diff options
Diffstat (limited to 'src/windows/identity/plugins')
47 files changed, 5607 insertions, 865 deletions
diff --git a/src/windows/identity/plugins/common/dynimport.c b/src/windows/identity/plugins/common/dynimport.c index cd33813f78..ed5110e667 100644 --- a/src/windows/identity/plugins/common/dynimport.c +++ b/src/windows/identity/plugins/common/dynimport.c @@ -1,5 +1,5 @@ /*
-* Copyright (c) 2004 Massachusetts Institute of Technology
+* Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -134,6 +134,7 @@ DECL_FUNC_PTR(krb5_get_renewed_creds); DECL_FUNC_PTR(krb5_get_default_config_files);
DECL_FUNC_PTR(krb5_free_config_files);
DECL_FUNC_PTR(krb5_get_default_realm);
+DECL_FUNC_PTR(krb5_set_default_realm);
DECL_FUNC_PTR(krb5_free_ticket);
DECL_FUNC_PTR(krb5_decode_ticket);
DECL_FUNC_PTR(krb5_get_host_realm);
@@ -152,10 +153,16 @@ DECL_FUNC_PTR(error_message); // Profile functions
DECL_FUNC_PTR(profile_init);
+DECL_FUNC_PTR(profile_flush);
DECL_FUNC_PTR(profile_release);
DECL_FUNC_PTR(profile_get_subsection_names);
DECL_FUNC_PTR(profile_free_list);
DECL_FUNC_PTR(profile_get_string);
+DECL_FUNC_PTR(profile_get_values);
+DECL_FUNC_PTR(profile_get_relation_names);
+DECL_FUNC_PTR(profile_clear_relation);
+DECL_FUNC_PTR(profile_add_relation);
+DECL_FUNC_PTR(profile_update_relation);
DECL_FUNC_PTR(profile_release_string);
// Service functions
@@ -217,67 +224,68 @@ FUNC_INFO k4_fi[] = { FUNC_INFO k5_fi[] = {
MAKE_FUNC_INFO(krb5_change_password),
- MAKE_FUNC_INFO(krb5_get_init_creds_opt_init),
- MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_tkt_life),
- MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_renew_life),
- MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_forwardable),
- MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_proxiable),
- MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_address_list),
- MAKE_FUNC_INFO(krb5_get_init_creds_password),
- MAKE_FUNC_INFO(krb5_get_prompt_types),
- MAKE_FUNC_INFO(krb5_build_principal_ext),
- MAKE_FUNC_INFO(krb5_cc_get_name),
- MAKE_FUNC_INFO(krb5_cc_resolve),
- MAKE_FUNC_INFO(krb5_cc_default),
- MAKE_FUNC_INFO(krb5_cc_default_name),
- MAKE_FUNC_INFO(krb5_cc_set_default_name),
- MAKE_FUNC_INFO(krb5_cc_initialize),
- MAKE_FUNC_INFO(krb5_cc_destroy),
- MAKE_FUNC_INFO(krb5_cc_close),
- MAKE_FUNC_INFO(krb5_cc_copy_creds),
- MAKE_FUNC_INFO(krb5_cc_store_cred),
- MAKE_FUNC_INFO(krb5_cc_retrieve_cred),
- MAKE_FUNC_INFO(krb5_cc_get_principal),
- MAKE_FUNC_INFO(krb5_cc_start_seq_get),
- MAKE_FUNC_INFO(krb5_cc_next_cred),
- MAKE_FUNC_INFO(krb5_cc_end_seq_get),
- MAKE_FUNC_INFO(krb5_cc_remove_cred),
- MAKE_FUNC_INFO(krb5_cc_set_flags),
- // MAKE_FUNC_INFO(krb5_cc_get_type),
- MAKE_FUNC_INFO(krb5_free_context),
- MAKE_FUNC_INFO(krb5_free_cred_contents),
- MAKE_FUNC_INFO(krb5_free_principal),
- MAKE_FUNC_INFO(krb5_get_in_tkt_with_password),
- MAKE_FUNC_INFO(krb5_init_context),
- MAKE_FUNC_INFO(krb5_parse_name),
- MAKE_FUNC_INFO(krb5_timeofday),
- MAKE_FUNC_INFO(krb5_timestamp_to_sfstring),
- MAKE_FUNC_INFO(krb5_unparse_name),
- MAKE_FUNC_INFO(krb5_get_credentials),
- MAKE_FUNC_INFO(krb5_mk_req),
- MAKE_FUNC_INFO(krb5_sname_to_principal),
- MAKE_FUNC_INFO(krb5_get_credentials_renew),
- MAKE_FUNC_INFO(krb5_free_data),
- MAKE_FUNC_INFO(krb5_free_data_contents),
- // MAKE_FUNC_INFO(krb5_get_realm_domain),
- MAKE_FUNC_INFO(krb5_free_unparsed_name),
- MAKE_FUNC_INFO(krb5_os_localaddr),
- MAKE_FUNC_INFO(krb5_copy_keyblock_contents),
- MAKE_FUNC_INFO(krb5_copy_data),
- MAKE_FUNC_INFO(krb5_free_creds),
- MAKE_FUNC_INFO(krb5_build_principal),
- MAKE_FUNC_INFO(krb5_get_renewed_creds),
- MAKE_FUNC_INFO(krb5_free_addresses),
- MAKE_FUNC_INFO(krb5_get_default_config_files),
- MAKE_FUNC_INFO(krb5_free_config_files),
- MAKE_FUNC_INFO(krb5_get_default_realm),
- MAKE_FUNC_INFO(krb5_free_ticket),
- MAKE_FUNC_INFO(krb5_decode_ticket),
- MAKE_FUNC_INFO(krb5_get_host_realm),
- MAKE_FUNC_INFO(krb5_free_host_realm),
- MAKE_FUNC_INFO(krb5_c_random_make_octets),
- MAKE_FUNC_INFO(krb5_free_default_realm),
- END_FUNC_INFO
+ MAKE_FUNC_INFO(krb5_get_init_creds_opt_init),
+ MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_tkt_life),
+ MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_renew_life),
+ MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_forwardable),
+ MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_proxiable),
+ MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_address_list),
+ MAKE_FUNC_INFO(krb5_get_init_creds_password),
+ MAKE_FUNC_INFO(krb5_get_prompt_types),
+ MAKE_FUNC_INFO(krb5_build_principal_ext),
+ MAKE_FUNC_INFO(krb5_cc_get_name),
+ MAKE_FUNC_INFO(krb5_cc_resolve),
+ MAKE_FUNC_INFO(krb5_cc_default),
+ MAKE_FUNC_INFO(krb5_cc_default_name),
+ MAKE_FUNC_INFO(krb5_cc_set_default_name),
+ MAKE_FUNC_INFO(krb5_cc_initialize),
+ MAKE_FUNC_INFO(krb5_cc_destroy),
+ MAKE_FUNC_INFO(krb5_cc_close),
+ MAKE_FUNC_INFO(krb5_cc_copy_creds),
+ MAKE_FUNC_INFO(krb5_cc_store_cred),
+ MAKE_FUNC_INFO(krb5_cc_retrieve_cred),
+ MAKE_FUNC_INFO(krb5_cc_get_principal),
+ MAKE_FUNC_INFO(krb5_cc_start_seq_get),
+ MAKE_FUNC_INFO(krb5_cc_next_cred),
+ MAKE_FUNC_INFO(krb5_cc_end_seq_get),
+ MAKE_FUNC_INFO(krb5_cc_remove_cred),
+ MAKE_FUNC_INFO(krb5_cc_set_flags),
+ // MAKE_FUNC_INFO(krb5_cc_get_type),
+ MAKE_FUNC_INFO(krb5_free_context),
+ MAKE_FUNC_INFO(krb5_free_cred_contents),
+ MAKE_FUNC_INFO(krb5_free_principal),
+ MAKE_FUNC_INFO(krb5_get_in_tkt_with_password),
+ MAKE_FUNC_INFO(krb5_init_context),
+ MAKE_FUNC_INFO(krb5_parse_name),
+ MAKE_FUNC_INFO(krb5_timeofday),
+ MAKE_FUNC_INFO(krb5_timestamp_to_sfstring),
+ MAKE_FUNC_INFO(krb5_unparse_name),
+ MAKE_FUNC_INFO(krb5_get_credentials),
+ MAKE_FUNC_INFO(krb5_mk_req),
+ MAKE_FUNC_INFO(krb5_sname_to_principal),
+ MAKE_FUNC_INFO(krb5_get_credentials_renew),
+ MAKE_FUNC_INFO(krb5_free_data),
+ MAKE_FUNC_INFO(krb5_free_data_contents),
+ // MAKE_FUNC_INFO(krb5_get_realm_domain),
+ MAKE_FUNC_INFO(krb5_free_unparsed_name),
+ MAKE_FUNC_INFO(krb5_os_localaddr),
+ MAKE_FUNC_INFO(krb5_copy_keyblock_contents),
+ MAKE_FUNC_INFO(krb5_copy_data),
+ MAKE_FUNC_INFO(krb5_free_creds),
+ MAKE_FUNC_INFO(krb5_build_principal),
+ MAKE_FUNC_INFO(krb5_get_renewed_creds),
+ MAKE_FUNC_INFO(krb5_free_addresses),
+ MAKE_FUNC_INFO(krb5_get_default_config_files),
+ MAKE_FUNC_INFO(krb5_free_config_files),
+ MAKE_FUNC_INFO(krb5_get_default_realm),
+ MAKE_FUNC_INFO(krb5_set_default_realm),
+ MAKE_FUNC_INFO(krb5_free_ticket),
+ MAKE_FUNC_INFO(krb5_decode_ticket),
+ MAKE_FUNC_INFO(krb5_get_host_realm),
+ MAKE_FUNC_INFO(krb5_free_host_realm),
+ MAKE_FUNC_INFO(krb5_c_random_make_octets),
+ MAKE_FUNC_INFO(krb5_free_default_realm),
+ END_FUNC_INFO
};
FUNC_INFO k524_fi[] = {
@@ -288,12 +296,18 @@ FUNC_INFO k524_fi[] = { FUNC_INFO profile_fi[] = {
MAKE_FUNC_INFO(profile_init),
- MAKE_FUNC_INFO(profile_release),
- MAKE_FUNC_INFO(profile_get_subsection_names),
- MAKE_FUNC_INFO(profile_free_list),
- MAKE_FUNC_INFO(profile_get_string),
- MAKE_FUNC_INFO(profile_release_string),
- END_FUNC_INFO
+ MAKE_FUNC_INFO(profile_flush),
+ MAKE_FUNC_INFO(profile_release),
+ MAKE_FUNC_INFO(profile_get_subsection_names),
+ MAKE_FUNC_INFO(profile_free_list),
+ MAKE_FUNC_INFO(profile_get_string),
+ MAKE_FUNC_INFO(profile_get_values),
+ MAKE_FUNC_INFO(profile_get_relation_names),
+ MAKE_FUNC_INFO(profile_clear_relation),
+ MAKE_FUNC_INFO(profile_add_relation),
+ MAKE_FUNC_INFO(profile_update_relation),
+ MAKE_FUNC_INFO(profile_release_string),
+ END_FUNC_INFO
};
FUNC_INFO ce_fi[] = {
diff --git a/src/windows/identity/plugins/common/dynimport.h b/src/windows/identity/plugins/common/dynimport.h index b3ba225a66..99aad9aedc 100644 --- a/src/windows/identity/plugins/common/dynimport.h +++ b/src/windows/identity/plugins/common/dynimport.h @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -247,6 +247,7 @@ extern DECL_FUNC_PTR(krb5_free_addresses); extern DECL_FUNC_PTR(krb5_get_default_config_files);
extern DECL_FUNC_PTR(krb5_free_config_files);
extern DECL_FUNC_PTR(krb5_get_default_realm);
+extern DECL_FUNC_PTR(krb5_set_default_realm);
extern DECL_FUNC_PTR(krb5_free_ticket);
extern DECL_FUNC_PTR(krb5_decode_ticket);
extern DECL_FUNC_PTR(krb5_get_host_realm);
@@ -264,10 +265,16 @@ extern DECL_FUNC_PTR(error_message); // Profile functions
extern DECL_FUNC_PTR(profile_init);
+extern DECL_FUNC_PTR(profile_flush);
extern DECL_FUNC_PTR(profile_release);
extern DECL_FUNC_PTR(profile_get_subsection_names);
extern DECL_FUNC_PTR(profile_free_list);
extern DECL_FUNC_PTR(profile_get_string);
+extern DECL_FUNC_PTR(profile_get_values);
+extern DECL_FUNC_PTR(profile_get_relation_names);
+extern DECL_FUNC_PTR(profile_clear_relation);
+extern DECL_FUNC_PTR(profile_add_relation);
+extern DECL_FUNC_PTR(profile_update_relation);
extern DECL_FUNC_PTR(profile_release_string);
// Service functions
diff --git a/src/windows/identity/plugins/common/krb5common.c b/src/windows/identity/plugins/common/krb5common.c index 5501a12068..6019c928ef 100644 --- a/src/windows/identity/plugins/common/krb5common.c +++ b/src/windows/identity/plugins/common/krb5common.c @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -25,9 +25,12 @@ /* $Id$ */
#include<windows.h>
-#include<kcreddb.h>
-#include<kherror.h>
+#include<netidmgr.h>
#include<dynimport.h>
+#include<krb5common.h>
+#ifdef DEBUG
+#include<assert.h>
+#endif
/**************************************/
/* khm_krb5_error(): */
@@ -94,15 +97,14 @@ khm_krb5_initialize(khm_handle ident, if (pkrb5_init_context == NULL)
return 1;
- if (*ctx == 0 && (rc = (*pkrb5_init_context)(ctx)))
- {
+ if (*ctx == 0 && (rc = (*pkrb5_init_context)(ctx))) {
functionName = "krb5_init_context()";
freeContextFlag = 0;
goto on_error;
}
if(*cache == 0) {
- wchar_t wccname[256];
+ wchar_t wccname[MAX_PATH];
khm_size cbwccname;
if(ident != NULL) {
@@ -110,8 +112,21 @@ khm_krb5_initialize(khm_handle ident, do {
char ccname[256];
- if(KHM_FAILED(kcdb_identity_get_attrib(ident, L"Krb5CCName", NULL, wccname, &cbwccname)))
- break;
+ if(KHM_FAILED(kcdb_identity_get_attrib(ident, L"Krb5CCName",
+ NULL, wccname,
+ &cbwccname))) {
+ cbwccname = sizeof(wccname);
+ if (KHM_FAILED
+ (khm_krb5_find_ccache_for_identity(ident,
+ ctx,
+ wccname,
+ &cbwccname))) {
+#ifdef DEBUG_LIKE_A_MADMAN
+ assert(FALSE);
+#endif
+ break;
+ }
+ }
if(UnicodeStrToAnsi(ccname, sizeof(ccname), wccname) == 0)
break;
@@ -124,8 +139,11 @@ khm_krb5_initialize(khm_handle ident, } while(FALSE);
}
- if (*cache == 0 && (rc = (*pkrb5_cc_default)(*ctx, cache)))
- {
+ if (*cache == 0
+#ifdef FAILOVER_TO_DEFAULT_CCACHE
+ && (rc = (*pkrb5_cc_default)(*ctx, cache))
+#endif
+ ) {
functionName = "krb5_cc_default()";
freeContextFlag = 1;
goto on_error;
@@ -141,8 +159,7 @@ khm_krb5_initialize(khm_handle ident, if (rc != KRB5_FCC_NOFILE && rc != KRB5_CC_NOTFOUND)
khm_krb5_error(rc, "krb5_cc_set_flags()", 0, ctx,
cache);
- else if ((rc == KRB5_FCC_NOFILE || rc == KRB5_CC_NOTFOUND) && *ctx != NULL)
- {
+ else if ((rc == KRB5_FCC_NOFILE || rc == KRB5_CC_NOTFOUND) && *ctx != NULL) {
if (*cache != NULL)
(*pkrb5_cc_close)(*ctx, *cache);
}
@@ -154,3 +171,267 @@ on_error: return khm_krb5_error(rc, functionName, freeContextFlag, ctx, cache);
#endif //!NO_KRB5
}
+
+#define TIMET_TOLERANCE (60*5)
+
+khm_int32 KHMAPI
+khm_get_identity_expiration_time(krb5_context ctx, krb5_ccache cc,
+ khm_handle ident,
+ krb5_timestamp * pexpiration)
+{
+ krb5_principal principal = 0;
+ char * princ_name = NULL;
+ krb5_creds creds;
+ krb5_error_code code;
+ krb5_error_code cc_code;
+ krb5_cc_cursor cur;
+ krb5_timestamp now, expiration = 0;
+
+ wchar_t w_ident_name[KCDB_IDENT_MAXCCH_NAME];
+ char ident_name[KCDB_IDENT_MAXCCH_NAME];
+ khm_size cb;
+
+ khm_int32 rv = KHM_ERROR_NOT_FOUND;
+
+ if (!ctx || !cc || !ident || !pexpiration)
+ return KHM_ERROR_GENERAL;
+
+ code = pkrb5_cc_get_principal(ctx, cc, &principal);
+
+ if ( code )
+ return KHM_ERROR_INVALID_PARAM;
+
+ cb = sizeof(w_ident_name);
+ kcdb_identity_get_name(ident, w_ident_name, &cb);
+ UnicodeStrToAnsi(ident_name, sizeof(ident_name), w_ident_name);
+
+ code = pkrb5_unparse_name(ctx, principal, &princ_name);
+
+ /* compare principal to ident. */
+
+ if ( code || !princ_name ||
+ strcmp(princ_name, ident_name) ) {
+ if (princ_name)
+ pkrb5_free_unparsed_name(ctx, princ_name);
+ pkrb5_free_principal(ctx, principal);
+ return KHM_ERROR_UNKNOWN;
+ }
+
+ pkrb5_free_unparsed_name(ctx, princ_name);
+ pkrb5_free_principal(ctx, principal);
+
+ code = pkrb5_timeofday(ctx, &now);
+
+ if (code)
+ return KHM_ERROR_UNKNOWN;
+
+ cc_code = pkrb5_cc_start_seq_get(ctx, cc, &cur);
+
+ while (!(cc_code = pkrb5_cc_next_cred(ctx, cc, &cur, &creds))) {
+ krb5_data * c0 = krb5_princ_name(ctx, creds.server);
+ krb5_data * c1 = krb5_princ_component(ctx, creds.server, 1);
+ krb5_data * r = krb5_princ_realm(ctx, creds.server);
+
+ if ( c0 && c1 && r && c1->length == r->length &&
+ !strncmp(c1->data,r->data,r->length) &&
+ !strncmp("krbtgt",c0->data,c0->length) ) {
+
+ /* we have a TGT, check for the expiration time.
+ * if it is valid and renewable, use the renew time
+ */
+
+ if (!(creds.ticket_flags & TKT_FLG_INVALID) &&
+ creds.times.starttime < (now + TIMET_TOLERANCE) &&
+ (creds.times.endtime + TIMET_TOLERANCE) > now) {
+ expiration = creds.times.endtime;
+
+ if ((creds.ticket_flags & TKT_FLG_RENEWABLE) &&
+ (creds.times.renew_till > creds.times.endtime)) {
+ expiration = creds.times.renew_till;
+ }
+ }
+ }
+ }
+
+ if (cc_code == KRB5_CC_END) {
+ cc_code = pkrb5_cc_end_seq_get(ctx, cc, &cur);
+ rv = KHM_ERROR_SUCCESS;
+ *pexpiration = expiration;
+ }
+
+ return rv;
+}
+
+khm_int32 KHMAPI
+khm_krb5_find_ccache_for_identity(khm_handle ident, krb5_context *pctx,
+ void * buffer, khm_size * pcbbuf)
+{
+ krb5_context ctx = 0;
+ krb5_ccache cache = 0;
+ krb5_error_code code;
+ apiCB * cc_ctx = 0;
+ struct _infoNC ** pNCi = NULL;
+ int i;
+ khm_int32 t;
+ wchar_t * ms = NULL;
+ khm_size cb;
+ krb5_timestamp expiration = 0;
+ krb5_timestamp best_match_expiration = 0;
+ char best_match_ccname[256] = "";
+ khm_handle csp_params = NULL;
+ khm_handle csp_plugins = NULL;
+
+ if (!buffer || !pcbbuf)
+ return KHM_ERROR_GENERAL;
+
+ ctx = *pctx;
+
+ code = pcc_initialize(&cc_ctx, CC_API_VER_2, NULL, NULL);
+ if (code)
+ goto _exit;
+
+ code = pcc_get_NC_info(cc_ctx, &pNCi);
+
+ if (code)
+ goto _exit;
+
+ for(i=0; pNCi[i]; i++) {
+ if (pNCi[i]->vers != CC_CRED_V5)
+ continue;
+
+ code = (*pkrb5_cc_resolve)(ctx, pNCi[i]->name, &cache);
+ if (code)
+ continue;
+
+ /* need a function to check the cache for the identity
+ * and determine if it has valid tickets. If it has
+ * the right identity and valid tickets, store the
+ * expiration time and the cache name. If it has the
+ * right identity but no valid tickets, store the ccache
+ * name and an expiration time of zero. if it does not
+ * have the right identity don't save the name.
+ *
+ * Keep searching to find the best cache available.
+ */
+
+ if (KHM_SUCCEEDED(khm_get_identity_expiration_time(ctx, cache,
+ ident,
+ &expiration))) {
+ if ( expiration > best_match_expiration ) {
+ best_match_expiration = expiration;
+ StringCbCopyA(best_match_ccname,
+ sizeof(best_match_ccname),
+ "API:");
+ StringCbCatA(best_match_ccname,
+ sizeof(best_match_ccname),
+ pNCi[i]->name);
+ expiration = 0;
+ }
+ }
+
+ if(ctx != NULL && cache != NULL)
+ (*pkrb5_cc_close)(ctx, cache);
+ cache = 0;
+ }
+
+ if (KHM_SUCCEEDED(kmm_get_plugins_config(0, &csp_plugins))) {
+ khc_open_space(csp_plugins, L"Krb5Cred\\Parameters", 0, &csp_params);
+ khc_close_space(csp_plugins);
+ csp_plugins = NULL;
+ }
+
+#ifdef DEBUG
+ if (csp_params == NULL) {
+ assert(FALSE);
+ }
+#endif
+
+ if (csp_params &&
+ KHM_SUCCEEDED(khc_read_int32(csp_params, L"MsLsaList", &t)) && t) {
+ code = (*pkrb5_cc_resolve)(ctx, "MSLSA:", &cache);
+ if (code == 0 && cache) {
+ if (KHM_SUCCEEDED(khm_get_identity_expiration_time(ctx, cache,
+ ident,
+ &expiration))) {
+ if ( expiration > best_match_expiration ) {
+ best_match_expiration = expiration;
+ StringCbCopyA(best_match_ccname, sizeof(best_match_ccname),
+ "MSLSA:");
+ expiration = 0;
+ }
+ }
+ }
+
+ if (ctx != NULL && cache != NULL)
+ (*pkrb5_cc_close)(ctx, cache);
+
+ cache = 0;
+ }
+
+ if (csp_params &&
+ khc_read_multi_string(csp_params, L"FileCCList", NULL, &cb)
+ == KHM_ERROR_TOO_LONG &&
+ cb > sizeof(wchar_t) * 2) {
+
+ wchar_t * t;
+ char ccname[MAX_PATH + 6];
+
+ ms = PMALLOC(cb);
+
+#ifdef DEBUG
+ assert(ms);
+#endif
+
+ khc_read_multi_string(csp_params, L"FileCCList", ms, &cb);
+ for(t = ms; t && *t; t = multi_string_next(t)) {
+ StringCchPrintfA(ccname, ARRAYLENGTH(ccname),
+ "FILE:%S", t);
+
+ code = (*pkrb5_cc_resolve)(ctx, ccname, &cache);
+ if (code)
+ continue;
+
+ if (KHM_SUCCEEDED(khm_get_identity_expiration_time(ctx, cache,
+ ident,
+ &expiration))) {
+ if ( expiration > best_match_expiration ) {
+ best_match_expiration = expiration;
+ StringCbCopyA(best_match_ccname,
+ sizeof(best_match_ccname),
+ ccname);
+ expiration = 0;
+ }
+ }
+
+ if (ctx != NULL && cache != NULL)
+ (*pkrb5_cc_close)(ctx, cache);
+ cache = 0;
+ }
+
+ PFREE(ms);
+ }
+ _exit:
+ if (csp_params)
+ khc_close_space(csp_params);
+
+ if (pNCi)
+ (*pcc_free_NC_info)(cc_ctx, &pNCi);
+
+ if (cc_ctx)
+ (*pcc_shutdown)(&cc_ctx);
+
+ if (best_match_ccname[0]) {
+
+ if (*pcbbuf = AnsiStrToUnicode((wchar_t *)buffer,
+ *pcbbuf,
+ best_match_ccname)) {
+
+ *pcbbuf = (*pcbbuf + 1) * sizeof(wchar_t);
+
+ return KHM_ERROR_SUCCESS;
+ }
+
+ }
+
+ return KHM_ERROR_GENERAL;
+}
diff --git a/src/windows/identity/plugins/common/krb5common.h b/src/windows/identity/plugins/common/krb5common.h index 7d998215a5..bd6337192a 100644 --- a/src/windows/identity/plugins/common/krb5common.h +++ b/src/windows/identity/plugins/common/krb5common.h @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -38,6 +38,15 @@ int khm_krb5_error(krb5_error_code rc, LPCSTR FailedFunctionName, int khm_krb5_initialize(khm_handle ident, krb5_context *, krb5_ccache *);
+
+khm_int32 KHMAPI
+khm_krb5_find_ccache_for_identity(khm_handle ident, krb5_context *pctx,
+ void * buffer, khm_size * pcbbuf);
+
+khm_int32 KHMAPI
+khm_get_identity_expiration_time(krb5_context ctx, krb5_ccache cc,
+ khm_handle ident,
+ krb5_timestamp * pexpiration);
#endif /* NO_KRB5 */
-#endif
\ No newline at end of file +#endif
diff --git a/src/windows/identity/plugins/krb4/Makefile b/src/windows/identity/plugins/krb4/Makefile index d6b749192d..2385e61793 100644 --- a/src/windows/identity/plugins/krb4/Makefile +++ b/src/windows/identity/plugins/krb4/Makefile @@ -32,12 +32,13 @@ LIBFILE=$(LIBDIR)\krb4cred.lib OBJFILES= \
$(LIBDIR)\dynimport.obj \
$(LIBDIR)\krb5common.obj \
- $(OBJ)\main.obj \
+ $(OBJ)\krb4main.obj \
$(OBJ)\krb4plugin.obj \
$(OBJ)\krb4funcs.obj \
$(OBJ)\errorfuncs.obj \
$(OBJ)\krb4config.obj \
- $(OBJ)\krb4configdlg.obj
+ $(OBJ)\krb4configdlg.obj \
+ $(OBJ)\krb4newcreds.obj
LIBFILES= \
$(LIBDIR)\nidmgr32.lib \
@@ -45,10 +46,12 @@ LIBFILES= \ SDKLIBFILES=
+VERRESFILE=$(OBJ)\version.res
+
$(OBJ)\krb4config.c: krbconfig.csv $(CONFDIR)\csvschema.cfg
$(CCSV) $** $@
-$(DLLFILE): $(OBJFILES)
+$(DLLFILE): $(OBJFILES) $(VERRESFILE)
$(DLLGUILINK) $(LIBFILES) $(SDKLIBFILES)
all: mkdirs $(DLLFILE) lang
diff --git a/src/windows/identity/plugins/krb4/datarep.h b/src/windows/identity/plugins/krb4/datarep.h deleted file mode 100644 index 9c7048e05e..0000000000 --- a/src/windows/identity/plugins/krb4/datarep.h +++ /dev/null @@ -1,37 +0,0 @@ -/*
- * Copyright (c) 2004 Massachusetts Institute of Technology
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without
- * restriction, including without limitation the rights to use, copy,
- * modify, merge, publish, distribute, sublicense, and/or sell copies
- * of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be
- * included in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
- * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
- * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
- * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE.
- */
-
-/* $Id$ */
-
-#ifndef __KHIMAIRA_KRB_DATAREP_H
-#define __KHIMAIRA_KRB_DATAREP_H
-
-
-khm_int32 KHMAPI enctype_toString(const void * data, khm_int32 cbdata, wchar_t *destbuf, khm_int32 *pcbdestbuf, khm_int32 flags);
-khm_int32 KHMAPI addr_list_toString(const void *, khm_int32, wchar_t *, khm_int32 *, khm_int32);
-khm_int32 KHMAPI krb5flags_toString(const void *, khm_int32, wchar_t *, khm_int32 *, khm_int32);
-khm_int32 KHMAPI renew_for_cb(khm_handle cred, khm_int32 id, void * buffer, khm_int32 * pcbsize);
-
-
-#endif
\ No newline at end of file diff --git a/src/windows/identity/plugins/krb4/errorfuncs.c b/src/windows/identity/plugins/krb4/errorfuncs.c index 9feaad2a70..dba9f5dc6c 100644 --- a/src/windows/identity/plugins/krb4/errorfuncs.c +++ b/src/windows/identity/plugins/krb4/errorfuncs.c @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -72,7 +72,7 @@ HWND GetRootParent (HWND Child) }
-LPSTR err_describe(LPSTR buf, long code)
+LPSTR err_describe(LPSTR buf, size_t len, long code)
{
LPSTR cp, com_err_msg;
int offset;
@@ -89,7 +89,8 @@ LPSTR err_describe(LPSTR buf, long code) case kadm_err_base:
break;
default:
- strcpy(buf, com_err_msg);
+ strncpy(buf, com_err_msg, len);
+ buf[len-1] = '\0';
return buf;
}
@@ -192,8 +193,10 @@ LPSTR err_describe(LPSTR buf, long code) /* no extra error msg */
break;
}
- if(com_err_msg != buf)
- strcpy(buf, com_err_msg);
+ if(com_err_msg != buf) {
+ strncpy(buf, com_err_msg, len);
+ buf[len-1] = '\0';
+ }
cp = buf + strlen(buf);
*cp++ = '\n';
switch(table_num) {
@@ -207,7 +210,7 @@ LPSTR err_describe(LPSTR buf, long code) etype = Lerror_table_name(table_num);
break;
}
- wsprintfA((LPSTR) cp, (LPSTR) "(%s error %d"
+ StringCbPrintfA((LPSTR) cp, len - (cp-buf), (LPSTR) "(%s error %d"
#ifdef DEBUG_COM_ERR
" (absolute error %ld)"
#endif
@@ -221,44 +224,3 @@ LPSTR err_describe(LPSTR buf, long code) return (LPSTR)buf;
}
-int lsh_com_err_proc (LPSTR whoami, long code,
- LPSTR fmt, va_list args)
-{
- int retval;
- HWND hOldFocus;
- char buf[1024], *cp; /* changed to 512 by jms 8/23/93 */
- WORD mbformat = MB_OK | MB_ICONEXCLAMATION;
-
- cp = buf;
- memset(buf, '\0', sizeof(buf));
- cp[0] = '\0';
-
- if (code)
- {
- err_describe(buf, code);
- while (*cp)
- cp++;
- }
-
- if (fmt)
- {
- if (fmt[0] == '%' && fmt[1] == 'b')
- {
- fmt += 2;
- mbformat = va_arg(args, WORD);
- /* if the first arg is a %b, we use it for the message
- box MB_??? flags. */
- }
- if (code)
- {
- *cp++ = '\n';
- *cp++ = '\n';
- }
- wvsprintfA((LPSTR)cp, fmt, args);
- }
- hOldFocus = GetFocus();
- retval = MessageBoxA(/*GetRootParent(hOldFocus)*/NULL, buf, whoami,
- mbformat | MB_ICONHAND | MB_TASKMODAL);
- SetFocus(hOldFocus);
- return retval;
-}
diff --git a/src/windows/identity/plugins/krb4/errorfuncs.h b/src/windows/identity/plugins/krb4/errorfuncs.h index be8f4e7c57..e339eca4f7 100644 --- a/src/windows/identity/plugins/krb4/errorfuncs.h +++ b/src/windows/identity/plugins/krb4/errorfuncs.h @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -43,32 +43,17 @@ typedef LPSTR (*err_func)(int, long); #endif
#include <krberr.h>
-extern void Leash_initialize_krb_error_func(err_func func,struct et_list **);
-#undef init_krb_err_func
-#define init_krb_err_func(erf) Leash_initialize_krb_error_func(erf,&_et_list)
-
#include <kadm_err.h>
-extern void Leash_initialize_kadm_error_table(struct et_list **);
-#undef init_kadm_err_tbl
-#define init_kadm_err_tbl() Leash_initialize_kadm_error_table(&_et_list)
#define kadm_err_base ERROR_TABLE_BASE_kadm
-#define krb_err_func Leash_krb_err_func
-
#include <stdarg.h>
-int lsh_com_err_proc (LPSTR whoami, long code,
- LPSTR fmt, va_list args);
-void FAR Leash_load_com_err_callback(FARPROC,FARPROC,FARPROC);
#ifndef KRBERR
#define KRBERR(code) (code + krb_err_base)
#endif
-int lsh_com_err_proc (LPSTR whoami, long code, LPSTR fmt, va_list args);
-int DoNiftyErrorReport(long errnum, LPSTR what);
-
-LPSTR err_describe(LPSTR buf, long code);
+LPSTR err_describe(LPSTR buf, size_t len, long code);
/* */
diff --git a/src/windows/identity/plugins/krb4/images/plugin.ico b/src/windows/identity/plugins/krb4/images/plugin.ico Binary files differnew file mode 100644 index 0000000000..791b359694 --- /dev/null +++ b/src/windows/identity/plugins/krb4/images/plugin.ico diff --git a/src/windows/identity/plugins/krb4/krb4configdlg.c b/src/windows/identity/plugins/krb4/krb4configdlg.c index 9ad3406980..e6eb890df3 100644 --- a/src/windows/identity/plugins/krb4/krb4configdlg.c +++ b/src/windows/identity/plugins/krb4/krb4configdlg.c @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -28,6 +28,165 @@ #include<kherror.h>
#include<khuidefs.h>
#include<strsafe.h>
+#include<assert.h>
+
+typedef struct tag_k4_ids_data {
+ khui_config_init_data cfg;
+
+ khm_int32 get_tix;
+} k4_ids_data;
+
+static void
+k4_ids_read_params(k4_ids_data * d) {
+ khm_int32 t;
+#ifdef DEBUG
+ assert(csp_params);
+#endif
+
+ t = 1;
+ khc_read_int32(csp_params, L"Krb4NewCreds", &t);
+ d->get_tix = !!t;
+}
+
+static void
+k4_ids_write_params(HWND hw, k4_ids_data * d) {
+ khm_int32 nv;
+ khm_boolean applied = FALSE;
+
+ if (IsDlgButtonChecked(hw, IDC_CFG_GETTIX) == BST_CHECKED)
+ nv = TRUE;
+ else
+ nv = FALSE;
+
+ if (!!nv != !!d->get_tix) {
+ d->get_tix = !!nv;
+ khc_write_int32(csp_params, L"Krb4NewCreds", d->get_tix);
+ applied = TRUE;
+ }
+
+ khui_cfg_set_flags_inst(&d->cfg,
+ (applied)?KHUI_CNFLAG_APPLIED:0,
+ KHUI_CNFLAG_APPLIED | KHUI_CNFLAG_MODIFIED);
+}
+
+static void
+k4_ids_check_mod(HWND hw, k4_ids_data * d) {
+ khm_int32 nv;
+
+ if (IsDlgButtonChecked(hw, IDC_CFG_GETTIX) == BST_CHECKED)
+ nv = TRUE;
+ else
+ nv = FALSE;
+
+ khui_cfg_set_flags_inst(&d->cfg,
+ (!!nv != !!d->get_tix)? KHUI_CNFLAG_MODIFIED: 0,
+ KHUI_CNFLAG_MODIFIED);
+}
+
+INT_PTR CALLBACK
+krb4_ids_config_proc(HWND hwnd,
+ UINT uMsg,
+ WPARAM wParam,
+ LPARAM lParam) {
+ k4_ids_data * d;
+
+ switch(uMsg) {
+ case WM_INITDIALOG:
+ d = PMALLOC(sizeof(*d));
+ ZeroMemory(d, sizeof(*d));
+
+ d->cfg = *((khui_config_init_data *) lParam);
+
+#pragma warning(push)
+#pragma warning(disable: 4244)
+ SetWindowLongPtr(hwnd, DWLP_USER, (LONG_PTR) d);
+#pragma warning(pop)
+
+ k4_ids_read_params(d);
+
+ CheckDlgButton(hwnd, IDC_CFG_GETTIX,
+ (d->get_tix)? BST_CHECKED: BST_UNCHECKED);
+
+ break;
+
+ case WM_COMMAND:
+ d = (k4_ids_data *) (LONG_PTR)
+ GetWindowLongPtr(hwnd, DWLP_USER);
+
+ if (HIWORD(wParam) == BN_CLICKED) {
+ k4_ids_check_mod(hwnd, d);
+ }
+ break;
+
+ case KHUI_WM_CFG_NOTIFY:
+ d = (k4_ids_data *) (LONG_PTR)
+ GetWindowLongPtr(hwnd, DWLP_USER);
+
+ if (HIWORD(wParam) == WMCFG_APPLY) {
+ k4_ids_write_params(hwnd, d);
+ }
+ break;
+
+ case WM_DESTROY:
+ d = (k4_ids_data *) (LONG_PTR)
+ GetWindowLongPtr(hwnd, DWLP_USER);
+
+ PFREE(d);
+ break;
+ }
+
+ return FALSE;
+}
+
+INT_PTR CALLBACK
+krb4_id_config_proc(HWND hwnd,
+ UINT uMsg,
+ WPARAM wParam,
+ LPARAM lParam) {
+ switch(uMsg) {
+ case WM_INITDIALOG:
+ {
+ wchar_t idname[KCDB_IDENT_MAXCCH_NAME];
+ khm_size cb;
+ khui_config_init_data * d;
+ khm_handle ident = NULL;
+ khm_int32 gettix = 0;
+ khm_int32 flags = 0;
+
+ d = (khui_config_init_data *) lParam;
+
+ khc_read_int32(csp_params, L"Krb4NewCreds", &gettix);
+ if (gettix == 0)
+ goto set_ui;
+
+ *idname = 0;
+ cb = sizeof(idname);
+ khui_cfg_get_name(d->ctx_node, idname, &cb);
+
+ kcdb_identity_create(idname, 0, &ident);
+
+ if (ident == NULL) {
+ gettix = 0;
+ goto set_ui;
+ }
+
+ kcdb_identity_get_flags(ident, &flags);
+
+ kcdb_identity_release(ident);
+
+ if (!(flags & KCDB_IDENT_FLAG_DEFAULT))
+ gettix = 0;
+
+ set_ui:
+ CheckDlgButton(hwnd, IDC_CFG_GETTIX,
+ (gettix)?BST_CHECKED: BST_UNCHECKED);
+ }
+ break;
+ }
+
+ return FALSE;
+}
+
INT_PTR CALLBACK
krb4_confg_proc(HWND hwnd,
diff --git a/src/windows/identity/plugins/krb4/krb4funcs.c b/src/windows/identity/plugins/krb4/krb4funcs.c index 8fda720b3a..7798e5c9ed 100644 --- a/src/windows/identity/plugins/krb4/krb4funcs.c +++ b/src/windows/identity/plugins/krb4/krb4funcs.c @@ -1,5 +1,5 @@ /*
-* Copyright (c) 2004 Massachusetts Institute of Technology
+* Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -78,11 +78,12 @@ int com_addr(void) long
khm_krb4_list_tickets(void)
{
+ char ptktname[MAX_PATH + 5];
char pname[ANAME_SZ];
char pinst[INST_SZ];
char prealm[REALM_SZ];
wchar_t wbuf[256];
- int k_errno;
+ int k_errno = 0;
CREDENTIALS c;
int newtickets = 0;
int open = 0;
@@ -91,6 +92,8 @@ khm_krb4_list_tickets(void) time_t tt;
FILETIME ft;
+ kcdb_credset_flush(krb4_credset);
+
// Since krb_get_tf_realm will return a ticket_file error,
// we will call tf_init and tf_close first to filter out
// things like no ticket file. Otherwise, the error that
@@ -98,7 +101,7 @@ khm_krb4_list_tickets(void) // klist: can't find realm of ticket file: No ticket file (tf_util)
// instead of klist: No ticket file (tf_util)
if (ptf_init == NULL)
- return(KSUCCESS);
+ goto collect;
com_addr();
@@ -126,6 +129,8 @@ khm_krb4_list_tickets(void) goto cleanup;
}
+ StringCchCopyA(ptktname, ARRAYLENGTH(ptktname), (*ptkt_string)());
+
open = 1;
// Get principal name and instance
@@ -147,8 +152,6 @@ khm_krb4_list_tickets(void) goto cleanup;
}
- kcdb_credset_flush(krb4_credset);
-
// Get KRB4 tickets
while ((k_errno = (*ptf_get_cred)(&c)) == KSUCCESS)
{
@@ -174,12 +177,13 @@ khm_krb4_list_tickets(void) TimetToFileTimeInterval(tt, &ft);
kcdb_cred_set_attr(cred, KCDB_ATTR_LIFETIME, &ft, sizeof(ft));
+ AnsiStrToUnicode(wbuf, sizeof(wbuf), ptktname);
+ kcdb_cred_set_attr(cred, KCDB_ATTR_LOCATION, wbuf, KCDB_CBSIZE_AUTO);
+
kcdb_credset_add_cred(krb4_credset, cred, -1);
} // while
- kcdb_credset_collect(NULL, krb4_credset, ident, credtype_id_krb4, NULL);
-
cleanup:
if (ptf_close == NULL)
return(KSUCCESS);
@@ -219,6 +223,10 @@ cleanup: MB_OK | MB_ICONERROR | MB_TASKMODAL | MB_SETFOREGROUND);
}
#endif
+
+ collect:
+ kcdb_credset_collect(NULL, krb4_credset, ident, credtype_id_krb4, NULL);
+
return k_errno;
}
@@ -227,7 +235,7 @@ cleanup: #define KRB5_FILE "KRB5.INI"
BOOL
-khm_get_profile_file(LPSTR confname, UINT szConfname)
+khm_krb5_get_profile_file(LPSTR confname, UINT szConfname)
{
char **configFile = NULL;
if (pkrb5_get_default_config_files(&configFile))
@@ -271,7 +279,7 @@ khm_get_krb4_con_file(LPSTR confname, UINT szConfname) LPSTR pFind;
//strcpy(krbConFile, CLeashApp::m_krbv5_profile->first_file->filename);
- if (khm_get_profile_file(krbConFile, sizeof(krbConFile)))
+ if (khm_krb5_get_profile_file(krbConFile, sizeof(krbConFile)))
{
GetWindowsDirectoryA(krbConFile,sizeof(krbConFile));
krbConFile[MAX_PATH-1] = '\0';
@@ -368,7 +376,7 @@ wchar_t * khm_krb5_get_realm_list(void) char krb5_conf[MAX_PATH+1];
- if (!khm_get_profile_file(krb5_conf,sizeof(krb5_conf))) {
+ if (!khm_krb5_get_profile_file(krb5_conf,sizeof(krb5_conf))) {
profile_t profile;
long retval;
const char *filenames[2];
@@ -392,7 +400,7 @@ wchar_t * khm_krb5_get_realm_list(void) }
cbsize += sizeof(wchar_t); /* double null terminated */
- rlist = malloc(cbsize);
+ rlist = PMALLOC(cbsize);
d = rlist;
for (cpp = sections; *cpp; cpp++)
{
@@ -430,7 +438,7 @@ wchar_t * khm_krb5_get_realm_list(void) /*TODO: compute the actual required buffer size instead of hardcoding */
cbsize = 16384; // arbitrary
- rlist = malloc(cbsize);
+ rlist = PMALLOC(cbsize);
d = rlist;
// Skip the default realm
@@ -493,7 +501,7 @@ wchar_t * khm_krb5_get_default_realm(void) if (def) {
cch = strlen(def) + 1;
- realm = malloc(sizeof(wchar_t) * cch);
+ realm = PMALLOC(sizeof(wchar_t) * cch);
AnsiStrToUnicode(realm, sizeof(wchar_t) * cch, def);
pkrb5_free_default_realm(ctx, def);
} else
@@ -503,3 +511,291 @@ wchar_t * khm_krb5_get_default_realm(void) return realm;
}
+
+static
+char *
+make_postfix(const char * base,
+ const char * postfix,
+ char ** rcopy)
+{
+ int base_size;
+ int ret_size;
+ char * copy = 0;
+ char * ret = 0;
+
+ base_size = (int) strlen(base) + 1;
+ ret_size = base_size + (int) strlen(postfix) + 1;
+ copy = malloc(base_size);
+ ret = malloc(ret_size);
+
+ if (!copy || !ret)
+ goto cleanup;
+
+ strncpy(copy, base, base_size);
+ copy[base_size - 1] = 0;
+
+ strncpy(ret, base, base_size);
+ strncpy(ret + (base_size - 1), postfix, ret_size - (base_size - 1));
+ ret[ret_size - 1] = 0;
+
+ cleanup:
+ if (!copy || !ret) {
+ if (copy)
+ free(copy);
+ if (ret)
+ free(ret);
+ copy = ret = 0;
+ }
+ // INVARIANT: (ret ==> copy) && (copy ==> ret)
+ *rcopy = copy;
+ return ret;
+}
+
+
+static
+long
+make_temp_cache_v4(const char * postfix)
+{
+ static char * old_cache = 0;
+
+ if (!pkrb_set_tkt_string || !ptkt_string || !pdest_tkt)
+ return 0; // XXX - is this appropriate?
+
+ if (old_cache) {
+ pdest_tkt();
+ pkrb_set_tkt_string(old_cache);
+ free(old_cache);
+ old_cache = 0;
+ }
+
+ if (postfix)
+ {
+ char * tmp_cache = make_postfix(ptkt_string(), postfix, &old_cache);
+
+ if (!tmp_cache)
+ return KFAILURE;
+
+ pkrb_set_tkt_string(tmp_cache);
+ free(tmp_cache);
+ }
+ return 0;
+}
+
+long
+khm_krb4_changepwd(char * principal,
+ char * password,
+ char * newpassword,
+ char** error_str)
+{
+ long k_errno;
+
+ if (!pkrb_set_tkt_string || !ptkt_string || !pkadm_change_your_password ||
+ !pdest_tkt)
+ return KFAILURE;
+
+ k_errno = make_temp_cache_v4("_chgpwd");
+ if (k_errno) return k_errno;
+ k_errno = pkadm_change_your_password(principal, password, newpassword,
+ error_str);
+ make_temp_cache_v4(0);
+ return k_errno;
+}
+
+long
+khm_convert524(khm_handle identity)
+{
+#ifdef NO_KRB5
+ return(0);
+#else
+ krb5_context ctx = 0;
+ krb5_error_code code = 0;
+ int icode = 0;
+ krb5_principal me = 0;
+ krb5_principal server = 0;
+ krb5_creds *v5creds = 0;
+ krb5_creds increds;
+ krb5_ccache cc = 0;
+ CREDENTIALS * v4creds = NULL;
+ static int init_ets = 1;
+
+ if (!pkrb5_init_context ||
+ !pkrb_in_tkt ||
+ !pkrb524_init_ets ||
+ !pkrb524_convert_creds_kdc)
+ return 0;
+
+ v4creds = (CREDENTIALS *) malloc(sizeof(CREDENTIALS));
+ memset((char *) v4creds, 0, sizeof(CREDENTIALS));
+
+ memset((char *) &increds, 0, sizeof(increds));
+ /*
+ From this point on, we can goto cleanup because increds is
+ initialized.
+ */
+
+ code = khm_krb5_initialize(identity, &ctx, &cc);
+ if (code)
+ goto cleanup;
+
+ if ( init_ets ) {
+ pkrb524_init_ets(ctx);
+ init_ets = 0;
+ }
+
+ if (code = pkrb5_cc_get_principal(ctx, cc, &me))
+ goto cleanup;
+
+ if ((code = pkrb5_build_principal(ctx,
+ &server,
+ krb5_princ_realm(ctx, me)->length,
+ krb5_princ_realm(ctx, me)->data,
+ "krbtgt",
+ krb5_princ_realm(ctx, me)->data,
+ NULL))) {
+ goto cleanup;
+ }
+
+ increds.client = me;
+ increds.server = server;
+ increds.times.endtime = 0;
+ increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC;
+ if ((code = pkrb5_get_credentials(ctx, 0,
+ cc,
+ &increds,
+ &v5creds))) {
+ goto cleanup;
+ }
+
+ if ((icode = pkrb524_convert_creds_kdc(ctx,
+ v5creds,
+ v4creds))) {
+ goto cleanup;
+ }
+
+ /* initialize ticket cache */
+ if ((icode = pkrb_in_tkt(v4creds->pname, v4creds->pinst, v4creds->realm)
+ != KSUCCESS)) {
+ goto cleanup;
+ }
+ /* stash ticket, session key, etc. for future use */
+ if ((icode = pkrb_save_credentials(v4creds->service,
+ v4creds->instance,
+ v4creds->realm,
+ v4creds->session,
+ v4creds->lifetime,
+ v4creds->kvno,
+ &(v4creds->ticket_st),
+ v4creds->issue_date))) {
+ goto cleanup;
+ }
+
+ cleanup:
+ memset(v4creds, 0, sizeof(v4creds));
+ free(v4creds);
+
+ if (v5creds) {
+ pkrb5_free_creds(ctx, v5creds);
+ }
+ if (increds.client == me)
+ me = 0;
+ if (increds.server == server)
+ server = 0;
+
+ if (ctx)
+ pkrb5_free_cred_contents(ctx, &increds);
+
+ if (server) {
+ pkrb5_free_principal(ctx, server);
+ }
+
+ if (me) {
+ pkrb5_free_principal(ctx, me);
+ }
+
+ if (ctx && cc)
+ pkrb5_cc_close(ctx, cc);
+
+ if (ctx) {
+ pkrb5_free_context(ctx);
+ }
+
+ return (code || icode);
+#endif /* NO_KRB5 */
+}
+
+long
+khm_krb4_kinit(char * aname,
+ char * inst,
+ char * realm,
+ long lifetime,
+ char * password) {
+
+ wchar_t * functionName = NULL;
+ wchar_t * err_context = NULL;
+ int rc4 = 0;
+ int msg = 0;
+
+ if (pkname_parse == NULL) {
+ goto cleanup;
+ }
+
+ err_context = L"getting realm";
+ if (!*realm && (rc4 = (int)(*pkrb_get_lrealm)(realm, 1))) {
+ functionName = L"krb_get_lrealm()";
+ msg = IDS_ERR_REALM;
+ goto cleanup;
+ }
+
+ err_context = L"checking principal";
+ if ((!*aname) || (!(rc4 = (int)(*pk_isname)(aname)))) {
+ functionName = L"krb_get_lrealm()";
+ msg = IDS_ERR_PRINCIPAL;
+ goto cleanup;
+ }
+
+ /* optional instance */
+ if (!(rc4 = (int)(*pk_isinst)(inst))) {
+ functionName = L"k_isinst()";
+ msg = IDS_ERR_INVINST;
+ goto cleanup;
+ }
+
+ if (!(rc4 = (int)(*pk_isrealm)(realm))) {
+ functionName = L"k_isrealm()";
+ msg = IDS_ERR_REALM;
+ goto cleanup;
+ }
+
+ err_context = L"fetching ticket";
+ rc4 = (*pkrb_get_pw_in_tkt)(aname, inst, realm, "krbtgt", realm,
+ lifetime, password);
+
+ if (rc4) /* XXX: do we want: && (rc != NO_TKT_FIL) as well? */ {
+ functionName = L"krb_get_pw_in_tkt()";
+ msg = IDS_ERR_PWINTKT;
+ goto cleanup;
+ }
+
+ return 0;
+
+ cleanup:
+ {
+ _report_sr0(KHERR_ERROR, msg);
+ _location(functionName);
+ }
+ return rc4;
+}
+
+
+int khm_krb4_kdestroy(void) {
+ int k_errno = 0;
+
+ if (pdest_tkt != NULL)
+ {
+ k_errno = (*pdest_tkt)();
+ if (k_errno && (k_errno != RET_TKFIL))
+ return KRBERR(k_errno);
+ }
+
+ return k_errno;
+}
diff --git a/src/windows/identity/plugins/krb4/krb4funcs.h b/src/windows/identity/plugins/krb4/krb4funcs.h index ea97358b9f..742036878f 100644 --- a/src/windows/identity/plugins/krb4/krb4funcs.h +++ b/src/windows/identity/plugins/krb4/krb4funcs.h @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -48,93 +48,21 @@ #define KRB5_DEFAULT_LIFE 60*60*10 /* 10 hours */
-// Function Prototypes.
-BOOL khm_krb5_ms2mit(BOOL);
-
-int
-khm_krb5_kinit(krb5_context alt_ctx,
- char * principal_name,
- char * password,
- krb5_deltat lifetime,
- DWORD forwardable,
- DWORD proxiable,
- krb5_deltat renew_life,
- DWORD addressless,
- DWORD publicIP,
- krb5_prompter_fct prompter,
- void * p_data
- );
-
-long
-Leash_int_kinit_ex(
- krb5_context ctx,
- HWND hParent,
- char * principal,
- char * password,
- int lifetime,
- int forwardable,
- int proxiable,
- int renew_life,
- int addressless,
- unsigned long publicIP,
- int displayErrors
- );
long
-Leash_int_checkpwd(
- char * principal,
- char * password,
- int displayErrors
- );
-
-long
-Leash_int_changepwd(
- char * principal,
- char * password,
- char * newpassword,
- char** result_string,
- int displayErrors
- );
-
-int
-Leash_krb5_kdestroy(
- void
- );
-
-int
-Leash_krb5_kinit(
- krb5_context,
- HWND hParent,
- char * principal_name,
- char * password,
- krb5_deltat lifetime,
- DWORD forwardable,
- DWORD proxiable,
- krb5_deltat renew_life,
- DWORD addressless,
- DWORD publicIP
- );
+khm_convert524(khm_handle identity);
long
-khm_convert524(
- krb5_context ctx
- );
-
-int
-Leash_afs_unlog(
- void
- );
+khm_krb4_kinit(char * aname,
+ char * inst,
+ char * realm,
+ long lifetime,
+ char * password);
-int
-Leash_afs_klog(
- char *,
- char *,
- char *,
- int
- );
+long
+khm_krb4_list_tickets(void);
-int
-LeashKRB5_renew(void);
+int khm_krb4_kdestroy(void);
LONG
write_registry_setting(
@@ -180,11 +108,7 @@ config_boolean_to_int( const char *s
);
-
wchar_t * khm_krb5_get_default_realm(void);
wchar_t * khm_krb5_get_realm_list(void);
-long khm_krb5_list_tickets(krb5_context *krbv5Context);
-long khm_krb4_list_tickets(void);
-
#endif
diff --git a/src/windows/identity/plugins/krb4/main.c b/src/windows/identity/plugins/krb4/krb4main.c index 60ceb7f83c..b83cd5eb42 100644 --- a/src/windows/identity/plugins/krb4/main.c +++ b/src/windows/identity/plugins/krb4/krb4main.c @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -39,8 +39,6 @@ khm_int32 attr_id_key_enctype = -1; khm_int32 attr_id_tkt_enctype = -1;
khm_int32 attr_id_addr_list = -1;
khm_int32 attr_id_krb5_flags = -1;
-khm_int32 attr_id_renew_till = -1;
-khm_int32 attr_id_renew_for = -1;
khm_handle csp_plugins = NULL;
khm_handle csp_krbcred = NULL;
@@ -91,44 +89,6 @@ KHMEXP khm_int32 KHMAPI init_module(kmm_module h_module) { if(KHM_FAILED(rv = init_error_funcs()))
goto _exit;
- /* Lookup common data types */
- if(KHM_FAILED(kcdb_type_get_id(TYPENAME_ENCTYPE, &type_id_enctype))) {
- goto _exit;
- }
-
- if(KHM_FAILED(kcdb_type_get_id(TYPENAME_ADDR_LIST, &type_id_addr_list))) {
- goto _exit;
- }
-
- if(KHM_FAILED(kcdb_type_get_id(TYPENAME_KRB5_FLAGS, &type_id_krb5_flags))) {
- goto _exit;
- }
-
- /* Lookup common attributes */
- if(KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_KEY_ENCTYPE, &attr_id_key_enctype))) {
- goto _exit;
- }
-
- if(KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_TKT_ENCTYPE, &attr_id_tkt_enctype))) {
- goto _exit;
- }
-
- if(KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_ADDR_LIST, &attr_id_addr_list))) {
- goto _exit;
- }
-
- if(KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_KRB5_FLAGS, &attr_id_krb5_flags))) {
- goto _exit;
- }
-
- if(KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_RENEW_TILL, &attr_id_renew_till))) {
- goto _exit;
- }
-
- if(KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_RENEW_FOR, &attr_id_renew_for))) {
- goto _exit;
- }
-
rv = kmm_get_plugins_config(0, &csp_plugins);
if(KHM_FAILED(rv)) goto _exit;
diff --git a/src/windows/identity/plugins/krb4/krb4newcreds.c b/src/windows/identity/plugins/krb4/krb4newcreds.c new file mode 100644 index 0000000000..fdbe304fa0 --- /dev/null +++ b/src/windows/identity/plugins/krb4/krb4newcreds.c @@ -0,0 +1,657 @@ +/*
+ * Copyright (c) 2005 Massachusetts Institute of Technology
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use, copy,
+ * modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+/* $Id$ */
+
+#include<krbcred.h>
+#include<kherror.h>
+#include<khmsgtypes.h>
+#include<khuidefs.h>
+#include<utils.h>
+#include<commctrl.h>
+#include<strsafe.h>
+#include<krb5.h>
+#include<assert.h>
+
+#define K4_METHOD_AUTO 0
+#define K4_METHOD_PASSWORD 1
+#define K4_METHOD_K524 2
+
+int method_to_id[] = {
+ IDC_NCK4_AUTO,
+ IDC_NCK4_PWD,
+ IDC_NCK4_K524
+};
+
+typedef struct tag_k4_dlg_data {
+ HWND hwnd;
+ khui_new_creds * nc;
+ khui_new_creds_by_type * nct;
+
+ khm_boolean k4_enabled;
+ khm_int32 method;
+ time_t lifetime;
+} k4_dlg_data;
+
+void k4_update_display(k4_dlg_data * d) {
+ CheckDlgButton(d->hwnd, IDC_NCK4_OBTAIN,
+ (d->k4_enabled)?BST_CHECKED: BST_UNCHECKED);
+
+ if (d->k4_enabled) {
+ EnableWindow(GetDlgItem(d->hwnd, IDC_NCK4_AUTO), TRUE);
+ EnableWindow(GetDlgItem(d->hwnd, IDC_NCK4_PWD ), TRUE);
+ EnableWindow(GetDlgItem(d->hwnd, IDC_NCK4_K524), TRUE);
+ } else {
+ EnableWindow(GetDlgItem(d->hwnd, IDC_NCK4_AUTO), FALSE);
+ EnableWindow(GetDlgItem(d->hwnd, IDC_NCK4_PWD ), FALSE);
+ EnableWindow(GetDlgItem(d->hwnd, IDC_NCK4_K524), FALSE);
+ }
+
+ CheckRadioButton(d->hwnd, IDC_NCK4_AUTO, IDC_NCK4_K524,
+ method_to_id[d->method]);
+}
+
+void k4_update_data(k4_dlg_data * d) {
+ int i;
+ khm_boolean oldstate;
+
+ oldstate = d->k4_enabled;
+
+ if (IsDlgButtonChecked(d->hwnd, IDC_NCK4_OBTAIN) == BST_CHECKED)
+ d->k4_enabled = TRUE;
+ else
+ d->k4_enabled = FALSE;
+
+ if ((oldstate && !d->k4_enabled) ||
+ (!oldstate && d->k4_enabled)) {
+
+ khui_cw_enable_type(d->nc, credtype_id_krb4, d->k4_enabled);
+ }
+
+ d->method = 0;
+
+ for (i=K4_METHOD_AUTO; i<=K4_METHOD_K524; i++) {
+ if (IsDlgButtonChecked(d->hwnd, method_to_id[i]) == BST_CHECKED) {
+ d->method = i;
+ break;
+ }
+ }
+}
+
+void k4_read_identity_data(k4_dlg_data * d) {
+ khm_handle csp_ident = NULL;
+ khm_handle csp_k4 = NULL;
+
+ khm_int32 idflags = 0;
+ khm_int32 t;
+
+ if (KHM_SUCCEEDED(khc_read_int32(csp_params, L"Krb4NewCreds", &t)))
+ d->k4_enabled = !!t;
+ else
+ d->k4_enabled = TRUE;
+
+ if (KHM_SUCCEEDED(khc_read_int32(csp_params, L"Krb4Method", &t)))
+ d->method = t;
+ else
+ d->method = K4_METHOD_AUTO;
+
+ if (KHM_SUCCEEDED(khc_read_int32(csp_params, L"DefaultLifetime", &t)))
+ d->lifetime = t;
+ else
+ d->lifetime = 10 * 60 * 60; /* 10 hours */
+
+ if (d->nc->n_identities > 0 &&
+ d->nc->identities[0]) {
+
+ if (KHM_SUCCEEDED(kcdb_identity_get_config(d->nc->identities[0],
+ 0,
+ &csp_ident))) {
+
+ khc_open_space(csp_ident, CSNAME_KRB4CRED, 0, &csp_k4);
+
+ if (csp_k4) {
+ if (KHM_SUCCEEDED(khc_read_int32(csp_k4, L"Krb4NewCreds", &t)))
+ d->k4_enabled = !!t;
+ if (KHM_SUCCEEDED(khc_read_int32(csp_k4, L"Krb4Method", &t)))
+ d->method = t;
+ khc_close_space(csp_k4);
+ }
+
+ khc_close_space(csp_ident);
+
+ kcdb_identity_get_flags(d->nc->identities[0], &idflags);
+ }
+
+ if (!(idflags & KCDB_IDENT_FLAG_DEFAULT)) {
+ /* we only support k4 for one identity, and that is the
+ default identity. If we are trying to get tickets for
+ a non-default identity, then we start off as
+ disabled. */
+
+ khm_handle defident = NULL;
+
+ if (KHM_SUCCEEDED(kcdb_identity_get_default(&defident))) {
+ kcdb_identity_release(defident);
+
+ d->k4_enabled = FALSE;
+ }
+ }
+ } else {
+ d->k4_enabled = FALSE;
+ }
+
+ if (d->method < 0 || d->method > K4_METHOD_K524)
+ d->method = K4_METHOD_AUTO;
+}
+
+void k4_write_identity_data(k4_dlg_data * d) {
+ khm_handle csp_ident = NULL;
+ khm_handle csp_k4 = NULL;
+
+ if (d->nc->n_identities > 0 &&
+ d->nc->identities[0] &&
+ KHM_SUCCEEDED(kcdb_identity_get_config(d->nc->identities[0],
+ KHM_FLAG_CREATE,
+ &csp_ident))) {
+ khc_open_space(csp_ident, CSNAME_KRB4CRED, KHM_FLAG_CREATE, &csp_k4);
+
+ if (csp_k4) {
+ khc_write_int32(csp_k4, L"Krb4NewCreds", !!d->k4_enabled);
+ khc_write_int32(csp_k4, L"Krb4Method", d->method);
+
+ khc_close_space(csp_k4);
+ }
+
+ khc_close_space(csp_ident);
+ }
+}
+
+void k4_handle_wmnc_notify(k4_dlg_data * d,
+ WPARAM wParam,
+ LPARAM lParam) {
+ switch(HIWORD(wParam)) {
+ case WMNC_UPDATE_CREDTEXT:
+ {
+ if (d->nct->credtext) {
+ PFREE(d->nct->credtext);
+ d->nct->credtext = NULL;
+ }
+
+ if (d->nc->n_identities > 0 &&
+ d->nc->identities[0]) {
+
+ khm_int32 flags = 0;
+ wchar_t idname[KCDB_IDENT_MAXCCH_NAME];
+ wchar_t * atsign;
+ wchar_t * realm;
+ khm_size cb;
+
+ kcdb_identity_get_flags(d->nc->identities[0], &flags);
+
+ if (flags & KCDB_IDENT_FLAG_INVALID)
+ break;
+
+ cb = sizeof(idname);
+ kcdb_identity_get_name(d->nc->identities[0], idname,
+ &cb);
+
+ atsign = wcsrchr(idname, L'@');
+
+ if (atsign == NULL || !atsign[1])
+ break;
+
+ realm = ++atsign;
+
+ if (d->k4_enabled) {
+ wchar_t wmethod[128];
+ wchar_t wfmt[128];
+ wchar_t wct[512];
+
+ LoadString(hResModule, IDS_CT_TGTFOR,
+ wfmt, ARRAYLENGTH(wfmt));
+
+ if (d->method == K4_METHOD_AUTO)
+ LoadString(hResModule, IDS_METHOD_AUTO, wmethod,
+ ARRAYLENGTH(wmethod));
+ else if (d->method == K4_METHOD_PASSWORD)
+ LoadString(hResModule, IDS_METHOD_PWD, wmethod,
+ ARRAYLENGTH(wmethod));
+ else if (d->method == K4_METHOD_K524)
+ LoadString(hResModule, IDS_METHOD_K524, wmethod,
+ ARRAYLENGTH(wmethod));
+ else {
+ assert(FALSE);
+ }
+
+ StringCbPrintf(wct, sizeof(wct), wfmt, realm, wmethod);
+
+ StringCbLength(wct, sizeof(wct), &cb);
+ cb += sizeof(wchar_t);
+
+ d->nct->credtext = PMALLOC(cb);
+
+ StringCbCopy(d->nct->credtext, cb, wct);
+ } else {
+ wchar_t wct[256];
+
+ LoadString(hResModule, IDS_CT_DISABLED,
+ wct, ARRAYLENGTH(wct));
+
+ StringCbLength(wct, sizeof(wct), &cb);
+ cb += sizeof(wchar_t);
+
+ d->nct->credtext = PMALLOC(cb);
+
+ StringCbCopy(d->nct->credtext, cb, wct);
+ }
+ }
+ /* no identities were selected. it is not the
+ responsibility of krb4 to complain about this. */
+ }
+ break;
+
+ case WMNC_IDENTITY_CHANGE:
+ k4_read_identity_data(d);
+ k4_update_display(d);
+ break;
+
+ case WMNC_CREDTEXT_LINK:
+ {
+ wchar_t wid[KHUI_MAXCCH_HTLINK_FIELD];
+ wchar_t * wids;
+ khui_htwnd_link * l;
+
+ l = (khui_htwnd_link *) lParam;
+
+ wcsncpy(wid, l->id, l->id_len);
+ wid[l->id_len] = 0;
+ wids = wcschr(wid, L':');
+
+ if (!wids)
+ break;
+ else
+ wids++;
+
+ if (!wcscmp(wids, L"Enable")) {
+ d->k4_enabled = TRUE;
+
+ k4_update_display(d);
+ khui_cw_enable_type(d->nc, credtype_id_krb4, TRUE);
+ }
+ }
+ break;
+ }
+}
+
+INT_PTR CALLBACK k4_nc_dlg_proc(HWND hwnd,
+ UINT uMsg,
+ WPARAM wParam,
+ LPARAM lParam) {
+
+ k4_dlg_data * d;
+
+ switch(uMsg) {
+ case WM_INITDIALOG:
+ {
+ d = PMALLOC(sizeof(*d));
+ ZeroMemory(d, sizeof(*d));
+
+ d->nc = (khui_new_creds *) lParam;
+ khui_cw_find_type(d->nc, credtype_id_krb4, &d->nct);
+
+#pragma warning(push)
+#pragma warning(disable: 4244)
+ SetWindowLongPtr(hwnd, DWLP_USER, (LPARAM) d);
+#pragma warning(pop)
+
+ d->nct->aux = (LPARAM) d;
+ d->hwnd = hwnd;
+
+ d->k4_enabled = TRUE;
+ d->method = K4_METHOD_AUTO;
+
+ k4_update_display(d);
+ }
+ break;
+
+ case WM_COMMAND:
+ {
+ d = (k4_dlg_data *) (LONG_PTR)
+ GetWindowLongPtr(hwnd, DWLP_USER);
+
+ k4_update_data(d);
+ k4_update_display(d);
+ }
+ break;
+
+ case KHUI_WM_NC_NOTIFY:
+ {
+ d = (k4_dlg_data *) (LONG_PTR)
+ GetWindowLongPtr(hwnd, DWLP_USER);
+ k4_handle_wmnc_notify(d, wParam, lParam);
+ }
+ break;
+
+ case WM_DESTROY:
+ {
+ d = (k4_dlg_data *) (LONG_PTR)
+ GetWindowLongPtr(hwnd, DWLP_USER);
+
+ d->nct->aux = 0;
+
+ PFREE(d);
+ }
+ break;
+ }
+
+ return FALSE;
+}
+
+khm_int32
+krb4_msg_newcred(khm_int32 msg_type, khm_int32 msg_subtype,
+ khm_ui_4 uparam, void * vparam) {
+
+ switch(msg_subtype) {
+ case KMSG_CRED_NEW_CREDS:
+ {
+ khui_new_creds * nc;
+ khui_new_creds_by_type * nct;
+ khm_size cbsize;
+ wchar_t wbuf[256];
+
+ nc = (khui_new_creds *) vparam;
+
+ nct = PMALLOC(sizeof(*nct));
+#ifdef DEBUG
+ assert(nct);
+#endif
+ ZeroMemory(nct, sizeof(*nct));
+
+ nct->type = credtype_id_krb4;
+ nct->ordinal = 3;
+ LoadString(hResModule, IDS_NC_K4_SHORT,
+ wbuf, ARRAYLENGTH(wbuf));
+ StringCbLength(wbuf, sizeof(wbuf), &cbsize);
+ cbsize += sizeof(wchar_t);
+
+ nct->name = PMALLOC(cbsize);
+ StringCbCopy(nct->name, cbsize, wbuf);
+
+ nct->type_deps[nct->n_type_deps++] = credtype_id_krb5;
+
+ nct->h_module = hResModule;
+ nct->dlg_proc = k4_nc_dlg_proc;
+ nct->dlg_template = MAKEINTRESOURCE(IDD_NC_KRB4);
+
+ khui_cw_add_type(nc, nct);
+ }
+ break;
+
+ case KMSG_CRED_RENEW_CREDS:
+ {
+ khui_new_creds * nc;
+ khui_new_creds_by_type * nct;
+ khm_size cbsize;
+ wchar_t wbuf[256];
+
+ nc = (khui_new_creds *) vparam;
+
+ nct = PMALLOC(sizeof(*nct));
+#ifdef DEBUG
+ assert(nct);
+#endif
+
+ ZeroMemory(nct, sizeof(*nct));
+
+ nct->type = credtype_id_krb4;
+ nct->ordinal = 3;
+ LoadString(hResModule, IDS_NC_K4_SHORT,
+ wbuf, ARRAYLENGTH(wbuf));
+ StringCbLength(wbuf, sizeof(wbuf), &cbsize);
+ cbsize += sizeof(wchar_t);
+
+ nct->name = PMALLOC(cbsize);
+ StringCbCopy(nct->name, cbsize, wbuf);
+
+ nct->type_deps[nct->n_type_deps++] = credtype_id_krb5;
+
+ khui_cw_add_type(nc, nct);
+ }
+ break;
+
+ case KMSG_CRED_DIALOG_SETUP:
+ break;
+
+ case KMSG_CRED_PROCESS:
+ {
+ khui_new_creds * nc;
+ khui_new_creds_by_type * nct = NULL;
+ khm_handle ident = NULL;
+ k4_dlg_data * d = NULL;
+ long code = 0;
+
+ nc = (khui_new_creds *) vparam;
+ if (KHM_FAILED(khui_cw_find_type(nc, credtype_id_krb4, &nct)))
+ break;
+
+ if (nc->subtype == KMSG_CRED_NEW_CREDS ||
+ nc->subtype == KMSG_CRED_RENEW_CREDS) {
+ khm_int32 method;
+
+ if (nc->subtype == KMSG_CRED_NEW_CREDS) {
+
+ d = (k4_dlg_data *) nct->aux;
+ if (!d ||
+ nc->n_identities == 0 ||
+ nc->identities[0] == NULL ||
+ nc->result != KHUI_NC_RESULT_GET_CREDS)
+ break;
+
+ if (!d->k4_enabled) {
+ k4_write_identity_data(d);
+ break;
+ }
+
+ method = d->method;
+ ident = nc->identities[0];
+
+ } else if (nc->subtype == KMSG_CRED_RENEW_CREDS) {
+
+ if ((nc->ctx.scope == KHUI_SCOPE_IDENT &&
+ nc->ctx.identity != NULL) ||
+
+ (nc->ctx.scope == KHUI_SCOPE_CREDTYPE &&
+ nc->ctx.cred_type == credtype_id_krb4 &&
+ nc->ctx.identity != NULL) ||
+
+ (nc->ctx.scope == KHUI_SCOPE_CRED &&
+ nc->ctx.cred_type == credtype_id_krb4 &&
+ nc->ctx.identity != NULL &&
+ nc->ctx.cred != NULL)) {
+
+ ident = nc->ctx.identity;
+
+ } else {
+ break;
+ }
+
+ method = K4_METHOD_K524; /* only k524 is supported
+ for renewals */
+ } else {
+ assert(FALSE);
+ }
+
+ if ((method == K4_METHOD_AUTO ||
+ method == K4_METHOD_K524) &&
+ khui_cw_type_succeeded(nc, credtype_id_krb5)) {
+
+ code = khm_convert524(ident);
+
+ if (code == 0) {
+ khui_cw_set_response(nc, credtype_id_krb4,
+ KHUI_NC_RESPONSE_SUCCESS |
+ KHUI_NC_RESPONSE_EXIT);
+
+ if (nc->subtype == KMSG_CRED_NEW_CREDS) {
+ assert(d != NULL);
+
+ k4_write_identity_data(d);
+ }
+ break;
+ } else if (method == K4_METHOD_K524) {
+ khui_cw_set_response(nc, credtype_id_krb4,
+ KHUI_NC_RESPONSE_FAILED |
+ KHUI_NC_RESPONSE_EXIT);
+ break;
+ }
+ }
+
+ /* only supported for new credentials */
+ if (method == K4_METHOD_AUTO ||
+ method == K4_METHOD_PASSWORD) {
+
+ khm_size n_prompts = 0;
+ khm_size idx;
+ khm_size cb;
+ wchar_t wpwd[KHUI_MAXCCH_PROMPT_VALUE];
+ char pwd[KHUI_MAXCCH_PROMPT_VALUE];
+ wchar_t widname[KCDB_IDENT_MAXCCH_NAME];
+ char idname[KCDB_IDENT_MAXCCH_NAME];
+
+ char * aname = NULL;
+ char * inst = NULL;
+ char * realm = NULL;
+
+ assert(nc->subtype == KMSG_CRED_NEW_CREDS);
+
+ code = TRUE; /* just has to be non-zero */
+
+ khui_cw_get_prompt_count(nc, &n_prompts);
+
+ if (n_prompts == 0)
+ goto _skip_pwd;
+
+ for (idx = 0; idx < n_prompts; idx++) {
+ khui_new_creds_prompt * p;
+
+ if (KHM_FAILED(khui_cw_get_prompt(nc, idx, &p)))
+ continue;
+
+ if (p->type == KHUI_NCPROMPT_TYPE_PASSWORD)
+ break;
+ }
+
+ if (idx >= n_prompts)
+ goto _skip_pwd;
+
+ khui_cw_sync_prompt_values(nc);
+
+ cb = sizeof(wpwd);
+ if (KHM_FAILED(khui_cw_get_prompt_value(nc, idx,
+ wpwd,
+ &cb)))
+ goto _skip_pwd;
+
+ UnicodeStrToAnsi(pwd, sizeof(pwd), wpwd);
+
+ cb = sizeof(widname);
+ kcdb_identity_get_name(ident,
+ widname,
+ &cb);
+
+ UnicodeStrToAnsi(idname, sizeof(idname), widname);
+
+ {
+ char * atsign;
+
+ atsign = strchr(idname, '@');
+ if (atsign == NULL)
+ goto _skip_pwd;
+
+ *atsign++ = 0;
+
+ realm = atsign;
+ }
+
+ {
+ char * slash;
+
+ slash = strchr(idname, '/');
+ if (slash != NULL) {
+ *slash++ = 0;
+ inst = slash;
+ } else {
+ inst = "";
+ }
+ }
+
+ aname = idname;
+
+ code = khm_krb4_kinit(aname, inst, realm,
+ (long) d->lifetime, pwd);
+ _skip_pwd:
+
+ if (code) {
+ khui_cw_set_response(nc, credtype_id_krb4,
+ KHUI_NC_RESPONSE_EXIT |
+ KHUI_NC_RESPONSE_FAILED);
+
+ } else {
+ khui_cw_set_response(nc, credtype_id_krb4,
+ KHUI_NC_RESPONSE_EXIT |
+ KHUI_NC_RESPONSE_SUCCESS);
+
+ if (nc->subtype == KMSG_CRED_NEW_CREDS) {
+
+ assert(d != NULL);
+ k4_write_identity_data(d);
+
+ }
+ }
+ }
+ }
+ }
+ break;
+
+ case KMSG_CRED_END:
+ {
+ khui_new_creds * nc;
+ khui_new_creds_by_type * nct = NULL;
+
+ nc = (khui_new_creds *) vparam;
+ if (KHM_FAILED(khui_cw_find_type(nc, credtype_id_krb4, &nct)))
+ break;
+
+ khui_cw_del_type(nc, credtype_id_krb4);
+
+ if (nct->name)
+ PFREE(nct->name);
+
+ PFREE(nct);
+ }
+ break;
+ }
+
+ return KHM_ERROR_SUCCESS;
+}
diff --git a/src/windows/identity/plugins/krb4/krb4plugin.c b/src/windows/identity/plugins/krb4/krb4plugin.c index 106febac00..23f913bd9b 100644 --- a/src/windows/identity/plugins/krb4/krb4plugin.c +++ b/src/windows/identity/plugins/krb4/krb4plugin.c @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -28,11 +28,14 @@ #include<kherror.h>
#include<khmsgtypes.h>
#include<khuidefs.h>
+#include<utils.h>
#include<commctrl.h>
#include<strsafe.h>
#include<krb5.h>
khm_int32 credtype_id_krb4 = KCDB_CREDTYPE_INVALID;
+khm_int32 credtype_id_krb5 = KCDB_CREDTYPE_INVALID;
+
khm_boolean krb4_initialized = FALSE;
khm_handle krb4_credset = NULL;
@@ -64,7 +67,7 @@ krb4_msg_system(khm_int32 msg_type, khm_int32 msg_subtype, {
StringCbLength(buf, KCDB_MAXCB_SHORT_DESC, &cbsize);
cbsize += sizeof(wchar_t);
- ct.short_desc = malloc(cbsize);
+ ct.short_desc = PMALLOC(cbsize);
StringCbCopy(ct.short_desc, cbsize, buf);
}
@@ -76,7 +79,7 @@ krb4_msg_system(khm_int32 msg_type, khm_int32 msg_subtype, {
StringCbLength(buf, KCDB_MAXCB_SHORT_DESC, &cbsize);
cbsize += sizeof(wchar_t);
- ct.long_desc = malloc(cbsize);
+ ct.long_desc = PMALLOC(cbsize);
StringCbCopy(ct.long_desc, cbsize, buf);
}
@@ -88,34 +91,116 @@ krb4_msg_system(khm_int32 msg_type, khm_int32 msg_subtype, if(KHM_SUCCEEDED(rv))
rv = kcdb_credset_create(&krb4_credset);
+ if (KHM_SUCCEEDED(rv))
+ rv = kcdb_credtype_get_id(KRB5_CREDTYPE_NAME,
+ &credtype_id_krb5);
+
if(ct.short_desc)
- free(ct.short_desc);
+ PFREE(ct.short_desc);
if(ct.long_desc)
- free(ct.long_desc);
+ PFREE(ct.long_desc);
+
+ if (KHM_SUCCEEDED(rv)) {
+ khui_config_node idents;
+
+ ZeroMemory(®, sizeof(reg));
+
+ reg.name = KRB4_CONFIG_NODE_NAME;
+ reg.short_desc = wshort_desc;
+ reg.long_desc = wlong_desc;
+ reg.h_module = hResModule;
+ reg.dlg_template = MAKEINTRESOURCE(IDD_CFG_KRB4);
+ reg.dlg_proc = krb4_confg_proc;
+ reg.flags = 0;
+
+ LoadString(hResModule, IDS_CFG_KRB4_LONG,
+ wlong_desc, ARRAYLENGTH(wlong_desc));
+ LoadString(hResModule, IDS_CFG_KRB4_SHORT,
+ wshort_desc, ARRAYLENGTH(wshort_desc));
+
+ khui_cfg_register(NULL, ®);
+
+ khui_cfg_open(NULL, L"KhmIdentities", &idents);
+
+ ZeroMemory(®, sizeof(reg));
+
+ reg.name = KRB4_IDS_CONFIG_NODE_NAME;
+ reg.short_desc = wshort_desc;
+ reg.long_desc = wlong_desc;
+ reg.h_module = hResModule;
+ reg.dlg_template = MAKEINTRESOURCE(IDD_CFG_IDS_KRB4);
+ reg.dlg_proc = krb4_ids_config_proc;
+ reg.flags = KHUI_CNFLAG_SUBPANEL;
+
+ LoadString(hResModule, IDS_CFG_KRB4_SHORT,
+ wlong_desc, ARRAYLENGTH(wlong_desc));
+ LoadString(hResModule, IDS_CFG_KRB4_SHORT,
+ wshort_desc, ARRAYLENGTH(wshort_desc));
+
+ khui_cfg_register(idents, ®);
- ZeroMemory(®, sizeof(reg));
+ ZeroMemory(®, sizeof(reg));
- reg.name = KRB4_CONFIG_NODE_NAME;
- reg.short_desc = wshort_desc;
- reg.long_desc = wlong_desc;
- reg.h_module = hResModule;
- reg.dlg_template = MAKEINTRESOURCE(IDD_CFG_KRB4);
- reg.dlg_proc = krb4_confg_proc;
- reg.flags = 0;
+ reg.name = KRB4_ID_CONFIG_NODE_NAME;
+ reg.short_desc = wshort_desc;
+ reg.long_desc = wlong_desc;
+ reg.h_module = hResModule;
+ reg.dlg_template = MAKEINTRESOURCE(IDD_CFG_ID_KRB4);
+ reg.dlg_proc = krb4_id_config_proc;
+ reg.flags = KHUI_CNFLAG_SUBPANEL | KHUI_CNFLAG_PLURAL;
- LoadString(hResModule, IDS_CFG_KRB4_LONG,
- wlong_desc, ARRAYLENGTH(wlong_desc));
- LoadString(hResModule, IDS_CFG_KRB4_SHORT,
- wshort_desc, ARRAYLENGTH(wshort_desc));
+ LoadString(hResModule, IDS_CFG_KRB4_SHORT,
+ wlong_desc, ARRAYLENGTH(wlong_desc));
+ LoadString(hResModule, IDS_CFG_KRB4_SHORT,
+ wshort_desc, ARRAYLENGTH(wshort_desc));
- khui_cfg_register(NULL, ®);
+ khui_cfg_register(idents, ®);
+
+ khui_cfg_release(idents);
- if(KHM_SUCCEEDED(rv)) {
krb4_initialized = TRUE;
khm_krb4_list_tickets();
}
+
+ /* Lookup common data types */
+ if(KHM_FAILED(kcdb_type_get_id(TYPENAME_ENCTYPE,
+ &type_id_enctype))) {
+ rv = KHM_ERROR_UNKNOWN;
+ }
+
+ if(KHM_FAILED(kcdb_type_get_id(TYPENAME_ADDR_LIST,
+ &type_id_addr_list))) {
+ rv = KHM_ERROR_UNKNOWN;
+ }
+
+ if(KHM_FAILED(kcdb_type_get_id(TYPENAME_KRB5_FLAGS,
+ &type_id_krb5_flags))) {
+ rv = KHM_ERROR_UNKNOWN;
+ }
+
+ /* Lookup common attributes */
+ if(KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_KEY_ENCTYPE,
+ &attr_id_key_enctype))) {
+ rv = KHM_ERROR_UNKNOWN;
+ }
+
+ if(KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_TKT_ENCTYPE,
+ &attr_id_tkt_enctype))) {
+ rv = KHM_ERROR_UNKNOWN;
+ }
+
+ if(KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_ADDR_LIST,
+ &attr_id_addr_list))) {
+ rv = KHM_ERROR_UNKNOWN;
+ }
+
+ if(KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_KRB5_FLAGS,
+ &attr_id_krb5_flags))) {
+ rv = KHM_ERROR_UNKNOWN;
+ }
+
}
break;
@@ -140,11 +225,47 @@ krb4_msg_cred(khm_int32 msg_type, khm_int32 msg_subtype, khm_int32 rv = KHM_ERROR_SUCCESS;
switch(msg_subtype) {
- case KMSG_CRED_REFRESH:
- {
- khm_krb4_list_tickets();
+ case KMSG_CRED_REFRESH:
+ {
+ khm_krb4_list_tickets();
+ }
+ break;
+
+ case KMSG_CRED_DESTROY_CREDS:
+ {
+ khui_action_context * ctx;
+ khm_handle credset;
+ khm_size nc_root = 0;
+ khm_size nc_sel = 0;
+
+ ctx = (khui_action_context *) vparam;
+
+ /* if all krb4 tickets are selected, then we destroy all
+ of them. Otherwise, we do nothing. */
+
+ kcdb_credset_create(&credset);
+
+ kcdb_credset_extract(credset, ctx->credset,
+ NULL, credtype_id_krb4);
+ kcdb_credset_get_size(credset, &nc_sel);
+
+ kcdb_credset_flush(credset);
+
+ kcdb_credset_extract(credset, NULL,
+ NULL, credtype_id_krb4);
+ kcdb_credset_get_size(credset, &nc_root);
+
+ kcdb_credset_delete(credset);
+
+ if (nc_root == nc_sel) {
+ khm_krb4_kdestroy();
}
- break;
+ }
+ break;
+
+ default:
+ if (IS_CRED_ACQ_MSG(msg_subtype))
+ return krb4_msg_newcred(msg_type, msg_subtype, uparam, vparam);
}
return rv;
diff --git a/src/windows/identity/plugins/krb4/krbconfig.csv b/src/windows/identity/plugins/krb4/krbconfig.csv index bed0d1ccb9..9aa7cd944e 100644 --- a/src/windows/identity/plugins/krb4/krbconfig.csv +++ b/src/windows/identity/plugins/krb4/krbconfig.csv @@ -6,18 +6,11 @@ Krb4Cred,KC_SPACE,0,"Kerberos IV Credentials Provider" Type,KC_INT32,1,
Flags,KC_INT32,0,
Parameters,KC_SPACE,0,Parameters for KrbCred
+ Krb4NewCreds,KC_INT32,1,Obtain Kerberos 4 tickets
+ Krb4Method,KC_INT32,0,Method for acquiring K4 tix. 0-Auto;1-Password;2-K524
CreateMissingConfig,KC_INT32,0,Create missing configuration files
- MsLsaImport,KC_INT32,2,Automatically import MSLSA credentials
- AutoRenewTickets,KC_INT32,1,Automatically renew expiring tickets
DefaultLifetime,KC_INT32,36000,Default ticket lifetime
MaxLifetime,KC_INT32,86400,Maximum lifetime
MinLifetime,KC_INT32,60,Minimum lifetime
- Forwardable,KC_INT32,1,Obtain forwardable tickets (boolean)
- Proxiable,KC_INT32,0,Obtain proxiable tickets (boolean)
- Addressless,KC_INT32,1,Obtain addressless tickets (boolean)
- Renewable,KC_INT32,1,Obtain renewable tickets (boolean)
- DefaultRenewLifetime,KC_INT32,604800,Default renewable lifetime
- MaxRenewLifetime,KC_INT32,2592000,Maximum renewable lifetime
- MinRenewLifetime,KC_INT32,60,Maximum renewable lifetime
Parameters,KC_ENDSPACE,0,
Krb4Cred,KC_ENDSPACE,0,
diff --git a/src/windows/identity/plugins/krb4/krbcred.h b/src/windows/identity/plugins/krb4/krbcred.h index e56d114ee9..9f5d3c932e 100644 --- a/src/windows/identity/plugins/krb4/krbcred.h +++ b/src/windows/identity/plugins/krb4/krbcred.h @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -29,11 +29,11 @@ #include<windows.h>
-#include<khdefs.h>
-#include<kcreddb.h>
-#include<kmm.h>
-#include<kconfig.h>
+#define KHERR_FACILITY L"Kerberos4"
+#define KHERR_FACILITY_ID 65
+#define KHERR_HMODULE hResModule
+#include<netidmgr.h>
#include<krb4funcs.h>
#include<krb5common.h>
@@ -41,7 +41,6 @@ #include<dynimport.h>
#include<langres.h>
-#include<datarep.h>
#define TYPENAME_ENCTYPE L"EncType"
#define TYPENAME_ADDR_LIST L"AddrList"
@@ -86,8 +85,13 @@ extern khm_int32 attr_id_renew_for; #define KRB4_CREDTYPE_NAME L"Krb4Cred"
+#define KRB5_CREDTYPE_NAME L"Krb5Cred"
+
#define KRB4_CONFIG_NODE_NAME L"Krb4Config"
+#define KRB4_ID_CONFIG_NODE_NAME L"Krb4IdentConfig"
+#define KRB4_IDS_CONFIG_NODE_NAME L"Krb4IdentsConfig"
+
extern khm_handle csp_plugins;
extern khm_handle csp_krbcred;
extern khm_handle csp_params;
@@ -96,6 +100,7 @@ extern kconf_schema schema_krbconfig[]; /* other globals */
extern khm_int32 credtype_id_krb4;
+extern khm_int32 credtype_id_krb5;
extern khm_boolean krb4_initialized;
@@ -111,4 +116,20 @@ krb4_confg_proc(HWND hwnd, UINT uMsg,
WPARAM wParam,
LPARAM lParam);
+
+INT_PTR CALLBACK
+krb4_ids_config_proc(HWND hwnd,
+ UINT uMsg,
+ WPARAM wParam,
+ LPARAM lParam);
+
+INT_PTR CALLBACK
+krb4_id_config_proc(HWND hwnd,
+ UINT uMsg,
+ WPARAM wParam,
+ LPARAM lParam);
+
+khm_int32
+krb4_msg_newcred(khm_int32 msg_type, khm_int32 msg_subtype,
+ khm_ui_4 uparam, void * vparam);
#endif
diff --git a/src/windows/identity/plugins/krb4/lang/en_us/langres.rc b/src/windows/identity/plugins/krb4/lang/en_us/langres.rc index a5d62a26a4..042da77b7a 100644 --- a/src/windows/identity/plugins/krb4/lang/en_us/langres.rc +++ b/src/windows/identity/plugins/krb4/lang/en_us/langres.rc @@ -57,7 +57,18 @@ STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD | WS_SYSMENU EXSTYLE WS_EX_CONTROLPARENT
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- LTEXT "kRB4",IDC_STATIC,38,43,71,24
+ CONTROL "Kerberos 4 Ticket Options",IDC_STATIC,"Static",
+ SS_LEFTNOWORDWRAP | SS_SUNKEN | WS_GROUP,7,7,286,11
+ CONTROL "Obtain Kerberos 4 tickets",IDC_NCK4_OBTAIN,"Button",
+ BS_AUTOCHECKBOX | WS_TABSTOP,7,26,97,10
+ CONTROL "Automatically determine method",IDC_NCK4_AUTO,"Button",
+ BS_AUTORADIOBUTTON | WS_GROUP | WS_TABSTOP,23,58,119,10
+ CONTROL "Password",IDC_NCK4_PWD,"Button",BS_AUTORADIOBUTTON |
+ WS_TABSTOP,23,75,47,10
+ CONTROL "Kerberos 5 to 4 translation",IDC_NCK4_K524,"Button",
+ BS_AUTORADIOBUTTON | WS_TABSTOP,23,92,101,10
+ GROUPBOX "Obtain Kerberos 4 tickets using",IDC_STATIC,7,43,286,72,
+ WS_GROUP
END
IDD_CFG_KRB4 DIALOGEX 0, 0, 255, 182
@@ -75,6 +86,27 @@ BEGIN PUSHBUTTON "Browse...",IDC_CFG_RLMBROW,200,47,48,14
END
+IDD_CFG_IDS_KRB4 DIALOGEX 0, 0, 235, 151
+STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_SYSMENU
+EXSTYLE WS_EX_CONTROLPARENT
+FONT 8, "MS Shell Dlg", 400, 0, 0x1
+BEGIN
+ CONTROL "Obtain Kerberos 4 tickets",IDC_CFG_GETTIX,"Button",
+ BS_AUTOCHECKBOX | WS_TABSTOP,7,7,221,17
+ LTEXT "Note that, if enabled, Kerberos 4 tickets will be acquired during initial credential acquisition and during credential renewals.\n\nHowever, currently Kerberos 4 tickets can only be obtained for the default identity.",
+ IDC_STATIC,7,91,221,53,SS_SUNKEN
+END
+
+IDD_CFG_ID_KRB4 DIALOGEX 0, 0, 235, 151
+STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_SYSMENU
+EXSTYLE WS_EX_CONTROLPARENT
+FONT 8, "MS Shell Dlg", 400, 0, 0x1
+BEGIN
+ CONTROL "Obtain Kerberos 4 tickets for this identity",
+ IDC_CFG_GETTIX,"Button",BS_AUTOCHECKBOX | WS_DISABLED |
+ WS_TABSTOP,7,7,147,10
+END
+
/////////////////////////////////////////////////////////////////////////////
//
@@ -102,6 +134,22 @@ BEGIN TOPMARGIN, 7
BOTTOMMARGIN, 175
END
+
+ IDD_CFG_IDS_KRB4, DIALOG
+ BEGIN
+ LEFTMARGIN, 7
+ RIGHTMARGIN, 228
+ TOPMARGIN, 7
+ BOTTOMMARGIN, 144
+ END
+
+ IDD_CFG_ID_KRB4, DIALOG
+ BEGIN
+ LEFTMARGIN, 7
+ RIGHTMARGIN, 228
+ TOPMARGIN, 7
+ BOTTOMMARGIN, 144
+ END
END
#endif // APSTUDIO_INVOKED
@@ -114,6 +162,14 @@ END STRINGTABLE
BEGIN
IDS_PLUGIN_DESC "Kerberos 4 Credentials Provider"
+ IDS_NC_K4_SHORT "Kerberos 4"
+ IDS_ERR_REALM "Could not resolve realm"
+ IDS_ERR_PRINCIPAL "Invalid principal"
+ IDS_ERR_INVINST "Invalid instance"
+ IDS_ERR_PWINTKT "Could not get Kerberos 4 tickets"
+ IDS_CT_DISABLED "<p><a id=""SwitchPanel"" param=""Krb4Cred""><b>Krb4</b></a><tab>: Disabled (click <a id=""Krb4Cred:Enable"">here</a> to enable)</p>"
+ IDS_CT_TGTFOR "<p><a id=""SwitchPanel"" param=""Krb4Cred""><b>Krb4</b></a><tab>: Tickets for realm %s</p>"
+ IDS_METHOD_AUTO "Automatically determined method"
END
STRINGTABLE
@@ -124,6 +180,13 @@ BEGIN IDS_CFG_KRB4_SHORT "Kerberos 4"
END
+STRINGTABLE
+BEGIN
+ IDS_METHOD_PWD "Password"
+ IDS_METHOD_K524 "Kerberos 5 to 4 translation"
+ IDS_CFG_IDS_KRB4_SHORT "Kerberos 4"
+END
+
#endif // English (U.S.) resources
/////////////////////////////////////////////////////////////////////////////
diff --git a/src/windows/identity/plugins/krb4/langres.h b/src/windows/identity/plugins/krb4/langres.h index 2096adec3b..ceb2360075 100644 --- a/src/windows/identity/plugins/krb4/langres.h +++ b/src/windows/identity/plugins/krb4/langres.h @@ -1,6 +1,6 @@ //{{NO_DEPENDENCIES}}
// Microsoft Visual C++ generated include file.
-// Used by D:\work\khimaira\src\plugins\krb4\lang\en_us\langres.rc
+// Used by D:\work\pismere\athena\auth\krb5\src\windows\identity\plugins\krb4\lang\en_us\langres.rc
//
#define IDS_UNK_ADDR_FMT 101
#define IDS_KRB5_CREDTEXT_0 102
@@ -8,16 +8,29 @@ #define IDS_PLUGIN_DESC 103
#define IDS_KEY_ENCTYPE_SHORT_DESC 104
#define IDD_CFG_KRB4 104
+#define IDS_NC_K4_SHORT 104
#define IDS_TKT_ENCTYPE_SHORT_DESC 105
+#define IDS_ERR_REALM 105
+#define IDD_CFG_IDS_KRB4 105
#define IDS_KEY_ENCTYPE_LONG_DESC 106
+#define IDS_ERR_PRINCIPAL 106
+#define IDD_CFG_ID_KRB4 106
#define IDS_TKT_ENCTYPE_LONG_DESC 107
+#define IDS_ERR_INVINST 107
#define IDS_ADDR_LIST_SHORT_DESC 108
+#define IDS_ERR_PWINTKT 108
#define IDS_ADDR_LIST_LONG_DESC 109
+#define IDS_CT_DISABLED 109
#define IDS_ETYPE_NULL 110
+#define IDS_CT_TGTFOR 110
#define IDS_ETYPE_DES_CBC_CRC 111
+#define IDS_METHOD_AUTO 111
#define IDS_ETYPE_DES_CBC_MD4 112
+#define IDS_METHOD_PWD 112
#define IDS_ETYPE_DES_CBC_MD5 113
+#define IDS_METHOD_K524 113
#define IDS_ETYPE_DES_CBC_RAW 114
+#define IDS_CFG_IDS_KRB4_SHORT 114
#define IDS_ETYPE_DES3_CBC_SHA 115
#define IDS_ETYPE_DES3_CBC_RAW 116
#define IDS_ETYPE_DES_HMAC_SHA1 117
@@ -65,14 +78,20 @@ #define IDC_CFG_RLMPATH 1030
#define IDC_CFG_CFGBROW 1031
#define IDC_CFG_RLMBROW 1032
+#define IDC_NCK4_OBTAIN 1033
+#define IDC_NCK4_PWD 1034
+#define IDC_NCK4_K524 1035
+#define IDC_NCK4_AUTO 1036
+#define IDC_CFG_GETTIX 1037
+#define IDC_CHECK1 1038
// Next default values for new objects
//
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
-#define _APS_NEXT_RESOURCE_VALUE 105
+#define _APS_NEXT_RESOURCE_VALUE 107
#define _APS_NEXT_COMMAND_VALUE 40001
-#define _APS_NEXT_CONTROL_VALUE 1033
+#define _APS_NEXT_CONTROL_VALUE 1039
#define _APS_NEXT_SYMED_VALUE 101
#endif
#endif
diff --git a/src/windows/identity/plugins/krb4/version.rc b/src/windows/identity/plugins/krb4/version.rc new file mode 100644 index 0000000000..3ca6b1cb9f --- /dev/null +++ b/src/windows/identity/plugins/krb4/version.rc @@ -0,0 +1,66 @@ +/* Copyright (c) 2004 Massachusetts Institute of Technology
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use, copy,
+ * modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ *
+ */
+
+/* $Id$ */
+
+#include<netidmgr_intver.h>
+
+1 VERSIONINFO
+ FILEVERSION KH_VERSION_LIST
+ PRODUCTVERSION KH_VERSION_LIST
+ FILEFLAGSMASK KH_VER_FILEFLAGMASK
+ FILEFLAGS KH_VER_FILEFLAGS
+ FILEOS KH_VER_FILEOS
+ FILETYPE KH_VER_FILETYPEDLL
+ FILESUBTYPE 0
+ {
+
+ BLOCK "StringFileInfo"
+ {
+ BLOCK "040904b0"
+ {
+ VALUE "CompanyName", KH_VERSTR_COMPANY_1033
+ VALUE "FileDescription", "Kerberos 4 plugin for NetIDMgr"
+ VALUE "FileVersion", KH_VERSTR_VERSION_1033
+ VALUE "InternalName", "krb4cred"
+ VALUE "LegalCopyright", KH_VERSTR_COPYRIGHT_1033
+ VALUE "OriginalFilename", "krb4cred.dll"
+ VALUE "ProductName", "NetIDMgr"
+ VALUE "ProductVersion", KH_VERSTR_PRODUCT_1033
+#ifdef KH_VERSTR_COMMENT_1033
+ VALUE "Comment", KH_VERSTR_COMMENT_1033
+#endif
+ VALUE NIMV_MODULE, "MITKrb4"
+ VALUE NIMV_PLUGINS, "Krb4Cred"
+ VALUE NIMV_APIVER, KH_VERSION_STRINGAPI
+ VALUE NIMV_SUPPORT, "http://web.mit.edu/kerberos"
+ }
+ }
+
+ BLOCK "VarFileInfo"
+ {
+ VALUE "Translation", 0x409, 1200
+ }
+
+ }
diff --git a/src/windows/identity/plugins/krb5/Makefile b/src/windows/identity/plugins/krb5/Makefile index 9bf9ef020e..e0553d8461 100644 --- a/src/windows/identity/plugins/krb5/Makefile +++ b/src/windows/identity/plugins/krb5/Makefile @@ -32,7 +32,7 @@ LIBFILE=$(LIBDIR)\krb5cred.lib OBJFILES= \
$(LIBDIR)\dynimport.obj \
$(LIBDIR)\krb5common.obj \
- $(OBJ)\main.obj \
+ $(OBJ)\krb5main.obj \
$(OBJ)\datarep.obj \
$(OBJ)\errorfuncs.obj \
$(OBJ)\krb5plugin.obj \
@@ -41,21 +41,28 @@ OBJFILES= \ $(OBJ)\krb5funcs.obj \
$(OBJ)\krb5config.obj \
$(OBJ)\krb5identpro.obj \
- $(OBJ)\krb5configdlg.obj
+ $(OBJ)\krb5configdlg.obj \
+ $(OBJ)\krb5configcc.obj \
+ $(OBJ)\krb5configid.obj \
+ $(OBJ)\krb5configids.obj
LIBFILES= \
$(LIBDIR)\nidmgr32.lib \
$(KFWLIBDIR)\loadfuncs.lib
SDKLIBFILES= \
- netapi32.lib
+ netapi32.lib \
+ shlwapi.lib \
+ comctl32.lib
MSGRESFILE=$(OBJ)\krb5_msgs.res
+VERRESFILE=$(OBJ)\version.res
+
$(OBJ)\krb5config.c: krbconfig.csv $(CONFDIR)\csvschema.cfg
$(CCSV) $** $@
-$(DLLFILE): $(MSGRESFILE) $(OBJFILES)
+$(DLLFILE): $(MSGRESFILE) $(VERRESFILE) $(OBJFILES)
$(DLLGUILINK) $(LIBFILES) $(SDKLIBFILES)
$(MSGRESFILE): $(OBJ)\krb5_msgs.rc
diff --git a/src/windows/identity/plugins/krb5/datarep.c b/src/windows/identity/plugins/krb5/datarep.c index f8cc4cc484..2c40360833 100644 --- a/src/windows/identity/plugins/krb5/datarep.c +++ b/src/windows/identity/plugins/krb5/datarep.c @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -39,7 +39,7 @@ khm_int32 KHMAPI enctype_toString(const void * data, khm_size cbdata, wchar_t *d size_t cblength;
if(cbdata != sizeof(khm_int32))
- return KHM_ERROR_INVALID_PARM;
+ return KHM_ERROR_INVALID_PARAM;
etype = *((khm_int32 *) data);
diff --git a/src/windows/identity/plugins/krb5/datarep.h b/src/windows/identity/plugins/krb5/datarep.h index e5388f01db..ac6771cb9c 100644 --- a/src/windows/identity/plugins/krb5/datarep.h +++ b/src/windows/identity/plugins/krb5/datarep.h @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -34,4 +34,4 @@ khm_int32 KHMAPI krb5flags_toString(const void *, khm_size, wchar_t *, khm_size khm_int32 KHMAPI renew_for_cb(khm_handle cred, khm_int32 id, void * buffer, khm_size * pcbsize);
-#endif
\ No newline at end of file +#endif
diff --git a/src/windows/identity/plugins/krb5/errorfuncs.c b/src/windows/identity/plugins/krb5/errorfuncs.c index ab64889cb7..28016d3cb8 100644 --- a/src/windows/identity/plugins/krb5/errorfuncs.c +++ b/src/windows/identity/plugins/krb5/errorfuncs.c @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
diff --git a/src/windows/identity/plugins/krb5/errorfuncs.h b/src/windows/identity/plugins/krb5/errorfuncs.h index 46d68f9fc0..86fc5b4404 100644 --- a/src/windows/identity/plugins/krb5/errorfuncs.h +++ b/src/windows/identity/plugins/krb5/errorfuncs.h @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
diff --git a/src/windows/identity/plugins/krb5/images/deleted.ico b/src/windows/identity/plugins/krb5/images/deleted.ico Binary files differnew file mode 100644 index 0000000000..a8063f9ee7 --- /dev/null +++ b/src/windows/identity/plugins/krb5/images/deleted.ico diff --git a/src/windows/identity/plugins/krb5/images/krb5plugin.ico b/src/windows/identity/plugins/krb5/images/krb5plugin.ico Binary files differnew file mode 100644 index 0000000000..791b359694 --- /dev/null +++ b/src/windows/identity/plugins/krb5/images/krb5plugin.ico diff --git a/src/windows/identity/plugins/krb5/images/modified.ico b/src/windows/identity/plugins/krb5/images/modified.ico Binary files differnew file mode 100644 index 0000000000..733d9d5348 --- /dev/null +++ b/src/windows/identity/plugins/krb5/images/modified.ico diff --git a/src/windows/identity/plugins/krb5/images/new.ico b/src/windows/identity/plugins/krb5/images/new.ico Binary files differnew file mode 100644 index 0000000000..1049eb2148 --- /dev/null +++ b/src/windows/identity/plugins/krb5/images/new.ico diff --git a/src/windows/identity/plugins/krb5/images/normal.ico b/src/windows/identity/plugins/krb5/images/normal.ico Binary files differnew file mode 100644 index 0000000000..56a702fee1 --- /dev/null +++ b/src/windows/identity/plugins/krb5/images/normal.ico diff --git a/src/windows/identity/plugins/krb5/krb5configcc.c b/src/windows/identity/plugins/krb5/krb5configcc.c new file mode 100644 index 0000000000..256f6b75e9 --- /dev/null +++ b/src/windows/identity/plugins/krb5/krb5configcc.c @@ -0,0 +1,547 @@ +/*
+ * Copyright (c) 2005 Massachusetts Institute of Technology
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use, copy,
+ * modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+/* $Id$ */
+
+#include<krbcred.h>
+#include<krb5.h>
+#include<assert.h>
+#include<lm.h>
+#include<commctrl.h>
+
+#pragma warning(push)
+#pragma warning(disable: 4995)
+#include<shlwapi.h>
+#pragma warning(pop)
+
+typedef struct tag_k5_file_cc {
+ wchar_t path[MAX_PATH];
+ khm_int32 flags;
+} k5_file_cc;
+
+#define K5_FCC_ALLOC_INCR 8
+
+#define K5_FCC_FLAG_EXISTS 1
+
+typedef struct tag_k5_ccc_data {
+ khm_boolean inc_api;
+ khm_boolean inc_mslsa;
+ k5_file_cc * file_ccs;
+ khm_size n_file_ccs;
+ khm_size nc_file_ccs;
+} k5_ccc_data;
+
+typedef struct tag_k5_ccc_dlg_data {
+ khui_config_node node;
+ k5_ccc_data save;
+ k5_ccc_data work;
+} k5_ccc_dlg_data;
+
+void k5_free_file_ccs(k5_ccc_data * d) {
+ if (d->file_ccs)
+ PFREE(d->file_ccs);
+ d->n_file_ccs = 0;
+ d->nc_file_ccs = 0;
+}
+
+void k5_flush_file_ccs(k5_ccc_data * d) {
+ d->n_file_ccs = 0;
+}
+
+void k5_del_file_cc(k5_ccc_data * d, khm_size idx) {
+ if (idx > d->n_file_ccs)
+ return;
+
+ if (idx < d->n_file_ccs - 1) {
+ MoveMemory(&d->file_ccs[idx],
+ &d->file_ccs[idx + 1],
+ sizeof(d->file_ccs[0]) * (d->n_file_ccs - (idx + 1)));
+ }
+
+ d->n_file_ccs--;
+}
+
+void k5_add_file_cc(k5_ccc_data * d, wchar_t * path) {
+ khm_size i;
+ khm_size cch;
+
+ if (FAILED(StringCchLength(path, MAX_PATH, &cch)) ||
+ cch == 0)
+ return;
+
+ /* see if it's there first */
+ for (i=0; i < d->n_file_ccs; i++) {
+ if(!wcsicmp(d->file_ccs[i].path, path))
+ return;
+ }
+
+ if (d->n_file_ccs == d->nc_file_ccs) {
+ k5_file_cc * f;
+
+ d->nc_file_ccs = UBOUNDSS(d->n_file_ccs + 1,
+ K5_FCC_ALLOC_INCR,
+ K5_FCC_ALLOC_INCR);
+#ifdef DEBUG
+ assert(d->nc_file_ccs > d->n_file_ccs);
+#endif
+ f = PMALLOC(sizeof(*f) * d->nc_file_ccs);
+ ZeroMemory(f, sizeof(*f) * d->nc_file_ccs);
+
+ if (d->n_file_ccs > 0) {
+#ifdef DEBUG
+ assert(d->file_ccs != NULL);
+#endif
+ memcpy(f, d->file_ccs, sizeof(*f) * d->n_file_ccs);
+ }
+ if (d->file_ccs)
+ PFREE(d->file_ccs);
+ d->file_ccs = f;
+ }
+
+ StringCbCopy(d->file_ccs[d->n_file_ccs].path,
+ sizeof(d->file_ccs[0].path),
+ path);
+ if(PathFileExists(path))
+ d->file_ccs[d->n_file_ccs].flags = K5_FCC_FLAG_EXISTS;
+ else
+ d->file_ccs[d->n_file_ccs].flags = 0;
+
+ d->n_file_ccs++;
+}
+
+void k5_read_file_cc_data(k5_ccc_data * d) {
+ khm_int32 t;
+ wchar_t * fclist = NULL;
+ wchar_t * fc;
+ khm_size cb;
+
+#ifdef DEBUG
+ assert(csp_params);
+#endif
+
+ d->inc_api = TRUE;
+ t = TRUE;
+ khc_read_int32(csp_params, L"MsLsaList", &t);
+ d->inc_mslsa = t;
+
+ if (khc_read_multi_string(csp_params, L"FileCCList", NULL, &cb)
+ != KHM_ERROR_TOO_LONG ||
+ cb <= sizeof(wchar_t) * 2) {
+
+ k5_flush_file_ccs(d);
+ } else {
+ fclist = PMALLOC(cb);
+#ifdef DEBUG
+ assert(fclist);
+#endif
+ khc_read_multi_string(csp_params, L"FileCCList", fclist, &cb);
+
+ for(fc = fclist; fc && *fc; fc = multi_string_next(fc)) {
+ k5_add_file_cc(d, fc);
+ }
+
+ PFREE(fclist);
+ }
+}
+
+void k5_write_file_cc_data(k5_ccc_data * d) {
+ wchar_t * ms;
+ khm_size cb;
+ khm_size cbt;
+ khm_int32 t;
+ khm_size i;
+
+#ifdef DEBUG
+ assert(csp_params);
+#endif
+ if (KHM_FAILED(khc_read_int32(csp_params, L"MsLsaList", &t)) ||
+ !!t != !!d->inc_mslsa) {
+ khc_write_int32(csp_params, L"MsLsaList", !!d->inc_mslsa);
+ }
+
+ if (d->n_file_ccs > 0) {
+ cb = d->n_file_ccs * MAX_PATH * sizeof(wchar_t);
+ ms = PMALLOC(cb);
+#ifdef DEBUG
+ assert(ms);
+#endif
+ multi_string_init(ms, cb);
+
+ for(i=0; i<d->n_file_ccs; i++) {
+ cbt = cb;
+ multi_string_append(ms, &cbt, d->file_ccs[i].path);
+ }
+
+ khc_write_multi_string(csp_params, L"FileCCList", ms);
+
+ PFREE(ms);
+ } else {
+ if (khc_read_multi_string(csp_params, L"FileCCList", NULL, &cb)
+ != KHM_ERROR_TOO_LONG ||
+ cb != sizeof(wchar_t) * 2)
+
+ khc_write_multi_string(csp_params, L"FileCCList", L"\0\0");
+ }
+}
+
+void k5_copy_file_cc_data(k5_ccc_data * dest, const k5_ccc_data * src) {
+ khm_size i;
+
+ k5_flush_file_ccs(dest);
+ dest->inc_mslsa = src->inc_mslsa;
+ dest->inc_api = src->inc_api;
+
+ for (i=0; i < src->n_file_ccs; i++) {
+ k5_add_file_cc(dest, src->file_ccs[i].path);
+ }
+}
+
+BOOL k5_ccc_get_mod(k5_ccc_dlg_data * d) {
+ khm_size i, j;
+
+ if (!!d->work.inc_mslsa != !!d->save.inc_mslsa ||
+ !!d->work.inc_api != !!d->save.inc_api ||
+ d->work.n_file_ccs != d->save.n_file_ccs)
+ return TRUE;
+
+ for (i=0; i < d->work.n_file_ccs; i++) {
+ for (j=0; j < d->save.n_file_ccs; j++) {
+ if (!wcsicmp(d->work.file_ccs[i].path,
+ d->save.file_ccs[j].path))
+ break;
+ }
+ if (j >= d->save.n_file_ccs)
+ return TRUE;
+ }
+
+ return FALSE;
+}
+
+void k5_ccc_update_ui(HWND hwnd, k5_ccc_dlg_data * d) {
+ khm_size i;
+ HWND lv;
+
+ if (d->work.inc_api)
+ CheckDlgButton(hwnd, IDC_CFG_INCAPI, BST_CHECKED);
+ else
+ CheckDlgButton(hwnd, IDC_CFG_INCAPI, BST_UNCHECKED);
+ if (d->work.inc_mslsa)
+ CheckDlgButton(hwnd, IDC_CFG_INCMSLSA, BST_CHECKED);
+ else
+ CheckDlgButton(hwnd, IDC_CFG_INCMSLSA, BST_UNCHECKED);
+
+ lv = GetDlgItem(hwnd, IDC_CFG_FCLIST);
+#ifdef DEBUG
+ assert(lv);
+#endif
+ ListView_DeleteAllItems(lv);
+
+ for (i=0; i<d->work.n_file_ccs; i++) {
+ LVITEM lvi;
+
+ ZeroMemory(&lvi, sizeof(lvi));
+
+ lvi.mask = LVIF_PARAM | LVIF_TEXT;
+ lvi.lParam = (LPARAM) i;
+ lvi.pszText = d->work.file_ccs[i].path;
+
+ ListView_InsertItem(lv, &lvi);
+ }
+
+ if (k5_ccc_get_mod(d)) {
+ khui_cfg_set_flags(d->node,
+ KHUI_CNFLAG_MODIFIED,
+ KHUI_CNFLAG_MODIFIED);
+ } else {
+ khui_cfg_set_flags(d->node,
+ 0,
+ KHUI_CNFLAG_MODIFIED);
+ }
+}
+
+void k5_ccc_update_data(HWND hwnd, k5_ccc_data * d) {
+ if (IsDlgButtonChecked(hwnd, IDC_CFG_INCAPI) == BST_CHECKED)
+ d->inc_api = TRUE;
+ else
+ d->inc_api = FALSE;
+
+ if (IsDlgButtonChecked(hwnd, IDC_CFG_INCMSLSA) == BST_CHECKED)
+ d->inc_mslsa = TRUE;
+ else
+ d->inc_mslsa = FALSE;
+ /* everything else is controlled by buttons */
+}
+
+INT_PTR CALLBACK
+k5_ccconfig_dlgproc(HWND hwnd,
+ UINT uMsg,
+ WPARAM wParam,
+ LPARAM lParam) {
+
+ k5_ccc_dlg_data * d;
+
+ switch(uMsg) {
+ case WM_INITDIALOG:
+ d = PMALLOC(sizeof(*d));
+#ifdef DEBUG
+ assert(d);
+#endif
+ ZeroMemory(d, sizeof(*d));
+ k5_read_file_cc_data(&d->save);
+ k5_copy_file_cc_data(&d->work, &d->save);
+
+ d->node = (khui_config_node) lParam;
+
+#pragma warning(push)
+#pragma warning(disable: 4244)
+ SetWindowLongPtr(hwnd, DWLP_USER, (LONG_PTR) d);
+#pragma warning(pop)
+
+ {
+ LVCOLUMN lvc;
+ HWND lv;
+ wchar_t buf[256];
+ RECT r;
+
+ lv = GetDlgItem(hwnd, IDC_CFG_FCLIST);
+#ifdef DEBUG
+ assert(lv);
+#endif
+ ZeroMemory(&lvc, sizeof(lvc));
+ lvc.mask = LVCF_TEXT | LVCF_WIDTH;
+
+ LoadString(hResModule, IDS_CFG_FCTITLE,
+ buf, ARRAYLENGTH(buf));
+
+ GetWindowRect(lv, &r);
+
+ lvc.pszText = buf;
+ lvc.cx = (r.right - r.left) * 9 / 10;
+
+ ListView_InsertColumn(lv, 0, &lvc);
+ }
+
+ SendDlgItemMessage(hwnd, IDC_CFG_FCNAME, EM_SETLIMITTEXT,
+ MAX_PATH - 1, 0);
+
+ k5_ccc_update_ui(hwnd, d);
+ break;
+
+ case WM_COMMAND:
+ d = (k5_ccc_dlg_data *) (DWORD_PTR)
+ GetWindowLongPtr(hwnd, DWLP_USER);
+ switch(wParam) {
+ case MAKEWPARAM(IDC_CFG_ADD, BN_CLICKED):
+ {
+ wchar_t path[MAX_PATH];
+ wchar_t cpath[MAX_PATH];
+ khm_size i;
+
+ GetDlgItemText(hwnd, IDC_CFG_FCNAME,
+ cpath, ARRAYLENGTH(cpath));
+
+ PathCanonicalize(path, cpath);
+
+ if (!*path)
+ return TRUE; /* nothing to add */
+
+ for (i=0; i < d->work.n_file_ccs; i++) {
+ if (!wcsicmp(path, d->work.file_ccs[i].path)) {
+
+ /* allow the user to correct case, as appropriate */
+ StringCbCopy(d->work.file_ccs[i].path,
+ sizeof(d->work.file_ccs[i].path),
+ path);
+ k5_ccc_update_ui(hwnd, d);
+ return TRUE;
+ }
+ }
+
+ /* not there. we need to add. but check a few things
+ first */
+ if (!PathFileExists(path)) {
+ EDITBALLOONTIP bt;
+ wchar_t title[64];
+ wchar_t text[128];
+
+ bt.cbStruct = sizeof(bt);
+ bt.pszTitle = title;
+ LoadString(hResModule, IDS_CFG_FCN_WARNING,
+ title, ARRAYLENGTH(title));
+ bt.pszText = text;
+ LoadString(hResModule, IDS_CFG_FCN_W_NOTFOUND,
+ text, ARRAYLENGTH(text));
+ bt.ttiIcon = TTI_WARNING;
+
+ SendDlgItemMessage(hwnd, IDC_CFG_FCNAME,
+ EM_SHOWBALLOONTIP,
+ 0,
+ (LPARAM) &bt);
+
+ } else if (PathIsRelative(path)) {
+ EDITBALLOONTIP bt;
+ wchar_t title[64];
+ wchar_t text[128];
+
+ bt.cbStruct = sizeof(bt);
+ bt.pszTitle = title;
+ LoadString(hResModule, IDS_CFG_FCN_WARNING,
+ title, ARRAYLENGTH(title));
+ bt.pszText = text;
+ LoadString(hResModule, IDS_CFG_FCN_W_RELATIVE,
+ text, ARRAYLENGTH(text));
+ bt.ttiIcon = TTI_WARNING;
+
+ SendDlgItemMessage(hwnd, IDC_CFG_FCNAME,
+ EM_SHOWBALLOONTIP,
+ 0,
+ (LPARAM) &bt);
+ }
+
+ k5_add_file_cc(&d->work, path);
+
+ k5_ccc_update_ui(hwnd, d);
+ }
+ return TRUE;
+
+ case MAKEWPARAM(IDC_CFG_BROWSE, BN_CLICKED):
+ {
+ OPENFILENAME ofn;
+ wchar_t path[MAX_PATH * 8];
+ wchar_t title[128];
+
+ ZeroMemory(&ofn, sizeof(ofn));
+ ZeroMemory(path, sizeof(path));
+
+ GetDlgItemText(hwnd, IDC_CFG_FCNAME,
+ path, ARRAYLENGTH(path));
+
+ /* don't pass in invalid paths */
+ if (!PathFileExists(path))
+ *path = 0;
+
+ ofn.lStructSize = sizeof(ofn);
+ ofn.hwndOwner = hwnd;
+ ofn.lpstrFilter = L"All files\0*.*\0\0";
+ ofn.nFilterIndex = 1;
+ ofn.lpstrFile = path;
+ ofn.nMaxFile = ARRAYLENGTH(path);
+ ofn.lpstrTitle = title;
+
+ LoadString(hResModule, IDS_CFG_FCOPENTITLE,
+ title, ARRAYLENGTH(title));
+
+ ofn.Flags = OFN_ALLOWMULTISELECT |
+ OFN_DONTADDTORECENT |
+ OFN_FORCESHOWHIDDEN |
+ OFN_EXPLORER;
+
+ if (GetOpenFileName(&ofn)) {
+ wchar_t * p;
+ wchar_t spath[MAX_PATH];
+
+ p = multi_string_next(path);
+ if (p) {
+ /* multi select */
+ for(;p && *p; p = multi_string_next(p)) {
+ StringCbCopy(spath, sizeof(spath), path);
+ PathAppend(spath, p);
+
+ k5_add_file_cc(&d->work, spath);
+ }
+ } else {
+ /* single select */
+ k5_add_file_cc(&d->work, path);
+ }
+ k5_ccc_update_ui(hwnd, d);
+ }
+ }
+ return TRUE;
+
+ case MAKEWPARAM(IDC_CFG_REMOVE, BN_CLICKED):
+ {
+ khm_size i;
+ int lv_idx;
+ HWND lv;
+ wchar_t buf[MAX_PATH];
+
+ lv = GetDlgItem(hwnd, IDC_CFG_FCLIST);
+#ifdef DEBUG
+ assert(lv);
+#endif
+
+ lv_idx = -1;
+ while((lv_idx = ListView_GetNextItem(lv, lv_idx,
+ LVNI_SELECTED)) != -1) {
+ ListView_GetItemText(lv, lv_idx, 0, buf, ARRAYLENGTH(buf));
+ for (i=0; i < d->work.n_file_ccs; i++) {
+ if (!wcsicmp(buf, d->work.file_ccs[i].path)) {
+ k5_del_file_cc(&d->work, i);
+ break;
+ }
+ }
+ }
+
+ k5_ccc_update_ui(hwnd, d);
+ }
+ return TRUE;
+
+ case MAKEWPARAM(IDC_CFG_INCAPI, BN_CLICKED):
+ case MAKEWPARAM(IDC_CFG_INCMSLSA, BN_CLICKED):
+ k5_ccc_update_data(hwnd, &d->work);
+ k5_ccc_update_ui(hwnd, d);
+ return TRUE;
+ }
+ break;
+
+ case WM_DESTROY:
+ d = (k5_ccc_dlg_data *) (DWORD_PTR)
+ GetWindowLongPtr(hwnd, DWLP_USER);
+
+ k5_free_file_ccs(&d->work);
+ k5_free_file_ccs(&d->save);
+ PFREE(d);
+ return TRUE;
+
+ case KHUI_WM_CFG_NOTIFY:
+ d = (k5_ccc_dlg_data *) (DWORD_PTR)
+ GetWindowLongPtr(hwnd, DWLP_USER);
+
+ switch(HIWORD(wParam)) {
+ case WMCFG_APPLY:
+ if (k5_ccc_get_mod(d)) {
+ k5_write_file_cc_data(&d->work);
+ k5_copy_file_cc_data(&d->save, &d->work);
+ khui_cfg_set_flags(d->node,
+ KHUI_CNFLAG_APPLIED,
+ KHUI_CNFLAG_APPLIED);
+ k5_ccc_update_ui(hwnd, d);
+
+ kmq_post_sub_msg(k5_sub, KMSG_CRED, KMSG_CRED_REFRESH, 0, 0);
+ }
+ break;
+ }
+ }
+ return FALSE;
+}
diff --git a/src/windows/identity/plugins/krb5/krb5configdlg.c b/src/windows/identity/plugins/krb5/krb5configdlg.c index c3b00e1612..63fdc32b63 100644 --- a/src/windows/identity/plugins/krb5/krb5configdlg.c +++ b/src/windows/identity/plugins/krb5/krb5configdlg.c @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -28,6 +28,860 @@ #include<krb5.h>
#include<assert.h>
#include<lm.h>
+#include<commctrl.h>
+
+#pragma warning(push)
+#pragma warning(disable: 4995)
+#include<shlwapi.h>
+#pragma warning(pop)
+
+
+typedef struct tag_k5_realm_kdc {
+ wchar_t name[K5_MAXCCH_HOST];
+ khm_boolean admin; /* admin server? */
+ khm_boolean master; /* master kdc? */
+ khm_int32 flags;
+} k5_realm_kdc;
+
+#define K5_RKFLAG_DELETED 1
+#define K5_RKFLAG_NEW 2
+#define K5_RKFLAG_MOD_ADMIN 4
+#define K5_RKFLAG_MOD_MASTER 8
+
+typedef struct tag_k5_domain_map {
+ wchar_t name[K5_MAXCCH_HOST]; /* name of host that maps to a
+ realm */
+ khm_int32 flags;
+} k5_domain_map;
+
+#define K5_DMFLAG_DELETED 1
+#define K5_DMFLAG_NEW 2
+
+typedef struct tag_k5_realm_data {
+ wchar_t realm[K5_MAXCCH_REALM];
+ k5_realm_kdc kdcs[K5_MAX_KDC];
+ khm_size n_kdcs;
+ k5_domain_map domain_maps[K5_MAX_DOMAIN_MAPPINGS];
+ khm_size n_domain_maps;
+
+ khm_int32 flags;
+} k5_realm_data;
+
+#define K5_RDFLAG_DELETED 1
+#define K5_RDFLAG_NEW 2
+#define K5_RDFLAG_MODIFED 4
+
+#define K5_REALMS_ALLOC_INCR 8
+
+typedef struct tag_k5_config_data {
+ wchar_t def_realm[K5_MAXCCH_REALM]; /* default realm */
+
+ wchar_t config_file[MAX_PATH]; /* path to configuration file */
+ khm_boolean create_config_file; /* create config_file if missing? */
+
+ /* [libdefaults] */
+ khm_boolean dns_lookup_kdc;
+ khm_boolean dns_lookup_realm;
+ khm_boolean dns_fallback;
+
+ khm_boolean noaddresses;
+
+ k5_lsa_import lsa_import; /* import mslsa creds? */
+
+ /* [realms] */
+ k5_realm_data *realms;
+ khm_size n_realms;
+ khm_size nc_realms;
+ khm_size c_realm;
+
+ khui_config_node node_main;
+ khui_config_node node_realm;
+
+ khm_int32 flags;
+} k5_config_data;
+
+#define K5_CDFLAG_MOD_DEF_REALM 1
+#define K5_CDFLAG_MOD_CONF_FILE 2
+#define K5_CDFLAG_MOD_DNS_LOOKUP_KDC 4
+#define K5_CDFLAG_MOD_DNS_LOOKUP_RLM 8
+#define K5_CDFLAG_MOD_DNS_FALLBACK 0x10
+#define K5_CDFLAG_MOD_NOADDRESSES 0x20
+#define K5_CDFLAG_MOD_LSA_IMPORT 0x40
+#define K5_CDFLAG_MOD_CREATE_CONF 0x80
+#define K5_CDFLAG_MOD_REALMS 0x1000
+
+static const char *const conf_yes[] = {
+ "y", "yes", "true", "t", "1", "on",
+ 0,
+};
+
+static const char *const conf_no[] = {
+ "n", "no", "false", "nil", "0", "off",
+ 0,
+};
+
+int
+k5_parse_boolean(const char *s)
+{
+ const char *const *p;
+
+ for(p=conf_yes; *p; p++) {
+ if (!stricmp(*p,s))
+ return 1;
+ }
+
+ for(p=conf_no; *p; p++) {
+ if (!stricmp(*p,s))
+ return 0;
+ }
+
+ /* Default to "no" */
+ return 0;
+}
+
+void
+k5_init_config_data(k5_config_data * d) {
+ ZeroMemory(d, sizeof(*d));
+}
+
+void
+k5_free_config_data(k5_config_data * d) {
+ if (d->realms)
+ PFREE(d->realms);
+
+ k5_init_config_data(d);
+}
+
+static void
+k5_assert_n_realms(k5_config_data * d, khm_size n) {
+ khm_size nc_realms;
+
+ if (n <= d->nc_realms)
+ return;
+
+ nc_realms = UBOUNDSS(n, K5_REALMS_ALLOC_INCR, K5_REALMS_ALLOC_INCR);
+ assert(nc_realms > d->nc_realms);
+
+ d->realms = PREALLOC(d->realms, nc_realms * sizeof(*(d->realms)));
+ d->nc_realms = nc_realms;
+
+ ZeroMemory(&d->realms[d->n_realms],
+ (d->nc_realms - d->n_realms) * sizeof(*(d->realms)));
+}
+
+void
+k5_purge_config_data(k5_config_data * d,
+ khm_boolean purge_realms,
+ khm_boolean purge_kdcs,
+ khm_boolean purge_dmap) {
+ khm_size r;
+ khm_size k;
+ khm_size m;
+
+ for (r=0; r < d->n_realms; r++) {
+ if (purge_realms &&
+ (d->realms[r].flags & K5_RDFLAG_NEW) &&
+ (d->realms[r].flags & K5_RDFLAG_DELETED)) {
+
+ if (d->n_realms > r+1)
+ MoveMemory(&d->realms[r], &d->realms[r+1],
+ sizeof(d->realms[0]) * (d->n_realms - (r+1)));
+ r--;
+ d->n_realms--;
+ continue;
+ }
+
+ for (k=0; k < d->realms[r].n_kdcs; k++) {
+ if (purge_kdcs &&
+ (d->realms[r].kdcs[k].flags & K5_RKFLAG_NEW) &&
+ (d->realms[r].kdcs[k].flags & K5_RKFLAG_DELETED)) {
+ if (d->realms[r].n_kdcs > k + 1)
+ MoveMemory(&d->realms[r].kdcs[k],
+ &d->realms[r].kdcs[k+1],
+ sizeof(d->realms[0].kdcs[0]) *
+ (d->realms[r].n_kdcs - (k+1)));
+ k--;
+ d->realms[r].n_kdcs--;
+ continue;
+ }
+ }
+
+ if (K5_MAX_KDC > k+1)
+ ZeroMemory(&d->realms[r].kdcs[k],
+ sizeof(d->realms[0].kdcs[0]) *
+ (K5_MAX_KDC - (k + 1)));
+
+ for (m=0; m < d->realms[r].n_domain_maps; m++) {
+ if (purge_dmap &&
+ (d->realms[r].domain_maps[m].flags & K5_DMFLAG_NEW) &&
+ (d->realms[r].domain_maps[m].flags & K5_DMFLAG_DELETED)) {
+ if (d->realms[r].n_domain_maps > m + 1)
+ MoveMemory(&d->realms[r].domain_maps[m],
+ &d->realms[r].domain_maps[m+1],
+ sizeof(d->realms[0].domain_maps[0]) *
+ (d->realms[r].n_domain_maps - (m+1)));
+ m--;
+ d->realms[r].n_domain_maps--;
+ continue;
+ }
+ }
+
+ if (K5_MAX_DOMAIN_MAPPINGS > m+1)
+ ZeroMemory(&d->realms[r].domain_maps[m],
+ sizeof(d->realms[0].domain_maps[0]) *
+ (K5_MAX_DOMAIN_MAPPINGS - (m+1)));
+ }
+
+ if (d->nc_realms > r + 1)
+ ZeroMemory(&d->realms[r],
+ sizeof(d->realms[0]) *
+ (d->nc_realms - (r + 1)));
+}
+
+static khm_boolean
+k5_is_profile_loaded(void) {
+#ifdef DEBUG
+ assert(pprofile_init);
+ assert(pprofile_get_subsection_names);
+ assert(pprofile_get_values);
+ assert(pprofile_get_string);
+ assert(pprofile_get_relation_names);
+ assert(pprofile_free_list);
+ assert(pprofile_release_string);
+ assert(pprofile_release);
+ assert(pprofile_clear_relation);
+ assert(pprofile_add_relation);
+ assert(pprofile_update_relation);
+ assert(pprofile_flush);
+#endif
+
+ if (!pprofile_init ||
+ !pprofile_get_subsection_names ||
+ !pprofile_get_values ||
+ !pprofile_get_string ||
+ !pprofile_get_relation_names ||
+ !pprofile_free_list ||
+ !pprofile_release_string ||
+ !pprofile_release ||
+ !pprofile_clear_relation ||
+ !pprofile_add_relation ||
+ !pprofile_update_relation ||
+ !pprofile_flush)
+
+ return FALSE;
+
+ return TRUE;
+}
+
+void
+k5_read_config_data(k5_config_data * d) {
+ wchar_t * defrealm;
+ char config_file[MAX_PATH];
+ profile_t profile = NULL;
+ const char *filenames[2];
+ long rv;
+ khm_size s;
+
+ if (!k5_is_profile_loaded())
+ return;
+
+ defrealm = khm_krb5_get_default_realm();
+
+ if (defrealm) {
+ StringCbCopy(d->def_realm, sizeof(d->def_realm), defrealm);
+ PFREE(defrealm);
+ } else {
+ StringCbCopy(d->def_realm, sizeof(d->def_realm), L"");
+ }
+
+ khm_krb5_get_profile_file(config_file, ARRAYLENGTH(config_file));
+
+ AnsiStrToUnicode(d->config_file, sizeof(d->config_file), config_file);
+
+ filenames[0] = config_file;
+ filenames[1] = NULL;
+
+ rv = pprofile_init(filenames, &profile);
+
+ if (!rv) {
+ const char * sec_realms[] = { "realms", NULL };
+ const char * sec_domain_realm[] = { "domain_realm", NULL };
+ char ** sections;
+ char ** dr_from;
+ char * boolv;
+
+ /* first fish out a few values from [libdefaults] */
+
+ rv = pprofile_get_string(profile, "libdefaults", "dns_lookup_kdc",
+ NULL, NULL, &boolv);
+ if (!rv && boolv) {
+ d->dns_lookup_kdc = k5_parse_boolean(boolv);
+ pprofile_release_string(boolv);
+ } else
+ d->dns_lookup_kdc = FALSE;
+
+ rv = pprofile_get_string(profile, "libdefaults", "dns_lookup_realm",
+ NULL, NULL, &boolv);
+ if (!rv && boolv) {
+ d->dns_lookup_realm = k5_parse_boolean(boolv);
+ pprofile_release_string(boolv);
+ } else
+ d->dns_lookup_realm = FALSE;
+
+ rv = pprofile_get_string(profile, "libdefaults", "dns_fallback",
+ NULL, NULL, &boolv);
+ if (!rv && boolv) {
+ d->dns_fallback = k5_parse_boolean(boolv);
+ pprofile_release_string(boolv);
+ } else
+ d->dns_fallback = FALSE;
+
+ rv = pprofile_get_string(profile, "libdefaults", "noaddresses",
+ NULL, NULL, &boolv);
+ if (!rv && boolv) {
+ d->noaddresses = k5_parse_boolean(boolv);
+ pprofile_release_string(boolv);
+ } else
+ d->noaddresses = TRUE;
+
+ /* now we look at the [realms] section */
+ rv = pprofile_get_subsection_names(profile, sec_realms, §ions);
+
+ /* what? no realms? whatever */
+ if (rv) goto _skip_realms;
+
+ /* get a count first */
+ for (s=0; sections[s] && sections[s][0]; s++);
+
+ k5_assert_n_realms(d, s);
+ d->n_realms = s;
+
+ /* now go through each and fish out the kdcs, admin_server
+ and master_kdc. */
+ for (s=0; sections[s] && sections[s][0]; s++) {
+ const char * sec_kdcs[] =
+ { "realms", sections[s], "kdc", NULL };
+
+ const char * sec_admin[] =
+ { "realms", sections[s], "admin_server", NULL };
+
+ const char * sec_master[] =
+ { "realms", sections[s], "master_kdc", NULL };
+
+ char ** values;
+
+ AnsiStrToUnicode(d->realms[s].realm, sizeof(d->realms[s].realm),
+ sections[s]);
+ d->realms[s].n_kdcs = 0;
+ d->realms[s].n_domain_maps = 0;
+
+ rv = pprofile_get_values(profile, sec_kdcs, &values);
+ if (!rv) {
+ khm_size i;
+
+ for (i=0 ; values[i] && values[i][0] && i < K5_MAX_KDC; i++) {
+ AnsiStrToUnicode(d->realms[s].kdcs[i].name,
+ sizeof(d->realms[s].kdcs[i].name),
+ values[i]);
+
+ }
+ d->realms[s].n_kdcs = i;
+
+ pprofile_free_list(values);
+ }
+
+ rv = pprofile_get_values(profile, sec_admin, &values);
+ if (!rv) {
+ khm_size i;
+ khm_size j;
+ wchar_t kdc_name[K5_MAXCCH_HOST];
+
+ for (i=0; values[i] && values[i][0]; i++) {
+ AnsiStrToUnicode(kdc_name,
+ sizeof(kdc_name), values[i]);
+
+ for (j=0; j < d->realms[s].n_kdcs; j++)
+ if (!wcsicmp(kdc_name, d->realms[s].kdcs[j].name))
+ break;
+
+ if (j < d->realms[s].n_kdcs) {
+ d->realms[s].kdcs[j].admin = TRUE;
+ } else if (d->realms[s].n_kdcs < K5_MAX_KDC) {
+ j = d->realms[s].n_kdcs;
+ StringCbCopy(d->realms[s].kdcs[j].name,
+ sizeof(d->realms[s].kdcs[j].name),
+ kdc_name);
+ d->realms[s].kdcs[j].admin = TRUE;
+ d->realms[s].n_kdcs ++;
+ }
+ }
+ pprofile_free_list(values);
+ }
+
+ rv = pprofile_get_values(profile, sec_master, &values);
+ if (!rv) {
+ khm_size i;
+ khm_size j;
+ wchar_t kdc_name[K5_MAXCCH_HOST];
+
+ for (i=0; values[i] && values[i][0]; i++) {
+ AnsiStrToUnicode(kdc_name, sizeof(kdc_name), values[i]);
+
+ for (j=0; j < d->realms[s].n_kdcs; j++)
+ if (!wcsicmp(kdc_name, d->realms[s].kdcs[j].name))
+ break;
+
+ if (j < d->realms[s].n_kdcs) {
+ d->realms[s].kdcs[j].master = TRUE;
+ } else if (d->realms[s].n_kdcs < K5_MAX_KDC) {
+ j = d->realms[s].n_kdcs;
+ StringCbCopy(d->realms[s].kdcs[j].name,
+ sizeof(d->realms[s].kdcs[j].name),
+ kdc_name);
+ d->realms[s].kdcs[j].master = TRUE;
+ d->realms[s].n_kdcs ++;
+ }
+ }
+
+ pprofile_free_list(values);
+ }
+ }
+ pprofile_free_list(sections);
+
+ _skip_realms:
+
+ rv = pprofile_get_relation_names(profile, sec_domain_realm, &dr_from);
+ if (!rv) {
+ khm_size i;
+ khm_size j;
+ char * dr_to;
+ wchar_t wdr_from[K5_MAXCCH_HOST];
+ wchar_t wdr_to[K5_MAXCCH_HOST];
+
+ for (i=0; dr_from[i] && dr_from[i][0]; i++) {
+ AnsiStrToUnicode(wdr_from, sizeof(wdr_from), dr_from[i]);
+
+ rv = pprofile_get_string(profile, "domain_realm", dr_from[i],
+ NULL, NULL, &dr_to);
+
+ if (rv || !dr_to)
+ continue;
+
+ AnsiStrToUnicode(wdr_to, sizeof(wdr_to), dr_to);
+
+ for (j=0; j < d->n_realms; j++) {
+ if (!wcsicmp(wdr_to, d->realms[j].realm))
+ break;
+ }
+
+ if (j >= d->n_realms) {
+ j = d->n_realms;
+ k5_assert_n_realms(d, j + 1);
+
+ StringCbCopy(d->realms[j].realm,
+ sizeof(d->realms[j].realm),
+ wdr_to);
+ d->realms[j].n_kdcs = 0;
+ d->realms[j].n_domain_maps = 0;
+
+ d->n_realms++;
+ }
+
+ if (d->realms[j].n_domain_maps < K5_MAX_DOMAIN_MAPPINGS) {
+ khm_size k;
+
+ k = d->realms[j].n_domain_maps;
+
+ StringCbCopy(d->realms[j].domain_maps[k].name,
+ sizeof(d->realms[j].domain_maps[k].name),
+ wdr_from);
+
+ d->realms[j].n_domain_maps++;
+ }
+
+ pprofile_release_string(dr_to);
+ }
+ pprofile_free_list(dr_from);
+ }
+ pprofile_release(profile);
+ }
+
+ /* last, read the MSLSA import setting */
+ {
+ khm_int32 t;
+
+ if (KHM_SUCCEEDED(khc_read_int32(csp_params,
+ L"MsLsaImport", &t))) {
+ d->lsa_import = t;
+ } else {
+ d->lsa_import = K5_LSAIMPORT_ALWAYS;
+ }
+ }
+
+ d->flags = 0;
+}
+
+void
+k5_write_config_data(k5_config_data * d) {
+ char astr[MAX_PATH * 2];
+ char config_file[MAX_PATH];
+ profile_t profile = NULL;
+ const char *filenames[2];
+ long rv;
+ khm_size s;
+
+ if (d->flags == 0)
+ return;
+
+ if (!k5_is_profile_loaded())
+ return;
+
+ if (d->flags & K5_CDFLAG_MOD_DEF_REALM) {
+ if (SUCCEEDED(StringCbLength(d->def_realm,
+ sizeof(d->def_realm), &s)) &&
+ s > 0) {
+ khm_krb5_set_default_realm(d->def_realm);
+ }
+ }
+
+ /* write the MSLSA import setting */
+ if (d->flags & K5_CDFLAG_MOD_LSA_IMPORT) {
+
+ khc_write_int32(csp_params, L"MsLsaImport", d->lsa_import);
+
+ }
+
+ if (!(d->flags &
+ (K5_CDFLAG_MOD_CONF_FILE |
+ K5_CDFLAG_MOD_DNS_FALLBACK |
+ K5_CDFLAG_MOD_DNS_LOOKUP_RLM |
+ K5_CDFLAG_MOD_DNS_LOOKUP_KDC |
+ K5_CDFLAG_MOD_NOADDRESSES |
+ K5_CDFLAG_MOD_CREATE_CONF |
+ K5_CDFLAG_MOD_REALMS))) {
+
+ d->flags = 0;
+ return;
+
+ }
+
+ khm_krb5_get_profile_file(config_file, ARRAYLENGTH(config_file));
+
+ UnicodeStrToAnsi(astr, sizeof(astr), d->config_file);
+
+ if (stricmp(config_file, astr)) {
+ assert(FALSE);
+ }
+
+ filenames[0] = config_file;
+ filenames[1] = NULL;
+
+ rv = pprofile_init(filenames, &profile);
+
+#if FAILOVER_TO_TEMPORARY_FILE
+ if (rv) {
+ char temp_file[MAX_PATH];
+
+ khm_krb5_get_temp_profile_file(temp_file,
+ ARRAYLENGTH(temp_file));
+
+ filenames[0] = temp_file;
+
+ rv = pprofile_init(filenames, &profile);
+
+ ?? TODO: Also warn if we are doing this
+ }
+#endif
+
+
+ if (!rv) {
+ const char * sec_realms[] = { "realms", NULL };
+ const char * sec_domain_realm[] = { "domain_realm", NULL };
+ const char * sec_libdefaults[] = { "libdefaults", NULL, NULL };
+ khm_size r;
+
+ if (d->flags & K5_CDFLAG_MOD_DNS_LOOKUP_KDC) {
+
+ sec_libdefaults[1] = "dns_lookup_kdc";
+
+ pprofile_clear_relation(profile, sec_libdefaults);
+
+ rv = pprofile_add_relation(profile, sec_libdefaults,
+ (d->dns_lookup_kdc)?
+ conf_yes[0]:
+ conf_no[0]);
+ }
+
+
+ if (d->flags & K5_CDFLAG_MOD_DNS_LOOKUP_RLM) {
+
+ sec_libdefaults[1] = "dns_lookup_realm";
+
+ pprofile_clear_relation(profile, sec_libdefaults);
+
+ rv = pprofile_add_relation(profile, sec_libdefaults,
+ (d->dns_lookup_realm)?
+ conf_yes[0]:
+ conf_no[0]);
+
+ }
+
+ if (d->flags & K5_CDFLAG_MOD_DNS_FALLBACK) {
+
+ sec_libdefaults[1] = "dns_fallback";
+
+ pprofile_clear_relation(profile, sec_libdefaults);
+
+ rv = pprofile_add_relation(profile, sec_libdefaults,
+ (d->dns_fallback)?
+ conf_yes[0]:
+ conf_no[0]);
+ }
+
+ if (d->flags & K5_CDFLAG_MOD_NOADDRESSES) {
+
+ sec_libdefaults[1] = "noaddresses";
+
+ pprofile_clear_relation(profile, sec_libdefaults);
+
+ rv = pprofile_add_relation(profile, sec_libdefaults,
+ (d->noaddresses)?
+ conf_yes[0]:
+ conf_no[0]);
+ }
+
+ /* now we look at the [realms] section */
+
+ for (r=0; r < d->n_realms; r++) {
+ char realm[K5_MAXCCH_REALM];
+ char host[K5_MAXCCH_HOST];
+
+ const char * sec_kdcs[] =
+ { "realms", realm, "kdc", NULL };
+
+ const char * sec_admin[] =
+ { "realms", realm, "admin_server", NULL };
+
+ const char * sec_master[] =
+ { "realms", realm, "master_kdc", NULL };
+
+ const char * sec_domain_map[] =
+ { "domain_realm", host, NULL };
+
+ char ** values;
+
+ UnicodeStrToAnsi(realm, sizeof(realm),
+ d->realms[r].realm);
+
+ if (!(d->realms[r].flags & K5_RDFLAG_DELETED) &&
+ (d->realms[r].flags & K5_RDFLAG_NEW)) {
+
+ khm_size k;
+ khm_size m;
+
+ /* this is a new realm */
+
+ for (k=0; k < d->realms[r].n_kdcs; k++) {
+ if (!(d->realms[r].kdcs[k].flags & K5_RKFLAG_DELETED)) {
+ UnicodeStrToAnsi(host, sizeof(host),
+ d->realms[r].kdcs[k].name);
+
+ if (d->realms[r].kdcs[k].master)
+ pprofile_add_relation(profile, sec_master,
+ host);
+ else
+ pprofile_add_relation(profile, sec_kdcs,
+ host);
+
+ if (d->realms[r].kdcs[k].admin)
+ pprofile_add_relation(profile, sec_admin,
+ host);
+ }
+ }
+
+ for (m=0; m < d->realms[r].n_domain_maps; m++) {
+
+ UnicodeStrToAnsi(host, sizeof(host),
+ d->realms[r].domain_maps[m].name);
+
+ if ((d->realms[r].domain_maps[m].flags &
+ K5_DMFLAG_DELETED) &&
+ !(d->realms[r].domain_maps[m].flags &
+ K5_DMFLAG_NEW))
+ pprofile_clear_relation(profile, sec_domain_map);
+ else if (!(d->realms[r].domain_maps[m].flags &
+ K5_DMFLAG_DELETED) &&
+ (d->realms[r].domain_maps[m].flags &
+ K5_DMFLAG_NEW))
+ pprofile_add_relation(profile, sec_domain_map,
+ realm);
+ }
+ } else if ((d->realms[r].flags & K5_RDFLAG_DELETED) &&
+ !(d->realms[r].flags & K5_RDFLAG_NEW)) {
+
+ const char * sec_all[] =
+ { "realms", realm, NULL, NULL };
+ khm_size v;
+
+ /* this realm should be deleted */
+
+ rv = pprofile_get_relation_names(profile, sec_all,
+ &values);
+ if (!rv) {
+ for (v=0; values[v] && values[v][0]; v++) {
+ sec_all[2] = values[v];
+ pprofile_clear_relation(profile, sec_all);
+ }
+ pprofile_free_list(values);
+ }
+
+ rv = pprofile_get_relation_names(profile, sec_domain_realm,
+ &values);
+ if (!rv) {
+ char * maprealm;
+
+ for (v=0; values[v] && values[v][0]; v++) {
+
+ rv = pprofile_get_string(profile, "domain_realm",
+ values[v], NULL, NULL,
+ &maprealm);
+
+ if (!rv) {
+ if (!strcmp(maprealm, realm)) {
+ StringCbCopyA(host, sizeof(host),
+ values[v]);
+ pprofile_clear_relation(profile,
+ sec_domain_map);
+ }
+ pprofile_release_string(maprealm);
+ }
+ }
+
+ pprofile_free_list(values);
+ }
+ } else if (!(d->realms[r].flags & K5_RDFLAG_DELETED)) {
+ khm_size k;
+ khm_size m;
+
+ /* same as before. check if we have to update the kdc
+ list or the domain_realm mappings */
+
+ for (k=0; k < d->realms[r].n_kdcs; k++) {
+ UnicodeStrToAnsi(host, sizeof(host),
+ d->realms[r].kdcs[k].name);
+ if (d->realms[r].kdcs[k].flags & K5_RKFLAG_DELETED) {
+ pprofile_update_relation(profile, sec_kdcs,
+ host, NULL);
+ pprofile_update_relation(profile, sec_admin,
+ host, NULL);
+ pprofile_update_relation(profile, sec_master,
+ host, NULL);
+
+ continue;
+ }
+
+ if (d->realms[r].kdcs[k].flags & K5_RKFLAG_NEW) {
+ if (d->realms[r].kdcs[k].master)
+ pprofile_add_relation(profile, sec_master,
+ host);
+ else
+ pprofile_add_relation(profile, sec_kdcs,
+ host);
+
+ if (d->realms[r].kdcs[k].admin)
+ pprofile_add_relation(profile, sec_admin,
+ host);
+ continue;
+ }
+
+ if (d->realms[r].kdcs[k].flags & K5_RKFLAG_MOD_MASTER) {
+ if (!d->realms[r].kdcs[k].master) {
+ pprofile_add_relation(profile, sec_kdcs,
+ host);
+ pprofile_update_relation(profile, sec_master,
+ host, NULL);
+ } else {
+ pprofile_add_relation(profile, sec_master,
+ host);
+ pprofile_update_relation(profile, sec_kdcs,
+ host, NULL);
+ }
+ }
+
+ if (d->realms[r].kdcs[k].flags & K5_RKFLAG_MOD_ADMIN) {
+ if (d->realms[r].kdcs[k].admin)
+ pprofile_add_relation(profile, sec_admin,
+ host);
+ else
+ pprofile_update_relation(profile, sec_admin,
+ host, NULL);
+ }
+ }
+
+ for (m=0; m < d->realms[r].n_domain_maps; m++) {
+
+ UnicodeStrToAnsi(host, sizeof(host),
+ d->realms[r].domain_maps[m].name);
+
+ if ((d->realms[r].domain_maps[m].flags &
+ K5_DMFLAG_DELETED) &&
+ !(d->realms[r].domain_maps[m].flags &
+ K5_DMFLAG_NEW))
+ pprofile_clear_relation(profile, sec_domain_map);
+ else if (!(d->realms[r].domain_maps[m].flags &
+ K5_DMFLAG_DELETED) &&
+ (d->realms[r].domain_maps[m].flags &
+ K5_DMFLAG_NEW))
+ pprofile_add_relation(profile, sec_domain_map,
+ realm);
+ }
+ }
+ }
+
+ rv = pprofile_flush(profile);
+
+ pprofile_release(profile);
+ }
+
+ if (rv) {
+ khui_alert * alert;
+ wchar_t title[KHUI_MAXCCH_TITLE];
+ wchar_t fmsg[KHUI_MAXCCH_MESSAGE];
+ wchar_t msg[KHUI_MAXCCH_MESSAGE];
+ wchar_t sugg[KHUI_MAXCCH_SUGGESTION];
+
+ LoadString(hResModule, IDS_K5ERR_CANTWRITEPROFILE,
+ title, ARRAYLENGTH(title));
+ if (rv)
+ LoadString(hResModule, IDS_K5ERR_PROFNOWRITE,
+ fmsg, ARRAYLENGTH(fmsg));
+
+ LoadString(hResModule, IDS_K5ERR_PROFSUGGEST,
+ sugg, ARRAYLENGTH(sugg));
+
+ StringCbPrintf(msg, sizeof(msg), fmsg, config_file);
+
+ khui_alert_create_empty(&alert);
+ khui_alert_set_severity(alert, (rv)?KHERR_ERROR:KHERR_WARNING);
+ khui_alert_set_title(alert, title);
+ khui_alert_set_message(alert, msg);
+ khui_alert_set_suggestion(alert, sugg);
+
+ khui_alert_show(alert);
+ }
+
+ d->flags = 0;
+}
+
+/* actual dialog stuff */
+
+#define IDX_NORMAL 1
+#define IDX_MODIFIED 2
+#define IDX_NEW 3
+#define IDX_DELETED 4
+
+static k5_config_data k5_config_dlg_data;
+static khm_boolean k5_dlg_data_valid = FALSE;
INT_PTR CALLBACK
k5_config_dlgproc(HWND hwnd,
@@ -38,41 +892,42 @@ k5_config_dlgproc(HWND hwnd, case WM_INITDIALOG:
{
HWND hw;
- wchar_t * realms;
- wchar_t * defrealm;
+ khm_size i;
+ k5_config_data * d;
+
wchar_t * t;
- char conffile[MAX_PATH];
- wchar_t wconffile[MAX_PATH];
wchar_t importopts[256];
WKSTA_INFO_100 * winfo100;
- hw = GetDlgItem(hwnd, IDC_CFG_DEFREALM);
#ifdef DEBUG
- assert(hw);
+ assert(!k5_dlg_data_valid);
#endif
- realms = khm_krb5_get_realm_list();
- defrealm = khm_krb5_get_default_realm();
+
+ k5_init_config_data(&k5_config_dlg_data);
+ k5_read_config_data(&k5_config_dlg_data);
+
+ k5_dlg_data_valid = TRUE;
+
+ d = &k5_config_dlg_data;
+
+ d->node_main = (khui_config_node) lParam;
+
+ hw = GetDlgItem(hwnd, IDC_CFG_DEFREALM);
#ifdef DEBUG
- assert(realms);
- assert(defrealm);
+ assert(hw);
#endif
SendMessage(hw, CB_RESETCONTENT, 0, 0);
- for(t = realms; t && *t; t = multi_string_next(t)) {
- SendMessage(hw, CB_ADDSTRING, 0, (LPARAM) t);
+ for (i=0; i < d->n_realms; i++) {
+ SendMessage(hw, CB_ADDSTRING, 0,
+ (LPARAM) d->realms[i].realm);
}
- SendMessage(hw, CB_SELECTSTRING, -1, (LPARAM) defrealm);
-
- free(defrealm);
- free(realms);
-
- khm_get_profile_file(conffile, sizeof(conffile));
+ SendMessage(hw, CB_SELECTSTRING, -1,
+ (LPARAM) d->def_realm);
- AnsiStrToUnicode(wconffile, sizeof(wconffile), conffile);
-
- SetDlgItemText(hwnd, IDC_CFG_CFGFILE, wconffile);
+ SetDlgItemText(hwnd, IDC_CFG_CFGFILE, d->config_file);
/* hostname/domain */
if (NetWkstaGetInfo(NULL, 100, (LPBYTE *) &winfo100) == NERR_Success) {
@@ -99,175 +954,692 @@ k5_config_dlgproc(HWND hwnd, SendMessage(hw, CB_ADDSTRING, 0, (LPARAM) t);
}
- SendMessage(hw, CB_SETCURSEL, 0, 0);
-
+ SendMessage(hw, CB_SETCURSEL, 0, d->lsa_import);
+ t = importopts;
+ SendMessage(hw, CB_GETLBTEXT, d->lsa_import,(LPARAM) t);
+ SendMessage(hw, CB_SELECTSTRING, -1, (LPARAM) t);
}
break;
- case WM_DESTROY:
+ case WM_COMMAND:
+ {
+ k5_config_data * d;
+
+ d = &k5_config_dlg_data;
+
+ if (wParam == MAKEWPARAM(IDC_CFG_IMPORT, CBN_SELCHANGE)) {
+ int idx;
+ int modified = FALSE;
+
+ idx = (int) SendDlgItemMessage(hwnd, IDC_CFG_IMPORT,
+ CB_GETCURSEL, 0, 0);
+ if (idx != CB_ERR && idx != d->lsa_import) {
+ d->lsa_import = idx;
+ d->flags |= K5_CDFLAG_MOD_LSA_IMPORT;
+ modified = TRUE;
+ }
+
+ khui_cfg_set_flags(d->node_main,
+ (modified)?KHUI_CNFLAG_MODIFIED:0,
+ KHUI_CNFLAG_MODIFIED);
+ return TRUE;
+ }
+ }
break;
- }
- return FALSE;
-}
-INT_PTR CALLBACK
-k5_realms_dlgproc(HWND hwndDlg,
- UINT uMsg,
- WPARAM wParam,
- LPARAM lParam) {
- switch(uMsg) {
- case WM_INITDIALOG:
+ case KHUI_WM_CFG_NOTIFY:
+ {
+ k5_config_data * d;
+
+ d = &k5_config_dlg_data;
+
+ if (HIWORD(wParam) == WMCFG_APPLY) {
+ khm_int32 oflags;
+
+ oflags = d->flags;
+ k5_write_config_data(d);
+
+ if (d->flags != oflags) {
+ khui_cfg_set_flags(d->node_main,
+ KHUI_CNFLAG_APPLIED,
+ KHUI_CNFLAG_APPLIED |
+ KHUI_CNFLAG_MODIFIED);
+ }
+ return TRUE;
+ }
+ }
break;
case WM_DESTROY:
+ {
+ k5_free_config_data(&k5_config_dlg_data);
+ k5_dlg_data_valid = FALSE;
+ }
break;
}
return FALSE;
}
-typedef struct tag_k5_ids_dlg_data {
- khui_tracker tc_life;
- khui_tracker tc_renew;
- khui_tracker tc_life_min;
- khui_tracker tc_life_max;
- khui_tracker tc_renew_min;
- khui_tracker tc_renew_max;
-
- time_t life;
- time_t renew_life;
- time_t life_min;
- time_t life_max;
- time_t renew_min;
- time_t renew_max;
-} k5_ids_dlg_data;
+static HIMAGELIST
+k5_get_state_image_list(void) {
+ HIMAGELIST hil;
+ HICON hicon;
+
+ hil = ImageList_Create(GetSystemMetrics(SM_CXSMICON),
+ GetSystemMetrics(SM_CYSMICON),
+ ILC_COLOR | ILC_MASK,
+ 4,
+ 2);
+
+ hicon = LoadImage(hResModule,
+ MAKEINTRESOURCE(IDI_NORMAL),
+ IMAGE_ICON,
+ GetSystemMetrics(SM_CXSMICON),
+ GetSystemMetrics(SM_CYSMICON),
+ LR_DEFAULTCOLOR);
+
+ ImageList_AddIcon(hil, hicon);
+
+ DestroyIcon(hicon);
+
+ hicon = LoadImage(hResModule,
+ MAKEINTRESOURCE(IDI_MODIFIED),
+ IMAGE_ICON,
+ GetSystemMetrics(SM_CXSMICON),
+ GetSystemMetrics(SM_CYSMICON),
+ LR_DEFAULTCOLOR);
+
+ ImageList_AddIcon(hil, hicon);
+
+ DestroyIcon(hicon);
+
+ hicon = LoadImage(hResModule,
+ MAKEINTRESOURCE(IDI_NEW),
+ IMAGE_ICON,
+ GetSystemMetrics(SM_CXSMICON),
+ GetSystemMetrics(SM_CYSMICON),
+ LR_DEFAULTCOLOR);
+
+ ImageList_AddIcon(hil, hicon);
+
+ DestroyIcon(hicon);
+
+ hicon = LoadImage(hResModule,
+ MAKEINTRESOURCE(IDI_DELETED),
+ IMAGE_ICON,
+ GetSystemMetrics(SM_CXSMICON),
+ GetSystemMetrics(SM_CYSMICON),
+ LR_DEFAULTCOLOR);
+
+ ImageList_AddIcon(hil, hicon);
+
+ DestroyIcon(hicon);
+
+ return hil;
+}
+
+static void
+k5_update_realms_display(HWND hw_list, k5_config_data * d) {
+ khm_size i;
+ LVITEM lvi;
+ wchar_t buf[64];
+
+ ListView_DeleteAllItems(hw_list);
+
+ for (i=0; i < d->n_realms; i++) {
+ if ((d->realms[i].flags & K5_RDFLAG_DELETED) &&
+ (d->realms[i].flags & K5_RDFLAG_NEW))
+ continue;
+
+ ZeroMemory(&lvi, sizeof(lvi));
+ lvi.mask = LVIF_PARAM | LVIF_STATE | LVIF_TEXT;
+ lvi.iItem = 0;
+ lvi.iSubItem = 0;
+ lvi.pszText = d->realms[i].realm;
+ lvi.lParam = i;
+
+ if (d->realms[i].flags & K5_RDFLAG_DELETED) {
+ lvi.state = INDEXTOSTATEIMAGEMASK(IDX_DELETED);
+ } else if (d->realms[i].flags & K5_RDFLAG_NEW) {
+ lvi.state = INDEXTOSTATEIMAGEMASK(IDX_NEW);
+ } else if (d->realms[i].flags & K5_RDFLAG_MODIFED) {
+ lvi.state = INDEXTOSTATEIMAGEMASK(IDX_MODIFIED);
+ } else {
+ lvi.state = INDEXTOSTATEIMAGEMASK(IDX_NORMAL);
+ }
+ lvi.stateMask = LVIS_STATEIMAGEMASK;
+
+ ListView_InsertItem(hw_list, &lvi);
+ }
+
+ ZeroMemory(&lvi, sizeof(lvi));
+ lvi.mask = LVIF_PARAM | LVIF_STATE | LVIF_TEXT;
+ lvi.iItem = 0;
+ lvi.iSubItem = 0;
+ lvi.pszText = buf;
+ lvi.lParam = (LPARAM) -1;
+
+ LoadString(hResModule, IDS_CFG_RE_NEWREALM,
+ buf, ARRAYLENGTH(buf));
+
+ lvi.state = INDEXTOSTATEIMAGEMASK(IDX_NEW);
+ lvi.stateMask = LVIS_STATEIMAGEMASK;
+
+ ListView_InsertItem(hw_list, &lvi);
+
+ if (d->flags & K5_CDFLAG_MOD_REALMS) {
+ khui_cfg_set_flags(d->node_realm, KHUI_CNFLAG_MODIFIED,
+ KHUI_CNFLAG_MODIFIED);
+ } else {
+ khui_cfg_set_flags(d->node_realm, 0,
+ KHUI_CNFLAG_MODIFIED);
+ }
+}
static void
-k5_ids_read_params(k5_ids_dlg_data * d) {
- khm_int32 t;
- khm_int32 rv;
+k5_update_kdcs_display(HWND hw_kdc, k5_config_data * d, khm_size idx_rlm) {
+ khm_size k;
+ LVITEM lvi;
+ int idx_item;
+ k5_realm_kdc * pkdc;
+ wchar_t wyes[8];
+ wchar_t wno[8];
+ wchar_t wbuf[64];
+
+ ListView_DeleteAllItems(hw_kdc);
+
+ if (d == NULL)
+ return;
#ifdef DEBUG
- assert(csp_params);
+ assert(idx_rlm < d->n_realms);
#endif
+ LoadString(hResModule, IDS_YES, wyes, ARRAYLENGTH(wyes));
+ LoadString(hResModule, IDS_NO, wno, ARRAYLENGTH(wno));
+
+ for (k=0; k < d->realms[idx_rlm].n_kdcs; k++) {
+ if ((d->realms[idx_rlm].kdcs[k].flags & K5_RKFLAG_DELETED) &&
+ (d->realms[idx_rlm].kdcs[k].flags & K5_RKFLAG_NEW))
+ continue;
+
+ pkdc = &(d->realms[idx_rlm].kdcs[k]);
+
+ ZeroMemory(&lvi, sizeof(lvi));
+ lvi.mask = LVIF_PARAM | LVIF_STATE | LVIF_TEXT;
+ lvi.iItem = K5_MAX_KDC;
+ lvi.iSubItem = 0;
+ lvi.lParam = k;
+ lvi.pszText = pkdc->name;
+ if (pkdc->flags & K5_RKFLAG_DELETED) {
+ lvi.state = INDEXTOSTATEIMAGEMASK(IDX_DELETED);
+ } else if (pkdc->flags & K5_RKFLAG_NEW) {
+ lvi.state = INDEXTOSTATEIMAGEMASK(IDX_NEW);
+ } else if ((pkdc->flags & K5_RKFLAG_MOD_ADMIN) ||
+ (pkdc->flags & K5_RKFLAG_MOD_MASTER)) {
+ lvi.state = INDEXTOSTATEIMAGEMASK(IDX_MODIFIED);
+ } else {
+ lvi.state = INDEXTOSTATEIMAGEMASK(IDX_NORMAL);
+ }
+ lvi.stateMask = LVIS_STATEIMAGEMASK;
+
+ idx_item = ListView_InsertItem(hw_kdc, &lvi);
+
+ lvi.mask = LVIF_TEXT;
+ lvi.iItem = idx_item;
+ lvi.iSubItem = 1;
+ if (pkdc->admin)
+ lvi.pszText = wyes;
+ else
+ lvi.pszText = wno;
+ ListView_SetItem(hw_kdc, &lvi);
+
+ lvi.iSubItem = 2;
+ if (pkdc->master)
+ lvi.pszText = wyes;
+ else
+ lvi.pszText = wno;
+ ListView_SetItem(hw_kdc, &lvi);
+ }
+
+ ZeroMemory(&lvi, sizeof(lvi));
+ lvi.mask = LVIF_TEXT | LVIF_PARAM | LVIF_STATE;
+ lvi.iItem = 0;
+ lvi.iSubItem = 0;
+ lvi.pszText = wbuf;
+ lvi.lParam = (LPARAM) -1;
+ lvi.state = INDEXTOSTATEIMAGEMASK(IDX_NEW);
+ lvi.stateMask = LVIS_STATEIMAGEMASK;
- rv = khc_read_int32(csp_params, L"DefaultLifetime", &t);
- assert(KHM_SUCCEEDED(rv));
- d->life = t;
-
- rv = khc_read_int32(csp_params, L"DefaultRenewLifetime", &t);
- assert(KHM_SUCCEEDED(rv));
- d->renew_life = t;
-
- rv = khc_read_int32(csp_params, L"MaxLifetime", &t);
- assert(KHM_SUCCEEDED(rv));
- d->life_max = t;
-
- rv = khc_read_int32(csp_params, L"MinLifetime", &t);
- assert(KHM_SUCCEEDED(rv));
- d->life_min = t;
-
- rv = khc_read_int32(csp_params, L"MaxRenewLifetime", &t);
- assert(KHM_SUCCEEDED(rv));
- d->renew_max = t;
-
- rv = khc_read_int32(csp_params, L"MinRenewLifetime", &t);
- assert(KHM_SUCCEEDED(rv));
- d->renew_min = t;
-
- khui_tracker_initialize(&d->tc_life);
- d->tc_life.current = d->life;
- d->tc_life.min = 0;
- d->tc_life.max = 3600 * 24 * 7;
-
- khui_tracker_initialize(&d->tc_renew);
- d->tc_renew.current = d->renew_life;
- d->tc_renew.min = 0;
- d->tc_renew.max = 3600 * 24 * 30;
-
- khui_tracker_initialize(&d->tc_life_min);
- d->tc_life_min.current = d->life_min;
- d->tc_life_min.min = d->tc_life.min;
- d->tc_life_min.max = d->tc_life.max;
-
- khui_tracker_initialize(&d->tc_life_max);
- d->tc_life_max.current = d->life_max;
- d->tc_life_max.min = d->tc_life.min;
- d->tc_life_max.max = d->tc_life.max;
-
- khui_tracker_initialize(&d->tc_renew_min);
- d->tc_renew_min.current = d->renew_min;
- d->tc_renew_min.min = d->tc_renew.min;
- d->tc_renew_min.max = d->tc_renew.max;
-
- khui_tracker_initialize(&d->tc_renew_max);
- d->tc_renew_max.current = d->renew_max;
- d->tc_renew_max.min = d->tc_renew.min;
- d->tc_renew_max.max = d->tc_renew.max;
+ LoadString(hResModule, IDS_CFG_RE_NEWSERVER,
+ wbuf, ARRAYLENGTH(wbuf));
+
+ ListView_InsertItem(hw_kdc, &lvi);
}
-INT_PTR CALLBACK
-k5_ids_tab_dlgproc(HWND hwnd,
- UINT uMsg,
- WPARAM wParam,
- LPARAM lParam) {
- k5_ids_dlg_data * d;
+static void
+k5_update_dmap_display(HWND hw_dm, k5_config_data * d, khm_size idx_rlm) {
+ khm_size m;
+ LVITEM lvi;
+ k5_domain_map * map;
+ wchar_t wbuf[64];
+
+ ListView_DeleteAllItems(hw_dm);
+
+ if (d == NULL)
+ return;
- switch(uMsg) {
- case WM_INITDIALOG:
- d = malloc(sizeof(*d));
#ifdef DEBUG
- assert(d);
+ assert(idx_rlm < d->n_realms);
#endif
- ZeroMemory(d, sizeof(*d));
-#pragma warning(push)
-#pragma warning(disable: 4244)
- SetWindowLongPtr(hwnd, DWLP_USER, (LONG_PTR) d);
-#pragma warning(pop)
- k5_ids_read_params(d);
-
- khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_DEFLIFE),
- &d->tc_life);
- khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_DEFRLIFE),
- &d->tc_renew);
- khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_LRNG_MIN),
- &d->tc_life_min);
- khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_LRNG_MAX),
- &d->tc_life_max);
- khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_RLRNG_MIN),
- &d->tc_renew_min);
- khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_RLRNG_MAX),
- &d->tc_renew_max);
- khui_tracker_refresh(&d->tc_life);
- khui_tracker_refresh(&d->tc_life_min);
- khui_tracker_refresh(&d->tc_life_max);
- khui_tracker_refresh(&d->tc_renew);
- khui_tracker_refresh(&d->tc_renew_min);
- khui_tracker_refresh(&d->tc_renew_max);
- break;
+ for (m=0; m < d->realms[idx_rlm].n_domain_maps; m++) {
+ map = &(d->realms[idx_rlm].domain_maps[m]);
- case WM_DESTROY:
- d = (k5_ids_dlg_data *) (LONG_PTR)
- GetWindowLongPtr(hwnd, DWLP_USER);
-
- khui_tracker_kill_controls(&d->tc_life);
- khui_tracker_kill_controls(&d->tc_renew);
- khui_tracker_kill_controls(&d->tc_life_min);
- khui_tracker_kill_controls(&d->tc_life_max);
- khui_tracker_kill_controls(&d->tc_renew_min);
- khui_tracker_kill_controls(&d->tc_renew_max);
- break;
+ if ((map->flags & K5_DMFLAG_NEW) &&
+ (map->flags & K5_DMFLAG_DELETED))
+ continue;
+
+ ZeroMemory(&lvi, sizeof(lvi));
+
+ lvi.mask = LVIF_TEXT | LVIF_STATE | LVIF_PARAM;
+ lvi.pszText = map->name;
+ if (map->flags & K5_DMFLAG_DELETED)
+ lvi.state = INDEXTOSTATEIMAGEMASK(IDX_DELETED);
+ else if (map->flags & K5_DMFLAG_NEW)
+ lvi.state = INDEXTOSTATEIMAGEMASK(IDX_NEW);
+ else
+ lvi.state = INDEXTOSTATEIMAGEMASK(IDX_NORMAL);
+ lvi.stateMask = LVIS_STATEIMAGEMASK;
+ lvi.lParam = m;
+
+ lvi.iItem = K5_MAX_DOMAIN_MAPPINGS;
+ lvi.iSubItem = 0;
+
+ ListView_InsertItem(hw_dm, &lvi);
}
- return FALSE;
+
+ ZeroMemory(&lvi, sizeof(lvi));
+ lvi.mask = LVIF_PARAM | LVIF_TEXT | LVIF_STATE;
+ lvi.pszText = wbuf;
+ lvi.lParam = (LPARAM) -1;
+ lvi.state = INDEXTOSTATEIMAGEMASK(IDX_NEW);
+ lvi.stateMask = LVIS_STATEIMAGEMASK;
+ lvi.iItem = 0;
+ lvi.iSubItem = 0;
+
+ LoadString(hResModule, IDS_CFG_RE_NEWDMAP,
+ wbuf, ARRAYLENGTH(wbuf));
+
+ ListView_InsertItem(hw_dm, &lvi);
}
INT_PTR CALLBACK
-k5_id_tab_dlgproc(HWND hwndDlg,
+k5_realms_dlgproc(HWND hwnd,
UINT uMsg,
WPARAM wParam,
LPARAM lParam) {
+ k5_config_data * d;
+
+ d = &k5_config_dlg_data;
+
switch(uMsg) {
case WM_INITDIALOG:
+ {
+ LVCOLUMN lvc;
+ HWND hw;
+ RECT r;
+ wchar_t buf[256];
+
+ assert(k5_dlg_data_valid);
+
+ d->node_realm = (khui_config_node) lParam;
+
+ /* set up columns for the Realms list */
+ hw = GetDlgItem(hwnd, IDC_CFG_REALMS);
+#ifdef DEBUG
+ assert(hw);
+#endif
+ GetWindowRect(hw, &r);
+ r.right -= 5; /* shave a few pixels off the width */
+ ZeroMemory(&lvc, sizeof(lvc));
+ lvc.mask = LVCF_TEXT | LVCF_WIDTH;
+ lvc.pszText = buf;
+ lvc.cx = (r.right - r.left);
+ LoadString(hResModule, IDS_CFG_RE_REALMS,
+ buf, ARRAYLENGTH(buf));
+
+ ListView_InsertColumn(hw, 0, &lvc);
+
+ ListView_SetImageList(hw,
+ k5_get_state_image_list(),
+ LVSIL_STATE);
+
+ k5_update_realms_display(hw, d);
+
+ /* set up columns for the servers list */
+ hw = GetDlgItem(hwnd, IDC_CFG_KDC);
+#ifdef DEBUG
+ assert(hw);
+#endif
+ GetWindowRect(hw, &r);
+ r.right -= 5;
+ ZeroMemory(&lvc, sizeof(lvc));
+ lvc.mask = LVCF_TEXT | LVCF_WIDTH;
+ lvc.pszText = buf;
+ lvc.cx = (r.right - r.left) * 2 / 4;
+ LoadString(hResModule, IDS_CFG_RE_HEAD_SVR,
+ buf, ARRAYLENGTH(buf));
+
+ ListView_InsertColumn(hw, 0, &lvc);
+
+ lvc.cx = (r.right - r.left) * 1 / 4;
+ LoadString(hResModule, IDS_CFG_RE_HEAD_ADMIN,
+ buf, ARRAYLENGTH(buf));
+ ListView_InsertColumn(hw, 1, &lvc);
+
+ LoadString(hResModule, IDS_CFG_RE_HEAD_MASTER,
+ buf, ARRAYLENGTH(buf));
+ ListView_InsertColumn(hw, 2, &lvc);
+
+ ListView_SetImageList(hw,
+ k5_get_state_image_list(),
+ LVSIL_STATE);
+
+ /* set up columns for the domain/host mapping list */
+ hw = GetDlgItem(hwnd, IDC_CFG_DMAP);
+#ifdef DEBUG
+ assert(hw);
+#endif
+ GetWindowRect(hw, &r);
+ r.right -= 5;
+ ZeroMemory(&lvc, sizeof(lvc));
+ lvc.mask = LVCF_TEXT | LVCF_WIDTH;
+ lvc.pszText = buf;
+ lvc.cx = (r.right - r.left);
+ LoadString(hResModule, IDS_CFG_RE_HEAD_DOMAIN,
+ buf, ARRAYLENGTH(buf));
+
+ ListView_InsertColumn(hw, 0, &lvc);
+
+
+ ListView_SetImageList(hw,
+ k5_get_state_image_list(),
+ LVSIL_STATE);
+ }
+ break;
+
+ case WM_NOTIFY:
+ {
+ LPNMHDR pnmh;
+ HWND hw_rlm = NULL;
+ HWND hw_kdc = NULL;
+ HWND hw_dmp = NULL;
+ int i;
+
+ pnmh = (LPNMHDR) lParam;
+
+ if (pnmh->idFrom == IDC_CFG_REALMS) {
+
+ hw_rlm = pnmh->hwndFrom;
+
+ switch(pnmh->code) {
+ case LVN_ITEMCHANGED:
+ i = ListView_GetSelectedCount(hw_rlm);
+ hw_kdc = GetDlgItem(hwnd, IDC_CFG_KDC);
+ hw_dmp = GetDlgItem(hwnd, IDC_CFG_DMAP);
+
+ d->c_realm = (khm_size) -1;
+
+ if (i == 1) {
+ LVITEM lvi;
+
+ i = ListView_GetNextItem(hw_rlm, -1,
+ LVNI_SELECTED);
+ if (i == -1)
+ goto _no_selection;
+
+ ZeroMemory(&lvi, sizeof(lvi));
+
+ lvi.iItem = i;
+ lvi.iSubItem = 0;
+ lvi.mask = LVIF_PARAM;
+
+ ListView_GetItem(hw_rlm, &lvi);
+
+ if (lvi.lParam == -1)
+ goto _no_selection;
+
+ d->c_realm = lvi.lParam;
+
+ k5_update_kdcs_display(hw_kdc, d, lvi.lParam);
+ k5_update_dmap_display(hw_dmp, d, lvi.lParam);
+ return TRUE;
+ }
+
+ _no_selection:
+ ListView_DeleteAllItems(hw_kdc);
+ ListView_DeleteAllItems(hw_dmp);
+ break;
+
+ case LVN_BEGINLABELEDIT:
+ {
+ NMLVDISPINFO * pdisp;
+ LVITEM lvi;
+
+ pdisp = (NMLVDISPINFO *) lParam;
+
+ ZeroMemory(&lvi, sizeof(lvi));
+ lvi.iItem = pdisp->item.iItem;
+ lvi.mask = LVIF_PARAM;
+
+ ListView_GetItem(hw_rlm, &lvi);
+
+ if (pdisp->item.iItem == -1 ||
+ lvi.lParam != -1) {
+ SetWindowLongPtr(hwnd, DWL_MSGRESULT, TRUE);
+ } else {
+ /* allow editing */
+ HWND hw_edit;
+
+ hw_edit = ListView_GetEditControl(hw_rlm);
+ if (hw_edit != NULL) {
+ SendMessage(hw_edit,
+ EM_SETLIMITTEXT,
+ K5_MAXCCH_REALM - 1,
+ 0);
+ }
+ SetWindowLongPtr(hwnd, DWL_MSGRESULT, FALSE);
+ }
+
+ return TRUE;
+ }
+ break;
+
+ case LVN_ENDLABELEDIT:
+ {
+ NMLVDISPINFO * pdisp;
+ khm_size n;
+
+ pdisp = (NMLVDISPINFO *) lParam;
+
+ if (pdisp->item.pszText) {
+ n = d->n_realms;
+ k5_assert_n_realms(d, n+1);
+ StringCbCopy(d->realms[n].realm,
+ sizeof(d->realms[n].realm),
+ pdisp->item.pszText);
+ d->realms[n].flags = K5_RDFLAG_NEW;
+ d->n_realms++;
+
+ d->flags |= K5_CDFLAG_MOD_REALMS;
+
+ k5_update_realms_display(hw_rlm, d);
+ }
+
+ return TRUE;
+ }
+ break;
+
+ case LVN_KEYDOWN:
+ {
+ NMLVKEYDOWN * pnmk;
+ LVITEM lvi;
+ khm_size r;
+ int idx;
+ BOOL modified = FALSE;
+
+ pnmk = (NMLVKEYDOWN *) lParam;
+
+ if (pnmk->wVKey == VK_DELETE) {
+ idx = -1;
+ while((idx = ListView_GetNextItem(hw_rlm, idx,
+ LVNI_SELECTED))
+ != -1) {
+ ZeroMemory(&lvi, sizeof(lvi));
+ lvi.iItem = idx;
+ lvi.iSubItem = 0;
+ lvi.mask = LVIF_PARAM;
+
+ ListView_GetItem(hw_rlm, &lvi);
+
+ if (lvi.lParam != -1 &&
+ (r = lvi.lParam) < d->n_realms) {
+ d->realms[r].flags ^= K5_RDFLAG_DELETED;
+ modified = TRUE;
+ }
+ }
+
+ if (modified) {
+ d->flags |= K5_CDFLAG_MOD_REALMS;
+
+ k5_purge_config_data(d, TRUE, TRUE, TRUE);
+ k5_update_realms_display(hw_rlm, d);
+ k5_update_dmap_display(GetDlgItem(hwnd, IDC_CFG_DMAP), NULL, 0);
+ k5_update_kdcs_display(GetDlgItem(hwnd, IDC_CFG_KDC), NULL, 0);
+ }
+ return TRUE;
+ }
+ }
+ break;
+ }
+ } else if (pnmh->idFrom == IDC_CFG_KDC) {
+ hw_kdc = pnmh->hwndFrom;
+
+ switch (pnmh->code) {
+ case LVN_BEGINLABELEDIT:
+ {
+ NMLVDISPINFO * pdisp;
+ LVITEM lvi;
+
+ pdisp = (NMLVDISPINFO *) lParam;
+
+ ZeroMemory(&lvi, sizeof(lvi));
+ lvi.iItem = pdisp->item.iItem;
+ lvi.mask = LVIF_PARAM;
+
+ ListView_GetItem(hw_kdc, &lvi);
+
+ if (pdisp->item.iItem == -1 ||
+ lvi.lParam != -1) {
+ SetWindowLongPtr(hwnd, DWL_MSGRESULT, TRUE);
+ } else {
+ /* allow editing */
+ HWND hw_edit;
+
+ hw_edit = ListView_GetEditControl(hw_kdc);
+ if (hw_edit != NULL) {
+ SendMessage(hw_edit,
+ EM_SETLIMITTEXT,
+ K5_MAXCCH_HOST - 1,
+ 0);
+ }
+ SetWindowLongPtr(hwnd, DWL_MSGRESULT, FALSE);
+ }
+ return TRUE;
+ }
+ break;
+
+ case LVN_ENDLABELEDIT:
+ {
+ NMLVDISPINFO * pdisp;
+ khm_size r;
+ khm_size k;
+
+ r = d->c_realm;
+
+ pdisp = (NMLVDISPINFO *) lParam;
+
+ if (pdisp->item.pszText) {
+ k = d->realms[r].n_kdcs;
+
+ if (k >= K5_MAX_KDC) {
+ SetWindowLongPtr(hwnd, DWL_MSGRESULT, FALSE);
+ /* TODO: show a message box saying
+ there are too many KDC's
+ already. */
+ return TRUE;
+ }
+
+ StringCbCopy(d->realms[r].kdcs[k].name,
+ sizeof(d->realms[0].kdcs[0].name),
+ pdisp->item.pszText);
+ d->realms[r].kdcs[k].flags = K5_RKFLAG_NEW;
+ d->realms[r].n_kdcs++;
+
+ d->realms[r].flags |= K5_RDFLAG_MODIFED;
+
+ k5_update_kdcs_display(hw_kdc, d, d->c_realm);
+ }
+ return TRUE;
+ }
+ break;
+
+ case LVN_KEYDOWN:
+ {
+#if 0
+ NMLVKEYDOWN * pnmk;
+ LVITEM lvi;
+ khm_size r;
+ int idx;
+ BOOL modified = FALSE;
+
+ pnmk = (NMLVKEYDOWN *) lParam;
+
+ if (pnmk->wVKey == VK_DELETE) {
+ idx = -1;
+ while((idx = ListView_GetNextItem(hw_rlm, idx,
+ LVNI_SELECTED))
+ != -1) {
+ ZeroMemory(&lvi, sizeof(lvi));
+ lvi.iItem = idx;
+ lvi.iSubItem = 0;
+ lvi.mask = LVIF_PARAM;
+
+ ListView_GetItem(hw_rlm, &lvi);
+
+ if (lvi.lParam != -1 &&
+ (r = lvi.lParam) < d->n_realms) {
+ d->realms[r].flags ^= K5_RDFLAG_DELETED;
+ modified = TRUE;
+ }
+ }
+
+ if (modified) {
+ d->flags |= K5_CDFLAG_MOD_REALMS;
+
+ k5_purge_config_data(d, TRUE, TRUE, TRUE);
+ k5_update_realms_display(hw_rlm, d);
+ k5_update_dmap_display(GetDlgItem(hwnd, IDC_CFG_DMAP), NULL, 0);
+ k5_update_kdcs_display(GetDlgItem(hwnd, IDC_CFG_KDC), NULL, 0);
+ }
+ return TRUE;
+ }
+#endif
+ }
+ break;
+ }
+ }
+ }
break;
case WM_DESTROY:
@@ -276,7 +1648,6 @@ k5_id_tab_dlgproc(HWND hwndDlg, return FALSE;
}
-
void
k5_register_config_panels(void) {
khui_config_node node;
@@ -308,6 +1679,7 @@ k5_register_config_panels(void) { #endif
}
+#ifdef REALM_EDITOR
ZeroMemory(®, sizeof(reg));
LoadString(hResModule, IDS_K5RLM_SHORT_DESC,
@@ -324,6 +1696,24 @@ k5_register_config_panels(void) { reg.flags = 0;
khui_cfg_register(node, ®);
+#endif
+
+ ZeroMemory(®, sizeof(reg));
+
+ LoadString(hResModule, IDS_K5CCC_SHORT_DESC,
+ wshort, ARRAYLENGTH(wshort));
+ LoadString(hResModule, IDS_K5CCC_LONG_DESC,
+ wlong, ARRAYLENGTH(wlong));
+
+ reg.name = L"KerberosCCaches";
+ reg.short_desc = wshort;
+ reg.long_desc = wlong;
+ reg.h_module = hResModule;
+ reg.dlg_template = MAKEINTRESOURCE(IDD_CFG_CACHES);
+ reg.dlg_proc = k5_ccconfig_dlgproc;
+ reg.flags = 0;
+
+ khui_cfg_register(node, ®);
khui_cfg_release(node);
@@ -374,9 +1764,12 @@ k5_register_config_panels(void) { void
k5_unregister_config_panels(void) {
khui_config_node node_main;
+#ifdef REALM_EDITOR
khui_config_node node_realms;
+#endif
khui_config_node node_ids;
khui_config_node node_tab;
+ khui_config_node node_ccaches;
if (KHM_FAILED(khui_cfg_open(NULL, L"Kerberos5", &node_main))) {
node_main = NULL;
@@ -385,6 +1778,7 @@ k5_unregister_config_panels(void) { #endif
}
+#ifdef REALM_EDITOR
if (KHM_SUCCEEDED(khui_cfg_open(node_main, L"KerberosRealms",
&node_realms))) {
khui_cfg_remove(node_realms);
@@ -394,6 +1788,17 @@ k5_unregister_config_panels(void) { else
assert(FALSE);
#endif
+#endif
+
+ if (KHM_SUCCEEDED(khui_cfg_open(node_main, L"KerberosCCaches",
+ &node_ccaches))) {
+ khui_cfg_remove(node_ccaches);
+ khui_cfg_release(node_ccaches);
+ }
+#ifdef DEBUG
+ else
+ assert(FALSE);
+#endif
if (node_main) {
khui_cfg_remove(node_main);
diff --git a/src/windows/identity/plugins/krb5/krb5configid.c b/src/windows/identity/plugins/krb5/krb5configid.c new file mode 100644 index 0000000000..17ab40929b --- /dev/null +++ b/src/windows/identity/plugins/krb5/krb5configid.c @@ -0,0 +1,254 @@ +/*
+ * Copyright (c) 2005 Massachusetts Institute of Technology
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use, copy,
+ * modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+/* $Id$ */
+
+#include<krbcred.h>
+#include<krb5.h>
+#include<assert.h>
+#include<lm.h>
+#include<commctrl.h>
+
+#pragma warning(push)
+#pragma warning(disable: 4995)
+#include<shlwapi.h>
+#pragma warning(pop)
+
+typedef struct tag_k5_id_dlg_data {
+ khui_config_init_data cfg;
+
+ khm_handle ident;
+
+ khui_tracker tc_life;
+ khui_tracker tc_renew;
+
+ wchar_t ccache[KRB5_MAXCCH_CCNAME];
+
+ time_t life;
+ time_t renew_life;
+} k5_id_dlg_data;
+
+static void
+k5_id_read_params(k5_id_dlg_data * d) {
+
+ wchar_t idname[KCDB_IDENT_MAXCCH_NAME];
+ khm_size cb;
+ khm_int32 rv;
+ khm_int32 t;
+ khm_handle csp_ident;
+ khm_handle csp_idroot = NULL;
+
+ cb = sizeof(idname);
+ khui_cfg_get_name(d->cfg.ctx_node, idname, &cb);
+
+ rv = kcdb_identity_create(idname, 0, &d->ident);
+#ifdef DEBUG
+ assert(KHM_SUCCEEDED(rv));
+#endif
+
+ rv = kcdb_identity_get_config(d->ident, 0, &csp_idroot);
+ if (KHM_SUCCEEDED(rv) &&
+ KHM_SUCCEEDED(khc_open_space(csp_idroot, CSNAME_KRB5CRED, 0,
+ &csp_ident))) {
+ khc_shadow_space(csp_ident, csp_params);
+ } else {
+ csp_ident = csp_params;
+ }
+
+ if (csp_idroot)
+ khc_close_space(csp_idroot);
+
+ rv = khc_read_int32(csp_ident, L"DefaultLifetime", &t);
+ if (KHM_SUCCEEDED(rv))
+ d->life = t;
+ else
+ d->life = 36000;
+
+ rv = khc_read_int32(csp_ident, L"DefaultRenewLifetime", &t);
+ if (KHM_SUCCEEDED(rv))
+ d->renew_life = t;
+ else
+ d->renew_life = 604800;
+
+ cb = sizeof(d->ccache);
+ rv = khc_read_string(csp_ident, L"DefaultCCName", d->ccache, &cb);
+ if (KHM_FAILED(rv))
+ ZeroMemory(d->ccache, sizeof(d->ccache));
+
+ khui_tracker_initialize(&d->tc_life);
+ d->tc_life.current = d->life;
+ d->tc_life.min = 0;
+ d->tc_life.max = 3600 * 24 * 7;
+
+ khui_tracker_initialize(&d->tc_renew);
+ d->tc_renew.current = d->renew_life;
+ d->tc_renew.min = 0;
+ d->tc_renew.max = 3600 * 24 * 30;
+
+ if (csp_ident != csp_params)
+ khc_close_space(csp_ident);
+}
+
+static khm_boolean
+k5_id_is_mod(HWND hw, k5_id_dlg_data * d) {
+ wchar_t ccache[KRB5_MAXCCH_CCNAME];
+
+ GetDlgItemText(hw, IDC_CFG_CCACHE, ccache, ARRAYLENGTH(ccache));
+
+ if (wcsicmp(ccache, d->ccache) ||
+ d->tc_renew.current != d->renew_life ||
+ d->tc_life.current != d->life)
+ return TRUE;
+ return FALSE;
+}
+
+static void
+k5_id_check_mod(HWND hw, k5_id_dlg_data * d) {
+ BOOL modified = k5_id_is_mod(hw, d);
+
+ khui_cfg_set_flags_inst(&d->cfg,
+ (modified)?KHUI_CNFLAG_MODIFIED:0,
+ KHUI_CNFLAG_MODIFIED);
+}
+
+static void
+k5_id_write_params(HWND hw, k5_id_dlg_data * d) {
+
+ khm_handle csp_idroot = NULL;
+ khm_handle csp_ident = NULL;
+ wchar_t ccache[KRB5_MAXCCH_CCNAME];
+ khm_size cb;
+ khm_int32 rv;
+
+ if (!k5_id_is_mod(hw, d))
+ return;
+
+ rv = kcdb_identity_get_config(d->ident, KHM_FLAG_CREATE, &csp_idroot);
+ if (KHM_SUCCEEDED(rv)) {
+ khc_open_space(csp_idroot, CSNAME_KRB5CRED,
+ KHM_FLAG_CREATE,
+ &csp_ident);
+ }
+
+ if (csp_idroot)
+ khc_close_space(csp_idroot);
+
+ if (!csp_ident)
+ return;
+
+ if (d->life != d->tc_life.current) {
+ d->life = d->tc_life.current;
+ khc_write_int32(csp_ident, L"DefaultLifetime", (khm_int32) d->life);
+ }
+
+ if (d->renew_life != d->tc_renew.current) {
+ d->renew_life = d->tc_renew.current;
+ khc_write_int32(csp_ident, L"DefaultRenewLifetime", (khm_int32) d->renew_life);
+ }
+
+ GetDlgItemText(hw, IDC_CFG_CCACHE, ccache, ARRAYLENGTH(ccache));
+
+ if (SUCCEEDED(StringCbLength(ccache, sizeof(ccache), &cb)) &&
+ wcsicmp(ccache, d->ccache)) {
+ khc_write_string(csp_ident, L"DefaultCCName", ccache);
+ StringCbCopy(d->ccache, sizeof(d->ccache), ccache);
+ } else {
+ khc_remove_value(csp_ident, L"DefaultCCName", KCONF_FLAG_USER);
+ }
+
+ if (csp_ident)
+ khc_close_space(csp_ident);
+
+ khui_cfg_set_flags_inst(&d->cfg,
+ KHUI_CNFLAG_APPLIED,
+ KHUI_CNFLAG_APPLIED | KHUI_CNFLAG_MODIFIED);
+}
+
+INT_PTR CALLBACK
+k5_id_tab_dlgproc(HWND hwnd,
+ UINT uMsg,
+ WPARAM wParam,
+ LPARAM lParam) {
+
+ k5_id_dlg_data * d;
+
+ switch(uMsg) {
+ case WM_INITDIALOG:
+ d = PMALLOC(sizeof(*d));
+#ifdef DEBUG
+ assert(d);
+#endif
+ ZeroMemory(d, sizeof(*d));
+
+ d->cfg = *((khui_config_init_data *) lParam);
+
+#pragma warning(push)
+#pragma warning(disable: 4244)
+ SetWindowLongPtr(hwnd, DWLP_USER, (LONG_PTR) d);
+#pragma warning(pop)
+
+ k5_id_read_params(d);
+
+ khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_DEFLIFE),
+ &d->tc_life);
+ khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_DEFRLIFE),
+ &d->tc_renew);
+ khui_tracker_refresh(&d->tc_life);
+ khui_tracker_refresh(&d->tc_renew);
+
+ SetDlgItemText(hwnd, IDC_CFG_CCACHE, d->ccache);
+ break;
+
+ case WM_COMMAND:
+ d = (k5_id_dlg_data *) (LONG_PTR)
+ GetWindowLongPtr(hwnd, DWLP_USER);
+
+ if (HIWORD(wParam) == EN_CHANGE)
+ k5_id_check_mod(hwnd, d);
+ break;
+
+ case KHUI_WM_CFG_NOTIFY:
+ d = (k5_id_dlg_data *) (LONG_PTR)
+ GetWindowLongPtr(hwnd, DWLP_USER);
+
+ if (HIWORD(wParam) == WMCFG_APPLY) {
+ k5_id_write_params(hwnd, d);
+ }
+ break;
+
+ case WM_DESTROY:
+ d = (k5_id_dlg_data *) (LONG_PTR)
+ GetWindowLongPtr(hwnd, DWLP_USER);
+
+ khui_tracker_kill_controls(&d->tc_life);
+ khui_tracker_kill_controls(&d->tc_renew);
+
+ if (d->ident)
+ kcdb_identity_release(d->ident);
+
+ PFREE(d);
+ break;
+ }
+ return FALSE;
+}
diff --git a/src/windows/identity/plugins/krb5/krb5configids.c b/src/windows/identity/plugins/krb5/krb5configids.c new file mode 100644 index 0000000000..4eebb9c629 --- /dev/null +++ b/src/windows/identity/plugins/krb5/krb5configids.c @@ -0,0 +1,250 @@ +/*
+ * Copyright (c) 2005 Massachusetts Institute of Technology
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use, copy,
+ * modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+/* $Id$ */
+
+#include<krbcred.h>
+#include<krb5.h>
+#include<assert.h>
+#include<lm.h>
+#include<commctrl.h>
+
+#pragma warning(push)
+#pragma warning(disable: 4995)
+#include<shlwapi.h>
+#pragma warning(pop)
+
+typedef struct tag_k5_ids_dlg_data {
+ khui_config_init_data cfg;
+
+ khui_tracker tc_life;
+ khui_tracker tc_renew;
+ khui_tracker tc_life_min;
+ khui_tracker tc_life_max;
+ khui_tracker tc_renew_min;
+ khui_tracker tc_renew_max;
+
+ time_t life;
+ time_t renew_life;
+ time_t life_min;
+ time_t life_max;
+ time_t renew_min;
+ time_t renew_max;
+} k5_ids_dlg_data;
+
+static khm_boolean
+k5_ids_is_mod(k5_ids_dlg_data * d) {
+ if (d->life != d->tc_life.current ||
+ d->renew_life != d->tc_renew.current ||
+ d->life_max != d->tc_life_max.current ||
+ d->life_min != d->tc_life_min.current ||
+ d->renew_max != d->tc_renew_max.current ||
+ d->renew_min != d->tc_renew_min.current)
+ return TRUE;
+ return FALSE;
+}
+
+static void
+k5_ids_check_mod(k5_ids_dlg_data * d) {
+ BOOL modified = k5_ids_is_mod(d);
+
+ khui_cfg_set_flags_inst(&d->cfg,
+ (modified)?KHUI_CNFLAG_MODIFIED:0,
+ KHUI_CNFLAG_MODIFIED);
+}
+
+static void
+k5_ids_write_params(k5_ids_dlg_data * d) {
+
+ khm_int32 rv;
+
+#ifdef DEBUG
+ assert(csp_params);
+#endif
+
+ if (!k5_ids_is_mod(d))
+ return;
+
+#define WRITEPARAM(po,pn,vn) \
+ if (po != pn) { \
+ po = pn; \
+ rv = khc_write_int32(csp_params, vn, (khm_int32) po); \
+ assert(KHM_SUCCEEDED(rv)); \
+ }
+
+ WRITEPARAM(d->life,d->tc_life.current, L"DefaultLifetime");
+ WRITEPARAM(d->renew_life,d->tc_renew.current, L"DefaultRenewLifetime");
+ WRITEPARAM(d->life_max,d->tc_life_max.current, L"MaxLifetime");
+ WRITEPARAM(d->life_min,d->tc_life_min.current, L"MinLifetime");
+ WRITEPARAM(d->renew_max,d->tc_renew_max.current, L"MaxRenewLifetime");
+ WRITEPARAM(d->renew_min,d->tc_renew_min.current, L"MinRenewLifetime");
+
+#undef WRITEPARAM
+
+ khui_cfg_set_flags_inst(&d->cfg,
+ KHUI_CNFLAG_APPLIED,
+ KHUI_CNFLAG_APPLIED | KHUI_CNFLAG_MODIFIED);
+}
+
+static void
+k5_ids_read_params(k5_ids_dlg_data * d) {
+ khm_int32 t;
+ khm_int32 rv;
+
+#ifdef DEBUG
+ assert(csp_params);
+#endif
+
+ rv = khc_read_int32(csp_params, L"DefaultLifetime", &t);
+ assert(KHM_SUCCEEDED(rv));
+ d->life = t;
+
+ rv = khc_read_int32(csp_params, L"DefaultRenewLifetime", &t);
+ assert(KHM_SUCCEEDED(rv));
+ d->renew_life = t;
+
+ rv = khc_read_int32(csp_params, L"MaxLifetime", &t);
+ assert(KHM_SUCCEEDED(rv));
+ d->life_max = t;
+
+ rv = khc_read_int32(csp_params, L"MinLifetime", &t);
+ assert(KHM_SUCCEEDED(rv));
+ d->life_min = t;
+
+ rv = khc_read_int32(csp_params, L"MaxRenewLifetime", &t);
+ assert(KHM_SUCCEEDED(rv));
+ d->renew_max = t;
+
+ rv = khc_read_int32(csp_params, L"MinRenewLifetime", &t);
+ assert(KHM_SUCCEEDED(rv));
+ d->renew_min = t;
+
+ khui_tracker_initialize(&d->tc_life);
+ d->tc_life.current = d->life;
+ d->tc_life.min = 0;
+ d->tc_life.max = 3600 * 24 * 7;
+
+ khui_tracker_initialize(&d->tc_renew);
+ d->tc_renew.current = d->renew_life;
+ d->tc_renew.min = 0;
+ d->tc_renew.max = 3600 * 24 * 30;
+
+ khui_tracker_initialize(&d->tc_life_min);
+ d->tc_life_min.current = d->life_min;
+ d->tc_life_min.min = d->tc_life.min;
+ d->tc_life_min.max = d->tc_life.max;
+
+ khui_tracker_initialize(&d->tc_life_max);
+ d->tc_life_max.current = d->life_max;
+ d->tc_life_max.min = d->tc_life.min;
+ d->tc_life_max.max = d->tc_life.max;
+
+ khui_tracker_initialize(&d->tc_renew_min);
+ d->tc_renew_min.current = d->renew_min;
+ d->tc_renew_min.min = d->tc_renew.min;
+ d->tc_renew_min.max = d->tc_renew.max;
+
+ khui_tracker_initialize(&d->tc_renew_max);
+ d->tc_renew_max.current = d->renew_max;
+ d->tc_renew_max.min = d->tc_renew.min;
+ d->tc_renew_max.max = d->tc_renew.max;
+}
+
+INT_PTR CALLBACK
+k5_ids_tab_dlgproc(HWND hwnd,
+ UINT uMsg,
+ WPARAM wParam,
+ LPARAM lParam) {
+ k5_ids_dlg_data * d;
+
+ switch(uMsg) {
+ case WM_INITDIALOG:
+ d = PMALLOC(sizeof(*d));
+#ifdef DEBUG
+ assert(d);
+#endif
+ ZeroMemory(d, sizeof(*d));
+#pragma warning(push)
+#pragma warning(disable: 4244)
+ SetWindowLongPtr(hwnd, DWLP_USER, (LONG_PTR) d);
+#pragma warning(pop)
+
+ d->cfg = *((khui_config_init_data *) lParam);
+
+ k5_ids_read_params(d);
+
+ khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_DEFLIFE),
+ &d->tc_life);
+ khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_DEFRLIFE),
+ &d->tc_renew);
+ khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_LRNG_MIN),
+ &d->tc_life_min);
+ khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_LRNG_MAX),
+ &d->tc_life_max);
+ khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_RLRNG_MIN),
+ &d->tc_renew_min);
+ khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_RLRNG_MAX),
+ &d->tc_renew_max);
+ khui_tracker_refresh(&d->tc_life);
+ khui_tracker_refresh(&d->tc_life_min);
+ khui_tracker_refresh(&d->tc_life_max);
+ khui_tracker_refresh(&d->tc_renew);
+ khui_tracker_refresh(&d->tc_renew_min);
+ khui_tracker_refresh(&d->tc_renew_max);
+ break;
+
+ case WM_COMMAND:
+ d = (k5_ids_dlg_data *) (LONG_PTR)
+ GetWindowLongPtr(hwnd, DWLP_USER);
+
+ if (HIWORD(wParam) == EN_CHANGE) {
+ k5_ids_check_mod(d);
+ }
+ break;
+
+ case KHUI_WM_CFG_NOTIFY:
+ d = (k5_ids_dlg_data *) (LONG_PTR)
+ GetWindowLongPtr(hwnd, DWLP_USER);
+ if (HIWORD(wParam) == WMCFG_APPLY) {
+ k5_ids_write_params(d);
+ }
+ break;
+
+ case WM_DESTROY:
+ d = (k5_ids_dlg_data *) (LONG_PTR)
+ GetWindowLongPtr(hwnd, DWLP_USER);
+
+ khui_tracker_kill_controls(&d->tc_life);
+ khui_tracker_kill_controls(&d->tc_renew);
+ khui_tracker_kill_controls(&d->tc_life_min);
+ khui_tracker_kill_controls(&d->tc_life_max);
+ khui_tracker_kill_controls(&d->tc_renew_min);
+ khui_tracker_kill_controls(&d->tc_renew_max);
+
+ PFREE(d);
+ break;
+ }
+ return FALSE;
+}
+
diff --git a/src/windows/identity/plugins/krb5/krb5funcs.c b/src/windows/identity/plugins/krb5/krb5funcs.c index d3c97fff2f..d1a897d631 100644 --- a/src/windows/identity/plugins/krb5/krb5funcs.c +++ b/src/windows/identity/plugins/krb5/krb5funcs.c @@ -1,5 +1,5 @@ /*
-* Copyright (c) 2004 Massachusetts Institute of Technology
+* Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -59,7 +59,7 @@ khm_convert524(krb5_context alt_ctx) !pkrb524_convert_creds_kdc)
return 0;
- v4creds = (CREDENTIALS *) malloc(sizeof(CREDENTIALS));
+ v4creds = (CREDENTIALS *) PMALLOC(sizeof(CREDENTIALS));
memset((char *) v4creds, 0, sizeof(CREDENTIALS));
memset((char *) &increds, 0, sizeof(increds));
@@ -140,7 +140,7 @@ khm_convert524(krb5_context alt_ctx) cleanup:
memset(v4creds, 0, sizeof(v4creds));
- free(v4creds);
+ PFREE(v4creds);
if (v5creds) {
pkrb5_free_creds(ctx, v5creds);
@@ -237,10 +237,10 @@ static long get_tickets_from_cache(krb5_context ctx, cc_name = (*pkrb5_cc_get_name)(ctx, cache);
if(cc_name) {
namelen = strlen(cc_name);
- namelen = (namelen + 1 + 4) * sizeof(wchar_t);
- /* the +4 is for the possible addtion of API: during the
- cannonicalization process */
- wcc_name = malloc(namelen);
+ namelen = (namelen + 1 + 5) * sizeof(wchar_t);
+ /* the +5 is for the possible addtion of API: or FILE:
+ during the cannonicalization process */
+ wcc_name = PMALLOC(namelen);
AnsiStrToUnicode(wcc_name, namelen, cc_name);
khm_krb5_canon_cc_name(wcc_name, namelen);
}
@@ -311,6 +311,7 @@ static long get_tickets_from_cache(krb5_context ctx, &KRBv5Credentials)))
{
khm_handle tident = NULL;
+ khm_int32 cred_flags = 0;
if(ClientName != NULL)
(*pkrb5_free_unparsed_name)(ctx, ClientName);
@@ -371,7 +372,7 @@ static long get_tickets_from_cache(krb5_context ctx, eft -= ft;
kcdb_cred_set_attr(cred, KCDB_ATTR_LIFETIME, &eft, sizeof(eft));
- if (KRBv5Credentials.times.renew_till >= 0) {
+ if (KRBv5Credentials.times.renew_till > 0) {
tt = KRBv5Credentials.times.renew_till;
TimetToFileTime(tt, (LPFILETIME) &eft);
kcdb_cred_set_attr(cred, KCDB_ATTR_RENEW_EXPIRE, &eft,
@@ -387,18 +388,29 @@ static long get_tickets_from_cache(krb5_context ctx, /* special flags understood by NetIDMgr */
{
- khm_int32 oflags, nflags;
-
- kcdb_cred_get_flags(cred, &oflags);
- nflags = oflags;
+ khm_int32 nflags = 0;
if (ti & TKT_FLG_RENEWABLE)
nflags |= KCDB_CRED_FLAG_RENEWABLE;
if (ti & TKT_FLG_INITIAL)
nflags |= KCDB_CRED_FLAG_INITIAL;
+ else {
+ krb5_data * c0, *c1, *r;
+
+ /* these are macros that do not allocate any memory */
+ c0 = krb5_princ_component(ctx,KRBv5Credentials.server,0);
+ c1 = krb5_princ_component(ctx,KRBv5Credentials.server,1);
+ r = krb5_princ_realm(ctx,KRBv5Credentials.server);
+
+ if ( c0 && c1 && r && c1->length == r->length &&
+ !strncmp(c1->data,r->data,r->length) &&
+ !strncmp("krbtgt",c0->data,c0->length) )
+ nflags |= KCDB_CRED_FLAG_INITIAL;
+ }
+
+ kcdb_cred_set_flags(cred, nflags, KCDB_CRED_FLAGMASK_EXT);
- if (oflags != nflags)
- kcdb_cred_set_flags(cred, nflags, KCDB_CRED_FLAGMASK_ALL);
+ cred_flags = nflags;
}
if ( !pkrb5_decode_ticket(&KRBv5Credentials.ticket, &tkt)) {
@@ -410,8 +422,8 @@ static long get_tickets_from_cache(krb5_context ctx, ti = KRBv5Credentials.keyblock.enctype;
kcdb_cred_set_attr(cred, attr_id_key_enctype, &ti, sizeof(ti));
-
- kcdb_cred_set_attr(cred, KCDB_ATTR_LOCATION, wcc_name, KCDB_CBSIZE_AUTO);
+ kcdb_cred_set_attr(cred, KCDB_ATTR_LOCATION, wcc_name,
+ KCDB_CBSIZE_AUTO);
/*TODO: going here */
#if 0
@@ -438,7 +450,8 @@ static long get_tickets_from_cache(krb5_context ctx, }
#endif
- if(KRBv5Credentials.ticket_flags & TKT_FLG_INITIAL) {
+ if(cred_flags & KCDB_CRED_FLAG_INITIAL) {
+ __int64 t_issue_new;
__int64 t_expire_old;
__int64 t_expire_new;
khm_size cb;
@@ -451,6 +464,9 @@ static long get_tickets_from_cache(krb5_context ctx, tt = KRBv5Credentials.times.endtime;
TimetToFileTime(tt, (LPFILETIME) &t_expire_new);
+ tt = KRBv5Credentials.times.starttime;
+ TimetToFileTime(tt, (LPFILETIME) &t_issue_new);
+
cb = sizeof(t_expire_old);
if(KHM_FAILED(kcdb_identity_get_attr(tident,
KCDB_ATTR_EXPIRE,
@@ -463,8 +479,11 @@ static long get_tickets_from_cache(krb5_context ctx, kcdb_identity_set_attr(tident, KCDB_ATTR_EXPIRE,
&t_expire_new,
sizeof(t_expire_new));
+ kcdb_identity_set_attr(tident, KCDB_ATTR_ISSUE,
+ &t_issue_new,
+ sizeof(t_issue_new));
- if (KRBv5Credentials.times.renew_till >= 0) {
+ if (KRBv5Credentials.times.renew_till > 0) {
tt = KRBv5Credentials.times.renew_till;
TimetToFileTime(tt, (LPFILETIME) &ft);
kcdb_identity_set_attr(tident,
@@ -525,7 +544,7 @@ static long get_tickets_from_cache(krb5_context ctx, _exit:
if(wcc_name)
- free(wcc_name);
+ PFREE(wcc_name);
return code;
}
@@ -534,11 +553,14 @@ long khm_krb5_list_tickets(krb5_context *krbv5Context)
{
krb5_context ctx;
- krb5_ccache cache;
+ krb5_ccache cache = 0;
krb5_error_code code;
- apiCB * cc_ctx = 0;
- struct _infoNC ** pNCi = NULL;
- int i;
+ apiCB * cc_ctx = 0;
+ struct _infoNC ** pNCi = NULL;
+ int i;
+ khm_int32 t;
+ wchar_t * ms = NULL;
+ khm_size cb;
ctx = NULL;
cache = NULL;
@@ -576,6 +598,49 @@ khm_krb5_list_tickets(krb5_context *krbv5Context) cache = 0;
}
+ if (KHM_SUCCEEDED(khc_read_int32(csp_params, L"MsLsaList", &t)) && t) {
+ code = (*pkrb5_cc_resolve)(ctx, "MSLSA:", &cache);
+
+ if (code == 0 && cache) {
+ code = get_tickets_from_cache(ctx, cache);
+ }
+
+ if (ctx != NULL && cache != NULL)
+ (*pkrb5_cc_close)(ctx, cache);
+ cache = 0;
+ }
+
+ if (khc_read_multi_string(csp_params, L"FileCCList", NULL, &cb)
+ == KHM_ERROR_TOO_LONG &&
+ cb > sizeof(wchar_t) * 2) {
+ wchar_t * t;
+ char ccname[MAX_PATH + 6];
+
+ ms = PMALLOC(cb);
+#ifdef DEBUG
+ assert(ms);
+#endif
+ khc_read_multi_string(csp_params, L"FileCCList", ms, &cb);
+
+ for(t = ms; t && *t; t = multi_string_next(t)) {
+ StringCchPrintfA(ccname, ARRAYLENGTH(ccname),
+ "FILE:%S", t);
+
+ code = (*pkrb5_cc_resolve)(ctx, ccname, &cache);
+
+ if (code)
+ continue;
+
+ code = get_tickets_from_cache(ctx, cache);
+
+ if (ctx != NULL && cache != NULL)
+ (*pkrb5_cc_close)(ctx, cache);
+ cache = 0;
+ }
+
+ PFREE(ms);
+ }
+
_exit:
if (pNCi)
(*pcc_free_NC_info)(cc_ctx, &pNCi);
@@ -585,7 +650,6 @@ _exit: kcdb_credset_collect(NULL, krb5_credset, NULL, credtype_id_krb5, NULL);
return(code);
-
}
int
@@ -615,10 +679,10 @@ khm_krb5_renew(khm_handle identity) realm = krb5_princ_realm(ctx, me);
code = pkrb5_build_principal_ext(ctx, &server,
- realm->length,realm->data,
- KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME,
- realm->length,realm->data,
- 0);
+ realm->length,realm->data,
+ KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME,
+ realm->length,realm->data,
+ 0);
if (code)
goto cleanup;
@@ -744,7 +808,7 @@ khm_krb5_kinit(krb5_context alt_ctx, while ( local_addrs[i++] );
addr_count = i + 1;
- addrs = (krb5_address **) malloc((addr_count+1) * sizeof(krb5_address *));
+ addrs = (krb5_address **) PMALLOC((addr_count+1) * sizeof(krb5_address *));
if ( !addrs ) {
pkrb5_free_addresses(ctx, local_addrs);
assert(0);
@@ -752,7 +816,7 @@ khm_krb5_kinit(krb5_context alt_ctx, memset(addrs, 0, sizeof(krb5_address *) * (addr_count+1));
i = 0;
while ( local_addrs[i] ) {
- addrs[i] = (krb5_address *)malloc(sizeof(krb5_address));
+ addrs[i] = (krb5_address *)PMALLOC(sizeof(krb5_address));
if (addrs[i] == NULL) {
pkrb5_free_addresses(ctx, local_addrs);
assert(0);
@@ -761,7 +825,7 @@ khm_krb5_kinit(krb5_context alt_ctx, addrs[i]->magic = local_addrs[i]->magic;
addrs[i]->addrtype = local_addrs[i]->addrtype;
addrs[i]->length = local_addrs[i]->length;
- addrs[i]->contents = (unsigned char *)malloc(addrs[i]->length);
+ addrs[i]->contents = (unsigned char *)PMALLOC(addrs[i]->length);
if (!addrs[i]->contents) {
pkrb5_free_addresses(ctx, local_addrs);
assert(0);
@@ -773,14 +837,14 @@ khm_krb5_kinit(krb5_context alt_ctx, }
pkrb5_free_addresses(ctx, local_addrs);
- addrs[i] = (krb5_address *)malloc(sizeof(krb5_address));
+ addrs[i] = (krb5_address *)PMALLOC(sizeof(krb5_address));
if (addrs[i] == NULL)
assert(0);
addrs[i]->magic = KV5M_ADDRESS;
addrs[i]->addrtype = AF_INET;
addrs[i]->length = 4;
- addrs[i]->contents = (unsigned char *)malloc(addrs[i]->length);
+ addrs[i]->contents = (unsigned char *)PMALLOC(addrs[i]->length);
if (!addrs[i]->contents)
assert(0);
@@ -814,8 +878,8 @@ cleanup: for ( i=0;i<addr_count;i++ ) {
if ( addrs[i] ) {
if ( addrs[i]->contents )
- free(addrs[i]->contents);
- free(addrs[i]);
+ PFREE(addrs[i]->contents);
+ PFREE(addrs[i]);
}
}
}
@@ -921,8 +985,19 @@ khm_krb5_canon_cc_name(wchar_t * wcc_name, colon = wcschr(wcc_name, L':');
- if (colon)
+ if (colon) {
+ /* if the colon is just 1 character away from the beginning,
+ it's a FILE: cc */
+ if (colon - wcc_name == 1) {
+ if (cb_len + 5 * sizeof(wchar_t) > cb_cc_name)
+ return KHM_ERROR_TOO_LONG;
+
+ memmove(&wcc_name[5], &wcc_name[0], cb_len);
+ memmove(&wcc_name[0], L"FILE:", sizeof(wchar_t) * 5);
+ }
+
return 0;
+ }
if (cb_len + 4 * sizeof(wchar_t) > cb_cc_name)
return KHM_ERROR_TOO_LONG;
@@ -1495,18 +1570,29 @@ cleanup: #define KRB_FILE "KRB.CON"
#define KRBREALM_FILE "KRBREALM.CON"
#define KRB5_FILE "KRB5.INI"
+#define KRB5_TMP_FILE "KRB5.INI.TMP"
+
+BOOL
+khm_krb5_get_temp_profile_file(LPSTR confname, UINT szConfname)
+{
+ GetTempPathA(szConfname, confname);
+ confname[szConfname-1] = '\0';
+ StringCchCatA(confname, szConfname, KRB5_TMP_FILE);
+ confname[szConfname-1] = '\0';
+ return FALSE;
+}
BOOL
-khm_get_profile_file(LPSTR confname, UINT szConfname)
+khm_krb5_get_profile_file(LPSTR confname, UINT szConfname)
{
char **configFile = NULL;
if (pkrb5_get_default_config_files(&configFile))
{
GetWindowsDirectoryA(confname,szConfname);
confname[szConfname-1] = '\0';
- strncat(confname, "\\",sizeof(confname)-strlen(confname));
+ strncat(confname, "\\",sizeof(confname)-strlen(confname));
confname[szConfname-1] = '\0';
- strncat(confname, KRB5_FILE,sizeof(confname)-strlen(confname));
+ strncat(confname, KRB5_FILE,sizeof(confname)-strlen(confname));
confname[szConfname-1] = '\0';
return FALSE;
}
@@ -1523,9 +1609,9 @@ khm_get_profile_file(LPSTR confname, UINT szConfname) {
GetWindowsDirectoryA(confname,szConfname);
confname[szConfname-1] = '\0';
- strncat(confname, "\\",sizeof(confname)-strlen(confname));
+ strncat(confname, "\\",sizeof(confname)-strlen(confname));
confname[szConfname-1] = '\0';
- strncat(confname, KRB5_FILE,sizeof(confname)-strlen(confname));
+ strncat(confname, KRB5_FILE,sizeof(confname)-strlen(confname));
confname[szConfname-1] = '\0';
}
@@ -1540,7 +1626,7 @@ khm_get_krb4_con_file(LPSTR confname, UINT szConfname) LPSTR pFind;
//strcpy(krbConFile, CLeashApp::m_krbv5_profile->first_file->filename);
- if (khm_get_profile_file(krbConFile, sizeof(krbConFile))) {
+ if (khm_krb5_get_profile_file(krbConFile, sizeof(krbConFile))) {
GetWindowsDirectoryA(krbConFile,sizeof(krbConFile));
krbConFile[MAX_PATH-1] = '\0';
strncat(krbConFile, "\\",sizeof(krbConFile)-strlen(krbConFile));
@@ -1634,7 +1720,7 @@ wchar_t * khm_krb5_get_realm_list(void) char krb5_conf[MAX_PATH+1];
- if (!khm_get_profile_file(krb5_conf,sizeof(krb5_conf))) {
+ if (!khm_krb5_get_profile_file(krb5_conf,sizeof(krb5_conf))) {
profile_t profile;
long retval;
const char *filenames[2];
@@ -1659,7 +1745,7 @@ wchar_t * khm_krb5_get_realm_list(void) }
cbsize += sizeof(wchar_t); /* double null terminated */
- rlist = malloc(cbsize);
+ rlist = PMALLOC(cbsize);
d = rlist;
for (cpp = sections; *cpp; cpp++)
{
@@ -1697,7 +1783,7 @@ wchar_t * khm_krb5_get_realm_list(void) /*TODO: compute the actual required buffer size instead of hardcoding */
cbsize = 16384; // arbitrary
- rlist = malloc(cbsize);
+ rlist = PMALLOC(cbsize);
d = rlist;
// Skip the default realm
@@ -1760,7 +1846,7 @@ wchar_t * khm_krb5_get_default_realm(void) if (def) {
cch = strlen(def) + 1;
- realm = malloc(sizeof(wchar_t) * cch);
+ realm = PMALLOC(sizeof(wchar_t) * cch);
AnsiStrToUnicode(realm, sizeof(wchar_t) * cch, def);
pkrb5_free_default_realm(ctx, def);
} else
@@ -1771,6 +1857,32 @@ wchar_t * khm_krb5_get_default_realm(void) return realm;
}
+long
+khm_krb5_set_default_realm(wchar_t * realm) {
+ krb5_context ctx=0;
+ char * def = 0;
+ long rv = 0;
+ char astr[K5_MAXCCH_REALM];
+
+ UnicodeStrToAnsi(astr, sizeof(astr), realm);
+
+ pkrb5_init_context(&ctx);
+ pkrb5_get_default_realm(ctx,&def);
+
+ if ((def && strcmp(def, astr)) ||
+ !def) {
+ rv = pkrb5_set_default_realm(ctx, astr);
+ }
+
+ if (def) {
+ pkrb5_free_default_realm(ctx, def);
+ }
+
+ pkrb5_free_context(ctx);
+
+ return rv;
+}
+
wchar_t * khm_get_realm_from_princ(wchar_t * princ) {
wchar_t * t;
@@ -1858,7 +1970,7 @@ khm_krb5_changepwd(char * principal, (result_string.length ? (sizeof(": ") - 1) : 0) +
result_string.length;
if (len && error_str) {
- *error_str = malloc(len + 1);
+ *error_str = PMALLOC(len + 1);
if (*error_str)
StringCchPrintfA(*error_str, len+1,
"%.*s%s%.*s",
@@ -1887,3 +1999,13 @@ khm_krb5_changepwd(char * principal, return rc;
}
+
+khm_int32 KHMAPI
+khm_krb5_creds_is_equal(khm_handle vcred1, khm_handle vcred2, void * dummy) {
+ if (kcdb_creds_comp_attr(vcred1, vcred2, KCDB_ATTR_LOCATION) ||
+ kcdb_creds_comp_attr(vcred1, vcred2, attr_id_key_enctype) ||
+ kcdb_creds_comp_attr(vcred1, vcred2, attr_id_tkt_enctype))
+ return 1;
+ else
+ return 0;
+}
diff --git a/src/windows/identity/plugins/krb5/krb5funcs.h b/src/windows/identity/plugins/krb5/krb5funcs.h index 79ca95646a..6c2c3eb6b9 100644 --- a/src/windows/identity/plugins/krb5/krb5funcs.h +++ b/src/windows/identity/plugins/krb5/krb5funcs.h @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -90,6 +90,9 @@ khm_krb5_renew(khm_handle identity); wchar_t *
khm_krb5_get_default_realm(void);
+long
+khm_krb5_set_default_realm(wchar_t * realm);
+
wchar_t *
khm_krb5_get_realm_list(void);
@@ -116,6 +119,12 @@ khm_krb5_cc_name_cmp(const wchar_t * cc_name_1, const wchar_t * cc_name_2);
BOOL
-khm_get_profile_file(LPSTR confname, UINT szConfname);
+khm_krb5_get_profile_file(LPSTR confname, UINT szConfname);
+
+BOOL
+khm_krb5_get_temp_profile_file(LPSTR confname, UINT szConfname);
+
+khm_int32 KHMAPI
+khm_krb5_creds_is_equal(khm_handle vcred1, khm_handle vcred2, void * dummy);
#endif
diff --git a/src/windows/identity/plugins/krb5/krb5identpro.c b/src/windows/identity/plugins/krb5/krb5identpro.c index c568e49d03..dd4782e6f3 100644 --- a/src/windows/identity/plugins/krb5/krb5identpro.c +++ b/src/windows/identity/plugins/krb5/krb5identpro.c @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -49,6 +49,7 @@ typedef struct tag_k5_new_cred_data { HWND hw_realm;
} k5_new_cred_data;
+/* Runs in the UI thread */
int
k5_get_realm_from_nc(khui_new_creds * nc,
wchar_t * buf,
@@ -118,6 +119,7 @@ set_identity_from_ui(khui_new_creds * nc, return;
}
+/* runs in the UI thread */
static BOOL
update_crossfeed(khui_new_creds * nc,
k5_new_cred_data * d,
@@ -127,6 +129,7 @@ update_crossfeed(khui_new_creds * nc, wchar_t realm[KCDB_IDENT_MAXCCH_NAME];
khm_size cch;
khm_size cch_left;
+ int idx;
cch = (khm_size) GetWindowTextLength(d->hw_username);
#ifdef DEBUG
@@ -145,6 +148,38 @@ update_crossfeed(khui_new_creds * nc, return FALSE;
if (ctrl_id_src == K5_NCID_UN) {
+
+ idx = (int)SendMessage(d->hw_realm,
+ CB_FINDSTRINGEXACT,
+ (WPARAM) -1,
+ (LPARAM) un_realm);
+
+ if (idx != CB_ERR) {
+ wchar_t srealm[KCDB_IDENT_MAXCCH_NAME];
+
+ cch = SendMessage(d->hw_realm,
+ CB_GETLBTEXTLEN,
+ (WPARAM) idx,
+ 0);
+
+#ifdef DEBUG
+ assert(cch < ARRAYLENGTH(srealm) - 1);
+#endif
+ SendMessage(d->hw_realm,
+ CB_GETLBTEXT,
+ (WPARAM) idx,
+ (LPARAM) srealm);
+
+ if (!wcsicmp(srealm, un_realm) && wcscmp(srealm, un_realm)) {
+ /* differ only by case */
+
+ StringCchCopy(un_realm, ARRAYLENGTH(un) - (un_realm - un),
+ srealm);
+
+ SetWindowText(d->hw_username, un);
+ }
+ }
+
SendMessage(d->hw_realm,
CB_SELECTSTRING,
(WPARAM) -1,
@@ -170,6 +205,26 @@ update_crossfeed(khui_new_creds * nc, GetWindowText(d->hw_realm, realm,
ARRAYLENGTH(realm));
+ idx = (int)SendMessage(d->hw_realm,
+ CB_FINDSTRINGEXACT,
+ (WPARAM) -1,
+ (LPARAM) realm);
+
+ if (idx != CB_ERR) {
+ wchar_t srealm[KCDB_IDENT_MAXCCH_NAME];
+
+ SendMessage(d->hw_realm,
+ CB_GETLBTEXT,
+ (WPARAM) idx,
+ (LPARAM) srealm);
+
+ if (!wcsicmp(srealm, realm) && wcscmp(srealm, realm)) {
+ StringCbCopy(realm, sizeof(realm), srealm);
+
+ SetWindowText(d->hw_realm, srealm);
+ }
+ }
+
StringCchCopy(un_realm, cch_left, realm);
SendMessage(d->hw_username,
@@ -258,6 +313,7 @@ ui_cb(khui_new_creds * nc, UINT uMsg,
WPARAM wParam,
LPARAM lParam) {
+
k5_new_cred_data * d;
d = (k5_new_cred_data *) nc->ident_aux;
@@ -285,7 +341,7 @@ ui_cb(khui_new_creds * nc, assert(hw_parent != NULL);
#endif
- d = malloc(sizeof(*d));
+ d = PMALLOC(sizeof(*d));
assert(d);
ZeroMemory(d, sizeof(*d));
@@ -385,7 +441,7 @@ ui_cb(khui_new_creds * nc, if (rv != KHM_ERROR_TOO_LONG)
goto _add_lru_realms;
- ms = malloc(cb_ms);
+ ms = PMALLOC(cb_ms);
assert(ms != NULL);
cb = cb_ms;
@@ -430,13 +486,13 @@ ui_cb(khui_new_creds * nc, if (ms != NULL) {
if (cb_ms < cb) {
- free(ms);
- ms = malloc(cb);
+ PFREE(ms);
+ ms = PMALLOC(cb);
assert(ms);
cb_ms = cb;
}
} else {
- ms = malloc(cb);
+ ms = PMALLOC(cb);
cb_ms = cb;
}
@@ -476,10 +532,10 @@ ui_cb(khui_new_creds * nc, }
if (defrealm)
- free(defrealm);
+ PFREE(defrealm);
if (ms)
- free(ms);
+ PFREE(ms);
/* now see about that default identity */
if (nc->ctx.identity) {
@@ -553,7 +609,7 @@ ui_cb(khui_new_creds * nc, /* since we created all the windows as child windows of
the new creds window, they will be destroyed when that
window is destroyed. */
- free(d);
+ PFREE(d);
}
return TRUE;
}
@@ -598,6 +654,20 @@ k5_ident_valiate_name(khm_int32 msg_type, return KHM_ERROR_SUCCESS;
}
+static void
+k5_update_last_default_identity(khm_handle ident) {
+ wchar_t idname[KCDB_IDENT_MAXCCH_NAME];
+ khm_size cb;
+
+ cb = sizeof(idname);
+ if (KHM_FAILED(kcdb_identity_get_name(ident, idname, &cb)))
+ return;
+
+ assert(csp_params);
+
+ khc_write_string(csp_params, L"LastDefaultIdent", idname);
+}
+
static khm_int32
k5_ident_set_default(khm_int32 msg_type,
khm_int32 msg_subtype,
@@ -702,9 +772,10 @@ k5_ident_set_default(khm_int32 msg_type, RegCloseKey(hk_ccname);
- if (l == ERROR_SUCCESS)
+ if (l == ERROR_SUCCESS) {
+ k5_update_last_default_identity(def_ident);
return KHM_ERROR_SUCCESS;
- else
+ } else
return KHM_ERROR_UNKNOWN;
} else if (dw > ARRAYLENGTH(env_ccname)) {
@@ -721,8 +792,10 @@ k5_ident_set_default(khm_int32 msg_type, /* if the %KRB5CCNAME is the same as the identity
ccache, then it is already the default. */
- if (!khm_krb5_cc_name_cmp(id_ccname, env_ccname))
+ if (!khm_krb5_cc_name_cmp(id_ccname, env_ccname)) {
+ k5_update_last_default_identity(def_ident);
return KHM_ERROR_SUCCESS;
+ }
/* if not, we have to copy the contents of id_ccname
to env_ccname */
@@ -734,8 +807,10 @@ k5_ident_set_default(khm_int32 msg_type, env_ccname,
id_ccname);
- if (code == 0)
+ if (code == 0) {
+ k5_update_last_default_identity(def_ident);
khm_krb5_list_tickets(&ctx);
+ }
if (ctx)
pkrb5_free_context(ctx);
@@ -784,6 +859,17 @@ k5_ident_notify_create(khm_int32 msg_type, khm_size cb;
khm_handle ident;
+ /* if there is a default identity already, we assume we don't need
+ to check this one. */
+
+ khm_handle def_ident;
+
+ if (KHM_SUCCEEDED(kcdb_identity_get_default(&def_ident))) {
+ kcdb_identity_release(def_ident);
+
+ return KHM_ERROR_SUCCESS;
+ }
+
ident = (khm_handle) vparam;
assert(k5_identpro_ctx != NULL);
@@ -829,7 +915,6 @@ k5_ident_notify_create(khm_int32 msg_type, if (cc)
pkrb5_cc_close(k5_identpro_ctx, cc);
-
return KHM_ERROR_SUCCESS;
}
@@ -842,6 +927,7 @@ k5_ident_update_apply_proc(khm_handle cred, khm_int32 t;
khm_int32 flags;
__int64 t_expire;
+ __int64 t_cexpire;
__int64 t_rexpire;
khm_size cb;
khm_int32 rv = KHM_ERROR_SUCCESS;
@@ -851,32 +937,34 @@ k5_ident_update_apply_proc(khm_handle cred, KHM_FAILED(kcdb_cred_get_identity(cred, &ident)))
return KHM_ERROR_SUCCESS;
- if (ident != tident)
+ if (!kcdb_identity_is_equal(ident,tident))
goto _cleanup;
if (KHM_FAILED(kcdb_cred_get_flags(cred, &flags)))
flags = 0;
- cb = sizeof(t_expire);
- if (KHM_SUCCEEDED(kcdb_cred_get_attr(cred,
- KCDB_ATTR_EXPIRE,
- NULL,
- &t_expire,
- &cb))) {
- __int64 t_cexpire;
-
+ if (flags & KCDB_CRED_FLAG_INITIAL) {
cb = sizeof(t_cexpire);
- if ((flags & KCDB_CRED_FLAG_INITIAL) ||
- KHM_FAILED(kcdb_identity_get_attr(tident,
- KCDB_ATTR_EXPIRE,
- NULL,
- &t_cexpire,
- &cb)) ||
- t_cexpire > t_expire)
- kcdb_identity_set_attr(tident, KCDB_ATTR_EXPIRE,
- &t_expire, sizeof(t_expire));
- } else if (flags & KCDB_CRED_FLAG_INITIAL) {
- kcdb_identity_set_attr(tident, KCDB_ATTR_EXPIRE, NULL, 0);
+ if (KHM_SUCCEEDED(kcdb_cred_get_attr(cred,
+ KCDB_ATTR_EXPIRE,
+ NULL,
+ &t_cexpire,
+ &cb))) {
+ t_expire = 0;
+ cb = sizeof(t_expire);
+ if (KHM_FAILED(kcdb_identity_get_attr(tident,
+ KCDB_ATTR_EXPIRE,
+ NULL,
+ &t_expire,
+ &cb)) ||
+ (t_cexpire > t_expire))
+ kcdb_identity_set_attr(tident, KCDB_ATTR_EXPIRE,
+ &t_cexpire, sizeof(t_cexpire));
+ } else {
+ kcdb_identity_set_attr(tident, KCDB_ATTR_EXPIRE, NULL, 0);
+ }
+ } else {
+ goto _cleanup;
}
cb = sizeof(ccname);
@@ -890,16 +978,14 @@ k5_ident_update_apply_proc(khm_handle cred, kcdb_identity_set_attr(tident, attr_id_krb5_ccname,
NULL, 0);
}
-
- if (!(flags & KCDB_CRED_FLAG_INITIAL))
- goto _cleanup;
-
+
cb = sizeof(t);
if (KHM_SUCCEEDED(kcdb_cred_get_attr(cred,
attr_id_krb5_flags,
NULL,
&t,
&cb))) {
+
kcdb_identity_set_attr(tident, attr_id_krb5_flags,
&t, sizeof(t));
@@ -939,6 +1025,13 @@ k5_ident_update(khm_int32 msg_type, void * vparam) {
khm_handle ident;
+ khm_handle tident;
+ krb5_ccache cc = NULL;
+ char * ccname;
+ krb5_error_code code;
+ khm_size cb;
+ wchar_t wid_ccname[MAX_PATH];
+ wchar_t w_ccname[MAX_PATH];
ident = (khm_handle) vparam;
if (ident == NULL)
@@ -948,6 +1041,42 @@ k5_ident_update(khm_int32 msg_type, k5_ident_update_apply_proc,
(void *) ident);
+ if (KHM_SUCCEEDED(kcdb_identity_get_default(&tident))) {
+ kcdb_identity_release(tident);
+ goto _iu_cleanup;
+ }
+
+ cb = sizeof(wid_ccname);
+ if (KHM_FAILED(kcdb_identity_get_attr(ident,
+ attr_id_krb5_ccname,
+ NULL,
+ wid_ccname,
+ &cb)))
+ goto _iu_cleanup;
+
+ if(k5_identpro_ctx == NULL)
+ goto _iu_cleanup;
+
+ code = pkrb5_cc_default(k5_identpro_ctx, &cc);
+ if (code)
+ goto _iu_cleanup;
+
+ ccname = pkrb5_cc_get_name(k5_identpro_ctx, cc);
+ if (ccname == NULL)
+ goto _iu_cleanup;
+
+ AnsiStrToUnicode(w_ccname, sizeof(w_ccname), ccname);
+
+ khm_krb5_canon_cc_name(w_ccname, sizeof(w_ccname));
+ khm_krb5_canon_cc_name(wid_ccname, sizeof(wid_ccname));
+
+ if (!wcsicmp(w_ccname, wid_ccname))
+ kcdb_identity_set_default_int(ident);
+
+ _iu_cleanup:
+ if (cc && k5_identpro_ctx)
+ pkrb5_cc_close(k5_identpro_ctx, cc);
+
return KHM_ERROR_SUCCESS;
}
@@ -965,6 +1094,7 @@ k5_ident_init(khm_int32 msg_type, char * princ_nameA = NULL;
wchar_t princ_nameW[KCDB_IDENT_MAXCCH_NAME];
khm_handle ident = NULL;
+ khm_boolean found_default = FALSE;
assert(k5_identpro_ctx != NULL);
@@ -995,6 +1125,8 @@ k5_ident_init(khm_int32 msg_type, kcdb_identity_set_default_int(ident);
+ found_default = TRUE;
+
_nc_cleanup:
if (princ_nameA)
pkrb5_free_unparsed_name(k5_identpro_ctx,
@@ -1008,6 +1140,25 @@ k5_ident_init(khm_int32 msg_type, if (ident)
kcdb_identity_release(ident);
+ if (!found_default) {
+ wchar_t widname[KCDB_IDENT_MAXCCH_NAME];
+ khm_size cb;
+
+ cb = sizeof(widname);
+
+ assert(csp_params);
+
+ if (KHM_SUCCEEDED(khc_read_string(csp_params, L"LastDefaultIdent",
+ widname, &cb))) {
+ ident = NULL;
+ kcdb_identity_create(widname, KCDB_IDENT_FLAG_CREATE, &ident);
+ if (ident) {
+ kcdb_identity_set_default_int(ident);
+ kcdb_identity_release(ident);
+ }
+ }
+ }
+
return KHM_ERROR_SUCCESS;
}
@@ -1106,3 +1257,121 @@ k5_msg_ident(khm_int32 msg_type, return KHM_ERROR_SUCCESS;
}
+
+khm_int32 KHMAPI
+k5_ident_name_comp_func(const void * dl, khm_size cb_dl,
+ const void * dr, khm_size cb_dr) {
+ wchar_t * idl = (wchar_t *) dl;
+ wchar_t * idr = (wchar_t *) dr;
+ wchar_t * rl;
+ wchar_t * rr;
+ khm_int32 r;
+
+ rl = khm_get_realm_from_princ(idl);
+ rr = khm_get_realm_from_princ(idr);
+
+ if (rl == NULL && rr == NULL)
+ return wcscmp(idl, idr);
+ else if (rl == NULL)
+ return 1;
+ else if (rr == NULL)
+ return -1;
+
+ r = wcscmp(rl, rr);
+ if (r == 0)
+ return wcscmp(idl, idr);
+ else
+ return r;
+}
+
+khm_int32
+k5_msg_system_idpro(khm_int32 msg_type, khm_int32 msg_subtype,
+ khm_ui_4 uparam, void * vparam) {
+
+ switch(msg_subtype) {
+ case KMSG_SYSTEM_INIT:
+ {
+
+ pkrb5_init_context(&k5_identpro_ctx);
+ kcdb_identity_set_type(credtype_id_krb5);
+
+ if (KHM_FAILED(kcdb_type_get_id(TYPENAME_KRB5_PRINC,
+ &type_id_krb5_princ))) {
+ kcdb_type dt;
+ kcdb_type * pstr;
+
+ kcdb_type_get_info(KCDB_TYPE_STRING, &pstr);
+
+ ZeroMemory(&dt, sizeof(dt));
+ dt.name = TYPENAME_KRB5_PRINC;
+ dt.id = KCDB_TYPE_INVALID;
+ dt.flags = KCDB_TYPE_FLAG_CB_AUTO;
+ dt.cb_min = pstr->cb_min;
+ dt.cb_max = pstr->cb_max;
+ dt.toString = pstr->toString;
+ dt.isValid = pstr->isValid;
+ dt.comp = k5_ident_name_comp_func;
+ dt.dup = pstr->dup;
+
+ kcdb_type_register(&dt, &type_id_krb5_princ);
+
+ type_regd_krb5_princ = TRUE;
+
+ kcdb_type_release_info(pstr);
+ }
+
+ if (type_id_krb5_princ != -1) {
+ kcdb_attrib * attr;
+
+ kcdb_attrib_get_info(KCDB_ATTR_ID_NAME, &attr);
+
+ attr->type = type_id_krb5_princ;
+
+ kcdb_attrib_release_info(attr);
+ }
+ }
+ break;
+
+ case KMSG_SYSTEM_EXIT:
+ {
+ if (k5_identpro_ctx) {
+ pkrb5_free_context(k5_identpro_ctx);
+ k5_identpro_ctx = NULL;
+ }
+
+ if (type_id_krb5_princ != -1) {
+ kcdb_attrib * attr;
+
+ kcdb_attrib_get_info(KCDB_ATTR_ID_NAME, &attr);
+
+ attr->type = KCDB_TYPE_STRING;
+
+ kcdb_attrib_release_info(attr);
+ }
+
+ /* allow a brief moment for any stale references to die */
+ Sleep(100);
+
+ if (type_regd_krb5_princ) {
+ kcdb_type_unregister(type_id_krb5_princ);
+ }
+ }
+ break;
+ }
+
+ return KHM_ERROR_SUCCESS;
+}
+
+khm_int32 KHMAPI
+k5_ident_callback(khm_int32 msg_type, khm_int32 msg_subtype,
+ khm_ui_4 uparam, void * vparam) {
+ switch(msg_type) {
+ case KMSG_SYSTEM:
+ return k5_msg_system_idpro(msg_type, msg_subtype, uparam, vparam);
+
+ case KMSG_IDENT:
+ return k5_msg_ident(msg_type, msg_subtype, uparam, vparam);
+ }
+
+ return KHM_ERROR_SUCCESS;
+}
diff --git a/src/windows/identity/plugins/krb5/main.c b/src/windows/identity/plugins/krb5/krb5main.c index db996d951b..7bf121dd0c 100644 --- a/src/windows/identity/plugins/krb5/main.c +++ b/src/windows/identity/plugins/krb5/krb5main.c @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -35,10 +35,12 @@ const wchar_t * k5_facility = L"Krb5"; khm_int32 type_id_enctype = -1;
khm_int32 type_id_addr_list = -1;
khm_int32 type_id_krb5_flags = -1;
+khm_int32 type_id_krb5_princ = -1;
BOOL type_regd_enctype = FALSE;
BOOL type_regd_addr_list = FALSE;
BOOL type_regd_krb5_flags = FALSE;
+BOOL type_regd_krb5_princ = FALSE;
khm_int32 attr_id_key_enctype = -1;
khm_int32 attr_id_tkt_enctype = -1;
@@ -89,13 +91,25 @@ KHMEXP khm_int32 KHMAPI init_module(kmm_module h_module) { pi.name = KRB5_PLUGIN_NAME;
pi.type = KHM_PITYPE_CRED;
pi.icon = NULL; /*TODO: Assign icon */
- pi.flags = KHM_PIFLAG_IDENTITY_PROVIDER;
+ pi.flags = 0;
pi.msg_proc = k5_msg_callback;
pi.description = buf;
LoadString(hResModule, IDS_PLUGIN_DESC,
buf, ARRAYLENGTH(buf));
kmm_provide_plugin(h_module, &pi);
+ ZeroMemory(&pi, sizeof(pi));
+ pi.name = KRB5_IDENTPRO_NAME;
+ pi.type = KHM_PITYPE_IDENT;
+ pi.icon = NULL; /* ignored */
+ pi.flags = 0;
+ pi.msg_proc = k5_ident_callback;
+ pi.description = buf;
+ pi.dependencies = KRB5_PLUGIN_NAME L"\0";
+ LoadString(hResModule, IDS_IDENTPRO_DESC,
+ buf, ARRAYLENGTH(buf));
+ kmm_provide_plugin(h_module, &pi);
+
if(KHM_FAILED(rv = init_imports()))
goto _exit;
diff --git a/src/windows/identity/plugins/krb5/krb5newcreds.c b/src/windows/identity/plugins/krb5/krb5newcreds.c index 968e0e2903..fc36d2c20e 100644 --- a/src/windows/identity/plugins/krb5/krb5newcreds.c +++ b/src/windows/identity/plugins/krb5/krb5newcreds.c @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -63,7 +63,7 @@ k5_handle_wm_initdialog(HWND hwnd, k5_dlg_data * d;
khui_new_creds_by_type * nct;
- d = malloc(sizeof(*d));
+ d = PMALLOC(sizeof(*d));
ZeroMemory(d, sizeof(*d));
/* lParam is a pointer to a khui_new_creds structure */
d->nc = (khui_new_creds *) lParam;
@@ -116,7 +116,7 @@ k5_handle_wm_destroy(HWND hwnd, khui_tracker_kill_controls(&d->tc_lifetime);
}
- free(d);
+ PFREE(d);
return TRUE;
}
@@ -200,7 +200,7 @@ k5_handle_wmnc_notify(HWND hwnd, break;
if(nct->credtext)
- free(nct->credtext);
+ PFREE(nct->credtext);
nct->credtext = NULL;
tbuf[0] = L'\0';
@@ -227,7 +227,7 @@ k5_handle_wmnc_notify(HWND hwnd, StringCbLength(sbuf, sizeof(sbuf), &cbsize);
cbsize += sizeof(wchar_t);
- nct->credtext = malloc(cbsize);
+ nct->credtext = PMALLOC(cbsize);
StringCbCopy(nct->credtext, cbsize, sbuf);
} else if (nc->n_identities > 0 &&
@@ -242,7 +242,7 @@ k5_handle_wmnc_notify(HWND hwnd, StringCbLength(sbuf, sizeof(sbuf), &cbsize);
cbsize += sizeof(wchar_t);
- nct->credtext = malloc(cbsize);
+ nct->credtext = PMALLOC(cbsize);
StringCbCopy(nct->credtext, cbsize, sbuf);
} else {
@@ -251,7 +251,7 @@ k5_handle_wmnc_notify(HWND hwnd, &cbsize);
cbsize += sizeof(wchar_t);
- nct->credtext = malloc(cbsize);
+ nct->credtext = PMALLOC(cbsize);
StringCbCopy(nct->credtext, cbsize, d->cred_message);
}
@@ -1131,7 +1131,7 @@ k5_prep_kinit_job(khui_new_creds * nc) g_fjob.nc = nc;
g_fjob.nct = nct;
g_fjob.dialog = nct->hwnd_panel;
- g_fjob.principal = malloc(size);
+ g_fjob.principal = PMALLOC(size);
UnicodeStrToAnsi(g_fjob.principal, size, idname);
g_fjob.password = NULL;
g_fjob.lifetime = (krb5_deltat) d->tc_lifetime.current;
@@ -1155,7 +1155,7 @@ k5_prep_kinit_job(khui_new_creds * nc) SUCCEEDED(StringCchLength(pdlginfo->in.ccache,
NETID_CCACHE_NAME_SZ,
&size))) {
- g_fjob.ccache = malloc(sizeof(char) * (size + 1));
+ g_fjob.ccache = PMALLOC(sizeof(char) * (size + 1));
#ifdef DEBUG
assert(g_fjob.ccache);
#endif
@@ -1210,16 +1210,16 @@ void k5_free_kinit_job(void)
{
if (g_fjob.principal)
- free(g_fjob.principal);
+ PFREE(g_fjob.principal);
if (g_fjob.password)
- free(g_fjob.password);
+ PFREE(g_fjob.password);
if (g_fjob.identity)
kcdb_identity_release(g_fjob.identity);
if (g_fjob.ccache)
- free(g_fjob.ccache);
+ PFREE(g_fjob.ccache);
ZeroMemory(&g_fjob, sizeof(g_fjob));
}
@@ -1272,7 +1272,7 @@ k5_msg_cred_dialog(khm_int32 msg_type, nc = (khui_new_creds *) vparam;
- nct = malloc(sizeof(*nct));
+ nct = PMALLOC(sizeof(*nct));
ZeroMemory(nct, sizeof(*nct));
nct->type = credtype_id_krb5;
@@ -1283,7 +1283,7 @@ k5_msg_cred_dialog(khm_int32 msg_type, StringCbLength(wbuf, sizeof(wbuf), &cbsize);
cbsize += sizeof(wchar_t);
- nct->name = malloc(cbsize);
+ nct->name = PMALLOC(cbsize);
StringCbCopy(nct->name, cbsize, wbuf);
nct->h_module = hResModule;
@@ -1304,7 +1304,7 @@ k5_msg_cred_dialog(khm_int32 msg_type, nc = (khui_new_creds *) vparam;
- nct = malloc(sizeof(*nct));
+ nct = PMALLOC(sizeof(*nct));
ZeroMemory(nct, sizeof(*nct));
nct->type = credtype_id_krb5;
@@ -1350,7 +1350,7 @@ k5_msg_cred_dialog(khm_int32 msg_type, 0, (LPARAM) t);
t = multi_string_next(t);
}
- free(realms);
+ PFREE(realms);
}
/* and set the default realm */
@@ -1364,7 +1364,7 @@ k5_msg_cred_dialog(khm_int32 msg_type, SendDlgItemMessage(hwnd, IDC_NCK5_REALM,
WM_SETTEXT,
0, (LPARAM) defrealm);
- free(defrealm);
+ PFREE(defrealm);
}
} else { /* if krb5 is the identity provider */
HWND hw_realms;
@@ -1526,14 +1526,15 @@ k5_msg_cred_dialog(khm_int32 msg_type, password */
if(g_fjob.code) {
if (is_k5_identpro)
- kcdb_identity_set_flags(ident,
+ kcdb_identity_set_flags(ident,
+ KCDB_IDENT_FLAG_INVALID,
KCDB_IDENT_FLAG_INVALID);
khui_cw_clear_prompts(nc);
}
if (d->cred_message) {
- free(d->cred_message);
+ PFREE(d->cred_message);
d->cred_message = NULL;
}
@@ -1576,7 +1577,7 @@ k5_msg_cred_dialog(khm_int32 msg_type, StringCbLength(msg, sizeof(msg), &cb);
cb += sizeof(wchar_t);
- d->cred_message = malloc(cb);
+ d->cred_message = PMALLOC(cb);
StringCbCopy(d->cred_message, cb, msg);
}
@@ -1587,6 +1588,7 @@ k5_msg_cred_dialog(khm_int32 msg_type, if(is_k5_identpro)
kcdb_identity_set_flags(ident,
+ KCDB_IDENT_FLAG_VALID,
KCDB_IDENT_FLAG_VALID);
} else {
/* huh?? */
@@ -1688,12 +1690,12 @@ k5_msg_cred_dialog(khm_int32 msg_type, (nc->n_identities == 0 ||
nc->identities[0] == NULL ||
KHM_SUCCEEDED(kcdb_credset_find_filtered
- (NULL,
- -1,
- k5_find_tgt_filter,
- nc->identities[0],
- NULL,
- NULL))))
+ (NULL,
+ -1,
+ k5_find_tgt_filter,
+ nc->identities[0],
+ NULL,
+ NULL))))
g_fjob.code = 0;
@@ -1776,7 +1778,7 @@ k5_msg_cred_dialog(khm_int32 msg_type, &cb);
assert(rv == KHM_ERROR_TOO_LONG);
- idname = malloc(cb);
+ idname = PMALLOC(cb);
assert(idname);
rv = kcdb_identity_get_name(nc->identities[0],
@@ -1793,7 +1795,7 @@ k5_msg_cred_dialog(khm_int32 msg_type, else
cb_ms += cb + sizeof(wchar_t);
- wbuf = malloc(cb_ms);
+ wbuf = PMALLOC(cb_ms);
assert(wbuf);
cb = cb_ms;
@@ -1838,8 +1840,8 @@ k5_msg_cred_dialog(khm_int32 msg_type, &cb);
if (rv == KHM_ERROR_TOO_LONG) {
- free(wbuf);
- wbuf = malloc(cb);
+ PFREE(wbuf);
+ wbuf = PMALLOC(cb);
assert(wbuf);
cb_ms = cb;
@@ -1886,10 +1888,10 @@ k5_msg_cred_dialog(khm_int32 msg_type, pkrb5_free_context(ctx);
if (idname)
- free(idname);
+ PFREE(idname);
if (wbuf)
- free(wbuf);
+ PFREE(wbuf);
} else if (g_fjob.state == FIBER_STATE_NONE) {
/* the user cancelled the operation */
r = KHUI_NC_RESPONSE_EXIT |
@@ -1921,6 +1923,12 @@ k5_msg_cred_dialog(khm_int32 msg_type, _end_task();
} else if (nc->subtype == KMSG_CRED_RENEW_CREDS) {
+ __int64 ftidexp = 0;
+ __int64 ftcurrent;
+ khm_size cb;
+
+ GetSystemTimeAsFileTime((LPFILETIME) &ftcurrent);
+
_begin_task(0);
_report_mr0(KHERR_NONE, MSG_CTX_RENEW_CREDS);
_describe();
@@ -1930,10 +1938,20 @@ k5_msg_cred_dialog(khm_int32 msg_type, nc->ctx.cred_type == credtype_id_krb5)) {
int code;
- if (nc->ctx.identity != 0)
+ if (nc->ctx.identity != 0) {
+ /* get the current identity expiration time */
+ cb = sizeof(ftidexp);
+
+ kcdb_identity_get_attr(nc->ctx.identity,
+ KCDB_ATTR_EXPIRE,
+ NULL,
+ &ftidexp,
+ &cb);
+
code = khm_krb5_renew(nc->ctx.identity);
- else
+ } else {
code = 1; /* it just has to be non-zero */
+ }
if (code == 0) {
khui_cw_set_response(nc, credtype_id_krb5,
@@ -1946,6 +1964,29 @@ k5_msg_cred_dialog(khm_int32 msg_type, khui_cw_set_response(nc, credtype_id_krb5,
KHUI_NC_RESPONSE_EXIT |
KHUI_NC_RESPONSE_FAILED);
+ } else if (ftcurrent < ftidexp) {
+ wchar_t tbuf[1024];
+ DWORD suggestion;
+ kherr_suggestion sug_id;
+
+ /* if we failed to get new tickets, but the
+ identity isstill valid, then we assume that
+ the current tickets are still good enough
+ for other credential types to obtain their
+ credentials. */
+
+ khm_err_describe(code, tbuf, sizeof(tbuf),
+ &suggestion, &sug_id);
+
+ _report_cs0(KHERR_WARNING, tbuf);
+ if (suggestion)
+ _suggest_mr(suggestion, sug_id);
+
+ _resolve();
+
+ khui_cw_set_response(nc, credtype_id_krb5,
+ KHUI_NC_RESPONSE_EXIT |
+ KHUI_NC_RESPONSE_SUCCESS);
} else {
wchar_t tbuf[1024];
DWORD suggestion;
@@ -2049,14 +2090,14 @@ k5_msg_cred_dialog(khm_int32 msg_type, }
if (wcscmp(wnpwd, wnpwd2)) {
- rv = KHM_ERROR_INVALID_PARM;
+ rv = KHM_ERROR_INVALID_PARAM;
_report_mr0(KHERR_ERROR, MSG_PWD_NOT_SAME);
_suggest_mr(MSG_PWD_S_NOT_SAME, KHERR_SUGGEST_INTERACT);
goto _pwd_exit;
}
if (!wcscmp(wpwd, wnpwd)) {
- rv = KHM_ERROR_INVALID_PARM;
+ rv = KHM_ERROR_INVALID_PARAM;
_report_mr0(KHERR_ERROR, MSG_PWD_SAME);
_suggest_mr(MSG_PWD_S_SAME, KHERR_SUGGEST_INTERACT);
goto _pwd_exit;
@@ -2082,7 +2123,7 @@ k5_msg_cred_dialog(khm_int32 msg_type, StringCchLengthA(result, KHERR_MAXCCH_STRING,
&len);
- wresult = malloc((len + 1) * sizeof(wchar_t));
+ wresult = PMALLOC((len + 1) * sizeof(wchar_t));
#ifdef DEBUG
assert(wresult);
#endif
@@ -2092,8 +2133,8 @@ k5_msg_cred_dialog(khm_int32 msg_type, _report_cs1(KHERR_ERROR, L"%1!s!", _cstr(wresult));
_resolve();
- free(result);
- free(wresult);
+ PFREE(result);
+ PFREE(wresult);
/* leave wresult. It will get freed when the
reported event is freed. */
@@ -2149,10 +2190,12 @@ k5_msg_cred_dialog(khm_int32 msg_type, khui_cw_del_type(nc, credtype_id_krb5);
- if(nct->name)
- free(nct->name);
+ if (nct->name)
+ PFREE(nct->name);
+ if (nct->credtext)
+ PFREE(nct->credtext);
- free(nct);
+ PFREE(nct);
}
break;
diff --git a/src/windows/identity/plugins/krb5/krb5plugin.c b/src/windows/identity/plugins/krb5/krb5plugin.c index 4b53ed3e8f..ecfde2f5a7 100644 --- a/src/windows/identity/plugins/krb5/krb5plugin.c +++ b/src/windows/identity/plugins/krb5/krb5plugin.c @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -47,91 +47,90 @@ krb5_context k5_identpro_ctx = NULL; /* The system message handler.
Runs in the context of the plugin thread */
-khm_int32 KHMAPI k5_msg_system(khm_int32 msg_type, khm_int32 msg_subtype, khm_ui_4 uparam, void * vparam)
+khm_int32 KHMAPI
+k5_msg_system(khm_int32 msg_type, khm_int32 msg_subtype,
+ khm_ui_4 uparam, void * vparam)
{
khm_int32 rv = KHM_ERROR_SUCCESS;
switch(msg_subtype) {
- case KMSG_SYSTEM_INIT:
- {
- kcdb_credtype ct;
- wchar_t buf[KCDB_MAXCCH_SHORT_DESC];
- size_t cbsize;
-
- /* perform critical registrations and initialization
- stuff */
- ZeroMemory(&ct, sizeof(ct));
- ct.id = KCDB_CREDTYPE_AUTO;
- ct.name = KRB5_CREDTYPE_NAME;
-
- if(LoadString(hResModule, IDS_KRB5_SHORT_DESC, buf, ARRAYLENGTH(buf)))
- {
- StringCbLength(buf, KCDB_MAXCB_SHORT_DESC, &cbsize);
- cbsize += sizeof(wchar_t);
- ct.short_desc = malloc(cbsize);
- StringCbCopy(ct.short_desc, cbsize, buf);
- }
-
- /* even though ideally we should be setting limits
- based KCDB_MAXCB_LONG_DESC, our long description
- actually fits nicely in KCDB_MAXCB_SHORT_DESC */
- if(LoadString(hResModule, IDS_KRB5_LONG_DESC, buf, ARRAYLENGTH(buf)))
- {
- StringCbLength(buf, KCDB_MAXCB_SHORT_DESC, &cbsize);
- cbsize += sizeof(wchar_t);
- ct.long_desc = malloc(cbsize);
- StringCbCopy(ct.long_desc, cbsize, buf);
- }
+ case KMSG_SYSTEM_INIT:
+ {
+ kcdb_credtype ct;
+ wchar_t buf[KCDB_MAXCCH_SHORT_DESC];
+ size_t cbsize;
+
+ /* perform critical registrations and initialization
+ stuff */
+ ZeroMemory(&ct, sizeof(ct));
+ ct.id = KCDB_CREDTYPE_AUTO;
+ ct.name = KRB5_CREDTYPE_NAME;
+
+ if(LoadString(hResModule, IDS_KRB5_SHORT_DESC,
+ buf, ARRAYLENGTH(buf))) {
+ StringCbLength(buf, KCDB_MAXCB_SHORT_DESC, &cbsize);
+ cbsize += sizeof(wchar_t);
+ ct.short_desc = PMALLOC(cbsize);
+ StringCbCopy(ct.short_desc, cbsize, buf);
+ }
- ct.icon = NULL; /* TODO: set a proper icon */
+ /* even though ideally we should be setting limits
+ based KCDB_MAXCB_LONG_DESC, our long description
+ actually fits nicely in KCDB_MAXCB_SHORT_DESC */
+ if(LoadString(hResModule, IDS_KRB5_LONG_DESC,
+ buf, ARRAYLENGTH(buf))) {
+ StringCbLength(buf, KCDB_MAXCB_SHORT_DESC, &cbsize);
+ cbsize += sizeof(wchar_t);
+ ct.long_desc = PMALLOC(cbsize);
+ StringCbCopy(ct.long_desc, cbsize, buf);
+ }
- kmq_create_subscription(k5_msg_callback, &ct.sub);
+ ct.icon = NULL; /* TODO: set a proper icon */
- rv = kcdb_credtype_register(&ct, &credtype_id_krb5);
+ kmq_create_subscription(k5_msg_callback, &ct.sub);
- if(KHM_SUCCEEDED(rv))
- rv = kcdb_credset_create(&krb5_credset);
+ ct.is_equal = khm_krb5_creds_is_equal;
- if(ct.short_desc)
- free(ct.short_desc);
+ rv = kcdb_credtype_register(&ct, &credtype_id_krb5);
- if(ct.long_desc)
- free(ct.long_desc);
+ if(KHM_SUCCEEDED(rv))
+ rv = kcdb_credset_create(&krb5_credset);
- if (is_k5_identpro)
- kcdb_identity_set_type(credtype_id_krb5);
+ if(ct.short_desc)
+ PFREE(ct.short_desc);
- if(KHM_SUCCEEDED(rv)) {
- krb5_context ctx = NULL;
+ if(ct.long_desc)
+ PFREE(ct.long_desc);
- krb5_initialized = TRUE;
+ if(KHM_SUCCEEDED(rv)) {
+ krb5_context ctx = NULL;
- khm_krb5_list_tickets(&ctx);
+ krb5_initialized = TRUE;
- if(ctx != NULL)
- pkrb5_free_context(ctx);
+ if(ctx != NULL)
+ pkrb5_free_context(ctx);
- /* now convert this thread to a fiber and create a
- separate fiber to do kinit stuff */
- k5_main_fiber = ConvertThreadToFiber(NULL);
- k5_kinit_fiber = CreateFiber(0,k5_kinit_fiber_proc,NULL);
+ /* now convert this thread to a fiber and create a
+ separate fiber to do kinit stuff */
+ k5_main_fiber = ConvertThreadToFiber(NULL);
+ k5_kinit_fiber = CreateFiber(0,k5_kinit_fiber_proc,NULL);
- ZeroMemory(&g_fjob, sizeof(g_fjob));
+ ZeroMemory(&g_fjob, sizeof(g_fjob));
- kmq_create_subscription(k5_msg_callback, &k5_sub);
+ kmq_create_subscription(k5_msg_callback, &k5_sub);
- pkrb5_init_context(&k5_identpro_ctx);
+ k5_register_config_panels();
- k5_register_config_panels();
- }
+ khm_krb5_list_tickets(&ctx);
}
- break;
+ }
+ break;
- case KMSG_SYSTEM_EXIT:
+ case KMSG_SYSTEM_EXIT:
- k5_unregister_config_panels();
+ k5_unregister_config_panels();
- if(credtype_id_krb5 >= 0)
+ if(credtype_id_krb5 >= 0)
{
/* basically just unregister the credential type */
kcdb_credtype_unregister(credtype_id_krb5);
@@ -141,22 +140,19 @@ khm_int32 KHMAPI k5_msg_system(khm_int32 msg_type, khm_int32 msg_subtype, khm_ui krb5_credset = NULL;
}
- if(k5_main_fiber != NULL) {
- ConvertFiberToThread();
- k5_main_fiber = NULL;
- }
+ if(k5_main_fiber != NULL) {
+#if (_WIN32_WINNT >= 0x0501)
+ ConvertFiberToThread();
+#endif
+ k5_main_fiber = NULL;
+ }
- if(k5_sub != NULL) {
- kmq_delete_subscription(k5_sub);
- k5_sub = NULL;
- }
+ if(k5_sub != NULL) {
+ kmq_delete_subscription(k5_sub);
+ k5_sub = NULL;
+ }
- if (k5_identpro_ctx) {
- pkrb5_free_context(k5_identpro_ctx);
- k5_identpro_ctx = NULL;
- }
-
- break;
+ break;
}
return rv;
@@ -167,45 +163,47 @@ khm_int32 KHMAPI k5_msg_system(khm_int32 msg_type, khm_int32 msg_subtype, khm_ui Runs in the context of the Krb5 plugin
*/
-khm_int32 KHMAPI k5_msg_cred(khm_int32 msg_type, khm_int32 msg_subtype, khm_ui_4 uparam, void * vparam)
+khm_int32 KHMAPI
+k5_msg_cred(khm_int32 msg_type, khm_int32 msg_subtype,
+ khm_ui_4 uparam, void * vparam)
{
khm_int32 rv = KHM_ERROR_SUCCESS;
switch(msg_subtype) {
- case KMSG_CRED_REFRESH:
- {
- krb5_context ctx = NULL;
+ case KMSG_CRED_REFRESH:
+ {
+ krb5_context ctx = NULL;
- khm_krb5_list_tickets(&ctx);
+ khm_krb5_list_tickets(&ctx);
- if(ctx != NULL)
- pkrb5_free_context(ctx);
- }
- break;
+ if(ctx != NULL)
+ pkrb5_free_context(ctx);
+ }
+ break;
- case KMSG_CRED_DESTROY_CREDS:
- {
- khui_action_context * ctx;
+ case KMSG_CRED_DESTROY_CREDS:
+ {
+ khui_action_context * ctx;
- ctx = (khui_action_context *) vparam;
+ ctx = (khui_action_context *) vparam;
- if (ctx->credset)
- khm_krb5_destroy_by_credset(ctx->credset);
- }
- break;
-
- case KMSG_CRED_PP_BEGIN:
- k5_pp_begin((khui_property_sheet *) vparam);
- break;
-
- case KMSG_CRED_PP_END:
- k5_pp_end((khui_property_sheet *) vparam);
- break;
-
- default:
- if(IS_CRED_ACQ_MSG(msg_subtype))
- return k5_msg_cred_dialog(msg_type, msg_subtype,
- uparam, vparam);
+ if (ctx->credset)
+ khm_krb5_destroy_by_credset(ctx->credset);
+ }
+ break;
+
+ case KMSG_CRED_PP_BEGIN:
+ k5_pp_begin((khui_property_sheet *) vparam);
+ break;
+
+ case KMSG_CRED_PP_END:
+ k5_pp_end((khui_property_sheet *) vparam);
+ break;
+
+ default:
+ if(IS_CRED_ACQ_MSG(msg_subtype))
+ return k5_msg_cred_dialog(msg_type, msg_subtype,
+ uparam, vparam);
}
return rv;
@@ -216,15 +214,15 @@ khm_int32 KHMAPI k5_msg_cred(khm_int32 msg_type, khm_int32 msg_subtype, khm_ui_4 Runs in the context of the Krb5 plugin
*/
-khm_int32 KHMAPI k5_msg_callback(khm_int32 msg_type, khm_int32 msg_subtype, khm_ui_4 uparam, void * vparam)
+khm_int32 KHMAPI
+k5_msg_callback(khm_int32 msg_type, khm_int32 msg_subtype,
+ khm_ui_4 uparam, void * vparam)
{
switch(msg_type) {
- case KMSG_SYSTEM:
- return k5_msg_system(msg_type, msg_subtype, uparam, vparam);
- case KMSG_CRED:
- return k5_msg_cred(msg_type, msg_subtype, uparam, vparam);
- case KMSG_IDENT:
- return k5_msg_ident(msg_type, msg_subtype, uparam, vparam);
+ case KMSG_SYSTEM:
+ return k5_msg_system(msg_type, msg_subtype, uparam, vparam);
+ case KMSG_CRED:
+ return k5_msg_cred(msg_type, msg_subtype, uparam, vparam);
}
return KHM_ERROR_SUCCESS;
}
diff --git a/src/windows/identity/plugins/krb5/krb5props.c b/src/windows/identity/plugins/krb5/krb5props.c index 9134de2925..0d8d27276e 100644 --- a/src/windows/identity/plugins/krb5/krb5props.c +++ b/src/windows/identity/plugins/krb5/krb5props.c @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -30,6 +30,9 @@ #include<commctrl.h>
#include<strsafe.h>
#include<krb5.h>
+#ifdef DEBUG
+#include<assert.h>
+#endif
/* Property page
@@ -42,44 +45,99 @@ INT_PTR CALLBACK krb5_pp_proc(HWND hwnd, )
{
switch(uMsg) {
- case WM_INITDIALOG:
- {
- khui_property_sheet * s;
- PROPSHEETPAGE * p;
- wchar_t buf[512];
- khm_size cbsize;
-
- p = (PROPSHEETPAGE *) lParam;
- s = (khui_property_sheet *) p->lParam;
+ case WM_INITDIALOG:
+ {
+ khui_property_sheet * s;
+ PROPSHEETPAGE * p;
+ wchar_t buf[512];
+ wchar_t unavailable[64];
+ khm_size cbsize;
+ khm_int32 rv;
+ khm_int32 tflags;
+
+ p = (PROPSHEETPAGE *) lParam;
+ s = (khui_property_sheet *) p->lParam;
#pragma warning(push)
#pragma warning(disable: 4244)
- SetWindowLongPtr(hwnd, DWLP_USER, (LONG_PTR) s);
+ SetWindowLongPtr(hwnd, DWLP_USER, (LONG_PTR) s);
#pragma warning(pop)
- if(s->cred) {
- cbsize = sizeof(buf);
- kcdb_cred_get_name(s->cred, buf, &cbsize);
- SetDlgItemText(hwnd, IDC_PPK5_NAME, buf);
+ LoadString(hResModule, IDS_UNAVAILABLE,
+ unavailable, ARRAYLENGTH(unavailable));
- cbsize = sizeof(buf);
- kcdb_cred_get_attr_string(s->cred, KCDB_ATTR_ISSUE, buf, &cbsize, 0);
- SetDlgItemText(hwnd, IDC_PPK5_ISSUE, buf);
+ if(s->cred) {
+ cbsize = sizeof(buf);
+ kcdb_cred_get_name(s->cred, buf, &cbsize);
+ SetDlgItemText(hwnd, IDC_PPK5_NAME, buf);
- cbsize = sizeof(buf);
- kcdb_cred_get_attr_string(s->cred, KCDB_ATTR_EXPIRE, buf, &cbsize, 0);
+ cbsize = sizeof(buf);
+ rv = kcdb_cred_get_attr_string(s->cred,
+ KCDB_ATTR_ISSUE,
+ buf, &cbsize, 0);
+ if (KHM_SUCCEEDED(rv))
+ SetDlgItemText(hwnd, IDC_PPK5_ISSUE, buf);
+ else
+ SetDlgItemText(hwnd, IDC_PPK5_ISSUE, unavailable);
+
+ cbsize = sizeof(buf);
+ rv = kcdb_cred_get_attr_string(s->cred,
+ KCDB_ATTR_EXPIRE,
+ buf, &cbsize, 0);
+ if (KHM_SUCCEEDED(rv))
SetDlgItemText(hwnd, IDC_PPK5_VALID, buf);
-
- cbsize = sizeof(buf);
- kcdb_cred_get_attr_string(s->cred, KCDB_ATTR_RENEW_EXPIRE, buf, &cbsize, 0);
+ else
+ SetDlgItemText(hwnd, IDC_PPK5_VALID, unavailable);
+
+ cbsize = sizeof(buf);
+ rv = kcdb_cred_get_attr_string(s->cred,
+ KCDB_ATTR_RENEW_EXPIRE,
+ buf, &cbsize, 0);
+ if (KHM_SUCCEEDED(rv))
SetDlgItemText(hwnd, IDC_PPK5_RENEW, buf);
+ else
+ SetDlgItemText(hwnd, IDC_PPK5_RENEW, unavailable);
+
+ tflags = 0;
+ cbsize = sizeof(tflags);
+ rv = kcdb_cred_get_attr(s->cred,
+ attr_id_krb5_flags,
+ NULL,
+ &tflags,
+ &cbsize);
+ if (KHM_SUCCEEDED(rv)) {
+
+#define ADDBITFLAG(f,s) \
+ if (tflags & f) { \
+ LoadString(hResModule, s, buf, ARRAYLENGTH(buf)); \
+ SendDlgItemMessage(hwnd, IDC_PPK5_FLAGS, LB_ADDSTRING, 0, (LPARAM) buf); \
+ }
+
+ ADDBITFLAG(TKT_FLG_FORWARDABLE, IDS_FLG_FORWARDABLE);
+ ADDBITFLAG(TKT_FLG_FORWARDED, IDS_FLG_FORWARDED);
+ ADDBITFLAG(TKT_FLG_PROXIABLE, IDS_FLG_PROXIABLE);
+ ADDBITFLAG(TKT_FLG_PROXY, IDS_FLG_PROXY);
+ ADDBITFLAG(TKT_FLG_MAY_POSTDATE, IDS_FLG_MAY_POSTDATE);
+ ADDBITFLAG(TKT_FLG_POSTDATED, IDS_FLG_POSTDATED);
+ ADDBITFLAG(TKT_FLG_INVALID, IDS_FLG_INVALID);
+ ADDBITFLAG(TKT_FLG_RENEWABLE, IDS_FLG_RENEWABLE);
+ ADDBITFLAG(TKT_FLG_INITIAL, IDS_FLG_INITIAL);
+ ADDBITFLAG(TKT_FLG_PRE_AUTH, IDS_FLG_PRE_AUTH);
+ ADDBITFLAG(TKT_FLG_HW_AUTH, IDS_FLG_HW_AUTH);
+ ADDBITFLAG(TKT_FLG_TRANSIT_POLICY_CHECKED, IDS_FLG_TRANSIT_POL);
+ ADDBITFLAG(TKT_FLG_OK_AS_DELEGATE, IDS_FLG_OK_DELEGATE);
+ ADDBITFLAG(TKT_FLG_ANONYMOUS, IDS_FLG_ANONYMOUS);
+
+#undef ADDBITFLAG
- /*TODO: select other properties */
- } else {
- /*TODO: select properties */
}
+ } else {
+#ifdef DEBUG
+ assert(FALSE);
+#endif
}
- return FALSE;
+ }
+ return FALSE;
}
return FALSE;
@@ -89,14 +147,15 @@ void k5_pp_begin(khui_property_sheet * s) {
PROPSHEETPAGE *p;
- if(s->credtype == credtype_id_krb5) {
- p = malloc(sizeof(*p));
+ if(s->credtype == credtype_id_krb5 &&
+ s->cred) {
+ p = PMALLOC(sizeof(*p));
ZeroMemory(p, sizeof(*p));
p->dwSize = sizeof(*p);
p->dwFlags = 0;
p->hInstance = hResModule;
- p->pszTemplate = (s->cred)? MAKEINTRESOURCE(IDD_PP_KRB5C): MAKEINTRESOURCE(IDD_PP_KRB5);
+ p->pszTemplate = MAKEINTRESOURCE(IDD_PP_KRB5C);
p->pfnDlgProc = krb5_pp_proc;
p->lParam = (LPARAM) s;
khui_ps_add_page(s, credtype_id_krb5, 0, p, NULL);
@@ -110,7 +169,7 @@ void k5_pp_end(khui_property_sheet * s) khui_ps_find_page(s, credtype_id_krb5, &p);
if(p) {
if(p->p_page)
- free(p->p_page);
+ PFREE(p->p_page);
p->p_page = NULL;
}
}
diff --git a/src/windows/identity/plugins/krb5/krb5util.c b/src/windows/identity/plugins/krb5/krb5util.c index b892531afc..7be0f8e260 100644 --- a/src/windows/identity/plugins/krb5/krb5util.c +++ b/src/windows/identity/plugins/krb5/krb5util.c @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -178,8 +178,8 @@ make_postfix( base_size = strlen(base) + 1;
ret_size = base_size + strlen(postfix) + 1;
- copy = malloc(base_size);
- ret = malloc(ret_size);
+ copy = PMALLOC(base_size);
+ ret = PMALLOC(ret_size);
if (!copy || !ret)
goto cleanup;
@@ -194,9 +194,9 @@ make_postfix( cleanup:
if (!copy || !ret) {
if (copy)
- free(copy);
+ PFREE(copy);
if (ret)
- free(ret);
+ PFREE(ret);
copy = ret = 0;
}
// INVARIANT: (ret ==> copy) && (copy ==> ret)
@@ -218,7 +218,7 @@ make_temp_cache_v4( if (old_cache) {
pdest_tkt();
pkrb_set_tkt_string(old_cache);
- free(old_cache);
+ PFREE(old_cache);
old_cache = 0;
}
@@ -230,7 +230,7 @@ make_temp_cache_v4( return KFAILURE;
pkrb_set_tkt_string(tmp_cache);
- free(tmp_cache);
+ PFREE(tmp_cache);
}
return 0;
}
@@ -259,7 +259,7 @@ make_temp_cache_v5( if (!pkrb5_cc_resolve(ctx, pkrb5_cc_default_name(ctx), &cc))
pkrb5_cc_destroy(ctx, cc);
pkrb5_cc_set_default_name(ctx, old_cache);
- free(old_cache);
+ PFREE(old_cache);
old_cache = 0;
}
if (ctx) {
@@ -291,7 +291,7 @@ make_temp_cache_v5( ctx = 0;
}
if (tmp_cache)
- free(tmp_cache);
+ PFREE(tmp_cache);
if (pctx)
*pctx = ctx;
return rc;
@@ -408,7 +408,7 @@ Leash_changepwd_v5(char * principal, (result_string.length ? (sizeof(": ") - 1) : 0) +
result_string.length;
if (len && error_str) {
- *error_str = malloc(len + 1);
+ *error_str = PMALLOC(len + 1);
if (*error_str)
_snprintf(*error_str, len + 1,
"%.*s%s%.*s",
@@ -516,7 +516,7 @@ Leash_int_changepwd( if (v4_error_str)
len += sizeof(sep) + sizeof(v4_prefix) + strlen(v4_error_str) +
sizeof(sep);
- error_str = malloc(len + 1);
+ error_str = PMALLOC(len + 1);
if (error_str) {
char* p = error_str;
int size = len + 1;
@@ -1019,27 +1019,27 @@ not_an_API_LeashFreeTicketList(TicketList** ticketList) killList = tempList;
tempList = (TicketList*)tempList->next;
- free(killList->theTicket);
+ PFREE(killList->theTicket);
if (killList->tktEncType)
- free(killList->tktEncType);
+ PFREE(killList->tktEncType);
if (killList->keyEncType)
- free(killList->keyEncType);
+ PFREE(killList->keyEncType);
if (killList->addrCount) {
int n;
for ( n=0; n<killList->addrCount; n++) {
if (killList->addrList[n])
- free(killList->addrList[n]);
+ PFREE(killList->addrList[n]);
}
}
if (killList->addrList)
- free(killList->addrList);
+ PFREE(killList->addrList);
if (killList->name)
- free(killList->name);
+ PFREE(killList->name);
if (killList->inst)
- free(killList->inst);
+ PFREE(killList->inst);
if (killList->realm)
- free(killList->realm);
- free(killList);
+ PFREE(killList->realm);
+ PFREE(killList);
}
*ticketList = NULL;
diff --git a/src/windows/identity/plugins/krb5/krbconfig.csv b/src/windows/identity/plugins/krb5/krbconfig.csv index c577eec3b9..0059f0ab1a 100644 --- a/src/windows/identity/plugins/krb5/krbconfig.csv +++ b/src/windows/identity/plugins/krb5/krbconfig.csv @@ -6,7 +6,9 @@ Krb5Cred,KC_SPACE,0,Kerberos V Credentials Provider Flags,KC_INT32,0,
Parameters,KC_SPACE,0,Parameters for KrbCred
CreateMissingConfig,KC_INT32,0,Create missing configuration files
- MsLsaImport,KC_INT32,2,Automatically import MSLSA credentials
+ MsLsaImport,KC_INT32,1,Automatically import MSLSA credentials: 0-never 1-always 2-if principle matches
+ MsLsaList,KC_INT32,1,Include MSLSA in the credentials list
+ FileCCList,KC_STRING,,List of file CCaches to include in listing
AutoRenewTickets,KC_INT32,1,Automatically renew expiring tickets
DefaultLifetime,KC_INT32,36000,Default ticket lifetime
MaxLifetime,KC_INT32,86400,Maximum lifetime
@@ -20,6 +22,8 @@ Krb5Cred,KC_SPACE,0,Kerberos V Credentials Provider MinRenewLifetime,KC_INT32,60,Maximum renewable lifetime
LRURealms,KC_STRING,,
LRUPrincipals,KC_STRING,,
+ LastDefaultIdent,KC_STRING,,Last known default identity
+ DefaultCCName,KC_STRING,,Default CC name (only per identity)
PromptCache,KC_SPACE,0,Cache of prompts (only per identity)
Name,KC_STRING,,
Banner,KC_STRING,,
diff --git a/src/windows/identity/plugins/krb5/krbcred.h b/src/windows/identity/plugins/krb5/krbcred.h index 08978f11fd..7efc360a04 100644 --- a/src/windows/identity/plugins/krb5/krbcred.h +++ b/src/windows/identity/plugins/krb5/krbcred.h @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -41,6 +41,7 @@ #include<kconfig.h>
#include<khuidefs.h>
#include<kherr.h>
+#include<utils.h>
#include<krb5funcs.h>
#include<krb5common.h>
@@ -51,9 +52,16 @@ #include<datarep.h>
#include<krb5_msgs.h>
+typedef enum tag_k5_lsa_import {
+ K5_LSAIMPORT_NEVER = 0,
+ K5_LSAIMPORT_ALWAYS = 1,
+ K5_LSAIMPORT_MATCH = 2, /* only when the principal name matches */
+} k5_lsa_import;
+
#define TYPENAME_ENCTYPE L"EncType"
#define TYPENAME_ADDR_LIST L"AddrList"
#define TYPENAME_KRB5_FLAGS L"Krb5Flags"
+#define TYPENAME_KRB5_PRINC L"Krb5Principal"
#define ATTRNAME_KEY_ENCTYPE L"KeyEncType"
#define ATTRNAME_TKT_ENCTYPE L"TktEncType"
@@ -75,6 +83,9 @@ extern const wchar_t * k5_facility; extern khm_int32 type_id_enctype;
extern khm_int32 type_id_addr_list;
extern khm_int32 type_id_krb5_flags;
+extern khm_int32 type_id_krb5_princ;
+
+extern BOOL type_regd_krb5_princ;
extern khm_int32 attr_id_key_enctype;
extern khm_int32 attr_id_tkt_enctype;
@@ -89,9 +100,23 @@ extern khm_int32 attr_id_krb5_ccname; /* plugin constants */
#define KRB5_PLUGIN_NAME L"Krb5Cred"
+#define KRB5_IDENTPRO_NAME L"Krb5Ident"
#define KRB5_CREDTYPE_NAME L"Krb5Cred"
+/* limits */
+/* maximum number of characters in a realm name */
+#define K5_MAXCCH_REALM 256
+
+/* maximum number of characters in a host name */
+#define K5_MAXCCH_HOST 128
+
+/* maximum number of KDC's per realm */
+#define K5_MAX_KDC 64
+
+/* maximum number of domains that map to a realm */
+#define K5_MAX_DOMAIN_MAPPINGS 32
+
extern khm_handle csp_plugins;
extern khm_handle csp_krbcred;
extern khm_handle csp_params;
@@ -113,6 +138,7 @@ extern BOOL is_k5_identpro; /* plugin callbacks */
khm_int32 KHMAPI k5_msg_callback(khm_int32 msg_type, khm_int32 msg_subtype, khm_ui_4 uparam, void * vparam);
+khm_int32 KHMAPI k5_ident_callback(khm_int32 msg_type, khm_int32 msg_subtype, khm_ui_4 uparam, void * vparam);
/* kinit fiber */
typedef struct _fiber_job_t {
@@ -179,4 +205,22 @@ k5_register_config_panels(void); void
k5_unregister_config_panels(void);
+INT_PTR CALLBACK
+k5_ccconfig_dlgproc(HWND hwnd,
+ UINT uMsg,
+ WPARAM wParam,
+ LPARAM lParam);
+
+INT_PTR CALLBACK
+k5_id_tab_dlgproc(HWND hwndDlg,
+ UINT uMsg,
+ WPARAM wParam,
+ LPARAM lParam);
+
+INT_PTR CALLBACK
+k5_ids_tab_dlgproc(HWND hwnd,
+ UINT uMsg,
+ WPARAM wParam,
+ LPARAM lParam);
+
#endif
diff --git a/src/windows/identity/plugins/krb5/lang/en_us/langres.rc b/src/windows/identity/plugins/krb5/lang/en_us/langres.rc index 087b93e47c..d95c58d860 100644 --- a/src/windows/identity/plugins/krb5/lang/en_us/langres.rc +++ b/src/windows/identity/plugins/krb5/lang/en_us/langres.rc @@ -83,22 +83,14 @@ BEGIN LTEXT "Name",IDC_STATIC,7,7,19,8
LTEXT "Valid till",IDC_STATIC,7,39,24,8
LTEXT "Renewable till",IDC_STATIC,7,55,45,12
- CONTROL "Renewable",IDC_PPK5_CRENEW,"Button",BS_AUTOCHECKBOX |
- WS_DISABLED | WS_TABSTOP,31,125,51,10
- CONTROL "Forwardable",IDC_PPK5_CFORWARD,"Button",BS_AUTOCHECKBOX |
- WS_DISABLED | WS_TABSTOP,91,125,56,10
- CONTROL "Proxiable",IDC_PPK5_CPROXY,"Button",BS_AUTOCHECKBOX |
- WS_DISABLED | WS_TABSTOP,156,125,45,10
LTEXT "Issued on",IDC_STATIC,7,23,32,8
- GROUPBOX "Ticket flags",IDC_STATIC,7,108,221,41
- LTEXT "Static",IDC_PPK5_NAME,72,7,156,12,NOT WS_GROUP,
- WS_EX_CLIENTEDGE
- LTEXT "Static",IDC_PPK5_ISSUE,72,23,156,12,NOT WS_GROUP,
- WS_EX_CLIENTEDGE
- LTEXT "Static",IDC_PPK5_VALID,72,39,156,12,NOT WS_GROUP,
- WS_EX_CLIENTEDGE
- LTEXT "Static",IDC_PPK5_RENEW,72,55,156,12,NOT WS_GROUP,
- WS_EX_CLIENTEDGE
+ LTEXT "Ticket flags",IDC_STATIC,7,75,37,8
+ EDITTEXT IDC_PPK5_NAME,72,7,156,12,ES_AUTOHSCROLL | ES_READONLY
+ EDITTEXT IDC_PPK5_ISSUE,72,23,156,12,ES_AUTOHSCROLL | ES_READONLY
+ EDITTEXT IDC_PPK5_VALID,72,39,156,12,ES_AUTOHSCROLL | ES_READONLY
+ EDITTEXT IDC_PPK5_RENEW,72,55,156,12,ES_AUTOHSCROLL | ES_READONLY
+ LISTBOX IDC_PPK5_FLAGS,72,74,156,75,LBS_SORT |
+ LBS_NOINTEGRALHEIGHT | WS_VSCROLL | WS_TABSTOP
END
IDD_PP_KRB5 DIALOGEX 0, 0, 235, 156
@@ -137,14 +129,15 @@ BEGIN LTEXT "Default Realm",IDC_CFG_LBL_REALM,13,9,46,8
COMBOBOX IDC_CFG_DEFREALM,76,7,166,30,CBS_DROPDOWN | CBS_SORT |
WS_VSCROLL | WS_TABSTOP
- PUSHBUTTON "Configure Realms ...",IDC_CFG_CFGREALMS,76,25,84,14
+ PUSHBUTTON "Configure Realms ...",IDC_CFG_CFGREALMS,76,25,84,14,
+ WS_DISABLED
GROUPBOX "Keberos Configuration File",IDC_CFG_CFGFILEGRP,7,57,241,
48
LTEXT "Location",IDC_CFG_LBL_CFGFILE,13,71,28,8
EDITTEXT IDC_CFG_CFGFILE,76,68,119,14,ES_AUTOHSCROLL
PUSHBUTTON "Browse...",IDC_CFG_BROWSE,198,68,44,14
CONTROL "Create file if missing",IDC_CFG_CREATECONFIG,"Button",
- BS_AUTOCHECKBOX | WS_TABSTOP,76,89,80,10
+ BS_AUTOCHECKBOX | WS_DISABLED | WS_TABSTOP,76,89,80,10
GROUPBOX "Windows® Options",IDC_CFG_WINGRP,7,110,241,65
LTEXT "Hostname",IDC_CFG_LBL_HOSTNAME,13,123,33,8
EDITTEXT IDC_CFG_HOSTNAME,76,120,166,14,ES_AUTOHSCROLL |
@@ -153,7 +146,7 @@ BEGIN EDITTEXT IDC_CFG_DOMAIN,76,138,166,14,ES_AUTOHSCROLL |
ES_READONLY
LTEXT "Import tickets",IDC_LBL_IMPORT,13,158,45,8
- COMBOBOX IDC_CFG_IMPORT,76,156,166,30,CBS_DROPDOWNLIST | CBS_SORT |
+ COMBOBOX IDC_CFG_IMPORT,76,156,166,30,CBS_DROPDOWNLIST |
WS_VSCROLL | WS_TABSTOP
END
@@ -162,15 +155,17 @@ STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_SYSMENU EXSTYLE WS_EX_CONTROLPARENT
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- CONTROL "",IDC_CFG_REALMS,"SysListView32",LVS_ALIGNLEFT |
- WS_BORDER | WS_TABSTOP,7,19,81,148
- GROUPBOX "Servers",IDC_CFG_SERVERSGRP,93,7,155,91
- GROUPBOX "Domain/Hostname mappings",IDC_CFG_DOMAINGRP,93,101,155,
- 74
- CONTROL "",IDC_LIST3,"SysListView32",LVS_ALIGNLEFT | WS_BORDER |
- WS_TABSTOP,99,19,143,72
- CONTROL "",IDC_LIST4,"SysListView32",LVS_ALIGNLEFT | WS_BORDER |
- WS_TABSTOP,99,111,143,56
+ CONTROL "",IDC_CFG_REALMS,"SysListView32",LVS_REPORT |
+ LVS_SHOWSELALWAYS | LVS_SORTASCENDING | LVS_EDITLABELS |
+ LVS_ALIGNLEFT | LVS_NOCOLUMNHEADER | WS_TABSTOP,7,19,81,
+ 148
+ GROUPBOX "Kerberos Servers",IDC_CFG_SERVERSGRP,93,7,155,91
+ GROUPBOX "Domain mappings",IDC_CFG_DOMAINGRP,93,101,155,74
+ CONTROL "",IDC_CFG_KDC,"SysListView32",LVS_REPORT |
+ LVS_EDITLABELS | LVS_ALIGNLEFT | WS_TABSTOP,99,19,143,72
+ CONTROL "",IDC_CFG_DMAP,"SysListView32",LVS_REPORT |
+ LVS_EDITLABELS | LVS_ALIGNLEFT | WS_TABSTOP,99,111,143,
+ 56
END
IDD_CFG_IDS_TAB DIALOGEX 0, 0, 235, 151
@@ -197,6 +192,7 @@ END IDD_CFG_ID_TAB DIALOGEX 0, 0, 235, 151
STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_SYSMENU
+EXSTYLE WS_EX_CONTROLPARENT
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
LTEXT "Ticket lifetime",IDC_CFG_LBL_DEFLIFE,7,10,44,8
@@ -222,6 +218,25 @@ BEGIN 43,112,16,BS_NOTIFY | WS_DISABLED
END
+IDD_CFG_CACHES DIALOGEX 0, 0, 255, 182
+STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_SYSMENU
+EXSTYLE WS_EX_CONTROLPARENT
+FONT 8, "MS Shell Dlg", 400, 0, 0x1
+BEGIN
+ GROUPBOX "File Caches",IDC_CFG_FCGRP,7,38,241,137
+ CONTROL "",IDC_CFG_FCLIST,"SysListView32",LVS_REPORT |
+ LVS_SORTASCENDING | LVS_ALIGNLEFT | WS_BORDER |
+ WS_TABSTOP,13,48,229,86
+ EDITTEXT IDC_CFG_FCNAME,13,139,173,14,ES_AUTOHSCROLL
+ PUSHBUTTON "&Browse ...",IDC_CFG_BROWSE,192,139,50,14
+ PUSHBUTTON "Add",IDC_CFG_ADD,13,156,50,14
+ PUSHBUTTON "Remove Selected",IDC_CFG_REMOVE,88,156,80,14
+ CHECKBOX "Include all API: credentials caches",IDC_CFG_INCAPI,13,
+ 7,125,10
+ CONTROL "Include Windows LSA cache (MSLSA:)",IDC_CFG_INCMSLSA,
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,13,22,136,10
+END
+
/////////////////////////////////////////////////////////////////////////////
//
@@ -306,12 +321,36 @@ BEGIN TOPMARGIN, 7
BOTTOMMARGIN, 159
END
+
+ IDD_CFG_CACHES, DIALOG
+ BEGIN
+ LEFTMARGIN, 7
+ RIGHTMARGIN, 248
+ VERTGUIDE, 7
+ VERTGUIDE, 13
+ VERTGUIDE, 242
+ TOPMARGIN, 7
+ BOTTOMMARGIN, 175
+ END
END
#endif // APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
+// Icon
+//
+
+// Icon with lowest ID value placed first to ensure application icon
+// remains consistent on all systems.
+IDI_PLUGIN ICON "..\\..\\images\\krb5plugin.ico"
+IDI_DELETED ICON "..\\..\\images\\deleted.ico"
+IDI_NEW ICON "..\\..\\images\\new.ico"
+IDI_NORMAL ICON "..\\..\\images\\normal.ico"
+IDI_MODIFIED ICON "..\\..\\images\\modified.ico"
+
+/////////////////////////////////////////////////////////////////////////////
+//
// String Table
//
@@ -386,7 +425,61 @@ BEGIN IDS_NC_PWD_NPWD_AGAIN "New Password again"
IDS_KRB5_CREDTEXT_P0 "<p><a id=""SwitchPanel"" param=""Krb5Cred""><b>Krb5</b></a><tab>: Changing password for %s</p>"
IDS_K5CFG_IMPORT_OPTIONS
- "Never\000Always\000Only when the principal name matches\000 \000"
+ "Never\000Always\000Only when the principal name matches\000 "
+ IDS_IDENTPRO_DESC "Kerberos 5 Identity Provider"
+ IDS_K5CCC_SHORT_DESC "Credentials Caches"
+END
+
+STRINGTABLE
+BEGIN
+ IDS_K5CCC_LONG_DESC "Kerberos 5 Credentials Caches"
+ IDS_CFG_FCTITLE "File based Credential Caches"
+ IDS_CFG_FCN_WARNING "Warning:"
+ IDS_CFG_FCN_W_NOTFOUND "The credentials cache you specified does not exist."
+ IDS_CFG_FCN_W_RELATIVE "The path you specified not an absolute path."
+ IDS_CFG_FCOPENTITLE "Select a credential cache to add"
+ IDS_UNAVAILABLE "(Not available)"
+ IDS_FLG_FORWARDABLE "Forwardable"
+ IDS_FLG_FORWARDED "Forwarded"
+ IDS_FLG_PROXIABLE "Proxiable"
+ IDS_FLG_PROXY "Proxy"
+ IDS_FLG_MAY_POSTDATE "May postdate"
+ IDS_FLG_POSTDATED "Postdated"
+ IDS_FLG_INVALID "Invalid"
+ IDS_FLG_RENEWABLE "Renewable"
+ IDS_FLG_INITIAL "Initial"
+END
+
+STRINGTABLE
+BEGIN
+ IDS_FLG_PRE_AUTH "Pre-authenticated"
+ IDS_FLG_HW_AUTH "Hardware authentication"
+ IDS_FLG_TRANSIT_POL "Transit policy checked"
+ IDS_FLG_OK_DELEGATE "Approved for delegation"
+ IDS_FLG_ANONYMOUS "Anonymous"
+ IDS_K5ERR_CANTWRITEPROFILE
+ "The Kerberos 5 profile file could not be written"
+ IDS_K5ERR_PROFNOWRITE "The file %s could not be opened as a profile file for writing."
+ IDS_K5ERR_PROFUSETEMP "The file %s could not be opened for writing. The current changes will be saved to %s temporarily."
+ IDS_K5ERR_PROFSUGGEST "This may be due to not having privileges to modify the configuration file. Please contact your system administrator to resolve the issue."
+ IDS_CFG_RE_REALMS "Kerberos Realms"
+ IDS_CFG_RE_KDCS "Kerberos Servers"
+ IDS_CFG_RE_DMAPS "Domain mappings"
+ IDS_CFG_RE_KDCS_R "Kerberos Servers for %s"
+ IDS_CFG_RE_DMAPS_R "Domains that map to %s"
+ IDS_CFG_RE_HEAD_SVR "Server"
+ IDS_CFG_RE_HEAD_ADMIN "Admin"
+END
+
+STRINGTABLE
+BEGIN
+ IDS_CFG_RE_HEAD_MASTER "Master"
+ IDS_CFG_RE_HEAD_DOMAIN "Domain"
+ IDS_CFG_RE_NEWREALM "<New realm...>"
+ IDS_YES "Yes"
+ IDS_NO "No"
+ IDS_CFG_RE_NEWSERVER "<New server...>"
+ IDS_CFG_RE_NEWDMAP "<New domain mapping...>"
END
#endif // English (U.S.) resources
diff --git a/src/windows/identity/plugins/krb5/langres.h b/src/windows/identity/plugins/krb5/langres.h index 87f74f547a..52adc34e3f 100644 --- a/src/windows/identity/plugins/krb5/langres.h +++ b/src/windows/identity/plugins/krb5/langres.h @@ -1,6 +1,6 @@ //{{NO_DEPENDENCIES}}
// Microsoft Visual C++ generated include file.
-// Used by D:\work\khimaira\src\plugins\krb5\lang\en_us\langres.rc
+// Used by D:\work\pismere\athena\auth\krb5\src\windows\identity\plugins\krb5\lang\en_us\langres.rc
//
#define IDS_UNK_ADDR_FMT 101
#define IDD_NC_KRB5 102
@@ -21,11 +21,17 @@ #define IDS_ETYPE_NULL 110
#define IDD_NC_KRB5_PASSWORD 110
#define IDS_ETYPE_DES_CBC_CRC 111
+#define IDD_CFG_CACHES 111
#define IDS_ETYPE_DES_CBC_MD4 112
+#define IDI_PLUGIN 112
#define IDS_ETYPE_DES_CBC_MD5 113
+#define IDI_DELETED 113
#define IDS_ETYPE_DES_CBC_RAW 114
+#define IDI_NEW 114
#define IDS_ETYPE_DES3_CBC_SHA 115
+#define IDI_NORMAL 115
#define IDS_ETYPE_DES3_CBC_RAW 116
+#define IDI_MODIFIED 116
#define IDS_ETYPE_DES_HMAC_SHA1 117
#define IDS_ETYPE_DES3_CBC_SHA1 118
#define IDS_ETYPE_AES128_CTS_HMAC_SHA1_96 119
@@ -67,6 +73,47 @@ #define IDS_NC_PWD_NPWD_AGAIN 155
#define IDS_KRB5_CREDTEXT_P0 156
#define IDS_K5CFG_IMPORT_OPTIONS 157
+#define IDS_IDENTPRO_DESC 158
+#define IDS_K5CCC_SHORT_DESC 159
+#define IDS_K5CCC_LONG_DESC 160
+#define IDS_CFG_FCTITLE 161
+#define IDS_CFG_FCN_WARNING 162
+#define IDS_CFG_FCN_W_NOTFOUND 163
+#define IDS_CFG_FCN_W_RELATIVE 164
+#define IDS_CFG_FCOPENTITLE 165
+#define IDS_UNAVAILABLE 166
+#define IDS_FLG_FORWARDABLE 167
+#define IDS_FLG_FORWARDED 168
+#define IDS_FLG_PROXIABLE 169
+#define IDS_FLG_PROXY 170
+#define IDS_FLG_MAY_POSTDATE 171
+#define IDS_FLG_POSTDATED 172
+#define IDS_FLG_INVALID 173
+#define IDS_FLG_RENEWABLE 174
+#define IDS_FLG_INITIAL 175
+#define IDS_FLG_PRE_AUTH 176
+#define IDS_FLG_HW_AUTH 177
+#define IDS_FLG_TRANSIT_POL 178
+#define IDS_FLG_OK_DELEGATE 179
+#define IDS_FLG_ANONYMOUS 180
+#define IDS_K5ERR_CANTWRITEPROFILE 181
+#define IDS_K5ERR_PROFNOWRITE 182
+#define IDS_K5ERR_PROFUSETEMP 183
+#define IDS_K5ERR_PROFSUGGEST 184
+#define IDS_CFG_RE_REALMS 185
+#define IDS_CFG_RE_KDCS 186
+#define IDS_CFG_RE_DMAPS 187
+#define IDS_CFG_RE_KDCS_R 188
+#define IDS_CFG_RE_DMAPS_R 189
+#define IDS_CFG_RE_HEAD_SVR 190
+#define IDS_CFG_RE_HEAD_ADMIN 191
+#define IDS_CFG_RE_HEAD_MASTER 192
+#define IDS_CFG_RE_HEAD_DOMAIN 193
+#define IDS_CFG_RE_NEWREALM 194
+#define IDS_YES 195
+#define IDS_NO 196
+#define IDS_CFG_RE_NEWSERVER 197
+#define IDS_CFG_RE_NEWDMAP 198
#define IDC_NCK5_RENEWABLE 1002
#define IDC_NCK5_FORWARDABLE 1004
#define IDC_NCK5_REALM 1005
@@ -103,7 +150,9 @@ #define IDC_CFG_DOMAINGRP 1045
#define IDC_CFG_SERVERSGRP 1046
#define IDC_LIST3 1047
+#define IDC_CFG_KDC 1047
#define IDC_LIST4 1048
+#define IDC_CFG_DMAP 1048
#define IDC_CFG_LBL_DEFLIFE 1049
#define IDC_CFG_DEFLIFE 1050
#define IDC_CFG_LBL_DEFRLIFE 1051
@@ -114,14 +163,22 @@ #define IDC_CFG_RLRNG_MIN 1056
#define IDC_CFG_RLRNG_MAX 1057
#define IDC_CFG_CCACHE 1058
+#define IDC_CFG_FCGRP 1059
+#define IDC_CFG_FCLIST 1060
+#define IDC_CFG_FCNAME 1062
+#define IDC_CFG_ADD 1064
+#define IDC_CFG_REMOVE 1065
+#define IDC_CFG_INCAPI 1066
+#define IDC_CFG_INCMSLSA 1067
+#define IDC_PPK5_FLAGS 1072
// Next default values for new objects
//
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
-#define _APS_NEXT_RESOURCE_VALUE 111
+#define _APS_NEXT_RESOURCE_VALUE 117
#define _APS_NEXT_COMMAND_VALUE 40001
-#define _APS_NEXT_CONTROL_VALUE 1059
+#define _APS_NEXT_CONTROL_VALUE 1073
#define _APS_NEXT_SYMED_VALUE 101
#endif
#endif
diff --git a/src/windows/identity/plugins/krb5/version.rc b/src/windows/identity/plugins/krb5/version.rc new file mode 100644 index 0000000000..10b16dd293 --- /dev/null +++ b/src/windows/identity/plugins/krb5/version.rc @@ -0,0 +1,64 @@ +/* Copyright (c) 2004 Massachusetts Institute of Technology
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use, copy,
+ * modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ *
+ */
+
+/* $Id$ */
+
+#include<netidmgr_intver.h>
+
+1 VERSIONINFO
+ FILEVERSION KH_VERSION_LIST
+ PRODUCTVERSION KH_VERSION_LIST
+ FILEFLAGSMASK KH_VER_FILEFLAGMASK
+ FILEFLAGS KH_VER_FILEFLAGS
+ FILEOS KH_VER_FILEOS
+ FILETYPE KH_VER_FILETYPEDLL
+ FILESUBTYPE 0
+ {
+ BLOCK "StringFileInfo"
+ {
+ BLOCK "040904b0"
+ {
+ VALUE "CompanyName", KH_VERSTR_COMPANY_1033
+ VALUE "FileDescription", "Kerberos 5 plugin for NetIDMgr"
+ VALUE "FileVersion", KH_VERSTR_VERSION_1033
+ VALUE "InternalName", "krb5cred"
+ VALUE "LegalCopyright", KH_VERSTR_COPYRIGHT_1033
+ VALUE "OriginalFilename", "krb5cred.dll"
+ VALUE "ProductName", "NetIDMgr"
+ VALUE "ProductVersion", KH_VERSTR_PRODUCT_1033
+#ifdef KH_VERSTR_COMMENT_1033
+ VALUE "Comment", KH_VERSTR_COMMENT_1033
+#endif
+ VALUE NIMV_MODULE, "MITKrb5"
+ VALUE NIMV_PLUGINS, "Krb5Cred,Krb5Ident"
+ VALUE NIMV_APIVER, KH_VERSION_STRINGAPI
+ VALUE NIMV_SUPPORT, "http://web.mit.edu/kerberos"
+ }
+ }
+
+ BLOCK "VarFileInfo"
+ {
+ VALUE "Translation", 0x409, 0x4b0
+ }
+ }
|