHostname) - ON_BN_CLICKED(IDC_RADIO_ADMIN_SERVER, OnRadioAdminServer) - ON_BN_CLICKED(IDC_RADIO_NO_ADMIN_SERVER, OnRadioNoAdminServer) - //}}AFX_MSG_MAP -END_MESSAGE_MAP() - -///////////////////////////////////////////////////////////////////////////// -// CKrb4EditRealmHostList message handlers - -BOOL CKrb4EditRealmHostList::OnInitDialog() -{ - CDialog::OnInitDialog(); - - SetDlgItemText(IDC_EDIT_DEFAULT_REALM, m_newRealm); - SetDlgItemText(IDC_EDIT_REALM_HOSTNAME, m_newHost); - - if (m_initAdmin) - { // has Admin Server - CheckRadioButton(IDC_RADIO_ADMIN_SERVER, IDC_RADIO_NO_ADMIN_SERVER, IDC_RADIO_ADMIN_SERVER); - } - else - { // no Admin Server - CheckRadioButton(IDC_RADIO_ADMIN_SERVER, IDC_RADIO_NO_ADMIN_SERVER, IDC_RADIO_NO_ADMIN_SERVER); - } - - //GetDlgItem(IDC_EDIT_DEFAULT_REALM)->EnableWindow(); - //GetDlgItem(IDC_EDIT_DEFAULT_REALM)->SetFocus(); - - return TRUE; -} - -void CKrb4EditRealmHostList::OnShowWindow(BOOL bShow, UINT nStatus) -{ - CDialog::OnShowWindow(bShow, nStatus); - m_startup = FALSE; -} - -void CKrb4EditRealmHostList::OnChangeEditDefaultRealm() -{ - if (!m_startup) - GetDlgItemText(IDC_EDIT_DEFAULT_REALM, m_newRealm); -} - -void CKrb4EditRealmHostList::OnChangeEditRealmHostname() -{ - if (!m_startup) - GetDlgItemText(IDC_EDIT_REALM_HOSTNAME, m_newHost); -} - -void CKrb4EditRealmHostList::OnRadioAdminServer() -{ - m_newAdmin = TRUE; -} - -void CKrb4EditRealmHostList::OnRadioNoAdminServer() -{ - m_newAdmin = FALSE; -} - -void CKrb4EditRealmHostList::OnOK() -{ - m_newRealm.TrimLeft(); - m_newRealm.TrimRight(); - m_newHost.TrimLeft(); - m_newHost.TrimRight(); - - if (m_newRealm.IsEmpty() || m_newHost.IsEmpty()) - { // stay - MessageBox("OnOK::Both Realm and Host fields must be filled in!", - "Leash", MB_OK); - } - else if (-1 != m_newRealm.Find(' ') || -1 != m_newHost.Find(' ')) - { // stay - MessageBox("OnOK::Illegal space found!", "Leash", MB_OK); - } - - else - CDialog::OnOK(); // exit - - m_editItem = m_newRealm + " " + m_newHost; - - if (m_newAdmin) - { - m_editItem += " "; - m_editItem += ADMIN_SERVER; - } -} diff -Nru krb5-1.16.2/src/windows/leash/Krb4EditRealmHostList.h krb5-1.17/src/windows/leash/Krb4EditRealmHostList.h --- krb5-1.16.2/src/windows/leash/Krb4EditRealmHostList.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/Krb4EditRealmHostList.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,79 +0,0 @@ -// ************************************************************************************** -// File: Krb4EditRealmHostList.h -// By: Arthur David Leather -// Created: 12/02/98 -// Copyright @1998 Massachusetts Institute of Technology - All rights reserved. -// Description: H file for Krb4EditRealmHostList.cpp. Contains variables and functions -// for Kerberos Four Properties -// -// History: -// -// MM/DD/YY Inits Description of Change -// 12/02/98 ADL Original -// ************************************************************************************** - - - -#if !defined(AFX_EDITREALMHOSTLIST_H__26A1E1F7_9117_11D2_94D0_0000861B8A3C__INCLUDED_) -#define AFX_EDITREALMHOSTLIST_H__26A1E1F7_9117_11D2_94D0_0000861B8A3C__INCLUDED_ - -#if _MSC_VER > 1000 -#pragma once -#endif // _MSC_VER > 1000 -// EditRealmHostList.h : header file -// - -///////////////////////////////////////////////////////////////////////////// -// CKrb4EditRealmHostList dialog - -class CKrb4EditRealmHostList : public CDialog -{ -// Construction -private: - CString m_editItem; - CString m_initRealm; - CString m_newRealm; - CString m_initHost; - CString m_newHost; - BOOL m_initAdmin; - BOOL m_newAdmin; - BOOL m_startup; - -public: - CKrb4EditRealmHostList(LPSTR editItem, CWnd* pParent = NULL); - CString GetEditedItem() {return m_editItem;} - CString GetNewRealm() {return m_newRealm;} - -// Dialog Data - //{{AFX_DATA(CKrb4EditRealmHostList) - enum { IDD = IDD_KRB4_EDIT_REALM }; - //}}AFX_DATA - - -// Overrides - // ClassWizard generated virtual function overrides - //{{AFX_VIRTUAL(CKrb4EditRealmHostList) - protected: - virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support - //}}AFX_VIRTUAL - -// Implementation -protected: - - // Generated message map functions - //{{AFX_MSG(CKrb4EditRealmHostList) - afx_msg void OnShowWindow(BOOL bShow, UINT nStatus); - afx_msg void OnChangeEditDefaultRealm(); - afx_msg void OnChangeEditRealmHostname(); - afx_msg void OnRadioAdminServer(); - afx_msg void OnRadioNoAdminServer(); - virtual void OnOK(); - virtual BOOL OnInitDialog(); - //}}AFX_MSG - DECLARE_MESSAGE_MAP() -}; - -//{{AFX_INSERT_LOCATION}} -// Microsoft Visual C++ will insert additional declarations immediately before the previous line. - -#endif // !defined(AFX_EDITREALMHOSTLIST_H__26A1E1F7_9117_11D2_94D0_0000861B8A3C__INCLUDED_) diff -Nru krb5-1.16.2/src/windows/leash/Krb4Properties.cpp krb5-1.17/src/windows/leash/Krb4Properties.cpp --- krb5-1.16.2/src/windows/leash/Krb4Properties.cpp 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/Krb4Properties.cpp 1970-01-01 00:00:00.000000000 +0000 @@ -1,390 +0,0 @@ -// ************************************************************************************** -// File: Krb4Properties.cpp -// By: Arthur David Leather -// Created: 12/02/98 -// Copyright @1998 Massachusetts Institute of Technology - All rights reserved. -// Description: CPP file for KrbProperties.h. Contains variables and functions -// for Kerberos Four Properties -// -// History: -// -// MM/DD/YY Inits Description of Change -// 12/02/98 ADL Original -// ************************************************************************************** - - - -#include "stdafx.h" -#include "Leash.h" -#include "Krb4Properties.h" -#include "LeashFileDialog.h" -#include "LeashMessageBox.h" -#include "wshelper.h" -#include "lglobals.h" -#include -#include -#include "reminder.h" - -#ifdef _DEBUG -#define new DEBUG_NEW -#undef THIS_FILE -static char THIS_FILE[] = __FILE__; -#endif - -/////////////////////////////////////////////////////////////////////// -// CKrb4ConfigFileLocation property page - -IMPLEMENT_DYNCREATE(CKrb4ConfigFileLocation, CPropertyPage) - -CString CKrb4ConfigFileLocation::m_newKrbFile; -CString CKrb4ConfigFileLocation::m_newKrbrealmFile; - -CKrb4ConfigFileLocation::CKrb4ConfigFileLocation() : CPropertyPage(CKrb4ConfigFileLocation::IDD) -{ - m_newTicketFile = _T(""); - m_newKrbFile = _T(""); - m_newKrbrealmFile = _T(""); - m_initKrbFile = _T(""); - m_initKrbrealmFile = _T(""); - m_initTicketFile = _T(""); - m_noKrbrealmFileStartupWarning = FALSE; - m_noKrbFileStartupWarning = FALSE; - - m_startupPage1 = TRUE; - - //{{AFX_DATA_INIT(CKrb4ConfigFileLocation) - //}}AFX_DATA_INIT -} - -CKrb4ConfigFileLocation::~CKrb4ConfigFileLocation() -{ -} - -BOOL CKrb4ConfigFileLocation::OnInitDialog() -{ - CPropertyPage::OnInitDialog(); - - INT krbCreate = 0; - INT krbrealmCreate = 0; - CHAR krb_path[MAX_PATH]; - CHAR krbrealm_path[MAX_PATH]; - CHAR ticketName[MAX_PATH]; - unsigned int krb_path_sz = sizeof(krb_path); - unsigned int krbrealm_path_sz = sizeof(krbrealm_path); - CString strMessage; - - - // Set KRB.CON - memset(krb_path, '\0', sizeof(krb_path)); - if (!pkrb_get_krbconf2(krb_path, &krb_path_sz)) - { // Error has happened - m_noKrbFileStartupWarning = TRUE; - } - else - { // normal find - m_initKrbFile = krb_path; - m_newKrbFile = m_initKrbFile; - SetDlgItemText(IDC_EDIT_KRB_LOC, m_initKrbFile); - } - - // Set KRBREALM.CON - memset(krbrealm_path, '\0', sizeof(krbrealm_path)); - if (!pkrb_get_krbrealm2(krbrealm_path, &krbrealm_path_sz)) - { - // Error has happened - m_noKrbrealmFileStartupWarning = TRUE; - } - else - { - // normal find - m_initKrbrealmFile = krbrealm_path; - m_newKrbrealmFile = m_initKrbrealmFile; - SetDlgItemText(IDC_EDIT_KRBREALM_LOC, m_initKrbrealmFile); - } - - if (pLeash_get_lock_file_locations() || - getenv("KRB4_KRB.REALMS") || getenv("KRB4_KRB.CONF") || getenv("KRB4_CONFIG")) - { - GetDlgItem(IDC_EDIT_KRB_LOC)->EnableWindow(FALSE); - GetDlgItem(IDC_EDIT_KRBREALM_LOC)->EnableWindow(FALSE); - GetDlgItem(IDC_BUTTON_KRB_BROWSE)->EnableWindow(FALSE); - GetDlgItem(IDC_BUTTON_KRBREALM_BROWSE)->EnableWindow(FALSE); - } - else if ( !(getenv("KRB4_KRB.REALMS") || getenv("KRB4_KRB.CONF") || getenv("KRB4_CONFIG")) ) - { - GetDlgItem(IDC_STATIC_CONFILES)->ShowWindow(FALSE); - } - - - // Set TICKET.KRB file Editbox - *ticketName = NULL; - pkrb_set_tkt_string(0); - - char *pticketName = ptkt_string(); - if (pticketName) - strcpy(ticketName, pticketName); - - if (!*ticketName) - { - LeashErrorBox("OnInitDialog::Can't locate ticket file", TICKET_FILE); - } - else - { - m_initTicketFile = m_newTicketFile = ticketName; - m_ticketEditBox.ReplaceSel(m_initTicketFile); - } - - if (getenv("KRBTKFILE")) - GetDlgItem(IDC_EDIT_TICKET_FILE)->EnableWindow(FALSE); - else - GetDlgItem(IDC_STATIC_TXT)->ShowWindow(FALSE); - - return FALSE; -} - -BOOL CKrb4ConfigFileLocation::OnApply() -{ - // Krb.con - if (0 != m_initKrbFile.CompareNoCase(m_newKrbFile)) - { - // Commit changes - if (SetRegistryVariable("krb.conf", m_newKrbFile, - "Software\\MIT\\Kerberos4")) - { - MessageBox("Failed to set \"Krb.conf\"!", "Error", MB_OK); - } - - m_initKrbFile = m_newKrbFile; - } - - // Krbrealms.con - if (0 != m_initKrbrealmFile.CompareNoCase(m_newKrbrealmFile)) - { - // Commit changes - if (SetRegistryVariable("krb.realms", m_newKrbrealmFile, - "Software\\MIT\\Kerberos4")) - { - MessageBox("Failed to set \"krb.realms\"!", "Error", MB_OK); - } - - m_initKrbrealmFile = m_newKrbrealmFile; - } - - // Ticket file - if (0 != m_initTicketFile.CompareNoCase(m_newTicketFile)) - { - if (getenv("KRBTKFILE")) - { - // Just in case they set (somehow) KRBTKFILE while this box is up - MessageBox("OnApply::Ticket file is set in your System's\ - Environment!\nYou must first remove it.", - "Error", MB_OK); - - return TRUE; - } - - // Commit changes - if (SetRegistryVariable("ticketfile", m_newTicketFile, - "Software\\MIT\\Kerberos4")) - { - MessageBox("Failed to set \"ticketfile\"!", "Error", MB_OK); - } - - m_initTicketFile = m_newTicketFile; - } - - return TRUE; -} - -VOID CKrb4ConfigFileLocation::OnOK() -{ - CPropertyPage::OnOK(); -} - -VOID CKrb4ConfigFileLocation::DoDataExchange(CDataExchange* pDX) -{ - TRACE("Entering CKrb4ConfigFileLocation::DoDataExchange -- %d\n", - pDX->m_bSaveAndValidate); - CPropertyPage::DoDataExchange(pDX); - //{{AFX_DATA_MAP(CKrb4ConfigFileLocation) - DDX_Control(pDX, IDC_EDIT_TICKET_FILE, m_ticketEditBox); - //}}AFX_DATA_MAP -} - - -VOID CKrb4ConfigFileLocation::OnButtonKrbBrowse() -{ - CString msg; - msg.Format("Select %s Location", KRB_FILE); - - CString krb_path = "*.*"; - CLeashFileDialog dlgFile(TRUE, NULL, krb_path, "Kerbereos Four Config. File (.con)"); - dlgFile.m_ofn.lpstrTitle = msg; - - if (IDOK == dlgFile.DoModal()) - { - //m_newKrbFile = dlgFile.GetSelectedFileName(); - m_newKrbFile= dlgFile.GetPathName(); - SetDlgItemText(IDC_EDIT_KRB_LOC, m_newKrbFile); - SetModified(TRUE); - } -} - -VOID CKrb4ConfigFileLocation::OnButtonKrbrealmBrowse() -{ - CString msg; - msg.Format("Select %s Location", KRBREALM_FILE); - - CString krbrealm_path = "*.*"; - CLeashFileDialog dlgFile(TRUE, NULL, krbrealm_path, "Kerbereos Four Config. File (.con)"); - dlgFile.m_ofn.lpstrTitle = msg; - - if (IDOK == dlgFile.DoModal()) - { - //m_krbrealmFile = dlgFile.GetSelectedFileName(); - m_newKrbrealmFile = dlgFile.GetPathName(); - SetDlgItemText(IDC_EDIT_KRB_KRBREALM_LOC, m_newKrbrealmFile); - SetModified(TRUE); - } -} - -/* -VOID CKrb4ConfigFileLocation::OnButtonTicketfileBrowse() -{ - CString ticketPath = *.*"; - CLeashFileDialog dlgFile(TRUE, NULL, ticketPath, "Kerberos Four Ticket File (.con)"); - CString msg; - msg.Format("Select Location/Ticket File (Default file = %s)", TICKET_FILE); - dlgFile.m_ofn.lpstrTitle = msg; - while (TRUE) - { - if (IDOK == dlgFile.DoModal()) - { - m_newTicketFile = dlgFile.GetPathName(); - SetDlgItemText(IDC_EDIT_TICKET_FILE, m_newTicketFile); - SetModified(TRUE); - break; - } - else - break; - } -} -*/ - -void CKrb4ConfigFileLocation::OnChangeEditKrbLoc() -{ - if (!m_startupPage1) - { - GetDlgItemText(IDC_EDIT_KRB_LOC, m_newKrbFile); - SetModified(TRUE); - } -} - -void CKrb4ConfigFileLocation::OnChangeEditKrbrealmLoc() -{ - if (!m_startupPage1) - { - GetDlgItemText(IDC_EDIT_KRBREALM_LOC, m_newKrbrealmFile); - SetModified(TRUE); - } -} - -void CKrb4ConfigFileLocation::OnChangeEditTicketFile() -{ - if (!m_startupPage1) - { - GetDlgItemText(IDC_EDIT_TICKET_FILE, m_newTicketFile); - SetModified(TRUE); - } -} - -VOID CKrb4ConfigFileLocation::OnShowWindow(BOOL bShow, UINT nStatus) -{ - CPropertyPage::OnShowWindow(bShow, nStatus); -} - -VOID CKrb4ConfigFileLocation::OnCancel() -{ - CPropertyPage::OnCancel(); -} - -void CKrb4ConfigFileLocation::OnHelp() -{ -#ifdef CALL_HTMLHELP - AfxGetApp()->HtmlHelp(HID_KRB4_PROPERTIES_COMMAND); -#else - AfxGetApp()->WinHelp(HID_KRB4_PROPERTIES_COMMAND); -#endif -} - -BOOL CKrb4ConfigFileLocation::PreTranslateMessage(MSG* pMsg) -{ - // TODO: Add your specialized code here and/or call the base class - CString wmsg; - if (m_startupPage1) - { - if (m_noKrbFileStartupWarning) - { - wmsg.Format("OnInitDialog::Can't locate configuration file: %s.", - KRB_FILE); - MessageBox(wmsg, "Leash", MB_OK); - m_noKrbFileStartupWarning = FALSE; - } - - if (m_noKrbrealmFileStartupWarning) - { - wmsg.Format("OnInitDialog::Can't locate configuration file: %s.", - KRBREALM_FILE); - MessageBox(wmsg, "Leash", MB_OK); - m_noKrbrealmFileStartupWarning = FALSE; - } - } - - m_startupPage1 = FALSE; - return CPropertyPage::PreTranslateMessage(pMsg); -} - - -BEGIN_MESSAGE_MAP(CKrb4ConfigFileLocation, CPropertyPage) - //{{AFX_MSG_MAP(CKrb4ConfigFileLocation) - ON_BN_CLICKED(IDC_BUTTON_KRB_BROWSE, OnButtonKrbBrowse) - ON_BN_CLICKED(IDC_BUTTON_KRBREALM_BROWSE, OnButtonKrbrealmBrowse) - ON_WM_SHOWWINDOW() - ON_EN_CHANGE(IDC_EDIT_TICKET_FILE, OnChangeEditTicketFile) - ON_COMMAND(ID_HELP, OnHelp) - ON_EN_CHANGE(IDC_EDIT_KRB_LOC, OnChangeEditKrbLoc) - ON_EN_CHANGE(IDC_EDIT_KRBREALM_LOC, OnChangeEditKrbrealmLoc) - //}}AFX_MSG_MAP -END_MESSAGE_MAP() - - -/////////////////////////////////////////////////////////////////////// -// CKrb4Properties - -IMPLEMENT_DYNAMIC(CKrb4Properties, CPropertySheet) -CKrb4Properties::CKrb4Properties(UINT nIDCaption, CWnd* pParentWnd, - UINT iSelectPage) -:CPropertySheet(nIDCaption, pParentWnd, iSelectPage) -{ -} - -CKrb4Properties::CKrb4Properties(LPCTSTR pszCaption, CWnd* pParentWnd, - UINT iSelectPage) -:CPropertySheet(pszCaption, pParentWnd, iSelectPage) -{ - AddPage(&m_fileLocation); -} - -CKrb4Properties::~CKrb4Properties() -{ -} - - -BEGIN_MESSAGE_MAP(CKrb4Properties, CPropertySheet) - //{{AFX_MSG_MAP(CKrb4Properties) - // NOTE - the ClassWizard will add and remove mapping macros here. - //}}AFX_MSG_MAP -END_MESSAGE_MAP() - -/////////////////////////////////////////////////////////////////////// -// CKrb4Properties message handlers diff -Nru krb5-1.16.2/src/windows/leash/Krb4Properties.h krb5-1.17/src/windows/leash/Krb4Properties.h --- krb5-1.16.2/src/windows/leash/Krb4Properties.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/Krb4Properties.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,138 +0,0 @@ -// ************************************************************************************** -// File: Krb4Properties.h -// By: Arthur David Leather -// Created: 12/02/98 -// Copyright @1998 Massachusetts Institute of Technology - All rights reserved. -// Description: H file for KrbProperties.cpp. Contains variables and functions -// for Kerberos Four Properties -// -// History: -// -// MM/DD/YY Inits Description of Change -// 12/02/98 ADL Original -// ************************************************************************************** - - -#if !defined(AFX_PROPERTY_H__CD702F99_7495_11D0_8FDC_00C04FC2A0C2__INCLUDED_) -#define AFX_PROPERTY_H__CD702F99_7495_11D0_8FDC_00C04FC2A0C2__INCLUDED_ - -#if _MSC_VER >= 1000 -#pragma once -#endif // _MSC_VER >= 1000 -// Krb4Properties.h : header file -// - -#include "Resource.h" -//#include "Krb4RealmHostMaintenance.h" -//#include "Krb4DomainRealmMaintenance.h" - -/////////////////////////////////////////////////////////////////////// -// CKrb4ConfigFileLocation dialog - -class CKrb4ConfigFileLocation : public CPropertyPage -{ -// Construction -private: - DECLARE_DYNCREATE(CKrb4ConfigFileLocation) - CString m_ticketFile; - CString m_newTicketFile; - static CString m_newKrbFile; - static CString m_newKrbrealmFile; // static for the CKrb4EditDomainRealmList class - CString m_initKrbFile; - CString m_initKrbrealmFile; - CString m_initTicketFile; - - BOOL m_noKrbFileStartupWarning; - BOOL m_noKrbrealmFileStartupWarning; - BOOL m_startupPage1; - -public: - CKrb4ConfigFileLocation(); - ~CKrb4ConfigFileLocation(); - -// Dialog Data - //{{AFX_DATA(CKrb4ConfigFileLocation) - enum { IDD = IDD_KRB4_PROP_LOCATION }; - CEdit m_ticketEditBox; - //}}AFX_DATA - - -// Overrides - // ClassWizard generate virtual function overrides - //{{AFX_VIRTUAL(CKrb4ConfigFileLocation) - public: - virtual VOID OnCancel(); - virtual BOOL PreTranslateMessage(MSG* pMsg); - protected: - virtual VOID DoDataExchange(CDataExchange* pDX); // DDX/DDV support - //}}AFX_VIRTUAL - - virtual VOID OnOK(); - virtual BOOL OnApply(); - -// Implementation -protected: - // Generated message map functions - //{{AFX_MSG(CKrb4ConfigFileLocation) - virtual BOOL OnInitDialog(); - afx_msg VOID OnButtonKrbBrowse(); - afx_msg VOID OnButtonKrbrealmBrowse(); - afx_msg void OnShowWindow(BOOL bShow, UINT nStatus); - afx_msg void OnChangeEditTicketFile(); - afx_msg void OnHelp(); - afx_msg void OnChangeEditKrbLoc(); - afx_msg void OnChangeEditKrbrealmLoc(); - //}}AFX_MSG - DECLARE_MESSAGE_MAP() - -}; - - -////////////////////////////////////////////////////////////////////// -// CKrb4Properties - -class CKrb4Properties : public CPropertySheet -{ -private: - DECLARE_DYNAMIC(CKrb4Properties) - -public: - CKrb4ConfigFileLocation m_fileLocation; - - static BOOL applyButtonEnabled; - -// Construction -public: - CKrb4Properties(UINT nIDCaption, CWnd* pParentWnd = NULL, - UINT iSelectPage = 0); - CKrb4Properties(LPCTSTR pszCaption, CWnd* pParentWnd = NULL, - UINT iSelectPage = 0); - -// Attributes -public: - -// Operations -public: - -// Overrides - // ClassWizard generated virtual function overrides - //{{AFX_VIRTUAL(CKrb4Properties) - //}}AFX_VIRTUAL - -// Implementation -public: - virtual ~CKrb4Properties(); - - // Generated message map functions -protected: - //{{AFX_MSG(CKrb4Properties) - // NOTE - the ClassWizard will add and remove member functions here. - //}}AFX_MSG - DECLARE_MESSAGE_MAP() -}; - -///////////////////////////////////////////////////////////////////////////// -//{{AFX_INSERT_LOCATION}} -// Microsoft Developer Studio will insert additional declarations immediately before the previous line. - -#endif // !defined(AFX_PROPERTY_H__CD702F99_7495_11D0_8FDC_00C04FC2A0C2__INCLUDED_) diff -Nru krb5-1.16.2/src/windows/leash/Krb4RealmHostMaintenance.cpp krb5-1.17/src/windows/leash/Krb4RealmHostMaintenance.cpp --- krb5-1.16.2/src/windows/leash/Krb4RealmHostMaintenance.cpp 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/Krb4RealmHostMaintenance.cpp 1970-01-01 00:00:00.000000000 +0000 @@ -1,373 +0,0 @@ -// ************************************************************************************** -// File: Krb4RealmHostMaintenance.cpp -// By: Arthur David Leather -// Created: 12/02/98 -// Copyright @1998 Massachusetts Institute of Technology - All rights reserved. -// Description: CPP file for Krb4RealmHostMaintenance.h. Contains variables and functions -// for Kerberos Four Properties -// -// History: -// -// MM/DD/YY Inits Description of Change -// 12/02/98 ADL Original -// ************************************************************************************** - - -#include "stdafx.h" -#include "leash.h" -#include "KrbProperties.h" -#include "Krb4Properties.h" -#include "Krb4AddToRealmHostList.h" -#include "Krb4RealmHostMaintenance.h" -#include "Krb4EditRealmHostList.h" -#include "lglobals.h" - -#ifdef _DEBUG -#define new DEBUG_NEW -#undef THIS_FILE -static char THIS_FILE[] = __FILE__; -#endif - -///////////////////////////////////////////////////////////////////////////// -// CKrb4RealmHostMaintenance dialog - - -IMPLEMENT_DYNCREATE(CKrb4RealmHostMaintenance, CPropertyPage) - -CKrb4RealmHostMaintenance::CKrb4RealmHostMaintenance() : CPropertyPage(CKrb4RealmHostMaintenance::IDD) -{ - m_defectiveLines = 0; - m_initDnsKdcLookup = m_newDnsKdcLookup = 0; -} - -CKrb4RealmHostMaintenance::~CKrb4RealmHostMaintenance() -{ -} - -void CKrb4RealmHostMaintenance::DoDataExchange(CDataExchange* pDX) -{ - CPropertyPage::DoDataExchange(pDX); - //{{AFX_DATA_MAP(CKrb4RealmHostMaintenance) - DDX_Control(pDX, IDC_LIST_KRB4_REALM_HOST, m_RealmHostList); - //}}AFX_DATA_MAP -} - - -BEGIN_MESSAGE_MAP(CKrb4RealmHostMaintenance, CPropertyPage) - //{{AFX_MSG_MAP(CKrb4RealmHostMaintenance) - ON_BN_CLICKED(IDC_BUTTON_KRB4_REALM_HOST_ADD, OnButtonRealmHostAdd) - ON_BN_CLICKED(IDC_BUTTON_KRB4_REALM_HOST_EDIT, OnButtonRealmHostEdit) - ON_BN_CLICKED(ID_BUTTON_KRB4_REALM_HOST_REMOVE, OnButtonRealmHostRemove) - ON_LBN_SELCHANGE(IDC_LIST_KRB4_REALM_HOST, OnSelchangeListRemoveHost) - ON_LBN_DBLCLK(IDC_LIST_KRB4_REALM_HOST, OnDblclkListRemoveHost) - ON_BN_CLICKED(IDC_BUTTON_REALMHOST_MAINT_HELP2, OnButtonRealmhostMaintHelp2) - ON_BN_CLICKED(IDC_KRB4_DNS_KDC, OnCheckDnsKdcLookup) - //}}AFX_MSG_MAP -END_MESSAGE_MAP() - -///////////////////////////////////////////////////////////////////////////// -// CKrb4RealmHostMaintenance message handlers - -BOOL CKrb4RealmHostMaintenance::OnInitDialog() -{ - CPropertyPage::OnInitDialog(); - - CStdioFile krbCon; - if (!krbCon.Open(CKrbProperties::m_krbPath, CFile::modeReadWrite)) - { // can't find file, so lets set some defaults - - m_RealmHostList.AddString(KRB_REALM " " KRB_MASTER); - } - else - { - memset(lineBuf, '\0', sizeof(lineBuf)); - krbCon.ReadString(lineBuf, sizeof(lineBuf)); - while (TRUE) - { - if (!krbCon.ReadString(lineBuf, sizeof(lineBuf))) - break; - - *(lineBuf + strlen(lineBuf) - 1) = 0; - - if (!strchr(lineBuf, ' ') && !strchr(lineBuf, '\t')) - { // found a defective line - m_defectiveLines++; - } - - if ( !strncmp(".KERBEROS.OPTION.",lineBuf,17) ) { - char * p = &lineBuf[17]; - while (isspace(*p)) - p++; - if (!strcmp("dns",p)) - m_initDnsKdcLookup = m_newDnsKdcLookup = 1; - } else { - if (LB_ERR == m_RealmHostList.AddString(lineBuf)) - { - LeashErrorBox("OnInitDialog::Can't read Configuration File", - CKrbProperties::m_krbPath); - krbCon.Close(); - return FALSE; - } - } - } - - krbCon.Close(); - } - - m_RealmHostList.SetCurSel(0); - - if (!m_RealmHostList.GetCount()) - { - GetDlgItem(ID_BUTTON_KRB4_REALM_HOST_REMOVE)->EnableWindow(FALSE); - GetDlgItem(IDC_BUTTON_KRB4_REALM_HOST_EDIT)->EnableWindow(FALSE); - } - - return TRUE; -} - -BOOL CKrb4RealmHostMaintenance::OnApply() -{ - CStdioFile krbCon; - if (!krbCon.Open(CKrbProperties::m_krbPath, CFile::modeCreate | - CFile::modeNoTruncate | - CFile::modeReadWrite)) - { - LeashErrorBox("OnApply::Can't open Configuration File", - CKrbProperties::m_krbPath); - return TRUE; - } - - memset(lineBuf, '\0', sizeof(lineBuf)); - if (!krbCon.ReadString(lineBuf, sizeof(lineBuf))) - { -//-----ADL----///strcpy(lineBuf, CKrb4ConfigOptions::m_newDefaultRealm); - strcat(lineBuf, "\n"); - } - - krbCon.SetLength(0); - krbCon.WriteString(lineBuf); - for (INT maxItems = m_RealmHostList.GetCount(), item = 0; item < maxItems; item++) - { - memset(lineBuf, '\0', sizeof(lineBuf)); - if (!m_RealmHostList.GetText(item, lineBuf)) - break; - - krbCon.WriteString(lineBuf); - krbCon.WriteString("\n"); - } - - if ( m_newDnsKdcLookup ) - krbCon.WriteString(".KERBEROS.OPTION. dns\n"); - - krbCon.Close(); - return TRUE; -} - -void CKrb4RealmHostMaintenance::OnOK() -{ - CPropertyPage::OnOK(); -} - -void CKrb4RealmHostMaintenance::OnCancel() -{ - CPropertyPage::OnCancel(); -} - -void CKrb4RealmHostMaintenance::OnCheckDnsKdcLookup() -{ - m_newDnsKdcLookup = (BOOL)IsDlgButtonChecked(IDC_KRB4_DNS_KDC); - SetModified(TRUE); -} - -void CKrb4RealmHostMaintenance::ResetDefaultRealmComboBox() -{ // krb4 is loaded without krb5 - CHAR lineBuf[REALM_SZ + MAX_HSTNM + 20]; - - int maxItems = m_RealmHostList.GetCount(); - - CKrbConfigOptions::m_krbRealmEditbox.ResetContent(); - - for (int xItems = 0; xItems < maxItems; xItems++) - { - m_RealmHostList.GetText(xItems, lineBuf); - - LPSTR space = strchr(lineBuf, ' '); - if (space) - *space = 0; - else - ASSERT(0); - - if (CB_ERR == CKrbConfigOptions::m_krbRealmEditbox.FindStringExact(-1, lineBuf)) - { // no dups - if (LB_ERR == CKrbConfigOptions::m_krbRealmEditbox.AddString(lineBuf)) - { - MessageBox("OnInitDialog::Can't add to Kerberos Realm Combobox", - "Leash", MB_OK); - return; - } - } - } - - CHAR krbhst[MAX_HSTNM + 1]; - CHAR krbrlm[REALM_SZ + 1]; - - strcpy(krbrlm, CKrbConfigOptions::m_newDefaultRealm); - memset(krbhst, '\0', sizeof(krbhst)); - - // Check for Host - // don't use KRB4 - krb_get_krbhst - would have to re-logon, on file location - // change, to use this function - extern int krb_get_krbhst(char* h, char* r, int n); - if (KFAILURE == krb_get_krbhst(krbhst, krbrlm, 1)) - { - MessageBox("We can't find the Host Server for your Default Realm!!!", - "Leash", MB_OK); - return; - } - - CKrbConfigOptions::m_hostServer = krbhst; -} - -void CKrb4RealmHostMaintenance::OnButtonRealmHostAdd() -{ - CKrb4AddToRealmHostList addToRealmHostList; - - if (IDOK == addToRealmHostList.DoModal()) - { - if (addToRealmHostList.GetNewRealm().IsEmpty()) - ASSERT(0); - - CString newLine; - newLine = addToRealmHostList.GetNewRealm() + " " + addToRealmHostList.GetNewHost(); - - if (addToRealmHostList.GetNewAdmin()) - newLine += " admin server"; - - // We don't want duplicate items in Listbox - if (LB_ERR != m_RealmHostList.FindStringExact(-1, newLine)) - { // found duplicate item in Listbox - LeashErrorBox("OnButtonRealmHostAdd::Found a Duplicate Item!\nCan't add to List", - newLine); - return; - } - - - m_RealmHostList.InsertString(0, newLine); - m_RealmHostList.SetCurSel(0); - SetModified(TRUE); - - ResetDefaultRealmComboBox(); - - if (1 == m_RealmHostList.GetCount()) - { - GetDlgItem(ID_BUTTON_KRB4_REALM_HOST_REMOVE)->EnableWindow(); - GetDlgItem(IDC_BUTTON_KRB4_REALM_HOST_EDIT)->EnableWindow(); - } - } -} - -void CKrb4RealmHostMaintenance::OnButtonRealmHostEdit() -{ - INT selItemIndex = m_RealmHostList.GetCurSel(); - LPSTR pSelItem = new char[m_RealmHostList.GetTextLen(selItemIndex) + 1]; - if (!pSelItem) - ASSERT(0); - - CString selItem; - m_RealmHostList.GetText(selItemIndex, selItem); - strcpy(pSelItem, selItem); - - CKrb4EditRealmHostList editRealmHostList(pSelItem); - delete [] pSelItem; - - if (IDOK == editRealmHostList.DoModal()) - { - CString editedItem = editRealmHostList.GetEditedItem(); - if (0 != selItem.CompareNoCase(editedItem) && - LB_ERR != m_RealmHostList.FindStringExact(-1, editedItem)) - { - LeashErrorBox("OnButtonRealmHostEdit::Found a Duplicate!\nCan't add to List", - editedItem); - - return; - } - - m_RealmHostList.DeleteString(selItemIndex); - m_RealmHostList.InsertString(selItemIndex, editRealmHostList.GetEditedItem()); - m_RealmHostList.SetCurSel(selItemIndex); - SetModified(TRUE); - - ResetDefaultRealmComboBox(); - } -} - -void CKrb4RealmHostMaintenance::OnButtonRealmHostRemove() -{ - if (IDYES != AfxMessageBox("You are about to remove an item from the list!\n\nContinue?", - MB_YESNO)) - return; - - INT curSel = m_RealmHostList.GetCurSel(); - m_RealmHostList.DeleteString(curSel); // Single Sel Listbox - - if (-1 == m_RealmHostList.SetCurSel(curSel)) - m_RealmHostList.SetCurSel(curSel - 1); - - SetModified(TRUE); - - ResetDefaultRealmComboBox(); - - if (!m_RealmHostList.GetCount()) - { - GetDlgItem(ID_BUTTON_KRB4_REALM_HOST_REMOVE)->EnableWindow(FALSE); - GetDlgItem(IDC_BUTTON_KRB4_REALM_HOST_EDIT)->EnableWindow(FALSE); - } - - /* For Mult. Sel Listbox - const LONG MAX_SEL_BUF = m_RealmHostList.GetSelCount(); - LPINT selectBuf = new INT[MAX_SEL_BUF]; - - for (INT maxSelected = m_RealmHostList.GetSelItems(MAX_SEL_BUF, selectBuf), del=0, sel=0; - sel < maxSelected; sel++) - { - if (LB_ERR == m_RealmHostList.DeleteString(*(selectBuf + sel) - del)) - MessageBox("Help", "Error", MB_OK); - else - del++; - } - - delete selectBuf; - */ -} - -void CKrb4RealmHostMaintenance::OnSelchangeListRemoveHost() -{ - //SetModified(TRUE); -} - - -void CKrb4RealmHostMaintenance::OnDblclkListRemoveHost() -{ - OnButtonRealmHostEdit(); -} - -BOOL CKrb4RealmHostMaintenance::PreTranslateMessage(MSG* pMsg) -{ - if (m_defectiveLines) - { - if (m_defectiveLines == 1) - LeashErrorBox("Found a defective entry in file", - CKrbProperties::m_krbPath, "Warning"); - else if (m_defectiveLines > 1) - LeashErrorBox("Found more then one defective entry in file", - CKrbProperties::m_krbPath, "Warning"); - } - - m_defectiveLines = 0; - return CPropertyPage::PreTranslateMessage(pMsg); -} - -void CKrb4RealmHostMaintenance::OnButtonRealmhostMaintHelp2() -{ - MessageBox("No Help Available!", "Note", MB_OK); -} diff -Nru krb5-1.16.2/src/windows/leash/Krb4RealmHostMaintenance.h krb5-1.17/src/windows/leash/Krb4RealmHostMaintenance.h --- krb5-1.16.2/src/windows/leash/Krb4RealmHostMaintenance.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/Krb4RealmHostMaintenance.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,86 +0,0 @@ -// ************************************************************************************** -// File: Krb4RealmHostMaintenance.h -// By: Arthur David Leather -// Created: 12/02/98 -// Copyright @1998 Massachusetts Institute of Technology - All rights reserved. -// Description: H file for Krb4RealmHostMaintenance.cpp. Contains variables and functions -// for Kerberos Four Properties -// -// History: -// -// MM/DD/YY Inits Description of Change -// 12/02/98 ADL Original -// ************************************************************************************** - - -#if !defined(AFX_REAMLHOSTMAINT_H__2FE711C3_8E9A_11D2_94C5_0000861B8A3C__INCLUDED_) -#define AFX_REAMLHOSTMAINT_H__2FE711C3_8E9A_11D2_94C5_0000861B8A3C__INCLUDED_ - -#if _MSC_VER > 1000 -#pragma once -#endif // _MSC_VER > 1000 -// RemoveHostNameList.h : header file -// - -///////////////////////////////////////////////////////////////////////////// -// CKrb4RealmHostMaintenance dialog - -#define MAXLINE 256 - -class CKrb4RealmHostMaintenance : public CPropertyPage -{ -// Construction -private: - DECLARE_DYNCREATE(CKrb4RealmHostMaintenance) - CHAR lineBuf[MAXLINE]; - INT m_defectiveLines; - BOOL m_initDnsKdcLookup; - BOOL m_newDnsKdcLookup; - - void ResetDefaultRealmComboBox(); - -public: - //CKrb4RealmHostMaintenance(CWnd* pParent = NULL); // standard constructor - CKrb4RealmHostMaintenance(); - virtual ~CKrb4RealmHostMaintenance(); - -// Dialog Data - //{{AFX_DATA(CKrb4RealmHostMaintenance) - enum { IDD = IDD_KRB4_REALMHOST_MAINT2 }; - CDragListBox m_RealmHostList; - //}}AFX_DATA - - -// Overrides - // ClassWizard generated virtual function overrides - //{{AFX_VIRTUAL(CKrb4RealmHostMaintenance) - public: - virtual BOOL PreTranslateMessage(MSG* pMsg); - protected: - virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support - //}}AFX_VIRTUAL - -// Implementation -protected: - - // Generated message map functions - //{{AFX_MSG(CKrb4RealmHostMaintenance) - virtual BOOL OnInitDialog(); - virtual BOOL OnApply(); - virtual void OnOK(); - virtual void OnCancel(); - afx_msg void OnButtonRealmHostAdd(); - afx_msg void OnButtonRealmHostEdit(); - afx_msg void OnButtonRealmHostRemove(); - afx_msg void OnSelchangeListRemoveHost(); - afx_msg void OnDblclkListRemoveHost(); - afx_msg void OnButtonRealmhostMaintHelp2(); - afx_msg void OnCheckDnsKdcLookup(); - //}}AFX_MSG - DECLARE_MESSAGE_MAP() -}; - -//{{AFX_INSERT_LOCATION}} -// Microsoft Visual C++ will insert additional declarations immediately before the previous line. - -#endif // !defined(AFX_REAMLHOSTMAINT_H__2FE711C3_8E9A_11D2_94C5_0000861B8A3C__INCLUDED_) diff -Nru krb5-1.16.2/src/windows/leash/Krb5Properties.cpp krb5-1.17/src/windows/leash/Krb5Properties.cpp --- krb5-1.16.2/src/windows/leash/Krb5Properties.cpp 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/Krb5Properties.cpp 1970-01-01 00:00:00.000000000 +0000 @@ -1,644 +0,0 @@ -//**************************************************************************** -// File: Krb5Properties.cpp -// By: Arthur David Leather -// Created: 12/02/98 -// Copyright: 1998 Massachusetts Institute of Technology - All rights -// reserved. -// Description: CPP file for Krb5Properties.h. Contains variables and functions -// for Kerberos Five Properties -// -// History: -// -// MM/DD/YY Inits Description of Change -// 12/02/98 ADL Original -//***************************************************************************** - -#include "stdafx.h" -#include "leash.h" -#include "LeashFileDialog.h" -#include "Krb5Properties.h" -#include "win-mac.h" -#include "lglobals.h" -#include "LeashView.h" - -#ifdef _DEBUG -#define new DEBUG_NEW -#undef THIS_FILE -static char THIS_FILE[] = __FILE__; -#endif - - -///////////////////////////////////////////////////////////////////////////// -// CKrb5ConfigFileLocation dialog - -IMPLEMENT_DYNCREATE(CKrb5ConfigFileLocation, CPropertyPage) - -CKrb5ConfigFileLocation::CKrb5ConfigFileLocation() - : CPropertyPage(CKrb5ConfigFileLocation::IDD) -{ - m_initConfigFile = _T(""); - m_initTicketFile = _T(""); - m_newConfigFile = _T(""); - m_newTicketFile = _T(""); - m_startupPage1 = TRUE; - - //{{AFX_DATA_INIT(CKrb5ConfigFileLocation) - //}}AFX_DATA_INIT -} - -void CKrb5ConfigFileLocation::DoDataExchange(CDataExchange* pDX) -{ - CDialog::DoDataExchange(pDX); - //{{AFX_DATA_MAP(CKrb5ConfigFileLocation) - DDX_Control(pDX, IDC_EDIT_KRB5_TXT_FILE, m_ticketEditBox); - //}}AFX_DATA_MAP -} - -BEGIN_MESSAGE_MAP(CKrb5ConfigFileLocation, CDialog) - //{{AFX_MSG_MAP(CKrb5ConfigFileLocation) - ON_BN_CLICKED(IDC_BUTTON_KRB5INI_BROWSE, OnButtonKrb5iniBrowse) - ON_BN_CLICKED(IDC_BUTTON_KRB5_TICKETFILE_BROWSE, OnButtonKrb5TicketfileBrowse) - ON_EN_CHANGE(IDC_EDIT_KRB5_TXT_FILE, OnChangeEditKrb5TxtFile) - ON_EN_CHANGE(IDC_EDIT_KRB5INI_LOCATION, OnChangeEditKrb5iniLocation) - ON_WM_SHOWWINDOW() - //}}AFX_MSG_MAP -END_MESSAGE_MAP() - - -BOOL CKrb5ConfigFileLocation::OnApply() -{ - BOOL tooManySlashes = FALSE; - BOOL foundError = FALSE; - - if( getenv("RENEW_TILL") != NULL) - { - MessageBox("The ticket renewable time is being controlled by the environment" - "variable RENEW_TILL instead of the registry. Leash cannot modify" - "the environment. Use the System control panel instead.", - "Leash", MB_OK); - return(FALSE); - } - - if( getenv("RENEWABLE") != NULL) - { - MessageBox("Ticket renewability is being controlled by the environment" - "variable RENEWABLE instead of the registry. Leash cannot modify" - "the environment. Use the System control panel instead.", - "Leash", MB_OK); - return(FALSE); - } - - if( getenv("FORWARDABLE") != NULL) - { - MessageBox("Ticket forwarding is being controlled by the environment" - "variable FORWARDABLE instead of the registry. Leash cannot modify" - "the environment. Use the System control panel instead.", - "Leash", MB_OK); - return(FALSE); - } - - if( getenv("PROXIABLE") != NULL) - { - MessageBox("Ticket proxying is being controlled by the environment" - "variable PROXIABLE instead of the registry. Leash cannot modify" - "the environment. Use the System control panel instead.", - "Leash", MB_OK); - return(FALSE); - } - - if( getenv("NOADDRESSES") != NULL) - { - MessageBox("Addressless tickets are being controlled by the environment" - "variable NOADDRESSES instead of the registry. Leash cannot modify" - "the environment. Use the System control panel instead.", - "Leash", MB_OK); - return(FALSE); - } - - - // KRB5.INI file - if (!CLeashApp::m_krbv5_profile || - 0 != m_newConfigFile.CompareNoCase(m_initConfigFile)) - { // Different path for Krb5.ini - - if (IsDlgButtonChecked(IDC_CHECK_CONFIRM_KRB5_EXISTS)) - { - // Check for extra slashes at end of path - LPSTR pSlash = strrchr(m_newConfigFile.GetBuffer(0), '\\'); - if (pSlash && *(pSlash - 1) == '\\') - { // don't commit changes - tooManySlashes = TRUE; - } - else if (pSlash && *(pSlash + 1) == '\0') - { // commit changes, but take out slash at the end of path - *pSlash = 0; - } - - m_newConfigFile.ReleaseBuffer(-1); - - // Check for invalid path - Directory directory(m_newConfigFile); - if (tooManySlashes || !directory.IsValidFile()) - { // don't commit changes - foundError = TRUE; - - if (tooManySlashes) - LeashErrorBox("OnApply::Too Many Slashes At End of " - "Selected Directory", - m_newConfigFile); - else - LeashErrorBox("OnApply::Selected file doesn't exist", - m_newConfigFile); - - SetDlgItemText(IDC_EDIT_KRB5INI_LOCATION, m_initConfigFile); - } - else - { - // more error checking - CHAR confname[MAX_PATH]; - - const char *filenames[2]; - filenames[0] = m_newConfigFile; - filenames[1] = NULL; - - const char* rootSection[] = {"realms", NULL}; - const char** rootsec = rootSection; - char **sections = NULL; - - long retval = pprofile_init(filenames, &CLeashApp::m_krbv5_profile); - if (!retval) - retval = pprofile_get_subsection_names(CLeashApp::m_krbv5_profile, - rootsec, §ions - ); - if (retval || !*sections ) - { - foundError = TRUE; - MessageBox("Your file selection is either corrupt or not a Kerberos Five Config. file", - "Leash", MB_OK); - - pprofile_free_list(sections); - - // Restore old 'valid' config. file - if (CLeashApp::GetProfileFile(confname, sizeof(confname))) - { - foundError = TRUE; - MessageBox("Can't locate Kerberos Five Config. file!", - "Error", MB_OK); - return TRUE; - } - - filenames[0] = confname; - filenames[1] = NULL; - - retval = pprofile_init(filenames, &CLeashApp::m_krbv5_profile); - if (!retval) - retval = pprofile_get_subsection_names(CLeashApp::m_krbv5_profile, - rootsec, §ions); - if (retval || !*sections) - { - foundError = TRUE; - MessageBox("OnApply::There is a problem with your " - "Kerberos Five Config. file!\n" - "Contact your Administrator.", - "Leash", MB_OK); - } - - pprofile_free_list(sections); - SetDlgItemText(IDC_EDIT_KRB5INI_LOCATION, m_initConfigFile); - - pprofile_release(CLeashApp::m_krbv5_profile); - return TRUE; - } - - pprofile_free_list(sections); - } - } - - // Commit changes - if (!foundError) - { - if (SetRegistryVariable("config", m_newConfigFile, - "Software\\MIT\\Kerberos5")) - { - MessageBox("Failed to set \"Krb.conf\"!", "Error", MB_OK); - } - - m_initConfigFile = m_newConfigFile; - SetModified(TRUE); - } - } - - // Credential cache (ticket) file - // Ticket file - if (0 != m_initTicketFile.CompareNoCase(m_newTicketFile)) - { - if (getenv("KRB5_ENV_CCNAME")) - { - // Just in case they set (somehow) KRB5_ENV_CCNAME while this box is up - MessageBox("OnApply::Ticket file is set in your System's" - "Environment!\nYou must first remove it.", - "Error", MB_OK); - - return TRUE; - } - - // Commit changes - if (SetRegistryVariable("ccname", m_newTicketFile, - "Software\\MIT\\Kerberos5")) - { - MessageBox("Failed to set \"ccname\"!", "Error", MB_OK); - } - if ( CLeashApp::m_krbv5_context ) - pkrb5_cc_set_default_name(CLeashApp::m_krbv5_context,m_newTicketFile); - - m_initTicketFile = m_newTicketFile; - } - - return TRUE; -} - - -BOOL CKrb5ConfigFileLocation::OnInitDialog() -{ - CDialog::OnInitDialog(); - - CHAR confname[MAX_PATH]; - CHAR ticketName[MAX_PATH]; - - CheckDlgButton(IDC_CHECK_CONFIRM_KRB5_EXISTS, TRUE); - - // Config. file (Krb5.ini) - if (CLeashApp::GetProfileFile(confname, sizeof(confname))) - { - MessageBox("Can't locate Kerberos Five config. file!", "Error", MB_OK); - return TRUE; - } - - m_initConfigFile = m_newConfigFile = confname; - SetDlgItemText(IDC_EDIT_KRB5INI_LOCATION, m_initConfigFile); - - if (pLeash_get_lock_file_locations() || getenv("KRB5_CONFIG")) - { - GetDlgItem(IDC_EDIT_KRB5INI_LOCATION)->EnableWindow(FALSE); - GetDlgItem(IDC_BUTTON_KRB5INI_BROWSE)->EnableWindow(FALSE); - GetDlgItem(IDC_CHECK_CONFIRM_KRB5_EXISTS)->EnableWindow(FALSE); - } - else if ( !(getenv("KRB5_CONFIG")) ) - { - GetDlgItem(IDC_STATIC_INIFILES)->ShowWindow(FALSE); - } - - - // Set TICKET.KRB file Editbox - *ticketName = NULL; - if (CLeashApp::m_krbv5_context) - { - const char *pticketName = pkrb5_cc_default_name(CLeashApp::m_krbv5_context); - - if (pticketName) - strcpy(ticketName, pticketName); - } - - if (!*ticketName) - { - MessageBox("OnInitDialog::Can't locate Kerberos Five ticket file!", - "Error", MB_OK); - return TRUE; - } - else - { - m_initTicketFile = m_newTicketFile = ticketName; - SetDlgItemText(IDC_EDIT_KRB5_TXT_FILE, m_initTicketFile); - } - - if (getenv("KRB5CCNAME")) - GetDlgItem(IDC_EDIT_KRB5_TXT_FILE)->EnableWindow(FALSE); - else - GetDlgItem(IDC_STATIC_TICKETFILE)->ShowWindow(FALSE); - - return TRUE; -} - -void CKrb5ConfigFileLocation::OnButtonKrb5iniBrowse() -{ - CLeashFileDialog dlgFile(TRUE, NULL, "*.*", - "Kerbereos Five Config. File (.ini)"); - dlgFile.m_ofn.lpstrTitle = "Select the Kerberos Five Config. File"; - while (TRUE) - { - if (IDOK == dlgFile.DoModal()) - { - m_newConfigFile = dlgFile.GetPathName(); - SetDlgItemText(IDC_EDIT_KRB5INI_LOCATION, m_newConfigFile); - break; - } - else - break; - } -} - -void CKrb5ConfigFileLocation::OnButtonKrb5TicketfileBrowse() -{ - CString ticket_path = "*.*"; - CLeashFileDialog dlgFile(TRUE, NULL, ticket_path, - "Kerbereos Five Ticket File (Krb5cc)"); - dlgFile.m_ofn.lpstrTitle = "Select Credential Cache (Ticket) File"; - - if (IDOK == dlgFile.DoModal()) - { - m_newTicketFile = dlgFile.GetPathName(); - SetDlgItemText(IDC_EDIT_KRB5_TXT_FILE, m_newTicketFile); - } -} - -void CKrb5ConfigFileLocation::OnChangeEditKrb5iniLocation() -{ - if (!m_startupPage1) - { - GetDlgItemText(IDC_EDIT_KRB5INI_LOCATION, m_newConfigFile); - SetModified(TRUE); - } -} - -void CKrb5ConfigFileLocation::OnChangeEditKrb5TxtFile() -{ - if (!m_startupPage1) - { - GetDlgItemText(IDC_EDIT_KRB5_TXT_FILE, m_newTicketFile); - SetModified(TRUE); - } -} - -void CKrb5ConfigFileLocation::OnShowWindow(BOOL bShow, UINT nStatus) -{ - CDialog::OnShowWindow(bShow, nStatus); - m_startupPage1 = FALSE; -} - - -///////////////////////////////////////////////////////////////////////////// -// CKrb5ConfigOptions dialog - -IMPLEMENT_DYNCREATE(CKrb5ConfigOptions, CPropertyPage) - -CKrb5ConfigOptions::CKrb5ConfigOptions() - : CPropertyPage(CKrb5ConfigOptions::IDD) -{ - m_initForwardable = 0; - m_newForwardable = 0; - m_initProxiable = 0; - m_newProxiable = 0; - m_initRenewable = 0; - m_newRenewable = 0; - m_initNoAddress = 0; - m_newNoAddress = 0; - m_initIPAddress = 0; -#ifdef SET_PUBLIC_IP - m_newIPAddress = 0; -#endif /* SET_PUBLIC_IP */ - - //{{AFX_DATA_INIT(CKrb5ConfigOptions) - // NOTE: the ClassWizard will add member initialization here - //}}AFX_DATA_INIT -} - - -void CKrb5ConfigOptions::DoDataExchange(CDataExchange* pDX) -{ - CDialog::DoDataExchange(pDX); - - //{{AFX_DATA_MAP(CKrb5ConfigOptions) - // NOTE: the ClassWizard will add DDX and DDV calls here - //}}AFX_DATA_MAP -} - - -BEGIN_MESSAGE_MAP(CKrb5ConfigOptions, CDialog) - //{{AFX_MSG_MAP(CKrb5ConfigOptions) - ON_BN_CLICKED(IDC_CHECK_FORWARDABLE, OnCheckForwardable) - ON_BN_CLICKED(IDC_CHECK_PROXIABLE, OnCheckProxiable) - ON_BN_CLICKED(IDC_CHECK_RENEWABLE, OnCheckRenewable) - ON_BN_CLICKED(IDC_CHECK_NO_ADDRESS, OnCheckNoAddress) - ON_WM_HELPINFO() - //}}AFX_MSG_MAP -END_MESSAGE_MAP() - - -BOOL CKrb5ConfigOptions::OnApply() -{ -#ifdef SET_PUBLIC_IP - SendDlgItemMessage( IDC_IPADDRESS_PUBLIC, - IPM_GETADDRESS, - 0, - (LPARAM)(LPDWORD)&m_newIPAddress - ); -#endif /* SET_PUBLIC_IP */ - - if ((m_initForwardable == m_newForwardable) && - (m_initProxiable == m_newProxiable) && - (m_initRenewable == m_newRenewable) && - (m_initNoAddress == m_newNoAddress) -#ifdef SET_PUBLIC_IP - && (m_initIPAddress == m_newIPAddress) -#endif /* SET_PUBLIC_IP */ - ) - return TRUE; - - CWinApp *pApp = NULL; - pApp = AfxGetApp(); - if (!pApp) - { - MessageBox("There is a problem finding Leash application " - "information!", - "Error", MB_OK); - return FALSE; - } - - if ( m_newNoAddress == FALSE ) { - CHAR confname[MAX_PATH]; - if (!CLeashApp::GetProfileFile(confname, sizeof(confname))) - { - const char *filenames[2]; - char *value=NULL; - long retval, noaddresses = 1; - filenames[0] = confname; - filenames[1] = NULL; - retval = pprofile_init(filenames, &CLeashApp::m_krbv5_profile); - if (!retval) { - retval = pprofile_get_string(CLeashApp::m_krbv5_profile, "libdefaults","noaddresses", 0, "true", &value); - if ( value ) { - noaddresses = config_boolean_to_int(value); - pprofile_release_string(value); - } - pprofile_release(CLeashApp::m_krbv5_profile); - } - - if ( noaddresses ) - { - MessageBox("The No Addresses setting cannot be disabled unless the setting\n" - " noaddresses=false\n" - "is added to the [libdefaults] section of the KRB5.INI file.", - "Error", MB_OK); - return FALSE; - - } - } - } - - pLeash_set_default_forwardable(m_newForwardable); - pLeash_set_default_proxiable(m_newProxiable); - pLeash_set_default_renewable(m_newRenewable); - pLeash_set_default_noaddresses(m_newNoAddress); -#ifdef SET_PUBLIC_IP - pLeash_set_default_publicip(m_newIPAddress); -#endif /* SET_PUBLIC_IP */ - - CLeashView::m_forwardableTicket = m_initForwardable = m_newForwardable; - CLeashView::m_proxiableTicket = m_initProxiable = m_newProxiable; - CLeashView::m_renewableTicket = m_initRenewable = m_newRenewable; - CLeashView::m_noaddressTicket = m_initNoAddress = m_newNoAddress; -#ifdef SET_PUBLIC_IP - CLeashView::m_publicIPAddress = m_initIPAddress = m_newIPAddress; -#endif /* SET_PUBLIC_IP */ - return TRUE; -} - -BOOL CKrb5ConfigOptions::OnInitDialog() -{ - CDialog::OnInitDialog(); - - CWinApp *pApp = NULL; - pApp = AfxGetApp(); - if (!pApp) - { - MessageBox("There is a problem finding Leash application " - "information!", - "Error", MB_OK); - } - else - { - m_initForwardable = pLeash_get_default_forwardable(); - m_initProxiable = pLeash_get_default_proxiable(); - m_initRenewable = pLeash_get_default_renewable(); - m_initNoAddress = pLeash_get_default_noaddresses(); - m_initIPAddress = pLeash_get_default_publicip(); - } - - CheckDlgButton(IDC_CHECK_FORWARDABLE, m_initForwardable); - m_newForwardable = m_initForwardable; - - CheckDlgButton(IDC_CHECK_PROXIABLE, m_initProxiable); - m_newProxiable = m_initProxiable; - - CheckDlgButton(IDC_CHECK_RENEWABLE, m_initRenewable); - m_newRenewable = m_initRenewable; - - CheckDlgButton(IDC_CHECK_NO_ADDRESS, m_initNoAddress); - m_newNoAddress = m_initNoAddress; - - if ( m_initNoAddress ) { - // Disable the control - jaltman - - SendDlgItemMessage( IDC_IPADDRESS_PUBLIC, - IPM_CLEARADDRESS, - 0, - 0 - ); - } - else { - SendDlgItemMessage( IDC_IPADDRESS_PUBLIC, - IPM_SETADDRESS, - 0, - (LPARAM)m_initIPAddress - ); - } -#ifdef SET_PUBLIC_IP - m_newIPAddress = m_initIPAddress; -#endif /* SET_PUBLIC_IP */ - - return TRUE; // return TRUE unless you set the focus to a control - // EXCEPTION: OCX Property Pages should return FALSE -} - -void CKrb5ConfigOptions::OnCheckForwardable() -{ - m_newForwardable = (BOOL)IsDlgButtonChecked(IDC_CHECK_FORWARDABLE); - SetModified(TRUE); -} - -void CKrb5ConfigOptions::OnCheckProxiable() -{ - m_newProxiable = (BOOL)IsDlgButtonChecked(IDC_CHECK_PROXIABLE); - SetModified(TRUE); -} - -void CKrb5ConfigOptions::OnCheckRenewable() -{ - m_newRenewable = (BOOL)IsDlgButtonChecked(IDC_CHECK_RENEWABLE); - SetModified(TRUE); -} - -void CKrb5ConfigOptions::OnCheckNoAddress() -{ - m_newNoAddress = (BOOL)IsDlgButtonChecked(IDC_CHECK_NO_ADDRESS); - SetModified(TRUE); - - if ( m_newNoAddress ) { - // Disable the control - jaltman - - SendDlgItemMessage( IDC_IPADDRESS_PUBLIC, - IPM_CLEARADDRESS, - 0, - 0 - ); - } else { - // Enable the IP Address Control - jaltman - - SendDlgItemMessage( IDC_IPADDRESS_PUBLIC, - IPM_SETADDRESS, - 0, - (LPARAM)m_initIPAddress - ); - } -} - -/////////////////////////////////////////////////////////////////////// -// CKrb5Properties - -IMPLEMENT_DYNAMIC(CKrb5Properties, CPropertySheet) - -CKrb5Properties::CKrb5Properties(UINT nIDCaption, CWnd* pParentWnd, - UINT iSelectPage) - :CPropertySheet(nIDCaption, pParentWnd, iSelectPage) -{ -} - -CKrb5Properties::CKrb5Properties(LPCTSTR pszCaption, CWnd* pParentWnd, - UINT iSelectPage) - :CPropertySheet(pszCaption, pParentWnd, iSelectPage) -{ - AddPage(&m_fileLocation); - AddPage(&m_configOptions); -} - -CKrb5Properties::~CKrb5Properties() -{ -} - -void CKrb5Properties::OnHelp() -{ -#ifdef CALL_HTMLHELP - AfxGetApp()->HtmlHelp(HID_KRB5_PROPERTIES_COMMAND); -#else - AfxGetApp()->WinHelp(HID_KRB5_PROPERTIES_COMMAND); -#endif -} - - - -BEGIN_MESSAGE_MAP(CKrb5Properties, CPropertySheet) - //{{AFX_MSG_MAP(CKrb5Properties) - // NOTE - the ClassWizard will add and remove mapping macros here. - ON_COMMAND(ID_HELP, OnHelp) - //}}AFX_MSG_MAP -END_MESSAGE_MAP() diff -Nru krb5-1.16.2/src/windows/leash/Krb5Properties.h krb5-1.17/src/windows/leash/Krb5Properties.h --- krb5-1.16.2/src/windows/leash/Krb5Properties.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/Krb5Properties.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,172 +0,0 @@ -// ************************************************************************************** -// File: Krb5Properties.h -// By: Arthur David Leather -// Created: 12/02/98 -// Copyright @1998 Massachusetts Institute of Technology - All rights reserved. -// Description: H file for Krb5Properties.cpp. Contains variables and functions -// for Kerberos Five Properties -// -// History: -// -// MM/DD/YY Inits Description of Change -// 12/02/98 ADL Original -// ************************************************************************************** - - -#if !defined(AFX_KRB5PROPERTIES_H__9011A0B3_6E92_11D2_9454_0000861B8A3C__INCLUDED_) -#define AFX_KRB5PROPERTIES_H__9011A0B3_6E92_11D2_9454_0000861B8A3C__INCLUDED_ - -#if _MSC_VER > 1000 -#pragma once -#endif // _MSC_VER > 1000 -// Krb5Properties.h : header file -// - -///////////////////////////////////////////////////////////////////////////// -// CKrb5ConfigOptions dialog - -class CKrb5ConfigFileLocation : public CPropertyPage -{ -// Construction -private: - DECLARE_DYNCREATE(CKrb5ConfigFileLocation) - CString m_initConfigFile; - CString m_initTicketFile; - CString m_newConfigFile; - CString m_newTicketFile; - BOOL m_startupPage1; - -public: - CKrb5ConfigFileLocation(); // standard constructor - -// Dialog Data - //{{AFX_DATA(CKrb5ConfigFileLocation) - enum { IDD = IDD_KRB5_PROP_LOCATION }; - CEdit m_ticketEditBox; - //}}AFX_DATA - - -// Overrides - // ClassWizard generated virtual function overrides - //{{AFX_VIRTUAL(CKrb5ConfigFileLocation) - public: - protected: - virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support - //}}AFX_VIRTUAL - - virtual BOOL OnApply(); - - // Implementation -protected: - - // Generated message map functions - //{{AFX_MSG(CKrb5ConfigFileLocation) - virtual BOOL OnInitDialog(); - afx_msg void OnButtonKrb5iniBrowse(); - afx_msg void OnButtonKrb5TicketfileBrowse(); - afx_msg void OnChangeEditKrb5TxtFile(); - afx_msg void OnChangeEditKrb5iniLocation(); - afx_msg void OnShowWindow(BOOL bShow, UINT nStatus); - //}}AFX_MSG - DECLARE_MESSAGE_MAP() -}; - - -///////////////////////////////////////////////////////////////////////////// -// CKrb5ConfigOptions dialog - -class CKrb5ConfigOptions : public CPropertyPage -{ -// Construction -private: - DECLARE_DYNCREATE(CKrb5ConfigOptions) - INT m_initForwardable; - INT m_newForwardable; - INT m_initProxiable; - INT m_newProxiable; - INT m_initRenewable; - INT m_newRenewable; - INT m_initNoAddress; - INT m_newNoAddress; - DWORD m_initIPAddress; -#ifdef SET_PUBLIC_IP - DWORD m_newIPAddress; -#endif /* SET_PUBLIC_IP */ - -public: - CKrb5ConfigOptions(); // standard constructor - -// Dialog Data - //{{AFX_DATA(CKrb5ConfigOptions) - enum { IDD = IDD_KRB5_PROP_CONTENT }; - //}}AFX_DATA - - -// Overrides - // ClassWizard generated virtual function overrides - //{{AFX_VIRTUAL(CKrb5ConfigOptions) - protected: - virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support - //}}AFX_VIRTUAL - - virtual BOOL OnApply(); - -// Implementation -protected: - - // Generated message map functions - //{{AFX_MSG(CKrb5ConfigOptions) - virtual BOOL OnInitDialog(); - afx_msg void OnCheckForwardable(); - afx_msg void OnCheckProxiable(); - afx_msg void OnCheckRenewable(); - afx_msg void OnCheckNoAddress(); - //}}AFX_MSG - DECLARE_MESSAGE_MAP() -}; - -class CKrb5Properties : public CPropertySheet -{ -private: - DECLARE_DYNAMIC(CKrb5Properties) - -public: - CKrb5ConfigFileLocation m_fileLocation; - CKrb5ConfigOptions m_configOptions; - -// Construction -public: - CKrb5Properties(UINT nIDCaption, CWnd* pParentWnd = NULL, - UINT iSelectPage = 0); - CKrb5Properties(LPCTSTR pszCaption, CWnd* pParentWnd = NULL, - UINT iSelectPage = 0); - -// Attributes -public: - -// Operations -public: - -// Overrides - // ClassWizard generated virtual function overrides - //{{AFX_VIRTUAL(CKrb5Properties) - //}}AFX_VIRTUAL - -// Implementation -public: - virtual ~CKrb5Properties(); - - // Generated message map functions -protected: - //{{AFX_MSG(CKrb5Properties) - // NOTE - the ClassWizard will add and remove member functions here. - afx_msg void OnHelp(); - //}}AFX_MSG - DECLARE_MESSAGE_MAP() -}; - - -//{{AFX_INSERT_LOCATION}} -// Microsoft Visual C++ will insert additional declarations immediately before the previous line. - -#endif // !defined(AFX_KRB5PROPERTIES_H__9011A0B3_6E92_11D2_9454_0000861B8A3C__INCLUDED_) diff -Nru krb5-1.16.2/src/windows/leash/KrbAddHostServer.cpp krb5-1.17/src/windows/leash/KrbAddHostServer.cpp --- krb5-1.16.2/src/windows/leash/KrbAddHostServer.cpp 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/KrbAddHostServer.cpp 1970-01-01 00:00:00.000000000 +0000 @@ -1,77 +0,0 @@ -// KrbAddHostServer.cpp : implementation file -// - -#include "stdafx.h" -#include "leash.h" -#include "KrbAddHostServer.h" - -#ifdef _DEBUG -#define new DEBUG_NEW -#undef THIS_FILE -static char THIS_FILE[] = __FILE__; -#endif - -///////////////////////////////////////////////////////////////////////////// -// CKrbAddHostServer dialog - - -CKrbAddHostServer::CKrbAddHostServer(CWnd* pParent /*=NULL*/) - : CDialog(CKrbAddHostServer::IDD, pParent) -{ - m_newHost = _T(""); - m_startup = TRUE; - - //{{AFX_DATA_INIT(CKrbAddHostServer) - // NOTE: the ClassWizard will add member initialization here - //}}AFX_DATA_INIT -} - - -void CKrbAddHostServer::DoDataExchange(CDataExchange* pDX) -{ - CDialog::DoDataExchange(pDX); - //{{AFX_DATA_MAP(CKrbAddHostServer) - // NOTE: the ClassWizard will add DDX and DDV calls here - //}}AFX_DATA_MAP -} - - -BEGIN_MESSAGE_MAP(CKrbAddHostServer, CDialog) - //{{AFX_MSG_MAP(CKrbAddHostServer) - ON_EN_CHANGE(IDC_EDIT_KDC_HOST, OnChangeEditKdcHost) - ON_WM_SHOWWINDOW() - //}}AFX_MSG_MAP -END_MESSAGE_MAP() - -///////////////////////////////////////////////////////////////////////////// -// CKrbAddHostServer message handlers - -void CKrbAddHostServer::OnOK() -{ - m_newHost.TrimLeft(); - m_newHost.TrimRight(); - - if (m_newHost.IsEmpty()) - { // stay - MessageBox("OnOK:: Server Hosting a KDC must be filled in!", - "Error", MB_OK); - } - else if (-1 != m_newHost.Find(' ')) - { // stay - MessageBox("OnOK::Illegal space found!", "Error", MB_OK); - } - else - CDialog::OnOK(); // exit -} - -void CKrbAddHostServer::OnChangeEditKdcHost() -{ - if (!m_startup) - GetDlgItemText(IDC_EDIT_KDC_HOST, m_newHost); -} - -void CKrbAddHostServer::OnShowWindow(BOOL bShow, UINT nStatus) -{ - CDialog::OnShowWindow(bShow, nStatus); - m_startup = FALSE; -} diff -Nru krb5-1.16.2/src/windows/leash/KrbAddHostServer.h krb5-1.17/src/windows/leash/KrbAddHostServer.h --- krb5-1.16.2/src/windows/leash/KrbAddHostServer.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/KrbAddHostServer.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,53 +0,0 @@ -#if !defined(AFX_KRBADDHOSTSERVER_H__1B6B6ED8_D26D_11D2_95AF_0000861B8A3C__INCLUDED_) -#define AFX_KRBADDHOSTSERVER_H__1B6B6ED8_D26D_11D2_95AF_0000861B8A3C__INCLUDED_ - -#if _MSC_VER > 1000 -#pragma once -#endif // _MSC_VER > 1000 -// KrbAddHostServer.h : header file -// - -///////////////////////////////////////////////////////////////////////////// -// CKrbAddHostServer dialog - -class CKrbAddHostServer : public CDialog -{ -// Construction - CString m_newHost; - BOOL m_startup; - -public: - CKrbAddHostServer(CWnd* pParent = NULL); // standard constructor - CString GetNewHost() {return m_newHost;} - - -// Dialog Data - //{{AFX_DATA(CKrbAddHostServer) - enum { IDD = IDD_KRB_ADD_KDC_HOSTSERVER}; - // NOTE: the ClassWizard will add data members here - //}}AFX_DATA - - -// Overrides - // ClassWizard generated virtual function overrides - //{{AFX_VIRTUAL(CKrbAddHostServer) - protected: - virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support - //}}AFX_VIRTUAL - -// Implementation -protected: - - // Generated message map functions - //{{AFX_MSG(CKrbAddHostServer) - virtual void OnOK(); - afx_msg void OnChangeEditKdcHost(); - afx_msg void OnShowWindow(BOOL bShow, UINT nStatus); - //}}AFX_MSG - DECLARE_MESSAGE_MAP() -}; - -//{{AFX_INSERT_LOCATION}} -// Microsoft Visual C++ will insert additional declarations immediately before the previous line. - -#endif // !defined(AFX_KRBADDHOSTSERVER_H__1B6B6ED8_D26D_11D2_95AF_0000861B8A3C__INCLUDED_) diff -Nru krb5-1.16.2/src/windows/leash/KrbAddRealm.cpp krb5-1.17/src/windows/leash/KrbAddRealm.cpp --- krb5-1.16.2/src/windows/leash/KrbAddRealm.cpp 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/KrbAddRealm.cpp 1970-01-01 00:00:00.000000000 +0000 @@ -1,88 +0,0 @@ -// File: KrbAddRealm.cpp -// By: Arthur David Leather -// Created: 12/02/98 -// Copyright @1998 Massachusetts Institute of Technology - All rights reserved. -// Description: CPP file for KrbAddRealm.h. Contains variables and functions -// for Kerberos Four and Five Properties -// -// History: -// -// MM/DD/YY Inits Description of Change -// 12/02/98 ADL Original -// ************************************************************************************** - - -#include "stdafx.h" -#include "leash.h" -#include "KrbAddRealm.h" - -#ifdef _DEBUG -#define new DEBUG_NEW -#undef THIS_FILE -static char THIS_FILE[] = __FILE__; -#endif - -///////////////////////////////////////////////////////////////////////////// -// CKrbAddRealm dialog - - -CKrbAddRealm::CKrbAddRealm(CWnd* pParent /*=NULL*/) -: CDialog(CKrbAddRealm::IDD, pParent) -{ - m_newRealm = _T(""); - m_startup = TRUE; - - //{{AFX_DATA_INIT(CKrbAddRealm) - // NOTE: the ClassWizard will add member initialization here - //}}AFX_DATA_INIT -} - - -void CKrbAddRealm::DoDataExchange(CDataExchange* pDX) -{ - CDialog::DoDataExchange(pDX); - //{{AFX_DATA_MAP(CKrbAddRealm) - // NOTE: the ClassWizard will add DDX and DDV calls here - //}}AFX_DATA_MAP -} - - -BEGIN_MESSAGE_MAP(CKrbAddRealm, CDialog) - //{{AFX_MSG_MAP(CKrbAddRealm) - ON_WM_SHOWWINDOW() - ON_EN_CHANGE(IDC_EDIT_REALM, OnChangeEditRealm) - //}}AFX_MSG_MAP -END_MESSAGE_MAP() - -///////////////////////////////////////////////////////////////////////////// -// CKrbAddRealm message handlers - -void CKrbAddRealm::OnShowWindow(BOOL bShow, UINT nStatus) -{ - CDialog::OnShowWindow(bShow, nStatus); - m_startup = FALSE; -} - -void CKrbAddRealm::OnChangeEditRealm() -{ - if (!m_startup) - GetDlgItemText(IDC_EDIT_REALM, m_newRealm); -} - -void CKrbAddRealm::OnOK() -{ - m_newRealm.TrimLeft(); - m_newRealm.TrimRight(); - - if (m_newRealm.IsEmpty()) - { // stay - MessageBox("OnOK:: Kerberos Realm must be filled in!", - "Leash", MB_OK); - } - else if (-1 != m_newRealm.Find(' ')) - { // stay - MessageBox("OnOK::Illegal space found!", "Leash", MB_OK); - } - else - CDialog::OnOK(); // exit -} diff -Nru krb5-1.16.2/src/windows/leash/KrbAddRealm.h krb5-1.17/src/windows/leash/KrbAddRealm.h --- krb5-1.16.2/src/windows/leash/KrbAddRealm.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/KrbAddRealm.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,66 +0,0 @@ -// ************************************************************************************** -// File: KrbAddRealm.h -// By: Arthur David Leather -// Created: 12/02/98 -// Copyright @1998 Massachusetts Institute of Technology - All rights reserved. -// Description: H file for KrbAddRealm.cpp Contains variables and functions -// for Kerberos Four and Five Properties -// -// History: -// -// MM/DD/YY Inits Description of Change -// 12/02/98 ADL Original -// ************************************************************************************** - - -#if !defined(AFX_ADDTOREALMHOSTLIST_H__26A1E1F3_9117_11D2_94D0_0000861B8A3C__INCLUDED_) -#define AFX_ADDTOREALMHOSTLIST_H__26A1E1F3_9117_11D2_94D0_0000861B8A3C__INCLUDED_ - -#if _MSC_VER > 1000 -#pragma once -#endif // _MSC_VER > 1000 -// AddToRealmHostList.h : header file -// - -///////////////////////////////////////////////////////////////////////////// -// CKrbAddRealm dialog - -class CKrbAddRealm : public CDialog -{ -// Construction - CString m_newRealm; - BOOL m_startup; - -public: - CKrbAddRealm(CWnd* pParent = NULL); // standard constructor - CString GetNewRealm() {return m_newRealm;} - -// Dialog Data - //{{AFX_DATA(CKrbAddRealm) - enum { IDD = IDD_KRB_ADD_REALM }; - //}}AFX_DATA - - -// Overrides - // ClassWizard generated virtual function overrides - //{{AFX_VIRTUAL(CKrbAddRealm) - protected: - virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support - //}}AFX_VIRTUAL - -// Implementation -protected: - - // Generated message map functions - //{{AFX_MSG(CKrbAddRealm) - afx_msg void OnShowWindow(BOOL bShow, UINT nStatus); - virtual void OnOK(); - afx_msg void OnChangeEditRealm(); - //}}AFX_MSG - DECLARE_MESSAGE_MAP() -}; - -//{{AFX_INSERT_LOCATION}} -// Microsoft Visual C++ will insert additional declarations immediately before the previous line. - -#endif // !defined(AFX_ADDTOREALMHOSTLIST_H__26A1E1F3_9117_11D2_94D0_0000861B8A3C__INCLUDED_) diff -Nru krb5-1.16.2/src/windows/leash/KrbConfigOptions.cpp krb5-1.17/src/windows/leash/KrbConfigOptions.cpp --- krb5-1.16.2/src/windows/leash/KrbConfigOptions.cpp 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/KrbConfigOptions.cpp 1970-01-01 00:00:00.000000000 +0000 @@ -1,674 +0,0 @@ -// ************************************************************************************** -// File: KrbConfigOptions.cpp -// By: Arthur David Leather -// Created: 12/02/98 -// Copyright @1998 Massachusetts Institute of Technology - All rights reserved. -// Description: CPP file for KrbProperties.h. Contains variables and functions -// for Kerberos Four and Five Properties -// -// History: -// -// MM/DD/YY Inits Description of Change -// 2/01/98 ADL Original -// ************************************************************************************** - - -#include "stdafx.h" -#include "Leash.h" -#include "KrbProperties.h" -#include "KrbConfigOptions.h" -#include "LeashFileDialog.h" -#include "LeashMessageBox.h" -#include "wshelper.h" -#include "lglobals.h" -#include -#include -#include "reminder.h" - -#ifdef _DEBUG -#define new DEBUG_NEW -#undef THIS_FILE -static char THIS_FILE[] = __FILE__; -#endif - - -/////////////////////////////////////////////////////////////////////// -// CKrbConfigOptions property page - -CString CKrbConfigOptions::m_newDefaultRealm; -CString CKrbConfigOptions::m_hostServer; -CComboBox CKrbConfigOptions::m_krbRealmEditbox; -BOOL CKrbConfigOptions::m_profileError; -BOOL CKrbConfigOptions::m_dupEntriesError; - -IMPLEMENT_DYNCREATE(CKrbConfigOptions, CPropertyPage) - -CKrbConfigOptions::CKrbConfigOptions() : CPropertyPage(CKrbConfigOptions::IDD) -{ - m_initDefaultRealm = _T(""); - m_newDefaultRealm = _T(""); - m_startupPage2 = TRUE; - m_noKrbFileError = FALSE; - m_noKrbhostWarning = FALSE; - m_dupEntriesError = FALSE; - m_profileError = FALSE; - m_noRealm = FALSE; - - //{{AFX_DATA_INIT(CKrbConfigOptions) - //}}AFX_DATA_INIT -} - -CKrbConfigOptions::~CKrbConfigOptions() -{ -} - -VOID CKrbConfigOptions::DoDataExchange(CDataExchange* pDX) -{ - TRACE("Entering CKrbConfigOptions::DoDataExchange -- %d\n", - pDX->m_bSaveAndValidate); - CPropertyPage::DoDataExchange(pDX); - //{{AFX_DATA_MAP(CKrbConfigOptions) - DDX_Control(pDX, IDC_EDIT_DEFAULT_REALM, m_krbRealmEditbox); - //}}AFX_DATA_MAP -} - -static char far * near parse_str(char far*buffer,char far*result) -{ - while (isspace(*buffer)) - buffer++; - while (!isspace(*buffer)) - *result++=*buffer++; - *result='\0'; - return buffer; -} - -#ifndef NO_KRB4 -int krb_get_krbhst(char* h, char* r, int n) -{ - char lbstorage[BUFSIZ]; - char tr[REALM_SZ]; - static FILE *cnffile; /*XXX pbh added static because of MS bug in fgets() */ - static char FAR *linebuf; /*XXX pbh added static because of MS bug in fgets() */ - int i; - char *p; - - //static char buffer[80]; - //krb_get_krbconf(buffer); - memset(lbstorage, '\0', BUFSIZ ); /* 4-22-94 */ - linebuf = &lbstorage[0]; - - if ((cnffile = fopen(CKrbProperties::m_krbPath,"r")) == NULL) { - if (n==1) { - (void) strcpy(h,KRB_HOST); - return(KSUCCESS); - } else { - return(KFAILURE); - } - } - /* linebuf=(char FAR *)malloc(BUFSIZ); */ /*4-22-94*/ - if (fgets(linebuf,BUFSIZ,cnffile)==NULL) { - /* free(linebuf); */ /* 4-22-94 */ - - return(KFAILURE); - } - /* bzero( tr, sizeof(tr) ); */ /* pbh 2-24-93 */ - memset(tr, '\0', sizeof(tr) ); - parse_str(linebuf,tr); - if (*tr=='\0') { - return (KFAILURE); - } - /* run through the file, looking for the nth server for this realm */ - for (i = 1; i <= n;) { - if (fgets(linebuf, BUFSIZ, cnffile) == NULL) { - /* free(linebuf); */ /*4-22-94*/ - (void) fclose(cnffile); - return(KFAILURE); - } - /* bzero( tr, sizeof(tr) ); */ /* pbh 2-24-93 */ - memset(tr, '\0', sizeof(tr) ); - p=parse_str(linebuf,tr); - if (*tr=='\0') - continue; - memset(h, '\0', lstrlen(h) ); - parse_str(p,h); - if (*tr=='\0') - continue; - if (!lstrcmp(tr,r)) - i++; - } - /* free(linebuf); */ /*4-22-94*/ - (void) fclose(cnffile); - return(KSUCCESS); -} -#endif - -BOOL CKrbConfigOptions::OnInitDialog() -{ - m_initDefaultRealm = _T(""); - m_newDefaultRealm = _T(""); - m_noKrbFileError = FALSE; - m_noKrbhostWarning = FALSE; - m_dupEntriesError = FALSE; - m_profileError = FALSE; - m_noRealm = FALSE; - - CPropertyPage::OnInitDialog(); - -#ifndef NO_KRB4 - if (CLeashApp::m_hKrb4DLL && !CLeashApp::m_hKrb5DLL) - { // Krb4 NOT krb5 - // Fill in all edit boxes - char krbRealm[REALM_SZ + 1]; - char krbhst[MAX_HSTNM + 1]; - CStdioFile krbCon; - if (!krbCon.Open(CKrbProperties::m_krbPath, CFile::modeRead)) - { - SetDlgItemText(IDC_EDIT_DEFAULT_REALM, KRB_REALM); - SetDlgItemText(IDC_EDIT_REALM_HOSTNAME, KRB_MASTER); - //CheckRadioButton(IDC_RADIO_ADMIN_SERVER, IDC_RADIO_NO_ADMIN_SERVER, IDC_RADIO_NO_ADMIN_SERVER); - m_initDefaultRealm = m_newDefaultRealm = KRB_REALM; - } - else - { // place krbRealm in Edit box - memset(krbRealm, '\0', sizeof(krbRealm)); - if (!krbCon.ReadString(krbRealm, sizeof(krbRealm)) || '\r' == *krbRealm || - '\n' == *krbRealm || '\0' == *krbRealm) - { - SetDlgItemText(IDC_EDIT_DEFAULT_REALM, KRB_REALM); - SetDlgItemText(IDC_EDIT_REALM_HOSTNAME, KRB_MASTER); - m_initDefaultRealm = m_newDefaultRealm = KRB_REALM; - } - else - { - *(krbRealm + strlen(krbRealm) - 1) = 0; - LPSTR pSpace = strchr(krbRealm, ' '); - if (pSpace) - *pSpace = 0; - - m_initDefaultRealm = m_newDefaultRealm = krbRealm; - - memset(krbhst, '\0', sizeof(krbhst)); - krbCon.Close(); - - // Check for Host - // don't use KRB4 - krb_get_krbhst - would have to re-logon, on file location - // change, to use this function - if (KFAILURE == pkrb_get_krbhst(krbhst, krbRealm, 1)) - { - m_noKrbhostWarning = TRUE; - } - else - { // place hostname in Edit Box - //SetDlgItemText(IDC_EDIT_REALM_HOSTNAME, krbhst); - - m_hostServer = krbhst; - - // New stuff to put realms in Combo Box - CStdioFile krbCon; - if (!krbCon.Open(CKrbProperties::m_krbPath, CFile::modeRead)) - { - m_noKrbFileError = TRUE; - m_noRealm = TRUE; - } else { - - LPSTR space = NULL; - CHAR lineBuf[REALM_SZ + MAX_HSTNM + 20]; - CHAR localRealm[REALM_SZ + MAX_HSTNM + 20]; - memset(lineBuf, '\0', sizeof(lineBuf)); - memset(localRealm, '\0', sizeof(localRealm)); - - if (krbCon.ReadString(localRealm, sizeof(localRealm))) - *(localRealm + strlen(localRealm) - 1) = 0; - else - return FALSE; - - space = strchr(localRealm, ' '); - if (space) - *space = 0; - - while (TRUE) - { - if (!krbCon.ReadString(lineBuf, sizeof(lineBuf))) - break; - - *(lineBuf + sizeof(lineBuf) - 1) = 0; - - if (strlen(lineBuf) == 0) - continue; - - space = strchr(lineBuf, ' '); - if (!space) space = strchr(lineBuf, '\t'); - if (space) - *space = 0; - else - ASSERT(0); - - // skip Kerberos Options - if ( !strncmp(".KERBEROS.OPTION.",lineBuf,17) ) - continue; - - if (CB_ERR == m_krbRealmEditbox.FindStringExact(-1, lineBuf)) - { // no dups - if (LB_ERR == m_krbRealmEditbox.AddString(lineBuf)) - { - MessageBox("OnInitDialog::Can't add to Kerberos Realm Combobox", - "Leash", MB_OK); - return FALSE; - } - } - } - - m_krbRealmEditbox.SelectString(-1, krbRealm); - - } // end of 'else' - } // end of 'place hostname in Edit Box' else statement - } // end of 'Check for Host' else statement - } // end of 'place krbRealm in Edit box' else - } - else -#endif - if (CLeashApp::m_hKrb5DLL) - { // Krb5 OR krb5 AND krb4 - char *realm = NULL; - pkrb5_get_default_realm(CLeashApp::m_krbv5_context, &realm); - - if (!realm) - m_noRealm = TRUE; - - m_initDefaultRealm = m_newDefaultRealm = realm; - - if ( !CLeashApp::m_krbv5_profile ) { - CHAR confname[MAX_PATH]; - if (!CLeashApp::GetProfileFile(confname, sizeof(confname))) - { - const char *filenames[2]; - filenames[0] = confname; - filenames[1] = NULL; - pprofile_init(filenames, &CLeashApp::m_krbv5_profile); - } - } - - CHAR selRealm[REALM_SZ]; - strcpy(selRealm, m_newDefaultRealm); - const char* Section[] = {"realms", selRealm, "kdc", NULL}; - const char** section = Section; - char **values = NULL; - char * value = NULL; - - long retval = pprofile_get_values(CLeashApp::m_krbv5_profile, - section, &values); - - if (!retval && values) - m_hostServer = *values; - else { - int dns_in_use = 0; - // Determine if we are using DNS for KDC lookups - retval = pprofile_get_string(CLeashApp::m_krbv5_profile, "libdefaults", - "dns_lookup_kdc", 0, 0, &value); - if (value == 0 && retval == 0) - retval = pprofile_get_string(CLeashApp::m_krbv5_profile, "libdefaults", - "dns_fallback", 0, 0, &value); - if (value == 0) { - dns_in_use = 1; - } else { - dns_in_use = config_boolean_to_int(value); - pprofile_release_string(value); - } - if (dns_in_use) - m_hostServer = "DNS SRV record lookups will be used to find KDC"; - else { - m_hostServer = "No KDC information available"; - } - } - SetDlgItemText(IDC_EDIT_REALM_HOSTNAME, m_hostServer); - - if ( realm ) - pkrb5_free_default_realm(CLeashApp::m_krbv5_context, realm); - } - - // Set host and domain names in their Edit Boxes, respectively. - char hostName[80]=""; - char domainName[80]=""; - int ckHost = wsh_gethostname(hostName, sizeof(hostName)); - int ckdomain = wsh_getdomainname(domainName, sizeof(domainName)); - CString dot_DomainName = "."; - dot_DomainName += domainName; - - SetDlgItemText(IDC_EDIT_HOSTNAME, ckHost == 0 ? hostName : ""); - SetDlgItemText(IDC_EDIT_DOMAINNAME, ckdomain == 0 ? dot_DomainName : ""); - - return m_noRealm; -} - -BOOL CKrbConfigOptions::OnApply() -{ - // If no changes were made, quit this function - if (0 == m_initDefaultRealm.CompareNoCase(m_newDefaultRealm)) - return TRUE; - - m_newDefaultRealm.TrimLeft(); - m_newDefaultRealm.TrimRight(); - - if (m_newDefaultRealm.IsEmpty()) - { - MessageBox("OnApply::Your Kerberos Realm field must be filled in!", - "Leash", MB_OK); - m_newDefaultRealm = m_initDefaultRealm; - SetDlgItemText(IDC_EDIT_DEFAULT_REALM, m_newDefaultRealm); - return TRUE; - } - - CStdioFile krbCon; - if (!krbCon.Open(CKrbProperties::m_krbPath, CFile::modeCreate | - CFile::modeNoTruncate | - CFile::modeRead)) - { - LeashErrorBox("OnApply::Can't open configuration file", - CKrbProperties::m_krbPath); - return TRUE; - } - - CStdioFile krbCon2; - CString krbCon2File = CKrbProperties::m_krbPath; - krbCon2File += "___"; - if (!krbCon2.Open(krbCon2File, CFile::modeCreate | CFile::modeWrite)) - { - LeashErrorBox("OnApply:: Can't open configuration file", - CKrbProperties::m_krbPath); - return TRUE; - } - - CString readWrite; - krbCon.ReadString(readWrite); - krbCon2.WriteString(m_newDefaultRealm); - krbCon2.WriteString("\n"); - while (krbCon.ReadString(readWrite)) - { - krbCon2.WriteString(readWrite); - krbCon2.WriteString("\n"); - } - - krbCon.Close(); - krbCon2.Close(); - krbCon2.Remove(CKrbProperties::m_krbPath); - krbCon2.Rename(krbCon2File, CKrbProperties::m_krbPath); - - if (CLeashApp::m_hKrb5DLL) - { // Krb5 OR krb5 AND krb4 - if ( !CLeashApp::m_krbv5_profile ) { - CHAR confname[MAX_PATH]; - if (!CLeashApp::GetProfileFile(confname, sizeof(confname))) - { - const char *filenames[2]; - filenames[0] = confname; - filenames[1] = NULL; - pprofile_init(filenames, &CLeashApp::m_krbv5_profile); - } - } - - const char* Names[] = {"libdefaults", "default_realm", NULL}; - const char** names = Names; - - long retval = pprofile_update_relation(CLeashApp::m_krbv5_profile, - names, m_initDefaultRealm, m_newDefaultRealm); - - if (retval) - { - MessageBox("OnApply::The previous value cannot be found, the profile will not be saved!!!\ - \nIf this error persists after restarting Leash, contact your administrator.", - "Leash", MB_OK); - return TRUE; - } - - // Save to Kerberos Five config. file "Krb5.ini" - retval = pprofile_flush(CLeashApp::m_krbv5_profile); - } - - m_initDefaultRealm = m_newDefaultRealm; - return TRUE; -} - -void CKrbConfigOptions::OnSelchangeEditDefaultRealm() -{ - if (!m_startupPage2) - { - GetDlgItemText(IDC_EDIT_DEFAULT_REALM, m_newDefaultRealm); - SetModified(TRUE); - - if (CLeashApp::m_hKrb5DLL) - { - CHAR selRealm[REALM_SZ]; - strcpy(selRealm, m_newDefaultRealm); - const char* Section[] = {"realms", selRealm, "kdc", NULL}; - const char** section = Section; - char **values = NULL; - char * value = NULL; - - long retval = pprofile_get_values(CLeashApp::m_krbv5_profile, - section, &values); - - if (!retval && values) - SetDlgItemText(IDC_EDIT_REALM_HOSTNAME, *values); - else { - int dns_in_use = 0; - // Determine if we are using DNS for KDC lookups - retval = pprofile_get_string(CLeashApp::m_krbv5_profile, "libdefaults", - "dns_lookup_kdc", 0, 0, &value); - if (value == 0 && retval == 0) - retval = pprofile_get_string(CLeashApp::m_krbv5_profile, "libdefaults", - "dns_fallback", 0, 0, &value); - if (value == 0) { - dns_in_use = 1; - } else { - dns_in_use = config_boolean_to_int(value); - pprofile_release_string(value); - } - if (dns_in_use) - SetDlgItemText(IDC_EDIT_REALM_HOSTNAME, "DNS SRV record lookups will be used to find KDC"); - else - SetDlgItemText(IDC_EDIT_REALM_HOSTNAME, "No KDC information available"); - } - } -#ifndef NO_KRB4 - else - { - CHAR krbhst[MAX_HSTNM + 1]; - CHAR krbrlm[REALM_SZ + 1]; - - strcpy(krbrlm, CKrbConfigOptions::m_newDefaultRealm); - memset(krbhst, '\0', sizeof(krbhst)); - - // Check for Host - // don't use KRB4 - krb_get_krbhst - would have to re-logon, on file location - // change, to use this function - if (KFAILURE == pkrb_get_krbhst(krbhst, krbrlm, 1)) - { - MessageBox("OnSelchangeEditDefaultRealm::Unable to find the Host Server for your Default Realm!!!\ - \n 'Apply' your changes and try again.", - "Leash", MB_OK); - SetDlgItemText(IDC_EDIT_REALM_HOSTNAME, ""); - return; - } - - m_hostServer = krbhst; - if (strlen(krbhst)) - SetDlgItemText(IDC_EDIT_REALM_HOSTNAME, m_hostServer); - } -#endif - } -} - -void CKrbConfigOptions::OnEditchangeEditDefaultRealm() -{ - if (!m_startupPage2) - { - GetDlgItemText(IDC_EDIT_DEFAULT_REALM, m_newDefaultRealm); - SetModified(TRUE); - } -} - -void CKrbConfigOptions::OnShowWindow(BOOL bShow, UINT nStatus) -{ - CPropertyPage::OnShowWindow(bShow, nStatus); - - if (CLeashApp::m_hKrb5DLL) - ResetDefaultRealmComboBox(); - - SetDlgItemText(IDC_EDIT_REALM_HOSTNAME, m_hostServer); -} - -void CKrbConfigOptions::ResetDefaultRealmComboBox() -{ // Krb5 is loaded - // Reset Config Tab's Default Realm Combo Editbox - const char* rootSection[] = {"realms", NULL}; - const char** rootsec = rootSection; - char **sections = NULL, - **cpp = NULL, - *value = 0; - int dns; - - long retval = pprofile_get_string(CLeashApp::m_krbv5_profile, "libdefaults", - "dns_lookup_kdc", 0, 0, &value); - if (value == 0 && retval == 0) - retval = pprofile_get_string(CLeashApp::m_krbv5_profile, "libdefaults", - "dns_fallback", 0, 0, &value); - if (value == 0) { - dns = 1; - } else { - dns = config_boolean_to_int(value); - pprofile_release_string(value); - } - - retval = pprofile_get_subsection_names(CLeashApp::m_krbv5_profile, - rootsec , §ions); - - if (retval) - { - m_hostServer = _T(""); - - // This is not a fatal error if DNS KDC Lookup is being used. - // Determine the starting value for DNS KDC Lookup Checkbox - if ( dns ) - return; - - m_profileError = TRUE; - } - - m_krbRealmEditbox.ResetContent(); - - if ( !m_profileError ) { - for (cpp = sections; *cpp; cpp++) - { - if (CB_ERR == m_krbRealmEditbox.FindStringExact(-1, *cpp)) - { // no dups - if (CB_ERR == m_krbRealmEditbox.AddString(*cpp)) - { - ::MessageBox(NULL, "ResetDefaultRealmComboBox::Can't add to Kerberos Realm Combobox", - "Leash", MB_OK); - return; - } - } - else - m_dupEntriesError = TRUE; - } - } - - if (!m_newDefaultRealm.IsEmpty()) { - - if (CB_ERR == m_krbRealmEditbox.FindStringExact(-1, m_newDefaultRealm)) - { // no dups - m_krbRealmEditbox.AddString(m_newDefaultRealm); - } - m_krbRealmEditbox.SelectString(-1, m_newDefaultRealm); - - const char* Section[] = {"realms", m_newDefaultRealm, "kdc", NULL}; //theSection - const char** section = Section; - char **values = NULL; - - retval = pprofile_get_values(CLeashApp::m_krbv5_profile, - section, &values); - - if (!retval && values) - m_hostServer = *values; - else { - if (dns) - m_hostServer = "DNS SRV record lookups will be used to find KDC"; - else { - m_hostServer = "No KDC information available"; - } - } - } -} - -BOOL CKrbConfigOptions::PreTranslateMessage(MSG* pMsg) -{ - if (!m_startupPage2) - { - if (m_noKrbFileError) - { - LeashErrorBox("PreTranslateMessage::Unable to open configuration file", - !strlen(CKrbProperties::m_krbPath) ? KRB_FILE : - CKrbProperties::m_krbPath); - m_noKrbFileError = FALSE; - } - - if (m_noKrbhostWarning) - { - MessageBox("PreTranslateMessage::Unable to locate the Kerberos Host for your Kerberos Realm!", - "Leash", MB_OK); - m_noKrbhostWarning = FALSE; - } - - if (m_dupEntriesError) - { - MessageBox("PreTranslateMessage::Found duplicate entries in the Kerberos 5 Config. File!!!\ - \nPlease contact your Administrator.", - "Leash", MB_OK); - - m_dupEntriesError = FALSE; - } - - if (m_profileError) - { - MessageBox("PreTranslateMessage::Unable to open Kerberos 5 Config. File!!!\ - \nIf this error persists, contact your administrator.", - "Leash", MB_OK); - m_profileError = FALSE; - } - - if (m_noRealm) - { - MessageBox("PreTranslateMessage::Unable to determine the Default Realm.\ - \n Contact your Administrator!", - "Leash", MB_OK); - - m_noRealm = FALSE; - } - } - - m_startupPage2 = FALSE; - return CPropertyPage::PreTranslateMessage(pMsg); -} - - -BEGIN_MESSAGE_MAP(CKrbConfigOptions, CPropertyPage) - //{{AFX_MSG_MAP(CKrbConfigOptions) - ON_WM_SHOWWINDOW() - ON_CBN_EDITCHANGE(IDC_EDIT_DEFAULT_REALM, OnEditchangeEditDefaultRealm) - ON_CBN_SELCHANGE(IDC_EDIT_DEFAULT_REALM, OnSelchangeEditDefaultRealm) - ON_BN_CLICKED(IDC_BUTTON_KRB_HELP, OnButtonKrbHelp) - ON_BN_CLICKED(IDC_BUTTON_KRBREALM_HELP, OnButtonKrbrealmHelp) - //}}AFX_MSG_MAP -END_MESSAGE_MAP() - - - -void CKrbConfigOptions::OnButtonKrbHelp() -{ - MessageBox("No Help Available!", "Leash", MB_OK); -} - -void CKrbConfigOptions::OnButtonKrbrealmHelp() -{ - MessageBox("No Help Available!", "Leash", MB_OK); -} diff -Nru krb5-1.16.2/src/windows/leash/KrbConfigOptions.h krb5-1.17/src/windows/leash/KrbConfigOptions.h --- krb5-1.16.2/src/windows/leash/KrbConfigOptions.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/KrbConfigOptions.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,89 +0,0 @@ -// ************************************************************************************** -// File: KrbConfigOptions.h -// By: Arthur David Leather -// Created: 12/02/98 -// Copyright @1998 Massachusetts Institute of Technology - All rights reserved. -// Description: H file for KrbProperties.cpp. Contains variables and functions -// for Kerberos Four Properties -// -// History: -// -// MM/DD/YY Inits Description of Change -// 2/01/98 ADL Original -// ************************************************************************************** - - -#if !defined(AFX_CONFIGOPTIONS_H__CD702F99_7495_11D0_8FDC_00C04FC2A0C2__INCLUDED_) -#define AFX_CONFIGOPTIONS_H__CD702F99_7495_11D0_8FDC_00C04FC2A0C2__INCLUDED_ - -#if _MSC_VER >= 1000 -#pragma once -#endif // _MSC_VER >= 1000 -// Krb4Properties.h : header file -// - -#include "Resource.h" - - -/////////////////////////////////////////////////////////////////////// -// CKrbConfigOptions dialog - -class CKrbConfigOptions : public CPropertyPage -{ -// Construction -private: - DECLARE_DYNCREATE(CKrbConfigOptions) - BOOL m_startupPage2; - BOOL m_noKrbFileError; - BOOL m_noKrbhostWarning; - static BOOL m_profileError; - static BOOL m_dupEntriesError; - BOOL m_noRealm; - CString m_initDefaultRealm; - static CString m_newDefaultRealm; ///// also used for CKrb4DomainRealmMaintenance - static CString m_hostServer; - - static void ResetDefaultRealmComboBox(); - -public: - CKrbConfigOptions(); - ~CKrbConfigOptions(); - -// Dialog Data - //{{AFX_DATA(CKrbConfigOptions) - enum { IDD = IDD_KRB_PROP_CONTENT }; - static CComboBox m_krbRealmEditbox; - //}}AFX_DATA - - -// Overrides - // ClassWizard generate virtual function overrides - //{{AFX_VIRTUAL(CKrbConfigOptions) - public: - virtual BOOL PreTranslateMessage(MSG* pMsg); - protected: - virtual VOID DoDataExchange(CDataExchange* pDX); // DDX/DDV support - //}}AFX_VIRTUAL - - virtual BOOL OnApply(); - -// Implementation -protected: - // Generated message map functions - //{{AFX_MSG(CKrbConfigOptions) - virtual BOOL OnInitDialog(); - afx_msg void OnShowWindow(BOOL bShow, UINT nStatus); - afx_msg void OnEditchangeEditDefaultRealm(); - afx_msg void OnSelchangeEditDefaultRealm(); - afx_msg void OnButtonKrbHelp(); - afx_msg void OnButtonKrbrealmHelp(); - //}}AFX_MSG - DECLARE_MESSAGE_MAP() - -}; - -///////////////////////////////////////////////////////////////////////////// -//{{AFX_INSERT_LOCATION}} -// Microsoft Developer Studio will insert additional declarations immediately before the previous line. - -#endif // !defined(AFX_CONFIGOPTIONS_H__CD702F99_7495_11D0_8FDC_00C04FC2A0C2__INCLUDED_) diff -Nru krb5-1.16.2/src/windows/leash/KrbDomainRealmMaintenance.cpp krb5-1.17/src/windows/leash/KrbDomainRealmMaintenance.cpp --- krb5-1.16.2/src/windows/leash/KrbDomainRealmMaintenance.cpp 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/KrbDomainRealmMaintenance.cpp 1970-01-01 00:00:00.000000000 +0000 @@ -1,440 +0,0 @@ -// CKrbDomainRealmMaintenance.cpp : implementation file -// - -#include "stdafx.h" -#include "leash.h" -#include "KrbDomainRealmMaintenance.h" -#include "Krb4AddToDomainRealmList.h" -#include "Krb4EditDomainRealmList.h" -#include "KrbProperties.h" - -#ifdef _DEBUG -#define new DEBUG_NEW -#undef THIS_FILE -static char THIS_FILE[] = __FILE__; -#endif - -///////////////////////////////////////////////////////////////////////////// -// CKrbDomainRealmMaintenance dialog - - -CKrbDomainRealmMaintenance::CKrbDomainRealmMaintenance(CWnd* pParent /*=NULL*/) - :CPropertyPage(CKrbDomainRealmMaintenance::IDD) -{ - m_dupEntiesError = FALSE; - //{{AFX_DATA_INIT(CKrbDomainRealmMaintenance) - // NOTE: the ClassWizard will add member initialization here - //}}AFX_DATA_INIT -} - - -void CKrbDomainRealmMaintenance::DoDataExchange(CDataExchange* pDX) -{ - CPropertyPage::DoDataExchange(pDX); - //{{AFX_DATA_MAP(CKrbDomainRealmMaintenance) - DDX_Control(pDX, IDC_LIST_DOMAINREALM, m_KDCDomainList); - //}}AFX_DATA_MAP -} - - -BEGIN_MESSAGE_MAP(CKrbDomainRealmMaintenance, CPropertyPage) - //{{AFX_MSG_MAP(CKrbDomainRealmMaintenance) - ON_BN_CLICKED(IDC_BUTTON_HOST_ADD, OnButtonHostAdd) - ON_BN_CLICKED(IDC_BUTTON_HOST_EDIT, OnButtonHostEdit) - ON_BN_CLICKED(ID_BUTTON_HOST_REMOVE, OnButtonHostRemove) - ON_LBN_DBLCLK(IDC_LIST_DOMAINREALM, OnDblclkListDomainrealm) - ON_BN_CLICKED(IDC_BUTTON_HOSTMAINT_HELP, OnButtonHostmaintHelp) - //}}AFX_MSG_MAP -END_MESSAGE_MAP() - -///////////////////////////////////////////////////////////////////////////// -// CKrbDomainRealmMaintenance message handlers - -BOOL CKrbDomainRealmMaintenance::OnInitDialog() -{ - CPropertyPage::OnInitDialog(); - - char theName[REALM_SZ + 1]; - char theNameValue[REALM_SZ + MAX_HSTNM + 2]; - const char* Section[] = {"domain_realm", theName, NULL}; //theSection - const char** section = Section; - char **values = NULL, - **vpp = NULL; - - const char* rootSection[] = {"domain_realm", NULL}; - const char** rootsec = rootSection; - char **sections = NULL, - **cpp = NULL; - - long retval = pprofile_get_relation_names(CLeashApp::m_krbv5_profile, - rootsec, §ions); - - if (retval && PROF_NO_RELATION != retval) - { - MessageBox("OnInitDialog::There is on error, profile will not be saved!!!\ - \nIf this error persist, contact your administrator.", - "Leash", MB_OK); - return TRUE; - } - - - for (cpp = sections; *cpp; cpp++) - { - strcpy(theName, *cpp); - retval = pprofile_get_values(CLeashApp::m_krbv5_profile, - section, &values); - - for (vpp = values; *vpp; vpp++) - { - strcpy(theNameValue, theName); - strcat(theNameValue, " "); - strcat(theNameValue, *vpp); - - if (LB_ERR == m_KDCDomainList.FindStringExact(-1, theNameValue)) - { - if (LB_ERR == m_KDCDomainList.AddString(theNameValue)) - { - MessageBox("OnInitDialog::Can't add to Kerberos Domain Listbox", - "Leash", MB_OK); - return FALSE; - } - } - else - m_dupEntiesError = TRUE; - } - } - - m_KDCDomainList.SetCurSel(0); - - if (!m_KDCDomainList.GetCount()) - { - GetDlgItem(ID_BUTTON_HOST_REMOVE)->EnableWindow(FALSE); - GetDlgItem(IDC_BUTTON_HOST_EDIT)->EnableWindow(FALSE); - } - - return TRUE; // return TRUE unless you set the focus to a control - // EXCEPTION: OCX Property Pages should return FALSE -} - -BOOL CKrbDomainRealmMaintenance::OnApply() -{ - if (!CLeashApp::m_krbv5_profile) { - CHAR confname[MAX_PATH]; - if (!CLeashApp::GetProfileFile(confname, sizeof(confname))) - { - const char *filenames[2]; - filenames[0] = confname; - filenames[1] = NULL; - pprofile_init(filenames, &CLeashApp::m_krbv5_profile); - } - } - - // Save to Kerberos Five config. file "Krb5.ini" - long retval = pprofile_flush(CLeashApp::m_krbv5_profile); - - if (retval && PROF_NO_RELATION != retval) - { - MessageBox("OnApply::There is on error, profile will not be saved!!!\ - \nIf this error persist, contact your administrator.", - "Leash", MB_OK); - return TRUE; - } - -#ifndef NO_KRB4 - // Save to Kerberos Four config. file "Krb.con" - CStdioFile krbrealmCon; - if (!krbrealmCon.Open(CKrbProperties::m_krbrealmPath, CFile::modeCreate | - CFile::modeNoTruncate | - CFile::modeReadWrite)) - { - LeashErrorBox("OnApply::Can't open Configuration File", - CKrbProperties::m_krbrealmPath); - return TRUE; - } - - krbrealmCon.SetLength(0); - - char theNameValue[REALM_SZ + MAX_HSTNM + 2]; - - for (INT maxItems = m_KDCDomainList.GetCount(), item = 0; item < maxItems; item++) - { - if (LB_ERR == m_KDCDomainList.GetText(item, theNameValue)) - ASSERT(0); - - krbrealmCon.WriteString(theNameValue); - krbrealmCon.WriteString("\n"); - } - - krbrealmCon.Close(); -#endif - - return TRUE; -} - -void CKrbDomainRealmMaintenance::OnCancel() -{ - CHAR fileName[MAX_PATH]; - - if (CLeashApp::GetProfileFile(fileName, sizeof(fileName))) - { - MessageBox("Can't locate Kerberos Five Config. file!", "Error", MB_OK); - return; - } - - pprofile_abandon(CLeashApp::m_krbv5_profile); - - const char *filenames[2]; - filenames[0] = fileName; - filenames[1] = NULL; - pprofile_init(filenames, &CLeashApp::m_krbv5_profile); - - CPropertyPage::OnCancel(); -} - -void CKrbDomainRealmMaintenance::OnButtonHostAdd() -{ -////I don't understand why this is doing K4 operations here -#ifndef NO_KRB4 - CKrb4AddToDomainRealmList addToDomainRealmList; - if (IDOK == addToDomainRealmList.DoModal()) - { - char theName[MAX_HSTNM + 1]; - const char* Section[] = {"domain_realm", theName, NULL}; - const char** section = Section; - - if (addToDomainRealmList.GetNewRealm().IsEmpty()) - ASSERT(0); - - if (CheckForDupDomain(addToDomainRealmList.GetNewDomainHost())) - { - MessageBox("Can't have duplicate Host/Domains!\nYour entry will not be saved to list", - "Leash", MB_OK); - return; - } - - CString newLine; - newLine = addToDomainRealmList.GetNewDomainHost() + " " + addToDomainRealmList.GetNewRealm(); - - if (LB_ERR != m_KDCDomainList.FindStringExact(-1, newLine)) - { - MessageBox("We can't have duplicates!\nYour entry was not saved to list.", - "Leash", MB_OK); - return; - } - - CString newHost; // new section in the profile linklist - strcpy(theName, addToDomainRealmList.GetNewDomainHost()); - - long retval = pprofile_add_relation(CLeashApp::m_krbv5_profile, - section, addToDomainRealmList.GetNewRealm()); - - if (retval) - { - MessageBox("OnButtonHostAdd::There is on error, profile will not be saved!!!\ - \nIf this error persist, contact your administrator.", - "Leash", MB_OK); - } - - m_KDCDomainList.AddString(newLine); - SetModified(TRUE); - - if (1 == m_KDCDomainList.GetCount()) - { - GetDlgItem(ID_BUTTON_HOST_REMOVE)->EnableWindow(); - GetDlgItem(IDC_BUTTON_HOST_EDIT)->EnableWindow(); - } - } -#endif -} - -void CKrbDomainRealmMaintenance::OnButtonHostEdit() -{ - INT selItemIndex = m_KDCDomainList.GetCurSel(); - LPSTR pSelItem = new char[m_KDCDomainList.GetTextLen(selItemIndex) + 1]; - if (!pSelItem) - ASSERT(0); - - CHAR theName[MAX_HSTNM + 1]; - char theNameValue[REALM_SZ + MAX_HSTNM + 2]; - CHAR OLD_VALUE[REALM_SZ + 1]; - m_KDCDomainList.GetText(selItemIndex, theName); - strcpy(pSelItem, theName); - - LPSTR pselItem = strchr(theName, ' '); - if (pselItem) - *pselItem = 0; - else - ASSERT(0); - - strcpy(OLD_VALUE, pselItem + 1); - strcpy(theNameValue, pSelItem); - - CKrb4EditDomainRealmList editDomainRealmList(pSelItem); - - if (IDOK == editDomainRealmList.DoModal()) - { - if (0 != strcmp(theName, editDomainRealmList.GetDomainHost()) - && CheckForDupDomain(editDomainRealmList.GetDomainHost())) - { // Duplicate Host/Domain Error - MessageBox("We can't have duplicate Host/Domains!\nYour entry will not be saved to list", - "Leash", MB_OK); - return; - } - - const char* Section[] = {"domain_realm", theName, NULL}; - const char** section = Section; - - CString editedHost = editDomainRealmList.GetEditedItem(); - - if (0 != editedHost.CompareNoCase(theNameValue) && - LB_ERR != m_KDCDomainList.FindStringExact(-1, editedHost)) - { - MessageBox("We can't have duplicate Realms!\nYour entry was not saved to list.", - "Leash", MB_OK); - delete [] pSelItem; - return; - } - - long retval = pprofile_update_relation(CLeashApp::m_krbv5_profile, - section, OLD_VALUE, NULL); - - if (retval) - { - MessageBox("OnButtonHostEdit::There is on error, profile will not be saved!!!\ - \nIf this error persist, contact your administrator.", - "Leash", MB_OK); - return; - } - - strcpy(theName, editDomainRealmList.GetDomainHost()); - - retval = pprofile_add_relation(CLeashApp::m_krbv5_profile, - section, editDomainRealmList.GetRealm()); - - - if (retval) - { // thsi might not be the best way to handle this type of error - MessageBox("OnButtonHostEdit::There is on error, profile will not be saved!!!\ - \nIf this error persist, contact your administrator.", - "Leash", MB_OK); - return; - } - - m_KDCDomainList.DeleteString(selItemIndex); - m_KDCDomainList.AddString(editedHost); - selItemIndex = m_KDCDomainList.FindStringExact(-1, editedHost); - m_KDCDomainList.SetCurSel(selItemIndex); - - SetModified(TRUE); - } - - delete [] pSelItem; -} - -void CKrbDomainRealmMaintenance::OnDblclkListDomainrealm() -{ - OnButtonHostEdit(); -} - -void CKrbDomainRealmMaintenance::OnButtonHostRemove() -{ - CHAR theName[MAX_HSTNM + 1]; - CHAR OLD_VALUE[REALM_SZ + 1]; - char theNameValue[REALM_SZ + MAX_HSTNM + 2]; - const char* Section[] = {"domain_realm", theName, NULL}; - const char** section = Section; - - INT curSel = m_KDCDomainList.GetCurSel(); - m_KDCDomainList.GetText(curSel, theNameValue); - - CString serverHostMsg; - CString serverHost; - serverHostMsg.Format("Your about to remove Host/Domain \"%s\" from the list!\n\nContinue?", - theNameValue); - - if (IDYES != AfxMessageBox(serverHostMsg, MB_YESNO)) - return; - - LPSTR pNameValue = strchr(theNameValue, ' '); - if (pNameValue) - { - *pNameValue = 0; - strcpy(theName, theNameValue); - pNameValue++; - strcpy(OLD_VALUE, pNameValue); - } - else - ASSERT(0); - - if (!m_KDCDomainList.GetCount()) - { - GetDlgItem(ID_BUTTON_HOSTNAME_REMOVE)->EnableWindow(FALSE); - GetDlgItem(IDC_BUTTON_HOSTNAME_EDIT)->EnableWindow(FALSE); - } - - long retval = pprofile_update_relation(CLeashApp::m_krbv5_profile, - section, OLD_VALUE, NULL); - - if (retval) - { - MessageBox("OnButtonHostRemove::There is on error, profile will not be saved!!!\ - \nIf this error persist, contact your administrator.", - "Leash", MB_OK); - return; - } - - m_KDCDomainList.DeleteString(curSel); // Single Sel Listbox - - if (-1 == m_KDCDomainList.SetCurSel(curSel)) - m_KDCDomainList.SetCurSel(curSel - 1); - - if (!m_KDCDomainList.GetCount()) - { - GetDlgItem(ID_BUTTON_HOST_REMOVE)->EnableWindow(FALSE); - GetDlgItem(IDC_BUTTON_HOST_EDIT)->EnableWindow(FALSE); - } - - SetModified(TRUE); -} - - -BOOL CKrbDomainRealmMaintenance::PreTranslateMessage(MSG* pMsg) -{ - if (m_dupEntiesError) - { - MessageBox("Found an error (duplicate items) in your Kerberos Five Config. File!!!\ - \nPlease contract your Administrator.", - "Leash", MB_OK); - - m_dupEntiesError = FALSE; - } - - return CPropertyPage::PreTranslateMessage(pMsg); -} - -BOOL CKrbDomainRealmMaintenance::CheckForDupDomain(CString& newDomainHost) -{ - char theName[REALM_SZ + MAX_HSTNM + 2]; - - for (INT maxItems = m_KDCDomainList.GetCount(), item = 0; item < maxItems; item++) - { - if (LB_ERR == m_KDCDomainList.GetText(item, theName)) - ASSERT(0); - - LPSTR pValue = strchr(theName, ' '); - if (pValue) - *pValue = 0; - else - ASSERT(0); - - if (0 == newDomainHost.CompareNoCase(theName)) - return TRUE; - } - - return FALSE; -} - -void CKrbDomainRealmMaintenance::OnButtonHostmaintHelp() -{ - MessageBox("No Help Available!", "Leash", MB_OK); -} diff -Nru krb5-1.16.2/src/windows/leash/KrbDomainRealmMaintenance.h krb5-1.17/src/windows/leash/KrbDomainRealmMaintenance.h --- krb5-1.16.2/src/windows/leash/KrbDomainRealmMaintenance.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/KrbDomainRealmMaintenance.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,59 +0,0 @@ -#if !defined(AFX_KRBDOMAINREALMMAINTENANCE_H__6DB290A6_E14D_11D2_95CE_0000861B8A3C__INCLUDED_) -#define AFX_KRBDOMAINREALMMAINTENANCE_H__6DB290A6_E14D_11D2_95CE_0000861B8A3C__INCLUDED_ - -#if _MSC_VER > 1000 -#pragma once -#endif // _MSC_VER > 1000 -// CKrbDomainRealmMaintenance.h : header file -// - -///////////////////////////////////////////////////////////////////////////// -// CKrbDomainRealmMaintenance dialog - -class CKrbDomainRealmMaintenance : public CPropertyPage -{ -// Construction -private: - BOOL m_dupEntiesError; - BOOL CheckForDupDomain(CString& newDomainHost); - -public: - CKrbDomainRealmMaintenance(CWnd* pParent = NULL); // standard constructor - -// Dialog Data - //{{AFX_DATA(CKrbDomainRealmMaintenance) - enum { IDD = IDD_KRB_DOMAINREALM_MAINT }; - CListBox m_KDCDomainList; - //}}AFX_DATA - - -// Overrides - // ClassWizard generated virtual function overrides - //{{AFX_VIRTUAL(CKrbDomainRealmMaintenance) - public: - virtual BOOL PreTranslateMessage(MSG* pMsg); - protected: - virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support - //}}AFX_VIRTUAL - -// Implementation -protected: - - // Generated message map functions - //{{AFX_MSG(CKrbDomainRealmMaintenance) - virtual void OnCancel(); - virtual BOOL OnApply(); - virtual BOOL OnInitDialog(); - afx_msg void OnButtonHostAdd(); - afx_msg void OnButtonHostEdit(); - afx_msg void OnButtonHostRemove(); - afx_msg void OnDblclkListDomainrealm(); - afx_msg void OnButtonHostmaintHelp(); - //}}AFX_MSG - DECLARE_MESSAGE_MAP() -}; - -//{{AFX_INSERT_LOCATION}} -// Microsoft Visual C++ will insert additional declarations immediately before the previous line. - -#endif // !defined(AFX_KRBDOMAINREALMMAINTENANCE_H__6DB290A6_E14D_11D2_95CE_0000861B8A3C__INCLUDED_) diff -Nru krb5-1.16.2/src/windows/leash/KrbEditHostServer.cpp krb5-1.17/src/windows/leash/KrbEditHostServer.cpp --- krb5-1.16.2/src/windows/leash/KrbEditHostServer.cpp 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/KrbEditHostServer.cpp 1970-01-01 00:00:00.000000000 +0000 @@ -1,97 +0,0 @@ -// ************************************************************************************** -// File: KrbEditHostServer.cpp -// By: Arthur David Leather -// Created: 12/02/98 -// Copyright @1998 Massachusetts Institute of Technology - All rights reserved. -// Description: CPP file for KrbEditHostServer.h. Contains variables and functions -// for Kerberos Four and Five Properties -// -// History: -// -// MM/DD/YY Inits Description of Change -// 12/02/98 ADL Original -// ************************************************************************************** - - -#include "stdafx.h" -#include "leash.h" -#include "Krb4Properties.h" -#include "KrbEditHostServer.h" -#include "lglobals.h" - -#ifdef _DEBUG -#define new DEBUG_NEW -#undef THIS_FILE -static char THIS_FILE[] = __FILE__; -#endif - -///////////////////////////////////////////////////////////////////////////// -// CKrbEditHostServer dialog - -CKrbEditHostServer::CKrbEditHostServer(CString& editItem, CWnd* pParent) - : CDialog(CKrbEditHostServer::IDD, pParent) -{ - m_startup = TRUE; - m_newHost = editItem; - - //{{AFX_DATA_INIT(CKrbEditHostServer) - // NOTE: the ClassWizard will add member initialization here - //}}AFX_DATA_INIT -} - -void CKrbEditHostServer::DoDataExchange(CDataExchange* pDX) -{ - CDialog::DoDataExchange(pDX); - //{{AFX_DATA_MAP(CKrbEditHostServer) - // NOTE: the ClassWizard will add DDX and DDV calls here - //}}AFX_DATA_MAP -} - - -BEGIN_MESSAGE_MAP(CKrbEditHostServer, CDialog) - //{{AFX_MSG_MAP(CKrbEditHostServer) - ON_WM_SHOWWINDOW() - ON_EN_CHANGE(IDC_EDIT_KDC_HOST, OnChangeEditKdcHost) - //}}AFX_MSG_MAP -END_MESSAGE_MAP() - -///////////////////////////////////////////////////////////////////////////// -// CKrbEditHostServer message handlers - -BOOL CKrbEditHostServer::OnInitDialog() -{ - CDialog::OnInitDialog(); - - SetDlgItemText(IDC_EDIT_KDC_HOST, m_newHost); - return TRUE; -} - -void CKrbEditHostServer::OnShowWindow(BOOL bShow, UINT nStatus) -{ - CDialog::OnShowWindow(bShow, nStatus); - m_startup = FALSE; -} - -void CKrbEditHostServer::OnChangeEditKdcHost() -{ - if (!m_startup) - GetDlgItemText(IDC_EDIT_KDC_HOST, m_newHost); -} - -void CKrbEditHostServer::OnOK() -{ - m_newHost.TrimLeft(); - m_newHost.TrimRight(); - - if (m_newHost.IsEmpty()) - { // stay - MessageBox("OnOK::The Server field must be filled in!", - "Error", MB_OK); - } - else if (-1 != m_newHost.Find(' ')) - { // stay - MessageBox("OnOK::Illegal space found!", "Error", MB_OK); - } - else - CDialog::OnOK(); // exit -} diff -Nru krb5-1.16.2/src/windows/leash/KrbEditHostServer.h krb5-1.17/src/windows/leash/KrbEditHostServer.h --- krb5-1.16.2/src/windows/leash/KrbEditHostServer.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/KrbEditHostServer.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,69 +0,0 @@ -// ************************************************************************************** -// File: KrbEditHostServer.h -// By: Arthur David Leather -// Created: 12/02/98 -// Copyright @1998 Massachusetts Institute of Technology - All rights reserved. -// Description: H file for KrbEditHostServer.cpp. Contains variables and functions -// for Kerberos Four and Five Properties -// -// History: -// -// MM/DD/YY Inits Description of Change -// 12/02/98 ADL Original -// ************************************************************************************** - - - -#if !defined(AFX_EDITHOST_H__26A1E1F7_9117_11D2_94D0_0000861B8A3C__INCLUDED_) -#define AFX_EDITHOST_H__26A1E1F7_9117_11D2_94D0_0000861B8A3C__INCLUDED_ - -#if _MSC_VER > 1000 -#pragma once -#endif // _MSC_VER > 1000 -// EditRealmHostList.h : header file -// - -///////////////////////////////////////////////////////////////////////////// -// CKrbEditHostServer dialog - -class CKrbEditHostServer : public CDialog -{ -// Construction -private: - CString m_newHost; - BOOL m_startup; - -public: - CKrbEditHostServer(CString& editItem, CWnd* pParent = NULL); - CString GetEditedItem() {return m_newHost;} - -// Dialog Data - //{{AFX_DATA(CKrbEditHostServer) - enum { IDD = IDD_KRB_EDIT_KDC_HOSTSERVER }; - //}}AFX_DATA - - -// Overrides - // ClassWizard generated virtual function overrides - //{{AFX_VIRTUAL(CKrbEditHostServer) - protected: - virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support - //}}AFX_VIRTUAL - -// Implementation -protected: - - // Generated message map functions - //{{AFX_MSG(CKrbEditHostServer) - afx_msg void OnShowWindow(BOOL bShow, UINT nStatus); - virtual void OnOK(); - virtual BOOL OnInitDialog(); - afx_msg void OnChangeEditKdcHost(); - //}}AFX_MSG - DECLARE_MESSAGE_MAP() -}; - -//{{AFX_INSERT_LOCATION}} -// Microsoft Visual C++ will insert additional declarations immediately before the previous line. - -#endif // !defined(AFX_EDITHOST_H__26A1E1F7_9117_11D2_94D0_0000861B8A3C__INCLUDED_) diff -Nru krb5-1.16.2/src/windows/leash/KrbEditRealm.cpp krb5-1.17/src/windows/leash/KrbEditRealm.cpp --- krb5-1.16.2/src/windows/leash/KrbEditRealm.cpp 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/KrbEditRealm.cpp 1970-01-01 00:00:00.000000000 +0000 @@ -1,99 +0,0 @@ -// ************************************************************************************** -// File: KrbEditRealm.cpp -// By: Arthur David Leather -// Created: 12/02/98 -// Copyright @1998 Massachusetts Institute of Technology - All rights reserved. -// Description: CPP file for KrbEditRealm.h. Contains variables and functions -// for Kerberos Four and Five Properties -// -// History: -// -// MM/DD/YY Inits Description of Change -// 12/02/98 ADL Original -// ************************************************************************************** - - -#include "stdafx.h" -#include "leash.h" -#include "Krb4Properties.h" -#include "KrbEditRealm.h" -#include "lglobals.h" - -#ifdef _DEBUG -#define new DEBUG_NEW -#undef THIS_FILE -static char THIS_FILE[] = __FILE__; -#endif - -///////////////////////////////////////////////////////////////////////////// -// CKrbEditRealm dialog - -CKrbEditRealm::CKrbEditRealm(CString& editItem, CWnd* pParent) - : CDialog(CKrbEditRealm::IDD, pParent) -{ - m_startup = TRUE; - m_newRealm = editItem; - - - //{{AFX_DATA_INIT(CKrbEditRealm) - // NOTE: the ClassWizard will add member initialization here - //}}AFX_DATA_INIT -} - -void CKrbEditRealm::DoDataExchange(CDataExchange* pDX) -{ - CDialog::DoDataExchange(pDX); - //{{AFX_DATA_MAP(CKrbEditRealm) - // NOTE: the ClassWizard will add DDX and DDV calls here - //}}AFX_DATA_MAP -} - - -BEGIN_MESSAGE_MAP(CKrbEditRealm, CDialog) - //{{AFX_MSG_MAP(CKrbEditRealm) - ON_WM_SHOWWINDOW() - ON_EN_CHANGE(IDC_EDIT_REALM, OnChangeEditRealm) - //}}AFX_MSG_MAP -END_MESSAGE_MAP() - -///////////////////////////////////////////////////////////////////////////// -// CKrbEditRealm message handlers - -BOOL CKrbEditRealm::OnInitDialog() -{ - CDialog::OnInitDialog(); - - SetDlgItemText(IDC_EDIT_REALM, m_newRealm); - - return TRUE; -} - -void CKrbEditRealm::OnShowWindow(BOOL bShow, UINT nStatus) -{ - CDialog::OnShowWindow(bShow, nStatus); - m_startup = FALSE; -} - -void CKrbEditRealm::OnChangeEditRealm() -{ - if (!m_startup) - GetDlgItemText(IDC_EDIT_REALM, m_newRealm); -} - -void CKrbEditRealm::OnOK() -{ - m_newRealm.TrimLeft(); - m_newRealm.TrimRight(); - - if (m_newRealm.IsEmpty()) - { // stay - MessageBox("OnOK::The Realm field must be filled in!", - "Leash", MB_OK); - } - else if (-1 != m_newRealm.Find(' ')) - { // stay - MessageBox("OnOK::Illegal space found!", "Leash", MB_OK); - } - else - CDialog::OnOK(); // exit -} diff -Nru krb5-1.16.2/src/windows/leash/KrbEditRealm.h krb5-1.17/src/windows/leash/KrbEditRealm.h --- krb5-1.16.2/src/windows/leash/KrbEditRealm.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/KrbEditRealm.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,75 +0,0 @@ -// ************************************************************************************** -// File: KrbEditRealm.h -// By: Arthur David Leather -// Created: 12/02/98 -// Copyright @1998 Massachusetts Institute of Technology - All rights reserved. -// Description: H file for Krb4EditRealmHostList.cpp. Contains variables and functions -// for Kerberos Four Properties -// -// History: -// -// MM/DD/YY Inits Description of Change -// 12/02/98 ADL Original -// ************************************************************************************** - - - -#if !defined(AFX_EDITREALMHOSTLIST_H__26A1E1F7_9117_11D2_94D0_0000861B8A3C__INCLUDED_) -#define AFX_EDITREALMHOSTLIST_H__26A1E1F7_9117_11D2_94D0_0000861B8A3C__INCLUDED_ - -#if _MSC_VER > 1000 -#pragma once -#endif // _MSC_VER > 1000 -// EditRealmHostList.h : header file -// - -///////////////////////////////////////////////////////////////////////////// -// CKrbEditRealm dialog - -class CKrbEditRealm : public CDialog -{ -// Construction -private: - //CString m_editItem; - //CString m_initRealm; - CString m_newRealm; - //CString m_initHost; - //CString m_newHost; - //BOOL m_initAdmin; - //BOOL m_newAdmin; - BOOL m_startup; - -public: - CKrbEditRealm(CString& editItem, CWnd* pParent = NULL); - CString GetEditedItem() {return m_newRealm;} - -// Dialog Data - //{{AFX_DATA(CKrbEditRealm) - enum { IDD = IDD_KRB_EDIT_REALM }; - //}}AFX_DATA - - -// Overrides - // ClassWizard generated virtual function overrides - //{{AFX_VIRTUAL(CKrbEditRealm) - protected: - virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support - //}}AFX_VIRTUAL - -// Implementation -protected: - - // Generated message map functions - //{{AFX_MSG(CKrbEditRealm) - afx_msg void OnShowWindow(BOOL bShow, UINT nStatus); - afx_msg void OnChangeEditRealm(); - virtual void OnOK(); - virtual BOOL OnInitDialog(); - //}}AFX_MSG - DECLARE_MESSAGE_MAP() -}; - -//{{AFX_INSERT_LOCATION}} -// Microsoft Visual C++ will insert additional declarations immediately before the previous line. - -#endif // !defined(AFX_EDITREALMHOSTLIST_H__26A1E1F7_9117_11D2_94D0_0000861B8A3C__INCLUDED_) diff -Nru krb5-1.16.2/src/windows/leash/KrbMiscConfigOpt.cpp krb5-1.17/src/windows/leash/KrbMiscConfigOpt.cpp --- krb5-1.16.2/src/windows/leash/KrbMiscConfigOpt.cpp 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/KrbMiscConfigOpt.cpp 1970-01-01 00:00:00.000000000 +0000 @@ -1,1020 +0,0 @@ -//***************************************************************************** -// File: KrbMiscConfigOpt.cpp -// By: Paul B. Hill -// Created: 08/12/1999 -// Copyright: @1999 Massachusetts Institute of Technology - All rights -// reserved. -// Description: CPP file for KrbMiscConfigOpt.cpp. Contains variables -// and functions for Kerberos Properties. -// -// History: -// -// MM/DD/YY Inits Description of Change -// 08/12/99 PBH Original -//***************************************************************************** - -#include "stdafx.h" -#include "Leash.h" -#include "KrbProperties.h" -#include "KrbMiscConfigOpt.h" -#include "LeashFileDialog.h" -#include "LeashMessageBox.h" -#include "lglobals.h" -#include -#include "reminder.h" - -#ifdef _DEBUG -#define new DEBUG_NEW -#undef THIS_FILE -static char THIS_FILE[] = __FILE__; -#endif - - -/////////////////////////////////////////////////////////////////////// -// CKrbMiscConfigOpt property page - -UINT CKrbMiscConfigOpt::m_DefaultLifeTime; -CString CKrbMiscConfigOpt::m_initDefaultLifeTimeMin; -CString CKrbMiscConfigOpt::m_newDefaultLifeTimeMin; -CEdit CKrbMiscConfigOpt::m_krbLifeTimeMinEditbox; -CString CKrbMiscConfigOpt::m_initDefaultLifeTimeHr; -CString CKrbMiscConfigOpt::m_newDefaultLifeTimeHr; -CEdit CKrbMiscConfigOpt::m_krbLifeTimeHrEditbox; -CString CKrbMiscConfigOpt::m_initDefaultLifeTimeDay; -CString CKrbMiscConfigOpt::m_newDefaultLifeTimeDay; -CEdit CKrbMiscConfigOpt::m_krbLifeTimeDayEditbox; - -UINT CKrbMiscConfigOpt::m_DefaultRenewTill; -CString CKrbMiscConfigOpt::m_initDefaultRenewTillMin; -CString CKrbMiscConfigOpt::m_newDefaultRenewTillMin; -CEdit CKrbMiscConfigOpt::m_krbRenewTillMinEditbox; -CString CKrbMiscConfigOpt::m_initDefaultRenewTillHr; -CString CKrbMiscConfigOpt::m_newDefaultRenewTillHr; -CEdit CKrbMiscConfigOpt::m_krbRenewTillHrEditbox; -CString CKrbMiscConfigOpt::m_initDefaultRenewTillDay; -CString CKrbMiscConfigOpt::m_newDefaultRenewTillDay; -CEdit CKrbMiscConfigOpt::m_krbRenewTillDayEditbox; - -UINT CKrbMiscConfigOpt::m_DefaultLifeMin; -CString CKrbMiscConfigOpt::m_initDefaultLifeMinMin; -CString CKrbMiscConfigOpt::m_newDefaultLifeMinMin; -CEdit CKrbMiscConfigOpt::m_krbLifeMinMinEditbox; -CString CKrbMiscConfigOpt::m_initDefaultLifeMinHr; -CString CKrbMiscConfigOpt::m_newDefaultLifeMinHr; -CEdit CKrbMiscConfigOpt::m_krbLifeMinHrEditbox; -CString CKrbMiscConfigOpt::m_initDefaultLifeMinDay; -CString CKrbMiscConfigOpt::m_newDefaultLifeMinDay; -CEdit CKrbMiscConfigOpt::m_krbLifeMinDayEditbox; - -UINT CKrbMiscConfigOpt::m_DefaultLifeMax; -CString CKrbMiscConfigOpt::m_initDefaultLifeMaxMin; -CString CKrbMiscConfigOpt::m_newDefaultLifeMaxMin; -CEdit CKrbMiscConfigOpt::m_krbLifeMaxMinEditbox; -CString CKrbMiscConfigOpt::m_initDefaultLifeMaxHr; -CString CKrbMiscConfigOpt::m_newDefaultLifeMaxHr; -CEdit CKrbMiscConfigOpt::m_krbLifeMaxHrEditbox; -CString CKrbMiscConfigOpt::m_initDefaultLifeMaxDay; -CString CKrbMiscConfigOpt::m_newDefaultLifeMaxDay; -CEdit CKrbMiscConfigOpt::m_krbLifeMaxDayEditbox; - -UINT CKrbMiscConfigOpt::m_DefaultRenewMin; -CString CKrbMiscConfigOpt::m_initDefaultRenewMinMin; -CString CKrbMiscConfigOpt::m_newDefaultRenewMinMin; -CEdit CKrbMiscConfigOpt::m_krbRenewMinMinEditbox; -CString CKrbMiscConfigOpt::m_initDefaultRenewMinHr; -CString CKrbMiscConfigOpt::m_newDefaultRenewMinHr; -CEdit CKrbMiscConfigOpt::m_krbRenewMinHrEditbox; -CString CKrbMiscConfigOpt::m_initDefaultRenewMinDay; -CString CKrbMiscConfigOpt::m_newDefaultRenewMinDay; -CEdit CKrbMiscConfigOpt::m_krbRenewMinDayEditbox; - -UINT CKrbMiscConfigOpt::m_DefaultRenewMax; -CString CKrbMiscConfigOpt::m_initDefaultRenewMaxMin; -CString CKrbMiscConfigOpt::m_newDefaultRenewMaxMin; -CEdit CKrbMiscConfigOpt::m_krbRenewMaxMinEditbox; -CString CKrbMiscConfigOpt::m_initDefaultRenewMaxHr; -CString CKrbMiscConfigOpt::m_newDefaultRenewMaxHr; -CEdit CKrbMiscConfigOpt::m_krbRenewMaxHrEditbox; -CString CKrbMiscConfigOpt::m_initDefaultRenewMaxDay; -CString CKrbMiscConfigOpt::m_newDefaultRenewMaxDay; -CEdit CKrbMiscConfigOpt::m_krbRenewMaxDayEditbox; - - -IMPLEMENT_DYNCREATE(CKrbMiscConfigOpt, CPropertyPage) - -CKrbMiscConfigOpt::CKrbMiscConfigOpt() : CPropertyPage(CKrbMiscConfigOpt::IDD) -{ - m_noLifeTime = FALSE; - - m_DefaultLifeTime = 0; - m_DefaultRenewTill = 0; - m_DefaultLifeMin = 0; - m_DefaultLifeMax = 0; - m_DefaultRenewMin = 0; - m_DefaultRenewMax = 0; - m_initUseKrb4 = m_newUseKrb4 = 0; - m_initKinitPreserve = m_newKinitPreserve = 0; - - //{{AFX_DATA_INIT(CKrbConfigOptions) - //}}AFX_DATA_INIT -} - -CKrbMiscConfigOpt::~CKrbMiscConfigOpt() -{ -} - -VOID CKrbMiscConfigOpt::DoDataExchange(CDataExchange* pDX) -{ - TRACE("Entering CKrbMiscConfigOpt::DoDataExchange -- %d\n", - pDX->m_bSaveAndValidate); - CPropertyPage::DoDataExchange(pDX); - //{{AFX_DATA_MAP(CKrbMscConfigOpt) - - DDX_Control(pDX, IDC_EDIT_LIFETIME_D, m_krbLifeTimeDayEditbox); - DDX_Control(pDX, IDC_EDIT_LIFETIME_H, m_krbLifeTimeHrEditbox); - DDX_Control(pDX, IDC_EDIT_LIFETIME_M, m_krbLifeTimeMinEditbox); - DDX_Control(pDX, IDC_EDIT_RENEWTILL_D, m_krbRenewTillDayEditbox); - DDX_Control(pDX, IDC_EDIT_RENEWTILL_H, m_krbRenewTillHrEditbox); - DDX_Control(pDX, IDC_EDIT_RENEWTILL_M, m_krbRenewTillMinEditbox); - DDX_Control(pDX, IDC_EDIT_LIFE_MIN_D, m_krbLifeMinDayEditbox); - DDX_Control(pDX, IDC_EDIT_LIFE_MIN_H, m_krbLifeMinHrEditbox); - DDX_Control(pDX, IDC_EDIT_LIFE_MIN_M, m_krbLifeMinMinEditbox); - DDX_Control(pDX, IDC_EDIT_LIFE_MAX_D, m_krbLifeMaxDayEditbox); - DDX_Control(pDX, IDC_EDIT_LIFE_MAX_H, m_krbLifeMaxHrEditbox); - DDX_Control(pDX, IDC_EDIT_LIFE_MAX_M, m_krbLifeMaxMinEditbox); - DDX_Control(pDX, IDC_EDIT_RENEW_MIN_D, m_krbRenewMinDayEditbox); - DDX_Control(pDX, IDC_EDIT_RENEW_MIN_H, m_krbRenewMinHrEditbox); - DDX_Control(pDX, IDC_EDIT_RENEW_MIN_M, m_krbRenewMinMinEditbox); - DDX_Control(pDX, IDC_EDIT_RENEW_MAX_D, m_krbRenewMaxDayEditbox); - DDX_Control(pDX, IDC_EDIT_RENEW_MAX_H, m_krbRenewMaxHrEditbox); - DDX_Control(pDX, IDC_EDIT_RENEW_MAX_M, m_krbRenewMaxMinEditbox); - //}}AFX_DATA_MAP -} - - -BOOL CKrbMiscConfigOpt::OnInitDialog() -{ - CPropertyPage::OnInitDialog(); - - DWORD tmp = m_DefaultLifeTime = pLeash_get_default_lifetime(); - if (tmp) - m_noLifeTime = FALSE; // We now have the value. - else - m_noLifeTime = TRUE; - - LPTSTR buf = m_initDefaultLifeTimeDay.GetBuffer(80); - _itoa(tmp/24/60, buf, 10); - tmp %= (24 * 60); - m_initDefaultLifeTimeDay.ReleaseBuffer(); - m_newDefaultLifeTimeDay = m_initDefaultLifeTimeDay; - - buf = m_initDefaultLifeTimeHr.GetBuffer(80); - _itoa(tmp/60, buf, 10); - tmp %= 60; - m_initDefaultLifeTimeHr.ReleaseBuffer(); - m_newDefaultLifeTimeHr = m_initDefaultLifeTimeHr; - - buf = m_initDefaultLifeTimeMin.GetBuffer(80); - _itoa(tmp, buf, 10); - m_initDefaultLifeTimeMin.ReleaseBuffer(); - m_newDefaultLifeTimeMin = m_initDefaultLifeTimeMin; - - tmp = m_DefaultRenewTill = pLeash_get_default_renew_till(); - buf = m_initDefaultRenewTillDay.GetBuffer(80); - _itoa(tmp/24/60, buf, 10); - tmp %= (24 * 60); - m_initDefaultRenewTillDay.ReleaseBuffer(); - m_newDefaultRenewTillDay = m_initDefaultRenewTillDay; - - buf = m_initDefaultRenewTillHr.GetBuffer(80); - _itoa(tmp/60, buf, 10); - tmp %= 60; - m_initDefaultRenewTillHr.ReleaseBuffer(); - m_newDefaultRenewTillHr = m_initDefaultRenewTillHr; - - buf = m_initDefaultRenewTillMin.GetBuffer(80); - _itoa(tmp, buf, 10); - m_initDefaultRenewTillMin.ReleaseBuffer(); - m_newDefaultRenewTillMin = m_initDefaultRenewTillMin; - - tmp = m_DefaultLifeMin = pLeash_get_default_life_min(); - buf = m_initDefaultLifeMinDay.GetBuffer(80); - _itoa(tmp/24/60, buf, 10); - tmp %= (24 * 60); - m_initDefaultLifeMinDay.ReleaseBuffer(); - m_newDefaultLifeMinDay = m_initDefaultLifeMinDay; - - buf = m_initDefaultLifeMinHr.GetBuffer(80); - _itoa(tmp/60, buf, 10); - tmp %= 60; - m_initDefaultLifeMinHr.ReleaseBuffer(); - m_newDefaultLifeMinHr = m_initDefaultLifeMinHr; - - buf = m_initDefaultLifeMinMin.GetBuffer(80); - _itoa(tmp, buf, 10); - m_initDefaultLifeMinMin.ReleaseBuffer(); - m_newDefaultLifeMinMin = m_initDefaultLifeMinMin; - - tmp = m_DefaultLifeMax = pLeash_get_default_life_max(); - buf = m_initDefaultLifeMaxDay.GetBuffer(80); - _itoa(tmp/24/60, buf, 10); - tmp %= (24 * 60); - m_initDefaultLifeMaxDay.ReleaseBuffer(); - m_newDefaultLifeMaxDay = m_initDefaultLifeMaxDay; - - buf = m_initDefaultLifeMaxHr.GetBuffer(80); - _itoa(tmp/60, buf, 10); - tmp %= 60; - m_initDefaultLifeMaxHr.ReleaseBuffer(); - m_newDefaultLifeMaxHr = m_initDefaultLifeMaxHr; - - buf = m_initDefaultLifeMaxMin.GetBuffer(80); - _itoa(tmp, buf, 10); - m_initDefaultLifeMaxMin.ReleaseBuffer(); - m_newDefaultLifeMaxMin = m_initDefaultLifeMaxMin; - - tmp = m_DefaultRenewMin = pLeash_get_default_renew_min(); - buf = m_initDefaultRenewMinDay.GetBuffer(80); - _itoa(tmp/24/60, buf, 10); - tmp %= (24 * 60); - m_initDefaultRenewMinDay.ReleaseBuffer(); - m_newDefaultRenewMinDay = m_initDefaultRenewMinDay; - - buf = m_initDefaultRenewMinHr.GetBuffer(80); - _itoa(tmp/60, buf, 10); - tmp %= 60; - m_initDefaultRenewMinHr.ReleaseBuffer(); - m_newDefaultRenewMinHr = m_initDefaultRenewMinHr; - - buf = m_initDefaultRenewMinMin.GetBuffer(80); - _itoa(tmp, buf, 10); - m_initDefaultRenewMinMin.ReleaseBuffer(); - m_newDefaultRenewMinMin = m_initDefaultRenewMinMin; - - tmp = m_DefaultRenewMax = pLeash_get_default_renew_max(); - buf = m_initDefaultRenewMaxDay.GetBuffer(80); - _itoa(tmp/24/60, buf, 10); - tmp %= (24 * 60); - m_initDefaultRenewMaxDay.ReleaseBuffer(); - m_newDefaultRenewMaxDay = m_initDefaultRenewMaxDay; - - buf = m_initDefaultRenewMaxHr.GetBuffer(80); - _itoa(tmp/60, buf, 10); - tmp %= 60; - m_initDefaultRenewMaxHr.ReleaseBuffer(); - m_newDefaultRenewMaxHr = m_initDefaultRenewMaxHr; - - buf = m_initDefaultRenewMaxMin.GetBuffer(80); - _itoa(tmp, buf, 10); - m_initDefaultRenewMaxMin.ReleaseBuffer(); - m_newDefaultRenewMaxMin = m_initDefaultRenewMaxMin; - - if (!CLeashApp::m_hKrb5DLL) - { - GetDlgItem(IDC_EDIT_RENEWTILL_D)->EnableWindow(FALSE); - GetDlgItem(IDC_EDIT_RENEWTILL_H)->EnableWindow(FALSE); - GetDlgItem(IDC_EDIT_RENEWTILL_M)->EnableWindow(FALSE); - GetDlgItem(IDC_EDIT_RENEW_MIN_D)->EnableWindow(FALSE); - GetDlgItem(IDC_EDIT_RENEW_MIN_H)->EnableWindow(FALSE); - GetDlgItem(IDC_EDIT_RENEW_MIN_M)->EnableWindow(FALSE); - GetDlgItem(IDC_EDIT_RENEW_MAX_D)->EnableWindow(FALSE); - GetDlgItem(IDC_EDIT_RENEW_MAX_H)->EnableWindow(FALSE); - GetDlgItem(IDC_EDIT_RENEW_MAX_M)->EnableWindow(FALSE); - } - -#ifndef NO_KRB4 - m_initUseKrb4 = m_newUseKrb4 = (CLeashApp::m_hKrb4DLL ? pLeash_get_default_use_krb4() : 0); - CheckDlgButton(IDC_CHECK_REQUEST_KRB4, m_initUseKrb4); - if ( !CLeashApp::m_hKrb4DLL ) - GetDlgItem(IDC_CHECK_REQUEST_KRB4)->EnableWindow(FALSE); -#else -////Or remove these completely? - m_initUseKrb4 = m_newUseKrb4 = 0; - CheckDlgButton(IDC_CHECK_REQUEST_KRB4, 0); - GetDlgItem(IDC_CHECK_REQUEST_KRB4)->EnableWindow(FALSE); -#endif - - m_initKinitPreserve = m_newKinitPreserve = pLeash_get_default_preserve_kinit_settings(); - CheckDlgButton(IDC_CHECK_PRESERVE_KINIT_OPTIONS, m_initKinitPreserve); - - return(TRUE); -} - -BOOL CKrbMiscConfigOpt::OnApply() -{ - DWORD lifetime = ((atoi(m_newDefaultLifeTimeDay)*24 + atoi(m_newDefaultLifeTimeHr)) * 60) + atoi(m_newDefaultLifeTimeMin); - DWORD renewtill = ((atoi(m_newDefaultRenewTillDay)*24 + atoi(m_newDefaultRenewTillHr)) * 60) + atoi(m_newDefaultRenewTillMin); - DWORD lifemin = ((atoi(m_newDefaultLifeMinDay)*24 + atoi(m_newDefaultLifeMinHr)) * 60) + atoi(m_newDefaultLifeMinMin); - DWORD lifemax = ((atoi(m_newDefaultLifeMaxDay)*24 + atoi(m_newDefaultLifeMaxHr)) * 60) + atoi(m_newDefaultLifeMaxMin); - DWORD renewmin = ((atoi(m_newDefaultRenewMinDay)*24 + atoi(m_newDefaultRenewMinHr)) * 60) + atoi(m_newDefaultRenewMinMin); - DWORD renewmax = ((atoi(m_newDefaultRenewMaxDay)*24 + atoi(m_newDefaultRenewMaxHr)) * 60) + atoi(m_newDefaultRenewMaxMin); - - // If no changes were made, quit this function - if ( m_DefaultLifeTime == lifetime && - m_DefaultRenewTill == renewtill && - m_DefaultLifeMin == lifemin && - m_DefaultLifeMax == lifemax && - m_DefaultRenewMin == renewmin && - m_DefaultRenewMax == renewmax && - m_initUseKrb4 == m_newUseKrb4 && - m_initKinitPreserve == m_newKinitPreserve - ) - return TRUE; - - if ( lifemin > lifemax ) { - MessageBox("The Minimum Ticket Lifetime must be less than the Maximum Ticket Lifetime.", - "Leash", MB_OK); - return(FALSE); - } - - if (lifetime < lifemin || lifetime > lifemax) { - MessageBox("The default Ticket Lifetime must fall within the range specified by the " - "Minimum and Maximum Ticket Lifetime fields", - "Leash", MB_OK); - return(FALSE); - } - - if ( CLeashApp::m_hKrb5DLL && (renewmin > renewmax) ) { - MessageBox("The Minimum Ticket Renewable Lifetime must be less than the Maximum Ticket Renewable Lifetime.", - "Leash", MB_OK); - return(FALSE); - } - - if ( CLeashApp::m_hKrb5DLL && (renewmin < lifemin) ) { - MessageBox("The Minimum Renewable Ticket Lifetime must not be smaller than the Minimum Ticket Lifetime.", - "Leash", MB_OK); - } - - if ( CLeashApp::m_hKrb5DLL && (renewtill < renewmin || renewtill > renewmax) ) { - MessageBox("The default Renewable Ticket Lifetime must fall within the range specified by the " - "Minimum and Maximum Renewable Ticket Lifetime fields", - "Leash", MB_OK); - return(FALSE); - } - - m_DefaultLifeMin = lifemin; - pLeash_set_default_life_min(m_DefaultLifeMin); - m_initDefaultLifeMinDay = m_newDefaultLifeMinDay; - m_initDefaultLifeMinHr = m_newDefaultLifeMinHr ; - m_initDefaultLifeMinMin = m_newDefaultLifeMinMin; - - m_DefaultLifeMax = lifemax; - pLeash_set_default_life_max(m_DefaultLifeMax); - m_initDefaultLifeMaxDay = m_newDefaultLifeMaxDay; - m_initDefaultLifeMaxHr = m_newDefaultLifeMaxHr ; - m_initDefaultLifeMaxMin = m_newDefaultLifeMaxMin; - - m_DefaultRenewMin = renewmin; - pLeash_set_default_renew_min(m_DefaultRenewMin); - m_initDefaultRenewMinDay = m_newDefaultRenewMinDay; - m_initDefaultRenewMinHr = m_newDefaultRenewMinHr ; - m_initDefaultRenewMinMin = m_newDefaultRenewMinMin; - - m_DefaultRenewMax = renewmax; - pLeash_set_default_renew_max(m_DefaultRenewMax); - m_initDefaultRenewMaxDay = m_newDefaultRenewMaxDay; - m_initDefaultRenewMaxHr = m_newDefaultRenewMaxHr ; - m_initDefaultRenewMaxMin = m_newDefaultRenewMaxMin; - - m_DefaultRenewTill = renewtill; - pLeash_set_default_renew_till(m_DefaultRenewTill); - m_initDefaultRenewTillDay = m_newDefaultRenewTillDay; - m_initDefaultRenewTillHr = m_newDefaultRenewTillHr ; - m_initDefaultRenewTillMin = m_newDefaultRenewTillMin; - - if( getenv("LIFETIME") != NULL) - { - MessageBox("The ticket lifetime is being controlled by the environment " - "variable LIFETIME instead of the registry. Leash cannot modify " - "the environment. Use the System control panel instead.", - "Leash", MB_OK); - return(FALSE); - } - - m_DefaultLifeTime = lifetime; - pLeash_set_default_lifetime(m_DefaultLifeTime); - m_initDefaultLifeTimeDay = m_newDefaultLifeTimeDay; - m_initDefaultLifeTimeHr = m_newDefaultLifeTimeHr ; - m_initDefaultLifeTimeMin = m_newDefaultLifeTimeMin; - - // If we're using an environment variable tell the user that we - // can't use Leash to modify the value. - - if (!m_DefaultLifeTime) - { - MessageBox("A lifetime setting of 0 is special in that it means that " - "the application is free to pick whatever default it deems " - "appropriate", - "Leash", MB_OK); - } - -#ifndef NO_KRB4 - if ( m_initUseKrb4 != m_newUseKrb4 ) { - pLeash_set_default_use_krb4(m_newUseKrb4); - } -#endif - - if ( m_initKinitPreserve != m_newKinitPreserve ) { - pLeash_set_default_preserve_kinit_settings(m_newKinitPreserve); - } - - return TRUE; -} - -void CKrbMiscConfigOpt::OnSelchangeEditDefaultLifeTime() -{ - static int in_progress = 0; - if (!in_progress && !m_startupPage2) - { - in_progress = 1; - GetDlgItemText(IDC_EDIT_LIFETIME_D, m_newDefaultLifeTimeDay); - GetDlgItemText(IDC_EDIT_LIFETIME_H, m_newDefaultLifeTimeHr); - GetDlgItemText(IDC_EDIT_LIFETIME_M, m_newDefaultLifeTimeMin); - DWORD value = (((atoi(m_newDefaultLifeTimeDay)*24 + atoi(m_newDefaultLifeTimeHr)) * 60) + atoi(m_newDefaultLifeTimeMin)); - LPSTR buf = m_newDefaultLifeTimeDay.GetBuffer(80); - _itoa(value/24/60, buf, 10); - value %= (24 * 60); - m_newDefaultLifeTimeDay.ReleaseBuffer(); - buf = m_newDefaultLifeTimeHr.GetBuffer(80); - _itoa(value/60, buf, 10); - value %= 60; - m_newDefaultLifeTimeHr.ReleaseBuffer(); - buf = m_newDefaultLifeTimeMin.GetBuffer(80); - _itoa(value, buf, 10); - m_newDefaultLifeTimeMin.ReleaseBuffer(); - SetDlgItemText(IDC_EDIT_LIFETIME_D, m_newDefaultLifeTimeDay); - SetDlgItemText(IDC_EDIT_LIFETIME_H, m_newDefaultLifeTimeHr); - SetDlgItemText(IDC_EDIT_LIFETIME_M, m_newDefaultLifeTimeMin); - SetModified(TRUE); - in_progress = 0; - } -} - -void CKrbMiscConfigOpt::OnEditKillfocusEditDefaultLifeTime() -{ - static int in_progress = 0; - if (!in_progress && !m_startupPage2) - { - in_progress = 1; - GetDlgItemText(IDC_EDIT_LIFETIME_D, m_newDefaultLifeTimeDay); - GetDlgItemText(IDC_EDIT_LIFETIME_H, m_newDefaultLifeTimeHr); - GetDlgItemText(IDC_EDIT_LIFETIME_M, m_newDefaultLifeTimeMin); - DWORD value = (((atoi(m_newDefaultLifeTimeDay)*24 + atoi(m_newDefaultLifeTimeHr)) * 60) + atoi(m_newDefaultLifeTimeMin)); - LPSTR buf = m_newDefaultLifeTimeDay.GetBuffer(80); - _itoa(value/24/60, buf, 10); - value %= (24 * 60); - m_newDefaultLifeTimeDay.ReleaseBuffer(); - buf = m_newDefaultLifeTimeHr.GetBuffer(80); - _itoa(value/60, buf, 10); - value %= 60; - m_newDefaultLifeTimeHr.ReleaseBuffer(); - buf = m_newDefaultLifeTimeMin.GetBuffer(80); - _itoa(value, buf, 10); - m_newDefaultLifeTimeMin.ReleaseBuffer(); - SetDlgItemText(IDC_EDIT_LIFETIME_D, m_newDefaultLifeTimeDay); - SetDlgItemText(IDC_EDIT_LIFETIME_H, m_newDefaultLifeTimeHr); - SetDlgItemText(IDC_EDIT_LIFETIME_M, m_newDefaultLifeTimeMin); - - SetModified(TRUE); - in_progress = 0; - } -} - -void CKrbMiscConfigOpt::ResetDefaultLifeTimeEditBox() -{ - // Reset Config Tab's Default LifeTime Editbox - - DWORD tmp = m_DefaultLifeTime = pLeash_get_default_lifetime(); - LPSTR buf = m_newDefaultLifeTimeDay.GetBuffer(80); - _itoa(tmp/24/60, buf, 10); - tmp %= (24 * 60); - m_newDefaultLifeTimeDay.ReleaseBuffer(); - buf = m_newDefaultLifeTimeHr.GetBuffer(80); - _itoa(tmp/60, buf, 10); - tmp %= 60; - m_newDefaultLifeTimeHr.ReleaseBuffer(); - buf = m_newDefaultLifeTimeMin.GetBuffer(80); - _itoa(tmp, buf, 10); - m_newDefaultLifeTimeMin.ReleaseBuffer(); - - ::SetDlgItemText(::GetForegroundWindow(), IDC_EDIT_LIFETIME_D, m_newDefaultLifeTimeDay); - ::SetDlgItemText(::GetForegroundWindow(), IDC_EDIT_LIFETIME_H, m_newDefaultLifeTimeHr); - ::SetDlgItemText(::GetForegroundWindow(), IDC_EDIT_LIFETIME_M, m_newDefaultLifeTimeMin); -} - - -void CKrbMiscConfigOpt::OnSelchangeEditDefaultRenewTill() -{ - static int in_progress = 0; - if (!in_progress && !m_startupPage2) - { - in_progress = 1; - GetDlgItemText(IDC_EDIT_RENEWTILL_D, m_newDefaultRenewTillDay); - GetDlgItemText(IDC_EDIT_RENEWTILL_H, m_newDefaultRenewTillHr); - GetDlgItemText(IDC_EDIT_RENEWTILL_M, m_newDefaultRenewTillMin); - DWORD value = (((atoi(m_newDefaultRenewTillDay)*24 + atoi(m_newDefaultRenewTillHr)) * 60) + atoi(m_newDefaultRenewTillMin)); - LPSTR buf = m_newDefaultRenewTillDay.GetBuffer(80); - _itoa(value/24/60, buf, 10); - value %= (24 * 60); - m_newDefaultRenewTillDay.ReleaseBuffer(); - buf = m_newDefaultRenewTillHr.GetBuffer(80); - _itoa(value/60, buf, 10); - value %= 60; - m_newDefaultRenewTillHr.ReleaseBuffer(); - buf = m_newDefaultRenewTillMin.GetBuffer(80); - _itoa(value, buf, 10); - m_newDefaultRenewTillMin.ReleaseBuffer(); - SetDlgItemText(IDC_EDIT_RENEWTILL_D, m_newDefaultRenewTillDay); - SetDlgItemText(IDC_EDIT_RENEWTILL_H, m_newDefaultRenewTillHr); - SetDlgItemText(IDC_EDIT_RENEWTILL_M, m_newDefaultRenewTillMin); - SetModified(TRUE); - in_progress = 0; - } -} - -void CKrbMiscConfigOpt::OnEditKillfocusEditDefaultRenewTill() -{ - static int in_progress = 0; - if (!in_progress && !m_startupPage2) - { - in_progress = 1; - GetDlgItemText(IDC_EDIT_RENEWTILL_D, m_newDefaultRenewTillDay); - GetDlgItemText(IDC_EDIT_RENEWTILL_H, m_newDefaultRenewTillHr); - GetDlgItemText(IDC_EDIT_RENEWTILL_M, m_newDefaultRenewTillMin); - DWORD value = (((atoi(m_newDefaultRenewTillDay)*24 + atoi(m_newDefaultRenewTillHr)) * 60) + atoi(m_newDefaultRenewTillMin)); - LPSTR buf = m_newDefaultRenewTillDay.GetBuffer(80); - _itoa(value/24/60, buf, 10); - value %= (24 * 60); - m_newDefaultRenewTillDay.ReleaseBuffer(); - buf = m_newDefaultRenewTillHr.GetBuffer(80); - _itoa(value/60, buf, 10); - value %= 60; - m_newDefaultRenewTillHr.ReleaseBuffer(); - buf = m_newDefaultRenewTillMin.GetBuffer(80); - _itoa(value, buf, 10); - m_newDefaultRenewTillMin.ReleaseBuffer(); - SetDlgItemText(IDC_EDIT_RENEWTILL_D, m_newDefaultRenewTillDay); - SetDlgItemText(IDC_EDIT_RENEWTILL_H, m_newDefaultRenewTillHr); - SetDlgItemText(IDC_EDIT_RENEWTILL_M, m_newDefaultRenewTillMin); - - SetModified(TRUE); - in_progress = 0; - } -} - -void CKrbMiscConfigOpt::ResetDefaultRenewTillEditBox() -{ - // Reset Config Tab's Default RenewTill Editbox - - DWORD tmp = m_DefaultRenewTill = pLeash_get_default_lifetime(); - LPSTR buf = m_newDefaultRenewTillDay.GetBuffer(80); - _itoa(tmp/24/60, buf, 10); - tmp %= (24 * 60); - m_newDefaultRenewTillDay.ReleaseBuffer(); - buf = m_newDefaultRenewTillHr.GetBuffer(80); - _itoa(tmp/60, buf, 10); - tmp %= 60; - m_newDefaultRenewTillHr.ReleaseBuffer(); - buf = m_newDefaultRenewTillMin.GetBuffer(80); - _itoa(tmp, buf, 10); - m_newDefaultRenewTillMin.ReleaseBuffer(); - - ::SetDlgItemText(::GetForegroundWindow(), IDC_EDIT_RENEWTILL_D, m_newDefaultRenewTillDay); - ::SetDlgItemText(::GetForegroundWindow(), IDC_EDIT_RENEWTILL_H, m_newDefaultRenewTillHr); - ::SetDlgItemText(::GetForegroundWindow(), IDC_EDIT_RENEWTILL_M, m_newDefaultRenewTillMin); -} - - -void CKrbMiscConfigOpt::OnSelchangeEditDefaultLifeMin() -{ - static int in_progress = 0; - if (!in_progress && !m_startupPage2) - { - in_progress = 1; - GetDlgItemText(IDC_EDIT_LIFE_MIN_D, m_newDefaultLifeMinDay); - GetDlgItemText(IDC_EDIT_LIFE_MIN_H, m_newDefaultLifeMinHr); - GetDlgItemText(IDC_EDIT_LIFE_MIN_M, m_newDefaultLifeMinMin); - DWORD value = (((atoi(m_newDefaultLifeMinDay)*24 + atoi(m_newDefaultLifeMinHr)) * 60) + atoi(m_newDefaultLifeMinMin)); - LPSTR buf = m_newDefaultLifeMinDay.GetBuffer(80); - _itoa(value/24/60, buf, 10); - value %= (24 * 60); - m_newDefaultLifeMinDay.ReleaseBuffer(); - buf = m_newDefaultLifeMinHr.GetBuffer(80); - _itoa(value/60, buf, 10); - value %= 60; - m_newDefaultLifeMinHr.ReleaseBuffer(); - buf = m_newDefaultLifeMinMin.GetBuffer(80); - _itoa(value, buf, 10); - m_newDefaultLifeMinMin.ReleaseBuffer(); - SetDlgItemText(IDC_EDIT_LIFE_MIN_D, m_newDefaultLifeMinDay); - SetDlgItemText(IDC_EDIT_LIFE_MIN_H, m_newDefaultLifeMinHr); - SetDlgItemText(IDC_EDIT_LIFE_MIN_M, m_newDefaultLifeMinMin); - SetModified(TRUE); - in_progress = 0; - } -} - -void CKrbMiscConfigOpt::OnEditKillfocusEditDefaultLifeMin() -{ - static int in_progress = 0; - if (!in_progress && !m_startupPage2) - { - in_progress = 1; - GetDlgItemText(IDC_EDIT_LIFE_MIN_D, m_newDefaultLifeMinDay); - GetDlgItemText(IDC_EDIT_LIFE_MIN_H, m_newDefaultLifeMinHr); - GetDlgItemText(IDC_EDIT_LIFE_MIN_M, m_newDefaultLifeMinMin); - DWORD value = (((atoi(m_newDefaultLifeMinDay)*24 + atoi(m_newDefaultLifeMinHr)) * 60) + atoi(m_newDefaultLifeMinMin)); - LPSTR buf = m_newDefaultLifeMinDay.GetBuffer(80); - _itoa(value/24/60, buf, 10); - value %= (24 * 60); - m_newDefaultLifeMinDay.ReleaseBuffer(); - buf = m_newDefaultLifeMinHr.GetBuffer(80); - _itoa(value/60, buf, 10); - value %= 60; - m_newDefaultLifeMinHr.ReleaseBuffer(); - buf = m_newDefaultLifeMinMin.GetBuffer(80); - _itoa(value, buf, 10); - m_newDefaultLifeMinMin.ReleaseBuffer(); - SetDlgItemText(IDC_EDIT_LIFE_MIN_D, m_newDefaultLifeMinDay); - SetDlgItemText(IDC_EDIT_LIFE_MIN_H, m_newDefaultLifeMinHr); - SetDlgItemText(IDC_EDIT_LIFE_MIN_M, m_newDefaultLifeMinMin); - - SetModified(TRUE); - in_progress = 0; - } -} - -void CKrbMiscConfigOpt::ResetDefaultLifeMinEditBox() -{ - // Reset Config Tab's Default LifeMin Editbox - - DWORD tmp = m_DefaultLifeMin = pLeash_get_default_life_min(); - LPSTR buf = m_newDefaultLifeMinDay.GetBuffer(80); - _itoa(tmp/24/60, buf, 10); - tmp %= (24 * 60); - m_newDefaultLifeMinDay.ReleaseBuffer(); - buf = m_newDefaultLifeMinHr.GetBuffer(80); - _itoa(tmp/60, buf, 10); - tmp %= 60; - m_newDefaultLifeMinHr.ReleaseBuffer(); - buf = m_newDefaultLifeMinMin.GetBuffer(80); - _itoa(tmp, buf, 10); - m_newDefaultLifeMinMin.ReleaseBuffer(); - - ::SetDlgItemText(::GetForegroundWindow(), IDC_EDIT_LIFE_MIN_D, m_newDefaultLifeMinDay); - ::SetDlgItemText(::GetForegroundWindow(), IDC_EDIT_LIFE_MIN_H, m_newDefaultLifeMinHr); - ::SetDlgItemText(::GetForegroundWindow(), IDC_EDIT_LIFE_MIN_M, m_newDefaultLifeMinMin); -} - -void CKrbMiscConfigOpt::OnSelchangeEditDefaultLifeMax() -{ - static int in_progress = 0; - if (!in_progress && !m_startupPage2) - { - in_progress = 1; - GetDlgItemText(IDC_EDIT_LIFE_MAX_D, m_newDefaultLifeMaxDay); - GetDlgItemText(IDC_EDIT_LIFE_MAX_H, m_newDefaultLifeMaxHr); - GetDlgItemText(IDC_EDIT_LIFE_MAX_M, m_newDefaultLifeMaxMin); - DWORD value = (((atoi(m_newDefaultLifeMaxDay)*24 + atoi(m_newDefaultLifeMaxHr)) * 60) + atoi(m_newDefaultLifeMaxMin)); - LPSTR buf = m_newDefaultLifeMaxDay.GetBuffer(80); - _itoa(value/24/60, buf, 10); - value %= (24 * 60); - m_newDefaultLifeMaxDay.ReleaseBuffer(); - buf = m_newDefaultLifeMaxHr.GetBuffer(80); - _itoa(value/60, buf, 10); - value %= 60; - m_newDefaultLifeMaxHr.ReleaseBuffer(); - buf = m_newDefaultLifeMaxMin.GetBuffer(80); - _itoa(value, buf, 10); - m_newDefaultLifeMaxMin.ReleaseBuffer(); - SetDlgItemText(IDC_EDIT_LIFE_MAX_D, m_newDefaultLifeMaxDay); - SetDlgItemText(IDC_EDIT_LIFE_MAX_H, m_newDefaultLifeMaxHr); - SetDlgItemText(IDC_EDIT_LIFE_MAX_M, m_newDefaultLifeMaxMin); - - SetModified(TRUE); - in_progress = 0; - } -} - -void CKrbMiscConfigOpt::OnEditKillfocusEditDefaultLifeMax() -{ - static int in_progress = 0; - if (!in_progress && !m_startupPage2) - { - in_progress = 1; - GetDlgItemText(IDC_EDIT_LIFE_MAX_D, m_newDefaultLifeMaxDay); - GetDlgItemText(IDC_EDIT_LIFE_MAX_H, m_newDefaultLifeMaxHr); - GetDlgItemText(IDC_EDIT_LIFE_MAX_M, m_newDefaultLifeMaxMin); - DWORD value = (((atoi(m_newDefaultLifeMaxDay)*24 + atoi(m_newDefaultLifeMaxHr)) * 60) + atoi(m_newDefaultLifeMaxMin)); - LPSTR buf = m_newDefaultLifeMaxDay.GetBuffer(80); - _itoa(value/24/60, buf, 10); - value %= (24 * 60); - m_newDefaultLifeMaxDay.ReleaseBuffer(); - buf = m_newDefaultLifeMaxHr.GetBuffer(80); - _itoa(value/60, buf, 10); - value %= 60; - m_newDefaultLifeMaxHr.ReleaseBuffer(); - buf = m_newDefaultLifeMaxMin.GetBuffer(80); - _itoa(value, buf, 10); - m_newDefaultLifeMaxMin.ReleaseBuffer(); - SetDlgItemText(IDC_EDIT_LIFE_MAX_D, m_newDefaultLifeMaxDay); - SetDlgItemText(IDC_EDIT_LIFE_MAX_H, m_newDefaultLifeMaxHr); - SetDlgItemText(IDC_EDIT_LIFE_MAX_M, m_newDefaultLifeMaxMin); - - SetModified(TRUE); - in_progress = 0; - } -} - -void CKrbMiscConfigOpt::ResetDefaultLifeMaxEditBox() -{ - // Reset Config Tab's Default LifeMax Editbox - - DWORD tmp = m_DefaultLifeMax = pLeash_get_default_life_min(); - LPSTR buf = m_newDefaultLifeMaxDay.GetBuffer(80); - _itoa(tmp/24/60, buf, 10); - tmp %= (24 * 60); - m_newDefaultLifeMaxDay.ReleaseBuffer(); - buf = m_newDefaultLifeMaxHr.GetBuffer(80); - _itoa(tmp/60, buf, 10); - tmp %= 60; - m_newDefaultLifeMaxHr.ReleaseBuffer(); - buf = m_newDefaultLifeMaxMin.GetBuffer(80); - _itoa(tmp, buf, 10); - m_newDefaultLifeMaxMin.ReleaseBuffer(); - - ::SetDlgItemText(::GetForegroundWindow(), IDC_EDIT_LIFE_MAX_D, m_newDefaultLifeMaxDay); - ::SetDlgItemText(::GetForegroundWindow(), IDC_EDIT_LIFE_MAX_H, m_newDefaultLifeMaxHr); - ::SetDlgItemText(::GetForegroundWindow(), IDC_EDIT_LIFE_MAX_M, m_newDefaultLifeMaxMin); -} - -void CKrbMiscConfigOpt::OnSelchangeEditDefaultRenewMin() -{ - static int in_progress = 0; - if (!in_progress && !m_startupPage2) - { - in_progress = 1; - GetDlgItemText(IDC_EDIT_RENEW_MIN_D, m_newDefaultRenewMinDay); - GetDlgItemText(IDC_EDIT_RENEW_MIN_H, m_newDefaultRenewMinHr); - GetDlgItemText(IDC_EDIT_RENEW_MIN_M, m_newDefaultRenewMinMin); - DWORD value = (((atoi(m_newDefaultRenewMinDay)*24 + atoi(m_newDefaultRenewMinHr)) * 60) + atoi(m_newDefaultRenewMinMin)); - LPSTR buf = m_newDefaultRenewMinDay.GetBuffer(80); - _itoa(value/24/60, buf, 10); - value %= (24 * 60); - m_newDefaultRenewMinDay.ReleaseBuffer(); - buf = m_newDefaultRenewMinHr.GetBuffer(80); - _itoa(value/60, buf, 10); - value %= 60; - m_newDefaultRenewMinHr.ReleaseBuffer(); - buf = m_newDefaultRenewMinMin.GetBuffer(80); - _itoa(value, buf, 10); - m_newDefaultRenewMinMin.ReleaseBuffer(); - SetDlgItemText(IDC_EDIT_RENEW_MIN_D, m_newDefaultRenewMinDay); - SetDlgItemText(IDC_EDIT_RENEW_MIN_H, m_newDefaultRenewMinHr); - SetDlgItemText(IDC_EDIT_RENEW_MIN_M, m_newDefaultRenewMinMin); - - SetModified(TRUE); - in_progress = 0; - } -} - -void CKrbMiscConfigOpt::OnEditKillfocusEditDefaultRenewMin() -{ - static int in_progress = 0; - if (!in_progress && !m_startupPage2) - { - in_progress = 1; - GetDlgItemText(IDC_EDIT_RENEW_MIN_D, m_newDefaultRenewMinDay); - GetDlgItemText(IDC_EDIT_RENEW_MIN_H, m_newDefaultRenewMinHr); - GetDlgItemText(IDC_EDIT_RENEW_MIN_M, m_newDefaultRenewMinMin); - DWORD value = (((atoi(m_newDefaultRenewMinDay)*24 + atoi(m_newDefaultRenewMinHr)) * 60) + atoi(m_newDefaultRenewMinMin)); - LPSTR buf = m_newDefaultRenewMinDay.GetBuffer(80); - _itoa(value/24/60, buf, 10); - value %= (24 * 60); - m_newDefaultRenewMinDay.ReleaseBuffer(); - buf = m_newDefaultRenewMinHr.GetBuffer(80); - _itoa(value/60, buf, 10); - value %= 60; - m_newDefaultRenewMinHr.ReleaseBuffer(); - buf = m_newDefaultRenewMinMin.GetBuffer(80); - _itoa(value, buf, 10); - m_newDefaultRenewMinMin.ReleaseBuffer(); - SetDlgItemText(IDC_EDIT_RENEW_MIN_D, m_newDefaultRenewMinDay); - SetDlgItemText(IDC_EDIT_RENEW_MIN_H, m_newDefaultRenewMinHr); - SetDlgItemText(IDC_EDIT_RENEW_MIN_M, m_newDefaultRenewMinMin); - - SetModified(TRUE); - in_progress = 0; - } -} - -void CKrbMiscConfigOpt::ResetDefaultRenewMinEditBox() -{ - // Reset Config Tab's Default RenewMin Editbox - - DWORD tmp = m_DefaultRenewMin = pLeash_get_default_life_min(); - LPSTR buf = m_newDefaultRenewMinDay.GetBuffer(80); - _itoa(tmp/24/60, buf, 10); - tmp %= (24 * 60); - m_newDefaultRenewMinDay.ReleaseBuffer(); - buf = m_newDefaultRenewMinHr.GetBuffer(80); - _itoa(tmp/60, buf, 10); - tmp %= 60; - m_newDefaultRenewMinHr.ReleaseBuffer(); - buf = m_newDefaultRenewMinMin.GetBuffer(80); - _itoa(tmp, buf, 10); - m_newDefaultRenewMinMin.ReleaseBuffer(); - - ::SetDlgItemText(::GetForegroundWindow(), IDC_EDIT_RENEW_MIN_D, m_newDefaultRenewMinDay); - ::SetDlgItemText(::GetForegroundWindow(), IDC_EDIT_RENEW_MIN_H, m_newDefaultRenewMinHr); - ::SetDlgItemText(::GetForegroundWindow(), IDC_EDIT_RENEW_MIN_M, m_newDefaultRenewMinMin); -} - -void CKrbMiscConfigOpt::OnSelchangeEditDefaultRenewMax() -{ - static int in_progress = 0; - if (!in_progress && !m_startupPage2) - { - in_progress = 1; - GetDlgItemText(IDC_EDIT_RENEW_MAX_D, m_newDefaultRenewMaxDay); - GetDlgItemText(IDC_EDIT_RENEW_MAX_H, m_newDefaultRenewMaxHr); - GetDlgItemText(IDC_EDIT_RENEW_MAX_M, m_newDefaultRenewMaxMin); - DWORD value = (((atoi(m_newDefaultRenewMaxDay)*24 + atoi(m_newDefaultRenewMaxHr)) * 60) + atoi(m_newDefaultRenewMaxMin)); - LPSTR buf = m_newDefaultRenewMaxDay.GetBuffer(80); - _itoa(value/24/60, buf, 10); - value %= (24 * 60); - m_newDefaultRenewMaxDay.ReleaseBuffer(); - buf = m_newDefaultRenewMaxHr.GetBuffer(80); - _itoa(value/60, buf, 10); - value %= 60; - m_newDefaultRenewMaxHr.ReleaseBuffer(); - buf = m_newDefaultRenewMaxMin.GetBuffer(80); - _itoa(value, buf, 10); - m_newDefaultRenewMaxMin.ReleaseBuffer(); - SetDlgItemText(IDC_EDIT_RENEW_MAX_D, m_newDefaultRenewMaxDay); - SetDlgItemText(IDC_EDIT_RENEW_MAX_H, m_newDefaultRenewMaxHr); - SetDlgItemText(IDC_EDIT_RENEW_MAX_M, m_newDefaultRenewMaxMin); - - SetModified(TRUE); - in_progress = 0; - } -} - -void CKrbMiscConfigOpt::OnEditKillfocusEditDefaultRenewMax() -{ - static int in_progress = 0; - if (!in_progress && !m_startupPage2) - { - in_progress = 1; - GetDlgItemText(IDC_EDIT_RENEW_MAX_D, m_newDefaultRenewMaxDay); - GetDlgItemText(IDC_EDIT_RENEW_MAX_H, m_newDefaultRenewMaxHr); - GetDlgItemText(IDC_EDIT_RENEW_MAX_M, m_newDefaultRenewMaxMin); - DWORD value = (((atoi(m_newDefaultRenewMaxDay)*24 + atoi(m_newDefaultRenewMaxHr)) * 60) + atoi(m_newDefaultRenewMaxMin)); - LPSTR buf = m_newDefaultRenewMaxDay.GetBuffer(80); - _itoa(value/24/60, buf, 10); - value %= (24 * 60); - m_newDefaultRenewMaxDay.ReleaseBuffer(); - buf = m_newDefaultRenewMaxHr.GetBuffer(80); - _itoa(value/60, buf, 10); - value %= 60; - m_newDefaultRenewMaxHr.ReleaseBuffer(); - buf = m_newDefaultRenewMaxMin.GetBuffer(80); - _itoa(value, buf, 10); - m_newDefaultRenewMaxMin.ReleaseBuffer(); - SetDlgItemText(IDC_EDIT_RENEW_MAX_D, m_newDefaultRenewMaxDay); - SetDlgItemText(IDC_EDIT_RENEW_MAX_H, m_newDefaultRenewMaxHr); - SetDlgItemText(IDC_EDIT_RENEW_MAX_M, m_newDefaultRenewMaxMin); - - SetModified(TRUE); - in_progress = 0; - } -} - -void CKrbMiscConfigOpt::ResetDefaultRenewMaxEditBox() -{ - // Reset Config Tab's Default RenewMax Editbox - - DWORD tmp = m_DefaultRenewMax = pLeash_get_default_life_min(); - LPSTR buf = m_newDefaultRenewMaxDay.GetBuffer(80); - _itoa(tmp/24/60, buf, 10); - tmp %= (24 * 60); - m_newDefaultRenewMaxDay.ReleaseBuffer(); - buf = m_newDefaultRenewMaxHr.GetBuffer(80); - _itoa(tmp/60, buf, 10); - tmp %= 60; - m_newDefaultRenewMaxHr.ReleaseBuffer(); - buf = m_newDefaultRenewMaxMin.GetBuffer(80); - _itoa(tmp, buf, 10); - m_newDefaultRenewMaxMin.ReleaseBuffer(); - - ::SetDlgItemText(::GetForegroundWindow(), IDC_EDIT_RENEW_MAX_D, m_newDefaultRenewMaxDay); - ::SetDlgItemText(::GetForegroundWindow(), IDC_EDIT_RENEW_MAX_H, m_newDefaultRenewMaxHr); - ::SetDlgItemText(::GetForegroundWindow(), IDC_EDIT_RENEW_MAX_M, m_newDefaultRenewMaxMin); -} - -void CKrbMiscConfigOpt::OnCheckUseKrb4() -{ - m_newUseKrb4 = (BOOL)IsDlgButtonChecked(IDC_CHECK_REQUEST_KRB4); -} - -void CKrbMiscConfigOpt::OnCheckKinitPreserve() -{ - m_newKinitPreserve = (BOOL)IsDlgButtonChecked(IDC_CHECK_PRESERVE_KINIT_OPTIONS); -} - -void CKrbMiscConfigOpt::OnShowWindow(BOOL bShow, UINT nStatus) -{ - CPropertyPage::OnShowWindow(bShow, nStatus); - - if (CLeashApp::m_hKrb5DLL) - ResetDefaultLifeTimeEditBox(); - - SetDlgItemText(IDC_EDIT_LIFETIME_D, m_newDefaultLifeTimeDay); - SetDlgItemText(IDC_EDIT_LIFETIME_H, m_newDefaultLifeTimeHr); - SetDlgItemText(IDC_EDIT_LIFETIME_M, m_newDefaultLifeTimeMin); - SetDlgItemText(IDC_EDIT_RENEWTILL_D, m_newDefaultRenewTillDay); - SetDlgItemText(IDC_EDIT_RENEWTILL_H, m_newDefaultRenewTillHr); - SetDlgItemText(IDC_EDIT_RENEWTILL_M, m_newDefaultRenewTillMin); - SetDlgItemText(IDC_EDIT_LIFE_MIN_D, m_newDefaultLifeMinDay); - SetDlgItemText(IDC_EDIT_LIFE_MIN_H, m_newDefaultLifeMinHr); - SetDlgItemText(IDC_EDIT_LIFE_MIN_M, m_newDefaultLifeMinMin); - SetDlgItemText(IDC_EDIT_LIFE_MAX_D, m_newDefaultLifeMaxDay); - SetDlgItemText(IDC_EDIT_LIFE_MAX_H, m_newDefaultLifeMaxHr); - SetDlgItemText(IDC_EDIT_LIFE_MAX_M, m_newDefaultLifeMaxMin); - SetDlgItemText(IDC_EDIT_RENEW_MIN_D, m_newDefaultRenewMinDay); - SetDlgItemText(IDC_EDIT_RENEW_MIN_H, m_newDefaultRenewMinHr); - SetDlgItemText(IDC_EDIT_RENEW_MIN_M, m_newDefaultRenewMinMin); - SetDlgItemText(IDC_EDIT_RENEW_MAX_D, m_newDefaultRenewMaxDay); - SetDlgItemText(IDC_EDIT_RENEW_MAX_H, m_newDefaultRenewMaxHr); - SetDlgItemText(IDC_EDIT_RENEW_MAX_M, m_newDefaultRenewMaxMin); -} - -BOOL CKrbMiscConfigOpt::PreTranslateMessage(MSG* pMsg) -{ - if (!m_startupPage2) - { - if (m_noLifeTime) - { - MessageBox("A lifetime setting of 0 is special in that it means that " - "the application is free to pick whatever default it deems " - "appropriate", - "Leash", MB_OK); - m_noLifeTime = FALSE; - } - } - - m_startupPage2 = FALSE; - return CPropertyPage::PreTranslateMessage(pMsg); -} - - -BEGIN_MESSAGE_MAP(CKrbMiscConfigOpt, CPropertyPage) - //{{AFX_MSG_MAP(CKrbConfigOptions) - ON_WM_SHOWWINDOW() - - ON_EN_KILLFOCUS(IDC_EDIT_LIFETIME_D, OnEditKillfocusEditDefaultLifeTime) - ON_CBN_SELCHANGE(IDC_EDIT_LIFETIME_D, OnSelchangeEditDefaultLifeTime) - ON_EN_KILLFOCUS(IDC_EDIT_LIFETIME_H, OnEditKillfocusEditDefaultLifeTime) - ON_CBN_SELCHANGE(IDC_EDIT_LIFETIME_H, OnSelchangeEditDefaultLifeTime) - ON_EN_KILLFOCUS(IDC_EDIT_LIFETIME_M, OnEditKillfocusEditDefaultLifeTime) - ON_CBN_SELCHANGE(IDC_EDIT_LIFETIME_M, OnSelchangeEditDefaultLifeTime) - - ON_EN_KILLFOCUS(IDC_EDIT_RENEWTILL_D, OnEditKillfocusEditDefaultRenewTill) - ON_CBN_SELCHANGE(IDC_EDIT_RENEWTILL_D, OnSelchangeEditDefaultRenewTill) - ON_EN_KILLFOCUS(IDC_EDIT_RENEWTILL_H, OnEditKillfocusEditDefaultRenewTill) - ON_CBN_SELCHANGE(IDC_EDIT_RENEWTILL_H, OnSelchangeEditDefaultRenewTill) - ON_EN_KILLFOCUS(IDC_EDIT_RENEWTILL_M, OnEditKillfocusEditDefaultRenewTill) - ON_CBN_SELCHANGE(IDC_EDIT_RENEWTILL_M, OnSelchangeEditDefaultRenewTill) - - ON_EN_KILLFOCUS(IDC_EDIT_LIFE_MIN_D, OnEditKillfocusEditDefaultLifeMin) - ON_CBN_SELCHANGE(IDC_EDIT_LIFE_MIN_D, OnSelchangeEditDefaultLifeMin) - ON_EN_KILLFOCUS(IDC_EDIT_LIFE_MIN_H, OnEditKillfocusEditDefaultLifeMin) - ON_CBN_SELCHANGE(IDC_EDIT_LIFE_MIN_H, OnSelchangeEditDefaultLifeMin) - ON_EN_KILLFOCUS(IDC_EDIT_LIFE_MIN_M, OnEditKillfocusEditDefaultLifeMin) - ON_CBN_SELCHANGE(IDC_EDIT_LIFE_MIN_M, OnSelchangeEditDefaultLifeMin) - - ON_EN_KILLFOCUS(IDC_EDIT_LIFE_MAX_D, OnEditKillfocusEditDefaultLifeMax) - ON_CBN_SELCHANGE(IDC_EDIT_LIFE_MAX_D, OnSelchangeEditDefaultLifeMax) - ON_EN_KILLFOCUS(IDC_EDIT_LIFE_MAX_H, OnEditKillfocusEditDefaultLifeMax) - ON_CBN_SELCHANGE(IDC_EDIT_LIFE_MAX_H, OnSelchangeEditDefaultLifeMax) - ON_EN_KILLFOCUS(IDC_EDIT_LIFE_MAX_M, OnEditKillfocusEditDefaultLifeMax) - ON_CBN_SELCHANGE(IDC_EDIT_LIFE_MAX_M, OnSelchangeEditDefaultLifeMax) - - ON_EN_KILLFOCUS(IDC_EDIT_RENEW_MIN_D, OnEditKillfocusEditDefaultRenewMin) - ON_CBN_SELCHANGE(IDC_EDIT_RENEW_MIN_D, OnSelchangeEditDefaultRenewMin) - ON_EN_KILLFOCUS(IDC_EDIT_RENEW_MIN_H, OnEditKillfocusEditDefaultRenewMin) - ON_CBN_SELCHANGE(IDC_EDIT_RENEW_MIN_H, OnSelchangeEditDefaultRenewMin) - ON_EN_KILLFOCUS(IDC_EDIT_RENEW_MIN_M, OnEditKillfocusEditDefaultRenewMin) - ON_CBN_SELCHANGE(IDC_EDIT_RENEW_MIN_M, OnSelchangeEditDefaultRenewMin) - - ON_EN_KILLFOCUS(IDC_EDIT_RENEW_MAX_D, OnEditKillfocusEditDefaultRenewMax) - ON_CBN_SELCHANGE(IDC_EDIT_RENEW_MAX_D, OnSelchangeEditDefaultRenewMax) - ON_EN_KILLFOCUS(IDC_EDIT_RENEW_MAX_H, OnEditKillfocusEditDefaultRenewMax) - ON_CBN_SELCHANGE(IDC_EDIT_RENEW_MAX_H, OnSelchangeEditDefaultRenewMax) - ON_EN_KILLFOCUS(IDC_EDIT_RENEW_MAX_M, OnEditKillfocusEditDefaultRenewMax) - ON_CBN_SELCHANGE(IDC_EDIT_RENEW_MAX_M, OnSelchangeEditDefaultRenewMax) - - ON_BN_CLICKED(IDC_CHECK_REQUEST_KRB4, OnCheckUseKrb4) - ON_BN_CLICKED(IDC_CHECK_PRESERVE_KINIT_OPTIONS, OnCheckKinitPreserve) - //}}AFX_MSG_MAP -END_MESSAGE_MAP() diff -Nru krb5-1.16.2/src/windows/leash/KrbMiscConfigOpt.h krb5-1.17/src/windows/leash/KrbMiscConfigOpt.h --- krb5-1.16.2/src/windows/leash/KrbMiscConfigOpt.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/KrbMiscConfigOpt.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,173 +0,0 @@ -//***************************************************************************** -// File: KrbMiscConfigOpt.h -// By: Paul B. Hill -// Created: 08/12/1999 -// Copyright: @1999 Massachusetts Institute of Technology - All rights -// reserved. -// Description: H file for KrbMiscConfigOpt.cpp. Contains variables -// and functions for Kerberos Properties. -// -// History: -// -// MM/DD/YY Inits Description of Change -// 08/12/99 PBH Original -//***************************************************************************** - - -#if !defined(AFX_MISCCONFIGOPT_H__CD702F99_7495_11D0_8FDC_00C04FC2A0C2__INCLUDED_) -#define AFX_MISCONFIGOPT_H__CD702F99_7495_11D0_8FDC_00C04FC2A0C2__INCLUDED_ - -#if _MSC_VER >= 1000 -#pragma once -#endif - - -#include "resource.h" - - -/////////////////////////////////////////////////////////////////////// -// CKrbMiscConfigOptions dialog - -class CKrbMiscConfigOpt : public CPropertyPage -{ -// Construction -private: - DECLARE_DYNCREATE(CKrbMiscConfigOpt) - BOOL m_startupPage2; - BOOL m_noLifeTime; - - static UINT m_DefaultLifeTime; - static CString m_initDefaultLifeTimeMin; - static CString m_newDefaultLifeTimeMin; - static CString m_initDefaultLifeTimeHr; - static CString m_newDefaultLifeTimeHr; - static CString m_initDefaultLifeTimeDay; - static CString m_newDefaultLifeTimeDay; - - static UINT m_DefaultRenewTill; - static CString m_initDefaultRenewTillMin; - static CString m_newDefaultRenewTillMin; - static CString m_initDefaultRenewTillHr; - static CString m_newDefaultRenewTillHr; - static CString m_initDefaultRenewTillDay; - static CString m_newDefaultRenewTillDay; - - static UINT m_DefaultLifeMin; - static CString m_initDefaultLifeMinMin; - static CString m_newDefaultLifeMinMin; - static CString m_initDefaultLifeMinHr; - static CString m_newDefaultLifeMinHr; - static CString m_initDefaultLifeMinDay; - static CString m_newDefaultLifeMinDay; - - static UINT m_DefaultLifeMax; - static CString m_initDefaultLifeMaxMin; - static CString m_newDefaultLifeMaxMin; - static CString m_initDefaultLifeMaxHr; - static CString m_newDefaultLifeMaxHr; - static CString m_initDefaultLifeMaxDay; - static CString m_newDefaultLifeMaxDay; - - static UINT m_DefaultRenewMin; - static CString m_initDefaultRenewMinMin; - static CString m_newDefaultRenewMinMin; - static CString m_initDefaultRenewMinHr; - static CString m_newDefaultRenewMinHr; - static CString m_initDefaultRenewMinDay; - static CString m_newDefaultRenewMinDay; - - static UINT m_DefaultRenewMax; - static CString m_initDefaultRenewMaxMin; - static CString m_newDefaultRenewMaxMin; - static CString m_initDefaultRenewMaxHr; - static CString m_newDefaultRenewMaxHr; - static CString m_initDefaultRenewMaxDay; - static CString m_newDefaultRenewMaxDay; - - static void ResetDefaultLifeTimeEditBox(); - static void ResetDefaultRenewTillEditBox(); - static void ResetDefaultLifeMinEditBox(); - static void ResetDefaultLifeMaxEditBox(); - static void ResetDefaultRenewMinEditBox(); - static void ResetDefaultRenewMaxEditBox(); - - BOOL m_initUseKrb4; - BOOL m_newUseKrb4; - BOOL m_initKinitPreserve; - BOOL m_newKinitPreserve; - -public: - CKrbMiscConfigOpt(); - ~CKrbMiscConfigOpt(); - -// Dialog Data - //{{AFX_DATA(CKrbMiscConfigOpt) - enum { IDD = IDD_KRB_PROP_MISC }; - static CEdit m_krbLifeTimeDayEditbox; - static CEdit m_krbLifeTimeMinEditbox; - static CEdit m_krbLifeTimeHrEditbox; - static CEdit m_krbRenewTillDayEditbox; - static CEdit m_krbRenewTillMinEditbox; - static CEdit m_krbRenewTillHrEditbox; - static CEdit m_krbRenewMaxDayEditbox; - static CEdit m_krbRenewMinDayEditbox; - static CEdit m_krbLifeMinDayEditbox; - static CEdit m_krbLifeMinMinEditbox; - static CEdit m_krbLifeMinHrEditbox; - static CEdit m_krbLifeMaxDayEditbox; - static CEdit m_krbLifeMaxMinEditbox; - static CEdit m_krbLifeMaxHrEditbox; - static CEdit m_krbRenewMinMinEditbox; - static CEdit m_krbRenewMinHrEditbox; - static CEdit m_krbRenewMaxMinEditbox; - static CEdit m_krbRenewMaxHrEditbox; - //}}AFX_DATA - - -// Overrides - // ClassWizard generate virtual function overrides - //{{AFX_VIRTUAL(CKrbConfigOptions) - public: - virtual BOOL PreTranslateMessage(MSG* pMsg); - protected: - virtual VOID DoDataExchange(CDataExchange* pDX); // DDX/DDV support - //}}AFX_VIRTUAL - - virtual BOOL OnApply(); - -// Implementation -protected: - // Generated message map functions - //{{AFX_MSG(CKrbMiscConfigOpt) - virtual BOOL OnInitDialog(); - afx_msg void OnShowWindow(BOOL bShow, UINT nStatus); - afx_msg void OnEditKillfocusEditDefaultLifeTime(); - afx_msg void OnResetDefaultLifeTimeEditBox(); - afx_msg void OnSelchangeEditDefaultLifeTime(); - afx_msg void OnEditKillfocusEditDefaultRenewTill(); - afx_msg void OnResetDefaultRenewTillEditBox(); - afx_msg void OnSelchangeEditDefaultRenewTill(); - afx_msg void OnEditKillfocusEditDefaultLifeMin(); - afx_msg void OnResetDefaultLifeMinEditBox(); - afx_msg void OnSelchangeEditDefaultLifeMin(); - afx_msg void OnEditKillfocusEditDefaultLifeMax(); - afx_msg void OnResetDefaultLifeMaxEditBox(); - afx_msg void OnSelchangeEditDefaultLifeMax(); - afx_msg void OnEditKillfocusEditDefaultRenewMin(); - afx_msg void OnResetDefaultRenewMinEditBox(); - afx_msg void OnSelchangeEditDefaultRenewMin(); - afx_msg void OnEditKillfocusEditDefaultRenewMax(); - afx_msg void OnResetDefaultRenewMaxEditBox(); - afx_msg void OnSelchangeEditDefaultRenewMax(); - afx_msg void OnCheckUseKrb4(); - afx_msg void OnCheckKinitPreserve(); - //}}AFX_MSG - DECLARE_MESSAGE_MAP() - -}; - -///////////////////////////////////////////////////////////////////////////// -//{{AFX_INSERT_LOCATION}} -// Microsoft Developer Studio will insert additional declarations immediately before the previous line. - -#endif // !defined(AFX_MISCONFIGOPT_H__CD702F99_7495_11D0_8FDC_00C04FC2A0C2__INCLUDED_) diff -Nru krb5-1.16.2/src/windows/leash/KrbProperties.cpp krb5-1.17/src/windows/leash/KrbProperties.cpp --- krb5-1.16.2/src/windows/leash/KrbProperties.cpp 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/KrbProperties.cpp 1970-01-01 00:00:00.000000000 +0000 @@ -1,106 +0,0 @@ -// File: KrbProperties.cpp -// By: Arthur David Leather -// Created: 12/02/98 -// Copyright @1998 Massachusetts Institute of Technology - All rights reserved. -// Description: CPP file for KrbProperties.h. Contains variables and functions -// for Kerberos Four Properties -// -// History: -// -// MM/DD/YY Inits Description of Change -// 02/01/98 ADL Original -// ************************************************************************************** - - -#include "stdafx.h" -#include "KrbProperties.h" -#include "Krb4Properties.h" - -#include "Leash.h" -#include "wshelper.h" -#include "lglobals.h" -#include "reminder.h" - -CHAR CKrbProperties::m_krbPath[MAX_PATH]; -CHAR CKrbProperties::m_krbrealmPath[MAX_PATH]; -BOOL CKrbProperties::KrbPropertiesOn; - -/////////////////////////////////////////////////////////////////////// -// CKrbProperties - -IMPLEMENT_DYNAMIC(CKrbProperties, CPropertySheet) -CKrbProperties::CKrbProperties(UINT nIDCaption, CWnd* pParentWnd, - UINT iSelectPage) -:CPropertySheet(nIDCaption, pParentWnd, iSelectPage) -{ -} - -CKrbProperties::CKrbProperties(LPCTSTR pszCaption, CWnd* pParentWnd, - UINT iSelectPage) -:CPropertySheet(pszCaption, pParentWnd, iSelectPage) -{ - KrbPropertiesOn = FALSE; - -#ifdef COMMENT - // If this will not be fatal, then it does not need to be performed here. - if (CLeashApp::m_hKrb5DLL) - { - char *realm = NULL; - pkrb5_get_default_realm(CLeashApp::m_krbv5_context, &realm); - - if (!realm) - { - MessageBox("CKrbProperties::Unable to determine default Kerberos REALM.\ - \n Consult your Administrator!", - "Error", MB_OK); - // I don't think this is necessarily fatal. - jaltman - // return; - } - } -#endif /* COMMENT */ - -#ifndef NO_KRB4 - CLeashApp::GetKrb4ConFile(m_krbPath,sizeof(m_krbPath)); - CLeashApp::GetKrb4RealmFile(m_krbrealmPath,sizeof(m_krbrealmPath)); -#endif - - AddPage(&m_configOptions); - AddPage(&m_miscConfigOpt); - -#ifndef NO_KRB4 - if (CLeashApp::m_hKrb4DLL && !CLeashApp::m_hKrb5DLL) - { - AddPage(&m_krb4RealmHostMaintenance); - AddPage(&m_krb4DomainRealmMaintenance); - } - else -#endif - if (CLeashApp::m_hKrb5DLL) - { - AddPage(&m_realmHostMaintenance); - AddPage(&m_domainRealmMaintenance); - } - - KrbPropertiesOn = TRUE; -} - -CKrbProperties::~CKrbProperties() -{ - KrbPropertiesOn = FALSE; -} - -void CKrbProperties::OnHelp() -{ - AfxGetApp()->WinHelp(HID_KERBEROS_PROPERTIES_COMMAND); -} - - -BEGIN_MESSAGE_MAP(CKrbProperties, CPropertySheet) - //{{AFX_MSG_MAP(CKrbProperties) - // NOTE - the ClassWizard will add and remove mapping macros here. - ON_COMMAND(ID_HELP, OnHelp) - //}}AFX_MSG_MAP -END_MESSAGE_MAP() - -/////////////////////////////////////////////////////////////////////// -// CKrbProperties message handlers diff -Nru krb5-1.16.2/src/windows/leash/KrbProperties.h krb5-1.17/src/windows/leash/KrbProperties.h --- krb5-1.16.2/src/windows/leash/KrbProperties.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/KrbProperties.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,95 +0,0 @@ -// ************************************************************************************** -// File: KrbProperties.h -// By: Arthur David Leather -// Created: 12/02/98 -// Copyright @1998 Massachusetts Institute of Technology - All rights reserved. -// Description: H file for KrbProperties.cpp. Contains variables and functions -// for Kerberos Four Properties -// -// History: -// -// MM/DD/YY Inits Description of Change -// 02/01/98 ADL Original -// ************************************************************************************** - - -#if !defined(AFX_KRB_PROPERTY_H__CD702F99_7495_11D0_8FDC_00C04FC2A0C2__INCLUDED_) -#define AFX_KRB_PROPERTY_H__CD702F99_7495_11D0_8FDC_00C04FC2A0C2__INCLUDED_ - -#if _MSC_VER >= 1000 -#pragma once -#endif // _MSC_VER >= 1000 -// KrbProperties.h : header file -// - -#include "KrbConfigOptions.h" -#include "KrbRealmHostMaintenance.h" -#include "KrbDomainRealmMaintenance.h" -#ifndef NO_KRB4 -#include "Krb4DomainRealmMaintenance.h" -#include "Krb4RealmHostMaintenance.h" -#endif -#include "KrbMiscConfigOpt.h" - -////////////////////////////////////////////////////////////////////// -// CKrbProperties - -class CKrbProperties : public CPropertySheet -{ -private: - DECLARE_DYNAMIC(CKrbProperties) - -public: - //CKrbConfigFileLocation m_fileLocation; - CKrbConfigOptions m_configOptions; -#ifndef NO_KRB4 - CKrb4RealmHostMaintenance m_krb4RealmHostMaintenance; -#endif - CKrbRealmHostMaintenance m_realmHostMaintenance; -#ifndef NO_KRB4 - CKrb4DomainRealmMaintenance m_krb4DomainRealmMaintenance; -#endif - CKrbDomainRealmMaintenance m_domainRealmMaintenance; - CKrbMiscConfigOpt m_miscConfigOpt; - - static BOOL KrbPropertiesOn; - static BOOL applyButtonEnabled; - static CHAR m_krbPath[MAX_PATH]; - static CHAR m_krbrealmPath[MAX_PATH]; - -// Construction -public: - CKrbProperties(UINT nIDCaption, CWnd* pParentWnd = NULL, - UINT iSelectPage = 0); - CKrbProperties(LPCTSTR pszCaption, CWnd* pParentWnd = NULL, - UINT iSelectPage = 0); - -// Attributes -public: - -// Operations -public: - -// Overrides - // ClassWizard generated virtual function overrides - //{{AFX_VIRTUAL(CKrbProperties) - //}}AFX_VIRTUAL - -// Implementation -public: - virtual ~CKrbProperties(); - - // Generated message map functions -protected: - //{{AFX_MSG(CKrbProperties) - // NOTE - the ClassWizard will add and remove member functions here. - afx_msg void OnHelp(); - //}}AFX_MSG - DECLARE_MESSAGE_MAP() -}; - -///////////////////////////////////////////////////////////////////////////// -//{{AFX_INSERT_LOCATION}} -// Microsoft Developer Studio will insert additional declarations immediately before the previous line. - -#endif // !defined(AFX_KRB_PROPERTY_H__CD702F99_7495_11D0_8FDC_00C04FC2A0C2__INCLUDED_) diff -Nru krb5-1.16.2/src/windows/leash/KrbRealmHostMaintenance.cpp krb5-1.17/src/windows/leash/KrbRealmHostMaintenance.cpp --- krb5-1.16.2/src/windows/leash/KrbRealmHostMaintenance.cpp 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/KrbRealmHostMaintenance.cpp 1970-01-01 00:00:00.000000000 +0000 @@ -1,1044 +0,0 @@ -// ************************************************************************************** -// File: KrbRealmHostMaintenance.cpp -// By: Arthur David Leather -// Created: 12/02/98 -// Copyright @1998 Massachusetts Institute of Technology - All rights reserved. -// Description: CPP file for KrbRealmHostMaintenance.h. Contains variables and functions -// for Kerberos Four and Five Properties -// -// History: -// -// MM/DD/YY Inits Description of Change -// 12/02/98 ADL Original -// ************************************************************************************** - - -#include "stdafx.h" -#include "leash.h" -#include "KrbProperties.h" -#include "Krb4Properties.h" -#include "KrbAddRealm.h" -#include "KrbAddHostServer.h" -#include "KrbRealmHostMaintenance.h" -#include "KrbEditRealm.h" -#include "KrbEditHostServer.h" -#include "KrbConfigOptions.h" - -#include "lglobals.h" -#include "MainFrm.h" - -#ifdef _DEBUG -#define new DEBUG_NEW -#undef THIS_FILE -static char THIS_FILE[] = __FILE__; -#endif - -///////////////////////////////////////////////////////////////////////////// -// CKrbRealmHostMaintenance dialog - - -IMPLEMENT_DYNCREATE(CKrbRealmHostMaintenance, CPropertyPage) - -CKrbRealmHostMaintenance::CKrbRealmHostMaintenance() - : CPropertyPage(CKrbRealmHostMaintenance::IDD) -{ - m_isRealmListBoxInFocus = FALSE; - m_isStart = TRUE; - m_theAdminServer = _T(""); - m_theAdminServerMarked = _T(""); - m_initDnsKdcLookup = 0; - m_newDnsKdcLookup = 0; - - m_KDCHostList.initOtherListbox(this, &m_KDCRealmList); -} - -CKrbRealmHostMaintenance::~CKrbRealmHostMaintenance() -{ -} - -void CKrbRealmHostMaintenance::DoDataExchange(CDataExchange* pDX) -{ - CPropertyPage::DoDataExchange(pDX); - //{{AFX_DATA_MAP(CKrbRealmHostMaintenance) - DDX_Control(pDX, IDC_LIST_KDC_REALM, m_KDCRealmList); - DDX_Control(pDX, IDC_LIST_KDC_HOST, m_KDCHostList); - //}}AFX_DATA_MAP -} - -BEGIN_MESSAGE_MAP(CKrbRealmHostMaintenance, CPropertyPage) - //{{AFX_MSG_MAP(CKrbRealmHostMaintenance) - ON_BN_CLICKED(IDC_BUTTON_REALM_HOST_ADD, OnButtonRealmHostAdd) - ON_BN_CLICKED(IDC_BUTTON_REALM_EDIT, OnButtonRealmHostEdit) - ON_BN_CLICKED(ID_BUTTON_REALM_REMOVE, OnButtonRealmHostRemove) - ON_LBN_SELCHANGE(IDC_LIST_KDC_REALM, OnSelchangeListKdcRealm) - ON_BN_CLICKED(IDC_BUTTON_ADMINSERVER, OnButtonAdminserver) - ON_LBN_SETFOCUS(IDC_LIST_KDC_REALM, OnSetfocusListKdcRealm) - ON_BN_CLICKED(IDC_BUTTON_KDCHOST_ADD, OnButtonKdchostAdd) - ON_BN_CLICKED(IDC_BUTTON_KDCHOST_REMOVE, OnButtonKdchostRemove) - ON_BN_CLICKED(IDC_BUTTON_REMOVE_ADMINSERVER, OnButtonRemoveAdminserver) - ON_LBN_SELCHANGE(IDC_LIST_KDC_HOST, OnSelchangeListKdcHost) - ON_BN_CLICKED(IDC_BUTTON_KDCHOST_EDIT, OnButtonKdchostEdit) - ON_LBN_DBLCLK(IDC_LIST_KDC_REALM, OnDblclkListKdcRealm) - ON_LBN_DBLCLK(IDC_LIST_KDC_HOST, OnDblclkListKdcHost) - ON_WM_KEYDOWN() - ON_WM_CANCELMODE() - ON_BN_CLICKED(IDC_BUTTON_REALMHOST_MAINT_HELP, OnButtonRealmhostMaintHelp) - ON_BN_CLICKED(IDC_DNS_KDC, OnCheckDnsKdcLookup) - //}}AFX_MSG_MAP -END_MESSAGE_MAP() - -///////////////////////////////////////////////////////////////////////////// -// CKrbRealmHostMaintenance message handlers - -BOOL CKrbRealmHostMaintenance::OnInitDialog() -{ - CPropertyPage::OnInitDialog(); - - const char* rootSection[] = {"realms", NULL}; - const char** rootsec = rootSection; - char **sections = NULL, - **cpp = NULL, - *value = NULL; - - long retval = pprofile_get_subsection_names(CLeashApp::m_krbv5_profile, - rootsec, §ions); - - if (retval && PROF_NO_RELATION != retval) - { - MessageBox("OnInitDialog::There is an error, profile will not be saved!!!\ - \nIf this error persist, contact your administrator.", - "Leash", MB_OK); - return TRUE; - } - - for (cpp = sections; *cpp; cpp++) - { - if (LB_ERR == m_KDCRealmList.AddString(*cpp)) - { - MessageBox("OnInitDialog::Can't add to Kerberos Realm Listbox", - "Leash", MB_OK); - return FALSE; - } - } - - pprofile_free_list(sections); - - // Determine the starting value for DNS KDC Lookup Checkbox - retval = pprofile_get_string(CLeashApp::m_krbv5_profile, "libdefaults", - "dns_lookup_kdc", 0, 0, &value); - if (value == 0 && retval == 0) - retval = pprofile_get_string(CLeashApp::m_krbv5_profile, "libdefaults", - "dns_fallback", 0, 0, &value); - if (value == 0) { - m_initDnsKdcLookup = m_newDnsKdcLookup = 1; - } else { - m_initDnsKdcLookup = m_newDnsKdcLookup = config_boolean_to_int(value); - pprofile_release_string(value); - } - CheckDlgButton(IDC_DNS_KDC, m_initDnsKdcLookup); - - // Compaire Krb Four with what's in the Krb Five Profile Linklist - // and add to m_KDCRealmList if needed. - m_KDCRealmList.SetCurSel(0); - - if (!m_KDCRealmList.GetCount()) - { - GetDlgItem(IDC_BUTTON_REALM_EDIT)->EnableWindow(FALSE); - } - else if (1 >= m_KDCRealmList.GetCount()) - { - GetDlgItem(ID_BUTTON_REALM_REMOVE)->EnableWindow(FALSE); - } - else - { - GetDlgItem(ID_BUTTON_REALM_REMOVE)->EnableWindow(); - GetDlgItem(IDC_BUTTON_REALM_EDIT)->EnableWindow(); - } - - - if (!m_KDCHostList.GetCount()) - { - GetDlgItem(IDC_BUTTON_KDCHOST_REMOVE)->EnableWindow(FALSE); - GetDlgItem(IDC_BUTTON_KDCHOST_EDIT)->EnableWindow(FALSE); - } - else - { - GetDlgItem(IDC_BUTTON_KDCHOST_REMOVE)->EnableWindow(); - GetDlgItem(IDC_BUTTON_KDCHOST_EDIT)->EnableWindow(); - } - - - return TRUE; -} - -BOOL CKrbRealmHostMaintenance::OnApply() -{ - char theSection[REALM_SZ + 1]; - const char* adminServer[] = {"realms", theSection, ADMIN_SERVER, NULL}; - const char* Section[] = {"realms", theSection, "kdc", NULL}; //theSection - const char** section = Section; - const char** adminServ = adminServer; - - if (!CLeashApp::m_krbv5_profile) { - CHAR confname[MAX_PATH]; - if (!CLeashApp::GetProfileFile(confname, sizeof(confname))) - { - const char *filenames[2]; - filenames[0] = confname; - filenames[1] = NULL; - pprofile_init(filenames, &CLeashApp::m_krbv5_profile); - } - } - - /* - // Safety check for empty section (may not be need, but left it in anyway) - INT maxRealms = m_KDCRealmList.GetCount(); - for (INT realm = 0; realm < maxRealms; realm++) - { - m_KDCRealmList.GetText(realm, theSection); - long retval = pprofile_get_values(CLeashApp::m_krbv5_profile, - section, &values); - pprofile_free_list(values); - - if (PROF_NO_RELATION == retval) - { - if (IDYES == AfxMessageBox("One or more Realms do not have any corresponing Servers!!!\n\nContinue?", - MB_YESNO)) - break; - else - return TRUE; - } - - if (retval && PROF_NO_RELATION != retval) - { - MessageBox("OnApply::There is an error, profile will not be saved!!!\nIf this error persist, contact your administrator.", - "Error", MB_OK); - return TRUE; - } - } - */ - - long retval = pprofile_flush(CLeashApp::m_krbv5_profile); - - if (retval && PROF_NO_RELATION != retval) - { - MessageBox("OnApply::There is an error, profile will not be saved!!!\ - \nIf this error persist, contact your administrator.", - "Leash", MB_OK); - } - -#ifndef NO_KRB4 - // Save to Kerberos Four config. file "Krb.con" - CStdioFile krbCon; - if (!krbCon.Open(CKrbProperties::m_krbPath, CFile::modeCreate | - CFile::modeNoTruncate | - CFile::modeReadWrite)) - { - LeashErrorBox("OnApply::Can't open Configuration File", - CKrbProperties::m_krbPath); - return TRUE; - } - - krbCon.SetLength(0); - - krbCon.WriteString(CKrbConfigOptions::m_newDefaultRealm); - krbCon.WriteString("\n"); - - for (INT maxItems = m_KDCRealmList.GetCount(), item = 0; item < maxItems; item++) - { - char **values = NULL, - **cpp = NULL, - **admin = NULL; - - if (LB_ERR == m_KDCRealmList.GetText(item, theSection)) - ASSERT(0); - - retval = pprofile_get_values(CLeashApp::m_krbv5_profile, - section, &values); - - if (retval && PROF_NO_RELATION != retval) - { - MessageBox("OnApply::There is an error, profile will not be saved!!!\ - \nIf this error persist, contact your administrator.", - "Leash", MB_OK); - } - - retval = pprofile_get_values(CLeashApp::m_krbv5_profile, - adminServ , &admin); - - if (retval && PROF_NO_RELATION != retval) - { - MessageBox("OnApply::There is an error, profile will not be saved!!!\ - \nIf this error persist, contact your administrator.", - "Leash", MB_OK); - } - - char* pSemiCl = NULL; - if (admin) - { - if (*admin) - { - if ((pSemiCl = strchr(*admin, ':'))) - *pSemiCl = 0; - } - } - - - char hostKdc[MAX_HSTNM]; - if (values) - for (cpp = values; *cpp; cpp++) - { - strcpy(hostKdc, *cpp); - - if ((pSemiCl = strchr(hostKdc, ':'))) - *pSemiCl = 0; - - if (admin) - { - if (*admin) - { - if (0 == stricmp(hostKdc, *admin)) - strcat(hostKdc, " admin server"); - } - } - - CString kdcHost = theSection; - kdcHost += " "; - kdcHost += hostKdc; - - krbCon.WriteString(kdcHost); - krbCon.WriteString("\n"); - } - - if (values) - pprofile_free_list(values); - - if (admin) - pprofile_free_list(admin); - } - - if ( m_newDnsKdcLookup ) - krbCon.WriteString(".KERBEROS.OPTION. dns\n"); - - krbCon. Close(); -#endif // NO_KRB4 - return TRUE; -} - -void CKrbRealmHostMaintenance::OnCancel() -{ - CHAR fileName[MAX_PATH]; - if (CLeashApp::GetProfileFile(fileName, sizeof(fileName))) - { - MessageBox("Can't locate Kerberos Five Config. file!", "Error", MB_OK); - return; - } - - - long retval = 0; - if (CLeashApp::m_krbv5_profile) - pprofile_abandon(CLeashApp::m_krbv5_profile); - - /* - if (retval) - { - MessageBox("OnButtonRealmHostAdd::There is an error, profile will not be abandon!!!\ - \nIf this error persist, contact your administrator.", - "Leash", MB_OK); - return; - } - */ - - const char *filenames[2]; - filenames[0] = fileName; - filenames[1] = NULL; - retval = pprofile_init(filenames, &CLeashApp::m_krbv5_profile); - - if (retval) - { - MessageBox("OnButtonRealmHostAdd::There is an error, profile will not be initialized!!!\ - \nIf this error persist, contact your administrator.", - "Leash", MB_OK); - return; - } - - - CPropertyPage::OnCancel(); -} - -void CKrbRealmHostMaintenance::OnCheckDnsKdcLookup() -{ - const char* dnsLookupKdc[] = {"libdefaults","dns_lookup_kdc",NULL}; - - m_newDnsKdcLookup = (BOOL)IsDlgButtonChecked(IDC_DNS_KDC); - - long retval = pprofile_clear_relation(CLeashApp::m_krbv5_profile, - dnsLookupKdc); - - if (retval && PROF_NO_RELATION != retval) - { - MessageBox("OnButtonAdminserver::There is an error, profile will not be saved!!!\ - \nIf this error persist, contact your administrator.", - "Error", MB_OK); - return; - } - - retval = pprofile_add_relation(CLeashApp::m_krbv5_profile, - dnsLookupKdc, - m_newDnsKdcLookup ? "true" : "false"); - - if (retval) - { // this might not be a good way to handle this type of error - MessageBox("OnButtonAdminserver::There is an error, profile will not be saved!!!\ - \nIf this error persist, contact your administrator.", - "Error", MB_OK); - return; - } - SetModified(TRUE); -} - -void CKrbRealmHostMaintenance::OnButtonRealmHostAdd() -{ - m_KDCRealmList.SetFocus(); - - CKrbAddRealm addToRealmHostList; - if (IDOK == addToRealmHostList.DoModal()) - { - char theSection[REALM_SZ + 1]; - const char* Section[] = {"realms", theSection, NULL}; - const char** section = Section; - - - if (!CLeashApp::m_krbv5_profile) { - CHAR confname[MAX_PATH]; - if (!CLeashApp::GetProfileFile(confname, sizeof(confname))) - { - const char *filenames[2]; - filenames[0] = confname; - filenames[1] = NULL; - pprofile_init(filenames, &CLeashApp::m_krbv5_profile); - } - } - - CString newRealm; // new section in the profile linklist - newRealm = addToRealmHostList.GetNewRealm(); - - if (LB_ERR != m_KDCRealmList.FindStringExact(-1, newRealm)) - { - MessageBox("We can't have duplicate Realms!\nYour entry was not saved to list.", - "Leash", MB_OK); - return; - } - - if (addToRealmHostList.GetNewRealm().IsEmpty()) - ASSERT(0); - - strcpy(theSection, newRealm); - long retval = pprofile_add_relation(CLeashApp::m_krbv5_profile, - section, NULL); - - if (retval) - { - MessageBox("OnButtonRealmHostAdd::There is an error, profile will not be saved!!!\ - \nIf this error persist, contact your administrator.", - "Leash", MB_OK); - return; - } - - if (LB_ERR == m_KDCRealmList.AddString(newRealm)) - ASSERT(0); - - if (LB_ERR == m_KDCRealmList.SetCurSel(m_KDCRealmList.FindStringExact(-1, newRealm))) - ASSERT(0); - - MessageBox("You must now add a Kerberos Host Server or Realm you just added will be removed!!!", - "Leash", MB_OK); - - m_KDCHostList.ResetContent(); - if (OnButtonKdchostAddInternal()) - { // Cancel - - long retval = pprofile_rename_section(CLeashApp::m_krbv5_profile, - section, NULL); - - if (retval) - { - MessageBox("OnButtonRealmHostRemove::There is an error, profile will not be saved!!!\ - \nIf this error persist, contact your administrator.", - "Leash", MB_OK); - return; - } - - if (LB_ERR == m_KDCRealmList.DeleteString(m_KDCRealmList.GetCurSel())) - ASSERT(0); - - m_KDCRealmList.SetCurSel(0); - } - - OnSelchangeListKdcRealm(); - SetModified(TRUE); - } - - if (1 >= m_KDCRealmList.GetCount()) - { - GetDlgItem(ID_BUTTON_REALM_REMOVE)->EnableWindow(FALSE); - } - else - { - GetDlgItem(ID_BUTTON_REALM_REMOVE)->EnableWindow(); - GetDlgItem(IDC_BUTTON_REALM_EDIT)->EnableWindow(); - } -} - -void CKrbRealmHostMaintenance::OnButtonKdchostAdd() -{ - OnButtonKdchostAddInternal(); -} - -bool CKrbRealmHostMaintenance::OnButtonKdchostAddInternal() -{ - CString newHost; // new section in the profile linklist - CKrbAddHostServer addHostServer; - if (IDOK == addHostServer.DoModal()) - { // OK - char theSection[MAX_HSTNM + 1]; - const char* Section[] = {"realms", theSection, "kdc", NULL}; - const char** section = Section; - - if (addHostServer.GetNewHost().IsEmpty()) - ASSERT(0); - - newHost = addHostServer.GetNewHost(); - - if (LB_ERR != m_KDCHostList.FindStringExact(-1, newHost)) - { - MessageBox("We can't have duplicate Host Servers for the same Realm!\ - \nYour entry was not saved to list.", - "Leash", MB_OK); - return true; - } - - m_KDCRealmList.GetText(m_KDCRealmList.GetCurSel(), theSection); - long retval = pprofile_add_relation(CLeashApp::m_krbv5_profile, - section, addHostServer.GetNewHost()); - - if (retval) - { - MessageBox("OnButtonKdchostAdd::There is an error, profile will not be saved!!!\ - \nIf this error persist, contact your administrator.", - "Leash", MB_OK); - - return true; - } - - if (LB_ERR == m_KDCHostList.AddString(newHost)) - ASSERT(0); - - SetModified(TRUE); - } - else - return true; - - if (m_KDCHostList.GetCount() > 1) - { - m_KDCHostList.SetCurSel(m_KDCHostList.FindStringExact(-1, newHost)); - m_KDCHostList.SetFocus(); - OnSelchangeListKdcHost(); - - GetDlgItem(IDC_BUTTON_KDCHOST_REMOVE)->EnableWindow(); - } - - if (1 == m_KDCRealmList.GetCount()) - { - GetDlgItem(IDC_BUTTON_KDCHOST_REMOVE)->EnableWindow(); - GetDlgItem(IDC_BUTTON_KDCHOST_EDIT)->EnableWindow(); - } - - return false; -} - -void CKrbRealmHostMaintenance::OnButtonRealmHostEdit() -{ - INT selItemIndex = m_KDCRealmList.GetCurSel(); - CString selItem; - - m_KDCHostList.SetFocus(); - //m_KDCRealmList.SetFocus(); - //m_KDCHostList.SetCurSel(0); - m_KDCRealmList.GetText(selItemIndex, selItem); - - CKrbEditRealm editRealmHostList(selItem); - - if (IDOK == editRealmHostList.DoModal()) - { - char theSection[REALM_SZ + 1]; - const char* Section[] = {"realms", theSection, NULL}; - const char** section = Section; - - CString editedRealm = editRealmHostList.GetEditedItem(); - - if (0 != editedRealm.CompareNoCase(selItem) && - LB_ERR != m_KDCRealmList.FindStringExact(-1, editedRealm)) - { - MessageBox("We can't have duplicate Realms!\nYour entry was not saved to list.", - "Leash", MB_OK); - return; - } - - strcpy(theSection, selItem); - - long retval = pprofile_rename_section(CLeashApp::m_krbv5_profile, - section, editRealmHostList.GetEditedItem()); - - if (retval) - { - MessageBox("OnButtonRealmHostEdit::There is an error, profile will not be saved!!!\ - \nIf this error persist, contact your administrator.", - "Leash", MB_OK); - return; - } - - m_KDCRealmList.DeleteString(selItemIndex); - m_KDCRealmList.AddString(editedRealm); - selItemIndex = m_KDCRealmList.FindStringExact(-1, editedRealm); - m_KDCRealmList.SetCurSel(selItemIndex); - - CKrbConfigOptions::ResetDefaultRealmComboBox(); - SetModified(TRUE); - } -} - -void CKrbRealmHostMaintenance::OnDblclkListKdcRealm() -{ - OnButtonRealmHostEdit(); -} - -void CKrbRealmHostMaintenance::OnButtonKdchostEdit() -{ - INT selItemIndex = m_KDCHostList.GetCurSel(); - CHAR OLD_VALUE[MAX_HSTNM + 1]; - CString editedHostServer; - CString _adminServer; - - m_KDCHostList.SetFocus(); - m_KDCHostList.GetText(selItemIndex, OLD_VALUE); - - LPSTR pOLD_VALUE = strchr(OLD_VALUE, ' '); - if (pOLD_VALUE) - { - *pOLD_VALUE = 0; - _adminServer = pOLD_VALUE + 1; - } - - CString selItem = OLD_VALUE; - CKrbEditHostServer editHostServerList(selItem); - - if (IDOK == editHostServerList.DoModal()) - { - char theSection[REALM_SZ + 1]; - const char* adminServer[] = {"realms", theSection, ADMIN_SERVER, NULL}; - const char* Section[] = {"realms", theSection, "kdc", NULL}; - const char** section = Section; - const char** adminServ = adminServer; - - editedHostServer = editHostServerList.GetEditedItem(); - - if (0 != editedHostServer.CompareNoCase(selItem) && - LB_ERR != m_KDCHostList.FindStringExact(-1, editedHostServer)) - { - MessageBox("We can't have duplicate Host Servers for the same Realm!\ - \nYour entry was not saved to list.", - "Leash", MB_OK); - return; - } - - m_KDCHostList.DeleteString(selItemIndex); - m_KDCRealmList.GetText(m_KDCRealmList.GetCurSel(), theSection); - - if (!_adminServer.IsEmpty()) - { // there is a admin_server - editedHostServer += " "; - editedHostServer += _adminServer; - - long retval = pprofile_update_relation(CLeashApp::m_krbv5_profile, - adminServ, OLD_VALUE, editHostServerList.GetEditedItem()); - if (retval) - { - MessageBox("OnButtonKdchostEdit::There is an error, profile will not be saved!!!\ - \nIf this error persist, contact your administrator.", - "Leash", MB_OK); - return; - } - } - - long retval = pprofile_update_relation(CLeashApp::m_krbv5_profile, - section, OLD_VALUE, editHostServerList.GetEditedItem()); - - if (retval) - { - MessageBox("OnButtonKdchostEdit::There is an error, profile will not be saved!!!\ - \nIf this error persist, contact your administrator.", - "Leash", MB_OK); - return; - } - - m_KDCHostList.InsertString(selItemIndex, editedHostServer); - m_KDCHostList.SetCurSel(selItemIndex); - - OnSelchangeListKdcHost(); - SetModified(TRUE); - } -} - -void CKrbRealmHostMaintenance::OnDblclkListKdcHost() -{ - OnButtonKdchostEdit(); -} - -void CKrbRealmHostMaintenance::OnButtonRealmHostRemove() -{ - char theSection[REALM_SZ + 1]; - const char* Section[] = {"realms", theSection, NULL}; - const char** section = Section; - - m_KDCRealmList.SetFocus(); - m_KDCRealmList.GetText(m_KDCRealmList.GetCurSel(), theSection); - - CString RealmMsg; - RealmMsg.Format("Your about to remove a Realm, \"%s\", and all it's dependents from the list!\n\nContinue?", - theSection); - - if (IDYES != AfxMessageBox(RealmMsg, MB_YESNO)) - return; - - long retval = pprofile_rename_section(CLeashApp::m_krbv5_profile, - section, NULL); - - if (retval) - { - MessageBox("OnButtonRealmHostRemove::There is an error, profile will not be saved!!!\ - \nIf this error persist, contact your administrator.", - "Leash", MB_OK); - return; - } - - INT curSel = m_KDCRealmList.GetCurSel(); - - if (LB_ERR == m_KDCRealmList.DeleteString(curSel)) - ASSERT(0);// Single Sel Listbox - - if (-1 == m_KDCRealmList.SetCurSel(curSel)) - m_KDCRealmList.SetCurSel(curSel - 1); - - SetModified(TRUE); - - if (!m_KDCRealmList.GetCount()) - { - GetDlgItem(IDC_BUTTON_REALM_EDIT)->EnableWindow(FALSE); - } - if (1 >= m_KDCRealmList.GetCount()) - { - OnSelchangeListKdcRealm(); - GetDlgItem(ID_BUTTON_REALM_REMOVE)->EnableWindow(FALSE); - } - else - OnSelchangeListKdcRealm(); -} - -void CKrbRealmHostMaintenance::OnButtonKdchostRemove() -{ - char theSection[REALM_SZ + 1]; - const char* adminServer[] = {"realms", theSection, ADMIN_SERVER, NULL}; - const char* Section[] = {"realms", theSection, "kdc", NULL}; - const char** section = Section; - const char** adminServ = adminServer; - CHAR OLD_VALUE[MAX_HSTNM + 1]; - CString serverHostMsg; - CString serverHost; - CString _adminServer; - - m_KDCHostList.GetText(m_KDCHostList.GetCurSel(), serverHost); - serverHostMsg.Format("Your about to remove Server \"%s\" from the list!\n\nContinue?", - serverHost); - - if (IDYES != AfxMessageBox(serverHostMsg, MB_YESNO)) - return; - - m_KDCRealmList.GetText(m_KDCRealmList.GetCurSel(), theSection); - INT curSel = m_KDCHostList.GetCurSel(); - m_KDCHostList.GetText(curSel, OLD_VALUE); - - LPSTR pOLD_VALUE = strchr(OLD_VALUE, ' '); - if (pOLD_VALUE) - { - *pOLD_VALUE = 0; - _adminServer = pOLD_VALUE + 1; - } - - long retval = pprofile_update_relation(CLeashApp::m_krbv5_profile, - section, OLD_VALUE, NULL); - if (retval) - { - MessageBox("OnButtonKdchostRemove::There is an error, profile will not be saved!!!\ - \nIf this error persist, contact your administrator.", - "Leash", MB_OK); - return; - } - - if (!_adminServer.IsEmpty()) - { // there is a admin_server - retval = pprofile_update_relation(CLeashApp::m_krbv5_profile, - adminServ, OLD_VALUE, NULL); - if (retval) - { - MessageBox("OnButtonKdchostRemove::There is an error, profile will not be saved!!!\ - \nIf this error persist, contact your administrator.", - "Error", MB_OK); - return; - } - } - - m_KDCHostList.DeleteString(curSel); - - if (-1 == m_KDCHostList.SetCurSel(curSel)) - m_KDCHostList.SetCurSel(curSel - 1); - - SetModified(TRUE); - - if (!m_KDCHostList.GetCount()) - { - GetDlgItem(IDC_BUTTON_KDCHOST_REMOVE)->EnableWindow(FALSE); - GetDlgItem(IDC_BUTTON_KDCHOST_EDIT)->EnableWindow(FALSE); - GetDlgItem(IDC_BUTTON_ADMINSERVER)->EnableWindow(FALSE); - GetDlgItem(IDC_BUTTON_REMOVE_ADMINSERVER)->EnableWindow(FALSE); - } - else if (m_KDCHostList.GetCount() <= 1) - GetDlgItem(IDC_BUTTON_KDCHOST_REMOVE)->EnableWindow(FALSE); - - OnSelchangeListKdcHost(); -} - -BOOL CKrbRealmHostMaintenance::PreTranslateMessage(MSG* pMsg) -{ - if (m_isStart) - { - OnSelchangeListKdcRealm(); - m_isStart = FALSE; - } - - return CPropertyPage::PreTranslateMessage(pMsg); -} - -void CKrbRealmHostMaintenance::OnSelchangeListKdcRealm() -{ - char theSection[REALM_SZ + 1]; - const char* adminServer[] = {"realms", theSection, ADMIN_SERVER, NULL}; - const char* Section[] = {"realms", theSection, "kdc", NULL}; //theSection - const char** section = Section; - const char** adminServ = adminServer; - char **values = NULL, - **adminValue = NULL, - **cpp = NULL; - - m_KDCRealmList.GetText(m_KDCRealmList.GetCurSel(), theSection); - - long retval = pprofile_get_values(CLeashApp::m_krbv5_profile, - section, &values); - - if (retval && PROF_NO_RELATION != retval) - { - MessageBox("OnSelchangeListKdcRealm::There is an error, profile will not be saved!!!\ - \nIf this error persist, contact your administrator.", - "Error", MB_OK); - return; - } - - m_KDCHostList.ResetContent(); - - if ( !retval && values ) { - retval = pprofile_get_values(CLeashApp::m_krbv5_profile, - adminServ, &adminValue); - - if (retval && PROF_NO_RELATION != retval) - { - MessageBox("OnSelchangeListKdcRealm::There is an error, profile will not be saved!!!\ - \nIf this error persist, contact your administrator.", - "Error", MB_OK); - return; - } - - m_theAdminServer = _T(""); - m_theAdminServerMarked = _T(""); - - for (cpp = values; *cpp; cpp++) - { - CString kdcHost = *cpp; - - if (adminValue && 0 == strcmp(*adminValue, *cpp)) - { - m_theAdminServer = kdcHost; - kdcHost += " "; - kdcHost += ADMIN_SERVER; - - m_theAdminServerMarked = kdcHost; - } - - if (LB_ERR == m_KDCHostList.AddString(kdcHost)) - { - MessageBox("OnSelchangeListKdcRealm::Can't add Realm to Listbox", - "Error", MB_OK); - } - } - - pprofile_free_list(values); - } else { - GetDlgItem(IDC_BUTTON_REALM_HOST_ADD)->EnableWindow(TRUE); - GetDlgItem(ID_BUTTON_REALM_REMOVE)->EnableWindow(FALSE); - GetDlgItem(IDC_BUTTON_REALM_EDIT)->EnableWindow(FALSE); - } - CKrbConfigOptions::ResetDefaultRealmComboBox(); - - GetDlgItem(IDC_BUTTON_KDCHOST_REMOVE)->EnableWindow(FALSE); - GetDlgItem(IDC_BUTTON_KDCHOST_EDIT)->EnableWindow(FALSE); -} - -void CKrbRealmHostMaintenance::OnSelchangeListKdcHost() -{ - CString adminServer; - m_KDCHostList.GetText(m_KDCHostList.GetCurSel(), adminServer); - - if (-1 != adminServer.Find(ADMIN_SERVER)) - { - GetDlgItem(IDC_BUTTON_ADMINSERVER)->EnableWindow(FALSE); - GetDlgItem(IDC_BUTTON_REMOVE_ADMINSERVER)->EnableWindow(); - } - else - { - GetDlgItem(IDC_BUTTON_ADMINSERVER)->EnableWindow(); - GetDlgItem(IDC_BUTTON_REMOVE_ADMINSERVER)->EnableWindow(FALSE); - } - - if (m_KDCHostList.GetCount() > 1) - GetDlgItem(IDC_BUTTON_KDCHOST_REMOVE)->EnableWindow(); - - GetDlgItem(IDC_BUTTON_KDCHOST_EDIT)->EnableWindow(); -} - -void CKrbRealmHostMaintenance::OnSetfocusListKdcRealm() -{ - GetDlgItem(IDC_BUTTON_ADMINSERVER)->EnableWindow(FALSE); - GetDlgItem(IDC_BUTTON_REMOVE_ADMINSERVER)->EnableWindow(FALSE); -} - -void CKrbRealmHostMaintenance::OnButtonAdminserver() -{ - // Install new admin.server in profile linklist - char theSection[REALM_SZ + 1]; - const char* Section[] = {"realms", theSection, ADMIN_SERVER, NULL}; - const char** section = Section; - - m_KDCHostList.SetFocus(); - INT index1 = m_KDCHostList.GetCurSel(); - INT index2 = m_KDCHostList.FindStringExact(-1, m_theAdminServerMarked); - - if (-1 != index2) - { - m_KDCHostList.DeleteString(index2); - if (LB_ERR == m_KDCHostList.InsertString(index2, m_theAdminServer)) - { - MessageBox("OnButtonAdminserver::Can't add to list!!!", - "Error, MB_OK"); - } - } - - CString makeAdmin; - m_KDCHostList.GetText(index1, makeAdmin); - m_KDCHostList.DeleteString(index1); - m_theAdminServer = makeAdmin; - makeAdmin += " "; - makeAdmin += ADMIN_SERVER; - m_theAdminServerMarked = makeAdmin; - - if (LB_ERR == m_KDCHostList.InsertString(index1, makeAdmin)) - { - MessageBox("OnButtonAdminserver::Can't add to list!!!", - "Error, MB_OK"); - } - - m_KDCHostList.SetCurSel(m_KDCHostList.FindStringExact(-1, makeAdmin)); //index2 -1); - GetDlgItem(IDC_BUTTON_ADMINSERVER)->EnableWindow(FALSE); - GetDlgItem(IDC_BUTTON_REMOVE_ADMINSERVER)->EnableWindow(); - - m_KDCRealmList.GetText(m_KDCRealmList.GetCurSel(), theSection); - - long retval = pprofile_clear_relation(CLeashApp::m_krbv5_profile, - section); - - if (retval && PROF_NO_RELATION != retval) - { - MessageBox("OnButtonAdminserver::There is an error, profile will not be saved!!!\ - \nIf this error persist, contact your administrator.", - "Error", MB_OK); - return; - } - - retval = pprofile_add_relation(CLeashApp::m_krbv5_profile, - section, m_theAdminServer); - - if (retval) - { // this might not be a good way to handle this type of error - MessageBox("OnButtonAdminserver::There is an error, profile will not be saved!!!\ - \nIf this error persist, contact your administrator.", - "Error", MB_OK); - return; - } - - SetModified(TRUE); -} - -void CKrbRealmHostMaintenance::OnButtonRemoveAdminserver() -{ - // Remove admin.server from profile linklist - char theSection[REALM_SZ + 1]; - const char* Section[] = {"realms", theSection, ADMIN_SERVER, NULL}; - const char** section = Section; - - m_KDCHostList.SetFocus(); - m_KDCRealmList.GetText(m_KDCRealmList.GetCurSel(), theSection); - - long retval = pprofile_clear_relation(CLeashApp::m_krbv5_profile, - section); - - if (retval) - { - MessageBox("OnButtonRemoveAdminserver::There is an error, profile will not be saved!!!\ - \nIf this error persist, contact your administrator.", - "Error", MB_OK); - return; - } - - INT index = m_KDCHostList.GetCurSel(); - m_KDCHostList.DeleteString(index); - - if (LB_ERR == m_KDCHostList.InsertString(index, m_theAdminServer)) - { - MessageBox("OnButtonRemoveAdminserver::Can't add to list!!!", - "Error, MB_OK"); - - - } - - m_theAdminServerMarked = m_theAdminServer; - m_KDCHostList.SetCurSel(m_KDCHostList.FindStringExact(-1, m_theAdminServer)); - GetDlgItem(IDC_BUTTON_ADMINSERVER)->EnableWindow(); - GetDlgItem(IDC_BUTTON_REMOVE_ADMINSERVER)->EnableWindow(FALSE); - - SetModified(TRUE); -} - - - -void CKrbRealmHostMaintenance::OnButtonRealmhostMaintHelp() -{ - MessageBox("No Help Available!", "Note", MB_OK); -} diff -Nru krb5-1.16.2/src/windows/leash/KrbRealmHostMaintenance.h krb5-1.17/src/windows/leash/KrbRealmHostMaintenance.h --- krb5-1.16.2/src/windows/leash/KrbRealmHostMaintenance.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/KrbRealmHostMaintenance.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,102 +0,0 @@ -// ************************************************************************************** -// File: KrbRealmHostMaintenance.h -// By: Arthur David Leather -// Created: 12/02/98 -// Copyright @1998 Massachusetts Institute of Technology - All rights reserved. -// Description: H file for KrbRealmHostMaintenance.cpp. Contains variables and functions -// for Kerberos Four and Five Properties -// -// History: -// -// MM/DD/YY Inits Description of Change -// 12/02/98 ADL Original -// ************************************************************************************** - - -#if !defined(AFX_KRBREALMNAMEMAINTENANCE_H__2FE711C3_8E9A_11D2_94C5_0000861B8A3C__INCLUDED_) -#define AFX_KRBREALMNAMEMAINTENANCE_H__2FE711C3_8E9A_11D2_94C5_0000861B8A3C__INCLUDED_ - -#if _MSC_VER > 1000 -#pragma once -#endif // _MSC_VER > 1000 - - -///////////////////////////////////////////////////////////////////////////// -// CKrbRealmHostMaintenance dialog - -#include "resource.h" -#include "CLeashDragListBox.h" - -#define MAXLINE 256 - -class CKrbRealmHostMaintenance : public CPropertyPage -{ -// Construction -private: - DECLARE_DYNCREATE(CKrbRealmHostMaintenance) - CHAR lineBuf[MAXLINE]; - CString m_theAdminServerMarked; - CString m_theAdminServer; - BOOL m_isRealmListBoxInFocus; - BOOL m_isStart; - BOOL m_initDnsKdcLookup; - BOOL m_newDnsKdcLookup; - - bool OnButtonKdchostAddInternal(); - - //void ResetDefaultRealmComboBox(); - -public: - //CKrbRealmHostMaintenance(CWnd* pParent = NULL); // standard constructor - CKrbRealmHostMaintenance(); - virtual ~CKrbRealmHostMaintenance(); - -// Dialog Data - //{{AFX_DATA(CKrbRealmHostMaintenance) - enum { IDD = IDD_KRB_REALMHOST_MAINT }; - CListBox m_KDCRealmList; - CLeashDragListBox m_KDCHostList; - //}}AFX_DATA - - -// Overrides - // ClassWizard generated virtual function overrides - //{{AFX_VIRTUAL(CKrbRealmHostMaintenance) - public: - virtual BOOL PreTranslateMessage(MSG* pMsg); - protected: - virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support - //}}AFX_VIRTUAL - - -// Implementation -protected: - - // Generated message map functions - //{{AFX_MSG(CKrbRealmHostMaintenance) - virtual BOOL OnInitDialog(); - virtual BOOL OnApply(); - virtual void OnCancel(); - afx_msg void OnButtonRealmHostAdd(); - afx_msg void OnButtonRealmHostEdit(); - afx_msg void OnButtonRealmHostRemove(); - afx_msg void OnSelchangeListKdcRealm(); - afx_msg void OnButtonAdminserver(); - afx_msg void OnSetfocusListKdcRealm(); - afx_msg void OnButtonKdchostAdd(); - afx_msg void OnButtonKdchostRemove(); - afx_msg void OnButtonRemoveAdminserver(); - afx_msg void OnSelchangeListKdcHost(); - afx_msg void OnButtonKdchostEdit(); - afx_msg void OnDblclkListKdcRealm(); - afx_msg void OnDblclkListKdcHost(); - afx_msg void OnButtonRealmhostMaintHelp(); - afx_msg void OnCheckDnsKdcLookup(); - //}}AFX_MSG - DECLARE_MESSAGE_MAP() -}; - -//{{AFX_INSERT_LOCATION}} -// Microsoft Visual C++ will insert additional declarations immediately before the previous line. - -#endif // !defined(AFX_KRBREALMNAMEMAINTENANCE_H__2FE711C3_8E9A_11D2_94C5_0000861B8A3C__INCLUDED_) diff -Nru krb5-1.16.2/src/windows/leash/LeashAboutBox.cpp krb5-1.17/src/windows/leash/LeashAboutBox.cpp --- krb5-1.16.2/src/windows/leash/LeashAboutBox.cpp 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/LeashAboutBox.cpp 2019-01-08 16:02:37.000000000 +0000 @@ -327,22 +327,9 @@ { m_LB_DLLsLoaded.ResetContent(); -#ifndef NO_KRB4 - if (!CLeashApp::m_hKrb4DLL) - m_LB_DLLsLoaded.AddString(KERB4DLL); -#endif - if (!CLeashApp::m_hKrb5DLL) m_LB_DLLsLoaded.AddString(KERB5DLL); - // NOTE: If the snippet below is commented back in, - // it should read - // if (!CLeashApp::m_hAfsDLL) - // m_LB_DLLsLoaded.AddString(AFSAuthentDLL()); - - //if (!CLeashApp::m_hAfsDLL) - //m_LB_DLLsLoaded.AddString(ASFDLL); - HighlightFirstItem(); } diff -Nru krb5-1.16.2/src/windows/leash/LeashControlPanel.cpp krb5-1.17/src/windows/leash/LeashControlPanel.cpp --- krb5-1.16.2/src/windows/leash/LeashControlPanel.cpp 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/LeashControlPanel.cpp 1970-01-01 00:00:00.000000000 +0000 @@ -1,43 +0,0 @@ -// LeashControlPanel.cpp : implementation file -// - -#include "stdafx.h" -#include "leash.h" -#include "LeashControlPanel.h" - -#ifdef _DEBUG -#define new DEBUG_NEW -#undef THIS_FILE -static char THIS_FILE[] = __FILE__; -#endif - -///////////////////////////////////////////////////////////////////////////// -// CLeashControlPanel dialog - - -CLeashControlPanel::CLeashControlPanel(CWnd* pParent /*=NULL*/) - : CDialog(CLeashControlPanel::IDD, pParent) -{ - //{{AFX_DATA_INIT(CLeashControlPanel) - // NOTE: the ClassWizard will add member initialization here - //}}AFX_DATA_INIT -} - - -void CLeashControlPanel::DoDataExchange(CDataExchange* pDX) -{ - CDialog::DoDataExchange(pDX); - //{{AFX_DATA_MAP(CLeashControlPanel) - // NOTE: the ClassWizard will add DDX and DDV calls here - //}}AFX_DATA_MAP -} - - -BEGIN_MESSAGE_MAP(CLeashControlPanel, CDialog) - //{{AFX_MSG_MAP(CLeashControlPanel) - // NOTE: the ClassWizard will add message map macros here - //}}AFX_MSG_MAP -END_MESSAGE_MAP() - -///////////////////////////////////////////////////////////////////////////// -// CLeashControlPanel message handlers diff -Nru krb5-1.16.2/src/windows/leash/LeashControlPanel.h krb5-1.17/src/windows/leash/LeashControlPanel.h --- krb5-1.16.2/src/windows/leash/LeashControlPanel.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/LeashControlPanel.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,46 +0,0 @@ -#if !defined(AFX_LEASHCONTROLPANEL_H__940146F3_6857_11D2_943C_0000861B8A3C__INCLUDED_) -#define AFX_LEASHCONTROLPANEL_H__940146F3_6857_11D2_943C_0000861B8A3C__INCLUDED_ - -#if _MSC_VER > 1000 -#pragma once -#endif // _MSC_VER > 1000 -// LeashControlPanel.h : header file -// - -///////////////////////////////////////////////////////////////////////////// -// CLeashControlPanel dialog - -class CLeashControlPanel : public CDialog -{ -// Construction -public: - CLeashControlPanel(CWnd* pParent = NULL); // standard constructor - -// Dialog Data - //{{AFX_DATA(CLeashControlPanel) - enum { IDD = IDD_LEASH_CONTROL_PANEL }; - // NOTE: the ClassWizard will add data members here - //}}AFX_DATA - - -// Overrides - // ClassWizard generated virtual function overrides - //{{AFX_VIRTUAL(CLeashControlPanel) - protected: - virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support - //}}AFX_VIRTUAL - -// Implementation -protected: - - // Generated message map functions - //{{AFX_MSG(CLeashControlPanel) - // NOTE: the ClassWizard will add member functions here - //}}AFX_MSG - DECLARE_MESSAGE_MAP() -}; - -//{{AFX_INSERT_LOCATION}} -// Microsoft Visual C++ will insert additional declarations immediately before the previous line. - -#endif // !defined(AFX_LEASHCONTROLPANEL_H__940146F3_6857_11D2_943C_0000861B8A3C__INCLUDED_) diff -Nru krb5-1.16.2/src/windows/leash/Leash.cpp krb5-1.17/src/windows/leash/Leash.cpp --- krb5-1.16.2/src/windows/leash/Leash.cpp 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/Leash.cpp 2019-01-08 16:02:37.000000000 +0000 @@ -23,19 +23,12 @@ #include "LeashAboutBox.h" #include "reminder.h" -#include "mitwhich.h" #include #include "lglobals.h" #include "out2con.h" #include #include -#include - -#ifndef NO_AFS -#include "afscompat.h" -#endif - #include #include @@ -46,20 +39,13 @@ static char THIS_FILE[] = __FILE__; #endif -extern "C" int VScheckVersion(HWND hWnd, HANDLE hThisInstance); - TicketInfoWrapper ticketinfo; HWND CLeashApp::m_hProgram = 0; HINSTANCE CLeashApp::m_hLeashDLL = 0; HINSTANCE CLeashApp::m_hComErr = 0; -////@#+Remove -#ifndef NO_KRB4 -HINSTANCE CLeashApp::m_hKrb4DLL = 0; -#endif HINSTANCE CLeashApp::m_hKrb5DLL = 0; HINSTANCE CLeashApp::m_hKrb5ProfileDLL= 0; -HINSTANCE CLeashApp::m_hAfsDLL = 0; HINSTANCE CLeashApp::m_hPsapi = 0; HINSTANCE CLeashApp::m_hToolHelp32 = 0; krb5_context CLeashApp::m_krbv5_context = 0; @@ -118,12 +104,8 @@ CloseHandle(ticketinfo.lockObj); #endif AfxFreeLibrary(m_hLeashDLL); -#ifndef NO_KRB4 - AfxFreeLibrary(m_hKrb4DLL); -#endif AfxFreeLibrary(m_hKrb5DLL); AfxFreeLibrary(m_hKrb5ProfileDLL); - AfxFreeLibrary(m_hAfsDLL); AfxFreeLibrary(m_hPsapi); AfxFreeLibrary(m_hToolHelp32); AfxFreeLibrary(m_hKrbLSA); @@ -479,8 +461,6 @@ } } - VScheckVersion(m_pMainWnd->m_hWnd, AfxGetInstanceHandle()); - // The one and only window has been initialized, so show and update it. m_pMainWnd->SetWindowText("MIT Kerberos"); m_pMainWnd->UpdateWindow(); @@ -497,134 +477,35 @@ // CLeashApp commands // leash functions -DECL_FUNC_PTR(not_an_API_LeashKRB4GetTickets); -DECL_FUNC_PTR(not_an_API_LeashAFSGetToken); -DECL_FUNC_PTR(not_an_API_LeashGetTimeServerName); DECL_FUNC_PTR(Leash_kdestroy); DECL_FUNC_PTR(Leash_changepwd_dlg); DECL_FUNC_PTR(Leash_changepwd_dlg_ex); DECL_FUNC_PTR(Leash_kinit_dlg); DECL_FUNC_PTR(Leash_kinit_dlg_ex); DECL_FUNC_PTR(Leash_timesync); -DECL_FUNC_PTR(Leash_get_default_lifetime); -DECL_FUNC_PTR(Leash_set_default_lifetime); -DECL_FUNC_PTR(Leash_get_default_forwardable); -DECL_FUNC_PTR(Leash_set_default_forwardable); -DECL_FUNC_PTR(Leash_get_default_renew_till); -DECL_FUNC_PTR(Leash_set_default_renew_till); -DECL_FUNC_PTR(Leash_get_default_noaddresses); -DECL_FUNC_PTR(Leash_set_default_noaddresses); -DECL_FUNC_PTR(Leash_get_default_proxiable); -DECL_FUNC_PTR(Leash_set_default_proxiable); -DECL_FUNC_PTR(Leash_get_default_publicip); -DECL_FUNC_PTR(Leash_set_default_publicip); -DECL_FUNC_PTR(Leash_get_default_use_krb4); -DECL_FUNC_PTR(Leash_set_default_use_krb4); -DECL_FUNC_PTR(Leash_get_default_life_min); -DECL_FUNC_PTR(Leash_set_default_life_min); -DECL_FUNC_PTR(Leash_get_default_life_max); -DECL_FUNC_PTR(Leash_set_default_life_max); -DECL_FUNC_PTR(Leash_get_default_renew_min); -DECL_FUNC_PTR(Leash_set_default_renew_min); -DECL_FUNC_PTR(Leash_get_default_renew_max); -DECL_FUNC_PTR(Leash_set_default_renew_max); -DECL_FUNC_PTR(Leash_get_default_renewable); -DECL_FUNC_PTR(Leash_set_default_renewable); -DECL_FUNC_PTR(Leash_get_lock_file_locations); -DECL_FUNC_PTR(Leash_set_lock_file_locations); DECL_FUNC_PTR(Leash_get_default_uppercaserealm); DECL_FUNC_PTR(Leash_set_default_uppercaserealm); DECL_FUNC_PTR(Leash_get_default_mslsa_import); -DECL_FUNC_PTR(Leash_set_default_mslsa_import); -DECL_FUNC_PTR(Leash_get_default_preserve_kinit_settings); -DECL_FUNC_PTR(Leash_set_default_preserve_kinit_settings); DECL_FUNC_PTR(Leash_import); DECL_FUNC_PTR(Leash_importable); DECL_FUNC_PTR(Leash_renew); -DECL_FUNC_PTR(Leash_reset_defaults); FUNC_INFO leash_fi[] = { - MAKE_FUNC_INFO(not_an_API_LeashKRB4GetTickets), - MAKE_FUNC_INFO(not_an_API_LeashAFSGetToken), - MAKE_FUNC_INFO(not_an_API_LeashGetTimeServerName), MAKE_FUNC_INFO(Leash_kdestroy), MAKE_FUNC_INFO(Leash_changepwd_dlg), MAKE_FUNC_INFO(Leash_changepwd_dlg_ex), MAKE_FUNC_INFO(Leash_kinit_dlg), MAKE_FUNC_INFO(Leash_kinit_dlg_ex), MAKE_FUNC_INFO(Leash_timesync), - MAKE_FUNC_INFO(Leash_get_default_lifetime), - MAKE_FUNC_INFO(Leash_set_default_lifetime), - MAKE_FUNC_INFO(Leash_get_default_renew_till), - MAKE_FUNC_INFO(Leash_set_default_renew_till), - MAKE_FUNC_INFO(Leash_get_default_forwardable), - MAKE_FUNC_INFO(Leash_set_default_forwardable), - MAKE_FUNC_INFO(Leash_get_default_noaddresses), - MAKE_FUNC_INFO(Leash_set_default_noaddresses), - MAKE_FUNC_INFO(Leash_get_default_proxiable), - MAKE_FUNC_INFO(Leash_set_default_proxiable), - MAKE_FUNC_INFO(Leash_get_default_publicip), - MAKE_FUNC_INFO(Leash_set_default_publicip), - MAKE_FUNC_INFO(Leash_get_default_use_krb4), - MAKE_FUNC_INFO(Leash_set_default_use_krb4), - MAKE_FUNC_INFO(Leash_get_default_life_min), - MAKE_FUNC_INFO(Leash_set_default_life_min), - MAKE_FUNC_INFO(Leash_get_default_life_max), - MAKE_FUNC_INFO(Leash_set_default_life_max), - MAKE_FUNC_INFO(Leash_get_default_renew_min), - MAKE_FUNC_INFO(Leash_set_default_renew_min), - MAKE_FUNC_INFO(Leash_get_default_renew_max), - MAKE_FUNC_INFO(Leash_set_default_renew_max), - MAKE_FUNC_INFO(Leash_get_default_renewable), - MAKE_FUNC_INFO(Leash_set_default_renewable), - MAKE_FUNC_INFO(Leash_get_lock_file_locations), - MAKE_FUNC_INFO(Leash_set_lock_file_locations), MAKE_FUNC_INFO(Leash_get_default_uppercaserealm), MAKE_FUNC_INFO(Leash_set_default_uppercaserealm), MAKE_FUNC_INFO(Leash_get_default_mslsa_import), - MAKE_FUNC_INFO(Leash_set_default_mslsa_import), - MAKE_FUNC_INFO(Leash_get_default_preserve_kinit_settings), - MAKE_FUNC_INFO(Leash_set_default_preserve_kinit_settings), MAKE_FUNC_INFO(Leash_import), MAKE_FUNC_INFO(Leash_importable), MAKE_FUNC_INFO(Leash_renew), - MAKE_FUNC_INFO(Leash_reset_defaults), END_FUNC_INFO }; -//// -#ifndef NO_KRB4 -// krb4 functions -DECL_FUNC_PTR(set_krb_debug); -DECL_FUNC_PTR(set_krb_ap_req_debug); -DECL_FUNC_PTR(krb_get_krbconf2); -DECL_FUNC_PTR(krb_get_krbrealm2); -DECL_FUNC_PTR(tkt_string); -DECL_FUNC_PTR(krb_set_tkt_string); -DECL_FUNC_PTR(krb_realmofhost); -DECL_FUNC_PTR(krb_get_lrealm); -DECL_FUNC_PTR(krb_get_krbhst); -DECL_FUNC_PTR(tf_init); -DECL_FUNC_PTR(tf_close); -DECL_FUNC_PTR(krb_get_tf_realm); - -FUNC_INFO krb4_fi[] = { - MAKE_FUNC_INFO(set_krb_debug), - MAKE_FUNC_INFO(set_krb_ap_req_debug), - MAKE_FUNC_INFO(krb_get_krbconf2), - MAKE_FUNC_INFO(krb_get_krbrealm2), - MAKE_FUNC_INFO(tkt_string), - MAKE_FUNC_INFO(krb_set_tkt_string), - MAKE_FUNC_INFO(krb_realmofhost), - MAKE_FUNC_INFO(krb_get_lrealm), - MAKE_FUNC_INFO(krb_get_krbhst), - MAKE_FUNC_INFO(tf_init), - MAKE_FUNC_INFO(tf_close), - MAKE_FUNC_INFO(krb_get_tf_realm), - END_FUNC_INFO -}; -#endif - // com_err funcitons DECL_FUNC_PTR(error_message); FUNC_INFO ce_fi[] = { @@ -783,18 +664,10 @@ BOOL CLeashApp::InitDLLs() { m_hLeashDLL = AfxLoadLibrary(LEASHDLL); -#ifndef NO_KRB4 - m_hKrb4DLL = AfxLoadLibrary(KERB4DLL); -#endif m_hKrb5DLL = AfxLoadLibrary(KERB5DLL); m_hKrb5ProfileDLL = AfxLoadLibrary(KERB5_PPROFILE_DLL); m_hComErr = AfxLoadLibrary(COMERR_DLL); -#ifndef NO_AFS - afscompat_init(); - m_hAfsDLL = AfxLoadLibrary(AFSAuthentDLL()); -#endif - #define PSAPIDLL "psapi.dll" #define TOOLHELPDLL "kernel32.dll" @@ -824,19 +697,6 @@ "Error", MB_OK); return FALSE; } -//// -#ifndef NO_KRB4 - if (m_hKrb4DLL) - { - if (!LoadFuncs(KERB4DLL, krb4_fi, 0, 0, 1, 0, 0)) - { - MessageBox(hwnd, - "Unexpected error while loading " KERB4DLL ".\n" - "Kerberos 4 functionality will be disabled.\n", - "Error", MB_OK); - } - } -#endif if (m_hKrb5DLL) { @@ -943,7 +803,6 @@ void CLeashApp::ValidateConfigFiles() { - CStdioFile krbCon; char confname[257]; char realm[256]=""; @@ -953,8 +812,6 @@ return; if ( m_hKrb5DLL ) { - int krb_con_open = 0; - // Create the empty KRB5.INI file if (!GetProfileFile(confname,sizeof(confname))) { const char *filenames[2]; @@ -972,16 +829,6 @@ } - if ( !GetKrb4ConFile(confname,sizeof(confname)) ) { - if (!krbCon.Open(confname, CFile::modeNoTruncate | CFile::modeRead)) - { - if (krbCon.Open(confname, CFile::modeCreate | CFile::modeWrite)) - { - krb_con_open = 1; - } - } - } - const char* lookupKdc[] = {"libdefaults", "dns_lookup_kdc", NULL}; const char* lookupRealm[] = {"libdefaults", "dns_lookup_realm", NULL}; const char* defRealm[] = {"libdefaults", "default_realm", NULL}; @@ -1031,10 +878,6 @@ if ( domain[0] ) { strncpy(realm,domain,256); realm[255] = '\0'; - if ( krb_con_open ) { - krbCon.WriteString(realm); - krbCon.WriteString("\n"); - } strncat(realmkey,domain,256-strlen(realmkey)); realmkey[255] = '\0'; } @@ -1095,13 +938,6 @@ names, (const char *)p); - if ( krb_con_open ) { - krbCon.WriteString((const char *)subkey); - krbCon.WriteString("\t"); - krbCon.WriteString((const char *)p); - krbCon.WriteString("\n"); - } - p += strlen((char*)p) + 1; } free(lpszValue); @@ -1141,11 +977,6 @@ realm[krb5_princ_realm(ctx,me)->length] = '\0'; } - if ( krb_con_open ) { - krbCon.WriteString(realm); - krbCon.WriteString("\n"); - } - no_k5_realm: if ( me ) pkrb5_free_principal(ctx,me); @@ -1179,194 +1010,10 @@ pprofile_release(m_krbv5_profile); m_krbv5_profile = NULL; - // Close KRB.CON file - if ( krb_con_open ) { - krbCon.WriteString(".KERBEROS.OPTION. dns\n"); - krbCon.Close(); - } - - // Create the empty KRBREALM.CON file - if ( !GetKrb4RealmFile(confname,sizeof(confname)) ) { - if (!krbCon.Open(confname, CFile::modeNoTruncate | CFile::modeRead)) - { - if (krbCon.Open(confname, CFile::modeCreate | CFile::modeWrite)) - { - krbCon.Close(); - } - } else - krbCon.Close(); - } - - } -//// -#ifndef NO_KRB4 - } else if ( m_hKrb4DLL ) { - if ( !realm[0] ) { - /* Open ticket file */ - char * file = ptkt_string(); - int k_errno; - - if (file != NULL && file[0]) { - if ((k_errno = ptf_init(file, R_TKT_FIL)) == KSUCCESS) { - /* Close ticket file */ - (void) ptf_close(); - - k_errno = pkrb_get_tf_realm(file, realm); - } - if (k_errno != KSUCCESS) { - k_errno = pkrb_get_lrealm(realm, 1); - } - } } - - if ( !GetKrb4ConFile(confname,sizeof(confname)) ) { - if (!krbCon.Open(confname, CFile::modeNoTruncate | CFile::modeRead)) - { - if (krbCon.Open(confname, CFile::modeCreate | CFile::modeWrite)) - { - if ( realm[0] ) - krbCon.WriteString(realm); - krbCon.WriteString("\n.KERBEROS.OPTION. dns\n"); - krbCon.Close(); - } - } else - krbCon.Close(); - } - - if ( !GetKrb4RealmFile(confname,sizeof(confname)) ) { - if (!krbCon.Open(confname, CFile::modeNoTruncate | CFile::modeRead)) - { - if (krbCon.Open(confname, CFile::modeCreate | CFile::modeWrite)) - { - krbCon.Close(); - } - } else - krbCon.Close(); - } -#endif } } -////@#+Should this be just deleted or reworked? -BOOL -CLeashApp::GetKrb4ConFile( - LPSTR confname, - UINT szConfname - ) -{ - if (m_hKrb5DLL -//// -#ifndef NO_KRB4 - && !m_hKrb4DLL -#endif - ) - { // hold krb.con where krb5.ini is located - CHAR krbConFile[MAX_PATH]=""; - //strcpy(krbConFile, CLeashApp::m_krbv5_profile->first_file->filename); - if (GetProfileFile(krbConFile, sizeof(krbConFile))) - { - GetWindowsDirectory(krbConFile,sizeof(krbConFile)); - krbConFile[MAX_PATH-1] = '\0'; - strncat(krbConFile,"\\KRB5.INI",sizeof(krbConFile)-strlen(krbConFile)-1); - krbConFile[MAX_PATH-1] = '\0'; - } - - LPSTR pFind = strrchr(krbConFile, '\\'); - if (pFind) - { - *pFind = 0; - strncat(krbConFile, "\\",MAX_PATH-1); - krbConFile[MAX_PATH-1] = '\0'; - strncat(krbConFile, KRB_FILE,MAX_PATH-1); - krbConFile[MAX_PATH-1] = '\0'; - } - else - ASSERT(0); - - strncpy(confname, krbConFile, szConfname); - confname[szConfname-1] = '\0'; - } -//// -#ifndef NO_KRB4 - else if (m_hKrb4DLL) - { - unsigned int size = szConfname; - memset(confname, '\0', szConfname); - if (!pkrb_get_krbconf2(confname, &size)) - { // Error has happened - GetWindowsDirectory(confname,szConfname); - confname[szConfname-1] = '\0'; - strncat(confname, "\\",szConfname); - confname[szConfname-1] = '\0'; - strncat(confname,KRB_FILE,szConfname); - confname[szConfname-1] = '\0'; - } - } -#endif - - return FALSE; -} - -BOOL -CLeashApp::GetKrb4RealmFile( - LPSTR confname, - UINT szConfname - ) -{ - if (m_hKrb5DLL -//// -#ifndef NO_KRB4 - && !m_hKrb4DLL -#endif - ) - { // hold krb.con where krb5.ini is located - CHAR krbRealmConFile[MAX_PATH]; - //strcpy(krbRealmConFile, CLeashApp::m_krbv5_profile->first_file->filename); - if (GetProfileFile(krbRealmConFile, sizeof(krbRealmConFile))) - { - GetWindowsDirectory(krbRealmConFile,sizeof(krbRealmConFile)); - krbRealmConFile[MAX_PATH-1] = '\0'; - strncat(krbRealmConFile,"\\KRB5.INI",sizeof(krbRealmConFile)-strlen(krbRealmConFile)); - krbRealmConFile[MAX_PATH-1] = '\0'; - } - - LPSTR pFind = strrchr(krbRealmConFile, '\\'); - if (pFind) - { - *pFind = 0; - strncat(krbRealmConFile, "\\",MAX_PATH-1-strlen(krbRealmConFile)); - krbRealmConFile[MAX_PATH-1] = '\0'; - strncat(krbRealmConFile, KRBREALM_FILE,MAX_PATH-1-strlen(krbRealmConFile)); - krbRealmConFile[MAX_PATH-1] = '\0'; - } - else - ASSERT(0); - - strncpy(confname, krbRealmConFile, szConfname); - confname[szConfname-1] = '\0'; - } -//// -#ifndef NO_KRB4 - else if (m_hKrb4DLL) - { - unsigned int size = szConfname; - memset(confname, '\0', szConfname); - if (!pkrb_get_krbrealm2(confname, &size)) - { - GetWindowsDirectory(confname,szConfname); - confname[szConfname-1] = '\0'; - strncat(confname, "\\",szConfname-strlen(confname)); - confname[szConfname-1] = '\0'; - strncat(confname,KRBREALM_FILE,szConfname-strlen(confname)); - confname[szConfname-1] = '\0'; - return TRUE; - } - } -#endif - - return FALSE; -} - BOOL CLeashApp::GetProfileFile( LPSTR confname, diff -Nru krb5-1.16.2/src/windows/leash/LeashFileDialog.cpp krb5-1.17/src/windows/leash/LeashFileDialog.cpp --- krb5-1.16.2/src/windows/leash/LeashFileDialog.cpp 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/LeashFileDialog.cpp 1970-01-01 00:00:00.000000000 +0000 @@ -1,75 +0,0 @@ -// ************************************************************************************** -// File: LeashFileDialog.cpp -// By: Arthur David Leather -// Created: 12/02/98 -// Copyright @1998 Massachusetts Institute of Technology - All rights reserved. -// Description: CPP file for LeashFileDialog.h. Contains variables and functions -// for the Leash File Dialog Box -// -// History: -// -// MM/DD/YY Inits Description of Change -// 12/02/98 ADL Original -// ************************************************************************************** - - -#include "stdafx.h" -#include "leash.h" -#include "LeashFileDialog.h" - -#ifdef _DEBUG -#define new DEBUG_NEW -#undef THIS_FILE -static char THIS_FILE[] = __FILE__; -#endif - -///////////////////////////////////////////////////////////////////////////// -// CLeashFileDialog - -IMPLEMENT_DYNAMIC(CLeashFileDialog, CFileDialog) - - - -CLeashFileDialog::CLeashFileDialog(BOOL bOpenFileDialog, LPCTSTR lpszDefExt, LPCTSTR lpszFileName, - LPCTSTR lpszFilter, DWORD dwFlags, CWnd* pParentWnd) : - CFileDialog(bOpenFileDialog, lpszDefExt, lpszFileName, dwFlags, lpszFilter, pParentWnd) -{ - m_ofn.Flags |= OFN_ENABLETEMPLATE; - m_ofn.lpTemplateName = MAKEINTRESOURCE(IDD_FILESPECIAL); - m_ofn.lpstrFilter = lpszFilter; - m_ofn.lpstrFileTitle = m_lpstrFileTitle; - m_ofn.nMaxFileTitle = MAX_PATH; - *m_lpstrFileTitle = 0; - BOOL m_startup = TRUE; -} - - -BEGIN_MESSAGE_MAP(CLeashFileDialog, CFileDialog) - //{{AFX_MSG_MAP(CLeashFileDialog) - //}}AFX_MSG_MAP -END_MESSAGE_MAP() - - -BOOL CLeashFileDialog::OnInitDialog() -{ - BOOL bRet = CFileDialog::OnInitDialog(); - if (bRet == TRUE) - { - GetParent()->GetDlgItem(IDOK)->SetWindowText("&OK"); - //GetParent()->GetDlgItem(IDOK)->EnableWindow(FALSE); - } - - return bRet; -} - -void CLeashFileDialog::OnFileNameChange( ) -{ - if (!m_startup) - { //' keeps the OK button disabled until a real select is made - CString testString = GetFileName(); - if (-1 == testString.Find('*')) - GetParent()->GetDlgItem(IDOK)->EnableWindow(); - } - else - m_startup = FALSE; -} diff -Nru krb5-1.16.2/src/windows/leash/LeashFileDialog.h krb5-1.17/src/windows/leash/LeashFileDialog.h --- krb5-1.16.2/src/windows/leash/LeashFileDialog.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/LeashFileDialog.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,57 +0,0 @@ -// ************************************************************************************** -// File: LeashFileDialog.h -// By: Arthur David Leather -// Created: 12/02/98 -// Copyright @1998 Massachusetts Institute of Technology - All rights reserved. -// Description: H file for LeashFileDialog.cpp. Contains variables and functions -// for the Leash File Dialog Box -// -// History: -// -// MM/DD/YY Inits Description of Change -// 12/02/98 ADL Original -// ************************************************************************************** - - -#if !defined(AFX_LEASHFILEDIALOG_H__E74500E1_6B74_11D2_9448_0000861B8A3C__INCLUDED_) -#define AFX_LEASHFILEDIALOG_H__E74500E1_6B74_11D2_9448_0000861B8A3C__INCLUDED_ - -#if _MSC_VER > 1000 -#pragma once -#endif // _MSC_VER > 1000 -// LeashFileDialog.h : header file -// - -///////////////////////////////////////////////////////////////////////////// -// CLeashFileDialog dialog - -class CLeashFileDialog : public CFileDialog -{ - DECLARE_DYNAMIC(CLeashFileDialog) - -private: - CHAR m_lpstrFileTitle[MAX_PATH]; - BOOL m_startup; - -public: - CLeashFileDialog(BOOL bOpenFileDialog, // TRUE for FileOpen, FALSE for FileSaveAs - LPCTSTR lpszDefExt = NULL, - LPCTSTR lpszFileName = NULL, - LPCTSTR lpszFilter = NULL, - DWORD dwFlags = OFN_HIDEREADONLY | OFN_OVERWRITEPROMPT | OFN_FILEMUSTEXIST, - CWnd* pParentWnd = NULL); - - CString GetSelectedFileName() {return m_lpstrFileTitle;} - -protected: - //{{AFX_MSG(CLeashFileDialog) - virtual BOOL OnInitDialog(); - virtual void OnFileNameChange( ); - //}}AFX_MSG - DECLARE_MESSAGE_MAP() -}; - -//{{AFX_INSERT_LOCATION}} -// Microsoft Visual C++ will insert additional declarations immediately before the previous line. - -#endif // !defined(AFX_LEASHFILEDIALOG_H__E74500E1_6B74_11D2_9448_0000861B8A3C__INCLUDED_) diff -Nru krb5-1.16.2/src/windows/leash/Leash.h krb5-1.17/src/windows/leash/Leash.h --- krb5-1.16.2/src/windows/leash/Leash.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/Leash.h 2019-01-08 16:02:37.000000000 +0000 @@ -39,8 +39,6 @@ #define HID_DESTROY_TICKETS_ON_EXIT 98321 #define HID_UPPERCASE_REALM_OPTION 98323 #define HID_RESET_WINDOW_OPTION 98326 -#define HID_AFS_PROPERTIES_COMMAND 98327 -#define HID_KRB4_PROPERTIES_COMMAND 98329 #define HID_KRB5_PROPERTIES_COMMAND 98330 #define HID_LEASH_PROPERTIES_COMMAND 98331 #define HID_LOW_TICKET_ALARM_OPTION 98334 @@ -56,7 +54,6 @@ #define HID_LEASH_COMMANDS 131200 #define HID_ABOUT_LEASH32_MODULES 131225 #define HID_DEBUG_WINDOW 131229 -#define HID_KRB4_PROPERTIES_EDIT 131232 #define HID_KERBEROS_PROPERTIES_EDIT 131233 #define HID_LEASH_PROPERTIES_EDIT 131239 #define HID_KRB5_PROPERTIES_FORWARDING 131240 @@ -108,12 +105,8 @@ static HINSTANCE m_hLeashDLL; static HINSTANCE m_hComErr; //// -#ifndef NO_KRB4 - static HINSTANCE m_hKrb4DLL; -#endif static HINSTANCE m_hKrb5DLL; static HINSTANCE m_hKrb5ProfileDLL; - static HINSTANCE m_hAfsDLL; static HINSTANCE m_hPsapi; static HINSTANCE m_hToolHelp32; static krb5_context m_krbv5_context; @@ -126,8 +119,6 @@ virtual ~CLeashApp(); static BOOL GetProfileFile(LPSTR confname, UINT szConfname); - static BOOL GetKrb4ConFile(LPSTR confname, UINT szConfname); - static BOOL GetKrb4RealmFile(LPSTR confname, UINT szConfname); static void ValidateConfigFiles(); static void ObtainTicketsViaUserIfNeeded(HWND hWnd); static DWORD GetNumOfIpAddrs(void); diff -Nru krb5-1.16.2/src/windows/leash/LeashProperties.cpp krb5-1.17/src/windows/leash/LeashProperties.cpp --- krb5-1.16.2/src/windows/leash/LeashProperties.cpp 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/LeashProperties.cpp 1970-01-01 00:00:00.000000000 +0000 @@ -1,202 +0,0 @@ -// ************************************************************************************** -// File: LeashProperties.cpp -// By: Arthur David Leather -// Created: 12/02/98 -// Copyright @1998 Massachusetts Institute of Technology - All rights reserved. -// Description: CPP file for LeashProperties.h. Contains variables and functions -// for the Leash Properties Dialog Box -// -// History: -// -// MM/DD/YY Inits Description of Change -// 12/02/98 ADL Original -// ************************************************************************************** - -#include "stdafx.h" -#include "leash.h" -#include "LeashProperties.h" -#include "LeashMessageBox.h" -#include -#include "lglobals.h" -#include "reminder.h" - -#ifdef _DEBUG -#define new DEBUG_NEW -#undef THIS_FILE -static char THIS_FILE[] = __FILE__; -#endif - -///////////////////////////////////////////////////////////////////////////// -// CLeashProperties dialog - -char CLeashProperties::timeServer[255] = {NULL}; - -CLeashProperties::CLeashProperties(CWnd* pParent /*=NULL*/) - : CDialog(CLeashProperties::IDD, pParent) -{ - m_initMissingFiles = m_newMissingFiles = 0; - dw_initMslsaImport = dw_newMslsaImport = 0; - - //{{AFX_DATA_INIT(CLeashProperties) - // NOTE: the ClassWizard will add member initialization here - //}}AFX_DATA_INIT -} - - -void CLeashProperties::DoDataExchange(CDataExchange* pDX) -{ - CDialog::DoDataExchange(pDX); - //{{AFX_DATA_MAP(CLeashProperties) - // NOTE: the ClassWizard will add DDX and DDV calls here - //}}AFX_DATA_MAP -} - - -BEGIN_MESSAGE_MAP(CLeashProperties, CDialog) - //{{AFX_MSG_MAP(CLeashProperties) - ON_BN_CLICKED(IDC_BUTTON_LEASHINI_HELP2, OnHelp) - ON_BN_CLICKED(IDC_CHECK_CREATE_MISSING_CFG, OnCheckMissingCfg) - ON_BN_CLICKED(IDC_RESET_DEFAULTS, OnButtonResetDefaults) - ON_BN_CLICKED(IDC_RADIO_MSLSA_IMPORT_OFF, OnRadioMslsaNever) - ON_BN_CLICKED(IDC_RADIO_MSLSA_IMPORT_ON, OnRadioMslsaAlways) - ON_BN_CLICKED(IDC_RADIO_MSLSA_IMPORT_MATCH, OnRadioMslsaMatchingRealm) - //}}AFX_MSG_MAP -END_MESSAGE_MAP() - -///////////////////////////////////////////////////////////////////////////// -// CLeashProperties message handlers - -BOOL CLeashProperties::OnInitDialog() -{ - CDialog::OnInitDialog(); - - pLeashGetTimeServerName(timeServer, TIMEHOST); - SetDlgItemText(IDC_EDIT_TIME_SERVER, timeServer); - - if (getenv(TIMEHOST)) - GetDlgItem(IDC_EDIT_TIME_SERVER)->EnableWindow(FALSE); - else - GetDlgItem(IDC_STATIC_TIMEHOST)->ShowWindow(FALSE); - - CWinApp * pApp = AfxGetApp(); - if (pApp) - m_initMissingFiles = m_newMissingFiles = - pApp->GetProfileInt("Settings", "CreateMissingConfig", FALSE_FLAG); - CheckDlgButton(IDC_CHECK_CREATE_MISSING_CFG, m_initMissingFiles); - - dw_initMslsaImport = dw_newMslsaImport = pLeash_get_default_mslsa_import(); - switch ( dw_initMslsaImport ) { - case 0: - CheckDlgButton(IDC_RADIO_MSLSA_IMPORT_OFF,TRUE); - break; - case 1: - CheckDlgButton(IDC_RADIO_MSLSA_IMPORT_ON,TRUE); - break; - case 2: - CheckDlgButton(IDC_RADIO_MSLSA_IMPORT_MATCH,TRUE); - break; - } - - return TRUE; -} - -void CLeashProperties::OnOK() -{ - CString timeServer_; - GetDlgItemText(IDC_EDIT_TIME_SERVER, timeServer_); - - if (getenv(TIMEHOST)) - { - // Check system for TIMEHOST, just in case it gets set (somehow) - MessageBox("Can't change the time host unless you remove it from the environment!", - "Error", MB_OK); - return; - } - - if( getenv("USEKRB4") != NULL) - { - MessageBox("Kerberos 4 ticket requests are being controlled by the environment" - "variable USEKRB4 instead of the registry. Leash cannot modify" - "the environment. Use the System control panel instead.", - "Leash", MB_OK); - return; - } - - if (SetRegistryVariable(TIMEHOST, timeServer_)) - { - MessageBox("There was an error putting your entry into the Registry!", - "Error", MB_OK); - } - - if ( m_initMissingFiles != m_newMissingFiles ) { - CWinApp * pApp = AfxGetApp(); - if (pApp) - pApp->WriteProfileInt("Settings", "CreateMissingConfig", - m_newMissingFiles ? TRUE_FLAG : FALSE_FLAG); - - if ( m_newMissingFiles ) - CLeashApp::ValidateConfigFiles(); - } - - if ( dw_initMslsaImport != dw_newMslsaImport ) { - pLeash_set_default_mslsa_import(dw_newMslsaImport); - } - - CDialog::OnOK(); -} - -void CLeashProperties::OnCheckMissingCfg() -{ - m_newMissingFiles = (BOOL)IsDlgButtonChecked(IDC_CHECK_CREATE_MISSING_CFG); -} - -void CLeashProperties::OnRadioMslsaNever() -{ - dw_newMslsaImport = 0; -} - -void CLeashProperties::OnRadioMslsaAlways() -{ - dw_newMslsaImport = 1; -} - -void CLeashProperties::OnRadioMslsaMatchingRealm() -{ - dw_newMslsaImport = 2; -} - -void CLeashProperties::OnHelp() -{ -#ifdef CALL_HTMLHELP - AfxGetApp()->HtmlHelp(HID_LEASH_PROPERTIES_COMMAND); -#else - AfxGetApp()->WinHelp(HID_LEASH_PROPERTIES_COMMAND); -#endif -} - -void CLeashProperties::OnButtonResetDefaults() -{ - if (IDYES != AfxMessageBox("You are about to reset all Leash settings to their default values!\n\nContinue?", - MB_YESNO)) - return; - - pLeash_reset_defaults(); - - HKEY hKey; - LONG rc; - - rc = RegOpenKeyEx(HKEY_CURRENT_USER, "SOFTWARE\\MIT\\Leash32\\Settings", - 0, KEY_WRITE, &hKey); - if (rc) - return; - - rc = RegDeleteValue(hKey, "AutoRenewTickets"); - rc = RegDeleteValue(hKey, "CreateMissingConfig"); - rc = RegDeleteValue(hKey, "DebugWindow"); - rc = RegDeleteValue(hKey, "LargeIcons"); - rc = RegDeleteValue(hKey, "TIMEHOST"); - rc = RegDeleteValue(hKey, "AfsStatus"); - rc = RegDeleteValue(hKey, "LowTicketAlarm"); - - RegCloseKey(hKey); -} diff -Nru krb5-1.16.2/src/windows/leash/LeashProperties.h krb5-1.17/src/windows/leash/LeashProperties.h --- krb5-1.16.2/src/windows/leash/LeashProperties.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/LeashProperties.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,78 +0,0 @@ -// ************************************************************************************** -// File: LeashProperties.h -// By: Arthur David Leather -// Created: 12/02/98 -// Copyright @1998 Massachusetts Institute of Technology - All rights reserved. -// Description: H file for LeashProperties.cpp. Contains variables and functions -// for the Leash Properties Dialog Box -// -// History: -// -// MM/DD/YY Inits Description of Change -// 12/02/98 ADL Original -// ************************************************************************************** - -#if !defined(AFX_LEASHPROPERTIES_H__7E54E028_726E_11D2_945E_0000861B8A3C__INCLUDED_) -#define AFX_LEASHPROPERTIES_H__7E54E028_726E_11D2_945E_0000861B8A3C__INCLUDED_ - -#if _MSC_VER > 1000 -#pragma once -#endif // _MSC_VER > 1000 -// LeashProperties.h : header file -// - -///////////////////////////////////////////////////////////////////////////// -// CLeashProperties dialog - -#define TIMEHOST "TIMEHOST" - -class CLeashProperties : public CDialog -{ -private: - static char timeServer[255]; - CHAR sysDir[MAX_PATH]; - BOOL m_initMissingFiles; - BOOL m_newMissingFiles; - DWORD dw_initMslsaImport; - DWORD dw_newMslsaImport; - -// Construction -public: - CLeashProperties(CWnd* pParent = NULL); // standard constructor - -// Dialog Data - //{{AFX_DATA(CLeashProperties) - enum { IDD = IDD_LEASH_PROPERTIES }; - // NOTE: the ClassWizard will add data members here - //}}AFX_DATA - - -// Overrides - // ClassWizard generated virtual function overrides - //{{AFX_VIRTUAL(CLeashProperties) - public: - protected: - virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support - //}}AFX_VIRTUAL - -// Implementation -protected: - - // Generated message map functions - //{{AFX_MSG(CLeashProperties) - virtual BOOL OnInitDialog(); - virtual void OnOK(); - afx_msg void OnHelp(); - afx_msg void OnCheckMissingCfg(); - afx_msg void OnRadioMslsaNever(); - afx_msg void OnRadioMslsaAlways(); - afx_msg void OnRadioMslsaMatchingRealm(); - afx_msg void OnButtonResetDefaults(); - //}}AFX_MSG - DECLARE_MESSAGE_MAP() -}; - -//{{AFX_INSERT_LOCATION}} -// Microsoft Visual C++ will insert additional declarations immediately before the previous line. - -#endif // !defined(AFX_LEASHPROPERTIES_H__7E54E028_726E_11D2_945E_0000861B8A3C__INCLUDED_) diff -Nru krb5-1.16.2/src/windows/leash/Leash.rc krb5-1.17/src/windows/leash/Leash.rc --- krb5-1.16.2/src/windows/leash/Leash.rc 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/Leash.rc 2019-01-08 16:02:37.000000000 +0000 @@ -178,11 +178,6 @@ "Z", ID_EDIT_UNDO, VIRTKEY, CONTROL, NOINVERT END -IDD_KRB4_DOMAINREALM_MAINT ACCELERATORS -BEGIN - "F", ID_BUTTON_HOSTNAME_REMOVE, VIRTKEY, CONTROL, NOINVERT -END - ///////////////////////////////////////////////////////////////////////////// // @@ -202,7 +197,7 @@ CONTROL "Tree1",IDC_TREEVIEW,"SysTreeView32",TVS_HASBUTTONS | TVS_HASLINES | TVS_LINESATROOT | TVS_DISABLEDRAGDROP | TVS_INFOTIP | WS_HSCROLL | WS_TABSTOP,0,19,164,13 - LTEXT "Your Kerberos Tickets and AFS Tokens (Issued/Expires/[Renew]/Principal)", + LTEXT "Your Kerberos Tickets (Issued/Expires/[Renew]/Principal)", IDC_LABEL_KERB_TICKETS,6,5,280,12 CONTROL "",IDC_LEASH_MAINVIEW,"SysListView32",LVS_REPORT | LVS_ALIGNLEFT | WS_BORDER | WS_TABSTOP,0,43,347,88 @@ -259,30 +254,6 @@ CTEXT "Leash Warning Here!!!",IDC_LEASH_WARNING_MSG,0,7,257,27 END -IDD_KRB4_PROP_LOCATION DIALOG 0, 0, 316, 191 -STYLE DS_SETFONT | DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU -CAPTION "Client File Location" -FONT 8, "MS Sans Serif" -BEGIN - EDITTEXT IDC_EDIT_TICKET_FILE,64,24,239,12,ES_AUTOHSCROLL - EDITTEXT IDC_EDIT_KRB_LOC,64,110,203,12,ES_AUTOHSCROLL | WS_GROUP - PUSHBUTTON "Browse",IDC_BUTTON_KRB_BROWSE,271,109,31,14,WS_GROUP - PUSHBUTTON "Browse",IDC_BUTTON_KRBREALM_BROWSE,271,129,32,14, - WS_GROUP - LTEXT "Name:",IDC_STATIC_TICKET_FILEPATH,34,25,22,8 - GROUPBOX "Configuration File(s) Path",IDC_STATIC_CONFIG_FILES,7, - 92,301,93 - GROUPBOX "Ticket File",IDC_STATIC_TICKETFILE,7,8,301,71 - LTEXT "Config.:",IDC_STATIC_KRBCON,31,110,25,8 - LTEXT "Ticket file name is set in your computer's environment!\nTo edit, remove it from the environment.", - IDC_STATIC_TXT,12,54,283,19 - LTEXT "One or more Configuration file locations are set in your computer's environment!\nTo edit, remove all of them from the environment.", - IDC_STATIC_CONFILES,12,160,284,19 - EDITTEXT IDC_EDIT_KRBREALM_LOC,64,130,203,12,ES_AUTOHSCROLL | - WS_GROUP - LTEXT "Realms:",IDC_STATIC_KRBREALMS,30,130,26,8 -END - IDD_KRB_PROP_CONTENT DIALOG 0, 0, 314, 172 STYLE DS_SETFONT | DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU CAPTION "Default Realm Configuration" @@ -315,36 +286,6 @@ GROUPBOX "",stc32,7,7,227,98,NOT WS_VISIBLE END -IDD_LEASH_PROPERTIES DIALOGEX 0, 0, 305, 166 -STYLE DS_SETFONT | DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU -CAPTION "Leash Properties" -FONT 8, "MS Sans Serif", 0, 0, 0x0 -BEGIN - EDITTEXT IDC_EDIT_TIME_SERVER,59,22,233,12,ES_AUTOHSCROLL - PUSHBUTTON "&Help",IDC_BUTTON_LEASHINI_HELP2,138,145,50,14 - DEFPUSHBUTTON "&OK",IDOK,242,145,50,14 - PUSHBUTTON "&Cancel",IDCANCEL,190,145,50,14 - LTEXT "Name:",IDC_STATIC_TIMESERVER,31,23,22,8 - GROUPBOX "Time Server",IDC_STATIC_OPTIONS,7,7,291,45 - LTEXT "Time server name is set in your computer's environment!\nTo edit, remove it from the environment.", - IDC_STATIC_TIMEHOST,31,22,201,21 - CONTROL "Create Configuration Files &Missing at Startup", - IDC_CHECK_CREATE_MISSING_CFG,"Button",BS_AUTOCHECKBOX | - WS_TABSTOP,15,105,244,10 - PUSHBUTTON "&Restore Leash Defaults",IDC_RESET_DEFAULTS,31,126,243, - 14 - GROUPBOX "Miscellaneous Options",IDC_GROUP_LEASH_MISC,7,95,291,29 - GROUPBOX "Automatic MSLSA Ticket Importation",IDC_STATIC,7,52,291, - 40 - CONTROL "Never",IDC_RADIO_MSLSA_IMPORT_OFF,"Button", - BS_AUTORADIOBUTTON | WS_GROUP | WS_TABSTOP,16,70,35,10 - CONTROL "Always",IDC_RADIO_MSLSA_IMPORT_ON,"Button", - BS_AUTORADIOBUTTON | WS_TABSTOP,62,70,48,10 - CONTROL "When MSLSA Principal matches Default Realm", - IDC_RADIO_MSLSA_IMPORT_MATCH,"Button",BS_AUTORADIOBUTTON | - WS_TABSTOP,116,71,165,10 -END - IDD_KRB5_PROP_CONTENT DIALOG 0, 0, 321, 126 STYLE DS_SETFONT | DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU CAPTION "Configuration Options" @@ -407,19 +348,6 @@ BS_AUTOCHECKBOX | WS_TABSTOP,169,158,131,10 END -IDD_KRB4_DOMAINREALM_MAINT DIALOG 0, 0, 313, 213 -STYLE DS_SETFONT | DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU -CAPTION "Domain-Host/Realm Maintenance" -FONT 8, "MS Sans Serif" -BEGIN - LISTBOX IDC_LIST_DOMAINREALM,7,7,299,174,LBS_NOINTEGRALHEIGHT | - WS_VSCROLL | WS_TABSTOP - DEFPUSHBUTTON "&Add",IDC_BUTTON_REALM_HOST_ADD,52,192,50,14 - PUSHBUTTON "&Remove",ID_BUTTON_REALM_HOST_REMOVE,106,192,50,14 - PUSHBUTTON "&Edit",IDC_BUTTON_REALM_HOST_EDIT,160,192,50,14 - PUSHBUTTON "&Help",IDC_BUTTON_HOSTMAINT_HELP,214,192,50,14 -END - IDD_KRB_ADD_REALM DIALOG 0, 0, 295, 94 STYLE DS_SETFONT | DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU CAPTION "Add a Kerberos Realm" @@ -448,34 +376,6 @@ IDC_STATIC_NOTE,11,15,267,8 END -IDD_KRB4_ADD_DOMAINREALMNAME DIALOG 0, 0, 295, 89 -STYLE DS_SETFONT | DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU -CAPTION "Add Your Domain-Host/Kerberos Realm Names to List" -FONT 8, "MS Sans Serif" -BEGIN - EDITTEXT IDC_EDIT_DOMAINHOSTNAME,75,15,208,12,ES_AUTOHSCROLL - EDITTEXT IDC_EDIT_DOMAINREALMNAME,75,32,208,12,ES_UPPERCASE | - ES_AUTOHSCROLL - PUSHBUTTON "&OK",IDOK,232,62,50,14 - PUSHBUTTON "&Cancel",IDCANCEL,179,62,50,14 - LTEXT "Domain or Host: ",IDC_STATIC_DEFAULT_REALM,12,17,58,8 - LTEXT "Kerberos Realm:",IDC_STATIC_REALM_HOSTNAME,17,34,53,8 -END - -IDD_KRB4_EDIT_DOMAINREALMNAME DIALOG 0, 0, 295, 89 -STYLE DS_SETFONT | DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU -CAPTION "Edit Your Domain-Host/Kerberos Realm Names to List" -FONT 8, "MS Sans Serif" -BEGIN - EDITTEXT IDC_EDIT_DOMAINHOST,75,15,208,12,ES_AUTOHSCROLL - EDITTEXT IDC_EDIT_REALMNAME,75,32,208,12,ES_UPPERCASE | - ES_AUTOHSCROLL - PUSHBUTTON "&OK",IDOK,232,62,50,14 - PUSHBUTTON "&Cancel",IDCANCEL,179,62,50,14 - LTEXT "Domain or Host: ",IDC_STATIC_DEFAULT_REALM,12,17,58,8 - LTEXT "Kerberos Realm:",IDC_STATIC_REALM_HOSTNAME,17,34,53,8 -END - IDD_KRB_ADD_KDC_HOSTSERVER DIALOG 0, 0, 295, 94 STYLE DS_SETFONT | DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU CAPTION "Add a Kerberos Host Server" @@ -502,57 +402,6 @@ IDC_STATIC_NOTE,11,15,267,8 END -IDD_KRB4_REALMHOST_MAINT2 DIALOG 0, 0, 313, 214 -STYLE DS_SETFONT | DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU -CAPTION "Realm/Host Maintenance" -FONT 8, "MS Sans Serif" -BEGIN - DEFPUSHBUTTON "&Add",IDC_BUTTON_KRB4_REALM_HOST_ADD,53,161,50,14 - PUSHBUTTON "&Remove",ID_BUTTON_KRB4_REALM_HOST_REMOVE,107,161,50,14 - PUSHBUTTON "&Edit",IDC_BUTTON_KRB4_REALM_HOST_EDIT,161,161,50,14 - PUSHBUTTON "&Help",IDC_BUTTON_REALMHOST_MAINT_HELP2,214,161,50,14 - LISTBOX IDC_LIST_REMOVE_HOST,7,7,299,149,LBS_NOINTEGRALHEIGHT | - WS_VSCROLL | WS_TABSTOP - CONTROL "Use DNS KDC Lookup",IDC_KRB4_DNS_KDC,"Button", - BS_AUTOCHECKBOX | WS_TABSTOP,18,186,89,10 -END - -IDD_KRB4_EDIT_REALM DIALOG 0, 0, 296, 113 -STYLE DS_SETFONT | DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU -CAPTION "Edit Kerberos Realm/Kerberos Host Names" -FONT 8, "MS Sans Serif" -BEGIN - EDITTEXT IDC_EDIT_DEFAULT_REALM,70,23,213,12,ES_UPPERCASE | - ES_AUTOHSCROLL - EDITTEXT IDC_EDIT_REALM_HOSTNAME,70,41,213,12,ES_AUTOHSCROLL - CONTROL "Has Administrative Server",IDC_RADIO_ADMIN_SERVER, - "Button",BS_AUTORADIOBUTTON | WS_TABSTOP,50,61,96,12 - CONTROL "No Administrative Server",IDC_RADIO_NO_ADMIN_SERVER, - "Button",BS_AUTORADIOBUTTON | WS_TABSTOP,154,61,92,12 - PUSHBUTTON "&OK",IDOK,233,86,50,14 - PUSHBUTTON "&Cancel",IDCANCEL,181,86,50,14 - LTEXT "Kerberos Realm:",IDC_STATIC_DEFAULT_REALM,11,25,53,8 - LTEXT "Kerberos Host:",IDC_STATIC_REALM_HOSTNAME,16,43,48,8 -END - -IDD_KRB4_ADD_REALM DIALOG 0, 0, 296, 113 -STYLE DS_SETFONT | DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU -CAPTION "Add Kerberos Realm/Kerberos Host Names" -FONT 8, "MS Sans Serif" -BEGIN - EDITTEXT IDC_EDIT_DEFAULT_REALM,70,23,213,12,ES_UPPERCASE | - ES_AUTOHSCROLL - EDITTEXT IDC_EDIT_REALM_HOSTNAME,70,41,213,12,ES_AUTOHSCROLL - CONTROL "Has Administrative Server",IDC_RADIO_ADMIN_SERVER, - "Button",BS_AUTORADIOBUTTON | WS_TABSTOP,50,61,95,12 - CONTROL "No Administrative Server",IDC_RADIO_NO_ADMIN_SERVER, - "Button",BS_AUTORADIOBUTTON | WS_TABSTOP,154,61,92,12 - PUSHBUTTON "&OK",IDOK,232,86,50,14 - PUSHBUTTON "&Cancel",IDCANCEL,179,86,50,14 - LTEXT "Kerberos Realm:",IDC_STATIC_DEFAULT_REALM,11,25,53,8 - LTEXT "Kerberos Host:",IDC_STATIC_REALM_HOSTNAME,16,43,48,8 -END - IDD_KRB_DOMAINREALM_MAINT DIALOG 0, 0, 314, 213 STYLE DS_SETFONT | DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU CAPTION "DNS / Realm Mapping" @@ -565,21 +414,6 @@ PUSHBUTTON "&Edit",IDC_BUTTON_HOST_EDIT,185,192,50,14 END -IDD_AFS_PROPERTIES DIALOG 0, 0, 290, 68 -STYLE DS_SETFONT | DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU -CAPTION "AFS Properties" -FONT 8, "MS Sans Serif" -BEGIN - CONTROL "AFS Enabled",IDC_RADIO_AFS_ENABLED,"Button", - BS_AUTORADIOBUTTON,12,19,59,10 - CONTROL "AFS Disabled",IDC_RADIO_AFS_DISABLED,"Button", - BS_AUTORADIOBUTTON,80,19,59,10 - PUSHBUTTON "AFS Properties",IDC_BUTTON_AFS_PROPERTIES,11,47,70,14 - DEFPUSHBUTTON "&OK",IDOK,227,47,50,14 - PUSHBUTTON "&Cancel",IDCANCEL,173,47,50,14 - PUSHBUTTON "&Help",IDC_BUTTON_LEASHINI_HELP2,119,47,50,14 -END - IDD_KRB_PROP_MISC DIALOGEX 0, 0, 314, 215 STYLE DS_SETFONT | DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU CAPTION "Ticket Lifetime and Other Initialization Options" @@ -653,8 +487,6 @@ LTEXT "h",IDC_STATIC,230,26,8,8 LTEXT "m",IDC_STATIC,267,26,8,8 GROUPBOX "Ticket Initialization Options",IDC_STATIC,7,151,300,59 - CONTROL "Request Kerberos 4 Tickets",IDC_CHECK_REQUEST_KRB4, - "Button",BS_AUTOCHECKBOX | WS_TABSTOP,19,167,203,10 CONTROL "Preserve Ticket Initialization Dialog Options", IDC_CHECK_PRESERVE_KINIT_OPTIONS,"Button", BS_AUTOCHECKBOX | WS_TABSTOP,20,182,208,10 @@ -696,14 +528,6 @@ BEGIN END - IDD_KRB4_PROP_LOCATION, DIALOG - BEGIN - LEFTMARGIN, 6 - RIGHTMARGIN, 307 - TOPMARGIN, 6 - BOTTOMMARGIN, 184 - END - IDD_KRB_PROP_CONTENT, DIALOG BEGIN LEFTMARGIN, 7 @@ -720,14 +544,6 @@ BOTTOMMARGIN, 105 END - IDD_LEASH_PROPERTIES, DIALOG - BEGIN - LEFTMARGIN, 7 - RIGHTMARGIN, 298 - TOPMARGIN, 7 - BOTTOMMARGIN, 159 - END - IDD_KRB5_PROP_CONTENT, DIALOG BEGIN LEFTMARGIN, 7 @@ -753,14 +569,6 @@ BOTTOMMARGIN, 206 END - IDD_KRB4_DOMAINREALM_MAINT, DIALOG - BEGIN - LEFTMARGIN, 7 - RIGHTMARGIN, 306 - TOPMARGIN, 7 - BOTTOMMARGIN, 206 - END - IDD_KRB_ADD_REALM, DIALOG BEGIN LEFTMARGIN, 7 @@ -777,22 +585,6 @@ BOTTOMMARGIN, 87 END - IDD_KRB4_ADD_DOMAINREALMNAME, DIALOG - BEGIN - LEFTMARGIN, 7 - RIGHTMARGIN, 288 - TOPMARGIN, 7 - BOTTOMMARGIN, 82 - END - - IDD_KRB4_EDIT_DOMAINREALMNAME, DIALOG - BEGIN - LEFTMARGIN, 7 - RIGHTMARGIN, 288 - TOPMARGIN, 7 - BOTTOMMARGIN, 82 - END - IDD_KRB_ADD_KDC_HOSTSERVER, DIALOG BEGIN LEFTMARGIN, 7 @@ -809,30 +601,6 @@ BOTTOMMARGIN, 87 END - IDD_KRB4_REALMHOST_MAINT2, DIALOG - BEGIN - LEFTMARGIN, 7 - RIGHTMARGIN, 306 - TOPMARGIN, 7 - BOTTOMMARGIN, 206 - END - - IDD_KRB4_EDIT_REALM, DIALOG - BEGIN - LEFTMARGIN, 7 - RIGHTMARGIN, 289 - TOPMARGIN, 7 - BOTTOMMARGIN, 106 - END - - IDD_KRB4_ADD_REALM, DIALOG - BEGIN - LEFTMARGIN, 7 - RIGHTMARGIN, 289 - TOPMARGIN, 7 - BOTTOMMARGIN, 106 - END - IDD_KRB_DOMAINREALM_MAINT, DIALOG BEGIN LEFTMARGIN, 7 @@ -841,14 +609,6 @@ BOTTOMMARGIN, 206 END - IDD_AFS_PROPERTIES, DIALOG - BEGIN - LEFTMARGIN, 7 - RIGHTMARGIN, 283 - TOPMARGIN, 7 - BOTTOMMARGIN, 61 - END - IDD_KRB_PROP_MISC, DIALOG BEGIN LEFTMARGIN, 7 @@ -957,7 +717,6 @@ ID_OPTIONS_RESETWINDOWSIZE "Puts Leash's main window back to it's default size " ID_RESET_WINDOW_SIZE "Refresh Leash window to it's default size/position" - ID_AFS_CONTROL_PANEL "Enables you to change settings" ID_SYSTEM_CONTROL_PANEL "Open your System Properties window" ID_OPTIONS_LOWTICKETALARMSOUND "Turn alarm off or on, when ticket time is low" diff -Nru krb5-1.16.2/src/windows/leash/LeashView.cpp krb5-1.17/src/windows/leash/LeashView.cpp --- krb5-1.16.2/src/windows/leash/LeashView.cpp 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/LeashView.cpp 2019-01-08 16:02:37.000000000 +0000 @@ -24,11 +24,6 @@ #include "LeashDebugWindow.h" #include "LeashMessageBox.h" #include "LeashAboutBox.h" -#include "Krb4Properties.h" -#include "Krb5Properties.h" -#include "LeashProperties.h" -#include "KrbProperties.h" -#include "AfsProperties.h" #include #ifdef _DEBUG @@ -83,23 +78,15 @@ ON_UPDATE_COMMAND_UI(ID_INIT_TICKET, OnUpdateInitTicket) ON_UPDATE_COMMAND_UI(ID_RENEW_TICKET, OnUpdateRenewTicket) ON_COMMAND(ID_APP_ABOUT, OnAppAbout) - ON_COMMAND(ID_AFS_CONTROL_PANEL, OnAfsControlPanel) ON_UPDATE_COMMAND_UI(ID_DEBUG_MODE, OnUpdateDebugMode) ON_UPDATE_COMMAND_UI(ID_CFG_FILES, OnUpdateCfgFiles) - ON_COMMAND(ID_KRB4_PROPERTIES, OnKrb4Properties) - ON_COMMAND(ID_KRB5_PROPERTIES, OnKrb5Properties) - ON_COMMAND(ID_LEASH_PROPERTIES, OnLeashProperties) ON_COMMAND(ID_LEASH_RESTORE, OnLeashRestore) ON_COMMAND(ID_LEASH_MINIMIZE, OnLeashMinimize) ON_COMMAND(ID_LOW_TICKET_ALARM, OnLowTicketAlarm) ON_COMMAND(ID_AUTO_RENEW, OnAutoRenew) ON_UPDATE_COMMAND_UI(ID_LOW_TICKET_ALARM, OnUpdateLowTicketAlarm) ON_UPDATE_COMMAND_UI(ID_AUTO_RENEW, OnUpdateAutoRenew) - ON_UPDATE_COMMAND_UI(ID_KRB4_PROPERTIES, OnUpdateKrb4Properties) - ON_UPDATE_COMMAND_UI(ID_KRB5_PROPERTIES, OnUpdateKrb5Properties) - ON_UPDATE_COMMAND_UI(ID_AFS_CONTROL_PANEL, OnUpdateAfsControlPanel) ON_UPDATE_COMMAND_UI(ID_MAKE_DEFAULT, OnUpdateMakeDefault) - ON_COMMAND(ID_PROPERTIES, OnKrbProperties) ON_UPDATE_COMMAND_UI(ID_PROPERTIES, OnUpdateProperties) ON_COMMAND(ID_HELP_KERBEROS_, OnHelpKerberos) ON_COMMAND(ID_HELP_LEASH32, OnHelpLeash32) @@ -122,19 +109,8 @@ time_t CLeashView::m_ticketTimeLeft = 0; // # of seconds left before tickets expire -INT CLeashView::m_forwardableTicket = 0; -INT CLeashView::m_proxiableTicket = 0; -INT CLeashView::m_renewableTicket = 0; -INT CLeashView::m_noaddressTicket = 0; -DWORD CLeashView::m_publicIPAddress = 0; -INT CLeashView::m_ticketStatusAfs = 0; // Defense Condition: are we low on tickets? -INT CLeashView::m_ticketStatusKrb4 = 0; // Defense Condition: are we low on tickets? INT CLeashView::m_ticketStatusKrb5 = 0; // Defense Condition: are we low on tickets? -INT CLeashView::m_warningOfTicketTimeLeftAfs = 0; // Prevents warning box from coming up repeatively -INT CLeashView::m_warningOfTicketTimeLeftKrb4 = 0; // Prevents warning box from coming up repeatively INT CLeashView::m_warningOfTicketTimeLeftKrb5 = 0; // Prevents warning box from coming up repeatively -INT CLeashView::m_warningOfTicketTimeLeftLockAfs = 0; -INT CLeashView::m_warningOfTicketTimeLeftLockKrb4 = 0; INT CLeashView::m_warningOfTicketTimeLeftLockKrb5 = 0; INT CLeashView::m_updateDisplayCount; INT CLeashView::m_alreadyPlayedDisplayCount; @@ -345,14 +321,8 @@ CLeashView::CLeashView() { ////@#+Need removing as well! -#ifndef NO_KRB4 - m_listKrb4 = NULL; -#endif - m_listAfs = NULL; m_startup = TRUE; - m_warningOfTicketTimeLeftKrb4 = 0; m_warningOfTicketTimeLeftKrb5 = 0; - m_warningOfTicketTimeLeftLockKrb4 = 0; m_warningOfTicketTimeLeftLockKrb5 = 0; m_largeIcons = 0; m_destroyTicketsOnExit = 0; @@ -377,11 +347,6 @@ m_hMenu = NULL; m_pApp = NULL; m_ccacheDisplay = NULL; - m_forwardableTicket = 0; - m_proxiableTicket = 0; - m_renewableTicket = 0; - m_noaddressTicket = 0; - m_publicIPAddress = 0; m_autoRenewTickets = 0; m_autoRenewalAttempted = 0; m_pWarningMessage = NULL; @@ -497,8 +462,7 @@ // Call while possessing a lock to ticketinfo.lockObj INT CLeashView::GetLowTicketStatus(int ver) { - BOOL b_notix = (ver == 5 && !ticketinfo.Krb5.btickets) || - (ver == 1 && !ticketinfo.Afs.btickets); + BOOL b_notix = (ver == 5 && !ticketinfo.Krb5.btickets); if (b_notix) return NO_TICKETS; @@ -566,21 +530,6 @@ // Get State of Upper Case Realm m_upperCaseRealm = pLeash_get_default_uppercaserealm(); - // Forwardable flag - m_forwardableTicket = pLeash_get_default_forwardable(); - - // Proxiable flag - m_proxiableTicket = pLeash_get_default_proxiable(); - - // Renewable flag - m_renewableTicket = pLeash_get_default_renewable(); - - // No Address flag - m_noaddressTicket = pLeash_get_default_noaddresses(); - - // Public IP Address - m_publicIPAddress = pLeash_get_default_publicip(); - // UI main display column widths for (int i=0; iGetProfileInt("Settings", "AfsStatus", 1); - CListCtrl& list = GetListCtrl(); // @TODO: there is probably a more sensible place to initialize these... if ((m_BaseFont == NULL) && (list.GetFont())) { @@ -1275,33 +1201,13 @@ } } -#ifndef NO_KRB4 - INT ticketIconStatusKrb4; - INT ticketIconStatus_SelectedKrb4; - INT iconStatusKrb4; -#endif - INT ticketIconStatusKrb5; INT ticketIconStatus_SelectedKrb5; INT iconStatusKrb5; - INT ticketIconStatusAfs; - INT ticketIconStatus_SelectedAfs; - INT iconStatusAfs; - -#ifndef NO_KRB4 - LONG krb4Error; -#endif - LONG afsError; - if (WaitForSingleObject( ticketinfo.lockObj, 100 ) != WAIT_OBJECT_0) throw("Unable to lock ticketinfo"); -#ifndef NO_KRB4 - // Get Kerb 4 tickets in list - krb4Error = pLeashKRB4GetTickets(&ticketinfo.Krb4, &m_listKrb4); -#endif - // Get Kerb 5 tickets in list LeashKRB5ListDefaultTickets(&ticketinfo.Krb5); if (CLeashApp::m_hKrb5DLL && !CLeashApp::m_krbv5_profile) @@ -1319,55 +1225,11 @@ pprofile_init(filenames, &CLeashApp::m_krbv5_profile); } - // Get AFS Tokens in list - if (CLeashApp::m_hAfsDLL) { - char * principal; - if ( ticketinfo.Krb5.principal[0] ) - principal = ticketinfo.Krb5.principal; - else - principal = ""; - afsError = pLeashAFSGetToken(&ticketinfo.Afs, &m_listAfs, principal); - } - /* * Update Ticket Status for Krb5 so that we may use their state * to select the appropriate Icon for the Parent Node */ -////Might need to delete dependent stuff as well!!! -#ifndef NO_KRB4 - /* Krb4 */ - UpdateTicketTime(ticketinfo.Krb4); - m_ticketStatusKrb4 = GetLowTicketStatus(4); - if (!m_listKrb4 || EXPIRED_TICKETS == ticketinfo.Krb4.btickets || - m_ticketStatusKrb4 == ZERO_MINUTES_LEFT) - { - ticketIconStatusKrb4 = EXPIRED_CLOCK; - ticketIconStatus_SelectedKrb4 = EXPIRED_CLOCK; - iconStatusKrb4 = EXPIRED_TICKET; - } - else if (TICKETS_LOW == ticketinfo.Krb4.btickets || - m_ticketStatusKrb4 == FIVE_MINUTES_LEFT || - m_ticketStatusKrb4 == TEN_MINUTES_LEFT || - m_ticketStatusKrb4 == FIFTEEN_MINUTES_LEFT) - { - ticketIconStatusKrb4 = LOW_CLOCK; - ticketIconStatus_SelectedKrb4 = LOW_CLOCK; - iconStatusKrb4 = LOW_TICKET; - } - else if ( CLeashApp::m_hKrb4DLL ) - { - ticketIconStatusKrb4 = ACTIVE_CLOCK; - ticketIconStatus_SelectedKrb4 = ACTIVE_CLOCK; - iconStatusKrb4 = ACTIVE_TICKET; - } else { - ticketIconStatusKrb4 = EXPIRED_CLOCK; - ticketIconStatus_SelectedKrb4 = EXPIRED_CLOCK; - iconStatusKrb4 = TICKET_NOT_INSTALLED; - } -#endif - - /* Krb5 */ UpdateTicketTime(ticketinfo.Krb5); m_ticketStatusKrb5 = GetLowTicketStatus(5); @@ -1400,37 +1262,6 @@ iconStatusKrb5 = TICKET_NOT_INSTALLED; } - /* Afs */ - UpdateTicketTime(ticketinfo.Afs); - m_ticketStatusAfs = GetLowTicketStatus(1); - if (!m_listAfs || EXPIRED_TICKETS == ticketinfo.Afs.btickets || - m_ticketStatusAfs == ZERO_MINUTES_LEFT) - { - ticketIconStatusAfs = EXPIRED_CLOCK; - ticketIconStatus_SelectedAfs = EXPIRED_CLOCK; - iconStatusAfs = EXPIRED_TICKET; - } - else if (TICKETS_LOW == ticketinfo.Afs.btickets || - m_ticketStatusAfs == FIVE_MINUTES_LEFT || - m_ticketStatusAfs == TEN_MINUTES_LEFT || - m_ticketStatusAfs == FIFTEEN_MINUTES_LEFT) - { - ticketIconStatusAfs = LOW_CLOCK; - ticketIconStatus_SelectedAfs = LOW_CLOCK; - iconStatusAfs = LOW_TICKET; - } - else if ( CLeashApp::m_hAfsDLL ) - { - ticketIconStatusAfs = ACTIVE_CLOCK; - ticketIconStatus_SelectedAfs = ACTIVE_CLOCK; - iconStatusAfs = ACTIVE_TICKET; - } else - { - ticketIconStatusAfs = EXPIRED_CLOCK; - ticketIconStatus_SelectedAfs = EXPIRED_CLOCK; - iconStatusAfs = TICKET_NOT_INSTALLED; - } - int trayIcon = NONE_PARENT_NODE; if (CLeashApp::m_hKrb5DLL && ticketinfo.Krb5.btickets) { switch ( iconStatusKrb5 ) { @@ -1554,8 +1385,6 @@ LeashKRB5FreeTicketInfo(&ticketinfo.Krb5); LeashKRB5FreeTickets(&principallist); - // @TODO: AFS-specific here - ReleaseMutex(ticketinfo.lockObj); } @@ -1656,9 +1485,6 @@ m_alreadyPlayed = TRUE; - if (!CKrbProperties::KrbPropertiesOn) - SendMessage(WM_COMMAND, ID_UPDATE_DISPLAY, 0); - if (m_debugStartUp) { OnDebugMode(); @@ -1672,11 +1498,6 @@ ////@#+Is this KRB4 only? VOID CLeashView::OnDebugMode() { -#ifndef NO_KRB4 - if (!pset_krb_debug) - return; -#endif - if (!m_pDebugWindow) { AfxMessageBox("There is a problem with the Leash Debug Window!", @@ -1725,11 +1546,6 @@ m_pApp->WriteProfileInt("Settings", "DebugWindow", FALSE_FLAG); m_pDebugWindow->DestroyWindow(); -//// -#ifndef NO_KRB4 - pset_krb_debug(OFF); - pset_krb_ap_req_debug(OFF); -#endif return; } else @@ -1959,11 +1775,7 @@ VOID CLeashView::ResetTreeNodes() { m_hPrincipalState = 0; -#ifndef NO_KRB4 - m_hKerb4State = 0; -#endif m_hKerb5State = 0; - m_hAFSState = 0; } VOID CLeashView::OnDestroy() @@ -1999,13 +1811,7 @@ VOID CLeashView::OnUpdateInitTicket(CCmdUI* pCmdUI) { - if ( -////Is this logic correct? -#ifndef NO_KRB4 - !CLeashApp::m_hKrb4DLL && -#endif - !CLeashApp::m_hKrb5DLL && - !CLeashApp::m_hAfsDLL) + if (!CLeashApp::m_hKrb5DLL) pCmdUI->Enable(FALSE); else pCmdUI->Enable(TRUE); @@ -2092,17 +1898,8 @@ menu->AppendMenu(MF_STRING, ID_INIT_TICKET, "&Get Tickets"); if (WaitForSingleObject( ticketinfo.lockObj, INFINITE ) != WAIT_OBJECT_0) throw("Unable to lock ticketinfo"); - if (!( -#ifndef NO_KRB4 - ticketinfo.Krb4.btickets || -#endif - ticketinfo.Krb5.btickets) || -////Not entirely sure about the logic -#ifndef NO_KRB4 - !CLeashApp::m_hKrb4DLL && -#endif - !CLeashApp::m_hKrb5DLL && - !CLeashApp::m_hAfsDLL) + if (!ticketinfo.Krb5.btickets || + !CLeashApp::m_hKrb5DLL) nFlags = MF_STRING | MF_GRAYED; else nFlags = MF_STRING; @@ -2112,7 +1909,7 @@ else nFlags = MF_STRING; menu->AppendMenu(MF_STRING, ID_IMPORT_TICKET, "&Import Tickets"); - if (!ticketinfo.Krb5.btickets && !ticketinfo.Afs.btickets) + if (!ticketinfo.Krb5.btickets) nFlags = MF_STRING | MF_GRAYED; else nFlags = MF_STRING; @@ -2162,12 +1959,6 @@ } -VOID CLeashView::OnAfsControlPanel() -{ - CAfsProperties afsProperties; - afsProperties.DoModal(); -} - VOID CLeashView::OnInitialUpdate() { CListView::OnInitialUpdate(); @@ -2181,14 +1972,8 @@ if (m_hPrincipal == pNMTreeView->itemNew.hItem) m_hPrincipalState = pNMTreeView->action; -#ifndef NO_KRB4 - else if (m_hKerb4 == pNMTreeView->itemNew.hItem) - m_hKerb4State = pNMTreeView->action; -#endif else if (m_hKerb5 == pNMTreeView->itemNew.hItem) m_hKerb5State = pNMTreeView->action; - else if (m_hAFS == pNMTreeView->itemNew.hItem) - m_hAFSState = pNMTreeView->action; CMainFrame::m_isBeingResized = TRUE; *pResult = 0; @@ -2196,56 +1981,12 @@ VOID CLeashView::OnUpdateDebugMode(CCmdUI* pCmdUI) { -//// -#ifndef NO_KRB4 - if (!pset_krb_debug) -#endif pCmdUI->Enable(FALSE); -//// -#ifndef NO_KRB4 - else - pCmdUI->Enable(TRUE); -#endif } VOID CLeashView::OnUpdateCfgFiles(CCmdUI* pCmdUI) { -//// -#ifndef NO_KRB4 - if (!pkrb_get_krbconf2) -#endif pCmdUI->Enable(FALSE); -//// -#ifndef NO_KRB4 - else - pCmdUI->Enable(TRUE); -#endif -} - -VOID CLeashView::OnLeashProperties() -{ - CLeashProperties leashProperties; - leashProperties.DoModal(); -} - -VOID CLeashView::OnKrbProperties() -{ - CKrbProperties krbProperties("Kerberos Properties"); - krbProperties.DoModal(); -} - -VOID CLeashView::OnKrb4Properties() -{ -#ifndef NO_KRB4 - CKrb4Properties krb4Properties("Kerberos Four Properties"); - krb4Properties.DoModal(); -#endif -} - -VOID CLeashView::OnKrb5Properties() -{ - CKrb5Properties krb5Properties("Kerberos Five Properties"); - krb5Properties.DoModal(); } /* @@ -2370,10 +2111,8 @@ if (InterlockedDecrement(&m_timerMsgNotInProgress) == 0) { CString ticketStatusKrb5 = TCHAR(NOT_INSTALLED); - CString ticketStatusAfs = TCHAR(NOT_INSTALLED); CString strTimeDate; CString lowTicketWarningKrb5; - CString lowTicketWarningAfs; timer_start: if (WaitForSingleObject( ticketinfo.lockObj, 100 ) != WAIT_OBJECT_0) @@ -2470,113 +2209,6 @@ } //KRB5 - - if (CLeashApp::m_hAfsDLL) - { - // AFS - UpdateTicketTime(ticketinfo.Afs); - if (!ticketinfo.Afs.btickets) - { - BOOL AfsEnabled = m_pApp->GetProfileInt("Settings", "AfsStatus", 1); - if ( AfsEnabled ) - ticketStatusAfs = "AFS: No Tickets"; - else - ticketStatusAfs = "AFS: Disabled"; - } - else if (EXPIRED_TICKETS == ticketinfo.Afs.btickets) - { -#ifndef NO_KRB5 - if (ticketinfo.Krb5.btickets && - EXPIRED_TICKETS != ticketinfo.Krb5.btickets && - m_autoRenewTickets && - !m_autoRenewalAttempted && - ticketinfo.Krb5.renew_until && - (ticketinfo.Krb5.issued + ticketinfo.Krb5.renew_until -LeashTime() > 20 * 60) && - !stricmp(ticketinfo.Krb5.principal,ticketinfo.Afs.principal) - ) - { - m_autoRenewalAttempted = 1; - ReleaseMutex(ticketinfo.lockObj); - AfxBeginThread(RenewTicket,m_hWnd); - goto timer_start; - } -#endif /* NO_KRB5 */ - ticketStatusAfs = "AFS: Expired Tickets"; - lowTicketWarningAfs = "Your AFS token(s) have expired"; - if (!m_warningOfTicketTimeLeftLockAfs) - m_warningOfTicketTimeLeftAfs = 0; - m_warningOfTicketTimeLeftLockAfs = ZERO_MINUTES_LEFT; - m_ticketTimeLeft = 0; - } - else - { - m_ticketStatusAfs = GetLowTicketStatus(1); - switch (m_ticketStatusAfs) - { - case FIFTEEN_MINUTES_LEFT: - ticketinfo.Afs.btickets = TICKETS_LOW; - - lowTicketWarningAfs = "Less then 15 minutes left on your AFStoken(s)"; - break; - case TEN_MINUTES_LEFT: - ticketinfo.Afs.btickets = TICKETS_LOW; - - lowTicketWarningAfs = "Less then 10 minutes left on your AFS token(s)"; - - if (!m_warningOfTicketTimeLeftLockAfs) - m_warningOfTicketTimeLeftAfs = 0; - - m_warningOfTicketTimeLeftLockAfs = TEN_MINUTES_LEFT; - break; - case FIVE_MINUTES_LEFT: - ticketinfo.Afs.btickets = TICKETS_LOW; - if (m_warningOfTicketTimeLeftLockAfs == TEN_MINUTES_LEFT) - m_warningOfTicketTimeLeftAfs = 0; - - m_warningOfTicketTimeLeftLockAfs = FIVE_MINUTES_LEFT; - - lowTicketWarningAfs = "Less then 5 minutes left on your AFS token(s)"; - break; - default: - m_ticketStatusAfs = 0; - break; - } - - } - - if (CMainFrame::m_isMinimum) - { - // minimized dispay - ticketStatusAfs.Format("AFS: %02d:%02d Left", - (m_ticketTimeLeft / 60L / 60L), - (m_ticketTimeLeft / 60L % 60L)); - } - else - { - // normal display - if (GOOD_TICKETS == ticketinfo.Afs.btickets || - TICKETS_LOW == ticketinfo.Afs.btickets) - { - if ( m_ticketTimeLeft >= 60 ) { - ticketStatusAfs.Format("AFS Token Life: %02d:%02d", - (m_ticketTimeLeft / 60L / 60L), - (m_ticketTimeLeft / 60L % 60L)); - } else { - ticketStatusAfs.Format("AFS Token Life: < 1 min"); - } - } -#ifndef NO_STATUS_BAR - if (CMainFrame::m_wndStatusBar) - { - CMainFrame::m_wndStatusBar.SetPaneInfo(3, 111113, SBPS_NORMAL, 130); - CMainFrame::m_wndStatusBar.SetPaneText(3, ticketStatusAfs, SBT_POPOUT); - } -#endif - } - } - // AFS - -#ifndef NO_KRB5 if ( m_ticketStatusKrb5 == TWENTY_MINUTES_LEFT && m_autoRenewTickets && !m_autoRenewalAttempted && ticketinfo.Krb5.renew_until && (ticketinfo.Krb5.renew_until - LeashTime() > 20 * 60)) @@ -2586,17 +2218,13 @@ AfxBeginThread(RenewTicket,m_hWnd); goto timer_start; } -#endif /* NO_KRB5 */ BOOL warningKrb5 = m_ticketStatusKrb5 > NO_TICKETS && m_ticketStatusKrb5 < TWENTY_MINUTES_LEFT && !m_warningOfTicketTimeLeftKrb5; - BOOL warningAfs = m_ticketStatusAfs > NO_TICKETS && - m_ticketStatusAfs < TWENTY_MINUTES_LEFT && - !m_warningOfTicketTimeLeftAfs; // Play warning message only once per each case statement above - if (warningKrb5 || warningAfs) + if (warningKrb5) { CString lowTicketWarning = ""; @@ -2607,13 +2235,6 @@ m_warningOfTicketTimeLeftKrb5 = ON; warnings++; } - if (warningAfs) { - if ( warnings ) - lowTicketWarning += "\n"; - lowTicketWarning += lowTicketWarningAfs; - m_warningOfTicketTimeLeftAfs = ON; - warnings++; - } ReleaseMutex(ticketinfo.lockObj); AlarmBeep(); @@ -2626,17 +2247,10 @@ if (CMainFrame::m_isMinimum) { - if ( CLeashApp::m_hAfsDLL ) - strTimeDate = ( "MIT Kerberos - " - "[" + ticketStatusKrb5 + "] - " + - "[" + ticketStatusAfs + "] - " + - "[" + ticketinfo.Krb5.principal + "]" + " - " + - tTimeDate.Format("%A, %B %d, %Y %H:%M ")); - else - strTimeDate = ( "MIT Kerberos - " - "[" + ticketStatusKrb5 + "] - " + - "[" + ticketinfo.Krb5.principal + "]" + " - " + - tTimeDate.Format("%A, %B %d, %Y %H:%M ")); + strTimeDate = ( "MIT Kerberos - " + "[" + ticketStatusKrb5 + "] - " + + "[" + ticketinfo.Krb5.principal + "]" + " - " + + tTimeDate.Format("%A, %B %d, %Y %H:%M ")); } else { @@ -2758,46 +2372,12 @@ VOID CLeashView::OnUpdateProperties(CCmdUI* pCmdUI) { - if (CLeashApp::m_hKrb5DLL -#ifndef NO_KRB4 - || CLeashApp::m_hKrb4DLL -#endif - ) - pCmdUI->Enable(); - else - pCmdUI->Enable(FALSE); -} - -VOID CLeashView::OnUpdateKrb4Properties(CCmdUI* pCmdUI) -{ -#ifndef NO_KRB4 - if (CLeashApp::m_hKrb4DLL) - pCmdUI->Enable(); - else -#endif - pCmdUI->Enable(FALSE); -} - -VOID CLeashView::OnUpdateKrb5Properties(CCmdUI* pCmdUI) -{ if (CLeashApp::m_hKrb5DLL) pCmdUI->Enable(); else pCmdUI->Enable(FALSE); } -VOID CLeashView::OnUpdateAfsControlPanel(CCmdUI* pCmdUI) -{ -////Is the comment even correct? -#ifndef NO_KRB4 - // need Krb 4 to get AFS tokens - if (CLeashApp::m_hAfsDLL && CLeashApp::m_hKrb4DLL) - pCmdUI->Enable(); - else -#endif - pCmdUI->m_pMenu->DeleteMenu(pCmdUI->m_nID, MF_BYCOMMAND); -} - void CLeashView::OnHelpLeash32() { #ifdef CALL_HTMLHELP diff -Nru krb5-1.16.2/src/windows/leash/LeashView.h krb5-1.17/src/windows/leash/LeashView.h --- krb5-1.16.2/src/windows/leash/LeashView.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/LeashView.h 2019-01-08 16:02:37.000000000 +0000 @@ -129,22 +129,13 @@ { private: ////@#+Remove -#ifndef NO_KRB4 - TicketList* m_listKrb4; -#endif - TicketList* m_listAfs; CLeashDebugWindow* m_pDebugWindow; CCacheDisplayData* m_ccacheDisplay; CImageList m_imageList; CWinApp* m_pApp; HTREEITEM m_hPrincipal; -////@#+Remove -#ifndef NO_KRB4 - HTREEITEM m_hKerb4; -#endif HTREEITEM m_hKerb5; HTREEITEM m_hk5tkt; - HTREEITEM m_hAFS; TV_INSERTSTRUCT m_tvinsert; HMENU m_hMenu; BOOL m_startup; @@ -157,11 +148,7 @@ INT m_largeIcons; INT m_lowTicketAlarm; INT m_hPrincipalState; -#ifndef NO_KRB4 - INT m_hKerb4State; -#endif INT m_hKerb5State; - INT m_hAFSState; CString* m_pWarningMessage; BOOL m_bIconAdded; BOOL m_bIconDeleted; @@ -174,18 +161,9 @@ static ViewColumnInfo sm_viewColumns[NUM_VIEW_COLUMNS]; static INT m_autoRenewTickets; - static INT m_ticketStatusAfs; -////Remove as well? - static INT m_ticketStatusKrb4; static INT m_ticketStatusKrb5; static INT m_autoRenewalAttempted; - static INT m_warningOfTicketTimeLeftAfs; -////Remove as well? - static INT m_warningOfTicketTimeLeftKrb4; static INT m_warningOfTicketTimeLeftKrb5; - static INT m_warningOfTicketTimeLeftLockAfs; -////Remove as well? - static INT m_warningOfTicketTimeLeftLockKrb4; static INT m_warningOfTicketTimeLeftLockKrb5; static INT m_updateDisplayCount; static INT m_alreadyPlayedDisplayCount; @@ -246,11 +224,6 @@ // Attributes public: - static INT m_forwardableTicket; - static INT m_proxiableTicket; - static INT m_renewableTicket; - static INT m_noaddressTicket; - static DWORD m_publicIPAddress; static BOOL m_importedTickets; CLeashView(); @@ -327,18 +300,14 @@ afx_msg VOID OnUpdateAutoRenew(CCmdUI* pCmdUI); afx_msg VOID OnUpdateMakeDefault(CCmdUI* pCmdUI); afx_msg VOID OnAppAbout(); - afx_msg VOID OnAfsControlPanel(); afx_msg VOID OnUpdateDebugMode(CCmdUI* pCmdUI); afx_msg VOID OnUpdateCfgFiles(CCmdUI* pCmdUI); - afx_msg VOID OnKrb4Properties(); afx_msg VOID OnKrb5Properties(); afx_msg void OnLeashProperties(); afx_msg void OnLeashRestore(); afx_msg void OnLeashMinimize(); afx_msg void OnLowTicketAlarm(); - afx_msg void OnUpdateKrb4Properties(CCmdUI* pCmdUI); afx_msg void OnUpdateKrb5Properties(CCmdUI* pCmdUI); - afx_msg void OnUpdateAfsControlPanel(CCmdUI* pCmdUI); afx_msg void OnKrbProperties(); afx_msg void OnUpdateProperties(CCmdUI* pCmdUI); afx_msg void OnHelpKerberos(); diff -Nru krb5-1.16.2/src/windows/leash/Lglobals.cpp krb5-1.17/src/windows/leash/Lglobals.cpp --- krb5-1.16.2/src/windows/leash/Lglobals.cpp 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/Lglobals.cpp 1970-01-01 00:00:00.000000000 +0000 @@ -1,148 +0,0 @@ -//***************************************************************************** -// File: lgobals.cpp -// By: Arthur David Leather -// Created: 12/02/98 -// Copyright: @1998 Massachusetts Institute of Technology - All rights -// reserved. -// Description: CPP file for lgobals.cpp. Contains global variables and helper -// functions -// -// History: -// -// MM/DD/YY Inits Description of Change -// 02/02/98 ADL Original -//***************************************************************************** - -#include "stdafx.h" -#include "leash.h" -#include -#include "lglobals.h" - -static const char *const conf_yes[] = { - "y", "yes", "true", "t", "1", "on", - 0, -}; - -static const char *const conf_no[] = { - "n", "no", "false", "nil", "0", "off", - 0, -}; - -int -config_boolean_to_int(const char *s) -{ - const char *const *p; - - for(p=conf_yes; *p; p++) { - if (!strcasecmp(*p,s)) - return 1; - } - - for(p=conf_no; *p; p++) { - if (!strcasecmp(*p,s)) - return 0; - } - - /* Default to "no" */ - return 0; -} - - -// Global Function for deleting or putting a value in the Registry -BOOL SetRegistryVariable(const CString& regVariable, - const CString& regValue, - const char* regSubKey) -{ - // Set Register Variable - HKEY hKey = NULL; - LONG err = 0L; - - - if (ERROR_SUCCESS != (err = RegOpenKeyEx(HKEY_CURRENT_USER, - regSubKey, - 0, KEY_ALL_ACCESS, &hKey))) - { - if ((err = RegCreateKeyEx(HKEY_CURRENT_USER, regSubKey, 0, 0, 0, - KEY_ALL_ACCESS, 0, &hKey, 0))) - { - // Error - return TRUE; - } - } - - if (ERROR_SUCCESS == err && hKey) - { - if (regValue.IsEmpty()) - { - // Delete - RegDeleteValue(hKey, regVariable); - } - else - { - // Insure that Name (Variable) is in the Registry and set - // it's new value - char nVariable[MAX_PATH+1]; - char* pVARIABLE = nVariable; - strncpy(pVARIABLE, regValue, MAX_PATH); - - if (ERROR_SUCCESS != - RegSetValueEx(hKey, regVariable, 0, - REG_SZ, (const unsigned char*)pVARIABLE, - lstrlen(regValue))) - { - // Error - return FALSE; - } - } - - RegCloseKey(hKey); - - // Send this message to all top-level windows in the system - ::PostMessage(HWND_BROADCAST, WM_WININICHANGE, 0L, (LPARAM) regSubKey); - return FALSE; - } - - return TRUE; -} - -VOID LeashErrorBox(LPCSTR errorMsg, LPCSTR insertedString, LPCSTR errorFlag) -{ - CString strMessage; - strMessage = errorMsg; - strMessage += ": "; - strMessage += insertedString; - - MessageBox(CLeashApp::m_hProgram, strMessage, errorFlag, MB_OK); - - //if (*errorFlag == 'E') - //ASSERT(0); // on error condition only -} - -Directory::Directory(LPCSTR pathToValidate) -{ - m_pathToValidate = pathToValidate; - _getdcwd(_getdrive(), m_savCurPath, sizeof(m_savCurPath)); -} - -Directory::~Directory() -{ - if (-1 == _chdir(m_savCurPath)) - ASSERT(0); -} - -BOOL Directory::IsValidDirectory() -{ - if (-1 == _chdir(m_pathToValidate)) - return FALSE; - - return TRUE; -} - -BOOL Directory::IsValidFile() -{ - CFileFind fileFind; - if (!fileFind.FindFile(m_pathToValidate)) - return FALSE; - - return TRUE; -} diff -Nru krb5-1.16.2/src/windows/leash/Lglobals.h krb5-1.17/src/windows/leash/Lglobals.h --- krb5-1.16.2/src/windows/leash/Lglobals.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/Lglobals.h 2019-01-08 16:02:37.000000000 +0000 @@ -60,76 +60,18 @@ #define pGetModuleFileNameEx pGetModuleFileNameExA -// leash functions -TYPEDEF_FUNC( - long, - WINAPIV, - not_an_API_LeashKRB4GetTickets, - (TICKETINFO *, TicketList **) - ); -TYPEDEF_FUNC( - long, - WINAPIV, - not_an_API_LeashAFSGetToken, - (TICKETINFO *, TicketList **, char *) - ); -TYPEDEF_FUNC( - long, - WINAPIV, - not_an_API_LeashGetTimeServerName, - (char *, const char*) - ); - -extern DECL_FUNC_PTR(not_an_API_LeashKRB4GetTickets); -extern DECL_FUNC_PTR(not_an_API_LeashAFSGetToken); -extern DECL_FUNC_PTR(not_an_API_LeashGetTimeServerName); extern DECL_FUNC_PTR(Leash_kdestroy); extern DECL_FUNC_PTR(Leash_changepwd_dlg); extern DECL_FUNC_PTR(Leash_changepwd_dlg_ex); extern DECL_FUNC_PTR(Leash_kinit_dlg); extern DECL_FUNC_PTR(Leash_kinit_dlg_ex); extern DECL_FUNC_PTR(Leash_timesync); -extern DECL_FUNC_PTR(Leash_get_default_lifetime); -extern DECL_FUNC_PTR(Leash_set_default_lifetime); -extern DECL_FUNC_PTR(Leash_get_default_forwardable); -extern DECL_FUNC_PTR(Leash_set_default_forwardable); -extern DECL_FUNC_PTR(Leash_get_default_renew_till); -extern DECL_FUNC_PTR(Leash_set_default_renew_till); -extern DECL_FUNC_PTR(Leash_get_default_noaddresses); -extern DECL_FUNC_PTR(Leash_set_default_noaddresses); -extern DECL_FUNC_PTR(Leash_get_default_proxiable); -extern DECL_FUNC_PTR(Leash_set_default_proxiable); -extern DECL_FUNC_PTR(Leash_get_default_publicip); -extern DECL_FUNC_PTR(Leash_set_default_publicip); -extern DECL_FUNC_PTR(Leash_get_default_use_krb4); -extern DECL_FUNC_PTR(Leash_set_default_use_krb4); -extern DECL_FUNC_PTR(Leash_get_default_life_min); -extern DECL_FUNC_PTR(Leash_set_default_life_min); -extern DECL_FUNC_PTR(Leash_get_default_life_max); -extern DECL_FUNC_PTR(Leash_set_default_life_max); -extern DECL_FUNC_PTR(Leash_get_default_renew_min); -extern DECL_FUNC_PTR(Leash_set_default_renew_min); -extern DECL_FUNC_PTR(Leash_get_default_renew_max); -extern DECL_FUNC_PTR(Leash_set_default_renew_max); -extern DECL_FUNC_PTR(Leash_get_default_renewable); -extern DECL_FUNC_PTR(Leash_set_default_renewable); -extern DECL_FUNC_PTR(Leash_get_lock_file_locations); -extern DECL_FUNC_PTR(Leash_set_lock_file_locations); extern DECL_FUNC_PTR(Leash_get_default_uppercaserealm); extern DECL_FUNC_PTR(Leash_set_default_uppercaserealm); extern DECL_FUNC_PTR(Leash_get_default_mslsa_import); -extern DECL_FUNC_PTR(Leash_set_default_mslsa_import); -extern DECL_FUNC_PTR(Leash_get_default_preserve_kinit_settings); -extern DECL_FUNC_PTR(Leash_set_default_preserve_kinit_settings); extern DECL_FUNC_PTR(Leash_import); extern DECL_FUNC_PTR(Leash_importable); extern DECL_FUNC_PTR(Leash_renew); -extern DECL_FUNC_PTR(Leash_reset_defaults); - -////Do we still need this one? -#define pLeashKRB4GetTickets pnot_an_API_LeashKRB4GetTickets -#define pLeashAFSGetToken pnot_an_API_LeashAFSGetToken -#define pLeashGetTimeServerName pnot_an_API_LeashGetTimeServerName // psapi functions extern DECL_FUNC_PTR(GetModuleFileNameExA); @@ -232,13 +174,6 @@ #define LEASH_HELP_FILE "leash.chm" -extern int config_boolean_to_int(const char *); -extern BOOL SetRegistryVariable(const CString& regVariable, - const CString& regValue, - const char* regSubKey = "Software\\MIT\\Leash32\\Settings"); -extern VOID LeashErrorBox(LPCSTR errorMsg, LPCSTR insertedString, - LPCSTR errorFlag = "Error"); - // Get ticket info for the default ccache only extern void LeashKRB5ListDefaultTickets(TICKETINFO *ticketinfo); // clean up ticket info @@ -249,26 +184,10 @@ // clean up ticket info list extern void LeashKRB5FreeTickets(TICKETINFO **ticketinfolist); - - -class Directory -{ - CHAR m_savCurPath[MAX_PATH]; - CString m_pathToValidate; - -public: - Directory(LPCSTR pathToValidate); - virtual ~Directory(); - - BOOL IsValidDirectory(); - BOOL IsValidFile(); -}; - class TicketInfoWrapper { public: HANDLE lockObj; TICKETINFO Krb5; - TICKETINFO Afs; }; extern TicketInfoWrapper ticketinfo; diff -Nru krb5-1.16.2/src/windows/leash/MainFrm.cpp krb5-1.17/src/windows/leash/MainFrm.cpp --- krb5-1.16.2/src/windows/leash/MainFrm.cpp 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/MainFrm.cpp 2019-01-08 16:02:37.000000000 +0000 @@ -165,8 +165,7 @@ #ifndef NO_STATUS_BAR if (!m_wndStatusBar.Create(this) || - !m_wndStatusBar.SetIndicators(indicators, - (CLeashApp::m_hAfsDLL ? 4 : 3))) + !m_wndStatusBar.SetIndicators(indicators, 3)) { MessageBox("There is problem creating the Leash Status Bar!", "Error", MB_OK); diff -Nru krb5-1.16.2/src/windows/leash/Makefile.in krb5-1.17/src/windows/leash/Makefile.in --- krb5-1.16.2/src/windows/leash/Makefile.in 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/Makefile.in 2019-01-08 16:02:37.000000000 +0000 @@ -1,69 +1,23 @@ # makefile: Leash executable # -#TODO Fix later: -NO_AFS=1 - -!ifndef NO_AFS -###AFS_BASE= -AFS_INCLUDES=-I$(AFS_BASE)\Include -AFS_LIB=$(AFS_BASE)\lib -AFS_LIBS=$(AFS_LIB)\afsauthent.lib -!else -AFS_INCLUDES= -AFS_LIBS= -!endif - -!if defined(VISUALSTUDIOVERSION) -MFC_VERSION=$(VISUALSTUDIOVERSION:.=) -!else -MFC_VERSION=100 -!endif - -!if defined(NODEBUG) -MFCLIB=MFC$(MFC_VERSION).LIB -!else -MFCLIB=MFC$(MFC_VERSION)D.LIB -!endif EXE_NAME=leash -WSHELPER=wshelp32 - -!if ("$(CPU)" == "IA64") || ("$(CPU)" == "AMD64") || ("$(CPU)" == "ALPHA64") -WSHELPER=wshelp64 -!endif SUBDIRS= htmlhelp OBJS= \ - $(OUTPRE)Krb4EditDomainRealmList.obj \ - $(OUTPRE)CLeashDragListBox.obj \ - $(OUTPRE)Krb5Properties.obj \ - $(OUTPRE)KrbAddHostServer.obj \ - $(OUTPRE)KrbAddRealm.obj \ - $(OUTPRE)KrbConfigOptions.obj \ - $(OUTPRE)KrbDomainRealmMaintenance.obj \ - $(OUTPRE)KrbEditHostServer.obj \ - $(OUTPRE)KrbEditRealm.obj \ - $(OUTPRE)KrbProperties.obj \ - $(OUTPRE)KrbRealmHostMaintenance.obj \ $(OUTPRE)Leash.obj \ $(OUTPRE)LeashAboutBox.obj \ $(OUTPRE)LeashDebugWindow.obj \ $(OUTPRE)LeashDoc.obj \ - $(OUTPRE)LeashFileDialog.obj \ $(OUTPRE)LeashFrame.obj \ $(OUTPRE)LeashMessageBox.obj \ - $(OUTPRE)LeashProperties.obj \ $(OUTPRE)LeashUIApplication.obj \ $(OUTPRE)LeashUICommandHandler.obj \ $(OUTPRE)LeashView.obj \ - $(OUTPRE)lglobals.obj \ $(OUTPRE)MainFrm.obj \ $(OUTPRE)out2con.obj \ $(OUTPRE)StdAfx.obj \ - $(OUTPRE)AfsProperties.obj \ - $(OUTPRE)VSroutines.obj \ - $(OUTPRE)KrbMiscConfigOpt.obj \ $(OUTPRE)KrbListTickets.obj RESFILE = $(OUTPRE)Leash.res @@ -79,20 +33,16 @@ RFLAGS = $(LOCALINCLUDES) RCFLAGS = $(RFLAGS) -D_WIN32 -DLEASH_APP -DEFINES = -DWINSOCK -DWIN32 -DWINDOWS -D_AFXDLL -DNO_KRB4 -DNO_STATUS_BAR -DUSE_MESSAGE_BOX +DEFINES = -DWINSOCK -DWIN32 -DWINDOWS -D_AFXDLL -DNO_STATUS_BAR -DUSE_MESSAGE_BOX !ifdef NODEBUG DEFINES = $(DEFINES) !else DEFINES = $(DEFINES) -DDBG !endif -!ifdef NO_AFS -DEFINES = $(DEFINES) -DNO_AFS -!endif - ##### Linker LINK = link -LIBS = $(GLIB) $(CLIB) $(WLIB) +LIBS = $(GLIB) $(CLIB) SYSLIBS = kernel32.lib Iphlpapi.lib ws2_32.lib user32.lib gdi32.lib comdlg32.lib comctl32.lib version.lib LFLAGS = /nologo $(LOPTS) @@ -100,8 +50,7 @@ $(OUTPRE)$(EXE_NAME).exe: $(OBJS) $(XOBJS) $(LIBS) $(LINK) $(LFLAGS) /out:$@ /ENTRY:WinMainCRTStartup $(OBJS) $(XOBJS) \ - $(LIBS) $(SYSLIBS) $(BUILDTOP)\util\wshelper\$(OUTPRE)$(WSHELPER).lib \ - ../lib/$(OUTPRE)libwin.lib $(MFCLIB) $(SCLIB) + $(LIBS) $(SYSLIBS) ../lib/$(OUTPRE)libwin.lib copy $@ "$(OUTPRE)MIT Kerberos.exe" kfwribbon.bml kfwribbon.h kfwribbon.rc: kfwribbon.xml diff -Nru krb5-1.16.2/src/windows/leash/out2con.cpp krb5-1.17/src/windows/leash/out2con.cpp --- krb5-1.16.2/src/windows/leash/out2con.cpp 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/out2con.cpp 2019-01-08 16:02:37.000000000 +0000 @@ -96,9 +96,7 @@ FILE* fp = _fdopen(m_pipefd, "w"); // copy to stdout *stdout = *fp; - // now slam the allocated FILE's _flag to zero to mark it as free without - // actually closing the os file handle and pipe - fp->_flag = 0; + // fp leaks, but we can't close it without closing the OS file handle // disable buffering setvbuf(stdout, NULL, _IONBF, 0); diff -Nru krb5-1.16.2/src/windows/leash/resource.h krb5-1.17/src/windows/leash/resource.h --- krb5-1.16.2/src/windows/leash/resource.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/resource.h 2019-01-08 16:02:37.000000000 +0000 @@ -27,35 +27,23 @@ #define IDD_DEBUG_WINDOW 157 #define IDD_LEASH_DEBUG_WINDOW 157 #define IDD_PAGE1 160 -#define IDD_KRB4_PROP_LOCATION 160 #define IDD_PAGE2 161 -#define IDD_KRB4_PROP_CONTENT 161 #define IDD_KRB_PROP_CONTENT 161 #define IDD_LEASH_PROPERTIES 167 #define IDD_KERB5_PAGE_PROP 168 #define IDD_KRB5_PROP_CONTENT 168 #define IDD_KRB5_PROP_LOCATION 169 -#define IDD_KRB4_REALMHOST_MAINT 178 #define IDD_KRB_REALMHOST_MAINT 178 #define IDC_CURSOR1 179 -#define IDD_KRB4_DOMAINREALM_MAINT 180 -#define IDD_KRB4_ADD_REALMHOSTNAMES 181 #define IDD_KRB_ADD_REALM 181 -#define IDD_KRB4_EDIT_REALMHOSTNAMES 182 #define IDD_KRB_EDIT_REALM 182 -#define IDD_KRB4_ADD_DOMAINREALMNAME 183 -#define IDD_KRB4_EDIT_DOMAINREALMNAME 184 #define IDD_DIALOG5 187 #define IDD_KRB_ADD_KDC_HOSTSERVER 197 #define IDD_KRB_EDIT_KDC_HOSTSERVER 199 -#define IDD_KRB4_REALMHOST_MAINT2 203 -#define IDD_KRB4_EDIT_REALM 204 -#define IDD_KRB4_ADD_REALM 205 #define IDD_DIALOG6 207 #define IDD_KRB_DOMAINREALM_MAINT 207 #define IDD_DIALOG7 210 #define IDI_ICON1 221 -#define IDD_AFS_PROPERTIES 224 #define IDD_AUTHENTICATE 229 #define IDI_LEASH_PRINCIPAL_GOOD 230 #define IDI_LEASH_PRINCIPAL_LOW 231 @@ -102,7 +90,6 @@ #define IDC_LABEL_KERB_TICKETS 1011 #define IDC_LIST1 1012 #define IDC_LEASH_MODULE_LB 1012 -#define IDC_LIST_KRB4_REALM_HOST 1012 #define IDC_LIST_UTILITY 1012 #define IDC_LIST_KDC_REALM 1012 #define IDC_LIST_REMOVE_HOST 1012 @@ -173,7 +160,6 @@ #define IDC_STATIC_OPTIONS 1083 #define IDC_STATIC_TICKET_OPTIONS 1085 #define IDC_BUTTON1 1086 -#define IDC_BUTTON_AFS_PROPERTIES 1086 #define IDC_RESET_DEFAULTS 1086 #define IDC_BUTTON_KRB_HELP 1087 #define IDC_STATIC_KRBREALM 1088 @@ -213,9 +199,6 @@ #define IDC_STATIC_NOTE 1129 #define IDC_EDIT_KDC_HOST 1130 #define IDC_EDIT_REALM 1131 -#define IDC_BUTTON_KRB4_REALM_HOST_ADD 1133 -#define ID_BUTTON_KRB4_REALM_HOST_REMOVE 1134 -#define IDC_BUTTON_KRB4_REALM_HOST_EDIT 1135 #define IDC_BUTTON_REALMHOST_MAINT_HELP2 1136 #define IDC_BUTTON_HOST_ADD 1138 #define ID_BUTTON_HOST_REMOVE 1139 @@ -229,8 +212,6 @@ #define IDC_STATIC_KRBREALMS 1149 #define IDC_STATIC_INIFILES 1150 #define IDC_CHECK_CONFIRM_KRB5_EXISTS 1151 -#define IDC_RADIO_AFS_ENABLED 1152 -#define IDC_RADIO_AFS_DISABLED 1153 #define IDC_STATIC_KRB_DEFAULT_LIFETIME 1154 #define IDC_STATIC_TIME_UNITS 1155 #define IDC_STATIC_KRB_DEFAULT_RENEWTILL 1155 @@ -256,7 +237,6 @@ #define IDC_STATIC_KRB5 1171 #define IDC_EDIT_RENEWTILL_H 1171 #define IDC_CHECK1 1172 -#define IDC_CHECK_REQUEST_KRB4 1172 #define IDC_CHECK2 1173 #define IDC_CHECK_PRESERVE_KINIT_OPTIONS 1173 #define IDC_CHECK3 1174 @@ -265,7 +245,6 @@ #define IDC_STATIC_RENEW_TILL_VALUE 1177 #define IDC_PICTURE 1179 #define IDC_DNS_KDC 1180 -#define IDC_KRB4_DNS_KDC 1181 #define IDC_CHECK_CREATE_MISSING_CFG 1182 #define IDC_GROUP_LEASH_MISC 1183 #define IDC_STATIC_LIFETIME_RANGE 1184 @@ -306,9 +285,7 @@ #define ID_UPPERCASE_REALM 32787 #define ID_OPTIONS_RESETWINDOWSIZE 32789 #define ID_RESET_WINDOW_SIZE 32790 -#define ID_AFS_CONTROL_PANEL 32791 #define ID_SYSTEM_CONTROL_PANEL 32792 -#define ID_KRB4_PROPERTIES 32793 #define ID_KRB5_PROPERTIES 32794 #define ID_LEASH_PROPERTIES 32795 #define ID_OPTIONS_LOWTICKETALARMSOUND 32796 diff -Nru krb5-1.16.2/src/windows/leash/VSroutines.c krb5-1.17/src/windows/leash/VSroutines.c --- krb5-1.16.2/src/windows/leash/VSroutines.c 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leash/VSroutines.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,64 +0,0 @@ -#include -#include - -#if 0 -//#ifdef USE_VS -#include - -#define ININAME "leash.ini" - -int VScheckVersion(HWND hWnd, HANDLE hThisInstance) -{ - VS_Request vrequest; - VS_Status status; - BOOL ok_to_continue; - HCURSOR hcursor; - char szFilename[255]; - char szVerQ[90]; - char *cp; - LPSTR lpAppVersion; - LPSTR lpAppName; - LONG FAR *lpLangInfo; - DWORD hVersionInfoID; - DWORD size; - GLOBALHANDLE hVersionInfo; - LPSTR lpVersionInfo; - int dumint; - int retval; - - GetModuleFileName(hThisInstance, (LPSTR)szFilename, 255); - size = GetFileVersionInfoSize((LPSTR) szFilename, &hVersionInfoID); - hVersionInfo = GlobalAlloc(GHND, size); - lpVersionInfo = GlobalLock(hVersionInfo); - retval = GetFileVersionInfo(szFilename, hVersionInfoID, size, - lpVersionInfo); - retval = VerQueryValue(lpVersionInfo, "\\VarFileInfo\\Translation", - (LPSTR FAR *)&lpLangInfo, &dumint); - wsprintf(szVerQ, "\\StringFileInfo\\%04x%04x\\", - LOWORD(*lpLangInfo), HIWORD(*lpLangInfo)); - cp = szVerQ + lstrlen(szVerQ); - lstrcpy(cp, "ProductName"); - retval = VerQueryValue(lpVersionInfo, szVerQ, &lpAppName, &dumint); - lstrcpy(cp, "ProductVersion"); - - retval = VerQueryValue(lpVersionInfo, szVerQ, &lpAppVersion, &dumint); - hcursor = SetCursor(LoadCursor((HINSTANCE)NULL, IDC_WAIT)); - vrequest = VSFormRequest(lpAppName, lpAppVersion, ININAME, NULL, hWnd, - V_CHECK_AND_LOG); - if ((ok_to_continue = (ReqStatus(vrequest) != V_E_CANCEL)) - && v_complain((status = VSProcessRequest(vrequest)), ININAME)) - WinVSReportRequest(vrequest, hWnd, "Version Server Status Report"); - if (ok_to_continue && status == V_REQUIRED) - ok_to_continue = FALSE; - VSDestroyRequest(vrequest); - SetCursor(hcursor); - GlobalUnlock(hVersionInfo); - GlobalFree(hVersionInfo); - return(ok_to_continue); -} -#else -int VScheckVersion(HWND hWnd, HANDLE hThisInstance) -{ - return(1); -} -#endif diff -Nru krb5-1.16.2/src/windows/leashdll/AFSroutines.c krb5-1.17/src/windows/leashdll/AFSroutines.c --- krb5-1.16.2/src/windows/leashdll/AFSroutines.c 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leashdll/AFSroutines.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,833 +0,0 @@ -//* Module name: AFSroutines.c - -#include -#include -#include -#include - -/* Private Include files */ -#include -#include -#include "leashdll.h" -#include - -#ifndef NO_AFS -#include -#include -#include -#include -#endif -#include "leash-int.h" - -#define MAXCELLCHARS 64 -#define MAXHOSTCHARS 64 -#define MAXHOSTSPERCELL 8 -#define TRANSARCAFSDAEMON "TransarcAFSDaemon" -typedef struct { - char name[MAXCELLCHARS]; - short numServers; - short flags; - struct sockaddr_in hostAddr[MAXHOSTSPERCELL]; - char hostName[MAXHOSTSPERCELL][MAXHOSTCHARS]; - char *linkedCell; -} afsconf_cell; - -DWORD AfsOnLine = 1; -extern DWORD AfsAvailable; - -int not_an_API_LeashAFSGetToken(TICKETINFO * ticketinfo, TicketList** ticketList, char * kprinc); -DWORD GetServiceStatus(LPSTR lpszMachineName, LPSTR lpszServiceName, DWORD *lpdwCurrentState); -BOOL SetAfsStatus(DWORD AfsStatus); -BOOL GetAfsStatus(DWORD *AfsStatus); -void Leash_afs_error(LONG rc, LPCSTR FailedFunctionName); - -static char *afs_realm_of_cell(afsconf_cell *); -static long get_cellconfig_callback(void *, struct sockaddr_in *, char *); -static int get_cellconfig(char *, afsconf_cell *, char *); - -/**************************************/ -/* LeashAFSdestroyToken(): */ -/**************************************/ -int -Leash_afs_unlog( - void - ) -{ -#ifdef NO_AFS - return(0); -#else - long rc; - char HostName[64]; - DWORD CurrentState; - - if (!AfsAvailable || GetAfsStatus(&AfsOnLine) && !AfsOnLine) - return(0); - - CurrentState = 0; - memset(HostName, '\0', sizeof(HostName)); - gethostname(HostName, sizeof(HostName)); - if (GetServiceStatus(HostName, TRANSARCAFSDAEMON, &CurrentState) != NOERROR) - return(0); - if (CurrentState != SERVICE_RUNNING) - return(0); - - rc = ktc_ForgetAllTokens(); - - return(0); -#endif -} - - -int -not_an_API_LeashAFSGetToken( - TICKETINFO * ticketinfo, - TicketList** ticketList, - char * kerberosPrincipal - ) -{ -#ifdef NO_AFS - return(0); -#else - struct ktc_principal aserver; - struct ktc_principal aclient; - struct ktc_token atoken; - int EndMonth; - int EndDay; - int cellNum; - int BreakAtEnd; - char UserName[64]; - char CellName[64]; - char ServiceName[64]; - char InstanceName[64]; - char EndTime[16]; - char Buffer[256]; - char Months[12][4] = {"Jan\0", "Feb\0", "Mar\0", "Apr\0", "May\0", "Jun\0", "Jul\0", "Aug\0", "Sep\0", "Oct\0", "Nov\0", "Dec\0"}; - char TokenStatus[16]; - time_t CurrentTime; - struct tm *newtime; - DWORD CurrentState; - DWORD rc; - char HostName[64]; - - - TicketList* list = NULL; - if ( ticketinfo ) { - ticketinfo->btickets = NO_TICKETS; - ticketinfo->principal[0] = '\0'; - } - if ( !kerberosPrincipal ) - kerberosPrincipal = ""; - - if (!AfsAvailable || GetAfsStatus(&AfsOnLine) && !AfsOnLine) - return(0); - - CurrentState = 0; - memset(HostName, '\0', sizeof(HostName)); - gethostname(HostName, sizeof(HostName)); - if (GetServiceStatus(HostName, TRANSARCAFSDAEMON, &CurrentState) != NOERROR) - return(0); - if (CurrentState != SERVICE_RUNNING) - return(0); - - BreakAtEnd = 0; - cellNum = 0; - while (1) - { - if (rc = ktc_ListTokens(cellNum, &cellNum, &aserver)) - { - if (rc != KTC_NOENT) - return(0); - - if (BreakAtEnd == 1) - break; - } - BreakAtEnd = 1; - memset(&atoken, '\0', sizeof(atoken)); - if (rc = ktc_GetToken(&aserver, &atoken, sizeof(atoken), &aclient)) - { - if (rc == KTC_ERROR) - return(0); - - continue; - } - - if (!list) - { - list = (TicketList*) calloc(1, sizeof(TicketList)); - (*ticketList) = list; - } - else - { - list->next = (struct TicketList*) calloc(1, sizeof(TicketList)); - list = (TicketList*) list->next; - } - - CurrentTime = time(NULL); - - newtime = localtime(&atoken.endTime); - - memset(UserName, '\0', sizeof(UserName)); - strcpy(UserName, aclient.name); - - memset(CellName, '\0', sizeof(CellName)); - strcpy(CellName, aclient.cell); - - memset(InstanceName, '\0', sizeof(InstanceName)); - strcpy(InstanceName, aclient.instance); - - memset(ServiceName, '\0', sizeof(ServiceName)); - strcpy(ServiceName, aserver.name); - - memset(TokenStatus, '\0', sizeof(TokenStatus)); - - EndDay = newtime->tm_mday; - - EndMonth = newtime->tm_mon + 1;; - - sprintf(EndTime, "%02d:%02d:%02d", newtime->tm_hour, newtime->tm_min, newtime->tm_sec); - - sprintf(Buffer," %s %02d %s %s%s%s@%s %s", - Months[EndMonth - 1], EndDay, EndTime, - UserName, - InstanceName[0] ? "." : "", - InstanceName, - CellName, - TokenStatus); - - list->theTicket = (char*) calloc(1, sizeof(Buffer)); - if (!list->theTicket) - { -#ifdef USE_MESSAGE_BOX - MessageBox(NULL, "Memory Error", "Error", MB_OK); -#endif /* USE_MESSAGE_BOX */ - return ENOMEM; - } - - strcpy(list->theTicket, Buffer); - list->name = strdup(aclient.name); - list->inst = aclient.instance[0] ? strdup(aclient.instance) : NULL; - list->realm = strdup(aclient.cell); - list->encTypes = NULL; - list->addrCount = 0; - list->addrList = NULL; - - if ( ticketinfo ) { - sprintf(Buffer,"%s@%s",UserName,CellName); - if (!ticketinfo->principal[0] || !stricmp(Buffer,kerberosPrincipal)) { - strcpy(ticketinfo->principal, Buffer); - ticketinfo->issue_date = 0; - ticketinfo->lifetime = atoken.endTime; - ticketinfo->renew_till = 0; - - _tzset(); - if ( ticketinfo->lifetime - time(0) <= 0L ) - ticketinfo->btickets = EXPD_TICKETS; - else - ticketinfo->btickets = GOOD_TICKETS; - } - } - } - return(0); -#endif -} - -static char OpenAFSConfigKeyName[] = "SOFTWARE\\OpenAFS\\Client"; - -static int -use_krb524(void) -{ - HKEY parmKey; - DWORD code, len; - DWORD use524 = 0; - - code = RegOpenKeyEx(HKEY_CURRENT_USER, OpenAFSConfigKeyName, - 0, KEY_QUERY_VALUE, &parmKey); - if (code == ERROR_SUCCESS) { - len = sizeof(use524); - code = RegQueryValueEx(parmKey, "Use524", NULL, NULL, - (BYTE *) &use524, &len); - RegCloseKey(parmKey); - } - if (code != ERROR_SUCCESS) { - code = RegOpenKeyEx(HKEY_LOCAL_MACHINE, OpenAFSConfigKeyName, - 0, KEY_QUERY_VALUE, &parmKey); - if (code == ERROR_SUCCESS) { - len = sizeof(use524); - code = RegQueryValueEx(parmKey, "Use524", NULL, NULL, - (BYTE *) &use524, &len); - RegCloseKey (parmKey); - } - } - return use524; -} - - - -int -Leash_afs_klog( - char *service, - char *cell, - char *realm, - int LifeTime - ) -{ -/////#ifdef NO_AFS -#if defined(NO_AFS) || defined(NO_KRB4) - return(0); -#else - long rc; -////This is defined in krb.h: - CREDENTIALS creds; - KTEXT_ST ticket; - struct ktc_principal aserver; - struct ktc_principal aclient; - char realm_of_user[REALM_SZ]; /* Kerberos realm of user */ - char realm_of_cell[REALM_SZ]; /* Kerberos realm of cell */ - char local_cell[MAXCELLCHARS+1]; - char Dmycell[MAXCELLCHARS+1]; - struct ktc_token atoken; - struct ktc_token btoken; - afsconf_cell ak_cellconfig; /* General information about the cell */ - char RealmName[128]; - char CellName[128]; - char ServiceName[128]; - DWORD CurrentState; - char HostName[64]; - BOOL try_krb5 = 0; - int retry = 0; - int len; -#ifndef NO_KRB5 - krb5_context context = 0; - krb5_ccache _krb425_ccache = 0; - krb5_creds increds; - krb5_creds * k5creds = 0; - krb5_error_code r; - krb5_principal client_principal = 0; - krb5_flags flags = 0; -#endif /* NO_KRB5 */ - - if (!AfsAvailable || GetAfsStatus(&AfsOnLine) && !AfsOnLine) - return(0); - - if ( !realm ) realm = ""; - if ( !cell ) cell = ""; - if ( !service ) service = ""; - - CurrentState = 0; - memset(HostName, '\0', sizeof(HostName)); - gethostname(HostName, sizeof(HostName)); - if (GetServiceStatus(HostName, TRANSARCAFSDAEMON, &CurrentState) != NOERROR) - return(0); - if (CurrentState != SERVICE_RUNNING) - return(0); - - memset(RealmName, '\0', sizeof(RealmName)); - memset(CellName, '\0', sizeof(CellName)); - memset(ServiceName, '\0', sizeof(ServiceName)); - memset(realm_of_user, '\0', sizeof(realm_of_user)); - memset(realm_of_cell, '\0', sizeof(realm_of_cell)); - memset(Dmycell, '\0', sizeof(Dmycell)); - - // NULL or empty cell returns information on local cell - if (cell && cell[0]) - strcpy(Dmycell, cell); - rc = get_cellconfig(Dmycell, &ak_cellconfig, local_cell); - if (rc && cell && cell[0]) { - memset(Dmycell, '\0', sizeof(Dmycell)); - rc = get_cellconfig(Dmycell, &ak_cellconfig, local_cell); - } - if (rc) - return(rc); - -#ifndef NO_KRB5 - if (!(r = Leash_krb5_initialize(&context, &_krb425_ccache))) { - int i; - - memset((char *)&increds, 0, sizeof(increds)); - - (*pkrb5_cc_get_principal)(context, _krb425_ccache, &client_principal); - i = krb5_princ_realm(context, client_principal)->length; - if (i > REALM_SZ-1) - i = REALM_SZ-1; - strncpy(realm_of_user,krb5_princ_realm(context, client_principal)->data,i); - realm_of_user[i] = 0; - try_krb5 = 1; - } -#endif /* NO_KRB5 */ - -#ifndef NO_KRB4 - if ( !try_krb5 || !realm_of_user[0] ) { - if ((rc = (*pkrb_get_tf_realm)((*ptkt_string)(), realm_of_user)) != KSUCCESS) - { - return(rc); - } - } -#endif - strcpy(realm_of_cell, afs_realm_of_cell(&ak_cellconfig)); - - if (strlen(service) == 0) - strcpy(ServiceName, "afs"); - else - strcpy(ServiceName, service); - - if (strlen(cell) == 0) - strcpy(CellName, local_cell); - else - strcpy(CellName, cell); - - if (strlen(realm) == 0) - strcpy(RealmName, realm_of_cell); - else - strcpy(RealmName, realm); - - memset(&creds, '\0', sizeof(creds)); - -#ifndef NO_KRB5 - if ( try_krb5 ) { - /* First try Service/Cell@REALM */ - if (r = (*pkrb5_build_principal)(context, &increds.server, - strlen(RealmName), - RealmName, - ServiceName, - CellName, - 0)) - { - try_krb5 = 0; - goto use_krb4; - } - - increds.client = client_principal; - increds.times.endtime = 0; - /* Ask for DES since that is what V4 understands */ - increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC; - -#ifdef KRB5_TC_NOTICKET - flags = 0; - r = pkrb5_cc_set_flags(context, _krb425_ccache, flags); -#endif - if (r == 0) - r = pkrb5_get_credentials(context, 0, _krb425_ccache, &increds, &k5creds); - if (r == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN || - r == KRB5KRB_ERR_GENERIC /* Heimdal */) { - /* Next try Service@REALM */ - pkrb5_free_principal(context, increds.server); - r = pkrb5_build_principal(context, &increds.server, - strlen(RealmName), - RealmName, - ServiceName, - 0); - if (r == 0) - r = pkrb5_get_credentials(context, 0, _krb425_ccache, &increds, &k5creds); - } - - pkrb5_free_principal(context, increds.server); - pkrb5_free_principal(context, client_principal); -#ifdef KRB5_TC_NOTICKET - flags = KRB5_TC_NOTICKET; - pkrb5_cc_set_flags(context, _krb425_ccache, flags); -#endif - (void) pkrb5_cc_close(context, _krb425_ccache); - _krb425_ccache = 0; - - if (r || k5creds == 0) { - pkrb5_free_context(context); - try_krb5 = 0; - goto use_krb4; - } - - /* This code inserts the entire K5 ticket into the token - * No need to perform a krb524 translation which is - * commented out in the code below - */ - if ( use_krb524() || k5creds->ticket.length > MAXKTCTICKETLEN ) - goto try_krb524d; - - memset(&aserver, '\0', sizeof(aserver)); - strncpy(aserver.name, ServiceName, MAXKTCNAMELEN - 1); - strncpy(aserver.cell, CellName, MAXKTCREALMLEN - 1); - - memset(&atoken, '\0', sizeof(atoken)); - atoken.kvno = RXKAD_TKT_TYPE_KERBEROS_V5; - atoken.startTime = k5creds->times.starttime; - atoken.endTime = k5creds->times.endtime; - memcpy(&atoken.sessionKey, k5creds->keyblock.contents, k5creds->keyblock.length); - atoken.ticketLen = k5creds->ticket.length; - memcpy(atoken.ticket, k5creds->ticket.data, atoken.ticketLen); - - retry_gettoken5: - rc = ktc_GetToken(&aserver, &btoken, sizeof(btoken), &aclient); - if (rc != 0 && rc != KTC_NOENT && rc != KTC_NOCELL) { - if ( rc == KTC_NOCM && retry < 20 ) { - Sleep(500); - retry++; - goto retry_gettoken5; - } - goto try_krb524d; - } - - if (atoken.kvno == btoken.kvno && - atoken.ticketLen == btoken.ticketLen && - !memcmp(&atoken.sessionKey, &btoken.sessionKey, sizeof(atoken.sessionKey)) && - !memcmp(atoken.ticket, btoken.ticket, atoken.ticketLen)) - { - /* Success */ - pkrb5_free_creds(context, k5creds); - pkrb5_free_context(context); - return(0); - } - - // * Reset the "aclient" structure before we call ktc_SetToken. - // * This structure was first set by the ktc_GetToken call when - // * we were comparing whether identical tokens already existed. - - len = min(k5creds->client->data[0].length,MAXKTCNAMELEN - 1); - strncpy(aclient.name, k5creds->client->data[0].data, len); - aclient.name[len] = '\0'; - - if ( k5creds->client->length > 1 ) { - char * p; - strcat(aclient.name, "."); - p = aclient.name + strlen(aclient.name); - len = min(k5creds->client->data[1].length,MAXKTCNAMELEN - strlen(aclient.name) - 1); - strncpy(p, k5creds->client->data[1].data, len); - p[len] = '\0'; - } - aclient.instance[0] = '\0'; - - strcpy(aclient.cell, realm_of_cell); - - len = min(k5creds->client->realm.length,strlen(realm_of_cell)); - if ( strncmp(realm_of_cell, k5creds->client->realm.data, len) ) { - char * p; - strcat(aclient.name, "@"); - p = aclient.name + strlen(aclient.name); - len = min(k5creds->client->realm.length,MAXKTCNAMELEN - strlen(aclient.name) - 1); - strncpy(p, k5creds->client->realm.data, len); - p[len] = '\0'; - } - - rc = ktc_SetToken(&aserver, &atoken, &aclient, 0); - if (!rc) { - /* Success */ - pkrb5_free_creds(context, k5creds); - pkrb5_free_context(context); - return(0); - } - - try_krb524d: - /* This requires krb524d to be running with the KDC */ - r = pkrb524_convert_creds_kdc(context, k5creds, &creds); - pkrb5_free_creds(context, k5creds); - pkrb5_free_context(context); - if (r) { - try_krb5 = 0; - goto use_krb4; - } - rc = KSUCCESS; - } else -#endif /* NO_KRB5 */ - { - use_krb4: - rc = KFAILURE; - } - if (rc != KSUCCESS) - { - return(rc); - } - - memset(&aserver, '\0', sizeof(aserver)); - strncpy(aserver.name, ServiceName, MAXKTCNAMELEN - 1); - strncpy(aserver.cell, CellName, MAXKTCNAMELEN - 1); - - memset(&atoken, '\0', sizeof(atoken)); - atoken.kvno = creds.kvno; - atoken.startTime = creds.issue_date; - atoken.endTime = (*pkrb_life_to_time)(creds.issue_date,creds.lifetime); - memcpy(&atoken.sessionKey, creds.session, 8); - atoken.ticketLen = creds.ticket_st.length; - memcpy(atoken.ticket, creds.ticket_st.dat, atoken.ticketLen); - - if (!(rc = ktc_GetToken(&aserver, &btoken, sizeof(btoken), &aclient)) && - atoken.kvno == btoken.kvno && - atoken.ticketLen == btoken.ticketLen && - !memcmp(&atoken.sessionKey, &btoken.sessionKey, sizeof(atoken.sessionKey)) && - !memcmp(atoken.ticket, btoken.ticket, atoken.ticketLen)) - { - return(0); - } - - // * Reset the "aclient" structure before we call ktc_SetToken. - // * This structure was first set by the ktc_GetToken call when - // * we were comparing whether identical tokens already existed. - - strncpy(aclient.name, creds.pname, MAXKTCNAMELEN - 1); - aclient.name[MAXKTCNAMELEN - 1] = '\0'; - if (creds.pinst[0]) - { - strncat(aclient.name, ".", MAXKTCNAMELEN - 1 - strlen(aclient.name)); - aclient.name[MAXKTCNAMELEN - 1] = '\0'; - strncat(aclient.name, creds.pinst, MAXKTCNAMELEN - 1 - strlen(aclient.name)); - aclient.name[MAXKTCNAMELEN - 1] = '\0'; - } - strcpy(aclient.instance, ""); - - if ( strcmp(realm_of_cell, creds.realm) ) - { - strncat(aclient.name, "@", MAXKTCNAMELEN - 1 - strlen(aclient.name)); - aclient.name[MAXKTCNAMELEN - 1] = '\0'; - strncat(aclient.name, creds.realm, MAXKTCNAMELEN - 1 - strlen(aclient.name)); - aclient.name[MAXKTCNAMELEN - 1] = '\0'; - } - aclient.name[MAXKTCNAMELEN-1] = '\0'; - - strcpy(aclient.cell, CellName); - - // * NOTE: On WIN32, the order of SetToken params changed... - // * to ktc_SetToken(&aserver, &aclient, &atoken, 0) - // * from ktc_SetToken(&aserver, &atoken, &aclient, 0) on Unix... - // * The afscompat ktc_SetToken provides the Unix order - - if (rc = ktc_SetToken(&aserver, &atoken, &aclient, 0)) - { - Leash_afs_error(rc, "ktc_SetToken()"); - return(rc); - } - - return(0); -#endif -} - -/**************************************/ -/* afs_realm_of_cell(): */ -/**************************************/ -static char *afs_realm_of_cell(afsconf_cell *cellconfig) -{ -#ifdef NO_AFS - return(0); -#else - char krbhst[MAX_HSTNM]=""; - static char krbrlm[REALM_SZ+1]=""; -#ifndef NO_KRB5 - krb5_context ctx = 0; - char ** realmlist=NULL; - krb5_error_code r; -#endif /* NO_KRB5 */ - - if (!cellconfig) - return 0; - -#ifndef NO_KRB5 - if ( pkrb5_init_context ) { - r = pkrb5_init_context(&ctx); - if ( !r ) - r = pkrb5_get_host_realm(ctx, cellconfig->hostName[0], &realmlist); - if ( !r && realmlist && realmlist[0] ) { - strcpy(krbrlm, realmlist[0]); - pkrb5_free_host_realm(ctx, realmlist); - } - if (ctx) - pkrb5_free_context(ctx); - } -#endif /* NO_KRB5 */ - - if ( !krbrlm[0] ) - { - char *s = krbrlm; - char *t = cellconfig->name; - int c; - - while (c = *t++) - { - if (islower(c)) c=toupper(c); - *s++ = c; - } - *s++ = 0; - } - return(krbrlm); -#endif -} - -/**************************************/ -/* get_cellconfig(): */ -/**************************************/ -static int get_cellconfig(char *cell, afsconf_cell *cellconfig, char *local_cell) -{ -#ifdef NO_AFS - return(0); -#else - int rc; - - local_cell[0] = (char)0; - memset(cellconfig, 0, sizeof(*cellconfig)); - - /* WIN32: cm_GetRootCellName(local_cell) - NOTE: no way to get max chars */ - if (rc = cm_GetRootCellName(local_cell)) - { - return(rc); - } - - if (strlen(cell) == 0) - strcpy(cell, local_cell); - - /* WIN32: cm_SearchCellFile(cell, pcallback, pdata) */ - strcpy(cellconfig->name, cell); - - return cm_SearchCell(cell, get_cellconfig_callback, NULL, (void*)cellconfig); -#endif -} - -/**************************************/ -/* get_cellconfig_callback(): */ -/**************************************/ -static long get_cellconfig_callback(void *cellconfig, struct sockaddr_in *addrp, char *namep) -{ -#ifdef NO_AFS - return(0); -#else - afsconf_cell *cc = (afsconf_cell *)cellconfig; - - cc->hostAddr[cc->numServers] = *addrp; - strcpy(cc->hostName[cc->numServers], namep); - cc->numServers++; - return(0); -#endif -} - - -/**************************************/ -/* Leash_afs_error(): */ -/**************************************/ -void -Leash_afs_error(LONG rc, LPCSTR FailedFunctionName) -{ -#ifdef NO_AFS - return; -#else -#ifdef USE_MESSAGE_BOX - char message[256]; - const char *errText; - - // Using AFS defines as error messages for now, until Transarc - // gets back to me with "string" translations of each of these - // const. defines. - if (rc == KTC_ERROR) - errText = "KTC_ERROR"; - else if (rc == KTC_TOOBIG) - errText = "KTC_TOOBIG"; - else if (rc == KTC_INVAL) - errText = "KTC_INVAL"; - else if (rc == KTC_NOENT) - errText = "KTC_NOENT"; - else if (rc == KTC_PIOCTLFAIL) - errText = "KTC_PIOCTLFAIL"; - else if (rc == KTC_NOPIOCTL) - errText = "KTC_NOPIOCTL"; - else if (rc == KTC_NOCELL) - errText = "KTC_NOCELL"; - else if (rc == KTC_NOCM) - errText = "KTC_NOCM: The service, Transarc AFS Daemon, most likely is not started!"; - else - errText = "Unknown error!"; - - sprintf(message, "%s\n(%s failed)", errText, FailedFunctionName); - MessageBox(NULL, message, "AFS", MB_OK | MB_ICONERROR | MB_TASKMODAL | MB_SETFOREGROUND); -#endif /* USE_MESSAGE_BOX */ - return; - -#endif -} - -DWORD GetServiceStatus( - LPSTR lpszMachineName, - LPSTR lpszServiceName, - DWORD *lpdwCurrentState) -{ -#ifdef NO_AFS - return(NOERROR); -#else - DWORD hr = NOERROR; - SC_HANDLE schSCManager = NULL; - SC_HANDLE schService = NULL; - DWORD fdwDesiredAccess = 0; - SERVICE_STATUS ssServiceStatus = {0}; - BOOL fRet = FALSE; - - if ((pOpenSCManagerA == NULL) || - (pOpenServiceA == NULL) || - (pQueryServiceStatus == NULL) || - (pCloseServiceHandle == NULL)) - { - *lpdwCurrentState = SERVICE_RUNNING; - return(NOERROR); - } - - *lpdwCurrentState = 0; - - fdwDesiredAccess = GENERIC_READ; - - schSCManager = (*pOpenSCManagerA)(lpszMachineName, - NULL, - fdwDesiredAccess); - - if(schSCManager == NULL) - { - hr = GetLastError(); - goto cleanup; - } - - schService = (*pOpenServiceA)(schSCManager, - lpszServiceName, - fdwDesiredAccess); - - if(schService == NULL) - { - hr = GetLastError(); - goto cleanup; - } - - fRet = (*pQueryServiceStatus)(schService, - &ssServiceStatus); - - if(fRet == FALSE) - { - hr = GetLastError(); - goto cleanup; - } - - *lpdwCurrentState = ssServiceStatus.dwCurrentState; - -cleanup: - - (*pCloseServiceHandle)(schService); - (*pCloseServiceHandle)(schSCManager); - - return(hr); -#endif -} - -BOOL -SetAfsStatus( - DWORD AfsStatus - ) -{ -#ifdef NO_AFS - return(TRUE); -#else - return write_registry_setting(LEASH_SETTINGS_REGISTRY_VALUE_AFS_STATUS, - REG_DWORD, &AfsStatus, - sizeof(AfsStatus)) ? FALSE : TRUE; -#endif -} - -BOOL -GetAfsStatus( - DWORD *AfsStatus - ) -{ -#ifdef NO_AFS - return(TRUE); -#else - return read_registry_setting(LEASH_SETTINGS_REGISTRY_VALUE_AFS_STATUS, - AfsStatus, sizeof(DWORD)) ? FALSE : TRUE; -#endif -} diff -Nru krb5-1.16.2/src/windows/leashdll/include/krb4/conf.h krb5-1.17/src/windows/leashdll/include/krb4/conf.h --- krb5-1.16.2/src/windows/leashdll/include/krb4/conf.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leashdll/include/krb4/conf.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,74 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - * - * Configuration info for operating system, hardware description, - * language implementation, C library, etc. - * - * This file should be included in (almost) every file in the Kerberos - * sources, and probably should *not* be needed outside of those - * sources. (How do we deal with /usr/include/des.h and - * /usr/include/krb.h?) - */ - -#ifndef _CONF_H_ -#define _CONF_H_ - -#include "osconf.h" - -#ifdef SHORTNAMES -#include "names.h" -#endif - -/* - * Language implementation-specific definitions - */ - -/* special cases */ -#ifdef __HIGHC__ -/* broken implementation of ANSI C */ -#undef __STDC__ -#endif - -#if !defined(__STDC__) && !defined(PC) -#define const -#define volatile -#define signed -typedef char *pointer; /* pointer to generic data */ -#ifndef PROTOTYPE -#define PROTOTYPE(p) () -#endif -#else -typedef void *pointer; -#ifndef PROTOTYPE -#define PROTOTYPE(p) p -#endif -#endif - -/* Does your compiler understand "void"? */ -#ifdef notdef -#define void int -#endif - -/* - * A few checks to see that necessary definitions are included. - */ - -#ifndef MSBFIRST -#ifndef LSBFIRST -#error byte order not defined -#endif -#endif - -/* machine size */ -#ifndef BITS16 -#ifndef BITS32 -#error number of bits? -#endif -#endif - -/* end of checks */ - -#endif /* _CONF_H_ */ diff -Nru krb5-1.16.2/src/windows/leashdll/include/krb4/conf-pc.h krb5-1.17/src/windows/leashdll/include/krb4/conf-pc.h --- krb5-1.16.2/src/windows/leashdll/include/krb4/conf-pc.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leashdll/include/krb4/conf-pc.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,108 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - * - * Machine-type definitions: IBM PC 8086 - */ - -#if defined(_WIN32) && !defined(WIN32) -#define WIN32 -#endif - -#if ( defined(WIN16) || defined(WIN32) || defined(_WINDOWS)) && !defined(WINDOWS) -#define WINDOWS -#endif - -#if defined(__OS2__) && !defined(OS2) -#define OS2 -#endif - -#ifdef WIN16 -#define BITS16 -#else -#ifdef MSDOS -#define BITS16 -#else -#define BITS32 -#endif -#endif -#define LSBFIRST - -#define index(s,c) strchr(s,c) /* PC version of index */ -#define rindex(s,c) strrchr(s,c) -#if !defined(OS2) && !defined(LWP) /* utils.h under OS/2 */ -#define bcmp(s1,s2,n) memcmp((s1),(s2),(n)) -#define bcopy(a,b,c) memcpy( (b), (a), (c) ) -#define bzero(a,b) memset( (a), 0, (b) ) -#endif - -typedef unsigned char u_char; -typedef unsigned long u_long; -typedef unsigned short u_short; -typedef unsigned int u_int; -#define NO_UIDGID_T - -#if !defined(WINDOWS) && !defined(DWORD) -typedef long DWORD; -#endif - -#if defined(PC)&&!defined(WINDOWS) -#ifndef LPSTR -typedef char *LPSTR; -typedef char *LPBYTE; -typedef char *CHARPTR; -typedef char *LPINT; -typedef unsigned int WORD; -#endif -#define LONG long -#define FAR -#define PASCAL -#define EXPORT -#endif - -#ifdef OS2 -#include -#define lstrcpy strcpy -#define lstrlen strlen -#define lstrcmp strcmp -#define lstrcpyn strncpy -#endif - -#ifdef WIN32 -#define _export -#endif - -#if defined(BITS32) -#define far -#define near -#endif - -#ifdef WINDOWS -#include -#endif - -#ifdef WIN32 -#include -#endif - -#ifdef WIN16 -#pragma message ( "WIN16 in " __FILE__ ) -#include -#include -#ifndef KRB_INT32 -#define KRB_INT32 long -#endif -#ifndef KRB_UINT32 -#define KRB_UINT32 unsigned KRB_INT32 -#endif -#endif - - -#define RANDOM_KRB_INT32_1 ((KRB_INT32) time(NULL)) -#define RANDOM_KRB_INT32_2 ((KRB_INT32) getpid()) -#define TIME_GMT_UNIXSEC unix_time_gmt_unixsec((unsigned KRB_INT32 *)0); -#ifndef MAXPATHLEN -#define MAXPATHLEN _MAX_PATH -#endif diff -Nru krb5-1.16.2/src/windows/leashdll/include/krb4/osconf.h krb5-1.17/src/windows/leashdll/include/krb4/osconf.h --- krb5-1.16.2/src/windows/leashdll/include/krb4/osconf.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leashdll/include/krb4/osconf.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,59 +0,0 @@ -/* - * Copyright 1988 by the Massachusetts Institute of Technology. - * - * For copying and distribution information, please see the file - * . - * - * Athena configuration. - */ - -#ifndef _OSCONF_H_ -#define _OSCONF_H_ - -#ifndef PC -#if defined(IBMPC) || defined(__MSDOS__) || defined(OS2) || defined(_MSDOS) || defined(_WIN32) -#define PC -#endif -#endif - -#ifdef tahoe -#include "conf-bsdtahoe.h" -#else /* !tahoe */ -#ifdef vax -#include "conf-bsdvax.h" -#else /* !vax */ -#if defined(mips) && defined(ultrix) -#include "conf-ultmips2.h" -#else /* !Ultrix MIPS-2 */ -#ifdef ibm032 -#include "conf-bsdibm032.h" -#else /* !ibm032 */ -#ifdef apollo -#include "conf-bsdapollo.h" -#else /* !apollo */ -#ifdef sun -#ifdef sparc -#include "conf-bsdsparc.h" -#else /* sun but not sparc */ -#ifdef i386 -#include "conf-bsd386i.h" -#else /* sun but not (sparc or 386i) */ -#include "conf-bsdm68k.h" -#endif /* i386 */ -#endif /* sparc */ -#else /* !sun */ -#ifdef pyr -#include "conf-pyr.h" -#else -#if defined(PC) || defined(__MSDOS__) || defined(OS2) || defined(_MSDOS) || defined(_WIN32) -#include "conf-pc.h" -#endif /* PC */ -#endif /* pyr */ -#endif /* sun */ -#endif /* apollo */ -#endif /* ibm032 */ -#endif /* mips */ -#endif /* vax */ -#endif /* tahoe */ - -#endif /* _OSCONF_H_ */ diff -Nru krb5-1.16.2/src/windows/leashdll/krb5routines.c krb5-1.17/src/windows/leashdll/krb5routines.c --- krb5-1.16.2/src/windows/leashdll/krb5routines.c 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leashdll/krb5routines.c 2019-01-08 16:02:37.000000000 +0000 @@ -80,139 +80,9 @@ return buf; } -long -Leash_convert524( - krb5_context alt_ctx - ) -{ -#if defined(NO_KRB5) || defined(NO_KRB4) - return(0); -#else - krb5_context ctx = 0; - krb5_error_code code = 0; - int icode = 0; - krb5_principal me = 0; - krb5_principal server = 0; - krb5_creds *v5creds = 0; - krb5_creds increds; - krb5_ccache cc = 0; - CREDENTIALS * v4creds = NULL; - static int init_ets = 1; - - if (!pkrb5_init_context || - !pkrb_in_tkt || - !pkrb524_init_ets || - !pkrb524_convert_creds_kdc) - return 0; - - v4creds = (CREDENTIALS *) malloc(sizeof(CREDENTIALS)); - memset((char *) v4creds, 0, sizeof(CREDENTIALS)); - - memset((char *) &increds, 0, sizeof(increds)); - /* - From this point on, we can goto cleanup because increds is - initialized. - */ - - if (alt_ctx) - { - ctx = alt_ctx; - } - else - { - code = pkrb5_init_context(&ctx); - if (code) goto cleanup; - } - - code = pkrb5_cc_default(ctx, &cc); - if (code) goto cleanup; - - if ( init_ets ) { - pkrb524_init_ets(ctx); - init_ets = 0; - } - - if (code = pkrb5_cc_get_principal(ctx, cc, &me)) - goto cleanup; - - if ((code = pkrb5_build_principal(ctx, - &server, - krb5_princ_realm(ctx, me)->length, - krb5_princ_realm(ctx, me)->data, - "krbtgt", - krb5_princ_realm(ctx, me)->data, - NULL))) { - goto cleanup; - } - - increds.client = me; - increds.server = server; - increds.times.endtime = 0; - increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC; - if ((code = pkrb5_get_credentials(ctx, 0, - cc, - &increds, - &v5creds))) { - goto cleanup; - } - - if ((icode = pkrb524_convert_creds_kdc(ctx, - v5creds, - v4creds))) { - goto cleanup; - } - - /* initialize ticket cache */ - if ((icode = pkrb_in_tkt(v4creds->pname, v4creds->pinst, v4creds->realm) - != KSUCCESS)) { - goto cleanup; - } - /* stash ticket, session key, etc. for future use */ - if ((icode = pkrb_save_credentials(v4creds->service, - v4creds->instance, - v4creds->realm, - v4creds->session, - v4creds->lifetime, - v4creds->kvno, - &(v4creds->ticket_st), - v4creds->issue_date))) { - goto cleanup; - } - - cleanup: - memset(v4creds, 0, sizeof(v4creds)); - free(v4creds); - - if (v5creds) { - pkrb5_free_creds(ctx, v5creds); - } - if (increds.client == me) - me = 0; - if (increds.server == server) - server = 0; - pkrb5_free_cred_contents(ctx, &increds); - if (server) { - pkrb5_free_principal(ctx, server); - } - if (me) { - pkrb5_free_principal(ctx, me); - } - pkrb5_cc_close(ctx, cc); - - if (ctx && (ctx != alt_ctx)) { - pkrb5_free_context(ctx); - } - return !(code || icode); -#endif /* NO_KRB5 */ -} - - int LeashKRB5_renew(void) { -#ifdef NO_KRB5 - return(0); -#else krb5_error_code code = 0; krb5_context ctx = 0; krb5_ccache cc = 0; @@ -247,13 +117,9 @@ my_creds.client = me; my_creds.server = server; -#ifdef KRB5_TC_NOTICKET pkrb5_cc_set_flags(ctx, cc, 0); -#endif code = pkrb5_get_renewed_creds(ctx, &my_creds, me, cc, NULL); -#ifdef KRB5_TC_NOTICKET pkrb5_cc_set_flags(ctx, cc, KRB5_TC_NOTICKET); -#endif if (code) { if ( code != KRB5KDC_ERR_ETYPE_NOSUPP || code != KRB5_KDC_UNREACH) @@ -282,10 +148,8 @@ if (ctx) pkrb5_free_context(ctx); return(code); -#endif /* NO_KRB5 */ } -#ifndef NO_KRB5 static krb5_error_code KRB5_CALLCONV leash_krb5_prompter( krb5_context context, void *data, @@ -293,7 +157,6 @@ const char *banner, int num_prompts, krb5_prompt prompts[]); -#endif /* NO_KRB5 */ int Leash_krb5_kinit( @@ -309,9 +172,6 @@ DWORD publicIP ) { -#ifdef NO_KRB5 - return(0); -#else krb5_error_code code = 0; krb5_context ctx = 0; krb5_ccache cc = 0, defcache = 0; @@ -500,7 +360,6 @@ if (ctx && (ctx != alt_ctx)) pkrb5_free_context(ctx); return(code); -#endif //!NO_KRB5 } @@ -512,9 +371,6 @@ void ) { -#ifdef NO_KRB5 - return(0); -#else krb5_context ctx; krb5_ccache cache; krb5_error_code rc; @@ -535,7 +391,6 @@ return(rc); -#endif //!NO_KRB5 } krb5_error_code @@ -552,9 +407,7 @@ goto on_error; } } -#ifdef KRB5_TC_NOTICKET flags = KRB5_TC_NOTICKET; -#endif rc = pkrb5_cc_set_flags(*ctx, *cache, flags); if (rc) { if (rc == KRB5_FCC_NOFILE || rc == KRB5_CC_NOTFOUND) { @@ -577,10 +430,6 @@ /**************************************/ int Leash_krb5_initialize(krb5_context *ctx) { -#ifdef NO_KRB5 - return(0); -#else - LPCSTR functionName = NULL; krb5_error_code rc; @@ -594,7 +443,6 @@ } } return 0; -#endif //!NO_KRB5 } @@ -606,9 +454,6 @@ int FreeContextFlag, krb5_context * ctx, krb5_ccache * cache) { -#ifdef NO_KRB5 - return 0; -#else #ifdef USE_MESSAGE_BOX char message[256]; const char *errText; @@ -639,17 +484,12 @@ } return rc; - -#endif //!NO_KRB5 } BOOL Leash_ms2mit(BOOL save_creds) { -#ifdef NO_KRB5 - return(FALSE); -#else /* NO_KRB5 */ krb5_context kcontext = 0; krb5_error_code code; krb5_ccache ccache=0; @@ -709,11 +549,9 @@ if (kcontext) pkrb5_free_context(kcontext); return(rc); -#endif /* NO_KRB5 */ } -#ifndef NO_KRB5 /* User Query data structures and functions */ struct textField { @@ -1063,4 +901,3 @@ } return errcode; } -#endif /* NO_KRB5 */ diff -Nru krb5-1.16.2/src/windows/leashdll/leashdll.c krb5-1.17/src/windows/leashdll/leashdll.c --- krb5-1.16.2/src/windows/leashdll/leashdll.c 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leashdll/leashdll.c 2019-01-08 16:02:37.000000000 +0000 @@ -5,9 +5,6 @@ HINSTANCE hLeashInst; -#ifndef NO_KRB4 -HINSTANCE hKrb4 = 0; -#endif HINSTANCE hKrb5 = 0; HINSTANCE hKrb524 = 0; HINSTANCE hSecur32 = 0; @@ -18,8 +15,6 @@ HINSTANCE hToolHelp32 = 0; HINSTANCE hCcapi = 0; -DWORD AfsAvailable = 0; - // krb5 functions DECL_FUNC_PTR(krb5_change_password); DECL_FUNC_PTR(krb5_get_init_creds_opt_alloc); @@ -332,23 +327,9 @@ Register_MITPasswordEditControl(hLeashInst); -#ifndef NO_AFS - { - DWORD AfsStatus = 0; - GetAfsStatus(&AfsStatus); - - AfsAvailable = afscompat_init(); - - if ( AfsStatus && !AfsAvailable ) - SetAfsStatus(0); - } -#endif return TRUE; } case DLL_PROCESS_DETACH: -#ifndef NO_AFS - afscompat_close(); -#endif if (hKrb5) FreeLibrary(hKrb5); if (hCcapi) diff -Nru krb5-1.16.2/src/windows/leashdll/leashdll.h krb5-1.17/src/windows/leashdll/leashdll.h --- krb5-1.16.2/src/windows/leashdll/leashdll.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leashdll/leashdll.h 2019-01-08 16:02:37.000000000 +0000 @@ -5,42 +5,6 @@ #ifdef __cplusplus extern "C" { #endif -#ifndef NO_KRB4 -/* - * This is a hack needed because the real com_err.h does - * not define err_func. We need it in the case where - * we pull in the real com_err instead of the krb4 - * impostor. - */ -#ifndef _DCNS_MIT_COM_ERR_H -typedef LPSTR (*err_func)(int, long); -#endif - -#include -extern void Leash_initialize_krb_error_func(err_func func,struct et_list **); -#undef init_krb_err_func -#define init_krb_err_func(erf) Leash_initialize_krb_error_func(erf,&_et_list) - -#include - -extern void Leash_initialize_kadm_error_table(struct et_list **); -#undef init_kadm_err_tbl -#define init_kadm_err_tbl() Leash_initialize_kadm_error_table(&_et_list) -#define kadm_err_base ERROR_TABLE_BASE_kadm -#endif - -#define krb_err_func Leash_krb_err_func - -#include -int lsh_com_err_proc (LPSTR whoami, long code, - LPSTR fmt, va_list args); -void FAR Leash_load_com_err_callback(FARPROC,FARPROC,FARPROC); - - -#ifndef KRBERR -#define KRBERR(code) (code + krb_err_base) -#endif - /* Internal Stuff */ @@ -63,17 +27,12 @@ #include -#ifndef NO_KRB4 -extern HINSTANCE hKrb4; -#endif extern HINSTANCE hKrb5; extern HINSTANCE hProfile; #define TIMEHOST "TIMEHOST" #define LEASH_DEBUG_CLASS_GENERIC 0 -#define LEASH_DEBUG_CLASS_KRB4 1 -#define LEASH_DEBUG_CLASS_KRB4_APP 2 #define LEASH_PRIORITY_LOW 0 #define LEASH_PRIORITY_HIGH 1 @@ -95,19 +54,10 @@ #include #include #include -#ifndef NO_KRB4 -#include -#include -#endif #include #include -#ifndef NO_AFS -////Can't find it! -////#include "afscompat.h" -#endif - // service definitions typedef SC_HANDLE (WINAPI *FP_OpenSCManagerA)(char *, char *, DWORD); typedef SC_HANDLE (WINAPI *FP_OpenServiceA)(SC_HANDLE, char *, DWORD); @@ -116,40 +66,6 @@ ////////////////////////////////////////////////////////////////////////////// -#ifndef NO_KRB4 -// krb4 functions -extern DECL_FUNC_PTR(get_krb_err_txt_entry); -extern DECL_FUNC_PTR(k_isinst); -extern DECL_FUNC_PTR(k_isname); -extern DECL_FUNC_PTR(k_isrealm); -extern DECL_FUNC_PTR(kadm_change_your_password); -extern DECL_FUNC_PTR(kname_parse); -extern DECL_FUNC_PTR(krb_get_cred); -extern DECL_FUNC_PTR(krb_get_krbhst); -extern DECL_FUNC_PTR(krb_get_lrealm); -extern DECL_FUNC_PTR(krb_get_pw_in_tkt); -extern DECL_FUNC_PTR(krb_get_tf_realm); -extern DECL_FUNC_PTR(krb_mk_req); -extern DECL_FUNC_PTR(krb_realmofhost); -extern DECL_FUNC_PTR(tf_init); -extern DECL_FUNC_PTR(tf_close); -extern DECL_FUNC_PTR(tf_get_cred); -extern DECL_FUNC_PTR(tf_get_pname); -extern DECL_FUNC_PTR(tf_get_pinst); -extern DECL_FUNC_PTR(LocalHostAddr); -extern DECL_FUNC_PTR(tkt_string); -extern DECL_FUNC_PTR(krb_set_tkt_string); -extern DECL_FUNC_PTR(initialize_krb_error_func); -extern DECL_FUNC_PTR(initialize_kadm_error_table); -extern DECL_FUNC_PTR(dest_tkt); -extern DECL_FUNC_PTR(lsh_LoadKrb4LeashErrorTables); // XXX -extern DECL_FUNC_PTR(krb_in_tkt); -extern DECL_FUNC_PTR(krb_save_credentials); -extern DECL_FUNC_PTR(krb_get_krbconf2); -extern DECL_FUNC_PTR(krb_get_krbrealm2); -extern DECL_FUNC_PTR(krb_life_to_time); -#endif - // krb5 functions extern DECL_FUNC_PTR(krb5_change_password); extern DECL_FUNC_PTR(krb5_get_init_creds_opt_alloc); @@ -230,12 +146,6 @@ extern DECL_FUNC_PTR(krb5_cc_switch); extern DECL_FUNC_PTR(krb5int_cc_user_set_default_name); -#ifndef NO_KRB4 -// Krb524 functions -extern DECL_FUNC_PTR(krb524_init_ets); -extern DECL_FUNC_PTR(krb524_convert_creds_kdc); -#endif - // ComErr functions extern DECL_FUNC_PTR(com_err); extern DECL_FUNC_PTR(error_message); diff -Nru krb5-1.16.2/src/windows/leashdll/leashids.h krb5-1.17/src/windows/leashdll/leashids.h --- krb5-1.16.2/src/windows/leashdll/leashids.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leashdll/leashids.h 2019-01-08 16:02:37.000000000 +0000 @@ -72,7 +72,6 @@ #define LSH_DEFAULT_TICKET_NOADDRESS 1974 #define LSH_DEFAULT_TICKET_PROXIABLE 1975 #define LSH_DEFAULT_TICKET_PUBLICIP 1976 -#define LSH_DEFAULT_TICKET_USEKRB4 1977 #define LSH_DEFAULT_DIALOG_KINIT_OPT 1978 #define LSH_DEFAULT_DIALOG_LIFE_MIN 1979 #define LSH_DEFAULT_DIALOG_LIFE_MAX 1980 diff -Nru krb5-1.16.2/src/windows/leashdll/leash-int.h krb5-1.17/src/windows/leashdll/leash-int.h --- krb5-1.16.2/src/windows/leashdll/leash-int.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leashdll/leash-int.h 2019-01-08 16:02:37.000000000 +0000 @@ -27,16 +27,10 @@ extern char KRB_HelpFile[_MAX_PATH]; // Function Prototypes. -int lsh_com_err_proc (LPSTR whoami, long code, LPSTR fmt, va_list args); int DoNiftyErrorReport(long errnum, LPSTR what); LONG Leash_timesync(int); BOOL Leash_ms2mit(BOOL); -#ifndef NO_AFS -int not_an_API_LeashAFSGetToken(TICKETINFO * ticketinfo, TicketList** ticketList, char * kprinc); -long FAR not_an_API_LeashFreeTicketList(TicketList** ticketList) ; -#endif - // Crap... #include @@ -90,66 +84,9 @@ DWORD publicIP ); -long -Leash_convert524( - krb5_context ctx - ); - -int -Leash_afs_unlog( - void - ); - -int -Leash_afs_klog( - char *, - char *, - char *, - int - ); - int LeashKRB5_renew(void); -LONG -write_registry_setting( - char* setting, - DWORD type, - void* buffer, - size_t size - ); - -LONG -read_registry_setting_user( - char* setting, - void* buffer, - size_t size - ); - -LONG -read_registry_setting( - char* setting, - void* buffer, - size_t size - ); - -BOOL -get_STRING_from_registry( - HKEY hBaseKey, - char * key, - char * value, - char * outbuf, - DWORD outlen - ); - -BOOL -get_DWORD_from_registry( - HKEY hBaseKey, - char * key, - char * value, - DWORD * result - ); - int config_boolean_to_int( const char *s @@ -158,14 +95,12 @@ BOOL GetSecurityLogonSessionData(PSECURITY_LOGON_SESSION_DATA * ppSessionData); BOOL IsKerberosLogon(VOID); -#ifndef NO_KRB5 int Leash_krb5_error(krb5_error_code rc, LPCSTR FailedFunctionName, int FreeContextFlag, krb5_context *ctx, krb5_ccache *cache); int Leash_krb5_initialize(krb5_context *); krb5_error_code Leash_krb5_cc_default(krb5_context *ctx, krb5_ccache *cache); -#endif /* NO_KRB5 */ LPSTR err_describe(LPSTR buf, long code); @@ -304,22 +239,14 @@ ); #define CCAPI_DLL "krbcc32.dll" -/* The following definitions are summarized from KRB4, KRB5, Leash32, and +/* The following definitions are summarized from KRB5, Leash32, and * Leashw32 modules. They are current as of KfW 2.6.2. There is no * guarrantee that changes to other modules will be updated in this list. */ /* Must match the values used in Leash32.exe */ #define LEASH_SETTINGS_REGISTRY_KEY_NAME "Software\\MIT\\Leash32\\Settings" -#define LEASH_SETTINGS_REGISTRY_VALUE_AFS_STATUS "AfsStatus" -#define LEASH_SETTINGS_REGISTRY_VALUE_DEBUG_WINDOW "DebugWindow" -#define LEASH_SETTINGS_REGISTRY_VALUE_LARGE_ICONS "LargeIcons" -#define LEASH_SETTINGS_REGISTRY_VALUE_DESTROY_TKTS "DestroyTickets" -#define LEASH_SETTINGS_REGISTRY_VALUE_LOW_TKT_ALARM "LowTicketAlarm" -#define LEASH_SETTINGS_REGISTRY_VALUE_AUTO_RENEW_TKTS "AutoRenewTickets" #define LEASH_SETTINGS_REGISTRY_VALUE_UPPERCASEREALM "UpperCaseRealm" -#define LEASH_SETTINGS_REGISTRY_VALUE_TIMEHOST "TIMEHOST" -#define LEASH_SETTINGS_REGISTRY_VALUE_CREATE_MISSING_CFG "CreateMissingConfig" #define LEASH_SETTINGS_REGISTRY_VALUE_MSLSA_IMPORT "MsLsaImport" /* These values are defined and used within Leashw32.dll */ @@ -331,29 +258,16 @@ #define LEASH_REGISTRY_VALUE_NOADDRESSES "noaddresses" #define LEASH_REGISTRY_VALUE_PROXIABLE "proxiable" #define LEASH_REGISTRY_VALUE_PUBLICIP "publicip" -#define LEASH_REGISTRY_VALUE_USEKRB4 "usekrb4" #define LEASH_REGISTRY_VALUE_KINIT_OPT "hide_kinit_options" #define LEASH_REGISTRY_VALUE_LIFE_MIN "life_min" #define LEASH_REGISTRY_VALUE_LIFE_MAX "life_max" #define LEASH_REGISTRY_VALUE_RENEW_MIN "renew_min" #define LEASH_REGISTRY_VALUE_RENEW_MAX "renew_max" -#define LEASH_REGISTRY_VALUE_LOCK_LOCATION "lock_file_locations" #define LEASH_REGISTRY_VALUE_PRESERVE_KINIT "preserve_kinit_options" -/* must match values used within krbv4w32.dll */ -#define KRB4_REGISTRY_KEY_NAME "Software\\MIT\\Kerberos4" -#define KRB4_REGISTRY_VALUE_CONFIGFILE "config" -#define KRB4_REGISTRY_VALUE_KRB_CONF "krb.conf" -#define KRB4_REGISTRY_VALUE_KRB_REALMS "krb.realms" -#define KRB4_REGISTRY_VALUE_TICKETFILE "ticketfile" - /* must match values used within krb5_32.dll */ #define KRB5_REGISTRY_KEY_NAME "Software\\MIT\\Kerberos5" #define KRB5_REGISTRY_VALUE_CCNAME "ccname" #define KRB5_REGISTRY_VALUE_CONFIGFILE "config" -/* must match values used within wshelper.dll */ -#define WSHELP_REGISTRY_KEY_NAME "Software\\MIT\\WsHelper" -#define WSHELP_REGISTRY_VALUE_DEBUG "DebugOn" - #endif /* __LEASH_INT_H__ */ diff -Nru krb5-1.16.2/src/windows/leashdll/leashw32.def krb5-1.17/src/windows/leashdll/leashw32.def --- krb5-1.16.2/src/windows/leashdll/leashw32.def 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leashdll/leashw32.def 2019-01-08 16:02:37.000000000 +0000 @@ -6,26 +6,6 @@ STACKSIZE 36864 EXPORTS -; DllMain @1 - ; Leash_kinit_dlg @3 - ; Leash_changepwd_dlg @4 - ; Leash_kinit @48 - ; Leash_kdestroy @49 - ; Leash_klist @50 - ; Leash_checkpwd @51 - ; Leash_changepwd @52 - ; Leash_get_lsh_errno @61 - ; initialize_lsh_error_table @80 - ; lsh_com_err_proc @81 - ; Leash_initialize_krb_error_func @82 - ; Leash_initialize_kadm_error_table @83 - ; Leash_krb_err_func @84 - ; Leash_load_com_err_callback @85 - ; Leash_set_help_file @86 - ; Leash_get_help_file @87 - ; Leash_timesync @88 -; Leash_WhichOS @89 - Leash_kinit_dlg Leash_kinit_dlg_ex Leash_changepwd_dlg @@ -38,11 +18,8 @@ Leash_changepwd Leash_get_lsh_errno initialize_lsh_error_table - lsh_com_err_proc Leash_initialize_krb_error_func Leash_initialize_kadm_error_table - Leash_krb_err_func - Leash_load_com_err_callback Leash_set_help_file Leash_get_help_file Leash_timesync @@ -67,9 +44,6 @@ Leash_get_default_publicip Leash_set_default_publicip Leash_reset_default_publicip - Leash_get_default_use_krb4 - Leash_set_default_use_krb4 - Leash_reset_default_use_krb4 Leash_get_default_life_min Leash_set_default_life_min Leash_reset_default_life_min @@ -82,9 +56,6 @@ Leash_get_default_renew_max Leash_set_default_renew_max Leash_reset_default_renew_max - Leash_get_lock_file_locations - Leash_set_lock_file_locations - Leash_reset_lock_file_locations Leash_get_default_uppercaserealm Leash_set_default_uppercaserealm Leash_reset_default_uppercaserealm @@ -100,8 +71,4 @@ Leash_reset_defaults ; XXX - These have to go... - not_an_API_LeashAFSGetToken - not_an_API_LeashFreeTicketList - not_an_API_LeashKRB4GetTickets - not_an_API_LeashGetTimeServerName not_an_API_Leash_AcquireInitialTicketsIfNeeded diff -Nru krb5-1.16.2/src/windows/leashdll/lshcallb.c krb5-1.17/src/windows/leashdll/lshcallb.c --- krb5-1.16.2/src/windows/leashdll/lshcallb.c 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leashdll/lshcallb.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,14 +0,0 @@ -#include - -int (*Lcom_err)(LPSTR,long,LPSTR,...); -LPSTR (*Lerror_message)(long); -LPSTR (*Lerror_table_name)(long); - -void Leash_load_com_err_callback(FARPROC ce, - FARPROC em, - FARPROC etn) -{ - (FARPROC)Lcom_err=ce; - (FARPROC)Lerror_message=em; - (FARPROC)Lerror_table_name=etn; -} diff -Nru krb5-1.16.2/src/windows/leashdll/lshfunc.c krb5-1.17/src/windows/leashdll/lshfunc.c --- krb5-1.16.2/src/windows/leashdll/lshfunc.c 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leashdll/lshfunc.c 2019-01-08 16:02:37.000000000 +0000 @@ -3,14 +3,6 @@ #include #include #include "leashdll.h" -#ifndef NO_KRB4 -#include -#include -#else -/* General definitions */ -#define KSUCCESS 0 -#define KFAILURE 255 -#endif #include #include @@ -18,8 +10,6 @@ #include "leash-int.h" #include "leashids.h" -#include - #include "reminder.h" static char FAR *err_context; @@ -71,8 +61,6 @@ int size = sizeof(message) - 1; /* -1 to leave room for NULL terminator */ int n; - // XXX: ignore AFS for now. - if (!rc5 && !rcL) return 0; @@ -279,19 +267,11 @@ if ( !pkrb5_init_context ) goto cleanup; - if (rc = pkrb5_init_context(&context)) { -#if 0 - com_err(argv[0], ret, "initializing kerberos library"); -#endif + if (rc = pkrb5_init_context(&context)) goto cleanup; - } - if (rc = pkrb5_parse_name(context, principal, &princ)) { -#if 0 - com_err(argv[0], ret, "parsing client name"); -#endif + if (rc = pkrb5_parse_name(context, principal, &princ)) goto cleanup; - } pkrb5_get_init_creds_opt_init(&opts); pkrb5_get_init_creds_opt_set_tkt_life(&opts, 5*60); @@ -305,29 +285,13 @@ if (rc = pkrb5_get_init_creds_password(context, &creds, princ, password, - 0, 0, 0, "kadmin/changepw", &opts)) { - if (rc == KRB5KRB_AP_ERR_BAD_INTEGRITY) { -#if 0 - com_err(argv[0], 0, - "Password incorrect while getting initial ticket"); -#endif - } - else { -#if 0 - com_err(argv[0], ret, "getting initial ticket"); -#endif - } + 0, 0, 0, "kadmin/changepw", &opts)) goto cleanup; - } if (rc = pkrb5_change_password(context, &creds, newpassword, &result_code, &result_code_string, - &result_string)) { -#if 0 - com_err(argv[0], ret, "changing password"); -#endif + &result_string)) goto cleanup; - } if (result_code) { int len = result_code_string.length + @@ -583,23 +547,6 @@ addressless, publicip ); -#ifndef NO_AFS - if ( !rc5 ) { - char c; - char *r; - char *t; - for ( r=realm, t=temp; c=*r; r++,t++ ) - *t = isupper(c) ? tolower(c) : c; - *t = '\0'; - - rcA = Leash_afs_klog("afs", temp, "", lifetime); - rcB = Leash_afs_klog("afs", "", "", lifetime); - if (!(rcA && rcB)) - rcA = 0; - else if (!rcA) - rcA = rcB; - } -#endif /* NO_AFS */ custom_msg = (rc5 == KRB5KRB_AP_ERR_BAD_INTEGRITY) ? "Password incorrect" : NULL; return leash_error_message("Ticket initialization failed.", rcL, rc5, rcA, custom_msg, @@ -612,15 +559,6 @@ if ( hKrb5 && !LeashKRB5_renew() ) { int lifetime; lifetime = Leash_get_default_lifetime() / 5; -#ifndef NO_AFS - { - TicketList * list = NULL, * token; - not_an_API_LeashAFSGetToken(NULL,&list,NULL); - for ( token = list ; token ; token = token->next ) - Leash_afs_klog("afs", token->realm, "", lifetime); - not_an_API_LeashFreeTicketList(&list); - } -#endif /* NO_AFS */ return 1; } return 0; @@ -789,57 +727,6 @@ if ( Leash_ms2mit(1) ) { int lifetime; lifetime = Leash_get_default_lifetime() / 5; -#ifndef NO_AFS - { - char c; - char *r; - char *t; - char cell[256]; - char realm[256]; - int i = 0; - int rcA = 0; - int rcB = 0; - - krb5_context ctx = 0; - krb5_error_code code = 0; - krb5_ccache cc = 0; - krb5_principal me = 0; - - if ( !pkrb5_init_context ) - goto cleanup; - - code = pkrb5_init_context(&ctx); - if (code) goto cleanup; - - code = pkrb5_cc_default(ctx, &cc); - if (code) goto cleanup; - - if (code = pkrb5_cc_get_principal(ctx, cc, &me)) - goto cleanup; - - for ( r=realm, t=cell, i=0; ilength; r++,t++,i++ ) { - c = krb5_princ_realm(ctx, me)->data[i]; - *r = c; - *t = isupper(c) ? tolower(c) : c; - } - *r = *t = '\0'; - - rcA = Leash_afs_klog("afs", cell, "", lifetime); - rcB = Leash_afs_klog("afs", "", "", lifetime); - if (!(rcA && rcB)) - rcA = 0; - else if (!rcA) - rcA = rcB; - - cleanup: - if (me) - pkrb5_free_principal(ctx, me); - if (cc) - pkrb5_cc_close(ctx, cc); - if (ctx) - pkrb5_free_context(ctx); - } -#endif /* NO_AFS */ return 1; } return 0; @@ -848,45 +735,14 @@ long Leash_kdestroy(void) { - Leash_afs_unlog(); Leash_krb5_kdestroy(); return 0; } -long FAR -not_an_API_LeashFreeTicketList(TicketList** ticketList) -{ - TicketList* tempList = *ticketList, *killList; - - //if (tempList == NULL) - //return -1; - - while (tempList) - { - killList = tempList; - - tempList = (TicketList*)tempList->next; - free(killList->service); - if (killList->encTypes) - free(killList->encTypes); - free(killList); - } - - *ticketList = NULL; - return 0; -} - -long -not_an_API_LeashKRB4GetTickets(TICKETINFO FAR* ticketinfo, - TicketList** ticketList) -{ - return(KFAILURE); -} - long FAR Leash_klist(HWND hlist, TICKETINFO FAR *ticketinfo) { - return(KFAILURE); + return(255); } @@ -1018,7 +874,7 @@ * - string resource in the leash DLL */ -BOOL +static BOOL get_DWORD_from_registry( HKEY hBaseKey, char * key, @@ -1041,33 +897,6 @@ return rc?FALSE:TRUE; } -BOOL -get_STRING_from_registry( - HKEY hBaseKey, - char * key, - char * value, - char * outbuf, - DWORD outlen - ) -{ - HKEY hKey; - DWORD dwCount; - LONG rc; - - if (!outbuf || outlen == 0) - return FALSE; - - rc = RegOpenKeyEx(hBaseKey, key, 0, KEY_QUERY_VALUE, &hKey); - if (rc) - return FALSE; - - dwCount = outlen; - rc = RegQueryValueEx(hKey, value, 0, 0, (LPBYTE) outbuf, &dwCount); - RegCloseKey(hKey); - - return rc?FALSE:TRUE; -} - static BOOL get_default_lifetime_from_registry( @@ -1890,63 +1719,6 @@ static BOOL -get_default_use_krb4_from_registry( - HKEY hBaseKey, - DWORD * result - ) -{ - return get_DWORD_from_registry(hBaseKey, - LEASH_REGISTRY_KEY_NAME, - LEASH_REGISTRY_VALUE_USEKRB4, - result); -} - -DWORD -Leash_reset_default_use_krb4( - ) -{ - HKEY hKey; - LONG rc; - - rc = RegOpenKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0, KEY_WRITE, &hKey); - if (rc) - return rc; - - rc = RegDeleteValue(hKey, LEASH_REGISTRY_VALUE_USEKRB4); - RegCloseKey(hKey); - - return rc; -} - -DWORD -Leash_set_default_use_krb4( - DWORD minutes - ) -{ - HKEY hKey; - LONG rc; - - rc = RegCreateKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0, - 0, 0, KEY_WRITE, 0, &hKey, 0); - if (rc) - return rc; - - rc = RegSetValueEx(hKey, LEASH_REGISTRY_VALUE_USEKRB4, 0, REG_DWORD, - (LPBYTE) &minutes, sizeof(DWORD)); - RegCloseKey(hKey); - - return rc; -} - -DWORD -Leash_get_default_use_krb4( - ) -{ - return 0; /* don't use krb4 */ -} - -static -BOOL get_hide_kinit_options_from_registry( HKEY hBaseKey, DWORD * result @@ -2011,12 +1783,12 @@ hmLeash = GetModuleHandle(LEASH_DLL); if (hmLeash) { - char use_krb4[80]; + char hide_kinit_options[80]; if (LoadString(hmLeash, LSH_DEFAULT_DIALOG_KINIT_OPT, - use_krb4, sizeof(use_krb4))) + hide_kinit_options, sizeof(hide_kinit_options))) { - use_krb4[sizeof(use_krb4) - 1] = 0; - return atoi(use_krb4); + hide_kinit_options[sizeof(hide_kinit_options) - 1] = 0; + return atoi(hide_kinit_options); } } return 0; /* hide unless otherwise indicated */ @@ -2090,12 +1862,12 @@ hmLeash = GetModuleHandle(LEASH_DLL); if (hmLeash) { - char use_krb4[80]; + char life_min[80]; if (LoadString(hmLeash, LSH_DEFAULT_DIALOG_LIFE_MIN, - use_krb4, sizeof(use_krb4))) + life_min, sizeof(life_min))) { - use_krb4[sizeof(use_krb4) - 1] = 0; - return atoi(use_krb4); + life_min[sizeof(life_min) - 1] = 0; + return atoi(life_min); } } return 5; /* 5 minutes */ @@ -2167,12 +1939,12 @@ hmLeash = GetModuleHandle(LEASH_DLL); if (hmLeash) { - char use_krb4[80]; + char life_max[80]; if (LoadString(hmLeash, LSH_DEFAULT_DIALOG_LIFE_MAX, - use_krb4, sizeof(use_krb4))) + life_max, sizeof(life_max))) { - use_krb4[sizeof(use_krb4) - 1] = 0; - return atoi(use_krb4); + life_max[sizeof(life_max) - 1] = 0; + return atoi(life_max); } } return 1440; @@ -2244,12 +2016,12 @@ hmLeash = GetModuleHandle(LEASH_DLL); if (hmLeash) { - char use_krb4[80]; + char renew_min[80]; if (LoadString(hmLeash, LSH_DEFAULT_DIALOG_RENEW_MIN, - use_krb4, sizeof(use_krb4))) + renew_min, sizeof(renew_min))) { - use_krb4[sizeof(use_krb4) - 1] = 0; - return atoi(use_krb4); + renew_min[sizeof(renew_min) - 1] = 0; + return atoi(renew_min); } } return 600; /* 10 hours */ @@ -2321,12 +2093,12 @@ hmLeash = GetModuleHandle(LEASH_DLL); if (hmLeash) { - char use_krb4[80]; + char renew_max[80]; if (LoadString(hmLeash, LSH_DEFAULT_DIALOG_RENEW_MAX, - use_krb4, sizeof(use_krb4))) + renew_max, sizeof(renew_max))) { - use_krb4[sizeof(use_krb4) - 1] = 0; - return atoi(use_krb4); + renew_max[sizeof(renew_max) - 1] = 0; + return atoi(renew_max); } } return 60 * 24 * 30; @@ -2334,83 +2106,6 @@ static BOOL -get_lock_file_locations_from_registry( - HKEY hBaseKey, - DWORD * result - ) -{ - return get_DWORD_from_registry(hBaseKey, - LEASH_REGISTRY_KEY_NAME, - LEASH_REGISTRY_VALUE_LOCK_LOCATION, - result); -} - -DWORD -Leash_reset_lock_file_locations( - ) -{ - HKEY hKey; - LONG rc; - - rc = RegOpenKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0, KEY_WRITE, &hKey); - if (rc) - return rc; - - rc = RegDeleteValue(hKey, LEASH_REGISTRY_VALUE_LOCK_LOCATION); - RegCloseKey(hKey); - - return rc; -} - -DWORD -Leash_set_lock_file_locations( - DWORD onoff - ) -{ - HKEY hKey; - LONG rc; - - rc = RegCreateKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0, - 0, 0, KEY_WRITE, 0, &hKey, 0); - if (rc) - return rc; - - rc = RegSetValueEx(hKey, LEASH_REGISTRY_VALUE_LOCK_LOCATION, 0, REG_DWORD, - (LPBYTE) &onoff, sizeof(DWORD)); - RegCloseKey(hKey); - - return rc; -} - -DWORD -Leash_get_lock_file_locations( - ) -{ - HMODULE hmLeash; - DWORD result; - - if (get_lock_file_locations_from_registry(HKEY_CURRENT_USER, &result) || - get_lock_file_locations_from_registry(HKEY_LOCAL_MACHINE, &result)) - { - return result; - } - - hmLeash = GetModuleHandle(LEASH_DLL); - if (hmLeash) - { - char lock_file_locations[80]; - if (LoadString(hmLeash, LSH_DEFAULT_DIALOG_LOCK_LOCATION, - lock_file_locations, sizeof(lock_file_locations))) - { - lock_file_locations[sizeof(lock_file_locations) - 1] = 0; - return atoi(lock_file_locations); - } - } - return 0; -} - -static -BOOL get_default_uppercaserealm_from_registry( HKEY hBaseKey, DWORD * result @@ -2651,7 +2346,6 @@ Leash_reset_default_noaddresses(); Leash_reset_default_proxiable(); Leash_reset_default_publicip(); - Leash_reset_default_use_krb4(); Leash_reset_hide_kinit_options(); Leash_reset_default_life_min(); Leash_reset_default_life_max(); diff -Nru krb5-1.16.2/src/windows/leashdll/lsh_pwd.c krb5-1.17/src/windows/leashdll/lsh_pwd.c --- krb5-1.16.2/src/windows/leashdll/lsh_pwd.c 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leashdll/lsh_pwd.c 2019-01-08 16:02:37.000000000 +0000 @@ -23,19 +23,17 @@ /* Standard Include files */ #include +#include #include #include /* Private Inlclude files */ #include "leashdll.h" -#include #include #include "leash-int.h" #include "leashids.h" #include -#ifndef NO_KRB5 #include -#endif /* NO_KRB5 */ #include extern void * Leash_pec_create(HWND hEditCtl); @@ -47,7 +45,6 @@ static long lsh_errno; static char *err_context; /* error context */ extern HINSTANCE hLeashInst; -extern HINSTANCE hKrb4; extern HINSTANCE hKrb5; @@ -985,88 +982,6 @@ return FALSE; } -BOOL -GetKrb4ConFile( - LPSTR confname, - UINT szConfname - ) -{ - if (hKrb5 - ) - { // hold krb.con where krb5.ini is located - CHAR krbConFile[MAX_PATH]=""; - LPSTR pFind; - - //strcpy(krbConFile, CLeashApp::m_krbv5_profile->first_file->filename); - if (GetProfileFile(krbConFile, sizeof(krbConFile))) - { - GetWindowsDirectory(krbConFile,sizeof(krbConFile)); - krbConFile[MAX_PATH-1] = '\0'; - strncat(krbConFile, "\\",sizeof(krbConFile)-strlen(krbConFile)); - krbConFile[MAX_PATH-1] = '\0'; - strncat(krbConFile, KRB5_FILE,sizeof(krbConFile)-strlen(krbConFile)); - krbConFile[MAX_PATH-1] = '\0'; - } - - pFind = strrchr(krbConFile, '\\'); - if (pFind) - { - *pFind = 0; - strncat(krbConFile, "\\",sizeof(krbConFile)-strlen(krbConFile)); - krbConFile[MAX_PATH-1] = '\0'; - strncat(krbConFile, KRB_FILE,sizeof(krbConFile)-strlen(krbConFile)); - krbConFile[MAX_PATH-1] = '\0'; - } - else - krbConFile[0] = 0; - - strncpy(confname, krbConFile, szConfname); - confname[szConfname-1] = '\0'; - } - return FALSE; -} - -BOOL -GetKrb4RealmFile( - LPSTR confname, - UINT szConfname - ) -{ - if (hKrb5 - ) - { // hold krb.con where krb5.ini is located - CHAR krbRealmConFile[MAX_PATH]; - LPSTR pFind; - - //strcpy(krbRealmConFile, CLeashApp::m_krbv5_profile->first_file->filename); - if (GetProfileFile(krbRealmConFile, sizeof(krbRealmConFile))) - { - GetWindowsDirectory(krbRealmConFile,sizeof(krbRealmConFile)); - krbRealmConFile[MAX_PATH-1] = '\0'; - strncat(krbRealmConFile, "\\",sizeof(krbRealmConFile)-strlen(krbRealmConFile)); - krbRealmConFile[MAX_PATH-1] = '\0'; - strncat(krbRealmConFile, KRB5_FILE,sizeof(krbRealmConFile)-strlen(krbRealmConFile)); - krbRealmConFile[MAX_PATH-1] = '\0'; - } - - pFind = strrchr(krbRealmConFile, '\\'); - if (pFind) - { - *pFind = 0; - strncat(krbRealmConFile, "\\", sizeof(krbRealmConFile)-strlen(krbRealmConFile)); - krbRealmConFile[MAX_PATH-1] = '\0'; - strncat(krbRealmConFile, KRBREALM_FILE, sizeof(krbRealmConFile)-strlen(krbRealmConFile)); - krbRealmConFile[MAX_PATH-1] = '\0'; - } - else - krbRealmConFile[0] = 0; - - strncpy(confname, krbRealmConFile, szConfname); - confname[szConfname-1] = '\0'; - } - return FALSE; -} - int readstring(FILE * file, char * buf, int len) { @@ -1426,11 +1341,6 @@ CSetDlgItemText(hDialog, IDC_EDIT_PRINCIPAL, principal); CSetDlgItemText(hDialog, IDC_EDIT_PASSWORD, ""); -#if 0 /* 20030619 - mjv wishes to return to the default character */ - /* echo spaces */ - CSendDlgItemMessage(hDialog, IDC_EDIT_PASSWORD, EM_SETPASSWORDCHAR, 32, 0); -#endif - /* Set Lifetime Slider * min value = 5 * max value = 1440 @@ -1817,12 +1727,6 @@ if (hEditCtrl) pAutoComplete = Leash_pec_create(hEditCtrl); -#if 0 /* 20030619 - mjv wishes to return to the default character */ - /* echo spaces */ - CSendDlgItemMessage(hDialog, IDC_EDIT_PASSWORD, EM_SETPASSWORDCHAR, 32, 0); - CSendDlgItemMessage(hDialog, IDC_EDIT_PASSWORD2, EM_SETPASSWORDCHAR, 32, 0); - CSendDlgItemMessage(hDialog, IDC_EDIT_PASSWORD3, EM_SETPASSWORDCHAR, 32, 0); -#endif /* setup text of stuff. */ if (Position.x > 0 && Position.y > 0 && diff -Nru krb5-1.16.2/src/windows/leashdll/lsh_pwd.rc krb5-1.17/src/windows/leashdll/lsh_pwd.rc --- krb5-1.16.2/src/windows/leashdll/lsh_pwd.rc 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leashdll/lsh_pwd.rc 2019-01-08 16:02:37.000000000 +0000 @@ -217,7 +217,6 @@ LSH_DEFAULT_TICKET_NOADDRESS "1" LSH_DEFAULT_TICKET_PROXIABLE "0" LSH_DEFAULT_TICKET_PUBLICIP "0" - LSH_DEFAULT_TICKET_USEKRB4 "0" LSH_DEFAULT_DIALOG_KINIT_OPT "1" LSH_DEFAULT_DIALOG_LIFE_MIN "30" LSH_DEFAULT_DIALOG_LIFE_MAX "1440" diff -Nru krb5-1.16.2/src/windows/leashdll/lshutil.cpp krb5-1.17/src/windows/leashdll/lshutil.cpp --- krb5-1.16.2/src/windows/leashdll/lshutil.cpp 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leashdll/lshutil.cpp 2019-01-08 16:02:37.000000000 +0000 @@ -531,17 +531,6 @@ IAutoCompleteDropDown* pacdd = NULL; hRes = pac->QueryInterface(IID_IAutoCompleteDropDown, (LPVOID*)&pacdd); pac->Release(); - - // @TODO: auto-suggest; other advanced options? -#if 0 - IAutoComplete2 *pac2; - - if (SUCCEEDED(pac->QueryInterface(IID_IAutoComplete2, - (LPVOID*)&pac2))) { - pac2->SetOptions(ACO_AUTOSUGGEST); - pac2->Release(); - } -#endif m_acdd = pacdd; } } diff -Nru krb5-1.16.2/src/windows/leashdll/Makefile.in krb5-1.17/src/windows/leashdll/Makefile.in --- krb5-1.16.2/src/windows/leashdll/Makefile.in 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leashdll/Makefile.in 2019-01-08 16:02:37.000000000 +0000 @@ -1,39 +1,17 @@ BUILDTOP=..\.. -##FIX ME: Enable proper compilation with AFS -NO_AFS=1 - -!ifndef NO_AFS -###AFS_BASE= -AFS_INCLUDES=-I$(AFS_BASE)\Include -AFS_LIB=$(AFS_BASE)\lib -AFS_LIBS=$(AFS_LIB)\afsauthent.lib -!else -AFS_INCLUDES= -AFS_LIBS= -!endif - -DLL_NAME=leashw32 - -# Use 64-bit DLL_NAME and DEF_FILE on 64-bit platforms -!if ("$(CPU)" == "IA64") || ("$(CPU)" == "AMD64") || ("$(CPU)" == "ALPHA64") -DLL_NAME=leashw64 -!endif - +DLL_NAME=leashw$(BITS) DEF_FILE=leashw32.def -OBJS= $(OUTPRE)AFSroutines.$(OBJEXT) \ - $(OUTPRE)krb5routines.$(OBJEXT) \ +OBJS= $(OUTPRE)krb5routines.$(OBJEXT) \ $(OUTPRE)leashdll.$(OBJEXT) \ $(OUTPRE)leasherr.$(OBJEXT) \ $(OUTPRE)lsh_pwd.$(OBJEXT) \ - $(OUTPRE)lshcallb.$(OBJEXT) \ $(OUTPRE)lshfunc.$(OBJEXT) \ $(OUTPRE)lshutil.$(OBJEXT) \ $(OUTPRE)timesync.$(OBJEXT) \ $(OUTPRE)winerr.$(OBJEXT) \ - $(OUTPRE)winutil.$(OBJEXT) \ - $(OUTPRE)registry.$(OBJEXT) + $(OUTPRE)winutil.$(OBJEXT) #TODO: Fix resource compilation RESFILE = $(OUTPRE)lsh_pwd.res @@ -48,25 +26,21 @@ # Set NODEBUG if building release instead of debug -LOCALINCLUDES = -I$(BUILDTOP)\include -I$(BUILDTOP)\windows\include -I.\include\krb4 $(AFS_INCLUDES) +LOCALINCLUDES = -I$(BUILDTOP)\include -I$(BUILDTOP)\windows\include WINLIBS = kernel32.lib advapi32.lib user32.lib gdi32.lib Version.lib \ - ws2_32.lib dnsapi.lib $(BUILDTOP)\ccapi\lib\win\srctmp\$(CCLIB).lib $(AFS_LIBS) + ws2_32.lib dnsapi.lib $(BUILDTOP)\ccapi\lib\win\srctmp\$(CCLIB).lib WINDLLFLAGS = /nologo /dll /incremental:no /release $(LOPTS) -DEFINES = -DWINSOCK -DWIN32 -DWINDOWS -DNO_KRB4 -DUSE_MESSAGE_BOX +DEFINES = -DWINSOCK -DWIN32 -DWINDOWS -DUSE_MESSAGE_BOX !ifdef NODEBUG DEFINES = $(DEFINES) !else DEFINES = $(DEFINES) -DDBG !endif -!ifdef NO_AFS -DEFINES = $(DEFINES) -DNO_AFS -!endif - all-windows: all-windows: $(OUTPRE)$(DLL_NAME).dll @@ -75,7 +49,7 @@ $(OUTPRE)$(DLL_NAME).dll: $(DEF_FILE) $(OBJS) $(XOBJS) link $(WINDLLFLAGS) -def:$(DEF_FILE) -out:$*.dll \ - $(OBJS) $(XOBJS) $(WINLIBS) ../lib/$(OUTPRE)libwin.lib $(SCLIB) + $(OBJS) $(XOBJS) $(WINLIBS) ../lib/$(OUTPRE)libwin.lib $(_VC_MANIFEST_EMBED_DLL) #TODO: Add dependencies on include files here diff -Nru krb5-1.16.2/src/windows/leashdll/registry.c krb5-1.17/src/windows/leashdll/registry.c --- krb5-1.16.2/src/windows/leashdll/registry.c 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leashdll/registry.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,105 +0,0 @@ -#include -#include "leash-int.h" - -static -LONG -write_registry_setting_ex( - HKEY hRoot, - char* setting, - DWORD type, - void* buffer, - size_t size - ) -{ - HKEY hKey = 0; - LONG rc = 0; - - if (rc = RegCreateKeyEx(hRoot, LEASH_SETTINGS_REGISTRY_KEY_NAME, 0, 0, 0, - KEY_ALL_ACCESS, 0, &hKey, 0)) - goto cleanup; - - rc = RegSetValueEx(hKey, setting, 0, type, (LPBYTE)buffer, size); - cleanup: - if (hKey) - RegCloseKey(hKey); - return rc; -} - -LONG -write_registry_setting( - char* setting, - DWORD type, - void* buffer, - size_t size - ) -{ - return write_registry_setting_ex(HKEY_CURRENT_USER, - setting, - type, - buffer, - size); -} - -static -LONG -read_registry_setting_ex( - HKEY hRoot, - char* setting, - void* buffer, - size_t size - ) -{ - HKEY hKey = 0; - LONG rc = 0; - DWORD dwType; - DWORD dwCount; - - if (rc = RegOpenKeyEx(hRoot, - LEASH_SETTINGS_REGISTRY_KEY_NAME, - 0, KEY_QUERY_VALUE, &hKey)) - goto cleanup; - - memset(buffer, 0, size); - dwCount = size; - rc = RegQueryValueEx(hKey, setting, NULL, &dwType, (LPBYTE)buffer, - &dwCount); - cleanup: - if (hKey) - RegCloseKey(hKey); - return rc; -} - -LONG -read_registry_setting_user( - char* setting, - void* buffer, - size_t size - ) -{ - return read_registry_setting_ex(HKEY_CURRENT_USER, setting, buffer, size); -} - -static -LONG -read_registry_setting_machine( - char* setting, - void* buffer, - size_t size - ) -{ - return read_registry_setting_ex(HKEY_LOCAL_MACHINE, setting, buffer, size); -} - -LONG -read_registry_setting( - char* setting, - void* buffer, - size_t size - ) -{ - LONG rc; - rc = read_registry_setting_user(setting, buffer, size); - if (!rc) return rc; - rc = read_registry_setting_machine(setting, buffer, size); - return rc; -} diff -Nru krb5-1.16.2/src/windows/leashdll/timesync.c krb5-1.17/src/windows/leashdll/timesync.c --- krb5-1.16.2/src/windows/leashdll/timesync.c 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leashdll/timesync.c 2019-01-08 16:02:37.000000000 +0000 @@ -8,15 +8,7 @@ #include #include -#ifndef NO_KRB4 -#include -#endif - -#ifdef WSHELPER -#include -#else #include -#endif #include #include "leasherr.h" @@ -80,7 +72,7 @@ LONG -not_an_API_LeashGetTimeServerName( +get_time_server_name( char *timeServerName, const char *valueName ) @@ -167,11 +159,7 @@ WSADATA wsaData; char name[80]; - if ((pkrb5_init_context == NULL) -#ifndef NO_KRB4 - && (ptkt_string == NULL) -#endif - ) + if (pkrb5_init_context == NULL) return(0); wVersionRequested = 0x0101; @@ -192,7 +180,7 @@ else Port = sp->s_port; - not_an_API_LeashGetTimeServerName(hostname, TIMEHOST); + get_time_server_name(hostname, TIMEHOST); rc = ProcessTimeSync(hostname, Port, tmpstr); @@ -228,8 +216,8 @@ { char buffer[512]; int cc; - register long *nettime; - register int s; + long *nettime; + int s; long hosttime; struct hostent *host; struct timeval tv; diff -Nru krb5-1.16.2/src/windows/leashdll/winerr.c krb5-1.17/src/windows/leashdll/winerr.c --- krb5-1.16.2/src/windows/leashdll/winerr.c 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/leashdll/winerr.c 2019-01-08 16:02:37.000000000 +0000 @@ -11,7 +11,6 @@ */ #include -#include "conf.h" // Private Include files #include "leashdll.h" @@ -77,49 +76,3 @@ return (LPSTR)buf; } - -int _export lsh_com_err_proc (LPSTR whoami, long code, - LPSTR fmt, va_list args) -{ -#ifdef USE_MESSAGE_BOX - int retval; - HWND hOldFocus; - char buf[1024], *cp; /* changed to 512 by jms 8/23/93 */ - WORD mbformat = MB_OK | MB_ICONEXCLAMATION; - - cp = buf; - memset(buf, '\0', sizeof(buf)); - cp[0] = '\0'; - - if (code) - { - err_describe(buf, code); - while (*cp) - cp++; - } - - if (fmt) - { - if (fmt[0] == '%' && fmt[1] == 'b') - { - fmt += 2; - mbformat = va_arg(args, WORD); - /* if the first arg is a %b, we use it for the message - box MB_??? flags. */ - } - if (code) - { - *cp++ = '\n'; - *cp++ = '\n'; - } - wvsprintf((LPSTR)cp, fmt, args); - } - hOldFocus = GetFocus(); - retval = MessageBox(/*GetRootParent(hOldFocus)*/NULL, buf, whoami, - mbformat | MB_ICONHAND | MB_TASKMODAL); - SetFocus(hOldFocus); - return retval; -#else - return IDOK; -#endif /* USE_MESSAGE_BOX */ -} diff -Nru krb5-1.16.2/src/windows/lib/cacheapi.h krb5-1.17/src/windows/lib/cacheapi.h --- krb5-1.16.2/src/windows/lib/cacheapi.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/lib/cacheapi.h 2019-01-08 16:02:37.000000000 +0000 @@ -102,21 +102,6 @@ typedef struct opaque_ccache_pointer_type* ccache_p; typedef struct opaque_credential_iterator_type* ccache_cit; -#if 0 -enum _cc_data_type { - type_ticket = 0, /* 0 for ticket, second_ticket */ - /* Ted's draft spec says these are to be - "as defined in the Kerberos V5 protocol" - all I can find are typdefs, - can't find an enumerated type or #define - */ - type_address, /* = <"as defined in the Kerberos V5 protocol"> */ - type_authdata, /* = <"as defined in the Kerberos V5 protocol"> */ - type_encryption, /* = <"as defined in the Kerberos V5 protocol"> */ - cc_data_type_max /* for validation */ -}; -#endif - typedef struct _cc_data { cc_uint32 type; // should be one of _cc_data_type diff -Nru krb5-1.16.2/src/windows/lib/gic.c krb5-1.17/src/windows/lib/gic.c --- krb5-1.16.2/src/windows/lib/gic.c 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/lib/gic.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,157 +0,0 @@ -/* - * Copyright (C) 1997 Cygnus Solutions. - * - * Author: Michael Graff - */ - -#include -#include - -#include -#include -#include - -#include "krb5.h" - -#include "vardlg.h" -#include "gic.h" - -/* - * Steps performed: - * - * 1) Create the dialog with all the windows we will need - * later. This is done by calling vardlg_build() from - * gic_prompter(). - * - * 2) Run the dialog from within gic_prompter(). If the return - * value of the dialog is -1 or IDCANCEL, return an error. - * Otherwise, return success. - * - * 3) From within the dialog initialization code, call - * vardlg_config(), which will: - * - * a) Set all the label strings in all the entry labels and - * the banner. - * - * b) Set the maximum input lengths on the entry fields. - * - * c) Calculate the size of the text used within the banner. - * - * d) Calculate the longest string of text used as a label. - * - * e) Resize each label and each entry within the dialog - * to "look nice." - * - * f) Place the OK and perhaps the Cancel buttons at the bottom - * of the dialog. - * - * 4) When the OK button is clicked, copy all the values from the - * input fields and store them in the pointers we are given. - * Also, set the actual lengths to what we collected from the - * entries. Finally, call EndDialog(IDOK) to end the dialog. - */ - -/* - * Yes, a global. It is a PITA to not use them in windows. - */ -gic_data *gd; - - -/* - * initialize the dialog - */ -static BOOL -gic_dialog_init(HWND hwnd, HWND hwndFocus, LPARAM lParam) -{ - vardlg_config(hwnd, gd->width, gd->banner, gd->num_prompts, - gd->prompts, (WORD)(gd->id)); - - return FALSE; -} - -/* - * process dialog "commands" - */ -static void -gic_dialog_command(HWND hwnd, int cid, HWND hwndCtl, UINT codeNotify) -{ - - int n; - WORD id; - - /* - * We are only interested in button clicks, and then only of - * type IDOK or IDCANCEL. - */ - if (codeNotify != BN_CLICKED) - return; - if (cid != IDOK && cid != IDCANCEL) - return; - - /* - * If we are canceled, wipe all the fields and return IDCANCEL. - */ - if (cid == IDCANCEL) { - EndDialog(hwnd, IDCANCEL); - return; - } - - /* - * must be IDOK... - */ - id = (gd->id + 2); - for (n = 0 ; n < gd->num_prompts ; n++) { - Edit_GetText(GetDlgItem(hwnd, id), gd->prompts[n].reply->data, - gd->prompts[n].reply->length); - gd->prompts[n].reply->length = (unsigned)strlen(gd->prompts[n].reply->data); - id += 2; - } - - EndDialog(hwnd, IDOK); -} - -/* - * The dialog callback. - */ -static INT_PTR CALLBACK -gic_dialog(HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam) -{ - switch (message) { - HANDLE_MSG(hwnd, WM_INITDIALOG, gic_dialog_init); - - HANDLE_MSG(hwnd, WM_COMMAND, gic_dialog_command); - } - - return FALSE; -} - - -/* - * All the disgusting code to use the get_init_creds() functions in a - * broken environment - */ -krb5_error_code KRB5_CALLCONV -gic_prompter(krb5_context ctx, void *data, const char *name, - const char *banner, int num_prompts, krb5_prompt prompts[]) -{ - int rc; - void *dlg; - - gd = data; - - gd->banner = banner; - gd->num_prompts = num_prompts; - gd->prompts = prompts; - if (gd->width == 0) - gd->width = 450; - - dlg = vardlg_build((WORD)(gd->width), name, gd->banner, - (WORD)num_prompts, prompts, (WORD)(gd->id)); - - rc = DialogBoxIndirect(gd->hinstance, (LPDLGTEMPLATE)dlg, gd->hwnd, gic_dialog); - - if (rc != IDOK) - return 1; - - return 0; -} diff -Nru krb5-1.16.2/src/windows/lib/gic.h krb5-1.17/src/windows/lib/gic.h --- krb5-1.16.2/src/windows/lib/gic.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/lib/gic.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,28 +0,0 @@ -/* - * Copyright (C) 1997 Cygnus Solutions - * - * Author: Michael Graff - */ - -#ifndef _WINDOWS_LIB_GIC_H -#define _WINDOWS_LIB_GIC_H - -#include -#include - -#include "krb5.h" - -typedef struct { - HINSTANCE hinstance; /* application instance */ - HWND hwnd; /* parent window */ - WORD id; /* starting ID */ - WORD width; /* max width of the dialog box */ - const char *banner; /* the banner */ - WORD num_prompts; /* the number of prompts we were passed */ - krb5_prompt *prompts; /* the prompts themselves */ -} gic_data; - -krb5_error_code KRB5_CALLCONV gic_prompter(krb5_context, void *, const char *, - const char *, int, krb5_prompt []); - -#endif /* _WINDOWS_LIB_GIC_H */ diff -Nru krb5-1.16.2/src/windows/lib/Makefile.in krb5-1.17/src/windows/lib/Makefile.in --- krb5-1.16.2/src/windows/lib/Makefile.in 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/lib/Makefile.in 2019-01-08 16:02:37.000000000 +0000 @@ -4,11 +4,10 @@ lib-windows: $(OUTPRE)libwin.lib -SRCS= vardlg.c gic.c registry.c loadfuncs.c +SRCS= loadfuncs.c -OBJS= $(OUTPRE)vardlg.obj $(OUTPRE)gic.obj $(OUTPRE)registry.obj \ - $(OUTPRE)loadfuncs.obj +OBJS= $(OUTPRE)loadfuncs.obj $(OUTPRE)libwin.lib: $(OBJS) diff -Nru krb5-1.16.2/src/windows/lib/registry.c krb5-1.17/src/windows/lib/registry.c --- krb5-1.16.2/src/windows/lib/registry.c 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/lib/registry.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,232 +0,0 @@ -/* - * Copyright (c) 1997 Cygnus Solutions - * - * Author: Michael Graff - */ - -#include -#include -#include - -#include "registry.h" - -HKEY -registry_open(HKEY hkey, char *base, REGSAM sam) -{ - HKEY k = INVALID_HANDLE_VALUE; - DWORD err; - - /* - * if the base path is null, return the already open key in hkey - */ - if (base == NULL) - return hkey; - - err = RegOpenKeyEx(hkey, base, 0, sam, &hkey); - if (err != ERROR_SUCCESS) - return INVALID_HANDLE_VALUE; - - return hkey; -} - -void -registry_close(HKEY hkey) -{ - CloseHandle(hkey); -} - -HKEY -registry_key_create(HKEY hkey, char *sub, REGSAM sam) -{ - HKEY key; - DWORD err; - DWORD disp; - - err = RegCreateKeyEx(hkey, sub, 0, 0, REG_OPTION_NON_VOLATILE, sam, - NULL, &key, &disp); - if (err != ERROR_SUCCESS) - return INVALID_HANDLE_VALUE; - - return key; -} - -int -registry_key_delete(HKEY hkey, char *sub) -{ - DWORD err; - - err = RegDeleteKey(hkey, sub); - if (err != ERROR_SUCCESS) - return -1; - - return 0; -} - -int -registry_string_get(HKEY hkey, char *sub, char **val) -{ - DWORD err; - DWORD type; - DWORD datasize; - - err = RegQueryValueEx(hkey, sub, 0, &type, 0, &datasize); - if (err != ERROR_SUCCESS || type != REG_SZ) { - *val = NULL; - return -1; - } - - *val = malloc(datasize); - if (*val == NULL) - return -1; - - err = RegQueryValueEx(hkey, sub, 0, &type, *val, &datasize); - if (err != ERROR_SUCCESS) { - free(*val); - *val = NULL; - return -1; - } - - return 0; -} - -int -registry_dword_get(HKEY hkey, char *sub, DWORD *val) -{ - DWORD err; - DWORD type; - DWORD datasize; - - err = RegQueryValueEx(hkey, sub, 0, &type, 0, &datasize); - if (err != ERROR_SUCCESS || type != REG_DWORD) { - *val = 0; - return -1; - } - - err = RegQueryValueEx(hkey, sub, 0, &type, (BYTE *)val, &datasize); - if (err != ERROR_SUCCESS) { - *val = 0; - return -1; - } - - return 0; -} - -int -registry_string_set(HKEY hkey, char *sub, char *x) -{ - DWORD err; - - err = RegSetValueEx(hkey, sub, 0, REG_SZ, (BYTE *)x, (DWORD)strlen(x) + 1); - if (err != ERROR_SUCCESS) - return -1; - - return 0; -} - -int -registry_dword_set(HKEY hkey, char *sub, DWORD x) -{ - DWORD err; - - err = RegSetValueEx(hkey, sub, 0, REG_DWORD, (CONST BYTE *)&x, sizeof(DWORD)); - if (err != ERROR_SUCCESS) - return -1; - - return 0; -} - -int -registry_keyval_dword_set(HKEY hkey, char *base, char *sub, DWORD val) -{ - HKEY k; - int err; - - k = registry_open(hkey, base, KEY_WRITE); - if (k == INVALID_HANDLE_VALUE) - return -1; - - err = registry_dword_set(k, sub, val); - - registry_close(k); - - return err; -} - -int -registry_keyval_dword_get(HKEY hkey, char *base, char *sub, DWORD *val) -{ - HKEY k; - int err; - - k = registry_open(hkey, base, KEY_READ); - if (k == INVALID_HANDLE_VALUE) - return -1; - - err = registry_dword_get(k, sub, val); - - registry_close(k); - - return err; -} - -int -registry_keyval_string_get(HKEY hkey, char *base, char *sub, char **val) -{ - HKEY k; - int err; - - k = registry_open(hkey, base, KEY_READ); - if (k == INVALID_HANDLE_VALUE) { - *val = NULL; - return -1; - } - - err = registry_string_get(k, sub, val); - - registry_close(k); - - return err; -} - -int -registry_keyval_string_set(HKEY hkey, char *base, char *sub, char *val) -{ - HKEY k; - int err; - - k = registry_open(hkey, base, KEY_WRITE); - if (k == INVALID_HANDLE_VALUE) - return -1; - - err = registry_string_set(k, sub, val); - - registry_close(k); - - return err; -} - -int -registry_value_delete(HKEY hkey, char *sub) -{ - if (RegDeleteValue(hkey, sub)) - return -1; - - return 0; -} - -int -registry_keyval_delete(HKEY hkey, char *base, char *sub) -{ - HKEY k; - int err; - - k = registry_open(hkey, base, KEY_WRITE); - if (k == INVALID_HANDLE_VALUE) - return -1; - - err = registry_value_delete(k, sub); - - registry_close(k); - - return err; -} diff -Nru krb5-1.16.2/src/windows/lib/registry.h krb5-1.17/src/windows/lib/registry.h --- krb5-1.16.2/src/windows/lib/registry.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/lib/registry.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,40 +0,0 @@ -/* - * Copyright (c) 1997 Cygnus Solutions - * - * Author: Michael Graff - */ - -#ifndef LIB_WINDOWS_REGISTRY_H -#define LIB_WINDOWS_REGISTRY_H - -#include -#include - -HKEY registry_open(HKEY, char *, REGSAM); -void registry_close(HKEY); -HKEY registry_key_create(HKEY, char *, REGSAM); -int registry_key_delete(HKEY, char *); -int registry_string_get(HKEY, char *, char **); -int registry_dword_get(HKEY, char *, DWORD *); -int registry_string_set(HKEY, char *, char *); -int registry_dword_set(HKEY, char *, DWORD); -int registry_keyval_dword_set(HKEY, char *, char *, DWORD); -int registry_keyval_dword_get(HKEY, char *, char *, DWORD *); -int registry_keyval_string_get(HKEY, char *, char *, char **); -int registry_keyval_string_set(HKEY, char *, char *, char *); -int registry_value_delete(HKEY, char *); -int registry_keyval_delete(HKEY, char *, char *); - -#define CYGNUS_SOLUTIONS "SOFTWARE\\Cygnus Solutions" - -#define KERBNET_SANS_VERSION CYGNUS_SOLUTIONS "\\Kerbnet" -#define KERBNET_BASE KERBNET_SANS_VERSION "\\1" - -#define KERBNET_TELNET_BASE KERBNET_BASE "\\telnet" -#define KERBNET_TELNET_HOST KERBNET_TELNET_BASE "\\hosts" - -#define KERBNET_CNS_BASE KERBNET_BASE "\\cns" - -#define KERBNET_HOME "KERBNET_HOME" - -#endif /* LIB_WINDOWS_REGISTRY_H */ diff -Nru krb5-1.16.2/src/windows/lib/vardlg.c krb5-1.17/src/windows/lib/vardlg.c --- krb5-1.16.2/src/windows/lib/vardlg.c 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/lib/vardlg.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,454 +0,0 @@ -/* - * Copyright (C) 1997 Cygnus Solutions. - * - * Author: Michael Graff - */ -/* - * Dialog box building for various numbers of (label, entry) fields. - * - * This code is somewhat hardcoded to build boxes for the krb5_get_init_creds() - * function. - */ - -#include -#include - -#include -#include -#include - -#include "krb5.h" -#include "vardlg.h" - -/* - * a hack, I know... No error checking below, either. - */ -static unsigned char dlg[DLG_BUF]; - -/* - * Add a WORD (16-bit int) to the buffer. Return the number of characters - * added. - */ -static int -ADD_WORD(unsigned char *p, WORD w) -{ - *((WORD *)p) = w; - - return 2; -} - -static int -ADD_DWORD(unsigned char *p, DWORD dw) -{ - *((DWORD *)p) = dw; - - return 4; -} - -static size_t -ADD_UNICODE_STRING(unsigned char *p, const char *s) -{ - WORD *w; - size_t i; - size_t len; - - w = (WORD *)p; - - len = strlen(s) + 1; /* copy the null, too */ - - for (i = 0 ; i < len ; i++) - *w++ = *s++; - - return (len * 2); -} - -#define DWORD_ALIGN(p) { while ((DWORD)p % 4) *p++ = 0x00; } - -static size_t -ADD_DLGTEMPLATE(unsigned char *dlg, short x, short y, short cx, short cy, - const char *caption, const char *fontname, WORD fontsize, - WORD n) -{ - unsigned char *p; - DLGTEMPLATE dlt; - - p = dlg; - - dlt.style = (DS_MODALFRAME | WS_POPUP); - if (caption != NULL) - dlt.style |= WS_CAPTION; - if (fontname != NULL) - dlt.style |= DS_SETFONT; - dlt.dwExtendedStyle = 0; - dlt.cdit = n; - dlt.x = x; - dlt.y = y; - dlt.cx = cx; - dlt.cy = cy; - memcpy(p, &dlt, sizeof(dlt)); - p += sizeof(dlt); - - p += ADD_WORD(p, 0x0000); /* menu == none */ - - p += ADD_WORD(p, 0x0000); /* class == default? */ - - if (caption != NULL) - p += ADD_UNICODE_STRING(p, caption); - else - p += ADD_WORD(p, 0x0000); - - if (fontname != NULL) { - p += ADD_WORD(p, fontsize); - p += ADD_UNICODE_STRING(p, fontname); - } - - DWORD_ALIGN(p); - - return (p - dlg); -} - -static size_t -ADD_DLGITEM(unsigned char *dlg, short x, short y, short cx, short cy, - const char *label, WORD id, WORD type, DWORD style) -{ - unsigned char *p; - DLGITEMTEMPLATE dit; - - p = dlg; - - dit.style = style; - dit.dwExtendedStyle = 0; - dit.x = x; - dit.y = y; - dit.cx = cx; - dit.cy = cy; - dit.id = id; - memcpy(p, &dit, sizeof(dit)); - p += sizeof(dit); - - p += ADD_WORD(p, 0xffff); - p += ADD_WORD(p, type); - - p += ADD_UNICODE_STRING(p, label); - - /* - * creation data? For now, just make this empty, like the resource - * compiler does. - */ - p += ADD_WORD(p, 0x0000); - - DWORD_ALIGN(p); - - return (p - dlg); -} - -#define ADD_DLGITEM_defpushbutton(a, b, c, d, e, f, g) \ - ADD_DLGITEM((a), (b), (c), (d), (e), (f), (g), 0x0080, 0x50010001); - -#define ADD_DLGITEM_pushbutton(a, b, c, d, e, f, g) \ - ADD_DLGITEM((a), (b), (c), (d), (e), (f), (g), 0x0080, 0x50010000); - -#define ADD_DLGITEM_left_static(a, b, c, d, e, f, g) \ - ADD_DLGITEM((a), (b), (c), (d), (e), (f), (g), 0x0082, 0x50020000); - -#define ADD_DLGITEM_centered_static(a, b, c, d, e, f, g) \ - ADD_DLGITEM((a), (b), (c), (d), (e), (f), (g), 0x0082, 0x50020001); - -#define ADD_DLGITEM_right_static(a, b, c, d, e, f, g) \ - ADD_DLGITEM((a), (b), (c), (d), (e), (f), (g), 0x0082, 0x50020002); - -#define ADD_DLGITEM_entry(a, b, c, d, e, f, g) \ - ADD_DLGITEM((a), (b), (c), (d), (e), (f), (g), 0x0081, 0x50810080); - -#define ADD_DLGITEM_hidden_entry(a, b, c, d, e, f, g) \ - ADD_DLGITEM((a), (b), (c), (d), (e), (f), (g), 0x0081, 0x508100a0); - - -/* - * "build" the dialog box. In this bit of code, we create the dialog box, - * create the OK button, and a static label for the banner text. - * - * If there are items, we also create a Cancel button and one (label, entry) - * fields for each item. - */ -void * -vardlg_build(WORD cx, const char *name, const char *banner, - WORD n, krb5_prompt prompts[], WORD id) -{ - unsigned char *p; - WORD i; - - p = dlg; /* global */ - - if (cx < MIN_WIDTH) - cx = MIN_WIDTH; - if (cx > MAX_WIDTH) - cx = MAX_WIDTH; - - /* - * Store the dialog template - */ - p += ADD_DLGTEMPLATE(p, 0, 0, cx, 0, name ? - strlen(name) < 30 ? name : "Kerberos V5" : - "Kerberos V5", - "MS Sans Serif", 8, - (WORD)(n * 2 + 3)); - - /* - * Create a label for the banner. This will be ID (id). - */ - p += ADD_DLGITEM_left_static(p, 0, 0, 0, 0, "", id++); - - /* - * Each label field is ID (id + 1) + (item * 2), and each entry field - * is (id + 2) + (item * 2) - */ - for (i = 0 ; i < n ; i++) { - p += ADD_DLGITEM_right_static(p, 0, 0, 0, 0, "", id++); - if (prompts[i].hidden) { - p += ADD_DLGITEM_hidden_entry(p, 0, 0, 0, 0, "", id++); - } else { - p += ADD_DLGITEM_entry(p, 0, 0, 0, 0, "", id++); - } - } - - /* - * Create the OK and Cancel buttons. - */ - p += ADD_DLGITEM_defpushbutton(p, 0, 0, 0, 0, - "OK", IDOK); - if (n != 0) - p += ADD_DLGITEM_pushbutton(p, 0, 0, 0, 0, - "Cancel", IDCANCEL); - - return dlg; -} - -#define SPACE_Y 4 /* logical units */ -#define SPACE_X 4 /* logical units */ -#define ENTRY_PX 120 /* pixels */ -#define BUTTON_PX 70 /* pixels */ -#define BUTTON_PY 30 /* pixels */ - -void -vardlg_config(HWND hwnd, WORD width, const char *banner, WORD num_prompts, - krb5_prompt *prompts, WORD id) -{ - int n; - WORD cid; - HDC hdc; - SIZE csize; - SIZE maxsize; - LONG cx, cy; - LONG ccx, ccy; - LONG space_x, space_y; - LONG max_x, max_y; - LONG banner_y; - RECT rect; - int done; - const char *p; - - /* - * First, set the banner's text. - */ - Static_SetText(GetDlgItem(hwnd, id), banner); - - /* - * Next, run through the items and set their static text. - * Also, set the corresponding edit string and set the - * maximum input length. - */ - cid = (id + 1); - - for (n = 0 ; n < num_prompts ; n++) { - Static_SetText(GetDlgItem(hwnd, cid), prompts[n].prompt); - cid++; - Edit_SetText(GetDlgItem(hwnd, cid), ""); - Edit_LimitText(GetDlgItem(hwnd, cid), prompts[n].reply->length); - cid++; - } - - /* - * Now run through the entry fields and find the longest string. - */ - maxsize.cx = maxsize.cy = 0; - cid = (id + 1); - hdc = GetDC(GetDlgItem(hwnd, cid)); /* assume one label is the same as all the others */ - - for (n = 0 ; n < num_prompts ; n++) { - GetTextExtentPoint32(hdc, prompts[n].prompt, (int)strlen(prompts[n].prompt), &csize); - if (csize.cx > maxsize.cx) - maxsize.cx = csize.cx; - if (csize.cy > maxsize.cy) - maxsize.cy = csize.cy; - } - -#if 0 - /* - * convert the maximum values into pixels. Ugh. - */ - rect.left = 0; - rect.top = 0; - rect.right = maxsize.cx; - rect.bottom = maxsize.cy; - MapDialogRect(hwnd, &rect); - - max_x = rect.right; - max_y = rect.bottom; -#else - max_x = maxsize.cx; - max_y = (long)(((double)maxsize.cy) * 1.5); -#endif - - /* - * convert the spacing values, too. Ugh. Ugh. - */ - rect.left = 0; - rect.top = 0; - rect.right = SPACE_X; - rect.bottom = SPACE_Y; - MapDialogRect(hwnd, &rect); - - space_x = rect.right; - space_y = rect.bottom; - - /* - * Now we know the maximum length of the string for the entry labels. Guestimate - * that the entry fields should be ENTRY_PX pixels long and resize the dialog - * window to fit the longest string plus the entry fields (plus a little for the - * spacing between the edges of the windows and the static and edit fields, and - * between the static and edit fields themselves.) - */ - cx = max_x + ENTRY_PX + (space_x * 3); - cy = (max_y + space_y) * num_prompts; - - /* - * resize the dialog box itself (take 1) - */ - SetWindowPos(hwnd, HWND_TOPMOST, - 0, 0, - cx + 10, cy + 30, - SWP_NOMOVE); - - /* - * position the dialog items. First, the banner. (take 1) - */ - SetWindowPos(GetDlgItem(hwnd, id), HWND_BOTTOM, - space_x, space_y, - (cx - space_x * 2), max_y, - 0); - - /* - * Now that the window for the banner is in place, convert the width into logical units - * and find out how many lines we need to reserve room for. - */ - done = 0; - p = banner; - banner_y = 0; - - do { - int nFit; - int pDx[128]; - - hdc = GetDC(GetDlgItem(hwnd, id)); - - GetTextExtentExPoint(hdc, p, (int)strlen(p), cx, &nFit, - pDx, &csize); - - banner_y += csize.cy; - - p += nFit; - - } while (*p != 0); - - banner_y += space_y; - - /* - * position the banner (take 2) - */ - SetWindowPos(GetDlgItem(hwnd, id), HWND_BOTTOM, - space_x, space_y, - (cx - space_x * 2), banner_y, - 0); - - /* - * Don't forget to include the banner estimate and the buttons, too. Once again, - * assume the buttons are BUTTON_PY pixels high. The extra three space_y's are - * for between the top of the dialog and the banner, between the banner and the - * first label, and between the buttons and the bottom of the screen. - */ - cy += banner_y + BUTTON_PY + (space_y * 3); - - /* - * resize the dialog box itself (Again... ugh!) - */ - SetWindowPos(hwnd, HWND_TOPMOST, - 0, 0, - cx + 10, cy + 30, - SWP_NOMOVE); - - cid = (id + 1); - ccy = banner_y + (space_y * 2); - ccx = max_x + (space_x * 2); /* where the edit fields start */ - - for (n = 0 ; n < num_prompts ; n++) { - SetWindowPos(GetDlgItem(hwnd, cid), HWND_BOTTOM, - space_x, ccy, - max_x, max_y, 0); - cid++; - SetWindowPos(GetDlgItem(hwnd, cid), HWND_BOTTOM, - ccx, ccy, - ENTRY_PX, max_y - 3, 0); - cid++; - ccy += (max_y + space_y); - } - - /* - * Now the buttons. If there are any entries we will have both an OK and a - * Cancel button. If we don't have any entries, we will have only an OK. - */ - if (num_prompts == 0) { - SetWindowPos(GetDlgItem(hwnd, IDOK), HWND_BOTTOM, - (cx / 2), cy - space_y - BUTTON_PY, - BUTTON_PX, BUTTON_PY, 0); - } else { - SetWindowPos(GetDlgItem(hwnd, IDOK), HWND_BOTTOM, - space_x, cy - space_y - BUTTON_PY, - BUTTON_PX, BUTTON_PY, 0); - SetWindowPos(GetDlgItem(hwnd, IDCANCEL), HWND_BOTTOM, - cx - space_x - BUTTON_PX, cy - space_y - BUTTON_PY, - BUTTON_PX, BUTTON_PY, 0); - } - - return; -} - -/* - * To use these functions, first create the dialog box and entries. - * You will always get an OK button. If there are at least one item, - * you will also get a cancel button. The OK button is IDOK, and the cancel - * button is IDCANCEL, as usual. - * - * After calling bld_dlg, the banner will have ID "id", and the labels - * will be "1 + id + i * 2" (i is the entry number, starting with zero) and - * the entries will be "2 + id + i * 2". - * - * unsigned char *dlg = vardlg_build(minwidth, banner, num_prompts, - * krb5_prompt[], id); - * - * Then, "run" the dialog using: - * - * rc = DialogBoxIndirect(hinstance, (LPDLGTEMPLATE)dlg, - * HWND_DESKTOP, myDialogProc); - * - * Note that the vardlg_build function uses a static data area and so cannot - * be used more than once before the DialogBoxIndirect() procedure is called. - * I assume windows won't need that area after that call is complete. - * - * In the dialog's _initialization_ procedure, call - * - * vardlg_config(hwnd, banner, num_prompts, krb5_prompt[], id); - * - * This function will resize the various elements of the dialog and fill in the - * labels. - */ diff -Nru krb5-1.16.2/src/windows/lib/vardlg.h krb5-1.17/src/windows/lib/vardlg.h --- krb5-1.16.2/src/windows/lib/vardlg.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/lib/vardlg.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,32 +0,0 @@ -/* - * Copyright (C) 1997 Cygnus Solutions - * - * Author: Michael Graff - */ - -#ifndef _WINDOWS_LIB_VARDLG_H -#define _WINDOWS_LIB_VARDLG_H - -#include -#include - -#define DLG_BUF 4096 - -/* - * The minimum and maximum dialog box widths we will allow. - */ -#define MIN_WIDTH 350 -#define MAX_WIDTH 600 - -/* - * "build" the dialog box. In this bit of code, we create the dialog box, - * create the OK button, and a static label for the banner text. - * - * If there are items, we also create a Cancel button and one (label, entry) - * fields for each item. - */ -void *vardlg_build(WORD, const char *, const char *, WORD, krb5_prompt *, WORD); - -void vardlg_config(HWND, WORD, const char *, WORD, krb5_prompt *, WORD); - -#endif /* _WINDOWS_LIB_VARDLG_H */ diff -Nru krb5-1.16.2/src/windows/Makefile.in krb5-1.17/src/windows/Makefile.in --- krb5-1.16.2/src/windows/Makefile.in 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/Makefile.in 2019-01-08 16:02:37.000000000 +0000 @@ -3,4 +3,4 @@ !ifndef NO_LEASH LEASH=leash !endif -SUBDIRS= lib leashdll $(LEASH) cns ms2mit kfwlogon +SUBDIRS= lib leashdll $(LEASH) ms2mit kfwlogon diff -Nru krb5-1.16.2/src/windows/README krb5-1.17/src/windows/README --- krb5-1.16.2/src/windows/README 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/README 2019-01-08 16:02:37.000000000 +0000 @@ -6,61 +6,70 @@ not present in the Unix krb5 distribution, most notably the MIT Kerberos Ticket Manager application. -To build Kerberos 5 on Windows, you will need the Windows SDK (XP SP3 -or later), VisualStudio (2010 Professional SP1), a version of Perl, and some -common Unix utilities such as sed/awk/cp/cat installed in the -command-line path. To build an MSI installer, you will additionally -need the Windows Installer XML (WiX) toolkit, and to ensure that -the HTML Help Compiler (hhc.exe) and the WiX tools are in your command-line -path. WiX version 3.5 is verified to work with this codebase; WiX 3.7 -and newer are incompatible with this codebase. Visual Studio 2012 and -the Windows SDK 8 introduce some changes which alter the Kerberos build -procedure slightly (noted where appropriate). - -The Unix utilities can be obtained via the Utilities and SDK for UNIX-based -Aplications, which may be enabled as a Windows feature and then the -components installed. Note that the Windows nmake will not find the -SUA awk utility in the path unless it is named awk.exe; the permissions -on the utility may need correcting if awk.exe is created as a copy of -the original awk. - -There is a version of perl available through the SUA, but it is not -sufficient to build krb5. An external perl such as Strawberry Perl -or ActiveState Perl is necessary. +To build Kerberos 5 on Windows, you will need the following: + +* A version of Visual Studio (at least 2013) which includes the + Microsoft Foundation Classes libraries. These instructions will + work for Visual Studio 2017 Community or Professional, both of which + include the MFC libraries if the "Visual C++ MFC" checkbox is + selected after enabling the "Desktop development with C++" workload. + If you do not plan to build the graphical ticket manager + application, the MFC libraries are not required. + +* A version of Perl. + +* Some common Unix utilities such as sed/awk/cp/cat installed in the + command-line path. + +* To build an MSI installer, the Windows Installer XML (WiX) toolkit, + and to ensure that the HTML Help Compiler (hhc.exe) and the WiX + tools are in your command-line path. WiX version 3.11.1 is verified + to work with this codebase. + +A simple way to get the necessary Unix utilities is to install Git +BASH from https://gitforwindows.org and configure it to add the Unix +utilities to the command-line path. In some versions of Windows (not +the most current versions), the Unix utilities can alternatively be +obtained via the Utilities and SDK for UNIX-based Aplications, which +may be enabled as a Windows feature and then the components installed. +Note that the Windows nmake will not find the SUA awk utility in the +path unless it is named awk.exe; the permissions on the utility may +need correcting if awk.exe is created as a copy of the original awk. + +Git BASH contains a version of Perl, which will work to build krb5 if +the newlines in the source tree are not translated to native newlines. +Strawberry Perl will work regardless of whether newlines are +translated. If both Git BASH and Strawberry Perl are installed, you +may need to adjust the command line path to ensure that the preferred +Perl appears first. The krb5 source tree may be obtained either directly on the Windows -machine with a native git client cloning the krb5 public mirror -at https://github.com/krb5/krb5.git or on a separate (Unix) machine -and copied over, such as from a VM host onto a Windows VM. -The kerbsrc.zip method is no longer supported. - -After the Windows SDK is installed, you should be able to invoke an -SDK command prompt via the start menu (All Programs -> Microsoft -Windows SDK vX.Y -> Windows SDK X.Y Command Prompt). Within this -window, you can change the build target using the setenv command; run -"setenv /?" or see the Windows SDK documentation for details. At the -current time, Kerberos 5 can only be built for the x64 target if the -host platform is also 64-bit, because it compiles and runs programs -during the build. The Windows SDK version 8 does not provide an SDK -command prompt; the "Developer Command Prompt for VS2012" or "Visual Studio -Command Prompt" must be used instead. Accordingly, there is no setenv script -to configure the build environment for different target architectures; the -"vcvarsall.bat" script provided by Visual Studio serves this function. +machine with a native git client cloning the krb5 public mirror at +https://github.com/krb5/krb5.git or on a separate (Unix) machine and +copied over, such as from a VM host onto a Windows VM. If you are +checking out the sources with git and are using the Git BASH Perl, +make sure to set git's core.autocrlf variable to "input" or "false" to +avoid translating newlines. + +After Visual Studio is installed, you should be able to invoke 32-bit +and 64-bit command prompts via the start menu (Visual Studio 2017 -> +x86 Native Tools Command Prompt and x64 Native Tools Command Prompt). +At the current time, Kerberos 5 can only be built for the x64 target +if the host platform is also 64-bit, because it compiles and runs +programs during the build. IMPORTANT NOTE: By default, the sources are built with debug information and linked against the debug version of the Microsoft C Runtime library, which is not found on most Windows systems unless -they have development tools, and requires a separate license to distribute. -To build a release version, you need to define NODEBUG either in the -environment or the nmake command-line and use setenv to enter a release -build environment with "setenv /release" (when using Windows SDK versions -lower than 8). Debug information in the compiled binaries and libraries -may be retained by defining DEBUG_SYMBOL in the environment or on the nmake -command line. +they have development tools, and requires a separate license to +distribute. To build a release version, you need to define NODEBUG +either in the environment or the nmake command-line. Debug +information in the compiled binaries and libraries may be retained by +defining DEBUG_SYMBOL in the environment or on the nmake command line. -Building the code and installer ------------------------- +Building the code and installer: +------------------------------- First, make sure you have sed, (g)awk, cat, and cp. You must also define KRB_INSTALL_DIR either in the environment or @@ -70,28 +79,40 @@ is run. The 64-bit installer provides 32-bit libraries, so a 32-bit build and install must be performed before the 64-bit build. - 1) set CPU=i386 # Get 32-bit target in environment - 2) set KRB_INSTALL_DIR=\path\to\dir # Where bin/include/lib lives - 3) setenv /x86 [/release] # Tell nmake to target 32-bit - (with Visual Studio 2012, use "vcvarsall.bat x86") - 4) cd xxx/src # Go to where the source lives - 5) nmake -f Makefile.in prep-windows # Create Makefile for Windows - 6) nmake [NODEBUG=1] # Build the sources - 7) nmake install [NODEBUG=1] # Copy headers, libs, executables - 8) cd windows\installer\wix # Go to where the installer source is - 9) nmake # Build the installer -10) rename kfw.msi kfw32.msi # Save the 32-bit installer -11) set CPU=AMD64 # Proceed to the 64-bit build -12) setenv /x64 [/release] # Must set both CPU and nmake env - ("vcvarsall.bat amd64" for Visual Studio 2012) -13) cd ..\..\.. # Back to the sources -14) nmake clean # Clean up the 32-bit objects -15) nmake [NODEBUG=1] # Build the sources for 64-bit -16) nmake install [NODEBUG=1] # Copy 64-bit lib/executables -17) cd windows\installer\wix # Back to the installer source -18) nmake clean # Remove 32-bit leavings -19) nmake # Build the 64-bit installer -20) rename kfw.msi kfw64.msi # And name it usefully +To skip building the graphical ticket manager, run "set NO_LEASH=1" +before building, and do not build the installers. + +In a 32-bit command shell: + + 1) set KRB_INSTALL_DIR=\path\to\dir # Where bin/include/lib lives + 2) cd xxx\src # Go to where source lives + 3) nmake -f Makefile.in prep-windows # Create Makefile for Windows + 4) nmake [NODEBUG=1] # Build the sources + 5) nmake install [NODEBUG=1] # Copy headers, libs, executables + 6) cd windows\installer\wix # Go to where the installer source is + 7) nmake [NODEBUG=1] # Build the installer + 8) rename kfw.msi kfw32.msi # Save the 32-bit installer + +In a 64-bit command shell: + + 9) set PATH=%PATH%;"%WindowsSdkVerBinPath%"\x86 # To get uicc.exe +10) set KRB_INSTALL_DIR=\path\to\dir # Where bin/include/lib lives +11) cd xxx\src # Go to where source lives +12) nmake clean # Clean up the 32-bit objects +13) nmake [NODEBUG=1] # Build the sources for 64-bit +14) nmake install [NODEBUG=1] # Copy 64-bit lib/executables +15) cd windows\installer\wix # Back to the installer source +16) nmake clean # Remove 32-bit leavings +17) nmake [NODEBUG=1] # Build the 64-bit installer +18) rename kfw.msi kfw64.msi # And name it usefully + +Step 9 may be skipped if uicc is already in the command-line path (try +running "uicc" to see if you get a usage message or a not-found +error), or if you are not building the graphical ticket manager. + +Visual Studio 2013 and 2015 provide only a single command prompt. +Within this prompt, use "vcvarsall.bat x86" and "vcvarsall.bat amd64" +to switch to 32-bit and 64-bit mode. Running Kerberos 5 Apps: diff -Nru krb5-1.16.2/src/windows/version.rc krb5-1.17/src/windows/version.rc --- krb5-1.16.2/src/windows/version.rc 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/version.rc 2019-01-08 16:02:37.000000000 +0000 @@ -41,7 +41,7 @@ #define K5_PRODUCT_VERSION_STRING MAJOR_MINOR MAYBE_PATCH RELTAIL "\0" #define K5_PRODUCT_VERSION KRB5_MAJOR_RELEASE, KRB5_MINOR_RELEASE, KRB5_PATCHLEVEL, KRB5_BUILDLEVEL -#define K5_COPYRIGHT "Copyright (C) 1997-2018 by the Massachusetts Institute of Technology\0" +#define K5_COPYRIGHT "Copyright (C) 1997-2019 by the Massachusetts Institute of Technology\0" #define K5_COMPANY_NAME "Massachusetts Institute of Technology.\0" /* @@ -144,50 +144,6 @@ #endif #endif /* LEASHDLL_LIB */ -#ifdef WSHELPER_LIB -#define K5_DESCRIPTION "Winsock Helper (wshelper) API - " KRB5_PRODUCTNAME_STR "\0" -#define K5_INTERNAL_NAME "wshelper\0" -#define K5_FILETYPE VFT_DLL -#if defined(_WIN64) -#define K5_ORIGINAL_NAME "wshelper64.dll\0" -#else -#define K5_ORIGINAL_NAME "wshelper32.dll\0" -#endif -#endif /* WSHELPER_LIB */ - -#ifdef KRB4_LIB -#define K5_DESCRIPTION "Kerberos v4 - " KRB5_PRODUCTNAME_STR "\0" -#define K5_INTERNAL_NAME "krb4\0" -#define K5_FILETYPE VFT_DLL -#if !defined(_WIN32) -#define K5_ORIGINAL_NAME "krb4_16.dll\0" -#else -#define K5_ORIGINAL_NAME "krb4_32.dll\0" -#endif -#endif /* KRB4 */ - -#ifdef SAPKRB_LIB -#define K5_DESCRIPTION "Kerberos v5 - " KRB5_PRODUCTNAME_STR " (for SAP)\0" -#define K5_INTERNAL_NAME "sapkrb5\0" -#define K5_FILETYPE VFT_DLL -#if !defined(_WIN32) -#define K5_ORIGINAL_NAME "sapkrb16.dll\0" -#else -#define K5_ORIGINAL_NAME "sapkrb32.dll\0" -#endif -#endif /* SAPKRB */ - -#ifdef SAPGSS_LIB -#define K5_DESCRIPTION "GSSAPI - GSS API implementation for Kerberos 5 mechanism(for SAP)\0" -#define K5_INTERNAL_NAME "sapgss\0" -#define K5_FILETYPE VFT_DLL -#if !defined(_WIN32) -#define K5_ORIGINAL_NAME "sapgss16.dll\0" -#else -#define K5_ORIGINAL_NAME "sapgss32.dll\0" -#endif -#endif /* SAPGSS */ - #ifdef KRB5_APP #define K5_DESCRIPTION "KRB5 Ticket Manager - " KRB5_PRODUCTNAME_STR "\0" #define K5_FILETYPE VFT_APP @@ -202,27 +158,6 @@ #define K5_ORIGINAL_NAME "gss.exe\0" #endif -#ifdef TELNET_APP -#define K5_DESCRIPTION "Telnet - Telnet Application for " KRB5_PRODUCTNAME_STR "\0" -#define K5_FILETYPE VFT_APP -#define K5_INTERNAL_NAME "TELNET\0" -#define K5_ORIGINAL_NAME "telnet.exe\0" -#endif - -#ifdef KRB524_LIB -#define K5_DESCRIPTION "Kerberos v5 to v4 - " KRB5_PRODUCTNAME_STR "\0" -#define K5_INTERNAL_NAME "krb524\0" -#define K5_FILETYPE VFT_DLL -#define K5_ORIGINAL_NAME "krb524.dll\0" -#endif /* KRB524_LIB */ - -#ifdef KRB524_INIT -#define K5_DESCRIPTION "Kerberos v5 to v4 Application - " KRB5_PRODUCTNAME_STR "\0" -#define K5_INTERNAL_NAME "krb524_init\0" -#define K5_FILETYPE VFT_DLL -#define K5_ORIGINAL_NAME "krb524_init.exe\0" -#endif /* KRB524_INIT */ - #ifdef MS2MIT_APP #define K5_DESCRIPTION "Microsoft LSA to MIT Credential Cache Application - " KRB5_PRODUCTNAME_STR "\0" #define K5_INTERNAL_NAME "ms2mit\0" diff -Nru krb5-1.16.2/src/windows/winlevel.h krb5-1.17/src/windows/winlevel.h --- krb5-1.16.2/src/windows/winlevel.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/winlevel.h 2019-01-08 16:02:37.000000000 +0000 @@ -24,8 +24,7 @@ */ /* - * This is the slave file for Windows version stamping purposes. -/* This value should be an ever increasing number that is + * This value should be an ever increasing number that is * updated for each alpha, beta, final release. This will ensure * that file identifiers are unique */ diff -Nru krb5-1.16.2/src/windows/wintel/auth.c krb5-1.17/src/windows/wintel/auth.c --- krb5-1.16.2/src/windows/wintel/auth.c 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/wintel/auth.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,867 +0,0 @@ -/* - * Implements Kerberos 4 authentication - */ - -#ifdef KRB4 -#include -#include -#include -#include "winsock.h" -#include "kerberos.h" -#endif -#ifdef KRB5 -#include -#include -#include "krb5.h" -#include "com_err.h" -#endif - -#include "telnet.h" -#include "telnet_arpa.h" - -#ifdef ENCRYPTION -#include "encrypt.h" -#endif - -/* - * Constants - */ -#ifdef KRB4 -#define KRB_AUTH 0 -#define KRB_REJECT 1 -#define KRB_ACCEPT 2 -#define KRB_CHALLENGE 3 -#define KRB_RESPONSE 4 -#endif -#ifdef KRB5 -#define KRB_AUTH 0 /* Authentication data follows */ -#define KRB_REJECT 1 /* Rejected (reason might follow) */ -#define KRB_ACCEPT 2 /* Accepted */ -#define KRB_RESPONSE 3 /* Response for mutual auth. */ - -#define KRB_FORWARD 4 /* Forwarded credentials follow */ -#define KRB_FORWARD_ACCEPT 5 /* Forwarded credentials accepted */ -#define KRB_FORWARD_REJECT 6 /* Forwarded credentials rejected */ -#endif - -#ifndef KSUCCESS /* Let K5 use K4 constants */ -#define KSUCCESS 0 -#define KFAILURE 255 -#endif - -/* - * Globals - */ -#ifdef KRB4 -static CREDENTIALS cred; -static KTEXT_ST auth; - -#define KRB_SERVICE_NAME "rcmd" -#define KERBEROS_VERSION KERBEROS_V4 - -static int auth_how; -static int k4_auth_send(kstream); -static int k4_auth_reply(kstream, unsigned char *, int); -#endif - -#ifdef KRB5 -static krb5_data auth; -static int auth_how; -static krb5_auth_context auth_context; -krb5_keyblock *session_key = NULL; -#ifdef FORWARD -void kerberos5_forward(kstream); -#endif - -#define KRB_SERVICE_NAME "host" -#define KERBEROS_VERSION AUTHTYPE_KERBEROS_V5 - -static int k5_auth_send(kstream, int); -static int k5_auth_reply(kstream, int, unsigned char *, int); -#endif - -static int Data(kstream, int, void *, int); - -#ifdef ENCRYPTION -BOOL encrypt_flag = 1; -#endif -#ifdef FORWARD -BOOL forward_flag = 1; /* forward tickets? */ -BOOL forwardable_flag = 1; /* get forwardable tickets to forward? */ -BOOL forwarded_tickets = 0; /* were tickets forwarded? */ -#endif - -static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0, - AUTHTYPE_KERBEROS_V5, }; - -static int -Data(kstream ks, int type, void *d, int c) -{ - unsigned char *p = str_data + 4; - unsigned char *cd = (unsigned char *)d; - - if (c == -1) - c = strlen((char *)cd); - - *p++ = AUTHTYPE_KERBEROS_V5; - *p = AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL; -#ifdef ENCRYPTION - *p |= AUTH_ENCRYPT_ON; -#endif - p++; - *p++ = type; - while (c-- > 0) { - if ((*p++ = *cd++) == IAC) - *p++ = IAC; - } - *p++ = IAC; - *p++ = SE; - - return(TelnetSend(ks, (LPSTR)str_data, p - str_data, 0)); -} - -#ifdef ENCRYPTION -/* - * Function: Enable or disable the encryption process. - * - * Parameters: - * enable - TRUE to enable, FALSE to disable. - */ -static void -auth_encrypt_enable(BOOL enable) -{ - encrypt_flag = enable; -} -#endif - -/* - * Function: Abort the authentication process - * - * Parameters: - * ks - kstream to send abort message to. - */ -static void -auth_abort(kstream ks, char *errmsg, long r) -{ - char buf[9]; - - wsprintf(buf, "%c%c%c%c%c%c%c%c", IAC, SB, TELOPT_AUTHENTICATION, - TELQUAL_IS, AUTHTYPE_NULL, - AUTHTYPE_NULL, IAC, SE); - TelnetSend(ks, (LPSTR)buf, 8, 0); - - if (errmsg != NULL) { - strTmp[sizeof(strTmp) - 1] = '\0'; - strncpy(strTmp, errmsg, sizeof(strTmp) - 1); - - if (r != KSUCCESS) { - strncat(strTmp, "\n", sizeof(strTmp) - 1 - strlen(strTmp)); -#ifdef KRB4 - lstrcat(strTmp, krb_get_err_text((int)r)); -#endif -#ifdef KRB5 - lstrcat(strTmp, error_message(r)); -#endif - } - - MessageBox(HWND_DESKTOP, strTmp, "Kerberos authentication failed!", - MB_OK | MB_ICONEXCLAMATION); - } -} - - -/* - * Function: Copy data to buffer, doubling IAC character if present. - * - * Parameters: - * kstream - kstream to send abort message to. - */ -static int -copy_for_net(unsigned char *to, unsigned char *from, int c) -{ - int n; - - n = c; - - while (c-- > 0) { - if ((*to++ = *from++) == IAC) { - n++; - *to++ = IAC; - } - } - - return n; -} - - -/* - * Function: Parse authentication send command - * - * Parameters: - * ks - kstream to send abort message to. - * - * parsedat - the sub-command data. - * - * end_sub - index of the character in the 'parsedat' array which - * is the last byte in a sub-negotiation - * - * Returns: Kerberos error code. - */ -static int -auth_send(kstream ks, unsigned char *parsedat, int end_sub) -{ - char buf[2048]; /* be sure that this is > auth.length+9 */ - char *pname; - int plen; - int r; - int i; - - auth_how = -1; - - for (i = 2; i+1 <= end_sub; i += 2) { - if (parsedat[i] == KERBEROS_VERSION) - if ((parsedat[i+1] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) { - auth_how = parsedat[i+1] & AUTH_HOW_MASK; - break; - } - } - - if (auth_how == -1) { - auth_abort(ks, NULL, 0); - return KFAILURE; - } - -#ifdef KRB4 - r = k4_auth_send(ks); -#endif /* KRB4 */ - -#ifdef KRB5 - r = k5_auth_send(ks, auth_how); -#endif /* KRB5 */ - - if (!r) - return KFAILURE; - - plen = strlen(szUserName); /* Set by k#_send if needed */ - pname = szUserName; - - wsprintf(buf, "%c%c%c%c", IAC, SB, TELOPT_AUTHENTICATION, TELQUAL_NAME); - memcpy(&buf[4], pname, plen); - wsprintf(&buf[plen + 4], "%c%c", IAC, SE); - TelnetSend(ks, (LPSTR)buf, lstrlen(pname)+6, 0); - - wsprintf(buf, "%c%c%c%c%c%c%c", IAC, SB, TELOPT_AUTHENTICATION, TELQUAL_IS, - KERBEROS_VERSION, auth_how | AUTH_WHO_CLIENT, KRB_AUTH); - -#if KRB4 - auth.length = copy_for_net(&buf[7], auth.dat, auth.length); -#endif /* KRB4 */ -#if KRB5 - auth.length = copy_for_net(&buf[7], auth.data, auth.length); -#endif /* KRB5 */ - - wsprintf(&buf[auth.length+7], "%c%c", IAC, SE); - - TelnetSend(ks, (LPSTR)buf, auth.length+9, 0); - - return KSUCCESS; -} - -/* - * Function: Parse authentication reply command - * - * Parameters: - * ks - kstream to send abort message to. - * - * parsedat - the sub-command data. - * - * end_sub - index of the character in the 'parsedat' array which - * is the last byte in a sub-negotiation - * - * Returns: Kerberos error code. - */ -static int -auth_reply(kstream ks, unsigned char *parsedat, int end_sub) -{ - int n; - -#ifdef KRB4 - n = k4_auth_reply(ks, parsedat, end_sub); -#endif - -#ifdef KRB5 - n = k5_auth_reply(ks, auth_how, parsedat, end_sub); -#endif - - return n; -} - -/* - * Function: Parse the athorization sub-options and reply. - * - * Parameters: - * ks - kstream to send abort message to. - * - * parsedat - sub-option string to parse. - * - * end_sub - last charcter position in parsedat. - */ -void -auth_parse(kstream ks, unsigned char *parsedat, int end_sub) -{ - if (parsedat[1] == TELQUAL_SEND) - auth_send(ks, parsedat, end_sub); - - if (parsedat[1] == TELQUAL_REPLY) - auth_reply(ks, parsedat, end_sub); -} - - -/* - * Function: Initialization routine called kstream encryption system. - * - * Parameters: - * str - kstream to send abort message to. - * - * data - user data. - */ -int -auth_init(kstream str, kstream_ptr data) -{ -#ifdef ENCRYPTION - encrypt_init(str, data); -#endif - return 0; -} - - -/* - * Function: Destroy routine called kstream encryption system. - * - * Parameters: - * str - kstream to send abort message to. - * - * data - user data. - */ -void -auth_destroy(kstream str) -{ -} - - -/* - * Function: Callback to encrypt a block of characters - * - * Parameters: - * out - return as pointer to converted buffer. - * - * in - the buffer to convert - * - * str - the stream being encrypted - * - * Returns: number of characters converted. - */ -int -auth_encrypt(struct kstream_data_block *out, - struct kstream_data_block *in, - kstream str) -{ - out->ptr = in->ptr; - - out->length = in->length; - - return(out->length); -} - - -/* - * Function: Callback to decrypt a block of characters - * - * Parameters: - * out - return as pointer to converted buffer. - * - * in - the buffer to convert - * - * str - the stream being encrypted - * - * Returns: number of characters converted. - */ -int -auth_decrypt(struct kstream_data_block *out, - struct kstream_data_block *in, - kstream str) -{ - out->ptr = in->ptr; - - out->length = in->length; - - return(out->length); -} - -#ifdef KRB4 -/* - * - * K4_auth_send - gets authentication bits we need to send to KDC. - * - * Result is left in auth - * - * Returns: 0 on failure, 1 on success - */ -static int -k4_auth_send(kstream ks) -{ - int r; /* Return value */ - char instance[INST_SZ]; - char *realm; - char buf[256]; - - memset(instance, 0, sizeof(instance)); - - if (realm = krb_get_phost(szHostName)) - lstrcpy(instance, realm); - - realm = krb_realmofhost(szHostName); - - if (!realm) { - strcpy(buf, "Can't find realm for host \""); - strncat(buf, szHostName, sizeof(buf) - 1 - strlen(buf)); - strncat(buf, "\"", sizeof(buf) - 1 - strlen(buf)); - auth_abort(ks, buf, 0); - return KFAILURE; - } - - r = krb_mk_req(&auth, KRB_SERVICE_NAME, instance, realm, 0); - - if (r == 0) - r = krb_get_cred(KRB_SERVICE_NAME, instance, realm, &cred); - - if (r) { - strcpy(buf, "Can't get \""); - strncat(buf, KRB_SERVICE_NAME, sizeof(buf) - 1 - strlen(buf)); - if (instance[0] != 0) { - strncat(buf, ".", sizeof(buf) - 1 - strlen(buf)); - lstrcat(buf, instance); - } - strncat(buf, "@", sizeof(buf) - 1 - strlen(buf)); - lstrcat(buf, realm); - strncat(buf, "\" ticket", sizeof(buf) - 1 - strlen(buf)); - auth_abort(ks, buf, r); - - return r; - } - - if (!szUserName[0]) /* Copy if not there */ - strcpy(szUserName, cred.pname); - - return(1); -} - -/* - * Function: K4 parse authentication reply command - * - * Parameters: - * ks - kstream to send abort message to. - * - * parsedat - the sub-command data. - * - * end_sub - index of the character in the 'parsedat' array which - * is the last byte in a sub-negotiation - * - * Returns: Kerberos error code. - */ -static int -k4_auth_reply(kstream ks, unsigned char *parsedat, int end_sub) -{ - time_t t; - int x; - char buf[512]; - int i; - des_cblock session_key; - des_key_schedule sched; - static des_cblock challenge; - - if (end_sub < 4) - return KFAILURE; - - if (parsedat[2] != KERBEROS_V4) - return KFAILURE; - - if (parsedat[4] == KRB_REJECT) { - buf[0] = 0; - - for (i = 5; i <= end_sub; i++) { - if (parsedat[i] == IAC) - break; - buf[i-5] = parsedat[i]; - buf[i-4] = 0; - } - - if (!buf[0]) - strcpy(buf, "Authentication rejected by remote machine!"); - MessageBox(HWND_DESKTOP, buf, NULL, MB_OK | MB_ICONEXCLAMATION); - - return KFAILURE; - } - - if (parsedat[4] == KRB_ACCEPT) { - if ((parsedat[3] & AUTH_HOW_MASK) == AUTH_HOW_ONE_WAY) - return KSUCCESS; - - if ((parsedat[3] & AUTH_HOW_MASK) != AUTH_HOW_MUTUAL) - return KFAILURE; - - des_key_sched(cred.session, sched); - - t = time(NULL); - memcpy(challenge, &t, 4); - memcpy(&challenge[4], &t, 4); - des_ecb_encrypt(&challenge, &session_key, sched, 1); - - /* - * Increment the challenge by 1, and encrypt it for - * later comparison. - */ - for (i = 7; i >= 0; --i) { - x = (unsigned int)challenge[i] + 1; - challenge[i] = x; /* ignore overflow */ - if (x < 256) /* if no overflow, all done */ - break; - } - - des_ecb_encrypt(&challenge, &challenge, sched, 1); - - wsprintf(buf, "%c%c%c%c%c%c%c", IAC, SB, TELOPT_AUTHENTICATION, TELQUAL_IS, - KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL, KRB_CHALLENGE); - memcpy(&buf[7], session_key, 8); - wsprintf(&buf[15], "%c%c", IAC, SE); - TelnetSend(ks, (LPSTR)buf, 17, 0); - - return KSUCCESS; - } - - if (parsedat[4] == KRB_RESPONSE) { - if (end_sub < 12) - return KFAILURE; - - if (memcmp(&parsedat[5], challenge, sizeof(challenge)) != 0) { - MessageBox(HWND_DESKTOP, "Remote machine is being impersonated!", - NULL, MB_OK | MB_ICONEXCLAMATION); - - return KFAILURE; - } - - return KSUCCESS; - } - - return KFAILURE; - -} - -#endif /* KRB4 */ - -#ifdef KRB5 - -/* - * - * K5_auth_send - gets authentication bits we need to send to KDC. - * - * Code lifted from telnet sample code in the appl directory. - * - * Result is left in auth - * - * Returns: 0 on failure, 1 on success - * - */ - -static int -k5_auth_send(kstream ks, int how) -{ - krb5_error_code r; - krb5_ccache ccache; - krb5_creds creds; - krb5_creds * new_creds; - extern krb5_flags krb5_kdc_default_options; - krb5_flags ap_opts; - char type_check[2]; - krb5_data check_data; - int len; -#ifdef ENCRYPTION - krb5_keyblock *newkey = 0; -#endif - - if (r = krb5_cc_default(k5_context, &ccache)) { - com_err(NULL, r, "while authorizing."); - return(0); - } - - memset((char *)&creds, 0, sizeof(creds)); - if (r = krb5_sname_to_principal(k5_context, szHostName, KRB_SERVICE_NAME, - KRB5_NT_SRV_HST, &creds.server)) { - com_err(NULL, r, "while authorizing."); - return(0); - } - - if (r = krb5_cc_get_principal(k5_context, ccache, &creds.client)) { - com_err(NULL, r, "while authorizing."); - krb5_free_cred_contents(k5_context, &creds); - return(0); - } - if (szUserName[0] == '\0') { /* Get user name now */ - len = krb5_princ_component(k5_context, creds.client, 0)->length; - memcpy(szUserName, - krb5_princ_component(k5_context, creds.client, 0)->data, - len); - szUserName[len] = '\0'; - } - - if (r = krb5_get_credentials(k5_context, 0, - ccache, &creds, &new_creds)) { - com_err(NULL, r, "while authorizing."); - krb5_free_cred_contents(k5_context, &creds); - return(0); - } - - ap_opts = 0; - if ((how & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) - ap_opts = AP_OPTS_MUTUAL_REQUIRED; - -#ifdef ENCRYPTION - ap_opts |= AP_OPTS_USE_SUBKEY; -#endif - - if (auth_context) { - krb5_auth_con_free(k5_context, auth_context); - auth_context = 0; - } - if ((r = krb5_auth_con_init(k5_context, &auth_context))) { - com_err(NULL, r, "while initializing auth context"); - return(0); - } - - krb5_auth_con_setflags(k5_context, auth_context, - KRB5_AUTH_CONTEXT_RET_TIME); - - type_check[0] = AUTHTYPE_KERBEROS_V5; - type_check[1] = AUTH_WHO_CLIENT| (how & AUTH_HOW_MASK); -#ifdef ENCRYPTION - type_check[1] |= AUTH_ENCRYPT_ON; -#endif - check_data.magic = KV5M_DATA; - check_data.length = 2; - check_data.data = (char *)&type_check; - - r = krb5_mk_req_extended(k5_context, &auth_context, ap_opts, - NULL, new_creds, &auth); - -#ifdef ENCRYPTION - krb5_auth_con_getlocalsubkey(k5_context, auth_context, &newkey); - if (session_key) { - krb5_free_keyblock(k5_context, session_key); - session_key = 0; - } - - if (newkey) { - /* - * keep the key in our private storage, but don't use it - * yet---see kerberos5_reply() below - */ - if ((newkey->enctype != ENCTYPE_DES_CBC_CRC) && - (newkey-> enctype != ENCTYPE_DES_CBC_MD5)) { - if ((new_creds->keyblock.enctype == ENCTYPE_DES_CBC_CRC) || - (new_creds->keyblock.enctype == ENCTYPE_DES_CBC_MD5)) - /* use the session key in credentials instead */ - krb5_copy_keyblock(k5_context, &new_creds->keyblock, &session_key); - else - ; /* What goes here? XXX */ - } else { - krb5_copy_keyblock(k5_context, newkey, &session_key); - } - krb5_free_keyblock(k5_context, newkey); - } -#endif /* ENCRYPTION */ - - krb5_free_cred_contents(k5_context, &creds); - krb5_free_creds(k5_context, new_creds); - - if (r) { - com_err(NULL, r, "while authorizing."); - return(0); - } - - return(1); -} - -/* - * - * K5_auth_reply -- checks the reply for mutual authentication. - * - * Code lifted from telnet sample code in the appl directory. - * - */ -static int -k5_auth_reply(kstream ks, int how, unsigned char *data, int cnt) -{ -#ifdef ENCRYPTION - Session_Key skey; -#endif - static int mutual_complete = 0; - - data += 4; /* Point to status byte */ - - switch (*data++) { - case KRB_REJECT: - if (cnt > 0) { - char *s; - wsprintf(strTmp, "Kerberos V5 refuses authentication because\n\t"); - s = strTmp + strlen(strTmp); - strncpy(s, data, cnt); - s[cnt] = 0; - } else - wsprintf(strTmp, "Kerberos V5 refuses authentication"); - MessageBox(HWND_DESKTOP, strTmp, "", MB_OK | MB_ICONEXCLAMATION); - - return KFAILURE; - - case KRB_ACCEPT: - if (!mutual_complete) { - if ((how & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL && !mutual_complete) { - wsprintf(strTmp, - "Kerberos V5 accepted you, but didn't provide" - " mutual authentication"); - MessageBox(HWND_DESKTOP, strTmp, "", MB_OK | MB_ICONEXCLAMATION); - return KFAILURE; - } -#ifdef ENCRYPTION - if (session_key) { - skey.type = SK_DES; - skey.length = 8; - skey.data = session_key->contents; - encrypt_session_key(&skey, 0); - } -#endif - } - -#ifdef FORWARD - if (forward_flag) - kerberos5_forward(ks); -#endif - - return KSUCCESS; - break; - - case KRB_RESPONSE: - if ((how & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { - /* the rest of the reply should contain a krb_ap_rep */ - krb5_ap_rep_enc_part *reply; - krb5_data inbuf; - krb5_error_code r; - - inbuf.length = cnt; - inbuf.data = (char *)data; - - if (r = krb5_rd_rep(k5_context, auth_context, &inbuf, &reply)) { - com_err(NULL, r, "while authorizing."); - return KFAILURE; - } - krb5_free_ap_rep_enc_part(k5_context, reply); - -#ifdef ENCRYPTION - if (encrypt_flag && session_key) { - skey.type = SK_DES; - skey.length = 8; - skey.data = session_key->contents; - encrypt_session_key(&skey, 0); - } -#endif - mutual_complete = 1; - } - return KSUCCESS; - -#ifdef FORWARD - case KRB_FORWARD_ACCEPT: - forwarded_tickets = 1; - return KSUCCESS; - - case KRB_FORWARD_REJECT: - forwarded_tickets = 0; - if (cnt > 0) { - char *s; - - wsprintf(strTmp, - "Kerberos V5 refuses forwarded credentials because\n\t"); - s = strTmp + strlen(strTmp); - strncpy(s, data, cnt); - s[cnt] = 0; - } else - wsprintf(strTmp, "Kerberos V5 refuses forwarded credentials"); - - MessageBox(HWND_DESKTOP, strTmp, "", MB_OK | MB_ICONEXCLAMATION); - return KFAILURE; -#endif /* FORWARD */ - - default: - return KFAILURE; /* Unknown reply type */ - } -} - -#ifdef FORWARD -void -kerberos5_forward(kstream ks) -{ - krb5_error_code r; - krb5_ccache ccache; - krb5_principal client = 0; - krb5_principal server = 0; - krb5_data forw_creds; - - forw_creds.data = 0; - - if ((r = krb5_cc_default(k5_context, &ccache))) { - com_err(NULL, r, "Kerberos V5: could not get default ccache"); - return; - } - - if ((r = krb5_cc_get_principal(k5_context, ccache, &client))) { - com_err(NULL, r, "Kerberos V5: could not get default principal"); - goto cleanup; - } - - if ((r = krb5_sname_to_principal(k5_context, szHostName, KRB_SERVICE_NAME, - KRB5_NT_SRV_HST, &server))) { - com_err(NULL, r, "Kerberos V5: could not make server principal"); - goto cleanup; - } - - if ((r = krb5_auth_con_genaddrs(k5_context, auth_context, ks->fd, - KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR))) { - com_err(NULL, r, "Kerberos V5: could not gen local full address"); - goto cleanup; - } - - if (r = krb5_fwd_tgt_creds(k5_context, auth_context, 0, client, server, - ccache, forwardable_flag, &forw_creds)) { - com_err(NULL, r, "Kerberos V5: error getting forwarded creds"); - goto cleanup; - } - - /* Send forwarded credentials */ - if (!Data(ks, KRB_FORWARD, forw_creds.data, forw_creds.length)) { - MessageBox(HWND_DESKTOP, - "Not enough room for authentication data", "", - MB_OK | MB_ICONEXCLAMATION); - } - -cleanup: - if (client) - krb5_free_principal(k5_context, client); - if (server) - krb5_free_principal(k5_context, server); -#if 0 /* XXX */ - if (forw_creds.data) - free(forw_creds.data); -#endif - krb5_cc_close(k5_context, ccache); -} -#endif /* FORWARD */ - -#endif /* KRB5 */ diff -Nru krb5-1.16.2/src/windows/wintel/auth.h krb5-1.17/src/windows/wintel/auth.h --- krb5-1.16.2/src/windows/wintel/auth.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/wintel/auth.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,28 +0,0 @@ -/* - * Implements Kerberos 4 authentication and ecryption - */ - -#ifndef WINTEL_AUTH_H -#define WINTEL_AUTH_H - -void auth_parse(kstream, unsigned char *, int); - -int auth_init(kstream, kstream_ptr); - -void auth_destroy(kstream); - -int auth_encrypt(struct kstream_data_block *, struct kstream_data_block *, - kstream); - -int auth_decrypt(struct kstream_data_block *, struct kstream_data_block *, - kstream); - -extern BOOL forward_flag; -extern BOOL forwardable_flag; -extern BOOL forwarded_tickets; - -#ifdef ENCRYPTION -extern BOOL encrypt_flag; -#endif - -#endif /* WINTEL_AUTH_H */ diff -Nru krb5-1.16.2/src/windows/wintel/dialog.h krb5-1.17/src/windows/wintel/dialog.h --- krb5-1.16.2/src/windows/wintel/dialog.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/wintel/dialog.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,42 +0,0 @@ -#define IDM_SHOWCONSOLE 700 - -#define IDM_OPENTELNETDLG 200 -#define TEL_CONNECT_NAME 201 -#define TEL_USEDEFAULTS 202 -#define TEL_MANUALCONFIGURE 203 -#define TEL_OK 204 -#define TEL_CANCEL 206 -#define IDC_FORWARD 207 -#define IDC_FORWARDFORWARD 208 -#define IDC_ENCRYPT 210 -#define TEL_CONNECT_USERID 211 - -#define IDM_SEND_IP 800 -#define IDM_SEND_AYT 801 -#define IDM_SEND_ABORT 802 - -#define CON_SESSIONNAME 302 -#define CON_WINDOWTITLE 304 -#define CON_COLUMNS132 305 -#define CON_COLUMNS80 306 -#define CON_BACKSPACE 307 -#define CON_DELETE 308 -#define CON_CRLF 309 -#define CON_CRNUL 310 -#define CON_BUFFERS 311 -#define CON_SENDS 312 -#define CON_OK 320 -#define CON_USEDEFAULTS 321 -#define CONFIGDLG 300 -#define CON_SCRLBCK 317 -#define CON_NUMLINES 318 - -#define PRINTQUEUE 400 - -#define IDM_PRINTQUEUE 500 - -#define TEL_PUSH1 601 -#define TEL_PUSH2 602 -#define TEL_PUSH3 603 -#define TEL_PUSH4 604 -#define TEL_PUSH5 605 diff -Nru krb5-1.16.2/src/windows/wintel/edit.c krb5-1.17/src/windows/wintel/edit.c --- krb5-1.16.2/src/windows/wintel/edit.c 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/wintel/edit.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,444 +0,0 @@ -/* edit.c */ - -#include -#include -#include -#include -#include "screen.h" - -char *cInvertedArray; -int bMouseDown = FALSE; -int bSelection; - -static int iLocStart; -static int iLocEnd; - -void Edit_LbuttonDown( - HWND hWnd, - LPARAM lParam) -{ - SCREEN *pScr; - HMENU hMenu; - int iTmp; - int iXlocStart; - int iYlocStart; - HDC hDC; - - pScr = (SCREEN *) GetWindowLong(hWnd, SCREEN_HANDLE); - assert(pScr != NULL); - - hDC = GetDC(hWnd); - for (iTmp = 0; iTmp < pScr->width * pScr->height; iTmp++) { - if (cInvertedArray[iTmp]) { - PatBlt(hDC, iTmp % pScr->width * pScr->cxChar, - (int) (iTmp / pScr->width) * pScr->cyChar, - pScr->cxChar, pScr->cyChar, DSTINVERT); - cInvertedArray[iTmp] = 0; - } - } - bSelection = FALSE; - hMenu = GetMenu(hWnd); - EnableMenuItem(hMenu, IDM_COPY, MF_GRAYED); - ReleaseDC(hWnd, hDC); - iXlocStart = (int) LOWORD(lParam) / pScr->cxChar; - if (iXlocStart >= pScr->width) - iXlocStart = pScr->width - 1; - iYlocStart = (int) HIWORD(lParam) / pScr->cyChar; - if (iYlocStart >= pScr->height) - iYlocStart = pScr->height - 1; - iLocStart = iXlocStart + iYlocStart * pScr->width; - bMouseDown = TRUE; - -} /* Edit_LbuttonDown */ - - -void Edit_LbuttonUp( - HWND hWnd, - LPARAM lParam) -{ - SCREEN *pScr; - int iTmp; - int iTmp2; - HMENU hMenu; - - bMouseDown = FALSE; - if (bSelection) - return; - bSelection = TRUE; - - pScr = (SCREEN *) GetWindowLong(hWnd, SCREEN_HANDLE); - assert(pScr != NULL); - - iTmp = (int) LOWORD(lParam) / pScr->cxChar; - if (iTmp >= pScr->width) - iTmp = pScr->width - 1; - iTmp2 = (int) HIWORD(lParam) / pScr->cyChar; - if (iTmp2 >= pScr->height) - iTmp2 = pScr->height - 1; - iLocEnd = iTmp + iTmp2 * pScr->width; - if (iLocEnd == iLocStart) { - bSelection = FALSE; - } - else { - hMenu = GetMenu(hWnd); - EnableMenuItem(hMenu, IDM_COPY, MF_ENABLED); - } - -} /* Edit_LbuttonUp */ - - -void Edit_MouseMove(HWND hWnd, LPARAM lParam){ - SCREEN *pScr; - int iTmp; - int iTmp2; - int iXlocCurr; - int iYlocCurr; - int iLocCurr; - int iX; - int iX2; - int iY; - int iY2; - SCREENLINE *pScrLine; - HDC hDC; - - pScr = (SCREEN *) GetWindowLong(hWnd, SCREEN_HANDLE); - assert(pScr != NULL); - - hDC = GetDC(hWnd); - iXlocCurr = (int) LOWORD(lParam) / pScr->cxChar; - if (iXlocCurr >= pScr->width) - iXlocCurr = pScr->width - 1; - iYlocCurr = (int) HIWORD(lParam) / pScr->cyChar; - if (iYlocCurr >= pScr->height) - iYlocCurr = pScr->height - 1; - iLocCurr = iXlocCurr + (iYlocCurr * pScr->width); - if (iLocCurr > iLocStart) { - for (iTmp=0; iTmp < iLocStart; iTmp++) { - if (cInvertedArray[iTmp]) { - PatBlt(hDC, (iTmp % pScr->width) * pScr->cxChar, - (int) (iTmp / pScr->width) * pScr->cyChar, - pScr->cxChar, pScr->cyChar, DSTINVERT); - cInvertedArray[iTmp] = 0; - } - } - iX = iLocStart % pScr->width; - iY = (int) (iLocStart / pScr->width); - iX2 = iLocCurr % pScr->width; - iY2 = (int) (iLocCurr / pScr->width); - if (iY == iY2) { - pScrLine = GetScreenLineFromY(pScr, iY); - for (iTmp2 = iX; iTmp2 < iX2; iTmp2++) { - if ((!cInvertedArray[iTmp2 + (pScr->width * iY)]) && pScrLine->text[iTmp2]) { - PatBlt(hDC, iTmp2 * pScr->cxChar, iY * pScr->cyChar, - pScr->cxChar, pScr->cyChar, DSTINVERT); - cInvertedArray[iTmp2 + (pScr->width * iY)] = pScrLine->text[iTmp2]; - } - } - } - else { - pScrLine = GetScreenLineFromY(pScr, iY); - - for (iTmp2 = iX; iTmp2 < pScr->width; iTmp2++) { - if ((!cInvertedArray[iTmp2 + (pScr->width * iY)]) && pScrLine->text[iTmp2]) { - PatBlt(hDC, iTmp2 * pScr->cxChar, iY * pScr->cyChar, - pScr->cxChar, pScr->cyChar, DSTINVERT); - cInvertedArray[iTmp2 + (pScr->width * iY)] = pScrLine->text[iTmp2]; - } - } - - for (iTmp = iY + 1; iTmp < iY2; iTmp++) { - pScrLine = GetScreenLineFromY(pScr, iTmp); - for (iTmp2 = 0; iTmp2 < pScr->width; iTmp2++) { - if ((!cInvertedArray[iTmp2 + (pScr->width * iTmp)]) && pScrLine->text[iTmp2]) { - PatBlt(hDC, iTmp2 * pScr->cxChar, iTmp * pScr->cyChar, - pScr->cxChar, pScr->cyChar, DSTINVERT); - cInvertedArray[iTmp2 + (pScr->width * iTmp)] = pScrLine->text[iTmp2]; - } - } - } - - if (iY2 != iY) { - pScrLine = GetScreenLineFromY(pScr, iY2); - for (iTmp2 = 0; iTmp2 < iX2; iTmp2++) { - if ((!cInvertedArray[iTmp2 + (pScr->width * iY2)]) && pScrLine->text[iTmp2]) { - PatBlt(hDC, iTmp2 * pScr->cxChar, iY2 * pScr->cyChar, - pScr->cxChar, pScr->cyChar, DSTINVERT); - cInvertedArray[iTmp2 + (pScr->width * iY2)] = pScrLine->text[iTmp2]; - } - } - } - } - - for (iTmp = iLocCurr; iTmp < pScr->width * pScr->height; iTmp++) { - if (cInvertedArray[iTmp]) { - PatBlt(hDC, (iTmp % pScr->width) * pScr->cxChar, (int) (iTmp / pScr->width) * pScr->cyChar, - pScr->cxChar, pScr->cyChar, DSTINVERT); - cInvertedArray[iTmp] = 0; - } - } - } - else { /* going backwards */ - for (iTmp = 0; iTmp < iLocCurr; iTmp++) { - if (cInvertedArray[iTmp]) { - PatBlt(hDC, (iTmp % pScr->width) * pScr->cxChar, (int) (iTmp / pScr->width) * pScr->cyChar, - pScr->cxChar, pScr->cyChar, DSTINVERT); - cInvertedArray[iTmp] = 0; - } - } - iX = iLocCurr % pScr->width; - iY = (int) (iLocCurr / pScr->width); - iX2 = (iLocStart % pScr->width); - iY2 = (int) (iLocStart / pScr->width); - if (iY == iY2) { - pScrLine = GetScreenLineFromY(pScr, iY); - for (iTmp2= iX; iTmp2 < iX2; iTmp2++) { - if ((!cInvertedArray[iTmp2 + (pScr->width * iY)]) && pScrLine->text[iTmp2]) { - PatBlt(hDC, iTmp2 * pScr->cxChar, iY * pScr->cyChar, - pScr->cxChar, pScr->cyChar, DSTINVERT); - cInvertedArray[iTmp2 + (pScr->width * iY)] = pScrLine->text[iTmp2]; - } - } - } - else { - pScrLine = GetScreenLineFromY(pScr, iY); - for (iTmp2 = iX; iTmp2 < pScr->width; iTmp2++) { - if ((!cInvertedArray[iTmp2 + (pScr->width * iY)]) && pScrLine->text[iTmp2]) { - PatBlt(hDC, iTmp2 * pScr->cxChar, iY * pScr->cyChar, - pScr->cxChar, pScr->cyChar, DSTINVERT); - cInvertedArray[iTmp2 + (pScr->width * iY)] = pScrLine->text[iTmp2]; - } - } - for (iTmp = iY + 1; iTmp < iY2; iTmp++) { - pScrLine = GetScreenLineFromY(pScr, iTmp); - for (iTmp2 = 0; iTmp2 < pScr->width; iTmp2++) { - if ((!cInvertedArray[iTmp2 + (pScr->width * iTmp)]) && pScrLine->text[iTmp2]) { - PatBlt(hDC, iTmp2 * pScr->cxChar, iTmp * pScr->cyChar, - pScr->cxChar, pScr->cyChar, DSTINVERT); - cInvertedArray[iTmp2 + (pScr->width * iTmp)] = pScrLine->text[iTmp2]; - } - } - } - if (iY2 != iY) { - pScrLine = GetScreenLineFromY(pScr, iY2); - for (iTmp2 = 0; iTmp2 < iX2; iTmp2++) { - if ((!cInvertedArray[iTmp2 + (pScr->width * iY2)]) && pScrLine->text[iTmp2]) { - PatBlt(hDC, iTmp2 * pScr->cxChar, iY2 * pScr->cyChar, - pScr->cxChar, pScr->cyChar, DSTINVERT); - cInvertedArray[iTmp2 + (pScr->width * iY2)] = pScrLine->text[iTmp2]; - } - } - } - } - for (iTmp = iLocStart; iTmp < pScr->width * pScr->height; iTmp++) { - if (cInvertedArray[iTmp]) { - PatBlt(hDC, (iTmp % pScr->width) * pScr->cxChar, (int) (iTmp / pScr->width) * pScr->cyChar, - pScr->cxChar, pScr->cyChar, DSTINVERT); - cInvertedArray[iTmp] = 0; - } - } - } - ReleaseDC(hWnd, hDC); -} /* Edit_MouseMove */ - - -void Edit_ClearSelection( - SCREEN *pScr) -{ - int iTmp; - HDC hDC; - HMENU hMenu; - - hDC = GetDC(pScr->hWnd); - for (iTmp = 0; iTmp < pScr->width * pScr->height; iTmp++) { - if (cInvertedArray[iTmp]) { - PatBlt(hDC, (iTmp % pScr->width) * pScr->cxChar, - (int) (iTmp / pScr->width) * pScr->cyChar, - pScr->cxChar, pScr->cyChar, DSTINVERT); - cInvertedArray[iTmp] = 0; - } - } - bSelection = FALSE; - hMenu=GetMenu(pScr->hWnd); - EnableMenuItem(hMenu, IDM_COPY, MF_GRAYED); - ReleaseDC(pScr->hWnd, hDC); -} /* Edit_ClearSelection */ - - -void Edit_Copy( - HWND hWnd) -{ - int iTmp,iIdx; - HGLOBAL hCutBuffer; - LPSTR lpCutBuffer; - SCREEN *pScr; - - pScr = (SCREEN *) GetWindowLong(hWnd, SCREEN_HANDLE); - assert(pScr != NULL); - - hCutBuffer= GlobalAlloc(GHND, (DWORD) (pScr->width * pScr->height + 1)); - lpCutBuffer= GlobalLock(hCutBuffer); - - if (iLocStart > iLocEnd) { /* swap variables */ - iTmp = iLocStart; - iLocStart = iLocEnd; - iLocEnd = iLocStart; - } - iTmp = iLocStart; - iIdx = 0; - while (iTmp < iLocEnd) { - if (!cInvertedArray[iTmp]) { - lpCutBuffer[iIdx++] = '\r'; - lpCutBuffer[iIdx++] = '\n'; - iTmp = (((int) (iTmp / pScr->width)) + 1) * pScr->width; - continue; - } - lpCutBuffer[iIdx++] = cInvertedArray[iTmp++]; - } - lpCutBuffer[iIdx] = 0; - GlobalUnlock(hCutBuffer); - OpenClipboard(hWnd); - EmptyClipboard(); - SetClipboardData(CF_TEXT, hCutBuffer); - CloseClipboard(); - -} /* Edit_Copy */ - - -void Edit_Paste( - HWND hWnd) -{ - HGLOBAL hClipMemory; - static HGLOBAL hMyClipBuffer; - LPSTR lpClipMemory; - LPSTR lpMyClipBuffer; - SCREEN *pScr; - - if (hMyClipBuffer) - GlobalFree(hMyClipBuffer); - OpenClipboard(hWnd); - hClipMemory = GetClipboardData(CF_TEXT); - hMyClipBuffer = GlobalAlloc(GHND, GlobalSize(hClipMemory)); - lpMyClipBuffer = GlobalLock(hMyClipBuffer); - lpClipMemory= GlobalLock(hClipMemory); - - pScr = (SCREEN *) GetWindowLong(hWnd, SCREEN_HANDLE); - assert(pScr != NULL); - - lstrcpy(lpMyClipBuffer, lpClipMemory); -#if 0 - OutputDebugString(lpMyClipBuffer); -#endif - PostMessage(pScr->hwndTel, WM_MYSCREENBLOCK, (WPARAM) hMyClipBuffer, (LPARAM) pScr); - CloseClipboard(); - GlobalUnlock(hClipMemory); - GlobalUnlock(hMyClipBuffer); - -} /* Edit_Paste */ - - -void Edit_LbuttonDblclk( - HWND hWnd, - LPARAM lParam) -{ - HDC hDC; - SCREEN *pScr; - int iTmp; - int iTmp2; - int iXlocStart; - int iYloc; - SCREENLINE *pScrLine; - - pScr = (SCREEN *) GetWindowLong(hWnd, SCREEN_HANDLE); - assert(pScr != NULL); - - hDC = GetDC(hWnd); - for (iTmp = 0; iTmp < pScr->width * pScr->height; iTmp++) { - if (cInvertedArray[iTmp]) { - PatBlt(hDC, (iTmp % pScr->width) * pScr->cxChar, - (int) (iTmp / pScr->width) * pScr->cyChar, - pScr->cxChar, pScr->cyChar, DSTINVERT); - cInvertedArray[iTmp] = 0; - } - } - bSelection = FALSE; - iXlocStart = (int) LOWORD(lParam) / pScr->cxChar; - if (iXlocStart >= pScr->width) - iXlocStart = pScr->width - 1; - iYloc = (int) HIWORD(lParam) / pScr->cyChar; - if (iYloc >= pScr->height) - iYloc = pScr->height - 1; - iLocStart = iXlocStart + (iYloc * pScr->width); - - pScrLine = GetScreenLineFromY(pScr, iYloc); - - iTmp = iXlocStart; - while (isalnum((int) pScrLine->text[iTmp])) { - PatBlt(hDC, iTmp * pScr->cxChar, iYloc * pScr->cyChar, - pScr->cxChar, pScr->cyChar, DSTINVERT); - cInvertedArray[iTmp + (iYloc * pScr->width)] = pScrLine->text[iTmp]; - iTmp++; - } - iTmp2 = iXlocStart - 1; - while (isalnum((int) pScrLine->text[iTmp2])) { - PatBlt(hDC, iTmp2 * pScr->cxChar, iYloc * pScr->cyChar, - pScr->cxChar, pScr->cyChar, DSTINVERT); - cInvertedArray[iTmp2 + (iYloc * pScr->width)] = pScrLine->text[iTmp2]; - iTmp2--; - } - iLocStart = (iTmp2 + 1) + (iYloc * pScr->width); - iLocEnd = iTmp + (iYloc * pScr->width); - - bSelection = TRUE; - ReleaseDC(hWnd, hDC); - -} /* Edit_LbuttonDblclk */ - - -void Edit_TripleClick( - HWND hWnd, - LPARAM lParam) -{ - HDC hDC; - SCREEN *pScr; - int iTmp; - int iYloc; - SCREENLINE *pScrLine; - -#if 0 - OutputDebugString("Triple Click \r\n"); -#endif - pScr = (SCREEN *) GetWindowLong(hWnd, SCREEN_HANDLE); - assert(pScr != NULL); - - hDC = GetDC(hWnd); - for (iTmp = 0; iTmp < pScr->width * pScr->height; iTmp++) { - if (cInvertedArray[iTmp]) { - PatBlt(hDC, (iTmp % pScr->width) * pScr->cxChar, - (int) (iTmp / pScr->width) * pScr->cyChar, - pScr->cxChar, pScr->cyChar, DSTINVERT); - cInvertedArray[iTmp] = 0; - } - } - bSelection = FALSE; - iYloc = (int) HIWORD(lParam) / pScr->cyChar; - if (iYloc >= pScr->height) - iYloc = pScr->height - 1; - iLocStart = iYloc * pScr->width; - - pScrLine = GetScreenLineFromY(pScr, iYloc); - - for (iTmp = 0; iTmp < pScr->width; iTmp++) { - if (pScrLine->text[iTmp]) { - PatBlt(hDC, iTmp * pScr->cxChar, iYloc * pScr->cyChar, - pScr->cxChar, pScr->cyChar, DSTINVERT); - cInvertedArray[iTmp + (iYloc * pScr->width)] = pScrLine->text[iTmp]; - } - else - break; - } - iLocEnd = iTmp + (iYloc * pScr->width); - - bSelection = TRUE; - ReleaseDC(hWnd, hDC); - -} /* Edit_TripleClick */ diff -Nru krb5-1.16.2/src/windows/wintel/emul.c krb5-1.17/src/windows/wintel/emul.c --- krb5-1.16.2/src/windows/wintel/emul.c 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/wintel/emul.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,766 +0,0 @@ -/* emul.c */ - -#include "windows.h" -#include "screen.h" - - -static int -ScreenEmChars(SCREEN *pScr, char *c, int len) -{ - /* - * Function: Send a string of characters to the screen. Placement - * continues as long as the stream of characters does not contain any - * control chracters or cause wrapping to another line. When a control - * character is encountered or wrapping occurs, display stops and a - * count of the number of characters is returned. - * - * Parameters: - * pScr - the screen to place the characters on. - * c - the string of characters to place on the screen. - * len - the number of characters contained in the string - * - * Returns: The number of characters actually placed on the screen. - */ - - int insert; - int ocount; - int attrib; - int extra; - int nchars; - char *acurrent; /* place to put attributes */ - char *current; /* place to put characters */ - char *start; - SCREENLINE *pScrLine; - - if (len <= 0) - return(0); - - if (pScr->x != pScr->width - 1) - pScr->bWrapPending = FALSE; - else { - if (pScr->bWrapPending) { - pScr->x = 0; - pScr->bWrapPending = FALSE; - ScreenIndex(pScr); - } - } - - pScrLine = GetScreenLineFromY(pScr, pScr->y); - if (pScrLine == NULL) - return(0); - - current = &pScrLine->text[pScr->x]; - acurrent = &pScrLine->attrib[pScr->x]; - start = current; - ocount = pScr->x; - extra = 0; - - attrib = pScr->attrib; - insert = pScr->IRM; - - for (nchars = 0; nchars < len && *c >= 32; nchars++) { - if (insert) - ScreenInsChar(pScr, 1); - - *current = *c; - *acurrent = (char) attrib; - c++; - if (pScr->x < pScr->width - 1) { - acurrent++; - current++; - pScr->x++; - } - else { - extra = 1; - if (pScr->DECAWM) { - pScr->bWrapPending = TRUE; - nchars++; - break; - } - } - } - - ScreenDraw(pScr, ocount, pScr->y, pScr->attrib, - pScr->x - ocount + extra, start); - - return(nchars); -} - - -void -ScreenEm(LPSTR c, int len, SCREEN *pScr) -{ - int escflg; /* vt100 escape level */ - RECT rc; - unsigned int ic; - char stat[20]; - int i; - int nchars; - - if (pScr->screen_bottom != pScr->buffer_bottom) { - ScreenUnscroll(pScr); - InvalidateRect(pScr->hWnd, NULL, TRUE); - SetScrollPos(pScr->hWnd, SB_VERT, pScr->numlines, TRUE); - } - - ScreenCursorOff(pScr); - escflg = pScr->escflg; - -#ifdef UM - if (pScr->localprint && len > 0) { /* see if printer needs anything */ - pcount = send_localprint(c, len); - len -= pcount; - c += pcount; - } -#endif - - while (len > 0) { - /* - * look at first character in the vt100 string, if it is a - * non-printable ascii code - */ - while((*c < 32) && (escflg == 0) && (len > 0)) { - switch(*c) { - - case 0x1b: /* ESC found (begin vt100 control sequence) */ - escflg++; - break; - - case -1: /* IAC from telnet session */ - escflg = 6; - break; - -#ifdef CISB - case 0x05: /* CTRL-E found (answerback) */ - bp_ENQ(); - break; -#endif - - case 0x07: /* CTRL-G found (bell) */ - ScreenBell(pScr); - break; - - case 0x08: /* CTRL-H found (backspace) */ - ScreenBackspace(pScr); - break; - - case 0x09: /* CTRL-I found (tab) */ - ScreenTab(pScr); /* Later change for versatile tabbing */ - break; - - case 0x0a: /* CTRL-J found (line feed) */ - case 0x0b: /* CTRL-K found (treat as line feed) */ - case 0x0c: /* CTRL-L found (treat as line feed) */ - ScreenIndex(pScr); - break; - - case 0x0d: /* CTRL-M found (carriage feed) */ - ScreenCarriageFeed(pScr); - break; - -#if 0 - case 0x0e: /* CTRL-N found (invoke Graphics (G1) character set) */ - if (pScr->G1) - pScr->attrib = VSgraph(pScr->attrib); - else - pScr->attrib = VSnotgraph(pScr->attrib); - pScr->charset = 1; - break; - - case 0x0f: /* CTRL-O found (invoke 'normal' (G0) character set) */ - if(pScr->G0) - pScr->attrib = VSgraph(pScr->attrib); - else - pScr->attrib = VSnotgraph(pScr->attrib); - pScr->charset = 0; - break; -#endif - -#ifdef CISB - case 0x10: /* CTRL-P found (undocumented in vt100) */ - bp_DLE(c, len); - len = 0; - break; -#endif - -#if 0 - case 0x11: /* CTRL-Q found (XON) (unused presently) */ - case 0x13: /* CTRL-S found (XOFF) (unused presently) */ - case 0x18: /* CTRL-X found (CAN) (unused presently) */ - case 0x1a: /* CTRL-Z found (SUB) (unused presently) */ - break; -#endif - } - - c++; /* advance to the next character in the string */ - len--; /* decrement the counter */ - } - - if (escflg == 0) { /* check for normal character to print */ - nchars = ScreenEmChars(pScr, c, len); - c += nchars; - len -= nchars; - } - - while ((len > 0) && (escflg == 1)) { /* ESC character was found */ - switch(*c) { - - case 0x08: /* CTRL-H found (backspace) */ - ScreenBackspace(pScr); - break; - - /* - * mostly cursor movement options, and DEC private stuff following - */ - case '[': - ScreenApClear(pScr); - escflg = 2; - break; - - case '#': /* various screen adjustments */ - escflg = 3; - break; - - case '(': /* G0 character set options */ - escflg = 4; - break; - - case ')': /* G1 character set options */ - escflg = 5; - break; - - case '>': /* keypad numeric mode (DECKPAM) */ - pScr->DECPAM = 0; - escflg = 0; - break; - - case '=': /* keypad application mode (DECKPAM) */ - pScr->DECPAM = 1; - escflg = 0; - break; - - case '7': /* save cursor (DECSC) */ - ScreenSaveCursor(pScr); - escflg = 0; - break; - - case '8': /* restore cursor (DECRC) */ - ScreenRestoreCursor(pScr); - escflg = 0; - break; - -#if 0 - case 'c': /* reset to initial state (RIS) */ - ScreenReset(pScr); - escflg = 0; - break; -#endif - - case 'D': /* index (move down one line) (IND) */ - ScreenIndex(pScr); - escflg = 0; - break; - - case 'E': /* next line (move down one line and to first column) (NEL) */ - pScr->x = 0; - ScreenIndex(pScr); - escflg = 0; - break; - - case 'H': /* horizontal tab set (HTS) */ - pScr->tabs[pScr->x] = 'x'; - escflg = 0; - break; - -#ifdef CISB - case 'I': /* undoumented in vt100 */ - bp_ESC_I(); - break; -#endif - - case 'M': /* reverse index (move up one line) (RI) */ - ScreenRevIndex(pScr); - escflg = 0; - break; - - case 'Z': /* identify terminal (DECID) */ - escflg = 0; - break; - - default: - /* put the ESC character into the Screen */ - ScreenEmChars(pScr, "\033", 1); - /* put the next character into the Screen */ - ScreenEmChars(pScr, c, 1); - escflg = 0; - break; - - } /* end switch */ - - c++; - len--; - } - - while((escflg == 2) && (len > 0)) { /* '[' handling */ - switch(*c) { - - case 0x08: /* backspace */ - ScreenBackspace(pScr); - break; - - case '0': - case '1': - case '2': - case '3': - case '4': - case '5': - case '6': - case '7': - case '8': - case '9': /* numeric parameters */ - if (pScr->parms[pScr->parmptr] < 0) - pScr->parms[pScr->parmptr] = 0; - pScr->parms[pScr->parmptr] *= 10; - pScr->parms[pScr->parmptr] += *c - '0'; - break; - - case '?': /* vt100 mode change */ - pScr->parms[pScr->parmptr++] = -2; - break; - - case ';': /* parameter divider */ - pScr->parmptr++; - break; - - case 'A': /* cursor up (CUU) */ - pScr->bWrapPending = FALSE; - rc.left = pScr->x * pScr->cxChar; - rc.right = (pScr->x + 1) * pScr->cxChar; - rc.top = pScr->cyChar * pScr->y; - rc.bottom = pScr->cyChar * (pScr->y + 1); - InvalidateRect(pScr->hWnd, &rc, TRUE); - if (pScr->parms[0] < 1) - pScr->y--; - else - pScr->y -= pScr->parms[0]; - if(pScr->y < pScr->top) - pScr->y = pScr->top; - ScreenRange(pScr); - escflg = 0; - SendMessage(pScr->hWnd, WM_PAINT, 0, 0); - break; - - case 'B': /* cursor down (CUD) */ - pScr->bWrapPending = FALSE; - rc.left = pScr->x * pScr->cxChar; - rc.right = (pScr->x + 1) * pScr->cxChar; - rc.top = pScr->cyChar * pScr->y; - rc.bottom = pScr->cyChar * (pScr->y + 1); - InvalidateRect(pScr->hWnd, &rc, TRUE); - if (pScr->parms[0] < 1) - pScr->y++; - else - pScr->y += pScr->parms[0]; - if (pScr->y > pScr->bottom) - pScr->y = pScr->bottom; - ScreenRange(pScr); - escflg = 0; - SendMessage(pScr->hWnd, WM_PAINT, 0, 0); - break; - - case 'C': /* cursor forward (right) (CUF) */ - pScr->bWrapPending = FALSE; - rc.left = pScr->x * pScr->cxChar; - rc.right = (pScr->x + 1) * pScr->cxChar; - rc.top = pScr->cyChar * pScr->y; - rc.bottom = pScr->cyChar * (pScr->y +1); - InvalidateRect(pScr->hWnd, &rc, TRUE); - if(pScr->parms[0] < 1) - pScr->x++; - else - pScr->x += pScr->parms[0]; - ScreenRange(pScr); - if (pScr->x > pScr->width) - pScr->x = pScr->width; - escflg = 0; - SendMessage(pScr->hWnd, WM_PAINT, 0, 0); - break; - - case 'D': /* cursor backward (left) (CUB) */ - pScr->bWrapPending = FALSE; - rc.left = pScr->x * pScr->cxChar; - rc.right = (pScr->x + 1) * pScr->cxChar; - rc.top = pScr->cyChar * pScr->y; - rc.bottom = pScr->cyChar * (pScr->y + 1); - InvalidateRect(pScr->hWnd, &rc, TRUE); - if(pScr->parms[0] < 1) - pScr->x--; - else - pScr->x -= pScr->parms[0]; - ScreenRange(pScr); - escflg = 0; - SendMessage(pScr->hWnd, WM_PAINT, 0, 0); - break; - - case 'f': /* horizontal & vertical position (HVP) */ - case 'H': /* cursor position (CUP) */ - pScr->bWrapPending = FALSE; - rc.left = pScr->x * pScr->cxChar; - rc.right = (pScr->x + 1) * pScr->cxChar; - rc.top = pScr->cyChar * pScr->y; - rc.bottom = pScr->cyChar * (pScr->y + 1); - InvalidateRect(pScr->hWnd, &rc, TRUE); - pScr->x = pScr->parms[1] - 1; - pScr->y = pScr->parms[0] - 1; - ScreenRange(pScr); /* make certain the cursor position is valid */ - escflg = 0; - SendMessage(pScr->hWnd, WM_PAINT, 0, 0); - break; - - case 'J': /* erase in display (ED) */ - switch(pScr->parms[0]) { - - case -1: - case 0: /* erase from active position to end of screen */ - ScreenEraseToEndOfScreen(pScr); - break; - case 1: /* erase from start of screen to active position */ -#if 0 - ScreenEraseToPosition(pScr); -#endif - break; - - case 2: /* erase whole screen */ - ScreenEraseScreen(pScr); - break; - - default: - break; - } - - escflg = 0; - break; - - case 'K': /* erase in line (EL) */ - switch(pScr->parms[0]) { - case -1: - case 0: /* erase to end of line */ - ScreenEraseToEOL(pScr); - break; - - case 1: /* erase to beginning of line */ - ScreenEraseToBOL(pScr); - break; - - case 2: /* erase whole line */ - ScreenEraseLine(pScr, -1); - break; - - default: - break; - } - - escflg = 0; - break; - - case 'L': /* insert n lines preceding current line (IL) */ - if (pScr->parms[0] < 1) - pScr->parms[0] = 1; - ScreenInsLines(pScr, pScr->parms[0], -1); - escflg = 0; - break; - - case 'M': /* delete n lines from current position downward (DL) */ - if (pScr->parms[0] < 1) - pScr->parms[0] = 1; - ScreenDelLines(pScr, pScr->parms[0], -1); - escflg = 0; - break; - - case 'P': /* delete n chars from cursor to the left (DCH) */ - if (pScr->parms[0] < 1) - pScr->parms[0] = 1; - ScreenDelChars(pScr, pScr->parms[0]); - escflg = 0; - break; - -#if 0 - case 'R': /* receive cursor position status from host */ - break; -#endif - -#if 0 - case 'c': /* device attributes (DA) */ - ScreenSendIdent(); - escflg = 0; - break; -#endif - - case 'g': /* tabulation clear (TBC) */ - if (pScr->parms[0] == 3)/* clear all tabs */ - ScreenTabClear(pScr); - else - if (pScr->parms[0] <= 0) /* clear tab stop at active position */ - pScr->tabs[pScr->x] = ' '; - escflg = 0; - break; - - case 'h': /* set mode (SM) */ - ScreenSetOption(pScr,1); - escflg = 0; - break; - - case 'i': /* toggle printer */ -#if 0 - if(pScr->parms[pScr->parmptr] == 5) - pScr->localprint = 1; - else if (pScr->parms[pScr->parmptr] == 4) - pScr->localprint = 0; -#endif - escflg = 0; - break; - - case 'l': /* reset mode (RM) */ - ScreenSetOption(pScr,0); - escflg = 0; - break; - - case 'm': /* select graphics rendition (SGR) */ - { - int temp = 0; - - while (temp <= pScr->parmptr) { - if (pScr->parms[temp] < 1) - pScr->attrib &= 128; - else - pScr->attrib |= 1 << (pScr->parms[temp] - 1); - temp++; - } - } - escflg = 0; - break; - - case 'n': /* device status report (DSR) */ - switch (pScr->parms[0]) { -#if 0 - case 0: /* response from vt100; ready, no malfunctions */ - case 3: /* response from vt100; malfunction, retry */ -#endif - case 5: /* send status */ - case 6: /* send active position */ - wsprintf(stat, "\033[%d;%dR", pScr->y + 1, pScr->x + 1); - for (i = 0; stat[i]; i++) - SendMessage(pScr->hwndTel, WM_MYSCREENCHAR, - stat[i], (LPARAM) pScr); - break; - } /* end switch */ - escflg = 0; - break; - - case 'q': /* load LEDs (unsupported) (DECLL) */ - escflg = 0; - break; - - case 'r': /* set top & bottom margins (DECSTBM) */ - if (pScr->parms[0] < 0) - pScr->top = 0; - else - pScr->top = pScr->parms[0] - 1; - if (pScr->parms[1] < 0) - pScr->bottom = pScr->height - 1; - else - pScr->bottom = pScr->parms[1] - 1; - if (pScr->top < 0) - pScr->top = 0; - if (pScr->top > pScr->height-1) - pScr->top = pScr->height-1; - if (pScr->bottom < 1) - pScr->bottom = pScr->height; - if (pScr->bottom >= pScr->height) - pScr->bottom = pScr->height - 1; - if (pScr->top >= pScr->bottom) {/* check for valid scrolling region */ - if (pScr->bottom >= 1) /* - * assume the bottom value has - * precedence, unless it is as the - * top of the screen - */ - pScr->top = pScr->bottom - 1; - else /* totally psychotic case, bottom of screen set to the very top line, move the bottom to below the top */ - pScr->bottom = pScr->top + 1; - } - pScr->x = 0; - pScr->y = 0; -#if 0 - if (pScr->DECORG) - pScr->y = pScr->top; /* origin mode relative */ -#endif - escflg = 0; - break; - -#if 0 - case 'x': /* request/report terminal parameters - (DECREQTPARM/DECREPTPARM) */ - case 'y': /* invoke confidence test (DECTST) */ - break; -#endif - - default: - escflg = 0; - break; - - } - - c++; - len--; - -#if 0 - if (pScr->localprint && (len > 0)) { /* see if printer needs anything */ - pcount = send_localprint(c, len); - len -= pcount; - c += pcount; - } -#endif - } - - while ((escflg == 3) && (len > 0)) { /* # Handling */ - switch (*c) { - case 0x08: /* backspace */ - ScreenBackspace(pScr); - break; - -#if 0 - case '3': /* top half of double line (DECDHL) */ - case '4': /* bottom half of double line (DECDHL) */ - case '5': /* single width line (DECSWL) */ - case '6': /* double width line (DECDWL) */ - break; -#endif - - case '8': /* screen alignment display (DECALN) */ - ScreenAlign(pScr); - escflg = 0; - break; - - default: - escflg = 0; - break; - - } - - c++; - len--; - } - - while ((escflg == 4) && (len > 0)) { /* ( Handling (GO character set) */ - switch (*c) { - - case 0x08: /* backspace */ - ScreenBackspace(pScr); - break; - -#if 0 - case 'A': /* united kingdom character set (unsupported) */ - case 'B': /* ASCII character set */ - case '1': /* choose standard graphics (same as ASCII) */ - pScr->G0 = 0; - if (!pScr->charset) - pScr->attrib = ScreenNotGraph(pScr->attrib); - escflg = 0; - break; - - case '0': /* choose special graphics set */ - case '2': /* alternate character set (special graphics) */ - pScr->G0 = 1; - if(!pScr->charset) - pScr->attrib = ScreenGraph(pScr->attrib); - escflg = 0; - break; -#endif - - default: - escflg = 0; - break; - } - - c++; - len--; - - } /* end while */ - - while((escflg == 5) && (len > 0)) { /* ) Handling (G1 handling) */ - switch (*c) { - - case 0x08: /* backspace */ - ScreenBackspace(pScr); - break; - -#if 0 - case 'A': /* united kingdom character set (unsupported) */ - case 'B': /* ASCII character set */ - case '1': /* choose standard graphics (same as ASCII) */ - pScr->G1 = 0; - if (pScr->charset) - pScr->attrib = ScreenNotGraph(pScr->attrib); - escflg = 0; - break; - - case '0': /* choose special graphics set */ - case '2': /* alternate character set (special graphics) */ - pScr->G1 = 1; - if(pScr->charset) - pScr->attrib = ScreenGraph(pScr->attrib); - escflg = 0; - break; -#endif - - default: - escflg = 0; - break; - } /* end switch */ - - c++; - len--; - } /* end while */ - - while ((escflg >= 6) && (escflg <= 10) && (len > 0)) { /* Handling IAC */ - ic = (unsigned char) *c; - switch (escflg) { - - case 6: /* Handling IAC xx */ - if (ic == 255) /* if IAC */ - escflg = 0; - else if (ic == 250) /* if SB */ - escflg = 7; - else - escflg = 9; - break; - - case 7: /* Handling IAC SB xx */ - if (ic == 255) /* if IAC */ - escflg = 8; - break; - - case 8: /* Handling IAC SB IAC xx */ - if (ic == 255) /* if IAC IAC */ - escflg = 7; - else if (ic == 240) /* if IAC SE */ - escflg = 0; - break; - - case 9: /* IAC xx xx */ - escflg = 0; - break; - } - c++; /* advance to the next character in the string */ - len--; /* decrement the counter */ - } - - if (escflg > 2 && escflg < 6 && len > 0) { - escflg = 0; - c++; - len--; - } - } - pScr->escflg = escflg; - ScreenCursorOn(pScr); -} diff -Nru krb5-1.16.2/src/windows/wintel/enc_des.c krb5-1.17/src/windows/wintel/enc_des.c --- krb5-1.16.2/src/windows/wintel/enc_des.c 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/wintel/enc_des.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,725 +0,0 @@ -/*- - * Copyright (c) 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* based on @(#)enc_des.c 8.1 (Berkeley) 6/4/93 */ - -#ifdef ENCRYPTION - -#include "telnet_arpa.h" -#include -#include - -#include "telnet.h" - -#include "encrypt.h" - -#define CFB 0 -#define OFB 1 - -#define NO_SEND_IV 1 -#define NO_RECV_IV 2 -#define NO_KEYID 4 -#define IN_PROGRESS (NO_SEND_IV|NO_RECV_IV|NO_KEYID) -#define SUCCESS 0 -#define xFAILED -1 - - -struct fb { - Block krbdes_key; - Schedule krbdes_sched; - Block temp_feed; - unsigned char fb_feed[64]; - int need_start; - int state[2]; - int keyid[2]; - int once; - struct stinfo { - Block str_output; - Block str_feed; - Block str_iv; - Block str_ikey; - Schedule str_sched; - int str_index; - int str_flagshift; - } streams[2]; -}; - -static struct fb fb[2]; - -struct keyidlist { - char *keyid; - int keyidlen; - char *key; - int keylen; - int flags; -} keyidlist [] = { - { "\0", 1, 0, 0, 0 }, /* default key of zero */ - { 0, 0, 0, 0, 0 } -}; - -#define KEYFLAG_MASK 03 - -#define KEYFLAG_NOINIT 00 -#define KEYFLAG_INIT 01 -#define KEYFLAG_OK 02 -#define KEYFLAG_BAD 03 - -#define KEYFLAG_SHIFT 2 - -#define SHIFT_VAL(a,b) (KEYFLAG_SHIFT*((a)+((b)*2))) - -#define FB64_IV 1 -#define FB64_IV_OK 2 -#define FB64_IV_BAD 3 - -extern kstream EncryptKSGlobalHack; - -void fb64_stream_iv (Block, struct stinfo *); -void fb64_init (struct fb *); -static int fb64_start (struct fb *, int, int); -int fb64_is (unsigned char *, int, struct fb *); -int fb64_reply (unsigned char *, int, struct fb *); -static void fb64_session (Session_Key *, int, struct fb *); -void fb64_stream_key (Block, struct stinfo *); -int fb64_keyid (int, unsigned char *, int *, struct fb *); - - void -cfb64_init(server) - int server; -{ - fb64_init(&fb[CFB]); - fb[CFB].fb_feed[4] = ENCTYPE_DES_CFB64; - fb[CFB].streams[0].str_flagshift = SHIFT_VAL(0, CFB); - fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, CFB); -} - - void -ofb64_init(server) - int server; -{ - fb64_init(&fb[OFB]); - fb[OFB].fb_feed[4] = ENCTYPE_DES_OFB64; - fb[CFB].streams[0].str_flagshift = SHIFT_VAL(0, OFB); - fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, OFB); -} - - void -fb64_init(fbp) - register struct fb *fbp; -{ - memset((void *)fbp, 0, sizeof(*fbp)); - fbp->state[0] = fbp->state[1] = xFAILED; - fbp->fb_feed[0] = IAC; - fbp->fb_feed[1] = SB; - fbp->fb_feed[2] = TELOPT_ENCRYPT; - fbp->fb_feed[3] = ENCRYPT_IS; -} - -/* - * Returns: - * -1: some error. Negotiation is done, encryption not ready. - * 0: Successful, initial negotiation all done. - * 1: successful, negotiation not done yet. - * 2: Not yet. Other things (like getting the key from - * Kerberos) have to happen before we can continue. - */ - int -cfb64_start(dir, server) - int dir; - int server; -{ - return(fb64_start(&fb[CFB], dir, server)); -} - int -ofb64_start(dir, server) - int dir; - int server; -{ - return(fb64_start(&fb[OFB], dir, server)); -} - - static int -fb64_start(fbp, dir, server) - struct fb *fbp; - int dir; - int server; -{ - int x; - unsigned char *p; - register int state; - - switch (dir) { - case DIR_DECRYPT: - /* - * This is simply a request to have the other side - * start output (our input). He will negotiate an - * IV so we need not look for it. - */ - state = fbp->state[dir-1]; - if (state == xFAILED) - state = IN_PROGRESS; - break; - - case DIR_ENCRYPT: - state = fbp->state[dir-1]; - if (state == xFAILED) - state = IN_PROGRESS; - else if ((state & NO_SEND_IV) == 0) - break; - - if (!VALIDKEY(fbp->krbdes_key)) { - fbp->need_start = 1; - break; - } - state &= ~NO_SEND_IV; - state |= NO_RECV_IV; - /* - * Create a random feed and send it over. - */ - des_new_random_key(fbp->temp_feed); - des_ecb_encrypt(fbp->temp_feed, fbp->temp_feed, - fbp->krbdes_sched, 1); - p = fbp->fb_feed + 3; - *p++ = ENCRYPT_IS; - p++; - *p++ = FB64_IV; - for (x = 0; x < sizeof(Block); ++x) { - if ((*p++ = fbp->temp_feed[x]) == IAC) - *p++ = IAC; - } - *p++ = IAC; - *p++ = SE; -#ifdef DEBUG - printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]); -#endif - TelnetSend(EncryptKSGlobalHack, fbp->fb_feed, p - fbp->fb_feed, 0); - break; - default: - return(xFAILED); - } - return(fbp->state[dir-1] = state); -} - -/* - * Returns: - * -1: some error. Negotiation is done, encryption not ready. - * 0: Successful, initial negotiation all done. - * 1: successful, negotiation not done yet. - */ - int -cfb64_is(data, cnt) - unsigned char *data; - int cnt; -{ - return(fb64_is(data, cnt, &fb[CFB])); -} - int -ofb64_is(data, cnt) - unsigned char *data; - int cnt; -{ - return(fb64_is(data, cnt, &fb[OFB])); -} - - int -fb64_is(data, cnt, fbp) - unsigned char *data; - int cnt; - struct fb *fbp; -{ - unsigned char *p; - register int state = fbp->state[DIR_DECRYPT-1]; - - if (cnt-- < 1) - goto failure; - - switch (*data++) { - case FB64_IV: - if (cnt != sizeof(Block)) { -#ifdef DEBUG - if (encrypt_debug_mode) - printf("CFB64: initial vector failed on size\r\n"); -#endif - state = xFAILED; - goto failure; - } - -#ifdef DEBUG - if (encrypt_debug_mode) { - printf("CFB64: initial vector received\r\n"); - printf("Initializing Decrypt stream\r\n"); - } -#endif - fb64_stream_iv((void *)data, &fbp->streams[DIR_DECRYPT-1]); - - p = fbp->fb_feed + 3; - *p++ = ENCRYPT_REPLY; - p++; - *p++ = FB64_IV_OK; - *p++ = IAC; - *p++ = SE; -#ifdef DEBUG - printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]); -#endif - TelnetSend(EncryptKSGlobalHack, fbp->fb_feed, p - fbp->fb_feed, 0); - - state = fbp->state[DIR_DECRYPT-1] = IN_PROGRESS; - break; - - default: -#if 0 - if (encrypt_debug_mode) { - printf("Unknown option type: %d\r\n", *(data-1)); - printd(data, cnt); - printf("\r\n"); - } -#endif - /* FALL THROUGH */ - failure: - /* - * We failed. Send an FB64_IV_BAD option - * to the other side so it will know that - * things failed. - */ - p = fbp->fb_feed + 3; - *p++ = ENCRYPT_REPLY; - p++; - *p++ = FB64_IV_BAD; - *p++ = IAC; - *p++ = SE; -#ifdef DEBUG - printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]); -#endif - TelnetSend(EncryptKSGlobalHack, fbp->fb_feed, p - fbp->fb_feed, 0); - - break; - } - return(fbp->state[DIR_DECRYPT-1] = state); -} - -/* - * Returns: - * -1: some error. Negotiation is done, encryption not ready. - * 0: Successful, initial negotiation all done. - * 1: successful, negotiation not done yet. - */ - int -cfb64_reply(data, cnt) - unsigned char *data; - int cnt; -{ - return(fb64_reply(data, cnt, &fb[CFB])); -} - int -ofb64_reply(data, cnt) - unsigned char *data; - int cnt; -{ - return(fb64_reply(data, cnt, &fb[OFB])); -} - - - int -fb64_reply(data, cnt, fbp) - unsigned char *data; - int cnt; - struct fb *fbp; -{ - register int state = fbp->state[DIR_ENCRYPT-1]; - - if (cnt-- < 1) - goto failure; - - switch (*data++) { - case FB64_IV_OK: - fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]); - if (state == xFAILED) - state = IN_PROGRESS; - state &= ~NO_RECV_IV; - encrypt_send_keyid(DIR_ENCRYPT, (unsigned char *)"\0", 1, 1); - break; - - case FB64_IV_BAD: - memset(fbp->temp_feed, 0, sizeof(Block)); - fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]); - state = xFAILED; - break; - - default: -#if 0 - if (encrypt_debug_mode) { - printf("Unknown option type: %d\r\n", data[-1]); - printd(data, cnt); - printf("\r\n"); - } -#endif - /* FALL THROUGH */ - failure: - state = xFAILED; - break; - } - return(fbp->state[DIR_ENCRYPT-1] = state); -} - - void -cfb64_session(key, server) - Session_Key *key; - int server; -{ - fb64_session(key, server, &fb[CFB]); -} - - void -ofb64_session(key, server) - Session_Key *key; - int server; -{ - fb64_session(key, server, &fb[OFB]); -} - - static void -fb64_session(key, server, fbp) - Session_Key *key; - int server; - struct fb *fbp; -{ - - if (!key || key->type != SK_DES) { -#ifdef DEBUG - if (encrypt_debug_mode) - printf("Can't set krbdes's session key (%d != %d)\r\n", - key ? key->type : -1, SK_DES); -#endif - return; - } - memcpy((void *)fbp->krbdes_key, (void *)key->data, sizeof(Block)); - - fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_ENCRYPT-1]); - fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_DECRYPT-1]); - - if (fbp->once == 0) { - des_init_random_number_generator(fbp->krbdes_key); - fbp->once = 1; - } - des_key_sched(fbp->krbdes_key, fbp->krbdes_sched); - /* - * Now look to see if krbdes_start() was was waiting for - * the key to show up. If so, go ahead an call it now - * that we have the key. - */ - if (fbp->need_start) { - fbp->need_start = 0; - fb64_start(fbp, DIR_ENCRYPT, server); - } -} - -/* - * We only accept a keyid of 0. If we get a keyid of - * 0, then mark the state as SUCCESS. - */ - int -cfb64_keyid(dir, kp, lenp) - int dir, *lenp; - unsigned char *kp; -{ - return(fb64_keyid(dir, kp, lenp, &fb[CFB])); -} - - int -ofb64_keyid(dir, kp, lenp) - int dir, *lenp; - unsigned char *kp; -{ - return(fb64_keyid(dir, kp, lenp, &fb[OFB])); -} - - int -fb64_keyid(dir, kp, lenp, fbp) - int dir, *lenp; - unsigned char *kp; - struct fb *fbp; -{ - register int state = fbp->state[dir-1]; - - if (*lenp != 1 || (*kp != '\0')) { - *lenp = 0; - return(state); - } - - if (state == xFAILED) - state = IN_PROGRESS; - - state &= ~NO_KEYID; - - return(fbp->state[dir-1] = state); -} - -#if 0 - void -fb64_printsub(data, cnt, buf, buflen, type) - unsigned char *data, *buf, *type; - int cnt, buflen; -{ - char lbuf[32]; - register int i; - char *cp; - - buf[buflen-1] = '\0'; /* make sure it's NULL terminated */ - buflen -= 1; - - switch(data[2]) { - case FB64_IV: - sprintf(lbuf, "%s_IV", type); - cp = lbuf; - goto common; - - case FB64_IV_OK: - sprintf(lbuf, "%s_IV_OK", type); - cp = lbuf; - goto common; - - case FB64_IV_BAD: - sprintf(lbuf, "%s_IV_BAD", type); - cp = lbuf; - goto common; - - default: - sprintf(lbuf, " %d (unknown)", data[2]); - cp = lbuf; - common: - for (; (buflen > 0) && (*buf = *cp++); buf++) - buflen--; - for (i = 3; i < cnt; i++) { - sprintf(lbuf, " %d", data[i]); - for (cp = lbuf; (buflen > 0) && (*buf = *cp++); buf++) - buflen--; - } - break; - } -} - - void -cfb64_printsub(data, cnt, buf, buflen) - unsigned char *data, *buf; - int cnt, buflen; -{ - fb64_printsub(data, cnt, buf, buflen, "CFB64"); -} - - void -ofb64_printsub(data, cnt, buf, buflen) - unsigned char *data, *buf; - int cnt, buflen; -{ - fb64_printsub(data, cnt, buf, buflen, "OFB64"); -} -#endif - - void -fb64_stream_iv(seed, stp) - Block seed; - register struct stinfo *stp; -{ - - memcpy((void *)stp->str_iv, (void *)seed, sizeof(Block)); - memcpy((void *)stp->str_output, (void *)seed, sizeof(Block)); - - des_key_sched(stp->str_ikey, stp->str_sched); - - stp->str_index = sizeof(Block); -} - - void -fb64_stream_key(key, stp) - Block key; - register struct stinfo *stp; -{ - memcpy((void *)stp->str_ikey, (void *)key, sizeof(Block)); - des_key_sched(key, stp->str_sched); - - memcpy((void *)stp->str_output, (void *)stp->str_iv, sizeof(Block)); - - stp->str_index = sizeof(Block); -} - -/* - * DES 64 bit Cipher Feedback - * - * key --->+-----+ - * +->| DES |--+ - * | +-----+ | - * | v - * INPUT --(--------->(+)+---> DATA - * | | - * +-------------+ - * - * - * Given: - * iV: Initial vector, 64 bits (8 bytes) long. - * Dn: the nth chunk of 64 bits (8 bytes) of data to encrypt (decrypt). - * On: the nth chunk of 64 bits (8 bytes) of encrypted (decrypted) output. - * - * V0 = DES(iV, key) - * On = Dn ^ Vn - * V(n+1) = DES(On, key) - */ - - void -cfb64_encrypt(s, c) - register unsigned char *s; - int c; -{ - register struct stinfo *stp = &fb[CFB].streams[DIR_ENCRYPT-1]; - register int index; - - index = stp->str_index; - while (c-- > 0) { - if (index == sizeof(Block)) { - Block b; - des_ecb_encrypt(stp->str_output, b, stp->str_sched, 1); - memcpy((void *)stp->str_feed,(void *)b,sizeof(Block)); - index = 0; - } - - /* On encryption, we store (feed ^ data) which is cypher */ - *s = stp->str_output[index] = (stp->str_feed[index] ^ *s); - s++; - index++; - } - stp->str_index = index; -} - - int -cfb64_decrypt(data) - int data; -{ - register struct stinfo *stp = &fb[CFB].streams[DIR_DECRYPT-1]; - int index; - - if (data == -1) { - /* - * Back up one byte. It is assumed that we will - * never back up more than one byte. If we do, this - * may or may not work. - */ - if (stp->str_index) - --stp->str_index; - return(0); - } - - index = stp->str_index++; - if (index == sizeof(Block)) { - Block b; - des_ecb_encrypt(stp->str_output, b, stp->str_sched, 1); - memcpy((void *)stp->str_feed, (void *)b, sizeof(Block)); - stp->str_index = 1; /* Next time will be 1 */ - index = 0; /* But now use 0 */ - } - - /* On decryption we store (data) which is cypher. */ - stp->str_output[index] = data; - return(data ^ stp->str_feed[index]); -} - -/* - * DES 64 bit Output Feedback - * - * key --->+-----+ - * +->| DES |--+ - * | +-----+ | - * +-----------+ - * v - * INPUT -------->(+) ----> DATA - * - * Given: - * iV: Initial vector, 64 bits (8 bytes) long. - * Dn: the nth chunk of 64 bits (8 bytes) of data to encrypt (decrypt). - * On: the nth chunk of 64 bits (8 bytes) of encrypted (decrypted) output. - * - * V0 = DES(iV, key) - * V(n+1) = DES(Vn, key) - * On = Dn ^ Vn - */ - void -ofb64_encrypt(s, c) - register unsigned char *s; - int c; -{ - register struct stinfo *stp = &fb[OFB].streams[DIR_ENCRYPT-1]; - register int index; - - index = stp->str_index; - while (c-- > 0) { - if (index == sizeof(Block)) { - Block b; - des_ecb_encrypt(stp->str_feed, b, stp->str_sched, 1); - memcpy((void *)stp->str_feed,(void *)b,sizeof(Block)); - index = 0; - } - *s++ ^= stp->str_feed[index]; - index++; - } - stp->str_index = index; -} - - int -ofb64_decrypt(data) - int data; -{ - register struct stinfo *stp = &fb[OFB].streams[DIR_DECRYPT-1]; - int index; - - if (data == -1) { - /* - * Back up one byte. It is assumed that we will - * never back up more than one byte. If we do, this - * may or may not work. - */ - if (stp->str_index) - --stp->str_index; - return(0); - } - - index = stp->str_index++; - if (index == sizeof(Block)) { - Block b; - des_ecb_encrypt(stp->str_feed, b, stp->str_sched, 1); - memcpy((void *)stp->str_feed, (void *)b, sizeof(Block)); - stp->str_index = 1; /* Next time will be 1 */ - index = 0; /* But now use 0 */ - } - - return(data ^ stp->str_feed[index]); -} - -#endif /* ENCRYPTION */ diff -Nru krb5-1.16.2/src/windows/wintel/enc_des.h krb5-1.17/src/windows/wintel/enc_des.h --- krb5-1.16.2/src/windows/wintel/enc_des.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/wintel/enc_des.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,120 +0,0 @@ -/*- - * Copyright (c) 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)enc-proto.h 8.1 (Berkeley) 6/4/93 - */ - -/* - * Copyright (C) 1990 by the Massachusetts Institute of Technology - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ -#ifdef ENCRYPTION -void encrypt_init (char *, int); -Encryptions *findencryption (int); -void encrypt_auto (int); -void decrypt_auto (int); -void encrypt_is (unsigned char *, int); -void encrypt_reply (unsigned char *, int); -void encrypt_start_input (int); -void encrypt_session_key (Session_Key *, int); -void encrypt_end_input (void); -void encrypt_start_output (int); -void encrypt_end_output (void); -void encrypt_send_request_start (void); -void encrypt_send_request_end (void); -void encrypt_send_end (void); -void encrypt_wait (void); -int encrypt_is_encrypting (void); -void encrypt_send_support (void); -void encrypt_send_keyid (int, unsigned char *, int, int); -int net_write (unsigned char *, int); - -#ifdef TELENTD -void encrypt_wait (void); -#else -int encrypt_cmd (int, char **); -void encrypt_display (void); -#endif - -void krbdes_encrypt (unsigned char *, int); -int krbdes_decrypt (int); -int krbdes_is (unsigned char *, int); -int krbdes_reply (unsigned char *, int); -void krbdes_init (int); -int krbdes_start (int, int); -void krbdes_session (Session_Key *, int); -void krbdes_printsub (unsigned char *, int, unsigned char *, int); - -void cfb64_encrypt (unsigned char *, int); -int cfb64_decrypt (int); -void cfb64_init (int); -int cfb64_start (int, int); -int cfb64_is (unsigned char *, int); -int cfb64_reply (unsigned char *, int); -void cfb64_session (Session_Key *, int); -int cfb64_keyid (int, unsigned char *, int *); -void cfb64_printsub (unsigned char *, int, unsigned char *, int); - -void ofb64_encrypt (unsigned char *, int); -int ofb64_decrypt (int); -void ofb64_init (int); -int ofb64_start (int, int); -int ofb64_is (unsigned char *, int); -int ofb64_reply (unsigned char *, int); -void ofb64_session (Session_Key *, int); -int ofb64_keyid (int, unsigned char *, int *); -void ofb64_printsub (unsigned char *, int, unsigned char *, int); - -int des_new_random_key (Block); -void des_set_random_generator_seed (Block); -void des_key_sched (Block, Schedule); -void des_ecb_encrypt (Block, Block, Schedule, int); -int des_string_to_key (char *, Block); -#endif /* ENCRYPTION */ diff -Nru krb5-1.16.2/src/windows/wintel/encrypt.c krb5-1.17/src/windows/wintel/encrypt.c --- krb5-1.16.2/src/windows/wintel/encrypt.c 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/wintel/encrypt.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,999 +0,0 @@ -/* - * Copyright (c) 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* based on @(#)encrypt.c 8.1 (Berkeley) 6/4/93 */ - -/* - * Copyright (C) 1990 by the Massachusetts Institute of Technology - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#ifdef ENCRYPTION - -#include - -#define isprefix(a, b) (!strncmp((a), (b), strlen(b))) - -#ifdef KRB4 -#include -#include -#include -#include "winsock.h" -#include "kerberos.h" -#endif -#ifdef KRB5 -#include -#include -#include "krb5.h" -#include "com_err.h" -#endif - -#include "telnet.h" -#include "encrypt.h" - -#define ENCRYPT_NAMES -#include "telnet_arpa.h" - -/* - * These function pointers point to the current routines - * for encrypting and decrypting data. - */ -void (*encrypt_output) (unsigned char *, int); -int (*decrypt_input) (int); - -#ifdef DEBUG -int encrypt_debug_mode = 1; -int encrypt_verbose = 1; -#else -int encrypt_verbose = 0; -#endif - -static char dbgbuf [10240]; - -static int decrypt_mode = 0; -static int encrypt_mode = 0; -static int autoencrypt = 1; -static int autodecrypt = 1; -static int havesessionkey = 0; - -kstream EncryptKSGlobalHack = NULL; - -#define typemask(x) ((x) > 0 ? 1 << ((x)-1) : 0) - -static long i_support_encrypt = - typemask(ENCTYPE_DES_CFB64) | typemask(ENCTYPE_DES_OFB64); -static long i_support_decrypt = - typemask(ENCTYPE_DES_CFB64) | typemask(ENCTYPE_DES_OFB64); -static long i_wont_support_encrypt = 0; -static long i_wont_support_decrypt = 0; -#define I_SUPPORT_ENCRYPT (i_support_encrypt & ~i_wont_support_encrypt) -#define I_SUPPORT_DECRYPT (i_support_decrypt & ~i_wont_support_decrypt) - -static long remote_supports_encrypt = 0; -static long remote_supports_decrypt = 0; - -static Encryptions encryptions[] = { - { "DES_CFB64", - ENCTYPE_DES_CFB64, - cfb64_encrypt, - cfb64_decrypt, - cfb64_init, - cfb64_start, - cfb64_is, - cfb64_reply, - cfb64_session, - cfb64_keyid, - NULL }, - { "DES_OFB64", - ENCTYPE_DES_OFB64, - ofb64_encrypt, - ofb64_decrypt, - ofb64_init, - ofb64_start, - ofb64_is, - ofb64_reply, - ofb64_session, - ofb64_keyid, - NULL }, - { 0, }, -}; - -static unsigned char str_send[64] = { IAC, SB, TELOPT_ENCRYPT, - ENCRYPT_SUPPORT }; -static unsigned char str_suplen = 0; -static unsigned char str_start[72] = { IAC, SB, TELOPT_ENCRYPT }; -static unsigned char str_end[] = { IAC, SB, TELOPT_ENCRYPT, 0, IAC, SE }; - -void encrypt_request_end(void); -void encrypt_request_start(unsigned char *, int); -void encrypt_enc_keyid(unsigned char *, int); -void encrypt_dec_keyid(unsigned char *, int); -void encrypt_support(unsigned char *, int); -void encrypt_start(unsigned char *, int); -void encrypt_end(void); - -int encrypt_ks_stream(struct kstream_data_block *, /* output */ - struct kstream_data_block *, /* input */ - struct kstream *); - -int decrypt_ks_stream(struct kstream_data_block *, /* output */ - struct kstream_data_block *, /* input */ - struct kstream *); - -int -encrypt_ks_stream(struct kstream_data_block *i, - struct kstream_data_block *o, - struct kstream *ks) -{ - - /* - * this is really quite bogus, since it does an in-place encryption... - */ - if (encrypt_output) { - encrypt_output(i->ptr, i->length); - return 1; - } - - return 0; -} - - -int -decrypt_ks_stream(struct kstream_data_block *i, - struct kstream_data_block *o, - struct kstream *ks) -{ - unsigned int len; - /* - * this is really quite bogus, since it does an in-place decryption... - */ - if (decrypt_input) { - for (len = 0 ; len < i->length ; len++) - ((unsigned char *)i->ptr)[len] - = decrypt_input(((unsigned char *)i->ptr)[len]); - return 1; - } - - return 0; -} - -int -decrypt_ks_hack(unsigned char *buf, int cnt) -{ - int len; - /* - * this is really quite bogus, since it does an in-place decryption... - */ - for (len = 0 ; len < cnt ; len++) - buf[len] = decrypt_input(buf[len]); - -#ifdef DEBUG - hexdump("hack:", buf, cnt); -#endif - return 1; -} - -#ifdef DEBUG -int -printsub(char c, unsigned char *s, size_t len) -{ - size_t i; - char *p = dbgbuf; - - *p++ = c; - - for (i = 0 ; (i < len) && (p - dbgbuf + 3 < sizeof(dbgbuf)) ; i++) - p += sprintf(p, "%02x ", s[i]); - dbgbuf[sizeof(dbgbuf) - 1] = '\0'; - - strncat(p, "\n", sizeof(dbgbuf) - 1 - (p - dbgbuf)); - - OutputDebugString(dbgbuf); - - return 0; -} -#endif - -/* - * parsedat[0] == the suboption we might be negoating, - */ -void -encrypt_parse(kstream ks, unsigned char *parsedat, int end_sub) -{ - char *p = dbgbuf; - -#ifdef DEBUG - printsub('<', parsedat, end_sub); -#endif - - switch(parsedat[1]) { - case ENCRYPT_START: - encrypt_start(parsedat + 2, end_sub - 2); - break; - case ENCRYPT_END: - encrypt_end(); - break; - case ENCRYPT_SUPPORT: - encrypt_support(parsedat + 2, end_sub - 2); - break; - case ENCRYPT_REQSTART: - encrypt_request_start(parsedat + 2, end_sub - 2); - break; - case ENCRYPT_REQEND: - /* - * We can always send an REQEND so that we cannot - * get stuck encrypting. We should only get this - * if we have been able to get in the correct mode - * anyhow. - */ - encrypt_request_end(); - break; - case ENCRYPT_IS: - encrypt_is(parsedat + 2, end_sub - 2); - break; - case ENCRYPT_REPLY: - encrypt_reply(parsedat + 2, end_sub - 2); - break; - case ENCRYPT_ENC_KEYID: - encrypt_enc_keyid(parsedat + 2, end_sub - 2); - break; - case ENCRYPT_DEC_KEYID: - encrypt_dec_keyid(parsedat + 2, end_sub - 2); - break; - default: - break; - } -} - -/* XXX */ -Encryptions * -findencryption(type) - int type; -{ - Encryptions *ep = encryptions; - - if (!(I_SUPPORT_ENCRYPT & remote_supports_decrypt & typemask(type))) - return(0); - while (ep->type && ep->type != type) - ++ep; - return(ep->type ? ep : 0); -} - -Encryptions * -finddecryption(int type) -{ - Encryptions *ep = encryptions; - - if (!(I_SUPPORT_DECRYPT & remote_supports_encrypt & typemask(type))) - return(0); - while (ep->type && ep->type != type) - ++ep; - return(ep->type ? ep : 0); -} - -#define MAXKEYLEN 64 - -static struct key_info { - unsigned char keyid[MAXKEYLEN]; - int keylen; - int dir; - int *modep; - Encryptions *(*getcrypt)(); -} ki[2] = { - { { 0 }, 0, DIR_ENCRYPT, &encrypt_mode, findencryption }, - { { 0 }, 0, DIR_DECRYPT, &decrypt_mode, finddecryption }, -}; - -void -encrypt_init(kstream iks, kstream_ptr data) -{ - Encryptions *ep = encryptions; - - i_support_encrypt = i_support_decrypt = 0; - remote_supports_encrypt = remote_supports_decrypt = 0; - encrypt_mode = 0; - decrypt_mode = 0; - encrypt_output = NULL; - decrypt_input = NULL; - - str_suplen = 4; - - EncryptKSGlobalHack = iks; - - while (ep->type) { -#ifdef DEBUG - if (encrypt_debug_mode) { - sprintf(dbgbuf, ">>>I will support %s\n", - ENCTYPE_NAME(ep->type)); - OutputDebugString(dbgbuf); - } -#endif - i_support_encrypt |= typemask(ep->type); - i_support_decrypt |= typemask(ep->type); - if ((i_wont_support_decrypt & typemask(ep->type)) == 0) - if ((str_send[str_suplen++] = ep->type) == IAC) - str_send[str_suplen++] = IAC; - if (ep->init) - (*ep->init)(0); - ++ep; - } - str_send[str_suplen++] = IAC; - str_send[str_suplen++] = SE; -} - -void -encrypt_send_support() -{ - if (str_suplen) { - /* - * If the user has requested that decryption start - * immediatly, then send a "REQUEST START" before - * we negotiate the type. - */ - if (autodecrypt) - encrypt_send_request_start(); - TelnetSend(EncryptKSGlobalHack, str_send, str_suplen, 0); - -#ifdef DEBUG - printsub('>', &str_send[2], str_suplen - 2); -#endif - - str_suplen = 0; - } -} - -/* - * Called when ENCRYPT SUPPORT is received. - */ -void -encrypt_support(typelist, cnt) - unsigned char *typelist; - int cnt; -{ - register int type, use_type = 0; - Encryptions *ep; - - /* - * Forget anything the other side has previously told us. - */ - remote_supports_decrypt = 0; - - while (cnt-- > 0) { - type = *typelist++; -#ifdef DEBUG - if (encrypt_debug_mode) { - sprintf(dbgbuf, ">>>Remote supports %s (%d)\n", - ENCTYPE_NAME(type), type); - OutputDebugString(dbgbuf); - } -#endif - if ((type < ENCTYPE_CNT) && - (I_SUPPORT_ENCRYPT & typemask(type))) { - remote_supports_decrypt |= typemask(type); - if (use_type == 0) - use_type = type; - } - } - if (use_type) { - ep = findencryption(use_type); - if (!ep) - return; - type = ep->start ? (*ep->start)(DIR_ENCRYPT, 0) : 0; -#ifdef DEBUG - if (encrypt_debug_mode) { - sprintf(dbgbuf, ">>>(*ep->start)() %s returned %d (%s)\n", - ENCTYPE_NAME(use_type), type, ENCRYPT_NAME(type)); - OutputDebugString(dbgbuf); - } -#endif - if (type < 0) - return; - encrypt_mode = use_type; - if (type == 0) - encrypt_start_output(use_type); - } -} - -void -encrypt_is(data, cnt) - unsigned char *data; - int cnt; -{ - Encryptions *ep; - register int type, ret; - - if (--cnt < 0) - return; - type = *data++; - if (type < ENCTYPE_CNT) - remote_supports_encrypt |= typemask(type); - if (!(ep = finddecryption(type))) { -#ifdef DEBUG - if (encrypt_debug_mode) { - sprintf(dbgbuf, ">>>encrypt_reply: " - "Can't find type %s (%d) for initial negotiation\n", - ENCTYPE_NAME_OK(type) - ? ENCTYPE_NAME(type) : "(unknown)", - type); - OutputDebugString(dbgbuf); - } -#endif - return; - } - if (!ep->is) { -#ifdef DEBUG - if (encrypt_debug_mode) { - sprintf(dbgbuf, ">>>encrypt_reply: " - "No initial negotiation needed for type %s (%d)\n", - ENCTYPE_NAME_OK(type) - ? ENCTYPE_NAME(type) : "(unknown)", - type); - OutputDebugString(dbgbuf); - } -#endif - ret = 0; - } else { - ret = (*ep->is)(data, cnt); -#ifdef DEBUG - if (encrypt_debug_mode) { - sprintf(dbgbuf, "encrypt_reply: " - "(*ep->is)(%x, %d) returned %s(%d)\n", data, cnt, - (ret < 0) ? "FAIL " : - (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret); - OutputDebugString(dbgbuf); - } -#endif - } - if (ret < 0) { - autodecrypt = 0; - } else { - decrypt_mode = type; - if (ret == 0 && autodecrypt) - encrypt_send_request_start(); - } -} - -void -encrypt_reply(data, cnt) - unsigned char *data; - int cnt; -{ - Encryptions *ep; - register int ret, type; - - if (--cnt < 0) - return; - type = *data++; - if (!(ep = findencryption(type))) { -#ifdef DEBUG - if (encrypt_debug_mode) { - sprintf(dbgbuf, ">>>Can't find type %s (%d) for initial negotiation\n", - ENCTYPE_NAME_OK(type) - ? ENCTYPE_NAME(type) : "(unknown)", - type); - OutputDebugString(dbgbuf); - } -#endif - return; - } - if (!ep->reply) { -#ifdef DEBUG - if (encrypt_debug_mode) { - sprintf(dbgbuf, ">>>No initial negotiation needed for type %s (%d)\n", - ENCTYPE_NAME_OK(type) - ? ENCTYPE_NAME(type) : "(unknown)", - type); - OutputDebugString(dbgbuf); - } -#endif - ret = 0; - } else { - ret = (*ep->reply)(data, cnt); -#ifdef DEBUG - if (encrypt_debug_mode) { - sprintf(dbgbuf, "(*ep->reply)(%x, %d) returned %s(%d)\n", - data, cnt, - (ret < 0) ? "FAIL " : - (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret); - OutputDebugString(dbgbuf); - } -#endif - } -#ifdef DEBUG - if (encrypt_debug_mode) { - sprintf(dbgbuf, ">>>encrypt_reply returned %d\n", ret); - OutputDebugString(dbgbuf); - } -#endif - if (ret < 0) { - autoencrypt = 0; - } else { - encrypt_mode = type; - if (ret == 0 && autoencrypt) - encrypt_start_output(type); - } -} - -/* - * Called when a ENCRYPT START command is received. - */ -void -encrypt_start(data, cnt) - unsigned char *data; - int cnt; -{ - Encryptions *ep; - - if (!decrypt_mode) { - /* - * Something is wrong. We should not get a START - * command without having already picked our - * decryption scheme. Send a REQUEST-END to - * attempt to clear the channel... - */ - /* printf("Warning, Cannot decrypt input stream!!!\n"); */ - encrypt_send_request_end(); - MessageBox(NULL, "Warning, Cannot decrypt input stream!!!", NULL, - MB_OK | MB_ICONEXCLAMATION); - return; - } - - if (ep = finddecryption(decrypt_mode)) { - extern BOOL encrypt_flag; - - decrypt_input = ep->input; - EncryptKSGlobalHack->decrypt = decrypt_ks_stream; - encrypt_flag = 2; /* XXX hack */ - - if (encrypt_verbose) { - sprintf(dbgbuf, "[ Input is now decrypted with type %s ]\n", - ENCTYPE_NAME(decrypt_mode)); - OutputDebugString(dbgbuf); - } -#ifdef DEBUG - if (encrypt_debug_mode) { - sprintf(dbgbuf, ">>>Start to decrypt input with type %s\n", - ENCTYPE_NAME(decrypt_mode)); - OutputDebugString(dbgbuf); - } -#endif - } else { - char buf[1024]; - wsprintf(buf, "Warning, Cannot decrypt type %s (%d)!!!", - ENCTYPE_NAME_OK(decrypt_mode) - ? ENCTYPE_NAME(decrypt_mode) : "(unknown)", - decrypt_mode); - MessageBox(NULL, buf, NULL, MB_OK | MB_ICONEXCLAMATION); - encrypt_send_request_end(); - } -} - -void -encrypt_session_key(key, server) - Session_Key *key; - int server; -{ - Encryptions *ep = encryptions; - - havesessionkey = 1; - - while (ep->type) { - if (ep->session) - (*ep->session)(key, server); -#if defined(notdef) - if (!encrypt_output && autoencrypt && !server) - encrypt_start_output(ep->type); - if (!decrypt_input && autodecrypt && !server) - encrypt_send_request_start(); -#endif - ++ep; - } -} - -/* - * Called when ENCRYPT END is received. - */ -void -encrypt_end() -{ - decrypt_input = NULL; - EncryptKSGlobalHack->decrypt = NULL; -#ifdef DEBUG - if (encrypt_debug_mode) { - sprintf(dbgbuf, ">>>Input is back to clear text\n"); - OutputDebugString(dbgbuf); - } -#endif - if (encrypt_verbose) { - sprintf(dbgbuf, "[ Input is now clear text ]\n"); - OutputDebugString(dbgbuf); - } -} - -/* - * Called when ENCRYPT REQUEST-END is received. - */ -void -encrypt_request_end() -{ - encrypt_send_end(); -} - -/* - * Called when ENCRYPT REQUEST-START is received. If we receive - * this before a type is picked, then that indicates that the - * other side wants us to start encrypting data as soon as we - * can. - */ -void -encrypt_request_start(data, cnt) - unsigned char *data; - int cnt; -{ - if (encrypt_mode == 0) { - return; - } - encrypt_start_output(encrypt_mode); -} - -static unsigned char str_keyid[(MAXKEYLEN*2)+5] = { IAC, SB, TELOPT_ENCRYPT }; - -void -encrypt_keyid(); - -void -encrypt_enc_keyid(keyid, len) - unsigned char *keyid; - int len; -{ - encrypt_keyid(&ki[1], keyid, len); -} - -void -encrypt_dec_keyid(keyid, len) - unsigned char *keyid; - int len; -{ - encrypt_keyid(&ki[0], keyid, len); -} - -void -encrypt_keyid(kp, keyid, len) - struct key_info *kp; - unsigned char *keyid; - int len; -{ - Encryptions *ep; - int dir = kp->dir; - register int ret = 0; - - if (!(ep = (*kp->getcrypt)(*kp->modep))) { - if (len == 0) - return; - kp->keylen = 0; - } else if (len == 0) { - /* - * Empty option, indicates a failure. - */ - if (kp->keylen == 0) - return; - kp->keylen = 0; - if (ep->keyid) - (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen); - - } else if ((len != kp->keylen) || (memcmp(keyid, kp->keyid, len) != 0)) { - /* - * Length or contents are different - */ - kp->keylen = len; - memcpy(kp->keyid, keyid, len); - if (ep->keyid) - (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen); - } else { - if (ep->keyid) - ret = (*ep->keyid)(dir, kp->keyid, &kp->keylen); - if ((ret == 0) && (dir == DIR_ENCRYPT) && autoencrypt) - encrypt_start_output(*kp->modep); - return; - } - - encrypt_send_keyid(dir, kp->keyid, kp->keylen, 0); -} - -void -encrypt_send_keyid(dir, keyid, keylen, saveit) - int dir; - unsigned char *keyid; - int keylen; - int saveit; -{ - unsigned char *strp; - - str_keyid[3] = (dir == DIR_ENCRYPT) - ? ENCRYPT_ENC_KEYID : ENCRYPT_DEC_KEYID; - if (saveit) { - struct key_info *kp = &ki[(dir == DIR_ENCRYPT) ? 0 : 1]; - memcpy(kp->keyid, keyid, keylen); - kp->keylen = keylen; - } - - for (strp = &str_keyid[4]; keylen > 0; --keylen) { - if ((*strp++ = *keyid++) == IAC) - *strp++ = IAC; - } - *strp++ = IAC; - *strp++ = SE; - TelnetSend(EncryptKSGlobalHack, str_keyid, strp - str_keyid, 0); - -#ifdef DEBUG - printsub('>', &str_keyid[2], strp - str_keyid - 2); -#endif - -} - -void -encrypt_auto(on) - int on; -{ - if (on < 0) - autoencrypt ^= 1; - else - autoencrypt = on ? 1 : 0; -} - -void -decrypt_auto(on) - int on; -{ - if (on < 0) - autodecrypt ^= 1; - else - autodecrypt = on ? 1 : 0; -} - -void -encrypt_start_output(type) - int type; -{ - Encryptions *ep; - register unsigned char *p; - register int i; - - if (!(ep = findencryption(type))) { -#ifdef DEBUG - if (encrypt_debug_mode) { - sprintf(dbgbuf, ">>>Can't encrypt with type %s (%d)\n", - ENCTYPE_NAME_OK(type) - ? ENCTYPE_NAME(type) : "(unknown)", - type); - OutputDebugString(dbgbuf); - } -#endif - return; - } - if (ep->start) { - i = (*ep->start)(DIR_ENCRYPT, 0); -#ifdef DEBUG - if (encrypt_debug_mode) { - sprintf(dbgbuf, ">>>Encrypt start: %s (%d) %s\n", - (i < 0) ? "failed" : - "initial negotiation in progress", - i, ENCTYPE_NAME(type)); - OutputDebugString(dbgbuf); - } -#endif - if (i) - return; - } - p = str_start + 3; - *p++ = ENCRYPT_START; - for (i = 0; i < ki[0].keylen; ++i) { - if ((*p++ = ki[0].keyid[i]) == IAC) - *p++ = IAC; - } - *p++ = IAC; - *p++ = SE; - TelnetSend(EncryptKSGlobalHack, str_start, p - str_start, 0); -#ifdef DEBUG - printsub('>', &str_start[2], p - &str_start[2]); -#endif - - /* - * If we are already encrypting in some mode, then - * encrypt the ring (which includes our request) in - * the old mode, mark it all as "clear text" and then - * switch to the new mode. - */ - encrypt_output = ep->output; - EncryptKSGlobalHack->encrypt = encrypt_ks_stream; - encrypt_mode = type; -#ifdef DEBUG - if (encrypt_debug_mode) { - sprintf(dbgbuf, ">>>Started to encrypt output with type %s\n", - ENCTYPE_NAME(type)); - OutputDebugString(dbgbuf); - } -#endif - if (encrypt_verbose) { - sprintf(dbgbuf, "[ Output is now encrypted with type %s ]\n", - ENCTYPE_NAME(type)); - OutputDebugString(dbgbuf); - } -} - -void -encrypt_send_end() -{ - if (!encrypt_output) - return; - - str_end[3] = ENCRYPT_END; - TelnetSend(EncryptKSGlobalHack, str_end, sizeof(str_end), 0); -#ifdef DEBUG - printsub('>', &str_end[2], sizeof(str_end) - 2); -#endif - - /* - * Encrypt the output buffer now because it will not be done by - * netflush... - */ - encrypt_output = 0; - EncryptKSGlobalHack->encrypt = NULL; -#ifdef DEBUG - if (encrypt_debug_mode) { - sprintf(dbgbuf, ">>>Output is back to clear text\n"); - OutputDebugString(dbgbuf); - } -#endif - if (encrypt_verbose) { - sprintf(dbgbuf, "[ Output is now clear text ]\n"); - OutputDebugString(dbgbuf); - } -} - -void -encrypt_send_request_start() -{ - register unsigned char *p; - register int i; - - p = &str_start[3]; - *p++ = ENCRYPT_REQSTART; - for (i = 0; i < ki[1].keylen; ++i) { - if ((*p++ = ki[1].keyid[i]) == IAC) - *p++ = IAC; - } - *p++ = IAC; - *p++ = SE; - TelnetSend(EncryptKSGlobalHack, str_start, p - str_start, 0); -#ifdef DEBUG - printsub('>', &str_start[2], p - &str_start[2]); - - if (encrypt_debug_mode) { - sprintf(dbgbuf, ">>>Request input to be encrypted\n"); - OutputDebugString(dbgbuf); - } -#endif -} - -void -encrypt_send_request_end() -{ - str_end[3] = ENCRYPT_REQEND; - TelnetSend(EncryptKSGlobalHack, str_end, sizeof(str_end), 0); -#ifdef DEBUG - printsub('>', &str_end[2], sizeof(str_end) - 2); - - if (encrypt_debug_mode) { - sprintf(dbgbuf, ">>>Request input to be clear text\n"); - OutputDebugString(dbgbuf); - } -#endif -} - -int encrypt_is_encrypting() -{ - if (encrypt_output && decrypt_input) - return 1; - return 0; -} - -#ifdef DEBUG -void -encrypt_debug(mode) - int mode; -{ - encrypt_debug_mode = mode; -} -#endif - -#if 0 -void -encrypt_gen_printsub(data, cnt, buf, buflen) - unsigned char *data, *buf; - int cnt, buflen; -{ - char tbuf[16], *cp; - - cnt -= 2; - data += 2; - buf[buflen-1] = '\0'; - buf[buflen-2] = '*'; - buflen -= 2;; - for (; cnt > 0; cnt--, data++) { - sprintf(tbuf, " %d", *data); - for (cp = tbuf; *cp && buflen > 0; --buflen) - *buf++ = *cp++; - if (buflen <= 0) - return; - } - *buf = '\0'; -} - -void -encrypt_printsub(data, cnt, buf, buflen) - unsigned char *data, *buf; - int cnt, buflen; -{ - Encryptions *ep; - register int type = data[1]; - - for (ep = encryptions; ep->type && ep->type != type; ep++) - ; - - if (ep->printsub) - (*ep->printsub)(data, cnt, buf, buflen); - else - encrypt_gen_printsub(data, cnt, buf, buflen); -} -#endif - -#endif /* ENCRYPTION */ diff -Nru krb5-1.16.2/src/windows/wintel/encrypt.h krb5-1.17/src/windows/wintel/encrypt.h --- krb5-1.16.2/src/windows/wintel/encrypt.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/wintel/encrypt.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,178 +0,0 @@ -/*- - * Copyright (c) 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)encrypt.h 8.1 (Berkeley) 6/4/93 - */ - -/* - * Copyright (C) 1990 by the Massachusetts Institute of Technology - * - * Export of this software from the United States of America may - * require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. Furthermore if you modify this software you must label - * your software as modified software and not distribute it in such a - * fashion that it might be confused with the original M.I.T. software. - * M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#ifdef ENCRYPTION - -#ifndef __ENCRYPTION__ -#define __ENCRYPTION__ - -#define DIR_DECRYPT 1 -#define DIR_ENCRYPT 2 - -typedef unsigned char Block[8]; -typedef unsigned char *BlockT; -typedef struct { Block _; } Schedule[16]; - -#define VALIDKEY(key) ( key[0] | key[1] | key[2] | key[3] | key[4] | key[5] | key[6] | key[7]) - -#define SAMEKEY(k1, k2) (!memcmp((void *)k1, (void *)k2, sizeof(Block))) - -typedef struct { - short type; - int length; - unsigned char *data; -} Session_Key; - -#ifdef DEBUG -int printsub(char, unsigned char *, size_t); -#endif - -void encrypt_parse(kstream, unsigned char *, int); - -typedef struct { - char *name; - int type; - void (*output) (unsigned char *, int); - int (*input) (int); - void (*init) (int); - int (*start) (int, int); - int (*is) (unsigned char *, int); - int (*reply) (unsigned char *, int); - void (*session) (Session_Key *, int); - int (*keyid) (int, unsigned char *, int *); - void (*printsub) (unsigned char *, int, unsigned char *, int); -} Encryptions; - -#define SK_DES 1 /* Matched Kerberos v5 ENCTYPE_DES */ - -void encrypt_init (kstream, kstream_ptr); -Encryptions *findencryption (int); -void encrypt_auto (int); -void decrypt_auto (int); -void encrypt_is (unsigned char *, int); -void encrypt_reply (unsigned char *, int); -void encrypt_start_input (int); -void encrypt_session_key (Session_Key *, int); -void encrypt_end_input (void); -void encrypt_start_output (int); -void encrypt_end_output (void); -void encrypt_send_request_start (void); -void encrypt_send_request_end (void); -void encrypt_send_end (void); -void encrypt_wait (void); -int encrypt_is_encrypting (void); -void encrypt_send_support (void); -void encrypt_send_keyid (int, unsigned char *, int, int); -int net_write (unsigned char *, int); - -int encrypt_cmd (int, char **); -void encrypt_display (void); - -void krbdes_encrypt (unsigned char *, int); -int krbdes_decrypt (int); -int krbdes_is (unsigned char *, int); -int krbdes_reply (unsigned char *, int); -void krbdes_init (int); -int krbdes_start (int, int); -void krbdes_session (Session_Key *, int); -void krbdes_printsub (unsigned char *, int, unsigned char *, int); - -void cfb64_encrypt (unsigned char *, int); -int cfb64_decrypt (int); -void cfb64_init (int); -int cfb64_start (int, int); -int cfb64_is (unsigned char *, int); -int cfb64_reply (unsigned char *, int); -void cfb64_session (Session_Key *, int); -int cfb64_keyid (int, unsigned char *, int *); -void cfb64_printsub (unsigned char *, int, unsigned char *, int); - -void ofb64_encrypt (unsigned char *, int); -int ofb64_decrypt (int); -void ofb64_init (int); -int ofb64_start (int, int); -int ofb64_is (unsigned char *, int); -int ofb64_reply (unsigned char *, int); -void ofb64_session (Session_Key *, int); -int ofb64_keyid (int, unsigned char *, int *); -void ofb64_printsub (unsigned char *, int, unsigned char *, int); - -int KRB5_CALLCONV - des_new_random_key (Block); -void KRB5_CALLCONV - des_set_random_generator_seed (Block); -void KRB5_CALLCONV - des_key_sched (Block, Schedule); -void KRB5_CALLCONV - des_ecb_encrypt (Block, Block, Schedule, int); - -/* int des_string_to_key (char *, Block); */ - - -#ifdef DEBUG -extern int encrypt_debug_mode; -#endif - -extern int (*decrypt_input) (int); -extern void (*encrypt_output) (unsigned char *, int); - -int decrypt_ks_hack(unsigned char *, int); - -#endif /* __ENCRYPTION__ */ - -#endif /* ENCRYPTION */ diff -Nru krb5-1.16.2/src/windows/wintel/font.c krb5-1.17/src/windows/wintel/font.c --- krb5-1.16.2/src/windows/wintel/font.c 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/wintel/font.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,100 +0,0 @@ -/* font.c */ - -#include -#include -#include -#include "screen.h" -#include "ini.h" - -void ProcessFontChange( - HWND hWnd) -{ - static DWORD dwFontColor; /* Color of font if one has been selected */ - CHOOSEFONT cf; - HDC hDC; - SCREEN *pScr; - TEXTMETRIC tm; - char buf[16]; - char szStyle[LF_FACESIZE]; - - pScr = (SCREEN *) GetWindowLong(hWnd, SCREEN_HANDLE); - assert(pScr != NULL); - - cf.lStructSize = sizeof(cf); - cf.hwndOwner = hWnd; - cf.lpLogFont = (LPLOGFONT) &(pScr->lf); - cf.lpszStyle = szStyle; - cf.Flags = CF_INITTOLOGFONTSTRUCT; /* | CF_USESTYLE; */ - cf.Flags |= CF_SCREENFONTS; -#if 0 - cf.Flags |= CF_ANSIONLY; -#endif - cf.Flags |= CF_FORCEFONTEXIST; - cf.Flags |= CF_FIXEDPITCHONLY; - cf.Flags |= CF_NOSIMULATIONS; - - if (ChooseFont(&cf)) { - if (pScr->hSelectedFont) - DeleteObject(pScr->hSelectedFont); - - pScr->hSelectedFont = CreateFontIndirect(&(pScr->lf)); - pScr->lf.lfUnderline = TRUE; - pScr->hSelectedULFont = CreateFontIndirect(&(pScr->lf)); - pScr->lf.lfUnderline = FALSE; - hDC = GetDC(hWnd); - SelectObject(hDC, pScr->hSelectedFont); - GetTextMetrics(hDC, &tm); - pScr->cxChar = tm.tmAveCharWidth; - pScr->cyChar = tm.tmHeight + tm.tmExternalLeading; - ReleaseDC(hWnd, hDC); - SetWindowPos(hWnd, NULL, 0, 0, pScr->cxChar * pScr->width + - FRAME_WIDTH, pScr->cyChar * pScr->height + - FRAME_HEIGHT, SWP_NOMOVE | SWP_NOZORDER); - - dwFontColor = RGB(255, 255, 255); - InvalidateRect(hWnd, NULL, TRUE); - } - - WritePrivateProfileString(INI_FONT, "FaceName", pScr->lf.lfFaceName, TELNET_INI); - wsprintf(buf, "%d", (int) pScr->lf.lfHeight); - WritePrivateProfileString(INI_FONT, "Height", buf, TELNET_INI); - wsprintf(buf, "%d", (int) pScr->lf.lfWidth); - WritePrivateProfileString(INI_FONT, "Width", buf, TELNET_INI); - wsprintf(buf, "%d", (int) pScr->lf.lfEscapement); - WritePrivateProfileString(INI_FONT, "Escapement", buf, TELNET_INI); - wsprintf(buf, "%d", (int) pScr->lf.lfCharSet); - WritePrivateProfileString(INI_FONT, "CharSet", buf, TELNET_INI); - wsprintf(buf, "%d", (int) pScr->lf.lfPitchAndFamily); - WritePrivateProfileString(INI_FONT, "PitchAndFamily", buf, TELNET_INI); - - return; - -} /* ProcessFontChange */ - - -void InitializeStruct( - WORD wCommDlgType, - LPSTR lpStruct, - HWND hWnd) -{ - LPCHOOSEFONT lpFontChunk; - - if (wCommDlgType == IDC_FONT) { - lpFontChunk = (LPCHOOSEFONT) lpStruct; - - lpFontChunk->lStructSize = sizeof(CHOOSEFONT); - lpFontChunk->hwndOwner = hWnd; - lpFontChunk->Flags = CF_SCREENFONTS | CF_FIXEDPITCHONLY - | CF_INITTOLOGFONTSTRUCT | CF_APPLY; - lpFontChunk->rgbColors = RGB(0, 0, 255); - lpFontChunk->lCustData = 0L; - lpFontChunk->lpfnHook = NULL; - lpFontChunk->lpTemplateName = NULL; - lpFontChunk->hInstance = NULL; - lpFontChunk->lpszStyle = NULL; - lpFontChunk->nFontType = SCREEN_FONTTYPE; - lpFontChunk->nSizeMin = 0; - lpFontChunk->nSizeMax = 0; - } - -} /* InitialiseStruct */ diff -Nru krb5-1.16.2/src/windows/wintel/genget.c krb5-1.17/src/windows/wintel/genget.c --- krb5-1.16.2/src/windows/wintel/genget.c 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/wintel/genget.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,101 +0,0 @@ -/*- - * Copyright (c) 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* based on @(#)genget.c 8.1 (Berkeley) 6/4/93 */ - -#include - -#define LOWER(x) (isupper(x) ? tolower(x) : (x)) -/* - * The prefix function returns 0 if *s1 is not a prefix - * of *s2. If *s1 exactly matches *s2, the negative of - * the length is returned. If *s1 is a prefix of *s2, - * the length of *s1 is returned. - */ - int -isprefix(s1, s2) - register char *s1, *s2; -{ - char *os1; - register char c1, c2; - - if (*s1 == '\0') - return(-1); - os1 = s1; - c1 = *s1; - c2 = *s2; - while (LOWER(c1) == LOWER(c2)) { - if (c1 == '\0') - break; - c1 = *++s1; - c2 = *++s2; - } - return(*s1 ? 0 : (*s2 ? (s1 - os1) : (os1 - s1))); -} - -static char *ambiguous; /* special return value for command routines */ - - char ** -genget(name, table, stlen) - char *name; /* name to match */ - char **table; /* name entry in table */ - int stlen; -{ - register char **c, **found; - register int n; - - if (name == 0) - return 0; - - found = 0; - for (c = table; *c != 0; c = (char **)((char *)c + stlen)) { - if ((n = isprefix(name, *c)) == 0) - continue; - if (n < 0) /* exact match */ - return(c); - if (found) - return(&ambiguous); - found = c; - } - return(found); -} - -/* - * Function call version of Ambiguous() - */ - int -Ambiguous(s) - char *s; -{ - return((char **)s == &ambiguous); -} diff -Nru krb5-1.16.2/src/windows/wintel/ini.h krb5-1.17/src/windows/wintel/ini.h --- krb5-1.16.2/src/windows/wintel/ini.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/wintel/ini.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,16 +0,0 @@ -/* Defines INI file vocabulary */ -#define TELNET_INI "kerberos.ini" - -#define INI_TELNET "Telnet" -#define INI_FONT "Font" -#define INI_WIDTH "Width" -#define INI_HEIGHT "Height" -#define INI_POSITION "Position" -#define INI_BACKSPACE "Backspace" -#define INI_BACKSPACE_BS "BS" -#define INI_BACKSPACE_DEL "DEL" - -#define INI_HOSTS "Telnet Hosts" -#define INI_HOST "Host" -#define INI_HOST_BS "BS" -#define INI_HOST_DEL "DEL" diff -Nru krb5-1.16.2/src/windows/wintel/intern.c krb5-1.17/src/windows/wintel/intern.c --- krb5-1.16.2/src/windows/wintel/intern.c 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/wintel/intern.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,815 +0,0 @@ -/* intern.c */ - -#include -#include -#include -#include "screen.h" - -#define ScreenClearAttrib 0 - -SCREENLINE * -GetScreenLineFromY(SCREEN *pScr, int y) -{ - SCREENLINE *pScrLine; - int idx; - - pScrLine = pScr->screen_top; - for (idx = 0; idx < pScr->height; idx++) { - if (idx == y) - return(pScrLine); - if (pScrLine == NULL) - return(NULL); - pScrLine = pScrLine->next; - } - - return(NULL); -} - - -SCREENLINE * -ScreenClearLine(SCREEN *pScr, SCREENLINE *pScrLine) -{ - memset(pScrLine->attrib, ScreenClearAttrib, pScr->width); - memset(pScrLine->text, ' ', pScr->width); - return(pScrLine); -} - - -void -ScreenUnscroll(SCREEN *pScr) -{ - int idx; - SCREENLINE *pScrLine; - - if (pScr->screen_bottom == pScr->buffer_bottom) - return; - - pScr->screen_bottom = pScr->buffer_bottom; - pScrLine = pScr->screen_bottom; - for (idx = 1; idx < pScr->height; idx++) { - if (pScrLine == NULL) - return; - pScrLine = pScrLine->prev; - } - pScr->screen_top = pScrLine; -} - - -void -ScreenCursorOn(SCREEN *pScr) -{ - int y; - int nlines; - - if (pScr->screen_bottom != pScr->buffer_bottom) - nlines = pScr->numlines - GetScrollPos(pScr->hWnd, SB_VERT); - else - nlines = 0; - - y = pScr->y + nlines; - SetCaretPos(pScr->x * pScr->cxChar, (y+1) * pScr->cyChar); - ShowCaret(pScr->hWnd); -} - - -void -ScreenCursorOff(SCREEN *pScr) -{ - HideCaret(pScr->hWnd); -} - - -void -ScreenELO(SCREEN *pScr, int s) -{ - SCREENLINE *pScrLine; - RECT rc; - - if (s < 0) - s = pScr->y; - - pScrLine = GetScreenLineFromY(pScr,s); - memset(pScrLine->attrib, ScreenClearAttrib, pScr->width); - memset(pScrLine->text, ' ', pScr->width); - rc.left = 0; - rc.right = pScr->width * pScr->cxChar; - rc.top = pScr->cyChar * s; - rc.bottom = pScr->cyChar * (s+1); - InvalidateRect(pScr->hWnd, &rc, TRUE); -} - -void -ScreenEraseScreen(SCREEN *pScr) -{ - int i; - int x1 = 0; - int y1 = 0; - int x2 = pScr->width; - int y2 = pScr->height; - int n = -1; - - for(i = 0; i < pScr->height; i++) - ScreenELO(pScr,i); - - InvalidateRect(pScr->hWnd, NULL, TRUE); - UpdateWindow(pScr->hWnd); -} - - -void -ScreenTabClear(SCREEN *pScr) -{ - int x = 0; - - while(x <= pScr->width) { - pScr->tabs[x] = ' '; - x++; - } -} - - -void -ScreenTabInit(SCREEN *pScr) -{ - int x = 0; - - ScreenTabClear(pScr); - - while(x <= pScr->width) { - pScr->tabs[x] = 'x'; - x += 8; - } - pScr->tabs[pScr->width] = 'x'; -} - - -void -ScreenReset(SCREEN *pScr) -{ - pScr->top = 0; - pScr->bottom = pScr->height-1; - pScr->parmptr = 0; - pScr->escflg = 0; - pScr->DECAWM = 1; - pScr->bWrapPending = FALSE; - pScr->DECCKM = 0; - pScr->DECPAM = 0; - /* pScr->DECORG = 0; */ - /* pScr->Pattrib = -1; */ - pScr->IRM = 0; - pScr->attrib = 0; - pScr->x = 0; - pScr->y = 0; - /* pScr->charset = 0; */ - ScreenEraseScreen(pScr); - ScreenTabInit(pScr); -#if 0 - /* - * QAK - 7/27/90: added because resetting the virtual screen's - * wrapping flag doesn't reset telnet window's wrapping - */ - set_vtwrap(pScrn, pScr->DECAWM); -#endif -} - - -void -ScreenListMove(SCREENLINE *TD, SCREENLINE *BD, SCREENLINE *TI, SCREENLINE *BI) -{ - if (TD->prev != NULL) - TD->prev->next = BD->next; /* Maintain circularity */ - - if (BD->next != NULL) - BD->next->prev = TD->prev; - - TD->prev = TI; /* Place the node in its new home */ - BD->next = BI; - - if (TI != NULL) - TI->next = TD; /* Ditto prev->prev */ - - if (BI != NULL) - BI->prev = BD; -} - - -void -ScreenDelLines(SCREEN *pScr, int n, int s) -{ - SCREENLINE *BI; - SCREENLINE *TI; - SCREENLINE *TD; - SCREENLINE *BD; - SCREENLINE *pLine; - int idx; - RECT rc; - HDC hDC; - - pScr->bWrapPending = FALSE; - - if (s < 0) - s = pScr->y; - - if (s + n - 1 > pScr->bottom) - n = pScr->bottom - s + 1; - - TD = GetScreenLineFromY(pScr, s); - BD = GetScreenLineFromY(pScr, s + n - 1); - TI = GetScreenLineFromY(pScr, pScr->bottom); - BI = TI->next; - - /* - * Adjust the top of the screen and buffer if they will move. - */ - if (TD == pScr->screen_top) { - if (pScr->screen_top == pScr->buffer_top) - pScr->buffer_top = BD->next; - pScr->screen_top = BD->next; - } - - /* - * Adjust the bottom of the screen and buffer if they will move. - */ - if (TI == pScr->screen_bottom) { - if (pScr->screen_bottom == pScr->buffer_bottom) - pScr->buffer_bottom = BD; - pScr->screen_bottom = BD; - } - - if (TI != BD) - ScreenListMove(TD, BD, TI, BI); - - /* - * Clear the lines moved from the deleted area to the - * bottom of the scrolling area. - */ - pLine = TI; - - for (idx = 0; idx < n; idx++) { - pLine = pLine->next; - ScreenClearLine(pScr, pLine); - } - - /* CheckScreen(pScr); */ - - /* - * Scroll the affected area on the screen. - */ - rc.left = 0; - rc.right = pScr->width * pScr->cxChar; - rc.top = s * pScr->cyChar; - rc.bottom = (pScr->bottom + 1) * pScr->cyChar; - - hDC = GetDC(pScr->hWnd); - - ScrollDC(hDC, 0, -pScr->cyChar * n, &rc, &rc, NULL, NULL); - - PatBlt(hDC, 0, (pScr->bottom - n + 1) * pScr->cyChar, - pScr->width * pScr->cxChar, n * pScr->cyChar, WHITENESS); - - ReleaseDC(pScr->hWnd, hDC); -} - - -void -ScreenInsertLine(SCREEN *pScr, int s) -{ - ScreenInsLines(pScr, 1, s); -} - - -void -ScreenInsLines(SCREEN *pScr, int n, int s) -{ - SCREENLINE *TI; - SCREENLINE *BI; - SCREENLINE *TD; - SCREENLINE *BD; - SCREENLINE *pLine; - int idx; - RECT rc; - HDC hDC; - - pScr->bWrapPending = FALSE; - - if (s < 0) - s = pScr->y; - - if (s + n - 1 > pScr->bottom) - n = pScr->bottom - s + 1; - - /* - * Determine the top and bottom of the insert area. Also determine - * the top and bottom of the area to be deleted and moved to the - * insert area. - */ - BI = GetScreenLineFromY(pScr, s); - TI = BI->prev; - TD = GetScreenLineFromY(pScr, pScr->bottom - n + 1); - BD = GetScreenLineFromY(pScr, pScr->bottom); - - /* - * Adjust the top of the screen and buffer if they will move. - */ - if (BI == pScr->screen_top) { - if (pScr->screen_top == pScr->buffer_top) - pScr->buffer_top = TD; - pScr->screen_top = TD; - } - - /* - * Adjust the bottom of the screen and buffer if they will move. - */ - if (BD == pScr->screen_bottom) { - if (pScr->screen_bottom == pScr->buffer_bottom) - pScr->buffer_bottom = TD->prev; - pScr->screen_bottom = TD->prev; - } - - /* - * Move lines from the bottom of the scrolling region to the insert area. - */ - if (TD != BI) - ScreenListMove(TD,BD,TI,BI); - - /* - * Clear the inserted lines - */ - pLine = GetScreenLineFromY(pScr, s); - - for (idx = 0; idx < n; idx++) { - ScreenClearLine(pScr, pLine); - pLine = pLine->next; - } - - /* CheckScreen(pScr); */ - - /* - * Scroll the affected area on the screen. - */ - rc.left = 0; - rc.right = pScr->width * pScr->cxChar; - rc.top = s * pScr->cyChar; - rc.bottom = (pScr->bottom + 1) * pScr->cyChar; - - hDC = GetDC(pScr->hWnd); - - ScrollDC(hDC, 0, pScr->cyChar * n, &rc, &rc, NULL, NULL); - - PatBlt(hDC, 0, s * pScr->cyChar, - pScr->width * pScr->cxChar, n * pScr->cyChar, WHITENESS); - - ReleaseDC(pScr->hWnd, hDC); -} - - -void -ScreenIndex(SCREEN * pScr) -{ - if (pScr->y >= pScr->bottom) - ScreenScroll(pScr); - else - pScr->y++; - - pScr->bWrapPending = FALSE; -} - - -void -ScreenWrapNow(SCREEN *pScr, int *xp, int *yp) -{ - if (pScr->bWrapPending && pScr->x >= pScr->width - 1) { - pScr->x = 0; - ScreenIndex(pScr); - } - - pScr->bWrapPending = FALSE; - - *xp = pScr->x; - *yp = pScr->y; -} - - -void -ScreenEraseToEOL(SCREEN *pScr) -{ - int x1 = pScr->x; - int y1 = pScr->y; - int x2 = pScr->width; - int y2 = pScr->y; - int n = -1; - SCREENLINE *pScrLine; - RECT rc; - - ScreenWrapNow(pScr, &x1, &y1); - - y2 = y1; -#if 0 - wsprintf(strTmp,"[EraseEOL:%d]",y2); - OutputDebugString(strTmp); -#endif - pScrLine = GetScreenLineFromY(pScr,y2); - memset(&pScrLine->attrib[x1], ScreenClearAttrib, pScr->width-x1+1); - memset(&pScrLine->text[x1], ' ', pScr->width - x1 + 1); - rc.left = x1 * pScr->cxChar; - rc.right = pScr->width * pScr->cxChar; - rc.top = pScr->cyChar * y1; - rc.bottom = pScr->cyChar * (y1 + 1); - InvalidateRect(pScr->hWnd, &rc, TRUE); - UpdateWindow(pScr->hWnd); -} - - -void -ScreenDelChars(SCREEN *pScr, int n) -{ - int x = pScr->x; - int y = pScr->y; - int width; - SCREENLINE *pScrLine; - RECT rc; - - pScr->bWrapPending = FALSE; - - pScrLine = GetScreenLineFromY(pScr, y); - - width = pScr->width - x - n; - - if (width > 0) { - memmove(&pScrLine->attrib[x], &pScrLine->attrib[x + n], width); - memmove(&pScrLine->text[x], &pScrLine->text[x + n], width); - } - - memset(&pScrLine->attrib[pScr->width - n], ScreenClearAttrib, n); - memset(&pScrLine->text[pScr->width - n], ' ', n); - - rc.left = x * pScr->cxChar; - rc.right = pScr->width * pScr->cxChar; - rc.top = pScr->cyChar * y; - rc.bottom = pScr->cyChar * (y + 1); - - InvalidateRect(pScr->hWnd, &rc, TRUE); - - UpdateWindow(pScr->hWnd); -} - - -void -ScreenRevIndex(SCREEN *pScr) -{ - SCREENLINE *pScrLine; - SCREENLINE *pTopLine; - - pScr->bWrapPending = FALSE; - pScrLine = GetScreenLineFromY(pScr, pScr->y); - pTopLine = GetScreenLineFromY(pScr, pScr->top); - - if(pScrLine == pTopLine) - ScreenInsertLine(pScr, pScr->y); - else - pScr->y--; -} - - -void -ScreenEraseToBOL(SCREEN *pScr) -{ - int x1 = 0; - int y1 = pScr->y; - int x2 = pScr->x; - int y2 = pScr->y; - int n = -1; - SCREENLINE *pScrLine; - - pScrLine = GetScreenLineFromY(pScr, pScr->y); - - ScreenWrapNow(pScr, &x2, &y1); - y2 = y1; - memset(pScrLine->attrib, ScreenClearAttrib, x2); - memset(pScrLine->text, ' ', x2); -} - - -void -ScreenEraseLine(SCREEN *pScr, int s) -{ - int x1 = 0; - int y1 = s; - int x2 = pScr->width; - int y2 = s; - int n = -1; - SCREENLINE *pScrLine; - RECT rc; - - if (s < 0) { - ScreenWrapNow(pScr, &x1, &y1); - s = y2 = y1; - x1 = 0; - } - - pScrLine = GetScreenLineFromY(pScr,y1); - memset(pScrLine->attrib, ScreenClearAttrib, pScr->width); - memset(pScrLine->text, ' ', pScr->width); - rc.left = 0; - rc.right = pScr->width * pScr->cxChar; - rc.top = pScr->cyChar * y1; - rc.bottom = pScr->cyChar * (y1+1); - InvalidateRect(pScr->hWnd, &rc, TRUE); - SendMessage(pScr->hWnd, WM_PAINT, 0, 0); -} - - -void -ScreenEraseToEndOfScreen(SCREEN *pScr) -{ - int i; - int x1 = 0; - int y1 = pScr->y+1; - int x2 = pScr->width; - int y2 = pScr->height; - int n = -1; - - ScreenWrapNow(pScr, &x1, &y1); - y1++; - x1 = 0; - i = y1; - ScreenEraseToEOL(pScr); - while (i < pScr->height) { - ScreenELO(pScr, i); - ScreenEraseLine(pScr, i); - i++; - } -} - - -void -ScreenRange(SCREEN *pScr) -{ - if (pScr->x < 0) - pScr->x = 0; - - if (pScr->x >= pScr->width) - pScr->x = pScr->width - 1; - - if (pScr->y < 0) - pScr->y = 0; - - if (pScr->y >= pScr->height) - pScr->y = pScr->height - 1; -} - - -void -ScreenAlign(SCREEN *pScr) /* vt100 alignment, fill screen with 'E's */ -{ - char *tt; - int i; - int j; - SCREENLINE *pScrLine; - - pScrLine = GetScreenLineFromY(pScr, pScr->top); - ScreenEraseScreen(pScr); - - for(j = 0; j < pScr->height; j++) { - tt = &pScrLine->text[0]; - for(i = 0; i <= pScr->width; i++) - *tt++ = 'E'; - pScrLine = pScrLine->next; - } -} - - -void -ScreenApClear(SCREEN *pScr) -{ - /* - * reset all the ANSI parameters back to the default state - */ - for(pScr->parmptr=5; pScr->parmptr>=0; pScr->parmptr--) - pScr->parms[pScr->parmptr] = -1; - - pScr->parmptr = 0; -} - - -void -ScreenSetOption(SCREEN *pScr, int toggle) -{ - if (pScr->parms[0] == -2 && pScr->parms[1] == 1) - pScr->DECCKM = toggle; - -#if 0 - switch(pScr->parms[0]) { - - case -2: /* Set on the '?' char */ - switch(pScr->parms[1]) { - - case 1: /* set/reset cursor key mode */ - pScr->DECCKM = toggle; - break; - -#ifdef NOT_SUPPORTED - case 2: /* set/reset ANSI/vt52 mode */ - break; -#endif - - case 3: /* set/reset column mode */ - pScr->x = pScr->y = 0; /* Clear the screen, mama! */ - ScreenEraseScreen(pScr); -#if 0 /* removed for variable screen size */ - if (toggle) /* 132 column mode */ - pScr->width = pScr->allwidth; - else - pScr->width = 79; -#endif - break; - -#ifdef NOT_SUPPORTED - case 4: /* set/reset scrolling mode */ - case 5: /* set/reset screen mode */ - case 6: /* set/rest origin mode */ - pScr->DECORG = toggle; - break; -#endif - - case 7: /* set/reset wrap mode */ - pScr->DECAWM = toggle; -#if 0 - /* - * QAK - 7/27/90: added because resetting the virtual screen's - * wrapping flag doesn't reset telnet window's wrapping - */ - set_vtwrap(pScrn, fpScr->DECAWM); -#endif - break; - -#ifdef NOT_SUPPORTED - case 8: /* set/reset autorepeat mode */ - case 9: /* set/reset interlace mode */ - break; -#endif - - default: - break; - } /* end switch */ - break; - - case 4: - pScr->IRM=toggle; - break; - - default: - break; - - } /* end switch */ -#endif -} - - -#ifdef NOT_SUPPORTED -void -ScreenTab(SCREEN *pScr) -{ - if (pScr->x> = pScr->width) - pScr->x = pScr->width; - pScr->x++; - while (pScr->tabs[fpScr->x] != 'x' && pScr->x < pScr->width) - pScr->x++; -} -#endif - - -BOOL -ScreenInsChar(SCREEN *pScr, int x) -{ - int i; - SCREENLINE *pScrLine; - RECT rc; - - pScrLine = GetScreenLineFromY(pScr, pScr->y); - if (pScrLine == NULL) - return(FALSE); - - for(i = pScr->width - x; i >= pScr->x; i--) { - pScrLine->text[x+i] = pScrLine->text[i]; - pScrLine->attrib[x+i] = pScrLine->attrib[i]; - } - - memset(&pScrLine->attrib[pScr->x], ScreenClearAttrib, x); - memset(&pScrLine->text[pScr->x], ' ', x); - rc.left = pScr->cxChar * x; - rc.right = pScr->cxChar * (x + pScr->x); - rc.top = pScr->cyChar * (pScr->y - 1); - rc.bottom = pScr->cyChar * pScr->y; - InvalidateRect(pScr->hWnd, &rc, TRUE); - SendMessage(pScr->hWnd, WM_PAINT, 0, 0); - return(TRUE); -} - - -void -ScreenSaveCursor(SCREEN *pScr) -{ - pScr->Px = pScr->x; - pScr->Py = pScr->y; - pScr->Pattrib = pScr->attrib; -} - - -void -ScreenRestoreCursor(SCREEN *pScr) -{ - pScr->x = pScr->Px; - pScr->y = pScr->Py; - ScreenRange(pScr); -} - - -void -ScreenDraw(SCREEN *pScr, int x, int y, int a, int len, char *c) -{ - int idx; - SCREENLINE *pScrLine; - RECT rc; - - pScrLine = GetScreenLineFromY(pScr, y); - assert(pScrLine != NULL); - - for(idx = x; idx < x + len; idx++) { - pScrLine->text[idx] = c[idx - x]; - pScrLine->attrib[idx - x] = a; - } - - rc.left = pScr->cxChar * x; - rc.right = pScr->cxChar * (x + len); - rc.top = pScr->cyChar * pScr->y; - rc.bottom = pScr->cyChar * (pScr->y + 1); - InvalidateRect(pScr->hWnd, &rc, TRUE); - SendMessage(pScr->hWnd, WM_PAINT, 0, 0); -} - - -#if ! defined(NDEBUG) - -BOOL -CheckScreen(SCREEN *pScr) -{ - SCREENLINE *pLinePrev; - SCREENLINE *pLine; - int nscreen = 0; - int nbuffer = 0; - int topline = 0; - char buf[512]; - BOOL bBottom; - BOOL bOK; - - pLine = pScr->buffer_top; - - if (pLine == NULL) { - OutputDebugString("CheckScreen: buffer_top invalid"); - MessageBox(NULL, "buffer_top invalid", "CheckScreen", MB_OK); - return(FALSE); - } - - bBottom = FALSE; - while (TRUE) { - pLinePrev = pLine; - if (nscreen > 0 || pLine == pScr->screen_top) - if (!bBottom) - nscreen++; - nbuffer++; - if (pLine == pScr->screen_top) - topline = nbuffer - 1; - if (pLine == pScr->screen_bottom) - bBottom = TRUE; - pLine = pLine->next; - if (pLine == NULL) - break; - if (pLine->prev != pLinePrev) { - wsprintf(buf, - "Previous ptr of line %d does not match next ptr of line %d", - nbuffer, nbuffer - 1); - OutputDebugString(buf); - MessageBox(NULL, buf, "CheckScreen", MB_OK); - } - } - - if (pLinePrev == pScr->buffer_bottom && nscreen == pScr->height) - bOK = TRUE; - else { - OutputDebugString("CheckScreen: Invalid number of lines on screen"); - bOK = FALSE; - } - - wsprintf(buf, "screen.width = %d\nscreen.height = %d\nscreen.maxlines = %d\nscreen.numlines = %d\nscreen.x = %d\nscreen.y = %d\nscreen.top = %d\nscreen.bottom = %d\nActual top line = %d\nActual buffer lines = %d\nActual screen lines = %d\nBottom of buffer is %s", - pScr->width, pScr->height, pScr->maxlines, pScr->numlines, - pScr->x, pScr->y, pScr->top, pScr->bottom, - topline, nbuffer, nscreen, - (pLinePrev == pScr->buffer_bottom) ? "valid" : "invalid"); - - MessageBox(NULL, buf, "CheckScreen", MB_OK); - - return(bOK); -} - -#endif diff -Nru krb5-1.16.2/src/windows/wintel/k5stream.c krb5-1.17/src/windows/wintel/k5stream.c --- krb5-1.16.2/src/windows/wintel/k5stream.c 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/wintel/k5stream.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,118 +0,0 @@ -/* - * - * K5stream - * - * Emulates the kstream package in Kerberos 4 - * - */ - -#include -#include -#include -#include "telnet.h" -#include "k5stream.h" -#include "auth.h" - -int -kstream_destroy(kstream ks) -{ - if (ks != NULL) { - auth_destroy(ks); /* Destroy authorizing */ - - closesocket(ks->fd); /* Close the socket??? */ - free(ks); - } - return 0; -} - -void -kstream_set_buffer_mode(kstream ks, int mode) -{ -} - - -kstream -kstream_create_from_fd(int fd, - const struct kstream_crypt_ctl_block *ctl, - kstream_ptr data) -{ - kstream ks; - int n; - BOOL on = 1; - - ks = malloc(sizeof(struct kstream_int)); - if (ks == NULL) - return NULL; - - ks->fd = fd; - - setsockopt(ks->fd, SOL_SOCKET, SO_OOBINLINE, (const char *)&on, sizeof(on)); - - n = auth_init(ks, data); /* Initialize authorizing */ - if (n) { - free(ks); - return NULL; - } - - ks->encrypt = NULL; - ks->decrypt = NULL; - - return ks; -} - -int -kstream_write(kstream ks, void *p_data, size_t p_len) -{ - int n; - struct kstream_data_block i; - -#ifdef DEBUG - hexdump("plaintext:", p_data, p_len); -#endif - - if (ks->encrypt) { - i.ptr = p_data; - i.length = p_len; - ks->encrypt(&i, NULL, NULL); -#ifdef DEBUG - hexdump("cyphertext:", p_data, p_len); -#endif - } - - n = send(ks->fd, p_data, p_len, 0); /* Write the data */ - - return n; /* higher layer does retries */ -} - - -int -kstream_read(kstream ks, void *p_data, size_t p_len) -{ - int n; - struct kstream_data_block i; - - n = recv(ks->fd, p_data, p_len, 0); /* read the data */ - - if (n < 0) - return n; - -#ifdef DEBUG - hexdump("input data:", p_data, n); -#endif - - if (ks->decrypt) { - extern int encrypt_flag; - - if (encrypt_flag == 2) - encrypt_flag = 1; - - i.ptr = p_data; - i.length = n; - ks->decrypt(&i, NULL, NULL); -#ifdef DEBUG - hexdump("decrypted data:", p_data, n); -#endif - } - - return n; /* higher layer does retries */ -} diff -Nru krb5-1.16.2/src/windows/wintel/k5stream.h krb5-1.17/src/windows/wintel/k5stream.h --- krb5-1.16.2/src/windows/wintel/k5stream.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/wintel/k5stream.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,57 +0,0 @@ -/* Header file for encrypted-stream library. - * Written by Ken Raeburn (Raeburn@Cygnus.COM). - * Copyright (C) 1991, 1992, 1994 by Cygnus Support. - * - * Permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation. - * Cygnus Support makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#ifndef K5STREAM_H -#define K5STREAM_H - -typedef struct kstream_int { /* Object we pass around */ - int fd; /* Open socket descriptor */ - int (*encrypt)(struct kstream_data_block *, /* output */ - struct kstream_data_block *, /* input */ - struct kstream *kstream); - int (*decrypt)(struct kstream_data_block *, /* output */ - struct kstream_data_block *, /* input */ - struct kstream *kstream); -} *kstream; - -typedef void *kstream_ptr; /* Data send on the kstream */ - -struct kstream_data_block { - kstream_ptr ptr; - size_t length; -}; - -struct kstream_crypt_ctl_block { - int (*encrypt)(struct kstream_data_block *, /* output */ - struct kstream_data_block *, /* input */ - kstream); - int (*decrypt)(struct kstream_data_block *, /* output */ - struct kstream_data_block *, /* input */ - kstream); - int (*init)(kstream, kstream_ptr); - void (*destroy)(kstream); -}; - - -/* Prototypes */ - -int kstream_destroy(kstream); -void kstream_set_buffer_mode(kstream, int); -kstream kstream_create_from_fd(int fd, - const struct kstream_crypt_ctl_block *, - kstream_ptr); -int kstream_write(kstream, void *, size_t); -int kstream_read(kstream, void *, size_t); - -#endif /* K5STREAM_H */ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/wintel/ktelnet.doc and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/wintel/ktelnet.doc differ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/wintel/ktelnet.hlp and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/wintel/ktelnet.hlp differ diff -Nru krb5-1.16.2/src/windows/wintel/ktelnet.hpj krb5-1.17/src/windows/wintel/ktelnet.hpj --- krb5-1.16.2/src/windows/wintel/ktelnet.hpj 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/wintel/ktelnet.hpj 1970-01-01 00:00:00.000000000 +0000 @@ -1,92 +0,0 @@ -;* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * -; Help Project File for KTELNET -; -; This file is maintained by RoboHELP. Do not modify this file directly. -;* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * - - -[OPTIONS] -;* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * -; The Options section contains the following information: -; -; The optional BMROOT= entry sets the directories in which the Help Compiler -; will look for graphics. -; -; The CONTENTS= tells WinHelp which topic contains the contents. -; -; The TITLE= is displayed in the Title Bar of WINHELP.EXE -; -; The BUILD= setting allows you to create different Help systems from -; the same source file. -; -; The COMPRESS= option tells the Help Compiler how much to compress -; the Help file. -;* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * -;BMROOT=C:\WINDOWS\DESKTOP\KERBEROS 5\WIN95 GUI\CNS HELP -TITLE=Kerb*Net Telnet for Windows -BUILD=WINDOWS -NOTES=1 - - -OLDKEYPHRASE=NO -OPTCDROM=0 -REPORT=YES -COMPRESS=12 -ERRORLOG=C:\windows\desktop\kerberos 5\win95 gui\cns help\KTELNET.ERR -[BUILDTAGS] -;* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * -; The Build Tags section specifies to the Help Compiler the names -; of all the valid build tags used in this Help project. -;* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * -WINDOWS - - -[CONFIG] -;* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * -; The Config section defines macros which will run at startup. -;* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * - - - - -[FILES] -;* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * -; The Files section specifies the RTF files for a project. -;* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * - - -KTELNET.RTF -[ALIAS] -;* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * -; The Alias section sets up aliases for Topic IDs in your Help system. -;* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * - - -[MAP] -;* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * -; The Map section specifies the project HH files. -;* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * - - -[BITMAPS] -;* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * -; The Bitmaps section specifies the referenced bitmaps used in -; your help system. -;* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * - - -[WINDOWS] -;* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * -; The Windows section contains all of the information about the windows -; in a Help project. -;* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * -;Gloss = "Glossary",(100,100,350,350),0,(255,255,255),(255,255,255) -main=,,29188,, -(w95sec)=,,20740,(r14745599),(r14745599),f2 - - -[BAGGAGE] -;* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * -; The Baggage section specifies any additional files. -;* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * - diff -Nru krb5-1.16.2/src/windows/wintel/Makefile.in krb5-1.17/src/windows/wintel/Makefile.in --- krb5-1.16.2/src/windows/wintel/Makefile.in 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/wintel/Makefile.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,46 +0,0 @@ -# Makefile for the Kerberos for Windows telnet client -# Works for both k4 and k5 releases. -# -OBJS = $(OUTPRE)telnet.obj $(OUTPRE)negotiat.obj $(OUTPRE)auth.obj \ - $(OUTPRE)edit.obj $(OUTPRE)emul.obj $(OUTPRE)font.obj \ - $(OUTPRE)intern.obj $(OUTPRE)screen.obj $(OUTPRE)encrypt.obj \ - $(OUTPRE)genget.obj - -##### Options -# Set NODEBUG if building release instead of debug -!IF ! defined(KVERSION) -KRBOPT =-DFORWARD -DAUTHENTICATION -DENCRYPTION -DDES_ENCRYPTION -KVERSION= 5 -!endif -KRB = KRB$(KVERSION) - -BUILDTOP=..\.. -LOCALINCLUDES= /I$(BUILDTOP) /I$(BUILDTOP)\include /I$(BUILDTOP)\include\krb5 \ - /I$(BUILDTOP)\lib\crypto\des -RESFILE = $(OUTPRE)telnet.res -XOBJS = $(RESFILE) $(OUTPRE)k5stream.obj $(OUTPRE)enc_des.obj - -DEFINES = /D$(KRB)=1 $(KRBOPT) -RFLAGS = $(LOCALINCLUDES) -RCFLAGS = $(RFLAGS) -D_WIN32 -DTELNET_APP - -##### Linker -LINK = link -LIBS = $(KLIB) $(CLIB) $(WLIB) -SYSLIBS = kernel32.lib ws2_32.lib user32.lib gdi32.lib comdlg32.lib -LFLAGS = /nologo $(LOPTS) - -all: Makefile $(OUTPRE)telnet.exe - -$(OUTPRE)telnet.exe: telnet.def $(OBJS) $(XOBJS) $(LIBS) - $(LINK) $(LFLAGS) /map:$*.map /out:$@ $(OBJS) $(XOBJS) \ - $(LIBS) $(SYSLIBS) $(SCLIB) - $(_VC_MANIFEST_EMBED_EXE) - -install: - copy $(OUTPRE)telnet.exe $(DESTDIR) - -clean: - $(RM) $(OUTPRE)*.exe $(OUTPRE)*.res $(OUTPRE)*.map - -$(RESFILE): ..\version.rc Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/wintel/ncsa.ico and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/wintel/ncsa.ico differ diff -Nru krb5-1.16.2/src/windows/wintel/negotiat.c krb5-1.17/src/windows/wintel/negotiat.c --- krb5-1.16.2/src/windows/wintel/negotiat.c 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/wintel/negotiat.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,865 +0,0 @@ -/* - * negotiat.c - * - * Telnet option negotiation functions - * - -/* - * Includes - */ - -/* #define USETEK */ -/* #define USERAS */ - -#ifdef DEBUG /* define this to print the raw network data to debuging monitor */ -#define NEGOTIATEDEBUG -#endif - -#if 0 -#define PRINT_EVERYTHING /* talk a lot */ -#endif - -#include -#include "telnet.h" -#include "telnet_arpa.h" -#include "auth.h" -#include "encrypt.h" - -#define STNORM 0 -#define NEGOTIATE 1 -#define ESCFOUND 5 -#define IACFOUND 6 - -unsigned char parsedat[256]; - -/* Local functions */ -static void parse_subnegotiat(kstream ks,int end_sub); - -/* Local variables */ -static char *telstates[]={ - "EOF", - "Suspend Process", - "Abort Process", - "Unknown (239)", - "Subnegotiation End", - "NOP", - "Data Mark", - "Break", - "Interrupt Process", - "Abort Output", - "Are You There", - "Erase Character", - "Erase Line", - "Go Ahead", - "Subnegotiate", - "Will", - "Won't", - "Do", - "Don't" -}; - -static char *teloptions[256]={ /* ascii strings for Telnet options */ - "Binary", /* 0 */ - "Echo", - "Reconnection", - "Supress Go Ahead", - "Message Size Negotiation", - "Status", /* 5 */ - "Timing Mark", - "Remote Controlled Trans and Echo", - "Output Line Width", - "Output Page Size", - "Output Carriage-Return Disposition", /* 10 */ - "Output Horizontal Tab Stops", - "Output Horizontal Tab Disposition", - "Output Formfeed Disposition", - "Output Vertical Tabstops", - "Output Vertical Tab Disposition", /* 15 */ - "Output Linefeed Disposition", - "Extended ASCII", - "Logout", - "Byte Macro", - "Data Entry Terminal", /* 20 */ - "SUPDUP", - "SUPDUP Output", - "Send Location", - "Terminal Type", - "End of Record", /* 25 */ - "TACACS User Identification", - "Output Marking", - "Terminal Location Number", - "3270 Regime", - "X.3 PAD", /* 30 */ - "Negotiate About Window Size", - "Terminal Speed", - "Toggle Flow Control", - "Linemode", - "X Display Location", /* 35 */ - "Environment", - "Authentication", - "Data Encryption", - "39", - "40","41","42","43","44","45","46","47","48","49", - "50","51","52","53","54","55","56","57","58","59", - "60","61","62","63","64","65","66","67","68","69", - "70","71","72","73","74","75","76","77","78","79", - "80","81","82","83","84","85","86","87","88","89", - "90","91","92","93","94","95","96","97","98","99", - "100","101","102","103","104","105","106","107","108","109", - "110","111","112","113","114","115","116","117","118","119", - "120","121","122","123","124","125","126","127","128","129", - "130","131","132","133","134","135","136","137","138","139", - "140","141","142","143","144","145","146","147","148","149", - "150","151","152","153","154","155","156","157","158","159", - "160","161","162","163","164","165","166","167","168","169", - "170","171","172","173","174","175","176","177","178","179", - "180","181","182","183","184","185","186","187","188","189", - "190","191","192","193","194","195","196","197","198","199", - "200","201","202","203","204","205","206","207","208","209", - "210","211","212","213","214","215","216","217","218","219", - "220","221","222","223","224","225","226","227","228","229", - "230","231","232","233","234","235","236","237","238","239", - "240","241","242","243","244","245","246","247","248","249", - "250","251","252","253","254", - "Extended Options List" /* 255 */ -}; - -static char *LMoptions[]={ /* ascii strings for Linemode sub-options */ - "None", "MODE", "FORWARDMASK", "SLC" -}; - -static char *ModeOptions[]={ /* ascii strings for Linemode edit options */ - "None", "EDIT", "TRAPSIG", "ACK", "SOFT TAB", "LIT ECHO" -}; - -static char *SLCoptions[]={ /* ascii strings for Linemode SLC characters */ - "None", "SYNCH", "BREAK", "IP", "ABORT OUTPUT", - "AYT", "EOR", "ABORT", "EOF", "SUSP", - "EC", "EL", "EW", "RP", "LNEXT", - "XON", "XOFF", "FORW1", "FORW2", "MCL", - "MCR", "MCWL", "MCWR", "MCBOL", "MCEOL", - "INSRT", "OVER", "ECR", "EWR", "EBOL", - "EEOL" -}; - -static char *SLCflags[]={ /* ascii strings for Linemode SLC flags */ - "SLC_NOSUPPORT", "SLC_CANTCHANGE", "SLC_VALUE", "SLC_DEFAULT" -}; - -/* Linemode default character for each function */ -static unsigned char LMdefaults[NTELOPTS + 1]={ - (unsigned char)-1, /* zero isn't used */ - (unsigned char)-1, /* we don't support SYNCH */ - 3, /* ^C is default for BRK */ - 3, /* ^C is default for IP */ - 15, /* ^O is default for AO */ - 25, /* ^Y is default for AYT */ /* 5 */ - (unsigned char)-1, /* we don't support EOR */ - 3, /* ^C is default for ABORT */ - 4, /* ^D is default for EOF */ - 26, /* ^Z is default for SUSP */ - 8, /* ^H is default for EC */ /* 10 */ - 21, /* ^U is default for EL */ - 23, /* ^W is default for EW */ - 18, /* ^R is default for RP */ - 22, /* ^V is default for LNEXT */ - 17, /* ^Q is default for XON */ /* 15 */ - 19, /* ^S is default for XOFF */ - 22, /* ^V is default for FORW1 */ - 5, /* ^E is default for FORW2 */ - (unsigned char)-1, /* we don't support MCL */ - (unsigned char)-1, /* we don't support MCR */ /* 20 */ - (unsigned char)-1, /* we don't support MCWL */ - (unsigned char)-1, /* we don't support MCWR */ - (unsigned char)-1, /* we don't support MCBOL */ - (unsigned char)-1, /* we don't support MCEOL */ - (unsigned char)-1, /* we don't support INSRT */ /* 25 */ - (unsigned char)-1, /* we don't support OVER */ - (unsigned char)-1, /* we don't support ECR */ - (unsigned char)-1, /* we don't support EWR */ - (unsigned char)-1, /* we don't support EBOL */ - (unsigned char)-1 /* we don't support EEOL */ /* 30 */ -}; - - -/* - * Function : start_negotiation() - * Purpose : Send the initial negotiations on the network and print - * the negotitations to the console screen. - * Parameters : - * dat - the port number to write to - * cvs - the console's virtual screen - * Returns : none - * Calls : tprintf(), netprintf() - * Called by : dosessions() - */ -void -start_negotiation(kstream ks) -{ - char buf[128]; - - /* Send the initial telnet negotiations */ -#ifdef ENCRYPTION /* XXX */ - if (encrypt_flag) - wsprintf(buf,"%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c", - IAC, WILL, TELOPT_AUTHENTICATION, - IAC, WILL, TELOPT_ENCRYPT, - IAC, DO, TELOPT_SGA, - IAC, DO, TELOPT_ECHO, - IAC, WILL, TELOPT_NAWS - ); - else -#endif - wsprintf(buf,"%c%c%c%c%c%c%c%c%c%c%c%c", - IAC, WILL, TELOPT_AUTHENTICATION, - IAC, DO, TELOPT_SGA, - IAC, DO, TELOPT_ECHO, - IAC, WILL, TELOPT_NAWS - ); - TelnetSend(ks,buf,lstrlen(buf),0); - -#ifdef NOT - /* check whether we are going to be output mapping */ - if(tw->mapoutput) { - netprintf(tw->pnum,"%c%c%c",IAC,DO,TELOPT_BINARY); - /* set the flag indicating we wanted server to start transmitting binary */ - tw->uwantbinary=1; - netprintf(tw->pnum,"%c%c%c",IAC,WILL,TELOPT_BINARY); - /* set the flag indicating we want to start transmitting binary */ - tw->iwantbinary=1; - } /* end if */ -#endif - - /* Print to the console what we just did */ -#ifdef NEGOTIATEDEBUG - wsprintf(strTmp,"SEND: %s %s\r\n",telstates[DO - TELCMD_FIRST], - teloptions[TELOPT_ECHO]); - OutputDebugString(strTmp); - wsprintf(strTmp,"SEND: %s %s\r\n",telstates[DO - TELCMD_FIRST], - teloptions[TELOPT_SGA]); - OutputDebugString(strTmp); - wsprintf(strTmp,"SEND: %s %s\r\n",telstates[WILL - TELCMD_FIRST], - teloptions[TELOPT_NAWS]); - OutputDebugString(strTmp); - -#ifdef NOT - tprintf(cvs,"SEND: %s %s\r\n",telstates[DO - TELCMD_FIRST], - teloptions[BINARY]); - tprintf(cvs,"SEND: %s %s\r\n",telstates[WILL - TELCMD_FIRST], - teloptions[BINARY]); -#endif -#endif -} /* end start_negotiation() */ - -/* - * parse - * Do the telnet negotiation parsing. - * - * look at the string which has just come in from outside and - * check for special sequences that we are interested in. - * - * Tries to pass through routine strings immediately, waiting for special - * characters ESC and IAC to change modes. - */ -void -parse(CONNECTION *con,unsigned char *st,int cnt) -{ - static int sub_pos; /* the position we are in the subnegotiation parsing */ - static int end_sub; /* index of last byte in parsedat in a subnegotiation */ - unsigned char *mark, *orig; - char buf[256]; - kstream ks; - - ks = con->ks; - -#ifdef PRINT_EVERYTHING - hexdump("Options to process:", st, cnt); -#endif /* PRINT_EVERYTHING */ - - orig = st; /* remember beginning point */ - mark = st + cnt; /* set to end of input string */ - -#ifdef HUH - netpush(tw->pnum); -#endif - - /* - * traverse string, looking for any special characters which indicate that - * we need to change modes. - */ - while(st < mark) { - - while(con->telstate != STNORM && st < mark) { - switch(con->telstate) { - case IACFOUND: /* telnet option negotiation */ - if(*st == IAC) { /* real data=255 */ - st++; /* real 255 will get sent */ - con->telstate = STNORM; - break; - } /* end if */ - - if(*st > 239) { - con->telstate = *st++; /* by what the option is */ - break; - } /* end if */ - -#ifdef NEGOTIATEDEBUG - wsprintf(buf, "\r\n strange telnet option"); - OutputDebugString(buf); -#endif - orig=++st; - con->telstate=STNORM; - break; - - case EL: /* received a telnet erase line command */ - case EC: /* received a telnet erase character command */ - case AYT: /* received a telnet Are-You-There command */ - case AO: /* received a telnet Abort Output command */ - case IP: /* received a telnet Interrupt Process command */ - case BREAK: /* received a telnet Break command */ - case DM: /* received a telnet Data Mark command */ - case NOP: /* received a telnet No Operation command */ - case SE: /* received a telnet Subnegotiation End command */ - case ABORT: /* received a telnet Abort Process command */ - case SUSP: /* received a telnet Suspend Process command */ - case xEOF: /* received a telnet EOF command */ -#ifdef NEGOTIATEDEBUG - wsprintf(buf,"RECV: %s\r\n", - telstates[con->telstate-TELCMD_FIRST]); - OutputDebugString(buf); -#endif - con->telstate=STNORM; - orig=++st; - break; - - case GA: /* telnet go ahead option*/ -#ifdef NEGOTIATEDEBUG - wsprintf(buf,"RECV: %s\r\n", - telstates[con->telstate-TELCMD_FIRST]); - OutputDebugString(buf); -#endif - con->telstate=STNORM; - orig=++st; - break; - - case DO: /* received a telnet DO negotiation */ -#ifdef NEGOTIATEDEBUG - wsprintf(buf,"RECV: %s %s\r\n", - telstates[con->telstate-TELCMD_FIRST],teloptions[*st]); - OutputDebugString(buf); -#endif - switch(*st) { -#ifdef NOT - case TELOPT_BINARY: /* DO: binary transmission */ - if(!tw->ibinary) { /* binary */ - if(!tw->iwantbinary) { - netprintf(tw->pnum,"%c%c%c", - IAC,WILL,BINARY); - if(tw->condebug>0) - tprintf(cv,"SEND: %s %s\r\n", - telstates[WILL - TELCMD_FIRST], - teloptions[BINARY]); - } /* end if */ - else - tw->iwantbinary=0; /* turn off this now */ - tw->ibinary=1; - } /* end if */ - else { - if(tw->condebug>0) - tprintf(cv,"NO REPLY NEEDED: %s %s\r\n", - telstates[WILL - TELCMD_FIRST], - teloptions[BINARY]); - } /* end else */ - break; -#endif - - case TELOPT_SGA: /* DO: Suppress go-ahead */ - if(!con->igoahead) { /* suppress go-ahead */ - wsprintf(buf,"%c%c%c",IAC,WILL,TELOPT_SGA); - TelnetSend(ks,buf,lstrlen(buf),0); -#ifdef NEGOTIATEDEBUG - wsprintf(strTmp,"SEND: %s %s\r\n", - telstates[WILL - TELCMD_FIRST], - teloptions[TELOPT_SGA]); - OutputDebugString(strTmp); - OutputDebugString("igoahead"); -#endif - con->igoahead=1; - } /* end if */ - else { -#ifdef NEGOTIATEDEBUG - wsprintf(strTmp, - "NO REPLY NEEDED: %s %s\r\n", - telstates[WILL - TELCMD_FIRST], - teloptions[TELOPT_SGA]); - OutputDebugString(strTmp); -#endif - } /* end else */ - break; - - case TELOPT_TTYPE: /* DO: terminal type negotiation */ - if(!con->termsent) { - con->termsent=TRUE; - wsprintf(buf,"%c%c%c",IAC,WILL,TELOPT_TTYPE); - TelnetSend(ks,buf,lstrlen(buf),0); -#ifdef NEGOTIATEDEBUG - wsprintf(strTmp,"SEND: %s %s\r\n", - telstates[WILL - TELCMD_FIRST], - teloptions[TELOPT_TTYPE]); - OutputDebugString(strTmp); -#endif - } /* end if */ - else { -#ifdef NEGOTIATEDEBUG - wsprintf(strTmp,"NO REPLY NEEDED: %s %s\r\n", - telstates[WILL - TELCMD_FIRST], - teloptions[TELOPT_TTYPE]); - OutputDebugString(strTmp); -#endif - } /* end else */ - break; - -#ifdef LATER - case TELOPT_LINEMODE: /* DO: linemode negotiation */ - tw->lmflag=1; /* set the linemode flag */ - netprintf(tw->pnum,"%c%c%c",IAC,WILL,TELOPT_LINEMODE); - /* - * Tell the other side to send us - * its default character set - */ - netprintf(tw->pnum,"%c%c%c%c", - IAC,SB,TELOPT_LINEMODE,SLC,0,SLC_DEFAULT,0,IAC,SE); - if(tw->condebug>0) { - tprintf(cv,"SEND: %s %s\r\n", - telstates[WILL - TELCMD_FIRST], - teloptions[TELOPT_LINEMODE]); - tprintf(cv, - "SEND: SB LINEMODE SLC 0 SLC_DEFAULT 0 IAC SE\r\n"); - } /* end if */ - break; -#endif - case TELOPT_NAWS: /* DO: Negotiate About Window Size */ - con->bResizeable=TRUE; - send_naws(con); - break; - - case TELOPT_AUTHENTICATION: /* DO: Authentication requested */ - wsprintf(buf, "%c%c%c", IAC, WILL, TELOPT_AUTHENTICATION); - TelnetSend(ks, buf, lstrlen(buf), 0); -#ifdef NEGOTIATEDEBUG - wsprintf(strTmp,"SEND: %s %s\r\n", - telstates[WILL - TELCMD_FIRST], - teloptions[TELOPT_AUTHENTICATION]); - OutputDebugString(strTmp); -#endif - break; - -#ifdef ENCRYPTION - case TELOPT_ENCRYPT: /* DO: Remote is willing to receive encrypted */ - wsprintf(buf, "%c%c%c", IAC, - (encrypt_flag ? WILL : WONT), TELOPT_ENCRYPT); - TelnetSend(ks, buf, lstrlen(buf), 0); -#ifdef NEGOTIATEDEBUG - wsprintf(strTmp,"SEND: %s %s\r\n", - telstates[(encrypt_flag ? WILL : WONT) - - TELCMD_FIRST], - teloptions[TELOPT_ENCRYPT]); - OutputDebugString(strTmp); -#endif - break; -#endif /* ENCRYPTION */ - - default: /* DO: */ - wsprintf(buf, "%c%c%c", IAC, WONT, *st); - TelnetSend(ks, buf, lstrlen(buf), 0); -#ifdef NEGOTIATEDEBUG - wsprintf(strTmp,"SEND: %s %s\r\n", - telstates[WONT - TELCMD_FIRST], teloptions[*st]); - OutputDebugString(strTmp); -#endif - break; - - } /* end switch */ - con->telstate = STNORM; - orig = ++st; - break; - - case DONT: /* Received a telnet DONT option */ - switch (*st) { - case TELOPT_NAWS: - con->bResizeable=FALSE; -#ifdef NEGOTIATEDEBUG - wsprintf(strTmp,"RECV: %s %s\r\n", - telstates[con->telstate-TELCMD_FIRST],teloptions[*st]); - OutputDebugString(strTmp); -#endif - break; - -#ifdef NOT - case BINARY: /* DONT: check for binary neg. */ - if(tw->ibinary) { /* binary */ - if(!tw->iwantbinary) { - netprintf(tw->pnum,"%c%c%c",IAC,WONT,BINARY); - if(tw->condebug>0) - tprintf(cv,"SEND: %s %s\r\n", - telstates[WONT-TELCMD_FIRST], - teloptions[BINARY]); - } /* end if */ - else - tw->iwantbinary=0; /* turn off this now */ - tw->ibinary=0; - tw->mapoutput=0; /* turn output mapping off */ - } /* end if */ -#ifdef NEGOTIATEDEBUG - wsprintf(strTmp,"NO REPLY NEEDED: %s %s\r\n", - telstates[WONT-TELCMD_FIRST], - teloptions[BINARY]); - OutputDebugString(strTmp); -#endif - break; -#endif -#ifdef ENCRYPTION - case ENCRYPTION: - break; -#endif - } - - /* all these just fall through to here... */ - - con->telstate=STNORM; - orig=++st; - break; - - case WILL: /* received a telnet WILL option */ -#ifdef NEGOTIATEDEBUG - wsprintf(strTmp,"RECV: %s %s\r\n", - telstates[con->telstate-TELCMD_FIRST], - teloptions[*st]); - OutputDebugString(strTmp); -#endif - switch(*st) { -#ifdef NOT - case TELOPT_BINARY: /* WILL: binary */ - if(!tw->ubinary) { /* binary */ - if(!tw->uwantbinary) { - netprintf(tw->pnum,"%c%c%c", - IAC,DO,TELOPT_BINARY); - if(tw->condebug>0) - tprintf(cv,"SEND: %s %s\r\n", - telstates[DO - TELCMD_FIRST], - teloptions[TELOPT_BINARY]); - } /* end if */ - else - tw->uwantbinary=0; /* turn off this now */ - tw->ubinary=1; - } /* end if */ - else { - if(tw->condebug>0) - tprintf(cv,"NO REPLY NEEDED: %s %s\r\n", - telstates[DO - TELCMD_FIRST], - teloptions[TELOPT_BINARY]); - } /* end else */ - break; -#endif - - case TELOPT_SGA: /* WILL: suppress go-ahead */ - if(!con->ugoahead) { - con->ugoahead=1; - wsprintf(buf,"%c%c%c",IAC,DO,TELOPT_SGA); /* ack */ - TelnetSend(ks,buf,lstrlen(buf),0); -#ifdef NEGOTIATEDEBUG - wsprintf(strTmp,"SEND: %s %s\r\n", - telstates[DO - TELCMD_FIRST], - teloptions[TELOPT_SGA]); - OutputDebugString(strTmp); -#endif - } /* end if */ - break; - - case TELOPT_ECHO: /* WILL: echo */ - if(!con->echo) { - con->echo = 1; - wsprintf(buf, "%c%c%c", IAC, DO, TELOPT_ECHO); /* ack */ - TelnetSend(ks, buf, lstrlen(buf), 0); -#ifdef NEGOTIATEDEBUG - wsprintf(strTmp,"SEND: %s %s\r\n", - telstates[DO - TELCMD_FIRST], - teloptions[TELOPT_ECHO]); - OutputDebugString(strTmp); -#endif - } /* end if */ - break; - - case TELOPT_TM: /* WILL: Timing mark */ - con->timing=0; - break; -#ifdef ENCRYPTION - case TELOPT_ENCRYPT: /* WILL: decrypt our input */ - wsprintf(buf, "%c%c%c", IAC, - (encrypt_flag ? DO : DONT), TELOPT_ENCRYPT); - TelnetSend(ks, buf, lstrlen(buf), 0); - if (encrypt_flag) - encrypt_send_support(); - -#ifdef NEGOTIATEDEBUG - wsprintf(strTmp,"SEND: %s %s\r\n", - telstates[(encrypt_flag ? DO : DONT) - TELCMD_FIRST], - teloptions[TELOPT_ENCRYPT]); - OutputDebugString(strTmp); -#endif - break; -#endif - - default: - wsprintf(buf,"%c%c%c",IAC,DONT,*st); - TelnetSend(ks,buf,lstrlen(buf),0); -#ifdef NEGOTIATEDEBUG - wsprintf(strTmp,"SEND: %s %s\r\n", - telstates[DONT-TELCMD_FIRST],teloptions[*st]); - OutputDebugString(strTmp); -#endif - break; - } /* end switch */ - con->telstate=STNORM; - orig=++st; - break; - - case WONT: /* Received a telnet WONT option */ -#ifdef NEGOTIATEDEBUG - wsprintf(strTmp,"RECV: %s %s\r\n", - telstates[con->telstate-TELCMD_FIRST],teloptions[*st]); - OutputDebugString((LPSTR)strTmp); -#endif - con->telstate=STNORM; - switch(*st++) { /* which option? */ -#ifdef NOT - case BINARY: /* WONT: binary */ - if(tw->ubinary) { /* binary */ - if(!tw->uwantbinary) { - netprintf(tw->pnum,"%c%c%c", - IAC,DONT,BINARY); - if(tw->condebug>0) - tprintf(cv,"SEND: %s %s\r\n", - telstates[DONT-TELCMD_FIRST], - teloptions[BINARY]); - } /* end if */ - else - tw->uwantbinary=0; /* turn off this now */ - tw->ubinary=0; - tw->mapoutput=0; /* turn output mapping off */ - } /* end if */ - else { - if(tw->condebug>0) - tprintf(cv,"NO REPLY NEEDED: %s %s\r\n", - telstates[DONT-TELCMD_FIRST], - teloptions[BINARY]); - } /* end else */ - break; - -#endif - case TELOPT_ECHO: /* WONT: echo */ - if(con->echo) { - con->echo=0; - wsprintf(buf,"%c%c%c",IAC,DONT,TELOPT_ECHO); - TelnetSend(ks,buf,lstrlen(buf),0); -#ifdef NEGOTIATEDEBUG - wsprintf(strTmp,"SEND: %s %s\r\n", - telstates[DONT-TELCMD_FIRST], - teloptions[TELOPT_ECHO]); - OutputDebugString(strTmp); - OutputDebugString("Other side won't echo!"); -#endif - } /* end if */ - break; - - case TELOPT_TM: /* WONT: Telnet timing mark option */ - con->timing=0; - break; - -#ifdef ENCRYPTION - case TELOPT_ENCRYPT: /* WONT: don't encrypt our input */ - break; -#endif - - default: - break; - } /* end switch */ - orig=st; - break; - - case SB: /* telnet sub-options negotiation */ - con->telstate=NEGOTIATE; - orig=st; - end_sub=0; - sub_pos=con->substate=0; /* Defined for each */ -#ifdef OLD_WAY - break; -#endif - - case NEGOTIATE: - /* until we change sub-negotiation states, accumulate bytes */ - if(con->substate==0) { - if(*st==IAC) { /* check if we found an IAC byte */ - if(*(st+1)==IAC) { /* skip over double IAC's */ - st++; - parsedat[sub_pos++]=*st++; - } /* end if */ - else { - end_sub=sub_pos; - con->substate=*st++; - } /* end else */ - } /* end if */ - else /* otherwise, just stash the byte */ - parsedat[sub_pos++]=*st++; - } /* end if */ - else { - con->substate=*st++; - /* check if we've really ended the sub-negotiations */ - if(con->substate==SE) - parse_subnegotiat(ks,end_sub); - - orig=st; - /* - * XXX hack to decrypt the rest of the buffer - */ - if (encrypt_flag == 2) { - decrypt_ks_hack(orig, mark - orig); - encrypt_flag = 1; - } - - con->telstate=STNORM; - } /* end else */ - break; - - default: - con->telstate=STNORM; - break; - } /* end switch */ - } /* end while */ - - /* - * quick scan of the remaining string, skip chars while they are - * uninteresting - */ - if(con->telstate==STNORM && stubinary) - *st&=127; /* mask off high bit */ -#endif - st++; - } /* end while */ -#if 0 - if(!tw->timing) - parsewrite(tw,orig,st-orig); -#endif - orig=st; /* forget what we have sent already */ - if(sttelstate=IACFOUND; - st++; - break; - - default: -#ifdef NEGOTIATEDEBUG - wsprintf(buf," strange char>128 0x%x\r\n", *st); - OutputDebugString(buf); -#endif - st++; - break; - } /* end switch */ - } /* end if */ - } /* end while */ -} /* end parse() */ - -/* - * Function : parse_subnegotiat() - * Purpose : Parse the telnet sub-negotiations read into the parsedat - * array. - * Parameters : - * end_sub - index of the character in the 'parsedat' array which - * is the last byte in a sub-negotiation - * Returns : none - * Calls : - * Called by : parse() - */ -static void -parse_subnegotiat(kstream ks, int end_sub) -{ - char buf[128]; - - switch(parsedat[0]) { - case TELOPT_TTYPE: - if(parsedat[1]==1) { - /* QAK!!! */ wsprintf(buf,"%c%c%c%cvt100%c%c",IAC,SB,TELOPT_TTYPE, - 0,IAC,SE); - TelnetSend(ks,(LPSTR)buf,11,0); -#ifdef NEGOTIATEDEBUG - wsprintf(strTmp,"SB TERMINAL-TYPE SEND\r\n" - "SEND: SB TERMINAL-TYPE IS vt100 \r\n len=%d \r\n", - lstrlen((LPSTR)buf)); - OutputDebugString(strTmp); -#endif - } - break; - - case TELOPT_AUTHENTICATION: - auth_parse(ks, parsedat, end_sub); - break; -#ifdef ENCRYPTION - case TELOPT_ENCRYPT: - if (encrypt_flag) - encrypt_parse(ks, parsedat, end_sub); - break; -#endif - default: - break; - } /* end switch */ -} /* parse_subnegotiat */ - - -/* - * Function : send_naws - * Purpose : Send a window size sub-negotiation. - * Parameters : - * ks - the kstream to send to. - * Returns : none - */ -void -send_naws(CONNECTION *con) -{ - unsigned char buf[40]; - int len; - - wsprintf(buf, "%c%c%c", IAC, SB, TELOPT_NAWS); - len = 3; - - buf[len++] = HIBYTE(con->width); - if (buf[len-1] == IAC) buf[len++] = IAC; - - buf[len++] = LOBYTE(con->width); - if (buf[len-1] == IAC) buf[len++] = IAC; - - buf[len++] = HIBYTE(con->height); - if (buf[len-1] == IAC) buf[len++] = IAC; - - buf[len++] = LOBYTE(con->height); - if (buf[len-1] == IAC) buf[len++] = IAC; - - buf[len++] = IAC; - buf[len++] = SE; - - TelnetSend(con->ks, buf, len, 0); - -#ifdef NEGOTIATEDEBUG - wsprintf(buf, "SEND: SB NAWS %d %d %d %d IAC SE\r\n", - HIBYTE(con->width), LOBYTE(con->width), - HIBYTE(con->height), LOBYTE(con->height)); - OutputDebugString(buf); -#endif - -} /* send_naws */ diff -Nru krb5-1.16.2/src/windows/wintel/resource.h krb5-1.17/src/windows/wintel/resource.h --- krb5-1.16.2/src/windows/wintel/resource.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/wintel/resource.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,17 +0,0 @@ -//{{NO_DEPENDENCIES}} -// Microsoft Developer Studio generated include file. -// Used by telnet.rc -// -#define IDD_DIALOG1 101 -#define IDC_STATIC -1 - -// Next default values for new objects -// -#ifdef APSTUDIO_INVOKED -#ifndef APSTUDIO_READONLY_SYMBOLS -#define _APS_NEXT_RESOURCE_VALUE 103 -#define _APS_NEXT_COMMAND_VALUE 40005 -#define _APS_NEXT_CONTROL_VALUE 1002 -#define _APS_NEXT_SYMED_VALUE 101 -#endif -#endif diff -Nru krb5-1.16.2/src/windows/wintel/screen.c krb5-1.17/src/windows/wintel/screen.c --- krb5-1.16.2/src/windows/wintel/screen.c 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/wintel/screen.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,1147 +0,0 @@ -/* screen.c */ - -#include -#include -#include -#include -#include -#include "telnet.h" -#include "ini.h" -#include "auth.h" - -extern char *encrypt_output; /* XXX hack... I wonder if this will work. These are */ -extern char *decrypt_input; /* XXX really functions... */ - -extern char *cInvertedArray; -extern int bMouseDown; -extern int bSelection; - -static SCREEN *ScreenList; -static HINSTANCE hInst; -static char szScreenClass[] = "ScreenWClass"; -static char szScreenMenu[] = "ScreenMenu"; -static char cursor_key[8][4] = { /* Send for cursor keys */ - "\x1B[D", "\x1B[A", "\x1B[C", "\x1B[B", /* Normal mode */ - "\x1BOD", "\x1BOA", "\x1BOC", "\x1BOB", /* Numpad on mode */ -}; - -void -ScreenInit(HINSTANCE hInstance) -{ - BOOL b; - WNDCLASS wc; - - hInst = hInstance; - - ScreenList = NULL; - - wc.style = CS_HREDRAW | CS_VREDRAW | CS_DBLCLKS; /* Class style(s) */ - wc.lpfnWndProc = ScreenWndProc; - wc.cbClsExtra = 0; - wc.cbWndExtra = sizeof(long); - wc.hInstance = hInstance; - wc.hIcon = LoadIcon(hInstance, "TERMINAL"); - wc.hCursor = LoadCursor(NULL, IDC_IBEAM); - wc.hbrBackground = GetStockObject(WHITE_BRUSH); - wc.lpszMenuName = szScreenMenu; - wc.lpszClassName = szScreenClass; - - b = RegisterClass(&wc); - assert(b); -} - - -void -SetScreenInstance(HINSTANCE hInstance) -{ - hInst = hInstance; -} - -int -GetNewScreen(void) -{ - SCREEN *pScr; - static int id = 0; - - pScr = (SCREEN *) calloc(sizeof(SCREEN), 1); - if (pScr == NULL) - return(-1); - - if (ScreenList == NULL) { - pScr->next = NULL; - pScr->prev = NULL; - } - else { - if (ScreenList->next == NULL) { - ScreenList->next = ScreenList; - ScreenList->prev = ScreenList; - } - pScr->next = ScreenList; - pScr->prev = ScreenList->prev; - ScreenList->prev->next = pScr; - ScreenList->prev = pScr; - } - - ScreenList = pScr; - return(id++); -} - -SCREENLINE * -ScreenNewLine(void) -{ - SCREENLINE *pScrLine; - - pScrLine = calloc(sizeof(SCREENLINE) + 2*MAX_LINE_WIDTH, 1); - if (pScrLine == NULL) - return (NULL); - pScrLine->text = &pScrLine->buffer[0]; - pScrLine->attrib = &pScrLine->buffer[MAX_LINE_WIDTH]; - return(pScrLine); -} - -static void -MakeWindowTitle(char *host, int width, int height, char *title, int nchars) -{ - char buf[128]; - int hlen; - - hlen = strlen(host); - - title[0] = 0; - - if (hlen + 1 > nchars) - return; - - strcpy(title, host); - - wsprintf(buf, " (%dh x %dw)", height, width); - - if ((int) strlen(buf) + hlen + 1 > nchars) - return; - - strcat(title, buf); -} - - -SCREEN * -InitNewScreen(CONFIG *Config) -{ - TEXTMETRIC tm; - HMENU hMenu = NULL; - SCREEN *scr = NULL; - SCREENLINE *pScrLine; - SCREENLINE *pScrLineLast; - int id; - int idx = 0; - char title[128]; - HDC hDC; - HFONT hFont; - - id = GetNewScreen(); - if (id == -1) - return(0); - - scr = ScreenList; - assert(scr != NULL); - - hMenu = LoadMenu(hInst, szScreenMenu); - assert(hMenu != NULL); - - scr->title = Config->title; - MakeWindowTitle(Config->title, Config->width, Config->height, - title, sizeof(title)); - - scr->hwndTel = Config->hwndTel; /* save HWND of calling window */ - - if (Config->backspace) { - CheckMenuItem(hMenu, IDM_BACKSPACE, MF_CHECKED); - CheckMenuItem(hMenu, IDM_DELETE, MF_UNCHECKED); - } else { - CheckMenuItem(hMenu, IDM_BACKSPACE, MF_UNCHECKED); - CheckMenuItem(hMenu, IDM_DELETE, MF_CHECKED); - } - - hDC = GetDC(NULL); - assert(hDC != NULL); - - scr->lf.lfPitchAndFamily = FIXED_PITCH; - GetPrivateProfileString(INI_FONT, "FaceName", "Courier", scr->lf. - lfFaceName, LF_FACESIZE, TELNET_INI); - scr->lf.lfHeight = (int) GetPrivateProfileInt(INI_FONT, "Height", 0, TELNET_INI); - scr->lf.lfWidth = (int) GetPrivateProfileInt(INI_FONT, "Width", 0, TELNET_INI); - scr->lf.lfPitchAndFamily = (BYTE) GetPrivateProfileInt(INI_FONT, "PitchAndFamily", 0, TELNET_INI); - scr->lf.lfCharSet = (BYTE) GetPrivateProfileInt(INI_FONT, "CharSet", 0, TELNET_INI); - scr->lf.lfEscapement = (BYTE) GetPrivateProfileInt(INI_FONT, "Escapement", 0, TELNET_INI); - scr->lf.lfQuality = PROOF_QUALITY; - scr->hSelectedFont = CreateFontIndirect((LPLOGFONT) &(scr->lf)); - hFont = SelectObject(hDC, scr->hSelectedFont); - GetTextMetrics(hDC, (LPTEXTMETRIC) &tm); - SelectObject(hDC, hFont); - scr->cxChar = tm.tmAveCharWidth; - scr->cyChar = tm.tmHeight + tm.tmExternalLeading; - - ReleaseDC(NULL, hDC); - - scr->width = Config->width; - scr->height = Config->height; - scr->ID = id; - scr->x = 0; - scr->y = 0; - scr->Oldx = 0; - scr->Oldy = 0; - scr->attrib = 0; - scr->DECAWM = 1; - scr->bWrapPending = FALSE; - scr->top = 0; - scr->bottom = scr->height-1; - scr->parmptr = 0; - scr->escflg = 0; - scr->bAlert = FALSE; - scr->numlines = 0; - scr->maxlines = 150; - - cInvertedArray = calloc(scr->width * scr->height, 1); - - pScrLineLast = ScreenNewLine(); - if (pScrLineLast == NULL) - return(NULL); - scr->screen_top = scr->buffer_top = pScrLineLast; - - for (idx = 0; idx < scr->height - 1; idx++) { - pScrLine = ScreenNewLine(); - if (pScrLine == NULL) - return(NULL); - pScrLine->prev = pScrLineLast; - pScrLineLast->next = pScrLine; - pScrLineLast = pScrLine; - } - - scr->screen_bottom = scr->buffer_bottom = pScrLine; - - scr->hWnd = CreateWindow(szScreenClass, title, WS_OVERLAPPEDWINDOW | WS_VSCROLL, - CW_USEDEFAULT, CW_USEDEFAULT, - scr->cxChar * scr->width + FRAME_WIDTH, - scr->cyChar * scr->height + FRAME_HEIGHT, - NULL, hMenu, hInst, scr); - assert(scr->hWnd != NULL); - - ShowWindow(scr->hWnd, SW_SHOW); - - CreateCaret(scr->hWnd, NULL, scr->cxChar, 2); - SetCaretPos(scr->x*scr->cxChar, (scr->y+1) * scr->cyChar); - ShowCaret(scr->hWnd); - - return(ScreenList); -} - - -void DeleteTopLine( - SCREEN *pScr) -{ - assert(pScr->buffer_top != NULL); - - pScr->buffer_top = pScr->buffer_top->next; - assert(pScr->buffer_top != NULL); - - free(pScr->buffer_top->prev); - pScr->buffer_top->prev = NULL; - - pScr->numlines--; - -} /* DeleteTopLine */ - - -static void SetScreenScrollBar( - SCREEN *pScr) -{ - if (pScr->numlines <= 0) { - SetScrollRange(pScr->hWnd, SB_VERT, 0, 100, FALSE); - SetScrollPos(pScr->hWnd, SB_VERT, 0, TRUE); - EnableScrollBar(pScr->hWnd, SB_VERT, ESB_DISABLE_BOTH); - } - else { - SetScrollRange(pScr->hWnd, SB_VERT, 0, pScr->numlines, FALSE); - SetScrollPos(pScr->hWnd, SB_VERT, pScr->numlines, TRUE); - EnableScrollBar(pScr->hWnd, SB_VERT, ESB_ENABLE_BOTH); - } - -} /* SetScreenScrollBar */ - - -int ScreenScroll( - SCREEN *pScr) -{ - SCREENLINE *pScrLine; - SCREENLINE *pPrev; - SCREENLINE *pNext; - SCREENLINE *pScrollTop; - SCREENLINE *pScrollBottom; - BOOL bFullScreen = TRUE; - HDC hDC; - RECT rc; - - Edit_ClearSelection(pScr); - - pScrollTop = GetScreenLineFromY(pScr, pScr->top); - - pScrollBottom = GetScreenLineFromY(pScr, pScr->bottom); - - if (pScrollTop != pScr->screen_top) { - bFullScreen = FALSE; - rc.left = 0; - rc.right = pScr->cxChar * pScr->width; - rc.top = pScr->cyChar * (pScr->top); - rc.bottom = pScr->cyChar * (pScr->bottom+1); - - pNext = pScrollTop->next; - pPrev = pScrollTop->prev; - - pPrev->next = pNext; - pNext->prev = pPrev; - - pScrLine = pScrollTop; - ScreenClearLine(pScr, pScrLine); - } - else { - pScr->numlines++; - pScrLine = ScreenNewLine(); - if (pScrLine == NULL) - return(0); - pScr->screen_top = pScrollTop->next; - } - - if (pScrLine == NULL) - return(0); - - pNext = pScrollBottom->next; - pScrollBottom->next = pScrLine; - pScrLine->next = pNext; - pScrLine->prev = pScrollBottom; - if (pNext != NULL) - pNext->prev = pScrLine; - - if (pScrollBottom != pScr->screen_bottom) { - bFullScreen = FALSE; - rc.left = 0; - rc.right = pScr->cxChar * pScr->width; - rc.top = pScr->cyChar * pScr->top; - rc.bottom = pScr->cyChar * (pScr->bottom+1); - } - else { - if (pScr->screen_bottom == pScr->buffer_bottom) - pScr->buffer_bottom = pScrLine; - pScr->screen_bottom = pScrLine; - } - -#if 0 - CheckScreen(fpScr); -#endif - - pScr->y++; - - if (pScr->y > pScr->bottom) - pScr->y = pScr->bottom; - - hDC = GetDC(pScr->hWnd); - assert(hDC != NULL); - - if (bFullScreen) - ScrollDC(hDC, 0, -pScr->cyChar, NULL, NULL, NULL, NULL); - else - ScrollDC(hDC, 0, -pScr->cyChar, &rc, &rc, NULL, NULL); - - PatBlt(hDC, 0, pScr->bottom * pScr->cyChar, - pScr->width * pScr->cxChar, pScr->cyChar, WHITENESS); - - ReleaseDC(pScr->hWnd, hDC); - - if (pScr->numlines == pScr->maxlines) - DeleteTopLine(pScr); - else - SetScreenScrollBar(pScr); - - return(1); - -} /* ScreenScroll */ - - -int DrawTextScreen( - RECT rcInvalid, - SCREEN *pScr, - HDC hDC) -{ - SCREENLINE *pScrLineTmp; - SCREENLINE *pScrLine; - int x = 0; - int y = 0; - int left = 0; - int right = 0; - int i; - int len; - char attrib; -#define YPOS (y*pScr->cyChar) - - pScrLine = pScr->screen_top; - - for (y = 0; y < pScr->height; y++) { - if (!pScrLine) - continue; - - if (YPOS >= rcInvalid.top - pScr->cyChar && - YPOS <= rcInvalid.bottom + pScr->cyChar) { - - if (y < 0) - y = 0; - - if (y >= pScr->height) - y = pScr->height - 1; - - left = (rcInvalid.left / pScr->cxChar) - 1; - - right = (rcInvalid.right / pScr->cxChar) + 1; - - if (left < 0) - left = 0; - - if (right > pScr->width - 1) - right = pScr->width - 1; - - x = left; - - while (x <= right) { - if (!pScrLine->text[x]) { - x++; - continue; - } - - if (SCR_isrev(pScrLine->attrib[x])) { - SelectObject(hDC, pScr->hSelectedFont); - SetTextColor(hDC, RGB(255, 255, 255)); - SetBkColor(hDC, RGB(0, 0, 0)); - } - else if (SCR_isblnk(pScrLine->attrib[x])) { - SelectObject(hDC, pScr->hSelectedFont); - SetTextColor(hDC, RGB(255, 0, 0)); - SetBkColor(hDC, RGB(255, 255, 255)); - } - else if (SCR_isundl(pScrLine->attrib[x])) { - SetTextColor(hDC, RGB(255, 0, 0)); - SetBkColor(hDC, RGB(255, 255, 255)); - SelectObject(hDC, pScr->hSelectedULFont); - } - else { - SelectObject(hDC,pScr->hSelectedFont); - SetTextColor(hDC, RGB(0, 0, 0)); - SetBkColor(hDC, RGB(255, 255, 255)); - } - - len = 1; - attrib = pScrLine->attrib[x]; - for (i = x + 1; i <= right; i++) { - if (pScrLine->attrib[i] != attrib || !pScrLine->text[i]) - break; - len++; - } - - TextOut(hDC, x*pScr->cxChar, y*pScr->cyChar, &pScrLine->text[x], len); - x += len; - } - } - pScrLineTmp = pScrLine->next; - pScrLine = pScrLineTmp; - } - - return(0); - -} /* DrawTextScreen */ - - -static BOOL SetInternalScreenSize( - SCREEN *pScr, - int width, - int height) -{ - RECT rc; - char *p; - int idx; - int n; - int newlines; - SCREENLINE *pNewLine; - SCREENLINE *pTopLine; - SCREENLINE *pBottomLine; -#if 0 - int col; - int row; - int dydestbottom; -#endif - - GetClientRect(pScr->hWnd, &rc); - - width = (rc.right - rc.left) / pScr->cxChar; - height = (rc.bottom - rc.top) / pScr->cyChar; - - if (pScr->height == height && pScr->width == width) - return(FALSE); - - pScr->Oldx = 0; - pScr->Oldy = 0; - pScr->attrib = 0; - - /* - Reallocate the inverted array of bytes and copy the values - from the old screen to the new screen. - */ - p = calloc(width * height, 1); - - ScreenCursorOff(pScr); - -#if 0 /* Copy inversion array to desitination */ - for (col = 0; col < width; col++) { - for (row = 0; row < height; row++) { - dydestbottom = height - 1 - row; - if (col < pScr->width && dydestbottom < pScr->height - 1) - p[row * width + col] = - cInvertedArray[(pScr->height - 1 - dydestbottom) * pScr->width + col]; - } - } -#endif - - free(cInvertedArray); - cInvertedArray = p; - - /* - Append any new lines which need to be added to accomodate the new - screen size. - */ - pBottomLine = pScr->buffer_bottom; - newlines = height - (pScr->height + pScr->numlines); - - if (newlines > 0) { - pScr->y += pScr->numlines; - pScr->numlines = 0; - - for (idx = 0; idx < newlines; idx++) { - pNewLine = ScreenNewLine(); - if (pNewLine == NULL) - return(FALSE); - pNewLine->prev = pBottomLine; - if (pBottomLine == NULL) - return(FALSE); - pBottomLine->next = pNewLine; - pBottomLine = pNewLine; - } - } - - /* - If we already have plenty of lines, then we need to get rid of the - scrollback lines, if too many exist. The cursor should end up - the same distance from the bottom of the screen as is started out - in this instance. - */ - if (newlines < 0) { - pScr->y = (height - 1) - (pScr->bottom - pScr->y); - if (pScr->y < 0) - pScr->y = 0; - pScr->numlines = -newlines; - n = pScr->numlines - pScr->maxlines; - for (idx = 0; idx < n; idx++) - DeleteTopLine(pScr); - } - - /* - Calculate the position of the buffer relative to the screen. - */ - pScr->screen_bottom = pBottomLine; - pScr->buffer_bottom = pBottomLine; - - pTopLine = pBottomLine; - - for (idx = 1; idx < height; idx++) { - pTopLine = pTopLine->prev; - } - - pScr->screen_top = pTopLine; - pScr->width = width; - pScr->height = height; - pScr->top = 0; - pScr->bottom = height - 1; - - if (pScr->x >= width) - pScr->x = width - 1; - - if (pScr->y >= height) - pScr->y = height - 1; - - SetScreenScrollBar(pScr); - ScreenCursorOn(pScr); - return(TRUE); - -} /* SetInternalScreenSize */ - - -static int ScreenAdjustUp( - SCREEN *pScr, - int n) -{ - int idx; - SCREENLINE *pLine1; - SCREENLINE *pLine2; - - for (idx = 0; idx < n; idx++) { - if (pScr->screen_top == pScr->buffer_top) - return(-idx); - pLine1 = pScr->screen_top->prev; - if (pLine1 == NULL) - return(-idx); - pLine2 = pScr->screen_bottom->prev; - if (pLine2 == NULL) - return(-idx); - pScr->screen_top = pLine1; - pScr->screen_bottom = pLine2; - } - - return(idx); - -} /* ScreenAdjustUp */ - - -static int ScreenAdjustDown( - SCREEN *pScr, - int n) -{ - int idx; - SCREENLINE *pLine1; - SCREENLINE *pLine2; - - for (idx = 0; idx < n; idx++) { - if (pScr->screen_bottom == pScr->buffer_bottom) - return(-idx); - pLine1 = pScr->screen_top->next; - if (pLine1 == NULL) - return(-idx); - pLine2 = pScr->screen_bottom->next; - if (pLine2 == NULL) - return(-idx); - pScr->screen_top = pLine1; - pScr->screen_bottom = pLine2; - } - - return(idx); - -} /* ScreenAdjustDown */ - - -long PASCAL ScreenWndProc( - HWND hWnd, - UINT message, - WPARAM wParam, - LPARAM lParam) -{ - MINMAXINFO *lpmmi; - SCREEN *pScr; - HMENU hMenu; - PAINTSTRUCT ps; - int x = 0; - int y = 0; - int ScrollPos; - int tmpScroll = 0; - int idx; - HDC hDC; - RECT rc; - char title[128]; - static int bDoubleClick = FALSE; - - switch (message) { - - case WM_COMMAND: - pScr = (SCREEN *) GetWindowLong(hWnd, SCREEN_HANDLE); - assert (pScr != NULL); - - switch (wParam) { - - case IDM_EXIT: - if (MessageBox(hWnd, "Terminate this connection?", "Telnet", MB_OKCANCEL) == IDOK) { - pScr = (SCREEN *) GetWindowLong(hWnd, SCREEN_HANDLE); - assert (pScr != NULL); - SendMessage(pScr->hwndTel, WM_MYSCREENCLOSE, 0, (LPARAM) pScr); - } - break; - - case IDM_BACKSPACE: - hMenu = GetMenu(hWnd); - CheckMenuItem(hMenu, IDM_BACKSPACE, MF_CHECKED); - CheckMenuItem(hMenu, IDM_DELETE, MF_UNCHECKED); - SendMessage(pScr->hwndTel, WM_MYSCREENCHANGEBKSP, VK_BACK, (LPARAM) pScr); - break; - - case IDM_DELETE: - hMenu = GetMenu(hWnd); - CheckMenuItem(hMenu, IDM_BACKSPACE, MF_UNCHECKED); - CheckMenuItem(hMenu, IDM_DELETE, MF_CHECKED); - SendMessage(pScr->hwndTel, WM_MYSCREENCHANGEBKSP, 0x7f, (LPARAM) pScr); - break; - - case IDM_FONT: - ScreenCursorOff(pScr); - ProcessFontChange(hWnd); - ScreenCursorOn(pScr); - break; - - case IDM_COPY: - Edit_Copy(hWnd); - hMenu=GetMenu(hWnd); - Edit_ClearSelection(pScr); - break; - - case IDM_PASTE: - Edit_Paste(hWnd); - break; - - case IDM_HELP_INDEX: - WinHelp(hWnd, HELP_FILE, HELP_INDEX, 0); - break; - - case IDM_ABOUT: -#ifdef CYGNUS -#ifdef KRB4 - strcpy(strTmp, " Kerberos 4 for Windows\n"); -#endif -#ifdef KRB5 - strcpy(strTmp, " KerbNet for Windows\n"); -#endif - strcat(strTmp, "\n Version 1.00\n\n"); - strcat(strTmp, " For support, contact:\n"); - strcat(strTmp, " Cygnus Support - (415) 903-1400\n"); -#else /* CYGNUS */ - strcpy(strTmp, " Kerberos 5 Telnet for Windows\n"); - strcat(strTmp, " ALPHA SNAPSHOT 2\n\n"); -#endif /* CYGNUS */ - if (encrypt_flag) { - strcat(strTmp, "\n[Encryption of output requested. State: "); - strcat(strTmp, (encrypt_output ? "encrypting]" : "INACTIVE]")); - strcat(strTmp, "\n[Decryption of input requested. State: "); - strcat(strTmp, (decrypt_input ? "decrypting]\n" : "INACTIVE]\n")); - } - MessageBox(NULL, strTmp, "Kerberos", MB_OK); - break; - -#if defined(DEBUG) - case IDM_DEBUG: - CheckScreen(pScr); - break; -#endif - } - - break; - - case WM_NCCREATE: - pScr = (SCREEN *) ((LPCREATESTRUCT) lParam)->lpCreateParams; - pScr->hWnd = hWnd; - SetWindowLong(hWnd, SCREEN_HANDLE, (LONG) pScr); - SetScrollRange(hWnd, SB_VERT, 0, 100, FALSE); - SetScrollPos(hWnd, SB_VERT, 0, TRUE); - EnableScrollBar(hWnd, SB_VERT, ESB_DISABLE_BOTH); - return(TRUE); - - case WM_VSCROLL: - pScr = (SCREEN *) GetWindowLong(hWnd, SCREEN_HANDLE); - assert (pScr != NULL); - - ScreenCursorOff(pScr); - - switch(wParam) { - - case SB_LINEDOWN: - if (ScreenAdjustDown(pScr, 1) <= 0) - break; - hDC = GetDC(hWnd); - assert(hDC != NULL); - rc.left = 0; - rc.right = pScr->cxChar * pScr->width; - rc.top = 0; - rc.bottom = pScr->cyChar * (pScr->bottom + 1); - ScrollDC(hDC, 0, -pScr->cyChar, &rc, &rc, NULL, NULL); - ReleaseDC(hWnd, hDC); - rc.top = pScr->cyChar * pScr->bottom; - InvalidateRect(hWnd, &rc, TRUE); - ScrollPos = GetScrollPos(hWnd, SB_VERT); - SetScrollPos(hWnd, SB_VERT, ScrollPos + 1, TRUE); - UpdateWindow(hWnd); - break; - - case SB_LINEUP: - if (ScreenAdjustUp(pScr, 1) <= 0) - break; - hDC = GetDC(hWnd); - assert(hDC != NULL); - rc.left = 0; - rc.right = pScr->cxChar * pScr->width; - rc.top = 0; - rc.bottom = pScr->cyChar * (pScr->bottom + 1); - ScrollDC(hDC, 0, pScr->cyChar, &rc, &rc, NULL, NULL); - ReleaseDC(hWnd, hDC); - rc.bottom = pScr->cyChar; - InvalidateRect(hWnd, &rc, TRUE); - ScrollPos = GetScrollPos(pScr->hWnd, SB_VERT); - SetScrollPos(hWnd,SB_VERT, ScrollPos - 1, TRUE); - UpdateWindow(hWnd); - break; - - case SB_PAGEDOWN: - idx = abs(ScreenAdjustDown(pScr, pScr->height)); - hDC = GetDC(hWnd); - assert(hDC != NULL); - rc.left = 0; - rc.right = pScr->cxChar * pScr->width; - rc.top = 0; - rc.bottom = pScr->cyChar * (pScr->bottom+1); - ScrollDC(hDC, 0, -idx * pScr->cyChar, &rc, &rc, NULL, NULL); - ReleaseDC(hWnd, hDC); - rc.top = pScr->cyChar * (pScr->bottom - idx + 1); - InvalidateRect(hWnd, &rc, TRUE); - ScrollPos=GetScrollPos(hWnd, SB_VERT); - SetScrollPos(hWnd, SB_VERT, ScrollPos + idx, TRUE); - break; - - case SB_PAGEUP: - idx = abs(ScreenAdjustUp(pScr, pScr->height)); - hDC = GetDC(hWnd); - assert(hDC != NULL); - rc.left = 0; - rc.right = pScr->cxChar * pScr->width; - rc.top = 0; - rc.bottom = pScr->cyChar * (pScr->bottom + 1); - ScrollDC(hDC, 0, idx * pScr->cyChar, &rc, &rc, NULL, NULL); - ReleaseDC(hWnd, hDC); - rc.bottom = idx * pScr->cyChar; - InvalidateRect(hWnd, &rc, TRUE); - ScrollPos=GetScrollPos(hWnd, SB_VERT); - SetScrollPos(hWnd, SB_VERT, ScrollPos - idx, TRUE); - break; - - case SB_THUMBPOSITION: - case SB_THUMBTRACK: - ScrollPos = GetScrollPos(hWnd, SB_VERT); - tmpScroll = ScrollPos - LOWORD(lParam); - if (tmpScroll == 0) - break; - if (tmpScroll > 0) - ScreenAdjustUp(pScr, tmpScroll); - else - ScreenAdjustDown(pScr, -tmpScroll); - if (abs(tmpScroll) < pScr->height) { - hDC = GetDC(hWnd); - assert(hDC != NULL); - rc.left = 0; - rc.right = pScr->cxChar * pScr->width; - rc.top = 0; - rc.bottom = pScr->cyChar * (pScr->bottom + 1); - ScrollDC(hDC, 0, tmpScroll * pScr->cyChar, &rc, &rc, NULL, NULL); - ReleaseDC(hWnd, hDC); - if (tmpScroll > 0) { - rc.bottom = tmpScroll * pScr->cyChar; - InvalidateRect(hWnd, &rc, TRUE); - } - else { - rc.top = (pScr->bottom + tmpScroll + 1) * pScr->cyChar; - InvalidateRect(hWnd, &rc, TRUE); - } - } - else - InvalidateRect(hWnd, NULL, TRUE); - - SetScrollPos(hWnd, SB_VERT, LOWORD(lParam), TRUE); - UpdateWindow(hWnd); - break; - } - - ScreenCursorOn(pScr); - break; - - case WM_KEYDOWN: - if (wParam == VK_INSERT) { - if (GetKeyState(VK_SHIFT) < 0) - PostMessage(hWnd, WM_COMMAND, IDM_PASTE, 0); - else if (GetKeyState(VK_CONTROL) < 0) - PostMessage(hWnd, WM_COMMAND, IDM_COPY, 0); - break; - } - /* - ** Check for cursor keys. With control pressed, we treat as - ** keyboard equivalents to scrolling. Otherwise, we send - ** a WM_MYCURSORKEY message with the appropriate string - ** to be sent. Sending the actual string allows the upper - ** level to be ignorant of keyboard modes, etc. - */ - if (wParam < VK_PRIOR || wParam > VK_DOWN) /* Is it a cursor key? */ - break; - - if (GetKeyState (VK_CONTROL) >= 0) { /* No control key */ - if (wParam >= VK_LEFT && wParam <= VK_DOWN) { - pScr = (SCREEN *) GetWindowLong(hWnd, SCREEN_HANDLE); - assert (pScr != NULL); - wParam = wParam - VK_LEFT + (pScr->DECCKM ? 4 : 0); - SendMessage (pScr->hwndTel, WM_MYCURSORKEY, - strlen(cursor_key[wParam]), - (LPARAM) (char *) cursor_key[wParam]); - } - } else { /* Control is down */ - switch (wParam) { - case VK_PRIOR: /* Page up */ - SendMessage(hWnd, WM_VSCROLL, SB_PAGEUP, 0); - break; - case VK_NEXT: /* Page down */ - SendMessage(hWnd, WM_VSCROLL, SB_PAGEDOWN, 0); - break; - case VK_UP: /* Line up */ - SendMessage(hWnd, WM_VSCROLL, SB_LINEUP, 0); - break; - case VK_DOWN: /* Line down */ - SendMessage(hWnd, WM_VSCROLL, SB_LINEDOWN, 0); - break; - } - } - UpdateWindow(hWnd); - break; - - case WM_CHAR: - pScr = (SCREEN *) GetWindowLong(hWnd, SCREEN_HANDLE); - assert (pScr != NULL); - SendMessage(pScr->hwndTel, WM_MYSCREENCHAR, wParam, (LPARAM) pScr); - break; - - case WM_INITMENU: - if (IsClipboardFormatAvailable(CF_TEXT)) - EnableMenuItem((HMENU) wParam, IDM_PASTE, MF_ENABLED); - else - EnableMenuItem((HMENU) wParam, IDM_PASTE, MF_GRAYED); - if (bSelection) - EnableMenuItem((HMENU) wParam, IDM_COPY, MF_ENABLED); - else - EnableMenuItem((HMENU) wParam, IDM_COPY, MF_GRAYED); - break; - - case WM_GETMINMAXINFO: - pScr = (SCREEN *) GetWindowLong(hWnd, SCREEN_HANDLE); - if (pScr == NULL) /* Used on creation when window word not set */ - pScr = ScreenList; - lpmmi = (MINMAXINFO *) lParam; - if (FRAME_WIDTH + MAX_LINE_WIDTH * pScr->cxChar < lpmmi->ptMaxSize.x) - lpmmi->ptMaxSize.x = FRAME_WIDTH + MAX_LINE_WIDTH * pScr->cxChar; - lpmmi->ptMaxTrackSize.x = lpmmi->ptMaxSize.x; - lpmmi->ptMinTrackSize.x = FRAME_WIDTH + 20 * pScr->cxChar; - lpmmi->ptMinTrackSize.y = FRAME_HEIGHT + 4 * pScr->cyChar; - break; - - case WM_LBUTTONDOWN: - if (bDoubleClick) - Edit_TripleClick(hWnd, lParam); - else - Edit_LbuttonDown(hWnd, lParam); - break; - - case WM_LBUTTONUP: - Edit_LbuttonUp(hWnd, lParam); - break; - - case WM_LBUTTONDBLCLK: - bDoubleClick = TRUE; - SetTimer(hWnd, TIMER_TRIPLECLICK, GetDoubleClickTime(), NULL); - Edit_LbuttonDblclk(hWnd, lParam); - break; - - case WM_TIMER: - if (wParam == TIMER_TRIPLECLICK) - bDoubleClick = FALSE; - break; - - case WM_RBUTTONUP: - pScr = (SCREEN *) GetWindowLong(hWnd, SCREEN_HANDLE); - assert (pScr != NULL); - Edit_Copy(hWnd); - Edit_ClearSelection(pScr); - Edit_Paste(hWnd); - break; - - case WM_MOUSEMOVE: - if (bMouseDown) - Edit_MouseMove(hWnd, lParam); - break; - - case WM_RBUTTONDOWN: -#if 0 - pScr = (SCREEN *) GetWindowLong(hWnd, SCREEN_HANDLE); - assert (pScr != NULL); - wsprintf(strTmp,"fp->x=%d fp->y=%d text=%s \r\n", - pScr->screen_top->x, pScr->screen_top->y, pScr->screen_top->text); - OutputDebugString(strTmp); -#endif - break; - - case WM_PAINT: - pScr = (SCREEN *) GetWindowLong(hWnd, SCREEN_HANDLE); - assert (pScr != NULL); - BeginPaint (hWnd, &ps); - SelectObject(ps.hdc, pScr->hSelectedFont); - if (pScr->screen_bottom != NULL) - DrawTextScreen(ps.rcPaint, pScr, ps.hdc); - else - OutputDebugString("screen_bottom is NULL.\r\n"); - EndPaint(hWnd, &ps); - break; - - case WM_CLOSE: - if (MessageBox(hWnd, "Terminate this connection?", "Telnet", MB_OKCANCEL) == IDOK) { - pScr = (SCREEN *) GetWindowLong(hWnd, SCREEN_HANDLE); - assert (pScr != NULL); - SendMessage(pScr->hwndTel, WM_MYSCREENCLOSE, 0, (LPARAM) pScr); - return (DefWindowProc(hWnd, message, wParam, lParam)); - } - break; - - case WM_DESTROY: - pScr = (SCREEN *) GetWindowLong(hWnd, SCREEN_HANDLE); - if (pScr != NULL) - DeleteObject(pScr->hSelectedFont); - return (DefWindowProc(hWnd, message, wParam, lParam)); - - case WM_ACTIVATE: - if (wParam != WA_INACTIVE) { - pScr = (SCREEN *) GetWindowLong(hWnd, SCREEN_HANDLE); - assert (pScr != NULL); - if (pScr->bAlert) { - char strTitle[128]; - int idx; - - GetWindowText(hWnd, strTitle, sizeof(strTitle)); - if (strTitle[0] == ALERT) { - idx = lstrlen(strTitle); - strTitle[idx - 2] = 0; - SetWindowText(hWnd, &strTitle[2]); - pScr->bAlert = FALSE; - } - } - } - return (DefWindowProc(hWnd, message, wParam, lParam)); - - case WM_SIZE: - if (wParam == SIZE_MINIMIZED) - break; - - pScr = (SCREEN *) GetWindowLong(hWnd, SCREEN_HANDLE); - assert (pScr != NULL); - - if (SetInternalScreenSize(pScr, LOWORD(lParam), HIWORD(lParam))) { - SendMessage(pScr->hwndTel, WM_MYSCREENSIZE, 0, - MAKELONG(pScr->width, pScr->height)); - } - MakeWindowTitle(pScr->title, pScr->width, pScr->height, - title, sizeof(title)); - SetWindowText(hWnd, title); - break; - - case WM_SETFOCUS: - pScr = (SCREEN *) GetWindowLong(hWnd, SCREEN_HANDLE); - assert (pScr != NULL); - CreateCaret(hWnd, NULL, pScr->cxChar, 2); - ScreenCursorOn(pScr); - break; - - case WM_KILLFOCUS: - DestroyCaret(); - break; - - default: - return(DefWindowProc(hWnd, message, wParam, lParam)); - } - - return(0); - -} /* ScreenWndProc */ - - -void ScreenBell( - SCREEN *pScr) -{ - char strTitle[128]; - int idx; - - MessageBeep(MB_ICONEXCLAMATION); - if (pScr->hWnd != GetActiveWindow()) { - FlashWindow(pScr->hWnd, TRUE); - if (!pScr->bAlert) { - strTitle[0] = ALERT; - strTitle[1] = SPACE; - GetWindowText(pScr->hWnd, &strTitle[2], sizeof(strTitle) - 2); - idx = lstrlen(strTitle); - strTitle[idx] = SPACE; - strTitle[idx+1] = ALERT; - strTitle[idx+2] = 0; - SetWindowText(pScr->hWnd, strTitle); - } - FlashWindow(pScr->hWnd, FALSE); - pScr->bAlert = TRUE; - } - -} /* ScreenBell */ - - -void ScreenBackspace(SCREEN *pScr) -{ - RECT rc; - - pScr->bWrapPending = FALSE; - rc.left = pScr->x * pScr->cxChar; - rc.right = (pScr->x + 1) * pScr->cxChar; - rc.top = pScr->cyChar * pScr->y; - rc.bottom = pScr->cyChar * (pScr->y + 1); - InvalidateRect(pScr->hWnd, &rc, TRUE); - pScr->x--; - if (pScr->x < 0) - pScr->x = 0; - UpdateWindow(pScr->hWnd); - -} /* ScreenBackspace */ - - -void ScreenTab( - SCREEN *pScr) -{ - int num_spaces; - int idx; - SCREENLINE *pScrLine; - int iTest = 0; - HDC hDC; - - num_spaces = TAB_SPACES - (pScr->x % TAB_SPACES); - if (pScr->x + num_spaces >= pScr->width) - num_spaces = pScr->width - pScr->x; - pScrLine = GetScreenLineFromY(pScr, pScr->y); - if (pScrLine == NULL) - return; - for (idx = 0; idx < num_spaces; idx++, pScr->x++) { - if (!pScrLine->text[pScr->x]) - iTest=1; - if (iTest) - pScrLine->text[pScr->x] = SPACE; - } - hDC = GetDC(pScr->hWnd); - assert(hDC != NULL); - SelectObject(hDC, pScr->hSelectedFont); - TextOut(hDC, (pScr->x - num_spaces) * pScr->cxChar, pScr->y * pScr->cyChar, - pScrLine->text + pScr->x - num_spaces, num_spaces); - ReleaseDC(pScr->hWnd, hDC); - if (pScr->x >= pScr->width) - pScr->x = pScr->width - 1; - pScr->bWrapPending = FALSE; - -} /* ScreenTab */ - - -void ScreenCarriageFeed( - SCREEN *pScr) -{ - pScr->bWrapPending = FALSE; - pScr->x = 0; - -} /* ScreenCarriageFeed */ diff -Nru krb5-1.16.2/src/windows/wintel/screen.h krb5-1.17/src/windows/wintel/screen.h --- krb5-1.16.2/src/windows/wintel/screen.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/wintel/screen.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,325 +0,0 @@ -extern long PASCAL ScreenWndProc(HWND,UINT,WPARAM,LPARAM); - -/* -* Definition of attribute bits in the Virtual Screen -* -* 0 - Bold -* 1 - -* 2 - -* 3 - Underline -* 4 - Blink -* 5 - -* 6 - Reverse -* 7 - Graphics character set -* -*/ -#define SCR_isbold(x) (x & 0x01) -#define SCR_isundl(x) (x & 0x08) -#define SCR_isblnk(x) (x & 0x10) -#define SCR_isrev(x) (x & 0x40) -#define SCR_setrev(x) (x ^= 0x40) -#define SCR_isgrph(x) (x & 0x80) -#define SCR_inattr(x) (x & 0xd9) -#define SCR_graph(x) (x | 0x80) -#define SCR_notgraph(x) (x & 0x7F) - -#define SCREEN_HANDLE 0 /* offset in extra window info */ - -#define WM_MYSCREENCHAR (WM_USER+1) -#define WM_MYSCREENBLOCK (WM_USER+2) -#define WM_MYSYSCHAR (WM_USER+3) -#define WM_MYSCREENCLOSE (WM_USER+4) -#define WM_MYSCREENCHANGEBKSP (WM_USER+5) -#define WM_MYSCREENSIZE (WM_USER+6) -#define WM_NETWORKEVENT (WM_USER+7) -#define WM_HOSTNAMEFOUND (WM_USER+8) -#define WM_MYCURSORKEY (WM_USER+9) - -#define FRAME_HEIGHT ((2* GetSystemMetrics(SM_CYFRAME))+GetSystemMetrics(SM_CYCAPTION)+GetSystemMetrics(SM_CYMENU)+3) -#define FRAME_WIDTH (2*GetSystemMetrics(SM_CXFRAME)+GetSystemMetrics(SM_CXVSCROLL)) -#define TAB_SPACES 8 -#define SPACE 32 -#define ALERT 0x21 -#define MAX_LINE_WIDTH 512 /* not restricted to 1 byte */ - -typedef struct SCREENLINE { - struct SCREENLINE *next; - struct SCREENLINE *prev; - int width; - char *text; - char *attrib; - char buffer[0]; -} SCREENLINE; - -typedef struct SCREEN { - LPSTR title; - HWND hWnd; - HWND hwndTel; - SCREENLINE *screen_top; - SCREENLINE *screen_bottom; - SCREENLINE *buffer_top; - SCREENLINE *buffer_bottom; - int ID; - int type; - int width; - int height; - int maxlines; /* Maximum number of scrollback lines */ - int numlines; /* Current number of scrollback lines */ - int savelines; /* Save lines off top? */ - int ESscroll; /* Scroll screen when ES received */ - int attrib; /* current attribute */ - int x; /* current cursor position */ - int y; /* current cursor position */ - int Oldx; /* internally used to redraw cursor */ - int Oldy; - int Px; /* saved cursor pos and attribute */ - int Py; - int Pattrib; - int VSIDC; /* Insert/Delete character mode 0=draw line */ - int DECAWM; /* AutoWrap mode 0=off */ - BOOL bWrapPending; /* AutoWrap mode is on - wrap on next character */ - int DECCKM; /* Cursor key mode */ - int DECPAM; /* keyPad Application mode */ - int IRM; /* Insert/Replace mode */ - int escflg; /* Current Escape level */ - int top; /* Vertical bounds of screen */ - int bottom; - int parmptr; - int cxChar; /* Width of the current font */ - int cyChar; /* Height of the current font */ - BOOL bAlert; - int parms[6]; /* Ansi Params */ - LOGFONT lf; - HFONT hSelectedFont; - HFONT hSelectedULFont; - char tabs[MAX_LINE_WIDTH]; - struct SCREEN *next; - struct SCREEN *prev; -} SCREEN; - -typedef struct CONFIG { - LPSTR title; - HWND hwndTel; - int ID; - int type; - int height; - int width; - int maxlines; /* Maximum number of scrollback lines */ - int backspace; - int ESscroll; /* Scroll screen when ES received */ - int VSIDC; /* Insert/Delete character mode 0=draw line */ - int DECAWM; /* AutoWrap mode 0=off */ - int IRM; /* Insert/Replace mode */ -} CONFIG; - -#define TELNET_SCREEN 0 -#define CONSOLE_SCREEN 1 - -#define IDM_FONT 100 -#define IDM_BACKSPACE 101 -#define IDM_DELETE 102 -#define IDM_ABOUT 103 -#define IDM_HELP_INDEX 104 -#define IDM_EXIT 105 - -#define HELP_FILE "ktelnet.hlp" - -#define IDM_COPY 200 -#define IDM_PASTE 201 -#define IDM_DEBUG 202 - -#define TIMER_TRIPLECLICK 1000 - -#define IDC_ALLOCFAIL 1 -#define IDC_LOCKFAIL 2 -#define IDC_LOADSTRINGFAIL 3 -#define IDC_FONT 6 - -#define DESIREDPOINTSIZE 12 - -/* -Prototypes -*/ - void NEAR InitializeStruct( - WORD wCommDlgType, - LPSTR lpStruct, - HWND hWnd); - - void ScreenInit( - HINSTANCE hInstance); - - void SetScreenInstance( - HINSTANCE hInstance); - - SCREENLINE *ScreenNewLine(); - - void ScreenBell( - SCREEN *pScr); - - void ScreenBackspace( - SCREEN *pScr); - - void ScreenTab( - SCREEN *pScr); - - void ScreenCarriageFeed( - SCREEN *pScr); - - int ScreenScroll( - SCREEN *pScr); - - void DeleteTopLine( - SCREEN *pScr); - -/* -emul.c -*/ - void ScreenEm( - LPSTR c, - int len, - SCREEN *pScr); - -/* -intern.c -*/ - SCREENLINE *GetScreenLineFromY( - SCREEN *pScr, - int y); - - SCREENLINE *ScreenClearLine( - SCREEN *pScr, - SCREENLINE *pScrLine); - - void ScreenUnscroll( - SCREEN *pScr); - - void ScreenELO( - SCREEN *pScr, - int s); - - void ScreenEraseScreen( - SCREEN *pScr); - - void ScreenTabClear( - SCREEN *pScr); - - void ScreenTabInit( - SCREEN *pScr); - - void ScreenReset( - SCREEN *pScr); - - void ScreenIndex( - SCREEN *pScr); - - void ScreenWrapNow( - SCREEN *pScr, - int *xp, - int *yp); - - void ScreenEraseToEOL( - SCREEN *pScr); - - void ScreenEraseToBOL( - SCREEN *pScr); - - void ScreenEraseLine( - SCREEN *pScr, - int s); - - void ScreenEraseToEndOfScreen( - SCREEN *pScr); - - void ScreenRange( - SCREEN *pScr); - - void ScreenAlign( - SCREEN *pScr); - - void ScreenApClear( - SCREEN *pScr); - - void ScreenSetOption( - SCREEN *pScr, - int toggle); - - BOOL ScreenInsChar( - SCREEN *pScr, - int x); - - void ScreenSaveCursor( - SCREEN *pScr); - - void ScreenRestoreCursor( - SCREEN *pScr); - - void ScreenDraw( - SCREEN *pScr, - int x, - int y, - int a, - int len, - char *c); - - void ScreenCursorOff( - SCREEN *pScr); - - void ScreenCursorOn( - SCREEN *pScr); - - void ScreenDelChars( - SCREEN *pScr, - int n); - - void ScreenRevIndex( - SCREEN *pScr); - - void ScreenDelLines( - SCREEN *pScr, - int n, - int s); - - void ScreenInsLines( - SCREEN *pScr, - int n, - int s); - - #if ! defined(NDEBUG) - BOOL CheckScreen( - SCREEN *pScr); - #endif - - void ProcessFontChange( - HWND hWnd); - - void Edit_LbuttonDown( - HWND hWnd, - LPARAM lParam); - - void Edit_LbuttonDblclk( - HWND hWnd, - LPARAM lParam); - - void Edit_LbuttonUp( - HWND hWnd, - LPARAM lParam); - - void Edit_TripleClick( - HWND hWnd, - LPARAM lParam); - - void Edit_MouseMove( - HWND hWnd, - LPARAM lParam); - - void Edit_ClearSelection( - SCREEN *pScr); - - void Edit_Copy( - HWND hWnd); - - void Edit_Paste( - HWND hWnd); - - SCREEN *InitNewScreen( - CONFIG *Config); diff -Nru krb5-1.16.2/src/windows/wintel/struct.h krb5-1.17/src/windows/wintel/struct.h --- krb5-1.16.2/src/windows/wintel/struct.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/wintel/struct.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,29 +0,0 @@ -#include "winsock.h" -#ifdef KRB4 - #include "kstream.h" -#endif -#ifdef KRB5 - #include "k5stream.h" -#endif - -#define HCONNECTION HGLOBAL - -typedef struct CONNECTION { - SCREEN *pScreen; /* handle to screen associated with connection */ - kstream ks; - SOCKET socket; - int pnum; /* port number associated with connection */ - int telstate; /* telnet state for this connection */ - int substate; /* telnet subnegotiation state */ - int termsent; - int echo; - int ugoahead; - int igoahead; - int timing; - int backspace; - int ctrl_backspace; - int termstate; /* terminal type for this connection */ - int width; - int height; - BOOL bResizeable; -} CONNECTION; diff -Nru krb5-1.16.2/src/windows/wintel/telnet_arpa.h krb5-1.17/src/windows/wintel/telnet_arpa.h --- krb5-1.16.2/src/windows/wintel/telnet_arpa.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/wintel/telnet_arpa.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,327 +0,0 @@ -/* - * Copyright (c) 1983, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)telnet.h 8.1 (Berkeley) 6/2/93 - */ - -#ifndef _TELNET_H_ -#define _TELNET_H_ - -/* - * Definitions for the TELNET protocol. - */ -#define IAC 255 /* interpret as command: */ -#define DONT 254 /* you are not to use option */ -#define DO 253 /* please, you use option */ -#define WONT 252 /* I won't use option */ -#define WILL 251 /* I will use option */ -#define SB 250 /* interpret as subnegotiation */ -#define GA 249 /* you may reverse the line */ -#define EL 248 /* erase the current line */ -#define EC 247 /* erase the current character */ -#define AYT 246 /* are you there */ -#define AO 245 /* abort output--but let prog finish */ -#define IP 244 /* interrupt process--permanently */ -#define BREAK 243 /* break */ -#define DM 242 /* data mark--for connect. cleaning */ -#define NOP 241 /* nop */ -#define SE 240 /* end sub negotiation */ -#define EOR 239 /* end of record (transparent mode) */ -#define ABORT 238 /* Abort process */ -#define SUSP 237 /* Suspend process */ -#define xEOF 236 /* End of file: EOF is already used... */ - -#define SYNCH 242 /* for telfunc calls */ - -#ifdef TELCMDS -char *telcmds[] = { - "EOF", "SUSP", "ABORT", "EOR", - "SE", "NOP", "DMARK", "BRK", "IP", "AO", "AYT", "EC", - "EL", "GA", "SB", "WILL", "WONT", "DO", "DONT", "IAC", 0, -}; -#else -extern char *telcmds[]; -#endif - -#define TELCMD_FIRST xEOF -#define TELCMD_LAST IAC -#define TELCMD_OK(x) ((unsigned int)(x) <= TELCMD_LAST && \ - (unsigned int)(x) >= TELCMD_FIRST) -#define TELCMD(x) telcmds[(x)-TELCMD_FIRST] - -/* telnet options */ -#define TELOPT_BINARY 0 /* 8-bit data path */ -#define TELOPT_ECHO 1 /* echo */ -#define TELOPT_RCP 2 /* prepare to reconnect */ -#define TELOPT_SGA 3 /* suppress go ahead */ -#define TELOPT_NAMS 4 /* approximate message size */ -#define TELOPT_STATUS 5 /* give status */ -#define TELOPT_TM 6 /* timing mark */ -#define TELOPT_RCTE 7 /* remote controlled transmission and echo */ -#define TELOPT_NAOL 8 /* negotiate about output line width */ -#define TELOPT_NAOP 9 /* negotiate about output page size */ -#define TELOPT_NAOCRD 10 /* negotiate about CR disposition */ -#define TELOPT_NAOHTS 11 /* negotiate about horizontal tabstops */ -#define TELOPT_NAOHTD 12 /* negotiate about horizontal tab disposition */ -#define TELOPT_NAOFFD 13 /* negotiate about formfeed disposition */ -#define TELOPT_NAOVTS 14 /* negotiate about vertical tab stops */ -#define TELOPT_NAOVTD 15 /* negotiate about vertical tab disposition */ -#define TELOPT_NAOLFD 16 /* negotiate about output LF disposition */ -#define TELOPT_XASCII 17 /* extended ascic character set */ -#define TELOPT_LOGOUT 18 /* force logout */ -#define TELOPT_BM 19 /* byte macro */ -#define TELOPT_DET 20 /* data entry terminal */ -#define TELOPT_SUPDUP 21 /* supdup protocol */ -#define TELOPT_SUPDUPOUTPUT 22 /* supdup output */ -#define TELOPT_SNDLOC 23 /* send location */ -#define TELOPT_TTYPE 24 /* terminal type */ -#define TELOPT_EOR 25 /* end or record */ -#define TELOPT_TUID 26 /* TACACS user identification */ -#define TELOPT_OUTMRK 27 /* output marking */ -#define TELOPT_TTYLOC 28 /* terminal location number */ -#define TELOPT_3270REGIME 29 /* 3270 regime */ -#define TELOPT_X3PAD 30 /* X.3 PAD */ -#define TELOPT_NAWS 31 /* window size */ -#define TELOPT_TSPEED 32 /* terminal speed */ -#define TELOPT_LFLOW 33 /* remote flow control */ -#define TELOPT_LINEMODE 34 /* Linemode option */ -#define TELOPT_XDISPLOC 35 /* X Display Location */ -#define TELOPT_OLD_ENVIRON 36 /* Old - Environment variables */ -#define TELOPT_AUTHENTICATION 37/* Authenticate */ -#define TELOPT_ENCRYPT 38 /* Encryption option */ -#define TELOPT_NEW_ENVIRON 39 /* New - Environment variables */ -#define TELOPT_EXOPL 255 /* extended-options-list */ - - -#define NTELOPTS (1+TELOPT_NEW_ENVIRON) -#ifdef TELOPTS -char *telopts[NTELOPTS+1] = { - "BINARY", "ECHO", "RCP", "SUPPRESS GO AHEAD", "NAME", - "STATUS", "TIMING MARK", "RCTE", "NAOL", "NAOP", - "NAOCRD", "NAOHTS", "NAOHTD", "NAOFFD", "NAOVTS", - "NAOVTD", "NAOLFD", "EXTEND ASCII", "LOGOUT", "BYTE MACRO", - "DATA ENTRY TERMINAL", "SUPDUP", "SUPDUP OUTPUT", - "SEND LOCATION", "TERMINAL TYPE", "END OF RECORD", - "TACACS UID", "OUTPUT MARKING", "TTYLOC", - "3270 REGIME", "X.3 PAD", "NAWS", "TSPEED", "LFLOW", - "LINEMODE", "XDISPLOC", "OLD-ENVIRON", "AUTHENTICATION", - "ENCRYPT", "NEW-ENVIRON", - 0, -}; -#define TELOPT_FIRST TELOPT_BINARY -#define TELOPT_LAST TELOPT_NEW_ENVIRON -#define TELOPT_OK(x) ((unsigned int)(x) <= TELOPT_LAST) -#define TELOPT(x) telopts[(x)-TELOPT_FIRST] -#endif - -/* sub-option qualifiers */ -#define TELQUAL_IS 0 /* option is... */ -#define TELQUAL_SEND 1 /* send option */ -#define TELQUAL_INFO 2 /* ENVIRON: informational version of IS */ -#define TELQUAL_REPLY 2 /* AUTHENTICATION: client version of IS */ -#define TELQUAL_NAME 3 /* AUTHENTICATION: client version of IS */ - -#define LFLOW_OFF 0 /* Disable remote flow control */ -#define LFLOW_ON 1 /* Enable remote flow control */ -#define LFLOW_RESTART_ANY 2 /* Restart output on any char */ -#define LFLOW_RESTART_XON 3 /* Restart output only on XON */ - -/* - * LINEMODE suboptions - */ - -#define LM_MODE 1 -#define LM_FORWARDMASK 2 -#define LM_SLC 3 - -#define MODE_EDIT 0x01 -#define MODE_TRAPSIG 0x02 -#define MODE_ACK 0x04 -#define MODE_SOFT_TAB 0x08 -#define MODE_LIT_ECHO 0x10 - -#define MODE_MASK 0x1f - -/* Not part of protocol, but needed to simplify things... */ -#define MODE_FLOW 0x0100 -#define MODE_ECHO 0x0200 -#define MODE_INBIN 0x0400 -#define MODE_OUTBIN 0x0800 -#define MODE_FORCE 0x1000 - -#define SLC_SYNCH 1 -#define SLC_BRK 2 -#define SLC_IP 3 -#define SLC_AO 4 -#define SLC_AYT 5 -#define SLC_EOR 6 -#define SLC_ABORT 7 -#define SLC_EOF 8 -#define SLC_SUSP 9 -#define SLC_EC 10 -#define SLC_EL 11 -#define SLC_EW 12 -#define SLC_RP 13 -#define SLC_LNEXT 14 -#define SLC_XON 15 -#define SLC_XOFF 16 -#define SLC_FORW1 17 -#define SLC_FORW2 18 - -#define NSLC 18 - -/* - * For backwards compatability, we define SLC_NAMES to be the - * list of names if SLC_NAMES is not defined. - */ -#define SLC_NAMELIST "0", "SYNCH", "BRK", "IP", "AO", "AYT", "EOR", \ - "ABORT", "EOF", "SUSP", "EC", "EL", "EW", "RP", \ - "LNEXT", "XON", "XOFF", "FORW1", "FORW2", 0, -#ifdef SLC_NAMES -char *slc_names[] = { - SLC_NAMELIST -}; -#else -extern char *slc_names[]; -#define SLC_NAMES SLC_NAMELIST -#endif - -#define SLC_NAME_OK(x) ((unsigned int)(x) <= NSLC) -#define SLC_NAME(x) slc_names[x] - -#define SLC_NOSUPPORT 0 -#define SLC_CANTCHANGE 1 -#define SLC_VARIABLE 2 -#define SLC_DEFAULT 3 -#define SLC_LEVELBITS 0x03 - -#define SLC_FUNC 0 -#define SLC_FLAGS 1 -#define SLC_VALUE 2 - -#define SLC_ACK 0x80 -#define SLC_FLUSHIN 0x40 -#define SLC_FLUSHOUT 0x20 - -#define OLD_ENV_VAR 1 -#define OLD_ENV_VALUE 0 -#define NEW_ENV_VAR 0 -#define NEW_ENV_VALUE 1 -#define ENV_ESC 2 -#define ENV_USERVAR 3 - -/* - * AUTHENTICATION suboptions - */ - -/* - * Who is authenticating who ... - */ -#define AUTH_WHO_CLIENT 0 /* Client authenticating server */ -#define AUTH_WHO_SERVER 1 /* Server authenticating client */ -#define AUTH_WHO_MASK 1 - -/* - * amount of authentication done - */ -#define AUTH_HOW_ONE_WAY 0 -#define AUTH_HOW_MUTUAL 2 -#define AUTH_HOW_MASK 2 - -/* - * should we be encrypting? (not yet formally standardized) - */ -#define AUTH_ENCRYPT_OFF 0 -#define AUTH_ENCRYPT_ON 4 -#define AUTH_ENCRYPT_MASK 4 - -#define AUTHTYPE_NULL 0 -#define AUTHTYPE_KERBEROS_V4 1 -#define AUTHTYPE_KERBEROS_V5 2 -#define AUTHTYPE_SPX 3 -#define AUTHTYPE_MINK 4 -#define AUTHTYPE_CNT 5 - -#define AUTHTYPE_TEST 99 - -#ifdef AUTH_NAMES -char *authtype_names[] = { - "NULL", "KERBEROS_V4", "KERBEROS_V5", "SPX", "MINK", 0, -}; -#else -extern char *authtype_names[]; -#endif - -#define AUTHTYPE_NAME_OK(x) ((unsigned int)(x) < AUTHTYPE_CNT) -#define AUTHTYPE_NAME(x) authtype_names[x] - -/* - * ENCRYPTion suboptions - */ -#define ENCRYPT_IS 0 /* I pick encryption type ... */ -#define ENCRYPT_SUPPORT 1 /* I support encryption types ... */ -#define ENCRYPT_REPLY 2 /* Initial setup response */ -#define ENCRYPT_START 3 /* Am starting to send encrypted */ -#define ENCRYPT_END 4 /* Am ending encrypted */ -#define ENCRYPT_REQSTART 5 /* Request you start encrypting */ -#define ENCRYPT_REQEND 6 /* Request you send encrypting */ -#define ENCRYPT_ENC_KEYID 7 -#define ENCRYPT_DEC_KEYID 8 -#define ENCRYPT_CNT 9 - -#define ENCTYPE_ANY 0 -#define ENCTYPE_DES_CFB64 1 -#define ENCTYPE_DES_OFB64 2 -#define ENCTYPE_CNT 3 - -#ifdef ENCRYPT_NAMES -char *encrypt_names[] = { - "IS", "SUPPORT", "REPLY", "START", "END", - "REQUEST-START", "REQUEST-END", "ENC-KEYID", "DEC-KEYID", - 0, -}; -char *enctype_names[] = { - "ANY", "DES_CFB64", "DES_OFB64", 0, -}; -#else -extern char *encrypt_names[]; -extern char *enctype_names[]; -#endif - - -#define ENCRYPT_NAME_OK(x) ((unsigned int)(x) < ENCRYPT_CNT) -#define ENCRYPT_NAME(x) encrypt_names[x] - -#define ENCTYPE_NAME_OK(x) ((unsigned int)(x) < ENCTYPE_CNT) -#define ENCTYPE_NAME(x) enctype_names[x] - -#endif /* !_TELNET_H_ */ diff -Nru krb5-1.16.2/src/windows/wintel/telnet.c krb5-1.17/src/windows/wintel/telnet.c --- krb5-1.16.2/src/windows/wintel/telnet.c 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/wintel/telnet.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,904 +0,0 @@ -/**************************************************************************** - - Program: telnet.c - - PURPOSE: Windows networking kernel - Telnet - - FUNCTIONS: - - WinMain() - calls initialization function, processes message loop - InitApplication() - initializes window data and registers window - InitInstance() - saves instance handle and creates main window - MainWndProc() - processes messages - About() - processes messages for "About" dialog box - - COMMENTS: - - Windows can have several copies of your application running at the - same time. The variable hInst keeps track of which instance this - application is so that processing will be to the correct window. - - ****************************************************************************/ - -#include -#include -#include -#include -#include "telnet.h" -#include "auth.h" - -static HANDLE hInst; -static HWND hWnd; -static CONFIG *tmpConfig; -static CONNECTION *con = NULL; -static char hostdata[MAXGETHOSTSTRUCT]; -static SCREEN *pScr; -static int debug = 1; - -char strTmp[1024]; /* Scratch buffer */ -BOOL bAutoConnection = FALSE; -short port_no = 23; -char szUserName[64]; /* Used in auth.c */ -char szHostName[64]; - -#ifdef KRB4 -#define WINDOW_CLASS "K4_telnetWClass" -#endif - -#ifdef KRB5 -krb5_context k5_context; -#define WINDOW_CLASS "K5_telnetWClass" -#endif - -/* - * - * FUNCTION: WinMain(HINSTANCE, HINSTANCE, LPSTR, int) - * - * PURPOSE: calls initialization function, processes message loop - * - * COMMENTS: - * - * Windows recognizes this function by name as the initial entry point - * for the program. This function calls the application initialization - * routine, if no other instance of the program is running, and always - * calls the instance initialization routine. It then executes a message - * retrieval and dispatch loop that is the top-level control structure - * for the remainder of execution. The loop is terminated when a WM_QUIT - * message is received, at which time this function exits the application - * instance by returning the value passed by PostQuitMessage(). - * - * If this function must abort before entering the message loop, it - * returns the conventional value NULL. - */ - -int PASCAL -WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) -{ - MSG msg; - - if (!hPrevInstance) - if (!InitApplication(hInstance)) - return(FALSE); - - /* - * Perform initializations that apply to a specific instance - */ - bAutoConnection = parse_cmdline(lpCmdLine); - - if (!InitInstance(hInstance, nCmdShow)) - return(FALSE); - -#ifdef _WIN32 - SetDebugErrorLevel(SLE_WARNING); -#endif - - /* - * Acquire and dispatch messages until a WM_QUIT message is received. - */ - while (GetMessage(&msg, NULL, 0, 0)) { - TranslateMessage(&msg); - DispatchMessage(&msg); - - /* Process all non-network messages */ - while (PeekMessage(&msg, NULL, 0, WM_NETWORKEVENT-1, PM_REMOVE) || - PeekMessage(&msg, NULL, WM_NETWORKEVENT+1, (UINT)-1, PM_REMOVE)) - { - if (msg.message == WM_QUIT) // Special case: WM_QUIT -- return - return msg.wParam; // the value from PostQuitMessage - - TranslateMessage(&msg); - DispatchMessage(&msg); - } - } - - return (msg.wParam); /* Returns the value from PostQuitMessage */ -} - -/* - * FUNCTION: InitApplication(HINSTANCE) - * - * PURPOSE: Initializes window data and registers window class - * - * COMMENTS: - * - * This function is called at initialization time only if no other - * instances of the application are running. This function performs - * initialization tasks that can be done once for any number of running - * instances. - * - * In this case, we initialize a window class by filling out a data - * structure of type WNDCLASS and calling the Windows RegisterClass() - * function. Since all instances of this application use the same window - * class, we only need to do this when the first instance is initialized. - */ - -BOOL -InitApplication(HINSTANCE hInstance) -{ - WNDCLASS wc; - - ScreenInit(hInstance); - - /* - * Fill in window class structure with parameters that describe the - * main window. - */ - wc.style = CS_HREDRAW | CS_VREDRAW; /* Class style(s). */ - wc.lpfnWndProc = MainWndProc; /* Function to retrieve messages for - * windows of this class. - */ - wc.cbClsExtra = 0; /* No per-class extra data. */ - wc.cbWndExtra = 0; /* No per-window extra data. */ - wc.hInstance = hInstance; /* Application that owns the class. */ - wc.hIcon = NULL; /* LoadIcon(hInstance, "NCSA"); */ - wc.hCursor = NULL; /* Cursor(NULL, IDC_ARROW); */ - wc.hbrBackground = NULL; /* GetStockObject(WHITE_BRUSH); */ - wc.lpszMenuName = NULL; /* Name of menu resource in .RC file. */ - wc.lpszClassName = WINDOW_CLASS; /* Name used in call to CreateWindow. */ - - return(RegisterClass(&wc)); -} - - -/* - * FUNCTION: InitInstance(HANDLE, int) - * - * PURPOSE: Saves instance handle and creates main window - * - * COMMENTS: - * - * This function is called at initialization time for every instance of - * this application. This function performs initialization tasks that - * cannot be shared by multiple instances. - * - * In this case, we save the instance handle in a static variable and - * create and display the main program window. - */ -BOOL -InitInstance(HINSTANCE hInstance, int nCmdShow) -{ - int xScreen = 0; - int yScreen = 0; - WSADATA wsaData; - - SetScreenInstance(hInstance); - - /* - * Save the instance handle in static variable, which will be used in - * many subsequence calls from this application to Windows. - */ - hInst = hInstance; - - /* - * Create a main window for this application instance. - */ - hWnd = CreateWindow( - WINDOW_CLASS, /* See RegisterClass() call. */ - "TCPWin", /* Text for window title bar. */ - WS_SYSMENU, /* Window style. */ - xScreen / 3, /* Default horizontal position. */ - yScreen / 3, /* Default vertical position. */ - xScreen / 3, /* Default width. */ - yScreen / 3, /* Default height. */ - NULL, /* Overlapped windows have no parent */ - NULL, /* Use the window class menu. */ - hInstance, /* This instance owns this window. */ - NULL); /* Pointer not needed. */ - - if (!hWnd) - return (FALSE); - - if (WSAStartup(0x0101, &wsaData) != 0) { /* Initialize the network */ - MessageBox(NULL, "Couldn't initialize Winsock!", NULL, - MB_OK | MB_ICONEXCLAMATION); - return(FALSE); - } - - if (!OpenTelnetConnection()) { - WSACleanup(); - return(FALSE); - } - -#ifdef KRB5 - krb5_init_context(&k5_context); -#endif - - return (TRUE); -} - -char buf[2048]; - -/* - * FUNCTION: MainWndProc(HWND, UINT, WPARAM, LPARAM) - * - * PURPOSE: Processes messages - * - * MESSAGES: - * - * WM_COMMAND - application menu (About dialog box) - * WM_DESTROY - destroy window - */ -LRESULT CALLBACK -MainWndProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam) -{ - HGLOBAL hBuffer; - LPSTR lpBuffer; - int iEvent, cnt, ret; - char *tmpCommaLoc; - struct sockaddr_in remote_addr; - struct hostent *remote_host; - - switch (message) { - case WM_MYSCREENCHANGEBKSP: - if (!con) - break; - con->backspace = wParam; - if (con->backspace == VK_BACK) { - con->ctrl_backspace = 0x7f; - WritePrivateProfileString(INI_TELNET, INI_BACKSPACE, - INI_BACKSPACE_BS, TELNET_INI); - } - else { - con->ctrl_backspace = VK_BACK; - WritePrivateProfileString(INI_TELNET, INI_BACKSPACE, - INI_BACKSPACE_DEL, TELNET_INI); - } - GetPrivateProfileString(INI_HOSTS, INI_HOST "0", "", buf, 128, TELNET_INI); - tmpCommaLoc = strchr(buf, ','); - if (tmpCommaLoc == NULL) { - strcat (buf, ","); - tmpCommaLoc = strchr(buf, ','); - } - if (tmpCommaLoc) { - tmpCommaLoc++; - if (con->backspace == VK_BACK) - strcpy(tmpCommaLoc, INI_HOST_BS); - else - strcpy(tmpCommaLoc, INI_HOST_DEL); - } - WritePrivateProfileString(INI_HOSTS, INI_HOST "0", buf, TELNET_INI); - break; - - case WM_MYSCREENCHAR: - { - unsigned char c; - - if (!con) - break; - if (wParam == VK_BACK) - c = con->backspace; - else if (wParam == 0x7f) - c = con->ctrl_backspace; - else if (wParam == VK_SPACE && GetKeyState(VK_CONTROL) < 0) - c = 0; - else - c = wParam; - TelnetSend(con->ks, &c, 1, 0); - } - break; - - case WM_MYCURSORKEY: - /* Acts as a send through: buffer is lParam and length in wParam */ - if (!con) - break; - memcpy(buf, (char *)lParam, wParam); - TelnetSend (con->ks, buf, wParam, 0); - break; - - case WM_MYSCREENBLOCK: - if (!con) - break; - hBuffer = (HGLOBAL) wParam; - lpBuffer = GlobalLock(hBuffer); - TelnetSend(con->ks, lpBuffer, lstrlen(lpBuffer), 0); - GlobalUnlock(hBuffer); - break; - - case WM_MYSCREENCLOSE: -#if 0 - if (con) - { - kstream_destroy(con->ks); - con->ks = NULL; - } -#endif - DestroyWindow(hWnd); - break; - - case WM_QUERYOPEN: - return(0); - break; - - case WM_DESTROY: /* message: window being destroyed */ - if (con) - { - kstream_destroy(con->ks); - free(con); - WSACleanup(); - } - PostQuitMessage(0); - break; - - case WM_NETWORKEVENT: - iEvent = WSAGETSELECTEVENT(lParam); - - switch (iEvent) { - - case FD_READ: - if (con == NULL) - break; - cnt = kstream_read(con->ks, buf, 1500); - buf[cnt] = 0; - parse((CONNECTION *)con, (unsigned char *)buf, cnt); - ScreenEm(buf, cnt, con->pScreen); - break; - - case FD_CLOSE: - kstream_destroy(con->ks); - free(con); - con = NULL; - WSACleanup(); - PostQuitMessage(0); - break; - - case FD_CONNECT: - ret = WSAGETSELECTERROR(lParam); - if (ret) { - wsprintf(buf, "Error %d on Connect", ret); - MessageBox(NULL, buf, NULL, MB_OK | MB_ICONEXCLAMATION); - kstream_destroy(con->ks); - free(con); - WSACleanup(); - PostQuitMessage(0); - break; - } - start_negotiation(con->ks); - break; - } - - break; - - case WM_HOSTNAMEFOUND: - ret = WSAGETASYNCERROR(lParam); - if (ret) { - wsprintf(buf, "Error %d on GetHostbyName", ret); - MessageBox(NULL, buf, NULL, MB_OK | MB_ICONEXCLAMATION); - kstream_destroy(con->ks); - free(con); - WSACleanup(); - PostQuitMessage(0); - break; - } - - remote_host = (struct hostent *)hostdata; - remote_addr.sin_family = AF_INET; - memcpy(&(remote_addr.sin_addr), &(remote_host->h_addr[0]), 4); - remote_addr.sin_port = htons(port_no); - - connect(con->socket, (struct sockaddr *)&remote_addr, sizeof(struct sockaddr)); - break; - - case WM_MYSCREENSIZE: - con->width = LOWORD(lParam); /* width in characters */ - con->height = HIWORD(lParam); /* height in characters */ - if (con->bResizeable && con->ks) - send_naws(con); - wsprintf(buf, "%d", con->height); - WritePrivateProfileString(INI_TELNET, INI_HEIGHT, buf, TELNET_INI); - wsprintf(buf, "%d", con->width); - WritePrivateProfileString(INI_TELNET, INI_WIDTH, buf, TELNET_INI); - break; - - default: /* Passes it on if unproccessed */ - return(DefWindowProc(hWnd, message, wParam, lParam)); - } - return (0); -} - - -/* - * - * FUNCTION: SaveHostName(hostname, port) - * - * PURPOSE: Saves the currently selected host name and port number - * in the KERBEROS.INI file and returns the preferred backspace - * setting if one exists for that host. - * - * RETURNS: VK_BACK or 0x7f depending on the desired backspace setting. - */ -int -SaveHostName(char *host, int port) -{ - char buf[128]; /* Scratch buffer */ - char fullhost[128]; /* Host & port combination */ - char hostName[10][128]; /* Entries from INI files */ - char *comma; /* For parsing del/bs info */ - int len; /* Length of fullhost */ - int n; /* Number of items written */ - int i; /* Index */ - int bs; /* What we return */ - - if (port == 23) /* Default telnet port */ - strcpy(fullhost, host); /* ...then don't add it on */ - else - wsprintf(fullhost, "%s %d", host, port); - len = strlen(fullhost); - - comma = NULL; - for (i = 0; i < 10; i++) { - wsprintf(buf, INI_HOST "%d", i); /* INI item to fetch */ - GetPrivateProfileString(INI_HOSTS, buf, "", hostName[i], - 128, TELNET_INI); - - if (!hostName[i][0]) - break; - - if (strncmp (hostName[i], fullhost, len)) /* A match?? */ - continue; /* Nope, keep going */ - comma = strchr (hostName[i], ','); - } - - if (comma) { - ++comma; /* Past the comma */ - while (*comma == ' ') /* Past leading white space */ - ++comma; - bs = VK_BACK; /* Default for unknown entry */ - if (_stricmp(comma, INI_HOST_DEL) == 0) - bs = 0x7f; - } - else { /* No matching entry */ - GetPrivateProfileString(INI_TELNET, INI_BACKSPACE, INI_BACKSPACE_BS, - buf, sizeof(buf), TELNET_INI); - bs = VK_BACK; /* Default value */ - if (_stricmp(buf, INI_BACKSPACE_DEL) == 0) - bs = 0x7f; - } - - /* - * Build up default host name - */ - strcpy(buf, fullhost); - strcat(buf, ", "); - strcat(buf, (bs == VK_BACK) ? INI_BACKSPACE_BS : INI_BACKSPACE_DEL); - WritePrivateProfileString(INI_HOSTS, INI_HOST "0", buf, TELNET_INI); - - n = 0; - for (i = 0; i < 10; i++) { - if (!hostName[i][0]) /* End of the list? */ - break; - if (strncmp(hostName[i], fullhost, len) != 0) { - wsprintf(buf, INI_HOST "%d", ++n); - WritePrivateProfileString(INI_HOSTS, buf, hostName[i], TELNET_INI); - } - } - return(bs); -} - - -int -OpenTelnetConnection(void) -{ - int nReturn, ret; - struct sockaddr_in sockaddr; - char *p; - static struct kstream_crypt_ctl_block ctl; - char buf[128]; - - tmpConfig = calloc(sizeof(CONFIG), 1); - - if (bAutoConnection) { - tmpConfig->title = calloc(lstrlen(szHostName), 1); - lstrcpy(tmpConfig->title, (char *) szHostName); - } else { - nReturn = DoDialog("OPENTELNETDLG", OpenTelnetDlg); - if (nReturn == FALSE) - return(FALSE); - } - - con = (CONNECTION *) GetNewConnection(); - if (con == NULL) - return(0); - - tmpConfig->width = - GetPrivateProfileInt(INI_TELNET, INI_WIDTH, DEF_WIDTH, TELNET_INI); - - tmpConfig->height = - GetPrivateProfileInt(INI_TELNET, INI_HEIGHT, DEF_HEIGHT, TELNET_INI); - con->width = tmpConfig->width; - con->height = tmpConfig->height; - - con->backspace = SaveHostName(tmpConfig->title, port_no); - - if (con->backspace == VK_BACK) { - tmpConfig->backspace = TRUE; - con->ctrl_backspace = 0x7f; - } else { - tmpConfig->backspace = FALSE; - con->ctrl_backspace = 0x08; - } - - tmpConfig->hwndTel = hWnd; - con->pScreen = InitNewScreen(tmpConfig); - if (!con->pScreen) { - assert(FALSE); - free(con->pScreen); - free(con); - free(tmpConfig); - return(-1); - } - - ret = (SOCKET) socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); - - if (ret == SOCKET_ERROR) { - wsprintf(buf, "Socket error on socket = %d!", WSAGetLastError()); - MessageBox(NULL, buf, NULL, MB_OK | MB_ICONEXCLAMATION); - if (con->pScreen != NULL) - DestroyWindow(con->pScreen->hWnd); - free(con); - free(tmpConfig); - return(-1); - } - - con->socket = ret; - - sockaddr.sin_family = AF_INET; - sockaddr.sin_addr.s_addr = htonl(INADDR_ANY); - sockaddr.sin_port = htons(0); - - ret = bind(con->socket, (struct sockaddr *) &sockaddr, - (int) sizeof(struct sockaddr_in)); - - if (ret == SOCKET_ERROR) { - wsprintf(buf, "Socket error on bind!"); - MessageBox(NULL, buf, NULL, MB_OK | MB_ICONEXCLAMATION); - if (con->pScreen != NULL) - DestroyWindow(con->pScreen->hWnd); - free(con); - free(tmpConfig); - return(-1); - } - - WSAAsyncSelect(con->socket, hWnd, WM_NETWORKEVENT, - FD_READ | FD_CLOSE | FD_CONNECT); - - lstrcpy(szHostName, tmpConfig->title); - p = strchr(szHostName, '@'); - if (p != NULL) { - *p = 0; - strcpy (szUserName, szHostName); - strcpy(szHostName, ++p); - } - - WSAAsyncGetHostByName(hWnd, WM_HOSTNAMEFOUND, szHostName, hostdata, - MAXGETHOSTSTRUCT); - - ctl.encrypt = auth_encrypt; - ctl.decrypt = auth_decrypt; - ctl.init = auth_init; - ctl.destroy = auth_destroy; - - con->ks = kstream_create_from_fd(con->socket, &ctl, NULL); - - if (con->ks == NULL) - return(-1); - - kstream_set_buffer_mode(con->ks, 0); - - return(1); -} - - -CONNECTION * -GetNewConnection(void) -{ - CONNECTION *pCon; - - pCon = calloc(sizeof(CONNECTION), 1); - if (pCon == NULL) - return NULL; - pCon->backspace = TRUE; - pCon->bResizeable = TRUE; - return(pCon); -} - - -int -DoDialog(char *szDialog, DLGPROC lpfnDlgProc) -{ - int nReturn; - - nReturn = DialogBox(hInst, szDialog, hWnd, lpfnDlgProc); - return (nReturn); -} - - -/* - * FUNCTION: OpenTelnetDlg(HWND, unsigned, WORD, LONG) - * - * PURPOSE: Processes messages for "Open New Telnet Connection" dialog box - * - * MESSAGES: - * - * WM_INITDIALOG - initialize dialog box - * WM_COMMAND - Input received - */ -INT_PTR CALLBACK -OpenTelnetDlg(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam) -{ - char szConnectName[256]; - HDC hDC; - int xExt, yExt; - DWORD Ext; - HWND hEdit; - int n; - int iHostNum = 0; - char tmpName[128]; - char tmpBuf[80]; - char *tmpCommaLoc; - - switch (message) { - case WM_INITDIALOG: - hDC = GetDC(hDlg); - Ext = GetDialogBaseUnits(); - xExt = (190 *LOWORD(Ext)) /4 ; - yExt = (72 * HIWORD(Ext)) /8 ; - GetPrivateProfileString(INI_HOSTS, INI_HOST "0", "", tmpName, - 128, TELNET_INI); - if (tmpName[0]) { - tmpCommaLoc = strchr(tmpName, ','); - if (tmpCommaLoc) - *tmpCommaLoc = '\0'; - SetDlgItemText(hDlg, TEL_CONNECT_NAME, tmpName); - } - hEdit = GetWindow(GetDlgItem(hDlg, TEL_CONNECT_NAME), GW_CHILD); - while (TRUE) { - wsprintf(tmpBuf, INI_HOST "%d", iHostNum++); - GetPrivateProfileString(INI_HOSTS, tmpBuf, "", tmpName, - 128, TELNET_INI); - tmpCommaLoc = strchr(tmpName, ','); - if (tmpCommaLoc) - *tmpCommaLoc = '\0'; - if (tmpName[0]) - SendDlgItemMessage(hDlg, TEL_CONNECT_NAME, CB_ADDSTRING, 0, - (LPARAM) ((LPSTR) tmpName)); - else - break; - } -#ifdef FORWARD - EnableWindow(GetDlgItem(hDlg, IDC_FORWARD), 1); - SendDlgItemMessage(hDlg, IDC_FORWARD, BM_SETCHECK, forward_flag, 0); - if (forward_flag) - EnableWindow(GetDlgItem(hDlg, IDC_FORWARDFORWARD), 1); - else - EnableWindow(GetDlgItem(hDlg, IDC_FORWARDFORWARD), 0); - SendDlgItemMessage(hDlg, IDC_FORWARDFORWARD, BM_SETCHECK, - forwardable_flag, 0); -#endif - -#ifdef ENCRYPTION - EnableWindow(GetDlgItem(hDlg, IDC_ENCRYPT), 1); - SendDlgItemMessage(hDlg, IDC_ENCRYPT, - BM_SETCHECK, encrypt_flag, 0); -#endif - - EnableWindow(GetDlgItem(hDlg, TEL_CONNECT_USERID), 1); - - SetWindowPos(hDlg, NULL, - (GetSystemMetrics(SM_CXSCREEN)/2)-(xExt/2), - (GetSystemMetrics(SM_CYSCREEN)/2)-(yExt/2), - 0, 0, SWP_NOSIZE | SWP_NOZORDER | SWP_SHOWWINDOW); - ReleaseDC(hDlg, hDC); - SendMessage(hEdit, WM_USER + 1, 0, 0); - SendMessage(hDlg, WM_SETFOCUS, 0, 0); - return (TRUE); - - case WM_COMMAND: - switch (wParam) { - case TEL_CANCEL: - case IDCANCEL: /* From the menu */ - EndDialog(hDlg, FALSE); - break; - -#ifdef FORWARD - case IDC_FORWARD: - forward_flag = (BOOL)SendDlgItemMessage(hDlg, IDC_FORWARD, - BM_GETCHECK, 0, 0); - if (forward_flag) - EnableWindow(GetDlgItem(hDlg, IDC_FORWARDFORWARD), 1); - else - EnableWindow(GetDlgItem(hDlg, IDC_FORWARDFORWARD), 0); - break; - - case IDC_FORWARDFORWARD: - forwardable_flag = (BOOL)SendDlgItemMessage(hDlg, IDC_FORWARDFORWARD, - BM_GETCHECK, 0, 0); - break; -#endif - -#if ENCRYPTION - case IDC_ENCRYPT: - encrypt_flag = (BOOL)SendDlgItemMessage(hDlg, IDC_ENCRYPT, - BM_GETCHECK, 0, 0); - break; -#endif - case TEL_CONNECT_USERID: - GetDlgItemText(hDlg, TEL_CONNECT_USERID, szUserName, sizeof(szUserName)); - break; - - case TEL_OK: - GetDlgItemText(hDlg, TEL_CONNECT_NAME, szConnectName, 256); - - n = parse_cmdline (szConnectName); - if (! n) { - MessageBox(hDlg, "You must enter a session name!", - NULL, MB_OK); - break; - } - tmpConfig->title = calloc(lstrlen(szHostName) + 1, 1); - lstrcpy(tmpConfig->title, szConnectName); - EndDialog(hDlg, TRUE); - break; - } - return (FALSE); - } - return(FALSE); -} - - -/* - * - * FUNCTION: TelnetSend(kstream ks, char *buf, int len, int flags) - * - * PURPOSE: This is a replacement for the WinSock send() function, to - * send a buffer of characters to an output socket. It differs - * by retrying endlessly if sending the bytes would cause - * the send() to block. observed EWOULDBLOCK - * errors when running using TCP Software's PC/TCP 3.0 stack, - * even when writing as little as 109 bytes into a socket - * that had no more than 9 bytes queued for output. Note also - * that a kstream is used during output rather than a socket - * to facilitate encryption. - * - * Eventually, for cleanliness and responsiveness, this - * routine should not loop; instead, if the send doesn't - * send all the bytes, it should put them into a buffer - * and return. Message handling code would send out the - * buffer whenever it gets an FD_WRITE message. - */ -int -TelnetSend(kstream ks, char *buf, int len, int flags) -{ - int writelen; - int origlen = len; - - while (TRUE) { - writelen = kstream_write(ks, buf, len); - - if (writelen == len) /* Success, first or Nth time */ - return (origlen); - - if (writelen == SOCKET_ERROR) { - if (WSAGetLastError() != WSAEWOULDBLOCK) - return (SOCKET_ERROR); /* Some error */ - /* For WOULDBLOCK, immediately repeat the send. */ - } - else { - /* Partial write; update the pointers and retry. */ - len -= writelen; - buf += writelen; - } - } -} - - -/* - * Function: Trim leading and trailing white space from a string. - * - * Parameters: - * s - the string to trim. - */ -void -trim(char *s) -{ - int l; - int i; - - for (i = 0; s[i]; i++) - if (s[i] != ' ' && s[i] != '\t') - break; - - l = strlen(&s[i]); - memmove(s, &s[i], l + 1); - - for (l--; l >= 0; l--) { - if (s[l] != ' ' && s[l] != '\t') - break; - } - s[l + 1] = 0; -} - - -/* - * - * Parse_cmdline - * - * Reads hostname and port number off the command line. - * - * Formats: telnet - * telnet - * telnet - * telnet -p - * - * Returns: TRUE if we have a hostname - */ -BOOL -parse_cmdline(char *cmdline) -{ - char *ptr; - - *szHostName = '\0'; /* Nothing yet */ - if (*cmdline == '\0') /* Empty command line? */ - return(FALSE); - - trim (cmdline); /* Remove excess spaces */ - ptr = strchr (cmdline, ' '); /* Find 2nd token */ - - if (ptr != NULL) { /* Port number given */ - *ptr++ = '\0'; /* Separate into 2 words */ - port_no = atoi (ptr); - } - - if (*cmdline != '-' && *cmdline != '/') { /* Host name given */ - lstrcpy (szHostName, cmdline); - return(TRUE); - } - - return(FALSE); -} - -#ifdef DEBUG -void -hexdump(char *msg, unsigned char *st, int cnt) -{ - int i; - char strTmp[128]; - - OutputDebugString("\r\n"); - if (msg != NULL) { - OutputDebugString(msg); - OutputDebugString("\r\n"); - } - for(i = 0 ; i < cnt ; i++) { - int j; - - for(j = 0 ; (j < 16) && ((i + j) < cnt) ; j++) { - wsprintf(strTmp,"%02x ", st[i + j]); - if (j == 8) - OutputDebugString("| "); - OutputDebugString(strTmp); - } - i += j - 1; - OutputDebugString("\r\n"); - } /* end for */ -} -#endif diff -Nru krb5-1.16.2/src/windows/wintel/telnet.def krb5-1.17/src/windows/wintel/telnet.def --- krb5-1.16.2/src/windows/wintel/telnet.def 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/wintel/telnet.def 1970-01-01 00:00:00.000000000 +0000 @@ -1,39 +0,0 @@ -; module-definition file for testdll -- used by LINK.EXE -NAME TELNET -DESCRIPTION 'Sample Microsoft Windows Application' -EXETYPE WINDOWS -STUB 'WINSTUB.EXE' -SEGMENTS _TEXT CLASS 'CODE' PRELOAD -CODE DISCARDABLE -DATA PRELOAD MOVEABLE MULTIPLE -HEAPSIZE 10240 - -; All functions that will be called by any Windows routine -; MUST be exported. - -EXPORTS - MainWndProc @1 ; name of window processing function - OpenTelnetDlg @3 ; name of "Open New Telnet Connection" Dialog Function - -IMPORTS - WINSOCK.WSAStartup - WINSOCK.WSACleanup - WINSOCK.WSAAsyncSelect - WINSOCK.WSAGetLastError - WINSOCK.WSAAsyncGetHostByName - WINSOCK.listen - WINSOCK.accept - WINSOCK.__wsafdisset - WINSOCK.socket - WINSOCK.bind - WINSOCK.gethostbyname - WINSOCK.getsockname - WINSOCK.htons - WINSOCK.connect - WINSOCK.recv - WINSOCK.send - WINSOCK.htonl - WINSOCK.closesocket - WINSOCK.select - WINSOCK.ioctlsocket - WINSOCK.getpeername diff -Nru krb5-1.16.2/src/windows/wintel/telnet.h krb5-1.17/src/windows/wintel/telnet.h --- krb5-1.16.2/src/windows/wintel/telnet.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/wintel/telnet.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,41 +0,0 @@ -#ifndef TELNET_H_INC -#define TELNET_H_INC - -#include -#include - -#ifdef KRB5 -#include "krb5.h" -#include "k5stream.h" -#endif - -#include "dialog.h" -#include "screen.h" -#include "struct.h" -#include "wt-proto.h" -#include "winsock.h" -#include "ini.h" - -/* globals */ -extern char szAutoHostName[64]; -extern char szUserName[64]; -extern char szHostName[64]; - -#ifdef KRB5 -extern krb5_context k5_context; -#endif - -extern void parse(CONNECTION *, unsigned char *, int); - -extern void send_naws(CONNECTION *); - -extern char strTmp[1024]; - -#define DEF_WIDTH 80 -#define DEF_HEIGHT 24 - -#ifdef DEBUG -void hexdump(char *, unsigned char *, int); -#endif - -#endif /* TELNET_H_INC */ diff -Nru krb5-1.16.2/src/windows/wintel/telnet.rc krb5-1.17/src/windows/wintel/telnet.rc --- krb5-1.16.2/src/windows/wintel/telnet.rc 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/wintel/telnet.rc 1970-01-01 00:00:00.000000000 +0000 @@ -1,247 +0,0 @@ -//Microsoft Developer Studio generated resource script. -// -// XXX since modified by hand... - -#include "resource.h" - -#define APSTUDIO_READONLY_SYMBOLS -///////////////////////////////////////////////////////////////////////////// -// -// Generated from the TEXTINCLUDE 2 resource. -// -#define APSTUDIO_HIDDEN_SYMBOLS -#include "windows.h" -#undef APSTUDIO_HIDDEN_SYMBOLS -#include "dialog.h" -#include "screen.h" - -///////////////////////////////////////////////////////////////////////////// -#undef APSTUDIO_READONLY_SYMBOLS - -///////////////////////////////////////////////////////////////////////////// -// English (U.S.) resources - -#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU) -#ifdef _WIN32 -LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US -#pragma code_page(1252) -#endif //_WIN32 - -///////////////////////////////////////////////////////////////////////////// -// -// Dialog -// - -OPENTELNETDLG DIALOG DISCARDABLE 63, 65, 175, 129 -#ifdef _WIN32 -STYLE DS_ABSALIGN | DS_MODALFRAME | DS_3DLOOK | WS_POPUP | WS_CAPTION | - WS_SYSMENU -#else -STYLE DS_ABSALIGN | DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU -#endif -CAPTION "Open New Telnet Connection" -FONT 8, "MS Sans Serif" -BEGIN - LTEXT "To Host:",IDC_STATIC,3,10,33,10,NOT WS_GROUP - COMBOBOX TEL_CONNECT_NAME,37,9,128,76,CBS_DROPDOWN | WS_VSCROLL | - WS_GROUP | WS_TABSTOP - CONTROL "Forward credentials",IDC_FORWARD,"Button", - BS_AUTOCHECKBOX | WS_DISABLED | WS_TABSTOP,37,28,77,10 - CONTROL "Forward remote credentials",IDC_FORWARDFORWARD,"Button", - BS_AUTOCHECKBOX | WS_DISABLED | WS_TABSTOP,37,44,101,10 - CONTROL "Enable encryption",IDC_ENCRYPT,"Button",BS_AUTOCHECKBOX | - WS_DISABLED | WS_TABSTOP,37,60,73,10 - CONTROL "Connect as userid",IDC_STATIC,"Static", - SS_LEFTNOWORDWRAP,15,84,58,8 - EDITTEXT TEL_CONNECT_USERID,77,82,80,13,ES_AUTOHSCROLL | - WS_DISABLED - DEFPUSHBUTTON "OK",TEL_OK,20,106,51,14,WS_GROUP - PUSHBUTTON "Cancel",TEL_CANCEL,106,106,51,14 -END - -ABOUTBOX DIALOG DISCARDABLE 69, 33, 175, 148 -STYLE DS_ABSALIGN | DS_MODALFRAME | WS_CAPTION | WS_SYSMENU -CAPTION "About TCPwin" -BEGIN - ICON "NCSA",-1,15,12,16,16 - CTEXT "Microsoft Windows",-1,48,11,93,8 - CTEXT "NCSA TCP/IP Networking Kernel",-1,38,21,120,8 - CTEXT "Version 1.0b2",-1,20,31,144,8 - PUSHBUTTON "OK",IDOK,72,126,39,14,WS_GROUP | NOT WS_TABSTOP - CTEXT "Written By:",606,20,50,144,8 - CTEXT "Jon Mittelhauser (jonm@ncsa.uiuc.edu)",607,20,61,144,8 - CTEXT "Chris Wilson (cwilson@ncsa.uiuc.edu)",608,20,71,144,8 - CTEXT "Special Thanks to:",609,21,97,143,8 - CTEXT "Joe Lepore for DPMI interface code",610,20,107,144,8 - CTEXT "Keberized by: Cygnus Support",611,20,82,144,8 -END - -CONFIG_DLG DIALOG DISCARDABLE 6, 18, 160, 130 -STYLE DS_MODALFRAME | WS_POPUP | WS_VISIBLE | WS_CAPTION | WS_SYSMENU -CAPTION "Configure Session" -FONT 8, "MS Sans Serif" -BEGIN - LTEXT "Session Name:",301,1,5,54,8 - LTEXT "Default Session",CON_SESSIONNAME,55,5,105,8 - LTEXT "Window Title:",303,1,17,49,8 - EDITTEXT CON_WINDOWTITLE,53,15,102,12,ES_AUTOHSCROLL - CONTROL "132",CON_COLUMNS132,"Button",BS_AUTORADIOBUTTON | - WS_GROUP,53,33,39,10 - CONTROL "80",CON_COLUMNS80,"Button",BS_AUTORADIOBUTTON,110,33,39, - 10 - CONTROL "Backspace",CON_BACKSPACE,"Button",BS_AUTORADIOBUTTON | - WS_GROUP,53,46,49,10 - CONTROL "Delete",CON_DELETE,"Button",BS_AUTORADIOBUTTON,110,46, - 39,10 - CONTROL "CRLF",CON_CRLF,"Button",BS_AUTORADIOBUTTON | WS_GROUP, - 53,59,39,10 - CONTROL "CR-NUL",CON_CRNUL,"Button",BS_AUTORADIOBUTTON,110,59,39, - 10 - CONTROL "Buffers",CON_BUFFERS,"Button",BS_AUTORADIOBUTTON | - WS_GROUP,53,72,39,10 - CONTROL "Sends",CON_SENDS,"Button",BS_AUTORADIOBUTTON,110,72,39, - 10 - LTEXT "Columns",313,1,33,49,8 - LTEXT "Backspace is",314,1,46,51,8 - LTEXT "Return Sends",315,1,59,49,8 - LTEXT "Echo Mode",316,1,72,49,8 - CONTROL "Scrollback",CON_SCRLBCK,"Button",BS_AUTOCHECKBOX | - WS_TABSTOP,1,86,50,10 - EDITTEXT CON_NUMLINES,53,85,28,12,ES_AUTOHSCROLL - LTEXT "lines",319,85,86,33,8 - DEFPUSHBUTTON "OK",CON_OK,20,108,50,14,WS_GROUP - PUSHBUTTON "Use Defaults",CON_USEDEFAULTS,90,108,50,14 -END - -IDM_PRINTQUEUE DIALOG DISCARDABLE 69, 25, 160, 80 -STYLE WS_MINIMIZEBOX | WS_MAXIMIZEBOX | WS_POPUP | WS_VISIBLE | WS_CAPTION | - WS_VSCROLL | WS_HSCROLL | WS_SYSMENU -CAPTION "Print Queue" -FONT 8, "MS Sans Serif" -BEGIN -END - -IDD_DIALOG1 DIALOG DISCARDABLE 0, 0, 183, 92 -STYLE DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU -CAPTION "Dialog" -FONT 8, "MS Sans Serif" -BEGIN - DEFPUSHBUTTON "OK",IDOK,126,7,50,14 - PUSHBUTTON "Cancel",IDCANCEL,126,24,50,14 -END - - -///////////////////////////////////////////////////////////////////////////// -// -// Icon -// - -// Icon with lowest ID value placed first to ensure application icon -// remains consistent on all systems. -NCSA ICON DISCARDABLE "ncsa.ico" -TERMINAL ICON DISCARDABLE "terminal.ico" - -///////////////////////////////////////////////////////////////////////////// -// -// Menu -// - -SCREENMENU MENU DISCARDABLE -BEGIN - POPUP "&File" - BEGIN - MENUITEM "E&xit Alt+F4", IDM_EXIT - END - POPUP "&Edit" - BEGIN - MENUITEM "&Copy Cltr+Ins", IDM_COPY - MENUITEM "&Paste Shift+Ins", IDM_PASTE - END - POPUP "&Options" - BEGIN - MENUITEM "&Backspace", IDM_BACKSPACE - MENUITEM "&Delete", IDM_DELETE, CHECKED - MENUITEM SEPARATOR - MENUITEM "&Font...", IDM_FONT - END -#if 0 - POPUP "&Send", GRAYED - BEGIN - MENUITEM "&Interrupt Process", IDM_SEND_IP - MENUITEM "&Are You There?", IDM_SEND_AYT - MENUITEM "A&bort Process", IDM_SEND_ABORT - END -#endif - POPUP "&Help" - BEGIN - MENUITEM "&Index...", IDM_HELP_INDEX - MENUITEM SEPARATOR - MENUITEM "&About...", IDM_ABOUT - END -END - - -#ifdef APSTUDIO_INVOKED -///////////////////////////////////////////////////////////////////////////// -// -// TEXTINCLUDE -// - -1 TEXTINCLUDE DISCARDABLE -BEGIN - "resource.h\0" -END - -2 TEXTINCLUDE DISCARDABLE -BEGIN - "#define APSTUDIO_HIDDEN_SYMBOLS\r\n" - "#include ""windows.h""\r\n" - "#undef APSTUDIO_HIDDEN_SYMBOLS\r\n" - "#include ""dialog.h""\r\n" - "#include ""screen.h""\r\n" - "\0" -END - -3 TEXTINCLUDE DISCARDABLE -BEGIN - "\r\n" - "\0" -END - -#endif // APSTUDIO_INVOKED - - -///////////////////////////////////////////////////////////////////////////// -// -// DESIGNINFO -// - -#ifdef APSTUDIO_INVOKED -GUIDELINES DESIGNINFO DISCARDABLE -BEGIN - IDD_DIALOG1, DIALOG - BEGIN - LEFTMARGIN, 7 - RIGHTMARGIN, 176 - TOPMARGIN, 7 - BOTTOMMARGIN, 85 - END -END -#endif // APSTUDIO_INVOKED - -#endif // English (U.S.) resources -///////////////////////////////////////////////////////////////////////////// - - - -#ifndef APSTUDIO_INVOKED -///////////////////////////////////////////////////////////////////////////// -// -// Generated from the TEXTINCLUDE 3 resource. -// - - -///////////////////////////////////////////////////////////////////////////// -#endif // not APSTUDIO_INVOKED - -#include "..\version.rc" diff -Nru krb5-1.16.2/src/windows/wintel/telopts.h krb5-1.17/src/windows/wintel/telopts.h --- krb5-1.16.2/src/windows/wintel/telopts.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/wintel/telopts.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,164 +0,0 @@ -/* - * telopts.h - * Used for telnet options - **************************************************************************** - * * - * * - * NCSA Telnet * - * by Tim Krauskopf, VT100 by Gaige Paulsen, Tek by Aaron Contorer * - * Additions by Kurt Mahan, Heeren Pathak, & Quincey Koziol * - * * - * National Center for Supercomputing Applications * - * 152 Computing Applications Building * - * 605 E. Springfield Ave. * - * Champaign, IL 61820 * - * * - **************************************************************************** - * Quincey Koziol - * Defines for telnet options and related things - */ - -#ifndef TELOPTS_H -#define TELOPTS_H - -#define NUMLMODEOPTIONS 30 - -/* Definitions for telnet protocol */ - -#define STNORM 0 - -/* Definition of the lowest telnet byte following an IAC byte */ -#define LOW_TEL_OPT 236 - -#define TEL_EOF 236 -#define SUSP 237 -#define ABORT 238 - -#define SE 240 -#define NOP 241 -#define DM 242 -#define BREAK 243 -#define IP 244 -#define AO 245 -#define AYT 246 -#define EC 247 -#define EL 248 -#define GOAHEAD 249 -#define SB 250 -#define WILLTEL 251 -#define WONTTEL 252 -#define DOTEL 253 -#define DONTTEL 254 -#define IAC 255 - -/* Assigned Telnet Options */ -#define BINARY 0 -#define ECHO 1 -#define RECONNECT 2 -#define SGA 3 -#define AMSN 4 -#define STATUS 5 -#define TIMING 6 -#define RCTAN 7 -#define OLW 8 -#define OPS 9 -#define OCRD 10 -#define OHTS 11 -#define OHTD 12 -#define OFFD 13 -#define OVTS 14 -#define OVTD 15 -#define OLFD 16 -#define XASCII 17 -#define LOGOUT 18 -#define BYTEM 19 -#define DET 20 -#define SUPDUP 21 -#define SUPDUPOUT 22 -#define SENDLOC 23 -#define TERMTYPE 24 -#define EOR 25 -#define TACACSUID 26 -#define OUTPUTMARK 27 -#define TERMLOCNUM 28 -#define REGIME3270 29 -#define X3PAD 30 -#define NAWS 31 -#define TERMSPEED 32 -#define TFLOWCNTRL 33 -#define LINEMODE 34 - -#define MODE 1 -#define MODE_EDIT 1 -#define MODE_TRAPSIG 2 -#define MODE_ACK 4 -#define MODE_SOFT_TAB 8 -#define MODE_LIT_ECHO 16 - -#define FORWARDMASK 2 - -#define SLC 3 -#define SLC_DEFAULT 3 -#define SLC_VALUE 2 -#define SLC_CANTCHANGE 1 -#define SLC_NOSUPPORT 0 -#define SLC_LEVELBITS 3 - -#define SLC_ACK 128 -#define SLC_FLUSHIN 64 -#define SLC_FLUSHOUT 32 - -#define SLC_SYNCH 1 -#define SLC_BRK 2 -#define SLC_IP 3 -#define SLC_AO 4 -#define SLC_AYT 5 -#define SLC_EOR 6 -#define SLC_ABORT 7 -#define SLC_EOF 8 -#define SLC_SUSP 9 -#define SLC_EC 10 -#define SLC_EL 11 -#define SLC_EW 12 -#define SLC_RP 13 -#define SLC_LNEXT 14 -#define SLC_XON 15 -#define SLC_XOFF 16 -#define SLC_FORW1 17 -#define SLC_FORW2 18 -#define SLC_MCL 19 -#define SLC_MCR 20 -#define SLC_MCWL 21 -#define SLC_MCWR 22 -#define SLC_MCBOL 23 -#define SLC_MCEOL 24 -#define SLC_INSRT 25 -#define SLC_OVER 26 -#define SLC_ECR 27 -#define SLC_EWR 28 -#define SLC_EBOL 29 -#define SLC_EEOL 30 - -#define XDISPLOC 35 -#define ENVIRONMENT 36 -#define AUTHENTICATION 37 -#define TELOPT_AUTHENTICATION AUTHENTICATION -#define DATA_ENCRYPTION 38 -#define XOPTIONS 255 - -#define LINEMODE_MODES_SUPPORTED 0x1B -/* - * set this flag for linemode special functions which are supported by - * Telnet, even though they are not currently active. This is to allow - * the other side to negotiate to a "No Support" state for an option - * and then change later to supporting it, so we know it's ok to change - * our "No Support" state to something else ("Can't Change", "Value", - * whatever) - */ -#define SLC_SUPPORTED 0x10 - -#define ESCFOUND 5 -#define IACFOUND 6 -#define NEGOTIATE 1 - -#endif /* telopts.h */ Binary files /tmp/tmpZ5lbJJ/iEKdhsiA96/krb5-1.16.2/src/windows/wintel/terminal.ico and /tmp/tmpZ5lbJJ/vhsupvPX9B/krb5-1.17/src/windows/wintel/terminal.ico differ diff -Nru krb5-1.16.2/src/windows/wintel/wt-proto.h krb5-1.17/src/windows/wintel/wt-proto.h --- krb5-1.16.2/src/windows/wintel/wt-proto.h 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/src/windows/wintel/wt-proto.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,63 +0,0 @@ -/* wt-proto.h */ -BOOL -InitApplication( - HINSTANCE - ); - -BOOL -InitInstance( - HINSTANCE, - int - ); - -LRESULT -CALLBACK -MainWndProc( - HWND, - UINT, - WPARAM, - LPARAM - ); - -INT_PTR -CALLBACK -OpenTelnetDlg( - HWND, - UINT, - WPARAM, - LPARAM - ); - -int -TelnetSend( - kstream, - char *, - int, - int - ); - -int -OpenTelnetConnection( - void - ); - -int -DoDialog( - char *szDialog, - DLGPROC lpfnDlgProc - ); - -BOOL -parse_cmdline( - char *cmdline - ); - -CONNECTION * -GetNewConnection( - void - ); - -void -start_negotiation( - kstream ks - ); diff -Nru krb5-1.16.2/.travis-ci.sh krb5-1.17/.travis-ci.sh --- krb5-1.16.2/.travis-ci.sh 1970-01-01 00:00:00.000000000 +0000 +++ krb5-1.17/.travis-ci.sh 2019-01-08 16:02:37.000000000 +0000 @@ -0,0 +1,11 @@ +cd src +autoreconf +./configure --enable-maintainer-mode --with-ldap +make $MAKEVARS +make check +make distclean +# Check for files unexpectedly not removed by make distclean. +rm -rf autom4te.cache configure include/autoconf.h.in +if [ -n "$(git ls-files -o)" ]; then + exit 1 +fi diff -Nru krb5-1.16.2/.travis.yml krb5-1.17/.travis.yml --- krb5-1.16.2/.travis.yml 2018-11-01 23:51:07.000000000 +0000 +++ krb5-1.17/.travis.yml 2019-01-08 16:02:37.000000000 +0000 @@ -10,7 +10,7 @@ before_install: - sudo apt-get update -qq - - sudo apt-get install -y bison dejagnu gettext keyutils ldap-utils libldap2-dev libkeyutils-dev libssl-dev python-cjson python-paste python-pyrad slapd tcl-dev tcsh + - sudo apt-get install -y bison dejagnu gettext keyutils ldap-utils libldap2-dev libkeyutils-dev libssl-dev python3-paste slapd tcl-dev tcsh - mkdir -p cmocka/build - cd cmocka - wget https://cmocka.org/files/1.1/cmocka-1.1.1.tar.xz @@ -21,4 +21,4 @@ - sudo make install - cd ../.. -script: cd src && autoreconf && ./configure --enable-maintainer-mode --with-ldap && make $MAKEVARS && make check +script: sh -ex .travis-ci.sh