| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
by only one mechanism. Revert RPC code to relying on this.
Build error-mapping code on a bidirectional map instead of a simple
array. When a status code is returned but has been seen returned from
a different mechanism already, generate a new number, starting at
100,000.
Use gssrpcint_printf for some more debugging code.
ticket: 5654
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19919 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19918 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19917 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19916 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
ticket: 5707
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19915 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
In kadm5_modify_policy_internal, check for nonexistence of policy
before doing anything with it, to avoid memory corruption.
ticket: new
target_version: 1.6.3
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19914 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Make sure svcauth_gss_validate adequately checks oa->oa_length prior
to copying into rpcbuf.
ticket: new
target_version: 1.6.3
tags: pullup
component: krb5-libs
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19913 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
ticket: 3334
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19911 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
t_cc test case to pass and allows non-tickets to be stored (for now).
ticket: 5697
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19910 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
The name of the Leash API DLL on Win64 is "leashw64.dll".
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19909 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19900 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19899 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
| |
names if they differ between the creds structure and the encoded
ticket and by looking up the server principal using the client's realm
if not found and server's realm was initially the referral (empty)
realm.
ticket: 5697
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19898 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NIM supports the ability of the user to specify an
explicit ccache name for use with an identity. If
this ccache is a FILE ccache, we need to be able to
store credentials into the ccache. krb5cred.dll
did not previously specify the KRB5_TC_OPENCLOSE flag
on the ccache when setting other flags such as
KRB5_TC_NOTICKET (which is used with MSLSA ccaches).
As a result, open/close mode was turned off, the
ccache file would be opened in read-only mode and
attempts to store credentials into the ccache would
fail. This is fixed by specifying KRB5_TC_OPENCLOSE
when setting the ccache flags.
When a CCAPI implementation is unavailable, we need
to automatically generate the FILE ccache name if
one has not already been specified. We default to
a file stored in the user's Local Settings\Temp
directory. The generated ccache is then added to
the file ccache watch list.
Finally, some users have complained about the
behavior of Microsoft Vista's UAC mode and how
it makes the CCAPI cache useless for storing
credentials that must be used in conjunction
with processes that do not have restricted
privileges since those processes run in a
separate logon session. For these users we
have added a "DefaultToFileCache" registry
value that can be specified to force the use
of FILE ccaches in preference to CCAPI ccaches
when there is no explicit ccache specified
for a given identity. Unlike CCAPI ccaches,
the FILE ccaches are accessible from both
restricted and unrestricted processes when
UAC is active.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19897 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
Instead of testing for NOT the machine key, test
for is the user key.
ticket: new
component: windows/identity/kconfig/api.c
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19896 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
Remove unused preprocessor symbols automatically added by Visual Studio's
dialog editor.
ticket: new
component: windows/identity/ui/resource.h
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19895 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
| |
New option to use krb5_sname_to_principal() for building principal
names, which is useful for testing referrals.
ticket: new
target_version: 1.6.3
tags: pullup
component: krb5-clients
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19894 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Split out the "standalone" test code from trval.c, so we produce
trval.o only once, instead of twice with different compilation flags.
One case generated the "trval" program directly, but produced and
deleted trval.o as an intermediate step in the compiler, which messes
things up if make thinks it's already built trval.o for another test
program.
Make the standalone test into t_trval.
Build problem reported by Will Fiveash of Sun, about ten minutes ago.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19893 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
| |
The 64-bit CCAPI DLL name is krbcc64.dll not krbcc32.dll.
Conditionalize it on _WIN64.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19892 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch permits Network Identity Manager to be built for 64-bit Windows.
In the process all compile time warnings have been taken care of.
For 64-bit Windows, we do not build the Kerberos v4 Credential Provider
and we will not attempt to load the krb524 library.
Note that when testing the 64-bit NIM, there is no CCAPI at the
moment so you must manually specify a FILE: ccache as part of the
identity's Kerberos v5 configuration if you want to use cache's
other than the MSLSA.
This patch also consolidates the computation of the default ccache
name into utility functions:
khm_krb5_get_identity_default_ccache
khm_krb5_get_identity_default_ccacheA
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19891 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
ticket: 2836
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19890 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
multiple-inclusion protection of only sub-portions of k5-int.h,
presumably from a time when those portions were separate files. Since
the entire file is now protected against multiple inclusions, these
other macros aren't needed.
A few are left, mostly because they also appear in other files.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19889 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19888 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
| |
to the function declarations enabled by KRB5_DEPRECATED. Definition
depends on having GCC version 3.2.3 or later. (Earlier versions may
have supported it, but that's what I found docs for. Windows compiler
support coming later, based on Jeff's suggestions.)
ticket: 2836
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19887 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
ticket: 2836
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19886 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
| |
ticket: 5642
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19885 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19884 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Microsoft defaults stack checking (/Gs) to on. This requires
that bufferoverflowU.lib be included in the link step. The
macro SCLIB in the build system specifies this library on
versions of Windows that require it. Include SCLIB on the
link line of the makefile.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19881 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
| |
choice_pa_pk_as_rep_draft9_UNKNOWN to cleanup warning... Value of enum
same in both cases...
ticket: 5617
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19880 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
| |
to be output.
ticket: 5657
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19879 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19878 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19877 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19876 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
| |
not used outside the krb5 library. (In some cases, the only use is in
our own test programs, which means two things: The test programs
should probably be changed to use the accessor interface, and some of
the newer encoder/decoder functions aren't being unit-tested.)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19875 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19874 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19873 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
actually called directly from outside the library, from the export
list.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19872 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
| |
ticket: 5643
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19871 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
| |
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19870 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
| |
Set the Network Identity Manager application version to 1.3.1 and the
API version to 10.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19869 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
There was a spurious trigger for reloading the layout of the Network
Identity Manager timer code. This was presumably introduced to
mitigate a problem where the identity and outline status might become
stale. (Ticket 5604)
This should no longer be necessary.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19868 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new credentials dialog in Network Identity Manager does not check
whether it is positioned outside of the display screen. It tries to
position itself in the center of the primary display if the Network
Identity Manager window is hidden and it tries to center itself over
the main window if the main window is visible. If the main window is
too close to the edge of the screen, this may result in the new
credentials window being partially outside the display area. This is
especially a problem when the new credentials dialog switches to the
advanced view.
The patch checks whether the window rectangle is visible before
repositioning the new credentials dialog and adjusts the window
rectangle so that it is.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19867 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
provider
The Kerberos v5 identity provider for Network Identity Manager
monitors the "Software\MIT\kerberos5" registry key for the logged in
user for changes to the "ccname" value. If a change is noticed, it
would query the Kerberos v5 library for the default credentials cache
and attempt to determine the new default identity, which it would then
communicate to the Network Identity Manager application.
When the identity provider queried the Kerberos v5 library after a
registry change notification, it used a cached krb5_context for the
thread. The default credentials cache found using this krb5_context
may not be what the registry specified.
This patch modifies the code in k5_ccname_monitor_thread() to create a
use a new krb5_context when querying for the default credentials cache
following a registry change notification. Doing so ensures that
Kerberos v5 library takes the new registry value into account.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19866 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Network Identity Manager Configuration Provider module keeps track
of the application and plug-in configuration settings organized into
configuration spaces. The state of each configuration space is
maintained in a reference counted object. Once all the references are
released, the Configuration Provider will attempt to free the
resources allocated for the object.
If the configuration space was marked for deletion, then the registry
keys associated with the object need to be deleted when the
object is being discarded. Due to a coding error, the memory
allocated for the object would be freed before the associated registry
keys were deleted. This could result in a memory access error.
The patch corrects the code in khcint_remove_space() to free the
allocated memory after all the remaining clean-up steps have been
performed.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19865 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Network Identity Manager application does not provide a user
interface for identity specification. That responsibility lies with
the identity provider. Whenever a dialog needs to allow the user to
specify an identity, the identity provider has to populate the dialog
with the necessary controls so that the user can specify an identity.
In the case of the Kerberos v5 identity provider, the controls allow
the user to specify a username and a realm.
Once the dialog is populated, the application will dispatch window
messages to the identity provider. The identity provider will handle
the window messages and notify the application when the selected
identity changes.
One deficiency of the API was that there was no message to notify the
identity provider that an identity selection has to be made
immediately. When the user invokes the default action for a dialog by
hitting enter, the only message received by the dialog is a command
identifier of the default action. In this case, the identity provider
will not get a chance to notify the application of the identity
selection.
This patch fixes the API deficiency by introducing a new message,
WMNC_IDENT_PREPROCESS, which the application can use to notify the
identity provider that the dialog box is about to be processed. In
response, the identity provider can notify the application of the
selected identity even if no other messages were received by the
identity provider.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19864 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update the Network Identity Manager developer documentation to include
a reference to the 1.3.0 release which was included with Kerberos for
Windows 3.2.1.
The release history and, in particular, the API versions corresponding
to each release is important for third-party plug-in developers.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19863 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ccsv.pl and csvschema.cfg scripts are used to generate "C" source
code from CSV files containing tabular data. In particular, these are
used to define the configuration schema for Network Identity Manager
and some of its plug-ins.
It is desirable to be able to include arbitrary header files and
define macros in the generated C code so that the schema definition
can use them. This patch allows the CSV files to contain headers that
define lines of text that will be included literally in the generated
C code. Lines at the start of schema CSV file that begin with '#@'
will be stripped of the '#@' prefix and inserted into the C code.
E.g: The following line at the start of a schema CSV file:
#@#include<windows.h>
,will result in the following text in the C code:
#include<windows.h>
Then the schema definition can use macros of the form:
ClrHeaderExpSel, KC_INT32, "RGB(195, 94, 94)"
,which use macros such as RGB that are defined in the included header
file.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19862 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove unused code from Network Identity Manager credwnd.c. The code
was meant to construct a user interface context based on where the
user right clicks on the credentials display. However, doing so
without indicating the changed selection to the user results in the
application performing an operation on an identity or credential that
the user didn't intend to select.
The code was commented out and was never used in any recent release of
Kerberos for Windows.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19861 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Credentials selection in Network Identity Manager has usability
issues due to the following causes:
- The "cursor row" is not always selected.
The "cursor row" is the row which the "cursor" is on. Navigating the
credentials view using the keyboard or clicking the credentials
display with the mouse will move the cursor to different rows.
However, this cursor row is not always selected, especially when
Network Identity Manager starts.
Having the selection be independent of the cursor row is a
requirement for supporting "toggle" selections (holding the 'ctrl'
key while clicking), which is a standard way of doing multiple
selections on Windows.
The problem with the cursor row not being selected when Network
Identity Manager starts is due to the delayed start of its plug-ins.
Even though the first row is initially selected, when plug-ins
complete initialization and notify the application about the
credentials that they see, those credentials end up accumulating
under different identities. The existing code didn't enforce the
selection state of the identity on the newly added
credentials. Since there were unselected credentials under the
selected outline level, the code would then turn off the selected
bit for the outline (which usually is an outline level for an
identity) for consistency.
The patch changes the behavior to enforce the selection state of the
enclosing outline on any new outline levels or credentials that are
added under it. This prevents an outline level from losing its
selection state when new credentials are added under it.
- Identities may have stale data associated with it.
The credentials view maintains a set of cached properties for each
identity that has credentials. During each refresh cycle, it would
go through the credentials and update the properties of each
identity. However it would not update the properties for identities
that are not associated with any credentials.
When the credentials associated an identity were deleted, the cached
properties for that identity sometimes never got reset. If the
identity was marked as "always visible", then it would be listed in
the credentials view along with the stale properties.
This patch properly initializes the properties of identities which
are not associated with any identities.
- Selection state is not updated when switching views.
The credentials view maintains selection state for individual
credentials when switching views. The same is not true for the
outlines since the outline needs to be reconstructed during the
switch.
The exising code failed to update the selection state of the
outlines after switching the view to reflect the the selection state
of the credentials. As a result, once a the user switched a view,
she might see outline levels which do not appear to be selected even
though all the credentials contained at the outline level appear
selected.
This patch properly adjusts the selection state of outline nodes to
correspond to the selection state of the contained credentials.
- Selection state may be inconsistent when more than one credential is
associated with a single row.
Some rows may represent more than one credential. A collapsed
outline represents all the credentials contained within that outline
level. In addition, two credentials that will appear the same to
the user (because all the displayed properties are the same) will be
represented by one row.
The selection state of these rows should be consistent with the
selection state of all the credentials that it represents. The
previous code did not enforce this constraint. This patch aims to
fix this by enumerating all the credentials that are represented
by each row and setting the selection state of each credential to
match the selection state of the row.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19860 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is possible to receive a WM_PAINT message in Windows without there
being an update region. For example, this can be caused by someone
calling RedrawWindow() with the RDW_INTERNALPAINT flag set. In this
case, GetUpdateRect() will indicate that there is no update region and
calling BeginPaint()/EndPaint() results in incorrect behavior.
The credentials window in Network Identity Manager needs to perform
special handling for this case by obtaining a proper device context
and completing the drawing operation.
ticket: new
component: windows
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19859 dc483132-0cff-0310-8789-dd5450dbe970
|
