Jeffrey Altman [Mon, 1 Oct 2007 05:31:02 +0000 (05:31 +0000)]
When Network Identity Manager starts, the credentials display
enumerates known identities and displays them if necessary. However,
as plug-ins load and the list of known identities, their properties
and credentials change, the order of the displayed list will also
change.
The existing code does not deal well in respect to tracking the
current selection when the list of identities and credentials change.
This results in inconsistent behavior where the identity that was
originally at the top of the list maintains its selection state while
the identity at the top of the list after all the plug-ins have loaded
will receive focus.
This patch fixes this problem by explicitly setting focus and
selection to the identity or credential at the current cursor location
following a change in the credentials list.
ticket: 5782
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20033
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Mon, 1 Oct 2007 05:29:38 +0000 (05:29 +0000)]
The credentials display in Network Identity Manager colors the
background of identity headings based on the expiration state of the
credentials that belong to the identity.
This patch changes the behavior to color these headings based on the
existence and expiration state of identity credentials. With this
change, only identities that have valid identity credentials will
appear in green.
The same logic is used when drawing the menu items in the "Set
default" sub-menu in the notification icon.
ticket: 5783
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20032
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Mon, 1 Oct 2007 05:27:29 +0000 (05:27 +0000)]
NIM: BUG: APP: notification icon state
Currently, the notification icon that is created by Network Identity
Manager indicates the status of all the known credentials. If any
credential belonging to any identity is expired or in a critical
state, the icon will change color to indicate this.
This patch changes the behavior to only indicate the status of
credentials belonging to the default identity. The expiration state
of credentials that do not belong to the default identity no longer
affect the appearance of the notification icon.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20031
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Mon, 1 Oct 2007 05:25:34 +0000 (05:25 +0000)]
NIM: BUG: APP: identity data corruption
The credentials display in Network Identity Manager uses a cached set
of properties for each identity that has credentials. The existing
code used the wrong field of the khui_credwnd_identity structure to
store the credentials type name associated with an identity, resulting
in a corrupt data structure.
This patch fixes the code to use the correct field.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20030
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Mon, 1 Oct 2007 05:20:51 +0000 (05:20 +0000)]
NIM: BUG: APP: View-Select columns
Change "View columns" to "Select columns" in the "View" menu of
Network Identity Manager to be consistent with other Windows
applications.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20029
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Mon, 1 Oct 2007 05:19:05 +0000 (05:19 +0000)]
NIM: BUG: APP: leaking prompts in obtain new credentials dialog
The Kerberos v5 plug-in for Network Identity Manager was not clearing
the list of prompts properly when a user changes the active identity
in the new credentials dialog. The stale prompts would be visible to
the user if the newly selected identity is invalid or the new identity
cannot be validated.
This patch clears the prompts if there is an identity change.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20028
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Mon, 1 Oct 2007 03:22:07 +0000 (03:22 +0000)]
add descriptions of credential flags, identity icons, and push-pins
update screen shots
add credits to Fermilabs and Stanford University.
other changes for kfw 3.2.2 release.
ticket: 5789
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20027
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Mon, 1 Oct 2007 03:20:06 +0000 (03:20 +0000)]
fix the description of the notification icon status colors
ticket: 5789
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20026
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Sun, 30 Sep 2007 20:50:45 +0000 (20:50 +0000)]
NIM: BUG: LIB: deadlock in kmq
Do not obtain a critical section that is already being held:
"cs_kmq_types"
Update the docs to indicate the additional restriction.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20025
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Sun, 30 Sep 2007 20:46:02 +0000 (20:46 +0000)]
Add static ordinals to DLL exports
Add static ordinals to DLL exports in krb5_32.def, xpprof32.def
gssapi32.def, and krb524.def.
Not added to k5sprt32.def as all of the functions are
private.
Not added to krb4_32.def as the library is not supported
as part of KFW.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20024
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Sun, 30 Sep 2007 14:42:22 +0000 (14:42 +0000)]
When there is no ImagePath value for a module it indicates
that the module has not been installed. Do not report an
error to the end user for uninstalled modules. This will
only annoy the user and there is probably nothing the user
can do about it. Perhaps the user uninstalled the module
intentionally. The fact that there is still a HKCU key
remaining is not an indication that the module is in use.
ticket: 5753
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20023
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Sun, 30 Sep 2007 04:44:31 +0000 (04:44 +0000)]
Remove Krb5Cred, Krb5Ident, and Krb4Cred default configuration data from
the KMM Schema. Require that modules that are installed be properly
installed.
Add NIM Module Registry values to the NSIS installer. These values were
already being set by the Wix installer.
By removing the ImagePath default, unable to load module errors will
not be generated when the module has not in fact been installed.
ticket: 5753
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20022
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Sun, 30 Sep 2007 03:50:37 +0000 (03:50 +0000)]
fix documentation typo
ticket: 5787
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20021
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Sun, 30 Sep 2007 01:45:10 +0000 (01:45 +0000)]
NIM: disable warning
Disable the potentially uninitialized variable warning
for 'ri'. The variable cannot be used when uninitialized.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20020
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Sun, 30 Sep 2007 01:24:12 +0000 (01:24 +0000)]
NIM: PDF user documentation updates for KFW 3.2.2
updates for NIM 1.3.1 / KFW 3.2.2
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20019
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Sat, 29 Sep 2007 22:56:57 +0000 (22:56 +0000)]
NIM: BUG: APP: Provide keyboard accelerator
In the Advanced mode of the Obtain New Credentials dialog
the keyboard accelerator was missing.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20018
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Sat, 29 Sep 2007 22:53:37 +0000 (22:53 +0000)]
Fix typo
ticket: 5787
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20017
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Sat, 29 Sep 2007 21:18:43 +0000 (21:18 +0000)]
NIM: BUG: APP: Spell Check
Correct typos. Make use of "plug-in" vs "plugin" consistent.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20016
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Thu, 27 Sep 2007 05:30:20 +0000 (05:30 +0000)]
cc_ccache_set_principal and cc_ccache_get_principal were also ignoring their
credentials version inputs.
ticket: 5771
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19986
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Thu, 27 Sep 2007 03:46:36 +0000 (03:46 +0000)]
NIM: FEATURE: APP: Notification Icon Tooltip
The Network Identity Manager notification icon can have a tooltip
associated with it. The tooltip will be displayed to the user if she
hovers the mouse cursor over the notification icon. Currently, the
tooltip is used to indicate the current status of Network Identity
Manager. This patch adds the name of the default identity to the
tooltip.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19985
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Thu, 27 Sep 2007 03:44:29 +0000 (03:44 +0000)]
NIM: BUG: LIB: optimize khui_find_action()
In Network Identity Manager, when locating the action object
corresponding to an action identifier using khui_find_action(), don't
search through the list of standard actions if we already know that
the object we are searching for is a custom action.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19984
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Thu, 27 Sep 2007 03:42:20 +0000 (03:42 +0000)]
Add a "Set default" sub menu to the Network Identity Manager
notification icon context menu. The submenu will display a list of
identities that the user can select as the default identity.
Each identity that is displayed in the sub menu will be colored the
same way it is colored in the basic view to provide a hint as to the
state of the credentials belonging to the identity.
ticket: 5724
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19983
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Thu, 27 Sep 2007 03:38:54 +0000 (03:38 +0000)]
Add a "View all identities" option to the view menu of Network
Identity Manager. This option will be toggled when selected. If
enabled, all the known identities will be displayed in any credentials
view which uses the identity of credentials as the primary group-by
field.
The setting of this option is persistent.
ticket: 5719
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19982
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Wed, 26 Sep 2007 15:15:33 +0000 (15:15 +0000)]
profile library memory leaks introduced when malloc returns 0
I have a modified version of valgrind that will allow me to have
malloc fail in a controlled way. A number of memory leaks in error return
passes exist in the profile library. They are essentially inconsequental - but
my goal is to eventually create a test harness that tries to cover all code -
including error returns...
prof_parse.c: (profile_parse_file): Free node being created if
parse_line() fails.
prof_file.c (profile_open_file): free prf_data_t on malloc failure
prof_tree.c (profile_create_node): The magic element must be set
before calling profile_free_node for it to release memory.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19981
dc483132-0cff-0310-8789-
dd5450dbe970
Justin Anderson [Tue, 25 Sep 2007 21:35:25 +0000 (21:35 +0000)]
Include missing file
ticket: 5459
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19980
dc483132-0cff-0310-8789-
dd5450dbe970
Justin Anderson [Tue, 25 Sep 2007 21:34:10 +0000 (21:34 +0000)]
Update ccapi tests to work at new location in krb5 tree. Also, test for platform when compiling so that KfM and KfW can use this
ticket: 5459
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19979
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Tue, 25 Sep 2007 04:22:02 +0000 (04:22 +0000)]
Document use of KRB5_CCH_CCNAME for ccache name length
ticket: 5772
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19978
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Tue, 25 Sep 2007 04:19:52 +0000 (04:19 +0000)]
change all MAX_PATH ccname buffer lengths to KRB5_CCH_CCNAME and
document the use of KRB5_CCH_CCNAME.
ticket: 5772
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19977
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Tue, 25 Sep 2007 03:53:53 +0000 (03:53 +0000)]
NIM: BUG: KMM: miscellaneous fixes
kmm_reg.c:
Allocate enough memory to hold the entire PluginList multi-string plus
an extra NUL if the registry value was not properly terminated.
kmm_registrar.c:
Do not record an error loading a module if there was no configuration
for it.
kmmmain.c:
Avoid a race condition by sending the thread quit message instead of
posting it. Do so outside of the critical section to avoid a deadlock.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19976
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Tue, 25 Sep 2007 03:25:28 +0000 (03:25 +0000)]
NIM: BUG: KRB5: cleanup krb5funcs
(1) remove an extraneous backslash from the generated FILE:
ccache name. GetTempPath() always returns paths terminated
with a backslash.
(2) increase the max ccache name length to KRB5_CCH_CCNAME from
MAX_PATH.
These changes have dependencies on revisions 19891 and 19897.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19975
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Tue, 25 Sep 2007 03:16:18 +0000 (03:16 +0000)]
More consolidation of the computation of the default ccache name
ticket: 5691
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19974
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Tue, 25 Sep 2007 02:36:48 +0000 (02:36 +0000)]
cc_ccache_set_principal always returns error 227
Was attempting to read the new name from the reply stream.
ticket: new
target_version: 1.7
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19973
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 24 Sep 2007 22:05:56 +0000 (22:05 +0000)]
Set svn:eol-style on a bunch of text-looking files that didn't have it
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19972
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 24 Sep 2007 21:44:50 +0000 (21:44 +0000)]
we're not using changelog files any more
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19971
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Mon, 24 Sep 2007 18:49:58 +0000 (18:49 +0000)]
Remove the broken optimization from UnicodeToANSI() that attempted
in a stupid way to avoid to WideCharToMultiByte() call by testing
to see if the second byte (not wchar) was NUL. This test works
for Latin1 but not for anything more interesting. Always call
WideCharToMultiByte().
I commented out the use of WC_NO_BEST_FIT_CHARS in order to
provide compatibility with Windows. Windows converts the user
name without that option.
With the current code a principal name consisting of a single
component equivalent to the Greek character Sigma and a realm
name will be converted to S@REALM exactly as the "WhoAmI"
command does. If WC_NO_BEST_FIT_CHARS was specified, this
string would be converted to "?@REALM".
ticket: 5766
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19970
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Mon, 24 Sep 2007 17:46:26 +0000 (17:46 +0000)]
MSLSA krb5_cc module fails to check success of UNICODE string conversions
The MSLSA krb5_cc module was written with an assumption that probably does not
hold true anymore. It assumed that all Kerberos strings although stored in
wide character data structures could in fact be represented in the application's
ANSI code page and that such conversions would not fail.
The UnicodeToANSI() function did not check the result of WideCharToMultiByte()
for success. If the conversion failed, this could result in the caller believing
the contents of the output string buffer were a valid string when instead they
were simply stack garbage.
The UnicodeStringToMITPrinc() and KerbExternalNameToMITPrinc() functions did not
check the return value of krb5_parse_name() for success. If krb5_parse_name()
was passed a pointer to garbage on the stack instead of an actual principal name,
this could result in the caller believing the output krb5_principal * was valid
when instead it was NULL.
The function CacheInfoEx2ToMITCred() is dependent on the success or failure of
UnicodeStringToMITPrinc() assumed it could not fail and did not return a
success or failure indication to its caller.
If Microsoft a formatted ticket contains a Unicode string that can not be
represented in the application's ANSI code page, this could result in a NULL
pointer dereference during a call to krb5_cc_resolve("MSLSA:") or
krb5_cc_retrieve(), or krb5_cc_get_principal().
With the changes in this commit, tickets containing principal names that cannot
be represented in the application's ANSI code page will be hidden from the
application.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19969
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Mon, 24 Sep 2007 13:23:25 +0000 (13:23 +0000)]
NIM: BUG: Restore Copyright removed in revision 19855
Restore MIT Copyright removed in revision 19855.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19968
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Mon, 24 Sep 2007 12:30:03 +0000 (12:30 +0000)]
NIM: BUG: khm_krb5_initialize() failed to return error code
khm_krb5_initialize() is called in the krb5cred.dll and krb4cred.dll
credential providers in order to ensure that the caller has references
to a valid krb5_context and a valid krb5_ccache. If the krb5_cc_resolve()
call failed, the error code was not being returned to the caller.
Instead, success was returned which in turn would result in the caller
believing the NULL krb5_ccache pointer was in fact valid.
This fix resolves Microsoft's WER Event ID
432405961.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19967
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Sat, 22 Sep 2007 05:11:04 +0000 (05:11 +0000)]
Move the removal of the vc70.pdb and vc80.pdb files to the
global clean rule in config/Makefile.w32. No need to replicate
them in each individual Makefile.
ticket: 5756
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19966
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Sat, 22 Sep 2007 04:54:13 +0000 (04:54 +0000)]
stdint.h should only be accessed if HAVE_STDINT_H defined
stdint.h does not exist on Windows. Conditionally include it
based upon HAVE_STDINT_H
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19965
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Fri, 21 Sep 2007 23:22:56 +0000 (23:22 +0000)]
NIM: APP: BUG: restore HideWatermark functionality
Restore the HideWatermark functionality that was accidently
removed from ui/credwnd.c
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19964
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Fri, 21 Sep 2007 20:35:52 +0000 (20:35 +0000)]
Removed extra newline
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19963
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 19 Sep 2007 02:54:56 +0000 (02:54 +0000)]
Ignore dependency lines beginning with '#' to deal with gcc
-fworking-directory output during make depend.
ticket: 5752
target_version: 1.6.4
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19961
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 19 Sep 2007 02:22:32 +0000 (02:22 +0000)]
copyright notice updates
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19957
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Tue, 18 Sep 2007 21:17:08 +0000 (21:17 +0000)]
Fixed bug where the lock list was getting corrupted when upgrading or
downgrading a lock. Also fixed a bug where we were double-replying
to the client when adding a lock that could be immediately granted.
ticket: 4644
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19956
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Tue, 18 Sep 2007 21:08:01 +0000 (21:08 +0000)]
Windows\Identity Makefile "clean" more
make sure that we clean up vc70.pdb, vc80.pdb, and
temporary files generated during the build process.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19955
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Tue, 18 Sep 2007 19:57:28 +0000 (19:57 +0000)]
use ccs_callback_release() to free ccs_callback_t
ticket: 4644
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19953
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Tue, 18 Sep 2007 19:53:47 +0000 (19:53 +0000)]
Added sanity checking so we can't dereference NULL trying to call a callback
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19952
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Tue, 18 Sep 2007 19:52:13 +0000 (19:52 +0000)]
Added additional debugging error checking
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19951
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Tue, 18 Sep 2007 19:48:19 +0000 (19:48 +0000)]
cci_array_move should work when the source and dest positions are equal
Fixed so it does nothing when moving an element to its own index.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19950
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 17 Sep 2007 23:47:00 +0000 (23:47 +0000)]
Make config.status itself update the timestamp file associated with
autoconf.h, so that we don't need a redundant invocation of
config.status during the first build.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19937
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Fri, 14 Sep 2007 00:47:07 +0000 (00:47 +0000)]
wix installer - permit administrative installs
remove the registration requirement for administrative installs.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19936
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 13 Sep 2007 23:51:32 +0000 (23:51 +0000)]
In the pkinit decoders, set up things properly so that asn1buf_sync()
behaves correctly and isn't acting on uninitialized variables.
ticket: 5704
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19935
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 11 Sep 2007 01:12:49 +0000 (01:12 +0000)]
Before the error-message tests, make sure the host principal exists,
so we get consistent errors. Expect the "keytab not found" error,
rather than the "principal doesn't exist" error.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19931
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Mon, 10 Sep 2007 21:30:37 +0000 (21:30 +0000)]
Fixed macro for cc_ccache_unlock and updated documentation
ticket: 4644
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19930
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Wed, 5 Sep 2007 22:48:06 +0000 (22:48 +0000)]
64-bit Windows krb5int_cc_default calls to Leash
AMD64 builds must load leashw64.dll not leashw32.dll
ticket:new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19929
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 5 Sep 2007 19:53:33 +0000 (19:53 +0000)]
Revise patch to avoid 32-byte overflow which remained after the
initial patch. Memory written to by the IXDR macro calls had not been
accounted for. Thanks to Kevin Coffman, Will Fiveash, and Nico
Williams for discovering this bug and assisting with patch
development.
ticket: 5706
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19923
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Wed, 5 Sep 2007 18:03:13 +0000 (18:03 +0000)]
MSI installer for 64-bit AMD64
Add support for building 64-bit AMD64 MSI install packages
in addition to 32-bit i386 MSI install packages.
Differences between 32-bit MSI and 64-bit MSI include:
* no krb4 binaries and libraries
* no kclient binaries and libraries
* no krb524 binaries and libraries
* no leash32.exe
* new AMD64 UpgradeCode permits parallel installation with 32-bit MSI
* support for Visual Studio 2005 (VS8, CL1400) merge modules
Open Issues:
* 32-bit MSI installs kfwlogon.dll on AMD64 systems
* 32-bit and 64-bit NetIDMgr.exe as startup. Need to decide
which should be executed by default. Only one can run at
a time.
* Need to make sure that src/windows/build properly configures
the site-local.wxi file for Visual Studio 2005 and platform.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19922
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Wed, 5 Sep 2007 16:36:28 +0000 (16:36 +0000)]
64-bit Windows gss.exe (gui version of gss-client.exe)
Now that krbcc64.lib exists we can build the gss.exe gss-api test
client.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19921
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Wed, 5 Sep 2007 02:08:58 +0000 (02:08 +0000)]
krb5_fcc_generate_new is non-functional
File locking was non-existant in this code and fccs chained list was
not used at all. This resulted in an assertion failure when closing the
cache. Code has been reorganized to parallel the code in krb5_fcc_resolve
for easier maintenence.
Commented out test in t_cc.c has been updated to actually test this code.
ticket:new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19920
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 5 Sep 2007 00:12:30 +0000 (00:12 +0000)]
Rework error-mapping code to preserve status code values when returned
by only one mechanism. Revert RPC code to relying on this.
Build error-mapping code on a bidirectional map instead of a simple
array. When a status code is returned but has been seen returned from
a different mechanism already, generate a new number, starting at
100,000.
Use gssrpcint_printf for some more debugging code.
ticket: 5654
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19919
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 4 Sep 2007 23:03:03 +0000 (23:03 +0000)]
Bidirectional map template code
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19918
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 4 Sep 2007 23:02:36 +0000 (23:02 +0000)]
Fix bug in clearing of new storage
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19917
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 4 Sep 2007 22:59:44 +0000 (22:59 +0000)]
Support using valgrind on test programs
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19916
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 4 Sep 2007 18:54:21 +0000 (18:54 +0000)]
revert accidental commit of gc_frm_kdc.c
ticket: 5707
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19915
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 4 Sep 2007 18:53:09 +0000 (18:53 +0000)]
fix CVE-2007-4000 modify_policy vulnerability
In kadm5_modify_policy_internal, check for nonexistence of policy
before doing anything with it, to avoid memory corruption.
ticket: new
target_version: 1.6.3
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19914
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 4 Sep 2007 18:52:56 +0000 (18:52 +0000)]
fix CVE-2007-3999 svc_auth_gss.c buffer overflow
Make sure svcauth_gss_validate adequately checks oa->oa_length prior
to copying into rpcbuf.
ticket: new
target_version: 1.6.3
tags: pullup
component: krb5-libs
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19913
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 4 Sep 2007 03:18:05 +0000 (03:18 +0000)]
bump accessor version number
ticket: 3334
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19911
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 4 Sep 2007 02:10:13 +0000 (02:10 +0000)]
Bail out if encoded "ticket" doesn't decode correctly. This allows
t_cc test case to pass and allows non-tickets to be stored (for now).
ticket: 5697
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19910
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Sun, 2 Sep 2007 14:12:13 +0000 (14:12 +0000)]
GSS-API Win64 support
The name of the Leash API DLL on Win64 is "leashw64.dll".
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19909
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 31 Aug 2007 00:17:04 +0000 (00:17 +0000)]
Make internal functions static
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19900
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 31 Aug 2007 00:08:41 +0000 (00:08 +0000)]
Don't export file keytab implementation functions
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19899
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 29 Aug 2007 22:59:52 +0000 (22:59 +0000)]
Make ccache handle referrals better by storing both server principal
names if they differ between the creds structure and the encoded
ticket and by looking up the server principal using the client's realm
if not found and server's realm was initially the referral (empty)
realm.
ticket: 5697
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19898
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Wed, 29 Aug 2007 22:38:26 +0000 (22:38 +0000)]
NIM file ccache support improvements
NIM supports the ability of the user to specify an
explicit ccache name for use with an identity. If
this ccache is a FILE ccache, we need to be able to
store credentials into the ccache. krb5cred.dll
did not previously specify the KRB5_TC_OPENCLOSE flag
on the ccache when setting other flags such as
KRB5_TC_NOTICKET (which is used with MSLSA ccaches).
As a result, open/close mode was turned off, the
ccache file would be opened in read-only mode and
attempts to store credentials into the ccache would
fail. This is fixed by specifying KRB5_TC_OPENCLOSE
when setting the ccache flags.
When a CCAPI implementation is unavailable, we need
to automatically generate the FILE ccache name if
one has not already been specified. We default to
a file stored in the user's Local Settings\Temp
directory. The generated ccache is then added to
the file ccache watch list.
Finally, some users have complained about the
behavior of Microsoft Vista's UAC mode and how
it makes the CCAPI cache useless for storing
credentials that must be used in conjunction
with processes that do not have restricted
privileges since those processes run in a
separate logon session. For these users we
have added a "DefaultToFileCache" registry
value that can be specified to force the use
of FILE ccaches in preference to CCAPI ccaches
when there is no explicit ccache specified
for a given identity. Unlike CCAPI ccaches,
the FILE ccaches are accessible from both
restricted and unrestricted processes when
UAC is active.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19897
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Wed, 29 Aug 2007 22:23:16 +0000 (22:23 +0000)]
NIM - a small readability change
Instead of testing for NOT the machine key, test
for is the user key.
ticket: new
component: windows/identity/kconfig/api.c
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19896
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Wed, 29 Aug 2007 22:20:28 +0000 (22:20 +0000)]
NIM: remove unused symbols
Remove unused preprocessor symbols automatically added by Visual Studio's
dialog editor.
ticket: new
component: windows/identity/ui/resource.h
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19895
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 29 Aug 2007 20:28:06 +0000 (20:28 +0000)]
-S sname option for kvno
New option to use krb5_sname_to_principal() for building principal
names, which is useful for testing referrals.
ticket: new
target_version: 1.6.3
tags: pullup
component: krb5-clients
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19894
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Wed, 29 Aug 2007 20:16:03 +0000 (20:16 +0000)]
test program build problem
Split out the "standalone" test code from trval.c, so we produce
trval.o only once, instead of twice with different compilation flags.
One case generated the "trval" program directly, but produced and
deleted trval.o as an intermediate step in the compiler, which messes
things up if make thinks it's already built trval.o for another test
program.
Make the standalone test into t_trval.
Build problem reported by Will Fiveash of Sun, about ten minutes ago.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19893
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Wed, 29 Aug 2007 17:20:20 +0000 (17:20 +0000)]
Windows 64-bit CCAPI DLL name
The 64-bit CCAPI DLL name is krbcc64.dll not krbcc32.dll.
Conditionalize it on _WIN64.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19892
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Tue, 28 Aug 2007 20:58:45 +0000 (20:58 +0000)]
NIM: 64-bit Windows Support and Removal of Compile Time Warnings
This patch permits Network Identity Manager to be built for 64-bit Windows.
In the process all compile time warnings have been taken care of.
For 64-bit Windows, we do not build the Kerberos v4 Credential Provider
and we will not attempt to load the krb524 library.
Note that when testing the 64-bit NIM, there is no CCAPI at the
moment so you must manually specify a FILE: ccache as part of the
identity's Kerberos v5 configuration if you want to use cache's
other than the MSLSA.
This patch also consolidates the computation of the default ccache
name into utility functions:
khm_krb5_get_identity_default_ccache
khm_krb5_get_identity_default_ccacheA
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19891
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 28 Aug 2007 00:58:56 +0000 (00:58 +0000)]
Implement KRB5_ATTR_DEPRECATED for Windows
ticket: 2836
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19890
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Tue, 28 Aug 2007 00:28:17 +0000 (00:28 +0000)]
Remove macros and associated comments that appear to be for
multiple-inclusion protection of only sub-portions of k5-int.h,
presumably from a time when those portions were separate files. Since
the entire file is now protected against multiple inclusions, these
other macros aren't needed.
A few are left, mostly because they also appear in other files.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19889
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 27 Aug 2007 23:42:35 +0000 (23:42 +0000)]
For gcc 4.x, add sentinel attribute to krb5_build_principal
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19888
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 27 Aug 2007 23:31:33 +0000 (23:31 +0000)]
Define KRB5_ATTR_DEPRECATED (and undef at end of file) and attach it
to the function declarations enabled by KRB5_DEPRECATED. Definition
depends on having GCC version 3.2.3 or later. (Earlier versions may
have supported it, but that's what I found docs for. Windows compiler
support coming later, based on Jeff's suggestions.)
ticket: 2836
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19887
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 27 Aug 2007 23:17:21 +0000 (23:17 +0000)]
Ignore KRB5_ATTR_DEPRECATED
ticket: 2836
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19886
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 27 Aug 2007 22:04:05 +0000 (22:04 +0000)]
Remove some unused codes
ticket: 5642
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19885
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Mon, 27 Aug 2007 22:01:01 +0000 (22:01 +0000)]
Remove unused PLURAL macro
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19884
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Mon, 27 Aug 2007 19:03:43 +0000 (19:03 +0000)]
Missing ../ in relative path
ticket: 5670
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19883
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Mon, 27 Aug 2007 18:49:28 +0000 (18:49 +0000)]
Updated so that paths are now relative and don't contain my homedir.
Oops.
ticket: 5670
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19882
dc483132-0cff-0310-8789-
dd5450dbe970
Jeffrey Altman [Mon, 27 Aug 2007 07:08:24 +0000 (07:08 +0000)]
Windows 64-bit - avoid missing symbol errors
Microsoft defaults stack checking (/Gs) to on. This requires
that bufferoverflowU.lib be included in the link step. The
macro SCLIB in the build system specifies this library on
versions of Windows that require it. Include SCLIB on the
link line of the makefile.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19881
dc483132-0cff-0310-8789-
dd5450dbe970
Ezra Peisach [Sun, 26 Aug 2007 12:30:24 +0000 (12:30 +0000)]
Change use of choice_pa_pk_as_rep_UNKNOWN to
choice_pa_pk_as_rep_draft9_UNKNOWN to cleanup warning... Value of enum
same in both cases...
ticket: 5617
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19880
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 25 Aug 2007 09:03:36 +0000 (09:03 +0000)]
If libdir is /usr/lib, don't add the -L argument to the library flags
to be output.
ticket: 5657
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19879
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 25 Aug 2007 01:26:27 +0000 (01:26 +0000)]
Expect keytab error to be reported
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19878
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 25 Aug 2007 00:50:41 +0000 (00:50 +0000)]
krb5int_free_addrlist needed too
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19877
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 25 Aug 2007 00:47:39 +0000 (00:47 +0000)]
Oops, _krb5_conf_boolean is needed by a test program
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19876
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 24 Aug 2007 23:33:44 +0000 (23:33 +0000)]
Remove from export list several encode_* and decode_* symbols that are
not used outside the krb5 library. (In some cases, the only use is in
our own test programs, which means two things: The test programs
should probably be changed to use the accessor interface, and some of
the newer encoder/decoder functions aren't being unit-tested.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19875
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 24 Aug 2007 23:04:47 +0000 (23:04 +0000)]
Stop exporting _krb5_* (note leading underscore) and asn1* symbols
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19874
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 24 Aug 2007 22:41:12 +0000 (22:41 +0000)]
Missed one
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19873
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Fri, 24 Aug 2007 22:39:40 +0000 (22:39 +0000)]
Remove os_get_default_config_files, and the krb5int_* functions not
actually called directly from outside the library, from the export
list.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19872
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Fri, 24 Aug 2007 20:32:28 +0000 (20:32 +0000)]
pullup to trunk
ticket: 5643
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19871
dc483132-0cff-0310-8789-
dd5450dbe970