PayPal

From rt-comment at krbdev.mit.edu Mon Jul 3 01:23:26 2006 From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT) Date: Mon, 3 Jul 2006 01:23:26 -0400 (EDT) Subject: [krbdev.mit.edu #3977] SVN Commit In-Reply-To: Message-ID: cc_mslsa.c: some versions of Win64 require the extension to be specified as part of the parameter to GetModuleHandle() in order to find a match. Commit By: jaltman Revision: 18320 Changed Files: U trunk/src/lib/krb5/ccache/cc_mslsa.c From rt-comment at krbdev.mit.edu Thu Jul 6 17:52:14 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Thu, 6 Jul 2006 17:52:14 -0400 (EDT) Subject: [krbdev.mit.edu #3962] krb5_get_server_rcache double free In-Reply-To: Message-ID: Upon further analysis, I conclude that the patch submitted with in this bug report is functionally identical to the patch submitted in ticket #3924. Both patches are against a common ancestor, and both patches resolve the double-free issue without creating a memory leak. From rt-comment at krbdev.mit.edu Sun Jul 9 13:45:39 2006 From: rt-comment at krbdev.mit.edu (Russ Allbery via RT) Date: Sun, 9 Jul 2006 13:45:39 -0400 (EDT) Subject: [krbdev.mit.edu #1650] [Simon Josefsson] Bug#200205: libkrb53: libgssapi_krb5: support GSSAPI version 2 In-Reply-To: Message-ID: This was fixed with the integration of the mechglue branch and is in 1.5. From rt-comment at krbdev.mit.edu Tue Jul 11 03:17:11 2006 From: rt-comment at krbdev.mit.edu (ofermultamuie@yahoo.com via RT) Date: Tue, 11 Jul 2006 03:17:11 -0400 (EDT) Subject: [krbdev.mit.edu #3992] PayPal Account Security Measures In-Reply-To: Message-ID: PayPal

June 2006

Dear users of PayPal services,
Due to upcoming year 2006, and recent changes in PayPal's Service Agreement you need to submit additional details on your PayPal account. Starting from 2006 all PayPal accounts will come with complete detailed information! Identity protection matters. And PayPal works day and night to help keep your identity safe.

Identity protection matters. Get Verified!

According the new changes in Service Agreement any unverified account will be deleted from the system in 72 hours after receiving this letter.

Your Account

Tips to Protect Your Account

PayPal's world class fraud investigators share 5 important actions you can take to help prevent identity theft and protect your account.

Update Your Profile
If you've closed a credit card or bank account recently, remember to go to PayPal's website to update your profile.

Identity Protection Highlights

			New spoof tutorial Learn how to spot and avoid fraudulent "spoof" emails and websites with PayPal's handy 5-step spoof tutorial.

			Protect yourself with tools Guard yourself against "spoof" emails with the SafetyBar, and against fraudulent websites with the eBay Toolbar.

			Checklist if you are a victim... When you suspect a problem with your identity, you have to act fast. Use PayPal's checklist for what you should do.

Merchant Offers



FREE Norton AntiSpam download with purchase of Norton AntiVirus.	Unlimited listening and downloading. All the music you want. FREE trial.	Learn about and fund locally run social and environmental projects.


		Thank You for using PayPal!

This notification was sent to you by PayPal. To modify your notification preferences, log in to your PayPal account, click the Profile sub-tab, then click the Notifications link under Account Information. Changes may take up to 10 days to be reflected in our mailings. PayPal will not sell or rent any of your personally identifiable information to third parties. For more information about the security of your information, read our Privacy Policy at https://www.paypal.com/privacy.

From rt-comment at krbdev.mit.edu Tue Jul 11 13:28:17 2006 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 11 Jul 2006 13:28:17 -0400 (EDT) Subject: [krbdev.mit.edu #3936] SVN Commit In-Reply-To: Message-ID: Cleaned up CCAPI v3 code to remove memory leaks. Fixed crashes in cc_ccache <-> krb5_ccache translation code. Still testing edge cases but the code seems to work now with the KfM CCAPI implementation. Commit By: lxs Revision: 18327 Changed Files: U trunk/src/lib/krb5/ccache/ccapi/stdcc.c U trunk/src/lib/krb5/ccache/ccapi/stdcc.h U trunk/src/lib/krb5/ccache/ccapi/stdcc_util.c U trunk/src/lib/krb5/ccache/ccapi/stdcc_util.h From rt-comment at krbdev.mit.edu Wed Jul 12 18:17:41 2006 From: rt-comment at krbdev.mit.edu (Russ Allbery via RT) Date: Wed, 12 Jul 2006 18:17:41 -0400 (EDT) Subject: [krbdev.mit.edu #3998] SVN Commit In-Reply-To: Message-ID: Apply patch from Mike Dopheide to document ktutil add_entry in the man page and fix some other spelling errors in the ktutil man page. Commit By: rra Revision: 18328 Changed Files: U trunk/src/kadmin/ktutil/ktutil.M From rt-comment at krbdev.mit.edu Sun Jul 16 18:49:01 2006 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Sun, 16 Jul 2006 18:49:01 -0400 (EDT) Subject: [krbdev.mit.edu #3971] broken configure test for dlopen In-Reply-To: Message-ID: Cy Schubert confirms this is a problem for building on FreeBSD as well. From rt-comment at krbdev.mit.edu Mon Jul 17 09:04:54 2006 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Mon, 17 Jul 2006 09:04:54 -0400 (EDT) Subject: [krbdev.mit.edu #3971] broken configure test for dlopen In-Reply-To: Message-ID: ... and Dennis Davis, likewise, for OpenBSD. When fixing this, we might also make this stop the configure or build process, on platforms where we build KDC binaries that we know would be broken. From rt-comment at krbdev.mit.edu Mon Jul 17 11:44:31 2006 From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT) Date: Mon, 17 Jul 2006 11:44:31 -0400 (EDT) Subject: [krbdev.mit.edu #3961] SVN Commit In-Reply-To: Message-ID: stdcc.c: fix v2 version of krb5_stdcc_resolve() cc_open() returning CC_NOEXIST should not be considered fatal. Commit By: jaltman Revision: 18329 Changed Files: U trunk/src/lib/krb5/ccache/ccapi/stdcc.c From rt-comment at krbdev.mit.edu Mon Jul 17 12:39:41 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Mon, 17 Jul 2006 12:39:41 -0400 (EDT) Subject: [krbdev.mit.edu #4012] SVN Commit In-Reply-To: Message-ID: * src/lib/gssapi/krb5/indicate_mechs.c: Reverse sense of test, since gssint_copy_oid_set() returns 0 on success. Commit By: tlyu Revision: 18330 Changed Files: U trunk/src/lib/gssapi/krb5/indicate_mechs.c From rt-comment at krbdev.mit.edu Mon Jul 17 13:56:01 2006 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Mon, 17 Jul 2006 13:56:01 -0400 (EDT) Subject: [krbdev.mit.edu #3971] SVN Commit In-Reply-To: Message-ID: (KRB5_AC_FIND_DLOPEN): Use AC_SEARCH_LIBS. Commit By: raeburn Revision: 18331 Changed Files: U trunk/src/aclocal.m4 From rt-comment at krbdev.mit.edu Mon Jul 17 18:30:12 2006 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Mon, 17 Jul 2006 18:30:12 -0400 (EDT) Subject: [krbdev.mit.edu #4014] testing support for ldap In-Reply-To: Message-ID: Just putting this in the tracker for the record. For 1.6, we *must* be able to do testing of the LDAP back end, ideally as part of automated testing. From rt-comment at krbdev.mit.edu Mon Jul 17 18:36:54 2006 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Mon, 17 Jul 2006 18:36:54 -0400 (EDT) Subject: [krbdev.mit.edu #4015] ldapi support In-Reply-To: Message-ID: The ldap kdb back end should get ldapi support added. From rt-comment at krbdev.mit.edu Mon Jul 17 18:39:57 2006 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Mon, 17 Jul 2006 18:39:57 -0400 (EDT) Subject: [krbdev.mit.edu #4016] better kdb5_util ldap integration In-Reply-To: Message-ID: Currently there's a separate program kdb5_ldap_util for doing various operations if the database is stored in ldap. What functionality can be merged into kdb5_util, and/or the DAL interface, should be... From rt-comment at krbdev.mit.edu Mon Jul 17 18:50:24 2006 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Mon, 17 Jul 2006 18:50:24 -0400 (EDT) Subject: [krbdev.mit.edu #3843] kadmin api can't return extended error info In-Reply-To: Message-ID: Fixing this will be necessary for proper LDAP support. From rt-comment at krbdev.mit.edu Mon Jul 17 20:40:31 2006 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Mon, 17 Jul 2006 20:40:31 -0400 (EDT) Subject: [krbdev.mit.edu #2935] SVN Commit In-Reply-To: Message-ID: Merge remaining changes from LDAP integration branch svn+ssh://svn.mit.edu/krb5/branches/ldap-integ at 18333. * plugins/kdb/ldap: New directory. * aclocal.m4 (WITH_LDAP): New macro. (CONFIG_RULES): Invoke it. * configure.in: Test ldap option, maybe configure and generate makefiles for new directories, and set and substitute ldap_plugin_dir. * Makefile.in (SUBDIRS): Add @ldap_plugin_dir at . * kdc/krb5kdc.M, kadmin/server/kadmind.M, kadmin/cli/kadmin.M, config-files/krb5.conf.M: Document LDAP changes (new options, config file entries, etc). * lib/kdb/kdb5.c (kdb_load_library): Put more info in error message. * lib/kadm5/admin.h (KADM5_CPW_FUNCTION, KADM5_RANDKEY_USED, KADM5_CONFIG_PASSWD_SERVER): New macros, disabled for now. (struct _kadm5_config_params): New field kpasswd_server, commented out for now. * lib/krb5/error_tables/kdb5_err.et: Add error codes KRB5_KDB_ACCESS_ERROR, KRB5_KDB_INTERNAL_ERROR, KRB5_KDB_CONSTRAINT_VIOLATION. Commit By: raeburn Revision: 18334 Changed Files: U trunk/src/Makefile.in U trunk/src/aclocal.m4 U trunk/src/config-files/krb5.conf.M U trunk/src/configure.in U trunk/src/kadmin/cli/kadmin.M U trunk/src/kadmin/server/kadmind.M U trunk/src/kadmin/server/ovsec_kadmd.c U trunk/src/kdc/krb5kdc.M U trunk/src/lib/kadm5/admin.h U trunk/src/lib/kdb/kdb5.c U trunk/src/lib/krb5/error_tables/kdb5_err.et A trunk/src/plugins/kdb/ldap/ _U trunk/src/plugins/kdb/ldap/libkdb_ldap/ From rt-comment at krbdev.mit.edu Tue Jul 18 15:24:31 2006 From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT) Date: Tue, 18 Jul 2006 15:24:31 -0400 (EDT) Subject: [krbdev.mit.edu #4020] SVN Commit In-Reply-To: Message-ID: This commit corrects errors in the Wix installer script files that violate the Wix schema but which were not caught by earlier releases of the Wix 2.0 installer. Commit By: jaltman Revision: 18335 Changed Files: U trunk/src/windows/installer/wix/config.wxi U trunk/src/windows/installer/wix/features.wxi U trunk/src/windows/installer/wix/files.wxi U trunk/src/windows/installer/wix/kfw.wxs U trunk/src/windows/installer/wix/lang/ui_1033.wxi U trunk/src/windows/installer/wix/property.wxi U trunk/src/windows/installer/wix/site-local.wxi From rt-comment at krbdev.mit.edu Tue Jul 18 15:43:59 2006 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 18 Jul 2006 15:43:59 -0400 (EDT) Subject: [krbdev.mit.edu #4021] SVN Commit In-Reply-To: Message-ID: authgss_refresh(): Use GSS_C_NO_CHANNEL_BINDINGS macro instead of NULL with gss_init_sec_context to increase readbility. Commit By: lxs Revision: 18337 Changed Files: U trunk/src/lib/rpc/auth_gss.c From rt-comment at krbdev.mit.edu Tue Jul 18 16:01:33 2006 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 18 Jul 2006 16:01:33 -0400 (EDT) Subject: [krbdev.mit.edu #4023] Turn off KLL automatic prompting support in kadmin In-Reply-To: Message-ID: kadmin should turn off automatic prompting to avoid popping up dialogs and generating extra prompts since it already does its own prompting. From rt-comment at krbdev.mit.edu Tue Jul 18 16:03:16 2006 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 18 Jul 2006 16:03:16 -0400 (EDT) Subject: [krbdev.mit.edu #4023] SVN Commit In-Reply-To: Message-ID: kadmin_startup(): Turn off KLL automatic prompting support in kadmin Commit By: lxs Revision: 18339 Changed Files: U trunk/src/kadmin/cli/kadmin.c From rt-comment at krbdev.mit.edu Tue Jul 18 16:07:41 2006 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 18 Jul 2006 16:07:41 -0400 (EDT) Subject: [krbdev.mit.edu #4024] gss_acquire_cred auto prompt support shouldn't break gss_krb5_ccache_name() In-Reply-To: Message-ID: gss_acquire_cred auto prompt support currently breaks gss_krb5_ccache_name(). If someone has set the ccache name and asks for a particular name, gss_acquire_cred does not look for the desired name in the ccache first but instead walks the cache collection looking for it. I believe this is broken on both the KLL and the Leash versions of the code. Noticed this because it break kadmin when you have tickets in your cache collection for the principal you are using with kadmin. From rt-comment at krbdev.mit.edu Tue Jul 18 16:11:45 2006 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 18 Jul 2006 16:11:45 -0400 (EDT) Subject: [krbdev.mit.edu #4024] SVN Commit In-Reply-To: Message-ID: acquire_cred(): Fixed KLL support to try the default ccache first if it is set. Commit By: lxs Revision: 18340 Changed Files: U trunk/src/lib/gssapi/krb5/acquire_cred.c From rt-comment at krbdev.mit.edu Tue Jul 18 22:28:32 2006 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 18 Jul 2006 22:28:32 -0400 (EDT) Subject: [krbdev.mit.edu #4024] SVN Commit In-Reply-To: Message-ID: acquire_cred(): Realized that my previous patch now basically favors the ccache over the desired name. Added a KLL function to search for the desired name, favoring the default ccache. Commit By: lxs Revision: 18341 Changed Files: U trunk/src/lib/gssapi/krb5/acquire_cred.c From rt-comment at krbdev.mit.edu Wed Jul 19 12:15:04 2006 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Wed, 19 Jul 2006 12:15:04 -0400 (EDT) Subject: [krbdev.mit.edu #4025] SVN Commit In-Reply-To: Message-ID: Our current scheme doesn't find tclConfig.sh as installed by NetBSD's pkg system, even if it finds tclsh and gets the library pathname from it. The problem is that tclConfig.sh is one directory up. * aclocal.m4 (AC_KRB5_TCL_FIND_CONFIG): Check $tcl_dir/.. for tclConfig.sh. Commit By: raeburn Revision: 18342 Changed Files: U trunk/src/aclocal.m4 From rt-comment at krbdev.mit.edu Wed Jul 19 14:14:07 2006 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Wed, 19 Jul 2006 14:14:07 -0400 (EDT) Subject: [krbdev.mit.edu #4024] SVN Commit In-Reply-To: Message-ID: acquire_cred(), kg_caller_provided_ccache_name(): On further reflection and testing the correct thing appears to be to have gss_krb5_ccache_name() stop gss_acquire_cred() from searching for the desired name in the cache collection. If the caller sets the ccache name then gss_acquire_cred will only look in that ccache. Added kg_caller_provided_ccache_name() to tell whether or not the caller has actually set the ccache. This should fix the problem for both Mac OS X and Windows. Commit By: lxs Revision: 18343 Changed Files: U trunk/src/lib/gssapi/krb5/acquire_cred.c U trunk/src/lib/gssapi/krb5/gssapiP_krb5.h U trunk/src/lib/gssapi/krb5/gssapi_krb5.c From rt-comment at krbdev.mit.edu Wed Jul 19 18:21:16 2006 From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT) Date: Wed, 19 Jul 2006 18:21:16 -0400 (EDT) Subject: [krbdev.mit.edu #4027] Windows: NSIS updates for 2.18 release In-Reply-To: Message-ID: No ticket created by svn commit. This ticket is a manual replacement. svn rev #18336: trunk/src/windows/installer/nsis/ Commit By: jaltman Log Message: ticket: new subject: Windows: NSIS updates for 2.18 release This commit corrects errors in the NSIS installer scripts that prevent installer builds using NSIS 2.18. Changed Files: U trunk/src/windows/installer/nsis/licenses.rtf U trunk/src/windows/installer/nsis/nsi-includes.nsi U trunk/src/windows/installer/nsis/site-local.nsi U trunk/src/windows/installer/nsis/utils.nsi From rt-comment at krbdev.mit.edu Wed Jul 19 18:36:17 2006 From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT) Date: Wed, 19 Jul 2006 18:36:17 -0400 (EDT) Subject: [krbdev.mit.edu #4028] SVN Commit In-Reply-To: Message-ID: The following patch updates the NetIDMgr: * allow plug-ins to be marked "do not unload" in order to support DLLs that create threads that are not properly cleaned up as part of library unload. * allow plug-ins to be marked "disabled" * Additional changes to deal with Microsoft's efforts to deprecate all of the str C runtime functions. * Improvements to Manifest processing in the build system * Addition of Tooltip support to the Toolbar. Dragging the mouse over toolbar buttons displays textual descriptions. * Correct the behavior of the New Credentials Dialog to disable the "Ok" button after it has been pressed. * Add support to allow plugin configuration data to be distributed as part of transforms to the MSI installer. Commit By: jaltman Revision: 18344 Changed Files: U trunk/src/windows/identity/apiversion.txt U trunk/src/windows/identity/config/Makefile.w32 U trunk/src/windows/identity/kconfig/api.c U trunk/src/windows/identity/kconfig/kconfig.h U trunk/src/windows/identity/kconfig/kconfiginternal.h U trunk/src/windows/identity/kmm/kmm.h U trunk/src/windows/identity/kmm/kmm_plugin.c U trunk/src/windows/identity/kmm/kmm_reg.c U trunk/src/windows/identity/kmm/kmm_registrar.c U trunk/src/windows/identity/kmm/kmmconfig.csv U trunk/src/windows/identity/kmm/kmminternal.h U trunk/src/windows/identity/nidmgrdll/Makefile U trunk/src/windows/identity/plugins/krb4/Makefile U trunk/src/windows/identity/plugins/krb4/krb4configdlg.c U trunk/src/windows/identity/plugins/krb4/krb4funcs.c U trunk/src/windows/identity/plugins/krb4/krb4newcreds.c U trunk/src/windows/identity/plugins/krb4/krb4plugin.c U trunk/src/windows/identity/plugins/krb4/krbconfig.csv U trunk/src/windows/identity/plugins/krb5/Makefile U trunk/src/windows/identity/plugins/krb5/krb5configcc.c U trunk/src/windows/identity/plugins/krb5/krb5configdlg.c U trunk/src/windows/identity/plugins/krb5/krb5configid.c U trunk/src/windows/identity/plugins/krb5/krb5configids.c U trunk/src/windows/identity/plugins/krb5/krb5funcs.c U trunk/src/windows/identity/plugins/krb5/krb5newcreds.c U trunk/src/windows/identity/plugins/krb5/krbconfig.csv U trunk/src/windows/identity/plugins/krb5/krbcred.h U trunk/src/windows/identity/ui/Makefile U trunk/src/windows/identity/ui/aboutwnd.c U trunk/src/windows/identity/ui/configwnd.c U trunk/src/windows/identity/ui/lang/en_us/khapp.rc U trunk/src/windows/identity/ui/main.c U trunk/src/windows/identity/ui/newcredwnd.c U trunk/src/windows/identity/ui/resource.h U trunk/src/windows/identity/ui/toolbar.c U trunk/src/windows/identity/uilib/actions.csv U trunk/src/windows/identity/uilib/khnewcred.h U trunk/src/windows/identity/uilib/khuidefs.h U trunk/src/windows/identity/util/perfstat.c From rt-comment at krbdev.mit.edu Fri Jul 21 09:48:45 2006 From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT) Date: Fri, 21 Jul 2006 09:48:45 -0400 (EDT) Subject: [krbdev.mit.edu #4032] SVN Commit In-Reply-To: Message-ID: documentation updates for the kfw 3.1 msi deployment guide. Commit By: jaltman Revision: 18346 Changed Files: U trunk/src/windows/installer/wix/msi-deployment-guide.txt From rt-comment at krbdev.mit.edu Fri Jul 21 10:04:44 2006 From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT) Date: Fri, 21 Jul 2006 10:04:44 -0400 (EDT) Subject: [krbdev.mit.edu #4033] Windows NetIDMgr documentation In-Reply-To: Message-ID: *** This ticket was manually generated. *** svn rev #18345: trunk/src/windows/identity/doc/ Commit By: jaltman Log Message: ticket: new subject: Windows NetIDMgr documentation NetIDMgr 1.1 documentation for KFW 3.1 release Changed Files: U trunk/src/windows/identity/doc/netidmgr.doc U trunk/src/windows/identity/doc/netidmgr.pdf From rt-comment at krbdev.mit.edu Fri Jul 21 13:39:49 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Fri, 21 Jul 2006 13:39:49 -0400 (EDT) Subject: [krbdev.mit.edu #4035] SVN Commit In-Reply-To: Message-ID: test commit handler Commit By: tlyu Revision: 18347 Changed Files: A branches/commit-handler-test/ From rt-comment at krbdev.mit.edu Fri Jul 21 13:41:49 2006 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Fri, 21 Jul 2006 13:41:49 -0400 (EDT) Subject: [krbdev.mit.edu #4036] SVN Commit In-Reply-To: Message-ID: We shouldn't accept --enable-static at configure time when we know it's not going to work at build time. * aclocal.m4 (KRB5_LIB_AUX): Error out if --enable-static. Commit By: raeburn Revision: 18348 Changed Files: U trunk/src/aclocal.m4 From rt-comment at krbdev.mit.edu Fri Jul 21 13:42:27 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Fri, 21 Jul 2006 13:42:27 -0400 (EDT) Subject: [krbdev.mit.edu #4035] SVN Commit In-Reply-To: Message-ID: delete Commit By: tlyu Revision: 18349 Changed Files: D branches/commit-handler-test/ From rt-comment at krbdev.mit.edu Fri Jul 21 13:49:14 2006 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Fri, 21 Jul 2006 13:49:14 -0400 (EDT) Subject: [krbdev.mit.edu #4037] SVN Commit In-Reply-To: Message-ID: An LDFLAGS setting at configure time is ignored in parts of the build. * shlib.conf (*-*-netbsd*): Use $(CC) for LDCOMBINE, and include $(LDFLAGS). Commit By: raeburn Revision: 18350 Changed Files: U trunk/src/config/shlib.conf From rt-comment at krbdev.mit.edu Fri Jul 21 15:03:09 2006 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Fri, 21 Jul 2006 15:03:09 -0400 (EDT) Subject: [krbdev.mit.edu #4036] SVN Commit In-Reply-To: Message-ID: * aclocal.m4 (KRB5_LIB_AUX): Disallow --enable-profiled and --disable-shared options as well. Don't generate help messages for these options. Commit By: raeburn Revision: 18352 Changed Files: U trunk/src/aclocal.m4 From rt-comment at krbdev.mit.edu Fri Jul 21 19:09:20 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Fri, 21 Jul 2006 19:09:20 -0400 (EDT) Subject: [krbdev.mit.edu #3542] SVN Commit In-Reply-To: Message-ID: pull up r17752 from trunk r17752 at cathode-dark-space: jaltman | 2006-03-20 18:23:33 -0500 ticket: new This commit updates: + the HTMLHelp formatted documentation + the build system to produce separate binaries for Windows 2000 and Windows XP and beyond. Separate binaries are required because we make heavy use of some of the UI features found in XP that don't exist in 2000. If we build only for XP then the binaries won't run on 2000 and if we build for 2000, then the functionality we desire for balloon text and the tracker windows does not work properly on XP or above. (Note for Vista we will need to build three sets of binaries if we want to take advantage of the new functionality that is available only there.) + Add more debugging to the krb4 plug-in and ensure that all checkboxes are initialized. + remove plugins/krb5/krb5util.c which is an unused file + Use mixed case for Alt, Ctrl and Shift text designators + Increment the build number to 1.1.0.1 + Plug a memory leak when dialogs are closed + Add a new Options->Appearance configuration page that can be used to allow user customized font selection. This page will also be used for custom color selection in a future release. Commit By: tlyu Revision: 18353 Changed Files: _U branches/krb5-1-4/ U branches/krb5-1-4/src/windows/identity/Makefile U branches/krb5-1-4/src/windows/identity/config/Makefile A branches/krb5-1-4/src/windows/identity/config/Makefile.w2k U branches/krb5-1-4/src/windows/identity/config/Makefile.w32 U branches/krb5-1-4/src/windows/identity/doc/netidmgr.doc U branches/krb5-1-4/src/windows/identity/help/Makefile U branches/krb5-1-4/src/windows/identity/help/html/act_new_creds.htm U branches/krb5-1-4/src/windows/identity/help/html/act_renew_creds.htm U branches/krb5-1-4/src/windows/identity/help/html/act_set_default.htm U branches/krb5-1-4/src/windows/identity/help/html/concept_cred_pro.htm U branches/krb5-1-4/src/windows/identity/help/html/concept_ident_pro.htm U branches/krb5-1-4/src/windows/identity/help/html/concept_identity.htm U branches/krb5-1-4/src/windows/identity/help/html/concepts.htm U branches/krb5-1-4/src/windows/identity/help/html/copyright.htm U branches/krb5-1-4/src/windows/identity/help/html/howdoi.htm U branches/krb5-1-4/src/windows/identity/help/html/images/screen_menu_bar.bmp U branches/krb5-1-4/src/windows/identity/help/html/images/screen_menu_credential.bmp U branches/krb5-1-4/src/windows/identity/help/html/images/screen_menu_file.bmp U branches/krb5-1-4/src/windows/identity/help/html/images/screen_menu_help.bmp U branches/krb5-1-4/src/windows/identity/help/html/images/screen_menu_options.bmp U branches/krb5-1-4/src/windows/identity/help/html/images/screen_menu_view.bmp U branches/krb5-1-4/src/windows/identity/help/html/menu_all.htm U branches/krb5-1-4/src/windows/identity/help/html/menu_credential.htm U branches/krb5-1-4/src/windows/identity/help/html/menu_file.htm U branches/krb5-1-4/src/windows/identity/help/html/menu_help.htm U branches/krb5-1-4/src/windows/identity/help/html/menu_options.htm U branches/krb5-1-4/src/windows/identity/help/html/menu_view.htm U branches/krb5-1-4/src/windows/identity/help/html/use_start.htm U branches/krb5-1-4/src/windows/identity/help/html/using.htm U branches/krb5-1-4/src/windows/identity/help/toc.hhc A branches/krb5-1-4/src/windows/identity/nidmgrdll/Makefile.w2k U branches/krb5-1-4/src/windows/identity/plugins/krb4/krb4newcreds.c D branches/krb5-1-4/src/windows/identity/plugins/krb5/krb5util.c U branches/krb5-1-4/src/windows/identity/ui/Makefile A branches/krb5-1-4/src/windows/identity/ui/Makefile.w2k A branches/krb5-1-4/src/windows/identity/ui/cfg_appear_wnd.c U branches/krb5-1-4/src/windows/identity/ui/cfg_general_wnd.c U branches/krb5-1-4/src/windows/identity/ui/configwnd.c U branches/krb5-1-4/src/windows/identity/ui/configwnd.h U branches/krb5-1-4/src/windows/identity/ui/credwnd.c U branches/krb5-1-4/src/windows/identity/ui/credwnd.h U branches/krb5-1-4/src/windows/identity/ui/lang/en_us/khapp.rc U branches/krb5-1-4/src/windows/identity/ui/mainwnd.c U branches/krb5-1-4/src/windows/identity/ui/notifier.c U branches/krb5-1-4/src/windows/identity/ui/resource.h A branches/krb5-1-4/src/windows/identity/uilib/Makefile.w2k U branches/krb5-1-4/src/windows/identity/uilib/action.c U branches/krb5-1-4/src/windows/identity/uilib/actions.csv U branches/krb5-1-4/src/windows/identity/uilib/khactiondef.h From rt-comment at krbdev.mit.edu Fri Jul 21 19:09:31 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Fri, 21 Jul 2006 19:09:31 -0400 (EDT) Subject: [krbdev.mit.edu #3542] SVN Commit In-Reply-To: Message-ID: pull up r17753 from trunk r17753 at cathode-dark-space: jaltman | 2006-03-21 00:27:43 -0500 ticket: 3542 Updates for the Network Identity Manager User Guide for KFW 3.1.0. Commit By: tlyu Revision: 18354 Changed Files: _U branches/krb5-1-4/ U branches/krb5-1-4/src/windows/identity/doc/netidmgr.doc U branches/krb5-1-4/src/windows/identity/doc/netidmgr.pdf From rt-comment at krbdev.mit.edu Fri Jul 21 19:09:39 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Fri, 21 Jul 2006 19:09:39 -0400 (EDT) Subject: [krbdev.mit.edu #3542] SVN Commit In-Reply-To: Message-ID: pull up r17831 from trunk r17831 at cathode-dark-space: jaltman | 2006-04-01 23:21:29 -0500 ticket: new Commit By: tlyu Revision: 18355 Changed Files: _U branches/krb5-1-4/ U branches/krb5-1-4/src/windows/identity/help/html/concept_identity.htm U branches/krb5-1-4/src/windows/identity/help/html/concepts.htm A branches/krb5-1-4/src/windows/identity/help/html/images/appicon_empty.bmp A branches/krb5-1-4/src/windows/identity/help/html/images/appicon_expired.bmp A branches/krb5-1-4/src/windows/identity/help/html/images/appicon_good.bmp A branches/krb5-1-4/src/windows/identity/help/html/images/appicon_warnexp.bmp A branches/krb5-1-4/src/windows/identity/help/html/images/appicon_warning.bmp A branches/krb5-1-4/src/windows/identity/help/html/images/screen_menu_view_cols.bmp A branches/krb5-1-4/src/windows/identity/help/html/use_icon.htm A branches/krb5-1-4/src/windows/identity/help/html/use_layout.htm From rt-comment at krbdev.mit.edu Fri Jul 21 19:09:49 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Fri, 21 Jul 2006 19:09:49 -0400 (EDT) Subject: [krbdev.mit.edu #3542] SVN Commit In-Reply-To: Message-ID: pull up r17832 from trunk r17832 at cathode-dark-space: jaltman | 2006-04-01 23:28:26 -0500 ticket: new Results from Kerberos Interop session: - 64-bit Windows compatibility - correct uninitialized variables - work without kerberos 4 libraries including krb524 - add a mechanism to add and remove identities from the options dialog. This allows a configuration to be specified using a separate file based ccache for each identity - work without availability of ccapi - force a renew of credentials on startup to support the case when MSLSA is the only credential cache Commit By: tlyu Revision: 18356 Changed Files: _U branches/krb5-1-4/ U branches/krb5-1-4/src/windows/identity/kconfig/api.c U branches/krb5-1-4/src/windows/identity/kconfig/kconfiginternal.h U branches/krb5-1-4/src/windows/identity/kcreddb/buf.c U branches/krb5-1-4/src/windows/identity/kcreddb/identity.c U branches/krb5-1-4/src/windows/identity/kcreddb/kcreddb.h U branches/krb5-1-4/src/windows/identity/kcreddb/type.c U branches/krb5-1-4/src/windows/identity/kherr/kherr.c U branches/krb5-1-4/src/windows/identity/kherr/kherr.h U branches/krb5-1-4/src/windows/identity/kherr/kherrinternal.h U branches/krb5-1-4/src/windows/identity/kmm/kmm_registrar.c U branches/krb5-1-4/src/windows/identity/kmm/kplugin.h U branches/krb5-1-4/src/windows/identity/kmq/init.c U branches/krb5-1-4/src/windows/identity/kmq/msgtype.c U branches/krb5-1-4/src/windows/identity/plugins/common/dynimport.c U branches/krb5-1-4/src/windows/identity/plugins/common/krb5common.c U branches/krb5-1-4/src/windows/identity/plugins/krb4/errorfuncs.c U branches/krb5-1-4/src/windows/identity/plugins/krb4/krb4plugin.c U branches/krb5-1-4/src/windows/identity/plugins/krb5/krb5configdlg.c U branches/krb5-1-4/src/windows/identity/plugins/krb5/krb5funcs.c U branches/krb5-1-4/src/windows/identity/plugins/krb5/krb5identpro.c U branches/krb5-1-4/src/windows/identity/plugins/krb5/krb5newcreds.c U branches/krb5-1-4/src/windows/identity/ui/cfg_general_wnd.c U branches/krb5-1-4/src/windows/identity/ui/cfg_identities_wnd.c U branches/krb5-1-4/src/windows/identity/ui/configwnd.c U branches/krb5-1-4/src/windows/identity/ui/credfuncs.c U branches/krb5-1-4/src/windows/identity/ui/credfuncs.h U branches/krb5-1-4/src/windows/identity/ui/credwnd.c U branches/krb5-1-4/src/windows/identity/ui/htwnd.c U branches/krb5-1-4/src/windows/identity/ui/lang/en_us/khapp.rc U branches/krb5-1-4/src/windows/identity/ui/main.c U branches/krb5-1-4/src/windows/identity/ui/mainwnd.c U branches/krb5-1-4/src/windows/identity/ui/newcredwnd.c U branches/krb5-1-4/src/windows/identity/ui/resource.h U branches/krb5-1-4/src/windows/identity/ui/statusbar.c U branches/krb5-1-4/src/windows/identity/uilib/configui.c U branches/krb5-1-4/src/windows/identity/uilib/creddlg.c U branches/krb5-1-4/src/windows/identity/uilib/khconfigui.h U branches/krb5-1-4/src/windows/identity/util/mstring.c U branches/krb5-1-4/src/windows/identity/util/sync.c From rt-comment at krbdev.mit.edu Fri Jul 21 19:09:55 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Fri, 21 Jul 2006 19:09:55 -0400 (EDT) Subject: [krbdev.mit.edu #3542] SVN Commit In-Reply-To: Message-ID: pull up r17907 from trunk r17907 at cathode-dark-space: jaltman | 2006-04-13 22:48:45 -0400 ticket: 3542 status: open identity/plugins/common/dynimport.c: During the interop session we concluded that the ccapi32.dll should not be required for netidmgr to operate. netidmgr should work with only FILE: ccaches. After the interop the removal of the error check post-load was not removed. identity/doc/Makefile: The 'clean' rules failed to specify the /Q switch which silently removes the directory tree. As a result, during the build the user was prompted. Commit By: tlyu Revision: 18357 Changed Files: _U branches/krb5-1-4/ U branches/krb5-1-4/src/windows/identity/doc/Makefile U branches/krb5-1-4/src/windows/identity/plugins/common/dynimport.c From rt-comment at krbdev.mit.edu Fri Jul 21 19:17:12 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Fri, 21 Jul 2006 19:17:12 -0400 (EDT) Subject: [krbdev.mit.edu #3938] SVN Commit In-Reply-To: Message-ID: pull up r18212 from trunk r18212 at cathode-dark-space: jaltman | 2006-06-25 15:21:41 -0400 ticket: new subject: NetIDMgr updates * add scrollbars to option tree pane in configuration dialog * convert to using Microsoft's safe string library both to ensure safe string manipulation and to avoid deprecation warnings * disable deprecation warnings for Platform SDK header shlwapi.h which cannot otherwise be compiled * add kerberos 5 kvno property to tickets. display in properties dialog and main window if column selected by user * improve manifest handling in order to support both manifests generated by the compiler and those hand crafted in order to specify the correct versions of the custom control libraries. * update khimaira message types and credential acquisition documentation Commit By: tlyu Revision: 18358 Changed Files: _U branches/krb5-1-4/ U branches/krb5-1-4/src/windows/identity/apiversion.txt U branches/krb5-1-4/src/windows/identity/config/Makefile.w2k U branches/krb5-1-4/src/windows/identity/config/Makefile.w32 U branches/krb5-1-4/src/windows/identity/include/khmsgtypes.h U branches/krb5-1-4/src/windows/identity/kconfig/api.c U branches/krb5-1-4/src/windows/identity/kcreddb/credential.c U branches/krb5-1-4/src/windows/identity/kcreddb/credtype.c U branches/krb5-1-4/src/windows/identity/kcreddb/type.c U branches/krb5-1-4/src/windows/identity/nidmgrdll/Makefile U branches/krb5-1-4/src/windows/identity/plugins/common/krb5common.c U branches/krb5-1-4/src/windows/identity/plugins/common/krb5common.h U branches/krb5-1-4/src/windows/identity/plugins/krb4/Makefile U branches/krb5-1-4/src/windows/identity/plugins/krb4/errorfuncs.c U branches/krb5-1-4/src/windows/identity/plugins/krb4/krb4funcs.c U branches/krb5-1-4/src/windows/identity/plugins/krb4/krb4newcreds.c U branches/krb5-1-4/src/windows/identity/plugins/krb5/Makefile U branches/krb5-1-4/src/windows/identity/plugins/krb5/datarep.c U branches/krb5-1-4/src/windows/identity/plugins/krb5/datarep.h U branches/krb5-1-4/src/windows/identity/plugins/krb5/krb5configcc.c U branches/krb5-1-4/src/windows/identity/plugins/krb5/krb5configdlg.c U branches/krb5-1-4/src/windows/identity/plugins/krb5/krb5configid.c U branches/krb5-1-4/src/windows/identity/plugins/krb5/krb5configids.c U branches/krb5-1-4/src/windows/identity/plugins/krb5/krb5funcs.c U branches/krb5-1-4/src/windows/identity/plugins/krb5/krb5identpro.c U branches/krb5-1-4/src/windows/identity/plugins/krb5/krb5main.c U branches/krb5-1-4/src/windows/identity/plugins/krb5/krbcred.h U branches/krb5-1-4/src/windows/identity/plugins/krb5/lang/en_us/langres.rc U branches/krb5-1-4/src/windows/identity/plugins/krb5/langres.h U branches/krb5-1-4/src/windows/identity/ui/Makefile U branches/krb5-1-4/src/windows/identity/ui/credwnd.c U branches/krb5-1-4/src/windows/identity/ui/debugfuncs.c U branches/krb5-1-4/src/windows/identity/ui/htwnd.c U branches/krb5-1-4/src/windows/identity/ui/htwnd.h U branches/krb5-1-4/src/windows/identity/ui/newcredwnd.c U branches/krb5-1-4/src/windows/identity/uilib/action.c U branches/krb5-1-4/src/windows/identity/uilib/alert.c U branches/krb5-1-4/src/windows/identity/uilib/configui.c U branches/krb5-1-4/src/windows/identity/uilib/creddlg.c U branches/krb5-1-4/src/windows/identity/uilib/khnewcred.h U branches/krb5-1-4/src/windows/identity/util/perfstat.c From rt-comment at krbdev.mit.edu Fri Jul 21 19:20:15 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Fri, 21 Jul 2006 19:20:15 -0400 (EDT) Subject: [krbdev.mit.edu #3512] SVN Commit In-Reply-To: Message-ID: pull up r17729 from trunk r17729 at cathode-dark-space: jaltman | 2006-03-11 00:06:26 -0500 ticket: new tags: pullup - replace icon with the NetIDMgr icon - replace references to Leash with NetIDMgr Commit By: tlyu Revision: 18359 Changed Files: _U branches/krb5-1-4/ U branches/krb5-1-4/src/windows/installer/nsis/ChangeLog U branches/krb5-1-4/src/windows/installer/nsis/KfWConfigPage2.ini U branches/krb5-1-4/src/windows/installer/nsis/kfw.ico From rt-comment at krbdev.mit.edu Fri Jul 21 19:24:15 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Fri, 21 Jul 2006 19:24:15 -0400 (EDT) Subject: [krbdev.mit.edu #3521] SVN Commit In-Reply-To: Message-ID: pull up r17735 from trunk r17735 at cathode-dark-space: jaltman | 2006-03-13 12:02:13 -0500 ticket: new add new file windows/winlevel.h and update windows/version.rc to allow for a configurable KRB5_BUILDLEVEL. This will be used to distinguish binary files from the same version 1.4.3 but different releases (alpha-1, alpha-2, beta-1, beta-2, final) Commit By: tlyu Revision: 18360 Changed Files: _U branches/krb5-1-4/ U branches/krb5-1-4/src/windows/ChangeLog U branches/krb5-1-4/src/windows/version.rc A branches/krb5-1-4/src/windows/winlevel.h From rt-comment at krbdev.mit.edu Fri Jul 21 19:28:03 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Fri, 21 Jul 2006 19:28:03 -0400 (EDT) Subject: [krbdev.mit.edu #3938] SVN Commit In-Reply-To: Message-ID: pull up r18212 from trunk r18212 at cathode-dark-space: jaltman | 2006-06-25 15:21:41 -0400 ticket: new subject: NetIDMgr updates * add scrollbars to option tree pane in configuration dialog * convert to using Microsoft's safe string library both to ensure safe string manipulation and to avoid deprecation warnings * disable deprecation warnings for Platform SDK header shlwapi.h which cannot otherwise be compiled * add kerberos 5 kvno property to tickets. display in properties dialog and main window if column selected by user * improve manifest handling in order to support both manifests generated by the compiler and those hand crafted in order to specify the correct versions of the custom control libraries. * update khimaira message types and credential acquisition documentation Commit By: tlyu Revision: 18361 Changed Files: _U branches/krb5-1-5/ U branches/krb5-1-5/src/windows/identity/apiversion.txt U branches/krb5-1-5/src/windows/identity/config/Makefile.w2k U branches/krb5-1-5/src/windows/identity/config/Makefile.w32 U branches/krb5-1-5/src/windows/identity/include/khmsgtypes.h U branches/krb5-1-5/src/windows/identity/kconfig/api.c U branches/krb5-1-5/src/windows/identity/kcreddb/credential.c U branches/krb5-1-5/src/windows/identity/kcreddb/credtype.c U branches/krb5-1-5/src/windows/identity/kcreddb/type.c U branches/krb5-1-5/src/windows/identity/nidmgrdll/Makefile U branches/krb5-1-5/src/windows/identity/plugins/common/krb5common.c U branches/krb5-1-5/src/windows/identity/plugins/common/krb5common.h U branches/krb5-1-5/src/windows/identity/plugins/krb4/Makefile U branches/krb5-1-5/src/windows/identity/plugins/krb4/errorfuncs.c U branches/krb5-1-5/src/windows/identity/plugins/krb4/krb4funcs.c U branches/krb5-1-5/src/windows/identity/plugins/krb4/krb4newcreds.c U branches/krb5-1-5/src/windows/identity/plugins/krb5/Makefile U branches/krb5-1-5/src/windows/identity/plugins/krb5/datarep.c U branches/krb5-1-5/src/windows/identity/plugins/krb5/datarep.h U branches/krb5-1-5/src/windows/identity/plugins/krb5/krb5configcc.c U branches/krb5-1-5/src/windows/identity/plugins/krb5/krb5configdlg.c U branches/krb5-1-5/src/windows/identity/plugins/krb5/krb5configid.c U branches/krb5-1-5/src/windows/identity/plugins/krb5/krb5configids.c U branches/krb5-1-5/src/windows/identity/plugins/krb5/krb5funcs.c U branches/krb5-1-5/src/windows/identity/plugins/krb5/krb5identpro.c U branches/krb5-1-5/src/windows/identity/plugins/krb5/krb5main.c U branches/krb5-1-5/src/windows/identity/plugins/krb5/krbcred.h U branches/krb5-1-5/src/windows/identity/plugins/krb5/lang/en_us/langres.rc U branches/krb5-1-5/src/windows/identity/plugins/krb5/langres.h U branches/krb5-1-5/src/windows/identity/ui/Makefile U branches/krb5-1-5/src/windows/identity/ui/credwnd.c U branches/krb5-1-5/src/windows/identity/ui/debugfuncs.c U branches/krb5-1-5/src/windows/identity/ui/htwnd.c U branches/krb5-1-5/src/windows/identity/ui/htwnd.h U branches/krb5-1-5/src/windows/identity/ui/newcredwnd.c U branches/krb5-1-5/src/windows/identity/uilib/action.c U branches/krb5-1-5/src/windows/identity/uilib/alert.c U branches/krb5-1-5/src/windows/identity/uilib/configui.c U branches/krb5-1-5/src/windows/identity/uilib/creddlg.c U branches/krb5-1-5/src/windows/identity/uilib/khnewcred.h U branches/krb5-1-5/src/windows/identity/util/perfstat.c From rt-comment at krbdev.mit.edu Fri Jul 21 19:32:05 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Fri, 21 Jul 2006 19:32:05 -0400 (EDT) Subject: [krbdev.mit.edu #3739] vsnprintf not present on windows In-Reply-To: Message-ID: file not on 1.4 branch From rt-comment at krbdev.mit.edu Fri Jul 21 19:33:16 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Fri, 21 Jul 2006 19:33:16 -0400 (EDT) Subject: [krbdev.mit.edu #3898] Export gss_inquire_mechs_for_name for KFW In-Reply-To: Message-ID: underlying function not present in 1.4 branch From rt-comment at krbdev.mit.edu Fri Jul 21 19:35:38 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Fri, 21 Jul 2006 19:35:38 -0400 (EDT) Subject: [krbdev.mit.edu #3899] SVN Commit In-Reply-To: Message-ID: pull up r18163 from trunk r18163 at cathode-dark-space: jaltman | 2006-06-19 13:33:36 -0400 ticket: new subject: Export krb5_gss_register_acceptor_identity in KFW krb5_gss_register_acceptor_identity is a gss krb5 extension that is part of the public ABI. It does not have a gss_krb5_* name due to historical reasons. Instead there is a gss_krb5_register_acceptor_identity macro that uses this export. Commit By: tlyu Revision: 18362 Changed Files: _U branches/krb5-1-4/ U branches/krb5-1-4/src/lib/gssapi32.def From rt-comment at krbdev.mit.edu Fri Jul 21 19:37:42 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Fri, 21 Jul 2006 19:37:42 -0400 (EDT) Subject: [krbdev.mit.edu #3940] SVN Commit In-Reply-To: Message-ID: pull up r18250 from trunk r18250 at cathode-dark-space: jaltman | 2006-06-28 19:00:09 -0400 ticket: 3940 tags: pullup cc_mslsa.c: The WOW64 environment on 64-bit versions of Windows prior to Vista Beta 2 did not implement the Lsa functions used by the MSLSA: ccache. This patch disables the MSLSA: ccache in broken WOW64 environments by checking the Windows version and the existence and response of the IsWow64Process API. Commit By: tlyu Revision: 18363 Changed Files: _U branches/krb5-1-4/ U branches/krb5-1-4/src/lib/krb5/ccache/cc_mslsa.c From rt-comment at krbdev.mit.edu Fri Jul 21 19:39:49 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Fri, 21 Jul 2006 19:39:49 -0400 (EDT) Subject: [krbdev.mit.edu #3977] SVN Commit In-Reply-To: Message-ID: pull up r18320 from trunk r18320 at cathode-dark-space: jaltman | 2006-07-03 01:23:16 -0400 ticket: new subject: GetModuleHandle needs extension on Win64 cc_mslsa.c: some versions of Win64 require the extension to be specified as part of the parameter to GetModuleHandle() in order to find a match. Commit By: tlyu Revision: 18364 Changed Files: _U branches/krb5-1-4/ U branches/krb5-1-4/src/lib/krb5/ccache/cc_mslsa.c From rt-comment at krbdev.mit.edu Fri Jul 21 19:57:58 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Fri, 21 Jul 2006 19:57:58 -0400 (EDT) Subject: [krbdev.mit.edu #3977] SVN Commit In-Reply-To: Message-ID: pull up r18320 from trunk r18320 at cathode-dark-space: jaltman | 2006-07-03 01:23:16 -0400 ticket: new subject: GetModuleHandle needs extension on Win64 cc_mslsa.c: some versions of Win64 require the extension to be specified as part of the parameter to GetModuleHandle() in order to find a match. Commit By: tlyu Revision: 18365 Changed Files: _U branches/krb5-1-5/ U branches/krb5-1-5/src/lib/krb5/ccache/cc_mslsa.c From rt-comment at krbdev.mit.edu Fri Jul 21 20:00:43 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Fri, 21 Jul 2006 20:00:43 -0400 (EDT) Subject: [krbdev.mit.edu #4020] SVN Commit In-Reply-To: Message-ID: pull up r18335 from trunk r18335 at cathode-dark-space: jaltman | 2006-07-18 15:24:23 -0400 ticket: new subject: Windows: Wix 2.0.4221 updates This commit corrects errors in the Wix installer script files that violate the Wix schema but which were not caught by earlier releases of the Wix 2.0 installer. Commit By: tlyu Revision: 18366 Changed Files: _U branches/krb5-1-4/ U branches/krb5-1-4/src/windows/installer/wix/config.wxi U branches/krb5-1-4/src/windows/installer/wix/features.wxi U branches/krb5-1-4/src/windows/installer/wix/files.wxi U branches/krb5-1-4/src/windows/installer/wix/kfw.wxs U branches/krb5-1-4/src/windows/installer/wix/lang/ui_1033.wxi U branches/krb5-1-4/src/windows/installer/wix/property.wxi U branches/krb5-1-4/src/windows/installer/wix/site-local.wxi From rt-comment at krbdev.mit.edu Fri Jul 21 20:01:34 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Fri, 21 Jul 2006 20:01:34 -0400 (EDT) Subject: [krbdev.mit.edu #4020] SVN Commit In-Reply-To: Message-ID: pull up r18335 from trunk r18335 at cathode-dark-space: jaltman | 2006-07-18 15:24:23 -0400 ticket: new subject: Windows: Wix 2.0.4221 updates This commit corrects errors in the Wix installer script files that violate the Wix schema but which were not caught by earlier releases of the Wix 2.0 installer. Commit By: tlyu Revision: 18367 Changed Files: _U branches/krb5-1-5/ U branches/krb5-1-5/src/windows/installer/wix/config.wxi U branches/krb5-1-5/src/windows/installer/wix/features.wxi U branches/krb5-1-5/src/windows/installer/wix/files.wxi U branches/krb5-1-5/src/windows/installer/wix/kfw.wxs U branches/krb5-1-5/src/windows/installer/wix/lang/ui_1033.wxi U branches/krb5-1-5/src/windows/installer/wix/property.wxi U branches/krb5-1-5/src/windows/installer/wix/site-local.wxi From rt-comment at krbdev.mit.edu Fri Jul 21 20:04:39 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Fri, 21 Jul 2006 20:04:39 -0400 (EDT) Subject: [krbdev.mit.edu #4027] SVN Commit In-Reply-To: Message-ID: pull up r18336 from trunk r18336 at cathode-dark-space: jaltman | 2006-07-18 15:29:32 -0400 ticket: new subject: Windows: NSIS updates for 2.18 release This commit corrects errors in the NSIS installer scripts that prevent installer builds using NSIS 2.18. Commit By: tlyu Revision: 18368 Changed Files: _U branches/krb5-1-4/ U branches/krb5-1-4/src/windows/installer/nsis/licenses.rtf U branches/krb5-1-4/src/windows/installer/nsis/nsi-includes.nsi U branches/krb5-1-4/src/windows/installer/nsis/site-local.nsi U branches/krb5-1-4/src/windows/installer/nsis/utils.nsi From rt-comment at krbdev.mit.edu Fri Jul 21 20:12:01 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Fri, 21 Jul 2006 20:12:01 -0400 (EDT) Subject: [krbdev.mit.edu #4027] SVN Commit In-Reply-To: Message-ID: pull up r18336 from trunk r18336 at cathode-dark-space: jaltman | 2006-07-18 15:29:32 -0400 ticket: new subject: Windows: NSIS updates for 2.18 release This commit corrects errors in the NSIS installer scripts that prevent installer builds using NSIS 2.18. Commit By: tlyu Revision: 18369 Changed Files: _U branches/krb5-1-5/ U branches/krb5-1-5/src/windows/installer/nsis/licenses.rtf U branches/krb5-1-5/src/windows/installer/nsis/nsi-includes.nsi U branches/krb5-1-5/src/windows/installer/nsis/site-local.nsi U branches/krb5-1-5/src/windows/installer/nsis/utils.nsi From rt-comment at krbdev.mit.edu Fri Jul 21 20:13:37 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Fri, 21 Jul 2006 20:13:37 -0400 (EDT) Subject: [krbdev.mit.edu #4032] SVN Commit In-Reply-To: Message-ID: pull up r18346 from trunk r18346 at cathode-dark-space: jaltman | 2006-07-21 09:48:37 -0400 ticket: new subject: Windows - kfw 3.1 msi deployment guide updates documentation updates for the kfw 3.1 msi deployment guide. Commit By: tlyu Revision: 18370 Changed Files: _U branches/krb5-1-4/ U branches/krb5-1-4/src/windows/installer/wix/msi-deployment-guide.txt From rt-comment at krbdev.mit.edu Fri Jul 21 20:14:16 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Fri, 21 Jul 2006 20:14:16 -0400 (EDT) Subject: [krbdev.mit.edu #4032] SVN Commit In-Reply-To: Message-ID: pull up r18346 from trunk r18346 at cathode-dark-space: jaltman | 2006-07-21 09:48:37 -0400 ticket: new subject: Windows - kfw 3.1 msi deployment guide updates documentation updates for the kfw 3.1 msi deployment guide. Commit By: tlyu Revision: 18371 Changed Files: _U branches/krb5-1-5/ U branches/krb5-1-5/src/windows/installer/wix/msi-deployment-guide.txt From rt-comment at krbdev.mit.edu Fri Jul 21 20:16:56 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Fri, 21 Jul 2006 20:16:56 -0400 (EDT) Subject: [krbdev.mit.edu #4033] SVN Commit In-Reply-To: Message-ID: pull up r18345 from trunk r18345 at cathode-dark-space: jaltman | 2006-07-20 23:12:00 -0400 ticket: new subject: Windows NetIDMgr documentation NetIDMgr 1.1 documentation for KFW 3.1 release Commit By: tlyu Revision: 18372 Changed Files: _U branches/krb5-1-4/ U branches/krb5-1-4/src/windows/identity/doc/netidmgr.doc U branches/krb5-1-4/src/windows/identity/doc/netidmgr.pdf From rt-comment at krbdev.mit.edu Fri Jul 21 20:17:36 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Fri, 21 Jul 2006 20:17:36 -0400 (EDT) Subject: [krbdev.mit.edu #4033] SVN Commit In-Reply-To: Message-ID: pull up r18345 from trunk r18345 at cathode-dark-space: jaltman | 2006-07-20 23:12:00 -0400 ticket: new subject: Windows NetIDMgr documentation NetIDMgr 1.1 documentation for KFW 3.1 release Commit By: tlyu Revision: 18373 Changed Files: _U branches/krb5-1-5/ U branches/krb5-1-5/src/windows/identity/doc/netidmgr.doc U branches/krb5-1-5/src/windows/identity/doc/netidmgr.pdf From rt-comment at krbdev.mit.edu Fri Jul 21 20:26:53 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Fri, 21 Jul 2006 20:26:53 -0400 (EDT) Subject: [krbdev.mit.edu #4028] SVN Commit In-Reply-To: Message-ID: pull up r18344 from trunk r18344 at cathode-dark-space: jaltman | 2006-07-19 18:36:00 -0400 ticket: new subject: Windows NetIDMgr post-1.5 branch commits The following patch updates the NetIDMgr: * allow plug-ins to be marked "do not unload" in order to support DLLs that create threads that are not properly cleaned up as part of library unload. * allow plug-ins to be marked "disabled" * Additional changes to deal with Microsoft's efforts to deprecate all of the str C runtime functions. * Improvements to Manifest processing in the build system * Addition of Tooltip support to the Toolbar. Dragging the mouse over toolbar buttons displays textual descriptions. * Correct the behavior of the New Credentials Dialog to disable the "Ok" button after it has been pressed. * Add support to allow plugin configuration data to be distributed as part of transforms to the MSI installer. Commit By: tlyu Revision: 18374 Changed Files: _U branches/krb5-1-4/ U branches/krb5-1-4/src/windows/identity/apiversion.txt U branches/krb5-1-4/src/windows/identity/config/Makefile.w32 U branches/krb5-1-4/src/windows/identity/kconfig/api.c U branches/krb5-1-4/src/windows/identity/kconfig/kconfig.h U branches/krb5-1-4/src/windows/identity/kconfig/kconfiginternal.h U branches/krb5-1-4/src/windows/identity/kmm/kmm.h U branches/krb5-1-4/src/windows/identity/kmm/kmm_plugin.c U branches/krb5-1-4/src/windows/identity/kmm/kmm_reg.c U branches/krb5-1-4/src/windows/identity/kmm/kmm_registrar.c U branches/krb5-1-4/src/windows/identity/kmm/kmmconfig.csv U branches/krb5-1-4/src/windows/identity/kmm/kmminternal.h U branches/krb5-1-4/src/windows/identity/nidmgrdll/Makefile U branches/krb5-1-4/src/windows/identity/plugins/krb4/Makefile U branches/krb5-1-4/src/windows/identity/plugins/krb4/krb4configdlg.c U branches/krb5-1-4/src/windows/identity/plugins/krb4/krb4funcs.c U branches/krb5-1-4/src/windows/identity/plugins/krb4/krb4newcreds.c U branches/krb5-1-4/src/windows/identity/plugins/krb4/krb4plugin.c U branches/krb5-1-4/src/windows/identity/plugins/krb4/krbconfig.csv U branches/krb5-1-4/src/windows/identity/plugins/krb5/Makefile U branches/krb5-1-4/src/windows/identity/plugins/krb5/krb5configcc.c U branches/krb5-1-4/src/windows/identity/plugins/krb5/krb5configdlg.c U branches/krb5-1-4/src/windows/identity/plugins/krb5/krb5configid.c U branches/krb5-1-4/src/windows/identity/plugins/krb5/krb5configids.c U branches/krb5-1-4/src/windows/identity/plugins/krb5/krb5funcs.c U branches/krb5-1-4/src/windows/identity/plugins/krb5/krb5newcreds.c U branches/krb5-1-4/src/windows/identity/plugins/krb5/krbconfig.csv U branches/krb5-1-4/src/windows/identity/plugins/krb5/krbcred.h U branches/krb5-1-4/src/windows/identity/ui/Makefile U branches/krb5-1-4/src/windows/identity/ui/aboutwnd.c U branches/krb5-1-4/src/windows/identity/ui/configwnd.c U branches/krb5-1-4/src/windows/identity/ui/lang/en_us/khapp.rc U branches/krb5-1-4/src/windows/identity/ui/main.c U branches/krb5-1-4/src/windows/identity/ui/newcredwnd.c U branches/krb5-1-4/src/windows/identity/ui/resource.h U branches/krb5-1-4/src/windows/identity/ui/toolbar.c U branches/krb5-1-4/src/windows/identity/uilib/actions.csv U branches/krb5-1-4/src/windows/identity/uilib/khnewcred.h U branches/krb5-1-4/src/windows/identity/uilib/khuidefs.h U branches/krb5-1-4/src/windows/identity/util/perfstat.c From rt-comment at krbdev.mit.edu Fri Jul 21 20:27:58 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Fri, 21 Jul 2006 20:27:58 -0400 (EDT) Subject: [krbdev.mit.edu #4028] SVN Commit In-Reply-To: Message-ID: pull up r18344 from trunk r18344 at cathode-dark-space: jaltman | 2006-07-19 18:36:00 -0400 ticket: new subject: Windows NetIDMgr post-1.5 branch commits The following patch updates the NetIDMgr: * allow plug-ins to be marked "do not unload" in order to support DLLs that create threads that are not properly cleaned up as part of library unload. * allow plug-ins to be marked "disabled" * Additional changes to deal with Microsoft's efforts to deprecate all of the str C runtime functions. * Improvements to Manifest processing in the build system * Addition of Tooltip support to the Toolbar. Dragging the mouse over toolbar buttons displays textual descriptions. * Correct the behavior of the New Credentials Dialog to disable the "Ok" button after it has been pressed. * Add support to allow plugin configuration data to be distributed as part of transforms to the MSI installer. Commit By: tlyu Revision: 18375 Changed Files: _U branches/krb5-1-5/ U branches/krb5-1-5/src/windows/identity/apiversion.txt U branches/krb5-1-5/src/windows/identity/config/Makefile.w32 U branches/krb5-1-5/src/windows/identity/kconfig/api.c U branches/krb5-1-5/src/windows/identity/kconfig/kconfig.h U branches/krb5-1-5/src/windows/identity/kconfig/kconfiginternal.h U branches/krb5-1-5/src/windows/identity/kmm/kmm.h U branches/krb5-1-5/src/windows/identity/kmm/kmm_plugin.c U branches/krb5-1-5/src/windows/identity/kmm/kmm_reg.c U branches/krb5-1-5/src/windows/identity/kmm/kmm_registrar.c U branches/krb5-1-5/src/windows/identity/kmm/kmmconfig.csv U branches/krb5-1-5/src/windows/identity/kmm/kmminternal.h U branches/krb5-1-5/src/windows/identity/nidmgrdll/Makefile U branches/krb5-1-5/src/windows/identity/plugins/krb4/Makefile U branches/krb5-1-5/src/windows/identity/plugins/krb4/krb4configdlg.c U branches/krb5-1-5/src/windows/identity/plugins/krb4/krb4funcs.c U branches/krb5-1-5/src/windows/identity/plugins/krb4/krb4newcreds.c U branches/krb5-1-5/src/windows/identity/plugins/krb4/krb4plugin.c U branches/krb5-1-5/src/windows/identity/plugins/krb4/krbconfig.csv U branches/krb5-1-5/src/windows/identity/plugins/krb5/Makefile U branches/krb5-1-5/src/windows/identity/plugins/krb5/krb5configcc.c U branches/krb5-1-5/src/windows/identity/plugins/krb5/krb5configdlg.c U branches/krb5-1-5/src/windows/identity/plugins/krb5/krb5configid.c U branches/krb5-1-5/src/windows/identity/plugins/krb5/krb5configids.c U branches/krb5-1-5/src/windows/identity/plugins/krb5/krb5funcs.c U branches/krb5-1-5/src/windows/identity/plugins/krb5/krb5newcreds.c U branches/krb5-1-5/src/windows/identity/plugins/krb5/krbconfig.csv U branches/krb5-1-5/src/windows/identity/plugins/krb5/krbcred.h U branches/krb5-1-5/src/windows/identity/ui/Makefile U branches/krb5-1-5/src/windows/identity/ui/aboutwnd.c U branches/krb5-1-5/src/windows/identity/ui/configwnd.c U branches/krb5-1-5/src/windows/identity/ui/lang/en_us/khapp.rc U branches/krb5-1-5/src/windows/identity/ui/main.c U branches/krb5-1-5/src/windows/identity/ui/newcredwnd.c U branches/krb5-1-5/src/windows/identity/ui/resource.h U branches/krb5-1-5/src/windows/identity/ui/toolbar.c U branches/krb5-1-5/src/windows/identity/uilib/actions.csv U branches/krb5-1-5/src/windows/identity/uilib/khnewcred.h U branches/krb5-1-5/src/windows/identity/uilib/khuidefs.h U branches/krb5-1-5/src/windows/identity/util/perfstat.c From rt-comment at krbdev.mit.edu Fri Jul 21 20:52:45 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Fri, 21 Jul 2006 20:52:45 -0400 (EDT) Subject: [krbdev.mit.edu #3922] SVN Commit In-Reply-To: Message-ID: pull up r18204 from trunk r18204 at cathode-dark-space: tlyu | 2006-06-22 16:06:45 -0400 ticket: 3922 tags: pullup * src/util/mkrel: Edit patchlevel.h before running reconf. Commit By: tlyu Revision: 18376 Changed Files: _U branches/krb5-1-4/ U branches/krb5-1-4/src/util/mkrel From rt-comment at krbdev.mit.edu Fri Jul 21 20:54:53 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Fri, 21 Jul 2006 20:54:53 -0400 (EDT) Subject: [krbdev.mit.edu #3944] SVN Commit In-Reply-To: Message-ID: pull up r18235 from trunk r18235 at cathode-dark-space: tlyu | 2006-06-26 22:26:11 -0400 ticket: new target_version: 1.5 tags: pullup subject: write svn log output when building release * src/util/mkrel: Write output of svn log -v to doc/CHANGES. Commit By: tlyu Revision: 18377 Changed Files: _U branches/krb5-1-4/ U branches/krb5-1-4/src/util/mkrel From rt-comment at krbdev.mit.edu Fri Jul 21 20:58:40 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Fri, 21 Jul 2006 20:58:40 -0400 (EDT) Subject: [krbdev.mit.edu #3945] SVN Commit In-Reply-To: Message-ID: pull up r18243 from trunk r18243 at cathode-dark-space: tlyu | 2006-06-27 18:01:22 -0400 ticket: new tags: pullup target_version: 1.5 subject: mkrel should only generate doc/CHANGES for checkouts * src/util/mkrel: Only write doc/CHANGES if doing a checkout. This makes nightly snapshots saner. Commit By: tlyu Revision: 18378 Changed Files: _U branches/krb5-1-4/ U branches/krb5-1-4/src/util/mkrel From rt-comment at krbdev.mit.edu Mon Jul 24 02:58:34 2006 From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT) Date: Mon, 24 Jul 2006 02:58:34 -0400 (EDT) Subject: [krbdev.mit.edu #4048] SVN Commit In-Reply-To: Message-ID: KFW integrated login was failing when the user is not a power user or administrator. This was occurring because the temporary file ccache was being created in a directory the user could not read. While fixing this it was noticed that the ACLs on the ccache were too broad. Instead of applying a fix to the FILE: krb5_ccache implementation it was decided that simply applying a new set of ACLs (SYSTEM and "user" with no inheritance) to the file immediately after the krb5_cc_initialize() call would close the broadest security issues. The file is initially created in the SYSTEM %TEMP% directory with "SYSTEM" ACL only. Then it is moved to the user's %TEMP% directory with "SYSTEM" and "user" ACLs. Finally, after copying the credentials to the API: ccache, the file is deleted. Commit By: jaltman Revision: 18379 Changed Files: U trunk/src/windows/kfwlogon/Makefile.in U trunk/src/windows/kfwlogon/kfwcommon.c U trunk/src/windows/kfwlogon/kfwcpcc.c U trunk/src/windows/kfwlogon/kfwlogon.c U trunk/src/windows/kfwlogon/kfwlogon.h From rt-comment at krbdev.mit.edu Mon Jul 24 08:57:20 2006 From: rt-comment at krbdev.mit.edu (Public Submitter via RT) Date: Mon, 24 Jul 2006 08:57:20 -0400 (EDT) Subject: [krbdev.mit.edu #4049] port 754/tcp for krb5_prop not registered at IANA In-Reply-To: Message-ID: The port 754/tcp for krb5_prop is not registered at IANA. This makes trouble for distributors which wants to deliver a clean /etc/services. kpropd does not run without this entry in /etc/services. So every user has to edit /etc/services which may make touble if the distributor updates this file to a current version. Please register a portnumber for kpropd at IANA. From rt-comment at krbdev.mit.edu Mon Jul 24 16:37:43 2006 From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT) Date: Mon, 24 Jul 2006 16:37:43 -0400 (EDT) Subject: [krbdev.mit.edu #4048] SVN Commit In-Reply-To: Message-ID: undo previous commit due to EOL issues Commit By: jaltman Revision: 18381 Changed Files: U trunk/src/windows/kfwlogon/Makefile.in U trunk/src/windows/kfwlogon/kfwcommon.c U trunk/src/windows/kfwlogon/kfwcpcc.c U trunk/src/windows/kfwlogon/kfwlogon.c U trunk/src/windows/kfwlogon/kfwlogon.h From rt-comment at krbdev.mit.edu Mon Jul 24 16:39:38 2006 From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT) Date: Mon, 24 Jul 2006 16:39:38 -0400 (EDT) Subject: [krbdev.mit.edu #4048] SVN Commit In-Reply-To: Message-ID: commit again without using patch to apply the diff Commit By: jaltman Revision: 18382 Changed Files: U trunk/src/windows/kfwlogon/Makefile.in U trunk/src/windows/kfwlogon/kfwcommon.c U trunk/src/windows/kfwlogon/kfwcpcc.c U trunk/src/windows/kfwlogon/kfwlogon.c U trunk/src/windows/kfwlogon/kfwlogon.h From rt-comment at krbdev.mit.edu Mon Jul 24 19:40:29 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Mon, 24 Jul 2006 19:40:29 -0400 (EDT) Subject: [krbdev.mit.edu #4048] SVN Commit In-Reply-To: Message-ID: pull up r18382 from trunk r18382 at cathode-dark-space: jaltman | 2006-07-24 16:39:31 -0400 ticket: 4048 commit again without using patch to apply the diff Commit By: tlyu Revision: 18383 Changed Files: _U branches/krb5-1-4/ U branches/krb5-1-4/src/windows/kfwlogon/Makefile.in U branches/krb5-1-4/src/windows/kfwlogon/kfwcommon.c U branches/krb5-1-4/src/windows/kfwlogon/kfwcpcc.c U branches/krb5-1-4/src/windows/kfwlogon/kfwlogon.c U branches/krb5-1-4/src/windows/kfwlogon/kfwlogon.h From rt-comment at krbdev.mit.edu Mon Jul 24 19:40:33 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Mon, 24 Jul 2006 19:40:33 -0400 (EDT) Subject: [krbdev.mit.edu #4048] SVN Commit In-Reply-To: Message-ID: revert previous Commit By: tlyu Revision: 18384 Changed Files: _U branches/krb5-1-4/ U branches/krb5-1-4/src/windows/kfwlogon/Makefile.in U branches/krb5-1-4/src/windows/kfwlogon/kfwcommon.c U branches/krb5-1-4/src/windows/kfwlogon/kfwcpcc.c U branches/krb5-1-4/src/windows/kfwlogon/kfwlogon.c U branches/krb5-1-4/src/windows/kfwlogon/kfwlogon.h From rt-comment at krbdev.mit.edu Mon Jul 24 19:40:37 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Mon, 24 Jul 2006 19:40:37 -0400 (EDT) Subject: [krbdev.mit.edu #4048] SVN Commit In-Reply-To: Message-ID: pull up r18379 from trunk in order to get correct commit log r18379 at cathode-dark-space: jaltman | 2006-07-24 02:58:23 -0400 ticket: new subject: Windows Integrated Login Fixes for KFW 3.1 tags: pullup component: windows KFW integrated login was failing when the user is not a power user or administrator. This was occurring because the temporary file ccache was being created in a directory the user could not read. While fixing this it was noticed that the ACLs on the ccache were too broad. Instead of applying a fix to the FILE: krb5_ccache implementation it was decided that simply applying a new set of ACLs (SYSTEM and "user" with no inheritance) to the file immediately after the krb5_cc_initialize() call would close the broadest security issues. The file is initially created in the SYSTEM %TEMP% directory with "SYSTEM" ACL only. Then it is moved to the user's %TEMP% directory with "SYSTEM" and "user" ACLs. Finally, after copying the credentials to the API: ccache, the file is deleted. Commit By: tlyu Revision: 18385 Changed Files: _U branches/krb5-1-4/ U branches/krb5-1-4/src/windows/kfwlogon/Makefile.in U branches/krb5-1-4/src/windows/kfwlogon/kfwcommon.c U branches/krb5-1-4/src/windows/kfwlogon/kfwcpcc.c U branches/krb5-1-4/src/windows/kfwlogon/kfwlogon.c U branches/krb5-1-4/src/windows/kfwlogon/kfwlogon.h From rt-comment at krbdev.mit.edu Mon Jul 24 22:32:14 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Mon, 24 Jul 2006 22:32:14 -0400 (EDT) Subject: [krbdev.mit.edu #4048] SVN Commit In-Reply-To: Message-ID: pull up r18379 from trunk r18379 at cathode-dark-space: jaltman | 2006-07-24 02:58:23 -0400 ticket: new subject: Windows Integrated Login Fixes for KFW 3.1 tags: pullup component: windows KFW integrated login was failing when the user is not a power user or administrator. This was occurring because the temporary file ccache was being created in a directory the user could not read. While fixing this it was noticed that the ACLs on the ccache were too broad. Instead of applying a fix to the FILE: krb5_ccache implementation it was decided that simply applying a new set of ACLs (SYSTEM and "user" with no inheritance) to the file immediately after the krb5_cc_initialize() call would close the broadest security issues. The file is initially created in the SYSTEM %TEMP% directory with "SYSTEM" ACL only. Then it is moved to the user's %TEMP% directory with "SYSTEM" and "user" ACLs. Finally, after copying the credentials to the API: ccache, the file is deleted. Commit By: tlyu Revision: 18386 Changed Files: _U branches/krb5-1-5/ U branches/krb5-1-5/src/windows/kfwlogon/Makefile.in U branches/krb5-1-5/src/windows/kfwlogon/kfwcommon.c U branches/krb5-1-5/src/windows/kfwlogon/kfwcpcc.c U branches/krb5-1-5/src/windows/kfwlogon/kfwlogon.c U branches/krb5-1-5/src/windows/kfwlogon/kfwlogon.h From rt-comment at krbdev.mit.edu Tue Jul 25 09:59:36 2006 From: rt-comment at krbdev.mit.edu (Jeffrey Altman via RT) Date: Tue, 25 Jul 2006 09:59:36 -0400 (EDT) Subject: [krbdev.mit.edu #4053] SVN Commit In-Reply-To: Message-ID: Windows 2000 does not support the ability to generate SIDs from symbolic names. Add more debugging and error condition checks. Commit By: jaltman Revision: 18387 Changed Files: U trunk/src/windows/kfwlogon/kfwcommon.c U trunk/src/windows/kfwlogon/kfwlogon.c From rt-comment at krbdev.mit.edu Tue Jul 25 12:31:48 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Tue, 25 Jul 2006 12:31:48 -0400 (EDT) Subject: [krbdev.mit.edu #4053] SVN Commit In-Reply-To: Message-ID: pull up r18387 from trunk r18387 at cathode-dark-space: jaltman | 2006-07-25 09:59:30 -0400 ticket: new subject: Windows - fix kfwlogon for Windows 2000 tags: pullup Windows 2000 does not support the ability to generate SIDs from symbolic names. Add more debugging and error condition checks. Commit By: tlyu Revision: 18388 Changed Files: _U branches/krb5-1-4/ U branches/krb5-1-4/src/windows/kfwlogon/kfwcommon.c U branches/krb5-1-4/src/windows/kfwlogon/kfwlogon.c From rt-comment at krbdev.mit.edu Tue Jul 25 12:45:40 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Tue, 25 Jul 2006 12:45:40 -0400 (EDT) Subject: [krbdev.mit.edu #4053] SVN Commit In-Reply-To: Message-ID: pull up r18387 from trunk r18387 at cathode-dark-space: jaltman | 2006-07-25 09:59:30 -0400 ticket: new subject: Windows - fix kfwlogon for Windows 2000 tags: pullup Windows 2000 does not support the ability to generate SIDs from symbolic names. Add more debugging and error condition checks. Commit By: tlyu Revision: 18389 Changed Files: _U branches/krb5-1-5/ U branches/krb5-1-5/src/windows/kfwlogon/kfwcommon.c U branches/krb5-1-5/src/windows/kfwlogon/kfwlogon.c From rt-comment at krbdev.mit.edu Tue Jul 25 13:58:32 2006 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 25 Jul 2006 13:58:32 -0400 (EDT) Subject: [krbdev.mit.edu #4055] SVN Commit In-Reply-To: Message-ID: Removed unused Metrowerks compiler support. (Since there's no universal binary support for CodeWarrior there's no point in having this here.) Commit By: lxs Revision: 18394 Changed Files: U trunk/src/lib/crypto/yarrow/ytest.c From rt-comment at krbdev.mit.edu Tue Jul 25 14:52:00 2006 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 25 Jul 2006 14:52:00 -0400 (EDT) Subject: [krbdev.mit.edu #4056] SVN Commit In-Reply-To: Message-ID: gss_canonicalize_name(): Added parens to remove warning from if statement. Commit By: lxs Revision: 18395 Changed Files: U trunk/src/lib/gssapi/mechglue/g_canon_name.c From rt-comment at krbdev.mit.edu Tue Jul 25 16:19:51 2006 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 25 Jul 2006 16:19:51 -0400 (EDT) Subject: [krbdev.mit.edu #4057] GSSAPI opaque types should be pointers to opaque structs, not void* In-Reply-To: Message-ID: In other words: -typedef void * gss_name_t; +struct gss_name_struct; +typedef struct gss_name_struct * gss_name_t; -typedef void * gss_cred_id_t; +struct gss_cred_id_struct; +typedef struct gss_cred_id_struct * gss_cred_id_t; -typedef void * gss_ctx_id_t; +struct gss_ctx_id_struct; +typedef struct gss_ctx_id_struct * gss_ctx_id_t; The problem with using void* in a C API is that it prevents static type checking. As a result it's far too easy for callers to accidentally pass random things into GSSAPI function that take these types without noticing. Because the our implementation does pointer validation, these types of errors often turn into runtime errors such as memory leaks which go unnoticed for a long time. For reference purposes, here are the specifications of the opaque types in RFC 2744: 3.5. Credentials A credential handle is a caller-opaque atomic datum that identifies a GSS-API credential data structure. It is represented by the caller- opaque type gss_cred_id_t, which should be implemented as a pointer or arithmetic type. If a pointer implementation is chosen, care must be taken to ensure that two gss_cred_id_t values may be compared with the == operator. [...] 3.6. Contexts The gss_ctx_id_t data type contains a caller-opaque atomic value that identifies one end of a GSS-API security context. It should be implemented as a pointer or arithmetic type. If a pointer type is chosen, care should be taken to ensure that two gss_ctx_id_t values may be compared with the == operator. [...] 3.10. Names [...] The gss_name_t datatype should be implemented as a pointer type. To allow the compiler to aid the application programmer by performing type-checking, the use of (void *) is discouraged. A pointer to an implementation-defined type is the preferred choice. From rt-comment at krbdev.mit.edu Tue Jul 25 16:29:52 2006 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 25 Jul 2006 16:29:52 -0400 (EDT) Subject: [krbdev.mit.edu #4057] SVN Commit In-Reply-To: Message-ID: Changed GSSAPI opaque types (gss_name_t, gss_cred_id_t, gss_ctx_id_t) from void* to pointers to opaque structs. This change removed some casts and introduced or changed a bunch of other casts to suppress warnings. krb5_gss_accept_sec_context(): Fixed a bug found by the above changes where krb5_gss_release_cred() was being called with the wrong argument 2 (gss_cred_id_t instead of gss_cred_id_t*). Commit By: lxs Revision: 18396 Changed Files: U trunk/src/lib/gssapi/generic/gssapi.hin U trunk/src/lib/gssapi/generic/gssapiP_generic.h U trunk/src/lib/gssapi/generic/util_validate.c U trunk/src/lib/gssapi/krb5/accept_sec_context.c U trunk/src/lib/gssapi/krb5/add_cred.c U trunk/src/lib/gssapi/krb5/delete_sec_context.c U trunk/src/lib/gssapi/krb5/duplicate_name.c U trunk/src/lib/gssapi/krb5/init_sec_context.c U trunk/src/lib/gssapi/krb5/inq_cred.c U trunk/src/lib/gssapi/krb5/process_context_token.c U trunk/src/lib/gssapi/krb5/rel_cred.c U trunk/src/lib/gssapi/mechglue/g_glue.c U trunk/src/lib/gssapi/mechglue/mglueP.h From rt-comment at krbdev.mit.edu Tue Jul 25 16:36:54 2006 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Tue, 25 Jul 2006 16:36:54 -0400 (EDT) Subject: [krbdev.mit.edu #4057] GSSAPI opaque types should be pointers to opaque structs, not void* In-Reply-To: Message-ID: Passed to Tom for code review. From rt-comment at krbdev.mit.edu Wed Jul 26 16:47:16 2006 From: rt-comment at krbdev.mit.edu (Alexandra Ellwood via RT) Date: Wed, 26 Jul 2006 16:47:16 -0400 (EDT) Subject: [krbdev.mit.edu #4063] gss mech glue implementation should validate opaque pointer types In-Reply-To: Message-ID: In releases prior to krb5-1.5, gss_name_t, gss_ctx_id_t and gss_cred_id_t were validated by krb5's pointer validation support. This resulted in it being possible to write the following code without getting a crash: if (name) { gss_release_name (&minor_status, name); } Even though the second argument to gss_release_name() is supposed to be "&name", the pointer validation code would detect the invalid pointer and return an error. In practice callers don't check the return values of our release functions so unless they used leak checkers to find the leak, bugs like this would go unnoticed. In krb5-1.5 the gss mech glue code does not perform pointer validation and thus code with errors like the one above now crash. In order to prevent existing applications from breaking with new releases of krb5, we should implement some form of pointer validation to reproduce the previous behavior. Note: the reason the above code doesn't generate a warning at compile time is that gss_name_t, gss_cred_id_t and gss_ctx_id_t are all defined as void* in released version of krb5. See bug #4057 for more information. From rt-comment at krbdev.mit.edu Fri Jul 28 17:06:33 2006 From: rt-comment at krbdev.mit.edu (Ken Raeburn via RT) Date: Fri, 28 Jul 2006 17:06:33 -0400 (EDT) Subject: [krbdev.mit.edu #4072] bug in DNS error handling in KDC location In-Reply-To: Message-ID: My KDC list for RAEBURN.ORG has four hosts at the moment, raeburn.org, bad-host.raeburn.org, all-in-one.mit.edu, and all-in-one.ipv6.mit.edu. The name bad-host.raeburn.org doesn't exist in DNS; this was intentional to test an error path. The nameserver for ipv6.mit.edu is offline at the moment. Unfortunately, the temporary error this causes is not handled within our KDC location code, and the code passes this error back up the stack, rather than returning the addresses that can be found. In lib/krb5/os, the test program t_locate_kdc shows this on my Red Hat (rhel4) system: % ./t_locate_kdc RAEBURN.ORG in module_locate_server ran off end of plugin list module_locate_server returns -1765328135 looking in krb5.conf for realm RAEBURN.ORG entry kdc; ports 88,750 config file lookup failed: Profile relation not found sending DNS SRV query for _kerberos._udp.RAEBURN.ORG. walking answer list: port=88 host=raeburn.org. adding hostname raeburn.org., ports 88,0, family 0, socktype 2 setting element 0 count is now 1: setting element 1 count is now 2: setting element 2 count is now 3: setting element 3 count is now 4: port=88 host=bad-host.raeburn.org. adding hostname bad-host.raeburn.org., ports 88,0, family 0, socktype 2 getaddrinfo("bad-host.raeburn.org.", "88", ...) returns -2: Name or service not known port=10088 host=all-in-one.mit.edu. adding hostname all-in-one.mit.edu., ports 10088,0, family 0, socktype 2 setting element 4 count is now 5: port=10088 host=all-in-one.ipv6.mit.edu. adding hostname all-in-one.ipv6.mit.edu., ports 10088,0, family 0, socktype 2 getaddrinfo("all-in-one.ipv6.mit.edu.", "10088", ...) returns -3: Temporary failure in name resolution [end] dns udp lookup returned error 11 krb5int_locate_server returning error code 11/Resource temporarily unavailable t_locate_kdc: Resource temporarily unavailable - exiting % If some KDC locations can be determined, that list should be returned. If no locations can be determined, then a temporary error raised in the process should be returned. (I think we already try to do something like that, but the logic is a bit confused -- you also want to note permanent errors, but probably not return them except in the absence of temporary failures or found addresses -- and it's not like we've written up a set of test cases for modular testing here.) Ken From rt-comment at krbdev.mit.edu Mon Jul 31 18:37:29 2006 From: rt-comment at krbdev.mit.edu (Tom Yu via RT) Date: Mon, 31 Jul 2006 18:37:29 -0400 (EDT) Subject: [krbdev.mit.edu #4088] gss_import_name can fail to call gssint_initialize_library() In-Reply-To: Message-ID: Paul Vixie reports that one of imapd's calls to gss_release_name() following a successful gss_import_name() crashes due to an assertion failure, which after my brief analysis results from a code path in gss_import_name() failing to call through the gssint_get_mechanism() choke point which calls gssint_initialize_library().