Ken Raeburn [Tue, 28 Mar 2006 21:10:48 +0000 (21:10 +0000)]
* aclocal.m4 (CHECK_UTMP): Call AC_CHECK_FUNCS once instead of AC_CHECK_FUNC
for each function.
(CHECK_SIGPROCMASK, CHECK_SETJMP, CHECK_UTMP, AC_KRB5_TCL_TRYOLD,
KRB5_AC_LIBUTIL): Supply all three arguments in AC_DEFINE calls.
Ken Raeburn [Sun, 26 Mar 2006 20:55:59 +0000 (20:55 +0000)]
Initial enhanced error message support, similar to what I sent to
krbdev except for some function renaming (krb5_free_error was already
in use, so added _message to everything), and the context is allowed
to be NULL (in which case we fall back to error_message() and storing
no strings) to simplify some code.
Low-level routines in the support library, using a private data
structure; higher-level routines in libkrb5, using a krb5_context.
Added error info strings to the KRB_ERR_GENERIC case in gc_via_tkt.c
and the python sample service location plugin. Added code to kinit
and kvno to look up and display the strings.
Jeffrey Altman [Mon, 20 Mar 2006 23:23:33 +0000 (23:23 +0000)]
This commit updates:
+ the HTMLHelp formatted documentation
+ the build system to produce separate binaries for Windows 2000
and Windows XP and beyond. Separate binaries are required
because we make heavy use of some of the UI features found in
XP that don't exist in 2000. If we build only for XP then the
binaries won't run on 2000 and if we build for 2000, then the
functionality we desire for balloon text and the tracker
windows does not work properly on XP or above. (Note for Vista
we will need to build three sets of binaries if we want to take
advantage of the new functionality that is available only there.)
+ Add more debugging to the krb4 plug-in and ensure that all
checkboxes are initialized.
+ remove plugins/krb5/krb5util.c which is an unused file
+ Use mixed case for Alt, Ctrl and Shift text designators
+ Increment the build number to 1.1.0.1
+ Plug a memory leak when dialogs are closed
+ Add a new Options->Appearance configuration page that can be
used to allow user customized font selection. This page will
also be used for custom color selection in a future release.
Ken Raeburn [Tue, 14 Mar 2006 01:39:24 +0000 (01:39 +0000)]
* Makefile.in (krb5.conf): New target. Use config-files/krb5.conf, but
add db_module_dir tag.
(kdb_check): Depend on it.
(RUN_SETUP): Use it for KRB5_CONFIG.
Jeffrey Altman [Mon, 13 Mar 2006 17:02:13 +0000 (17:02 +0000)]
add new file windows/winlevel.h and update windows/version.rc
to allow for a configurable KRB5_BUILDLEVEL. This will be used
to distinguish binary files from the same version 1.4.3 but
different releases (alpha-1, alpha-2, beta-1, beta-2, final)
Ken Raeburn [Sat, 11 Mar 2006 22:23:28 +0000 (22:23 +0000)]
Instead of arbitrary division of headers into include and include/krb5, with
include directives sometimes using krb5/foo.h and sometimes using foo.h, and
-I options always given for both directories in both source and build trees,
push include/krb5/* up a level and drop the krb5 directory (except, for the
moment, the change log).
Updated #include directives, -I options, and dependencies accordingly, and
deleted one or two bits of old, unused code that was noticed in the process.
Ken Raeburn [Sat, 11 Mar 2006 02:13:59 +0000 (02:13 +0000)]
Add a new recursive target "generated-files-mac", for producing the
generated files that lxs wants to feed into the Mac build system.
(First approximation, may want some fine tuning later.)
Ken Raeburn [Wed, 8 Mar 2006 19:57:21 +0000 (19:57 +0000)]
* prot.h: Include k5-platform.h.
(krb4_swab16, krb4_swap32): Define in terms of SWAP16 and SWAP32, if
they're defined.
(KRB4_PUT32BE, KRB4_PUT32LE, KRB4_PUT16BE, KRB4_PUT16LE): Define to
use store_{16,32}_{be,le}.
(KRB4_GET32BE, KRB4_GET32LE, KRB4_GET16BE, KRB4_GET16LE): Define to
use load_{16,32}_{be,le}.
Ken Raeburn [Wed, 8 Mar 2006 19:23:12 +0000 (19:23 +0000)]
Oops. This should come closer to building on Windows..
* plugins.c: Only include dlfcn.h if USE_DLOPEN.
(struct plugin_file_handle): Only include a pointer if USE_DLOPEN.
(krb5int_open_plugin, krb5int_get_plugin_data, krb5int_close_plugin,
krb5int_open_plugin_dir, krb5int_close_plugin_dir): Only use the
dlopen interface if USE_DLOPEN is defined.
(krb5int_get_plugin_dir_data, krb5int_get_plugin_dir_func): Use
krb5int_get_plugin_data/func instead of dlsym. Drop some debugging
code.
Jeffrey Altman [Wed, 8 Mar 2006 15:36:15 +0000 (15:36 +0000)]
2006-03-07 Jeffrey Altman <jaltman@mit.edu>
nidmgr32.dll (1.0.2.1)
- Attempting to obtain new credentials for a principal name that
contains numbers may result in a 'Identity not specified'
error. Fixed.
- If an invalid identity name was specified, an 'Identity not
specified' error is reported without specifying that the cause was
an invalid name. Fixed: reports proper error.
- Identity names were being validated at the application layer before
being sent to the identity provider. This may cause valid names to
be marked as invalid if the identity provider and the application
disagree on what a valid name is. Fixed: identity name validation
is solely a function of the identity provider.
- Canonicalizing an identity name that contained certain characters
failed due to a validation error. Fixed.
- Possible deadlock in the new credentials dialog. (If one plugin
tries to synchronize custom prompter values from the plugin thread,
while the UI thread tries to obtain a lock on the new credentials
data, a deadlock occurs.) Fixed.
- State information for configuration panels may persist between two
invocations of the configuration window. Fixed to clean up state
information properly.
- The UI library now has full support for custom actions and custom
menus.
- When there are queued alerts and a normal alert is shown, a 'next
alert...' button appears in the alert which lets the user view the
next queued alert. However, if the alert which is displayed
requires the user to select a command button, selecting the 'next'
button would be the equivalent of cancelling out of the alert and
viewing the next one. The library was updated to not show the
'next' button if the alert requires user interaction.
- Credential renewal on half-lifes is now supported as a configurable
option.
- Destroying all credentials on exiting netidmgr is a configurable
option.
- Debug logging to a file has been added
netidmgr.exe (1.0.2.1)
- Selecting 'Ok' in the configuration window didn't notify all the
configuration panels to apply the changes. Fixed.
- PgUp / PgDn / Shift+PgUp / Shift+PgDn keys now work as expected.
- Root level configuration nodes in the Options dialog now also appear
on the Options menu. Configuration nodes that are registered at the
root level are automatically added to the menu.
- The UI now has full support for custom actions and custom menus.
- The UI does not automatically add submenus for actions which are
associated with menus unless the declaration specifies that it
should be rendered as a submenu.
- When displaying alerts, the first button of the alert is always made
the default.
- 'Change summary' button in the configuration dialog was removed,
since it was unused and unnecessary.
- Ticket icons are displayed in the status column for all credentials.
Clicking an icon opens the properties dialog for that credential.
- The UI now has View by Type functionality
- The UI now has Column selection and reorganization. The choice
of columns and their order are preserved between restarts.
- Handle multiple copies of NetIDMgr.exe being started with different
version numbers. Higher version number wins.
krb4cred.dll (1.0.2.1)
- During new credentials acquisition, under some circumstances, the
Kerberos 4 plugin would not notify NetIDMgr about the state of the
Kerberos 4 ticket acquisition. This results in other plugins (such
as AFS) which are depending on the feedback to fail. Fixed.
krb5cred.dll (1.0.2.1)
- If no password is entered while obtaining new credentials, a new TGT
will not be obtained, but the new credentials operation will not
fail if there already is a TGT. Added check to see if the TGT is
expired and fail the operation if no valid TGT is found.
- The identity provider can set the Krb5 CCName property for an
identity incorrectly if there is more than one credential cache
containing tickets for the same principal. Fixed.
- When enumerating ccaches, krb5_cc_resolve was being called with the
name of the ccache without a type prefix. Fixed.
- Tracker control usability issues due to loss of focus. Fixed.
- Realm Editor added.
- Addressed tickets can be requested as in Leash
All modules:
- removed grayed out UI components that are not being backed
by current functionality.
- new icons
- support for 64-bit Windows builds under Visual Studio 8
Ken Raeburn [Wed, 8 Mar 2006 02:56:48 +0000 (02:56 +0000)]
krb5.h, which is built after util/et, which is built after the support
code.
Fix: Put service location decls in k5-locate.h, pull plugin support
decls out of k5-int.h into k5-plugin.h, and make it stand on its own,
which includes changing the return type from krb5_error_code to
int32_t.
Oops: The plugin support code included k5-int.h, which includes
Ken Raeburn [Tue, 7 Mar 2006 20:45:24 +0000 (20:45 +0000)]
Merge from plugin branch
Add plugin support:
- plugin routines in support library (may break windows build!)
- plugin support in KDC location code
- sample Python-based plugin for KDC location, not built without
tweaking sources
- changed service location interface to use an enum instead of passing
profile string and DNS strings and port numbers
- changed pathnames for plugin locations, including kdb back end
- remove locate_service from accessor API
Also, do build shared libraries for Darwin just like any other UNIX box.
Not present yet:
- use new plugin interface for kdb back end
- Windows support
- Mac bundle support (but dlopen support works)
- search path for libkrb5 plugins (only one hard-coded directory for now)
- sorting of plugin collections for predictable ordering
Jeffrey Altman [Tue, 7 Mar 2006 17:14:29 +0000 (17:14 +0000)]
2006-03-07 Jeffrey Altman <jaltman@mit.edu>
* acquire_cred.c: (acquire_init_cred)
If the leash32.dll is not available, fallback to opening the
default credential cache even when the desired_name is
provided.
Jeffrey Altman [Mon, 27 Feb 2006 19:22:08 +0000 (19:22 +0000)]
Qing Dong <dongq@mit.edu> provided a set of changes to allow
krb5 to build under the Microsoft Visual Studio 8 compiler
in 64-bit mode and produce file names that do not conflict
with the names produced by the 32-bit build. That patch
was modified to work on Unix and also include processor
dependent pre-processor definitions to remove warnings.
Ken Raeburn [Wed, 25 Jan 2006 10:48:29 +0000 (10:48 +0000)]
Delete the rest of the support in the kdb library for doing locking on
behalf of the plugin library. Convert the remaining locking code (for
protecting the list of plugins loaded) to use the k5_ macros.
Ken Raeburn [Wed, 25 Jan 2006 08:05:24 +0000 (08:05 +0000)]
Remove the thread-safety flag from the kdb plugin interface. Instead,
have the kdb code assume the plugin is thread safe, and implement some
quick and dirty wrapper functions in the db2 plugin to make it use a
local mutex.
There's still some mutex code in the kdb library that should be
reviewed, and simplified or removed.
Ken Raeburn [Wed, 25 Jan 2006 06:35:19 +0000 (06:35 +0000)]
Check the export lists against the newly built shared library to make sure all
the symbols we want to export are actually defined. GNU/Linux only, for the
moment, but it ought to work on any system using the GNU version of nm, and not
too hard to modify for other ways of extracting the exported symbols of a
library.
* util/export-check.pl: New file.
* config/shlib.conf (*-*-linux*): Run export-check.pl after building a shared
library.
Ken Raeburn [Wed, 25 Jan 2006 06:21:47 +0000 (06:21 +0000)]
* threads.c (krb5int_mutex_alloc, krb5int_mutex_free, krb5int_mutex_lock,
krb5int_mutex_unlock): New functions.
(krb5int_mutex_lock_update_stats, krb5int_mutex_unlock_update_stats,
krb5int_mutex_report_stats): Always define, even if not doing anything.
* libkrb5support.exports: Export the new functions.
Ken Raeburn [Wed, 25 Jan 2006 06:17:20 +0000 (06:17 +0000)]
* lib.in (binutils.versions): Put hidden symbol list after exported list,
because libkrb4 has a symbol starting with "__" in its export list.
(osf1.exports): Rename file in a separate command.
Ken Raeburn [Wed, 18 Jan 2006 02:00:32 +0000 (02:00 +0000)]
Include the support library when linking various test programs, because on
Solaris, with the vendor compiler, we'll always get references to
krb5int_pthread_loaded due to unused inline functions not being eliminated.
(Also inclued it in dependencies, and use CC_LINK when it wasn't used before.)
Tom Yu [Fri, 30 Dec 2005 22:33:24 +0000 (22:33 +0000)]
* gc_frm_kdc.c: Rewrite to modularize significantly. (~400-line
functions do not deserve to live.) The outer loop no longer
explicitly attempts the direct path to the target; that attempt
has been folded into the inner loop. Remove some redundant
credential lookups present in the old code. Treat unexpected
realm referrals as soft errors, in case some intermediate KDC
disagrees with client regarding a transit path.
Tom Yu [Wed, 28 Dec 2005 23:02:32 +0000 (23:02 +0000)]
* gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): Cause free_tgt and
free_otgt to track the states of tgt and otgt correctly, to avoid
a double-free condition which previously happened when this
function returned to krb5_get_credentials(), which proceeded to
free a previously freed TGT in the returned TGT list.
Jeffrey Altman [Thu, 8 Dec 2005 06:58:15 +0000 (06:58 +0000)]
Network Identity Manager - Fix module loading when en_US locale cannot be loaded
The identity manager is designed for internationalization. However, it only ships with
modules for the en_US locale. Designing modules for other locales was beyond our the
reach of available resources. This patch will force the use of en_US when modules
matching the installed user and system locales cannot be found.
ticket: new
status: resolved
target_version: 1.4.4
tags: pullup
projects / thirdparty / krb5.git / log
