git.tremily.us Git - krb5.git/log

tag krb5-1.6.3-beta1

git-svn-id: svn://anonsvn.mit.edu/krb5/tags/krb5-1-6-3-beta1@19959 dc483132-0cff-0310-8789-dd5450dbe970

README and patchlevel for krb5-1.6.3-beta1

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19958 dc483132-0cff-0310-8789-dd5450dbe970

Fix autoconf-related directory names to account for configure script
being in the local directory instead of at top level.

ticket: 5617

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19954 dc483132-0cff-0310-8789-dd5450dbe970

make depend

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19949 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19911 from trunk

r19911@cathode-dark-space: tlyu | 2007-09-03 23:18:05 -0400
ticket: 3334

bump accessor version number

ticket: 3334
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19948 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19935 from trunk

r19935@cathode-dark-space: tlyu | 2007-09-13 19:51:32 -0400
ticket: 5704
tags: pullup

In the pkinit decoders, set up things properly so that asn1buf_sync()
behaves correctly and isn't acting on uninitialized variables.

ticket: 5704
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19947 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19880 from trunk

r19880@cathode-dark-space: epeisach | 2007-08-26 08:30:24 -0400
ticket: 5617

Change use of choice_pa_pk_as_rep_UNKNOWN to
choice_pa_pk_as_rep_draft9_UNKNOWN to cleanup warning... Value of enum
same in both cases...

ticket: 5617
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19946 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19829 from trunk

r19829@cathode-dark-space: raeburn | 2007-08-16 11:09:58 -0400
ticket: 5617

Only do fake-install in pkinit if building pkinit.

ticket: 5617

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19945 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19759 from trunk

r19759@cathode-dark-space: jaltman | 2007-08-08 01:04:45 -0400
ticket: 5617

In krb5_preauth_context ftable should be
struct krb5plugin_preauth_client_ftable_v1 *
instead of
struct krb5plugin_preauth_client_ftable_v0 *

ticket: 5617

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19944 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19758 from trunk including manual merge

r19758@cathode-dark-space: raeburn | 2007-08-08 01:00:05 -0400
ticket: 5617

Only build pkinit plugin if a sufficiently recent version of OpenSSL is available.

ticket: 5617

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19943 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19755 from trunk

r19755@cathode-dark-space: jaltman | 2007-08-06 11:19:50 -0400
ticket: new
subject: missing comma

The pkinit additions in revision 18973 left out a comma after the
last function in the list. This caused builds that did not define
DESIGNATED_INITIALIZERS to break.

ticket: 5617

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19942 dc483132-0cff-0310-8789-dd5450dbe970

pull up r20272 from trunk

r20272@cathode-dark-space (orig r19753): coffman | 2007-08-06 09:57:26 -0400
ticket: 5617

Remove these files that were not intended to be moved onto the trunk.

ticket: 5617

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19941 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19752 from trunk

r19752@cathode-dark-space: raeburn | 2007-08-04 04:37:13 -0400
ticket: 5617

Add missing @end quotation.

ticket: 5617

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19940 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19746 from trunk, including manual merges

r19746@cathode-dark-space: epeisach | 2007-08-02 22:36:26 -0400
ticket: 5617

Add internal prototype for krb5_preauth_supply_preauth_data(). Clean up
some shadow variable warnings, make depend...

ticket: 5617

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19939 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19745 from trunk, including manual configure.in merges

r19745@cathode-dark-space:  coffman | 2007-08-01 18:09:13 -0400
ticket: new
subject: Add PKINIT support
Target_Version: 1.6.3

Pull up PKINIT support onto the trunk.

Changes from the version in branch users/coffman/pkinit are:

- Update the preauth plugin interface version to avoid
   conflict with any existing plugins.
- Add a pkcs11.h locally to the pkinit code rather than
   depending on opensc being installed.

ticket: 5617

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19938 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19738 from trunk

r19738@cathode-dark-space:  raeburn | 2007-07-27 00:39:21 -0400
ticket: 3334

Debugged version of patch worked up with Luke.

Adds a callback to krb5int_sendto to examine the response and indicate
whether to quit the loop or not.  For sendto_kdc, keep going if the
returned error is "service unavailable".  Updated all other callers to
pass a null function pointer, which means to always break out of the
loop on any response (the old behavior).

ticket: 3334

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19934 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19456 from trunk (prereq for r19738)

r19456@cathode-dark-space: raeburn | 2007-04-13 01:44:38 -0400
Produce a more informative error message for KDC_UNREACH with KDC not responding.

ticket: 3334

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19933 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19920 from trunk

r19920@cathode-dark-space: epeisach | 2007-09-04 22:08:58 -0400
ticket:new
subject: krb5_fcc_generate_new is non-functional

File locking was non-existant in this code and fccs chained list was
not used at all. This resulted in an assertion failure when closing the
cache. Code has been reorganized to parallel the code in krb5_fcc_resolve
for easier maintenence.

Commented out test in t_cc.c has been updated to actually test this code.

ticket: 5708
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19932 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19910 from trunk

r19910@cathode-dark-space: tlyu | 2007-09-03 22:10:13 -0400
ticket: 5697

Bail out if encoded "ticket" doesn't decode correctly. This allows
t_cc test case to pass and allows non-tickets to be stored (for now).

ticket: 5697
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19928 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19898 from trunk

r19898@cathode-dark-space: tlyu | 2007-08-29 18:59:52 -0400
ticket: 5697
tags: pullup

Make ccache handle referrals better by storing both server principal
names if they differ between the creds structure and the encoded
ticket and by looking up the server principal using the client's realm
if not found and server's realm was initially the referral (empty)
realm.

ticket: 5697

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19927 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19914 from trunk

r19914@cathode-dark-space: tlyu | 2007-09-04 14:53:09 -0400
ticket: new
target_version: 1.6.3
tags: pullup
subject: fix CVE-2007-4000 modify_policy vulnerability

In kadm5_modify_policy_internal, check for nonexistence of policy
before doing anything with it, to avoid memory corruption.

ticket: 5707
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19926 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19923 from trunk

r19923@cathode-dark-space:  tlyu | 2007-09-05 15:53:33 -0400
ticket: 5706

Revise patch to avoid 32-byte overflow which remained after the
initial patch.  Memory written to by the IXDR macro calls had not been
accounted for.  Thanks to Kevin Coffman, Will Fiveash, and Nico
Williams for discovering this bug and assisting with patch
development.

ticket: 5706
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19925 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19913 from trunk

r19913@cathode-dark-space: tlyu | 2007-09-04 14:52:56 -0400
ticket: new
subject: fix CVE-2007-3999 svc_auth_gss.c buffer overflow
target_version: 1.6.3
tags: pullup
component: krb5-libs

Make sure svcauth_gss_validate adequately checks oa->oa_length prior
to copying into rpcbuf.

ticket: 5706

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19924 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19894 from trunk

r19894@cathode-dark-space: tlyu | 2007-08-29 16:28:06 -0400
ticket: new
target_version: 1.6.3
subject: -S sname option for kvno
tags: pullup
component: krb5-clients

New option to use krb5_sname_to_principal() for building principal
names, which is useful for testing referrals.

ticket: 5700
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19908 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19736 from trunk

r19736@cathode-dark-space: raeburn | 2007-07-27 00:38:46 -0400
ticket: 5471

Check for null file handle in get_next.
Patch from Luke Howard.

ticket: 5471
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19907 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19845 from trunk

r19845@cathode-dark-space:  epeisach | 2007-08-20 10:50:41 -0400
ticket: new
subject: read_entropy_from_device on partial read will not fill buffer
tags: pullup

read_entropy_from_device() will loop in read until the desired number
of bytes are read from the device (/dev/random, /dev/urandom).  I have
observed that for /dev/random, if there is not enough bits available
for reading - it will return a partial read.  The code would loop in
this case, but never advance the location to place the new bytes -
hence the start of the buffer would be filled again - leaving the tail
end as stack garbage.

ticket: 5666
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19906 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19827 from trunk

r19827@cathode-dark-space: epeisach | 2007-08-15 21:40:50 -0400
ticket: new
subject: compilation failure with IRIX native compiler
tags: pullup

gss_release_buffer takes OM_uint32* as an argument, not OM_uint32.

ticket: 5653
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19905 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19819 from trunk

r19819@cathode-dark-space: jaltman | 2007-08-13 22:54:15 -0400
ticket: 5645

remove inadvertent commit of symbols temporarily exported in
a sandbox to permit building of pkinit code on Windows.

ticket: 5645
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19904 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19818 from trunk

r19818@cathode-dark-space: jaltman | 2007-08-11 11:15:44 -0400
ticket: new
subject: export krb5_get_profile
tags: pullup

Export krb5_get_profile. Remove comment saying it should be
added and just do it.

ticket: 5645

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19903 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19757 from trunk

r19757@cathode-dark-space: tlyu | 2007-08-07 16:13:11 -0400
ticket: 5629
version_reported: 1.6.1
target_version: 1.6.3
tags: pullup

Release mechtok_out in spnego_gss_init_sec_context.
Reported by Markus Moeller.

ticket: 5629
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19902 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19828 from trunk

r19828@cathode-dark-space: epeisach | 2007-08-15 21:52:10 -0400
ticket: 5581
tags: pullup

Change prototype for g_token_size to match function declaration later
in file. (OM_Uint32 changed to unsigned int). On a 64 bit architecture, they
are different.

ticket: 5581
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19901 dc483132-0cff-0310-8789-dd5450dbe970

back to krb5-1.6.2-postrelease

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19826 dc483132-0cff-0310-8789-dd5450dbe970

patchlevel.h and winlevel.h for kfw-3.2.1 final

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19824 dc483132-0cff-0310-8789-dd5450dbe970

back to krb5-1.6.2-postrelease

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19817 dc483132-0cff-0310-8789-dd5450dbe970

patchlevel and winlevel for kfw-3.2.1-beta2

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19815 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19813 from trunk

r19813@cathode-dark-space: kpkoch | 2007-08-10 10:37:04 -0400
Ticket: 5604
Tags: pullup
Target_Version: 1.6.3
Tags: Pullup

Simulate changing views when the REFRESH action is run and when credentials are updated.
This makes the symptoms go away but does not solve whatever the underlying problem is.

I missed this change yesterday.

This should be added to kfw-3_2_1-beta2.

ticket: 5604

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19814 dc483132-0cff-0310-8789-dd5450dbe970

back to krb5-1.6.2-postrelease

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19804 dc483132-0cff-0310-8789-dd5450dbe970

patchlevel and winlevel for kfw-3.2.1-beta1

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19802 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19580 from trunk

r19580@cathode-dark-space:  jaltman | 2007-06-18 12:23:47 -0400
ticket: 5577
tags: pullup

         Corrected the order of the source and modified msi packages
         in the msitran command line used to produce the transform

ticket: 5577
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19801 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19521 from trunk

r19521@cathode-dark-space: kpkoch | 2007-04-23 11:54:19 -0400
Ticket: new
Subject: Optimize file/directory pruning
Target_Version: 1.6.1
Not tagged yet so it can be evaluated first.

Consolidate find and rm operations in prunefiles.pl as suggested by Ken.

Remove pruning of SDK files. This hasn't been needed since the installer builds moved from staging to temp directories.

Remove debug statement not cleaned up previously.

Add a troubleshooting tip to the doc.

ticket: 5542
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19800 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19770 from trunk

r19770@cathode-dark-space: kpkoch | 2007-08-09 10:52:15 -0400
Ticket: 5604
Tags: pullup
Target_Version: 1.6.3

Simulate changing views when the REFRESH action is run and when credentials are updated.

This makes the symptoms go away but does not solve whatever the underlying problem is.

ticket: 5604
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19799 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19760 from trunk

r19760@cathode-dark-space:  jaltman | 2007-08-08 13:45:37 -0400
ticket: 5613

Patch developed by kpkoch with style changes from jaltman.

The size/position of the main application window is
internally updated in response to WM_MOVE messages but is
only written to the registry after a timeout period.  This
is done due to the large number of WM_MOVE messages that
can be delivered during a windows drag / resize operation
involving the user or explorer shell's tile and cascade
operations.  (or those involving third party desktop managers.)

In NIM 1.8 two different application view modes (standard
and advanced) replaced the single view mode in previous
releases.  The size/position update logic was not modified
to take into consideration the possibility that a user might
move/resize the window and then quickly toggle modes before
the new location or size were recorded to the registry.

This change ensures that when a mode change occurs, via a
call to khm_set_main_window_mode(), that the current
location/size will be written to the registry and any
outstanding timer, MW_RESIZE_TIMER, will be cleared.

The logic to save the location/size has been extracted
into the new static function main_wnd_save_sizepos().

main_wnd_save_sizepos() is only called after the application
window has been created.

ticket: 5613
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19798 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19747 from trunk

r19747@cathode-dark-space: jaltman | 2007-08-03 09:22:23 -0400
ticket: new
subject: NIM: apply does not update saved values of general identities cfg page
component: windows

The general identities configuration panel failed to update the saved values
of the DefaultMonitor, DefaultAllowAutoRenew, and DefaultSticky options after
the "Apply" button was pressed. This resulted in the subsequent value changed
states being incorrect.

This patch saves the values.

ticket: 5623
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19797 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19769 from trunk

r19769@cathode-dark-space: kpkoch | 2007-08-09 09:31:11 -0400
Ticket: 5609
Tags: pullup
Target_Version: 1.6.3

Control watermark display with registry entry; document the registry entry.

ticket: 5609
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19796 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19768 from trunk

r19768@cathode-dark-space: kpkoch | 2007-08-09 09:22:59 -0400
Ticket: 5607
Tags: pullup
Target_Version: 1.6.3

The background color is changed to COLOR_WINDOW.

ticket: 5607
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19795 dc483132-0cff-0310-8789-dd5450dbe970

back out r19744

ticket: 5609

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19794 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19635 from trunk

r19635@cathode-dark-space: jaltman | 2007-06-22 15:06:44 -0400
ticket: 5584

Update configuration schema in ui\uiconfig.csv to include additional
documentation for settings and and remove unused values.

ticket: 5584

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19793 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19634 from trunk

r19634@cathode-dark-space: jaltman | 2007-06-22 15:05:44 -0400
ticket: 5584

The new credentials window now applies Windows XP theme settings to
dialog panels that are hosted within tab controls.

ticket: 5584

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19792 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19633 from trunk

r19633@cathode-dark-space: jaltman | 2007-06-22 15:04:54 -0400
ticket: 5584

1. Add a '--minimized' option to start NIM in minimized mode.

2. If the NIM window is requested to open in a minimized state, keep
the window hidden until there's a request to show it.

ticket: 5584

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19791 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19632 from trunk

r19632@cathode-dark-space:  jaltman | 2007-06-22 15:03:57 -0400
ticket: 5584

1. Use the debug CRT versions of the memory allocation functions in
    util\perfstat.c.  These functions allow associating file and line
    numbers with each allocation.

2. Perform a heap verification periodically to check for heap
    corruption in the debug build when using util\perfstat.c to manage
    memory allocations.

3. Change wcscmp() to _wcscmp() for compatibility in util\perfstat.h

ticket: 5584

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19790 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19631 from trunk

r19631@cathode-dark-space:  jaltman | 2007-06-22 15:02:50 -0400
ticket: 5584

1. Fix a malformed line in ui\lang\en_us\khapp.rc in a TEXTINCLUDE
    section.

2. Update the dialog template for the "About" dialog to change the
    size of the dialog box and sort the modules list.

ticket: 5584

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19789 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19630 from trunk

r19630@cathode-dark-space: jaltman | 2007-06-22 15:01:51 -0400
ticket: 5584

NetIDMgr:

Product version => 1.3.0.0
API version => 9

ticket: 5584

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19788 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19629 from trunk

r19629@cathode-dark-space:  jaltman | 2007-06-22 15:00:27 -0400
ticket: 5584

Be more aggressive about forcing the new credentials dialog to the
top.

Many applications call GSSAPI functions from the main GUI thread.
Doing so blocks the window message pump for that application.  When
the GSSAPI call results in the new credentials dialog being displayed,
it will be unable to bring itself to the top and grab the user input
focus because the foreground window is not responding.  This patch
makes the new credentials window a top-most window at creation time
that results in it being created at the top of the Z-order.  It can
then flash the window to indicate that it requires user attention.

ticket: 5584

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19787 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19628 from trunk

r19628@cathode-dark-space: jaltman | 2007-06-22 14:59:35 -0400
ticket: 5584

If the new credentials window is in the advanced mode and the user
tries to switch back to basic mode, we should set the active panel to
the identity selector before switching since the basic mode only
supports the identity selector panel.

ticket: 5584

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19786 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19627 from trunk

r19627@cathode-dark-space: jaltman | 2007-06-22 14:58:09 -0400
ticket: 5584

Don't assume that WM_DESTROY is the last message to be received by a
window. Since the child windows are still alive and kicking by the
time the parent receives WM_DESTROY, it's still possible to receive
other messages after WM_DESTROY.

If we free any window specific data when handling WM_DESTROY, we
should reset the window data field as well, and check if we have a
valid pointer when retrieving the window data field later.

ticket: 5584

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19785 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19626 from trunk

r19626@cathode-dark-space: jaltman | 2007-06-22 14:56:56 -0400
ticket: 5584

The clean:: target of plugins\common\Makefile should reference the
target directories using the symbolic names rather than hard coded
paths.

ticket: 5584

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19784 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19625 from trunk

r19625@cathode-dark-space:  jaltman | 2007-06-22 14:55:46 -0400
ticket: 5584

1. When freeing a message type object, it should also be removed from
    the all_msg_types list.

2. When a type handler is being removed from a message type, we
    shouldn't re-create the message type object if it has already been
    destroyed.

ticket: 5584

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19783 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19624 from trunk

r19624@cathode-dark-space:  jaltman | 2007-06-22 14:54:49 -0400
ticket: 5584

. Fix formatting in kherr.c

2. The FormatMessage() call needs special handling for 64 bit
    platforms.  Add a compile time check for now until we figure out
    what to do.

3. Remove unused code from kherr.c.

4. Correct bad references to typedefs.  kherr_severity and
    kherr_suggestion were sometimes referenced as 'enum kherr_severity'
    and 'enum kherr_suggestion' even though they are typedefs.

ticket: 5584

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19782 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19623 from trunk

r19623@cathode-dark-space: jaltman | 2007-06-22 14:53:45 -0400
ticket: 5584

Add new notification flags KHERR_CTX_NEWCHILD, KHERR_CTX_FOLDCHILD,
KHERR_CTX_PROGRESS for listeners of error context events to enable
them to listen for child context events and progress updates.

ticket: 5584

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19781 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19622 from trunk

r19622@cathode-dark-space: jaltman | 2007-06-22 14:52:40 -0400
ticket: 5584

Error context objects should be verified by checking the magic number
in addition to checking if the pointer to the object is valid.

ticket: 5584

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19780 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19621 from trunk

r19621@cathode-dark-space:  jaltman | 2007-06-22 14:51:34 -0400
ticket: 5584

Each error context in NIM can maintain a progress counter to indicate
the progress of the operation.  The progress counter for a context
that contains child contexts should be computed by adding the progress
counters of its children.  This update corrects the behavior of
kherr_get_progress() and kherr_get_progress_i() to take child contexts
into account.

In addition, since the progress counter of a context now depend on the
progress counters of its children, kherr_set_progress() will send
progress change notifications for any parent context as well.

ticket: 5584

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19779 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19620 from trunk

r19620@cathode-dark-space: jaltman | 2007-06-22 14:50:26 -0400
ticket: 5584

Update developer documentation.

These updates reflect changes that were made to the new credentials
acquisition process and add information to incomplete API
documentation.

ticket: 5584

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19778 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19619 from trunk

r19619@cathode-dark-space: jaltman | 2007-06-22 14:49:30 -0400
ticket: 5584

Remove unused file Makefile.w2k from the uilib directory.

ticket: new
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19777 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19618 from trunk

r19618@cathode-dark-space:  jaltman | 2007-06-22 14:47:16 -0400
ticket: 5584

All exports in nidmgr32.dll are declared as __declspec(dllexport)
using the KHMEXP macro in the header files.  However, since the same
header files are used to declare imports when building applications
and plug-ins that use nidmgr32.dll, the KHMEXP macro should switch to
__declspec(import) so that the relevant import table entries are
created.

To make this switch, the source files that go into nidmgr32.dll are
compiled with the special macro _NIMLIB_ defined that indicates that
the KHMEXP should expand to __declspec(dllexport).  In the absence of
this macro, KHMEXP will expand to __declspec(dllimport).

ticket: 5584
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19776 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19534 from trunk

r19534@cathode-dark-space: kpkoch | 2007-04-26 09:02:32 -0400
Ticket: new
Subject: Look for unix find command in multiple places
Target_Version: 1.6.1
Not tagged yet in case it should not go in 3.2.

Look for the unix find command in a list of directories instead of in only one place. This way Jeff can install cygwin in c:\tools\cygwin and Ken can have it in C:\cygwin. The two places in the list are for those two possibilities. c:\cygwin\bin and c:\tools\cygwin\bin.

Move some prints below where logging starts, so the messages will be in the log.

ticket: 5548
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19775 dc483132-0cff-0310-8789-dd5450dbe970

set svn:eol-style native

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19774 dc483132-0cff-0310-8789-dd5450dbe970

revert previous

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19773 dc483132-0cff-0310-8789-dd5450dbe970

fix svn:eol-style

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19772 dc483132-0cff-0310-8789-dd5450dbe970

back-port r19748 from trunk

Based on Apple's patch, during the referrals loop, check to see if the
session key enctype of a returned credential for the final service is
among the enctypes explicitly selected by the application, and retry
with old_use_conf_ktypes if it is not.

ticket: 4950
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19751 dc483132-0cff-0310-8789-dd5450dbe970

back-port r19749 from trunk

If mkstemp() is available, the new ccache file gets created but the
subsequent open(O_CREAT|O_EXCL) call fails because the file was
already created by mkstemp(). Apply patch from Apple to keep the file
descriptor open.

ticket: 5624
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19750 dc483132-0cff-0310-8789-dd5450dbe970

[Usability] Tell the code that the watermark (large NIM icon in lower right corner) is never on the display

Ticket: 5609
Tags: pullup
Target_Version: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19744 dc483132-0cff-0310-8789-dd5450dbe970

krb5-1.6.2-postrelease

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19681 dc483132-0cff-0310-8789-dd5450dbe970

README and patchlevel.h for krb5-1.6.2

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19679 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19637 from trunk

r19637@cathode-dark-space: tlyu | 2007-06-26 14:08:35 -0400
ticket: new
target_version: 1.6.2
tags: pullup
subject: fix MITKRB5-SA-2007-005 [CVE-2007-2798/VU#554257]

Truncate the principal names when logging a rename operation to avoid
a stack buffer overflow.

ticket: 5586
version_fixed: 1.6.2

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19639 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19636 from trunk

r19636@cathode-dark-space:  tlyu | 2007-06-26 14:08:20 -0400
ticket: new
target_version: 1.6.2
tags: pullup
subject: fix MITKRB5-SA-2007-004 [CVE-2007-2442/VU#356961, CVE-2007-2443/VU#365313]

CVE-2007-2442/VU#356961: The RPC library can free an uninitialized
pointer.  This may lead to execution of arbitrary code.

CVE-2007-2443/VU#365313: The RPC library can write past the end of a
stack buffer.  This may (but is unlikely to) lead to execution of
arbitrary code.

ticket: 5585
version_fixed: 1.6.2

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19638 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19536 from trunk

r19536@cathode-dark-space: hartmans | 2007-04-29 17:55:04 -0400
ticket: new
subject: rd_req_decoded needs to deal with referral realms
Target_Version: 1.6.2
Tags: pullup

* Fix handling of null realm in krb5_rd_req_decoded; now we treat a
null realm as a default realm there, as we do in the keytab code.

ticket: 5551
version_fixed: 1.6.2

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19598 dc483132-0cff-0310-8789-dd5450dbe970

pull up r18817 as prereq for r19536

r18817@cathode-dark-space: raeburn | 2006-11-15 20:20:47 -0500
* rd_req_dec.c: Whitespace changes in function headers.
(krb5_rd_req_decoded_opt): Include more info in error text for AP_WRONG_PRINC
and NOPERM_ETYPE errors.

ticket: 5551

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19597 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19582 from trunk

r19582@cathode-dark-space: tlyu | 2007-06-18 17:07:37 -0400
ticket: new
subject: krb5_walk_realm_tree leaks in capaths case
target_version: 1.6.2
tags: pullup

Markus Moeller reports a leak in krb5_get_credentials() which was then
traced down to profile strings leaking from within
krb5_walk_realm_tree(). A pointer to a profile string was getting
overwritten without the string being freed when *cap_nodes[0] == '.'.
Fix is to free the string prior to overwriting the pointer if the
pointer is non-null.

ticket: 5579
version_fixed: 1.6.2

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19593 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19572 from trunk

r19572@cathode-dark-space: jaltman | 2007-06-11 18:14:56 -0400
ticket: 5573
tags: pullup

This patch adds src/include/krb5/krb5.h to the MSI installer SDK component.
(Thanks to Asanka Herath for the patch.)

ticket: 5573
version_fixed: 1.6.2

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19592 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19541 from trunk

r19541@cathode-dark-space: jaltman | 2007-05-03 18:57:05 -0400
ticket: new
subject: Modify WIX installer to better support upgrading betas
component: windows
tags: pullup

The WIX installers did not upgrade previous installations with the same
version number as the current package being installed. This would leave
multiple installations of KFW x.y.z registered as being installed on the
machine even though only the most recent install is being used.

This commit instructs the Windows Installer to uninstall previous installations
with the same version number (the Maximum Upgrade version) as the package
that is being installed while ensuring that the package being installed
will not be uninstalled if the installation is being modified or repaired.

ticket: 5554
version_fixed: 1.6.2

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19591 dc483132-0cff-0310-8789-dd5450dbe970

back to krb5-1.6.1-postrelease

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19590 dc483132-0cff-0310-8789-dd5450dbe970

patchlevel and winlevel for kfw-3.2.0

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19539 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19537 from trunk

r19537@cathode-dark-space:  jaltman | 2007-05-01 21:31:50 -0400
ticket: 5552
tags: pullup

   k5-int.h, gic_opt.c

   The krb5_get_init_creds_password() and krb5_get_init_creds_keytab()
   functions permit the gic_opts parameter to be NULL.   This is not
   taken into account when testing the value with the macros
   krb5_gic_opt_is_extended() and krb5_gic_opt_is_shadowed().
   Nor is it taken into account within krb5int_gic_opte_copy() which
   is called by krb5int_gic_opt_to_opte() when the input parameter is
   not a krb5_gic_opt_ext structure.

   This commit makes two changes:

   (1) it modifies the macros to ensure that the value is non-NULL
       before evaluation.

   (2) it modifies krb5int_gic_opte_copy() to avoid copying the
       original values with memcpy() when the input is NULL.

   In addition, the code was audited to ensure that the flag
   KRB5_GET_INIT_CREDS_OPT_SHADOWED is properly set and that when
   it is set, that the allocated krb5_gic_opt_ext structure is
   freed by krb5_get_init_creds_password() and
   krb5_get_init_creds_keytab().

ticket: 5552
version_fixed: 1.6.2

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19538 dc483132-0cff-0310-8789-dd5450dbe970

back to krb5-1.6.1-postrelease

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19533 dc483132-0cff-0310-8789-dd5450dbe970

patchlevel and winlevel for kfw-3.2.0-beta3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19531 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19529 from trunk

r19529@cathode-dark-space:  jaltman | 2007-04-25 18:55:58 -0400
ticket: new
subject: profile stores empty string values without double quotes
tags: pullup

         prof_parse.c (need_double_quotes):
         The profile library will happily read in right hand values
         that represent the empty string by parsing "".  However,
         when storing the same empty string back to a file, the
         empty string is written without the double quotes.

         This means that

                 [section] foo = ""

         becomes

                 [section] foo =

         which is invalid input.  A subsequent attempt to parse the
         profile will result in an invalid input error.

         KFW and KFM's realm editors can inadvertently produce an
         invalid krb5 profile if one of the ignored sections of the
         input profile contains a right hand value that is "".

         This patch was produced by Asanka Herath and it was reviewed
         by jaltman and lxs.

ticket: 5547
version_fixed: 1.6.2

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19530 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19526 from trunk

r19526@cathode-dark-space:  tlyu | 2007-04-25 17:19:07 -0400
ticket: new
target_version: 1.6.2
tags: pullup
subject: race condition in referrals fallback

* src/lib/krb5/krb/gc_frm_kdc.c (krb5_get_cred_from_kdc_opt):
During referrals fallback, set *tgts to NULL after freeing.  This
avoids returning a pointer to freed memory when the first call to
do_traversal() obtains some TGTs and the subsequent
krb5_cc_retrieve_cred() of the final-hop TGT succeeds (due to some
other thread or process storing that TGT into the ccache), causing
second do_traversal() call (which would re-initialize *tgts) to
not execute.  Race condition found during KfW-3.2 testing.

ticket: 5546
version_fixed: 1.6.2

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19528 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19520 from trunk

r19520@cathode-dark-space:  raeburn | 2007-04-22 20:30:40 -0400
ticket: new
subject: remove debugging code accidentally left in ftp/cmds.c

Debugging code I added months ago in ftp/cmds.c and forgot to remove
has apparently escaped notice until now.  Markus Moeller reports
seeing a bunch of "cmds.c: at line (number)" lines printed when he
connects to a server.

This patch removes those lines.  A couple other debugging statements
that test for the debug flag being set on the command line are left
in.

ticket: 5541
version_fixed: 1.6.2

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19527 dc483132-0cff-0310-8789-dd5450dbe970

back to krb5-1.6.1-postrelease

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19525 dc483132-0cff-0310-8789-dd5450dbe970

fix typo

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19523 dc483132-0cff-0310-8789-dd5450dbe970

patchlevel and winlevel for kfw-3.2.0-beta2

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19522 dc483132-0cff-0310-8789-dd5450dbe970

krb5-1.6.1-postrelease

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19518 dc483132-0cff-0310-8789-dd5450dbe970

README and patchlevel.h for krb5-1.6.1

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19516 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19513 from trunk

r19513@cathode-dark-space: kpkoch | 2007-04-20 16:41:42 -0400
Ticket: new
Tags: Pullup
Target_Version: 1.6.1

Add /REPOSITORY EXPORT option.

Adjust abbreviations: /svntag is now 't' so /src can be 's' so /repository can have the abbreviation 'r.'

Process /NOLOG.

Write out ignored command line options as ones being passed to NMAKE (via build.pl).

Generate GetOptions argument from the <Config> section of the config.xml file.

ticket: 5539
version_fixed: 1.6.1

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19515 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19509 from trunk

r19509@cathode-dark-space: kpkoch | 2007-04-19 16:04:08 -0400
Ticket: new

Modify Unix find test to only check the current directory for the non-existent a.tmp.

When the pismere area is under the script area (as in Jeff's setup on afs), the find test slogs through 100MB of files and occasionally finds an a.tmp.

This correct the erroneous 'unix find not found' errors and improves performance noticeably when using afs.

ticket: 5537
version_fixed: 1.6.1

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19514 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19507 from trunk

r19507@cathode-dark-space: kpkoch | 2007-04-19 14:03:16 -0400
Target_Version: 1.6.1
Ticket: 5521
Tags: pullup

Rollback previous change. This version is the same as R19472.

ticket: 5521

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19508 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19458 from trunk

r19458@cathode-dark-space:  jaltman | 2007-04-13 03:21:25 -0400
ticket: 5527

      sdkfiles.xml - add msi-deployment-guide.txt

      copyfiles.xml - add msi-deployment-guide.txt
         and do not copy netiddev.chm twice

ticket: 5527
version_fixed: 1.6.1

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19506 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19454 from trunk

r19454@cathode-dark-space: jaltman | 2007-04-13 01:20:43 -0400
ticket: new
subject: kfw build - include netidmgr_userdoc.pdf in zip file
component: windows
tags: pullup

Include netidmgr_userdoc.pdf in zip file. The leash_userdoc.pdf
should be pulled from the zip when leash32.exe is removed.

ticket: 5527

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19505 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19489 from trunk

r19489@cathode-dark-space: kpkoch | 2007-04-17 23:00:49 -0400
Target_Version: 1.6.1
Ticket: 5521
Tags: pullup

Factor repository access out of bkw.pl into repository1.pl.

Modify bkw.pl to use an initial config file to fetch the sources and then use the config file from those sources to do the build. This way, the description of how to build the sources is in the config file that is part of the sources. It is possible and probably reasonable for the initial config file to be the same as the tagged version. Output all the options used.

Add bootstrap.xml - a sample minimal config file, sufficient to fetch the sources from a repository.

ticket: 5521
version_fixed: 1.6.1

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19504 dc483132-0cff-0310-8789-dd5450dbe970

pull up r19472 from trunk

r19472@cathode-dark-space: kpkoch | 2007-04-14 14:06:26 -0400
Target_Version: 1.6.1
Ticket: 5521
Tags: pullup

Leave built installers in their temp areas and change final copy step to copy them into <out> from their new location. Delay cleaning up the temp areas until after that copy.

ticket: 5521

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19503 dc483132-0cff-0310-8789-dd5450dbe970