| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
| |
line has an effect!
Pass NODEBUG=1 to build.pl.
Target_Version: 1.6.1
Ticket: 5490
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19305 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add -nolog switch; always pass build.pl --nolog. Logging will be done in bkw.pl.log
Create <src>/pismere/CVS if missing so checkout works.
Target_Version: 1.6.1
Ticket: 5490
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19304 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
Target_Version: 1.6.1
Ticket: 5490
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19302 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
way to generate names like kfw-3-2-0-DEBUG.exe programatically
Target_Version: 1.6.1
Ticket: 5490
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19298 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change site-local.wxi/.nsi to site-local-tagged.wxi/.nsi. Add tags such as %VERSION-MAJOR% which are substituted by the build script. NB: to build the installers directly, the build script must be run at least once to generate site-local.wxi/.nsi.
Write DEBUG, RELEASE, BETA defines to site-local.nsi, based on build setting & values from kerberos.ver.
Add more tag substitutions to file copy and the config file, to provide a way to generate names like kfw-3-2-0-DEBUG.exe programatically.
Target_Version: 1.6.1
Ticket: 5490
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19297 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Non-interactive logons cause two problems:
(1) on XP/2003 the logon event handlers do not get triggered and on
all platforms the LogonScript does not get executed.
As a result, ccache files are not deleted.
(2) on all platforms, accessing the credential cache causes
krbcc32s.exe to be spawned. This process never terminates.
This patch tests for interactive logons. If the logon is not
interactive, the Network Provider exits immediately.
ticket: new
component: windows
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19296 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
Target_Version: 1.6.1
Ticket: 5490
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19294 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
Change plink path
Target_Version: 1.6.1
Ticket: 5490
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19293 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
Remove aklog, khhelp.h, and the .manifest files as they are
not installed by the installer.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19291 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The WinLogon event handler in prior versions of the Wix installer
has been installing the event handler under the registry value "KFWLogon"
which happens to be the name that "OpenAFS" also uses for its Kerberos
logon events. The KFW NSIS installer has used "MIT_KFW" in order to
avoid the conflict. The Wix installer is being corrected to match.
When there is a name collision, only one of the event handlers gets
installed. As a result, Kerberos FILE ccaches get created with SYSTEM
only ACLs and are never destroyed. This is the same problem that
happens on Windows Vista when integrated logon is used because the
event handler hooks do not exist.
ticket: new
tags: pullup
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19290 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(1) The registry key used for activating event reporting to
the Windows application log was wrong. It should be
"NetworkProvider" not "Network Provider"
(2) Event logging of the state of the "Debug" value has been
added so that it is possible to debug the use of event
reporting.
(3) The code no longer performs the pre-kinit operations
if a password was not provided.
(4) A new function KFW_copy_file_cache_to_api_cache() has
been added. This is used instead of
KFW_copy_file_cache_to_default_cache() permitting the
default cache to be MSLSA, FILE, or anything else.
The API cache name will be of the form API:principal
just as is done by Network Identity Manager.
ticket: 5469
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19289 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Don't fetch afscompat.
Handle case of checkout into non-existent directory.
Target_Version: 1.6.1
Component: KfW
Tags: pullup
Ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19288 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to ensure the _WIN32_WINNT have a value of 0x0501 or greater.
Otherwise, required LSA type declarations are undeclared.
Provide a registry value that can be set to turn on Application
Event log messages for debugging.
HKLM\System\CurrentControlSet\Services\MIT Kerberos\Network Provider
DWORD "Debug"
Ensure that KFW_obtain_user_temp_directory() returns a value on
error.
Correct the declaration of KFW_copy_cache_to_system_file()
to match the prototype.
ticket: 5469
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19240 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
================================
KfW 3.1 Alpha (NetIDMgr 1.1.11.0)
-- nidmgr32.dll
- Only one action in a menu is allowed to have KHUI_ACTIONREF_DEFAULT
flag set. This marks the action as being the default action for the
menu and will be rendered as such.
- Newly created identities start off with the KCDB_IDENT_FLAG_EMPTY
flag set. Once credentials are associated with the identity and the
identity is refreshed, the flag will be cleared.
- When creating actions, enforce the name length.
- khm_value_exists() now handles shadowed configuration spaces.
- Add new action KHUI_ACTION_LAYOUT_MINI which toggles between
'Advanced' and 'Basic' views.
- Add support for F11 and F12 keys in khui_get_cmd_accel_string().
- New option for alerts to indicate that instead of just setting the
response field in the alert, the UI should dispatch the command
that the user has selected.
-- krb5common.obj
- khm_krb5_initialize() can return a handle to a krb5_ccache that has
already been closed. Now it doesn't.
- Also import 'krb5_string_to_deltat()'.
- Work around conditioned symbol definitions in ntsecapi.h in the
Vista Platform SDK that affect Win 2000.
-- krb5cred.dll
- Don't clear the prompts when the options for an identity changes.
The prompter code relies on the prompts being around so that the
values that the user has entered can be retained if the new set of
prompts is the same as the old one.
- Use the same code in the new credentials acquisition and the
identity configuration code to obtain krb5 parameters for an
identity.
- Reset the 'IMPORTED' flag when we get new credentials using a
password.
- If the validity of a principal is not known, then we restrict the
options that can be specified when calling
krb5_get_init_creds_password() so that we can reliably determine if
the principal is valid. If we need to get new credentials for the
principal, we need to make another call using the correct options.
- The return codes from the prompter need to indicate that the
password read operation was cancelled instead of arbiraty non-zero
values.
- When reading identity settings, if a particular setting is not
defined in the registry, then default to reading the settings out of
krb5.ini.
- Refer to credentials as 'credentials' or 'tickets' instead of
'creds'.
- If an identity has imported credentials, don't import for the same
identity again.
- When importing an identity, create the identity configuration in the
registry if we don't already have any settings there.
- Work around conditioned symbol definitions in ntsecapi.h in the
Vista Platform SDK that affect Win 2000.
- Rearrange declarations for clarity.
- Use the correct APIs to parse configuration values from krb5.ini.
-- krb4cred.dll
- The dialog layout was updated to accomodate a localized string that
no longer fit in its control.
- Remove a spurious inclusion of ntsecapi.h and work around
conditioned symbol definition in the Vista Platform SDK.
-- netidmgr.exe
- Fix the menu creation code to correctly tag the default action so
that it will be rendered properly.
- Update the menu enumeration code to use documented functions instead
of accessing acton lists directly.
- Pool of per-identity actions now include a set of actions for
obtaining credentials for specific identities.
- The default action performed when the notification icon is clicked
is now configurable. When displaying the context menu in the
notification area, the default action is highlighted.
- Remove unnecessary handlers from the notifcation event handler.
- Only handle NIN_SELECT instead of both NIN_SELECT and WM_LBUTTONUP
in the notification event handler. When the user clicks the
notication icon, both events are generated. NIN_SELECT is canonical.
- When the handling NIN_BALLOONUSERCLICK in the notification event
handler, reset balloon_alert before displaying any new alerts so
that we won't overwrite it later.
- Reset the notification alert icon after displaying an alert.
- If a renewal fails, the displayed alert contains a button that the
user can click to initiate the process of acquiring new credentials
for the identity.
- Alerts can optionally dispatch the commands that were added to it
using the KHUI_ALERT_FLAG_DISPATCH_CMD flag.
- Increase the size of the About dialog.
- Correct the action text for the IDS_ACTION_OPEN_APP and
IDS_ACTION_CLOSE_APP to say 'Show' and 'Hide' instead of 'Open' and
'Close'. These actions only control the visible state of the NIM
window.
- Add additional notification which signals that the commandline has
finished processing.
- Add an 'acquire' action to the per-identity actions.
- The per identity actions (renew, destroy, acquire) now have useful
captions, names and tooltips.
- Use WM_NEXTDLGCTL message when changing the focus of dialog
controls. SetFocus() is insufficient.
- If we get a request to show a new credential acquisition dialog and
we are already showing one, bring that one to the foreground instead
of trying to display a new one or waiting quietly.
- New configuration schema for the UI that include definitions for the
new default view.
- The alerter window can now show more than one alert at once.
- If we are about to show queued alerts, then check if the alerts that
are waiting are related and if they can be grouped together. If so,
show them in a single alert window instead of multiple ones.
- If new alerts are issued while a set of alerts are being displayed
and if the new alert is related to the alerts that are being
displayed, then add the new alert to the list being displayed.
- Make sure we have a lock on the alert when we are manipulating or
accessing it.
- Set the focus to the correct control when displaying an alert.
- When adding alerts from the alert queue, make sure we iterate
through the queue properly.
- Allow keyboard navigation inside the alert window and support scroll
bars.
- Check if we have a valid code pointer before invoking a UI callback.
- Make sure the main window is in the normal configuration before
switching to a layout that rquires it.
- When moving the main window around, if it comes close to an edge of
the working area of the display, snap to it.
- Maintain two sets of settings for the main window placement. One
for the mini mode and one for the normal mode.
- When processing saved window placement information from the
configuration, handle docking hints which note which edges of the
screen the main window should be adjacent to, if any.
- Switching to the 'Basic' view disables the layout and column
selection menus.
- Position the new credentials dialog above the main window if the
main window is visible.
- The alert that is displayed to indicate that an identity has
expired, now contains a command button that can be used to invoke
the new credentials dialog for that identity.
-- source
- Update the documentation to reflect the change in behavior regarding
KHUI_ACTIONREF_DEFAULT in khui_menu_insert_action() and
khui_menu_insert_paction().
- Remove notes about menu access functions being not thread safe.
This is no longer true.
- Update the documentation for khui_alert_show() to document new
behavior regarding KHUI_ALERT_FLAG_DISPATCH_CMD.
- Update documentation to indicate which KHUI_ALERT_FLAG_* flags are
internal and document the new KHUI_ALERT_FLAG_DISPATCH_CMD flag.
- Augment the queue handling macros to support additional operations.
Also add new tree data structure with an ordered list of children.
- Code reorganization to reuse code for obtaining the caption and
tooltip for a system defined action in netidmgr.exe.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19238 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
Updated scripts & additional configuration files.
Ticket: new
Target_Version: 1.6.1
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19234 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
Ticket: 5409
Target_Version: 1.6.1
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19233 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
Target_Version: 1.6.1
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19232 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On Windows Vista the GINA architecture was removed. As a side
effect the support for the Logon Event Handlers was also removed.
The KFW Integrated Logon functionality relies on the "Logon"
event handler to migrate the user's tickets from a secure FILE:
ccache to an API: ccache so that the tickets will be available
to NetIDMgr and all other Kerberos applications.
This functionality is especially important on Vista for
accounts that are members of the Administrators group because
the User Account Control (UAC) restricts access to the session
keys of all tickets in the MSLSA ccache. The only way for
tickets to be made available to MIT Kerberos applications is
by obtaining them within the Network Provider and pushing them
into the Logon Session.
This patch replaces the missing Logon Event Handler support
with a new exported function "LogonEventHandler" which adheres
to the rundll32.exe specifications. The "LogonEventHandler"
function accepts as input the name of a FILE ccache and moves
the contents into an API: ccache and then deletes the FILE
ccache.
In order for this to work the FILE ccache must be owned by
the account that was used to logon to the current session.
The NPLogonNotify() function must therefore lookup the SID
for the active account, assign an appropriate DACL to the
ccache file, and change the owner. In addition, when Vista
is in use a LogonScript must be constructed that will perform
the call to rundll32.exe.
Other changes include altering the prototype of
KFW_copy_ccache_system_file to accept a filename instead of
the LogonID. This improves the abstraction and allows the
filename to be computed once and passed into multiple
functions from NPLogonNotify().
Many debugging calls were added to assist with implementation.
#define DEBUG 1 at the top of kfwcommon.c when you wish to
build with debugging that generates entries in the Windows
Application Event Viewer.
It is important to note that Integrated Logon attempts to
logon the username within the default realm within the
krb5.ini file using the provided password. This is so
a local machine account name matching the default realm
can obtain Kerberos tickets by synchronizing the password.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19221 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Revision 19207 committed by Kevin Koch does not document changes
made to the Wix installer files. The changes that were made remove
the installation of the configuration files and the inclusion of
leash32.chm.
When the decision is made to remove Leash from the installer,
the entire Leash feature and the associated properties used to
determine when it is installed must be removed. Commenting out
individual file components is not sufficient.
Configuration files must be installed as part of KFW. The
source of the configuration files is defined by the variable
"ConfigDir" within the site-local.wxi directory.
Any changes made to the WIX installer must also be made to the NSIS
installer.
The changes to the src/windows/wix directory from 19207 are
therefore reverted.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19211 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
| |
[wix area.]
Add control of the repository access step, fetch all sources from the repository. Track in documentation.
Eliminate unhelpful output during pre-package step.
The next step is to fetch only krb5/src/windows/build and run the entire build.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19207 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
Minor tweaks to script (start adding unzip support) and config (move svn url to right place).
Target_Version: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19206 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
Target_Version: 1.6.1
Component: KfW
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19205 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
Modify remainder of Makefiles that were sensitive to identity/obj or other cleaned files not being present.
Update util/et/Makefile.in to look for com_err.h in src/include, not src/include/src.
ticket: 5457
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19203 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19202 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
revision 19189
ticket: 5452
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19191 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch implements the new Alert Management functionality.
Many improvements to avoid race conditions and improve resource
tracking.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19189 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
ticket: 5419
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19125 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
| |
broke the ability to cancel and restart the
Obtain New Credentials dialog
ticket: 5414
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19124 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Document User Interface Callbacks
Fix a race condition when performing renewal actions
triggered by command line parameters.
When importing credentials, kickoff a renewal after
the credentials after the API: ccache is created.
Another fix for identity expiration states. This one
fixes the behavior of the system tray icon.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19110 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
ticket: 5408
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19101 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
ticket: 5408
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19100 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add missing registry keys and values for
Network Identity Manager plug-ins.
Correct short names.
ticket: new
tags: pullup
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19078 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds context sensitive menus for renew and destroy
to the system tray menu. Select either all identities
or one of the identities with credentials.
Increases the API to 1.1.9 and adds a new interactive
callback mechanism.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19077 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When validating a Kerberos 5 principal name, the request
to the KDC should not request forwardable, renewable, or
proxiable options as these may be blocked by policy and
will result in the return of an error.
Always treat the Kerberos 5 principal name as valid
unless the KDC returns an error that clearly indicates that
the principal name does not exist.
Use a MEMORY: ccache for temporary storage instead of an
API: ccache.
Initialize pointer values with NULL instead of 0.
ticket: new
tags: pullup
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19069 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The visual status for the identities in NIM 1.1 was based
upon the highest alert status of any credential that was
associated with the identity. The correct behavior that is
now implemented is that the identity status should be based
solely upon the expiration state of the credentials obtained
by the identity provider.
For example, the Kerberos v5 identity provider will based the
identity expiration status on the initial TGT. Service tickets
with short lifetimes that expire do not prevent the acquisition
of additional service tickets. Therefore, the identity should
not be listed as expired.
ticket: new
tags: pullup
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19068 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
The Kerberos v4 options for individual identities
was never wired. The controls were visible but they
did not do anything. Implement them now for NIM 1.2.
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19067 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Update the string tables for NIM so that they are consistent.
Always use "Kerberos v5" or "Kerberos v4". Refer to credentials
instead of tickets. Do not abbreviate "Network Identity Manager".
Etc.
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19066 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The custom handler allocates a buffer that is smaller
than is required to hold the input. Allocate the correct
sized buffer.
ticket: new
tags: pullup
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19061 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
Update copyright date, samples directory, and shortcut
to NetIDMgr documentation
ticket: new
component: windows
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19060 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
Revise the readme text for Windows. Remove references
to old beta SDKs.
ticket: new
tags: pullup
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19059 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
| |
A small number of links contained the wrong root directory.
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19023 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
krb5_get_init_creds_opt_set_change_password_prompt is a new
gic option that permits the prompter code to be skipped
when the password has expired. This option is meant to
be used by credential managers such as NetIDMgr and
Kerberos.app that have their own built in password change
dialogs.
This patch adds the new function, exports it on Windows,
and makes use of it within the Krb5 identity provider
for NetIDMgr.
The patch is written to ensure that no changes to the
krb5_get_init_creds_opt structure are required and
to ensure that the default behavior, prompting, is
maintained.
The export lists for UNIX and KFM must still be updated.
The function prototype was committed as part of ticket 3642.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18954 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
| |
of library manifests into generated EXEs and DLLs.
Manifests are required for Windows XP and above when
applications are built with Microsoft Visual Studio 2005
(aka VS8) or above.
ticket: 3642
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18930 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
| |
Documentation updates including new screen shots for KFW 3.1
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18864 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
KfW 3.1 final (NetIDMgr 1.1.8.0)
nidmgr32.dll (1.1.8.0)
- When detecting IP address changes, wait for things to settle down
before setting of the IP address change notification.
krb5cred.dll (1.1.8.0)
- Fixed the Kerberos 5 configuration dialog which didn't handle
setting the default realm properly. Setting the default realm now
sets the correct string in krb5.ini.
- Changing the default realm now marks the relevant configuration node
as dirty, and enabled the 'Apply' button.
- Changing the 'renewable', 'forwardable' and 'addressless' checkboxes
in the identity configuration panels now mark the relevant
configuration nodes as dirty, and enables the 'Apply' button.
- The location of the Kerberos 5 configuration file is now read-only
in the Kerberos 5 configuration dialog.
- Set the maximum number of characters for the edit controls in the
configuration dialog.
krb4cred.dll (1.1.8.0)
- The location of the Kerberos 4 configuration files are now read-only
in the Kerberos 4 configuration dialog.
- Handles setting the ticket string.
- Changing the ticket string now marks the relevant configuration node
as dirty, and enables the 'Apply' button.
- Fixed the plug-in initialization code to perform the initial ticket
listing at the end of the initializaton process.
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18863 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
- when the krb5 prompter callback function is called,
set the focus to the first input field provided by
the caller.
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18841 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
KfW 3.1 beta 4 (NetIDMgr 1.1.6.0)
nidmgr32.dll (1.1.6.0)
- Fix a race condition where the initialization process might be
flagged as complete even if the identity provider hasn't finished
initialization yet.
krb5cred.dll (1.1.6.0)
- When assigning the default credentials cache for each identity,
favor API and FILE caches over MSLSA if they exist.
- When renewing an identity which was the result of importing
credentials from the MSLSA cache, attempt to re-import the
credentials from MSLSA instead of renewing the imported credentials.
- Prevent possible crash if a Kerberos 5 context could not be obtained
during the renewal operation.
- Prevent memory leak in the credentials destroy handler due to the
failure to free a Kerberos 5 context.
- Properly match principals and realms when importing credentials from
the MSLSA cache.
- Determine the correct credentials cache to place imported
credentials in by checking the configuration for preferred cache
name.
- Keep track of identities where credentials imports have occurred.
- When setting the default identity, ignore the KRB5CCNAME environment
variable.
- Do not re-compute the credentials cache and timestamps when updating
an identity. The cache and timestamp information is computed when
listing credentials and do not change between listing and identity
update.
- When refreshing the default identity, also handle the case where the
default credentials cache does not contain a principal, but the name
of the cache can be used to infer the principal name.
- Invoke a listing of credentials after a successful import.
- Do not free a Kerberos 5 context prematurely during plug-in
initialization.
netidmgr.exe (1.1.6.0)
- Fix the UI context logic to handle layouts which aren't based around
identities.
- Don't try to show a property sheet when there are no property pages
supplied for the corresponding UI context.
- Use consistent context menus.
- Bring a modal dialog box to the foreground when it should be active.
- Do not accept action triggers when the application is not ready to
process actions yet.
- Do not force the new credentials dialog to the top if there's
already a modal dialog box showing.
- Change the default per-identity layout to also group by location.
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18828 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
| |
remove prototype for removed function
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18781 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
KfW 3.1 beta 3 (NetIDMgr 1.1.4.0)
source for 1.1.4.0
- Eliminate unused commented out code.
nidmgr32.dll (1.1.4.0)
- The configuration provider was incorrectly handling the case where a
configuration value also specifies a configuration path, resulting
in the configuration value not being found. Fixed.
- Fix a race condition when refreshing identities where removing an
identity during a refresh cycle may a crash.
- Fix a bug which would cause an assertion to fail if an item was
removed from one of the system defined menus.
- When creating an indirect UI context, khui_context_create() will
correctly fill up a credential set using the selected credentials.
krb5cred.dll (1.1.4.0)
- Fix a race condition during new credentials acquisition which may
cause the Krb5 plug-in to abandon a call to
krb5_get_init_creds_password() and make another call unnecessarily.
- If krb5_get_init_creds_password() KRB5KDC_ERR_KEY_EXP, the new
credentials dialog will automatically prompt for a password change
instead of notifying the user that the password needs to be changed.
- When handling WMNC_DIALOG_PREPROCESS messages, the plug-in thread
would only be notified of any changes to option if the user
confirmed the new credentials operation instead of cancelling it.
- Additional debug output for the DEBUG build.
- Reset the sync flag when reloading new credentials options for an
identity. Earlier, the flag was not being reset, which can result
in the new credentials dialog not obtaining credentials using the
new options.
- Handle the case where the new credentials dialog maybe closed during
the plug-in thread is processing a request.
- Fix a condition which would cause the Krb5 plug-in to clear the
custom prompts even if Krb5 was not the identity provider.
- Once a password is changed, use the new password to obtain new
credentials for the identity.
netidmgr.exe (1.1.4.0)
- Fix a redraw issue which left areas of the credentials window
unupdated if another window was dragged across it.
- Handle WM_PRINTCLIENT messages so that the NetIDMgr window will
support window animation and other features that require a valid
WM_PRINTCLIENT handler.
- During window repaints, NetIDMgr will no longer invoke the default
window procedure.
- Add support for properly activating and bringing the NetIDMgr window
to the foreground when necessary. If the window cannot be brought
to the foreground, it will flash the window to notify the user that
she needs to manually activate the NetIDMgr window.
- When a new credentials dialog is launched as a result of an external
application requesting credentials, if the NetIDMgr application is
not minimized, it will be brought to the foreground before the new
credentials dialog is brought to the foreground. Earlier, the new
credentials dialog may remain hidden behind other windows in some
circumstances.
- When displaying custom prompts for the new credentials dialog, align
the input controls on the right.
ticket:new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18767 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
krb5cred.dll (1.1.2.0)
- Fix the control logic so that if the password is expired for an
identity, the krb5 credentials provider will initiate a change
password request. Once the password is successfully changed, the
new password will be used to obtain new credentials.
- Fix an incorrect condition which caused the new credentials dialog
to refresh custom prompts unnecessarily.
- Removing an identity from the list of NetIDMgr identities now causes
the corresponding principal to be removed from the LRU principals
list.
- Properly handle KMSG_CRED_PROCESS message when the user is
cancelling out.
- Add more debug output
- Do not renew Kerberos tickets which are not initial tickets.
- Fix whitespace in source code.
- When providing identity selection controls, disable the realm
selector when the user specifies the realm in the username control.
- k5_ident_valiate_name() will refuse principal names with empty or
unspecified realms.
- When updating identity properties, the identity provider will
correctly set the properties for identities that were destroyed.
This fixes a problem where the values may be incorrect if an
identity has two or more credential caches and one of them is
destroyed.
nidmgr32.dll (1.1.2.0)
- Send out a separate notification if the configuration information
associated with an identity is removed.
- If an identity is being removed from the NetIDMgr identity list in
the configuration panel, do not send out APPLY notifications to the
subpanels after the configuration information has been removed.
Otherwise this causes the configuration information to be reinstated
and prevent the identity from being removed.
- Properly initialize the new credentials blob including the UI
context structure.
netidmgr.exe (1.1.2.0)
- When suppressing error messages, make sure that the final
KMSG_CRED_END notification is sent. Otherwise the new credentials
acquisition operation will not be cleaned up.
- Autoinit option now checks to see if there are identity credentials
for the default identity and triggers the new credentials dialog if
there aren't any.
- Properly synchronize the configuration node list when applying
changes (e.g.: when removing or adding an identity).
- Fix a handle leak when removing an identity from the NetIDMgr
identity list.
- Refresh the properties for the active identities before calculating
the renewal and expiration timers. Otherwise the timestamps being
used might be incorrect.
- Add Identity dialog (in the configuration panel) now uses the
identity selection controls provided by the identity provider.
- Improve type safety when handling timer refreshes.
- When getting the expiration times and issue times for an identity,
the timer refresh code may fail over to the expiration and issue
times for the credential it is currently looking at. Now the code
makes sure that both the issue and expiration times come from the
identity or the credential but not mixed.
- Not being able to get the time of issue of a credential now does not
result in the credential being skipped from the timer refresh pass.
However, not having a time of issue will result in the half-life
algorithm not being applied for the renew timer.
- Fix a bug which caused a credential to be abandoned from the timer
refresh pass if the reamining lifetime of the credential is less
than the renewal threshold.
- Fix a bug where the vertical scroll bars for the hypertext window
would not appear when the contents of the window changed.
- Trigger a refresh of the configuration nodes when adding or removing
an identity.
source for (1.1.2.0)
- Explicitly include <prsht.h> so that the SDK can be used in build
environments that define WIN32_LEAN_AND_MEAN.
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18670 dc483132-0cff-0310-8789-dd5450dbe970
|
