diff options
Diffstat (limited to 'src/windows/identity/plugins/krb4')
16 files changed, 1479 insertions, 287 deletions
diff --git a/src/windows/identity/plugins/krb4/Makefile b/src/windows/identity/plugins/krb4/Makefile index d6b749192d..2385e61793 100644 --- a/src/windows/identity/plugins/krb4/Makefile +++ b/src/windows/identity/plugins/krb4/Makefile @@ -32,12 +32,13 @@ LIBFILE=$(LIBDIR)\krb4cred.lib OBJFILES= \
$(LIBDIR)\dynimport.obj \
$(LIBDIR)\krb5common.obj \
- $(OBJ)\main.obj \
+ $(OBJ)\krb4main.obj \
$(OBJ)\krb4plugin.obj \
$(OBJ)\krb4funcs.obj \
$(OBJ)\errorfuncs.obj \
$(OBJ)\krb4config.obj \
- $(OBJ)\krb4configdlg.obj
+ $(OBJ)\krb4configdlg.obj \
+ $(OBJ)\krb4newcreds.obj
LIBFILES= \
$(LIBDIR)\nidmgr32.lib \
@@ -45,10 +46,12 @@ LIBFILES= \ SDKLIBFILES=
+VERRESFILE=$(OBJ)\version.res
+
$(OBJ)\krb4config.c: krbconfig.csv $(CONFDIR)\csvschema.cfg
$(CCSV) $** $@
-$(DLLFILE): $(OBJFILES)
+$(DLLFILE): $(OBJFILES) $(VERRESFILE)
$(DLLGUILINK) $(LIBFILES) $(SDKLIBFILES)
all: mkdirs $(DLLFILE) lang
diff --git a/src/windows/identity/plugins/krb4/datarep.h b/src/windows/identity/plugins/krb4/datarep.h deleted file mode 100644 index 9c7048e05e..0000000000 --- a/src/windows/identity/plugins/krb4/datarep.h +++ /dev/null @@ -1,37 +0,0 @@ -/*
- * Copyright (c) 2004 Massachusetts Institute of Technology
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without
- * restriction, including without limitation the rights to use, copy,
- * modify, merge, publish, distribute, sublicense, and/or sell copies
- * of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be
- * included in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
- * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
- * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
- * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-/* $Id$ */
-
-#ifndef __KHIMAIRA_KRB_DATAREP_H
-#define __KHIMAIRA_KRB_DATAREP_H
-
-
-khm_int32 KHMAPI enctype_toString(const void * data, khm_int32 cbdata, wchar_t *destbuf, khm_int32 *pcbdestbuf, khm_int32 flags);
-khm_int32 KHMAPI addr_list_toString(const void *, khm_int32, wchar_t *, khm_int32 *, khm_int32);
-khm_int32 KHMAPI krb5flags_toString(const void *, khm_int32, wchar_t *, khm_int32 *, khm_int32);
-khm_int32 KHMAPI renew_for_cb(khm_handle cred, khm_int32 id, void * buffer, khm_int32 * pcbsize);
-
-
-#endif
\ No newline at end of file diff --git a/src/windows/identity/plugins/krb4/errorfuncs.c b/src/windows/identity/plugins/krb4/errorfuncs.c index 9feaad2a70..dba9f5dc6c 100644 --- a/src/windows/identity/plugins/krb4/errorfuncs.c +++ b/src/windows/identity/plugins/krb4/errorfuncs.c @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -72,7 +72,7 @@ HWND GetRootParent (HWND Child) }
-LPSTR err_describe(LPSTR buf, long code)
+LPSTR err_describe(LPSTR buf, size_t len, long code)
{
LPSTR cp, com_err_msg;
int offset;
@@ -89,7 +89,8 @@ LPSTR err_describe(LPSTR buf, long code) case kadm_err_base:
break;
default:
- strcpy(buf, com_err_msg);
+ strncpy(buf, com_err_msg, len);
+ buf[len-1] = '\0';
return buf;
}
@@ -192,8 +193,10 @@ LPSTR err_describe(LPSTR buf, long code) /* no extra error msg */
break;
}
- if(com_err_msg != buf)
- strcpy(buf, com_err_msg);
+ if(com_err_msg != buf) {
+ strncpy(buf, com_err_msg, len);
+ buf[len-1] = '\0';
+ }
cp = buf + strlen(buf);
*cp++ = '\n';
switch(table_num) {
@@ -207,7 +210,7 @@ LPSTR err_describe(LPSTR buf, long code) etype = Lerror_table_name(table_num);
break;
}
- wsprintfA((LPSTR) cp, (LPSTR) "(%s error %d"
+ StringCbPrintfA((LPSTR) cp, len - (cp-buf), (LPSTR) "(%s error %d"
#ifdef DEBUG_COM_ERR
" (absolute error %ld)"
#endif
@@ -221,44 +224,3 @@ LPSTR err_describe(LPSTR buf, long code) return (LPSTR)buf;
}
-int lsh_com_err_proc (LPSTR whoami, long code,
- LPSTR fmt, va_list args)
-{
- int retval;
- HWND hOldFocus;
- char buf[1024], *cp; /* changed to 512 by jms 8/23/93 */
- WORD mbformat = MB_OK | MB_ICONEXCLAMATION;
-
- cp = buf;
- memset(buf, '\0', sizeof(buf));
- cp[0] = '\0';
-
- if (code)
- {
- err_describe(buf, code);
- while (*cp)
- cp++;
- }
-
- if (fmt)
- {
- if (fmt[0] == '%' && fmt[1] == 'b')
- {
- fmt += 2;
- mbformat = va_arg(args, WORD);
- /* if the first arg is a %b, we use it for the message
- box MB_??? flags. */
- }
- if (code)
- {
- *cp++ = '\n';
- *cp++ = '\n';
- }
- wvsprintfA((LPSTR)cp, fmt, args);
- }
- hOldFocus = GetFocus();
- retval = MessageBoxA(/*GetRootParent(hOldFocus)*/NULL, buf, whoami,
- mbformat | MB_ICONHAND | MB_TASKMODAL);
- SetFocus(hOldFocus);
- return retval;
-}
diff --git a/src/windows/identity/plugins/krb4/errorfuncs.h b/src/windows/identity/plugins/krb4/errorfuncs.h index be8f4e7c57..e339eca4f7 100644 --- a/src/windows/identity/plugins/krb4/errorfuncs.h +++ b/src/windows/identity/plugins/krb4/errorfuncs.h @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -43,32 +43,17 @@ typedef LPSTR (*err_func)(int, long); #endif
#include <krberr.h>
-extern void Leash_initialize_krb_error_func(err_func func,struct et_list **);
-#undef init_krb_err_func
-#define init_krb_err_func(erf) Leash_initialize_krb_error_func(erf,&_et_list)
-
#include <kadm_err.h>
-extern void Leash_initialize_kadm_error_table(struct et_list **);
-#undef init_kadm_err_tbl
-#define init_kadm_err_tbl() Leash_initialize_kadm_error_table(&_et_list)
#define kadm_err_base ERROR_TABLE_BASE_kadm
-#define krb_err_func Leash_krb_err_func
-
#include <stdarg.h>
-int lsh_com_err_proc (LPSTR whoami, long code,
- LPSTR fmt, va_list args);
-void FAR Leash_load_com_err_callback(FARPROC,FARPROC,FARPROC);
#ifndef KRBERR
#define KRBERR(code) (code + krb_err_base)
#endif
-int lsh_com_err_proc (LPSTR whoami, long code, LPSTR fmt, va_list args);
-int DoNiftyErrorReport(long errnum, LPSTR what);
-
-LPSTR err_describe(LPSTR buf, long code);
+LPSTR err_describe(LPSTR buf, size_t len, long code);
/* */
diff --git a/src/windows/identity/plugins/krb4/images/plugin.ico b/src/windows/identity/plugins/krb4/images/plugin.ico Binary files differnew file mode 100644 index 0000000000..791b359694 --- /dev/null +++ b/src/windows/identity/plugins/krb4/images/plugin.ico diff --git a/src/windows/identity/plugins/krb4/krb4configdlg.c b/src/windows/identity/plugins/krb4/krb4configdlg.c index 9ad3406980..e6eb890df3 100644 --- a/src/windows/identity/plugins/krb4/krb4configdlg.c +++ b/src/windows/identity/plugins/krb4/krb4configdlg.c @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -28,6 +28,165 @@ #include<kherror.h>
#include<khuidefs.h>
#include<strsafe.h>
+#include<assert.h>
+
+typedef struct tag_k4_ids_data {
+ khui_config_init_data cfg;
+
+ khm_int32 get_tix;
+} k4_ids_data;
+
+static void
+k4_ids_read_params(k4_ids_data * d) {
+ khm_int32 t;
+#ifdef DEBUG
+ assert(csp_params);
+#endif
+
+ t = 1;
+ khc_read_int32(csp_params, L"Krb4NewCreds", &t);
+ d->get_tix = !!t;
+}
+
+static void
+k4_ids_write_params(HWND hw, k4_ids_data * d) {
+ khm_int32 nv;
+ khm_boolean applied = FALSE;
+
+ if (IsDlgButtonChecked(hw, IDC_CFG_GETTIX) == BST_CHECKED)
+ nv = TRUE;
+ else
+ nv = FALSE;
+
+ if (!!nv != !!d->get_tix) {
+ d->get_tix = !!nv;
+ khc_write_int32(csp_params, L"Krb4NewCreds", d->get_tix);
+ applied = TRUE;
+ }
+
+ khui_cfg_set_flags_inst(&d->cfg,
+ (applied)?KHUI_CNFLAG_APPLIED:0,
+ KHUI_CNFLAG_APPLIED | KHUI_CNFLAG_MODIFIED);
+}
+
+static void
+k4_ids_check_mod(HWND hw, k4_ids_data * d) {
+ khm_int32 nv;
+
+ if (IsDlgButtonChecked(hw, IDC_CFG_GETTIX) == BST_CHECKED)
+ nv = TRUE;
+ else
+ nv = FALSE;
+
+ khui_cfg_set_flags_inst(&d->cfg,
+ (!!nv != !!d->get_tix)? KHUI_CNFLAG_MODIFIED: 0,
+ KHUI_CNFLAG_MODIFIED);
+}
+
+INT_PTR CALLBACK
+krb4_ids_config_proc(HWND hwnd,
+ UINT uMsg,
+ WPARAM wParam,
+ LPARAM lParam) {
+ k4_ids_data * d;
+
+ switch(uMsg) {
+ case WM_INITDIALOG:
+ d = PMALLOC(sizeof(*d));
+ ZeroMemory(d, sizeof(*d));
+
+ d->cfg = *((khui_config_init_data *) lParam);
+
+#pragma warning(push)
+#pragma warning(disable: 4244)
+ SetWindowLongPtr(hwnd, DWLP_USER, (LONG_PTR) d);
+#pragma warning(pop)
+
+ k4_ids_read_params(d);
+
+ CheckDlgButton(hwnd, IDC_CFG_GETTIX,
+ (d->get_tix)? BST_CHECKED: BST_UNCHECKED);
+
+ break;
+
+ case WM_COMMAND:
+ d = (k4_ids_data *) (LONG_PTR)
+ GetWindowLongPtr(hwnd, DWLP_USER);
+
+ if (HIWORD(wParam) == BN_CLICKED) {
+ k4_ids_check_mod(hwnd, d);
+ }
+ break;
+
+ case KHUI_WM_CFG_NOTIFY:
+ d = (k4_ids_data *) (LONG_PTR)
+ GetWindowLongPtr(hwnd, DWLP_USER);
+
+ if (HIWORD(wParam) == WMCFG_APPLY) {
+ k4_ids_write_params(hwnd, d);
+ }
+ break;
+
+ case WM_DESTROY:
+ d = (k4_ids_data *) (LONG_PTR)
+ GetWindowLongPtr(hwnd, DWLP_USER);
+
+ PFREE(d);
+ break;
+ }
+
+ return FALSE;
+}
+
+INT_PTR CALLBACK
+krb4_id_config_proc(HWND hwnd,
+ UINT uMsg,
+ WPARAM wParam,
+ LPARAM lParam) {
+ switch(uMsg) {
+ case WM_INITDIALOG:
+ {
+ wchar_t idname[KCDB_IDENT_MAXCCH_NAME];
+ khm_size cb;
+ khui_config_init_data * d;
+ khm_handle ident = NULL;
+ khm_int32 gettix = 0;
+ khm_int32 flags = 0;
+
+ d = (khui_config_init_data *) lParam;
+
+ khc_read_int32(csp_params, L"Krb4NewCreds", &gettix);
+ if (gettix == 0)
+ goto set_ui;
+
+ *idname = 0;
+ cb = sizeof(idname);
+ khui_cfg_get_name(d->ctx_node, idname, &cb);
+
+ kcdb_identity_create(idname, 0, &ident);
+
+ if (ident == NULL) {
+ gettix = 0;
+ goto set_ui;
+ }
+
+ kcdb_identity_get_flags(ident, &flags);
+
+ kcdb_identity_release(ident);
+
+ if (!(flags & KCDB_IDENT_FLAG_DEFAULT))
+ gettix = 0;
+
+ set_ui:
+ CheckDlgButton(hwnd, IDC_CFG_GETTIX,
+ (gettix)?BST_CHECKED: BST_UNCHECKED);
+ }
+ break;
+ }
+
+ return FALSE;
+}
+
INT_PTR CALLBACK
krb4_confg_proc(HWND hwnd,
diff --git a/src/windows/identity/plugins/krb4/krb4funcs.c b/src/windows/identity/plugins/krb4/krb4funcs.c index 8fda720b3a..7798e5c9ed 100644 --- a/src/windows/identity/plugins/krb4/krb4funcs.c +++ b/src/windows/identity/plugins/krb4/krb4funcs.c @@ -1,5 +1,5 @@ /*
-* Copyright (c) 2004 Massachusetts Institute of Technology
+* Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -78,11 +78,12 @@ int com_addr(void) long
khm_krb4_list_tickets(void)
{
+ char ptktname[MAX_PATH + 5];
char pname[ANAME_SZ];
char pinst[INST_SZ];
char prealm[REALM_SZ];
wchar_t wbuf[256];
- int k_errno;
+ int k_errno = 0;
CREDENTIALS c;
int newtickets = 0;
int open = 0;
@@ -91,6 +92,8 @@ khm_krb4_list_tickets(void) time_t tt;
FILETIME ft;
+ kcdb_credset_flush(krb4_credset);
+
// Since krb_get_tf_realm will return a ticket_file error,
// we will call tf_init and tf_close first to filter out
// things like no ticket file. Otherwise, the error that
@@ -98,7 +101,7 @@ khm_krb4_list_tickets(void) // klist: can't find realm of ticket file: No ticket file (tf_util)
// instead of klist: No ticket file (tf_util)
if (ptf_init == NULL)
- return(KSUCCESS);
+ goto collect;
com_addr();
@@ -126,6 +129,8 @@ khm_krb4_list_tickets(void) goto cleanup;
}
+ StringCchCopyA(ptktname, ARRAYLENGTH(ptktname), (*ptkt_string)());
+
open = 1;
// Get principal name and instance
@@ -147,8 +152,6 @@ khm_krb4_list_tickets(void) goto cleanup;
}
- kcdb_credset_flush(krb4_credset);
-
// Get KRB4 tickets
while ((k_errno = (*ptf_get_cred)(&c)) == KSUCCESS)
{
@@ -174,12 +177,13 @@ khm_krb4_list_tickets(void) TimetToFileTimeInterval(tt, &ft);
kcdb_cred_set_attr(cred, KCDB_ATTR_LIFETIME, &ft, sizeof(ft));
+ AnsiStrToUnicode(wbuf, sizeof(wbuf), ptktname);
+ kcdb_cred_set_attr(cred, KCDB_ATTR_LOCATION, wbuf, KCDB_CBSIZE_AUTO);
+
kcdb_credset_add_cred(krb4_credset, cred, -1);
} // while
- kcdb_credset_collect(NULL, krb4_credset, ident, credtype_id_krb4, NULL);
-
cleanup:
if (ptf_close == NULL)
return(KSUCCESS);
@@ -219,6 +223,10 @@ cleanup: MB_OK | MB_ICONERROR | MB_TASKMODAL | MB_SETFOREGROUND);
}
#endif
+
+ collect:
+ kcdb_credset_collect(NULL, krb4_credset, ident, credtype_id_krb4, NULL);
+
return k_errno;
}
@@ -227,7 +235,7 @@ cleanup: #define KRB5_FILE "KRB5.INI"
BOOL
-khm_get_profile_file(LPSTR confname, UINT szConfname)
+khm_krb5_get_profile_file(LPSTR confname, UINT szConfname)
{
char **configFile = NULL;
if (pkrb5_get_default_config_files(&configFile))
@@ -271,7 +279,7 @@ khm_get_krb4_con_file(LPSTR confname, UINT szConfname) LPSTR pFind;
//strcpy(krbConFile, CLeashApp::m_krbv5_profile->first_file->filename);
- if (khm_get_profile_file(krbConFile, sizeof(krbConFile)))
+ if (khm_krb5_get_profile_file(krbConFile, sizeof(krbConFile)))
{
GetWindowsDirectoryA(krbConFile,sizeof(krbConFile));
krbConFile[MAX_PATH-1] = '\0';
@@ -368,7 +376,7 @@ wchar_t * khm_krb5_get_realm_list(void) char krb5_conf[MAX_PATH+1];
- if (!khm_get_profile_file(krb5_conf,sizeof(krb5_conf))) {
+ if (!khm_krb5_get_profile_file(krb5_conf,sizeof(krb5_conf))) {
profile_t profile;
long retval;
const char *filenames[2];
@@ -392,7 +400,7 @@ wchar_t * khm_krb5_get_realm_list(void) }
cbsize += sizeof(wchar_t); /* double null terminated */
- rlist = malloc(cbsize);
+ rlist = PMALLOC(cbsize);
d = rlist;
for (cpp = sections; *cpp; cpp++)
{
@@ -430,7 +438,7 @@ wchar_t * khm_krb5_get_realm_list(void) /*TODO: compute the actual required buffer size instead of hardcoding */
cbsize = 16384; // arbitrary
- rlist = malloc(cbsize);
+ rlist = PMALLOC(cbsize);
d = rlist;
// Skip the default realm
@@ -493,7 +501,7 @@ wchar_t * khm_krb5_get_default_realm(void) if (def) {
cch = strlen(def) + 1;
- realm = malloc(sizeof(wchar_t) * cch);
+ realm = PMALLOC(sizeof(wchar_t) * cch);
AnsiStrToUnicode(realm, sizeof(wchar_t) * cch, def);
pkrb5_free_default_realm(ctx, def);
} else
@@ -503,3 +511,291 @@ wchar_t * khm_krb5_get_default_realm(void) return realm;
}
+
+static
+char *
+make_postfix(const char * base,
+ const char * postfix,
+ char ** rcopy)
+{
+ int base_size;
+ int ret_size;
+ char * copy = 0;
+ char * ret = 0;
+
+ base_size = (int) strlen(base) + 1;
+ ret_size = base_size + (int) strlen(postfix) + 1;
+ copy = malloc(base_size);
+ ret = malloc(ret_size);
+
+ if (!copy || !ret)
+ goto cleanup;
+
+ strncpy(copy, base, base_size);
+ copy[base_size - 1] = 0;
+
+ strncpy(ret, base, base_size);
+ strncpy(ret + (base_size - 1), postfix, ret_size - (base_size - 1));
+ ret[ret_size - 1] = 0;
+
+ cleanup:
+ if (!copy || !ret) {
+ if (copy)
+ free(copy);
+ if (ret)
+ free(ret);
+ copy = ret = 0;
+ }
+ // INVARIANT: (ret ==> copy) && (copy ==> ret)
+ *rcopy = copy;
+ return ret;
+}
+
+
+static
+long
+make_temp_cache_v4(const char * postfix)
+{
+ static char * old_cache = 0;
+
+ if (!pkrb_set_tkt_string || !ptkt_string || !pdest_tkt)
+ return 0; // XXX - is this appropriate?
+
+ if (old_cache) {
+ pdest_tkt();
+ pkrb_set_tkt_string(old_cache);
+ free(old_cache);
+ old_cache = 0;
+ }
+
+ if (postfix)
+ {
+ char * tmp_cache = make_postfix(ptkt_string(), postfix, &old_cache);
+
+ if (!tmp_cache)
+ return KFAILURE;
+
+ pkrb_set_tkt_string(tmp_cache);
+ free(tmp_cache);
+ }
+ return 0;
+}
+
+long
+khm_krb4_changepwd(char * principal,
+ char * password,
+ char * newpassword,
+ char** error_str)
+{
+ long k_errno;
+
+ if (!pkrb_set_tkt_string || !ptkt_string || !pkadm_change_your_password ||
+ !pdest_tkt)
+ return KFAILURE;
+
+ k_errno = make_temp_cache_v4("_chgpwd");
+ if (k_errno) return k_errno;
+ k_errno = pkadm_change_your_password(principal, password, newpassword,
+ error_str);
+ make_temp_cache_v4(0);
+ return k_errno;
+}
+
+long
+khm_convert524(khm_handle identity)
+{
+#ifdef NO_KRB5
+ return(0);
+#else
+ krb5_context ctx = 0;
+ krb5_error_code code = 0;
+ int icode = 0;
+ krb5_principal me = 0;
+ krb5_principal server = 0;
+ krb5_creds *v5creds = 0;
+ krb5_creds increds;
+ krb5_ccache cc = 0;
+ CREDENTIALS * v4creds = NULL;
+ static int init_ets = 1;
+
+ if (!pkrb5_init_context ||
+ !pkrb_in_tkt ||
+ !pkrb524_init_ets ||
+ !pkrb524_convert_creds_kdc)
+ return 0;
+
+ v4creds = (CREDENTIALS *) malloc(sizeof(CREDENTIALS));
+ memset((char *) v4creds, 0, sizeof(CREDENTIALS));
+
+ memset((char *) &increds, 0, sizeof(increds));
+ /*
+ From this point on, we can goto cleanup because increds is
+ initialized.
+ */
+
+ code = khm_krb5_initialize(identity, &ctx, &cc);
+ if (code)
+ goto cleanup;
+
+ if ( init_ets ) {
+ pkrb524_init_ets(ctx);
+ init_ets = 0;
+ }
+
+ if (code = pkrb5_cc_get_principal(ctx, cc, &me))
+ goto cleanup;
+
+ if ((code = pkrb5_build_principal(ctx,
+ &server,
+ krb5_princ_realm(ctx, me)->length,
+ krb5_princ_realm(ctx, me)->data,
+ "krbtgt",
+ krb5_princ_realm(ctx, me)->data,
+ NULL))) {
+ goto cleanup;
+ }
+
+ increds.client = me;
+ increds.server = server;
+ increds.times.endtime = 0;
+ increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC;
+ if ((code = pkrb5_get_credentials(ctx, 0,
+ cc,
+ &increds,
+ &v5creds))) {
+ goto cleanup;
+ }
+
+ if ((icode = pkrb524_convert_creds_kdc(ctx,
+ v5creds,
+ v4creds))) {
+ goto cleanup;
+ }
+
+ /* initialize ticket cache */
+ if ((icode = pkrb_in_tkt(v4creds->pname, v4creds->pinst, v4creds->realm)
+ != KSUCCESS)) {
+ goto cleanup;
+ }
+ /* stash ticket, session key, etc. for future use */
+ if ((icode = pkrb_save_credentials(v4creds->service,
+ v4creds->instance,
+ v4creds->realm,
+ v4creds->session,
+ v4creds->lifetime,
+ v4creds->kvno,
+ &(v4creds->ticket_st),
+ v4creds->issue_date))) {
+ goto cleanup;
+ }
+
+ cleanup:
+ memset(v4creds, 0, sizeof(v4creds));
+ free(v4creds);
+
+ if (v5creds) {
+ pkrb5_free_creds(ctx, v5creds);
+ }
+ if (increds.client == me)
+ me = 0;
+ if (increds.server == server)
+ server = 0;
+
+ if (ctx)
+ pkrb5_free_cred_contents(ctx, &increds);
+
+ if (server) {
+ pkrb5_free_principal(ctx, server);
+ }
+
+ if (me) {
+ pkrb5_free_principal(ctx, me);
+ }
+
+ if (ctx && cc)
+ pkrb5_cc_close(ctx, cc);
+
+ if (ctx) {
+ pkrb5_free_context(ctx);
+ }
+
+ return (code || icode);
+#endif /* NO_KRB5 */
+}
+
+long
+khm_krb4_kinit(char * aname,
+ char * inst,
+ char * realm,
+ long lifetime,
+ char * password) {
+
+ wchar_t * functionName = NULL;
+ wchar_t * err_context = NULL;
+ int rc4 = 0;
+ int msg = 0;
+
+ if (pkname_parse == NULL) {
+ goto cleanup;
+ }
+
+ err_context = L"getting realm";
+ if (!*realm && (rc4 = (int)(*pkrb_get_lrealm)(realm, 1))) {
+ functionName = L"krb_get_lrealm()";
+ msg = IDS_ERR_REALM;
+ goto cleanup;
+ }
+
+ err_context = L"checking principal";
+ if ((!*aname) || (!(rc4 = (int)(*pk_isname)(aname)))) {
+ functionName = L"krb_get_lrealm()";
+ msg = IDS_ERR_PRINCIPAL;
+ goto cleanup;
+ }
+
+ /* optional instance */
+ if (!(rc4 = (int)(*pk_isinst)(inst))) {
+ functionName = L"k_isinst()";
+ msg = IDS_ERR_INVINST;
+ goto cleanup;
+ }
+
+ if (!(rc4 = (int)(*pk_isrealm)(realm))) {
+ functionName = L"k_isrealm()";
+ msg = IDS_ERR_REALM;
+ goto cleanup;
+ }
+
+ err_context = L"fetching ticket";
+ rc4 = (*pkrb_get_pw_in_tkt)(aname, inst, realm, "krbtgt", realm,
+ lifetime, password);
+
+ if (rc4) /* XXX: do we want: && (rc != NO_TKT_FIL) as well? */ {
+ functionName = L"krb_get_pw_in_tkt()";
+ msg = IDS_ERR_PWINTKT;
+ goto cleanup;
+ }
+
+ return 0;
+
+ cleanup:
+ {
+ _report_sr0(KHERR_ERROR, msg);
+ _location(functionName);
+ }
+ return rc4;
+}
+
+
+int khm_krb4_kdestroy(void) {
+ int k_errno = 0;
+
+ if (pdest_tkt != NULL)
+ {
+ k_errno = (*pdest_tkt)();
+ if (k_errno && (k_errno != RET_TKFIL))
+ return KRBERR(k_errno);
+ }
+
+ return k_errno;
+}
diff --git a/src/windows/identity/plugins/krb4/krb4funcs.h b/src/windows/identity/plugins/krb4/krb4funcs.h index ea97358b9f..742036878f 100644 --- a/src/windows/identity/plugins/krb4/krb4funcs.h +++ b/src/windows/identity/plugins/krb4/krb4funcs.h @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -48,93 +48,21 @@ #define KRB5_DEFAULT_LIFE 60*60*10 /* 10 hours */
-// Function Prototypes.
-BOOL khm_krb5_ms2mit(BOOL);
-
-int
-khm_krb5_kinit(krb5_context alt_ctx,
- char * principal_name,
- char * password,
- krb5_deltat lifetime,
- DWORD forwardable,
- DWORD proxiable,
- krb5_deltat renew_life,
- DWORD addressless,
- DWORD publicIP,
- krb5_prompter_fct prompter,
- void * p_data
- );
-
-long
-Leash_int_kinit_ex(
- krb5_context ctx,
- HWND hParent,
- char * principal,
- char * password,
- int lifetime,
- int forwardable,
- int proxiable,
- int renew_life,
- int addressless,
- unsigned long publicIP,
- int displayErrors
- );
long
-Leash_int_checkpwd(
- char * principal,
- char * password,
- int displayErrors
- );
-
-long
-Leash_int_changepwd(
- char * principal,
- char * password,
- char * newpassword,
- char** result_string,
- int displayErrors
- );
-
-int
-Leash_krb5_kdestroy(
- void
- );
-
-int
-Leash_krb5_kinit(
- krb5_context,
- HWND hParent,
- char * principal_name,
- char * password,
- krb5_deltat lifetime,
- DWORD forwardable,
- DWORD proxiable,
- krb5_deltat renew_life,
- DWORD addressless,
- DWORD publicIP
- );
+khm_convert524(khm_handle identity);
long
-khm_convert524(
- krb5_context ctx
- );
-
-int
-Leash_afs_unlog(
- void
- );
+khm_krb4_kinit(char * aname,
+ char * inst,
+ char * realm,
+ long lifetime,
+ char * password);
-int
-Leash_afs_klog(
- char *,
- char *,
- char *,
- int
- );
+long
+khm_krb4_list_tickets(void);
-int
-LeashKRB5_renew(void);
+int khm_krb4_kdestroy(void);
LONG
write_registry_setting(
@@ -180,11 +108,7 @@ config_boolean_to_int( const char *s
);
-
wchar_t * khm_krb5_get_default_realm(void);
wchar_t * khm_krb5_get_realm_list(void);
-long khm_krb5_list_tickets(krb5_context *krbv5Context);
-long khm_krb4_list_tickets(void);
-
#endif
diff --git a/src/windows/identity/plugins/krb4/main.c b/src/windows/identity/plugins/krb4/krb4main.c index 60ceb7f83c..b83cd5eb42 100644 --- a/src/windows/identity/plugins/krb4/main.c +++ b/src/windows/identity/plugins/krb4/krb4main.c @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -39,8 +39,6 @@ khm_int32 attr_id_key_enctype = -1; khm_int32 attr_id_tkt_enctype = -1;
khm_int32 attr_id_addr_list = -1;
khm_int32 attr_id_krb5_flags = -1;
-khm_int32 attr_id_renew_till = -1;
-khm_int32 attr_id_renew_for = -1;
khm_handle csp_plugins = NULL;
khm_handle csp_krbcred = NULL;
@@ -91,44 +89,6 @@ KHMEXP khm_int32 KHMAPI init_module(kmm_module h_module) { if(KHM_FAILED(rv = init_error_funcs()))
goto _exit;
- /* Lookup common data types */
- if(KHM_FAILED(kcdb_type_get_id(TYPENAME_ENCTYPE, &type_id_enctype))) {
- goto _exit;
- }
-
- if(KHM_FAILED(kcdb_type_get_id(TYPENAME_ADDR_LIST, &type_id_addr_list))) {
- goto _exit;
- }
-
- if(KHM_FAILED(kcdb_type_get_id(TYPENAME_KRB5_FLAGS, &type_id_krb5_flags))) {
- goto _exit;
- }
-
- /* Lookup common attributes */
- if(KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_KEY_ENCTYPE, &attr_id_key_enctype))) {
- goto _exit;
- }
-
- if(KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_TKT_ENCTYPE, &attr_id_tkt_enctype))) {
- goto _exit;
- }
-
- if(KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_ADDR_LIST, &attr_id_addr_list))) {
- goto _exit;
- }
-
- if(KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_KRB5_FLAGS, &attr_id_krb5_flags))) {
- goto _exit;
- }
-
- if(KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_RENEW_TILL, &attr_id_renew_till))) {
- goto _exit;
- }
-
- if(KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_RENEW_FOR, &attr_id_renew_for))) {
- goto _exit;
- }
-
rv = kmm_get_plugins_config(0, &csp_plugins);
if(KHM_FAILED(rv)) goto _exit;
diff --git a/src/windows/identity/plugins/krb4/krb4newcreds.c b/src/windows/identity/plugins/krb4/krb4newcreds.c new file mode 100644 index 0000000000..fdbe304fa0 --- /dev/null +++ b/src/windows/identity/plugins/krb4/krb4newcreds.c @@ -0,0 +1,657 @@ +/*
+ * Copyright (c) 2005 Massachusetts Institute of Technology
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use, copy,
+ * modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+/* $Id$ */
+
+#include<krbcred.h>
+#include<kherror.h>
+#include<khmsgtypes.h>
+#include<khuidefs.h>
+#include<utils.h>
+#include<commctrl.h>
+#include<strsafe.h>
+#include<krb5.h>
+#include<assert.h>
+
+#define K4_METHOD_AUTO 0
+#define K4_METHOD_PASSWORD 1
+#define K4_METHOD_K524 2
+
+int method_to_id[] = {
+ IDC_NCK4_AUTO,
+ IDC_NCK4_PWD,
+ IDC_NCK4_K524
+};
+
+typedef struct tag_k4_dlg_data {
+ HWND hwnd;
+ khui_new_creds * nc;
+ khui_new_creds_by_type * nct;
+
+ khm_boolean k4_enabled;
+ khm_int32 method;
+ time_t lifetime;
+} k4_dlg_data;
+
+void k4_update_display(k4_dlg_data * d) {
+ CheckDlgButton(d->hwnd, IDC_NCK4_OBTAIN,
+ (d->k4_enabled)?BST_CHECKED: BST_UNCHECKED);
+
+ if (d->k4_enabled) {
+ EnableWindow(GetDlgItem(d->hwnd, IDC_NCK4_AUTO), TRUE);
+ EnableWindow(GetDlgItem(d->hwnd, IDC_NCK4_PWD ), TRUE);
+ EnableWindow(GetDlgItem(d->hwnd, IDC_NCK4_K524), TRUE);
+ } else {
+ EnableWindow(GetDlgItem(d->hwnd, IDC_NCK4_AUTO), FALSE);
+ EnableWindow(GetDlgItem(d->hwnd, IDC_NCK4_PWD ), FALSE);
+ EnableWindow(GetDlgItem(d->hwnd, IDC_NCK4_K524), FALSE);
+ }
+
+ CheckRadioButton(d->hwnd, IDC_NCK4_AUTO, IDC_NCK4_K524,
+ method_to_id[d->method]);
+}
+
+void k4_update_data(k4_dlg_data * d) {
+ int i;
+ khm_boolean oldstate;
+
+ oldstate = d->k4_enabled;
+
+ if (IsDlgButtonChecked(d->hwnd, IDC_NCK4_OBTAIN) == BST_CHECKED)
+ d->k4_enabled = TRUE;
+ else
+ d->k4_enabled = FALSE;
+
+ if ((oldstate && !d->k4_enabled) ||
+ (!oldstate && d->k4_enabled)) {
+
+ khui_cw_enable_type(d->nc, credtype_id_krb4, d->k4_enabled);
+ }
+
+ d->method = 0;
+
+ for (i=K4_METHOD_AUTO; i<=K4_METHOD_K524; i++) {
+ if (IsDlgButtonChecked(d->hwnd, method_to_id[i]) == BST_CHECKED) {
+ d->method = i;
+ break;
+ }
+ }
+}
+
+void k4_read_identity_data(k4_dlg_data * d) {
+ khm_handle csp_ident = NULL;
+ khm_handle csp_k4 = NULL;
+
+ khm_int32 idflags = 0;
+ khm_int32 t;
+
+ if (KHM_SUCCEEDED(khc_read_int32(csp_params, L"Krb4NewCreds", &t)))
+ d->k4_enabled = !!t;
+ else
+ d->k4_enabled = TRUE;
+
+ if (KHM_SUCCEEDED(khc_read_int32(csp_params, L"Krb4Method", &t)))
+ d->method = t;
+ else
+ d->method = K4_METHOD_AUTO;
+
+ if (KHM_SUCCEEDED(khc_read_int32(csp_params, L"DefaultLifetime", &t)))
+ d->lifetime = t;
+ else
+ d->lifetime = 10 * 60 * 60; /* 10 hours */
+
+ if (d->nc->n_identities > 0 &&
+ d->nc->identities[0]) {
+
+ if (KHM_SUCCEEDED(kcdb_identity_get_config(d->nc->identities[0],
+ 0,
+ &csp_ident))) {
+
+ khc_open_space(csp_ident, CSNAME_KRB4CRED, 0, &csp_k4);
+
+ if (csp_k4) {
+ if (KHM_SUCCEEDED(khc_read_int32(csp_k4, L"Krb4NewCreds", &t)))
+ d->k4_enabled = !!t;
+ if (KHM_SUCCEEDED(khc_read_int32(csp_k4, L"Krb4Method", &t)))
+ d->method = t;
+ khc_close_space(csp_k4);
+ }
+
+ khc_close_space(csp_ident);
+
+ kcdb_identity_get_flags(d->nc->identities[0], &idflags);
+ }
+
+ if (!(idflags & KCDB_IDENT_FLAG_DEFAULT)) {
+ /* we only support k4 for one identity, and that is the
+ default identity. If we are trying to get tickets for
+ a non-default identity, then we start off as
+ disabled. */
+
+ khm_handle defident = NULL;
+
+ if (KHM_SUCCEEDED(kcdb_identity_get_default(&defident))) {
+ kcdb_identity_release(defident);
+
+ d->k4_enabled = FALSE;
+ }
+ }
+ } else {
+ d->k4_enabled = FALSE;
+ }
+
+ if (d->method < 0 || d->method > K4_METHOD_K524)
+ d->method = K4_METHOD_AUTO;
+}
+
+void k4_write_identity_data(k4_dlg_data * d) {
+ khm_handle csp_ident = NULL;
+ khm_handle csp_k4 = NULL;
+
+ if (d->nc->n_identities > 0 &&
+ d->nc->identities[0] &&
+ KHM_SUCCEEDED(kcdb_identity_get_config(d->nc->identities[0],
+ KHM_FLAG_CREATE,
+ &csp_ident))) {
+ khc_open_space(csp_ident, CSNAME_KRB4CRED, KHM_FLAG_CREATE, &csp_k4);
+
+ if (csp_k4) {
+ khc_write_int32(csp_k4, L"Krb4NewCreds", !!d->k4_enabled);
+ khc_write_int32(csp_k4, L"Krb4Method", d->method);
+
+ khc_close_space(csp_k4);
+ }
+
+ khc_close_space(csp_ident);
+ }
+}
+
+void k4_handle_wmnc_notify(k4_dlg_data * d,
+ WPARAM wParam,
+ LPARAM lParam) {
+ switch(HIWORD(wParam)) {
+ case WMNC_UPDATE_CREDTEXT:
+ {
+ if (d->nct->credtext) {
+ PFREE(d->nct->credtext);
+ d->nct->credtext = NULL;
+ }
+
+ if (d->nc->n_identities > 0 &&
+ d->nc->identities[0]) {
+
+ khm_int32 flags = 0;
+ wchar_t idname[KCDB_IDENT_MAXCCH_NAME];
+ wchar_t * atsign;
+ wchar_t * realm;
+ khm_size cb;
+
+ kcdb_identity_get_flags(d->nc->identities[0], &flags);
+
+ if (flags & KCDB_IDENT_FLAG_INVALID)
+ break;
+
+ cb = sizeof(idname);
+ kcdb_identity_get_name(d->nc->identities[0], idname,
+ &cb);
+
+ atsign = wcsrchr(idname, L'@');
+
+ if (atsign == NULL || !atsign[1])
+ break;
+
+ realm = ++atsign;
+
+ if (d->k4_enabled) {
+ wchar_t wmethod[128];
+ wchar_t wfmt[128];
+ wchar_t wct[512];
+
+ LoadString(hResModule, IDS_CT_TGTFOR,
+ wfmt, ARRAYLENGTH(wfmt));
+
+ if (d->method == K4_METHOD_AUTO)
+ LoadString(hResModule, IDS_METHOD_AUTO, wmethod,
+ ARRAYLENGTH(wmethod));
+ else if (d->method == K4_METHOD_PASSWORD)
+ LoadString(hResModule, IDS_METHOD_PWD, wmethod,
+ ARRAYLENGTH(wmethod));
+ else if (d->method == K4_METHOD_K524)
+ LoadString(hResModule, IDS_METHOD_K524, wmethod,
+ ARRAYLENGTH(wmethod));
+ else {
+ assert(FALSE);
+ }
+
+ StringCbPrintf(wct, sizeof(wct), wfmt, realm, wmethod);
+
+ StringCbLength(wct, sizeof(wct), &cb);
+ cb += sizeof(wchar_t);
+
+ d->nct->credtext = PMALLOC(cb);
+
+ StringCbCopy(d->nct->credtext, cb, wct);
+ } else {
+ wchar_t wct[256];
+
+ LoadString(hResModule, IDS_CT_DISABLED,
+ wct, ARRAYLENGTH(wct));
+
+ StringCbLength(wct, sizeof(wct), &cb);
+ cb += sizeof(wchar_t);
+
+ d->nct->credtext = PMALLOC(cb);
+
+ StringCbCopy(d->nct->credtext, cb, wct);
+ }
+ }
+ /* no identities were selected. it is not the
+ responsibility of krb4 to complain about this. */
+ }
+ break;
+
+ case WMNC_IDENTITY_CHANGE:
+ k4_read_identity_data(d);
+ k4_update_display(d);
+ break;
+
+ case WMNC_CREDTEXT_LINK:
+ {
+ wchar_t wid[KHUI_MAXCCH_HTLINK_FIELD];
+ wchar_t * wids;
+ khui_htwnd_link * l;
+
+ l = (khui_htwnd_link *) lParam;
+
+ wcsncpy(wid, l->id, l->id_len);
+ wid[l->id_len] = 0;
+ wids = wcschr(wid, L':');
+
+ if (!wids)
+ break;
+ else
+ wids++;
+
+ if (!wcscmp(wids, L"Enable")) {
+ d->k4_enabled = TRUE;
+
+ k4_update_display(d);
+ khui_cw_enable_type(d->nc, credtype_id_krb4, TRUE);
+ }
+ }
+ break;
+ }
+}
+
+INT_PTR CALLBACK k4_nc_dlg_proc(HWND hwnd,
+ UINT uMsg,
+ WPARAM wParam,
+ LPARAM lParam) {
+
+ k4_dlg_data * d;
+
+ switch(uMsg) {
+ case WM_INITDIALOG:
+ {
+ d = PMALLOC(sizeof(*d));
+ ZeroMemory(d, sizeof(*d));
+
+ d->nc = (khui_new_creds *) lParam;
+ khui_cw_find_type(d->nc, credtype_id_krb4, &d->nct);
+
+#pragma warning(push)
+#pragma warning(disable: 4244)
+ SetWindowLongPtr(hwnd, DWLP_USER, (LPARAM) d);
+#pragma warning(pop)
+
+ d->nct->aux = (LPARAM) d;
+ d->hwnd = hwnd;
+
+ d->k4_enabled = TRUE;
+ d->method = K4_METHOD_AUTO;
+
+ k4_update_display(d);
+ }
+ break;
+
+ case WM_COMMAND:
+ {
+ d = (k4_dlg_data *) (LONG_PTR)
+ GetWindowLongPtr(hwnd, DWLP_USER);
+
+ k4_update_data(d);
+ k4_update_display(d);
+ }
+ break;
+
+ case KHUI_WM_NC_NOTIFY:
+ {
+ d = (k4_dlg_data *) (LONG_PTR)
+ GetWindowLongPtr(hwnd, DWLP_USER);
+ k4_handle_wmnc_notify(d, wParam, lParam);
+ }
+ break;
+
+ case WM_DESTROY:
+ {
+ d = (k4_dlg_data *) (LONG_PTR)
+ GetWindowLongPtr(hwnd, DWLP_USER);
+
+ d->nct->aux = 0;
+
+ PFREE(d);
+ }
+ break;
+ }
+
+ return FALSE;
+}
+
+khm_int32
+krb4_msg_newcred(khm_int32 msg_type, khm_int32 msg_subtype,
+ khm_ui_4 uparam, void * vparam) {
+
+ switch(msg_subtype) {
+ case KMSG_CRED_NEW_CREDS:
+ {
+ khui_new_creds * nc;
+ khui_new_creds_by_type * nct;
+ khm_size cbsize;
+ wchar_t wbuf[256];
+
+ nc = (khui_new_creds *) vparam;
+
+ nct = PMALLOC(sizeof(*nct));
+#ifdef DEBUG
+ assert(nct);
+#endif
+ ZeroMemory(nct, sizeof(*nct));
+
+ nct->type = credtype_id_krb4;
+ nct->ordinal = 3;
+ LoadString(hResModule, IDS_NC_K4_SHORT,
+ wbuf, ARRAYLENGTH(wbuf));
+ StringCbLength(wbuf, sizeof(wbuf), &cbsize);
+ cbsize += sizeof(wchar_t);
+
+ nct->name = PMALLOC(cbsize);
+ StringCbCopy(nct->name, cbsize, wbuf);
+
+ nct->type_deps[nct->n_type_deps++] = credtype_id_krb5;
+
+ nct->h_module = hResModule;
+ nct->dlg_proc = k4_nc_dlg_proc;
+ nct->dlg_template = MAKEINTRESOURCE(IDD_NC_KRB4);
+
+ khui_cw_add_type(nc, nct);
+ }
+ break;
+
+ case KMSG_CRED_RENEW_CREDS:
+ {
+ khui_new_creds * nc;
+ khui_new_creds_by_type * nct;
+ khm_size cbsize;
+ wchar_t wbuf[256];
+
+ nc = (khui_new_creds *) vparam;
+
+ nct = PMALLOC(sizeof(*nct));
+#ifdef DEBUG
+ assert(nct);
+#endif
+
+ ZeroMemory(nct, sizeof(*nct));
+
+ nct->type = credtype_id_krb4;
+ nct->ordinal = 3;
+ LoadString(hResModule, IDS_NC_K4_SHORT,
+ wbuf, ARRAYLENGTH(wbuf));
+ StringCbLength(wbuf, sizeof(wbuf), &cbsize);
+ cbsize += sizeof(wchar_t);
+
+ nct->name = PMALLOC(cbsize);
+ StringCbCopy(nct->name, cbsize, wbuf);
+
+ nct->type_deps[nct->n_type_deps++] = credtype_id_krb5;
+
+ khui_cw_add_type(nc, nct);
+ }
+ break;
+
+ case KMSG_CRED_DIALOG_SETUP:
+ break;
+
+ case KMSG_CRED_PROCESS:
+ {
+ khui_new_creds * nc;
+ khui_new_creds_by_type * nct = NULL;
+ khm_handle ident = NULL;
+ k4_dlg_data * d = NULL;
+ long code = 0;
+
+ nc = (khui_new_creds *) vparam;
+ if (KHM_FAILED(khui_cw_find_type(nc, credtype_id_krb4, &nct)))
+ break;
+
+ if (nc->subtype == KMSG_CRED_NEW_CREDS ||
+ nc->subtype == KMSG_CRED_RENEW_CREDS) {
+ khm_int32 method;
+
+ if (nc->subtype == KMSG_CRED_NEW_CREDS) {
+
+ d = (k4_dlg_data *) nct->aux;
+ if (!d ||
+ nc->n_identities == 0 ||
+ nc->identities[0] == NULL ||
+ nc->result != KHUI_NC_RESULT_GET_CREDS)
+ break;
+
+ if (!d->k4_enabled) {
+ k4_write_identity_data(d);
+ break;
+ }
+
+ method = d->method;
+ ident = nc->identities[0];
+
+ } else if (nc->subtype == KMSG_CRED_RENEW_CREDS) {
+
+ if ((nc->ctx.scope == KHUI_SCOPE_IDENT &&
+ nc->ctx.identity != NULL) ||
+
+ (nc->ctx.scope == KHUI_SCOPE_CREDTYPE &&
+ nc->ctx.cred_type == credtype_id_krb4 &&
+ nc->ctx.identity != NULL) ||
+
+ (nc->ctx.scope == KHUI_SCOPE_CRED &&
+ nc->ctx.cred_type == credtype_id_krb4 &&
+ nc->ctx.identity != NULL &&
+ nc->ctx.cred != NULL)) {
+
+ ident = nc->ctx.identity;
+
+ } else {
+ break;
+ }
+
+ method = K4_METHOD_K524; /* only k524 is supported
+ for renewals */
+ } else {
+ assert(FALSE);
+ }
+
+ if ((method == K4_METHOD_AUTO ||
+ method == K4_METHOD_K524) &&
+ khui_cw_type_succeeded(nc, credtype_id_krb5)) {
+
+ code = khm_convert524(ident);
+
+ if (code == 0) {
+ khui_cw_set_response(nc, credtype_id_krb4,
+ KHUI_NC_RESPONSE_SUCCESS |
+ KHUI_NC_RESPONSE_EXIT);
+
+ if (nc->subtype == KMSG_CRED_NEW_CREDS) {
+ assert(d != NULL);
+
+ k4_write_identity_data(d);
+ }
+ break;
+ } else if (method == K4_METHOD_K524) {
+ khui_cw_set_response(nc, credtype_id_krb4,
+ KHUI_NC_RESPONSE_FAILED |
+ KHUI_NC_RESPONSE_EXIT);
+ break;
+ }
+ }
+
+ /* only supported for new credentials */
+ if (method == K4_METHOD_AUTO ||
+ method == K4_METHOD_PASSWORD) {
+
+ khm_size n_prompts = 0;
+ khm_size idx;
+ khm_size cb;
+ wchar_t wpwd[KHUI_MAXCCH_PROMPT_VALUE];
+ char pwd[KHUI_MAXCCH_PROMPT_VALUE];
+ wchar_t widname[KCDB_IDENT_MAXCCH_NAME];
+ char idname[KCDB_IDENT_MAXCCH_NAME];
+
+ char * aname = NULL;
+ char * inst = NULL;
+ char * realm = NULL;
+
+ assert(nc->subtype == KMSG_CRED_NEW_CREDS);
+
+ code = TRUE; /* just has to be non-zero */
+
+ khui_cw_get_prompt_count(nc, &n_prompts);
+
+ if (n_prompts == 0)
+ goto _skip_pwd;
+
+ for (idx = 0; idx < n_prompts; idx++) {
+ khui_new_creds_prompt * p;
+
+ if (KHM_FAILED(khui_cw_get_prompt(nc, idx, &p)))
+ continue;
+
+ if (p->type == KHUI_NCPROMPT_TYPE_PASSWORD)
+ break;
+ }
+
+ if (idx >= n_prompts)
+ goto _skip_pwd;
+
+ khui_cw_sync_prompt_values(nc);
+
+ cb = sizeof(wpwd);
+ if (KHM_FAILED(khui_cw_get_prompt_value(nc, idx,
+ wpwd,
+ &cb)))
+ goto _skip_pwd;
+
+ UnicodeStrToAnsi(pwd, sizeof(pwd), wpwd);
+
+ cb = sizeof(widname);
+ kcdb_identity_get_name(ident,
+ widname,
+ &cb);
+
+ UnicodeStrToAnsi(idname, sizeof(idname), widname);
+
+ {
+ char * atsign;
+
+ atsign = strchr(idname, '@');
+ if (atsign == NULL)
+ goto _skip_pwd;
+
+ *atsign++ = 0;
+
+ realm = atsign;
+ }
+
+ {
+ char * slash;
+
+ slash = strchr(idname, '/');
+ if (slash != NULL) {
+ *slash++ = 0;
+ inst = slash;
+ } else {
+ inst = "";
+ }
+ }
+
+ aname = idname;
+
+ code = khm_krb4_kinit(aname, inst, realm,
+ (long) d->lifetime, pwd);
+ _skip_pwd:
+
+ if (code) {
+ khui_cw_set_response(nc, credtype_id_krb4,
+ KHUI_NC_RESPONSE_EXIT |
+ KHUI_NC_RESPONSE_FAILED);
+
+ } else {
+ khui_cw_set_response(nc, credtype_id_krb4,
+ KHUI_NC_RESPONSE_EXIT |
+ KHUI_NC_RESPONSE_SUCCESS);
+
+ if (nc->subtype == KMSG_CRED_NEW_CREDS) {
+
+ assert(d != NULL);
+ k4_write_identity_data(d);
+
+ }
+ }
+ }
+ }
+ }
+ break;
+
+ case KMSG_CRED_END:
+ {
+ khui_new_creds * nc;
+ khui_new_creds_by_type * nct = NULL;
+
+ nc = (khui_new_creds *) vparam;
+ if (KHM_FAILED(khui_cw_find_type(nc, credtype_id_krb4, &nct)))
+ break;
+
+ khui_cw_del_type(nc, credtype_id_krb4);
+
+ if (nct->name)
+ PFREE(nct->name);
+
+ PFREE(nct);
+ }
+ break;
+ }
+
+ return KHM_ERROR_SUCCESS;
+}
diff --git a/src/windows/identity/plugins/krb4/krb4plugin.c b/src/windows/identity/plugins/krb4/krb4plugin.c index 106febac00..23f913bd9b 100644 --- a/src/windows/identity/plugins/krb4/krb4plugin.c +++ b/src/windows/identity/plugins/krb4/krb4plugin.c @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -28,11 +28,14 @@ #include<kherror.h>
#include<khmsgtypes.h>
#include<khuidefs.h>
+#include<utils.h>
#include<commctrl.h>
#include<strsafe.h>
#include<krb5.h>
khm_int32 credtype_id_krb4 = KCDB_CREDTYPE_INVALID;
+khm_int32 credtype_id_krb5 = KCDB_CREDTYPE_INVALID;
+
khm_boolean krb4_initialized = FALSE;
khm_handle krb4_credset = NULL;
@@ -64,7 +67,7 @@ krb4_msg_system(khm_int32 msg_type, khm_int32 msg_subtype, {
StringCbLength(buf, KCDB_MAXCB_SHORT_DESC, &cbsize);
cbsize += sizeof(wchar_t);
- ct.short_desc = malloc(cbsize);
+ ct.short_desc = PMALLOC(cbsize);
StringCbCopy(ct.short_desc, cbsize, buf);
}
@@ -76,7 +79,7 @@ krb4_msg_system(khm_int32 msg_type, khm_int32 msg_subtype, {
StringCbLength(buf, KCDB_MAXCB_SHORT_DESC, &cbsize);
cbsize += sizeof(wchar_t);
- ct.long_desc = malloc(cbsize);
+ ct.long_desc = PMALLOC(cbsize);
StringCbCopy(ct.long_desc, cbsize, buf);
}
@@ -88,34 +91,116 @@ krb4_msg_system(khm_int32 msg_type, khm_int32 msg_subtype, if(KHM_SUCCEEDED(rv))
rv = kcdb_credset_create(&krb4_credset);
+ if (KHM_SUCCEEDED(rv))
+ rv = kcdb_credtype_get_id(KRB5_CREDTYPE_NAME,
+ &credtype_id_krb5);
+
if(ct.short_desc)
- free(ct.short_desc);
+ PFREE(ct.short_desc);
if(ct.long_desc)
- free(ct.long_desc);
+ PFREE(ct.long_desc);
+
+ if (KHM_SUCCEEDED(rv)) {
+ khui_config_node idents;
+
+ ZeroMemory(®, sizeof(reg));
+
+ reg.name = KRB4_CONFIG_NODE_NAME;
+ reg.short_desc = wshort_desc;
+ reg.long_desc = wlong_desc;
+ reg.h_module = hResModule;
+ reg.dlg_template = MAKEINTRESOURCE(IDD_CFG_KRB4);
+ reg.dlg_proc = krb4_confg_proc;
+ reg.flags = 0;
+
+ LoadString(hResModule, IDS_CFG_KRB4_LONG,
+ wlong_desc, ARRAYLENGTH(wlong_desc));
+ LoadString(hResModule, IDS_CFG_KRB4_SHORT,
+ wshort_desc, ARRAYLENGTH(wshort_desc));
+
+ khui_cfg_register(NULL, ®);
+
+ khui_cfg_open(NULL, L"KhmIdentities", &idents);
+
+ ZeroMemory(®, sizeof(reg));
+
+ reg.name = KRB4_IDS_CONFIG_NODE_NAME;
+ reg.short_desc = wshort_desc;
+ reg.long_desc = wlong_desc;
+ reg.h_module = hResModule;
+ reg.dlg_template = MAKEINTRESOURCE(IDD_CFG_IDS_KRB4);
+ reg.dlg_proc = krb4_ids_config_proc;
+ reg.flags = KHUI_CNFLAG_SUBPANEL;
+
+ LoadString(hResModule, IDS_CFG_KRB4_SHORT,
+ wlong_desc, ARRAYLENGTH(wlong_desc));
+ LoadString(hResModule, IDS_CFG_KRB4_SHORT,
+ wshort_desc, ARRAYLENGTH(wshort_desc));
+
+ khui_cfg_register(idents, ®);
- ZeroMemory(®, sizeof(reg));
+ ZeroMemory(®, sizeof(reg));
- reg.name = KRB4_CONFIG_NODE_NAME;
- reg.short_desc = wshort_desc;
- reg.long_desc = wlong_desc;
- reg.h_module = hResModule;
- reg.dlg_template = MAKEINTRESOURCE(IDD_CFG_KRB4);
- reg.dlg_proc = krb4_confg_proc;
- reg.flags = 0;
+ reg.name = KRB4_ID_CONFIG_NODE_NAME;
+ reg.short_desc = wshort_desc;
+ reg.long_desc = wlong_desc;
+ reg.h_module = hResModule;
+ reg.dlg_template = MAKEINTRESOURCE(IDD_CFG_ID_KRB4);
+ reg.dlg_proc = krb4_id_config_proc;
+ reg.flags = KHUI_CNFLAG_SUBPANEL | KHUI_CNFLAG_PLURAL;
- LoadString(hResModule, IDS_CFG_KRB4_LONG,
- wlong_desc, ARRAYLENGTH(wlong_desc));
- LoadString(hResModule, IDS_CFG_KRB4_SHORT,
- wshort_desc, ARRAYLENGTH(wshort_desc));
+ LoadString(hResModule, IDS_CFG_KRB4_SHORT,
+ wlong_desc, ARRAYLENGTH(wlong_desc));
+ LoadString(hResModule, IDS_CFG_KRB4_SHORT,
+ wshort_desc, ARRAYLENGTH(wshort_desc));
- khui_cfg_register(NULL, ®);
+ khui_cfg_register(idents, ®);
+
+ khui_cfg_release(idents);
- if(KHM_SUCCEEDED(rv)) {
krb4_initialized = TRUE;
khm_krb4_list_tickets();
}
+
+ /* Lookup common data types */
+ if(KHM_FAILED(kcdb_type_get_id(TYPENAME_ENCTYPE,
+ &type_id_enctype))) {
+ rv = KHM_ERROR_UNKNOWN;
+ }
+
+ if(KHM_FAILED(kcdb_type_get_id(TYPENAME_ADDR_LIST,
+ &type_id_addr_list))) {
+ rv = KHM_ERROR_UNKNOWN;
+ }
+
+ if(KHM_FAILED(kcdb_type_get_id(TYPENAME_KRB5_FLAGS,
+ &type_id_krb5_flags))) {
+ rv = KHM_ERROR_UNKNOWN;
+ }
+
+ /* Lookup common attributes */
+ if(KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_KEY_ENCTYPE,
+ &attr_id_key_enctype))) {
+ rv = KHM_ERROR_UNKNOWN;
+ }
+
+ if(KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_TKT_ENCTYPE,
+ &attr_id_tkt_enctype))) {
+ rv = KHM_ERROR_UNKNOWN;
+ }
+
+ if(KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_ADDR_LIST,
+ &attr_id_addr_list))) {
+ rv = KHM_ERROR_UNKNOWN;
+ }
+
+ if(KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_KRB5_FLAGS,
+ &attr_id_krb5_flags))) {
+ rv = KHM_ERROR_UNKNOWN;
+ }
+
}
break;
@@ -140,11 +225,47 @@ krb4_msg_cred(khm_int32 msg_type, khm_int32 msg_subtype, khm_int32 rv = KHM_ERROR_SUCCESS;
switch(msg_subtype) {
- case KMSG_CRED_REFRESH:
- {
- khm_krb4_list_tickets();
+ case KMSG_CRED_REFRESH:
+ {
+ khm_krb4_list_tickets();
+ }
+ break;
+
+ case KMSG_CRED_DESTROY_CREDS:
+ {
+ khui_action_context * ctx;
+ khm_handle credset;
+ khm_size nc_root = 0;
+ khm_size nc_sel = 0;
+
+ ctx = (khui_action_context *) vparam;
+
+ /* if all krb4 tickets are selected, then we destroy all
+ of them. Otherwise, we do nothing. */
+
+ kcdb_credset_create(&credset);
+
+ kcdb_credset_extract(credset, ctx->credset,
+ NULL, credtype_id_krb4);
+ kcdb_credset_get_size(credset, &nc_sel);
+
+ kcdb_credset_flush(credset);
+
+ kcdb_credset_extract(credset, NULL,
+ NULL, credtype_id_krb4);
+ kcdb_credset_get_size(credset, &nc_root);
+
+ kcdb_credset_delete(credset);
+
+ if (nc_root == nc_sel) {
+ khm_krb4_kdestroy();
}
- break;
+ }
+ break;
+
+ default:
+ if (IS_CRED_ACQ_MSG(msg_subtype))
+ return krb4_msg_newcred(msg_type, msg_subtype, uparam, vparam);
}
return rv;
diff --git a/src/windows/identity/plugins/krb4/krbconfig.csv b/src/windows/identity/plugins/krb4/krbconfig.csv index bed0d1ccb9..9aa7cd944e 100644 --- a/src/windows/identity/plugins/krb4/krbconfig.csv +++ b/src/windows/identity/plugins/krb4/krbconfig.csv @@ -6,18 +6,11 @@ Krb4Cred,KC_SPACE,0,"Kerberos IV Credentials Provider" Type,KC_INT32,1,
Flags,KC_INT32,0,
Parameters,KC_SPACE,0,Parameters for KrbCred
+ Krb4NewCreds,KC_INT32,1,Obtain Kerberos 4 tickets
+ Krb4Method,KC_INT32,0,Method for acquiring K4 tix. 0-Auto;1-Password;2-K524
CreateMissingConfig,KC_INT32,0,Create missing configuration files
- MsLsaImport,KC_INT32,2,Automatically import MSLSA credentials
- AutoRenewTickets,KC_INT32,1,Automatically renew expiring tickets
DefaultLifetime,KC_INT32,36000,Default ticket lifetime
MaxLifetime,KC_INT32,86400,Maximum lifetime
MinLifetime,KC_INT32,60,Minimum lifetime
- Forwardable,KC_INT32,1,Obtain forwardable tickets (boolean)
- Proxiable,KC_INT32,0,Obtain proxiable tickets (boolean)
- Addressless,KC_INT32,1,Obtain addressless tickets (boolean)
- Renewable,KC_INT32,1,Obtain renewable tickets (boolean)
- DefaultRenewLifetime,KC_INT32,604800,Default renewable lifetime
- MaxRenewLifetime,KC_INT32,2592000,Maximum renewable lifetime
- MinRenewLifetime,KC_INT32,60,Maximum renewable lifetime
Parameters,KC_ENDSPACE,0,
Krb4Cred,KC_ENDSPACE,0,
diff --git a/src/windows/identity/plugins/krb4/krbcred.h b/src/windows/identity/plugins/krb4/krbcred.h index e56d114ee9..9f5d3c932e 100644 --- a/src/windows/identity/plugins/krb4/krbcred.h +++ b/src/windows/identity/plugins/krb4/krbcred.h @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -29,11 +29,11 @@ #include<windows.h>
-#include<khdefs.h>
-#include<kcreddb.h>
-#include<kmm.h>
-#include<kconfig.h>
+#define KHERR_FACILITY L"Kerberos4"
+#define KHERR_FACILITY_ID 65
+#define KHERR_HMODULE hResModule
+#include<netidmgr.h>
#include<krb4funcs.h>
#include<krb5common.h>
@@ -41,7 +41,6 @@ #include<dynimport.h>
#include<langres.h>
-#include<datarep.h>
#define TYPENAME_ENCTYPE L"EncType"
#define TYPENAME_ADDR_LIST L"AddrList"
@@ -86,8 +85,13 @@ extern khm_int32 attr_id_renew_for; #define KRB4_CREDTYPE_NAME L"Krb4Cred"
+#define KRB5_CREDTYPE_NAME L"Krb5Cred"
+
#define KRB4_CONFIG_NODE_NAME L"Krb4Config"
+#define KRB4_ID_CONFIG_NODE_NAME L"Krb4IdentConfig"
+#define KRB4_IDS_CONFIG_NODE_NAME L"Krb4IdentsConfig"
+
extern khm_handle csp_plugins;
extern khm_handle csp_krbcred;
extern khm_handle csp_params;
@@ -96,6 +100,7 @@ extern kconf_schema schema_krbconfig[]; /* other globals */
extern khm_int32 credtype_id_krb4;
+extern khm_int32 credtype_id_krb5;
extern khm_boolean krb4_initialized;
@@ -111,4 +116,20 @@ krb4_confg_proc(HWND hwnd, UINT uMsg,
WPARAM wParam,
LPARAM lParam);
+
+INT_PTR CALLBACK
+krb4_ids_config_proc(HWND hwnd,
+ UINT uMsg,
+ WPARAM wParam,
+ LPARAM lParam);
+
+INT_PTR CALLBACK
+krb4_id_config_proc(HWND hwnd,
+ UINT uMsg,
+ WPARAM wParam,
+ LPARAM lParam);
+
+khm_int32
+krb4_msg_newcred(khm_int32 msg_type, khm_int32 msg_subtype,
+ khm_ui_4 uparam, void * vparam);
#endif
diff --git a/src/windows/identity/plugins/krb4/lang/en_us/langres.rc b/src/windows/identity/plugins/krb4/lang/en_us/langres.rc index a5d62a26a4..042da77b7a 100644 --- a/src/windows/identity/plugins/krb4/lang/en_us/langres.rc +++ b/src/windows/identity/plugins/krb4/lang/en_us/langres.rc @@ -57,7 +57,18 @@ STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD | WS_SYSMENU EXSTYLE WS_EX_CONTROLPARENT
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- LTEXT "kRB4",IDC_STATIC,38,43,71,24
+ CONTROL "Kerberos 4 Ticket Options",IDC_STATIC,"Static",
+ SS_LEFTNOWORDWRAP | SS_SUNKEN | WS_GROUP,7,7,286,11
+ CONTROL "Obtain Kerberos 4 tickets",IDC_NCK4_OBTAIN,"Button",
+ BS_AUTOCHECKBOX | WS_TABSTOP,7,26,97,10
+ CONTROL "Automatically determine method",IDC_NCK4_AUTO,"Button",
+ BS_AUTORADIOBUTTON | WS_GROUP | WS_TABSTOP,23,58,119,10
+ CONTROL "Password",IDC_NCK4_PWD,"Button",BS_AUTORADIOBUTTON |
+ WS_TABSTOP,23,75,47,10
+ CONTROL "Kerberos 5 to 4 translation",IDC_NCK4_K524,"Button",
+ BS_AUTORADIOBUTTON | WS_TABSTOP,23,92,101,10
+ GROUPBOX "Obtain Kerberos 4 tickets using",IDC_STATIC,7,43,286,72,
+ WS_GROUP
END
IDD_CFG_KRB4 DIALOGEX 0, 0, 255, 182
@@ -75,6 +86,27 @@ BEGIN PUSHBUTTON "Browse...",IDC_CFG_RLMBROW,200,47,48,14
END
+IDD_CFG_IDS_KRB4 DIALOGEX 0, 0, 235, 151
+STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_SYSMENU
+EXSTYLE WS_EX_CONTROLPARENT
+FONT 8, "MS Shell Dlg", 400, 0, 0x1
+BEGIN
+ CONTROL "Obtain Kerberos 4 tickets",IDC_CFG_GETTIX,"Button",
+ BS_AUTOCHECKBOX | WS_TABSTOP,7,7,221,17
+ LTEXT "Note that, if enabled, Kerberos 4 tickets will be acquired during initial credential acquisition and during credential renewals.\n\nHowever, currently Kerberos 4 tickets can only be obtained for the default identity.",
+ IDC_STATIC,7,91,221,53,SS_SUNKEN
+END
+
+IDD_CFG_ID_KRB4 DIALOGEX 0, 0, 235, 151
+STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_SYSMENU
+EXSTYLE WS_EX_CONTROLPARENT
+FONT 8, "MS Shell Dlg", 400, 0, 0x1
+BEGIN
+ CONTROL "Obtain Kerberos 4 tickets for this identity",
+ IDC_CFG_GETTIX,"Button",BS_AUTOCHECKBOX | WS_DISABLED |
+ WS_TABSTOP,7,7,147,10
+END
+
/////////////////////////////////////////////////////////////////////////////
//
@@ -102,6 +134,22 @@ BEGIN TOPMARGIN, 7
BOTTOMMARGIN, 175
END
+
+ IDD_CFG_IDS_KRB4, DIALOG
+ BEGIN
+ LEFTMARGIN, 7
+ RIGHTMARGIN, 228
+ TOPMARGIN, 7
+ BOTTOMMARGIN, 144
+ END
+
+ IDD_CFG_ID_KRB4, DIALOG
+ BEGIN
+ LEFTMARGIN, 7
+ RIGHTMARGIN, 228
+ TOPMARGIN, 7
+ BOTTOMMARGIN, 144
+ END
END
#endif // APSTUDIO_INVOKED
@@ -114,6 +162,14 @@ END STRINGTABLE
BEGIN
IDS_PLUGIN_DESC "Kerberos 4 Credentials Provider"
+ IDS_NC_K4_SHORT "Kerberos 4"
+ IDS_ERR_REALM "Could not resolve realm"
+ IDS_ERR_PRINCIPAL "Invalid principal"
+ IDS_ERR_INVINST "Invalid instance"
+ IDS_ERR_PWINTKT "Could not get Kerberos 4 tickets"
+ IDS_CT_DISABLED "<p><a id=""SwitchPanel"" param=""Krb4Cred""><b>Krb4</b></a><tab>: Disabled (click <a id=""Krb4Cred:Enable"">here</a> to enable)</p>"
+ IDS_CT_TGTFOR "<p><a id=""SwitchPanel"" param=""Krb4Cred""><b>Krb4</b></a><tab>: Tickets for realm %s</p>"
+ IDS_METHOD_AUTO "Automatically determined method"
END
STRINGTABLE
@@ -124,6 +180,13 @@ BEGIN IDS_CFG_KRB4_SHORT "Kerberos 4"
END
+STRINGTABLE
+BEGIN
+ IDS_METHOD_PWD "Password"
+ IDS_METHOD_K524 "Kerberos 5 to 4 translation"
+ IDS_CFG_IDS_KRB4_SHORT "Kerberos 4"
+END
+
#endif // English (U.S.) resources
/////////////////////////////////////////////////////////////////////////////
diff --git a/src/windows/identity/plugins/krb4/langres.h b/src/windows/identity/plugins/krb4/langres.h index 2096adec3b..ceb2360075 100644 --- a/src/windows/identity/plugins/krb4/langres.h +++ b/src/windows/identity/plugins/krb4/langres.h @@ -1,6 +1,6 @@ //{{NO_DEPENDENCIES}}
// Microsoft Visual C++ generated include file.
-// Used by D:\work\khimaira\src\plugins\krb4\lang\en_us\langres.rc
+// Used by D:\work\pismere\athena\auth\krb5\src\windows\identity\plugins\krb4\lang\en_us\langres.rc
//
#define IDS_UNK_ADDR_FMT 101
#define IDS_KRB5_CREDTEXT_0 102
@@ -8,16 +8,29 @@ #define IDS_PLUGIN_DESC 103
#define IDS_KEY_ENCTYPE_SHORT_DESC 104
#define IDD_CFG_KRB4 104
+#define IDS_NC_K4_SHORT 104
#define IDS_TKT_ENCTYPE_SHORT_DESC 105
+#define IDS_ERR_REALM 105
+#define IDD_CFG_IDS_KRB4 105
#define IDS_KEY_ENCTYPE_LONG_DESC 106
+#define IDS_ERR_PRINCIPAL 106
+#define IDD_CFG_ID_KRB4 106
#define IDS_TKT_ENCTYPE_LONG_DESC 107
+#define IDS_ERR_INVINST 107
#define IDS_ADDR_LIST_SHORT_DESC 108
+#define IDS_ERR_PWINTKT 108
#define IDS_ADDR_LIST_LONG_DESC 109
+#define IDS_CT_DISABLED 109
#define IDS_ETYPE_NULL 110
+#define IDS_CT_TGTFOR 110
#define IDS_ETYPE_DES_CBC_CRC 111
+#define IDS_METHOD_AUTO 111
#define IDS_ETYPE_DES_CBC_MD4 112
+#define IDS_METHOD_PWD 112
#define IDS_ETYPE_DES_CBC_MD5 113
+#define IDS_METHOD_K524 113
#define IDS_ETYPE_DES_CBC_RAW 114
+#define IDS_CFG_IDS_KRB4_SHORT 114
#define IDS_ETYPE_DES3_CBC_SHA 115
#define IDS_ETYPE_DES3_CBC_RAW 116
#define IDS_ETYPE_DES_HMAC_SHA1 117
@@ -65,14 +78,20 @@ #define IDC_CFG_RLMPATH 1030
#define IDC_CFG_CFGBROW 1031
#define IDC_CFG_RLMBROW 1032
+#define IDC_NCK4_OBTAIN 1033
+#define IDC_NCK4_PWD 1034
+#define IDC_NCK4_K524 1035
+#define IDC_NCK4_AUTO 1036
+#define IDC_CFG_GETTIX 1037
+#define IDC_CHECK1 1038
// Next default values for new objects
//
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
-#define _APS_NEXT_RESOURCE_VALUE 105
+#define _APS_NEXT_RESOURCE_VALUE 107
#define _APS_NEXT_COMMAND_VALUE 40001
-#define _APS_NEXT_CONTROL_VALUE 1033
+#define _APS_NEXT_CONTROL_VALUE 1039
#define _APS_NEXT_SYMED_VALUE 101
#endif
#endif
diff --git a/src/windows/identity/plugins/krb4/version.rc b/src/windows/identity/plugins/krb4/version.rc new file mode 100644 index 0000000000..3ca6b1cb9f --- /dev/null +++ b/src/windows/identity/plugins/krb4/version.rc @@ -0,0 +1,66 @@ +/* Copyright (c) 2004 Massachusetts Institute of Technology
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use, copy,
+ * modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ *
+ */
+
+/* $Id$ */
+
+#include<netidmgr_intver.h>
+
+1 VERSIONINFO
+ FILEVERSION KH_VERSION_LIST
+ PRODUCTVERSION KH_VERSION_LIST
+ FILEFLAGSMASK KH_VER_FILEFLAGMASK
+ FILEFLAGS KH_VER_FILEFLAGS
+ FILEOS KH_VER_FILEOS
+ FILETYPE KH_VER_FILETYPEDLL
+ FILESUBTYPE 0
+ {
+
+ BLOCK "StringFileInfo"
+ {
+ BLOCK "040904b0"
+ {
+ VALUE "CompanyName", KH_VERSTR_COMPANY_1033
+ VALUE "FileDescription", "Kerberos 4 plugin for NetIDMgr"
+ VALUE "FileVersion", KH_VERSTR_VERSION_1033
+ VALUE "InternalName", "krb4cred"
+ VALUE "LegalCopyright", KH_VERSTR_COPYRIGHT_1033
+ VALUE "OriginalFilename", "krb4cred.dll"
+ VALUE "ProductName", "NetIDMgr"
+ VALUE "ProductVersion", KH_VERSTR_PRODUCT_1033
+#ifdef KH_VERSTR_COMMENT_1033
+ VALUE "Comment", KH_VERSTR_COMMENT_1033
+#endif
+ VALUE NIMV_MODULE, "MITKrb4"
+ VALUE NIMV_PLUGINS, "Krb4Cred"
+ VALUE NIMV_APIVER, KH_VERSION_STRINGAPI
+ VALUE NIMV_SUPPORT, "http://web.mit.edu/kerberos"
+ }
+ }
+
+ BLOCK "VarFileInfo"
+ {
+ VALUE "Translation", 0x409, 1200
+ }
+
+ }
|