krb5.git
16 years agopull up r20557 from trunk
Tom Yu [Mon, 21 Jul 2008 22:59:15 +0000 (22:59 +0000)]
pull up r20557 from trunk

 r20557@cathode-dark-space:  jaltman | 2008-07-21 16:30:44 -0400
 ticket: 5839
 tags: pullup

 krb5_string_to_keysalts()
   Fix an infinite loop in the parsing of 'kp'

ticket: 5839
status: resolved
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20563 dc483132-0cff-0310-8789-dd5450dbe970

16 years agopull up r20555 from trunk
Tom Yu [Mon, 21 Jul 2008 22:59:01 +0000 (22:59 +0000)]
pull up r20555 from trunk

 r20555@cathode-dark-space:  jaltman | 2008-07-21 15:43:21 -0400
 ticket: 5895
 tags: pullup

 There are two mutex locking issues that Roland Dowdeswell noticed in
 the memory ccache.  The first one is in cc_memory.c:krb5_mcc_initialize().
 When it is free(3)ing the existing credentials it does not lock the
 data structures and hence two separate threads can run into issues.

 The same problem exists in cc_memory.c:krb5_mcc_destroy().

ticket: 5895
status: resolved
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20562 dc483132-0cff-0310-8789-dd5450dbe970

16 years agopull up r20527 from trunk
Tom Yu [Mon, 21 Jul 2008 16:08:33 +0000 (16:08 +0000)]
pull up r20527 from trunk

 r20527@cathode-dark-space:  tlyu | 2008-07-15 17:43:35 -0400
 ticket: new
 subject: krb5_get_cred_via_tkt() should null out_cred on errors
 tags: pullup
 target_version: 1.6.4
 component: krb5-libs

 Helper function krb5_kdcrep2creds(), called from
 krb5_get_cred_via_tkt(), should null its output pointer after freeing
 allocated memory, to avoid returning an invalid pointer.

ticket: 6033
status: resolved
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20550 dc483132-0cff-0310-8789-dd5450dbe970

16 years agopull up r20532 from trunk
Tom Yu [Mon, 21 Jul 2008 16:08:19 +0000 (16:08 +0000)]
pull up r20532 from trunk

 r20532@cathode-dark-space:  tlyu | 2008-07-17 11:44:43 -0400
 ticket: 6030
 tags: pullup
 target_version: 1.6.4

 Apply patch from Mark Phalan to correctly use progname instead of
 argv[0].

ticket: 6030
status: resolved
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20549 dc483132-0cff-0310-8789-dd5450dbe970

16 years agopull up r20531 from trunk
Tom Yu [Mon, 21 Jul 2008 16:08:05 +0000 (16:08 +0000)]
pull up r20531 from trunk

 r20531@cathode-dark-space:  tlyu | 2008-07-16 19:01:54 -0400
 ticket: 6028
 target_version: 1.6.4
 tags: pullup

 Apply patch from Mark Phalan to initialize progname before use.

ticket: 6028
status: resolved
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20548 dc483132-0cff-0310-8789-dd5450dbe970

16 years agopull up r20536 from trunk
Tom Yu [Mon, 21 Jul 2008 16:07:46 +0000 (16:07 +0000)]
pull up r20536 from trunk

 r20536@cathode-dark-space:  tlyu | 2008-07-17 19:40:32 -0400
 ticket: 6018
 target_version: 1.6.4
 tags: pullup

 In krb5_rc_io_creat(), unlink any existing rcache file before trying
 to create a new rcache.  This allows better recovery from corrupt
 rcache files.

ticket: 6018
status: resolved
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20547 dc483132-0cff-0310-8789-dd5450dbe970

16 years agopull up r20503 from trunk
Tom Yu [Mon, 14 Jul 2008 23:23:12 +0000 (23:23 +0000)]
pull up r20503 from trunk

 r20503@cathode-dark-space:  tlyu | 2008-07-09 15:54:56 -0400
 ticket: new
 tags: pullup
 component: krb5-libs
 subject: add copyright to lib/crypto/enc_provider/aes.c
 target_version: 1.6.4

 lib/crypto/enc_provider/aes.c was missing a copyright statement.
 Added.

ticket: 6022
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20524 dc483132-0cff-0310-8789-dd5450dbe970

16 years agopull up r20480 from trunk
Tom Yu [Mon, 14 Jul 2008 22:13:19 +0000 (22:13 +0000)]
pull up r20480 from trunk

 r20480@cathode-dark-space:  raeburn | 2008-06-26 21:26:08 -0400
 ticket: new
 subject: fix free of automatic storage
 target_version: 1.6.4
 tags: pullup

 Fix a possible free of automatic storage that can happen on an
 (unlikely) encoding failure.

ticket: 5996
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20523 dc483132-0cff-0310-8789-dd5450dbe970

16 years agopull up r20477 from trunk
Tom Yu [Mon, 14 Jul 2008 22:12:54 +0000 (22:12 +0000)]
pull up r20477 from trunk

 r20477@cathode-dark-space:  raeburn | 2008-06-26 20:20:33 -0400
 ticket: new
 target_version: 1.6.4

 Fix possible null pointer deref, possible uninit ptr use, possible
 leak in unlikely small-allocation failure case.

ticket: 5994
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20522 dc483132-0cff-0310-8789-dd5450dbe970

16 years agopull up r20304 from trunk
Tom Yu [Mon, 14 Jul 2008 22:12:38 +0000 (22:12 +0000)]
pull up r20304 from trunk

 r20304@cathode-dark-space:  raeburn | 2008-04-18 15:31:47 -0400
 ticket: new
 subject: fix possible buffer overrun in handling generic-error return
 target_version: 1.6.5
 tags: pullup

 Jeff Altman reported this, based on a crash seen in KfW in the wild.

 The krb5_data handle used to describe the message field returned by the KDC is
 not null-terminated, but we use a "%s" format to incorporate it into an error
 message string.  In the right circumstances, garbage bytes can be pulled into
 the string, or a memory fault may result.

 However, as this is in the error-reporting part of the client-side code for
 fetching new credentials, it's a relatively minor DoS attack only, not a
 serious security exposure.  Should be fixed in the next releases, though.

ticket: 5944
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20521 dc483132-0cff-0310-8789-dd5450dbe970

16 years agopull up r20296 from trunk
Tom Yu [Mon, 14 Jul 2008 22:12:21 +0000 (22:12 +0000)]
pull up r20296 from trunk

 r20296@cathode-dark-space:  raeburn | 2008-03-28 21:09:00 -0400
 ticket: new
 subject: Coverity CID 101: Fix minor bounds check error.
 target_version: 1.6.4
 tags: pullup

 Coverity CID 101: Fix minor bounds check error.

ticket: 5933
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20520 dc483132-0cff-0310-8789-dd5450dbe970

16 years agopull up r20413 from trunk
Tom Yu [Mon, 14 Jul 2008 22:12:05 +0000 (22:12 +0000)]
pull up r20413 from trunk

 r20413@cathode-dark-space:  jaltman | 2008-06-18 15:36:49 -0400
 ticket: 5924
 tags: pullup

 This patch is derived from a patch originally submitted to RT
 by: Nik Conwell <nik@bu.edu>

 krb5_set_real_time() accepts as input the time of the KDC
 or an application server as a combination of seconds and
 microseconds.  Often it is the case that the time source
 does not provide the real time with less than one second
 granularity.  Up until this patch such a caller would fill
 in the microseconds parameter as zero.   krb5_set_real_time()
 would treat the zero microseconds as the actual reported
 time and compute a microsecond based offset.

 During a one second window subsequent calls to
 krb5_set_real_time() would have an ever increasing offset
 size until the number of seconds is incremented.  This
 in turn produces a side effect in which the microseconds
 value of the local clock is effectively erased.

 If there are multiple processes or threads on the same
 machine each requesting service tickets using the same
 client principal for the same service principal where
 the number of seconds reported by the KDC are equivalent,
 then they will now all create authenticators with
 exactly the same timestamp.  As a result, the authenticating
 service will detect a replay attack even though the
 authenticators are actually unique.  The replay cache
 only maintains a tuple of client, server and timestamp.

 This patch modifies the interpretation of the microseconds
 parameter.  If -1 is specified, the microseconds offset is
 ignored.

ticket: 5924
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20519 dc483132-0cff-0310-8789-dd5450dbe970

16 years agopull up r20509 from trunk
Tom Yu [Mon, 14 Jul 2008 22:11:49 +0000 (22:11 +0000)]
pull up r20509 from trunk

 r20509@cathode-dark-space:  tlyu | 2008-07-09 22:04:03 -0400
 ticket: 5632

 Apply patch from Apple to handle missing krb5.conf for zeroconf
 situations.

ticket: 5632
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20518 dc483132-0cff-0310-8789-dd5450dbe970

16 years agopull up r20311 from trunk
Tom Yu [Mon, 14 Jul 2008 22:11:33 +0000 (22:11 +0000)]
pull up r20311 from trunk

 r20311@cathode-dark-space:  rra | 2008-04-28 19:05:27 -0400
 Ticket: new
 Subject: Properly escape - in kdb5_ldap_util man page
 Component: krb5-doc
 Version_Reported: 1.6.3
 Target_Version: 1.6.4
 Tags: pullup

 The LDAP plugin introduced a new man page which has unescaped hyphens.
 Unicode-aware groffs may convert those to real hyphens rather than
 the intended ASCII hyphen.  This patch adds backslashes in front of
 all the bare hyphens that I plus Debian's lintian program could find
 to force interpretation as ASCII hyphens.

ticket: 5953
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20517 dc483132-0cff-0310-8789-dd5450dbe970

16 years agopull up r20316 from trunk
Tom Yu [Mon, 14 Jul 2008 22:11:11 +0000 (22:11 +0000)]
pull up r20316 from trunk

 r20316@cathode-dark-space:  rra | 2008-05-10 23:54:41 -0400
 Ticket: 5544
 Tags: pullup

 Fix a typo in krb5.conf: ldap_server should be ldap_servers, as the
 latter is what the LDAP KDB plugin looks for.

ticket: 5544
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20516 dc483132-0cff-0310-8789-dd5450dbe970

16 years agokrb5-1.6.4-beta1-postrelease
Tom Yu [Sat, 22 Mar 2008 01:30:31 +0000 (01:30 +0000)]
krb5-1.6.4-beta1-postrelease

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20288 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoREADME and patchlevel for krb5-1.6.4-beta1
Tom Yu [Sat, 22 Mar 2008 01:12:24 +0000 (01:12 +0000)]
README and patchlevel for krb5-1.6.4-beta1

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20286 dc483132-0cff-0310-8789-dd5450dbe970

16 years agoApply patch for MITKRB5-SA-2008-001
Tom Yu [Wed, 19 Mar 2008 23:03:59 +0000 (23:03 +0000)]
Apply patch for MITKRB5-SA-2008-001

ticket: 5919
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20283 dc483132-0cff-0310-8789-dd5450dbe970

16 years agopull up r20278 from trunk
Tom Yu [Wed, 19 Mar 2008 18:38:34 +0000 (18:38 +0000)]
pull up r20278 from trunk

 r20278@cathode-dark-space:  raeburn | 2008-03-18 14:55:26 -0400
 ticket: new
 subject: MITKRB5-SA-2008-002
 target_version: 1.6.4
 tags: pullup

 Fix MITKRB5-SA-2008-002: array overrun in libgssrpc.

 Don't update the internally-tracked maximum file descriptor value if
 the new one is FD_SETSIZE (or NOFILE) or above.  Reject TCP file
 descriptors of FD_SETSIZE (NOFILE) or above.

ticket: 5918
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20282 dc483132-0cff-0310-8789-dd5450dbe970

16 years agopull up r20254 from trunk
Tom Yu [Fri, 7 Mar 2008 20:43:42 +0000 (20:43 +0000)]
pull up r20254 from trunk

 r20254@cathode-dark-space:  jander | 2008-03-04 15:27:19 -0500
 ticket: 5897
 tags: pullup

 Fix memory leak by delaying instantiation of lid until it's needed.

ticket: 5897
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20258 dc483132-0cff-0310-8789-dd5450dbe970

16 years agopull up r20243 from trunk
Tom Yu [Fri, 7 Mar 2008 20:43:26 +0000 (20:43 +0000)]
pull up r20243 from trunk

 r20243@cathode-dark-space:  tlyu | 2008-02-29 00:23:56 -0500
 ticket: 5893
 tags: pullup
 target_version: 1.6.4

 Make a NUL-terminated copy of realm name before passing to a plugin
 interface that takes a C string rather than krb5_data.

ticket: 5893
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20257 dc483132-0cff-0310-8789-dd5450dbe970

16 years agopull up r20228 from trunk
Tom Yu [Sat, 23 Feb 2008 02:10:59 +0000 (02:10 +0000)]
pull up r20228 from trunk

 r20228@cathode-dark-space:  rra | 2008-02-18 23:49:11 -0500
 ticket: new
 subject: man page macro and hyphen fixes
 component: krb5-doc
 Version_Reported: 1.6.3
 Target_Version: 1.6.4
 Tags: pullup

 Fix various unescaped hyphens, lines starting with . that shouldn't be
 macros, undefined strings, and misspelled macros in the man pages.
 Found via man --warnings on a current Debian unstable system.

ticket: 5892
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20237 dc483132-0cff-0310-8789-dd5450dbe970

16 years agopull up r20213 from trunk
Tom Yu [Sat, 23 Feb 2008 02:10:40 +0000 (02:10 +0000)]
pull up r20213 from trunk

 r20213@cathode-dark-space:  kpkoch | 2008-01-31 10:51:18 -0500
 TargetVersion: 1.7
 Component: windows
 Ticket: new
 Subj: Build automation
 Tags:  pullup

 Actually pass the nmake arguments to nmake.

ticket: 5879
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20236 dc483132-0cff-0310-8789-dd5450dbe970

16 years agopull up r20222 from trunk
Tom Yu [Tue, 19 Feb 2008 18:29:15 +0000 (18:29 +0000)]
pull up r20222 from trunk

 r20222@cathode-dark-space:  tlyu | 2008-02-07 02:07:06 -0500
 ticket: new
 target_version: 1.6.4
 tags: pullup
 subject: more tests for libdb btree page split on zero index
 component: krb5-kdc

 Enhance btree debugging output somewhat to limit key printout to the
 key length if the key is not null-terminated.

 Add additional test case for the zero-index page split bug; test case
 can create a corrupted btree database with records unreachable by
 random access but reachable by sequential access.  Requires
 recompiling with CPPFLAGS='-DDEBUG -DDEBUG_IDX0SPLIT' to correctly
 model mpool page reuse that would be present in production conditions.
 (CPPFLAGS=-DDEBUG would otherwise explicitly overwrite the contents of
 reused pages.)

ticket: 5888
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20233 dc483132-0cff-0310-8789-dd5450dbe970

16 years agopull up r20211 from trunk
Tom Yu [Tue, 19 Feb 2008 18:28:59 +0000 (18:28 +0000)]
pull up r20211 from trunk

 r20211@cathode-dark-space:  jaltman | 2008-01-23 17:10:56 -0500
 ticket: new
 subject: Windows: avoid use of cygwin mkdir and rmdir commands
 tags: pullup

 Microsoft's nmake versions 8.x and 9.x prefer executables over
 internal shell commands.  This is a change from previous versions.
 Cygwin's mkdir and rmdir commands do not have the same semantics
 as the cmd.exe shell versions.

 Change the definitions of MKDIR and RMDIR to use 'md' and 'rd'
 in order to avoid the use of the cygwin versions.

ticket: 5875
target_version: 1.6.4
version_fixed: 1.6.4
component: windows

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20232 dc483132-0cff-0310-8789-dd5450dbe970

16 years agopull up r20214 from trunk
Tom Yu [Fri, 1 Feb 2008 01:23:12 +0000 (01:23 +0000)]
pull up r20214 from trunk

 r20214@cathode-dark-space:  tlyu | 2008-01-31 20:03:11 -0500
 ticket: new
 target_version: 1.6.4
 tags: pullup
 subject: libdb btree page split on zero index corrupts db
 component: krb5-kdc

 Splitting a btree page on index 0 can corrupt the database if the key
 length plus data length is exactly a certain value.  This certain size
 causes the item to get the left page to itself, and causes the right
 page to contain an erroneous additional index "hole" having an
 uninitialized value.  This bug may be one of the remaining causes of
 unexplained database corruption reported over the years.  Shawn Emery
 provided useful data from actual instances of this corruption.

 Add a test case for this bug.  (Raw libdb test rather than kdb; the
 latter would be much harder.)

ticket: 5880
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20215 dc483132-0cff-0310-8789-dd5450dbe970

16 years agopull up r20176 from trunk
Tom Yu [Wed, 2 Jan 2008 23:49:06 +0000 (23:49 +0000)]
pull up r20176 from trunk

 r20176@cathode-dark-space:  jaltman | 2007-12-12 17:32:19 -0500
 ticket: new
 subject: KFW: BUG: KRB5CRED: Set identity data before sending notification
 component: windows
 tags: pullup

 Call tc_set_ident_data() before kcdb_credset_collect().  Make sure the
 identity data is set before the credentials change notification is broadcast.

ticket: 5858
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20199 dc483132-0cff-0310-8789-dd5450dbe970

16 years agopull up r20175 from trunk
Tom Yu [Wed, 2 Jan 2008 23:48:54 +0000 (23:48 +0000)]
pull up r20175 from trunk

 r20175@cathode-dark-space:  coffman | 2007-12-12 09:10:33 -0500
 ticket: new
 subject: copy correct key for lucid context acceptor_subkey
 component: krb5-libs
 Tags: pullup

 Copy the correct key (acceptor_subkey) to lucid context's acceptor_subkey.

ticket: 5852
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20198 dc483132-0cff-0310-8789-dd5450dbe970

16 years agopull up r20174 from trunk
Tom Yu [Wed, 2 Jan 2008 23:48:36 +0000 (23:48 +0000)]
pull up r20174 from trunk

 r20174@cathode-dark-space:  jaltman | 2007-12-11 22:45:42 -0500
 ticket: new
 subject: KFW BUG: WIX: 64-bit installer attempts to uninstall 32-bit NSIS
 component: windows
 tags: pullup

 The 64-bit MSI must examine Win64 registry keys and not the 32-bit registry
 keys which is where the 32-bit NSIS installation will be detected.

ticket: 5851
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20197 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20179 from trunk
Tom Yu [Sat, 15 Dec 2007 01:23:08 +0000 (01:23 +0000)]
pull up r20179 from trunk

 r20179@cathode-dark-space:  tlyu | 2007-12-13 23:38:42 -0500
 ticket: 5857
 target_version: 1.6.4
 tags: pullup

 fix CVE-2007-5972: double fclose() in krb5_def_store_mkey()

ticket: 5857
version_fied: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20187 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20180 from trunk
Tom Yu [Sat, 15 Dec 2007 01:22:56 +0000 (01:22 +0000)]
pull up r20180 from trunk

 r20180@cathode-dark-space:  tlyu | 2007-12-14 00:01:07 -0500
 ticket: 5856
 target_version: 1.6.4
 tags: pullup

 fix CVE-2007-5971: double-free in gss_krb5int_make_seal_token_v3()

ticket: 5856
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20186 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20181 from trunk
Tom Yu [Sat, 15 Dec 2007 01:22:44 +0000 (01:22 +0000)]
pull up r20181 from trunk

 r20181@cathode-dark-space:  tlyu | 2007-12-14 00:01:23 -0500
 ticket: 5855
 target_version: 1.6.4
 tags: pullup

 fix CVE-2007-5902: integer overflow in svcauth_gss_get_principal()

ticket: 5855
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20185 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20178 from trunk
Tom Yu [Sat, 15 Dec 2007 01:22:32 +0000 (01:22 +0000)]
pull up r20178 from trunk

 r20178@cathode-dark-space:  tlyu | 2007-12-13 23:38:28 -0500
 ticket: 5856
 tags: pullup
 target_version: 1.6.4

 fix CVE-2007-5971: free of non-heap pointer in gss_indicate_mechs()

ticket: 5854
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20184 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20182 from trunk
Tom Yu [Sat, 15 Dec 2007 01:22:17 +0000 (01:22 +0000)]
pull up r20182 from trunk

 r20182@cathode-dark-space:  tlyu | 2007-12-14 00:14:11 -0500
 ticket: 5853
 target_version: 1.6.4
 tags: pullup

 fix CVE-2007-5894: apparent uninit length in ftpd.c:reply()

ticket: 5853
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20183 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20164 from trunk
Tom Yu [Thu, 29 Nov 2007 00:59:23 +0000 (00:59 +0000)]
pull up r20164 from trunk

 r20164@cathode-dark-space:  jaltman | 2007-11-14 17:34:53 -0500
 ticket: 5842

 The khm_show_main_window() function is no longer called
 at startup with khm_nCmdShow == SW_SHOWMINIMIZED in order to
 hide the main application by calling khm_hide_main_window().
 Instead, the main application window is simply never shown.

 As a result, khm_show_main_window() needs to respond to
 khm_nCmdShow == SW_SHOWMINIMIZED not by hiding the window
 but by changing the khm_nCmdShow state to SW_SHOW and then
 calling ShowWindow().

 This change will address the problem whereby "Show NIM Window"
 had to be triggered twice by the user when the process
 was started in a minimized state.

ticket: 5842
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20172 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20111 from trunk
Tom Yu [Thu, 29 Nov 2007 00:53:32 +0000 (00:53 +0000)]
pull up r20111 from trunk

 r20111@cathode-dark-space:  raeburn | 2007-10-10 14:27:37 -0400
 ticket: 5777

 Add enhanced error messages to new error return cases, explaining the
 (fairly generic) errors codes.

ticket: 5777
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20171 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20109 from trunk
Tom Yu [Thu, 29 Nov 2007 00:53:20 +0000 (00:53 +0000)]
pull up r20109 from trunk

 r20109@cathode-dark-space:  raeburn | 2007-10-09 00:03:59 -0400
 ticket: 5777

 kt_file.c: Support multiple iterators active simultaneously, using a
 counter.  In get_entry, if the file was already open, rewind it to
 just after the version number, and don't close it when done.  Don't
 allow add or remove calls if any iterator is active.

 t_keytab.c: Test mixing two iterators with get_entry calls.

ticket: 5777

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20170 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r19961 from trunk
Tom Yu [Thu, 29 Nov 2007 00:53:03 +0000 (00:53 +0000)]
pull up r19961 from trunk

 r19961@cathode-dark-space:  tlyu | 2007-09-18 22:54:56 -0400
 ticket: 5752
 target_version: 1.6.4
 tags: pullup

 Ignore dependency lines beginning with '#' to deal with gcc
 -fworking-directory output during make depend.

ticket: 5752
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20169 dc483132-0cff-0310-8789-dd5450dbe970

17 years agoDelete AC_CHECK_FUNCS invocation having empty argument. Discovered by
Tom Yu [Tue, 23 Oct 2007 22:28:13 +0000 (22:28 +0000)]
Delete AC_CHECK_FUNCS invocation having empty argument.  Discovered by
Jeff Blaine.

ticket: 5830
version_fixed: 1.6.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20146 dc483132-0cff-0310-8789-dd5450dbe970

17 years agokrb5-1.6.3-postrelease
Tom Yu [Mon, 22 Oct 2007 03:51:26 +0000 (03:51 +0000)]
krb5-1.6.3-postrelease

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20141 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopatchlevel and winlevel for kfw-3.2.2 final
Tom Yu [Mon, 22 Oct 2007 03:43:54 +0000 (03:43 +0000)]
patchlevel and winlevel for kfw-3.2.2 final

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20139 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopatchlevel.h for krb5-1.6.3
Tom Yu [Mon, 22 Oct 2007 03:24:12 +0000 (03:24 +0000)]
patchlevel.h for krb5-1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20137 dc483132-0cff-0310-8789-dd5450dbe970

17 years agoupdate README
Tom Yu [Fri, 19 Oct 2007 23:28:21 +0000 (23:28 +0000)]
update README

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20131 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20128 from trunk
Tom Yu [Fri, 19 Oct 2007 20:51:43 +0000 (20:51 +0000)]
pull up r20128 from trunk

 r20128@cathode-dark-space:  jaltman | 2007-10-18 11:22:43 -0400
 ticket: new
 subject: KFW: BUG: WIX: Beta value hard coded
 component: windows
 tags: pullup
 target: 1.6.3

 The beta variable value was inadvertantly committed as part of
 ticket 5820 (Revision 20117).  The build script needs to
 export this value when appropriate.

ticket: 5823
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20130 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r19881 from trunk
Tom Yu [Fri, 19 Oct 2007 20:51:27 +0000 (20:51 +0000)]
pull up r19881 from trunk

 r19881@cathode-dark-space:  jaltman | 2007-08-27 03:08:24 -0400
 ticket: new
 subject: Windows 64-bit - avoid missing symbol errors
 component: windows

 Microsoft defaults stack checking (/Gs) to on.  This requires
 that bufferoverflowU.lib be included in the link step.  The
 macro SCLIB in the build system specifies this library on
 versions of Windows that require it.  Include SCLIB on the
 link line of the makefile.

ticket: 5692
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20129 dc483132-0cff-0310-8789-dd5450dbe970

17 years agoback to krb5-1.6.3-beta2-postrelease
Tom Yu [Tue, 16 Oct 2007 19:59:01 +0000 (19:59 +0000)]
back to krb5-1.6.3-beta2-postrelease

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20125 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopatchlevel and readme for kfw-3.2.2-beta2
Tom Yu [Tue, 16 Oct 2007 19:54:02 +0000 (19:54 +0000)]
patchlevel and readme for kfw-3.2.2-beta2

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20123 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20119 from trunk
Tom Yu [Mon, 15 Oct 2007 22:07:39 +0000 (22:07 +0000)]
pull up r20119 from trunk

 r20119@cathode-dark-space:  jaltman | 2007-10-12 19:08:30 -0400
 ticket: 5820

 There appears to be a bug either in the WiX engine or the Windows Installer 3.1.
 The "File" type on the Registry Search property is supposed to provide the full
 path name.  Instead, we are being given just the directory as if it were being
 processed with the "Directory" type.

 We can avoid this for a REG_SZ value by using the "Raw" type because we are
 sure that the string is not going to begin with a '#' character.

 Because the full path was not being obtained for the UPGRADENSIS property, the
 Uninstall routine was unable to CreateProcess() the uninstall program.

 This commit also includes addition debugging in the NSIS Uninstall custom
 handler to report the path and the GetLastError() value when the uninstall
 fails.  This will be logged in the msiexec log file and displayed in a
 MessageBox.

ticket: 5820
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20122 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20118 from trunk
Tom Yu [Mon, 15 Oct 2007 22:07:25 +0000 (22:07 +0000)]
pull up r20118 from trunk

 r20118@cathode-dark-space:  jaltman | 2007-10-12 15:18:04 -0400
 ticket: 5820

 Set the Shortcut string to match the base product name

ticket: 5820

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20121 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20117 from trunk
Tom Yu [Mon, 15 Oct 2007 22:07:08 +0000 (22:07 +0000)]
pull up r20117 from trunk

 r20117@cathode-dark-space:  jaltman | 2007-10-12 15:01:38 -0400
 ticket: new
 subject: KFW: BUG: WIX: Improve Usability of multiple architecture MSI installations, remove non-unique GUID component identifiers, and include Beta ID in the package name
 component: windows
 tags: pullup
 target_version: 1.6.3

 The WiX installation package suffered from several problems:

  * The Beta ID was not being included in the package name.
    Fixed this by swapping the priority of "Release" and "Beta".
    "Beta" is an official release that has a beta value.
    A non-release has a datestamp as part of the package name.

  * There were duplicate GUID values being used for registry components.
    This would prevent proper removal of the components on uninstall.

  * 64-bit Installers were being constructed with the 32-bit installer
    schema.  This prevented side-by-side installation of the 64-bit and
    32-bit versions.  This also permitted 64-bit installers to be
    installed on 32-bit systems.

  * The 64-bit and 32-bit installers had the same package name.
    64-bit and 32-bit are now identified in the package name.

  * 64-bit files were being installed to the WOW64 environment.

ticket: 5820

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20120 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopatchlevel for kfw-3.2.2-beta1
Tom Yu [Fri, 5 Oct 2007 16:33:56 +0000 (16:33 +0000)]
patchlevel for kfw-3.2.2-beta1

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20104 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20101 from trunk
Tom Yu [Fri, 5 Oct 2007 16:31:34 +0000 (16:31 +0000)]
pull up r20101 from trunk

 r20101@cathode-dark-space:  jaltman | 2007-10-05 11:23:53 -0400
 ticket: new
 subject: NIM: BUG: APP: New edit controls should be marked ES_AUTOHSCROLL
 component: windows

 The EDIT controls used to accept input from the user must be set to
 support automatic horizontal scrolling.  Otherwise, the number of input
 characters is arbitrarily restricted based upon the font selected by
 the user as part of the active Windows theme.

 Horizontal scrolling is enabled with the ES_AUTOHSCROLL flag during
 control construction.

ticket: 5809
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20102 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20099 from trunk
Tom Yu [Fri, 5 Oct 2007 14:32:59 +0000 (14:32 +0000)]
pull up r20099 from trunk

 r20099@cathode-dark-space:  kpkoch | 2007-10-04 21:26:34 -0400
 Ticket: new
 Tags: pullup
 Target_Version: 1.6.3
 Subject: KfW Build: add new installer build files to copyfiles.xml.

 Files were added to the installer build area.  They also need to be added to the copylist, so that they are copied to the staging area, where the installer is built.

ticket: 5808
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20100 dc483132-0cff-0310-8789-dd5450dbe970

17 years agokrb5-1.6.3-beta2-postrelease
Tom Yu [Fri, 5 Oct 2007 00:00:23 +0000 (00:00 +0000)]
krb5-1.6.3-beta2-postrelease

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20098 dc483132-0cff-0310-8789-dd5450dbe970

17 years agoreadme and patchlevel for krb5-1.6.3-beta2
Tom Yu [Thu, 4 Oct 2007 23:55:44 +0000 (23:55 +0000)]
readme and patchlevel for krb5-1.6.3-beta2

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20096 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20094 from trunk
Tom Yu [Thu, 4 Oct 2007 22:55:57 +0000 (22:55 +0000)]
pull up r20094 from trunk

 r20094@cathode-dark-space:  tlyu | 2007-10-04 18:13:13 -0400
 ticket: 4136
 target_version: 1.6.3
 tags: pullup

 Will Fiveash and Mark Phalan report that kadmin's unlock command calls
 kadm5_lock() instead of of kadm5_unlock().  Apply the obvious fix.

ticket: 4136
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20095 dc483132-0cff-0310-8789-dd5450dbe970

17 years agoback to krb5-1.6.3-beta1-postrelease
Tom Yu [Thu, 4 Oct 2007 20:44:33 +0000 (20:44 +0000)]
back to krb5-1.6.3-beta1-postrelease

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20093 dc483132-0cff-0310-8789-dd5450dbe970

17 years agoreadme and patchlevel for kfw-3.2.2-beta1
Tom Yu [Thu, 4 Oct 2007 20:23:21 +0000 (20:23 +0000)]
readme and patchlevel for kfw-3.2.2-beta1

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20091 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r19754 from trunk
Tom Yu [Thu, 4 Oct 2007 20:17:48 +0000 (20:17 +0000)]
pull up r19754 from trunk

 r19754@cathode-dark-space:  jaltman | 2007-08-06 11:11:03 -0400
 ticket: new
 subject: KRB5_CALLCONV must be specified inside parens

 When declaring a function pointer, the function type
 modifiers must be inside the parentheses.

   return-type (modifers * function-name) (parameters)

ticket: 5625
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20089 dc483132-0cff-0310-8789-dd5450dbe970

17 years agoback to krb5-1.6.3-beta1-postrelease
Tom Yu [Wed, 3 Oct 2007 20:46:33 +0000 (20:46 +0000)]
back to krb5-1.6.3-beta1-postrelease

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20088 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopatchlevel and winlevel for kfw-3.2.2-beta1
Tom Yu [Wed, 3 Oct 2007 20:44:11 +0000 (20:44 +0000)]
patchlevel and winlevel for kfw-3.2.2-beta1

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20086 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20082 from trunk
Tom Yu [Wed, 3 Oct 2007 00:26:01 +0000 (00:26 +0000)]
pull up r20082 from trunk

 r20082@cathode-dark-space:  tlyu | 2007-10-02 20:17:27 -0400
 ticket: 5802
 target_version: 1.6.3
 tags: pullup

 Apply patch from Nalin Dahyabhai to correctly handle delegated
 credentials if ret_flags is null.

ticket: 5802
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20083 dc483132-0cff-0310-8789-dd5450dbe970

17 years agofix for krb5-1.6.x: Correctly build pkinit plugin including
Tom Yu [Tue, 2 Oct 2007 04:07:12 +0000 (04:07 +0000)]
fix for krb5-1.6.x: Correctly build pkinit plugin including
dependencies.  Reported by Doug Engert.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20080 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20040 from trunk
Tom Yu [Tue, 2 Oct 2007 02:42:17 +0000 (02:42 +0000)]
pull up r20040 from trunk

 r20040@cathode-dark-space:  jaltman | 2007-10-01 16:09:55 -0400
 ticket: new
 subject: remove error tables by pointer
 tags: pullup
 target_version: 1.6.3

 On Windows, it is possible for the same DLL to be loaded
 into a process multiple times as separate instances.  Each
 time a DLL is loaded it registers its error tables at different
 locations in the process address space.  Removing the tables
 by base instead of pointer value can result in the error table
 list pointing at invalid memory.

ticket: 5801
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20079 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20064 from trunk
Tom Yu [Tue, 2 Oct 2007 02:42:02 +0000 (02:42 +0000)]
pull up r20064 from trunk

 r20064@cathode-dark-space:  raeburn | 2007-10-01 19:48:57 -0400
 ticket: 5800
 tags: pullup

 Initialize options for _alloc interface to same defaults as for _init.

ticket: 5800
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20078 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20039 from trunk
Tom Yu [Mon, 1 Oct 2007 23:55:38 +0000 (23:55 +0000)]
pull up r20039 from trunk

 r20039@cathode-dark-space:  raeburn | 2007-10-01 15:21:49 -0400
 ticket: new
 subject: def-check.pl needs to ignore ordinals in .def file

 Otherwise, the UNIX build blows out now that the Windows export lists
 have been updated.  Silly consistency checks....

ticket: 5791
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20077 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20035 from trunk
Tom Yu [Mon, 1 Oct 2007 23:55:23 +0000 (23:55 +0000)]
pull up r20035 from trunk

 r20035@cathode-dark-space:  jaltman | 2007-10-01 12:15:39 -0400
 ticket: 5798
 tags: pullup
 target_version: 1.6.3
 component: windows

 Process WM_CLOSE for the command-line option dialog.

ticket: 5798
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20076 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20034 from trunk
Tom Yu [Mon, 1 Oct 2007 23:55:09 +0000 (23:55 +0000)]
pull up r20034 from trunk

 r20034@cathode-dark-space:  jaltman | 2007-10-01 01:32:26 -0400
 ticket: new
 subject: NIM: BUG: APP: notification icon tooltip wrong string

 The Network Identity Manager notification icon can display a tooltip
 when the user hovers the mouse cursor over it.  It is currently used
 to indicate the default identity (if one is found).  However, when
 retrieving the name of the default identity, the size of the buffer
 was left unspecified.  This patch specifies the correct buffer size.

 The function called with the incorrect buffer size was
 kcdb_identity_get_name().  That function does not write more than
 KCDB_IDENT_MAXCCH_NAME characters regardless of the size of the buffer
 specified, and the buffer that was passed in is allocated to be this
 size.  No buffer overrun was present in the existing code, although
 the behavior was incorrect.

ticket: 5797
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20075 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20033 from trunk
Tom Yu [Mon, 1 Oct 2007 23:54:52 +0000 (23:54 +0000)]
pull up r20033 from trunk

 r20033@cathode-dark-space:  jaltman | 2007-10-01 01:31:02 -0400
 ticket: 5782

 When Network Identity Manager starts, the credentials display
 enumerates known identities and displays them if necessary.  However,
 as plug-ins load and the list of known identities, their properties
 and credentials change, the order of the displayed list will also
 change.

 The existing code does not deal well in respect to tracking the
 current selection when the list of identities and credentials change.
 This results in inconsistent behavior where the identity that was
 originally at the top of the list maintains its selection state while
 the identity at the top of the list after all the plug-ins have loaded
 will receive focus.

 This patch fixes this problem by explicitly setting focus and
 selection to the identity or credential at the current cursor location
 following a change in the credentials list.

ticket: 5782
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20074 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20032 from trunk
Tom Yu [Mon, 1 Oct 2007 23:54:39 +0000 (23:54 +0000)]
pull up r20032 from trunk

 r20032@cathode-dark-space:  jaltman | 2007-10-01 01:29:38 -0400
 ticket: 5783

 The credentials display in Network Identity Manager colors the
 background of identity headings based on the expiration state of the
 credentials that belong to the identity.

 This patch changes the behavior to color these headings based on the
 existence and expiration state of identity credentials.  With this
 change, only identities that have valid identity credentials will
 appear in green.

 The same logic is used when drawing the menu items in the "Set
 default" sub-menu in the notification icon.

ticket: 5783
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20073 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20031 from trunk
Tom Yu [Mon, 1 Oct 2007 23:54:23 +0000 (23:54 +0000)]
pull up r20031 from trunk

 r20031@cathode-dark-space:  jaltman | 2007-10-01 01:27:29 -0400
 ticket: new
 subject: NIM: BUG: APP: notification icon state

 Currently, the notification icon that is created by Network Identity
 Manager indicates the status of all the known credentials.  If any
 credential belonging to any identity is expired or in a critical
 state, the icon will change color to indicate this.

 This patch changes the behavior to only indicate the status of
 credentials belonging to the default identity.  The expiration state
 of credentials that do not belong to the default identity no longer
 affect the appearance of the notification icon.

ticket: 5796
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20072 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20030 from trunk
Tom Yu [Mon, 1 Oct 2007 23:54:09 +0000 (23:54 +0000)]
pull up r20030 from trunk

 r20030@cathode-dark-space:  jaltman | 2007-10-01 01:25:34 -0400
 ticket: new
 subject: NIM: BUG: APP: identity data corruption

 The credentials display in Network Identity Manager uses a cached set
 of properties for each identity that has credentials.  The existing
 code used the wrong field of the khui_credwnd_identity structure to
 store the credentials type name associated with an identity, resulting
 in a corrupt data structure.

 This patch fixes the code to use the correct field.

ticket: 5795
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20071 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20029 from trunk
Tom Yu [Mon, 1 Oct 2007 23:53:55 +0000 (23:53 +0000)]
pull up r20029 from trunk

 r20029@cathode-dark-space:  jaltman | 2007-10-01 01:20:51 -0400
 ticket: new
 subject: NIM: BUG: APP: View-Select columns

 Change "View columns" to "Select columns" in the "View" menu of
 Network Identity Manager to be consistent with other Windows
 applications.

ticket: 5794
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20070 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20028 from trunk
Tom Yu [Mon, 1 Oct 2007 23:53:38 +0000 (23:53 +0000)]
pull up r20028 from trunk

 r20028@cathode-dark-space:  jaltman | 2007-10-01 01:19:05 -0400
 ticket: new
 subject: NIM: BUG: APP: leaking prompts in obtain new credentials dialog

 The Kerberos v5 plug-in for Network Identity Manager was not clearing
 the list of prompts properly when a user changes the active identity
 in the new credentials dialog.  The stale prompts would be visible to
 the user if the newly selected identity is invalid or the new identity
 cannot be validated.

 This patch clears the prompts if there is an identity change.

ticket: 5793
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20069 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20027 from trunk
Tom Yu [Mon, 1 Oct 2007 23:53:20 +0000 (23:53 +0000)]
pull up r20027 from trunk

 r20027@cathode-dark-space:  jaltman | 2007-09-30 23:22:07 -0400
 ticket: 5789

 add descriptions of credential flags, identity icons, and push-pins

 update screen shots

 add credits to Fermilabs and Stanford University.

 other changes for kfw 3.2.2 release.

ticket: 5789
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20068 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20026 from trunk
Tom Yu [Mon, 1 Oct 2007 23:52:57 +0000 (23:52 +0000)]
pull up r20026 from trunk

 r20026@cathode-dark-space:  jaltman | 2007-09-30 23:20:06 -0400
 ticket: 5789

 fix the description of the notification icon status colors

ticket: 5789

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20067 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20025 from trunk
Tom Yu [Mon, 1 Oct 2007 23:52:44 +0000 (23:52 +0000)]
pull up r20025 from trunk

 r20025@cathode-dark-space:  jaltman | 2007-09-30 16:50:45 -0400
 ticket: new
 subject: NIM: BUG: LIB: deadlock in kmq
 component: windows

 Do not obtain a critical section that is already being held:
  "cs_kmq_types"

 Update the docs to indicate the additional restriction.

ticket: 5792
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20066 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20024 from trunk
Tom Yu [Mon, 1 Oct 2007 23:52:30 +0000 (23:52 +0000)]
pull up r20024 from trunk

 r20024@cathode-dark-space:  jaltman | 2007-09-30 16:46:02 -0400
 ticket: new
 subject: Add static ordinals to DLL exports

 Add static ordinals to DLL exports in krb5_32.def, xpprof32.def
 gssapi32.def, and krb524.def.

 Not added to k5sprt32.def as all of the functions are
 private.

 Not added to krb4_32.def as the library is not supported
 as part of KFW.

ticket: 5791

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20065 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20023 from trunk
Tom Yu [Mon, 1 Oct 2007 23:18:25 +0000 (23:18 +0000)]
pull up r20023 from trunk

 r20023@cathode-dark-space:  jaltman | 2007-09-30 10:42:22 -0400
 ticket: 5753

 When there is no ImagePath value for a module it indicates
 that the module has not been installed.  Do not report an
 error to the end user for uninstalled modules.  This will
 only annoy the user and there is probably nothing the user
 can do about it.  Perhaps the user uninstalled the module
 intentionally.  The fact that there is still a HKCU key
 remaining is not an indication that the module is in use.

ticket: 5753
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20063 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20022 from trunk
Tom Yu [Mon, 1 Oct 2007 23:18:10 +0000 (23:18 +0000)]
pull up r20022 from trunk

 r20022@cathode-dark-space:  jaltman | 2007-09-30 00:44:31 -0400
 ticket: 5753

 Remove Krb5Cred, Krb5Ident, and Krb4Cred default configuration data from
 the KMM Schema.  Require that modules that are installed be properly
 installed.

 Add NIM Module Registry values to the NSIS installer.  These values were
 already being set by the Wix installer.

 By removing the ImagePath default, unable to load module errors will
 not be generated when the module has not in fact been installed.

ticket: 5753

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20062 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20021 from trunk
Tom Yu [Mon, 1 Oct 2007 23:17:54 +0000 (23:17 +0000)]
pull up r20021 from trunk

 r20021@cathode-dark-space:  jaltman | 2007-09-29 23:50:37 -0400
 ticket: 5787

 fix documentation typo.

ticket: 5787
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20061 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20020 from trunk
Tom Yu [Mon, 1 Oct 2007 23:17:37 +0000 (23:17 +0000)]
pull up r20020 from trunk

 r20020@cathode-dark-space:  jaltman | 2007-09-29 21:45:10 -0400
 ticket: new
 subject: NIM: disable warning
 component: windows

 Disable the potentially uninitialized variable warning
 for 'ri'.  The variable cannot be used when uninitialized.

ticket: 5790
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20060 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20019 from trunk
Tom Yu [Mon, 1 Oct 2007 23:16:50 +0000 (23:16 +0000)]
pull up r20019 from trunk

 r20019@cathode-dark-space:  jaltman | 2007-09-29 21:24:12 -0400
 ticket: new
 subject: NIM: PDF user documentation updates for KFW 3.2.2
 component: windows

 updates for NIM 1.3.1 / KFW 3.2.2

ticket: 5789

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20059 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20018 from trunk
Tom Yu [Mon, 1 Oct 2007 23:16:27 +0000 (23:16 +0000)]
pull up r20018 from trunk

 r20018@cathode-dark-space:  jaltman | 2007-09-29 18:56:57 -0400
 ticket: new
 subject: NIM: BUG: APP: Provide keyboard accelerator
 component: windows

 In the Advanced mode of the Obtain New Credentials dialog
 the keyboard accelerator was missing.

ticket: 5788
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20058 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20017 from trunk
Tom Yu [Mon, 1 Oct 2007 23:15:49 +0000 (23:15 +0000)]
pull up r20017 from trunk

 r20017@cathode-dark-space:  jaltman | 2007-09-29 18:53:37 -0400
 ticket: 5787

 Fix typo.

ticket: 5787

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20057 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r20016 from trunk
Tom Yu [Mon, 1 Oct 2007 23:15:32 +0000 (23:15 +0000)]
pull up r20016 from trunk

 r20016@cathode-dark-space:  jaltman | 2007-09-29 17:18:43 -0400
 ticket: new
 subject: NIM: BUG: APP: Spell Check
 component: windows

 Correct typos.  Make use of "plug-in" vs "plugin" consistent.

ticket: 5787

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20056 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r19985 from trunk
Tom Yu [Mon, 1 Oct 2007 23:15:15 +0000 (23:15 +0000)]
pull up r19985 from trunk

 r19985@cathode-dark-space:  jaltman | 2007-09-26 23:46:36 -0400
 ticket: new
 subject: NIM: FEATURE: APP: Notification Icon Tooltip
 component: windows

 The Network Identity Manager notification icon can have a tooltip
 associated with it.  The tooltip will be displayed to the user if she
 hovers the mouse cursor over the notification icon.  Currently, the
 tooltip is used to indicate the current status of Network Identity
 Manager.  This patch adds the name of the default identity to the
 tooltip.

ticket: 5780
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20055 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r19984 from trunk
Tom Yu [Mon, 1 Oct 2007 23:14:58 +0000 (23:14 +0000)]
pull up r19984 from trunk

 r19984@cathode-dark-space:  jaltman | 2007-09-26 23:44:29 -0400
 ticket: new
 subject: NIM: BUG: LIB: optimize khui_find_action()
 component: windows

 In Network Identity Manager, when locating the action object
 corresponding to an action identifier using khui_find_action(), don't
 search through the list of standard actions if we already know that
 the object we are searching for is a custom action.

ticket: 5779
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20054 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r19983 from trunk
Tom Yu [Mon, 1 Oct 2007 23:14:34 +0000 (23:14 +0000)]
pull up r19983 from trunk

 r19983@cathode-dark-space:  jaltman | 2007-09-26 23:42:20 -0400
 ticket: 5724

 Add a "Set default" sub menu to the Network Identity Manager
 notification icon context menu.  The submenu will display a list of
 identities that the user can select as the default identity.

 Each identity that is displayed in the sub menu will be colored the
 same way it is colored in the basic view to provide a hint as to the
 state of the credentials belonging to the identity.

ticket: 5724
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20053 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r19982 from trunk
Tom Yu [Mon, 1 Oct 2007 23:14:14 +0000 (23:14 +0000)]
pull up r19982 from trunk

 r19982@cathode-dark-space:  jaltman | 2007-09-26 23:38:54 -0400
 ticket: 5719

 Add a "View all identities" option to the view menu of Network
 Identity Manager.  This option will be toggled when selected.  If
 enabled, all the known identities will be displayed in any credentials
 view which uses the identity of credentials as the primary group-by
 field.

 The setting of this option is persistent.

ticket: 5719
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20052 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r19978 from trunk
Tom Yu [Mon, 1 Oct 2007 23:14:00 +0000 (23:14 +0000)]
pull up r19978 from trunk

 r19978@cathode-dark-space:  jaltman | 2007-09-25 00:22:02 -0400
 ticket: 5772

 Document use of KRB5_CCH_CCNAME for ccache name length.

ticket: 5772
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20051 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r19977 from trunk
Tom Yu [Mon, 1 Oct 2007 23:13:45 +0000 (23:13 +0000)]
pull up r19977 from trunk

 r19977@cathode-dark-space:  jaltman | 2007-09-25 00:19:52 -0400
 ticket: 5772

 change all MAX_PATH ccname buffer lengths to KRB5_CCH_CCNAME and
 document the use of KRB5_CCH_CCNAME.

ticket: 5772

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20050 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r19976 from trunk
Tom Yu [Mon, 1 Oct 2007 23:13:31 +0000 (23:13 +0000)]
pull up r19976 from trunk

 r19976@cathode-dark-space:  jaltman | 2007-09-24 23:53:53 -0400
 ticket: new
 subject: NIM: BUG: KMM: miscellaneous fixes
 component: windows

 kmm_reg.c:
 Allocate enough memory to hold the entire PluginList multi-string plus
 an extra NUL if the registry value was not properly terminated.

 kmm_registrar.c:
 Do not record an error loading a module if there was no configuration
 for it.

 kmmmain.c:
 Avoid a race condition by sending the thread quit message instead of
 posting it.  Do so outside of the critical section to avoid a deadlock.

ticket: 5773
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20049 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r19975 from trunk
Tom Yu [Mon, 1 Oct 2007 23:13:15 +0000 (23:13 +0000)]
pull up r19975 from trunk

 r19975@cathode-dark-space:  jaltman | 2007-09-24 23:25:28 -0400
 ticket: new
 subject: NIM: BUG: KRB5: cleanup krb5funcs
 component: windows

 (1) remove an extraneous backslash from the generated FILE:
     ccache name.  GetTempPath() always returns paths terminated
     with a backslash.

 (2) increase the max ccache name length to KRB5_CCH_CCNAME from
     MAX_PATH.

 These changes have dependencies on revisions 19891 and 19897.

ticket: 5772

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20048 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r19970 from trunk
Tom Yu [Mon, 1 Oct 2007 23:13:00 +0000 (23:13 +0000)]
pull up r19970 from trunk

 r19970@cathode-dark-space:  jaltman | 2007-09-24 14:49:58 -0400
 ticket: 5766

 Remove the broken optimization from UnicodeToANSI() that attempted
 in a stupid way to avoid to WideCharToMultiByte() call by testing
 to see if the second byte (not wchar) was NUL.  This test works
 for Latin1 but not for anything more interesting.  Always call
 WideCharToMultiByte().

 I commented out the use of WC_NO_BEST_FIT_CHARS in order to
 provide compatibility with Windows.  Windows converts the user
 name without that option.

 With the current code a principal name consisting of a single
 component equivalent to the Greek character Sigma and a realm
 name will be converted to S@REALM exactly as the "WhoAmI"
 command does.  If WC_NO_BEST_FIT_CHARS was specified, this
 string would be converted to "?@REALM".

ticket: 5766
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20047 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r19969 from trunk
Tom Yu [Mon, 1 Oct 2007 23:12:45 +0000 (23:12 +0000)]
pull up r19969 from trunk

 r19969@cathode-dark-space:  jaltman | 2007-09-24 13:46:26 -0400
 ticket: new
 subject: MSLSA krb5_cc module fails to check success of UNICODE string conversions

 The MSLSA krb5_cc module was written with an assumption that probably does not
 hold true anymore.  It assumed that all Kerberos strings although stored in
 wide character data structures could in fact be represented in the application's
 ANSI code page and that such conversions would not fail.

 The UnicodeToANSI() function did not check the result of WideCharToMultiByte()
 for success.  If the conversion failed, this could result in the caller believing
 the contents of the output string buffer were a valid string when instead they
 were simply stack garbage.

 The UnicodeStringToMITPrinc() and KerbExternalNameToMITPrinc() functions did not
 check the return value of krb5_parse_name() for success.  If krb5_parse_name()
 was passed a pointer to garbage on the stack instead of an actual principal name,
 this could result in the caller believing the output krb5_principal * was valid
 when instead it was NULL.

 The function CacheInfoEx2ToMITCred() is dependent on the success or failure of
 UnicodeStringToMITPrinc() assumed it could not fail and did not return a
 success or failure indication to its caller.

 If Microsoft a formatted ticket contains a Unicode string that can not be
 represented in the application's ANSI code page, this could result in a NULL
 pointer dereference during a call to krb5_cc_resolve("MSLSA:") or
 krb5_cc_retrieve(), or krb5_cc_get_principal().

 With the changes in this commit, tickets containing principal names that cannot
 be represented in the application's ANSI code page will be hidden from the
 application.

ticket: 5766

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20046 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r19968 from trunk
Tom Yu [Mon, 1 Oct 2007 23:12:25 +0000 (23:12 +0000)]
pull up r19968 from trunk

 r19968@cathode-dark-space:  jaltman | 2007-09-24 09:23:25 -0400
 ticket: new
 subject: NIM: BUG: Restore Copyright removed in revision 19855
 component: windows

 Restore MIT Copyright removed in revision 19855.

ticket: 5764
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20045 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r19967 from trunk
Tom Yu [Mon, 1 Oct 2007 22:23:41 +0000 (22:23 +0000)]
pull up r19967 from trunk

 r19967@cathode-dark-space:  jaltman | 2007-09-24 08:30:03 -0400
 ticket: new
 subject: NIM: BUG: khm_krb5_initialize() failed to return error code
 component: windows

 khm_krb5_initialize() is called in the krb5cred.dll and krb4cred.dll
 credential providers in order to ensure that the caller has references
 to a valid krb5_context and a valid krb5_ccache.  If the krb5_cc_resolve()
 call failed, the error code was not being returned to the caller.
 Instead, success was returned which in turn would result in the caller
 believing the NULL krb5_ccache pointer was in fact valid.

 This fix resolves Microsoft's WER Event ID 432405961.

ticket: 5763
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20044 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r19966 from trunk
Tom Yu [Mon, 1 Oct 2007 22:23:25 +0000 (22:23 +0000)]
pull up r19966 from trunk

 r19966@cathode-dark-space:  jaltman | 2007-09-22 01:11:04 -0400
 ticket: 5756

 Move the removal of the vc70.pdb and vc80.pdb files to the
 global clean rule in config/Makefile.w32.  No need to replicate
 them in each individual Makefile.

ticket: 5756
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20043 dc483132-0cff-0310-8789-dd5450dbe970

17 years agopull up r19964 from trunk
Tom Yu [Mon, 1 Oct 2007 22:23:09 +0000 (22:23 +0000)]
pull up r19964 from trunk

 r19964@cathode-dark-space:  jaltman | 2007-09-21 19:22:56 -0400
 ticket: new
 subject: NIM: APP: BUG: restore HideWatermark functionality
 component: windows

 Restore the HideWatermark functionality that was accidently
 removed from ui/credwnd.c

ticket: 5759
version_fixed: 1.6.3

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20042 dc483132-0cff-0310-8789-dd5450dbe970