Kevin Koch [Wed, 18 Apr 2007 03:00:49 +0000 (03:00 +0000)]
Factor repository access out of bkw.pl into repository1.pl
Modify bkw.pl to use an initial config file to fetch the sources and then use the config file from those sources to do the build. This way, the description of how to build the sources is in the config file that is part of the sources. It is possible and probably reasonable for the initial config file to be the same as the tagged version. Output all the options used.
Add bootstrap.xml - a sample minimal config file, sufficient to fetch the sources from a repository.
This patch addresses a problem discovered on some XP systems.
After rundll32.exe starts, the CreateProcess can fail to
start kfwcpcc.exe if the current directory is not %WinDir%\System32.
CreateProcess() should be called with the lpApplicationName parameter
set to NULL in order to permit the use of the PATH.
Also, in ConfigureLogonScript ensure that the trailing NUL of the
constructed command line is processed when producing the wide
character version of the string.
In testing it has been observed that remote desktop connections
will execute the NPLogonNotify function but if the logon is
re-connecting to an existing session, the LogonScript is ignored.
This leaves orphaned credential cache files.
This commit adds a function, KFW_cleanup_orphaned_caches, which
is called by NPLogonNotify to delete any orphaned cache files.
An orphaned cache file is one that is older than five minutes.
Change event log name from "KFW Logon" to "MIT Kerberos". This
is being done to avoid confusion with the "KFW Logon" functionality
that was provided by older versions of OpenAFS. (kfwlogon.h)
Remove logging of the inability to access the "Debug" registry value.
On Vista, kfwlogon.dll is no longer loaded by winlogin.exe. Instead
it is loaded by mpnotify.exe which is spawned once for each logon
request. (kfwcommon.c)
Add a test to ensure that RegisterEventSource succeeded before calling
ReportEvent. (kfwcommon.c)
Absolutely make sure that krb5_init_context() succeeded before calling
any other krb5 functions. (kfwcommon.c)
Add a comment explaining why NPGetCaps() says we are a file system even
though we are not. "It won't work otherwise." (kfwlogon.c)
Change all comparisions for Windows Station and AuthentInfoType names
to case insensitive comparisons. Vista does not use the same case as XP.
(kfwlogon.c)
Change the requested access to the temporary cache file from "All" to
"Read | Delete" when importing its contents into the API cache.
Otherwise, the access test will fail on Vista. (kfwlogon.c)
Add the new kadm5srv function krb5_get_principal_keys to the export list
Build a separate copy of kadmin/cli/keytab.c for kadmin.local that exposes
the -norandkey flag in a way that doesn't require the compiler support -c
and -o at the same time.
Add support for extracting existing keys from the KDC with kadmin.local.
Adds a -norandkey option to the ktadd command only in kadmin.local, and
adds a new function to the libkadm5srv library that kadmin.local can
call. There is no protocol or network access to this function.
Kevin Koch [Sat, 14 Apr 2007 18:06:26 +0000 (18:06 +0000)]
Leave built installers in their temp areas and change final copy step to copy them into <out> from their new location. Delay cleaning up the temp areas until after that copy
Add vertical scrollbars to realm fields in dialogs
The obtain new credentials dialog and the change password
dialog provide a "Realm" combo-box. These controls were
not configured to display a vertical scroll bar if there
were more than five realms in the list.
Ken Raeburn [Fri, 13 Apr 2007 07:04:39 +0000 (07:04 +0000)]
Revert previous change; krb5int_cm_call_select is used by the KDC, and should
return when interrupted by a signal. Instead, check for EINTR in service_fds
and call krb5int_cm_call_select again.
Kevin Koch [Fri, 13 Apr 2007 03:00:21 +0000 (03:00 +0000)]
Only copy install/[wix|nsi] areas into install builder temp areas.
Write site-local files to those temp areas. Now tagged files stay in the staging area and are incorporated into the installers. The substituted files are only in the installer build temp areas.
Although the Platform SDK docs suggest using ITaskbarList to add/remove
a taskbar button on the fly, it doesn't work on Vista. Instead we will
just set the window style to use WS_EX_APPWINDOW and be done with it.
Kevin Koch [Thu, 12 Apr 2007 14:29:07 +0000 (14:29 +0000)]
KfW build automation:
Consolidate all command line switch info in one section of the config.xml, flatten structure.
Don't prune .../site/... .
Use getopts negate option where possible.
New method of dealing with repository options, driven from config xml.
Adjust code to find switches in new place.
Hardwire default config to bkwconfig.xml. Makes "bkw.pl" the out-of-the-box command line.
Hardwire unixfind path to C:\tools\cygwin\bin.
Add filver to required programs list.
The doxyfile.cfg file was generated using Doxygen 1.2 which is years
old. There have been significant improvements in the quality of the
Html output since then. As of this commit, the current version is 1.5.2.
- When the root credential set is touched, trigger an identity
refresh. This is necessary to ensure that the identity list
has a complete state of the world when the identity provider
attempts to initialize an initial default identity when none
previously existed. (see krb5cred.dll section)
- Don't set the enabled state for KHUI_ACTION_DESTROY_CRED and
KHUI_ACTION_RENEW_CRED actions. They are set elsewhere.
krb5common.obj
- Initialize variables to prevent uninitialized use.
krb4cred.dll
- Re-order controls and use CheckRadioButton() for manipulating the
radio buttons which select the ticket acquisition method.
- Use symbolic constants instead of numbers.
- If Kerberos 4 is enabled for a specific identity, then that setting
takes precedence over the global setting. The global setting is
merely a default if a per-identity setting is not specified.
However, a per-identity setting is only read for the default
identity.
- If the validity of an identity is not known, assume that it is still
being checked and don't display any credential text.
- When handling WM_COMMAND messages for the new credentials panel,
only update the data when a BN_CLICKED message is received and only
update the display if the IDC_NCK4_OBTAIN checkbox is toggled.
- Remove unused symbols from langres.h
krb5cred.dll
- When renewing an identity which was imported, first try to import it
again. If that fails to obtain newer tickets, then try initializing
the MSLSA cache and then importing again.
- Refactor the code for setting an identity as the default so we can
call it internally.
- When setting the initial default identity, if there is no current
default ccache and no known last default identity, then look through
the list of ccaches with credentials and pick one with valid
tickets. If all else fails, then pick any of the ccaches.
netidmgr.exe
- Credentials Window
- Consistently use KHUI_CW_O_RELIDENT as a necessary and sufficient
indicator that the identity needs to be released when freeing an
outline node.
- Properly initialize an outline node.
- Don't group similar credentials if we aren't sorting/grouping by
any specific column.
- Use the KHUI_CW_O_EMPTY flag to indicate that an outline node
contains no children.
- Handle the case where we aren't sorting/grouping by any column.
- Make sure outline nodes have valid idx_start and idx_end values.
- Use consistent logic when painting and handling mouse hotspots.
- Don't use WS_EX_TRANSPARENT when creating the notification window.
- Use a fixed height for the notification window.
- Update the outline when the default identity changes.
- Hypertext Window
- Correctly handle the "center" attribute in the "p" element.
- Use a system brush for painting the background instead of creating
one of our own.
- Correct the handling of scroll_left and scroll_top when
calculating the coordinates for text.
- Don't check if the rectangle for the text is inside the visible
area of the window before drawing.
- Handle WM_ERASEBKGND and use a system color brush to erase the
background.
- When the size changes, force the extents to be recomputed. This
will also update the scroll bars.
- Use the proper return value after handling WM_PAINT.
- The scrollbar messages send the operation code in the low word of
wParam, not the high word.
- Use GetScrollInfo() with SIF_POS when the operation is
SB_ENDSCROLL or SB_THUMBPOSITION.
- When the hottracked link changes for a transparent window, don't
invalidate the entire parent window. Instead use
MapWindowPoints() to calculate the affected rectangle and
invalidate that.
- Misc
- Change the text of the IDS_NO_CREDS message so that it renders
better on a small window.
- Initialize COM when starting the GUI.
- When showing and hiding the main window and the new credentials
window, add a button to the task bar. This allows the user to
switch focus to the window if it's obstructed.
- Remove unused symbols from resource.h
- New Credentials Window
- Ignore the validity state of the identity when showing a password
change dialog. We don't expect the identity provider to validate
the identity when changing the password.
Ken Raeburn [Mon, 9 Apr 2007 20:58:13 +0000 (20:58 +0000)]
EAI_NODATA deprecated, not always defined
Brian Kantor reports (on the kerberos@mit list today) that krb5-1.6
doesn't build on FreeBSD 6.1 because they've done away with
EAI_NODATA, which was removed from the getaddrinfo API in RFC 3943.
This patch conditionalizes two tests for EAI_NODATA on the macro being
defined, and also adds handling for EAI_OVERFLOW, a new error code
added in RFC 3943.
Ken Raeburn [Sat, 7 Apr 2007 05:15:31 +0000 (05:15 +0000)]
use IP(V6)_PKTINFO in KDC for UDP sockets
As Denis Vlasenko pointed out in ticket 3306, using IP(V6)_PKTINFO to
get or set the local address in UDP communications instead of
allocating one socket for each address seen at startup will behave
better in environments where the addresses may change while the KDC is
running, or in certain unusual network configurations.
The patch from Denis was specific to Linux (didn't do IPV6_PKTINFO if
IP_PKTINFO wasn't defined). I've reworked it a fair amount, and
tested the results briefly on Mac OS X (which has IPV6_PKTINFO but not
IP_PKTINFO) and Linux (which has both).
With this change, on systems like Linux supporting both socket
options, the KDC should be able to use just two UDP sockets, one for
IPv4 and one for IPv6. (And if we turned off IPV6_V6ONLY, we might do
with one.)
Filed as a separate ticket, because Denis's complaint and patch in
3306 cover the RPC code as well.
- add functionality to implement previously defined "DefaultSticky"
registry based configuration parameter. This value is can be added to
an installer by a transform or pushed by Group Policy. When set, it
controls the default setting of the "sticky" flag for new identities.
nidmgr32.dll:
- fix the version resources: FileVersion, ProductName, and ProductVersion
krb5cred.dll:
- when importing an identity from the MSLSA, if there has never been a
default identity, configure the MSLSA identity to be the default.
krb5int_open_plugin_dirs errors out if directory does not exist
If one of the directories in the list doesn't exist and no filenames are
passed in because opendir fails and then the code gets an error. opendir()
failing should not be a fatal error. The function should just move on to
the next directory.
Ken Raeburn [Thu, 5 Apr 2007 20:22:28 +0000 (20:22 +0000)]
service location plugin returning no addresses handled incorrectly
If a locate plugin (e.g., the Python sample plugin and script, when
given realm BOBO.MIT.EDU) returns no error but no addresses, the library
won't report an error, but will try to make contact, and eventually
crash with a null pointer dereference.
Fix: If a plugin returns a value other than PLUGIN_NO_HANDLE, including
success, continue into the code that checks for an empty address list.
Tom Yu [Tue, 3 Apr 2007 21:27:25 +0000 (21:27 +0000)]
MITKRB5-SA-2007-001: telnetd allows login as arbitrary user
Fix MITKRB5-SA-2007-001:
* src/appl/telnet/telnetd/sys_term.c (start_login): Add "--"
argument preceding username, in addition to the original patch.
Explicitly check for leading hyphen in username.
* src/appl/telnet/telnetd/state.c (envvarok): Check for leading
hyphen in environment variables. On advice from Shawn Emery, not
using strchr() as in the original patch.
Kevin Koch [Tue, 3 Apr 2007 03:04:52 +0000 (03:04 +0000)]
Correct usage to track implementation
Split repository action into two parts; setting kerveros.ver variables goes in the middle, no longer conditioned on repository access. This ensures that all substitution variables set correctly, even when the repository action is SKIP.
Avoid 'file not found' msg when deleting temp file.
BETA version not marked as RELEASE.
Create installer sandboxes from the staging area. Build there and copy results back to staging area. NSI build no longer picks up WIX build products.
Kevin Koch [Mon, 2 Apr 2007 16:13:58 +0000 (16:13 +0000)]
Uncomment w2k files in corebinaries.xml
Factor processing of <Prunes> xml into pruneFiles.pl.
Factor processing of <Zips> xml into zipXML.pl.
Move SRC zip XML to <FetchSources> section of config file.
Call zipXML in /REPOSITORY CHECKOUT section of script.
Keep track of cleaning of OUTDIR so SRC zip isn't removed during packaging.
Remove UNIXFIND from config file. If UNIXFIND isn't present in the config file, set the in-memory UNIXFIND to c:\tools\cygwin\bin. UNIXFIND is now an implementation detail stored in the in-memory config XML, like the versions read from kerberos.ver.
Prune more temporary files before making SDK zip.
Remove redundant custom files from sdkfiles.xml. Copy *.* from staging/inc instead of *.h -- one .c file is also required.
The NIM 1.2 User Manual includes a completely re-written
introduction to what is NIM as well as new text describing
the new default "basic" view mode and the revised "new credentials"
dialog. Updates to the menu structures, the toolbar, and
the modifications to the options pages are all provided.
All images have been updated with the new color scheme.
Image shots were taken on XP SP2 with the Silver XP Theme.
Kevin Koch [Sun, 1 Apr 2007 18:42:18 +0000 (18:42 +0000)]
Be smarter about cleaning the staging area.
Clean output area if packaging. (Will not clean if -nopackage specified.)
Pull corebinaries from staging area instead of from target area.
Don't sign before making zips. Build products are only signed in the staging area before any packaging is done. (Packaging products are signed when copied to the output area.)
Previous change: Add relnotes.html to output area.
Jeffrey Altman [Thu, 29 Mar 2007 21:19:43 +0000 (21:19 +0000)]
more bug fixes for NIM 1.2 (KFW 3.2)
netidmgr.exe
- Credentials display :
- If an outline is marked as KHUI_CW_O_STICKY | KHUI_CW_O_RELIDENT,
release the identity when deleting the outline node.
- Correctly determine the location of UI widgets using the column
specifier of the outline node instead of the column specifier of
the row.
- Do not recompute the extents of a row.
- If there is a default identity and it has no credentials and it is
not pinned, display it anyway.
krb5common.obj
- Import profile_rename_section()
krb5cred.dll
- In the realm editor:
- When writing realm data, keep track of whether any updates were
performed.
- Reset the dirty bits for each element whose changes were written
to the profile.
- Use profile_rename_section() correctly to delete sections.
- Check if any changes were applied before setting the 'applied' bit
for the configuration node.
- Don't assume that the Kerberos 5 General configuration panel has
received WMCFG_APPLY before the realm editor. It will not receive
the notification if it hasn't indicated that there are changes to
be applied.
- New credentials :
- If there is no "ExpiresOn" value for a cached prompt set, assume
that it has already expired.
- Set the lifetime for a new prompt set to be 7 days longer than
then maximum renewable lifetime.
Jeffrey Altman [Thu, 29 Mar 2007 17:24:34 +0000 (17:24 +0000)]
NIM commits for KFW 3.2 Beta 1
(NetIDMgr 1.2.0.0)
netidmgr.exe
- Simplify credential window UI element placement calculations.
- Add the Custom_1 view to the UI schema. This is used to store
customizations to the basic view.
- Extended styles for toolbars have to be set via TB_SETEXTENDEDSTYLE
messages instead of the EX_STYLE parameter to CreateWindowEx().
Also, set the extended style to support detached arrows.
- Support drop down menus in the standard toolbar.
- The per-identity commands that are added to expiration dialogs are
now flagged for automatic dispatch.
- Remove unnecessary status bar parts and display the status bar icons
at the correct size.
- The notification alerts now display the info balloon at the correct
size.
- Increase the height of the height of the dialog button bar to 190
from 181 dialog units.
- Lock the action tables when refreshing the per-identity actions.
Perform the necessary notification after refreshing the per-identity
actions.
- "Initialize <identity>" -> "Obtain new credentials for <identity>"
- Add a button to go back to the Basic view from the Advanced view in
the new credentials dialog.
- Cache the extents of each row since we now support rows of variable
heights.
- Selecting a credential row or a header should select all the
credentials that are represented by the row.
- Update the selection state after loading a new view.
- Display the expiration times in the second line of an expanded
identity header.
- Checks for expiration flags in the credentials window now take into
account that the each flag may occupy more than one bit position.
- Calculate the expiration flags for the identity before assigning it
to a header, so that the header can display accurate expiration
data.
- Kill unnecessary timers in the credentials view and make sure taht
the KHUI_CW_ROW_TIMERSET flag is consistent with whether there is an
active timer for the row.
- In addition to rows that hold credentials, timers can also be
assigned to headers for identities in the basic view. This allows
the headers to display expiration times.
- The credentials view keeps track of the count of credentials, the
count of identity credentials (credentials which belong to the
credentials type that the identity belongs to) and the number of
initial credentials.
- Configuration spaces that hold credential view definitions now
include an additional value "_AppVersion" which contains the version
of NIM used to create the data. If the current version is greater
than the stated version, NIM will failover to using the schema
instead of using the saved data. This is because view definitions
are version dependent.
- The app_version global variable is now a const.
- The renew and destroy icons in the standard toolbar are now drop
down buttons. If the drop down arrow is clicked, they display a
menu with the list of identities that the operation can target.
- The renew and destroy actions on the credential menu have been
replaced by submenus that allow the user to select the identity
which would be the target of the operation.
- Consistently update the 'displayed' field of an alert so that
plug-ins can keep track of which alerts are being displayed.
- If the currently displayed balloon alert has
KHUI_ALERT_FLAG_DEFACTION flag, then dispatch the defualt command
when the user clicks the notification icon, or display the expanded
alert if necessary.
- Reduce flicker when drawing the credentials display by clipping the
header control from the device context.
- The state of Advanced mode is now preserved between NIM sessions.
- The credential display layout is kept track of separately for the
Basic and Advanced views. Any customization done on either view
(e.g.: changing sort order) will only affect that view.
Customizations for the Advanced view will be saved in the Custom_0
view, while customizations for the Basic view will be saved in
Custom_1.
- New color scheme.
- Selecting a credential or identity will no longer mask the
expiration state. The selection rectangle is now alpha blended.
- In Basic view, the width of the Identity column changes with the
width of the window so that the credentials display always fills the
width of the window.
- The colors for the highlight, text color, highlighted text color,
window background and other elements are now obtained via Windows so
that NetIDMgr will be more consistent with any themes that have been
applied.
- Correctly determine whether a column can be dragged or resized based
on the KHUI_CW_COL_FIXED_WIDTH and KHUI_CW_COL_FIXED_POS flags.
- Correctly update the scroll bars when switching between views.
- The "marker" button for a displayed alert should not perform any
action and it should not be the default control. Selecting it
should no longer cause an assertion to be thrown.
- Don't display the "... Click here for more." message when displaying
a balloon alert if the operating system involved does not provide a
reliable means of detecting that the user clicked on a balloon.
- When attempting to display queued alerts, if the alert at the top of
the queue is of a type that cannot be consolidated, then show it by
itself.
- If the size of the alert window changes, it should be redrawn
properly.
krb5creds.dll
- Allow setting an identity as the default even if there are no
credentials or credential caches associated with it. We generate
the name of the ccache we would use if we were getting new
credentials for the identity and then set that as the default cache.
- Controls in the per-identity configuration panels resized to fit
their contents.
- Set the credentials type and type name attributes for identities for
which we have a TGT.
- Use khm_krb5_get_identity_params() when retrieving parameters for
the identity global configuration panel.
- Add UI elements for setting the global values for forwardable,
renewable and addressless flags.
- Make the schema default to issue forwardable tickets for identities
that have no configuration and when krb5.ini does not define
'forwardable'.
- When updating the identity properties, take all the active
identities into account, so that we won't orphan any identities with
Krb5 properties but no credentials associated with them.
- If there is no TGT associated with an identity, then strip it of any
Krb5 provided properties.
- Associate identities that have a valid TGT with Krb5 by setting
KCDB_ATTR_TYPE to the Krb5 credentials type.
- Don't attempt to renew an identity if the TGT is not renewable or is
expired.
- When opening the configuration handle for an identity, if the
identity does not have any configuration information, failover to
using the per-realm configuration or the identity global
configuration.
- When opening the configuration handle, don't return a handle that
can't safely be closed.
- Add code from get_in_tkt.c that correctly handles per-realm settings
when obtaining libdefaults settings from the profile.
Kevin Koch [Wed, 28 Mar 2007 18:43:11 +0000 (18:43 +0000)]
Pull product version information from kerberos.ver
Change site-local.wxi/.nsi to site-local-tagged.wxi/.nsi. Add tags such as %VERSION-MAJOR% which are substituted by the build script. NB: to build the installers directly, the build script must be run at least once to generate site-local.wxi/.nsi.
Write DEBUG, RELEASE, BETA defines to site-local.nsi, based on build setting & values from kerberos.ver.
Add more tag substitutions to file copy and the config file, to provide a way to generate names like kfw-3-2-0-DEBUG.exe programatically.
Jeffrey Altman [Wed, 28 Mar 2007 18:03:45 +0000 (18:03 +0000)]
KFW: problems with non-interactive logons
Non-interactive logons cause two problems:
(1) on XP/2003 the logon event handlers do not get triggered and on
all platforms the LogonScript does not get executed.
As a result, ccache files are not deleted.
(2) on all platforms, accessing the credential cache causes
krbcc32s.exe to be spawned. This process never terminates.
This patch tests for interactive logons. If the logon is not
interactive, the Network Provider exits immediately.
Kevin Koch [Tue, 27 Mar 2007 17:27:41 +0000 (17:27 +0000)]
All Windows apps were popping MessageBoxes when stderr is redirected. Console apps shouldn't and no longer do that. Added isGuiApp, which tests gui resource usage
Jeffrey Altman [Tue, 27 Mar 2007 13:46:13 +0000 (13:46 +0000)]
WIX installer stores WinLogon event handler under wrong registry value
The WinLogon event handler in prior versions of the Wix installer
has been installing the event handler under the registry value "KFWLogon"
which happens to be the name that "OpenAFS" also uses for its Kerberos
logon events. The KFW NSIS installer has used "MIT_KFW" in order to
avoid the conflict. The Wix installer is being corrected to match.
When there is a name collision, only one of the event handlers gets
installed. As a result, Kerberos FILE ccaches get created with SYSTEM
only ACLs and are never destroyed. This is the same problem that
happens on Windows Vista when integrated logon is used because the
event handler hooks do not exist.
Jeffrey Altman [Tue, 27 Mar 2007 13:37:30 +0000 (13:37 +0000)]
This commit addresses several issues:
(1) The registry key used for activating event reporting to
the Windows application log was wrong. It should be
"NetworkProvider" not "Network Provider"
(2) Event logging of the state of the "Debug" value has been
added so that it is possible to debug the use of event
reporting.
(3) The code no longer performs the pre-kinit operations
if a password was not provided.
(4) A new function KFW_copy_file_cache_to_api_cache() has
been added. This is used instead of
KFW_copy_file_cache_to_default_cache() permitting the
default cache to be MSLSA, FILE, or anything else.
The API cache name will be of the form API:principal
just as is done by Network Identity Manager.
projects / thirdparty / krb5.git / log
