diff options
| author | Jeffrey Altman <jaltman@secure-endpoints.com> | 2005-12-06 01:06:13 +0000 |
|---|---|---|
| committer | Jeffrey Altman <jaltman@secure-endpoints.com> | 2005-12-06 01:06:13 +0000 |
| commit | 6122981fdebaef3a11c57bf439133bd410b9523e (patch) | |
| tree | f89098c8093e8852ef4683858337492803ccb8fd /src/windows/identity/plugins | |
| parent | 1e0c430fd23cdd3ba6c3d609c6b34314b8a7226c (diff) | |
KFW 3.0 Final Network Identity Manager updates
Add new documentation files
Add new icons
Add "set default" functionality to the New Credentials dialog
Remove inconsistencies in the Options configuration dialog
Replace the menu bar so that it responds to Alt- and keyboard
shortcuts
Fix an --autoinit race condition
many more things....
ticket: new
target_version: 1.4.4
status: resolved
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17546 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/windows/identity/plugins')
| -rw-r--r-- | src/windows/identity/plugins/common/Makefile | 1 | ||||
| -rw-r--r-- | src/windows/identity/plugins/krb4/krb4newcreds.c | 51 | ||||
| -rw-r--r-- | src/windows/identity/plugins/krb4/lang/en_us/langres.rc | 6 | ||||
| -rw-r--r-- | src/windows/identity/plugins/krb5/errorfuncs.c | 3 | ||||
| -rw-r--r-- | src/windows/identity/plugins/krb5/krb5configdlg.c | 52 | ||||
| -rw-r--r-- | src/windows/identity/plugins/krb5/krb5configid.c | 13 | ||||
| -rw-r--r-- | src/windows/identity/plugins/krb5/krb5funcs.c | 103 | ||||
| -rw-r--r-- | src/windows/identity/plugins/krb5/krb5identpro.c | 247 | ||||
| -rw-r--r-- | src/windows/identity/plugins/krb5/krb5newcreds.c | 23 | ||||
| -rw-r--r-- | src/windows/identity/plugins/krb5/krbconfig.csv | 1 | ||||
| -rw-r--r-- | src/windows/identity/plugins/krb5/lang/en_us/langres.rc | 20 | ||||
| -rw-r--r-- | src/windows/identity/plugins/krb5/lang/krb5_msgs.mc | 7 | ||||
| -rw-r--r-- | src/windows/identity/plugins/krb5/langres.h | 5 |
13 files changed, 396 insertions, 136 deletions
diff --git a/src/windows/identity/plugins/common/Makefile b/src/windows/identity/plugins/common/Makefile index cbadbc644..5107edca4 100644 --- a/src/windows/identity/plugins/common/Makefile +++ b/src/windows/identity/plugins/common/Makefile @@ -37,6 +37,7 @@ all: mkdirs $(INCFILES) $(OBJFILES) clean::
$(RM) $(INCFILES)
+ $(RM) $(OBJFILES)
{}.c{$(LIBDIR)}.obj:
$(C2OBJ)
diff --git a/src/windows/identity/plugins/krb4/krb4newcreds.c b/src/windows/identity/plugins/krb4/krb4newcreds.c index fdbe304fa..28ae71a1f 100644 --- a/src/windows/identity/plugins/krb4/krb4newcreds.c +++ b/src/windows/identity/plugins/krb4/krb4newcreds.c @@ -68,8 +68,10 @@ void k4_update_display(k4_dlg_data * d) { EnableWindow(GetDlgItem(d->hwnd, IDC_NCK4_K524), FALSE);
}
- CheckRadioButton(d->hwnd, IDC_NCK4_AUTO, IDC_NCK4_K524,
+ CheckRadioButton(d->hwnd, IDC_NCK4_AUTO, IDC_NCK4_PWD,
method_to_id[d->method]);
+
+ khui_cw_enable_type(d->nc, credtype_id_krb4, d->k4_enabled);
}
void k4_update_data(k4_dlg_data * d) {
@@ -99,6 +101,30 @@ void k4_update_data(k4_dlg_data * d) { }
}
+khm_boolean k4_should_identity_get_k4(khm_handle ident) {
+ khm_int32 idflags = 0;
+
+ if (KHM_FAILED(kcdb_identity_get_flags(ident, &idflags)))
+ return FALSE;
+
+ if (!(idflags & KCDB_IDENT_FLAG_DEFAULT)) {
+ /* we only support k4 for one identity, and that is the
+ default identity. If we are trying to get tickets for
+ a non-default identity, then we start off as
+ disabled. */
+
+ khm_handle defident = NULL;
+
+ if (KHM_SUCCEEDED(kcdb_identity_get_default(&defident))) {
+ kcdb_identity_release(defident);
+
+ return FALSE;
+ }
+ }
+
+ return TRUE;
+}
+
void k4_read_identity_data(k4_dlg_data * d) {
khm_handle csp_ident = NULL;
khm_handle csp_k4 = NULL;
@@ -139,23 +165,10 @@ void k4_read_identity_data(k4_dlg_data * d) { }
khc_close_space(csp_ident);
-
- kcdb_identity_get_flags(d->nc->identities[0], &idflags);
}
- if (!(idflags & KCDB_IDENT_FLAG_DEFAULT)) {
- /* we only support k4 for one identity, and that is the
- default identity. If we are trying to get tickets for
- a non-default identity, then we start off as
- disabled. */
-
- khm_handle defident = NULL;
-
- if (KHM_SUCCEEDED(kcdb_identity_get_default(&defident))) {
- kcdb_identity_release(defident);
-
- d->k4_enabled = FALSE;
- }
+ if (d->k4_enabled) {
+ d->k4_enabled = k4_should_identity_get_k4(d->nc->identities[0]);
}
} else {
d->k4_enabled = FALSE;
@@ -417,6 +430,12 @@ krb4_msg_newcred(khm_int32 msg_type, khm_int32 msg_subtype, nc = (khui_new_creds *) vparam;
+ if (!nc->ctx.identity)
+ break;
+
+ if (!k4_should_identity_get_k4(nc->ctx.identity))
+ break;
+
nct = PMALLOC(sizeof(*nct));
#ifdef DEBUG
assert(nct);
diff --git a/src/windows/identity/plugins/krb4/lang/en_us/langres.rc b/src/windows/identity/plugins/krb4/lang/en_us/langres.rc index 042da77b7..a07dc4b30 100644 --- a/src/windows/identity/plugins/krb4/lang/en_us/langres.rc +++ b/src/windows/identity/plugins/krb4/lang/en_us/langres.rc @@ -63,10 +63,10 @@ BEGIN BS_AUTOCHECKBOX | WS_TABSTOP,7,26,97,10
CONTROL "Automatically determine method",IDC_NCK4_AUTO,"Button",
BS_AUTORADIOBUTTON | WS_GROUP | WS_TABSTOP,23,58,119,10
- CONTROL "Password",IDC_NCK4_PWD,"Button",BS_AUTORADIOBUTTON |
- WS_TABSTOP,23,75,47,10
CONTROL "Kerberos 5 to 4 translation",IDC_NCK4_K524,"Button",
- BS_AUTORADIOBUTTON | WS_TABSTOP,23,92,101,10
+ BS_AUTORADIOBUTTON | WS_TABSTOP,23,76,101,10
+ CONTROL "Password",IDC_NCK4_PWD,"Button",BS_AUTORADIOBUTTON |
+ WS_TABSTOP,23,94,47,10
GROUPBOX "Obtain Kerberos 4 tickets using",IDC_STATIC,7,43,286,72,
WS_GROUP
END
diff --git a/src/windows/identity/plugins/krb5/errorfuncs.c b/src/windows/identity/plugins/krb5/errorfuncs.c index 28016d3cb..d2fabbad4 100644 --- a/src/windows/identity/plugins/krb5/errorfuncs.c +++ b/src/windows/identity/plugins/krb5/errorfuncs.c @@ -83,6 +83,9 @@ void khm_err_describe(long code, wchar_t * buf, khm_size cbbuf, case kadm_err_base:
break;
default:
+ if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
+ *suggestion = MSG_ERR_S_INTEGRITY;
+ }
*suggest_code = KHERR_SUGGEST_RETRY;
AnsiStrToUnicode(buf, cbbuf, com_err_msg);
return;
diff --git a/src/windows/identity/plugins/krb5/krb5configdlg.c b/src/windows/identity/plugins/krb5/krb5configdlg.c index 63fdc32b6..8cf89c7cd 100644 --- a/src/windows/identity/plugins/krb5/krb5configdlg.c +++ b/src/windows/identity/plugins/krb5/krb5configdlg.c @@ -78,6 +78,8 @@ typedef struct tag_k5_config_data { wchar_t config_file[MAX_PATH]; /* path to configuration file */
khm_boolean create_config_file; /* create config_file if missing? */
+ khm_boolean inc_realms; /* include full realm list in new
+ credentials dialog? */
/* [libdefaults] */
khm_boolean dns_lookup_kdc;
@@ -100,15 +102,16 @@ typedef struct tag_k5_config_data { khm_int32 flags;
} k5_config_data;
-#define K5_CDFLAG_MOD_DEF_REALM 1
-#define K5_CDFLAG_MOD_CONF_FILE 2
-#define K5_CDFLAG_MOD_DNS_LOOKUP_KDC 4
-#define K5_CDFLAG_MOD_DNS_LOOKUP_RLM 8
-#define K5_CDFLAG_MOD_DNS_FALLBACK 0x10
-#define K5_CDFLAG_MOD_NOADDRESSES 0x20
-#define K5_CDFLAG_MOD_LSA_IMPORT 0x40
-#define K5_CDFLAG_MOD_CREATE_CONF 0x80
-#define K5_CDFLAG_MOD_REALMS 0x1000
+#define K5_CDFLAG_MOD_DEF_REALM 0x00000001
+#define K5_CDFLAG_MOD_CONF_FILE 0x00000002
+#define K5_CDFLAG_MOD_DNS_LOOKUP_KDC 0x00000004
+#define K5_CDFLAG_MOD_DNS_LOOKUP_RLM 0x00000008
+#define K5_CDFLAG_MOD_DNS_FALLBACK 0x00000010
+#define K5_CDFLAG_MOD_NOADDRESSES 0x00000020
+#define K5_CDFLAG_MOD_LSA_IMPORT 0x00000040
+#define K5_CDFLAG_MOD_CREATE_CONF 0x00000080
+#define K5_CDFLAG_MOD_INC_REALMS 0x00000100
+#define K5_CDFLAG_MOD_REALMS 0x00001000
static const char *const conf_yes[] = {
"y", "yes", "true", "t", "1", "on",
@@ -506,16 +509,23 @@ k5_read_config_data(k5_config_data * d) { pprofile_release(profile);
}
- /* last, read the MSLSA import setting */
{
khm_int32 t;
+ /* last, read the MSLSA import setting */
if (KHM_SUCCEEDED(khc_read_int32(csp_params,
L"MsLsaImport", &t))) {
d->lsa_import = t;
} else {
d->lsa_import = K5_LSAIMPORT_ALWAYS;
}
+
+ if (KHM_SUCCEEDED(khc_read_int32(csp_params,
+ L"UseFullRealmList", &t))) {
+ d->inc_realms = !!t;
+ } else {
+ d->inc_realms = TRUE;
+ }
}
d->flags = 0;
@@ -546,9 +556,11 @@ k5_write_config_data(k5_config_data * d) { /* write the MSLSA import setting */
if (d->flags & K5_CDFLAG_MOD_LSA_IMPORT) {
-
khc_write_int32(csp_params, L"MsLsaImport", d->lsa_import);
+ }
+ if (d->flags & K5_CDFLAG_MOD_INC_REALMS) {
+ khc_write_int32(csp_params, L"UseFullRealmList", d->inc_realms);
}
if (!(d->flags &
@@ -912,6 +924,9 @@ k5_config_dlgproc(HWND hwnd, d->node_main = (khui_config_node) lParam;
+ CheckDlgButton(hwnd, IDC_CFG_INCREALMS,
+ (d->inc_realms)? BST_CHECKED: BST_UNCHECKED);
+
hw = GetDlgItem(hwnd, IDC_CFG_DEFREALM);
#ifdef DEBUG
assert(hw);
@@ -984,6 +999,21 @@ k5_config_dlgproc(HWND hwnd, KHUI_CNFLAG_MODIFIED);
return TRUE;
}
+
+ if (wParam == MAKEWPARAM(IDC_CFG_INCREALMS, BN_CLICKED)) {
+ if (IsDlgButtonChecked(hwnd, IDC_CFG_INCREALMS) ==
+ BST_CHECKED) {
+ d->inc_realms = TRUE;
+ } else {
+ d->inc_realms = FALSE;
+ }
+ d->flags |= K5_CDFLAG_MOD_INC_REALMS;
+
+ khui_cfg_set_flags(d->node_main,
+ KHUI_CNFLAG_MODIFIED,
+ KHUI_CNFLAG_MODIFIED);
+ return TRUE;
+ }
}
break;
diff --git a/src/windows/identity/plugins/krb5/krb5configid.c b/src/windows/identity/plugins/krb5/krb5configid.c index 17ab40929..a4e549d3d 100644 --- a/src/windows/identity/plugins/krb5/krb5configid.c +++ b/src/windows/identity/plugins/krb5/krb5configid.c @@ -60,7 +60,10 @@ k5_id_read_params(k5_id_dlg_data * d) { khm_handle csp_idroot = NULL;
cb = sizeof(idname);
- khui_cfg_get_name(d->cfg.ctx_node, idname, &cb);
+ rv = khui_cfg_get_name(d->cfg.ctx_node, idname, &cb);
+#ifdef DEBUG
+ assert(KHM_SUCCEEDED(rv));
+#endif
rv = kcdb_identity_create(idname, 0, &d->ident);
#ifdef DEBUG
@@ -93,8 +96,12 @@ k5_id_read_params(k5_id_dlg_data * d) { cb = sizeof(d->ccache);
rv = khc_read_string(csp_ident, L"DefaultCCName", d->ccache, &cb);
- if (KHM_FAILED(rv))
- ZeroMemory(d->ccache, sizeof(d->ccache));
+ if (KHM_FAILED(rv) || cb <= sizeof(wchar_t)) {
+ cb = sizeof(d->ccache);
+ if (KHM_FAILED(kcdb_identity_get_attr(d->ident, attr_id_krb5_ccname,
+ NULL, d->ccache, &cb)))
+ ZeroMemory(d->ccache, sizeof(d->ccache));
+ }
khui_tracker_initialize(&d->tc_life);
d->tc_life.current = d->life;
diff --git a/src/windows/identity/plugins/krb5/krb5funcs.c b/src/windows/identity/plugins/krb5/krb5funcs.c index 3dfea750c..5c076951a 100644 --- a/src/windows/identity/plugins/krb5/krb5funcs.c +++ b/src/windows/identity/plugins/krb5/krb5funcs.c @@ -220,7 +220,7 @@ static long get_tickets_from_cache(krb5_context ctx, khm_handle ident = NULL;
khm_handle cred = NULL;
time_t tt;
- khm_int64 ft, eft;
+ FILETIME ft, eft;
khm_int32 ti;
@@ -372,25 +372,32 @@ static long get_tickets_from_cache(krb5_context ctx, KRBv5Credentials.times.starttime = KRBv5Credentials.times.authtime;
tt = KRBv5Credentials.times.starttime;
- TimetToFileTime(tt, (LPFILETIME) &ft);
+ TimetToFileTime(tt, &ft);
kcdb_cred_set_attr(cred, KCDB_ATTR_ISSUE, &ft, sizeof(ft));
tt = KRBv5Credentials.times.endtime;
- TimetToFileTime(tt, (LPFILETIME) &eft);
+ TimetToFileTime(tt, &eft);
kcdb_cred_set_attr(cred, KCDB_ATTR_EXPIRE, &eft, sizeof(eft));
- eft -= ft;
- kcdb_cred_set_attr(cred, KCDB_ATTR_LIFETIME, &eft, sizeof(eft));
+ {
+ FILETIME ftl;
+
+ ftl = FtSub(&eft, &ft);
+ kcdb_cred_set_attr(cred, KCDB_ATTR_LIFETIME, &ftl, sizeof(ftl));
+ }
if (KRBv5Credentials.times.renew_till > 0) {
+ FILETIME ftl;
+
tt = KRBv5Credentials.times.renew_till;
- TimetToFileTime(tt, (LPFILETIME) &eft);
+ TimetToFileTime(tt, &eft);
kcdb_cred_set_attr(cred, KCDB_ATTR_RENEW_EXPIRE, &eft,
sizeof(eft));
- eft -= ft;
- kcdb_cred_set_attr(cred, KCDB_ATTR_RENEW_LIFETIME, &eft,
- sizeof(eft));
+
+ ftl = FtSub(&eft, &ft);
+ kcdb_cred_set_attr(cred, KCDB_ATTR_RENEW_LIFETIME, &ftl,
+ sizeof(ftl));
}
ti = KRBv5Credentials.ticket_flags;
@@ -441,7 +448,7 @@ static long get_tickets_from_cache(krb5_context ctx, int n = 0;
while ( KRBv5Credentials.addresses[n] )
n++;
- list->addrList = calloc(1, n * sizeof(char *));
+ list->addrList = PCALLOC(1, n * sizeof(char *));
if (!list->addrList) {
MessageBox(NULL, "Memory Error", "Error", MB_OK);
return ENOMEM;
@@ -449,7 +456,7 @@ static long get_tickets_from_cache(krb5_context ctx, list->addrCount = n;
for ( n=0; n<list->addrCount; n++ ) {
wsprintf(Buffer, "Address: %s", one_addr(KRBv5Credentials.addresses[n]));
- list->addrList[n] = (char*) calloc(1, strlen(Buffer)+1);
+ list->addrList[n] = (char*) PCALLOC(1, strlen(Buffer)+1);
if (!list->addrList[n])
{
MessageBox(NULL, "Memory Error", "Error", MB_OK);
@@ -461,9 +468,9 @@ static long get_tickets_from_cache(krb5_context ctx, #endif
if(cred_flags & KCDB_CRED_FLAG_INITIAL) {
- __int64 t_issue_new;
- __int64 t_expire_old;
- __int64 t_expire_new;
+ FILETIME ft_issue_new;
+ FILETIME ft_expire_old;
+ FILETIME ft_expire_new;
khm_size cb;
/* an initial ticket! If we find one, we generally set
@@ -472,30 +479,30 @@ static long get_tickets_from_cache(krb5_context ctx, the current primary credential. */
tt = KRBv5Credentials.times.endtime;
- TimetToFileTime(tt, (LPFILETIME) &t_expire_new);
+ TimetToFileTime(tt, &ft_expire_new);
tt = KRBv5Credentials.times.starttime;
- TimetToFileTime(tt, (LPFILETIME) &t_issue_new);
+ TimetToFileTime(tt, &ft_issue_new);
- cb = sizeof(t_expire_old);
+ cb = sizeof(ft_expire_old);
if(KHM_FAILED(kcdb_identity_get_attr(tident,
KCDB_ATTR_EXPIRE,
- NULL, &t_expire_old,
+ NULL, &ft_expire_old,
&cb))
- || t_expire_new > t_expire_old)
- {
+ || CompareFileTime(&ft_expire_new, &ft_expire_old) > 0) {
+
kcdb_identity_set_attr(tident, attr_id_krb5_ccname,
wcc_name, KCDB_CBSIZE_AUTO);
kcdb_identity_set_attr(tident, KCDB_ATTR_EXPIRE,
- &t_expire_new,
- sizeof(t_expire_new));
+ &ft_expire_new,
+ sizeof(ft_expire_new));
kcdb_identity_set_attr(tident, KCDB_ATTR_ISSUE,
- &t_issue_new,
- sizeof(t_issue_new));
+ &ft_issue_new,
+ sizeof(ft_issue_new));
if (KRBv5Credentials.times.renew_till > 0) {
tt = KRBv5Credentials.times.renew_till;
- TimetToFileTime(tt, (LPFILETIME) &ft);
+ TimetToFileTime(tt, &ft);
kcdb_identity_set_attr(tident,
KCDB_ATTR_RENEW_EXPIRE,
&ft, sizeof(ft));
@@ -1515,60 +1522,44 @@ khm_krb5_ms2mit(BOOL save_creds) char *princ_name = NULL;
BOOL rc = FALSE;
-#ifdef DEBUG
- kherr_debug_printf(L"Begin : khm_krb5_ms2mit. save_cred=%d\n", (int) save_creds);
-#endif
+ kherr_reportf(L"Begin : khm_krb5_ms2mit. save_cred=%d\n", (int) save_creds);
+
if ( !pkrb5_init_context )
goto cleanup;
if (code = pkrb5_init_context(&kcontext))
goto cleanup;
-#ifdef DEBUG
- kherr_debug_printf(L"Resolving MSLSA\n");
-#endif
+ kherr_reportf(L"Resolving MSLSA\n");
+
if (code = pkrb5_cc_resolve(kcontext, "MSLSA:", &mslsa_ccache))
goto cleanup;
if ( save_creds ) {
-#ifdef DEBUG
- kherr_debug_printf(L"Getting principal\n");
-#endif
- if (code = pkrb5_cc_get_principal(kcontext, mslsa_ccache, &princ))
+ kherr_reportf(L"Getting principal\n");
+ if (code = pkrb5_cc_get_principal(kcontext, mslsa_ccache, &princ))
goto cleanup;
-#ifdef DEBUG
- kherr_debug_printf(L"Unparsing name\n");
-#endif
- if (code = pkrb5_unparse_name(kcontext, princ, &princ_name))
+ kherr_reportf(L"Unparsing name\n");
+ if (code = pkrb5_unparse_name(kcontext, princ, &princ_name))
goto cleanup;
-#ifdef DEBUG
- kherr_debug_printf(L"Unparsed [%S]. Resolving target cache\n", princ_name);
-#endif
+ kherr_reportf(L"Unparsed [%S]. Resolving target cache\n", princ_name);
/* TODO: actually look up the preferred ccache name */
if (code = pkrb5_cc_resolve(kcontext, princ_name, &ccache)) {
-#ifdef DEBUG
- kherr_debug_printf(L"Cannot resolve cache [%S] with code=%d. Trying default.\n", princ_name, code);
-#endif
+ kherr_reportf(L"Cannot resolve cache [%S] with code=%d. Trying default.\n", princ_name, code);
if (code = pkrb5_cc_default(kcontext, &ccache)) {
-#ifdef DEBUG
- kherr_debug_printf(L"Failed to resolve default ccache. Code=%d", code);
-#endif
+ kherr_reportf(L"Failed to resolve default ccache. Code=%d", code);
goto cleanup;
}
}
-#ifdef DEBUG
- kherr_debug_printf(L"Initializing ccache\n");
-#endif
+ kherr_reportf(L"Initializing ccache\n");
if (code = pkrb5_cc_initialize(kcontext, ccache, princ))
goto cleanup;
-#ifdef DEBUG
- kherr_debug_printf(L"Copying credentials\n");
-#endif
+ kherr_reportf(L"Copying credentials\n");
if (code = pkrb5_cc_copy_creds(kcontext, mslsa_ccache, ccache))
goto cleanup;
@@ -1591,9 +1582,7 @@ khm_krb5_ms2mit(BOOL save_creds) }
cleanup:
-#ifdef DEBUG
- kherr_debug_printf(L" Received code=%d", code);
-#endif
+ kherr_reportf(L" Received code=%d", code);
if (princ_name)
pkrb5_free_unparsed_name(kcontext, princ_name);
diff --git a/src/windows/identity/plugins/krb5/krb5identpro.c b/src/windows/identity/plugins/krb5/krb5identpro.c index 858243daf..2ad904b43 100644 --- a/src/windows/identity/plugins/krb5/krb5identpro.c +++ b/src/windows/identity/plugins/krb5/krb5identpro.c @@ -516,8 +516,39 @@ ui_cb(khui_new_creds * nc, 0,
(LPARAM) t);
}
+ _done_adding_lru:
+
+ {
+ khm_int32 inc_realms = 0;
+
+ if (KHM_FAILED(khc_read_int32(csp_params,
+ L"UseFullRealmList",
+ &inc_realms)) ||
+ !inc_realms)
+ goto _done_adding_all_realms;
+ }
+
+ if(ms)
+ PFREE(ms);
+
+ ms = khm_krb5_get_realm_list();
+ if(ms) {
+ for (t = ms; t && *t; t = multi_string_next(t)) {
+ lr = SendMessage(d->hw_realm,
+ CB_FINDSTRINGEXACT,
+ (WPARAM) -1,
+ (LPARAM) t);
+ if (lr != CB_ERR)
+ continue;
+
+ SendMessage(d->hw_realm,
+ CB_ADDSTRING,
+ 0,
+ (LPARAM) t);
+ }
+ }
+ _done_adding_all_realms:
- _done_adding_lru:
/* set the current selection of the realms list */
if (defrealm) {
SendMessage(d->hw_realm,
@@ -1080,12 +1111,8 @@ k5_ident_update(khm_int32 msg_type, return KHM_ERROR_SUCCESS;
}
-
-static khm_int32
-k5_ident_init(khm_int32 msg_type,
- khm_int32 msg_subtype,
- khm_ui_4 uparam,
- void * vparam) {
+static khm_boolean
+k5_refresh_default_identity(krb5_context ctx) {
/* just like notify_create, except now we set the default identity
based on what we find in the configuration */
krb5_ccache cc = NULL;
@@ -1096,31 +1123,23 @@ k5_ident_init(khm_int32 msg_type, khm_handle ident = NULL;
khm_boolean found_default = FALSE;
- assert(k5_identpro_ctx != NULL);
+ assert(ctx != NULL);
- code = pkrb5_cc_default(k5_identpro_ctx, &cc);
+ code = pkrb5_cc_default(ctx, &cc);
if (code)
goto _nc_cleanup;
-
- code = pkrb5_cc_get_principal(k5_identpro_ctx,
- cc,
- &princ);
+
+ code = pkrb5_cc_get_principal(ctx, cc, &princ);
if (code)
goto _nc_cleanup;
- code = pkrb5_unparse_name(k5_identpro_ctx,
- princ,
- &princ_nameA);
+ code = pkrb5_unparse_name(ctx, princ, &princ_nameA);
if (code)
goto _nc_cleanup;
- AnsiStrToUnicode(princ_nameW,
- sizeof(princ_nameW),
- princ_nameA);
+ AnsiStrToUnicode(princ_nameW, sizeof(princ_nameW), princ_nameA);
- if (KHM_FAILED(kcdb_identity_create(princ_nameW,
- 0,
- &ident)))
+ if (KHM_FAILED(kcdb_identity_create(princ_nameW, 0, &ident)))
goto _nc_cleanup;
kcdb_identity_set_default_int(ident);
@@ -1129,17 +1148,31 @@ k5_ident_init(khm_int32 msg_type, _nc_cleanup:
if (princ_nameA)
- pkrb5_free_unparsed_name(k5_identpro_ctx,
- princ_nameA);
+ pkrb5_free_unparsed_name(ctx, princ_nameA);
+
if (princ)
- pkrb5_free_principal(k5_identpro_ctx,
- princ);
+ pkrb5_free_principal(ctx, princ);
+
if (cc)
- pkrb5_cc_close(k5_identpro_ctx, cc);
+ pkrb5_cc_close(ctx, cc);
if (ident)
kcdb_identity_release(ident);
+ return found_default;
+}
+
+static khm_int32
+k5_ident_init(khm_int32 msg_type,
+ khm_int32 msg_subtype,
+ khm_ui_4 uparam,
+ void * vparam) {
+
+ khm_boolean found_default;
+ khm_handle ident;
+
+ found_default = k5_refresh_default_identity(k5_identpro_ctx);
+
if (!found_default) {
wchar_t widname[KCDB_IDENT_MAXCCH_NAME];
khm_size cb;
@@ -1284,6 +1317,143 @@ k5_ident_name_comp_func(const void * dl, khm_size cb_dl, return r;
}
+
+/* Identity change notification thread */
+
+HANDLE h_ccname_exit_event;
+HANDLE h_ccname_thread;
+
+DWORD WINAPI k5_ccname_monitor_thread(LPVOID lpParameter) {
+ krb5_context ctx = 0;
+
+ HKEY hk_ccname;
+ HANDLE h_notify;
+ HANDLE h_waits[2];
+
+ khm_int32 rv = KHM_ERROR_SUCCESS;
+ DWORD dwType;
+ DWORD dwSize;
+ DWORD dwDisp;
+ wchar_t reg_ccname[KRB5_MAXCCH_CCNAME];
+ LONG l;
+
+ l = RegOpenKeyEx(HKEY_CURRENT_USER,
+ L"Software\\MIT\\kerberos5",
+ 0,
+ KEY_READ | KEY_WRITE,
+ &hk_ccname);
+
+ if (l != ERROR_SUCCESS)
+ l = RegCreateKeyEx(HKEY_CURRENT_USER,
+ L"Software\\MIT\\kerberos5",
+ 0,
+ NULL,
+ REG_OPTION_NON_VOLATILE,
+ KEY_READ | KEY_WRITE,
+ NULL,
+ &hk_ccname,
+ &dwDisp);
+
+ if (l != ERROR_SUCCESS) {
+ rv = KHM_ERROR_UNKNOWN;
+ goto _exit;
+ }
+
+ dwSize = sizeof(reg_ccname);
+
+ l = RegQueryValueEx(hk_ccname,
+ L"ccname",
+ NULL,
+ &dwType,
+ (LPBYTE) reg_ccname,
+ &dwSize);
+
+ if (l != ERROR_SUCCESS ||
+ dwType != REG_SZ) {
+
+ reg_ccname[0] = L'\0';
+ }
+
+ l = pkrb5_init_context(&ctx);
+
+ if (l)
+ goto _exit_0;
+
+ h_notify = CreateEvent(NULL, FALSE, FALSE, L"Local\\Krb5CCNameChangeNotifier");
+
+ if (h_notify == NULL)
+ goto _exit_0;
+
+ /* begin wait loop */
+
+ h_waits[0] = h_ccname_exit_event;
+ h_waits[1] = h_notify;
+
+ do {
+ DWORD dwrv;
+
+ l = RegNotifyChangeKeyValue(hk_ccname, FALSE,
+ REG_NOTIFY_CHANGE_LAST_SET,
+ h_notify, TRUE);
+
+ if (l != ERROR_SUCCESS) {
+ rv = KHM_ERROR_UNKNOWN;
+ break;
+ }
+
+ dwrv = WaitForMultipleObjects(2, h_waits, FALSE, INFINITE);
+
+ if (dwrv == WAIT_OBJECT_0) {
+ /* exit! */
+ break;
+
+ } else if (dwrv == WAIT_OBJECT_0 + 1) {
+ /* change notify! */
+ wchar_t new_ccname[KRB5_MAXCCH_CCNAME];
+
+ dwSize = sizeof(new_ccname);
+
+ l = RegQueryValueEx(hk_ccname,
+ L"ccname",
+ NULL,
+ &dwType,
+ (LPBYTE) new_ccname,
+ &dwSize);
+
+ if (l != ERROR_SUCCESS ||
+ dwType != REG_SZ) {
+ new_ccname[0] = L'\0';
+ }
+
+ if (wcsicmp(new_ccname, reg_ccname)) {
+ k5_refresh_default_identity(ctx);
+ StringCbCopy(reg_ccname, sizeof(reg_ccname), new_ccname);
+ }
+
+ } else {
+ /* something went wrong */
+ rv = KHM_ERROR_UNKNOWN;
+ break;
+ }
+
+ } while (TRUE);
+
+ CloseHandle(h_notify);
+
+ _exit_0:
+
+ RegCloseKey(hk_ccname);
+
+ if (ctx)
+ pkrb5_free_context(ctx);
+
+ _exit:
+ ExitThread(rv);
+
+ /* not reached */
+ return rv;
+}
+
khm_int32
k5_msg_system_idpro(khm_int32 msg_type, khm_int32 msg_subtype,
khm_ui_4 uparam, void * vparam) {
@@ -1329,11 +1499,34 @@ k5_msg_system_idpro(khm_int32 msg_type, khm_int32 msg_subtype, kcdb_attrib_release_info(attr);
}
+
+ h_ccname_exit_event = CreateEvent(NULL, FALSE, FALSE, NULL);
+ if (h_ccname_exit_event) {
+ h_ccname_thread = CreateThread(NULL,
+ 200 * 1024,
+ k5_ccname_monitor_thread,
+ NULL,
+ 0,
+ NULL);
+ } else {
+ h_ccname_thread = NULL;
+ }
}
break;
case KMSG_SYSTEM_EXIT:
{
+
+ if (h_ccname_thread) {
+ SetEvent(h_ccname_exit_event);
+ WaitForSingleObject(h_ccname_thread, INFINITE);
+ CloseHandle(h_ccname_thread);
+ CloseHandle(h_ccname_exit_event);
+
+ h_ccname_exit_event = NULL;
+ h_ccname_thread = NULL;
+ }
+
if (k5_identpro_ctx) {
pkrb5_free_context(k5_identpro_ctx);
k5_identpro_ctx = NULL;
diff --git a/src/windows/identity/plugins/krb5/krb5newcreds.c b/src/windows/identity/plugins/krb5/krb5newcreds.c index a08fb91d9..e6bf6479d 100644 --- a/src/windows/identity/plugins/krb5/krb5newcreds.c +++ b/src/windows/identity/plugins/krb5/krb5newcreds.c @@ -459,6 +459,7 @@ k5_kinit_fiber_proc(PVOID lpParameter) goto _switch_to_main;
if (!k5_cp_check_continue()) {
+ g_fjob.code = KRB5KRB_AP_ERR_BAD_INTEGRITY;
goto _switch_to_main;
}
}
@@ -1278,7 +1279,7 @@ k5_msg_cred_dialog(khm_int32 msg_type, nct->type = credtype_id_krb5;
nct->ordinal = 1;
- LoadString(hResModule, IDS_KRB5_SHORT_DESC,
+ LoadString(hResModule, IDS_KRB5_NC_NAME,
wbuf, ARRAYLENGTH(wbuf));
StringCbLength(wbuf, sizeof(wbuf), &cbsize);
cbsize += sizeof(wchar_t);
@@ -1343,12 +1344,10 @@ k5_msg_cred_dialog(khm_int32 msg_type, realms = khm_krb5_get_realm_list();
if(realms) {
- t = realms;
- while(t && *t) {
+ for (t = realms; t && *t; t = multi_string_next(t)) {
SendDlgItemMessage(hwnd, IDC_NCK5_REALM,
CB_ADDSTRING,
0, (LPARAM) t);
- t = multi_string_next(t);
}
PFREE(realms);
}
@@ -1698,7 +1697,6 @@ k5_msg_cred_dialog(khm_int32 msg_type, NULL))))
g_fjob.code = 0;
-
if(g_fjob.code != 0) {
wchar_t tbuf[1024];
DWORD suggestion;
@@ -1771,6 +1769,10 @@ k5_msg_cred_dialog(khm_int32 msg_type, khm_krb5_list_tickets(&ctx);
+ if (nc->set_default) {
+ kcdb_identity_set_default(nc->identities[0]);
+ }
+
/* If there is no default identity, then make this the default */
kcdb_identity_refresh(nc->identities[0]);
{
@@ -1841,7 +1843,7 @@ k5_msg_cred_dialog(khm_int32 msg_type, wbuf);
atsign = wcschr(idname, L'@');
- if (atsign != NULL)
+ if (atsign == NULL)
goto _done_with_LRU;
atsign++;
@@ -1911,6 +1913,7 @@ k5_msg_cred_dialog(khm_int32 msg_type, if (wbuf)
PFREE(wbuf);
+
} else if (g_fjob.state == FIBER_STATE_NONE) {
/* the user cancelled the operation */
r = KHUI_NC_RESPONSE_EXIT |
@@ -1942,11 +1945,11 @@ k5_msg_cred_dialog(khm_int32 msg_type, _end_task();
} else if (nc->subtype == KMSG_CRED_RENEW_CREDS) {
- __int64 ftidexp = 0;
- __int64 ftcurrent;
+ FILETIME ftidexp = {0,0};
+ FILETIME ftcurrent;
khm_size cb;
- GetSystemTimeAsFileTime((LPFILETIME) &ftcurrent);
+ GetSystemTimeAsFileTime(&ftcurrent);
_begin_task(0);
_report_mr0(KHERR_NONE, MSG_CTX_RENEW_CREDS);
@@ -1983,7 +1986,7 @@ k5_msg_cred_dialog(khm_int32 msg_type, khui_cw_set_response(nc, credtype_id_krb5,
KHUI_NC_RESPONSE_EXIT |
KHUI_NC_RESPONSE_FAILED);
- } else if (ftcurrent < ftidexp) {
+ } else if (CompareFileTime(&ftcurrent, &ftidexp) < 0) {
wchar_t tbuf[1024];
DWORD suggestion;
kherr_suggestion sug_id;
diff --git a/src/windows/identity/plugins/krb5/krbconfig.csv b/src/windows/identity/plugins/krb5/krbconfig.csv index 0059f0ab1..9b849c88f 100644 --- a/src/windows/identity/plugins/krb5/krbconfig.csv +++ b/src/windows/identity/plugins/krb5/krbconfig.csv @@ -20,6 +20,7 @@ Krb5Cred,KC_SPACE,0,Kerberos V Credentials Provider DefaultRenewLifetime,KC_INT32,604800,Default renewable lifetime
MaxRenewLifetime,KC_INT32,2592000,Maximum renewable lifetime
MinRenewLifetime,KC_INT32,60,Maximum renewable lifetime
+ UseFullRealmList,KC_INT32,0,Use the full list of realms in the New Creds dialog
LRURealms,KC_STRING,,
LRUPrincipals,KC_STRING,,
LastDefaultIdent,KC_STRING,,Last known default identity
diff --git a/src/windows/identity/plugins/krb5/lang/en_us/langres.rc b/src/windows/identity/plugins/krb5/lang/en_us/langres.rc index d95c58d86..d54fc101e 100644 --- a/src/windows/identity/plugins/krb5/lang/en_us/langres.rc +++ b/src/windows/identity/plugins/krb5/lang/en_us/langres.rc @@ -62,7 +62,7 @@ BEGIN COMBOBOX IDC_NCK5_REALM,60,25,233,17,CBS_DROPDOWN |
CBS_AUTOHSCROLL | CBS_SORT | WS_VSCROLL | WS_TABSTOP
PUSHBUTTON "Specify &additional realms ...",IDC_NCK5_ADD_REALMS,181,
- 43,112,16,BS_NOTIFY | WS_DISABLED
+ 43,112,16,BS_NOTIFY | NOT WS_VISIBLE | WS_DISABLED
LTEXT "&Lifetime",IDC_STATIC,7,67,61,12
EDITTEXT IDC_NCK5_LIFETIME_EDIT,85,67,107,12,ES_AUTOHSCROLL
CONTROL "&Renewable for",IDC_NCK5_RENEWABLE,"Button",
@@ -131,13 +131,16 @@ BEGIN WS_VSCROLL | WS_TABSTOP
PUSHBUTTON "Configure Realms ...",IDC_CFG_CFGREALMS,76,25,84,14,
WS_DISABLED
- GROUPBOX "Keberos Configuration File",IDC_CFG_CFGFILEGRP,7,57,241,
- 48
- LTEXT "Location",IDC_CFG_LBL_CFGFILE,13,71,28,8
- EDITTEXT IDC_CFG_CFGFILE,76,68,119,14,ES_AUTOHSCROLL
- PUSHBUTTON "Browse...",IDC_CFG_BROWSE,198,68,44,14
+ GROUPBOX "Keberos Configuration File",IDC_CFG_CFGFILEGRP,7,45,241,
+ 61
+ LTEXT "Location",IDC_CFG_LBL_CFGFILE,13,61,28,8
+ EDITTEXT IDC_CFG_CFGFILE,76,58,119,14,ES_AUTOHSCROLL
+ PUSHBUTTON "Browse...",IDC_CFG_BROWSE,198,58,44,14
CONTROL "Create file if missing",IDC_CFG_CREATECONFIG,"Button",
- BS_AUTOCHECKBOX | WS_DISABLED | WS_TABSTOP,76,89,80,10
+ BS_AUTOCHECKBOX | WS_DISABLED | WS_TABSTOP,76,76,80,10
+ CONTROL "Include realms in New Credentials realm list",
+ IDC_CFG_INCREALMS,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,
+ 76,91,153,10
GROUPBOX "Windows® Options",IDC_CFG_WINGRP,7,110,241,65
LTEXT "Hostname",IDC_CFG_LBL_HOSTNAME,13,123,33,8
EDITTEXT IDC_CFG_HOSTNAME,76,120,166,14,ES_AUTOHSCROLL |
@@ -385,7 +388,7 @@ BEGIN IDS_ETYPE_UNKNOWN "(Unknown)"
IDS_ETYPE_LOCAL_DES3_HMAC_SHA1 "LOCAL-DES3-HMAC-SHA1"
IDS_ETYPE_LOCAL_RC4_MD4 "LOCAL-RC4-MD4"
- IDS_KRB5_SHORT_DESC "Kerberos 5"
+ IDS_KRB5_SHORT_DESC "Kerberos 5 tickets"
IDS_KRB5_LONG_DESC "Kerberos 5 tickets"
END
@@ -480,6 +483,7 @@ BEGIN IDS_NO "No"
IDS_CFG_RE_NEWSERVER "<New server...>"
IDS_CFG_RE_NEWDMAP "<New domain mapping...>"
+ IDS_KRB5_NC_NAME "Kerberos 5"
END
#endif // English (U.S.) resources
diff --git a/src/windows/identity/plugins/krb5/lang/krb5_msgs.mc b/src/windows/identity/plugins/krb5/lang/krb5_msgs.mc index 22f973f93..2b637ac9f 100644 --- a/src/windows/identity/plugins/krb5/lang/krb5_msgs.mc +++ b/src/windows/identity/plugins/krb5/lang/krb5_msgs.mc @@ -146,6 +146,13 @@ Please select an identity to change the password. .
MessageId=
+SymbolicName=MSG_ERR_S_INTEGRITY
+Language=English
+This is commonly caused by an incorrect password. Please verify that the password is correct and note that passwords are case sensitive.
+.
+
+
+MessageId=
SymbolicName=MSG_
Language=English
.
diff --git a/src/windows/identity/plugins/krb5/langres.h b/src/windows/identity/plugins/krb5/langres.h index 52adc34e3..6f76cc56b 100644 --- a/src/windows/identity/plugins/krb5/langres.h +++ b/src/windows/identity/plugins/krb5/langres.h @@ -114,6 +114,7 @@ #define IDS_NO 196
#define IDS_CFG_RE_NEWSERVER 197
#define IDS_CFG_RE_NEWDMAP 198
+#define IDS_KRB5_NC_NAME 199
#define IDC_NCK5_RENEWABLE 1002
#define IDC_NCK5_FORWARDABLE 1004
#define IDC_NCK5_REALM 1005
@@ -171,6 +172,8 @@ #define IDC_CFG_INCAPI 1066
#define IDC_CFG_INCMSLSA 1067
#define IDC_PPK5_FLAGS 1072
+#define IDC_CHECK1 1073
+#define IDC_CFG_INCREALMS 1073
// Next default values for new objects
//
@@ -178,7 +181,7 @@ #ifndef APSTUDIO_READONLY_SYMBOLS
#define _APS_NEXT_RESOURCE_VALUE 117
#define _APS_NEXT_COMMAND_VALUE 40001
-#define _APS_NEXT_CONTROL_VALUE 1073
+#define _APS_NEXT_CONTROL_VALUE 1074
#define _APS_NEXT_SYMED_VALUE 101
#endif
#endif
|