Ben Kaduk [Thu, 16 Aug 2012 20:03:48 +0000 (16:03 -0400)]
Kill running processes on upgrades/uninstalls
The InstallValidate action of the windows installer will bring up
a dialog informing us that some currently running processes must
be terminated before installation may proceed, and offers to do so,
but does not actually kill the processes. We have our own code to
kill running processes which did not execute, for two reasons:
it was sequenced after InstallValidate, and we did not have a current
list of processes to look for.
Add the right processes to look for and kill, and use our own
process-killing code since it actually works.
Ben Kaduk [Wed, 15 Aug 2012 18:50:42 +0000 (14:50 -0400)]
Make finding 32-bit libs easier
Our 64-bit installer provides 32-bit libraries as well as 64-bit
libraries, but not all 32-bit applications (e.g., PuTTY, Pidgin)
are able to locate them in C:\Program Files\MIT\Kerberos .
Including an InstallDir key under the Wow6432Node tree lets them
work out-of-the-box; while here set all the registry keys in this
component in the compatibility tree, for consistency.
Ben Kaduk [Mon, 13 Aug 2012 22:01:47 +0000 (18:01 -0400)]
Upgrade 64-bit KfW installations
We use separate UpgradeCodes for 32- and 64-bit installers, so
we must check for both of them when seeing if we are upgrading an
old/existing installation.
Ben Kaduk [Mon, 13 Aug 2012 19:03:45 +0000 (15:03 -0400)]
Upgrade from KfW betas, too
Instead of using 3.9.9 as a conditional for the maximum version to
upgrade from, just use the current version.
This seems to pick up beta tags properly (so we can upgrade
from, e.g., beta 6 to beta 7 using the installer's upgrade tools),
and is future-proof.
Note that a 64-bit installer will not pick up an existing 32-bit
install (or vice versa), but there does not seem to be infrastructure
to deal with this situation easily.
Also, "downgrading" by running an older installer with a newer version
already installed will cause both versions to be simultaneously
installed; only do this if you know what you're doing.
Benjamin Kaduk [Tue, 31 Jul 2012 20:12:27 +0000 (16:12 -0400)]
Avoid a crash when attempting to change password
In some cases we could keep stack garbage in a local pointer
variable until the cleanup at the end of the function wherein
krb5_free_context() would choke on the invalid non-NULL value.
Initialize to zero to avoid the issue (should be written as NULL
but stick to the prevailing style).
Benjamin Kaduk [Mon, 30 Jul 2012 20:50:55 +0000 (16:50 -0400)]
Rename old krb5.ini files away
We want to always use a new krb5.ini (and our search order guarantees
that we will), but users might be confused if there is still a file
named krb5.ini in the old location which is now non-functional.
However, it is rude to unconditionally delete the old file which may
potentially be the only copy a user has of their local changes.
Instead, rename the old file to a non-functioning name that indicates
it is no longer being used, so that it may be consulted if needed.
Only attempt the rename if we found an existing krb5.ini, and ignore errors
since this is not a critical part of the installation.
Kevin Wasserman [Mon, 30 Jul 2012 20:30:34 +0000 (16:30 -0400)]
Fix renew_until check for auto-renewal
This was completely wrong, but only caused a severe problem on 64 bit
builds. On 32 bit builds the result was effectively always 'success',
so it would always attempt to renew even if there was not sufficient time
left in the renewable lifetime. This did not have much observable
adverse effect. But on 64 bit builds it always failed and so never
attempted renewal.
Kevin Wasserman [Mon, 30 Jul 2012 13:46:24 +0000 (09:46 -0400)]
Always install krb5.ini in KfW 4.0 installer
Pre-existing krb5.ini files from old kfw versions will be overridden
due to the new search path, but not removed. This is the desired behavior
since old krb5.ini files are far more likely to cause problems than to
contain useful data.
Kevin Wasserman [Fri, 27 Jul 2012 20:41:06 +0000 (16:41 -0400)]
CCAPI client rpc fixes
On Windows XP, cci_os_ipc_thread_init() causes additional threads to be
spawned immediately, which results in a vicious cycle until Windows
resources are exhausted. Instead, defer thread_init() until it is really
needed.
Also, use the MSDN-recommended defaults for RPC calls instead of random
constants.
Kevin Wasserman [Wed, 18 Jul 2012 21:32:31 +0000 (17:32 -0400)]
Call CWinAppEx::InitInstance()
Without this, AfxGlobalsAddRef() is never called, so AfxGlobalsRelease()
does nothing, causing many leaks and a crash on exit in GdiplusShutdown()
on Vista.
Kevin Wasserman [Tue, 17 Jul 2012 17:51:46 +0000 (13:51 -0400)]
Use cc_user_set_default_name to 'make default'
In addition to calling krb5_cc_switch(), use
krb5int_cc_user_set_default_name() in CLeashView::OnMakeDefault()
to set the default ccache for all processes for the current user.
Kevin Wasserman [Sat, 5 May 2012 14:53:44 +0000 (10:53 -0400)]
Help updates for kfw 4.0
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
[kaduk@mit.edu: Squash commits, a couple of grammar fixes, and also turn
a few instances of "Leash" into "MIT Kerberos". Trim trailing whitespace
and other whitespace tweaks to pass the commit hooks.]
Kevin Wasserman [Tue, 17 Jul 2012 17:17:46 +0000 (13:17 -0400)]
Fix leashdll code to search for existing tickets
When we have a desired principal, search the entire credential cache
collection for existing tickets for that principal before using a prompter.
If no principal is specified, check only the default cache.
Kevin Wasserman [Thu, 21 Jun 2012 19:30:24 +0000 (15:30 -0400)]
Use file mapping to marshall message data
GlobalAlloc() is no longer supported for this purpose.
Also split out leash message marshalling code into a separate function
acquire_tkt_send_message_leash and improve string copy safety.
Kevin Wasserman [Thu, 21 Jun 2012 17:27:27 +0000 (13:27 -0400)]
Set kfw GUI read-only princ flag when appropriate
When receiving a request to obtain tickets (from another process), if a
particular principal is requested, set the read-only flag to prevent
the user from changing the principal.
Kevin Wasserman [Thu, 21 Jun 2012 17:22:39 +0000 (13:22 -0400)]
Add 'read-only principal' flag
Reserve the high-order 16 bits of dlgtype for flags.
Add DLGFLAG_READONLY_PRINC. When specified, the get tickets dialog
does not allow the user to change the principal.
Kevin Wasserman [Fri, 15 Jun 2012 02:57:59 +0000 (22:57 -0400)]
Send kfw 'obtain ticket' messages to main frame
Previous versions of kfw would attempt to send 'obtain tickets' messages
directly to the 'view' window by sending to the first child of the main
frame. But with the ribbon UI, the ribbon toolbar is now the first child,
so that method no longer works. Instead we now send the message to the
main frame and the main frame forwards to the active view.
Kevin Wasserman [Sat, 2 Jun 2012 14:34:09 +0000 (10:34 -0400)]
KfW auto-complete support
Use the registry to store and retrieve principals for auto-complete.
Remember principals from successful autentications.
TODO: combine realm/username in principal; 'remember principal' checkbox;
reset button; add to support 'change password' dialog as well.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
[kaduk@mit.edu: style cleanup, copyright/license on new file.]
Kevin Wasserman [Mon, 14 May 2012 16:14:20 +0000 (12:14 -0400)]
Do not be over-restrictive in the presence of UAC
We used to explicitly check if a process was UAC-limited and deny all
access to the TGT in that case; however, this makes the MSLSA cache
effectively useless.
Do not try to outsmart UAC, and let it do its own checking -- this allows
UAC-limited access to the MSLSA ccache, which should mean read-write
access to service tickets, and write-only access to the TGT.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
[kaduk@mit.edu: delete instead of comment out, move comment.]
Kevin Wasserman [Mon, 23 Jul 2012 08:30:27 +0000 (04:30 -0400)]
kfw support for multiple identities
We need a sense of what the default identity is, then, with a way
to set it and list it.
The memory management model changes some, as well.
Use a bold font to indicate the current default identity in the
GUI; while here use an italic font for expired credentials.
In the process, rip out some krb4 remenants, and remove ancient
code conditional on the lack of KRB5_TC_NOTICKET.
Define USE_MESSAGE_BOX when building leash and use MessageBox().
[kaduk@mit.edu: adjust for style, flesh out commit message.]
Kevin Wasserman [Sat, 21 Jul 2012 12:52:50 +0000 (08:52 -0400)]
Use ListView; add ViewColumn abstraction
Punting FormView since we really only need ListCtrl and using
ListView makes the header column and window resizing work.
The ViewColumn abstraction eliminates some copy/paste code blocks.
HDN_ITEMCHANGED tracks user changes to column widths.
Remove CTreeCtrl-related code.
Also remove some unused code that was generating warnings.
Kevin Wasserman [Tue, 3 Apr 2012 11:02:43 +0000 (07:02 -0400)]
Prep for KfW conversion to ribbon toolbar
Upgrade classes: CWinApp->CWinAppEx, CFrameWnd->CFrameWndEx,
CStatusBar->CMFCStatusBar, CToolBar->CMFCToolBar.
Call AfxOleInit() from CLeashApp::InitInstance()
Do not call LoadBarState() (crashes)
or GetToolBarCtrl() (no longer exists)
projects / thirdparty / krb5.git / log
