Fixed bugs introduced while moving to krb5 repository
Fixed memory leak in ccs_ccache_t and ccs_cache_collection_t when returning
the reply data. Changed to "will_block" semantics for flow control in all
server function so it doesn't get confusing. Fixed bug in
ccs_server_send_reply() which was preventing ipc from working (was using
the wrong variable for the reply stream).
Ken Raeburn [Thu, 31 May 2007 15:56:49 +0000 (15:56 +0000)]
don't check for readability resolving SRVTAB: keytab
Greg Hudson has pointed out that the FILE: and SRVTAB: keytab types differ in
when they report errors for files not existing. The implementations of ANY:
floating around cope better if they consistently accept names of files that
aren't present, and report the error later when fetching information.
Ken Raeburn [Wed, 23 May 2007 03:54:20 +0000 (03:54 +0000)]
On Solaris 10, define NO_WEAK_PTHREADS for the build. When that symbol is
defined, skip the weak and conditional references in k5-thread.h and always
use the real pthread functions.
Ken Raeburn [Wed, 23 May 2007 03:32:08 +0000 (03:32 +0000)]
Fix up declarations of some static functions.
Now the eDirectory support compiles on Mac OS X 10.4.9 (but doesn't link
because "ldap_explode_dn" is not found).
Ken Raeburn [Mon, 21 May 2007 21:44:40 +0000 (21:44 +0000)]
Simplify UNIX krb5int_zap_data a little. Omit volatile cast, just call memset,
but for gcc, use a volatile asm afterwards to make the memory appear to be
referenced and deter optimizations that would remove the memset.
Ken Raeburn [Thu, 10 May 2007 03:58:07 +0000 (03:58 +0000)]
Rewrite weak key check to use a small custom struct instead of wedging
data into krb5_data, and use the array size rather than a sentinel for
loop control.
Jeffrey Altman [Thu, 3 May 2007 22:57:05 +0000 (22:57 +0000)]
Modify WIX installer to better support upgrading betas
The WIX installers did not upgrade previous installations with the same
version number as the current package being installed. This would leave
multiple installations of KFW x.y.z registered as being installed on the
machine even though only the most recent install is being used.
This commit instructs the Windows Installer to uninstall previous installations
with the same version number (the Maximum Upgrade version) as the package
that is being installed while ensuring that the package being installed
will not be uninstalled if the installation is being modified or repaired.
Jeffrey Altman [Wed, 2 May 2007 01:31:50 +0000 (01:31 +0000)]
k5-int.h, gic_opt.c
The krb5_get_init_creds_password() and krb5_get_init_creds_keytab()
functions permit the gic_opts parameter to be NULL. This is not
taken into account when testing the value with the macros
krb5_gic_opt_is_extended() and krb5_gic_opt_is_shadowed().
Nor is it taken into account within krb5int_gic_opte_copy() which
is called by krb5int_gic_opt_to_opte() when the input parameter is
not a krb5_gic_opt_ext structure.
This commit makes two changes:
(1) it modifies the macros to ensure that the value is non-NULL
before evaluation.
(2) it modifies krb5int_gic_opte_copy() to avoid copying the
original values with memcpy() when the input is NULL.
In addition, the code was audited to ensure that the flag
KRB5_GET_INIT_CREDS_OPT_SHADOWED is properly set and that when
it is set, that the allocated krb5_gic_opt_ext structure is
freed by krb5_get_init_creds_password() and
krb5_get_init_creds_keytab().
Kevin Koch [Thu, 26 Apr 2007 13:02:32 +0000 (13:02 +0000)]
Look for unix find command in multiple places
Not tagged yet in case it should not go in 3.2.
Look for the unix find command in a list of directories instead of in only one place. This way Jeff can install cygwin in c:\tools\cygwin and Ken can have it in C:\cygwin. The two places in the list are for those two possibilities. c:\cygwin\bin and c:\tools\cygwin\bin.
Move some prints below where logging starts, so the messages will be in the log.
profile stores empty string values without double quotes
prof_parse.c (need_double_quotes):
The profile library will happily read in right hand values
that represent the empty string by parsing "". However,
when storing the same empty string back to a file, the
empty string is written without the double quotes.
This means that
[section] foo = ""
becomes
[section] foo =
which is invalid input. A subsequent attempt to parse the
profile will result in an invalid input error.
KFW and KFM's realm editors can inadvertently produce an
invalid krb5 profile if one of the ignored sections of the
input profile contains a right hand value that is "".
This patch was produced by Asanka Herath and it was reviewed
by jaltman and lxs.
Tom Yu [Wed, 25 Apr 2007 21:19:07 +0000 (21:19 +0000)]
race condition in referrals fallback
* src/lib/krb5/krb/gc_frm_kdc.c (krb5_get_cred_from_kdc_opt):
During referrals fallback, set *tgts to NULL after freeing. This
avoids returning a pointer to freed memory when the first call to
do_traversal() obtains some TGTs and the subsequent
krb5_cc_retrieve_cred() of the final-hop TGT succeeds (due to some
other thread or process storing that TGT into the ccache), causing
second do_traversal() call (which would re-initialize *tgts) to
not execute. Race condition found during KfW-3.2 testing.
Ken Raeburn [Mon, 23 Apr 2007 00:30:40 +0000 (00:30 +0000)]
remove debugging code accidentally left in ftp/cmds.c
Debugging code I added months ago in ftp/cmds.c and forgot to remove
has apparently escaped notice until now. Markus Moeller reports
seeing a bunch of "cmds.c: at line (number)" lines printed when he
connects to a server.
This patch removes those lines. A couple other debugging statements
that test for the debug flag being set on the command line are left
in.
Kevin Koch [Thu, 19 Apr 2007 20:04:08 +0000 (20:04 +0000)]
Modify Unix find test to only check the current directory for the non-existent a.tmp
When the pismere area is under the script area (as in Jeff's setup on afs), the find test slogs through 100MB of files and occasionally finds an a.tmp.
This correct the erroneous 'unix find not found' errors and improves performance noticeably when using afs.
Kevin Koch [Wed, 18 Apr 2007 03:00:49 +0000 (03:00 +0000)]
Factor repository access out of bkw.pl into repository1.pl
Modify bkw.pl to use an initial config file to fetch the sources and then use the config file from those sources to do the build. This way, the description of how to build the sources is in the config file that is part of the sources. It is possible and probably reasonable for the initial config file to be the same as the tagged version. Output all the options used.
Add bootstrap.xml - a sample minimal config file, sufficient to fetch the sources from a repository.
This patch addresses a problem discovered on some XP systems.
After rundll32.exe starts, the CreateProcess can fail to
start kfwcpcc.exe if the current directory is not %WinDir%\System32.
CreateProcess() should be called with the lpApplicationName parameter
set to NULL in order to permit the use of the PATH.
Also, in ConfigureLogonScript ensure that the trailing NUL of the
constructed command line is processed when producing the wide
character version of the string.
In testing it has been observed that remote desktop connections
will execute the NPLogonNotify function but if the logon is
re-connecting to an existing session, the LogonScript is ignored.
This leaves orphaned credential cache files.
This commit adds a function, KFW_cleanup_orphaned_caches, which
is called by NPLogonNotify to delete any orphaned cache files.
An orphaned cache file is one that is older than five minutes.
Change event log name from "KFW Logon" to "MIT Kerberos". This
is being done to avoid confusion with the "KFW Logon" functionality
that was provided by older versions of OpenAFS. (kfwlogon.h)
Remove logging of the inability to access the "Debug" registry value.
On Vista, kfwlogon.dll is no longer loaded by winlogin.exe. Instead
it is loaded by mpnotify.exe which is spawned once for each logon
request. (kfwcommon.c)
Add a test to ensure that RegisterEventSource succeeded before calling
ReportEvent. (kfwcommon.c)
Absolutely make sure that krb5_init_context() succeeded before calling
any other krb5 functions. (kfwcommon.c)
Add a comment explaining why NPGetCaps() says we are a file system even
though we are not. "It won't work otherwise." (kfwlogon.c)
Change all comparisions for Windows Station and AuthentInfoType names
to case insensitive comparisons. Vista does not use the same case as XP.
(kfwlogon.c)
Change the requested access to the temporary cache file from "All" to
"Read | Delete" when importing its contents into the API cache.
Otherwise, the access test will fail on Vista. (kfwlogon.c)
Add the new kadm5srv function krb5_get_principal_keys to the export list
Build a separate copy of kadmin/cli/keytab.c for kadmin.local that exposes
the -norandkey flag in a way that doesn't require the compiler support -c
and -o at the same time.
Add support for extracting existing keys from the KDC with kadmin.local.
Adds a -norandkey option to the ktadd command only in kadmin.local, and
adds a new function to the libkadm5srv library that kadmin.local can
call. There is no protocol or network access to this function.
Kevin Koch [Sat, 14 Apr 2007 18:06:26 +0000 (18:06 +0000)]
Leave built installers in their temp areas and change final copy step to copy them into <out> from their new location. Delay cleaning up the temp areas until after that copy
Add vertical scrollbars to realm fields in dialogs
The obtain new credentials dialog and the change password
dialog provide a "Realm" combo-box. These controls were
not configured to display a vertical scroll bar if there
were more than five realms in the list.
Ken Raeburn [Fri, 13 Apr 2007 07:04:39 +0000 (07:04 +0000)]
Revert previous change; krb5int_cm_call_select is used by the KDC, and should
return when interrupted by a signal. Instead, check for EINTR in service_fds
and call krb5int_cm_call_select again.
Kevin Koch [Fri, 13 Apr 2007 03:00:21 +0000 (03:00 +0000)]
Only copy install/[wix|nsi] areas into install builder temp areas.
Write site-local files to those temp areas. Now tagged files stay in the staging area and are incorporated into the installers. The substituted files are only in the installer build temp areas.
Although the Platform SDK docs suggest using ITaskbarList to add/remove
a taskbar button on the fly, it doesn't work on Vista. Instead we will
just set the window style to use WS_EX_APPWINDOW and be done with it.
Kevin Koch [Thu, 12 Apr 2007 14:29:07 +0000 (14:29 +0000)]
KfW build automation:
Consolidate all command line switch info in one section of the config.xml, flatten structure.
Don't prune .../site/... .
Use getopts negate option where possible.
New method of dealing with repository options, driven from config xml.
Adjust code to find switches in new place.
Hardwire default config to bkwconfig.xml. Makes "bkw.pl" the out-of-the-box command line.
Hardwire unixfind path to C:\tools\cygwin\bin.
Add filver to required programs list.
The doxyfile.cfg file was generated using Doxygen 1.2 which is years
old. There have been significant improvements in the quality of the
Html output since then. As of this commit, the current version is 1.5.2.
- When the root credential set is touched, trigger an identity
refresh. This is necessary to ensure that the identity list
has a complete state of the world when the identity provider
attempts to initialize an initial default identity when none
previously existed. (see krb5cred.dll section)
- Don't set the enabled state for KHUI_ACTION_DESTROY_CRED and
KHUI_ACTION_RENEW_CRED actions. They are set elsewhere.
krb5common.obj
- Initialize variables to prevent uninitialized use.
krb4cred.dll
- Re-order controls and use CheckRadioButton() for manipulating the
radio buttons which select the ticket acquisition method.
- Use symbolic constants instead of numbers.
- If Kerberos 4 is enabled for a specific identity, then that setting
takes precedence over the global setting. The global setting is
merely a default if a per-identity setting is not specified.
However, a per-identity setting is only read for the default
identity.
- If the validity of an identity is not known, assume that it is still
being checked and don't display any credential text.
- When handling WM_COMMAND messages for the new credentials panel,
only update the data when a BN_CLICKED message is received and only
update the display if the IDC_NCK4_OBTAIN checkbox is toggled.
- Remove unused symbols from langres.h
krb5cred.dll
- When renewing an identity which was imported, first try to import it
again. If that fails to obtain newer tickets, then try initializing
the MSLSA cache and then importing again.
- Refactor the code for setting an identity as the default so we can
call it internally.
- When setting the initial default identity, if there is no current
default ccache and no known last default identity, then look through
the list of ccaches with credentials and pick one with valid
tickets. If all else fails, then pick any of the ccaches.
netidmgr.exe
- Credentials Window
- Consistently use KHUI_CW_O_RELIDENT as a necessary and sufficient
indicator that the identity needs to be released when freeing an
outline node.
- Properly initialize an outline node.
- Don't group similar credentials if we aren't sorting/grouping by
any specific column.
- Use the KHUI_CW_O_EMPTY flag to indicate that an outline node
contains no children.
- Handle the case where we aren't sorting/grouping by any column.
- Make sure outline nodes have valid idx_start and idx_end values.
- Use consistent logic when painting and handling mouse hotspots.
- Don't use WS_EX_TRANSPARENT when creating the notification window.
- Use a fixed height for the notification window.
- Update the outline when the default identity changes.
- Hypertext Window
- Correctly handle the "center" attribute in the "p" element.
- Use a system brush for painting the background instead of creating
one of our own.
- Correct the handling of scroll_left and scroll_top when
calculating the coordinates for text.
- Don't check if the rectangle for the text is inside the visible
area of the window before drawing.
- Handle WM_ERASEBKGND and use a system color brush to erase the
background.
- When the size changes, force the extents to be recomputed. This
will also update the scroll bars.
- Use the proper return value after handling WM_PAINT.
- The scrollbar messages send the operation code in the low word of
wParam, not the high word.
- Use GetScrollInfo() with SIF_POS when the operation is
SB_ENDSCROLL or SB_THUMBPOSITION.
- When the hottracked link changes for a transparent window, don't
invalidate the entire parent window. Instead use
MapWindowPoints() to calculate the affected rectangle and
invalidate that.
- Misc
- Change the text of the IDS_NO_CREDS message so that it renders
better on a small window.
- Initialize COM when starting the GUI.
- When showing and hiding the main window and the new credentials
window, add a button to the task bar. This allows the user to
switch focus to the window if it's obstructed.
- Remove unused symbols from resource.h
- New Credentials Window
- Ignore the validity state of the identity when showing a password
change dialog. We don't expect the identity provider to validate
the identity when changing the password.
Ken Raeburn [Mon, 9 Apr 2007 20:58:13 +0000 (20:58 +0000)]
EAI_NODATA deprecated, not always defined
Brian Kantor reports (on the kerberos@mit list today) that krb5-1.6
doesn't build on FreeBSD 6.1 because they've done away with
EAI_NODATA, which was removed from the getaddrinfo API in RFC 3943.
This patch conditionalizes two tests for EAI_NODATA on the macro being
defined, and also adds handling for EAI_OVERFLOW, a new error code
added in RFC 3943.
Ken Raeburn [Sat, 7 Apr 2007 05:15:31 +0000 (05:15 +0000)]
use IP(V6)_PKTINFO in KDC for UDP sockets
As Denis Vlasenko pointed out in ticket 3306, using IP(V6)_PKTINFO to
get or set the local address in UDP communications instead of
allocating one socket for each address seen at startup will behave
better in environments where the addresses may change while the KDC is
running, or in certain unusual network configurations.
The patch from Denis was specific to Linux (didn't do IPV6_PKTINFO if
IP_PKTINFO wasn't defined). I've reworked it a fair amount, and
tested the results briefly on Mac OS X (which has IPV6_PKTINFO but not
IP_PKTINFO) and Linux (which has both).
With this change, on systems like Linux supporting both socket
options, the KDC should be able to use just two UDP sockets, one for
IPv4 and one for IPv6. (And if we turned off IPV6_V6ONLY, we might do
with one.)
Filed as a separate ticket, because Denis's complaint and patch in
3306 cover the RPC code as well.
- add functionality to implement previously defined "DefaultSticky"
registry based configuration parameter. This value is can be added to
an installer by a transform or pushed by Group Policy. When set, it
controls the default setting of the "sticky" flag for new identities.
nidmgr32.dll:
- fix the version resources: FileVersion, ProductName, and ProductVersion
krb5cred.dll:
- when importing an identity from the MSLSA, if there has never been a
default identity, configure the MSLSA identity to be the default.
krb5int_open_plugin_dirs errors out if directory does not exist
If one of the directories in the list doesn't exist and no filenames are
passed in because opendir fails and then the code gets an error. opendir()
failing should not be a fatal error. The function should just move on to
the next directory.
Ken Raeburn [Thu, 5 Apr 2007 20:22:28 +0000 (20:22 +0000)]
service location plugin returning no addresses handled incorrectly
If a locate plugin (e.g., the Python sample plugin and script, when
given realm BOBO.MIT.EDU) returns no error but no addresses, the library
won't report an error, but will try to make contact, and eventually
crash with a null pointer dereference.
Fix: If a plugin returns a value other than PLUGIN_NO_HANDLE, including
success, continue into the code that checks for an empty address list.
Tom Yu [Tue, 3 Apr 2007 21:27:25 +0000 (21:27 +0000)]
MITKRB5-SA-2007-001: telnetd allows login as arbitrary user
Fix MITKRB5-SA-2007-001:
* src/appl/telnet/telnetd/sys_term.c (start_login): Add "--"
argument preceding username, in addition to the original patch.
Explicitly check for leading hyphen in username.
* src/appl/telnet/telnetd/state.c (envvarok): Check for leading
hyphen in environment variables. On advice from Shawn Emery, not
using strchr() as in the original patch.
Kevin Koch [Tue, 3 Apr 2007 03:04:52 +0000 (03:04 +0000)]
Correct usage to track implementation
Split repository action into two parts; setting kerveros.ver variables goes in the middle, no longer conditioned on repository access. This ensures that all substitution variables set correctly, even when the repository action is SKIP.
Avoid 'file not found' msg when deleting temp file.
BETA version not marked as RELEASE.
Create installer sandboxes from the staging area. Build there and copy results back to staging area. NSI build no longer picks up WIX build products.
Kevin Koch [Mon, 2 Apr 2007 16:13:58 +0000 (16:13 +0000)]
Uncomment w2k files in corebinaries.xml
Factor processing of <Prunes> xml into pruneFiles.pl.
Factor processing of <Zips> xml into zipXML.pl.
Move SRC zip XML to <FetchSources> section of config file.
Call zipXML in /REPOSITORY CHECKOUT section of script.
Keep track of cleaning of OUTDIR so SRC zip isn't removed during packaging.
Remove UNIXFIND from config file. If UNIXFIND isn't present in the config file, set the in-memory UNIXFIND to c:\tools\cygwin\bin. UNIXFIND is now an implementation detail stored in the in-memory config XML, like the versions read from kerberos.ver.
Prune more temporary files before making SDK zip.
Remove redundant custom files from sdkfiles.xml. Copy *.* from staging/inc instead of *.h -- one .c file is also required.
The NIM 1.2 User Manual includes a completely re-written
introduction to what is NIM as well as new text describing
the new default "basic" view mode and the revised "new credentials"
dialog. Updates to the menu structures, the toolbar, and
the modifications to the options pages are all provided.
All images have been updated with the new color scheme.
Image shots were taken on XP SP2 with the Silver XP Theme.
Kevin Koch [Sun, 1 Apr 2007 18:42:18 +0000 (18:42 +0000)]
Be smarter about cleaning the staging area.
Clean output area if packaging. (Will not clean if -nopackage specified.)
Pull corebinaries from staging area instead of from target area.
Don't sign before making zips. Build products are only signed in the staging area before any packaging is done. (Packaging products are signed when copied to the output area.)
Previous change: Add relnotes.html to output area.
projects / thirdparty / krb5.git / log
