krb5.git/src/windows/identity/plugins/krb5/lang, branch master MIT Kerberos patches Delete Network Identity Manager 2011-10-17T19:34:08+00:00 Tom Yu tlyu@mit.edu 2011-10-17T19:34:08+00:00 eb06a8e77810afeb718f7f42ece5759d4330d940 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25363 dc483132-0cff-0310-8789-dd5450dbe970 
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25363 dc483132-0cff-0310-8789-dd5450dbe970
Implement Camellia-CTS-CMAC instead of Camellia-CCM 2010-11-20T00:31:46+00:00 Greg Hudson ghudson@mit.edu 2010-11-20T00:31:46+00:00 41acda8ebd3517c3d0f2184c09741cd10d061182 Replace the Camellia-CCM enctypes with Camellia-CTS-CMAC. Still not compiled in by default since we don't have enctype assignments yet. ticket: 6822 target_verion: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24524 dc483132-0cff-0310-8789-dd5450dbe970 
Replace the Camellia-CCM enctypes with Camellia-CTS-CMAC.  Still not
compiled in by default since we don't have enctype assignments yet.

ticket: 6822
target_verion: 1.9
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24524 dc483132-0cff-0310-8789-dd5450dbe970
Merge the camellia-ccm branch to trunk. Since there are no IANA 2010-09-07T17:54:15+00:00 Greg Hudson ghudson@mit.edu 2010-09-07T17:54:15+00:00 140e24e9149eabe8793d439a7d386c78ecb00fab assignments for Camellia-CCM enctypes or cksumtypes yet, they are disabled in a default build. They can be made available by defining (via CPPFLAGS) local-use enctype numbers for the enctypes and cksumtypes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24295 dc483132-0cff-0310-8789-dd5450dbe970 
assignments for Camellia-CCM enctypes or cksumtypes yet, they are
disabled in a default build.  They can be made available by defining
(via CPPFLAGS) local-use enctype numbers for the enctypes and
cksumtypes.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24295 dc483132-0cff-0310-8789-dd5450dbe970
Set svn:eol-style on a bunch of text-looking files that didn't have it 2007-09-24T22:05:56+00:00 Ken Raeburn raeburn@mit.edu 2007-09-24T22:05:56+00:00 5386b775b2fbce68cbc846f7dac3ef495e72457a git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19972 dc483132-0cff-0310-8789-dd5450dbe970 
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19972 dc483132-0cff-0310-8789-dd5450dbe970
More commits for NIM 1.2 Beta 1 2007-04-02T17:49:08+00:00 Jeffrey Altman jaltman@secure-endpoints.com 2007-04-02T17:49:08+00:00 c697f74a7c058e3fc8a83f4b36154000cd3b587e netidmgr.exe - Credentials display : - When picking out the mouse hit rectangles, correctly handle the case where a sticky identity doesn't have any outline controls. - Move code to check and uncheck view layout action to cw_load_view() for consistency. - Initialize outlines properly when creating them. - cw_select_row_creds() should be called on all rows that are being selected or unselected. - Actions : - Remove the 'Contents' item from the 'Help' menu. The KHUI_ACTION_HELP_CTX action already opens the 'Contents' section. - Add 'Change password', 'Import', 'Help contents', and 'About' to the notification icon context menu. - Move the 'Import' action to be between 'Renew' and 'Destroy' for consistency. - Resources : - "Run Network Identity Manager in System Tray" -> "Run from taskbar notification area" - "New Credentials" -> "Obtain new credentials" - Main window : - Don't switch the window mode when handling a KHUI_ACTION_LAYOUT_RELOAD. - Refresh the action tables after changing the window state actions. - Main Menu : - Call khm_refresh_identity_menus() when initializing the menus so that they have a consistent initial state. - When refreshing menus, the checked/unchecked state needs to be set explicitly by turning off flags that are no longer necessary. - Refresh the identities before refreshing the identity menus. - If there are no identities with credentials, disable renew/destroy menus and actions. - Don't bother adding 'renew/destroy all' menu items to the per-identity action menus if there is only one identity. krb5cred.dll - Resources : - Expand the 'Credential flags' control so that it's big enough to hold the contents. source - ccsv.pl : - Handle comment lines before the actual content. - csvschema.cfg : - Don't bother embedding documentation in the data strucutre now. We don't use it. - Convert '[~]' to '\0' before we send it back to the parser. ticket: new component: windows tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19376 dc483132-0cff-0310-8789-dd5450dbe970 
netidmgr.exe

- Credentials display :

  - When picking out the mouse hit rectangles, correctly handle the
    case where a sticky identity doesn't have any outline controls.

  - Move code to check and uncheck view layout action to
    cw_load_view() for consistency.

  - Initialize outlines properly when creating them.

  - cw_select_row_creds() should be called on all rows that are being
    selected or unselected.

- Actions :

  - Remove the 'Contents' item from the 'Help' menu.  The
    KHUI_ACTION_HELP_CTX action already opens the 'Contents' section.

  - Add 'Change password', 'Import', 'Help contents', and 'About' to
    the notification icon context menu.

  - Move the 'Import' action to be between 'Renew' and 'Destroy' for
    consistency.

- Resources :

  - "Run Network Identity Manager in System Tray" -> "Run from taskbar
    notification area"

  - "New Credentials" -> "Obtain new credentials"

- Main window :

  - Don't switch the window mode when handling a
    KHUI_ACTION_LAYOUT_RELOAD.

  - Refresh the action tables after changing the window state actions.

- Main Menu :

  - Call khm_refresh_identity_menus() when initializing the menus so
    that they have a consistent initial state.

  - When refreshing menus, the checked/unchecked state needs to be set
    explicitly by turning off flags that are no longer necessary.

  - Refresh the identities before refreshing the identity menus.

  - If there are no identities with credentials, disable renew/destroy
    menus and actions.

  - Don't bother adding 'renew/destroy all' menu items to the
    per-identity action menus if there is only one identity.

krb5cred.dll

- Resources :

  - Expand the 'Credential flags' control so that it's big enough to
    hold the contents.

source

- ccsv.pl :

  - Handle comment lines before the actual content.

- csvschema.cfg :

  - Don't bother embedding documentation in the data strucutre now.
    We don't use it.

  - Convert '[~]' to '\0' before we send it back to the parser.

ticket: new 
component: windows
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19376 dc483132-0cff-0310-8789-dd5450dbe970
NIM commits for KFW 3.2 Beta 1 2007-03-29T17:24:34+00:00 Jeffrey Altman jaltman@secure-endpoints.com 2007-03-29T17:24:34+00:00 6b012c14dafd83c9b69438ff94c5f5c5ae138bf2 (NetIDMgr 1.2.0.0) netidmgr.exe - Simplify credential window UI element placement calculations. - Add the Custom_1 view to the UI schema. This is used to store customizations to the basic view. - Extended styles for toolbars have to be set via TB_SETEXTENDEDSTYLE messages instead of the EX_STYLE parameter to CreateWindowEx(). Also, set the extended style to support detached arrows. - Support drop down menus in the standard toolbar. - The per-identity commands that are added to expiration dialogs are now flagged for automatic dispatch. - Remove unnecessary status bar parts and display the status bar icons at the correct size. - The notification alerts now display the info balloon at the correct size. - Increase the height of the height of the dialog button bar to 190 from 181 dialog units. - Lock the action tables when refreshing the per-identity actions. Perform the necessary notification after refreshing the per-identity actions. - "Initialize <identity>" -> "Obtain new credentials for <identity>" - Add a button to go back to the Basic view from the Advanced view in the new credentials dialog. - Cache the extents of each row since we now support rows of variable heights. - Selecting a credential row or a header should select all the credentials that are represented by the row. - Update the selection state after loading a new view. - Display the expiration times in the second line of an expanded identity header. - Checks for expiration flags in the credentials window now take into account that the each flag may occupy more than one bit position. - Calculate the expiration flags for the identity before assigning it to a header, so that the header can display accurate expiration data. - Kill unnecessary timers in the credentials view and make sure taht the KHUI_CW_ROW_TIMERSET flag is consistent with whether there is an active timer for the row. - In addition to rows that hold credentials, timers can also be assigned to headers for identities in the basic view. This allows the headers to display expiration times. - The credentials view keeps track of the count of credentials, the count of identity credentials (credentials which belong to the credentials type that the identity belongs to) and the number of initial credentials. - Configuration spaces that hold credential view definitions now include an additional value "_AppVersion" which contains the version of NIM used to create the data. If the current version is greater than the stated version, NIM will failover to using the schema instead of using the saved data. This is because view definitions are version dependent. - The app_version global variable is now a const. - The renew and destroy icons in the standard toolbar are now drop down buttons. If the drop down arrow is clicked, they display a menu with the list of identities that the operation can target. - The renew and destroy actions on the credential menu have been replaced by submenus that allow the user to select the identity which would be the target of the operation. - Consistently update the 'displayed' field of an alert so that plug-ins can keep track of which alerts are being displayed. - If the currently displayed balloon alert has KHUI_ALERT_FLAG_DEFACTION flag, then dispatch the defualt command when the user clicks the notification icon, or display the expanded alert if necessary. - Reduce flicker when drawing the credentials display by clipping the header control from the device context. - The state of Advanced mode is now preserved between NIM sessions. - The credential display layout is kept track of separately for the Basic and Advanced views. Any customization done on either view (e.g.: changing sort order) will only affect that view. Customizations for the Advanced view will be saved in the Custom_0 view, while customizations for the Basic view will be saved in Custom_1. - New color scheme. - Selecting a credential or identity will no longer mask the expiration state. The selection rectangle is now alpha blended. - In Basic view, the width of the Identity column changes with the width of the window so that the credentials display always fills the width of the window. - The colors for the highlight, text color, highlighted text color, window background and other elements are now obtained via Windows so that NetIDMgr will be more consistent with any themes that have been applied. - Correctly determine whether a column can be dragged or resized based on the KHUI_CW_COL_FIXED_WIDTH and KHUI_CW_COL_FIXED_POS flags. - Correctly update the scroll bars when switching between views. - The "marker" button for a displayed alert should not perform any action and it should not be the default control. Selecting it should no longer cause an assertion to be thrown. - Don't display the "... Click here for more." message when displaying a balloon alert if the operating system involved does not provide a reliable means of detecting that the user clicked on a balloon. - When attempting to display queued alerts, if the alert at the top of the queue is of a type that cannot be consolidated, then show it by itself. - If the size of the alert window changes, it should be redrawn properly. krb5creds.dll - Allow setting an identity as the default even if there are no credentials or credential caches associated with it. We generate the name of the ccache we would use if we were getting new credentials for the identity and then set that as the default cache. - Controls in the per-identity configuration panels resized to fit their contents. - Set the credentials type and type name attributes for identities for which we have a TGT. - Use khm_krb5_get_identity_params() when retrieving parameters for the identity global configuration panel. - Add UI elements for setting the global values for forwardable, renewable and addressless flags. - Make the schema default to issue forwardable tickets for identities that have no configuration and when krb5.ini does not define 'forwardable'. - When updating the identity properties, take all the active identities into account, so that we won't orphan any identities with Krb5 properties but no credentials associated with them. - If there is no TGT associated with an identity, then strip it of any Krb5 provided properties. - Associate identities that have a valid TGT with Krb5 by setting KCDB_ATTR_TYPE to the Krb5 credentials type. - Don't attempt to renew an identity if the TGT is not renewable or is expired. - When opening the configuration handle for an identity, if the identity does not have any configuration information, failover to using the per-realm configuration or the identity global configuration. - When opening the configuration handle, don't return a handle that can't safely be closed. - Add code from get_in_tkt.c that correctly handles per-realm settings when obtaining libdefaults settings from the profile. ticket: new component: windows git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19306 dc483132-0cff-0310-8789-dd5450dbe970 
(NetIDMgr 1.2.0.0)

netidmgr.exe

- Simplify credential window UI element placement calculations.

- Add the Custom_1 view to the UI schema.  This is used to store
  customizations to the basic view.

- Extended styles for toolbars have to be set via TB_SETEXTENDEDSTYLE
  messages instead of the EX_STYLE parameter to CreateWindowEx().
  Also, set the extended style to support detached arrows.

- Support drop down menus in the standard toolbar.

- The per-identity commands that are added to expiration dialogs are
  now flagged for automatic dispatch.

- Remove unnecessary status bar parts and display the status bar icons
  at the correct size.

- The notification alerts now display the info balloon at the correct
  size.

- Increase the height of the height of the dialog button bar to 190
  from 181 dialog units.

- Lock the action tables when refreshing the per-identity actions.
  Perform the necessary notification after refreshing the per-identity
  actions.

- "Initialize <identity>" -> "Obtain new credentials for <identity>"

- Add a button to go back to the Basic view from the Advanced view in
  the new credentials dialog.

- Cache the extents of each row since we now support rows of variable
  heights.

- Selecting a credential row or a header should select all the
  credentials that are represented by the row.

- Update the selection state after loading a new view.

- Display the expiration times in the second line of an expanded
  identity header.

- Checks for expiration flags in the credentials window now take into
  account that the each flag may occupy more than one bit position.

- Calculate the expiration flags for the identity before assigning it
  to a header, so that the header can display accurate expiration
  data.

- Kill unnecessary timers in the credentials view and make sure taht
  the KHUI_CW_ROW_TIMERSET flag is consistent with whether there is an
  active timer for the row.

- In addition to rows that hold credentials, timers can also be
  assigned to headers for identities in the basic view.  This allows
  the headers to display expiration times.

- The credentials view keeps track of the count of credentials, the
  count of identity credentials (credentials which belong to the
  credentials type that the identity belongs to) and the number of
  initial credentials.

- Configuration spaces that hold credential view definitions now
  include an additional value "_AppVersion" which contains the version
  of NIM used to create the data.  If the current version is greater
  than the stated version, NIM will failover to using the schema
  instead of using the saved data.  This is because view definitions
  are version dependent.

- The app_version global variable is now a const.

- The renew and destroy icons in the standard toolbar are now drop
  down buttons.  If the drop down arrow is clicked, they display a
  menu with the list of identities that the operation can target.

- The renew and destroy actions on the credential menu have been
  replaced by submenus that allow the user to select the identity
  which would be the target of the operation.

- Consistently update the 'displayed' field of an alert so that
  plug-ins can keep track of which alerts are being displayed.

- If the currently displayed balloon alert has
  KHUI_ALERT_FLAG_DEFACTION flag, then dispatch the defualt command
  when the user clicks the notification icon, or display the expanded
  alert if necessary.

- Reduce flicker when drawing the credentials display by clipping the
  header control from the device context.

- The state of Advanced mode is now preserved between NIM sessions.

- The credential display layout is kept track of separately for the
  Basic and Advanced views.  Any customization done on either view
  (e.g.: changing sort order) will only affect that view.
  Customizations for the Advanced view will be saved in the Custom_0
  view, while customizations for the Basic view will be saved in
  Custom_1.

- New color scheme.

- Selecting a credential or identity will no longer mask the
  expiration state.  The selection rectangle is now alpha blended.

- In Basic view, the width of the Identity column changes with the
  width of the window so that the credentials display always fills the
  width of the window.

- The colors for the highlight, text color, highlighted text color,
  window background and other elements are now obtained via Windows so
  that NetIDMgr will be more consistent with any themes that have been
  applied.

- Correctly determine whether a column can be dragged or resized based
  on the KHUI_CW_COL_FIXED_WIDTH and KHUI_CW_COL_FIXED_POS flags.

- Correctly update the scroll bars when switching between views.

- The "marker" button for a displayed alert should not perform any
  action and it should not be the default control.  Selecting it
  should no longer cause an assertion to be thrown.

- Don't display the "... Click here for more." message when displaying
  a balloon alert if the operating system involved does not provide a
  reliable means of detecting that the user clicked on a balloon.

- When attempting to display queued alerts, if the alert at the top of
  the queue is of a type that cannot be consolidated, then show it by
  itself.

- If the size of the alert window changes, it should be redrawn
  properly.

krb5creds.dll

- Allow setting an identity as the default even if there are no
  credentials or credential caches associated with it.  We generate
  the name of the ccache we would use if we were getting new
  credentials for the identity and then set that as the default cache.

- Controls in the per-identity configuration panels resized to fit
  their contents.

- Set the credentials type and type name attributes for identities for
  which we have a TGT.

- Use khm_krb5_get_identity_params() when retrieving parameters for
  the identity global configuration panel.

- Add UI elements for setting the global values for forwardable,
  renewable and addressless flags.

- Make the schema default to issue forwardable tickets for identities
  that have no configuration and when krb5.ini does not define
  'forwardable'.

- When updating the identity properties, take all the active
  identities into account, so that we won't orphan any identities with
  Krb5 properties but no credentials associated with them.

- If there is no TGT associated with an identity, then strip it of any
  Krb5 provided properties.

- Associate identities that have a valid TGT with Krb5 by setting
  KCDB_ATTR_TYPE to the Krb5 credentials type.

- Don't attempt to renew an identity if the TGT is not renewable or is
  expired.

- When opening the configuration handle for an identity, if the
  identity does not have any configuration information, failover to
  using the per-realm configuration or the identity global
  configuration.

- When opening the configuration handle, don't return a handle that
  can't safely be closed.

- Add code from get_in_tkt.c that correctly handles per-realm settings
  when obtaining libdefaults settings from the profile.

ticket: new
component: windows

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19306 dc483132-0cff-0310-8789-dd5450dbe970
NIM: New Default View and miscellaneous fixes 2007-03-20T20:41:52+00:00 Jeffrey Altman jaltman@secure-endpoints.com 2007-03-20T20:41:52+00:00 25e6fa5ec31981a3ec7d732fad6e46a997d29654 ================================ KfW 3.1 Alpha (NetIDMgr 1.1.11.0) -- nidmgr32.dll - Only one action in a menu is allowed to have KHUI_ACTIONREF_DEFAULT flag set. This marks the action as being the default action for the menu and will be rendered as such. - Newly created identities start off with the KCDB_IDENT_FLAG_EMPTY flag set. Once credentials are associated with the identity and the identity is refreshed, the flag will be cleared. - When creating actions, enforce the name length. - khm_value_exists() now handles shadowed configuration spaces. - Add new action KHUI_ACTION_LAYOUT_MINI which toggles between 'Advanced' and 'Basic' views. - Add support for F11 and F12 keys in khui_get_cmd_accel_string(). - New option for alerts to indicate that instead of just setting the response field in the alert, the UI should dispatch the command that the user has selected. -- krb5common.obj - khm_krb5_initialize() can return a handle to a krb5_ccache that has already been closed. Now it doesn't. - Also import 'krb5_string_to_deltat()'. - Work around conditioned symbol definitions in ntsecapi.h in the Vista Platform SDK that affect Win 2000. -- krb5cred.dll - Don't clear the prompts when the options for an identity changes. The prompter code relies on the prompts being around so that the values that the user has entered can be retained if the new set of prompts is the same as the old one. - Use the same code in the new credentials acquisition and the identity configuration code to obtain krb5 parameters for an identity. - Reset the 'IMPORTED' flag when we get new credentials using a password. - If the validity of a principal is not known, then we restrict the options that can be specified when calling krb5_get_init_creds_password() so that we can reliably determine if the principal is valid. If we need to get new credentials for the principal, we need to make another call using the correct options. - The return codes from the prompter need to indicate that the password read operation was cancelled instead of arbiraty non-zero values. - When reading identity settings, if a particular setting is not defined in the registry, then default to reading the settings out of krb5.ini. - Refer to credentials as 'credentials' or 'tickets' instead of 'creds'. - If an identity has imported credentials, don't import for the same identity again. - When importing an identity, create the identity configuration in the registry if we don't already have any settings there. - Work around conditioned symbol definitions in ntsecapi.h in the Vista Platform SDK that affect Win 2000. - Rearrange declarations for clarity. - Use the correct APIs to parse configuration values from krb5.ini. -- krb4cred.dll - The dialog layout was updated to accomodate a localized string that no longer fit in its control. - Remove a spurious inclusion of ntsecapi.h and work around conditioned symbol definition in the Vista Platform SDK. -- netidmgr.exe - Fix the menu creation code to correctly tag the default action so that it will be rendered properly. - Update the menu enumeration code to use documented functions instead of accessing acton lists directly. - Pool of per-identity actions now include a set of actions for obtaining credentials for specific identities. - The default action performed when the notification icon is clicked is now configurable. When displaying the context menu in the notification area, the default action is highlighted. - Remove unnecessary handlers from the notifcation event handler. - Only handle NIN_SELECT instead of both NIN_SELECT and WM_LBUTTONUP in the notification event handler. When the user clicks the notication icon, both events are generated. NIN_SELECT is canonical. - When the handling NIN_BALLOONUSERCLICK in the notification event handler, reset balloon_alert before displaying any new alerts so that we won't overwrite it later. - Reset the notification alert icon after displaying an alert. - If a renewal fails, the displayed alert contains a button that the user can click to initiate the process of acquiring new credentials for the identity. - Alerts can optionally dispatch the commands that were added to it using the KHUI_ALERT_FLAG_DISPATCH_CMD flag. - Increase the size of the About dialog. - Correct the action text for the IDS_ACTION_OPEN_APP and IDS_ACTION_CLOSE_APP to say 'Show' and 'Hide' instead of 'Open' and 'Close'. These actions only control the visible state of the NIM window. - Add additional notification which signals that the commandline has finished processing. - Add an 'acquire' action to the per-identity actions. - The per identity actions (renew, destroy, acquire) now have useful captions, names and tooltips. - Use WM_NEXTDLGCTL message when changing the focus of dialog controls. SetFocus() is insufficient. - If we get a request to show a new credential acquisition dialog and we are already showing one, bring that one to the foreground instead of trying to display a new one or waiting quietly. - New configuration schema for the UI that include definitions for the new default view. - The alerter window can now show more than one alert at once. - If we are about to show queued alerts, then check if the alerts that are waiting are related and if they can be grouped together. If so, show them in a single alert window instead of multiple ones. - If new alerts are issued while a set of alerts are being displayed and if the new alert is related to the alerts that are being displayed, then add the new alert to the list being displayed. - Make sure we have a lock on the alert when we are manipulating or accessing it. - Set the focus to the correct control when displaying an alert. - When adding alerts from the alert queue, make sure we iterate through the queue properly. - Allow keyboard navigation inside the alert window and support scroll bars. - Check if we have a valid code pointer before invoking a UI callback. - Make sure the main window is in the normal configuration before switching to a layout that rquires it. - When moving the main window around, if it comes close to an edge of the working area of the display, snap to it. - Maintain two sets of settings for the main window placement. One for the mini mode and one for the normal mode. - When processing saved window placement information from the configuration, handle docking hints which note which edges of the screen the main window should be adjacent to, if any. - Switching to the 'Basic' view disables the layout and column selection menus. - Position the new credentials dialog above the main window if the main window is visible. - The alert that is displayed to indicate that an identity has expired, now contains a command button that can be used to invoke the new credentials dialog for that identity. -- source - Update the documentation to reflect the change in behavior regarding KHUI_ACTIONREF_DEFAULT in khui_menu_insert_action() and khui_menu_insert_paction(). - Remove notes about menu access functions being not thread safe. This is no longer true. - Update the documentation for khui_alert_show() to document new behavior regarding KHUI_ALERT_FLAG_DISPATCH_CMD. - Update documentation to indicate which KHUI_ALERT_FLAG_* flags are internal and document the new KHUI_ALERT_FLAG_DISPATCH_CMD flag. - Augment the queue handling macros to support additional operations. Also add new tree data structure with an ordered list of children. - Code reorganization to reuse code for obtaining the caption and tooltip for a system defined action in netidmgr.exe. ticket: new component: windows git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19238 dc483132-0cff-0310-8789-dd5450dbe970 
================================
KfW 3.1 Alpha (NetIDMgr 1.1.11.0)

-- nidmgr32.dll

- Only one action in a menu is allowed to have KHUI_ACTIONREF_DEFAULT
  flag set.  This marks the action as being the default action for the
  menu and will be rendered as such.

- Newly created identities start off with the KCDB_IDENT_FLAG_EMPTY
  flag set.  Once credentials are associated with the identity and the
  identity is refreshed, the flag will be cleared.

- When creating actions, enforce the name length.

- khm_value_exists() now handles shadowed configuration spaces.

- Add new action KHUI_ACTION_LAYOUT_MINI which toggles between
  'Advanced' and 'Basic' views.

- Add support for F11 and F12 keys in khui_get_cmd_accel_string().

- New option for alerts to indicate that instead of just setting the
  response field in the alert, the UI should dispatch the command
  that the user has selected.

-- krb5common.obj

- khm_krb5_initialize() can return a handle to a krb5_ccache that has
  already been closed.  Now it doesn't.

- Also import 'krb5_string_to_deltat()'.

- Work around conditioned symbol definitions in ntsecapi.h in the
  Vista Platform SDK that affect Win 2000.

-- krb5cred.dll

- Don't clear the prompts when the options for an identity changes.
  The prompter code relies on the prompts being around so that the
  values that the user has entered can be retained if the new set of
  prompts is the same as the old one.

- Use the same code in the new credentials acquisition and the
  identity configuration code to obtain krb5 parameters for an
  identity.

- Reset the 'IMPORTED' flag when we get new credentials using a
  password.

- If the validity of a principal is not known, then we restrict the
  options that can be specified when calling
  krb5_get_init_creds_password() so that we can reliably determine if
  the principal is valid.  If we need to get new credentials for the
  principal, we need to make another call using the correct options.

- The return codes from the prompter need to indicate that the
  password read operation was cancelled instead of arbiraty non-zero
  values.

- When reading identity settings, if a particular setting is not
  defined in the registry, then default to reading the settings out of
  krb5.ini.

- Refer to credentials as 'credentials' or 'tickets' instead of
  'creds'.

- If an identity has imported credentials, don't import for the same
  identity again.

- When importing an identity, create the identity configuration in the
  registry if we don't already have any settings there.

- Work around conditioned symbol definitions in ntsecapi.h in the
  Vista Platform SDK that affect Win 2000.

- Rearrange declarations for clarity.

- Use the correct APIs to parse configuration values from krb5.ini.

-- krb4cred.dll

- The dialog layout was updated to accomodate a localized string that
  no longer fit in its control.

- Remove a spurious inclusion of ntsecapi.h and work around
  conditioned symbol definition in the Vista Platform SDK.

-- netidmgr.exe

- Fix the menu creation code to correctly tag the default action so
  that it will be rendered properly.

- Update the menu enumeration code to use documented functions instead
  of accessing acton lists directly.

- Pool of per-identity actions now include a set of actions for
  obtaining credentials for specific identities.

- The default action performed when the notification icon is clicked
  is now configurable.  When displaying the context menu in the
  notification area, the default action is highlighted.

- Remove unnecessary handlers from the notifcation event handler.

- Only handle NIN_SELECT instead of both NIN_SELECT and WM_LBUTTONUP
  in the notification event handler.  When the user clicks the
  notication icon, both events are generated. NIN_SELECT is canonical.

- When the handling NIN_BALLOONUSERCLICK in the notification event
  handler, reset balloon_alert before displaying any new alerts so
  that we won't overwrite it later.

- Reset the notification alert icon after displaying an alert.

- If a renewal fails, the displayed alert contains a button that the
  user can click to initiate the process of acquiring new credentials
  for the identity.

- Alerts can optionally dispatch the commands that were added to it
  using the KHUI_ALERT_FLAG_DISPATCH_CMD flag.

- Increase the size of the About dialog.

- Correct the action text for the IDS_ACTION_OPEN_APP and
  IDS_ACTION_CLOSE_APP to say 'Show' and 'Hide' instead of 'Open' and
  'Close'.  These actions only control the visible state of the NIM
  window.

- Add additional notification which signals that the commandline has
  finished processing.

- Add an 'acquire' action to the per-identity actions.

- The per identity actions (renew, destroy, acquire) now have useful
  captions, names and tooltips.

- Use WM_NEXTDLGCTL message when changing the focus of dialog
  controls.  SetFocus() is insufficient.

- If we get a request to show a new credential acquisition dialog and
  we are already showing one, bring that one to the foreground instead
  of trying to display a new one or waiting quietly.

- New configuration schema for the UI that include definitions for the
  new default view.

- The alerter window can now show more than one alert at once.

- If we are about to show queued alerts, then check if the alerts that
  are waiting are related and if they can be grouped together.  If so,
  show them in a single alert window instead of multiple ones.

- If new alerts are issued while a set of alerts are being displayed
  and if the new alert is related to the alerts that are being
  displayed, then add the new alert to the list being displayed.

- Make sure we have a lock on the alert when we are manipulating or
  accessing it.

- Set the focus to the correct control when displaying an alert.

- When adding alerts from the alert queue, make sure we iterate
  through the queue properly.

- Allow keyboard navigation inside the alert window and support scroll
  bars.

- Check if we have a valid code pointer before invoking a UI callback.

- Make sure the main window is in the normal configuration before
  switching to a layout that rquires it.

- When moving the main window around, if it comes close to an edge of
  the working area of the display, snap to it.

- Maintain two sets of settings for the main window placement.  One
  for the mini mode and one for the normal mode.

- When processing saved window placement information from the
  configuration, handle docking hints which note which edges of the
  screen the main window should be adjacent to, if any.

- Switching to the 'Basic' view disables the layout and column
  selection menus.

- Position the new credentials dialog above the main window if the
  main window is visible.

- The alert that is displayed to indicate that an identity has
  expired, now contains a command button that can be used to invoke
  the new credentials dialog for that identity.


-- source

- Update the documentation to reflect the change in behavior regarding
  KHUI_ACTIONREF_DEFAULT in khui_menu_insert_action() and
  khui_menu_insert_paction().

- Remove notes about menu access functions being not thread safe.
  This is no longer true.

- Update the documentation for khui_alert_show() to document new
  behavior regarding KHUI_ALERT_FLAG_DISPATCH_CMD.

- Update documentation to indicate which KHUI_ALERT_FLAG_* flags are
  internal and document the new KHUI_ALERT_FLAG_DISPATCH_CMD flag.

- Augment the queue handling macros to support additional operations.
  Also add new tree data structure with an ordered list of children.

- Code reorganization to reuse code for obtaining the caption and
  tooltip for a system defined action in netidmgr.exe.

ticket: new
component: windows

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19238 dc483132-0cff-0310-8789-dd5450dbe970
NIM string tables 2007-01-18T12:31:23+00:00 Jeffrey Altman jaltman@secure-endpoints.com 2007-01-18T12:31:23+00:00 5d216c66c809e6f72951350470bca08ad77e1240 Update the string tables for NIM so that they are consistent. Always use "Kerberos v5" or "Kerberos v4". Refer to credentials instead of tickets. Do not abbreviate "Network Identity Manager". Etc. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19066 dc483132-0cff-0310-8789-dd5450dbe970 
	Update the string tables for NIM so that they are consistent.
	Always use "Kerberos v5" or "Kerberos v4".  Refer to credentials
	instead of tickets.  Do not abbreviate "Network Identity Manager".
	Etc.

ticket: new
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19066 dc483132-0cff-0310-8789-dd5450dbe970
KFW 3.1 commits for Final Release 2006-11-22T18:11:16+00:00 Jeffrey Altman jaltman@secure-endpoints.com 2006-11-22T18:11:16+00:00 d9d4ab6eaffa272fa2557bcd484b0706c94349a6 KfW 3.1 final (NetIDMgr 1.1.8.0) nidmgr32.dll (1.1.8.0) - When detecting IP address changes, wait for things to settle down before setting of the IP address change notification. krb5cred.dll (1.1.8.0) - Fixed the Kerberos 5 configuration dialog which didn't handle setting the default realm properly. Setting the default realm now sets the correct string in krb5.ini. - Changing the default realm now marks the relevant configuration node as dirty, and enabled the 'Apply' button. - Changing the 'renewable', 'forwardable' and 'addressless' checkboxes in the identity configuration panels now mark the relevant configuration nodes as dirty, and enables the 'Apply' button. - The location of the Kerberos 5 configuration file is now read-only in the Kerberos 5 configuration dialog. - Set the maximum number of characters for the edit controls in the configuration dialog. krb4cred.dll (1.1.8.0) - The location of the Kerberos 4 configuration files are now read-only in the Kerberos 4 configuration dialog. - Handles setting the ticket string. - Changing the ticket string now marks the relevant configuration node as dirty, and enables the 'Apply' button. - Fixed the plug-in initialization code to perform the initial ticket listing at the end of the initializaton process. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18863 dc483132-0cff-0310-8789-dd5450dbe970 
   KfW 3.1 final (NetIDMgr 1.1.8.0)
   
   nidmgr32.dll (1.1.8.0)
   
   - When detecting IP address changes, wait for things to settle down
     before setting of the IP address change notification.
   
   krb5cred.dll (1.1.8.0)
   
   - Fixed the Kerberos 5 configuration dialog which didn't handle
     setting the default realm properly.  Setting the default realm now
     sets the correct string in krb5.ini.
   
   - Changing the default realm now marks the relevant configuration node
     as dirty, and enabled the 'Apply' button.
   
   - Changing the 'renewable', 'forwardable' and 'addressless' checkboxes
     in the identity configuration panels now mark the relevant
     configuration nodes as dirty, and enables the 'Apply' button.
   
   - The location of the Kerberos 5 configuration file is now read-only
     in the Kerberos 5 configuration dialog.
   
   - Set the maximum number of characters for the edit controls in the
     configuration dialog.
   
   krb4cred.dll (1.1.8.0)
   
   - The location of the Kerberos 4 configuration files are now read-only
     in the Kerberos 4 configuration dialog.
   
   - Handles setting the ticket string.
   
   - Changing the ticket string now marks the relevant configuration node
     as dirty, and enables the 'Apply' button.
   
   - Fixed the plug-in initialization code to perform the initial ticket
     listing at the end of the initializaton process.

ticket: new
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18863 dc483132-0cff-0310-8789-dd5450dbe970
final commits for KFW 3.1 Beta 2 2006-10-09T18:08:10+00:00 Jeffrey Altman jaltman@secure-endpoints.com 2006-10-09T18:08:10+00:00 8cf95742d1527bcfd585cb8d1d565f3ef451b261 krb5cred.dll (1.1.2.0) - Fix the control logic so that if the password is expired for an identity, the krb5 credentials provider will initiate a change password request. Once the password is successfully changed, the new password will be used to obtain new credentials. - Fix an incorrect condition which caused the new credentials dialog to refresh custom prompts unnecessarily. - Removing an identity from the list of NetIDMgr identities now causes the corresponding principal to be removed from the LRU principals list. - Properly handle KMSG_CRED_PROCESS message when the user is cancelling out. - Add more debug output - Do not renew Kerberos tickets which are not initial tickets. - Fix whitespace in source code. - When providing identity selection controls, disable the realm selector when the user specifies the realm in the username control. - k5_ident_valiate_name() will refuse principal names with empty or unspecified realms. - When updating identity properties, the identity provider will correctly set the properties for identities that were destroyed. This fixes a problem where the values may be incorrect if an identity has two or more credential caches and one of them is destroyed. nidmgr32.dll (1.1.2.0) - Send out a separate notification if the configuration information associated with an identity is removed. - If an identity is being removed from the NetIDMgr identity list in the configuration panel, do not send out APPLY notifications to the subpanels after the configuration information has been removed. Otherwise this causes the configuration information to be reinstated and prevent the identity from being removed. - Properly initialize the new credentials blob including the UI context structure. netidmgr.exe (1.1.2.0) - When suppressing error messages, make sure that the final KMSG_CRED_END notification is sent. Otherwise the new credentials acquisition operation will not be cleaned up. - Autoinit option now checks to see if there are identity credentials for the default identity and triggers the new credentials dialog if there aren't any. - Properly synchronize the configuration node list when applying changes (e.g.: when removing or adding an identity). - Fix a handle leak when removing an identity from the NetIDMgr identity list. - Refresh the properties for the active identities before calculating the renewal and expiration timers. Otherwise the timestamps being used might be incorrect. - Add Identity dialog (in the configuration panel) now uses the identity selection controls provided by the identity provider. - Improve type safety when handling timer refreshes. - When getting the expiration times and issue times for an identity, the timer refresh code may fail over to the expiration and issue times for the credential it is currently looking at. Now the code makes sure that both the issue and expiration times come from the identity or the credential but not mixed. - Not being able to get the time of issue of a credential now does not result in the credential being skipped from the timer refresh pass. However, not having a time of issue will result in the half-life algorithm not being applied for the renew timer. - Fix a bug which caused a credential to be abandoned from the timer refresh pass if the reamining lifetime of the credential is less than the renewal threshold. - Fix a bug where the vertical scroll bars for the hypertext window would not appear when the contents of the window changed. - Trigger a refresh of the configuration nodes when adding or removing an identity. source for (1.1.2.0) - Explicitly include <prsht.h> so that the SDK can be used in build environments that define WIN32_LEAN_AND_MEAN. ticket: new tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18670 dc483132-0cff-0310-8789-dd5450dbe970 
  krb5cred.dll (1.1.2.0)
  
  - Fix the control logic so that if the password is expired for an
    identity, the krb5 credentials provider will initiate a change
    password request.  Once the password is successfully changed, the
    new password will be used to obtain new credentials.
  
  - Fix an incorrect condition which caused the new credentials dialog
    to refresh custom prompts unnecessarily.
  
  - Removing an identity from the list of NetIDMgr identities now causes
    the corresponding principal to be removed from the LRU principals
    list.
  
  - Properly handle KMSG_CRED_PROCESS message when the user is
    cancelling out.
  
  - Add more debug output
  
  - Do not renew Kerberos tickets which are not initial tickets.
  
  - Fix whitespace in source code.
  
  - When providing identity selection controls, disable the realm
    selector when the user specifies the realm in the username control.
  
  - k5_ident_valiate_name() will refuse principal names with empty or
    unspecified realms.
  
  - When updating identity properties, the identity provider will
    correctly set the properties for identities that were destroyed.
    This fixes a problem where the values may be incorrect if an
    identity has two or more credential caches and one of them is
    destroyed.
  
  nidmgr32.dll (1.1.2.0)
  
  - Send out a separate notification if the configuration information
    associated with an identity is removed.
  
  - If an identity is being removed from the NetIDMgr identity list in
    the configuration panel, do not send out APPLY notifications to the
    subpanels after the configuration information has been removed.
    Otherwise this causes the configuration information to be reinstated
    and prevent the identity from being removed.
  
  - Properly initialize the new credentials blob including the UI
    context structure.
  
  netidmgr.exe (1.1.2.0)
  
  - When suppressing error messages, make sure that the final
    KMSG_CRED_END notification is sent.  Otherwise the new credentials
    acquisition operation will not be cleaned up.
  
  - Autoinit option now checks to see if there are identity credentials
    for the default identity and triggers the new credentials dialog if
    there aren't any.
  
  - Properly synchronize the configuration node list when applying
    changes (e.g.: when removing or adding an identity).
  
  - Fix a handle leak when removing an identity from the NetIDMgr
    identity list.
  
  - Refresh the properties for the active identities before calculating
    the renewal and expiration timers.  Otherwise the timestamps being
    used might be incorrect.
  
  - Add Identity dialog (in the configuration panel) now uses the
    identity selection controls provided by the identity provider.
  
  - Improve type safety when handling timer refreshes.
  
  - When getting the expiration times and issue times for an identity,
    the timer refresh code may fail over to the expiration and issue
    times for the credential it is currently looking at.  Now the code
    makes sure that both the issue and expiration times come from the
    identity or the credential but not mixed.
  
  - Not being able to get the time of issue of a credential now does not
    result in the credential being skipped from the timer refresh pass.
    However, not having a time of issue will result in the half-life
    algorithm not being applied for the renew timer.
  
  - Fix a bug which caused a credential to be abandoned from the timer
    refresh pass if the reamining lifetime of the credential is less
    than the renewal threshold.
  
  - Fix a bug where the vertical scroll bars for the hypertext window
    would not appear when the contents of the window changed.
  
  - Trigger a refresh of the configuration nodes when adding or removing
    an identity.
  
  source for (1.1.2.0)
  
  - Explicitly include <prsht.h> so that the SDK can be used in build
    environments that define WIN32_LEAN_AND_MEAN.
  
  

ticket: new
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18670 dc483132-0cff-0310-8789-dd5450dbe970