| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25363 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19972 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NIM supports the ability of the user to specify an
explicit ccache name for use with an identity. If
this ccache is a FILE ccache, we need to be able to
store credentials into the ccache. krb5cred.dll
did not previously specify the KRB5_TC_OPENCLOSE flag
on the ccache when setting other flags such as
KRB5_TC_NOTICKET (which is used with MSLSA ccaches).
As a result, open/close mode was turned off, the
ccache file would be opened in read-only mode and
attempts to store credentials into the ccache would
fail. This is fixed by specifying KRB5_TC_OPENCLOSE
when setting the ccache flags.
When a CCAPI implementation is unavailable, we need
to automatically generate the FILE ccache name if
one has not already been specified. We default to
a file stored in the user's Local Settings\Temp
directory. The generated ccache is then added to
the file ccache watch list.
Finally, some users have complained about the
behavior of Microsoft Vista's UAC mode and how
it makes the CCAPI cache useless for storing
credentials that must be used in conjunction
with processes that do not have restricted
privileges since those processes run in a
separate logon session. For these users we
have added a "DefaultToFileCache" registry
value that can be specified to force the use
of FILE ccaches in preference to CCAPI ccaches
when there is no explicit ccache specified
for a given identity. Unlike CCAPI ccaches,
the FILE ccaches are accessible from both
restricted and unrestricted processes when
UAC is active.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19897 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(NetIDMgr 1.2.0.0)
netidmgr.exe
- Simplify credential window UI element placement calculations.
- Add the Custom_1 view to the UI schema. This is used to store
customizations to the basic view.
- Extended styles for toolbars have to be set via TB_SETEXTENDEDSTYLE
messages instead of the EX_STYLE parameter to CreateWindowEx().
Also, set the extended style to support detached arrows.
- Support drop down menus in the standard toolbar.
- The per-identity commands that are added to expiration dialogs are
now flagged for automatic dispatch.
- Remove unnecessary status bar parts and display the status bar icons
at the correct size.
- The notification alerts now display the info balloon at the correct
size.
- Increase the height of the height of the dialog button bar to 190
from 181 dialog units.
- Lock the action tables when refreshing the per-identity actions.
Perform the necessary notification after refreshing the per-identity
actions.
- "Initialize <identity>" -> "Obtain new credentials for <identity>"
- Add a button to go back to the Basic view from the Advanced view in
the new credentials dialog.
- Cache the extents of each row since we now support rows of variable
heights.
- Selecting a credential row or a header should select all the
credentials that are represented by the row.
- Update the selection state after loading a new view.
- Display the expiration times in the second line of an expanded
identity header.
- Checks for expiration flags in the credentials window now take into
account that the each flag may occupy more than one bit position.
- Calculate the expiration flags for the identity before assigning it
to a header, so that the header can display accurate expiration
data.
- Kill unnecessary timers in the credentials view and make sure taht
the KHUI_CW_ROW_TIMERSET flag is consistent with whether there is an
active timer for the row.
- In addition to rows that hold credentials, timers can also be
assigned to headers for identities in the basic view. This allows
the headers to display expiration times.
- The credentials view keeps track of the count of credentials, the
count of identity credentials (credentials which belong to the
credentials type that the identity belongs to) and the number of
initial credentials.
- Configuration spaces that hold credential view definitions now
include an additional value "_AppVersion" which contains the version
of NIM used to create the data. If the current version is greater
than the stated version, NIM will failover to using the schema
instead of using the saved data. This is because view definitions
are version dependent.
- The app_version global variable is now a const.
- The renew and destroy icons in the standard toolbar are now drop
down buttons. If the drop down arrow is clicked, they display a
menu with the list of identities that the operation can target.
- The renew and destroy actions on the credential menu have been
replaced by submenus that allow the user to select the identity
which would be the target of the operation.
- Consistently update the 'displayed' field of an alert so that
plug-ins can keep track of which alerts are being displayed.
- If the currently displayed balloon alert has
KHUI_ALERT_FLAG_DEFACTION flag, then dispatch the defualt command
when the user clicks the notification icon, or display the expanded
alert if necessary.
- Reduce flicker when drawing the credentials display by clipping the
header control from the device context.
- The state of Advanced mode is now preserved between NIM sessions.
- The credential display layout is kept track of separately for the
Basic and Advanced views. Any customization done on either view
(e.g.: changing sort order) will only affect that view.
Customizations for the Advanced view will be saved in the Custom_0
view, while customizations for the Basic view will be saved in
Custom_1.
- New color scheme.
- Selecting a credential or identity will no longer mask the
expiration state. The selection rectangle is now alpha blended.
- In Basic view, the width of the Identity column changes with the
width of the window so that the credentials display always fills the
width of the window.
- The colors for the highlight, text color, highlighted text color,
window background and other elements are now obtained via Windows so
that NetIDMgr will be more consistent with any themes that have been
applied.
- Correctly determine whether a column can be dragged or resized based
on the KHUI_CW_COL_FIXED_WIDTH and KHUI_CW_COL_FIXED_POS flags.
- Correctly update the scroll bars when switching between views.
- The "marker" button for a displayed alert should not perform any
action and it should not be the default control. Selecting it
should no longer cause an assertion to be thrown.
- Don't display the "... Click here for more." message when displaying
a balloon alert if the operating system involved does not provide a
reliable means of detecting that the user clicked on a balloon.
- When attempting to display queued alerts, if the alert at the top of
the queue is of a type that cannot be consolidated, then show it by
itself.
- If the size of the alert window changes, it should be redrawn
properly.
krb5creds.dll
- Allow setting an identity as the default even if there are no
credentials or credential caches associated with it. We generate
the name of the ccache we would use if we were getting new
credentials for the identity and then set that as the default cache.
- Controls in the per-identity configuration panels resized to fit
their contents.
- Set the credentials type and type name attributes for identities for
which we have a TGT.
- Use khm_krb5_get_identity_params() when retrieving parameters for
the identity global configuration panel.
- Add UI elements for setting the global values for forwardable,
renewable and addressless flags.
- Make the schema default to issue forwardable tickets for identities
that have no configuration and when krb5.ini does not define
'forwardable'.
- When updating the identity properties, take all the active
identities into account, so that we won't orphan any identities with
Krb5 properties but no credentials associated with them.
- If there is no TGT associated with an identity, then strip it of any
Krb5 provided properties.
- Associate identities that have a valid TGT with Krb5 by setting
KCDB_ATTR_TYPE to the Krb5 credentials type.
- Don't attempt to renew an identity if the TGT is not renewable or is
expired.
- When opening the configuration handle for an identity, if the
identity does not have any configuration information, failover to
using the per-realm configuration or the identity global
configuration.
- When opening the configuration handle, don't return a handle that
can't safely be closed.
- Add code from get_in_tkt.c that correctly handles per-realm settings
when obtaining libdefaults settings from the profile.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19306 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
source for (1.1.0.1)
- Updated documentation with additional information and fixed errors.
nidmgr32.dll (1.1.0.1)
- Fixed a deadlock in the configuration provider that may cause
NetIDMgr to deadlock on load.
- Prevent the configuration provider handle list from getting
corrupted in the event of a plug-in freeing a handle twice.
- Add more parameter validation for the configuration provider.
- If a plug-in is only partially registered (only some of the entries
were set in the registry), the completion of the registration didn't
complete successfully, leaving the plug-in in an unusable state.
This has been fixed. Plug-ins will now successfully complete
registration once they are loaded for the first time, assuming the
correct resources are present in the module.
- Fixed notifications for setting a default identity. Notifications
were not being properly sent out resulting in the credentials window
not being updated when the default identity changed.
- Changes to the API for type safety.
- Handling of binary data fields was changed to support validation and
comparison.
- Data types that do not support KCDB_CBSIZE_AUTO now check for and
report an error if it is specified.
- Password fields in the new credentials dialog will trim leading and
trailing whitespace before using a user-entered value.
- Change password action will no longer be disabled if no identity is
selected. An identity selection control is present in the dialog
making this restriction unnecessary.
- When renewing credentials, error messages will be suppressed if the
renewal was for an identity and the identity does not have any
identity credentials associated with it.
- Error messages that are related to credentials acquisition or
password changes will now display the name of the identity that the
error applies to.
- Automatic renewals now renews all identities that have credentials
associated with them instead of just the default identity.
- Fixed a bug where error messages did not have a default button which
can be invoked with the return key or the space bar.
- The new credentials window will force itself to the top. This can
be disabled via a registry setting, but is on by default.
- Fixed the sort order in the new credentials tabs to respect sort
hints provided by plug-ins.
- If a new credentials operation fails, the password fields will be
cleared.
- Once a new credentials operation starts, the controls for specifying
the identity and password and any other custom prompts will be
disabled until the operation completes.
- Notifications during the new credentials operation now supply a
handle to the proper data structures as documented.
- Hyperlinks in the new credentials dialog now support markup that
will prevent the dialog from switching to the credentials type panel
when the link is activated.
- If there are too many buttons added by plug-ins in the new
credentials dialog, they will be resized to accomodate all of them.
- The options button in the new credentials dialog will be disabled
while a new credentials operation is in progress.
- The 'about' dialog retains the original copyright strings included
in the resource.
- Multiple modal dialogs are now supported. Only the topmost one will
be active. Once it is closed, the other dialogs will gain focus in
turn. This allows for error messages to be displayed from other
modal dialogs.
- The hypertext window supports italics.
krb4cred.dll (1.1.0.1)
- Fixed a bug where the plug-in would attempt to free a handle twice.
- Fixed a handle leak.
- Changed the facility name used for event reporting to match the
credentials type name.
krb5cred.dll (1.1.0.1)
- Fixed handling of expired passwords. If the password for an
identity is found to have expired at the time a new credentials
acquisition is in progress, the user will be given an opportunity to
change the password. If this is successful, the new credentials
operation will continue with the new password.
- Prevent the new credentials dialog from switching to the Kerberos 5
credentials panel during a password change.
- Prompts that were cached indefinitely will now have a limited
lifetime. Prompt caches that were created using prior versions of
the plug-in will automatically expire.
- Multistrings in the resource files were converted to CSV to protect
them against a bug in Visual Studio 2005 which corrupted
multistrings.
- Added handling of and reporting WinSock errors that are returned
from the Kerberos 5 libraries.
- Fixed uninitialized variables.
- The username and realm that is entered when selecting an identity
will be trimmed of leading and trailing whitespace.
- Changed the facility name used for event reporting to match the
credentials type name.
ticket: new
component: windows
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18604 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following patch updates the NetIDMgr:
* allow plug-ins to be marked "do not unload" in order
to support DLLs that create threads that are not
properly cleaned up as part of library unload.
* allow plug-ins to be marked "disabled"
* Additional changes to deal with Microsoft's efforts
to deprecate all of the str C runtime functions.
* Improvements to Manifest processing in the build
system
* Addition of Tooltip support to the Toolbar. Dragging
the mouse over toolbar buttons displays textual
descriptions.
* Correct the behavior of the New Credentials Dialog
to disable the "Ok" button after it has been pressed.
* Add support to allow plugin configuration data to
be distributed as part of transforms to the MSI
installer.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18344 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
nidmgr32.dll (1.0.2.1)
- Attempting to obtain new credentials for a principal name that
contains numbers may result in a 'Identity not specified'
error. Fixed.
- If an invalid identity name was specified, an 'Identity not
specified' error is reported without specifying that the cause was
an invalid name. Fixed: reports proper error.
- Identity names were being validated at the application layer before
being sent to the identity provider. This may cause valid names to
be marked as invalid if the identity provider and the application
disagree on what a valid name is. Fixed: identity name validation
is solely a function of the identity provider.
- Canonicalizing an identity name that contained certain characters
failed due to a validation error. Fixed.
- Possible deadlock in the new credentials dialog. (If one plugin
tries to synchronize custom prompter values from the plugin thread,
while the UI thread tries to obtain a lock on the new credentials
data, a deadlock occurs.) Fixed.
- State information for configuration panels may persist between two
invocations of the configuration window. Fixed to clean up state
information properly.
- The UI library now has full support for custom actions and custom
menus.
- When there are queued alerts and a normal alert is shown, a 'next
alert...' button appears in the alert which lets the user view the
next queued alert. However, if the alert which is displayed
requires the user to select a command button, selecting the 'next'
button would be the equivalent of cancelling out of the alert and
viewing the next one. The library was updated to not show the
'next' button if the alert requires user interaction.
- Credential renewal on half-lifes is now supported as a configurable
option.
- Destroying all credentials on exiting netidmgr is a configurable
option.
- Debug logging to a file has been added
netidmgr.exe (1.0.2.1)
- Selecting 'Ok' in the configuration window didn't notify all the
configuration panels to apply the changes. Fixed.
- PgUp / PgDn / Shift+PgUp / Shift+PgDn keys now work as expected.
- Root level configuration nodes in the Options dialog now also appear
on the Options menu. Configuration nodes that are registered at the
root level are automatically added to the menu.
- The UI now has full support for custom actions and custom menus.
- The UI does not automatically add submenus for actions which are
associated with menus unless the declaration specifies that it
should be rendered as a submenu.
- When displaying alerts, the first button of the alert is always made
the default.
- 'Change summary' button in the configuration dialog was removed,
since it was unused and unnecessary.
- Ticket icons are displayed in the status column for all credentials.
Clicking an icon opens the properties dialog for that credential.
- The UI now has View by Type functionality
- The UI now has Column selection and reorganization. The choice
of columns and their order are preserved between restarts.
- Handle multiple copies of NetIDMgr.exe being started with different
version numbers. Higher version number wins.
krb4cred.dll (1.0.2.1)
- During new credentials acquisition, under some circumstances, the
Kerberos 4 plugin would not notify NetIDMgr about the state of the
Kerberos 4 ticket acquisition. This results in other plugins (such
as AFS) which are depending on the feedback to fail. Fixed.
krb5cred.dll (1.0.2.1)
- If no password is entered while obtaining new credentials, a new TGT
will not be obtained, but the new credentials operation will not
fail if there already is a TGT. Added check to see if the TGT is
expired and fail the operation if no valid TGT is found.
- The identity provider can set the Krb5 CCName property for an
identity incorrectly if there is more than one credential cache
containing tickets for the same principal. Fixed.
- When enumerating ccaches, krb5_cc_resolve was being called with the
name of the ccache without a type prefix. Fixed.
- Tracker control usability issues due to loss of focus. Fixed.
- Realm Editor added.
- Addressed tickets can be requested as in Leash
All modules:
- removed grayed out UI components that are not being backed
by current functionality.
- new icons
- support for 64-bit Windows builds under Visual Studio 8
- proper versioning for language resources
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17712 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add new documentation files
Add new icons
Add "set default" functionality to the New Credentials dialog
Remove inconsistencies in the Options configuration dialog
Replace the menu bar so that it responds to Alt- and keyboard
shortcuts
Fix an --autoinit race condition
many more things....
ticket: new
target_version: 1.4.4
status: resolved
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17546 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All features completed except for:
* Debug Window
* KRB5.INI (aka Realm) Editor
* Column Selection
* Graphics are incomplete
* Documentation is incomplete
ticket: new
status: resolved
component: windows
target_version: 1.4.4
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17516 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
Initial commit of Network Identity Manager for KFW 3.0 Beta 1
ticket: new
tags: pullup
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17476 dc483132-0cff-0310-8789-dd5450dbe970
|
