git.tremily.us Git - krb5.git/log

Remove os_get_default_config_files, and the krb5int_* functions not
actually called directly from outside the library, from the export
list.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19872 dc483132-0cff-0310-8789-dd5450dbe970

pullup to trunk

ticket: 5643
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19871 dc483132-0cff-0310-8789-dd5450dbe970

In clean-windows, replace spaces with tab

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19870 dc483132-0cff-0310-8789-dd5450dbe970

NIM: version update

Set the Network Identity Manager application version to 1.3.1 and the
API version to 10.

ticket: new
component: windows

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19869 dc483132-0cff-0310-8789-dd5450dbe970

NIM: Revert ticket 5604

There was a spurious trigger for reloading the layout of the Network
Identity Manager timer code. This was presumably introduced to
mitigate a problem where the identity and outline status might become
stale. (Ticket 5604)

This should no longer be necessary.

ticket: new
component: windows

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19868 dc483132-0cff-0310-8789-dd5450dbe970

NIM: Reposition New Credentials Dialog if necessary

The new credentials dialog in Network Identity Manager does not check
whether it is positioned outside of the display screen.  It tries to
position itself in the center of the primary display if the Network
Identity Manager window is hidden and it tries to center itself over
the main window if the main window is visible.  If the main window is
too close to the edge of the screen, this may result in the new
credentials window being partially outside the display area.  This is
especially a problem when the new credentials dialog switches to the
advanced view.

The patch checks whether the window rectangle is visible before
repositioning the new credentials dialog and adjusts the window
rectangle so that it is.

ticket: new
component: windows

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19867 dc483132-0cff-0310-8789-dd5450dbe970

NIM: External changes to default identity are improperly reflected by krb5 provider

The Kerberos v5 identity provider for Network Identity Manager
monitors the "Software\MIT\kerberos5" registry key for the logged in
user for changes to the "ccname" value.  If a change is noticed, it
would query the Kerberos v5 library for the default credentials cache
and attempt to determine the new default identity, which it would then
communicate to the Network Identity Manager application.

When the identity provider queried the Kerberos v5 library after a
registry change notification, it used a cached krb5_context for the
thread.  The default credentials cache found using this krb5_context
may not be what the registry specified.

This patch modifies the code in k5_ccname_monitor_thread() to create a
use a new krb5_context when querying for the default credentials cache
following a registry change notification.  Doing so ensures that
Kerberos v5 library takes the new registry value into account.

ticket: new
component: windows

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19866 dc483132-0cff-0310-8789-dd5450dbe970

NIM: khcint_remove_space() frees memory too soon

The Network Identity Manager Configuration Provider module keeps track
of the application and plug-in configuration settings organized into
configuration spaces.  The state of each configuration space is
maintained in a reference counted object.  Once all the references are
released, the Configuration Provider will attempt to free the
resources allocated for the object.

If the configuration space was marked for deletion, then the registry
keys associated with the object need to be deleted when the
object is being discarded.  Due to a coding error, the memory
allocated for the object would be freed before the associated registry
keys were deleted.  This could result in a memory access error.

The patch corrects the code in khcint_remove_space() to free the
allocated memory after all the remaining clean-up steps have been
performed.

ticket: new
component: windows

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19865 dc483132-0cff-0310-8789-dd5450dbe970

NIM: Add Identity Provider Pre-Process Message

The Network Identity Manager application does not provide a user
interface for identity specification.  That responsibility lies with
the identity provider.  Whenever a dialog needs to allow the user to
specify an identity, the identity provider has to populate the dialog
with the necessary controls so that the user can specify an identity.
In the case of the Kerberos v5 identity provider, the controls allow
the user to specify a username and a realm.

Once the dialog is populated, the application will dispatch window
messages to the identity provider.  The identity provider will handle
the window messages and notify the application when the selected
identity changes.

One deficiency of the API was that there was no message to notify the
identity provider that an identity selection has to be made
immediately.  When the user invokes the default action for a dialog by
hitting enter, the only message received by the dialog is a command
identifier of the default action.  In this case, the identity provider
will not get a chance to notify the application of the identity
selection.

This patch fixes the API deficiency by introducing a new message,
WMNC_IDENT_PREPROCESS, which the application can use to notify the
identity provider that the dialog box is about to be processed.  In
response, the identity provider can notify the application of the
selected identity even if no other messages were received by the
identity provider.

ticket: new
component: windows

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19864 dc483132-0cff-0310-8789-dd5450dbe970

NIM: Keep API release documentation up to date

Update the Network Identity Manager developer documentation to include
a reference to the 1.3.0 release which was included with Kerberos for
Windows 3.2.1.

The release history and, in particular, the API versions corresponding
to each release is important for third-party plug-in developers.

ticket: new
component: windows

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19863 dc483132-0cff-0310-8789-dd5450dbe970

NIM: support include files in schemas

The ccsv.pl and csvschema.cfg scripts are used to generate "C" source
code from CSV files containing tabular data.  In particular, these are
used to define the configuration schema for Network Identity Manager
and some of its plug-ins.

It is desirable to be able to include arbitrary header files and
define macros in the generated C code so that the schema definition
can use them.  This patch allows the CSV files to contain headers that
define lines of text that will be included literally in the generated
C code.  Lines at the start of schema CSV file that begin with '#@'
will be stripped of the '#@' prefix and inserted into the C code.

E.g: The following line at the start of a schema CSV file:

#@#include<windows.h>

,will result in the following text in the C code:

#include<windows.h>

Then the schema definition can use macros of the form:

ClrHeaderExpSel, KC_INT32, "RGB(195, 94, 94)"

,which use macros such as RGB that are defined in the included header
file.

ticket: new
component: windows

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19862 dc483132-0cff-0310-8789-dd5450dbe970

NIM: remove unused code from ui/credwnd.c

Remove unused code from Network Identity Manager credwnd.c. The code
was meant to construct a user interface context based on where the
user right clicks on the credentials display. However, doing so
without indicating the changed selection to the user results in the
application performing an operation on an identity or credential that
the user didn't intend to select.

The code was commented out and was never used in any recent release of
Kerberos for Windows.

ticket: new
component: windows

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19861 dc483132-0cff-0310-8789-dd5450dbe970

NIM: Selection Issues

Credentials selection in Network Identity Manager has usability
issues due to the following causes:

- The "cursor row" is not always selected.

  The "cursor row" is the row which the "cursor" is on. Navigating the
  credentials view using the keyboard or clicking the credentials
  display with the mouse will move the cursor to different rows.
  However, this cursor row is not always selected, especially when
  Network Identity Manager starts.

  Having the selection be independent of the cursor row is a
  requirement for supporting "toggle" selections (holding the 'ctrl'
  key while clicking), which is a standard way of doing multiple
  selections on Windows.

  The problem with the cursor row not being selected when Network
  Identity Manager starts is due to the delayed start of its plug-ins.
  Even though the first row is initially selected, when plug-ins
  complete initialization and notify the application about the
  credentials that they see, those credentials end up accumulating
  under different identities.  The existing code didn't enforce the
  selection state of the identity on the newly added
  credentials. Since there were unselected credentials under the
  selected outline level, the code would then turn off the selected
  bit for the outline (which usually is an outline level for an
  identity) for consistency.

  The patch changes the behavior to enforce the selection state of the
  enclosing outline on any new outline levels or credentials that are
  added under it.  This prevents an outline level from losing its
  selection state when new credentials are added under it.

- Identities may have stale data associated with it.

  The credentials view maintains a set of cached properties for each
  identity that has credentials.  During each refresh cycle, it would
  go through the credentials and update the properties of each
  identity.  However it would not update the properties for identities
  that are not associated with any credentials.

  When the credentials associated an identity were deleted, the cached
  properties for that identity sometimes never got reset.  If the
  identity was marked as "always visible", then it would be listed in
  the credentials view along with the stale properties.

  This patch properly initializes the properties of identities which
  are not associated with any identities.

- Selection state is not updated when switching views.

  The credentials view maintains selection state for individual
  credentials when switching views.  The same is not true for the
  outlines since the outline needs to be reconstructed during the
  switch.

  The exising code failed to update the selection state of the
  outlines after switching the view to reflect the the selection state
  of the credentials.  As a result, once a the user switched a view,
  she might see outline levels which do not appear to be selected even
  though all the credentials contained at the outline level appear
  selected.

  This patch properly adjusts the selection state of outline nodes to
  correspond to the selection state of the contained credentials.

- Selection state may be inconsistent when more than one credential is
  associated with a single row.

  Some rows may represent more than one credential.  A collapsed
  outline represents all the credentials contained within that outline
  level.  In addition, two credentials that will appear the same to
  the user (because all the displayed properties are the same) will be
  represented by one row.

  The selection state of these rows should be consistent with the
  selection state of all the credentials that it represents.  The
  previous code did not enforce this constraint. This patch aims to
  fix this by enumerating all the credentials that are represented
  by each row and setting the selection state of each credential to
  match the selection state of the row.

ticket: new
component: windows

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19860 dc483132-0cff-0310-8789-dd5450dbe970

NIM: Handle WM_PAINT messages without update regions

It is possible to receive a WM_PAINT message in Windows without there
being an update region. For example, this can be caused by someone
calling RedrawWindow() with the RDW_INTERNALPAINT flag set. In this
case, GetUpdateRect() will indicate that there is no update region and
calling BeginPaint()/EndPaint() results in incorrect behavior.

The credentials window in Network Identity Manager needs to perform
special handling for this case by obtaining a proper device context
and completing the drawing operation.

ticket: new
component: windows

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19859 dc483132-0cff-0310-8789-dd5450dbe970

NIM: do not permit resizing of filler columns

The credentials display of Network Identity Manager allows the user to
change the order and size of the displayed columns.  However, some
columns are not resizable.

An oversight in the earlier code allowed the user to change the size
of "filler" columns.  These columns are sized to fill up the remainder
of the display area after the other columns have been allocated.
Their width is determined by the size of the credentials display and
the width of the other columns.  They are used in the basic view where
the only columns are the flags column (fixed width) and the identity
column (filler).

This patch prevents the "filler" columns (columns with the
KHUI_CW_COL_FILLER flag) from being resized.

ticket: new
component: windows

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19858 dc483132-0cff-0310-8789-dd5450dbe970

NIM: Cannot cancel timers which have inserted a WM_TIMER message into the queue

The credentials view in Network Identity Manager displays several user
interface elements that need to be updated periodically such as any
fields that denote the time remaining for a credential or an identity,
or an icon and coloring used to indicate the expiration state.  When
the display rows are computed, the credentials view creates a set of
timers that reference each row that times out when that row needs to
be redrawn.

Since the rows change when switching views or when the outline is
recomputed, all the timers are canceled and re-scheduled.  However, a
race conditions exists where the timer times-out before it is
canceled, in which case a WM_TIMER message is placed in the
credential window's message queue.  Windows does not support
canceling a timer that has already fired and has been placed on the
message queue.

By the time the WM_TIMER message is received by the window, the rows
of the display would have been recomputed and the row that the message
references may not be what it intended to reference. A spurious
WM_TIMER message is harmless when it refers to a row corresponding to
a credential.  However, the existing code assumed that if a timer event
is received that referred to an outline row, then that outline must be
an expanded view of an identity, which is currently the only type of
outline row that receives timers.  This assumption does not always
hold in the case of a spurious WM_TIMER message and may lead to the
code attempting to use the outline data as a handle to an identity.
The patch fixes the problem by checking if the row is actually an
expanded view of an identity and ignoring the message if it is not.

ticket: new
component: windows

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19857 dc483132-0cff-0310-8789-dd5450dbe970

NIM: Context menu selection issues

The handler for WM_CONTEXTMENU in the credentials view of Network
Identity Manager assumed that the context menu was invoked using the
mouse.  If it was, then the message parameters would specify the x and
y co-ordinates of the mouse.  The context menu can also be invoked via
the keyboard, in which case the x- and y- coordinates are set to
(-1,-1).

An additional problem with the code is that it was not selecting the
row that was right-clicked on if it was not already selected.  This
results in the some of the commands on the context menu targetting
credentials that the user didn't intend to target.

This patch adds support for handling the context menu when it is
invoked via the keyboard and also sets the selection to the row that
was right-clicked if the user invokes the context menu using the
mouse.

ticket: new
component: windows

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19856 dc483132-0cff-0310-8789-dd5450dbe970

NIM: Color Schemas

The default color scheme used by the Network Identity Manager credentials
display can sometimes cause the text to be difficult to read.  In
addition, since some of the colors are derived from colors used by the
current Windows theme, the selection, window background and text
colors may be mismatched with the colors that are hardcoded into the
application.

To rememdy this problem, this patch defines a new set of colors
that will be used with the credentials display.  The new scheme
doesn't use a special color to distinguish the default identity which
is already indicated with the text "(Default)" displayed alongside it.
Instead the colors are used to denote the remaining lifetime of
credentials and identities.

Also, the color scheme defines all the colors that it uses instead of
deriving some of them from the Windows color scheme.

All the color information is now kept in the Network Identity Manager
UI schema.  The schema automatically maps to the registry, so users
(and deployers) can override the colors by creating the necessary
registry keys and values.  The registry keys containing color
information are:

  Software\MIT\NetIDMgr\CredWindow\Themes and
  Software\MIT\NetIDMgr\CredWindow\Themes\Default

The "Default" key contains the default color scheme.  The color value
names are defined in ui\uiconfig.csv under Themes\_Schema
configuration subspace.  Each color is represented by a 32-bit number.
The low-order 24 bits contain a COLORREF value.  The high-order 8 bits
contain an alpha value which, if non-zero, will be used to blend the
color with the selection color (color value named ClrSelection).

ticket: new
component: windows

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19855 dc483132-0cff-0310-8789-dd5450dbe970

NIM: New command-line options --hide and --show / new command-line help dialog

Add two command-line options to the Network Identity Manager application:

--hide : If there is already an instance of Network Identity Manager
         running in the user's session, this will cause the main
         window of that instance to be hidden.

--show : Unhides the main window of the running instance.

If no options are specified when starting netidmgr.exe while another
instance is running, the running instance will perform the default
action as configured in the user's preferences.  By default, this will
be to show the main window.

The message box that displayed the command-line options if an invalid
option is specified has been replaced with a dialog box that shows the
options in a more readable rich text control.  The contents of the
control are specified in ui/lang/<lang>/cmdline.rtf.

Do not edit cmdline.rtf with Microsoft Word.  The output of Word is
incompatible with the RichEdit20 component.

ticket: new
component: windows

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19854 dc483132-0cff-0310-8789-dd5450dbe970

NIM: Identity Configuration Panel Fixes

In the identity configuration panel of Network Identity Manager, the
user can specify a new identity which can then be configured.

The existing code didn't check if the identity specified by the user
already exists.  The patch adds the check.  If the identity already
exists, the user is notified as such.

Another bug prevented the user from configuring an identity that was
added back in following the deletion of the same identity during the
same session.  The deleted status of the identity was not reset when
it was added back.

Additionally, this patch adds code that has already been added to the
new credentials dialog to apply Windows XP theme textures to the child
dialogs used as tab panels in the configuration dialog.  Child dialogs
don't automatically adjust the theme settings based on whether it is
nested inside a tab control.  The theme must be applied manually.

ticket: new
component: windows

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19853 dc483132-0cff-0310-8789-dd5450dbe970

NIM: resource leak in khui_action_trigger()

The khui_action_trigger() function in the Network Identity Manager API
creates a copy of the current user interface context (which contains
information about the credentials and identities that are currently
selected) before triggering the requested action. Then it will use
the copy to restore the user interface context to its previous state.
A coding error results in the copy of the context to never be
released. As a result there is a resource leak.

The attached patch fixes the leak by releasing the context once it
is no longer needed.

ticket: new
component: windows

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19852 dc483132-0cff-0310-8789-dd5450dbe970

no unistd.h on Windows

do not include unistd.h on Windows because it doesn't exist

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19851 dc483132-0cff-0310-8789-dd5450dbe970

cleanup src/lib/gssapi/krb5/error_map.h on Windows

during 'clean' delete the generated file error_map.h

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19850 dc483132-0cff-0310-8789-dd5450dbe970

Add documentation for CCAPI

Added Doxygen-based documentation to CredentialsCache.h and checked
in a copy of the html output of that documentation.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19849 dc483132-0cff-0310-8789-dd5450dbe970

Use -Wno-format-zero-length if GCC version supports it

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19848 dc483132-0cff-0310-8789-dd5450dbe970

Added errmap.h to the generate-files-mac target

ticket: 5654

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19846 dc483132-0cff-0310-8789-dd5450dbe970

read_entropy_from_device on partial read will not fill buffer

read_entropy_from_device() will loop in read until the desired number
of bytes are read from the device (/dev/random, /dev/urandom). I have
observed that for /dev/random, if there is not enough bits available
for reading - it will return a partial read. The code would loop in
this case, but never advance the location to place the new bytes -
hence the start of the buffer would be filled again - leaving the tail
end as stack garbage.

ticket: new
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19845 dc483132-0cff-0310-8789-dd5450dbe970

make depend

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19832 dc483132-0cff-0310-8789-dd5450dbe970

remap mechanism-specific status codes in mechglue/spnego

This patch creates a mapping in the mechglue/spnego code to modify
mechanism status codes when passing them back to the application, so
that mechglue's display_status dispatcher can determine the correct
mechanism to dispatch to.

This is part of the "get enhanced error messages from gssapi
applications" project; ticket 5590 has updates to the Kerberos 5
mechanism to extract enhanced error messages (when there are any) from
the Kerberos library.

util/gen.pl, util/t_*.pm: New code generation script and templates.

lib/gssapi/generic: Add a new, global mapping that enumerates the
{mechOID,status} pairs as they're seen, allowing a magic mechOID value
to indicate com_err error codes from mechglue and spnego, and
reserving status code 0 for unknown errors.  Preload the Kerberos
"wrong principal" error code once for each mechanism OID used for
Kerberos, so the entries get fixed positions (1-3) in the table.

lib/gssapi/gss_libinit.c: Call the initializer and destructor
functions.

lib/gssapi/mechglue, lib/gssapi/spnego: Enter all mechanism-generated
or locally-generated status codes into the mapping table, and return
the table index to the application.  Do the reverse in display_status,
to get the messages from the mechanism..

lib/rpc: Define new function gssrpcint_printf to use for debugging
instead of printf, to redirect output away from dejagnu; add a couple
more debugging calls.  Check for minor status codes 1-3 now instead of
KRB5KRB_AP_WRONG_PRINC.

tests/dejagnu/krb-standalone/gssftp.exp: Test getting more detailed
error messages back, by having the ftp client attempt to authenticate
to a non-existent service, and examining the error message for the
service principal name.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19831 dc483132-0cff-0310-8789-dd5450dbe970

(krb5_gss_internal_release_oid): Always clear *minor_status

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19830 dc483132-0cff-0310-8789-dd5450dbe970

Only do fake-install in pkinit if building pkinit

ticket: 5617

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19829 dc483132-0cff-0310-8789-dd5450dbe970

Change prototype for g_token_size to match function declaration later
in file. (OM_Uint32 changed to unsigned int). On a 64 bit architecture, they
are different.

ticket: 5581
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19828 dc483132-0cff-0310-8789-dd5450dbe970

compilation failure with IRIX native compiler

gss_release_buffer takes OM_uint32* as an argument, not OM_uint32.

ticket: new
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19827 dc483132-0cff-0310-8789-dd5450dbe970

sprintf conversion to snprintf in r19703 introduced some signed/unsigned
warnings. Cleanup.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19823 dc483132-0cff-0310-8789-dd5450dbe970

t_ser should no longer use kdb libraries

Remove the call to krb5_db_fini() - as rest of the db code was pulled
during DAL integration. This removes dependency on db libraries -
alter Makefile.in.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19822 dc483132-0cff-0310-8789-dd5450dbe970

Free memory leak in do_test() from asprintf integration

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19821 dc483132-0cff-0310-8789-dd5450dbe970

remove inadvertent commit of symbols temporarily exported in
a sandbox to permit building of pkinit code on Windows.

ticket: 5645

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19819 dc483132-0cff-0310-8789-dd5450dbe970

export krb5_get_profile

Export krb5_get_profile. Remove comment saying it should be
added and just do it.

ticket: new
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19818 dc483132-0cff-0310-8789-dd5450dbe970

Simulate changing views when the REFRESH action is run and when credentials are updated.
This makes the symptoms go away but does not solve whatever the underlying problem is.

I missed this change yesterday.

This should be added to kfw-3_2_1-beta2.

Ticket: 5604
Tags: pullup
Target_Version: 1.6.3
Tags: Pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19813 dc483132-0cff-0310-8789-dd5450dbe970

need more dylib_file specs for darwin

Currently the KDB LDAP plugin won't build on Mac OS X 10.4 if a tree
hasn't been previously installed, because it can't find the libraries
that we haven't installed yet. (Finding earlier versions isn't
sufficient, if symbols are needed that are not present in the
installed versions.)

Add -dylib_file specs for libkadm5srv and libkdb to LDCOMBINE, in
addition to libkrb5support that was already there.

Unfortunately, this makes shlib.conf dependent on more library version
numbers.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19771 dc483132-0cff-0310-8789-dd5450dbe970

Simulate changing views when the REFRESH action is run and when credentials are updated

This makes the symptoms go away but does not solve whatever the underlying problem is.

Ticket: 5604
Tags: pullup
Target_Version: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19770 dc483132-0cff-0310-8789-dd5450dbe970

Control watermark display with registry entry; document the registry entry

Ticket: 5609
Tags: pullup
Target_Version: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19769 dc483132-0cff-0310-8789-dd5450dbe970

The background color is changed to COLOR_WINDOW

Ticket: 5607
Tags: pullup
Target_Version: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19768 dc483132-0cff-0310-8789-dd5450dbe970

Get rid of some old SunOS 4 config stuff

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19762 dc483132-0cff-0310-8789-dd5450dbe970

Patch developed by kpkoch with style changes from jaltman

The size/position of the main application window is
internally updated in response to WM_MOVE messages but is
only written to the registry after a timeout period.  This
is done due to the large number of WM_MOVE messages that
can be delivered during a windows drag / resize operation
involving the user or explorer shell's tile and cascade
operations.  (or those involving third party desktop managers.)

In NIM 1.8 two different application view modes (standard
and advanced) replaced the single view mode in previous
releases.  The size/position update logic was not modified
to take into consideration the possibility that a user might
move/resize the window and then quickly toggle modes before
the new location or size were recorded to the registry.

This change ensures that when a mode change occurs, via a
call to khm_set_main_window_mode(), that the current
location/size will be written to the registry and any
outstanding timer, MW_RESIZE_TIMER, will be cleared.

The logic to save the location/size has been extracted
into the new static function main_wnd_save_sizepos().

main_wnd_save_sizepos() is only called after the application
window has been created.

ticket: 5613

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19760 dc483132-0cff-0310-8789-dd5450dbe970

In krb5_preauth_context ftable should be
struct krb5plugin_preauth_client_ftable_v1 *
instead of
struct krb5plugin_preauth_client_ftable_v0 *

ticket: 5617

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19759 dc483132-0cff-0310-8789-dd5450dbe970

Only build pkinit plugin if a sufficiently recent version of OpenSSL is available

ticket: 5617

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19758 dc483132-0cff-0310-8789-dd5450dbe970

Release mechtok_out in spnego_gss_init_sec_context.
Reported by Markus Moeller.

ticket: 5629
version_reported: 1.6.1
target_version: 1.6.3
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19757 dc483132-0cff-0310-8789-dd5450dbe970

missing comma

The pkinit additions in revision 18973 left out a comma after the
last function in the list. This caused builds that did not define
DESIGNATED_INITIALIZERS to break.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19755 dc483132-0cff-0310-8789-dd5450dbe970

KRB5_CALLCONV must be specified inside parens

When declaring a function pointer, the function type
modifiers must be inside the parentheses.

return-type (modifers * function-name) (parameters)

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19754 dc483132-0cff-0310-8789-dd5450dbe970

Remove these files that were not intended to be moved onto the trunk

ticket: 5617

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19753 dc483132-0cff-0310-8789-dd5450dbe970

Add missing @end quotation

ticket: 5617

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19752 dc483132-0cff-0310-8789-dd5450dbe970

krb5_fcc_generate_new() doesn't work with mkstemp()

If mkstemp() is available, the new ccache file gets created but the
subsequent open(O_CREAT|O_EXCL) call fails because the file was
already created by mkstemp(). Apply patch from Apple to keep the file
descriptor open.

ticket: new
tags: pullup
target_version: 1.6.3
component: krb5-libs

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19749 dc483132-0cff-0310-8789-dd5450dbe970

Based on Apple's patch, during the referrals loop, check to see if the
session key enctype of a returned credential for the final service is
among the enctypes explicitly selected by the application, and retry
with old_use_conf_ktypes if it is not.

ticket: 4950
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19748 dc483132-0cff-0310-8789-dd5450dbe970

NIM: apply does not update saved values of general identities cfg page

The general identities configuration panel failed to update the saved values
of the DefaultMonitor, DefaultAllowAutoRenew, and DefaultSticky options after
the "Apply" button was pressed. This resulted in the subsequent value changed
states being incorrect.

This patch saves the values.

ticket: new
component: windows

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19747 dc483132-0cff-0310-8789-dd5450dbe970

Add internal prototype for krb5_preauth_supply_preauth_data(). Clean up
some shadow variable warnings, make depend...

ticket: 5617

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19746 dc483132-0cff-0310-8789-dd5450dbe970

Add PKINIT support

Pull up PKINIT support onto the trunk.

Changes from the version in branch users/coffman/pkinit are:

- Update the preauth plugin interface version to avoid
conflict with any existing plugins.
- Add a pkcs11.h locally to the pkinit code rather than
depending on opensc being installed.

ticket: new
Target_Version: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19745 dc483132-0cff-0310-8789-dd5450dbe970

Define snprintf along with vsnprintf for Windows

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19742 dc483132-0cff-0310-8789-dd5450dbe970

Don't define vsnprintf for Windows here

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19741 dc483132-0cff-0310-8789-dd5450dbe970

Implemented and tested cc_ccache_wait_for_change()

ticket: 4644
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19740 dc483132-0cff-0310-8789-dd5450dbe970

Set KTFILEP field to null any time we close the file

ticket: 3099
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19739 dc483132-0cff-0310-8789-dd5450dbe970

Debugged version of patch worked up with Luke

Adds a callback to krb5int_sendto to examine the response and indicate
whether to quit the loop or not. For sendto_kdc, keep going if the
returned error is "service unavailable". Updated all other callers to
pass a null function pointer, which means to always break out of the
loop on any response (the old behavior).

ticket: 3334

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19738 dc483132-0cff-0310-8789-dd5450dbe970

make depend

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19737 dc483132-0cff-0310-8789-dd5450dbe970

Check for null file handle in get_next.
Patch from Luke Howard.

ticket: 5471

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19736 dc483132-0cff-0310-8789-dd5450dbe970

Provide {,v}asprintf prototypes if needed

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19735 dc483132-0cff-0310-8789-dd5450dbe970

Check whether a prototype for vasprintf is needed

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19734 dc483132-0cff-0310-8789-dd5450dbe970

If no salt is included with the key data, set the salt length field to 0.
Bug report and patch from Nalin Dahyabhai.

ticket: 5545

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19733 dc483132-0cff-0310-8789-dd5450dbe970

Updated API version to 7 because we added the wait_for_change functions

ticket: 4644
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19732 dc483132-0cff-0310-8789-dd5450dbe970

Added callback support for wait_for_change functions

ticket: 4644
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19731 dc483132-0cff-0310-8789-dd5450dbe970

Include k5-platform.h

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19729 dc483132-0cff-0310-8789-dd5450dbe970

Pull out code for looking up the current time, comparing the offset of
a supplied timestamp against the configured maximum clock skew, and
possibly generating an error message, into a separate routine.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19722 dc483132-0cff-0310-8789-dd5450dbe970

declare xasprintf

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19721 dc483132-0cff-0310-8789-dd5450dbe970

provide more useful error message when running kpropd on command line

The way kpropd indicates that it's supposed to be connected to the network
is by printing out a socket error:

kpropd: getpeername: Socket operation on non-socket

With this patch, it's a bit more friendly:

./kpropd: Standard input does not appear to be a network socket.
(Not run from inetd, and missing the -S option?)

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19720 dc483132-0cff-0310-8789-dd5450dbe970

Made callback code generic so that change time callbacks can use it as well

ticket: 4644
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19719 dc483132-0cff-0310-8789-dd5450dbe970

Added new autogenerated file to generate-files-mac target

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19718 dc483132-0cff-0310-8789-dd5450dbe970

ccs_pipe_t needs copy and release functions

On Windows it is an allocated type.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19717 dc483132-0cff-0310-8789-dd5450dbe970

make depend

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19710 dc483132-0cff-0310-8789-dd5450dbe970

Use [v]snprintf or asprintf instead of unchecked sprintf and separate allocation size calculations

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19709 dc483132-0cff-0310-8789-dd5450dbe970

Create and use xasprintf akin to xmalloc, returns pointer on success or exits on error

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19708 dc483132-0cff-0310-8789-dd5450dbe970

Recommend snprintf/asprintf. Specify 'static inline'. Use @code for in6addr_any

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19707 dc483132-0cff-0310-8789-dd5450dbe970

Missed a sprintf->snprintf switch

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19706 dc483132-0cff-0310-8789-dd5450dbe970

Avoid unchecked sprintf in some KDC-side programs

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19705 dc483132-0cff-0310-8789-dd5450dbe970

Avoid unchecked sprintf in some more support code

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19704 dc483132-0cff-0310-8789-dd5450dbe970

Avoid use of unchecked sprintf in libraries. Use asprintf if the
output buffer is allocated according to the size of data to be
written, or snprintf otherwise.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19703 dc483132-0cff-0310-8789-dd5450dbe970

Nuke disabled support for ancient .klogin syntax

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19702 dc483132-0cff-0310-8789-dd5450dbe970

Filled in dummy descriptions. Also, no longer errors out of test with ccIteratorEnd

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19701 dc483132-0cff-0310-8789-dd5450dbe970

Add #ifdef WIN32 section

TargetVersion: 1.7
Component: krb5-libs
Ticket: 5594

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19700 dc483132-0cff-0310-8789-dd5450dbe970

#include of Kerberos.h removed. It can't work on Windows and looks like its not needed on the Mac, either

TargetVersion: 1.7
Component: krb5-libs
Ticket: 5594

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19699 dc483132-0cff-0310-8789-dd5450dbe970

Added dummy Description arguments where needed. Compiles on Windows now

TargetVersion: 1.7
Component: krb5-libs
Ticket: 5594

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19694 dc483132-0cff-0310-8789-dd5450dbe970

Added dummy Description arguments where needed. Compiles on Windows now

TargetVersion: 1.7
Component: krb5-libs
Ticket: 5594

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19693 dc483132-0cff-0310-8789-dd5450dbe970

TargetVersion: 1.7
Component: krb5-libs
Ticket: new
Subj: Work on compiling the CCAPI test suite on Windows.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19692 dc483132-0cff-0310-8789-dd5450dbe970

make depend

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19688 dc483132-0cff-0310-8789-dd5450dbe970

Get rid of .o files when cleaning

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19687 dc483132-0cff-0310-8789-dd5450dbe970

Set PERL

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19677 dc483132-0cff-0310-8789-dd5450dbe970

Make error_map.h depend on ktemplate.pm too

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19675 dc483132-0cff-0310-8789-dd5450dbe970

Add a note at the start of the output reminding the reader that it's a generated file

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19674 dc483132-0cff-0310-8789-dd5450dbe970

Handle 'Credentials cache file <path> not found'

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19673 dc483132-0cff-0310-8789-dd5450dbe970

gss krb5 mech enhanced error messages

Save detailed error messages (usually from the krb5 library) in
per-thread storage, mapping each error code to the most recently
produced message for it. Return the message from display_status.

Currently not implemented for a few cases where the krb5 mechanism
returns a minor status code of 0, or another value different from the
libkrb5 error code.

Other functions are available to store a generic string or formatted
message, but aren't used much at present.

Tested with these errors in context establishment:
* missing ccache (libkrb5 shows pathname if FILE: type)
* missing keytab (libkrb5 shows pathname if FILE: type)
* server principal unknown (libkrb5 shows server principal)

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19672 dc483132-0cff-0310-8789-dd5450dbe970

Use strdup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19671 dc483132-0cff-0310-8789-dd5450dbe970

Use global spawn_id

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19670 dc483132-0cff-0310-8789-dd5450dbe970