diff options
| author | Kevin Coffman <kwc@citi.umich.edu> | 2007-02-27 16:41:02 +0000 |
|---|---|---|
| committer | Kevin Coffman <kwc@citi.umich.edu> | 2007-02-27 16:41:02 +0000 |
| commit | 6a47113c611c962b01d813ecaf0f2eb7e715cb54 (patch) | |
| tree | d60ecaf646c65d05c89ea7e76a1fb9dd895761f3 | |
| parent | 06acd8a2e65ed2e9dfe38de9b977529cc87c14f7 (diff) | |
| download | krb5-6a47113c611c962b01d813ecaf0f2eb7e715cb54.zip krb5-6a47113c611c962b01d813ecaf0f2eb7e715cb54.tar.gz krb5-6a47113c611c962b01d813ecaf0f2eb7e715cb54.tar.bz2 | |
Pull up r19052:r19183 from trunk
git-svn-id: svn://anonsvn.mit.edu/krb5/users/coffman/pkinit@19184 dc483132-0cff-0310-8789-dd5450dbe970
130 files changed, 3176 insertions, 1093 deletions
diff --git a/doc/kadm5-errmsg.txt b/doc/kadm5-errmsg.txt new file mode 100644 index 0000000..76404bc --- /dev/null +++ b/doc/kadm5-errmsg.txt @@ -0,0 +1,59 @@ +Proposed approach for passing more detailed error messages across the +kadm5 API: + +We've already got too many init functions and too many options. +Multiplying the number of init functions isn't feasible. + +Create an (opaque to application) init-options type, create/destroy +functions for it, set-creds/set-keytab/set-password functions, and a +kadm5-init-with-options function. (Optional: Reimplement the current +init functions as wrappers around these.) + +Add a set-context function which saves away in the init-options object +a krb5_context to be used in the new server handle instead of creating +a new one. (Destroying a server handle with such a "borrowed" krb5 +context should probably not destroy the context.) Calls within the +library should store any error messages in the context contained in +the server handle. Error messages produced during initialization +should also be stored in this context. + +The caller of these functions can use krb5_get_error_message to +extract the text of the error message from the supplied context. + +Unless we determine it's safe, we should probably assert (for now) +that each server handle must have a different context. (That's aside +from the thread safety issues.) + +These contexts should have been created with kadm5_init_krb5_context, +which will decide whether to look at the KDC config file depending on +whether you're using the client-side or server-side version of the +library. (Same as for kadmin vs kadmin.local.) + +Notes: + + * The existing API must continue to work, without changes. There is + external code we need to continue to support. + + * We considered a variant where the application could retrieve the + error message from the server handle using a new + kadm5_get_error_message function. However, the initialization code + is one likely place where the errors would occur (can't + authenticate, etc), and in that case, there is no server handle + from which to extract the context. + + A function to retrieve the library-created krb5_context from the + server handle would have the same problem. + + Using a separate approach to deal with errors at initialization + time, in combination with the above, might work. But we still wind + up either creating the init-with-options interface or adding + error-message-return variants of multiple existing init functions. + +To do: + + * Write up specifics (including function names -- the names used here + aren't meant to be definitive) and discuss on krbdev. + + * Implement library part. + + * Change kadmin and kdc to use it. diff --git a/src/aclocal.m4 b/src/aclocal.m4 index c4ce88a..12daf2a 100644 --- a/src/aclocal.m4 +++ b/src/aclocal.m4 @@ -78,8 +78,7 @@ WITH_KRB4 dnl KRB5_AC_CHOOSE_ET dnl KRB5_AC_CHOOSE_SS dnl KRB5_AC_CHOOSE_DB dnl -dnl allow stuff in tree to access deprecated/private stuff for now -dnl AC_DEFINE([KRB5_PRIVATE], 1, [Define only if building in-tree]) +dnl allow stuff in tree to access deprecated stuff for now dnl AC_DEFINE([KRB5_DEPRECATED], 1, [Define only if building in-tree]) AC_C_CONST dnl WITH_NETLIB dnl diff --git a/src/appl/bsd/Makefile.in b/src/appl/bsd/Makefile.in index ea95d1d..871980e 100644 --- a/src/appl/bsd/Makefile.in +++ b/src/appl/bsd/Makefile.in @@ -101,11 +101,14 @@ kcmd.o krcp.o krlogin.o krlogind.o krsh.o krshd.o forward.o: defines.h # the Makefile.in file # $(OUTPRE)krcp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-platform.h \ + $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/k5-util.h \ $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h defines.h krcp.c $(OUTPRE)krlogin.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \ @@ -122,10 +125,13 @@ $(OUTPRE)krsh.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ defines.h krsh.c $(OUTPRE)kcmd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-platform.h \ + $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h \ + $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kerberosIV/des.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ defines.h kcmd.c $(OUTPRE)forward.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ @@ -159,23 +165,33 @@ $(OUTPRE)login.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(SRCTOP)/include/syslog.h login.c loginpaths.h $(OUTPRE)krshd.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/libpty.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/kerberosIV/des.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ $(SRCTOP)/include/syslog.h defines.h krshd.c loginpaths.h $(OUTPRE)krlogind.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/libpty.h \ - $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/kerberosIV/des.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ $(SRCTOP)/include/syslog.h defines.h krlogind.c $(OUTPRE)v4rcp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/kerberosIV/des.h \ + $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/kerberosIV/des.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/krbports.h \ - $(SRCTOP)/include/krb5.h $(SRCTOP)/include/port-sockets.h \ - rpaths.h v4rcp.c + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h rpaths.h v4rcp.c diff --git a/src/appl/bsd/kcmd.c b/src/appl/bsd/kcmd.c index 7c00d97..e83d998 100644 --- a/src/appl/bsd/kcmd.c +++ b/src/appl/bsd/kcmd.c @@ -89,7 +89,7 @@ #include <netdb.h> #include <errno.h> -#include <krb5.h> +#include "k5-int.h" #ifdef KRB5_KRB4_COMPAT #include <kerberosIV/krb.h> #endif diff --git a/src/appl/bsd/krcp.c b/src/appl/bsd/krcp.c index 9cf85ed..a24dde0 100644 --- a/src/appl/bsd/krcp.c +++ b/src/appl/bsd/krcp.c @@ -60,15 +60,11 @@ char copyright[] = #ifdef HAVE_VFORK_H #include <vfork.h> #endif -#ifdef HAVE_STDARG_H #include <stdarg.h> -#else -#include <varargs.h> -#endif #include <sys/wait.h> #ifdef KERBEROS -#include <krb5.h> +#include "k5-int.h" #include <k5-util.h> #include <com_err.h> diff --git a/src/appl/bsd/krlogind.c b/src/appl/bsd/krlogind.c index 8387f18..0a240b3 100644 --- a/src/appl/bsd/krlogind.c +++ b/src/appl/bsd/krlogind.c @@ -233,7 +233,7 @@ struct winsize { #ifdef KERBEROS -#include <krb5.h> +#include "k5-int.h" #ifdef KRB5_KRB4_COMPAT #include <kerberosIV/krb.h> #endif diff --git a/src/appl/bsd/krshd.c b/src/appl/bsd/krshd.c index 3642501..5a9baa3 100644 --- a/src/appl/bsd/krshd.c +++ b/src/appl/bsd/krshd.c @@ -119,12 +119,8 @@ char copyright[] = #include <sys/audit.h> #include <pwdadj.h> #endif -#ifdef HAVE_STDARG_H #include <stdarg.h> -#else -#include <varargs.h> -#endif - + #include <signal.h> #if !defined(KERBEROS) || !defined(KRB5_KRB4_COMPAT) /* Ultrix doesn't protect it vs multiple inclusion, and krb.h includes it */ @@ -160,7 +156,7 @@ char copyright[] = #endif #ifdef KERBEROS -#include <krb5.h> +#include "k5-int.h" #include <com_err.h> #include "loginpaths.h" #ifdef KRB5_KRB4_COMPAT diff --git a/src/appl/bsd/v4rcp.c b/src/appl/bsd/v4rcp.c index 67bf877..13b4623 100644 --- a/src/appl/bsd/v4rcp.c +++ b/src/appl/bsd/v4rcp.c @@ -36,7 +36,7 @@ static char sccsid[] = "@(#)rcp.c 5.10 (Berkeley) 9/20/88"; * rcp */ #ifdef KERBEROS -#include <krb5.h> +#include "k5-int.h" #include <com_err.h> #include <k5-util.h> #endif @@ -73,11 +73,7 @@ static char sccsid[] = "@(#)rcp.c 5.10 (Berkeley) 9/20/88"; #include <netdb.h> #endif #include <errno.h> -#ifdef HAVE_STDARG_H #include <stdarg.h> -#else -#include <varargs.h> -#endif #include "port-sockets.h" diff --git a/src/appl/sample/sserver/sserver.c b/src/appl/sample/sserver/sserver.c index 4bbcdda..2cb971b 100644 --- a/src/appl/sample/sserver/sserver.c +++ b/src/appl/sample/sserver/sserver.c @@ -37,7 +37,7 @@ * client (this will be correct if this server is started by inetd). */ -#include "krb5.h" +#include "k5-int.h" #include "com_err.h" #include <stdio.h> diff --git a/src/appl/simple/client/sim_client.c b/src/appl/simple/client/sim_client.c index d9a40dc..d5a1607 100644 --- a/src/appl/simple/client/sim_client.c +++ b/src/appl/simple/client/sim_client.c @@ -37,7 +37,7 @@ #include <ctype.h> #include <errno.h> -#include <krb5.h> +#include <k5-int.h> #include "com_err.h" #include "simple.h" diff --git a/src/appl/telnet/telnet/commands.c b/src/appl/telnet/telnet/commands.c index f6c0fcd..57106de 100644 --- a/src/appl/telnet/telnet/commands.c +++ b/src/appl/telnet/telnet/commands.c @@ -61,11 +61,7 @@ #include <netdb.h> #include <ctype.h> #include <pwd.h> -#ifdef HAVE_STDARG_H #include <stdarg.h> -#else -#include <varargs.h> -#endif #include <errno.h> #ifdef HAVE_VFORK_H #include <vfork.h> diff --git a/src/appl/user_user/client.c b/src/appl/user_user/client.c index 3bcb84b..1ee1606 100644 --- a/src/appl/user_user/client.c +++ b/src/appl/user_user/client.c @@ -36,7 +36,7 @@ #include <string.h> #include <errno.h> -#include "krb5.h" +#include "k5-int.h" #include "com_err.h" int main (argc, argv) diff --git a/src/appl/user_user/server.c b/src/appl/user_user/server.c index 292bacf..9d1ab19 100644 --- a/src/appl/user_user/server.c +++ b/src/appl/user_user/server.c @@ -39,7 +39,7 @@ #include <errno.h> #include "port-sockets.h" -#include "krb5.h" +#include "k5-int.h" #include "com_err.h" /* fd 0 is a tcp socket used to talk to the client */ diff --git a/src/clients/kvno/kvno.c b/src/clients/kvno/kvno.c index a6620b9..3b22747 100644 --- a/src/clients/kvno/kvno.c +++ b/src/clients/kvno/kvno.c @@ -41,10 +41,10 @@ static void xusage() { #ifdef KRB5_KRB4_COMPAT fprintf(stderr, - "usage: %s [-4 | [-c ccache] [-e etype]] service1 service2 ...\n", + "usage: %s [-4 | [-c ccache] [-e etype] [-k keytab]] service1 service2 ...\n", prog); #else - fprintf(stderr, "usage: %s [-c ccache] [-e etype] service1 service2 ...\n", + fprintf(stderr, "usage: %s [-c ccache] [-e etype] [-k keytab] service1 service2 ...\n", prog); #endif exit(1); @@ -54,7 +54,7 @@ int quiet = 0; static void do_v4_kvno (int argc, char *argv[]); static void do_v5_kvno (int argc, char *argv[], - char *ccachestr, char *etypestr); + char *ccachestr, char *etypestr, char *keytab_name); #include <com_err.h> static void extended_com_err_fn (const char *, errcode_t, const char *, @@ -63,7 +63,7 @@ static void extended_com_err_fn (const char *, errcode_t, const char *, int main(int argc, char *argv[]) { int option; - char *etypestr = 0, *ccachestr = 0; + char *etypestr = NULL, *ccachestr = NULL, *keytab_name = NULL; int v4 = 0; set_com_err_hook (extended_com_err_fn); @@ -71,7 +71,7 @@ int main(int argc, char *argv[]) prog = strrchr(argv[0], '/'); prog = prog ? (prog + 1) : argv[0]; - while ((option = getopt(argc, argv, "c:e:hq4")) != -1) { + while ((option = getopt(argc, argv, "c:e:hk:q4")) != -1) { switch (option) { case 'c': ccachestr = optarg; @@ -82,6 +82,9 @@ int main(int argc, char *argv[]) case 'h': xusage(); break; + case 'k': + keytab_name = optarg; + break; case 'q': quiet = 1; break; @@ -97,13 +100,13 @@ int main(int argc, char *argv[]) if ((argc - optind) < 1) xusage(); - if ((ccachestr != 0 || etypestr != 0) && v4) + if ((ccachestr != NULL || etypestr != NULL || keytab_name != NULL) && v4) xusage(); if (v4) do_v4_kvno(argc - optind, argv + optind); else - do_v5_kvno(argc - optind, argv + optind, ccachestr, etypestr); + do_v5_kvno(argc - optind, argv + optind, ccachestr, etypestr, keytab_name); return 0; } @@ -169,7 +172,7 @@ static void extended_com_err_fn (const char *myprog, errcode_t code, } static void do_v5_kvno (int count, char *names[], - char * ccachestr, char *etypestr) + char * ccachestr, char *etypestr, char *keytab_name) { krb5_error_code ret; int i, errors; @@ -179,6 +182,7 @@ static void do_v5_kvno (int count, char *names[], krb5_creds in_creds, *out_creds; krb5_ticket *ticket; char *princ; + krb5_keytab keytab = NULL; ret = krb5_init_context(&context); if (ret) { @@ -205,6 +209,14 @@ static void do_v5_kvno (int count, char *names[], exit(1); } + if (keytab_name) { + ret = krb5_kt_resolve(context, keytab_name, &keytab); + if (ret) { + com_err(prog, ret, "resolving keytab %s", keytab_name); + exit(1); + } + } + ret = krb5_cc_get_principal(context, ccache, &me); if (ret) { com_err(prog, ret, "while getting client principal name"); @@ -261,14 +273,32 @@ static void do_v5_kvno (int count, char *names[], continue; } - if (!quiet) - printf("%s: kvno = %d\n", princ, ticket->enc_part.kvno); + if (keytab) { + ret = krb5_server_decrypt_ticket_keytab(context, keytab, ticket); + if (ret) { + if (!quiet) + printf("%s: kvno = %d, keytab entry invalid", princ, ticket->enc_part.kvno); + com_err(prog, ret, "while decrypting ticket for %s", princ); + krb5_free_ticket(context, ticket); + krb5_free_creds(context, out_creds); + krb5_free_unparsed_name(context, princ); + + errors++; + continue; + } + if (!quiet) + printf("%s: kvno = %d, keytab entry valid\n", princ, ticket->enc_part.kvno); + } else { + if (!quiet) + printf("%s: kvno = %d\n", princ, ticket->enc_part.kvno); + } - krb5_free_ticket(context, ticket); krb5_free_creds(context, out_creds); krb5_free_unparsed_name(context, princ); } + if (keytab) + krb5_kt_close(context, keytab); krb5_free_principal(context, me); krb5_cc_close(context, ccache); krb5_free_context(context); diff --git a/src/config-files/kdc.conf.M b/src/config-files/kdc.conf.M index 0c1735f..f19c6e0 100644 --- a/src/config-files/kdc.conf.M +++ b/src/config-files/kdc.conf.M @@ -57,9 +57,13 @@ port 88 and port 750. .IP v4_mode This .B string -specifies how the KDC should respond to Kerberos IV packets. If this -relation is not specified, the compiled-in default of -.I nopreauth +specifies how the KDC should respond to Kerberos IV packets. Valid +values for this relation are the same as the valid arguments to the +.B -4 +flag to +.BR krb5kdc . +If this relation is not specified, the compiled-in default of +.I none is used. .SH REALMS SECTION diff --git a/src/config/post.in b/src/config/post.in index e997c55..6dc71ee 100644 --- a/src/config/post.in +++ b/src/config/post.in @@ -107,7 +107,7 @@ DEPTARGETS_@top_srcdir@_. = $(DEP_VERIFY) clean:: clean-$(WHAT) clean-unix:: - $(RM) $(OBJS) $(DEPTARGETS_CLEAN) $(EXTRA_FILES) + $(RM) $(OBJS) $(DEPTARGETS_CLEAN) $(EXTRA_FILES) et-[ch]-*.et et-[ch]-*.[ch] -$(RM) -r $(srcdir)/$(thisconfigdir)/autom4te.cache clean-windows:: diff --git a/src/config/pre.in b/src/config/pre.in index 1a8185b..1c151bb 100644 --- a/src/config/pre.in +++ b/src/config/pre.in @@ -158,7 +158,7 @@ FAKELIBDIR=$(FAKEPREFIX)/lib # PTHREAD_CFLAGS set by configure, not included in CFLAGS so that we # don't pull the pthreads library into shared libraries ALL_CFLAGS = $(DEFS) $(DEFINES) $(KRB_INCLUDES) $(LOCALINCLUDES) \ - -DKRB5_DEPRECATED=1 -DKRB5_PRIVATE=1 \ + -DKRB5_DEPRECATED=1 \ $(CPPFLAGS) $(CFLAGS) $(PTHREAD_CFLAGS) CFLAGS = @CFLAGS@ @@ -258,7 +258,7 @@ STOP_SERVERS_LOCAL = $(STESTDIR)/scripts/stop_servers_local transform = @program_transform_name@ RM = rm -f -CP = cp +CP = cp MV = mv -f CHMOD=chmod RANLIB = @RANLIB@ @@ -274,6 +274,7 @@ AUTOCONF = autoconf AUTOCONFFLAGS = AUTOHEADER = autoheader AUTOHEADERFLAGS = +MOVEIFCHANGED = $(SRCTOP)/config/move-if-changed HOST_TYPE = @HOST_TYPE@ SHEXT = @SHEXT@ @@ -442,12 +443,17 @@ COMPILE_ET-k5= $(BUILDTOP)/util/et/compile_et -d $(SRCTOP)/util/et #.et.c: ; $(COMPILE_ET) $< .et.h: - d=ettmp$$$$ ; (cp $< $$d.et && $(COMPILE_ET) $$d.et && mv $$d.h $*.h) ; \ - e=$$? ; rm -f $$d.* ; exit $$e - + $(RM) et-h-$*.et et-h-$*.c et-h-$*.h + $(CP) $< et-h-$*.et + $(COMPILE_ET) et-h-$*.et + $(MV) et-h-$*.h $*.h + $(RM) et-h-$*.et et-h-$*.c .et.c: - d=ettmp$$$$ ; (cp $< $$d.et && $(COMPILE_ET) $$d.et && mv $$d.c $*.c) ; \ - e=$$? ; rm -f $$d.* ; exit $$e + $(RM) et-c-$*.et et-c-$*.c et-c-$*.h + $(CP) $< et-c-$*.et + $(COMPILE_ET) et-c-$*.et + $(MV) et-c-$*.c $*.c + $(RM) et-c-$*.et et-c-$*.h # rule to make object files # diff --git a/src/config/win-pre.in b/src/config/win-pre.in index 7cadbe9..39abe6a 100644 --- a/src/config/win-pre.in +++ b/src/config/win-pre.in @@ -130,7 +130,7 @@ KFWFLAGS=-DUSE_LEASH=1 CC=cl PDB_OPTS=-Fd$(OUTPRE)\ -FD -CPPFLAGS=-I$(SRCTOP)\include -I$(SRCTOP)\include\krb5 $(DNSFLAGS) -DKRB5_PRIVATE=1 -DWIN32_LEAN_AND_MEAN -DKRB5_DEPRECATED=1 -D_CRT_SECURE_NO_DEPRECATE $(KFWFLAGS) $(TIME_T_FLAGS) +CPPFLAGS=-I$(SRCTOP)\include -I$(SRCTOP)\include\krb5 $(DNSFLAGS) -DWIN32_LEAN_AND_MEAN -DKRB5_DEPRECATED=1 -D_CRT_SECURE_NO_DEPRECATE $(KFWFLAGS) $(TIME_T_FLAGS) CCOPTS=-nologo /W3 $(PDB_OPTS) $(DLL_FILE_DEF) LOPTS=-nologo -incremental:no diff --git a/src/include/Makefile.in b/src/include/Makefile.in index 47bdce8..70a8cad 100644 --- a/src/include/Makefile.in +++ b/src/include/Makefile.in @@ -21,6 +21,12 @@ maybe-make-db.h-redirect: test -r db.h || echo '#include <@DB_HEADER@>' > db.h ET_HEADERS = adm_err.h asn1_err.h kdb5_err.h krb5_err.h +K5_ET_HEADERS = \ + ../lib/krb5/error_tables/krb5_err.h \ + ../lib/krb5/error_tables/kdb5_err.h \ + ../lib/krb5/error_tables/kv5m_err.h \ + ../lib/krb5/error_tables/krb524_err.h \ + ../lib/krb5/error_tables/asn1_err.h BUILT_HEADERS = osconf.h all-unix:: autoconf.h $(BUILT_HEADERS) @@ -37,8 +43,8 @@ $(srcdir)/autoconf.stmp: $(srcdir)/$(thisconfigdir)/configure.in $(SRCTOP)/acloc ##DOS##autoconf.h: win-mac.h ##DOS## $(CP) win-mac.h $@ -##DOS##osconf.h: stock\osconf.h -##DOS## $(CP) stock\osconf.h $@ +##DOS##osconf.h: osconf.hin +##DOS## $(CP) osconf.hin $@ ############################################################################### ##DOS##!if 0 @@ -63,36 +69,41 @@ PROCESS_REPLACE = -e "s+@KRB5RCTMPDIR+$(KRB5RCTMPDIR)+" \ -e 's+@LOCALSTATEDIR+$(LOCALSTATEDIR)+' \ -e 's+@SYSCONFDIR+$(SYSCONFDIR)+' -OSCONFSRC = $(srcdir)/stock/osconf.h +OSCONFSRC = $(srcdir)/osconf.hin osconf.h: $(OSCONFSRC) Makefile cat $(OSCONFSRC) | sed $(PROCESS_REPLACE) > osconf.new - @set -x ; if cmp -s osconf.new osconf.h ; then : osconf.h is current ; \ - else ($(RM) osconf.h ; $(CP) osconf.new osconf.h) fi - $(RM) osconf.new + $(MOVEIFCHANGED) osconf.new osconf.h ##DOS##!endif ############################################################################### -krb5/krb5.h: $(srcdir)/krb5/krb5.hin krb5_err.h kdb5_err.h kv5m_err.h krb524_err.h asn1_err.h +krb5/krb5.h: krb5.stamp; : krb5.h +krb5.stamp: $(srcdir)/krb5/krb5.hin $(K5_ET_HEADERS) test -d krb5 || mkdir krb5 if test -r krb5.h; then \ if cmp -s krb5.h $(srcdir)/krb5.h; then :; else rm -f krb5.h; fi; \ else :; fi - echo "/* This file is generated, please don't edit it directly. */" > krb5/krb5.h - echo "#ifndef KRB5_KRB5_H_INCLUDED" >> krb5/krb5.h - echo "#define KRB5_KRB5_H_INCLUDED" >> krb5/krb5.h - cat $(srcdir)/krb5/krb5.hin krb5_err.h kdb5_err.h kv5m_err.h krb524_err.h \ - asn1_err.h >> krb5/krb5.h - echo "#endif /* KRB5_KRB5_H_INCLUDED */" >> krb5/krb5.h + echo "/* This file is generated, please don't edit it directly. */" > krb5/krb5.new + echo "#ifndef KRB5_KRB5_H_INCLUDED" >> krb5/krb5.new + echo "#define KRB5_KRB5_H_INCLUDED" >> krb5/krb5.new + cat $(srcdir)/krb5/krb5.hin $(K5_ET_HEADERS) >> krb5/krb5.new + echo "#endif /* KRB5_KRB5_H_INCLUDED */" >> krb5/krb5.new + $(MOVEIFCHANGED) krb5/krb5.new krb5/krb5.h + touch krb5.stamp -verify-calling-conventions-krb5: krb5/krb5.h - $(PERL) -w $(SRCTOP)/util/def-check.pl krb5/krb5.h $(SRCTOP)/lib/krb5_32.def +verify-calling-conventions-krb5: private-and-public-decls + $(PERL) -w $(SRCTOP)/util/def-check.pl private-and-public-decls $(SRCTOP)/lib/krb5_32.def + +HEADERS_TO_CHECK = krb5/krb5.h $(srcdir)/k5-int.h $(srcdir)/krb5/preauth_plugin.h + +private-and-public-decls: $(HEADERS_TO_CHECK) + cat $(HEADERS_TO_CHECK) > $@ # # Build the error table include files: # asn1_err.h kdb5_err.h krb5_err.h kv5m_err.h krb524_err.h -asn1_err.h kdb5_err.h krb5_err.h kv5m_err.h krb524_err.h: rebuild-error-tables +$(K5_ET_HEADERS): rebuild-error-tables : $@ rebuild-error-tables: (cd ../lib/krb5/error_tables && $(MAKE) includes) @@ -100,15 +111,9 @@ rebuild-error-tables: .PHONY: force rebuild-error-tables force: -asn1_err.h: $(SRCTOP)/lib/krb5/error_tables/asn1_err.et -kdb5_err.h: $(SRCTOP)/lib/krb5/error_tables/kdb5_err.et -krb5_err.h: $(SRCTOP)/lib/krb5/error_tables/krb5_err.et -kv5m_err.h: $(SRCTOP)/lib/krb5/error_tables/kv5m_err.et -krb524_err.h: $(SRCTOP)/lib/krb5/error_tables/krb524_err.et - clean-unix:: $(RM) krb5/krb5.h krb5_err.h kdb5_err.h kv5m_err.h krb524_err.h \ - asn1_err.h + asn1_err.h private-and-public-decls krb5.stamp $(RM) $(ET_HEADERS) autoconf.stamp clean-windows:: diff --git a/src/include/k5-int.h b/src/include/k5-int.h index b1cfd5a..2387e11 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -1673,7 +1673,7 @@ krb5_error_code krb5_encrypt_tkt_part krb5_error_code krb5_encode_kdc_rep (krb5_context, - const krb5_msgtype, + krb5_msgtype, const krb5_enc_kdc_rep_part *, int using_subkey, const krb5_keyblock *, @@ -2219,4 +2219,308 @@ krb5_error_code KRB5_CALLCONV krb5int_clean_hostname char *, size_t); +/* Use the above four instead. */ +krb5_boolean KRB5_CALLCONV valid_enctype + (krb5_enctype ktype); +krb5_boolean KRB5_CALLCONV valid_cksumtype + (krb5_cksumtype ctype); +krb5_boolean KRB5_CALLCONV is_coll_proof_cksum + (krb5_cksumtype ctype); +krb5_boolean KRB5_CALLCONV is_keyed_cksum + (krb5_cksumtype ctype); + +krb5_error_code KRB5_CALLCONV krb5_random_confounder + (size_t, krb5_pointer); + +krb5_error_code krb5_encrypt_data + (krb5_context context, krb5_keyblock *key, + krb5_pointer ivec, krb5_data *data, + krb5_enc_data *enc_data); + +krb5_error_code krb5_decrypt_data + (krb5_context context, krb5_keyblock *key, + krb5_pointer ivec, krb5_enc_data *data, + krb5_data *enc_data); + +struct _krb5_kt_ops; +struct _krb5_kt { /* should move into k5-int.h */ + krb5_magic magic; + const struct _krb5_kt_ops *ops; + krb5_pointer data; +}; + +krb5_error_code krb5_set_default_in_tkt_ktypes + (krb5_context, + const krb5_enctype *); +krb5_error_code krb5_get_default_in_tkt_ktypes + (krb5_context, + krb5_enctype **); + +krb5_error_code krb5_set_default_tgs_ktypes + (krb5_context, + const krb5_enctype *); + +krb5_error_code KRB5_CALLCONV krb5_get_tgs_ktypes + (krb5_context, + krb5_const_principal, + krb5_enctype **); + +void KRB5_CALLCONV krb5_free_ktypes + (krb5_context, krb5_enctype *); + +krb5_boolean krb5_is_permitted_enctype + (krb5_context, krb5_enctype); + +krb5_error_code krb5_kdc_rep_decrypt_proc + (krb5_context, + const krb5_keyblock *, + krb5_const_pointer, + krb5_kdc_rep * ); +krb5_error_code KRB5_CALLCONV krb5_decrypt_tkt_part + (krb5_context, + const krb5_keyblock *, + krb5_ticket * ); +krb5_error_code krb5_get_cred_from_kdc + (krb5_context, + krb5_ccache, /* not const, as reading may save + state */ + krb5_creds *, + krb5_creds **, + krb5_creds *** ); +krb5_error_code krb5_get_cred_from_kdc_validate + (krb5_context, + krb5_ccache, /* not const, as reading may save + state */ + krb5_creds *, + krb5_creds **, + krb5_creds *** ); +krb5_error_code krb5_get_cred_from_kdc_renew + (krb5_context, + krb5_ccache, /* not const, as reading may save + state */ + krb5_creds *, + krb5_creds **, + krb5_creds *** ); + +krb5_error_code krb5_get_cred_via_tkt + (krb5_context, + krb5_creds *, + krb5_flags, + krb5_address * const *, + krb5_creds *, + krb5_creds **); + +krb5_error_code KRB5_CALLCONV krb5_copy_addr + (krb5_context, + const krb5_address *, + krb5_address **); + +void krb5_init_ets + (krb5_context); +void krb5_free_ets + (krb5_context); +krb5_error_code krb5_generate_subkey + (krb5_context, + const krb5_keyblock *, krb5_keyblock **); +krb5_error_code krb5_generate_seq_number + (krb5_context, + const krb5_keyblock *, krb5_ui_4 *); + +krb5_error_code KRB5_CALLCONV krb5_kt_register + (krb5_context, + const struct _krb5_kt_ops * ); + +/* use krb5_free_keytab_entry_contents instead */ +krb5_error_code KRB5_CALLCONV krb5_kt_free_entry + (krb5_context, + krb5_keytab_entry * ); + +krb5_error_code krb5_principal2salt_norealm + (krb5_context, + krb5_const_principal, krb5_data *); + +unsigned int KRB5_CALLCONV krb5_get_notification_message + (void); + +/* chk_trans.c */ +krb5_error_code krb5_check_transited_list + (krb5_context, const krb5_data *trans, + const krb5_data *realm1, const krb5_data *realm2); + +/* free_rtree.c */ +void krb5_free_realm_tree + (krb5_context, + krb5_principal *); + +void KRB5_CALLCONV krb5_free_authenticator_contents + (krb5_context, krb5_authenticator * ); + +void KRB5_CALLCONV krb5_free_address + (krb5_context, krb5_address * ); + +void KRB5_CALLCONV krb5_free_enc_tkt_part + (krb5_context, krb5_enc_tkt_part * ); + +void KRB5_CALLCONV krb5_free_tickets + (krb5_context, krb5_ticket ** ); +void KRB5_CALLCONV krb5_free_kdc_req + (krb5_context, krb5_kdc_req * ); +void KRB5_CALLCONV krb5_free_kdc_rep + (krb5_context, krb5_kdc_rep * ); +void KRB5_CALLCONV krb5_free_last_req + (krb5_context, krb5_last_req_entry ** ); +void KRB5_CALLCONV krb5_free_enc_kdc_rep_part + (krb5_context, krb5_enc_kdc_rep_part * ); +void KRB5_CALLCONV krb5_free_ap_req + (krb5_context, krb5_ap_req * ); +void KRB5_CALLCONV krb5_free_ap_rep + (krb5_context, krb5_ap_rep * ); +void KRB5_CALLCONV krb5_free_cred + (krb5_context, krb5_cred *); +void KRB5_CALLCONV krb5_free_cred_enc_part + (krb5_context, krb5_cred_enc_part *); +void KRB5_CALLCONV krb5_free_pa_data + (krb5_context, krb5_pa_data **); +void KRB5_CALLCONV krb5_free_tkt_authent + (krb5_context, krb5_tkt_authent *); +void KRB5_CALLCONV krb5_free_pwd_data + (krb5_context, krb5_pwd_data *); +void KRB5_CALLCONV krb5_free_pwd_sequences + (krb5_context, passwd_phrase_element **); +krb5_error_code krb5_set_config_files + (krb5_context, const char **); + +krb5_error_code KRB5_CALLCONV krb5_get_default_config_files + (char ***filenames); + +void KRB5_CALLCONV krb5_free_config_files + (char **filenames); +krb5_error_code krb5_send_tgs + (krb5_context, + krb5_flags, + const krb5_ticket_times *, + const krb5_enctype *, + krb5_const_principal, + krb5_address * const *, + krb5_authdata * const *, + krb5_pa_data * const *, + const krb5_data *, + krb5_creds *, + krb5_response * ); +krb5_error_code krb5_decode_kdc_rep + (krb5_context, + krb5_data *, + const krb5_keyblock *, + krb5_kdc_rep ** ); + +krb5_error_code krb5_rd_req_decoded + (krb5_context, + krb5_auth_context *, + const krb5_ap_req *, + krb5_const_principal, + krb5_keytab, + krb5_flags *, + krb5_ticket **); + +krb5_error_code krb5_rd_req_decoded_anyflag + (krb5_context, + krb5_auth_context *, + const krb5_ap_req *, + krb5_const_principal, + krb5_keytab, + krb5_flags *, + krb5_ticket **); +krb5_error_code KRB5_CALLCONV krb5_cc_register + (krb5_context, + const krb5_cc_ops *, + krb5_boolean ); +krb5_error_code krb5_walk_realm_tree + (krb5_context, + const krb5_data *, + const krb5_data *, + krb5_principal **, + int); +krb5_error_code KRB5_CALLCONV krb5_auth_con_set_req_cksumtype + (krb5_context, + krb5_auth_context, + krb5_cksumtype); + +krb5_error_code krb5_auth_con_set_safe_cksumtype + (krb5_context, + krb5_auth_context, + krb5_cksumtype); +krb5_error_code krb5_auth_con_setivector + (krb5_context, + krb5_auth_context, + krb5_pointer); + +krb5_error_code krb5_auth_con_getivector + (krb5_context, + krb5_auth_context, + krb5_pointer *); + +krb5_error_code krb5_auth_con_setpermetypes + (krb5_context, + krb5_auth_context, + const krb5_enctype *); + +krb5_error_code krb5_auth_con_getpermetypes + (krb5_context, + krb5_auth_context, + krb5_enctype **); + +krb5_error_code KRB5_CALLCONV +krb5int_server_decrypt_ticket_keyblock + (krb5_context context, + const krb5_keyblock *key, + krb5_ticket *ticket); + +krb5_error_code krb5_read_message (krb5_context, krb5_pointer, krb5_data *); +krb5_error_code krb5_write_message (krb5_context, krb5_pointer, krb5_data *); +int krb5_net_read (krb5_context, int , char *, int); +int krb5_net_write (krb5_context, int , const char *, int); + +krb5_error_code KRB5_CALLCONV krb5_get_realm_domain + (krb5_context, + const char *, + char ** ); + +krb5_error_code krb5_gen_portaddr + (krb5_context, + const krb5_address *, + krb5_const_pointer, + krb5_address **); +krb5_error_code krb5_gen_replay_name + (krb5_context, + const krb5_address *, + const char *, + char **); +krb5_error_code krb5_make_fulladdr + (krb5_context, + krb5_address *, + krb5_address *, + krb5_address *); + +krb5_error_code krb5_set_debugging_time + (krb5_context, krb5_timestamp, krb5_int32); +krb5_error_code krb5_use_natural_time + (krb5_context); +krb5_error_code krb5_set_time_offsets + (krb5_context, krb5_timestamp, krb5_int32); +/* + * The realm iterator functions + */ + +krb5_error_code KRB5_CALLCONV krb5_realm_iterator_create + (krb5_context context, void **iter_p); + +krb5_error_code KRB5_CALLCONV krb5_realm_iterator + (krb5_context context, void **iter_p, char **ret_realm); + +void KRB5_CALLCONV krb5_realm_iterator_free + (krb5_context context, void **iter_p); + +void KRB5_CALLCONV krb5_free_realm_string + (krb5_context context, char *str); + #endif /* _KRB5_INT_H */ diff --git a/src/include/kerberosIV/Makefile.in b/src/include/kerberosIV/Makefile.in index dc410e8..a82f5e6 100644 --- a/src/include/kerberosIV/Makefile.in +++ b/src/include/kerberosIV/Makefile.in @@ -8,7 +8,8 @@ all-unix:: krb_err.h kadm_err.h krb_err.h: $(SRCTOP)/lib/krb4/krb_err.et kadm_err.h: $(SRCTOP)/lib/krb4/kadm_err.et -krb_err.h kadm_err.h: +krb_err.h kadm_err.h: rebuild-k4-error-tables; : $@ +rebuild-k4-error-tables: (cd $(BUILDTOP)/lib/krb4 && $(MAKE) includes) clean-unix:: diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin index b50af34..5c1fed8 100644 --- a/src/include/krb5/krb5.hin +++ b/src/include/krb5/krb5.hin @@ -1,4 +1,4 @@ -/* +/* -*- c -*- * include/krb5.h * * Copyright 1989,1990,1995,2001, 2003 by the Massachusetts Institute of Technology. @@ -60,10 +60,6 @@ #ifndef KRB5_DEPRECATED #define KRB5_DEPRECATED 0 #endif -/* Do not expose private interfaces. Build system will override. */ -#ifndef KRB5_PRIVATE -#define KRB5_PRIVATE 0 -#endif #if defined(__MACH__) && defined(__APPLE__) # include <TargetConditionals.h> @@ -95,6 +91,7 @@ #include <stdlib.h> #include <limits.h> /* for *_MAX */ +#include <stdarg.h> #ifndef KRB5INT_BEGIN_DECLS #if defined(__cplusplus) @@ -592,18 +589,6 @@ krb5_boolean KRB5_CALLCONV krb5_c_is_coll_proof_cksum krb5_boolean KRB5_CALLCONV krb5_c_is_keyed_cksum (krb5_cksumtype ctype); -#if KRB5_PRIVATE -/* Use the above four instead. */ -krb5_boolean KRB5_CALLCONV valid_enctype - (krb5_enctype ktype); -krb5_boolean KRB5_CALLCONV valid_cksumtype - (krb5_cksumtype ctype); -krb5_boolean KRB5_CALLCONV is_coll_proof_cksum - (krb5_cksumtype ctype); -krb5_boolean KRB5_CALLCONV is_keyed_cksum - (krb5_cksumtype ctype); -#endif - #ifdef KRB5_OLD_CRYPTO /* * old cryptosystem routine prototypes. These are now layered @@ -676,21 +661,6 @@ krb5_error_code KRB5_CALLCONV krb5_verify_checksum krb5_const_pointer in, size_t in_length, krb5_const_pointer seed, size_t seed_length); -#if KRB5_PRIVATE -krb5_error_code KRB5_CALLCONV krb5_random_confounder - (size_t, krb5_pointer); - -krb5_error_code krb5_encrypt_data - (krb5_context context, krb5_keyblock *key, - krb5_pointer ivec, krb5_data *data, - krb5_enc_data *enc_data); - -krb5_error_code krb5_decrypt_data - (krb5_context context, krb5_keyblock *key, - krb5_pointer ivec, krb5_enc_data *data, - krb5_data *enc_data); -#endif - #endif /* KRB5_OLD_CRYPTO */ /* @@ -1360,19 +1330,10 @@ typedef struct krb5_keytab_entry_st { krb5_keyblock key; /* the secret key */ } krb5_keytab_entry; -#if KRB5_PRIVATE -struct _krb5_kt_ops; -typedef struct _krb5_kt { /* should move into k5-int.h */ - krb5_magic magic; - const struct _krb5_kt_ops *ops; - krb5_pointer data; -} *krb5_keytab; -#else struct _krb5_kt; typedef struct _krb5_kt *krb5_keytab; -#endif -char * KRB5_CALLCONV +const char * KRB5_CALLCONV krb5_kt_get_type (krb5_context, krb5_keytab keytab); krb5_error_code KRB5_CALLCONV krb5_kt_get_name(krb5_context context, krb5_keytab keytab, char *name, @@ -1410,76 +1371,23 @@ void KRB5_CALLCONV krb5_free_context krb5_error_code KRB5_CALLCONV krb5_copy_context (krb5_context, krb5_context *); -#if KRB5_PRIVATE -krb5_error_code krb5_set_default_in_tkt_ktypes - (krb5_context, - const krb5_enctype *); -krb5_error_code krb5_get_default_in_tkt_ktypes - (krb5_context, - krb5_enctype **); - -krb5_error_code krb5_set_default_tgs_ktypes - (krb5_context, - const krb5_enctype *); -#endif - krb5_error_code KRB5_CALLCONV krb5_set_default_tgs_enctypes (krb5_context, const krb5_enctype *); -#if KRB5_PRIVATE -krb5_error_code KRB5_CALLCONV krb5_get_tgs_ktypes - (krb5_context, - krb5_const_principal, - krb5_enctype **); -#endif krb5_error_code KRB5_CALLCONV krb5_get_permitted_enctypes (krb5_context, krb5_enctype **); -#if KRB5_PRIVATE -void KRB5_CALLCONV krb5_free_ktypes - (krb5_context, krb5_enctype *); - -krb5_boolean krb5_is_permitted_enctype - (krb5_context, krb5_enctype); -#endif - krb5_boolean KRB5_CALLCONV krb5_is_thread_safe(void); /* libkrb.spec */ -#if KRB5_PRIVATE -krb5_error_code krb5_kdc_rep_decrypt_proc - (krb5_context, - const krb5_keyblock *, - krb5_const_pointer, - krb5_kdc_rep * ); -krb5_error_code KRB5_CALLCONV krb5_decrypt_tkt_part - (krb5_context, - const krb5_keyblock *, - krb5_ticket * ); -krb5_error_code krb5_get_cred_from_kdc - (krb5_context, - krb5_ccache, /* not const, as reading may save - state */ - krb5_creds *, - krb5_creds **, - krb5_creds *** ); -krb5_error_code krb5_get_cred_from_kdc_validate - (krb5_context, - krb5_ccache, /* not const, as reading may save - state */ - krb5_creds *, - krb5_creds **, - krb5_creds *** ); -krb5_error_code krb5_get_cred_from_kdc_renew - (krb5_context, - krb5_ccache, /* not const, as reading may save - state */ - krb5_creds *, - krb5_creds **, - krb5_creds *** ); -#endif + +krb5_error_code KRB5_CALLCONV +krb5_server_decrypt_ticket_keytab + (krb5_context context, + const krb5_keytab kt, + krb5_ticket *ticket); void KRB5_CALLCONV krb5_free_tgt_creds (krb5_context, @@ -1506,15 +1414,6 @@ krb5_error_code KRB5_CALLCONV krb5_get_credentials_renew krb5_ccache, krb5_creds *, krb5_creds **); -#if KRB5_PRIVATE -krb5_error_code krb5_get_cred_via_tkt - (krb5_context, - krb5_creds *, - krb5_flags, - krb5_address * const *, - krb5_creds *, - krb5_creds **); -#endif krb5_error_code KRB5_CALLCONV krb5_mk_req (krb5_context, krb5_auth_context *, @@ -1626,12 +1525,6 @@ krb5_error_code KRB5_CALLCONV krb5_copy_principal (krb5_context, krb5_const_principal, krb5_principal *); -#if KRB5_PRIVATE -krb5_error_code KRB5_CALLCONV krb5_copy_addr - (krb5_context, - const krb5_address *, - krb5_address **); -#endif krb5_error_code KRB5_CALLCONV krb5_copy_addresses (krb5_context, krb5_address * const *, @@ -1652,18 +1545,6 @@ krb5_error_code KRB5_CALLCONV krb5_copy_checksum (krb5_context, const krb5_checksum *, krb5_checksum **); -#if KRB5_PRIVATE -void krb5_init_ets - (krb5_context); -void krb5_free_ets - (krb5_context); -krb5_error_code krb5_generate_subkey - (krb5_context, - const krb5_keyblock *, krb5_keyblock **); -krb5_error_code krb5_generate_seq_number - (krb5_context, - const krb5_keyblock *, krb5_ui_4 *); -#endif krb5_error_code KRB5_CALLCONV krb5_get_server_rcache (krb5_context, const krb5_data *, krb5_rcache *); @@ -1671,12 +1552,9 @@ krb5_error_code KRB5_CALLCONV_C krb5_build_principal_ext (krb5_context, krb5_principal *, unsigned int, const char *, ...); krb5_error_code KRB5_CALLCONV_C krb5_build_principal (krb5_context, krb5_principal *, unsigned int, const char *, ...); -#ifdef va_start -/* XXX depending on varargs include file defining va_start... */ krb5_error_code KRB5_CALLCONV krb5_build_principal_va (krb5_context, krb5_principal, unsigned int, const char *, va_list); -#endif krb5_error_code KRB5_CALLCONV krb5_425_conv_principal (krb5_context, @@ -1698,12 +1576,6 @@ int KRB5_CALLCONV krb5_524_convert_creds #endif /* libkt.spec */ -#if KRB5_PRIVATE -krb5_error_code KRB5_CALLCONV krb5_kt_register - (krb5_context, - const struct _krb5_kt_ops * ); -#endif - krb5_error_code KRB5_CALLCONV krb5_kt_resolve (krb5_context, const char *, @@ -1711,19 +1583,13 @@ krb5_error_code KRB5_CALLCONV krb5_kt_resolve krb5_error_code KRB5_CALLCONV krb5_kt_default_name (krb5_context, char *, - int ); + size_t ); krb5_error_code KRB5_CALLCONV krb5_kt_default (krb5_context, krb5_keytab * ); krb5_error_code KRB5_CALLCONV krb5_free_keytab_entry_contents (krb5_context, krb5_keytab_entry * ); -#if KRB5_PRIVATE -/* use krb5_free_keytab_entry_contents instead */ -krb5_error_code KRB5_CALLCONV krb5_kt_free_entry - (krb5_context, - krb5_keytab_entry * ); -#endif /* remove and add are functions, so that they can return NOWRITE if not a writable keytab */ krb5_error_code KRB5_CALLCONV krb5_kt_remove_entry @@ -1737,11 +1603,6 @@ krb5_error_code KRB5_CALLCONV krb5_kt_add_entry krb5_error_code KRB5_CALLCONV_WRONG krb5_principal2salt (krb5_context, krb5_const_principal, krb5_data *); -#if KRB5_PRIVATE -krb5_error_code krb5_principal2salt_norealm - (krb5_context, - krb5_const_principal, krb5_data *); -#endif /* librc.spec--see rcache.h */ /* libcc.spec */ @@ -1756,10 +1617,6 @@ krb5_error_code KRB5_CALLCONV krb5_cc_set_default_name krb5_error_code KRB5_CALLCONV krb5_cc_default (krb5_context, krb5_ccache *); -#if KRB5_PRIVATE -unsigned int KRB5_CALLCONV krb5_get_notification_message - (void); -#endif krb5_error_code KRB5_CALLCONV krb5_cc_copy_creds (krb5_context context, @@ -1767,73 +1624,23 @@ krb5_error_code KRB5_CALLCONV krb5_cc_copy_creds krb5_ccache outcc); -/* chk_trans.c */ -#if KRB5_PRIVATE -krb5_error_code krb5_check_transited_list - (krb5_context, const krb5_data *trans, - const krb5_data *realm1, const krb5_data *realm2); -#endif - -/* free_rtree.c */ -#if KRB5_PRIVATE -void krb5_free_realm_tree - (krb5_context, - krb5_principal *); -#endif - /* krb5_free.c */ void KRB5_CALLCONV krb5_free_principal (krb5_context, krb5_principal ); void KRB5_CALLCONV krb5_free_authenticator (krb5_context, krb5_authenticator * ); -#if KRB5_PRIVATE -void KRB5_CALLCONV krb5_free_authenticator_contents - (krb5_context, krb5_authenticator * ); -#endif void KRB5_CALLCONV krb5_free_addresses (krb5_context, krb5_address ** ); -#if KRB5_PRIVATE -void KRB5_CALLCONV krb5_free_address - (krb5_context, krb5_address * ); -#endif void KRB5_CALLCONV krb5_free_authdata (krb5_context, krb5_authdata ** ); -#if KRB5_PRIVATE -void KRB5_CALLCONV krb5_free_enc_tkt_part - (krb5_context, krb5_enc_tkt_part * ); -#endif void KRB5_CALLCONV krb5_free_ticket (krb5_context, krb5_ticket * ); -#if KRB5_PRIVATE -void KRB5_CALLCONV krb5_free_tickets - (krb5_context, krb5_ticket ** ); -void KRB5_CALLCONV krb5_free_kdc_req - (krb5_context, krb5_kdc_req * ); -void KRB5_CALLCONV krb5_free_kdc_rep - (krb5_context, krb5_kdc_rep * ); -void KRB5_CALLCONV krb5_free_last_req - (krb5_context, krb5_last_req_entry ** ); -void KRB5_CALLCONV krb5_free_enc_kdc_rep_part - (krb5_context, krb5_enc_kdc_rep_part * ); -#endif void KRB5_CALLCONV krb5_free_error (krb5_context, krb5_error * ); -#if KRB5_PRIVATE -void KRB5_CALLCONV krb5_free_ap_req - (krb5_context, krb5_ap_req * ); -void KRB5_CALLCONV krb5_free_ap_rep - (krb5_context, krb5_ap_rep * ); -void KRB5_CALLCONV krb5_free_cred - (krb5_context, krb5_cred *); -#endif void KRB5_CALLCONV krb5_free_creds (krb5_context, krb5_creds *); void KRB5_CALLCONV krb5_free_cred_contents (krb5_context, krb5_creds *); -#if KRB5_PRIVATE -void KRB5_CALLCONV krb5_free_cred_enc_part - (krb5_context, krb5_cred_enc_part *); -#endif void KRB5_CALLCONV krb5_free_checksum (krb5_context, krb5_checksum *); void KRB5_CALLCONV krb5_free_checksum_contents @@ -1842,20 +1649,8 @@ void KRB5_CALLCONV krb5_free_keyblock (krb5_context, krb5_keyblock *); void KRB5_CALLCONV krb5_free_keyblock_contents (krb5_context, krb5_keyblock *); -#if KRB5_PRIVATE -void KRB5_CALLCONV krb5_free_pa_data - (krb5_context, krb5_pa_data **); -#endif void KRB5_CALLCONV krb5_free_ap_rep_enc_part (krb5_context, krb5_ap_rep_enc_part *); -#if KRB5_PRIVATE -void KRB5_CALLCONV krb5_free_tkt_authent - (krb5_context, krb5_tkt_authent *); -void KRB5_CALLCONV krb5_free_pwd_data - (krb5_context, krb5_pwd_data *); -void KRB5_CALLCONV krb5_free_pwd_sequences - (krb5_context, passwd_phrase_element **); -#endif void KRB5_CALLCONV krb5_free_data (krb5_context, krb5_data *); void KRB5_CALLCONV krb5_free_data_contents @@ -1906,36 +1701,10 @@ krb5_set_password_using_ccache (krb5_context context, krb5_ccache ccache, char *newpw, krb5_principal change_password_for, int *result_code, krb5_data *result_code_string, krb5_data *result_string); -#if KRB5_PRIVATE -krb5_error_code krb5_set_config_files - (krb5_context, const char **); - -krb5_error_code KRB5_CALLCONV krb5_get_default_config_files - (char ***filenames); - -void KRB5_CALLCONV krb5_free_config_files - (char **filenames); -#endif - krb5_error_code KRB5_CALLCONV krb5_get_profile (krb5_context, struct _profile_t * /* profile_t */ *); -#if KRB5_PRIVATE -krb5_error_code krb5_send_tgs - (krb5_context, - krb5_flags, - const krb5_ticket_times *, - const krb5_enctype *, - krb5_const_principal, - krb5_address * const *, - krb5_authdata * const *, - krb5_pa_data * const *, - const krb5_data *, - krb5_creds *, - krb5_response * ); -#endif - #if KRB5_DEPRECATED krb5_error_code KRB5_CALLCONV krb5_get_in_tkt (krb5_context, @@ -1992,14 +1761,6 @@ krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_keytab krb5_kdc_rep ** ); #endif /* KRB5_DEPRECATED */ -#if KRB5_PRIVATE -krb5_error_code krb5_decode_kdc_rep - (krb5_context, - krb5_data *, - const krb5_keyblock *, - krb5_kdc_rep ** ); -#endif - krb5_error_code KRB5_CALLCONV krb5_rd_req (krb5_context, krb5_auth_context *, @@ -2009,26 +1770,6 @@ krb5_error_code KRB5_CALLCONV krb5_rd_req krb5_flags *, krb5_ticket **); -#if KRB5_PRIVATE -krb5_error_code krb5_rd_req_decoded - (krb5_context, - krb5_auth_context *, - const krb5_ap_req *, - krb5_const_principal, - krb5_keytab, - krb5_flags *, - krb5_ticket **); - -krb5_error_code krb5_rd_req_decoded_anyflag - (krb5_context, - krb5_auth_context *, - const krb5_ap_req *, - krb5_const_principal, - krb5_keytab, - krb5_flags *, - krb5_ticket **); -#endif - krb5_error_code KRB5_CALLCONV krb5_kt_read_service_key (krb5_context, krb5_pointer, @@ -2048,12 +1789,6 @@ krb5_error_code KRB5_CALLCONV krb5_mk_priv const krb5_data *, krb5_data *, krb5_replay_data *); -#if KRB5_PRIVATE -krb5_error_code KRB5_CALLCONV krb5_cc_register - (krb5_context, - krb5_cc_ops *, - krb5_boolean ); -#endif krb5_error_code KRB5_CALLCONV krb5_sendauth (krb5_context, @@ -2089,15 +1824,6 @@ krb5_error_code KRB5_CALLCONV krb5_recvauth_version krb5_ticket **, krb5_data *); -#if KRB5_PRIVATE -krb5_error_code krb5_walk_realm_tree - (krb5_context, - const krb5_data *, - const krb5_data *, - krb5_principal **, - int); -#endif - krb5_error_code KRB5_CALLCONV krb5_mk_ncred (krb5_context, krb5_auth_context, @@ -2207,18 +1933,6 @@ krb5_error_code KRB5_CALLCONV krb5_auth_con_getremotesubkey krb5_keyblock **); #endif -#if KRB5_PRIVATE -krb5_error_code KRB5_CALLCONV krb5_auth_con_set_req_cksumtype - (krb5_context, - krb5_auth_context, - krb5_cksumtype); - -krb5_error_code krb5_auth_con_set_safe_cksumtype - (krb5_context, - krb5_auth_context, - krb5_cksumtype); -#endif - krb5_error_code KRB5_CALLCONV krb5_auth_con_getlocalseqnumber (krb5_context, krb5_auth_context, @@ -2235,18 +1949,6 @@ krb5_error_code KRB5_CALLCONV krb5_auth_con_initivector krb5_auth_context); #endif -#if KRB5_PRIVATE -krb5_error_code krb5_auth_con_setivector - (krb5_context, - krb5_auth_context, - krb5_pointer); - -krb5_error_code krb5_auth_con_getivector - (krb5_context, - krb5_auth_context, - krb5_pointer *); -#endif - krb5_error_code KRB5_CALLCONV krb5_auth_con_setrcache (krb5_context, krb5_auth_context, @@ -2257,18 +1959,6 @@ krb5_error_code KRB5_CALLCONV_WRONG krb5_auth_con_getrcache krb5_auth_context, krb5_rcache *); -#if KRB5_PRIVATE -krb5_error_code krb5_auth_con_setpermetypes - (krb5_context, - krb5_auth_context, - const krb5_enctype *); - -krb5_error_code krb5_auth_con_getpermetypes - (krb5_context, - krb5_auth_context, - krb5_enctype **); -#endif - krb5_error_code KRB5_CALLCONV krb5_auth_con_getauthenticator (krb5_context, krb5_auth_context, @@ -2284,13 +1974,6 @@ krb5_error_code KRB5_CALLCONV krb5_auth_con_getauthenticator * begin stuff from libos.h */ -#if KRB5_PRIVATE -krb5_error_code krb5_read_message (krb5_context, krb5_pointer, krb5_data *); -krb5_error_code krb5_write_message (krb5_context, krb5_pointer, krb5_data *); -int krb5_net_read (krb5_context, int , char *, int); -int krb5_net_write (krb5_context, int , const char *, int); -#endif - krb5_error_code KRB5_CALLCONV krb5_read_password (krb5_context, const char *, @@ -2313,12 +1996,6 @@ krb5_error_code KRB5_CALLCONV krb5_get_fallback_host_realm krb5_error_code KRB5_CALLCONV krb5_free_host_realm (krb5_context, char * const * ); -#if KRB5_PRIVATE -krb5_error_code KRB5_CALLCONV krb5_get_realm_domain - (krb5_context, - const char *, - char ** ); -#endif krb5_boolean KRB5_CALLCONV krb5_kuserok (krb5_context, krb5_principal, const char *); @@ -2326,39 +2003,11 @@ krb5_error_code KRB5_CALLCONV krb5_auth_con_genaddrs (krb5_context, krb5_auth_context, int, int); -#if KRB5_PRIVATE -krb5_error_code krb5_gen_portaddr - (krb5_context, - const krb5_address *, - krb5_const_pointer, - krb5_address **); -krb5_error_code krb5_gen_replay_name - (krb5_context, - const krb5_address *, - const char *, - char **); -krb5_error_code krb5_make_fulladdr - (krb5_context, - krb5_address *, - krb5_address *, - krb5_address *); -#endif - krb5_error_code KRB5_CALLCONV krb5_set_real_time (krb5_context, krb5_timestamp, krb5_int32); -#if KRB5_PRIVATE -krb5_error_code krb5_set_debugging_time - (krb5_context, krb5_timestamp, krb5_int32); -krb5_error_code krb5_use_natural_time - (krb5_context); -#endif krb5_error_code KRB5_CALLCONV krb5_get_time_offsets (krb5_context, krb5_timestamp *, krb5_int32 *); -#if KRB5_PRIVATE -krb5_error_code krb5_set_time_offsets - (krb5_context, krb5_timestamp, krb5_int32); -#endif /* str_conv.c */ krb5_error_code KRB5_CALLCONV krb5_string_to_enctype @@ -2441,6 +2090,7 @@ typedef struct _krb5_get_init_creds_opt { #define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080 #define KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT 0x0100 + krb5_error_code KRB5_CALLCONV krb5_get_init_creds_opt_alloc (krb5_context context, @@ -2608,24 +2258,6 @@ krb5_appdefault_boolean int default_value, int *ret_value); -#if KRB5_PRIVATE -/* - * The realm iterator functions - */ - -krb5_error_code KRB5_CALLCONV krb5_realm_iterator_create - (krb5_context context, void **iter_p); - -krb5_error_code KRB5_CALLCONV krb5_realm_iterator - (krb5_context context, void **iter_p, char **ret_realm); - -void KRB5_CALLCONV krb5_realm_iterator_free - (krb5_context context, void **iter_p); - -void KRB5_CALLCONV krb5_free_realm_string - (krb5_context context, char *str); -#endif - /* * Prompter enhancements */ @@ -2643,10 +2275,8 @@ krb5_prompt_type* KRB5_CALLCONV krb5_get_prompt_types /* Error reporting */ void KRB5_CALLCONV_C krb5_set_error_message (krb5_context, krb5_error_code, const char *, ...); -#ifdef va_start void KRB5_CALLCONV krb5_vset_error_message (krb5_context, krb5_error_code, const char *, va_list); -#endif /* * The behavior of krb5_get_error_message is only defined the first * time it is called after a failed call to a krb5 function using the @@ -2676,4 +2306,3 @@ KRB5INT_END_DECLS #define krb5_const const #endif /* KRB5_GENERAL__ */ - diff --git a/src/include/krb5/preauth_plugin.h b/src/include/krb5/preauth_plugin.h index 426e527..ef12840 100644 --- a/src/include/krb5/preauth_plugin.h +++ b/src/include/krb5/preauth_plugin.h @@ -295,6 +295,7 @@ typedef struct krb5plugin_preauth_client_ftable_v0 { * the module if it wishes to reference it after returning from this call. */ preauth_client_supply_gic_opts_proc gic_opts; + } krb5plugin_preauth_client_ftable_v0; diff --git a/src/include/stock/osconf.h b/src/include/osconf.hin index 3a8ba49..48bf8b1 100644 --- a/src/include/stock/osconf.h +++ b/src/include/osconf.hin @@ -1,4 +1,4 @@ -/* +/* -*- c -*- * include/krb5/stock/osconf.h * * Copyright 1990,1991 by the Massachusetts Institute of Technology. diff --git a/src/include/win-mac.h b/src/include/win-mac.h index 4249f0d..5c08fab 100644 --- a/src/include/win-mac.h +++ b/src/include/win-mac.h @@ -82,6 +82,14 @@ typedef int int32_t; typedef unsigned __int64 uint64_t; typedef __int64 int64_t; #endif +#ifndef SSIZE_T_DEFINED +#ifdef _WIN64 +typedef __int64 ssize_t; +#else +typedef _W64 int ssize_t; +#endif +#define SSIZE_T_DEFINED +#endif #endif /* KRB5_SYSTYPES__ */ #define MAXHOSTNAMELEN 512 diff --git a/src/kadmin/cli/Makefile.in b/src/kadmin/cli/Makefile.in index 0ffd291..7c9320b 100644 --- a/src/kadmin/cli/Makefile.in +++ b/src/kadmin/cli/Makefile.in @@ -71,11 +71,15 @@ $(OUTPRE)keytab.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ $(BUILDTOP)/include/kadm5/admin.h $(BUILDTOP)/include/kadm5/chpass_util_strings.h \ $(BUILDTOP)/include/kadm5/kadm_err.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/adm_proto.h $(SRCTOP)/include/gssrpc/auth.h \ $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/rename.h \ $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-platform.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/kdb.h \ - $(SRCTOP)/include/krb5.h kadmin.h keytab.c + $(SRCTOP)/include/gssrpc/xdr.h $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kdb.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h kadmin.h keytab.c diff --git a/src/kadmin/cli/keytab.c b/src/kadmin/cli/keytab.c index f6c167c..d0fca77 100644 --- a/src/kadmin/cli/keytab.c +++ b/src/kadmin/cli/keytab.c @@ -40,7 +40,7 @@ static char *rcsid = "$Header$"; #include <string.h> #include <errno.h> -#include <krb5.h> +#include "k5-int.h" #include <kadm5/admin.h> #include <adm_proto.h> #include "kadmin.h" diff --git a/src/kadmin/passwd/xm_kpasswd.c b/src/kadmin/passwd/xm_kpasswd.c index 6697620..a55b052 100644 --- a/src/kadmin/passwd/xm_kpasswd.c +++ b/src/kadmin/passwd/xm_kpasswd.c @@ -84,14 +84,7 @@ SetWatchCursor() * Set up a com_err hook, for displaying to a motif scrolling widget. */ -#if __STDC__ -# include <stdarg.h> -#else /* varargs: not STDC or no <stdarg> */ - /* Non-ANSI, always take <varargs.h> path. */ -# undef VARARGS -# define VARARGS 1 -# include <varargs.h> -#endif /* varargs */ +#include <stdarg.h> static void #ifdef __STDC__ diff --git a/src/krb524/Makefile.in b/src/krb524/Makefile.in index 7f72919..c1c69ca 100644 --- a/src/krb524/Makefile.in +++ b/src/krb524/Makefile.in @@ -30,11 +30,11 @@ DEFINES = -DUSE_MASTER -DKRB524_PRIVATE=1 PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH) PROG_RPATH=$(KRB5_LIBDIR) -##WIN32##!ifdef USE_ALTERNATE_KRB4_INCLUDES +##WIN32##!if ("$(CPU)" == "i386") && defined(USE_ALTERNATE_KRB4_INCLUDES) ##WIN32##KRB4_INCLUDES=-I$(USE_ALTERNATE_KRB4_INCLUDES) ##WIN32##!endif -##WIN32##!ifdef USE_ALTERNATE_KRB4_LIB +##WIN32##!if ("$(CPU)" == "i386") && defined(USE_ALTERNATE_KRB4_LIB) ##WIN32##K4LIB=$(USE_ALTERNATE_KRB4_LIB) ##WIN32##!endif diff --git a/src/lib/crypto/crc32/crc-32.h b/src/lib/crypto/crc32/crc-32.h index 10facaa..0efc006 100644 --- a/src/lib/crypto/crc32/crc-32.h +++ b/src/lib/crypto/crc32/crc-32.h @@ -60,11 +60,11 @@ #define CRC32_CKSUM_LENGTH 4 void -mit_crc32 (const krb5_pointer in, size_t in_length, unsigned long *c); +mit_crc32 (krb5_pointer in, size_t in_length, unsigned long *c); #ifdef CRC32_SHIFT4 -void mit_crc32_shift4(const krb5_pointer /* in */, - const size_t /* in_length */, +void mit_crc32_shift4(krb5_pointer /* in */, + size_t /* in_length */, unsigned long * /* cksum */); #endif diff --git a/src/lib/crypto/libk5crypto.exports b/src/lib/crypto/libk5crypto.exports index 99eb202..4de75af 100644 --- a/src/lib/crypto/libk5crypto.exports +++ b/src/lib/crypto/libk5crypto.exports @@ -91,10 +91,10 @@ krb5int_aes_string_to_key krb5int_arcfour_string_to_key krb5int_arcfour_translate_usage krb5int_c_combine_keys -krb5int_c_mandatory_cksumtype krb5int_c_free_keyblock krb5int_c_free_keyblock_contents krb5int_c_init_keyblock +krb5int_c_mandatory_cksumtype krb5int_c_mit_des_zeroblock krb5int_default_free_state krb5int_des3_cbc_decrypt diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c index 3f213a1..43d2122 100644 --- a/src/lib/gssapi/krb5/acquire_cred.c +++ b/src/lib/gssapi/krb5/acquire_cred.c @@ -566,7 +566,7 @@ krb5_gss_acquire_cred(minor_status, desired_name, time_req, /* if the princ wasn't filled in already, fill it in now */ - if (!cred->princ && (desired_name != GSS_C_NO_CREDENTIAL)) + if (!cred->princ && (desired_name != GSS_C_NO_NAME)) if ((code = krb5_copy_principal(context, (krb5_principal) desired_name, &(cred->princ)))) { if (cred->ccache) diff --git a/src/lib/gssapi/krb5/add_cred.c b/src/lib/gssapi/krb5/add_cred.c index 225f125..6110193 100644 --- a/src/lib/gssapi/krb5/add_cred.c +++ b/src/lib/gssapi/krb5/add_cred.c @@ -179,8 +179,8 @@ krb5_gss_add_cred(minor_status, input_cred_handle, if (output_cred_handle) { /* make a copy */ krb5_gss_cred_id_t new_cred; - char *kttype, ktboth[1024]; - const char *cctype, *ccname; + char ktboth[1024]; + const char *kttype, *cctype, *ccname; char ccboth[1024]; if ((new_cred = diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h index 8887a4d..86ec771 100644 --- a/src/lib/gssapi/krb5/gssapiP_krb5.h +++ b/src/lib/gssapi/krb5/gssapiP_krb5.h @@ -645,7 +645,8 @@ krb5_error_code gss_krb5int_make_seal_token_v3(krb5_context, OM_uint32 gss_krb5int_unseal_token_v3(krb5_context *contextptr, OM_uint32 *minor_status, krb5_gss_ctx_id_rec *ctx, - unsigned char *ptr, int bodysize, + unsigned char *ptr, + unsigned int bodysize, gss_buffer_t message_buffer, int *conf_state, int *qop_state, int toktype); diff --git a/src/lib/gssapi/krb5/k5sealv3.c b/src/lib/gssapi/krb5/k5sealv3.c index 2c08486..4c6df27 100644 --- a/src/lib/gssapi/krb5/k5sealv3.c +++ b/src/lib/gssapi/krb5/k5sealv3.c @@ -301,7 +301,7 @@ OM_uint32 gss_krb5int_unseal_token_v3(krb5_context *contextptr, OM_uint32 *minor_status, krb5_gss_ctx_id_rec *ctx, - unsigned char *ptr, int bodysize, + unsigned char *ptr, unsigned int bodysize, gss_buffer_t message_buffer, int *conf_state, int *qop_state, int toktype) { diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c index 30845bd..8c99986 100644 --- a/src/lib/gssapi/krb5/k5unseal.c +++ b/src/lib/gssapi/krb5/k5unseal.c @@ -457,8 +457,11 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, if ((ctx->initiate && direction != 0xff) || (!ctx->initiate && direction != 0)) { - if (toktype == KG_TOK_SEAL_MSG) + if (toktype == KG_TOK_SEAL_MSG) { xfree(token.value); + message_buffer->value = NULL; + message_buffer->length = 0; + } *minor_status = G_BAD_DIRECTION; return(GSS_S_BAD_SIG); } diff --git a/src/lib/gssapi/mechglue/g_canon_name.c b/src/lib/gssapi/mechglue/g_canon_name.c index 676810c..9f72055 100644 --- a/src/lib/gssapi/mechglue/g_canon_name.c +++ b/src/lib/gssapi/mechglue/g_canon_name.c @@ -96,6 +96,7 @@ gss_name_t *output_name; out_union->mech_name = 0; out_union->name_type = 0; out_union->external_name = 0; + out_union->loopback = out_union; /* Allocate the buffer for the user specified representation */ if (gssint_create_copy_buffer(in_union->external_name, diff --git a/src/lib/gssapi/mechglue/g_imp_name.c b/src/lib/gssapi/mechglue/g_imp_name.c index e037045..fa7aa8d 100644 --- a/src/lib/gssapi/mechglue/g_imp_name.c +++ b/src/lib/gssapi/mechglue/g_imp_name.c @@ -65,7 +65,10 @@ val_imp_name_args( if (input_name_buffer == GSS_C_NO_BUFFER) return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME); - if (GSS_EMPTY_BUFFER(input_name_buffer)) + if (input_name_buffer->length == 0) + return GSS_S_BAD_NAME; + + if (input_name_buffer->value == NULL) return (GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME); return (GSS_S_COMPLETE); diff --git a/src/lib/gssapi/mechglue/mglueP.h b/src/lib/gssapi/mechglue/mglueP.h index 70da996..85ae002 100644 --- a/src/lib/gssapi/mechglue/mglueP.h +++ b/src/lib/gssapi/mechglue/mglueP.h @@ -427,7 +427,7 @@ OM_uint32 gssint_create_copy_buffer( OM_uint32 gssint_copy_oid_set( OM_uint32 *, /* minor_status */ - const gss_OID_set_desc *, /* oid set */ + const gss_OID_set_desc * const, /* oid set */ gss_OID_set * /* new oid set */ ); diff --git a/src/lib/kadm5/logger.c b/src/lib/kadm5/logger.c index e9c7bfd..212034b 100644 --- a/src/lib/kadm5/logger.c +++ b/src/lib/kadm5/logger.c @@ -39,11 +39,7 @@ #ifdef HAVE_SYSLOG_H #include <syslog.h> #endif /* HAVE_SYSLOG_H */ -#ifdef HAVE_STDARG_H #include <stdarg.h> -#else /* HAVE_STDARG_H */ -#include <varargs.h> -#endif /* HAVE_STDARG_H */ #define KRB5_KLOG_MAX_ERRMSG_SIZE 1024 #ifndef MAXHOSTNAMELEN diff --git a/src/lib/krb4/RealmsConfig-glue.c b/src/lib/krb4/RealmsConfig-glue.c index dbdfe54..740d881 100644 --- a/src/lib/krb4/RealmsConfig-glue.c +++ b/src/lib/krb4/RealmsConfig-glue.c @@ -40,11 +40,6 @@ #include "k5-int.h" /* for accessor, addrlist stuff */ #include "port-sockets.h" -#define KRB5_PRIVATE 1 -/* For krb5_get_default_config_files and krb5_free_config_files */ -#include "krb5.h" -#undef KRB5_PRIVATE - /* These two *must* be kept in sync to avoid buffer overflows. */ #define SCNSCRATCH "%1023s" #define SCRATCHSZ 1024 diff --git a/src/lib/krb5/Makefile.in b/src/lib/krb5/Makefile.in index 30c75c0..4bf9892 100644 --- a/src/lib/krb5/Makefile.in +++ b/src/lib/krb5/Makefile.in @@ -134,9 +134,7 @@ install-unix:: install-libs # the Makefile.in file # krb5_libinit.so krb5_libinit.po $(OUTPRE)krb5_libinit.$(OBJEXT): \ - $(BUILDTOP)/include/asn1_err.h $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/kdb5_err.h $(BUILDTOP)/include/krb5/krb5.h \ - $(BUILDTOP)/include/krb5_err.h $(BUILDTOP)/include/kv5m_err.h \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ diff --git a/src/lib/krb5/asn.1/asn1_make.h b/src/lib/krb5/asn.1/asn1_make.h index 7150549..de13d7b 100644 --- a/src/lib/krb5/asn.1/asn1_make.h +++ b/src/lib/krb5/asn.1/asn1_make.h @@ -48,9 +48,9 @@ asn1_error_code asn1_make_etag (asn1buf *buf, - const asn1_class asn1class, - const asn1_tagnum tagnum, - const unsigned int in_len, + asn1_class asn1class, + asn1_tagnum tagnum, + unsigned int in_len, unsigned int *retlen); /* requires *buf is allocated, in_len is the length of an ASN.1 encoding which has just been inserted in *buf @@ -61,10 +61,10 @@ asn1_error_code asn1_make_etag Returns ENOMEM if memory runs out. */ asn1_error_code asn1_make_tag - (asn1buf *buf, const asn1_class asn1class, - const asn1_construction construction, - const asn1_tagnum tagnum, - const unsigned int in_len, + (asn1buf *buf, asn1_class asn1class, + asn1_construction construction, + asn1_tagnum tagnum, + unsigned int in_len, unsigned int *retlen); /* requires *buf is allocated, in_len is the length of an ASN.1 encoding which has just been inserted in *buf @@ -121,9 +121,9 @@ asn1_error_code asn1_make_length /* "helper" procedure for asn1_make_tag */ asn1_error_code asn1_make_id (asn1buf *buf, - const asn1_class asn1class, - const asn1_construction construction, - const asn1_tagnum tagnum, + asn1_class asn1class, + asn1_construction construction, + asn1_tagnum tagnum, unsigned int *retlen); /* requires *buf is allocated, asn1class and tagnum are appropriate for the ASN.1 encoding which has just been inserted in *buf diff --git a/src/lib/krb5/asn.1/asn1buf.h b/src/lib/krb5/asn.1/asn1buf.h index 854801e..c9c956a 100644 --- a/src/lib/krb5/asn.1/asn1buf.h +++ b/src/lib/krb5/asn.1/asn1buf.h @@ -122,10 +122,10 @@ asn1_error_code asn1buf_imbed position starts at the beginning of *subbuf. */ asn1_error_code asn1buf_sync - (asn1buf *buf, asn1buf *subbuf, const asn1_class Class, - const asn1_tagnum lasttag, - const unsigned int length, const int indef, - const int seqindef); + (asn1buf *buf, asn1buf *subbuf, asn1_class Class, + asn1_tagnum lasttag, + unsigned int length, int indef, + int seqindef); /* requires *subbuf is a sub-buffer of *buf, as created by asn1buf_imbed. lasttag is the last tagnumber read. effects Synchronizes *buf's current position to match that of *subbuf. */ diff --git a/src/lib/krb5/ccache/Makefile.in b/src/lib/krb5/ccache/Makefile.in index c6db516..69ab934 100644 --- a/src/lib/krb5/ccache/Makefile.in +++ b/src/lib/krb5/ccache/Makefile.in @@ -57,6 +57,10 @@ SRCS= $(srcdir)/ccbase.c \ $(srcdir)/ccfns.c \ $(srcdir)/ser_cc.c $(MSLSA_SRC) +EXTRADEPSRCS= \ + $(srcdir)/t_cc.c \ + $(srcdir)/t_cccursor.c + ##DOS##OBJS=$(OBJS) $(OUTPRE)ccfns.$(OBJEXT) all-unix:: all-libobjs @@ -96,12 +100,14 @@ T_CCCURSOR_OBJS = t_cccursor.o t_cccursor: $(T_CCCURSOR_OBJS) $(KRB5_BASE_DEPLIBS) $(CC_LINK) -o $@ $(T_CCCURSOR_OBJS) $(KRB5_BASE_LIBS) -check-unix:: t_cc +check-unix:: t_cc t_cccursor KRB5_CONFIG=$(srcdir)/t_krb5.conf ; export KRB5_CONFIG ;\ - $(RUN_SETUP) $(VALGRIND) ./t_cc + $(RUN_SETUP) $(VALGRIND) ./t_cc + KRB5_CONFIG=$(srcdir)/../krb/t_krb5.conf ; export KRB5_CONFIG ;\ + $(RUN_SETUP) $(VALGRIND) ./t_cccursor clean-unix:: - $(RM) t_cc t_cc.o + $(RM) t_cc t_cc.o t_cccursor t_cccursor.o ##WIN32## $(OUTPRE)cc_mslsa.$(OBJEXT): cc_mslsa.c $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) @@ -206,3 +212,9 @@ ser_cc.so ser_cc.po $(OUTPRE)ser_cc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h ser_cc.c +t_cc.so t_cc.po $(OUTPRE)t_cc.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h \ + t_cc.c +t_cccursor.so t_cccursor.po $(OUTPRE)t_cccursor.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h t_cccursor.c diff --git a/src/lib/krb5/ccache/ccapi/stdcc.c b/src/lib/krb5/ccache/ccapi/stdcc.c index edbec11..36bc780 100644 --- a/src/lib/krb5/ccache/ccapi/stdcc.c +++ b/src/lib/krb5/ccache/ccapi/stdcc.c @@ -56,6 +56,7 @@ #ifdef USE_CCAPI_V3 cc_context_t gCntrlBlock = NULL; +cc_int32 gCCVersion = 0; #else apiCB *gCntrlBlock = NULL; #endif @@ -222,13 +223,59 @@ static krb5_error_code cc_err_xlate(int err) #ifdef USE_CCAPI_V3 + +static krb5_error_code stdccv3_get_timeoffset (krb5_context in_context, + cc_ccache_t in_ccache) +{ + krb5_error_code err = 0; + + if (gCCVersion >= ccapi_version_5) { + krb5_os_context os_ctx = (krb5_os_context) in_context->os_context; + cc_time_t time_offset = 0; + + err = cc_ccache_get_kdc_time_offset (in_ccache, cc_credentials_v5, + &time_offset); + + if (!err) { + os_ctx->time_offset = time_offset; + os_ctx->usec_offset = 0; + os_ctx->os_flags = ((os_ctx->os_flags & ~KRB5_OS_TOFFSET_TIME) | + KRB5_OS_TOFFSET_VALID); + } + + if (err == ccErrTimeOffsetNotSet) { + err = 0; /* okay if there is no time offset */ + } + } + + return err; /* Don't translate. Callers will translate for us */ +} + +static krb5_error_code stdccv3_set_timeoffset (krb5_context in_context, + cc_ccache_t in_ccache) +{ + krb5_error_code err = 0; + + if (gCCVersion >= ccapi_version_5) { + krb5_os_context os_ctx = (krb5_os_context) in_context->os_context; + + if (!err && os_ctx->os_flags & KRB5_OS_TOFFSET_VALID) { + err = cc_ccache_set_kdc_time_offset (in_ccache, + cc_credentials_v5, + os_ctx->time_offset); + } + } + + return err; /* Don't translate. Callers will translate for us */ +} + static krb5_error_code stdccv3_setup (krb5_context context, stdccCacheDataPtr ccapi_data) { krb5_error_code err = 0; if (!err && !gCntrlBlock) { - err = cc_initialize (&gCntrlBlock, ccapi_version_max, NULL, NULL); + err = cc_initialize (&gCntrlBlock, ccapi_version_max, &gCCVersion, NULL); } if (!err && ccapi_data && !ccapi_data->NamedCache) { @@ -237,6 +284,10 @@ static krb5_error_code stdccv3_setup (krb5_context context, &ccapi_data->NamedCache); } + if (!err && ccapi_data && ccapi_data->NamedCache) { + err = stdccv3_get_timeoffset (context, ccapi_data->NamedCache); + } + return err; /* Don't translate. Callers will translate for us */ } @@ -245,6 +296,7 @@ void krb5_stdcc_shutdown() { if (gCntrlBlock) { cc_context_release(gCntrlBlock); } gCntrlBlock = NULL; + gCCVersion = 0; } /* @@ -278,11 +330,15 @@ krb5_stdccv3_generate_new (krb5_context context, krb5_ccache *id ) } if (!err) { - err = cc_context_create_new_ccache (gCntrlBlock, cc_credentials_v5, 0L, + err = cc_context_create_new_ccache (gCntrlBlock, cc_credentials_v5, "", &ccache); } if (!err) { + err = stdccv3_set_timeoffset (context, ccache); + } + + if (!err) { err = cc_ccache_get_name (ccache, &ccstring); } @@ -395,6 +451,7 @@ krb5_stdccv3_initialize (krb5_context context, krb5_error_code err = 0; stdccCacheDataPtr ccapi_data = id->data; char *name = NULL; + cc_ccache_t ccache = NULL; if (id == NULL) { err = KRB5_CC_NOMEM; } @@ -406,22 +463,27 @@ krb5_stdccv3_initialize (krb5_context context, err = krb5_unparse_name(context, princ, &name); } - if (!err && ccapi_data->NamedCache) { - err = cc_ccache_release(ccapi_data->NamedCache); - ccapi_data->NamedCache = NULL; - } - if (!err) { err = cc_context_create_ccache (gCntrlBlock, ccapi_data->cache_name, cc_credentials_v5, name, - &ccapi_data->NamedCache); + &ccache); } if (!err) { - cache_changed(); + err = stdccv3_set_timeoffset (context, ccache); + } + + if (!err) { + if (ccapi_data->NamedCache) { + err = cc_ccache_release (ccapi_data->NamedCache); + } + ccapi_data->NamedCache = ccache; + ccache = NULL; /* take ownership */ + cache_changed (); } - if (name) { krb5_free_unparsed_name(context, name); } + if (ccache) { cc_ccache_release (ccache); } + if (name ) { krb5_free_unparsed_name(context, name); } return cc_err_xlate(err); } diff --git a/src/lib/krb5/ccache/ccbase.c b/src/lib/krb5/ccache/ccbase.c index 1a9f5af..e41573a 100644 --- a/src/lib/krb5/ccache/ccbase.c +++ b/src/lib/krb5/ccache/ccbase.c @@ -71,8 +71,11 @@ static struct krb5_cc_typelist cc_krcc_entry = { &krb5_krcc_ops, #endif /* USE_KEYRING_CCACHE */ #endif +#ifndef USE_KEYRING_CCACHE static struct krb5_cc_typelist cc_fcc_entry = { &krb5_cc_file_ops, &cc_mcc_entry }; +#endif + #ifdef USE_KEYRING_CCACHE #define INITIAL_TYPEHEAD (&cc_krcc_entry) #else @@ -129,7 +132,8 @@ krb5int_cc_finalize(void) */ krb5_error_code KRB5_CALLCONV -krb5_cc_register(krb5_context context, krb5_cc_ops *ops, krb5_boolean override) +krb5_cc_register(krb5_context context, const krb5_cc_ops *ops, + krb5_boolean override) { struct krb5_cc_typelist *t; krb5_error_code err; diff --git a/src/lib/krb5/ccache/t_cc.c b/src/lib/krb5/ccache/t_cc.c index 247145b..393ac92 100644 --- a/src/lib/krb5/ccache/t_cc.c +++ b/src/lib/krb5/ccache/t_cc.c @@ -27,7 +27,7 @@ */ -#include "krb5.h" +#include "k5-int.h" #include <stdio.h> #include <stdlib.h> #include "autoconf.h" @@ -254,8 +254,7 @@ static void test_misc(krb5_context context) /* Tests for certain error returns */ krb5_error_code kret; krb5_ccache id; - extern krb5_cc_ops *krb5_cc_dfl_ops; - krb5_cc_ops *ops_save; + const krb5_cc_ops *ops_save; fprintf(stderr, "Testing miscellaneous error conditions\n"); @@ -284,8 +283,6 @@ int main (void) krb5_context context; krb5_error_code kret; - initialize_krb5_error_table (); - if ((kret = krb5_init_context(&context))) { printf("Couldn't initialize krb5 library: %s\n", error_message(kret)); diff --git a/src/lib/krb5/ccache/t_cccursor.c b/src/lib/krb5/ccache/t_cccursor.c index 68e6153..e65bead 100644 --- a/src/lib/krb5/ccache/t_cccursor.c +++ b/src/lib/krb5/ccache/t_cccursor.c @@ -186,7 +186,7 @@ do_chk( printf("cursor: %s:%s\n", prefix, name); if (i < nmax) { - if (!do_chk_one(prefix, name, &chklist[i])) { + if (do_chk_one(prefix, name, &chklist[i])) { *good = 0; } } diff --git a/src/lib/krb5/error_tables/Makefile.in b/src/lib/krb5/error_tables/Makefile.in index 323af48..e07f63b 100644 --- a/src/lib/krb5/error_tables/Makefile.in +++ b/src/lib/krb5/error_tables/Makefile.in @@ -25,14 +25,7 @@ SRCS= asn1_err.c kdb5_err.c krb5_err.c kv5m_err.c krb524_err.c all-unix:: all-libobjs all-libobjs: $(HDRS) -includes:: $(HDRS) - for f in $(HDRS) ; do \ - if cmp $$f $(THDRDIR)/$$f >/dev/null 2>&1; then :; \ - else \ - (set -x; $(RM) $(THDRDIR)/$$f; \ - $(CP) $$f $(THDRDIR)/$$f) ; \ - fi ; \ - done +includes: $(HDRS) awk-windows: $(AWK) -f $(SRCTOP)/util/et/et_h.awk outfile=asn1_err.h asn1_err.et diff --git a/src/lib/krb5/keytab/Makefile.in b/src/lib/krb5/keytab/Makefile.in index 2fcfbaa..0a375c9 100644 --- a/src/lib/krb5/keytab/Makefile.in +++ b/src/lib/krb5/keytab/Makefile.in @@ -4,6 +4,10 @@ mydir=lib/krb5/keytab BUILDTOP=$(REL)..$(S)..$(S).. DEFS= +RUN_SETUP = @KRB5_RUN_ENV@ +PROG_LIBPATH=-L$(TOPLIBD) +PROG_RPATH=$(KRB5_LIBDIR) + ##DOS##BUILDTOP = ..\..\.. ##DOS##PREFIXDIR=keytab ##DOS##OBJFILE=..\$(OUTPRE)$(PREFIXDIR).lst @@ -16,6 +20,7 @@ STLIBOBJS= \ ktremove.o \ ktfns.o \ kt_file.o \ + kt_memory.o \ kt_srvtab.o \ read_servi.o @@ -27,6 +32,7 @@ OBJS= \ $(OUTPRE)ktremove.$(OBJEXT) \ $(OUTPRE)ktfns.$(OBJEXT) \ $(OUTPRE)kt_file.$(OBJEXT) \ + $(OUTPRE)kt_memory.$(OBJEXT) \ $(OUTPRE)kt_srvtab.$(OBJEXT) \ $(OUTPRE)read_servi.$(OBJEXT) @@ -38,9 +44,13 @@ SRCS= \ $(srcdir)/ktremove.c \ $(srcdir)/ktfns.c \ $(srcdir)/kt_file.c \ + $(srcdir)/kt_memory.c \ $(srcdir)/kt_srvtab.c \ $(srcdir)/read_servi.c +EXTRADEPSRCS= \ + $(srcdir)/t_keytab.c + all-windows:: $(OBJFILE) ##DOS$(OBJFILE): $(OBJS) @@ -50,6 +60,17 @@ all-windows:: $(OBJFILE) all-unix:: all-libobjs clean-unix:: clean-libobjs +check-unix:: t_keytab + KRB5_CONFIG=$(srcdir)/t_krb5.conf ; export KRB5_CONFIG ;\ + $(RUN_SETUP) $(VALGRIND) ./t_keytab + +T_KEYTAB_OBJS = t_keytab.o +t_keytab: $(T_KEYTAB_OBJS) $(KRB5_BASE_DEPLIBS) + $(CC_LINK) -o $@ $(T_KEYTAB_OBJS) $(KRB5_BASE_LIBS) + +clean-unix:: + $(RM) t_keytab t_keytab.o + clean-windows:: @echo Making clean in krb5\keytab $(RM) $(OBJFILE) @@ -121,6 +142,15 @@ kt_file.so kt_file.po $(OUTPRE)kt_file.$(OBJEXT): $(BUILDTOP)/include/autoconf.h $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h kt_file.c +kt_memory.so kt_memory.po $(OUTPRE)kt_memory.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + kt_memory.c kt_srvtab.so kt_srvtab.po $(OUTPRE)kt_srvtab.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ @@ -139,3 +169,12 @@ read_servi.so read_servi.po $(OUTPRE)read_servi.$(OBJEXT): \ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ read_servi.c +t_keytab.so t_keytab.po $(OUTPRE)t_keytab.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + t_keytab.c diff --git a/src/lib/krb5/keytab/kt-int.h b/src/lib/krb5/keytab/kt-int.h index 23bbc55..e62b2d3 100644 --- a/src/lib/krb5/keytab/kt-int.h +++ b/src/lib/krb5/keytab/kt-int.h @@ -36,4 +36,7 @@ int krb5int_kt_initialize(void); void krb5int_kt_finalize(void); +int krb5int_mkt_initialize(void); + +void krb5int_mkt_finalize(void); #endif /* __KRB5_KEYTAB_INT_H__ */ diff --git a/src/lib/krb5/keytab/kt_file.c b/src/lib/krb5/keytab/kt_file.c index c31b90f..fe44ff6 100644 --- a/src/lib/krb5/keytab/kt_file.c +++ b/src/lib/krb5/keytab/kt_file.c @@ -193,6 +193,7 @@ krb5_ktfile_resolve(krb5_context context, const char *name, krb5_keytab *id) err = k5_mutex_init(&data->lock); if (err) { + krb5_xfree(data); krb5_xfree(*id); return err; } @@ -407,7 +408,7 @@ krb5_ktfile_get_name(krb5_context context, krb5_keytab id, char *name, unsigned name++; len -= strlen(id->ops->prefix)+1; - if (len < strlen(KTFILENAME(id)+1)) + if (len < strlen(KTFILENAME(id))+1) return(KRB5_KT_NAME_TOOLONG); strcpy(name, KTFILENAME(id)); /* strcpy will NUL-terminate the destination */ @@ -791,6 +792,7 @@ krb5_ktfile_wresolve(krb5_context context, const char *name, krb5_keytab *id) err = k5_mutex_init(&data->lock); if (err) { + krb5_xfree(data); krb5_xfree(*id); return err; } diff --git a/src/lib/krb5/keytab/kt_memory.c b/src/lib/krb5/keytab/kt_memory.c new file mode 100644 index 0000000..e103e76 --- /dev/null +++ b/src/lib/krb5/keytab/kt_memory.c @@ -0,0 +1,677 @@ +/*
+ * lib/krb5/keytab/kt_memory.c
+ *
+ * Copyright 2007 by Secure Endpoints Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation files
+ * (the "Software"), to deal in the Software without restriction,
+ * including without limitation the rights to use, copy, modify, merge,
+ * publish, distribute, sublicense, and/or sell copies of the Software,
+ * and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+#include "k5-int.h"
+#include "kt-int.h"
+#include <stdio.h>
+
+#define HEIMDAL_COMPATIBLE
+
+/*
+ * Information needed by internal routines of the file-based ticket
+ * cache implementation.
+ */
+
+
+/*
+ * Constants
+ */
+#define IGNORE_VNO 0
+#define IGNORE_ENCTYPE 0
+
+/*
+ * Types
+ */
+/* From krb5.h:
+ * typedef struct krb5_keytab_entry_st {
+ * krb5_magic magic;
+ * krb5_principal principal; principal of this key
+ * krb5_timestamp timestamp; time entry written to keytable
+ * krb5_kvno vno; key version number
+ * krb5_keyblock key; the secret key
+ *} krb5_keytab_entry;
+ */
+
+/* Individual key entries within a table, in a linked list */
+typedef struct _krb5_mkt_link {
+ struct _krb5_mkt_link *next;
+ krb5_keytab_entry *entry;
+} krb5_mkt_link, *krb5_mkt_cursor;
+
+/* Per-keytab data header */
+typedef struct _krb5_mkt_data {
+ char *name; /* Name of the keytab */
+ k5_mutex_t lock; /* Thread-safety - all but link */
+ krb5_int32 refcount;
+ krb5_mkt_cursor link;
+} krb5_mkt_data;
+
+/* List of memory key tables */
+typedef struct _krb5_mkt_list_node {
+ struct _krb5_mkt_list_node *next;
+ krb5_keytab keytab;
+} krb5_mkt_list_node;
+
+/* Iterator over memory key tables */
+typedef struct _krb5_mkt_ptcursor_data {
+ struct _krb5_mkt_list_node *cur;
+} krb5_mkt_ptcursor_data;
+
+/*
+ * Globals
+ */
+static krb5_mkt_list_node * krb5int_mkt_list = NULL;
+static k5_mutex_t krb5int_mkt_mutex = K5_MUTEX_PARTIAL_INITIALIZER;
+
+/*
+ * Macros
+ */
+#define KTLOCK(id) k5_mutex_lock(&(((krb5_mkt_data *)(id)->data)->lock))
+#define KTUNLOCK(id) k5_mutex_unlock(&(((krb5_mkt_data *)(id)->data)->lock))
+#define KTCHECKLOCK(id) k5_mutex_assert_locked(&(((krb5_mkt_data *)(id)->data)->lock))
+
+#define KTGLOCK k5_mutex_lock(&krb5int_mkt_mutex)
+#define KTGUNLOCK k5_mutex_unlock(&krb5int_mkt_mutex)
+#define KTGCHECKLOCK k5_mutex_assert_locked(&krb5int_mkt_mutex)
+
+#define KTLINK(id) (((krb5_mkt_data *)(id)->data)->link)
+#define KTREFCNT(id) (((krb5_mkt_data *)(id)->data)->refcount)
+#define KTNAME(id) (((krb5_mkt_data *)(id)->data)->name)
+
+extern const struct _krb5_kt_ops krb5_mkt_ops;
+
+krb5_error_code KRB5_CALLCONV krb5_mkt_resolve
+ (krb5_context,
+ const char *,
+ krb5_keytab *);
+
+krb5_error_code KRB5_CALLCONV krb5_mkt_get_name
+ (krb5_context,
+ krb5_keytab,
+ char *,
+ unsigned int);
+
+krb5_error_code KRB5_CALLCONV krb5_mkt_close
+ (krb5_context,
+ krb5_keytab);
+
+krb5_error_code KRB5_CALLCONV krb5_mkt_get_entry
+ (krb5_context,
+ krb5_keytab,
+ krb5_const_principal,
+ krb5_kvno,
+ krb5_enctype,
+ krb5_keytab_entry *);
+
+krb5_error_code KRB5_CALLCONV krb5_mkt_start_seq_get
+ (krb5_context,
+ krb5_keytab,
+ krb5_kt_cursor *);
+
+krb5_error_code KRB5_CALLCONV krb5_mkt_get_next
+ (krb5_context,
+ krb5_keytab,
+ krb5_keytab_entry *,
+ krb5_kt_cursor *);
+
+krb5_error_code KRB5_CALLCONV krb5_mkt_end_get
+ (krb5_context,
+ krb5_keytab,
+ krb5_kt_cursor *);
+
+/* routines to be included on extended version (write routines) */
+krb5_error_code KRB5_CALLCONV krb5_mkt_add
+ (krb5_context,
+ krb5_keytab,
+ krb5_keytab_entry *);
+
+krb5_error_code KRB5_CALLCONV krb5_mkt_remove
+ (krb5_context,
+ krb5_keytab,
+ krb5_keytab_entry *);
+
+int krb5int_mkt_initialize(void) {
+ return k5_mutex_finish_init(&krb5int_mkt_mutex);
+}
+
+void krb5int_mkt_finalize(void) {
+ krb5_mkt_list_node *node, *next_node;
+ krb5_mkt_cursor cursor, next_cursor;
+
+ k5_mutex_destroy(&krb5int_mkt_mutex);
+
+ for (node = krb5int_mkt_list; node; node = next_node) {
+ next_node = node->next;
+
+ /* destroy the contents of node->keytab */
+ krb5_xfree(KTNAME(node->keytab));
+
+ /* free the keytab entries */
+ for (cursor = KTLINK(node->keytab); cursor; cursor = next_cursor) {
+ next_cursor = cursor->next;
+ /* the call to krb5_kt_free_entry uses a NULL in place of the
+ * krb5_context since we know that the context isn't used by
+ * krb5_kt_free_entry or krb5_free_principal. */
+ krb5_kt_free_entry(NULL, cursor->entry);
+ krb5_xfree(cursor->entry);
+ krb5_xfree(cursor);
+ }
+
+ /* destroy the lock */
+ k5_mutex_destroy(&(((krb5_mkt_data *)node->keytab->data)->lock));
+
+ /* free the private data */
+ krb5_xfree(node->keytab->data);
+
+ /* and the keytab */
+ krb5_xfree(node->keytab);
+
+ /* and finally the node */
+ krb5_xfree(node);
+ }
+}
+/*
+ * This is an implementation specific resolver. It returns a keytab
+ * initialized with memory keytab routines.
+ */
+
+krb5_error_code KRB5_CALLCONV
+krb5_mkt_resolve(krb5_context context, const char *name, krb5_keytab *id)
+{
+ krb5_mkt_data *data = 0;
+ krb5_mkt_list_node *list;
+ krb5_error_code err = 0;
+
+ /* First determine if a memory keytab of this name already exists */
+ err = KTGLOCK;
+ if (err)
+ return(err);
+
+ for (list = krb5int_mkt_list; list; list = list->next)
+ {
+ if (strcmp(name,KTNAME(list->keytab)) == 0) {
+ /* Found */
+ *id = list->keytab;
+ goto done;
+ }
+ }
+
+ /* We will now create the new key table with the specified name.
+ * We do not drop the global lock, therefore the name will indeed
+ * be unique when we add it.
+ */
+
+ if ((list = (krb5_mkt_list_node *)malloc(sizeof(krb5_mkt_list_node))) == NULL) {
+ err = ENOMEM;
+ goto done;
+ }
+
+ if ((list->keytab = (krb5_keytab)malloc(sizeof(struct _krb5_kt))) == NULL) {
+ krb5_xfree(list);
+ err = ENOMEM;
+ goto done;
+ }
+
+ list->keytab->ops = &krb5_mkt_ops;
+ if ((data = (krb5_mkt_data *)malloc(sizeof(krb5_mkt_data))) == NULL) {
+ krb5_xfree(list->keytab);
+ krb5_xfree(list);
+ err = ENOMEM;
+ goto done;
+ }
+
+ err = k5_mutex_init(&data->lock);
+ if (err) {
+ krb5_xfree(data);
+ krb5_xfree(list->keytab);
+ krb5_xfree(list);
+ goto done;
+ }
+
+ if ((data->name = (char *)calloc(strlen(name) + 1, sizeof(char))) == NULL) {
+ k5_mutex_destroy(&data->lock);
+ krb5_xfree(data);
+ krb5_xfree(list->keytab);
+ krb5_xfree(list);
+ err = ENOMEM;
+ goto done;
+ }
+
+ (void) strcpy(data->name, name);
+
+ data->link = NULL;
+ data->refcount = 0;
+ list->keytab->data = (krb5_pointer)data;
+ list->keytab->magic = KV5M_KEYTAB;
+
+ list->next = krb5int_mkt_list;
+ krb5int_mkt_list = list;
+
+ *id = list->keytab;
+
+ done:
+ err = KTLOCK(*id);
+ if (err) {
+ k5_mutex_destroy(&data->lock);
+ if (data && data->name)
+ krb5_xfree(data->name);
+ krb5_xfree(data);
+ if (list && list->keytab)
+ krb5_xfree(list->keytab);
+ krb5_xfree(list);
+ } else {
+ KTREFCNT(*id)++;
+ KTUNLOCK(*id);
+ }
+
+ KTGUNLOCK;
+ return(err);
+}
+
+
+/*
+ * "Close" a memory-based keytab. This is effectively a no-op.
+ * We check to see if the keytab exists and that is about it.
+ * Closing a file keytab does not destroy the contents. Closing
+ * a memory keytab shouldn't either.
+ */
+
+krb5_error_code KRB5_CALLCONV
+krb5_mkt_close(krb5_context context, krb5_keytab id)
+{
+ krb5_mkt_list_node **listp;
+#ifdef HEIMDAL_COMPATIBLE
+ krb5_mkt_list_node *node;
+ krb5_mkt_data * data;
+#endif
+ krb5_error_code err = 0;
+
+ /* First determine if a memory keytab of this name already exists */
+ err = KTGLOCK;
+ if (err)
+ return(err);
+
+ for (listp = &krb5int_mkt_list; *listp; listp = &((*listp)->next))
+ {
+ if (id == (*listp)->keytab) {
+ /* Found */
+ break;
+ }
+ }
+
+ if (*listp == NULL) {
+ /* The specified keytab could not be found */
+ err = KRB5_KT_NOTFOUND;
+ goto done;
+ }
+
+ /* reduce the refcount and return */
+ err = KTLOCK(id);
+ if (err)
+ goto done;
+
+ KTREFCNT(id)--;
+ KTUNLOCK(id);
+
+#ifdef HEIMDAL_COMPATIBLE
+ /* In Heimdal if the refcount hits 0, the MEMORY keytab is
+ * destroyed since there is no krb5_kt_destroy function.
+ * There is no need to lock the entry while performing
+ * these operations as the refcount will be 0 and we are
+ * holding the global lock.
+ */
+ data = (krb5_mkt_data *)id->data;
+ if (data->refcount == 0) {
+ krb5_mkt_cursor cursor, next_cursor;
+
+ node = *listp;
+ *listp = node->next;
+
+ /* destroy the contents of node->keytab (aka id) */
+ krb5_xfree(data->name);
+
+ /* free the keytab entries */
+ for (cursor = KTLINK(node->keytab); cursor; cursor = next_cursor) {
+ next_cursor = cursor->next;
+
+ krb5_kt_free_entry(context, cursor->entry);
+ krb5_xfree(cursor->entry);
+ krb5_xfree(cursor);
+ }
+
+ /* destroy the lock */
+ k5_mutex_destroy(&(data->lock));
+
+ /* free the private data */
+ krb5_xfree(data);
+
+ /* and the keytab */
+ krb5_xfree(node->keytab);
+
+ /* and finally the node */
+ krb5_xfree(node);
+ }
+#endif /* HEIMDAL_COMPATIBLE */
+
+ done:
+ KTGUNLOCK;
+ return(err);
+}
+
+/*
+ * This is the get_entry routine for the memory based keytab implementation.
+ * It either retrieves the entry or returns an error.
+ */
+
+krb5_error_code KRB5_CALLCONV
+krb5_mkt_get_entry(krb5_context context, krb5_keytab id,
+ krb5_const_principal principal, krb5_kvno kvno,
+ krb5_enctype enctype, krb5_keytab_entry *out_entry)
+{
+ krb5_mkt_cursor cursor;
+ krb5_keytab_entry *entry, *match = NULL;
+ krb5_error_code err = 0;
+ int found_wrong_kvno = 0;
+ krb5_boolean similar = 0;
+
+ err = KTLOCK(id);
+ if (err)
+ return err;
+
+ for (cursor = KTLINK(id); cursor && cursor->entry; cursor = cursor->next) {
+ entry = cursor->entry;
+
+ /* if the principal isn't the one requested, continue to the next. */
+
+ if (!krb5_principal_compare(context, principal, entry->principal))
+ continue;
+
+ /* if the enctype is not ignored and doesn't match,
+ and continue to the next */
+ if (enctype != IGNORE_ENCTYPE) {
+ if ((err = krb5_c_enctype_compare(context, enctype,
+ entry->key.enctype,
+ &similar))) {
+ /* we can't determine the enctype of the entry */
+ continue;
+ }
+
+ if (!similar)
+ continue;
+ }
+
+ if (kvno == IGNORE_VNO) {
+ if (match == NULL)
+ match = entry;
+ else if (entry->vno > match->vno)
+ match = entry;
+ } else {
+ if (entry->vno == kvno) {
+ match = entry;
+ break;
+ } else {
+ found_wrong_kvno++;
+ }
+ }
+ }
+
+ /* if we found an entry that matches, ... */
+ if (match) {
+ out_entry->magic = match->magic;
+ out_entry->timestamp = match->timestamp;
+ out_entry->vno = match->vno;
+ out_entry->key = match->key;
+ err = krb5_copy_keyblock_contents(context, &(match->key),
+ &(out_entry->key));
+ /*
+ * Coerce the enctype of the output keyblock in case we
+ * got an inexact match on the enctype.
+ */
+ if(enctype != IGNORE_ENCTYPE)
+ out_entry->key.enctype = enctype;
+ if(!err) {
+ err = krb5_copy_principal(context,
+ match->principal,
+ &(out_entry->principal));
+ }
+ } else {
+ if (!err)
+ err = found_wrong_kvno ? KRB5_KT_KVNONOTFOUND : KRB5_KT_NOTFOUND;
+ }
+
+ KTUNLOCK(id);
+ return(err);
+}
+
+/*
+ * Get the name of the memory-based keytab.
+ */
+
+krb5_error_code KRB5_CALLCONV
+krb5_mkt_get_name(krb5_context context, krb5_keytab id, char *name, unsigned int len)
+{
+ memset(name, 0, len);
+
+ if (len < strlen(id->ops->prefix)+2)
+ return(KRB5_KT_NAME_TOOLONG);
+ strcpy(name, id->ops->prefix);
+ name += strlen(id->ops->prefix);
+ name[0] = ':';
+ name++;
+ len -= strlen(id->ops->prefix)+1;
+
+ if (len < strlen(KTNAME(id))+1)
+ return(KRB5_KT_NAME_TOOLONG);
+ strcpy(name, KTNAME(id));
+ /* strcpy will NUL-terminate the destination */
+
+ return(0);
+}
+
+/*
+ * krb5_mkt_start_seq_get()
+ */
+
+krb5_error_code KRB5_CALLCONV
+krb5_mkt_start_seq_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursorp)
+{
+ krb5_error_code err = 0;
+
+ err = KTLOCK(id);
+ if (err)
+ return(err);
+
+ *cursorp = (krb5_kt_cursor)KTLINK(id);
+ KTUNLOCK(id);
+
+ return(0);
+}
+
+/*
+ * krb5_mkt_get_next()
+ */
+
+krb5_error_code KRB5_CALLCONV
+krb5_mkt_get_next(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry, krb5_kt_cursor *cursor)
+{
+ krb5_mkt_cursor mkt_cursor = (krb5_mkt_cursor)*cursor;
+ krb5_error_code err = 0;
+
+ err = KTLOCK(id);
+ if (err)
+ return err;
+
+ if (mkt_cursor == NULL) {
+ KTUNLOCK(id);
+ return KRB5_KT_END;
+ }
+
+ entry->magic = mkt_cursor->entry->magic;
+ entry->timestamp = mkt_cursor->entry->timestamp;
+ entry->vno = mkt_cursor->entry->vno;
+ entry->key = mkt_cursor->entry->key;
+ err = krb5_copy_keyblock_contents(context, &(mkt_cursor->entry->key),
+ &(entry->key));
+ if (!err)
+ err = krb5_copy_principal(context, mkt_cursor->entry->principal,
+ &(entry->principal));
+ if (!err)
+ *cursor = (krb5_kt_cursor *)mkt_cursor->next;
+ KTUNLOCK(id);
+ return(err);
+}
+
+/*
+ * krb5_mkt_end_get()
+ */
+
+krb5_error_code KRB5_CALLCONV
+krb5_mkt_end_get(krb5_context context, krb5_keytab id, krb5_kt_cursor *cursor)
+{
+ *cursor = NULL;
+ return(0);
+}
+
+
+/*
+ * krb5_mkt_add()
+ */
+
+krb5_error_code KRB5_CALLCONV
+krb5_mkt_add(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry)
+{
+ krb5_error_code err = 0;
+ krb5_mkt_cursor cursor;
+
+ err = KTLOCK(id);
+ if (err)
+ return err;
+
+ cursor = (krb5_mkt_cursor)malloc(sizeof(krb5_mkt_link));
+ if (cursor == NULL) {
+ err = ENOMEM;
+ goto done;
+ }
+ cursor->entry = (krb5_keytab_entry *)malloc(sizeof(krb5_keytab_entry));
+ if (cursor->entry == NULL) {
+ krb5_xfree(cursor);
+ err = ENOMEM;
+ goto done;
+ }
+ cursor->entry->magic = entry->magic;
+ cursor->entry->timestamp = entry->timestamp;
+ cursor->entry->vno = entry->vno;
+ err = krb5_copy_keyblock_contents(context, &(entry->key),
+ &(cursor->entry->key));
+ if (err) {
+ krb5_xfree(cursor->entry);
+ krb5_xfree(cursor);
+ goto done;
+ }
+
+ err = krb5_copy_principal(context, entry->principal, &(cursor->entry->principal));
+ if (err) {
+ krb5_free_keyblock_contents(context, &(cursor->entry->key));
+ krb5_xfree(cursor->entry);
+ krb5_xfree(cursor);
+ goto done;
+ }
+
+ if (KTLINK(id) == NULL) {
+ cursor->next = NULL;
+ KTLINK(id) = cursor;
+ } else {
+ cursor->next = KTLINK(id);
+ KTLINK(id) = cursor;
+ }
+
+ done:
+ KTUNLOCK(id);
+ return err;
+}
+
+/*
+ * krb5_mkt_remove()
+ */
+
+krb5_error_code KRB5_CALLCONV
+krb5_mkt_remove(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry)
+{
+ krb5_mkt_cursor *pcursor, next;
+ krb5_error_code err = 0;
+
+ err = KTLOCK(id);
+ if (err)
+ return err;
+
+ if ( KTLINK(id) == NULL ) {
+ err = KRB5_KT_NOTFOUND;
+ goto done;
+ }
+
+ for ( pcursor = &KTLINK(id); *pcursor; pcursor = &(*pcursor)->next ) {
+ if ( (*pcursor)->entry->vno == entry->vno &&
+ (*pcursor)->entry->key.enctype == entry->key.enctype &&
+ krb5_principal_compare(context, (*pcursor)->entry->principal, entry->principal))
+ break;
+ }
+
+ if (!*pcursor) {
+ err = KRB5_KT_NOTFOUND;
+ goto done;
+ }
+
+ krb5_kt_free_entry(context, (*pcursor)->entry);
+ krb5_xfree((*pcursor)->entry);
+ next = (*pcursor)->next;
+ krb5_xfree(*pcursor);
+ (*pcursor) = next;
+
+ done:
+ KTUNLOCK(id);
+ return err;
+}
+
+
+/*
+ * krb5_mkt_ops
+ */
+
+const struct _krb5_kt_ops krb5_mkt_ops = {
+ 0,
+ "MEMORY", /* Prefix -- this string should not appear anywhere else! */
+ krb5_mkt_resolve,
+ krb5_mkt_get_name,
+ krb5_mkt_close,
+ krb5_mkt_get_entry,
+ krb5_mkt_start_seq_get,
+ krb5_mkt_get_next,
+ krb5_mkt_end_get,
+ krb5_mkt_add,
+ krb5_mkt_remove,
+ NULL
+};
+
diff --git a/src/lib/krb5/keytab/kt_srvtab.c b/src/lib/krb5/keytab/kt_srvtab.c index cb9d9c1..d96cf16 100644 --- a/src/lib/krb5/keytab/kt_srvtab.c +++ b/src/lib/krb5/keytab/kt_srvtab.c @@ -266,7 +266,7 @@ krb5_ktsrvtab_get_name(krb5_context context, krb5_keytab id, char *name, unsigne name++; len -= strlen(id->ops->prefix)+1; - if (len < strlen(KTFILENAME(id)+1)) + if (len < strlen(KTFILENAME(id))+1) return(KRB5_KT_NAME_TOOLONG); strcpy(name, KTFILENAME(id)); /* strcpy will NUL-terminate the destination */ diff --git a/src/lib/krb5/keytab/ktbase.c b/src/lib/krb5/keytab/ktbase.c index 79c9151..3e4f6a6 100644 --- a/src/lib/krb5/keytab/ktbase.c +++ b/src/lib/krb5/keytab/ktbase.c @@ -24,6 +24,28 @@ * or implied warranty. * * + * Copyright 2007 by Secure Endpoints Inc. + * + * Permission is hereby granted, free of charge, to any person + * obtaining a copy of this software and associated documentation files + * (the "Software"), to deal in the Software without restriction, + * including without limitation the rights to use, copy, modify, merge, + * publish, distribute, sublicense, and/or sell copies of the Software, + * and to permit persons to whom the Software is furnished to do so, + * subject to the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + * * Registration functions for keytab. */ @@ -34,41 +56,60 @@ extern const krb5_kt_ops krb5_ktf_ops; extern const krb5_kt_ops krb5_ktf_writable_ops; extern const krb5_kt_ops krb5_kts_ops; +extern const krb5_kt_ops krb5_mkt_ops; struct krb5_kt_typelist { const krb5_kt_ops *ops; const struct krb5_kt_typelist *next; }; +const static struct krb5_kt_typelist krb5_kt_typelist_srvtab = { + &krb5_kts_ops, + NULL +}; +const static struct krb5_kt_typelist krb5_kt_typelist_memory = { + &krb5_mkt_ops, + &krb5_kt_typelist_srvtab +}; const static struct krb5_kt_typelist krb5_kt_typelist_wrfile = { &krb5_ktf_writable_ops, - 0 + &krb5_kt_typelist_memory }; const static struct krb5_kt_typelist krb5_kt_typelist_file = { &krb5_ktf_ops, &krb5_kt_typelist_wrfile }; -const static struct krb5_kt_typelist krb5_kt_typelist_srvtab = { - &krb5_kts_ops, - &krb5_kt_typelist_file -}; -static const struct krb5_kt_typelist *kt_typehead = &krb5_kt_typelist_srvtab; + +static const struct krb5_kt_typelist *kt_typehead = &krb5_kt_typelist_file; /* Lock for protecting the type list. */ static k5_mutex_t kt_typehead_lock = K5_MUTEX_PARTIAL_INITIALIZER; int krb5int_kt_initialize(void) { - return k5_mutex_finish_init(&kt_typehead_lock); + int err; + + err = k5_mutex_finish_init(&kt_typehead_lock); + if (err) + goto done; + err = krb5int_mkt_initialize(); + if (err) + goto done; + + done: + return(err); } void krb5int_kt_finalize(void) { - struct krb5_kt_typelist *t, *t_next; + const struct krb5_kt_typelist *t, *t_next; + k5_mutex_destroy(&kt_typehead_lock); - for (t = kt_typehead; t != &krb5_kt_typelist_srvtab; t = t_next) { + for (t = kt_typehead; t != &krb5_kt_typelist_file; t = t_next) { t_next = t->next; - free(t); + free((struct krb5_kt_typelist *)t); } + + krb5int_mkt_finalize(); } diff --git a/src/lib/krb5/keytab/ktfns.c b/src/lib/krb5/keytab/ktfns.c index 63fa639..24d8eb2 100644 --- a/src/lib/krb5/keytab/ktfns.c +++ b/src/lib/krb5/keytab/ktfns.c @@ -30,7 +30,7 @@ #include "k5-int.h" -char * KRB5_CALLCONV +const char * KRB5_CALLCONV krb5_kt_get_type (krb5_context context, krb5_keytab keytab) { return keytab->ops->prefix; diff --git a/src/lib/krb5/keytab/ktfr_entry.c b/src/lib/krb5/keytab/ktfr_entry.c index a86b38b..b4305e2 100644 --- a/src/lib/krb5/keytab/ktfr_entry.c +++ b/src/lib/krb5/keytab/ktfr_entry.c @@ -37,7 +37,7 @@ krb5_free_keytab_entry_contents (krb5_context context, krb5_keytab_entry *entry) krb5_free_principal(context, entry->principal); if (entry->key.contents) { - memset((char *)entry->key.contents, 0, entry->key.length); + zap((char *)entry->key.contents, entry->key.length); krb5_xfree(entry->key.contents); } return 0; diff --git a/src/lib/krb5/keytab/t_keytab.c b/src/lib/krb5/keytab/t_keytab.c new file mode 100644 index 0000000..d16184e --- /dev/null +++ b/src/lib/krb5/keytab/t_keytab.c @@ -0,0 +1,425 @@ +/* + * lib/krb5/keytab/t_keytab.c + * + * Copyright (C) 2007 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * + * A set of tests for the keytab interface + */ + + +#include "k5-int.h" +#include "autoconf.h" +#include <stdio.h> +#include <errno.h> +#if HAVE_UNISTD_H +#include <unistd.h> +#endif +#include <string.h> + + +int debug=0; + +extern const krb5_kt_ops krb5_ktf_writable_ops; + +#define KRB5_OK 0 + +#define CHECK(kret,msg) \ + if (kret != KRB5_OK) {\ + com_err(msg, kret, ""); \ + fflush(stderr);\ + exit(1);\ + } else if(debug) printf("%s went ok\n", msg); + + +#define CHECK_STR(str,msg) \ + if (str == 0) {\ + com_err(msg, kret, "");\ + exit(1);\ + } else if(debug) printf("%s went ok\n", msg); + +static void test_misc(krb5_context context) +{ + /* Tests for certain error returns */ + krb5_error_code kret; + krb5_keytab ktid; + char defname[BUFSIZ]; + char *name; + + fprintf(stderr, "Testing miscellaneous error conditions\n"); + + kret = krb5_kt_resolve(context, "unknown_method_ep:/tmp/name", &ktid); + if (kret != KRB5_KT_UNKNOWN_TYPE) { + CHECK(kret, "resolve unknown type"); + } + + /* Test length limits on krb5_kt_default_name */ + kret = krb5_kt_default_name(context, defname, sizeof(defname)); + CHECK(kret, "krb5_kt_default_name error"); + + /* Now allocate space - without the null... */ + name = malloc(strlen(defname)); + if(!name) { + fprintf(stderr, "Out of memory in testing\n"); + exit(1); + } + kret = krb5_kt_default_name(context, name, strlen(defname)); + free(name); + if (kret != KRB5_CONFIG_NOTENUFSPACE) { + CHECK(kret, "krb5_kt_default_name limited"); + } +} + +static void kt_test(krb5_context context, const char *name) +{ + krb5_error_code kret; + krb5_keytab kt; + const char *type; + char buf[BUFSIZ]; + char *p; + krb5_keytab_entry kent; + krb5_principal princ; + krb5_kt_cursor cursor; + int cnt; + + kret = krb5_kt_resolve(context, name, &kt); + CHECK(kret, "resolve"); + + type = krb5_kt_get_type(context, kt); + CHECK_STR(type, "getting kt type"); + printf(" Type is: %s\n", type); + + kret = krb5_kt_get_name(context, kt, buf, sizeof(buf)); + CHECK(kret, "get_name"); + printf(" Name is: %s\n", buf); + + /* Check that length checks fail */ + /* The buffer is allocated too small - to allow for valgrind test of + overflows + */ + p = malloc(strlen(buf)); + kret = krb5_kt_get_name(context, kt, p, 1); + if(kret != KRB5_KT_NAME_TOOLONG) { + CHECK(kret, "get_name - size 1"); + } + + + kret = krb5_kt_get_name(context, kt, p, strlen(buf)); + if(kret != KRB5_KT_NAME_TOOLONG) { + CHECK(kret, "get_name"); + } + free(p); + + /* Try to lookup unknown principal - when keytab does not exist*/ + kret = krb5_parse_name(context, "test/test2@TEST.MIT.EDU", &princ); + CHECK(kret, "parsing principal"); + + + kret = krb5_kt_get_entry(context, kt, princ, 0, 0, &kent); + if((kret != KRB5_KT_NOTFOUND) && (kret != ENOENT)) { + CHECK(kret, "Getting non-existant entry"); + } + + + /* =================== Add entries to keytab ================= */ + /* + * Add the following for this principal + * enctype 1, kvno 1, key = "1" + * enctype 2, kvno 1, key = "1" + * enctype 1, kvno 2, key = "2" + */ + memset(&kent, 0, sizeof(kent)); + kent.magic = KV5M_KEYTAB_ENTRY; + kent.principal = princ; + kent.timestamp = 327689; + kent.vno = 1; + kent.key.magic = KV5M_KEYBLOCK; + kent.key.enctype = 1; + kent.key.length = 1; + kent.key.contents = (krb5_octet *) "1"; + + + kret = krb5_kt_add_entry(context, kt, &kent); + CHECK(kret, "Adding initial entry"); + + kent.key.enctype = 2; + kret = krb5_kt_add_entry(context, kt, &kent); + CHECK(kret, "Adding second entry"); + + kent.key.enctype = 1; + kent.vno = 2; + kent.key.contents = (krb5_octet *) "2"; + kret = krb5_kt_add_entry(context, kt, &kent); + CHECK(kret, "Adding third entry"); + + /* Free memory */ + krb5_free_principal(context, princ); + + /* ============== Test iterating over contents of keytab ========= */ + + kret = krb5_kt_start_seq_get(context, kt, &cursor); + CHECK(kret, "Start sequence get"); + + + memset(&kent, 0, sizeof(kent)); + cnt = 0; + while((kret = krb5_kt_next_entry(context, kt, &kent, &cursor)) == 0) { + if(((kent.vno != 1) && (kent.vno != 2)) || + ((kent.key.enctype != 1) && (kent.key.enctype != 2)) || + (kent.key.length != 1) || + (kent.key.contents[0] != kent.vno +'0')) { + fprintf(stderr, "Error in read contents\n"); + exit(1); + } + + if((kent.magic != KV5M_KEYTAB_ENTRY) || + (kent.key.magic != KV5M_KEYBLOCK)) { + fprintf(stderr, "Magic number in sequence not proper\n"); + exit(1); + } + + cnt++; + krb5_free_keytab_entry_contents(context, &kent); + } + if (kret != KRB5_KT_END) { + CHECK(kret, "getting next entry"); + } + + if(cnt != 3) { + fprintf(stderr, "Mismatch in number of entries in keytab"); + } + + kret = krb5_kt_end_seq_get(context, kt, &cursor); + CHECK(kret, "End sequence get"); + + + /* ========================== get_entry tests ============== */ + + /* Try to lookup unknown principal - now that keytab exists*/ + kret = krb5_parse_name(context, "test3/test2@TEST.MIT.EDU", &princ); + CHECK(kret, "parsing principal"); + + + kret = krb5_kt_get_entry(context, kt, princ, 0, 0, &kent); + if((kret != KRB5_KT_NOTFOUND)) { + CHECK(kret, "Getting non-existant entry"); + } + + krb5_free_principal(context, princ); + + /* Try to lookup known principal */ + kret = krb5_parse_name(context, "test/test2@TEST.MIT.EDU", &princ); + CHECK(kret, "parsing principal"); + + kret = krb5_kt_get_entry(context, kt, princ, 0, 0, &kent); + CHECK(kret, "looking up principal"); + + /* Ensure a valid answer - we did not specify an enctype or kvno */ + if (!krb5_principal_compare(context, princ, kent.principal) || + ((kent.vno != 1) && (kent.vno != 2)) || + ((kent.key.enctype != 1) && (kent.key.enctype != 2)) || + (kent.key.length != 1) || + (kent.key.contents[0] != kent.vno +'0')) { + fprintf(stderr, "Retrieved principal does not check\n"); + exit(1); + } + + krb5_free_keytab_entry_contents(context, &kent); + + /* Try to lookup a specific enctype - but unspecified kvno - should give + * max kvno + */ + kret = krb5_kt_get_entry(context, kt, princ, 0, 1, &kent); + CHECK(kret, "looking up principal"); + + /* Ensure a valid answer - we did specified an enctype */ + if (!krb5_principal_compare(context, princ, kent.principal) || + (kent.vno != 2) || (kent.key.enctype != 1) || + (kent.key.length != 1) || + (kent.key.contents[0] != kent.vno +'0')) { + fprintf(stderr, "Retrieved principal does not check\n"); + + exit(1); + + } + + krb5_free_keytab_entry_contents(context, &kent); + + /* Try to lookup unspecified enctype, but a specified kvno */ + + kret = krb5_kt_get_entry(context, kt, princ, 2, 0, &kent); + CHECK(kret, "looking up principal"); + + /* Ensure a valid answer - we did not specify a kvno */ + if (!krb5_principal_compare(context, princ, kent.principal) || + (kent.vno != 2) || (kent.key.enctype != 1) || + (kent.key.length != 1) || + (kent.key.contents[0] != kent.vno +'0')) { + fprintf(stderr, "Retrieved principal does not check\n"); + + exit(1); + + } + + krb5_free_keytab_entry_contents(context, &kent); + + + + /* Try to lookup specified enctype and kvno */ + + kret = krb5_kt_get_entry(context, kt, princ, 1, 1, &kent); + CHECK(kret, "looking up principal"); + + if (!krb5_principal_compare(context, princ, kent.principal) || + (kent.vno != 1) || (kent.key.enctype != 1) || + (kent.key.length != 1) || + (kent.key.contents[0] != kent.vno +'0')) { + fprintf(stderr, "Retrieved principal does not check\n"); + + exit(1); + + } + + krb5_free_keytab_entry_contents(context, &kent); + + + /* Try to lookup specified enctype and kvno - that does not exist*/ + + kret = krb5_kt_get_entry(context, kt, princ, 3, 1, &kent); + if(kret != KRB5_KT_KVNONOTFOUND) { + CHECK(kret, "looking up specific principal, kvno, enctype"); + } + + + + + krb5_free_principal(context, princ); + + /* ========================= krb5_kt_remove_entry =========== */ + /* Lookup the keytab entry w/ 2 kvno - and delete version 2 - + ensure gone */ + kret = krb5_parse_name(context, "test/test2@TEST.MIT.EDU", &princ); + CHECK(kret, "parsing principal"); + + kret = krb5_kt_get_entry(context, kt, princ, 0, 1, &kent); + CHECK(kret, "looking up principal"); + + /* Ensure a valid answer - we are looking for max(kvno) and enc=1 */ + if (!krb5_principal_compare(context, princ, kent.principal) || + (kent.vno != 2) || (kent.key.enctype != 1) || + (kent.key.length != 1) || + (kent.key.contents[0] != kent.vno +'0')) { + fprintf(stderr, "Retrieved principal does not check\n"); + + exit(1); + + } + + /* Delete it */ + kret = krb5_kt_remove_entry(context, kt, &kent); + CHECK(kret, "Removing entry"); + + krb5_free_keytab_entry_contents(context, &kent); + /* And ensure gone */ + + kret = krb5_kt_get_entry(context, kt, princ, 0, 1, &kent); + CHECK(kret, "looking up principal"); + + /* Ensure a valid answer - kvno should now be 1 - we deleted 2 */ + if (!krb5_principal_compare(context, princ, kent.principal) || + (kent.vno != 1) || (kent.key.enctype != 1) || + (kent.key.length != 1) || + (kent.key.contents[0] != kent.vno +'0')) { + fprintf(stderr, "Delete principal check failed\n"); + + exit(1); + + } + krb5_free_keytab_entry_contents(context, &kent); + + krb5_free_principal(context, princ); + + /* ======================= Finally close ======================= */ + + kret = krb5_kt_close(context, kt); + CHECK(kret, "close"); + +} + +static void do_test(krb5_context context, const char *prefix, + krb5_boolean delete) +{ + char name[300], filename[300]; + + sprintf(filename, "/tmp/kttest.%ld", (long) getpid()); + sprintf(name, "%s%s", prefix, filename); + printf("Starting test on %s\n", name); + kt_test(context, name); + printf("Test on %s passed\n", name); + if(delete) + unlink(filename); + +} + +int +main (void) +{ + krb5_context context; + krb5_error_code kret; + + + if ((kret = krb5_init_context(&context))) { + printf("Couldn't initialize krb5 library: %s\n", + error_message(kret)); + exit(1); + } + + /* All keytab types are registered by default -- test for + redundant error */ + kret = krb5_kt_register(context, &krb5_ktf_writable_ops); + if(kret && kret != KRB5_KT_TYPE_EXISTS) { + CHECK(kret, "register ktf_writable"); + } + + test_misc(context); + do_test(context, "WRFILE:", FALSE); + do_test(context, "MEMORY:", TRUE); + + krb5_free_context(context); + return 0; + +} + + +#if 0 +/* remove and add are functions, so that they can return NOWRITE + if not a writable keytab */ +krb5_error_code KRB5_CALLCONV krb5_kt_remove_entry + (krb5_context, + krb5_keytab, + krb5_keytab_entry * ); + + + +#endif diff --git a/src/lib/krb5/krb/Makefile.in b/src/lib/krb5/krb/Makefile.in index 84b1f27..9d9b77d 100644 --- a/src/lib/krb5/krb/Makefile.in +++ b/src/lib/krb5/krb/Makefile.in @@ -89,6 +89,7 @@ STLIBOBJS= \ ser_princ.o \ serialize.o \ set_realm.o \ + srv_dec_tkt.o \ srv_rcache.o \ str_conv.o \ tgtname.o \ @@ -175,6 +176,7 @@ OBJS= $(OUTPRE)addr_comp.$(OBJEXT) \ $(OUTPRE)ser_princ.$(OBJEXT) \ $(OUTPRE)serialize.$(OBJEXT) \ $(OUTPRE)set_realm.$(OBJEXT) \ + $(OUTPRE)srv_dec_tkt.$(OBJEXT) \ $(OUTPRE)srv_rcache.$(OBJEXT) \ $(OUTPRE)str_conv.$(OBJEXT) \ $(OUTPRE)tgtname.$(OBJEXT) \ @@ -262,6 +264,7 @@ SRCS= $(srcdir)/addr_comp.c \ $(srcdir)/ser_princ.c \ $(srcdir)/serialize.c \ $(srcdir)/set_realm.c \ + $(srcdir)/srv_dec_tkt.c \ $(srcdir)/srv_rcache.c \ $(srcdir)/str_conv.c \ $(srcdir)/tgtname.c \ @@ -442,14 +445,13 @@ chk_trans.so chk_trans.po $(OUTPRE)chk_trans.$(OBJEXT): \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ chk_trans.c chpw.so chpw.po $(OUTPRE)chpw.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ - $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/krb5_err.h \ - $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \ - $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ - $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ - $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ - auth_con.h chpw.c + $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \ + $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h \ + $(SRCTOP)/include/k5-int.h $(SRCTOP)/include/k5-platform.h \ + $(SRCTOP)/include/k5-plugin.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \ + $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/socket-utils.h auth_con.h chpw.c conv_creds.so conv_creds.po $(OUTPRE)conv_creds.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ @@ -1041,6 +1043,15 @@ set_realm.so set_realm.po $(OUTPRE)set_realm.$(OBJEXT): \ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ set_realm.c +srv_dec_tkt.so srv_dec_tkt.po $(OUTPRE)srv_dec_tkt.$(OBJEXT): \ + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ + $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-int.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \ + $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \ + $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \ + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + srv_dec_tkt.c srv_rcache.so srv_rcache.po $(OUTPRE)srv_rcache.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/krb5/krb5.h \ $(BUILDTOP)/include/osconf.h $(BUILDTOP)/include/profile.h \ diff --git a/src/lib/krb5/krb/chpw.c b/src/lib/krb5/krb/chpw.c index 427ea39..51623c2 100644 --- a/src/lib/krb5/krb/chpw.c +++ b/src/lib/krb5/krb/chpw.c @@ -4,7 +4,6 @@ #include <string.h> #include "k5-int.h" -#include "krb5_err.h" #include "auth_con.h" diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index ee0a112..937cdc4 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -65,7 +65,7 @@ /* some typedef's for the function args to make things look a bit cleaner */ typedef krb5_error_code (*git_key_proc) (krb5_context, - const krb5_enctype, + krb5_enctype, krb5_data *, krb5_const_pointer, krb5_keyblock **); @@ -440,7 +440,7 @@ static const krb5_enctype get_in_tkt_enctypes[] = { krb5_error_code KRB5_CALLCONV krb5_get_in_tkt(krb5_context context, - const krb5_flags options, + krb5_flags options, krb5_address * const * addrs, krb5_enctype * ktypes, krb5_preauthtype * ptypes, diff --git a/src/lib/krb5/krb/in_tkt_sky.c b/src/lib/krb5/krb/in_tkt_sky.c index 6de2075..75edb55 100644 --- a/src/lib/krb5/krb/in_tkt_sky.c +++ b/src/lib/krb5/krb/in_tkt_sky.c @@ -40,13 +40,6 @@ struct skey_keyproc_arg { * "keyseed" is actually a krb5_keyblock *, or NULL if we should fetch * from system area. */ -static krb5_error_code skey_keyproc - (krb5_context, - const krb5_enctype, - krb5_data *, - krb5_const_pointer, - krb5_keyblock **); - static krb5_error_code skey_keyproc(krb5_context context, krb5_enctype type, krb5_data *salt, krb5_const_pointer keyseed, krb5_keyblock **key) diff --git a/src/lib/krb5/krb/srv_dec_tkt.c b/src/lib/krb5/krb/srv_dec_tkt.c new file mode 100644 index 0000000..7dad1ed --- /dev/null +++ b/src/lib/krb5/krb/srv_dec_tkt.c @@ -0,0 +1,94 @@ +/*
+ * lib/krb5/krb/srv_dec_tkt.c
+ *
+ * Copyright 2006 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ *
+ * Server decrypt ticket via keytab or keyblock.
+ *
+ * Different from krb5_rd_req_decoded. (krb5/src/lib/krb5/krb/rd_req_dec.c)
+ * - No krb5_principal_compare or KRB5KRB_AP_ERR_BADMATCH error.
+ * - No replay cache processing.
+ * - No skew checking or KRB5KRB_AP_ERR_SKEW error.
+ * - No address checking or KRB5KRB_AP_ERR_BADADDR error.
+ * - No time validation.
+ * - No permitted enctype validation or KRB5_NOPERM_ETYPE error.
+ * - Does not free ticket->enc_part2 on error.
+ */
+
+#include <k5-int.h>
+
+krb5_error_code KRB5_CALLCONV
+krb5int_server_decrypt_ticket_keyblock(krb5_context context,
+ const krb5_keyblock *key,
+ krb5_ticket *ticket)
+{
+ krb5_error_code retval;
+ krb5_data *realm;
+ krb5_transited *trans;
+
+ retval = krb5_decrypt_tkt_part(context, key, ticket);
+ if (retval)
+ goto done;
+
+ trans = &ticket->enc_part2->transited;
+ realm = &ticket->enc_part2->client->realm;
+ if (trans->tr_contents.data && *trans->tr_contents.data) {
+ retval = krb5_check_transited_list(context, &trans->tr_contents,
+ realm, &ticket->server->realm);
+ goto done;
+ }
+
+ if (ticket->enc_part2->flags & TKT_FLG_INVALID) { /* ie, KDC_OPT_POSTDATED */
+ retval = KRB5KRB_AP_ERR_TKT_INVALID;
+ goto done;
+ }
+
+ done:
+ return retval;
+}
+
+
+krb5_error_code KRB5_CALLCONV
+krb5_server_decrypt_ticket_keytab(krb5_context context,
+ const krb5_keytab kt,
+ krb5_ticket *ticket)
+{
+ krb5_error_code retval;
+ krb5_enctype enctype;
+ krb5_keytab_entry ktent;
+
+ enctype = ticket->enc_part.enctype;
+
+ if ((retval = krb5_kt_get_entry(context, kt, ticket->server,
+ ticket->enc_part.kvno,
+ enctype, &ktent)))
+ return retval;
+
+ retval = krb5int_server_decrypt_ticket_keyblock(context,
+ &ktent.key, ticket);
+ /* Upon error, Free keytab entry first, then return */
+
+ (void) krb5_kt_free_entry(context, &ktent);
+ return retval;
+}
diff --git a/src/lib/krb5/krb/t_ser.c b/src/lib/krb5/krb/t_ser.c index 8ddcff7..d62bcee 100644 --- a/src/lib/krb5/krb/t_ser.c +++ b/src/lib/krb5/krb/t_ser.c @@ -411,7 +411,6 @@ ser_keytab_test(krb5_context kcontext, int verbose) krb5_error_code kret; char ccname[128]; krb5_keytab keytab; - extern krb5_kt_ops krb5_ktf_writable_ops; sprintf(ccname, "temp_kt_%d", (int) getpid()); if (!(kret = krb5_kt_resolve(kcontext, ccname, &keytab)) && @@ -424,12 +423,7 @@ ser_keytab_test(krb5_context kcontext, int verbose) (krb5_pointer) keytab, KV5M_KEYTAB)) && !(kret = krb5_kt_close(kcontext, keytab))) { sprintf(ccname, "WRFILE:temp_kt_%d", (int) getpid()); - if ((kret = krb5_kt_resolve(kcontext, ccname, &keytab))) - kret = krb5_kt_register(kcontext, &krb5_ktf_writable_ops); - else - kret = krb5_kt_close(kcontext, keytab); - if (!kret && - !(kret = krb5_kt_resolve(kcontext, ccname, &keytab)) && + if (!(kret = krb5_kt_resolve(kcontext, ccname, &keytab)) && !(kret = ser_data(verbose, "> Resolved WRFILE keytab", (krb5_pointer) keytab, KV5M_KEYTAB)) && !(kret = krb5_kt_close(kcontext, keytab))) { diff --git a/src/lib/krb5/krb5_libinit.c b/src/lib/krb5/krb5_libinit.c index fce97ff..e82891a 100644 --- a/src/lib/krb5/krb5_libinit.c +++ b/src/lib/krb5/krb5_libinit.c @@ -3,10 +3,6 @@ #include "autoconf.h" #include "com_err.h" #include "k5-int.h" -#include "krb5_err.h" -#include "kv5m_err.h" -#include "asn1_err.h" -#include "kdb5_err.h" #if defined(_WIN32) || defined(USE_CCAPI) #include "stdcc.h" diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports index f9c4593..39c92cc 100644 --- a/src/lib/krb5/libkrb5.exports +++ b/src/lib/krb5/libkrb5.exports @@ -290,9 +290,6 @@ krb5_auth_to_rep krb5_build_principal krb5_build_principal_ext krb5_build_principal_va -krb5_cccol_cursor_free -krb5_cccol_cursor_new -krb5_cccol_cursor_next krb5_cc_close krb5_cc_copy_creds krb5_cc_default @@ -317,11 +314,15 @@ krb5_cc_set_default_name krb5_cc_set_flags krb5_cc_start_seq_get krb5_cc_store_cred +krb5_cccol_cursor_free +krb5_cccol_cursor_new +krb5_cccol_cursor_next krb5_change_cache krb5_change_password krb5_change_set_password krb5_check_transited_list krb5_chpw_result_code_string +krb5_clear_error_message krb5_copy_addr krb5_copy_addresses krb5_copy_authdata @@ -377,6 +378,7 @@ krb5_free_enc_sam_response_enc_2_contents krb5_free_enc_sam_response_enc_contents krb5_free_enc_tkt_part krb5_free_error +krb5_free_error_message krb5_free_etype_info krb5_free_host_realm krb5_free_kdc_rep @@ -429,6 +431,7 @@ krb5_get_credentials_validate krb5_get_default_config_files krb5_get_default_in_tkt_ktypes krb5_get_default_realm +krb5_get_error_message krb5_get_host_realm krb5_get_in_tkt krb5_get_in_tkt_with_keytab @@ -619,12 +622,14 @@ krb5_ser_rcache_init krb5_ser_unpack_bytes krb5_ser_unpack_int32 krb5_ser_unpack_int64 +krb5_server_decrypt_ticket_keytab krb5_set_config_files krb5_set_debugging_time krb5_set_default_in_tkt_ktypes krb5_set_default_realm krb5_set_default_tgs_enctypes krb5_set_default_tgs_ktypes +krb5_set_error_message krb5_set_password krb5_set_password_using_ccache krb5_set_principal_realm @@ -653,6 +658,7 @@ krb5_validate_times krb5_verify_init_creds krb5_verify_init_creds_opt_init krb5_verify_init_creds_opt_set_ap_req_nofail +krb5_vset_error_message krb5_walk_realm_tree krb5_write_message krb5int_524_sendto_kdc @@ -670,6 +676,7 @@ krb5int_free_srv_dns_data krb5int_generate_and_save_subkey krb5int_get_fq_local_hostname krb5int_grow_addrlist +krb5int_init_context_kdc krb5int_initialize_library krb5int_krb_life_to_time krb5int_krb_time_to_life @@ -737,9 +744,3 @@ profile_update_file_data profile_update_relation profile_verify_node profile_write_tree_file -krb5_set_error_message -krb5_vset_error_message -krb5_get_error_message -krb5_free_error_message -krb5_clear_error_message -krb5int_init_context_kdc diff --git a/src/lib/krb5/os/an_to_ln.c b/src/lib/krb5/os/an_to_ln.c index 73465d6..1df75b1 100644 --- a/src/lib/krb5/os/an_to_ln.c +++ b/src/lib/krb5/os/an_to_ln.c @@ -675,7 +675,7 @@ default_an_to_ln(krb5_context context, krb5_const_principal aname, const unsigne */ krb5_error_code KRB5_CALLCONV -krb5_aname_to_localname(krb5_context context, krb5_const_principal aname, const int lnsize_in, char *lname) +krb5_aname_to_localname(krb5_context context, krb5_const_principal aname, int lnsize_in, char *lname) { krb5_error_code kret; char *realm; diff --git a/src/lib/krb5/os/ccdefname.c b/src/lib/krb5/os/ccdefname.c index 4a9d184..e5059a5 100644 --- a/src/lib/krb5/os/ccdefname.c +++ b/src/lib/krb5/os/ccdefname.c @@ -148,6 +148,15 @@ static krb5_error_code get_from_os(char *name_buf, int name_size) char *prefix = krb5_cc_dfl_ops->prefix; int size; char *p; + DWORD gle; + + SetLastError(0); + GetEnvironmentVariable(KRB5_ENV_CCNAME, name_buf, name_size); + gle = GetLastError(); + if (gle == 0) + return 0; + else if (gle != ERROR_ENVVAR_NOT_FOUND) + return ENOMEM; if (get_from_registry(HKEY_CURRENT_USER, name_buf, name_size) != 0) diff --git a/src/lib/krb5/os/changepw.c b/src/lib/krb5/os/changepw.c index 60f2d1d..a2bf8f0 100644 --- a/src/lib/krb5/os/changepw.c +++ b/src/lib/krb5/os/changepw.c @@ -70,12 +70,14 @@ krb5_locate_kpasswd(krb5_context context, const krb5_data *realm, locate_service_kadmin, SOCK_STREAM, 0); if (!code) { /* Success with admin_server but now we need to change the - port number to use DEFAULT_KPASSWD_PORT. */ + port number to use DEFAULT_KPASSWD_PORT and the socktype. */ int i; for (i=0; i<addrlist->naddrs; i++) { struct addrinfo *a = addrlist->addrs[i].ai; if (a->ai_family == AF_INET) sa2sin (a->ai_addr)->sin_port = htons(DEFAULT_KPASSWD_PORT); + if (sockType != SOCK_STREAM) + a->ai_socktype = sockType; } } } diff --git a/src/lib/krb5/os/ktdefname.c b/src/lib/krb5/os/ktdefname.c index 62465f1..925b6e1 100644 --- a/src/lib/krb5/os/ktdefname.c +++ b/src/lib/krb5/os/ktdefname.c @@ -37,18 +37,18 @@ extern char *krb5_defkeyname; char *krb5_overridekeyname = NULL; krb5_error_code KRB5_CALLCONV -krb5_kt_default_name(krb5_context context, char *name, int namesize) +krb5_kt_default_name(krb5_context context, char *name, size_t namesize) { char *cp = 0; char *retval; if (krb5_overridekeyname) { - if ((size_t) namesize < (strlen(krb5_overridekeyname)+1)) + if (namesize < (strlen(krb5_overridekeyname)+1)) return KRB5_CONFIG_NOTENUFSPACE; strcpy(name, krb5_overridekeyname); } else if ((context->profile_secure == FALSE) && (cp = getenv("KRB5_KTNAME"))) { - if ((size_t) namesize < (strlen(cp)+1)) + if (namesize < (strlen(cp)+1)) return KRB5_CONFIG_NOTENUFSPACE; strcpy(name, cp); } else if ((profile_get_string(context->profile, @@ -56,7 +56,7 @@ krb5_kt_default_name(krb5_context context, char *name, int namesize) "default_keytab_name", NULL, NULL, &retval) == 0) && retval) { - if ((size_t) namesize < (strlen(retval)+1)) + if (namesize < (strlen(retval)+1)) return KRB5_CONFIG_NOTENUFSPACE; strcpy(name, retval); profile_release_string(retval); @@ -73,7 +73,7 @@ krb5_kt_default_name(krb5_context context, char *name, int namesize) sprintf(name, krb5_defkeyname, defname); } #else - if ((size_t) namesize < (strlen(krb5_defkeyname)+1)) + if (namesize < (strlen(krb5_defkeyname)+1)) return KRB5_CONFIG_NOTENUFSPACE; strcpy(name, krb5_defkeyname); #endif diff --git a/src/lib/krb5/os/locate_kdc.c b/src/lib/krb5/os/locate_kdc.c index 57e2456..059a5c1 100644 --- a/src/lib/krb5/os/locate_kdc.c +++ b/src/lib/krb5/os/locate_kdc.c @@ -564,13 +564,19 @@ module_callback (void *cbdata, int socktype, struct sockaddr *sa) struct addrinfo ai; union { struct sockaddr_in sin; +#ifdef KRB5_USE_INET6 struct sockaddr_in6 sin6; +#endif } u; } *x; if (socktype != SOCK_STREAM && socktype != SOCK_DGRAM) return 0; - if (sa->sa_family != AF_INET && sa->sa_family != AF_INET6) + if (sa->sa_family != AF_INET +#ifdef KRB5_USE_INET6 + && sa->sa_family != AF_INET6 +#endif + ) return 0; x = malloc (sizeof (*x)); if (x == 0) { @@ -585,10 +591,12 @@ module_callback (void *cbdata, int socktype, struct sockaddr *sa) x->u.sin = *(struct sockaddr_in *)sa; x->ai.ai_addrlen = sizeof(struct sockaddr_in); } +#ifdef KRB5_USE_INET6 if (sa->sa_family == AF_INET6) { x->u.sin6 = *(struct sockaddr_in6 *)sa; x->ai.ai_addrlen = sizeof(struct sockaddr_in6); } +#endif if (add_addrinfo_to_list (d->lp, &x->ai, free, x) != 0) { /* Assumes only error is ENOMEM. */ d->out_of_mem = 1; diff --git a/src/lib/krb5/os/sendto_kdc.c b/src/lib/krb5/os/sendto_kdc.c index b616578..764aafe 100644 --- a/src/lib/krb5/os/sendto_kdc.c +++ b/src/lib/krb5/os/sendto_kdc.c @@ -1127,7 +1127,7 @@ krb5int_sendto (krb5_context context, const krb5_data *message, return ENOMEM; } - memset(conns, 0, n_conns * sizeof(conns[i])); + memset(conns, 0, n_conns * sizeof(struct conn_state)); if (callback_info) { callback_data = malloc(n_conns * sizeof(krb5_data)); @@ -1135,7 +1135,7 @@ krb5int_sendto (krb5_context context, const krb5_data *message, return ENOMEM; } - memset(conns, 0, n_conns * sizeof(callback_data[i])); + memset(callback_data, 0, n_conns * sizeof(krb5_data)); } for (i = 0; i < n_conns; i++) { diff --git a/src/lib/krb5/os/t_locate_kdc.c b/src/lib/krb5/os/t_locate_kdc.c index 165366f..20e07af 100644 --- a/src/lib/krb5/os/t_locate_kdc.c +++ b/src/lib/krb5/os/t_locate_kdc.c @@ -5,6 +5,7 @@ #include <com_err.h> #define TEST +#include "fake-addrinfo.h" #include "dnsglue.c" #include "dnssrv.c" #include "locate_kdc.c" @@ -19,13 +20,13 @@ const char *prog; struct addrlist al; -void kfatal (krb5_error_code err) +static void kfatal (krb5_error_code err) { com_err (prog, err, "- exiting"); exit (1); } -const char *stypename (int stype) +static const char *stypename (int stype) { static char buf[20]; switch (stype) { @@ -41,7 +42,7 @@ const char *stypename (int stype) } } -void print_addrs (void) +static void print_addrs (void) { int i; diff --git a/src/lib/krb5_32.def b/src/lib/krb5_32.def index c2a6148..5b833f4 100644 --- a/src/lib/krb5_32.def +++ b/src/lib/krb5_32.def @@ -224,6 +224,7 @@ krb5_c_string_to_key_with_params krb5_recvauth_version krb5_salttype_to_string krb5_sendauth + krb5_server_decrypt_ticket_keytab krb5_set_default_realm krb5_set_default_tgs_enctypes krb5_set_password diff --git a/src/patchlevel.h b/src/patchlevel.h index 79a29cc..2884222 100644 --- a/src/patchlevel.h +++ b/src/patchlevel.h @@ -51,8 +51,8 @@ * organization. */ #define KRB5_MAJOR_RELEASE 1 -#define KRB5_MINOR_RELEASE 6 +#define KRB5_MINOR_RELEASE 7 #define KRB5_PATCHLEVEL 0 #define KRB5_RELTAIL "prerelease" /* #undef KRB5_RELDATE */ -/* #undef KRB5_RELTAG */ +#define KRB5_RELTAG "trunk" diff --git a/src/plugins/kdb/db2/libdb2/test/dbtest.c b/src/plugins/kdb/db2/libdb2/test/dbtest.c index 10a89a6..d479f19 100644 --- a/src/plugins/kdb/db2/libdb2/test/dbtest.c +++ b/src/plugins/kdb/db2/libdb2/test/dbtest.c @@ -738,27 +738,13 @@ usage() exit(1); } -#ifdef __STDC__ #include <stdarg.h> -#else -#include <varargs.h> -#endif void -#ifdef __STDC__ err(const char *fmt, ...) -#else -err(fmt, va_alist) - char *fmt; - va_dcl -#endif { va_list ap; -#ifdef __STDC__ va_start(ap, fmt); -#else - va_start(ap); -#endif (void)fprintf(stderr, "dbtest: "); (void)vfprintf(stderr, fmt, ap); va_end(ap); diff --git a/src/plugins/kdb/ldap/libkdb_ldap/Makefile.in b/src/plugins/kdb/ldap/libkdb_ldap/Makefile.in index 8e48126..301f359 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/Makefile.in +++ b/src/plugins/kdb/ldap/libkdb_ldap/Makefile.in @@ -320,5 +320,5 @@ kdb_xdr.so kdb_xdr.po $(OUTPRE)kdb_xdr.$(OBJEXT): $(BUILDTOP)/include/autoconf.h $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h kdb_xdr.c kdb_xdr.h ldap_err.so ldap_err.po $(OUTPRE)ldap_err.$(OBJEXT): \ - $(BUILDTOP)/include/kdb5_err.h $(COM_ERR_DEPS) ldap_err.c \ - ldap_err.h + $(BUILDTOP)/include/krb5/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/krb5.h \ + ldap_err.c ldap_err.h diff --git a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h index b1ffd84..4cd1370 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h +++ b/src/plugins/kdb/ldap/libkdb_ldap/kdb_ldap.h @@ -72,7 +72,6 @@ extern struct timeval timelimit; #define LDAP_OPT_RESULT_CODE LDAP_OPT_ERROR_NUMBER #endif -#define NEG(val) (val <0) ? abs(val) : -val ; #define MAXINTLEN 10 #define IGNORE_STATUS 0 diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_err.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_err.c index d14bc8e..15ea6b4 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_err.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_err.c @@ -1,6 +1,6 @@ #include <ldap.h> #include <errno.h> -#include <kdb5_err.h> +#include <krb5.h> #include "ldap_err.h" #ifndef LDAP_X_ERROR #define LDAP_X_ERROR(x) (0) diff --git a/src/tests/create/kdb5_mkdums.c b/src/tests/create/kdb5_mkdums.c index f2fb27a..79112e7 100644 --- a/src/tests/create/kdb5_mkdums.c +++ b/src/tests/create/kdb5_mkdums.c @@ -93,7 +93,6 @@ main(argc, argv) krb5_error_code retval; char *dbname = 0; int enctypedone = 0; - extern krb5_kt_ops krb5_ktf_writable_ops; int num_to_create; char principal_string[BUFSIZ]; char *suffix = 0; @@ -151,15 +150,6 @@ main(argc, argv) if (!(num_to_create && suffix)) usage(progname, 1); - - if ((retval = krb5_kt_register(test_context, &krb5_ktf_writable_ops))) { - if (retval != KRB5_KT_TYPE_EXISTS) { - com_err(progname, retval, - "while registering writable key table functions"); - exit(1); - } - } - if (!enctypedone) master_keyblock.enctype = DEFAULT_KDC_ENCTYPE; diff --git a/src/tests/resolve/addrinfo-test.c b/src/tests/resolve/addrinfo-test.c index 10394e7..35fb073 100644 --- a/src/tests/resolve/addrinfo-test.c +++ b/src/tests/resolve/addrinfo-test.c @@ -56,11 +56,15 @@ static const char *protoname (int p) { X(TCP); X(UDP); X(ICMP); +#ifdef IPPROTO_IPV6 X(IPV6); +#endif #ifdef IPPROTO_GRE X(GRE); #endif +#ifdef IPPROTO_NONE X(NONE); +#endif X(RAW); #ifdef IPPROTO_COMP X(COMP); @@ -100,7 +104,9 @@ static void usage () { "\t-r\tspecify socket type SOCK_RAW\n" "\n" "\t-4\tspecify address family AF_INET\n" +#ifdef AF_INET6 "\t-6\tspecify address family AF_INET6\n" +#endif "\n" "\t-p P\tspecify port P (service name or port number)\n" "\t-N\thostname is numeric, skip DNS query\n" @@ -121,7 +127,9 @@ static const char *familyname (int f) { sprintf(buf, "AF %d", f); return buf; case AF_INET: return "AF_INET"; +#ifdef AF_INET6 case AF_INET6: return "AF_INET6"; +#endif } } @@ -190,9 +198,11 @@ int main (int argc, char *argv[]) case '4': hints.ai_family = AF_INET; break; +#ifdef AF_INET6 case '6': hints.ai_family = AF_INET6; break; +#endif case 'N': numerichost = 1; break; diff --git a/src/util/def-check.pl b/src/util/def-check.pl index b007c9c..17327df 100644 --- a/src/util/def-check.pl +++ b/src/util/def-check.pl @@ -165,7 +165,7 @@ while (! $h->eof()) { goto Hadcallc; } # deal with no CALLCONV indicator - s/^.* (\w+) *$/$1/; + s/^.* \**(\w+) *$/$1/; die "Invalid function name: '$_'" if (!/^[A-Za-z0-9_]+$/); push @convD, $_; push @vararg, $_ if $vararg; diff --git a/src/util/et/vfprintf.c b/src/util/et/vfprintf.c deleted file mode 100644 index cad2916..0000000 --- a/src/util/et/vfprintf.c +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright (c) 1988 Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms are permitted - * provided that the above copyright notice and this paragraph are - * duplicated in all such forms and that any documentation, - * advertising materials, and other materials related to such - * distribution and use acknowledge that the software was developed - * by the University of California, Berkeley. The name of the - * University may not be used to endorse or promote products derived - * from this software without specific prior written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - */ - -/* based on @(#)vfprintf.c 5.2 (Berkeley) 6/27/88 */ - -#include <stdio.h> -#if defined(HAVE_STDARG_H) || defined(_WIN32) -#include <stdarg.h> -#else -#include <varargs.h> -#define VARARGS -#endif - -int -vfprintf(iop, fmt, ap) - FILE *iop; - char *fmt; - va_list ap; -{ - int len; - char localbuf[BUFSIZ]; - - if (iop->_flag & _IONBF) { - iop->_flag &= ~_IONBF; - iop->_ptr = iop->_base = localbuf; - len = _doprnt(fmt, ap, iop); - (void) fflush(iop); - iop->_flag |= _IONBF; - iop->_base = NULL; - iop->_bufsiz = 0; - iop->_cnt = 0; - } else - len = _doprnt(fmt, ap, iop); - - return (ferror(iop) ? EOF : len); -} diff --git a/src/util/support/fake-addrinfo.c b/src/util/support/fake-addrinfo.c index 80c7d6f..2cd8d92 100644 --- a/src/util/support/fake-addrinfo.c +++ b/src/util/support/fake-addrinfo.c @@ -1331,8 +1331,15 @@ static int krb5int_unlock_fac (void) } #endif +#if defined(KRB5_USE_INET6) /* Some systems don't define in6addr_any. */ const struct in6_addr krb5int_in6addr_any = IN6ADDR_ANY_INIT; +#else +/* Are any of the systems without IPv6 support among those where + we cross-check the actual exported symbols against the export + list? Not sure, play it safe. */ +const char krb5int_in6addr_any = 0; +#endif int krb5int_getaddrinfo (const char *node, const char *service, const struct addrinfo *hints, diff --git a/src/windows/README b/src/windows/README index 96757e9..0276b43 100644 --- a/src/windows/README +++ b/src/windows/README @@ -2,7 +2,7 @@ ---------------------------------------- Kerberos 5 builds on Windows with MSVC++ 6.0, MSVS.NET, and -MSVS.NET 2003. You will need the November 2001 platform SDK or +MSVS.NET 2003. You will need the XP SP2 Platform SDK or later; this SDK is required to define getaddrinfo. It may or may not build with other compilers or make utilities. @@ -230,21 +230,19 @@ This has the side effect of making them useless to the MIT krb5 library when attempting to request additional service tickets. This new feature has been seen in Windows 2003 Server, Windows 2000 Server SP4, -and Windows XP SP2 Beta. We assume that it will be implemented in all future +and Windows XP SP2. We assume that it will be implemented in all future Microsoft operating systems supporting the Kerberos SSPI. Microsoft does work closely with MIT and has provided a registry key to disable this new feature. +On server platforms the key is specified as: HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters AllowTGTSessionKey = 0x01 (DWORD) -On Windows XP SP2 Beta 1 the key was specified as +On workstation platforms the key is specified as: HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos AllowTGTSessionKey = 0x01 (DWORD) -However, we anticipate that this will be changed to match the Server platforms -in time for SP2 RC1. - It has been noted that the Microsoft Kerberos LSA does not provide enough information within its KERB_EXTERNAL_TICKET structure to properly construct the Client Principal simply by examining a single ticket. From the MSDN @@ -290,8 +288,7 @@ The GSS API Sample Client provided in this distribution is compatible with the gss-server application built on Unix/Linux systems. This client is not compatible with the Platform SDK/Samples/Security/SSPI/GSS/ samples which Microsoft has been shipping as of January 2004. Revised versions of these samples are available upon -request to krbdev@mit.edu. Microsoft is committed to distribute revised samples -which are compatible with the MIT distributed tools in a future SDK and via MSDN. +request to krbdev@mit.edu. Kerberos 4 Library Support: --------------------------- diff --git a/src/windows/identity/apiversion.txt b/src/windows/identity/apiversion.txt index 4399861..9681ccc 100644 --- a/src/windows/identity/apiversion.txt +++ b/src/windows/identity/apiversion.txt @@ -1,4 +1,5 @@ # Copyright (c) 2004 Massachusetts Institute of Technology
+# Copyright (c) 2007 Secure Endpoints Inc.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation files
@@ -214,3 +215,13 @@ Date=(TBD) +KCDB_OP_DELCONFIG
# notification that the configuration information for an identity is to be removed.
+
+
+#----------------------------------------------------------------
+Version=7
+AppVersion=1.1.9.0
+Date=(TBD)
+# Released with KFW 3.2.0
+
++KHUI_ACTION_UICB
+# Internal action to dispatch a UI callback
\ No newline at end of file diff --git a/src/windows/identity/config/Makefile.w2k b/src/windows/identity/config/Makefile.w2k index b9902bd..f297778 100644 --- a/src/windows/identity/config/Makefile.w2k +++ b/src/windows/identity/config/Makefile.w2k @@ -4,7 +4,7 @@ # in the build tree.
#
# Copyright (c) 2004,2005,2006 Massachusetts Institute of Technology
-# Copyright (c) 2006 Secure Endpoints Inc.
+# Copyright (c) 2006,2007 Secure Endpoints Inc.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation files
@@ -47,7 +47,7 @@ KHIMAIRA_WIN32_CONFIG=1 # Version info
NETIDMGR_VERSION_MAJOR=1
NETIDMGR_VERSION_MINOR=1
-NETIDMGR_VERSION_PATCH=8
+NETIDMGR_VERSION_PATCH=9
NETIDMGR_VERSION_AUX=0
NETIDMGR_RELEASEDESC=
@@ -58,7 +58,7 @@ NETIDMGR_RELEASEDESC= #
# Changes to the API version numbers should be documented in
# apiversion.txt at the root of the source tree.
-NETIDMGR_VERSION_API=6
+NETIDMGR_VERSION_API=7
# Minimum backwards compatible version. API versions from
# NETIDMGR_VERSION_API_MINCOMPAT through NETIDMGR_VERSION_API
diff --git a/src/windows/identity/config/Makefile.w32 b/src/windows/identity/config/Makefile.w32 index 8ede1db..e327a70 100644 --- a/src/windows/identity/config/Makefile.w32 +++ b/src/windows/identity/config/Makefile.w32 @@ -4,7 +4,7 @@ # in the build tree.
#
# Copyright (c) 2004,2005,2006 Massachusetts Institute of Technology
-# Copyright (c) 2006 Secure Endpoints Inc.
+# Copyright (c) 2006,2007 Secure Endpoints Inc.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation files
@@ -47,7 +47,7 @@ KHIMAIRA_WIN32_CONFIG=1 # Version info
NETIDMGR_VERSION_MAJOR=1
NETIDMGR_VERSION_MINOR=1
-NETIDMGR_VERSION_PATCH=8
+NETIDMGR_VERSION_PATCH=9
NETIDMGR_VERSION_AUX=0
NETIDMGR_RELEASEDESC=
@@ -58,7 +58,7 @@ NETIDMGR_RELEASEDESC= #
# Changes to the API version numbers should be documented in
# apiversion.txt at the root of the source tree.
-NETIDMGR_VERSION_API=6
+NETIDMGR_VERSION_API=7
# Minimum backwards compatible version. API versions from
# NETIDMGR_VERSION_API_MINCOMPAT through NETIDMGR_VERSION_API
diff --git a/src/windows/identity/doc/footer.html b/src/windows/identity/doc/footer.html index 13314c2..fb3b621 100644 --- a/src/windows/identity/doc/footer.html +++ b/src/windows/identity/doc/footer.html @@ -5,7 +5,7 @@ <td>
<address style="align:right;">
<small>Generated on $datetime for $projectname $projectnumber by <a href="http://www.doxygen.org/index.html">Doxygen</a> $doxygenversion<br>
- © 2004 Massachusetts Institute of Technology. Contact <a href="mailto:khimaira@mit.edu">khimaira@mit.edu</a><br>
+ © 2004-2007 Massachusetts Institute of Technology. Contact <a href="mailto:khimaira@mit.edu">khimaira@mit.edu</a><br>
</small>
</address>
</td>
diff --git a/src/windows/identity/doc/main_page.h b/src/windows/identity/doc/main_page.h index 415a8e3..34b3d1d 100644 --- a/src/windows/identity/doc/main_page.h +++ b/src/windows/identity/doc/main_page.h @@ -1,5 +1,6 @@ /*
* Copyright (c) 2005 Massachusetts Institute of Technology
+ * Copyright (c) 2007 Secure Endpoints Inc.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -39,7 +40,7 @@ - \subpage bugs
- \subpage releases
- © 2004 Massachusetts Institute of Technology
+ © 2004-2007 Massachusetts Institute of Technology
*/
/*!
@@ -49,7 +50,7 @@ \section license_l MIT License
- Copyright © 2004 Massachusetts Institute of Technology
+ Copyright © 2004,2005,2006,2007 Massachusetts Institute of Technology
Permission is hereby granted, free of charge, to any person
obtaining a copy of this software and associated documentation
diff --git a/src/windows/identity/include/khdefs.h b/src/windows/identity/include/khdefs.h index 4a02511..6b81f4c 100644 --- a/src/windows/identity/include/khdefs.h +++ b/src/windows/identity/include/khdefs.h @@ -113,11 +113,14 @@ typedef size_t khm_size; Just a signed version of size_t
*/
+#ifndef _SSIZE_T_DEFINED
#ifdef _WIN64
typedef __int64 ssize_t;
#else
typedef _W64 int ssize_t;
#endif
+#define _SSIZE_T_DEFINED
+#endif
typedef ssize_t khm_ssize;
diff --git a/src/windows/identity/kcreddb/identity.c b/src/windows/identity/kcreddb/identity.c index 6057b6f..3f60206 100644 --- a/src/windows/identity/kcreddb/identity.c +++ b/src/windows/identity/kcreddb/identity.c @@ -1,5 +1,6 @@ /*
* Copyright (c) 2005 Massachusetts Institute of Technology
+ * Copyright (c) 2007 Secure Endpoints Inc.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -998,9 +999,8 @@ kcdb_identity_get_attr(khm_handle vid, /* we should never hit this case */
#ifdef DEBUG
assert(FALSE);
-#else
- code = KHM_ERROR_INVALID_OPERATION;
#endif
+ code = KHM_ERROR_INVALID_OPERATION;
} else {
#endif
code = type->dup(
@@ -1091,9 +1091,8 @@ kcdb_identity_get_attr_string(khm_handle vid, if(attrib->flags & KCDB_ATTR_FLAG_COMPUTED) {
#ifdef DEBUG
assert(FALSE);
-#else
- code = KHM_ERROR_INVALID_OPERATION;
#endif
+ code = KHM_ERROR_INVALID_OPERATION;
} else {
#endif
if(kcdb_buf_exist(&id->buf, slot)) {
diff --git a/src/windows/identity/nidmgrdll/nidmgrdll.rc b/src/windows/identity/nidmgrdll/nidmgrdll.rc index 26aeaa6..b091bdb 100644 --- a/src/windows/identity/nidmgrdll/nidmgrdll.rc +++ b/src/windows/identity/nidmgrdll/nidmgrdll.rc @@ -46,7 +46,7 @@ BEGIN BLOCK "040904b0"
BEGIN
VALUE "CompanyName", KH_VERSTR_COMPANY_1033
- VALUE "FileDescription", "NetIDMgr API"
+ VALUE "FileDescription", "Network Identity Manager API"
VALUE "FileVersion", KH_VERSION_STRING
VALUE "InternalName", "nidmgr32"
VALUE "LegalCopyright", KH_VERSTR_COPYRIGHT_1033
diff --git a/src/windows/identity/plugins/common/dynimport.c b/src/windows/identity/plugins/common/dynimport.c index 311e4cf..b3d7644 100644 --- a/src/windows/identity/plugins/common/dynimport.c +++ b/src/windows/identity/plugins/common/dynimport.c @@ -1,5 +1,6 @@ /*
* Copyright (c) 2005 Massachusetts Institute of Technology
+* Copyright (c) 2007 Secure Endpoints Inc.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -25,8 +26,7 @@ /* $Id$ */
#include<windows.h>
-#include<khdefs.h>
-#include<kherror.h>
+#include<netidmgr.h>
#include<dynimport.h>
HINSTANCE hKrb4 = 0;
@@ -364,30 +364,36 @@ khm_int32 init_imports(void) { OSVERSIONINFO osvi;
int imp_rv = 1;
-#define CKRV if(!imp_rv) goto _err_ret
+#define CKRV(m) \
+ do { \
+ if(!imp_rv) { \
+ _reportf(L"Can't locate all required exports from module [%S]", (m)); \
+ goto _err_ret; \
+ } \
+ } while (FALSE)
#ifndef _WIN64
imp_rv = LoadFuncs(KRB4_DLL, k4_fi, &hKrb4, 0, 1, 0, 0);
- CKRV;
+ CKRV(KRB4_DLL);
#endif
imp_rv = LoadFuncs(KRB5_DLL, k5_fi, &hKrb5, 0, 1, 0, 0);
- CKRV;
+ CKRV(KRB5_DLL);
imp_rv = LoadFuncs(COMERR_DLL, ce_fi, &hComErr, 0, 0, 1, 0);
- CKRV;
+ CKRV(COMERR_DLL);
imp_rv = LoadFuncs(SERVICE_DLL, service_fi, &hService, 0, 1, 0, 0);
- CKRV;
+ CKRV(SERVICE_DLL);
imp_rv = LoadFuncs(SECUR32_DLL, lsa_fi, &hSecur32, 0, 1, 1, 1);
- CKRV;
+ CKRV(SECUR32_DLL);
imp_rv = LoadFuncs(KRB524_DLL, k524_fi, &hKrb524, 0, 1, 1, 1);
- CKRV;
+ CKRV(KRB524_DLL);
imp_rv = LoadFuncs(PROFILE_DLL, profile_fi, &hProfile, 0, 1, 0, 0);
- CKRV;
+ CKRV(PROFILE_DLL);
imp_rv = LoadFuncs(CCAPI_DLL, ccapi_fi, &hCCAPI, 0, 1, 0, 0);
/* CCAPI_DLL is optional. No error check. */
@@ -405,7 +411,7 @@ khm_int32 init_imports(void) { {
// Windows 9x
imp_rv = LoadFuncs(TOOLHELPDLL, toolhelp_fi, &hToolHelp32, 0, 1, 0, 0);
- CKRV;
+ CKRV(TOOLHELPDLL);
hPsapi = 0;
}
@@ -413,7 +419,7 @@ khm_int32 init_imports(void) { {
// Windows NT
imp_rv = LoadFuncs(PSAPIDLL, psapi_fi, &hPsapi, 0, 1, 0, 0);
- CKRV;
+ CKRV(PSAPIDLL);
hToolHelp32 = 0;
}
diff --git a/src/windows/identity/plugins/krb4/krb4configdlg.c b/src/windows/identity/plugins/krb4/krb4configdlg.c index 94f111c..523fbac 100644 --- a/src/windows/identity/plugins/krb4/krb4configdlg.c +++ b/src/windows/identity/plugins/krb4/krb4configdlg.c @@ -138,6 +138,124 @@ krb4_ids_config_proc(HWND hwnd, return FALSE;
}
+typedef struct tag_k4_id_data {
+ khui_config_init_data cfg;
+ khm_int32 gettix; /* get tickets? */
+ khm_boolean is_default_ident;
+} k4_id_data;
+
+void
+k4_id_read_params(k4_id_data * d) {
+ wchar_t idname[KCDB_IDENT_MAXCCH_NAME];
+ khm_size cb;
+ khm_handle ident = NULL;
+ khm_handle csp_ident = NULL;
+ khm_handle csp_idk4 = NULL;
+ khm_int32 flags = 0;
+ khm_int32 t;
+
+ khc_read_int32(csp_params, L"Krb4NewCreds", &d->gettix);
+
+ *idname = 0;
+ cb = sizeof(idname);
+ khui_cfg_get_name(d->cfg.ctx_node, idname, &cb);
+
+ kcdb_identity_create(idname, 0, &ident);
+
+ if (ident == NULL) {
+ d->gettix = 0;
+ goto done;
+ }
+
+ kcdb_identity_get_flags(ident, &flags);
+
+ if (!(flags & KCDB_IDENT_FLAG_DEFAULT)) {
+ d->gettix = 0;
+ goto done;
+ }
+
+ d->is_default_ident = TRUE;
+
+ if (d->gettix == 0)
+ goto done;
+
+ if (KHM_FAILED(kcdb_identity_get_config(ident, 0, &csp_ident)))
+ goto done;
+
+ if (KHM_FAILED(khc_open_space(csp_ident, CSNAME_KRB4CRED,
+ 0, &csp_idk4)))
+ goto close_config;
+
+ if (KHM_SUCCEEDED(khc_read_int32(csp_idk4, L"Krb4NewCreds", &t)) &&
+ !t)
+ d->gettix = 1;
+
+ close_config:
+ if (csp_ident)
+ khc_close_space(csp_ident);
+
+ if (csp_idk4)
+ khc_close_space(csp_idk4);
+
+ done:
+ if (ident)
+ kcdb_identity_release(ident);
+
+ return;
+}
+
+khm_boolean
+k4_id_write_params(HWND hwnd, k4_id_data * d) {
+ wchar_t idname[KCDB_IDENT_MAXCCH_NAME];
+ khm_size cb_idname = sizeof(idname);
+ khm_handle ident = NULL;
+ khm_int32 flags = 0;
+ khm_handle csp_ident = NULL;
+ khm_handle csp_idk4 = NULL;
+ khm_int32 gettix = 0;
+ khm_boolean applied = FALSE;
+
+ khui_cfg_get_name(d->cfg.ctx_node, idname, &cb_idname);
+
+ kcdb_identity_create(idname, 0, &ident);
+
+ if (ident == NULL)
+ return FALSE;
+
+ kcdb_identity_get_flags(ident, &flags);
+
+ if (!(flags & KCDB_IDENT_FLAG_DEFAULT))
+ goto done_apply;
+
+ if (IsDlgButtonChecked(hwnd, IDC_CFG_GETTIX) == BST_CHECKED)
+ gettix = TRUE;
+
+ if (KHM_FAILED(kcdb_identity_get_config(ident, KHM_FLAG_CREATE,
+ &csp_ident)))
+ goto done_apply;
+
+ if (KHM_FAILED(khc_open_space(csp_ident, CSNAME_KRB4CRED,
+ KHM_FLAG_CREATE | KCONF_FLAG_WRITEIFMOD,
+ &csp_idk4)))
+ goto done_apply;
+
+ khc_write_int32(csp_idk4, L"Krb4NewCreds", gettix);
+
+ applied = TRUE;
+
+ done_apply:
+ if (ident)
+ kcdb_identity_release(ident);
+
+ if (csp_ident)
+ khc_close_space(csp_ident);
+
+ if (csp_idk4)
+ khc_close_space(csp_idk4);
+
+ return applied;
+}
+
INT_PTR CALLBACK
krb4_id_config_proc(HWND hwnd,
UINT uMsg,
@@ -146,143 +264,72 @@ krb4_id_config_proc(HWND hwnd, switch(uMsg) {
case WM_INITDIALOG:
{
- wchar_t idname[KCDB_IDENT_MAXCCH_NAME];
- khm_size cb;
- khui_config_init_data * d;
- khm_handle ident = NULL;
- khm_handle csp_ident = NULL;
- khm_handle csp_idk4 = NULL;
- khm_int32 gettix = 0;
- khm_int32 flags = 0;
- khm_int32 t;
- khm_boolean is_default_ident = FALSE;
-
- d = PMALLOC(sizeof(khui_config_init_data));
+ k4_id_data * d;
+
+ d = PMALLOC(sizeof(k4_id_data));
if (!d)
break;
ZeroMemory(d, sizeof(*d));
- *d = *((khui_config_init_data *) lParam);
+ d->cfg = *((khui_config_init_data *) lParam);
#pragma warning(push)
#pragma warning(disable: 4244)
SetWindowLongPtr(hwnd, DWLP_USER, (LONG_PTR) d);
#pragma warning(pop)
- khc_read_int32(csp_params, L"Krb4NewCreds", &gettix);
- if (gettix == 0)
- goto set_ui;
-
- *idname = 0;
- cb = sizeof(idname);
- khui_cfg_get_name(d->ctx_node, idname, &cb);
-
- kcdb_identity_create(idname, 0, &ident);
-
- if (ident == NULL) {
- gettix = 0;
- goto set_ui;
- }
+ k4_id_read_params(d);
- kcdb_identity_get_flags(ident, &flags);
-
- if (!(flags & KCDB_IDENT_FLAG_DEFAULT)) {
- gettix = 0;
- goto set_ui;
- }
-
- is_default_ident = TRUE;
+ CheckDlgButton(hwnd, IDC_CFG_GETTIX,
+ (d->gettix)?BST_CHECKED: BST_UNCHECKED);
+ EnableWindow(GetDlgItem(hwnd, IDC_CFG_GETTIX),
+ d->is_default_ident);
- if (KHM_FAILED(kcdb_identity_get_config(ident, 0, &csp_ident)))
- goto set_ui;
+ }
+ break;
- if (KHM_FAILED(khc_open_space(csp_ident, CSNAME_KRB4CRED,
- 0, &csp_idk4)))
- goto close_config;
+ case WM_COMMAND:
+ {
+ k4_id_data * d;
- if (KHM_SUCCEEDED(khc_read_int32(csp_idk4, L"Krb4NewCreds", &t)) &&
- !t)
- gettix = 0;
+ d = (k4_id_data *) (LONG_PTR)
+ GetWindowLongPtr(hwnd, DWLP_USER);
- close_config:
- if (csp_ident)
- khc_close_space(csp_ident);
+ if (wParam == MAKEWPARAM(IDC_CFG_GETTIX,
+ BN_CLICKED)) {
+ int gettix = 0;
+ int modified = 0;
- if (csp_idk4)
- khc_close_space(csp_idk4);
+ gettix = (IsDlgButtonChecked(hwnd, IDC_CFG_GETTIX) ==
+ BST_CHECKED);
- set_ui:
- CheckDlgButton(hwnd, IDC_CFG_GETTIX,
- (gettix)?BST_CHECKED: BST_UNCHECKED);
- EnableWindow(GetDlgItem(hwnd, IDC_CFG_GETTIX),
- is_default_ident);
+ modified = (!!gettix != !!d->gettix);
- if (ident)
- kcdb_identity_release(ident);
+ khui_cfg_set_flags_inst(&d->cfg,
+ ((modified)?KHUI_CNFLAG_MODIFIED: 0),
+ KHUI_CNFLAG_MODIFIED);
+ }
}
break;
case KHUI_WM_CFG_NOTIFY:
{
- khui_config_init_data * d;
+ k4_id_data * d;
- d = (khui_config_init_data *) (LONG_PTR)
+ d = (k4_id_data *) (LONG_PTR)
GetWindowLongPtr(hwnd, DWLP_USER);
if (!d)
break;
if (HIWORD(wParam) == WMCFG_APPLY) {
- wchar_t idname[KCDB_IDENT_MAXCCH_NAME];
- khm_size cb_idname = sizeof(idname);
- khm_handle ident = NULL;
- khm_int32 flags = 0;
- khm_handle csp_ident = NULL;
- khm_handle csp_idk4 = NULL;
- khm_int32 gettix = 0;
- khm_int32 applied = FALSE;
-
- khui_cfg_get_name(d->ctx_node, idname, &cb_idname);
-
- kcdb_identity_create(idname, 0, &ident);
-
- if (ident == NULL)
- break;
-
- kcdb_identity_get_flags(ident, &flags);
-
- if (!(flags & KCDB_IDENT_FLAG_DEFAULT))
- goto done_apply;
-
- if (IsDlgButtonChecked(hwnd, IDC_CFG_GETTIX) == BST_CHECKED)
- gettix = TRUE;
-
- if (KHM_FAILED(kcdb_identity_get_config(ident, KHM_FLAG_CREATE,
- &csp_ident)))
- goto done_apply;
-
- if (KHM_FAILED(khc_open_space(csp_ident, CSNAME_KRB4CRED,
- KHM_FLAG_CREATE | KCONF_FLAG_WRITEIFMOD,
- &csp_idk4)))
- goto done_apply;
-
- khc_write_int32(csp_idk4, L"Krb4NewCreds", gettix);
-
- applied = TRUE;
-
- done_apply:
- if (ident)
- kcdb_identity_release(ident);
-
- if (csp_ident)
- khc_close_space(csp_ident);
+ khm_int32 applied;
- if (csp_idk4)
- khc_close_space(csp_idk4);
+ applied = k4_id_write_params(hwnd, d);
- khui_cfg_set_flags_inst(d,
+ khui_cfg_set_flags_inst(&d->cfg,
((applied)? KHUI_CNFLAG_APPLIED: 0),
(KHUI_CNFLAG_APPLIED | KHUI_CNFLAG_MODIFIED));
}
@@ -291,9 +338,9 @@ krb4_id_config_proc(HWND hwnd, case WM_DESTROY:
{
- khui_config_init_data * d;
+ k4_id_data * d;
- d = (khui_config_init_data *) (LONG_PTR)
+ d = (k4_id_data *) (LONG_PTR)
GetWindowLongPtr(hwnd, DWLP_USER);
if (!d)
diff --git a/src/windows/identity/plugins/krb4/lang/en_us/langres.rc b/src/windows/identity/plugins/krb4/lang/en_us/langres.rc index cd46a8d..865f010 100644 --- a/src/windows/identity/plugins/krb4/lang/en_us/langres.rc +++ b/src/windows/identity/plugins/krb4/lang/en_us/langres.rc @@ -57,11 +57,11 @@ STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD | WS_SYSMENU EXSTYLE WS_EX_CONTROLPARENT
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- CONTROL "Kerberos 4 Ticket Options",IDC_STATIC,"Static",SS_LEFTNOWORDWRAP | SS_SUNKEN | WS_GROUP,7,7,286,11
- CONTROL "Obtain Kerberos 4 tickets",IDC_NCK4_OBTAIN,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,7,26,97,10
- GROUPBOX "Obtain Kerberos 4 tickets using",IDC_STATIC,7,43,286,72,WS_GROUP
+ CONTROL "Kerberos v4 Ticket Options",IDC_STATIC,"Static",SS_LEFTNOWORDWRAP | SS_SUNKEN | WS_GROUP,7,7,286,11
+ CONTROL "Obtain Kerberos v4 credentials",IDC_NCK4_OBTAIN,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,7,26,97,10
+ GROUPBOX "Obtain Kerberos v4 credentials using",IDC_STATIC,7,43,286,72,WS_GROUP
CONTROL "Automatically determine method",IDC_NCK4_AUTO,"Button",BS_AUTORADIOBUTTON | WS_GROUP | WS_TABSTOP,23,58,119,10
- CONTROL "Kerberos 5 to 4 translation",IDC_NCK4_K524,"Button",BS_AUTORADIOBUTTON,23,76,101,10
+ CONTROL "Kerberos v5 to v4 translation",IDC_NCK4_K524,"Button",BS_AUTORADIOBUTTON,23,76,101,10
CONTROL "Password",IDC_NCK4_PWD,"Button",BS_AUTORADIOBUTTON,23,94,47,10
END
@@ -70,7 +70,7 @@ STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_SYSMENU EXSTYLE WS_EX_CONTROLPARENT
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- LTEXT "Ticket cache location",IDC_CFG_LBL_CACHE,7,10,67,8
+ LTEXT "Credential cache location",IDC_CFG_LBL_CACHE,7,10,67,8
EDITTEXT IDC_CFG_CACHE,83,7,165,14,ES_AUTOHSCROLL
LTEXT "Config file path",IDC_CFG_LBL_CFGFILE,7,30,50,8
EDITTEXT IDC_CFG_CFGPATH,83,27,165,14,ES_AUTOHSCROLL | ES_READONLY
@@ -85,8 +85,8 @@ STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_SYSMENU EXSTYLE WS_EX_CONTROLPARENT
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- CONTROL "Obtain Kerberos 4 tickets",IDC_CFG_GETTIX,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,7,7,221,17
- LTEXT "Note that, if enabled, Kerberos 4 tickets will be acquired during initial credential acquisition and during credential renewals.\n\nHowever, currently Kerberos 4 tickets can only be obtained for the default identity.",IDC_STATIC,7,91,221,53,SS_SUNKEN
+ CONTROL "Obtain Kerberos v4 credentials",IDC_CFG_GETTIX,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,7,7,221,17
+ LTEXT "Note that, if enabled, Kerberos v4 credentials will be acquired during initial credential acquisition and during credential renewals.\n\nHowever, currently Kerberos v4 credentials can only be obtained for the default identity.",IDC_STATIC,7,91,221,53,SS_SUNKEN
END
IDD_CFG_ID_KRB4 DIALOGEX 0, 0, 235, 151
@@ -94,7 +94,7 @@ STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_SYSMENU EXSTYLE WS_EX_CONTROLPARENT
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- CONTROL "Obtain Kerberos 4 tickets for this identity",IDC_CFG_GETTIX,
+ CONTROL "Obtain Kerberos v4 credentials for this identity",IDC_CFG_GETTIX,
"Button",BS_AUTOCHECKBOX | WS_DISABLED | WS_TABSTOP,7,7,147,10
END
@@ -161,30 +161,30 @@ IDI_PLUGIN ICON "..\\..\\images\\plugin.ico" STRINGTABLE
BEGIN
- IDS_PLUGIN_DESC "Kerberos 4 Credentials Provider"
- IDS_NC_K4_SHORT "Kerberos 4"
- IDS_ERR_REALM "Could not resolve realm"
+ IDS_PLUGIN_DESC "Kerberos v4 Credentials Provider"
+ IDS_NC_K4_SHORT "Kerberos v4"
+ IDS_ERR_REALM "Could not resolve Kerberos v4 realm"
IDS_ERR_PRINCIPAL "Invalid principal"
IDS_ERR_INVINST "Invalid instance"
- IDS_ERR_PWINTKT "Could not get Kerberos 4 tickets"
+ IDS_ERR_PWINTKT "Could not obtain Kerberos v4 credentials"
IDS_CT_DISABLED "<p><a id=""SwitchPanel"" param=""Krb4Cred""><b>Krb4</b></a><tab>: Disabled (click <a id=""Krb4Cred:Enable"">here</a> to enable)</p>"
- IDS_CT_TGTFOR "<p><a id=""SwitchPanel"" param=""Krb4Cred""><b>Krb4</b></a><tab>: Tickets for realm %s</p>"
+ IDS_CT_TGTFOR "<p><a id=""SwitchPanel"" param=""Krb4Cred""><b>Krb4</b></a><tab>: Credentials for realm %s</p>"
IDS_METHOD_AUTO "Automatically determined method"
END
STRINGTABLE
BEGIN
- IDS_KRB4_SHORT_DESC "Kerberos 4 tickets"
- IDS_KRB4_LONG_DESC "Kerberos 4 tickets"
- IDS_CFG_KRB4_LONG "Kerberos 4 Configuration"
- IDS_CFG_KRB4_SHORT "Kerberos 4"
+ IDS_KRB4_SHORT_DESC "Kerberos v4"
+ IDS_KRB4_LONG_DESC "Kerberos v4"
+ IDS_CFG_KRB4_LONG "Kerberos v4 Configuration"
+ IDS_CFG_KRB4_SHORT "Kerberos v4"
END
STRINGTABLE
BEGIN
IDS_METHOD_PWD "Password"
- IDS_METHOD_K524 "Kerberos 5 to 4 translation"
- IDS_CFG_IDS_KRB4_SHORT "Kerberos 4"
+ IDS_METHOD_K524 "Kerberos v5 to v4 translation"
+ IDS_CFG_IDS_KRB4_SHORT "Kerberos v4"
END
#endif // English (U.S.) resources
diff --git a/src/windows/identity/plugins/krb4/version.rc b/src/windows/identity/plugins/krb4/version.rc index 90105f8..929e0d0 100644 --- a/src/windows/identity/plugins/krb4/version.rc +++ b/src/windows/identity/plugins/krb4/version.rc @@ -28,7 +28,7 @@ #ifndef LANGVER
-#define STR_FILEDESC "Kerberos 4 Plugin for NetIDMgr"
+#define STR_FILEDESC "Kerberos v4 Plugin for Network Identity Manager"
#define STR_INTNAME "krb4cred"
#define STR_ORIGNAME "krb4cred.dll"
@@ -68,7 +68,7 @@ VALUE "InternalName", STR_INTNAME
VALUE "LegalCopyright", KH_VERSTR_COPYRIGHT_1033
VALUE "OriginalFilename", STR_ORIGNAME
- VALUE "ProductName", "NetIDMgr"
+ VALUE "ProductName", "Network Identity Manager"
VALUE "ProductVersion", KH_VERSTR_PRODUCT_1033
#ifdef KH_VERSTR_COMMENT_1033
VALUE "Comment", KH_VERSTR_COMMENT_1033
diff --git a/src/windows/identity/plugins/krb5/krb5funcs.c b/src/windows/identity/plugins/krb5/krb5funcs.c index 3bd090f..8cf2b86 100644 --- a/src/windows/identity/plugins/krb5/krb5funcs.c +++ b/src/windows/identity/plugins/krb5/krb5funcs.c @@ -1,5 +1,6 @@ /*
* Copyright (c) 2005 Massachusetts Institute of Technology
+* Copyright (c) 2006,2007 Secure Endpoints Inc.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -25,7 +26,7 @@ /* $Id$ */
/* Originally this was krb5routines.c in Leash sources. Subsequently
-modified and adapted for NetIDMgr */
+ * modified and adapted for NetIDMgr */
#include<krbcred.h>
#include<kherror.h>
@@ -360,11 +361,11 @@ static long get_tickets_from_cache(krb5_context ctx, krb5_cc_cursor KRBv5Cursor;
krb5_creds KRBv5Credentials;
krb5_ticket *tkt=NULL;
- char *ClientName;
- char *PrincipalName;
+ char *ClientName = NULL;
+ char *PrincipalName = NULL;
wchar_t wbuf[256]; /* temporary conversion buffer */
wchar_t wcc_name[KRB5_MAXCCH_CCNAME]; /* credential cache name */
- char *sServerName;
+ char *sServerName = NULL;
khm_handle ident = NULL;
khm_handle cred = NULL;
time_t tt;
@@ -731,9 +732,9 @@ long khm_krb5_list_tickets(krb5_context *krbv5Context)
{
krb5_context ctx = NULL;
- krb5_ccache cache = 0;
+ krb5_ccache cache = NULL;
krb5_error_code code = 0;
- apiCB * cc_ctx = 0;
+ apiCB * cc_ctx = NULL;
struct _infoNC ** pNCi = NULL;
int i;
khm_int32 t;
@@ -1108,10 +1109,10 @@ khm_krb5_kinit(krb5_context alt_ctx, void * p_data)
{
krb5_error_code code = 0;
- krb5_context ctx = 0;
- krb5_ccache cc = 0;
- krb5_principal me = 0;
- char* name = 0;
+ krb5_context ctx = NULL;
+ krb5_ccache cc = NULL;
+ krb5_principal me = NULL;
+ char* name = NULL;
krb5_creds my_creds;
krb5_get_init_creds_opt options;
krb5_address ** addrs = NULL;
@@ -2602,7 +2603,7 @@ khm_krb5_get_temp_ccache(krb5_context ctx, long code = 0;
krb5_ccache cc = 0;
- StringCbPrintfA(ccname, sizeof(ccname), "API:TempCache%8x", rnd);
+ StringCbPrintfA(ccname, sizeof(ccname), "MEMORY:TempCache%8x", rnd);
code = pkrb5_cc_resolve(ctx, ccname, &cc);
diff --git a/src/windows/identity/plugins/krb5/krb5identpro.c b/src/windows/identity/plugins/krb5/krb5identpro.c index a8c91f9..43d6d3d 100644 --- a/src/windows/identity/plugins/krb5/krb5identpro.c +++ b/src/windows/identity/plugins/krb5/krb5identpro.c @@ -824,8 +824,6 @@ k5_ident_set_default(khm_int32 msg_type, DWORD dwSize;
wchar_t reg_ccname[KRB5_MAXCCH_CCNAME];
- assert(FALSE);
-
#ifdef DEBUG
assert(def_ident != NULL);
#endif
diff --git a/src/windows/identity/plugins/krb5/krb5newcreds.c b/src/windows/identity/plugins/krb5/krb5newcreds.c index 9be8c89..087d937 100644 --- a/src/windows/identity/plugins/krb5/krb5newcreds.c +++ b/src/windows/identity/plugins/krb5/krb5newcreds.c @@ -641,9 +641,9 @@ k5_kinit_fiber_proc(PVOID lpParameter) g_fjob.password,
g_fjob.ccache,
g_fjob.lifetime,
- g_fjob.forwardable,
- g_fjob.proxiable,
- (g_fjob.renewable ? g_fjob.renew_life : 0),
+ g_fjob.valid_principal ? g_fjob.forwardable : 0,
+ g_fjob.valid_principal ? g_fjob.proxiable : 0,
+ (g_fjob.valid_principal && g_fjob.renewable ? g_fjob.renew_life : 0),
g_fjob.addressless,
g_fjob.publicIP,
k5_kinit_prompter,
@@ -2058,7 +2058,8 @@ k5_msg_cred_dialog(khm_int32 msg_type, /* we can't possibly have succeeded without a
password */
- if(g_fjob.code && is_k5_identpro) {
+ if(g_fjob.code == KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN &&
+ is_k5_identpro) {
kcdb_identity_set_flags(ident,
KCDB_IDENT_FLAG_INVALID,
KCDB_IDENT_FLAG_INVALID);
diff --git a/src/windows/identity/plugins/krb5/lang/en_us/langres.rc b/src/windows/identity/plugins/krb5/lang/en_us/langres.rc index fca26a1..d93b441 100644 --- a/src/windows/identity/plugins/krb5/lang/en_us/langres.rc +++ b/src/windows/identity/plugins/krb5/lang/en_us/langres.rc @@ -57,7 +57,7 @@ STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD | WS_CLIPSIBLINGS | WS_CL EXSTYLE WS_EX_CONTROLPARENT
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- CONTROL "Kerberos 5 Ticket Options",IDC_STATIC,"Static",SS_LEFTNOWORDWRAP | SS_SUNKEN | WS_GROUP,7,7,286,11
+ CONTROL "Kerberos v5 Credential Options",IDC_STATIC,"Static",SS_LEFTNOWORDWRAP | SS_SUNKEN | WS_GROUP,7,7,286,11
LTEXT "Realm",IDC_STATIC,7,25,52,13
COMBOBOX IDC_NCK5_REALM,60,25,233,51,CBS_DROPDOWN | CBS_AUTOHSCROLL | CBS_SORT | WS_VSCROLL | WS_TABSTOP
PUSHBUTTON "Specify &additional realms ...",IDC_NCK5_ADD_REALMS,181,43,112,16,BS_NOTIFY | NOT WS_VISIBLE | WS_DISABLED
@@ -74,14 +74,14 @@ END IDD_PP_KRB5C DIALOGEX 0, 0, 235, 156
STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_DISABLED | WS_CAPTION
-CAPTION "Kerberos 5"
+CAPTION "Kerberos v5"
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
LTEXT "Name",IDC_STATIC,7,7,19,8
LTEXT "Valid till",IDC_STATIC,7,39,24,8
LTEXT "Renewable till",IDC_STATIC,7,55,45,12
LTEXT "Issued on",IDC_STATIC,7,23,32,8
- LTEXT "Ticket flags",IDC_STATIC,7,75,37,8
+ LTEXT "Credential flags",IDC_STATIC,7,75,37,8
EDITTEXT IDC_PPK5_NAME,72,7,156,12,ES_AUTOHSCROLL | ES_READONLY
EDITTEXT IDC_PPK5_ISSUE,72,23,156,12,ES_AUTOHSCROLL | ES_READONLY
EDITTEXT IDC_PPK5_VALID,72,39,156,12,ES_AUTOHSCROLL | ES_READONLY
@@ -91,7 +91,7 @@ END IDD_PP_KRB5 DIALOGEX 0, 0, 235, 156
STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_DISABLED | WS_CAPTION
-CAPTION "Kerberos 5"
+CAPTION "Kerberos v5"
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
LTEXT "Default realm",IDC_STATIC,7,7,44,8
@@ -101,7 +101,7 @@ BEGIN LTEXT "Renewable lifetime",IDC_STATIC,7,67,61,8
LTEXT "Min. Renewable lifetime",IDC_STATIC,7,82,76,8
LTEXT "Max. Renewable lifetime",IDC_STATIC,7,97,79,8
- GROUPBOX "Default ticket flags",IDC_STATIC,7,113,221,36
+ GROUPBOX "Default credential flags",IDC_STATIC,7,113,221,36
CONTROL "Proxiable",IDC_CHECK2,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,160,129,45,10
CONTROL "Renewable",IDC_CHECK4,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,23,129,51,10
CONTROL "Forwardable",IDC_CHECK5,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,89,129,56,10
@@ -124,18 +124,18 @@ BEGIN CONTROL "Include all configured realms in New Credentials realm list",IDC_CFG_INCREALMS,
"Button",BS_AUTOCHECKBOX | BS_MULTILINE | WS_TABSTOP,76,26,166,22
PUSHBUTTON "Configure Realms ...",IDC_CFG_CFGREALMS,76,46,84,14,NOT WS_VISIBLE | WS_DISABLED
- GROUPBOX "Keberos Configuration File",IDC_CFG_CFGFILEGRP,7,59,241,47
+ GROUPBOX "Configuration File",IDC_CFG_CFGFILEGRP,7,59,241,47
LTEXT "Location",IDC_CFG_LBL_CFGFILE,13,74,28,8
EDITTEXT IDC_CFG_CFGFILE,76,71,166,14,ES_AUTOHSCROLL | ES_READONLY
PUSHBUTTON "Browse...",IDC_CFG_BROWSE,145,89,44,14,NOT WS_VISIBLE
CONTROL "Create file if missing",IDC_CFG_CREATECONFIG,"Button",BS_AUTOCHECKBOX | NOT WS_VISIBLE | WS_DISABLED | WS_TABSTOP,76,93,80,10
PUSHBUTTON "Load into realm editor ...",IDC_CFG_BROWSE2,26,89,100,14,NOT WS_VISIBLE
- GROUPBOX "Windows® Options",IDC_CFG_WINGRP,7,110,241,65
+ GROUPBOX "Microsoft Windows® Options",IDC_CFG_WINGRP,7,110,241,65
LTEXT "Hostname",IDC_CFG_LBL_HOSTNAME,13,123,33,8
EDITTEXT IDC_CFG_HOSTNAME,76,120,166,14,ES_AUTOHSCROLL | ES_READONLY
LTEXT "Domain",IDC_CFG_LBL_DOMAIN,13,141,24,8
EDITTEXT IDC_CFG_DOMAIN,76,138,166,14,ES_AUTOHSCROLL | ES_READONLY
- LTEXT "Import tickets",IDC_LBL_IMPORT,13,158,45,8
+ LTEXT "Import credentials",IDC_LBL_IMPORT,13,158,45,8
COMBOBOX IDC_CFG_IMPORT,76,156,166,51,CBS_DROPDOWNLIST | WS_VSCROLL | WS_TABSTOP
END
@@ -145,8 +145,8 @@ EXSTYLE WS_EX_CONTROLPARENT FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
CONTROL "",IDC_CFG_REALMS,"SysListView32",LVS_REPORT | LVS_SHOWSELALWAYS | LVS_SORTASCENDING | LVS_EDITLABELS | LVS_ALIGNLEFT | LVS_NOCOLUMNHEADER | WS_TABSTOP,7,19,81,148
- GROUPBOX "Kerberos Servers",IDC_CFG_SERVERSGRP,93,7,155,91
- GROUPBOX "Domain mappings",IDC_CFG_DOMAINGRP,93,101,155,74
+ GROUPBOX "Kerberos v5 Servers",IDC_CFG_SERVERSGRP,93,7,155,91
+ GROUPBOX "Domain to Realm mappings",IDC_CFG_DOMAINGRP,93,101,155,74
CONTROL "",IDC_CFG_KDC,"SysListView32",LVS_REPORT | LVS_EDITLABELS | LVS_ALIGNLEFT | WS_TABSTOP,99,19,143,72
CONTROL "",IDC_CFG_DMAP,"SysListView32",LVS_REPORT | LVS_EDITLABELS | LVS_ALIGNLEFT | WS_TABSTOP,99,111,143,56
END
@@ -156,16 +156,16 @@ STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_SYSMENU EXSTYLE WS_EX_CONTROLPARENT
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- LTEXT "Ticket lifetime",IDC_CFG_LBL_DEFLIFE,7,10,44,8
+ LTEXT "Credential lifetime",IDC_CFG_LBL_DEFLIFE,7,10,44,8
EDITTEXT IDC_CFG_DEFLIFE,91,7,137,14,ES_AUTOHSCROLL
- LTEXT "Ticket renewable lifetime",IDC_CFG_LBL_DEFRLIFE,7,29,80,8
+ LTEXT "Credential renewable lifetime",IDC_CFG_LBL_DEFRLIFE,7,29,80,8
EDITTEXT IDC_CFG_DEFRLIFE,91,26,137,14,ES_AUTOHSCROLL
- GROUPBOX "Ticket lifetime range",IDC_CFG_LIFEGRP,7,43,221,49
+ GROUPBOX "Credential lifetime range",IDC_CFG_LIFEGRP,7,43,221,49
LTEXT "Minimum",IDC_STATIC,13,56,28,8
EDITTEXT IDC_CFG_LRNG_MIN,91,53,131,14,ES_AUTOHSCROLL
LTEXT "Maximum",IDC_STATIC,13,75,30,8
EDITTEXT IDC_CFG_LRNG_MAX,91,72,131,14,ES_AUTOHSCROLL
- GROUPBOX "Ticket renewable lifetime range",IDC_STATIC,7,95,221,49
+ GROUPBOX "Credential renewable lifetime range",IDC_STATIC,7,95,221,49
LTEXT "Minimum",IDC_STATIC,13,108,28,8
EDITTEXT IDC_CFG_RLRNG_MIN,91,105,131,14,ES_AUTOHSCROLL
LTEXT "Maximum",IDC_STATIC,13,128,30,8
@@ -177,7 +177,7 @@ STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_SYSMENU EXSTYLE WS_EX_CONTROLPARENT
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- LTEXT "Ticket lifetime",IDC_CFG_LBL_DEFLIFE,7,10,44,8
+ LTEXT "Credential lifetime",IDC_CFG_LBL_DEFLIFE,7,10,44,8
EDITTEXT IDC_CFG_DEFLIFE,91,7,137,14,ES_AUTOHSCROLL
CONTROL "Renewable for",IDC_CFG_RENEW,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,7,41,63,10
EDITTEXT IDC_CFG_DEFRLIFE,91,39,137,14,ES_AUTOHSCROLL
@@ -186,7 +186,7 @@ BEGIN CONTROL "Addressless",IDC_CFG_ADDRESSLESS,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,7,77,54,10
LTEXT "Additional IP address",IDC_STATIC,91,78,68,8,NOT WS_VISIBLE
CONTROL "",IDC_CFG_PUBLICIP,"SysIPAddress32",NOT WS_VISIBLE | WS_TABSTOP,128,89,100,15
- LTEXT "Credentials cache",IDC_STATIC,7,132,58,8
+ LTEXT "Credential cache",IDC_STATIC,7,132,58,8
EDITTEXT IDC_CFG_CCACHE,91,130,137,14,ES_AUTOHSCROLL
END
@@ -195,7 +195,7 @@ STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_SYSMENU EXSTYLE WS_EX_CONTROLPARENT
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- CONTROL "Kerberos 5 Change Password Options",IDC_STATIC,"Static",SS_LEFTNOWORDWRAP | SS_SUNKEN | WS_GROUP,7,7,286,11
+ CONTROL "Kerberos v5 Change Password Options",IDC_STATIC,"Static",SS_LEFTNOWORDWRAP | SS_SUNKEN | WS_GROUP,7,7,286,11
LTEXT "Realm",IDC_STATIC,7,25,52,13
COMBOBOX IDC_NCK5_REALM,60,25,233,51,CBS_DROPDOWN | CBS_AUTOHSCROLL | CBS_SORT | WS_VSCROLL | WS_TABSTOP
PUSHBUTTON "Specify &additional realms ...",IDC_NCK5_ADD_REALMS,181,43,112,16,BS_NOTIFY | WS_DISABLED
@@ -206,7 +206,7 @@ STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_SYSMENU EXSTYLE WS_EX_CONTROLPARENT
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- GROUPBOX "File Caches",IDC_CFG_FCGRP,7,26,241,149
+ GROUPBOX "File-based Credential Caches",IDC_CFG_FCGRP,7,26,241,149
CONTROL "",IDC_CFG_FCLIST,"SysListView32",LVS_REPORT | LVS_SORTASCENDING | LVS_ALIGNLEFT | WS_BORDER | WS_TABSTOP,13,37,229,97
EDITTEXT IDC_CFG_FCNAME,13,139,173,14,ES_AUTOHSCROLL
PUSHBUTTON "&Browse ...",IDC_CFG_BROWSE,192,139,50,14
@@ -339,11 +339,11 @@ STRINGTABLE BEGIN
IDS_UNK_ADDR_FMT "Unknown address type %d"
IDS_KRB5_CREDTEXT_0 "<p><a id=""SwitchPanel"" param=""Krb5Cred""><b>Krb5</b></a><tab>: Creds for realm %s</p>"
- IDS_KRB5_CCNAME_SHORT_DESC "Krb5 CCache"
- IDS_KEY_ENCTYPE_SHORT_DESC "Key EncType"
- IDS_TKT_ENCTYPE_SHORT_DESC "Ticket EncType"
+ IDS_KRB5_CCNAME_SHORT_DESC "Kerberos v5 CCache"
+ IDS_KEY_ENCTYPE_SHORT_DESC "Session EncType"
+ IDS_TKT_ENCTYPE_SHORT_DESC "Service EncType"
IDS_KEY_ENCTYPE_LONG_DESC "Session Key Encryption Type"
- IDS_TKT_ENCTYPE_LONG_DESC "Ticket Encryption Type"
+ IDS_TKT_ENCTYPE_LONG_DESC "Service Encryption Type"
IDS_ADDR_LIST_SHORT_DESC "Addresses"
IDS_ADDR_LIST_LONG_DESC "Address List"
IDS_ETYPE_NULL "NULL"
@@ -366,53 +366,53 @@ BEGIN IDS_ETYPE_UNKNOWN "(Unknown)"
IDS_ETYPE_LOCAL_DES3_HMAC_SHA1 "LOCAL-DES3-HMAC-SHA1"
IDS_ETYPE_LOCAL_RC4_MD4 "LOCAL-RC4-MD4"
- IDS_KRB5_SHORT_DESC "Kerberos 5 tickets"
- IDS_KRB5_LONG_DESC "Kerberos 5 tickets"
+ IDS_KRB5_SHORT_DESC "Kerberos v5 credentials"
+ IDS_KRB5_LONG_DESC "Kerberos v5 credentials"
END
STRINGTABLE
BEGIN
- IDS_KRB4_SHORT_DESC "Kerberos 4"
- IDS_KRB4_LONG_DESC "Kerberos 4 tickets"
- IDS_KRB5_FLAGS_SHORT_DESC "Krb5 Flags"
+ IDS_KRB4_SHORT_DESC "Kerberos v4"
+ IDS_KRB4_LONG_DESC "Kerberos v4 credentials"
+ IDS_KRB5_FLAGS_SHORT_DESC "Kerberos v5 Flags"
IDS_RENEW_TILL_SHORT_DESC "Renew Till"
IDS_RENEW_TILL_LONG_DESC "Renewable Till"
IDS_RENEW_FOR_SHORT_DESC "Renew for"
IDS_RENEW_FOR_LONG_DESC "Renewable for"
- IDS_KRB5_CCNAME_LONG_DESC "Krb5 Primary Credentials Cache"
+ IDS_KRB5_CCNAME_LONG_DESC "Kerberos v5 Primary Credentials Cache"
IDS_NC_USERNAME "Username"
IDS_NC_REALM "Realm"
- IDS_KRB5_WARNING "Kerberos 5 Warning"
+ IDS_KRB5_WARNING "Kerberos v5 Warning"
IDS_K5ERR_NAME_EXPIRED "<p><a id=""SwitchPanel"" param=""Krb5Cred""><b>Krb5</b></a><tab>: The selected principal name has expired.</p><p><tab> Please contact your system administrator.</p>"
IDS_K5ERR_KEY_EXPIRED "<p><a id=""SwitchPanel"" param=""Krb5Cred""><b>Krb5</b></a><tab>: The password for the selected identity has expired.</p><p><tab> Click <a id=""Krb5Cred:!Passwd"">here</a> to change the password</p>"
- IDS_KRB5_WARN_FMT "Kerberos 5: %s\n\n%s"
+ IDS_KRB5_WARN_FMT "Kerberos v5: %s\n\n%s"
IDS_K5ERR_FMT "<p><a id=""SwitchPanel"" param=""Krb5Cred""><b>Krb5</b></a><tag>: %s</p>"
- IDS_K5CFG_SHORT_DESC "Kerberos 5"
+ IDS_K5CFG_SHORT_DESC "Kerberos v5"
END
STRINGTABLE
BEGIN
- IDS_K5CFG_LONG_DESC "Kerberos 5 Configuration"
+ IDS_K5CFG_LONG_DESC "Kerberos v5 Configuration"
IDS_K5RLM_SHORT_DESC "Realms"
IDS_K5RLM_LONG_DESC "Kerberos Realm Configuration"
- IDS_K5CFG_IDS_SHORT_DESC "Kerberos 5"
- IDS_K5CFG_IDS_LONG_DESC "Kerberos 5 options for all identities"
- IDS_K5CFG_ID_SHORT_DESC "Kerberos 5"
- IDS_K5CFG_ID_LONG_DESC "Kerberos 5 options for this identity"
- IDS_PLUGIN_DESC "Kerberos 5 Credentials Provider"
- IDS_NC_PWD_BANNER "Changing Kerberos 5 Password"
+ IDS_K5CFG_IDS_SHORT_DESC "Kerberos v5"
+ IDS_K5CFG_IDS_LONG_DESC "Kerberos v5 options for all identities"
+ IDS_K5CFG_ID_SHORT_DESC "Kerberos v5"
+ IDS_K5CFG_ID_LONG_DESC "Kerberos v5 options for this identity"
+ IDS_PLUGIN_DESC "Kerberos v5 Credentials Provider"
+ IDS_NC_PWD_BANNER "Changing Kerberos v5 Password"
IDS_NC_PWD_PWD "Current Password"
IDS_NC_PWD_NPWD "New Password"
IDS_NC_PWD_NPWD_AGAIN "New Password again"
IDS_KRB5_CREDTEXT_P0 "<p><a id=""SwitchPanel"" param=""Krb5Cred""><b>Krb5</b></a><tab>: Changing password for %s</p>"
IDS_K5CFG_IMPORT_OPTIONS "Never,Always,Only when the principal matches"
- IDS_IDENTPRO_DESC "Kerberos 5 Identity Provider"
- IDS_K5CCC_SHORT_DESC "Credentials Caches"
+ IDS_IDENTPRO_DESC "Kerberos v5 Identity Provider"
+ IDS_K5CCC_SHORT_DESC "Credential Caches"
END
STRINGTABLE
BEGIN
- IDS_K5CCC_LONG_DESC "Kerberos 5 Credentials Caches"
+ IDS_K5CCC_LONG_DESC "Kerberos v5 Credential Caches"
IDS_CFG_FCTITLE "File based Credential Caches"
IDS_CFG_FCN_WARNING "Warning:"
IDS_CFG_FCN_W_NOTFOUND "The credentials cache you specified does not exist."
@@ -438,7 +438,7 @@ BEGIN IDS_FLG_OK_DELEGATE "Approved for delegation"
IDS_FLG_ANONYMOUS "Anonymous"
IDS_K5ERR_CANTWRITEPROFILE
- "The Kerberos 5 profile file could not be written"
+ "The Kerberos v5 profile file could not be written"
IDS_K5ERR_PROFNOWRITE "The file %s could not be opened as a profile file for writing."
IDS_K5ERR_PROFUSETEMP "The file %s could not be opened for writing. The current changes will be saved to %s temporarily."
IDS_K5ERR_PROFSUGGEST "This may be due to not having privileges to modify the configuration file. Please contact your system administrator to resolve the issue."
@@ -460,7 +460,7 @@ BEGIN IDS_NO "No"
IDS_CFG_RE_NEWSERVER "<New server...>"
IDS_CFG_RE_NEWDMAP "<New domain mapping...>"
- IDS_KRB5_NC_NAME "Kerberos 5"
+ IDS_KRB5_NC_NAME "Kerberos v5"
IDS_NCERR_IDENT_TOO_LONG "The identity name is too long."
IDS_NCERR_IDENT_INVALID "The identity name is invalid."
IDS_NCERR_IDENT_UNKNOWN "An unknown error occurred while validating the identity name."
diff --git a/src/windows/identity/plugins/krb5/version.rc b/src/windows/identity/plugins/krb5/version.rc index ec58aa9..135b08e 100644 --- a/src/windows/identity/plugins/krb5/version.rc +++ b/src/windows/identity/plugins/krb5/version.rc @@ -28,7 +28,7 @@ #ifndef LANGVER
-#define STR_FILEDESC "Kerberos 5 Plugin for NetIDMgr"
+#define STR_FILEDESC "Kerberos v5 Plugin for Network Identity Manager"
#define STR_INTNAME "krb5cred"
#define STR_ORIGNAME "krb5cred.dll"
@@ -67,7 +67,7 @@ VALUE "InternalName", STR_INTNAME
VALUE "LegalCopyright", KH_VERSTR_COPYRIGHT_1033
VALUE "OriginalFilename", STR_ORIGNAME
- VALUE "ProductName", "NetIDMgr"
+ VALUE "ProductName", "Network Identity Manager"
VALUE "ProductVersion", KH_VERSTR_PRODUCT_1033
#ifdef KH_VERSTR_COMMENT_1033
VALUE "Comment", KH_VERSTR_COMMENT_1033
diff --git a/src/windows/identity/ui/appglobal.h b/src/windows/identity/ui/appglobal.h index 9529961..8660de2 100644 --- a/src/windows/identity/ui/appglobal.h +++ b/src/windows/identity/ui/appglobal.h @@ -47,6 +47,7 @@ typedef struct tag_khm_startup_options_v1 { BOOL init;
BOOL import;
BOOL renew;
+ LONG pending_renewals;
BOOL destroy;
BOOL autoinit;
diff --git a/src/windows/identity/ui/appver.rc b/src/windows/identity/ui/appver.rc index 9d2dbc4..58a69a4 100644 --- a/src/windows/identity/ui/appver.rc +++ b/src/windows/identity/ui/appver.rc @@ -26,7 +26,7 @@ BEGIN VALUE "InternalName", "NetIDMgr"
VALUE "LegalCopyright", KH_VERSTR_COPYRIGHT_1033
VALUE "OriginalFilename", "netidmgr.exe"
- VALUE "ProductName", "NetIDMgr"
+ VALUE "ProductName", "Network Identity Manager"
VALUE "ProductVersion", KH_VERSTR_PRODUCT_1033
#ifdef KH_VERSTR_COMMENT_1033
VALUE "Comment", KH_VERSTR_COMMENT_1033
diff --git a/src/windows/identity/ui/credfuncs.c b/src/windows/identity/ui/credfuncs.c index 530ef08..e70b852 100644 --- a/src/windows/identity/ui/credfuncs.c +++ b/src/windows/identity/ui/credfuncs.c @@ -1,5 +1,6 @@ /*
* Copyright (c) 2005 Massachusetts Institute of Technology
+ * Copyright (c) 2007 Secure Endpoints Inc.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -366,6 +367,7 @@ kmsg_cred_completion(kmq_message *m) /* all is done. */
{
khui_new_creds * nc;
+ khm_boolean continue_cmdline = TRUE;
nc = (khui_new_creds *) m->vparam;
@@ -378,13 +380,29 @@ kmsg_cred_completion(kmq_message *m) */
khm_cred_end_dialog(nc);
+
+ } else if (nc->subtype == KMSG_CRED_RENEW_CREDS) {
+
+ /* if this is a renewal that was triggered while we
+ were processing the commandline, then we need to
+ update the pending renewal count. */
+
+ if (khm_startup.processing) {
+ LONG renewals;
+ renewals = InterlockedDecrement(&khm_startup.pending_renewals);
+
+ if (renewals != 0) {
+ continue_cmdline = FALSE;
+ }
+ }
}
khui_cw_destroy_cred_blob(nc);
kmq_post_message(KMSG_CRED, KMSG_CRED_REFRESH, 0, 0);
- kmq_post_message(KMSG_ACT, KMSG_ACT_CONTINUE_CMDLINE, 0, 0);
+ if (continue_cmdline)
+ kmq_post_message(KMSG_ACT, KMSG_ACT_CONTINUE_CMDLINE, 0, 0);
}
break;
@@ -415,7 +433,35 @@ kmsg_cred_completion(kmq_message *m) break;
case KMSG_CRED_IMPORT:
- kmq_post_message(KMSG_ACT, KMSG_ACT_CONTINUE_CMDLINE, 0, 0);
+ {
+ khm_boolean continue_cmdline = FALSE;
+ LONG pending_renewals;
+
+ /* once an import operation ends, we have to trigger a
+ renewal so that other plug-ins that didn't participate
+ in the import operation can have a chance at getting
+ the necessary credentials.
+
+ If we are in the middle of processing the commandline,
+ we have to be a little bit careful. We can't issue a
+ commandline conituation message right now because the
+ import action is still ongoing (since the renewals are
+ part of the action). Once the renewals have completed,
+ the completion handler will automatically issue a
+ commandline continuation message. However, if there
+ were no identities to renew, then we have to issue the
+ message ourselves.
+ */
+
+ InterlockedIncrement(&khm_startup.pending_renewals);
+
+ khm_cred_renew_all_identities();
+
+ pending_renewals = InterlockedDecrement(&khm_startup.pending_renewals);
+
+ if (pending_renewals == 0 && khm_startup.processing)
+ kmq_post_message(KMSG_ACT, KMSG_ACT_CONTINUE_CMDLINE, 0, 0);
+ }
break;
case KMSG_CRED_REFRESH:
@@ -504,6 +550,106 @@ void khm_cred_destroy_creds(khm_boolean sync, khm_boolean quiet) _end_task();
}
+void khm_cred_destroy_identity(khm_handle identity)
+{
+ khui_action_context * pctx;
+ wchar_t idname[KCDB_IDENT_MAXCCH_NAME];
+ khm_size cb;
+
+ if (identity == NULL)
+ return;
+
+ pctx = PMALLOC(sizeof(*pctx));
+#ifdef DEBUG
+ assert(pctx);
+#endif
+
+ khui_context_create(pctx,
+ KHUI_SCOPE_IDENT,
+ identity,
+ KCDB_CREDTYPE_INVALID,
+ NULL);
+
+ cb = sizeof(idname);
+ kcdb_identity_get_name(identity, idname, &cb);
+
+ _begin_task(KHERR_CF_TRANSITIVE);
+ _report_sr1(KHERR_NONE, IDS_CTX_DESTROY_ID, _dupstr(idname));
+ _describe();
+
+ kmq_post_message(KMSG_CRED,
+ KMSG_CRED_DESTROY_CREDS,
+ 0,
+ (void *) pctx);
+
+ _end_task();
+}
+
+void khm_cred_renew_all_identities(void)
+{
+ khm_size count;
+ khm_size cb = 0;
+ khm_size n_idents = 0;
+ khm_int32 rv;
+ wchar_t * ident_names = NULL;
+ wchar_t * this_ident;
+
+ kcdb_credset_get_size(NULL, &count);
+
+ /* if there are no credentials, we just skip over the renew
+ action. */
+
+ if (count == 0)
+ return;
+
+ ident_names = NULL;
+
+ while (TRUE) {
+ if (ident_names) {
+ PFREE(ident_names);
+ ident_names = NULL;
+ }
+
+ cb = 0;
+ rv = kcdb_identity_enum(KCDB_IDENT_FLAG_EMPTY, 0,
+ NULL,
+ &cb, &n_idents);
+
+ if (n_idents == 0 || rv != KHM_ERROR_TOO_LONG ||
+ cb == 0)
+ break;
+
+ ident_names = PMALLOC(cb);
+ ident_names[0] = L'\0';
+
+ rv = kcdb_identity_enum(KCDB_IDENT_FLAG_EMPTY, 0,
+ ident_names,
+ &cb, &n_idents);
+
+ if (KHM_SUCCEEDED(rv))
+ break;
+ }
+
+ if (ident_names) {
+ for (this_ident = ident_names;
+ this_ident && *this_ident;
+ this_ident = multi_string_next(this_ident)) {
+ khm_handle ident;
+
+ if (KHM_FAILED(kcdb_identity_create(this_ident, 0,
+ &ident)))
+ continue;
+
+ khm_cred_renew_identity(ident);
+
+ kcdb_identity_release(ident);
+ }
+
+ PFREE(ident_names);
+ ident_names = NULL;
+ }
+}
+
void khm_cred_renew_identity(khm_handle identity)
{
khui_new_creds * c;
@@ -522,6 +668,12 @@ void khm_cred_renew_identity(khm_handle identity) _report_sr0(KHERR_NONE, IDS_CTX_RENEW_CREDS);
_describe();
+ /* if we are calling this while processing startup actions, we
+ need to keep track of how many we have issued. */
+ if (khm_startup.processing) {
+ InterlockedIncrement(&khm_startup.pending_renewals);
+ }
+
kmq_post_message(KMSG_CRED, KMSG_CRED_RENEW_CREDS, 0, (void *) c);
_end_task();
@@ -545,6 +697,12 @@ void khm_cred_renew_cred(khm_handle cred) _report_sr0(KHERR_NONE, IDS_CTX_RENEW_CREDS);
_describe();
+ /* if we are calling this while processing startup actions, we
+ need to keep track of how many we have issued. */
+ if (khm_startup.processing) {
+ InterlockedIncrement(&khm_startup.pending_renewals);
+ }
+
kmq_post_message(KMSG_CRED, KMSG_CRED_RENEW_CREDS, 0, (void *) c);
_end_task();
@@ -563,6 +721,12 @@ void khm_cred_renew_creds(void) _report_sr0(KHERR_NONE, IDS_CTX_RENEW_CREDS);
_describe();
+ /* if we are calling this while processing startup actions, we
+ need to keep track of how many we have issued. */
+ if (khm_startup.processing) {
+ InterlockedIncrement(&khm_startup.pending_renewals);
+ }
+
kmq_post_message(KMSG_CRED, KMSG_CRED_RENEW_CREDS, 0, (void *) c);
_end_task();
@@ -911,73 +1075,37 @@ khm_cred_process_startup_actions(void) { if (khm_startup.import) {
khm_cred_import();
khm_startup.import = FALSE;
+
+ /* we also set the renew command to false here because we
+ trigger a renewal for all the identities at the end of
+ the import operation anyway. */
+ khm_startup.renew = FALSE;
break;
}
if (khm_startup.renew) {
- khm_size count;
- wchar_t * ident_names = NULL;
- wchar_t * this_ident;
-
- kcdb_credset_get_size(NULL, &count);
+ LONG pending_renewals;
/* if there are no credentials, we just skip over the
renew action. */
khm_startup.renew = FALSE;
- if (count != 0) {
- khm_size cb = 0;
- khm_size n_idents = 0;
- khm_int32 rv;
-
- ident_names = NULL;
-
- while (TRUE) {
- if (ident_names) {
- PFREE(ident_names);
- ident_names = NULL;
- }
-
- cb = 0;
- rv = kcdb_identity_enum(KCDB_IDENT_FLAG_EMPTY, 0,
- NULL,
- &cb, &n_idents);
+ InterlockedIncrement(&khm_startup.pending_renewals);
- if (n_idents == 0 || rv != KHM_ERROR_TOO_LONG ||
- cb == 0)
- break;
+ khm_cred_renew_all_identities();
- ident_names = PMALLOC(cb);
+ pending_renewals = InterlockedDecrement(&khm_startup.pending_renewals);
- rv = kcdb_identity_enum(KCDB_IDENT_FLAG_EMPTY, 0,
- ident_names,
- &cb, &n_idents);
-
- if (KHM_SUCCEEDED(rv))
- break;
- }
-
- if (ident_names) {
- for (this_ident = ident_names;
- this_ident && *this_ident;
- this_ident = multi_string_next(this_ident)) {
- khm_handle ident;
-
- if (KHM_FAILED(kcdb_identity_create(this_ident, 0,
- &ident)))
- continue;
-
- khm_cred_renew_identity(ident);
-
- kcdb_identity_release(ident);
- }
-
- PFREE(ident_names);
- ident_names = NULL;
- }
+ if (pending_renewals != 0)
break;
- }
+
+ /* if there were no pending renewals, then we just fall
+ through. This means that either there were no
+ identities to renew, or all the renewals completed. If
+ all the renewals completed, then the commandline
+ contiuation message wasn't triggered. Either way, we
+ must fall through if the count is zero. */
}
if (khm_startup.destroy) {
diff --git a/src/windows/identity/ui/credfuncs.h b/src/windows/identity/ui/credfuncs.h index 677d279..b3c88fa 100644 --- a/src/windows/identity/ui/credfuncs.h +++ b/src/windows/identity/ui/credfuncs.h @@ -1,5 +1,6 @@ /*
* Copyright (c) 2005 Massachusetts Institute of Technology
+ * Copyright (c) 2007 Secure Endpoints Inc.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -34,6 +35,12 @@ void khm_cred_destroy_creds(khm_boolean sync,
khm_boolean quiet);
+void
+khm_cred_destroy_identity(khm_handle identity);
+
+void
+khm_cred_renew_all_identities(void);
+
void
khm_cred_renew_identity(khm_handle identity);
diff --git a/src/windows/identity/ui/credwnd.c b/src/windows/identity/ui/credwnd.c index c9b314b..5bdbdb7 100644 --- a/src/windows/identity/ui/credwnd.c +++ b/src/windows/identity/ui/credwnd.c @@ -802,19 +802,27 @@ cw_new_outline_node(wchar_t * heading) { return o;
}
+/* buf is a handle to a credential or an identity. the kcdb_buf_*
+ functions work with either. */
khm_int32
-cw_get_cred_exp_flags(khui_credwnd_tbl * tbl, khm_handle cred)
+cw_get_buf_exp_flags(khui_credwnd_tbl * tbl, khm_handle buf)
{
khm_int32 flags;
long s;
- FILETIME ft;
+ FILETIME ft_expire;
+ FILETIME ft_current;
+ FILETIME ft_difference;
khm_size cbsize;
- cbsize = sizeof(ft);
- if(KHM_FAILED(kcdb_cred_get_attr(cred, KCDB_ATTR_TIMELEFT, NULL, &ft, &cbsize)))
+ cbsize = sizeof(ft_expire);
+ if(KHM_FAILED(kcdb_buf_get_attr(buf, KCDB_ATTR_EXPIRE, NULL,
+ &ft_expire, &cbsize)))
return 0;
- s = FtIntervalToSeconds(&ft);
+ GetSystemTimeAsFileTime(&ft_current);
+ ft_difference = FtSub(&ft_expire, &ft_current);
+
+ s = FtIntervalToSeconds(&ft_difference);
flags = 0;
if(s < 0)
@@ -856,7 +864,7 @@ cw_timer_proc(HWND hwnd, if(!(r->flags & KHUI_CW_ROW_CRED))
return; /* we only know what to do with cred rows */
- nflags = cw_get_cred_exp_flags(tbl, (khm_handle) r->data);
+ nflags = cw_get_buf_exp_flags(tbl, (khm_handle) r->data);
if((r->flags & CW_EXPSTATE_MASK) != nflags) {
/* flags have changed */
/* the outline needs to be updated */
@@ -1234,6 +1242,21 @@ cw_update_outline(khui_credwnd_tbl * tbl) }
visible = visible && (ol->flags & KHUI_CW_O_EXPAND);
selected = (selected || (ol->flags & KHUI_CW_O_SELECTED));
+
+ /* if the outline node is for an identity, then we have to
+ check the expiration state for the identity. */
+
+ if (ol->attr_id == KCDB_ATTR_ID) {
+ khm_handle ident = (khm_handle) ol->data;
+
+ flags = cw_get_buf_exp_flags(tbl, ident);
+
+ if (flags) {
+ ol->flags |= flags;
+ ol->flags |= KHUI_CW_O_SHOWFLAG;
+ expstate |= flags;
+ }
+ }
}
/* we need to do this here too just in case we were already at
@@ -1241,8 +1264,7 @@ cw_update_outline(khui_credwnd_tbl * tbl) if (ol)
visible = visible && (ol->flags & KHUI_CW_O_EXPAND);
- flags = cw_get_cred_exp_flags(tbl, thiscred);
- expstate |= flags;
+ flags = cw_get_buf_exp_flags(tbl, thiscred);
if(visible) {
khm_int32 c_flags;
@@ -1260,30 +1282,6 @@ cw_update_outline(khui_credwnd_tbl * tbl) tbl->rows[n_rows].idx_end = i;
n_rows++;
- } else if(flags) {
- khui_credwnd_outline *to;
- /* the row that is flagged is not visible. We need to send
- the flag upstream until we hit a visible outline node */
- to = ol;
- while(to && !(to->flags & KHUI_CW_O_VISIBLE)) {
- to = TPARENT(to);
- }
- if(to) {
- to->flags |= KHUI_CW_O_SHOWFLAG;
- }
- }
-
- /* and we propagate the flags upstream */
- if(flags) {
- khui_credwnd_outline *to;
-
- to = ol;
- while(to) {
- if((to->flags & CW_EXPSTATE_MASK) < flags) {
- to->flags = (to->flags & ~CW_EXPSTATE_MASK) | flags;
- }
- to = TPARENT(to);
- }
}
if(prevcred)
@@ -1406,6 +1404,8 @@ _exit: if(grouping)
PFREE(grouping);
+ /* note that the expstate is derived from whether or not
+ * we have expiration states set for any active identities */
if (n_creds == 0)
khm_notify_icon_expstate(KHM_NOTIF_EMPTY);
else if (expstate & CW_EXPSTATE_EXPIRED)
@@ -4307,10 +4307,11 @@ cw_wm_command(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam) wp = MK_SHIFT;
else if (LOWORD(wParam) == KHUI_PACTION_UP_TOGGLE)
wp = 0; //MK_CONTROL;
+ else {
#ifdef DEBUG
- else
assert(FALSE);
#endif
+ }
cw_select_row(tbl, new_row, wp);
cw_ensure_row_visible(hwnd, tbl, new_row);
@@ -4366,10 +4367,12 @@ cw_wm_command(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam) wp = MK_SHIFT;
else if (LOWORD(wParam) == KHUI_PACTION_DOWN_TOGGLE)
wp = 0; //MK_CONTROL;
+ else {
#ifdef DEBUG
- else
assert(FALSE);
#endif
+ }
+
cw_select_row(tbl, new_row, wp);
cw_ensure_row_visible(hwnd, tbl, new_row);
}
diff --git a/src/windows/identity/ui/lang/en_us/khapp.rc b/src/windows/identity/ui/lang/en_us/khapp.rc index 48f5776..862872d 100644 --- a/src/windows/identity/ui/lang/en_us/khapp.rc +++ b/src/windows/identity/ui/lang/en_us/khapp.rc @@ -225,7 +225,7 @@ END IDD_CFG_MAIN DIALOGEX 0, 0, 357, 222
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
EXSTYLE WS_EX_CONTEXTHELP
-CAPTION "NetIDMgr Configuration"
+CAPTION "Network Identity Manager Configuration"
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
LTEXT "Title",IDC_CFG_TITLE,0,0,357,20,SS_CENTERIMAGE
@@ -252,11 +252,11 @@ BEGIN "Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,22,196,10
CONTROL "&Destroy all credentials on exit",IDC_CFG_DESTROYALL,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,39,111,10
- CONTROL "&Start NetIDMgr during Windows logon",IDC_CFG_AUTOSTART,
+ CONTROL "&Start Network Identity Manager during Windows logon",IDC_CFG_AUTOSTART,
"Button",BS_AUTOCHECKBOX | NOT WS_VISIBLE | WS_DISABLED | WS_TABSTOP,16,48,135,10
GROUPBOX "Other",IDC_CFG_OTHER,7,63,241,85
- CONTROL "&Run NetIDMgr in system tray after window close",IDC_CFG_KEEPRUNNING,
- "Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,78,170,10
+ CONTROL "&Run Network Identity Manager in system tray after window close",IDC_CFG_KEEPRUNNING,
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,78,230,10
CONTROL "Monitor network connectivity",IDC_CFG_NETDETECT,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,96,106,10
CONTROL "Log trace events to trace log at the following location:",IDC_CFG_LOGTOFILE,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,16,113,225,10
@@ -356,7 +356,7 @@ FONT 8, "MS Shell Dlg", 400, 0, 0x1 BEGIN
DEFPUSHBUTTON "OK",IDOK,211,7,50,14
LTEXT "Productname",IDC_PRODUCT,41,7,163,13,NOT WS_GROUP
- LTEXT "© 2005-2006 Massachusetts Institute of Technology\n© 2006 Secure Endpoints Inc.",IDC_COPYRIGHT,41,23,220,18,NOT WS_GROUP
+ LTEXT "© 2005-2007 Massachusetts Institute of Technology\n© 2006-2007 Secure Endpoints Inc.",IDC_COPYRIGHT,41,23,220,18,NOT WS_GROUP
LTEXT "BuildInfo",IDC_BUILDINFO,41,43,220,15,NOT WS_GROUP
ICON IDI_MAIN_APP,IDC_STATIC,6,7,20,20
CONTROL "",IDC_MODULES,"SysListView32",LVS_REPORT | LVS_ALIGNLEFT | WS_BORDER | WS_TABSTOP,41,72,220,91
@@ -588,7 +588,7 @@ BEGIN IDS_ACTION_HELP_CTX "Help Index"
IDS_ACTION_HELP_CONTENTS "Contents ..."
IDS_ACTION_HELP_INDEX "Index ..."
- IDS_ACTION_HELP_ABOUT "About NetIDMgr ..."
+ IDS_ACTION_HELP_ABOUT "About Network Identity Manager ..."
IDS_CFG_GENERAL_LONG "General options"
IDS_SAMPLE_STRING "Wxy"
IDS_NO_CREDS "<large><center>You currently have no credentials.Click <a id=""NewCreds"">here</a> to obtain new credentials.</center></large>"
@@ -610,7 +610,7 @@ BEGIN IDS_ACTION_DESTROY_CRED "De&stroy credentials ..."
IDS_DEFAULT_FONT "MS Shell Dlg"
IDS_NC_CREDTEXT_TABS "<settab pos=""15""><settab pos=""30""><settab pos=""45"">"
- IDS_NOTIFY_PREFIX "NetIDMgr - "
+ IDS_NOTIFY_PREFIX "Network Identity Manager - "
IDS_NOTIFY_READY "Ready"
IDS_NOTIFY_ATTENTION "Attention"
IDS_ALERT_DEFAULT "Alert"
@@ -629,7 +629,7 @@ BEGIN IDS_PROP_COL_VALUE "Value"
IDS_NC_NEW_IDENT "( New identity ... )"
IDS_NC_CREDTEXT_ID_CHECKING "<font color=""grey"">%s (Checking...)</font>"
- IDS_ACTION_OPEN_APP "Open NetIDMgr ..."
+ IDS_ACTION_OPEN_APP "Open Network Identity Manager ..."
IDS_CTX_NEW_IDENT "Obaining new identity"
IDS_CTX_NEW_CREDS "Obtaining new credentials"
IDS_CTX_RENEW_CREDS "Renewing credentials"
@@ -640,7 +640,7 @@ STRINGTABLE BEGIN
IDS_CTX_PROC_NEW_CREDS "Obtaining new credentials for %1!s!"
IDS_CTX_PROC_RENEW_CREDS "Renewing credentials for %1!s!"
- IDS_ACTION_CLOSE_APP "Close NetIDMgr window"
+ IDS_ACTION_CLOSE_APP "Close Network Identity Manager window"
IDS_NC_FAILED_TITLE "Failed to acquire credentials"
IDS_CFG_IDENTITIES_SHORT "Identities"
IDS_CFG_IDENTITIES_LONG "Global Identity settings"
@@ -661,8 +661,8 @@ BEGIN IDS_WARN_EXPIRED "Some of your credentials have expired."
IDS_WARN_EXPIRE_ID "Credentials for %.180s will expire in %s"
IDS_WARN_EXPIRED_ID "Credentials for %.220s have expired"
- IDS_WARN_WM_TITLE "NetIDMgr is still running"
- IDS_WARN_WM_MSG "Click the NetIDMgr icon below to open the application.\n\nOr right click the icon to access the NetIDMgr menu."
+ IDS_WARN_WM_TITLE "Network Identity Manager is still running"
+ IDS_WARN_WM_MSG "Click the Network Identity Manager icon below to open the application.\n\nOr right click the icon to access the Network Identity Manager menu."
IDS_CFG_ID_TAB_SHORT "General"
IDS_CFG_ID_TAB_LONG "General options for this identity"
IDS_CFG_IDS_TAB_SHORT "General"
@@ -691,7 +691,7 @@ BEGIN IDS_WTPOST_PASSWORD " - Changing password"
IDS_CTX_PROC_PASSWORD "Changing password for %1!s!"
IDS_NC_PWD_FAILED_TITLE "Failed to change password"
- IDS_CMDLINE_HELP "Command line options for NetIDMgr are :\n\n-a or --autoinit: Auto initialize credentials\n-i or --kinit: Obtain new credentials\n-d or --destroy: Destroy default identity\n-r or --renew: Renew all credentials"
+ IDS_CMDLINE_HELP "Command line options for Network Identity Manager are :\n\n-a or --autoinit: Auto initialize credentials\n-i or --kinit: Obtain new credentials\n-d or --destroy: Destroy default identity\n-r or --renew: Renew all credentials"
IDS_PACTION_NEXT "Next alert..."
IDS_ERR_TITLE_NO_IDENTPRO "Cannot proceed without identity provider"
END
@@ -724,15 +724,15 @@ BEGIN IDS_CFG_IT_NONE "No changes"
IDS_CFG_NODESC "(Description for plugin %s is not available)"
IDS_CFG_P_DELCNFT "About to disable plugin %s"
- IDS_CFG_P_DELCNFM "Are you sure you want to disable plugin %s ?\n\nOnce disabled, the services provided by the plugin will no longer be available. In addition, any other plugins that depend on this plugin will also become non functional.\n\nNetIDMgr will need to be restarted for the plugin to be deactivated."
+ IDS_CFG_P_DELCNFM "Are you sure you want to disable plugin %s ?\n\nOnce disabled, the services provided by the plugin will no longer be available. In addition, any other plugins that depend on this plugin will also become non functional.\n\nNetwork Identity Manager will need to be restarted for the plugin to be deactivated."
IDS_CFG_P_DELCNFS "The following plugins depend on this plugin : %s"
IDS_CFG_P_DELNDEP "No other plugins depend on this plugin."
IDS_CFG_P_ENBCNFT "About to enable plugin %s"
- IDS_CFG_P_ENBCNFM "The plugin %s will be marked as enabled. The plugin will be come active the next time NetIDMgr is started."
+ IDS_CFG_P_ENBCNFM "The plugin %s will be marked as enabled. The plugin will be come active the next time Network Identity Manager is started."
IDS_PISTATE_FAILINIT "Failed to initialize"
IDS_CFG_P_UNRCNFT "Unregistering plugin %s"
- IDS_CFG_P_UNRCNFM "Are you sure you want to unregister plugin %s? In addition to this plugin, any other plugins that are provided by the same module will also be unregistered.\n\nThe plugin will no longer be loaded for subsequent sessions of NetIDMgr."
- IDS_CFG_P_UNRCNFS "Note that if the plugin was registered by a seprate installer, it should be unregistered by the same installer and not through NetIDMgr.\n\nThe following plugins will be unregistered: %s"
+ IDS_CFG_P_UNRCNFM "Are you sure you want to unregister plugin %s? In addition to this plugin, any other plugins that are provided by the same module will also be unregistered.\n\nThe plugin will no longer be loaded for subsequent sessions of Network Identity Manager."
+ IDS_CFG_P_UNRCNFS "Note that if the plugin was registered by a seprate installer, it should be unregistered by the same installer and not through Network Identity Manager.\n\nThe following plugins will be unregistered: %s"
IDS_ACTION_LAYOUT_CUST "Custom"
IDS_APR_HEADER_TEXT "Header text"
END
@@ -768,7 +768,7 @@ BEGIN IDS_ACTIONT_VIEW_REFRESH
"Re-obtain information about credentials and refresh the credentials display"
IDS_ACTIONT_OPT_IDENTS "Change options for identities"
- IDS_ACTIONT_OPT_KHIM "Change general application settings for NetIDMgr"
+ IDS_ACTIONT_OPT_KHIM "Change general application settings for Network Identity Manager"
IDS_ACTIONT_OPT_NOTIF "Change notification options"
IDS_ACTIONT_OPT_PLUGINS "Change options for plug-ins and modules"
IDS_ACTIONT_OPT_APPEAR "Change appearance and display settings"
@@ -782,6 +782,13 @@ STRINGTABLE BEGIN
IDS_NC_REN_FAILED_TITLE_I "Failed to renew creds for %s"
IDS_CFG_IDNAME_NON "No identity selected. Please select an identity and try again."
+ IDS_MENU_DESTROY_CRED "Destroy ..."
+ IDS_MENU_RENEW_CRED "Renew ..."
+ IDS_ACTION_DESTROY_ALL "All identities"
+ IDS_ACTION_RENEW_ALL "All identities"
+ IDS_IDACTION_RENEW "Renew credentials for %s"
+ IDS_IDACTION_DESTROY "Destroy credentials for %s"
+ IDS_CTX_DESTROY_ID "Destroying identity %1!s!"
END
#endif // English (U.S.) resources
diff --git a/src/windows/identity/ui/main.c b/src/windows/identity/ui/main.c index e221078..c05fa6b 100644 --- a/src/windows/identity/ui/main.c +++ b/src/windows/identity/ui/main.c @@ -352,10 +352,11 @@ int _n_ui_propsheets = 0; void khm_add_property_sheet(khui_property_sheet * s) {
if(_n_ui_propsheets < MAX_UI_PROPSHEETS)
_ui_propsheets[_n_ui_propsheets++] = s;
+ else {
#ifdef DEBUG
- else
assert(FALSE);
#endif
+ }
}
void khm_del_property_sheet(khui_property_sheet * s) {
diff --git a/src/windows/identity/ui/mainmenu.c b/src/windows/identity/ui/mainmenu.c index fc3a64b..c99cafa 100644 --- a/src/windows/identity/ui/mainmenu.c +++ b/src/windows/identity/ui/mainmenu.c @@ -1,5 +1,6 @@ /*
* Copyright (c) 2005 Massachusetts Institute of Technology
+ * Copyright (c) 2007 Secure Endpoints Inc.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -561,6 +562,289 @@ LRESULT khm_menu_notify_main(LPNMHDR notice) { return ret;
}
+struct identity_action_map {
+ khm_handle identity;
+ khm_int32 renew_cmd;
+ khm_int32 destroy_cmd;
+ int refreshcycle;
+};
+
+#define IDMAP_ALLOC_INCR 8
+
+struct identity_action_map * id_action_map = NULL;
+khm_size n_id_action_map = 0;
+khm_size nc_id_action_map = 0;
+
+int idcmd_refreshcycle = 0;
+
+static struct identity_action_map *
+create_identity_cmd_map(khm_handle ident) {
+
+ struct identity_action_map * actmap;
+ wchar_t idname[KCDB_IDENT_MAXCCH_NAME];
+ wchar_t fmt[128];
+ wchar_t tooltip[KHUI_MAXCCH_SHORT_DESC];
+ khm_size cb;
+
+ if (n_id_action_map + 1 > nc_id_action_map) {
+ nc_id_action_map = UBOUNDSS(n_id_action_map + 1,
+ IDMAP_ALLOC_INCR,
+ IDMAP_ALLOC_INCR);
+#ifdef DEBUG
+ assert(nc_id_action_map > n_id_action_map + 1);
+#endif
+ id_action_map = PREALLOC(id_action_map,
+ nc_id_action_map * sizeof(id_action_map[0]));
+#ifdef DEBUG
+ assert(id_action_map);
+#endif
+ ZeroMemory(&id_action_map[n_id_action_map],
+ sizeof(id_action_map[0]) * (nc_id_action_map - n_id_action_map));
+ }
+
+ actmap = &id_action_map[n_id_action_map];
+ n_id_action_map++;
+
+ cb = sizeof(idname);
+ kcdb_identity_get_name(ident, idname, &cb);
+
+ actmap->identity = ident;
+ kcdb_identity_hold(ident);
+
+ fmt[0] = L'\0';
+ LoadString(khm_hInstance, IDS_IDACTION_RENEW,
+ fmt, ARRAYLENGTH(fmt));
+ StringCbPrintf(tooltip, sizeof(tooltip), fmt, idname);
+
+ actmap->renew_cmd =
+ khui_action_create(NULL, idname, tooltip, NULL,
+ KHUI_ACTIONTYPE_TRIGGER, NULL);
+
+ fmt[0] = L'\0';
+ LoadString(khm_hInstance, IDS_IDACTION_DESTROY,
+ fmt, ARRAYLENGTH(fmt));
+ StringCbPrintf(tooltip, sizeof(tooltip), fmt, idname);
+
+ actmap->destroy_cmd =
+ khui_action_create(NULL, idname, tooltip, NULL,
+ KHUI_ACTIONTYPE_TRIGGER, NULL);
+
+ actmap->refreshcycle = idcmd_refreshcycle;
+
+ return actmap;
+}
+
+static void
+purge_identity_cmd_map(void) {
+ khm_size i;
+
+ for (i=0; i < n_id_action_map; i++) {
+ khm_handle ident;
+
+ if (id_action_map[i].refreshcycle != idcmd_refreshcycle) {
+ ident = id_action_map[i].identity;
+ id_action_map[i].identity = NULL;
+ kcdb_identity_release(ident);
+
+ khui_action_delete(id_action_map[i].renew_cmd);
+ khui_action_delete(id_action_map[i].destroy_cmd);
+
+ id_action_map[i].renew_cmd = 0;
+ id_action_map[i].destroy_cmd = 0;
+ }
+ }
+}
+
+static struct identity_action_map *
+get_identity_cmd_map(khm_handle ident) {
+ khm_size i;
+
+ for (i=0; i < n_id_action_map; i++) {
+ if (kcdb_identity_is_equal(id_action_map[i].identity,
+ ident))
+ break;
+ }
+
+ if (i < n_id_action_map) {
+ id_action_map[i].refreshcycle = idcmd_refreshcycle;
+ return &id_action_map[i];
+ } else {
+ return create_identity_cmd_map(ident);
+ }
+}
+
+static khm_int32
+get_identity_renew_command(khm_handle ident) {
+ struct identity_action_map * map;
+
+ map = get_identity_cmd_map(ident);
+
+ if (map)
+ return map->renew_cmd;
+ else
+ return 0;
+}
+
+static khm_int32
+get_identity_destroy_command(khm_handle ident) {
+ struct identity_action_map * map;
+
+ map = get_identity_cmd_map(ident);
+
+ if (map)
+ return map->destroy_cmd;
+ else
+ return 0;
+}
+
+void
+khm_refresh_identity_menus(void) {
+ khui_menu_def * renew_def = NULL;
+ khui_menu_def * dest_def = NULL;
+ wchar_t * idlist = NULL;
+ wchar_t * idname = NULL;
+ khm_size cb = 0;
+ khm_size n_idents = 0;
+ khm_size t;
+ khm_int32 rv = KHM_ERROR_SUCCESS;
+
+ idcmd_refreshcycle++;
+
+ do {
+ if (idlist)
+ PFREE(idlist);
+ idlist = NULL;
+ cb = 0;
+
+ rv = kcdb_identity_enum(KCDB_IDENT_FLAG_ACTIVE | KCDB_IDENT_FLAG_EMPTY,
+ KCDB_IDENT_FLAG_ACTIVE,
+ NULL,
+ &cb,
+ &n_idents);
+ if (rv != KHM_ERROR_TOO_LONG || cb == 0 || cb == sizeof(wchar_t) * 2)
+ break;
+
+ idlist = PMALLOC(cb);
+#ifdef DEBUG
+ assert(idlist);
+#endif
+
+ rv = kcdb_identity_enum(KCDB_IDENT_FLAG_ACTIVE | KCDB_IDENT_FLAG_EMPTY,
+ KCDB_IDENT_FLAG_ACTIVE,
+ idlist,
+ &cb,
+ &n_idents);
+ if (rv == KHM_ERROR_TOO_LONG)
+ continue;
+
+ if (KHM_FAILED(rv)) {
+ /* something else went wrong. hmm. */
+ if (idlist)
+ PFREE(idlist);
+ idlist = NULL;
+ }
+ break;
+
+ } while(TRUE);
+
+ renew_def = khui_find_menu(KHUI_MENU_RENEW_CRED);
+ dest_def = khui_find_menu(KHUI_MENU_DESTROY_CRED);
+#ifdef DEBUG
+ assert(renew_def);
+ assert(dest_def);
+#endif
+
+ t = khui_menu_get_size(renew_def);
+ while(t) {
+ khui_menu_remove_action(renew_def, 0);
+ t--;
+ }
+ khui_menu_insert_action(renew_def, 0, KHUI_ACTION_RENEW_ALL, 0);
+
+ t = khui_menu_get_size(dest_def);
+ while(t) {
+ khui_menu_remove_action(dest_def, 0);
+ t--;
+ }
+ khui_menu_insert_action(dest_def, 0, KHUI_ACTION_DESTROY_ALL, 0);
+
+ if (idlist != NULL && n_idents > 0) {
+ khui_menu_insert_action(renew_def, 1, KHUI_MENU_SEP, 0);
+ khui_menu_insert_action(dest_def, 1, KHUI_MENU_SEP, 0);
+ }
+
+ for (idname = idlist; idname && idname[0];
+ idname = multi_string_next(idname)) {
+ khm_handle identity = NULL;
+
+ if (KHM_FAILED(kcdb_identity_create(idname, 0, &identity))) {
+#ifdef DEBUG
+ assert(FALSE);
+#endif
+ continue;
+ }
+
+ khui_menu_insert_action(renew_def, 1000,
+ get_identity_renew_command(identity),
+ 0);
+
+ khui_menu_insert_action(dest_def, 1000,
+ get_identity_destroy_command(identity),
+ 0);
+ }
+
+ if (idlist)
+ PFREE(idlist);
+
+ purge_identity_cmd_map();
+}
+
+khm_boolean
+khm_check_identity_menu_action(khm_int32 act_id) {
+
+ if (act_id == KHUI_ACTION_DESTROY_ALL) {
+ khm_size i;
+
+ for (i=0; i < n_id_action_map; i++) {
+ if (id_action_map[i].identity != NULL) {
+ khm_cred_destroy_identity(id_action_map[i].identity);
+ }
+ }
+
+ return TRUE;
+ } else if (act_id == KHUI_ACTION_RENEW_ALL) {
+ khm_size i;
+
+ for (i=0; i < n_id_action_map; i++) {
+ if (id_action_map[i].identity != NULL) {
+ khm_cred_renew_identity(id_action_map[i].identity);
+ }
+ }
+
+ return TRUE;
+ } else {
+ khm_size i;
+
+ for (i=0; i < n_id_action_map; i++) {
+ if (id_action_map[i].identity == NULL)
+ continue;
+
+ if (id_action_map[i].renew_cmd == act_id) {
+ khm_cred_renew_identity(id_action_map[i].identity);
+ return TRUE;
+ }
+
+ if (id_action_map[i].destroy_cmd == act_id) {
+ khm_cred_destroy_identity(id_action_map[i].identity);
+ return TRUE;
+ }
+ }
+ }
+
+ return FALSE;
+}
+
+
HMENU khui_hmenu_main = NULL;
void khm_menu_refresh_items(void) {
@@ -625,9 +909,8 @@ void khm_menu_create_main(HWND parent) { if(!hwtb) {
#ifdef DEBUG
assert(FALSE);
-#else
- return;
#endif
+ return;
}
khui_main_menu_toolbar = hwtb;
diff --git a/src/windows/identity/ui/mainmenu.h b/src/windows/identity/ui/mainmenu.h index 7f718c2..a0f64a0 100644 --- a/src/windows/identity/ui/mainmenu.h +++ b/src/windows/identity/ui/mainmenu.h @@ -1,5 +1,6 @@ /*
* Copyright (c) 2005 Massachusetts Institute of Technology
+ * Copyright (c) 2007 Secure Endpoints Inc.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -46,6 +47,8 @@ void khm_menu_track_current(void); LRESULT khm_menu_measure_item(WPARAM wParam, LPARAM lparam);
LRESULT khm_menu_draw_item(WPARAM wParam, LPARAM lparam);
void khm_menu_refresh_items(void);
+khm_boolean khm_check_identity_menu_action(khm_int32 act_id);
+void khm_refresh_identity_menus(void);
static HMENU mm_create_menu_from_def(khui_menu_def * def, BOOL main);
static void mm_show_panel_def(khui_menu_def * def, LONG x, LONG y);
diff --git a/src/windows/identity/ui/mainwnd.c b/src/windows/identity/ui/mainwnd.c index eba23e4..71e09df 100644 --- a/src/windows/identity/ui/mainwnd.c +++ b/src/windows/identity/ui/mainwnd.c @@ -1,5 +1,6 @@ /*
* Copyright (c) 2005 Massachusetts Institute of Technology
+ * Copyright (c) 2007 Secure Endpoints Inc.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -25,6 +26,7 @@ /* $Id$ */
#include<khmapp.h>
+#include<intaction.h>
#include<assert.h>
ATOM khm_main_window_class;
@@ -62,8 +64,9 @@ mw_restart_refresh_timer(HWND hwnd) { &timeout)))
timeout = MW_REFRESH_TIMEOUT;
khc_close_space(csp_cw);
- } else
+ } else {
timeout = MW_REFRESH_TIMEOUT;
+ }
timeout *= 1000; /* convert to milliseconds */
@@ -172,6 +175,27 @@ khm_process_query_app_ver(khm_query_app_version * papp_ver) { papp_ver->code = KHM_ERROR_SUCCESS;
}
+static void
+khm_ui_cb(LPARAM lParam) {
+ khui_ui_callback_data * pcbdata;
+
+ pcbdata = (khui_ui_callback_data *) lParam;
+
+ if (pcbdata == NULL || pcbdata->magic != KHUI_UICBDATA_MAGIC) {
+#ifdef DEBUG
+ assert(FALSE);
+#endif
+ return;
+ }
+
+#ifdef DEBUG
+ assert(pcbdata->cb);
+#endif
+
+ /* make the call */
+ pcbdata->rv = (*pcbdata->cb)(khm_hwnd_main, pcbdata->rock);
+}
+
LRESULT CALLBACK
khm_main_wnd_proc(HWND hwnd,
UINT uMsg,
@@ -339,6 +363,10 @@ khm_main_wnd_proc(HWND hwnd, return SendMessage(khm_hwnd_main_cred, uMsg,
wParam, lParam);
+ case KHUI_ACTION_UICB:
+ khm_ui_cb(lParam);
+ break;
+
/* menu commands */
case KHUI_PACTION_MENU:
if(HIWORD(lParam) == 1)
@@ -408,6 +436,12 @@ khm_main_wnd_proc(HWND hwnd, {
khui_action * act;
+ /* check if this is an identity menu action. (custom
+ actions that were created for renewing or
+ destroying specific identities). */
+ if (khm_check_identity_menu_action(LOWORD(wParam)))
+ break;
+
act = khui_find_action(LOWORD(wParam));
if (act && act->listener) {
kmq_post_sub_msg(act->listener, KMSG_ACT, KMSG_ACT_ACTIVATE, act->cmd, NULL);
@@ -568,6 +602,9 @@ khm_main_wnd_proc(HWND hwnd, } else if (m->type == KMSG_CRED &&
m->subtype == KMSG_CRED_ADDR_CHANGE) {
khm_cred_addr_change();
+ } else if (m->type == KMSG_CRED &&
+ m->subtype == KMSG_CRED_ROOTDELTA) {
+ khm_refresh_identity_menus();
} else if (m->type == KMSG_KMM &&
m->subtype == KMSG_KMM_I_DONE) {
kmq_post_message(KMSG_ACT, KMSG_ACT_BEGIN_CMDLINE, 0, 0);
diff --git a/src/windows/identity/ui/newcredwnd.c b/src/windows/identity/ui/newcredwnd.c index b876b02..75ebef4 100644 --- a/src/windows/identity/ui/newcredwnd.c +++ b/src/windows/identity/ui/newcredwnd.c @@ -1,5 +1,6 @@ /*
* Copyright (c) 2005 Massachusetts Institute of Technology
+ * Copyright (c) 2007 Secure Endpoints Inc.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -1372,9 +1373,8 @@ static LRESULT nc_handle_wm_nc_notify(HWND hwnd, } else {
#ifdef DEBUG
assert(FALSE);
-#else
- continue;
#endif
+ continue;
}
}
diff --git a/src/windows/identity/ui/reqdaemon.c b/src/windows/identity/ui/reqdaemon.c index 684f6c7..b95f02d 100644 --- a/src/windows/identity/ui/reqdaemon.c +++ b/src/windows/identity/ui/reqdaemon.c @@ -1,5 +1,6 @@ /*
* Copyright (c) 2005 Massachusetts Institute of Technology
+ * Copyright (c) 2007 Secure Endpoints Inc.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -171,12 +172,11 @@ reqdaemonwnd_proc(HWND hwnd, pdlginfo->out.ccache,
&cb);
kcdb_identity_release(out_ident);
- }
+ } else {
#ifdef DEBUG
- else {
assert(FALSE);
- }
#endif
+ }
*atsign++ = 0;
diff --git a/src/windows/identity/ui/resource.h b/src/windows/identity/ui/resource.h index b8dc0ec..f430fe0 100644 --- a/src/windows/identity/ui/resource.h +++ b/src/windows/identity/ui/resource.h @@ -294,6 +294,13 @@ #define IDS_NC_PWD_FAILED_TITLE_I 287
#define IDS_NC_REN_FAILED_TITLE_I 288
#define IDS_CFG_IDNAME_NON 289
+#define IDS_MENU_DESTROY_CRED 290
+#define IDS_MENU_RENEW_CRED 291
+#define IDS_ACTION_DESTROY_ALL 292
+#define IDS_ACTION_RENEW_ALL 293
+#define IDS_IDACTION_RENEW 294
+#define IDS_IDACTION_DESTROY 295
+#define IDS_CTX_DESTROY_ID 296
#define IDC_NC_USERNAME 1007
#define IDC_NC_PASSWORD 1008
#define IDC_NC_CREDTEXT_LABEL 1009
diff --git a/src/windows/identity/ui/toolbar.c b/src/windows/identity/ui/toolbar.c index 7157563..f3781b9 100644 --- a/src/windows/identity/ui/toolbar.c +++ b/src/windows/identity/ui/toolbar.c @@ -1,5 +1,6 @@ /*
* Copyright (c) 2005 Massachusetts Institute of Technology
+ * Copyright (c) 2007 Secure Endpoints Inc.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -312,9 +313,8 @@ void khm_create_standard_toolbar(HWND rebar) { if (!def) {
#ifdef DEBUG
assert(FALSE);
-#else
- return;
#endif
+ return;
}
hwtb = CreateWindowEx(0
@@ -340,9 +340,8 @@ void khm_create_standard_toolbar(HWND rebar) { if(!hwtb) {
#ifdef DEBUG
assert(FALSE);
-#else
- return;
#endif
+ return;
}
hiList = ImageList_Create(
diff --git a/src/windows/identity/uilib/Makefile b/src/windows/identity/uilib/Makefile index 1920d6a..6a9fb53 100644 --- a/src/windows/identity/uilib/Makefile +++ b/src/windows/identity/uilib/Makefile @@ -37,6 +37,7 @@ UIDLLOBJFILES= \ $(OBJ)\acceldef.obj \
$(OBJ)\configui.obj \
$(OBJ)\trackerwnd.obj \
+ $(OBJ)\uibind.obj \
$(OBJ)\version.obj
INCFILES= \
@@ -50,7 +51,8 @@ INCFILES= \ $(INCDIR)\khprops.h \
$(INCDIR)\khconfigui.h \
$(INCDIR)\khtracker.h \
- $(INCDIR)\khremote.h
+ $(INCDIR)\khremote.h \
+ $(INCDIR)\intaction.h
$(OBJ)\actiondef.c: actions.csv actiondef.cfg
$(CCSV) $** $@
diff --git a/src/windows/identity/uilib/action.c b/src/windows/identity/uilib/action.c index 78fd3a8..e387268 100644 --- a/src/windows/identity/uilib/action.c +++ b/src/windows/identity/uilib/action.c @@ -1,5 +1,6 @@ /*
* Copyright (c) 2005 Massachusetts Institute of Technology
+ * Copyright (c) 2007 Secure Endpoints Inc.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -26,6 +27,7 @@ #define NOEXPORT
#include<khuidefs.h>
+#include<intaction.h>
#include<utils.h>
#include<assert.h>
@@ -153,8 +155,8 @@ khui_action_ref khui_menu_ico_ctx_min[] = { MENU_DEFACTION(KHUI_ACTION_OPEN_APP),
MENU_SEP(),
MENU_ACTION(KHUI_ACTION_NEW_CRED),
- MENU_ACTION(KHUI_ACTION_RENEW_CRED),
- MENU_ACTION(KHUI_ACTION_DESTROY_CRED),
+ MENU_SUBMENU(KHUI_MENU_RENEW_CRED),
+ MENU_SUBMENU(KHUI_MENU_DESTROY_CRED),
MENU_SEP(),
MENU_ACTION(KHUI_ACTION_EXIT),
MENU_END()
@@ -164,8 +166,8 @@ khui_action_ref khui_menu_ico_ctx_normal[] = { MENU_DEFACTION(KHUI_ACTION_CLOSE_APP),
MENU_SEP(),
MENU_ACTION(KHUI_ACTION_NEW_CRED),
- MENU_ACTION(KHUI_ACTION_RENEW_CRED),
- MENU_ACTION(KHUI_ACTION_DESTROY_CRED),
+ MENU_SUBMENU(KHUI_MENU_RENEW_CRED),
+ MENU_SUBMENU(KHUI_MENU_DESTROY_CRED),
MENU_SEP(),
MENU_ACTION(KHUI_ACTION_EXIT),
MENU_END()
@@ -181,6 +183,16 @@ khui_action_ref khui_menu_columns[] = { MENU_END()
};
+khui_action_ref khui_menu_destroy_cred[] = {
+ MENU_DEFACTION(KHUI_ACTION_DESTROY_ALL),
+ MENU_END()
+};
+
+khui_action_ref khui_menu_renew_cred[] = {
+ MENU_DEFACTION(KHUI_ACTION_RENEW_ALL),
+ MENU_END()
+};
+
khui_action_ref khui_pmenu_tok_sel[] = {
MENU_ACTION(KHUI_ACTION_RENEW_CRED),
MENU_ACTION(KHUI_ACTION_DESTROY_CRED),
@@ -204,6 +216,8 @@ khui_menu_def khui_all_menus[] = { CONSTMENU(KHUI_MENU_OPTIONS, KHUI_MENUSTATE_CONSTANT | KHUI_MENUSTATE_SYSTEM, khui_menu_options),
CONSTMENU(KHUI_MENU_HELP, KHUI_MENUSTATE_CONSTANT | KHUI_MENUSTATE_SYSTEM, khui_menu_help),
CONSTMENU(KHUI_MENU_COLUMNS, KHUI_MENUSTATE_CONSTANT | KHUI_MENUSTATE_SYSTEM, khui_menu_columns),
+ CONSTMENU(KHUI_MENU_RENEW_CRED, KHUI_MENUSTATE_CONSTANT | KHUI_MENUSTATE_SYSTEM, khui_menu_renew_cred),
+ CONSTMENU(KHUI_MENU_DESTROY_CRED, KHUI_MENUSTATE_CONSTANT | KHUI_MENUSTATE_SYSTEM, khui_menu_destroy_cred),
/* toolbars */
CONSTMENU(KHUI_TOOLBAR_STANDARD, KHUI_MENUSTATE_CONSTANT | KHUI_MENUSTATE_SYSTEM, khui_toolbar_standard),
diff --git a/src/windows/identity/uilib/actions.csv b/src/windows/identity/uilib/actions.csv index 50c19d4..88ac440 100644 --- a/src/windows/identity/uilib/actions.csv +++ b/src/windows/identity/uilib/actions.csv @@ -7,6 +7,8 @@ KHUI_MENU_HELP,KHUI_ACTIONTYPE_TRIGGER,,0,0,0,0,0,IDS_MENU_HELP,0,IDH_MENU_HELP, KHUI_MENU_LAYOUT,KHUI_ACTIONTYPE_TRIGGER,,0,0,0,0,0,IDS_MENU_LAYOUT,0,0,0
KHUI_MENU_TOOLBARS,KHUI_ACTIONTYPE_TRIGGER,,0,0,0,0,0,IDS_MENU_TOOLBARS,0,0,0
KHUI_MENU_COLUMNS,KHUI_ACTIONTYPE_TRIGGER,,0,0,0,0,0,IDS_ACTION_CHOOSE_COLS,0,IDH_ACTION_CHOOSE_COLS,0
+KHUI_MENU_DESTROY_CRED,KHUI_ACTIONTYPE_TRIGGER,,0,0,0,0,0,IDS_MENU_DESTROY_CRED,0,0,0
+KHUI_MENU_RENEW_CRED,KHUI_ACTIONTYPE_TRIGGER,,0,0,0,0,0,IDS_MENU_RENEW_CRED,0,0,0
KHUI_ACTION_PROPERTIES,KHUI_ACTIONTYPE_TRIGGER,,0,0,0,0,0,IDS_ACTION_PROPERTIES,IDS_ACTIONT_PROPERTIES,IDH_ACTION_PROPERTIES,0
KHUI_ACTION_EXIT,KHUI_ACTIONTYPE_TRIGGER,,0,0,0,0,0,IDS_ACTION_EXIT,IDS_ACTIONT_EXIT,IDH_ACTION_EXIT,0
KHUI_ACTION_SET_DEF_ID,KHUI_ACTIONTYPE_TRIGGER | KHUI_ACTIONTYPE_TOGGLE,,0,0,0,0,0,IDS_ACTION_SET_DEF_ID,IDS_ACTIONT_SET_DEF_ID,IDH_ACTION_SET_DEF_ID,0
@@ -34,6 +36,8 @@ KHUI_ACTION_HELP_ABOUT,KHUI_ACTIONTYPE_TRIGGER,,0,0,0,0,0,IDS_ACTION_HELP_ABOUT, KHUI_ACTION_OPEN_APP,KHUI_ACTIONTYPE_TRIGGER,,0,0,0,0,0,IDS_ACTION_OPEN_APP,0,0,0
KHUI_ACTION_CLOSE_APP,KHUI_ACTIONTYPE_TRIGGER,,0,0,0,0,0,IDS_ACTION_CLOSE_APP,0,0,0
KHUI_ACTION_IMPORT,KHUI_ACTIONTYPE_TRIGGER,,IDB_IMPORT,0,IDB_IMPORT_DIS,IDB_IMPORT_SM,IDB_IMPORT_SM_DIS,IDS_ACTION_IMPORT,IDS_ACTIONT_IMPORT,0,0
+KHUI_ACTION_DESTROY_ALL,KHUI_ACTIONTYPE_TRIGGER,,0,0,0,0,0,IDS_ACTION_DESTROY_ALL,0,0,0
+KHUI_ACTION_RENEW_ALL,KHUI_ACTIONTYPE_TRIGGER,,0,0,0,0,0,IDS_ACTION_RENEW_ALL,0,0,0
KHUI_PACTION_OK,KHUI_ACTIONTYPE_TRIGGER,,0,0,0,0,0,IDS_PACTION_OK,0,0,0
KHUI_PACTION_CANCEL,KHUI_ACTIONTYPE_TRIGGER,,0,0,0,0,0,IDS_PACTION_CANCEL,0,0,0
KHUI_PACTION_CLOSE,KHUI_ACTIONTYPE_TRIGGER,,0,0,0,0,0,IDS_PACTION_CLOSE,0,0,0
diff --git a/src/windows/identity/uilib/intaction.h b/src/windows/identity/uilib/intaction.h new file mode 100644 index 0000000..2b4a66a --- /dev/null +++ b/src/windows/identity/uilib/intaction.h @@ -0,0 +1,44 @@ +/*
+ * Copyright (c) 2007 Secure Endpoints Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use, copy,
+ * modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+/* $Id$ */
+
+#ifndef __NETIDMGR_ACTION_H_INTERNAL
+#define __NETIDMGR_ACTION_H_INTERNAL
+
+/* Internal declarations for exports and data structured used in
+ nidmgr32.dll and netidmgr.exe */
+
+extern HWND khui_hwnd_main;
+
+typedef struct tag_khui_ui_callback_data {
+ khm_int32 magic;
+ khm_ui_callback cb;
+ void * rock;
+ khm_int32 rv;
+} khui_ui_callback_data;
+
+#define KHUI_UICBDATA_MAGIC 0x8a08572a
+
+#endif
diff --git a/src/windows/identity/uilib/khactiondef.h b/src/windows/identity/uilib/khactiondef.h index 68bbf91..31866ba 100644 --- a/src/windows/identity/uilib/khactiondef.h +++ b/src/windows/identity/uilib/khactiondef.h @@ -1,5 +1,6 @@ /*
* Copyright (c) 2005 Massachusetts Institute of Technology
+ * Copyright (c) 2007 Secure Endpoints Inc.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -65,6 +66,9 @@ #define KHUI_ACTION_LAYOUT_CUST (KHUI_ACTION_BASE + 30)
#define KHUI_ACTION_OPT_APPEAR (KHUI_ACTION_BASE + 31)
#define KHUI_ACTION_LAYOUT_RELOAD (KHUI_ACTION_BASE + 32)
+#define KHUI_ACTION_RENEW_ALL (KHUI_ACTION_BASE + 33)
+#define KHUI_ACTION_DESTROY_ALL (KHUI_ACTION_BASE + 34)
+#define KHUI_ACTION_UICB (KHUI_ACTION_BASE + 35)
/*@}*/
/*! \name Pseudo actions
@@ -105,6 +109,7 @@ context. #define KHUI_PACTION_PGUP (KHUI_PACTION_BASE + 26)
#define KHUI_PACTION_PGUP_EXTEND (KHUI_PACTION_BASE + 27)
#define KHUI_PACTION_PGDN_EXTEND (KHUI_PACTION_BASE + 28)
+
/*@}*/
/*! \name Menus
@@ -135,7 +140,9 @@ Stock menus. #define KHUI_PMENU_TOK_SEL (KHUI_MENU_BASE + 10)
#define KHUI_PMENU_ID_SEL (KHUI_MENU_BASE + 11)
-/* Next menu: 14 */
+#define KHUI_MENU_DESTROY_CRED (KHUI_MENU_BASE + 16)
+#define KHUI_MENU_RENEW_CRED (KHUI_MENU_BASE + 17)
+
/*@}*/
/*! \name Toolbars
diff --git a/src/windows/identity/uilib/khnewcred.h b/src/windows/identity/uilib/khnewcred.h index b2b014e..1785d59 100644 --- a/src/windows/identity/uilib/khnewcred.h +++ b/src/windows/identity/uilib/khnewcred.h @@ -225,9 +225,9 @@ typedef struct tag_khui_new_creds { khm_int32 subtype; /*!< Subtype of the request that is
being handled through this object.
- One of ::KMSG_CRED_INITIAL_CREDS,
- ::KMSG_CRED_NEW_CREDS or
- ::KMSG_CRED_RENEW_CREDS */
+ One of ::KMSG_CRED_NEW_CREDS,
+ ::KMSG_CRED_RENEW_CREDS or
+ ::KMSG_CRED_PASSWORD */
CRITICAL_SECTION cs; /*!< Internal use */
diff --git a/src/windows/identity/uilib/khuidefs.h b/src/windows/identity/uilib/khuidefs.h index de28979..845f781 100644 --- a/src/windows/identity/uilib/khuidefs.h +++ b/src/windows/identity/uilib/khuidefs.h @@ -1,5 +1,6 @@ /*
* Copyright (c) 2005 Massachusetts Institute of Technology
+ * Copyright (c) 2007 Secure Endpoints Inc.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -87,6 +88,42 @@ khm_get_lib_version(khm_version * libver, khm_ui_4 * apiver); KHMEXP khm_ui_4 KHMAPI
khm_get_commctl_version(khm_version * pdvi);
+/*! \brief UI callback function
+
+ Used with khui_request_UI_callback().
+
+ \see khui_request_UI_callback()
+ */
+typedef khm_int32
+(KHMAPI *khm_ui_callback)(HWND hwnd_main_wnd, void * rock);
+
+/*! \brief Request a UI callback
+
+ In general, plug-ins in Network Identity Manager run in their own
+ thread and will not be able to interact with the user directly by
+ creating windows of its own. There are exceptions to this, such
+ as when the plug-in is responding to a new credentials request or
+ if the plug-in provides configuration panels. However, if a
+ plug-in needs to provide a user interface to the user outside of
+ the provisions already provided by Network Identity Manager, it
+ needs to do so from within the user interface thread.
+
+ To do so, a plug-in would provide a callback function of the type
+ ::khm_ui_callback to this function. The Network Identity Manager
+ will then call the callback function from within the user
+ interface thread. At this point, the callback function can create
+ any windows it wishes to create and interact with the user
+ directly.
+
+ Note that when the plug-in creates any windows, it should specify
+ the window handle provided via the \a hwnd_main_wnd parameter as
+ the parent window.
+
+ \see ::khm_ui_callback
+ */
+KHMEXP khm_int32 KHMAPI
+khui_request_UI_callback(khm_ui_callback cb, void * rock);
+
/*!@}*/
#endif
diff --git a/src/windows/identity/uilib/uibind.c b/src/windows/identity/uilib/uibind.c new file mode 100644 index 0000000..ac5e136 --- /dev/null +++ b/src/windows/identity/uilib/uibind.c @@ -0,0 +1,58 @@ +/*
+ * Copyright (c) 2007 Secure Endpoints Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use, copy,
+ * modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+/* $Id$ */
+
+#include<khuidefs.h>
+#include<intaction.h>
+
+#ifdef DEBUG
+#include <assert.h>
+#endif
+
+KHMEXP khm_int32 KHMAPI
+khui_request_UI_callback(khm_ui_callback cb, void * rock) {
+
+ khui_ui_callback_data cbdata;
+
+#ifdef DEBUG
+ assert(khui_hwnd_main);
+#endif
+
+ if (khui_hwnd_main == NULL)
+ return KHM_ERROR_NOT_READY;
+
+ ZeroMemory(&cbdata, sizeof(cbdata));
+ cbdata.magic = KHUI_UICBDATA_MAGIC;
+ cbdata.cb = cb;
+ cbdata.rock = rock;
+ cbdata.rv = KHM_ERROR_NOT_IMPLEMENTED;
+
+ SendMessage(khui_hwnd_main, WM_COMMAND,
+ MAKEWPARAM(KHUI_ACTION_UICB, 0),
+ (LPARAM) &cbdata);
+
+ return KHM_ERROR_SUCCESS;
+}
+
diff --git a/src/windows/installer/nsis/kfw-fixed.nsi b/src/windows/installer/nsis/kfw-fixed.nsi index 3b038c0..c61f5a1 100644 --- a/src/windows/installer/nsis/kfw-fixed.nsi +++ b/src/windows/installer/nsis/kfw-fixed.nsi @@ -1,6 +1,7 @@ ;----------------------------------------------------------------- ; KfW defines and functionality ; Copyright (c) 2004 Massachusetts Institute of Technology +; Copyright (c) 2006 Secure Endpoints Inc. !define KFW_VERSION "${KFW_MAJORVERSION}.${KFW_MINORVERSION}.${KFW_PATCHLEVEL}" @@ -32,7 +33,7 @@ VIAddVersionKey "CompanyName" "Massachusetts Institute of Technology" VIAddVersionKey "ProductVersion" ${VIProductVersion} VIAddVersionKey "FileVersion" ${VIProductVersion} VIAddVersionKey "FileDescription" "MIT Kerberos for Windows Installer" -VIAddVersionKey "LegalCopyright" "(C)2004,2005" +VIAddVersionKey "LegalCopyright" "(C)2004,2005,2006" !ifdef DEBUG VIAddVersionKey "PrivateBuild" "Checked/Debug" !endif ; End DEBUG @@ -75,6 +76,7 @@ VIAddVersionKey "PrivateBuild" "Checked/Debug" !define KFW_DOC_DIR "${KFW_TARGETDIR}\doc" !define KFW_INC_DIR "${KFW_TARGETDIR}\inc" !define KFW_LIB_DIR "${KFW_TARGETDIR}\lib\i386" + !define KFW_SAMPLE_DIR "${KFW_TARGETDIR}\sample" !define KFW_INSTALL_DIR "${KFW_TARGETDIR}\install" !define SYSTEMDIR "$%SystemRoot%\System32" @@ -546,6 +548,7 @@ Section "KfW SDK" secSDK RMDir /r "$INSTDIR\inc" RMDir /r "$INSTDIR\lib" RMDir /r "$INSTDIR\install" + RMDir /r "$INSTDIR\sample" SetOutPath "$INSTDIR\doc" File /r "${KFW_DOC_DIR}\netiddev.chm" @@ -580,6 +583,9 @@ Section "KfW SDK" secSDK SetOutPath "$INSTDIR\install" File /r "${KFW_INSTALL_DIR}\*" + SetOutPath "$INSTDIR\sample" + File /r "${KFW_SAMPLE_DIR}\*" + CreateShortCut "$SMPROGRAMS\${PROGRAM_NAME}\Network Identity Developer Documentation.lnk" "$INSTDIR\bin\netiddev.chm" Call KFWCommon.Install diff --git a/src/windows/installer/wix/custom/custom.cpp b/src/windows/installer/wix/custom/custom.cpp index fdf4bbb..d6c6378 100644 --- a/src/windows/installer/wix/custom/custom.cpp +++ b/src/windows/installer/wix/custom/custom.cpp @@ -704,10 +704,12 @@ DWORD InstNetProvider(MSIHANDLE hInstall, int bInst) { dwSize = 0; CHECK(rv = RegQueryValueEx( hkOrder, STR_VAL_ORDER, NULL, NULL, NULL, &dwSize ) ); - strOrder = new TCHAR[ (dwSize + STR_SERVICE_LEN) * sizeof(TCHAR) ]; + strOrder = new TCHAR[ (dwSize + STR_SERVICE_LEN + 4) * sizeof(TCHAR) ]; CHECK(rv = RegQueryValueEx( hkOrder, STR_VAL_ORDER, NULL, NULL, (LPBYTE) strOrder, &dwSize)); + strOrder[dwSize] = '\0'; /* reg strings are not always nul terminated */ + npi_CheckAndAddRemove( strOrder, STR_SERVICE , bInst); dwSize = (lstrlen( strOrder ) + 1) * sizeof(TCHAR); diff --git a/src/windows/installer/wix/files.wxi b/src/windows/installer/wix/files.wxi index 9ee81bb..5fc0966 100644 --- a/src/windows/installer/wix/files.wxi +++ b/src/windows/installer/wix/files.wxi @@ -338,12 +338,35 @@ </Component> <Component Id="cmf_krb5cred_dll" Guid="27A7723A-F0D9-4F06-892C-54F0AC6014C3" DiskId="1"> <File Id="fil_krb5cred_dll" LongName="krb5cred.dll" Name="krb5cred.dll" KeyPath="yes" /> + <Registry Id="reg_krb5cred_1" Root="HKLM" Key="Software\MIT\NetIDMgr\PluginManager\Modules\MITKrb5" Action="createKeyAndRemoveKeyOnUninstall" /> + <Registry Id="reg_krb5cred_2" Root="HKLM" Key="Software\MIT\NetIDMgr\PluginManager\Modules\MITKrb5" Name="ImagePath" Type="string" Value="[#fil_krb5cred_dll]" /> + <Registry Id="reg_krb5cred_3" Root="HKLM" Key="Software\MIT\NetIDMgr\PluginManager\Modules\MITKrb5" Name="PluginList" Type="string" Value="Krb5Cred,Krb5Ident" /> + <Registry Id="reg_krb5cred_4" Root="HKLM" Key="Software\MIT\NetIDMgr\PluginManager\Plugins\Krb5Cred" Action="createKeyAndRemoveKeyOnUninstall" /> + <Registry Id="reg_krb5cred_5" Root="HKLM" Key="Software\MIT\NetIDMgr\PluginManager\Plugins\Krb5Cred" Name="Module" Type="string" Value="MITKrb5" /> + <Registry Id="reg_krb5cred_6" Root="HKLM" Key="Software\MIT\NetIDMgr\PluginManager\Plugins\Krb5Cred" Name="Description" Type="string" Value="Kerberos v5 Credentials Provider" /> + <Registry Id="reg_krb5cred_7" Root="HKLM" Key="Software\MIT\NetIDMgr\PluginManager\Plugins\Krb5Cred" Name="Type" Type="integer" Value="1" /> + <Registry Id="reg_krb5cred_8" Root="HKLM" Key="Software\MIT\NetIDMgr\PluginManager\Plugins\Krb5Cred" Name="Flags" Type="integer" Value="0" /> + <Registry Id="reg_krb5cred_9" Root="HKLM" Key="Software\MIT\NetIDMgr\PluginManager\Plugins\Krb5Ident" Action="createKeyAndRemoveKeyOnUninstall" /> + <Registry Id="reg_krb5cred_a" Root="HKLM" Key="Software\MIT\NetIDMgr\PluginManager\Plugins\Krb5Ident" Name="Module" Type="string" Value="MITKrb5" /> + <Registry Id="reg_krb5cred_b" Root="HKLM" Key="Software\MIT\NetIDMgr\PluginManager\Plugins\Krb5Ident" Name="Description" Type="string" Value="Kerberos v5 Identity Provider" /> + <Registry Id="reg_krb5cred_c" Root="HKLM" Key="Software\MIT\NetIDMgr\PluginManager\Plugins\Krb5Ident" Name="Dependencies" Type="string" Value="Krb5Cred" /> + <Registry Id="reg_krb5cred_d" Root="HKLM" Key="Software\MIT\NetIDMgr\PluginManager\Plugins\Krb5Ident" Name="Type" Type="integer" Value="2" /> + <Registry Id="reg_krb5cred_e" Root="HKLM" Key="Software\MIT\NetIDMgr\PluginManager\Plugins\Krb5Ident" Name="Flags" Type="integer" Value="0" /> </Component> <Component Id="cmf_krb5cred_en_us_dll" Guid="EA9ABE05-A85B-43BB-8741-50D3C3128632" DiskId="1"> <File Id="fil_krb5cred_en_us_dll" LongName="krb5cred_en_us.dll" Name="krb5cenu.dll" KeyPath="yes" /> </Component> <Component Id="cmf_krb4cred_dll" Guid="E3B86954-9D5D-4929-A5E6-B22ED03E6D6C" DiskId="1"> <File Id="fil_krb4cred_dll" LongName="krb4cred.dll" Name="krb4cred.dll" KeyPath="yes" /> + <Registry Id="reg_krb4cred_1" Root="HKLM" Key="Software\MIT\NetIDMgr\PluginManager\Modules\MITKrb4" Action="createKeyAndRemoveKeyOnUninstall" /> + <Registry Id="reg_krb4cred_2" Root="HKLM" Key="Software\MIT\NetIDMgr\PluginManager\Modules\MITKrb4" Name="ImagePath" Type="string" Value="[#fil_krb4cred_dll]" /> + <Registry Id="reg_krb4cred_3" Root="HKLM" Key="Software\MIT\NetIDMgr\PluginManager\Modules\MITKrb4" Name="PluginList" Type="string" Value="Krb4Cred" /> + <Registry Id="reg_krb4cred_4" Root="HKLM" Key="Software\MIT\NetIDMgr\PluginManager\Plugins\Krb4Cred" Action="createKeyAndRemoveKeyOnUninstall" /> + <Registry Id="reg_krb4cred_5" Root="HKLM" Key="Software\MIT\NetIDMgr\PluginManager\Plugins\Krb4Cred" Name="Module" Type="string" Value="MITKrb4" /> + <Registry Id="reg_krb4cred_6" Root="HKLM" Key="Software\MIT\NetIDMgr\PluginManager\Plugins\Krb4Cred" Name="Description" Type="string" Value="Kerberos v4 Credentials Provider" /> + <Registry Id="reg_krb4cred_7" Root="HKLM" Key="Software\MIT\NetIDMgr\PluginManager\Plugins\Krb4Cred" Name="Dependencies" Type="string" Value="Krb5Cred" /> + <Registry Id="reg_krb4cred_8" Root="HKLM" Key="Software\MIT\NetIDMgr\PluginManager\Plugins\Krb4Cred" Name="Type" Type="integer" Value="1" /> + <Registry Id="reg_krb4cred_9" Root="HKLM" Key="Software\MIT\NetIDMgr\PluginManager\Plugins\Krb4Cred" Name="Flags" Type="integer" Value="0" /> </Component> <Component Id="cmf_krb4cred_en_us_dll" Guid="3FF40A29-E2C3-40F3-B81C-2948494BE4B0" DiskId="1"> <File Id="fil_krb4cred_en_us_dll" LongName="krb4cred_en_us.dll" Name="krb4cenu.dll" KeyPath="yes" /> @@ -353,8 +376,8 @@ <File Id="fil_netidmgr_chm" LongName="netidmgr.chm" Name="netidmgr.chm" /> <Registry Id="reg_ts_netidmgr_0" Root="HKLM" Key="Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\netidmgr" Action="createKeyAndRemoveKeyOnUninstall" /> <Registry Id="reg_ts_netidmgr_1" Root="HKLM" Key="Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\netidmgr" Name="Flags" Type="integer" Value="1032" /> - <Shortcut Id="sc_netidmgr_exe" Advertise="no" Directory="dirShortcut" LongName="Network Identity Manager.lnk" Name="netidmgr.lnk" Target="[dirbin]netidmgr.exe" Show="minimized" WorkingDirectory="[dirbin]"/> - <Shortcut Id="sc_netidmgr_chm" Advertise="no" Directory="dirShortcut" LongName="Network Identity Manager Documentation.lnk" Name="netidchm.lnk" Target="[dirbin]netidmgr.chm" WorkingDirectory="[dirbin]"/> + <Shortcut Id="sc_netidmgr_exe" Advertise="no" Directory="dirShortcut" LongName="Network Identity Manager.lnk" Name="netidmgr.lnk" Target="[dirbin]netidmgr.exe" Show="minimized" WorkingDirectory="dirbin"/> + <Shortcut Id="sc_netidmgr_chm" Advertise="no" Directory="dirShortcut" LongName="Network Identity Manager Documentation.lnk" Name="netidchm.lnk" Target="[dirbin]netidmgr.chm" WorkingDirectory="dirbin"/> <Condition>VersionNT > 500</Condition> </Component> <Component Id="cmf_netidmgr_exe_w2k" Guid="0F85D4F3-7897-4FE3-8501-AD0C383CCB4F" DiskId="1" Transitive="yes"> @@ -362,8 +385,8 @@ <File Id="fil_netidmgr_chm_w2k" LongName="netidmgr.chm" Name="netidmgr.chm" /> <Registry Id="reg_ts_netidmgr_0_w2k" Root="HKLM" Key="Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\netidmgr" Action="createKeyAndRemoveKeyOnUninstall" /> <Registry Id="reg_ts_netidmgr_1_w2k" Root="HKLM" Key="Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\netidmgr" Name="Flags" Type="integer" Value="1032" /> - <Shortcut Id="sc_netidmgr_exe_w2k" Advertise="no" Directory="dirShortcut" LongName="Network Identity Manager.lnk" Name="netidmgr.lnk" Target="[dirbin]netidmgr.exe" Show="minimized" WorkingDirectory="[dirbin]"/> - <Shortcut Id="sc_netidmgr_chm_w2k" Advertise="no" Directory="dirShortcut" LongName="Network Identity Manager Documentation.lnk" Name="netidchm.lnk" Target="[dirbin]netidmgr.chm" WorkingDirectory="[dirbin]"/> + <Shortcut Id="sc_netidmgr_exe_w2k" Advertise="no" Directory="dirShortcut" LongName="Network Identity Manager.lnk" Name="netidmgr.lnk" Target="[dirbin]netidmgr.exe" Show="minimized" WorkingDirectory="dirbin"/> + <Shortcut Id="sc_netidmgr_chm_w2k" Advertise="no" Directory="dirShortcut" LongName="Network Identity Manager Documentation.lnk" Name="netidchm.lnk" Target="[dirbin]netidmgr.chm" WorkingDirectory="dirbin"/> <Condition>VersionNT <= 500</Condition> </Component> <!-- /NetIDMgr --> @@ -628,8 +651,8 @@ <Directory Id="dirinc_krb5_gssapi" Name="gssapi" src="$(var.IncDir)\krb5\gssapi\"> <Component Id="cmp_dirinc_krb5_gssapi" Guid="BD3C190B-1EBB-4d14-81DD-B2000DC4EAC7" DiskId="1"> <File Id="fil_gssapi_h" LongName="gssapi.h" Name="gssapi.h" KeyPath="yes" /> - <File Id="fil_gssapi_generic_h" LongName="gssapi_generic.h" Name="GSSAPI~1.H" /> - <File Id="fil_gssapi_krb5_h" LongName="gssapi_krb5.h" Name="GSSAPI~2.H" /> + <File Id="fil_gssapi_generic_h" LongName="gssapi_generic.h" Name="GSSAPI_G.H" /> + <File Id="fil_gssapi_krb5_h" LongName="gssapi_krb5.h" Name="GSSAPI_K.H" /> </Component> </Directory> <Directory Id="dirinc_krb5_KerberosIV" LongName="KerberosIV" Name="krb4" src="$(var.IncDir)\krb5\KerberosIV\"> @@ -638,7 +661,7 @@ <File Id="fil_kadm_err_.h" LongName="kadm_err.h" Name="kadm_err.h" /> <File Id="fil_krb_.h" LongName="krb.h" Name="krb.h" KeyPath="yes" /> <File Id="fil_krb_err_.h" LongName="krb_err.h" Name="krb_err.h" /> - <File Id="fil_mit_copyright_.h" LongName="mit-copyright.h" Name="MIT-CO~1.H" /> + <File Id="fil_mit_copyright_.h" LongName="mit-copyright.h" Name="MIT-COPY.H" /> </Component> </Directory> <Component Id="cmp_dirinc_krb5" Guid="7FD8008B-2F46-4613-8A09-989F643258F1" DiskId="1"> @@ -656,46 +679,46 @@ <Directory Id="dirinc_leash" Name="leash" src="$(var.IncDir)leash\"> <Component Id="cmp_dirinc_leash" Guid="FCF269AB-D9BC-49bd-B9F3-D6EA9697D8D7" DiskId="1"> <File Id="fil_leasherr_h" LongName="leasherr.h" Name="leasherr.h" /> - <File Id="fil_leashinfo_h" LongName="leashinfo.h" Name="LEASHI~1.H" /> + <File Id="fil_leashinfo_h" LongName="leashinfo.h" Name="LEASHINF.H" /> <File Id="fil_leashwin_h" LongName="leashwin.h" Name="leashwin.h" KeyPath="yes" /> </Component> </Directory> <Directory Id="dirinc_loadfuncs" LongName="loadfuncs" Name="loadfunc" src="$(var.IncDir)loadfuncs\"> <Component Id="cmp_dirinc_loadfuncs" Guid="C8E59D05-4502-498b-A107-1DF65C3A27D3" DiskId="1"> - <File Id="fil_loadfuncs_afs_h" LongName="loadfuncs-afs.h" Name="LOADFU~1.H" /> - <File Id="fil_loadfuncs_afs36_h" LongName="loadfuncs-afs36.h" Name="LOADFU~2.H" /> - <File Id="fil_loadfuncs_com_err_h" LongName="loadfuncs-com_err.h" Name="LOADFU~3.H" /> - <File Id="fil_loadfuncs_krb_h" LongName="loadfuncs-krb.h" Name="LOADFU~4.H" /> - <File Id="fil_loadfuncs_krb5_h" LongName="loadfuncs-krb5.h" Name="LOC37B~1.H" /> - <File Id="fil_loadfuncs_krb524_h" LongName="loadfuncs-krb524.h" Name="LOCEB8~1.H" /> - <File Id="fil_loadfuncs_leash_h" LongName="loadfuncs-leash.h" Name="LOF608~1.H" /> - <File Id="fil_loadfuncs_lsa_h" LongName="loadfuncs-lsa.h" Name="LO1903~1.H" /> - <File Id="fil_loadfuncs_profile_h" LongName="loadfuncs-profile.h" Name="LOD197~1.H" /> - <File Id="fil_loadfuncs_wshelper_h" LongName="loadfuncs-wshelper.h" Name="LO8FF4~1.H" /> - <File Id="fil_loadfuncs_c" LongName="loadfuncs.c" Name="LOADFU~1.C" /> - <File Id="fil_loadfuncs_h" LongName="loadfuncs.h" Name="LO87BD~1.H" KeyPath="yes" /> + <File Id="fil_loadfuncs_afs_h" LongName="loadfuncs-afs.h" Name="LF-AFS.H" /> + <File Id="fil_loadfuncs_afs36_h" LongName="loadfuncs-afs36.h" Name="LF-AFS36.H" /> + <File Id="fil_loadfuncs_com_err_h" LongName="loadfuncs-com_err.h" Name="LF-COMER.H" /> + <File Id="fil_loadfuncs_krb_h" LongName="loadfuncs-krb.h" Name="LF-KRB.H" /> + <File Id="fil_loadfuncs_krb5_h" LongName="loadfuncs-krb5.h" Name="LF-KRB5.H" /> + <File Id="fil_loadfuncs_krb524_h" LongName="loadfuncs-krb524.h" Name="LF-K524.H" /> + <File Id="fil_loadfuncs_leash_h" LongName="loadfuncs-leash.h" Name="LF-LEASH.H" /> + <File Id="fil_loadfuncs_lsa_h" LongName="loadfuncs-lsa.h" Name="LF-LFA.H" /> + <File Id="fil_loadfuncs_profile_h" LongName="loadfuncs-profile.h" Name="LF-PROF.H" /> + <File Id="fil_loadfuncs_wshelper_h" LongName="loadfuncs-wshelper.h" Name="LF-WSHLP.H" /> + <File Id="fil_loadfuncs_c" LongName="loadfuncs.c" Name="LOADFUNC.C" /> + <File Id="fil_loadfuncs_h" LongName="loadfuncs.h" Name="LOADFUNC.H" KeyPath="yes" /> </Component> </Directory> <Directory Id="dirinc_netidmgr" Name="netidmgr" src="$(var.IncDir)netidmgr\"> <Component Id="cmp_dirinc_netidmgr" Guid="EBD8BA04-574A-4081-A994-BCEC8ACBC878" DiskId="1"> - <File Id="fil_hashtable_h" LongName="hashtable.h" Name="HASHTA~1.H" /> + <File Id="fil_hashtable_h" LongName="hashtable.h" Name="HASHTABL.H" /> <File Id="fil_kconfig_h" LongName="kconfig.h" Name="kconfig.h" /> <File Id="fil_kcreddb_h" LongName="kcreddb.h" Name="kcreddb.h" /> <File Id="fil_khaction_h" LongName="khaction.h" Name="khaction.h" /> - <File Id="fil_khactiondef_h" LongName="khactiondef.h" Name="KHACTI~1.H" /> + <File Id="fil_khactiondef_h" LongName="khactiondef.h" Name="KHACTDEF.H" /> <File Id="fil_khalerts_h" LongName="khalerts.h" Name="khalerts.h" /> - <File Id="fil_khconfigui_h" LongName="khconfigui.h" Name="KHCONF~1.H" /> + <File Id="fil_khconfigui_h" LongName="khconfigui.h" Name="KHCONFUI.H" /> <File Id="fil_khdefs_h" LongName="khdefs.h" Name="khdefs.h" /> <File Id="fil_kherr_h" LongName="kherr.h" Name="kherr.h" /> <File Id="fil_kherror_h" LongName="kherror.h" Name="kherror.h" /> <File Id="fil_khhtlink_h" LongName="khhtlink.h" Name="khhtlink.h" /> <File Id="fil_khlist_h" LongName="khlist.h" Name="khlist.h" /> - <File Id="fil_khmsgtypes_h" LongName="khmsgtypes.h" Name="KHMSGT~1.H" /> - <File Id="fil_khnewcred_h" LongName="khnewcred.h" Name="KHNEWC~1.H" /> + <File Id="fil_khmsgtypes_h" LongName="khmsgtypes.h" Name="KHMSGTYP.H" /> + <File Id="fil_khnewcred_h" LongName="khnewcred.h" Name="KHNEWCRD.H" /> <File Id="fil_khprops_h" LongName="khprops.h" Name="khprops.h" /> <File Id="fil_khremote_h" LongName="khremote.h" Name="khremote.h" /> - <File Id="fil_khrescache_h" LongName="khrescache.h" Name="KHRESC~1.H" /> - <File Id="fil_khtracker_h" LongName="khtracker.h" Name="KHTRAC~1.H" /> + <File Id="fil_khrescache_h" LongName="khrescache.h" Name="KHRESCHE.H" /> + <File Id="fil_khtracker_h" LongName="khtracker.h" Name="KHTRACKR.H" /> <File Id="fil_khuidefs_h" LongName="khuidefs.h" Name="khuidefs.h" KeyPath="yes" /> <File Id="fil_kmm_h" LongName="kmm.h" Name="kmm.h" /> <File Id="fil_kmq_h" LongName="kmq.h" Name="kmq.h" /> @@ -727,7 +750,7 @@ <Directory Id="dirlib_i386" Name="i386" src="$(var.LibDir)"> <Component Id="cmp_dirlib_i386" Guid="CFEE3ED4-92D4-49e1-BB78-8BCBC60C3E57" DiskId="1"> <File Id="fil_comerr32_lib" LongName="comerr32.lib" Name="comerr32.lib" /> - <File Id="fil_delaydlls_lib" LongName="delaydlls.lib" Name="DELAYD~1.LIB" /> + <File Id="fil_delaydlls_lib" LongName="delaydlls.lib" Name="DELAYDLL.LIB" /> <File Id="fil_getopt_lib" LongName="getopt.lib" Name="getopt.lib" /> <File Id="fil_gssapi32_lib" LongName="gssapi32.lib" Name="gssapi32.lib" /> <File Id="fil_kclnt32_lib" LongName="kclnt32.lib" Name="kclnt32.lib" /> @@ -736,7 +759,7 @@ <File Id="fil_krbcc32_lib" LongName="krbcc32.lib" Name="krbcc32.lib" /> <File Id="fil_krbv4w32_lib" LongName="krbv4w32.lib" Name="krbv4w32.lib" /> <File Id="fil_leashw32_lib" LongName="leashw32.lib" Name="leashw32.lib" /> - <File Id="fil_loadfuncs_lib" LongName="loadfuncs.lib" Name="LOADFU~1.LIB" /> + <File Id="fil_loadfuncs_lib" LongName="loadfuncs.lib" Name="LOADFUNC.LIB" /> <File Id="fil_wshelp32_lib" LongName="wshelp32.lib" Name="wshelp32.lib" /> <File Id="fil_xpprof32_lib" LongName="xpprof32.lib" Name="xpprof32.lib" /> <File Id="fil_nidmgr32_lib" LongName="nidmgr32.lib" Name="nidmgr32.lib" /> @@ -747,14 +770,14 @@ <Directory Id="dirinstall" Name="install" src="$(var.InstallDir)"> <Directory Id="dirinstall_nsis" Name="nsis" src="$(var.InstallDir)nsis\"> <Component Id="cmp_dirinstall_nsis" Guid="711C3910-5369-44f3-A023-E09E86A1C749" DiskId="1"> - <File Id="fil_kfw_fixed_nsi" LongName="kfw-fixed.nsi" Name="KFW-FI~1.NSI" KeyPath="yes" /> + <File Id="fil_kfw_fixed_nsi" LongName="kfw-fixed.nsi" Name="KFW-FIXD.NSI" KeyPath="yes" /> <File Id="fil_kfw_ico" LongName="kfw.ico" Name="kfw.ico" /> <File Id="fil_kfw_nsi" LongName="kfw.nsi" Name="kfw.nsi" /> - <File Id="fil_KfWConfigPage_ini" LongName="KfWConfigPage.ini" Name="KFWCON~1.INI" /> - <File Id="fil_KfWConfigPage2_ini" LongName="KfWConfigPage2.ini" Name="KFWCON~2.INI" /> + <File Id="fil_KfWConfigPage_ini" LongName="KfWConfigPage.ini" Name="KFWCONP.INI" /> + <File Id="fil_KfWConfigPage2_ini" LongName="KfWConfigPage2.ini" Name="KFWCONP2.INI" /> <File Id="fil_killer_cpp" LongName="killer.cpp" Name="killer.cpp" /> <File Id="fil_licenses_rtf" LongName="licenses.rtf" Name="licenses.rtf" /> - <File Id="fil_site_local_nsi" LongName="site-local.nsi" Name="SITE-L~1.NSI" /> + <File Id="fil_site_local_nsi" LongName="site-local.nsi" Name="SITE-LCN.NSI" /> <File Id="fil_utils_nsi" LongName="utils.nsi" Name="utils.nsi" /> </Component> </Directory> @@ -766,12 +789,12 @@ <File Id="fil_kfw_wxs" LongName="kfw.wxs" Name="kfw.wxs" KeyPath="yes" /> <File Id="fil_Makefile_" LongName="Makefile" Name="Makefile" /> <File Id="fil_property_wxi" LongName="property.wxi" Name="property.wxi" /> - <File Id="fil_site_local_wxi" LongName="site-local.wxi" Name="SITE-L~1.WXI" /> + <File Id="fil_site_local_wxi" LongName="site-local.wxi" Name="SITE-LCL.WXI" /> </Component> <Directory Id="dirinstall_wix_lang" Name="lang" src="$(var.InstallDir)wix\lang\"> <Component Id="cmp_dirinstall_wix_lang" Guid="70741A69-1103-4B54-B146-2E14C271945D" DiskId="1"> - <File Id="fil_config_1033_wxi" LongName="config_1033.wxi" Name="CONFIG~1.WXI" KeyPath="yes" /> - <File Id="fil_strings_1033_wxl" LongName="strings_1033.wxl" Name="STRING~1.WXL" /> + <File Id="fil_config_1033_wxi" LongName="config_1033.wxi" Name="CFG-1033.WXI" KeyPath="yes" /> + <File Id="fil_strings_1033_wxl" LongName="strings_1033.wxl" Name="STR-1033.WXL" /> <File Id="fil_ui_1033_wxi" LongName="ui_1033.wxi" Name="ui_1033.wxi" /> </Component> </Directory> @@ -819,7 +842,7 @@ <Condition>USENETIDMGR</Condition> </Component> <Component Id="efl_relnotes_html" Guid="C65F920A-039D-4839-848F-0AD7B445F376" DiskId="1"> - <File Id="fil_relnotes_html" LongName="relnotes.html" Name="RELNOT~1.HTM" KeyPath="yes"> + <File Id="fil_relnotes_html" LongName="relnotes.html" Name="RELNOTES.HTM" KeyPath="yes"> <Shortcut Id="sc_relnotes_html" Advertise="no" Directory="dirShortcut" LongName="Release Notes.lnk" Name="relnotes.lnk" /> </File> </Component> diff --git a/src/windows/installer/wix/kfw.wxs b/src/windows/installer/wix/kfw.wxs index bc0ab2a..f626245 100644 --- a/src/windows/installer/wix/kfw.wxs +++ b/src/windows/installer/wix/kfw.wxs @@ -147,8 +147,8 @@ <!-- Installation Sequences --> <AdminExecuteSequence /> <InstallExecuteSequence> - <RemoveExistingProducts After="InstallValidate">UPGRADEPISMERE Or UPGRADEKFW</RemoveExistingProducts> <Custom Action="KillRunningProcesses" After="InstallValidate"/> + <RemoveExistingProducts After="KillRunningProcesses">UPGRADEPISMERE Or UPGRADEKFW</RemoveExistingProducts> <!-- When running with a UI, CCP_Success property is not passed down to the server. --> <Custom Action="AbortNoIE" Before="RemoveNsisInstallation">UILevel = 0 And (Not Installed) And (CCP_Success <> 1)</Custom> <Custom Action="RemoveNsisInstallation" Before="AbortCantRemoveNSIS">UPGRADENSIS <> "" And UILevel >= 4</Custom> @@ -157,7 +157,7 @@ <Custom Action="EnableTgtSessionKey" After="RollbackTgtSessionKey">VersionNT >= 500 And &feaKfwClient=3</Custom> <Custom Action="RevertTgtSessionKey" Before="RemoveRegistryValues">VersionNT >= 500 And &feaKfwClient=2</Custom> - <Custom Action="RollbackNetProvider" After="RollbackTgtSessionKey">&feaKfwClient=3</Custom> + <Custom Action="RollbackNetProvider" After="EnableTgtSessionKey">&feaKfwClient=3</Custom> <Custom Action="InstallNetProvider" After="RollbackNetProvider">&feaKfwClient=3</Custom> <Custom Action="RemoveNetProvider" After="InstallNetProvider">&feaKfwClient=2</Custom> </InstallExecuteSequence> @@ -171,7 +171,7 @@ <!-- KfW MSI --> <Upgrade Id="61211594-AAA1-4A98-A299-757326763CC7"> - <UpgradeVersion IgnoreRemoveFailure="no" IncludeMinimum="no" Maximum="$(var.VersionString)" IncludeMaximum="yes" MigrateFeatures="yes" Property="UPGRADEKFW" /> + <UpgradeVersion IgnoreRemoveFailure="no" IncludeMinimum="no" Maximum="$(var.VersionString)" IncludeMaximum="no" MigrateFeatures="yes" Property="UPGRADEKFW" /> </Upgrade> <!-- NSIS installation --> diff --git a/src/windows/installer/wix/lang/ui_1033.wxi b/src/windows/installer/wix/lang/ui_1033.wxi index de4cc36..ca0bdb7 100644 --- a/src/windows/installer/wix/lang/ui_1033.wxi +++ b/src/windows/installer/wix/lang/ui_1033.wxi @@ -1203,12 +1203,12 @@ <Show Dialog="ProgressDlg" After="AdminWelcomeDlg" /> </AdminUISequence> <InstallUISequence> - <Custom Action="ListRunningProcesses" Before="WelcomeDlg" /> + <Custom Action="ListRunningProcesses" After="MigrateFeatureStates" /> <Show Dialog="FatalError" OnExit="error" /> <Show Dialog="UserExit" OnExit="cancel" /> <Show Dialog="ExitDialog" OnExit="success" /> <Show Dialog="PrepareDlg" After="LaunchConditions" /> - <Show Dialog="WelcomeDlg" After="MigrateFeatureStates">NOT Installed</Show> + <Show Dialog="WelcomeDlg" After="ListRunningProcesses">NOT Installed</Show> <Show Dialog="ResumeDlg" After="WelcomeDlg">Installed AND (RESUME OR Preselected)</Show> <Show Dialog="MaintenanceWelcomeDlg" After="ResumeDlg">Installed AND NOT RESUME AND NOT Preselected</Show> <Show Dialog="ProgressDlg" After="MaintenanceWelcomeDlg" /> |