| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25363 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
Replace the Camellia-CCM enctypes with Camellia-CTS-CMAC. Still not
compiled in by default since we don't have enctype assignments yet.
ticket: 6822
target_verion: 1.9
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24524 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
| |
assignments for Camellia-CCM enctypes or cksumtypes yet, they are
disabled in a default build. They can be made available by defining
(via CPPFLAGS) local-use enctype numbers for the enctypes and
cksumtypes.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24295 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
make reindent
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
krb5_get_error_message() function to look up the error string
if the call to krb5_get_init_creds_password() fails. If the call
to krb5_get_error_message() fails, the caller will failover to
the previous method of looking up a suitable error message based
on the error code.
ticket: 5745
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20572 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The /src/windows/identity/plugins/common/dynimport.{c,h} files are used
by the NIM Kerberos v5 plug-ins for run-time dynamic linking. They
currently do not declare or import the following functions:
krb5_get_error_message()
krb5_free_error_message()
krb5_clear_error_message()
This patch adds declarations and definitions required for locating these
functions. Relies on the addition of these functions to the prototype
list in the Pismere loadfuncs-krb5.h. See ticket 6045.
ticket: 6046
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20571 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
Call tc_set_ident_data() before kcdb_credset_collect(). Make sure the
identity data is set before the credentials change notification is broadcast.
ticket: new
component: windows
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20176 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Kerberos v5 plug-in for Network Identity Manager was not clearing
the list of prompts properly when a user changes the active identity
in the new credentials dialog. The stale prompts would be visible to
the user if the newly selected identity is invalid or the new identity
cannot be validated.
This patch clears the prompts if there is an identity change.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20028 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
document the use of KRB5_CCH_CCNAME.
ticket: 5772
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19977 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(1) remove an extraneous backslash from the generated FILE:
ccache name. GetTempPath() always returns paths terminated
with a backslash.
(2) increase the max ccache name length to KRB5_CCH_CCNAME from
MAX_PATH.
These changes have dependencies on revisions 19891 and 19897.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19975 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
ticket: 5691
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19974 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19972 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
khm_krb5_initialize() is called in the krb5cred.dll and krb4cred.dll
credential providers in order to ensure that the caller has references
to a valid krb5_context and a valid krb5_ccache. If the krb5_cc_resolve()
call failed, the error code was not being returned to the caller.
Instead, success was returned which in turn would result in the caller
believing the NULL krb5_ccache pointer was in fact valid.
This fix resolves Microsoft's WER Event ID 432405961.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19967 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
| |
global clean rule in config/Makefile.w32. No need to replicate
them in each individual Makefile.
ticket: 5756
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19966 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
make sure that we clean up vc70.pdb, vc80.pdb, and
temporary files generated during the build process.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19955 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NIM supports the ability of the user to specify an
explicit ccache name for use with an identity. If
this ccache is a FILE ccache, we need to be able to
store credentials into the ccache. krb5cred.dll
did not previously specify the KRB5_TC_OPENCLOSE flag
on the ccache when setting other flags such as
KRB5_TC_NOTICKET (which is used with MSLSA ccaches).
As a result, open/close mode was turned off, the
ccache file would be opened in read-only mode and
attempts to store credentials into the ccache would
fail. This is fixed by specifying KRB5_TC_OPENCLOSE
when setting the ccache flags.
When a CCAPI implementation is unavailable, we need
to automatically generate the FILE ccache name if
one has not already been specified. We default to
a file stored in the user's Local Settings\Temp
directory. The generated ccache is then added to
the file ccache watch list.
Finally, some users have complained about the
behavior of Microsoft Vista's UAC mode and how
it makes the CCAPI cache useless for storing
credentials that must be used in conjunction
with processes that do not have restricted
privileges since those processes run in a
separate logon session. For these users we
have added a "DefaultToFileCache" registry
value that can be specified to force the use
of FILE ccaches in preference to CCAPI ccaches
when there is no explicit ccache specified
for a given identity. Unlike CCAPI ccaches,
the FILE ccaches are accessible from both
restricted and unrestricted processes when
UAC is active.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19897 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch permits Network Identity Manager to be built for 64-bit Windows.
In the process all compile time warnings have been taken care of.
For 64-bit Windows, we do not build the Kerberos v4 Credential Provider
and we will not attempt to load the krb524 library.
Note that when testing the 64-bit NIM, there is no CCAPI at the
moment so you must manually specify a FILE: ccache as part of the
identity's Kerberos v5 configuration if you want to use cache's
other than the MSLSA.
This patch also consolidates the computation of the default ccache
name into utility functions:
khm_krb5_get_identity_default_ccache
khm_krb5_get_identity_default_ccacheA
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19891 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
provider
The Kerberos v5 identity provider for Network Identity Manager
monitors the "Software\MIT\kerberos5" registry key for the logged in
user for changes to the "ccname" value. If a change is noticed, it
would query the Kerberos v5 library for the default credentials cache
and attempt to determine the new default identity, which it would then
communicate to the Network Identity Manager application.
When the identity provider queried the Kerberos v5 library after a
registry change notification, it used a cached krb5_context for the
thread. The default credentials cache found using this krb5_context
may not be what the registry specified.
This patch modifies the code in k5_ccname_monitor_thread() to create a
use a new krb5_context when querying for the default credentials cache
following a registry change notification. Doing so ensures that
Kerberos v5 library takes the new registry value into account.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19866 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Network Identity Manager application does not provide a user
interface for identity specification. That responsibility lies with
the identity provider. Whenever a dialog needs to allow the user to
specify an identity, the identity provider has to populate the dialog
with the necessary controls so that the user can specify an identity.
In the case of the Kerberos v5 identity provider, the controls allow
the user to specify a username and a realm.
Once the dialog is populated, the application will dispatch window
messages to the identity provider. The identity provider will handle
the window messages and notify the application when the selected
identity changes.
One deficiency of the API was that there was no message to notify the
identity provider that an identity selection has to be made
immediately. When the user invokes the default action for a dialog by
hitting enter, the only message received by the dialog is a command
identifier of the default action. In this case, the identity provider
will not get a chance to notify the application of the identity
selection.
This patch fixes the API deficiency by introducing a new message,
WMNC_IDENT_PREPROCESS, which the application can use to notify the
identity provider that the dialog box is about to be processed. In
response, the identity provider can notify the application of the
selected identity even if no other messages were received by the
identity provider.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19864 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
window. Since the child windows are still alive and kicking by the
time the parent receives WM_DESTROY, it's still possible to receive
other messages after WM_DESTROY.
If we free any window specific data when handling WM_DESTROY, we
should reset the window data field as well, and check if we have a
valid pointer when retrieving the window data field later.
ticket: 5584
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19627 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
| |
target directories using the symbolic names rather than hard coded
paths.
ticket: 5584
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19626 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
using the KHMEXP macro in the header files. However, since the same
header files are used to declare imports when building applications
and plug-ins that use nidmgr32.dll, the KHMEXP macro should switch to
__declspec(import) so that the relevant import table entries are
created.
To make this switch, the source files that go into nidmgr32.dll are
compiled with the special macro _NIMLIB_ defined that indicates that
the KHMEXP should expand to __declspec(dllexport). In the absence of
this macro, KHMEXP will expand to __declspec(dllimport).
ticket: 5584
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19618 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19596 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The obtain new credentials dialog and the change password
dialog provide a "Realm" combo-box. These controls were
not configured to display a vertical scroll bar if there
were more than five realms in the list.
Version number remains 1.2.0.2
ticket: new
component: windows
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19468 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NetIDMgr 1.2.0.2
================
nidmgr32.dll
- When the root credential set is touched, trigger an identity
refresh. This is necessary to ensure that the identity list
has a complete state of the world when the identity provider
attempts to initialize an initial default identity when none
previously existed. (see krb5cred.dll section)
- Don't set the enabled state for KHUI_ACTION_DESTROY_CRED and
KHUI_ACTION_RENEW_CRED actions. They are set elsewhere.
krb5common.obj
- Initialize variables to prevent uninitialized use.
krb4cred.dll
- Re-order controls and use CheckRadioButton() for manipulating the
radio buttons which select the ticket acquisition method.
- Use symbolic constants instead of numbers.
- If Kerberos 4 is enabled for a specific identity, then that setting
takes precedence over the global setting. The global setting is
merely a default if a per-identity setting is not specified.
However, a per-identity setting is only read for the default
identity.
- If the validity of an identity is not known, assume that it is still
being checked and don't display any credential text.
- When handling WM_COMMAND messages for the new credentials panel,
only update the data when a BN_CLICKED message is received and only
update the display if the IDC_NCK4_OBTAIN checkbox is toggled.
- Remove unused symbols from langres.h
krb5cred.dll
- When renewing an identity which was imported, first try to import it
again. If that fails to obtain newer tickets, then try initializing
the MSLSA cache and then importing again.
- Correct spelling: k5_ident_valiate_name() ->
k5_ident_validate_name().
- Refactor the code for setting an identity as the default so we can
call it internally.
- When setting the initial default identity, if there is no current
default ccache and no known last default identity, then look through
the list of ccaches with credentials and pick one with valid
tickets. If all else fails, then pick any of the ccaches.
netidmgr.exe
- Credentials Window
- Consistently use KHUI_CW_O_RELIDENT as a necessary and sufficient
indicator that the identity needs to be released when freeing an
outline node.
- Properly initialize an outline node.
- Don't group similar credentials if we aren't sorting/grouping by
any specific column.
- Use the KHUI_CW_O_EMPTY flag to indicate that an outline node
contains no children.
- Handle the case where we aren't sorting/grouping by any column.
- Make sure outline nodes have valid idx_start and idx_end values.
- Use consistent logic when painting and handling mouse hotspots.
- Don't use WS_EX_TRANSPARENT when creating the notification window.
- Use a fixed height for the notification window.
- Update the outline when the default identity changes.
- Hypertext Window
- Correctly handle the "center" attribute in the "p" element.
- Use a system brush for painting the background instead of creating
one of our own.
- Correct the handling of scroll_left and scroll_top when
calculating the coordinates for text.
- Don't check if the rectangle for the text is inside the visible
area of the window before drawing.
- Handle WM_ERASEBKGND and use a system color brush to erase the
background.
- When the size changes, force the extents to be recomputed. This
will also update the scroll bars.
- Use the proper return value after handling WM_PAINT.
- The scrollbar messages send the operation code in the low word of
wParam, not the high word.
- Use GetScrollInfo() with SIF_POS when the operation is
SB_ENDSCROLL or SB_THUMBPOSITION.
- When the hottracked link changes for a transparent window, don't
invalidate the entire parent window. Instead use
MapWindowPoints() to calculate the affected rectangle and
invalidate that.
- Misc
- Change the text of the IDS_NO_CREDS message so that it renders
better on a small window.
- Initialize COM when starting the GUI.
- When showing and hiding the main window and the new credentials
window, add a button to the task bar. This allows the user to
switch focus to the window if it's obstructed.
- Remove unused symbols from resource.h
- New Credentials Window
- Ignore the validity state of the identity when showing a password
change dialog. We don't expect the identity provider to validate
the identity when changing the password.
ticket: new
component: windows
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19426 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NetIdMgr Version 1.2.0.1
netidmgr.exe:
- add functionality to implement previously defined "DefaultSticky"
registry based configuration parameter. This value is can be added to
an installer by a transform or pushed by Group Policy. When set, it
controls the default setting of the "sticky" flag for new identities.
nidmgr32.dll:
- fix the version resources: FileVersion, ProductName, and ProductVersion
krb5cred.dll:
- when importing an identity from the MSLSA, if there has never been a
default identity, configure the MSLSA identity to be the default.
ticket: new
component: windows
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19407 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
netidmgr.exe
- Credentials display :
- When picking out the mouse hit rectangles, correctly handle the
case where a sticky identity doesn't have any outline controls.
- Move code to check and uncheck view layout action to
cw_load_view() for consistency.
- Initialize outlines properly when creating them.
- cw_select_row_creds() should be called on all rows that are being
selected or unselected.
- Actions :
- Remove the 'Contents' item from the 'Help' menu. The
KHUI_ACTION_HELP_CTX action already opens the 'Contents' section.
- Add 'Change password', 'Import', 'Help contents', and 'About' to
the notification icon context menu.
- Move the 'Import' action to be between 'Renew' and 'Destroy' for
consistency.
- Resources :
- "Run Network Identity Manager in System Tray" -> "Run from taskbar
notification area"
- "New Credentials" -> "Obtain new credentials"
- Main window :
- Don't switch the window mode when handling a
KHUI_ACTION_LAYOUT_RELOAD.
- Refresh the action tables after changing the window state actions.
- Main Menu :
- Call khm_refresh_identity_menus() when initializing the menus so
that they have a consistent initial state.
- When refreshing menus, the checked/unchecked state needs to be set
explicitly by turning off flags that are no longer necessary.
- Refresh the identities before refreshing the identity menus.
- If there are no identities with credentials, disable renew/destroy
menus and actions.
- Don't bother adding 'renew/destroy all' menu items to the
per-identity action menus if there is only one identity.
krb5cred.dll
- Resources :
- Expand the 'Credential flags' control so that it's big enough to
hold the contents.
source
- ccsv.pl :
- Handle comment lines before the actual content.
- csvschema.cfg :
- Don't bother embedding documentation in the data strucutre now.
We don't use it.
- Convert '[~]' to '\0' before we send it back to the parser.
ticket: new
component: windows
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19376 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
netidmgr.exe
- Credentials display :
- If an outline is marked as KHUI_CW_O_STICKY | KHUI_CW_O_RELIDENT,
release the identity when deleting the outline node.
- Correctly determine the location of UI widgets using the column
specifier of the outline node instead of the column specifier of
the row.
- Do not recompute the extents of a row.
- If there is a default identity and it has no credentials and it is
not pinned, display it anyway.
krb5common.obj
- Import profile_rename_section()
krb5cred.dll
- In the realm editor:
- When writing realm data, keep track of whether any updates were
performed.
- Reset the dirty bits for each element whose changes were written
to the profile.
- Use profile_rename_section() correctly to delete sections.
- Check if any changes were applied before setting the 'applied' bit
for the configuration node.
- Don't assume that the Kerberos 5 General configuration panel has
received WMCFG_APPLY before the realm editor. It will not receive
the notification if it hasn't indicated that there are changes to
be applied.
- New credentials :
- If there is no "ExpiresOn" value for a cached prompt set, assume
that it has already expired.
- Set the lifetime for a new prompt set to be 7 days longer than
then maximum renewable lifetime.
ticket: new
component: windows
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19307 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(NetIDMgr 1.2.0.0)
netidmgr.exe
- Simplify credential window UI element placement calculations.
- Add the Custom_1 view to the UI schema. This is used to store
customizations to the basic view.
- Extended styles for toolbars have to be set via TB_SETEXTENDEDSTYLE
messages instead of the EX_STYLE parameter to CreateWindowEx().
Also, set the extended style to support detached arrows.
- Support drop down menus in the standard toolbar.
- The per-identity commands that are added to expiration dialogs are
now flagged for automatic dispatch.
- Remove unnecessary status bar parts and display the status bar icons
at the correct size.
- The notification alerts now display the info balloon at the correct
size.
- Increase the height of the height of the dialog button bar to 190
from 181 dialog units.
- Lock the action tables when refreshing the per-identity actions.
Perform the necessary notification after refreshing the per-identity
actions.
- "Initialize <identity>" -> "Obtain new credentials for <identity>"
- Add a button to go back to the Basic view from the Advanced view in
the new credentials dialog.
- Cache the extents of each row since we now support rows of variable
heights.
- Selecting a credential row or a header should select all the
credentials that are represented by the row.
- Update the selection state after loading a new view.
- Display the expiration times in the second line of an expanded
identity header.
- Checks for expiration flags in the credentials window now take into
account that the each flag may occupy more than one bit position.
- Calculate the expiration flags for the identity before assigning it
to a header, so that the header can display accurate expiration
data.
- Kill unnecessary timers in the credentials view and make sure taht
the KHUI_CW_ROW_TIMERSET flag is consistent with whether there is an
active timer for the row.
- In addition to rows that hold credentials, timers can also be
assigned to headers for identities in the basic view. This allows
the headers to display expiration times.
- The credentials view keeps track of the count of credentials, the
count of identity credentials (credentials which belong to the
credentials type that the identity belongs to) and the number of
initial credentials.
- Configuration spaces that hold credential view definitions now
include an additional value "_AppVersion" which contains the version
of NIM used to create the data. If the current version is greater
than the stated version, NIM will failover to using the schema
instead of using the saved data. This is because view definitions
are version dependent.
- The app_version global variable is now a const.
- The renew and destroy icons in the standard toolbar are now drop
down buttons. If the drop down arrow is clicked, they display a
menu with the list of identities that the operation can target.
- The renew and destroy actions on the credential menu have been
replaced by submenus that allow the user to select the identity
which would be the target of the operation.
- Consistently update the 'displayed' field of an alert so that
plug-ins can keep track of which alerts are being displayed.
- If the currently displayed balloon alert has
KHUI_ALERT_FLAG_DEFACTION flag, then dispatch the defualt command
when the user clicks the notification icon, or display the expanded
alert if necessary.
- Reduce flicker when drawing the credentials display by clipping the
header control from the device context.
- The state of Advanced mode is now preserved between NIM sessions.
- The credential display layout is kept track of separately for the
Basic and Advanced views. Any customization done on either view
(e.g.: changing sort order) will only affect that view.
Customizations for the Advanced view will be saved in the Custom_0
view, while customizations for the Basic view will be saved in
Custom_1.
- New color scheme.
- Selecting a credential or identity will no longer mask the
expiration state. The selection rectangle is now alpha blended.
- In Basic view, the width of the Identity column changes with the
width of the window so that the credentials display always fills the
width of the window.
- The colors for the highlight, text color, highlighted text color,
window background and other elements are now obtained via Windows so
that NetIDMgr will be more consistent with any themes that have been
applied.
- Correctly determine whether a column can be dragged or resized based
on the KHUI_CW_COL_FIXED_WIDTH and KHUI_CW_COL_FIXED_POS flags.
- Correctly update the scroll bars when switching between views.
- The "marker" button for a displayed alert should not perform any
action and it should not be the default control. Selecting it
should no longer cause an assertion to be thrown.
- Don't display the "... Click here for more." message when displaying
a balloon alert if the operating system involved does not provide a
reliable means of detecting that the user clicked on a balloon.
- When attempting to display queued alerts, if the alert at the top of
the queue is of a type that cannot be consolidated, then show it by
itself.
- If the size of the alert window changes, it should be redrawn
properly.
krb5creds.dll
- Allow setting an identity as the default even if there are no
credentials or credential caches associated with it. We generate
the name of the ccache we would use if we were getting new
credentials for the identity and then set that as the default cache.
- Controls in the per-identity configuration panels resized to fit
their contents.
- Set the credentials type and type name attributes for identities for
which we have a TGT.
- Use khm_krb5_get_identity_params() when retrieving parameters for
the identity global configuration panel.
- Add UI elements for setting the global values for forwardable,
renewable and addressless flags.
- Make the schema default to issue forwardable tickets for identities
that have no configuration and when krb5.ini does not define
'forwardable'.
- When updating the identity properties, take all the active
identities into account, so that we won't orphan any identities with
Krb5 properties but no credentials associated with them.
- If there is no TGT associated with an identity, then strip it of any
Krb5 provided properties.
- Associate identities that have a valid TGT with Krb5 by setting
KCDB_ATTR_TYPE to the Krb5 credentials type.
- Don't attempt to renew an identity if the TGT is not renewable or is
expired.
- When opening the configuration handle for an identity, if the
identity does not have any configuration information, failover to
using the per-realm configuration or the identity global
configuration.
- When opening the configuration handle, don't return a handle that
can't safely be closed.
- Add code from get_in_tkt.c that correctly handles per-realm settings
when obtaining libdefaults settings from the profile.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19306 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
================================
KfW 3.1 Alpha (NetIDMgr 1.1.11.0)
-- nidmgr32.dll
- Only one action in a menu is allowed to have KHUI_ACTIONREF_DEFAULT
flag set. This marks the action as being the default action for the
menu and will be rendered as such.
- Newly created identities start off with the KCDB_IDENT_FLAG_EMPTY
flag set. Once credentials are associated with the identity and the
identity is refreshed, the flag will be cleared.
- When creating actions, enforce the name length.
- khm_value_exists() now handles shadowed configuration spaces.
- Add new action KHUI_ACTION_LAYOUT_MINI which toggles between
'Advanced' and 'Basic' views.
- Add support for F11 and F12 keys in khui_get_cmd_accel_string().
- New option for alerts to indicate that instead of just setting the
response field in the alert, the UI should dispatch the command
that the user has selected.
-- krb5common.obj
- khm_krb5_initialize() can return a handle to a krb5_ccache that has
already been closed. Now it doesn't.
- Also import 'krb5_string_to_deltat()'.
- Work around conditioned symbol definitions in ntsecapi.h in the
Vista Platform SDK that affect Win 2000.
-- krb5cred.dll
- Don't clear the prompts when the options for an identity changes.
The prompter code relies on the prompts being around so that the
values that the user has entered can be retained if the new set of
prompts is the same as the old one.
- Use the same code in the new credentials acquisition and the
identity configuration code to obtain krb5 parameters for an
identity.
- Reset the 'IMPORTED' flag when we get new credentials using a
password.
- If the validity of a principal is not known, then we restrict the
options that can be specified when calling
krb5_get_init_creds_password() so that we can reliably determine if
the principal is valid. If we need to get new credentials for the
principal, we need to make another call using the correct options.
- The return codes from the prompter need to indicate that the
password read operation was cancelled instead of arbiraty non-zero
values.
- When reading identity settings, if a particular setting is not
defined in the registry, then default to reading the settings out of
krb5.ini.
- Refer to credentials as 'credentials' or 'tickets' instead of
'creds'.
- If an identity has imported credentials, don't import for the same
identity again.
- When importing an identity, create the identity configuration in the
registry if we don't already have any settings there.
- Work around conditioned symbol definitions in ntsecapi.h in the
Vista Platform SDK that affect Win 2000.
- Rearrange declarations for clarity.
- Use the correct APIs to parse configuration values from krb5.ini.
-- krb4cred.dll
- The dialog layout was updated to accomodate a localized string that
no longer fit in its control.
- Remove a spurious inclusion of ntsecapi.h and work around
conditioned symbol definition in the Vista Platform SDK.
-- netidmgr.exe
- Fix the menu creation code to correctly tag the default action so
that it will be rendered properly.
- Update the menu enumeration code to use documented functions instead
of accessing acton lists directly.
- Pool of per-identity actions now include a set of actions for
obtaining credentials for specific identities.
- The default action performed when the notification icon is clicked
is now configurable. When displaying the context menu in the
notification area, the default action is highlighted.
- Remove unnecessary handlers from the notifcation event handler.
- Only handle NIN_SELECT instead of both NIN_SELECT and WM_LBUTTONUP
in the notification event handler. When the user clicks the
notication icon, both events are generated. NIN_SELECT is canonical.
- When the handling NIN_BALLOONUSERCLICK in the notification event
handler, reset balloon_alert before displaying any new alerts so
that we won't overwrite it later.
- Reset the notification alert icon after displaying an alert.
- If a renewal fails, the displayed alert contains a button that the
user can click to initiate the process of acquiring new credentials
for the identity.
- Alerts can optionally dispatch the commands that were added to it
using the KHUI_ALERT_FLAG_DISPATCH_CMD flag.
- Increase the size of the About dialog.
- Correct the action text for the IDS_ACTION_OPEN_APP and
IDS_ACTION_CLOSE_APP to say 'Show' and 'Hide' instead of 'Open' and
'Close'. These actions only control the visible state of the NIM
window.
- Add additional notification which signals that the commandline has
finished processing.
- Add an 'acquire' action to the per-identity actions.
- The per identity actions (renew, destroy, acquire) now have useful
captions, names and tooltips.
- Use WM_NEXTDLGCTL message when changing the focus of dialog
controls. SetFocus() is insufficient.
- If we get a request to show a new credential acquisition dialog and
we are already showing one, bring that one to the foreground instead
of trying to display a new one or waiting quietly.
- New configuration schema for the UI that include definitions for the
new default view.
- The alerter window can now show more than one alert at once.
- If we are about to show queued alerts, then check if the alerts that
are waiting are related and if they can be grouped together. If so,
show them in a single alert window instead of multiple ones.
- If new alerts are issued while a set of alerts are being displayed
and if the new alert is related to the alerts that are being
displayed, then add the new alert to the list being displayed.
- Make sure we have a lock on the alert when we are manipulating or
accessing it.
- Set the focus to the correct control when displaying an alert.
- When adding alerts from the alert queue, make sure we iterate
through the queue properly.
- Allow keyboard navigation inside the alert window and support scroll
bars.
- Check if we have a valid code pointer before invoking a UI callback.
- Make sure the main window is in the normal configuration before
switching to a layout that rquires it.
- When moving the main window around, if it comes close to an edge of
the working area of the display, snap to it.
- Maintain two sets of settings for the main window placement. One
for the mini mode and one for the normal mode.
- When processing saved window placement information from the
configuration, handle docking hints which note which edges of the
screen the main window should be adjacent to, if any.
- Switching to the 'Basic' view disables the layout and column
selection menus.
- Position the new credentials dialog above the main window if the
main window is visible.
- The alert that is displayed to indicate that an identity has
expired, now contains a command button that can be used to invoke
the new credentials dialog for that identity.
-- source
- Update the documentation to reflect the change in behavior regarding
KHUI_ACTIONREF_DEFAULT in khui_menu_insert_action() and
khui_menu_insert_paction().
- Remove notes about menu access functions being not thread safe.
This is no longer true.
- Update the documentation for khui_alert_show() to document new
behavior regarding KHUI_ALERT_FLAG_DISPATCH_CMD.
- Update documentation to indicate which KHUI_ALERT_FLAG_* flags are
internal and document the new KHUI_ALERT_FLAG_DISPATCH_CMD flag.
- Augment the queue handling macros to support additional operations.
Also add new tree data structure with an ordered list of children.
- Code reorganization to reuse code for obtaining the caption and
tooltip for a system defined action in netidmgr.exe.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19238 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
Modify remainder of Makefiles that were sensitive to identity/obj or other cleaned files not being present.
Update util/et/Makefile.in to look for com_err.h in src/include, not src/include/src.
ticket: 5457
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19203 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch implements the new Alert Management functionality.
Many improvements to avoid race conditions and improve resource
tracking.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19189 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds context sensitive menus for renew and destroy
to the system tray menu. Select either all identities
or one of the identities with credentials.
Increases the API to 1.1.9 and adds a new interactive
callback mechanism.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19077 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When validating a Kerberos 5 principal name, the request
to the KDC should not request forwardable, renewable, or
proxiable options as these may be blocked by policy and
will result in the return of an error.
Always treat the Kerberos 5 principal name as valid
unless the KDC returns an error that clearly indicates that
the principal name does not exist.
Use a MEMORY: ccache for temporary storage instead of an
API: ccache.
Initialize pointer values with NULL instead of 0.
ticket: new
tags: pullup
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19069 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
The Kerberos v4 options for individual identities
was never wired. The controls were visible but they
did not do anything. Implement them now for NIM 1.2.
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19067 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Update the string tables for NIM so that they are consistent.
Always use "Kerberos v5" or "Kerberos v4". Refer to credentials
instead of tickets. Do not abbreviate "Network Identity Manager".
Etc.
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19066 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
krb5_get_init_creds_opt_set_change_password_prompt is a new
gic option that permits the prompter code to be skipped
when the password has expired. This option is meant to
be used by credential managers such as NetIDMgr and
Kerberos.app that have their own built in password change
dialogs.
This patch adds the new function, exports it on Windows,
and makes use of it within the Krb5 identity provider
for NetIDMgr.
The patch is written to ensure that no changes to the
krb5_get_init_creds_opt structure are required and
to ensure that the default behavior, prompting, is
maintained.
The export lists for UNIX and KFM must still be updated.
The function prototype was committed as part of ticket 3642.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18954 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
KfW 3.1 final (NetIDMgr 1.1.8.0)
nidmgr32.dll (1.1.8.0)
- When detecting IP address changes, wait for things to settle down
before setting of the IP address change notification.
krb5cred.dll (1.1.8.0)
- Fixed the Kerberos 5 configuration dialog which didn't handle
setting the default realm properly. Setting the default realm now
sets the correct string in krb5.ini.
- Changing the default realm now marks the relevant configuration node
as dirty, and enabled the 'Apply' button.
- Changing the 'renewable', 'forwardable' and 'addressless' checkboxes
in the identity configuration panels now mark the relevant
configuration nodes as dirty, and enables the 'Apply' button.
- The location of the Kerberos 5 configuration file is now read-only
in the Kerberos 5 configuration dialog.
- Set the maximum number of characters for the edit controls in the
configuration dialog.
krb4cred.dll (1.1.8.0)
- The location of the Kerberos 4 configuration files are now read-only
in the Kerberos 4 configuration dialog.
- Handles setting the ticket string.
- Changing the ticket string now marks the relevant configuration node
as dirty, and enables the 'Apply' button.
- Fixed the plug-in initialization code to perform the initial ticket
listing at the end of the initializaton process.
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18863 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
KfW 3.1 beta 4 (NetIDMgr 1.1.6.0)
nidmgr32.dll (1.1.6.0)
- Fix a race condition where the initialization process might be
flagged as complete even if the identity provider hasn't finished
initialization yet.
krb5cred.dll (1.1.6.0)
- When assigning the default credentials cache for each identity,
favor API and FILE caches over MSLSA if they exist.
- When renewing an identity which was the result of importing
credentials from the MSLSA cache, attempt to re-import the
credentials from MSLSA instead of renewing the imported credentials.
- Prevent possible crash if a Kerberos 5 context could not be obtained
during the renewal operation.
- Prevent memory leak in the credentials destroy handler due to the
failure to free a Kerberos 5 context.
- Properly match principals and realms when importing credentials from
the MSLSA cache.
- Determine the correct credentials cache to place imported
credentials in by checking the configuration for preferred cache
name.
- Keep track of identities where credentials imports have occurred.
- When setting the default identity, ignore the KRB5CCNAME environment
variable.
- Do not re-compute the credentials cache and timestamps when updating
an identity. The cache and timestamp information is computed when
listing credentials and do not change between listing and identity
update.
- When refreshing the default identity, also handle the case where the
default credentials cache does not contain a principal, but the name
of the cache can be used to infer the principal name.
- Invoke a listing of credentials after a successful import.
- Do not free a Kerberos 5 context prematurely during plug-in
initialization.
netidmgr.exe (1.1.6.0)
- Fix the UI context logic to handle layouts which aren't based around
identities.
- Don't try to show a property sheet when there are no property pages
supplied for the corresponding UI context.
- Use consistent context menus.
- Bring a modal dialog box to the foreground when it should be active.
- Do not accept action triggers when the application is not ready to
process actions yet.
- Do not force the new credentials dialog to the top if there's
already a modal dialog box showing.
- Change the default per-identity layout to also group by location.
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18828 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
KfW 3.1 beta 3 (NetIDMgr 1.1.4.0)
source for 1.1.4.0
- Eliminate unused commented out code.
nidmgr32.dll (1.1.4.0)
- The configuration provider was incorrectly handling the case where a
configuration value also specifies a configuration path, resulting
in the configuration value not being found. Fixed.
- Fix a race condition when refreshing identities where removing an
identity during a refresh cycle may a crash.
- Fix a bug which would cause an assertion to fail if an item was
removed from one of the system defined menus.
- When creating an indirect UI context, khui_context_create() will
correctly fill up a credential set using the selected credentials.
krb5cred.dll (1.1.4.0)
- Fix a race condition during new credentials acquisition which may
cause the Krb5 plug-in to abandon a call to
krb5_get_init_creds_password() and make another call unnecessarily.
- If krb5_get_init_creds_password() KRB5KDC_ERR_KEY_EXP, the new
credentials dialog will automatically prompt for a password change
instead of notifying the user that the password needs to be changed.
- When handling WMNC_DIALOG_PREPROCESS messages, the plug-in thread
would only be notified of any changes to option if the user
confirmed the new credentials operation instead of cancelling it.
- Additional debug output for the DEBUG build.
- Reset the sync flag when reloading new credentials options for an
identity. Earlier, the flag was not being reset, which can result
in the new credentials dialog not obtaining credentials using the
new options.
- Handle the case where the new credentials dialog maybe closed during
the plug-in thread is processing a request.
- Fix a condition which would cause the Krb5 plug-in to clear the
custom prompts even if Krb5 was not the identity provider.
- Once a password is changed, use the new password to obtain new
credentials for the identity.
netidmgr.exe (1.1.4.0)
- Fix a redraw issue which left areas of the credentials window
unupdated if another window was dragged across it.
- Handle WM_PRINTCLIENT messages so that the NetIDMgr window will
support window animation and other features that require a valid
WM_PRINTCLIENT handler.
- During window repaints, NetIDMgr will no longer invoke the default
window procedure.
- Add support for properly activating and bringing the NetIDMgr window
to the foreground when necessary. If the window cannot be brought
to the foreground, it will flash the window to notify the user that
she needs to manually activate the NetIDMgr window.
- When a new credentials dialog is launched as a result of an external
application requesting credentials, if the NetIDMgr application is
not minimized, it will be brought to the foreground before the new
credentials dialog is brought to the foreground. Earlier, the new
credentials dialog may remain hidden behind other windows in some
circumstances.
- When displaying custom prompts for the new credentials dialog, align
the input controls on the right.
ticket:new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18767 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
krb5cred.dll (1.1.2.0)
- Fix the control logic so that if the password is expired for an
identity, the krb5 credentials provider will initiate a change
password request. Once the password is successfully changed, the
new password will be used to obtain new credentials.
- Fix an incorrect condition which caused the new credentials dialog
to refresh custom prompts unnecessarily.
- Removing an identity from the list of NetIDMgr identities now causes
the corresponding principal to be removed from the LRU principals
list.
- Properly handle KMSG_CRED_PROCESS message when the user is
cancelling out.
- Add more debug output
- Do not renew Kerberos tickets which are not initial tickets.
- Fix whitespace in source code.
- When providing identity selection controls, disable the realm
selector when the user specifies the realm in the username control.
- k5_ident_valiate_name() will refuse principal names with empty or
unspecified realms.
- When updating identity properties, the identity provider will
correctly set the properties for identities that were destroyed.
This fixes a problem where the values may be incorrect if an
identity has two or more credential caches and one of them is
destroyed.
nidmgr32.dll (1.1.2.0)
- Send out a separate notification if the configuration information
associated with an identity is removed.
- If an identity is being removed from the NetIDMgr identity list in
the configuration panel, do not send out APPLY notifications to the
subpanels after the configuration information has been removed.
Otherwise this causes the configuration information to be reinstated
and prevent the identity from being removed.
- Properly initialize the new credentials blob including the UI
context structure.
netidmgr.exe (1.1.2.0)
- When suppressing error messages, make sure that the final
KMSG_CRED_END notification is sent. Otherwise the new credentials
acquisition operation will not be cleaned up.
- Autoinit option now checks to see if there are identity credentials
for the default identity and triggers the new credentials dialog if
there aren't any.
- Properly synchronize the configuration node list when applying
changes (e.g.: when removing or adding an identity).
- Fix a handle leak when removing an identity from the NetIDMgr
identity list.
- Refresh the properties for the active identities before calculating
the renewal and expiration timers. Otherwise the timestamps being
used might be incorrect.
- Add Identity dialog (in the configuration panel) now uses the
identity selection controls provided by the identity provider.
- Improve type safety when handling timer refreshes.
- When getting the expiration times and issue times for an identity,
the timer refresh code may fail over to the expiration and issue
times for the credential it is currently looking at. Now the code
makes sure that both the issue and expiration times come from the
identity or the credential but not mixed.
- Not being able to get the time of issue of a credential now does not
result in the credential being skipped from the timer refresh pass.
However, not having a time of issue will result in the half-life
algorithm not being applied for the renew timer.
- Fix a bug which caused a credential to be abandoned from the timer
refresh pass if the reamining lifetime of the credential is less
than the renewal threshold.
- Fix a bug where the vertical scroll bars for the hypertext window
would not appear when the contents of the window changed.
- Trigger a refresh of the configuration nodes when adding or removing
an identity.
source for (1.1.2.0)
- Explicitly include <prsht.h> so that the SDK can be used in build
environments that define WIN32_LEAN_AND_MEAN.
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18670 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
left out.
ticket: 4312
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18609 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
source for (1.1.0.1)
- Updated documentation with additional information and fixed errors.
nidmgr32.dll (1.1.0.1)
- Fixed a deadlock in the configuration provider that may cause
NetIDMgr to deadlock on load.
- Prevent the configuration provider handle list from getting
corrupted in the event of a plug-in freeing a handle twice.
- Add more parameter validation for the configuration provider.
- If a plug-in is only partially registered (only some of the entries
were set in the registry), the completion of the registration didn't
complete successfully, leaving the plug-in in an unusable state.
This has been fixed. Plug-ins will now successfully complete
registration once they are loaded for the first time, assuming the
correct resources are present in the module.
- Fixed notifications for setting a default identity. Notifications
were not being properly sent out resulting in the credentials window
not being updated when the default identity changed.
- Changes to the API for type safety.
- Handling of binary data fields was changed to support validation and
comparison.
- Data types that do not support KCDB_CBSIZE_AUTO now check for and
report an error if it is specified.
- Password fields in the new credentials dialog will trim leading and
trailing whitespace before using a user-entered value.
- Change password action will no longer be disabled if no identity is
selected. An identity selection control is present in the dialog
making this restriction unnecessary.
- When renewing credentials, error messages will be suppressed if the
renewal was for an identity and the identity does not have any
identity credentials associated with it.
- Error messages that are related to credentials acquisition or
password changes will now display the name of the identity that the
error applies to.
- Automatic renewals now renews all identities that have credentials
associated with them instead of just the default identity.
- Fixed a bug where error messages did not have a default button which
can be invoked with the return key or the space bar.
- The new credentials window will force itself to the top. This can
be disabled via a registry setting, but is on by default.
- Fixed the sort order in the new credentials tabs to respect sort
hints provided by plug-ins.
- If a new credentials operation fails, the password fields will be
cleared.
- Once a new credentials operation starts, the controls for specifying
the identity and password and any other custom prompts will be
disabled until the operation completes.
- Notifications during the new credentials operation now supply a
handle to the proper data structures as documented.
- Hyperlinks in the new credentials dialog now support markup that
will prevent the dialog from switching to the credentials type panel
when the link is activated.
- If there are too many buttons added by plug-ins in the new
credentials dialog, they will be resized to accomodate all of them.
- The options button in the new credentials dialog will be disabled
while a new credentials operation is in progress.
- The 'about' dialog retains the original copyright strings included
in the resource.
- Multiple modal dialogs are now supported. Only the topmost one will
be active. Once it is closed, the other dialogs will gain focus in
turn. This allows for error messages to be displayed from other
modal dialogs.
- The hypertext window supports italics.
krb4cred.dll (1.1.0.1)
- Fixed a bug where the plug-in would attempt to free a handle twice.
- Fixed a handle leak.
- Changed the facility name used for event reporting to match the
credentials type name.
krb5cred.dll (1.1.0.1)
- Fixed handling of expired passwords. If the password for an
identity is found to have expired at the time a new credentials
acquisition is in progress, the user will be given an opportunity to
change the password. If this is successful, the new credentials
operation will continue with the new password.
- Prevent the new credentials dialog from switching to the Kerberos 5
credentials panel during a password change.
- Prompts that were cached indefinitely will now have a limited
lifetime. Prompt caches that were created using prior versions of
the plug-in will automatically expire.
- Multistrings in the resource files were converted to CSV to protect
them against a bug in Visual Studio 2005 which corrupted
multistrings.
- Added handling of and reporting WinSock errors that are returned
from the Kerberos 5 libraries.
- Fixed uninitialized variables.
- The username and realm that is entered when selecting an identity
will be trimmed of leading and trailing whitespace.
- Changed the facility name used for event reporting to match the
credentials type name.
ticket: new
component: windows
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18604 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* ensure that buttons are disabled while
actions are in process
* allow plug-ins to specify italic text
* fix some documentation
* reformat langres.rc
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18494 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following patch updates the NetIDMgr:
* allow plug-ins to be marked "do not unload" in order
to support DLLs that create threads that are not
properly cleaned up as part of library unload.
* allow plug-ins to be marked "disabled"
* Additional changes to deal with Microsoft's efforts
to deprecate all of the str C runtime functions.
* Improvements to Manifest processing in the build
system
* Addition of Tooltip support to the Toolbar. Dragging
the mouse over toolbar buttons displays textual
descriptions.
* Correct the behavior of the New Credentials Dialog
to disable the "Ok" button after it has been pressed.
* Add support to allow plugin configuration data to
be distributed as part of transforms to the MSI
installer.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18344 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add scrollbars to option tree pane in configuration dialog
* convert to using Microsoft's safe string library both to ensure
safe string manipulation and to avoid deprecation warnings
* disable deprecation warnings for Platform SDK header shlwapi.h
which cannot otherwise be compiled
* add kerberos 5 kvno property to tickets. display in properties
dialog and main window if column selected by user
* improve manifest handling in order to support both manifests
generated by the compiler and those hand crafted in order to
specify the correct versions of the custom control libraries.
* update khimaira message types and credential acquisition
documentation
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18212 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During the interop session we concluded that the ccapi32.dll should
not be required for netidmgr to operate. netidmgr should work with
only FILE: ccaches. After the interop the removal of the error
check post-load was not removed.
identity/doc/Makefile:
The 'clean' rules failed to specify the /Q switch which silently
removes the directory tree. As a result, during the build the
user was prompted.
ticket: 3542
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17907 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- 64-bit Windows compatibility
- correct uninitialized variables
- work without kerberos 4 libraries including krb524
- add a mechanism to add and remove identities from
the options dialog. This allows a configuration
to be specified using a separate file based ccache
for each identity
- work without availability of ccapi
- force a renew of credentials on startup to support
the case when MSLSA is the only credential cache
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17832 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
+ the HTMLHelp formatted documentation
+ the build system to produce separate binaries for Windows 2000
and Windows XP and beyond. Separate binaries are required
because we make heavy use of some of the UI features found in
XP that don't exist in 2000. If we build only for XP then the
binaries won't run on 2000 and if we build for 2000, then the
functionality we desire for balloon text and the tracker
windows does not work properly on XP or above. (Note for Vista
we will need to build three sets of binaries if we want to take
advantage of the new functionality that is available only there.)
+ Add more debugging to the krb4 plug-in and ensure that all
checkboxes are initialized.
+ remove plugins/krb5/krb5util.c which is an unused file
+ Use mixed case for Alt, Ctrl and Shift text designators
+ Increment the build number to 1.1.0.1
+ Plug a memory leak when dialogs are closed
+ Add a new Options->Appearance configuration page that can be
used to allow user customized font selection. This page will
also be used for custom color selection in a future release.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17752 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
nidmgr32.dll (1.0.2.1)
- Attempting to obtain new credentials for a principal name that
contains numbers may result in a 'Identity not specified'
error. Fixed.
- If an invalid identity name was specified, an 'Identity not
specified' error is reported without specifying that the cause was
an invalid name. Fixed: reports proper error.
- Identity names were being validated at the application layer before
being sent to the identity provider. This may cause valid names to
be marked as invalid if the identity provider and the application
disagree on what a valid name is. Fixed: identity name validation
is solely a function of the identity provider.
- Canonicalizing an identity name that contained certain characters
failed due to a validation error. Fixed.
- Possible deadlock in the new credentials dialog. (If one plugin
tries to synchronize custom prompter values from the plugin thread,
while the UI thread tries to obtain a lock on the new credentials
data, a deadlock occurs.) Fixed.
- State information for configuration panels may persist between two
invocations of the configuration window. Fixed to clean up state
information properly.
- The UI library now has full support for custom actions and custom
menus.
- When there are queued alerts and a normal alert is shown, a 'next
alert...' button appears in the alert which lets the user view the
next queued alert. However, if the alert which is displayed
requires the user to select a command button, selecting the 'next'
button would be the equivalent of cancelling out of the alert and
viewing the next one. The library was updated to not show the
'next' button if the alert requires user interaction.
- Credential renewal on half-lifes is now supported as a configurable
option.
- Destroying all credentials on exiting netidmgr is a configurable
option.
- Debug logging to a file has been added
netidmgr.exe (1.0.2.1)
- Selecting 'Ok' in the configuration window didn't notify all the
configuration panels to apply the changes. Fixed.
- PgUp / PgDn / Shift+PgUp / Shift+PgDn keys now work as expected.
- Root level configuration nodes in the Options dialog now also appear
on the Options menu. Configuration nodes that are registered at the
root level are automatically added to the menu.
- The UI now has full support for custom actions and custom menus.
- The UI does not automatically add submenus for actions which are
associated with menus unless the declaration specifies that it
should be rendered as a submenu.
- When displaying alerts, the first button of the alert is always made
the default.
- 'Change summary' button in the configuration dialog was removed,
since it was unused and unnecessary.
- Ticket icons are displayed in the status column for all credentials.
Clicking an icon opens the properties dialog for that credential.
- The UI now has View by Type functionality
- The UI now has Column selection and reorganization. The choice
of columns and their order are preserved between restarts.
- Handle multiple copies of NetIDMgr.exe being started with different
version numbers. Higher version number wins.
krb4cred.dll (1.0.2.1)
- During new credentials acquisition, under some circumstances, the
Kerberos 4 plugin would not notify NetIDMgr about the state of the
Kerberos 4 ticket acquisition. This results in other plugins (such
as AFS) which are depending on the feedback to fail. Fixed.
krb5cred.dll (1.0.2.1)
- If no password is entered while obtaining new credentials, a new TGT
will not be obtained, but the new credentials operation will not
fail if there already is a TGT. Added check to see if the TGT is
expired and fail the operation if no valid TGT is found.
- The identity provider can set the Krb5 CCName property for an
identity incorrectly if there is more than one credential cache
containing tickets for the same principal. Fixed.
- When enumerating ccaches, krb5_cc_resolve was being called with the
name of the ccache without a type prefix. Fixed.
- Tracker control usability issues due to loss of focus. Fixed.
- Realm Editor added.
- Addressed tickets can be requested as in Leash
All modules:
- removed grayed out UI components that are not being backed
by current functionality.
- new icons
- support for 64-bit Windows builds under Visual Studio 8
- proper versioning for language resources
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17712 dc483132-0cff-0310-8789-dd5450dbe970
|
