diff options
| author | Tom Yu <tlyu@mit.edu> | 2006-09-25 22:14:02 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2006-09-25 22:14:02 +0000 |
| commit | fc1795cf1667a47e125a399e3da83ec6c0693f3e (patch) | |
| tree | 20a178c33c70fb87da599e963542b2cf5eaa264f | |
| parent | d592010f87b9d29dfd0ca099a8ff13139a52eca8 (diff) | |
| download | krb5-fc1795cf1667a47e125a399e3da83ec6c0693f3e.zip krb5-fc1795cf1667a47e125a399e3da83ec6c0693f3e.tar.gz krb5-fc1795cf1667a47e125a399e3da83ec6c0693f3e.tar.bz2 | |
pull up r18604 from trunk
r18604@cathode-dark-space: jaltman | 2006-09-21 17:49:41 -0400
ticket: new
subject: KFW 3.1 Beta 2 NetIDMgr Changes
component: windows
tags: pullup
source for (1.1.0.1)
- Updated documentation with additional information and fixed errors.
nidmgr32.dll (1.1.0.1)
- Fixed a deadlock in the configuration provider that may cause
NetIDMgr to deadlock on load.
- Prevent the configuration provider handle list from getting
corrupted in the event of a plug-in freeing a handle twice.
- Add more parameter validation for the configuration provider.
- If a plug-in is only partially registered (only some of the entries
were set in the registry), the completion of the registration didn't
complete successfully, leaving the plug-in in an unusable state.
This has been fixed. Plug-ins will now successfully complete
registration once they are loaded for the first time, assuming the
correct resources are present in the module.
- Fixed notifications for setting a default identity. Notifications
were not being properly sent out resulting in the credentials window
not being updated when the default identity changed.
- Changes to the API for type safety.
- Handling of binary data fields was changed to support validation and
comparison.
- Data types that do not support KCDB_CBSIZE_AUTO now check for and
report an error if it is specified.
- Password fields in the new credentials dialog will trim leading and
trailing whitespace before using a user-entered value.
- Change password action will no longer be disabled if no identity is
selected. An identity selection control is present in the dialog
making this restriction unnecessary.
- When renewing credentials, error messages will be suppressed if the
renewal was for an identity and the identity does not have any
identity credentials associated with it.
- Error messages that are related to credentials acquisition or
password changes will now display the name of the identity that the
error applies to.
- Automatic renewals now renews all identities that have credentials
associated with them instead of just the default identity.
- Fixed a bug where error messages did not have a default button which
can be invoked with the return key or the space bar.
- The new credentials window will force itself to the top. This can
be disabled via a registry setting, but is on by default.
- Fixed the sort order in the new credentials tabs to respect sort
hints provided by plug-ins.
- If a new credentials operation fails, the password fields will be
cleared.
- Once a new credentials operation starts, the controls for specifying
the identity and password and any other custom prompts will be
disabled until the operation completes.
- Notifications during the new credentials operation now supply a
handle to the proper data structures as documented.
- Hyperlinks in the new credentials dialog now support markup that
will prevent the dialog from switching to the credentials type panel
when the link is activated.
- If there are too many buttons added by plug-ins in the new
credentials dialog, they will be resized to accomodate all of them.
- The options button in the new credentials dialog will be disabled
while a new credentials operation is in progress.
- The 'about' dialog retains the original copyright strings included
in the resource.
- Multiple modal dialogs are now supported. Only the topmost one will
be active. Once it is closed, the other dialogs will gain focus in
turn. This allows for error messages to be displayed from other
modal dialogs.
- The hypertext window supports italics.
krb4cred.dll (1.1.0.1)
- Fixed a bug where the plug-in would attempt to free a handle twice.
- Fixed a handle leak.
- Changed the facility name used for event reporting to match the
credentials type name.
krb5cred.dll (1.1.0.1)
- Fixed handling of expired passwords. If the password for an
identity is found to have expired at the time a new credentials
acquisition is in progress, the user will be given an opportunity to
change the password. If this is successful, the new credentials
operation will continue with the new password.
- Prevent the new credentials dialog from switching to the Kerberos 5
credentials panel during a password change.
- Prompts that were cached indefinitely will now have a limited
lifetime. Prompt caches that were created using prior versions of
the plug-in will automatically expire.
- Multistrings in the resource files were converted to CSV to protect
them against a bug in Visual Studio 2005 which corrupted
multistrings.
- Added handling of and reporting WinSock errors that are returned
from the Kerberos 5 libraries.
- Fixed uninitialized variables.
- The username and realm that is entered when selecting an identity
will be trimmed of leading and trailing whitespace.
- Changed the facility name used for event reporting to match the
credentials type name.
ticket: 4312
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18621 dc483132-0cff-0310-8789-dd5450dbe970
36 files changed, 843 insertions, 161 deletions
diff --git a/src/windows/identity/Makefile b/src/windows/identity/Makefile index f96cb0a..1ed267d 100644 --- a/src/windows/identity/Makefile +++ b/src/windows/identity/Makefile @@ -160,7 +160,7 @@ krb5plugin: plugincommon $(ECHO) -- Done with $@
!ifndef NO_KRB4
-finale: krb4plugin
+doc: krb4plugin
krb4plugin: plugincommon
$(ECHO) -- Entering $@
@@ -181,7 +181,7 @@ afsplugin: plugincommon $(ECHO) -- Done with $@
!endif
-finale: krb5plugin
+finale: krb5plugin doc
$(ECHO) -- Done.
pdoc:
diff --git a/src/windows/identity/apiversion.txt b/src/windows/identity/apiversion.txt index 813dcd6..2a49540 100644 --- a/src/windows/identity/apiversion.txt +++ b/src/windows/identity/apiversion.txt @@ -1,4 +1,5 @@ -# Copyright (c) 2004 Massachusetts Institute of Technology
+# Copyright (c) 2004-2006 Massachusetts Institute of Technology
+# Copyright (c) 2006 Secure Endpoints Inc.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation files
@@ -180,3 +181,35 @@ Date=(TBD) +Schema:NetIDMgr\PluginManager\Modules\<module name>\Disabled
+Schema:NetIDMgr\PluginManager\Plugins\<plugin name>\Disabled
# If non-zero, the corresponding module or plug-in is disabled.
+
+!kcdb_identity_set_attrib(), kcdb_identity_get_attrib(), kcdb_identity_get_attrib_string()
+# Attribute name parameter is now a const pointer to a wchar_t string
+
+!kcdb_cred_create()
+# Name parameter is now a const pointer to a wchar_t string
+
+!kcdb_cred_set_attrib(), kcdb_cred_get_attrib()
+!kcdb_cred_get_attrib_string(), kcdb_creds_comp_attrib()
+# Attribute name parameter is now a const pointer to a wchar_t string
+
+!kcdb_type_get_id()
+# Name parameter is now a const pointer to a wchar_t string
+
+!kcdb_type_register()
+# type parameter is now a const pointer
+
+!kcdb_attrib_get_id()
+# Name parameter is now a const pointer
+
+!kcdb_attrib_register()
+# attrib parameter is now a const pointer
+
+!kcdb_credtype_register()
+# type parameter is now a const pointer
+
+!kcdb_credtype_get_id()
+# name parameter is now a const pointer
+
+!kcdb_buf_get_attrib(), kcdb_buf_get_attrib_string(), kcbd_buf_set_attrib()
+# attr_name is now a const pointer
+
diff --git a/src/windows/identity/config/Makefile.w2k b/src/windows/identity/config/Makefile.w2k index 4ea6b88..3aea0d2 100644 --- a/src/windows/identity/config/Makefile.w2k +++ b/src/windows/identity/config/Makefile.w2k @@ -4,6 +4,7 @@ # in the build tree.
#
# Copyright (c) 2004,2005 Massachusetts Institute of Technology
+# Copyright (c) 2006 Secure Endpoints Inc.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation files
@@ -46,7 +47,7 @@ KHIMAIRA_WIN32_CONFIG=1 # Version info
NETIDMGR_VERSION_MAJOR=1
NETIDMGR_VERSION_MINOR=1
-NETIDMGR_VERSION_PATCH=0
+NETIDMGR_VERSION_PATCH=1
NETIDMGR_VERSION_AUX=1
NETIDMGR_RELEASEDESC=
@@ -57,7 +58,7 @@ NETIDMGR_RELEASEDESC= #
# Changes to the API version numbers should be documented in
# apiversion.txt at the root of the source tree.
-NETIDMGR_VERSION_API=5
+NETIDMGR_VERSION_API=6
# Minimum backwards compatible version. API versions from
# NETIDMGR_VERSION_API_MINCOMPAT through NETIDMGR_VERSION_API
diff --git a/src/windows/identity/config/Makefile.w32 b/src/windows/identity/config/Makefile.w32 index 4ffba0c..7e5e43e 100644 --- a/src/windows/identity/config/Makefile.w32 +++ b/src/windows/identity/config/Makefile.w32 @@ -3,7 +3,8 @@ # This file will be included by all the makefiles
# in the build tree.
#
-# Copyright (c) 2004,2005 Massachusetts Institute of Technology
+# Copyright (c) 2004,2005,2006 Massachusetts Institute of Technology
+# Copyright (c) 2006 Secure Endpoints Inc.
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation files
@@ -57,7 +58,7 @@ NETIDMGR_RELEASEDESC= #
# Changes to the API version numbers should be documented in
# apiversion.txt at the root of the source tree.
-NETIDMGR_VERSION_API=5
+NETIDMGR_VERSION_API=6
# Minimum backwards compatible version. API versions from
# NETIDMGR_VERSION_API_MINCOMPAT through NETIDMGR_VERSION_API
diff --git a/src/windows/identity/kconfig/api.c b/src/windows/identity/kconfig/api.c index 4ee210d..190b59e 100644 --- a/src/windows/identity/kconfig/api.c +++ b/src/windows/identity/kconfig/api.c @@ -64,6 +64,9 @@ void exit_kconf(void) { khcint_free_space(conf_root);
+ LeaveCriticalSection(&cs_conf_global);
+ DeleteCriticalSection(&cs_conf_global);
+
EnterCriticalSection(&cs_conf_handle);
while(conf_free_handles) {
LPOP(&conf_free_handles, &h);
@@ -80,12 +83,10 @@ void exit_kconf(void) { }
LeaveCriticalSection(&cs_conf_handle);
DeleteCriticalSection(&cs_conf_handle);
-
- LeaveCriticalSection(&cs_conf_global);
- DeleteCriticalSection(&cs_conf_global);
}
}
+/* obtains cs_conf_handle/cs_conf_global */
kconf_handle *
khcint_handle_from_space(kconf_conf_space * s, khm_int32 flags)
{
@@ -110,7 +111,7 @@ khcint_handle_from_space(kconf_conf_space * s, khm_int32 flags) return h;
}
-/* must be called with cs_conf_global held */
+/* obtains cs_conf_handle/cs_conf_global */
void
khcint_handle_free(kconf_handle * h)
{
@@ -130,6 +131,10 @@ khcint_handle_free(kconf_handle * h) if(a == NULL) {
DebugBreak();
+
+ /* hmm. the handle was not in the in-use list */
+ LeaveCriticalSection(&cs_conf_handle);
+ return;
}
}
#endif
@@ -140,12 +145,14 @@ khcint_handle_free(kconf_handle * h) h->space = NULL;
}
lower = h->lower;
+ h->magic = 0;
LPUSH(&conf_free_handles, h);
h = lower;
}
LeaveCriticalSection(&cs_conf_handle);
}
+/* obains cs_conf_handle/cs_conf_global */
kconf_handle *
khcint_handle_dup(kconf_handle * o)
{
@@ -165,6 +172,7 @@ khcint_handle_dup(kconf_handle * o) return r;
}
+/* obtains cs_conf_global */
void
khcint_space_hold(kconf_conf_space * s) {
EnterCriticalSection(&cs_conf_global);
@@ -172,6 +180,7 @@ khcint_space_hold(kconf_conf_space * s) { LeaveCriticalSection(&cs_conf_global);
}
+/* obtains cs_conf_global */
void
khcint_space_release(kconf_conf_space * s) {
khm_int32 l;
@@ -535,7 +544,7 @@ khcint_RegCreateKeyEx(HKEY hKey, return rv;
}
-
+/* obtains cs_conf_global */
HKEY
khcint_space_open_key(kconf_conf_space * s, khm_int32 flags) {
HKEY hk = NULL;
@@ -605,6 +614,7 @@ khcint_space_open_key(kconf_conf_space * s, khm_int32 flags) { }
}
+/* obtains cs_conf_handle/cs_conf_global */
KHMEXP khm_int32 KHMAPI
khc_shadow_space(khm_handle upper, khm_handle lower)
{
@@ -613,18 +623,20 @@ khc_shadow_space(khm_handle upper, khm_handle lower) if(!khc_is_config_running())
return KHM_ERROR_NOT_READY;
- if(!khc_is_handle(upper))
+ if(!khc_is_handle(upper)) {
+#ifdef DEBUG
+ DebugBreak();
+#endif
return KHM_ERROR_INVALID_PARAM;
+ }
h = (kconf_handle *) upper;
EnterCriticalSection(&cs_conf_handle);
if(h->lower) {
- LeaveCriticalSection(&cs_conf_handle);
EnterCriticalSection(&cs_conf_global);
khcint_handle_free(h->lower);
LeaveCriticalSection(&cs_conf_global);
- EnterCriticalSection(&cs_conf_handle);
h->lower = NULL;
}
@@ -633,9 +645,7 @@ khc_shadow_space(khm_handle upper, khm_handle lower) kconf_handle * lc;
l = (kconf_handle *) lower;
- LeaveCriticalSection(&cs_conf_handle);
lc = khcint_handle_dup(l);
- EnterCriticalSection(&cs_conf_handle);
h->lower = lc;
}
LeaveCriticalSection(&cs_conf_handle);
@@ -643,6 +653,7 @@ khc_shadow_space(khm_handle upper, khm_handle lower) return KHM_ERROR_SUCCESS;
}
+/* no locks */
kconf_conf_space *
khcint_create_empty_space(void) {
kconf_conf_space * r;
@@ -654,6 +665,7 @@ khcint_create_empty_space(void) { return r;
}
+/* called with cs_conf_global */
void
khcint_free_space(kconf_conf_space * r) {
kconf_conf_space * c;
@@ -682,6 +694,7 @@ khcint_free_space(kconf_conf_space * r) { PFREE(r);
}
+/* obtains cs_conf_global */
khm_int32
khcint_open_space(kconf_conf_space * parent,
const wchar_t * sname, size_t n_sname,
@@ -795,6 +808,7 @@ khcint_open_space(kconf_conf_space * parent, return KHM_ERROR_SUCCESS;
}
+/* obtains cs_conf_handle/cs_conf_global */
KHMEXP khm_int32 KHMAPI
khc_open_space(khm_handle parent, const wchar_t * cspace, khm_int32 flags,
khm_handle * result) {
@@ -809,8 +823,12 @@ khc_open_space(khm_handle parent, const wchar_t * cspace, khm_int32 flags, return KHM_ERROR_NOT_READY;
}
- if(!result || (parent && !khc_is_handle(parent)))
+ if(!result || (parent && !khc_is_handle(parent))) {
+#ifdef DEBUG
+ DebugBreak();
+#endif
return KHM_ERROR_INVALID_PARAM;
+ }
if(!parent)
p = conf_root;
@@ -891,18 +909,24 @@ khc_open_space(khm_handle parent, const wchar_t * cspace, khm_int32 flags, return rv;
}
+/* obtains cs_conf_handle/cs_conf_global */
KHMEXP khm_int32 KHMAPI
khc_close_space(khm_handle csp) {
if(!khc_is_config_running())
return KHM_ERROR_NOT_READY;
- if(!khc_is_handle(csp))
+ if(!khc_is_handle(csp)) {
+#ifdef DEBUG
+ DebugBreak();
+#endif
return KHM_ERROR_INVALID_PARAM;
+ }
khcint_handle_free((kconf_handle *) csp);
return KHM_ERROR_SUCCESS;
}
+/* obtains cs_conf_handle/cs_conf_global */
KHMEXP khm_int32 KHMAPI
khc_read_string(khm_handle pconf,
const wchar_t * pvalue,
@@ -1066,6 +1090,7 @@ _exit: return rv;
}
+/* obtains cs_conf_handle/cs_conf_global */
KHMEXP khm_int32 KHMAPI
khc_read_int32(khm_handle pconf, const wchar_t * pvalue, khm_int32 * buf) {
kconf_conf_space * c;
@@ -1188,6 +1213,7 @@ _exit: return rv;
}
+/* obtains cs_conf_handle/cs_conf_global */
KHMEXP khm_int32 KHMAPI
khc_read_int64(khm_handle pconf, const wchar_t * pvalue, khm_int64 * buf) {
kconf_conf_space * c;
@@ -1307,6 +1333,7 @@ _exit: return rv;
}
+/* obtaincs cs_conf_handle/cs_conf_global */
KHMEXP khm_int32 KHMAPI
khc_read_binary(khm_handle pconf, const wchar_t * pvalue,
void * buf, khm_size * bufsize) {
@@ -1431,6 +1458,7 @@ _exit: return rv;
}
+/* obtains cs_conf_handle/cs_conf_global */
KHMEXP khm_int32 KHMAPI
khc_write_string(khm_handle pconf,
const wchar_t * pvalue,
@@ -1536,6 +1564,7 @@ _exit: return rv;
}
+/* obtaincs cs_conf_handle/cs_conf_global */
KHMEXP khm_int32 KHMAPI
khc_write_int32(khm_handle pconf,
const wchar_t * pvalue,
@@ -1614,6 +1643,7 @@ khc_write_int32(khm_handle pconf, return rv;
}
+/* obtains cs_conf_handle/cs_conf_global */
KHMEXP khm_int32 KHMAPI
khc_write_int64(khm_handle pconf, const wchar_t * pvalue, khm_int64 buf) {
HKEY pk = NULL;
@@ -1689,6 +1719,7 @@ khc_write_int64(khm_handle pconf, const wchar_t * pvalue, khm_int64 buf) { return rv;
}
+/* obtains cs_conf_handle/cs_conf_global */
KHMEXP khm_int32 KHMAPI
khc_write_binary(khm_handle pconf,
const wchar_t * pvalue,
@@ -1757,6 +1788,7 @@ khc_write_binary(khm_handle pconf, return rv;
}
+/* no locks */
KHMEXP khm_int32 KHMAPI
khc_get_config_space_name(khm_handle conf,
wchar_t * buf, khm_size * bufsize) {
@@ -1798,6 +1830,7 @@ khc_get_config_space_name(khm_handle conf, return rv;
}
+/* obtains cs_conf_handle/cs_conf_global */
KHMEXP khm_int32 KHMAPI
khc_get_config_space_parent(khm_handle conf, khm_handle * parent) {
kconf_conf_space * c;
@@ -1818,6 +1851,7 @@ khc_get_config_space_parent(khm_handle conf, khm_handle * parent) { return KHM_ERROR_SUCCESS;
}
+/* obtains cs_conf_global */
KHMEXP khm_int32 KHMAPI
khc_get_type(khm_handle conf, const wchar_t * value) {
HKEY hkm = NULL;
@@ -1833,7 +1867,7 @@ khc_get_type(khm_handle conf, const wchar_t * value) { if(!khc_is_handle(conf))
return KC_NONE;
- c = (kconf_conf_space *) conf;
+ c = khc_space_from_handle(conf);
if(!khc_is_machine_handle(conf))
hku = khcint_space_open_key(c, KHM_PERM_READ);
@@ -1876,6 +1910,7 @@ khc_get_type(khm_handle conf, const wchar_t * value) { return rv;
}
+/* obtains cs_conf_global */
KHMEXP khm_int32 KHMAPI
khc_value_exists(khm_handle conf, const wchar_t * value) {
HKEY hku = NULL;
@@ -1915,6 +1950,7 @@ khc_value_exists(khm_handle conf, const wchar_t * value) { return rv;
}
+/* obtains cs_conf_global */
KHMEXP khm_int32 KHMAPI
khc_remove_value(khm_handle conf, const wchar_t * value, khm_int32 flags) {
HKEY hku = NULL;
@@ -2036,6 +2072,7 @@ khcint_remove_space(kconf_conf_space * c, khm_int32 flags) { return KHM_ERROR_SUCCESS;
}
+/* obtains cs_conf_global */
KHMEXP khm_int32 KHMAPI
khc_remove_space(khm_handle conf) {
@@ -2078,6 +2115,7 @@ khc_remove_space(khm_handle conf) { return rv;
}
+/* no locks */
khm_boolean
khcint_is_valid_name(wchar_t * name)
{
@@ -2087,6 +2125,7 @@ khcint_is_valid_name(wchar_t * name) return TRUE;
}
+/* no locks */
khm_int32
khcint_validate_schema(const kconf_schema * schema,
int begin,
@@ -2149,6 +2188,7 @@ khcint_validate_schema(const kconf_schema * schema, return KHM_ERROR_SUCCESS;
}
+/* obtains cs_conf_handle/cs_conf_global; called with cs_conf_global */
khm_int32
khcint_load_schema_i(khm_handle parent, const kconf_schema * schema,
int begin, int * end)
@@ -2163,11 +2203,16 @@ khcint_load_schema_i(khm_handle parent, const kconf_schema * schema, while(!end_found) {
switch(state) {
case 0: /* initial. this record should start a config space */
+ LeaveCriticalSection(&cs_conf_global);
if(KHM_FAILED(khc_open_space(parent, schema[i].name,
- KHM_FLAG_CREATE, &h)))
+ KHM_FLAG_CREATE, &h))) {
+ EnterCriticalSection(&cs_conf_global);
return KHM_ERROR_INVALID_PARAM;
+ }
+ EnterCriticalSection(&cs_conf_global);
thisconf = khc_space_from_handle(h);
thisconf->schema = schema + (begin + 1);
+ thisconf->nSchema = 0;
state = 1;
break;
@@ -2182,7 +2227,9 @@ khcint_load_schema_i(khm_handle parent, const kconf_schema * schema, end_found = 1;
if(end)
*end = i;
+ LeaveCriticalSection(&cs_conf_global);
khc_close_space(h);
+ EnterCriticalSection(&cs_conf_global);
}
break;
@@ -2194,7 +2241,9 @@ khcint_load_schema_i(khm_handle parent, const kconf_schema * schema, end_found = 1;
if(end)
*end = i;
+ LeaveCriticalSection(&cs_conf_global);
khc_close_space(h);
+ EnterCriticalSection(&cs_conf_global);
} else {
return KHM_ERROR_INVALID_PARAM;
}
@@ -2210,6 +2259,7 @@ khcint_load_schema_i(khm_handle parent, const kconf_schema * schema, return KHM_ERROR_SUCCESS;
}
+/* obtains cs_conf_handle/cs_conf_global */
KHMEXP khm_int32 KHMAPI
khc_load_schema(khm_handle conf, const kconf_schema * schema)
{
@@ -2231,6 +2281,7 @@ khc_load_schema(khm_handle conf, const kconf_schema * schema) return rv;
}
+/* obtains cs_conf_handle/cs_conf_global; called with cs_conf_global */
khm_int32
khcint_unload_schema_i(khm_handle parent, const kconf_schema * schema,
int begin, int * end)
@@ -2245,8 +2296,12 @@ khcint_unload_schema_i(khm_handle parent, const kconf_schema * schema, while(!end_found) {
switch(state) {
case 0: /* initial. this record should start a config space */
- if(KHM_FAILED(khc_open_space(parent, schema[i].name, 0, &h)))
+ LeaveCriticalSection(&cs_conf_global);
+ if(KHM_FAILED(khc_open_space(parent, schema[i].name, 0, &h))) {
+ EnterCriticalSection(&cs_conf_global);
return KHM_ERROR_INVALID_PARAM;
+ }
+ EnterCriticalSection(&cs_conf_global);
thisconf = khc_space_from_handle(h);
if(thisconf->schema == (schema + (begin + 1))) {
thisconf->schema = NULL;
@@ -2264,7 +2319,9 @@ khcint_unload_schema_i(khm_handle parent, const kconf_schema * schema, end_found = 1;
if(end)
*end = i;
+ LeaveCriticalSection(&cs_conf_global);
khc_close_space(h);
+ EnterCriticalSection(&cs_conf_global);
}
break;
@@ -2276,7 +2333,9 @@ khcint_unload_schema_i(khm_handle parent, const kconf_schema * schema, end_found = 1;
if(end)
*end = i;
+ LeaveCriticalSection(&cs_conf_global);
khc_close_space(h);
+ EnterCriticalSection(&cs_conf_global);
} else {
return KHM_ERROR_INVALID_PARAM;
}
@@ -2292,6 +2351,7 @@ khcint_unload_schema_i(khm_handle parent, const kconf_schema * schema, return KHM_ERROR_SUCCESS;
}
+/* obtains cs_conf_handle/cs_conf_global */
KHMEXP khm_int32 KHMAPI
khc_unload_schema(khm_handle conf, const kconf_schema * schema)
{
@@ -2313,6 +2373,7 @@ khc_unload_schema(khm_handle conf, const kconf_schema * schema) return rv;
}
+/* obtaincs cs_conf_handle/cs_conf_global */
KHMEXP khm_int32 KHMAPI
khc_enum_subspaces(khm_handle conf,
khm_handle prev,
@@ -2420,6 +2481,7 @@ khc_enum_subspaces(khm_handle conf, return rv;
}
+/* obtains cs_conf_handle/cs_conf_global */
KHMEXP khm_int32 KHMAPI
khc_write_multi_string(khm_handle conf, const wchar_t * value, wchar_t * buf)
{
@@ -2451,6 +2513,7 @@ khc_write_multi_string(khm_handle conf, const wchar_t * value, wchar_t * buf) return rv;
}
+/* obtains cs_conf_handle/cs_conf_global */
KHMEXP khm_int32 KHMAPI
khc_read_multi_string(khm_handle conf, const wchar_t * value,
wchar_t * buf, khm_size * bufsize)
diff --git a/src/windows/identity/kcreddb/attrib.c b/src/windows/identity/kcreddb/attrib.c index 4e9d7bf..9c892da 100644 --- a/src/windows/identity/kcreddb/attrib.c +++ b/src/windows/identity/kcreddb/attrib.c @@ -500,7 +500,7 @@ kcdb_attrib_exit(void) }
KHMEXP khm_int32 KHMAPI
-kcdb_attrib_get_id(wchar_t *name, khm_int32 * id)
+kcdb_attrib_get_id(const wchar_t *name, khm_int32 * id)
{
kcdb_attrib_i * ai;
@@ -521,7 +521,7 @@ kcdb_attrib_get_id(wchar_t *name, khm_int32 * id) }
KHMEXP khm_int32 KHMAPI
-kcdb_attrib_register(kcdb_attrib * attrib, khm_int32 * new_id)
+kcdb_attrib_register(const kcdb_attrib * attrib, khm_int32 * new_id)
{
kcdb_attrib_i * ai;
size_t cb_name;
diff --git a/src/windows/identity/kcreddb/buf.c b/src/windows/identity/kcreddb/buf.c index 07a65a1..6272924 100644 --- a/src/windows/identity/kcreddb/buf.c +++ b/src/windows/identity/kcreddb/buf.c @@ -298,7 +298,7 @@ KHMEXP khm_int32 KHMAPI kcdb_buf_get_attr( KHMEXP khm_int32 KHMAPI kcdb_buf_get_attrib(
khm_handle record,
- wchar_t * attr_name,
+ const wchar_t * attr_name,
khm_int32 * attr_type,
void * buffer,
khm_size * pcb_buf)
@@ -328,7 +328,7 @@ KHMEXP khm_int32 KHMAPI kcdb_buf_get_attr_string( KHMEXP khm_int32 KHMAPI kcdb_buf_get_attrib_string(
khm_handle record,
- wchar_t * attr_name,
+ const wchar_t * attr_name,
wchar_t * buffer,
khm_size * pcbbuf,
khm_int32 flags)
@@ -357,7 +357,7 @@ KHMEXP khm_int32 KHMAPI kcdb_buf_set_attr( KHMEXP khm_int32 KHMAPI kcdb_buf_set_attrib(
khm_handle record,
- wchar_t * attr_name,
+ const wchar_t * attr_name,
void * buffer,
khm_size cbbuf)
{
diff --git a/src/windows/identity/kcreddb/credential.c b/src/windows/identity/kcreddb/credential.c index 98854da..12b8c5f 100644 --- a/src/windows/identity/kcreddb/credential.c +++ b/src/windows/identity/kcreddb/credential.c @@ -60,7 +60,7 @@ void kcdb_cred_exit(void) places with a read lock on l_creds. New credentials must be creatable while
holding either lock. */
KHMEXP khm_int32 KHMAPI
-kcdb_cred_create(wchar_t * name,
+kcdb_cred_create(const wchar_t * name,
khm_handle identity,
khm_int32 cred_type,
khm_handle * result)
@@ -318,7 +318,7 @@ KHMEXP khm_int32 KHMAPI kcdb_cred_get_type( KHMEXP khm_int32 KHMAPI kcdb_cred_set_attrib(
khm_handle cred,
- wchar_t * name,
+ const wchar_t * name,
void * buffer,
khm_size cbbuf)
{
@@ -421,7 +421,7 @@ _exit: KHMEXP khm_int32 KHMAPI kcdb_cred_get_attrib(
khm_handle cred,
- wchar_t * name,
+ const wchar_t * name,
khm_int32 * attr_type,
void * buffer,
khm_size * cbbuf)
@@ -441,7 +441,7 @@ KHMEXP khm_int32 KHMAPI kcdb_cred_get_attrib( KHMEXP khm_int32 KHMAPI kcdb_cred_get_attrib_string(
khm_handle cred,
- wchar_t * name,
+ const wchar_t * name,
wchar_t * buffer,
khm_size * cbbuf,
khm_int32 flags)
@@ -812,7 +812,7 @@ _exit: KHMEXP khm_int32 KHMAPI
kcdb_creds_comp_attrib(khm_handle cred1,
khm_handle cred2,
- wchar_t * name)
+ const wchar_t * name)
{
khm_int32 attr_id;
diff --git a/src/windows/identity/kcreddb/credtype.c b/src/windows/identity/kcreddb/credtype.c index 89e0175..89bd26b 100644 --- a/src/windows/identity/kcreddb/credtype.c +++ b/src/windows/identity/kcreddb/credtype.c @@ -73,7 +73,7 @@ void kcdb_credtype_check_and_delete(khm_int32 id) }
KHMEXP khm_int32 KHMAPI
-kcdb_credtype_register(kcdb_credtype * type, khm_int32 * new_id)
+kcdb_credtype_register(const kcdb_credtype * type, khm_int32 * new_id)
{
khm_int32 id;
kcdb_credtype_i * ict;
@@ -330,7 +330,7 @@ KHMEXP khm_int32 KHMAPI kcdb_credtype_get_name( }
KHMEXP khm_int32 KHMAPI kcdb_credtype_get_id(
- wchar_t * name,
+ const wchar_t * name,
khm_int32 * id)
{
int i;
diff --git a/src/windows/identity/kcreddb/identity.c b/src/windows/identity/kcreddb/identity.c index 07ceb58..15c3613 100644 --- a/src/windows/identity/kcreddb/identity.c +++ b/src/windows/identity/kcreddb/identity.c @@ -570,8 +570,8 @@ kcdbint_ident_set_default(khm_handle vid, LeaveCriticalSection(&cs_ident);
- if (invoke_identpro)
- kcdbint_ident_post_message(KCDB_OP_NEW_DEFAULT, new_def);
+ /* if (invoke_identpro) */
+ kcdbint_ident_post_message(KCDB_OP_NEW_DEFAULT, new_def);
} else {
LeaveCriticalSection(&cs_ident);
}
@@ -929,7 +929,7 @@ _exit: KHMEXP khm_int32 KHMAPI
kcdb_identity_set_attrib(khm_handle vid,
- wchar_t * attr_name,
+ const wchar_t * attr_name,
void * buffer,
khm_size cbbuf)
{
@@ -1025,7 +1025,7 @@ _exit: KHMEXP khm_int32 KHMAPI
kcdb_identity_get_attrib(khm_handle vid,
- wchar_t * attr_name,
+ const wchar_t * attr_name,
khm_int32 * attr_type,
void * buffer,
khm_size * pcbbuf)
@@ -1121,9 +1121,8 @@ _exit: }
KHMEXP khm_int32 KHMAPI
-kcdb_identity_get_attrib_string(
- khm_handle vid,
- wchar_t * attr_name,
+kcdb_identity_get_attrib_string(khm_handle vid,
+ const wchar_t * attr_name,
wchar_t * buffer,
khm_size * pcbbuf,
khm_int32 flags)
diff --git a/src/windows/identity/kcreddb/kcreddb.h b/src/windows/identity/kcreddb/kcreddb.h index 33c5d16..1b5d9b6 100644 --- a/src/windows/identity/kcreddb/kcreddb.h +++ b/src/windows/identity/kcreddb/kcreddb.h @@ -504,9 +504,7 @@ kcdb_identity_set_default(khm_handle id); to notify the KCDB that the specified identity is the default.
This does not result in the invocation of any other semantics to
make the identity the default other than releasing the previous
- defualt identity and making the specified one the default. As
- an additional side effect, the notification <::KMSG_KCDB,
- ::KMSG_KCDB_IDENT, ::KCDB_OP_NEW_DEFAULT> will also not be sent.
+ defualt identity and making the specified one the default.
*/
KHMEXP khm_int32 KHMAPI
kcdb_identity_set_default_int(khm_handle id);
@@ -640,7 +638,7 @@ kcdb_identity_set_attr(khm_handle identity, */
KHMEXP khm_int32 KHMAPI
kcdb_identity_set_attrib(khm_handle identity,
- wchar_t * attr_name,
+ const wchar_t * attr_name,
void * buffer,
khm_size cbbuf);
@@ -686,7 +684,7 @@ kcdb_identity_get_attr(khm_handle identity, */
KHMEXP khm_int32 KHMAPI
kcdb_identity_get_attrib(khm_handle identity,
- wchar_t * attr_name,
+ const wchar_t * attr_name,
khm_int32 * attr_type,
void * buffer,
khm_size * pcbbuf);
@@ -751,7 +749,7 @@ kcdb_identity_get_attr_string(khm_handle identity, */
KHMEXP khm_int32 KHMAPI
kcdb_identity_get_attrib_string(khm_handle identity,
- wchar_t * attr_name,
+ const wchar_t * attr_name,
wchar_t * buffer,
khm_size * pcbbuf,
khm_int32 flags);
@@ -1611,7 +1609,7 @@ typedef struct tag_kcdb_cred_request { \see kcdb_cred_release()
*/
KHMEXP khm_int32 KHMAPI
-kcdb_cred_create(wchar_t * name,
+kcdb_cred_create(const wchar_t * name,
khm_handle identity,
khm_int32 cred_type,
khm_handle * result);
@@ -1641,13 +1639,18 @@ kcdb_cred_update(khm_handle vdest, /*! \brief Set an attribute in a credential by name
+
+
\param[in] cbbuf Number of bytes of data in \a buffer. The
individual data type handlers may copy in less than this many
- bytes in to the credential.
+ bytes in to the credential. For some data types where the
+ size of the buffer is fixed or can be determined from its
+ contents, you can specify ::KCDB_CBSIZE_AUTO for this
+ parameter.
*/
KHMEXP khm_int32 KHMAPI
kcdb_cred_set_attrib(khm_handle cred,
- wchar_t * name,
+ const wchar_t * name,
void * buffer,
khm_size cbbuf);
@@ -1686,7 +1689,7 @@ kcdb_cred_set_attr(khm_handle cred, */
KHMEXP khm_int32 KHMAPI
kcdb_cred_get_attrib(khm_handle cred,
- wchar_t * name,
+ const wchar_t * name,
khm_int32 * attr_type,
void * buffer,
khm_size * cbbuf);
@@ -1791,7 +1794,7 @@ kcdb_cred_get_attr_string(khm_handle vcred, */
KHMEXP khm_int32 KHMAPI
kcdb_cred_get_attrib_string(khm_handle cred,
- wchar_t * name,
+ const wchar_t * name,
wchar_t * buffer,
khm_size * cbbuf,
khm_int32 flags) ;
@@ -1904,7 +1907,7 @@ kcdb_cred_delete(khm_handle cred); KHMEXP khm_int32 KHMAPI
kcdb_creds_comp_attrib(khm_handle cred1,
khm_handle cred2,
- wchar_t * name);
+ const wchar_t * name);
/*! \brief Compare an attribute of two credentials by attribute id.
@@ -2219,7 +2222,7 @@ typedef struct tag_kcdb_type { /*@}*/
KHMEXP khm_int32 KHMAPI
-kcdb_type_get_id(wchar_t *name, khm_int32 * id);
+kcdb_type_get_id(const wchar_t *name, khm_int32 * id);
/*! \brief Return the type descriptor for a given type id
@@ -2262,7 +2265,7 @@ kcdb_type_get_name(khm_int32 id, \param[out] new_id Receives the identifier for the credential attribute type.
*/
KHMEXP khm_int32 KHMAPI
-kcdb_type_register(kcdb_type * type,
+kcdb_type_register(const kcdb_type * type,
khm_int32 * new_id);
/*! \brief Unregister a credential attribute type
@@ -2422,12 +2425,48 @@ UnicodeStrToAnsi( char * dest, size_t cbdest, const wchar_t * src); */
#define KCDB_TYPE_ALL KCDB_TYPE_INVALID
+/*! \brief Void
+
+ No data. This is not an actual data type.
+ */
#define KCDB_TYPE_VOID 0
+
+/*! \brief String
+
+ NULL terminated Unicode string. The byte count for a string
+ attribute always includes the terminating NULL.
+ */
#define KCDB_TYPE_STRING 1
+
+/*! \brief Data
+
+ A date/time represented in FILETIME format.
+ */
#define KCDB_TYPE_DATE 2
+
+/*! \brief Interval
+
+ An interval of time represented as the difference between two
+ FILETIME values.
+ */
#define KCDB_TYPE_INTERVAL 3
+
+/*! \brief 32-bit integer
+
+ A 32-bit signed integer.
+ */
#define KCDB_TYPE_INT32 4
+
+/*! \brief 64-bit integer
+
+ A 64-bit integer.
+ */
#define KCDB_TYPE_INT64 5
+
+/*! \brief Raw data
+
+ A raw data buffer.
+ */
#define KCDB_TYPE_DATA 6
#define KCDB_TYPENAME_VOID L"Void"
@@ -2509,7 +2548,7 @@ typedef struct tag_kcdb_attrib { /*! \brief Retrieve the ID of a named attribute */
KHMEXP khm_int32 KHMAPI
-kcdb_attrib_get_id(wchar_t *name,
+kcdb_attrib_get_id(const wchar_t *name,
khm_int32 * id);
/*! \brief Register an attribute
@@ -2518,7 +2557,7 @@ kcdb_attrib_get_id(wchar_t *name, attribute. If the \a id member of the ::kcdb_attrib object is
set to KCDB_ATTR_INVALID, then a unique ID is generated. */
KHMEXP khm_int32 KHMAPI
-kcdb_attrib_register(kcdb_attrib * attrib,
+kcdb_attrib_register(const kcdb_attrib * attrib,
khm_int32 * new_id);
/*! \brief Retrieve the attribute descriptor for an attribute
@@ -2974,7 +3013,7 @@ typedef struct tag_kcdb_credtype { specified is already in use.
*/
KHMEXP khm_int32 KHMAPI
-kcdb_credtype_register(kcdb_credtype * type,
+kcdb_credtype_register(const kcdb_credtype * type,
khm_int32 * new_id);
/*! \brief Return a held reference to a \a kcdb_credtype object describing the credential type.
@@ -3093,7 +3132,7 @@ kcdb_credtype_describe(khm_int32 id, */
KHMEXP khm_int32 KHMAPI
-kcdb_credtype_get_id(wchar_t * name,
+kcdb_credtype_get_id(const wchar_t * name,
khm_int32 * id);
/*@}*/
@@ -3155,7 +3194,7 @@ kcdb_buf_get_attr(khm_handle record, */
KHMEXP khm_int32 KHMAPI
kcdb_buf_get_attrib(khm_handle record,
- wchar_t * attr_name,
+ const wchar_t * attr_name,
khm_int32 * attr_type,
void * buffer,
khm_size * pcb_buf);
@@ -3220,7 +3259,7 @@ kcdb_buf_get_attr_string(khm_handle record, */
KHMEXP khm_int32 KHMAPI
kcdb_buf_get_attrib_string(khm_handle record,
- wchar_t * attr_name,
+ const wchar_t * attr_name,
wchar_t * buffer,
khm_size * pcbbuf,
khm_int32 flags);
@@ -3245,7 +3284,7 @@ kcdb_buf_set_attr(khm_handle record, */
KHMEXP khm_int32 KHMAPI
kcdb_buf_set_attrib(khm_handle record,
- wchar_t * attr_name,
+ const wchar_t * attr_name,
void * buffer,
khm_size cbbuf);
diff --git a/src/windows/identity/kcreddb/type.c b/src/windows/identity/kcreddb/type.c index c1215f5..48630b5 100644 --- a/src/windows/identity/kcreddb/type.c +++ b/src/windows/identity/kcreddb/type.c @@ -679,8 +679,11 @@ khm_boolean KHMAPI kcdb_type_data_isValid( const void * d,
khm_size cbd)
{
- /* data is always valid, even if d is NULL */
- return TRUE;
+ /* data is always valid */
+ if (cbd != 0 && d == NULL)
+ return FALSE;
+ else
+ return TRUE;
}
khm_int32 KHMAPI kcdb_type_data_comp(
@@ -689,8 +692,21 @@ khm_int32 KHMAPI kcdb_type_data_comp( const void * d2,
khm_size cbd2)
{
- /* datas can not be compared */
- return 0;
+ khm_size pref;
+ khm_int32 rv = 0;
+
+ pref = min(cbd1, cbd2);
+
+ if (pref == 0)
+ return (cbd1 < cbd2)? -1 : ((cbd1 > cbd2)? 1 : 0);
+
+ rv = memcmp(d1, d2, pref);
+
+ if (rv == 0) {
+ return (cbd1 < cbd2)? -1 : ((cbd1 > cbd2)? 1 : 0);
+ } else {
+ return rv;
+ }
}
khm_int32 KHMAPI kcdb_type_data_dup(
@@ -699,14 +715,14 @@ khm_int32 KHMAPI kcdb_type_data_dup( void * d_dst,
khm_size * cbd_dst)
{
- if(!cbd_dst)
+ if(!cbd_dst || cbd_src == KCDB_CBSIZE_AUTO)
return KHM_ERROR_INVALID_PARAM;
- *cbd_dst = cbd_src;
-
if(!d_dst || *cbd_dst < cbd_src) {
+ *cbd_dst = cbd_src;
return KHM_ERROR_TOO_LONG;
} else {
+ *cbd_dst = cbd_src;
memcpy(d_dst, d_src, cbd_src);
return KHM_ERROR_SUCCESS;
}
@@ -889,7 +905,7 @@ void kcdb_type_check_and_delete(khm_int32 id) LeaveCriticalSection(&cs_type);
}
-KHMEXP khm_int32 KHMAPI kcdb_type_get_id(wchar_t *name, khm_int32 * id)
+KHMEXP khm_int32 KHMAPI kcdb_type_get_id(const wchar_t *name, khm_int32 * id)
{
kcdb_type_i * t;
size_t cbsize;
@@ -968,7 +984,7 @@ KHMEXP khm_int32 KHMAPI kcdb_type_get_name(khm_int32 id, wchar_t * buffer, khm_s return KHM_ERROR_SUCCESS;
}
-KHMEXP khm_int32 KHMAPI kcdb_type_register(kcdb_type * type, khm_int32 * new_id)
+KHMEXP khm_int32 KHMAPI kcdb_type_register(const kcdb_type * type, khm_int32 * new_id)
{
kcdb_type_i *t;
size_t cbsize;
diff --git a/src/windows/identity/plugins/krb4/krb4configdlg.c b/src/windows/identity/plugins/krb4/krb4configdlg.c index 3186633..6c2b02d 100644 --- a/src/windows/identity/plugins/krb4/krb4configdlg.c +++ b/src/windows/identity/plugins/krb4/krb4configdlg.c @@ -280,7 +280,7 @@ krb4_id_config_proc(HWND hwnd, khc_close_space(csp_ident);
if (csp_idk4)
- khc_close_space(csp_ident);
+ khc_close_space(csp_idk4);
khui_cfg_set_flags_inst(d,
((applied)? KHUI_CNFLAG_APPLIED: 0),
diff --git a/src/windows/identity/plugins/krb4/krbcred.h b/src/windows/identity/plugins/krb4/krbcred.h index f31c4a4..7c3b31a 100644 --- a/src/windows/identity/plugins/krb4/krbcred.h +++ b/src/windows/identity/plugins/krb4/krbcred.h @@ -29,7 +29,7 @@ #include<windows.h>
-#define KHERR_FACILITY L"Kerberos4"
+#define KHERR_FACILITY L"Krb4Cred"
#define KHERR_FACILITY_ID 65
#define KHERR_HMODULE hResModule
diff --git a/src/windows/identity/plugins/krb5/errorfuncs.c b/src/windows/identity/plugins/krb5/errorfuncs.c index d2fabba..f631b3c 100644 --- a/src/windows/identity/plugins/krb5/errorfuncs.c +++ b/src/windows/identity/plugins/krb5/errorfuncs.c @@ -77,12 +77,20 @@ void khm_err_describe(long code, wchar_t * buf, khm_size cbbuf, *suggestion = 0;
*suggest_code = KHERR_SUGGEST_NONE;
+ if (WSABASEERR <= code && code < (WSABASEERR + 1064)) {
+ /* winsock error */
+ table_num = WSABASEERR;
+ offset = code - WSABASEERR;
+ }
+
switch(table_num)
{
case krb_err_base:
case kadm_err_base:
+ case WSABASEERR:
break;
default:
+
if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
*suggestion = MSG_ERR_S_INTEGRITY;
}
@@ -91,9 +99,8 @@ void khm_err_describe(long code, wchar_t * buf, khm_size cbbuf, return;
}
- if (table_num == krb_err_base)
- switch(offset)
- {
+ if (table_num == krb_err_base) {
+ switch(offset) {
case KDC_NAME_EXP: /* 001 Principal expired */
case KDC_SERVICE_EXP: /* 002 Service expired */
case KDC_AUTH_EXP: /* 003 Auth expired */
@@ -170,9 +177,8 @@ void khm_err_describe(long code, wchar_t * buf, khm_size cbbuf, /* no extra error msg */
break;
}
- else
- switch(code)
- {
+ } else if (table_num == kadm_err_base) {
+ switch(code) {
case KADM_INSECURE_PW:
/* if( kadm_info != NULL ){
* wsprintf(buf, "%s\n%s", com_err_msg, kadm_info);
@@ -198,6 +204,34 @@ void khm_err_describe(long code, wchar_t * buf, khm_size cbbuf, /* no extra error msg */
break;
}
+ } else if (table_num == WSABASEERR) {
+ switch(code) {
+ case WSAENETDOWN:
+ msg_id = MSG_ERR_NETDOWN;
+ sugg_id = MSG_ERR_S_NETRETRY;
+ sugg_code = KHERR_SUGGEST_RETRY;
+ break;
+
+ case WSATRY_AGAIN:
+ msg_id = MSG_ERR_TEMPDOWN;
+ sugg_id = MSG_ERR_S_TEMPDOWN;
+ sugg_code = KHERR_SUGGEST_RETRY;
+ break;
+
+ case WSAENETUNREACH:
+ case WSAENETRESET:
+ case WSAECONNABORTED:
+ case WSAECONNRESET:
+ case WSAETIMEDOUT:
+ case WSAECONNREFUSED:
+ case WSAEHOSTDOWN:
+ case WSAEHOSTUNREACH:
+ msg_id = MSG_ERR_NOHOST;
+ sugg_id = MSG_ERR_S_NOHOST;
+ sugg_code = KHERR_SUGGEST_RETRY;
+ break;
+ }
+ }
if (msg_id != 0) {
FormatMessage(FORMAT_MESSAGE_FROM_HMODULE |
diff --git a/src/windows/identity/plugins/krb5/krb5funcs.c b/src/windows/identity/plugins/krb5/krb5funcs.c index 3162631..7db0952 100644 --- a/src/windows/identity/plugins/krb5/krb5funcs.c +++ b/src/windows/identity/plugins/krb5/krb5funcs.c @@ -2056,7 +2056,7 @@ khm_krb5_changepwd(char * principal, char** error_str)
{
krb5_error_code rc = 0;
- int result_code;
+ int result_code = 0;
krb5_data result_code_string, result_string;
krb5_context context = 0;
krb5_principal princ = 0;
diff --git a/src/windows/identity/plugins/krb5/krb5identpro.c b/src/windows/identity/plugins/krb5/krb5identpro.c index b263e6b..11a7410 100644 --- a/src/windows/identity/plugins/krb5/krb5identpro.c +++ b/src/windows/identity/plugins/krb5/krb5identpro.c @@ -49,15 +49,52 @@ typedef struct tag_k5_new_cred_data { HWND hw_realm;
} k5_new_cred_data;
+static
+void
+trim_str(wchar_t * s, khm_size cch) {
+ wchar_t * c, * last_ws;
+
+ for (c = s; *c && iswspace(*c) && ((khm_size)(c - s)) < cch; c++);
+
+ if (((khm_size)(c - s)) >= cch)
+ return;
+
+ if (c != s && ((khm_size)(c - s)) < cch) {
+#if _MSC_VER >= 1400
+ wmemmove_s(s, cch, c, cch - ((khm_size)(c - s)));
+#else
+ memmove(s, c, (cch - ((khm_size)(c - s))) * sizeof(wchar_t));
+#endif
+ }
+
+ last_ws = NULL;
+ for (c = s; *c && ((khm_size)(c - s)) < cch; c++) {
+ if (!iswspace(*c))
+ last_ws = NULL;
+ else if (last_ws == NULL)
+ last_ws = c;
+ }
+
+ if (last_ws)
+ *last_ws = L'\0';
+}
+
/* Runs in the UI thread */
int
k5_get_realm_from_nc(khui_new_creds * nc,
wchar_t * buf,
khm_size cch_buf) {
k5_new_cred_data * d;
+ khm_size s;
d = (k5_new_cred_data *) nc->ident_aux;
- return GetWindowText(d->hw_realm, buf, (int) cch_buf);
+ buf[0] = L'\0';
+ GetWindowText(d->hw_realm, buf, (int) cch_buf);
+ trim_str(buf, cch_buf);
+
+ StringCchLength(buf, cch_buf, &s);
+
+ return (int) s;
}
/* set the primary identity of a new credentials dialog depending on
@@ -83,6 +120,7 @@ set_identity_from_ui(khui_new_creds * nc, assert(cch < KCDB_IDENT_MAXCCH_NAME - 1);
GetWindowText(d->hw_username, un, ARRAYLENGTH(un));
+ trim_str(un, ARRAYLENGTH(un));
realm = khm_get_realm_from_princ(un);
if (realm) /* realm was specified */
@@ -113,6 +151,7 @@ set_identity_from_ui(khui_new_creds * nc, }
GetWindowText(d->hw_realm, realm, (int) cch_left);
+ trim_str(realm, cch_left);
_set_ident:
if (KHM_FAILED(rv = kcdb_identity_create(un,
@@ -183,6 +222,7 @@ update_crossfeed(khui_new_creds * nc, GetWindowText(d->hw_username,
un,
ARRAYLENGTH(un));
+ trim_str(un, ARRAYLENGTH(un));
un_realm = khm_get_realm_from_princ(un);
@@ -246,6 +286,7 @@ update_crossfeed(khui_new_creds * nc, GetWindowText(d->hw_realm, realm,
ARRAYLENGTH(realm));
+ trim_str(realm, ARRAYLENGTH(realm));
idx = (int)SendMessage(d->hw_realm,
CB_FINDSTRINGEXACT,
diff --git a/src/windows/identity/plugins/krb5/krb5main.c b/src/windows/identity/plugins/krb5/krb5main.c index 97ef85e..f1b7f05 100644 --- a/src/windows/identity/plugins/krb5/krb5main.c +++ b/src/windows/identity/plugins/krb5/krb5main.c @@ -30,7 +30,7 @@ kmm_module h_khModule; /* KMM's handle to this module */
HINSTANCE hInstance;
HMODULE hResModule; /* HMODULE to the resource library */
-const wchar_t * k5_facility = L"Krb5";
+const wchar_t * k5_facility = L"Krb5Cred";
khm_int32 type_id_enctype = -1;
khm_int32 type_id_addr_list = -1;
diff --git a/src/windows/identity/plugins/krb5/krb5newcreds.c b/src/windows/identity/plugins/krb5/krb5newcreds.c index 179ec4e..db9462e 100644 --- a/src/windows/identity/plugins/krb5/krb5newcreds.c +++ b/src/windows/identity/plugins/krb5/krb5newcreds.c @@ -55,6 +55,7 @@ typedef struct k5_dlg_data_t { wchar_t * cred_message; /* overrides the credential text, if
non-NULL */
+ BOOL pwd_change; /* force a password change */
} k5_dlg_data;
@@ -186,6 +187,56 @@ k5_handle_wmnc_notify(HWND hwnd, }
break;
+ case WMNC_CREDTEXT_LINK:
+ {
+ k5_dlg_data * d;
+ khui_htwnd_link * l;
+ khui_new_creds * nc;
+ wchar_t linktext[128];
+
+ d = (k5_dlg_data *)(LONG_PTR)
+ GetWindowLongPtr(hwnd, DWLP_USER);
+ nc = d->nc;
+ l = (khui_htwnd_link *) lParam;
+
+ if (!l)
+ break;
+
+ StringCchCopyN(linktext, ARRAYLENGTH(linktext),
+ l->id, l->id_len);
+
+ if (!wcscmp(linktext, L"Krb5Cred:!Passwd")) {
+ /* we are turning this dialog into a change password dialog... */
+ wchar_t wbuf[KHUI_MAXCCH_BANNER];
+
+ khui_cw_clear_prompts(nc);
+
+ LoadString(hResModule, IDS_NC_PWD_BANNER,
+ wbuf, ARRAYLENGTH(wbuf));
+ khui_cw_begin_custom_prompts(nc, 3, NULL, wbuf);
+
+ LoadString(hResModule, IDS_NC_PWD_PWD,
+ wbuf, ARRAYLENGTH(wbuf));
+ khui_cw_add_prompt(nc, KHUI_NCPROMPT_TYPE_PASSWORD,
+ wbuf, NULL, KHUI_NCPROMPT_FLAG_HIDDEN);
+
+ LoadString(hResModule, IDS_NC_PWD_NPWD,
+ wbuf, ARRAYLENGTH(wbuf));
+ khui_cw_add_prompt(nc, KHUI_NCPROMPT_TYPE_NEW_PASSWORD,
+ wbuf, NULL, KHUI_NCPROMPT_FLAG_HIDDEN);
+
+ LoadString(hResModule, IDS_NC_PWD_NPWD_AGAIN,
+ wbuf, ARRAYLENGTH(wbuf));
+ khui_cw_add_prompt(nc, KHUI_NCPROMPT_TYPE_NEW_PASSWORD_AGAIN,
+ wbuf, NULL, KHUI_NCPROMPT_FLAG_HIDDEN);
+
+ d->pwd_change = TRUE;
+
+ return TRUE;
+ }
+ }
+ break;
+
case WMNC_UPDATE_CREDTEXT:
{
k5_dlg_data * d;
@@ -215,7 +266,8 @@ k5_handle_wmnc_notify(HWND hwnd, KHM_SUCCEEDED(kcdb_identity_get_flags(nc->identities[0],
&flags)) &&
(flags & KCDB_IDENT_FLAG_VALID) &&
- nc->subtype == KMSG_CRED_NEW_CREDS) {
+ nc->subtype == KMSG_CRED_NEW_CREDS &&
+ !d->pwd_change) {
if (is_k5_identpro)
k5_get_realm_from_nc(nc, tbuf, ARRAYLENGTH(tbuf));
@@ -237,7 +289,8 @@ k5_handle_wmnc_notify(HWND hwnd, StringCbCopy(nct->credtext, cbsize, sbuf);
} else if (nc->n_identities > 0 &&
- nc->subtype == KMSG_CRED_PASSWORD) {
+ (nc->subtype == KMSG_CRED_PASSWORD ||
+ (nc->subtype == KMSG_CRED_NEW_CREDS && d->pwd_change))) {
cbsize = sizeof(tbuf);
kcdb_identity_get_name(nc->identities[0], tbuf, &cbsize);
@@ -630,6 +683,9 @@ k5_cached_kinit_prompter(void) { khm_size n_cur_prompts;
khm_int32 n_prompts;
khm_int32 i;
+ khm_int64 iexpiry;
+ FILETIME expiry;
+ FILETIME current;
#ifdef DEBUG
assert(g_fjob.nc);
@@ -656,6 +712,30 @@ k5_cached_kinit_prompter(void) { goto _cleanup;
+ if (KHM_SUCCEEDED(khc_read_int64(csp_prcache, L"ExpiresOn", &iexpiry))) {
+ /* has the cache expired? */
+ expiry = IntToFt(iexpiry);
+ GetSystemTimeAsFileTime(¤t);
+
+ if (CompareFileTime(&expiry, ¤t) < 0)
+ /* already expired */
+ goto _cleanup;
+ } else {
+ FILETIME lifetime;
+ khm_int32 t;
+
+ /* make the cache expire at some point */
+ GetSystemTimeAsFileTime(¤t);
+ khc_read_int32(csp_params, L"PromptCacheLifetime", &t);
+ if (t == 0)
+ t = 172800; /* 48 hours */
+ TimetToFileTimeInterval(t, &lifetime);
+ expiry = FtAdd(¤t, &lifetime);
+ iexpiry = FtToInt(&expiry);
+
+ khc_write_int64(csp_prcache, L"ExpiresOn", iexpiry);
+ }
+
/* we found a prompt cache. We take this to imply that the
principal is valid. */
g_fjob.valid_principal = TRUE;
@@ -968,6 +1048,11 @@ k5_kinit_prompter(krb5_context context, {
wchar_t wbanner[KHUI_MAXCCH_BANNER];
wchar_t wname[KHUI_MAXCCH_PNAME];
+ FILETIME current;
+ FILETIME lifetime;
+ FILETIME expiry;
+ khm_int64 iexpiry;
+ khm_int32 t = 0;
if(banner)
AnsiStrToUnicode(wbanner, sizeof(wbanner), banner);
@@ -982,28 +1067,40 @@ k5_kinit_prompter(krb5_context context, (banner)?wbanner:NULL,
(name)?wname:NULL);
- if (banner && csp_prcache)
- khc_write_string(csp_prcache,
- L"Banner",
- wbanner);
- else if (csp_prcache)
- khc_write_string(csp_prcache,
- L"Banner",
- L"");
+ if (csp_prcache) {
- if (name && csp_prcache)
- khc_write_string(csp_prcache,
- L"Name",
- wname);
- else if (csp_prcache)
- khc_write_string(csp_prcache,
- L"Name",
- L"");
+ if (banner)
+ khc_write_string(csp_prcache,
+ L"Banner",
+ wbanner);
+ else
+ khc_write_string(csp_prcache,
+ L"Banner",
+ L"");
+
+ if (name)
+ khc_write_string(csp_prcache,
+ L"Name",
+ wname);
+ else if (csp_prcache)
+ khc_write_string(csp_prcache,
+ L"Name",
+ L"");
- if (csp_prcache)
khc_write_int32(csp_prcache,
L"PromptCount",
(khm_int32) num_prompts);
+
+ GetSystemTimeAsFileTime(¤t);
+ khc_read_int32(csp_params, L"PromptCacheLifetime", &t);
+ if (t == 0)
+ t = 172800; /* 48 hours */
+ TimetToFileTimeInterval(t, &lifetime);
+ expiry = FtAdd(¤t, &lifetime);
+ iexpiry = FtToInt(&expiry);
+
+ khc_write_int64(csp_prcache, L"ExpiresOn", iexpiry);
+ }
}
for(i=0; i < num_prompts; i++) {
@@ -1757,6 +1854,10 @@ k5_msg_cred_dialog(khm_int32 msg_type, }
khui_cw_unlock_nc(nc);
+
+ /* reset the force-password-change flag if this is a new
+ identity. */
+ d->pwd_change = FALSE;
}
/* fallthrough */
@@ -1950,6 +2051,11 @@ k5_msg_cred_dialog(khm_int32 msg_type, if (nc->subtype == KMSG_CRED_NEW_CREDS) {
d = (k5_dlg_data *) nct->aux;
+ if (d->pwd_change) {
+ /* we are forcing a password change */
+ goto change_password;
+ }
+
_begin_task(0);
_report_mr0(KHERR_NONE, MSG_CTX_INITAL_CREDS);
_describe();
@@ -2259,6 +2365,9 @@ k5_msg_cred_dialog(khm_int32 msg_type, } else if (nc->subtype == KMSG_CRED_PASSWORD &&
nc->result == KHUI_NC_RESULT_PROCESS) {
+ change_password:
+ /* we jump here if there was a password change forced */
+
_begin_task(0);
_report_mr0(KHERR_NONE, MSG_CTX_PASSWD);
_describe();
@@ -2360,6 +2469,74 @@ k5_msg_cred_dialog(khm_int32 msg_type, if (code)
rv = KHM_ERROR_UNKNOWN;
+ else if (nc->subtype == KMSG_CRED_NEW_CREDS) {
+ khm_handle csp_idcfg = NULL;
+ krb5_context ctx = NULL;
+
+ /* we forced a password change. now we need
+ to get the initial credentials. */
+
+ d = (k5_dlg_data *) nct->aux;
+
+ if (d == NULL) {
+ rv = KHM_ERROR_UNKNOWN;
+ goto _pwd_exit;
+ }
+
+ code = khm_krb5_kinit(NULL, /* context (create one) */
+ idname, /* principal_name */
+ npwd, /* password */
+ NULL, /* ccache name (figure out the identity cc)*/
+ (krb5_deltat) d->tc_lifetime.current,
+ d->forwardable,
+ d->proxiable,
+ (krb5_deltat)((d->renewable)?d->tc_renew.current:0),
+ d->addressless, /* addressless */
+ d->publicIP, /* public IP */
+ NULL, /* prompter */
+ NULL /* prompter data */);
+
+ if (code) {
+ rv = KHM_ERROR_UNKNOWN;
+ goto _pwd_exit;
+ }
+
+ /* save the settings that we used for
+ obtaining the ticket. */
+ if (KHM_SUCCEEDED
+ (k5_open_config_handle(nc->identities[0],
+ KHM_FLAG_CREATE |
+ KCONF_FLAG_WRITEIFMOD,
+ &csp_idcfg))) {
+ k5_write_dlg_params(csp_idcfg, d);
+ khc_close_space(csp_idcfg);
+ }
+
+ /* and do a quick refresh of the krb5 tickets
+ so that other plug-ins that depend on krb5
+ can look up tickets inside NetIDMgr */
+ khm_krb5_list_tickets(&ctx);
+
+ /* if there was no default identity, we make
+ this one the default. */
+ kcdb_identity_refresh(nc->identities[0]);
+ {
+ khm_handle tdefault = NULL;
+
+ if (KHM_SUCCEEDED(kcdb_identity_get_default(&tdefault))) {
+ kcdb_identity_release(tdefault);
+ } else {
+ _reportf(L"There was no default identity. Setting defualt");
+ kcdb_identity_set_default(nc->identities[0]);
+ }
+ }
+
+ /* and then update the LRU too */
+ k5_update_LRU(nc->identities[0]);
+
+ if (ctx != NULL)
+ pkrb5_free_context(ctx);
+ }
/* result is only set when code != 0 */
if (code && result) {
diff --git a/src/windows/identity/plugins/krb5/krbconfig.csv b/src/windows/identity/plugins/krb5/krbconfig.csv index b675440..205cbcb 100644 --- a/src/windows/identity/plugins/krb5/krbconfig.csv +++ b/src/windows/identity/plugins/krb5/krbconfig.csv @@ -25,11 +25,13 @@ Krb5Cred,KC_SPACE,0,Kerberos V Credentials Provider LRURealms,KC_STRING,,
LRUPrincipals,KC_STRING,,
LastDefaultIdent,KC_STRING,,Last known default identity
+ PromptCacheLifetime,KC_INT32,172800,Lifetime of the prompt cache in seconds
DefaultCCName,KC_STRING,,Default CC name (only per identity)
PromptCache,KC_SPACE,0,Cache of prompts (only per identity)
Name,KC_STRING,,
Banner,KC_STRING,,
PromptCount,KC_INT32,0,
+ ExpiresOn,KC_INT64,0,FILETIME of when the prompt cache is set to expire
(n),KC_SPACE,0,Parameters for each prompt
Prompt,KC_STRING,,
Type,KC_INT32,0,
diff --git a/src/windows/identity/plugins/krb5/lang/en_us/langres.rc b/src/windows/identity/plugins/krb5/lang/en_us/langres.rc index aab9090..54f3ed7 100644 --- a/src/windows/identity/plugins/krb5/lang/en_us/langres.rc +++ b/src/windows/identity/plugins/krb5/lang/en_us/langres.rc @@ -382,7 +382,7 @@ BEGIN IDS_NC_REALM "Realm"
IDS_KRB5_WARNING "Kerberos 5 Warning"
IDS_K5ERR_NAME_EXPIRED "<p><a id=""SwitchPanel"" param=""Krb5Cred""><b>Krb5</b></a><tab>: The selected principal name has expired.</p><p><tab> Please contact your system administrator.</p>"
- IDS_K5ERR_KEY_EXPIRED "<p><a id=""SwitchPanel"" param=""Krb5Cred""><b>Krb5</b></a><tab>: The password for the selected identity has expired.</p><p><tab> Click <a id=""Krb5Cred:Passwd"">here</a> to change the password</p>"
+ IDS_K5ERR_KEY_EXPIRED "<p><a id=""SwitchPanel"" param=""Krb5Cred""><b>Krb5</b></a><tab>: The password for the selected identity has expired.</p><p><tab> Click <a id=""Krb5Cred:!Passwd"">here</a> to change the password</p>"
IDS_KRB5_WARN_FMT "Kerberos 5: %s\n\n%s"
IDS_K5ERR_FMT "<p><a id=""SwitchPanel"" param=""Krb5Cred""><b>Krb5</b></a><tag>: %s</p>"
IDS_K5CFG_SHORT_DESC "Kerberos 5"
diff --git a/src/windows/identity/plugins/krb5/lang/krb5_msgs.mc b/src/windows/identity/plugins/krb5/lang/krb5_msgs.mc index 01e0176..cadc666 100644 --- a/src/windows/identity/plugins/krb5/lang/krb5_msgs.mc +++ b/src/windows/identity/plugins/krb5/lang/krb5_msgs.mc @@ -158,6 +158,42 @@ Destroying Krb5 tickets .
MessageId=
+SymbolicName=MSG_ERR_NETDOWN
+Language=English
+A network connection is unavailable
+.
+
+MessageId=
+SymbolicName=MSG_ERR_S_NETRETRY
+Language=English
+Please check your network connection or contact your network administrator for assistance.
+.
+
+MessageId=
+SymbolicName=MSG_ERR_TEMPDOWN
+Language=English
+A temporary network error caused the operation to fail
+.
+
+MessageId=
+SymbolicName=MSG_ERR_S_TEMPDOWN
+Language=English
+Please try again in a few minutes
+.
+
+MessageId=
+SymbolicName=MSG_ERR_NOHOST
+Language=English
+A server could not be reached
+.
+
+MessageId=
+SymbolicName=MSG_ERR_S_NOHOST
+Language=English
+This can be caused by the server being unavailable, network errors, or improper configuration. Please try again or contact your administrator for assistance.
+.
+
+MessageId=
SymbolicName=MSG_
Language=English
.
diff --git a/src/windows/identity/sample/templates/credprov/Makefile b/src/windows/identity/sample/templates/credprov/Makefile index e536210..b940010 100644 --- a/src/windows/identity/sample/templates/credprov/Makefile +++ b/src/windows/identity/sample/templates/credprov/Makefile @@ -110,8 +110,8 @@ MC=mc # Lots more macros
-incflags = -I$(NIDMINCDIR) -I$(OBJ) -I.
-rincflags = /i $(NIDMINCDIR) /i $(OBJ) /i .
+incflags = -I"$(NIDMINCDIR)" -I"$(OBJ)" -I.
+rincflags = /i "$(NIDMINCDIR)" /i "$(OBJ)" /i .
ldebug = $(ldebug) /DEBUG
cdebug = $(cdebug) -Os -Zi
@@ -120,13 +120,13 @@ cdefines = $(cdefines) -DUNICODE -D_UNICODE C2OBJ=$(CC) $(cdebug) $(cflags) $(incflags) $(cdefines) /Fo"$@" /c $**
-DLLGUILINK=$(LINK) /NOLOGO $(ldebug) $(dlllflags) $(guilibsmt) /OUT:$@ /IMPLIB:$(DEST)\$(@B).lib $**
+DLLGUILINK=$(LINK) /NOLOGO $(ldebug) $(dlllflags) $(guilibsmt) /OUT:"$@" /IMPLIB:$(DEST)\$(@B).lib $**
-DLLRESLINK=$(LINK) /NOLOGO /DLL /NOENTRY /MACHINE:$(PROCESSOR_ARCHITECTURE) /OUT:$@ $**
+DLLRESLINK=$(LINK) /NOLOGO /DLL /NOENTRY /MACHINE:$(PROCESSOR_ARCHITECTURE) /OUT:"$@" $**
-RC2RES=$(RC) $(RFLAGS) $(rincflags) /fo $@ $**
+RC2RES=$(RC) $(RFLAGS) $(rincflags) /fo "$@" $**
-MC2RC=$(MC) $(MCFLAGS) -h $(OBJ)\ -m 1024 -r $(OBJ)\ -x $(OBJ)\ $**
+MC2RC=$(MC) $(MCFLAGS) -h "$(OBJ)\" -m 1024 -r "$(OBJ)\" -x "$(OBJ)\" $**
{}.c{$(OBJ)}.obj:
$(C2OBJ)
@@ -139,15 +139,15 @@ MC2RC=$(MC) $(MCFLAGS) -h $(OBJ)\ -m 1024 -r $(OBJ)\ -x $(OBJ)\ $** mkdirs::
!if !exist($(DEST))
- $(MKDIR) $(DEST)
+ $(MKDIR) "$(DEST)"
!endif
!if !exist($(OBJ))
- $(MKDIR) $(OBJ)
+ $(MKDIR) "$(OBJ)"
!endif
clean::
- $(RM) $(OBJ)\*.*
- $(RM) $(DEST)\*.*
+ $(RM) "$(OBJ)\*.*"
+ $(RM) "$(DEST)\*.*"
.SUFFIXES: .h
@@ -169,7 +169,7 @@ MT=mt.exe -nologo !endif
_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest $(MT) -outputresource:$@;1 -manifest $@.manifest
+if exist "$@.manifest" $(MT) -outputresource:"$@";1 -manifest "$@.manifest"
_VC_MANIFEST_EMBED_DLL=$(_VC_MANIFEST_EMBED_EXE)
@@ -179,7 +179,7 @@ _VC_MANIFEST_EMBED_DLL=$(_VC_MANIFEST_EMBED_EXE) # embedded manifest will be used. Otherwise the $@.manifest file will
# be used.
_VC_MANIFEST_CLEAN= \
-if exist $@.manifest $(RM) $@.manifest
+if exist "$@.manifest" $(RM) "$@.manifest"
# End of manifest handling
@@ -189,7 +189,7 @@ if exist $@.manifest $(RM) $@.manifest DLL=$(DEST)\$(DLLBASENAME).dll
LIBFILES= \
- $(NIDMLIBDIR)\nidmgr32.lib
+ "$(NIDMLIBDIR)\nidmgr32.lib"
OBJFILES= \
$(OBJ)\credacq.obj \
@@ -208,7 +208,7 @@ CONFIGHEADER=$(OBJ)\credacq_config.h all: mkdirs $(CONFIGHEADER) $(DLL) lang
$(CONFIGHEADER): Makefile
- $(CP) << $@
+ $(CP) << "$@"
/* This is a generated file. Do not modify directly. */
#pragma once
diff --git a/src/windows/identity/ui/aboutwnd.c b/src/windows/identity/ui/aboutwnd.c index 242b1c5..f4dcfcc 100644 --- a/src/windows/identity/ui/aboutwnd.c +++ b/src/windows/identity/ui/aboutwnd.c @@ -46,8 +46,11 @@ about_dlg_proc(HWND hwnd, SetDlgItemText(hwnd, IDC_PRODUCT,
TEXT(KH_VERSTR_PRODUCT_1033));
+ /* retain the original copyright strings */
+#ifdef OVERRIDE_COPYRIGHT
SetDlgItemText(hwnd, IDC_COPYRIGHT,
TEXT(KH_VERSTR_COPYRIGHT_1033));
+#endif
SetDlgItemText(hwnd, IDC_BUILDINFO,
TEXT(KH_VERSTR_BUILDINFO_1033));
diff --git a/src/windows/identity/ui/credfuncs.c b/src/windows/identity/ui/credfuncs.c index 937e82f..d695afe 100644 --- a/src/windows/identity/ui/credfuncs.c +++ b/src/windows/identity/ui/credfuncs.c @@ -227,6 +227,9 @@ kmsg_cred_completion(kmq_message *m) if there's more */
nc = (khui_new_creds *) m->vparam;
+ /* if we are done processing all the plug-ins, then check if
+ there were any errors reported. Otherwise we dispatch
+ another set of messages. */
if(!khm_cred_dispatch_process_level(nc)) {
if(kherr_is_error()) {
@@ -238,39 +241,102 @@ kmsg_cred_completion(kmq_message *m) wchar_t ws_title[ARRAYLENGTH(ws_tfmt) + KCDB_IDENT_MAXCCH_NAME];
khm_size cb;
+ /* For renewals, we suppress the error message for the
+ following case:
+
+ - The renewal was for an identity
+
+ - There are no identity credentials for the
+ identity (no credentials that have the same type
+ as the identity provider). */
+
+ if (nc->subtype == KMSG_CRED_RENEW_CREDS &&
+ nc->ctx.scope == KHUI_SCOPE_IDENT &&
+ nc->ctx.identity != NULL) {
+ khm_handle tcs = NULL; /* credential set */
+ khm_size count = 0;
+ khm_int32 id_ctype = KCDB_CREDTYPE_INVALID;
+ khm_int32 delta = 0;
+
+ kcdb_identity_get_type(&id_ctype);
+ kcdb_credset_create(&tcs);
+ kcdb_credset_collect(tcs, NULL,
+ nc->ctx.identity,
+ id_ctype,
+ &delta);
+ kcdb_credset_get_size(tcs, &count);
+ kcdb_credset_delete(tcs);
+
+ if (count == 0)
+ break;
+ }
+
ctx = kherr_peek_context();
evt = kherr_get_err_event(ctx);
kherr_evaluate_event(evt);
khui_alert_create_empty(&alert);
- if (nc->subtype == KMSG_CRED_PASSWORD)
- LoadString(khm_hInstance, IDS_NC_PWD_FAILED_TITLE,
- ws_tfmt, ARRAYLENGTH(ws_tfmt));
- else if (nc->subtype == KMSG_CRED_RENEW_CREDS)
- LoadString(khm_hInstance, IDS_NC_REN_FAILED_TITLE,
- ws_tfmt, ARRAYLENGTH(ws_tfmt));
- else
- LoadString(khm_hInstance, IDS_NC_FAILED_TITLE,
- ws_tfmt, ARRAYLENGTH(ws_tfmt));
+ if (nc->subtype == KMSG_CRED_NEW_CREDS) {
+
+ cb = sizeof(w_idname);
+ if (nc->n_identities == 0 ||
+ KHM_FAILED(kcdb_identity_get_name(nc->identities[0],
+ w_idname, &cb))) {
+ /* an identity could not be determined */
+ LoadString(khm_hInstance, IDS_NC_FAILED_TITLE,
+ ws_title, ARRAYLENGTH(ws_title));
+ } else {
+ LoadString(khm_hInstance, IDS_NC_FAILED_TITLE_I,
+ ws_tfmt, ARRAYLENGTH(ws_tfmt));
+ StringCbPrintf(ws_title, sizeof(ws_title),
+ ws_tfmt, w_idname);
+ }
+
+ } else if (nc->subtype == KMSG_CRED_PASSWORD) {
- if (nc->n_identities > 0) {
cb = sizeof(w_idname);
- if (KHM_FAILED(kcdb_identity_get_name(nc->identities[0],
- w_idname, &cb)))
- StringCbCopy(w_idname, sizeof(w_idname), L"(?)");
+ if (nc->n_identities == 0 ||
+ KHM_FAILED(kcdb_identity_get_name(nc->identities[0],
+ w_idname, &cb))) {
+ LoadString(khm_hInstance, IDS_NC_PWD_FAILED_TITLE,
+ ws_title, ARRAYLENGTH(ws_title));
+ } else {
+ LoadString(khm_hInstance, IDS_NC_PWD_FAILED_TITLE_I,
+ ws_tfmt, ARRAYLENGTH(ws_tfmt));
+ StringCbPrintf(ws_title, sizeof(ws_title),
+ ws_tfmt, w_idname);
+ }
+
+ } else if (nc->subtype == KMSG_CRED_RENEW_CREDS) {
+
+ cb = sizeof(w_idname);
+ if (nc->ctx.identity == NULL ||
+ KHM_FAILED(kcdb_identity_get_name(nc->ctx.identity,
+ w_idname, &cb))) {
+ LoadString(khm_hInstance, IDS_NC_REN_FAILED_TITLE,
+ ws_title, ARRAYLENGTH(ws_title));
+ } else {
+ LoadString(khm_hInstance, IDS_NC_REN_FAILED_TITLE_I,
+ ws_tfmt, ARRAYLENGTH(ws_tfmt));
+ StringCbPrintf(ws_title, sizeof(ws_title),
+ ws_tfmt, w_idname);
+ }
+
} else {
- StringCbCopy(w_idname, sizeof(w_idname), L"(?)");
+#ifdef DEBUG
+ assert(FALSE);
+#endif
}
- StringCbPrintf(ws_title, sizeof(ws_title), ws_tfmt, w_idname);
-
khui_alert_set_title(alert, ws_title);
khui_alert_set_severity(alert, evt->severity);
+
if(!evt->long_desc)
khui_alert_set_message(alert, evt->short_desc);
else
khui_alert_set_message(alert, evt->long_desc);
+
if(evt->suggestion)
khui_alert_set_suggestion(alert, evt->suggestion);
@@ -847,6 +913,8 @@ khm_cred_process_startup_actions(void) { if (khm_startup.renew) {
khm_size count;
+ wchar_t * ident_names = NULL;
+ wchar_t * this_ident;
kcdb_credset_get_size(NULL, &count);
@@ -856,16 +924,55 @@ khm_cred_process_startup_actions(void) { khm_startup.renew = FALSE;
if (count != 0) {
- if (defident)
- khui_context_set(KHUI_SCOPE_IDENT,
- defident,
- KCDB_CREDTYPE_INVALID,
- NULL, NULL, 0,
- NULL);
- else
- khui_context_reset();
+ khm_size cb = 0;
+ khm_size n_idents = 0;
+ khm_int32 rv;
+
+ ident_names = NULL;
+
+ while (TRUE) {
+ if (ident_names) {
+ PFREE(ident_names);
+ ident_names = NULL;
+ }
+
+ cb = 0;
+ rv = kcdb_identity_enum(KCDB_IDENT_FLAG_EMPTY, 0,
+ NULL,
+ &cb, &n_idents);
+
+ if (n_idents == 0 || rv != KHM_ERROR_TOO_LONG ||
+ cb == 0)
+ break;
+
+ ident_names = PMALLOC(cb);
- khm_cred_renew_creds();
+ rv = kcdb_identity_enum(KCDB_IDENT_FLAG_EMPTY, 0,
+ ident_names,
+ &cb, &n_idents);
+
+ if (KHM_SUCCEEDED(rv))
+ break;
+ }
+
+ if (ident_names) {
+ for (this_ident = ident_names;
+ this_ident && *this_ident;
+ this_ident = multi_string_next(this_ident)) {
+ khm_handle ident;
+
+ if (KHM_FAILED(kcdb_identity_create(this_ident, 0,
+ &ident)))
+ continue;
+
+ khm_cred_renew_identity(ident);
+
+ kcdb_identity_release(ident);
+ }
+
+ PFREE(ident_names);
+ ident_names = NULL;
+ }
break;
}
}
diff --git a/src/windows/identity/ui/credwnd.c b/src/windows/identity/ui/credwnd.c index 31df6bd..a870fe5 100644 --- a/src/windows/identity/ui/credwnd.c +++ b/src/windows/identity/ui/credwnd.c @@ -2669,16 +2669,20 @@ cw_kmq_wm_dispatch(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam) cw_update_outline(tbl);
cw_update_extents(tbl, TRUE);
InvalidateRect(hwnd, NULL, FALSE);
+
}
else if (m->subtype == KMSG_KCDB_IDENT &&
m->uparam == KCDB_OP_NEW_DEFAULT) {
InvalidateRect(hwnd, NULL, FALSE);
+
}
else if (m->subtype == KMSG_KCDB_ATTRIB &&
(m->uparam == KCDB_OP_INSERT ||
m->uparam == KCDB_OP_DELETE)) {
+
cw_refresh_attribs(hwnd);
+
}
} else if (m->type == KMSG_KMM &&
m->subtype == KMSG_KMM_I_DONE) {
diff --git a/src/windows/identity/ui/lang/en_us/khapp.rc b/src/windows/identity/ui/lang/en_us/khapp.rc index 93e7805..eb84b8f 100644 --- a/src/windows/identity/ui/lang/en_us/khapp.rc +++ b/src/windows/identity/ui/lang/en_us/khapp.rc @@ -356,9 +356,9 @@ FONT 8, "MS Shell Dlg", 400, 0, 0x1 BEGIN
DEFPUSHBUTTON "OK",IDOK,211,7,50,14
LTEXT "Productname",IDC_PRODUCT,41,7,163,13,NOT WS_GROUP
- LTEXT "© 2005 Massachusetts Institute of Technology",IDC_COPYRIGHT,41,23,220,18,NOT WS_GROUP
- LTEXT "BuildInfo",IDC_BUILDINFO,41,41,220,17,NOT WS_GROUP
- ICON IDI_MAIN_APP,IDC_STATIC,6,7,21,20
+ LTEXT "© 2005-2006 Massachusetts Institute of Technology\n© 2006 Secure Endpoints Inc.",IDC_COPYRIGHT,41,23,220,18,NOT WS_GROUP
+ LTEXT "BuildInfo",IDC_BUILDINFO,41,43,220,15,NOT WS_GROUP
+ ICON IDI_MAIN_APP,IDC_STATIC,6,7,20,20
CONTROL "",IDC_MODULES,"SysListView32",LVS_REPORT | LVS_ALIGNLEFT | WS_BORDER | WS_TABSTOP,41,72,220,91
LTEXT "Loaded modules",IDC_STATIC,41,60,52,8
END
@@ -770,6 +770,13 @@ BEGIN IDS_ACTIONT_OPT_APPEAR "Change appearance and display settings"
IDS_ACTIONT_HELP_CTX "Display user documentation"
IDS_ACTIONT_IMPORT "Import credentials from external sources such as the Windows LSA"
+ IDS_NC_FAILED_TITLE_I "Failed to get credentials for %s"
+ IDS_NC_PWD_FAILED_TITLE_I "Failed to change password for %s"
+END
+
+STRINGTABLE
+BEGIN
+ IDS_NC_REN_FAILED_TITLE_I "Failed to renew creds for %s"
END
#endif // English (U.S.) resources
diff --git a/src/windows/identity/ui/newcredwnd.c b/src/windows/identity/ui/newcredwnd.c index 1c5d194..f5b302e 100644 --- a/src/windows/identity/ui/newcredwnd.c +++ b/src/windows/identity/ui/newcredwnd.c @@ -1,6 +1,5 @@ /*
* Copyright (c) 2005 Massachusetts Institute of Technology
- * Copyright (c) 2006 Secure Endpoints Inc.
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -264,6 +263,38 @@ nc_clear_password_fields(khui_nc_wnd_data * d) }
}
+struct nc_enum_wnd_data {
+ khui_nc_wnd_data * d;
+ khm_boolean enable;
+};
+
+static
+BOOL CALLBACK
+nc_enum_wnd_proc(HWND hwnd,
+ LPARAM lParam)
+{
+ struct nc_enum_wnd_data * wd;
+
+ wd = (struct nc_enum_wnd_data *) lParam;
+
+ EnableWindow(hwnd, wd->enable);
+
+ return TRUE;
+}
+
+static void
+nc_enable_controls(khui_nc_wnd_data * d, khm_boolean enable)
+{
+ struct nc_enum_wnd_data wd;
+
+ ZeroMemory(&wd, sizeof(wd));
+
+ wd.d = d;
+ wd.enable = enable;
+
+ EnumChildWindows(d->dlg_main, nc_enum_wnd_proc, (LPARAM) &wd);
+}
+
#define NC_MAXCCH_CREDTEXT 16384
#define NC_MAXCB_CREDTEXT (NC_MAXCCH_CREDTEXT * sizeof(wchar_t))
@@ -524,6 +555,7 @@ nc_handle_wm_create(HWND hwnd, int x, y;
int width, height;
RECT r;
+ khm_int32 t;
lpc = (LPCREATESTRUCT) lParam;
@@ -789,6 +821,17 @@ nc_handle_wm_create(HWND hwnd, /* add this to the dialog chain */
khm_add_dialog(hwnd);
+ /* bring the window to the top, if necessary */
+ if (KHM_SUCCEEDED(khc_read_int32(NULL,
+ L"CredWindow\\Windows\\NewCred\\ForceToTop",
+ &t)) &&
+ t != 0) {
+
+ SetWindowPos(hwnd, HWND_TOP, 0, 0, 0, 0,
+ (SWP_NOMOVE | SWP_NOSIZE));
+
+ }
+
return TRUE;
}
@@ -936,6 +979,8 @@ nc_handle_wm_command(HWND hwnd, KHUI_NC_RESULT_CANCEL */
d->nc->response = KHUI_NC_RESPONSE_PROCESSING;
+ nc_enable_controls(d, FALSE);
+
nc_notify_types(d->nc,
KHUI_WM_NC_NOTIFY,
MAKEWPARAM(0,WMNC_DIALOG_PREPROCESS),
@@ -1008,7 +1053,8 @@ nc_handle_wm_command(HWND hwnd, type that is participating in the credentials
acquisition process, then we forward the message to
the panel that is providing the UI for that cred
- type. We also switch to that panel first. */
+ type. We also switch to that panel first, unless
+ the link is of the form '<credtype>:!<link_tag>'. */
colon = wcschr(sid, L':');
if (colon != NULL) {
@@ -1020,7 +1066,8 @@ nc_handle_wm_command(HWND hwnd, KHM_SUCCEEDED(khui_cw_find_type(d->nc, credtype, &t))){
*colon = L':';
- if (t->ordinal != d->ctab)
+ if (t->ordinal != d->ctab &&
+ *(colon + 1) != L'!')
PostMessage(hwnd,
KHUI_WM_NC_NOTIFY,
MAKEWPARAM(t->ordinal,
@@ -1031,6 +1078,8 @@ nc_handle_wm_command(HWND hwnd, KHUI_WM_NC_NOTIFY,
MAKEWPARAM(0, WMNC_CREDTEXT_LINK),
lParam);
+ } else {
+ *colon = L':';
}
}
@@ -1257,8 +1306,8 @@ static LRESULT nc_handle_wm_nc_notify(HWND hwnd, khui_cw_lock_nc(d->nc);
GetWindowRect(d->dlg_ts, &r);
- if (x + width * d->nc->n_types > (khm_size) (r.right - r.left)) {
- width = (int)(((r.right - r.left) - x) / d->nc->n_types);
+ if (x + width * (d->nc->n_types + 1) > (khm_size) (r.right - r.left)) {
+ width = (int)(((r.right - r.left) - x) / (d->nc->n_types + 1));
}
/* first, the control for the main panel */
@@ -1684,6 +1733,8 @@ static LRESULT nc_handle_wm_nc_notify(HWND hwnd, if(nc->response & KHUI_NC_RESPONSE_NOEXIT) {
HWND hw;
+ nc_enable_controls(d, TRUE);
+
/* reset state */
nc->result = KHUI_NC_RESULT_CANCEL;
diff --git a/src/windows/identity/ui/notifier.c b/src/windows/identity/ui/notifier.c index eb46824..12b746b 100644 --- a/src/windows/identity/ui/notifier.c +++ b/src/windows/identity/ui/notifier.c @@ -744,6 +744,9 @@ alerter_wnd_proc(HWND hwnd, }
}
+ if (d->hwnd_buttons[0])
+ SetFocus(d->hwnd_buttons[0]);
+
khm_notify_icon_change(a->severity);
khui_alert_unlock(a);
diff --git a/src/windows/identity/ui/resource.h b/src/windows/identity/ui/resource.h index 49fcf70..35b493e 100644 --- a/src/windows/identity/ui/resource.h +++ b/src/windows/identity/ui/resource.h @@ -290,6 +290,9 @@ #define IDS_ACTIONT_OPT_APPEAR 283
#define IDS_ACTIONT_HELP_CTX 284
#define IDS_ACTIONT_IMPORT 285
+#define IDS_NC_FAILED_TITLE_I 286
+#define IDS_NC_PWD_FAILED_TITLE_I 287
+#define IDS_NC_REN_FAILED_TITLE_I 288
#define IDC_NC_USERNAME 1007
#define IDC_NC_PASSWORD 1008
#define IDC_NC_CREDTEXT_LABEL 1009
diff --git a/src/windows/identity/ui/uiconfig.csv b/src/windows/identity/ui/uiconfig.csv index 5c512bb..f1bb4b1 100644 --- a/src/windows/identity/ui/uiconfig.csv +++ b/src/windows/identity/ui/uiconfig.csv @@ -35,6 +35,9 @@ CredWindow,KC_SPACE,0,Options for the credentials window _Schema,KC_ENDSPACE,0,
Main,KC_SPACE,0,Main window
Main,KC_ENDSPACE,0,
+ NewCred,KC_SPACE,0,New credentials window
+ ForceToTop,KC_INT32,1,Force new creds window to the top
+ NewCred,KC_ENDSPACE,0,
Windows,KC_ENDSPACE,0,
Views,KC_SPACE,0,Preconfigured views for credentials
Custom_0,KC_SPACE,0,First custom view. Additional views have names of the form Custom_N
diff --git a/src/windows/identity/uilib/action.c b/src/windows/identity/uilib/action.c index f96ec5d..dcce3de 100644 --- a/src/windows/identity/uilib/action.c +++ b/src/windows/identity/uilib/action.c @@ -1289,12 +1289,9 @@ khui_context_refresh(void) { khui_check_action(KHUI_ACTION_SET_DEF_ID, FALSE);
khui_enable_action(KHUI_ACTION_SET_DEF_ID, TRUE);
}
-
- khui_enable_action(KHUI_ACTION_PASSWD_ID, TRUE);
} else {
khui_check_action(KHUI_ACTION_SET_DEF_ID, FALSE);
khui_enable_action(KHUI_ACTION_SET_DEF_ID, FALSE);
- khui_enable_action(KHUI_ACTION_PASSWD_ID, FALSE);
}
if (khui_ctx.scope != KHUI_SCOPE_NONE) {
diff --git a/src/windows/identity/uilib/creddlg.c b/src/windows/identity/uilib/creddlg.c index 458218d..84d6e17 100644 --- a/src/windows/identity/uilib/creddlg.c +++ b/src/windows/identity/uilib/creddlg.c @@ -564,6 +564,35 @@ khui_cw_get_prompt(khui_new_creds * c, return rv;
}
+void
+khuiint_trim_str(wchar_t * s, khm_size cch) {
+ wchar_t * c, * last_ws;
+
+ for (c = s; *c && iswspace(*c) && ((khm_size)(c - s)) < cch; c++);
+
+ if (((khm_size)(c - s)) >= cch)
+ return;
+
+ if (c != s && ((khm_size)(c - s)) < cch) {
+#if _MSC_VER >= 1400
+ wmemmove_s(s, cch, c, cch - ((khm_size)(c - s)));
+#else
+ memmove(s, c, (cch - ((khm_size)(c - s)))* sizeof(wchar_t));
+#endif
+ }
+
+ last_ws = NULL;
+ for (c = s; *c && ((khm_size)(c - s)) < cch; c++) {
+ if (!iswspace(*c))
+ last_ws = NULL;
+ else if (last_ws == NULL)
+ last_ws = c;
+ }
+
+ if (last_ws)
+ *last_ws = L'\0';
+}
+
KHMEXP khm_int32 KHMAPI
khui_cw_sync_prompt_values(khui_new_creds * c)
{
@@ -584,6 +613,7 @@ khui_cw_sync_prompt_values(khui_new_creds * c) LeaveCriticalSection(&c->cs);
GetWindowText(hw, tmpbuf, ARRAYLENGTH(tmpbuf));
+ khuiint_trim_str(tmpbuf, ARRAYLENGTH(tmpbuf));
EnterCriticalSection(&c->cs);
if (n != c->n_prompts)
diff --git a/src/windows/identity/uilib/khconfigui.h b/src/windows/identity/uilib/khconfigui.h index 1d09fae..efe1478 100644 --- a/src/windows/identity/uilib/khconfigui.h +++ b/src/windows/identity/uilib/khconfigui.h @@ -142,7 +142,18 @@ typedef struct tag_khui_config_node_reg { */
#define KHUI_CNFLAG_SYSTEM 0x0010
+/*! \brief Settings have been modified
+
+ Settings for this configuration panel have been modified. This
+ flag should be cleared once the settings have been successfully
+ applied.
+ */
#define KHUI_CNFLAG_MODIFIED 0x0100
+
+/*! \brief Settings have been applied
+
+ Set once any modified settings were successfully applied.
+ */
#define KHUI_CNFLAG_APPLIED 0x0200
#define KHUI_CNFLAGMASK_STATIC 0x00ff
diff --git a/src/windows/identity/uilib/khhtlink.h b/src/windows/identity/uilib/khhtlink.h index f5fb3de..1246923 100644 --- a/src/windows/identity/uilib/khhtlink.h +++ b/src/windows/identity/uilib/khhtlink.h @@ -42,11 +42,30 @@ Instead, the length fields should be used to extract the string.
*/
typedef struct tag_khui_htwnd_link {
- RECT r;
- wchar_t * id;
- int id_len;
- wchar_t * param;
- int param_len;
+ RECT r; /*!< The enclosing rectangle of the
+ hyperlink. Units are screen units
+ and the coordinates are relative to
+ the top left hand corner of the
+ hypertext area. */
+ wchar_t * id; /*!< The value of the \a id attribute
+ of the link or \a NULL if there was
+ no \a id attribute. This does not
+ point to a \a NULL terminated
+ string. The length of the string is
+ given by the \a id_len field. */
+ int id_len; /*!< The length of the string pointed
+ to by \a id in characters.
+ Undefined if \a id is \a NULL. */
+ wchar_t * param; /*!< The value of the \a param
+ attribute of the link or \a NULL if
+ there was no \a param attribute.
+ This does not point to a \a NULL
+ terminated string. The length of
+ the string is given by the \a
+ param_len field.*/
+ int param_len; /*!< Length of the string pointed to
+ by \a param in characters.
+ Undefined if \a param is \a NULL. */
} khui_htwnd_link;
#define KHUI_MAXCCH_HTLINK_FIELD 256
diff --git a/src/windows/identity/uilib/khnewcred.h b/src/windows/identity/uilib/khnewcred.h index 4535757..b2b014e 100644 --- a/src/windows/identity/uilib/khnewcred.h +++ b/src/windows/identity/uilib/khnewcred.h @@ -111,7 +111,9 @@ enum khui_wm_nc_notifications { WMNC_CREDTEXT_LINK,
/*!< Sent to a panel dialog proc when a user clicks a credtext
- embedded link that belongs to that panel */
+ embedded link that belongs to that panel. The \a lParam
+ parameter of the message is a pointer to a ::khui_htwnd_link
+ structure describing the link. */
WMNC_IDENTITY_CHANGE,
/*!< The primary identity has changed */
@@ -219,7 +221,7 @@ typedef LRESULT \see \ref cred_acq for more information
*/
typedef struct tag_khui_new_creds {
- khm_int32 magic;
+ khm_int32 magic; /*!< Internal use */
khm_int32 subtype; /*!< Subtype of the request that is
being handled through this object.
@@ -227,7 +229,7 @@ typedef struct tag_khui_new_creds { ::KMSG_CRED_NEW_CREDS or
::KMSG_CRED_RENEW_CREDS */
- CRITICAL_SECTION cs;
+ CRITICAL_SECTION cs; /*!< Internal use */
khm_boolean set_default; /*!< After a successfull credentials
acquisition, set the primary
@@ -271,7 +273,7 @@ typedef struct tag_khui_new_creds { documentation for info on what to do
with this field */
- wchar_t *password; /*!< Not set until the dialog ends */
+ wchar_t *password; /*!< Not used. */
/* UI stuff */
|