Ken Raeburn [Fri, 15 Feb 2008 02:51:00 +0000 (02:51 +0000)]
Fix from Savitha R, 2008-01-31, for bug:
KDC threads gets into a infinite wait state (in the replay cache code) while
waiting for a similar request to be completed. This problem is
specific to LDAP backend.
Ken Raeburn [Fri, 15 Feb 2008 02:50:17 +0000 (02:50 +0000)]
Fix from Savitha R, 2008-01-31 for bug:
KDC crash due to assertion failure when a thread reacquires the kdc lock
after waiting on a condition (while a similar request is getting processed )
and tries to unlock the kdc later. The assertion was failing due to mismatch
of lock owner.
Jeffrey Altman [Wed, 14 Nov 2007 22:34:53 +0000 (22:34 +0000)]
The khm_show_main_window() function is no longer called
at startup with khm_nCmdShow == SW_SHOWMINIMIZED in order to
hide the main application by calling khm_hide_main_window().
Instead, the main application window is simply never shown.
As a result, khm_show_main_window() needs to respond to
khm_nCmdShow == SW_SHOWMINIMIZED not by hiding the window
but by changing the khm_nCmdShow state to SW_SHOW and then
calling ShowWindow().
This change will address the problem whereby "Show NIM Window"
had to be triggered twice by the user when the process
was started in a minimized state.
Ken Raeburn [Thu, 1 Nov 2007 08:08:32 +0000 (08:08 +0000)]
Conditionalize "#pragma mark" on TARGET_OS_MAC.
Don't use "#pragma warning" when not on Windows. (In fact, the just-added uses
shouldn't be needed if the above conditional is done right, so one of them was
deleted.)
Ken Raeburn [Wed, 31 Oct 2007 06:07:44 +0000 (06:07 +0000)]
Set CXX_LINK, CXX_LINK_STATIC, and CXX_LINK_SHARED, parallel to CC_ versions.
Assumes for now that libpath, rpath, ldflags, pthread flags and such
apply to both C and C++ compilers.
Ken Raeburn [Mon, 22 Oct 2007 19:18:53 +0000 (19:18 +0000)]
Set close-on-exec flag in most places where file descriptors are
opened in our libraries (in case another application thread spawns a
new process) and in the KDC programs (in case a plugin library spawns
a new process).
Checked calls to: open fopen THREEPARAMOPEN mkstemp socket accept dup
dup2 pipe. In: util lib plugins kdc kadmin/server krb524.
The various programs are less critical than the libraries, as any
well-written plugin that spawns a new process should close all file
descriptors it doesn't need to communicate with the new process.
This approach also isn't bulletproof, as the call to set the
close-on-exec flag is necessarily a separate call from creating the
file descriptor, and the fork call could happen in between them. So
plugins should be careful regardless of this patch; it will only
reduce the window of potential lossage should a plugin be poorly
written. (AFAIK there are currently no plugins that spawn processes
where this would be a problem.)
Jeffrey Altman [Thu, 18 Oct 2007 15:22:43 +0000 (15:22 +0000)]
KFW: BUG: WIX: Beta value hard coded
The beta variable value was inadvertantly committed as part of
ticket 5820 (Revision 20117). The build script needs to
export this value when appropriate.
ticket: new
component: windows
tags: pullup
target: 1.6.3
Jeffrey Altman [Fri, 12 Oct 2007 23:08:30 +0000 (23:08 +0000)]
There appears to be a bug either in the WiX engine or the Windows Installer 3.1.
The "File" type on the Registry Search property is supposed to provide the full
path name. Instead, we are being given just the directory as if it were being
processed with the "Directory" type.
We can avoid this for a REG_SZ value by using the "Raw" type because we are
sure that the string is not going to begin with a '#' character.
Because the full path was not being obtained for the UPGRADENSIS property, the
Uninstall routine was unable to CreateProcess() the uninstall program.
This commit also includes addition debugging in the NSIS Uninstall custom
handler to report the path and the GetLastError() value when the uninstall
fails. This will be logged in the msiexec log file and displayed in a
MessageBox.
Jeffrey Altman [Fri, 12 Oct 2007 19:01:38 +0000 (19:01 +0000)]
KFW: BUG: WIX: Improve Usability of multiple architecture MSI installations, remove non-unique GUID component identifiers, and include Beta ID in the package name
The WiX installation package suffered from several problems:
* The Beta ID was not being included in the package name.
Fixed this by swapping the priority of "Release" and "Beta".
"Beta" is an official release that has a beta value.
A non-release has a datestamp as part of the package name.
* There were duplicate GUID values being used for registry components.
This would prevent proper removal of the components on uninstall.
* 64-bit Installers were being constructed with the 32-bit installer
schema. This prevented side-by-side installation of the 64-bit and
32-bit versions. This also permitted 64-bit installers to be
installed on 32-bit systems.
* The 64-bit and 32-bit installers had the same package name.
64-bit and 32-bit are now identified in the package name.
* 64-bit files were being installed to the WOW64 environment.
ticket: new
component: windows
tags: pullup
target_version: 1.6.3
ccs_lock_status_grant_lock sometimes tries to grant the wrong lock
because it is not keeping track of where it got moved to. Reorganized
code so it is easier to read and doesn't look up the lock twice.
Ken Raeburn [Wed, 10 Oct 2007 17:54:49 +0000 (17:54 +0000)]
Run the script to verify all Windows-exported krb5 functions have the
right calling convention markers in the header files, on Windows.
Always, for lack of a separate "maintainer mode" like we have on UNIX.
Ken Raeburn [Tue, 9 Oct 2007 04:03:59 +0000 (04:03 +0000)]
kt_file.c: Support multiple iterators active simultaneously, using a
counter. In get_entry, if the file was already open, rewind it to
just after the version number, and don't close it when done. Don't
allow add or remove calls if any iterator is active.
t_keytab.c: Test mixing two iterators with get_entry calls.
Jeffrey Altman [Fri, 5 Oct 2007 15:23:53 +0000 (15:23 +0000)]
NIM: BUG: APP: New edit controls should be marked ES_AUTOHSCROLL
The EDIT controls used to accept input from the user must be set to
support automatic horizontal scrolling. Otherwise, the number of input
characters is arbitrarily restricted based upon the font selected by
the user as part of the active Windows theme.
Horizontal scrolling is enabled with the ES_AUTOHSCROLL flag during
control construction.
Kevin Koch [Fri, 5 Oct 2007 01:26:34 +0000 (01:26 +0000)]
KfW Build: add new installer build files to copyfiles.xml
Files were added to the installer build area. They also need to be added to the copylist, so that they are copied to the staging area, where the installer is built.
Except it isn't necessary because fcursor isn't modified
by krb5_fcc_next_cred(). Looks like code was copied from
krb5_fcc_start_seq_get() and since the line was a NOP
no one noticed it.
Jeffrey Altman [Mon, 1 Oct 2007 20:09:55 +0000 (20:09 +0000)]
remove error tables by pointer
On Windows, it is possible for the same DLL to be loaded
into a process multiple times as separate instances. Each
time a DLL is loaded it registers its error tables at different
locations in the process address space. Removing the tables
by base instead of pointer value can result in the error table
list pointing at invalid memory.
The Network Identity Manager notification icon can display a tooltip
when the user hovers the mouse cursor over it. It is currently used
to indicate the default identity (if one is found). However, when
retrieving the name of the default identity, the size of the buffer
was left unspecified. This patch specifies the correct buffer size.
The function called with the incorrect buffer size was
kcdb_identity_get_name(). That function does not write more than
KCDB_IDENT_MAXCCH_NAME characters regardless of the size of the buffer
specified, and the buffer that was passed in is allocated to be this
size. No buffer overrun was present in the existing code, although
the behavior was incorrect.
Jeffrey Altman [Mon, 1 Oct 2007 05:31:02 +0000 (05:31 +0000)]
When Network Identity Manager starts, the credentials display
enumerates known identities and displays them if necessary. However,
as plug-ins load and the list of known identities, their properties
and credentials change, the order of the displayed list will also
change.
The existing code does not deal well in respect to tracking the
current selection when the list of identities and credentials change.
This results in inconsistent behavior where the identity that was
originally at the top of the list maintains its selection state while
the identity at the top of the list after all the plug-ins have loaded
will receive focus.
This patch fixes this problem by explicitly setting focus and
selection to the identity or credential at the current cursor location
following a change in the credentials list.
Jeffrey Altman [Mon, 1 Oct 2007 05:29:38 +0000 (05:29 +0000)]
The credentials display in Network Identity Manager colors the
background of identity headings based on the expiration state of the
credentials that belong to the identity.
This patch changes the behavior to color these headings based on the
existence and expiration state of identity credentials. With this
change, only identities that have valid identity credentials will
appear in green.
The same logic is used when drawing the menu items in the "Set
default" sub-menu in the notification icon.
Jeffrey Altman [Mon, 1 Oct 2007 05:27:29 +0000 (05:27 +0000)]
NIM: BUG: APP: notification icon state
Currently, the notification icon that is created by Network Identity
Manager indicates the status of all the known credentials. If any
credential belonging to any identity is expired or in a critical
state, the icon will change color to indicate this.
This patch changes the behavior to only indicate the status of
credentials belonging to the default identity. The expiration state
of credentials that do not belong to the default identity no longer
affect the appearance of the notification icon.
Jeffrey Altman [Mon, 1 Oct 2007 05:25:34 +0000 (05:25 +0000)]
NIM: BUG: APP: identity data corruption
The credentials display in Network Identity Manager uses a cached set
of properties for each identity that has credentials. The existing
code used the wrong field of the khui_credwnd_identity structure to
store the credentials type name associated with an identity, resulting
in a corrupt data structure.
This patch fixes the code to use the correct field.
Jeffrey Altman [Mon, 1 Oct 2007 05:19:05 +0000 (05:19 +0000)]
NIM: BUG: APP: leaking prompts in obtain new credentials dialog
The Kerberos v5 plug-in for Network Identity Manager was not clearing
the list of prompts properly when a user changes the active identity
in the new credentials dialog. The stale prompts would be visible to
the user if the newly selected identity is invalid or the new identity
cannot be validated.
This patch clears the prompts if there is an identity change.
When there is no ImagePath value for a module it indicates
that the module has not been installed. Do not report an
error to the end user for uninstalled modules. This will
only annoy the user and there is probably nothing the user
can do about it. Perhaps the user uninstalled the module
intentionally. The fact that there is still a HKCU key
remaining is not an indication that the module is in use.
Remove Krb5Cred, Krb5Ident, and Krb4Cred default configuration data from
the KMM Schema. Require that modules that are installed be properly
installed.
Add NIM Module Registry values to the NSIS installer. These values were
already being set by the Wix installer.
By removing the ImagePath default, unable to load module errors will
not be generated when the module has not in fact been installed.
The Network Identity Manager notification icon can have a tooltip
associated with it. The tooltip will be displayed to the user if she
hovers the mouse cursor over the notification icon. Currently, the
tooltip is used to indicate the current status of Network Identity
Manager. This patch adds the name of the default identity to the
tooltip.
In Network Identity Manager, when locating the action object
corresponding to an action identifier using khui_find_action(), don't
search through the list of standard actions if we already know that
the object we are searching for is a custom action.
Add a "Set default" sub menu to the Network Identity Manager
notification icon context menu. The submenu will display a list of
identities that the user can select as the default identity.
Each identity that is displayed in the sub menu will be colored the
same way it is colored in the basic view to provide a hint as to the
state of the credentials belonging to the identity.
Add a "View all identities" option to the view menu of Network
Identity Manager. This option will be toggled when selected. If
enabled, all the known identities will be displayed in any credentials
view which uses the identity of credentials as the primary group-by
field.
profile library memory leaks introduced when malloc returns 0
I have a modified version of valgrind that will allow me to have
malloc fail in a controlled way. A number of memory leaks in error return
passes exist in the profile library. They are essentially inconsequental - but
my goal is to eventually create a test harness that tries to cover all code -
including error returns...
prof_parse.c: (profile_parse_file): Free node being created if
parse_line() fails.
prof_file.c (profile_open_file): free prf_data_t on malloc failure
prof_tree.c (profile_create_node): The magic element must be set
before calling profile_free_node for it to release memory.
projects / thirdparty / krb5.git / log
