diff options
| author | Alexandra Ellwood <lxs@mit.edu> | 2008-09-27 00:46:39 +0000 |
|---|---|---|
| committer | Alexandra Ellwood <lxs@mit.edu> | 2008-09-27 00:46:39 +0000 |
| commit | 06847c646f5630878d6f28025993cee57f2839a8 (patch) | |
| tree | c853a823d1cdc5b7bd7cf0bacac3e2aaff3d275d /src/kim/lib | |
| parent | f0098982775d44d490bae733f386a5432e712a8e (diff) | |
| download | krb5-06847c646f5630878d6f28025993cee57f2839a8.tar.gz krb5-06847c646f5630878d6f28025993cee57f2839a8.tar.xz krb5-06847c646f5630878d6f28025993cee57f2839a8.zip | |
KerberosAgent MachIPC support
ticket: 6055
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20763 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kim/lib')
| -rw-r--r-- | src/kim/lib/kim-lite.exports | 1 | ||||
| -rw-r--r-- | src/kim/lib/kim.exports | 1 | ||||
| -rw-r--r-- | src/kim/lib/kim_identity.c | 4 | ||||
| -rw-r--r-- | src/kim/lib/kim_identity_private.h | 3 | ||||
| -rw-r--r-- | src/kim/lib/kim_selection_hints.c | 22 | ||||
| -rw-r--r-- | src/kim/lib/kim_selection_hints_private.h | 2 | ||||
| -rw-r--r-- | src/kim/lib/kim_string_private.h | 8 | ||||
| -rw-r--r-- | src/kim/lib/kim_ui.c | 6 | ||||
| -rw-r--r-- | src/kim/lib/kim_ui_cli.c | 29 | ||||
| -rw-r--r-- | src/kim/lib/mac/kim_os_ui_gui.c | 324 |
10 files changed, 356 insertions, 44 deletions
diff --git a/src/kim/lib/kim-lite.exports b/src/kim/lib/kim-lite.exports index b548cfc24..27db51926 100644 --- a/src/kim/lib/kim-lite.exports +++ b/src/kim/lib/kim-lite.exports @@ -12,6 +12,7 @@ kim_identity_get_string kim_identity_get_display_string kim_identity_get_realm kim_identity_get_number_of_components +kim_identity_get_components kim_identity_get_component_at_index kim_identity_get_krb5_principal kim_identity_change_password diff --git a/src/kim/lib/kim.exports b/src/kim/lib/kim.exports index a41f48109..126ed9879 100644 --- a/src/kim/lib/kim.exports +++ b/src/kim/lib/kim.exports @@ -13,6 +13,7 @@ kim_identity_get_display_string kim_identity_get_realm kim_identity_get_number_of_components kim_identity_get_component_at_index +kim_identity_get_components kim_identity_get_krb5_principal kim_identity_change_password kim_identity_free diff --git a/src/kim/lib/kim_identity.c b/src/kim/lib/kim_identity.c index 1308c3d7a..333067bc5 100644 --- a/src/kim/lib/kim_identity.c +++ b/src/kim/lib/kim_identity.c @@ -598,7 +598,7 @@ static kim_error kim_identity_change_password_with_credential (kim_identity i message_data.length); } else { err = kim_os_string_create_localized (&rejected_message, - "KLStringChangePasswordFailed"); + "Kerberos Change Password Failed:"); } if (!err) { @@ -608,7 +608,7 @@ static kim_error kim_identity_change_password_with_credential (kim_identity i description_data.length); } else { err = kim_os_string_create_localized (&rejected_description, - "KLStringPasswordRejected"); + "New password rejected."); } } diff --git a/src/kim/lib/kim_identity_private.h b/src/kim/lib/kim_identity_private.h index 44f8c631d..4b1adeb48 100644 --- a/src/kim/lib/kim_identity_private.h +++ b/src/kim/lib/kim_identity_private.h @@ -31,9 +31,6 @@ #include "kim_library_private.h" #include "kim_ui_private.h" -kim_error kim_identity_get_components (kim_identity in_identity, - kim_string *out_components); - kim_error kim_identity_is_tgt_service (kim_identity in_identity, kim_boolean *out_is_tgt_service); diff --git a/src/kim/lib/kim_selection_hints.c b/src/kim/lib/kim_selection_hints.c index a4d7d666a..6903afb86 100644 --- a/src/kim/lib/kim_selection_hints.c +++ b/src/kim/lib/kim_selection_hints.c @@ -314,6 +314,28 @@ kim_error kim_selection_hints_get_explanation (kim_selection_hints in_selection /* ------------------------------------------------------------------------ */ +kim_error kim_selection_hints_get_application_id (kim_selection_hints in_selection_hints, + kim_string *out_application_id) +{ + kim_error err = KIM_NO_ERROR; + + if (!err && !in_selection_hints) { err = check_error (KIM_NULL_PARAMETER_ERR); } + if (!err && !out_application_id) { err = check_error (KIM_NULL_PARAMETER_ERR); } + + if (!err) { + if (in_selection_hints->application_identifier) { + err = kim_string_copy (out_application_id, + in_selection_hints->application_identifier); + } else { + *out_application_id = NULL; + } + } + + return check_error (err); +} + +/* ------------------------------------------------------------------------ */ + kim_error kim_selection_hints_set_options (kim_selection_hints io_selection_hints, kim_options in_options) { diff --git a/src/kim/lib/kim_selection_hints_private.h b/src/kim/lib/kim_selection_hints_private.h index 9a59ba4f1..34694893e 100644 --- a/src/kim/lib/kim_selection_hints_private.h +++ b/src/kim/lib/kim_selection_hints_private.h @@ -39,6 +39,8 @@ typedef struct kim_selection_hints_preference_strings { kim_string server; } kim_selection_hints_preference_strings; +kim_error kim_selection_hints_get_application_id (kim_selection_hints in_selection_hints, + kim_string *out_application_id); kim_error kim_selection_hints_get_preference_strings (kim_selection_hints in_selection_hints, kim_selection_hints_preference_strings *io_preference_strings); diff --git a/src/kim/lib/kim_string_private.h b/src/kim/lib/kim_string_private.h index 4b1cc1839..9ee4846c2 100644 --- a/src/kim/lib/kim_string_private.h +++ b/src/kim/lib/kim_string_private.h @@ -29,6 +29,14 @@ #include <kim/kim.h> +/* ------------------------------------------------------------------------ */ + +static inline kim_count kim_string_buflen (kim_string in_string) +{ + return in_string ? strlen (in_string) + 1 : 0; +} + +/* ------------------------------------------------------------------------ */ kim_error kim_string_create_from_format (kim_string *out_string, kim_string in_format, diff --git a/src/kim/lib/kim_ui.c b/src/kim/lib/kim_ui.c index 5060fb049..819efbf5b 100644 --- a/src/kim/lib/kim_ui.c +++ b/src/kim/lib/kim_ui.c @@ -343,17 +343,17 @@ kim_error kim_ui_handle_kim_error (kim_ui_context *in_context, switch (in_type) { case kim_ui_error_type_authentication: - key = "KLStringLoginFailed"; + key = "Kerberos Login Failed:"; break; case kim_ui_error_type_change_password: - key = "KLStringChangePasswordFailed"; + key = "Kerberos Change Password Failed:"; break; case kim_ui_error_type_selection: case kim_ui_error_type_generic: default: - key = "KLStringKerberosOperationFailed"; + key = "Kerberos Operation Failed:"; break; } diff --git a/src/kim/lib/kim_ui_cli.c b/src/kim/lib/kim_ui_cli.c index 0b0188854..f26e32882 100644 --- a/src/kim/lib/kim_ui_cli.c +++ b/src/kim/lib/kim_ui_cli.c @@ -111,7 +111,7 @@ kim_error kim_ui_cli_enter_identity (kim_ui_context *in_context, if (!err) { err = kim_os_string_create_localized (&enter_identity_string, - "KLStringEnterPrincipal"); + "Please enter your Kerberos identity"); } if (!err) { @@ -170,7 +170,7 @@ kim_error kim_ui_cli_auth_prompt (kim_ui_context *in_context, kim_string identity_string = NULL; err = kim_os_string_create_localized (&enter_password_format, - "KLStringEnterPassword"); + "Please enter the password for %s"); if (!err) { err = kim_identity_get_display_string (in_identity, @@ -234,35 +234,26 @@ static kim_error kim_ui_cli_ask_change_password (kim_string in_identity_string) if (!err) { err = kim_os_string_create_localized (&ask_change_password, - "KLStringPasswordExpired"); + "Your password has expired, would you like to change it? (yes/no)"); } if (!err) { - err = kim_os_string_create_localized (&answer_options, - "KLStringYesOrNoAnswerOptions"); + err = kim_os_string_create_localized (&yes, "yes"); } if (!err) { - err = kim_os_string_create_localized (&yes, - "KLStringYes"); - } - - if (!err) { - err = kim_os_string_create_localized (&no, - "KLStringNo"); + err = kim_os_string_create_localized (&no, "no"); } if (!err) { err = kim_os_string_create_localized (&unknown_response, - "KLStringUnknownResponse"); + "%s is not a response I understand. Please try again."); } while (!err && !done) { kim_string answer = NULL; - err = kim_ui_cli_read_string (&answer, - 0, "%s %s", - ask_change_password, answer_options); + err = kim_ui_cli_read_string (&answer, 0, ask_change_password); if (!err) { err = kim_os_string_compare (answer, no, @@ -335,17 +326,17 @@ kim_error kim_ui_cli_change_password (kim_ui_context *in_context, if (!err) { err = kim_os_string_create_localized (&enter_old_password_format, - "KLStringEnterOldPassword"); + "Please enter the old password for %s"); } if (!err) { err = kim_os_string_create_localized (&enter_new_password_format, - "KLStringEnterNewPassword"); + "Please enter the new password for %s"); } if (!err) { err = kim_os_string_create_localized (&enter_verify_password_format, - "KLStringEnterVerifyPassword"); + "Verifying, please re-enter the new password for %s again"); } while (!err && !done) { diff --git a/src/kim/lib/mac/kim_os_ui_gui.c b/src/kim/lib/mac/kim_os_ui_gui.c index 184558439..4f629105d 100644 --- a/src/kim/lib/mac/kim_os_ui_gui.c +++ b/src/kim/lib/mac/kim_os_ui_gui.c @@ -41,7 +41,6 @@ struct kim_ui_gui_context { mach_port_t port; }; - /* ------------------------------------------------------------------------ */ static void kim_os_ui_gui_context_free (kim_ui_gui_context *io_context) @@ -86,6 +85,7 @@ kim_error kim_os_ui_gui_init (kim_ui_context *io_context) { kim_error err = KIM_NO_ERROR; kim_ui_gui_context context = NULL; + kim_string name = NULL; kim_string path = NULL; if (!err && !io_context) { err = check_error (KIM_NULL_PARAMETER_ERR); } @@ -95,29 +95,27 @@ kim_error kim_os_ui_gui_init (kim_ui_context *io_context) } if (!err) { - err = kipc_client_lookup_server (kim_os_agent_bundle_id, - 1 /* launch */, - 0 /* don't use cached port */, - &context->port); + err = kim_library_get_application_name (&name); } if (!err) { err = kim_os_library_get_application_path (&path); } + + if (!err) { + err = kipc_client_lookup_server (kim_os_agent_bundle_id, + 1 /* launch */, + 0 /* don't use cached port */, + &context->port); + } if (!err) { - kim_mipc_in_string application_name = NULL; - mach_msg_type_number_t application_name_len = 0; - kim_mipc_in_string application_path = path; - mach_msg_type_number_t application_path_len = strlen (path) + 1; kim_mipc_error result = 0; err = kim_mipc_cli_init (context->port, mach_task_self (), - application_name, - application_name_len, - application_path, - application_path_len, + name, kim_string_buflen (name), + path, kim_string_buflen (path), &result); if (!err) { err = check_error (result); } } @@ -127,6 +125,7 @@ kim_error kim_os_ui_gui_init (kim_ui_context *io_context) context = NULL; } + kim_string_free (&name); kim_string_free (&path); kim_os_ui_gui_context_free (&context); @@ -139,16 +138,30 @@ kim_error kim_os_ui_gui_enter_identity (kim_ui_context *in_context, kim_identity *out_identity) { kim_error err = KIM_NO_ERROR; + kim_mipc_out_string identity = NULL; + mach_msg_type_number_t identity_len = 0; if (!err && !in_context ) { err = check_error (KIM_NULL_PARAMETER_ERR); } if (!err && !out_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); } if (!err) { kim_ui_gui_context context = (kim_ui_gui_context) in_context->tcontext; - - + kim_mipc_error result = 0; + + err = kim_mipc_cli_enter_identity (context->port, + &identity, + &identity_len, + &result); + if (!err) { err = check_error (result); } + } + + if (!err) { + err = kim_identity_create_from_string (out_identity, identity); } + if (identity) { vm_deallocate (mach_task_self (), + (vm_address_t) identity, identity_len); } + return check_error (err); } @@ -159,16 +172,176 @@ kim_error kim_os_ui_gui_select_identity (kim_ui_context *in_context, kim_identity *out_identity) { kim_error err = KIM_NO_ERROR; - + kim_options options = NULL; + kim_time start_time = 0; + kim_lifetime lifetime; + kim_boolean renewable; + kim_lifetime renewal_lifetime; + kim_boolean forwardable; + kim_boolean proxiable; + kim_boolean addressless; + kim_string service_name = NULL; + kim_string application_id = NULL; + kim_string explanation = NULL; + kim_string service_identity_hint = NULL; + kim_string client_realm_hint = NULL; + kim_string user_hint = NULL; + kim_string service_realm_hint = NULL; + kim_string service_hint = NULL; + kim_string server_hint = NULL; + kim_mipc_out_string identity = NULL; + mach_msg_type_number_t identity_len = 0; + if (!err && !in_context ) { err = check_error (KIM_NULL_PARAMETER_ERR); } if (!err && !in_hints ) { err = check_error (KIM_NULL_PARAMETER_ERR); } if (!err && !out_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); } if (!err) { + err = kim_selection_hints_get_options (in_hints, &options); + + if (!err && !options) { + err = kim_options_create (&options); + } + } + + if (!err) { + err = kim_options_get_start_time (options, &start_time); + } + + if (!err) { + err = kim_options_get_lifetime (options, &lifetime); + } + + if (!err) { + err = kim_options_get_renewable (options, &renewable); + } + + if (!err) { + err = kim_options_get_renewal_lifetime (options, &renewal_lifetime); + } + + if (!err) { + err = kim_options_get_forwardable (options, &forwardable); + } + + if (!err) { + err = kim_options_get_proxiable (options, &proxiable); + } + + if (!err) { + err = kim_options_get_addressless (options, &addressless); + } + + if (!err) { + err = kim_options_get_service_name (options, &service_name); + } + + if (!err) { + err = kim_selection_hints_get_explanation (in_hints, &explanation); + } + + if (!err) { + err = kim_selection_hints_get_application_id (in_hints, &application_id); + } + + if (!err) { + err = kim_selection_hints_get_hint (in_hints, + kim_hint_key_service_identity, + &service_identity_hint); + } + + if (!err) { + err = kim_selection_hints_get_hint (in_hints, + kim_hint_key_client_realm, + &client_realm_hint); + } + + if (!err) { + err = kim_selection_hints_get_hint (in_hints, + kim_hint_key_user, + &user_hint); + } + + if (!err) { + err = kim_selection_hints_get_hint (in_hints, + kim_hint_key_service_realm, + &service_realm_hint); + } + + if (!err) { + err = kim_selection_hints_get_hint (in_hints, + kim_hint_key_service, + &service_hint); + } + + if (!err) { + err = kim_selection_hints_get_hint (in_hints, + kim_hint_key_server, + &server_hint); + } + + if (!err) { kim_ui_gui_context context = (kim_ui_gui_context) in_context->tcontext; + kim_mipc_error result = 0; + err = kim_mipc_cli_select_identity (context->port, + application_id, + kim_string_buflen (application_id), + explanation, + kim_string_buflen (explanation), + + start_time, + lifetime, + renewable, + renewal_lifetime, + forwardable, + proxiable, + addressless, + service_name, + kim_string_buflen (service_name), + + service_identity_hint, + kim_string_buflen (service_identity_hint), + + client_realm_hint, + kim_string_buflen (client_realm_hint), + + user_hint, + kim_string_buflen (user_hint), + + service_realm_hint, + kim_string_buflen (service_realm_hint), + + service_hint, + kim_string_buflen (service_hint), + + server_hint, + kim_string_buflen (server_hint), + + &identity, + &identity_len, + &result); + if (!err) { err = check_error (result); } + } + + if (!err) { + err = kim_identity_create_from_string (out_identity, identity); } + if (identity) { vm_deallocate (mach_task_self (), + (vm_address_t) identity, identity_len); } + + kim_string_free (&application_id); + kim_string_free (&explanation); + kim_string_free (&service_name); + kim_string_free (&service_identity_hint); + kim_string_free (&client_realm_hint); + kim_string_free (&user_hint); + kim_string_free (&service_realm_hint); + kim_string_free (&service_hint); + kim_string_free (&server_hint); + kim_options_free (&options); + return check_error (err); } @@ -184,6 +357,9 @@ kim_error kim_os_ui_gui_auth_prompt (kim_ui_context *in_context, char **out_reply) { kim_error err = KIM_NO_ERROR; + kim_string identity_string = NULL; + kim_mipc_out_string reply = NULL; + mach_msg_type_number_t reply_len = 0; if (!err && !in_context ) { err = check_error (KIM_NULL_PARAMETER_ERR); } if (!err && !in_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); } @@ -191,10 +367,37 @@ kim_error kim_os_ui_gui_auth_prompt (kim_ui_context *in_context, /* in_title, in_message or in_description may be NULL */ if (!err) { + err = kim_identity_get_string (in_identity, &identity_string); + } + + if (!err) { kim_ui_gui_context context = (kim_ui_gui_context) in_context->tcontext; - + kim_mipc_error result = 0; + + err = kim_mipc_cli_auth_prompt (context->port, + identity_string, + kim_string_buflen (identity_string), + in_type, + in_hide_reply, + in_title, + kim_string_buflen (in_title), + in_message, + kim_string_buflen (in_message), + in_description, + kim_string_buflen (in_description), + &reply, + &reply_len, + &result); + if (!err) { err = check_error (result); } + } + + if (!err) { + err = kim_string_copy ((kim_string *) out_reply, reply); } + if (reply) { vm_deallocate (mach_task_self (), (vm_address_t) reply, reply_len); } + kim_string_free (&identity_string); + return check_error (err); } @@ -208,7 +411,19 @@ kim_error kim_os_ui_gui_change_password (kim_ui_context *in_context, char **out_verify_password) { kim_error err = KIM_NO_ERROR; + kim_string identity_string = NULL; + + kim_mipc_out_string old_password_buf = NULL; + mach_msg_type_number_t old_password_len = 0; + kim_mipc_out_string new_password_buf = NULL; + mach_msg_type_number_t new_password_len = 0; + kim_mipc_out_string verify_password_buf = NULL; + mach_msg_type_number_t verify_password_len = 0; + kim_string old_password = NULL; + kim_string new_password = NULL; + kim_string verify_password = NULL; + if (!err && !in_context ) { err = check_error (KIM_NULL_PARAMETER_ERR); } if (!err && !in_identity ) { err = check_error (KIM_NULL_PARAMETER_ERR); } if (!err && !out_old_password ) { err = check_error (KIM_NULL_PARAMETER_ERR); } @@ -216,10 +431,62 @@ kim_error kim_os_ui_gui_change_password (kim_ui_context *in_context, if (!err && !out_verify_password) { err = check_error (KIM_NULL_PARAMETER_ERR); } if (!err) { + err = kim_identity_get_string (in_identity, &identity_string); + } + + if (!err) { kim_ui_gui_context context = (kim_ui_gui_context) in_context->tcontext; + kim_mipc_error result = 0; + err = kim_mipc_cli_change_password (context->port, + identity_string, + kim_string_buflen (identity_string), + in_old_password_expired, + &old_password_buf, + &old_password_len, + &new_password_buf, + &new_password_len, + &verify_password_buf, + &verify_password_len, + &result); + if (!err) { err = check_error (result); } + } + + if (!err) { + err = kim_string_copy (&old_password, old_password_buf); + } + + if (!err) { + err = kim_string_copy (&new_password, new_password_buf); + } + + if (!err) { + err = kim_string_copy (&verify_password, verify_password_buf); + } + + if (!err) { + *out_old_password = (char *) old_password; + old_password = NULL; + *out_new_password = (char *) new_password; + new_password = NULL; + *out_verify_password = (char *) verify_password; + verify_password = NULL; } + if (old_password_buf) { vm_deallocate (mach_task_self (), + (vm_address_t) old_password_buf, + old_password_len); } + if (new_password_buf) { vm_deallocate (mach_task_self (), + (vm_address_t) new_password_buf, + new_password_len); } + if (verify_password_buf) { vm_deallocate (mach_task_self (), + (vm_address_t) verify_password_buf, + verify_password_len); } + kim_string_free (&identity_string); + kim_string_free (&old_password); + kim_string_free (&new_password); + kim_string_free (&verify_password); + return check_error (err); } @@ -232,16 +499,34 @@ kim_error kim_os_ui_gui_handle_error (kim_ui_context *in_context, kim_string in_error_description) { kim_error err = KIM_NO_ERROR; + kim_string identity_string = NULL; if (!err && !in_context ) { err = check_error (KIM_NULL_PARAMETER_ERR); } if (!err && !in_error_message ) { err = check_error (KIM_NULL_PARAMETER_ERR); } if (!err && !in_error_description) { err = check_error (KIM_NULL_PARAMETER_ERR); } if (!err) { + err = kim_identity_get_string (in_identity, &identity_string); + } + + if (!err) { kim_ui_gui_context context = (kim_ui_gui_context) in_context->tcontext; + kim_mipc_error result = 0; + err = kim_mipc_cli_handle_error (context->port, + identity_string, + kim_string_buflen (identity_string), + in_error, + in_error_message, + kim_string_buflen (in_error_message), + in_error_description, + kim_string_buflen (in_error_description), + &result); + if (!err) { err = check_error (result); } } + kim_string_free (&identity_string); + return check_error (err); } @@ -263,6 +548,11 @@ kim_error kim_os_ui_gui_fini (kim_ui_context *io_context) if (!err) { kim_ui_gui_context context = (kim_ui_gui_context) io_context->tcontext; + kim_mipc_error result = 0; + + err = kim_mipc_cli_fini (context->port, &result); + if (!err) { err = check_error (result); } + if (!err) { kim_os_ui_gui_context_free (&context); |