diff options
| author | Tom Yu <tlyu@mit.edu> | 2011-10-17 19:34:08 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2011-10-17 19:34:08 +0000 |
| commit | eb06a8e77810afeb718f7f42ece5759d4330d940 (patch) | |
| tree | ecb81988b9e9c3e06762e29294120dd7324943a4 /src/windows/identity/plugins | |
| parent | 449598819d0e51355473c90682dd397dc305e5d0 (diff) | |
Delete Network Identity Manager
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25363 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/windows/identity/plugins')
48 files changed, 0 insertions, 21258 deletions
diff --git a/src/windows/identity/plugins/common/Makefile b/src/windows/identity/plugins/common/Makefile deleted file mode 100644 index 6b827dc3e..000000000 --- a/src/windows/identity/plugins/common/Makefile +++ /dev/null @@ -1,44 +0,0 @@ -# -# Copyright (c) 2004 Massachusetts Institute of Technology -# Copyright (c) 2007 Secure Endpoints Inc. -# -# Permission is hereby granted, free of charge, to any person -# obtaining a copy of this software and associated documentation files -# (the "Software"), to deal in the Software without restriction, -# including without limitation the rights to use, copy, modify, merge, -# publish, distribute, sublicense, and/or sell copies of the Software, -# and to permit persons to whom the Software is furnished to do so, -# subject to the following conditions: -# -# The above copyright notice and this permission notice shall be -# included in all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. - - -MODULE=plugins\common -!include <../../config/Makefile.w32> - -INCFILES= \ - $(INCDIR)\krb5common.h \ - $(INCDIR)\dynimport.h - -OBJFILES= \ - $(LIBDIR)\krb5common.obj \ - $(LIBDIR)\dynimport.obj - -all: mkdirs $(INCFILES) $(OBJFILES) - -clean:: - if exist "$(INCDIR)" $(RM) $(INCFILES) - if exist "$(LIBDIR)" $(RM) $(OBJFILES) - -{}.c{$(LIBDIR)}.obj: - $(C2OBJ) diff --git a/src/windows/identity/plugins/common/dynimport.c b/src/windows/identity/plugins/common/dynimport.c deleted file mode 100644 index bb1bb0412..000000000 --- a/src/windows/identity/plugins/common/dynimport.c +++ /dev/null @@ -1,485 +0,0 @@ -/* -* Copyright (c) 2005 Massachusetts Institute of Technology -* Copyright (c) 2007 Secure Endpoints Inc. -* -* Permission is hereby granted, free of charge, to any person -* obtaining a copy of this software and associated documentation -* files (the "Software"), to deal in the Software without -* restriction, including without limitation the rights to use, copy, -* modify, merge, publish, distribute, sublicense, and/or sell copies -* of the Software, and to permit persons to whom the Software is -* furnished to do so, subject to the following conditions: -* -* The above copyright notice and this permission notice shall be -* included in all copies or substantial portions of the Software. -* -* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -* SOFTWARE. -*/ - -/* $Id$ */ - -#include<windows.h> -#include<netidmgr.h> -#include<dynimport.h> - -HINSTANCE hKrb4 = 0; -HINSTANCE hKrb5 = 0; -HINSTANCE hKrb524 = 0; -HINSTANCE hSecur32 = 0; -HINSTANCE hComErr = 0; -HINSTANCE hService = 0; -HINSTANCE hProfile = 0; -HINSTANCE hPsapi = 0; -HINSTANCE hToolHelp32 = 0; -HINSTANCE hCCAPI = 0; - -DWORD AfsAvailable = 0; - -// CCAPI -DECL_FUNC_PTR(cc_initialize); -DECL_FUNC_PTR(cc_shutdown); -DECL_FUNC_PTR(cc_get_NC_info); -DECL_FUNC_PTR(cc_free_NC_info); - -// krb4 functions -DECL_FUNC_PTR(get_krb_err_txt_entry); -DECL_FUNC_PTR(k_isinst); -DECL_FUNC_PTR(k_isname); -DECL_FUNC_PTR(k_isrealm); -DECL_FUNC_PTR(kadm_change_your_password); -DECL_FUNC_PTR(kname_parse); -DECL_FUNC_PTR(krb_get_cred); -DECL_FUNC_PTR(krb_get_krbhst); -DECL_FUNC_PTR(krb_get_lrealm); -DECL_FUNC_PTR(krb_get_pw_in_tkt); -DECL_FUNC_PTR(krb_get_tf_realm); -DECL_FUNC_PTR(krb_mk_req); -DECL_FUNC_PTR(krb_realmofhost); -DECL_FUNC_PTR(tf_init); -DECL_FUNC_PTR(tf_close); -DECL_FUNC_PTR(tf_get_cred); -DECL_FUNC_PTR(tf_get_pname); -DECL_FUNC_PTR(tf_get_pinst); -DECL_FUNC_PTR(LocalHostAddr); -DECL_FUNC_PTR(tkt_string); -DECL_FUNC_PTR(krb_set_tkt_string); -DECL_FUNC_PTR(initialize_krb_error_func); -DECL_FUNC_PTR(initialize_kadm_error_table); -DECL_FUNC_PTR(dest_tkt); -DECL_FUNC_PTR(krb_in_tkt); -DECL_FUNC_PTR(krb_save_credentials); -DECL_FUNC_PTR(krb_get_krbconf2); -DECL_FUNC_PTR(krb_get_krbrealm2); -DECL_FUNC_PTR(krb_life_to_time); - -// krb5 functions -DECL_FUNC_PTR(krb5_change_password); -DECL_FUNC_PTR(krb5_get_init_creds_opt_init); -DECL_FUNC_PTR(krb5_get_init_creds_opt_set_tkt_life); -DECL_FUNC_PTR(krb5_get_init_creds_opt_set_renew_life); -DECL_FUNC_PTR(krb5_get_init_creds_opt_set_forwardable); -DECL_FUNC_PTR(krb5_get_init_creds_opt_set_proxiable); -DECL_FUNC_PTR(krb5_get_init_creds_opt_set_address_list); -DECL_FUNC_PTR(krb5_get_init_creds_opt_set_change_password_prompt); -DECL_FUNC_PTR(krb5_get_init_creds_password); -DECL_FUNC_PTR(krb5_get_prompt_types); -DECL_FUNC_PTR(krb5_build_principal_ext); -DECL_FUNC_PTR(krb5_cc_get_name); -DECL_FUNC_PTR(krb5_cc_get_type); -DECL_FUNC_PTR(krb5_cc_resolve); -DECL_FUNC_PTR(krb5_cc_default); -DECL_FUNC_PTR(krb5_cc_default_name); -DECL_FUNC_PTR(krb5_cc_set_default_name); -DECL_FUNC_PTR(krb5_cc_initialize); -DECL_FUNC_PTR(krb5_cc_destroy); -DECL_FUNC_PTR(krb5_cc_close); -DECL_FUNC_PTR(krb5_cc_store_cred); -DECL_FUNC_PTR(krb5_cc_copy_creds); -DECL_FUNC_PTR(krb5_cc_retrieve_cred); -DECL_FUNC_PTR(krb5_cc_get_principal); -DECL_FUNC_PTR(krb5_cc_start_seq_get); -DECL_FUNC_PTR(krb5_cc_next_cred); -DECL_FUNC_PTR(krb5_cc_end_seq_get); -DECL_FUNC_PTR(krb5_cc_remove_cred); -DECL_FUNC_PTR(krb5_cc_set_flags); -// DECL_FUNC_PTR(krb5_cc_get_type); -DECL_FUNC_PTR(krb5_free_context); -DECL_FUNC_PTR(krb5_free_cred_contents); -DECL_FUNC_PTR(krb5_free_principal); -DECL_FUNC_PTR(krb5_get_in_tkt_with_password); -DECL_FUNC_PTR(krb5_init_context); -DECL_FUNC_PTR(krb5_parse_name); -DECL_FUNC_PTR(krb5_timeofday); -DECL_FUNC_PTR(krb5_timestamp_to_sfstring); -DECL_FUNC_PTR(krb5_unparse_name); -DECL_FUNC_PTR(krb5_get_credentials); -DECL_FUNC_PTR(krb5_mk_req); -DECL_FUNC_PTR(krb5_sname_to_principal); -DECL_FUNC_PTR(krb5_get_credentials_renew); -DECL_FUNC_PTR(krb5_free_data); -DECL_FUNC_PTR(krb5_free_data_contents); -// DECL_FUNC_PTR(krb5_get_realm_domain); -DECL_FUNC_PTR(krb5_free_unparsed_name); -DECL_FUNC_PTR(krb5_os_localaddr); -DECL_FUNC_PTR(krb5_copy_keyblock_contents); -DECL_FUNC_PTR(krb5_copy_data); -DECL_FUNC_PTR(krb5_free_creds); -DECL_FUNC_PTR(krb5_build_principal); -DECL_FUNC_PTR(krb5_get_renewed_creds); -DECL_FUNC_PTR(krb5_get_default_config_files); -DECL_FUNC_PTR(krb5_free_config_files); -DECL_FUNC_PTR(krb5_get_default_realm); -DECL_FUNC_PTR(krb5_set_default_realm); -DECL_FUNC_PTR(krb5_free_ticket); -DECL_FUNC_PTR(krb5_decode_ticket); -DECL_FUNC_PTR(krb5_get_host_realm); -DECL_FUNC_PTR(krb5_free_host_realm); -DECL_FUNC_PTR(krb5_c_random_make_octets); -DECL_FUNC_PTR(krb5_free_addresses); -DECL_FUNC_PTR(krb5_free_default_realm); -DECL_FUNC_PTR(krb5_string_to_deltat); -DECL_FUNC_PTR(krb5_get_error_message); -DECL_FUNC_PTR(krb5_free_error_message); -DECL_FUNC_PTR(krb5_clear_error_message); - -// Krb524 functions -DECL_FUNC_PTR(krb524_init_ets); -DECL_FUNC_PTR(krb524_convert_creds_kdc); - -// ComErr functions -DECL_FUNC_PTR(com_err); -DECL_FUNC_PTR(error_message); - -// Profile functions -DECL_FUNC_PTR(profile_init); -DECL_FUNC_PTR(profile_flush); -DECL_FUNC_PTR(profile_release); -DECL_FUNC_PTR(profile_get_subsection_names); -DECL_FUNC_PTR(profile_free_list); -DECL_FUNC_PTR(profile_get_string); -DECL_FUNC_PTR(profile_get_integer); -DECL_FUNC_PTR(profile_get_values); -DECL_FUNC_PTR(profile_get_relation_names); -DECL_FUNC_PTR(profile_clear_relation); -DECL_FUNC_PTR(profile_add_relation); -DECL_FUNC_PTR(profile_update_relation); -DECL_FUNC_PTR(profile_release_string); -DECL_FUNC_PTR(profile_rename_section); - -// Service functions -DECL_FUNC_PTR(OpenSCManagerA); -DECL_FUNC_PTR(OpenServiceA); -DECL_FUNC_PTR(QueryServiceStatus); -DECL_FUNC_PTR(CloseServiceHandle); -DECL_FUNC_PTR(LsaNtStatusToWinError); - -// LSA Functions -DECL_FUNC_PTR(LsaConnectUntrusted); -DECL_FUNC_PTR(LsaLookupAuthenticationPackage); -DECL_FUNC_PTR(LsaCallAuthenticationPackage); -DECL_FUNC_PTR(LsaFreeReturnBuffer); -DECL_FUNC_PTR(LsaGetLogonSessionData); - -// CCAPI -FUNC_INFO ccapi_fi[] = { - MAKE_FUNC_INFO(cc_initialize), - MAKE_FUNC_INFO(cc_shutdown), - MAKE_FUNC_INFO(cc_get_NC_info), - MAKE_FUNC_INFO(cc_free_NC_info), - END_FUNC_INFO -}; - -FUNC_INFO k4_fi[] = { - MAKE_FUNC_INFO(get_krb_err_txt_entry), - MAKE_FUNC_INFO(k_isinst), - MAKE_FUNC_INFO(k_isname), - MAKE_FUNC_INFO(k_isrealm), - MAKE_FUNC_INFO(kadm_change_your_password), - MAKE_FUNC_INFO(kname_parse), - MAKE_FUNC_INFO(krb_get_cred), - MAKE_FUNC_INFO(krb_get_krbhst), - MAKE_FUNC_INFO(krb_get_lrealm), - MAKE_FUNC_INFO(krb_get_pw_in_tkt), - MAKE_FUNC_INFO(krb_get_tf_realm), - MAKE_FUNC_INFO(krb_mk_req), - MAKE_FUNC_INFO(krb_realmofhost), - MAKE_FUNC_INFO(tf_init), - MAKE_FUNC_INFO(tf_close), - MAKE_FUNC_INFO(tf_get_cred), - MAKE_FUNC_INFO(tf_get_pname), - MAKE_FUNC_INFO(tf_get_pinst), - MAKE_FUNC_INFO(LocalHostAddr), - MAKE_FUNC_INFO(tkt_string), - MAKE_FUNC_INFO(krb_set_tkt_string), - MAKE_FUNC_INFO(initialize_krb_error_func), - MAKE_FUNC_INFO(initialize_kadm_error_table), - MAKE_FUNC_INFO(dest_tkt), - /* MAKE_FUNC_INFO(lsh_LoadKrb4LeashErrorTables), */// XXX - MAKE_FUNC_INFO(krb_in_tkt), - MAKE_FUNC_INFO(krb_save_credentials), - MAKE_FUNC_INFO(krb_get_krbconf2), - MAKE_FUNC_INFO(krb_get_krbrealm2), - MAKE_FUNC_INFO(krb_life_to_time), - END_FUNC_INFO -}; - -FUNC_INFO k5_fi[] = { - MAKE_FUNC_INFO(krb5_change_password), - MAKE_FUNC_INFO(krb5_get_init_creds_opt_init), - MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_tkt_life), - MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_renew_life), - MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_forwardable), - MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_proxiable), - MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_address_list), - MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_change_password_prompt), - MAKE_FUNC_INFO(krb5_get_init_creds_password), - MAKE_FUNC_INFO(krb5_get_prompt_types), - MAKE_FUNC_INFO(krb5_build_principal_ext), - MAKE_FUNC_INFO(krb5_cc_get_name), - MAKE_FUNC_INFO(krb5_cc_get_type), - MAKE_FUNC_INFO(krb5_cc_resolve), - MAKE_FUNC_INFO(krb5_cc_default), - MAKE_FUNC_INFO(krb5_cc_default_name), - MAKE_FUNC_INFO(krb5_cc_set_default_name), - MAKE_FUNC_INFO(krb5_cc_initialize), - MAKE_FUNC_INFO(krb5_cc_destroy), - MAKE_FUNC_INFO(krb5_cc_close), - MAKE_FUNC_INFO(krb5_cc_copy_creds), - MAKE_FUNC_INFO(krb5_cc_store_cred), - MAKE_FUNC_INFO(krb5_cc_retrieve_cred), - MAKE_FUNC_INFO(krb5_cc_get_principal), - MAKE_FUNC_INFO(krb5_cc_start_seq_get), - MAKE_FUNC_INFO(krb5_cc_next_cred), - MAKE_FUNC_INFO(krb5_cc_end_seq_get), - MAKE_FUNC_INFO(krb5_cc_remove_cred), - MAKE_FUNC_INFO(krb5_cc_set_flags), - // MAKE_FUNC_INFO(krb5_cc_get_type), - MAKE_FUNC_INFO(krb5_free_context), - MAKE_FUNC_INFO(krb5_free_cred_contents), - MAKE_FUNC_INFO(krb5_free_principal), - MAKE_FUNC_INFO(krb5_get_in_tkt_with_password), - MAKE_FUNC_INFO(krb5_init_context), - MAKE_FUNC_INFO(krb5_parse_name), - MAKE_FUNC_INFO(krb5_timeofday), - MAKE_FUNC_INFO(krb5_timestamp_to_sfstring), - MAKE_FUNC_INFO(krb5_unparse_name), - MAKE_FUNC_INFO(krb5_get_credentials), - MAKE_FUNC_INFO(krb5_mk_req), - MAKE_FUNC_INFO(krb5_sname_to_principal), - MAKE_FUNC_INFO(krb5_get_credentials_renew), - MAKE_FUNC_INFO(krb5_free_data), - MAKE_FUNC_INFO(krb5_free_data_contents), - // MAKE_FUNC_INFO(krb5_get_realm_domain), - MAKE_FUNC_INFO(krb5_free_unparsed_name), - MAKE_FUNC_INFO(krb5_os_localaddr), - MAKE_FUNC_INFO(krb5_copy_keyblock_contents), - MAKE_FUNC_INFO(krb5_copy_data), - MAKE_FUNC_INFO(krb5_free_creds), - MAKE_FUNC_INFO(krb5_build_principal), - MAKE_FUNC_INFO(krb5_get_renewed_creds), - MAKE_FUNC_INFO(krb5_free_addresses), - MAKE_FUNC_INFO(krb5_get_default_config_files), - MAKE_FUNC_INFO(krb5_free_config_files), - MAKE_FUNC_INFO(krb5_get_default_realm), - MAKE_FUNC_INFO(krb5_set_default_realm), - MAKE_FUNC_INFO(krb5_free_ticket), - MAKE_FUNC_INFO(krb5_decode_ticket), - MAKE_FUNC_INFO(krb5_get_host_realm), - MAKE_FUNC_INFO(krb5_free_host_realm), - MAKE_FUNC_INFO(krb5_c_random_make_octets), - MAKE_FUNC_INFO(krb5_free_default_realm), - MAKE_FUNC_INFO(krb5_string_to_deltat), - MAKE_FUNC_INFO(krb5_get_error_message), - MAKE_FUNC_INFO(krb5_free_error_message), - MAKE_FUNC_INFO(krb5_clear_error_message), - END_FUNC_INFO -}; - -FUNC_INFO k524_fi[] = { - MAKE_FUNC_INFO(krb524_init_ets), - MAKE_FUNC_INFO(krb524_convert_creds_kdc), - END_FUNC_INFO -}; - -FUNC_INFO profile_fi[] = { - MAKE_FUNC_INFO(profile_init), - MAKE_FUNC_INFO(profile_flush), - MAKE_FUNC_INFO(profile_release), - MAKE_FUNC_INFO(profile_get_subsection_names), - MAKE_FUNC_INFO(profile_free_list), - MAKE_FUNC_INFO(profile_get_string), - MAKE_FUNC_INFO(profile_get_integer), - MAKE_FUNC_INFO(profile_get_values), - MAKE_FUNC_INFO(profile_get_relation_names), - MAKE_FUNC_INFO(profile_clear_relation), - MAKE_FUNC_INFO(profile_add_relation), - MAKE_FUNC_INFO(profile_update_relation), - MAKE_FUNC_INFO(profile_release_string), - MAKE_FUNC_INFO(profile_rename_section), - END_FUNC_INFO -}; - -FUNC_INFO ce_fi[] = { - MAKE_FUNC_INFO(com_err), - MAKE_FUNC_INFO(error_message), - END_FUNC_INFO -}; - -FUNC_INFO service_fi[] = { - MAKE_FUNC_INFO(OpenSCManagerA), - MAKE_FUNC_INFO(OpenServiceA), - MAKE_FUNC_INFO(QueryServiceStatus), - MAKE_FUNC_INFO(CloseServiceHandle), - MAKE_FUNC_INFO(LsaNtStatusToWinError), - END_FUNC_INFO -}; - -FUNC_INFO lsa_fi[] = { - MAKE_FUNC_INFO(LsaConnectUntrusted), - MAKE_FUNC_INFO(LsaLookupAuthenticationPackage), - MAKE_FUNC_INFO(LsaCallAuthenticationPackage), - MAKE_FUNC_INFO(LsaFreeReturnBuffer), - MAKE_FUNC_INFO(LsaGetLogonSessionData), - END_FUNC_INFO -}; - -// psapi functions -DECL_FUNC_PTR(GetModuleFileNameExA); -DECL_FUNC_PTR(EnumProcessModules); - -FUNC_INFO psapi_fi[] = { - MAKE_FUNC_INFO(GetModuleFileNameExA), - MAKE_FUNC_INFO(EnumProcessModules), - END_FUNC_INFO -}; - -// toolhelp functions -DECL_FUNC_PTR(CreateToolhelp32Snapshot); -DECL_FUNC_PTR(Module32First); -DECL_FUNC_PTR(Module32Next); - -FUNC_INFO toolhelp_fi[] = { - MAKE_FUNC_INFO(CreateToolhelp32Snapshot), - MAKE_FUNC_INFO(Module32First), - MAKE_FUNC_INFO(Module32Next), - END_FUNC_INFO -}; - -khm_int32 init_imports(void) { - OSVERSIONINFO osvi; - int imp_rv = 1; - -#define CKRV(m) \ - do { \ - if(!imp_rv) { \ - _reportf(L"Can't locate all required exports from module [%S]", (m)); \ - goto _err_ret; \ - } \ - } while (FALSE) - -#ifndef _WIN64 - imp_rv = LoadFuncs(KRB4_DLL, k4_fi, &hKrb4, 0, 1, 0, 0); - CKRV(KRB4_DLL); -#endif - - imp_rv = LoadFuncs(KRB5_DLL, k5_fi, &hKrb5, 0, 1, 0, 0); - CKRV(KRB5_DLL); - - imp_rv = LoadFuncs(COMERR_DLL, ce_fi, &hComErr, 0, 0, 1, 0); - CKRV(COMERR_DLL); - - imp_rv = LoadFuncs(SERVICE_DLL, service_fi, &hService, 0, 1, 0, 0); - CKRV(SERVICE_DLL); - - imp_rv = LoadFuncs(SECUR32_DLL, lsa_fi, &hSecur32, 0, 1, 1, 1); - CKRV(SECUR32_DLL); - -#ifndef _WIN64 - imp_rv = LoadFuncs(KRB524_DLL, k524_fi, &hKrb524, 0, 1, 1, 1); - CKRV(KRB524_DLL); -#endif - - imp_rv = LoadFuncs(PROFILE_DLL, profile_fi, &hProfile, 0, 1, 0, 0); - CKRV(PROFILE_DLL); - - imp_rv = LoadFuncs(CCAPI_DLL, ccapi_fi, &hCCAPI, 0, 1, 0, 0); - /* CCAPI_DLL is optional. No error check. */ - - memset(&osvi, 0, sizeof(OSVERSIONINFO)); - osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); - GetVersionEx(&osvi); - - // XXX: We should really use feature testing, first - // checking for CreateToolhelp32Snapshot. If that's - // not around, we try the psapi stuff. - // - // Only load LSA functions if on NT/2000/XP - if(osvi.dwPlatformId == VER_PLATFORM_WIN32_WINDOWS) - { - // Windows 9x - imp_rv = LoadFuncs(TOOLHELPDLL, toolhelp_fi, &hToolHelp32, 0, 1, 0, 0); - CKRV(TOOLHELPDLL); - - hPsapi = 0; - } - else if(osvi.dwPlatformId == VER_PLATFORM_WIN32_NT) - { - // Windows NT - imp_rv = LoadFuncs(PSAPIDLL, psapi_fi, &hPsapi, 0, 1, 0, 0); - CKRV(PSAPIDLL); - - hToolHelp32 = 0; - } - - AfsAvailable = TRUE; //afscompat_init(); - - return KHM_ERROR_SUCCESS; - - _err_ret: - return KHM_ERROR_NOT_FOUND; -} - -khm_int32 exit_imports(void) { - //afscompat_close(); - - if (hKrb4) - FreeLibrary(hKrb4); - if (hKrb5) - FreeLibrary(hKrb5); - if (hProfile) - FreeLibrary(hProfile); - if (hComErr) - FreeLibrary(hComErr); - if (hService) - FreeLibrary(hService); - if (hSecur32) - FreeLibrary(hSecur32); - if (hKrb524) - FreeLibrary(hKrb524); - if (hPsapi) - FreeLibrary(hPsapi); - if (hToolHelp32) - FreeLibrary(hToolHelp32); - - return KHM_ERROR_SUCCESS; -} - -int (*Lcom_err)(LPSTR,long,LPSTR,...); -LPSTR (*Lerror_message)(long); -LPSTR (*Lerror_table_name)(long); - -void Leash_load_com_err_callback(FARPROC ce, - FARPROC em, - FARPROC etn) -{ - Lcom_err = (int (*)(LPSTR,long,LPSTR,...)) ce; - Lerror_message = (LPSTR (*)(long)) em; - Lerror_table_name = (LPSTR (*)(long)) etn; -} diff --git a/src/windows/identity/plugins/common/dynimport.h b/src/windows/identity/plugins/common/dynimport.h deleted file mode 100644 index 8660d6c0d..000000000 --- a/src/windows/identity/plugins/common/dynimport.h +++ /dev/null @@ -1,368 +0,0 @@ -/* - * Copyright (c) 2005 Massachusetts Institute of Technology - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -/* $Id$ */ - -#ifndef __KHIMAIRA_DYNIMPORT_H -#define __KHIMAIRA_DYNIMPORT_H - -/* Dynamic imports */ -#include<khdefs.h> -#include<tlhelp32.h> - -#if _WIN32_WINNT < 0x0501 -#define KHM_SAVE_WIN32_WINNT _WIN32_WINNT -#undef _WIN32_WINNT -#define _WIN32_WINNT 0x0501 -#endif -#include<ntsecapi.h> -#ifdef KHM_SAVE_WIN32_WINNT -#undef _WIN32_WINNT -#define _WIN32_WINNT KHM_SAVE_WIN32_WINNT -#undef KHM_SAVE_WIN32_WINNT -#endif - -extern HINSTANCE hKrb4; -extern HINSTANCE hKrb5; -extern HINSTANCE hProfile; - -/////////////////////////////////////////////////////////////////////////////// - -#ifdef _WIN64 -#define CCAPI_DLL "krbcc64.dll" -#define KRBCC32_DLL "krbcc64.dll" -#else -#define CCAPI_DLL "krbcc32.dll" -#define KRBCC32_DLL "krbcc32.dll" -#endif -#define SERVICE_DLL "advapi32.dll" -#define SECUR32_DLL "secur32.dll" - -////////////////////////////////////////////////////////////////////////////// - -#include <loadfuncs-com_err.h> -#include <loadfuncs-krb5.h> -#include <loadfuncs-profile.h> -#include <loadfuncs-krb.h> -#include <loadfuncs-krb524.h> -#include <loadfuncs-lsa.h> - -//// CCAPI -/* In order to avoid including the private CCAPI headers */ -typedef int cc_int32; - -#define CC_API_VER_1 1 -#define CC_API_VER_2 2 - -#define CCACHE_API cc_int32 - -/* -** The Official Error Codes -*/ -#define CC_NOERROR 0 -#define CC_BADNAME 1 -#define CC_NOTFOUND 2 -#define CC_END 3 -#define CC_IO 4 -#define CC_WRITE 5 -#define CC_NOMEM 6 -#define CC_FORMAT 7 -#define CC_LOCKED 8 -#define CC_BAD_API_VERSION 9 -#define CC_NO_EXIST 10 -#define CC_NOT_SUPP 11 -#define CC_BAD_PARM 12 -#define CC_ERR_CACHE_ATTACH 13 -#define CC_ERR_CACHE_RELEASE 14 -#define CC_ERR_CACHE_FULL 15 -#define CC_ERR_CRED_VERSION 16 - -enum { - CC_CRED_VUNKNOWN = 0, // For validation - CC_CRED_V4 = 1, - CC_CRED_V5 = 2, - CC_CRED_VMAX = 3 // For validation -}; - -typedef struct opaque_dll_control_block_type* apiCB; -typedef struct _infoNC { - char* name; - char* principal; - cc_int32 vers; -} infoNC; - -TYPEDEF_FUNC( -CCACHE_API, -CALLCONV_C, -cc_initialize, - ( - apiCB** cc_ctx, // < DLL's primary control structure. - // returned here, passed everywhere else - cc_int32 api_version, // > ver supported by caller (use CC_API_VER_1) - cc_int32* api_supported, // < if ~NULL, max ver supported by DLL - const char** vendor // < if ~NULL, vendor name in read only C string - ) -); - -TYPEDEF_FUNC( -CCACHE_API, -CALLCONV_C, -cc_shutdown, - ( - apiCB** cc_ctx // <> DLL's primary control structure. NULL after - ) -); - -TYPEDEF_FUNC( -CCACHE_API, -CALLCONV_C, -cc_get_NC_info, - ( - apiCB* cc_ctx, // > DLL's primary control structure - struct _infoNC*** ppNCi // < (NULL before call) null terminated, - // list of a structs (free via cc_free_infoNC()) - ) -); - -TYPEDEF_FUNC( -CCACHE_API, -CALLCONV_C, -cc_free_NC_info, - ( - apiCB* cc_ctx, - struct _infoNC*** ppNCi // < free list of structs returned by - // cc_get_cache_names(). set to NULL on return - ) -); -//// \CCAPI - -extern DWORD AfsAvailable; - -// service definitions -typedef SC_HANDLE (WINAPI *FP_OpenSCManagerA)(char *, char *, DWORD); -typedef SC_HANDLE (WINAPI *FP_OpenServiceA)(SC_HANDLE, char *, DWORD); -typedef BOOL (WINAPI *FP_QueryServiceStatus)(SC_HANDLE, LPSERVICE_STATUS); -typedef BOOL (WINAPI *FP_CloseServiceHandle)(SC_HANDLE); - -////////////////////////////////////////////////////////////////////////////// - -// CCAPI -extern DECL_FUNC_PTR(cc_initialize); -extern DECL_FUNC_PTR(cc_shutdown); -extern DECL_FUNC_PTR(cc_get_NC_info); -extern DECL_FUNC_PTR(cc_free_NC_info); - -// krb4 functions -extern DECL_FUNC_PTR(get_krb_err_txt_entry); -extern DECL_FUNC_PTR(k_isinst); -extern DECL_FUNC_PTR(k_isname); -extern DECL_FUNC_PTR(k_isrealm); -extern DECL_FUNC_PTR(kadm_change_your_password); -extern DECL_FUNC_PTR(kname_parse); -extern DECL_FUNC_PTR(krb_get_cred); -extern DECL_FUNC_PTR(krb_get_krbhst); -extern DECL_FUNC_PTR(krb_get_lrealm); -extern DECL_FUNC_PTR(krb_get_pw_in_tkt); -extern DECL_FUNC_PTR(krb_get_tf_realm); -extern DECL_FUNC_PTR(krb_mk_req); -extern DECL_FUNC_PTR(krb_realmofhost); -extern DECL_FUNC_PTR(tf_init); -extern DECL_FUNC_PTR(tf_close); -extern DECL_FUNC_PTR(tf_get_cred); -extern DECL_FUNC_PTR(tf_get_pname); -extern DECL_FUNC_PTR(tf_get_pinst); -extern DECL_FUNC_PTR(LocalHostAddr); -extern DECL_FUNC_PTR(tkt_string); -extern DECL_FUNC_PTR(krb_set_tkt_string); -extern DECL_FUNC_PTR(initialize_krb_error_func); -extern DECL_FUNC_PTR(initialize_kadm_error_table); -extern DECL_FUNC_PTR(dest_tkt); -extern DECL_FUNC_PTR(lsh_LoadKrb4LeashErrorTables); // XXX -extern DECL_FUNC_PTR(krb_in_tkt); -extern DECL_FUNC_PTR(krb_save_credentials); -extern DECL_FUNC_PTR(krb_get_krbconf2); -extern DECL_FUNC_PTR(krb_get_krbrealm2); -extern DECL_FUNC_PTR(krb_life_to_time); - -// krb5 functions -extern DECL_FUNC_PTR(krb5_change_password); -extern DECL_FUNC_PTR(krb5_get_init_creds_opt_init); -extern DECL_FUNC_PTR(krb5_get_init_creds_opt_set_tkt_life); -extern DECL_FUNC_PTR(krb5_get_init_creds_opt_set_renew_life); -extern DECL_FUNC_PTR(krb5_get_init_creds_opt_set_forwardable); -extern DECL_FUNC_PTR(krb5_get_init_creds_opt_set_proxiable); -extern DECL_FUNC_PTR(krb5_get_init_creds_opt_set_renew_life); -extern DECL_FUNC_PTR(krb5_get_init_creds_opt_set_address_list); -extern DECL_FUNC_PTR(krb5_get_init_creds_opt_set_change_password_prompt); -extern DECL_FUNC_PTR(krb5_get_init_creds_password); -extern DECL_FUNC_PTR(krb5_get_prompt_types); -extern DECL_FUNC_PTR(krb5_build_principal_ext); -extern DECL_FUNC_PTR(krb5_cc_get_name); -extern DECL_FUNC_PTR(krb5_cc_get_type); -extern DECL_FUNC_PTR(krb5_cc_resolve); -extern DECL_FUNC_PTR(krb5_cc_default); -extern DECL_FUNC_PTR(krb5_cc_default_name); -extern DECL_FUNC_PTR(krb5_cc_set_default_name); -extern DECL_FUNC_PTR(krb5_cc_initialize); -extern DECL_FUNC_PTR(krb5_cc_destroy); -extern DECL_FUNC_PTR(krb5_cc_close); -extern DECL_FUNC_PTR(krb5_cc_copy_creds); -extern DECL_FUNC_PTR(krb5_cc_store_cred); -extern DECL_FUNC_PTR(krb5_cc_retrieve_cred); -extern DECL_FUNC_PTR(krb5_cc_get_principal); -extern DECL_FUNC_PTR(krb5_cc_start_seq_get); -extern DECL_FUNC_PTR(krb5_cc_next_cred); -extern DECL_FUNC_PTR(krb5_cc_end_seq_get); -extern DECL_FUNC_PTR(krb5_cc_remove_cred); -extern DECL_FUNC_PTR(krb5_cc_set_flags); -// extern DECL_FUNC_PTR(krb5_cc_get_type); -extern DECL_FUNC_PTR(krb5_free_context); -extern DECL_FUNC_PTR(krb5_free_cred_contents); -extern DECL_FUNC_PTR(krb5_free_principal); -extern DECL_FUNC_PTR(krb5_get_in_tkt_with_password); -extern DECL_FUNC_PTR(krb5_init_context); -extern DECL_FUNC_PTR(krb5_parse_name); -extern DECL_FUNC_PTR(krb5_timeofday); -extern DECL_FUNC_PTR(krb5_timestamp_to_sfstring); -extern DECL_FUNC_PTR(krb5_unparse_name); -extern DECL_FUNC_PTR(krb5_get_credentials); -extern DECL_FUNC_PTR(krb5_mk_req); -extern DECL_FUNC_PTR(krb5_sname_to_principal); -extern DECL_FUNC_PTR(krb5_get_credentials_renew); -extern DECL_FUNC_PTR(krb5_free_data); -extern DECL_FUNC_PTR(krb5_free_data_contents); -// extern DECL_FUNC_PTR(krb5_get_realm_domain); -extern DECL_FUNC_PTR(krb5_free_unparsed_name); -extern DECL_FUNC_PTR(krb5_os_localaddr); -extern DECL_FUNC_PTR(krb5_copy_keyblock_contents); -extern DECL_FUNC_PTR(krb5_copy_data); -extern DECL_FUNC_PTR(krb5_free_creds); -extern DECL_FUNC_PTR(krb5_build_principal); -extern DECL_FUNC_PTR(krb5_get_renewed_creds); -extern DECL_FUNC_PTR(krb5_free_addresses); -extern DECL_FUNC_PTR(krb5_get_default_config_files); -extern DECL_FUNC_PTR(krb5_free_config_files); -extern DECL_FUNC_PTR(krb5_get_default_realm); -extern DECL_FUNC_PTR(krb5_set_default_realm); -extern DECL_FUNC_PTR(krb5_free_ticket); -extern DECL_FUNC_PTR(krb5_decode_ticket); -extern DECL_FUNC_PTR(krb5_get_host_realm); -extern DECL_FUNC_PTR(krb5_free_host_realm); -extern DECL_FUNC_PTR(krb5_c_random_make_octets); -extern DECL_FUNC_PTR(krb5_free_default_realm); -extern DECL_FUNC_PTR(krb5_string_to_deltat); -extern DECL_FUNC_PTR(krb5_get_error_message); -extern DECL_FUNC_PTR(krb5_free_error_message); -extern DECL_FUNC_PTR(krb5_clear_error_message); - -// Krb524 functions -extern DECL_FUNC_PTR(krb524_init_ets); -extern DECL_FUNC_PTR(krb524_convert_creds_kdc); - -// ComErr functions -extern DECL_FUNC_PTR(com_err); -extern DECL_FUNC_PTR(error_message); - -// Profile functions -extern DECL_FUNC_PTR(profile_init); -extern DECL_FUNC_PTR(profile_flush); -extern DECL_FUNC_PTR(profile_release); -extern DECL_FUNC_PTR(profile_get_subsection_names); -extern DECL_FUNC_PTR(profile_free_list); -extern DECL_FUNC_PTR(profile_get_string); -extern DECL_FUNC_PTR(profile_get_integer); -extern DECL_FUNC_PTR(profile_get_values); -extern DECL_FUNC_PTR(profile_get_relation_names); -extern DECL_FUNC_PTR(profile_clear_relation); -extern DECL_FUNC_PTR(profile_add_relation); -extern DECL_FUNC_PTR(profile_update_relation); -extern DECL_FUNC_PTR(profile_release_string); -extern DECL_FUNC_PTR(profile_rename_section); - -// Service functions -extern DECL_FUNC_PTR(OpenSCManagerA); -extern DECL_FUNC_PTR(OpenServiceA); -extern DECL_FUNC_PTR(QueryServiceStatus); -extern DECL_FUNC_PTR(CloseServiceHandle); -extern DECL_FUNC_PTR(LsaNtStatusToWinError); - -// LSA Functions -extern DECL_FUNC_PTR(LsaConnectUntrusted); -extern DECL_FUNC_PTR(LsaLookupAuthenticationPackage); -extern DECL_FUNC_PTR(LsaCallAuthenticationPackage); -extern DECL_FUNC_PTR(LsaFreeReturnBuffer); -extern DECL_FUNC_PTR(LsaGetLogonSessionData); - -// toolhelp functions -TYPEDEF_FUNC( - HANDLE, - WINAPI, - CreateToolhelp32Snapshot, - (DWORD, DWORD) - ); -TYPEDEF_FUNC( - BOOL, - WINAPI, - Module32First, - (HANDLE, LPMODULEENTRY32) - ); -TYPEDEF_FUNC( - BOOL, - WINAPI, - Module32Next, - (HANDLE, LPMODULEENTRY32) - ); - -// psapi functions -TYPEDEF_FUNC( - DWORD, - WINAPI, - GetModuleFileNameExA, - (HANDLE, HMODULE, LPSTR, DWORD) - ); - -TYPEDEF_FUNC( - BOOL, - WINAPI, - EnumProcessModules, - (HANDLE, HMODULE*, DWORD, LPDWORD) - ); - -#define pGetModuleFileNameEx pGetModuleFileNameExA -#define TOOLHELPDLL "kernel32.dll" -#define PSAPIDLL "psapi.dll" - -// psapi functions -extern DECL_FUNC_PTR(GetModuleFileNameExA); -extern DECL_FUNC_PTR(EnumProcessModules); - -// toolhelp functions -extern DECL_FUNC_PTR(CreateToolhelp32Snapshot); -extern DECL_FUNC_PTR(Module32First); -extern DECL_FUNC_PTR(Module32Next); - -khm_int32 init_imports(void); -khm_int32 exit_imports(void); - -#endif diff --git a/src/windows/identity/plugins/common/krb5common.c b/src/windows/identity/plugins/common/krb5common.c deleted file mode 100644 index f3a5e988e..000000000 --- a/src/windows/identity/plugins/common/krb5common.c +++ /dev/null @@ -1,451 +0,0 @@ -/* - * Copyright (c) 2005 Massachusetts Institute of Technology - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -/* $Id$ */ - -#include<windows.h> -#include<netidmgr.h> -#include<dynimport.h> -#include<krb5common.h> -#ifdef DEBUG -#include<assert.h> -#endif -#include<strsafe.h> - -/**************************************/ -/* khm_krb5_error(): */ -/**************************************/ -int -khm_krb5_error(krb5_error_code rc, LPCSTR FailedFunctionName, - int FreeContextFlag, krb5_context * ctx, - krb5_ccache * cache) -{ -#ifdef NO_KRB5 - return -1; -#else - -#ifdef SHOW_MESSAGE_IN_AN_ANNOYING_WAY - char message[256]; - const char *errText; - int krb5Error = ((int)(rc & 255)); - - errText = perror_message(rc); - _snprintf(message, sizeof(message), - "%s\n(Kerberos error %ld)\n\n%s failed", - errText, - krb5Error, - FailedFunctionName); - - MessageBoxA(NULL, message, "Kerberos Five", MB_OK | MB_ICONERROR | - MB_TASKMODAL | - MB_SETFOREGROUND); -#endif - - if (FreeContextFlag == 1) - { - if (*ctx != NULL) - { - if (*cache != NULL) { - pkrb5_cc_close(*ctx, *cache); - *cache = NULL; - } - - pkrb5_free_context(*ctx); - *ctx = NULL; - } - } - - return rc; - -#endif //!NO_KRB5 -} - -int -khm_krb5_initialize(khm_handle ident, - krb5_context *ctx, - krb5_ccache *cache) -{ -#ifdef NO_KRB5 - return(-1); -#else - - LPCSTR functionName = NULL; - int freeContextFlag = 0; - krb5_error_code rc = -1; - krb5_flags flags = 0; - - if (pkrb5_init_context == NULL) - return 1; - - if (*ctx == 0 && (rc = (*pkrb5_init_context)(ctx))) { - functionName = "krb5_init_context()"; - freeContextFlag = 0; - goto on_error; - } - - if(*cache == 0) { - wchar_t wccname[MAX_PATH]; - khm_size cbwccname; - - if(ident != NULL) { - cbwccname = sizeof(wccname); - do { - char ccname[256]; - - if(KHM_FAILED(kcdb_identity_get_attrib(ident, L"Krb5CCName", - NULL, wccname, - &cbwccname))) { - cbwccname = sizeof(wccname); - if (KHM_FAILED - (khm_krb5_find_ccache_for_identity(ident, - ctx, - wccname, - &cbwccname))) { -#ifdef DEBUG_LIKE_A_MADMAN - assert(FALSE); -#endif - break; - } - } - - if(UnicodeStrToAnsi(ccname, sizeof(ccname), wccname) == 0) - break; - - if(rc = (*pkrb5_cc_resolve)(*ctx, ccname, cache)) { - functionName = "krb5_cc_resolve()"; - freeContextFlag = 1; - goto on_error; - } - } while(FALSE); - } - -#ifndef FAILOVER_TO_DEFAULT_CCACHE - rc = 1; -#endif - if (*cache == 0 -#ifdef FAILOVER_TO_DEFAULT_CCACHE - && (rc = (*pkrb5_cc_default)(*ctx, cache)) -#endif - ) { - functionName = "krb5_cc_default()"; - freeContextFlag = 1; - goto on_error; - } - } - -#ifdef KRB5_TC_NOTICKET - flags = KRB5_TC_NOTICKET; -#endif - - if ((rc = (*pkrb5_cc_set_flags)(*ctx, *cache, flags))) - { - if (rc != KRB5_FCC_NOFILE && rc != KRB5_CC_NOTFOUND) - khm_krb5_error(rc, "krb5_cc_set_flags()", 0, ctx, - cache); - else if ((rc == KRB5_FCC_NOFILE || rc == KRB5_CC_NOTFOUND) && *ctx != NULL) { - if (*cache != NULL) { - (*pkrb5_cc_close)(*ctx, *cache); - *cache = NULL; - } - } - return rc; - } - return 0; - -on_error: - return khm_krb5_error(rc, functionName, freeContextFlag, ctx, cache); -#endif //!NO_KRB5 -} - -#define TIMET_TOLERANCE (60*5) - -khm_int32 KHMAPI -khm_get_identity_expiration_time(krb5_context ctx, krb5_ccache cc, - khm_handle ident, - krb5_timestamp * pexpiration) -{ - krb5_principal principal = 0; - char * princ_name = NULL; - krb5_creds creds; - krb5_error_code code; - krb5_error_code cc_code; - krb5_cc_cursor cur; - krb5_timestamp now, expiration = 0; - - wchar_t w_ident_name[KCDB_IDENT_MAXCCH_NAME]; - char ident_name[KCDB_IDENT_MAXCCH_NAME]; - khm_size cb; - - khm_int32 rv = KHM_ERROR_NOT_FOUND; - - if (!ctx || !cc || !ident || !pexpiration) - return KHM_ERROR_GENERAL; - - code = pkrb5_cc_get_principal(ctx, cc, &principal); - - if ( code ) - return KHM_ERROR_INVALID_PARAM; - - cb = sizeof(w_ident_name); - kcdb_identity_get_name(ident, w_ident_name, &cb); - UnicodeStrToAnsi(ident_name, sizeof(ident_name), w_ident_name); - - code = pkrb5_unparse_name(ctx, principal, &princ_name); - - /* compare principal to ident. */ - - if ( code || !princ_name || - strcmp(princ_name, ident_name) ) { - if (princ_name) - pkrb5_free_unparsed_name(ctx, princ_name); - pkrb5_free_principal(ctx, principal); - return KHM_ERROR_UNKNOWN; - } - - pkrb5_free_unparsed_name(ctx, princ_name); - pkrb5_free_principal(ctx, principal); - - code = pkrb5_timeofday(ctx, &now); - - if (code) - return KHM_ERROR_UNKNOWN; - - cc_code = pkrb5_cc_start_seq_get(ctx, cc, &cur); - - while (!(cc_code = pkrb5_cc_next_cred(ctx, cc, &cur, &creds))) { - krb5_data * c0 = krb5_princ_name(ctx, creds.server); - krb5_data * c1 = krb5_princ_component(ctx, creds.server, 1); - krb5_data * r = krb5_princ_realm(ctx, creds.server); - - if ( c0 && c1 && r && c1->length == r->length && - !strncmp(c1->data,r->data,r->length) && - !strncmp("krbtgt",c0->data,c0->length) ) { - - /* we have a TGT, check for the expiration time. - * if it is valid and renewable, use the renew time - */ - - if (!(creds.ticket_flags & TKT_FLG_INVALID) && - creds.times.starttime < (now + TIMET_TOLERANCE) && - (creds.times.endtime + TIMET_TOLERANCE) > now) { - expiration = creds.times.endtime; - - if ((creds.ticket_flags & TKT_FLG_RENEWABLE) && - (creds.times.renew_till > creds.times.endtime)) { - expiration = creds.times.renew_till; - } - } - } - } - - if (cc_code == KRB5_CC_END) { - cc_code = pkrb5_cc_end_seq_get(ctx, cc, &cur); - rv = KHM_ERROR_SUCCESS; - *pexpiration = expiration; - } - - return rv; -} - -khm_int32 KHMAPI -khm_krb5_find_ccache_for_identity(khm_handle ident, krb5_context *pctx, - void * buffer, khm_size * pcbbuf) -{ - krb5_context ctx = 0; - krb5_ccache cache = 0; - krb5_error_code code; - apiCB * cc_ctx = 0; - struct _infoNC ** pNCi = NULL; - int i; - khm_int32 t; - wchar_t * ms = NULL; - khm_size cb; - krb5_timestamp expiration = 0; - krb5_timestamp best_match_expiration = 0; - char best_match_ccname[256] = ""; - khm_handle csp_params = NULL; - khm_handle csp_plugins = NULL; - - if (!buffer || !pcbbuf) - return KHM_ERROR_GENERAL; - - ctx = *pctx; - - if (!pcc_initialize || - !pcc_get_NC_info || - !pcc_free_NC_info || - !pcc_shutdown) - goto _skip_cc_iter; - - code = pcc_initialize(&cc_ctx, CC_API_VER_2, NULL, NULL); - if (code) - goto _exit; - - code = pcc_get_NC_info(cc_ctx, &pNCi); - - if (code) - goto _exit; - - for(i=0; pNCi[i]; i++) { - if (pNCi[i]->vers != CC_CRED_V5) - continue; - - code = (*pkrb5_cc_resolve)(ctx, pNCi[i]->name, &cache); - if (code) - continue; - - /* need a function to check the cache for the identity - * and determine if it has valid tickets. If it has - * the right identity and valid tickets, store the - * expiration time and the cache name. If it has the - * right identity but no valid tickets, store the ccache - * name and an expiration time of zero. if it does not - * have the right identity don't save the name. - * - * Keep searching to find the best cache available. - */ - - if (KHM_SUCCEEDED(khm_get_identity_expiration_time(ctx, cache, - ident, - &expiration))) { - if ( expiration > best_match_expiration ) { - best_match_expiration = expiration; - StringCbCopyA(best_match_ccname, - sizeof(best_match_ccname), - "API:"); - StringCbCatA(best_match_ccname, - sizeof(best_match_ccname), - pNCi[i]->name); - expiration = 0; - } - } - - if(ctx != NULL && cache != NULL) - (*pkrb5_cc_close)(ctx, cache); - cache = 0; - } - - _skip_cc_iter: - - if (KHM_SUCCEEDED(kmm_get_plugins_config(0, &csp_plugins))) { - khc_open_space(csp_plugins, L"Krb5Cred\\Parameters", 0, &csp_params); - khc_close_space(csp_plugins); - csp_plugins = NULL; - } - -#ifdef DEBUG - if (csp_params == NULL) { - assert(FALSE); - } -#endif - - if (csp_params && - KHM_SUCCEEDED(khc_read_int32(csp_params, L"MsLsaList", &t)) && t) { - code = (*pkrb5_cc_resolve)(ctx, "MSLSA:", &cache); - if (code == 0 && cache) { - if (KHM_SUCCEEDED(khm_get_identity_expiration_time(ctx, cache, - ident, - &expiration))) { - if ( expiration > best_match_expiration ) { - best_match_expiration = expiration; - StringCbCopyA(best_match_ccname, sizeof(best_match_ccname), - "MSLSA:"); - expiration = 0; - } - } - } - - if (ctx != NULL && cache != NULL) - (*pkrb5_cc_close)(ctx, cache); - - cache = 0; - } - - if (csp_params && - khc_read_multi_string(csp_params, L"FileCCList", NULL, &cb) - == KHM_ERROR_TOO_LONG && - cb > sizeof(wchar_t) * 2) { - - wchar_t * t; - char ccname[MAX_PATH + 6]; - - ms = PMALLOC(cb); - -#ifdef DEBUG - assert(ms); -#endif - - khc_read_multi_string(csp_params, L"FileCCList", ms, &cb); - for(t = ms; t && *t; t = multi_string_next(t)) { - StringCchPrintfA(ccname, ARRAYLENGTH(ccname), - "FILE:%S", t); - - code = (*pkrb5_cc_resolve)(ctx, ccname, &cache); - if (code) - continue; - - if (KHM_SUCCEEDED(khm_get_identity_expiration_time(ctx, cache, - ident, - &expiration))) { - if ( expiration > best_match_expiration ) { - best_match_expiration = expiration; - StringCbCopyA(best_match_ccname, - sizeof(best_match_ccname), - ccname); - expiration = 0; - } - } - - if (ctx != NULL && cache != NULL) - (*pkrb5_cc_close)(ctx, cache); - cache = 0; - } - - PFREE(ms); - } - _exit: - if (csp_params) - khc_close_space(csp_params); - - if (pNCi) - (*pcc_free_NC_info)(cc_ctx, &pNCi); - - if (cc_ctx) - (*pcc_shutdown)(&cc_ctx); - - if (best_match_ccname[0]) { - - if (*pcbbuf = AnsiStrToUnicode((wchar_t *)buffer, - *pcbbuf, - best_match_ccname)) { - - *pcbbuf = (*pcbbuf + 1) * sizeof(wchar_t); - - return KHM_ERROR_SUCCESS; - } - - } - - return KHM_ERROR_GENERAL; -} diff --git a/src/windows/identity/plugins/common/krb5common.h b/src/windows/identity/plugins/common/krb5common.h deleted file mode 100644 index b01e0d5ce..000000000 --- a/src/windows/identity/plugins/common/krb5common.h +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright (c) 2005 Massachusetts Institute of Technology - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -/* $Id$ */ - -/* Adapted from multiple Leash header files */ - -#ifndef __KHIMAIRA_KRB5COMMON_H -#define __KHIMAIRA_KRB5COMMON_H - -#include<krb5.h> - -#ifndef NO_KRB5 -int khm_krb5_error(krb5_error_code rc, LPCSTR FailedFunctionName, - int FreeContextFlag, krb5_context *ctx, - krb5_ccache *cache); - -int -khm_krb5_get_error_string(krb5_error_code rc, - wchar_t * buffer, - khm_size cb_buffer); - -int khm_krb5_initialize(khm_handle ident, krb5_context *, krb5_ccache *); - -khm_int32 KHMAPI -khm_krb5_find_ccache_for_identity(khm_handle ident, krb5_context *pctx, - void * buffer, khm_size * pcbbuf); - -khm_int32 KHMAPI -khm_get_identity_expiration_time(krb5_context ctx, krb5_ccache cc, - khm_handle ident, - krb5_timestamp * pexpiration); -#endif /* NO_KRB5 */ - -#endif diff --git a/src/windows/identity/plugins/krb4/Makefile b/src/windows/identity/plugins/krb4/Makefile deleted file mode 100644 index 0a8ede8aa..000000000 --- a/src/windows/identity/plugins/krb4/Makefile +++ /dev/null @@ -1,106 +0,0 @@ -# -# Copyright (c) 2004 Massachusetts Institute of Technology -# Copyright (c) 2007 Secure Endpoints Inc. -# -# Permission is hereby granted, free of charge, to any person -# obtaining a copy of this software and associated documentation files -# (the "Software"), to deal in the Software without restriction, -# including without limitation the rights to use, copy, modify, merge, -# publish, distribute, sublicense, and/or sell copies of the Software, -# and to permit persons to whom the Software is furnished to do so, -# subject to the following conditions: -# -# The above copyright notice and this permission notice shall be -# included in all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. - - -MODULE=plugins\krb4 -!include <../../config/Makefile.w32> - -DLLFILE=$(BINDIR)\krb4cred.dll - -LIBFILE=$(LIBDIR)\krb4cred.lib - -OBJFILES= \ - $(LIBDIR)\dynimport.obj \ - $(LIBDIR)\krb5common.obj \ - $(OBJ)\krb4main.obj \ - $(OBJ)\krb4plugin.obj \ - $(OBJ)\krb4funcs.obj \ - $(OBJ)\errorfuncs.obj \ - $(OBJ)\krb4config.obj \ - $(OBJ)\krb4configdlg.obj \ - $(OBJ)\krb4newcreds.obj - - - -SDKLIBFILES= - -!if ("$(CPU)" == "IA64" ) || ("$(CPU)" == "AMD64" ) || ("$(CPU)" == "ALPHA64" ) -SCLIB=bufferoverflowu.lib -LIBFILES= \ - $(LIBDIR)\nidmgr64.lib \ - $(KFWLIBDIR)\loadfuncs.lib -!else -SCLIB= -LIBFILES= \ - $(LIBDIR)\nidmgr32.lib \ - $(KFWLIBDIR)\loadfuncs.lib -!endif - -VERRESFILE=$(OBJ)\version.res - -MSGRESFILE=$(OBJ)\krb4_msgs.res - -$(MSGRESFILE): $(OBJ)\krb4_msgs.rc - -$(OBJ)\krb4_msgs.rc: lang\krb4_msgs.mc - $(MC2RC) - -$(OBJ)\krb4config.c: krbconfig.csv $(CONFDIR)\csvschema.cfg - $(CCSV) $** $@ - -$(DLLFILE): $(OBJFILES) $(VERRESFILE) $(MSGRESFILE) - $(DLLGUILINK) $(LIBFILES) $(SDKLIBFILES) $(SCLIB) - $(_VC_MANIFEST_EMBED_DLL) - $(_VC_MANIFEST_CLEAN) - -all: mkdirs $(MSGRESFILE) $(DLLFILE) lang - -lang:: - -# Repeat this block as necessary redefining LANG for additional -# languages. - -# Begin language block -LANG=en_us - -LANGDLL=$(BINDIR)\krb4cred_$(LANG).dll - -lang:: $(LANGDLL) - -$(LANGDLL): $(OBJ)\langres_$(LANG).res $(OBJ)\langres_ver_$(LANG).res - $(DLLRESLINK) - -$(OBJ)\langres_$(LANG).res: lang\$(LANG)\langres.rc - $(RC2RES) - -$(OBJ)\langres_ver_$(LANG).res: version.rc - $(RC) $(RFLAGS) $(rincflags) /d LANGVER /d LANG_$(LANG) /fo $@ $** -# End language block - -clean:: -!if defined(INCFILES) - $(RM) $(INCFILES) -!endif - - diff --git a/src/windows/identity/plugins/krb4/errorfuncs.c b/src/windows/identity/plugins/krb4/errorfuncs.c deleted file mode 100644 index 3441316e5..000000000 --- a/src/windows/identity/plugins/krb4/errorfuncs.c +++ /dev/null @@ -1,225 +0,0 @@ -/* - * Copyright (c) 2005 Massachusetts Institute of Technology - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -/* $Id$ */ - -#include<krbcred.h> -#include<kherror.h> - -#include<strsafe.h> - -extern void (__cdecl *pinitialize_krb_error_func)(); -extern void (__cdecl *pinitialize_kadm_error_table)(); - - -khm_int32 init_error_funcs() -{ - -#if 0 - /*TODO: Do something about this */ - if (plsh_LoadKrb4LeashErrorTables) - plsh_LoadKrb4LeashErrorTables(hLeashInst, 0); -#endif - return KHM_ERROR_SUCCESS; -} - -khm_int32 exit_error_funcs() -{ - return KHM_ERROR_SUCCESS; -} - -// Global Variables. -static long lsh_errno; -static char *err_context; /* error context */ -extern int (*Lcom_err)(LPSTR,long,LPSTR,...); -extern LPSTR (*Lerror_message)(long); -extern LPSTR (*Lerror_table_name)(long); - -#ifdef WIN16 -#define UNDERSCORE "_" -#else -#define UNDERSCORE -#endif - -HWND GetRootParent (HWND Child) -{ - HWND Last = NULL; - while (Child) - { - Last = Child; - Child = GetParent (Child); - } - return Last; -} - - -LPSTR err_describe(LPSTR buf, size_t len, long code) -{ - LPSTR cp, com_err_msg; - int offset; - long table_num; - char *etype; - - offset = (int) (code & 255); - table_num = code - offset; - com_err_msg = Lerror_message(code); - - switch(table_num) - { - case krb_err_base: - case kadm_err_base: - break; - default: - StringCbCopyA(buf, len, com_err_msg); - return buf; - } - - cp = buf; - if (table_num == krb_err_base) - switch(offset) - { - case KDC_NAME_EXP: /* 001 Principal expired */ - case KDC_SERVICE_EXP: /* 002 Service expired */ - case KDC_AUTH_EXP: /* 003 Auth expired */ - case KDC_PKT_VER: /* 004 Protocol version unknown */ - case KDC_P_MKEY_VER: /* 005 Wrong master key version */ - case KDC_S_MKEY_VER: /* 006 Wrong master key version */ - case KDC_BYTE_ORDER: /* 007 Byte order unknown */ - case KDC_PR_N_UNIQUE: /* 009 Principal not unique */ - case KDC_NULL_KEY: /* 010 Principal has null key */ - case KDC_GEN_ERR: /* 011 Generic error from KDC */ - case INTK_W_NOTALL : /* 061 Not ALL tickets returned */ - case INTK_PROT : /* 063 Protocol Error */ - case INTK_ERR : /* 070 Other error */ - com_err_msg = "Something weird happened... try again, and if Leash" - " continues to fail, contact Network Services as listed in the " - "About box."; - break; - case KDC_PR_UNKNOWN: /* 008 Principal unknown */ - com_err_msg = "You have entered an unknown username/instance/realm" - " combination."; - break; - case GC_TKFIL : /* 021 Can't read ticket file */ - case GC_NOTKT : /* 022 Can't find ticket or TGT */ - com_err_msg = "Something is wrong with the memory where your " - "tickets are stored. Try exiting Windows and restarting your " - "computer."; - break; - case MK_AP_TGTEXP : /* 026 TGT Expired */ - /* no extra error msg */ - break; - case RD_AP_TIME : /* 037 delta_t too big */ - com_err_msg = "Your computer's clock is out of sync with the " - "Kerberos server. Please see the help file about correcting " - "your clock."; - break; - - case RD_AP_UNDEC : /* 031 Can't decode authenticator */ - case RD_AP_EXP : /* 032 Ticket expired */ - case RD_AP_NYV : /* 033 Ticket not yet valid */ - case RD_AP_REPEAT : /* 034 Repeated request */ - case RD_AP_NOT_US : /* 035 The ticket isn't for us */ - case RD_AP_INCON : /* 036 Request is inconsistent */ - case RD_AP_BADD : /* 038 Incorrect net address */ - case RD_AP_VERSION : /* 039 protocol version mismatch */ - case RD_AP_MSG_TYPE : /* 040 invalid msg type */ - case RD_AP_MODIFIED : /* 041 message stream modified */ - case RD_AP_ORDER : /* 042 message out of order */ - case RD_AP_UNAUTHOR : /* 043 unauthorized request */ - /* no extra error msg */ - break; - case GT_PW_NULL: /* 51 Current PW is null */ - case GT_PW_BADPW: /* 52 Incorrect current password */ - case GT_PW_PROT: /* 53 Protocol Error */ - case GT_PW_KDCERR: /* 54 Error returned by KDC */ - case GT_PW_NULLTKT: /* 55 Null tkt returned by KDC */ - /* no error msg yet */ - break; - - /* Values returned by send_to_kdc */ - case SKDC_RETRY : /* 56 Retry count exceeded */ - case SKDC_CANT : /* 57 Can't send request */ - com_err_msg = "Cannot contact the kerberos server for the selected realm."; - break; - /* no error message on purpose: */ - case INTK_BADPW : /* 062 Incorrect password */ - break; - default: - /* no extra error msg */ - break; - } - else - switch(code) - { - case KADM_INSECURE_PW: - /* if( kadm_info != NULL ){ - * wsprintf(buf, "%s\n%s", com_err_msg, kadm_info); - * } else { - * wsprintf(buf, "%s\nPlease see the help file for information " - * "about secure passwords.", com_err_msg); - * } - * com_err_msg = buf; - */ - - /* The above code would be preferred since it allows site specific - * information to be delivered from the Kerberos server. However the - * message box is too small for VGA screens. - * It does work well if we only have to support 1024x768 - */ - - com_err_msg = "You have entered an insecure or weak password."; - - default: - /* no extra error msg */ - break; - } - if(com_err_msg != buf) { - StringCbCopyA(buf, len, com_err_msg); - } - cp = buf + strlen(buf); - *cp++ = '\n'; - switch(table_num) { - case krb_err_base: - etype = "Kerberos"; - break; - case kadm_err_base: - etype = "Kerberos supplemental"; - break; - default: - etype = Lerror_table_name(table_num); - break; - } - StringCbPrintfA((LPSTR) cp, len - (cp-buf), (LPSTR) "(%s error %d" -#ifdef DEBUG_COM_ERR - " (absolute error %ld)" -#endif - ")", etype, offset - //")\nPress F1 for help on this error.", etype, offset -#ifdef DEBUG_COM_ERR - , code -#endif - ); - - return (LPSTR)buf; -} diff --git a/src/windows/identity/plugins/krb4/errorfuncs.h b/src/windows/identity/plugins/krb4/errorfuncs.h deleted file mode 100644 index 0d4d75f1e..000000000 --- a/src/windows/identity/plugins/krb4/errorfuncs.h +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Copyright (c) 2005 Massachusetts Institute of Technology - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -/* $Id$ */ - -#ifndef __KHIMAIRA_ERR_H -#define __KHIMAIRA_ERR_H - -/* All error handling and reporting related functions for the krb4/5 - and AFS plugins */ - -#include <errno.h> -#include <com_err.h> -/* - * This is a hack needed because the real com_err.h does - * not define err_func. We need it in the case where - * we pull in the real com_err instead of the krb4 - * impostor. - */ -#ifndef _DCNS_MIT_COM_ERR_H -typedef LPSTR (*err_func)(int, long); -#endif - -#include <krberr.h> -#include <kadm_err.h> - -#define kadm_err_base ERROR_TABLE_BASE_kadm - -#include <stdarg.h> - -#ifndef KRBERR -#define KRBERR(code) (code + krb_err_base) -#endif - -LPSTR err_describe(LPSTR buf, size_t len, long code); - - -/* */ -khm_int32 init_error_funcs(); - -khm_int32 exit_error_funcs(); - - -#endif diff --git a/src/windows/identity/plugins/krb4/images/plugin.ico b/src/windows/identity/plugins/krb4/images/plugin.ico Binary files differdeleted file mode 100644 index 791b35969..000000000 --- a/src/windows/identity/plugins/krb4/images/plugin.ico +++ /dev/null diff --git a/src/windows/identity/plugins/krb4/krb4configdlg.c b/src/windows/identity/plugins/krb4/krb4configdlg.c deleted file mode 100644 index f13f9ad9e..000000000 --- a/src/windows/identity/plugins/krb4/krb4configdlg.c +++ /dev/null @@ -1,555 +0,0 @@ -/* - * Copyright (c) 2005 Massachusetts Institute of Technology - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -/* $Id$ */ - -#include<krbcred.h> -#include<kherror.h> -#include<khuidefs.h> -#include<strsafe.h> -#include<assert.h> - -typedef struct tag_k4_ids_data { - khui_config_init_data cfg; - - khm_int32 get_tix; -} k4_ids_data; - -static void -k4_ids_read_params(k4_ids_data * d) { - khm_int32 t; -#ifdef DEBUG - assert(csp_params); -#endif - - t = 1; - khc_read_int32(csp_params, L"Krb4NewCreds", &t); - d->get_tix = !!t; -} - -static void -k4_ids_write_params(HWND hw, k4_ids_data * d) { - khm_int32 nv; - khm_boolean applied = FALSE; - - if (IsDlgButtonChecked(hw, IDC_CFG_GETTIX) == BST_CHECKED) - nv = TRUE; - else - nv = FALSE; - - if (!!nv != !!d->get_tix) { - d->get_tix = !!nv; - khc_write_int32(csp_params, L"Krb4NewCreds", d->get_tix); - applied = TRUE; - } - - khui_cfg_set_flags_inst(&d->cfg, - (applied)?KHUI_CNFLAG_APPLIED:0, - KHUI_CNFLAG_APPLIED | KHUI_CNFLAG_MODIFIED); -} - -static void -k4_ids_check_mod(HWND hw, k4_ids_data * d) { - khm_int32 nv; - - if (IsDlgButtonChecked(hw, IDC_CFG_GETTIX) == BST_CHECKED) - nv = TRUE; - else - nv = FALSE; - - khui_cfg_set_flags_inst(&d->cfg, - (!!nv != !!d->get_tix)? KHUI_CNFLAG_MODIFIED: 0, - KHUI_CNFLAG_MODIFIED); -} - -INT_PTR CALLBACK -krb4_ids_config_proc(HWND hwnd, - UINT uMsg, - WPARAM wParam, - LPARAM lParam) { - k4_ids_data * d; - - switch(uMsg) { - case WM_INITDIALOG: - d = PMALLOC(sizeof(*d)); - ZeroMemory(d, sizeof(*d)); - - d->cfg = *((khui_config_init_data *) lParam); - -#pragma warning(push) -#pragma warning(disable: 4244) - SetWindowLongPtr(hwnd, DWLP_USER, (LONG_PTR) d); -#pragma warning(pop) - - k4_ids_read_params(d); - - CheckDlgButton(hwnd, IDC_CFG_GETTIX, - (d->get_tix)? BST_CHECKED: BST_UNCHECKED); - - break; - - case WM_COMMAND: - d = (k4_ids_data *) (LONG_PTR) - GetWindowLongPtr(hwnd, DWLP_USER); - - if (d == NULL) - break; - - if (HIWORD(wParam) == BN_CLICKED) { - k4_ids_check_mod(hwnd, d); - } - break; - - case KHUI_WM_CFG_NOTIFY: - d = (k4_ids_data *) (LONG_PTR) - GetWindowLongPtr(hwnd, DWLP_USER); - - if (d == NULL) - break; - - if (HIWORD(wParam) == WMCFG_APPLY) { - k4_ids_write_params(hwnd, d); - } - break; - - case WM_DESTROY: - d = (k4_ids_data *) (LONG_PTR) - GetWindowLongPtr(hwnd, DWLP_USER); - - if (d) { - PFREE(d); - SetWindowLongPtr(hwnd, DWLP_USER, (LONG_PTR) 0); - } - - break; - } - - return FALSE; -} - -typedef struct tag_k4_id_data { - khui_config_init_data cfg; - khm_int32 gettix; /* get tickets? */ - khm_boolean is_default_ident; -} k4_id_data; - -void -k4_id_read_params(k4_id_data * d) { - wchar_t idname[KCDB_IDENT_MAXCCH_NAME]; - khm_size cb; - khm_handle ident = NULL; - khm_handle csp_ident = NULL; - khm_handle csp_idk4 = NULL; - khm_int32 flags = 0; - khm_int32 t; - - khc_read_int32(csp_params, L"Krb4NewCreds", &d->gettix); - - *idname = 0; - cb = sizeof(idname); - khui_cfg_get_name(d->cfg.ctx_node, idname, &cb); - - kcdb_identity_create(idname, 0, &ident); - - if (ident == NULL) { - d->gettix = 0; - goto done; - } - - kcdb_identity_get_flags(ident, &flags); - - if (!(flags & KCDB_IDENT_FLAG_DEFAULT)) { - d->gettix = 0; - goto done; - } - - d->is_default_ident = TRUE; - - if (d->gettix == 0) - goto done; - - if (KHM_FAILED(kcdb_identity_get_config(ident, 0, &csp_ident))) - goto done; - - if (KHM_FAILED(khc_open_space(csp_ident, CSNAME_KRB4CRED, - 0, &csp_idk4))) - goto close_config; - - if (KHM_SUCCEEDED(khc_read_int32(csp_idk4, L"Krb4NewCreds", &t)) && - !t) - d->gettix = 1; - - close_config: - if (csp_ident) - khc_close_space(csp_ident); - - if (csp_idk4) - khc_close_space(csp_idk4); - - done: - if (ident) - kcdb_identity_release(ident); - - return; -} - -khm_boolean -k4_id_write_params(HWND hwnd, k4_id_data * d) { - wchar_t idname[KCDB_IDENT_MAXCCH_NAME]; - khm_size cb_idname = sizeof(idname); - khm_handle ident = NULL; - khm_int32 flags = 0; - khm_handle csp_ident = NULL; - khm_handle csp_idk4 = NULL; - khm_int32 gettix = 0; - khm_boolean applied = FALSE; - - khui_cfg_get_name(d->cfg.ctx_node, idname, &cb_idname); - - kcdb_identity_create(idname, 0, &ident); - - if (ident == NULL) - return FALSE; - - kcdb_identity_get_flags(ident, &flags); - - if (!(flags & KCDB_IDENT_FLAG_DEFAULT)) - goto done_apply; - - if (IsDlgButtonChecked(hwnd, IDC_CFG_GETTIX) == BST_CHECKED) - gettix = TRUE; - - if (KHM_FAILED(kcdb_identity_get_config(ident, KHM_FLAG_CREATE, - &csp_ident))) - goto done_apply; - - if (KHM_FAILED(khc_open_space(csp_ident, CSNAME_KRB4CRED, - KHM_FLAG_CREATE | KCONF_FLAG_WRITEIFMOD, - &csp_idk4))) - goto done_apply; - - khc_write_int32(csp_idk4, L"Krb4NewCreds", gettix); - - applied = TRUE; - - done_apply: - if (ident) - kcdb_identity_release(ident); - - if (csp_ident) - khc_close_space(csp_ident); - - if (csp_idk4) - khc_close_space(csp_idk4); - - return applied; -} - -INT_PTR CALLBACK -krb4_id_config_proc(HWND hwnd, - UINT uMsg, - WPARAM wParam, - LPARAM lParam) { - switch(uMsg) { - case WM_INITDIALOG: - { - k4_id_data * d; - - d = PMALLOC(sizeof(k4_id_data)); - - if (!d) - break; - - ZeroMemory(d, sizeof(*d)); - - d->cfg = *((khui_config_init_data *) lParam); - -#pragma warning(push) -#pragma warning(disable: 4244) - SetWindowLongPtr(hwnd, DWLP_USER, (LONG_PTR) d); -#pragma warning(pop) - - k4_id_read_params(d); - - CheckDlgButton(hwnd, IDC_CFG_GETTIX, - (d->gettix)?BST_CHECKED: BST_UNCHECKED); - EnableWindow(GetDlgItem(hwnd, IDC_CFG_GETTIX), - d->is_default_ident); - - } - break; - - case WM_COMMAND: - { - k4_id_data * d; - - d = (k4_id_data *) (LONG_PTR) - GetWindowLongPtr(hwnd, DWLP_USER); - - if (d == NULL) - break; - - if (wParam == MAKEWPARAM(IDC_CFG_GETTIX, - BN_CLICKED)) { - int gettix = 0; - int modified = 0; - - gettix = (IsDlgButtonChecked(hwnd, IDC_CFG_GETTIX) == - BST_CHECKED); - - modified = (!!gettix != !!d->gettix); - - khui_cfg_set_flags_inst(&d->cfg, - ((modified)?KHUI_CNFLAG_MODIFIED: 0), - KHUI_CNFLAG_MODIFIED); - } - } - break; - - case KHUI_WM_CFG_NOTIFY: - { - k4_id_data * d; - - d = (k4_id_data *) (LONG_PTR) - GetWindowLongPtr(hwnd, DWLP_USER); - - if (d == NULL) - break; - - if (HIWORD(wParam) == WMCFG_APPLY) { - khm_int32 applied; - - applied = k4_id_write_params(hwnd, d); - - khui_cfg_set_flags_inst(&d->cfg, - ((applied)? KHUI_CNFLAG_APPLIED: 0), - (KHUI_CNFLAG_APPLIED | KHUI_CNFLAG_MODIFIED)); - } - } - break; - - case WM_DESTROY: - { - k4_id_data * d; - - d = (k4_id_data *) (LONG_PTR) - GetWindowLongPtr(hwnd, DWLP_USER); - - if (d == NULL) - break; - - PFREE(d); - - SetWindowLongPtr(hwnd, DWLP_USER, 0); - } - break; - } - - return FALSE; -} - -typedef struct tag_k4_config_dlg_data { - khui_config_node node; - char krb_path[MAX_PATH]; - char krbrealm_path[MAX_PATH]; - char tkt_string[MAX_PATH]; -} k4_config_dlg_data; - -INT_PTR CALLBACK -krb4_confg_proc(HWND hwnd, - UINT uMsg, - WPARAM wParam, - LPARAM lParam) { - - static BOOL in_init = FALSE; - k4_config_dlg_data * d; - - switch(uMsg) { - case WM_INITDIALOG: - { - wchar_t wbuf[MAX_PATH]; - CHAR krb_path[MAX_PATH]; - CHAR krbrealm_path[MAX_PATH]; - CHAR ticketName[MAX_PATH]; - char * pticketName; - size_t krb_path_sz = sizeof(krb_path); - size_t krbrealm_path_sz = sizeof(krbrealm_path); - khm_size cbsize; - - d = PMALLOC(sizeof(*d)); - ZeroMemory(d, sizeof(*d)); - -#pragma warning(push) -#pragma warning(disable: 4244) - SetWindowLongPtr(hwnd, DWLP_USER, (LONG_PTR) d); -#pragma warning(pop) - - d->node = (khui_config_node) lParam; - - in_init = TRUE; - - // Set KRB.CON - memset(krb_path, '\0', sizeof(krb_path)); - if (!pkrb_get_krbconf2(krb_path, &krb_path_sz)) { - // Error has happened - } else { // normal find - AnsiStrToUnicode(wbuf, sizeof(wbuf), krb_path); - SetDlgItemText(hwnd, IDC_CFG_CFGPATH, wbuf); - StringCbCopyA(d->krb_path, sizeof(d->krb_path), krb_path); - } - - // Set KRBREALM.CON - memset(krbrealm_path, '\0', sizeof(krbrealm_path)); - if (!pkrb_get_krbrealm2(krbrealm_path, &krbrealm_path_sz)) { - // Error has happened - } else { - AnsiStrToUnicode(wbuf, sizeof(wbuf), krbrealm_path); - SetDlgItemText(hwnd, IDC_CFG_RLMPATH, wbuf); - StringCbCopyA(d->krbrealm_path, sizeof(d->krbrealm_path), - krbrealm_path); - } - - cbsize = sizeof(wbuf); - if (KHM_SUCCEEDED(khc_read_string(csp_params, L"TktString", - wbuf, &cbsize)) && - wbuf[0] != L'\0') { - - UnicodeStrToAnsi(ticketName, sizeof(ticketName), wbuf); - - } else { - - // Set TICKET.KRB file Editbox - *ticketName = 0; - pkrb_set_tkt_string(0); - - pticketName = ptkt_string(); - if (pticketName) - StringCbCopyA(ticketName, sizeof(ticketName), pticketName); - - } - - if (!*ticketName) { - // error - } else { - AnsiStrToUnicode(wbuf, sizeof(wbuf), ticketName); - SetDlgItemText(hwnd, IDC_CFG_CACHE, wbuf); - StringCbCopyA(d->tkt_string, sizeof(d->tkt_string), - ticketName); - } - - in_init = FALSE; - - } - break; - - case WM_COMMAND: - if (MAKEWPARAM(IDC_CFG_CACHE, EN_CHANGE)) { - char tkt_string[MAX_PATH]; - wchar_t wtkt_string[MAX_PATH]; - - if (in_init) { - return TRUE; - } - - d = (k4_config_dlg_data *) (LONG_PTR) - GetWindowLongPtr(hwnd, DWLP_USER); - - if (d == NULL) - return TRUE; - - tkt_string[0] = 0; - wtkt_string[0] = 0; - - GetDlgItemText(hwnd, IDC_CFG_CACHE, - wtkt_string, ARRAYLENGTH(wtkt_string)); - UnicodeStrToAnsi(tkt_string, sizeof(tkt_string), - wtkt_string); - - if (_stricmp(tkt_string, d->tkt_string)) { - khui_cfg_set_flags(d->node, - KHUI_CNFLAG_MODIFIED, - KHUI_CNFLAG_MODIFIED); - } else { - khui_cfg_set_flags(d->node, - 0, - KHUI_CNFLAG_MODIFIED); - } - - return TRUE; - } - break; - - case KHUI_WM_CFG_NOTIFY: - if (HIWORD(wParam) == WMCFG_APPLY) { - wchar_t wtkt_string[MAX_PATH]; - char tkt_string[MAX_PATH]; - int t; - - d = (k4_config_dlg_data *) (LONG_PTR) - GetWindowLongPtr(hwnd, DWLP_USER); - - if (d == NULL) - return TRUE; - - t = GetDlgItemText(hwnd, IDC_CFG_CACHE, - wtkt_string, ARRAYLENGTH(wtkt_string)); - if (t == 0) - return TRUE; - - UnicodeStrToAnsi(tkt_string, sizeof(tkt_string), wtkt_string); - - if (_stricmp(tkt_string, d->tkt_string)) { - - pkrb_set_tkt_string(tkt_string); - - khc_write_string(csp_params, L"TktString", wtkt_string); - - khui_cfg_set_flags(d->node, - KHUI_CNFLAG_APPLIED, - KHUI_CNFLAG_APPLIED | - KHUI_CNFLAG_MODIFIED); - khm_krb4_list_tickets(); - } else { - khui_cfg_set_flags(d->node, - 0, - KHUI_CNFLAG_MODIFIED); - } - - return TRUE; - } - break; - - case WM_DESTROY: - d = (k4_config_dlg_data *) (LONG_PTR) - GetWindowLongPtr(hwnd, DWLP_USER); - - if (d) { - PFREE(d); - SetWindowLongPtr(hwnd, DWLP_USER, (LONG_PTR) 0); - } - - break; - } - return FALSE; -} diff --git a/src/windows/identity/plugins/krb4/krb4funcs.c b/src/windows/identity/plugins/krb4/krb4funcs.c deleted file mode 100644 index 33a94996e..000000000 --- a/src/windows/identity/plugins/krb4/krb4funcs.c +++ /dev/null @@ -1,897 +0,0 @@ -/* -* Copyright (c) 2005 Massachusetts Institute of Technology -* -* Permission is hereby granted, free of charge, to any person -* obtaining a copy of this software and associated documentation -* files (the "Software"), to deal in the Software without -* restriction, including without limitation the rights to use, copy, -* modify, merge, publish, distribute, sublicense, and/or sell copies -* of the Software, and to permit persons to whom the Software is -* furnished to do so, subject to the following conditions: -* -* The above copyright notice and this permission notice shall be -* included in all copies or substantial portions of the Software. -* -* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -* SOFTWARE. -*/ - -/* $Id$ */ - -/* Originally this was krb5routines.c in Leash sources. Subsequently -modified and adapted for NetIDMgr */ - -#include<krbcred.h> -#include<kherror.h> - -#define SECURITY_WIN32 -#include <security.h> - -#include <string.h> -#include <time.h> -#include <assert.h> -#include <strsafe.h> - - - -int com_addr(void) -{ - long ipAddr; - char loc_addr[ADDR_SZ]; - CREDENTIALS cred; - char service[40]; - char instance[40]; - // char addr[40]; - char realm[40]; - struct in_addr LocAddr; - int k_errno; - - if (pkrb_get_cred == NULL) - return(KSUCCESS); - - k_errno = (*pkrb_get_cred)(service,instance,realm,&cred); - if (k_errno) - return KRBERR(k_errno); - - while(1) { - ipAddr = (*pLocalHostAddr)(); - LocAddr.s_addr = ipAddr; - StringCbCopyA(loc_addr, sizeof(loc_addr), inet_ntoa(LocAddr)); - if ( strcmp(cred.address,loc_addr) != 0) { - /* TODO: do something about this */ - //Leash_kdestroy (); - break; - } - break; - } // while() - return 0; -} - - -long -khm_krb4_list_tickets(void) -{ - char ptktname[MAX_PATH + 5]; - char pname[ANAME_SZ]; - char pinst[INST_SZ]; - char prealm[REALM_SZ]; - wchar_t wbuf[256]; - int k_errno = 0; - CREDENTIALS c; - int newtickets = 0; - int open = 0; - khm_handle ident = NULL; - khm_handle cred = NULL; - time_t tt; - FILETIME ft; - - kcdb_credset_flush(krb4_credset); - - // Since krb_get_tf_realm will return a ticket_file error, - // we will call tf_init and tf_close first to filter out - // things like no ticket file. Otherwise, the error that - // the user would see would be - // klist: can't find realm of ticket file: No ticket file (tf_util) - // instead of klist: No ticket file (tf_util) - if (ptf_init == NULL) - goto collect; - - com_addr(); - - // Open ticket file - if ((k_errno = (*ptf_init)((*ptkt_string)(), R_TKT_FIL))) - { - goto cleanup; - } - // Close ticket file - (void) (*ptf_close)(); - - // We must find the realm of the ticket file here before calling - // tf_init because since the realm of the ticket file is not - // really stored in the principal section of the file, the - // routine we use must itself call tf_init and tf_close. - - if ((k_errno = (*pkrb_get_tf_realm)((*ptkt_string)(), prealm)) != KSUCCESS) - { - goto cleanup; - } - - // Open ticket file - if (k_errno = (*ptf_init)((*ptkt_string)(), R_TKT_FIL)) - { - goto cleanup; - } - - StringCchCopyA(ptktname, ARRAYLENGTH(ptktname), (*ptkt_string)()); - - open = 1; - - // Get principal name and instance - if ((k_errno = (*ptf_get_pname)(pname)) || (k_errno = (*ptf_get_pinst)(pinst))) - { - goto cleanup; - } - - // You may think that this is the obvious place to get the - // realm of the ticket file, but it can't be done here as the - // routine to do this must open the ticket file. This is why - // it was done before tf_init. - StringCbPrintf(wbuf, sizeof(wbuf), L"%S%S%S%S%S", (LPSTR)pname, - (LPSTR)(pinst[0] ? "." : ""), (LPSTR)pinst, - (LPSTR)(prealm[0] ? "@" : ""), (LPSTR)prealm); - - if(KHM_FAILED(kcdb_identity_create(wbuf, KCDB_IDENT_FLAG_CREATE, &ident))) - { - goto cleanup; - } - - // Get KRB4 tickets - while ((k_errno = (*ptf_get_cred)(&c)) == KSUCCESS) - { - StringCbPrintf(wbuf, sizeof(wbuf), L"%S%S%S%S%S", - c.service, - (c.instance[0] ? "." : ""), - c.instance, - (c.realm[0] ? "@" : ""), - c.realm); - - if(KHM_FAILED(kcdb_cred_create(wbuf, ident, credtype_id_krb4, &cred))) - continue; - - tt = c.issue_date + c.lifetime * 5L * 60L; - TimetToFileTime(tt, &ft); - kcdb_cred_set_attr(cred, KCDB_ATTR_EXPIRE, &ft, sizeof(ft)); - - tt = c.issue_date; - TimetToFileTime(tt, &ft); - kcdb_cred_set_attr(cred, KCDB_ATTR_ISSUE, &ft, sizeof(ft)); - - tt = c.lifetime * 5L * 60L; - TimetToFileTimeInterval(tt, &ft); - kcdb_cred_set_attr(cred, KCDB_ATTR_LIFETIME, &ft, sizeof(ft)); - - AnsiStrToUnicode(wbuf, sizeof(wbuf), ptktname); - kcdb_cred_set_attr(cred, KCDB_ATTR_LOCATION, wbuf, KCDB_CBSIZE_AUTO); - - kcdb_credset_add_cred(krb4_credset, cred, -1); - - kcdb_cred_release(cred); - } // while - - cleanup: - if (ptf_close == NULL) - return(KSUCCESS); - - if (open) - (*ptf_close)(); //close ticket file - - if (k_errno == EOF) - k_errno = 0; - - // XXX the if statement directly below was inserted to eliminate - // an error NO_TKT_FIL on Leash startup. The error occurs from an - // error number thrown from krb_get_tf_realm. We believe this - // change does not eliminate other errors, but it may. - - if (k_errno == NO_TKT_FIL) - k_errno = 0; - - if(ident) - kcdb_identity_release(ident); - -#if 0 - /*TODO: Handle errors here */ - if (k_errno) - { - CHAR message[256]; - CHAR errBuf[256]; - LPCSTR errText; - - if (!Lerror_message) - return -1; - - errText = err_describe(errBuf, KRBERR(k_errno)); - - sprintf(message, "%s\n\n%s failed", errText, functionName); - MessageBox(NULL, message, "Kerberos Four", - MB_OK | MB_ICONERROR | MB_TASKMODAL | MB_SETFOREGROUND); - } -#endif - - collect: - kcdb_credset_collect(NULL, krb4_credset, ident, credtype_id_krb4, NULL); - - return k_errno; -} - -#define KRB_FILE "KRB.CON" -#define KRBREALM_FILE "KRBREALM.CON" -#define KRB5_FILE "KRB5.INI" - -BOOL -khm_krb5_get_profile_file(LPSTR confname, UINT szConfname) -{ - char **configFile = NULL; - if (pkrb5_get_default_config_files(&configFile)) - { - GetWindowsDirectoryA(confname,szConfname); - confname[szConfname-1] = '\0'; - - StringCchCatA(confname, szConfname, "\\"); - StringCchCatA(confname, szConfname, KRB5_FILE); - - return FALSE; - } - - *confname = 0; - - if (configFile) - { - StringCchCopyA(confname, szConfname, *configFile); - pkrb5_free_config_files(configFile); - } - - if (!*confname) - { - GetWindowsDirectoryA(confname,szConfname); - confname[szConfname-1] = '\0'; - - StringCchCatA(confname, szConfname, "\\"); - StringCchCatA(confname, szConfname, KRB5_FILE); - } - - return FALSE; -} - -BOOL -khm_get_krb4_con_file(LPSTR confname, UINT szConfname) -{ - if (hKrb5 && !hKrb4) { - // hold krb.con where krb5.ini is located - CHAR krbConFile[MAX_PATH]=""; - LPSTR pFind; - - if (khm_krb5_get_profile_file(krbConFile, sizeof(krbConFile))) { - GetWindowsDirectoryA(krbConFile,sizeof(krbConFile)); - krbConFile[MAX_PATH-1] = '\0'; - - StringCbCatA(krbConFile, sizeof(krbConFile), "\\"); - } - - pFind = strrchr(krbConFile, '\\'); - - if (pFind) { - *pFind = '\0'; - - StringCbCatA(krbConFile, sizeof(krbConFile), "\\"); - StringCbCatA(krbConFile, sizeof(krbConFile), KRB_FILE); - } else { - krbConFile[0] = '\0'; - } - - StringCchCopyA(confname, szConfname, krbConFile); - } else if (hKrb4) { - size_t size = szConfname; - memset(confname, '\0', szConfname); - if (!pkrb_get_krbconf2(confname, &size)) { - GetWindowsDirectoryA(confname,szConfname); - confname[szConfname-1] = '\0'; - StringCchCatA(confname, szConfname, "\\"); - StringCchCatA(confname, szConfname, KRB_FILE); - } - } - - return FALSE; -} - -int -readstring(FILE * file, char * buf, int len) -{ - int c,i; - memset(buf, '\0', sizeof(buf)); - for (i=0, c=fgetc(file); c != EOF ; c=fgetc(file), i++) - { - if (i < sizeof(buf)) { - if (c == '\n') { - buf[i] = '\0'; - return i; - } else { - buf[i] = (char)c; - } - } else { - if (c == '\n') { - buf[len-1] = '\0'; - return(i); - } - } - } - if (c == EOF) { - if (i > 0 && i < len) { - buf[i] = '\0'; - return(i); - } else { - buf[len-1] = '\0'; - return(-1); - } - } - return(-1); -} - -/*! \internal - \brief Return a list of configured realms - - The string that is returned is a set of null terminated unicode strings, - each of which denotes one realm. The set is terminated by a zero length - null terminated string. - - The caller should free the returned string using free() - - \return The string with the list of realms or NULL if the operation fails. -*/ -wchar_t * khm_krb5_get_realm_list(void) -{ - wchar_t * rlist = NULL; - - if (pprofile_get_subsection_names && pprofile_free_list) { - const char* rootSection[] = {"realms", NULL}; - const char** rootsec = rootSection; - char **sections = NULL, **cpp = NULL, *value = NULL; - - char krb5_conf[MAX_PATH+1]; - - if (!khm_krb5_get_profile_file(krb5_conf,sizeof(krb5_conf))) { - profile_t profile; - long retval; - const char *filenames[2]; - wchar_t * d; - size_t cbsize; - size_t t; - - filenames[0] = krb5_conf; - filenames[1] = NULL; - retval = pprofile_init(filenames, &profile); - if (!retval) { - retval = pprofile_get_subsection_names(profile, rootsec, §ions); - - if (!retval) - { - /* first figure out how much space to allocate */ - cbsize = 0; - for (cpp = sections; *cpp; cpp++) - { - cbsize += sizeof(wchar_t) * (strlen(*cpp) + 1); - } - cbsize += sizeof(wchar_t); /* double null terminated */ - - rlist = PMALLOC(cbsize); - d = rlist; - for (cpp = sections; *cpp; cpp++) - { - AnsiStrToUnicode(d, cbsize, *cpp); - t = wcslen(d) + 1; - d += t; - cbsize -= sizeof(wchar_t) * t; - } - *d = L'\0'; - } - - pprofile_free_list(sections); - -#if 0 - retval = pprofile_get_string(profile, "libdefaults","noaddresses", 0, "true", &value); - if ( value ) { - disable_noaddresses = config_boolean_to_int(value); - pprofile_release_string(value); - } -#endif - pprofile_release(profile); - } - } - } else { - FILE * file; - char krb_conf[MAX_PATH+1]; - char * p; - size_t cbsize, t; - wchar_t * d; - - if (!khm_get_krb4_con_file(krb_conf,sizeof(krb_conf)) && -#if _MSC_VER >= 1400 - !fopen_s(&file, krb_conf, "rt") -#else - (file = fopen(krb_conf, "rt")) -#endif - ) - { - char lineBuf[256]; - - /*TODO: compute the actual required buffer size instead of hardcoding */ - cbsize = 16384; // arbitrary - rlist = PMALLOC(cbsize); - d = rlist; - - // Skip the default realm - readstring(file,lineBuf,sizeof(lineBuf)); - - // Read the defined realms - while (TRUE) - { - if (readstring(file,lineBuf,sizeof(lineBuf)) < 0) - break; - - if (*(lineBuf + strlen(lineBuf) - 1) == '\r') - *(lineBuf + strlen(lineBuf) - 1) = 0; - - for (p=lineBuf; *p ; p++) - { - if (isspace(*p)) { - *p = 0; - break; - } - } - - if ( strncmp(".KERBEROS.OPTION.",lineBuf,17) ) { - t = strlen(lineBuf) + 1; - if(cbsize > (1 + t*sizeof(wchar_t))) { - AnsiStrToUnicode(d, cbsize, lineBuf); - d += t; - cbsize -= t * sizeof(wchar_t); - } else - break; - } - } - - *d = L'\0'; - - fclose(file); - } - } - - return rlist; -} - -/*! \internal - \brief Get the default realm - - A string will be returned that specifies the default realm. The caller - should free the string using free(). - - Returns NULL if the operation fails. -*/ -wchar_t * khm_krb5_get_default_realm(void) -{ - wchar_t * realm; - size_t cch; - krb5_context ctx=0; - char * def = 0; - - pkrb5_init_context(&ctx); - pkrb5_get_default_realm(ctx,&def); - - if (def) { - cch = strlen(def) + 1; - realm = PMALLOC(sizeof(wchar_t) * cch); - AnsiStrToUnicode(realm, sizeof(wchar_t) * cch, def); - pkrb5_free_default_realm(ctx, def); - } else - realm = NULL; - - pkrb5_free_context(ctx); - - return realm; -} - -static -char * -make_postfix(const char * base, - const char * postfix, - char ** rcopy) -{ - size_t base_size; - size_t ret_size; - char * copy = 0; - char * ret = 0; - size_t t; - - if (FAILED(StringCbLengthA(base, STRSAFE_MAX_CCH * sizeof(char), &t))) - goto cleanup; - - base_size = t + 1; - - if (FAILED(StringCbLengthA(postfix, STRSAFE_MAX_CCH * sizeof(char), &t))) - goto cleanup; - - ret_size = base_size + t + 1; - - copy = malloc(base_size); - ret = malloc(ret_size); - - if (!copy || !ret) - goto cleanup; - - StringCbCopyNA(copy, base_size, base, base_size); - StringCbCopyNA(ret, ret_size, base, base_size); - StringCbCopyNA(ret + (base_size - 1), ret_size - (base_size - 1), - postfix, ret_size - (base_size - 1)); - - cleanup: - if (!copy || !ret) { - if (copy) - free(copy); - if (ret) - free(ret); - copy = ret = 0; - } - // INVARIANT: (ret ==> copy) && (copy ==> ret) - *rcopy = copy; - return ret; -} - -void -khm_krb4_set_def_tkt_string(void) { - wchar_t wtkt_string[MAX_PATH]; - char tkt_string[MAX_PATH]; - khm_size cb; - - cb = sizeof(wtkt_string); - - if (KHM_FAILED(khc_read_string(csp_params, L"TktString", - wtkt_string, &cb)) || - wtkt_string[0] == L'\0') { - - pkrb_set_tkt_string(0); - - } else { - - UnicodeStrToAnsi(tkt_string, sizeof(tkt_string), - wtkt_string); - pkrb_set_tkt_string(tkt_string); - } -} - - -static -long -make_temp_cache_v4(const char * postfix) -{ - static char * old_cache = 0; - - if (!pkrb_set_tkt_string || !ptkt_string || !pdest_tkt) - return 0; // XXX - is this appropriate? - - if (old_cache) { - pdest_tkt(); - pkrb_set_tkt_string(old_cache); - free(old_cache); - old_cache = 0; - } - - if (postfix) - { - char * tmp_cache = make_postfix(ptkt_string(), postfix, &old_cache); - - if (!tmp_cache) - return KFAILURE; - - pkrb_set_tkt_string(tmp_cache); - free(tmp_cache); - } - return 0; -} - -long -khm_krb4_changepwd(char * principal, - char * password, - char * newpassword, - char** error_str) -{ - long k_errno; - - if (!pkrb_set_tkt_string || !ptkt_string || !pkadm_change_your_password || - !pdest_tkt) - return KFAILURE; - - k_errno = make_temp_cache_v4("_chgpwd"); - if (k_errno) return k_errno; - k_errno = pkadm_change_your_password(principal, password, newpassword, - error_str); - make_temp_cache_v4(0); - return k_errno; -} - -struct tgt_filter_data { - khm_handle identity; - wchar_t realm[KCDB_IDENT_MAXCCH_NAME]; -}; - -khm_int32 KHMAPI -krb4_tgt_filter(khm_handle cred, khm_int32 flags, void * rock) { - struct tgt_filter_data * pdata; - wchar_t credname[KCDB_MAXCCH_NAME]; - wchar_t * t; - khm_size cb; - khm_int32 ctype; - - pdata = (struct tgt_filter_data *) rock; - cb = sizeof(credname); - - if (KHM_FAILED(kcdb_cred_get_type(cred, &ctype)) || - ctype != credtype_id_krb4) - return 0; - - if (KHM_FAILED(kcdb_cred_get_name(cred, credname, &cb))) - return 0; - - if (wcsncmp(credname, L"krbtgt.", 7)) - return 0; - - t = wcsrchr(credname, L'@'); - if (t == NULL) - return 0; - - if (wcscmp(t+1, pdata->realm)) - return 0; - - return 1; -} - -khm_handle -khm_krb4_find_tgt(khm_handle credset, khm_handle identity) { - khm_handle result = NULL; - wchar_t idname[KCDB_IDENT_MAXCCH_NAME]; - wchar_t * t; - khm_size cb; - struct tgt_filter_data filter_data; - - cb = sizeof(idname); - - if (KHM_FAILED(kcdb_identity_get_name(identity, - idname, - &cb))) - return NULL; - - t = wcsrchr(idname, L'@'); - if (t == NULL) - return NULL; - - StringCbCopy(filter_data.realm, sizeof(filter_data.realm), - t + 1); - filter_data.identity = identity; - - if (KHM_FAILED(kcdb_credset_find_filtered(credset, - -1, - krb4_tgt_filter, - &filter_data, - &result, - NULL))) - return NULL; - else - return result; -} - -long -khm_convert524(khm_handle identity) -{ -#ifdef NO_KRB5 - return(0); -#else - krb5_context ctx = 0; - krb5_error_code code = 0; - int icode = 0; - krb5_principal me = 0; - krb5_principal server = 0; - krb5_creds *v5creds = 0; - krb5_creds increds; - krb5_ccache cc = 0; - CREDENTIALS * v4creds = NULL; - static int init_ets = 1; - - if (!pkrb5_init_context || - !pkrb_in_tkt || - !pkrb524_init_ets || - !pkrb524_convert_creds_kdc) - return 0; - - v4creds = (CREDENTIALS *) malloc(sizeof(CREDENTIALS)); - memset((char *) v4creds, 0, sizeof(CREDENTIALS)); - - memset((char *) &increds, 0, sizeof(increds)); - /* - From this point on, we can goto cleanup because increds is - initialized. - */ - - code = khm_krb5_initialize(identity, &ctx, &cc); - if (code) - goto cleanup; - - if ( init_ets ) { - pkrb524_init_ets(ctx); - init_ets = 0; - } - - if (code = pkrb5_cc_get_principal(ctx, cc, &me)) - goto cleanup; - - if ((code = pkrb5_build_principal(ctx, - &server, - krb5_princ_realm(ctx, me)->length, - krb5_princ_realm(ctx, me)->data, - "krbtgt", - krb5_princ_realm(ctx, me)->data, - NULL))) { - goto cleanup; - } - - increds.client = me; - increds.server = server; - increds.times.endtime = 0; - increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC; - if ((code = pkrb5_get_credentials(ctx, 0, - cc, - &increds, - &v5creds))) { - goto cleanup; - } - - if ((icode = pkrb524_convert_creds_kdc(ctx, - v5creds, - v4creds))) { - goto cleanup; - } - - /* initialize ticket cache */ - if ((icode = pkrb_in_tkt(v4creds->pname, v4creds->pinst, v4creds->realm) - != KSUCCESS)) { - goto cleanup; - } - - /* stash ticket, session key, etc. for future use */ - if ((icode = pkrb_save_credentials(v4creds->service, - v4creds->instance, - v4creds->realm, - v4creds->session, - v4creds->lifetime, - v4creds->kvno, - &(v4creds->ticket_st), - v4creds->issue_date))) { - goto cleanup; - } - - cleanup: - memset(v4creds, 0, sizeof(v4creds)); - free(v4creds); - - if (v5creds) { - pkrb5_free_creds(ctx, v5creds); - } - if (increds.client == me) - me = 0; - if (increds.server == server) - server = 0; - - if (ctx) - pkrb5_free_cred_contents(ctx, &increds); - - if (server) { - pkrb5_free_principal(ctx, server); - } - - if (me) { - pkrb5_free_principal(ctx, me); - } - - if (ctx && cc) - pkrb5_cc_close(ctx, cc); - - if (ctx) { - pkrb5_free_context(ctx); - } - - return (code || icode); -#endif /* NO_KRB5 */ -} - -long -khm_krb4_kinit(char * aname, - char * inst, - char * realm, - long lifetime, - char * password) { - - wchar_t * functionName = NULL; - wchar_t * err_context = NULL; - int rc4 = 0; - int msg = 0; - - if (pkname_parse == NULL) { - goto cleanup; - } - - err_context = L"getting realm"; - if (!*realm && (rc4 = (int)(*pkrb_get_lrealm)(realm, 1))) { - functionName = L"krb_get_lrealm()"; - msg = IDS_ERR_REALM; - goto cleanup; - } - - err_context = L"checking principal"; - if ((!*aname) || (!(rc4 = (int)(*pk_isname)(aname)))) { - functionName = L"krb_get_lrealm()"; - msg = IDS_ERR_PRINCIPAL; - goto cleanup; - } - - /* optional instance */ - if (!(rc4 = (int)(*pk_isinst)(inst))) { - functionName = L"k_isinst()"; - msg = IDS_ERR_INVINST; - goto cleanup; - } - - if (!(rc4 = (int)(*pk_isrealm)(realm))) { - functionName = L"k_isrealm()"; - msg = IDS_ERR_REALM; - goto cleanup; - } - - khm_krb4_set_def_tkt_string(); - - err_context = L"fetching ticket"; - rc4 = (*pkrb_get_pw_in_tkt)(aname, inst, realm, "krbtgt", realm, - lifetime, password); - - if (rc4) /* XXX: do we want: && (rc != NO_TKT_FIL) as well? */ { - functionName = L"krb_get_pw_in_tkt()"; - msg = IDS_ERR_PWINTKT; - goto cleanup; - } - - return 0; - - cleanup: - { - _report_sr0(KHERR_ERROR, msg); - _location(functionName); - } - return rc4; -} - - -int khm_krb4_kdestroy(void) { - int k_errno = 0; - - if (pdest_tkt != NULL) - { - k_errno = (*pdest_tkt)(); - if (k_errno && (k_errno != RET_TKFIL)) - return KRBERR(k_errno); - } - - return k_errno; -} diff --git a/src/windows/identity/plugins/krb4/krb4funcs.h b/src/windows/identity/plugins/krb4/krb4funcs.h deleted file mode 100644 index 1328b4136..000000000 --- a/src/windows/identity/plugins/krb4/krb4funcs.h +++ /dev/null @@ -1,132 +0,0 @@ -/* - * Copyright (c) 2005 Massachusetts Institute of Technology - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -/* $Id$ */ - -/* Adapted from multiple Leash header files */ - -#ifndef __KHIMAIRA_KRB5FUNCS_H -#define __KHIMAIRA_KRB5FUNCS_H - -#include<stdlib.h> -#include<krb5.h> - -#include <windows.h> -#define SECURITY_WIN32 -#include <security.h> - -#if _WIN32_WINNT < 0x0501 -#define KHM_SAVE_WIN32_WINNT _WIN32_WINNT -#undef _WIN32_WINNT -#define _WIN32_WINNT 0x0501 -#endif -#include<ntsecapi.h> -#ifdef KHM_SAVE_WIN32_WINNT -#undef _WIN32_WINNT -#define _WIN32_WINNT KHM_SAVE_WIN32_WINNT -#undef KHM_SAVE_WIN32_WINNT -#endif - -#include <krb5common.h> - -#define LEASH_DEBUG_CLASS_GENERIC 0 -#define LEASH_DEBUG_CLASS_KRB4 1 -#define LEASH_DEBUG_CLASS_KRB4_APP 2 - -#define LEASH_PRIORITY_LOW 0 -#define LEASH_PRIORITY_HIGH 1 - -#define KRB5_DEFAULT_LIFE 60*60*10 /* 10 hours */ - - -long -khm_convert524(khm_handle identity); - -long -khm_krb4_kinit(char * aname, - char * inst, - char * realm, - long lifetime, - char * password); - -long -khm_krb4_list_tickets(void); - -int khm_krb4_kdestroy(void); - -khm_handle -khm_krb4_find_tgt(khm_handle credset, - khm_handle identity); - -LONG -write_registry_setting( - char* setting, - DWORD type, - void* buffer, - size_t size - ); - -LONG -read_registry_setting_user( - char* setting, - void* buffer, - size_t size - ); - -LONG -read_registry_setting( - char* setting, - void* buffer, - size_t size - ); - -BOOL -get_STRING_from_registry( - HKEY hBaseKey, - char * key, - char * value, - char * outbuf, - DWORD outlen - ); - -BOOL -get_DWORD_from_registry( - HKEY hBaseKey, - char * key, - char * value, - DWORD * result - ); - -int -config_boolean_to_int( - const char *s - ); - -void -khm_krb4_set_def_tkt_string(void); - -wchar_t * khm_krb5_get_default_realm(void); -wchar_t * khm_krb5_get_realm_list(void); - -#endif diff --git a/src/windows/identity/plugins/krb4/krb4main.c b/src/windows/identity/plugins/krb4/krb4main.c deleted file mode 100644 index 6b1c395b2..000000000 --- a/src/windows/identity/plugins/krb4/krb4main.c +++ /dev/null @@ -1,157 +0,0 @@ -/* - * Copyright (c) 2005 Massachusetts Institute of Technology - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -/* $Id$ */ - -#include<krbcred.h> -#include<kherror.h> - -kmm_module h_khModule; /* KMM's handle to this module */ -HINSTANCE hInstance; -HMODULE hResModule; /* HMODULE to the resource library */ - -khm_int32 type_id_enctype = -1; -khm_int32 type_id_addr_list = -1; -khm_int32 type_id_krb5_flags = -1; - -khm_int32 attr_id_key_enctype = -1; -khm_int32 attr_id_tkt_enctype = -1; -khm_int32 attr_id_addr_list = -1; -khm_int32 attr_id_krb5_flags = -1; - -khm_handle csp_plugins = NULL; -khm_handle csp_krbcred = NULL; -khm_handle csp_params = NULL; - -kmm_module_locale locales[] = { - LOCALE_DEF(MAKELANGID(LANG_ENGLISH,SUBLANG_ENGLISH_US), L"krb4cred_en_us.dll", KMM_MLOC_FLAG_DEFAULT) -}; - -int n_locales = ARRAYLENGTH(locales); - -/* These two probably should not do anything */ -void init_krb() { -} - -void exit_krb() { -} - -/* called by the NetIDMgr module manager */ -KHMEXP_EXP khm_int32 KHMAPI init_module(kmm_module h_module) { - khm_int32 rv = KHM_ERROR_SUCCESS; - kmm_plugin_reg pi; - wchar_t buf[256]; - - h_khModule = h_module; - - rv = kmm_set_locale_info(h_module, locales, n_locales); - if(KHM_SUCCEEDED(rv)) { - hResModule = kmm_get_resource_hmodule(h_module); - } else - goto _exit; - - ZeroMemory(&pi, sizeof(pi)); - pi.name = KRB4_PLUGIN_NAME; - pi.type = KHM_PITYPE_CRED; - pi.icon = LoadImage(hResModule, MAKEINTRESOURCE(IDI_PLUGIN), - IMAGE_ICON, 0, 0, LR_DEFAULTCOLOR | LR_DEFAULTSIZE); - pi.flags = 0; - pi.msg_proc = krb4_cb; - pi.dependencies = KRB4_PLUGIN_DEPS; - pi.description = buf; - LoadString(hResModule, IDS_PLUGIN_DESC, - buf, ARRAYLENGTH(buf)); - kmm_provide_plugin(h_module, &pi); - - if(KHM_FAILED(rv = init_imports())) - goto _exit; - - if(KHM_FAILED(rv = init_error_funcs())) - goto _exit; - - rv = kmm_get_plugins_config(0, &csp_plugins); - if(KHM_FAILED(rv)) goto _exit; - - rv = khc_load_schema(csp_plugins, schema_krbconfig); - if(KHM_FAILED(rv)) goto _exit; - - rv = khc_open_space(csp_plugins, CSNAME_KRB4CRED, 0, &csp_krbcred); - if(KHM_FAILED(rv)) goto _exit; - - rv = khc_open_space(csp_krbcred, CSNAME_PARAMS, 0, &csp_params); - if(KHM_FAILED(rv)) goto _exit; - - _exit: - return rv; -} - -/* called by the NetIDMgr module manager */ -KHMEXP_EXP khm_int32 KHMAPI exit_module(kmm_module h_module) { - exit_imports(); - exit_error_funcs(); - - if(csp_params) { - khc_close_space(csp_params); - csp_params = NULL; - } - - if(csp_krbcred) { - khc_close_space(csp_krbcred); - csp_krbcred = NULL; - } - - if(csp_plugins) { - khc_unload_schema(csp_plugins, schema_krbconfig); - khc_close_space(csp_plugins); - csp_plugins = NULL; - } - - return KHM_ERROR_SUCCESS; /* the return code is ignored */ -} - -BOOL WINAPI DllMain( - HINSTANCE hinstDLL, - DWORD fdwReason, - LPVOID lpvReserved -) -{ - switch(fdwReason) { - case DLL_PROCESS_ATTACH: - hInstance = hinstDLL; - init_krb(); - break; - - case DLL_PROCESS_DETACH: - exit_krb(); - break; - - case DLL_THREAD_ATTACH: - break; - - case DLL_THREAD_DETACH: - break; - } - - return TRUE; -} diff --git a/src/windows/identity/plugins/krb4/krb4newcreds.c b/src/windows/identity/plugins/krb4/krb4newcreds.c deleted file mode 100644 index bcc3bc745..000000000 --- a/src/windows/identity/plugins/krb4/krb4newcreds.c +++ /dev/null @@ -1,884 +0,0 @@ -/* - * Copyright (c) 2005 Massachusetts Institute of Technology - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -/* $Id$ */ - -#include<krbcred.h> -#include<kherror.h> -#include<khmsgtypes.h> -#include<khuidefs.h> -#include<utils.h> -#include<commctrl.h> -#include<strsafe.h> -#include<krb5.h> -#include<assert.h> - -/* method identifiers should be contiguous */ -#define K4_METHOD_AUTO 0 -#define K4_METHOD_PASSWORD 1 -#define K4_METHOD_K524 2 - -int method_to_id[] = { - IDC_NCK4_AUTO, - IDC_NCK4_PWD, - IDC_NCK4_K524 -}; - -typedef struct tag_k4_dlg_data { - HWND hwnd; - khui_new_creds * nc; - khui_new_creds_by_type * nct; - - khm_boolean k4_enabled; - khm_int32 method; - time_t lifetime; -} k4_dlg_data; - -void k4_update_display(k4_dlg_data * d, BOOL update_methods) { - CheckDlgButton(d->hwnd, IDC_NCK4_OBTAIN, - (d->k4_enabled)?BST_CHECKED: BST_UNCHECKED); - - if (d->k4_enabled) { - EnableWindow(GetDlgItem(d->hwnd, IDC_NCK4_AUTO), TRUE); - EnableWindow(GetDlgItem(d->hwnd, IDC_NCK4_K524), TRUE); - EnableWindow(GetDlgItem(d->hwnd, IDC_NCK4_PWD ), TRUE); - } else { - EnableWindow(GetDlgItem(d->hwnd, IDC_NCK4_AUTO), FALSE); - EnableWindow(GetDlgItem(d->hwnd, IDC_NCK4_K524), FALSE); - EnableWindow(GetDlgItem(d->hwnd, IDC_NCK4_PWD ), FALSE); - } - -#ifdef DEBUG - assert(d->method >= 0 && d->method < ARRAYLENGTH(method_to_id)); -#endif - - CheckRadioButton(d->hwnd, IDC_NCK4_AUTO, IDC_NCK4_PWD, method_to_id[d->method]); - - khui_cw_enable_type(d->nc, credtype_id_krb4, d->k4_enabled); -} - -void k4_update_data(k4_dlg_data * d) { - int i; - khm_boolean oldstate; - - oldstate = d->k4_enabled; - - if (IsDlgButtonChecked(d->hwnd, IDC_NCK4_OBTAIN) == BST_CHECKED) - d->k4_enabled = TRUE; - else - d->k4_enabled = FALSE; - - if ((oldstate && !d->k4_enabled) || - (!oldstate && d->k4_enabled)) { - - khui_cw_enable_type(d->nc, credtype_id_krb4, d->k4_enabled); - } - - d->method = K4_METHOD_AUTO; - - for (i=K4_METHOD_AUTO; i<=K4_METHOD_K524; i++) { - if (IsDlgButtonChecked(d->hwnd, method_to_id[i]) == BST_CHECKED) { - d->method = i; - break; - } - } -} - -khm_boolean k4_should_identity_get_k4(khm_handle ident) { - khm_int32 idflags = 0; - khm_int32 t = TRUE; - khm_handle csp_ident = NULL; - khm_handle csp_k4 = NULL; - khm_boolean get_k4 = TRUE; - khm_boolean id_spec = FALSE; - - if (KHM_FAILED(kcdb_identity_get_flags(ident, &idflags))) - return FALSE; - - if (!(idflags & KCDB_IDENT_FLAG_DEFAULT)) { - /* we only support k4 for one identity, and that is the - default identity. If we are trying to get tickets for a - non-default identity, then we start off as disabled unless - there is no default identity. */ - - khm_handle defident = NULL; - - if (KHM_SUCCEEDED(kcdb_identity_get_default(&defident))) { - kcdb_identity_release(defident); - - return FALSE; - } - } - - if (KHM_SUCCEEDED(kcdb_identity_get_config(ident, 0, &csp_ident))) { - if (KHM_SUCCEEDED(khc_open_space(csp_ident, CSNAME_KRB4CRED, 0, - &csp_k4))) { - khm_int32 t = 0; - - if (KHM_SUCCEEDED(khc_read_int32(csp_k4, L"Krb4NewCreds", &t))) { - get_k4 = !!t; - id_spec = TRUE; - } - - khc_close_space(csp_k4); - } - khc_close_space(csp_ident); - } - - /* if there was a value specified for the identity, then that - takes precedence. */ - if (id_spec || !get_k4) - return get_k4; - - if (KHM_SUCCEEDED(khc_read_int32(csp_params, L"Krb4NewCreds", &t)) && - !t) - return FALSE; - - return TRUE; -} - -void k4_read_identity_data(k4_dlg_data * d) { - khm_handle csp_ident = NULL; - khm_handle csp_k4 = NULL; - - khm_int32 idflags = 0; - khm_int32 t; - - if (KHM_SUCCEEDED(khc_read_int32(csp_params, L"Krb4NewCreds", &t))) - d->k4_enabled = !!t; - else - d->k4_enabled = TRUE; - - if (KHM_SUCCEEDED(khc_read_int32(csp_params, L"Krb4Method", &t))) - d->method = t; - else - d->method = K4_METHOD_AUTO; - - if (KHM_SUCCEEDED(khc_read_int32(csp_params, L"DefaultLifetime", &t))) - d->lifetime = t; - else - d->lifetime = 10 * 60 * 60; /* 10 hours */ - - if (d->nc->n_identities > 0 && - d->nc->identities[0]) { - - if (KHM_SUCCEEDED(kcdb_identity_get_config(d->nc->identities[0], - 0, - &csp_ident))) { - - khc_open_space(csp_ident, CSNAME_KRB4CRED, 0, &csp_k4); - - if (csp_k4) { - if (KHM_SUCCEEDED(khc_read_int32(csp_k4, L"Krb4NewCreds", &t))) - d->k4_enabled = !!t; - if (KHM_SUCCEEDED(khc_read_int32(csp_k4, L"Krb4Method", &t))) - d->method = t; - khc_close_space(csp_k4); - } - - khc_close_space(csp_ident); - } - - if (d->k4_enabled) { - d->k4_enabled = k4_should_identity_get_k4(d->nc->identities[0]); - } - } else { - d->k4_enabled = FALSE; - } - - if (d->method < 0 || d->method > K4_METHOD_K524) - d->method = K4_METHOD_AUTO; -} - -void k4_write_identity_data(k4_dlg_data * d) { - khm_handle csp_ident = NULL; - khm_handle csp_k4 = NULL; - - if (d->nc->n_identities > 0 && - d->nc->identities[0] && - KHM_SUCCEEDED(kcdb_identity_get_config(d->nc->identities[0], - KHM_FLAG_CREATE, - &csp_ident))) { - khc_open_space(csp_ident, CSNAME_KRB4CRED, - KHM_FLAG_CREATE | KCONF_FLAG_WRITEIFMOD, - &csp_k4); - - if (csp_k4) { - khc_write_int32(csp_k4, L"Krb4NewCreds", !!d->k4_enabled); - khc_write_int32(csp_k4, L"Krb4Method", d->method); - - khc_close_space(csp_k4); - } - - khc_close_space(csp_ident); - } -} - -void k4_handle_wmnc_notify(k4_dlg_data * d, - WPARAM wParam, - LPARAM lParam) { - switch(HIWORD(wParam)) { - case WMNC_UPDATE_CREDTEXT: - { - if (d->nct->credtext) { - PFREE(d->nct->credtext); - d->nct->credtext = NULL; - } - - if (d->nc->n_identities > 0 && - d->nc->identities[0]) { - - khm_int32 flags = 0; - wchar_t idname[KCDB_IDENT_MAXCCH_NAME]; - wchar_t * atsign; - wchar_t * realm; - khm_size cb; - - kcdb_identity_get_flags(d->nc->identities[0], &flags); - - if (!(flags & KCDB_IDENT_FLAG_VALID)) { - break; - } - - cb = sizeof(idname); - kcdb_identity_get_name(d->nc->identities[0], idname, - &cb); - - atsign = wcsrchr(idname, L'@'); - - if (atsign == NULL || !atsign[1]) - break; - - realm = ++atsign; - - if (d->k4_enabled) { - wchar_t wmethod[128]; - wchar_t wfmt[128]; - wchar_t wct[512]; - - LoadString(hResModule, IDS_CT_TGTFOR, - wfmt, ARRAYLENGTH(wfmt)); - - if (d->method == K4_METHOD_AUTO) - LoadString(hResModule, IDS_METHOD_AUTO, wmethod, - ARRAYLENGTH(wmethod)); - else if (d->method == K4_METHOD_PASSWORD) - LoadString(hResModule, IDS_METHOD_PWD, wmethod, - ARRAYLENGTH(wmethod)); - else if (d->method == K4_METHOD_K524) - LoadString(hResModule, IDS_METHOD_K524, wmethod, - ARRAYLENGTH(wmethod)); - else { - assert(FALSE); - } - - StringCbPrintf(wct, sizeof(wct), wfmt, realm, wmethod); - - StringCbLength(wct, sizeof(wct), &cb); - cb += sizeof(wchar_t); - - d->nct->credtext = PMALLOC(cb); - - StringCbCopy(d->nct->credtext, cb, wct); - } else { - wchar_t wct[256]; - - LoadString(hResModule, IDS_CT_DISABLED, - wct, ARRAYLENGTH(wct)); - - StringCbLength(wct, sizeof(wct), &cb); - cb += sizeof(wchar_t); - - d->nct->credtext = PMALLOC(cb); - - StringCbCopy(d->nct->credtext, cb, wct); - } - } - /* no identities were selected. it is not the - responsibility of krb4 to complain about this. */ - } - break; - - case WMNC_IDENTITY_CHANGE: - k4_read_identity_data(d); - k4_update_display(d, TRUE); - break; - - case WMNC_CREDTEXT_LINK: - { - wchar_t wid[KHUI_MAXCCH_HTLINK_FIELD]; - wchar_t * wids; - khui_htwnd_link * l; - - l = (khui_htwnd_link *) lParam; - - StringCchCopyN(wid, ARRAYLENGTH(wid), l->id, l->id_len); - wids = wcschr(wid, L':'); - - if (!wids) - break; - else - wids++; - - if (!wcscmp(wids, L"Enable")) { - d->k4_enabled = TRUE; - - k4_update_display(d, TRUE); - khui_cw_enable_type(d->nc, credtype_id_krb4, TRUE); - } - } - break; - } -} - -INT_PTR CALLBACK k4_nc_dlg_proc(HWND hwnd, - UINT uMsg, - WPARAM wParam, - LPARAM lParam) { - - k4_dlg_data * d; - - switch(uMsg) { - case WM_INITDIALOG: - { - d = PMALLOC(sizeof(*d)); - ZeroMemory(d, sizeof(*d)); - - d->nc = (khui_new_creds *) lParam; - khui_cw_find_type(d->nc, credtype_id_krb4, &d->nct); - -#pragma warning(push) -#pragma warning(disable: 4244) - SetWindowLongPtr(hwnd, DWLP_USER, (LPARAM) d); -#pragma warning(pop) - - d->nct->aux = (LPARAM) d; - d->hwnd = hwnd; - - d->k4_enabled = TRUE; - d->method = K4_METHOD_AUTO; - - k4_update_display(d, TRUE); - } - break; - - case WM_COMMAND: - { - if (HIWORD(wParam) == BN_CLICKED) { - d = (k4_dlg_data *) (LONG_PTR) - GetWindowLongPtr(hwnd, DWLP_USER); - - if (d == NULL) - break; - - k4_update_data(d); - - if (LOWORD(wParam) == IDC_NCK4_OBTAIN) { - k4_update_display(d, TRUE); - } - - return TRUE; - } - } - break; - - case KHUI_WM_NC_NOTIFY: - { - d = (k4_dlg_data *) (LONG_PTR) - GetWindowLongPtr(hwnd, DWLP_USER); - - if (d == NULL) - break; - - k4_handle_wmnc_notify(d, wParam, lParam); - } - break; - - case WM_DESTROY: - { - d = (k4_dlg_data *) (LONG_PTR) - GetWindowLongPtr(hwnd, DWLP_USER); - - if (d == NULL) - break; - - d->nct->aux = 0; - - PFREE(d); - SetWindowLongPtr(hwnd, DWLP_USER, 0); - } - break; - } - - return FALSE; -} - -khm_int32 -krb4_msg_newcred(khm_int32 msg_type, khm_int32 msg_subtype, - khm_ui_4 uparam, void * vparam) { - - switch(msg_subtype) { - case KMSG_CRED_NEW_CREDS: - { - khui_new_creds * nc; - khui_new_creds_by_type * nct; - khm_size cbsize; - wchar_t wbuf[256]; - - nc = (khui_new_creds *) vparam; - - nct = PMALLOC(sizeof(*nct)); -#ifdef DEBUG - assert(nct); -#endif - ZeroMemory(nct, sizeof(*nct)); - - nct->type = credtype_id_krb4; - nct->ordinal = 3; - LoadString(hResModule, IDS_NC_K4_SHORT, - wbuf, ARRAYLENGTH(wbuf)); - StringCbLength(wbuf, sizeof(wbuf), &cbsize); - cbsize += sizeof(wchar_t); - - nct->name = PMALLOC(cbsize); - StringCbCopy(nct->name, cbsize, wbuf); - - nct->type_deps[nct->n_type_deps++] = credtype_id_krb5; - - nct->h_module = hResModule; - nct->dlg_proc = k4_nc_dlg_proc; - nct->dlg_template = MAKEINTRESOURCE(IDD_NC_KRB4); - - khui_cw_add_type(nc, nct); - } - break; - - case KMSG_CRED_RENEW_CREDS: - { - khui_new_creds * nc; - khui_new_creds_by_type * nct; - khm_size cbsize; - wchar_t wbuf[256]; - - nc = (khui_new_creds *) vparam; - - if (!nc->ctx.identity) - break; - - nct = PMALLOC(sizeof(*nct)); -#ifdef DEBUG - assert(nct); -#endif - - ZeroMemory(nct, sizeof(*nct)); - - nct->type = credtype_id_krb4; - nct->ordinal = 3; - LoadString(hResModule, IDS_NC_K4_SHORT, - wbuf, ARRAYLENGTH(wbuf)); - StringCbLength(wbuf, sizeof(wbuf), &cbsize); - cbsize += sizeof(wchar_t); - - nct->name = PMALLOC(cbsize); - StringCbCopy(nct->name, cbsize, wbuf); - - nct->type_deps[nct->n_type_deps++] = credtype_id_krb5; - - khui_cw_add_type(nc, nct); - } - break; - - case KMSG_CRED_DIALOG_SETUP: - break; - - case KMSG_CRED_PROCESS: - { - khui_new_creds * nc; - khui_new_creds_by_type * nct = NULL; - khm_handle ident = NULL; - k4_dlg_data * d = NULL; - long code = 0; - wchar_t idname[KCDB_IDENT_MAXCCH_NAME]; - khm_size cb; - - nc = (khui_new_creds *) vparam; - if (KHM_FAILED(khui_cw_find_type(nc, credtype_id_krb4, &nct))) - break; - - if (nc->subtype == KMSG_CRED_NEW_CREDS || - nc->subtype == KMSG_CRED_RENEW_CREDS) { - khm_int32 method; - - if (nc->subtype == KMSG_CRED_NEW_CREDS) { - - d = (k4_dlg_data *) nct->aux; - if (!d || - nc->n_identities == 0 || - nc->identities[0] == NULL || - nc->result != KHUI_NC_RESULT_PROCESS) { - khui_cw_set_response(nc, credtype_id_krb4, - KHUI_NC_RESPONSE_SUCCESS | - KHUI_NC_RESPONSE_EXIT); - break; - } - - if (!d->k4_enabled) { - k4_write_identity_data(d); - khui_cw_set_response(nc, credtype_id_krb4, - KHUI_NC_RESPONSE_SUCCESS | - KHUI_NC_RESPONSE_EXIT); - break; - } - - method = d->method; - ident = nc->identities[0]; - - cb = sizeof(idname); - kcdb_identity_get_name(ident, idname, &cb); - _begin_task(0); - _report_mr2(KHERR_NONE, MSG_K4_NEW_CREDS, - _cstr(ident), _int32(method)); - _resolve(); - _describe(); - - } else if (nc->subtype == KMSG_CRED_RENEW_CREDS) { - - if ((nc->ctx.scope == KHUI_SCOPE_IDENT && - nc->ctx.identity != NULL) || - - (nc->ctx.scope == KHUI_SCOPE_CREDTYPE && - nc->ctx.cred_type == credtype_id_krb4 && - nc->ctx.identity != NULL) || - - (nc->ctx.scope == KHUI_SCOPE_CRED && - nc->ctx.cred_type == credtype_id_krb4 && - nc->ctx.identity != NULL && - nc->ctx.cred != NULL)) { - - ident = nc->ctx.identity; - - if (!k4_should_identity_get_k4(ident)) { - - _reportf(L"Kerberos 4 is not enabled for this identity. Skipping"); - - khui_cw_set_response(nc, credtype_id_krb4, - KHUI_NC_RESPONSE_FAILED | - KHUI_NC_RESPONSE_EXIT); - break; - } - - } else { - - _reportf(L"Kerberos 4 is not within renewal scope. Skipping"); - - khui_cw_set_response(nc, credtype_id_krb4, - KHUI_NC_RESPONSE_FAILED | - KHUI_NC_RESPONSE_EXIT); - break; - } - - method = K4_METHOD_K524; /* only k524 is supported - for renewals */ - - _begin_task(0); - cb = sizeof(idname); - kcdb_identity_get_name(ident, idname, &cb); - _report_mr2(KHERR_NONE, MSG_K4_RENEW_CREDS, - _cstr(ident), _int32(method)); - _resolve(); - _describe(); - } else { - assert(FALSE); - break; - } - - if ((method == K4_METHOD_AUTO || - method == K4_METHOD_K524) && - khui_cw_type_succeeded(nc, credtype_id_krb5)) { - - khm_handle tgt; - FILETIME ft_prev; - FILETIME ft_new; - khm_size cb; - - _report_mr0(KHERR_INFO, MSG_K4_TRY_K524); - - tgt = khm_krb4_find_tgt(NULL, ident); - if (tgt) { - cb = sizeof(ft_prev); - if (KHM_FAILED(kcdb_cred_get_attr(tgt, - KCDB_ATTR_EXPIRE, - NULL, - &ft_prev, - &cb))) - ZeroMemory(&ft_prev, sizeof(ft_prev)); - kcdb_cred_release(tgt); - } - - code = khm_convert524(ident); - - _reportf(L"khm_convert524 returns code %d", code); - - if (code == 0) { - khui_cw_set_response(nc, credtype_id_krb4, - KHUI_NC_RESPONSE_SUCCESS | - KHUI_NC_RESPONSE_EXIT); - - if (nc->subtype == KMSG_CRED_NEW_CREDS) { - assert(d != NULL); - - k4_write_identity_data(d); - - } else if (nc->subtype == KMSG_CRED_RENEW_CREDS && - (nc->ctx.scope == KHUI_SCOPE_CREDTYPE || - nc->ctx.scope == KHUI_SCOPE_CRED)) { - - khm_krb4_list_tickets(); - - tgt = khm_krb4_find_tgt(NULL, ident); - - if (tgt) { - cb = sizeof(ft_new); - ZeroMemory(&ft_new, sizeof(ft_new)); - - kcdb_cred_get_attr(tgt, - KCDB_ATTR_EXPIRE, - NULL, - &ft_new, - &cb); - - kcdb_cred_release(tgt); - } - - if (!tgt || - CompareFileTime(&ft_new, - &ft_prev) <= 0) { - /* The new TGT wasn't much of an - improvement over what we already - had. We should go out and try to - renew the identity now. */ - - khui_action_context ctx; - - _reportf(L"Renewal of Krb4 creds failed to get a longer TGT. Triggering identity renewal"); - - khui_context_create(&ctx, - KHUI_SCOPE_IDENT, - nc->ctx.identity, - KCDB_CREDTYPE_INVALID, - NULL); - khui_action_trigger(KHUI_ACTION_RENEW_CRED, - &ctx); - - khui_context_release(&ctx); - } - } - - _end_task(); - break; - - } else if (method == K4_METHOD_K524) { - khui_cw_set_response(nc, credtype_id_krb4, - KHUI_NC_RESPONSE_FAILED | - KHUI_NC_RESPONSE_EXIT); - - if (nc->subtype == KMSG_CRED_RENEW_CREDS && - (nc->ctx.scope == KHUI_SCOPE_CREDTYPE || - nc->ctx.scope == KHUI_SCOPE_CRED)) { - /* We were trying to get a new Krb4 TGT - for this identity. Sometimes this - fails because of restrictions placed on - K524d regarding the lifetime of the - issued K4 TGT. In this case, we - trigger a renewal of the identity in - the hope that the new K5 TGT will allow - us to successfully get a new K4 TGT - next time over using the new K5 TGT. */ - - khui_action_context ctx; - - _reportf(L"Renewal of Krb4 creds failed using k524. Triggerring identity renewal."); - - khui_context_create(&ctx, - KHUI_SCOPE_IDENT, - nc->ctx.identity, - KCDB_CREDTYPE_INVALID, - NULL); - - khui_action_trigger(KHUI_ACTION_RENEW_CRED, - &ctx); - - khui_context_release(&ctx); - } - - _end_task(); - break; - - } - } - - /* only supported for new credentials */ - if (method == K4_METHOD_AUTO || - method == K4_METHOD_PASSWORD) { - - khm_size n_prompts = 0; - khm_size idx; - khm_size cb; - wchar_t wpwd[KHUI_MAXCCH_PROMPT_VALUE]; - char pwd[KHUI_MAXCCH_PROMPT_VALUE]; - wchar_t widname[KCDB_IDENT_MAXCCH_NAME]; - char idname[KCDB_IDENT_MAXCCH_NAME]; - - char * aname = NULL; - char * inst = NULL; - char * realm = NULL; - - assert(nc->subtype == KMSG_CRED_NEW_CREDS); - - _report_mr0(KHERR_INFO, MSG_K4_TRY_PASSWORD); - - code = TRUE; /* just has to be non-zero */ - - khui_cw_get_prompt_count(nc, &n_prompts); - - if (n_prompts == 0) - goto _skip_pwd; - - for (idx = 0; idx < n_prompts; idx++) { - khui_new_creds_prompt * p; - - if (KHM_FAILED(khui_cw_get_prompt(nc, idx, &p))) - continue; - - if (p->type == KHUI_NCPROMPT_TYPE_PASSWORD) - break; - } - - if (idx >= n_prompts) { - _reportf(L"Password prompt not found"); - goto _skip_pwd; - } - - khui_cw_sync_prompt_values(nc); - - cb = sizeof(wpwd); - if (KHM_FAILED(khui_cw_get_prompt_value(nc, idx, - wpwd, - &cb))) { - _reportf(L"Failed to obtain password value"); - goto _skip_pwd; - } - - UnicodeStrToAnsi(pwd, sizeof(pwd), wpwd); - - cb = sizeof(widname); - kcdb_identity_get_name(ident, - widname, - &cb); - - UnicodeStrToAnsi(idname, sizeof(idname), widname); - - { - char * atsign; - - atsign = strchr(idname, '@'); - if (atsign == NULL) { - _reportf(L"Identity name does not contain an '@'"); - goto _skip_pwd; - } - - *atsign++ = 0; - - realm = atsign; - } - - { - char * slash; - - slash = strchr(idname, '/'); - if (slash != NULL) { - *slash++ = 0; - inst = slash; - } else { - inst = ""; - } - } - - aname = idname; - - code = khm_krb4_kinit(aname, inst, realm, - (long) d->lifetime, pwd); - - _reportf(L"khm_krb4_kinit returns code %d", code); - - _skip_pwd: - - if (code) { - khui_cw_set_response(nc, credtype_id_krb4, - KHUI_NC_RESPONSE_EXIT | - KHUI_NC_RESPONSE_FAILED); - - } else { - khui_cw_set_response(nc, credtype_id_krb4, - KHUI_NC_RESPONSE_EXIT | - KHUI_NC_RESPONSE_SUCCESS); - - if (nc->subtype == KMSG_CRED_NEW_CREDS) { - - assert(d != NULL); - k4_write_identity_data(d); - - } - } - } - - _end_task(); - } - } - break; - - case KMSG_CRED_END: - { - khui_new_creds * nc; - khui_new_creds_by_type * nct = NULL; - - nc = (khui_new_creds *) vparam; - if (KHM_FAILED(khui_cw_find_type(nc, credtype_id_krb4, &nct))) - break; - - khui_cw_del_type(nc, credtype_id_krb4); - - if (nct->name) - PFREE(nct->name); - - if (nct->credtext) - PFREE(nct->credtext); - - PFREE(nct); - } - break; - } - - return KHM_ERROR_SUCCESS; -} diff --git a/src/windows/identity/plugins/krb4/krb4plugin.c b/src/windows/identity/plugins/krb4/krb4plugin.c deleted file mode 100644 index 168a0f8a7..000000000 --- a/src/windows/identity/plugins/krb4/krb4plugin.c +++ /dev/null @@ -1,297 +0,0 @@ -/* - * Copyright (c) 2005 Massachusetts Institute of Technology - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -/* $Id$ */ - -#include<krbcred.h> -#include<kherror.h> -#include<khmsgtypes.h> -#include<khuidefs.h> -#include<utils.h> -#include<commctrl.h> -#include<strsafe.h> -#include<krb5.h> - -khm_int32 credtype_id_krb4 = KCDB_CREDTYPE_INVALID; -khm_int32 credtype_id_krb5 = KCDB_CREDTYPE_INVALID; - -khm_boolean krb4_initialized = FALSE; -khm_handle krb4_credset = NULL; - -/* Kerberos IV stuff */ -khm_int32 KHMAPI -krb4_msg_system(khm_int32 msg_type, khm_int32 msg_subtype, - khm_ui_4 uparam, void * vparam) -{ - khm_int32 rv = KHM_ERROR_SUCCESS; - - switch(msg_subtype) { - case KMSG_SYSTEM_INIT: - { -#ifdef _WIN64 - return KHM_ERROR_NOT_IMPLEMENTED; -#else - kcdb_credtype ct; - wchar_t buf[KCDB_MAXCCH_SHORT_DESC]; - size_t cbsize; - khui_config_node_reg reg; - wchar_t wshort_desc[KHUI_MAXCCH_SHORT_DESC]; - wchar_t wlong_desc[KHUI_MAXCCH_LONG_DESC]; - - /* perform critical registrations and initialization - stuff */ - ZeroMemory(&ct, sizeof(ct)); - ct.id = KCDB_CREDTYPE_AUTO; - ct.name = KRB4_CREDTYPE_NAME; - - if(LoadString(hResModule, IDS_KRB4_SHORT_DESC, - buf, ARRAYLENGTH(buf))) - { - StringCbLength(buf, KCDB_MAXCB_SHORT_DESC, &cbsize); - cbsize += sizeof(wchar_t); - ct.short_desc = PMALLOC(cbsize); - StringCbCopy(ct.short_desc, cbsize, buf); - } - - /* even though ideally we should be setting limits - based KCDB_MAXCB_LONG_DESC, our long description - actually fits nicely in KCDB_MAXCB_SHORT_DESC */ - if(LoadString(hResModule, IDS_KRB4_LONG_DESC, - buf, ARRAYLENGTH(buf))) - { - StringCbLength(buf, KCDB_MAXCB_SHORT_DESC, &cbsize); - cbsize += sizeof(wchar_t); - ct.long_desc = PMALLOC(cbsize); - StringCbCopy(ct.long_desc, cbsize, buf); - } - - ct.icon = NULL; /* TODO: set a proper icon */ - kmq_create_subscription(krb4_cb, &ct.sub); - - rv = kcdb_credtype_register(&ct, &credtype_id_krb4); - - if(KHM_SUCCEEDED(rv)) - rv = kcdb_credset_create(&krb4_credset); - - if (KHM_SUCCEEDED(rv)) - rv = kcdb_credtype_get_id(KRB5_CREDTYPE_NAME, - &credtype_id_krb5); - - if(ct.short_desc) - PFREE(ct.short_desc); - - if(ct.long_desc) - PFREE(ct.long_desc); - - if (KHM_SUCCEEDED(rv)) { - khui_config_node idents; - - ZeroMemory(®, sizeof(reg)); - - reg.name = KRB4_CONFIG_NODE_NAME; - reg.short_desc = wshort_desc; - reg.long_desc = wlong_desc; - reg.h_module = hResModule; - reg.dlg_template = MAKEINTRESOURCE(IDD_CFG_KRB4); - reg.dlg_proc = krb4_confg_proc; - reg.flags = 0; - - LoadString(hResModule, IDS_CFG_KRB4_LONG, - wlong_desc, ARRAYLENGTH(wlong_desc)); - LoadString(hResModule, IDS_CFG_KRB4_SHORT, - wshort_desc, ARRAYLENGTH(wshort_desc)); - - khui_cfg_register(NULL, ®); - - khui_cfg_open(NULL, L"KhmIdentities", &idents); - - ZeroMemory(®, sizeof(reg)); - - reg.name = KRB4_IDS_CONFIG_NODE_NAME; - reg.short_desc = wshort_desc; - reg.long_desc = wlong_desc; - reg.h_module = hResModule; - reg.dlg_template = MAKEINTRESOURCE(IDD_CFG_IDS_KRB4); - reg.dlg_proc = krb4_ids_config_proc; - reg.flags = KHUI_CNFLAG_SUBPANEL; - - LoadString(hResModule, IDS_CFG_KRB4_SHORT, - wlong_desc, ARRAYLENGTH(wlong_desc)); - LoadString(hResModule, IDS_CFG_KRB4_SHORT, - wshort_desc, ARRAYLENGTH(wshort_desc)); - - khui_cfg_register(idents, ®); - - ZeroMemory(®, sizeof(reg)); - - reg.name = KRB4_ID_CONFIG_NODE_NAME; - reg.short_desc = wshort_desc; - reg.long_desc = wlong_desc; - reg.h_module = hResModule; - reg.dlg_template = MAKEINTRESOURCE(IDD_CFG_ID_KRB4); - reg.dlg_proc = krb4_id_config_proc; - reg.flags = KHUI_CNFLAG_SUBPANEL | KHUI_CNFLAG_PLURAL; - - LoadString(hResModule, IDS_CFG_KRB4_SHORT, - wlong_desc, ARRAYLENGTH(wlong_desc)); - LoadString(hResModule, IDS_CFG_KRB4_SHORT, - wshort_desc, ARRAYLENGTH(wshort_desc)); - - khui_cfg_register(idents, ®); - - khui_cfg_release(idents); - - } - - /* Lookup common data types */ - if(KHM_FAILED(kcdb_type_get_id(TYPENAME_ENCTYPE, - &type_id_enctype))) { - rv = KHM_ERROR_UNKNOWN; - } - - if(KHM_FAILED(kcdb_type_get_id(TYPENAME_ADDR_LIST, - &type_id_addr_list))) { - rv = KHM_ERROR_UNKNOWN; - } - - if(KHM_FAILED(kcdb_type_get_id(TYPENAME_KRB5_FLAGS, - &type_id_krb5_flags))) { - rv = KHM_ERROR_UNKNOWN; - } - - /* Lookup common attributes */ - if(KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_KEY_ENCTYPE, - &attr_id_key_enctype))) { - rv = KHM_ERROR_UNKNOWN; - } - - if(KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_TKT_ENCTYPE, - &attr_id_tkt_enctype))) { - rv = KHM_ERROR_UNKNOWN; - } - - if(KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_ADDR_LIST, - &attr_id_addr_list))) { - rv = KHM_ERROR_UNKNOWN; - } - - if(KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_KRB5_FLAGS, - &attr_id_krb5_flags))) { - rv = KHM_ERROR_UNKNOWN; - } - - krb4_initialized = TRUE; - - khm_krb4_set_def_tkt_string(); - - khm_krb4_list_tickets(); -#endif - } - break; - - case KMSG_SYSTEM_EXIT: -#ifdef _WIN64 - /* See above. On 64-bit platforms, we don't support Krb4 at - all. */ - return 0; -#else - if(credtype_id_krb4 >= 0) - { - /* basically just unregister the credential type */ - kcdb_credtype_unregister(credtype_id_krb4); - - kcdb_credset_delete(krb4_credset); - } - break; -#endif - } - - return rv; -} - -khm_int32 KHMAPI -krb4_msg_cred(khm_int32 msg_type, khm_int32 msg_subtype, - khm_ui_4 uparam, void * vparam) -{ - khm_int32 rv = KHM_ERROR_SUCCESS; - - switch(msg_subtype) { - case KMSG_CRED_REFRESH: - { - khm_krb4_list_tickets(); - } - break; - - case KMSG_CRED_DESTROY_CREDS: - { - khui_action_context * ctx; - khm_handle credset; - khm_size nc_root = 0; - khm_size nc_sel = 0; - - ctx = (khui_action_context *) vparam; - - /* if all krb4 tickets are selected, then we destroy all - of them. Otherwise, we do nothing. */ - - kcdb_credset_create(&credset); - - kcdb_credset_extract(credset, ctx->credset, - NULL, credtype_id_krb4); - kcdb_credset_get_size(credset, &nc_sel); - - kcdb_credset_flush(credset); - - kcdb_credset_extract(credset, NULL, - NULL, credtype_id_krb4); - kcdb_credset_get_size(credset, &nc_root); - - kcdb_credset_delete(credset); - - if (nc_root == nc_sel) { - khm_krb4_kdestroy(); - } - } - break; - - default: - if (IS_CRED_ACQ_MSG(msg_subtype)) - return krb4_msg_newcred(msg_type, msg_subtype, uparam, vparam); - } - - return rv; -} - -khm_int32 KHMAPI -krb4_cb(khm_int32 msg_type, khm_int32 msg_subtype, - khm_ui_4 uparam, void * vparam) -{ - switch(msg_type) { - case KMSG_SYSTEM: - return krb4_msg_system(msg_type, msg_subtype, uparam, vparam); - case KMSG_CRED: - return krb4_msg_cred(msg_type, msg_subtype, uparam, vparam); - } - return KHM_ERROR_SUCCESS; -} diff --git a/src/windows/identity/plugins/krb4/krbconfig.csv b/src/windows/identity/plugins/krb4/krbconfig.csv deleted file mode 100644 index 3d791214b..000000000 --- a/src/windows/identity/plugins/krb4/krbconfig.csv +++ /dev/null @@ -1,17 +0,0 @@ -Name,Type,Value,Description -Krb4Cred,KC_SPACE,0,"Kerberos IV Credentials Provider" - Module,KC_STRING,"MITKrb4", - Description,KC_STRING,"Kerberos IV Credentials Provider", - Dependencies,KC_STRING,Krb5Cred, - Type,KC_INT32,1, - Flags,KC_INT32,0, - Parameters,KC_SPACE,0,Parameters for KrbCred - Krb4NewCreds,KC_INT32,1,Obtain Kerberos 4 tickets (Boolean) - Krb4Method,KC_INT32,0,Method for acquiring K4 tix. 0-Auto;1-Password;2-K524 - CreateMissingConfig,KC_INT32,0,Create missing configuration files - DefaultLifetime,KC_INT32,36000,Default ticket lifetime - MaxLifetime,KC_INT32,86400,Maximum lifetime - MinLifetime,KC_INT32,60,Minimum lifetime - TktString,KC_STRING,,Ticket string. Use default if NULL - Parameters,KC_ENDSPACE,0, -Krb4Cred,KC_ENDSPACE,0, diff --git a/src/windows/identity/plugins/krb4/krbcred.h b/src/windows/identity/plugins/krb4/krbcred.h deleted file mode 100644 index 834d3f9a3..000000000 --- a/src/windows/identity/plugins/krb4/krbcred.h +++ /dev/null @@ -1,134 +0,0 @@ -/* - * Copyright (c) 2005 Massachusetts Institute of Technology - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -/* $Id$ */ - -#ifndef __KHIMAIRA_KRBAFSCRED_H -#define __KHIMAIRA_KRBAFSCRED_H - -#include<windows.h> - -#define KHERR_FACILITY L"Krb4Cred" -#define KHERR_FACILITY_ID 65 -#define KHERR_HMODULE hResModule - -#include<netidmgr.h> - -#include<krb4funcs.h> -#include<krb5common.h> -#include<errorfuncs.h> -#include<dynimport.h> - -#include<langres.h> -#include<krb4_msgs.h> - -#define TYPENAME_ENCTYPE L"EncType" -#define TYPENAME_ADDR_LIST L"AddrList" -#define TYPENAME_KRB5_FLAGS L"Krb5Flags" - -#define ATTRNAME_KEY_ENCTYPE L"KeyEncType" -#define ATTRNAME_TKT_ENCTYPE L"TktEncType" -#define ATTRNAME_ADDR_LIST L"AddrList" -#define ATTRNAME_KRB5_FLAGS L"Krb5Flags" -#define ATTRNAME_RENEW_TILL L"RenewTill" -#define ATTRNAME_RENEW_FOR L"RenewFor" - -void init_krb(); -void exit_krb(); - -/* globals */ -extern kmm_module h_khModule; -extern HMODULE hResModule; -extern HINSTANCE hInstance; - -extern khm_int32 type_id_enctype; -extern khm_int32 type_id_addr_list; -extern khm_int32 type_id_krb5_flags; - -extern khm_int32 attr_id_key_enctype; -extern khm_int32 attr_id_tkt_enctype; -extern khm_int32 attr_id_addr_list; -extern khm_int32 attr_id_krb5_flags; -extern khm_int32 attr_id_renew_till; -extern khm_int32 attr_id_renew_for; - -/* Configuration spaces */ -#define CSNAME_KRB4CRED L"Krb4Cred" -#define CSNAME_PARAMS L"Parameters" - -/* plugin constants */ -#define KRB4_PLUGIN_NAME L"Krb4Cred" - -#define KRB4_PLUGIN_DEPS L"Krb5Cred\0" - -#define KRB4_CREDTYPE_NAME L"Krb4Cred" - -#define KRB5_CREDTYPE_NAME L"Krb5Cred" - -#define KRB4_CONFIG_NODE_NAME L"Krb4Config" - -#define KRB4_ID_CONFIG_NODE_NAME L"Krb4IdentConfig" -#define KRB4_IDS_CONFIG_NODE_NAME L"Krb4IdentsConfig" - -extern khm_handle csp_plugins; -extern khm_handle csp_krbcred; -extern khm_handle csp_params; - -extern kconf_schema schema_krbconfig[]; - -/* other globals */ -extern khm_int32 credtype_id_krb4; -extern khm_int32 credtype_id_krb5; - -extern khm_boolean krb4_initialized; - -extern khm_handle krb4_credset; - -/* plugin callbacks */ -khm_int32 KHMAPI -krb4_cb(khm_int32 msg_type, khm_int32 msg_subtype, - khm_ui_4 uparam, void * vparam); - -INT_PTR CALLBACK -krb4_confg_proc(HWND hwnd, - UINT uMsg, - WPARAM wParam, - LPARAM lParam); - -INT_PTR CALLBACK -krb4_ids_config_proc(HWND hwnd, - UINT uMsg, - WPARAM wParam, - LPARAM lParam); - -INT_PTR CALLBACK -krb4_id_config_proc(HWND hwnd, - UINT uMsg, - WPARAM wParam, - LPARAM lParam); - -khm_int32 -krb4_msg_newcred(khm_int32 msg_type, khm_int32 msg_subtype, - khm_ui_4 uparam, void * vparam); -#endif diff --git a/src/windows/identity/plugins/krb4/lang/en_us/langres.rc b/src/windows/identity/plugins/krb4/lang/en_us/langres.rc deleted file mode 100644 index 1c011ab9c..000000000 --- a/src/windows/identity/plugins/krb4/lang/en_us/langres.rc +++ /dev/null @@ -1,205 +0,0 @@ -// Microsoft Visual C++ generated resource script. -// -#include "..\..\langres.h" - -#define APSTUDIO_READONLY_SYMBOLS -///////////////////////////////////////////////////////////////////////////// -// -// Generated from the TEXTINCLUDE 2 resource. -// -#include "afxres.h" - -///////////////////////////////////////////////////////////////////////////// -#undef APSTUDIO_READONLY_SYMBOLS - -///////////////////////////////////////////////////////////////////////////// -// English (U.S.) resources - -#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU) -#ifdef _WIN32 -LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US -#pragma code_page(1252) -#endif //_WIN32 - -#ifdef APSTUDIO_INVOKED -///////////////////////////////////////////////////////////////////////////// -// -// TEXTINCLUDE -// - -1 TEXTINCLUDE -BEGIN - "..\\..\\langres.h\0" -END - -2 TEXTINCLUDE -BEGIN - "#include ""afxres.h""\r\n" - "\0" -END - -3 TEXTINCLUDE -BEGIN - "\r\n" - "\0" -END - -#endif // APSTUDIO_INVOKED - - -///////////////////////////////////////////////////////////////////////////// -// -// Dialog -// - -IDD_NC_KRB4 DIALOGEX 0, 0, 300, 166 -STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD -EXSTYLE WS_EX_CONTROLPARENT -FONT 8, "MS Shell Dlg", 400, 0, 0x1 -BEGIN - CONTROL "Kerberos v4 Ticket Options",IDC_STATIC,"Static",SS_LEFTNOWORDWRAP | SS_SUNKEN | WS_GROUP,7,7,286,11 - CONTROL "Obtain Kerberos v4 credentials",IDC_NCK4_OBTAIN,"Button",BS_AUTOCHECKBOX | BS_NOTIFY | WS_TABSTOP,7,26,128,10 - GROUPBOX "Obtain Kerberos v4 credentials using",IDC_STATIC,7,43,286,72,WS_GROUP - CONTROL "Automatically determine method",IDC_NCK4_AUTO,"Button",BS_AUTORADIOBUTTON,22,59,119,10 - CONTROL "Kerberos v5 to v4 translation",IDC_NCK4_K524,"Button",BS_AUTORADIOBUTTON,22,76,109,10 - CONTROL "Password",IDC_NCK4_PWD,"Button",BS_AUTORADIOBUTTON,22,93,47,10 -END - -IDD_CFG_KRB4 DIALOGEX 0, 0, 255, 182 -STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_SYSMENU -EXSTYLE WS_EX_CONTROLPARENT -FONT 8, "MS Shell Dlg", 400, 0, 0x1 -BEGIN - LTEXT "Credential cache location",IDC_CFG_LBL_CACHE,7,10,67,8 - EDITTEXT IDC_CFG_CACHE,83,7,165,14,ES_AUTOHSCROLL - LTEXT "Config file path",IDC_CFG_LBL_CFGFILE,7,30,50,8 - EDITTEXT IDC_CFG_CFGPATH,83,27,165,14,ES_AUTOHSCROLL | ES_READONLY - PUSHBUTTON "Browse...",IDC_CFG_CFGBROW,200,95,48,14,NOT WS_VISIBLE - LTEXT "Realm file path",IDC_CFG_LBL_RLMPATH,7,50,48,8 - EDITTEXT IDC_CFG_RLMPATH,83,47,165,14,ES_AUTOHSCROLL | ES_READONLY - PUSHBUTTON "Browse...",IDC_CFG_RLMBROW,200,127,48,14,NOT WS_VISIBLE -END - -IDD_CFG_IDS_KRB4 DIALOGEX 0, 0, 235, 151 -STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_SYSMENU -EXSTYLE WS_EX_CONTROLPARENT -FONT 8, "MS Shell Dlg", 400, 0, 0x1 -BEGIN - CONTROL "Obtain Kerberos v4 credentials",IDC_CFG_GETTIX,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,7,7,221,17 - LTEXT "Note that, if enabled, Kerberos v4 credentials will be acquired during initial credential acquisition and during credential renewals.\n\nHowever, currently Kerberos v4 credentials can only be obtained for the default identity.",IDC_STATIC,7,91,221,53,SS_SUNKEN -END - -IDD_CFG_ID_KRB4 DIALOGEX 0, 0, 235, 151 -STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_SYSMENU -EXSTYLE WS_EX_CONTROLPARENT -FONT 8, "MS Shell Dlg", 400, 0, 0x1 -BEGIN - CONTROL "Obtain Kerberos v4 credentials for this identity",IDC_CFG_GETTIX, - "Button",BS_AUTOCHECKBOX | WS_DISABLED | WS_TABSTOP,7,7,165,10 -END - - -///////////////////////////////////////////////////////////////////////////// -// -// DESIGNINFO -// - -#ifdef APSTUDIO_INVOKED -GUIDELINES DESIGNINFO -BEGIN - IDD_NC_KRB4, DIALOG - BEGIN - LEFTMARGIN, 7 - RIGHTMARGIN, 293 - TOPMARGIN, 7 - BOTTOMMARGIN, 159 - END - - IDD_CFG_KRB4, DIALOG - BEGIN - LEFTMARGIN, 7 - RIGHTMARGIN, 248 - VERTGUIDE, 83 - VERTGUIDE, 196 - VERTGUIDE, 200 - TOPMARGIN, 7 - BOTTOMMARGIN, 175 - END - - IDD_CFG_IDS_KRB4, DIALOG - BEGIN - LEFTMARGIN, 7 - RIGHTMARGIN, 228 - TOPMARGIN, 7 - BOTTOMMARGIN, 144 - END - - IDD_CFG_ID_KRB4, DIALOG - BEGIN - LEFTMARGIN, 7 - RIGHTMARGIN, 228 - TOPMARGIN, 7 - BOTTOMMARGIN, 144 - END -END -#endif // APSTUDIO_INVOKED - - -///////////////////////////////////////////////////////////////////////////// -// -// Icon -// - -// Icon with lowest ID value placed first to ensure application icon -// remains consistent on all systems. -IDI_PLUGIN ICON "..\\..\\images\\plugin.ico" - -///////////////////////////////////////////////////////////////////////////// -// -// String Table -// - -STRINGTABLE -BEGIN - IDS_PLUGIN_DESC "Kerberos v4 Credentials Provider" - IDS_NC_K4_SHORT "Kerberos v4" - IDS_ERR_REALM "Could not resolve Kerberos v4 realm" - IDS_ERR_PRINCIPAL "Invalid principal" - IDS_ERR_INVINST "Invalid instance" - IDS_ERR_PWINTKT "Could not obtain Kerberos v4 credentials" - IDS_CT_DISABLED "<p><a id=""SwitchPanel"" param=""Krb4Cred""><b>Krb4</b></a><tab>: Disabled (click <a id=""Krb4Cred:Enable"">here</a> to enable)</p>" - IDS_CT_TGTFOR "<p><a id=""SwitchPanel"" param=""Krb4Cred""><b>Krb4</b></a><tab>: Credentials for realm %s</p>" - IDS_METHOD_AUTO "Automatically determined method" -END - -STRINGTABLE -BEGIN - IDS_KRB4_SHORT_DESC "Kerberos v4" - IDS_KRB4_LONG_DESC "Kerberos v4" - IDS_CFG_KRB4_LONG "Kerberos v4 Configuration" - IDS_CFG_KRB4_SHORT "Kerberos v4" -END - -STRINGTABLE -BEGIN - IDS_METHOD_PWD "Password" - IDS_METHOD_K524 "Kerberos v5 to v4 translation" - IDS_CFG_IDS_KRB4_SHORT "Kerberos v4" -END - -#endif // English (U.S.) resources -///////////////////////////////////////////////////////////////////////////// - - - -#ifndef APSTUDIO_INVOKED -///////////////////////////////////////////////////////////////////////////// -// -// Generated from the TEXTINCLUDE 3 resource. -// - - -///////////////////////////////////////////////////////////////////////////// -#endif // not APSTUDIO_INVOKED - - diff --git a/src/windows/identity/plugins/krb4/lang/krb4_msgs.mc b/src/windows/identity/plugins/krb4/lang/krb4_msgs.mc deleted file mode 100644 index 74fe50905..000000000 --- a/src/windows/identity/plugins/krb4/lang/krb4_msgs.mc +++ /dev/null @@ -1,57 +0,0 @@ -; // ** krb5_msgs.mc - -; /* Since .mc files can contain strings from any language, we define -; all our messages in one file in the /lang/ directory instead of -; language specific subdirectories. */ - -; /* The type is set to (wchar_t *) because that's what we will be -; feeding kherr_report() function. */ - -; // MessageIdTypedef=LPWSTR - -; /* Severity values as defined in the message definition file are -; currently ignored. */ - -SeverityNames=( - Success=0x0 -) - -LanguageNames=( - English=0x409:MSG_ENU -) - -OutputBase=16 - -; /* Actual messages start here */ - -MessageId=1 -Severity=Success -SymbolicName=MSG_INITIAL -Language=English -Initial placeholder message -. - -MessageId= -SymbolicName=MSG_K4_NEW_CREDS -Language=English -Getting new Krb4 credentials for [%1!s!] using method [%2!d!] -. - -MessageId= -SymbolicName=MSG_K4_RENEW_CREDS -Language=English -Renewing Krb4 credentials for [%1!s!] using method [%2!d!] -. - -MessageId= -SymbolicName=MSG_K4_TRY_K524 -Language=English -Trying Krb524 ... -. - -MessageId= -SymbolicName=MSG_K4_TRY_PASSWORD -Language=English -Trying Password ... -. - diff --git a/src/windows/identity/plugins/krb4/langres.h b/src/windows/identity/plugins/krb4/langres.h deleted file mode 100644 index b4f911874..000000000 --- a/src/windows/identity/plugins/krb4/langres.h +++ /dev/null @@ -1,49 +0,0 @@ -//{{NO_DEPENDENCIES}} -// Microsoft Visual C++ generated include file. -// Used by C:\work\pismere\athena\auth\krb5\src\windows\identity\plugins\krb4\lang\en_us\langres.rc -// -#define IDD_NC_KRB4 103 -#define IDS_PLUGIN_DESC 103 -#define IDD_CFG_KRB4 104 -#define IDS_NC_K4_SHORT 104 -#define IDS_ERR_REALM 105 -#define IDD_CFG_IDS_KRB4 105 -#define IDS_ERR_PRINCIPAL 106 -#define IDD_CFG_ID_KRB4 106 -#define IDS_ERR_INVINST 107 -#define IDI_PLUGIN 107 -#define IDS_ERR_PWINTKT 108 -#define IDS_CT_DISABLED 109 -#define IDS_CT_TGTFOR 110 -#define IDS_METHOD_AUTO 111 -#define IDS_METHOD_PWD 112 -#define IDS_METHOD_K524 113 -#define IDS_CFG_IDS_KRB4_SHORT 114 -#define IDS_KRB4_SHORT_DESC 128 -#define IDS_KRB4_LONG_DESC 129 -#define IDS_CFG_KRB4_LONG 135 -#define IDS_CFG_KRB4_SHORT 136 -#define IDC_CFG_LBL_CACHE 1025 -#define IDC_CFG_LBL_CFGFILE 1026 -#define IDC_CFG_LBL_RLMPATH 1027 -#define IDC_CFG_CACHE 1028 -#define IDC_CFG_CFGPATH 1029 -#define IDC_CFG_RLMPATH 1030 -#define IDC_CFG_CFGBROW 1031 -#define IDC_CFG_RLMBROW 1032 -#define IDC_NCK4_OBTAIN 1033 -#define IDC_NCK4_AUTO 1034 -#define IDC_NCK4_K524 1035 -#define IDC_NCK4_PWD 1036 -#define IDC_CFG_GETTIX 1037 - -// Next default values for new objects -// -#ifdef APSTUDIO_INVOKED -#ifndef APSTUDIO_READONLY_SYMBOLS -#define _APS_NEXT_RESOURCE_VALUE 108 -#define _APS_NEXT_COMMAND_VALUE 40001 -#define _APS_NEXT_CONTROL_VALUE 1043 -#define _APS_NEXT_SYMED_VALUE 101 -#endif -#endif diff --git a/src/windows/identity/plugins/krb4/version.rc b/src/windows/identity/plugins/krb4/version.rc deleted file mode 100644 index d0e074f86..000000000 --- a/src/windows/identity/plugins/krb4/version.rc +++ /dev/null @@ -1,89 +0,0 @@ -/* Copyright (c) 2004 Massachusetts Institute of Technology - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - * - */ - -/* $Id$ */ - -#include<netidmgr_intver.h> - -#ifndef LANGVER - -#define STR_FILEDESC "Kerberos v4 Plugin for Network Identity Manager" -#define STR_INTNAME "krb4cred" -#define STR_ORIGNAME "krb4cred.dll" - -#else - -#ifdef LANG_en_us - -#define STR_FILEDESC "English(US) language resources for the Keberos 4 plugin" -#define STR_INTNAME "krb4cred_en_us" -#define STR_ORIGNAME "krb4cred_en_us.dll" - -#else - -#error Unknown langugae - -#endif - -#endif - -1 VERSIONINFO - FILEVERSION KH_VERSION_LIST - PRODUCTVERSION KH_VERSION_LIST - FILEFLAGSMASK KH_VER_FILEFLAGMASK - FILEFLAGS KH_VER_FILEFLAGS - FILEOS KH_VER_FILEOS - FILETYPE KH_VER_FILETYPEDLL - FILESUBTYPE 0 - { - - BLOCK "StringFileInfo" - { - BLOCK "040904b0" - { - VALUE "CompanyName", KH_VERSTR_COMPANY_1033 - VALUE "FileDescription", STR_FILEDESC - VALUE "FileVersion", KH_VERSTR_VERSION_1033 - VALUE "InternalName", STR_INTNAME - VALUE "LegalCopyright", KH_VERSTR_COPYRIGHT_1033 - VALUE "OriginalFilename", STR_ORIGNAME - VALUE "ProductName", "Network Identity Manager" - VALUE "ProductVersion", KH_VERSTR_PRODUCT_1033 -#ifdef KH_VERSTR_COMMENT_1033 - VALUE "Comment", KH_VERSTR_COMMENT_1033 -#endif -#ifndef LANGVER - VALUE NIMV_MODULE, "MITKrb4" - VALUE NIMV_PLUGINS, "Krb4Cred" - VALUE NIMV_APIVER, KH_VERSION_STRINGAPI - VALUE NIMV_SUPPORT, "http://web.mit.edu/kerberos" -#endif - } - } - - BLOCK "VarFileInfo" - { - VALUE "Translation", 0x409, 1200 - } - } diff --git a/src/windows/identity/plugins/krb5/Makefile b/src/windows/identity/plugins/krb5/Makefile deleted file mode 100644 index f93fe6819..000000000 --- a/src/windows/identity/plugins/krb5/Makefile +++ /dev/null @@ -1,114 +0,0 @@ -# -# Copyright (c) 2004 Massachusetts Institute of Technology -# Copyright (c) 2007 Secure Endpoints Inc. -# -# Permission is hereby granted, free of charge, to any person -# obtaining a copy of this software and associated documentation files -# (the "Software"), to deal in the Software without restriction, -# including without limitation the rights to use, copy, modify, merge, -# publish, distribute, sublicense, and/or sell copies of the Software, -# and to permit persons to whom the Software is furnished to do so, -# subject to the following conditions: -# -# The above copyright notice and this permission notice shall be -# included in all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. - - -MODULE=plugins\krb5 -!include <../../config/Makefile.w32> - -DLLFILE=$(BINDIR)\krb5cred.dll - -LIBFILE=$(LIBDIR)\krb5cred.lib - -OBJFILES= \ - $(LIBDIR)\dynimport.obj \ - $(LIBDIR)\krb5common.obj \ - $(OBJ)\krb5main.obj \ - $(OBJ)\datarep.obj \ - $(OBJ)\errorfuncs.obj \ - $(OBJ)\krb5plugin.obj \ - $(OBJ)\krb5props.obj \ - $(OBJ)\krb5newcreds.obj \ - $(OBJ)\krb5funcs.obj \ - $(OBJ)\krb5config.obj \ - $(OBJ)\krb5identpro.obj \ - $(OBJ)\krb5configdlg.obj \ - $(OBJ)\krb5configcc.obj \ - $(OBJ)\krb5configid.obj \ - $(OBJ)\krb5configids.obj - - - -SDKLIBFILES= \ - netapi32.lib \ - shlwapi.lib \ - comctl32.lib - -!if ("$(CPU)" == "IA64" ) || ("$(CPU)" == "AMD64" ) || ("$(CPU)" == "ALPHA64" ) -SCLIB=bufferoverflowu.lib -LIBFILES= \ - $(LIBDIR)\nidmgr64.lib \ - $(KFWLIBDIR)\loadfuncs.lib -!else -SCLIB= -LIBFILES= \ - $(LIBDIR)\nidmgr32.lib \ - $(KFWLIBDIR)\loadfuncs.lib -!endif - -MSGRESFILE=$(OBJ)\krb5_msgs.res - -VERRESFILE=$(OBJ)\version.res - -$(OBJ)\krb5config.c: krbconfig.csv $(CONFDIR)\csvschema.cfg - $(CCSV) $** $@ - -$(DLLFILE): $(OBJFILES) $(VERRESFILE) - $(DLLGUILINK) $(MSGRESFILE) $(LIBFILES) $(SDKLIBFILES) $(SCLIB) - $(_VC_MANIFEST_EMBED_DLL) - $(_VC_MANIFEST_CLEAN) - -$(MSGRESFILE): $(OBJ)\krb5_msgs.rc - -$(OBJ)\krb5_msgs.rc: lang\krb5_msgs.mc - $(MC2RC) - -all: mkdirs $(MSGRESFILE) $(DLLFILE) lang - -lang:: - -# Repeat this block as necessary redefining LANG for additional -# languages. - -# Begin language block -LANG=en_us - -LANGDLL=$(BINDIR)\krb5cred_$(LANG).dll - -lang:: $(LANGDLL) - -$(LANGDLL): $(OBJ)\langres_$(LANG).res $(OBJ)\langres_ver_$(LANG).res - $(DLLRESLINK) - -$(OBJ)\langres_$(LANG).res: lang\$(LANG)\langres.rc - $(RC2RES) - -$(OBJ)\langres_ver_$(LANG).res: version.rc - $(RC) $(RFLAGS) $(rincflags) /d LANGVER /d LANG_$(LANG) /fo $@ $** -# End language block - -clean:: -!if defined(INCFILES) - $(RM) $(INCFILES) -!endif - diff --git a/src/windows/identity/plugins/krb5/datarep.c b/src/windows/identity/plugins/krb5/datarep.c deleted file mode 100644 index c4247aa67..000000000 --- a/src/windows/identity/plugins/krb5/datarep.c +++ /dev/null @@ -1,414 +0,0 @@ -/* - * Copyright (c) 2005 Massachusetts Institute of Technology - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -/* $Id$ */ - -/* Data representation and related functions */ - -#include<winsock2.h> -#include<krbcred.h> -#include<krb5.h> -#include<kherror.h> -#include<strsafe.h> -#include<assert.h> - -khm_int32 KHMAPI -enctype_toString(const void * data, khm_size cbdata, - wchar_t *destbuf, khm_size *pcbdestbuf, - khm_int32 flags) -{ - int resid = 0; - int etype; - wchar_t buf[256]; - size_t cblength; - - if(cbdata != sizeof(khm_int32)) - return KHM_ERROR_INVALID_PARAM; - - etype = *((khm_int32 *) data); - - switch(etype) { - case ENCTYPE_NULL: - resid = IDS_ETYPE_NULL; - break; - - case ENCTYPE_DES_CBC_CRC: - resid = IDS_ETYPE_DES_CBC_CRC; - break; - - case ENCTYPE_DES_CBC_MD4: - resid = IDS_ETYPE_DES_CBC_MD4; - break; - - case ENCTYPE_DES_CBC_MD5: - resid = IDS_ETYPE_DES_CBC_MD5; - break; - - case ENCTYPE_DES_CBC_RAW: - resid = IDS_ETYPE_DES_CBC_RAW; - break; - - case ENCTYPE_DES3_CBC_SHA: - resid = IDS_ETYPE_DES3_CBC_SHA; - break; - - case ENCTYPE_DES3_CBC_RAW: - resid = IDS_ETYPE_DES3_CBC_RAW; - break; - - case ENCTYPE_DES_HMAC_SHA1: - resid = IDS_ETYPE_DES_HMAC_SHA1; - break; - - case ENCTYPE_DES3_CBC_SHA1: - resid = IDS_ETYPE_DES3_CBC_SHA1; - break; - - case ENCTYPE_AES128_CTS_HMAC_SHA1_96: - resid = IDS_ETYPE_AES128_CTS_HMAC_SHA1_96; - break; - - case ENCTYPE_AES256_CTS_HMAC_SHA1_96: - resid = IDS_ETYPE_AES256_CTS_HMAC_SHA1_96; - break; - - case ENCTYPE_CAMELLIA128_CTS_CMAC: - resid = IDS_ETYPE_CAMELLIA128_CTS_CMAC; - break; - - case ENCTYPE_CAMELLIA256_CTS_CMAC: - resid = IDS_ETYPE_CAMELLIA256_CTS_CMAC; - break; - - case ENCTYPE_ARCFOUR_HMAC: - resid = IDS_ETYPE_ARCFOUR_HMAC; - break; - - case ENCTYPE_ARCFOUR_HMAC_EXP: - resid = IDS_ETYPE_ARCFOUR_HMAC_EXP; - break; - - case ENCTYPE_UNKNOWN: - resid = IDS_ETYPE_UNKNOWN; - break; - -#if 0 - case ENCTYPE_LOCAL_DES3_HMAC_SHA1: - resid = IDS_ETYPE_LOCAL_DES3_HMAC_SHA1; - break; - - case ENCTYPE_LOCAL_RC4_MD4: - resid = IDS_ETYPE_LOCAL_RC4_MD4; - break; -#endif - } - - if(resid != 0) { - LoadString(hResModule, (UINT) resid, buf, ARRAYLENGTH(buf)); - } else { - StringCbPrintf(buf, sizeof(buf), L"#%d", etype); - } - - StringCbLength(buf, ARRAYLENGTH(buf), &cblength); - cblength += sizeof(wchar_t); - - if(!destbuf || *pcbdestbuf < cblength) { - *pcbdestbuf = cblength; - return KHM_ERROR_TOO_LONG; - } else { - StringCbCopy(destbuf, *pcbdestbuf, buf); - *pcbdestbuf = cblength; - return KHM_ERROR_SUCCESS; - } -} - -khm_int32 KHMAPI -addr_list_comp(const void *d1, khm_size cb_d1, - const void *d2, khm_size cb_d2) -{ - if (cb_d1 < cb_d2) - return -1; - if (cb_d1 > cb_d2) - return 1; - return memcmp(d1, d2, cb_d1); -} - -khm_int32 KHMAPI -addr_list_toString(const void *d, khm_size cb_d, - wchar_t *buf, khm_size *pcb_buf, - khm_int32 flags) -{ - wchar_t tbuf[2048]; - wchar_t * strpos; - khm_size cbleft; - size_t t; - k5_serial_address * addrs; - - if (cb_d == 0 || d == NULL) { - tbuf[0] = L'\0'; - } else { - addrs = (k5_serial_address *) d; - - strpos = tbuf; - cbleft = sizeof(tbuf); - tbuf[0] = L'\0'; - - while (TRUE) { - if (cb_d < sizeof(*addrs) || - addrs->magic != K5_SERIAL_ADDRESS_MAGIC || - cb_d < sizeof(*addrs) + addrs->length - sizeof(khm_int32)) - break; - - if (strpos != tbuf) { - if (FAILED(StringCbCatEx(strpos, cbleft, L" ", - &strpos, &cbleft, - 0))) - break; - } - -#ifdef DEBUG - assert(*strpos == L'\0'); -#endif - - one_addr(addrs, strpos, cbleft); - - t = 0; - if (FAILED(StringCchLength(strpos, - cbleft / sizeof(wchar_t), - &t))) - break; - - strpos += t; - cbleft -= t * sizeof(wchar_t); - - t = sizeof(*addrs) + addrs->length - sizeof(khm_int32); - addrs = (k5_serial_address *) BYTEOFFSET(addrs, t); - cb_d -= t; - } - } - - StringCbLength(tbuf, sizeof(tbuf), &t); - - if (!buf || *pcb_buf < t) { - *pcb_buf = t; - return KHM_ERROR_TOO_LONG; - } - - StringCbCopy(buf, *pcb_buf, tbuf); - *pcb_buf = t; - - return KHM_ERROR_SUCCESS; -} - -khm_int32 KHMAPI -krb5flags_toString(const void *d, - khm_size cb_d, - wchar_t *buf, - khm_size *pcb_buf, - khm_int32 f) -{ - wchar_t sbuf[32]; - int i = 0; - khm_size cb; - khm_int32 flags; - - flags = *((khm_int32 *) d); - - if (flags & TKT_FLG_FORWARDABLE) - sbuf[i++] = L'F'; - - if (flags & TKT_FLG_FORWARDED) - sbuf[i++] = L'f'; - - if (flags & TKT_FLG_PROXIABLE) - sbuf[i++] = L'P'; - - if (flags & TKT_FLG_PROXY) - sbuf[i++] = L'p'; - - if (flags & TKT_FLG_MAY_POSTDATE) - sbuf[i++] = L'D'; - - if (flags & TKT_FLG_POSTDATED) - sbuf[i++] = L'd'; - - if (flags & TKT_FLG_INVALID) - sbuf[i++] = L'i'; - - if (flags & TKT_FLG_RENEWABLE) - sbuf[i++] = L'R'; - - if (flags & TKT_FLG_INITIAL) - sbuf[i++] = L'I'; - - if (flags & TKT_FLG_HW_AUTH) - sbuf[i++] = L'H'; - - if (flags & TKT_FLG_PRE_AUTH) - sbuf[i++] = L'A'; - - sbuf[i++] = L'\0'; - - cb = i * sizeof(wchar_t); - - if (!buf || *pcb_buf < cb) { - *pcb_buf = cb; - return KHM_ERROR_TOO_LONG; - } else { - StringCbCopy(buf, *pcb_buf, sbuf); - *pcb_buf = cb; - return KHM_ERROR_SUCCESS; - } -} - -khm_int32 KHMAPI -kvno_toString(const void * data, khm_size cbdata, - wchar_t *destbuf, khm_size *pcbdestbuf, - khm_int32 flags) -{ - int resid = 0; - int kvno; - wchar_t buf[256]; - size_t cblength; - - if (cbdata != sizeof(khm_int32)) - return KHM_ERROR_INVALID_PARAM; - - kvno = *((khm_int32 *) data); - - StringCbPrintf(buf, sizeof(buf), L"#%d", kvno); - - StringCbLength(buf, ARRAYLENGTH(buf), &cblength); - cblength += sizeof(wchar_t); - - if (!destbuf || *pcbdestbuf < cblength) { - *pcbdestbuf = cblength; - return KHM_ERROR_TOO_LONG; - } else { - StringCbCopy(destbuf, *pcbdestbuf, buf); - *pcbdestbuf = cblength; - return KHM_ERROR_SUCCESS; - } -} - -khm_int32 -serialize_krb5_addresses(krb5_address ** a, void * buf, size_t * pcbbuf) -{ - k5_serial_address * addr; - khm_size cb_req; - khm_size t; - khm_boolean overflow = FALSE; - - addr = (k5_serial_address *) buf; - cb_req = 0; - - for(; *a; a++) { - t = sizeof(k5_serial_address) + (*a)->length - sizeof(khm_int32); - cb_req += t; - if (cb_req < *pcbbuf) { - addr->magic = K5_SERIAL_ADDRESS_MAGIC; - addr->addrtype = (*a)->addrtype; - addr->length = (*a)->length; - memcpy(&addr->data, (*a)->contents, (*a)->length); - - addr = (k5_serial_address *) BYTEOFFSET(addr, t); - } else { - overflow = TRUE; - } - } - - *pcbbuf = cb_req; - - return (overflow)?KHM_ERROR_TOO_LONG: KHM_ERROR_SUCCESS; -} - -void -one_addr(k5_serial_address *a, wchar_t * buf, khm_size cbbuf) -{ - wchar_t retstr[256]; - struct hostent *h = NULL; - int no_resolve = 1; - - retstr[0] = L'\0'; - - if ((a->addrtype == ADDRTYPE_INET && a->length == 4) -#ifdef AF_INET6 - || (a->addrtype == ADDRTYPE_INET6 && a->length == 16) -#endif - ) - { - int af = AF_INET; -#ifdef AF_INET6 - if (a->addrtype == ADDRTYPE_INET6) - af = AF_INET6; -#endif - if (!no_resolve) { -#ifdef HAVE_GETIPNODEBYADDR - int err; - h = getipnodebyaddr(&a->data, a->length, af, &err); - if (h) { - StringCbPrintf(retstr, sizeof(retstr), L"%S", h->h_name); - freehostent(h); - } - else - h = gethostbyaddr(&a->data, a->length, af); - if (h) { - StringCbPrintf(retstr, sizeof(retstr), L"%S", h->h_name); - } -#endif - if (h) - goto _copy_string; - } - if (no_resolve || !h) { -#ifdef HAVE_INET_NTOP - char buf[46]; - const char *name = inet_ntop(a->addrtype, &a->data, buf, sizeof(buf)); - if (name) { - StringCbPrintf(retstr, sizeof(retstr), L"%S", name); - goto _copy_string; - } -#else - if (a->addrtype == ADDRTYPE_INET) { - khm_ui_4 addr = a->data; - StringCbPrintf(retstr, sizeof(retstr), - L"%d.%d.%d.%d", - (int) (addr & 0xff), - (int) ((addr >> 8) & 0xff), - (int) ((addr >> 16)& 0xff), - (int) ((addr >> 24)& 0xff)); - goto _copy_string; - } -#endif - } - } - - { - wchar_t tmpfmt[128]; - LoadString(hResModule, IDS_UNK_ADDR_FMT, tmpfmt, sizeof(tmpfmt)/sizeof(wchar_t)); - StringCbPrintf(retstr, sizeof(retstr), tmpfmt, a->addrtype); - } - - _copy_string: - StringCbCopy(buf, cbbuf, retstr); -} diff --git a/src/windows/identity/plugins/krb5/datarep.h b/src/windows/identity/plugins/krb5/datarep.h deleted file mode 100644 index d81e7b91e..000000000 --- a/src/windows/identity/plugins/krb5/datarep.h +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Copyright (c) 2005 Massachusetts Institute of Technology - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -/* $Id$ */ - -#ifndef __KHIMAIRA_KRB_DATAREP_H -#define __KHIMAIRA_KRB_DATAREP_H - -typedef struct tag_k5_serial_address { - khm_int32 magic; /* should be K5_SERIAL_ADDRESS_MAGIC */ - khm_int32 addrtype; /* Address type. We only know what to - do with ADDRTYPE_INET and - ADDRTYPE_INET6 */ - khm_size length; /* number of bytes of data in [data]. - This should always be greater than - sizeof(khm_int32) */ - khm_int32 data; /* actually, &data is the beginning of - the data buffer that is [length] - bytes long. */ -} k5_serial_address; - -#define K5_SERIAL_ADDRESS_MAGIC 0x44ce832d - -khm_int32 KHMAPI -enctype_toString(const void * data, khm_size cbdata, - wchar_t *destbuf, khm_size *pcbdestbuf, - khm_int32 flags); - -khm_int32 KHMAPI -addr_list_comp(const void *d1, khm_size cb_d1, - const void *d2, khm_size cb_d2); - -khm_int32 KHMAPI -addr_list_toString(const void *, khm_size, wchar_t *, - khm_size *, khm_int32); - -khm_int32 KHMAPI -krb5flags_toString(const void *, khm_size, wchar_t *, - khm_size *, khm_int32); - -khm_int32 KHMAPI -kvno_toString(const void * data, khm_size cbdata, - wchar_t *destbuf, khm_size *pcbdestbuf, - khm_int32 flags); - -khm_int32 KHMAPI -renew_for_cb(khm_handle cred, khm_int32 id, void * buffer, - khm_size * pcbsize); - -khm_int32 -serialize_krb5_addresses(krb5_address ** a, void * buf, size_t * pcbbuf); - -void -one_addr(k5_serial_address *a, wchar_t * buf, khm_size cbbuf); -#endif diff --git a/src/windows/identity/plugins/krb5/errorfuncs.c b/src/windows/identity/plugins/krb5/errorfuncs.c deleted file mode 100644 index d99c4bf6d..000000000 --- a/src/windows/identity/plugins/krb5/errorfuncs.c +++ /dev/null @@ -1,297 +0,0 @@ -/* - * Copyright (c) 2005 Massachusetts Institute of Technology - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -/* $Id$ */ - -#include<krbcred.h> -#include<kherror.h> - -extern void (__cdecl *pinitialize_krb_error_func)(); -extern void (__cdecl *pinitialize_kadm_error_table)(); - - -khm_int32 init_error_funcs() -{ - return KHM_ERROR_SUCCESS; -} - -khm_int32 exit_error_funcs() -{ - return KHM_ERROR_SUCCESS; -} - -#ifdef DEPRECATED_REMOVABLE -HWND GetRootParent (HWND Child) -{ - HWND Last; - while (Child) - { - Last = Child; - Child = GetParent (Child); - } - return Last; -} -#endif - -void khm_err_describe(long code, wchar_t * buf, khm_size cbbuf, - DWORD * suggestion, - kherr_suggestion * suggest_code) -{ - const char * com_err_msg; - int offset; - long table_num; - DWORD msg_id = 0; - DWORD sugg_id = 0; - kherr_suggestion sugg_code = KHERR_SUGGEST_NONE; - - if (suggestion == NULL || buf == NULL || cbbuf == 0 || suggest_code == 0) - return; - - *buf = L'\0'; - - offset = (int) (code & 255); - table_num = code - offset; - com_err_msg = perror_message(code); - - *suggestion = 0; - *suggest_code = KHERR_SUGGEST_NONE; - - if (WSABASEERR <= code && code < (WSABASEERR + 1064)) { - /* winsock error */ - table_num = WSABASEERR; - offset = code - WSABASEERR; - } - - switch(table_num) - { - case krb_err_base: - case kadm_err_base: - case WSABASEERR: - break; - default: - - if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY) { - *suggestion = MSG_ERR_S_INTEGRITY; - } - *suggest_code = KHERR_SUGGEST_RETRY; - AnsiStrToUnicode(buf, cbbuf, com_err_msg); - return; - } - - if (table_num == krb_err_base) { - switch(offset) { - case KDC_NAME_EXP: /* 001 Principal expired */ - case KDC_SERVICE_EXP: /* 002 Service expired */ - case KDC_AUTH_EXP: /* 003 Auth expired */ - case KDC_PKT_VER: /* 004 Protocol version unknown */ - case KDC_P_MKEY_VER: /* 005 Wrong master key version */ - case KDC_S_MKEY_VER: /* 006 Wrong master key version */ - case KDC_BYTE_ORDER: /* 007 Byte order unknown */ - case KDC_PR_N_UNIQUE: /* 009 Principal not unique */ - case KDC_NULL_KEY: /* 010 Principal has null key */ - case KDC_GEN_ERR: /* 011 Generic error from KDC */ - case INTK_W_NOTALL : /* 061 Not ALL tickets returned */ - case INTK_PROT : /* 063 Protocol Error */ - case INTK_ERR : /* 070 Other error */ - msg_id = MSG_ERR_UNKNOWN; - sugg_code = KHERR_SUGGEST_RETRY; - break; - - case KDC_PR_UNKNOWN: /* 008 Principal unknown */ - msg_id = MSG_ERR_PR_UNKNOWN; - sugg_code = KHERR_SUGGEST_RETRY; - break; - case GC_TKFIL : /* 021 Can't read ticket file */ - case GC_NOTKT : /* 022 Can't find ticket or TGT */ - msg_id = MSG_ERR_TKFIL; - sugg_id = MSG_ERR_S_TKFIL; - sugg_code = KHERR_SUGGEST_RETRY; - break; - case MK_AP_TGTEXP : /* 026 TGT Expired */ - /* no extra error msg */ - break; - - case RD_AP_TIME : /* 037 delta_t too big */ - msg_id = MSG_ERR_CLOCKSKEW; - sugg_id = MSG_ERR_S_CLOCKSKEW; - sugg_code = KHERR_SUGGEST_RETRY; - break; - - case RD_AP_UNDEC : /* 031 Can't decode - authenticator */ - case RD_AP_EXP : /* 032 Ticket expired */ - case RD_AP_NYV : /* 033 Ticket not yet valid */ - case RD_AP_REPEAT : /* 034 Repeated request */ - case RD_AP_NOT_US : /* 035 The ticket isn't for us */ - case RD_AP_INCON : /* 036 Request is inconsistent */ - case RD_AP_BADD : /* 038 Incorrect net address */ - case RD_AP_VERSION : /* 039 protocol version mismatch */ - case RD_AP_MSG_TYPE : /* 040 invalid msg type */ - case RD_AP_MODIFIED : /* 041 message stream modified */ - case RD_AP_ORDER : /* 042 message out of order */ - case RD_AP_UNAUTHOR : /* 043 unauthorized request */ - /* no extra error msg */ - sugg_code = KHERR_SUGGEST_RETRY; - break; - - case GT_PW_NULL: /* 51 Current PW is null */ - case GT_PW_BADPW: /* 52 Incorrect current password */ - case GT_PW_PROT: /* 53 Protocol Error */ - case GT_PW_KDCERR: /* 54 Error returned by KDC */ - case GT_PW_NULLTKT: /* 55 Null tkt returned by KDC */ - /* no error msg yet */ - sugg_code = KHERR_SUGGEST_RETRY; - break; - - /* Values returned by send_to_kdc */ - case SKDC_RETRY : /* 56 Retry count exceeded */ - case SKDC_CANT : /* 57 Can't send request */ - msg_id = MSG_ERR_KDC_CONTACT; - break; - /* no error message on purpose: */ - case INTK_BADPW : /* 062 Incorrect password */ - sugg_code = KHERR_SUGGEST_RETRY; - break; - default: - /* no extra error msg */ - break; - } - } else if (table_num == kadm_err_base) { - switch(code) { - case KADM_INSECURE_PW: - /* if( kadm_info != NULL ){ - * wsprintf(buf, "%s\n%s", com_err_msg, kadm_info); - * } else { - * wsprintf(buf, "%s\nPlease see the help file for information " - * "about secure passwords.", com_err_msg); - * } - * com_err_msg = buf; - */ - - /* The above code would be preferred since it allows site - * specific information to be delivered from the Kerberos - * server. However the message box is too small for VGA - * screens. It does work well if we only have to support - * 1024x768 - */ - - msg_id = MSG_ERR_INSECURE_PW; - sugg_code = KHERR_SUGGEST_RETRY; - break; - - default: - /* no extra error msg */ - break; - } - } else if (table_num == WSABASEERR) { - switch(code) { - case WSAENETDOWN: - msg_id = MSG_ERR_NETDOWN; - sugg_id = MSG_ERR_S_NETRETRY; - sugg_code = KHERR_SUGGEST_RETRY; - break; - - case WSATRY_AGAIN: - msg_id = MSG_ERR_TEMPDOWN; - sugg_id = MSG_ERR_S_TEMPDOWN; - sugg_code = KHERR_SUGGEST_RETRY; - break; - - case WSAENETUNREACH: - case WSAENETRESET: - case WSAECONNABORTED: - case WSAECONNRESET: - case WSAETIMEDOUT: - case WSAECONNREFUSED: - case WSAEHOSTDOWN: - case WSAEHOSTUNREACH: - msg_id = MSG_ERR_NOHOST; - sugg_id = MSG_ERR_S_NOHOST; - sugg_code = KHERR_SUGGEST_RETRY; - break; - } - } - - if (msg_id != 0) { - FormatMessage(FORMAT_MESSAGE_FROM_HMODULE | - FORMAT_MESSAGE_IGNORE_INSERTS, - KHERR_HMODULE, - msg_id, - 0, - buf, - (int) (cbbuf / sizeof(buf[0])), - NULL); - } - - if (sugg_id != 0) { - *suggestion = sugg_id; - } - - if (sugg_code != KHERR_SUGGEST_NONE) - *suggest_code = sugg_code; -} - -#ifdef DEPRECATED_REMOVABLE -int lsh_com_err_proc (LPSTR whoami, long code, - LPSTR fmt, va_list args) -{ - int retval; - HWND hOldFocus; - char buf[1024], *cp; - WORD mbformat = MB_OK | MB_ICONEXCLAMATION; - - cp = buf; - memset(buf, '\0', sizeof(buf)); - cp[0] = '\0'; - - if (code) - { - err_describe(buf, code); - while (*cp) - cp++; - } - - if (fmt) - { - if (fmt[0] == '%' && fmt[1] == 'b') - { - fmt += 2; - mbformat = va_arg(args, WORD); - /* if the first arg is a %b, we use it for the message - box MB_??? flags. */ - } - if (code) - { - *cp++ = '\n'; - *cp++ = '\n'; - } - wvsprintfA((LPSTR)cp, fmt, args); - } - hOldFocus = GetFocus(); - retval = MessageBoxA(/*GetRootParent(hOldFocus)*/NULL, buf, whoami, - mbformat | MB_ICONHAND | MB_TASKMODAL); - SetFocus(hOldFocus); - return retval; -} -#endif diff --git a/src/windows/identity/plugins/krb5/errorfuncs.h b/src/windows/identity/plugins/krb5/errorfuncs.h deleted file mode 100644 index c03eba575..000000000 --- a/src/windows/identity/plugins/krb5/errorfuncs.h +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Copyright (c) 2005 Massachusetts Institute of Technology - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -/* $Id$ */ - -#ifndef __KHIMAIRA_ERR_H -#define __KHIMAIRA_ERR_H - -/* All error handling and reporting related functions for the krb4/5 - and AFS plugins */ - -#include <errno.h> -#include <com_err.h> -/* - * This is a hack needed because the real com_err.h does - * not define err_func. We need it in the case where - * we pull in the real com_err instead of the krb4 - * impostor. - */ -#ifndef _DCNS_MIT_COM_ERR_H -typedef LPSTR (*err_func)(int, long); -#endif - -#include <krberr.h> -#include <kadm_err.h> - -#define kadm_err_base ERROR_TABLE_BASE_kadm - -#include <stdarg.h> - -#ifndef KRBERR -#define KRBERR(code) (code + krb_err_base) -#endif - -/*! \internal - \brief Describe an error - - \param[in] code Error code returned by Kerberos - \param[out] buf Receives the error string - \param[in] cbbuf Size of buffer pointed to by \a buf - \param[out] suggestion Message ID of suggestion - \param[out] suggest_code Suggestion ID -*/ -void khm_err_describe(long code, wchar_t * buf, khm_size cbbuf, - DWORD * suggestion, - kherr_suggestion * suggest_code); - -/* */ -khm_int32 init_error_funcs(); - -khm_int32 exit_error_funcs(); - - -#endif diff --git a/src/windows/identity/plugins/krb5/images/deleted.ico b/src/windows/identity/plugins/krb5/images/deleted.ico Binary files differdeleted file mode 100644 index a8063f9ee..000000000 --- a/src/windows/identity/plugins/krb5/images/deleted.ico +++ /dev/null diff --git a/src/windows/identity/plugins/krb5/images/krb5plugin.ico b/src/windows/identity/plugins/krb5/images/krb5plugin.ico Binary files differdeleted file mode 100644 index 791b35969..000000000 --- a/src/windows/identity/plugins/krb5/images/krb5plugin.ico +++ /dev/null diff --git a/src/windows/identity/plugins/krb5/images/modified.ico b/src/windows/identity/plugins/krb5/images/modified.ico Binary files differdeleted file mode 100644 index 733d9d534..000000000 --- a/src/windows/identity/plugins/krb5/images/modified.ico +++ /dev/null diff --git a/src/windows/identity/plugins/krb5/images/new.ico b/src/windows/identity/plugins/krb5/images/new.ico Binary files differdeleted file mode 100644 index 1049eb214..000000000 --- a/src/windows/identity/plugins/krb5/images/new.ico +++ /dev/null diff --git a/src/windows/identity/plugins/krb5/images/normal.ico b/src/windows/identity/plugins/krb5/images/normal.ico Binary files differdeleted file mode 100644 index 56a702fee..000000000 --- a/src/windows/identity/plugins/krb5/images/normal.ico +++ /dev/null diff --git a/src/windows/identity/plugins/krb5/krb5configcc.c b/src/windows/identity/plugins/krb5/krb5configcc.c deleted file mode 100644 index 8b0286f0f..000000000 --- a/src/windows/identity/plugins/krb5/krb5configcc.c +++ /dev/null @@ -1,582 +0,0 @@ -/* - * Copyright (c) 2005 Massachusetts Institute of Technology - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -/* $Id$ */ - -#if _WIN32_WINNT < 0x501 -#undef _WIN32_WINNT -#define _WIN32_WINNT 0x501 -#endif - -#include<krbcred.h> -#include<krb5.h> -#include<assert.h> -#include<lm.h> -#include<commctrl.h> -#include<shlwapi.h> - -#include<strsafe.h> - -typedef struct tag_k5_file_cc { - wchar_t path[MAX_PATH]; - khm_int32 flags; -} k5_file_cc; - -#define K5_FCC_ALLOC_INCR 8 - -#define K5_FCC_FLAG_EXISTS 1 - -typedef struct tag_k5_ccc_data { - khm_boolean inc_api; - khm_boolean inc_mslsa; - k5_file_cc * file_ccs; - khm_size n_file_ccs; - khm_size nc_file_ccs; -} k5_ccc_data; - -typedef struct tag_k5_ccc_dlg_data { - khui_config_node node; - k5_ccc_data save; - k5_ccc_data work; -} k5_ccc_dlg_data; - -void k5_free_file_ccs(k5_ccc_data * d) { - if (d->file_ccs) - PFREE(d->file_ccs); - d->n_file_ccs = 0; - d->nc_file_ccs = 0; -} - -void k5_flush_file_ccs(k5_ccc_data * d) { - d->n_file_ccs = 0; -} - -void k5_del_file_cc(k5_ccc_data * d, khm_size idx) { - if (idx > d->n_file_ccs) - return; - - if (idx < d->n_file_ccs - 1) { - MoveMemory(&d->file_ccs[idx], - &d->file_ccs[idx + 1], - sizeof(d->file_ccs[0]) * (d->n_file_ccs - (idx + 1))); - } - - d->n_file_ccs--; -} - -void k5_add_file_cc(k5_ccc_data * d, wchar_t * path) { - khm_size i; - khm_size cch; - - if (FAILED(StringCchLength(path, MAX_PATH, &cch)) || - cch == 0) - return; - - /* see if it's there first */ - for (i=0; i < d->n_file_ccs; i++) { - if(!_wcsicmp(d->file_ccs[i].path, path)) - return; - } - - if (d->n_file_ccs == d->nc_file_ccs) { - k5_file_cc * f; - - d->nc_file_ccs = UBOUNDSS(d->n_file_ccs + 1, - K5_FCC_ALLOC_INCR, - K5_FCC_ALLOC_INCR); -#ifdef DEBUG - assert(d->nc_file_ccs > d->n_file_ccs); -#endif - f = PMALLOC(sizeof(*f) * d->nc_file_ccs); - ZeroMemory(f, sizeof(*f) * d->nc_file_ccs); - - if (d->n_file_ccs > 0) { -#ifdef DEBUG - assert(d->file_ccs != NULL); -#endif - memcpy(f, d->file_ccs, sizeof(*f) * d->n_file_ccs); - } - if (d->file_ccs) - PFREE(d->file_ccs); - d->file_ccs = f; - } - - StringCbCopy(d->file_ccs[d->n_file_ccs].path, - sizeof(d->file_ccs[0].path), - path); - if(PathFileExists(path)) - d->file_ccs[d->n_file_ccs].flags = K5_FCC_FLAG_EXISTS; - else - d->file_ccs[d->n_file_ccs].flags = 0; - - d->n_file_ccs++; -} - -void k5_read_file_cc_data(k5_ccc_data * d) { - khm_int32 t; - wchar_t * fclist = NULL; - wchar_t * fc; - khm_size cb; - -#ifdef DEBUG - assert(csp_params); -#endif - - d->inc_api = TRUE; - t = TRUE; - khc_read_int32(csp_params, L"MsLsaList", &t); - d->inc_mslsa = t; - - if (khc_read_multi_string(csp_params, L"FileCCList", NULL, &cb) - != KHM_ERROR_TOO_LONG || - cb <= sizeof(wchar_t) * 2) { - - k5_flush_file_ccs(d); - } else { - fclist = PMALLOC(cb); -#ifdef DEBUG - assert(fclist); -#endif - khc_read_multi_string(csp_params, L"FileCCList", fclist, &cb); - - for(fc = fclist; fc && *fc; fc = multi_string_next(fc)) { - k5_add_file_cc(d, fc); - } - - PFREE(fclist); - } -} - -void k5_write_file_cc_data(k5_ccc_data * d) { - wchar_t * ms; - khm_size cb; - khm_size cbt; - khm_int32 t; - khm_size i; - -#ifdef DEBUG - assert(csp_params); -#endif - if (KHM_FAILED(khc_read_int32(csp_params, L"MsLsaList", &t)) || - !!t != !!d->inc_mslsa) { - khc_write_int32(csp_params, L"MsLsaList", !!d->inc_mslsa); - } - - if (d->n_file_ccs > 0) { - cb = d->n_file_ccs * MAX_PATH * sizeof(wchar_t); - ms = PMALLOC(cb); -#ifdef DEBUG - assert(ms); -#endif - multi_string_init(ms, cb); - - for(i=0; i<d->n_file_ccs; i++) { - cbt = cb; - multi_string_append(ms, &cbt, d->file_ccs[i].path); - } - - khc_write_multi_string(csp_params, L"FileCCList", ms); - - PFREE(ms); - } else { - if (khc_read_multi_string(csp_params, L"FileCCList", NULL, &cb) - != KHM_ERROR_TOO_LONG || - cb != sizeof(wchar_t) * 2) - - khc_write_multi_string(csp_params, L"FileCCList", L"\0\0"); - } -} - -void k5_copy_file_cc_data(k5_ccc_data * dest, const k5_ccc_data * src) { - khm_size i; - - k5_flush_file_ccs(dest); - dest->inc_mslsa = src->inc_mslsa; - dest->inc_api = src->inc_api; - - for (i=0; i < src->n_file_ccs; i++) { - k5_add_file_cc(dest, src->file_ccs[i].path); - } -} - -BOOL k5_ccc_get_mod(k5_ccc_dlg_data * d) { - khm_size i, j; - - if (!!d->work.inc_mslsa != !!d->save.inc_mslsa || - !!d->work.inc_api != !!d->save.inc_api || - d->work.n_file_ccs != d->save.n_file_ccs) - return TRUE; - - for (i=0; i < d->work.n_file_ccs; i++) { - for (j=0; j < d->save.n_file_ccs; j++) { - if (!_wcsicmp(d->work.file_ccs[i].path, - d->save.file_ccs[j].path)) - break; - } - if (j >= d->save.n_file_ccs) - return TRUE; - } - - return FALSE; -} - -void k5_ccc_update_ui(HWND hwnd, k5_ccc_dlg_data * d) { - khm_size i; - HWND lv; - - if (d->work.inc_api) - CheckDlgButton(hwnd, IDC_CFG_INCAPI, BST_CHECKED); - else - CheckDlgButton(hwnd, IDC_CFG_INCAPI, BST_UNCHECKED); - if (d->work.inc_mslsa) - CheckDlgButton(hwnd, IDC_CFG_INCMSLSA, BST_CHECKED); - else - CheckDlgButton(hwnd, IDC_CFG_INCMSLSA, BST_UNCHECKED); - - lv = GetDlgItem(hwnd, IDC_CFG_FCLIST); -#ifdef DEBUG - assert(lv); -#endif - ListView_DeleteAllItems(lv); - - for (i=0; i<d->work.n_file_ccs; i++) { - LVITEM lvi; - - ZeroMemory(&lvi, sizeof(lvi)); - - lvi.mask = LVIF_PARAM | LVIF_TEXT; - lvi.lParam = (LPARAM) i; - lvi.pszText = d->work.file_ccs[i].path; - - ListView_InsertItem(lv, &lvi); - } - - if (k5_ccc_get_mod(d)) { - khui_cfg_set_flags(d->node, - KHUI_CNFLAG_MODIFIED, - KHUI_CNFLAG_MODIFIED); - } else { - khui_cfg_set_flags(d->node, - 0, - KHUI_CNFLAG_MODIFIED); - } -} - -void k5_ccc_update_data(HWND hwnd, k5_ccc_data * d) { - if (IsDlgButtonChecked(hwnd, IDC_CFG_INCAPI) == BST_CHECKED) - d->inc_api = TRUE; - else - d->inc_api = FALSE; - - if (IsDlgButtonChecked(hwnd, IDC_CFG_INCMSLSA) == BST_CHECKED) - d->inc_mslsa = TRUE; - else - d->inc_mslsa = FALSE; - /* everything else is controlled by buttons */ -} - -INT_PTR CALLBACK -k5_ccconfig_dlgproc(HWND hwnd, - UINT uMsg, - WPARAM wParam, - LPARAM lParam) { - - k5_ccc_dlg_data * d; - - switch(uMsg) { - case WM_INITDIALOG: - d = PMALLOC(sizeof(*d)); -#ifdef DEBUG - assert(d); -#endif - ZeroMemory(d, sizeof(*d)); - k5_read_file_cc_data(&d->save); - k5_copy_file_cc_data(&d->work, &d->save); - - d->node = (khui_config_node) lParam; - -#pragma warning(push) -#pragma warning(disable: 4244) - SetWindowLongPtr(hwnd, DWLP_USER, (LONG_PTR) d); -#pragma warning(pop) - - { - LVCOLUMN lvc; - HWND lv; - wchar_t buf[256]; - RECT r; - - lv = GetDlgItem(hwnd, IDC_CFG_FCLIST); -#ifdef DEBUG - assert(lv); -#endif - ZeroMemory(&lvc, sizeof(lvc)); - lvc.mask = LVCF_TEXT | LVCF_WIDTH; - - LoadString(hResModule, IDS_CFG_FCTITLE, - buf, ARRAYLENGTH(buf)); - - GetWindowRect(lv, &r); - - lvc.pszText = buf; - lvc.cx = (r.right - r.left) * 9 / 10; - - ListView_InsertColumn(lv, 0, &lvc); - } - - SendDlgItemMessage(hwnd, IDC_CFG_FCNAME, EM_SETLIMITTEXT, - MAX_PATH - 1, 0); - - k5_ccc_update_ui(hwnd, d); - break; - - case WM_COMMAND: - d = (k5_ccc_dlg_data *) (DWORD_PTR) - GetWindowLongPtr(hwnd, DWLP_USER); - - if (d == NULL) - break; - - switch(wParam) { - case MAKEWPARAM(IDC_CFG_ADD, BN_CLICKED): - { - wchar_t path[MAX_PATH]; - wchar_t cpath[MAX_PATH]; - khm_size i; - - GetDlgItemText(hwnd, IDC_CFG_FCNAME, - cpath, ARRAYLENGTH(cpath)); - - PathCanonicalize(path, cpath); - - if (!*path) - return TRUE; /* nothing to add */ - - for (i=0; i < d->work.n_file_ccs; i++) { - if (!_wcsicmp(path, d->work.file_ccs[i].path)) { - - /* allow the user to correct case, as appropriate */ - StringCbCopy(d->work.file_ccs[i].path, - sizeof(d->work.file_ccs[i].path), - path); - k5_ccc_update_ui(hwnd, d); - return TRUE; - } - } - - /* not there. we need to add. but check a few things - first */ - if (!PathFileExists(path)) { - wchar_t title[64]; - wchar_t text[128]; - - LoadString(hResModule, IDS_CFG_FCN_WARNING, - title, ARRAYLENGTH(title)); - - LoadString(hResModule, IDS_CFG_FCN_W_NOTFOUND, - text, ARRAYLENGTH(text)); -#if _WIN32_WINNT >= 0x501 - if (IS_COMMCTL6()) - { - EDITBALLOONTIP bt; - - bt.cbStruct = sizeof(bt); - bt.pszTitle = title; - bt.pszText = text; - bt.ttiIcon = TTI_WARNING; - - SendDlgItemMessage(hwnd, IDC_CFG_FCNAME, - EM_SHOWBALLOONTIP, - 0, - (LPARAM) &bt); - } else { -#endif - MessageBox(hwnd, text, title, MB_OK | MB_ICONWARNING); -#if _WIN32_WINNT >= 0x501 - } -#endif - } else if (PathIsRelative(path)) { - wchar_t title[64]; - wchar_t text[128]; - - LoadString(hResModule, IDS_CFG_FCN_WARNING, - title, ARRAYLENGTH(title)); - LoadString(hResModule, IDS_CFG_FCN_W_RELATIVE, - text, ARRAYLENGTH(text)); - -#if _WIN32_WINNT >= 0x501 - if (IS_COMMCTL6()) - { - EDITBALLOONTIP bt; - - bt.cbStruct = sizeof(bt); - bt.pszTitle = title; - bt.pszText = text; - bt.ttiIcon = TTI_WARNING; - - SendDlgItemMessage(hwnd, IDC_CFG_FCNAME, - EM_SHOWBALLOONTIP, - 0, - (LPARAM) &bt); - } else { -#endif - MessageBox(hwnd, text, title, MB_OK | MB_ICONWARNING); -#if _WIN32_WINNT >= 0x501 - } -#endif - } - - k5_add_file_cc(&d->work, path); - - k5_ccc_update_ui(hwnd, d); - } - return TRUE; - - case MAKEWPARAM(IDC_CFG_BROWSE, BN_CLICKED): - { - OPENFILENAME ofn; - wchar_t path[MAX_PATH * 8]; - wchar_t title[128]; - - ZeroMemory(&ofn, sizeof(ofn)); - ZeroMemory(path, sizeof(path)); - - GetDlgItemText(hwnd, IDC_CFG_FCNAME, - path, ARRAYLENGTH(path)); - - /* don't pass in invalid paths */ - if (!PathFileExists(path)) - *path = 0; - - ofn.lStructSize = sizeof(ofn); - ofn.hwndOwner = hwnd; - ofn.lpstrFilter = L"All files\0*.*\0\0"; - ofn.nFilterIndex = 1; - ofn.lpstrFile = path; - ofn.nMaxFile = ARRAYLENGTH(path); - ofn.lpstrTitle = title; - - LoadString(hResModule, IDS_CFG_FCOPENTITLE, - title, ARRAYLENGTH(title)); - - ofn.Flags = OFN_ALLOWMULTISELECT | - OFN_DONTADDTORECENT | - OFN_FORCESHOWHIDDEN | - OFN_EXPLORER; - - if (GetOpenFileName(&ofn)) { - wchar_t * p; - wchar_t spath[MAX_PATH]; - - p = multi_string_next(path); - if (p) { - /* multi select */ - for(;p && *p; p = multi_string_next(p)) { - StringCbCopy(spath, sizeof(spath), path); - PathAppend(spath, p); - - k5_add_file_cc(&d->work, spath); - } - } else { - /* single select */ - k5_add_file_cc(&d->work, path); - } - k5_ccc_update_ui(hwnd, d); - } - } - return TRUE; - - case MAKEWPARAM(IDC_CFG_REMOVE, BN_CLICKED): - { - khm_size i; - int lv_idx; - HWND lv; - wchar_t buf[MAX_PATH]; - - lv = GetDlgItem(hwnd, IDC_CFG_FCLIST); -#ifdef DEBUG - assert(lv); -#endif - - lv_idx = -1; - while((lv_idx = ListView_GetNextItem(lv, lv_idx, - LVNI_SELECTED)) != -1) { - ListView_GetItemText(lv, lv_idx, 0, buf, ARRAYLENGTH(buf)); - for (i=0; i < d->work.n_file_ccs; i++) { - if (!_wcsicmp(buf, d->work.file_ccs[i].path)) { - k5_del_file_cc(&d->work, i); - break; - } - } - } - - k5_ccc_update_ui(hwnd, d); - } - return TRUE; - - case MAKEWPARAM(IDC_CFG_INCAPI, BN_CLICKED): - case MAKEWPARAM(IDC_CFG_INCMSLSA, BN_CLICKED): - k5_ccc_update_data(hwnd, &d->work); - k5_ccc_update_ui(hwnd, d); - return TRUE; - } - break; - - case WM_DESTROY: - d = (k5_ccc_dlg_data *) (DWORD_PTR) - GetWindowLongPtr(hwnd, DWLP_USER); - - if (d == NULL) - break; - - k5_free_file_ccs(&d->work); - k5_free_file_ccs(&d->save); - PFREE(d); - SetWindowLongPtr(hwnd, DWLP_USER, 0); - return TRUE; - - case KHUI_WM_CFG_NOTIFY: - d = (k5_ccc_dlg_data *) (DWORD_PTR) - GetWindowLongPtr(hwnd, DWLP_USER); - - if (d == NULL) - break; - - switch(HIWORD(wParam)) { - case WMCFG_APPLY: - if (k5_ccc_get_mod(d)) { - k5_write_file_cc_data(&d->work); - k5_copy_file_cc_data(&d->save, &d->work); - khui_cfg_set_flags(d->node, - KHUI_CNFLAG_APPLIED, - KHUI_CNFLAG_APPLIED); - k5_ccc_update_ui(hwnd, d); - - kmq_post_sub_msg(k5_sub, KMSG_CRED, KMSG_CRED_REFRESH, 0, 0); - } - break; - } - } - return FALSE; -} diff --git a/src/windows/identity/plugins/krb5/krb5configdlg.c b/src/windows/identity/plugins/krb5/krb5configdlg.c deleted file mode 100644 index d6221123c..000000000 --- a/src/windows/identity/plugins/krb5/krb5configdlg.c +++ /dev/null @@ -1,2896 +0,0 @@ -/* - * Copyright (c) 2005 Massachusetts Institute of Technology - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -/* $Id$ */ - -#include<krbcred.h> -#include<krb5.h> -#include<assert.h> -#include<lm.h> -#include<commctrl.h> -#include<shlwapi.h> - -#include<strsafe.h> - -#pragma warning(disable: 4204 4221) - -typedef struct tag_k5_realm_kdc { - wchar_t name[K5_MAXCCH_HOST]; - khm_boolean admin; /* admin server? */ - khm_boolean master; /* master kdc? */ - khm_int32 flags; -} k5_realm_kdc; - -#define K5_RKFLAG_DELETED 1 -#define K5_RKFLAG_NEW 2 -#define K5_RKFLAG_MOD_ADMIN 4 -#define K5_RKFLAG_MOD_MASTER 8 - -typedef struct tag_k5_domain_map { - wchar_t name[K5_MAXCCH_HOST]; /* name of host that maps to a - realm */ - khm_int32 flags; -} k5_domain_map; - -#define K5_DMFLAG_DELETED 1 -#define K5_DMFLAG_NEW 2 - -typedef struct tag_k5_realm_data { - wchar_t realm[K5_MAXCCH_REALM]; - k5_realm_kdc kdcs[K5_MAX_KDC]; - khm_size n_kdcs; - k5_domain_map domain_maps[K5_MAX_DOMAIN_MAPPINGS]; - khm_size n_domain_maps; - - khm_int32 flags; -} k5_realm_data; - -#define K5_RDFLAG_DELETED 1 -#define K5_RDFLAG_NEW 2 -#define K5_RDFLAG_MODIFED 4 - -#define K5_REALMS_ALLOC_INCR 8 - -typedef struct tag_k5_config_data { - wchar_t def_realm[K5_MAXCCH_REALM]; /* default realm */ - - wchar_t config_file[MAX_PATH]; /* path to configuration file */ - khm_boolean create_config_file; /* create config_file if missing? */ - khm_boolean inc_realms; /* include full realm list in new - credentials dialog? */ - wchar_t loaded_config_file[MAX_PATH]; /* path to the - configuration file - that has been - loaded into the - realm editor. */ - - /* [libdefaults] */ - khm_boolean dns_lookup_kdc; - khm_boolean dns_lookup_realm; - khm_boolean dns_fallback; - - khm_boolean noaddresses; - - k5_lsa_import lsa_import; /* import mslsa creds? */ - - /* [realms] */ - k5_realm_data *realms; - khm_size n_realms; - khm_size nc_realms; - khm_size c_realm; - - khui_config_node node_main; - khui_config_node node_realm; - - khm_int32 flags; - - /* used by the realm editor */ - HMENU hm_realms_ctx; - HMENU hm_kdc_ctx; - HMENU hm_dmap_ctx; -} k5_config_data; - -#define K5_CDFLAG_MOD_DEF_REALM 0x00000001 -#define K5_CDFLAG_MOD_CONF_FILE 0x00000002 -#define K5_CDFLAG_MOD_DNS_LOOKUP_KDC 0x00000004 -#define K5_CDFLAG_MOD_DNS_LOOKUP_RLM 0x00000008 -#define K5_CDFLAG_MOD_DNS_FALLBACK 0x00000010 -#define K5_CDFLAG_MOD_NOADDRESSES 0x00000020 -#define K5_CDFLAG_MOD_LSA_IMPORT 0x00000040 -#define K5_CDFLAG_MOD_CREATE_CONF 0x00000080 -#define K5_CDFLAG_MOD_INC_REALMS 0x00000100 -#define K5_CDFLAG_MOD_REALMS 0x00001000 - -void -k5_init_config_data(k5_config_data * d) { - ZeroMemory(d, sizeof(*d)); -} - -void -k5_free_config_data(k5_config_data * d) { - if (d->realms) - PFREE(d->realms); - - k5_init_config_data(d); -} - -static void -k5_assert_n_realms(k5_config_data * d, khm_size n) { - khm_size nc_realms; - - if (n <= d->nc_realms) - return; - - nc_realms = UBOUNDSS(n, K5_REALMS_ALLOC_INCR, K5_REALMS_ALLOC_INCR); - assert(nc_realms > d->nc_realms); - - d->realms = PREALLOC(d->realms, nc_realms * sizeof(*(d->realms))); - d->nc_realms = nc_realms; - - ZeroMemory(&d->realms[d->n_realms], - (d->nc_realms - d->n_realms) * sizeof(*(d->realms))); -} - -void -k5_purge_config_data(k5_config_data * d, - khm_boolean purge_realms, - khm_boolean purge_kdcs, - khm_boolean purge_dmap) { - khm_size r; - khm_size k; - khm_size m; - - for (r=0; r < d->n_realms; r++) { - if (purge_realms && - (d->realms[r].flags & K5_RDFLAG_NEW) && - (d->realms[r].flags & K5_RDFLAG_DELETED)) { - - if (d->n_realms > r+1) - MoveMemory(&d->realms[r], &d->realms[r+1], - sizeof(d->realms[0]) * (d->n_realms - (r+1))); - r--; - d->n_realms--; - continue; - } - - for (k=0; k < d->realms[r].n_kdcs; k++) { - if (purge_kdcs && - (d->realms[r].kdcs[k].flags & K5_RKFLAG_NEW) && - (d->realms[r].kdcs[k].flags & K5_RKFLAG_DELETED)) { - if (d->realms[r].n_kdcs > k + 1) - MoveMemory(&d->realms[r].kdcs[k], - &d->realms[r].kdcs[k+1], - sizeof(d->realms[0].kdcs[0]) * - (d->realms[r].n_kdcs - (k+1))); - k--; - d->realms[r].n_kdcs--; - continue; - } - } - - if (K5_MAX_KDC > k+1) - ZeroMemory(&d->realms[r].kdcs[k], - sizeof(d->realms[0].kdcs[0]) * - (K5_MAX_KDC - (k + 1))); - - for (m=0; m < d->realms[r].n_domain_maps; m++) { - if (purge_dmap && - (d->realms[r].domain_maps[m].flags & K5_DMFLAG_NEW) && - (d->realms[r].domain_maps[m].flags & K5_DMFLAG_DELETED)) { - if (d->realms[r].n_domain_maps > m + 1) - MoveMemory(&d->realms[r].domain_maps[m], - &d->realms[r].domain_maps[m+1], - sizeof(d->realms[0].domain_maps[0]) * - (d->realms[r].n_domain_maps - (m+1))); - m--; - d->realms[r].n_domain_maps--; - continue; - } - } - - if (K5_MAX_DOMAIN_MAPPINGS > m+1) - ZeroMemory(&d->realms[r].domain_maps[m], - sizeof(d->realms[0].domain_maps[0]) * - (K5_MAX_DOMAIN_MAPPINGS - (m+1))); - } - - if (d->nc_realms > r + 1) - ZeroMemory(&d->realms[r], - sizeof(d->realms[0]) * - (d->nc_realms - (r + 1))); -} - -static khm_boolean -k5_is_profile_loaded(void) { -#ifdef DEBUG - assert(pprofile_init); - assert(pprofile_get_subsection_names); - assert(pprofile_get_values); - assert(pprofile_get_string); - assert(pprofile_get_relation_names); - assert(pprofile_free_list); - assert(pprofile_release_string); - assert(pprofile_release); - assert(pprofile_clear_relation); - assert(pprofile_add_relation); - assert(pprofile_update_relation); - assert(pprofile_flush); - assert(pprofile_rename_section); -#endif - - if (!pprofile_init || - !pprofile_get_subsection_names || - !pprofile_get_values || - !pprofile_get_string || - !pprofile_get_relation_names || - !pprofile_free_list || - !pprofile_release_string || - !pprofile_release || - !pprofile_clear_relation || - !pprofile_add_relation || - !pprofile_update_relation || - !pprofile_flush || - !pprofile_rename_section) - - return FALSE; - - return TRUE; -} - -void -k5_read_config_data(k5_config_data * d) { - wchar_t * defrealm; - char config_file[MAX_PATH]; - profile_t profile = NULL; - const char *filenames[2]; - long rv; - khm_size s; - - if (!k5_is_profile_loaded()) - return; - - defrealm = khm_krb5_get_default_realm(); - - if (defrealm) { - StringCbCopy(d->def_realm, sizeof(d->def_realm), defrealm); - PFREE(defrealm); - } else { - StringCbCopy(d->def_realm, sizeof(d->def_realm), L""); - } - - khm_krb5_get_profile_file(config_file, ARRAYLENGTH(config_file)); - - AnsiStrToUnicode(d->config_file, sizeof(d->config_file), config_file); - - filenames[0] = config_file; - filenames[1] = NULL; - - rv = pprofile_init(filenames, &profile); - - if (!rv) { - const char * sec_realms[] = { "realms", NULL }; - const char * sec_domain_realm[] = { "domain_realm", NULL }; - char ** sections; - char ** dr_from; - char * boolv; - - /* first fish out a few values from [libdefaults] */ - - rv = pprofile_get_string(profile, "libdefaults", "dns_lookup_kdc", - NULL, NULL, &boolv); - if (!rv && boolv) { - khm_boolean b; - - if (!khm_krb5_parse_boolean(boolv, &b)) - d->dns_lookup_kdc = b; - else - d->dns_lookup_kdc = FALSE; - pprofile_release_string(boolv); - } else - d->dns_lookup_kdc = FALSE; - - rv = pprofile_get_string(profile, "libdefaults", "dns_lookup_realm", - NULL, NULL, &boolv); - if (!rv && boolv) { - khm_boolean b; - - if (!khm_krb5_parse_boolean(boolv, &b)) - d->dns_lookup_realm = b; - else - d->dns_lookup_realm = FALSE; - pprofile_release_string(boolv); - } else - d->dns_lookup_realm = FALSE; - - rv = pprofile_get_string(profile, "libdefaults", "dns_fallback", - NULL, NULL, &boolv); - if (!rv && boolv) { - khm_boolean b; - - if (!khm_krb5_parse_boolean(boolv, &b)) - d->dns_fallback = b; - else - d->dns_fallback = FALSE; - pprofile_release_string(boolv); - } else - d->dns_fallback = FALSE; - - rv = pprofile_get_string(profile, "libdefaults", "noaddresses", - NULL, NULL, &boolv); - if (!rv && boolv) { - khm_boolean b; - - if (!khm_krb5_parse_boolean(boolv, &b)) - d->noaddresses = b; - else - d->noaddresses = TRUE; - pprofile_release_string(boolv); - } else - d->noaddresses = TRUE; - - /* now we look at the [realms] section */ - rv = pprofile_get_subsection_names(profile, sec_realms, §ions); - - /* what? no realms? whatever */ - if (rv) goto _skip_realms; - - /* get a count first */ - for (s=0; sections[s] && sections[s][0]; s++); - - k5_assert_n_realms(d, s); - d->n_realms = s; - - /* now go through each and fish out the kdcs, admin_server - and master_kdc. */ - for (s=0; sections[s] && sections[s][0]; s++) { - const char * sec_kdcs[] = - { "realms", sections[s], "kdc", NULL }; - - const char * sec_admin[] = - { "realms", sections[s], "admin_server", NULL }; - - const char * sec_master[] = - { "realms", sections[s], "master_kdc", NULL }; - - char ** values; - - AnsiStrToUnicode(d->realms[s].realm, sizeof(d->realms[s].realm), - sections[s]); - d->realms[s].n_kdcs = 0; - d->realms[s].n_domain_maps = 0; - - rv = pprofile_get_values(profile, sec_kdcs, &values); - if (!rv) { - khm_size i; - - for (i=0 ; values[i] && values[i][0] && i < K5_MAX_KDC; i++) { - AnsiStrToUnicode(d->realms[s].kdcs[i].name, - sizeof(d->realms[s].kdcs[i].name), - values[i]); - - } - d->realms[s].n_kdcs = i; - - pprofile_free_list(values); - } - - rv = pprofile_get_values(profile, sec_admin, &values); - if (!rv) { - khm_size i; - khm_size j; - wchar_t kdc_name[K5_MAXCCH_HOST]; - - for (i=0; values[i] && values[i][0]; i++) { - AnsiStrToUnicode(kdc_name, - sizeof(kdc_name), values[i]); - - for (j=0; j < d->realms[s].n_kdcs; j++) - if (!_wcsicmp(kdc_name, d->realms[s].kdcs[j].name)) - break; - - if (j < d->realms[s].n_kdcs) { - d->realms[s].kdcs[j].admin = TRUE; - } else if (d->realms[s].n_kdcs < K5_MAX_KDC) { - j = d->realms[s].n_kdcs; - StringCbCopy(d->realms[s].kdcs[j].name, - sizeof(d->realms[s].kdcs[j].name), - kdc_name); - d->realms[s].kdcs[j].admin = TRUE; - d->realms[s].n_kdcs ++; - } - } - pprofile_free_list(values); - } - - rv = pprofile_get_values(profile, sec_master, &values); - if (!rv) { - khm_size i; - khm_size j; - wchar_t kdc_name[K5_MAXCCH_HOST]; - - for (i=0; values[i] && values[i][0]; i++) { - AnsiStrToUnicode(kdc_name, sizeof(kdc_name), values[i]); - - for (j=0; j < d->realms[s].n_kdcs; j++) - if (!_wcsicmp(kdc_name, d->realms[s].kdcs[j].name)) - break; - - if (j < d->realms[s].n_kdcs) { - d->realms[s].kdcs[j].master = TRUE; - } else if (d->realms[s].n_kdcs < K5_MAX_KDC) { - j = d->realms[s].n_kdcs; - StringCbCopy(d->realms[s].kdcs[j].name, - sizeof(d->realms[s].kdcs[j].name), - kdc_name); - d->realms[s].kdcs[j].master = TRUE; - d->realms[s].n_kdcs ++; - } - } - - pprofile_free_list(values); - } - } - pprofile_free_list(sections); - - _skip_realms: - - rv = pprofile_get_relation_names(profile, sec_domain_realm, &dr_from); - if (!rv) { - khm_size i; - khm_size j; - char * dr_to; - wchar_t wdr_from[K5_MAXCCH_HOST]; - wchar_t wdr_to[K5_MAXCCH_HOST]; - - for (i=0; dr_from[i] && dr_from[i][0]; i++) { - AnsiStrToUnicode(wdr_from, sizeof(wdr_from), dr_from[i]); - - rv = pprofile_get_string(profile, "domain_realm", dr_from[i], - NULL, NULL, &dr_to); - - if (rv || !dr_to) - continue; - - AnsiStrToUnicode(wdr_to, sizeof(wdr_to), dr_to); - - for (j=0; j < d->n_realms; j++) { - if (!_wcsicmp(wdr_to, d->realms[j].realm)) - break; - } - - if (j >= d->n_realms) { - j = d->n_realms; - k5_assert_n_realms(d, j + 1); - - StringCbCopy(d->realms[j].realm, - sizeof(d->realms[j].realm), - wdr_to); - d->realms[j].n_kdcs = 0; - d->realms[j].n_domain_maps = 0; - - d->n_realms++; - } - - if (d->realms[j].n_domain_maps < K5_MAX_DOMAIN_MAPPINGS) { - khm_size k; - - k = d->realms[j].n_domain_maps; - - StringCbCopy(d->realms[j].domain_maps[k].name, - sizeof(d->realms[j].domain_maps[k].name), - wdr_from); - - d->realms[j].n_domain_maps++; - } - - pprofile_release_string(dr_to); - } - pprofile_free_list(dr_from); - } - pprofile_release(profile); - } - - { - khm_int32 t; - - /* last, read the MSLSA import setting */ - if (KHM_SUCCEEDED(khc_read_int32(csp_params, - L"MsLsaImport", &t))) { - d->lsa_import = t; - } else { - d->lsa_import = K5_LSAIMPORT_ALWAYS; - } - - if (KHM_SUCCEEDED(khc_read_int32(csp_params, - L"UseFullRealmList", &t))) { - d->inc_realms = !!t; - } else { - d->inc_realms = TRUE; - } - } - - d->flags = 0; -} - -int -k5_write_config_data(k5_config_data * d) { - char astr[MAX_PATH * 2]; - char config_file[MAX_PATH]; - profile_t profile = NULL; - const char *filenames[2]; - long rv; - khm_size s; - int applied = FALSE; - - if (d->flags == 0) - return FALSE; - - if (!k5_is_profile_loaded()) - return FALSE; - - /* write the MSLSA import setting */ - if (d->flags & K5_CDFLAG_MOD_LSA_IMPORT) { - khc_write_int32(csp_params, L"MsLsaImport", d->lsa_import); - d->flags &= ~K5_CDFLAG_MOD_LSA_IMPORT; - applied = TRUE; - } - - if (d->flags & K5_CDFLAG_MOD_INC_REALMS) { - khc_write_int32(csp_params, L"UseFullRealmList", d->inc_realms); - d->flags &= ~K5_CDFLAG_MOD_INC_REALMS; - applied = TRUE; - } - - if (!(d->flags & - (K5_CDFLAG_MOD_DEF_REALM | - K5_CDFLAG_MOD_CONF_FILE | - K5_CDFLAG_MOD_DNS_FALLBACK | - K5_CDFLAG_MOD_DNS_LOOKUP_RLM | - K5_CDFLAG_MOD_DNS_LOOKUP_KDC | - K5_CDFLAG_MOD_NOADDRESSES | - K5_CDFLAG_MOD_CREATE_CONF | - K5_CDFLAG_MOD_REALMS))) { - - d->flags = 0; - return applied; - } - - khm_krb5_get_profile_file(config_file, ARRAYLENGTH(config_file)); - - UnicodeStrToAnsi(astr, sizeof(astr), d->config_file); - - if (_stricmp(config_file, astr)) { - assert(FALSE); - } - - filenames[0] = config_file; - filenames[1] = NULL; - - rv = pprofile_init(filenames, &profile); - -#if FAILOVER_TO_TEMPORARY_FILE - if (rv) { - char temp_file[MAX_PATH]; - - khm_krb5_get_temp_profile_file(temp_file, - ARRAYLENGTH(temp_file)); - - filenames[0] = temp_file; - - rv = pprofile_init(filenames, &profile); - - ?? TODO: Also warn if we are doing this - } -#endif - - if (!rv) { - const char * sec_realms[] = { "realms", NULL }; - const char * sec_domain_realm[] = { "domain_realm", NULL }; - const char * sec_libdefaults[] = { "libdefaults", NULL, NULL }; - khm_size r; - - if (d->flags & K5_CDFLAG_MOD_DEF_REALM) { - if (SUCCEEDED(StringCbLength(d->def_realm, - sizeof(d->def_realm), &s)) && - s > 0) { - char defrealm[K5_MAXCCH_REALM]; - - UnicodeStrToAnsi(defrealm, sizeof(defrealm), - d->def_realm); - - khm_krb5_set_default_realm(d->def_realm); - - sec_libdefaults[1] = "default_realm"; - - pprofile_clear_relation(profile, sec_libdefaults); - - rv = pprofile_add_relation(profile, sec_libdefaults, - defrealm); - applied = TRUE; - } - d->flags &= ~K5_CDFLAG_MOD_DEF_REALM; - } - - if (d->flags & K5_CDFLAG_MOD_DNS_LOOKUP_KDC) { - - sec_libdefaults[1] = "dns_lookup_kdc"; - - pprofile_clear_relation(profile, sec_libdefaults); - - rv = pprofile_add_relation(profile, sec_libdefaults, - (d->dns_lookup_kdc)? - KRB5_CONF_YES: - KRB5_CONF_NO); - d->flags &= ~K5_CDFLAG_MOD_DNS_LOOKUP_KDC; - applied = TRUE; - } - - if (d->flags & K5_CDFLAG_MOD_DNS_LOOKUP_RLM) { - - sec_libdefaults[1] = "dns_lookup_realm"; - - pprofile_clear_relation(profile, sec_libdefaults); - - rv = pprofile_add_relation(profile, sec_libdefaults, - (d->dns_lookup_realm)? - KRB5_CONF_YES: - KRB5_CONF_NO); - - d->flags &= ~K5_CDFLAG_MOD_DNS_LOOKUP_RLM; - applied = TRUE; - } - - if (d->flags & K5_CDFLAG_MOD_DNS_FALLBACK) { - - sec_libdefaults[1] = "dns_fallback"; - - pprofile_clear_relation(profile, sec_libdefaults); - - rv = pprofile_add_relation(profile, sec_libdefaults, - (d->dns_fallback)? - KRB5_CONF_YES: - KRB5_CONF_NO); - - d->flags &= ~K5_CDFLAG_MOD_DNS_FALLBACK; - applied = TRUE; - } - - if (d->flags & K5_CDFLAG_MOD_NOADDRESSES) { - - sec_libdefaults[1] = "noaddresses"; - - pprofile_clear_relation(profile, sec_libdefaults); - - rv = pprofile_add_relation(profile, sec_libdefaults, - (d->noaddresses)? - KRB5_CONF_YES: - KRB5_CONF_NO); - - d->flags &= ~K5_CDFLAG_MOD_NOADDRESSES; - applied = TRUE; - } - - /* now we look at the [realms] section */ - - for (r=0; r < d->n_realms; r++) { - char realm[K5_MAXCCH_REALM]; - char host[K5_MAXCCH_HOST]; - - const char * sec_kdcs[] = - { "realms", realm, "kdc", NULL }; - - const char * sec_admin[] = - { "realms", realm, "admin_server", NULL }; - - const char * sec_master[] = - { "realms", realm, "master_kdc", NULL }; - - const char * sec_domain_map[] = - { "domain_realm", host, NULL }; - - char ** values; - - UnicodeStrToAnsi(realm, sizeof(realm), - d->realms[r].realm); - - if (!(d->realms[r].flags & K5_RDFLAG_DELETED) && - (d->realms[r].flags & K5_RDFLAG_NEW)) { - - khm_size k; - khm_size m; - - /* this is a new realm */ - - for (k=0; k < d->realms[r].n_kdcs; k++) { - if (!(d->realms[r].kdcs[k].flags & K5_RKFLAG_DELETED)) { - UnicodeStrToAnsi(host, sizeof(host), - d->realms[r].kdcs[k].name); - - if (d->realms[r].kdcs[k].master) - pprofile_add_relation(profile, sec_master, - host); - - pprofile_add_relation(profile, sec_kdcs, - host); - - if (d->realms[r].kdcs[k].admin) - pprofile_add_relation(profile, sec_admin, - host); - - d->realms[r].kdcs[k].flags &= ~ (K5_RKFLAG_NEW | - K5_RKFLAG_MOD_MASTER | - K5_RKFLAG_MOD_ADMIN); - applied = TRUE; - } - } - - for (m=0; m < d->realms[r].n_domain_maps; m++) { - - UnicodeStrToAnsi(host, sizeof(host), - d->realms[r].domain_maps[m].name); - - if ((d->realms[r].domain_maps[m].flags & - K5_DMFLAG_DELETED) && - !(d->realms[r].domain_maps[m].flags & - K5_DMFLAG_NEW)) { - pprofile_clear_relation(profile, sec_domain_map); - - /* setting this flag indicates that the item - is deleted and not in the profile file - anymore. */ - d->realms[r].domain_maps[m].flags |= K5_DMFLAG_NEW; - applied = TRUE; - } else if (!(d->realms[r].domain_maps[m].flags & - K5_DMFLAG_DELETED) && - (d->realms[r].domain_maps[m].flags & - K5_DMFLAG_NEW)) { - pprofile_add_relation(profile, sec_domain_map, - realm); - - d->realms[r].domain_maps[m].flags &= ~K5_DMFLAG_NEW; - applied = TRUE; - } - } - - d->realms[r].flags &= ~(K5_RDFLAG_NEW | - K5_RDFLAG_MODIFED); - - } else if ((d->realms[r].flags & K5_RDFLAG_DELETED) && - !(d->realms[r].flags & K5_RDFLAG_NEW)) { - - const char * sec_all[] = - { "realms", realm, NULL, NULL }; - khm_size v; - - /* this realm should be deleted */ - - rv = pprofile_get_relation_names(profile, sec_all, - &values); - if (!rv) { - for (v=0; values[v] && values[v][0]; v++) { - sec_all[2] = values[v]; - pprofile_clear_relation(profile, sec_all); - } - sec_all[2] = NULL; - pprofile_rename_section(profile, sec_all, NULL); - pprofile_free_list(values); - applied = TRUE; - } - - rv = pprofile_get_relation_names(profile, sec_domain_realm, - &values); - if (!rv) { - char * maprealm; - - for (v=0; values[v] && values[v][0]; v++) { - - rv = pprofile_get_string(profile, "domain_realm", - values[v], NULL, NULL, - &maprealm); - - if (!rv) { - if (!strcmp(maprealm, realm)) { - StringCbCopyA(host, sizeof(host), - values[v]); - pprofile_clear_relation(profile, - sec_domain_map); - applied = TRUE; - } - pprofile_release_string(maprealm); - } - } - - pprofile_free_list(values); - } - - /* setting this flag indicate that the realm is - deleted and is not in the profile file. */ - d->realms[r].flags |= K5_RDFLAG_NEW; - - } else if (!(d->realms[r].flags & K5_RDFLAG_DELETED) && - (d->realms[r].flags & K5_RDFLAG_MODIFED)) { - khm_size k; - khm_size m; - - /* same as before. check if we have to update the kdc - list or the domain_realm mappings */ - - for (k=0; k < d->realms[r].n_kdcs; k++) { - - if ((d->realms[r].kdcs[k].flags & K5_RKFLAG_NEW) && - (d->realms[r].kdcs[k].flags & K5_RKFLAG_DELETED)) - continue; - - UnicodeStrToAnsi(host, sizeof(host), - d->realms[r].kdcs[k].name); - - if (d->realms[r].kdcs[k].flags & K5_RKFLAG_DELETED) { - pprofile_update_relation(profile, sec_kdcs, - host, NULL); - pprofile_update_relation(profile, sec_admin, - host, NULL); - pprofile_update_relation(profile, sec_master, - host, NULL); - - applied = TRUE; - - /* as above, setting 'new' flag to indicate - that the item does not exist in the profile - file. */ - d->realms[r].kdcs[k].flags |= K5_RKFLAG_NEW; - continue; - } - - if (d->realms[r].kdcs[k].flags & K5_RKFLAG_NEW) { - if (d->realms[r].kdcs[k].master) - pprofile_add_relation(profile, sec_master, - host); - - pprofile_add_relation(profile, sec_kdcs, - host); - - if (d->realms[r].kdcs[k].admin) - pprofile_add_relation(profile, sec_admin, - host); - - d->realms[r].kdcs[k].flags &= ~(K5_RKFLAG_NEW | - K5_RKFLAG_MOD_ADMIN | - K5_RKFLAG_MOD_MASTER); - applied = TRUE; - continue; - } - - if (d->realms[r].kdcs[k].flags & K5_RKFLAG_MOD_MASTER) { - if (!d->realms[r].kdcs[k].master) { - pprofile_update_relation(profile, sec_master, - host, NULL); - } else { - pprofile_update_relation(profile, sec_master, - host, NULL); - pprofile_add_relation(profile, sec_master, - host); - } - - applied = TRUE; - d->realms[r].kdcs[k].flags &= ~K5_RKFLAG_MOD_MASTER; - } - - if (d->realms[r].kdcs[k].flags & K5_RKFLAG_MOD_ADMIN) { - if (d->realms[r].kdcs[k].admin) { - pprofile_update_relation(profile, sec_admin, - host, NULL); - pprofile_add_relation(profile, sec_admin, - host); - } else { - pprofile_update_relation(profile, sec_admin, - host, NULL); - } - - applied = TRUE; - d->realms[r].kdcs[k].flags &= ~K5_RKFLAG_MOD_ADMIN; - } - } - - for (m=0; m < d->realms[r].n_domain_maps; m++) { - - UnicodeStrToAnsi(host, sizeof(host), - d->realms[r].domain_maps[m].name); - - if ((d->realms[r].domain_maps[m].flags & - K5_DMFLAG_DELETED) && - - !(d->realms[r].domain_maps[m].flags & - K5_DMFLAG_NEW)) { - - pprofile_clear_relation(profile, sec_domain_map); - d->realms[r].domain_maps[m].flags |= K5_DMFLAG_NEW; - applied = TRUE; - - } else if (!(d->realms[r].domain_maps[m].flags & - K5_DMFLAG_DELETED) && - - (d->realms[r].domain_maps[m].flags & - K5_DMFLAG_NEW)) { - - pprofile_add_relation(profile, sec_domain_map, - realm); - d->realms[r].domain_maps[m].flags &= ~K5_DMFLAG_NEW; - applied = TRUE; - - } - } - - d->realms[r].flags &= ~K5_RDFLAG_MODIFED; - } - } - - rv = pprofile_flush(profile); - - pprofile_release(profile); - } - - if (rv) { - khui_alert * alert; - wchar_t title[KHUI_MAXCCH_TITLE]; - wchar_t fmsg[KHUI_MAXCCH_MESSAGE]; - wchar_t msg[KHUI_MAXCCH_MESSAGE]; - wchar_t sugg[KHUI_MAXCCH_SUGGESTION]; - - LoadString(hResModule, IDS_K5ERR_CANTWRITEPROFILE, - title, ARRAYLENGTH(title)); - if (rv) - LoadString(hResModule, IDS_K5ERR_PROFNOWRITE, - fmsg, ARRAYLENGTH(fmsg)); - - LoadString(hResModule, IDS_K5ERR_PROFSUGGEST, - sugg, ARRAYLENGTH(sugg)); - - StringCbPrintf(msg, sizeof(msg), fmsg, config_file); - - khui_alert_create_empty(&alert); - khui_alert_set_severity(alert, (rv)?KHERR_ERROR:KHERR_WARNING); - khui_alert_set_title(alert, title); - khui_alert_set_message(alert, msg); - khui_alert_set_suggestion(alert, sugg); - - khui_alert_show(alert); - } - - d->flags = 0; - - return applied; -} - -/* actual dialog stuff */ - -#define IDX_NORMAL 1 -#define IDX_MODIFIED 2 -#define IDX_NEW 3 -#define IDX_DELETED 4 - -static k5_config_data k5_config_dlg_data; -static khm_boolean k5_dlg_data_valid = FALSE; - -INT_PTR CALLBACK -k5_config_dlgproc(HWND hwnd, - UINT uMsg, - WPARAM wParam, - LPARAM lParam) { - switch(uMsg) { - case WM_INITDIALOG: - { - HWND hw; - khm_size i; - k5_config_data * d; - - wchar_t * t; - wchar_t importopts[256]; - WKSTA_INFO_100 * winfo100; - -#ifdef DEBUG - assert(!k5_dlg_data_valid); -#endif - - k5_init_config_data(&k5_config_dlg_data); - k5_read_config_data(&k5_config_dlg_data); - - k5_dlg_data_valid = TRUE; - - d = &k5_config_dlg_data; - - d->node_main = (khui_config_node) lParam; - - CheckDlgButton(hwnd, IDC_CFG_INCREALMS, - (d->inc_realms)? BST_CHECKED: BST_UNCHECKED); - - hw = GetDlgItem(hwnd, IDC_CFG_DEFREALM); -#ifdef DEBUG - assert(hw); -#endif - - SendMessage(hw, CB_RESETCONTENT, 0, 0); - - for (i=0; i < d->n_realms; i++) { - SendMessage(hw, CB_ADDSTRING, 0, - (LPARAM) d->realms[i].realm); - } - - SendMessage(hw, CB_SELECTSTRING, (WPARAM) -1, - (LPARAM) d->def_realm); - SetDlgItemText(hwnd, IDC_CFG_DEFREALM, d->def_realm); - SendDlgItemMessage(hwnd, IDC_CFG_DEFREALM, CB_LIMITTEXT, - ARRAYLENGTH(d->def_realm) - 1, 0); - - SetDlgItemText(hwnd, IDC_CFG_CFGFILE, d->config_file); - SendDlgItemMessage(hwnd, IDC_CFG_CFGFILE, EM_LIMITTEXT, - ARRAYLENGTH(d->config_file) - 1, 0); - - /* hostname/domain */ - if (NetWkstaGetInfo(NULL, 100, (LPBYTE *) &winfo100) == NERR_Success) { - SetDlgItemText(hwnd, IDC_CFG_HOSTNAME, winfo100->wki100_computername); - SetDlgItemText(hwnd, IDC_CFG_DOMAIN, winfo100->wki100_langroup); - NetApiBufferFree(winfo100); - } - - /* and the import ticket options */ - { - wchar_t csvstring[256]; - khm_size cb; - - csvstring[0] = L'\0'; - - LoadString(hResModule, IDS_K5CFG_IMPORT_OPTIONS, - csvstring, ARRAYLENGTH(csvstring)); - - cb = sizeof(importopts); - csv_to_multi_string(importopts, &cb, csvstring); - } - - hw = GetDlgItem(hwnd, IDC_CFG_IMPORT); -#ifdef DEBUG - assert(hw); -#endif - SendMessage(hw, CB_RESETCONTENT, 0, 0); - - for (t=importopts; - t && *t && *t != L' ' && - t < importopts + ARRAYLENGTH(importopts); - t = multi_string_next(t)) { - - SendMessage(hw, CB_ADDSTRING, 0, (LPARAM) t); - } - - SendMessage(hw, CB_SETCURSEL, 0, d->lsa_import); - t = importopts; - SendMessage(hw, CB_GETLBTEXT, d->lsa_import,(LPARAM) t); - SendMessage(hw, CB_SELECTSTRING, (WPARAM) -1, (LPARAM) t); - } - break; - - case WM_COMMAND: - { - k5_config_data * d; - - d = &k5_config_dlg_data; - - if (d == NULL) - return FALSE; - - if (wParam == MAKEWPARAM(IDC_CFG_IMPORT, CBN_SELCHANGE)) { - int idx; - int modified = FALSE; - - idx = (int) SendDlgItemMessage(hwnd, IDC_CFG_IMPORT, - CB_GETCURSEL, 0, 0); - if (idx != CB_ERR && idx != d->lsa_import) { - d->lsa_import = idx; - d->flags |= K5_CDFLAG_MOD_LSA_IMPORT; - modified = TRUE; - } - - khui_cfg_set_flags(d->node_main, - (modified)?KHUI_CNFLAG_MODIFIED:0, - KHUI_CNFLAG_MODIFIED); - return TRUE; - } - - if (wParam == MAKEWPARAM(IDC_CFG_INCREALMS, BN_CLICKED)) { - if (IsDlgButtonChecked(hwnd, IDC_CFG_INCREALMS) == - BST_CHECKED) { - d->inc_realms = TRUE; - } else { - d->inc_realms = FALSE; - } - d->flags |= K5_CDFLAG_MOD_INC_REALMS; - - khui_cfg_set_flags(d->node_main, - KHUI_CNFLAG_MODIFIED, - KHUI_CNFLAG_MODIFIED); - return TRUE; - } - - if (wParam == MAKEWPARAM(IDC_CFG_DEFREALM, CBN_EDITCHANGE)) { - wchar_t defrealm[K5_MAXCCH_REALM]; - int t; - - t = GetDlgItemText(hwnd, IDC_CFG_DEFREALM, - defrealm, ARRAYLENGTH(defrealm)); - if (t == 0) { - /* we failed to get the default realm from the - control for some reason. */ - SetDlgItemText(hwnd, IDC_CFG_DEFREALM, L""); - StringCbCopy(d->def_realm, sizeof(d->def_realm), - L""); - } else { - StringCbCopy(d->def_realm, sizeof(d->def_realm), - defrealm); - } - - d->flags |= K5_CDFLAG_MOD_DEF_REALM; - - khui_cfg_set_flags(d->node_main, - KHUI_CNFLAG_MODIFIED, - KHUI_CNFLAG_MODIFIED); - return TRUE; - } - - if (wParam == MAKEWPARAM(IDC_CFG_DEFREALM, CBN_SELCHANGE)) { - wchar_t defrealm[K5_MAXCCH_REALM]; - LRESULT cursel, lr; - - cursel = SendDlgItemMessage(hwnd, IDC_CFG_DEFREALM, CB_GETCURSEL, - 0, 0); - if (cursel == CB_ERR) - return TRUE; - - lr = SendDlgItemMessage(hwnd, IDC_CFG_DEFREALM, CB_GETLBTEXTLEN, - cursel, 0); -#ifdef DEBUG - assert(lr < ARRAYLENGTH(defrealm)); -#endif - if (lr >= ARRAYLENGTH(defrealm)) { - /* we really shouldn't have any string here that - exceeds that many characters. But if we do, we - ignore that since we don't consider it - valid. */ - return TRUE; - } - - lr = SendDlgItemMessage(hwnd, IDC_CFG_DEFREALM, CB_GETLBTEXT, - cursel, (LPARAM) defrealm); - if (lr == CB_ERR) { - /* somehow we failed to copy the value anyway - after all those checks. */ -#ifdef DEBUG - assert(FALSE); -#endif - return TRUE; - } - - StringCbCopy(d->def_realm, sizeof(d->def_realm), - defrealm); - - d->flags |= K5_CDFLAG_MOD_DEF_REALM; - - khui_cfg_set_flags(d->node_main, - KHUI_CNFLAG_MODIFIED, - KHUI_CNFLAG_MODIFIED); - - return TRUE; - } - -#ifdef ALLOW_CHANGING_KRB5_CONFIG_FILE - if (wParam == MAKEWPARAM(IDC_CFG_CFGFILE, EN_CHANGE)) { - wchar_t cfgfile[MAX_PATH]; - int t; - - t = GetDlgItemText(hwnd, IDC_CFG_CFGFILE, - cfgfile, ARRAYLENGTH(cfgfile)); - - if (t == 0) { - StringCbCopy(d->config_file, sizeof(d->config_file), - L""); - } else { - StringCbCopy(d->config_file, sizeof(d->config_file), - cfgfile); - } - - d->flags |= K5_CDFLAG_MOD_CONF_FILE; - - khui_cfg_set_flags(d->node_main, - KHUI_CNFLAG_MODIFIED, - KHUI_CNFLAG_MODIFIED); - } -#endif - } - break; - - case KHUI_WM_CFG_NOTIFY: - { - k5_config_data * d; - - d = &k5_config_dlg_data; - - if (HIWORD(wParam) == WMCFG_APPLY) { - khm_int32 oflags; - int applied; - - oflags = d->flags; - applied = k5_write_config_data(d); - - if (d->flags != oflags) { - khui_cfg_set_flags(d->node_main, - (applied ? KHUI_CNFLAG_APPLIED : 0), - KHUI_CNFLAG_APPLIED | - KHUI_CNFLAG_MODIFIED); - } - return TRUE; - } - } - break; - - case WM_DESTROY: - { - k5_free_config_data(&k5_config_dlg_data); - k5_dlg_data_valid = FALSE; - } - break; - } - return FALSE; -} - -static HIMAGELIST -k5_get_state_image_list(void) { - HIMAGELIST hil; - HICON hicon; - - hil = ImageList_Create(GetSystemMetrics(SM_CXSMICON), - GetSystemMetrics(SM_CYSMICON), - ILC_COLOR | ILC_MASK, - 4, - 2); - - hicon = LoadImage(hResModule, - MAKEINTRESOURCE(IDI_NORMAL), - IMAGE_ICON, - GetSystemMetrics(SM_CXSMICON), - GetSystemMetrics(SM_CYSMICON), - LR_DEFAULTCOLOR); - - ImageList_AddIcon(hil, hicon); - - DestroyIcon(hicon); - - hicon = LoadImage(hResModule, - MAKEINTRESOURCE(IDI_MODIFIED), - IMAGE_ICON, - GetSystemMetrics(SM_CXSMICON), - GetSystemMetrics(SM_CYSMICON), - LR_DEFAULTCOLOR); - - ImageList_AddIcon(hil, hicon); - - DestroyIcon(hicon); - - hicon = LoadImage(hResModule, - MAKEINTRESOURCE(IDI_NEW), - IMAGE_ICON, - GetSystemMetrics(SM_CXSMICON), - GetSystemMetrics(SM_CYSMICON), - LR_DEFAULTCOLOR); - - ImageList_AddIcon(hil, hicon); - - DestroyIcon(hicon); - - hicon = LoadImage(hResModule, - MAKEINTRESOURCE(IDI_DELETED), - IMAGE_ICON, - GetSystemMetrics(SM_CXSMICON), - GetSystemMetrics(SM_CYSMICON), - LR_DEFAULTCOLOR); - - ImageList_AddIcon(hil, hicon); - - DestroyIcon(hicon); - - return hil; -} - -static void -k5_update_realms_display(HWND hw_list, k5_config_data * d) { - khm_size i; - LVITEM lvi; - wchar_t buf[64]; - - ListView_DeleteAllItems(hw_list); - - for (i=0; i < d->n_realms; i++) { - if ((d->realms[i].flags & K5_RDFLAG_DELETED) && - (d->realms[i].flags & K5_RDFLAG_NEW)) - continue; - - ZeroMemory(&lvi, sizeof(lvi)); - lvi.mask = LVIF_PARAM | LVIF_STATE | LVIF_TEXT; - lvi.iItem = 0; - lvi.iSubItem = 0; - lvi.pszText = d->realms[i].realm; - lvi.lParam = i; - - if (d->realms[i].flags & K5_RDFLAG_DELETED) { - lvi.state = INDEXTOSTATEIMAGEMASK(IDX_DELETED); - } else if (d->realms[i].flags & K5_RDFLAG_NEW) { - lvi.state = INDEXTOSTATEIMAGEMASK(IDX_NEW); - } else if (d->realms[i].flags & K5_RDFLAG_MODIFED) { - lvi.state = INDEXTOSTATEIMAGEMASK(IDX_MODIFIED); - } else { - lvi.state = INDEXTOSTATEIMAGEMASK(IDX_NORMAL); - } - lvi.stateMask = LVIS_STATEIMAGEMASK; - - ListView_InsertItem(hw_list, &lvi); - } - - ZeroMemory(&lvi, sizeof(lvi)); - lvi.mask = LVIF_PARAM | LVIF_STATE | LVIF_TEXT; - lvi.iItem = 0; - lvi.iSubItem = 0; - lvi.pszText = buf; - lvi.lParam = (LPARAM) -1; - - LoadString(hResModule, IDS_CFG_RE_NEWREALM, - buf, ARRAYLENGTH(buf)); - - lvi.state = INDEXTOSTATEIMAGEMASK(IDX_NEW); - lvi.stateMask = LVIS_STATEIMAGEMASK; - - ListView_InsertItem(hw_list, &lvi); - - if (d->flags & K5_CDFLAG_MOD_REALMS) { - khui_cfg_set_flags(d->node_realm, KHUI_CNFLAG_MODIFIED, - KHUI_CNFLAG_MODIFIED); - } else { - khui_cfg_set_flags(d->node_realm, 0, - KHUI_CNFLAG_MODIFIED); - } -} - -#define K5_KDCSI_ADMIN 1 -#define K5_KDCSI_MASTER 2 - -static void -k5_update_kdcs_display(HWND hw_kdc, k5_config_data * d, khm_size idx_rlm) { - khm_size k; - LVITEM lvi; - int idx_item; - k5_realm_kdc * pkdc; - wchar_t wyes[8]; - wchar_t wno[8]; - wchar_t wbuf[64]; - - ListView_DeleteAllItems(hw_kdc); - - if (d == NULL) - return; - -#ifdef DEBUG - assert(idx_rlm < d->n_realms); -#endif - LoadString(hResModule, IDS_YES, wyes, ARRAYLENGTH(wyes)); - LoadString(hResModule, IDS_NO, wno, ARRAYLENGTH(wno)); - - for (k=0; k < d->realms[idx_rlm].n_kdcs; k++) { - if ((d->realms[idx_rlm].kdcs[k].flags & K5_RKFLAG_DELETED) && - (d->realms[idx_rlm].kdcs[k].flags & K5_RKFLAG_NEW)) - continue; - - pkdc = &(d->realms[idx_rlm].kdcs[k]); - - ZeroMemory(&lvi, sizeof(lvi)); - lvi.mask = LVIF_PARAM | LVIF_STATE | LVIF_TEXT; - lvi.iItem = K5_MAX_KDC; - lvi.iSubItem = 0; - lvi.lParam = k; - lvi.pszText = pkdc->name; - if (pkdc->flags & K5_RKFLAG_DELETED) { - lvi.state = INDEXTOSTATEIMAGEMASK(IDX_DELETED); - } else if (pkdc->flags & K5_RKFLAG_NEW) { - lvi.state = INDEXTOSTATEIMAGEMASK(IDX_NEW); - } else if ((pkdc->flags & K5_RKFLAG_MOD_ADMIN) || - (pkdc->flags & K5_RKFLAG_MOD_MASTER)) { - lvi.state = INDEXTOSTATEIMAGEMASK(IDX_MODIFIED); - } else { - lvi.state = INDEXTOSTATEIMAGEMASK(IDX_NORMAL); - } - lvi.stateMask = LVIS_STATEIMAGEMASK; - - idx_item = ListView_InsertItem(hw_kdc, &lvi); - - lvi.mask = LVIF_TEXT; - lvi.iItem = idx_item; - lvi.iSubItem = K5_KDCSI_ADMIN; - if (pkdc->admin) - lvi.pszText = wyes; - else - lvi.pszText = wno; - ListView_SetItem(hw_kdc, &lvi); - - lvi.iSubItem = K5_KDCSI_MASTER; - if (pkdc->master) - lvi.pszText = wyes; - else - lvi.pszText = wno; - ListView_SetItem(hw_kdc, &lvi); - } - - ZeroMemory(&lvi, sizeof(lvi)); - lvi.mask = LVIF_TEXT | LVIF_PARAM | LVIF_STATE; - lvi.iItem = 0; - lvi.iSubItem = 0; - lvi.pszText = wbuf; - lvi.lParam = (LPARAM) -1; - lvi.state = INDEXTOSTATEIMAGEMASK(IDX_NEW); - lvi.stateMask = LVIS_STATEIMAGEMASK; - - LoadString(hResModule, IDS_CFG_RE_NEWSERVER, - wbuf, ARRAYLENGTH(wbuf)); - - ListView_InsertItem(hw_kdc, &lvi); -} - -static void -k5_update_dmap_display(HWND hw_dm, k5_config_data * d, khm_size idx_rlm) { - khm_size m; - LVITEM lvi; - k5_domain_map * map; - wchar_t wbuf[64]; - - ListView_DeleteAllItems(hw_dm); - - if (d == NULL) - return; - -#ifdef DEBUG - assert(idx_rlm < d->n_realms); -#endif - - for (m=0; m < d->realms[idx_rlm].n_domain_maps; m++) { - map = &(d->realms[idx_rlm].domain_maps[m]); - - if ((map->flags & K5_DMFLAG_NEW) && - (map->flags & K5_DMFLAG_DELETED)) - continue; - - ZeroMemory(&lvi, sizeof(lvi)); - - lvi.mask = LVIF_TEXT | LVIF_STATE | LVIF_PARAM; - lvi.pszText = map->name; - if (map->flags & K5_DMFLAG_DELETED) - lvi.state = INDEXTOSTATEIMAGEMASK(IDX_DELETED); - else if (map->flags & K5_DMFLAG_NEW) - lvi.state = INDEXTOSTATEIMAGEMASK(IDX_NEW); - else - lvi.state = INDEXTOSTATEIMAGEMASK(IDX_NORMAL); - lvi.stateMask = LVIS_STATEIMAGEMASK; - lvi.lParam = m; - - lvi.iItem = K5_MAX_DOMAIN_MAPPINGS; - lvi.iSubItem = 0; - - ListView_InsertItem(hw_dm, &lvi); - } - - ZeroMemory(&lvi, sizeof(lvi)); - lvi.mask = LVIF_PARAM | LVIF_TEXT | LVIF_STATE; - lvi.pszText = wbuf; - lvi.lParam = (LPARAM) -1; - lvi.state = INDEXTOSTATEIMAGEMASK(IDX_NEW); - lvi.stateMask = LVIS_STATEIMAGEMASK; - lvi.iItem = 0; - lvi.iSubItem = 0; - - LoadString(hResModule, IDS_CFG_RE_NEWDMAP, - wbuf, ARRAYLENGTH(wbuf)); - - ListView_InsertItem(hw_dm, &lvi); -} - -#define CMD_BASE 3000 -#define CMD_NEW_REALM (CMD_BASE + 1) -#define CMD_DEL_REALM (CMD_BASE + 2) -#define CMD_NEW_SERVER (CMD_BASE + 3) -#define CMD_DEL_SERVER (CMD_BASE + 4) -#define CMD_MAKE_ADMIN (CMD_BASE + 5) -#define CMD_MAKE_MASTER (CMD_BASE + 6) -#define CMD_NEW_DMAP (CMD_BASE + 7) -#define CMD_DEL_DMAP (CMD_BASE + 8) - -struct k5_menu_def { - UINT string; - UINT id; - UINT type; - UINT state; -}; - -struct k5_menu_def k5_menu_realms[] = { - {IDS_CFG_RE_MNR, CMD_NEW_REALM, MFT_STRING, 0}, - {IDS_CFG_RE_MDR, CMD_DEL_REALM, MFT_STRING, 0} -}; - -struct k5_menu_def k5_menu_kdc[] = { - {IDS_CFG_RE_MNK, CMD_NEW_SERVER, MFT_STRING, 0}, - {IDS_CFG_RE_MDK, CMD_DEL_SERVER, MFT_STRING, 0}, - {IDS_CFG_RE_MAK, CMD_MAKE_ADMIN, MFT_STRING, 0}, - {IDS_CFG_RE_MMK, CMD_MAKE_MASTER, MFT_STRING, 0} -}; - -struct k5_menu_def k5_menu_dmap[] = { - {IDS_CFG_RE_MND, CMD_NEW_DMAP, MFT_STRING, 0}, - {IDS_CFG_RE_MDD, CMD_DEL_DMAP, MFT_STRING, 0} -}; - -HMENU -k5_menu_from_def(struct k5_menu_def * def, khm_size n) { - HMENU menu; - MENUITEMINFO mii; - khm_size i; - khm_size cch; - wchar_t buf[1024]; - - menu = CreatePopupMenu(); - - for (i=0; i < n; i++) { - ZeroMemory(&mii, sizeof(mii)); - - mii.cbSize = sizeof(mii); - - if (def[i].type == MFT_STRING) { - LoadString(hResModule, def[i].string, - buf, ARRAYLENGTH(buf)); - StringCchLength(buf, ARRAYLENGTH(buf), &cch); - - mii.fMask = MIIM_STRING | MIIM_ID; - mii.fType = MFT_STRING; - - mii.fState = def[i].state; - mii.wID = def[i].id; - mii.cch = (UINT) cch; - mii.dwTypeData = buf; - - InsertMenuItem(menu, (UINT) i, TRUE, &mii); - } else { -#ifdef DEBUG - assert(FALSE); -#endif - } - } - - return menu; -} - -void -k5_delete_realms(HWND hwnd, k5_config_data * d) { - LVITEM lvi; - int idx; - HWND hw_rlm; - BOOL modified = FALSE; - khm_size r; - - hw_rlm = GetDlgItem(hwnd, IDC_CFG_REALMS); - - idx = -1; - while((idx = ListView_GetNextItem(hw_rlm, idx, - LVNI_SELECTED)) - != -1) { - ZeroMemory(&lvi, sizeof(lvi)); - lvi.iItem = idx; - lvi.iSubItem = 0; - lvi.mask = LVIF_PARAM; - - ListView_GetItem(hw_rlm, &lvi); - - if (lvi.lParam != -1 && - (r = lvi.lParam) < d->n_realms) { - d->realms[r].flags ^= K5_RDFLAG_DELETED; - modified = TRUE; - } - } - - if (modified) { - d->flags |= K5_CDFLAG_MOD_REALMS; - - k5_purge_config_data(d, TRUE, TRUE, TRUE); - k5_update_realms_display(hw_rlm, d); - k5_update_dmap_display(GetDlgItem(hwnd, IDC_CFG_DMAP), NULL, 0); - k5_update_kdcs_display(GetDlgItem(hwnd, IDC_CFG_KDC), NULL, 0); - } -} - -void -k5_delete_servers(HWND hwnd, k5_config_data * d) { - HWND hw_kdc; - LVITEM lvi; - khm_size r; - khm_size k; - int idx; - BOOL modified = FALSE; - - hw_kdc = GetDlgItem(hwnd, IDC_CFG_KDC); - r = d->c_realm; - - idx = -1; - while((idx = ListView_GetNextItem(hw_kdc, idx, - LVNI_SELECTED)) - != -1) { - ZeroMemory(&lvi, sizeof(lvi)); - lvi.iItem = idx; - lvi.iSubItem = 0; - lvi.mask = LVIF_PARAM; - - ListView_GetItem(hw_kdc, &lvi); - - if (lvi.lParam != -1 && - (k = lvi.lParam) < d->n_realms) { - d->realms[r].kdcs[k].flags ^= K5_RKFLAG_DELETED; - modified = TRUE; - } - } - - if (modified) { - d->flags |= K5_CDFLAG_MOD_REALMS; - d->realms[r].flags |= K5_RDFLAG_MODIFED; - - k5_purge_config_data(d, TRUE, TRUE, TRUE); - k5_update_realms_display(GetDlgItem(hwnd, IDC_CFG_REALMS), d); - k5_update_kdcs_display(hw_kdc, d, r); - } -} - -void -k5_delete_dmap(HWND hwnd, k5_config_data * d) { - HWND hw_dmp; - LVITEM lvi; - khm_size r; - khm_size m; - int idx; - BOOL modified = FALSE; - - hw_dmp = GetDlgItem(hwnd, IDC_CFG_DMAP); - r = d->c_realm; - - idx = -1; - while((idx = ListView_GetNextItem(hw_dmp, idx, - LVNI_SELECTED)) - != -1) { - ZeroMemory(&lvi, sizeof(lvi)); - lvi.iItem = idx; - lvi.iSubItem = 0; - lvi.mask = LVIF_PARAM; - - ListView_GetItem(hw_dmp, &lvi); - - if (lvi.lParam != -1 && - (m = lvi.lParam) < d->n_realms) { - d->realms[r].domain_maps[m].flags ^= K5_DMFLAG_DELETED; - modified = TRUE; - } - } - - if (modified) { - d->flags |= K5_CDFLAG_MOD_REALMS; - k5_purge_config_data(d, FALSE, FALSE, TRUE); - - if (!(d->realms[r].flags & K5_RDFLAG_MODIFED)) { - d->realms[r].flags |= K5_RDFLAG_MODIFED; - - k5_update_realms_display(GetDlgItem(hwnd, IDC_CFG_REALMS), d); - } - - k5_update_dmap_display(hw_dmp, d, r); - } -} - -INT_PTR CALLBACK -k5_realms_dlgproc(HWND hwnd, - UINT uMsg, - WPARAM wParam, - LPARAM lParam) { - k5_config_data * d; - - d = &k5_config_dlg_data; - - switch(uMsg) { - case WM_INITDIALOG: - { - LVCOLUMN lvc; - HWND hw; - RECT r; - wchar_t buf[256]; - - assert(k5_dlg_data_valid); - - d->node_realm = (khui_config_node) lParam; - - /* set up columns for the Realms list */ - hw = GetDlgItem(hwnd, IDC_CFG_REALMS); -#ifdef DEBUG - assert(hw); -#endif - GetWindowRect(hw, &r); - r.right -= 5; /* shave a few pixels off the width */ - ZeroMemory(&lvc, sizeof(lvc)); - lvc.mask = LVCF_TEXT | LVCF_WIDTH; - lvc.pszText = buf; - lvc.cx = (r.right - r.left); - LoadString(hResModule, IDS_CFG_RE_REALMS, - buf, ARRAYLENGTH(buf)); - - ListView_InsertColumn(hw, 0, &lvc); - - ListView_SetImageList(hw, - k5_get_state_image_list(), - LVSIL_STATE); - - k5_update_realms_display(hw, d); - - /* set up columns for the servers list */ - hw = GetDlgItem(hwnd, IDC_CFG_KDC); -#ifdef DEBUG - assert(hw); -#endif - GetWindowRect(hw, &r); - r.right -= 5; - ZeroMemory(&lvc, sizeof(lvc)); - lvc.mask = LVCF_TEXT | LVCF_WIDTH; - lvc.pszText = buf; - lvc.cx = (r.right - r.left) * 2 / 4; - LoadString(hResModule, IDS_CFG_RE_HEAD_SVR, - buf, ARRAYLENGTH(buf)); - - ListView_InsertColumn(hw, 0, &lvc); - - lvc.cx = (r.right - r.left) * 1 / 4; - LoadString(hResModule, IDS_CFG_RE_HEAD_ADMIN, - buf, ARRAYLENGTH(buf)); - ListView_InsertColumn(hw, 1, &lvc); - - LoadString(hResModule, IDS_CFG_RE_HEAD_MASTER, - buf, ARRAYLENGTH(buf)); - ListView_InsertColumn(hw, 2, &lvc); - - ListView_SetImageList(hw, - k5_get_state_image_list(), - LVSIL_STATE); - - /* set up columns for the domain/host mapping list */ - hw = GetDlgItem(hwnd, IDC_CFG_DMAP); -#ifdef DEBUG - assert(hw); -#endif - GetWindowRect(hw, &r); - r.right -= 5; - ZeroMemory(&lvc, sizeof(lvc)); - lvc.mask = LVCF_TEXT | LVCF_WIDTH; - lvc.pszText = buf; - lvc.cx = (r.right - r.left); - LoadString(hResModule, IDS_CFG_RE_HEAD_DOMAIN, - buf, ARRAYLENGTH(buf)); - - ListView_InsertColumn(hw, 0, &lvc); - - - ListView_SetImageList(hw, - k5_get_state_image_list(), - LVSIL_STATE); - - /* Now set up the context menus */ - d->hm_realms_ctx = k5_menu_from_def(k5_menu_realms, ARRAYLENGTH(k5_menu_realms)); - d->hm_kdc_ctx = k5_menu_from_def(k5_menu_kdc, ARRAYLENGTH(k5_menu_kdc)); - d->hm_dmap_ctx = k5_menu_from_def(k5_menu_dmap, ARRAYLENGTH(k5_menu_dmap)); - } - break; - - case WM_CONTEXTMENU: - { - UINT id; - HMENU hm = NULL; - int x,y; - - id = GetDlgCtrlID((HWND) wParam); - - if (id == IDC_CFG_REALMS) { - HWND hw_realms; - int n; - MENUITEMINFO mii; - - hm = d->hm_realms_ctx; - - hw_realms = GetDlgItem(hwnd, IDC_CFG_REALMS); -#ifdef DEBUG - assert(hw_realms); -#endif - n = ListView_GetSelectedCount(hw_realms); - ZeroMemory(&mii, sizeof(mii)); - mii.cbSize = sizeof(mii); - - if (n == 0) { - mii.fMask = MIIM_STATE; - mii.fState = MFS_DISABLED; - - SetMenuItemInfo(hm, CMD_DEL_REALM, FALSE, &mii); - } else { - - mii.fMask = MIIM_STATE; - mii.fState = MFS_ENABLED; - - SetMenuItemInfo(hm, CMD_DEL_REALM, FALSE, &mii); - } - - } else if (id == IDC_CFG_KDC) { - HWND hw_kdc; - int n; - MENUITEMINFO mii; - - hm = d->hm_kdc_ctx; - - hw_kdc = GetDlgItem(hwnd, IDC_CFG_KDC); -#ifdef DEBUG - assert(hw_kdc); -#endif - n = ListView_GetSelectedCount(hw_kdc); - ZeroMemory(&mii, sizeof(mii)); - mii.cbSize = sizeof(mii); - - if (n == 1) { - mii.fMask = MIIM_STATE; - mii.fState = MFS_ENABLED; - - SetMenuItemInfo(hm, CMD_DEL_SERVER, FALSE, &mii); - SetMenuItemInfo(hm, CMD_MAKE_ADMIN, FALSE, &mii); - SetMenuItemInfo(hm, CMD_MAKE_MASTER, FALSE, &mii); - } else if (n == 0) { - - mii.fMask = MIIM_STATE; - mii.fState = MFS_DISABLED; - - SetMenuItemInfo(hm, CMD_DEL_SERVER, FALSE, &mii); - SetMenuItemInfo(hm, CMD_MAKE_ADMIN, FALSE, &mii); - SetMenuItemInfo(hm, CMD_MAKE_MASTER,FALSE, &mii); - } else { - - mii.fMask = MIIM_STATE; - mii.fState = MFS_ENABLED; - - SetMenuItemInfo(hm, CMD_DEL_SERVER, FALSE, &mii); - - mii.fState = MFS_DISABLED; - - SetMenuItemInfo(hm, CMD_MAKE_ADMIN, FALSE, &mii); - SetMenuItemInfo(hm, CMD_MAKE_MASTER,FALSE, &mii); - } - - } else if (id == IDC_CFG_DMAP) { - HWND hw_dmap; - MENUITEMINFO mii; - int n; - - hm = d->hm_dmap_ctx; - - hw_dmap = GetDlgItem(hwnd, IDC_CFG_DMAP); -#ifdef DEBUG - assert(hw_dmap); -#endif - - n = ListView_GetSelectedCount(hw_dmap); - ZeroMemory(&mii, sizeof(mii)); - mii.cbSize = sizeof(mii); - - if (n == 0) { - mii.fMask = MIIM_STATE; - mii.fState = MFS_DISABLED; - - SetMenuItemInfo(hm, CMD_DEL_DMAP, FALSE, &mii); - } else { - mii.fMask = MIIM_STATE; - mii.fState = MFS_ENABLED; - - SetMenuItemInfo(hm, CMD_DEL_DMAP, FALSE, &mii); - } - } - - if (hm) { - if (LOWORD(lParam) == 0xffff) { - HWND hw; - RECT r; - - hw = GetDlgItem(hwnd, id); -#ifdef DEBUG - assert(hw); -#endif - GetWindowRect(hw, &r); - x = r.left; - y = r.top; - } else { - x = LOWORD(lParam); - y = HIWORD(lParam); - } - - TrackPopupMenu(hm, - TPM_LEFTALIGN | TPM_TOPALIGN, - x, y, - 0, hwnd, NULL); - } - - return TRUE; - } - break; - - case WM_NOTIFY: - { - LPNMHDR pnmh; - HWND hw_rlm = NULL; - HWND hw_kdc = NULL; - HWND hw_dmp = NULL; - int i; - - pnmh = (LPNMHDR) lParam; - - /* catchalls for all three list views */ - switch (pnmh->code) { - case NM_DBLCLK: - { - HWND hw_ctl; - LVITEM lvi; - LVHITTESTINFO hti; - LPNMITEMACTIVATE pnmi; - - if (pnmh->idFrom != IDC_CFG_REALMS && - pnmh->idFrom != IDC_CFG_KDC && - pnmh->idFrom != IDC_CFG_DMAP) - break; - - /* if the user double clicks on the 'new - [something]' item, we start editing it. */ - hw_ctl = pnmh->hwndFrom; - pnmi = (LPNMITEMACTIVATE) lParam; - - ZeroMemory(&hti, sizeof(hti)); - hti.pt = pnmi->ptAction; - - ListView_SubItemHitTest(hw_ctl, &hti); - if (hti.flags & LVHT_ONITEM) { - ZeroMemory(&lvi, sizeof(lvi)); - lvi.mask = LVIF_PARAM; - lvi.iItem = hti.iItem; - - ListView_GetItem(hw_ctl, &lvi); - - if (lvi.lParam == -1) - ListView_EditLabel(hw_ctl, hti.iItem); - } - - return TRUE; - } - break; - } - - if (pnmh->idFrom == IDC_CFG_REALMS) { - - hw_rlm = pnmh->hwndFrom; - - switch(pnmh->code) { - case LVN_ITEMCHANGED: - i = ListView_GetSelectedCount(hw_rlm); - hw_kdc = GetDlgItem(hwnd, IDC_CFG_KDC); - hw_dmp = GetDlgItem(hwnd, IDC_CFG_DMAP); - - d->c_realm = (khm_size) -1; - - if (i == 1) { - LVITEM lvi; - wchar_t fmt[256]; - wchar_t buf[K5_MAXCCH_REALM + 256]; - - i = ListView_GetNextItem(hw_rlm, -1, - LVNI_SELECTED); - if (i == -1) - goto _no_selection; - - ZeroMemory(&lvi, sizeof(lvi)); - - lvi.iItem = i; - lvi.iSubItem = 0; - lvi.mask = LVIF_PARAM; - - ListView_GetItem(hw_rlm, &lvi); - - if (lvi.lParam == -1) - goto _no_selection; - - d->c_realm = lvi.lParam; - - k5_update_kdcs_display(hw_kdc, d, lvi.lParam); - k5_update_dmap_display(hw_dmp, d, lvi.lParam); - - LoadString(hResModule, IDS_CFG_RE_KDCS_R, - fmt, ARRAYLENGTH(fmt)); - StringCbPrintf(buf, sizeof(buf), fmt, - d->realms[d->c_realm].realm); - - SetDlgItemText(hwnd, IDC_CFG_SERVERSGRP, buf); - - LoadString(hResModule, IDS_CFG_RE_DMAPS_R, - fmt, ARRAYLENGTH(fmt)); - StringCbPrintf(buf, sizeof(buf), fmt, - d->realms[d->c_realm].realm); - - SetDlgItemText(hwnd, IDC_CFG_DOMAINGRP, buf); - return TRUE; - } - - _no_selection: - { - wchar_t buf[256]; - - k5_update_kdcs_display(hw_kdc, NULL, 0); - k5_update_dmap_display(hw_dmp, NULL, 0); - - LoadString(hResModule, IDS_CFG_RE_KDCS, - buf, ARRAYLENGTH(buf)); - SetDlgItemText(hwnd, IDC_CFG_SERVERSGRP, buf); - - LoadString(hResModule, IDS_CFG_RE_DMAPS, - buf, ARRAYLENGTH(buf)); - SetDlgItemText(hwnd, IDC_CFG_DOMAINGRP, buf); - } - break; - - case LVN_BEGINLABELEDIT: - { - NMLVDISPINFO * pdisp; - LVITEM lvi; - - pdisp = (NMLVDISPINFO *) lParam; - - ZeroMemory(&lvi, sizeof(lvi)); - lvi.iItem = pdisp->item.iItem; - lvi.mask = LVIF_PARAM; - - ListView_GetItem(hw_rlm, &lvi); - - if (pdisp->item.iItem == -1 || - lvi.lParam != -1) { - SetWindowLongPtr(hwnd, DWLP_MSGRESULT, TRUE); - } else { - /* allow editing */ - HWND hw_edit; - - hw_edit = ListView_GetEditControl(hw_rlm); - if (hw_edit != NULL) { - SendMessage(hw_edit, - EM_SETLIMITTEXT, - K5_MAXCCH_REALM - 1, - 0); - } - SetWindowLongPtr(hwnd, DWLP_MSGRESULT, FALSE); - } - - return TRUE; - } - break; - - case LVN_ENDLABELEDIT: - { - NMLVDISPINFO * pdisp; - khm_size n; - - pdisp = (NMLVDISPINFO *) lParam; - - if (pdisp->item.pszText && pdisp->item.pszText[0]) { - khm_size i; - - /* first find out whether this is actually - a new realm */ - - for (i=0; i < d->n_realms; i++) { - if ((d->realms[i].flags & K5_RDFLAG_NEW) && - (d->realms[i].flags & K5_RDFLAG_DELETED)) - continue; - - if (!_wcsicmp(d->realms[i].realm, pdisp->item.pszText)) - break; - } - - if (i < d->n_realms) { - khui_alert * alert = NULL; - wchar_t buf[KHUI_MAXCCH_MESSAGE]; - wchar_t fmt[KHUI_MAXCCH_MESSAGE]; - - khui_alert_create_empty(&alert); - - LoadString(hResModule, IDS_CFG_RE_ARNUT, - fmt, ARRAYLENGTH(fmt)); - StringCbPrintf(buf, sizeof(buf), fmt, - pdisp->item.pszText); - khui_alert_set_title(alert, buf); - - LoadString(hResModule, IDS_CFG_RE_ARNUM, - fmt, ARRAYLENGTH(fmt)); - StringCbPrintf(buf, sizeof(buf), fmt, - pdisp->item.pszText); - khui_alert_set_message(alert, buf); - - khui_alert_add_command(alert, KHUI_PACTION_CLOSE); - khui_alert_set_severity(alert, KHERR_INFO); - - khui_alert_show_modal(alert); - khui_alert_release(alert); - - return TRUE; - } - - n = d->n_realms; - k5_assert_n_realms(d, n+1); - StringCbCopy(d->realms[n].realm, - sizeof(d->realms[n].realm), - pdisp->item.pszText); - d->realms[n].flags = K5_RDFLAG_NEW; - d->n_realms++; - - d->flags |= K5_CDFLAG_MOD_REALMS; - - k5_update_realms_display(hw_rlm, d); - } - - return TRUE; - } - break; - - case LVN_KEYDOWN: - { - NMLVKEYDOWN * pnmk; - - pnmk = (NMLVKEYDOWN *) lParam; - - if (pnmk->wVKey == VK_DELETE) { - k5_delete_realms(hwnd, d); - return TRUE; - } - } - break; - } - } else if (pnmh->idFrom == IDC_CFG_KDC) { - hw_kdc = pnmh->hwndFrom; - - switch (pnmh->code) { - case LVN_BEGINLABELEDIT: - { - NMLVDISPINFO * pdisp; - LVITEM lvi; - - pdisp = (NMLVDISPINFO *) lParam; - - ZeroMemory(&lvi, sizeof(lvi)); - lvi.iItem = pdisp->item.iItem; - lvi.mask = LVIF_PARAM; - - ListView_GetItem(hw_kdc, &lvi); - - /* Only allow editing if the user is trying to - edit the <New server> entry. */ - if (pdisp->item.iItem == -1 || - lvi.lParam != -1) { - SetWindowLongPtr(hwnd, DWLP_MSGRESULT, TRUE); - } else { - HWND hw_edit; - - hw_edit = ListView_GetEditControl(hw_kdc); - if (hw_edit != NULL) { - SendMessage(hw_edit, - EM_SETLIMITTEXT, - K5_MAXCCH_HOST - 1, - 0); - } - SetWindowLongPtr(hwnd, DWLP_MSGRESULT, FALSE); - } - return TRUE; - } - break; - - case LVN_ENDLABELEDIT: - { - NMLVDISPINFO * pdisp; - khm_size r; - khm_size k; - - r = d->c_realm; - - pdisp = (NMLVDISPINFO *) lParam; - - if (pdisp->item.pszText && pdisp->item.pszText[0]) { - - /* first of all, check if we already have - a KDC by this name... */ - for (k=0; k < d->realms[r].n_kdcs; k++) { - if ((d->realms[r].kdcs[k].flags & K5_RKFLAG_NEW) && - (d->realms[r].kdcs[k].flags & K5_RKFLAG_DELETED)) - continue; - - if (!_wcsicmp(d->realms[r].kdcs[k].name, - pdisp->item.pszText)) - break; - } - - if (k < d->realms[r].n_kdcs) { - khui_alert * alert = NULL; - wchar_t buf[K5_MAXCCH_HOST + 256]; - wchar_t fmt[256]; - - khui_alert_create_empty(&alert); - - LoadString(hResModule, IDS_CFG_RE_ASNUT, - fmt, ARRAYLENGTH(fmt)); - StringCbPrintf(buf, sizeof(buf), fmt, - pdisp->item.pszText, - d->realms[r].realm); - khui_alert_set_title(alert, buf); - - LoadString(hResModule, IDS_CFG_RE_ASNUM, - fmt, ARRAYLENGTH(fmt)); - StringCbPrintf(buf, sizeof(buf), fmt, - pdisp->item.pszText, - d->realms[r].realm); - khui_alert_set_message(alert, buf); - - khui_alert_set_severity(alert, KHERR_INFO); - khui_alert_show_modal(alert); - - khui_alert_release(alert); - - SetWindowLongPtr(hwnd, DWLP_MSGRESULT, FALSE); - return TRUE; - } - - if (k >= K5_MAX_KDC) { - SetWindowLongPtr(hwnd, DWLP_MSGRESULT, FALSE); - /* TODO: show a message box saying - there are too many KDC's - already. */ - return TRUE; - } - - StringCbCopy(d->realms[r].kdcs[k].name, - sizeof(d->realms[0].kdcs[0].name), - pdisp->item.pszText); - d->realms[r].kdcs[k].flags = K5_RKFLAG_NEW; - d->realms[r].n_kdcs++; - - k5_update_kdcs_display(hw_kdc, d, d->c_realm); - - if (!(d->realms[r].flags & K5_RDFLAG_MODIFED)) { - d->flags |= K5_CDFLAG_MOD_REALMS; - d->realms[r].flags |= K5_RDFLAG_MODIFED; - k5_update_realms_display(GetDlgItem(hwnd, IDC_CFG_REALMS), d); - } - } - return TRUE; - } - break; - - case LVN_KEYDOWN: - { - NMLVKEYDOWN * pnmk; - - pnmk = (NMLVKEYDOWN *) lParam; - - if (pnmk->wVKey == VK_DELETE) { - k5_delete_servers(hwnd, d); - } - return TRUE; - } - break; - - case NM_CLICK: - { - LPNMITEMACTIVATE lpnmi; - LVHITTESTINFO hti; - LVITEM lvi; - khm_size r; - khm_size k; - - r = d->c_realm; - - lpnmi = (LPNMITEMACTIVATE) lParam; - - ZeroMemory(&hti, sizeof(hti)); - hti.pt = lpnmi->ptAction; - ListView_SubItemHitTest(hw_kdc, &hti); - - if (hti.iSubItem != 0) { - - ZeroMemory(&lvi, sizeof(lvi)); - - lvi.mask = LVIF_PARAM; - lvi.iItem = hti.iItem; - ListView_GetItem(hw_kdc, &lvi); - - if (lvi.lParam < 0 || lvi.lParam >= (int) d->realms[r].n_kdcs) - return TRUE; - - k = lvi.lParam; - - if (hti.iSubItem == K5_KDCSI_ADMIN) { - d->realms[r].kdcs[k].admin = !d->realms[r].kdcs[k].admin; - d->realms[r].kdcs[k].flags |= K5_RKFLAG_MOD_ADMIN; - } else if (hti.iSubItem == K5_KDCSI_MASTER) { - if (d->realms[r].kdcs[k].master) { - d->realms[r].kdcs[k].master = FALSE; - d->realms[r].kdcs[k].flags |= K5_RKFLAG_MOD_MASTER; - } else { - khm_size i; - - for (i=0; i < d->realms[r].n_kdcs; i++) { - if ((d->realms[r].kdcs[i].flags & K5_RKFLAG_DELETED) && - (d->realms[r].kdcs[i].flags & K5_RKFLAG_NEW)) - continue; - if (d->realms[r].kdcs[i].master) { - d->realms[r].kdcs[i].master = FALSE; - d->realms[r].kdcs[i].flags |= K5_RKFLAG_MOD_MASTER; - } - } - - d->realms[r].kdcs[k].master = TRUE; - d->realms[r].kdcs[k].flags |= K5_RKFLAG_MOD_MASTER; - } - } else { -#ifdef DEBUG - assert(FALSE); -#endif - } - - if (!(d->realms[r].flags & K5_RDFLAG_MODIFED)) { - d->realms[r].flags |= K5_RDFLAG_MODIFED; - d->flags |= K5_CDFLAG_MOD_REALMS; - k5_update_realms_display(GetDlgItem(hwnd, IDC_CFG_REALMS), d); - } - - k5_update_kdcs_display(hw_kdc, d, r); - } - } - break; - } - } else if (pnmh->idFrom == IDC_CFG_DMAP) { - hw_dmp = pnmh->hwndFrom; - - switch (pnmh->code) { - case LVN_BEGINLABELEDIT: - { - NMLVDISPINFO * pdisp; - LVITEM lvi; - - pdisp = (NMLVDISPINFO *) lParam; - - ZeroMemory(&lvi, sizeof(lvi)); - lvi.iItem = pdisp->item.iItem; - lvi.mask = LVIF_PARAM; - - ListView_GetItem(hw_dmp, &lvi); - - /* Only allow editing if the user is trying to - edit the <New domain mapping> entry. */ - if (pdisp->item.iItem == -1 || - lvi.lParam != -1) { - SetWindowLongPtr(hwnd, DWLP_MSGRESULT, TRUE); - } else { - HWND hw_edit; - - hw_edit = ListView_GetEditControl(hw_dmp); - if (hw_edit != NULL) { - SendMessage(hw_edit, - EM_SETLIMITTEXT, - K5_MAXCCH_HOST - 1, - 0); - } - SetWindowLongPtr(hwnd, DWLP_MSGRESULT, FALSE); - } - return TRUE; - } - break; - - case LVN_ENDLABELEDIT: - { - NMLVDISPINFO * pdisp; - khm_size r; - khm_size m; - - r = d->c_realm; - - pdisp = (NMLVDISPINFO *) lParam; - - if (pdisp->item.pszText && pdisp->item.pszText[0]) { - - /* first check if this is unique */ - for (m=0; m < d->realms[r].n_domain_maps; m++) { - if ((d->realms[r].domain_maps[m].flags & K5_DMFLAG_NEW) && - (d->realms[r].domain_maps[m].flags & K5_DMFLAG_DELETED)) - continue; - - if (!_wcsicmp(d->realms[r].domain_maps[m].name, - pdisp->item.pszText)) - break; - } - - if (m < d->realms[r].n_domain_maps) { - khui_alert * alert; - wchar_t buf[K5_MAXCCH_HOST + 256]; - wchar_t fmt[256]; - - khui_alert_create_empty(&alert); - - LoadString(hResModule, IDS_CFG_RE_DMNUT, - fmt, ARRAYLENGTH(fmt)); - StringCbPrintf(buf, sizeof(buf), fmt, - pdisp->item.pszText, - d->realms[r].realm); - khui_alert_set_title(alert, buf); - - LoadString(hResModule, IDS_CFG_RE_DMNUM, - fmt, ARRAYLENGTH(fmt)); - StringCbPrintf(buf, sizeof(buf), fmt, - pdisp->item.pszText, - d->realms[r].realm); - khui_alert_set_message(alert, buf); - - khui_alert_set_severity(alert, KHERR_INFO); - khui_alert_show_modal(alert); - - khui_alert_release(alert); - - SetWindowLongPtr(hwnd, DWLP_MSGRESULT, FALSE); - return TRUE; - } - - if (m >= K5_MAX_DOMAIN_MAPPINGS) { - SetWindowLongPtr(hwnd, DWLP_MSGRESULT, FALSE); - /* TODO: show a message box saying - there are too many domain mappings - already. */ - return TRUE; - } - - StringCbCopy(d->realms[r].domain_maps[m].name, - sizeof(d->realms[0].domain_maps[0].name), - pdisp->item.pszText); - d->realms[r].domain_maps[m].flags = K5_DMFLAG_NEW; - d->realms[r].n_domain_maps++; - - k5_update_dmap_display(hw_dmp, d, d->c_realm); - - if (!(d->realms[r].flags & K5_RDFLAG_MODIFED)) { - d->flags |= K5_CDFLAG_MOD_REALMS; - d->realms[r].flags |= K5_RDFLAG_MODIFED; - k5_update_realms_display(GetDlgItem(hwnd, IDC_CFG_REALMS), d); - } - } - return TRUE; - } - break; - - case LVN_KEYDOWN: - { - NMLVKEYDOWN * pnmk; - - pnmk = (NMLVKEYDOWN *) lParam; - - if (pnmk->wVKey == VK_DELETE) { - k5_delete_dmap(hwnd, d); - return TRUE; - } - } - break; - } - } /* end of handling DMAP notifications */ - } - break; - - case WM_COMMAND: - switch(LOWORD(wParam)) { - case CMD_NEW_REALM: - { - ListView_EditLabel(GetDlgItem(hwnd, IDC_CFG_REALMS), 0); - - return TRUE; - } - break; - - case CMD_DEL_REALM: - { - k5_delete_realms(hwnd, d); - - return TRUE; - } - break; - - case CMD_NEW_SERVER: - { - ListView_EditLabel(GetDlgItem(hwnd, IDC_CFG_KDC), 0); - - return TRUE; - } - break; - - case CMD_DEL_SERVER: - { - k5_delete_servers(hwnd, d); - - return TRUE; - } - break; - - case CMD_MAKE_ADMIN: - { - HWND hw_kdc; - int idx; - khm_size r; - khm_size k; - BOOL modified = FALSE; - - r = d->c_realm; - - hw_kdc = GetDlgItem(hwnd, IDC_CFG_KDC); - - if (ListView_GetSelectedCount(hw_kdc) != 1) - return TRUE; - - idx = -1; - while ((idx = ListView_GetNextItem(hw_kdc, idx, - LVNI_SELECTED)) != -1) { - LVITEM lvi; - - ZeroMemory(&lvi, sizeof(lvi)); - - lvi.mask = LVIF_PARAM; - lvi.iItem = idx; - ListView_GetItem(hw_kdc, &lvi); - - k = lvi.lParam; - - if (lvi.lParam >= 0 && lvi.lParam < (int) d->realms[r].n_kdcs) { - d->realms[r].kdcs[k].admin = !d->realms[r].kdcs[k].admin; - d->realms[r].kdcs[k].flags |= K5_RKFLAG_MOD_ADMIN; - modified = TRUE; - - break; - } - } - - if (modified) { - if (!(d->realms[r].flags & K5_RDFLAG_MODIFED)) { - d->flags |= K5_CDFLAG_MOD_REALMS; - d->realms[r].flags |= K5_RDFLAG_MODIFED; - k5_update_realms_display(GetDlgItem(hwnd, IDC_CFG_REALMS), d); - } - } - - k5_update_kdcs_display(hw_kdc, d, r); - - return TRUE; - } - break; - - case CMD_MAKE_MASTER: - { - HWND hw_kdc; - int idx; - khm_size r; - khm_size k; - BOOL modified = FALSE; - - r = d->c_realm; - - hw_kdc = GetDlgItem(hwnd, IDC_CFG_KDC); - - if (ListView_GetSelectedCount(hw_kdc) != 1) - return TRUE; - - idx = -1; - while ((idx = ListView_GetNextItem(hw_kdc, idx, - LVNI_SELECTED)) != -1) { - LVITEM lvi; - - ZeroMemory(&lvi, sizeof(lvi)); - - lvi.mask = LVIF_PARAM; - lvi.iItem = idx; - ListView_GetItem(hw_kdc, &lvi); - - k = lvi.lParam; - - if (lvi.lParam >= 0 && lvi.lParam < (int) d->realms[r].n_kdcs) { - if (d->realms[r].kdcs[k].master) { - d->realms[r].kdcs[k].master = FALSE; - } else { - khm_size i; - - for (i=0; i < d->realms[r].n_kdcs; i++) { - if ((d->realms[r].kdcs[i].flags & K5_RKFLAG_NEW) && - (d->realms[r].kdcs[i].flags & K5_RKFLAG_DELETED)) - continue; - - if (d->realms[r].kdcs[i].master) { - d->realms[r].kdcs[i].master = FALSE; - d->realms[r].kdcs[i].flags |= K5_RKFLAG_MOD_MASTER; - } - } - - d->realms[r].kdcs[k].master = TRUE; - } - d->realms[r].kdcs[k].flags |= K5_RKFLAG_MOD_MASTER; - modified = TRUE; - - break; - } - } - - if (modified) { - if (!(d->realms[r].flags & K5_RDFLAG_MODIFED)) { - d->flags |= K5_CDFLAG_MOD_REALMS; - d->realms[r].flags |= K5_RDFLAG_MODIFED; - k5_update_realms_display(hwnd, d); - } - } - - k5_update_kdcs_display(hw_kdc, d, r); - - return TRUE; - } - break; - - case CMD_NEW_DMAP: - { - ListView_EditLabel(GetDlgItem(hwnd, IDC_CFG_DMAP), 0); - - return TRUE; - } - break; - - case CMD_DEL_DMAP: - { - k5_delete_dmap(hwnd, d); - - return TRUE; - } - break; - } - break; - - case WM_DESTROY: - if (d->hm_realms_ctx) - DestroyMenu(d->hm_realms_ctx); - if (d->hm_kdc_ctx) - DestroyMenu(d->hm_kdc_ctx); - if (d->hm_dmap_ctx) - DestroyMenu(d->hm_dmap_ctx); - - d->hm_realms_ctx = NULL; - d->hm_kdc_ctx = NULL; - d->hm_dmap_ctx = NULL; - break; - - case KHUI_WM_CFG_NOTIFY: - /* the realms dialog receives this notification after the top - level krb5 configuration panel has received it. */ - if (HIWORD(wParam) == WMCFG_APPLY) { - int applied; - - applied = k5_write_config_data(d); - k5_purge_config_data(d, TRUE, TRUE, TRUE); - k5_update_realms_display(GetDlgItem(hwnd, IDC_CFG_REALMS), d); - if (d->c_realm != -1) { - k5_update_kdcs_display(GetDlgItem(hwnd, IDC_CFG_KDC), d, d->c_realm); - k5_update_dmap_display(GetDlgItem(hwnd, IDC_CFG_DMAP), d, d->c_realm); - } else { - k5_update_kdcs_display(GetDlgItem(hwnd, IDC_CFG_KDC), NULL, 0); - k5_update_dmap_display(GetDlgItem(hwnd, IDC_CFG_DMAP), NULL, 0); - } - khui_cfg_set_flags(d->node_realm, - (applied ? KHUI_CNFLAG_APPLIED : 0), - KHUI_CNFLAG_APPLIED); - - } - break; - } - return FALSE; -} - -void -k5_register_config_panels(void) { - khui_config_node node; - khui_config_node_reg reg; - wchar_t wshort[KHUI_MAXCCH_SHORT_DESC]; - wchar_t wlong[KHUI_MAXCCH_LONG_DESC]; - - ZeroMemory(®, sizeof(reg)); - - LoadString(hResModule, IDS_K5CFG_SHORT_DESC, - wshort, ARRAYLENGTH(wshort)); - LoadString(hResModule, IDS_K5CFG_LONG_DESC, - wlong, ARRAYLENGTH(wlong)); - - reg.name = L"Kerberos5"; - reg.short_desc = wshort; - reg.long_desc = wlong; - reg.h_module = hResModule; - reg.dlg_template = MAKEINTRESOURCE(IDD_CONFIG); - reg.dlg_proc = k5_config_dlgproc; - reg.flags = 0; - - khui_cfg_register(NULL, ®); - - if (KHM_FAILED(khui_cfg_open(NULL, L"Kerberos5", &node))) { - node = NULL; -#ifdef DEBUG - assert(FALSE); -#endif - } - - ZeroMemory(®, sizeof(reg)); - - LoadString(hResModule, IDS_K5RLM_SHORT_DESC, - wshort, ARRAYLENGTH(wshort)); - LoadString(hResModule, IDS_K5RLM_LONG_DESC, - wlong, ARRAYLENGTH(wlong)); - - reg.name = L"KerberosRealms"; - reg.short_desc = wshort; - reg.long_desc = wlong; - reg.h_module = hResModule; - reg.dlg_template = MAKEINTRESOURCE(IDD_CFG_REALMS); - reg.dlg_proc = k5_realms_dlgproc; - reg.flags = 0; - - khui_cfg_register(node, ®); - - ZeroMemory(®, sizeof(reg)); - - LoadString(hResModule, IDS_K5CCC_SHORT_DESC, - wshort, ARRAYLENGTH(wshort)); - LoadString(hResModule, IDS_K5CCC_LONG_DESC, - wlong, ARRAYLENGTH(wlong)); - - reg.name = L"KerberosCCaches"; - reg.short_desc = wshort; - reg.long_desc = wlong; - reg.h_module = hResModule; - reg.dlg_template = MAKEINTRESOURCE(IDD_CFG_CACHES); - reg.dlg_proc = k5_ccconfig_dlgproc; - reg.flags = 0; - - khui_cfg_register(node, ®); - - khui_cfg_release(node); - - if (KHM_FAILED(khui_cfg_open(NULL, L"KhmIdentities", &node))) { - node = NULL; -#ifdef DEBUG - assert(FALSE); -#endif - } - - ZeroMemory(®, sizeof(reg)); - - LoadString(hResModule, IDS_K5CFG_IDS_SHORT_DESC, - wshort, ARRAYLENGTH(wshort)); - LoadString(hResModule, IDS_K5CFG_IDS_LONG_DESC, - wlong, ARRAYLENGTH(wlong)); - - reg.name = L"KerberosIdentities"; - reg.short_desc = wshort; - reg.long_desc = wlong; - reg.h_module = hResModule; - reg.dlg_template = MAKEINTRESOURCE(IDD_CFG_IDS_TAB); - reg.dlg_proc = k5_ids_tab_dlgproc; - reg.flags = KHUI_CNFLAG_SUBPANEL; - - khui_cfg_register(node, ®); - - ZeroMemory(®, sizeof(reg)); - - LoadString(hResModule, IDS_K5CFG_ID_SHORT_DESC, - wshort, ARRAYLENGTH(wshort)); - LoadString(hResModule, IDS_K5CFG_ID_LONG_DESC, - wlong, ARRAYLENGTH(wlong)); - - reg.name = L"KerberosIdentitiesPlural"; - reg.short_desc = wshort; - reg.long_desc = wlong; - reg.h_module = hResModule; - reg.dlg_template = MAKEINTRESOURCE(IDD_CFG_ID_TAB); - reg.dlg_proc = k5_id_tab_dlgproc; - reg.flags = KHUI_CNFLAG_SUBPANEL | KHUI_CNFLAG_PLURAL; - - khui_cfg_register(node, ®); - - khui_cfg_release(node); -} - -void -k5_unregister_config_panels(void) { - khui_config_node node_main; - khui_config_node node_realms; - khui_config_node node_ids; - khui_config_node node_tab; - khui_config_node node_ccaches; - - if (KHM_FAILED(khui_cfg_open(NULL, L"Kerberos5", &node_main))) { - node_main = NULL; -#ifdef DEBUG - assert(FALSE); -#endif - } - - if (KHM_SUCCEEDED(khui_cfg_open(node_main, L"KerberosRealms", - &node_realms))) { - khui_cfg_remove(node_realms); - khui_cfg_release(node_realms); - } else { -#ifdef DEBUG - assert(FALSE); -#endif - } - - if (KHM_SUCCEEDED(khui_cfg_open(node_main, L"KerberosCCaches", - &node_ccaches))) { - khui_cfg_remove(node_ccaches); - khui_cfg_release(node_ccaches); - } -#ifdef DEBUG - else - assert(FALSE); -#endif - - if (node_main) { - khui_cfg_remove(node_main); - khui_cfg_release(node_main); - } - - if (KHM_FAILED(khui_cfg_open(NULL, L"KhmIdentities", &node_ids))) { - node_ids = NULL; -#ifdef DEBUG - assert(FALSE); -#endif - } - - if (KHM_SUCCEEDED(khui_cfg_open(node_ids, L"KerberosIdentities", &node_tab))) { - khui_cfg_remove(node_tab); - khui_cfg_release(node_tab); - } - if (KHM_SUCCEEDED(khui_cfg_open(node_ids, L"KerberosIdentitiesPlural", &node_tab))) { - khui_cfg_remove(node_tab); - khui_cfg_release(node_tab); - } - - if (node_ids) - khui_cfg_release(node_ids); -} diff --git a/src/windows/identity/plugins/krb5/krb5configid.c b/src/windows/identity/plugins/krb5/krb5configid.c deleted file mode 100644 index b0dff3cb9..000000000 --- a/src/windows/identity/plugins/krb5/krb5configid.c +++ /dev/null @@ -1,366 +0,0 @@ -/* - * Copyright (c) 2005 Massachusetts Institute of Technology - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -/* $Id$ */ - -#include<krbcred.h> -#include<krb5.h> -#include<assert.h> -#include<lm.h> -#include<commctrl.h> -#include<shlwapi.h> - -#include<strsafe.h> - -typedef struct tag_k5_id_dlg_data { - khui_config_init_data cfg; - - khm_handle ident; - - khui_tracker tc_life; - khui_tracker tc_renew; - - wchar_t ccache[KRB5_MAXCCH_CCNAME]; - - khm_boolean renewable; - khm_boolean forwardable; - khm_boolean proxiable; - khm_boolean addressless; - - DWORD public_ip; - - time_t life; - time_t renew_life; -} k5_id_dlg_data; - -static void -k5_id_read_params(k5_id_dlg_data * d) { - - wchar_t idname[KCDB_IDENT_MAXCCH_NAME]; - khm_size cb; - khm_int32 rv; - khm_int32 t; - khm_handle csp_ident = NULL; - - cb = sizeof(idname); - rv = khui_cfg_get_name(d->cfg.ctx_node, idname, &cb); -#ifdef DEBUG - assert(KHM_SUCCEEDED(rv)); -#endif - - rv = kcdb_identity_create(idname, 0, &d->ident); -#ifdef DEBUG - assert(KHM_SUCCEEDED(rv)); -#endif - - khm_krb5_get_identity_config(d->ident, 0, &csp_ident); - - rv = khc_read_int32(csp_ident, L"DefaultLifetime", &t); - if (KHM_SUCCEEDED(rv)) - d->life = t; - else - d->life = 36000; - - rv = khc_read_int32(csp_ident, L"DefaultRenewLifetime", &t); - if (KHM_SUCCEEDED(rv)) - d->renew_life = t; - else - d->renew_life = 604800; - - rv = khc_read_int32(csp_ident, L"Renewable", &t); - if (KHM_SUCCEEDED(rv)) - d->renewable = !!t; - else - d->renewable = TRUE; - - rv = khc_read_int32(csp_ident, L"Forwardable", &t); - if (KHM_SUCCEEDED(rv)) - d->forwardable = !!t; - else - d->forwardable = FALSE; - - rv = khc_read_int32(csp_ident, L"Proxiable", &t); - if (KHM_SUCCEEDED(rv)) - d->proxiable = !!t; - else - d->proxiable = FALSE; - - rv = khc_read_int32(csp_ident, L"Addressless", &t); - if (KHM_SUCCEEDED(rv)) - d->addressless = !!t; - else - d->addressless = TRUE; - - rv = khc_read_int32(csp_ident, L"PublicIP", &t); - if (KHM_SUCCEEDED(rv)) - d->public_ip = (khm_ui_4) t; - else - d->public_ip = 0; - - cb = sizeof(d->ccache); - rv = khm_krb5_get_identity_default_ccache(d->ident, d->ccache, &cb); - -#ifdef DEBUG - assert(KHM_SUCCEEDED(rv)); -#endif - - khui_tracker_initialize(&d->tc_life); - d->tc_life.current = d->life; - d->tc_life.min = 0; - d->tc_life.max = 3600 * 24 * 7; - - khui_tracker_initialize(&d->tc_renew); - d->tc_renew.current = d->renew_life; - d->tc_renew.min = 0; - d->tc_renew.max = 3600 * 24 * 30; - - if (csp_ident) - khc_close_space(csp_ident); -} - -static khm_boolean -k5_id_is_mod(HWND hw, k5_id_dlg_data * d) { - wchar_t ccache[KRB5_MAXCCH_CCNAME]; - DWORD dwaddress = 0; - - GetDlgItemText(hw, IDC_CFG_CCACHE, ccache, ARRAYLENGTH(ccache)); - - SendDlgItemMessage(hw, IDC_CFG_PUBLICIP, IPM_GETADDRESS, - 0, (LPARAM) &dwaddress); - - if (_wcsicmp(ccache, d->ccache) || - - d->tc_renew.current != d->renew_life || - - d->tc_life.current != d->life || - - (IsDlgButtonChecked(hw, IDC_CFG_RENEW) == BST_CHECKED) != d->renewable || - - (IsDlgButtonChecked(hw, IDC_CFG_FORWARD) == BST_CHECKED) != d->forwardable || - - (IsDlgButtonChecked(hw, IDC_CFG_ADDRESSLESS) == BST_CHECKED) - != d->addressless || - - dwaddress != d->public_ip) - - return TRUE; - - return FALSE; -} - -static void -k5_id_check_mod(HWND hw, k5_id_dlg_data * d) { - BOOL modified = k5_id_is_mod(hw, d); - - khui_cfg_set_flags_inst(&d->cfg, - (modified)?KHUI_CNFLAG_MODIFIED:0, - KHUI_CNFLAG_MODIFIED); -} - -static void -k5_id_write_params(HWND hw, k5_id_dlg_data * d) { - - khm_handle csp_idroot = NULL; - khm_handle csp_ident = NULL; - wchar_t ccache[KRB5_MAXCCH_CCNAME]; - khm_size cb; - khm_int32 rv; - khm_boolean b; - khm_boolean applied = FALSE; - DWORD dwaddress = 0; - - if (!k5_id_is_mod(hw, d)) - return; - - rv = kcdb_identity_get_config(d->ident, KHM_FLAG_CREATE, &csp_idroot); - if (KHM_SUCCEEDED(rv)) { - khc_open_space(csp_idroot, CSNAME_KRB5CRED, - KHM_FLAG_CREATE | KCONF_FLAG_WRITEIFMOD, - &csp_ident); - } - - if (csp_idroot) - khc_close_space(csp_idroot); - - if (!csp_ident) - return; - - if (d->life != d->tc_life.current) { - d->life = d->tc_life.current; - khc_write_int32(csp_ident, L"DefaultLifetime", (khm_int32) d->life); - applied = TRUE; - } - - if (d->renew_life != d->tc_renew.current) { - d->renew_life = d->tc_renew.current; - khc_write_int32(csp_ident, L"DefaultRenewLifetime", (khm_int32) d->renew_life); - applied = TRUE; - } - - b = (IsDlgButtonChecked(hw, IDC_CFG_RENEW) == BST_CHECKED); - if (b != d->renewable) { - d->renewable = b; - khc_write_int32(csp_ident, L"Renewable", (khm_int32) b); - applied = TRUE; - } - - b = (IsDlgButtonChecked(hw, IDC_CFG_FORWARD) == BST_CHECKED); - if (b != d->forwardable) { - d->forwardable = b; - khc_write_int32(csp_ident, L"Forwardable", (khm_int32) b); - applied = TRUE; - } - - b = (IsDlgButtonChecked(hw, IDC_CFG_ADDRESSLESS) == BST_CHECKED); - if (b != d->addressless) { - d->addressless = b; - khc_write_int32(csp_ident, L"Addressless", (khm_int32) b); - applied = TRUE; - } - - SendDlgItemMessage(hw, IDC_CFG_PUBLICIP, IPM_GETADDRESS, - 0, (LPARAM) &dwaddress); - - if (dwaddress != d->public_ip) { - d->public_ip = dwaddress; - khc_write_int32(csp_ident, L"PublicIP", (khm_int32) dwaddress); - applied = TRUE; - } - - GetDlgItemText(hw, IDC_CFG_CCACHE, ccache, ARRAYLENGTH(ccache)); - - if (SUCCEEDED(StringCbLength(ccache, sizeof(ccache), &cb)) && - cb > sizeof(wchar_t)) { - - if (wcscmp(ccache, d->ccache)) { - khc_write_string(csp_ident, L"DefaultCCName", ccache); - StringCbCopy(d->ccache, sizeof(d->ccache), ccache); - applied = TRUE; - } - - } else { - khc_remove_value(csp_ident, L"DefaultCCName", KCONF_FLAG_USER); - d->ccache[0] = L'\0'; - applied = TRUE; - } - - if (csp_ident) - khc_close_space(csp_ident); - - khui_cfg_set_flags_inst(&d->cfg, - (applied ? KHUI_CNFLAG_APPLIED : 0), - KHUI_CNFLAG_APPLIED | KHUI_CNFLAG_MODIFIED); -} - -INT_PTR CALLBACK -k5_id_tab_dlgproc(HWND hwnd, - UINT uMsg, - WPARAM wParam, - LPARAM lParam) { - - k5_id_dlg_data * d; - - switch(uMsg) { - case WM_INITDIALOG: - d = PMALLOC(sizeof(*d)); -#ifdef DEBUG - assert(d); -#endif - ZeroMemory(d, sizeof(*d)); - - d->cfg = *((khui_config_init_data *) lParam); - -#pragma warning(push) -#pragma warning(disable: 4244) - SetWindowLongPtr(hwnd, DWLP_USER, (LONG_PTR) d); -#pragma warning(pop) - - k5_id_read_params(d); - - khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_DEFLIFE), - &d->tc_life); - khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_DEFRLIFE), - &d->tc_renew); - khui_tracker_refresh(&d->tc_life); - khui_tracker_refresh(&d->tc_renew); - - SetDlgItemText(hwnd, IDC_CFG_CCACHE, d->ccache); - - CheckDlgButton(hwnd, IDC_CFG_RENEW, - (d->renewable? BST_CHECKED: BST_UNCHECKED)); - - CheckDlgButton(hwnd, IDC_CFG_FORWARD, - (d->forwardable? BST_CHECKED: BST_UNCHECKED)); - - CheckDlgButton(hwnd, IDC_CFG_ADDRESSLESS, - (d->addressless? BST_CHECKED: BST_UNCHECKED)); - - SendDlgItemMessage(hwnd, IDC_CFG_PUBLICIP, - IPM_SETADDRESS, - 0, (LPARAM) d->public_ip); - break; - - case WM_COMMAND: - d = (k5_id_dlg_data *) (LONG_PTR) - GetWindowLongPtr(hwnd, DWLP_USER); - - if (d == NULL) - break; - - if (HIWORD(wParam) == EN_CHANGE || - HIWORD(wParam) == BN_CLICKED) - k5_id_check_mod(hwnd, d); - break; - - case KHUI_WM_CFG_NOTIFY: - d = (k5_id_dlg_data *) (LONG_PTR) - GetWindowLongPtr(hwnd, DWLP_USER); - - if (d == NULL) - break; - - if (HIWORD(wParam) == WMCFG_APPLY) { - k5_id_write_params(hwnd, d); - } - break; - - case WM_DESTROY: - d = (k5_id_dlg_data *) (LONG_PTR) - GetWindowLongPtr(hwnd, DWLP_USER); - - if (d == NULL) - break; - - khui_tracker_kill_controls(&d->tc_life); - khui_tracker_kill_controls(&d->tc_renew); - - if (d->ident) - kcdb_identity_release(d->ident); - - PFREE(d); - SetWindowLongPtr(hwnd, DWLP_USER, 0); - break; - } - return FALSE; -} diff --git a/src/windows/identity/plugins/krb5/krb5configids.c b/src/windows/identity/plugins/krb5/krb5configids.c deleted file mode 100644 index 70af85716..000000000 --- a/src/windows/identity/plugins/krb5/krb5configids.c +++ /dev/null @@ -1,281 +0,0 @@ -/* - * Copyright (c) 2005 Massachusetts Institute of Technology - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -/* $Id$ */ - -#include<krbcred.h> -#include<krb5.h> -#include<assert.h> -#include<lm.h> -#include<commctrl.h> -#include<shlwapi.h> - -typedef struct tag_k5_ids_opts { - khm_int32 renewable; - khm_int32 forwardable; - khm_int32 addressless; -} k5_ids_opts; - -typedef struct tag_k5_ids_dlg_data { - khui_config_init_data cfg; - - khui_tracker tc_life; - khui_tracker tc_renew; - khui_tracker tc_life_min; - khui_tracker tc_life_max; - khui_tracker tc_renew_min; - khui_tracker tc_renew_max; - - time_t life; - time_t renew_life; - time_t life_min; - time_t life_max; - time_t renew_min; - time_t renew_max; - - k5_ids_opts opt; - k5_ids_opts opt_saved; - -} k5_ids_dlg_data; - -static khm_boolean -k5_ids_is_mod(k5_ids_dlg_data * d) { - if (d->life != d->tc_life.current || - d->renew_life != d->tc_renew.current || - d->life_max != d->tc_life_max.current || - d->life_min != d->tc_life_min.current || - d->renew_max != d->tc_renew_max.current || - d->renew_min != d->tc_renew_min.current || - !!d->opt.renewable != !!d->opt_saved.renewable || - !!d->opt.forwardable != !!d->opt_saved.forwardable || - !!d->opt.addressless != !!d->opt_saved.addressless) - return TRUE; - return FALSE; -} - -static void -k5_ids_check_mod(k5_ids_dlg_data * d) { - BOOL modified = k5_ids_is_mod(d); - - khui_cfg_set_flags_inst(&d->cfg, - (modified)?KHUI_CNFLAG_MODIFIED:0, - KHUI_CNFLAG_MODIFIED); -} - -static void -k5_ids_write_params(k5_ids_dlg_data * d) { - - khm_int32 rv; - -#ifdef DEBUG - assert(csp_params); -#endif - - if (!k5_ids_is_mod(d)) - return; - -#define WRITEPARAM(po,pn,vn) \ - if (po != pn) { \ - po = pn; \ - rv = khc_write_int32(csp_params, vn, (khm_int32) po); \ - assert(KHM_SUCCEEDED(rv)); \ - } - - WRITEPARAM(d->life,d->tc_life.current, L"DefaultLifetime"); - WRITEPARAM(d->renew_life,d->tc_renew.current, L"DefaultRenewLifetime"); - WRITEPARAM(d->life_max,d->tc_life_max.current, L"MaxLifetime"); - WRITEPARAM(d->life_min,d->tc_life_min.current, L"MinLifetime"); - WRITEPARAM(d->renew_max,d->tc_renew_max.current, L"MaxRenewLifetime"); - WRITEPARAM(d->renew_min,d->tc_renew_min.current, L"MinRenewLifetime"); - WRITEPARAM(d->opt_saved.renewable, d->opt.renewable, L"Renewable"); - WRITEPARAM(d->opt_saved.forwardable, d->opt.forwardable, L"Forwardable"); - WRITEPARAM(d->opt_saved.addressless, d->opt.addressless, L"Addressless"); - -#undef WRITEPARAM - - khui_cfg_set_flags_inst(&d->cfg, - KHUI_CNFLAG_APPLIED, - KHUI_CNFLAG_APPLIED | KHUI_CNFLAG_MODIFIED); -} - -static void -k5_ids_read_params(k5_ids_dlg_data * d) { - k5_params p; - - khm_krb5_get_identity_params(NULL, &p); - - d->life = p.lifetime; - d->life_max = p.lifetime_max; - d->life_min = p.lifetime_min; - - d->renew_life = p.renew_life; - d->renew_max = p.renew_life_max; - d->renew_min = p.renew_life_min; - - d->opt_saved.forwardable = p.forwardable; - d->opt_saved.renewable = p.renewable; - d->opt_saved.addressless = p.addressless; - - d->opt = d->opt_saved; - - khui_tracker_initialize(&d->tc_life); - d->tc_life.current = d->life; - d->tc_life.min = 0; - d->tc_life.max = 3600 * 24 * 7; - - khui_tracker_initialize(&d->tc_renew); - d->tc_renew.current = d->renew_life; - d->tc_renew.min = 0; - d->tc_renew.max = 3600 * 24 * 30; - - khui_tracker_initialize(&d->tc_life_min); - d->tc_life_min.current = d->life_min; - d->tc_life_min.min = d->tc_life.min; - d->tc_life_min.max = d->tc_life.max; - - khui_tracker_initialize(&d->tc_life_max); - d->tc_life_max.current = d->life_max; - d->tc_life_max.min = d->tc_life.min; - d->tc_life_max.max = d->tc_life.max; - - khui_tracker_initialize(&d->tc_renew_min); - d->tc_renew_min.current = d->renew_min; - d->tc_renew_min.min = d->tc_renew.min; - d->tc_renew_min.max = d->tc_renew.max; - - khui_tracker_initialize(&d->tc_renew_max); - d->tc_renew_max.current = d->renew_max; - d->tc_renew_max.min = d->tc_renew.min; - d->tc_renew_max.max = d->tc_renew.max; -} - -INT_PTR CALLBACK -k5_ids_tab_dlgproc(HWND hwnd, - UINT uMsg, - WPARAM wParam, - LPARAM lParam) { - k5_ids_dlg_data * d; - - switch(uMsg) { - case WM_INITDIALOG: - d = PMALLOC(sizeof(*d)); -#ifdef DEBUG - assert(d); -#endif - ZeroMemory(d, sizeof(*d)); -#pragma warning(push) -#pragma warning(disable: 4244) - SetWindowLongPtr(hwnd, DWLP_USER, (LONG_PTR) d); -#pragma warning(pop) - - d->cfg = *((khui_config_init_data *) lParam); - - k5_ids_read_params(d); - - khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_DEFLIFE), - &d->tc_life); - khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_DEFRLIFE), - &d->tc_renew); - khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_LRNG_MIN), - &d->tc_life_min); - khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_LRNG_MAX), - &d->tc_life_max); - khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_RLRNG_MIN), - &d->tc_renew_min); - khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_RLRNG_MAX), - &d->tc_renew_max); - khui_tracker_refresh(&d->tc_life); - khui_tracker_refresh(&d->tc_life_min); - khui_tracker_refresh(&d->tc_life_max); - khui_tracker_refresh(&d->tc_renew); - khui_tracker_refresh(&d->tc_renew_min); - khui_tracker_refresh(&d->tc_renew_max); - - CheckDlgButton(hwnd, IDC_CFG_RENEW, (d->opt.renewable ? BST_CHECKED: BST_UNCHECKED)); - CheckDlgButton(hwnd, IDC_CFG_FORWARD, (d->opt.forwardable ? BST_CHECKED: BST_UNCHECKED)); - CheckDlgButton(hwnd, IDC_CFG_ADDRESSLESS, (d->opt.addressless ? BST_CHECKED: BST_UNCHECKED)); - break; - - case WM_COMMAND: - d = (k5_ids_dlg_data *) (LONG_PTR) - GetWindowLongPtr(hwnd, DWLP_USER); - - if (d == NULL) - break; - - if (HIWORD(wParam) == EN_CHANGE) { - k5_ids_check_mod(d); - } else if (HIWORD(wParam) == BN_CLICKED) { - switch (LOWORD(wParam)) { - case IDC_CFG_RENEW: - d->opt.renewable = (IsDlgButtonChecked(hwnd, IDC_CFG_RENEW) == BST_CHECKED); - break; - - case IDC_CFG_FORWARD: - d->opt.forwardable = (IsDlgButtonChecked(hwnd, IDC_CFG_FORWARD) == BST_CHECKED); - break; - - case IDC_CFG_ADDRESSLESS: - d->opt.addressless = (IsDlgButtonChecked(hwnd, IDC_CFG_ADDRESSLESS) == BST_CHECKED); - break; - } - - k5_ids_check_mod(d); - } - break; - - case KHUI_WM_CFG_NOTIFY: - d = (k5_ids_dlg_data *) (LONG_PTR) - GetWindowLongPtr(hwnd, DWLP_USER); - - if (d == NULL) - break; - - if (HIWORD(wParam) == WMCFG_APPLY) { - k5_ids_write_params(d); - } - break; - - case WM_DESTROY: - d = (k5_ids_dlg_data *) (LONG_PTR) - GetWindowLongPtr(hwnd, DWLP_USER); - - if (d == NULL) - break; - - khui_tracker_kill_controls(&d->tc_life); - khui_tracker_kill_controls(&d->tc_renew); - khui_tracker_kill_controls(&d->tc_life_min); - khui_tracker_kill_controls(&d->tc_life_max); - khui_tracker_kill_controls(&d->tc_renew_min); - khui_tracker_kill_controls(&d->tc_renew_max); - - PFREE(d); - - SetWindowLongPtr(hwnd, DWLP_USER, 0); - - break; - } - return FALSE; -} diff --git a/src/windows/identity/plugins/krb5/krb5funcs.c b/src/windows/identity/plugins/krb5/krb5funcs.c deleted file mode 100644 index a78ed45d7..000000000 --- a/src/windows/identity/plugins/krb5/krb5funcs.c +++ /dev/null @@ -1,3637 +0,0 @@ -/* -* Copyright (c) 2005 Massachusetts Institute of Technology -* Copyright (c) 2006,2007 Secure Endpoints Inc. -* -* Permission is hereby granted, free of charge, to any person -* obtaining a copy of this software and associated documentation -* files (the "Software"), to deal in the Software without -* restriction, including without limitation the rights to use, copy, -* modify, merge, publish, distribute, sublicense, and/or sell copies -* of the Software, and to permit persons to whom the Software is -* furnished to do so, subject to the following conditions: -* -* The above copyright notice and this permission notice shall be -* included in all copies or substantial portions of the Software. -* -* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -* SOFTWARE. -*/ - -/* $Id$ */ - -/* Originally this was krb5routines.c in Leash sources. Subsequently - * modified and adapted for NetIDMgr */ - -#include<krbcred.h> -#include<kherror.h> - -#define SECURITY_WIN32 -#include <security.h> - -#include <string.h> -#include <time.h> -#include <stdlib.h> -#include <assert.h> -#include <strsafe.h> - -long -khm_convert524(krb5_context alt_ctx) -{ - krb5_context ctx = 0; - krb5_error_code code = 0; - int icode = 0; - krb5_principal me = 0; - krb5_principal server = 0; - krb5_creds *v5creds = 0; - krb5_creds increds; - krb5_ccache cc = 0; - CREDENTIALS * v4creds = NULL; - static int init_ets = 1; - - if (!pkrb5_init_context || - !pkrb_in_tkt || - !pkrb524_init_ets || - !pkrb524_convert_creds_kdc) - return 0; - - v4creds = (CREDENTIALS *) PMALLOC(sizeof(CREDENTIALS)); - memset((char *) v4creds, 0, sizeof(CREDENTIALS)); - - memset((char *) &increds, 0, sizeof(increds)); - /* - From this point on, we can goto cleanup because increds is - initialized. - */ - - if (alt_ctx) - { - ctx = alt_ctx; - } - else - { - code = pkrb5_init_context(&ctx); - if (code) goto cleanup; - } - - code = pkrb5_cc_default(ctx, &cc); - if (code) goto cleanup; - - if ( init_ets ) { - pkrb524_init_ets(ctx); - init_ets = 0; - } - - if (code = pkrb5_cc_get_principal(ctx, cc, &me)) - goto cleanup; - - if ((code = pkrb5_build_principal(ctx, - &server, - krb5_princ_realm(ctx, me)->length, - krb5_princ_realm(ctx, me)->data, - "krbtgt", - krb5_princ_realm(ctx, me)->data, - NULL))) - { - goto cleanup; - } - - increds.client = me; - increds.server = server; - increds.times.endtime = 0; - increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC; - if ((code = pkrb5_get_credentials(ctx, 0, - cc, - &increds, - &v5creds))) - { - goto cleanup; - } - - if ((icode = pkrb524_convert_creds_kdc(ctx, - v5creds, - v4creds))) - { - goto cleanup; - } - - /* initialize ticket cache */ - if ((icode = pkrb_in_tkt(v4creds->pname, v4creds->pinst, v4creds->realm) - != KSUCCESS)) - { - goto cleanup; - } - /* stash ticket, session key, etc. for future use */ - if ((icode = pkrb_save_credentials(v4creds->service, - v4creds->instance, - v4creds->realm, - v4creds->session, - v4creds->lifetime, - v4creds->kvno, - &(v4creds->ticket_st), - v4creds->issue_date))) - { - goto cleanup; - } - -cleanup: - memset(v4creds, 0, sizeof(v4creds)); - PFREE(v4creds); - - if (v5creds) { - pkrb5_free_creds(ctx, v5creds); - } - if (increds.client == me) - me = 0; - if (increds.server == server) - server = 0; - pkrb5_free_cred_contents(ctx, &increds); - if (server) { - pkrb5_free_principal(ctx, server); - } - if (me) { - pkrb5_free_principal(ctx, me); - } - pkrb5_cc_close(ctx, cc); - - if (ctx && (ctx != alt_ctx)) { - pkrb5_free_context(ctx); - } - return !(code || icode); -} - -#ifdef DEPRECATED_REMOVABLE -int com_addr(void) -{ - long ipAddr; - char loc_addr[ADDR_SZ]; - CREDENTIALS cred; - char service[40]; - char instance[40]; - // char addr[40]; - char realm[40]; - struct in_addr LocAddr; - int k_errno; - - if (pkrb_get_cred == NULL) - return(KSUCCESS); - - k_errno = (*pkrb_get_cred)(service,instance,realm,&cred); - if (k_errno) - return KRBERR(k_errno); - - while(1) { - ipAddr = (*pLocalHostAddr)(); - LocAddr.s_addr = ipAddr; - StringCbCopyA(loc_addr, sizeof(loc_addr), inet_ntoa(LocAddr)); - if ( strcmp(cred.address, loc_addr) != 0) { - /* TODO: do something about this */ - //Leash_kdestroy (); - break; - } - break; - } // while() - return 0; -} -#endif - -/* we use these structures to keep track of identities that we find - while going through the API, FILE and MSLSA caches and enumerating - credentials. The only identities we want to keep track of are the - ones that have an initial ticket. We collect information for each - of the identities we find that we have initial tickets for and - then set the properties for the identities at once. */ - -typedef struct tag_ident_data { - khm_handle ident; /* handle to the identity */ - khm_int32 count; /* number of initial tickets we have - found for this identity. */ - wchar_t ccname[KRB5_MAXCCH_CCNAME]; - FILETIME ft_issue; - FILETIME ft_expire; - FILETIME ft_renewexpire; - khm_int32 krb5_flags; -} ident_data; - -typedef struct tag_identlist { - ident_data * list; - khm_size n_list; - khm_size nc_list; -} identlist; - -#define IDLIST_ALLOC_INCR 8 - -static void -tc_prep_idlist(identlist * idlist) { - khm_int32 rv; - khm_size cb_ids = 0; - khm_size n_ids = 0; - khm_size i; - wchar_t * ids = NULL; - wchar_t *thisid; - - idlist->list = NULL; - idlist->n_list = 0; - idlist->nc_list = 0; - - do { - - if (ids) { - PFREE(ids); - ids = NULL; - } - - rv = kcdb_identity_enum(KCDB_IDENT_FLAG_ACTIVE, - KCDB_IDENT_FLAG_ACTIVE, - NULL, - &cb_ids, - &n_ids); - - if (rv != KHM_ERROR_TOO_LONG) - break; /* something else is wrong */ - - if (n_ids == 0 || cb_ids == 0) - break; /* no identities to process */ - -#ifdef DEBUG - assert(cb_ids > 0); -#endif - - ids = PMALLOC(cb_ids); -#ifdef DEBUG - assert(ids != NULL); -#endif - if (ids == NULL) - break; - - rv = kcdb_identity_enum(KCDB_IDENT_FLAG_ACTIVE, - KCDB_IDENT_FLAG_ACTIVE, - ids, - &cb_ids, - &n_ids); - - if (KHM_SUCCEEDED(rv)) - break; - - } while (TRUE); - - if (ids == NULL) - return; - - if (KHM_FAILED(rv) || n_ids == 0) { - if (ids) - PFREE(ids); - return; - } - - idlist->nc_list = UBOUNDSS(n_ids, IDLIST_ALLOC_INCR, IDLIST_ALLOC_INCR); - - idlist->list = PCALLOC(idlist->nc_list, sizeof(idlist->list[0])); - - for (i = 0, thisid = ids; - thisid && thisid[0]; - thisid = multi_string_next(thisid)) { - - khm_handle ident; - - rv = kcdb_identity_create(thisid, 0, &ident); - - if (KHM_FAILED(rv)) - continue; - - idlist->list[i].ident = ident; - idlist->list[i].count = 0; - - i++; - } - - idlist->n_list = i; - - PFREE(ids); -} - -static ident_data * -tc_add_ident_to_list(identlist * idlist, khm_handle ident) { - khm_size i; - ident_data * d; - - for (i=0; i < idlist->n_list; i++) { - if (kcdb_identity_is_equal(ident, idlist->list[i].ident)) - break; - } - - if (i < idlist->n_list) { - /* we already have this identity on our list. Increment the - count */ - idlist->list[i].count++; - return &idlist->list[i]; - } - - /* it wasn't in our list. Add it */ - - if (idlist->n_list + 1 > idlist->nc_list) { - idlist->nc_list = UBOUNDSS(idlist->n_list + 1, - IDLIST_ALLOC_INCR, - IDLIST_ALLOC_INCR); -#ifdef DEBUG - assert(idlist->n_list + 1 <= idlist->nc_list); -#endif - idlist->list = PREALLOC(idlist->list, - sizeof(idlist->list[0]) * idlist->nc_list); -#ifdef DEBUG - assert(idlist->list); -#endif - ZeroMemory(&idlist->list[idlist->n_list], - sizeof(idlist->list[0]) * - (idlist->nc_list - idlist->n_list)); - } - - d = &idlist->list[idlist->n_list]; - - ZeroMemory(d, sizeof(*d)); - - d->ident = ident; - d->count = 1; - - idlist->n_list++; - - kcdb_identity_hold(ident); - - return d; -} - -static void -tc_set_ident_data(identlist * idlist) { - khm_size i; - wchar_t k5idtype[KCDB_MAXCCH_NAME]; - - k5idtype[0] = L'\0'; - LoadString(hResModule, IDS_KRB5_NC_NAME, - k5idtype, ARRAYLENGTH(k5idtype)); - - for (i=0; i < idlist->n_list; i++) { -#ifdef DEBUG - assert(idlist->list[i].ident); -#endif - - if (idlist->list[i].count > 0) { - khm_int32 t; - - t = credtype_id_krb5; - kcdb_identity_set_attr(idlist->list[i].ident, - KCDB_ATTR_TYPE, - &t, - sizeof(t)); - - /* We need to manually add the type name if we want the - name to show up in the property list for the identity. - The type name is only automatically calculated for - credentials. */ - kcdb_identity_set_attr(idlist->list[i].ident, - KCDB_ATTR_TYPE_NAME, - k5idtype, - KCDB_CBSIZE_AUTO); - - kcdb_identity_set_attr(idlist->list[i].ident, - attr_id_krb5_ccname, - idlist->list[i].ccname, - KCDB_CBSIZE_AUTO); - - kcdb_identity_set_attr(idlist->list[i].ident, - KCDB_ATTR_EXPIRE, - &idlist->list[i].ft_expire, - sizeof(idlist->list[i].ft_expire)); - - kcdb_identity_set_attr(idlist->list[i].ident, - KCDB_ATTR_ISSUE, - &idlist->list[i].ft_issue, - sizeof(idlist->list[i].ft_issue)); - - kcdb_identity_set_attr(idlist->list[i].ident, - attr_id_krb5_flags, - &idlist->list[i].krb5_flags, - sizeof(idlist->list[i].krb5_flags)); - - if (idlist->list[i].ft_renewexpire.dwLowDateTime == 0 && - idlist->list[i].ft_renewexpire.dwHighDateTime == 0) { - kcdb_identity_set_attr(idlist->list[i].ident, - KCDB_ATTR_RENEW_EXPIRE, - NULL, 0); - } else { - kcdb_identity_set_attr(idlist->list[i].ident, - KCDB_ATTR_RENEW_EXPIRE, - &idlist->list[i].ft_renewexpire, - sizeof(idlist->list[i].ft_renewexpire)); - } - - } else { - /* We didn't see any TGTs for this identity. We have to - remove all the Krb5 supplied properties. */ - - khm_int32 t; - khm_size cb; - - cb = sizeof(t); - if (KHM_SUCCEEDED(kcdb_identity_get_attr(idlist->list[i].ident, - KCDB_ATTR_TYPE, NULL, - &t, - &cb)) && - t == credtype_id_krb5) { - - /* disown this and remove all our properties. the - system will GC this identity if nobody claims it.*/ - - kcdb_identity_set_attr(idlist->list[i].ident, - KCDB_ATTR_TYPE, NULL, 0); - kcdb_identity_set_attr(idlist->list[i].ident, - KCDB_ATTR_TYPE_NAME, NULL, 0); - kcdb_identity_set_attr(idlist->list[i].ident, - attr_id_krb5_ccname, NULL, 0); - kcdb_identity_set_attr(idlist->list[i].ident, - KCDB_ATTR_EXPIRE, NULL, 0); - kcdb_identity_set_attr(idlist->list[i].ident, - KCDB_ATTR_ISSUE, NULL, 0); - kcdb_identity_set_attr(idlist->list[i].ident, - attr_id_krb5_flags, NULL, 0); - kcdb_identity_set_attr(idlist->list[i].ident, - KCDB_ATTR_RENEW_EXPIRE, NULL, 0); - } else { - /* otherwise, this identity doesn't belong to us. We - should leave it as is. */ - } - } - } -} - -static void -tc_free_idlist(identlist * idlist) { - khm_size i; - - for (i=0; i < idlist->n_list; i++) { - if (idlist->list[i].ident != NULL) { - kcdb_identity_release(idlist->list[i].ident); - idlist->list[i].ident = NULL; - } - } - - if (idlist->list) - PFREE(idlist->list); - idlist->list = NULL; - idlist->n_list = 0; - idlist->nc_list = 0; -} - -#ifndef ENCTYPE_LOCAL_RC4_MD4 -#define ENCTYPE_LOCAL_RC4_MD4 0xFFFFFF80 -#endif - -#define MAX_ADDRS 256 - -static long get_tickets_from_cache(krb5_context ctx, - krb5_ccache cache, - identlist * idlist) -{ - krb5_error_code code; - krb5_principal KRBv5Principal; - krb5_flags flags = 0; - krb5_cc_cursor KRBv5Cursor; - krb5_creds KRBv5Credentials; - krb5_ticket *tkt=NULL; - char *ClientName = NULL; - char *PrincipalName = NULL; - wchar_t wbuf[256]; /* temporary conversion buffer */ - wchar_t wcc_name[KRB5_MAXCCH_CCNAME]; /* credential cache name */ - char *sServerName = NULL; - khm_handle ident = NULL; - khm_handle cred = NULL; - time_t tt; - FILETIME ft, eft; - khm_int32 ti; - -#ifdef KRB5_TC_NOTICKET - flags = KRB5_TC_NOTICKET; -#endif - - { - const char * cc_name; - const char * cc_type; - - cc_name = (*pkrb5_cc_get_name)(ctx, cache); - if(cc_name) { - cc_type = (*pkrb5_cc_get_type)(ctx, cache); - if (cc_type) { - StringCbPrintf(wcc_name, sizeof(wcc_name), L"%S:%S", cc_type, cc_name); - } else { - AnsiStrToUnicode(wcc_name, sizeof(wcc_name), cc_name); - khm_krb5_canon_cc_name(wcc_name, sizeof(wcc_name)); - } - } else { - cc_type = (*pkrb5_cc_get_type)(ctx, cache); - if (cc_type) { - StringCbPrintf(wcc_name, sizeof(wcc_name), L"%S:", cc_type); - } else { -#ifdef DEBUG - assert(FALSE); -#endif - StringCbCopy(wcc_name, sizeof(wcc_name), L""); - } - } - } - - _reportf(L"Getting tickets from cache [%s]", wcc_name); - - if ((code = (*pkrb5_cc_set_flags)(ctx, cache, flags))) - { - if (code != KRB5_FCC_NOFILE && code != KRB5_CC_NOTFOUND) - khm_krb5_error(code, "krb5_cc_set_flags()", 0, &ctx, &cache); - - goto _exit; - } - - if ((code = (*pkrb5_cc_get_principal)(ctx, cache, &KRBv5Principal))) - { - if (code != KRB5_FCC_NOFILE && code != KRB5_CC_NOTFOUND) - khm_krb5_error(code, "krb5_cc_get_principal()", 0, &ctx, &cache); - - goto _exit; - } - - PrincipalName = NULL; - ClientName = NULL; - sServerName = NULL; - if ((code = (*pkrb5_unparse_name)(ctx, KRBv5Principal, - (char **)&PrincipalName))) - { - if (PrincipalName != NULL) - (*pkrb5_free_unparsed_name)(ctx, PrincipalName); - - (*pkrb5_free_principal)(ctx, KRBv5Principal); - - goto _exit; - } - - if (!strcspn(PrincipalName, "@" )) - { - if (PrincipalName != NULL) - (*pkrb5_free_unparsed_name)(ctx, PrincipalName); - - (*pkrb5_free_principal)(ctx, KRBv5Principal); - - goto _exit; - } - - AnsiStrToUnicode(wbuf, sizeof(wbuf), PrincipalName); - if(KHM_FAILED(kcdb_identity_create(wbuf, KCDB_IDENT_FLAG_CREATE, - &ident))) { - /* something bad happened */ - code = 1; - goto _exit; - } - - _reportf(L"Found principal [%s]", wbuf); - - (*pkrb5_free_principal)(ctx, KRBv5Principal); - - if ((code = (*pkrb5_cc_start_seq_get)(ctx, cache, &KRBv5Cursor))) - { - goto _exit; - } - - memset(&KRBv5Credentials, '\0', sizeof(KRBv5Credentials)); - - ClientName = NULL; - sServerName = NULL; - cred = NULL; - - while (!(code = pkrb5_cc_next_cred(ctx, cache, &KRBv5Cursor, - &KRBv5Credentials))) - { - khm_handle tident = NULL; - khm_int32 cred_flags = 0; - - if(ClientName != NULL) - (*pkrb5_free_unparsed_name)(ctx, ClientName); - if(sServerName != NULL) - (*pkrb5_free_unparsed_name)(ctx, sServerName); - if(cred) - kcdb_cred_release(cred); - - ClientName = NULL; - sServerName = NULL; - cred = NULL; - - if ((*pkrb5_unparse_name)(ctx, KRBv5Credentials.client, &ClientName)) - { - (*pkrb5_free_cred_contents)(ctx, &KRBv5Credentials); - khm_krb5_error(code, "krb5_free_cred_contents()", 0, &ctx, &cache); - continue; - } - - if ((*pkrb5_unparse_name)(ctx, KRBv5Credentials.server, &sServerName)) - { - (*pkrb5_free_cred_contents)(ctx, &KRBv5Credentials); - khm_krb5_error(code, "krb5_free_cred_contents()", 0, &ctx, &cache); - continue; - } - - /* if the ClientName differs from PrincipalName for some - reason, we need to create a new identity */ - if(strcmp(ClientName, PrincipalName)) { - AnsiStrToUnicode(wbuf, sizeof(wbuf), ClientName); - if(KHM_FAILED(kcdb_identity_create(wbuf, KCDB_IDENT_FLAG_CREATE, - &tident))) { - (*pkrb5_free_cred_contents)(ctx, &KRBv5Credentials); - continue; - } - } else { - tident = ident; - } - - AnsiStrToUnicode(wbuf, sizeof(wbuf), sServerName); - if(KHM_FAILED(kcdb_cred_create(wbuf, tident, credtype_id_krb5, - &cred))) { - (*pkrb5_free_cred_contents)(ctx, &KRBv5Credentials); - continue; - } - - if (!KRBv5Credentials.times.starttime) - KRBv5Credentials.times.starttime = KRBv5Credentials.times.authtime; - - tt = KRBv5Credentials.times.starttime; - TimetToFileTime(tt, &ft); - kcdb_cred_set_attr(cred, KCDB_ATTR_ISSUE, &ft, sizeof(ft)); - - tt = KRBv5Credentials.times.endtime; - TimetToFileTime(tt, &eft); - kcdb_cred_set_attr(cred, KCDB_ATTR_EXPIRE, &eft, sizeof(eft)); - - { - FILETIME ftl; - - ftl = FtSub(&eft, &ft); - kcdb_cred_set_attr(cred, KCDB_ATTR_LIFETIME, &ftl, sizeof(ftl)); - } - - if (KRBv5Credentials.times.renew_till > 0) { - FILETIME ftl; - - tt = KRBv5Credentials.times.renew_till; - TimetToFileTime(tt, &eft); - kcdb_cred_set_attr(cred, KCDB_ATTR_RENEW_EXPIRE, &eft, - sizeof(eft)); - - - ftl = FtSub(&eft, &ft); - kcdb_cred_set_attr(cred, KCDB_ATTR_RENEW_LIFETIME, &ftl, - sizeof(ftl)); - } - - ti = KRBv5Credentials.ticket_flags; - kcdb_cred_set_attr(cred, attr_id_krb5_flags, &ti, sizeof(ti)); - - /* special flags understood by NetIDMgr */ - { - khm_int32 nflags = 0; - - if (ti & TKT_FLG_RENEWABLE) - nflags |= KCDB_CRED_FLAG_RENEWABLE; - if (ti & TKT_FLG_INITIAL) - nflags |= KCDB_CRED_FLAG_INITIAL; - else { - krb5_data * c0, *c1, *r; - - /* these are macros that do not allocate any memory */ - c0 = krb5_princ_component(ctx,KRBv5Credentials.server,0); - c1 = krb5_princ_component(ctx,KRBv5Credentials.server,1); - r = krb5_princ_realm(ctx,KRBv5Credentials.server); - - if ( c0 && c1 && r && c1->length == r->length && - !strncmp(c1->data,r->data,r->length) && - !strncmp("krbtgt",c0->data,c0->length) ) - nflags |= KCDB_CRED_FLAG_INITIAL; - } - - kcdb_cred_set_flags(cred, nflags, KCDB_CRED_FLAGMASK_EXT); - - cred_flags = nflags; - } - - if ( !pkrb5_decode_ticket(&KRBv5Credentials.ticket, &tkt)) { - ti = tkt->enc_part.enctype; - kcdb_cred_set_attr(cred, attr_id_tkt_enctype, &ti, sizeof(ti)); - ti = tkt->enc_part.kvno; - kcdb_cred_set_attr(cred, attr_id_kvno, &ti, sizeof(ti)); - pkrb5_free_ticket(ctx, tkt); - tkt = NULL; - } - - ti = KRBv5Credentials.keyblock.enctype; - kcdb_cred_set_attr(cred, attr_id_key_enctype, &ti, sizeof(ti)); - - kcdb_cred_set_attr(cred, KCDB_ATTR_LOCATION, wcc_name, - KCDB_CBSIZE_AUTO); - - if ( KRBv5Credentials.addresses && KRBv5Credentials.addresses[0] ) { - khm_int32 buffer[1024]; - void * bufp; - khm_size cb; - khm_int32 rv; - - bufp = (void *) buffer; - cb = sizeof(buffer); - - rv = serialize_krb5_addresses(KRBv5Credentials.addresses, - bufp, - &cb); - if (rv == KHM_ERROR_TOO_LONG) { - bufp = PMALLOC(cb); - rv = serialize_krb5_addresses(KRBv5Credentials.addresses, - bufp, - &cb); - } - - if (KHM_SUCCEEDED(rv)) { - kcdb_cred_set_attr(cred, attr_id_addr_list, - bufp, cb); - } - - if (bufp != (void *) buffer) - PFREE(bufp); - } - - if(cred_flags & KCDB_CRED_FLAG_INITIAL) { - FILETIME ft_issue_new; - FILETIME ft_expire_old; - FILETIME ft_expire_new; - ident_data * d; - - /* an initial ticket! Add it to the list of identities we - have seen so far with initial tickets. */ - d = tc_add_ident_to_list(idlist, ident); -#ifdef DEBUG - assert(d); - assert(d->count > 0); -#endif - - tt = KRBv5Credentials.times.endtime; - TimetToFileTime(tt, &ft_expire_new); - - tt = KRBv5Credentials.times.starttime; - TimetToFileTime(tt, &ft_issue_new); - - /* so now, we have to set the properties of the identity - based on the properties of this credential under the - following circumstances: - - - If this is the first time we are hitting this - identity. - - - If this is not the MSLSA: cache and the expiry time - for this credential is longer than the time already - found for this identity. - */ - - ft_expire_old = d->ft_expire; - - if(d->count == 1 - || (CompareFileTime(&ft_expire_new, &ft_expire_old) > 0 && - wcscmp(wcc_name, L"MSLSA:") != 0)) { - - _reportf(L"Setting properties for identity (count=%d)", d->count); - - StringCbCopy(d->ccname, sizeof(d->ccname), - wcc_name); - d->ft_expire = ft_expire_new; - d->ft_issue = ft_issue_new; - - if (KRBv5Credentials.times.renew_till > 0) { - tt = KRBv5Credentials.times.renew_till; - TimetToFileTime(tt, &ft); - d->ft_renewexpire = ft; - } else { - ZeroMemory(&d->ft_renewexpire, sizeof(d->ft_renewexpire)); - } - - d->krb5_flags = KRBv5Credentials.ticket_flags; - } - } - - kcdb_credset_add_cred(krb5_credset, cred, -1); - - (*pkrb5_free_cred_contents)(ctx, &KRBv5Credentials); - - if(tident != ident) - kcdb_identity_release(tident); - } - - if (PrincipalName != NULL) - (*pkrb5_free_unparsed_name)(ctx, PrincipalName); - - if (ClientName != NULL) - (*pkrb5_free_unparsed_name)(ctx, ClientName); - - if (sServerName != NULL) - (*pkrb5_free_unparsed_name)(ctx, sServerName); - - if (cred) - kcdb_cred_release(cred); - - if ((code == KRB5_CC_END) || (code == KRB5_CC_NOTFOUND)) - { - if ((code = pkrb5_cc_end_seq_get(ctx, cache, &KRBv5Cursor))) - { - goto _exit; - } - - flags = KRB5_TC_OPENCLOSE; -#ifdef KRB5_TC_NOTICKET - flags |= KRB5_TC_NOTICKET; -#endif - if ((code = pkrb5_cc_set_flags(ctx, cache, flags))) - { - goto _exit; - } - } - else - { - goto _exit; - } - -_exit: - - return code; -} - -long -khm_krb5_list_tickets(krb5_context *krbv5Context) -{ - krb5_context ctx = NULL; - krb5_ccache cache = NULL; - krb5_error_code code = 0; - apiCB * cc_ctx = NULL; - struct _infoNC ** pNCi = NULL; - int i; - khm_int32 t; - wchar_t * ms = NULL; - khm_size cb; - identlist idl; - - kcdb_credset_flush(krb5_credset); - tc_prep_idlist(&idl); - - if((*krbv5Context == 0) && (code = (*pkrb5_init_context)(krbv5Context))) { - goto _exit; - } - - ctx = (*krbv5Context); - - if (!pcc_initialize || - !pcc_get_NC_info || - !pcc_free_NC_info || - !pcc_shutdown) - goto _skip_cc_iter; - - code = pcc_initialize(&cc_ctx, CC_API_VER_2, NULL, NULL); - if (code) - goto _exit; - - code = pcc_get_NC_info(cc_ctx, &pNCi); - if (code) - goto _exit; - - for(i=0; pNCi[i]; i++) { - char ccname[KRB5_MAXCCH_CCNAME]; - - if (pNCi[i]->vers != CC_CRED_V5) - continue; - - if (FAILED(StringCchPrintfA(ccname, sizeof(ccname), "API:%s", - pNCi[i]->name))) - continue; - - code = (*pkrb5_cc_resolve)(ctx, ccname, &cache); - - if (code) - continue; - - code = get_tickets_from_cache(ctx, cache, &idl); - - if(ctx != NULL && cache != NULL) - (*pkrb5_cc_close)(ctx, cache); - - cache = 0; - } - - _skip_cc_iter: - - if (khc_read_multi_string(csp_params, L"FileCCList", NULL, &cb) - == KHM_ERROR_TOO_LONG && - cb > sizeof(wchar_t) * 2) { - wchar_t * t; - char ccname[KRB5_MAXCCH_CCNAME]; - - ms = PMALLOC(cb); -#ifdef DEBUG - assert(ms); -#endif - khc_read_multi_string(csp_params, L"FileCCList", ms, &cb); - - for(t = ms; t && *t; t = multi_string_next(t)) { - StringCchPrintfA(ccname, ARRAYLENGTH(ccname), - "FILE:%S", t); - - code = (*pkrb5_cc_resolve)(ctx, ccname, &cache); - - if (code) - continue; - - code = get_tickets_from_cache(ctx, cache, &idl); - - if (ctx != NULL && cache != NULL) - (*pkrb5_cc_close)(ctx, cache); - cache = 0; - } - - PFREE(ms); - } - - if (KHM_SUCCEEDED(khc_read_int32(csp_params, L"MsLsaList", &t)) && t) { - code = (*pkrb5_cc_resolve)(ctx, "MSLSA:", &cache); - - if (code == 0 && cache) { - code = get_tickets_from_cache(ctx, cache, &idl); - } - - if (ctx != NULL && cache != NULL) - (*pkrb5_cc_close)(ctx, cache); - cache = 0; - } - -_exit: - if (pNCi) - (*pcc_free_NC_info)(cc_ctx, &pNCi); - if (cc_ctx) - (*pcc_shutdown)(&cc_ctx); - - tc_set_ident_data(&idl); - kcdb_credset_collect(NULL, krb5_credset, NULL, credtype_id_krb5, NULL); - tc_free_idlist(&idl); - - return(code); -} - -int -khm_krb5_renew_cred(khm_handle cred) -{ - khm_handle identity = NULL; - krb5_error_code code = 0; - krb5_context ctx = NULL; - krb5_ccache cc = NULL; - krb5_principal me = NULL, server = NULL; - krb5_creds in_creds, cc_creds; - krb5_creds * out_creds = NULL; - - wchar_t wname[512]; - khm_size cbname; - char name[512]; - khm_boolean brenewIdentity = FALSE; - khm_boolean istgt = FALSE; - - khm_int32 flags; - int ccflags = 0; - - cbname = sizeof(wname); - kcdb_cred_get_name(cred, wname, &cbname); - _reportf(L"Krb5 renew cred for %s", wname); - - kcdb_cred_get_flags(cred, &flags); - - if (!(flags & KCDB_CRED_FLAG_INITIAL)) { - _reportf(L"Krb5 skipping renewal because this is not an initial credential"); - return 0; - } - - memset(&in_creds, 0, sizeof(in_creds)); - memset(&cc_creds, 0, sizeof(cc_creds)); - - if (cred == NULL) { -#ifdef DEBUG - assert(FALSE); -#endif - goto cleanup; - } - - if (KHM_FAILED(kcdb_cred_get_identity(cred, &identity))) { -#ifdef DEBUG - assert(FALSE); -#endif - goto cleanup; - } - - code = khm_krb5_initialize(identity, &ctx, &cc); - if (code) - goto cleanup; - - code = pkrb5_cc_get_principal(ctx, cc, &me); - if (code) - goto cleanup; - - cbname = sizeof(wname); - if (KHM_FAILED(kcdb_cred_get_name(cred, wname, &cbname))) - goto cleanup; - - UnicodeStrToAnsi(name, sizeof(name), wname); - - code = pkrb5_parse_name(ctx, name, &server); - if (code) - goto cleanup; - - in_creds.client = me; - in_creds.server = server; - - ccflags = KRB5_TC_OPENCLOSE; - pkrb5_cc_set_flags(ctx, cc, ccflags); - - if (strlen("krbtgt") != krb5_princ_name(ctx, server)->length || - strncmp("krbtgt", krb5_princ_name(ctx, server)->data, krb5_princ_name(ctx, server)->length)) - { - code = pkrb5_get_renewed_creds(ctx, &cc_creds, me, cc, name); - if (code) { - code = pkrb5_cc_retrieve_cred(ctx, cc, 0, &in_creds, &cc_creds); - if (code == 0) { - code = pkrb5_cc_remove_cred(ctx, cc, 0, &cc_creds); - if (code) { - brenewIdentity = TRUE; - goto cleanup; - } - } - } - - code = pkrb5_get_credentials(ctx, 0, cc, &in_creds, &out_creds); - } else { - istgt = TRUE; - code = pkrb5_get_renewed_creds(ctx, &cc_creds, me, cc, NULL); - } - - if (code) { - if ( code != KRB5KDC_ERR_ETYPE_NOSUPP || - code != KRB5_KDC_UNREACH) - khm_krb5_error(code, "krb5_get_renewed_creds()", 0, &ctx, &cc); - goto cleanup; - } - - if (istgt) { - code = pkrb5_cc_initialize(ctx, cc, me); - if (code) goto cleanup; - - ccflags = KRB5_TC_OPENCLOSE; - pkrb5_cc_set_flags(ctx, cc, ccflags); - } - - code = pkrb5_cc_store_cred(ctx, cc, istgt ? &cc_creds : out_creds); - if (code) goto cleanup; - - - cleanup: - if (in_creds.client == me) - in_creds.client = NULL; - if (in_creds.server == server) - in_creds.server = NULL; - - if (me) - pkrb5_free_principal(ctx, me); - - if (server) - pkrb5_free_principal(ctx, server); - - pkrb5_free_cred_contents(ctx, &in_creds); - pkrb5_free_cred_contents(ctx, &cc_creds); - - if (out_creds) - pkrb5_free_creds(ctx, out_creds); - - if (cc && ctx) - pkrb5_cc_close(ctx, cc); - - if (ctx) - pkrb5_free_context(ctx); - - if (identity) { - if (brenewIdentity) - code = khm_krb5_renew_ident(identity); - kcdb_identity_release(identity); - } - - return code; -} - -int -khm_krb5_renew_ident(khm_handle identity) -{ - krb5_error_code code = 0; - krb5_context ctx = NULL; - krb5_ccache cc = NULL; - krb5_principal me = NULL; - krb5_principal server = NULL; - krb5_creds my_creds; - krb5_data *realm = NULL; - wchar_t idname[KCDB_IDENT_MAXCCH_NAME]; - khm_size cb; - khm_int32 k5_flags; - int ccflags; - - memset(&my_creds, 0, sizeof(krb5_creds)); - - if ( !pkrb5_init_context ) - goto cleanup; - - cb = sizeof(idname); - kcdb_identity_get_name(identity, idname, &cb); - - if (khm_krb5_get_identity_flags(identity) & K5IDFLAG_IMPORTED) { -#ifndef NO_REIMPORT_MSLSA_CREDS - /* we are trying to renew the identity that was imported from - MSLSA: */ - BOOL imported; - BOOL retry_import = FALSE; - char cidname[KCDB_IDENT_MAXCCH_NAME]; - khm_handle imported_id = NULL; - khm_size cb; - FILETIME ft_expire; - FILETIME ft_now; - FILETIME ft_threshold; - krb5_principal princ = NULL; - - UnicodeStrToAnsi(cidname, sizeof(cidname), idname); - - imported = khm_krb5_ms2mit(cidname, FALSE, TRUE, &imported_id); - - if (imported == 0) - goto import_failed; - - /* if the imported identity has already expired or will soon, - we clear the cache and try again. */ - khm_krb5_list_tickets(&ctx); - - cb = sizeof(ft_expire); - if (KHM_FAILED(kcdb_identity_get_attr(imported_id, KCDB_ATTR_EXPIRE, - NULL, &ft_expire, &cb))) - goto import_failed; - - GetSystemTimeAsFileTime(&ft_now); - TimetToFileTimeInterval(5 * 60, &ft_threshold); - - ft_now = FtAdd(&ft_now, &ft_threshold); - - if (CompareFileTime(&ft_expire, &ft_now) < 0) { - /* the ticket lifetime is not long enough */ - - code = 0; - - if (ctx == NULL) - code = pkrb5_init_context(&ctx); - if (code) - goto import_failed; - - code = pkrb5_cc_resolve(ctx, "MSLSA:", &cc); - if (code) - goto import_failed; - - code = pkrb5_cc_get_principal(ctx, cc, &princ); - if (code) - goto import_failed; - - pkrb5_cc_initialize(ctx, cc, princ); - - retry_import = TRUE; - } - - import_failed: - - if (imported_id) { - kcdb_identity_release(imported_id); - imported_id = NULL; - } - - if (ctx) { - if (cc) { - pkrb5_cc_close(ctx, cc); - cc = NULL; - } - - if (princ) { - pkrb5_free_principal(ctx, princ); - princ = NULL; - } - - /* leave ctx so we can use it later */ - } - - if (retry_import) - imported = khm_krb5_ms2mit(cidname, FALSE, TRUE, NULL); - - if (imported) - goto cleanup; - - /* if the import failed, then we try to renew the identity via - the usual procedure. */ - -#else - /* if we are suppressing further imports from MSLSA, we just - skip renewing this identity. */ - goto cleanup; -#endif - } - - cb = sizeof(k5_flags); - if (KHM_SUCCEEDED(kcdb_identity_get_attr(identity, - attr_id_krb5_flags, - NULL, - &k5_flags, - &cb)) && - !(k5_flags & TKT_FLG_RENEWABLE)) { - - code = KRB5KDC_ERR_BADOPTION; - goto cleanup; - } - - { - FILETIME ft_now; - FILETIME ft_exp; - - cb = sizeof(ft_exp); - GetSystemTimeAsFileTime(&ft_now); - if (KHM_SUCCEEDED(kcdb_identity_get_attr(identity, - KCDB_ATTR_EXPIRE, - NULL, - &ft_exp, - &cb)) && - CompareFileTime(&ft_exp, &ft_now) < 0) { - - code = KRB5KRB_AP_ERR_TKT_EXPIRED; - goto cleanup; - - } - } - - code = khm_krb5_initialize(identity, &ctx, &cc); - if (code) - goto cleanup; - - code = pkrb5_cc_get_principal(ctx, cc, &me); - if (code) - goto cleanup; - - realm = krb5_princ_realm(ctx, me); - - code = pkrb5_build_principal_ext(ctx, &server, - realm->length,realm->data, - KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME, - realm->length,realm->data, - 0); - - if (code) - goto cleanup; - - my_creds.client = me; - my_creds.server = server; - - pkrb5_cc_set_flags(ctx, cc, KRB5_TC_OPENCLOSE); - code = pkrb5_get_renewed_creds(ctx, &my_creds, me, cc, NULL); - ccflags = KRB5_TC_OPENCLOSE; -#ifdef KRB5_TC_NOTICKET - ccflags |= KRB5_TC_NOTICKET; -#endif - pkrb5_cc_set_flags(ctx, cc, ccflags); - if (code) { - if ( code != KRB5KDC_ERR_ETYPE_NOSUPP || - code != KRB5_KDC_UNREACH) - khm_krb5_error(code, "krb5_get_renewed_creds()", 0, &ctx, &cc); - goto cleanup; - } - - code = pkrb5_cc_initialize(ctx, cc, me); - if (code) goto cleanup; - - code = pkrb5_cc_set_flags(ctx, cc, KRB5_TC_OPENCLOSE); - if (code) goto cleanup; - - code = pkrb5_cc_store_cred(ctx, cc, &my_creds); - if (code) goto cleanup; - -cleanup: - if (my_creds.client == me) - my_creds.client = NULL; - if (my_creds.server == server) - my_creds.server = NULL; - - if (ctx) { - pkrb5_free_cred_contents(ctx, &my_creds); - - if (me) - pkrb5_free_principal(ctx, me); - if (server) - pkrb5_free_principal(ctx, server); - if (cc) - pkrb5_cc_close(ctx, cc); - pkrb5_free_context(ctx); - } - - return(code); -} - -int -khm_krb5_kinit(krb5_context alt_ctx, - char * principal_name, - char * password, - char * ccache, - krb5_deltat lifetime, - DWORD forwardable, - DWORD proxiable, - krb5_deltat renew_life, - DWORD addressless, - DWORD publicIP, - krb5_prompter_fct prompter, - void * p_data, - char ** pp_error_message) -{ - krb5_error_code code = 0; - krb5_context ctx = NULL; - krb5_ccache cc = NULL; - krb5_principal me = NULL; - char* name = NULL; - krb5_creds my_creds; - krb5_get_init_creds_opt options; - krb5_address ** addrs = NULL; - int i = 0, addr_count = 0; - - if (!pkrb5_init_context) - return 0; - - _reportf(L"In khm_krb5_kinit"); - - pkrb5_get_init_creds_opt_init(&options); - pkrb5_get_init_creds_opt_set_change_password_prompt(&options, 0); - - memset(&my_creds, 0, sizeof(my_creds)); - - if (alt_ctx) { - ctx = alt_ctx; - } else { - code = pkrb5_init_context(&ctx); - if (code) - goto cleanup; - } - - pkrb5_clear_error_message(ctx); - - if (ccache) { - _reportf(L"Using supplied ccache name %S", ccache); - code = pkrb5_cc_resolve(ctx, ccache, &cc); - } else { - khm_handle identity = NULL; - wchar_t idname[KCDB_IDENT_MAXCCH_NAME]; - char ccname[KRB5_MAXCCH_CCNAME]; - char * pccname = principal_name; - khm_size cb; - - idname[0] = L'\0'; - AnsiStrToUnicode(idname, sizeof(idname), principal_name); - - cb = sizeof(ccname); - - if (KHM_SUCCEEDED(kcdb_identity_create(idname, 0, &identity)) && - KHM_SUCCEEDED(khm_krb5_get_identity_default_ccacheA(identity, ccname, &cb))) { - - pccname = ccname; - - } - - if (identity) - kcdb_identity_release(identity); - - code = pkrb5_cc_resolve(ctx, pccname, &cc); - } - - _reportf(L"krb5_cc_resolve returns code %d", code); - - if (code) goto cleanup; - - code = pkrb5_parse_name(ctx, principal_name, &me); - if (code) goto cleanup; - - code = pkrb5_unparse_name(ctx, me, &name); - if (code) goto cleanup; - - if (lifetime == 0) { - khc_read_int32(csp_params, L"DefaultLifetime", &lifetime); - } - - if (lifetime) - pkrb5_get_init_creds_opt_set_tkt_life(&options, lifetime); - - pkrb5_get_init_creds_opt_set_forwardable(&options, - forwardable ? 1 : 0); - pkrb5_get_init_creds_opt_set_proxiable(&options, - proxiable ? 1 : 0); - pkrb5_get_init_creds_opt_set_renew_life(&options, - renew_life); - - if (addressless) - pkrb5_get_init_creds_opt_set_address_list(&options,NULL); - else { - krb5_address ** local_addrs=NULL; - DWORD netIPAddr; - - pkrb5_os_localaddr(ctx, &local_addrs); - i = 0; - while ( local_addrs[i++] ); - addr_count = i + 1; - - addrs = (krb5_address **) PMALLOC((addr_count+1) * sizeof(krb5_address *)); - if ( !addrs ) { - pkrb5_free_addresses(ctx, local_addrs); - assert(0); - } - memset(addrs, 0, sizeof(krb5_address *) * (addr_count+1)); - i = 0; - while ( local_addrs[i] ) { - addrs[i] = (krb5_address *)PMALLOC(sizeof(krb5_address)); - if (addrs[i] == NULL) { - pkrb5_free_addresses(ctx, local_addrs); - assert(0); - } - - addrs[i]->magic = local_addrs[i]->magic; - addrs[i]->addrtype = local_addrs[i]->addrtype; - addrs[i]->length = local_addrs[i]->length; - addrs[i]->contents = (unsigned char *)PMALLOC(addrs[i]->length); - if (!addrs[i]->contents) { - pkrb5_free_addresses(ctx, local_addrs); - assert(0); - } - - memcpy(addrs[i]->contents,local_addrs[i]->contents, - local_addrs[i]->length); /* safe */ - i++; - } - pkrb5_free_addresses(ctx, local_addrs); - - if (publicIP) { - // we are going to add the public IP address specified by the user - // to the list provided by the operating system - addrs[i] = (krb5_address *)PMALLOC(sizeof(krb5_address)); - if (addrs[i] == NULL) - assert(0); - - addrs[i]->magic = KV5M_ADDRESS; - addrs[i]->addrtype = AF_INET; - addrs[i]->length = 4; - addrs[i]->contents = (unsigned char *)PMALLOC(addrs[i]->length); - if (!addrs[i]->contents) - assert(0); - - netIPAddr = htonl(publicIP); - memcpy(addrs[i]->contents,&netIPAddr,4); - } - - pkrb5_get_init_creds_opt_set_address_list(&options,addrs); - } - - code = - pkrb5_get_init_creds_password(ctx, - &my_creds, - me, - password, // password - prompter, // prompter - p_data, // prompter data - 0, // start time - 0, // service name - &options); - _reportf(L"krb5_get_init_creds_password returns code %d", code); - - if (code) goto cleanup; - - code = pkrb5_cc_initialize(ctx, cc, me); - _reportf(L"krb5_cc_initialize returns code %d", code); - if (code) goto cleanup; - - code = pkrb5_cc_store_cred(ctx, cc, &my_creds); - _reportf(L"krb5_cc_store_cred returns code %d", code); - if (code) goto cleanup; - -cleanup: - if (pp_error_message) { - const char * em; - - em = pkrb5_get_error_message(ctx, code); - if (em == NULL) { - *pp_error_message = NULL; - } else { - *pp_error_message = _strdup(em); - pkrb5_free_error_message(ctx, em); - } - } - - if ( addrs ) { - for ( i=0;i<addr_count;i++ ) { - if ( addrs[i] ) { - if ( addrs[i]->contents ) - PFREE(addrs[i]->contents); - PFREE(addrs[i]); - } - } - } - if (my_creds.client == me) - my_creds.client = 0; - pkrb5_free_cred_contents(ctx, &my_creds); - if (name) - pkrb5_free_unparsed_name(ctx, name); - if (me) - pkrb5_free_principal(ctx, me); - if (cc) - pkrb5_cc_close(ctx, cc); - if (ctx && (ctx != alt_ctx)) - pkrb5_free_context(ctx); - return(code); -} - -long -khm_krb5_copy_ccache_by_name(krb5_context in_ctx, - wchar_t * wscc_dest, - wchar_t * wscc_src) { - krb5_context ctx = NULL; - krb5_error_code code = 0; - khm_boolean free_ctx; - krb5_ccache cc_src = NULL; - krb5_ccache cc_dest = NULL; - krb5_principal princ_src = NULL; - char scc_dest[KRB5_MAXCCH_CCNAME]; - char scc_src[KRB5_MAXCCH_CCNAME]; - int t; - - t = UnicodeStrToAnsi(scc_dest, sizeof(scc_dest), wscc_dest); - if (t == 0) - return KHM_ERROR_TOO_LONG; - t = UnicodeStrToAnsi(scc_src, sizeof(scc_src), wscc_src); - if (t == 0) - return KHM_ERROR_TOO_LONG; - - if (in_ctx) { - ctx = in_ctx; - free_ctx = FALSE; - } else { - code = pkrb5_init_context(&ctx); - if (code) { - if (ctx) - pkrb5_free_context(ctx); - return code; - } - free_ctx = TRUE; - } - - code = pkrb5_cc_resolve(ctx, scc_dest, &cc_dest); - if (code) - goto _cleanup; - - code = pkrb5_cc_resolve(ctx, scc_src, &cc_src); - if (code) - goto _cleanup; - - code = pkrb5_cc_get_principal(ctx, cc_src, &princ_src); - if (code) - goto _cleanup; - - code = pkrb5_cc_initialize(ctx, cc_dest, princ_src); - if (code) - goto _cleanup; - - code = pkrb5_cc_copy_creds(ctx, cc_src, cc_dest); - - _cleanup: - if (princ_src) - pkrb5_free_principal(ctx, princ_src); - - if (cc_dest) - pkrb5_cc_close(ctx, cc_dest); - - if (cc_src) - pkrb5_cc_close(ctx, cc_src); - - if (free_ctx && ctx) - pkrb5_free_context(ctx); - - return code; -} - -long -khm_krb5_canon_cc_name(wchar_t * wcc_name, - size_t cb_cc_name) { - size_t cb_len; - wchar_t * colon; - - if (FAILED(StringCbLength(wcc_name, - cb_cc_name, - &cb_len))) { -#ifdef DEBUG - assert(FALSE); -#else - return KHM_ERROR_TOO_LONG; -#endif - } - - cb_len += sizeof(wchar_t); - - colon = wcschr(wcc_name, L':'); - - if (colon) { - /* if the colon is just 1 character away from the beginning, - it's a FILE: cc */ - if (colon - wcc_name == 1) { - if (cb_len + 5 * sizeof(wchar_t) > cb_cc_name) - return KHM_ERROR_TOO_LONG; - - memmove(&wcc_name[5], &wcc_name[0], cb_len); - memmove(&wcc_name[0], L"FILE:", sizeof(wchar_t) * 5); - } - - return 0; - } - - if (cb_len + 4 * sizeof(wchar_t) > cb_cc_name) - return KHM_ERROR_TOO_LONG; - - memmove(&wcc_name[4], &wcc_name[0], cb_len); - memmove(&wcc_name[0], L"API:", sizeof(wchar_t) * 4); - - return 0; -} - -int -khm_krb5_cc_name_cmp(const wchar_t * cc_name_1, - const wchar_t * cc_name_2) { - if (!wcsncmp(cc_name_1, L"API:", 4)) - cc_name_1 += 4; - - if (!wcsncmp(cc_name_2, L"API:", 4)) - cc_name_2 += 4; - - return wcscmp(cc_name_1, cc_name_2); -} - -static khm_int32 KHMAPI -khmint_location_comp_func(khm_handle cred1, - khm_handle cred2, - void * rock) { - return kcdb_creds_comp_attr(cred1, cred2, KCDB_ATTR_LOCATION); -} - -struct khmint_location_check { - khm_handle credset; - khm_handle cred; - wchar_t * ccname; - khm_boolean success; -}; - -static khm_int32 KHMAPI -khmint_find_matching_cred_func(khm_handle cred, - void * rock) { - struct khmint_location_check * lc; - - lc = (struct khmint_location_check *) rock; - - if (!kcdb_creds_is_equal(cred, lc->cred)) - return KHM_ERROR_SUCCESS; - if (kcdb_creds_comp_attr(cred, lc->cred, KCDB_ATTR_LOCATION)) - return KHM_ERROR_SUCCESS; - - /* found it */ - lc->success = TRUE; - - /* break the search */ - return !KHM_ERROR_SUCCESS; -} - -static khm_int32 KHMAPI -khmint_location_check_func(khm_handle cred, - void * rock) { - khm_int32 t; - khm_size cb; - wchar_t ccname[KRB5_MAXCCH_CCNAME]; - struct khmint_location_check * lc; - - lc = (struct khmint_location_check *) rock; - - if (KHM_FAILED(kcdb_cred_get_type(cred, &t))) - return KHM_ERROR_SUCCESS; - - if (t != credtype_id_krb5) - return KHM_ERROR_SUCCESS; - - cb = sizeof(ccname); - if (KHM_FAILED(kcdb_cred_get_attr(cred, - KCDB_ATTR_LOCATION, - NULL, - ccname, - &cb))) - return KHM_ERROR_SUCCESS; - - if(wcscmp(ccname, lc->ccname)) - return KHM_ERROR_SUCCESS; - - lc->cred = cred; - - lc->success = FALSE; - - kcdb_credset_apply(lc->credset, - khmint_find_matching_cred_func, - (void *) lc); - - if (!lc->success) - return KHM_ERROR_NOT_FOUND; - else - return KHM_ERROR_SUCCESS; -} - -static khm_int32 KHMAPI -khmint_delete_location_func(khm_handle cred, - void * rock) { - wchar_t cc_cred[KRB5_MAXCCH_CCNAME]; - struct khmint_location_check * lc; - khm_size cb; - - lc = (struct khmint_location_check *) rock; - - cb = sizeof(cc_cred); - - if (KHM_FAILED(kcdb_cred_get_attr(cred, - KCDB_ATTR_LOCATION, - NULL, - cc_cred, - &cb))) - return KHM_ERROR_SUCCESS; - - if (wcscmp(cc_cred, lc->ccname)) - return KHM_ERROR_SUCCESS; - - kcdb_credset_del_cred_ref(lc->credset, - cred); - - return KHM_ERROR_SUCCESS; -} - -int -khm_krb5_destroy_by_credset(khm_handle p_cs) -{ - khm_handle d_cs = NULL; - khm_int32 rv = KHM_ERROR_SUCCESS; - khm_size s, cb; - krb5_context ctx = NULL; - krb5_error_code code = 0; - int i; - wchar_t ccname[KRB5_MAXCCH_CCNAME]; - struct khmint_location_check lc; - - rv = kcdb_credset_create(&d_cs); - - assert(KHM_SUCCEEDED(rv) && d_cs != NULL); - - kcdb_credset_extract(d_cs, p_cs, NULL, credtype_id_krb5); - - kcdb_credset_get_size(d_cs, &s); - - if (s == 0) { - _reportf(L"No tickets to delete"); - - kcdb_credset_delete(d_cs); - return 0; - } - - code = pkrb5_init_context(&ctx); - if (code != 0) { - rv = code; - goto _cleanup; - } - - /* we should synchronize the credential lists before we attempt to - make any assumptions on the state of the root credset */ - khm_krb5_list_tickets(&ctx); - - /* so, we need to make a decision about whether to destroy entire - ccaches or just individual credentials. Therefore we first - sort them by ccache. */ - kcdb_credset_sort(d_cs, - khmint_location_comp_func, - NULL); - - /* now, for each ccache we encounter, we check if we have all the - credentials from that ccache in the to-be-deleted list. */ - for (i=0; i < (int) s; i++) { - khm_handle cred; - - if (KHM_FAILED(kcdb_credset_get_cred(d_cs, - i, - &cred))) - continue; - - cb = sizeof(ccname); - rv = kcdb_cred_get_attr(cred, - KCDB_ATTR_LOCATION, - NULL, - ccname, - &cb); - -#ifdef DEBUG - assert(KHM_SUCCEEDED(rv)); -#endif - kcdb_cred_release(cred); - - lc.credset = d_cs; - lc.cred = NULL; - lc.ccname = ccname; - lc.success = FALSE; - - kcdb_credset_apply(NULL, - khmint_location_check_func, - (void *) &lc); - - if (lc.success) { - /* ok the destroy the ccache */ - char a_ccname[KRB5_MAXCCH_CCNAME]; - krb5_ccache cc = NULL; - - _reportf(L"Destroying ccache [%s]", ccname); - - UnicodeStrToAnsi(a_ccname, - sizeof(a_ccname), - ccname); - - code = pkrb5_cc_resolve(ctx, - a_ccname, - &cc); - if (code) - goto _delete_this_set; - - code = pkrb5_cc_destroy(ctx, cc); - - if (code) { - _reportf(L"krb5_cc_destroy returns code %d", code); - } - - _delete_this_set: - - lc.credset = d_cs; - lc.ccname = ccname; - - /* note that although we are deleting credentials off the - credential set, the size of the credential set does not - decrease since we are doing it from inside - kcdb_credset_apply(). The deleted creds will simply be - marked as deleted until kcdb_credset_purge() is - called. */ - - kcdb_credset_apply(d_cs, - khmint_delete_location_func, - (void *) &lc); - } - } - - kcdb_credset_purge(d_cs); - - /* the remainder need to be deleted one by one */ - - kcdb_credset_get_size(d_cs, &s); - - for (i=0; i < (int) s; ) { - khm_handle cred; - char a_ccname[KRB5_MAXCCH_CCNAME]; - char a_srvname[KCDB_CRED_MAXCCH_NAME]; - wchar_t srvname[KCDB_CRED_MAXCCH_NAME]; - krb5_ccache cc; - krb5_creds in_cred, out_cred; - krb5_principal princ; - khm_int32 etype; - - if (KHM_FAILED(kcdb_credset_get_cred(d_cs, - i, - &cred))) { - i++; - continue; - } - - cb = sizeof(ccname); - if (KHM_FAILED(kcdb_cred_get_attr(cred, - KCDB_ATTR_LOCATION, - NULL, - ccname, - &cb))) - goto _done_with_this_cred; - - _reportf(L"Looking at ccache [%s]", ccname); - - UnicodeStrToAnsi(a_ccname, - sizeof(a_ccname), - ccname); - - code = pkrb5_cc_resolve(ctx, - a_ccname, - &cc); - - if (code) - goto _skip_similar; - - code = pkrb5_cc_get_principal(ctx, cc, &princ); - - if (code) { - pkrb5_cc_close(ctx, cc); - goto _skip_similar; - } - - _del_this_cred: - - cb = sizeof(etype); - - if (KHM_FAILED(kcdb_cred_get_attr(cred, - attr_id_key_enctype, - NULL, - &etype, - &cb))) - goto _do_next_cred; - - cb = sizeof(srvname); - if (KHM_FAILED(kcdb_cred_get_name(cred, - srvname, - &cb))) - goto _do_next_cred; - - _reportf(L"Attempting to delete ticket %s", srvname); - - UnicodeStrToAnsi(a_srvname, sizeof(a_srvname), srvname); - - ZeroMemory(&in_cred, sizeof(in_cred)); - - code = pkrb5_parse_name(ctx, a_srvname, &in_cred.server); - if (code) - goto _do_next_cred; - in_cred.client = princ; - in_cred.keyblock.enctype = etype; - - code = pkrb5_cc_retrieve_cred(ctx, - cc, - KRB5_TC_MATCH_SRV_NAMEONLY | - KRB5_TC_SUPPORTED_KTYPES, - &in_cred, - &out_cred); - if (code) - goto _do_next_cred_0; - - code = pkrb5_cc_remove_cred(ctx, cc, - KRB5_TC_MATCH_SRV_NAMEONLY | - KRB5_TC_SUPPORTED_KTYPES | - KRB5_TC_MATCH_AUTHDATA, - &out_cred); - - pkrb5_free_cred_contents(ctx, &out_cred); - _do_next_cred_0: - pkrb5_free_principal(ctx, in_cred.server); - _do_next_cred: - - /* check if the next cred is also of the same ccache */ - kcdb_cred_release(cred); - - for (i++; i < (int) s; i++) { - if (KHM_FAILED(kcdb_credset_get_cred(d_cs, - i, - &cred))) - continue; - } - - if (i < (int) s) { - wchar_t newcc[KRB5_MAXCCH_CCNAME]; - - cb = sizeof(newcc); - if (KHM_FAILED(kcdb_cred_get_attr(cred, - KCDB_ATTR_LOCATION, - NULL, - newcc, - &cb)) || - wcscmp(newcc, ccname)) { - i--; /* we have to look at this again */ - goto _done_with_this_set; - } - goto _del_this_cred; - } - - - _done_with_this_set: - pkrb5_free_principal(ctx, princ); - - pkrb5_cc_close(ctx, cc); - - _done_with_this_cred: - kcdb_cred_release(cred); - i++; - continue; - - _skip_similar: - kcdb_cred_release(cred); - - for (++i; i < (int) s; i++) { - wchar_t newcc[KRB5_MAXCCH_CCNAME]; - - if (KHM_FAILED(kcdb_credset_get_cred(d_cs, - i, - &cred))) - continue; - - cb = sizeof(newcc); - if (KHM_FAILED(kcdb_cred_get_attr(cred, - KCDB_ATTR_LOCATION, - NULL, - &newcc, - &cb))) { - kcdb_cred_release(cred); - continue; - } - - if (wcscmp(newcc, ccname)) { - kcdb_cred_release(cred); - break; - } - } - } - - _cleanup: - - if (d_cs) - kcdb_credset_delete(&d_cs); - - if (ctx != NULL) - pkrb5_free_context(ctx); - - return rv; -} - -int -khm_krb5_destroy_identity(khm_handle identity) -{ - krb5_context ctx; - krb5_ccache cache; - krb5_error_code rc; - - ctx = NULL; - cache = NULL; - - if (rc = khm_krb5_initialize(identity, &ctx, &cache)) - return(rc); - - rc = pkrb5_cc_destroy(ctx, cache); - - if (ctx != NULL) - pkrb5_free_context(ctx); - - return(rc); -} - -static BOOL -GetSecurityLogonSessionData(PSECURITY_LOGON_SESSION_DATA * ppSessionData) -{ - NTSTATUS Status = 0; - HANDLE TokenHandle; - TOKEN_STATISTICS Stats; - DWORD ReqLen; - BOOL Success; - - if (!ppSessionData) - return FALSE; - *ppSessionData = NULL; - - Success = OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY, &TokenHandle ); - if ( !Success ) - return FALSE; - - Success = GetTokenInformation( TokenHandle, TokenStatistics, &Stats, sizeof(TOKEN_STATISTICS), &ReqLen ); - CloseHandle( TokenHandle ); - if ( !Success ) - return FALSE; - - Status = pLsaGetLogonSessionData( &Stats.AuthenticationId, ppSessionData ); - if ( FAILED(Status) || !ppSessionData ) - return FALSE; - - return TRUE; -} - -// IsKerberosLogon() does not validate whether or not there are valid -// tickets in the cache. It validates whether or not it is reasonable -// to assume that if we attempted to retrieve valid tickets we could -// do so. Microsoft does not automatically renew expired tickets. -// Therefore, the cache could contain expired or invalid tickets. -// Microsoft also caches the user's password and will use it to -// retrieve new TGTs if the cache is empty and tickets are requested. - -static BOOL -IsKerberosLogon(VOID) -{ - PSECURITY_LOGON_SESSION_DATA pSessionData = NULL; - BOOL Success = FALSE; - - if ( GetSecurityLogonSessionData(&pSessionData) ) { - if ( pSessionData->AuthenticationPackage.Buffer ) { - WCHAR buffer[256]; - WCHAR *usBuffer; - int usLength; - - Success = FALSE; - usBuffer = (pSessionData->AuthenticationPackage).Buffer; - usLength = (pSessionData->AuthenticationPackage).Length; - if (usLength < 256) - { - lstrcpynW (buffer, usBuffer, usLength); - StringCbCatW (buffer, sizeof(buffer), L""); - if ( !lstrcmpW(L"Kerberos",buffer) ) - Success = TRUE; - } - } - pLsaFreeReturnBuffer(pSessionData); - } - return Success; -} - - -BOOL -khm_krb5_ms2mit(char * match_princ, BOOL match_realm, BOOL save_creds, - khm_handle * ret_ident) -{ -#ifdef NO_KRB5 - return(FALSE); -#else /* NO_KRB5 */ - krb5_context kcontext = 0; - krb5_error_code code = 0; - krb5_ccache ccache=0; - krb5_ccache mslsa_ccache=0; - krb5_creds creds; - krb5_cc_cursor cursor=0; - krb5_principal princ = 0; - khm_handle ident = NULL; - wchar_t idname[KCDB_IDENT_MAXCCH_NAME]; - char ccname[KRB5_MAXCCH_CCNAME]; - char *cache_name = NULL; - char *princ_name = NULL; - BOOL rc = FALSE; - - kherr_reportf(L"Begin : khm_krb5_ms2mit. save_cred=%d\n", (int) save_creds); - - if ( !pkrb5_init_context ) - goto cleanup; - - if (code = pkrb5_init_context(&kcontext)) - goto cleanup; - - kherr_reportf(L"Resolving MSLSA\n"); - - if (code = pkrb5_cc_resolve(kcontext, "MSLSA:", &mslsa_ccache)) - goto cleanup; - - if ( save_creds ) { - kherr_reportf(L"Getting principal\n"); - if (code = pkrb5_cc_get_principal(kcontext, mslsa_ccache, &princ)) - goto cleanup; - - kherr_reportf(L"Unparsing name\n"); - if (code = pkrb5_unparse_name(kcontext, princ, &princ_name)) - goto cleanup; - - AnsiStrToUnicode(idname, sizeof(idname), princ_name); - - kherr_reportf(L"Unparsed name [%s]", idname); - - /* see if we have to match a specific principal */ - if (match_princ != NULL) { - if (strcmp(princ_name, match_princ)) { - kherr_reportf(L"Principal mismatch. Wanted [%S], found [%S]", - match_princ, princ_name); - goto cleanup; - } - } else if (match_realm) { - wchar_t * wdefrealm; - char defrealm[256]; - krb5_data * princ_realm; - - wdefrealm = khm_krb5_get_default_realm(); - if (wdefrealm == NULL) { - kherr_reportf(L"Can't determine default realm"); - goto cleanup; - } - - princ_realm = krb5_princ_realm(kcontext, princ); - UnicodeStrToAnsi(defrealm, sizeof(defrealm), wdefrealm); - - if (strncmp(defrealm, princ_realm->data, princ_realm->length)) { - kherr_reportf(L"Realm mismatch. Wanted [%S], found [%*S]", - defrealm, princ_realm->length, princ_realm->data); - PFREE(wdefrealm); - goto cleanup; - } - - PFREE(wdefrealm); - } - - if (KHM_SUCCEEDED(kcdb_identity_create(idname, - KCDB_IDENT_FLAG_CREATE, - &ident))) { - khm_size cb; - - cb = sizeof(ccname); - - khm_krb5_get_identity_default_ccacheA(ident, ccname, &cb); - - cache_name = ccname; - - } else { - /* the identity could not be created. we just use the - name of the principal as the ccache name. */ -#ifdef DEBUG - assert(FALSE); -#endif - kherr_reportf(L"Failed to create identity"); - StringCbPrintfA(ccname, sizeof(ccname), "API:%s", princ_name); - cache_name = ccname; - } - - kherr_reportf(L"Resolving target cache [%S]\n", cache_name); - - if (code = pkrb5_cc_resolve(kcontext, cache_name, &ccache)) { - kherr_reportf(L"Cannot resolve cache [%S] with code=%d. Trying default.\n", cache_name, code); - - if (code = pkrb5_cc_default(kcontext, &ccache)) { - kherr_reportf(L"Failed to resolve default ccache. Code=%d", code); - goto cleanup; - } - } - - kherr_reportf(L"Initializing ccache\n"); - if (code = pkrb5_cc_initialize(kcontext, ccache, princ)) - goto cleanup; - - kherr_reportf(L"Copying credentials\n"); - if (code = pkrb5_cc_copy_creds(kcontext, mslsa_ccache, ccache)) - goto cleanup; - - /* and mark the identity as having been imported */ - if (ident) { - khm_krb5_set_identity_flags(ident, K5IDFLAG_IMPORTED, K5IDFLAG_IMPORTED); - - if (ret_ident) { - *ret_ident = ident; - kcdb_identity_hold(*ret_ident); - } - } - - rc = TRUE; - - } else { - /* Enumerate tickets from cache looking for an initial ticket */ - if ((code = pkrb5_cc_start_seq_get(kcontext, mslsa_ccache, &cursor))) - goto cleanup; - - while (!(code = pkrb5_cc_next_cred(kcontext, mslsa_ccache, - &cursor, &creds))) { - if ( creds.ticket_flags & TKT_FLG_INITIAL ) { - rc = TRUE; - pkrb5_free_cred_contents(kcontext, &creds); - break; - } - pkrb5_free_cred_contents(kcontext, &creds); - } - pkrb5_cc_end_seq_get(kcontext, mslsa_ccache, &cursor); - } - -cleanup: - kherr_reportf(L" Received code=%d", code); - - if (princ_name) - pkrb5_free_unparsed_name(kcontext, princ_name); - if (princ) - pkrb5_free_principal(kcontext, princ); - if (ccache) - pkrb5_cc_close(kcontext, ccache); - if (mslsa_ccache) - pkrb5_cc_close(kcontext, mslsa_ccache); - if (kcontext) - pkrb5_free_context(kcontext); - if (ident) - kcdb_identity_release(ident); - - return(rc); -#endif /* NO_KRB5 */ -} - -#define KRB_FILE "KRB.CON" -#define KRBREALM_FILE "KRBREALM.CON" -#define KRB5_FILE "KRB5.INI" -#define KRB5_TMP_FILE "KRB5.INI.TMP" - -BOOL -khm_krb5_get_temp_profile_file(LPSTR confname, UINT szConfname) -{ - GetTempPathA(szConfname, confname); - confname[szConfname-1] = '\0'; - StringCchCatA(confname, szConfname, KRB5_TMP_FILE); - confname[szConfname-1] = '\0'; - return FALSE; -} - -#ifdef NOT_QUITE_IMPLEMENTED_YET -BOOL -khm_krb5_set_profile_file(krb5_context ctx, LPSTR confname) -{ - char *conffiles[2]; - - if (confname == NULL || - pkrb5_set_config_files == NULL || - ctx == NULL) - return FALSE; - - conffiles[0] = confname; - conffiles[1] = NULL; - - if (pkrb5_set_config_files(ctx, conffiles)) - return FALSE; - else - return TRUE; -} -#endif - -BOOL -khm_krb5_get_profile_file(LPSTR confname, UINT szConfname) -{ - char **configFile = NULL; - if (pkrb5_get_default_config_files(&configFile)) - { - GetWindowsDirectoryA(confname,szConfname); - confname[szConfname-1] = '\0'; - - StringCchCatA(confname, szConfname, "\\"); - StringCchCatA(confname, szConfname, KRB5_FILE); - - return FALSE; - } - - *confname = 0; - - if (configFile) - { - StringCchCopyA(confname, szConfname, *configFile); - pkrb5_free_config_files(configFile); - } - - if (!*confname) - { - GetWindowsDirectoryA(confname,szConfname); - confname[szConfname-1] = '\0'; - StringCchCatA(confname, szConfname, "\\"); - StringCchCatA(confname, szConfname, KRB5_FILE); - } - - return FALSE; -} - -BOOL -khm_get_krb4_con_file(LPSTR confname, UINT szConfname) -{ - if (hKrb5 && !hKrb4) { // hold krb.con where krb5.ini is located - CHAR krbConFile[MAX_PATH]=""; - LPSTR pFind; - - //strcpy(krbConFile, CLeashApp::m_krbv5_profile->first_file->filename); - if (khm_krb5_get_profile_file(krbConFile, sizeof(krbConFile))) { - GetWindowsDirectoryA(krbConFile,sizeof(krbConFile)); - krbConFile[MAX_PATH-1] = '\0'; - StringCchCatA(confname, szConfname, "\\"); - } - - pFind = strrchr(krbConFile, '\\'); - if (pFind) { - *pFind = '\0'; - StringCchCatA(krbConFile, ARRAYLENGTH(krbConFile), "\\"); - StringCchCatA(krbConFile, ARRAYLENGTH(krbConFile), KRB_FILE); - } - else - krbConFile[0] = '\0'; - - StringCchCopyA(confname, szConfname, krbConFile); - } - else if (hKrb4) { - size_t size = szConfname; - memset(confname, '\0', szConfname); - if (!pkrb_get_krbconf2(confname, &size)) - { // Error has happened - GetWindowsDirectoryA(confname,szConfname); - confname[szConfname-1] = '\0'; - StringCchCatA(confname, szConfname, "\\"); - StringCchCatA(confname, szConfname, KRB_FILE); - } - } - return FALSE; -} - -int -readstring(FILE * file, char * buf, int len) -{ - int c,i; - memset(buf, '\0', sizeof(buf)); - for (i=0, c=fgetc(file); c != EOF ; c=fgetc(file), i++) { - if (i < sizeof(buf)) { - if (c == '\n') { - buf[i] = '\0'; - return i; - } else { - buf[i] = (char) c; - } - } else { - if (c == '\n') { - buf[len-1] = '\0'; - return(i); - } - } - } - if (c == EOF) { - if (i > 0 && i < len) { - buf[i] = '\0'; - return(i); - } else { - buf[len-1] = '\0'; - return(-1); - } - } - return(-1); -} - -/*! \internal - \brief Return a list of configured realms - - The string that is returned is a set of null terminated unicode - strings, each of which denotes one realm. The set is terminated - by a zero length null terminated string. - - The caller should free the returned string using free() - - \return The string with the list of realms or NULL if the - operation fails. -*/ -wchar_t * -khm_krb5_get_realm_list(void) -{ - wchar_t * rlist = NULL; - - if (pprofile_get_subsection_names && pprofile_free_list) { - const char* rootSection[] = {"realms", NULL}; - const char** rootsec = rootSection; - char **sections = NULL, **cpp = NULL, *value = NULL; - - char krb5_conf[MAX_PATH+1]; - - if (!khm_krb5_get_profile_file(krb5_conf,sizeof(krb5_conf))) { - profile_t profile; - long retval; - const char *filenames[2]; - wchar_t * d; - size_t cbsize; - size_t t; - - filenames[0] = krb5_conf; - filenames[1] = NULL; - retval = pprofile_init(filenames, &profile); - if (!retval) { - retval = pprofile_get_subsection_names(profile, rootsec, - §ions); - - if (!retval) - { - /* first figure out how much space to allocate */ - cbsize = 0; - for (cpp = sections; *cpp; cpp++) - { - cbsize += sizeof(wchar_t) * (strlen(*cpp) + 1); - } - cbsize += sizeof(wchar_t); /* double null terminated */ - - rlist = PMALLOC(cbsize); - d = rlist; - for (cpp = sections; *cpp; cpp++) - { - AnsiStrToUnicode(d, cbsize, *cpp); - t = wcslen(d) + 1; - d += t; - cbsize -= sizeof(wchar_t) * t; - } - *d = L'\0'; - } - - pprofile_free_list(sections); - -#if 0 - retval = pprofile_get_string(profile, "libdefaults","noaddresses", 0, "true", &value); - if ( value ) { - disable_noaddresses = config_boolean_to_int(value); - pprofile_release_string(value); - } -#endif - pprofile_release(profile); - } - } - } else { - FILE * file; - char krb_conf[MAX_PATH+1]; - char * p; - size_t cbsize, t; - wchar_t * d; - - if (!khm_get_krb4_con_file(krb_conf,sizeof(krb_conf)) && -#if _MSC_VER >= 1400 && __STDC_WANT_SECURE_LIB__ - !fopen_s(&file, krb_conf, "rt") -#else - (file = fopen(krb_conf, "rt")) -#endif - ) - { - char lineBuf[256]; - - /*TODO: compute the actual required buffer size instead of hardcoding */ - cbsize = 16384; // arbitrary - rlist = PMALLOC(cbsize); - d = rlist; - - // Skip the default realm - readstring(file,lineBuf,sizeof(lineBuf)); - - // Read the defined realms - while (TRUE) - { - if (readstring(file,lineBuf,sizeof(lineBuf)) < 0) - break; - - if (*(lineBuf + strlen(lineBuf) - 1) == '\r') - *(lineBuf + strlen(lineBuf) - 1) = 0; - - for (p=lineBuf; *p ; p++) - { - if (isspace(*p)) { - *p = 0; - break; - } - } - - if ( strncmp(".KERBEROS.OPTION.",lineBuf,17) ) { - t = strlen(lineBuf) + 1; - if(cbsize > (1 + t*sizeof(wchar_t))) { - AnsiStrToUnicode(d, cbsize, lineBuf); - d += t; - cbsize -= t * sizeof(wchar_t); - } else - break; - } - } - - *d = L'\0'; - - fclose(file); - } - } - - return rlist; -} - -/*! \internal - \brief Get the default realm - - A string will be returned that specifies the default realm. The - caller should free the string using PFREE(). - - Returns NULL if the operation fails. -*/ -wchar_t * -khm_krb5_get_default_realm(void) -{ - wchar_t * realm; - size_t cch; - krb5_context ctx=0; - char * def = 0; - - pkrb5_init_context(&ctx); - - if (ctx == 0) - return NULL; - - pkrb5_get_default_realm(ctx,&def); - - if (def) { - cch = strlen(def) + 1; - realm = PMALLOC(sizeof(wchar_t) * cch); - AnsiStrToUnicode(realm, sizeof(wchar_t) * cch, def); - pkrb5_free_default_realm(ctx, def); - } else - realm = NULL; - - pkrb5_free_context(ctx); - - return realm; -} - -long -khm_krb5_set_default_realm(wchar_t * realm) { - krb5_context ctx=0; - char * def = 0; - long rv = 0; - char astr[K5_MAXCCH_REALM]; - - UnicodeStrToAnsi(astr, sizeof(astr), realm); - - pkrb5_init_context(&ctx); - pkrb5_get_default_realm(ctx,&def); - - if ((def && strcmp(def, astr)) || - !def) { - rv = pkrb5_set_default_realm(ctx, astr); - } - - if (def) { - pkrb5_free_default_realm(ctx, def); - } - - pkrb5_free_context(ctx); - - return rv; -} - -wchar_t * -khm_get_realm_from_princ(wchar_t * princ) { - wchar_t * t; - - if(!princ) - return NULL; - - for (t = princ; *t; t++) { - if(*t == L'\\') { /* escape */ - t++; - if(! *t) /* malformed */ - break; - } else if (*t == L'@') - break; - } - - if (*t == '@' && *(t+1) != L'\0') - return (t+1); - else - return NULL; -} - -long -khm_krb5_changepwd(char * principal, - char * password, - char * newpassword, - char** error_str) -{ - krb5_error_code rc = 0; - int result_code = 0; - krb5_data result_code_string, result_string; - krb5_context context = 0; - krb5_principal princ = 0; - krb5_get_init_creds_opt opts; - krb5_creds creds; - - result_string.data = 0; - result_code_string.data = 0; - - if ( !pkrb5_init_context ) - goto cleanup; - - if (rc = pkrb5_init_context(&context)) { - goto cleanup; - } - - if (rc = pkrb5_parse_name(context, principal, &princ)) { - goto cleanup; - } - - pkrb5_get_init_creds_opt_init(&opts); - pkrb5_get_init_creds_opt_set_tkt_life(&opts, 5*60); - pkrb5_get_init_creds_opt_set_renew_life(&opts, 0); - pkrb5_get_init_creds_opt_set_forwardable(&opts, 0); - pkrb5_get_init_creds_opt_set_proxiable(&opts, 0); - pkrb5_get_init_creds_opt_set_address_list(&opts,NULL); - - if (rc = pkrb5_get_init_creds_password(context, &creds, princ, - password, 0, 0, 0, - "kadmin/changepw", &opts)) { - if (rc == KRB5KRB_AP_ERR_BAD_INTEGRITY) { -#if 0 - com_err(argv[0], 0, - "Password incorrect while getting initial ticket"); -#endif - } else { -#if 0 - com_err(argv[0], ret, "getting initial ticket"); -#endif - } - goto cleanup; - } - - if (rc = pkrb5_change_password(context, &creds, newpassword, - &result_code, &result_code_string, - &result_string)) { -#if 0 - com_err(argv[0], ret, "changing password"); -#endif - goto cleanup; - } - - if (result_code) { - int len = result_code_string.length + - (result_string.length ? (sizeof(": ") - 1) : 0) + - result_string.length; - if (len && error_str) { - *error_str = PMALLOC(len + 1); - if (*error_str) - StringCchPrintfA(*error_str, len+1, - "%.*s%s%.*s", - result_code_string.length, - result_code_string.data, - result_string.length?": ":"", - result_string.length, - result_string.data); - } - rc = result_code; - goto cleanup; - } - - cleanup: - if (result_string.data) - pkrb5_free_data_contents(context, &result_string); - - if (result_code_string.data) - pkrb5_free_data_contents(context, &result_code_string); - - if (princ) - pkrb5_free_principal(context, princ); - - if (context) - pkrb5_free_context(context); - - return rc; -} - -khm_int32 KHMAPI -khm_krb5_creds_is_equal(khm_handle vcred1, khm_handle vcred2, void * dummy) { - if (kcdb_creds_comp_attr(vcred1, vcred2, KCDB_ATTR_LOCATION) || - kcdb_creds_comp_attr(vcred1, vcred2, attr_id_key_enctype) || - kcdb_creds_comp_attr(vcred1, vcred2, attr_id_tkt_enctype) || - kcdb_creds_comp_attr(vcred1, vcred2, attr_id_kvno)) - return 1; - else - return 0; -} - -void -khm_krb5_set_identity_flags(khm_handle identity, - khm_int32 flag_mask, - khm_int32 flag_value) { - - khm_int32 t = 0; - khm_size cb; - - cb = sizeof(t); - if (KHM_FAILED(kcdb_identity_get_attr(identity, - attr_id_krb5_idflags, - NULL, - &t, &cb))) { - t = 0; - } - - t &= ~flag_mask; - t |= (flag_value & flag_mask); - - kcdb_identity_set_attr(identity, - attr_id_krb5_idflags, - &t, sizeof(t)); -} - -khm_int32 -khm_krb5_get_identity_flags(khm_handle identity) { - khm_int32 t = 0; - khm_size cb; - - cb = sizeof(t); - kcdb_identity_get_attr(identity, - attr_id_krb5_idflags, - NULL, &t, &cb); - - return t; -} - -long -khm_krb5_get_temp_ccache(krb5_context ctx, - krb5_ccache * prcc) { - int rnd = rand(); - char ccname[MAX_PATH]; - long code = 0; - krb5_ccache cc = 0; - - StringCbPrintfA(ccname, sizeof(ccname), "MEMORY:TempCache%8x", rnd); - - code = pkrb5_cc_resolve(ctx, ccname, &cc); - - if (code == 0) - *prcc = cc; - - return code; -} - -/* - - The configuration information for each identity comes from a - multitude of layers organized as follows. The ordering is - decreasing in priority. When looking up a value, the value will be - looked up in each layer in turn starting at level 0. The first - instance of the value found will be the effective value. - - 0 : <identity configuration>\Krb5Cred - - 0.1: per user - - 0.2: per machine - - 1 : <plugin configuration>\Parameters\Realms\<realm of identity> - - 1.1: per user - - 1.2: per machine - - 2 : <plugin configuration>\Parameters - - 2.1: per user - - 2.2: per machine - - 2.3: schema - - */ -khm_int32 -khm_krb5_get_identity_config(khm_handle ident, - khm_int32 flags, - khm_handle * ret_csp) { - - khm_int32 rv = KHM_ERROR_SUCCESS; - khm_handle csp_i = NULL; - khm_handle csp_ik5 = NULL; - khm_handle csp_realms = NULL; - khm_handle csp_realm = NULL; - khm_handle csp_plugins = NULL; - khm_handle csp_krbcfg = NULL; - khm_handle csp_rv = NULL; - wchar_t realm[KCDB_IDENT_MAXCCH_NAME]; - - realm[0] = L'\0'; - - if (ident) { - wchar_t idname[KCDB_IDENT_MAXCCH_NAME]; - wchar_t * trealm; - khm_size cb_idname = sizeof(idname); - - rv = kcdb_identity_get_name(ident, idname, &cb_idname); - if (KHM_SUCCEEDED(rv) && - (trealm = khm_get_realm_from_princ(idname)) != NULL) { - StringCbCopy(realm, sizeof(realm), trealm); - } - } - - if (ident) { - rv = kcdb_identity_get_config(ident, flags, &csp_i); - if (KHM_FAILED(rv)) - goto try_realm; - - rv = khc_open_space(csp_i, CSNAME_KRB5CRED, flags, &csp_ik5); - if (KHM_FAILED(rv)) - goto try_realm; - - try_realm: - - if (realm[0] == L'\0') - goto done_shadow_realm; - - rv = khc_open_space(csp_params, CSNAME_REALMS, flags, &csp_realms); - if (KHM_FAILED(rv)) - goto done_shadow_realm; - - rv = khc_open_space(csp_realms, realm, flags, &csp_realm); - if (KHM_FAILED(rv)) - goto done_shadow_realm; - - rv = khc_shadow_space(csp_realm, csp_params); - - done_shadow_realm: - - if (csp_ik5) { - if (csp_realm) - rv = khc_shadow_space(csp_ik5, csp_realm); - else - rv = khc_shadow_space(csp_ik5, csp_params); - - csp_rv = csp_ik5; - } else { - if (csp_realm) - csp_rv = csp_realm; - } - } - - if (csp_rv == NULL) { - - /* No valid identity specified or the specified identity - doesn't have any configuration. We default to the - parameters key. */ - - /* we don't just return csp_params since that's a global - handle that we shouldn't close until the plugin is - unloaded. The caller is going to close the returned handle - when it is done. So we need to create a new csp_params - that can safely be closed. */ - - rv = kmm_get_plugins_config(0, &csp_plugins); - if (KHM_FAILED(rv)) - goto done; - - rv = khc_open_space(csp_plugins, CSNAME_KRB5CRED, flags, &csp_krbcfg); - if (KHM_FAILED(rv)) - goto done; - - rv = khc_open_space(csp_krbcfg, CSNAME_PARAMS, flags, &csp_rv); - } - - done: - - *ret_csp = csp_rv; - - /* leave csp_ik5. If it's non-NULL, then it's the return value */ - /* leave csp_rv. It's the return value. */ - if (csp_i) - khc_close_space(csp_i); - if (csp_realms) - khc_close_space(csp_realms); - - /* csp_realm can also be a return value if csp_ik5 was NULL */ - if (csp_realm && csp_realm != csp_rv) - khc_close_space(csp_realm); - - if (csp_plugins) - khc_close_space(csp_plugins); - if (csp_krbcfg) - khc_close_space(csp_krbcfg); - - return rv; -} - -/* from get_in_tkt.c */ -static krb5_error_code -get_libdefault_string(profile_t profile, const char * realm, - const char * option, char ** ret_val) { - char realmstr[K5_MAXCCH_REALM]; - char **nameval = NULL; - const char * names[4]; - krb5_error_code code = 0; - - names[0] = "libdefaults"; - - if (!realm || !realm[0]) - goto try_number_two; - - StringCbCopyA(realmstr, sizeof(realmstr), realm); - - /* - * Try number one: - * - * [libdefaults] - * REALM = { - * option = <boolean> - * } - */ - - names[1] = realmstr; - names[2] = option; - names[3] = 0; - code = pprofile_get_values(profile, names, &nameval); - if (code == 0 && nameval && nameval[0]) - goto goodbye; - - try_number_two: - - /* - * Try number two: - * - * [libdefaults] - * option = <boolean> - */ - - names[1] = option; - names[2] = 0; - code = pprofile_get_values(profile, names, &nameval); - if (code == 0 && nameval && nameval[0]) - goto goodbye; - - goodbye: - if (!nameval) - return(ENOENT); - - if (!nameval[0]) { - code = ENOENT; - } else { - size_t cb; - - if (FAILED(StringCbLengthA(nameval[0], K5_MAXCCH_REALM * sizeof(char), &cb))) { - code = ENOMEM; - } else { - cb += sizeof(char); - *ret_val = PMALLOC(cb); - - if (!*ret_val) - code = ENOMEM; - else { - StringCbCopyA(*ret_val, cb, nameval[0]); - code = 0; - } - } - } - - pprofile_free_list(nameval); - - return code; -} - - -const struct escape_char_sequences { - wchar_t character; - wchar_t escape; -} file_cc_escapes[] = { - - /* in ASCII order */ - - {L'\"', L'd'}, - {L'$', L'$'}, - {L'%', L'r'}, - {L'\'', L'i'}, - {L'*', L's'}, - {L'/', L'f'}, - {L':', L'c'}, - {L'<', L'l'}, - {L'>', L'g'}, - {L'?', L'q'}, - {L'\\', L'b'}, - {L'|', L'p'} -}; - -static void -escape_string_for_filename(const wchar_t * s, - wchar_t * buf, - khm_size cb_buf) -{ - wchar_t * d; - int i; - - for (d = buf; *s && cb_buf > sizeof(wchar_t) * 3; s++) { - if (iswpunct(*s)) { - for (i=0; i < ARRAYLENGTH(file_cc_escapes); i++) { - if (*s == file_cc_escapes[i].character) - break; - } - - if (i < ARRAYLENGTH(file_cc_escapes)) { - *d++ = L'$'; - *d++ = file_cc_escapes[i].escape; - cb_buf -= sizeof(wchar_t) * 2; - continue; - } - } - - *d++ = *s; - cb_buf -= sizeof(wchar_t); - } - -#ifdef DEBUG - assert(cb_buf >= sizeof(wchar_t)); -#endif - *d++ = L'\0'; -} - -static khm_int32 -get_default_file_cache_for_identity(const wchar_t * idname, - wchar_t * ccname, - khm_size * pcb) -{ - wchar_t escf[KRB5_MAXCCH_CCNAME] = L""; - wchar_t tmppath[KRB5_MAXCCH_CCNAME] = L""; - wchar_t tccname[KRB5_MAXCCH_CCNAME]; - khm_size cb; - - escape_string_for_filename(idname, escf, sizeof(escf)); - GetTempPath(ARRAYLENGTH(tmppath), tmppath); - - /* The path returned by GetTempPath always ends in a backslash. */ - StringCbPrintf(tccname, sizeof(tccname), L"FILE:%skrb5cc.%s", tmppath, escf); - StringCbLength(tccname, sizeof(tccname), &cb); - cb += sizeof(wchar_t); - - if (ccname && *pcb >= cb) { - StringCbCopy(ccname, *pcb, tccname); - *pcb = cb; - return KHM_ERROR_SUCCESS; - } else { - *pcb = cb; - return KHM_ERROR_TOO_LONG; - } -} - -khm_int32 -khm_krb5_get_identity_default_ccache(khm_handle ident, wchar_t * buf, khm_size * pcb) { - khm_handle csp_id = NULL; - khm_int32 rv = KHM_ERROR_SUCCESS; - khm_size cbt; - - rv = khm_krb5_get_identity_config(ident, 0, &csp_id); - - cbt = *pcb; - if (KHM_SUCCEEDED(rv)) - rv = khc_read_string(csp_id, L"DefaultCCName", buf, &cbt); - - if ((KHM_FAILED(rv) && rv != KHM_ERROR_TOO_LONG) || - (KHM_SUCCEEDED(rv) && buf[0] == L'\0')) { - /* we need to figure out the default ccache from the principal - name */ - wchar_t idname[KCDB_IDENT_MAXCCH_NAME]; - wchar_t ccname[KRB5_MAXCCH_CCNAME]; - khm_size cb; - khm_int32 use_file_cache = 0; - - khc_read_int32(csp_id, L"DefaultToFileCache", &use_file_cache); - - cb = sizeof(idname); - kcdb_identity_get_name(ident, idname, &cb); - - if (use_file_cache) { - cb = sizeof(ccname); - rv = get_default_file_cache_for_identity(idname, ccname, &cb); -#ifdef DEBUG - assert(KHM_SUCCEEDED(rv)); -#endif - } else { /* generate an API: cache */ - StringCbPrintf(ccname, sizeof(ccname), L"API:%s", idname); - } - khm_krb5_canon_cc_name(ccname, sizeof(ccname)); - - _reportf(L"Setting CCache [%s] for identity [%s]", ccname, idname); - - StringCbLength(ccname, sizeof(ccname), &cb); - cb += sizeof(wchar_t); - - if (buf && *pcb >= cb) { - StringCbCopy(buf, *pcb, ccname); - *pcb = cb; - rv = KHM_ERROR_SUCCESS; - } else { - *pcb = cb; - rv = KHM_ERROR_TOO_LONG; - } - } else if (KHM_SUCCEEDED(rv)) { - wchar_t idname[KCDB_IDENT_MAXCCH_NAME]; - khm_size cb; - - *pcb = cbt; - - cb = sizeof(idname); - kcdb_identity_get_name(ident, idname, &cb); - - _reportf(L"Found CCache [%s] for identity [%s]", buf, idname); - } - - if (csp_id != NULL) - khc_close_space(csp_id); - - return rv; -} - -khm_int32 -khm_krb5_get_identity_default_ccacheA(khm_handle ident, char * buf, khm_size * pcb) { - wchar_t wccname[KRB5_MAXCCH_CCNAME]; - khm_size cbcc; - khm_int32 rv; - - cbcc = sizeof(wccname); - rv = khm_krb5_get_identity_default_ccache(ident, wccname, &cbcc); - - if (KHM_SUCCEEDED(rv)) { - cbcc = sizeof(char) * cbcc / sizeof(wchar_t); - if (buf == NULL || *pcb < cbcc) { - *pcb = cbcc; - rv = KHM_ERROR_TOO_LONG; - } else { - UnicodeStrToAnsi(buf, *pcb, wccname); - *pcb = cbcc; - rv = KHM_ERROR_SUCCESS; - } - } - - return rv; -} - -khm_int32 -khm_krb5_get_identity_params(khm_handle ident, k5_params * p) { - - khm_int32 rv = KHM_ERROR_SUCCESS; - khm_handle csp_id = NULL; - khm_int32 regf = 0; - khm_int32 proff = 0; - khm_int32 e; - khm_int32 v; - CHAR confname[MAX_PATH]; - CHAR realmname[K5_MAXCCH_REALM]; - - ZeroMemory(p, sizeof(*p)); - - rv = khm_krb5_get_identity_config(ident, 0, &csp_id); - if (KHM_FAILED(rv)) - goto done_reg; - - -#define GETVAL(vname, vfield, flag) \ - do { \ - e = khc_value_exists(csp_id, vname); \ - rv = khc_read_int32(csp_id, vname, &v); \ - if (KHM_FAILED(rv)) goto done_reg; \ - p->vfield = v; \ - if ((e & ~KCONF_FLAG_SCHEMA) != 0) regf |= flag; \ - } while(FALSE) - - /* Flags */ - GETVAL(L"Renewable", renewable, K5PARAM_F_RENEW); - GETVAL(L"Forwardable", forwardable, K5PARAM_F_FORW); - GETVAL(L"Proxiable", proxiable, K5PARAM_F_PROX); - GETVAL(L"Addressless", addressless, K5PARAM_F_ADDL); - GETVAL(L"PublicIP", publicIP, K5PARAM_F_PUBIP); - - /* Lifetime */ - GETVAL(L"DefaultLifetime", lifetime, K5PARAM_F_LIFE); - GETVAL(L"MaxLifetime", lifetime_max, K5PARAM_F_LIFE_H); - GETVAL(L"MinLifetime", lifetime_min, K5PARAM_F_LIFE_L); - - /* Renewable lifetime */ - GETVAL(L"DefaultRenewLifetime", renew_life, K5PARAM_F_RLIFE); - GETVAL(L"MaxRenewLifetime", renew_life_max, K5PARAM_F_RLIFE_H); - GETVAL(L"MinRenewLifetime", renew_life_min, K5PARAM_F_RLIFE_L); - -#undef GETVAL - - done_reg: - - if (csp_id) - khc_close_space(csp_id); - - /* if all the parameters were read from the registry, then we have - no reason to read from the profile file. */ - if (regf == K5PARAM_FM_ALL) { - p->source_reg = regf; - return KHM_ERROR_SUCCESS; - } - - if (rv) - return rv; - - /* we need to figure out the realm name, since there might be - per-realm configuration in the profile file. */ - - realmname[0] = '\0'; - - if (ident) { - wchar_t idname[KCDB_IDENT_MAXCCH_NAME]; - khm_size cb; - - idname[0] = L'\0'; - cb = sizeof(idname); - rv = kcdb_identity_get_name(ident, idname, &cb); - if (KHM_SUCCEEDED(rv)) { - wchar_t * wrealm; - - wrealm = khm_get_realm_from_princ(idname); - if (wrealm) { - UnicodeStrToAnsi(realmname, sizeof(realmname), wrealm); - } - } - } - - /* If we get here, then some of the settings we read from the - configuration actually came from the schema. In other words, - the values weren't really defined for this identity. So we now - have to read the values from the krb5 configuration file. */ - - if (!khm_krb5_get_profile_file(confname, sizeof(confname))) { - profile_t profile; - const char * filenames[2]; - long retval; - - filenames[0] = confname; - filenames[1] = NULL; - - if (!pprofile_init(filenames, &profile)) { - - /* default ticket lifetime */ - if (!(regf & K5PARAM_F_LIFE)) { - char * value = NULL; - retval = get_libdefault_string(profile, realmname, - "ticket_lifetime", &value); - - if (retval == 0 && value) { - krb5_deltat d; - - retval = pkrb5_string_to_deltat(value, &d); - if (retval == KRB5_DELTAT_BADFORMAT) { - /* Historically some sites use relations of - the form 'ticket_lifetime = 24000' where - the unit is left out but is assumed to be - seconds. Then there are other sites which - use the form 'ticket_lifetime = 600' where - the unit is assumed to be minutes. While - these are technically wrong (a unit needs - to be specified), we try to accomodate for - this using the safe assumption that the - unit is seconds and tack an 's' to the end - and see if that works. */ - - size_t cch; - char tmpbuf[256]; - char * buf; - - do { - if (FAILED(StringCchLengthA(value, 1024 /* unresonably large size */, - &cch))) - break; - - cch += sizeof(char) * 2; /* NULL and new 's' */ - if (cch > ARRAYLENGTH(tmpbuf)) - buf = PMALLOC(cch * sizeof(char)); - else - buf = tmpbuf; - - StringCchCopyA(buf, cch, value); - StringCchCatA(buf, cch, "s"); - - retval = pkrb5_string_to_deltat(buf, &d); - if (retval == 0) { - p->lifetime = d; - proff |= K5PARAM_F_LIFE; - } - - if (buf != tmpbuf) - PFREE(buf); - - } while(0); - - } else if (retval == 0) { - p->lifetime = d; - proff |= K5PARAM_F_LIFE; - } - - PFREE(value); - } - } - - if (!(regf & K5PARAM_F_RLIFE)) { - char * value = NULL; - retval = get_libdefault_string(profile, realmname, - "renew_lifetime", &value); - if (retval == 0 && value) { - krb5_deltat d; - - retval = pkrb5_string_to_deltat(value, &d); - if (retval == 0) { - p->renew_life = d; - proff |= K5PARAM_F_RLIFE; - } - PFREE(value); - } - } - - if (!(regf & K5PARAM_F_FORW)) { - char * value = NULL; - retval = get_libdefault_string(profile, realmname, - "forwardable", &value); - if (retval == 0 && value) { - khm_boolean b; - - if (!khm_krb5_parse_boolean(value, &b)) - p->forwardable = b; - else - p->forwardable = FALSE; - PFREE(value); - proff |= K5PARAM_F_FORW; - } - } - - if (!(regf & K5PARAM_F_RENEW)) { - char * value = NULL; - retval = get_libdefault_string(profile, realmname, - "renewable", &value); - if (retval == 0 && value) { - khm_boolean b; - - if (!khm_krb5_parse_boolean(value, &b)) - p->renewable = b; - else - p->renewable = TRUE; - PFREE(value); - proff |= K5PARAM_F_RENEW; - } - } - - if (!(regf & K5PARAM_F_ADDL)) { - char * value = NULL; - retval = get_libdefault_string(profile, realmname, - "noaddresses", &value); - if (retval == 0 && value) { - khm_boolean b; - - if (!khm_krb5_parse_boolean(value, &b)) - p->addressless = b; - else - p->addressless = TRUE; - PFREE(value); - proff |= K5PARAM_F_ADDL; - } - } - - if (!(regf & K5PARAM_F_PROX)) { - char * value = NULL; - retval = get_libdefault_string(profile, realmname, - "proxiable", &value); - if (retval == 0 && value) { - khm_boolean b; - - if (!khm_krb5_parse_boolean(value, &b)) - p->proxiable = b; - else - p->proxiable = FALSE; - PFREE(value); - proff |= K5PARAM_F_PROX; - } - } - - pprofile_release(profile); - } - } - - p->source_reg = regf; - p->source_prof = proff; - - return rv; -} - -/* Note that p->source_reg and p->source_prof is used in special ways - here. All fields that are flagged in source_reg will be written to - the configuration (if they are different from what - khm_krb5_get_identity_params() reports). All fields that are - flagged in source_prof will be removed from the configuration - (thereby exposing the value defined in the profile file). */ -khm_int32 -khm_krb5_set_identity_params(khm_handle ident, const k5_params * p) { - khm_int32 rv = KHM_ERROR_SUCCESS; - khm_handle csp_id = NULL; - k5_params p_s; - khm_int32 source_reg = p->source_reg; - khm_int32 source_prof = p->source_prof; - - rv = khm_krb5_get_identity_config(ident, - KHM_PERM_WRITE | KHM_FLAG_CREATE | - KCONF_FLAG_WRITEIFMOD, - &csp_id); - if (KHM_FAILED(rv)) - goto done_reg; - - khm_krb5_get_identity_params(ident, &p_s); - - /* Remove any bits that don't make sense. Not all values can be - specified in the profile file. */ - source_prof &= K5PARAM_FM_PROF; - - /* if a flag appears in both source_prof and source_reg, remove - the flag from source_reg. */ - source_reg &= ~source_prof; - - /* we only write values that have changed, and that are flagged in - source_reg */ - - if ((source_reg & K5PARAM_F_RENEW) && - !!p_s.renewable != !!p->renewable) - khc_write_int32(csp_id, L"Renewable", !!p->renewable); - - if ((source_reg & K5PARAM_F_FORW) && - !!p_s.forwardable != !!p->forwardable) - khc_write_int32(csp_id, L"Forwardable", !!p->forwardable); - - if ((source_reg & K5PARAM_F_PROX) && - !!p_s.proxiable != !!p->proxiable) - khc_write_int32(csp_id, L"Proxiable", !!p->proxiable); - - if ((source_reg & K5PARAM_F_ADDL) && - !!p_s.addressless != !!p->addressless) - khc_write_int32(csp_id, L"Addressless", !!p->addressless); - - if ((source_reg & K5PARAM_F_PUBIP) && - p_s.publicIP != p->publicIP) - khc_write_int32(csp_id, L"PublicIP", p->publicIP); - - if ((source_reg & K5PARAM_F_LIFE) && - p_s.lifetime != p->lifetime) - khc_write_int32(csp_id, L"DefaultLifetime", p->lifetime); - - if ((source_reg & K5PARAM_F_LIFE_H) && - p_s.lifetime_max != p->lifetime_max) - khc_write_int32(csp_id, L"MaxLifetime", p->lifetime_max); - - if ((source_reg & K5PARAM_F_LIFE_L) && - p_s.lifetime_min != p->lifetime_min) - khc_write_int32(csp_id, L"MinLifetime", p->lifetime_min); - - if ((source_reg & K5PARAM_F_RLIFE) && - p_s.renew_life != p->renew_life) - khc_write_int32(csp_id, L"DefaultRenewLifetime", p->renew_life); - - if ((source_reg & K5PARAM_F_RLIFE_H) && - p_s.renew_life_max != p->renew_life_max) - khc_write_int32(csp_id, L"MaxRenewLifetime", p->renew_life_max); - - if ((source_reg & K5PARAM_F_RLIFE_L) && - p_s.renew_life_min != p->renew_life_min) - khc_write_int32(csp_id, L"MinRenewLifetime", p->renew_life_min); - - /* and now, remove the values that are present in source_prof. - Not all values are removed since not all values can be - specified in the profile file. */ - if (source_prof & K5PARAM_F_RENEW) - khc_remove_value(csp_id, L"Renewable", 0); - - if (source_prof & K5PARAM_F_FORW) - khc_remove_value(csp_id, L"Forwardable", 0); - - if (source_prof & K5PARAM_F_PROX) - khc_remove_value(csp_id, L"Proxiable", 0); - - if (source_prof & K5PARAM_F_ADDL) - khc_remove_value(csp_id, L"Addressless", 0); - - if (source_prof & K5PARAM_F_LIFE) - khc_remove_value(csp_id, L"DefaultLifetime", 0); - - if (source_prof & K5PARAM_F_RLIFE) - khc_remove_value(csp_id, L"DefaultRenewLifetime", 0); - - done_reg: - if (csp_id != NULL) - khc_close_space(csp_id); - - return rv; -} - -static const char *const conf_yes[] = { - "y", "yes", "true", "t", "1", "on", - 0, -}; - -static const char *const conf_no[] = { - "n", "no", "false", "nil", "0", "off", - 0, -}; - -int -khm_krb5_parse_boolean(const char *s, khm_boolean * b) -{ - const char *const *p; - - for(p=conf_yes; *p; p++) { - if (!_stricmp(*p,s)) { - *b = TRUE; - return 0; - } - } - - for(p=conf_no; *p; p++) { - if (!_stricmp(*p,s)) { - *b = FALSE; - return 0; - } - } - - /* Default to "no" */ - return KHM_ERROR_INVALID_PARAM; -} diff --git a/src/windows/identity/plugins/krb5/krb5funcs.h b/src/windows/identity/plugins/krb5/krb5funcs.h deleted file mode 100644 index d41ffb6b2..000000000 --- a/src/windows/identity/plugins/krb5/krb5funcs.h +++ /dev/null @@ -1,224 +0,0 @@ -/* - * Copyright (c) 2005 Massachusetts Institute of Technology - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -/* $Id$ */ - -/* Adapted from multiple Leash header files */ - -#ifndef __KHIMAIRA_KRB5FUNCS_H -#define __KHIMAIRA_KRB5FUNCS_H - -#include<stdlib.h> -#include<krb5.h> - -#include <windows.h> -#define SECURITY_WIN32 -#include <security.h> - -#if _WIN32_WINNT < 0x0501 -#define KHM_SAVE_WIN32_WINNT _WIN32_WINNT -#undef _WIN32_WINNT -#define _WIN32_WINNT 0x0501 -#endif -#include<ntsecapi.h> -#ifdef KHM_SAVE_WIN32_WINNT -#undef _WIN32_WINNT -#define _WIN32_WINNT KHM_SAVE_WIN32_WINNT -#undef KHM_SAVE_WIN32_WINNT -#endif - -#include <krb5common.h> - -#define LEASH_DEBUG_CLASS_GENERIC 0 -#define LEASH_DEBUG_CLASS_KRB4 1 -#define LEASH_DEBUG_CLASS_KRB4_APP 2 - -#define LEASH_PRIORITY_LOW 0 -#define LEASH_PRIORITY_HIGH 1 - -#define KRB5_DEFAULT_LIFE 60*60*10 /* 10 hours */ - -#define KRB5_MAXCCH_CCNAME 1024 - -#define KRB5_CONF_YES "yes" -#define KRB5_CONF_NO "no" - -typedef struct tag_k5params { - - khm_int32 source_reg; /* flags indicating which fields were - retrieved using the registry */ - khm_int32 source_prof; /* flags indicating which fields were - retrieved using krb5.ini */ - - khm_boolean renewable; - khm_boolean forwardable; - khm_boolean proxiable; - khm_boolean addressless; - - khm_ui_4 publicIP; - - krb5_deltat lifetime; - krb5_deltat lifetime_min; - krb5_deltat lifetime_max; - - krb5_deltat renew_life; - krb5_deltat renew_life_min; - krb5_deltat renew_life_max; - -} k5_params; - -#define K5PARAM_F_RENEW 0x00000001 -#define K5PARAM_F_FORW 0x00000002 -#define K5PARAM_F_PROX 0x00000004 -#define K5PARAM_F_ADDL 0x00000008 -#define K5PARAM_F_PUBIP 0x00000010 -#define K5PARAM_F_LIFE 0x00000020 -#define K5PARAM_F_RLIFE 0x00000040 -#define K5PARAM_F_LIFE_L 0x00000080 -#define K5PARAM_F_LIFE_H 0x00000100 -#define K5PARAM_F_RLIFE_L 0x00000200 -#define K5PARAM_F_RLIFE_H 0x00000400 - -#define K5PARAM_FM_ALL 0x000007ff -#define K5PARAM_FM_PROF 0x0000007f - -/* Credential and principal operations */ - -BOOL -khm_krb5_ms2mit(char * match_princ, - BOOL match_realm, - BOOL save_creds, - khm_handle * ret_ident); - -int -khm_krb5_kinit(krb5_context alt_ctx, - char * principal_name, - char * password, - char * ccache, - krb5_deltat lifetime, - DWORD forwardable, - DWORD proxiable, - krb5_deltat renew_life, - DWORD addressless, - DWORD publicIP, - krb5_prompter_fct prompter, - void * p_data, - char ** pp_error_message); - -long -khm_krb5_changepwd(char * principal, - char * password, - char * newpassword, - char** error_str); - -int -khm_krb5_destroy_by_credset(khm_handle p_cs); - -int -khm_krb5_destroy_identity(khm_handle identity); - -long -khm_convert524(krb5_context ctx); - -int -khm_krb5_renew_cred(khm_handle cred); - -int -khm_krb5_renew_ident(khm_handle identity); - -long -khm_krb5_list_tickets(krb5_context *krbv5Context); - -long -khm_krb5_copy_ccache_by_name(krb5_context in_ctx, - wchar_t * wscc_dest, - wchar_t * wscc_src); - -long -khm_krb5_get_temp_ccache(krb5_context ctx, - krb5_ccache * cc); - -khm_int32 KHMAPI -khm_krb5_creds_is_equal(khm_handle vcred1, khm_handle vcred2, void * dummy); - - -/* Configuration */ - -BOOL -khm_krb5_get_profile_file(LPSTR confname, UINT szConfname); - -BOOL -khm_krb5_get_temp_profile_file(LPSTR confname, UINT szConfname); - -wchar_t * -khm_krb5_get_default_realm(void); - -long -khm_krb5_set_default_realm(wchar_t * realm); - -wchar_t * -khm_krb5_get_realm_list(void); - -khm_int32 -khm_krb5_get_identity_config(khm_handle ident, - khm_int32 flags, - khm_handle * ret_csp); - -void -khm_krb5_set_identity_flags(khm_handle identity, - khm_int32 flag_mask, - khm_int32 flag_value); - -khm_int32 -khm_krb5_get_identity_flags(khm_handle identity); - -khm_int32 -khm_krb5_set_identity_params(khm_handle ident, const k5_params * p); - -khm_int32 -khm_krb5_get_identity_params(khm_handle ident, k5_params * p); - -khm_int32 -khm_krb5_get_identity_default_ccache(khm_handle ident, wchar_t * buf, khm_size * pcb); - -khm_int32 -khm_krb5_get_identity_default_ccacheA(khm_handle ident, char * buf, khm_size * pcb); - -/* Utility */ - -wchar_t * -khm_get_realm_from_princ(wchar_t * princ); - -long -khm_krb5_canon_cc_name(wchar_t * wcc_name, - size_t cb_cc_name); - -int -khm_krb5_cc_name_cmp(const wchar_t * cc_name_1, - const wchar_t * cc_name_2); - -int -khm_krb5_parse_boolean(const char *s, khm_boolean * b); - -#endif diff --git a/src/windows/identity/plugins/krb5/krb5identpro.c b/src/windows/identity/plugins/krb5/krb5identpro.c deleted file mode 100644 index 1b1ec403e..000000000 --- a/src/windows/identity/plugins/krb5/krb5identpro.c +++ /dev/null @@ -1,1861 +0,0 @@ -/* - * Copyright (c) 2005 Massachusetts Institute of Technology - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -/* $Id$ */ - -#include<krbcred.h> -#include<kherror.h> -#include<khmsgtypes.h> -#include<commctrl.h> -#include<strsafe.h> -#include<krb5.h> -#include<assert.h> - -#define K5_NCID_UN_LABEL (KHUI_CW_ID_MIN + 0) -#define K5_NCID_UN (KHUI_CW_ID_MIN + 1) -#define K5_NCID_REALM_LABEL (KHUI_CW_ID_MIN + 2) -#define K5_NCID_REALM (KHUI_CW_ID_MIN + 3) - -#define NC_UNCHANGE_TIMEOUT 3000 -#define NC_UNCHANGE_TIMER 2 -#define NC_REALMCHANGE_TIMEOUT NC_UNCHANGE_TIMEOUT -#define NC_REALMCHANGE_TIMER 3 - -typedef struct tag_k5_new_cred_data { - HWND hw_username_label; - HWND hw_username; - HWND hw_realm_label; - HWND hw_realm; -} k5_new_cred_data; - -static -void -trim_str(wchar_t * s, khm_size cch) { - wchar_t * c, * last_ws; - - for (c = s; *c && iswspace(*c) && ((khm_size)(c - s)) < cch; c++); - - if (((khm_size)(c - s)) >= cch) - return; - - if (c != s && ((khm_size)(c - s)) < cch) { -#if _MSC_VER >= 1400 && __STDC_WANT_SECURE_LIB__ - wmemmove_s(s, cch, c, cch - ((khm_size)(c - s))); -#else - memmove(s, c, (cch - ((khm_size)(c - s))) * sizeof(wchar_t)); -#endif - } - - last_ws = NULL; - for (c = s; *c && ((khm_size)(c - s)) < cch; c++) { - if (!iswspace(*c)) - last_ws = NULL; - else if (last_ws == NULL) - last_ws = c; - } - - if (last_ws) - *last_ws = L'\0'; -} - -/* Runs in the UI thread */ -int -k5_get_realm_from_nc(khui_new_creds * nc, - wchar_t * buf, - khm_size cch_buf) { - k5_new_cred_data * d; - khm_size s; - - d = (k5_new_cred_data *) nc->ident_aux; - buf[0] = L'\0'; - GetWindowText(d->hw_realm, buf, (int) cch_buf); - trim_str(buf, cch_buf); - - StringCchLength(buf, cch_buf, &s); - - return (int) s; -} - -/* set the primary identity of a new credentials dialog depending on - the selection of the username and realm - - Runs in the UI thread -*/ -static void -set_identity_from_ui(khui_new_creds * nc, - k5_new_cred_data * d) { - wchar_t un[KCDB_IDENT_MAXCCH_NAME]; - wchar_t * realm; - khm_size cch; - khm_size cch_left; - khm_handle ident; - LRESULT idx = CB_ERR; - khm_int32 rv = KHM_ERROR_SUCCESS; - - cch = GetWindowTextLength(d->hw_username); - - /* we already set the max length of the edit control to be this. - shouldn't exceed it unless the edit control is confused. */ - assert(cch < KCDB_IDENT_MAXCCH_NAME - 1); - - GetWindowText(d->hw_username, un, ARRAYLENGTH(un)); - trim_str(un, ARRAYLENGTH(un)); - - realm = khm_get_realm_from_princ(un); - if (realm) /* realm was specified */ - goto _set_ident; - - /* the cch we got from GetWindowTextLength can not be trusted to - be exact. For caveats see MSDN for GetWindowTextLength. */ - StringCchLength(un, KCDB_IDENT_MAXCCH_NAME, &cch); - - if (cch >= KCDB_IDENT_MAXCCH_NAME - 3) { - /* has to allow space for the '@' and at least a single - character realm, and the NULL terminator. */ - rv = KHM_ERROR_TOO_LONG; - goto _set_null_ident; - } - - realm = un + cch; /* now points at terminating NULL */ - cch_left = KCDB_IDENT_MAXCCH_NAME - cch; - - *realm++ = L'@'; - *realm = L'\0'; - cch_left--; - - cch = GetWindowTextLength(d->hw_realm); - if (cch == 0 || cch >= cch_left) { - rv = KHM_ERROR_INVALID_NAME; - goto _set_null_ident; - } - - GetWindowText(d->hw_realm, realm, (int) cch_left); - trim_str(realm, cch_left); - - _set_ident: - if (KHM_FAILED(rv = kcdb_identity_create(un, - KCDB_IDENT_FLAG_CREATE, - &ident))) { - goto _set_null_ident; - } - - khui_cw_set_primary_id(nc, ident); - - kcdb_identity_release(ident); - return; - - _set_null_ident: - { - khui_new_creds_by_type * nct = NULL; - wchar_t cmsg[256]; - - khui_cw_find_type(nc, credtype_id_krb5, &nct); - if (nct && nct->hwnd_panel) { - - switch(rv) { - case KHM_ERROR_TOO_LONG: - LoadString(hResModule, IDS_NCERR_IDENT_TOO_LONG, - cmsg, ARRAYLENGTH(cmsg)); - break; - - case KHM_ERROR_INVALID_NAME: - LoadString(hResModule, IDS_NCERR_IDENT_INVALID, - cmsg, ARRAYLENGTH(cmsg)); - break; - - default: - LoadString(hResModule, IDS_NCERR_IDENT_UNKNOWN, - cmsg, ARRAYLENGTH(cmsg)); - } - - SendMessage(nct->hwnd_panel, - KHUI_WM_NC_NOTIFY, - MAKEWPARAM(0, K5_SET_CRED_MSG), - (LPARAM) cmsg); - } - - khui_cw_set_primary_id(nc, NULL); - } - return; -} - -/* runs in the UI thread */ -static BOOL -update_crossfeed(khui_new_creds * nc, - k5_new_cred_data * d, - int ctrl_id_src) { - wchar_t un[KCDB_IDENT_MAXCCH_NAME]; - wchar_t * un_realm; - wchar_t realm[KCDB_IDENT_MAXCCH_NAME]; - khm_size cch; - khm_size cch_left; - int idx; - - cch = (khm_size) GetWindowTextLength(d->hw_username); -#ifdef DEBUG - assert(cch < KCDB_IDENT_MAXCCH_NAME); -#endif - if (cch == 0) - return FALSE; - - GetWindowText(d->hw_username, - un, - ARRAYLENGTH(un)); - trim_str(un, ARRAYLENGTH(un)); - - un_realm = khm_get_realm_from_princ(un); - - if (un_realm == NULL) { - EnableWindow(d->hw_realm, TRUE); - return FALSE; - } - - if (ctrl_id_src == K5_NCID_UN) { - - idx = (int)SendMessage(d->hw_realm, - CB_FINDSTRINGEXACT, - (WPARAM) -1, - (LPARAM) un_realm); - - if (idx != CB_ERR) { - wchar_t srealm[KCDB_IDENT_MAXCCH_NAME]; - - cch = SendMessage(d->hw_realm, - CB_GETLBTEXTLEN, - (WPARAM) idx, - 0); - -#ifdef DEBUG - assert(cch < ARRAYLENGTH(srealm) - 1); -#endif - SendMessage(d->hw_realm, - CB_GETLBTEXT, - (WPARAM) idx, - (LPARAM) srealm); - - if (!_wcsicmp(srealm, un_realm) && wcscmp(srealm, un_realm)) { - /* differ only by case */ - - StringCchCopy(un_realm, ARRAYLENGTH(un) - (un_realm - un), - srealm); - - SetWindowText(d->hw_username, un); - } - } - - SendMessage(d->hw_realm, - CB_SELECTSTRING, - (WPARAM) -1, - (LPARAM) un_realm); - - SetWindowText(d->hw_realm, - un_realm); - - if (GetFocus() == d->hw_realm) { - HWND hw_next = GetNextDlgTabItem(nc->hwnd, d->hw_realm, - FALSE); - if (hw_next) - SetFocus(hw_next); - } - - EnableWindow(d->hw_realm, FALSE); - - return TRUE; - } - /* else... */ - - cch_left = KCDB_IDENT_MAXCCH_NAME - (un_realm - un); - - cch = (khm_size) GetWindowTextLength(d->hw_realm); - -#ifdef DEBUG - assert(cch < KCDB_IDENT_MAXCCH_NAME); -#endif - if (cch == 0) - return FALSE; - - GetWindowText(d->hw_realm, realm, - ARRAYLENGTH(realm)); - trim_str(realm, ARRAYLENGTH(realm)); - - idx = (int)SendMessage(d->hw_realm, - CB_FINDSTRINGEXACT, - (WPARAM) -1, - (LPARAM) realm); - - if (idx != CB_ERR) { - wchar_t srealm[KCDB_IDENT_MAXCCH_NAME]; - - SendMessage(d->hw_realm, - CB_GETLBTEXT, - (WPARAM) idx, - (LPARAM) srealm); - - if (!_wcsicmp(srealm, realm) && wcscmp(srealm, realm)) { - StringCbCopy(realm, sizeof(realm), srealm); - - SetWindowText(d->hw_realm, srealm); - } - } - - StringCchCopy(un_realm, cch_left, realm); - - SendMessage(d->hw_username, - CB_SELECTSTRING, - (WPARAM) -1, - (LPARAM) un); - - SetWindowText(d->hw_username, un); - - return TRUE; -} - -/* Handle window messages for the identity specifiers - - runs in UI thread */ -static LRESULT -handle_wnd_msg(khui_new_creds * nc, - HWND hwnd, - UINT uMsg, - WPARAM wParam, - LPARAM lParam) { - k5_new_cred_data * d; - - d = (k5_new_cred_data *) nc->ident_aux; - - switch(uMsg) { - case WM_COMMAND: - switch(wParam) { - case MAKEWPARAM(K5_NCID_UN, CBN_EDITCHANGE): - /* the username has changed. Instead of handling this - for every keystroke, set a timer that elapses some - time afterwards and then handle the event. */ - SetTimer(hwnd, NC_UNCHANGE_TIMER, - NC_UNCHANGE_TIMEOUT, NULL); - return TRUE; - - case MAKEWPARAM(K5_NCID_UN, CBN_KILLFOCUS): - case MAKEWPARAM(K5_NCID_UN, CBN_CLOSEUP): - KillTimer(hwnd, NC_UNCHANGE_TIMER); - - update_crossfeed(nc,d,K5_NCID_UN); - set_identity_from_ui(nc,d); - return TRUE; - - case MAKEWPARAM(K5_NCID_REALM,CBN_EDITCHANGE): - SetTimer(hwnd, NC_REALMCHANGE_TIMER, - NC_REALMCHANGE_TIMEOUT, NULL); - return TRUE; - - case MAKEWPARAM(K5_NCID_REALM,CBN_KILLFOCUS): - case MAKEWPARAM(K5_NCID_REALM,CBN_CLOSEUP): - KillTimer(hwnd, NC_REALMCHANGE_TIMER); - - update_crossfeed(nc,d,K5_NCID_REALM); - set_identity_from_ui(nc, d); - return TRUE; - } - break; - - case WM_TIMER: - if(wParam == NC_UNCHANGE_TIMER) { - KillTimer(hwnd, NC_UNCHANGE_TIMER); - - update_crossfeed(nc, d, K5_NCID_UN); - set_identity_from_ui(nc,d); - return TRUE; - } else if (wParam == NC_REALMCHANGE_TIMER) { - KillTimer(hwnd, NC_REALMCHANGE_TIMER); - - update_crossfeed(nc, d, K5_NCID_REALM); - set_identity_from_ui(nc, d); - return TRUE; - } - break; - } - return FALSE; -} - -/* UI Callback - - runs in UI thread */ -static LRESULT KHMAPI -ui_cb(khui_new_creds * nc, - UINT cmd, - HWND hwnd, - UINT uMsg, - WPARAM wParam, - LPARAM lParam) { - - k5_new_cred_data * d; - - d = (k5_new_cred_data *) nc->ident_aux; - - switch(cmd) { - case WMNC_IDENT_INIT: - { - wchar_t defident[KCDB_IDENT_MAXCCH_NAME]; - wchar_t wbuf[1024]; - wchar_t * ms = NULL; - wchar_t * t; - wchar_t * defrealm = NULL; - LRESULT lr; - khm_size cb_ms; - khm_size cb; - HWND hw_parent; - khm_int32 rv; - khm_handle hident; - - hw_parent = (HWND) lParam; - defident[0] = L'\0'; - -#ifdef DEBUG - assert(d == NULL); - assert(hw_parent != NULL); -#endif - - d = PMALLOC(sizeof(*d)); - assert(d); - ZeroMemory(d, sizeof(*d)); - - khui_cw_lock_nc(nc); - nc->ident_aux = (LPARAM) d; - khui_cw_unlock_nc(nc); - - LoadString(hResModule, IDS_NC_USERNAME, - wbuf, ARRAYLENGTH(wbuf)); - - d->hw_username_label = CreateWindow - (L"STATIC", - wbuf, - SS_SIMPLE | WS_CHILD | WS_VISIBLE, - 0, 0, 100, 100, /* bogus values */ - hw_parent, - (HMENU) K5_NCID_UN_LABEL, - hInstance, - NULL); - assert(d->hw_username_label != NULL); - - d->hw_username = CreateWindow - (L"COMBOBOX", - L"", - CBS_DROPDOWN | CBS_AUTOHSCROLL | CBS_SORT | - WS_CHILD | WS_VISIBLE | WS_TABSTOP | WS_VSCROLL, - 0, 0, 100, 100, /* bogus values */ - hw_parent, - (HMENU) K5_NCID_UN, - hInstance, - NULL); - assert(d->hw_username != NULL); - - SendMessage(d->hw_username, - CB_LIMITTEXT, - (WPARAM)(KCDB_IDENT_MAXCCH_NAME - 1), - 0); - - SendMessage(d->hw_username, - CB_SETEXTENDEDUI, - (WPARAM) TRUE, - 0); - - khui_cw_add_control_row(nc, - d->hw_username_label, - d->hw_username, - KHUI_CTRLSIZE_SMALL); - - LoadString(hResModule, IDS_NC_REALM, - wbuf, ARRAYLENGTH(wbuf)); - - d->hw_realm_label = CreateWindow - (L"STATIC", - wbuf, - SS_SIMPLE | WS_CHILD | WS_VISIBLE, - 0, 0, 100, 100, /* bogus */ - hw_parent, - (HMENU) K5_NCID_REALM_LABEL, - hInstance, - NULL); - assert(d->hw_realm_label != NULL); - - d->hw_realm = CreateWindow - (L"COMBOBOX", - L"", - CBS_DROPDOWN | CBS_AUTOHSCROLL | CBS_SORT | - WS_CHILD | WS_VISIBLE | WS_TABSTOP | WS_VSCROLL, - 0, 0, 100, 100, /* bogus */ - hw_parent, - (HMENU) K5_NCID_REALM, - hInstance, - NULL); - assert(d->hw_realm != NULL); - - SendMessage(d->hw_realm, - CB_LIMITTEXT, - (WPARAM) (KCDB_IDENT_MAXCCH_NAME - 1), - 0); - - SendMessage(d->hw_realm, - CB_SETEXTENDEDUI, - (WPARAM) TRUE, - 0); - - khui_cw_add_control_row(nc, - d->hw_realm_label, - d->hw_realm, - KHUI_CTRLSIZE_SMALL); - - /* add the LRU realms and principals to the dropdown - lists */ - rv = khc_read_multi_string(csp_params, - L"LRUPrincipals", - NULL, - &cb_ms); - - if (rv != KHM_ERROR_TOO_LONG || cb_ms <= sizeof(wchar_t) * 2) - goto _add_lru_realms; - - ms = PMALLOC(cb_ms); - assert(ms != NULL); - - cb = cb_ms; - rv = khc_read_multi_string(csp_params, - L"LRUPrincipals", - ms, - &cb); - - assert(KHM_SUCCEEDED(rv)); - - /* the first of these is considered the default identity - if no other default is known */ - StringCbCopy(defident, sizeof(defident), ms); - - t = ms; - while(t && *t) { - SendMessage(d->hw_username, - CB_ADDSTRING, - 0, - (LPARAM) t); - - t = multi_string_next(t); - } - - _add_lru_realms: - /* add the default realm first */ - defrealm = khm_krb5_get_default_realm(); - if (defrealm) { - SendMessage(d->hw_realm, - CB_ADDSTRING, - 0, - (LPARAM) defrealm); - } - - rv = khc_read_multi_string(csp_params, - L"LRURealms", - NULL, - &cb); - - if (rv != KHM_ERROR_TOO_LONG) - goto _done_adding_lru; - - if (ms != NULL) { - if (cb_ms < cb) { - PFREE(ms); - ms = PMALLOC(cb); - assert(ms); - cb_ms = cb; - } - } else { - ms = PMALLOC(cb); - cb_ms = cb; - } - - rv = khc_read_multi_string(csp_params, - L"LRURealms", - ms, - &cb); - - assert(KHM_SUCCEEDED(rv)); - - for (t = ms; t && *t; t = multi_string_next(t)) { - lr = SendMessage(d->hw_realm, - CB_FINDSTRINGEXACT, - (WPARAM) -1, - (LPARAM) t); - if (lr != CB_ERR) - continue; - - SendMessage(d->hw_realm, - CB_ADDSTRING, - 0, - (LPARAM) t); - } - _done_adding_lru: - - { - khm_int32 inc_realms = 0; - - if (KHM_FAILED(khc_read_int32(csp_params, - L"UseFullRealmList", - &inc_realms)) || - !inc_realms) - goto _done_adding_all_realms; - } - - if(ms) - PFREE(ms); - - ms = khm_krb5_get_realm_list(); - if(ms) { - for (t = ms; t && *t; t = multi_string_next(t)) { - lr = SendMessage(d->hw_realm, - CB_FINDSTRINGEXACT, - (WPARAM) -1, - (LPARAM) t); - if (lr != CB_ERR) - continue; - - SendMessage(d->hw_realm, - CB_ADDSTRING, - 0, - (LPARAM) t); - } - } - _done_adding_all_realms: - - /* set the current selection of the realms list */ - if (defrealm) { - SendMessage(d->hw_realm, - CB_SELECTSTRING, - (WPARAM) -1, - (LPARAM) defrealm); - } else { - SendMessage(d->hw_realm, - CB_SETCURSEL, - (WPARAM) 0, - (LPARAM) 0); - } - - if (defrealm) - PFREE(defrealm); - - if (ms) - PFREE(ms); - - /* now see about that default identity */ - if (nc->ctx.identity) { - cb = sizeof(defident); - kcdb_identity_get_name(nc->ctx.identity, - defident, - &cb); - } - - if (defident[0] == L'\0' && - KHM_SUCCEEDED(kcdb_identity_get_default(&hident))) { - cb = sizeof(defident); - kcdb_identity_get_name(hident, defident, &cb); - kcdb_identity_release(hident); - } - - if (defident[0] == L'\0') { - DWORD dw; - - dw = ARRAYLENGTH(defident); - GetUserName(defident, &dw); - } - - t = khm_get_realm_from_princ(defident); - if (t) { - /* there is a realm */ - assert(t != defident); - *--t = L'\0'; - t++; - - SendMessage(d->hw_realm, - CB_SELECTSTRING, - (WPARAM) -1, - (LPARAM) t); - - SendMessage(d->hw_realm, - WM_SETTEXT, - 0, - (LPARAM) t); - } - - if (defident[0] != L'\0') { - /* there is a username */ - SendMessage(d->hw_username, - CB_SELECTSTRING, - (WPARAM) -1, - (LPARAM) defident); - - SendMessage(d->hw_username, - WM_SETTEXT, - 0, - (LPARAM) defident); - } - - set_identity_from_ui(nc, d); - } - return TRUE; - - case WMNC_IDENT_WMSG: - return handle_wnd_msg(nc, hwnd, uMsg, wParam, lParam); - - case WMNC_IDENT_PREPROCESS: - { -#ifdef DEBUG - assert(d != NULL); -#endif - if (d) { - set_identity_from_ui(nc, d); - } - } - return TRUE; - - case WMNC_IDENT_EXIT: - { -#ifdef DEBUG - assert(d != NULL); -#endif - khui_cw_lock_nc(nc); - nc->ident_aux = 0; - khui_cw_unlock_nc(nc); - - /* since we created all the windows as child windows of - the new creds window, they will be destroyed when that - window is destroyed. */ - PFREE(d); - } - return TRUE; - } - return FALSE; -} - -static khm_int32 -k5_ident_validate_name(khm_int32 msg_type, - khm_int32 msg_subtype, - khm_ui_4 uparam, - void * vparam) { - krb5_principal princ = NULL; - char princ_name[KCDB_IDENT_MAXCCH_NAME]; - kcdb_ident_name_xfer * nx; - krb5_error_code code; - wchar_t * atsign; - - nx = (kcdb_ident_name_xfer *) vparam; - - if(UnicodeStrToAnsi(princ_name, sizeof(princ_name), - nx->name_src) == 0) { - nx->result = KHM_ERROR_INVALID_NAME; - return KHM_ERROR_SUCCESS; - } - - assert(k5_identpro_ctx != NULL); - - code = pkrb5_parse_name(k5_identpro_ctx, - princ_name, - &princ); - - if (code) { - nx->result = KHM_ERROR_INVALID_NAME; - return KHM_ERROR_SUCCESS; - } - - if (princ != NULL) - pkrb5_free_principal(k5_identpro_ctx, - princ); - - /* krb5_parse_name() accepts principal names with no realm or an - empty realm. We don't. */ - atsign = wcschr(nx->name_src, L'@'); - if (atsign == NULL || atsign[1] == L'\0') { - nx->result = KHM_ERROR_INVALID_NAME; - } else { - nx->result = KHM_ERROR_SUCCESS; - } - - return KHM_ERROR_SUCCESS; -} - -static void -k5_update_last_default_identity(khm_handle ident) { - wchar_t idname[KCDB_IDENT_MAXCCH_NAME]; - khm_size cb; - - cb = sizeof(idname); - if (KHM_FAILED(kcdb_identity_get_name(ident, idname, &cb))) - return; - - assert(csp_params); - - khc_write_string(csp_params, L"LastDefaultIdent", idname); -} - -static khm_int32 -k5_ident_set_default_int(khm_handle def_ident) { - wchar_t id_ccname[KRB5_MAXCCH_CCNAME]; - khm_size cb; - DWORD dw; - LONG l; - HKEY hk_ccname; - DWORD dwType; - DWORD dwSize; - wchar_t reg_ccname[KRB5_MAXCCH_CCNAME]; - -#ifdef DEBUG - assert(def_ident != NULL); -#endif - - cb = sizeof(id_ccname); - if (KHM_FAILED(kcdb_identity_get_attr(def_ident, attr_id_krb5_ccname, NULL, - id_ccname, &cb))) { - _reportf(L"The specified identity does not have the Krb5CCName property"); - - cb = sizeof(id_ccname); - if (KHM_FAILED(khm_krb5_get_identity_default_ccache(def_ident, id_ccname, &cb))) { - return KHM_ERROR_INVALID_PARAM; - } - } - - _reportf(L"Found Krb5CCName property : %s", id_ccname); - - StringCbLength(id_ccname, sizeof(id_ccname), &cb); - cb += sizeof(wchar_t); - - _reportf(L"Setting default CC name in the registry"); - - l = RegOpenKeyEx(HKEY_CURRENT_USER, L"Software\\MIT\\kerberos5", 0, - KEY_READ | KEY_WRITE, &hk_ccname); - - if (l != ERROR_SUCCESS) - l = RegCreateKeyEx(HKEY_CURRENT_USER, L"Software\\MIT\\kerberos5", 0, - NULL, REG_OPTION_NON_VOLATILE, KEY_READ | KEY_WRITE, - NULL, &hk_ccname, &dw); - - if (l != ERROR_SUCCESS) { - _reportf(L"Can't create registry key : %d", l); - _end_task(); - return KHM_ERROR_UNKNOWN; - } - - dwSize = sizeof(reg_ccname); - - l = RegQueryValueEx(hk_ccname, L"ccname", NULL, &dwType, (LPBYTE) reg_ccname, - &dwSize); - - if (l != ERROR_SUCCESS || - dwType != REG_SZ || - khm_krb5_cc_name_cmp(reg_ccname, id_ccname)) { - - /* we have to write the new value in */ - - l = RegSetValueEx(hk_ccname, L"ccname", 0, REG_SZ, (BYTE *) id_ccname, - (DWORD) cb); - } - - RegCloseKey(hk_ccname); - - if (l == ERROR_SUCCESS) { - _reportf(L"Successfully set the default ccache"); - k5_update_last_default_identity(def_ident); - return KHM_ERROR_SUCCESS; - } else { - _reportf(L"Can't set the registry value : %d", l); - return KHM_ERROR_UNKNOWN; - } -} - -static khm_int32 -k5_ident_set_default(khm_int32 msg_type, - khm_int32 msg_subtype, - khm_ui_4 uparam, - void * vparam) { - - /* - Currently, setting the default identity simply sets the - "ccname" registry value at "Software\MIT\kerberos5". - */ - - if (uparam) { - /* an identity is being made default */ - khm_handle def_ident = (khm_handle) vparam; - khm_int32 rv; - -#ifdef DEBUG - assert(def_ident != NULL); -#endif - - { - wchar_t idname[KCDB_IDENT_MAXCCH_NAME]; - khm_size cb; - - cb = sizeof(idname); - kcdb_identity_get_name(def_ident, idname, &cb); - - _begin_task(0); - _report_cs1(KHERR_DEBUG_1, L"Setting default identity [%1!s!]", _cstr(idname)); - _describe(); - } - - rv = k5_ident_set_default_int(def_ident); - - _end_task(); - - return rv; - - } else { - /* the default identity is being forgotten */ - - /* we don't really do anything about this case */ - } - - return KHM_ERROR_SUCCESS; -} - -static khm_int32 -k5_ident_get_ui_cb(khm_int32 msg_type, - khm_int32 msg_subtype, - khm_ui_4 uparam, - void * vparam) { - khui_ident_new_creds_cb * cb; - - cb = (khui_ident_new_creds_cb *) vparam; - - *cb = ui_cb; - - return KHM_ERROR_SUCCESS; -} - -static khm_int32 -k5_ident_notify_create(khm_int32 msg_type, - khm_int32 msg_subtype, - khm_ui_4 uparam, - void * vparam) { - - /* a new identity has been created. What we want to do at - this point is to check if the identity belongs to krb5 - and to see if it is the default. */ - - krb5_ccache cc = NULL; - krb5_error_code code; - krb5_principal princ = NULL; - char * princ_nameA = NULL; - wchar_t princ_nameW[KCDB_IDENT_MAXCCH_NAME]; - wchar_t id_nameW[KCDB_IDENT_MAXCCH_NAME]; - khm_size cb; - khm_handle ident; - - /* if there is a default identity already, we assume we don't need - to check this one. */ - - khm_handle def_ident; - - if (KHM_SUCCEEDED(kcdb_identity_get_default(&def_ident))) { - kcdb_identity_release(def_ident); - - return KHM_ERROR_SUCCESS; - } - - ident = (khm_handle) vparam; - - assert(k5_identpro_ctx != NULL); - - code = pkrb5_cc_default(k5_identpro_ctx, &cc); - if (code) - goto _nc_cleanup; - - code = pkrb5_cc_get_principal(k5_identpro_ctx, - cc, - &princ); - if (code) - goto _nc_cleanup; - - code = pkrb5_unparse_name(k5_identpro_ctx, - princ, - &princ_nameA); - if (code) - goto _nc_cleanup; - - AnsiStrToUnicode(princ_nameW, - sizeof(princ_nameW), - princ_nameA); - - cb = sizeof(id_nameW); - - if (KHM_FAILED(kcdb_identity_get_name(ident, - id_nameW, - &cb))) - goto _nc_cleanup; - - if (!wcscmp(id_nameW, princ_nameW)) { - kcdb_identity_set_default_int(ident); - } - - _nc_cleanup: - if (princ_nameA) - pkrb5_free_unparsed_name(k5_identpro_ctx, - princ_nameA); - if (princ) - pkrb5_free_principal(k5_identpro_ctx, - princ); - if (cc) - pkrb5_cc_close(k5_identpro_ctx, cc); - - return KHM_ERROR_SUCCESS; -} - -struct k5_ident_update_data { - khm_handle identity; - - FILETIME ft_expire; /* expiration */ - FILETIME ft_issue; /* issue */ - FILETIME ft_rexpire; /* renew expiration */ - wchar_t ccname[KRB5_MAXCCH_CCNAME]; - khm_int32 k5_flags; -}; - -/* The logic here has to reflect the logic in khm_krb5_list_tickets(). - We use this to handle an identity update request because some other - plug-in or maybe NetIDMgr itself is about to do something - important(tm) with the identity and needs to make sure that the - properties of the identity are up-to-date. */ -static khm_int32 KHMAPI -k5_ident_update_apply_proc(khm_handle cred, - void * rock) { - struct k5_ident_update_data * d = (struct k5_ident_update_data *) rock; - khm_handle ident = NULL; - khm_int32 t; - khm_int32 flags; - FILETIME t_cexpire; - FILETIME t_rexpire; - khm_size cb; - khm_int32 rv = KHM_ERROR_SUCCESS; - - if (KHM_FAILED(kcdb_cred_get_type(cred, &t)) || - t != credtype_id_krb5 || - KHM_FAILED(kcdb_cred_get_identity(cred, &ident))) - - return KHM_ERROR_SUCCESS; - - if (!kcdb_identity_is_equal(ident,d->identity)) - - goto _cleanup; - - if (KHM_FAILED(kcdb_cred_get_flags(cred, &flags))) - - flags = 0; - - if (flags & KCDB_CRED_FLAG_INITIAL) { - cb = sizeof(t_cexpire); - if (KHM_SUCCEEDED(kcdb_cred_get_attr(cred, - KCDB_ATTR_EXPIRE, - NULL, - &t_cexpire, - &cb))) { - if ((d->ft_expire.dwLowDateTime == 0 && - d->ft_expire.dwHighDateTime == 0) || - CompareFileTime(&t_cexpire, &d->ft_expire) > 0) { - goto update_identity; - } - } - } - - goto _cleanup; - - update_identity: - - d->ft_expire = t_cexpire; - - cb = sizeof(d->ccname); - if (KHM_FAILED(kcdb_cred_get_attr(cred, KCDB_ATTR_LOCATION, NULL, d->ccname, &cb))) { - d->ccname[0] = L'\0'; - } - - cb = sizeof(d->k5_flags); - if (KHM_FAILED(kcdb_cred_get_attr(cred, attr_id_krb5_flags, NULL, - &d->k5_flags, &cb))) { - d->k5_flags = 0; - } - - cb = sizeof(d->ft_issue); - if (KHM_FAILED(kcdb_cred_get_attr(cred, KCDB_ATTR_ISSUE, NULL, &d->ft_issue, &cb))) { - ZeroMemory(&d->ft_issue, sizeof(d->ft_issue)); - } - - cb = sizeof(t_rexpire); - if ((d->k5_flags & TKT_FLG_RENEWABLE) && - KHM_SUCCEEDED(kcdb_cred_get_attr(cred, - KCDB_ATTR_RENEW_EXPIRE, - NULL, - &t_rexpire, - &cb))) { - d->ft_rexpire = t_rexpire; - } else { - ZeroMemory(&d->ft_rexpire, sizeof(d->ft_rexpire)); - } - - _cleanup: - if (ident) - kcdb_identity_release(ident); - - return rv; -} - -static khm_int32 -k5_ident_update(khm_int32 msg_type, - khm_int32 msg_subtype, - khm_ui_4 uparam, - void * vparam) { - -#if 0 - struct k5_ident_update_data d; -#endif - khm_handle ident; - khm_handle tident; - krb5_ccache cc = NULL; - char * ccname; - krb5_error_code code; - khm_size cb; - wchar_t wid_ccname[MAX_PATH]; - wchar_t w_ccname[MAX_PATH]; - - ident = (khm_handle) vparam; - if (ident == NULL) - return KHM_ERROR_SUCCESS; - -#if 0 - /* we are going to skip doing this here since - khm_krb5_list_tickets() performs this function for us each time - we enumerate tickets. Since it also gets run each time our - list of tickets changes and since we are basing this operation - on existing tickets, we are unlikely to find anything new - here. */ - ZeroMemory(&d, sizeof(d)); - d.identity = ident; - - kcdb_credset_apply(NULL, - k5_ident_update_apply_proc, - (void *) &d); - - if (d.ft_expire.dwLowDateTime != 0 || - d.ft_expire.dwHighDateTime != 0) { - - /* we found a TGT */ - - kcdb_identity_set_attr(ident, KCDB_ATTR_EXPIRE, - &d.ft_expire, sizeof(d.ft_expire)); - if (d.ft_issue.dwLowDateTime != 0 || - d.ft_issue.dwHighDateTime != 0) - kcdb_identity_set_attr(ident, KCDB_ATTR_ISSUE, - &d.ft_issue, sizeof(d.ft_issue)); - else - kcdb_identity_set_attr(ident, KCDB_ATTR_ISSUE, NULL, 0); - - if (d.ft_rexpire.dwLowDateTime != 0 || - d.ft_rexpire.dwHighDateTime != 0) - kcdb_identity_set_attr(ident, KCDB_ATTR_RENEW_EXPIRE, - &d.ft_rexpire, sizeof(d.ft_rexpire)); - else - kcdb_identity_set_attr(ident, KCDB_ATTR_RENEW_EXPIRE, NULL, 0); - - kcdb_identity_set_attr(ident, attr_id_krb5_flags, - &d.k5_flags, sizeof(d.k5_flags)); - - if (d.ccname[0]) - kcdb_identity_set_attr(ident, attr_id_krb5_ccname, - d.ccname, KCDB_CBSIZE_AUTO); - else - kcdb_identity_set_attr(ident, attr_id_krb5_ccname, NULL, 0); - - } else { - /* Clear out the attributes. We don't have any information - about this identity */ - kcdb_identity_set_attr(ident, KCDB_ATTR_EXPIRE, NULL, 0); - kcdb_identity_set_attr(ident, KCDB_ATTR_ISSUE, NULL, 0); - kcdb_identity_set_attr(ident, KCDB_ATTR_RENEW_EXPIRE, NULL, 0); - kcdb_identity_set_attr(ident, attr_id_krb5_flags, NULL, 0); - kcdb_identity_set_attr(ident, attr_id_krb5_ccname, NULL, 0); - } -#endif - - if (KHM_SUCCEEDED(kcdb_identity_get_default(&tident))) { - kcdb_identity_release(tident); - goto _iu_cleanup; - } - - cb = sizeof(wid_ccname); - if (KHM_FAILED(kcdb_identity_get_attr(ident, - attr_id_krb5_ccname, - NULL, - wid_ccname, - &cb))) - goto _iu_cleanup; - - if(k5_identpro_ctx == NULL) - goto _iu_cleanup; - - code = pkrb5_cc_default(k5_identpro_ctx, &cc); - if (code) - goto _iu_cleanup; - - ccname = pkrb5_cc_get_name(k5_identpro_ctx, cc); - if (ccname == NULL) - goto _iu_cleanup; - - AnsiStrToUnicode(w_ccname, sizeof(w_ccname), ccname); - - khm_krb5_canon_cc_name(w_ccname, sizeof(w_ccname)); - khm_krb5_canon_cc_name(wid_ccname, sizeof(wid_ccname)); - - if (!_wcsicmp(w_ccname, wid_ccname)) - kcdb_identity_set_default_int(ident); - - _iu_cleanup: - if (cc && k5_identpro_ctx) - pkrb5_cc_close(k5_identpro_ctx, cc); - - return KHM_ERROR_SUCCESS; -} - -static khm_boolean -k5_refresh_default_identity(krb5_context ctx) { - /* just like notify_create, except now we set the default identity - based on what we find in the configuration */ - krb5_ccache cc = NULL; - krb5_error_code code; - krb5_principal princ = NULL; - char * princ_nameA = NULL; - wchar_t princ_nameW[KCDB_IDENT_MAXCCH_NAME]; - char * ccname = NULL; - khm_handle ident = NULL; - khm_boolean found_default = FALSE; - - assert(ctx != NULL); - - _begin_task(0); - _report_cs0(KHERR_DEBUG_1, L"Refreshing default identity"); - _describe(); - - code = pkrb5_cc_default(ctx, &cc); - if (code) { - _reportf(L"Can't open default ccache. code=%d", code); - goto _nc_cleanup; - } - - code = pkrb5_cc_get_principal(ctx, cc, &princ); - if (code) { - /* try to determine the identity from the ccache name */ - ccname = pkrb5_cc_get_name(ctx, cc); - - if (ccname) { - char * namepart = strchr(ccname, ':'); - - _reportf(L"CC name is [%S]", ccname); - - if (namepart == NULL) - namepart = ccname; - else - namepart++; - - _reportf(L"Checking if [%S] is a valid identity name", namepart); - - AnsiStrToUnicode(princ_nameW, sizeof(princ_nameW), namepart); - if (kcdb_identity_is_valid_name(princ_nameW)) { - kcdb_identity_create(princ_nameW, KCDB_IDENT_FLAG_CREATE, &ident); - if (ident) { - _reportf(L"Setting [%S] as the default identity", namepart); - kcdb_identity_set_default_int(ident); - found_default = TRUE; - } - } - } else { - _reportf(L"Can't determine ccache name"); - } - - goto _nc_cleanup; - } - - code = pkrb5_unparse_name(ctx, princ, &princ_nameA); - if (code) - goto _nc_cleanup; - - AnsiStrToUnicode(princ_nameW, sizeof(princ_nameW), princ_nameA); - - _reportf(L"Found principal [%s]", princ_nameW); - - if (KHM_FAILED(kcdb_identity_create(princ_nameW, KCDB_IDENT_FLAG_CREATE, &ident))) { - _reportf(L"Failed to create identity"); - goto _nc_cleanup; - } - - _reportf(L"Setting default identity to [%s]", princ_nameW); - kcdb_identity_set_default_int(ident); - - found_default = TRUE; - - _nc_cleanup: - - _end_task(); - - if (princ_nameA) - pkrb5_free_unparsed_name(ctx, princ_nameA); - - if (princ) - pkrb5_free_principal(ctx, princ); - - if (cc) - pkrb5_cc_close(ctx, cc); - - if (ident) - kcdb_identity_release(ident); - - return found_default; -} - -static khm_int32 -k5_ident_init(khm_int32 msg_type, - khm_int32 msg_subtype, - khm_ui_4 uparam, - void * vparam) { - - khm_boolean found_default; - khm_handle ident; - - found_default = k5_refresh_default_identity(k5_identpro_ctx); - - if (!found_default) { - wchar_t widname[KCDB_IDENT_MAXCCH_NAME]; - khm_size cb; - - cb = sizeof(widname); - - assert(csp_params); - - if (KHM_SUCCEEDED(khc_read_string(csp_params, L"LastDefaultIdent", - widname, &cb))) { - ident = NULL; - kcdb_identity_create(widname, KCDB_IDENT_FLAG_CREATE, &ident); - if (ident) { - kcdb_identity_set_default_int(ident); - kcdb_identity_release(ident); - - found_default = TRUE; - } - } - } - - if (!found_default) { - - /* There was no default ccache and we don't have a - "LastDefaultIdent" value. Next we see if there are any - identities that have credentials which have a Krb5CCName - property (i.e. an identity that has a Kerberos 5 TGT), and - make it the default. - - Note that since the Krb5Ident plug-in has a dependency on - Krb5Cred, by the time this code runs, we already have a - listing of Kerberos 5 tickets and identities. */ - - wchar_t * idlist = NULL; - wchar_t * thisid; - khm_size cb = 0; - khm_size n_idents = 0; - khm_int32 rv; - wchar_t ccname[KRB5_MAXCCH_CCNAME]; - FILETIME ft_expire; - FILETIME ft_now; - FILETIME ft_threshold; - BOOL match_all = FALSE; - - rv = kcdb_identity_enum(0, 0, NULL, &cb, &n_idents); - - TimetToFileTimeInterval(5 * 60, &ft_threshold); - GetSystemTimeAsFileTime(&ft_now); - ft_now = FtAdd(&ft_now, &ft_threshold); - - while (rv == KHM_ERROR_TOO_LONG && n_idents > 0) { - if (idlist) { - PFREE(idlist); - idlist = NULL; - } - - idlist = PMALLOC(cb); - - if (idlist == NULL) - break; - - rv = kcdb_identity_enum(0, 0, idlist, &cb, &n_idents); - } - - if (KHM_SUCCEEDED(rv)) { - - /* first we try to find an identity that has a valid TGT. - If that fails, then we try to find an identity with - *any* TGT. */ - - try_again: - - for (thisid = idlist; - thisid && *thisid && !found_default; - thisid = multi_string_next(thisid)) { - - if (KHM_SUCCEEDED(kcdb_identity_create(thisid, 0, &ident))) { - khm_size cb_ft = sizeof(FILETIME); - cb = sizeof(ccname); - - if (KHM_SUCCEEDED(kcdb_identity_get_attr(ident, attr_id_krb5_ccname, - NULL, ccname, &cb)) && - (match_all || - (KHM_SUCCEEDED(kcdb_identity_get_attr(ident, KCDB_ATTR_EXPIRE, - NULL, &ft_expire, &cb_ft)) && - CompareFileTime(&ft_expire, &ft_now) > 0))) { - - /* found one */ - k5_ident_set_default_int(ident); - kcdb_identity_set_default_int(ident); - found_default = TRUE; - - } - - kcdb_identity_release(ident); - ident = NULL; - } - } - - if (!found_default && !match_all) { - match_all = TRUE; - goto try_again; - } - } - - if (idlist) { - PFREE(idlist); - idlist = NULL; - } - } - - return KHM_ERROR_SUCCESS; -} - -static khm_int32 -k5_ident_exit(khm_int32 msg_type, - khm_int32 msg_subtype, - khm_ui_4 uparam, - void * vparam) { - /* don't really do anything */ - return KHM_ERROR_SUCCESS; -} - -/* forward dcl */ -khm_int32 KHMAPI -k5_ident_name_comp_func(const void * dl, khm_size cb_dl, - const void * dr, khm_size cb_dr); - -static khm_int32 -k5_ident_compare_name(khm_int32 msg_type, - khm_int32 msg_subtype, - khm_ui_4 uparam, - void * vparam) { - kcdb_ident_name_xfer *px; - - px = (kcdb_ident_name_xfer *) vparam; - - /* note that k5_ident_name_comp_func() ignores the size - specifiers. So we can just pass in 0's. */ - px->result = k5_ident_name_comp_func(px->name_src, 0, - px->name_alt, 0); - - return KHM_ERROR_SUCCESS; -} - -#if 0 -/* copy and paste template for ident provider messages */ -static khm_int32 -k5_ident_(khm_int32 msg_type, - khm_int32 msg_subtype, - khm_ui_4 uparam, - void * vparam) { -} -#endif - -khm_int32 KHMAPI -k5_msg_ident(khm_int32 msg_type, - khm_int32 msg_subtype, - khm_ui_4 uparam, - void * vparam) -{ - switch(msg_subtype) { - case KMSG_IDENT_INIT: - return k5_ident_init(msg_type, - msg_subtype, - uparam, - vparam); - - case KMSG_IDENT_EXIT: - return k5_ident_exit(msg_type, - msg_subtype, - uparam, - vparam); - - case KMSG_IDENT_VALIDATE_NAME: - return k5_ident_validate_name(msg_type, - msg_subtype, - uparam, - vparam); - - case KMSG_IDENT_VALIDATE_IDENTITY: - /* TODO: handle KMSG_IDENT_VALIDATE_IDENTITY */ - break; - - case KMSG_IDENT_CANON_NAME: - /* TODO: handle KMSG_IDENT_CANON_NAME */ - break; - - case KMSG_IDENT_COMPARE_NAME: - return k5_ident_compare_name(msg_type, - msg_subtype, - uparam, - vparam); - - case KMSG_IDENT_SET_DEFAULT: - return k5_ident_set_default(msg_type, - msg_subtype, - uparam, - vparam); - - case KMSG_IDENT_SET_SEARCHABLE: - /* TODO: handle KMSG_IDENT_SET_SEARCHABLE */ - break; - - case KMSG_IDENT_GET_INFO: - /* TODO: handle KMSG_IDENT_GET_INFO */ - break; - - case KMSG_IDENT_UPDATE: - return k5_ident_update(msg_type, - msg_subtype, - uparam, - vparam); - - case KMSG_IDENT_ENUM_KNOWN: - /* TODO: handle KMSG_IDENT_ENUM_KNOWN */ - break; - - case KMSG_IDENT_GET_UI_CALLBACK: - return k5_ident_get_ui_cb(msg_type, - msg_subtype, - uparam, - vparam); - - case KMSG_IDENT_NOTIFY_CREATE: - return k5_ident_notify_create(msg_type, - msg_subtype, - uparam, - vparam); - } - - return KHM_ERROR_SUCCESS; -} - -/* note that we are ignoring the size specifiers. We can do that - because we are guaranteed that dl and dr point to NULL terminated - unicode strings when used with credential data buffers. We also - use the fact that we are ignoring the size specifiers when we call - this function from k5_ident_compare_name() to avoid calculating the - length of the string. */ -khm_int32 KHMAPI -k5_ident_name_comp_func(const void * dl, khm_size cb_dl, - const void * dr, khm_size cb_dr) { - wchar_t * idl = (wchar_t *) dl; - wchar_t * idr = (wchar_t *) dr; - wchar_t * rl; - wchar_t * rr; - khm_int32 r; - - rl = khm_get_realm_from_princ(idl); - rr = khm_get_realm_from_princ(idr); - - if (rl == NULL && rr == NULL) - return wcscmp(idl, idr); - else if (rl == NULL) - return 1; - else if (rr == NULL) - return -1; - - r = wcscmp(rl, rr); - if (r == 0) - return wcscmp(idl, idr); - else - return r; -} - - -/* Identity change notification thread */ - -HANDLE h_ccname_exit_event; -HANDLE h_ccname_thread; - -DWORD WINAPI k5_ccname_monitor_thread(LPVOID lpParameter) { - - HKEY hk_ccname; - HANDLE h_notify; - HANDLE h_waits[2]; - - khm_int32 rv = KHM_ERROR_SUCCESS; - DWORD dwType; - DWORD dwSize; - DWORD dwDisp; - wchar_t reg_ccname[KRB5_MAXCCH_CCNAME]; - LONG l; - - PDESCTHREAD(L"Krb5 CCName Monitor", L"Krb5"); - - l = RegOpenKeyEx(HKEY_CURRENT_USER, - L"Software\\MIT\\kerberos5", - 0, - KEY_READ | KEY_WRITE, - &hk_ccname); - - if (l != ERROR_SUCCESS) - l = RegCreateKeyEx(HKEY_CURRENT_USER, - L"Software\\MIT\\kerberos5", - 0, - NULL, - REG_OPTION_NON_VOLATILE, - KEY_READ | KEY_WRITE, - NULL, - &hk_ccname, - &dwDisp); - - if (l != ERROR_SUCCESS) { - rv = KHM_ERROR_UNKNOWN; - goto _exit; - } - - dwSize = sizeof(reg_ccname); - - l = RegQueryValueEx(hk_ccname, - L"ccname", - NULL, - &dwType, - (LPBYTE) reg_ccname, - &dwSize); - - if (l != ERROR_SUCCESS || - dwType != REG_SZ) { - - reg_ccname[0] = L'\0'; - } - - h_notify = CreateEvent(NULL, FALSE, FALSE, L"Local\\Krb5CCNameChangeNotifier"); - - if (h_notify == NULL) - goto _exit_0; - - /* begin wait loop */ - - h_waits[0] = h_ccname_exit_event; - h_waits[1] = h_notify; - - do { - DWORD dwrv; - - l = RegNotifyChangeKeyValue(hk_ccname, FALSE, - REG_NOTIFY_CHANGE_LAST_SET, - h_notify, TRUE); - - if (l != ERROR_SUCCESS) { - rv = KHM_ERROR_UNKNOWN; - break; - } - - dwrv = WaitForMultipleObjects(2, h_waits, FALSE, INFINITE); - - if (dwrv == WAIT_OBJECT_0) { - /* exit! */ - break; - - } else if (dwrv == WAIT_OBJECT_0 + 1) { - /* change notify! */ - wchar_t new_ccname[KRB5_MAXCCH_CCNAME]; - - dwSize = sizeof(new_ccname); - - l = RegQueryValueEx(hk_ccname, - L"ccname", - NULL, - &dwType, - (LPBYTE) new_ccname, - &dwSize); - - if (l != ERROR_SUCCESS || - dwType != REG_SZ) { - new_ccname[0] = L'\0'; - } - - if (_wcsicmp(new_ccname, reg_ccname)) { - krb5_context ctx = NULL; - - l = pkrb5_init_context(&ctx); - if (l == 0 && ctx != NULL) { - k5_refresh_default_identity(ctx); - StringCbCopy(reg_ccname, sizeof(reg_ccname), new_ccname); - } - - if (ctx) - pkrb5_free_context(ctx); - } - - } else { - /* something went wrong */ - rv = KHM_ERROR_UNKNOWN; - break; - } - - } while (TRUE); - - CloseHandle(h_notify); - - _exit_0: - - RegCloseKey(hk_ccname); - - _exit: - ExitThread(rv); -} - -khm_int32 -k5_msg_system_idpro(khm_int32 msg_type, khm_int32 msg_subtype, - khm_ui_4 uparam, void * vparam) { - - switch(msg_subtype) { - case KMSG_SYSTEM_INIT: - { - - pkrb5_init_context(&k5_identpro_ctx); - kcdb_identity_set_type(credtype_id_krb5); - - if (KHM_FAILED(kcdb_type_get_id(TYPENAME_KRB5_PRINC, - &type_id_krb5_princ))) { - kcdb_type dt; - kcdb_type * pstr; - - kcdb_type_get_info(KCDB_TYPE_STRING, &pstr); - - ZeroMemory(&dt, sizeof(dt)); - dt.name = TYPENAME_KRB5_PRINC; - dt.id = KCDB_TYPE_INVALID; - dt.flags = KCDB_TYPE_FLAG_CB_AUTO; - dt.cb_min = pstr->cb_min; - dt.cb_max = pstr->cb_max; - dt.toString = pstr->toString; - dt.isValid = pstr->isValid; - dt.comp = k5_ident_name_comp_func; - dt.dup = pstr->dup; - - kcdb_type_register(&dt, &type_id_krb5_princ); - - type_regd_krb5_princ = TRUE; - - kcdb_type_release_info(pstr); - } - - if (type_id_krb5_princ != -1) { - kcdb_attrib * attr; - - kcdb_attrib_get_info(KCDB_ATTR_ID_NAME, &attr); - - attr->type = type_id_krb5_princ; - - kcdb_attrib_release_info(attr); - } - - h_ccname_exit_event = CreateEvent(NULL, FALSE, FALSE, NULL); - if (h_ccname_exit_event) { - h_ccname_thread = CreateThread(NULL, - 200 * 1024, - k5_ccname_monitor_thread, - NULL, - 0, - NULL); - } else { - h_ccname_thread = NULL; - } - } - break; - - case KMSG_SYSTEM_EXIT: - { - - if (h_ccname_thread) { - SetEvent(h_ccname_exit_event); - WaitForSingleObject(h_ccname_thread, INFINITE); - CloseHandle(h_ccname_thread); - CloseHandle(h_ccname_exit_event); - - h_ccname_exit_event = NULL; - h_ccname_thread = NULL; - } - - if (k5_identpro_ctx) { - pkrb5_free_context(k5_identpro_ctx); - k5_identpro_ctx = NULL; - } - - if (type_id_krb5_princ != -1) { - kcdb_attrib * attr; - - kcdb_attrib_get_info(KCDB_ATTR_ID_NAME, &attr); - - attr->type = KCDB_TYPE_STRING; - - kcdb_attrib_release_info(attr); - } - - /* allow a brief moment for any stale references to die */ - Sleep(100); - - if (type_regd_krb5_princ) { - kcdb_type_unregister(type_id_krb5_princ); - } - } - break; - } - - return KHM_ERROR_SUCCESS; -} - -khm_int32 KHMAPI -k5_ident_callback(khm_int32 msg_type, khm_int32 msg_subtype, - khm_ui_4 uparam, void * vparam) { - switch(msg_type) { - case KMSG_SYSTEM: - return k5_msg_system_idpro(msg_type, msg_subtype, uparam, vparam); - - case KMSG_IDENT: - return k5_msg_ident(msg_type, msg_subtype, uparam, vparam); - } - - return KHM_ERROR_SUCCESS; -} diff --git a/src/windows/identity/plugins/krb5/krb5main.c b/src/windows/identity/plugins/krb5/krb5main.c deleted file mode 100644 index fc64e27f3..000000000 --- a/src/windows/identity/plugins/krb5/krb5main.c +++ /dev/null @@ -1,497 +0,0 @@ -/* - * Copyright (c) 2005 Massachusetts Institute of Technology - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -/* $Id$ */ - -#include<krbcred.h> -#include<kherror.h> - -kmm_module h_khModule; /* KMM's handle to this module */ -HINSTANCE hInstance; -HMODULE hResModule; /* HMODULE to the resource library */ -const wchar_t * k5_facility = L"Krb5Cred"; - -khm_int32 type_id_enctype = -1; -khm_int32 type_id_addr_list = -1; -khm_int32 type_id_krb5_flags = -1; -khm_int32 type_id_krb5_princ = -1; -khm_int32 type_id_kvno = -1; - -BOOL type_regd_enctype = FALSE; -BOOL type_regd_addr_list = FALSE; -BOOL type_regd_krb5_flags = FALSE; -BOOL type_regd_krb5_princ = FALSE; -BOOL type_regd_kvno = FALSE; - -khm_int32 attr_id_key_enctype = -1; -khm_int32 attr_id_tkt_enctype = -1; -khm_int32 attr_id_addr_list = -1; -khm_int32 attr_id_krb5_flags = -1; -khm_int32 attr_id_krb5_ccname = -1; -khm_int32 attr_id_kvno = -1; -khm_int32 attr_id_krb5_idflags = -1; - -BOOL attr_regd_key_enctype = FALSE; -BOOL attr_regd_tkt_enctype = FALSE; -BOOL attr_regd_addr_list = FALSE; -BOOL attr_regd_krb5_flags = FALSE; -BOOL attr_regd_krb5_ccname = FALSE; -BOOL attr_regd_kvno = FALSE; -BOOL attr_regd_krb5_idflags = FALSE; - -khm_handle csp_plugins = NULL; -khm_handle csp_krbcred = NULL; -khm_handle csp_params = NULL; - -BOOL is_k5_identpro = TRUE; - -khm_ui_4 k5_commctl_version; - -kmm_module_locale locales[] = { - LOCALE_DEF(MAKELANGID(LANG_ENGLISH,SUBLANG_ENGLISH_US), L"krb5cred_en_us.dll", KMM_MLOC_FLAG_DEFAULT) -}; -int n_locales = ARRAYLENGTH(locales); - -/* These two should not do anything */ -void init_krb() { -} - -void exit_krb() { -} - -/* called by the NetIDMgr module manager */ -KHMEXP_EXP khm_int32 KHMAPI init_module(kmm_module h_module) { - khm_int32 rv = KHM_ERROR_SUCCESS; - kmm_plugin_reg pi; - wchar_t buf[256]; - - h_khModule = h_module; - - rv = kmm_set_locale_info(h_module, locales, n_locales); - if(KHM_SUCCEEDED(rv)) { - hResModule = kmm_get_resource_hmodule(h_module); - } else - goto _exit; - - k5_commctl_version = khm_get_commctl_version(NULL); - - /* register the plugin */ - ZeroMemory(&pi, sizeof(pi)); - pi.name = KRB5_PLUGIN_NAME; - pi.type = KHM_PITYPE_CRED; - pi.icon = LoadImage(hResModule, MAKEINTRESOURCE(IDI_PLUGIN), - IMAGE_ICON, 0, 0, LR_DEFAULTCOLOR | LR_DEFAULTSIZE); - pi.flags = 0; - pi.msg_proc = k5_msg_callback; - pi.description = buf; - pi.dependencies = NULL; - LoadString(hResModule, IDS_PLUGIN_DESC, - buf, ARRAYLENGTH(buf)); - kmm_provide_plugin(h_module, &pi); - - ZeroMemory(&pi, sizeof(pi)); - pi.name = KRB5_IDENTPRO_NAME; - pi.type = KHM_PITYPE_IDENT; - pi.icon = LoadImage(hResModule, MAKEINTRESOURCE(IDI_PLUGIN), - IMAGE_ICON, 0, 0, LR_DEFAULTCOLOR | LR_DEFAULTSIZE); - pi.flags = 0; - pi.msg_proc = k5_ident_callback; - pi.description = buf; - pi.dependencies = KRB5_PLUGIN_NAME L"\0"; - LoadString(hResModule, IDS_IDENTPRO_DESC, - buf, ARRAYLENGTH(buf)); - kmm_provide_plugin(h_module, &pi); - - if(KHM_FAILED(rv = init_imports())) - goto _exit; - - if(KHM_FAILED(rv = init_error_funcs())) - goto _exit; - - /* Register common data types */ - if(KHM_FAILED(kcdb_type_get_id(TYPENAME_ENCTYPE, &type_id_enctype))) { - kcdb_type type; - kcdb_type *t32; - - kcdb_type_get_info(KCDB_TYPE_INT32, &t32); - - type.id = KCDB_TYPE_INVALID; - type.name = TYPENAME_ENCTYPE; - type.flags = KCDB_TYPE_FLAG_CB_FIXED; - type.cb_max = t32->cb_max; - type.cb_min = t32->cb_min; - type.isValid = t32->isValid; - type.comp = t32->comp; - type.dup = t32->dup; - type.toString = enctype_toString; - - rv = kcdb_type_register(&type, &type_id_enctype); - kcdb_type_release_info(t32); - - if(KHM_FAILED(rv)) - goto _exit; - type_regd_enctype = TRUE; - } - - if(KHM_FAILED(kcdb_type_get_id(TYPENAME_ADDR_LIST, &type_id_addr_list))) { - kcdb_type type; - kcdb_type *tdata; - - kcdb_type_get_info(KCDB_TYPE_DATA, &tdata); - - type.id = KCDB_TYPE_INVALID; - type.name = TYPENAME_ADDR_LIST; - type.flags = KCDB_TYPE_FLAG_CB_MIN; - type.cb_min = 0; - type.cb_max = 0; - type.isValid = tdata->isValid; - type.comp = addr_list_comp; - type.dup = tdata->dup; - type.toString = addr_list_toString; - - rv = kcdb_type_register(&type, &type_id_addr_list); - kcdb_type_release_info(tdata); - - if(KHM_FAILED(rv)) - goto _exit; - type_regd_addr_list = TRUE; - } - - if(KHM_FAILED(kcdb_type_get_id(TYPENAME_KRB5_FLAGS, &type_id_krb5_flags))) { - kcdb_type type; - kcdb_type *t32; - - kcdb_type_get_info(KCDB_TYPE_INT32, &t32); - - type.id = KCDB_TYPE_INVALID; - type.name = TYPENAME_KRB5_FLAGS; - type.flags = KCDB_TYPE_FLAG_CB_FIXED; - type.cb_max = t32->cb_max; - type.cb_min = t32->cb_min; - type.isValid = t32->isValid; - type.comp = t32->comp; - type.dup = t32->dup; - type.toString = krb5flags_toString; - - rv = kcdb_type_register(&type, &type_id_krb5_flags); - kcdb_type_release_info(t32); - - if(KHM_FAILED(rv)) - goto _exit; - type_regd_krb5_flags = TRUE; - } - - if (KHM_FAILED(kcdb_type_get_id(TYPENAME_KVNO, &type_id_kvno))) { - kcdb_type type; - kcdb_type *t32; - - kcdb_type_get_info(KCDB_TYPE_INT32, &t32); - - type.id = KCDB_TYPE_INVALID; - type.name = TYPENAME_KVNO; - type.flags = KCDB_TYPE_FLAG_CB_FIXED; - type.cb_max = t32->cb_max; - type.cb_min = t32->cb_min; - type.isValid = t32->isValid; - type.comp = t32->comp; - type.dup = t32->dup; - type.toString = kvno_toString; - - rv = kcdb_type_register(&type, &type_id_kvno); - kcdb_type_release_info(t32); - - if (KHM_FAILED(rv)) - goto _exit; - - type_regd_kvno = TRUE; - } - - /* Register common attributes */ - if(KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_KEY_ENCTYPE, &attr_id_key_enctype))) { - kcdb_attrib attrib; - wchar_t sbuf[KCDB_MAXCCH_SHORT_DESC]; - wchar_t lbuf[KCDB_MAXCCH_SHORT_DESC]; - /* although we are loading a long descriptoin, it still fits - in the short descriptoin buffer */ - - ZeroMemory(&attrib, sizeof(attrib)); - - attrib.name = ATTRNAME_KEY_ENCTYPE; - attrib.id = KCDB_ATTR_INVALID; - attrib.type = type_id_enctype; - attrib.flags = KCDB_ATTR_FLAG_TRANSIENT; - LoadString(hResModule, IDS_KEY_ENCTYPE_SHORT_DESC, sbuf, ARRAYLENGTH(sbuf)); - LoadString(hResModule, IDS_KEY_ENCTYPE_LONG_DESC, lbuf, ARRAYLENGTH(lbuf)); - attrib.short_desc = sbuf; - attrib.long_desc = lbuf; - - rv = kcdb_attrib_register(&attrib, &attr_id_key_enctype); - - if(KHM_FAILED(rv)) - goto _exit; - - attr_regd_key_enctype = TRUE; - } - - if(KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_TKT_ENCTYPE, &attr_id_tkt_enctype))) { - kcdb_attrib attrib; - wchar_t sbuf[KCDB_MAXCCH_SHORT_DESC]; - wchar_t lbuf[KCDB_MAXCCH_SHORT_DESC]; - /* although we are loading a long descriptoin, it still fits - in the short descriptoin buffer */ - - ZeroMemory(&attrib, sizeof(attrib)); - - attrib.name = ATTRNAME_TKT_ENCTYPE; - attrib.id = KCDB_ATTR_INVALID; - attrib.type = type_id_enctype; - attrib.flags = KCDB_ATTR_FLAG_TRANSIENT; - LoadString(hResModule, IDS_TKT_ENCTYPE_SHORT_DESC, sbuf, ARRAYLENGTH(sbuf)); - LoadString(hResModule, IDS_TKT_ENCTYPE_LONG_DESC, lbuf, ARRAYLENGTH(lbuf)); - attrib.short_desc = sbuf; - attrib.long_desc = lbuf; - - rv = kcdb_attrib_register(&attrib, &attr_id_tkt_enctype); - - if(KHM_FAILED(rv)) - goto _exit; - - attr_regd_tkt_enctype = TRUE; - } - - if(KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_ADDR_LIST, &attr_id_addr_list))) { - kcdb_attrib attrib; - wchar_t sbuf[KCDB_MAXCCH_SHORT_DESC]; - wchar_t lbuf[KCDB_MAXCCH_SHORT_DESC]; - /* although we are loading a long descriptoin, it still fits - in the short descriptoin buffer */ - - ZeroMemory(&attrib, sizeof(attrib)); - - attrib.name = ATTRNAME_ADDR_LIST; - attrib.id = KCDB_ATTR_INVALID; - attrib.type = type_id_addr_list; - attrib.flags = KCDB_ATTR_FLAG_TRANSIENT; - LoadString(hResModule, IDS_ADDR_LIST_SHORT_DESC, sbuf, ARRAYLENGTH(sbuf)); - LoadString(hResModule, IDS_ADDR_LIST_LONG_DESC, lbuf, ARRAYLENGTH(lbuf)); - attrib.short_desc = sbuf; - attrib.long_desc = lbuf; - - rv = kcdb_attrib_register(&attrib, &attr_id_addr_list); - - if(KHM_FAILED(rv)) - goto _exit; - - attr_regd_addr_list = TRUE; - } - - if(KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_KRB5_FLAGS, &attr_id_krb5_flags))) { - kcdb_attrib attrib; - wchar_t sbuf[KCDB_MAXCCH_SHORT_DESC]; - - /* although we are loading a long descriptoin, it still fits - in the short descriptoin buffer */ - - ZeroMemory(&attrib, sizeof(attrib)); - - attrib.name = ATTRNAME_KRB5_FLAGS; - attrib.id = KCDB_ATTR_INVALID; - attrib.type = type_id_krb5_flags; - attrib.flags = KCDB_ATTR_FLAG_TRANSIENT; - LoadString(hResModule, IDS_KRB5_FLAGS_SHORT_DESC, sbuf, ARRAYLENGTH(sbuf)); - attrib.short_desc = sbuf; - attrib.long_desc = NULL; - - rv = kcdb_attrib_register(&attrib, &attr_id_krb5_flags); - - if(KHM_FAILED(rv)) - goto _exit; - - attr_regd_krb5_flags = TRUE; - } - - if(KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_KRB5_CCNAME, &attr_id_krb5_ccname))) { - kcdb_attrib attrib; - wchar_t sbuf[KCDB_MAXCCH_SHORT_DESC]; - wchar_t lbuf[KCDB_MAXCCH_SHORT_DESC]; - /* although we are loading a long descriptoin, it still fits - in the short descriptoin buffer */ - - ZeroMemory(&attrib, sizeof(attrib)); - - attrib.name = ATTRNAME_KRB5_CCNAME; - attrib.id = KCDB_ATTR_INVALID; - attrib.type = KCDB_TYPE_STRING; - attrib.flags = - KCDB_ATTR_FLAG_PROPERTY | - KCDB_ATTR_FLAG_TRANSIENT; - LoadString(hResModule, IDS_KRB5_CCNAME_SHORT_DESC, sbuf, ARRAYLENGTH(sbuf)); - LoadString(hResModule, IDS_KRB5_CCNAME_LONG_DESC, lbuf, ARRAYLENGTH(lbuf)); - attrib.short_desc = sbuf; - attrib.long_desc = lbuf; - - rv = kcdb_attrib_register(&attrib, &attr_id_krb5_ccname); - - if(KHM_FAILED(rv)) - goto _exit; - - attr_regd_krb5_ccname = TRUE; - } - - if (KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_KVNO, &attr_id_kvno))) { - kcdb_attrib attrib; - wchar_t sbuf[KCDB_MAXCCH_SHORT_DESC]; - wchar_t lbuf[KCDB_MAXCCH_LONG_DESC]; - /* although we are loading a long description, it still fits - in the short description buffer */ - - ZeroMemory(&attrib, sizeof(attrib)); - - attrib.name = ATTRNAME_KVNO; - attrib.id = KCDB_ATTR_INVALID; - attrib.type = type_id_kvno; - attrib.flags = KCDB_ATTR_FLAG_TRANSIENT; - LoadString(hResModule, IDS_KVNO_SHORT_DESC, sbuf, ARRAYLENGTH(sbuf)); - LoadString(hResModule, IDS_KVNO_LONG_DESC, lbuf, ARRAYLENGTH(lbuf)); - attrib.short_desc = sbuf; - attrib.long_desc = lbuf; - - rv = kcdb_attrib_register(&attrib, &attr_id_kvno); - - if (KHM_FAILED(rv)) - goto _exit; - - attr_regd_kvno = TRUE; - } - - if (KHM_FAILED(kcdb_attrib_get_id(ATTRNAME_KRB5_IDFLAGS, &attr_id_krb5_idflags))) { - kcdb_attrib attrib; - - ZeroMemory(&attrib, sizeof(attrib)); - - attrib.name = ATTRNAME_KRB5_IDFLAGS; - attrib.id = KCDB_ATTR_INVALID; - attrib.type = KCDB_TYPE_INT32; - attrib.flags = KCDB_ATTR_FLAG_PROPERTY | - KCDB_ATTR_FLAG_HIDDEN; - /* we don't bother localizing these strings since the - attribute is hidden. The user will not see these - descriptions anyway. */ - attrib.short_desc = L"Krb5 ID flags"; - attrib.long_desc = L"Kerberos 5 Identity Flags"; - - rv = kcdb_attrib_register(&attrib, &attr_id_krb5_idflags); - - if (KHM_FAILED(rv)) - goto _exit; - - attr_regd_krb5_idflags = TRUE; - } - - rv = kmm_get_plugins_config(0, &csp_plugins); - if(KHM_FAILED(rv)) goto _exit; - - rv = khc_load_schema(csp_plugins, schema_krbconfig); - if(KHM_FAILED(rv)) goto _exit; - - rv = khc_open_space(csp_plugins, CSNAME_KRB5CRED, 0, &csp_krbcred); - if(KHM_FAILED(rv)) goto _exit; - - rv = khc_open_space(csp_krbcred, CSNAME_PARAMS, 0, &csp_params); - if(KHM_FAILED(rv)) goto _exit; - -_exit: - return rv; -} - -/* called by the NetIDMgr module manager */ -KHMEXP_EXP khm_int32 KHMAPI exit_module(kmm_module h_module) { - exit_imports(); - exit_error_funcs(); - - if(attr_regd_key_enctype) - kcdb_attrib_unregister(attr_id_key_enctype); - if(attr_regd_tkt_enctype) - kcdb_attrib_unregister(attr_id_tkt_enctype); - if(attr_regd_addr_list) - kcdb_attrib_unregister(attr_id_addr_list); - if(attr_regd_krb5_flags) - kcdb_attrib_unregister(attr_id_krb5_flags); - if(attr_regd_krb5_ccname) - kcdb_attrib_unregister(attr_id_krb5_ccname); - if(attr_regd_kvno) - kcdb_attrib_unregister(attr_id_kvno); - if(attr_regd_krb5_idflags) - kcdb_attrib_unregister(attr_id_krb5_idflags); - - if(type_regd_enctype) - kcdb_type_unregister(type_id_enctype); - if(type_regd_addr_list) - kcdb_type_unregister(type_id_addr_list); - if(type_regd_krb5_flags) - kcdb_type_unregister(type_id_krb5_flags); - if(type_regd_kvno) - kcdb_type_unregister(type_id_kvno); - - if(csp_params) { - khc_close_space(csp_params); - csp_params = NULL; - } - - if(csp_krbcred) { - khc_close_space(csp_krbcred); - csp_krbcred = NULL; - } - - if(csp_plugins) { - khc_unload_schema(csp_plugins, schema_krbconfig); - khc_close_space(csp_plugins); - csp_plugins = NULL; - } - - return KHM_ERROR_SUCCESS; /* the return code is ignored */ -} - -BOOL WINAPI DllMain( - HINSTANCE hinstDLL, - DWORD fdwReason, - LPVOID lpvReserved -) -{ - switch(fdwReason) { - case DLL_PROCESS_ATTACH: - hInstance = hinstDLL; - init_krb(); - break; - case DLL_PROCESS_DETACH: - exit_krb(); - break; - case DLL_THREAD_ATTACH: - break; - case DLL_THREAD_DETACH: - break; - } - - return TRUE; -} diff --git a/src/windows/identity/plugins/krb5/krb5newcreds.c b/src/windows/identity/plugins/krb5/krb5newcreds.c deleted file mode 100644 index 7f2b93198..000000000 --- a/src/windows/identity/plugins/krb5/krb5newcreds.c +++ /dev/null @@ -1,2925 +0,0 @@ -/* - * Copyright (c) 2006, 2007 Secure Endpoints Inc. - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -/* $Id$ */ - -#include<krbcred.h> -#include<kherror.h> -#include<khmsgtypes.h> -#include<strsafe.h> -#include<krb5.h> - -#include<commctrl.h> - -#include<assert.h> - -extern LPVOID k5_main_fiber; -extern LPVOID k5_kinit_fiber; - -typedef struct k5_dlg_data_t { - khui_new_creds * nc; - - khui_tracker tc_lifetime; - khui_tracker tc_renew; - - BOOL dirty; /* is the data in sync with the - configuration store? */ - BOOL sync; /* is the data in sync with the kinit - request? */ - DWORD renewable; - DWORD forwardable; - DWORD proxiable; - DWORD addressless; - DWORD publicIP; - - wchar_t * cred_message; /* overrides the credential text, if - non-NULL */ - BOOL pwd_change; /* force a password change */ -} k5_dlg_data; - - -INT_PTR -k5_handle_wm_initdialog(HWND hwnd, - WPARAM wParam, - LPARAM lParam) -{ - HWND hw; - k5_dlg_data * d; - khui_new_creds_by_type * nct; - - d = PMALLOC(sizeof(*d)); - ZeroMemory(d, sizeof(*d)); - /* lParam is a pointer to a khui_new_creds structure */ - d->nc = (khui_new_creds *) lParam; - khui_cw_find_type(d->nc, credtype_id_krb5, &nct); - -#pragma warning(push) -#pragma warning(disable: 4244) - SetWindowLongPtr(hwnd, DWLP_USER, (LPARAM) d); -#pragma warning(pop) - - nct->aux = (LPARAM) d; - - if (d->nc->subtype == KMSG_CRED_NEW_CREDS) { - khui_tracker_initialize(&d->tc_lifetime); - khui_tracker_initialize(&d->tc_renew); - - hw = GetDlgItem(hwnd, IDC_NCK5_LIFETIME_EDIT); - khui_tracker_install(hw, &d->tc_lifetime); - - hw = GetDlgItem(hwnd, IDC_NCK5_RENEW_EDIT); - khui_tracker_install(hw, &d->tc_renew); - } - return TRUE; -} - -INT_PTR -k5_handle_wm_destroy(HWND hwnd, - WPARAM wParam, - LPARAM lParam) -{ - k5_dlg_data * d; - khui_new_creds_by_type * nct = NULL; - - d = (k5_dlg_data *) (LONG_PTR) - GetWindowLongPtr(hwnd, DWLP_USER); - - if (!d) - return TRUE; - - khui_cw_find_type(d->nc, credtype_id_krb5, &nct); - -#ifdef DEBUG - assert(nct); -#endif - - nct->aux = 0; - - if (d->nc->subtype == KMSG_CRED_NEW_CREDS) { - khui_tracker_kill_controls(&d->tc_renew); - khui_tracker_kill_controls(&d->tc_lifetime); - } - - PFREE(d); - SetWindowLongPtr(hwnd, DWLP_USER, 0); - - return TRUE; -} - -LRESULT -k5_force_password_change(k5_dlg_data * d) { - /* we are turning this dialog into a change password dialog... */ - wchar_t wbuf[KHUI_MAXCCH_BANNER]; - - khui_cw_clear_prompts(d->nc); - - LoadString(hResModule, IDS_NC_PWD_BANNER, - wbuf, ARRAYLENGTH(wbuf)); - khui_cw_begin_custom_prompts(d->nc, 3, NULL, wbuf); - - LoadString(hResModule, IDS_NC_PWD_PWD, - wbuf, ARRAYLENGTH(wbuf)); - khui_cw_add_prompt(d->nc, KHUI_NCPROMPT_TYPE_PASSWORD, - wbuf, NULL, KHUI_NCPROMPT_FLAG_HIDDEN); - - LoadString(hResModule, IDS_NC_PWD_NPWD, - wbuf, ARRAYLENGTH(wbuf)); - khui_cw_add_prompt(d->nc, KHUI_NCPROMPT_TYPE_NEW_PASSWORD, - wbuf, NULL, KHUI_NCPROMPT_FLAG_HIDDEN); - - LoadString(hResModule, IDS_NC_PWD_NPWD_AGAIN, - wbuf, ARRAYLENGTH(wbuf)); - khui_cw_add_prompt(d->nc, KHUI_NCPROMPT_TYPE_NEW_PASSWORD_AGAIN, - wbuf, NULL, KHUI_NCPROMPT_FLAG_HIDDEN); - - d->pwd_change = TRUE; - - if (is_k5_identpro && - d->nc->n_identities > 0 && - d->nc->identities[0]) { - - kcdb_identity_set_flags(d->nc->identities[0], - KCDB_IDENT_FLAG_VALID, - KCDB_IDENT_FLAG_VALID); - - } - - PostMessage(d->nc->hwnd, KHUI_WM_NC_NOTIFY, - MAKEWPARAM(0, WMNC_UPDATE_CREDTEXT), - (LPARAM) d->nc); - - return TRUE; -} - -INT_PTR -k5_handle_wmnc_notify(HWND hwnd, - WPARAM wParam, - LPARAM lParam) -{ - switch(HIWORD(wParam)) { - case WMNC_DIALOG_MOVE: - { - k5_dlg_data * d; - - d = (k5_dlg_data *)(LONG_PTR) - GetWindowLongPtr(hwnd, DWLP_USER); - - if (d == NULL) - return TRUE; - - if (d->nc->subtype == KMSG_CRED_NEW_CREDS) { - khui_tracker_reposition(&d->tc_lifetime); - khui_tracker_reposition(&d->tc_renew); - } - - return TRUE; - } - break; - - case WMNC_DIALOG_SETUP: - { - k5_dlg_data * d; - BOOL old_sync; - - d = (k5_dlg_data *)(LONG_PTR) - GetWindowLongPtr(hwnd, DWLP_USER); - - if (d == NULL) - return TRUE; - - if (d->nc->subtype == KMSG_CRED_PASSWORD) - return TRUE; - - /* we save the value of the 'sync' field here because some - of the notifications that are generated while setting - the controls overwrite the field. */ - old_sync = d->sync; - - /* need to update the controls with d->* */ - SendDlgItemMessage(hwnd, IDC_NCK5_RENEWABLE, - BM_SETCHECK, - (d->renewable? BST_CHECKED : BST_UNCHECKED), - 0); - EnableWindow(GetDlgItem(hwnd, IDC_NCK5_RENEW_EDIT), - !!d->renewable); - - khui_tracker_refresh(&d->tc_lifetime); - khui_tracker_refresh(&d->tc_renew); - - SendDlgItemMessage(hwnd, IDC_NCK5_FORWARDABLE, - BM_SETCHECK, - (d->forwardable ? BST_CHECKED : BST_UNCHECKED), - 0); - - SendDlgItemMessage(hwnd, IDC_NCK5_ADDRESS, - BM_SETCHECK, - (d->addressless ? BST_CHECKED : BST_UNCHECKED), - 0); - - SendDlgItemMessage(hwnd, IDC_NCK5_PUBLICIP, - IPM_SETADDRESS, - 0, d->publicIP); - - EnableWindow(GetDlgItem(hwnd, IDC_NCK5_PUBLICIP), !d->addressless); - - d->sync = old_sync; - } - break; - - case WMNC_CREDTEXT_LINK: - { - k5_dlg_data * d; - khui_htwnd_link * l; - khui_new_creds * nc; - wchar_t linktext[128]; - - d = (k5_dlg_data *)(LONG_PTR) - GetWindowLongPtr(hwnd, DWLP_USER); - - if (d == NULL) - return TRUE; - - nc = d->nc; - l = (khui_htwnd_link *) lParam; - - if (!l) - break; - - StringCchCopyN(linktext, ARRAYLENGTH(linktext), - l->id, l->id_len); - - if (!wcscmp(linktext, L"Krb5Cred:!Passwd")) { - return k5_force_password_change(d); - } - } - break; - - case WMNC_UPDATE_CREDTEXT: - { - k5_dlg_data * d; - khui_new_creds * nc; - khui_new_creds_by_type * nct; - wchar_t sbuf[1024]; - wchar_t fbuf[256]; - wchar_t tbuf[256]; - size_t cbsize; - khm_int32 flags; - - d = (k5_dlg_data *)(LONG_PTR) - GetWindowLongPtr(hwnd, DWLP_USER); - if (d == NULL) - return TRUE; - - nc = d->nc; - khui_cw_find_type(nc, credtype_id_krb5, &nct); - - if(nct == NULL) - break; - - if(nct->credtext) - PFREE(nct->credtext); - nct->credtext = NULL; - - tbuf[0] = L'\0'; - - if (nc->n_identities > 0 && - KHM_SUCCEEDED(kcdb_identity_get_flags(nc->identities[0], - &flags)) && - (flags & KCDB_IDENT_FLAG_VALID) && - nc->subtype == KMSG_CRED_NEW_CREDS && - !d->pwd_change) { - - if (is_k5_identpro) - k5_get_realm_from_nc(nc, tbuf, ARRAYLENGTH(tbuf)); - else - GetDlgItemText(hwnd, IDC_NCK5_REALM, tbuf, - ARRAYLENGTH(tbuf)); - - /*TODO: if additional realms were specified, then those - must be listed as well */ - LoadString(hResModule, IDS_KRB5_CREDTEXT_0, - fbuf, ARRAYLENGTH(fbuf)); - StringCbPrintf(sbuf, sizeof(sbuf), fbuf, - tbuf); - - StringCbLength(sbuf, sizeof(sbuf), &cbsize); - cbsize += sizeof(wchar_t); - - nct->credtext = PMALLOC(cbsize); - - StringCbCopy(nct->credtext, cbsize, sbuf); - } else if (nc->n_identities > 0 && - (nc->subtype == KMSG_CRED_PASSWORD || - (nc->subtype == KMSG_CRED_NEW_CREDS && d->pwd_change))) { - cbsize = sizeof(tbuf); - kcdb_identity_get_name(nc->identities[0], tbuf, &cbsize); - - LoadString(hResModule, IDS_KRB5_CREDTEXT_P0, - fbuf, ARRAYLENGTH(fbuf)); - StringCbPrintf(sbuf, sizeof(sbuf), fbuf, tbuf); - - StringCbLength(sbuf, sizeof(sbuf), &cbsize); - cbsize += sizeof(wchar_t); - - nct->credtext = PMALLOC(cbsize); - - StringCbCopy(nct->credtext, cbsize, sbuf); - } else { - if (d->cred_message) { - StringCbLength(d->cred_message, KHUI_MAXCB_BANNER, - &cbsize); - cbsize += sizeof(wchar_t); - - nct->credtext = PMALLOC(cbsize); - - StringCbCopy(nct->credtext, cbsize, d->cred_message); - } - } - } - break; - - case WMNC_IDENTITY_CHANGE: - { - /* There has been a change of identity */ - k5_dlg_data * d; - - d = (k5_dlg_data *)(LONG_PTR) - GetWindowLongPtr(hwnd, DWLP_USER); - if (d == NULL) - break; - - kmq_post_sub_msg(k5_sub, KMSG_CRED, - KMSG_CRED_DIALOG_NEW_IDENTITY, - 0, (void *) d->nc); - } - break; - - case WMNC_DIALOG_PREPROCESS: - { - k5_dlg_data * d; - - d = (k5_dlg_data *)(LONG_PTR) - GetWindowLongPtr(hwnd, DWLP_USER); - if (d == NULL) - break; - - if(!d->sync && d->nc->result == KHUI_NC_RESULT_PROCESS) { - kmq_post_sub_msg(k5_sub, KMSG_CRED, - KMSG_CRED_DIALOG_NEW_OPTIONS, - 0, (void *) d->nc); - } - } - break; - - case K5_SET_CRED_MSG: - { - k5_dlg_data * d; - khm_size cb; - wchar_t * msg; - - d = (k5_dlg_data *) (LONG_PTR) - GetWindowLongPtr(hwnd, DWLP_USER); - if (d == NULL) - break; - - msg = (wchar_t *) lParam; - - if (d->cred_message) { - PFREE(d->cred_message); - d->cred_message = NULL; - } - - if (msg && - SUCCEEDED(StringCbLength(msg, - KHUI_MAXCB_MESSAGE, - &cb))) { - cb += sizeof(wchar_t); - d->cred_message = PMALLOC(cb); -#ifdef DEBUG - assert(d->cred_message); -#endif - StringCbCopy(d->cred_message, cb, msg); - } - } - break; - } - - return 0; -} - -INT_PTR -k5_handle_wm_notify(HWND hwnd, - WPARAM wParam, - LPARAM lParam) { - LPNMHDR pnmh; - k5_dlg_data * d; - - pnmh = (LPNMHDR) lParam; - if (pnmh->idFrom == IDC_NCK5_PUBLICIP && - pnmh->code == IPN_FIELDCHANGED) { - - d = (k5_dlg_data *) (LONG_PTR) GetWindowLongPtr(hwnd, DWLP_USER); - if (d == NULL) - return 0; - - SendDlgItemMessage(hwnd, IDC_NCK5_PUBLICIP, - IPM_GETADDRESS, - 0, (LPARAM) &d->publicIP); - - d->dirty = TRUE; - d->sync = FALSE; - - return TRUE; - } - - return 0; -} - -INT_PTR -k5_handle_wm_command(HWND hwnd, - WPARAM wParam, - LPARAM lParam) -{ - int cid; - int notif; - k5_dlg_data * d; - - d = (k5_dlg_data *)(LONG_PTR) GetWindowLongPtr(hwnd, DWLP_USER); - if (d == NULL) - return FALSE; - - cid = LOWORD(wParam); - notif = HIWORD(wParam); - - if(notif == BN_CLICKED && cid == IDC_NCK5_RENEWABLE) { - int c; - c = (int) SendDlgItemMessage(hwnd, IDC_NCK5_RENEWABLE, - BM_GETCHECK, 0, 0); - if(c==BST_CHECKED) { - EnableWindow(GetDlgItem(hwnd, IDC_NCK5_RENEW_EDIT), TRUE); - d->renewable = TRUE; - } else { - EnableWindow(GetDlgItem(hwnd, IDC_NCK5_RENEW_EDIT), FALSE); - d->renewable = FALSE; - } - d->dirty = TRUE; - d->sync = FALSE; - } else if(notif == BN_CLICKED && cid == IDC_NCK5_FORWARDABLE) { - int c; - c = (int) SendDlgItemMessage(hwnd, IDC_NCK5_FORWARDABLE, - BM_GETCHECK, 0, 0); - if(c==BST_CHECKED) { - d->forwardable = TRUE; - } else { - d->forwardable = FALSE; - } - d->dirty = TRUE; - d->sync = FALSE; - } else if (notif == BN_CLICKED && cid == IDC_NCK5_ADDRESS) { - int c; - - c = (int) SendDlgItemMessage(hwnd, IDC_NCK5_ADDRESS, - BM_GETCHECK, 0, 0); - - if (c==BST_CHECKED) { - d->addressless = TRUE; - } else { - d->addressless = FALSE; - } - d->dirty = TRUE; - d->sync = FALSE; - - EnableWindow(GetDlgItem(hwnd, IDC_NCK5_PUBLICIP), !d->addressless); - } else if (notif == EN_CHANGE && (cid == IDC_NCK5_RENEW_EDIT || - cid == IDC_NCK5_LIFETIME_EDIT)) { - d->dirty = TRUE; - d->sync = FALSE; - } else if((notif == CBN_SELCHANGE || - notif == CBN_KILLFOCUS) && - cid == IDC_NCK5_REALM && - !is_k5_identpro) { - /* find out what the realm of the current identity - is, and if they are the same, then we don't do - anything */ - wchar_t idname[KCDB_IDENT_MAXCCH_NAME]; - wchar_t realm[KCDB_IDENT_MAXCCH_NAME]; - wchar_t *r; - khm_size cbsize; - khm_handle ident; - int idx; - - if(d->nc->n_identities > 0) { - if(notif == CBN_SELCHANGE) { - idx = (int) SendDlgItemMessage(hwnd, IDC_NCK5_REALM, - CB_GETCURSEL, 0, 0); - SendDlgItemMessage(hwnd, IDC_NCK5_REALM, - CB_GETLBTEXT, idx, (LPARAM) realm); - } else { - GetDlgItemText(hwnd, IDC_NCK5_REALM, - realm, ARRAYLENGTH(realm)); - } - cbsize = sizeof(idname); - if(KHM_SUCCEEDED(kcdb_identity_get_name(d->nc->identities[0], - idname, &cbsize))) { - r = wcschr(idname, L'@'); - if(r && !wcscmp(realm, r+1)) - return 0; /* nothing to do */ - - if(!r) { - r = idname + wcslen(idname); - *r++ = L'@'; - *r++ = 0; - } - - /* if we get here, we have a new user */ - StringCchCopy(r+1, - ARRAYLENGTH(idname) - ((r+1) - idname), - realm); - if(KHM_SUCCEEDED(kcdb_identity_create(idname, - KCDB_IDENT_FLAG_CREATE, - &ident))) { - khui_cw_set_primary_id(d->nc, ident); - kcdb_identity_release(ident); - } - return 0; - } - } - - /* if we get here, we have a new realm, but there is no - identity */ - PostMessage(d->nc->hwnd, KHUI_WM_NC_NOTIFY, - MAKEWPARAM(0, WMNC_UPDATE_CREDTEXT), 0); - } - - return 0; -} - - -/* Dialog procedure for the Krb5 credentials type panel. - - NOTE: Runs in the context of the UI thread -*/ -INT_PTR CALLBACK -k5_nc_dlg_proc(HWND hwnd, - UINT uMsg, - WPARAM wParam, - LPARAM lParam) -{ - switch(uMsg) { - case WM_INITDIALOG: - return k5_handle_wm_initdialog(hwnd, wParam, lParam); - - case WM_COMMAND: - return k5_handle_wm_command(hwnd, wParam, lParam); - - case KHUI_WM_NC_NOTIFY: - return k5_handle_wmnc_notify(hwnd, wParam, lParam); - - case WM_NOTIFY: - return k5_handle_wm_notify(hwnd, wParam, lParam); - - case WM_DESTROY: - return k5_handle_wm_destroy(hwnd, wParam, lParam); - } - return FALSE; -} - -/* forward dcl */ -krb5_error_code KRB5_CALLCONV -k5_kinit_prompter(krb5_context context, - void *data, - const char *name, - const char *banner, - int num_prompts, - krb5_prompt prompts[]); - - - -fiber_job g_fjob; /* global fiber job object */ - -static BOOL -k5_cached_kinit_prompter(void); - -static BOOL -k5_cp_check_continue(void); - -/* - Runs in the context of the krb5 plugin's slave fiber -*/ -VOID CALLBACK -k5_kinit_fiber_proc(PVOID lpParameter) -{ - while(TRUE) - { - if(g_fjob.command == FIBER_CMD_KINIT) { - char * error_msg = NULL; - - g_fjob.state = FIBER_STATE_KINIT; - - if (g_fjob.error_message) { - PFREE(g_fjob.error_message); - g_fjob.error_message = NULL; - } - - g_fjob.prompt_set = 0; - - if (k5_cached_kinit_prompter()) { - SwitchToFiber(k5_main_fiber); - - if (g_fjob.command != FIBER_CMD_CONTINUE) - goto _switch_to_main; - - if (!k5_cp_check_continue()) { - g_fjob.code = KRB5KRB_AP_ERR_BAD_INTEGRITY; - goto _switch_to_main; - } - } - -#ifdef DEBUG - /* log the state of g_fjob.* */ - _reportf(L"g_fjob state prior to calling khm_krb5_kinit() :"); - _reportf(L" g_fjob.principal = [%S]", g_fjob.principal); - _reportf(L" g_fjob.code = %d", g_fjob.code); - _reportf(L" g_fjob.state = %d", g_fjob.state); - _reportf(L" g_fjob.prompt_set= %d", g_fjob.prompt_set); - _reportf(L" g_fjob.valid_principal = %d", (int) g_fjob.valid_principal); - _reportf(L" g_fjob.ccache = [%s]", g_fjob.ccache); -#endif - - /* If we don't know if we have a valid principal, we - restrict the options that are set when we call kinit. - This way we will be able to use the response from the - KDC to verify the principal. */ - - g_fjob.retry_if_valid_principal = (g_fjob.forwardable || - g_fjob.proxiable || - g_fjob.renewable); - - retry_kinit: - if (error_msg) { - free(error_msg); - error_msg = NULL; - } - - g_fjob.code = - khm_krb5_kinit(0, - g_fjob.principal, - g_fjob.password, - g_fjob.ccache, - g_fjob.lifetime, - g_fjob.valid_principal ? g_fjob.forwardable : 0, - g_fjob.valid_principal ? g_fjob.proxiable : 0, - (g_fjob.valid_principal && g_fjob.renewable ? g_fjob.renew_life : 0), - g_fjob.addressless, - g_fjob.publicIP, - k5_kinit_prompter, - &g_fjob, - &error_msg); - - /* If the principal was found to be valid, and if we - restricted the options that were being passed to kinit, - then we need to retry the kinit call. This time we use - the real options. */ - if (g_fjob.state == FIBER_STATE_RETRY_KINIT) { -#ifdef DEBUG - assert(g_fjob.valid_principal); -#endif - g_fjob.state = FIBER_STATE_KINIT; - goto retry_kinit; - } - - if (error_msg) { - wchar_t tmp[1024]; - - if (AnsiStrToUnicode(tmp, sizeof(tmp), error_msg)) { - g_fjob.error_message = PWCSDUP(tmp); - } - - free(error_msg); - error_msg = NULL; - } - } - - _switch_to_main: - g_fjob.state = FIBER_STATE_NONE; - - SwitchToFiber(k5_main_fiber); - } -} - -/* return TRUE if we should go ahead with creds acquisition */ -static BOOL -k5_cp_check_continue(void) { - khm_size i; - khm_size n_p; - khui_new_creds_prompt * p; - size_t cch; - -#ifdef DEBUG - assert(g_fjob.nc); -#endif - - if (KHM_FAILED(khui_cw_get_prompt_count(g_fjob.nc, &n_p))) { -#ifdef DEBUG - assert(FALSE); -#endif - return TRUE; - } - - khui_cw_sync_prompt_values(g_fjob.nc); - - g_fjob.null_password = FALSE; - - /* we are just checking whether there was a password field that - was left empty, in which case we can't continue with the - credentials acquisition. */ - for (i=0; i < n_p; i++) { - if(KHM_FAILED(khui_cw_get_prompt(g_fjob.nc, - (int) i, - &p))) - continue; - if(p->type == KHUI_NCPROMPT_TYPE_PASSWORD) { - if (p->value == NULL || - FAILED(StringCchLength(p->value, KHUI_MAXCCH_PROMPT, - &cch)) || - cch == 0) { - g_fjob.null_password = TRUE; - return FALSE; - } else - break; - } - } - - return TRUE; -} - -/* returns true if we find cached prompts */ -static BOOL -k5_cached_kinit_prompter(void) { - BOOL rv = FALSE; - khm_handle ident; - khm_handle csp_idconfig = NULL; - khm_handle csp_k5config = NULL; - khm_handle csp_prcache = NULL; - khm_size cb; - khm_size n_cur_prompts; - khm_int32 n_prompts; - khm_int32 i; - khm_int64 iexpiry; - FILETIME expiry; - FILETIME current; - -#ifdef DEBUG - assert(g_fjob.nc); -#endif - - ident = g_fjob.identity; - if (!ident) - return FALSE; - - /* don't need to hold ident, since it is already held in g_fjob - and it doesn't change until we return */ - - if (KHM_FAILED(kcdb_identity_get_config(ident, 0, &csp_idconfig)) || - - KHM_FAILED(khc_open_space(csp_idconfig, CSNAME_KRB5CRED, - 0, &csp_k5config)) || - - KHM_FAILED(khc_open_space(csp_k5config, CSNAME_PROMPTCACHE, - 0, &csp_prcache)) || - - KHM_FAILED(khc_read_int32(csp_prcache, L"PromptCount", - &n_prompts)) || - n_prompts == 0) - - goto _cleanup; - - if (KHM_SUCCEEDED(khc_read_int64(csp_prcache, L"ExpiresOn", &iexpiry))) { - /* has the cache expired? */ - expiry = IntToFt(iexpiry); - GetSystemTimeAsFileTime(¤t); - - if (CompareFileTime(&expiry, ¤t) < 0) - /* already expired */ - goto _cleanup; - } else { - /* if there is no value for ExpiresOn, we assume the prompts - have already expired. */ - goto _cleanup; - } - - /* we found a prompt cache. We take this to imply that the - principal is valid. */ - g_fjob.valid_principal = TRUE; - - /* check if there are any prompts currently showing. If there are - we check if they are the same as the ones we are going to show. - In which case we just reuse the exisitng prompts */ - if (KHM_FAILED(khui_cw_get_prompt_count(g_fjob.nc, - &n_cur_prompts)) || - n_prompts != (khm_int32) n_cur_prompts) - goto _show_new_prompts; - - for(i = 0; i < n_prompts; i++) { - wchar_t wsname[8]; - wchar_t wprompt[KHUI_MAXCCH_PROMPT]; - khm_handle csp_p = NULL; - khm_int32 p_type; - khm_int32 p_flags; - khui_new_creds_prompt * p; - - if (KHM_FAILED(khui_cw_get_prompt(g_fjob.nc, i, &p))) - break; - - StringCbPrintf(wsname, sizeof(wsname), L"%d", i); - - if (KHM_FAILED(khc_open_space(csp_prcache, wsname, 0, &csp_p))) - break; - - cb = sizeof(wprompt); - if (KHM_FAILED(khc_read_string(csp_p, L"Prompt", - wprompt, &cb))) { - khc_close_space(csp_p); - break; - } - - if (KHM_FAILED(khc_read_int32(csp_p, L"Type", &p_type))) - p_type = 0; - - if (KHM_FAILED(khc_read_int32(csp_p, L"Flags", &p_flags))) - p_flags = 0; - - if ( /* if we received a prompt string, - then it should be the same as the - one that is displayed */ - (wprompt[0] && - (p->prompt == NULL || - wcscmp(wprompt, p->prompt))) || - - /* if we didn't receive one, then - there shouldn't be one displayed. - This case really shouldn't happen - in reality, but we check anyway. */ - (!wprompt[0] && - p->prompt != NULL) || - - /* the type should match */ - (p_type != p->type) || - - /* if this prompt should be hidden, - then it must also be so */ - (p_flags != p->flags) - ) { - - khc_close_space(csp_p); - break; - - } - - - khc_close_space(csp_p); - } - - if (i == n_prompts) { - rv = TRUE; - goto _cleanup; - } - - _show_new_prompts: - - khui_cw_clear_prompts(g_fjob.nc); - - { - wchar_t wbanner[KHUI_MAXCCH_BANNER]; - wchar_t wpname[KHUI_MAXCCH_PNAME]; - - cb = sizeof(wbanner); - if (KHM_FAILED(khc_read_string(csp_prcache, L"Banner", - wbanner, &cb))) - wbanner[0] = 0; - - cb = sizeof(wpname); - if (KHM_FAILED(khc_read_string(csp_prcache, L"Name", - wpname, &cb))) - wpname[0] = 0; - - khui_cw_begin_custom_prompts(g_fjob.nc, - n_prompts, - (wbanner[0]? wbanner: NULL), - (wpname[0]? wpname: NULL)); - } - - for(i = 0; i < n_prompts; i++) { - wchar_t wsname[8]; - wchar_t wprompt[KHUI_MAXCCH_PROMPT]; - khm_handle csp_p = NULL; - khm_int32 p_type; - khm_int32 p_flags; - - StringCbPrintf(wsname, sizeof(wsname), L"%d", i); - - if (KHM_FAILED(khc_open_space(csp_prcache, wsname, 0, &csp_p))) - break; - - cb = sizeof(wprompt); - if (KHM_FAILED(khc_read_string(csp_p, L"Prompt", - wprompt, &cb))) { - khc_close_space(csp_p); - break; - } - - if (KHM_FAILED(khc_read_int32(csp_p, L"Type", &p_type))) - p_type = 0; - - if (KHM_FAILED(khc_read_int32(csp_p, L"Flags", &p_flags))) - p_flags = 0; - - khui_cw_add_prompt(g_fjob.nc, p_type, wprompt, NULL, p_flags); - - khc_close_space(csp_p); - } - - if (i < n_prompts) { - khui_cw_clear_prompts(g_fjob.nc); - } else { - rv = TRUE; - } - - _cleanup: - - if (csp_prcache) - khc_close_space(csp_prcache); - - if (csp_k5config) - khc_close_space(csp_k5config); - - if (csp_idconfig) - khc_close_space(csp_idconfig); - - return rv; -} - -/* Runs in the context of the Krb5 plugin's slave fiber */ -krb5_error_code KRB5_CALLCONV -k5_kinit_prompter(krb5_context context, - void *data, - const char *name, - const char *banner, - int num_prompts, - krb5_prompt prompts[]) -{ - int i; - khui_new_creds * nc; - krb5_prompt_type * ptypes; - khm_size ncp; - krb5_error_code code = 0; - BOOL new_prompts = TRUE; - khm_handle csp_prcache = NULL; - -#ifdef DEBUG - _reportf(L"k5_kinit_prompter() received %d prompts with name=[%S] banner=[%S]", - num_prompts, - name, banner); - for (i=0; i < num_prompts; i++) { - _reportf(L"Prompt[%d]: string[%S]", i, prompts[i].prompt); - } -#endif - - /* we got prompts? Then we assume that the principal is valid */ - - if (!g_fjob.valid_principal) { - g_fjob.valid_principal = TRUE; - - /* if the flags that were used to call kinit were restricted - because we didn't know the validity of the principal, then - we need to go back and retry the call with the correct - flags. */ - if (g_fjob.retry_if_valid_principal) { - _reportf(L"Retrying kinit call due to restricted flags on first call."); - g_fjob.state = FIBER_STATE_RETRY_KINIT; - return KRB5_LIBOS_PWDINTR; - } - } - - nc = g_fjob.nc; - - if(pkrb5_get_prompt_types) - ptypes = pkrb5_get_prompt_types(context); - else - ptypes = NULL; - - /* check if we are already showing the right prompts */ - khui_cw_get_prompt_count(nc, &ncp); - - if (num_prompts != (int) ncp) - goto _show_new_prompts; - - for (i=0; i < num_prompts; i++) { - wchar_t wprompt[KHUI_MAXCCH_PROMPT]; - khui_new_creds_prompt * p; - - if(prompts[i].prompt) { - AnsiStrToUnicode(wprompt, sizeof(wprompt), - prompts[i].prompt); - } else { - wprompt[0] = 0; - } - - if (KHM_FAILED(khui_cw_get_prompt(nc, i, &p))) - break; - - if ( /* if we received a prompt string, - then it should be the same as the - one that is displayed */ - (wprompt[0] && - (p->prompt == NULL || - wcscmp(wprompt, p->prompt))) || - /* if we didn't receive one, then - there shouldn't be one displayed. - This case really shouldn't happen - in reality, but we check anyway. */ - (!wprompt[0] && - p->prompt != NULL) || - /* the type should match */ - (ptypes && - ptypes[i] != p->type) || - (!ptypes && - p->type != 0) || - /* if this prompt should be hidden, - then it must also be so */ - (prompts[i].hidden && - !(p->flags & KHUI_NCPROMPT_FLAG_HIDDEN)) || - (!prompts[i].hidden && - (p->flags & KHUI_NCPROMPT_FLAG_HIDDEN)) - ) - break; - } - - if (i < num_prompts) - goto _show_new_prompts; - - new_prompts = FALSE; - - /* ok. looks like we are already showing the same set of prompts - that we were supposed to show. Sync up the values and go - ahead. */ - khui_cw_sync_prompt_values(nc); - goto _process_prompts; - - _show_new_prompts: - /* special case. if there are no actual input controls involved, - then we have to show an alerter window and pass through */ - if (num_prompts == 0) { - wchar_t wbanner[KHUI_MAXCCH_BANNER]; - wchar_t wname[KHUI_MAXCCH_PNAME]; - wchar_t wident[KCDB_IDENT_MAXCCH_NAME]; - wchar_t wmsg[KHUI_MAXCCH_MESSAGE]; - wchar_t wfmt[KHUI_MAXCCH_BANNER]; - khm_size cb; - - if (!banner) { - code = 0; - g_fjob.null_password = FALSE; - goto _exit; - } else { - AnsiStrToUnicode(wbanner, sizeof(wbanner), banner); - } - - if (name) { - AnsiStrToUnicode(wname, sizeof(wname), name); - } else { - LoadString(hResModule, - IDS_KRB5_WARNING, - wname, - ARRAYLENGTH(wname)); - } - - cb = sizeof(wident); - if (KHM_FAILED(kcdb_identity_get_name(g_fjob.identity, wident, &cb))) - wident[0] = L'\0'; - - LoadString(hResModule, - IDS_KRB5_WARN_FMT, - wfmt, - ARRAYLENGTH(wfmt)); - - StringCbPrintf(wmsg, sizeof(wmsg), wfmt, wident, wbanner); - - khui_alert_show_simple(wname, wmsg, KHERR_WARNING); - - code = 0; - g_fjob.null_password = FALSE; - goto _exit; - } - - /* in addition to showing new prompts, we also cache the set of - prompts. */ - if(g_fjob.prompt_set == 0) { - khm_handle csp_idconfig = NULL; - khm_handle csp_idk5 = NULL; - - kcdb_identity_get_config(g_fjob.identity, - KHM_FLAG_CREATE, - &csp_idconfig); - - if (csp_idconfig != NULL) - khc_open_space(csp_idconfig, - CSNAME_KRB5CRED, - KHM_FLAG_CREATE, - &csp_idk5); - - if (csp_idk5 != NULL) - khc_open_space(csp_idk5, - CSNAME_PROMPTCACHE, - KHM_FLAG_CREATE, - &csp_prcache); - - khc_close_space(csp_idconfig); - khc_close_space(csp_idk5); - } - - { - wchar_t wbanner[KHUI_MAXCCH_BANNER]; - wchar_t wname[KHUI_MAXCCH_PNAME]; - FILETIME current; - FILETIME lifetime; - FILETIME expiry; - khm_int64 iexpiry; - khm_int32 t = 0; - - if(banner) - AnsiStrToUnicode(wbanner, sizeof(wbanner), banner); - if(name) - AnsiStrToUnicode(wname, sizeof(wname), name); - - khui_cw_clear_prompts(nc); - - khui_cw_begin_custom_prompts( - nc, - num_prompts, - (banner)?wbanner:NULL, - (name)?wname:NULL); - - if (csp_prcache) { - - if (banner) - khc_write_string(csp_prcache, - L"Banner", - wbanner); - else - khc_write_string(csp_prcache, - L"Banner", - L""); - - if (name) - khc_write_string(csp_prcache, - L"Name", - wname); - else if (csp_prcache) - khc_write_string(csp_prcache, - L"Name", - L""); - - khc_write_int32(csp_prcache, - L"PromptCount", - (khm_int32) num_prompts); - - GetSystemTimeAsFileTime(¤t); -#ifdef USE_PROMPT_CACHE_LIFETIME - khc_read_int32(csp_params, L"PromptCacheLifetime", &t); - if (t == 0) - t = 172800; /* 48 hours */ -#else - khc_read_int32(csp_params, L"MaxRenewLifetime", &t); - if (t == 0) - t = 2592000; /* 30 days */ - t += 604800; /* + 7 days */ -#endif - TimetToFileTimeInterval(t, &lifetime); - expiry = FtAdd(¤t, &lifetime); - iexpiry = FtToInt(&expiry); - - khc_write_int64(csp_prcache, L"ExpiresOn", iexpiry); - } - } - - for(i=0; i < num_prompts; i++) { - wchar_t wprompt[KHUI_MAXCCH_PROMPT]; - - if(prompts[i].prompt) { - AnsiStrToUnicode(wprompt, sizeof(wprompt), - prompts[i].prompt); - } else { - wprompt[0] = 0; - } - - khui_cw_add_prompt( - nc, - (ptypes?ptypes[i]:0), - wprompt, - NULL, - (prompts[i].hidden?KHUI_NCPROMPT_FLAG_HIDDEN:0)); - - if (csp_prcache) { - khm_handle csp_p = NULL; - wchar_t wnum[8]; /* should be enough for 10 - million prompts */ - - wnum[0] = 0; - StringCbPrintf(wnum, sizeof(wnum), L"%d", i); - - khc_open_space(csp_prcache, wnum, - KHM_FLAG_CREATE, &csp_p); - - if (csp_p) { - khc_write_string(csp_p, L"Prompt", wprompt); - khc_write_int32(csp_p, L"Type", (ptypes?ptypes[i]:0)); - khc_write_int32(csp_p, L"Flags", - (prompts[i].hidden? - KHUI_NCPROMPT_FLAG_HIDDEN:0)); - - khc_close_space(csp_p); - } - } - } - - if (csp_prcache) { - khc_close_space(csp_prcache); - csp_prcache = NULL; - } - - _process_prompts: - /* switch back to main thread if we showed new prompts */ - if (new_prompts) - SwitchToFiber(k5_main_fiber); - - /* we get here after the user selects an action that either - cancles the credentials acquisition operation or triggers the - actual acquisition of credentials. */ - if(g_fjob.command != FIBER_CMD_CONTINUE && - g_fjob.command != FIBER_CMD_KINIT) { - code = KRB5_LIBOS_PWDINTR; - goto _exit; - } - - g_fjob.null_password = FALSE; - - /* otherwise, we need to get the data back from the UI and - return 0 */ - for(i=0; i<num_prompts; i++) { - krb5_data * d; - wchar_t wbuf[512]; - khm_size cbbuf; - size_t cch; - - d = prompts[i].reply; - - cbbuf = sizeof(wbuf); - if(KHM_SUCCEEDED(khui_cw_get_prompt_value(nc, i, wbuf, &cbbuf))) { - UnicodeStrToAnsi(d->data, d->length, wbuf); - if(SUCCEEDED(StringCchLengthA(d->data, d->length, &cch))) - d->length = (unsigned int) cch; - else - d->length = 0; - } else { -#ifdef DEBUG - assert(FALSE); -#endif - d->length = 0; - } - - if (ptypes && - ptypes[i] == KRB5_PROMPT_TYPE_PASSWORD && - d->length == 0) - - g_fjob.null_password = TRUE; - } - - _exit: - - g_fjob.prompt_set++; - - /* entering a NULL password is equivalent to cancelling out */ - if (g_fjob.null_password) - return KRB5_LIBOS_PWDINTR; - else - return code; -} - - -void -k5_read_dlg_params(k5_dlg_data * d, khm_handle identity) -{ - k5_params p; - - khm_krb5_get_identity_params(identity, &p); - - d->renewable = p.renewable; - d->forwardable = p.forwardable; - d->proxiable = p.proxiable; - d->addressless = p.addressless; - d->publicIP = p.publicIP; - - d->tc_lifetime.current = p.lifetime; - d->tc_lifetime.max = p.lifetime_max; - d->tc_lifetime.min = p.lifetime_min; - - d->tc_renew.current = p.renew_life; - d->tc_renew.max = p.renew_life_max; - d->tc_renew.min = p.renew_life_min; - - /* however, if this has externally supplied defaults, we have to - use them too. */ - if (d->nc && d->nc->ctx.vparam && - d->nc->ctx.cb_vparam == sizeof(NETID_DLGINFO)) { - LPNETID_DLGINFO pdlginfo; - - pdlginfo = (LPNETID_DLGINFO) d->nc->ctx.vparam; - if (pdlginfo->size == NETID_DLGINFO_V1_SZ && - pdlginfo->in.use_defaults == 0) { - d->forwardable = pdlginfo->in.forwardable; - d->addressless = pdlginfo->in.noaddresses; - d->tc_lifetime.current = pdlginfo->in.lifetime; - d->tc_renew.current = pdlginfo->in.renew_till; - - if (pdlginfo->in.renew_till == 0) - d->renewable = FALSE; - else - d->renewable = TRUE; - - d->proxiable = pdlginfo->in.proxiable; - d->publicIP = pdlginfo->in.publicip; - } - } - - /* once we read the new data, in, it is no longer considered - dirty */ - d->dirty = FALSE; - d->sync = FALSE; -} - -void -k5_ensure_identity_ccache_is_watched(khm_handle identity, char * ccache) -{ - /* if we used a FILE: ccache, we should add it to FileCCList. - Otherwise the tickets are not going to get listed. */ - do { - wchar_t thisccache[MAX_PATH]; - wchar_t * ccpath; - khm_size cb_cc; - wchar_t * mlist = NULL; - khm_size cb_mlist; - khm_int32 rv; - khm_size t; - - if (ccache != NULL && - strncmp(ccache, "FILE:", 5) != 0) - break; - - if (ccache == NULL) { - cb_cc = sizeof(thisccache); - rv = khm_krb5_get_identity_default_ccache(identity, thisccache, &cb_cc); -#ifdef DEBUG - assert(KHM_SUCCEEDED(rv)); -#endif - } else { - thisccache[0] = L'\0'; - AnsiStrToUnicode(thisccache, sizeof(thisccache), ccache); - } - - if (wcsncmp(thisccache, L"FILE:", 5)) - break; - - /* the FileCCList is a list of paths. We have to strip out - the FILE: prefix. */ - ccpath = thisccache + 5; - - _reportf(L"Checking if ccache [%s] is in FileCCList", ccpath); - - StringCbLength(ccpath, sizeof(thisccache) - sizeof(wchar_t) * 5, &cb_cc); - cb_cc += sizeof(wchar_t); - - rv = khc_read_multi_string(csp_params, L"FileCCList", NULL, &cb_mlist); - if (rv == KHM_ERROR_TOO_LONG && cb_mlist > sizeof(wchar_t) * 2) { - cb_mlist += cb_cc; - mlist = PMALLOC(cb_mlist); - - t = cb_mlist; - rv = khc_read_multi_string(csp_params, L"FileCCList", mlist, &t); -#ifdef DEBUG - assert(KHM_SUCCEEDED(rv)); -#endif - if (KHM_FAILED(rv)) - goto failed_filecclist; - - if (multi_string_find(mlist, ccpath, 0) == NULL) { - t = cb_mlist; - multi_string_append(mlist, &t, ccpath); - - khc_write_multi_string(csp_params, L"FileCCList", mlist); - _reportf(L"Added CCache to list"); - } else { - _reportf(L"The CCache is already in the list"); - } - } else { - cb_mlist = cb_cc + sizeof(wchar_t); - mlist = PMALLOC(cb_mlist); - - multi_string_init(mlist, cb_mlist); - t = cb_mlist; - multi_string_append(mlist, &t, ccpath); - - khc_write_multi_string(csp_params, L"FileCCList", mlist); - - _reportf(L"FileCCList was empty. Added CCache"); - } - - failed_filecclist: - - if (mlist) - PFREE(mlist); - - } while(FALSE); -} - -void -k5_write_dlg_params(k5_dlg_data * d, khm_handle identity, char * ccache) -{ - - k5_params p; - - ZeroMemory(&p, sizeof(p)); - - p.source_reg = K5PARAM_FM_ALL; /* we want to write all the - settings to the registry, if - necessary. */ - - p.renewable = d->renewable; - p.forwardable = d->forwardable; - p.proxiable = d->proxiable; - p.addressless = d->addressless; - p.publicIP = d->publicIP; - - p.lifetime = (krb5_deltat) d->tc_lifetime.current; - p.lifetime_max = (krb5_deltat) d->tc_lifetime.max; - p.lifetime_min = (krb5_deltat) d->tc_lifetime.min; - - p.renew_life = (krb5_deltat) d->tc_renew.current; - p.renew_life_max = (krb5_deltat) d->tc_renew.max; - p.renew_life_min = (krb5_deltat) d->tc_renew.min; - - khm_krb5_set_identity_params(identity, &p); - - k5_ensure_identity_ccache_is_watched(identity, ccache); - - /* as in k5_read_dlg_params, once we write the data in, the local - data is no longer dirty */ - d->dirty = FALSE; -} - -void -k5_free_kinit_job(void) -{ - if (g_fjob.principal) - PFREE(g_fjob.principal); - - if (g_fjob.password) - PFREE(g_fjob.password); - - if (g_fjob.identity) - kcdb_identity_release(g_fjob.identity); - - if (g_fjob.ccache) - PFREE(g_fjob.ccache); - - if (g_fjob.error_message) - PFREE(g_fjob.error_message); - - ZeroMemory(&g_fjob, sizeof(g_fjob)); -} - -void -k5_prep_kinit_job(khui_new_creds * nc) -{ - khui_new_creds_by_type * nct; - k5_dlg_data * d; - wchar_t idname[KCDB_IDENT_MAXCCH_NAME]; - khm_size cbbuf; - size_t size; - khm_handle ident; - LPNETID_DLGINFO pdlginfo; - - khui_cw_find_type(nc, credtype_id_krb5, &nct); - if (!nct) - return; - - d = (k5_dlg_data *)(LONG_PTR) - GetWindowLongPtr(nct->hwnd_panel, DWLP_USER); - - if (!d) - return; - - khui_cw_lock_nc(nc); - ident = nc->identities[0]; - kcdb_identity_hold(ident); - khui_cw_unlock_nc(nc); - - cbbuf = sizeof(idname); - kcdb_identity_get_name(ident, idname, &cbbuf); - StringCchLength(idname, ARRAYLENGTH(idname), &size); - size++; - - k5_free_kinit_job(); - - g_fjob.command = FIBER_CMD_KINIT; - g_fjob.nc = nc; - g_fjob.nct = nct; - g_fjob.dialog = nct->hwnd_panel; - g_fjob.principal = PMALLOC(size); - UnicodeStrToAnsi(g_fjob.principal, size, idname); - g_fjob.password = NULL; - g_fjob.lifetime = (krb5_deltat) d->tc_lifetime.current; - g_fjob.forwardable = d->forwardable; - g_fjob.proxiable = d->proxiable; - g_fjob.renewable = d->renewable; - g_fjob.renew_life = (krb5_deltat) d->tc_renew.current; - g_fjob.addressless = d->addressless; - g_fjob.publicIP = d->publicIP; - g_fjob.code = 0; - g_fjob.identity = ident; - g_fjob.prompt_set = 0; - g_fjob.valid_principal = FALSE; - g_fjob.ccache = NULL; - g_fjob.retry_if_valid_principal = FALSE; - - /* the value for - retry_if_valid_principal is not - necessarily the correct value here, - but the correct value will be - assigned k5_kinit_fiber_proc(). */ - - /* if we have external parameters, we should use them as well */ - if (nc->ctx.cb_vparam == sizeof(NETID_DLGINFO) && - (pdlginfo = nc->ctx.vparam) && - pdlginfo->size == NETID_DLGINFO_V1_SZ) { - wchar_t * t; - - if (pdlginfo->in.ccache[0] && - SUCCEEDED(StringCchLength(pdlginfo->in.ccache, - NETID_CCACHE_NAME_SZ, - &size))) { - g_fjob.ccache = PMALLOC(sizeof(char) * (size + 1)); -#ifdef DEBUG - assert(g_fjob.ccache); -#endif - UnicodeStrToAnsi(g_fjob.ccache, size + 1, - pdlginfo->in.ccache); - - /* this is the same as the output cache */ - - StringCbCopy(pdlginfo->out.ccache, sizeof(pdlginfo->out.ccache), - pdlginfo->in.ccache); - } else { - wchar_t ccache[MAX_PATH]; - - g_fjob.ccache = NULL; - size = sizeof(ccache); - - khm_krb5_get_identity_default_ccache(ident, ccache, &size); - - StringCbCopy(pdlginfo->out.ccache, sizeof(pdlginfo->out.ccache), - ccache); - } - - t = khm_get_realm_from_princ(idname); - - if (t) { - StringCbCopy(pdlginfo->out.realm, - sizeof(pdlginfo->out.realm), - t); - - if ((t - idname) > 1) { - StringCchCopyN(pdlginfo->out.username, - ARRAYLENGTH(pdlginfo->out.username), - idname, - (t - idname) - 1); - } else { - StringCbCopy(pdlginfo->out.username, - sizeof(pdlginfo->out.username), - L""); - } - } else { - StringCbCopy(pdlginfo->out.username, - sizeof(pdlginfo->out.username), - idname); - StringCbCopy(pdlginfo->out.realm, - sizeof(pdlginfo->out.realm), - L""); - } - } - - /* leave identity held, since we added a reference above */ -} - -static khm_int32 KHMAPI -k5_find_tgt_filter(khm_handle cred, - khm_int32 flags, - void * rock) { - khm_handle ident = (khm_handle) rock; - khm_handle cident = NULL; - khm_int32 f; - khm_int32 rv; - - if (KHM_SUCCEEDED(kcdb_cred_get_identity(cred, - &cident)) && - cident == ident && - KHM_SUCCEEDED(kcdb_cred_get_flags(cred, &f)) && - (f & KCDB_CRED_FLAG_INITIAL) && - !(f & KCDB_CRED_FLAG_EXPIRED)) - rv = 1; - else - rv = 0; - - if (cident) - kcdb_identity_release(cident); - - return rv; -} - -khm_int32 -k5_remove_from_LRU(khm_handle identity) -{ - wchar_t * wbuf = NULL; - wchar_t idname[KCDB_IDENT_MAXCCH_NAME]; - khm_size cb; - khm_size cb_ms; - khm_int32 rv = KHM_ERROR_SUCCESS; - - cb = sizeof(idname); - rv = kcdb_identity_get_name(identity, idname, &cb); - assert(rv == KHM_ERROR_SUCCESS); - - rv = khc_read_multi_string(csp_params, L"LRUPrincipals", NULL, &cb_ms); - if (rv != KHM_ERROR_TOO_LONG) - cb_ms = sizeof(wchar_t) * 2; - - wbuf = PMALLOC(cb_ms); - assert(wbuf); - - cb = cb_ms; - - if (rv == KHM_ERROR_TOO_LONG) { - rv = khc_read_multi_string(csp_params, L"LRUPrincipals", wbuf, &cb); - assert(KHM_SUCCEEDED(rv)); - - if (multi_string_find(wbuf, idname, KHM_CASE_SENSITIVE) != NULL) { - multi_string_delete(wbuf, idname, KHM_CASE_SENSITIVE); - } - } else { - multi_string_init(wbuf, cb_ms); - } - - rv = khc_write_multi_string(csp_params, L"LRUPrincipals", wbuf); - - if (wbuf) - PFREE(wbuf); - - return rv; -} - -khm_int32 -k5_update_LRU(khm_handle identity) -{ - wchar_t * wbuf = NULL; - wchar_t * idname = NULL; - wchar_t * realm = NULL; - khm_size cb; - khm_size cb_ms; - khm_int32 rv = KHM_ERROR_SUCCESS; - - rv = kcdb_identity_get_name(identity, NULL, &cb); - assert(rv == KHM_ERROR_TOO_LONG); - - idname = PMALLOC(cb); - assert(idname); - - rv = kcdb_identity_get_name(identity, idname, &cb); - assert(KHM_SUCCEEDED(rv)); - - rv = khc_read_multi_string(csp_params, L"LRUPrincipals", NULL, &cb_ms); - if (rv != KHM_ERROR_TOO_LONG) - cb_ms = cb + sizeof(wchar_t); - else - cb_ms += cb + sizeof(wchar_t); - - wbuf = PMALLOC(cb_ms); - assert(wbuf); - - cb = cb_ms; - - if (rv == KHM_ERROR_TOO_LONG) { - rv = khc_read_multi_string(csp_params, L"LRUPrincipals", wbuf, &cb); - assert(KHM_SUCCEEDED(rv)); - - if (multi_string_find(wbuf, idname, KHM_CASE_SENSITIVE) != NULL) { - /* it's already there. We remove it here and add it at - the top of the LRU list. */ - multi_string_delete(wbuf, idname, KHM_CASE_SENSITIVE); - } - } else { - multi_string_init(wbuf, cb_ms); - } - - cb = cb_ms; - rv = multi_string_prepend(wbuf, &cb, idname); - assert(KHM_SUCCEEDED(rv)); - - rv = khc_write_multi_string(csp_params, L"LRUPrincipals", wbuf); - - realm = khm_get_realm_from_princ(idname); - if (realm == NULL || *realm == L'\0') - goto _done_with_LRU; - - cb = cb_ms; - rv = khc_read_multi_string(csp_params, L"LRURealms", wbuf, &cb); - - if (rv == KHM_ERROR_TOO_LONG) { - PFREE(wbuf); - wbuf = PMALLOC(cb); - assert(wbuf); - - cb_ms = cb; - - rv = khc_read_multi_string(csp_params, L"LRURealms", wbuf, &cb); - - assert(KHM_SUCCEEDED(rv)); - } else if (rv == KHM_ERROR_SUCCESS) { - if (multi_string_find(wbuf, realm, KHM_CASE_SENSITIVE) != NULL) { - /* remove the realm and add it at the top later. */ - multi_string_delete(wbuf, realm, KHM_CASE_SENSITIVE); - } - } else { - multi_string_init(wbuf, cb_ms); - } - - cb = cb_ms; - rv = multi_string_prepend(wbuf, &cb, realm); - - if (rv == KHM_ERROR_TOO_LONG) { - wbuf = PREALLOC(wbuf, cb); - - rv = multi_string_prepend(wbuf, &cb, realm); - - assert(KHM_SUCCEEDED(rv)); - } - - rv = khc_write_multi_string(csp_params, L"LRURealms", wbuf); - - assert(KHM_SUCCEEDED(rv)); - - _done_with_LRU: - - if (wbuf) - PFREE(wbuf); - if (idname) - PFREE(idname); - - return rv; -} - -/* Handler for CRED type messages - - Runs in the context of the Krb5 plugin -*/ -khm_int32 KHMAPI -k5_msg_cred_dialog(khm_int32 msg_type, - khm_int32 msg_subtype, - khm_ui_4 uparam, - void * vparam) -{ - khm_int32 rv = KHM_ERROR_SUCCESS; - - switch(msg_subtype) { - - case KMSG_CRED_PASSWORD: - case KMSG_CRED_NEW_CREDS: - { - khui_new_creds * nc; - khui_new_creds_by_type * nct; - wchar_t wbuf[256]; - size_t cbsize; - - nc = (khui_new_creds *) vparam; - - nct = PMALLOC(sizeof(*nct)); - ZeroMemory(nct, sizeof(*nct)); - - nct->type = credtype_id_krb5; - nct->ordinal = 1; - - LoadString(hResModule, IDS_KRB5_NC_NAME, - wbuf, ARRAYLENGTH(wbuf)); - StringCbLength(wbuf, sizeof(wbuf), &cbsize); - cbsize += sizeof(wchar_t); - - nct->name = PMALLOC(cbsize); - StringCbCopy(nct->name, cbsize, wbuf); - - nct->h_module = hResModule; - nct->dlg_proc = k5_nc_dlg_proc; - if (nc->subtype == KMSG_CRED_PASSWORD) - nct->dlg_template = MAKEINTRESOURCE(IDD_NC_KRB5_PASSWORD); - else - nct->dlg_template = MAKEINTRESOURCE(IDD_NC_KRB5); - - khui_cw_add_type(nc, nct); - } - break; - - case KMSG_CRED_RENEW_CREDS: - { - khui_new_creds * nc; - khui_new_creds_by_type * nct; - - nc = (khui_new_creds *) vparam; - - nct = PMALLOC(sizeof(*nct)); - ZeroMemory(nct, sizeof(*nct)); - - nct->type = credtype_id_krb5; - - khui_cw_add_type(nc, nct); - } - break; - - case KMSG_CRED_DIALOG_PRESTART: - { - khui_new_creds * nc; - khui_new_creds_by_type * nct; - k5_dlg_data * d; - HWND hwnd; - wchar_t * realms; - wchar_t * t; - wchar_t * defrealm; - - nc = (khui_new_creds *) vparam; - - khui_cw_find_type(nc, credtype_id_krb5, &nct); - - if(!nct) - break; - - hwnd = nct->hwnd_panel; - d = (k5_dlg_data *)(LONG_PTR) - GetWindowLongPtr(nct->hwnd_panel, DWLP_USER); - - /* this can be NULL if the dialog was closed while the - plug-in thread was processing. */ - if (d == NULL) - break; - - if (!is_k5_identpro) { - - /* enumerate all realms and place in realms combo box */ - SendDlgItemMessage(hwnd, IDC_NCK5_REALM, - CB_RESETCONTENT, - 0, 0); - - realms = khm_krb5_get_realm_list(); - if(realms) { - for (t = realms; t && *t; t = multi_string_next(t)) { - SendDlgItemMessage(hwnd, IDC_NCK5_REALM, - CB_ADDSTRING, - 0, (LPARAM) t); - } - PFREE(realms); - } - - /* and set the default realm */ - defrealm = khm_krb5_get_default_realm(); - if(defrealm) { - SendDlgItemMessage(hwnd, IDC_NCK5_REALM, - CB_SELECTSTRING, - (WPARAM) -1, - (LPARAM) defrealm); - - SendDlgItemMessage(hwnd, IDC_NCK5_REALM, - WM_SETTEXT, - 0, (LPARAM) defrealm); - PFREE(defrealm); - } - } else { /* if krb5 is the identity provider */ - HWND hw_realms; - - /* in this case, the realm selection is done by the - identity provider prompts. */ - - hw_realms = GetDlgItem(hwnd, IDC_NCK5_REALM); -#ifdef DEBUG - assert(hw_realms); -#endif - EnableWindow(hw_realms, FALSE); - } - - if (nc->subtype == KMSG_CRED_NEW_CREDS) { - k5_read_dlg_params(d, NULL); - } - - PostMessage(hwnd, KHUI_WM_NC_NOTIFY, - MAKEWPARAM(0,WMNC_DIALOG_SETUP), 0); - } - break; - - case KMSG_CRED_DIALOG_NEW_IDENTITY: - { - khui_new_creds * nc; - khui_new_creds_by_type * nct; - k5_dlg_data * d; - - nc = (khui_new_creds *) vparam; - - khui_cw_find_type(nc, credtype_id_krb5, &nct); - if (!nct) - break; - - d = (k5_dlg_data *)(LONG_PTR) - GetWindowLongPtr(nct->hwnd_panel, DWLP_USER); - - if (d == NULL) - break; - - /* we only load the identity specific defaults if the user - hasn't changed the options */ - khui_cw_lock_nc(nc); - - /* ?: It might be better to not load identity defaults if - the user has already changed options in the dialog. */ - if(/* !d->dirty && */ nc->n_identities > 0 && - nc->subtype == KMSG_CRED_NEW_CREDS) { - - k5_read_dlg_params(d, nc->identities[0]); - - PostMessage(nct->hwnd_panel, KHUI_WM_NC_NOTIFY, - MAKEWPARAM(0,WMNC_DIALOG_SETUP), 0); - } - - khui_cw_unlock_nc(nc); - - /* reset the force-password-change flag if this is a new - identity. */ - d->pwd_change = FALSE; - } - - /* fallthrough */ - case KMSG_CRED_DIALOG_NEW_OPTIONS: - { - khui_new_creds * nc; - khui_new_creds_by_type * nct; - k5_dlg_data * d; - - nc = (khui_new_creds *) vparam; - - khui_cw_find_type(nc, credtype_id_krb5, &nct); - if (!nct) - break; - - d = (k5_dlg_data *)(LONG_PTR) - GetWindowLongPtr(nct->hwnd_panel, DWLP_USER); - if (d == NULL) - break; - - if (nc->subtype == KMSG_CRED_PASSWORD) { - khm_size n_prompts = 0; - - khui_cw_get_prompt_count(nc, &n_prompts); - - if (nc->n_identities == 0) { - if (n_prompts) - khui_cw_clear_prompts(nc); - } else if (n_prompts != 3) { - wchar_t wbuf[KHUI_MAXCCH_BANNER]; - - khui_cw_clear_prompts(nc); - - LoadString(hResModule, IDS_NC_PWD_BANNER, - wbuf, ARRAYLENGTH(wbuf)); - khui_cw_begin_custom_prompts(nc, 3, NULL, wbuf); - - LoadString(hResModule, IDS_NC_PWD_PWD, - wbuf, ARRAYLENGTH(wbuf)); - khui_cw_add_prompt(nc, KHUI_NCPROMPT_TYPE_PASSWORD, - wbuf, NULL, KHUI_NCPROMPT_FLAG_HIDDEN); - - LoadString(hResModule, IDS_NC_PWD_NPWD, - wbuf, ARRAYLENGTH(wbuf)); - khui_cw_add_prompt(nc, KHUI_NCPROMPT_TYPE_NEW_PASSWORD, - wbuf, NULL, KHUI_NCPROMPT_FLAG_HIDDEN); - - LoadString(hResModule, IDS_NC_PWD_NPWD_AGAIN, - wbuf, ARRAYLENGTH(wbuf)); - khui_cw_add_prompt(nc, KHUI_NCPROMPT_TYPE_NEW_PASSWORD_AGAIN, - wbuf, NULL, KHUI_NCPROMPT_FLAG_HIDDEN); - } - - return KHM_ERROR_SUCCESS; - } - /* else; nc->subtype == KMSG_CRED_NEW_CREDS */ - - assert(nc->subtype == KMSG_CRED_NEW_CREDS); - - /* If we are forcing a password change, then we don't do - anything here. Note that if the identity changed, then - this field would have been reset, so we would proceed - as usual. */ - if (d->pwd_change) - return KHM_ERROR_SUCCESS; - -#if 0 - /* Clearing the prompts at this point is a bad idea since - the prompter depends on the prompts to know if this set - of prompts is the same as the new set and if so, use - the values entered in the old prompts as responses to - the new one. */ - khui_cw_clear_prompts(nc); -#endif - - /* if the fiber is already in a kinit, cancel it */ - if(g_fjob.state == FIBER_STATE_KINIT) { - khm_boolean clear_prompts = TRUE; - - khui_cw_lock_nc(nc); - if (nc->n_identities > 0 && - kcdb_identity_is_equal(nc->identities[0], g_fjob.identity)) { - clear_prompts = FALSE; - } - khui_cw_unlock_nc(nc); - - g_fjob.command = FIBER_CMD_CANCEL; - SwitchToFiber(k5_kinit_fiber); - /* we get here when the cancel operation completes */ - k5_free_kinit_job(); - - if (clear_prompts) - khui_cw_clear_prompts(nc); - } - - khui_cw_lock_nc(nc); - - if(nc->n_identities > 0) { - khm_handle ident = nc->identities[0]; - - kcdb_identity_hold(ident); - - k5_prep_kinit_job(nc); - - /* after the switch to the fiber, the dialog will be - back in sync with the kinit thread. */ - d->sync = TRUE; - - khui_cw_unlock_nc(nc); - - SwitchToFiber(k5_kinit_fiber); - /* we get here when the fiber switches back */ - if(g_fjob.state == FIBER_STATE_NONE) { - wchar_t msg[KHUI_MAXCCH_BANNER]; - khm_size cb; - int code; - - code = g_fjob.code; - - /* Special case. If the users' password has - expired, we force a password change dialog on - top of the new credentials dialog using a set - of custom prompts, but only if we are the - identity provider. */ - if (g_fjob.code == KRB5KDC_ERR_KEY_EXP && - is_k5_identpro) { - - k5_force_password_change(d); - goto done_with_bad_princ; - - } - - if(g_fjob.code == KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN && - is_k5_identpro) { - kcdb_identity_set_flags(ident, - KCDB_IDENT_FLAG_INVALID, - KCDB_IDENT_FLAG_INVALID); - - khui_cw_clear_prompts(nc); - } - - if (d->cred_message) { - PFREE(d->cred_message); - d->cred_message = NULL; - } - - if (g_fjob.error_message) { - StringCbCopy(msg, sizeof(msg), g_fjob.error_message); - goto have_message; - } - - msg[0] = L'\0'; - - switch(g_fjob.code) { - case 0: - /* we succeeded. This can actually happen if - there was an external program that prompted - for credentials. */ - break; - - case KRB5KDC_ERR_NAME_EXP: - /* principal expired */ - LoadString(hResModule, IDS_K5ERR_NAME_EXPIRED, - msg, ARRAYLENGTH(msg)); - break; - - case KRB5KDC_ERR_KEY_EXP: - { - /* password needs changing. */ - LoadString(hResModule, IDS_K5ERR_KEY_EXPIRED, - msg, ARRAYLENGTH(msg)); - } - break; - - default: - { - DWORD dw_dummy; - kherr_suggestion sug_dummy; - wchar_t fmt[KHUI_MAXCCH_BANNER]; - wchar_t desc[KHUI_MAXCCH_BANNER]; - - LoadString(hResModule, IDS_K5ERR_FMT, - fmt, ARRAYLENGTH(fmt)); - - khm_err_describe(g_fjob.code, - desc, - sizeof(desc), - &dw_dummy, - &sug_dummy); - - StringCbPrintf(msg, sizeof(msg), fmt, desc); - } - } - - have_message: - - if (msg[0]) { - StringCbLength(msg, sizeof(msg), &cb); - cb += sizeof(wchar_t); - - d->cred_message = PMALLOC(cb); - StringCbCopy(d->cred_message, cb, msg); - } - - done_with_bad_princ: - - k5_free_kinit_job(); - - if (is_k5_identpro) { - if (code == 0) - kcdb_identity_set_flags(ident, - KCDB_IDENT_FLAG_VALID, - KCDB_IDENT_FLAG_VALID); - else - kcdb_identity_set_flags(ident, - KCDB_IDENT_FLAG_UNKNOWN, - KCDB_IDENT_FLAG_UNKNOWN); - } - - } else if(g_fjob.state == FIBER_STATE_KINIT) { - /* this is what we want. Leave the fiber there. */ - - if(is_k5_identpro) - kcdb_identity_set_flags(ident, - KCDB_IDENT_FLAG_VALID, - KCDB_IDENT_FLAG_VALID); - } else { - /* huh?? */ -#ifdef DEBUG - assert(FALSE); -#endif - } - - /* since the attributes of the identity have changed, - we should update the cred text as well */ - kcdb_identity_release(ident); - khui_cw_lock_nc(nc); - PostMessage(nc->hwnd, KHUI_WM_NC_NOTIFY, - MAKEWPARAM(0, WMNC_UPDATE_CREDTEXT), 0); - } else { - khui_cw_unlock_nc(nc); - khui_cw_clear_prompts(nc); - khui_cw_lock_nc(nc); - } - - khui_cw_unlock_nc(nc); - } - break; - - case KMSG_CRED_PROCESS: - { - khui_new_creds * nc; - khui_new_creds_by_type * nct; - k5_dlg_data * d; - - khm_int32 r = 0; - - nc = (khui_new_creds *) vparam; - - khui_cw_find_type(nc, credtype_id_krb5, &nct); - - if(!nct) - break; - - /* reset the null_password flag, just in case */ - g_fjob.null_password = FALSE; - - if (nc->subtype == KMSG_CRED_NEW_CREDS) { - d = (k5_dlg_data *) nct->aux; - if (d == NULL) - break; - - if (d->pwd_change) { - /* we are forcing a password change */ - goto change_password; - } - - _begin_task(0); - _report_mr0(KHERR_NONE, MSG_CTX_INITAL_CREDS); - _describe(); - - if (g_fjob.state == FIBER_STATE_KINIT) { - if(nc->result == KHUI_NC_RESULT_CANCEL) { - g_fjob.command = FIBER_CMD_CANCEL; - SwitchToFiber(k5_kinit_fiber); - - /* if we cancelled out, then we shouldn't care - about the return code. */ -#ifdef DEBUG - assert(g_fjob.state == FIBER_STATE_NONE); -#endif - g_fjob.code = 0; - - _reportf(L"Cancelling"); - } else if (nc->result == KHUI_NC_RESULT_PROCESS) { - khui_cw_sync_prompt_values(nc); - g_fjob.command = FIBER_CMD_CONTINUE; - SwitchToFiber(k5_kinit_fiber); - - /* We get back here once the fiber finishes - processing */ -#ifdef DEBUG - } else { - assert(FALSE); -#endif - } - } else { - /* we weren't in a KINIT state */ - if (nc->result == KHUI_NC_RESULT_CANCEL) { - /* nothing to report */ - g_fjob.code = 0; - } else if (nc->result == KHUI_NC_RESULT_PROCESS) { - /* g_fjob.code should have the result of the - last kinit attempt. We should leave it - as-is */ -#ifdef DEBUG - } else { - /* unknown result */ - assert(FALSE); -#endif - } - } - - /* special case: if there was no password entered, and - if there is a valid TGT we allow the credential - acquisition to go through */ - if (g_fjob.state == FIBER_STATE_NONE && - g_fjob.code && - g_fjob.null_password && - - (nc->n_identities == 0 || - nc->identities[0] == NULL || - KHM_SUCCEEDED(kcdb_credset_find_filtered - (NULL, - -1, - k5_find_tgt_filter, - nc->identities[0], - NULL, - NULL)))) { - _reportf(L"No password entered, but a valid TGT exists. Continuing"); - g_fjob.code = 0; - } else if (g_fjob.state == FIBER_STATE_NONE && - g_fjob.code == 0 && - nc->n_identities > 0 && - nc->identities[0] != NULL) { - - /* we had a password and we used it to get - tickets. We should reset the IMPORTED flag now - since the tickets are not imported. */ - - khm_krb5_set_identity_flags(nc->identities[0], - K5IDFLAG_IMPORTED, - 0); - } - - if(g_fjob.code != 0) { - wchar_t tbuf[1024]; - DWORD suggestion = 0; - kherr_suggestion suggest_code; - - if (g_fjob.error_message) { - StringCbCopy(tbuf, sizeof(tbuf), g_fjob.error_message); - } else { - khm_err_describe(g_fjob.code, tbuf, sizeof(tbuf), - &suggestion, &suggest_code); - } - - _report_cs0(KHERR_ERROR, tbuf); - if (suggestion != 0) - _suggest_mr(suggestion, suggest_code); - - _resolve(); - - r = KHUI_NC_RESPONSE_FAILED; - - if (suggest_code == KHERR_SUGGEST_RETRY) { - r |= KHUI_NC_RESPONSE_NOEXIT | - KHUI_NC_RESPONSE_PENDING; - } - -#ifdef DEBUG - assert(g_fjob.state == FIBER_STATE_NONE); -#endif - - if (g_fjob.valid_principal && - nc->n_identities > 0 && - nc->identities[0]) { - /* the principal was valid, so we can go ahead - and update the LRU */ - k5_update_LRU(nc->identities[0]); - } - - } else if (nc->result == KHUI_NC_RESULT_PROCESS && - g_fjob.state == FIBER_STATE_NONE) { - krb5_context ctx = NULL; - - _reportf(L"Tickets successfully acquired"); - - r = KHUI_NC_RESPONSE_SUCCESS | - KHUI_NC_RESPONSE_EXIT; - - /* if we successfully obtained credentials, we - should save the current settings in the - identity config space */ - - assert(nc->n_identities > 0); - assert(nc->identities[0]); - - k5_write_dlg_params(d, nc->identities[0], g_fjob.ccache); - - /* We should also quickly refresh the credentials - so that the identity flags and ccache - properties reflect the current state of - affairs. This has to be done here so that - other credentials providers which depend on - Krb5 can properly find the initial creds to - obtain their respective creds. */ - - khm_krb5_list_tickets(&ctx); - - if (nc->set_default) { - _reportf(L"Setting default identity"); - kcdb_identity_set_default(nc->identities[0]); - } - - /* If there is no default identity, then make this the default */ - kcdb_identity_refresh(nc->identities[0]); - { - khm_handle tdefault = NULL; - - if (KHM_SUCCEEDED(kcdb_identity_get_default(&tdefault))) { - kcdb_identity_release(tdefault); - } else { - _reportf(L"There was no default identity. Setting default"); - kcdb_identity_set_default(nc->identities[0]); - } - } - - /* and update the LRU */ - k5_update_LRU(nc->identities[0]); - - if (ctx != NULL) - pkrb5_free_context(ctx); - } else if (g_fjob.state == FIBER_STATE_NONE) { - /* the user cancelled the operation */ - r = KHUI_NC_RESPONSE_EXIT | - KHUI_NC_RESPONSE_SUCCESS; - } - - if(g_fjob.state == FIBER_STATE_NONE) { - khui_cw_set_response(nc, credtype_id_krb5, r); - - if (r & KHUI_NC_RESPONSE_NOEXIT) { - /* if we are retrying the call, we should - restart the kinit fiber */ -#ifdef DEBUG - assert(r & KHUI_NC_RESPONSE_PENDING); -#endif - - k5_prep_kinit_job(nc); - SwitchToFiber(k5_kinit_fiber); - } else { - /* free up the fiber data fields. */ - k5_free_kinit_job(); - } - } else { - khui_cw_set_response(nc, credtype_id_krb5, - KHUI_NC_RESPONSE_NOEXIT | - KHUI_NC_RESPONSE_PENDING | r); - } - - _end_task(); - } else if (nc->subtype == KMSG_CRED_RENEW_CREDS) { - - FILETIME ftidexp = {0,0}; - FILETIME ftcurrent; - khm_size cb; - - GetSystemTimeAsFileTime(&ftcurrent); - - _begin_task(0); - _report_mr0(KHERR_NONE, MSG_CTX_RENEW_CREDS); - _describe(); - - if (nc->ctx.scope == KHUI_SCOPE_IDENT || - (nc->ctx.scope == KHUI_SCOPE_CREDTYPE && - nc->ctx.cred_type == credtype_id_krb5) || - (nc->ctx.scope == KHUI_SCOPE_CRED && - nc->ctx.cred_type == credtype_id_krb5)) { - int code; - - if (nc->ctx.scope == KHUI_SCOPE_CRED && - nc->ctx.cred != NULL) { - - /* get the expiration time for the identity first. */ - cb = sizeof(ftidexp); -#ifdef DEBUG - assert(nc->ctx.identity != NULL); -#endif - kcdb_identity_get_attr(nc->ctx.identity, - KCDB_ATTR_EXPIRE, - NULL, - &ftidexp, - &cb); - - code = khm_krb5_renew_cred(nc->ctx.cred); - - } else if (nc->ctx.scope == KHUI_SCOPE_IDENT && - nc->ctx.identity != 0) { - /* get the current identity expiration time */ - cb = sizeof(ftidexp); - - kcdb_identity_get_attr(nc->ctx.identity, - KCDB_ATTR_EXPIRE, - NULL, - &ftidexp, - &cb); - - code = khm_krb5_renew_ident(nc->ctx.identity); - } else { - - _reportf(L"No identity specified. Can't renew Kerberos tickets"); - - code = 1; /* it just has to be non-zero */ - } - - if (code == 0) { - _reportf(L"Tickets successfully renewed"); - - khui_cw_set_response(nc, credtype_id_krb5, - KHUI_NC_RESPONSE_EXIT | - KHUI_NC_RESPONSE_SUCCESS); - } else if (nc->ctx.identity == 0) { - - _report_mr0(KHERR_ERROR, MSG_ERR_NO_IDENTITY); - - khui_cw_set_response(nc, credtype_id_krb5, - KHUI_NC_RESPONSE_EXIT | - KHUI_NC_RESPONSE_FAILED); - } else if (CompareFileTime(&ftcurrent, &ftidexp) < 0) { - wchar_t tbuf[1024]; - DWORD suggestion; - kherr_suggestion sug_id; - - /* if we failed to get new tickets, but the - identity is still valid, then we assume that - the current tickets are still good enough - for other credential types to obtain their - credentials. */ - - khm_err_describe(code, tbuf, sizeof(tbuf), - &suggestion, &sug_id); - - _report_cs0(KHERR_WARNING, tbuf); - if (suggestion) - _suggest_mr(suggestion, sug_id); - - _resolve(); - - khui_cw_set_response(nc, credtype_id_krb5, - KHUI_NC_RESPONSE_EXIT | - KHUI_NC_RESPONSE_SUCCESS); - } else { - wchar_t tbuf[1024]; - DWORD suggestion; - kherr_suggestion sug_id; - - khm_err_describe(code, tbuf, sizeof(tbuf), - &suggestion, &sug_id); - - _report_cs0(KHERR_ERROR, tbuf); - if (suggestion) - _suggest_mr(suggestion, sug_id); - - _resolve(); - - khui_cw_set_response(nc, credtype_id_krb5, - ((sug_id == KHERR_SUGGEST_RETRY)?KHUI_NC_RESPONSE_NOEXIT:KHUI_NC_RESPONSE_EXIT) | - KHUI_NC_RESPONSE_FAILED); - } - } else { - khui_cw_set_response(nc, credtype_id_krb5, - KHUI_NC_RESPONSE_EXIT | - KHUI_NC_RESPONSE_SUCCESS); - } - - _end_task(); - } else if (nc->subtype == KMSG_CRED_PASSWORD && - nc->result == KHUI_NC_RESULT_PROCESS) { - - change_password: - /* we jump here if there was a password change forced */ - - _begin_task(0); - _report_mr0(KHERR_NONE, MSG_CTX_PASSWD); - _describe(); - - khui_cw_lock_nc(nc); - - if (nc->result == KHUI_NC_RESULT_CANCEL) { - - khui_cw_set_response(nc, credtype_id_krb5, - KHUI_NC_RESPONSE_SUCCESS | - KHUI_NC_RESPONSE_EXIT); - - } else if (nc->n_identities == 0 || - nc->identities[0] == NULL) { - _report_mr0(KHERR_ERROR, MSG_PWD_NO_IDENTITY); - _suggest_mr(MSG_PWD_S_NO_IDENTITY, KHERR_SUGGEST_RETRY); - - khui_cw_set_response(nc, credtype_id_krb5, - KHUI_NC_RESPONSE_FAILED | - KHUI_NC_RESPONSE_NOEXIT); - - } else { - wchar_t widname[KCDB_IDENT_MAXCCH_NAME]; - char idname[KCDB_IDENT_MAXCCH_NAME]; - wchar_t wpwd[KHUI_MAXCCH_PASSWORD]; - char pwd[KHUI_MAXCCH_PASSWORD]; - wchar_t wnpwd[KHUI_MAXCCH_PASSWORD]; - char npwd[KHUI_MAXCCH_PASSWORD]; - wchar_t wnpwd2[KHUI_MAXCCH_PASSWORD]; - wchar_t * wresult; - char * result; - khm_size n_prompts = 0; - khm_size cb; - khm_int32 rv = KHM_ERROR_SUCCESS; - long code = 0; - khm_handle ident; - - khui_cw_get_prompt_count(nc, &n_prompts); - assert(n_prompts == 3); - - ident = nc->identities[0]; - cb = sizeof(widname); - rv = kcdb_identity_get_name(ident, widname, &cb); - if (KHM_FAILED(rv)) { -#ifdef DEBUG - assert(FALSE); -#endif - _report_mr0(KHERR_ERROR, MSG_PWD_UNKNOWN); - goto _pwd_exit; - } - - cb = sizeof(wpwd); - rv = khui_cw_get_prompt_value(nc, 0, wpwd, &cb); - if (KHM_FAILED(rv)) { -#ifdef DEBUG - assert(FALSE); -#endif - _report_mr0(KHERR_ERROR, MSG_PWD_UNKNOWN); - goto _pwd_exit; - } - - cb = sizeof(wnpwd); - rv = khui_cw_get_prompt_value(nc, 1, wnpwd, &cb); - if (KHM_FAILED(rv)) { -#ifdef DEBUG - assert(FALSE); -#endif - _report_mr0(KHERR_ERROR, MSG_PWD_UNKNOWN); - goto _pwd_exit; - } - - cb = sizeof(wnpwd2); - rv = khui_cw_get_prompt_value(nc, 2, wnpwd2, &cb); - if (KHM_FAILED(rv)) { -#ifdef DEBUG - assert(FALSE); -#endif - _report_mr0(KHERR_ERROR, MSG_PWD_UNKNOWN); - goto _pwd_exit; - } - - if (wcscmp(wnpwd, wnpwd2)) { - rv = KHM_ERROR_INVALID_PARAM; - _report_mr0(KHERR_ERROR, MSG_PWD_NOT_SAME); - _suggest_mr(MSG_PWD_S_NOT_SAME, KHERR_SUGGEST_INTERACT); - goto _pwd_exit; - } - - if (!wcscmp(wpwd, wnpwd)) { - rv = KHM_ERROR_INVALID_PARAM; - _report_mr0(KHERR_ERROR, MSG_PWD_SAME); - _suggest_mr(MSG_PWD_S_SAME, KHERR_SUGGEST_INTERACT); - goto _pwd_exit; - } - - UnicodeStrToAnsi(idname, sizeof(idname), widname); - UnicodeStrToAnsi(pwd, sizeof(pwd), wpwd); - UnicodeStrToAnsi(npwd, sizeof(npwd), wnpwd); - - result = NULL; - - code = khm_krb5_changepwd(idname, - pwd, - npwd, - &result); - - if (code) - rv = KHM_ERROR_UNKNOWN; - else { - khm_handle csp_idcfg = NULL; - krb5_context ctx = NULL; - - /* we set a new password. now we need to get - initial credentials. */ - - d = (k5_dlg_data *) nct->aux; - - if (d == NULL) { - rv = KHM_ERROR_UNKNOWN; - goto _pwd_exit; - } - - if (nc->subtype == KMSG_CRED_PASSWORD) { - /* since this was just a password change, - we need to load new credentials options - from the configuration store. */ - - k5_read_dlg_params(d, nc->identities[0]); - } - - /* the password change phase is now done */ - d->pwd_change = FALSE; - -#ifdef DEBUG - _reportf(L"Calling khm_krb5_kinit()"); -#endif - code = khm_krb5_kinit(NULL, /* context (create one) */ - idname, /* principal_name */ - npwd, /* new password */ - NULL, /* ccache name (figure out the identity cc)*/ - (krb5_deltat) d->tc_lifetime.current, - d->forwardable, - d->proxiable, - (krb5_deltat)((d->renewable)?d->tc_renew.current:0), - d->addressless, /* addressless */ - d->publicIP, /* public IP */ - NULL, /* prompter */ - NULL, /* prompter data */ - NULL /* error message */); - - if (code) { - rv = KHM_ERROR_UNKNOWN; - goto _pwd_exit; - } - - /* save the settings that we used for - obtaining the ticket. */ - if (nc->subtype == KMSG_CRED_NEW_CREDS) { - - k5_write_dlg_params(d, nc->identities[0], NULL); - - /* and then update the LRU too */ - k5_update_LRU(nc->identities[0]); - } - - /* and do a quick refresh of the krb5 tickets - so that other plug-ins that depend on krb5 - can look up tickets inside NetIDMgr */ - khm_krb5_list_tickets(&ctx); - - /* if there was no default identity, we make - this one the default. */ - kcdb_identity_refresh(nc->identities[0]); - { - khm_handle tdefault = NULL; - - if (KHM_SUCCEEDED(kcdb_identity_get_default(&tdefault))) { - kcdb_identity_release(tdefault); - } else { - _reportf(L"There was no default identity. Setting defualt"); - kcdb_identity_set_default(nc->identities[0]); - } - } - - if (ctx != NULL) - pkrb5_free_context(ctx); - - if (nc->subtype == KMSG_CRED_PASSWORD) { - /* if we obtained new credentials as a - result of successfully changing the - password, we also schedule an identity - renewal for this identity. This allows - the other credential types to obtain - credentials for this identity. */ - khui_action_context ctx; - - _reportf(L"Scheduling renewal of [%s] after password change", - widname); - - khui_context_create(&ctx, - KHUI_SCOPE_IDENT, - nc->identities[0], - KCDB_CREDTYPE_INVALID, - NULL); - khui_action_trigger(KHUI_ACTION_RENEW_CRED, - &ctx); - - khui_context_release(&ctx); - } - } - - /* result is only set when code != 0 */ - if (code && result) { - size_t len; - - StringCchLengthA(result, KHERR_MAXCCH_STRING, - &len); - wresult = PMALLOC((len + 1) * sizeof(wchar_t)); -#ifdef DEBUG - assert(wresult); -#endif - AnsiStrToUnicode(wresult, (len + 1) * sizeof(wchar_t), - result); - - _report_cs1(KHERR_ERROR, L"%1!s!", _cstr(wresult)); - _resolve(); - - PFREE(result); - PFREE(wresult); - - /* we don't need to report anything more */ - code = 0; - } - - _pwd_exit: - if (KHM_FAILED(rv)) { - if (code) { - wchar_t tbuf[1024]; - DWORD suggestion; - kherr_suggestion sug_id; - - khm_err_describe(code, tbuf, sizeof(tbuf), - &suggestion, &sug_id); - _report_cs0(KHERR_ERROR, tbuf); - - if (suggestion) - _suggest_mr(suggestion, sug_id); - - _resolve(); - } - - khui_cw_set_response(nc, credtype_id_krb5, - KHUI_NC_RESPONSE_NOEXIT| - KHUI_NC_RESPONSE_FAILED); - } else { - khui_cw_set_response(nc, credtype_id_krb5, - KHUI_NC_RESPONSE_SUCCESS | - KHUI_NC_RESPONSE_EXIT); - } - } - - khui_cw_unlock_nc(nc); - - _end_task(); - } /* KMSG_CRED_PASSWORD */ - } - break; - - case KMSG_CRED_END: - { - khui_new_creds * nc; - khui_new_creds_by_type * nct; - - nc = (khui_new_creds *) vparam; - khui_cw_find_type(nc, credtype_id_krb5, &nct); - - if(!nct) - break; - - khui_cw_del_type(nc, credtype_id_krb5); - - if (nct->name) - PFREE(nct->name); - if (nct->credtext) - PFREE(nct->credtext); - - PFREE(nct); - - k5_free_kinit_job(); - } - break; - - case KMSG_CRED_IMPORT: - { - khm_int32 t = 0; - -#ifdef DEBUG - assert(csp_params); -#endif - khc_read_int32(csp_params, L"MsLsaImport", &t); - - if (t != K5_LSAIMPORT_NEVER) { - krb5_context ctx = NULL; - khm_handle id_default = NULL; - khm_handle id_imported = NULL; - BOOL imported; - - imported = khm_krb5_ms2mit(NULL, (t == K5_LSAIMPORT_MATCH), TRUE, - &id_imported); - if (imported) { - if (id_imported) - k5_ensure_identity_ccache_is_watched(id_imported, NULL); - - khm_krb5_list_tickets(&ctx); - - if (ctx) - pkrb5_free_context(ctx); - - kcdb_identity_refresh(id_imported); - - if (KHM_SUCCEEDED(kcdb_identity_get_default(&id_default))) { - kcdb_identity_release(id_default); - id_default = NULL; - } else { - _reportf(L"There was no default identity. Setting default"); - kcdb_identity_set_default(id_imported); - } - - /* and update the LRU */ - k5_update_LRU(id_imported); - } - - if (id_imported) - kcdb_identity_release(id_imported); - } - } - break; - } - - return rv; -} diff --git a/src/windows/identity/plugins/krb5/krb5plugin.c b/src/windows/identity/plugins/krb5/krb5plugin.c deleted file mode 100644 index d8877a9c0..000000000 --- a/src/windows/identity/plugins/krb5/krb5plugin.c +++ /dev/null @@ -1,265 +0,0 @@ -/* - * Copyright (c) 2005 Massachusetts Institute of Technology - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -/* $Id$ */ - -#include<krbcred.h> -#include<kherror.h> -#include<khmsgtypes.h> -#include<commctrl.h> -#include<strsafe.h> -#include<krb5.h> - -#ifdef DEBUG -#include<assert.h> -#endif - -khm_int32 credtype_id_krb5 = KCDB_CREDTYPE_INVALID; -khm_boolean krb5_initialized = FALSE; -khm_handle krb5_credset = NULL; - -khm_handle k5_sub = NULL; - -LPVOID k5_main_fiber = NULL; -LPVOID k5_kinit_fiber = NULL; - -VOID CALLBACK k5_kinit_fiber_proc(PVOID lpParameter); - -krb5_context k5_identpro_ctx = NULL; - -/* The system message handler. - - Runs in the context of the plugin thread */ -khm_int32 KHMAPI -k5_msg_system(khm_int32 msg_type, khm_int32 msg_subtype, - khm_ui_4 uparam, void * vparam) -{ - khm_int32 rv = KHM_ERROR_SUCCESS; - - switch(msg_subtype) { - case KMSG_SYSTEM_INIT: - { - kcdb_credtype ct; - wchar_t buf[KCDB_MAXCCH_SHORT_DESC]; - size_t cbsize; - - /* perform critical registrations and initialization - stuff */ - ZeroMemory(&ct, sizeof(ct)); - ct.id = KCDB_CREDTYPE_AUTO; - ct.name = KRB5_CREDTYPE_NAME; - - if(LoadString(hResModule, IDS_KRB5_SHORT_DESC, - buf, ARRAYLENGTH(buf))) { - StringCbLength(buf, KCDB_MAXCB_SHORT_DESC, &cbsize); - cbsize += sizeof(wchar_t); - ct.short_desc = PMALLOC(cbsize); - StringCbCopy(ct.short_desc, cbsize, buf); - } - - /* even though ideally we should be setting limits - based KCDB_MAXCB_LONG_DESC, our long description - actually fits nicely in KCDB_MAXCB_SHORT_DESC */ - if(LoadString(hResModule, IDS_KRB5_LONG_DESC, - buf, ARRAYLENGTH(buf))) { - StringCbLength(buf, KCDB_MAXCB_SHORT_DESC, &cbsize); - cbsize += sizeof(wchar_t); - ct.long_desc = PMALLOC(cbsize); - StringCbCopy(ct.long_desc, cbsize, buf); - } - - ct.icon = NULL; /* TODO: set a proper icon */ - - kmq_create_subscription(k5_msg_callback, &ct.sub); - - ct.is_equal = khm_krb5_creds_is_equal; - - rv = kcdb_credtype_register(&ct, &credtype_id_krb5); - - if(KHM_SUCCEEDED(rv)) - rv = kcdb_credset_create(&krb5_credset); - - if(ct.short_desc) - PFREE(ct.short_desc); - - if(ct.long_desc) - PFREE(ct.long_desc); - - if(KHM_SUCCEEDED(rv)) { - krb5_context ctx = NULL; - - krb5_initialized = TRUE; - - /* now convert this thread to a fiber and create a - separate fiber to do kinit stuff */ - k5_main_fiber = ConvertThreadToFiber(NULL); - k5_kinit_fiber = CreateFiber(0,k5_kinit_fiber_proc,NULL); - - ZeroMemory(&g_fjob, sizeof(g_fjob)); - - kmq_create_subscription(k5_msg_callback, &k5_sub); - - k5_register_config_panels(); - - khm_krb5_list_tickets(&ctx); - - if(ctx != NULL) - pkrb5_free_context(ctx); - } - } - break; - - case KMSG_SYSTEM_EXIT: - - k5_unregister_config_panels(); - - if(credtype_id_krb5 >= 0) { - /* basically just unregister the credential type */ - kcdb_credtype_unregister(credtype_id_krb5); - - /* kcdb knows how to deal with bad handles */ - kcdb_credset_delete(krb5_credset); - krb5_credset = NULL; - } - - if(k5_main_fiber != NULL) { - if (k5_kinit_fiber) { -#ifdef DEBUG - assert(k5_kinit_fiber != GetCurrentFiber()); -#endif -#ifdef CLEANUP_FIBERS_ON_EXIT - DeleteFiber(k5_kinit_fiber); - CloseHandle(k5_kinit_fiber); -#endif - k5_kinit_fiber = NULL; - } - - k5_main_fiber = NULL; - } - - if(k5_sub != NULL) { - kmq_delete_subscription(k5_sub); - k5_sub = NULL; - } - - break; - } - - return rv; -} - -khm_int32 KHMAPI -k5_msg_kcdb(khm_int32 msg_type, khm_int32 msg_subtype, - khm_ui_4 uparam, void * vparam) -{ - khm_int32 rv = KHM_ERROR_SUCCESS; - - switch(msg_subtype) { - case KMSG_KCDB_IDENT: - if (uparam == KCDB_OP_DELCONFIG) { - k5_remove_from_LRU((khm_handle) vparam); - } - break; - } - - return rv; -} - - -/* Handler for CRED type messages - - Runs in the context of the Krb5 plugin -*/ -khm_int32 KHMAPI -k5_msg_cred(khm_int32 msg_type, khm_int32 msg_subtype, - khm_ui_4 uparam, void * vparam) -{ - khm_int32 rv = KHM_ERROR_SUCCESS; - - switch(msg_subtype) { - case KMSG_CRED_REFRESH: - { - krb5_context ctx = NULL; - - khm_krb5_list_tickets(&ctx); - - if(ctx != NULL) - pkrb5_free_context(ctx); - } - break; - - case KMSG_CRED_DESTROY_CREDS: - { - khui_action_context * ctx; - - ctx = (khui_action_context *) vparam; - - if (ctx->credset) { - _begin_task(0); - _report_mr0(KHERR_INFO, MSG_ERR_CTX_DESTROY_CREDS); - _describe(); - - khm_krb5_destroy_by_credset(ctx->credset); - - _end_task(); - } - } - break; - - case KMSG_CRED_PP_BEGIN: - k5_pp_begin((khui_property_sheet *) vparam); - break; - - case KMSG_CRED_PP_END: - k5_pp_end((khui_property_sheet *) vparam); - break; - - default: - if(IS_CRED_ACQ_MSG(msg_subtype)) - return k5_msg_cred_dialog(msg_type, msg_subtype, - uparam, vparam); - } - - return rv; -} - -/* The main message handler. We don't do much here, except delegate - to other message handlers - - Runs in the context of the Krb5 plugin -*/ -khm_int32 KHMAPI -k5_msg_callback(khm_int32 msg_type, khm_int32 msg_subtype, - khm_ui_4 uparam, void * vparam) -{ - switch(msg_type) { - case KMSG_SYSTEM: - return k5_msg_system(msg_type, msg_subtype, uparam, vparam); - case KMSG_CRED: - return k5_msg_cred(msg_type, msg_subtype, uparam, vparam); - case KMSG_KCDB: - return k5_msg_kcdb(msg_type, msg_subtype, uparam, vparam); - } - return KHM_ERROR_SUCCESS; -} diff --git a/src/windows/identity/plugins/krb5/krb5props.c b/src/windows/identity/plugins/krb5/krb5props.c deleted file mode 100644 index d1553e6d6..000000000 --- a/src/windows/identity/plugins/krb5/krb5props.c +++ /dev/null @@ -1,175 +0,0 @@ -/* - * Copyright (c) 2005 Massachusetts Institute of Technology - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -/* $Id$ */ - -#include<krbcred.h> -#include<kherror.h> -#include<khmsgtypes.h> -#include<commctrl.h> -#include<strsafe.h> -#include<krb5.h> -#ifdef DEBUG -#include<assert.h> -#endif - -/* Property page - - Runs in the context of the UI thread. - */ -INT_PTR CALLBACK krb5_pp_proc(HWND hwnd, - UINT uMsg, - WPARAM wParam, - LPARAM lParam - ) -{ - switch(uMsg) { - case WM_INITDIALOG: - { - khui_property_sheet * s; - PROPSHEETPAGE * p; - wchar_t buf[512]; - wchar_t unavailable[64]; - khm_size cbsize; - khm_int32 rv; - khm_int32 tflags; - - p = (PROPSHEETPAGE *) lParam; - s = (khui_property_sheet *) p->lParam; - -#pragma warning(push) -#pragma warning(disable: 4244) - SetWindowLongPtr(hwnd, DWLP_USER, (LONG_PTR) s); -#pragma warning(pop) - - LoadString(hResModule, IDS_UNAVAILABLE, - unavailable, ARRAYLENGTH(unavailable)); - - if(s->cred) { - cbsize = sizeof(buf); - kcdb_cred_get_name(s->cred, buf, &cbsize); - SetDlgItemText(hwnd, IDC_PPK5_NAME, buf); - - cbsize = sizeof(buf); - rv = kcdb_cred_get_attr_string(s->cred, - KCDB_ATTR_ISSUE, - buf, &cbsize, 0); - if (KHM_SUCCEEDED(rv)) - SetDlgItemText(hwnd, IDC_PPK5_ISSUE, buf); - else - SetDlgItemText(hwnd, IDC_PPK5_ISSUE, unavailable); - - cbsize = sizeof(buf); - rv = kcdb_cred_get_attr_string(s->cred, - KCDB_ATTR_EXPIRE, - buf, &cbsize, 0); - if (KHM_SUCCEEDED(rv)) - SetDlgItemText(hwnd, IDC_PPK5_VALID, buf); - else - SetDlgItemText(hwnd, IDC_PPK5_VALID, unavailable); - - cbsize = sizeof(buf); - rv = kcdb_cred_get_attr_string(s->cred, - KCDB_ATTR_RENEW_EXPIRE, - buf, &cbsize, 0); - if (KHM_SUCCEEDED(rv)) - SetDlgItemText(hwnd, IDC_PPK5_RENEW, buf); - else - SetDlgItemText(hwnd, IDC_PPK5_RENEW, unavailable); - - tflags = 0; - cbsize = sizeof(tflags); - rv = kcdb_cred_get_attr(s->cred, - attr_id_krb5_flags, - NULL, - &tflags, - &cbsize); - if (KHM_SUCCEEDED(rv)) { - -#define ADDBITFLAG(f,s) \ - if (tflags & f) { \ - LoadString(hResModule, s, buf, ARRAYLENGTH(buf)); \ - SendDlgItemMessage(hwnd, IDC_PPK5_FLAGS, LB_ADDSTRING, 0, (LPARAM) buf); \ - } - - ADDBITFLAG(TKT_FLG_FORWARDABLE, IDS_FLG_FORWARDABLE); - ADDBITFLAG(TKT_FLG_FORWARDED, IDS_FLG_FORWARDED); - ADDBITFLAG(TKT_FLG_PROXIABLE, IDS_FLG_PROXIABLE); - ADDBITFLAG(TKT_FLG_PROXY, IDS_FLG_PROXY); - ADDBITFLAG(TKT_FLG_MAY_POSTDATE, IDS_FLG_MAY_POSTDATE); - ADDBITFLAG(TKT_FLG_POSTDATED, IDS_FLG_POSTDATED); - ADDBITFLAG(TKT_FLG_INVALID, IDS_FLG_INVALID); - ADDBITFLAG(TKT_FLG_RENEWABLE, IDS_FLG_RENEWABLE); - ADDBITFLAG(TKT_FLG_INITIAL, IDS_FLG_INITIAL); - ADDBITFLAG(TKT_FLG_PRE_AUTH, IDS_FLG_PRE_AUTH); - ADDBITFLAG(TKT_FLG_HW_AUTH, IDS_FLG_HW_AUTH); - ADDBITFLAG(TKT_FLG_TRANSIT_POLICY_CHECKED, IDS_FLG_TRANSIT_POL); - ADDBITFLAG(TKT_FLG_OK_AS_DELEGATE, IDS_FLG_OK_DELEGATE); - ADDBITFLAG(TKT_FLG_ANONYMOUS, IDS_FLG_ANONYMOUS); - -#undef ADDBITFLAG - - } - } else { -#ifdef DEBUG - assert(FALSE); -#endif - } - } - return FALSE; - } - - return FALSE; -} - -void k5_pp_begin(khui_property_sheet * s) -{ - PROPSHEETPAGE *p; - - if(s->credtype == credtype_id_krb5 && - s->cred) { - p = PMALLOC(sizeof(*p)); - ZeroMemory(p, sizeof(*p)); - - p->dwSize = sizeof(*p); - p->dwFlags = 0; - p->hInstance = hResModule; - p->pszTemplate = MAKEINTRESOURCE(IDD_PP_KRB5C); - p->pfnDlgProc = krb5_pp_proc; - p->lParam = (LPARAM) s; - khui_ps_add_page(s, credtype_id_krb5, 0, p, NULL); - } -} - -void k5_pp_end(khui_property_sheet * s) -{ - khui_property_page * p = NULL; - - khui_ps_find_page(s, credtype_id_krb5, &p); - if(p) { - if(p->p_page) - PFREE(p->p_page); - p->p_page = NULL; - } -} diff --git a/src/windows/identity/plugins/krb5/krbconfig.csv b/src/windows/identity/plugins/krb5/krbconfig.csv deleted file mode 100644 index 3bb30ea77..000000000 --- a/src/windows/identity/plugins/krb5/krbconfig.csv +++ /dev/null @@ -1,45 +0,0 @@ -Name,Type,Value,Description -Krb5Cred,KC_SPACE,0,Kerberos V Credentials Provider - Module,KC_STRING,MITKrb5, - Description,KC_STRING,Kerberos V Credentials Provider, - Type,KC_INT32,1, - Flags,KC_INT32,0, - Parameters,KC_SPACE,0,Parameters for KrbCred - CreateMissingConfig,KC_INT32,0,Create missing configuration files - MsLsaImport,KC_INT32,1,Automatically import MSLSA credentials: 0-never 1-always 2-if principle matches - MsLsaList,KC_INT32,1,Include MSLSA in the credentials list - FileCCList,KC_STRING,,List of file CCaches to include in listing - AutoRenewTickets,KC_INT32,1,Automatically renew expiring tickets - DefaultLifetime,KC_INT32,36000,Default ticket lifetime - MaxLifetime,KC_INT32,86400,Maximum lifetime - MinLifetime,KC_INT32,60,Minimum lifetime - Forwardable,KC_INT32,1,Obtain forwardable tickets (boolean) - Proxiable,KC_INT32,0,Obtain proxiable tickets (boolean) - Addressless,KC_INT32,1,Obtain addressless tickets (boolean) - PublicIP,KC_INT32,0,Additional public IP address to use (int32) - Renewable,KC_INT32,1,Obtain renewable tickets (boolean) - DefaultRenewLifetime,KC_INT32,604800,Default renewable lifetime - MaxRenewLifetime,KC_INT32,2592000,Maximum renewable lifetime - MinRenewLifetime,KC_INT32,60,Maximum renewable lifetime - UseFullRealmList,KC_INT32,0,Use the full list of realms in the New Creds dialog - LRURealms,KC_STRING,, - LRUPrincipals,KC_STRING,, - LastDefaultIdent,KC_STRING,,Last known default identity - PromptCacheLifetime,KC_INT32,172800,Lifetime of the prompt cache in seconds - DefaultCCName,KC_STRING,,Default CC name (only per identity) - DefaultToFileCache,KC_INT32,0,"If no DefaultCCName is specified for an identity, use a generated FILE: cache instead of an API: cache" - PromptCache,KC_SPACE,0,Cache of prompts (only per identity) - Name,KC_STRING,, - Banner,KC_STRING,, - PromptCount,KC_INT32,0, - ExpiresOn,KC_INT64,0,FILETIME of when the prompt cache is set to expire - (n),KC_SPACE,0,Parameters for each prompt - Prompt,KC_STRING,, - Type,KC_INT32,0, - Flags,KC_INT32,0, - (n),KC_ENDSPACE,0, - PromptCache,KC_ENDSPACE,0, - Realms,KC_SPACE,0,Realm specific configuration (same schema as per identity config) - Realms,KC_ENDSPACE,0, - Parameters,KC_ENDSPACE,0, -Krb5Cred,KC_ENDSPACE,0, diff --git a/src/windows/identity/plugins/krb5/krbcred.h b/src/windows/identity/plugins/krb5/krbcred.h deleted file mode 100644 index d90a39e46..000000000 --- a/src/windows/identity/plugins/krb5/krbcred.h +++ /dev/null @@ -1,243 +0,0 @@ -/* - * Copyright (c) 2005 Massachusetts Institute of Technology - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - */ - -/* $Id$ */ - -#ifndef __KHIMAIRA_KRBAFSCRED_H -#define __KHIMAIRA_KRBAFSCRED_H - -#include<windows.h> - -/* While we generally pull resources out of hResModule, the message - strings for all the languages are kept in the main DLL. */ -#define KHERR_HMODULE hInstance -#define KHERR_FACILITY k5_facility -#define KHERR_FACILITY_ID 64 - -#include<netidmgr.h> - -#include<krb5funcs.h> -#include<krb5common.h> -#include<errorfuncs.h> -#include<dynimport.h> - -#include<langres.h> -#include<datarep.h> -#include<krb5_msgs.h> - -typedef enum tag_k5_lsa_import { - K5_LSAIMPORT_NEVER = 0, - K5_LSAIMPORT_ALWAYS = 1, - K5_LSAIMPORT_MATCH = 2, /* only when the principal name matches */ -} k5_lsa_import; - -#define TYPENAME_ENCTYPE L"EncType" -#define TYPENAME_ADDR_LIST L"AddrList" -#define TYPENAME_KRB5_FLAGS L"Krb5Flags" -#define TYPENAME_KRB5_PRINC L"Krb5Principal" -#define TYPENAME_KVNO L"Kvno" - -#define ATTRNAME_KEY_ENCTYPE L"KeyEncType" -#define ATTRNAME_TKT_ENCTYPE L"TktEncType" -#define ATTRNAME_ADDR_LIST L"AddrList" -#define ATTRNAME_KRB5_FLAGS L"Krb5Flags" -#define ATTRNAME_KRB5_CCNAME L"Krb5CCName" -#define ATTRNAME_KVNO L"Kvno" -#define ATTRNAME_KRB5_IDFLAGS L"Krb5IDFlags" - -/* Flag bits for Krb5IDFlags property */ - -/* identity was imported from MSLSA: */ -#define K5IDFLAG_IMPORTED 0x00000001 - -void init_krb(); -void exit_krb(); - -/* globals */ -extern kmm_module h_khModule; -extern HMODULE hResModule; -extern HINSTANCE hInstance; -extern const wchar_t * k5_facility; - -extern khm_int32 type_id_enctype; -extern khm_int32 type_id_addr_list; -extern khm_int32 type_id_krb5_flags; -extern khm_int32 type_id_krb5_princ; -extern khm_int32 type_id_kvno; - -extern BOOL type_regd_krb5_princ; - -extern khm_int32 attr_id_key_enctype; -extern khm_int32 attr_id_tkt_enctype; -extern khm_int32 attr_id_addr_list; -extern khm_int32 attr_id_krb5_flags; -extern khm_int32 attr_id_krb5_ccname; -extern khm_int32 attr_id_kvno; -extern khm_int32 attr_id_krb5_idflags; - -extern khm_ui_4 k5_commctl_version; - -#define IS_COMMCTL6() (k5_commctl_version >= 0x60000) - -/* Configuration spaces */ -#define CSNAME_KRB5CRED L"Krb5Cred" -#define CSNAME_PARAMS L"Parameters" -#define CSNAME_PROMPTCACHE L"PromptCache" -#define CSNAME_REALMS L"Realms" - -/* plugin constants */ -#define KRB5_PLUGIN_NAME L"Krb5Cred" -#define KRB5_IDENTPRO_NAME L"Krb5Ident" - -#define KRB5_CREDTYPE_NAME L"Krb5Cred" - -/* limits */ -/* maximum number of characters in a realm name */ -#define K5_MAXCCH_REALM 256 - -/* maximum number of characters in a host name */ -#define K5_MAXCCH_HOST 128 - -/* maximum number of KDC's per realm */ -#define K5_MAX_KDC 64 - -/* maximum number of domains that map to a realm */ -#define K5_MAX_DOMAIN_MAPPINGS 32 - -extern khm_handle csp_plugins; -extern khm_handle csp_krbcred; -extern khm_handle csp_params; - -extern kconf_schema schema_krbconfig[]; - -/* other globals */ -extern khm_int32 credtype_id_krb5; - -extern khm_boolean krb5_initialized; - -extern khm_handle krb5_credset; - -extern khm_handle k5_sub; - -extern krb5_context k5_identpro_ctx; - -extern BOOL is_k5_identpro; - -/* plugin callbacks */ -khm_int32 KHMAPI k5_msg_callback(khm_int32 msg_type, khm_int32 msg_subtype, khm_ui_4 uparam, void * vparam); -khm_int32 KHMAPI k5_ident_callback(khm_int32 msg_type, khm_int32 msg_subtype, khm_ui_4 uparam, void * vparam); - -/* kinit fiber */ -typedef struct _fiber_job_t { - int command; - - khui_new_creds * nc; - khui_new_creds_by_type * nct; - HWND dialog; - - khm_handle identity; - char * principal; - char * password; - char * ccache; - krb5_deltat lifetime; - DWORD forwardable; - DWORD proxiable; - DWORD renewable; - krb5_deltat renew_life; - DWORD addressless; - DWORD publicIP; - - int code; - int state; - int prompt_set; - wchar_t *error_message; - - BOOL null_password; - BOOL valid_principal; - BOOL retry_if_valid_principal; -} fiber_job; - -extern fiber_job g_fjob; /* global fiber job object */ - -#define FIBER_CMD_KINIT 1 -#define FIBER_CMD_CANCEL 2 -#define FIBER_CMD_CONTINUE 3 - -#define FIBER_STATE_NONE 0 -#define FIBER_STATE_KINIT 1 -#define FIBER_STATE_RETRY_KINIT 2 - -#define K5_SET_CRED_MSG WMNC_USER - -void -k5_pp_begin(khui_property_sheet * s); - -void -k5_pp_end(khui_property_sheet * s); - -khm_int32 KHMAPI -k5_msg_cred_dialog(khm_int32 msg_type, - khm_int32 msg_subtype, - khm_ui_4 uparam, - void * vparam); - -khm_int32 KHMAPI -k5_msg_ident(khm_int32 msg_type, - khm_int32 msg_subtype, - khm_ui_4 uparam, - void * vparam); - -khm_int32 -k5_remove_from_LRU(khm_handle identity); - -int -k5_get_realm_from_nc(khui_new_creds * nc, - wchar_t * buf, - khm_size cch_buf); - -void -k5_register_config_panels(void); - -void -k5_unregister_config_panels(void); - -INT_PTR CALLBACK -k5_ccconfig_dlgproc(HWND hwnd, - UINT uMsg, - WPARAM wParam, - LPARAM lParam); - -INT_PTR CALLBACK -k5_id_tab_dlgproc(HWND hwndDlg, - UINT uMsg, - WPARAM wParam, - LPARAM lParam); - -INT_PTR CALLBACK -k5_ids_tab_dlgproc(HWND hwnd, - UINT uMsg, - WPARAM wParam, - LPARAM lParam); - -#endif diff --git a/src/windows/identity/plugins/krb5/lang/en_us/langres.rc b/src/windows/identity/plugins/krb5/lang/en_us/langres.rc deleted file mode 100644 index 9d110f5af..000000000 --- a/src/windows/identity/plugins/krb5/lang/en_us/langres.rc +++ /dev/null @@ -1,509 +0,0 @@ -// Microsoft Visual C++ generated resource script. -// -#include "..\..\langres.h" - -#define APSTUDIO_READONLY_SYMBOLS -///////////////////////////////////////////////////////////////////////////// -// -// Generated from the TEXTINCLUDE 2 resource. -// -#include "afxres.h" - -///////////////////////////////////////////////////////////////////////////// -#undef APSTUDIO_READONLY_SYMBOLS - -///////////////////////////////////////////////////////////////////////////// -// English (U.S.) resources - -#if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU) -#ifdef _WIN32 -LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US -#pragma code_page(1252) -#endif //_WIN32 - -#ifdef APSTUDIO_INVOKED -///////////////////////////////////////////////////////////////////////////// -// -// TEXTINCLUDE -// - -1 TEXTINCLUDE -BEGIN - "..\\..\\langres.h\0" -END - -2 TEXTINCLUDE -BEGIN - "#include ""afxres.h""\r\n" - "\0" -END - -3 TEXTINCLUDE -BEGIN - "\r\n" - "\0" -END - -#endif // APSTUDIO_INVOKED - - -///////////////////////////////////////////////////////////////////////////// -// -// Dialog -// - -IDD_NC_KRB5 DIALOGEX 0, 0, 300, 166 -STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD | WS_CLIPSIBLINGS | WS_CLIPCHILDREN -EXSTYLE WS_EX_CONTROLPARENT -FONT 8, "MS Shell Dlg", 400, 0, 0x1 -BEGIN - CONTROL "Kerberos v5 Credential Options",IDC_STATIC,"Static",SS_LEFTNOWORDWRAP | SS_SUNKEN | WS_GROUP,7,7,286,11 - LTEXT "Realm",IDC_STATIC,7,25,52,13 - COMBOBOX IDC_NCK5_REALM,60,25,233,51,CBS_DROPDOWN | CBS_AUTOHSCROLL | CBS_SORT | WS_VSCROLL | WS_TABSTOP - PUSHBUTTON "Specify &additional realms ...",IDC_NCK5_ADD_REALMS,181,43,112,16,BS_NOTIFY | NOT WS_VISIBLE | WS_DISABLED - LTEXT "&Lifetime",IDC_STATIC,7,67,61,12 - EDITTEXT IDC_NCK5_LIFETIME_EDIT,85,67,107,12,ES_AUTOHSCROLL - CONTROL "&Renewable for",IDC_NCK5_RENEWABLE,"Button",BS_AUTOCHECKBOX | BS_NOTIFY | WS_TABSTOP,7,87,64,12 - EDITTEXT IDC_NCK5_RENEW_EDIT,85,87,108,12,ES_AUTOHSCROLL - CONTROL "Can be &forwarded to other machines",IDC_NCK5_FORWARDABLE, - "Button",BS_AUTOCHECKBOX | BS_NOTIFY | WS_TABSTOP,7,107,132,12 - CONTROL "Addressless",IDC_NCK5_ADDRESS,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,7,128,54,10 - LTEXT "Additional IP address",IDC_STATIC,118,129,68,8,NOT WS_VISIBLE - CONTROL "",IDC_NCK5_PUBLICIP,"SysIPAddress32",NOT WS_VISIBLE | WS_TABSTOP,193,125,100,15 -END - -IDD_PP_KRB5C DIALOGEX 0, 0, 235, 156 -STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_DISABLED | WS_CAPTION -CAPTION "Kerberos v5" -FONT 8, "MS Shell Dlg", 0, 0, 0x0 -BEGIN - LTEXT "Name",IDC_STATIC,7,7,19,8 - LTEXT "Valid till",IDC_STATIC,7,39,24,8 - LTEXT "Renewable till",IDC_STATIC,7,55,45,12 - LTEXT "Issued on",IDC_STATIC,7,23,32,8 - LTEXT "Credential flags",IDC_STATIC,7,75,51,8 - EDITTEXT IDC_PPK5_NAME,72,7,156,12,ES_AUTOHSCROLL | ES_READONLY - EDITTEXT IDC_PPK5_ISSUE,72,23,156,12,ES_AUTOHSCROLL | ES_READONLY - EDITTEXT IDC_PPK5_VALID,72,39,156,12,ES_AUTOHSCROLL | ES_READONLY - EDITTEXT IDC_PPK5_RENEW,72,55,156,12,ES_AUTOHSCROLL | ES_READONLY - LISTBOX IDC_PPK5_FLAGS,72,74,156,75,LBS_SORT | LBS_NOINTEGRALHEIGHT | WS_VSCROLL | WS_TABSTOP -END - -IDD_PP_KRB5 DIALOGEX 0, 0, 235, 156 -STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_DISABLED | WS_CAPTION -CAPTION "Kerberos v5" -FONT 8, "MS Shell Dlg", 0, 0, 0x0 -BEGIN - LTEXT "Default realm",IDC_STATIC,7,7,44,8 - LTEXT "Default lifetime",IDC_STATIC,7,22,49,8 - LTEXT "Minimum lifetime",IDC_STATIC,7,37,52,8 - LTEXT "Maximum lifetime",IDC_STATIC,7,52,55,8 - LTEXT "Renewable lifetime",IDC_STATIC,7,67,61,8 - LTEXT "Min. Renewable lifetime",IDC_STATIC,7,82,76,8 - LTEXT "Max. Renewable lifetime",IDC_STATIC,7,97,79,8 - GROUPBOX "Default credential flags",IDC_STATIC,7,113,221,36 - CONTROL "Proxiable",IDC_CHECK2,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,160,129,45,10 - CONTROL "Renewable",IDC_CHECK4,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,23,129,51,10 - CONTROL "Forwardable",IDC_CHECK5,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,89,129,56,10 - LTEXT "ATHENA.MIT.EDU",IDC_STATIC,95,7,133,11,0,WS_EX_CLIENTEDGE - LTEXT "10 hours",IDC_STATIC,95,22,133,11,0,WS_EX_CLIENTEDGE - LTEXT "1 minute",IDC_STATIC,95,37,133,11,0,WS_EX_CLIENTEDGE - LTEXT "7 days",IDC_STATIC,95,52,133,11,0,WS_EX_CLIENTEDGE - LTEXT "7 days",IDC_STATIC,95,67,133,11,0,WS_EX_CLIENTEDGE - LTEXT "1 minute",IDC_STATIC,95,82,133,11,0,WS_EX_CLIENTEDGE - LTEXT "21 days",IDC_STATIC,95,97,133,11,0,WS_EX_CLIENTEDGE -END - -IDD_CONFIG DIALOGEX 0, 0, 255, 182 -STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD | WS_SYSMENU -EXSTYLE WS_EX_CONTROLPARENT -FONT 8, "MS Shell Dlg", 400, 0, 0x1 -BEGIN - LTEXT "Default Realm",IDC_CFG_LBL_REALM,13,9,46,8 - COMBOBOX IDC_CFG_DEFREALM,76,7,166,51,CBS_DROPDOWN | CBS_SORT | WS_VSCROLL | WS_TABSTOP - CONTROL "Include all configured realms in New Credentials realm list",IDC_CFG_INCREALMS, - "Button",BS_AUTOCHECKBOX | BS_MULTILINE | WS_TABSTOP,76,26,166,22 - PUSHBUTTON "Configure Realms ...",IDC_CFG_CFGREALMS,76,46,84,14,NOT WS_VISIBLE | WS_DISABLED - GROUPBOX "Configuration File",IDC_CFG_CFGFILEGRP,7,59,241,47 - LTEXT "Location",IDC_CFG_LBL_CFGFILE,13,74,28,8 - EDITTEXT IDC_CFG_CFGFILE,76,71,166,14,ES_AUTOHSCROLL | ES_READONLY - PUSHBUTTON "Browse...",IDC_CFG_BROWSE,145,89,44,14,NOT WS_VISIBLE - CONTROL "Create file if missing",IDC_CFG_CREATECONFIG,"Button",BS_AUTOCHECKBOX | NOT WS_VISIBLE | WS_DISABLED | WS_TABSTOP,76,93,80,10 - PUSHBUTTON "Load into realm editor ...",IDC_CFG_BROWSE2,26,89,100,14,NOT WS_VISIBLE - GROUPBOX "Microsoft Windows® Options",IDC_CFG_WINGRP,7,110,241,65 - LTEXT "Hostname",IDC_CFG_LBL_HOSTNAME,13,123,33,8 - EDITTEXT IDC_CFG_HOSTNAME,76,120,166,14,ES_AUTOHSCROLL | ES_READONLY - LTEXT "Domain",IDC_CFG_LBL_DOMAIN,13,141,24,8 - EDITTEXT IDC_CFG_DOMAIN,76,138,166,14,ES_AUTOHSCROLL | ES_READONLY - LTEXT "Import credentials",IDC_LBL_IMPORT,13,158,45,8 - COMBOBOX IDC_CFG_IMPORT,76,156,166,51,CBS_DROPDOWNLIST | WS_VSCROLL | WS_TABSTOP -END - -IDD_CFG_REALMS DIALOGEX 0, 0, 255, 182 -STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_SYSMENU -EXSTYLE WS_EX_CONTROLPARENT -FONT 8, "MS Shell Dlg", 400, 0, 0x1 -BEGIN - CONTROL "",IDC_CFG_REALMS,"SysListView32",LVS_REPORT | LVS_SHOWSELALWAYS | LVS_SORTASCENDING | LVS_EDITLABELS | LVS_ALIGNLEFT | LVS_NOCOLUMNHEADER | WS_TABSTOP,7,19,81,148 - GROUPBOX "Kerberos v5 Servers",IDC_CFG_SERVERSGRP,93,7,155,91 - GROUPBOX "Domain to Realm mappings",IDC_CFG_DOMAINGRP,93,101,155,74 - CONTROL "",IDC_CFG_KDC,"SysListView32",LVS_REPORT | LVS_EDITLABELS | LVS_ALIGNLEFT | WS_TABSTOP,99,19,143,72 - CONTROL "",IDC_CFG_DMAP,"SysListView32",LVS_REPORT | LVS_EDITLABELS | LVS_ALIGNLEFT | WS_TABSTOP,99,111,143,56 -END - -IDD_CFG_IDS_TAB DIALOGEX 0, 0, 235, 151 -STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_SYSMENU -EXSTYLE WS_EX_CONTROLPARENT -FONT 8, "MS Shell Dlg", 400, 0, 0x1 -BEGIN - LTEXT "Ticket &lifetime",IDC_CFG_LBL_DEFLIFE,7,10,44,8 - EDITTEXT IDC_CFG_DEFLIFE,94,7,134,14,ES_AUTOHSCROLL - LTEXT "Ticket re&newable lifetime",IDC_CFG_LBL_DEFRLIFE,7,29,80,8 - EDITTEXT IDC_CFG_DEFRLIFE,94,26,134,14,ES_AUTOHSCROLL - CONTROL "&Renewable",IDC_CFG_RENEW,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,7,47,51,10 - CONTROL "&Forwardable",IDC_CFG_FORWARD,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,94,47,56,10 - CONTROL "&Addressless",IDC_CFG_ADDRESSLESS,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,7,63,54,10 - GROUPBOX "Credential lifetime range",IDC_CFG_LIFEGRP,7,79,221,31 - LTEXT "From",IDC_STATIC,13,93,17,8 - EDITTEXT IDC_CFG_LRNG_MIN,38,90,79,14,ES_AUTOHSCROLL - LTEXT "To",IDC_STATIC,125,93,9,8 - EDITTEXT IDC_CFG_LRNG_MAX,143,90,79,14,ES_AUTOHSCROLL - GROUPBOX "Credential renewable lifetime range",IDC_STATIC,7,113,221,31 - LTEXT "From",IDC_STATIC,13,128,17,8 - EDITTEXT IDC_CFG_RLRNG_MIN,38,125,79,14,ES_AUTOHSCROLL - LTEXT "To",IDC_STATIC,125,128,9,8 - EDITTEXT IDC_CFG_RLRNG_MAX,143,125,79,14,ES_AUTOHSCROLL -END - -IDD_CFG_ID_TAB DIALOGEX 0, 0, 235, 151 -STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_SYSMENU -EXSTYLE WS_EX_CONTROLPARENT -FONT 8, "MS Shell Dlg", 400, 0, 0x1 -BEGIN - LTEXT "Credential lifetime",IDC_CFG_LBL_DEFLIFE,7,10,58,8 - EDITTEXT IDC_CFG_DEFLIFE,91,7,137,14,ES_AUTOHSCROLL - CONTROL "Renewable for",IDC_CFG_RENEW,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,7,41,63,10 - EDITTEXT IDC_CFG_DEFRLIFE,91,39,137,14,ES_AUTOHSCROLL - CONTROL "Can be forwarded to other machines",IDC_CFG_FORWARD, - "Button",BS_AUTOCHECKBOX | WS_TABSTOP,7,59,133,10 - CONTROL "Addressless",IDC_CFG_ADDRESSLESS,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,7,77,54,10 - LTEXT "Additional IP address",IDC_STATIC,91,78,68,8,NOT WS_VISIBLE - CONTROL "",IDC_CFG_PUBLICIP,"SysIPAddress32",NOT WS_VISIBLE | WS_TABSTOP,128,89,100,15 - LTEXT "Credential cache",IDC_STATIC,7,132,58,8 - EDITTEXT IDC_CFG_CCACHE,91,130,137,14,ES_AUTOHSCROLL -END - -IDD_NC_KRB5_PASSWORD DIALOGEX 0, 0, 300, 166 -STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_SYSMENU -EXSTYLE WS_EX_CONTROLPARENT -FONT 8, "MS Shell Dlg", 400, 0, 0x1 -BEGIN - CONTROL "Kerberos v5 Change Password Options",IDC_STATIC,"Static",SS_LEFTNOWORDWRAP | SS_SUNKEN | WS_GROUP,7,7,286,11 - LTEXT "Realm",IDC_STATIC,7,25,52,13 - COMBOBOX IDC_NCK5_REALM,60,25,233,51,CBS_DROPDOWN | CBS_AUTOHSCROLL | CBS_SORT | WS_VSCROLL | WS_TABSTOP - PUSHBUTTON "Specify &additional realms ...",IDC_NCK5_ADD_REALMS,181,43,112,16,BS_NOTIFY | WS_DISABLED -END - -IDD_CFG_CACHES DIALOGEX 0, 0, 255, 182 -STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_SYSMENU -EXSTYLE WS_EX_CONTROLPARENT -FONT 8, "MS Shell Dlg", 400, 0, 0x1 -BEGIN - GROUPBOX "File-based Credential Caches",IDC_CFG_FCGRP,7,26,241,149 - CONTROL "",IDC_CFG_FCLIST,"SysListView32",LVS_REPORT | LVS_SORTASCENDING | LVS_ALIGNLEFT | WS_BORDER | WS_TABSTOP,13,37,229,97 - EDITTEXT IDC_CFG_FCNAME,13,139,173,14,ES_AUTOHSCROLL - PUSHBUTTON "&Browse ...",IDC_CFG_BROWSE,192,139,50,14 - PUSHBUTTON "Add",IDC_CFG_ADD,13,156,50,14 - PUSHBUTTON "Remove Selected",IDC_CFG_REMOVE,88,156,80,14 - CONTROL "Include all API: credentials caches",IDC_CFG_INCAPI, - "Button",BS_AUTOCHECKBOX | NOT WS_VISIBLE | WS_TABSTOP,123,7,125,10 - CONTROL "Include Windows LSA cache (MSLSA:)",IDC_CFG_INCMSLSA, - "Button",BS_AUTOCHECKBOX | WS_TABSTOP,13,7,136,10 -END - - -///////////////////////////////////////////////////////////////////////////// -// -// DESIGNINFO -// - -#ifdef APSTUDIO_INVOKED -GUIDELINES DESIGNINFO -BEGIN - IDD_NC_KRB5, DIALOG - BEGIN - LEFTMARGIN, 7 - RIGHTMARGIN, 293 - TOPMARGIN, 7 - BOTTOMMARGIN, 159 - END - - IDD_PP_KRB5C, DIALOG - BEGIN - LEFTMARGIN, 7 - RIGHTMARGIN, 228 - TOPMARGIN, 7 - BOTTOMMARGIN, 149 - END - - IDD_PP_KRB5, DIALOG - BEGIN - LEFTMARGIN, 7 - RIGHTMARGIN, 228 - TOPMARGIN, 7 - BOTTOMMARGIN, 149 - END - - IDD_CONFIG, DIALOG - BEGIN - LEFTMARGIN, 7 - RIGHTMARGIN, 248 - VERTGUIDE, 13 - VERTGUIDE, 76 - VERTGUIDE, 242 - TOPMARGIN, 7 - BOTTOMMARGIN, 175 - END - - IDD_CFG_REALMS, DIALOG - BEGIN - LEFTMARGIN, 7 - RIGHTMARGIN, 248 - VERTGUIDE, 93 - VERTGUIDE, 99 - VERTGUIDE, 242 - TOPMARGIN, 7 - BOTTOMMARGIN, 175 - HORZGUIDE, 19 - HORZGUIDE, 167 - END - - IDD_CFG_IDS_TAB, DIALOG - BEGIN - LEFTMARGIN, 7 - RIGHTMARGIN, 228 - VERTGUIDE, 13 - VERTGUIDE, 94 - VERTGUIDE, 222 - TOPMARGIN, 7 - BOTTOMMARGIN, 144 - END - - IDD_CFG_ID_TAB, DIALOG - BEGIN - LEFTMARGIN, 7 - RIGHTMARGIN, 228 - VERTGUIDE, 91 - TOPMARGIN, 7 - BOTTOMMARGIN, 144 - END - - IDD_NC_KRB5_PASSWORD, DIALOG - BEGIN - LEFTMARGIN, 7 - RIGHTMARGIN, 293 - TOPMARGIN, 7 - BOTTOMMARGIN, 159 - END - - IDD_CFG_CACHES, DIALOG - BEGIN - LEFTMARGIN, 7 - RIGHTMARGIN, 248 - VERTGUIDE, 7 - VERTGUIDE, 13 - VERTGUIDE, 242 - TOPMARGIN, 7 - BOTTOMMARGIN, 175 - END -END -#endif // APSTUDIO_INVOKED - - -///////////////////////////////////////////////////////////////////////////// -// -// Icon -// - -// Icon with lowest ID value placed first to ensure application icon -// remains consistent on all systems. -IDI_PLUGIN ICON "..\\..\\images\\krb5plugin.ico" -IDI_DELETED ICON "..\\..\\images\\deleted.ico" -IDI_NEW ICON "..\\..\\images\\new.ico" -IDI_NORMAL ICON "..\\..\\images\\normal.ico" -IDI_MODIFIED ICON "..\\..\\images\\modified.ico" - -///////////////////////////////////////////////////////////////////////////// -// -// String Table -// - -STRINGTABLE -BEGIN - IDS_UNK_ADDR_FMT "Unknown address type %d" - IDS_KRB5_CREDTEXT_0 "<p><a id=""SwitchPanel"" param=""Krb5Cred""><b>Krb5</b></a><tab>: Tickets for realm %s</p>" - IDS_KRB5_CCNAME_SHORT_DESC "Kerberos v5 CCache" - IDS_KEY_ENCTYPE_SHORT_DESC "Session EncType" - IDS_TKT_ENCTYPE_SHORT_DESC "Service EncType" - IDS_KEY_ENCTYPE_LONG_DESC "Session Key Encryption Type" - IDS_TKT_ENCTYPE_LONG_DESC "Service Encryption Type" - IDS_ADDR_LIST_SHORT_DESC "Addresses" - IDS_ADDR_LIST_LONG_DESC "Address List" - IDS_ETYPE_NULL "NULL" - IDS_ETYPE_DES_CBC_CRC "DES-CBC-CRC" -END - -STRINGTABLE -BEGIN - IDS_ETYPE_DES_CBC_MD4 "DES-CBC-MD4" - IDS_ETYPE_DES_CBC_MD5 "DES-CBC-MD5" - IDS_ETYPE_DES_CBC_RAW "DES-CBC-RAW" - IDS_ETYPE_DES3_CBC_SHA "DES3-CBC-SHA" - IDS_ETYPE_DES3_CBC_RAW "DES3-CBC-RAW" - IDS_ETYPE_DES_HMAC_SHA1 "DES-HMAC-SHA1" - IDS_ETYPE_DES3_CBC_SHA1 "DES3-CBC-SHA1" - IDS_ETYPE_AES128_CTS_HMAC_SHA1_96 "AES128_CTS-HMAC-SHA1_96" - IDS_ETYPE_AES256_CTS_HMAC_SHA1_96 "AES256_CTS-HMAC-SHA1_96" - IDS_ETYPE_CAMELLIA128_CTS_CMAC "CAMELLIA128_CTS-CMAC" - IDS_ETYPE_CAMELLIA256_CTS_CMAC "CAMELLIA256_CTS-CMAC" - IDS_ETYPE_ARCFOUR_HMAC "RC4-HMAC-NT" - IDS_ETYPE_ARCFOUR_HMAC_EXP "RC4-HMAC-NT-EXP" - IDS_ETYPE_UNKNOWN "(Unknown)" - IDS_ETYPE_LOCAL_DES3_HMAC_SHA1 "LOCAL-DES3-HMAC-SHA1" - IDS_ETYPE_LOCAL_RC4_MD4 "LOCAL-RC4-MD4" - IDS_KRB5_SHORT_DESC "Kerberos v5 credentials" - IDS_KRB5_LONG_DESC "Kerberos v5 credentials" -END - -STRINGTABLE -BEGIN - IDS_KRB4_SHORT_DESC "Kerberos v4" - IDS_KRB4_LONG_DESC "Kerberos v4 credentials" - IDS_KRB5_FLAGS_SHORT_DESC "Kerberos v5 Flags" - IDS_RENEW_TILL_SHORT_DESC "Renew Till" - IDS_RENEW_TILL_LONG_DESC "Renewable Till" - IDS_RENEW_FOR_SHORT_DESC "Renew for" - IDS_RENEW_FOR_LONG_DESC "Renewable for" - IDS_KRB5_CCNAME_LONG_DESC "Kerberos v5 Primary Credentials Cache" - IDS_NC_USERNAME "Username" - IDS_NC_REALM "Realm" - IDS_KRB5_WARNING "Kerberos v5 Warning" - IDS_K5ERR_NAME_EXPIRED "<p><a id=""SwitchPanel"" param=""Krb5Cred""><b>Krb5</b></a><tab>: The selected principal name has expired.</p><p><tab> Please contact your system administrator.</p>" - IDS_K5ERR_KEY_EXPIRED "<p><a id=""SwitchPanel"" param=""Krb5Cred""><b>Krb5</b></a><tab>: The password for the selected identity has expired.</p><p><tab> Click <a id=""Krb5Cred:!Passwd"">here</a> to change the password</p>" - IDS_KRB5_WARN_FMT "Kerberos v5: %s\n\n%s" - IDS_K5ERR_FMT "<p><a id=""SwitchPanel"" param=""Krb5Cred""><b>Krb5</b></a><tag>: %s</p>" - IDS_K5CFG_SHORT_DESC "Kerberos v5" -END - -STRINGTABLE -BEGIN - IDS_K5CFG_LONG_DESC "Kerberos v5 Configuration" - IDS_K5RLM_SHORT_DESC "Realms" - IDS_K5RLM_LONG_DESC "Kerberos Realm Configuration" - IDS_K5CFG_IDS_SHORT_DESC "Kerberos v5" - IDS_K5CFG_IDS_LONG_DESC "Kerberos v5 options for all identities" - IDS_K5CFG_ID_SHORT_DESC "Kerberos v5" - IDS_K5CFG_ID_LONG_DESC "Kerberos v5 options for this identity" - IDS_PLUGIN_DESC "Kerberos v5 Credentials Provider" - IDS_NC_PWD_BANNER "Changing Kerberos v5 Password" - IDS_NC_PWD_PWD "Current Password" - IDS_NC_PWD_NPWD "New Password" - IDS_NC_PWD_NPWD_AGAIN "New Password again" - IDS_KRB5_CREDTEXT_P0 "<p><a id=""SwitchPanel"" param=""Krb5Cred""><b>Krb5</b></a><tab>: Changing password for %s</p>" - IDS_K5CFG_IMPORT_OPTIONS "Never,Always,Only when the principal matches" - IDS_IDENTPRO_DESC "Kerberos v5 Identity Provider" - IDS_K5CCC_SHORT_DESC "Credential Caches" -END - -STRINGTABLE -BEGIN - IDS_K5CCC_LONG_DESC "Kerberos v5 Credential Caches" - IDS_CFG_FCTITLE "File based Credential Caches" - IDS_CFG_FCN_WARNING "Warning:" - IDS_CFG_FCN_W_NOTFOUND "The credentials cache you specified does not exist." - IDS_CFG_FCN_W_RELATIVE "The path you specified not an absolute path." - IDS_CFG_FCOPENTITLE "Select a credential cache to add" - IDS_UNAVAILABLE "(Not available)" - IDS_FLG_FORWARDABLE "Forwardable" - IDS_FLG_FORWARDED "Forwarded" - IDS_FLG_PROXIABLE "Proxiable" - IDS_FLG_PROXY "Proxy" - IDS_FLG_MAY_POSTDATE "May postdate" - IDS_FLG_POSTDATED "Postdated" - IDS_FLG_INVALID "Invalid" - IDS_FLG_RENEWABLE "Renewable" - IDS_FLG_INITIAL "Initial" -END - -STRINGTABLE -BEGIN - IDS_FLG_PRE_AUTH "Pre-authenticated" - IDS_FLG_HW_AUTH "Hardware authentication" - IDS_FLG_TRANSIT_POL "Transit policy checked" - IDS_FLG_OK_DELEGATE "Approved for delegation" - IDS_FLG_ANONYMOUS "Anonymous" - IDS_K5ERR_CANTWRITEPROFILE - "The Kerberos v5 profile file could not be written" - IDS_K5ERR_PROFNOWRITE "The file %s could not be opened as a profile file for writing." - IDS_K5ERR_PROFUSETEMP "The file %s could not be opened for writing. The current changes will be saved to %s temporarily." - IDS_K5ERR_PROFSUGGEST "This may be due to not having privileges to modify the configuration file. Please contact your system administrator to resolve the issue." - IDS_CFG_RE_REALMS "Kerberos Realms" - IDS_CFG_RE_KDCS "Kerberos Servers" - IDS_CFG_RE_DMAPS "Domain mappings" - IDS_CFG_RE_KDCS_R "Kerberos Servers for %s" - IDS_CFG_RE_DMAPS_R "Domains that map to %s" - IDS_CFG_RE_HEAD_SVR "Server" - IDS_CFG_RE_HEAD_ADMIN "Admin" -END - -STRINGTABLE -BEGIN - IDS_CFG_RE_HEAD_MASTER "Master" - IDS_CFG_RE_HEAD_DOMAIN "Domain" - IDS_CFG_RE_NEWREALM "<New realm...>" - IDS_YES "Yes" - IDS_NO "No" - IDS_CFG_RE_NEWSERVER "<New server...>" - IDS_CFG_RE_NEWDMAP "<New domain mapping...>" - IDS_KRB5_NC_NAME "Kerberos v5" - IDS_NCERR_IDENT_TOO_LONG "The identity name is too long." - IDS_NCERR_IDENT_INVALID "The identity name is invalid." - IDS_NCERR_IDENT_UNKNOWN "An unknown error occurred while validating the identity name." - IDS_CFG_RE_ARNUT "Can't add new realm %s" - IDS_CFG_RE_ARNUM "The new realm name %s can't be added because there is already a realm with the same name listed. Please type another name." - IDS_CFG_RE_ASNUT "Can't add new server %s for realm %s" - IDS_CFG_RE_ASNUM "There already is a server named %s for realm %s. The new server can not be added." - IDS_CFG_RE_DMNUT "Can't add new domain map %s for realm %s" -END - -STRINGTABLE -BEGIN - IDS_CFG_RE_DMNUM "There already is a domain named %s mapping to realm %s. The new domain map could not be added." - IDS_CFG_RE_MNR "&Add new realm" - IDS_CFG_RE_MDR "&Remove realm" - IDS_CFG_RE_MNK "&Add new server" - IDS_CFG_RE_MDK "&Remove server" - IDS_CFG_RE_MAK "Toggle a&dmin server" - IDS_CFG_RE_MMK "Toggle &master KDC" - IDS_CFG_RE_MND "&Add new domain mapping" - IDS_CFG_RE_MDD "&Remove domain mapping" - IDS_KVNO_SHORT_DESC "Kvno" - IDS_KVNO_LONG_DESC "Key version number" -END - -#endif // English (U.S.) resources -///////////////////////////////////////////////////////////////////////////// - - - -#ifndef APSTUDIO_INVOKED -///////////////////////////////////////////////////////////////////////////// -// -// Generated from the TEXTINCLUDE 3 resource. -// - - -///////////////////////////////////////////////////////////////////////////// -#endif // not APSTUDIO_INVOKED - - diff --git a/src/windows/identity/plugins/krb5/lang/krb5_msgs.mc b/src/windows/identity/plugins/krb5/lang/krb5_msgs.mc deleted file mode 100644 index 1e9869972..000000000 --- a/src/windows/identity/plugins/krb5/lang/krb5_msgs.mc +++ /dev/null @@ -1,199 +0,0 @@ -; // ** krb5_msgs.mc - -; /* Since .mc files can contain strings from any language, we define -; all our messages in one file in the /lang/ directory instead of -; language specific subdirectories. */ - -; /* The type is set to (wchar_t *) because that's what we will be -; feeding kherr_report() function. */ - -; // MessageIdTypedef=LPWSTR - -; /* Severity values as defined in the message definition file are -; currently ignored. */ - -SeverityNames=( - Success=0x0 -) - -LanguageNames=( - English=0x409:MSG_ENU -) - -OutputBase=16 - -; /* Actual messages start here */ - -MessageId=1 -Severity=Success -SymbolicName=MSG_INITIAL -Language=English -Initial placeholder message -. - -MessageId= -SymbolicName=MSG_CTX_INITAL_CREDS -Language=English -Obtaining initial Krb5 credentials -. - -MessageId= -SymbolicName=MSG_CTX_RENEW_CREDS -Language=English -Renewing Krb5 credentials -. - -MessageId= -SymbolicName=MSG_ERR_UNKNOWN -Language=English -An unknown error has occurred. -. - -MessageId= -SymbolicName=MSG_ERR_PR_UNKNOWN -Language=English -You have entered an unknown username/instance/realm combination. -. - -MessageId= -SymbolicName=MSG_ERR_TKFIL -Language=English -The tickets could not be accessed from the memory location where they were stored. -. - -MessageId= -SymbolicName=MSG_ERR_S_TKFIL -Language=English -This may be due to a problem with the memory where your tickets are stored. Restarting your computer might be worth a try. -. - -MessageId= -SymbolicName=MSG_ERR_CLOCKSKEW -Language=English -Your computer's clock is out of sync with the Kerberos server. -. - -MessageId= -SymbolicName=MSG_ERR_S_CLOCKSKEW -Language=English -Synchronize your clock withe the Kerberos server. -. - -MessageId= -SymbolicName=MSG_ERR_KDC_CONTACT -Language=English -Cannot contact the Kerberos server for the requested realm. -. - -MessageId= -SymbolicName=MSG_ERR_INSECURE_PW -Language=English -You have entered an insecure or weak password. -. - -MessageId= -SymbolicName=MSG_ERR_NO_IDENTITY -Language=English -There were no identities for which to renew credentials. -. - -MessageId= -SymbolicName=MSG_CTX_PASSWD -Language=English -Changing Kerberos 5 Password -. - -MessageId= -SymbolicName=MSG_PWD_UNKNOWN -Language=English -Unknown error -. - -MessageId= -SymbolicName=MSG_PWD_NOT_SAME -Language=English -The new passwords are not the same. -. - -MessageId= -SymbolicName=MSG_PWD_S_NOT_SAME -Language=English -The new password is asked for twice to protect against a mistake when setting the new password. Both instances of the new password must be the same. Please correct this and try again. -. - -MessageId= -SymbolicName=MSG_PWD_SAME -Language=English -The new and the old passwords are the same. -. - -MessageId= -SymbolicName=MSG_PWD_S_SAME -Language=English -Please type a new password to continue. -. - -MessageId= -SymbolicName=MSG_PWD_NO_IDENTITY -Language=English -There are no identities selected. -. - -MessageId= -SymbolicName=MSG_PWD_S_NO_IDENTITY -Language=English -Please select an identity to change the password. -. - -MessageId= -SymbolicName=MSG_ERR_S_INTEGRITY -Language=English -This is commonly caused by an incorrect password. Please verify that the password is correct and note that passwords are case sensitive. -. - -MessageId= -SymbolicName=MSG_ERR_CTX_DESTROY_CREDS -Language=English -Destroying Krb5 tickets -. - -MessageId= -SymbolicName=MSG_ERR_NETDOWN -Language=English -A network connection is unavailable -. - -MessageId= -SymbolicName=MSG_ERR_S_NETRETRY -Language=English -Please check your network connection or contact your network administrator for assistance. -. - -MessageId= -SymbolicName=MSG_ERR_TEMPDOWN -Language=English -A temporary network error caused the operation to fail -. - -MessageId= -SymbolicName=MSG_ERR_S_TEMPDOWN -Language=English -Please try again in a few minutes -. - -MessageId= -SymbolicName=MSG_ERR_NOHOST -Language=English -A server could not be reached -. - -MessageId= -SymbolicName=MSG_ERR_S_NOHOST -Language=English -This can be caused by the server being unavailable, network errors, or improper configuration. Please try again or contact your administrator for assistance. -. - -MessageId= -SymbolicName=MSG_ -Language=English -. diff --git a/src/windows/identity/plugins/krb5/langres.h b/src/windows/identity/plugins/krb5/langres.h deleted file mode 100644 index 2c6566d78..000000000 --- a/src/windows/identity/plugins/krb5/langres.h +++ /dev/null @@ -1,216 +0,0 @@ -//{{NO_DEPENDENCIES}} -// Microsoft Visual C++ generated include file. -// Used by C:\work\pismere\athena\auth\krb5\src\windows\identity\plugins\krb5\lang\en_us\langres.rc -// -#define IDS_UNK_ADDR_FMT 101 -#define IDD_NC_KRB5 102 -#define IDS_KRB5_CREDTEXT_0 102 -#define IDS_KRB5_CCNAME_SHORT_DESC 103 -#define IDS_KEY_ENCTYPE_SHORT_DESC 104 -#define IDD_CONFIG 104 -#define IDS_TKT_ENCTYPE_SHORT_DESC 105 -#define IDD_CFG_REALMS 105 -#define IDS_KEY_ENCTYPE_LONG_DESC 106 -#define IDD_CFG_IDS_TAB 106 -#define IDS_TKT_ENCTYPE_LONG_DESC 107 -#define IDD_PP_KRB5C 107 -#define IDS_ADDR_LIST_SHORT_DESC 108 -#define IDD_PP_KRB5 108 -#define IDS_ADDR_LIST_LONG_DESC 109 -#define IDD_CFG_ID_TAB 109 -#define IDS_ETYPE_NULL 110 -#define IDD_NC_KRB5_PASSWORD 110 -#define IDS_ETYPE_DES_CBC_CRC 111 -#define IDD_CFG_CACHES 111 -#define IDS_ETYPE_DES_CBC_MD4 112 -#define IDI_PLUGIN 112 -#define IDS_ETYPE_DES_CBC_MD5 113 -#define IDI_DELETED 113 -#define IDS_ETYPE_DES_CBC_RAW 114 -#define IDI_NEW 114 -#define IDS_ETYPE_DES3_CBC_SHA 115 -#define IDI_NORMAL 115 -#define IDS_ETYPE_DES3_CBC_RAW 116 -#define IDI_MODIFIED 116 -#define IDS_ETYPE_DES_HMAC_SHA1 117 -#define IDS_ETYPE_DES3_CBC_SHA1 118 -#define IDS_ETYPE_AES128_CTS_HMAC_SHA1_96 119 -#define IDS_ETYPE_AES256_CTS_HMAC_SHA1_96 120 -#define IDS_ETYPE_ARCFOUR_HMAC 121 -#define IDS_ETYPE_ARCFOUR_HMAC_EXP 122 -#define IDS_ETYPE_UNKNOWN 123 -#define IDS_ETYPE_LOCAL_DES3_HMAC_SHA1 124 -#define IDS_ETYPE_LOCAL_RC4_MD4 125 -#define IDS_KRB5_SHORT_DESC 126 -#define IDS_KRB5_LONG_DESC 127 -#define IDS_KRB4_SHORT_DESC 128 -#define IDS_KRB4_LONG_DESC 129 -#define IDS_KRB5_FLAGS_SHORT_DESC 130 -#define IDS_RENEW_TILL_SHORT_DESC 131 -#define IDS_RENEW_TILL_LONG_DESC 132 -#define IDS_RENEW_FOR_SHORT_DESC 133 -#define IDS_RENEW_FOR_LONG_DESC 134 -#define IDS_KRB5_CCNAME_LONG_DESC 135 -#define IDS_NC_USERNAME 136 -#define IDS_NC_REALM 137 -#define IDS_KRB5_WARNING 138 -#define IDS_K5ERR_NAME_EXPIRED 139 -#define IDS_K5ERR_KEY_EXPIRED 140 -#define IDS_KRB5_WARN_FMT 141 -#define IDS_K5ERR_FMT 142 -#define IDS_K5CFG_SHORT_DESC 143 -#define IDS_K5CFG_LONG_DESC 144 -#define IDS_K5RLM_SHORT_DESC 145 -#define IDS_K5RLM_LONG_DESC 146 -#define IDS_K5CFG_IDS_SHORT_DESC 147 -#define IDS_K5CFG_IDS_LONG_DESC 148 -#define IDS_K5CFG_ID_SHORT_DESC 149 -#define IDS_K5CFG_ID_LONG_DESC 150 -#define IDS_PLUGIN_DESC 151 -#define IDS_NC_PWD_BANNER 152 -#define IDS_NC_PWD_PWD 153 -#define IDS_NC_PWD_NPWD 154 -#define IDS_NC_PWD_NPWD_AGAIN 155 -#define IDS_KRB5_CREDTEXT_P0 156 -#define IDS_K5CFG_IMPORT_OPTIONS 157 -#define IDS_IDENTPRO_DESC 158 -#define IDS_K5CCC_SHORT_DESC 159 -#define IDS_K5CCC_LONG_DESC 160 -#define IDS_CFG_FCTITLE 161 -#define IDS_CFG_FCN_WARNING 162 -#define IDS_CFG_FCN_W_NOTFOUND 163 -#define IDS_CFG_FCN_W_RELATIVE 164 -#define IDS_CFG_FCOPENTITLE 165 -#define IDS_UNAVAILABLE 166 -#define IDS_FLG_FORWARDABLE 167 -#define IDS_FLG_FORWARDED 168 -#define IDS_FLG_PROXIABLE 169 -#define IDS_FLG_PROXY 170 -#define IDS_FLG_MAY_POSTDATE 171 -#define IDS_FLG_POSTDATED 172 -#define IDS_FLG_INVALID 173 -#define IDS_FLG_RENEWABLE 174 -#define IDS_FLG_INITIAL 175 -#define IDS_FLG_PRE_AUTH 176 -#define IDS_FLG_HW_AUTH 177 -#define IDS_FLG_TRANSIT_POL 178 -#define IDS_FLG_OK_DELEGATE 179 -#define IDS_FLG_ANONYMOUS 180 -#define IDS_K5ERR_CANTWRITEPROFILE 181 -#define IDS_K5ERR_PROFNOWRITE 182 -#define IDS_K5ERR_PROFUSETEMP 183 -#define IDS_K5ERR_PROFSUGGEST 184 -#define IDS_CFG_RE_REALMS 185 -#define IDS_CFG_RE_KDCS 186 -#define IDS_CFG_RE_DMAPS 187 -#define IDS_CFG_RE_KDCS_R 188 -#define IDS_CFG_RE_DMAPS_R 189 -#define IDS_CFG_RE_HEAD_SVR 190 -#define IDS_CFG_RE_HEAD_ADMIN 191 -#define IDS_CFG_RE_HEAD_MASTER 192 -#define IDS_CFG_RE_HEAD_DOMAIN 193 -#define IDS_CFG_RE_NEWREALM 194 -#define IDS_YES 195 -#define IDS_NO 196 -#define IDS_CFG_RE_NEWSERVER 197 -#define IDS_CFG_RE_NEWDMAP 198 -#define IDS_KRB5_NC_NAME 199 -#define IDS_NCERR_IDENT_TOO_LONG 200 -#define IDS_NCERR_IDENT_INVALID 201 -#define IDS_NCERR_IDENT_UNKNOWN 202 -#define IDS_CFG_RE_ARNUT 203 -#define IDS_CFG_RE_ARNUM 204 -#define IDS_CFG_RE_ASNUT 205 -#define IDS_CFG_RE_ASNUM 206 -#define IDS_CFG_RE_DMNUT 207 -#define IDS_CFG_RE_DMNUM 208 -#define IDS_CFG_RE_MNR 209 -#define IDS_CFG_RE_MDR 210 -#define IDS_CFG_RE_MNK 211 -#define IDS_CFG_RE_MDK 212 -#define IDS_CFG_RE_MAK 213 -#define IDS_CFG_RE_MMK 214 -#define IDS_CFG_RE_MND 215 -#define IDS_CFG_RE_MDD 216 -#define IDS_KVNO_SHORT_DESC 217 -#define IDS_KVNO_LONG_DESC 218 -#define IDC_NCK5_RENEWABLE 1002 -#define IDC_NCK5_FORWARDABLE 1004 -#define IDC_NCK5_REALM 1005 -#define IDC_NCK5_ADD_REALMS 1006 -#define IDC_NCK5_LIFETIME_EDIT 1008 -#define IDC_NCK5_RENEW_EDIT 1009 -#define IDC_PPK5_CRENEW 1014 -#define IDC_PPK5_CFORWARD 1015 -#define IDC_PPK5_CPROXY 1016 -#define IDC_PPK5_NAME 1017 -#define IDC_PPK5_ISSUE 1018 -#define IDC_PPK5_VALID 1019 -#define IDC_PPK5_RENEW 1020 -#define IDC_CHECK2 1022 -#define IDC_CHECK4 1024 -#define IDC_PPK5_LIFETIME 1024 -#define IDC_CHECK5 1025 -#define IDC_CFG_LBL_REALM 1025 -#define IDC_CFG_DEFREALM 1026 -#define IDC_CFG_LBL_CFGFILE 1029 -#define IDC_CFG_CFGFILE 1030 -#define IDC_CFG_WINGRP 1031 -#define IDC_LBL_IMPORT 1032 -#define IDC_CFG_IMPORT 1033 -#define IDC_CFG_LBL_HOSTNAME 1034 -#define IDC_CFG_HOSTNAME 1035 -#define IDC_CFG_LBL_DOMAIN 1036 -#define IDC_CFG_DOMAIN 1037 -#define IDC_CFG_CREATECONFIG 1038 -#define IDC_CFG_BROWSE 1039 -#define IDC_CFG_CFGFILEGRP 1040 -#define IDC_CFG_CFGREALMS 1041 -#define IDC_CFG_BROWSE2 1042 -#define IDC_CFG_REALMS 1044 -#define IDC_CFG_DOMAINGRP 1045 -#define IDC_CFG_SERVERSGRP 1046 -#define IDC_LIST3 1047 -#define IDC_CFG_KDC 1047 -#define IDC_LIST4 1048 -#define IDC_CFG_DMAP 1048 -#define IDC_CFG_LBL_DEFLIFE 1049 -#define IDC_CFG_DEFLIFE 1050 -#define IDC_CFG_LBL_DEFRLIFE 1051 -#define IDC_CFG_DEFRLIFE 1052 -#define IDC_CFG_LIFEGRP 1053 -#define IDC_CFG_LRNG_MIN 1054 -#define IDC_CFG_LRNG_MAX 1055 -#define IDC_CFG_RLRNG_MIN 1056 -#define IDC_CFG_RLRNG_MAX 1057 -#define IDC_CFG_CCACHE 1058 -#define IDC_CFG_FCGRP 1059 -#define IDC_CFG_FCLIST 1060 -#define IDC_CFG_FCNAME 1062 -#define IDC_CFG_ADD 1064 -#define IDC_CFG_REMOVE 1065 -#define IDC_CFG_INCAPI 1066 -#define IDC_CFG_INCMSLSA 1067 -#define IDC_PPK5_FLAGS 1072 -#define IDC_CFG_INCREALMS 1073 -#define IDC_NCK5_ADDRESS 1074 -#define IDC_IPADDRESS1 1075 -#define IDC_NCK5_PUBLICIP 1075 -#define IDC_CFG_PUBLICIP 1075 -#define IDC_CFG_RENEW 1076 -#define IDC_CHECK3 1077 -#define IDC_CFG_ADDRESSLESS 1077 -#define IDC_CFG_FORWARD 1078 -#define IDC_CHECK1 1079 -#define ID_FOO_BAR 40001 - -// Next default values for new objects -// -#ifdef APSTUDIO_INVOKED -#ifndef APSTUDIO_READONLY_SYMBOLS -#define _APS_NEXT_RESOURCE_VALUE 219 -#define _APS_NEXT_COMMAND_VALUE 40002 -#define _APS_NEXT_CONTROL_VALUE 1080 -#define _APS_NEXT_SYMED_VALUE 101 -#endif -#endif diff --git a/src/windows/identity/plugins/krb5/version.rc b/src/windows/identity/plugins/krb5/version.rc deleted file mode 100644 index c894dff63..000000000 --- a/src/windows/identity/plugins/krb5/version.rc +++ /dev/null @@ -1,88 +0,0 @@ -/* Copyright (c) 2004 Massachusetts Institute of Technology - * - * Permission is hereby granted, free of charge, to any person - * obtaining a copy of this software and associated documentation - * files (the "Software"), to deal in the Software without - * restriction, including without limitation the rights to use, copy, - * modify, merge, publish, distribute, sublicense, and/or sell copies - * of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be - * included in all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - * SOFTWARE. - * - */ - -/* $Id$ */ - -#include<netidmgr_intver.h> - -#ifndef LANGVER - -#define STR_FILEDESC "Kerberos v5 Plugin for Network Identity Manager" -#define STR_INTNAME "krb5cred" -#define STR_ORIGNAME "krb5cred.dll" - -#else - -#ifdef LANG_en_us - -#define STR_FILEDESC "English(US) language resources for the Keberos 5 plugin" -#define STR_INTNAME "krb5cred_en_us" -#define STR_ORIGNAME "krb5cred_en_us.dll" - -#else - -#error Unknown langugae - -#endif - -#endif - -1 VERSIONINFO - FILEVERSION KH_VERSION_LIST - PRODUCTVERSION KH_VERSION_LIST - FILEFLAGSMASK KH_VER_FILEFLAGMASK - FILEFLAGS KH_VER_FILEFLAGS - FILEOS KH_VER_FILEOS - FILETYPE KH_VER_FILETYPEDLL - FILESUBTYPE 0 - { - BLOCK "StringFileInfo" - { - BLOCK "040904b0" - { - VALUE "CompanyName", KH_VERSTR_COMPANY_1033 - VALUE "FileDescription", STR_FILEDESC - VALUE "FileVersion", KH_VERSTR_VERSION_1033 - VALUE "InternalName", STR_INTNAME - VALUE "LegalCopyright", KH_VERSTR_COPYRIGHT_1033 - VALUE "OriginalFilename", STR_ORIGNAME - VALUE "ProductName", "Network Identity Manager" - VALUE "ProductVersion", KH_VERSTR_PRODUCT_1033 -#ifdef KH_VERSTR_COMMENT_1033 - VALUE "Comment", KH_VERSTR_COMMENT_1033 -#endif -#ifndef LANGVER - VALUE NIMV_MODULE, "MITKrb5" - VALUE NIMV_PLUGINS, "Krb5Cred,Krb5Ident" - VALUE NIMV_APIVER, KH_VERSION_STRINGAPI - VALUE NIMV_SUPPORT, "http://web.mit.edu/kerberos" -#endif - } - } - - BLOCK "VarFileInfo" - { - VALUE "Translation", 0x409, 0x4b0 - } - } |