From rt-comment at krbdev.mit.edu Wed Sep 3 19:10:09 2008 From: rt-comment at krbdev.mit.edu (The RT System itself via RT) Date: Wed, 3 Sep 2008 19:10:09 -0400 (EDT) Subject: [krbdev.mit.edu #6108] A client can fail to get initial creds if it changes the password while doing so. In-Reply-To: Message-ID: >From krb5-bugs-incoming-bounces at PCH.MIT.EDU Wed Sep 3 19:10:03 2008 Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.12.9) with ESMTP id m83NA2o4013251; Wed, 3 Sep 2008 19:10:02 -0400 (EDT) Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m83N9vOK022930; Wed, 3 Sep 2008 19:09:57 -0400 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m83JNcIZ021576 for ; Wed, 3 Sep 2008 15:23:38 -0400 Received: from mit.edu (W92-130-BARRACUDA-2.MIT.EDU [18.7.21.223]) by fort-point-station.mit.edu (8.13.6/8.9.2) with ESMTP id m83JNTQh011519 for ; Wed, 3 Sep 2008 15:23:29 -0400 (EDT) X-ASG-Whitelist: Barracuda Reputation Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31]) by mit.edu (Spam Firewall) with ESMTP id 58C7FFCFE22 for ; Wed, 3 Sep 2008 15:23:29 -0400 (EDT) Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id m83JNSKv004077 for ; Wed, 3 Sep 2008 15:23:28 -0400 Received: from blade.bos.redhat.com (blade.bos.redhat.com [10.16.0.23]) by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id m83JNSeB025046 for ; Wed, 3 Sep 2008 15:23:28 -0400 Received: from blade.bos.redhat.com (localhost.localdomain [127.0.0.1]) by blade.bos.redhat.com (8.14.3/8.14.2) with ESMTP id m83JNSxO009896 for ; Wed, 3 Sep 2008 15:23:28 -0400 Received: (from nalin at localhost) by blade.bos.redhat.com (8.14.3/8.14.3/Submit) id m83JNSsE009895; Wed, 3 Sep 2008 15:23:28 -0400 Date: Wed, 3 Sep 2008 15:23:28 -0400 Message-Id: <200809031923.m83JNSsE009895 at blade.bos.redhat.com> To: krb5-bugs at mit.edu Subject: try to get creds from a master KDC if a non-master denies us right after a password change From: nalin at redhat.com X-send-pr-version: 3.99 X-Scanned-By: MIMEDefang 2.42 X-Scanned-By: MIMEDefang 2.58 on 172.16.52.254 X-Spam-Score: -1.638 X-Spam-Flag: NO X-Mailman-Approved-At: Wed, 03 Sep 2008 19:09:51 -0400 X-BeenThere: krb5-bugs-incoming at mailman.mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: nalin at redhat.com Sender: krb5-bugs-incoming-bounces at PCH.MIT.EDU Errors-To: krb5-bugs-incoming-bounces at PCH.MIT.EDU >Submitter-Id: net >Originator: Nalin Dahyabhai >Organization: Red Hat >Confidential: no >Synopsis: A client can fail to get initial creds if it changes the password while doing so. >Severity: non-critical >Priority: low >Category: krb5-libs >Class: sw-bug >Release: 1.6.3 >Environment: System: Linux blade.bos.redhat.com 2.6.25.4-30.fc9.x86_64 #1 SMP Wed May 21 17:34:18 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux Architecture: x86_64 >Description: In a master/slave setup, if a client is configured to use a non-master, a client with an expired password can attempt to get credentials, receive a key-has-expired error, successfully change the password, and then fail to get credentials. >How-To-Repeat: Point the client to a non-master in a replicating setup and attempt "kinit" as a client whose key has expired. The client will attempt to fetch creds from the slave, get a key-expired error, get password-changing credentials (again, from the slave), change the user's password (against the master), and then re-attempt to get initial credentials using the new password (again, from the slave). >Fix: Assume that KRB5_PREAUTH_FAILED is subject to propagation delay between the master and replicas (this error is only returned by this implementation when ENC_TIMESTAMP fails), and if we get a key-expired error right after changing the password, try again against the master KDC. Proposed patch: Index: src/lib/krb5/krb/gic_pwd.c =================================================================== --- src/lib/krb5/krb/gic_pwd.c (revision 20704) +++ src/lib/krb5/krb/gic_pwd.c (working copy) @@ -147,10 +147,10 @@ goto cleanup; /* If all the kdc's are unavailable, or if the error was due to a - user interrupt, or preauth errored out, fail */ + user interrupt, or preauth errored out against the master, fail */ if ((ret == KRB5_KDC_UNREACH) || - (ret == KRB5_PREAUTH_FAILED) || + ((ret == KRB5_PREAUTH_FAILED) && use_master) || (ret == KRB5_LIBOS_PWDINTR) || (ret == KRB5_REALM_CANT_RESOLVE)) goto cleanup; @@ -320,6 +320,25 @@ krb5_get_as_key_password, (void *) &pw0, &use_master, &as_reply); + if ((ret != KRB5KDC_ERR_KEY_EXP) || use_master) + goto cleanup; + else { + /* Okay, we *just* changed the password. Retry against a master KDC, + * because either the non-master's using outdated data or the admin + * has set an impossibly low maximum password lifetime. */ + use_master = 1; + ret2 = krb5_get_init_creds(context, creds, client, prompter, data, + start_time, in_tkt_service, opte, + krb5_get_as_key_password, (void *) &pw0, + &use_master, &as_reply); + if ((ret2 != KRB5_KDC_UNREACH) && + (ret2 != KRB5_REALM_CANT_RESOLVE) && + (ret2 != KRB5_REALM_UNKNOWN)) + ret = ret2; + else + use_master = 0; + } + cleanup: krb5int_set_prompt_types(context, 0); /* if getting the password was successful, then check to see if the From rt-comment at krbdev.mit.edu Thu Sep 4 14:43:22 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Thu, 4 Sep 2008 14:43:22 -0400 (EDT) Subject: [krbdev.mit.edu #6111] SVN Commit In-Reply-To: Message-ID: Use k5 thread functions. Also add destructors so if we ever have a way to detect application exit that the pthread key is destroyed. Commit By: lxs Revision: 20705 Changed Files: U trunk/src/ccapi/lib/ccapi_context.c U trunk/src/ccapi/lib/ccapi_context_change_time.c U trunk/src/ccapi/lib/ccapi_context_change_time.h U trunk/src/ccapi/lib/ccapi_ipc.c U trunk/src/ccapi/lib/ccapi_ipc.h U trunk/src/ccapi/lib/ccapi_os_ipc.h U trunk/src/ccapi/lib/mac/ccapi_os_ipc.c U trunk/src/ccapi/lib/win/ccapi_os_ipc.cxx U trunk/src/include/k5-thread.h From rt-comment at krbdev.mit.edu Mon Sep 8 17:22:01 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Mon, 8 Sep 2008 17:22:01 -0400 (EDT) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Use krb5 threading functions. Remove use of ECODE since errors are no longer objects. Fixed bug where bundle error strings were not returned when homedir access was off. Switched to using UTF8 unconditionally. Commit By: lxs Revision: 20709 Changed Files: U trunk/src/include/k5-thread.h A trunk/src/include/kim/kim_library.h U trunk/src/kim/agent/mac/Identities.m U trunk/src/kim/lib/kim_ccache.c U trunk/src/kim/lib/kim_credential.c U trunk/src/kim/lib/kim_debug.c U trunk/src/kim/lib/kim_error.c U trunk/src/kim/lib/kim_error_code.et U trunk/src/kim/lib/kim_error_private.h U trunk/src/kim/lib/kim_identity.c U trunk/src/kim/lib/kim_library.c U trunk/src/kim/lib/kim_library_private.h U trunk/src/kim/lib/kim_options.c U trunk/src/kim/lib/kim_preferences.c U trunk/src/kim/lib/kim_private.h U trunk/src/kim/lib/kim_selection_hints.c U trunk/src/kim/lib/kim_string.c U trunk/src/kim/lib/mac/kim_os_identity.c U trunk/src/kim/lib/mac/kim_os_library.c U trunk/src/kim/lib/mac/kim_os_preferences.c U trunk/src/kim/lib/mac/kim_os_private.h U trunk/src/kim/lib/mac/kim_os_selection_hints.c U trunk/src/kim/lib/mac/kim_os_string.c From rt-comment at krbdev.mit.edu Thu Sep 11 11:44:23 2008 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Thu, 11 Sep 2008 11:44:23 -0400 (EDT) Subject: [krbdev.mit.edu #6114] fopen file descriptor limit In-Reply-To: Message-ID: http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6221296 http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6234782 http://mail.opensolaris.org/pipermail/kerberos-discuss/2008-September/000272.html In 32-bit mode, Solaris has an 8-bit field for storing the file descriptor number in a FILE structure. Some types of applications may well have more file descriptors open when they call into the krb5 library, where we use fopen. (Also kadm5, kdb, and rpc libraries.) From some messages in the thread indicated above, it sounds like Sun's integration of 1.6.3 will use a Sun-specific extension to stdio (not listed in the fopen man page in the Solaris 10 rev we're running around MIT) to work around this; our code as shipped would just fail. The FILE structure on the Mac has a 16-bit field for a file descriptor and a fileno_unlocked() macro that examines it, though fileno() is a function that could bury some additional workaround behavior. Using more that 65536 file descriptors does seem a bit excessive. (But then, more than 640K of RAM did once too.) GNU libc uses an int, so that looks okay. I don't have function AIX, Tru64, etc., to examine. It's possible that it's only a real-world problem on Solaris. Possible approaches: 1) Ignore it unless someone gives us a patch. :) 2) Replace fopen calls with basic POSIX I/O, at least on these systems, and manage the buffering (if we need it) ourselves. A shim layer would let us map it to stdio on systems where it's not a problem, which is probably most of the modern ones too new to have big legacy compatibility issues to worry about like Solaris does. (Keep ticket 6062 in mind if tackling this.) 3) Use Sun's extension on recent-enough Solaris, ignore the problem elsewhere until/unless we know it's an issue. I don't know if this supports using fileno() like we do for the close- on-exec support. 4) ...? From rt-comment at krbdev.mit.edu Thu Sep 11 17:30:19 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Thu, 11 Sep 2008 17:30:19 -0400 (EDT) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Removed favorite identities object from public API and merged functionality into the preferences API to reduce function calls. Added options parameter to favorite identities (Mac OS X support still needed for options though). Updated test cases to reflect these changes. Commit By: lxs Revision: 20712 Changed Files: U trunk/src/include/kim/kim_preferences.h U trunk/src/include/kim/kim_types.h U trunk/src/kim/lib/kim.exports U trunk/src/kim/lib/kim_options.c U trunk/src/kim/lib/kim_preferences.c U trunk/src/kim/lib/kim_preferences_private.h U trunk/src/kim/lib/mac/kim_os_preferences.c U trunk/src/kim/test/main.c U trunk/src/kim/test/test_kim_common.c U trunk/src/kim/test/test_kim_common.h U trunk/src/kim/test/test_kim_identity.c U trunk/src/kim/test/test_kim_preferences.c U trunk/src/kim/test/test_kim_selection_hints.c U trunk/src/kim/test/test_kim_selection_hints.h From rt-comment at krbdev.mit.edu Fri Sep 12 12:14:37 2008 From: rt-comment at krbdev.mit.edu (The RT System itself via RT) Date: Fri, 12 Sep 2008 12:14:37 -0400 (EDT) Subject: [krbdev.mit.edu #6117] kadm5 setkey rpc can create illegal keys in kdb. In-Reply-To: Message-ID: >From krb5-bugs-incoming-bounces at PCH.MIT.EDU Fri Sep 12 12:14:08 2008 Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.12.9) with ESMTP id m8CGE8o4011378; Fri, 12 Sep 2008 12:14:08 -0400 (EDT) Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m8CGE3A3026769; Fri, 12 Sep 2008 12:14:03 -0400 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m8CFjWho020381 for ; Fri, 12 Sep 2008 11:45:32 -0400 Received: from mit.edu (M24-004-BARRACUDA-3.MIT.EDU [18.7.7.114]) by fort-point-station.mit.edu (8.13.6/8.9.2) with ESMTP id m8CFjK4u005949 for ; Fri, 12 Sep 2008 11:45:21 -0400 (EDT) Received: from spam.ifs.umich.edu (spam.ifs.umich.edu [141.211.1.36]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mit.edu (Spam Firewall) with ESMTP id 5C7A510ACBC3 for ; Fri, 12 Sep 2008 11:45:00 -0400 (EDT) Received: from root by spam.ifs.umich.edu with local (Exim 4.69) (envelope-from ) id 1KeApP-0005uk-UX; Fri, 12 Sep 2008 11:44:59 -0400 To: krb5-bugs at mit.edu Subject: kadm5 setkey can create illegal keys in kdb From: mdw at umich.edu X-send-pr-version: 3.99 Message-Id: Date: Fri, 12 Sep 2008 11:44:59 -0400 X-Spam-Score: 0.55 X-Spam-Flag: NO X-Scanned-By: MIMEDefang 2.42 X-Mailman-Approved-At: Fri, 12 Sep 2008 12:14:01 -0400 Cc: kwc at umich.edu, vpliakas at umich.edu, mdw at umich.edu X-BeenThere: krb5-bugs-incoming at mailman.mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: mdw at umich.edu Sender: krb5-bugs-incoming-bounces at PCH.MIT.EDU Errors-To: krb5-bugs-incoming-bounces at PCH.MIT.EDU >Submitter-Id: net >Originator: mdw at umich.edu >Organization: University of Michigan >Confidential: no >Synopsis: kadm5 setkey rpc can create illegal keys in kdb. >Severity: non-critical >Priority: low >Category: krb5-admin >Class: sw-bug >Release: 1.6.3 >Environment: dell pe1750 running umce linux, krb5 1.6.3+patches System: Linux strawdogs.ifs.umich.edu 2.6.23.1 #3 SMP Tue Oct 23 11:37:43 EDT 2007 i686 GNU/Linux Architecture: i686 >Description: While the cli doesn't expose it, there's a "setkey" rpc in the kadm5 protocol. Using this provides an elegant way to handle adding service keys such as for afs with less downtime. >How-To-Repeat: Write a program which calls kadm5_setkey_principal_3. Run it on a principal. Then run kadmin & look at the resulting key type. In 1.4.3 this worked fine; in stock 1.6.3, this results in an enctype and kvno of 0. >Fix: Run-time workaround, don't call kadm5_setkey_principal_3. Compile-time fix, apply the patch in /afs/umich.edu/group/itd/build/mdw/krb5.15x/patches/krb5-1.6.3-setkey1.patch From rt-comment at krbdev.mit.edu Fri Sep 12 12:14:39 2008 From: rt-comment at krbdev.mit.edu (The RT System itself via RT) Date: Fri, 12 Sep 2008 12:14:39 -0400 (EDT) Subject: [krbdev.mit.edu #6119] expand logfile names with strftime In-Reply-To: Message-ID: >From krb5-bugs-incoming-bounces at PCH.MIT.EDU Fri Sep 12 12:14:08 2008 Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.12.9) with ESMTP id m8CGE8o4011376; Fri, 12 Sep 2008 12:14:08 -0400 (EDT) Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m8CGE3sE026763; Fri, 12 Sep 2008 12:14:03 -0400 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m8CFjKqV020322 for ; Fri, 12 Sep 2008 11:45:20 -0400 Received: from mit.edu (W92-130-BARRACUDA-3.MIT.EDU [18.7.21.224]) by pacific-carrier-annex.mit.edu (8.13.6/8.9.2) with ESMTP id m8CFj8At024467 for ; Fri, 12 Sep 2008 11:45:09 -0400 (EDT) Received: from spam.ifs.umich.edu (spam.ifs.umich.edu [141.211.1.36]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mit.edu (Spam Firewall) with ESMTP id 44B911104A55 for ; Fri, 12 Sep 2008 11:44:48 -0400 (EDT) Received: from root by spam.ifs.umich.edu with local (Exim 4.69) (envelope-from ) id 1KeApD-0005uL-MM; Fri, 12 Sep 2008 11:44:47 -0400 To: krb5-bugs at mit.edu Subject: expand logfile names using strftime. From: mdw at umich.edu X-send-pr-version: 3.99 Message-Id: Date: Fri, 12 Sep 2008 11:44:47 -0400 X-Spam-Score: 0.55 X-Spam-Flag: NO X-Scanned-By: MIMEDefang 2.42 X-Mailman-Approved-At: Fri, 12 Sep 2008 12:14:01 -0400 Cc: kwc at umich.edu, vpliakas at umich.edu, mdw at umich.edu X-BeenThere: krb5-bugs-incoming at mailman.mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: mdw at umich.edu Sender: krb5-bugs-incoming-bounces at PCH.MIT.EDU Errors-To: krb5-bugs-incoming-bounces at PCH.MIT.EDU >Submitter-Id: net >Originator: mdw at umich.edu >Organization: University of Michigan >Confidential: no >Synopsis: expand logfile names with strftime >Severity: non-critical >Priority: low >Category: krb5-admin >Class: change-request >Release: 1.6.3 >Environment: dell pe1750 running umce linux, krb5 1.6.3+patches System: Linux strawdogs.ifs.umich.edu 2.6.23.1 #3 SMP Tue Oct 23 11:37:43 EDT 2007 i686 GNU/Linux Architecture: i686 >Description: At umich.edu, we have a convention of using timestamps in logfile names. Currently, we have hard-coded logic in kerberos to construct filenames of the form .log.YYYYMMDD . This is obviously very site specific, yet we'd rather not maintain site specific logic. It would be nice if log file names could be expanded via strftime. >How-To-Repeat: Run any kerberos daemon more than once. Watch it reuse the same log file. >Fix: Compile-time fix, apply the patch in /afs/umich.edu/group/itd/build/mdw/krb5.15x/patches/krb5-1.6.3-logts2.patch configure with new --enable-logfile-by-date . Change krb5.conf [logging] stanza, log file lines to read like: FILE:/var/log/krb5kdc.log.%Y%m%d . Restart daemons. Now see new style logfile names. From rt-comment at krbdev.mit.edu Fri Sep 12 12:14:38 2008 From: rt-comment at krbdev.mit.edu (The RT System itself via RT) Date: Fri, 12 Sep 2008 12:14:38 -0400 (EDT) Subject: [krbdev.mit.edu #6118] rename principals In-Reply-To: Message-ID: >From krb5-bugs-incoming-bounces at PCH.MIT.EDU Fri Sep 12 12:14:08 2008 Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.12.9) with ESMTP id m8CGE8o4011379; Fri, 12 Sep 2008 12:14:08 -0400 (EDT) Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m8CGE3uB026775; Fri, 12 Sep 2008 12:14:03 -0400 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m8CFjpaD020474 for ; Fri, 12 Sep 2008 11:45:51 -0400 Received: from mit.edu (W92-130-BARRACUDA-1.MIT.EDU [18.7.21.220]) by fort-point-station.mit.edu (8.13.6/8.9.2) with ESMTP id m8CFjhcU006508 for ; Fri, 12 Sep 2008 11:45:43 -0400 (EDT) Received: from spam.ifs.umich.edu (spam.ifs.umich.edu [141.211.1.36]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mit.edu (Spam Firewall) with ESMTP id D3886B10731 for ; Fri, 12 Sep 2008 11:44:52 -0400 (EDT) Received: from root by spam.ifs.umich.edu with local (Exim 4.69) (envelope-from ) id 1KeApI-0005uU-9f; Fri, 12 Sep 2008 11:44:52 -0400 To: krb5-bugs at mit.edu Subject: rename principals From: mdw at umich.edu X-send-pr-version: 3.99 Message-Id: Date: Fri, 12 Sep 2008 11:44:52 -0400 X-Spam-Score: 4.461 X-Spam-Level: **** (4.461) X-Spam-Flag: NO X-Scanned-By: MIMEDefang 2.42 X-Mailman-Approved-At: Fri, 12 Sep 2008 12:14:01 -0400 Cc: kwc at umich.edu, vpliakas at umich.edu, mdw at umich.edu X-BeenThere: krb5-bugs-incoming at mailman.mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: mdw at umich.edu Sender: krb5-bugs-incoming-bounces at PCH.MIT.EDU Errors-To: krb5-bugs-incoming-bounces at PCH.MIT.EDU >Submitter-Id: net >Originator: mdw at umich.edu >Organization: University of Michigan >Confidential: no >Synopsis: rename principals >Severity: non-critical >Priority: low >Category: krb5-admin >Class: change-request >Release: 1.6.3 >Environment: dell pe1750 running umce linux, krb5 1.6.3+patches System: Linux strawdogs.ifs.umich.edu 2.6.23.1 #3 SMP Tue Oct 23 11:37:43 EDT 2007 i686 GNU/Linux Architecture: i686 >Description: In mit k5 kerberos, there is a rename rpc that was never finished. Here is a patch that adds the missing pieces. The interesting trick is converting realm dependent salt to special salt. >How-To-Repeat: Run kadmin. Try, just try to rename a principal while preserving the password that you don't know. >Fix: Workaround: require users go through a password reset process after changing their login. Compile-time fix, apply the patch in /afs/umich.edu/group/itd/build/mdw/krb5.15x/patches/krb5-1.6.3-rename.patch From rt-comment at krbdev.mit.edu Fri Sep 12 12:14:38 2008 From: rt-comment at krbdev.mit.edu (The RT System itself via RT) Date: Fri, 12 Sep 2008 12:14:38 -0400 (EDT) Subject: [krbdev.mit.edu #6116] kadm5_decrypt_key sets bad encryption type In-Reply-To: Message-ID: >From krb5-bugs-incoming-bounces at PCH.MIT.EDU Fri Sep 12 12:14:08 2008 Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.12.9) with ESMTP id m8CGE8o4011375; Fri, 12 Sep 2008 12:14:08 -0400 (EDT) Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m8CGE3TN026764; Fri, 12 Sep 2008 12:14:03 -0400 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m8CFhmOg019953 for ; Fri, 12 Sep 2008 11:43:48 -0400 Received: from mit.edu (M24-004-BARRACUDA-3.MIT.EDU [18.7.7.114]) by fort-point-station.mit.edu (8.13.6/8.9.2) with ESMTP id m8CFhboo002961 for ; Fri, 12 Sep 2008 11:43:37 -0400 (EDT) Received: from spam.ifs.umich.edu (spam.ifs.umich.edu [141.211.1.36]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mit.edu (Spam Firewall) with ESMTP id CFD4110A8AB8 for ; Fri, 12 Sep 2008 11:43:16 -0400 (EDT) Received: from root by spam.ifs.umich.edu with local (Exim 4.69) (envelope-from ) id 1KeAnj-0005gH-R8; Fri, 12 Sep 2008 11:43:15 -0400 To: krb5-bugs at mit.edu Subject: kadm5_decrypt_key can return invalid encryption type From: mdw at umich.edu X-send-pr-version: 3.99 Message-Id: Date: Fri, 12 Sep 2008 11:43:15 -0400 X-Spam-Score: 0.55 X-Spam-Flag: NO X-Scanned-By: MIMEDefang 2.42 X-Mailman-Approved-At: Fri, 12 Sep 2008 12:14:01 -0400 Cc: kwc at umich.edu, vpliakas at umich.edu, mdw at umich.edu X-BeenThere: krb5-bugs-incoming at mailman.mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: mdw at umich.edu Sender: krb5-bugs-incoming-bounces at PCH.MIT.EDU Errors-To: krb5-bugs-incoming-bounces at PCH.MIT.EDU >Submitter-Id: net >Originator: mdw at umich.edu >Organization: University of Michigan >Confidential: no >Synopsis: kadm5_decrypt_key sets bad encryption type >Severity: non-critical >Priority: low >Category: krb5-admin >Class: sw-bug >Release: 1.6.3 >Environment: dell pe1750 running umce linux, krb5 1.6.3+patches System: Linux strawdogs.ifs.umich.edu 2.6.23.1 #3 SMP Tue Oct 23 11:37:43 EDT 2007 i686 GNU/Linux Architecture: i686 >Description: kadm5_decrypt_key has a bug which causes it to return an encryption type of -1 sometimes. This affects fakeka and krb524d, depending on the choice of encryption and salt types. >How-To-Repeat: Write a program which calls kadm5_decrypt_key handing it an encryption key of -1, then look at the encryption key type returned, or try to use the key. >Fix: Run-time workaround, don't use kerberos 4. If using kerberos 4 and fakeka/krb524d, be careful about salts and encryption types used. Beware when calling kadm5_decrypt_key in any site specific code, not to use a wildcard encryption type. Compile-time fix, apply the patch in /afs/umich.edu/group/itd/build/mdw/krb5.15x/patches/krb5-1.6.3-kbetype.patch From rt-comment at krbdev.mit.edu Fri Sep 12 12:14:40 2008 From: rt-comment at krbdev.mit.edu (The RT System itself via RT) Date: Fri, 12 Sep 2008 12:14:40 -0400 (EDT) Subject: [krbdev.mit.edu #6120] increase rpc timeout In-Reply-To: Message-ID: >From krb5-bugs-incoming-bounces at PCH.MIT.EDU Fri Sep 12 12:14:09 2008 Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.12.9) with ESMTP id m8CGE8o4011377; Fri, 12 Sep 2008 12:14:09 -0400 (EDT) Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m8CGE3Pa026770; Fri, 12 Sep 2008 12:14:03 -0400 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m8CFjUV0020377 for ; Fri, 12 Sep 2008 11:45:30 -0400 Received: from mit.edu (M24-004-BARRACUDA-3.MIT.EDU [18.7.7.114]) by pacific-carrier-annex.mit.edu (8.13.6/8.9.2) with ESMTP id m8CFjI5U024652 for ; Fri, 12 Sep 2008 11:45:18 -0400 (EDT) Received: from spam.ifs.umich.edu (spam.ifs.umich.edu [141.211.1.36]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mit.edu (Spam Firewall) with ESMTP id D6912109AAF6 for ; Fri, 12 Sep 2008 11:44:57 -0400 (EDT) Received: from root by spam.ifs.umich.edu with local (Exim 4.69) (envelope-from ) id 1KeApN-0005uc-E2; Fri, 12 Sep 2008 11:44:57 -0400 To: krb5-bugs at mit.edu Subject: increase rpc timeout From: mdw at umich.edu X-send-pr-version: 3.99 Message-Id: Date: Fri, 12 Sep 2008 11:44:57 -0400 X-Spam-Score: 4.461 X-Spam-Level: **** (4.461) X-Spam-Flag: NO X-Scanned-By: MIMEDefang 2.42 X-Mailman-Approved-At: Fri, 12 Sep 2008 12:14:01 -0400 Cc: kwc at umich.edu, vpliakas at umich.edu, mdw at umich.edu X-BeenThere: krb5-bugs-incoming at mailman.mit.edu X-Mailman-Version: 2.1.6 Precedence: list Reply-To: mdw at umich.edu Sender: krb5-bugs-incoming-bounces at PCH.MIT.EDU Errors-To: krb5-bugs-incoming-bounces at PCH.MIT.EDU >Submitter-Id: net >Originator: mdw at umich.edu >Organization: University of Michigan >Confidential: no >Synopsis: increase rpc timeout >Severity: non-critical >Priority: low >Category: krb5-admin >Class: sw-bug >Release: 1.6.3 >Environment: dell pe1750 running umce linux, krb5 1.6.3+patches System: Linux strawdogs.ifs.umich.edu 2.6.23.1 #3 SMP Tue Oct 23 11:37:43 EDT 2007 i686 GNU/Linux Architecture: i686 >Description: Somewhere a long time ago, we found that some rpc operations would timeout too soon. >How-To-Repeat: Find an rpc operation that takes more than 25 seconds to complete--such as a wildcard principal search on a sufficiently large database. Watch it break. >Fix: Don't do slow operations. Buy a faster machine. Dump the database and grep for principal names in the dump offline. Compile-time fix, apply the patch in /afs/umich.edu/group/itd/build/mdw/krb5.15x/patches/krb5-1.6.3-rpctmo.patch From rt-comment at krbdev.mit.edu Fri Sep 12 18:38:31 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Fri, 12 Sep 2008 18:38:31 -0400 (EDT) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Fixed KIM export list for KerberosLite (forgot there were two) Commit By: lxs Revision: 20713 Changed Files: U trunk/src/kim/lib/kim-lite.exports From rt-comment at krbdev.mit.edu Sun Sep 14 17:28:12 2008 From: rt-comment at krbdev.mit.edu (Jochen Voss via RT) Date: Sun, 14 Sep 2008 17:28:12 -0400 (EDT) Subject: [krbdev.mit.edu #6121] dead code in lib/rpc/clnt_udp.c In-Reply-To: Message-ID: Hello, while looking through the source of the Debian package krb5-1.6.dfsg.4~beta1, I came across the following function (file src/lib/rpc/clnt_udp.c, lines 221-407): static enum clnt_stat clntudp_call([...]) { [...] else { [...] enum xdr_op op = reply_xdrs.x_op; reply_xdrs.x_op = XDR_FREE; xdr_replymsg(&reply_xdrs, &reply_msg); reply_xdrs.x_op = op; return (RPC_CANTDECODERES); cu->cu_error.re_status = RPC_CANTDECODERES; } return (cu->cu_error.re_status); } Since the "return (RPC_CANTDECODERES);" is unconditional, the following assignment to cu->cu_error.re_status can never be reached. I am not quite sure about the intention of the code, but my guess is, that this assignment should just be removed. I hope this helps, Jochen -- http://seehuhn.de/ From rt-comment at krbdev.mit.edu Mon Sep 15 18:39:25 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Mon, 15 Sep 2008 22:39:25 +0000 (UTC) Subject: [krbdev.mit.edu #6122] testing new server In-Reply-To: Message-ID: testing outgoing mail on new server. From rt-comment at krbdev.mit.edu Mon Sep 15 19:07:44 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Mon, 15 Sep 2008 23:07:44 +0000 (UTC) Subject: [krbdev.mit.edu #6123] SVN Commit In-Reply-To: Message-ID: commit handler test Commit By: tlyu Revision: 19286 Changed Files: A branches/commit-handler-test/aaaa/ From rt-comment at krbdev.mit.edu Mon Sep 15 19:18:38 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Mon, 15 Sep 2008 23:18:38 +0000 (UTC) Subject: [krbdev.mit.edu #6123] SVN Commit In-Reply-To: Message-ID: test test test Commit By: tlyu Revision: 20716 Changed Files: D branches/commit-handler-test/bbb/ From rt-comment at krbdev.mit.edu Wed Sep 17 17:29:38 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Wed, 17 Sep 2008 21:29:38 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Added support for options in favorite identities. Fixed KLL preference reading support to not read keys from the wrong locations. Updated prompter function prototype. Updated tests to reflect these changes. Commit By: lxs Revision: 20727 Changed Files: U trunk/src/include/kim/kim_options.h U trunk/src/kim/lib/kim-lite.exports U trunk/src/kim/lib/kim_options.c U trunk/src/kim/lib/kim_options_private.h U trunk/src/kim/lib/kim_preferences.c U trunk/src/kim/lib/kim_preferences_private.h U trunk/src/kim/lib/mac/kim_os_preferences.c U trunk/src/kim/test/main.c U trunk/src/kim/test/test_kim_preferences.c U trunk/src/kim/test/test_kim_preferences.h From rt-comment at krbdev.mit.edu Wed Sep 17 17:30:56 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Wed, 17 Sep 2008 21:30:56 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Added tentative plugin API for KIM UI. Commit By: lxs Revision: 20728 Changed Files: A trunk/src/include/kim/kim_ui_plugin.h From rt-comment at krbdev.mit.edu Thu Sep 18 10:56:55 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Thu, 18 Sep 2008 14:56:55 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Removed kim_identity_get_gss_name and updated documentation. Commit By: lxs Revision: 20729 Changed Files: U trunk/doc/kim/Doxyfile U trunk/doc/kim/html/group__kim__ccache__iterator__reference.html U trunk/doc/kim/html/group__kim__ccache__reference.html U trunk/doc/kim/html/group__kim__credential__iterator__reference.html U trunk/doc/kim/html/group__kim__credential__reference.html U trunk/doc/kim/html/group__kim__error__reference.html U trunk/doc/kim/html/group__kim__identity__reference.html U trunk/doc/kim/html/group__kim__options__reference.html U trunk/doc/kim/html/group__kim__preferences__reference.html U trunk/doc/kim/html/group__kim__selection__hints__reference.html U trunk/doc/kim/html/group__kim__string__reference.html U trunk/doc/kim/html/group__kim__types__reference.html U trunk/doc/kim/html/index.html U trunk/doc/kim/html/kim_ccache_overview.html U trunk/doc/kim/html/kim_credential_overview.html U trunk/doc/kim/html/kim_error_overview.html U trunk/doc/kim/html/kim_identity_overview.html U trunk/doc/kim/html/kim_options_overview.html U trunk/doc/kim/html/kim_preferences_overview.html U trunk/doc/kim/html/kim_selection_hints_overview.html U trunk/doc/kim/html/kim_string_overview.html U trunk/doc/kim/html/modules.html U trunk/src/include/kim/kim_identity.h U trunk/src/kim/lib/kim_identity.c From rt-comment at krbdev.mit.edu Thu Sep 18 14:57:04 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Thu, 18 Sep 2008 18:57:04 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Added functions to save and get password from keychain. Commit By: lxs Revision: 20732 Changed Files: U trunk/src/kim/lib/kim_identity.c U trunk/src/kim/lib/kim_identity_private.h U trunk/src/kim/lib/mac/kim_os_identity.c From rt-comment at krbdev.mit.edu Thu Sep 18 18:51:04 2008 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Thu, 18 Sep 2008 22:51:04 +0000 (UTC) Subject: [krbdev.mit.edu #6116] kadm5_decrypt_key sets bad encryption type In-Reply-To: Message-ID: >>Description: > kadm5_decrypt_key has a bug which causes it to return an > encryption type of -1 sometimes. This affects > fakeka and krb524d, depending on the choice of encryption > and salt types. Thanks. This appears to be a duplicate of #5840. Fix was pulled up to the 1.6 branch in r20584. From rt-comment at krbdev.mit.edu Thu Sep 18 19:20:05 2008 From: rt-comment at krbdev.mit.edu (mdw@umich.edu via RT) Date: Thu, 18 Sep 2008 23:20:05 +0000 (UTC) Subject: [krbdev.mit.edu #6116] kadm5_decrypt_key sets bad encryption type In-Reply-To: Message-ID: > Date: Thu, 18 Sep 2008 22:51:04 -0000 > To: mdw at umich.edu > From: "Tom Yu via RT" > Subject: Re: [krbdev.mit.edu #6116] kadm5_decrypt_key sets bad encryption type > > >>Description: > > kadm5_decrypt_key has a bug which causes it to return an > > encryption type of -1 sometimes. This affects > > fakeka and krb524d, depending on the choice of encryption > > and salt types. > > Thanks. This appears to be a duplicate of #5840. Fix was pulled up > to the 1.6 branch in r20584. > Great! Thanks. I take it this is in 1.6.4-beta1? What are the plans for the 1.6 series at this point? I'm mainly asking because our production staff are rather cautious, and won't like the 1.6.4 beta 1 page at all. -Marcus Watts From rt-comment at krbdev.mit.edu Fri Sep 19 17:03:14 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Fri, 19 Sep 2008 21:03:14 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Remove kim_identity_get_gss_name from the export lists. Commit By: lxs Revision: 20739 Changed Files: U trunk/src/kim/lib/kim-lite.exports U trunk/src/kim/lib/kim.exports From rt-comment at krbdev.mit.edu Fri Sep 19 17:51:06 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Fri, 19 Sep 2008 21:51:06 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: KIM ui plugin support and gui selection harness. Commit By: lxs Revision: 20740 Changed Files: U trunk/src/include/kim/kim_library.h U trunk/src/include/kim/kim_ui_plugin.h U trunk/src/kim/lib/kim_error_code.et U trunk/src/kim/lib/kim_library.c U trunk/src/kim/lib/kim_library_private.h U trunk/src/kim/lib/kim_private.h U trunk/src/kim/lib/kim_string.c A trunk/src/kim/lib/kim_ui.c A trunk/src/kim/lib/kim_ui_cli.c A trunk/src/kim/lib/kim_ui_cli_private.h A trunk/src/kim/lib/kim_ui_gui.c A trunk/src/kim/lib/kim_ui_gui_private.h A trunk/src/kim/lib/kim_ui_plugin.c A trunk/src/kim/lib/kim_ui_plugin_private.h A trunk/src/kim/lib/kim_ui_private.h U trunk/src/kim/lib/mac/kim_os_library.c From rt-comment at krbdev.mit.edu Fri Sep 19 17:52:17 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Fri, 19 Sep 2008 21:52:17 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Build system portion of kim gui selection harness. Commit By: lxs Revision: 6495 Changed Files: U trunk/KerberosFramework/Kerberos5/Headers/Kerberos5Prefix.h U trunk/KerberosFramework/Kerberos5/Projects/Kerberos5.xcodeproj/project.pbxproj From rt-comment at krbdev.mit.edu Mon Sep 22 12:55:40 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Mon, 22 Sep 2008 16:55:40 +0000 (UTC) Subject: [krbdev.mit.edu #6124] ccache auxilliary functions In-Reply-To: Message-ID: To allow for the creation of KIM, the following additions need to go into the krb5 ccache and cccol code: - krb5_cc_lock/unlock to explicitly lock editing of a ccache - krb5_cccol_lock/unlock to explicitly lock creation and deletion of all ccache - krb5_cc_last_change_time to monitor changes to ccaches - krb5_cc_move to migrate a ccache across cache types - add missing pertype cccursor support to ccache types to allow iteration of all available ccaches From rt-comment at krbdev.mit.edu Mon Sep 22 13:04:00 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Mon, 22 Sep 2008 17:04:00 +0000 (UTC) Subject: [krbdev.mit.edu #6124] SVN Commit In-Reply-To: Message-ID: Merge 1.7 work on auxiliary ccache functions necessary for KIM. Adds krb5_cc_lock/unlock, krb5_cccol_lock/unlock, krb5_cc_last_change_time, krb5_cccol_last_change_time, krb5_cc_move, and adds pertype cursor support to some cache types. Locking functions work the same as the CCAPI cc_ccache_lock / cc_context_lock functions, though not as read/write locks. Commit By: jander Revision: 20743 Changed Files: U trunk/src/include/k5-int.h U trunk/src/include/krb5/krb5.hin U trunk/src/lib/krb5/ccache/cc-int.h U trunk/src/lib/krb5/ccache/cc_file.c U trunk/src/lib/krb5/ccache/cc_keyring.c U trunk/src/lib/krb5/ccache/cc_memory.c U trunk/src/lib/krb5/ccache/ccapi/stdcc.c U trunk/src/lib/krb5/ccache/ccapi/stdcc.h U trunk/src/lib/krb5/ccache/ccbase.c U trunk/src/lib/krb5/ccache/cccursor.c U trunk/src/lib/krb5/ccache/ccfns.c From rt-comment at krbdev.mit.edu Mon Sep 22 13:17:36 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Mon, 22 Sep 2008 17:17:36 +0000 (UTC) Subject: [krbdev.mit.edu #6125] krb5_cccol_lock/unlock should not have hardcoded mutex names In-Reply-To: Message-ID: e.g. krb5int_cc_file_mutex, krb5int_mcc_mutex, krb5int_krcc_mutex should not be explicitly named in the cccol locking functions. It would be less fragile to add pertype lock and unlock calls to each cache type's ops vector and make krb5_cccol_lock/unlock iterate the types. From rt-comment at krbdev.mit.edu Mon Sep 22 18:13:10 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Mon, 22 Sep 2008 22:13:10 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Added command line UI support. Added change password and acquire credentials UI harness support. API changes to the change password support to reflect these changes. Removed callback prompter interfaces since there is now plugin support. Updated documentation. Commit By: lxs Revision: 20745 Changed Files: U trunk/doc/kim/html/group__kim__ccache__iterator__reference.html U trunk/doc/kim/html/group__kim__ccache__reference.html U trunk/doc/kim/html/group__kim__credential__iterator__reference.html U trunk/doc/kim/html/group__kim__credential__reference.html U trunk/doc/kim/html/group__kim__error__reference.html U trunk/doc/kim/html/group__kim__identity__reference.html U trunk/doc/kim/html/group__kim__options__reference.html U trunk/doc/kim/html/group__kim__preferences__reference.html U trunk/doc/kim/html/group__kim__selection__hints__reference.html U trunk/doc/kim/html/group__kim__string__reference.html U trunk/doc/kim/html/group__kim__types__reference.html U trunk/doc/kim/html/index.html U trunk/doc/kim/html/kim_ccache_overview.html U trunk/doc/kim/html/kim_credential_overview.html U trunk/doc/kim/html/kim_error_overview.html U trunk/doc/kim/html/kim_identity_overview.html U trunk/doc/kim/html/kim_options_overview.html U trunk/doc/kim/html/kim_preferences_overview.html U trunk/doc/kim/html/kim_selection_hints_overview.html U trunk/doc/kim/html/kim_string_overview.html U trunk/doc/kim/html/modules.html U trunk/src/include/kim/kim_credential.h U trunk/src/include/kim/kim_identity.h U trunk/src/include/kim/kim_options.h U trunk/src/include/kim/kim_ui_plugin.h U trunk/src/kim/lib/kim-lite.exports U trunk/src/kim/lib/kim.exports U trunk/src/kim/lib/kim_credential.c U trunk/src/kim/lib/kim_identity.c U trunk/src/kim/lib/kim_options.c U trunk/src/kim/lib/kim_selection_hints.c U trunk/src/kim/lib/kim_string.c U trunk/src/kim/lib/kim_string_private.h U trunk/src/kim/lib/kim_ui.c U trunk/src/kim/lib/kim_ui_cli.c U trunk/src/kim/lib/kim_ui_cli_private.h U trunk/src/kim/lib/kim_ui_gui.c U trunk/src/kim/lib/kim_ui_gui_private.h U trunk/src/kim/lib/kim_ui_plugin.c U trunk/src/kim/lib/kim_ui_plugin_private.h U trunk/src/kim/lib/kim_ui_private.h U trunk/src/kim/lib/mac/kim_os_library.c U trunk/src/kim/lib/mac/kim_os_string.c From rt-comment at krbdev.mit.edu Tue Sep 23 06:45:27 2008 From: rt-comment at krbdev.mit.edu (Ezra Peisach via RT) Date: Tue, 23 Sep 2008 10:45:27 +0000 (UTC) Subject: [krbdev.mit.edu #6124] ccache auxilliary functions In-Reply-To: Message-ID: Looking at your changes I am concerned with the following: a) Addition of functions to krb5.hin which are not added to the library export list (cc_move, lock, etc). If these are to be exported, please change the exports list. If not - move them to the cc-int.h below... b) Addition of library specific code to k5-int.h: You have added the k5_cc_mutex and support to the "global" k5-int.h. I believe this code will be localized to the krb5 library - and more specifically to the ccache portion. Perhaps moving your changes to lib/krb5/ccache/cc-int.h would be more appropriate. Ezra From rt-comment at krbdev.mit.edu Tue Sep 23 15:40:58 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Tue, 23 Sep 2008 19:40:58 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: kim_ccache_get_display_name was calling kim_ccache_create_resolve_name with its parameters in the wrong order. kim_ccache_iterator_next wasn't handling the end of iteration correctly. Commit By: jander Revision: 20746 Changed Files: U trunk/src/kim/lib/kim_ccache.c From rt-comment at krbdev.mit.edu Tue Sep 23 17:46:16 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 23 Sep 2008 21:46:16 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Renamed error handling files to reflect what they do now. Moved GUI code into OS-specific directory. Fixed bugs in cache collection iterator routines where it was mishandling the magic empty ccache created when the cache collection is empty. Commit By: lxs Revision: 20747 Changed Files: U trunk/src/include/kim/kim.h U trunk/src/include/kim/kim_credential.h D trunk/src/include/kim/kim_error.h U trunk/src/include/kim/kim_string.h U trunk/src/include/kim/kim_types.h U trunk/src/kim/lib/kim-lite.exports U trunk/src/kim/lib/kim.exports U trunk/src/kim/lib/kim_ccache.c U trunk/src/kim/lib/kim_credential.c D trunk/src/kim/lib/kim_error.c D trunk/src/kim/lib/kim_error_code.et A trunk/src/kim/lib/kim_error_message.c A trunk/src/kim/lib/kim_errors.et U trunk/src/kim/lib/kim_string.c U trunk/src/kim/lib/kim_ui.c D trunk/src/kim/lib/kim_ui_gui.c U trunk/src/kim/lib/kim_ui_gui_private.h U trunk/src/kim/lib/kim_ui_private.h A trunk/src/kim/lib/mac/kim_os_ui_gui.c From rt-comment at krbdev.mit.edu Tue Sep 23 17:46:49 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 23 Sep 2008 21:46:49 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Build system changes for KIM. Commit By: lxs Revision: 6497 Changed Files: U trunk/KerberosFramework/Common/Projects/KerberosFramework.xcodeproj/project.pbxproj U trunk/KerberosFramework/Kerberos5/Projects/Kerberos5.xcodeproj/project.pbxproj From rt-comment at krbdev.mit.edu Tue Sep 23 18:20:07 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Tue, 23 Sep 2008 22:20:07 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: KIM Identity selection dialog work. Updated to match changes to KIM API. Commit By: jander Revision: 20748 Changed Files: U trunk/src/kim/agent/mac/Identities.h U trunk/src/kim/agent/mac/Identities.m U trunk/src/kim/agent/mac/KerberosAgentController.m A trunk/src/kim/agent/mac/KerberosFormatters.h A trunk/src/kim/agent/mac/KerberosFormatters.m U trunk/src/kim/agent/mac/SelectIdentityController.h U trunk/src/kim/agent/mac/SelectIdentityController.m U trunk/src/kim/agent/mac/resources/English.lproj/SelectIdentity.xib From rt-comment at krbdev.mit.edu Wed Sep 24 18:11:26 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Wed, 24 Sep 2008 22:11:26 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Fixed bugs in command line change password support. Removed low level change password functions from export list because they require a UI context. Added kim_ccache functions needed by klist to export list. Commit By: lxs Revision: 20749 Changed Files: U trunk/src/include/kim/kim_ccache.h U trunk/src/include/kim/kim_credential.h U trunk/src/kim/lib/kim-lite.exports U trunk/src/kim/lib/kim.exports U trunk/src/kim/lib/kim_ccache_private.h U trunk/src/kim/lib/kim_credential.c A trunk/src/kim/lib/kim_credential_private.h U trunk/src/kim/lib/kim_identity.c U trunk/src/kim/lib/kim_private.h U trunk/src/kim/lib/kim_ui.c U trunk/src/kim/lib/kim_ui_cli.c U trunk/src/kim/lib/kim_ui_cli_private.h U trunk/src/kim/lib/kim_ui_gui_private.h U trunk/src/kim/lib/kim_ui_plugin.c U trunk/src/kim/lib/kim_ui_plugin_private.h U trunk/src/kim/lib/mac/kim_os_ui_gui.c From rt-comment at krbdev.mit.edu Thu Sep 25 02:27:27 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Thu, 25 Sep 2008 06:27:27 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Removed prototype with no implementation. Commit By: lxs Revision: 20750 Changed Files: U trunk/src/include/kim/kim_string.h From rt-comment at krbdev.mit.edu Thu Sep 25 12:16:43 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Thu, 25 Sep 2008 16:16:43 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Added kim_credential_private.h to project. Commit By: lxs Revision: 6499 Changed Files: U trunk/KerberosFramework/Kerberos5/Projects/Kerberos5.xcodeproj/project.pbxproj From rt-comment at krbdev.mit.edu Thu Sep 25 13:47:09 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Thu, 25 Sep 2008 17:47:09 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Modified kim_ccache_compare to match the behavior of other kim compare functions. Commit By: lxs Revision: 20751 Changed Files: U trunk/src/kim/lib/kim_ccache.c From rt-comment at krbdev.mit.edu Thu Sep 25 15:53:22 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Thu, 25 Sep 2008 19:53:22 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Added support to track number of prompts so UIs do not try again unless there is something the user can do differently the next time. Commit By: lxs Revision: 20752 Changed Files: U trunk/src/kim/lib/kim_credential.c U trunk/src/kim/lib/kim_credential_private.h U trunk/src/kim/lib/kim_identity.c U trunk/src/kim/lib/kim_identity_private.h U trunk/src/kim/lib/kim_ui.c U trunk/src/kim/lib/kim_ui_cli.c U trunk/src/kim/lib/kim_ui_private.h From rt-comment at krbdev.mit.edu Thu Sep 25 16:25:42 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Thu, 25 Sep 2008 20:25:42 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Fixed a bug where kim_preferences_remove_favorite_identity was removing the first identity which did not match the one being passed in. Commit By: lxs Revision: 20753 Changed Files: U trunk/src/kim/lib/kim_preferences.c From rt-comment at krbdev.mit.edu Thu Sep 25 16:29:37 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Thu, 25 Sep 2008 20:29:37 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Fixed a typo in kim_preferences.c which prevented the fix to kim_preferences_remove_favorite_identity from working. (Accidentally tested in one source tree and committed from another. whoops.) Commit By: lxs Revision: 20754 Changed Files: U trunk/src/kim/lib/kim_preferences.c From rt-comment at krbdev.mit.edu Thu Sep 25 17:15:42 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Thu, 25 Sep 2008 21:15:42 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Update kim_test to use new error string function. Commit By: jander Revision: 20755 Changed Files: U trunk/src/kim/test/test_kim_common.c From rt-comment at krbdev.mit.edu Thu Sep 25 17:18:02 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Thu, 25 Sep 2008 21:18:02 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Add test for recently fixed kim_preferences_remove_favorite_identity bug. Commit By: jander Revision: 20756 Changed Files: U trunk/src/kim/test/main.c U trunk/src/kim/test/test_kim_preferences.c U trunk/src/kim/test/test_kim_preferences.h From rt-comment at krbdev.mit.edu Fri Sep 26 10:06:01 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Fri, 26 Sep 2008 14:06:01 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Initial checkin of Mac OS X ipc support. Also moved "set application name" functionality to kim_library_ because most applications do not need to call it and their name doesn't usually change over time or per thread By putting it in a global setting apps that do need to call it only have to call it once instead of every time they want to authenticate. Commit By: lxs Revision: 20757 Changed Files: U trunk/src/include/kim/kim_library.h U trunk/src/kim/lib/kim-lite.exports U trunk/src/kim/lib/kim.exports U trunk/src/kim/lib/kim_library.c U trunk/src/kim/lib/kim_library_private.h U trunk/src/kim/lib/kim_selection_hints.c U trunk/src/kim/lib/kim_ui_cli.c U trunk/src/kim/lib/mac/kim_os_library.c U trunk/src/kim/lib/mac/kim_os_private.h U trunk/src/kim/lib/mac/kim_os_string.c U trunk/src/kim/lib/mac/kim_os_ui_gui.c A trunk/src/kim/mac/ A trunk/src/kim/mac/kim_mig.defs A trunk/src/kim/mac/kim_mig_types.h U trunk/src/kim/test/test_kim_preferences.c From rt-comment at krbdev.mit.edu Fri Sep 26 10:06:51 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Fri, 26 Sep 2008 14:06:51 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Build system changes to support new IPC code. Commit By: lxs Revision: 6504 Changed Files: U trunk/KerberosFramework/Kerberos5/Projects/Kerberos5.xcodeproj/project.pbxproj From rt-comment at krbdev.mit.edu Fri Sep 26 10:07:49 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Fri, 26 Sep 2008 14:07:49 +0000 (UTC) Subject: [krbdev.mit.edu #6130] SVN Commit In-Reply-To: Message-ID: Removed unused application path argument from kipc_client_lookup_server Commit By: lxs Revision: 6505 Changed Files: U trunk/KerberosFramework/Common/Projects/KerberosFramework.xcodeproj/project.pbxproj U trunk/KerberosFramework/KerberosIPC/Headers/Kerberos/kipc_client.h U trunk/KerberosFramework/KerberosIPC/Sources/kipc_client.c U trunk/KerberosFramework/KerberosLogin/Sources/MachIPC/Headers/KLMachIPC.h From rt-comment at krbdev.mit.edu Fri Sep 26 10:08:38 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Fri, 26 Sep 2008 14:08:38 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Removed application name setting function from kim_selection_hints headers Commit By: lxs Revision: 20758 Changed Files: U trunk/src/include/kim/kim_selection_hints.h From rt-comment at krbdev.mit.edu Fri Sep 26 10:13:35 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Fri, 26 Sep 2008 14:13:35 +0000 (UTC) Subject: [krbdev.mit.edu #6131] SVN Commit In-Reply-To: Message-ID: Removed unused application path argument from kipc_client_lookup_server Commit By: lxs Revision: 20759 Changed Files: U trunk/src/ccapi/lib/mac/ccapi_os_ipc.c From rt-comment at krbdev.mit.edu Fri Sep 26 14:56:54 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Fri, 26 Sep 2008 18:56:54 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Added kim_credential_get_options and kim_ccache_get_options for KerberosAgent to use to create new favorite identities Commit By: lxs Revision: 20760 Changed Files: U trunk/src/include/kim/kim_ccache.h U trunk/src/include/kim/kim_credential.h U trunk/src/kim/lib/kim-lite.exports U trunk/src/kim/lib/kim.exports U trunk/src/kim/lib/kim_ccache.c U trunk/src/kim/lib/kim_credential.c From rt-comment at krbdev.mit.edu Fri Sep 26 20:44:03 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Sat, 27 Sep 2008 00:44:03 +0000 (UTC) Subject: [krbdev.mit.edu #6132] SVN Commit In-Reply-To: Message-ID: Commit By: lxs Revision: 6506 Changed Files: U trunk/KerberosFramework/Common/Projects/KerberosFramework.xcodeproj/project.pbxproj U trunk/KerberosFramework/Kerberos5/Projects/Kerberos5.xcodeproj/project.pbxproj U trunk/KerberosFramework/KerberosLogin/Projects/KerberosLogin.xcodeproj/project.pbxproj From rt-comment at krbdev.mit.edu Fri Sep 26 20:44:43 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Sat, 27 Sep 2008 00:44:43 +0000 (UTC) Subject: [krbdev.mit.edu #6133] SVN Commit In-Reply-To: Message-ID: Commit By: lxs Revision: 20762 Changed Files: U trunk/src/kim/agent/mac/PopupButton.m From rt-comment at krbdev.mit.edu Fri Sep 26 20:46:42 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Sat, 27 Sep 2008 00:46:42 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: KerberosAgent MachIPC support Commit By: lxs Revision: 20763 Changed Files: U trunk/src/include/kim/kim_identity.h A trunk/src/kim/agent/mac/ServerDemux.m A trunk/src/kim/agent/mac/ServerThread.h A trunk/src/kim/agent/mac/ServerThread.m U trunk/src/kim/lib/kim-lite.exports U trunk/src/kim/lib/kim.exports U trunk/src/kim/lib/kim_identity.c U trunk/src/kim/lib/kim_identity_private.h U trunk/src/kim/lib/kim_selection_hints.c U trunk/src/kim/lib/kim_selection_hints_private.h U trunk/src/kim/lib/kim_string_private.h U trunk/src/kim/lib/kim_ui.c U trunk/src/kim/lib/kim_ui_cli.c U trunk/src/kim/lib/mac/kim_os_ui_gui.c U trunk/src/kim/mac/kim_mig.defs From rt-comment at krbdev.mit.edu Sat Sep 27 15:18:56 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Sat, 27 Sep 2008 19:18:56 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: kim_credential_get_options was setting the lifetime a second time instead of setting the renewal lifetime Commit By: jander Revision: 20764 Changed Files: U trunk/src/kim/lib/kim_credential.c From rt-comment at krbdev.mit.edu Sat Sep 27 15:22:12 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Sat, 27 Sep 2008 19:22:12 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Add kim_preferences_get/set_minimum/maximum_lifetime functions to export lists. Commit By: jander Revision: 20765 Changed Files: U trunk/src/kim/lib/kim-lite.exports U trunk/src/kim/lib/kim.exports From rt-comment at krbdev.mit.edu Sat Sep 27 17:31:08 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Sat, 27 Sep 2008 21:31:08 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Renamed kim_identity_get_components to kim_identity_get_components_string to better reflect what it does (a string of everything but the realm, not an array of components like the old name might imply). Added private functions which will be used by KLL to shim on top of KIM. Private functions also reduce memory allocations inside of KIM. Commit By: lxs Revision: 20766 Changed Files: U trunk/src/include/kim/kim_identity.h U trunk/src/kim/lib/kim-lite.exports U trunk/src/kim/lib/kim.exports U trunk/src/kim/lib/kim_credential.c U trunk/src/kim/lib/kim_identity.c U trunk/src/kim/lib/kim_identity_private.h U trunk/src/kim/lib/kim_options.c U trunk/src/kim/lib/kim_options_private.h U trunk/src/kim/lib/kim_string_private.h U trunk/src/kim/lib/mac/kim_os_identity.c From rt-comment at krbdev.mit.edu Sat Sep 27 19:14:42 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Sat, 27 Sep 2008 23:14:42 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Added launchd plist file for KerberosAgent Commit By: lxs Revision: 20767 Changed Files: A trunk/src/kim/agent/mac/edu.mit.Kerberos.KerberosAgent.plist From rt-comment at krbdev.mit.edu Sat Sep 27 19:15:36 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Sat, 27 Sep 2008 23:15:36 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Renamed KLL KerberosAgent to OldKerberosAgent for testing new KerberosAgent Commit By: lxs Revision: 6508 Changed Files: U trunk/Common/Projects/Kerberos.xcodeproj/project.pbxproj U trunk/Common/Resources/English.lproj/Welcome.rtf U trunk/Common/Resources/Kerberos.info U trunk/Common/Resources/preflight U trunk/KerberosFramework/Common/Projects/KerberosFramework.xcodeproj/project.pbxproj U trunk/KerberosFramework/Kerberos5/Projects/Kerberos5.xcodeproj/project.pbxproj U trunk/KerberosFramework/KerberosLogin/Projects/KerberosLogin.xcodeproj/project.pbxproj U trunk/KerberosFramework/KerberosLogin/Resources/KerberosAgentInfo.plist D trunk/KerberosFramework/KerberosLogin/Resources/edu.mit.Kerberos.KerberosAgent.plist A trunk/KerberosFramework/KerberosLogin/Resources/edu.mit.Kerberos.OldKerberosAgent.plist U trunk/KerberosFramework/KerberosLogin/Sources/KerberosLogin/Headers/KLEnvironment.h U trunk/KerberosFramework/KerberosLogin/Sources/MachIPC/Headers/KLMachIPC.h From rt-comment at krbdev.mit.edu Sat Sep 27 23:59:58 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Sun, 28 Sep 2008 03:59:58 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Make kim_credential_get_options set correct renewal lifetime Commit By: jander Revision: 20768 Changed Files: U trunk/src/kim/lib/kim_credential.c From rt-comment at krbdev.mit.edu Sun Sep 28 15:43:51 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Sun, 28 Sep 2008 19:43:51 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Create common stream and ipc layer for CCAPI and KIM. Will switch CCAPI to this new code later though, so as not to destabilize KfM and the Windows builds. Commit By: lxs Revision: 20769 Changed Files: A trunk/src/include/k5-ipc_stream.h U trunk/src/include/k5-thread.h U trunk/src/include/kim/kim_ui_plugin.h A trunk/src/kim/agent/mac/ServerDemux.h U trunk/src/kim/agent/mac/ServerDemux.m D trunk/src/kim/agent/mac/ServerThread.h D trunk/src/kim/agent/mac/ServerThread.m U trunk/src/kim/agent/mac/main.m U trunk/src/kim/lib/mac/kim_os_ui_gui.c D trunk/src/kim/mac/ A trunk/src/util/mac/ A trunk/src/util/mac/k5_mig.defs A trunk/src/util/mac/k5_mig_client.c A trunk/src/util/mac/k5_mig_client.h A trunk/src/util/mac/k5_mig_reply.defs A trunk/src/util/mac/k5_mig_request.defs A trunk/src/util/mac/k5_mig_server.c A trunk/src/util/mac/k5_mig_server.h A trunk/src/util/mac/k5_mig_types.h A trunk/src/util/support/ipc_stream.c From rt-comment at krbdev.mit.edu Sun Sep 28 15:45:06 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Sun, 28 Sep 2008 19:45:06 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Build system changes for new IPC and stream code. Commit By: lxs Revision: 6510 Changed Files: U trunk/KerberosFramework/Kerberos5/Headers/Kerberos5Prefix.h U trunk/KerberosFramework/Kerberos5/Projects/Kerberos5.xcodeproj/project.pbxproj From rt-comment at krbdev.mit.edu Sun Sep 28 16:52:21 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Sun, 28 Sep 2008 20:52:21 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Added search paths to kim internal headers to KerberosAgent so it can find kim_selection_hints_create_from_stream Commit By: lxs Revision: 6511 Changed Files: U trunk/KerberosFramework/Kerberos5/Projects/Kerberos5.xcodeproj/project.pbxproj From rt-comment at krbdev.mit.edu Sun Sep 28 16:53:14 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Sun, 28 Sep 2008 20:53:14 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Added kim_selection_hints_create_from_stream and kim_selection_hints_write_to_stream for client/server communication. Commit By: lxs Revision: 20770 Changed Files: U trunk/src/kim/agent/mac/ServerDemux.m U trunk/src/kim/lib/kim.exports U trunk/src/kim/lib/kim_options.c U trunk/src/kim/lib/kim_options_private.h U trunk/src/kim/lib/kim_selection_hints.c U trunk/src/kim/lib/kim_selection_hints_private.h U trunk/src/kim/lib/mac/kim_os_ui_gui.c From rt-comment at krbdev.mit.edu Sun Sep 28 18:16:19 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Sun, 28 Sep 2008 22:16:19 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Flesh out KerberosAgent Select Identity dialog. Can now add, edit, and remove favorite identities. Also, make formatters in KerberosFormatters.[hm] localizable. Still need to add principal validation and prevent duplicates. Commit By: jander Revision: 20771 Changed Files: U trunk/src/kim/agent/mac/Identities.h U trunk/src/kim/agent/mac/Identities.m A trunk/src/kim/agent/mac/KIMUtilities.h A trunk/src/kim/agent/mac/KIMUtilities.m U trunk/src/kim/agent/mac/KerberosFormatters.h U trunk/src/kim/agent/mac/KerberosFormatters.m U trunk/src/kim/agent/mac/SelectIdentityController.h U trunk/src/kim/agent/mac/SelectIdentityController.m U trunk/src/kim/agent/mac/resources/English.lproj/SelectIdentity.xib A trunk/src/kim/agent/mac/resources/KerberosFormatters.strings From rt-comment at krbdev.mit.edu Sun Sep 28 18:38:23 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Sun, 28 Sep 2008 22:38:23 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Make [Identity -componentsString] use kim_identity_get_components_string Commit By: jander Revision: 20772 Changed Files: U trunk/src/kim/agent/mac/Identities.m From rt-comment at krbdev.mit.edu Sun Sep 28 19:39:27 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Sun, 28 Sep 2008 23:39:27 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Place structure in thread specific data to store client connection port so that multiple services can be supported simultaneously. Commit By: lxs Revision: 20773 Changed Files: U trunk/src/kim/lib/mac/kim_os_ui_gui.c U trunk/src/util/mac/k5_mig_client.c U trunk/src/util/mac/k5_mig_client.h From rt-comment at krbdev.mit.edu Sun Sep 28 19:51:12 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Sun, 28 Sep 2008 23:51:12 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Actually make [Identity -componentsString] use kim_identity_get_components_string. Also, better error handling in Identity and Identities classes. Commit By: jander Revision: 20774 Changed Files: U trunk/src/kim/agent/mac/Identities.m U trunk/src/kim/agent/mac/KIMUtilities.h U trunk/src/kim/agent/mac/KIMUtilities.m U trunk/src/kim/agent/mac/SelectIdentityController.m From rt-comment at krbdev.mit.edu Sun Sep 28 22:40:27 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Mon, 29 Sep 2008 02:40:27 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: kim_credential_create_new should support NULL in_identity. Prompt for it. Commit By: lxs Revision: 20775 Changed Files: U trunk/src/kim/lib/kim_credential.c From rt-comment at krbdev.mit.edu Mon Sep 29 01:19:40 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Mon, 29 Sep 2008 05:19:40 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Fixed KerberosAgent plists so it is loading the correct server and so they are both in plist format. Commit By: lxs Revision: 20776 Changed Files: U trunk/src/kim/agent/mac/KerberosAgent-Info.plist U trunk/src/kim/agent/mac/edu.mit.Kerberos.KerberosAgent.plist From rt-comment at krbdev.mit.edu Mon Sep 29 01:20:25 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Mon, 29 Sep 2008 05:20:25 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: If in_identity is NULL, use the identity the user entered. (Fixed typo) Commit By: lxs Revision: 20777 Changed Files: U trunk/src/kim/lib/kim_credential.c From rt-comment at krbdev.mit.edu Mon Sep 29 01:21:50 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Mon, 29 Sep 2008 05:21:50 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Removed useless init and cleanup functions. Fixed request port list handling. Commit By: lxs Revision: 20778 Changed Files: U trunk/src/include/k5-thread.h U trunk/src/util/mac/k5_mig_client.c U trunk/src/util/mac/k5_mig_server.c U trunk/src/util/mac/k5_mig_server.h From rt-comment at krbdev.mit.edu Mon Sep 29 01:25:05 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Mon, 29 Sep 2008 05:25:05 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: test harness for KerberosAgent IPC layer. Commit By: lxs Revision: 20779 Changed Files: U trunk/src/kim/agent/mac/ServerDemux.m U trunk/src/kim/agent/mac/main.m From rt-comment at krbdev.mit.edu Mon Sep 29 14:52:56 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Mon, 29 Sep 2008 18:52:56 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: UI should lazy init so that init and fini are only called if one of the UI calls is called. The problem is that when you call krb5_get_init_creds_* you don't know if it will call the prompter or not. (It won't if the password is saved in the keychain or if pkinit succeeds.) Commit By: lxs Revision: 20780 Changed Files: U trunk/src/kim/lib/kim_ui.c U trunk/src/kim/lib/kim_ui_private.h U trunk/src/kim/lib/mac/kim_os_ui_gui.c From rt-comment at krbdev.mit.edu Mon Sep 29 16:48:46 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Mon, 29 Sep 2008 20:48:46 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Added support for disabling password saving, both globally and also per prompt via the UI. Commit By: lxs Revision: 20781 Changed Files: U trunk/src/include/kim/kim_ui_plugin.h U trunk/src/kim/agent/mac/ServerDemux.h U trunk/src/kim/agent/mac/ServerDemux.m U trunk/src/kim/lib/kim_credential.c U trunk/src/kim/lib/kim_identity.c U trunk/src/kim/lib/kim_identity_private.h U trunk/src/kim/lib/kim_ui.c U trunk/src/kim/lib/kim_ui_cli.c U trunk/src/kim/lib/kim_ui_cli_private.h U trunk/src/kim/lib/kim_ui_gui_private.h U trunk/src/kim/lib/kim_ui_plugin.c U trunk/src/kim/lib/kim_ui_plugin_private.h U trunk/src/kim/lib/kim_ui_private.h U trunk/src/kim/lib/mac/kim_os_identity.c U trunk/src/kim/lib/mac/kim_os_ui_gui.c From rt-comment at krbdev.mit.edu Mon Sep 29 17:39:45 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Mon, 29 Sep 2008 21:39:45 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Support legacy KerberosAgent preference for save passwords and a new preference in the KIM preferences. Updated test harness for save password arguments. Commit By: lxs Revision: 20782 Changed Files: U trunk/src/kim/agent/mac/ServerDemux.m U trunk/src/kim/lib/mac/kim_os_identity.c U trunk/src/kim/lib/mac/kim_os_preferences.c U trunk/src/kim/lib/mac/kim_os_private.h From rt-comment at krbdev.mit.edu Tue Sep 30 01:12:01 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 30 Sep 2008 05:12:01 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Fixed a bug where getting addressless tickets would cause kim to pass a NULL krb5_context into krb5_os_localaddr Commit By: lxs Revision: 20783 Changed Files: U trunk/src/kim/lib/kim_options.c From rt-comment at krbdev.mit.edu Tue Sep 30 15:13:33 2008 From: rt-comment at krbdev.mit.edu (Justin Anderson via RT) Date: Tue, 30 Sep 2008 19:13:33 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: Check for null saved password in kim_ui_prompter. Just because kim_os_get_saved_password didn't return an error doesn't mean it successfully got a password. Commit By: jander Revision: 20784 Changed Files: U trunk/src/kim/lib/kim_ui.c From rt-comment at krbdev.mit.edu Tue Sep 30 15:26:58 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 30 Sep 2008 19:26:58 +0000 (UTC) Subject: [krbdev.mit.edu #6055] SVN Commit In-Reply-To: Message-ID: kim_os_identity_get_saved_password should always return an error when no password is returned. Commit By: lxs Revision: 20785 Changed Files: U trunk/src/kim/lib/mac/kim_os_identity.c From rt-comment at krbdev.mit.edu Tue Sep 30 16:03:45 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 30 Sep 2008 20:03:45 +0000 (UTC) Subject: [krbdev.mit.edu #6138] SVN Commit In-Reply-To: Message-ID: Switching to error tables to make it easier to introduce cross-platform gettext support. KfM-side of changes. Commit By: lxs Revision: 6519 Changed Files: U trunk/KerberosFramework/Common/Projects/KerberosFramework.xcodeproj/project.pbxproj U trunk/KerberosFramework/Kerberos5/Headers/Kerberos5Prefix.h U trunk/KerberosFramework/Kerberos5/Projects/Kerberos5.xcodeproj/project.pbxproj U trunk/KerberosFramework/KerberosErrors/Sources/com_err.c U trunk/KerberosFramework/KerberosLogin/Projects/KerberosLogin.xcodeproj/project.pbxproj U trunk/KerberosFramework/KerberosLogin/Sources/KerberosLogin/KLString.c U trunk/KerberosFramework/KerberosLogin/Sources/KerberosLogin/KLTerminalUI.c From rt-comment at krbdev.mit.edu Tue Sep 30 16:05:21 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 30 Sep 2008 20:05:21 +0000 (UTC) Subject: [krbdev.mit.edu #6138] SVN Commit In-Reply-To: Message-ID: krb5 library-side changes for com_err based error strings. Commit By: lxs Revision: 20786 Changed Files: U trunk/src/ccapi/lib/ccapi_context.c U trunk/src/kim/agent/mac/ServerDemux.m U trunk/src/kim/lib/kim_ccache.c U trunk/src/kim/lib/kim_credential.c U trunk/src/kim/lib/kim_identity.c U trunk/src/kim/lib/kim_library.c U trunk/src/kim/lib/kim_library_private.h U trunk/src/kim/lib/kim_options.c U trunk/src/kim/lib/kim_preferences.c U trunk/src/kim/lib/kim_selection_hints.c U trunk/src/kim/lib/kim_string.c U trunk/src/kim/lib/mac/kim_os_private.h U trunk/src/kim/lib/mac/kim_os_string.c U trunk/src/lib/gssapi/gss_libinit.c U trunk/src/lib/krb5/krb5_libinit.c U trunk/src/util/mac/k5_mig_client.c U trunk/src/util/profile/prof_file.c From rt-comment at krbdev.mit.edu Tue Sep 30 17:23:22 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 30 Sep 2008 21:23:22 +0000 (UTC) Subject: [krbdev.mit.edu #6140] SVN Commit In-Reply-To: Message-ID: KIM and CCAPI should share the same IPC and stream object types. Modified CCAPI to use code in src/util (stream) and src/util/mac (ipc) Commit By: lxs Revision: 20787 Changed Files: U trunk/src/ccapi/common/cci_common.h U trunk/src/ccapi/common/cci_cred_union.c U trunk/src/ccapi/common/cci_cred_union.h U trunk/src/ccapi/common/cci_identifier.c U trunk/src/ccapi/common/cci_identifier.h U trunk/src/ccapi/common/cci_message.c U trunk/src/ccapi/common/cci_message.h D trunk/src/ccapi/common/cci_stream.c D trunk/src/ccapi/common/cci_stream.h U trunk/src/ccapi/common/cci_types.h D trunk/src/ccapi/common/mac/cci_mig.defs D trunk/src/ccapi/common/mac/cci_mig_reply.defs D trunk/src/ccapi/common/mac/cci_mig_request.defs D trunk/src/ccapi/common/mac/cci_mig_types.h U trunk/src/ccapi/common/win/tls.c U trunk/src/ccapi/common/win/tls.h U trunk/src/ccapi/lib/ccapi_ccache.c U trunk/src/ccapi/lib/ccapi_ccache.h U trunk/src/ccapi/lib/ccapi_ccache_iterator.c U trunk/src/ccapi/lib/ccapi_ccache_iterator.h U trunk/src/ccapi/lib/ccapi_context.c U trunk/src/ccapi/lib/ccapi_credentials.c U trunk/src/ccapi/lib/ccapi_credentials.h U trunk/src/ccapi/lib/ccapi_credentials_iterator.c U trunk/src/ccapi/lib/ccapi_credentials_iterator.h U trunk/src/ccapi/lib/ccapi_ipc.c U trunk/src/ccapi/lib/ccapi_ipc.h U trunk/src/ccapi/lib/ccapi_os_ipc.h U trunk/src/ccapi/lib/mac/ccapi_os_ipc.c U trunk/src/ccapi/lib/win/ccapi_os_ipc.cxx U trunk/src/ccapi/lib/win/ccs_reply_proc.c U trunk/src/ccapi/lib/win/debug.exports U trunk/src/ccapi/server/ccs_cache_collection.c U trunk/src/ccapi/server/ccs_cache_collection.h U trunk/src/ccapi/server/ccs_callback.c U trunk/src/ccapi/server/ccs_callback.h U trunk/src/ccapi/server/ccs_ccache.c U trunk/src/ccapi/server/ccs_ccache.h U trunk/src/ccapi/server/ccs_ccache_iterator.c U trunk/src/ccapi/server/ccs_ccache_iterator.h U trunk/src/ccapi/server/ccs_credentials.c U trunk/src/ccapi/server/ccs_credentials.h U trunk/src/ccapi/server/ccs_credentials_iterator.c U trunk/src/ccapi/server/ccs_credentials_iterator.h U trunk/src/ccapi/server/ccs_list.c U trunk/src/ccapi/server/ccs_list.h U trunk/src/ccapi/server/ccs_list_internal.c U trunk/src/ccapi/server/ccs_list_internal.h U trunk/src/ccapi/server/ccs_os_server.h U trunk/src/ccapi/server/ccs_server.c U trunk/src/ccapi/server/ccs_server.h U trunk/src/ccapi/server/mac/ccs_os_server.c U trunk/src/ccapi/server/win/WorkItem.cpp U trunk/src/ccapi/server/win/WorkQueue.cpp U trunk/src/ccapi/server/win/WorkQueue.h U trunk/src/ccapi/server/win/ccs_os_server.cpp U trunk/src/ccapi/server/win/ccs_request_proc.c U trunk/src/ccapi/server/win/workitem.h U trunk/src/include/k5-ipc_stream.h U trunk/src/util/support/ipc_stream.c From rt-comment at krbdev.mit.edu Tue Sep 30 17:24:00 2008 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 30 Sep 2008 21:24:00 +0000 (UTC) Subject: [krbdev.mit.edu #6140] SVN Commit In-Reply-To: Message-ID: KfM build system changes for CCAPI Commit By: lxs Revision: 6520 Changed Files: U trunk/KerberosFramework/Kerberos5/Projects/Kerberos5.xcodeproj/project.pbxproj