Tom Yu [Fri, 28 Sep 2007 23:39:18 +0000 (23:39 +0000)]
pull up r19867 from trunk
r19867@cathode-dark-space: jaltman | 2007-08-24 10:51:46 -0400
ticket: new
subject: NIM: Reposition New Credentials Dialog if necessary
component: windows
The new credentials dialog in Network Identity Manager does not check
whether it is positioned outside of the display screen. It tries to
position itself in the center of the primary display if the Network
Identity Manager window is hidden and it tries to center itself over
the main window if the main window is visible. If the main window is
too close to the edge of the screen, this may result in the new
credentials window being partially outside the display area. This is
especially a problem when the new credentials dialog switches to the
advanced view.
The patch checks whether the window rectangle is visible before
repositioning the new credentials dialog and adjusts the window
rectangle so that it is.
ticket: 5688
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20002
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 28 Sep 2007 23:39:06 +0000 (23:39 +0000)]
pull up r19866 from trunk
r19866@cathode-dark-space: jaltman | 2007-08-24 10:49:42 -0400
ticket: new
subject: NIM: External changes to default identity are improperly reflected by krb5 provider
component: windows
The Kerberos v5 identity provider for Network Identity Manager
monitors the "Software\MIT\kerberos5" registry key for the logged in
user for changes to the "ccname" value. If a change is noticed, it
would query the Kerberos v5 library for the default credentials cache
and attempt to determine the new default identity, which it would then
communicate to the Network Identity Manager application.
When the identity provider queried the Kerberos v5 library after a
registry change notification, it used a cached krb5_context for the
thread. The default credentials cache found using this krb5_context
may not be what the registry specified.
This patch modifies the code in k5_ccname_monitor_thread() to create a
use a new krb5_context when querying for the default credentials cache
following a registry change notification. Doing so ensures that
Kerberos v5 library takes the new registry value into account.
ticket: 5687
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20001
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 28 Sep 2007 23:38:53 +0000 (23:38 +0000)]
pull up r19865 from trunk
r19865@cathode-dark-space: jaltman | 2007-08-24 10:47:30 -0400
ticket: new
subject: NIM: khcint_remove_space() frees memory too soon
component: windows
The Network Identity Manager Configuration Provider module keeps track
of the application and plug-in configuration settings organized into
configuration spaces. The state of each configuration space is
maintained in a reference counted object. Once all the references are
released, the Configuration Provider will attempt to free the
resources allocated for the object.
If the configuration space was marked for deletion, then the registry
keys associated with the object need to be deleted when the
object is being discarded. Due to a coding error, the memory
allocated for the object would be freed before the associated registry
keys were deleted. This could result in a memory access error.
The patch corrects the code in khcint_remove_space() to free the
allocated memory after all the remaining clean-up steps have been
performed.
ticket: 5686
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20000
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 28 Sep 2007 23:38:39 +0000 (23:38 +0000)]
pull up r19864 from trunk
r19864@cathode-dark-space: jaltman | 2007-08-24 10:45:37 -0400
ticket: new
subject: NIM: Add Identity Provider Pre-Process Message
component: windows
The Network Identity Manager application does not provide a user
interface for identity specification. That responsibility lies with
the identity provider. Whenever a dialog needs to allow the user to
specify an identity, the identity provider has to populate the dialog
with the necessary controls so that the user can specify an identity.
In the case of the Kerberos v5 identity provider, the controls allow
the user to specify a username and a realm.
Once the dialog is populated, the application will dispatch window
messages to the identity provider. The identity provider will handle
the window messages and notify the application when the selected
identity changes.
One deficiency of the API was that there was no message to notify the
identity provider that an identity selection has to be made
immediately. When the user invokes the default action for a dialog by
hitting enter, the only message received by the dialog is a command
identifier of the default action. In this case, the identity provider
will not get a chance to notify the application of the identity
selection.
This patch fixes the API deficiency by introducing a new message,
WMNC_IDENT_PREPROCESS, which the application can use to notify the
identity provider that the dialog box is about to be processed. In
response, the identity provider can notify the application of the
selected identity even if no other messages were received by the
identity provider.
ticket: 5685
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19999
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 28 Sep 2007 23:38:26 +0000 (23:38 +0000)]
pull up r19863 from trunk
r19863@cathode-dark-space: jaltman | 2007-08-24 10:43:30 -0400
ticket: new
subject: NIM: Keep API release documentation up to date
component: windows
Update the Network Identity Manager developer documentation to include
a reference to the 1.3.0 release which was included with Kerberos for
Windows 3.2.1.
The release history and, in particular, the API versions corresponding
to each release is important for third-party plug-in developers.
ticket: 5684
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19998
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 28 Sep 2007 23:38:14 +0000 (23:38 +0000)]
pull up r19862 from trunk
r19862@cathode-dark-space: jaltman | 2007-08-24 10:41:52 -0400
ticket: new
subject: NIM: support include files in schemas
component: windows
The ccsv.pl and csvschema.cfg scripts are used to generate "C" source
code from CSV files containing tabular data. In particular, these are
used to define the configuration schema for Network Identity Manager
and some of its plug-ins.
It is desirable to be able to include arbitrary header files and
define macros in the generated C code so that the schema definition
can use them. This patch allows the CSV files to contain headers that
define lines of text that will be included literally in the generated
C code. Lines at the start of schema CSV file that begin with '#@'
will be stripped of the '#@' prefix and inserted into the C code.
E.g: The following line at the start of a schema CSV file:
#@#include<windows.h>
,will result in the following text in the C code:
#include<windows.h>
Then the schema definition can use macros of the form:
ClrHeaderExpSel, KC_INT32, "RGB(195, 94, 94)"
,which use macros such as RGB that are defined in the included header
file.
ticket: 5683
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19997
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 28 Sep 2007 23:38:01 +0000 (23:38 +0000)]
pull up r19861 from trunk
r19861@cathode-dark-space: jaltman | 2007-08-24 10:40:23 -0400
ticket: new
subject: NIM: remove unused code from ui/credwnd.c
component: windows
Remove unused code from Network Identity Manager credwnd.c. The code
was meant to construct a user interface context based on where the
user right clicks on the credentials display. However, doing so
without indicating the changed selection to the user results in the
application performing an operation on an identity or credential that
the user didn't intend to select.
The code was commented out and was never used in any recent release of
Kerberos for Windows.
ticket: 5682
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19996
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 28 Sep 2007 23:37:47 +0000 (23:37 +0000)]
pull up r19860 from trunk
r19860@cathode-dark-space: jaltman | 2007-08-24 10:38:45 -0400
ticket: new
subject: NIM: Selection Issues
component: windows
Credentials selection in Network Identity Manager has usability
issues due to the following causes:
- The "cursor row" is not always selected.
The "cursor row" is the row which the "cursor" is on. Navigating the
credentials view using the keyboard or clicking the credentials
display with the mouse will move the cursor to different rows.
However, this cursor row is not always selected, especially when
Network Identity Manager starts.
Having the selection be independent of the cursor row is a
requirement for supporting "toggle" selections (holding the 'ctrl'
key while clicking), which is a standard way of doing multiple
selections on Windows.
The problem with the cursor row not being selected when Network
Identity Manager starts is due to the delayed start of its plug-ins.
Even though the first row is initially selected, when plug-ins
complete initialization and notify the application about the
credentials that they see, those credentials end up accumulating
under different identities. The existing code didn't enforce the
selection state of the identity on the newly added
credentials. Since there were unselected credentials under the
selected outline level, the code would then turn off the selected
bit for the outline (which usually is an outline level for an
identity) for consistency.
The patch changes the behavior to enforce the selection state of the
enclosing outline on any new outline levels or credentials that are
added under it. This prevents an outline level from losing its
selection state when new credentials are added under it.
- Identities may have stale data associated with it.
The credentials view maintains a set of cached properties for each
identity that has credentials. During each refresh cycle, it would
go through the credentials and update the properties of each
identity. However it would not update the properties for identities
that are not associated with any credentials.
When the credentials associated an identity were deleted, the cached
properties for that identity sometimes never got reset. If the
identity was marked as "always visible", then it would be listed in
the credentials view along with the stale properties.
This patch properly initializes the properties of identities which
are not associated with any identities.
- Selection state is not updated when switching views.
The credentials view maintains selection state for individual
credentials when switching views. The same is not true for the
outlines since the outline needs to be reconstructed during the
switch.
The exising code failed to update the selection state of the
outlines after switching the view to reflect the the selection state
of the credentials. As a result, once a the user switched a view,
she might see outline levels which do not appear to be selected even
though all the credentials contained at the outline level appear
selected.
This patch properly adjusts the selection state of outline nodes to
correspond to the selection state of the contained credentials.
- Selection state may be inconsistent when more than one credential is
associated with a single row.
Some rows may represent more than one credential. A collapsed
outline represents all the credentials contained within that outline
level. In addition, two credentials that will appear the same to
the user (because all the displayed properties are the same) will be
represented by one row.
The selection state of these rows should be consistent with the
selection state of all the credentials that it represents. The
previous code did not enforce this constraint. This patch aims to
fix this by enumerating all the credentials that are represented
by each row and setting the selection state of each credential to
match the selection state of the row.
ticket: 5681
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19995
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 28 Sep 2007 23:37:34 +0000 (23:37 +0000)]
pull up r19859 from trunk
r19859@cathode-dark-space: jaltman | 2007-08-24 10:37:07 -0400
ticket: new
subject: NIM: Handle WM_PAINT messages without update regions
component: windows
It is possible to receive a WM_PAINT message in Windows without there
being an update region. For example, this can be caused by someone
calling RedrawWindow() with the RDW_INTERNALPAINT flag set. In this
case, GetUpdateRect() will indicate that there is no update region and
calling BeginPaint()/EndPaint() results in incorrect behavior.
The credentials window in Network Identity Manager needs to perform
special handling for this case by obtaining a proper device context
and completing the drawing operation.
ticket: 5680
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19994
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 28 Sep 2007 23:37:22 +0000 (23:37 +0000)]
pull up r19858 from trunk
r19858@cathode-dark-space: jaltman | 2007-08-24 10:34:30 -0400
ticket: new
subject: NIM: do not permit resizing of filler columns
component: windows
The credentials display of Network Identity Manager allows the user to
change the order and size of the displayed columns. However, some
columns are not resizable.
An oversight in the earlier code allowed the user to change the size
of "filler" columns. These columns are sized to fill up the remainder
of the display area after the other columns have been allocated.
Their width is determined by the size of the credentials display and
the width of the other columns. They are used in the basic view where
the only columns are the flags column (fixed width) and the identity
column (filler).
This patch prevents the "filler" columns (columns with the
KHUI_CW_COL_FILLER flag) from being resized.
ticket: 5679
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19993
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 28 Sep 2007 23:37:09 +0000 (23:37 +0000)]
pull up r19857 from trunk
r19857@cathode-dark-space: jaltman | 2007-08-24 10:33:09 -0400
ticket: new
subject: NIM: Cannot cancel timers which have inserted a WM_TIMER message into the queue
component: windows
The credentials view in Network Identity Manager displays several user
interface elements that need to be updated periodically such as any
fields that denote the time remaining for a credential or an identity,
or an icon and coloring used to indicate the expiration state. When
the display rows are computed, the credentials view creates a set of
timers that reference each row that times out when that row needs to
be redrawn.
Since the rows change when switching views or when the outline is
recomputed, all the timers are canceled and re-scheduled. However, a
race conditions exists where the timer times-out before it is
canceled, in which case a WM_TIMER message is placed in the
credential window's message queue. Windows does not support
canceling a timer that has already fired and has been placed on the
message queue.
By the time the WM_TIMER message is received by the window, the rows
of the display would have been recomputed and the row that the message
references may not be what it intended to reference. A spurious
WM_TIMER message is harmless when it refers to a row corresponding to
a credential. However, the existing code assumed that if a timer event
is received that referred to an outline row, then that outline must be
an expanded view of an identity, which is currently the only type of
outline row that receives timers. This assumption does not always
hold in the case of a spurious WM_TIMER message and may lead to the
code attempting to use the outline data as a handle to an identity.
The patch fixes the problem by checking if the row is actually an
expanded view of an identity and ignoring the message if it is not.
ticket: 5678
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19992
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 28 Sep 2007 23:36:57 +0000 (23:36 +0000)]
pull up r19856 from trunk
r19856@cathode-dark-space: jaltman | 2007-08-24 10:29:37 -0400
ticket: new
subject: NIM: Context menu selection issues
component: windows
The handler for WM_CONTEXTMENU in the credentials view of Network
Identity Manager assumed that the context menu was invoked using the
mouse. If it was, then the message parameters would specify the x and
y co-ordinates of the mouse. The context menu can also be invoked via
the keyboard, in which case the x- and y- coordinates are set to
(-1,-1).
An additional problem with the code is that it was not selecting the
row that was right-clicked on if it was not already selected. This
results in the some of the commands on the context menu targetting
credentials that the user didn't intend to target.
This patch adds support for handling the context menu when it is
invoked via the keyboard and also sets the selection to the row that
was right-clicked if the user invokes the context menu using the
mouse.
ticket: 5677
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19991
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 28 Sep 2007 23:36:43 +0000 (23:36 +0000)]
pull up r19855 from trunk
r19855@cathode-dark-space: jaltman | 2007-08-24 10:28:21 -0400
ticket: new
subject: NIM: Color Schemas
component: windows
The default color scheme used by the Network Identity Manager credentials
display can sometimes cause the text to be difficult to read. In
addition, since some of the colors are derived from colors used by the
current Windows theme, the selection, window background and text
colors may be mismatched with the colors that are hardcoded into the
application.
To rememdy this problem, this patch defines a new set of colors
that will be used with the credentials display. The new scheme
doesn't use a special color to distinguish the default identity which
is already indicated with the text "(Default)" displayed alongside it.
Instead the colors are used to denote the remaining lifetime of
credentials and identities.
Also, the color scheme defines all the colors that it uses instead of
deriving some of them from the Windows color scheme.
All the color information is now kept in the Network Identity Manager
UI schema. The schema automatically maps to the registry, so users
(and deployers) can override the colors by creating the necessary
registry keys and values. The registry keys containing color
information are:
Software\MIT\NetIDMgr\CredWindow\Themes and
Software\MIT\NetIDMgr\CredWindow\Themes\Default
The "Default" key contains the default color scheme. The color value
names are defined in ui\uiconfig.csv under Themes\_Schema
configuration subspace. Each color is represented by a 32-bit number.
The low-order 24 bits contain a COLORREF value. The high-order 8 bits
contain an alpha value which, if non-zero, will be used to blend the
color with the selection color (color value named ClrSelection).
ticket: 5676
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19990
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 28 Sep 2007 23:36:28 +0000 (23:36 +0000)]
pull up r19854 from trunk
r19854@cathode-dark-space: jaltman | 2007-08-24 10:26:11 -0400
ticket: new
subject: NIM: New command-line options --hide and --show / new command-line help dialog
component: windows
Add two command-line options to the Network Identity Manager application:
--hide : If there is already an instance of Network Identity Manager
running in the user's session, this will cause the main
window of that instance to be hidden.
--show : Unhides the main window of the running instance.
If no options are specified when starting netidmgr.exe while another
instance is running, the running instance will perform the default
action as configured in the user's preferences. By default, this will
be to show the main window.
The message box that displayed the command-line options if an invalid
option is specified has been replaced with a dialog box that shows the
options in a more readable rich text control. The contents of the
control are specified in ui/lang/<lang>/cmdline.rtf.
Do not edit cmdline.rtf with Microsoft Word. The output of Word is
incompatible with the RichEdit20 component.
ticket: 5675
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19989
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 28 Sep 2007 23:36:15 +0000 (23:36 +0000)]
pull up r19853 from trunk
r19853@cathode-dark-space: jaltman | 2007-08-24 10:23:14 -0400
ticket: new
subject: NIM: Identity Configuration Panel Fixes
component: windows
In the identity configuration panel of Network Identity Manager, the
user can specify a new identity which can then be configured.
The existing code didn't check if the identity specified by the user
already exists. The patch adds the check. If the identity already
exists, the user is notified as such.
Another bug prevented the user from configuring an identity that was
added back in following the deletion of the same identity during the
same session. The deleted status of the identity was not reset when
it was added back.
Additionally, this patch adds code that has already been added to the
new credentials dialog to apply Windows XP theme textures to the child
dialogs used as tab panels in the configuration dialog. Child dialogs
don't automatically adjust the theme settings based on whether it is
nested inside a tab control. The theme must be applied manually.
ticket: 5674
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19988
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 28 Sep 2007 23:36:00 +0000 (23:36 +0000)]
pull up r19852 from trunk
r19852@cathode-dark-space: jaltman | 2007-08-24 10:20:31 -0400
ticket: new
subject: NIM: resource leak in khui_action_trigger()
component: windows
The khui_action_trigger() function in the Network Identity Manager API
creates a copy of the current user interface context (which contains
information about the credentials and identities that are currently
selected) before triggering the requested action. Then it will use
the copy to restore the user interface context to its previous state.
A coding error results in the copy of the context to never be
released. As a result there is a resource leak.
The attached patch fixes the leak by releasing the context once it
is no longer needed.
ticket: 5673
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19987
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 19 Sep 2007 02:44:32 +0000 (02:44 +0000)]
krb5-1.6.3-beta1-postrelease
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19960
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 19 Sep 2007 02:27:07 +0000 (02:27 +0000)]
README and patchlevel for krb5-1.6.3-beta1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19958
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 18 Sep 2007 20:36:18 +0000 (20:36 +0000)]
Fix autoconf-related directory names to account for configure script
being in the local directory instead of at top level.
ticket: 5617
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19954
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 18 Sep 2007 04:22:24 +0000 (04:22 +0000)]
make depend
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19949
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 18 Sep 2007 03:38:59 +0000 (03:38 +0000)]
pull up r19911 from trunk
r19911@cathode-dark-space: tlyu | 2007-09-03 23:18:05 -0400
ticket: 3334
bump accessor version number
ticket: 3334
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19948
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 18 Sep 2007 03:38:46 +0000 (03:38 +0000)]
pull up r19935 from trunk
r19935@cathode-dark-space: tlyu | 2007-09-13 19:51:32 -0400
ticket: 5704
tags: pullup
In the pkinit decoders, set up things properly so that asn1buf_sync()
behaves correctly and isn't acting on uninitialized variables.
ticket: 5704
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19947
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 18 Sep 2007 03:38:29 +0000 (03:38 +0000)]
pull up r19880 from trunk
r19880@cathode-dark-space: epeisach | 2007-08-26 08:30:24 -0400
ticket: 5617
Change use of choice_pa_pk_as_rep_UNKNOWN to
choice_pa_pk_as_rep_draft9_UNKNOWN to cleanup warning... Value of enum
same in both cases...
ticket: 5617
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19946
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 18 Sep 2007 03:38:17 +0000 (03:38 +0000)]
pull up r19829 from trunk
r19829@cathode-dark-space: raeburn | 2007-08-16 11:09:58 -0400
ticket: 5617
Only do fake-install in pkinit if building pkinit.
ticket: 5617
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19945
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 18 Sep 2007 03:38:03 +0000 (03:38 +0000)]
pull up r19759 from trunk
r19759@cathode-dark-space: jaltman | 2007-08-08 01:04:45 -0400
ticket: 5617
In krb5_preauth_context ftable should be
struct krb5plugin_preauth_client_ftable_v1 *
instead of
struct krb5plugin_preauth_client_ftable_v0 *
ticket: 5617
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19944
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 18 Sep 2007 03:37:48 +0000 (03:37 +0000)]
pull up r19758 from trunk including manual merge
r19758@cathode-dark-space: raeburn | 2007-08-08 01:00:05 -0400
ticket: 5617
Only build pkinit plugin if a sufficiently recent version of OpenSSL is available.
ticket: 5617
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19943
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 18 Sep 2007 03:37:33 +0000 (03:37 +0000)]
pull up r19755 from trunk
r19755@cathode-dark-space: jaltman | 2007-08-06 11:19:50 -0400
ticket: new
subject: missing comma
The pkinit additions in revision 18973 left out a comma after the
last function in the list. This caused builds that did not define
DESIGNATED_INITIALIZERS to break.
ticket: 5617
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19942
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 18 Sep 2007 03:37:19 +0000 (03:37 +0000)]
pull up r20272 from trunk
r20272@cathode-dark-space (orig r19753): coffman | 2007-08-06 09:57:26 -0400
ticket: 5617
Remove these files that were not intended to be moved onto the trunk.
ticket: 5617
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19941
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 18 Sep 2007 03:37:05 +0000 (03:37 +0000)]
pull up r19752 from trunk
r19752@cathode-dark-space: raeburn | 2007-08-04 04:37:13 -0400
ticket: 5617
Add missing @end quotation.
ticket: 5617
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19940
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 18 Sep 2007 03:36:50 +0000 (03:36 +0000)]
pull up r19746 from trunk, including manual merges
r19746@cathode-dark-space: epeisach | 2007-08-02 22:36:26 -0400
ticket: 5617
Add internal prototype for krb5_preauth_supply_preauth_data(). Clean up
some shadow variable warnings, make depend...
ticket: 5617
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19939
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 18 Sep 2007 03:36:09 +0000 (03:36 +0000)]
pull up r19745 from trunk, including manual configure.in merges
r19745@cathode-dark-space: coffman | 2007-08-01 18:09:13 -0400
ticket: new
subject: Add PKINIT support
Target_Version: 1.6.3
Pull up PKINIT support onto the trunk.
Changes from the version in branch users/coffman/pkinit are:
- Update the preauth plugin interface version to avoid
conflict with any existing plugins.
- Add a pkcs11.h locally to the pkinit code rather than
depending on opensc being installed.
ticket: 5617
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19938
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 13 Sep 2007 23:49:00 +0000 (23:49 +0000)]
pull up r19738 from trunk
r19738@cathode-dark-space: raeburn | 2007-07-27 00:39:21 -0400
ticket: 3334
Debugged version of patch worked up with Luke.
Adds a callback to krb5int_sendto to examine the response and indicate
whether to quit the loop or not. For sendto_kdc, keep going if the
returned error is "service unavailable". Updated all other callers to
pass a null function pointer, which means to always break out of the
loop on any response (the old behavior).
ticket: 3334
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19934
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 13 Sep 2007 23:48:42 +0000 (23:48 +0000)]
pull up r19456 from trunk (prereq for r19738)
r19456@cathode-dark-space: raeburn | 2007-04-13 01:44:38 -0400
Produce a more informative error message for KDC_UNREACH with KDC not responding.
ticket: 3334
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19933
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 12 Sep 2007 21:30:33 +0000 (21:30 +0000)]
pull up r19920 from trunk
r19920@cathode-dark-space: epeisach | 2007-09-04 22:08:58 -0400
ticket:new
subject: krb5_fcc_generate_new is non-functional
File locking was non-existant in this code and fccs chained list was
not used at all. This resulted in an assertion failure when closing the
cache. Code has been reorganized to parallel the code in krb5_fcc_resolve
for easier maintenence.
Commented out test in t_cc.c has been updated to actually test this code.
ticket: 5708
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19932
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 5 Sep 2007 21:32:27 +0000 (21:32 +0000)]
pull up r19910 from trunk
r19910@cathode-dark-space: tlyu | 2007-09-03 22:10:13 -0400
ticket: 5697
Bail out if encoded "ticket" doesn't decode correctly. This allows
t_cc test case to pass and allows non-tickets to be stored (for now).
ticket: 5697
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19928
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 5 Sep 2007 21:32:16 +0000 (21:32 +0000)]
pull up r19898 from trunk
r19898@cathode-dark-space: tlyu | 2007-08-29 18:59:52 -0400
ticket: 5697
tags: pullup
Make ccache handle referrals better by storing both server principal
names if they differ between the creds structure and the encoded
ticket and by looking up the server principal using the client's realm
if not found and server's realm was initially the referral (empty)
realm.
ticket: 5697
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19927
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 5 Sep 2007 21:27:23 +0000 (21:27 +0000)]
pull up r19914 from trunk
r19914@cathode-dark-space: tlyu | 2007-09-04 14:53:09 -0400
ticket: new
target_version: 1.6.3
tags: pullup
subject: fix CVE-2007-4000 modify_policy vulnerability
In kadm5_modify_policy_internal, check for nonexistence of policy
before doing anything with it, to avoid memory corruption.
ticket: 5707
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19926
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 5 Sep 2007 21:26:49 +0000 (21:26 +0000)]
pull up r19923 from trunk
r19923@cathode-dark-space: tlyu | 2007-09-05 15:53:33 -0400
ticket: 5706
Revise patch to avoid 32-byte overflow which remained after the
initial patch. Memory written to by the IXDR macro calls had not been
accounted for. Thanks to Kevin Coffman, Will Fiveash, and Nico
Williams for discovering this bug and assisting with patch
development.
ticket: 5706
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19925
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 5 Sep 2007 21:26:16 +0000 (21:26 +0000)]
pull up r19913 from trunk
r19913@cathode-dark-space: tlyu | 2007-09-04 14:52:56 -0400
ticket: new
subject: fix CVE-2007-3999 svc_auth_gss.c buffer overflow
target_version: 1.6.3
tags: pullup
component: krb5-libs
Make sure svcauth_gss_validate adequately checks oa->oa_length prior
to copying into rpcbuf.
ticket: 5706
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19924
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 31 Aug 2007 21:38:55 +0000 (21:38 +0000)]
pull up r19894 from trunk
r19894@cathode-dark-space: tlyu | 2007-08-29 16:28:06 -0400
ticket: new
target_version: 1.6.3
subject: -S sname option for kvno
tags: pullup
component: krb5-clients
New option to use krb5_sname_to_principal() for building principal
names, which is useful for testing referrals.
ticket: 5700
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19908
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 31 Aug 2007 21:38:41 +0000 (21:38 +0000)]
pull up r19736 from trunk
r19736@cathode-dark-space: raeburn | 2007-07-27 00:38:46 -0400
ticket: 5471
Check for null file handle in get_next.
Patch from Luke Howard.
ticket: 5471
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19907
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 31 Aug 2007 21:38:28 +0000 (21:38 +0000)]
pull up r19845 from trunk
r19845@cathode-dark-space: epeisach | 2007-08-20 10:50:41 -0400
ticket: new
subject: read_entropy_from_device on partial read will not fill buffer
tags: pullup
read_entropy_from_device() will loop in read until the desired number
of bytes are read from the device (/dev/random, /dev/urandom). I have
observed that for /dev/random, if there is not enough bits available
for reading - it will return a partial read. The code would loop in
this case, but never advance the location to place the new bytes -
hence the start of the buffer would be filled again - leaving the tail
end as stack garbage.
ticket: 5666
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19906
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 31 Aug 2007 20:55:49 +0000 (20:55 +0000)]
pull up r19827 from trunk
r19827@cathode-dark-space: epeisach | 2007-08-15 21:40:50 -0400
ticket: new
subject: compilation failure with IRIX native compiler
tags: pullup
gss_release_buffer takes OM_uint32* as an argument, not OM_uint32.
ticket: 5653
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19905
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 31 Aug 2007 20:55:37 +0000 (20:55 +0000)]
pull up r19819 from trunk
r19819@cathode-dark-space: jaltman | 2007-08-13 22:54:15 -0400
ticket: 5645
remove inadvertent commit of symbols temporarily exported in
a sandbox to permit building of pkinit code on Windows.
ticket: 5645
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19904
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 31 Aug 2007 20:55:25 +0000 (20:55 +0000)]
pull up r19818 from trunk
r19818@cathode-dark-space: jaltman | 2007-08-11 11:15:44 -0400
ticket: new
subject: export krb5_get_profile
tags: pullup
Export krb5_get_profile. Remove comment saying it should be
added and just do it.
ticket: 5645
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19903
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 31 Aug 2007 20:55:13 +0000 (20:55 +0000)]
pull up r19757 from trunk
r19757@cathode-dark-space: tlyu | 2007-08-07 16:13:11 -0400
ticket: 5629
version_reported: 1.6.1
target_version: 1.6.3
tags: pullup
Release mechtok_out in spnego_gss_init_sec_context.
Reported by Markus Moeller.
ticket: 5629
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19902
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 31 Aug 2007 20:54:58 +0000 (20:54 +0000)]
pull up r19828 from trunk
r19828@cathode-dark-space: epeisach | 2007-08-15 21:52:10 -0400
ticket: 5581
tags: pullup
Change prototype for g_token_size to match function declaration later
in file. (OM_Uint32 changed to unsigned int). On a 64 bit architecture, they
are different.
ticket: 5581
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19901
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 15 Aug 2007 22:57:30 +0000 (22:57 +0000)]
back to krb5-1.6.2-postrelease
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19826
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 15 Aug 2007 22:53:48 +0000 (22:53 +0000)]
patchlevel.h and winlevel.h for kfw-3.2.1 final
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19824
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 10 Aug 2007 18:07:50 +0000 (18:07 +0000)]
back to krb5-1.6.2-postrelease
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19817
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 10 Aug 2007 18:03:02 +0000 (18:03 +0000)]
patchlevel and winlevel for kfw-3.2.1-beta2
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19815
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 10 Aug 2007 18:02:49 +0000 (18:02 +0000)]
pull up r19813 from trunk
r19813@cathode-dark-space: kpkoch | 2007-08-10 10:37:04 -0400
Ticket: 5604
Tags: pullup
Target_Version: 1.6.3
Tags: Pullup
Simulate changing views when the REFRESH action is run and when credentials are updated.
This makes the symptoms go away but does not solve whatever the underlying problem is.
I missed this change yesterday.
This should be added to kfw-3_2_1-beta2.
ticket: 5604
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19814
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 10 Aug 2007 00:31:16 +0000 (00:31 +0000)]
back to krb5-1.6.2-postrelease
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19804
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 10 Aug 2007 00:29:02 +0000 (00:29 +0000)]
patchlevel and winlevel for kfw-3.2.1-beta1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19802
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 10 Aug 2007 00:26:06 +0000 (00:26 +0000)]
pull up r19580 from trunk
r19580@cathode-dark-space: jaltman | 2007-06-18 12:23:47 -0400
ticket: 5577
tags: pullup
Corrected the order of the source and modified msi packages
in the msitran command line used to produce the transform
ticket: 5577
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19801
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 10 Aug 2007 00:21:16 +0000 (00:21 +0000)]
pull up r19521 from trunk
r19521@cathode-dark-space: kpkoch | 2007-04-23 11:54:19 -0400
Ticket: new
Subject: Optimize file/directory pruning
Target_Version: 1.6.1
Not tagged yet so it can be evaluated first.
Consolidate find and rm operations in prunefiles.pl as suggested by Ken.
Remove pruning of SDK files. This hasn't been needed since the installer builds moved from staging to temp directories.
Remove debug statement not cleaned up previously.
Add a troubleshooting tip to the doc.
ticket: 5542
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19800
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 9 Aug 2007 23:02:11 +0000 (23:02 +0000)]
pull up r19770 from trunk
r19770@cathode-dark-space: kpkoch | 2007-08-09 10:52:15 -0400
Ticket: 5604
Tags: pullup
Target_Version: 1.6.3
Simulate changing views when the REFRESH action is run and when credentials are updated.
This makes the symptoms go away but does not solve whatever the underlying problem is.
ticket: 5604
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19799
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 9 Aug 2007 22:14:09 +0000 (22:14 +0000)]
pull up r19760 from trunk
r19760@cathode-dark-space: jaltman | 2007-08-08 13:45:37 -0400
ticket: 5613
Patch developed by kpkoch with style changes from jaltman.
The size/position of the main application window is
internally updated in response to WM_MOVE messages but is
only written to the registry after a timeout period. This
is done due to the large number of WM_MOVE messages that
can be delivered during a windows drag / resize operation
involving the user or explorer shell's tile and cascade
operations. (or those involving third party desktop managers.)
In NIM 1.8 two different application view modes (standard
and advanced) replaced the single view mode in previous
releases. The size/position update logic was not modified
to take into consideration the possibility that a user might
move/resize the window and then quickly toggle modes before
the new location or size were recorded to the registry.
This change ensures that when a mode change occurs, via a
call to khm_set_main_window_mode(), that the current
location/size will be written to the registry and any
outstanding timer, MW_RESIZE_TIMER, will be cleared.
The logic to save the location/size has been extracted
into the new static function main_wnd_save_sizepos().
main_wnd_save_sizepos() is only called after the application
window has been created.
ticket: 5613
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19798
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 9 Aug 2007 22:13:56 +0000 (22:13 +0000)]
pull up r19747 from trunk
r19747@cathode-dark-space: jaltman | 2007-08-03 09:22:23 -0400
ticket: new
subject: NIM: apply does not update saved values of general identities cfg page
component: windows
The general identities configuration panel failed to update the saved values
of the DefaultMonitor, DefaultAllowAutoRenew, and DefaultSticky options after
the "Apply" button was pressed. This resulted in the subsequent value changed
states being incorrect.
This patch saves the values.
ticket: 5623
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19797
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 9 Aug 2007 22:13:42 +0000 (22:13 +0000)]
pull up r19769 from trunk
r19769@cathode-dark-space: kpkoch | 2007-08-09 09:31:11 -0400
Ticket: 5609
Tags: pullup
Target_Version: 1.6.3
Control watermark display with registry entry; document the registry entry.
ticket: 5609
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19796
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 9 Aug 2007 22:13:30 +0000 (22:13 +0000)]
pull up r19768 from trunk
r19768@cathode-dark-space: kpkoch | 2007-08-09 09:22:59 -0400
Ticket: 5607
Tags: pullup
Target_Version: 1.6.3
The background color is changed to COLOR_WINDOW.
ticket: 5607
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19795
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 9 Aug 2007 22:13:18 +0000 (22:13 +0000)]
back out r19744
ticket: 5609
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19794
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 9 Aug 2007 22:13:06 +0000 (22:13 +0000)]
pull up r19635 from trunk
r19635@cathode-dark-space: jaltman | 2007-06-22 15:06:44 -0400
ticket: 5584
Update configuration schema in ui\uiconfig.csv to include additional
documentation for settings and and remove unused values.
ticket: 5584
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19793
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 9 Aug 2007 22:12:55 +0000 (22:12 +0000)]
pull up r19634 from trunk
r19634@cathode-dark-space: jaltman | 2007-06-22 15:05:44 -0400
ticket: 5584
The new credentials window now applies Windows XP theme settings to
dialog panels that are hosted within tab controls.
ticket: 5584
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19792
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 9 Aug 2007 22:12:43 +0000 (22:12 +0000)]
pull up r19633 from trunk
r19633@cathode-dark-space: jaltman | 2007-06-22 15:04:54 -0400
ticket: 5584
1. Add a '--minimized' option to start NIM in minimized mode.
2. If the NIM window is requested to open in a minimized state, keep
the window hidden until there's a request to show it.
ticket: 5584
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19791
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 9 Aug 2007 22:12:32 +0000 (22:12 +0000)]
pull up r19632 from trunk
r19632@cathode-dark-space: jaltman | 2007-06-22 15:03:57 -0400
ticket: 5584
1. Use the debug CRT versions of the memory allocation functions in
util\perfstat.c. These functions allow associating file and line
numbers with each allocation.
2. Perform a heap verification periodically to check for heap
corruption in the debug build when using util\perfstat.c to manage
memory allocations.
3. Change wcscmp() to _wcscmp() for compatibility in util\perfstat.h
ticket: 5584
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19790
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 9 Aug 2007 22:12:20 +0000 (22:12 +0000)]
pull up r19631 from trunk
r19631@cathode-dark-space: jaltman | 2007-06-22 15:02:50 -0400
ticket: 5584
1. Fix a malformed line in ui\lang\en_us\khapp.rc in a TEXTINCLUDE
section.
2. Update the dialog template for the "About" dialog to change the
size of the dialog box and sort the modules list.
ticket: 5584
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19789
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 9 Aug 2007 22:12:09 +0000 (22:12 +0000)]
pull up r19630 from trunk
r19630@cathode-dark-space: jaltman | 2007-06-22 15:01:51 -0400
ticket: 5584
NetIDMgr:
Product version => 1.3.0.0
API version => 9
ticket: 5584
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19788
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 9 Aug 2007 22:11:57 +0000 (22:11 +0000)]
pull up r19629 from trunk
r19629@cathode-dark-space: jaltman | 2007-06-22 15:00:27 -0400
ticket: 5584
Be more aggressive about forcing the new credentials dialog to the
top.
Many applications call GSSAPI functions from the main GUI thread.
Doing so blocks the window message pump for that application. When
the GSSAPI call results in the new credentials dialog being displayed,
it will be unable to bring itself to the top and grab the user input
focus because the foreground window is not responding. This patch
makes the new credentials window a top-most window at creation time
that results in it being created at the top of the Z-order. It can
then flash the window to indicate that it requires user attention.
ticket: 5584
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19787
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 9 Aug 2007 22:11:45 +0000 (22:11 +0000)]
pull up r19628 from trunk
r19628@cathode-dark-space: jaltman | 2007-06-22 14:59:35 -0400
ticket: 5584
If the new credentials window is in the advanced mode and the user
tries to switch back to basic mode, we should set the active panel to
the identity selector before switching since the basic mode only
supports the identity selector panel.
ticket: 5584
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19786
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 9 Aug 2007 22:11:30 +0000 (22:11 +0000)]
pull up r19627 from trunk
r19627@cathode-dark-space: jaltman | 2007-06-22 14:58:09 -0400
ticket: 5584
Don't assume that WM_DESTROY is the last message to be received by a
window. Since the child windows are still alive and kicking by the
time the parent receives WM_DESTROY, it's still possible to receive
other messages after WM_DESTROY.
If we free any window specific data when handling WM_DESTROY, we
should reset the window data field as well, and check if we have a
valid pointer when retrieving the window data field later.
ticket: 5584
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19785
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 9 Aug 2007 22:11:18 +0000 (22:11 +0000)]
pull up r19626 from trunk
r19626@cathode-dark-space: jaltman | 2007-06-22 14:56:56 -0400
ticket: 5584
The clean:: target of plugins\common\Makefile should reference the
target directories using the symbolic names rather than hard coded
paths.
ticket: 5584
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19784
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 9 Aug 2007 22:11:07 +0000 (22:11 +0000)]
pull up r19625 from trunk
r19625@cathode-dark-space: jaltman | 2007-06-22 14:55:46 -0400
ticket: 5584
1. When freeing a message type object, it should also be removed from
the all_msg_types list.
2. When a type handler is being removed from a message type, we
shouldn't re-create the message type object if it has already been
destroyed.
ticket: 5584
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19783
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 9 Aug 2007 22:10:55 +0000 (22:10 +0000)]
pull up r19624 from trunk
r19624@cathode-dark-space: jaltman | 2007-06-22 14:54:49 -0400
ticket: 5584
. Fix formatting in kherr.c
2. The FormatMessage() call needs special handling for 64 bit
platforms. Add a compile time check for now until we figure out
what to do.
3. Remove unused code from kherr.c.
4. Correct bad references to typedefs. kherr_severity and
kherr_suggestion were sometimes referenced as 'enum kherr_severity'
and 'enum kherr_suggestion' even though they are typedefs.
ticket: 5584
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19782
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 9 Aug 2007 22:10:43 +0000 (22:10 +0000)]
pull up r19623 from trunk
r19623@cathode-dark-space: jaltman | 2007-06-22 14:53:45 -0400
ticket: 5584
Add new notification flags KHERR_CTX_NEWCHILD, KHERR_CTX_FOLDCHILD,
KHERR_CTX_PROGRESS for listeners of error context events to enable
them to listen for child context events and progress updates.
ticket: 5584
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19781
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 9 Aug 2007 22:10:31 +0000 (22:10 +0000)]
pull up r19622 from trunk
r19622@cathode-dark-space: jaltman | 2007-06-22 14:52:40 -0400
ticket: 5584
Error context objects should be verified by checking the magic number
in addition to checking if the pointer to the object is valid.
ticket: 5584
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19780
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 9 Aug 2007 22:10:20 +0000 (22:10 +0000)]
pull up r19621 from trunk
r19621@cathode-dark-space: jaltman | 2007-06-22 14:51:34 -0400
ticket: 5584
Each error context in NIM can maintain a progress counter to indicate
the progress of the operation. The progress counter for a context
that contains child contexts should be computed by adding the progress
counters of its children. This update corrects the behavior of
kherr_get_progress() and kherr_get_progress_i() to take child contexts
into account.
In addition, since the progress counter of a context now depend on the
progress counters of its children, kherr_set_progress() will send
progress change notifications for any parent context as well.
ticket: 5584
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19779
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 9 Aug 2007 22:10:07 +0000 (22:10 +0000)]
pull up r19620 from trunk
r19620@cathode-dark-space: jaltman | 2007-06-22 14:50:26 -0400
ticket: 5584
Update developer documentation.
These updates reflect changes that were made to the new credentials
acquisition process and add information to incomplete API
documentation.
ticket: 5584
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19778
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 9 Aug 2007 22:09:54 +0000 (22:09 +0000)]
pull up r19619 from trunk
r19619@cathode-dark-space: jaltman | 2007-06-22 14:49:30 -0400
ticket: 5584
Remove unused file Makefile.w2k from the uilib directory.
ticket: new
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19777
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 9 Aug 2007 22:09:38 +0000 (22:09 +0000)]
pull up r19618 from trunk
r19618@cathode-dark-space: jaltman | 2007-06-22 14:47:16 -0400
ticket: 5584
All exports in nidmgr32.dll are declared as __declspec(dllexport)
using the KHMEXP macro in the header files. However, since the same
header files are used to declare imports when building applications
and plug-ins that use nidmgr32.dll, the KHMEXP macro should switch to
__declspec(import) so that the relevant import table entries are
created.
To make this switch, the source files that go into nidmgr32.dll are
compiled with the special macro _NIMLIB_ defined that indicates that
the KHMEXP should expand to __declspec(dllexport). In the absence of
this macro, KHMEXP will expand to __declspec(dllimport).
ticket: 5584
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19776
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 9 Aug 2007 22:09:25 +0000 (22:09 +0000)]
pull up r19534 from trunk
r19534@cathode-dark-space: kpkoch | 2007-04-26 09:02:32 -0400
Ticket: new
Subject: Look for unix find command in multiple places
Target_Version: 1.6.1
Not tagged yet in case it should not go in 3.2.
Look for the unix find command in a list of directories instead of in only one place. This way Jeff can install cygwin in c:\tools\cygwin and Ken can have it in C:\cygwin. The two places in the list are for those two possibilities. c:\cygwin\bin and c:\tools\cygwin\bin.
Move some prints below where logging starts, so the messages will be in the log.
ticket: 5548
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19775
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 9 Aug 2007 22:08:40 +0000 (22:08 +0000)]
set svn:eol-style native
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19774
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 9 Aug 2007 22:08:00 +0000 (22:08 +0000)]
revert previous
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19773
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 9 Aug 2007 22:07:13 +0000 (22:07 +0000)]
fix svn:eol-style
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19772
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 4 Aug 2007 00:30:48 +0000 (00:30 +0000)]
back-port r19748 from trunk
Based on Apple's patch, during the referrals loop, check to see if the
session key enctype of a returned credential for the final service is
among the enctypes explicitly selected by the application, and retry
with old_use_conf_ktypes if it is not.
ticket: 4950
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19751
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 4 Aug 2007 00:05:21 +0000 (00:05 +0000)]
back-port r19749 from trunk
If mkstemp() is available, the new ccache file gets created but the
subsequent open(O_CREAT|O_EXCL) call fails because the file was
already created by mkstemp(). Apply patch from Apple to keep the file
descriptor open.
ticket: 5624
version_fixed: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19750
dc483132-0cff-0310-8789-
dd5450dbe970
Kevin Koch [Wed, 1 Aug 2007 20:55:04 +0000 (20:55 +0000)]
[Usability] Tell the code that the watermark (large NIM icon in lower right corner) is never on the display
Ticket: 5609
Tags: pullup
Target_Version: 1.6.3
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19744
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 6 Jul 2007 00:25:50 +0000 (00:25 +0000)]
krb5-1.6.2-postrelease
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19681
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 6 Jul 2007 00:07:00 +0000 (00:07 +0000)]
README and patchlevel.h for krb5-1.6.2
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19679
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 26 Jun 2007 18:29:52 +0000 (18:29 +0000)]
pull up r19637 from trunk
r19637@cathode-dark-space: tlyu | 2007-06-26 14:08:35 -0400
ticket: new
target_version: 1.6.2
tags: pullup
subject: fix MITKRB5-SA-2007-005 [CVE-2007-2798/VU#554257]
Truncate the principal names when logging a rename operation to avoid
a stack buffer overflow.
ticket: 5586
version_fixed: 1.6.2
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19639
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 26 Jun 2007 18:29:40 +0000 (18:29 +0000)]
pull up r19636 from trunk
r19636@cathode-dark-space: tlyu | 2007-06-26 14:08:20 -0400
ticket: new
target_version: 1.6.2
tags: pullup
subject: fix MITKRB5-SA-2007-004 [CVE-2007-2442/VU#356961, CVE-2007-2443/VU#365313]
CVE-2007-2442/VU#356961: The RPC library can free an uninitialized
pointer. This may lead to execution of arbitrary code.
CVE-2007-2443/VU#365313: The RPC library can write past the end of a
stack buffer. This may (but is unlikely to) lead to execution of
arbitrary code.
ticket: 5585
version_fixed: 1.6.2
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19638
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 20 Jun 2007 01:40:52 +0000 (01:40 +0000)]
pull up r19536 from trunk
r19536@cathode-dark-space: hartmans | 2007-04-29 17:55:04 -0400
ticket: new
subject: rd_req_decoded needs to deal with referral realms
Target_Version: 1.6.2
Tags: pullup
* Fix handling of null realm in krb5_rd_req_decoded; now we treat a
null realm as a default realm there, as we do in the keytab code.
ticket: 5551
version_fixed: 1.6.2
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19598
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 20 Jun 2007 01:40:34 +0000 (01:40 +0000)]
pull up r18817 as prereq for r19536
r18817@cathode-dark-space: raeburn | 2006-11-15 20:20:47 -0500
* rd_req_dec.c: Whitespace changes in function headers.
(krb5_rd_req_decoded_opt): Include more info in error text for AP_WRONG_PRINC
and NOPERM_ETYPE errors.
ticket: 5551
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19597
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 19 Jun 2007 19:22:50 +0000 (19:22 +0000)]
pull up r19582 from trunk
r19582@cathode-dark-space: tlyu | 2007-06-18 17:07:37 -0400
ticket: new
subject: krb5_walk_realm_tree leaks in capaths case
target_version: 1.6.2
tags: pullup
Markus Moeller reports a leak in krb5_get_credentials() which was then
traced down to profile strings leaking from within
krb5_walk_realm_tree(). A pointer to a profile string was getting
overwritten without the string being freed when *cap_nodes[0] == '.'.
Fix is to free the string prior to overwriting the pointer if the
pointer is non-null.
ticket: 5579
version_fixed: 1.6.2
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19593
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 19 Jun 2007 19:22:37 +0000 (19:22 +0000)]
pull up r19572 from trunk
r19572@cathode-dark-space: jaltman | 2007-06-11 18:14:56 -0400
ticket: 5573
tags: pullup
This patch adds src/include/krb5/krb5.h to the MSI installer SDK component.
(Thanks to Asanka Herath for the patch.)
ticket: 5573
version_fixed: 1.6.2
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19592
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 19 Jun 2007 19:22:24 +0000 (19:22 +0000)]
pull up r19541 from trunk
r19541@cathode-dark-space: jaltman | 2007-05-03 18:57:05 -0400
ticket: new
subject: Modify WIX installer to better support upgrading betas
component: windows
tags: pullup
The WIX installers did not upgrade previous installations with the same
version number as the current package being installed. This would leave
multiple installations of KFW x.y.z registered as being installed on the
machine even though only the most recent install is being used.
This commit instructs the Windows Installer to uninstall previous installations
with the same version number (the Maximum Upgrade version) as the package
that is being installed while ensuring that the package being installed
will not be uninstalled if the installation is being modified or repaired.
ticket: 5554
version_fixed: 1.6.2
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19591
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 19 Jun 2007 19:22:14 +0000 (19:22 +0000)]
back to krb5-1.6.1-postrelease
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19590
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 2 May 2007 21:28:12 +0000 (21:28 +0000)]
patchlevel and winlevel for kfw-3.2.0
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19539
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 2 May 2007 03:58:39 +0000 (03:58 +0000)]
pull up r19537 from trunk
r19537@cathode-dark-space: jaltman | 2007-05-01 21:31:50 -0400
ticket: 5552
tags: pullup
k5-int.h, gic_opt.c
The krb5_get_init_creds_password() and krb5_get_init_creds_keytab()
functions permit the gic_opts parameter to be NULL. This is not
taken into account when testing the value with the macros
krb5_gic_opt_is_extended() and krb5_gic_opt_is_shadowed().
Nor is it taken into account within krb5int_gic_opte_copy() which
is called by krb5int_gic_opt_to_opte() when the input parameter is
not a krb5_gic_opt_ext structure.
This commit makes two changes:
(1) it modifies the macros to ensure that the value is non-NULL
before evaluation.
(2) it modifies krb5int_gic_opte_copy() to avoid copying the
original values with memcpy() when the input is NULL.
In addition, the code was audited to ensure that the flag
KRB5_GET_INIT_CREDS_OPT_SHADOWED is properly set and that when
it is set, that the allocated krb5_gic_opt_ext structure is
freed by krb5_get_init_creds_password() and
krb5_get_init_creds_keytab().
ticket: 5552
version_fixed: 1.6.2
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19538
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 26 Apr 2007 00:53:00 +0000 (00:53 +0000)]
back to krb5-1.6.1-postrelease
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19533
dc483132-0cff-0310-8789-
dd5450dbe970