From rt-comment at krbdev.mit.edu Wed Oct 1 03:53:43 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Wed, 1 Oct 2008 07:53:43 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Fixed typo where kpasswd was prompting for the new password twice rather than once for new and once for verify. Commit By: lxs Revision: 20788 Changed Files: U trunk/src/kim/lib/kim_ui_cli.c From rt-comment at krbdev.mit.edu Wed Oct 1 03:57:01 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Wed, 1 Oct 2008 07:57:01 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: First pass at KLL shim layer. (no private apis) KIM support for KLL shim layer. Fixed a bug where the cli support was double freeing a credential in the change password case. Commit By: lxs Revision: 20789 Changed Files: U trunk/src/kim/lib/kim_ccache.c U trunk/src/kim/lib/kim_ccache_private.h U trunk/src/kim/lib/kim_credential.c U trunk/src/kim/lib/kim_credential_private.h U trunk/src/kim/lib/kim_identity.c U trunk/src/kim/lib/kim_identity_private.h A trunk/src/kim/lib/mac/KerberosLogin.c A trunk/src/kim/lib/mac/KerberosLogin.h From rt-comment at krbdev.mit.edu Wed Oct 1 09:57:22 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Wed, 1 Oct 2008 13:57:22 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Check for NULL hints_array passed back from kim_os_selection_hints_get_selection_hints_array in kim_os_selection_hints_lookup_identity. Commit By: jander Revision: 20790 Changed Files: U trunk/src/kim/lib/mac/kim_os_selection_hints.c From rt-comment at krbdev.mit.edu Wed Oct 1 10:00:20 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Wed, 1 Oct 2008 14:00:20 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: kim_selection_hints_get_identity should call kim_ui_fini even when kim_ui_select_identity returns an error, e.g. KIM_USER_CANCELED_ERR Commit By: jander Revision: 20791 Changed Files: U trunk/src/kim/lib/kim_selection_hints.c From rt-comment at krbdev.mit.edu Wed Oct 1 10:01:07 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Wed, 1 Oct 2008 14:01:07 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: When kim_options_write_to_stream is given NULL options, create default options in its place instead of erroring out. Commit By: jander Revision: 20792 Changed Files: U trunk/src/kim/lib/kim_options.c From rt-comment at krbdev.mit.edu Wed Oct 1 10:12:34 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Wed, 1 Oct 2008 14:12:34 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: A working KIM-based KerberosAgent to handle all of KIM's built-in GUI prompting. A few outstanding issues remain, like the ability to add duplicate entries to the list of favorite identities. Commit By: jander Revision: 20793 Changed Files: A trunk/src/kim/agent/mac/AuthenticationController.h A trunk/src/kim/agent/mac/AuthenticationController.m U trunk/src/kim/agent/mac/BadgedImageView.h U trunk/src/kim/agent/mac/BadgedImageView.m A trunk/src/kim/agent/mac/IPCClient.h A trunk/src/kim/agent/mac/IPCClient.m U trunk/src/kim/agent/mac/Identities.m U trunk/src/kim/agent/mac/KIMUtilities.h U trunk/src/kim/agent/mac/KIMUtilities.m U trunk/src/kim/agent/mac/KerberosAgent-Info.plist U trunk/src/kim/agent/mac/KerberosAgentController.h U trunk/src/kim/agent/mac/KerberosAgentController.m A trunk/src/kim/agent/mac/KerberosAgentListener.h A trunk/src/kim/agent/mac/KerberosAgentListener.m U trunk/src/kim/agent/mac/SelectIdentityController.h U trunk/src/kim/agent/mac/SelectIdentityController.m U trunk/src/kim/agent/mac/ServerDemux.m U trunk/src/kim/agent/mac/main.m U trunk/src/kim/agent/mac/resources/English.lproj/Authentication.xib A trunk/src/kim/agent/mac/resources/English.lproj/AuthenticationController.strings U trunk/src/kim/agent/mac/resources/English.lproj/MainMenu.xib A trunk/src/kim/agent/mac/resources/English.lproj/SelectIdentity.strings U trunk/src/kim/agent/mac/resources/English.lproj/SelectIdentity.xib From rt-comment at krbdev.mit.edu Wed Oct 1 10:19:31 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Wed, 1 Oct 2008 14:19:31 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Update Kerberos5 project file to match last big commit to the krb5 tree. Adds references to files necessary for new KerberosAgent. Commit By: jander Revision: 6523 Changed Files: U trunk/KerberosFramework/Kerberos5/Projects/Kerberos5.xcodeproj/project.pbxproj From rt-comment at krbdev.mit.edu Wed Oct 1 11:35:51 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Wed, 1 Oct 2008 15:35:51 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Support for passing options back and forth for enter_identity and hints back for select_identity. Commit By: lxs Revision: 20794 Changed Files: U trunk/src/include/kim/kim_ui_plugin.h U trunk/src/kim/agent/mac/KerberosAgentListener.m U trunk/src/kim/agent/mac/ServerDemux.h U trunk/src/kim/agent/mac/ServerDemux.m U trunk/src/kim/lib/kim.exports U trunk/src/kim/lib/kim_credential.c U trunk/src/kim/lib/kim_options.c U trunk/src/kim/lib/kim_options_private.h U trunk/src/kim/lib/kim_selection_hints.c U trunk/src/kim/lib/kim_selection_hints_private.h U trunk/src/kim/lib/kim_ui.c U trunk/src/kim/lib/kim_ui_cli.c U trunk/src/kim/lib/kim_ui_cli_private.h U trunk/src/kim/lib/kim_ui_gui_private.h U trunk/src/kim/lib/kim_ui_plugin.c U trunk/src/kim/lib/kim_ui_plugin_private.h U trunk/src/kim/lib/kim_ui_private.h U trunk/src/kim/lib/mac/kim_os_ui_gui.c From rt-comment at krbdev.mit.edu Wed Oct 1 13:11:25 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Wed, 1 Oct 2008 17:11:25 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Fill out credentials when getting tickets with changed password Commit By: lxs Revision: 20795 Changed Files: U trunk/src/kim/lib/kim_credential.c From rt-comment at krbdev.mit.edu Wed Oct 1 16:38:29 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Wed, 1 Oct 2008 20:38:29 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Update enterIdentity handler to support passing and setting ticket options. Readded ticket options sheet to Enter Identity dialog. Added helper methods to convert between kim_option and NSDictionary. Commit By: jander Revision: 20797 Changed Files: U trunk/src/kim/agent/mac/AuthenticationController.h U trunk/src/kim/agent/mac/AuthenticationController.m U trunk/src/kim/agent/mac/IPCClient.h U trunk/src/kim/agent/mac/IPCClient.m U trunk/src/kim/agent/mac/Identities.m U trunk/src/kim/agent/mac/KIMUtilities.h U trunk/src/kim/agent/mac/KIMUtilities.m U trunk/src/kim/agent/mac/KerberosAgentListener.h U trunk/src/kim/agent/mac/KerberosAgentListener.m U trunk/src/kim/agent/mac/ServerDemux.m U trunk/src/kim/agent/mac/resources/English.lproj/Authentication.xib From rt-comment at krbdev.mit.edu Wed Oct 1 16:55:07 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Wed, 1 Oct 2008 20:55:07 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Relaunch KerberosAgent more quickly so UI is more responsive. Commit By: lxs Revision: 20798 Changed Files: U trunk/src/kim/agent/mac/edu.mit.Kerberos.KerberosAgent.plist From rt-comment at krbdev.mit.edu Wed Oct 1 16:55:51 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Wed, 1 Oct 2008 20:55:51 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Correctly translate NULL hints when reading from a stream. Commit By: lxs Revision: 20799 Changed Files: U trunk/src/kim/lib/kim_selection_hints.c From rt-comment at krbdev.mit.edu Wed Oct 1 16:57:00 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Wed, 1 Oct 2008 20:57:00 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Loop on enter identity if auth fails. Commit By: lxs Revision: 20800 Changed Files: U trunk/src/kim/lib/kim_credential.c From rt-comment at krbdev.mit.edu Wed Oct 1 16:58:59 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Wed, 1 Oct 2008 20:58:59 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Correctly parse KIM_IDENTITY_ANY in error handler. Commit By: lxs Revision: 20801 Changed Files: U trunk/src/kim/agent/mac/ServerDemux.m From rt-comment at krbdev.mit.edu Wed Oct 1 17:00:52 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Wed, 1 Oct 2008 21:00:52 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Reversed sense of checks for NUL character in empty string. Fixed. Commit By: lxs Revision: 20802 Changed Files: U trunk/src/kim/agent/mac/ServerDemux.m U trunk/src/kim/lib/kim_selection_hints.c From rt-comment at krbdev.mit.edu Wed Oct 1 17:16:47 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Wed, 1 Oct 2008 21:16:47 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Fixed crash in kim_options_write_to_stream when in_options is KIM_OPTIONS_DEFAULT. Commit By: lxs Revision: 20803 Changed Files: U trunk/src/kim/lib/kim_options.c From rt-comment at krbdev.mit.edu Wed Oct 1 17:59:19 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Wed, 1 Oct 2008 21:59:19 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Make unset strings in kim_options and kim_selection_hints be empty strings rather than NULL. This simplifies the stream code (and makes it easier to read and debug). In order to prevent copying tons of NUL bytes around, special case kim_string functions to use a special constant kim_empty_string. Commit By: lxs Revision: 20804 Changed Files: U trunk/src/include/kim/kim_selection_hints.h U trunk/src/kim/lib/kim_library_private.h U trunk/src/kim/lib/kim_options.c U trunk/src/kim/lib/kim_selection_hints.c U trunk/src/kim/lib/kim_string.c U trunk/src/kim/lib/kim_string_private.h U trunk/src/lib/krb5/os/init_os_ctx.c From rt-comment at krbdev.mit.edu Wed Oct 1 18:00:13 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Wed, 1 Oct 2008 22:00:13 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Added header search paths needed by krb5 to find kim headers. Commit By: lxs Revision: 6526 Changed Files: U trunk/KerberosFramework/Kerberos5/Projects/Kerberos5.xcodeproj/project.pbxproj From rt-comment at krbdev.mit.edu Wed Oct 1 18:33:36 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Wed, 1 Oct 2008 22:33:36 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Fixed a bug in kim_identity_get_components string where it would return the first component multiple times. Commit By: lxs Revision: 20805 Changed Files: U trunk/src/kim/lib/kim_identity.c From rt-comment at krbdev.mit.edu Wed Oct 1 18:43:30 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Wed, 1 Oct 2008 22:43:30 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Updated documentation to reflect new APIs and re-ran Doxygen. Commit By: lxs Revision: 20806 Changed Files: U trunk/doc/kim/html/group__kim__ccache__iterator__reference.html U trunk/doc/kim/html/group__kim__ccache__reference.html U trunk/doc/kim/html/group__kim__credential__iterator__reference.html U trunk/doc/kim/html/group__kim__credential__reference.html U trunk/doc/kim/html/group__kim__identity__reference.html A trunk/doc/kim/html/group__kim__library__reference.html U trunk/doc/kim/html/group__kim__options__reference.html U trunk/doc/kim/html/group__kim__preferences__reference.html U trunk/doc/kim/html/group__kim__selection__hints__reference.html U trunk/doc/kim/html/group__kim__string__reference.html U trunk/doc/kim/html/group__kim__types__reference.html U trunk/doc/kim/html/index.html U trunk/doc/kim/html/kim_ccache_overview.html U trunk/doc/kim/html/kim_credential_overview.html U trunk/doc/kim/html/kim_identity_overview.html U trunk/doc/kim/html/kim_options_overview.html U trunk/doc/kim/html/kim_preferences_overview.html U trunk/doc/kim/html/kim_selection_hints_overview.html U trunk/doc/kim/html/kim_string_overview.html U trunk/doc/kim/html/modules.html U trunk/src/include/kim/kim.h U trunk/src/include/kim/kim_ccache.h U trunk/src/include/kim/kim_credential.h U trunk/src/include/kim/kim_identity.h U trunk/src/include/kim/kim_library.h U trunk/src/include/kim/kim_preferences.h U trunk/src/include/kim/kim_selection_hints.h U trunk/src/include/kim/kim_string.h U trunk/src/include/kim/kim_types.h From rt-comment at krbdev.mit.edu Wed Oct 1 23:48:54 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Thu, 2 Oct 2008 03:48:54 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Make Enter Identity dialog have one auto-completing, auto-validating text field for principals drawn from KIM's list of favorites. Changed options for a favorite identity get saved out to kim_preferences. Also, include copyright on more files. Commit By: jander Revision: 20807 Changed Files: U trunk/src/kim/agent/mac/AuthenticationController.h U trunk/src/kim/agent/mac/AuthenticationController.m U trunk/src/kim/agent/mac/IPCClient.h U trunk/src/kim/agent/mac/IPCClient.m U trunk/src/kim/agent/mac/Identities.m U trunk/src/kim/agent/mac/KIMUtilities.h U trunk/src/kim/agent/mac/KIMUtilities.m U trunk/src/kim/agent/mac/KerberosAgentController.m U trunk/src/kim/agent/mac/KerberosAgentListener.h U trunk/src/kim/agent/mac/KerberosAgentListener.m U trunk/src/kim/agent/mac/KerberosFormatters.m U trunk/src/kim/agent/mac/SelectIdentityController.h U trunk/src/kim/agent/mac/SelectIdentityController.m U trunk/src/kim/agent/mac/ServerDemux.m U trunk/src/kim/agent/mac/resources/English.lproj/Authentication.xib U trunk/src/kim/agent/mac/resources/English.lproj/SelectIdentity.xib From rt-comment at krbdev.mit.edu Thu Oct 2 09:20:07 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Thu, 2 Oct 2008 13:20:07 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Make enter identity dialog's smarter about matching a string with a set of favorite options. Commit By: jander Revision: 20808 Changed Files: U trunk/src/kim/agent/mac/AuthenticationController.h U trunk/src/kim/agent/mac/AuthenticationController.m U trunk/src/kim/agent/mac/KIMUtilities.h U trunk/src/kim/agent/mac/KIMUtilities.m U trunk/src/kim/agent/mac/resources/English.lproj/Authentication.xib From rt-comment at krbdev.mit.edu Thu Oct 2 12:54:00 2008 From: rt-comment at krbdev.mit.edu ( via RT) Date: Thu, 2 Oct 2008 16:54:00 +0000 (UTC) Subject: [krbdev.mit.edu #6121] SVN Commit In-Reply-To: Message-ID: In clntudp_call, fix a bug in the handling of an error case (it failed to set the error status field and generated a dead code warning). Commit By: ghudson Revision: 20809 Changed Files: U trunk/src/lib/rpc/clnt_udp.c From rt-comment at krbdev.mit.edu Thu Oct 2 13:23:57 2008 From: rt-comment at krbdev.mit.edu ( via RT) Date: Thu, 2 Oct 2008 17:23:57 +0000 (UTC) Subject: [krbdev.mit.edu #6120] SVN Commit In-Reply-To: Message-ID: Increase the default RPC timeout for kadmin from 25 seconds to 120 seconds. Code changes from a patch submitted by umich. Commit By: ghudson Revision: 20810 Changed Files: U trunk/src/lib/kadm5/clnt/client_rpc.c U trunk/src/lib/rpc/clnt_generic.c From rt-comment at krbdev.mit.edu Thu Oct 2 13:34:20 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Thu, 2 Oct 2008 17:34:20 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Resize dialogs better, added progress indicator to show KerberosAgent is working between interactions. Make Identity and Identities classes use NSDictionary representations of kim_options like the rest of KerberosAgent. Commit By: jander Revision: 20811 Changed Files: U trunk/src/kim/agent/mac/AuthenticationController.h U trunk/src/kim/agent/mac/AuthenticationController.m U trunk/src/kim/agent/mac/IPCClient.h U trunk/src/kim/agent/mac/IPCClient.m U trunk/src/kim/agent/mac/Identities.h U trunk/src/kim/agent/mac/Identities.m U trunk/src/kim/agent/mac/KIMUtilities.h U trunk/src/kim/agent/mac/SelectIdentityController.h U trunk/src/kim/agent/mac/SelectIdentityController.m U trunk/src/kim/agent/mac/resources/English.lproj/Authentication.xib U trunk/src/kim/agent/mac/resources/English.lproj/SelectIdentity.xib From rt-comment at krbdev.mit.edu Thu Oct 2 13:38:43 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Thu, 2 Oct 2008 17:38:43 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Support for change password checkbox in enter and select identity ui elements. Commit By: lxs Revision: 20812 Changed Files: U trunk/src/include/kim/kim_ui_plugin.h U trunk/src/kim/agent/mac/ServerDemux.h U trunk/src/kim/agent/mac/ServerDemux.m U trunk/src/kim/lib/kim_credential.c U trunk/src/kim/lib/kim_selection_hints.c U trunk/src/kim/lib/kim_ui.c U trunk/src/kim/lib/kim_ui_cli.c U trunk/src/kim/lib/kim_ui_cli_private.h U trunk/src/kim/lib/kim_ui_gui_private.h U trunk/src/kim/lib/kim_ui_plugin.c U trunk/src/kim/lib/kim_ui_plugin_private.h U trunk/src/kim/lib/kim_ui_private.h U trunk/src/kim/lib/mac/kim_os_ui_gui.c From rt-comment at krbdev.mit.edu Thu Oct 2 14:03:08 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Thu, 2 Oct 2008 18:03:08 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Update to allow change password from select and enter identity dialogs. Commit By: jander Revision: 20813 Changed Files: U trunk/src/kim/agent/mac/AuthenticationController.m U trunk/src/kim/agent/mac/KerberosAgentListener.m U trunk/src/kim/agent/mac/SelectIdentityController.m U trunk/src/kim/agent/mac/resources/English.lproj/Authentication.xib U trunk/src/kim/agent/mac/resources/English.lproj/SelectIdentity.xib From rt-comment at krbdev.mit.edu Thu Oct 2 15:13:51 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Thu, 2 Oct 2008 19:13:51 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Don't write NULL name and path over stream. Just send empty strings. Commit By: lxs Revision: 20815 Changed Files: U trunk/src/kim/lib/mac/kim_os_ui_gui.c From rt-comment at krbdev.mit.edu Thu Oct 2 15:13:02 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Thu, 2 Oct 2008 19:13:02 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Fix to get application name correctly. Was dropping argument from launchservices and not removing extension from path in fallback code. Commit By: lxs Revision: 20814 Changed Files: U trunk/src/kim/lib/mac/kim_os_library.c From rt-comment at krbdev.mit.edu Thu Oct 2 15:29:21 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Thu, 2 Oct 2008 19:29:21 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Password is not expired when changing password from select and enter identity dialogs. Commit By: lxs Revision: 20816 Changed Files: U trunk/src/kim/lib/kim_credential.c U trunk/src/kim/lib/kim_selection_hints.c From rt-comment at krbdev.mit.edu Thu Oct 2 16:56:17 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Thu, 2 Oct 2008 20:56:17 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Select identity switched to using new NSDictionary based options and change password menu item support. Commit By: jander Revision: 20817 Changed Files: U trunk/src/kim/agent/mac/IPCClient.m U trunk/src/kim/agent/mac/Identities.m U trunk/src/kim/agent/mac/KerberosAgentListener.m U trunk/src/kim/agent/mac/SelectIdentityController.h U trunk/src/kim/agent/mac/SelectIdentityController.m U trunk/src/kim/agent/mac/resources/English.lproj/SelectIdentity.xib From rt-comment at krbdev.mit.edu Thu Oct 2 17:00:21 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Thu, 2 Oct 2008 21:00:21 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Localization fix for change password dialog. Commit By: jander Revision: 20818 Changed Files: U trunk/src/kim/agent/mac/AuthenticationController.m U trunk/src/kim/agent/mac/resources/English.lproj/Authentication.xib U trunk/src/kim/agent/mac/resources/English.lproj/AuthenticationController.strings From rt-comment at krbdev.mit.edu Thu Oct 2 17:19:19 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Thu, 2 Oct 2008 21:19:19 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Make select identity dialog remember its size, but not the table column widths. Make its default width 500px. Commit By: jander Revision: 20819 Changed Files: U trunk/src/kim/agent/mac/resources/English.lproj/SelectIdentity.xib From rt-comment at krbdev.mit.edu Thu Oct 2 17:28:30 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Thu, 2 Oct 2008 21:28:30 +0000 (UTC) Subject: [krbdev.mit.edu #6055] KIM API In-Reply-To: Message-ID: Initial complete implementation of KIM shipped in KfM 6.5a5. Future KIM commits should open separate tickets. From rt-comment at krbdev.mit.edu Fri Oct 3 11:51:27 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Fri, 3 Oct 2008 15:51:27 +0000 (UTC) Subject: [krbdev.mit.edu #6142] KerberosAgent dialogs jump around the screen In-Reply-To: Message-ID: As you progress through the various dialogs in the new KIM-aware KerberosAgent, they briefly flash at the bottom-left corner of the display before appearing in the center of the window. Also, window position should be remembered per client for the duration of their interaction with KerberosAgent. From rt-comment at krbdev.mit.edu Fri Oct 3 11:57:00 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Fri, 3 Oct 2008 15:57:00 +0000 (UTC) Subject: [krbdev.mit.edu #6142] SVN Commit In-Reply-To: Message-ID: Only close windows in response to fini messages from clients. Only center the windows the first time they are shown for a client. Improve the math on the NSRect sent to -[NSWindow setFrame:] so dialog windows don't jump around the screen and the title bar stays in the same place. Refactor repeated view swapping code to -[AuthenticationController swapView:]. Commit By: jander Revision: 20821 Changed Files: U trunk/src/kim/agent/mac/AuthenticationController.h U trunk/src/kim/agent/mac/AuthenticationController.m U trunk/src/kim/agent/mac/IPCClient.m U trunk/src/kim/agent/mac/SelectIdentityController.m U trunk/src/kim/agent/mac/resources/English.lproj/Authentication.xib From rt-comment at krbdev.mit.edu Fri Oct 3 12:03:41 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Fri, 3 Oct 2008 16:03:41 +0000 (UTC) Subject: [krbdev.mit.edu #6143] KerberosAgent: Enter Identity text field shouldn't be clear automatically In-Reply-To: Message-ID: Going from "Enter Identity" to "Change Password" and then cancelling back to "Enter Identity", the "Identity:" text field should retain the previously entered string. From rt-comment at krbdev.mit.edu Fri Oct 3 12:05:45 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Fri, 3 Oct 2008 16:05:45 +0000 (UTC) Subject: [krbdev.mit.edu #6144] KerberosAgent: ignore user interaction while busy In-Reply-To: Message-ID: After a user clicks "Continue" or "OK", KerberosAgent shouldn't allow the user to click any of the other buttons in the dialog. From rt-comment at krbdev.mit.edu Fri Oct 3 12:08:30 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Fri, 3 Oct 2008 16:08:30 +0000 (UTC) Subject: [krbdev.mit.edu #6145] KerberosAgent attach associated dialogs to Select Identity dialog In-Reply-To: Message-ID: Actions from the Select Identity dialog, such as changing a password, should attach the ensuing dialogs to the Select Identity window as a sheet. From rt-comment at krbdev.mit.edu Fri Oct 3 12:29:22 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Fri, 3 Oct 2008 16:29:22 +0000 (UTC) Subject: [krbdev.mit.edu #6146] Client name passed by KIM is incorrect In-Reply-To: Message-ID: Client name passed from KIM isn't correct. e.g. ~/Documents/Builds/Products/Debug/GSSExampleClient becomes "Debug", should be "GSSExampleClient" ~/Documents/Builds/Products/Debug/Kerberos.app becomes "Kerberos.app", should be "Kerberos" From rt-comment at krbdev.mit.edu Fri Oct 3 12:30:48 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Fri, 3 Oct 2008 16:30:48 +0000 (UTC) Subject: [krbdev.mit.edu #6147] KerberosAgent use default In-Reply-To: Message-ID: use defaults should work From rt-comment at krbdev.mit.edu Fri Oct 3 12:33:32 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Fri, 3 Oct 2008 16:33:32 +0000 (UTC) Subject: [krbdev.mit.edu #6147] KerberosAgent Use Defaults button doesn't work In-Reply-To: Message-ID: Accidentally hit enter before I finish creating this. The "Use Defaults" button in the ticket options sheets doesn't currently do anything. Also, the "Use Defaults" button should appear in both the Select Identity and Enter Identity ticket options views. From rt-comment at krbdev.mit.edu Fri Oct 3 12:35:18 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Fri, 3 Oct 2008 16:35:18 +0000 (UTC) Subject: [krbdev.mit.edu #6148] KerberosAgent errors dialogs should be sized to fit In-Reply-To: Message-ID: Error dialogs should adjust their size to fit the errors put in them. Most of the time they are much too large for the errors they're given. From rt-comment at krbdev.mit.edu Fri Oct 3 12:37:11 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Fri, 3 Oct 2008 16:37:11 +0000 (UTC) Subject: [krbdev.mit.edu #6149] KerberosAgent should transition smoothly between states In-Reply-To: Message-ID: Switching between KerberosAgent's views should be handled with a quick crossfade transition rather than a step change. From rt-comment at krbdev.mit.edu Fri Oct 3 12:38:49 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Fri, 3 Oct 2008 16:38:49 +0000 (UTC) Subject: [krbdev.mit.edu #6150] KerberosAgent Identity input should autocomplete to valid principal In-Reply-To: Message-ID: Enter Identity's "Identity:" NSComboBox and Select Identity's new identity sheet's "Identity:" NSTextField should suggest validated versions of their contents when there isn't anything matching in the favorites. e.g. "user" would suggest "user at ATHENA.MIT.EDU" as long as nothing in the favorites starts with "user" From rt-comment at krbdev.mit.edu Mon Oct 6 16:28:07 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Mon, 6 Oct 2008 20:28:07 +0000 (UTC) Subject: [krbdev.mit.edu #6151] SVN Commit In-Reply-To: Message-ID: Keychain is stored in the user's home directory. Commit By: lxs Revision: 20830 Changed Files: U trunk/src/kim/lib/mac/kim_os_identity.c From rt-comment at krbdev.mit.edu Mon Oct 6 17:16:10 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Mon, 6 Oct 2008 21:16:10 +0000 (UTC) Subject: [krbdev.mit.edu #6153] SVN Commit In-Reply-To: Message-ID: Commit By: lxs Revision: 20831 Changed Files: A trunk/src/kim/lib/mac/KerberosLoginErrors.et From rt-comment at krbdev.mit.edu Mon Oct 6 17:17:15 2008 From: rt-comment at krbdev.mit.edu (Greg Hudson via RT) Date: Mon, 6 Oct 2008 21:17:15 +0000 (UTC) Subject: [krbdev.mit.edu #6031] krb needs better realm lookup logic In-Reply-To: Message-ID: Recording the conclusions (or my interpretation of them) from an email discussion of this patch: 1. We do not want to do a "zero-configuration" determination of a machine's default realm. It would require a reliance on DNS which is not secure. (However, we should look into providing a realm-join facility to make configuration of Kerberized hosts easier.) 2. We do want the host->realm heuristic, even though we also plan to implement referrals for host->realm lookups in the future. However, when used in combination with dns_lookup_kdc, the heuristic would allow an attacker to use forged NXDOMAIN responses to cause the host->realm lookup to choose a higher-level parent than the appropriate one. Although this is a constrained risk, it is still a risk. Since dns_lookup_kdc is on by default, the host->realm heuristic should be off by default. 3. The heuristic should be changed to check the domain as specified before moving on to its parents. 4. It has been suggested that the configuration variable to enable this heuristic could specify the number of parents to check. (That is, if the host is a.b.c.d, a configuration value of 0 would check only A.B.C.D, a value of 1 or more would also check B.C.D, and a value of 2 or more would also check C.D.) I note that the patch uses strlcpy(). We do not appear to use this function in the MIT krb5 code base, I believe because (1) it is not completely portable, and (2) we do not believe in using truncating string functions since truncation can itself be a security risk. Realizing that strcpy() sometimes triggers warnings in static analysis tools, I currently favor using memcpy() to copy string contents. I will implement these changes (not sure exactly when); there is no need to resubmit the patch. The patch adds some Sun copyright statements to the code comments; being new to the team, I'm not sure if that poses any issues. I'll discuss it with the team and report back if it's a problem. Thanks very much for the code contribution. From rt-comment at krbdev.mit.edu Mon Oct 6 17:24:23 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Mon, 6 Oct 2008 21:24:23 +0000 (UTC) Subject: [krbdev.mit.edu #6154] SVN Commit In-Reply-To: Message-ID: Commit By: lxs Revision: 20833 Changed Files: U trunk/src/kim/lib/kim_library.c U trunk/src/kim/lib/mac/KerberosLogin.c U trunk/src/kim/lib/mac/KerberosLoginErrors.et From rt-comment at krbdev.mit.edu Mon Oct 6 17:59:01 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Mon, 6 Oct 2008 21:59:01 +0000 (UTC) Subject: [krbdev.mit.edu #6154] SVN Commit In-Reply-To: Message-ID: Include header to get error table for KLL. Commit By: lxs Revision: 20834 Changed Files: U trunk/src/kim/lib/kim_library.c From rt-comment at krbdev.mit.edu Mon Oct 6 17:59:37 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Mon, 6 Oct 2008 21:59:37 +0000 (UTC) Subject: [krbdev.mit.edu #6154] SVN Commit In-Reply-To: Message-ID: KfM build system changes for KIM_TO_KLL_SHIM Commit By: lxs Revision: 6532 Changed Files: U trunk/KerberosFramework/Kerberos5/Headers/Kerberos5Prefix.h From rt-comment at krbdev.mit.edu Tue Oct 7 14:58:58 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 7 Oct 2008 18:58:58 +0000 (UTC) Subject: [krbdev.mit.edu #6155] SVN Commit In-Reply-To: Message-ID: cc_context_get_change_time returns 0 the first time it is called if the CCacheServer is not running. KLLastChangedTime always returned the current time on the first call. So use globals and a mutex to make sure that KLLastChangedTime both monotonically increases and also returns the current time on the first call. Commit By: lxs Revision: 20835 Changed Files: U trunk/src/kim/lib/mac/KerberosLogin.c From rt-comment at krbdev.mit.edu Tue Oct 7 15:23:12 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 7 Oct 2008 19:23:12 +0000 (UTC) Subject: [krbdev.mit.edu #6146] SVN Commit In-Reply-To: Message-ID: If the caller is a bundle, look up keys in its plist file to get the name. Commit By: lxs Revision: 20836 Changed Files: U trunk/src/kim/lib/mac/kim_os_library.c From rt-comment at krbdev.mit.edu Tue Oct 7 17:12:08 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 7 Oct 2008 21:12:08 +0000 (UTC) Subject: [krbdev.mit.edu #6156] SVN Commit In-Reply-To: Message-ID: KLGetDefaultLoginOption and KLSetDefaultLoginOption were incorrectly casting parameters and were not parsing the option argument correctly. Commit By: lxs Revision: 20837 Changed Files: U trunk/src/kim/lib/mac/KerberosLogin.c From rt-comment at krbdev.mit.edu Tue Oct 7 17:12:57 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 7 Oct 2008 21:12:57 +0000 (UTC) Subject: [krbdev.mit.edu #6157] SVN Commit In-Reply-To: Message-ID: Added code to remember ticket options if settings indicate it. Commit By: lxs Revision: 20838 Changed Files: U trunk/src/kim/lib/kim_credential.c U trunk/src/kim/lib/kim_preferences.c From rt-comment at krbdev.mit.edu Tue Oct 7 17:55:04 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Tue, 7 Oct 2008 21:55:04 +0000 (UTC) Subject: [krbdev.mit.edu #6158] SVN Commit In-Reply-To: Message-ID: KerberosAgent fails to handle multiple clients because it attempts to message freed memory. Commit By: jander Revision: 20839 Changed Files: U trunk/src/kim/agent/mac/KerberosAgentController.m From rt-comment at krbdev.mit.edu Tue Oct 7 22:01:12 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Wed, 8 Oct 2008 02:01:12 +0000 (UTC) Subject: [krbdev.mit.edu #6159] SVN Commit In-Reply-To: Message-ID: The Select Identity dialog should resize to fit the available identities in its table when the zoom button is clicked. Commit By: jander Revision: 20840 Changed Files: U trunk/src/kim/agent/mac/SelectIdentityController.h U trunk/src/kim/agent/mac/SelectIdentityController.m U trunk/src/kim/agent/mac/resources/English.lproj/SelectIdentity.xib From rt-comment at krbdev.mit.edu Wed Oct 8 12:26:46 2008 From: rt-comment at krbdev.mit.edu (Greg Hudson via RT) Date: Wed, 8 Oct 2008 16:26:46 +0000 (UTC) Subject: [krbdev.mit.edu #6031] krb needs better realm lookup logic In-Reply-To: Message-ID: Okay, I need one more thing from you: please state that Sun intends the new code to be covered by the Sun Microsystems license from the top-level Kerberos README file. That way we can confidently add a note to README mentioning the files in question, to make it clear what license is meant by "use is subject to license." Thanks. The license in question from the README file (which already applies to a bunch of other code in Kerberos) is: Copyright (c) 2004 Sun Microsystems, Inc. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. From rt-comment at krbdev.mit.edu Wed Oct 8 17:51:38 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Wed, 8 Oct 2008 21:51:38 +0000 (UTC) Subject: [krbdev.mit.edu #6160] SVN Commit In-Reply-To: Message-ID: Switched from a macro to GCC deprecated attributes. Also removed the deprecated struct used by KLSetApplicationOptions and KLGetApplicationOptions because they weren't touching it. Replaced pointer-to-struct arguments with void *. KLGetApplicationOptions now also returns an error since it did not modify its input. Not sure why it wasn't before since no one should be calling it on Mac OS X. Commit By: lxs Revision: 20844 Changed Files: U trunk/src/kim/lib/mac/KerberosLogin.c U trunk/src/kim/lib/mac/KerberosLogin.h From rt-comment at krbdev.mit.edu Wed Oct 8 18:14:30 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Wed, 8 Oct 2008 22:14:30 +0000 (UTC) Subject: [krbdev.mit.edu #6144] SVN Commit In-Reply-To: Message-ID: Ignore user interaction while busy. Done by toggling ignoresMouseEvents on auth dialogs. Commit By: jander Revision: 20845 Changed Files: U trunk/src/kim/agent/mac/AuthenticationController.h U trunk/src/kim/agent/mac/AuthenticationController.m From rt-comment at krbdev.mit.edu Wed Oct 8 18:20:51 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Wed, 8 Oct 2008 22:20:51 +0000 (UTC) Subject: [krbdev.mit.edu #6146] SVN Commit In-Reply-To: Message-ID: Removed unused header file include. (Not necessary for fix, just a cleanup) Commit By: lxs Revision: 20846 Changed Files: U trunk/src/kim/lib/mac/kim_os_library.c From rt-comment at krbdev.mit.edu Wed Oct 8 21:05:13 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Thu, 9 Oct 2008 01:05:13 +0000 (UTC) Subject: [krbdev.mit.edu #6162] SVN Commit In-Reply-To: Message-ID: (Don't error on NULL in_options) Commit By: lxs Revision: 20848 Changed Files: U trunk/src/kim/lib/kim_options.c From rt-comment at krbdev.mit.edu Wed Oct 8 22:11:54 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Thu, 9 Oct 2008 02:11:54 +0000 (UTC) Subject: [krbdev.mit.edu #6163] SVN Commit In-Reply-To: Message-ID: Was dereferencing NULL freeing creds. Commit By: lxs Revision: 20849 Changed Files: U trunk/src/kim/lib/kim_credential.c From rt-comment at krbdev.mit.edu Wed Oct 8 22:35:41 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Thu, 9 Oct 2008 02:35:41 +0000 (UTC) Subject: [krbdev.mit.edu #6164] SVN Commit In-Reply-To: Message-ID: Fixed by making kim_ccache_create_from_client_identity take KIM_IDENTITY_ANY (at which point it returns the system default ccache). Commit By: lxs Revision: 20850 Changed Files: U trunk/src/include/kim/kim_ccache.h U trunk/src/kim/lib/kim_ccache.c U trunk/src/kim/lib/kim_ccache_private.h U trunk/src/kim/lib/mac/KerberosLogin.c From rt-comment at krbdev.mit.edu Thu Oct 9 09:36:36 2008 From: rt-comment at krbdev.mit.edu (Mark.Phalan@Sun.Com via RT) Date: Thu, 9 Oct 2008 13:36:36 +0000 (UTC) Subject: [krbdev.mit.edu #6031] krb needs better realm lookup logic In-Reply-To: Message-ID: On Wed, 2008-10-08 at 16:26 +0000, Greg Hudson via RT wrote: > Okay, I need one more thing from you: please state that Sun intends the > new code to be covered by the Sun Microsystems license from the > top-level Kerberos README file. That way we can confidently add a note > to README mentioning the files in question, to make it clear what > license is meant by "use is subject to license." I'll have to run this by the lawyers. Hopefully it won't take too long. -M > > Thanks. The license in question from the README file (which already > applies to a bunch of other code in Kerberos) is: > > Copyright (c) 2004 Sun Microsystems, Inc. > > Permission is hereby granted, free of charge, to any person obtaining a > copy of this software and associated documentation files (the > "Software"), to deal in the Software without restriction, including > without limitation the rights to use, copy, modify, merge, publish, > distribute, sublicense, and/or sell copies of the Software, and to > permit persons to whom the Software is furnished to do so, subject to > the following conditions: > > The above copyright notice and this permission notice shall be included > in all copies or substantial portions of the Software. > > THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS > OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF > MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. > IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY > CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, > TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE > SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. From rt-comment at krbdev.mit.edu Thu Oct 9 13:49:26 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Thu, 9 Oct 2008 17:49:26 +0000 (UTC) Subject: [krbdev.mit.edu #6165] SVN Commit In-Reply-To: Message-ID: Commit By: lxs Revision: 20853 Changed Files: U trunk/src/kim/lib/kim_options.c From rt-comment at krbdev.mit.edu Thu Oct 9 13:51:06 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Thu, 9 Oct 2008 17:51:06 +0000 (UTC) Subject: [krbdev.mit.edu #6166] SVN Commit In-Reply-To: Message-ID: Commit By: lxs Revision: 20854 Changed Files: U trunk/src/include/kim/kim_options.h U trunk/src/include/kim/kim_preferences.h U trunk/src/kim/lib/kim_preferences.c U trunk/src/kim/lib/kim_selection_hints.c U trunk/src/kim/lib/mac/kim_os_preferences.c From rt-comment at krbdev.mit.edu Thu Oct 9 15:15:29 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Thu, 9 Oct 2008 19:15:29 +0000 (UTC) Subject: [krbdev.mit.edu #6168] SVN Commit In-Reply-To: Message-ID: Commit By: lxs Revision: 20855 Changed Files: U trunk/src/kim/lib/mac/kim_os_preferences.c From rt-comment at krbdev.mit.edu Thu Oct 9 17:22:32 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Thu, 9 Oct 2008 21:22:32 +0000 (UTC) Subject: [krbdev.mit.edu #6169] SVN Commit In-Reply-To: Message-ID: Commit By: lxs Revision: 20856 Changed Files: U trunk/src/kim/agent/mac/KerberosAgent-Info.plist From rt-comment at krbdev.mit.edu Fri Oct 10 16:47:08 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Fri, 10 Oct 2008 20:47:08 +0000 (UTC) Subject: [krbdev.mit.edu #6170] SVN Commit In-Reply-To: Message-ID: Since it collects the password ahead of time, the prompt count won't get incremented. Checking whether it called auth_prompt is useless. Commit By: lxs Revision: 20860 Changed Files: U trunk/src/kim/lib/kim_identity.c From rt-comment at krbdev.mit.edu Fri Oct 10 16:50:09 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Fri, 10 Oct 2008 20:50:09 +0000 (UTC) Subject: [krbdev.mit.edu #6171] SVN Commit In-Reply-To: Message-ID: Note that there can still only be one, it will just use the first one it finds. Just want to have different names for them so that we can distinguish between different plugins. Commit By: lxs Revision: 20861 Changed Files: U trunk/src/kim/lib/kim_ui_plugin.c From rt-comment at krbdev.mit.edu Fri Oct 10 16:50:51 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Fri, 10 Oct 2008 20:50:51 +0000 (UTC) Subject: [krbdev.mit.edu #6172] SVN Commit In-Reply-To: Message-ID: Commit By: lxs Revision: 20862 Changed Files: U trunk/src/kim/lib/kim_ui_plugin.c From rt-comment at krbdev.mit.edu Fri Oct 10 16:55:26 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Fri, 10 Oct 2008 20:55:26 +0000 (UTC) Subject: [krbdev.mit.edu #6175] SVN Commit In-Reply-To: Message-ID: strings returned by the UI are usually passwords or pins and should not get dripped all over memory. Commit By: lxs Revision: 20863 Changed Files: U trunk/src/kim/lib/kim_ui.c From rt-comment at krbdev.mit.edu Fri Oct 10 16:55:50 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Fri, 10 Oct 2008 20:55:50 +0000 (UTC) Subject: [krbdev.mit.edu #6176] SVN Commit In-Reply-To: Message-ID: Commit By: lxs Revision: 20864 Changed Files: A trunk/src/kim/test/test_ui_plugin.c From rt-comment at krbdev.mit.edu Fri Oct 10 17:58:28 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Fri, 10 Oct 2008 21:58:28 +0000 (UTC) Subject: [krbdev.mit.edu #6179] SVN Commit In-Reply-To: Message-ID: Commit By: lxs Revision: 20865 Changed Files: U trunk/src/kim/lib/mac/kim_os_string.c From rt-comment at krbdev.mit.edu Tue Oct 14 12:52:45 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 14 Oct 2008 16:52:45 +0000 (UTC) Subject: [krbdev.mit.edu #6181] SVN Commit In-Reply-To: Message-ID: Commit By: lxs Revision: 20866 Changed Files: U trunk/src/kim/lib/kim_error_message.c From rt-comment at krbdev.mit.edu Tue Oct 14 12:54:07 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 14 Oct 2008 16:54:07 +0000 (UTC) Subject: [krbdev.mit.edu #6182] SVN Commit In-Reply-To: Message-ID: Commit By: lxs Revision: 20867 Changed Files: U trunk/src/kim/test/test_kim_common.c From rt-comment at krbdev.mit.edu Tue Oct 14 15:42:09 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Tue, 14 Oct 2008 19:42:09 +0000 (UTC) Subject: [krbdev.mit.edu #6183] KerberosAgent enter identity dialog should use default In-Reply-To: Message-ID: Pre-populate the identity field in the Enter Identity dialog with if there is a default, as found by kim_preferences_get_client_identity(). From rt-comment at krbdev.mit.edu Tue Oct 14 15:48:09 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Tue, 14 Oct 2008 19:48:09 +0000 (UTC) Subject: [krbdev.mit.edu #6143] SVN Commit In-Reply-To: Message-ID: Don't wipe out previously entered information with each new call from clients. Commit By: jander Revision: 20868 Changed Files: U trunk/src/kim/agent/mac/IPCClient.m From rt-comment at krbdev.mit.edu Tue Oct 14 15:49:30 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Tue, 14 Oct 2008 19:49:30 +0000 (UTC) Subject: [krbdev.mit.edu #6183] SVN Commit In-Reply-To: Message-ID: Pre-populate new clients with default client identity if that is set, as found by kim_preferences_get_client_identity(). Commit By: jander Revision: 20869 Changed Files: U trunk/src/kim/agent/mac/IPCClient.m From rt-comment at krbdev.mit.edu Wed Oct 15 13:37:24 2008 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Wed, 15 Oct 2008 17:37:24 +0000 (UTC) Subject: [krbdev.mit.edu #6184] SVN Commit In-Reply-To: Message-ID: Currently the keytab name resolution code will pass off any name with no colon to the default keytab type handler, which is the FILE handler. It will also check for Windows file names consisting of one letter followed by a colon, and treat them as FILE specs also. If a UNIX pathname contains a colon, however, and no type was explicitly specified, the leading part of the pathname gets treated as a type name and fails to match anything. It should instead treat type-less names starting with "/" as FILE specs also. Tweak the test suite to use such a name. Report and patch from Apple. rdar://problem/6179239 Commit By: raeburn Revision: 20872 Changed Files: U trunk/src/lib/krb5/keytab/ktbase.c U trunk/src/tests/dejagnu/config/default.exp From rt-comment at krbdev.mit.edu Wed Oct 15 17:35:26 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Wed, 15 Oct 2008 21:35:26 +0000 (UTC) Subject: [krbdev.mit.edu #6185] SVN Commit In-Reply-To: Message-ID: Now that there are no servers using only kipc_* calls, merge them into the k5_mig_* calls. Commit By: lxs Revision: 20873 Changed Files: U trunk/src/include/k5-thread.h U trunk/src/util/mac/k5_mig_client.c U trunk/src/util/mac/k5_mig_server.c U trunk/src/util/mac/k5_mig_server.h U trunk/src/util/mac/k5_mig_types.h From rt-comment at krbdev.mit.edu Wed Oct 15 17:41:03 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Wed, 15 Oct 2008 21:41:03 +0000 (UTC) Subject: [krbdev.mit.edu #6186] SVN Commit In-Reply-To: Message-ID: Commit By: lxs Revision: 20874 Changed Files: U trunk/src/kim/lib/mac/kim_os_library.c From rt-comment at krbdev.mit.edu Wed Oct 15 17:50:28 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Wed, 15 Oct 2008 21:50:28 +0000 (UTC) Subject: [krbdev.mit.edu #6187] SVN Commit In-Reply-To: Message-ID: Commit By: lxs Revision: 20875 Changed Files: U trunk/src/kim/lib/kim_ui.c U trunk/src/kim/lib/kim_ui_cli.c U trunk/src/kim/lib/kim_ui_cli_private.h U trunk/src/kim/lib/kim_ui_gui_private.h U trunk/src/kim/lib/mac/kim_os_ui_gui.c From rt-comment at krbdev.mit.edu Wed Oct 15 18:45:13 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Wed, 15 Oct 2008 22:45:13 +0000 (UTC) Subject: [krbdev.mit.edu #6189] SVN Commit In-Reply-To: Message-ID: Commit By: lxs Revision: 20877 Changed Files: U trunk/src/kim/lib/kim_ui_cli.c From rt-comment at krbdev.mit.edu Wed Oct 15 21:44:45 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Thu, 16 Oct 2008 01:44:45 +0000 (UTC) Subject: [krbdev.mit.edu #6147] SVN Commit In-Reply-To: Message-ID: Make it possible to make identities use default ticket options. - Made KerberosAgent compatible with KIM's way of passing about NULL to mean "Use default options" - Added "Use default ticket options" checkbox to both ticket options dialogs. - Hid ticket options of select identity dialog by default, visible via the "Show Options" "Hide Options" toggle. Commit By: jander Revision: 20878 Changed Files: U trunk/src/kim/agent/mac/AuthenticationController.h U trunk/src/kim/agent/mac/AuthenticationController.m U trunk/src/kim/agent/mac/Identities.m U trunk/src/kim/agent/mac/KIMUtilities.h U trunk/src/kim/agent/mac/KIMUtilities.m U trunk/src/kim/agent/mac/SelectIdentityController.h U trunk/src/kim/agent/mac/SelectIdentityController.m U trunk/src/kim/agent/mac/resources/English.lproj/Authentication.xib U trunk/src/kim/agent/mac/resources/English.lproj/SelectIdentity.strings U trunk/src/kim/agent/mac/resources/English.lproj/SelectIdentity.xib From rt-comment at krbdev.mit.edu Thu Oct 16 17:41:41 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Thu, 16 Oct 2008 21:41:41 +0000 (UTC) Subject: [krbdev.mit.edu #6145] SVN Commit In-Reply-To: Message-ID: When change password is called from the Select Identity dialog, it appears as a sheet on that dialog instead of popping up as a separate window. Commit By: jander Revision: 20880 Changed Files: U trunk/src/kim/agent/mac/AuthenticationController.h U trunk/src/kim/agent/mac/AuthenticationController.m U trunk/src/kim/agent/mac/IPCClient.m From rt-comment at krbdev.mit.edu Fri Oct 17 11:45:11 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Fri, 17 Oct 2008 15:45:11 +0000 (UTC) Subject: [krbdev.mit.edu #6190] SVN Commit In-Reply-To: Message-ID: Just sticking an einfo on the stack doesn't work because it's not initialized. Also the detailed error message doesn't end up propogated back to KIM. Commit By: lxs Revision: 20881 Changed Files: U trunk/src/kim/lib/kim_ui_plugin.c From rt-comment at krbdev.mit.edu Fri Oct 17 13:05:34 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Fri, 17 Oct 2008 17:05:34 +0000 (UTC) Subject: [krbdev.mit.edu #6192] SVN Commit In-Reply-To: Message-ID: Commit By: lxs Revision: 20883 Changed Files: U trunk/src/kim/lib/kim_ui_cli.c From rt-comment at krbdev.mit.edu Fri Oct 17 13:07:06 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Fri, 17 Oct 2008 17:07:06 +0000 (UTC) Subject: [krbdev.mit.edu #6193] SVN Commit In-Reply-To: Message-ID: Also enlarged last error buffer for UTF8 strings with multibyte chars. Commit By: lxs Revision: 20884 Changed Files: U trunk/src/kim/lib/kim_error_message.c U trunk/src/kim/lib/kim_errors.et From rt-comment at krbdev.mit.edu Fri Oct 17 14:13:50 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Fri, 17 Oct 2008 18:13:50 +0000 (UTC) Subject: [krbdev.mit.edu #6194] SVN Commit In-Reply-To: Message-ID: Commit By: lxs Revision: 20885 Changed Files: U trunk/src/kim/lib/mac/kim_os_library.c From rt-comment at krbdev.mit.edu Fri Oct 17 14:15:28 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Fri, 17 Oct 2008 18:15:28 +0000 (UTC) Subject: [krbdev.mit.edu #6195] SVN Commit In-Reply-To: Message-ID: Commit By: lxs Revision: 20886 Changed Files: A trunk/src/kim/test/test_kll.c A trunk/src/kim/test/test_kll_terminal.c From rt-comment at krbdev.mit.edu Fri Oct 17 14:34:54 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Fri, 17 Oct 2008 18:34:54 +0000 (UTC) Subject: [krbdev.mit.edu #6197] SVN Commit In-Reply-To: Message-ID: Fixed bug where shim layer was calling kim_identity_create_from_components incorrectly in this case. Commit By: lxs Revision: 20887 Changed Files: U trunk/src/kim/lib/mac/KerberosLogin.c From rt-comment at krbdev.mit.edu Fri Oct 17 15:26:32 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Fri, 17 Oct 2008 19:26:32 +0000 (UTC) Subject: [krbdev.mit.edu #6198] SVN Commit In-Reply-To: Message-ID: Problem when trying to change password from behind a NAT. The ensuing error dialog ignores mouse events, making it impossible to dismiss. Commit By: jander Revision: 20889 Changed Files: U trunk/src/kim/agent/mac/AuthenticationController.m From rt-comment at krbdev.mit.edu Fri Oct 17 15:41:05 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Fri, 17 Oct 2008 19:41:05 +0000 (UTC) Subject: [krbdev.mit.edu #6198] SVN Commit In-Reply-To: Message-ID: Stop using -[NSWindow setIgnoresMouseEvents:] and manage enabled state of each control individually with bindings. Commit By: jander Revision: 20890 Changed Files: U trunk/src/kim/agent/mac/AuthenticationController.m U trunk/src/kim/agent/mac/KIMUtilities.h U trunk/src/kim/agent/mac/resources/English.lproj/Authentication.xib From rt-comment at krbdev.mit.edu Fri Oct 17 18:05:35 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Fri, 17 Oct 2008 22:05:35 +0000 (UTC) Subject: [krbdev.mit.edu #6016] SVN Commit In-Reply-To: Message-ID: Adapted patch from Apple to work around SAMBA mech OID quirks and to disable sending request flags. Commit By: tlyu Revision: 20893 Changed Files: _U trunk/ U trunk/src/lib/gssapi/spnego/spnego_mech.c From rt-comment at krbdev.mit.edu Fri Oct 17 18:08:14 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Fri, 17 Oct 2008 22:08:14 +0000 (UTC) Subject: [krbdev.mit.edu #6145] SVN Commit In-Reply-To: Message-ID: Make all dialogs beyond the change password sheet also appear as sheets. Commit By: jander Revision: 20894 Changed Files: U trunk/src/kim/agent/mac/AuthenticationController.h U trunk/src/kim/agent/mac/AuthenticationController.m U trunk/src/kim/agent/mac/IPCClient.m U trunk/src/kim/agent/mac/resources/English.lproj/SelectIdentity.xib From rt-comment at krbdev.mit.edu Sun Oct 19 06:45:02 2008 From: rt-comment at krbdev.mit.edu (Ezra Peisach via RT) Date: Sun, 19 Oct 2008 10:45:02 +0000 (UTC) Subject: [krbdev.mit.edu #6199] SVN Commit In-Reply-To: Message-ID: In krb5_def_store_mkey(), mktemp was being invoked with a string WRFILE:.... This returns an error - as it actually tries to open the file. Move some of the logic that points to the actual filename earlier - so mktemp works on the .... portion. Note that the netbsd linker gives a warning on using mktemp as it may be insecure - but there is no obvious way to avoid it. Commit By: epeisach Revision: 20896 Changed Files: U trunk/src/lib/kdb/kdb_default.c From rt-comment at krbdev.mit.edu Mon Oct 20 14:16:42 2008 From: rt-comment at krbdev.mit.edu (Greg Hudson via RT) Date: Mon, 20 Oct 2008 18:16:42 +0000 (UTC) Subject: [krbdev.mit.edu #6200] Eliminate use of "unsafe" functions In-Reply-To: Message-ID: Audit tools such as lint and Coverity's SECURE_CODING checker flag all uses of functions which are often used unsafely. For Coverity, these include strcpy, strcat, sprintf, all *scanf variants, random, lrand48, and rand. Although these functions are used safely within the krb5 code base to the best of our knowledge, their use is undesirable because ensuring their safety requires manual investigation each time the code base is audited (by us or by others). This ticket will track the process of eliminating these uses. From rt-comment at krbdev.mit.edu Mon Oct 20 14:18:57 2008 From: rt-comment at krbdev.mit.edu (Greg Hudson via RT) Date: Mon, 20 Oct 2008 18:18:57 +0000 (UTC) Subject: [krbdev.mit.edu #6200] SVN Commit In-Reply-To: Message-ID: Use strdup in place of malloc/strcpy in many places. Commit By: ghudson Revision: 20898 Changed Files: U trunk/src/appl/bsd/kcmd.c U trunk/src/appl/bsd/krcp.c U trunk/src/appl/bsd/krlogin.c U trunk/src/appl/bsd/krsh.c U trunk/src/appl/bsd/krshd.c U trunk/src/appl/bsd/login.c U trunk/src/appl/gssftp/ftp/ruserpass.c U trunk/src/appl/gssftp/ftpd/ftpcmd.y U trunk/src/appl/gssftp/ftpd/ftpd.c U trunk/src/appl/telnet/libtelnet/kerberos5.c U trunk/src/ccapi/lib/ccapi_string.c U trunk/src/kadmin/dbutil/ovload.c U trunk/src/kadmin/testing/util/tcl_kadm5.c U trunk/src/kdc/do_as_req.c U trunk/src/kdc/do_tgs_req.c U trunk/src/lib/gssapi/generic/util_canonhost.c U trunk/src/lib/gssapi/generic/util_localhost.c U trunk/src/lib/gssapi/krb5/gssapi_krb5.c U trunk/src/lib/gssapi/mechglue/g_dsp_status.c U trunk/src/lib/gssapi/spnego/spnego_mech.c U trunk/src/lib/kadm5/logger.c U trunk/src/lib/kadm5/srv/server_acl.c U trunk/src/lib/kadm5/srv/svr_policy.c U trunk/src/lib/kadm5/srv/svr_principal.c U trunk/src/lib/krb5/asn.1/asn1buf.c U trunk/src/lib/krb5/ccache/cc_memory.c U trunk/src/lib/krb5/ccache/ccapi/stdcc.c U trunk/src/lib/krb5/keytab/kt_file.c U trunk/src/lib/krb5/keytab/kt_memory.c U trunk/src/lib/krb5/keytab/kt_srvtab.c U trunk/src/lib/krb5/krb/get_in_tkt.c U trunk/src/lib/krb5/krb/set_realm.c U trunk/src/lib/krb5/os/ccdefname.c U trunk/src/lib/krb5/os/def_realm.c U trunk/src/lib/krb5/os/hst_realm.c U trunk/src/lib/krb5/os/init_os_ctx.c U trunk/src/lib/krb5/os/promptusr.c U trunk/src/lib/krb5/os/realm_dom.c U trunk/src/lib/krb5/rcache/rc_dfl.c U trunk/src/lib/krb5/rcache/rc_io.c U trunk/src/plugins/preauth/pkinit/pkinit_profile.c U trunk/src/slave/kprop.c U trunk/src/slave/kpropd.c U trunk/src/tests/asn.1/ktest.c U trunk/src/tests/asn.1/utility.c U trunk/src/util/et/error_table.y U trunk/src/util/profile/prof_get.c U trunk/src/util/profile/prof_tree.c U trunk/src/util/ss/help.c U trunk/src/wconfig.c From rt-comment at krbdev.mit.edu Mon Oct 20 15:39:55 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Mon, 20 Oct 2008 19:39:55 +0000 (UTC) Subject: [krbdev.mit.edu #6015] SVN Commit In-Reply-To: Message-ID: Apply (adapted) patch from Apple to check for SPNEGO mechanism in export_lucid_sec_ctx. Commit By: tlyu Revision: 20899 Changed Files: _U trunk/ U trunk/src/lib/gssapi/krb5/krb5_gss_glue.c U trunk/src/lib/gssapi/spnego/gssapiP_spnego.h U trunk/src/lib/gssapi/spnego/spnego_mech.c From rt-comment at krbdev.mit.edu Mon Oct 20 16:11:36 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Mon, 20 Oct 2008 20:11:36 +0000 (UTC) Subject: [krbdev.mit.edu #5807] SVN Commit In-Reply-To: Message-ID: Apply adapted patch from http://bugs.debian.org/480434 to recurse into SPNEGO creds when attempting to retrieve a mechanism cred. Commit By: tlyu Revision: 20900 Changed Files: _U trunk/ U trunk/src/lib/gssapi/mechglue/g_glue.c From rt-comment at krbdev.mit.edu Mon Oct 20 16:55:36 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Mon, 20 Oct 2008 20:55:36 +0000 (UTC) Subject: [krbdev.mit.edu #6201] small leak in KDC authdata plugins In-Reply-To: Message-ID: There is a small leak in the KDC authdata plugin code. Patch from Apple attached. From rt-comment at krbdev.mit.edu Mon Oct 20 16:58:17 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Mon, 20 Oct 2008 20:58:17 +0000 (UTC) Subject: [krbdev.mit.edu #6202] kadmind leaks extended error strings In-Reply-To: Message-ID: kadmind leaks extended error strings on some not-uncommon error conditions. Patch from Apple attached. From rt-comment at krbdev.mit.edu Mon Oct 20 17:14:51 2008 From: rt-comment at krbdev.mit.edu (Greg Hudson via RT) Date: Mon, 20 Oct 2008 21:14:51 +0000 (UTC) Subject: [krbdev.mit.edu #6200] SVN Commit In-Reply-To: Message-ID: Use asprintf instead of malloc/strcpy/strcat in many places. Commit By: ghudson Revision: 20901 Changed Files: U trunk/src/appl/bsd/kcmd.c U trunk/src/appl/bsd/krlogind.c U trunk/src/appl/gssftp/ftp/glob.c U trunk/src/clients/kpasswd/ksetpwd.c U trunk/src/kadmin/cli/kadmin.c U trunk/src/kadmin/dbutil/dump.c U trunk/src/kadmin/dbutil/kdb5_util.c U trunk/src/kadmin/dbutil/loadv4.c U trunk/src/lib/kdb/kdb5.c U trunk/src/lib/krb5/rcache/rc_io.c U trunk/src/plugins/kdb/db2/kdb_db2.c U trunk/src/slave/kprop.c U trunk/src/slave/kpropd.c U trunk/src/tests/shlib/t_loader.c U trunk/src/util/et/error_table.y U trunk/src/util/et/internal.h U trunk/src/util/profile/prof_file.c U trunk/src/util/ss/utils.c From rt-comment at krbdev.mit.edu Mon Oct 20 17:14:50 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Mon, 20 Oct 2008 21:14:50 +0000 (UTC) Subject: [krbdev.mit.edu #6203] DELEG_POLICY_FLAG for GSS In-Reply-To: Message-ID: Proposed GSS-API extension requesting to delegate credentials only according to KDC policy, i.e., OK-AS-DELEGATE set. Patch from Apple attached. From rt-comment at krbdev.mit.edu Mon Oct 20 17:58:37 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Mon, 20 Oct 2008 21:58:37 +0000 (UTC) Subject: [krbdev.mit.edu #2197] Hang in malloc_consolidate() on RedHat 9 running krb5-1.2.x In-Reply-To: Message-ID: Probably fixed by one of several memory management bugfixes. Closing. From rt-comment at krbdev.mit.edu Mon Oct 20 18:08:49 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Mon, 20 Oct 2008 22:08:49 +0000 (UTC) Subject: [krbdev.mit.edu #3441] 1.4.3 : Solaris 9, LDFLAGS selectively ignoring during build In-Reply-To: Message-ID: Fixed by prior build system changes. Closing. From rt-comment at krbdev.mit.edu Tue Oct 21 10:28:12 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Tue, 21 Oct 2008 14:28:12 +0000 (UTC) Subject: [krbdev.mit.edu #5595] Problems with kpasswd and an IPv6 enviroment In-Reply-To: Message-ID: rdar://problem/5679776 From rt-comment at krbdev.mit.edu Tue Oct 21 11:08:27 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Tue, 21 Oct 2008 15:08:27 +0000 (UTC) Subject: [krbdev.mit.edu #6204] meta-ticket for tracking Apple patches In-Reply-To: Message-ID: This ticket is the parent of tickets that contain patches from Apple. From rt-comment at krbdev.mit.edu Tue Oct 21 11:21:55 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Tue, 21 Oct 2008 15:21:55 +0000 (UTC) Subject: [krbdev.mit.edu #5655] authorization-data plugin support in KDC In-Reply-To: Message-ID: Gone from 79.0 drop from Apple. From rt-comment at krbdev.mit.edu Tue Oct 21 11:31:40 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Tue, 21 Oct 2008 15:31:40 +0000 (UTC) Subject: [krbdev.mit.edu #6206] new API for storing extra per-principal data in ccache In-Reply-To: Message-ID: Patch from Apple that introduces a new API for storing additional data in the ccache on a per-principal basis. From rt-comment at krbdev.mit.edu Tue Oct 21 11:27:49 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Tue, 21 Oct 2008 15:27:49 +0000 (UTC) Subject: [krbdev.mit.edu #6205] IP_RECVDSTADDR support for kpasswd server In-Reply-To: Message-ID: Apple patch to use IP_RECVDSTADDR instead of connected UDP socket hack to discover local address of the incoming packet. From rt-comment at krbdev.mit.edu Tue Oct 21 12:07:21 2008 From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT) Date: Tue, 21 Oct 2008 16:07:21 +0000 (UTC) Subject: [krbdev.mit.edu #6206] new API for storing extra per-principal data in ccache In-Reply-To: Message-ID: Over the years there have been many organizations that have stored items in the credential cache as a service principal with a non-Kerberos ticket as the data blob. This has been frowned upon and I believe for good reason. If we want to make the credential cache an arbitrary storage mechanism than we should stored typed blobs and permit the registration of blob types. Examples of items that organizations have wanted to store in the credential cache server include: * X.509 certificates and private keys * SSH public and private keys * PGP public and private keys * configuration data I think permitting the credential cache to be used in this manner is a good thing. I simply believe that doing so by constructing arbitrary service names is not. Tools that list / manipulate the content of the credential cache will not understand the non-Kerberos v5 ticket blobs. The credential cache already has support for typed objects because it must distinguish between v4 and v5 objects. I believe opening the registration process to permit third parties to register new types is a preferable way to go. From rt-comment at krbdev.mit.edu Tue Oct 21 14:52:13 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 21 Oct 2008 18:52:13 +0000 (UTC) Subject: [krbdev.mit.edu #6208] krb5_change_set_password string argument allocation causes leaks In-Reply-To: Message-ID: krb5_change_set_password returns an error from the KDC in result_code and two error strings in krb5_data structures: result_code_string and result_string. If result_code is non-zero, result_string is set to a string. However result_code_string is unconditionally set to "Password change failed", even when result_code is 0. This makes it difficult for the caller to figure out if it needs to call krb5_free_data_contents. Also, krb5_change_set_password allows the caller to pass NULL for result_code_string but not result_string. Seems like either both should be allowed to be NULL or neither. From rt-comment at krbdev.mit.edu Tue Oct 21 15:09:38 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 21 Oct 2008 19:09:38 +0000 (UTC) Subject: [krbdev.mit.edu #6209] Callers of krb5_encrypt_data not freeing allocated memory In-Reply-To: Message-ID: obtain_sam_data (preauth.c) and pa_sam (preauth2.c) do not free the memory allocated and returned in the last argument to krb5_encrypt_data. In both functions this argument is named sam_response.sam_enc_nonce_or_ts. I think a call to krb5_free_sam_response_contents is missing somewhere... (Found using leak checker) From rt-comment at krbdev.mit.edu Tue Oct 21 15:29:54 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 21 Oct 2008 19:29:54 +0000 (UTC) Subject: [krbdev.mit.edu #6210] pa_sam leaks parts of krb5_sam_challenge In-Reply-To: Message-ID: pa_sam (preauth2.c) calls decode_krb5_sam_challenge and then just calls krb5_xfree to free the resulting krb5_sam_challenge. However, krb5_sam_challenge is a deep structure. Should be calling krb5_free_sam_challenge instead. From rt-comment at krbdev.mit.edu Tue Oct 21 15:43:02 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 21 Oct 2008 19:43:02 +0000 (UTC) Subject: [krbdev.mit.edu #6211] pam_sam leaking outer krb5_data created by encode_krb5_sam_response In-Reply-To: Message-ID: encode_krb5_sam_response allocates a krb5_data (including the outer structure) and returns it in scratch. pa_sam takes the content buffer and length out of scratch and puts them in pa (which will be returned to the caller), but does not free the outer buffer. Should probably be freed with krb5_xfree() or krb5_free_data after the length field has been set to 0 and the data field set to NULL. (Found with leak checker) From rt-comment at krbdev.mit.edu Tue Oct 21 16:00:27 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Tue, 21 Oct 2008 20:00:27 +0000 (UTC) Subject: [krbdev.mit.edu #6212] Apple patch for Common Crypto In-Reply-To: Message-ID: This is Apple's patch to use their Common Crypto API. From rt-comment at krbdev.mit.edu Tue Oct 21 16:02:27 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Tue, 21 Oct 2008 20:02:27 +0000 (UTC) Subject: [krbdev.mit.edu #6212] Apple patch for Common Crypto In-Reply-To: Message-ID: actually attach patch From rt-comment at krbdev.mit.edu Tue Oct 21 16:04:30 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Tue, 21 Oct 2008 20:04:30 +0000 (UTC) Subject: [krbdev.mit.edu #6213] Apple patch to use pidfile (FreeBSD) for daemons In-Reply-To: Message-ID: This patch from Apple uses the FreeBSD pidfile API to create PID files for daemons. We need to implement this in a cross-platform way. From rt-comment at krbdev.mit.edu Tue Oct 21 16:20:17 2008 From: rt-comment at krbdev.mit.edu (Nicolas Williams via RT) Date: Tue, 21 Oct 2008 20:20:17 +0000 (UTC) Subject: [krbdev.mit.edu #6213] Apple patch to use pidfile (FreeBSD) for daemons In-Reply-To: Message-ID: On Tue, Oct 21, 2008 at 08:04:30PM +0000, Tom Yu via RT wrote: > This patch from Apple uses the FreeBSD pidfile API to create PID files > for daemons. We need to implement this in a cross-platform way. Notes about Solaris and PID files: - On Solaris daemons managed by SMF don't need PID files unless you have utilities that need to know a daemon's PID so they can signal it (for any purpose *other* than killing it or otherwise making it exit). - On Solaris PID files should live in /var/run, and if they really must be in /etc/ then it must be possible to have a symlink in /etc instead that points to /var/run/... Nico -- From rt-comment at krbdev.mit.edu Tue Oct 21 17:01:20 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 21 Oct 2008 21:01:20 +0000 (UTC) Subject: [krbdev.mit.edu #6214] krb5_change_set_password not freeing chpw_rep contents In-Reply-To: Message-ID: krb5_change_set_password calls krb5int_sendto which places the reply buffer data in chpw_rep. This data is not freed. From rt-comment at krbdev.mit.edu Tue Oct 21 17:05:30 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 21 Oct 2008 21:05:30 +0000 (UTC) Subject: [krbdev.mit.edu #6214] SVN Commit In-Reply-To: Message-ID: krb5_change_set_password should free chpw_rep contents Commit By: lxs Revision: 20902 Changed Files: U trunk/src/lib/krb5/os/changepw.c From rt-comment at krbdev.mit.edu Tue Oct 21 17:05:40 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 21 Oct 2008 21:05:40 +0000 (UTC) Subject: [krbdev.mit.edu #6215] krb5_change_set_password not freeing chpw_rep contents In-Reply-To: Message-ID: krb5_change_set_password calls krb5int_sendto which places the reply buffer data in chpw_rep. This data is not freed. From rt-comment at krbdev.mit.edu Tue Oct 21 17:07:40 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 21 Oct 2008 21:07:40 +0000 (UTC) Subject: [krbdev.mit.edu #6214] krb5_change_set_password not freeing chpw_rep contents In-Reply-To: Message-ID: Fixed, but passing onto Greg so he can check if the static analysis tools found this one. From rt-comment at krbdev.mit.edu Tue Oct 21 17:50:55 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 21 Oct 2008 21:50:55 +0000 (UTC) Subject: [krbdev.mit.edu #6216] SVN Commit In-Reply-To: Message-ID: Commit By: lxs Revision: 20903 Changed Files: U trunk/src/kim/test/test_kim_preferences.c U trunk/src/kim/test/test_kll.c From rt-comment at krbdev.mit.edu Tue Oct 21 17:52:32 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 21 Oct 2008 21:52:32 +0000 (UTC) Subject: [krbdev.mit.edu #6217] SVN Commit In-Reply-To: Message-ID: Commit By: lxs Revision: 20904 Changed Files: U trunk/src/kim/lib/kim_preferences.c From rt-comment at krbdev.mit.edu Tue Oct 21 17:54:03 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 21 Oct 2008 21:54:03 +0000 (UTC) Subject: [krbdev.mit.edu #6218] SVN Commit In-Reply-To: Message-ID: Commit By: lxs Revision: 20905 Changed Files: U trunk/src/kim/lib/kim_ccache.c From rt-comment at krbdev.mit.edu Tue Oct 21 17:54:53 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 21 Oct 2008 21:54:53 +0000 (UTC) Subject: [krbdev.mit.edu #6219] SVN Commit In-Reply-To: Message-ID: Commit By: lxs Revision: 20906 Changed Files: U trunk/src/kim/lib/mac/kim_os_library.c From rt-comment at krbdev.mit.edu Tue Oct 21 17:56:12 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 21 Oct 2008 21:56:12 +0000 (UTC) Subject: [krbdev.mit.edu #6220] SVN Commit In-Reply-To: Message-ID: Commit By: lxs Revision: 20907 Changed Files: U trunk/src/kim/lib/kim_identity.c From rt-comment at krbdev.mit.edu Wed Oct 22 14:12:28 2008 From: rt-comment at krbdev.mit.edu (Greg Hudson via RT) Date: Wed, 22 Oct 2008 18:12:28 +0000 (UTC) Subject: [krbdev.mit.edu #6214] krb5_change_set_password not freeing chpw_rep contents In-Reply-To: Message-ID: [lxs - Tue Oct 21 17:07:40 2008]: > Fixed, but passing onto Greg so he can check if the static analysis > tools found this one. Doesn't look like the tool caught this. I don't know how I could find out why; but this is a good indication that runtime leak analysis will find different leaks than Coverity status analysis. (Patch reviewed, resolving ticket.) From rt-comment at krbdev.mit.edu Wed Oct 22 15:14:51 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Wed, 22 Oct 2008 19:14:51 +0000 (UTC) Subject: [krbdev.mit.edu #6221] KerberosAgent should clear generic auth prompt In-Reply-To: Message-ID: Input for the generic auth prompt needs to be cleared as soon as the continue button is clicked. Waiting until the client sends a fini is not soon enough. From rt-comment at krbdev.mit.edu Wed Oct 22 15:16:20 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Wed, 22 Oct 2008 19:16:20 +0000 (UTC) Subject: [krbdev.mit.edu #6222] KerberosAgent enter dialog should add entered identities to favorites In-Reply-To: Message-ID: Automatically add identities successfully authenticated through the enter identity path to favorites. From rt-comment at krbdev.mit.edu Wed Oct 22 15:21:23 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Wed, 22 Oct 2008 19:21:23 +0000 (UTC) Subject: [krbdev.mit.edu #6223] KerberosAgent shouldn't make duplicate auth prompts for the same identity In-Reply-To: Message-ID: Simultaneous requests to authenticate a single identity should be presented as a single auth dialog. From rt-comment at krbdev.mit.edu Wed Oct 22 15:24:03 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Wed, 22 Oct 2008 19:24:03 +0000 (UTC) Subject: [krbdev.mit.edu #6224] KerberosAgent 'no selection' placeholder in ticket options In-Reply-To: Message-ID: It's possible to get the ticket options sheet off of the Select Identity dialog to lose its object controller, making all of its controls disabled. Isn't reliably reproduced yet. From rt-comment at krbdev.mit.edu Wed Oct 22 16:40:34 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Wed, 22 Oct 2008 20:40:34 +0000 (UTC) Subject: [krbdev.mit.edu #6225] SVN Commit In-Reply-To: Message-ID: IPC message was causing problems when called from thread fini function (via krb5_stdcc_shutdown). Commit By: lxs Revision: 20908 Changed Files: U trunk/src/ccapi/common/cci_types.h U trunk/src/ccapi/lib/ccapi_context.c U trunk/src/ccapi/lib/ccapi_context.h U trunk/src/ccapi/server/ccs_cache_collection.c From rt-comment at krbdev.mit.edu Wed Oct 22 16:41:37 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Wed, 22 Oct 2008 20:41:37 +0000 (UTC) Subject: [krbdev.mit.edu #6226] SVN Commit In-Reply-To: Message-ID: Commit By: lxs Revision: 20909 Changed Files: U trunk/src/kim/lib/kim_credential.c From rt-comment at krbdev.mit.edu Wed Oct 22 17:17:10 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Wed, 22 Oct 2008 21:17:10 +0000 (UTC) Subject: [krbdev.mit.edu #6015] SVN Commit In-Reply-To: Message-ID: Fix previous commit by adding "extern" to header declarations for SPNEGO mechanism OID stuff. It was causing tentative definition issues on the Mac. (where there are constraints about common-block symbols) Commit By: tlyu Revision: 20910 Changed Files: _U trunk/ U trunk/src/lib/gssapi/spnego/gssapiP_spnego.h From rt-comment at krbdev.mit.edu Wed Oct 22 19:47:12 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Wed, 22 Oct 2008 23:47:12 +0000 (UTC) Subject: [krbdev.mit.edu #6227] Apple patch to KC to rescan network after 30 seconds In-Reply-To: Message-ID: Rescans the network interfaces after 30 seconds if the KDC did not find any when it started up. From rt-comment at krbdev.mit.edu Wed Oct 22 19:50:44 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Wed, 22 Oct 2008 23:50:44 +0000 (UTC) Subject: [krbdev.mit.edu #6228] Apple patch: KDC notify password server In-Reply-To: Message-ID: Apple patch to support updating their (Mac-specific) password server on some preauth failures. From rt-comment at krbdev.mit.edu Wed Oct 22 19:52:20 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Wed, 22 Oct 2008 23:52:20 +0000 (UTC) Subject: [krbdev.mit.edu #6229] Apple-specific manpage pathname fixes In-Reply-To: Message-ID: Apple-specific patch to change some pathnames in manpages. Should eventually get supported by programmatic substitutions when generating manpages. From rt-comment at krbdev.mit.edu Wed Oct 22 19:56:43 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Wed, 22 Oct 2008 23:56:43 +0000 (UTC) Subject: [krbdev.mit.edu #6230] Apple Seatbelt support for kadmind and KDC In-Reply-To: Message-ID: Seatbelt (Apple-specific privilege restriction) support for kadmind and KDC. From rt-comment at krbdev.mit.edu Wed Oct 22 19:58:35 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Wed, 22 Oct 2008 23:58:35 +0000 (UTC) Subject: [krbdev.mit.edu #6231] Apple split build support In-Reply-To: Message-ID: Apple-specific patch to support KfM split builds. From rt-comment at krbdev.mit.edu Wed Oct 22 20:00:11 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Thu, 23 Oct 2008 00:00:11 +0000 (UTC) Subject: [krbdev.mit.edu #6232] Apple manpage fix to delete reference to Kerberos.app In-Reply-To: Message-ID: Deletes reference to Kerberos.app from kdc.conf manpage. From rt-comment at krbdev.mit.edu Wed Oct 22 20:02:15 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Thu, 23 Oct 2008 00:02:15 +0000 (UTC) Subject: [krbdev.mit.edu #6233] Apple patch to instal newsyslog config In-Reply-To: Message-ID: Add install rule to install Apple-specific newsyslog configurations. From rt-comment at krbdev.mit.edu Wed Oct 22 20:09:06 2008 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Thu, 23 Oct 2008 00:09:06 +0000 (UTC) Subject: [krbdev.mit.edu #6227] Apple patch to KC to rescan network after 30 seconds In-Reply-To: Message-ID: Is LW_net_trans.patch still needed in the current submission? I think the patch I put in for #6019 (KfM 6.5a3) should detect changes and DTRT. From rt-comment at krbdev.mit.edu Wed Oct 22 20:09:58 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Thu, 23 Oct 2008 00:09:58 +0000 (UTC) Subject: [krbdev.mit.edu #6234] Apple config file support for password server In-Reply-To: Message-ID: Configuration file support for Apple-specific password server. From rt-comment at krbdev.mit.edu Wed Oct 22 20:11:44 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Thu, 23 Oct 2008 00:11:44 +0000 (UTC) Subject: [krbdev.mit.edu #6235] install target for KerberosLite In-Reply-To: Message-ID: Adds an install target for KerberosLite. From rt-comment at krbdev.mit.edu Wed Oct 22 20:16:00 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Thu, 23 Oct 2008 00:16:00 +0000 (UTC) Subject: [krbdev.mit.edu #6236] KDC start all realms in config file In-Reply-To: Message-ID: Apple patch to make KDC start all realms listed in the config file. May have some issues related to whether this is a good idea in some cases, like when a realm is in the config file but not served by the KDC. From rt-comment at krbdev.mit.edu Wed Oct 22 20:17:34 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Thu, 23 Oct 2008 00:17:34 +0000 (UTC) Subject: [krbdev.mit.edu #6237] Apple patch: start renewal task out of launchd In-Reply-To: Message-ID: Apple patch to start a renewal task out of launchd. From rt-comment at krbdev.mit.edu Wed Oct 22 20:19:23 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Thu, 23 Oct 2008 00:19:23 +0000 (UTC) Subject: [krbdev.mit.edu #6238] Apple patch: KDC send announcements of realms on startup In-Reply-To: Message-ID: Apple patch to make KDC send (Bonjour) announcements of realms on startup. From rt-comment at krbdev.mit.edu Wed Oct 22 20:20:37 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Thu, 23 Oct 2008 00:20:37 +0000 (UTC) Subject: [krbdev.mit.edu #6239] Apple patch: kinit background renewal job In-Reply-To: Message-ID: Apple patch adding support to kinit to perform background renewal of credentials. From rt-comment at krbdev.mit.edu Wed Oct 22 20:26:28 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Thu, 23 Oct 2008 00:26:28 +0000 (UTC) Subject: [krbdev.mit.edu #6243] Apple patch: fix leaks in KDC announcement mods In-Reply-To: Message-ID: Apple patch to fix leaks in their KDC realm annoucement mods. From rt-comment at krbdev.mit.edu Wed Oct 22 20:27:40 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Thu, 23 Oct 2008 00:27:40 +0000 (UTC) Subject: [krbdev.mit.edu #6244] Apple patch: fix leak in KIM In-Reply-To: Message-ID: Apple patch to fix leak in KIM. From rt-comment at krbdev.mit.edu Wed Oct 22 21:55:51 2008 From: rt-comment at krbdev.mit.edu (Love Hornquist Astrand via RT) Date: Thu, 23 Oct 2008 01:55:51 +0000 (UTC) Subject: [krbdev.mit.edu #6227] Apple patch to KC to rescan network after 30 seconds In-Reply-To: Message-ID: 22 okt 2008 kl. 17:09 skrev Ken Raeburn via RT: > Is LW_net_trans.patch still needed in the current submission? I > think the patch I put in for > #6019 (KfM 6.5a3) should detect changes and DTRT. Probably not, but I didn't want to rejected it out out hand. Love From rt-comment at krbdev.mit.edu Thu Oct 23 10:52:02 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Thu, 23 Oct 2008 14:52:02 +0000 (UTC) Subject: [krbdev.mit.edu #6247] Apple patch: null out pointer in string_to_key after free In-Reply-To: Message-ID: Set pointer to null after free in string_to_key.c. From rt-comment at krbdev.mit.edu Thu Oct 23 10:59:52 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Thu, 23 Oct 2008 14:59:52 +0000 (UTC) Subject: [krbdev.mit.edu #6248] Apple patch: destroy Mach ports on unload In-Reply-To: Message-ID: Apple patch to destroy Mach ports in the fini function, etc. to avoid crashes in apps that unload the library. From rt-comment at krbdev.mit.edu Thu Oct 23 11:25:08 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Thu, 23 Oct 2008 15:25:08 +0000 (UTC) Subject: [krbdev.mit.edu #6249] Apple patch: disable KIM GUI in KL In-Reply-To: Message-ID: Apple patch to disable KIM GUI in KerberosLogin.c From rt-comment at krbdev.mit.edu Thu Oct 23 12:04:11 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Thu, 23 Oct 2008 16:04:11 +0000 (UTC) Subject: [krbdev.mit.edu #6227] Apple patch to KC to rescan network after 30 seconds In-Reply-To: Message-ID: "Love Hornquist Astrand via RT" writes: > 22 okt 2008 kl. 17:09 skrev Ken Raeburn via RT: > >> Is LW_net_trans.patch still needed in the current submission? I >> think the patch I put in for >> #6019 (KfM 6.5a3) should detect changes and DTRT. > > Probably not, but I didn't want to rejected it out out hand. It looks like LW_net_trans.patch deals with the case where the KDC starts up with no network, which is something that #6019 might not deal with. From rt-comment at krbdev.mit.edu Thu Oct 23 13:44:22 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Thu, 23 Oct 2008 17:44:22 +0000 (UTC) Subject: [krbdev.mit.edu #6231] SVN Commit In-Reply-To: Message-ID: Added remaining changes to Apple Makefile patch. Commit By: lxs Revision: 6557 Changed Files: U trunk/Makefile From rt-comment at krbdev.mit.edu Thu Oct 23 13:50:47 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Thu, 23 Oct 2008 17:50:47 +0000 (UTC) Subject: [krbdev.mit.edu #6248] SVN Commit In-Reply-To: Message-ID: Free global mach ports on library unload Commit By: lxs Revision: 20911 Changed Files: U trunk/src/util/mac/k5_mig_client.c From rt-comment at krbdev.mit.edu Thu Oct 23 14:11:38 2008 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Thu, 23 Oct 2008 18:11:38 +0000 (UTC) Subject: [krbdev.mit.edu #6227] Apple patch to KC to rescan network after 30 seconds In-Reply-To: Message-ID: On Oct 23, 2008, at 12:04, Tom Yu via RT wrote: > It looks like LW_net_trans.patch deals with the case where the KDC > starts up with no network, which is something that #6019 might not > deal with. The KDC code will exit if it doesn't manage to set up any sockets during startup. However, it should always be able to set up the routing socket (unless maybe some OS doesn't support it), so it should have at least that one socket lying around. Then you reconfigure the network by bringing up some non-loopback interface, it wakes up and rescans the interfaces. Ken From rt-comment at krbdev.mit.edu Thu Oct 23 15:59:12 2008 From: rt-comment at krbdev.mit.edu (Greg Hudson via RT) Date: Thu, 23 Oct 2008 19:59:12 +0000 (UTC) Subject: [krbdev.mit.edu #6200] SVN Commit In-Reply-To: Message-ID: Use snprintf instead of strcpy/strcat in many places. Commit By: ghudson Revision: 20912 Changed Files: U trunk/src/appl/gssftp/ftp/cmds.c U trunk/src/appl/gssftp/ftpd/ftpd.c U trunk/src/appl/telnet/libtelnet/kerberos5.c U trunk/src/appl/telnet/libtelnet/spx.c U trunk/src/appl/telnet/telnetd/sys_term.c U trunk/src/clients/ksu/ccache.c U trunk/src/include/k5-platform.h U trunk/src/kadmin/ktutil/ktutil_funcs.c U trunk/src/lib/des425/read_passwd.c U trunk/src/lib/kdb/kdb_default.c U trunk/src/lib/krb5/ccache/cc_file.c U trunk/src/lib/krb5/keytab/kt_file.c U trunk/src/lib/krb5/keytab/kt_memory.c U trunk/src/lib/krb5/keytab/kt_srvtab.c U trunk/src/lib/krb5/krb/gic_pwd.c From rt-comment at krbdev.mit.edu Thu Oct 23 20:58:41 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Fri, 24 Oct 2008 00:58:41 +0000 (UTC) Subject: [krbdev.mit.edu #6250] SVN Commit In-Reply-To: Message-ID: Use CFStringGetCStringPtr if possible to avoid wasting memory since CFStringGetMaximumSizeForEncoding is wasteful for UTF8. Commit By: lxs Revision: 20914 Changed Files: U trunk/src/kim/lib/mac/kim_os_string.c From rt-comment at krbdev.mit.edu Fri Oct 24 13:12:03 2008 From: rt-comment at krbdev.mit.edu (Greg Hudson via RT) Date: Fri, 24 Oct 2008 17:12:03 +0000 (UTC) Subject: [krbdev.mit.edu #6200] SVN Commit In-Reply-To: Message-ID: Add build system support for strlcpy and strlcat on platforms which do not provide it natively. Commit By: ghudson Revision: 20916 Changed Files: U trunk/README U trunk/src/configure.in U trunk/src/include/k5-platform.h U trunk/src/util/support/Makefile.in A trunk/src/util/support/strlcpy.c From rt-comment at krbdev.mit.edu Fri Oct 24 14:37:26 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Fri, 24 Oct 2008 18:37:26 +0000 (UTC) Subject: [krbdev.mit.edu #6202] kadmind leaks extended error strings In-Reply-To: Message-ID: Ticket #6029 looks like it has a more thorough patch for this issue. From rt-comment at krbdev.mit.edu Fri Oct 24 15:40:38 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Fri, 24 Oct 2008 19:40:38 +0000 (UTC) Subject: [krbdev.mit.edu #6251] SVN Commit In-Reply-To: Message-ID: Commit By: lxs Revision: 20917 Changed Files: U trunk/src/kim/test/main.c U trunk/src/kim/test/test_kim_identity.c U trunk/src/kim/test/test_kim_identity.h From rt-comment at krbdev.mit.edu Fri Oct 24 15:46:43 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Fri, 24 Oct 2008 19:46:43 +0000 (UTC) Subject: [krbdev.mit.edu #6252] SVN Commit In-Reply-To: Message-ID: krb5_build_principal_va does not allocate the outer krb5_principal, making it useless for generating krb5_principals which can be freed with krb5_free_principal. Added krb5_build_principal_alloc_va which allocates the krb5_principal. Added krb5int_build_principal_alloc_va which is used by KIM to avoid code duplication. KIM's kim_identity_create_from_components takes the first component as an argument because principals with no components cannot be represented with the KIM UI. Modified KIM to use this new API. Commit By: lxs Revision: 20918 Changed Files: U trunk/src/include/k5-int.h U trunk/src/include/krb5/krb5.hin U trunk/src/kim/lib/kim_identity.c U trunk/src/lib/krb5/krb/bld_princ.c U trunk/src/lib/krb5/libkrb5.exports From rt-comment at krbdev.mit.edu Fri Oct 24 16:07:05 2008 From: rt-comment at krbdev.mit.edu (Greg Hudson via RT) Date: Fri, 24 Oct 2008 20:07:05 +0000 (UTC) Subject: [krbdev.mit.edu #6200] SVN Commit In-Reply-To: Message-ID: Use strlcpy instead of strcpy in many places. Commit By: ghudson Revision: 20919 Changed Files: U trunk/src/appl/bsd/krlogin.c U trunk/src/appl/bsd/krlogind.c U trunk/src/appl/bsd/krshd.c U trunk/src/appl/bsd/login.c U trunk/src/appl/bsd/v4rcp.c U trunk/src/appl/gssftp/ftp/cmds.c U trunk/src/appl/gssftp/ftp/ftp.c U trunk/src/appl/gssftp/ftp/glob.c U trunk/src/appl/gssftp/ftpd/ftpd.c U trunk/src/appl/libpty/getpty.c U trunk/src/appl/libpty/update_utmp.c U trunk/src/appl/telnet/libtelnet/kerberos5.c U trunk/src/appl/telnet/telnet/commands.c U trunk/src/kadmin/dbutil/dumpv4.c U trunk/src/kadmin/server/ipropd_svc.c U trunk/src/kadmin/server/schpw.c U trunk/src/kdc/fakeka.c U trunk/src/kdc/kdc_authdata.c U trunk/src/kdc/kerberos_v4.c U trunk/src/kdc/network.c U trunk/src/lib/crypto/cksumtype_to_string.c U trunk/src/lib/crypto/enctype_to_string.c U trunk/src/lib/kadm5/clnt/Makefile.in U trunk/src/lib/kadm5/srv/Makefile.in U trunk/src/lib/kadm5/str_conv.c U trunk/src/lib/kdb/kdb5.c U trunk/src/lib/kdb/keytab.c U trunk/src/lib/krb5/krb/conv_princ.c U trunk/src/lib/krb5/krb/gic_pwd.c U trunk/src/lib/krb5/krb/str_conv.c U trunk/src/lib/krb5/os/an_to_ln.c U trunk/src/lib/krb5/os/hst_realm.c U trunk/src/lib/krb5/os/ktdefname.c U trunk/src/lib/krb5/os/sendto_kdc.c U trunk/src/plugins/kdb/db2/kdb_db2.c U trunk/src/tests/resolve/Makefile.in U trunk/src/tests/resolve/addrinfo-test.c U trunk/src/util/et/error_message.c U trunk/src/util/support/errors.c From rt-comment at krbdev.mit.edu Fri Oct 24 16:54:15 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Fri, 24 Oct 2008 20:54:15 +0000 (UTC) Subject: [krbdev.mit.edu #6254] SVN Commit In-Reply-To: Message-ID: On error, krb5_build_principal_ext walks off the beginning of the array by using i-- in a conditional when it should be using --i (so that it actually compares the value of i that will be used below). Commit By: lxs Revision: 20920 Changed Files: U trunk/src/lib/krb5/krb/bld_pr_ext.c From rt-comment at krbdev.mit.edu Sat Oct 25 03:03:16 2008 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Sat, 25 Oct 2008 07:03:16 +0000 (UTC) Subject: [krbdev.mit.edu #6255] SVN Commit In-Reply-To: Message-ID: Instead of a pile of macros generating code, that have to be threaded together in just the right way to get a valid ASN.1 encoding, we now have a pile of macros for defining data structures describing the objects and the ASN.1 types they should be encoded as, which structures are interpreted by recursive invocations of an encoder engine; there should be somewhat less rope for accidentally creating invalid encodings. The new macros are commented in asn1_k_encode.c. Putting most of the work into the encoder engine also reduces the code size (in one configuration, including LDAP-KDB and PKINIT encoders, code size went from 37K to <16K, though 10K of tables were added, and the PKINIT encoders are still open-coded). Some encoder interfaces have been revised to be more regular -- all now take one pointer to const argument (no two-input encoders, no pointer-to-non-const-pointer-to-const). A few encoders were eliminated or disabled because they were neither used nor exported from the library. The LDAP-KDB encoder has been converted, but the PKINIT encoders have not as there are no regression tests for them currently. There is still plenty of room for improvement; some notes on specific ideas have been added. String encoding primitives have been combined to reduce code size. A primitive for encoding bit strings has been added. Some miscellaneous warnings in the decoders have been cleaned up. A new dejagnu test case is added that ensures that KRB-SAFE messages get exercised. Commit By: raeburn Revision: 20923 Changed Files: _U trunk/ U trunk/src/include/k5-int.h U trunk/src/kdc/kdc_preauth.c A trunk/src/lib/krb5/asn.1/TODO.asn1 U trunk/src/lib/krb5/asn.1/asn1_encode.c U trunk/src/lib/krb5/asn.1/asn1_encode.h U trunk/src/lib/krb5/asn.1/asn1_k_decode.c U trunk/src/lib/krb5/asn.1/asn1_k_encode.c U trunk/src/lib/krb5/asn.1/asn1_k_encode.h U trunk/src/lib/krb5/asn.1/asn1buf.c U trunk/src/lib/krb5/asn.1/asn1buf.h U trunk/src/lib/krb5/asn.1/krb5_encode.c U trunk/src/lib/krb5/asn.1/krbasn1.h U trunk/src/lib/krb5/asn.1/ldap_key_seq.c U trunk/src/lib/krb5/krb/chpw.c U trunk/src/lib/krb5/krb/rd_safe.c U trunk/src/lib/krb5/krb/send_tgs.c U trunk/src/tests/asn.1/Makefile.in U trunk/src/tests/asn.1/krb5_encode_test.c A trunk/src/tests/dejagnu/krb-standalone/simple.exp From rt-comment at krbdev.mit.edu Mon Oct 27 17:01:03 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Mon, 27 Oct 2008 21:01:03 +0000 (UTC) Subject: [krbdev.mit.edu #6256] SVN Commit In-Reply-To: Message-ID: errors.c should localize the incoming format string, not the string produced by vasprintf. The format string is constant and thus can be added to a localization table, whereas the output string is not. Note that this change depends on error_message also localizing error table strings (which it does for KfM already). Commit By: lxs Revision: 20927 Changed Files: U trunk/src/util/support/errors.c From rt-comment at krbdev.mit.edu Tue Oct 28 11:34:32 2008 From: rt-comment at krbdev.mit.edu (Greg Hudson via RT) Date: Tue, 28 Oct 2008 15:34:32 +0000 (UTC) Subject: [krbdev.mit.edu #6200] SVN Commit In-Reply-To: Message-ID: Add the k5buf string module to libkrb5support. Commit By: ghudson Revision: 20929 Changed Files: A trunk/src/include/k5-buf.h U trunk/src/include/k5-int.h _U trunk/src/util/support/ U trunk/src/util/support/Makefile.in A trunk/src/util/support/k5buf-int.h A trunk/src/util/support/k5buf.c U trunk/src/util/support/libkrb5support-fixed.exports A trunk/src/util/support/t_k5buf.c From rt-comment at krbdev.mit.edu Tue Oct 28 16:21:53 2008 From: rt-comment at krbdev.mit.edu (Greg Hudson via RT) Date: Tue, 28 Oct 2008 20:21:53 +0000 (UTC) Subject: [krbdev.mit.edu #6200] SVN Commit In-Reply-To: Message-ID: Eliminate use of strcpy/strcat/sprintf in wconfig.c. Use memcpy since we cannot rely on libkrb5support to give us the good stuff. Also fix up (to some extent) an assumption that size_t == int. Commit By: ghudson Revision: 20930 Changed Files: U trunk/src/wconfig.c From rt-comment at krbdev.mit.edu Tue Oct 28 18:03:38 2008 From: rt-comment at krbdev.mit.edu (Greg Hudson via RT) Date: Tue, 28 Oct 2008 22:03:38 +0000 (UTC) Subject: [krbdev.mit.edu #6200] SVN Commit In-Reply-To: Message-ID: In the k5buf module, add a function to append formatted data to a buffer. Commit By: ghudson Revision: 20932 Changed Files: U trunk/src/include/k5-buf.h U trunk/src/util/support/k5buf.c U trunk/src/util/support/t_k5buf.c From rt-comment at krbdev.mit.edu Tue Oct 28 18:09:14 2008 From: rt-comment at krbdev.mit.edu (Greg Hudson via RT) Date: Tue, 28 Oct 2008 22:09:14 +0000 (UTC) Subject: [krbdev.mit.edu #6200] SVN Commit In-Reply-To: Message-ID: Update the exports file for krb5int_buf_add_fmt. Commit By: ghudson Revision: 20933 Changed Files: U trunk/src/util/support/libkrb5support-fixed.exports From rt-comment at krbdev.mit.edu Wed Oct 29 15:36:12 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Wed, 29 Oct 2008 19:36:12 +0000 (UTC) Subject: [krbdev.mit.edu #6260] SVN Commit In-Reply-To: Message-ID: Trying to change the password for an identity which only uses non-password authentication methods left KerberosAgent with a spinning progress indicator. Problem was with auth sheet not being ended. Commit By: jander Revision: 20935 Changed Files: U trunk/src/kim/agent/mac/AuthenticationController.h U trunk/src/kim/agent/mac/AuthenticationController.m U trunk/src/kim/agent/mac/IPCClient.m From rt-comment at krbdev.mit.edu Wed Oct 29 16:36:52 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Wed, 29 Oct 2008 20:36:52 +0000 (UTC) Subject: [krbdev.mit.edu #6261] SVN Commit In-Reply-To: Message-ID: Note that if preauth is turned on the password may be removed for other reasons. This is because preauth failing can mean several things. Better to always remove it than have the user sometimes get stuck though. Commit By: lxs Revision: 20936 Changed Files: U trunk/src/kim/lib/kim_credential.c From rt-comment at krbdev.mit.edu Wed Oct 29 16:39:50 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Wed, 29 Oct 2008 20:39:50 +0000 (UTC) Subject: [krbdev.mit.edu #6262] SVN Commit In-Reply-To: Message-ID: Direct callers such as kinit need command line prompts. Do not automatically prompt (via krb5 or gssapi calls) unless the caller has loaded GUI libraries. Commit By: lxs Revision: 20937 Changed Files: U trunk/src/kim/lib/kim_library.c U trunk/src/kim/lib/kim_library_private.h U trunk/src/kim/lib/mac/kim_os_library.c U trunk/src/lib/gssapi/krb5/acquire_cred.c U trunk/src/lib/krb5/ccache/ccdefault.c From rt-comment at krbdev.mit.edu Wed Oct 29 16:40:41 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Wed, 29 Oct 2008 20:40:41 +0000 (UTC) Subject: [krbdev.mit.edu #6262] SVN Commit In-Reply-To: Message-ID: Build system changes for header paths. Commit By: lxs Revision: 6568 Changed Files: U trunk/KerberosFramework/Kerberos5/Projects/Kerberos5.xcodeproj/project.pbxproj From rt-comment at krbdev.mit.edu Wed Oct 29 17:07:43 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Wed, 29 Oct 2008 21:07:43 +0000 (UTC) Subject: [krbdev.mit.edu #6224] SVN Commit In-Reply-To: Message-ID: Removed unnecessary code that was resetting options whenever the array changes in the background. The problem is that any external change to the ticket list will cause this to happen, even when the options dialog is open. Also removed unused function resetOptions. Commit By: lxs Revision: 20938 Changed Files: U trunk/src/kim/agent/mac/SelectIdentityController.h U trunk/src/kim/agent/mac/SelectIdentityController.m From rt-comment at krbdev.mit.edu Wed Oct 29 17:14:41 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Wed, 29 Oct 2008 21:14:41 +0000 (UTC) Subject: [krbdev.mit.edu #6221] SVN Commit In-Reply-To: Message-ID: Clear auth prompt on success or cancel. Leave change password fields filled in when password is incorrect, to save user from reentering new password. Commit By: jander Revision: 20939 Changed Files: U trunk/src/kim/agent/mac/AuthenticationController.h U trunk/src/kim/agent/mac/AuthenticationController.m From rt-comment at krbdev.mit.edu Wed Oct 29 17:58:59 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Wed, 29 Oct 2008 21:58:59 +0000 (UTC) Subject: [krbdev.mit.edu #6222] SVN Commit In-Reply-To: Message-ID: KerberosAgent now saves successfully authenticated identities to favorites automatically when they were acquired through the Enter Identity dialog. Commit By: jander Revision: 20940 Changed Files: U trunk/src/kim/agent/mac/IPCClient.h U trunk/src/kim/agent/mac/IPCClient.m U trunk/src/kim/agent/mac/Identities.m From rt-comment at krbdev.mit.edu Thu Oct 30 15:32:58 2008 From: rt-comment at krbdev.mit.edu (Greg Hudson via RT) Date: Thu, 30 Oct 2008 19:32:58 +0000 (UTC) Subject: [krbdev.mit.edu #6200] SVN Commit In-Reply-To: Message-ID: Use the k5buf module instead of strcpy/strcat in several places. Commit By: ghudson Revision: 20941 Changed Files: U trunk/src/appl/gssftp/ftpd/ftpcmd.y U trunk/src/clients/ksu/authorization.c U trunk/src/lib/crypto/t_hmac.c U trunk/src/lib/gssapi/generic/gssapiP_generic.h U trunk/src/lib/gssapi/mechglue/oid_ops.c U trunk/src/lib/kadm5/alt_prof.c U trunk/src/lib/kadm5/str_conv.c U trunk/src/lib/krb5/krb/preauth.c U trunk/src/lib/krb5/krb/srv_rcache.c U trunk/src/lib/krb5/os/sendto_kdc.c U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal.c From rt-comment at krbdev.mit.edu Fri Oct 31 13:11:50 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Fri, 31 Oct 2008 17:11:50 +0000 (UTC) Subject: [krbdev.mit.edu #6264] SVN Commit In-Reply-To: Message-ID: Added KIM_DUPLICATE_UI_REQUEST_ERR error so UI can indicate it cancelled its dialog due to getting multiple identical dialogs at the same time. Commit By: lxs Revision: 20942 Changed Files: U trunk/src/kim/lib/kim_credential.c U trunk/src/kim/lib/kim_errors.et U trunk/src/kim/lib/kim_identity.c U trunk/src/kim/lib/kim_selection_hints.c From rt-comment at krbdev.mit.edu Fri Oct 31 14:35:31 2008 From: rt-comment at krbdev.mit.edu (Greg Hudson via RT) Date: Fri, 31 Oct 2008 18:35:31 +0000 (UTC) Subject: [krbdev.mit.edu #6200] SVN Commit In-Reply-To: Message-ID: Add a few safeties to the k5buf code, to make static analysis tools happier. Commit By: ghudson Revision: 20943 Changed Files: U trunk/src/util/support/k5buf.c From rt-comment at krbdev.mit.edu Fri Oct 31 15:37:21 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Fri, 31 Oct 2008 19:37:21 +0000 (UTC) Subject: [krbdev.mit.edu #6265] SVN Commit In-Reply-To: Message-ID: Attempting to fix a hard to reproduce bug with bindings by handling not applicable keys a little better. Commit By: jander Revision: 20945 Changed Files: U trunk/src/kim/agent/mac/AuthenticationController.m U trunk/src/kim/agent/mac/SelectIdentityController.m U trunk/src/kim/agent/mac/resources/English.lproj/SelectIdentity.xib