diff options
| author | Tom Yu <tlyu@mit.edu> | 2006-10-11 19:43:21 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2006-10-11 19:43:21 +0000 |
| commit | a783174fbe89274cf4ecf76334cb99adedcfcfe9 (patch) | |
| tree | 5f788ae008190a1e6d145c296601b3e0ebcac662 | |
| parent | 393305f9d9b822df42c9743025072004e483fa1a (diff) | |
| download | krb5-a783174fbe89274cf4ecf76334cb99adedcfcfe9.zip krb5-a783174fbe89274cf4ecf76334cb99adedcfcfe9.tar.gz krb5-a783174fbe89274cf4ecf76334cb99adedcfcfe9.tar.bz2 | |
pull up r18670 from trunk
r18670@cathode-dark-space: jaltman | 2006-10-09 14:08:10 -0400
ticket: new
subject: final commits for KFW 3.1 Beta 2
tags: pullup
krb5cred.dll (1.1.2.0)
- Fix the control logic so that if the password is expired for an
identity, the krb5 credentials provider will initiate a change
password request. Once the password is successfully changed, the
new password will be used to obtain new credentials.
- Fix an incorrect condition which caused the new credentials dialog
to refresh custom prompts unnecessarily.
- Removing an identity from the list of NetIDMgr identities now causes
the corresponding principal to be removed from the LRU principals
list.
- Properly handle KMSG_CRED_PROCESS message when the user is
cancelling out.
- Add more debug output
- Do not renew Kerberos tickets which are not initial tickets.
- Fix whitespace in source code.
- When providing identity selection controls, disable the realm
selector when the user specifies the realm in the username control.
- k5_ident_valiate_name() will refuse principal names with empty or
unspecified realms.
- When updating identity properties, the identity provider will
correctly set the properties for identities that were destroyed.
This fixes a problem where the values may be incorrect if an
identity has two or more credential caches and one of them is
destroyed.
nidmgr32.dll (1.1.2.0)
- Send out a separate notification if the configuration information
associated with an identity is removed.
- If an identity is being removed from the NetIDMgr identity list in
the configuration panel, do not send out APPLY notifications to the
subpanels after the configuration information has been removed.
Otherwise this causes the configuration information to be reinstated
and prevent the identity from being removed.
- Properly initialize the new credentials blob including the UI
context structure.
netidmgr.exe (1.1.2.0)
- When suppressing error messages, make sure that the final
KMSG_CRED_END notification is sent. Otherwise the new credentials
acquisition operation will not be cleaned up.
- Autoinit option now checks to see if there are identity credentials
for the default identity and triggers the new credentials dialog if
there aren't any.
- Properly synchronize the configuration node list when applying
changes (e.g.: when removing or adding an identity).
- Fix a handle leak when removing an identity from the NetIDMgr
identity list.
- Refresh the properties for the active identities before calculating
the renewal and expiration timers. Otherwise the timestamps being
used might be incorrect.
- Add Identity dialog (in the configuration panel) now uses the
identity selection controls provided by the identity provider.
- Improve type safety when handling timer refreshes.
- When getting the expiration times and issue times for an identity,
the timer refresh code may fail over to the expiration and issue
times for the credential it is currently looking at. Now the code
makes sure that both the issue and expiration times come from the
identity or the credential but not mixed.
- Not being able to get the time of issue of a credential now does not
result in the credential being skipped from the timer refresh pass.
However, not having a time of issue will result in the half-life
algorithm not being applied for the renew timer.
- Fix a bug which caused a credential to be abandoned from the timer
refresh pass if the reamining lifetime of the credential is less
than the renewal threshold.
- Fix a bug where the vertical scroll bars for the hypertext window
would not appear when the contents of the window changed.
- Trigger a refresh of the configuration nodes when adding or removing
an identity.
source for (1.1.2.0)
- Explicitly include <prsht.h> so that the SDK can be used in build
environments that define WIN32_LEAN_AND_MEAN.
ticket: 4407
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18682 dc483132-0cff-0310-8789-dd5450dbe970
25 files changed, 1078 insertions, 243 deletions
diff --git a/src/windows/identity/apiversion.txt b/src/windows/identity/apiversion.txt index 2a49540..4399861 100644 --- a/src/windows/identity/apiversion.txt +++ b/src/windows/identity/apiversion.txt @@ -1,5 +1,4 @@ -# Copyright (c) 2004-2006 Massachusetts Institute of Technology
-# Copyright (c) 2006 Secure Endpoints Inc.
+# Copyright (c) 2004 Massachusetts Institute of Technology
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation files
@@ -213,3 +212,5 @@ Date=(TBD) !kcdb_buf_get_attrib(), kcdb_buf_get_attrib_string(), kcbd_buf_set_attrib()
# attr_name is now a const pointer
++KCDB_OP_DELCONFIG
+# notification that the configuration information for an identity is to be removed.
diff --git a/src/windows/identity/config/Makefile b/src/windows/identity/config/Makefile index f1ac2ac..41e29bf 100644 --- a/src/windows/identity/config/Makefile +++ b/src/windows/identity/config/Makefile @@ -1,5 +1,6 @@ #
-# Copyright (c) 2004 Massachusetts Institute of Technology
+# Copyright (c) 2004,2005,2006 Massachusetts Institute of Technology
+# Copyright (c) 2006 Secure Endpoints Inc.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation files
diff --git a/src/windows/identity/config/Makefile.w2k b/src/windows/identity/config/Makefile.w2k index 3aea0d2..6182640 100644 --- a/src/windows/identity/config/Makefile.w2k +++ b/src/windows/identity/config/Makefile.w2k @@ -3,7 +3,7 @@ # This file will be included by all the makefiles
# in the build tree.
#
-# Copyright (c) 2004,2005 Massachusetts Institute of Technology
+# Copyright (c) 2004,2005,2006 Massachusetts Institute of Technology
# Copyright (c) 2006 Secure Endpoints Inc.
#
# Permission is hereby granted, free of charge, to any person
@@ -47,8 +47,8 @@ KHIMAIRA_WIN32_CONFIG=1 # Version info
NETIDMGR_VERSION_MAJOR=1
NETIDMGR_VERSION_MINOR=1
-NETIDMGR_VERSION_PATCH=1
-NETIDMGR_VERSION_AUX=1
+NETIDMGR_VERSION_PATCH=2
+NETIDMGR_VERSION_AUX=0
NETIDMGR_RELEASEDESC=
# The API version. This number must be incremented each time the API
diff --git a/src/windows/identity/config/Makefile.w32 b/src/windows/identity/config/Makefile.w32 index 7e5e43e..9578647 100644 --- a/src/windows/identity/config/Makefile.w32 +++ b/src/windows/identity/config/Makefile.w32 @@ -47,8 +47,8 @@ KHIMAIRA_WIN32_CONFIG=1 # Version info
NETIDMGR_VERSION_MAJOR=1
NETIDMGR_VERSION_MINOR=1
-NETIDMGR_VERSION_PATCH=0
-NETIDMGR_VERSION_AUX=1
+NETIDMGR_VERSION_PATCH=2
+NETIDMGR_VERSION_AUX=0
NETIDMGR_RELEASEDESC=
# The API version. This number must be incremented each time the API
diff --git a/src/windows/identity/kcreddb/identity.c b/src/windows/identity/kcreddb/identity.c index 15c3613..4236c27 100644 --- a/src/windows/identity/kcreddb/identity.c +++ b/src/windows/identity/kcreddb/identity.c @@ -617,9 +617,13 @@ kcdb_identity_get_config(khm_handle vid, &hident);
if(KHM_FAILED(rv)) {
+ khm_int32 oldflags;
EnterCriticalSection(&cs_ident);
+ oldflags = id->flags;
id->flags &= ~KCDB_IDENT_FLAG_CONFIG;
LeaveCriticalSection(&cs_ident);
+ if (oldflags & KCDB_IDENT_FLAG_CONFIG)
+ kcdbint_ident_post_message(KCDB_OP_DELCONFIG, id);
goto _exit;
}
diff --git a/src/windows/identity/kcreddb/kcreddb.h b/src/windows/identity/kcreddb/kcreddb.h index 1b5d9b6..060f556 100644 --- a/src/windows/identity/kcreddb/kcreddb.h +++ b/src/windows/identity/kcreddb/kcreddb.h @@ -3310,6 +3310,7 @@ kcdb_buf_release(khm_handle record); #define KCDB_OP_SETSEARCH 8
#define KCDB_OP_UNSETSEARCH 9
#define KCDB_OP_NEW_DEFAULT 10
+#define KCDB_OP_DELCONFIG 11
/*@}*/
diff --git a/src/windows/identity/plugins/krb5/krb5funcs.c b/src/windows/identity/plugins/krb5/krb5funcs.c index 95f9a38..331e789 100644 --- a/src/windows/identity/plugins/krb5/krb5funcs.c +++ b/src/windows/identity/plugins/krb5/krb5funcs.c @@ -702,6 +702,19 @@ khm_krb5_renew_cred(khm_handle cred) khm_boolean brenewIdentity = FALSE;
khm_boolean istgt = FALSE;
+ khm_int32 flags;
+
+ cbname = sizeof(wname);
+ kcdb_cred_get_name(cred, wname, &cbname);
+ _reportf(L"Krb5 renew cred for %s", wname);
+
+ kcdb_cred_get_flags(cred, &flags);
+
+ if (!(flags & KCDB_CRED_FLAG_INITIAL)) {
+ _reportf(L"Krb5 skipping renewal because this is not an initial credential");
+ return 0;
+ }
+
memset(&in_creds, 0, sizeof(in_creds));
memset(&cc_creds, 0, sizeof(cc_creds));
@@ -2161,80 +2174,79 @@ khm_krb5_changepwd(char * principal, if ( !pkrb5_init_context )
goto cleanup;
- if (rc = pkrb5_init_context(&context)) {
- goto cleanup;
- }
-
- if (rc = pkrb5_parse_name(context, principal, &princ)) {
- goto cleanup;
- }
-
- pkrb5_get_init_creds_opt_init(&opts);
- pkrb5_get_init_creds_opt_set_tkt_life(&opts, 5*60);
- pkrb5_get_init_creds_opt_set_renew_life(&opts, 0);
- pkrb5_get_init_creds_opt_set_forwardable(&opts, 0);
- pkrb5_get_init_creds_opt_set_proxiable(&opts, 0);
- pkrb5_get_init_creds_opt_set_address_list(&opts,NULL);
-
- if (rc = pkrb5_get_init_creds_password(context, &creds, princ,
- password, 0, 0, 0,
- "kadmin/changepw", &opts)) {
- if (rc == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
+ if (rc = pkrb5_init_context(&context)) {
+ goto cleanup;
+ }
+
+ if (rc = pkrb5_parse_name(context, principal, &princ)) {
+ goto cleanup;
+ }
+
+ pkrb5_get_init_creds_opt_init(&opts);
+ pkrb5_get_init_creds_opt_set_tkt_life(&opts, 5*60);
+ pkrb5_get_init_creds_opt_set_renew_life(&opts, 0);
+ pkrb5_get_init_creds_opt_set_forwardable(&opts, 0);
+ pkrb5_get_init_creds_opt_set_proxiable(&opts, 0);
+ pkrb5_get_init_creds_opt_set_address_list(&opts,NULL);
+
+ if (rc = pkrb5_get_init_creds_password(context, &creds, princ,
+ password, 0, 0, 0,
+ "kadmin/changepw", &opts)) {
+ if (rc == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
#if 0
- com_err(argv[0], 0,
- "Password incorrect while getting initial ticket");
+ com_err(argv[0], 0,
+ "Password incorrect while getting initial ticket");
#endif
- }
- else {
+ } else {
#if 0
- com_err(argv[0], ret, "getting initial ticket");
+ com_err(argv[0], ret, "getting initial ticket");
#endif
- }
- goto cleanup;
- }
+ }
+ goto cleanup;
+ }
- if (rc = pkrb5_change_password(context, &creds, newpassword,
- &result_code, &result_code_string,
- &result_string)) {
+ if (rc = pkrb5_change_password(context, &creds, newpassword,
+ &result_code, &result_code_string,
+ &result_string)) {
#if 0
- com_err(argv[0], ret, "changing password");
+ com_err(argv[0], ret, "changing password");
#endif
- goto cleanup;
- }
-
- if (result_code) {
- int len = result_code_string.length +
- (result_string.length ? (sizeof(": ") - 1) : 0) +
- result_string.length;
- if (len && error_str) {
- *error_str = PMALLOC(len + 1);
- if (*error_str)
- StringCchPrintfA(*error_str, len+1,
- "%.*s%s%.*s",
- result_code_string.length,
- result_code_string.data,
- result_string.length?": ":"",
- result_string.length,
- result_string.data);
- }
- rc = result_code;
- goto cleanup;
- }
+ goto cleanup;
+ }
+
+ if (result_code) {
+ int len = result_code_string.length +
+ (result_string.length ? (sizeof(": ") - 1) : 0) +
+ result_string.length;
+ if (len && error_str) {
+ *error_str = PMALLOC(len + 1);
+ if (*error_str)
+ StringCchPrintfA(*error_str, len+1,
+ "%.*s%s%.*s",
+ result_code_string.length,
+ result_code_string.data,
+ result_string.length?": ":"",
+ result_string.length,
+ result_string.data);
+ }
+ rc = result_code;
+ goto cleanup;
+ }
cleanup:
- if (result_string.data)
- pkrb5_free_data_contents(context, &result_string);
+ if (result_string.data)
+ pkrb5_free_data_contents(context, &result_string);
- if (result_code_string.data)
- pkrb5_free_data_contents(context, &result_code_string);
+ if (result_code_string.data)
+ pkrb5_free_data_contents(context, &result_code_string);
- if (princ)
- pkrb5_free_principal(context, princ);
+ if (princ)
+ pkrb5_free_principal(context, princ);
- if (context)
- pkrb5_free_context(context);
+ if (context)
+ pkrb5_free_context(context);
- return rc;
+ return rc;
}
khm_int32 KHMAPI
diff --git a/src/windows/identity/plugins/krb5/krb5identpro.c b/src/windows/identity/plugins/krb5/krb5identpro.c index 11a7410..05f93fc 100644 --- a/src/windows/identity/plugins/krb5/krb5identpro.c +++ b/src/windows/identity/plugins/krb5/krb5identpro.c @@ -226,8 +226,10 @@ update_crossfeed(khui_new_creds * nc, un_realm = khm_get_realm_from_princ(un);
- if (un_realm == NULL)
+ if (un_realm == NULL) {
+ EnableWindow(d->hw_realm, TRUE);
return FALSE;
+ }
if (ctrl_id_src == K5_NCID_UN) {
@@ -270,6 +272,15 @@ update_crossfeed(khui_new_creds * nc, SetWindowText(d->hw_realm,
un_realm);
+ if (GetFocus() == d->hw_realm) {
+ HWND hw_next = GetNextDlgTabItem(nc->hwnd, d->hw_realm,
+ FALSE);
+ if (hw_next)
+ SetFocus(hw_next);
+ }
+
+ EnableWindow(d->hw_realm, FALSE);
+
return TRUE;
}
/* else... */
@@ -739,6 +750,7 @@ k5_ident_valiate_name(khm_int32 msg_type, char princ_name[KCDB_IDENT_MAXCCH_NAME];
kcdb_ident_name_xfer * nx;
krb5_error_code code;
+ wchar_t * atsign;
nx = (kcdb_ident_name_xfer *) vparam;
@@ -759,11 +771,18 @@ k5_ident_valiate_name(khm_int32 msg_type, return KHM_ERROR_SUCCESS;
}
- if (princ != NULL)
+ if (princ != NULL)
pkrb5_free_principal(k5_identpro_ctx,
princ);
- nx->result = KHM_ERROR_SUCCESS;
+ /* krb5_parse_name() accepts principal names with no realm or an
+ empty realm. We don't. */
+ atsign = wcschr(nx->name_src, L'@');
+ if (atsign == NULL || atsign[1] == L'\0') {
+ nx->result = KHM_ERROR_INVALID_NAME;
+ } else {
+ nx->result = KHM_ERROR_SUCCESS;
+ }
return KHM_ERROR_SUCCESS;
}
@@ -1032,15 +1051,23 @@ k5_ident_notify_create(khm_int32 msg_type, return KHM_ERROR_SUCCESS;
}
+struct k5_ident_update_data {
+ khm_handle identity;
+
+ FILETIME ft_expire; /* expiration */
+ FILETIME ft_issue; /* issue */
+ FILETIME ft_rexpire; /* renew expiration */
+ wchar_t ccname[KRB5_MAXCCH_CCNAME];
+ khm_int32 k5_flags;
+};
+
static khm_int32 KHMAPI
k5_ident_update_apply_proc(khm_handle cred,
void * rock) {
- wchar_t ccname[KRB5_MAXCCH_CCNAME];
- khm_handle tident = (khm_handle) rock;
+ struct k5_ident_update_data * d = (struct k5_ident_update_data *) rock;
khm_handle ident = NULL;
khm_int32 t;
khm_int32 flags;
- FILETIME t_expire;
FILETIME t_cexpire;
FILETIME t_rexpire;
khm_size cb;
@@ -1049,12 +1076,15 @@ k5_ident_update_apply_proc(khm_handle cred, if (KHM_FAILED(kcdb_cred_get_type(cred, &t)) ||
t != credtype_id_krb5 ||
KHM_FAILED(kcdb_cred_get_identity(cred, &ident)))
+
return KHM_ERROR_SUCCESS;
- if (!kcdb_identity_is_equal(ident,tident))
+ if (!kcdb_identity_is_equal(ident,d->identity))
+
goto _cleanup;
if (KHM_FAILED(kcdb_cred_get_flags(cred, &flags)))
+
flags = 0;
if (flags & KCDB_CRED_FLAG_INITIAL) {
@@ -1064,13 +1094,9 @@ k5_ident_update_apply_proc(khm_handle cred, NULL,
&t_cexpire,
&cb))) {
- cb = sizeof(t_expire);
- if (KHM_FAILED(kcdb_identity_get_attr(tident,
- KCDB_ATTR_EXPIRE,
- NULL,
- &t_expire,
- &cb)) ||
- CompareFileTime(&t_cexpire, &t_expire) > 0) {
+ if ((d->ft_expire.dwLowDateTime == 0 &&
+ d->ft_expire.dwHighDateTime == 0) ||
+ CompareFileTime(&t_cexpire, &d->ft_expire) > 0) {
goto update_identity;
}
}
@@ -1080,52 +1106,35 @@ k5_ident_update_apply_proc(khm_handle cred, update_identity:
- kcdb_identity_set_attr(tident, KCDB_ATTR_EXPIRE,
- &t_cexpire, sizeof(t_cexpire));
+ d->ft_expire = t_cexpire;
- cb = sizeof(ccname);
- if (KHM_SUCCEEDED(kcdb_cred_get_attr(cred, KCDB_ATTR_LOCATION,
- NULL,
- ccname,
- &cb))) {
- kcdb_identity_set_attr(tident, attr_id_krb5_ccname,
- ccname, cb);
- } else {
- kcdb_identity_set_attr(tident, attr_id_krb5_ccname,
- NULL, 0);
+ cb = sizeof(d->ccname);
+ if (KHM_FAILED(kcdb_cred_get_attr(cred, KCDB_ATTR_LOCATION, NULL, d->ccname, &cb))) {
+ d->ccname[0] = L'\0';
}
-
- cb = sizeof(t);
- if (KHM_SUCCEEDED(kcdb_cred_get_attr(cred,
- attr_id_krb5_flags,
- NULL,
- &t,
- &cb))) {
- kcdb_identity_set_attr(tident, attr_id_krb5_flags,
- &t, sizeof(t));
+ cb = sizeof(d->k5_flags);
+ if (KHM_FAILED(kcdb_cred_get_attr(cred, attr_id_krb5_flags, NULL,
+ &d->k5_flags, &cb))) {
+ d->k5_flags = 0;
+ }
- cb = sizeof(t_rexpire);
- if (!(t & TKT_FLG_RENEWABLE) ||
- KHM_FAILED(kcdb_cred_get_attr(cred,
- KCDB_ATTR_RENEW_EXPIRE,
- NULL,
- &t_rexpire,
- &cb))) {
- kcdb_identity_set_attr(tident, KCDB_ATTR_RENEW_EXPIRE,
- NULL, 0);
- } else {
- kcdb_identity_set_attr(tident, KCDB_ATTR_RENEW_EXPIRE,
- &t_rexpire, sizeof(t_rexpire));
- }
- } else {
- kcdb_identity_set_attr(tident, attr_id_krb5_flags,
- NULL, 0);
- kcdb_identity_set_attr(tident, KCDB_ATTR_RENEW_EXPIRE,
- NULL, 0);
+ cb = sizeof(d->ft_issue);
+ if (KHM_FAILED(kcdb_cred_get_attr(cred, KCDB_ATTR_ISSUE, NULL, &d->ft_issue, &cb))) {
+ ZeroMemory(&d->ft_issue, sizeof(d->ft_issue));
}
- rv = KHM_ERROR_EXIT;
+ cb = sizeof(t_rexpire);
+ if ((d->k5_flags & TKT_FLG_RENEWABLE) &&
+ KHM_SUCCEEDED(kcdb_cred_get_attr(cred,
+ KCDB_ATTR_RENEW_EXPIRE,
+ NULL,
+ &t_rexpire,
+ &cb))) {
+ d->ft_rexpire = t_rexpire;
+ } else {
+ ZeroMemory(&d->ft_rexpire, sizeof(d->ft_rexpire));
+ }
_cleanup:
if (ident)
@@ -1140,6 +1149,7 @@ k5_ident_update(khm_int32 msg_type, khm_ui_4 uparam,
void * vparam) {
+ struct k5_ident_update_data d;
khm_handle ident;
khm_handle tident;
krb5_ccache cc = NULL;
@@ -1153,9 +1163,52 @@ k5_ident_update(khm_int32 msg_type, if (ident == NULL)
return KHM_ERROR_SUCCESS;
+ ZeroMemory(&d, sizeof(d));
+ d.identity = ident;
+
kcdb_credset_apply(NULL,
k5_ident_update_apply_proc,
- (void *) ident);
+ (void *) &d);
+
+ if (d.ft_expire.dwLowDateTime != 0 ||
+ d.ft_expire.dwHighDateTime != 0) {
+
+ /* we found a TGT */
+
+ kcdb_identity_set_attr(ident, KCDB_ATTR_EXPIRE,
+ &d.ft_expire, sizeof(d.ft_expire));
+ if (d.ft_issue.dwLowDateTime != 0 ||
+ d.ft_issue.dwHighDateTime != 0)
+ kcdb_identity_set_attr(ident, KCDB_ATTR_ISSUE,
+ &d.ft_issue, sizeof(d.ft_issue));
+ else
+ kcdb_identity_set_attr(ident, KCDB_ATTR_ISSUE, NULL, 0);
+
+ if (d.ft_rexpire.dwLowDateTime != 0 ||
+ d.ft_rexpire.dwHighDateTime != 0)
+ kcdb_identity_set_attr(ident, KCDB_ATTR_RENEW_EXPIRE,
+ &d.ft_rexpire, sizeof(d.ft_rexpire));
+ else
+ kcdb_identity_set_attr(ident, KCDB_ATTR_RENEW_EXPIRE, NULL, 0);
+
+ kcdb_identity_set_attr(ident, attr_id_krb5_flags,
+ &d.k5_flags, sizeof(d.k5_flags));
+
+ if (d.ccname[0])
+ kcdb_identity_set_attr(ident, attr_id_krb5_ccname,
+ d.ccname, KCDB_CBSIZE_AUTO);
+ else
+ kcdb_identity_set_attr(ident, attr_id_krb5_ccname, NULL, 0);
+
+ } else {
+ /* Clear out the attributes. We don't have any information
+ about this identity */
+ kcdb_identity_set_attr(ident, KCDB_ATTR_EXPIRE, NULL, 0);
+ kcdb_identity_set_attr(ident, KCDB_ATTR_ISSUE, NULL, 0);
+ kcdb_identity_set_attr(ident, KCDB_ATTR_RENEW_EXPIRE, NULL, 0);
+ kcdb_identity_set_attr(ident, attr_id_krb5_flags, NULL, 0);
+ kcdb_identity_set_attr(ident, attr_id_krb5_ccname, NULL, 0);
+ }
if (KHM_SUCCEEDED(kcdb_identity_get_default(&tident))) {
kcdb_identity_release(tident);
diff --git a/src/windows/identity/plugins/krb5/krb5newcreds.c b/src/windows/identity/plugins/krb5/krb5newcreds.c index db9462e..e7641df 100644 --- a/src/windows/identity/plugins/krb5/krb5newcreds.c +++ b/src/windows/identity/plugins/krb5/krb5newcreds.c @@ -232,6 +232,20 @@ k5_handle_wmnc_notify(HWND hwnd, d->pwd_change = TRUE;
+ if (is_k5_identpro &&
+ d->nc->n_identities > 0 &&
+ d->nc->identities[0]) {
+
+ kcdb_identity_set_flags(d->nc->identities[0],
+ KCDB_IDENT_FLAG_VALID,
+ KCDB_IDENT_FLAG_VALID);
+
+ }
+
+ PostMessage(d->nc->hwnd, KHUI_WM_NC_NOTIFY,
+ MAKEWPARAM(0, WMNC_UPDATE_CREDTEXT),
+ (LPARAM) d->nc);
+
return TRUE;
}
}
@@ -347,7 +361,7 @@ k5_handle_wmnc_notify(HWND hwnd, /* the above notification effectively takes all our
changes into account. The data we have is no
longer out of sync */
- d->sync = FALSE;
+ d->sync = TRUE;
}
}
break;
@@ -1574,6 +1588,47 @@ k5_find_tgt_filter(khm_handle cred, }
khm_int32
+k5_remove_from_LRU(khm_handle identity)
+{
+ wchar_t * wbuf = NULL;
+ wchar_t idname[KCDB_IDENT_MAXCCH_NAME];
+ khm_size cb;
+ khm_size cb_ms;
+ khm_int32 rv = KHM_ERROR_SUCCESS;
+
+ cb = sizeof(idname);
+ rv = kcdb_identity_get_name(identity, idname, &cb);
+ assert(rv == KHM_ERROR_SUCCESS);
+
+ rv = khc_read_multi_string(csp_params, L"LRUPrincipals", NULL, &cb_ms);
+ if (rv != KHM_ERROR_TOO_LONG)
+ cb_ms = sizeof(wchar_t) * 2;
+
+ wbuf = PMALLOC(cb_ms);
+ assert(wbuf);
+
+ cb = cb_ms;
+
+ if (rv == KHM_ERROR_TOO_LONG) {
+ rv = khc_read_multi_string(csp_params, L"LRUPrincipals", wbuf, &cb);
+ assert(KHM_SUCCEEDED(rv));
+
+ if (multi_string_find(wbuf, idname, KHM_CASE_SENSITIVE) != NULL) {
+ multi_string_delete(wbuf, idname, KHM_CASE_SENSITIVE);
+ }
+ } else {
+ multi_string_init(wbuf, cb_ms);
+ }
+
+ rv = khc_write_multi_string(csp_params, L"LRUPrincipals", wbuf);
+
+ if (wbuf)
+ PFREE(wbuf);
+
+ return rv;
+}
+
+khm_int32
k5_update_LRU(khm_handle identity)
{
wchar_t * wbuf = NULL;
@@ -1915,6 +1970,13 @@ k5_msg_cred_dialog(khm_int32 msg_type, assert(nc->subtype == KMSG_CRED_NEW_CREDS);
+ /* If we are forcing a password change, then we don't do
+ anything here. Note that if the identity changed, then
+ this field would have been reset, so we would proceed
+ as usual. */
+ if (d->pwd_change)
+ return KHM_ERROR_SUCCESS;
+
/* if the fiber is already in a kinit, cancel it */
if(g_fjob.state == FIBER_STATE_KINIT) {
g_fjob.command = FIBER_CMD_CANCEL;
@@ -1965,7 +2027,7 @@ k5_msg_cred_dialog(khm_int32 msg_type, break;
case KRB5KDC_ERR_KEY_EXP:
- /* password needs changing */
+ /* password needs changing. */
LoadString(hResModule, IDS_K5ERR_KEY_EXPIRED,
msg, ARRAYLENGTH(msg));
break;
@@ -2320,7 +2382,7 @@ k5_msg_cred_dialog(khm_int32 msg_type, kherr_suggestion sug_id;
/* if we failed to get new tickets, but the
- identity isstill valid, then we assume that
+ identity is still valid, then we assume that
the current tickets are still good enough
for other credential types to obtain their
credentials. */
@@ -2374,7 +2436,13 @@ k5_msg_cred_dialog(khm_int32 msg_type, khui_cw_lock_nc(nc);
- if (nc->n_identities == 0 ||
+ if (nc->result == KHUI_NC_RESULT_CANCEL) {
+
+ khui_cw_set_response(nc, credtype_id_krb5,
+ KHUI_NC_RESPONSE_SUCCESS |
+ KHUI_NC_RESPONSE_EXIT);
+
+ } else if (nc->n_identities == 0 ||
nc->identities[0] == NULL) {
_report_mr0(KHERR_ERROR, MSG_PWD_NO_IDENTITY);
_suggest_mr(MSG_PWD_S_NO_IDENTITY, KHERR_SUGGEST_RETRY);
@@ -2382,6 +2450,7 @@ k5_msg_cred_dialog(khm_int32 msg_type, khui_cw_set_response(nc, credtype_id_krb5,
KHUI_NC_RESPONSE_FAILED |
KHUI_NC_RESPONSE_NOEXIT);
+
} else {
wchar_t widname[KCDB_IDENT_MAXCCH_NAME];
char idname[KCDB_IDENT_MAXCCH_NAME];
@@ -2483,9 +2552,12 @@ k5_msg_cred_dialog(khm_int32 msg_type, goto _pwd_exit;
}
+ /* the password change phase is now done */
+ d->pwd_change = FALSE;
+
code = khm_krb5_kinit(NULL, /* context (create one) */
idname, /* principal_name */
- npwd, /* password */
+ npwd, /* new password */
NULL, /* ccache name (figure out the identity cc)*/
(krb5_deltat) d->tc_lifetime.current,
d->forwardable,
diff --git a/src/windows/identity/plugins/krb5/krb5plugin.c b/src/windows/identity/plugins/krb5/krb5plugin.c index 7c52877..e80e01c 100644 --- a/src/windows/identity/plugins/krb5/krb5plugin.c +++ b/src/windows/identity/plugins/krb5/krb5plugin.c @@ -169,6 +169,23 @@ k5_msg_system(khm_int32 msg_type, khm_int32 msg_subtype, return rv;
}
+khm_int32 KHMAPI
+k5_msg_kcdb(khm_int32 msg_type, khm_int32 msg_subtype,
+ khm_ui_4 uparam, void * vparam)
+{
+ khm_int32 rv = KHM_ERROR_SUCCESS;
+
+ switch(msg_subtype) {
+ case KMSG_KCDB_IDENT:
+ if (uparam == KCDB_OP_DELCONFIG) {
+ k5_remove_from_LRU((khm_handle) vparam);
+ }
+ break;
+ }
+
+ return rv;
+}
+
/* Handler for CRED type messages
@@ -241,6 +258,8 @@ k5_msg_callback(khm_int32 msg_type, khm_int32 msg_subtype, return k5_msg_system(msg_type, msg_subtype, uparam, vparam);
case KMSG_CRED:
return k5_msg_cred(msg_type, msg_subtype, uparam, vparam);
+ case KMSG_KCDB:
+ return k5_msg_kcdb(msg_type, msg_subtype, uparam, vparam);
}
return KHM_ERROR_SUCCESS;
}
diff --git a/src/windows/identity/plugins/krb5/krbcred.h b/src/windows/identity/plugins/krb5/krbcred.h index f31bde4..694323c 100644 --- a/src/windows/identity/plugins/krb5/krbcred.h +++ b/src/windows/identity/plugins/krb5/krbcred.h @@ -200,6 +200,9 @@ k5_msg_ident(khm_int32 msg_type, khm_ui_4 uparam,
void * vparam);
+khm_int32
+k5_remove_from_LRU(khm_handle identity);
+
int
k5_get_realm_from_nc(khui_new_creds * nc,
wchar_t * buf,
diff --git a/src/windows/identity/plugins/krb5/lang/en_us/langres.rc b/src/windows/identity/plugins/krb5/lang/en_us/langres.rc index 54f3ed7..dde30e3 100644 --- a/src/windows/identity/plugins/krb5/lang/en_us/langres.rc +++ b/src/windows/identity/plugins/krb5/lang/en_us/langres.rc @@ -59,7 +59,7 @@ FONT 8, "MS Shell Dlg", 400, 0, 0x1 BEGIN
CONTROL "Kerberos 5 Ticket Options",IDC_STATIC,"Static",SS_LEFTNOWORDWRAP | SS_SUNKEN | WS_GROUP,7,7,286,11
LTEXT "Realm",IDC_STATIC,7,25,52,13
- COMBOBOX IDC_NCK5_REALM,60,25,233,17,CBS_DROPDOWN | CBS_AUTOHSCROLL | CBS_SORT | WS_VSCROLL | WS_TABSTOP
+ COMBOBOX IDC_NCK5_REALM,60,25,233,51,CBS_DROPDOWN | CBS_AUTOHSCROLL | CBS_SORT | WS_VSCROLL | WS_TABSTOP
PUSHBUTTON "Specify &additional realms ...",IDC_NCK5_ADD_REALMS,181,43,112,16,BS_NOTIFY | NOT WS_VISIBLE | WS_DISABLED
LTEXT "&Lifetime",IDC_STATIC,7,67,61,12
EDITTEXT IDC_NCK5_LIFETIME_EDIT,85,67,107,12,ES_AUTOHSCROLL
@@ -119,7 +119,7 @@ STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_SYSMENU FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
LTEXT "Default Realm",IDC_CFG_LBL_REALM,13,9,46,8
- COMBOBOX IDC_CFG_DEFREALM,76,7,166,30,CBS_DROPDOWN | CBS_SORT | WS_VSCROLL | WS_TABSTOP
+ COMBOBOX IDC_CFG_DEFREALM,76,7,166,51,CBS_DROPDOWN | CBS_SORT | WS_VSCROLL | WS_TABSTOP
PUSHBUTTON "Configure Realms ...",IDC_CFG_CFGREALMS,76,25,84,14,NOT WS_VISIBLE | WS_DISABLED
GROUPBOX "Keberos Configuration File",IDC_CFG_CFGFILEGRP,7,45,241,61
LTEXT "Location",IDC_CFG_LBL_CFGFILE,13,61,28,8
@@ -134,7 +134,7 @@ BEGIN LTEXT "Domain",IDC_CFG_LBL_DOMAIN,13,141,24,8
EDITTEXT IDC_CFG_DOMAIN,76,138,166,14,ES_AUTOHSCROLL | ES_READONLY
LTEXT "Import tickets",IDC_LBL_IMPORT,13,158,45,8
- COMBOBOX IDC_CFG_IMPORT,76,156,166,30,CBS_DROPDOWNLIST | WS_VSCROLL | WS_TABSTOP
+ COMBOBOX IDC_CFG_IMPORT,76,156,166,51,CBS_DROPDOWNLIST | WS_VSCROLL | WS_TABSTOP
END
IDD_CFG_REALMS DIALOGEX 0, 0, 255, 182
@@ -195,7 +195,7 @@ FONT 8, "MS Shell Dlg", 400, 0, 0x1 BEGIN
CONTROL "Kerberos 5 Change Password Options",IDC_STATIC,"Static",SS_LEFTNOWORDWRAP | SS_SUNKEN | WS_GROUP,7,7,286,11
LTEXT "Realm",IDC_STATIC,7,25,52,13
- COMBOBOX IDC_NCK5_REALM,60,25,233,17,CBS_DROPDOWN | CBS_AUTOHSCROLL | CBS_SORT | WS_VSCROLL | WS_TABSTOP
+ COMBOBOX IDC_NCK5_REALM,60,25,233,51,CBS_DROPDOWN | CBS_AUTOHSCROLL | CBS_SORT | WS_VSCROLL | WS_TABSTOP
PUSHBUTTON "Specify &additional realms ...",IDC_NCK5_ADD_REALMS,181,43,112,16,BS_NOTIFY | WS_DISABLED
END
diff --git a/src/windows/identity/ui/cfg_identities_wnd.c b/src/windows/identity/ui/cfg_identities_wnd.c index 3297b05..3f92ad8 100644 --- a/src/windows/identity/ui/cfg_identities_wnd.c +++ b/src/windows/identity/ui/cfg_identities_wnd.c @@ -130,10 +130,11 @@ apply_all(HWND hwnd, khui_config_node_reg reg;
int idx;
int count;
+ BOOL cont = TRUE;
count = TabCtrl_GetItemCount(hw_tab);
- for (idx = 0; idx < count; idx++) {
+ for (idx = 0; idx < count && cont; idx++) {
ZeroMemory(&tci, sizeof(tci));
@@ -156,7 +157,7 @@ apply_all(HWND hwnd, #endif
SendMessage(hw, KHUI_WM_CFG_NOTIFY,
- MAKEWPARAM(0, WMCFG_APPLY), 0);
+ MAKEWPARAM(0, WMCFG_APPLY), (LPARAM) &cont);
}
}
@@ -317,6 +318,7 @@ typedef struct tag_idents_data { ident_data * idents;
khm_size n_idents;
khm_size nc_idents;
+#define IDENTS_DATA_ALLOC_INCR 8
/* global options */
global_props saved;
@@ -430,6 +432,7 @@ write_params_ident(ident_data * d) { if (d->removed) {
khm_handle h = NULL;
+ khm_int32 flags = 0;
khc_remove_space(csp_ident);
@@ -444,6 +447,10 @@ write_params_ident(ident_data * d) { #endif
khc_close_space(h);
}
+#ifdef DEBUG
+ kcdb_identity_get_flags(d->ident, &flags);
+ assert(!(flags & KCDB_IDENT_FLAG_CONFIG));
+#endif
} else {
@@ -470,11 +477,15 @@ write_params_ident(ident_data * d) { if (d->hwnd)
PostMessage(d->hwnd, KHUI_WM_CFG_NOTIFY,
MAKEWPARAM(0, WMCFG_UPDATE_STATE), 0);
+
+ khm_refresh_config();
}
static void
write_params_idents(void) {
+#if 0
int i;
+#endif
khm_handle csp_cw;
if (KHM_SUCCEEDED(khc_open_space(NULL, L"CredWindow",
@@ -500,9 +511,11 @@ write_params_idents(void) { khc_close_space(csp_cw);
}
+#if 0
for (i=0; i < (int)cfg_idents.n_idents; i++) {
write_params_ident(&cfg_idents.idents[i]);
}
+#endif
if (cfg_idents.hwnd)
PostMessage(cfg_idents.hwnd, KHUI_WM_CFG_NOTIFY,
@@ -622,6 +635,9 @@ init_idents_data(void) { cfg_idents.idents[i].removed = FALSE;
kcdb_identity_get_flags(ident, &cfg_idents.idents[i].flags);
+#ifdef DEBUG
+ assert(cfg_idents.idents[i].flags & KCDB_IDENT_FLAG_CONFIG);
+#endif
read_params_ident(&cfg_idents.idents[i]);
@@ -712,82 +728,258 @@ refresh_view_idents_state(HWND hwnd) { KHUI_CNFLAG_APPLIED | KHUI_CNFLAG_MODIFIED);
}
+struct ctrl_row_dimensions {
+ RECT enclosure;
+ RECT label;
+ RECT control;
+};
+
+typedef struct tag_add_ident_data {
+ khui_new_creds * nc;
+
+ struct ctrl_row_dimensions dim_small;
+ struct ctrl_row_dimensions dim_medium;
+ struct ctrl_row_dimensions dim_large;
+ int row_gap;
+
+ int current_y;
+ int current_x;
+
+ HWND hwnd_last_ctrl;
+} add_ident_data;
+
+void
+get_ctrl_row_metrics(struct ctrl_row_dimensions * dim, HWND hw_lbl, HWND hw_ctl) {
+
+ assert(hw_lbl);
+ assert(hw_ctl);
+
+ GetWindowRect(hw_lbl, &dim->label);
+ GetWindowRect(hw_ctl, &dim->control);
+
+ UnionRect(&dim->enclosure, &dim->label, &dim->control);
+ OffsetRect(&dim->label,
+ -dim->enclosure.left,
+ -dim->enclosure.top);
+ OffsetRect(&dim->control,
+ -dim->enclosure.left,
+ -dim->enclosure.top);
+ OffsetRect(&dim->enclosure,
+ -dim->enclosure.left,
+ -dim->enclosure.top);
+}
+
/* dialog box procedure for the "Add new identity" dialog */
INT_PTR CALLBACK
khm_cfg_add_ident_proc(HWND hwnd,
UINT umsg,
WPARAM wParam,
- LPARAM lparam) {
+ LPARAM lParam) {
+ add_ident_data * d;
+
switch(umsg) {
case WM_INITDIALOG:
- /* set the max length of the edit control first */
- SendDlgItemMessage(hwnd, IDC_CFG_IDNAME,
- EM_SETLIMITTEXT,
- KCDB_IDENT_MAXCCH_NAME - 1,
- 0);
+ /* we create a new credentials blob and pull in the identity
+ selectors from the identity provider. */
+ d = PMALLOC(sizeof(*d));
+ ZeroMemory(d, sizeof(*d));
+
+ khui_cw_create_cred_blob(&d->nc);
+#ifdef DEBUG
+ assert(d->nc != NULL);
+#endif
+ if (d->nc == NULL) {
+ PFREE(d);
+ break;
+ }
+
+ if (KHM_FAILED(kcdb_identpro_get_ui_cb(&d->nc->ident_cb))) {
+ /* this should have worked. The only reason it would fail
+ is if there is no identity provider or if the identity
+ provider does not support providing idnetity
+ selectors. */
+ khui_cw_destroy_cred_blob(d->nc);
+ PFREE(d);
+ break;
+ }
+
+#pragma warning(push)
+#pragma warning(disable: 4244)
+ SetWindowLongPtr(hwnd, DWLP_USER, (LONG_PTR) d);
+#pragma warning(pop)
+
+ /* get metrics for dynamic controls */
+ get_ctrl_row_metrics(&d->dim_small,
+ GetDlgItem(hwnd, IDC_SM_LBL),
+ GetDlgItem(hwnd, IDC_SM_CTL));
+ get_ctrl_row_metrics(&d->dim_medium,
+ GetDlgItem(hwnd, IDC_MED_LBL),
+ GetDlgItem(hwnd, IDC_MED_CTL));
+ get_ctrl_row_metrics(&d->dim_large,
+ GetDlgItem(hwnd, IDC_LG_LBL),
+ GetDlgItem(hwnd, IDC_LG_CTL));
+
+ {
+ RECT rlbl;
+ RECT rctl;
+ RECT rwnd;
+
+ GetWindowRect(GetDlgItem(hwnd, IDC_SM_LBL),
+ &rlbl);
+ GetWindowRect(GetDlgItem(hwnd, IDC_SM_CTL),
+ &rctl);
+ GetWindowRect(hwnd, &rwnd);
+
+ OffsetRect(&rlbl, -rwnd.left, -rwnd.top);
+ OffsetRect(&rctl, -rwnd.left, -rwnd.top);
+
+ d->current_x = rlbl.left;
+ d->current_y = rctl.top - GetSystemMetrics(SM_CYCAPTION);
+
+ GetWindowRect(GetDlgItem(hwnd, IDC_MED_CTL),
+ &rlbl);
+ OffsetRect(&rlbl, -rwnd.left, -rwnd.top);
+
+ d->row_gap = rlbl.top - rctl.bottom;
+ }
+
+ d->nc->hwnd = hwnd;
+
+ /* now call the UI callback and make it create the
+ controls. */
+ d->nc->ident_cb(d->nc, WMNC_IDENT_INIT, NULL, 0, 0,
+ (LPARAM) hwnd);
+
break;
case WM_DESTROY:
- /* nor do we have to do anything here */
+ d = (add_ident_data *)(LONG_PTR)
+ GetWindowLongPtr(hwnd, DWLP_USER);
+ if (d == NULL)
+ break;
+
+ d->nc->ident_cb(d->nc, WMNC_IDENT_EXIT, NULL, 0, 0, 0);
+
+ khui_cw_destroy_cred_blob(d->nc);
+ PFREE(d);
break;
+ case KHUI_WM_NC_NOTIFY:
+ d = (add_ident_data *)(LONG_PTR)
+ GetWindowLongPtr(hwnd, DWLP_USER);
+
+ switch(HIWORD(wParam)) {
+ case WMNC_ADD_CONTROL_ROW:
+ {
+ khui_control_row * row;
+ RECT r_lbl, r_inp, r_enc;
+ struct ctrl_row_dimensions * dim;
+ HFONT hf;
+
+ row = (khui_control_row *) lParam;
+
+#ifdef DEBUG
+ assert(row->label);
+ assert(row->input);
+ assert(d);
+#endif
+
+ if (row->size == KHUI_CTRLSIZE_SMALL) {
+ dim = &d->dim_small;
+ } else if (row->size == KHUI_CTRLSIZE_HALF) {
+ dim = &d->dim_medium;
+ } else {
+ dim = &d->dim_large;
+#ifdef DEBUG
+ assert(row->size == KHUI_CTRLSIZE_FULL);
+#endif
+ }
+
+ CopyRect(&r_enc, &dim->enclosure);
+ CopyRect(&r_lbl, &dim->label);
+ CopyRect(&r_inp, &dim->control);
+
+ OffsetRect(&r_enc, d->current_x, d->current_y);
+ OffsetRect(&r_lbl, r_enc.left, r_enc.top);
+ OffsetRect(&r_inp, r_enc.left, r_enc.top);
+
+ d->current_y += r_enc.bottom - r_enc.top;
+
+ hf = (HFONT) SendDlgItemMessage(hwnd, IDOK, WM_GETFONT, 0, 0);
+
+ if (row->label) {
+ SetWindowPos(row->label,
+ ((d->hwnd_last_ctrl != NULL)?
+ d->hwnd_last_ctrl :
+ HWND_TOP),
+ r_lbl.left, r_lbl.top,
+ r_lbl.right - r_lbl.left,
+ r_lbl.bottom - r_lbl.top,
+ SWP_DEFERERASE | SWP_NOACTIVATE |
+ SWP_NOOWNERZORDER);
+ if (hf)
+ SendMessage(row->label, WM_SETFONT,
+ (WPARAM) hf,
+ TRUE);
+ d->hwnd_last_ctrl = row->label;
+ }
+
+ if (row->input) {
+ SetWindowPos(row->input,
+ ((d->hwnd_last_ctrl != NULL)?
+ d->hwnd_last_ctrl :
+ HWND_TOP),
+ r_inp.left, r_inp.top,
+ r_inp.right - r_inp.left,
+ r_inp.bottom - r_inp.top,
+ SWP_DEFERERASE | SWP_NOACTIVATE |
+ SWP_NOOWNERZORDER);
+ if (hf)
+ SendMessage(row->input, WM_SETFONT,
+ (WPARAM) hf,
+ TRUE);
+ d->hwnd_last_ctrl = row->input;
+ }
+ }
+ break;
+
+ case WMNC_IDENTITY_CHANGE:
+ break;
+ }
+ return TRUE;
+
case WM_COMMAND:
if (LOWORD(wParam) == IDOK) {
wchar_t idname[KCDB_IDENT_MAXCCH_NAME];
- khm_int32 rv = KHM_ERROR_SUCCESS;
+ wchar_t err_msg[1024];
khm_handle ident = NULL;
khm_handle csp_ident = NULL;
- khm_size i;
- wchar_t err_msg[512] = L"";
-
- GetDlgItemText(hwnd, IDC_CFG_IDNAME, idname,
- ARRAYLENGTH(idname));
-
- idname[ARRAYLENGTH(idname) - 1] = L'\0';
- if (KHM_FAILED(rv = kcdb_identpro_validate_name(idname)) &&
- rv != KHM_ERROR_NO_PROVIDER &&
- rv != KHM_ERROR_NOT_IMPLEMENTED) {
- /* the supplied name was invalid or something */
-
- wchar_t fmt[256];
+ khm_size cb;
+ khm_int32 rv = KHM_ERROR_SUCCESS;
- LoadString(khm_hInstance, IDS_CFG_IDNAME_INV,
- fmt, ARRAYLENGTH(fmt));
- StringCbPrintf(err_msg, sizeof(err_msg), fmt, idname);
+ d = (add_ident_data *)(LONG_PTR)
+ GetWindowLongPtr(hwnd, DWLP_USER);
- goto show_failure;
- }
+ if (!d || !d->nc)
+ break;
- /* now check if this is actually a new identity */
- for (i=0; i < cfg_idents.n_idents; i++) {
- if (!kcdb_identpro_compare_name(cfg_idents.idents[i].idname,
- idname))
- break;
- }
+ /* check if there was an identity selected */
+ if (d->nc->n_identities == 0 ||
+ d->nc->identities[0] == NULL) {
- if (i < cfg_idents.n_idents) {
- wchar_t fmt[256];
+ StringCbCopy(idname, sizeof(idname), L"");
- LoadString(khm_hInstance, IDS_CFG_IDNAME_EXT,
- fmt, ARRAYLENGTH(fmt));
- StringCbPrintf(err_msg, sizeof(err_msg), fmt, idname);
+ LoadString(khm_hInstance, IDS_CFG_IDNAME_NON,
+ err_msg, ARRAYLENGTH(err_msg));
goto show_failure;
}
- /* ok. now we are all set to add the new identity */
- if (KHM_FAILED(rv = kcdb_identity_create(idname,
- KCDB_IDENT_FLAG_CREATE,
- &ident))) {
- /* oops */
- wchar_t fmt[256];
-
- LoadString(khm_hInstance, IDS_CFG_IDNAME_CCR,
- fmt, ARRAYLENGTH(fmt));
- StringCbPrintf(err_msg, sizeof(err_msg), fmt, rv);
+ ident = d->nc->identities[0];
+ kcdb_identity_hold(ident);
- goto show_failure;
- }
+ cb = sizeof(idname);
+ kcdb_identity_get_name(ident, idname, &cb);
/* now we have to create the identity configuration. */
if (KHM_FAILED(rv = kcdb_identity_get_config(ident,
@@ -804,6 +996,11 @@ khm_cfg_add_ident_proc(HWND hwnd, goto show_failure;
}
+ /* create a value so that the configuration space will
+ actually be created in the registry. We don't want
+ this new identity to be sticky. */
+ khc_write_int32(csp_ident, L"Sticky", 0);
+
khm_refresh_config();
kcdb_identity_release(ident);
@@ -833,6 +1030,14 @@ khm_cfg_add_ident_proc(HWND hwnd, } else if (LOWORD(wParam) == IDCANCEL) {
EndDialog(hwnd, 1);
+ } else {
+ d = (add_ident_data *)(LONG_PTR)
+ GetWindowLongPtr(hwnd, DWLP_USER);
+
+ if (d && d->nc && d->nc->ident_cb) {
+ return d->nc->ident_cb(d->nc, WMNC_IDENT_WMSG,
+ hwnd, umsg, wParam, lParam);
+ }
}
break;
}
@@ -1023,6 +1228,7 @@ find_ident_by_node(khui_config_node node) { khm_size cb;
wchar_t idname[KCDB_IDENT_MAXCCH_NAME];
int i;
+ khm_handle ident = NULL;
cb = sizeof(idname);
khui_cfg_get_name(node, idname, &cb);
@@ -1034,8 +1240,56 @@ find_ident_by_node(khui_config_node node) { if (i < (int)cfg_idents.n_idents)
return &cfg_idents.idents[i];
- else
+
+ /* there is no identity data for this configuration node. We try
+ to create it. */
+ if (KHM_FAILED(kcdb_identity_create(idname, 0, &ident)))
return NULL;
+
+ if (cfg_idents.n_idents >= cfg_idents.nc_idents) {
+ cfg_idents.nc_idents = UBOUNDSS(cfg_idents.n_idents + 1,
+ IDENTS_DATA_ALLOC_INCR,
+ IDENTS_DATA_ALLOC_INCR);
+#ifdef DEBUG
+ assert(cfg_idents.nc_idents > cfg_idents.n_idents);
+#endif
+ cfg_idents.idents = PREALLOC(cfg_idents.idents,
+ sizeof(*cfg_idents.idents) *
+ cfg_idents.nc_idents);
+#ifdef DEBUG
+ assert(cfg_idents.idents);
+#endif
+ ZeroMemory(&(cfg_idents.idents[cfg_idents.n_idents]),
+ sizeof(*cfg_idents.idents) *
+ (cfg_idents.nc_idents - cfg_idents.n_idents));
+ }
+
+ i = (int) cfg_idents.n_idents;
+
+ StringCbLength(idname, KCDB_IDENT_MAXCB_NAME, &cb);
+ cb += sizeof(wchar_t);
+
+ cfg_idents.idents[i].idname = PMALLOC(cb);
+#ifdef DEBUG
+ assert(cfg_idents.idents[i].idname);
+#endif
+ StringCbCopy(cfg_idents.idents[i].idname, cb, idname);
+
+ cfg_idents.idents[i].ident = ident;
+ cfg_idents.idents[i].removed = FALSE;
+
+ kcdb_identity_get_flags(ident, &cfg_idents.idents[i].flags);
+#ifdef DEBUG
+ assert(cfg_idents.idents[i].flags & KCDB_IDENT_FLAG_CONFIG);
+#endif
+
+ read_params_ident(&cfg_idents.idents[i]);
+
+ cfg_idents.n_idents++;
+
+ /* leave ident held. */
+
+ return &cfg_idents.idents[i];
}
static void
@@ -1191,13 +1445,17 @@ khm_cfg_id_tab_proc(HWND hwnd, case KHUI_WM_CFG_NOTIFY:
{
ident_data * d;
+ BOOL * cont;
khui_cfg_get_dialog_data(hwnd, &idata, NULL);
switch (HIWORD(wParam)) {
case WMCFG_APPLY:
+ cont = (BOOL *) lParam;
d = find_ident_by_node(idata->ctx_node);
write_params_ident(d);
+ if (d->removed && cont)
+ *cont = FALSE;
khui_cfg_set_flags_inst(idata, KHUI_CNFLAG_APPLIED,
KHUI_CNFLAG_APPLIED |
KHUI_CNFLAG_MODIFIED);
diff --git a/src/windows/identity/ui/configwnd.c b/src/windows/identity/ui/configwnd.c index 24f9a61..660c1fa 100644 --- a/src/windows/identity/ui/configwnd.c +++ b/src/windows/identity/ui/configwnd.c @@ -423,6 +423,209 @@ cfgui_apply_settings(khui_config_node node) { }
static void
+cfgui_remove_item(HWND hwtv,
+ HTREEITEM hItem) {
+ khui_config_node node;
+ HTREEITEM hChild;
+ TVITEMEX itemex;
+
+ for (hChild = TreeView_GetChild(hwtv, hItem);
+ hChild;
+ hChild = TreeView_GetChild(hwtv, hItem)) {
+
+ cfgui_remove_item(hwtv, hChild);
+
+ }
+
+ ZeroMemory(&itemex, sizeof(itemex));
+
+ itemex.mask = TVIF_PARAM;
+ itemex.hItem = hItem;
+
+ TreeView_GetChild(hwtv, &itemex);
+
+ node = (khui_config_node) itemex.lParam;
+
+ if (node) {
+ HWND hw;
+ hw = khui_cfg_get_hwnd(node);
+
+ if (hw)
+ DestroyWindow(hw);
+
+ khui_cfg_release(node);
+ }
+
+ TreeView_DeleteItem(hwtv, hItem);
+}
+
+struct cfgui_child_info {
+ HTREEITEM hItem;
+ khui_config_node node;
+ BOOL checked;
+};
+
+#define CI_ALLOC_INCR 8
+
+static void
+cfgui_sync_node(cfgui_wnd_data * d,
+ HWND hwtv,
+ khui_config_node c,
+ HTREEITEM hItem) {
+ khui_config_node child;
+ HTREEITEM hChild;
+ struct cfgui_child_info * childinfo = NULL;
+ khm_size n_childinfo = 0;
+ khm_size nc_childinfo = 0;
+ khm_size i;
+
+ /* first, get the list of children from the treeview control */
+ for (hChild = TreeView_GetChild(hwtv, hItem);
+ hChild;
+ hChild = TreeView_GetNextSibling(hwtv, hChild)) {
+
+ if (n_childinfo >= nc_childinfo) {
+ nc_childinfo = UBOUNDSS(n_childinfo + 1,
+ CI_ALLOC_INCR, CI_ALLOC_INCR);
+#ifdef DEBUG
+ assert(nc_childinfo > n_childinfo);
+#endif
+ childinfo = PREALLOC(childinfo,
+ sizeof(*childinfo) * nc_childinfo);
+#ifdef DEBUG
+ assert(childinfo);
+#endif
+ }
+
+ ZeroMemory(&childinfo[n_childinfo],
+ sizeof(childinfo[n_childinfo]));
+
+ childinfo[n_childinfo].hItem = hChild;
+ childinfo[n_childinfo].checked = FALSE;
+ n_childinfo++;
+ }
+
+ /* now, go through the list of actual nodes and make sure they
+ match up */
+ child = NULL;
+ for (khui_cfg_get_first_child(c, &child);
+ child;
+ khui_cfg_get_next_release(&child)) {
+
+ hChild = (HTREEITEM) khui_cfg_get_param(child);
+
+ for (i=0; i < n_childinfo; i++) {
+ if (childinfo[i].hItem == hChild)
+ break;
+ }
+
+ if (i < n_childinfo) {
+ childinfo[i].checked = TRUE;
+ } else {
+ /* add it to the list, so we can create the node in the
+ tree view control later. */
+ if (n_childinfo >= nc_childinfo) {
+ nc_childinfo = UBOUNDSS(n_childinfo + 1,
+ CI_ALLOC_INCR, CI_ALLOC_INCR);
+#ifdef DEBUG
+ assert(nc_childinfo > n_childinfo);
+#endif
+ childinfo = PREALLOC(childinfo,
+ sizeof(*childinfo) * nc_childinfo);
+#ifdef DEBUG
+ assert(childinfo);
+#endif
+ }
+
+ ZeroMemory(&childinfo[n_childinfo],
+ sizeof(childinfo[n_childinfo]));
+
+ childinfo[n_childinfo].node = child;
+ khui_cfg_hold(child);
+ n_childinfo++;
+ }
+ }
+
+ /* by this point, the childinfo list contains items of the
+ following forms:
+
+ 1. childinfo[i].hItem != NULL && childinfo[i].checked == TRUE
+
+ Corresponds to a tree view item that has a matching
+ configuration node. Nothing to do here.
+
+ 2. childinfo[i].hItem != NULL && childinfo[i].checked == FALSE
+
+ Corresponds to a tree view item that has no matching
+ configuration node. These should be removed.
+
+ 3. childinfo[i].hItem == NULL && childinfo[i].node != NULL
+
+ Corresponds to a configuration node that has no matching
+ tree view item. These nodes should be added.
+ */
+
+ /* first do the removals */
+ for (i=0; i < n_childinfo; i++) {
+ if (childinfo[i].hItem == NULL)
+ break; /* nothing more to see from this point
+ on */
+ if (!childinfo[i].checked) {
+ /* remove! */
+ cfgui_remove_item(hwtv, childinfo[i].hItem);
+ }
+ }
+
+ /* continue from where the previous loop left off */
+ for (; i < n_childinfo; i++) {
+#ifdef DEBUG
+ assert(childinfo[i].hItem == NULL);
+ assert(childinfo[i].node != NULL);
+#endif
+
+ cfgui_add_node(d, hwtv, childinfo[i].node, c, FALSE);
+
+ khui_cfg_release(childinfo[i].node);
+ childinfo[i].node = NULL;
+ }
+
+ if (childinfo)
+ PFREE(childinfo);
+
+ /* finally recurse through to the next level */
+ for (hChild = TreeView_GetChild(hwtv, hItem);
+ hChild;
+ hChild = TreeView_GetNextSibling(hwtv, hChild)) {
+
+ TVITEMEX itemex;
+
+ ZeroMemory(&itemex, sizeof(itemex));
+
+ itemex.mask = TVIF_PARAM;
+ itemex.hItem = hChild;
+
+ TreeView_GetItem(hwtv, &itemex);
+
+ if (itemex.lParam) {
+ child = (khui_config_node) itemex.lParam;
+
+ cfgui_sync_node(d, hwtv, child, hChild);
+ }
+ }
+}
+
+static void
+cfgui_sync_node_list(cfgui_wnd_data * d, HWND hwnd) {
+ HWND hwtv;
+ HTREEITEM hItem;
+
+ hwtv = GetDlgItem(hwnd, IDC_CFG_NODELIST);
+ hItem = TreeView_GetRoot(hwtv);
+
+ cfgui_sync_node(d, hwtv, NULL, hItem);
+}
+
+static void
cfgui_update_state(HWND hwnd,
khm_int32 flags,
khui_config_node node) {
@@ -670,7 +873,8 @@ cfgui_dlgproc(HWND hwnd, break;
case WMCFG_SYNC_NODE_LIST:
- /*TODO: synchronize the node lists here */
+ d = cfgui_get_wnd_data(hwnd);
+ cfgui_sync_node_list(d, hwnd);
break;
}
@@ -825,6 +1029,9 @@ void khm_refresh_config(void) { khui_cfg_remove(cfg_iter);
}
+
+ if (tident)
+ kcdb_identity_release(tident);
}
/* Now iterate through the root level configuration nodes and make
diff --git a/src/windows/identity/ui/credfuncs.c b/src/windows/identity/ui/credfuncs.c index d695afe..530ef08 100644 --- a/src/windows/identity/ui/credfuncs.c +++ b/src/windows/identity/ui/credfuncs.c @@ -267,8 +267,9 @@ kmsg_cred_completion(kmq_message *m) kcdb_credset_get_size(tcs, &count);
kcdb_credset_delete(tcs);
- if (count == 0)
- break;
+ if (count == 0) {
+ goto done_with_op;
+ }
}
ctx = kherr_peek_context();
@@ -348,6 +349,8 @@ kmsg_cred_completion(kmq_message *m) kherr_clear_error();
}
+ done_with_op:
+
if (nc->subtype == KMSG_CRED_RENEW_CREDS) {
kmq_post_message(KMSG_CRED, KMSG_CRED_END, 0,
m->vparam);
@@ -994,11 +997,23 @@ khm_cred_process_startup_actions(void) { }
if (khm_startup.autoinit) {
- khm_size count;
+ khm_size count = 0;
+ khm_handle credset = NULL;
+ khm_int32 ctype_ident = KCDB_CREDTYPE_INVALID;
+ khm_int32 delta = 0;
khm_startup.autoinit = FALSE;
- kcdb_credset_get_size(NULL, &count);
+ kcdb_credset_create(&credset);
+ kcdb_identity_get_type(&ctype_ident);
+
+ kcdb_credset_collect(credset, NULL,
+ defident, ctype_ident,
+ &delta);
+
+ kcdb_credset_get_size(credset, &count);
+
+ kcdb_credset_delete(credset);
if (count == 0) {
if (defident)
diff --git a/src/windows/identity/ui/htwnd.c b/src/windows/identity/ui/htwnd.c index f655256..afb68aa 100644 --- a/src/windows/identity/ui/htwnd.c +++ b/src/windows/identity/ui/htwnd.c @@ -806,7 +806,8 @@ static LRESULT htw_paint(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam) EndPaint(hwnd, &ps);
- if (d->ext_width < ext_width) {
+ if (d->ext_width < ext_width ||
+ d->ext_height < ext_height) {
SCROLLINFO si;
LONG l;
diff --git a/src/windows/identity/ui/lang/en_us/khapp.rc b/src/windows/identity/ui/lang/en_us/khapp.rc index eb84b8f..48f5776 100644 --- a/src/windows/identity/ui/lang/en_us/khapp.rc +++ b/src/windows/identity/ui/lang/en_us/khapp.rc @@ -370,9 +370,9 @@ FONT 8, "MS Shell Dlg", 400, 0, 0x1 BEGIN
GROUPBOX "Font for credentials display",IDC_STATIC,7,7,241,137
LTEXT "&Font name",IDC_STATIC,17,22,35,8
- COMBOBOX IDC_CFG_FONTS,62,20,178,30,CBS_DROPDOWNLIST | CBS_SORT | WS_VSCROLL | WS_TABSTOP
+ COMBOBOX IDC_CFG_FONTS,62,20,178,51,CBS_DROPDOWNLIST | CBS_SORT | WS_VSCROLL | WS_TABSTOP
LTEXT "&Size",IDC_STATIC,62,43,14,8
- COMBOBOX IDC_CFG_SIZE,87,41,48,14,CBS_DROPDOWNLIST | WS_VSCROLL | WS_TABSTOP
+ COMBOBOX IDC_CFG_SIZE,87,41,48,51,CBS_DROPDOWNLIST | WS_VSCROLL | WS_TABSTOP
CONTROL "&Bold",IDC_CFG_BOLD,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,162,42,29,10
CONTROL "&Italics",IDC_CFG_ITALICS,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,205,42,35,10
EDITTEXT IDC_CFG_SAMPLE_NORMAL,62,66,178,21,ES_AUTOHSCROLL | ES_READONLY | NOT WS_BORDER | NOT WS_TABSTOP,WS_EX_STATICEDGE
@@ -380,15 +380,19 @@ BEGIN PUSHBUTTON "&Revert to default",IDC_CFG_REVERT,168,122,72,14
END
-IDD_CFG_ADDIDENT DIALOGEX 0, 0, 325, 70
+IDD_CFG_ADDIDENT DIALOGEX 0, 0, 279, 95
STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "Add new identity"
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- LTEXT "&Identity name",IDC_STATIC,7,10,46,8
- EDITTEXT IDC_CFG_IDNAME,67,7,195,14,ES_AUTOHSCROLL
- DEFPUSHBUTTON "OK",IDOK,268,7,50,14
- PUSHBUTTON "Cancel",IDCANCEL,268,24,50,14
+ LTEXT "&Identity name",IDC_SM_LBL,7,10,46,8,NOT WS_VISIBLE
+ EDITTEXT IDC_SM_CTL,67,7,205,14,ES_AUTOHSCROLL | NOT WS_VISIBLE
+ DEFPUSHBUTTON "OK",IDOK,145,74,71,14
+ PUSHBUTTON "Cancel",IDCANCEL,222,74,50,14
+ LTEXT "&Identity name",IDC_MED_LBL,7,27,130,8,NOT WS_VISIBLE
+ EDITTEXT IDC_MED_CTL,141,24,131,14,ES_AUTOHSCROLL | NOT WS_VISIBLE
+ LTEXT "&Identity name",IDC_LG_LBL,7,41,265,8,NOT WS_VISIBLE
+ EDITTEXT IDC_LG_CTL,141,50,131,14,ES_AUTOHSCROLL | NOT WS_VISIBLE
END
@@ -531,9 +535,9 @@ BEGIN IDD_CFG_ADDIDENT, DIALOG
BEGIN
LEFTMARGIN, 7
- RIGHTMARGIN, 318
+ RIGHTMARGIN, 272
TOPMARGIN, 7
- BOTTOMMARGIN, 63
+ BOTTOMMARGIN, 88
END
END
#endif // APSTUDIO_INVOKED
@@ -777,6 +781,7 @@ END STRINGTABLE
BEGIN
IDS_NC_REN_FAILED_TITLE_I "Failed to renew creds for %s"
+ IDS_CFG_IDNAME_NON "No identity selected. Please select an identity and try again."
END
#endif // English (U.S.) resources
diff --git a/src/windows/identity/ui/newcredwnd.c b/src/windows/identity/ui/newcredwnd.c index f5b302e..a52d09b 100644 --- a/src/windows/identity/ui/newcredwnd.c +++ b/src/windows/identity/ui/newcredwnd.c @@ -522,7 +522,8 @@ nc_update_credtext(khui_nc_wnd_data * d) }
if (!(d->nc->response & KHUI_NC_RESPONSE_PROCESSING)) {
- if(validId || d->nc->subtype == KMSG_CRED_PASSWORD) {
+ if(validId ||
+ d->nc->subtype == KMSG_CRED_PASSWORD) {
/* TODO: check if all the required fields have valid values
before enabling the Ok button */
okEnable = TRUE;
@@ -876,9 +877,8 @@ nc_add_control_row(khui_nc_wnd_data * d, SetRectEmpty(&r_input);
#ifdef DEBUG
assert(FALSE);
-#else
- return;
#endif
+ return;
}
if (label)
diff --git a/src/windows/identity/ui/notifier.c b/src/windows/identity/ui/notifier.c index 12b746b..9804abf 100644 --- a/src/windows/identity/ui/notifier.c +++ b/src/windows/identity/ui/notifier.c @@ -305,6 +305,7 @@ notifier_wnd_proc(HWND hwnd, khm_timer_fire(hwnd);
} else if (wParam == KHUI_REFRESH_TIMER_ID) {
KillTimer(hwnd, KHUI_REFRESH_TIMER_ID);
+ kcdb_identity_refresh_all();
khm_timer_refresh(hwnd);
}
}
diff --git a/src/windows/identity/ui/resource.h b/src/windows/identity/ui/resource.h index 35b493e..b8dc0ec 100644 --- a/src/windows/identity/ui/resource.h +++ b/src/windows/identity/ui/resource.h @@ -293,6 +293,7 @@ #define IDS_NC_FAILED_TITLE_I 286
#define IDS_NC_PWD_FAILED_TITLE_I 287
#define IDS_NC_REN_FAILED_TITLE_I 288
+#define IDS_CFG_IDNAME_NON 289
#define IDC_NC_USERNAME 1007
#define IDC_NC_PASSWORD 1008
#define IDC_NC_CREDTEXT_LABEL 1009
@@ -389,7 +390,13 @@ #define IDC_CFG_ITALICS 1132
#define IDC_CFG_ADDIDENT 1133
#define IDC_CFG_IDNAME 1134
+#define IDC_SM_CTL 1134
#define IDC_CFG_SHOWLOG 1135
+#define IDC_MED_CTL 1135
+#define IDC_LG_CTL 1136
+#define IDC_SM_LBL 1137
+#define IDC_MED_LBL 1138
+#define IDC_LG_LBL 1139
#define IDA_ACTIVATE_MENU 40003
#define IDA_UP 40004
#define IDA_DOWN 40005
@@ -404,7 +411,7 @@ #ifndef APSTUDIO_READONLY_SYMBOLS
#define _APS_NEXT_RESOURCE_VALUE 212
#define _APS_NEXT_COMMAND_VALUE 40010
-#define _APS_NEXT_CONTROL_VALUE 1136
+#define _APS_NEXT_CONTROL_VALUE 1140
#define _APS_NEXT_SYMED_VALUE 101
#endif
#endif
diff --git a/src/windows/identity/ui/timer.c b/src/windows/identity/ui/timer.c index 40464d5..3adf9e9 100644 --- a/src/windows/identity/ui/timer.c +++ b/src/windows/identity/ui/timer.c @@ -92,17 +92,21 @@ khm_timer_exit(void) { static void
tmr_fire_timer(void) {
int i;
- unsigned __int64 curtime;
- unsigned __int64 err;
- unsigned __int64 next_event;
+ khm_int64 curtime;
+ khm_int64 err;
+ khm_int64 next_event;
int tmr_count[KHUI_N_TTYPES];
- unsigned __int64 tmr_offset[KHUI_N_TTYPES];
+ khm_int64 tmr_offset[KHUI_N_TTYPES];
int t;
khm_handle eff_ident = NULL;
khui_timer_type eff_type = 0; /* meaningless */
int fire_count = 0;
FILETIME ft;
+ _begin_task(0);
+ _report_cs0(KHERR_DEBUG_1, L"Checking for expired timers");
+ _describe();
+
TimetToFileTimeInterval(KHUI_TIMEEQ_ERROR_SMALL, &ft);
err = FtToInt(&ft);
GetSystemTimeAsFileTime(&ft);
@@ -119,10 +123,16 @@ tmr_fire_timer(void) { khui_timers[i].type != KHUI_TTYPE_ID_MARK &&
khui_timers[i].expire < curtime + err) {
+ _report_cs3(KHERR_DEBUG_1, L"Expiring timer index=%1!d!, type=%2!d!, key=%3!p!",
+ _int32(i), _int32(khui_timers[i].type),
+ _cptr(khui_timers[i].key));
+
t = khui_timers[i].type;
switch(t) {
case KHUI_TTYPE_ID_RENEW:
+ _report_cs1(KHERR_DEBUG_1, L"Renewing identity %1!p!",
+ _cptr(khui_timers[i].key));
khm_cred_renew_identity(khui_timers[i].key);
khui_timers[i].flags |= KHUI_TE_FLAG_EXPIRED;
break;
@@ -134,6 +144,8 @@ tmr_fire_timer(void) { we assume that it is safe to trigger a renew_cred
call here without checking if there's an imminent
renew_identity call. */
+ _report_cs1(KHERR_DEBUG_1, L"Renewing credential %1!p!",
+ _cptr(khui_timers[i].key));
khm_cred_renew_cred(khui_timers[i].key);
khui_timers[i].flags |= KHUI_TE_FLAG_EXPIRED;
break;
@@ -184,7 +196,7 @@ tmr_fire_timer(void) { wchar_t wtime[128];
wchar_t wmsg[256];
wchar_t wtitle[64];
- unsigned __int64 second;
+ khm_int64 second;
khui_alert * alert = NULL;
khm_size cb;
@@ -249,6 +261,9 @@ tmr_fire_timer(void) { khui_alert_show(alert);
khui_alert_release(alert);
}
+
+ _end_task();
+
}
void
@@ -264,6 +279,85 @@ static int tmr_update(khm_handle key, khui_timer_type type, __int64 expire,
__int64 offset, void * data, khm_boolean reinstate) {
int i;
+ wchar_t name[KCDB_MAXCCH_NAME];
+ wchar_t tstamp[128];
+ wchar_t *type_str = NULL;
+ SYSTEMTIME st;
+ FILETIME ft;
+ FILETIME ftl;
+ khm_size cb;
+
+ switch(type) {
+ case KHUI_TTYPE_ID_MARK:
+ type_str = L"marker";
+ break;
+
+ case KHUI_TTYPE_CRED_WARN:
+ case KHUI_TTYPE_ID_WARN:
+ type_str = L"warning";
+ break;
+
+ case KHUI_TTYPE_CRED_CRIT:
+ case KHUI_TTYPE_ID_CRIT:
+ type_str = L"critical";
+ break;
+
+ case KHUI_TTYPE_CRED_EXP:
+ case KHUI_TTYPE_ID_EXP:
+ type_str = L"expiry";
+ break;
+
+ case KHUI_TTYPE_CRED_RENEW:
+ case KHUI_TTYPE_ID_RENEW:
+ type_str = L"renew";
+ break;
+ }
+
+ ft = IntToFt(expire);
+ FileTimeToLocalFileTime(&ft, &ftl);
+ FileTimeToSystemTime(&ftl, &st);
+ StringCbPrintf(tstamp, sizeof(tstamp),
+ L"%d-%d-%d %d:%d:%d",
+ st.wYear, st.wMonth, st.wDay,
+ st.wHour, st.wMinute, st.wSecond);
+
+ cb = sizeof(name); name[0] = L'\0';
+ if (type_str == NULL) {
+
+ _report_cs2(KHERR_DEBUG_1,
+ L"Updating uknown timer of type %1!d! exp(%2!s!)",
+ _int32(type),
+ _cstr(tstamp));
+ _resolve();
+
+ } else if (type == KHUI_TTYPE_ID_MARK ||
+ type == KHUI_TTYPE_ID_WARN ||
+ type == KHUI_TTYPE_ID_CRIT ||
+ type == KHUI_TTYPE_ID_EXP ||
+ type == KHUI_TTYPE_ID_RENEW) {
+
+ kcdb_identity_get_name(key, name, &cb);
+ _report_cs3(KHERR_DEBUG_1,
+ L"Updating identity %1!s! timer for %2!s! exp(%3!s!)",
+ _cstr(type_str),
+ _cstr(name),
+ _cstr(tstamp));
+ _resolve();
+
+ } else if (type == KHUI_TTYPE_CRED_RENEW ||
+ type == KHUI_TTYPE_CRED_WARN ||
+ type == KHUI_TTYPE_CRED_CRIT ||
+ type == KHUI_TTYPE_CRED_EXP) {
+
+ kcdb_cred_get_name(key, name, &cb);
+ _report_cs3(KHERR_DEBUG_1,
+ L"Updating credential %1!s! timer for %2!s! exp(%3!s!)",
+ _cstr(type_str),
+ _cstr(name),
+ _cstr(tstamp));
+ _resolve();
+
+ }
for (i=0; i < (int) khui_n_timers; i++) {
if (khui_timers[i].key == key &&
@@ -385,7 +479,7 @@ tmr_next_halflife_timeout(int idx, FILETIME * issue, FILETIME * expire) { not expired. However, we leave it to the caller to update the
actual timer and mark it as not stale. */
if (idx >= 0 &&
- khui_timers[idx].expire < (khm_ui_8) iret) {
+ khui_timers[idx].expire < iret) {
khui_timers[idx].flags &= ~KHUI_TE_FLAG_EXPIRED;
khui_timers[idx].expire = iret;
@@ -394,7 +488,8 @@ tmr_next_halflife_timeout(int idx, FILETIME * issue, FILETIME * expire) { return ret;
}
-/* called with cs_timers held */
+/* called with cs_timers held. Called once for each credential in the
+ root credentials set. */
static khm_int32 KHMAPI
tmr_cred_apply_proc(khm_handle cred, void * rock) {
khm_handle ident = NULL;
@@ -410,40 +505,56 @@ tmr_cred_apply_proc(khm_handle cred, void * rock) { FILETIME fte;
FILETIME ft_reinst;
khm_size cb;
+ wchar_t wname[KCDB_MAXCCH_NAME];
+
+ cb = sizeof(wname);
+ wname[0] = L'\0';
+ kcdb_cred_get_name(cred, wname, &cb);
+
+ _report_cs1(KHERR_DEBUG_1, L"Looking at cred [%1!s!]",
+ _cstr(wname));
+ _resolve();
kcdb_cred_get_identity(cred, &ident);
#ifdef DEBUG
assert(ident);
#endif
- /* now get the expiry */
+ /* now get the expiry for the identity*/
cb = sizeof(ft_expiry);
if (KHM_FAILED(kcdb_identity_get_attr(ident, KCDB_ATTR_EXPIRE,
NULL,
&ft_expiry, &cb))) {
+
+ /* failing which, we get the expiry for this credential */
cb = sizeof(ft_expiry);
if (KHM_FAILED(kcdb_cred_get_attr(cred, KCDB_ATTR_EXPIRE,
NULL,
&ft_expiry, &cb))) {
/* we don't have an expiry time to work with */
+ _report_cs1(KHERR_DEBUG_1, L"Skipping cred [%1!s!]. No expiry time",
+ _cstr(wname));
+ _resolve();
+
kcdb_identity_release(ident);
return KHM_ERROR_SUCCESS;
+ } else {
+ /* and the time of issue */
+ cb = sizeof(ft_issue);
+ if (KHM_FAILED(kcdb_cred_get_attr(cred, KCDB_ATTR_ISSUE,
+ NULL, &ft_issue, &cb)))
+ ZeroMemory(&ft_issue, sizeof(ft_issue));
}
- }
- cb = sizeof(ft_issue);
- if (KHM_FAILED(kcdb_identity_get_attr(ident, KCDB_ATTR_ISSUE,
- NULL,
- &ft_issue, &cb))) {
+ } else {
+ /* also try to get the time of issue. */
cb = sizeof(ft_issue);
- if (KHM_FAILED(kcdb_cred_get_attr(cred, KCDB_ATTR_ISSUE,
- NULL,
- &ft_issue, &cb))) {
- /* we don't really abandon the timer. In this case, we
- fall back to using the threshold value to set the
- expiry timer. */
+ if (KHM_FAILED(kcdb_identity_get_attr(ident, KCDB_ATTR_ISSUE,
+ NULL, &ft_issue, &cb)))
+ /* if we fail, we just zero out the time of issue and
+ failover to using the threshold value to set the expiry
+ timer instead of the half life algorithm. */
ZeroMemory(&ft_issue, sizeof(ft_issue));
- }
}
/* and the current time */
@@ -540,7 +651,8 @@ tmr_cred_apply_proc(khm_handle cred, void * rock) { prev =
tmr_find(ident, KHUI_TTYPE_ID_RENEW, 0, 0);
- if (do_halflife)
+ if (do_halflife && (ft_issue.dwLowDateTime != 0 ||
+ ft_issue.dwHighDateTime != 0))
fte = tmr_next_halflife_timeout(prev, &ft_issue, &ft_expiry);
else
fte = FtSub(&ft_expiry, &ft);
@@ -613,15 +725,22 @@ tmr_cred_apply_proc(khm_handle cred, void * rock) { if (KHM_FAILED(kcdb_cred_get_attr(cred, KCDB_ATTR_EXPIRE,
NULL,
&ft_cred_expiry,
- &cb)))
+ &cb))) {
+ _report_cs1(KHERR_DEBUG_1, L"Skipping cred [%1!s!]. Can't lookup cred expiry",
+ _cstr(wname));
+ _resolve();
goto _cleanup;
+ }
cb = sizeof(ft_cred_issue);
if (KHM_FAILED(kcdb_cred_get_attr(cred, KCDB_ATTR_ISSUE,
NULL,
&ft_cred_issue,
- &cb)))
- goto _cleanup;
+ &cb))) {
+
+ ZeroMemory(&ft_cred_issue, sizeof(ft_cred_issue));
+
+ }
TimetToFileTimeInterval(KHUI_TIMEEQ_ERROR, &ft);
@@ -636,8 +755,14 @@ tmr_cred_apply_proc(khm_handle cred, void * rock) { ft_delta = FtSub(&ft_expiry, &ft_cred_expiry);
if (CompareFileTime(&ft_cred_expiry, &ft_expiry) >= 0 ||
- CompareFileTime(&ft_delta, &ft) < 0)
+ CompareFileTime(&ft_delta, &ft) < 0) {
+
+ _report_cs1(KHERR_DEBUG_1,
+ L"Skipping credential [%1!s!]. The expiry time is too close to the identity expiry.",
+ _cstr(wname));
+ _resolve();
goto _cleanup;
+ }
}
if ((idx = tmr_find(ident, KHUI_TTYPE_ID_WARN, 0, 0)) >= 0 &&
@@ -669,8 +794,34 @@ tmr_cred_apply_proc(khm_handle cred, void * rock) { if ((idx = tmr_find(ident, KHUI_TTYPE_ID_RENEW, 0, 0)) >= 0 &&
!(khui_timers[idx].flags & KHUI_TE_FLAG_STALE)) {
- //fte = IntToFt(FtToInt(&ft_cred_expiry) - khui_timers[idx].offset);
- fte = tmr_next_halflife_timeout(idx, &ft_cred_issue, &ft_cred_expiry);
+ int cidx = tmr_find(cred, KHUI_TTYPE_CRED_RENEW, 0, 0);
+
+ if (ft_cred_issue.dwLowDateTime == 0 &&
+ ft_cred_issue.dwHighDateTime == 0) {
+ fte = IntToFt(FtToInt(&ft_cred_expiry) - khui_timers[idx].offset);
+ /* a special case, for a credential whose remaining
+ lifetime is less than the offset, we try half life on
+ the current time and the expiry. */
+ if (CompareFileTime(&fte, &ft_current) <= 0 &&
+ CompareFileTime(&ft_current, &ft_expiry) < 0) {
+ fte = tmr_next_halflife_timeout(cidx, &ft_current, &ft_cred_expiry);
+#if 0
+ /* now, if we already have a renew timer for this
+ credential that hasn't expired yet and that is set
+ for earlier than fte, we let it be. */
+ if (cidx >= 0 &&
+ khui_timers[cidx].expire < FtToInt(&fte) &&
+ khui_timers[cidx].expire > FtToInt(&ft_current) &&
+ !(khui_timers[cidx].flags & KHUI_TE_FLAG_EXPIRED)) {
+
+ fte = IntToFt(khui_timers[cidx].expire);
+
+ }
+#endif
+ }
+ } else {
+ fte = tmr_next_halflife_timeout(cidx, &ft_cred_issue, &ft_cred_expiry);
+ }
if (CompareFileTime(&fte, &ft_current) > 0) {
tmr_update(cred, KHUI_TTYPE_CRED_RENEW,
@@ -754,13 +905,18 @@ tmr_purge(void) { khui_n_timers = j;
}
-/* go through all the credentials and set timers as appropriate. */
+/* go through all the credentials and set timers as appropriate. hwnd
+ is the window that will receive the timer events.*/
void
khm_timer_refresh(HWND hwnd) {
int i;
- unsigned __int64 next_event = 0;
- unsigned __int64 curtime;
- unsigned __int64 diff;
+ khm_int64 next_event = 0;
+ khm_int64 curtime;
+ khm_int64 diff;
+
+ _begin_task(0);
+ _report_cs0(KHERR_DEBUG_1, L"Refreshing timers");
+ _describe();
EnterCriticalSection(&cs_timers);
@@ -788,12 +944,18 @@ khm_timer_refresh(HWND hwnd) { #endif
}
+ _report_cs1(KHERR_DEBUG_1, L"Starting with %1!d! timers",
+ _int32(khui_n_timers));
+
kcdb_credset_apply(NULL,
tmr_cred_apply_proc,
NULL);
tmr_purge();
+ _report_cs1(KHERR_DEBUG_1, L"Leaving with %1!d! timers",
+ _int32(khui_n_timers));
+
_check_next_event:
/* Before we return, we should check if any timers are set to
@@ -805,9 +967,11 @@ khm_timer_refresh(HWND hwnd) { if (!(khui_timers[i].flags & KHUI_TE_FLAG_EXPIRED) &&
khui_timers[i].type != KHUI_TTYPE_ID_MARK &&
(next_event == 0 ||
- next_event > khui_timers[i].expire))
+ next_event > khui_timers[i].expire)) {
next_event = khui_timers[i].expire;
+
+ }
}
if (next_event != 0) {
@@ -833,4 +997,6 @@ khm_timer_refresh(HWND hwnd) { }
LeaveCriticalSection(&cs_timers);
+
+ _end_task();
}
diff --git a/src/windows/identity/ui/timer.h b/src/windows/identity/ui/timer.h index 081d278..130ae99 100644 --- a/src/windows/identity/ui/timer.h +++ b/src/windows/identity/ui/timer.h @@ -58,9 +58,9 @@ typedef struct tag_khui_timer_event { khm_handle key;
khui_timer_type type;
- unsigned __int64 expire; /* time at which the timer expires */
- unsigned __int64 offset; /* time offset at which the event that
- the timer warns of happens */
+ khm_int64 expire; /* time at which the timer expires */
+ khm_int64 offset; /* time offset at which the event that the
+ timer warns of happens */
void * data;
khm_int32 flags;
} khui_timer_event;
diff --git a/src/windows/identity/uilib/configui.c b/src/windows/identity/uilib/configui.c index 79e57082..c8c61f5 100644 --- a/src/windows/identity/uilib/configui.c +++ b/src/windows/identity/uilib/configui.c @@ -349,7 +349,9 @@ khui_cfg_get_first_child(khui_config_node vparent, if (parent) {
for(c = TFIRSTCHILD(parent);
- c && (c->reg.flags & KHUI_CNFLAG_SUBPANEL);
+ c &&
+ ((c->reg.flags & KHUI_CNFLAG_SUBPANEL) ||
+ (c->flags & KHUI_CN_FLAG_DELETED));
c = LNEXT(c));
} else {
c = NULL;
@@ -390,7 +392,9 @@ khui_cfg_get_first_subpanel(khui_config_node vparent, if (parent) {
for(c = TFIRSTCHILD(parent);
- c && !(c->reg.flags & KHUI_CNFLAG_SUBPANEL);
+ c &&
+ (!(c->reg.flags & KHUI_CNFLAG_SUBPANEL) ||
+ (c->flags & KHUI_CN_FLAG_DELETED));
c = LNEXT(c));
} else {
c = NULL;
@@ -458,8 +462,9 @@ khui_cfg_get_next_release(khui_config_node * pvnode) { node = cfgui_node_i_from_handle(*pvnode);
for(nxt_node = LNEXT(node);
nxt_node &&
- ((node->reg.flags ^ nxt_node->reg.flags) &
- KHUI_CNFLAG_SUBPANEL);
+ (((node->reg.flags ^ nxt_node->reg.flags) &
+ KHUI_CNFLAG_SUBPANEL) ||
+ (nxt_node->flags & KHUI_CN_FLAG_DELETED));
nxt_node = LNEXT(nxt_node));
if (nxt_node)
cfgui_hold_node(nxt_node);
diff --git a/src/windows/identity/uilib/creddlg.c b/src/windows/identity/uilib/creddlg.c index 84d6e17..1d36d3c 100644 --- a/src/windows/identity/uilib/creddlg.c +++ b/src/windows/identity/uilib/creddlg.c @@ -57,6 +57,8 @@ khui_cw_create_cred_blob(khui_new_creds ** ppnc) c->result = KHUI_NC_RESULT_CANCEL;
c->mode = KHUI_NC_MODE_MINI;
+ khui_context_create(&c->ctx, KHUI_SCOPE_NONE, NULL, KCDB_CREDTYPE_INVALID, NULL);
+
*ppnc = c;
return KHM_ERROR_SUCCESS;
diff --git a/src/windows/identity/uilib/khprops.h b/src/windows/identity/uilib/khprops.h index fc5629d..c0977b8 100644 --- a/src/windows/identity/uilib/khprops.h +++ b/src/windows/identity/uilib/khprops.h @@ -27,6 +27,8 @@ #ifndef __KHIMAIRA_KHPROPS_H
#define __KHIMAIRA_KHPROPS_H
+#include<prsht.h>
+
/*********************************************************************
Property sheets
**********************************************************************/
|