diff options
Diffstat (limited to 'src/windows/identity/plugins/krb5')
27 files changed, 3734 insertions, 495 deletions
diff --git a/src/windows/identity/plugins/krb5/Makefile b/src/windows/identity/plugins/krb5/Makefile index 9bf9ef020..e0553d846 100644 --- a/src/windows/identity/plugins/krb5/Makefile +++ b/src/windows/identity/plugins/krb5/Makefile @@ -32,7 +32,7 @@ LIBFILE=$(LIBDIR)\krb5cred.lib OBJFILES= \
$(LIBDIR)\dynimport.obj \
$(LIBDIR)\krb5common.obj \
- $(OBJ)\main.obj \
+ $(OBJ)\krb5main.obj \
$(OBJ)\datarep.obj \
$(OBJ)\errorfuncs.obj \
$(OBJ)\krb5plugin.obj \
@@ -41,21 +41,28 @@ OBJFILES= \ $(OBJ)\krb5funcs.obj \
$(OBJ)\krb5config.obj \
$(OBJ)\krb5identpro.obj \
- $(OBJ)\krb5configdlg.obj
+ $(OBJ)\krb5configdlg.obj \
+ $(OBJ)\krb5configcc.obj \
+ $(OBJ)\krb5configid.obj \
+ $(OBJ)\krb5configids.obj
LIBFILES= \
$(LIBDIR)\nidmgr32.lib \
$(KFWLIBDIR)\loadfuncs.lib
SDKLIBFILES= \
- netapi32.lib
+ netapi32.lib \
+ shlwapi.lib \
+ comctl32.lib
MSGRESFILE=$(OBJ)\krb5_msgs.res
+VERRESFILE=$(OBJ)\version.res
+
$(OBJ)\krb5config.c: krbconfig.csv $(CONFDIR)\csvschema.cfg
$(CCSV) $** $@
-$(DLLFILE): $(MSGRESFILE) $(OBJFILES)
+$(DLLFILE): $(MSGRESFILE) $(VERRESFILE) $(OBJFILES)
$(DLLGUILINK) $(LIBFILES) $(SDKLIBFILES)
$(MSGRESFILE): $(OBJ)\krb5_msgs.rc
diff --git a/src/windows/identity/plugins/krb5/datarep.c b/src/windows/identity/plugins/krb5/datarep.c index f8cc4cc48..2c4036083 100644 --- a/src/windows/identity/plugins/krb5/datarep.c +++ b/src/windows/identity/plugins/krb5/datarep.c @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -39,7 +39,7 @@ khm_int32 KHMAPI enctype_toString(const void * data, khm_size cbdata, wchar_t *d size_t cblength;
if(cbdata != sizeof(khm_int32))
- return KHM_ERROR_INVALID_PARM;
+ return KHM_ERROR_INVALID_PARAM;
etype = *((khm_int32 *) data);
diff --git a/src/windows/identity/plugins/krb5/datarep.h b/src/windows/identity/plugins/krb5/datarep.h index e5388f01d..ac6771cb9 100644 --- a/src/windows/identity/plugins/krb5/datarep.h +++ b/src/windows/identity/plugins/krb5/datarep.h @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -34,4 +34,4 @@ khm_int32 KHMAPI krb5flags_toString(const void *, khm_size, wchar_t *, khm_size khm_int32 KHMAPI renew_for_cb(khm_handle cred, khm_int32 id, void * buffer, khm_size * pcbsize);
-#endif
\ No newline at end of file +#endif
diff --git a/src/windows/identity/plugins/krb5/errorfuncs.c b/src/windows/identity/plugins/krb5/errorfuncs.c index ab64889cb..28016d3cb 100644 --- a/src/windows/identity/plugins/krb5/errorfuncs.c +++ b/src/windows/identity/plugins/krb5/errorfuncs.c @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
diff --git a/src/windows/identity/plugins/krb5/errorfuncs.h b/src/windows/identity/plugins/krb5/errorfuncs.h index 46d68f9fc..86fc5b440 100644 --- a/src/windows/identity/plugins/krb5/errorfuncs.h +++ b/src/windows/identity/plugins/krb5/errorfuncs.h @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
diff --git a/src/windows/identity/plugins/krb5/images/deleted.ico b/src/windows/identity/plugins/krb5/images/deleted.ico Binary files differnew file mode 100644 index 000000000..a8063f9ee --- /dev/null +++ b/src/windows/identity/plugins/krb5/images/deleted.ico diff --git a/src/windows/identity/plugins/krb5/images/krb5plugin.ico b/src/windows/identity/plugins/krb5/images/krb5plugin.ico Binary files differnew file mode 100644 index 000000000..791b35969 --- /dev/null +++ b/src/windows/identity/plugins/krb5/images/krb5plugin.ico diff --git a/src/windows/identity/plugins/krb5/images/modified.ico b/src/windows/identity/plugins/krb5/images/modified.ico Binary files differnew file mode 100644 index 000000000..733d9d534 --- /dev/null +++ b/src/windows/identity/plugins/krb5/images/modified.ico diff --git a/src/windows/identity/plugins/krb5/images/new.ico b/src/windows/identity/plugins/krb5/images/new.ico Binary files differnew file mode 100644 index 000000000..1049eb214 --- /dev/null +++ b/src/windows/identity/plugins/krb5/images/new.ico diff --git a/src/windows/identity/plugins/krb5/images/normal.ico b/src/windows/identity/plugins/krb5/images/normal.ico Binary files differnew file mode 100644 index 000000000..56a702fee --- /dev/null +++ b/src/windows/identity/plugins/krb5/images/normal.ico diff --git a/src/windows/identity/plugins/krb5/krb5configcc.c b/src/windows/identity/plugins/krb5/krb5configcc.c new file mode 100644 index 000000000..256f6b75e --- /dev/null +++ b/src/windows/identity/plugins/krb5/krb5configcc.c @@ -0,0 +1,547 @@ +/*
+ * Copyright (c) 2005 Massachusetts Institute of Technology
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use, copy,
+ * modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+/* $Id$ */
+
+#include<krbcred.h>
+#include<krb5.h>
+#include<assert.h>
+#include<lm.h>
+#include<commctrl.h>
+
+#pragma warning(push)
+#pragma warning(disable: 4995)
+#include<shlwapi.h>
+#pragma warning(pop)
+
+typedef struct tag_k5_file_cc {
+ wchar_t path[MAX_PATH];
+ khm_int32 flags;
+} k5_file_cc;
+
+#define K5_FCC_ALLOC_INCR 8
+
+#define K5_FCC_FLAG_EXISTS 1
+
+typedef struct tag_k5_ccc_data {
+ khm_boolean inc_api;
+ khm_boolean inc_mslsa;
+ k5_file_cc * file_ccs;
+ khm_size n_file_ccs;
+ khm_size nc_file_ccs;
+} k5_ccc_data;
+
+typedef struct tag_k5_ccc_dlg_data {
+ khui_config_node node;
+ k5_ccc_data save;
+ k5_ccc_data work;
+} k5_ccc_dlg_data;
+
+void k5_free_file_ccs(k5_ccc_data * d) {
+ if (d->file_ccs)
+ PFREE(d->file_ccs);
+ d->n_file_ccs = 0;
+ d->nc_file_ccs = 0;
+}
+
+void k5_flush_file_ccs(k5_ccc_data * d) {
+ d->n_file_ccs = 0;
+}
+
+void k5_del_file_cc(k5_ccc_data * d, khm_size idx) {
+ if (idx > d->n_file_ccs)
+ return;
+
+ if (idx < d->n_file_ccs - 1) {
+ MoveMemory(&d->file_ccs[idx],
+ &d->file_ccs[idx + 1],
+ sizeof(d->file_ccs[0]) * (d->n_file_ccs - (idx + 1)));
+ }
+
+ d->n_file_ccs--;
+}
+
+void k5_add_file_cc(k5_ccc_data * d, wchar_t * path) {
+ khm_size i;
+ khm_size cch;
+
+ if (FAILED(StringCchLength(path, MAX_PATH, &cch)) ||
+ cch == 0)
+ return;
+
+ /* see if it's there first */
+ for (i=0; i < d->n_file_ccs; i++) {
+ if(!wcsicmp(d->file_ccs[i].path, path))
+ return;
+ }
+
+ if (d->n_file_ccs == d->nc_file_ccs) {
+ k5_file_cc * f;
+
+ d->nc_file_ccs = UBOUNDSS(d->n_file_ccs + 1,
+ K5_FCC_ALLOC_INCR,
+ K5_FCC_ALLOC_INCR);
+#ifdef DEBUG
+ assert(d->nc_file_ccs > d->n_file_ccs);
+#endif
+ f = PMALLOC(sizeof(*f) * d->nc_file_ccs);
+ ZeroMemory(f, sizeof(*f) * d->nc_file_ccs);
+
+ if (d->n_file_ccs > 0) {
+#ifdef DEBUG
+ assert(d->file_ccs != NULL);
+#endif
+ memcpy(f, d->file_ccs, sizeof(*f) * d->n_file_ccs);
+ }
+ if (d->file_ccs)
+ PFREE(d->file_ccs);
+ d->file_ccs = f;
+ }
+
+ StringCbCopy(d->file_ccs[d->n_file_ccs].path,
+ sizeof(d->file_ccs[0].path),
+ path);
+ if(PathFileExists(path))
+ d->file_ccs[d->n_file_ccs].flags = K5_FCC_FLAG_EXISTS;
+ else
+ d->file_ccs[d->n_file_ccs].flags = 0;
+
+ d->n_file_ccs++;
+}
+
+void k5_read_file_cc_data(k5_ccc_data * d) {
+ khm_int32 t;
+ wchar_t * fclist = NULL;
+ wchar_t * fc;
+ khm_size cb;
+
+#ifdef DEBUG
+ assert(csp_params);
+#endif
+
+ d->inc_api = TRUE;
+ t = TRUE;
+ khc_read_int32(csp_params, L"MsLsaList", &t);
+ d->inc_mslsa = t;
+
+ if (khc_read_multi_string(csp_params, L"FileCCList", NULL, &cb)
+ != KHM_ERROR_TOO_LONG ||
+ cb <= sizeof(wchar_t) * 2) {
+
+ k5_flush_file_ccs(d);
+ } else {
+ fclist = PMALLOC(cb);
+#ifdef DEBUG
+ assert(fclist);
+#endif
+ khc_read_multi_string(csp_params, L"FileCCList", fclist, &cb);
+
+ for(fc = fclist; fc && *fc; fc = multi_string_next(fc)) {
+ k5_add_file_cc(d, fc);
+ }
+
+ PFREE(fclist);
+ }
+}
+
+void k5_write_file_cc_data(k5_ccc_data * d) {
+ wchar_t * ms;
+ khm_size cb;
+ khm_size cbt;
+ khm_int32 t;
+ khm_size i;
+
+#ifdef DEBUG
+ assert(csp_params);
+#endif
+ if (KHM_FAILED(khc_read_int32(csp_params, L"MsLsaList", &t)) ||
+ !!t != !!d->inc_mslsa) {
+ khc_write_int32(csp_params, L"MsLsaList", !!d->inc_mslsa);
+ }
+
+ if (d->n_file_ccs > 0) {
+ cb = d->n_file_ccs * MAX_PATH * sizeof(wchar_t);
+ ms = PMALLOC(cb);
+#ifdef DEBUG
+ assert(ms);
+#endif
+ multi_string_init(ms, cb);
+
+ for(i=0; i<d->n_file_ccs; i++) {
+ cbt = cb;
+ multi_string_append(ms, &cbt, d->file_ccs[i].path);
+ }
+
+ khc_write_multi_string(csp_params, L"FileCCList", ms);
+
+ PFREE(ms);
+ } else {
+ if (khc_read_multi_string(csp_params, L"FileCCList", NULL, &cb)
+ != KHM_ERROR_TOO_LONG ||
+ cb != sizeof(wchar_t) * 2)
+
+ khc_write_multi_string(csp_params, L"FileCCList", L"\0\0");
+ }
+}
+
+void k5_copy_file_cc_data(k5_ccc_data * dest, const k5_ccc_data * src) {
+ khm_size i;
+
+ k5_flush_file_ccs(dest);
+ dest->inc_mslsa = src->inc_mslsa;
+ dest->inc_api = src->inc_api;
+
+ for (i=0; i < src->n_file_ccs; i++) {
+ k5_add_file_cc(dest, src->file_ccs[i].path);
+ }
+}
+
+BOOL k5_ccc_get_mod(k5_ccc_dlg_data * d) {
+ khm_size i, j;
+
+ if (!!d->work.inc_mslsa != !!d->save.inc_mslsa ||
+ !!d->work.inc_api != !!d->save.inc_api ||
+ d->work.n_file_ccs != d->save.n_file_ccs)
+ return TRUE;
+
+ for (i=0; i < d->work.n_file_ccs; i++) {
+ for (j=0; j < d->save.n_file_ccs; j++) {
+ if (!wcsicmp(d->work.file_ccs[i].path,
+ d->save.file_ccs[j].path))
+ break;
+ }
+ if (j >= d->save.n_file_ccs)
+ return TRUE;
+ }
+
+ return FALSE;
+}
+
+void k5_ccc_update_ui(HWND hwnd, k5_ccc_dlg_data * d) {
+ khm_size i;
+ HWND lv;
+
+ if (d->work.inc_api)
+ CheckDlgButton(hwnd, IDC_CFG_INCAPI, BST_CHECKED);
+ else
+ CheckDlgButton(hwnd, IDC_CFG_INCAPI, BST_UNCHECKED);
+ if (d->work.inc_mslsa)
+ CheckDlgButton(hwnd, IDC_CFG_INCMSLSA, BST_CHECKED);
+ else
+ CheckDlgButton(hwnd, IDC_CFG_INCMSLSA, BST_UNCHECKED);
+
+ lv = GetDlgItem(hwnd, IDC_CFG_FCLIST);
+#ifdef DEBUG
+ assert(lv);
+#endif
+ ListView_DeleteAllItems(lv);
+
+ for (i=0; i<d->work.n_file_ccs; i++) {
+ LVITEM lvi;
+
+ ZeroMemory(&lvi, sizeof(lvi));
+
+ lvi.mask = LVIF_PARAM | LVIF_TEXT;
+ lvi.lParam = (LPARAM) i;
+ lvi.pszText = d->work.file_ccs[i].path;
+
+ ListView_InsertItem(lv, &lvi);
+ }
+
+ if (k5_ccc_get_mod(d)) {
+ khui_cfg_set_flags(d->node,
+ KHUI_CNFLAG_MODIFIED,
+ KHUI_CNFLAG_MODIFIED);
+ } else {
+ khui_cfg_set_flags(d->node,
+ 0,
+ KHUI_CNFLAG_MODIFIED);
+ }
+}
+
+void k5_ccc_update_data(HWND hwnd, k5_ccc_data * d) {
+ if (IsDlgButtonChecked(hwnd, IDC_CFG_INCAPI) == BST_CHECKED)
+ d->inc_api = TRUE;
+ else
+ d->inc_api = FALSE;
+
+ if (IsDlgButtonChecked(hwnd, IDC_CFG_INCMSLSA) == BST_CHECKED)
+ d->inc_mslsa = TRUE;
+ else
+ d->inc_mslsa = FALSE;
+ /* everything else is controlled by buttons */
+}
+
+INT_PTR CALLBACK
+k5_ccconfig_dlgproc(HWND hwnd,
+ UINT uMsg,
+ WPARAM wParam,
+ LPARAM lParam) {
+
+ k5_ccc_dlg_data * d;
+
+ switch(uMsg) {
+ case WM_INITDIALOG:
+ d = PMALLOC(sizeof(*d));
+#ifdef DEBUG
+ assert(d);
+#endif
+ ZeroMemory(d, sizeof(*d));
+ k5_read_file_cc_data(&d->save);
+ k5_copy_file_cc_data(&d->work, &d->save);
+
+ d->node = (khui_config_node) lParam;
+
+#pragma warning(push)
+#pragma warning(disable: 4244)
+ SetWindowLongPtr(hwnd, DWLP_USER, (LONG_PTR) d);
+#pragma warning(pop)
+
+ {
+ LVCOLUMN lvc;
+ HWND lv;
+ wchar_t buf[256];
+ RECT r;
+
+ lv = GetDlgItem(hwnd, IDC_CFG_FCLIST);
+#ifdef DEBUG
+ assert(lv);
+#endif
+ ZeroMemory(&lvc, sizeof(lvc));
+ lvc.mask = LVCF_TEXT | LVCF_WIDTH;
+
+ LoadString(hResModule, IDS_CFG_FCTITLE,
+ buf, ARRAYLENGTH(buf));
+
+ GetWindowRect(lv, &r);
+
+ lvc.pszText = buf;
+ lvc.cx = (r.right - r.left) * 9 / 10;
+
+ ListView_InsertColumn(lv, 0, &lvc);
+ }
+
+ SendDlgItemMessage(hwnd, IDC_CFG_FCNAME, EM_SETLIMITTEXT,
+ MAX_PATH - 1, 0);
+
+ k5_ccc_update_ui(hwnd, d);
+ break;
+
+ case WM_COMMAND:
+ d = (k5_ccc_dlg_data *) (DWORD_PTR)
+ GetWindowLongPtr(hwnd, DWLP_USER);
+ switch(wParam) {
+ case MAKEWPARAM(IDC_CFG_ADD, BN_CLICKED):
+ {
+ wchar_t path[MAX_PATH];
+ wchar_t cpath[MAX_PATH];
+ khm_size i;
+
+ GetDlgItemText(hwnd, IDC_CFG_FCNAME,
+ cpath, ARRAYLENGTH(cpath));
+
+ PathCanonicalize(path, cpath);
+
+ if (!*path)
+ return TRUE; /* nothing to add */
+
+ for (i=0; i < d->work.n_file_ccs; i++) {
+ if (!wcsicmp(path, d->work.file_ccs[i].path)) {
+
+ /* allow the user to correct case, as appropriate */
+ StringCbCopy(d->work.file_ccs[i].path,
+ sizeof(d->work.file_ccs[i].path),
+ path);
+ k5_ccc_update_ui(hwnd, d);
+ return TRUE;
+ }
+ }
+
+ /* not there. we need to add. but check a few things
+ first */
+ if (!PathFileExists(path)) {
+ EDITBALLOONTIP bt;
+ wchar_t title[64];
+ wchar_t text[128];
+
+ bt.cbStruct = sizeof(bt);
+ bt.pszTitle = title;
+ LoadString(hResModule, IDS_CFG_FCN_WARNING,
+ title, ARRAYLENGTH(title));
+ bt.pszText = text;
+ LoadString(hResModule, IDS_CFG_FCN_W_NOTFOUND,
+ text, ARRAYLENGTH(text));
+ bt.ttiIcon = TTI_WARNING;
+
+ SendDlgItemMessage(hwnd, IDC_CFG_FCNAME,
+ EM_SHOWBALLOONTIP,
+ 0,
+ (LPARAM) &bt);
+
+ } else if (PathIsRelative(path)) {
+ EDITBALLOONTIP bt;
+ wchar_t title[64];
+ wchar_t text[128];
+
+ bt.cbStruct = sizeof(bt);
+ bt.pszTitle = title;
+ LoadString(hResModule, IDS_CFG_FCN_WARNING,
+ title, ARRAYLENGTH(title));
+ bt.pszText = text;
+ LoadString(hResModule, IDS_CFG_FCN_W_RELATIVE,
+ text, ARRAYLENGTH(text));
+ bt.ttiIcon = TTI_WARNING;
+
+ SendDlgItemMessage(hwnd, IDC_CFG_FCNAME,
+ EM_SHOWBALLOONTIP,
+ 0,
+ (LPARAM) &bt);
+ }
+
+ k5_add_file_cc(&d->work, path);
+
+ k5_ccc_update_ui(hwnd, d);
+ }
+ return TRUE;
+
+ case MAKEWPARAM(IDC_CFG_BROWSE, BN_CLICKED):
+ {
+ OPENFILENAME ofn;
+ wchar_t path[MAX_PATH * 8];
+ wchar_t title[128];
+
+ ZeroMemory(&ofn, sizeof(ofn));
+ ZeroMemory(path, sizeof(path));
+
+ GetDlgItemText(hwnd, IDC_CFG_FCNAME,
+ path, ARRAYLENGTH(path));
+
+ /* don't pass in invalid paths */
+ if (!PathFileExists(path))
+ *path = 0;
+
+ ofn.lStructSize = sizeof(ofn);
+ ofn.hwndOwner = hwnd;
+ ofn.lpstrFilter = L"All files\0*.*\0\0";
+ ofn.nFilterIndex = 1;
+ ofn.lpstrFile = path;
+ ofn.nMaxFile = ARRAYLENGTH(path);
+ ofn.lpstrTitle = title;
+
+ LoadString(hResModule, IDS_CFG_FCOPENTITLE,
+ title, ARRAYLENGTH(title));
+
+ ofn.Flags = OFN_ALLOWMULTISELECT |
+ OFN_DONTADDTORECENT |
+ OFN_FORCESHOWHIDDEN |
+ OFN_EXPLORER;
+
+ if (GetOpenFileName(&ofn)) {
+ wchar_t * p;
+ wchar_t spath[MAX_PATH];
+
+ p = multi_string_next(path);
+ if (p) {
+ /* multi select */
+ for(;p && *p; p = multi_string_next(p)) {
+ StringCbCopy(spath, sizeof(spath), path);
+ PathAppend(spath, p);
+
+ k5_add_file_cc(&d->work, spath);
+ }
+ } else {
+ /* single select */
+ k5_add_file_cc(&d->work, path);
+ }
+ k5_ccc_update_ui(hwnd, d);
+ }
+ }
+ return TRUE;
+
+ case MAKEWPARAM(IDC_CFG_REMOVE, BN_CLICKED):
+ {
+ khm_size i;
+ int lv_idx;
+ HWND lv;
+ wchar_t buf[MAX_PATH];
+
+ lv = GetDlgItem(hwnd, IDC_CFG_FCLIST);
+#ifdef DEBUG
+ assert(lv);
+#endif
+
+ lv_idx = -1;
+ while((lv_idx = ListView_GetNextItem(lv, lv_idx,
+ LVNI_SELECTED)) != -1) {
+ ListView_GetItemText(lv, lv_idx, 0, buf, ARRAYLENGTH(buf));
+ for (i=0; i < d->work.n_file_ccs; i++) {
+ if (!wcsicmp(buf, d->work.file_ccs[i].path)) {
+ k5_del_file_cc(&d->work, i);
+ break;
+ }
+ }
+ }
+
+ k5_ccc_update_ui(hwnd, d);
+ }
+ return TRUE;
+
+ case MAKEWPARAM(IDC_CFG_INCAPI, BN_CLICKED):
+ case MAKEWPARAM(IDC_CFG_INCMSLSA, BN_CLICKED):
+ k5_ccc_update_data(hwnd, &d->work);
+ k5_ccc_update_ui(hwnd, d);
+ return TRUE;
+ }
+ break;
+
+ case WM_DESTROY:
+ d = (k5_ccc_dlg_data *) (DWORD_PTR)
+ GetWindowLongPtr(hwnd, DWLP_USER);
+
+ k5_free_file_ccs(&d->work);
+ k5_free_file_ccs(&d->save);
+ PFREE(d);
+ return TRUE;
+
+ case KHUI_WM_CFG_NOTIFY:
+ d = (k5_ccc_dlg_data *) (DWORD_PTR)
+ GetWindowLongPtr(hwnd, DWLP_USER);
+
+ switch(HIWORD(wParam)) {
+ case WMCFG_APPLY:
+ if (k5_ccc_get_mod(d)) {
+ k5_write_file_cc_data(&d->work);
+ k5_copy_file_cc_data(&d->save, &d->work);
+ khui_cfg_set_flags(d->node,
+ KHUI_CNFLAG_APPLIED,
+ KHUI_CNFLAG_APPLIED);
+ k5_ccc_update_ui(hwnd, d);
+
+ kmq_post_sub_msg(k5_sub, KMSG_CRED, KMSG_CRED_REFRESH, 0, 0);
+ }
+ break;
+ }
+ }
+ return FALSE;
+}
diff --git a/src/windows/identity/plugins/krb5/krb5configdlg.c b/src/windows/identity/plugins/krb5/krb5configdlg.c index c3b00e161..63fdc32b6 100644 --- a/src/windows/identity/plugins/krb5/krb5configdlg.c +++ b/src/windows/identity/plugins/krb5/krb5configdlg.c @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -28,6 +28,860 @@ #include<krb5.h>
#include<assert.h>
#include<lm.h>
+#include<commctrl.h>
+
+#pragma warning(push)
+#pragma warning(disable: 4995)
+#include<shlwapi.h>
+#pragma warning(pop)
+
+
+typedef struct tag_k5_realm_kdc {
+ wchar_t name[K5_MAXCCH_HOST];
+ khm_boolean admin; /* admin server? */
+ khm_boolean master; /* master kdc? */
+ khm_int32 flags;
+} k5_realm_kdc;
+
+#define K5_RKFLAG_DELETED 1
+#define K5_RKFLAG_NEW 2
+#define K5_RKFLAG_MOD_ADMIN 4
+#define K5_RKFLAG_MOD_MASTER 8
+
+typedef struct tag_k5_domain_map {
+ wchar_t name[K5_MAXCCH_HOST]; /* name of host that maps to a
+ realm */
+ khm_int32 flags;
+} k5_domain_map;
+
+#define K5_DMFLAG_DELETED 1
+#define K5_DMFLAG_NEW 2
+
+typedef struct tag_k5_realm_data {
+ wchar_t realm[K5_MAXCCH_REALM];
+ k5_realm_kdc kdcs[K5_MAX_KDC];
+ khm_size n_kdcs;
+ k5_domain_map domain_maps[K5_MAX_DOMAIN_MAPPINGS];
+ khm_size n_domain_maps;
+
+ khm_int32 flags;
+} k5_realm_data;
+
+#define K5_RDFLAG_DELETED 1
+#define K5_RDFLAG_NEW 2
+#define K5_RDFLAG_MODIFED 4
+
+#define K5_REALMS_ALLOC_INCR 8
+
+typedef struct tag_k5_config_data {
+ wchar_t def_realm[K5_MAXCCH_REALM]; /* default realm */
+
+ wchar_t config_file[MAX_PATH]; /* path to configuration file */
+ khm_boolean create_config_file; /* create config_file if missing? */
+
+ /* [libdefaults] */
+ khm_boolean dns_lookup_kdc;
+ khm_boolean dns_lookup_realm;
+ khm_boolean dns_fallback;
+
+ khm_boolean noaddresses;
+
+ k5_lsa_import lsa_import; /* import mslsa creds? */
+
+ /* [realms] */
+ k5_realm_data *realms;
+ khm_size n_realms;
+ khm_size nc_realms;
+ khm_size c_realm;
+
+ khui_config_node node_main;
+ khui_config_node node_realm;
+
+ khm_int32 flags;
+} k5_config_data;
+
+#define K5_CDFLAG_MOD_DEF_REALM 1
+#define K5_CDFLAG_MOD_CONF_FILE 2
+#define K5_CDFLAG_MOD_DNS_LOOKUP_KDC 4
+#define K5_CDFLAG_MOD_DNS_LOOKUP_RLM 8
+#define K5_CDFLAG_MOD_DNS_FALLBACK 0x10
+#define K5_CDFLAG_MOD_NOADDRESSES 0x20
+#define K5_CDFLAG_MOD_LSA_IMPORT 0x40
+#define K5_CDFLAG_MOD_CREATE_CONF 0x80
+#define K5_CDFLAG_MOD_REALMS 0x1000
+
+static const char *const conf_yes[] = {
+ "y", "yes", "true", "t", "1", "on",
+ 0,
+};
+
+static const char *const conf_no[] = {
+ "n", "no", "false", "nil", "0", "off",
+ 0,
+};
+
+int
+k5_parse_boolean(const char *s)
+{
+ const char *const *p;
+
+ for(p=conf_yes; *p; p++) {
+ if (!stricmp(*p,s))
+ return 1;
+ }
+
+ for(p=conf_no; *p; p++) {
+ if (!stricmp(*p,s))
+ return 0;
+ }
+
+ /* Default to "no" */
+ return 0;
+}
+
+void
+k5_init_config_data(k5_config_data * d) {
+ ZeroMemory(d, sizeof(*d));
+}
+
+void
+k5_free_config_data(k5_config_data * d) {
+ if (d->realms)
+ PFREE(d->realms);
+
+ k5_init_config_data(d);
+}
+
+static void
+k5_assert_n_realms(k5_config_data * d, khm_size n) {
+ khm_size nc_realms;
+
+ if (n <= d->nc_realms)
+ return;
+
+ nc_realms = UBOUNDSS(n, K5_REALMS_ALLOC_INCR, K5_REALMS_ALLOC_INCR);
+ assert(nc_realms > d->nc_realms);
+
+ d->realms = PREALLOC(d->realms, nc_realms * sizeof(*(d->realms)));
+ d->nc_realms = nc_realms;
+
+ ZeroMemory(&d->realms[d->n_realms],
+ (d->nc_realms - d->n_realms) * sizeof(*(d->realms)));
+}
+
+void
+k5_purge_config_data(k5_config_data * d,
+ khm_boolean purge_realms,
+ khm_boolean purge_kdcs,
+ khm_boolean purge_dmap) {
+ khm_size r;
+ khm_size k;
+ khm_size m;
+
+ for (r=0; r < d->n_realms; r++) {
+ if (purge_realms &&
+ (d->realms[r].flags & K5_RDFLAG_NEW) &&
+ (d->realms[r].flags & K5_RDFLAG_DELETED)) {
+
+ if (d->n_realms > r+1)
+ MoveMemory(&d->realms[r], &d->realms[r+1],
+ sizeof(d->realms[0]) * (d->n_realms - (r+1)));
+ r--;
+ d->n_realms--;
+ continue;
+ }
+
+ for (k=0; k < d->realms[r].n_kdcs; k++) {
+ if (purge_kdcs &&
+ (d->realms[r].kdcs[k].flags & K5_RKFLAG_NEW) &&
+ (d->realms[r].kdcs[k].flags & K5_RKFLAG_DELETED)) {
+ if (d->realms[r].n_kdcs > k + 1)
+ MoveMemory(&d->realms[r].kdcs[k],
+ &d->realms[r].kdcs[k+1],
+ sizeof(d->realms[0].kdcs[0]) *
+ (d->realms[r].n_kdcs - (k+1)));
+ k--;
+ d->realms[r].n_kdcs--;
+ continue;
+ }
+ }
+
+ if (K5_MAX_KDC > k+1)
+ ZeroMemory(&d->realms[r].kdcs[k],
+ sizeof(d->realms[0].kdcs[0]) *
+ (K5_MAX_KDC - (k + 1)));
+
+ for (m=0; m < d->realms[r].n_domain_maps; m++) {
+ if (purge_dmap &&
+ (d->realms[r].domain_maps[m].flags & K5_DMFLAG_NEW) &&
+ (d->realms[r].domain_maps[m].flags & K5_DMFLAG_DELETED)) {
+ if (d->realms[r].n_domain_maps > m + 1)
+ MoveMemory(&d->realms[r].domain_maps[m],
+ &d->realms[r].domain_maps[m+1],
+ sizeof(d->realms[0].domain_maps[0]) *
+ (d->realms[r].n_domain_maps - (m+1)));
+ m--;
+ d->realms[r].n_domain_maps--;
+ continue;
+ }
+ }
+
+ if (K5_MAX_DOMAIN_MAPPINGS > m+1)
+ ZeroMemory(&d->realms[r].domain_maps[m],
+ sizeof(d->realms[0].domain_maps[0]) *
+ (K5_MAX_DOMAIN_MAPPINGS - (m+1)));
+ }
+
+ if (d->nc_realms > r + 1)
+ ZeroMemory(&d->realms[r],
+ sizeof(d->realms[0]) *
+ (d->nc_realms - (r + 1)));
+}
+
+static khm_boolean
+k5_is_profile_loaded(void) {
+#ifdef DEBUG
+ assert(pprofile_init);
+ assert(pprofile_get_subsection_names);
+ assert(pprofile_get_values);
+ assert(pprofile_get_string);
+ assert(pprofile_get_relation_names);
+ assert(pprofile_free_list);
+ assert(pprofile_release_string);
+ assert(pprofile_release);
+ assert(pprofile_clear_relation);
+ assert(pprofile_add_relation);
+ assert(pprofile_update_relation);
+ assert(pprofile_flush);
+#endif
+
+ if (!pprofile_init ||
+ !pprofile_get_subsection_names ||
+ !pprofile_get_values ||
+ !pprofile_get_string ||
+ !pprofile_get_relation_names ||
+ !pprofile_free_list ||
+ !pprofile_release_string ||
+ !pprofile_release ||
+ !pprofile_clear_relation ||
+ !pprofile_add_relation ||
+ !pprofile_update_relation ||
+ !pprofile_flush)
+
+ return FALSE;
+
+ return TRUE;
+}
+
+void
+k5_read_config_data(k5_config_data * d) {
+ wchar_t * defrealm;
+ char config_file[MAX_PATH];
+ profile_t profile = NULL;
+ const char *filenames[2];
+ long rv;
+ khm_size s;
+
+ if (!k5_is_profile_loaded())
+ return;
+
+ defrealm = khm_krb5_get_default_realm();
+
+ if (defrealm) {
+ StringCbCopy(d->def_realm, sizeof(d->def_realm), defrealm);
+ PFREE(defrealm);
+ } else {
+ StringCbCopy(d->def_realm, sizeof(d->def_realm), L"");
+ }
+
+ khm_krb5_get_profile_file(config_file, ARRAYLENGTH(config_file));
+
+ AnsiStrToUnicode(d->config_file, sizeof(d->config_file), config_file);
+
+ filenames[0] = config_file;
+ filenames[1] = NULL;
+
+ rv = pprofile_init(filenames, &profile);
+
+ if (!rv) {
+ const char * sec_realms[] = { "realms", NULL };
+ const char * sec_domain_realm[] = { "domain_realm", NULL };
+ char ** sections;
+ char ** dr_from;
+ char * boolv;
+
+ /* first fish out a few values from [libdefaults] */
+
+ rv = pprofile_get_string(profile, "libdefaults", "dns_lookup_kdc",
+ NULL, NULL, &boolv);
+ if (!rv && boolv) {
+ d->dns_lookup_kdc = k5_parse_boolean(boolv);
+ pprofile_release_string(boolv);
+ } else
+ d->dns_lookup_kdc = FALSE;
+
+ rv = pprofile_get_string(profile, "libdefaults", "dns_lookup_realm",
+ NULL, NULL, &boolv);
+ if (!rv && boolv) {
+ d->dns_lookup_realm = k5_parse_boolean(boolv);
+ pprofile_release_string(boolv);
+ } else
+ d->dns_lookup_realm = FALSE;
+
+ rv = pprofile_get_string(profile, "libdefaults", "dns_fallback",
+ NULL, NULL, &boolv);
+ if (!rv && boolv) {
+ d->dns_fallback = k5_parse_boolean(boolv);
+ pprofile_release_string(boolv);
+ } else
+ d->dns_fallback = FALSE;
+
+ rv = pprofile_get_string(profile, "libdefaults", "noaddresses",
+ NULL, NULL, &boolv);
+ if (!rv && boolv) {
+ d->noaddresses = k5_parse_boolean(boolv);
+ pprofile_release_string(boolv);
+ } else
+ d->noaddresses = TRUE;
+
+ /* now we look at the [realms] section */
+ rv = pprofile_get_subsection_names(profile, sec_realms, §ions);
+
+ /* what? no realms? whatever */
+ if (rv) goto _skip_realms;
+
+ /* get a count first */
+ for (s=0; sections[s] && sections[s][0]; s++);
+
+ k5_assert_n_realms(d, s);
+ d->n_realms = s;
+
+ /* now go through each and fish out the kdcs, admin_server
+ and master_kdc. */
+ for (s=0; sections[s] && sections[s][0]; s++) {
+ const char * sec_kdcs[] =
+ { "realms", sections[s], "kdc", NULL };
+
+ const char * sec_admin[] =
+ { "realms", sections[s], "admin_server", NULL };
+
+ const char * sec_master[] =
+ { "realms", sections[s], "master_kdc", NULL };
+
+ char ** values;
+
+ AnsiStrToUnicode(d->realms[s].realm, sizeof(d->realms[s].realm),
+ sections[s]);
+ d->realms[s].n_kdcs = 0;
+ d->realms[s].n_domain_maps = 0;
+
+ rv = pprofile_get_values(profile, sec_kdcs, &values);
+ if (!rv) {
+ khm_size i;
+
+ for (i=0 ; values[i] && values[i][0] && i < K5_MAX_KDC; i++) {
+ AnsiStrToUnicode(d->realms[s].kdcs[i].name,
+ sizeof(d->realms[s].kdcs[i].name),
+ values[i]);
+
+ }
+ d->realms[s].n_kdcs = i;
+
+ pprofile_free_list(values);
+ }
+
+ rv = pprofile_get_values(profile, sec_admin, &values);
+ if (!rv) {
+ khm_size i;
+ khm_size j;
+ wchar_t kdc_name[K5_MAXCCH_HOST];
+
+ for (i=0; values[i] && values[i][0]; i++) {
+ AnsiStrToUnicode(kdc_name,
+ sizeof(kdc_name), values[i]);
+
+ for (j=0; j < d->realms[s].n_kdcs; j++)
+ if (!wcsicmp(kdc_name, d->realms[s].kdcs[j].name))
+ break;
+
+ if (j < d->realms[s].n_kdcs) {
+ d->realms[s].kdcs[j].admin = TRUE;
+ } else if (d->realms[s].n_kdcs < K5_MAX_KDC) {
+ j = d->realms[s].n_kdcs;
+ StringCbCopy(d->realms[s].kdcs[j].name,
+ sizeof(d->realms[s].kdcs[j].name),
+ kdc_name);
+ d->realms[s].kdcs[j].admin = TRUE;
+ d->realms[s].n_kdcs ++;
+ }
+ }
+ pprofile_free_list(values);
+ }
+
+ rv = pprofile_get_values(profile, sec_master, &values);
+ if (!rv) {
+ khm_size i;
+ khm_size j;
+ wchar_t kdc_name[K5_MAXCCH_HOST];
+
+ for (i=0; values[i] && values[i][0]; i++) {
+ AnsiStrToUnicode(kdc_name, sizeof(kdc_name), values[i]);
+
+ for (j=0; j < d->realms[s].n_kdcs; j++)
+ if (!wcsicmp(kdc_name, d->realms[s].kdcs[j].name))
+ break;
+
+ if (j < d->realms[s].n_kdcs) {
+ d->realms[s].kdcs[j].master = TRUE;
+ } else if (d->realms[s].n_kdcs < K5_MAX_KDC) {
+ j = d->realms[s].n_kdcs;
+ StringCbCopy(d->realms[s].kdcs[j].name,
+ sizeof(d->realms[s].kdcs[j].name),
+ kdc_name);
+ d->realms[s].kdcs[j].master = TRUE;
+ d->realms[s].n_kdcs ++;
+ }
+ }
+
+ pprofile_free_list(values);
+ }
+ }
+ pprofile_free_list(sections);
+
+ _skip_realms:
+
+ rv = pprofile_get_relation_names(profile, sec_domain_realm, &dr_from);
+ if (!rv) {
+ khm_size i;
+ khm_size j;
+ char * dr_to;
+ wchar_t wdr_from[K5_MAXCCH_HOST];
+ wchar_t wdr_to[K5_MAXCCH_HOST];
+
+ for (i=0; dr_from[i] && dr_from[i][0]; i++) {
+ AnsiStrToUnicode(wdr_from, sizeof(wdr_from), dr_from[i]);
+
+ rv = pprofile_get_string(profile, "domain_realm", dr_from[i],
+ NULL, NULL, &dr_to);
+
+ if (rv || !dr_to)
+ continue;
+
+ AnsiStrToUnicode(wdr_to, sizeof(wdr_to), dr_to);
+
+ for (j=0; j < d->n_realms; j++) {
+ if (!wcsicmp(wdr_to, d->realms[j].realm))
+ break;
+ }
+
+ if (j >= d->n_realms) {
+ j = d->n_realms;
+ k5_assert_n_realms(d, j + 1);
+
+ StringCbCopy(d->realms[j].realm,
+ sizeof(d->realms[j].realm),
+ wdr_to);
+ d->realms[j].n_kdcs = 0;
+ d->realms[j].n_domain_maps = 0;
+
+ d->n_realms++;
+ }
+
+ if (d->realms[j].n_domain_maps < K5_MAX_DOMAIN_MAPPINGS) {
+ khm_size k;
+
+ k = d->realms[j].n_domain_maps;
+
+ StringCbCopy(d->realms[j].domain_maps[k].name,
+ sizeof(d->realms[j].domain_maps[k].name),
+ wdr_from);
+
+ d->realms[j].n_domain_maps++;
+ }
+
+ pprofile_release_string(dr_to);
+ }
+ pprofile_free_list(dr_from);
+ }
+ pprofile_release(profile);
+ }
+
+ /* last, read the MSLSA import setting */
+ {
+ khm_int32 t;
+
+ if (KHM_SUCCEEDED(khc_read_int32(csp_params,
+ L"MsLsaImport", &t))) {
+ d->lsa_import = t;
+ } else {
+ d->lsa_import = K5_LSAIMPORT_ALWAYS;
+ }
+ }
+
+ d->flags = 0;
+}
+
+void
+k5_write_config_data(k5_config_data * d) {
+ char astr[MAX_PATH * 2];
+ char config_file[MAX_PATH];
+ profile_t profile = NULL;
+ const char *filenames[2];
+ long rv;
+ khm_size s;
+
+ if (d->flags == 0)
+ return;
+
+ if (!k5_is_profile_loaded())
+ return;
+
+ if (d->flags & K5_CDFLAG_MOD_DEF_REALM) {
+ if (SUCCEEDED(StringCbLength(d->def_realm,
+ sizeof(d->def_realm), &s)) &&
+ s > 0) {
+ khm_krb5_set_default_realm(d->def_realm);
+ }
+ }
+
+ /* write the MSLSA import setting */
+ if (d->flags & K5_CDFLAG_MOD_LSA_IMPORT) {
+
+ khc_write_int32(csp_params, L"MsLsaImport", d->lsa_import);
+
+ }
+
+ if (!(d->flags &
+ (K5_CDFLAG_MOD_CONF_FILE |
+ K5_CDFLAG_MOD_DNS_FALLBACK |
+ K5_CDFLAG_MOD_DNS_LOOKUP_RLM |
+ K5_CDFLAG_MOD_DNS_LOOKUP_KDC |
+ K5_CDFLAG_MOD_NOADDRESSES |
+ K5_CDFLAG_MOD_CREATE_CONF |
+ K5_CDFLAG_MOD_REALMS))) {
+
+ d->flags = 0;
+ return;
+
+ }
+
+ khm_krb5_get_profile_file(config_file, ARRAYLENGTH(config_file));
+
+ UnicodeStrToAnsi(astr, sizeof(astr), d->config_file);
+
+ if (stricmp(config_file, astr)) {
+ assert(FALSE);
+ }
+
+ filenames[0] = config_file;
+ filenames[1] = NULL;
+
+ rv = pprofile_init(filenames, &profile);
+
+#if FAILOVER_TO_TEMPORARY_FILE
+ if (rv) {
+ char temp_file[MAX_PATH];
+
+ khm_krb5_get_temp_profile_file(temp_file,
+ ARRAYLENGTH(temp_file));
+
+ filenames[0] = temp_file;
+
+ rv = pprofile_init(filenames, &profile);
+
+ ?? TODO: Also warn if we are doing this
+ }
+#endif
+
+
+ if (!rv) {
+ const char * sec_realms[] = { "realms", NULL };
+ const char * sec_domain_realm[] = { "domain_realm", NULL };
+ const char * sec_libdefaults[] = { "libdefaults", NULL, NULL };
+ khm_size r;
+
+ if (d->flags & K5_CDFLAG_MOD_DNS_LOOKUP_KDC) {
+
+ sec_libdefaults[1] = "dns_lookup_kdc";
+
+ pprofile_clear_relation(profile, sec_libdefaults);
+
+ rv = pprofile_add_relation(profile, sec_libdefaults,
+ (d->dns_lookup_kdc)?
+ conf_yes[0]:
+ conf_no[0]);
+ }
+
+
+ if (d->flags & K5_CDFLAG_MOD_DNS_LOOKUP_RLM) {
+
+ sec_libdefaults[1] = "dns_lookup_realm";
+
+ pprofile_clear_relation(profile, sec_libdefaults);
+
+ rv = pprofile_add_relation(profile, sec_libdefaults,
+ (d->dns_lookup_realm)?
+ conf_yes[0]:
+ conf_no[0]);
+
+ }
+
+ if (d->flags & K5_CDFLAG_MOD_DNS_FALLBACK) {
+
+ sec_libdefaults[1] = "dns_fallback";
+
+ pprofile_clear_relation(profile, sec_libdefaults);
+
+ rv = pprofile_add_relation(profile, sec_libdefaults,
+ (d->dns_fallback)?
+ conf_yes[0]:
+ conf_no[0]);
+ }
+
+ if (d->flags & K5_CDFLAG_MOD_NOADDRESSES) {
+
+ sec_libdefaults[1] = "noaddresses";
+
+ pprofile_clear_relation(profile, sec_libdefaults);
+
+ rv = pprofile_add_relation(profile, sec_libdefaults,
+ (d->noaddresses)?
+ conf_yes[0]:
+ conf_no[0]);
+ }
+
+ /* now we look at the [realms] section */
+
+ for (r=0; r < d->n_realms; r++) {
+ char realm[K5_MAXCCH_REALM];
+ char host[K5_MAXCCH_HOST];
+
+ const char * sec_kdcs[] =
+ { "realms", realm, "kdc", NULL };
+
+ const char * sec_admin[] =
+ { "realms", realm, "admin_server", NULL };
+
+ const char * sec_master[] =
+ { "realms", realm, "master_kdc", NULL };
+
+ const char * sec_domain_map[] =
+ { "domain_realm", host, NULL };
+
+ char ** values;
+
+ UnicodeStrToAnsi(realm, sizeof(realm),
+ d->realms[r].realm);
+
+ if (!(d->realms[r].flags & K5_RDFLAG_DELETED) &&
+ (d->realms[r].flags & K5_RDFLAG_NEW)) {
+
+ khm_size k;
+ khm_size m;
+
+ /* this is a new realm */
+
+ for (k=0; k < d->realms[r].n_kdcs; k++) {
+ if (!(d->realms[r].kdcs[k].flags & K5_RKFLAG_DELETED)) {
+ UnicodeStrToAnsi(host, sizeof(host),
+ d->realms[r].kdcs[k].name);
+
+ if (d->realms[r].kdcs[k].master)
+ pprofile_add_relation(profile, sec_master,
+ host);
+ else
+ pprofile_add_relation(profile, sec_kdcs,
+ host);
+
+ if (d->realms[r].kdcs[k].admin)
+ pprofile_add_relation(profile, sec_admin,
+ host);
+ }
+ }
+
+ for (m=0; m < d->realms[r].n_domain_maps; m++) {
+
+ UnicodeStrToAnsi(host, sizeof(host),
+ d->realms[r].domain_maps[m].name);
+
+ if ((d->realms[r].domain_maps[m].flags &
+ K5_DMFLAG_DELETED) &&
+ !(d->realms[r].domain_maps[m].flags &
+ K5_DMFLAG_NEW))
+ pprofile_clear_relation(profile, sec_domain_map);
+ else if (!(d->realms[r].domain_maps[m].flags &
+ K5_DMFLAG_DELETED) &&
+ (d->realms[r].domain_maps[m].flags &
+ K5_DMFLAG_NEW))
+ pprofile_add_relation(profile, sec_domain_map,
+ realm);
+ }
+ } else if ((d->realms[r].flags & K5_RDFLAG_DELETED) &&
+ !(d->realms[r].flags & K5_RDFLAG_NEW)) {
+
+ const char * sec_all[] =
+ { "realms", realm, NULL, NULL };
+ khm_size v;
+
+ /* this realm should be deleted */
+
+ rv = pprofile_get_relation_names(profile, sec_all,
+ &values);
+ if (!rv) {
+ for (v=0; values[v] && values[v][0]; v++) {
+ sec_all[2] = values[v];
+ pprofile_clear_relation(profile, sec_all);
+ }
+ pprofile_free_list(values);
+ }
+
+ rv = pprofile_get_relation_names(profile, sec_domain_realm,
+ &values);
+ if (!rv) {
+ char * maprealm;
+
+ for (v=0; values[v] && values[v][0]; v++) {
+
+ rv = pprofile_get_string(profile, "domain_realm",
+ values[v], NULL, NULL,
+ &maprealm);
+
+ if (!rv) {
+ if (!strcmp(maprealm, realm)) {
+ StringCbCopyA(host, sizeof(host),
+ values[v]);
+ pprofile_clear_relation(profile,
+ sec_domain_map);
+ }
+ pprofile_release_string(maprealm);
+ }
+ }
+
+ pprofile_free_list(values);
+ }
+ } else if (!(d->realms[r].flags & K5_RDFLAG_DELETED)) {
+ khm_size k;
+ khm_size m;
+
+ /* same as before. check if we have to update the kdc
+ list or the domain_realm mappings */
+
+ for (k=0; k < d->realms[r].n_kdcs; k++) {
+ UnicodeStrToAnsi(host, sizeof(host),
+ d->realms[r].kdcs[k].name);
+ if (d->realms[r].kdcs[k].flags & K5_RKFLAG_DELETED) {
+ pprofile_update_relation(profile, sec_kdcs,
+ host, NULL);
+ pprofile_update_relation(profile, sec_admin,
+ host, NULL);
+ pprofile_update_relation(profile, sec_master,
+ host, NULL);
+
+ continue;
+ }
+
+ if (d->realms[r].kdcs[k].flags & K5_RKFLAG_NEW) {
+ if (d->realms[r].kdcs[k].master)
+ pprofile_add_relation(profile, sec_master,
+ host);
+ else
+ pprofile_add_relation(profile, sec_kdcs,
+ host);
+
+ if (d->realms[r].kdcs[k].admin)
+ pprofile_add_relation(profile, sec_admin,
+ host);
+ continue;
+ }
+
+ if (d->realms[r].kdcs[k].flags & K5_RKFLAG_MOD_MASTER) {
+ if (!d->realms[r].kdcs[k].master) {
+ pprofile_add_relation(profile, sec_kdcs,
+ host);
+ pprofile_update_relation(profile, sec_master,
+ host, NULL);
+ } else {
+ pprofile_add_relation(profile, sec_master,
+ host);
+ pprofile_update_relation(profile, sec_kdcs,
+ host, NULL);
+ }
+ }
+
+ if (d->realms[r].kdcs[k].flags & K5_RKFLAG_MOD_ADMIN) {
+ if (d->realms[r].kdcs[k].admin)
+ pprofile_add_relation(profile, sec_admin,
+ host);
+ else
+ pprofile_update_relation(profile, sec_admin,
+ host, NULL);
+ }
+ }
+
+ for (m=0; m < d->realms[r].n_domain_maps; m++) {
+
+ UnicodeStrToAnsi(host, sizeof(host),
+ d->realms[r].domain_maps[m].name);
+
+ if ((d->realms[r].domain_maps[m].flags &
+ K5_DMFLAG_DELETED) &&
+ !(d->realms[r].domain_maps[m].flags &
+ K5_DMFLAG_NEW))
+ pprofile_clear_relation(profile, sec_domain_map);
+ else if (!(d->realms[r].domain_maps[m].flags &
+ K5_DMFLAG_DELETED) &&
+ (d->realms[r].domain_maps[m].flags &
+ K5_DMFLAG_NEW))
+ pprofile_add_relation(profile, sec_domain_map,
+ realm);
+ }
+ }
+ }
+
+ rv = pprofile_flush(profile);
+
+ pprofile_release(profile);
+ }
+
+ if (rv) {
+ khui_alert * alert;
+ wchar_t title[KHUI_MAXCCH_TITLE];
+ wchar_t fmsg[KHUI_MAXCCH_MESSAGE];
+ wchar_t msg[KHUI_MAXCCH_MESSAGE];
+ wchar_t sugg[KHUI_MAXCCH_SUGGESTION];
+
+ LoadString(hResModule, IDS_K5ERR_CANTWRITEPROFILE,
+ title, ARRAYLENGTH(title));
+ if (rv)
+ LoadString(hResModule, IDS_K5ERR_PROFNOWRITE,
+ fmsg, ARRAYLENGTH(fmsg));
+
+ LoadString(hResModule, IDS_K5ERR_PROFSUGGEST,
+ sugg, ARRAYLENGTH(sugg));
+
+ StringCbPrintf(msg, sizeof(msg), fmsg, config_file);
+
+ khui_alert_create_empty(&alert);
+ khui_alert_set_severity(alert, (rv)?KHERR_ERROR:KHERR_WARNING);
+ khui_alert_set_title(alert, title);
+ khui_alert_set_message(alert, msg);
+ khui_alert_set_suggestion(alert, sugg);
+
+ khui_alert_show(alert);
+ }
+
+ d->flags = 0;
+}
+
+/* actual dialog stuff */
+
+#define IDX_NORMAL 1
+#define IDX_MODIFIED 2
+#define IDX_NEW 3
+#define IDX_DELETED 4
+
+static k5_config_data k5_config_dlg_data;
+static khm_boolean k5_dlg_data_valid = FALSE;
INT_PTR CALLBACK
k5_config_dlgproc(HWND hwnd,
@@ -38,41 +892,42 @@ k5_config_dlgproc(HWND hwnd, case WM_INITDIALOG:
{
HWND hw;
- wchar_t * realms;
- wchar_t * defrealm;
+ khm_size i;
+ k5_config_data * d;
+
wchar_t * t;
- char conffile[MAX_PATH];
- wchar_t wconffile[MAX_PATH];
wchar_t importopts[256];
WKSTA_INFO_100 * winfo100;
- hw = GetDlgItem(hwnd, IDC_CFG_DEFREALM);
#ifdef DEBUG
- assert(hw);
+ assert(!k5_dlg_data_valid);
#endif
- realms = khm_krb5_get_realm_list();
- defrealm = khm_krb5_get_default_realm();
+
+ k5_init_config_data(&k5_config_dlg_data);
+ k5_read_config_data(&k5_config_dlg_data);
+
+ k5_dlg_data_valid = TRUE;
+
+ d = &k5_config_dlg_data;
+
+ d->node_main = (khui_config_node) lParam;
+
+ hw = GetDlgItem(hwnd, IDC_CFG_DEFREALM);
#ifdef DEBUG
- assert(realms);
- assert(defrealm);
+ assert(hw);
#endif
SendMessage(hw, CB_RESETCONTENT, 0, 0);
- for(t = realms; t && *t; t = multi_string_next(t)) {
- SendMessage(hw, CB_ADDSTRING, 0, (LPARAM) t);
+ for (i=0; i < d->n_realms; i++) {
+ SendMessage(hw, CB_ADDSTRING, 0,
+ (LPARAM) d->realms[i].realm);
}
- SendMessage(hw, CB_SELECTSTRING, -1, (LPARAM) defrealm);
-
- free(defrealm);
- free(realms);
-
- khm_get_profile_file(conffile, sizeof(conffile));
+ SendMessage(hw, CB_SELECTSTRING, -1,
+ (LPARAM) d->def_realm);
- AnsiStrToUnicode(wconffile, sizeof(wconffile), conffile);
-
- SetDlgItemText(hwnd, IDC_CFG_CFGFILE, wconffile);
+ SetDlgItemText(hwnd, IDC_CFG_CFGFILE, d->config_file);
/* hostname/domain */
if (NetWkstaGetInfo(NULL, 100, (LPBYTE *) &winfo100) == NERR_Success) {
@@ -99,175 +954,692 @@ k5_config_dlgproc(HWND hwnd, SendMessage(hw, CB_ADDSTRING, 0, (LPARAM) t);
}
- SendMessage(hw, CB_SETCURSEL, 0, 0);
-
+ SendMessage(hw, CB_SETCURSEL, 0, d->lsa_import);
+ t = importopts;
+ SendMessage(hw, CB_GETLBTEXT, d->lsa_import,(LPARAM) t);
+ SendMessage(hw, CB_SELECTSTRING, -1, (LPARAM) t);
}
break;
- case WM_DESTROY:
+ case WM_COMMAND:
+ {
+ k5_config_data * d;
+
+ d = &k5_config_dlg_data;
+
+ if (wParam == MAKEWPARAM(IDC_CFG_IMPORT, CBN_SELCHANGE)) {
+ int idx;
+ int modified = FALSE;
+
+ idx = (int) SendDlgItemMessage(hwnd, IDC_CFG_IMPORT,
+ CB_GETCURSEL, 0, 0);
+ if (idx != CB_ERR && idx != d->lsa_import) {
+ d->lsa_import = idx;
+ d->flags |= K5_CDFLAG_MOD_LSA_IMPORT;
+ modified = TRUE;
+ }
+
+ khui_cfg_set_flags(d->node_main,
+ (modified)?KHUI_CNFLAG_MODIFIED:0,
+ KHUI_CNFLAG_MODIFIED);
+ return TRUE;
+ }
+ }
break;
- }
- return FALSE;
-}
-INT_PTR CALLBACK
-k5_realms_dlgproc(HWND hwndDlg,
- UINT uMsg,
- WPARAM wParam,
- LPARAM lParam) {
- switch(uMsg) {
- case WM_INITDIALOG:
+ case KHUI_WM_CFG_NOTIFY:
+ {
+ k5_config_data * d;
+
+ d = &k5_config_dlg_data;
+
+ if (HIWORD(wParam) == WMCFG_APPLY) {
+ khm_int32 oflags;
+
+ oflags = d->flags;
+ k5_write_config_data(d);
+
+ if (d->flags != oflags) {
+ khui_cfg_set_flags(d->node_main,
+ KHUI_CNFLAG_APPLIED,
+ KHUI_CNFLAG_APPLIED |
+ KHUI_CNFLAG_MODIFIED);
+ }
+ return TRUE;
+ }
+ }
break;
case WM_DESTROY:
+ {
+ k5_free_config_data(&k5_config_dlg_data);
+ k5_dlg_data_valid = FALSE;
+ }
break;
}
return FALSE;
}
-typedef struct tag_k5_ids_dlg_data {
- khui_tracker tc_life;
- khui_tracker tc_renew;
- khui_tracker tc_life_min;
- khui_tracker tc_life_max;
- khui_tracker tc_renew_min;
- khui_tracker tc_renew_max;
-
- time_t life;
- time_t renew_life;
- time_t life_min;
- time_t life_max;
- time_t renew_min;
- time_t renew_max;
-} k5_ids_dlg_data;
+static HIMAGELIST
+k5_get_state_image_list(void) {
+ HIMAGELIST hil;
+ HICON hicon;
+
+ hil = ImageList_Create(GetSystemMetrics(SM_CXSMICON),
+ GetSystemMetrics(SM_CYSMICON),
+ ILC_COLOR | ILC_MASK,
+ 4,
+ 2);
+
+ hicon = LoadImage(hResModule,
+ MAKEINTRESOURCE(IDI_NORMAL),
+ IMAGE_ICON,
+ GetSystemMetrics(SM_CXSMICON),
+ GetSystemMetrics(SM_CYSMICON),
+ LR_DEFAULTCOLOR);
+
+ ImageList_AddIcon(hil, hicon);
+
+ DestroyIcon(hicon);
+
+ hicon = LoadImage(hResModule,
+ MAKEINTRESOURCE(IDI_MODIFIED),
+ IMAGE_ICON,
+ GetSystemMetrics(SM_CXSMICON),
+ GetSystemMetrics(SM_CYSMICON),
+ LR_DEFAULTCOLOR);
+
+ ImageList_AddIcon(hil, hicon);
+
+ DestroyIcon(hicon);
+
+ hicon = LoadImage(hResModule,
+ MAKEINTRESOURCE(IDI_NEW),
+ IMAGE_ICON,
+ GetSystemMetrics(SM_CXSMICON),
+ GetSystemMetrics(SM_CYSMICON),
+ LR_DEFAULTCOLOR);
+
+ ImageList_AddIcon(hil, hicon);
+
+ DestroyIcon(hicon);
+
+ hicon = LoadImage(hResModule,
+ MAKEINTRESOURCE(IDI_DELETED),
+ IMAGE_ICON,
+ GetSystemMetrics(SM_CXSMICON),
+ GetSystemMetrics(SM_CYSMICON),
+ LR_DEFAULTCOLOR);
+
+ ImageList_AddIcon(hil, hicon);
+
+ DestroyIcon(hicon);
+
+ return hil;
+}
+
+static void
+k5_update_realms_display(HWND hw_list, k5_config_data * d) {
+ khm_size i;
+ LVITEM lvi;
+ wchar_t buf[64];
+
+ ListView_DeleteAllItems(hw_list);
+
+ for (i=0; i < d->n_realms; i++) {
+ if ((d->realms[i].flags & K5_RDFLAG_DELETED) &&
+ (d->realms[i].flags & K5_RDFLAG_NEW))
+ continue;
+
+ ZeroMemory(&lvi, sizeof(lvi));
+ lvi.mask = LVIF_PARAM | LVIF_STATE | LVIF_TEXT;
+ lvi.iItem = 0;
+ lvi.iSubItem = 0;
+ lvi.pszText = d->realms[i].realm;
+ lvi.lParam = i;
+
+ if (d->realms[i].flags & K5_RDFLAG_DELETED) {
+ lvi.state = INDEXTOSTATEIMAGEMASK(IDX_DELETED);
+ } else if (d->realms[i].flags & K5_RDFLAG_NEW) {
+ lvi.state = INDEXTOSTATEIMAGEMASK(IDX_NEW);
+ } else if (d->realms[i].flags & K5_RDFLAG_MODIFED) {
+ lvi.state = INDEXTOSTATEIMAGEMASK(IDX_MODIFIED);
+ } else {
+ lvi.state = INDEXTOSTATEIMAGEMASK(IDX_NORMAL);
+ }
+ lvi.stateMask = LVIS_STATEIMAGEMASK;
+
+ ListView_InsertItem(hw_list, &lvi);
+ }
+
+ ZeroMemory(&lvi, sizeof(lvi));
+ lvi.mask = LVIF_PARAM | LVIF_STATE | LVIF_TEXT;
+ lvi.iItem = 0;
+ lvi.iSubItem = 0;
+ lvi.pszText = buf;
+ lvi.lParam = (LPARAM) -1;
+
+ LoadString(hResModule, IDS_CFG_RE_NEWREALM,
+ buf, ARRAYLENGTH(buf));
+
+ lvi.state = INDEXTOSTATEIMAGEMASK(IDX_NEW);
+ lvi.stateMask = LVIS_STATEIMAGEMASK;
+
+ ListView_InsertItem(hw_list, &lvi);
+
+ if (d->flags & K5_CDFLAG_MOD_REALMS) {
+ khui_cfg_set_flags(d->node_realm, KHUI_CNFLAG_MODIFIED,
+ KHUI_CNFLAG_MODIFIED);
+ } else {
+ khui_cfg_set_flags(d->node_realm, 0,
+ KHUI_CNFLAG_MODIFIED);
+ }
+}
static void
-k5_ids_read_params(k5_ids_dlg_data * d) {
- khm_int32 t;
- khm_int32 rv;
+k5_update_kdcs_display(HWND hw_kdc, k5_config_data * d, khm_size idx_rlm) {
+ khm_size k;
+ LVITEM lvi;
+ int idx_item;
+ k5_realm_kdc * pkdc;
+ wchar_t wyes[8];
+ wchar_t wno[8];
+ wchar_t wbuf[64];
+
+ ListView_DeleteAllItems(hw_kdc);
+
+ if (d == NULL)
+ return;
#ifdef DEBUG
- assert(csp_params);
+ assert(idx_rlm < d->n_realms);
#endif
+ LoadString(hResModule, IDS_YES, wyes, ARRAYLENGTH(wyes));
+ LoadString(hResModule, IDS_NO, wno, ARRAYLENGTH(wno));
+
+ for (k=0; k < d->realms[idx_rlm].n_kdcs; k++) {
+ if ((d->realms[idx_rlm].kdcs[k].flags & K5_RKFLAG_DELETED) &&
+ (d->realms[idx_rlm].kdcs[k].flags & K5_RKFLAG_NEW))
+ continue;
+
+ pkdc = &(d->realms[idx_rlm].kdcs[k]);
+
+ ZeroMemory(&lvi, sizeof(lvi));
+ lvi.mask = LVIF_PARAM | LVIF_STATE | LVIF_TEXT;
+ lvi.iItem = K5_MAX_KDC;
+ lvi.iSubItem = 0;
+ lvi.lParam = k;
+ lvi.pszText = pkdc->name;
+ if (pkdc->flags & K5_RKFLAG_DELETED) {
+ lvi.state = INDEXTOSTATEIMAGEMASK(IDX_DELETED);
+ } else if (pkdc->flags & K5_RKFLAG_NEW) {
+ lvi.state = INDEXTOSTATEIMAGEMASK(IDX_NEW);
+ } else if ((pkdc->flags & K5_RKFLAG_MOD_ADMIN) ||
+ (pkdc->flags & K5_RKFLAG_MOD_MASTER)) {
+ lvi.state = INDEXTOSTATEIMAGEMASK(IDX_MODIFIED);
+ } else {
+ lvi.state = INDEXTOSTATEIMAGEMASK(IDX_NORMAL);
+ }
+ lvi.stateMask = LVIS_STATEIMAGEMASK;
+
+ idx_item = ListView_InsertItem(hw_kdc, &lvi);
+
+ lvi.mask = LVIF_TEXT;
+ lvi.iItem = idx_item;
+ lvi.iSubItem = 1;
+ if (pkdc->admin)
+ lvi.pszText = wyes;
+ else
+ lvi.pszText = wno;
+ ListView_SetItem(hw_kdc, &lvi);
+
+ lvi.iSubItem = 2;
+ if (pkdc->master)
+ lvi.pszText = wyes;
+ else
+ lvi.pszText = wno;
+ ListView_SetItem(hw_kdc, &lvi);
+ }
+
+ ZeroMemory(&lvi, sizeof(lvi));
+ lvi.mask = LVIF_TEXT | LVIF_PARAM | LVIF_STATE;
+ lvi.iItem = 0;
+ lvi.iSubItem = 0;
+ lvi.pszText = wbuf;
+ lvi.lParam = (LPARAM) -1;
+ lvi.state = INDEXTOSTATEIMAGEMASK(IDX_NEW);
+ lvi.stateMask = LVIS_STATEIMAGEMASK;
- rv = khc_read_int32(csp_params, L"DefaultLifetime", &t);
- assert(KHM_SUCCEEDED(rv));
- d->life = t;
-
- rv = khc_read_int32(csp_params, L"DefaultRenewLifetime", &t);
- assert(KHM_SUCCEEDED(rv));
- d->renew_life = t;
-
- rv = khc_read_int32(csp_params, L"MaxLifetime", &t);
- assert(KHM_SUCCEEDED(rv));
- d->life_max = t;
-
- rv = khc_read_int32(csp_params, L"MinLifetime", &t);
- assert(KHM_SUCCEEDED(rv));
- d->life_min = t;
-
- rv = khc_read_int32(csp_params, L"MaxRenewLifetime", &t);
- assert(KHM_SUCCEEDED(rv));
- d->renew_max = t;
-
- rv = khc_read_int32(csp_params, L"MinRenewLifetime", &t);
- assert(KHM_SUCCEEDED(rv));
- d->renew_min = t;
-
- khui_tracker_initialize(&d->tc_life);
- d->tc_life.current = d->life;
- d->tc_life.min = 0;
- d->tc_life.max = 3600 * 24 * 7;
-
- khui_tracker_initialize(&d->tc_renew);
- d->tc_renew.current = d->renew_life;
- d->tc_renew.min = 0;
- d->tc_renew.max = 3600 * 24 * 30;
-
- khui_tracker_initialize(&d->tc_life_min);
- d->tc_life_min.current = d->life_min;
- d->tc_life_min.min = d->tc_life.min;
- d->tc_life_min.max = d->tc_life.max;
-
- khui_tracker_initialize(&d->tc_life_max);
- d->tc_life_max.current = d->life_max;
- d->tc_life_max.min = d->tc_life.min;
- d->tc_life_max.max = d->tc_life.max;
-
- khui_tracker_initialize(&d->tc_renew_min);
- d->tc_renew_min.current = d->renew_min;
- d->tc_renew_min.min = d->tc_renew.min;
- d->tc_renew_min.max = d->tc_renew.max;
-
- khui_tracker_initialize(&d->tc_renew_max);
- d->tc_renew_max.current = d->renew_max;
- d->tc_renew_max.min = d->tc_renew.min;
- d->tc_renew_max.max = d->tc_renew.max;
+ LoadString(hResModule, IDS_CFG_RE_NEWSERVER,
+ wbuf, ARRAYLENGTH(wbuf));
+
+ ListView_InsertItem(hw_kdc, &lvi);
}
-INT_PTR CALLBACK
-k5_ids_tab_dlgproc(HWND hwnd,
- UINT uMsg,
- WPARAM wParam,
- LPARAM lParam) {
- k5_ids_dlg_data * d;
+static void
+k5_update_dmap_display(HWND hw_dm, k5_config_data * d, khm_size idx_rlm) {
+ khm_size m;
+ LVITEM lvi;
+ k5_domain_map * map;
+ wchar_t wbuf[64];
+
+ ListView_DeleteAllItems(hw_dm);
+
+ if (d == NULL)
+ return;
- switch(uMsg) {
- case WM_INITDIALOG:
- d = malloc(sizeof(*d));
#ifdef DEBUG
- assert(d);
+ assert(idx_rlm < d->n_realms);
#endif
- ZeroMemory(d, sizeof(*d));
-#pragma warning(push)
-#pragma warning(disable: 4244)
- SetWindowLongPtr(hwnd, DWLP_USER, (LONG_PTR) d);
-#pragma warning(pop)
- k5_ids_read_params(d);
-
- khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_DEFLIFE),
- &d->tc_life);
- khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_DEFRLIFE),
- &d->tc_renew);
- khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_LRNG_MIN),
- &d->tc_life_min);
- khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_LRNG_MAX),
- &d->tc_life_max);
- khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_RLRNG_MIN),
- &d->tc_renew_min);
- khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_RLRNG_MAX),
- &d->tc_renew_max);
- khui_tracker_refresh(&d->tc_life);
- khui_tracker_refresh(&d->tc_life_min);
- khui_tracker_refresh(&d->tc_life_max);
- khui_tracker_refresh(&d->tc_renew);
- khui_tracker_refresh(&d->tc_renew_min);
- khui_tracker_refresh(&d->tc_renew_max);
- break;
+ for (m=0; m < d->realms[idx_rlm].n_domain_maps; m++) {
+ map = &(d->realms[idx_rlm].domain_maps[m]);
- case WM_DESTROY:
- d = (k5_ids_dlg_data *) (LONG_PTR)
- GetWindowLongPtr(hwnd, DWLP_USER);
-
- khui_tracker_kill_controls(&d->tc_life);
- khui_tracker_kill_controls(&d->tc_renew);
- khui_tracker_kill_controls(&d->tc_life_min);
- khui_tracker_kill_controls(&d->tc_life_max);
- khui_tracker_kill_controls(&d->tc_renew_min);
- khui_tracker_kill_controls(&d->tc_renew_max);
- break;
+ if ((map->flags & K5_DMFLAG_NEW) &&
+ (map->flags & K5_DMFLAG_DELETED))
+ continue;
+
+ ZeroMemory(&lvi, sizeof(lvi));
+
+ lvi.mask = LVIF_TEXT | LVIF_STATE | LVIF_PARAM;
+ lvi.pszText = map->name;
+ if (map->flags & K5_DMFLAG_DELETED)
+ lvi.state = INDEXTOSTATEIMAGEMASK(IDX_DELETED);
+ else if (map->flags & K5_DMFLAG_NEW)
+ lvi.state = INDEXTOSTATEIMAGEMASK(IDX_NEW);
+ else
+ lvi.state = INDEXTOSTATEIMAGEMASK(IDX_NORMAL);
+ lvi.stateMask = LVIS_STATEIMAGEMASK;
+ lvi.lParam = m;
+
+ lvi.iItem = K5_MAX_DOMAIN_MAPPINGS;
+ lvi.iSubItem = 0;
+
+ ListView_InsertItem(hw_dm, &lvi);
}
- return FALSE;
+
+ ZeroMemory(&lvi, sizeof(lvi));
+ lvi.mask = LVIF_PARAM | LVIF_TEXT | LVIF_STATE;
+ lvi.pszText = wbuf;
+ lvi.lParam = (LPARAM) -1;
+ lvi.state = INDEXTOSTATEIMAGEMASK(IDX_NEW);
+ lvi.stateMask = LVIS_STATEIMAGEMASK;
+ lvi.iItem = 0;
+ lvi.iSubItem = 0;
+
+ LoadString(hResModule, IDS_CFG_RE_NEWDMAP,
+ wbuf, ARRAYLENGTH(wbuf));
+
+ ListView_InsertItem(hw_dm, &lvi);
}
INT_PTR CALLBACK
-k5_id_tab_dlgproc(HWND hwndDlg,
+k5_realms_dlgproc(HWND hwnd,
UINT uMsg,
WPARAM wParam,
LPARAM lParam) {
+ k5_config_data * d;
+
+ d = &k5_config_dlg_data;
+
switch(uMsg) {
case WM_INITDIALOG:
+ {
+ LVCOLUMN lvc;
+ HWND hw;
+ RECT r;
+ wchar_t buf[256];
+
+ assert(k5_dlg_data_valid);
+
+ d->node_realm = (khui_config_node) lParam;
+
+ /* set up columns for the Realms list */
+ hw = GetDlgItem(hwnd, IDC_CFG_REALMS);
+#ifdef DEBUG
+ assert(hw);
+#endif
+ GetWindowRect(hw, &r);
+ r.right -= 5; /* shave a few pixels off the width */
+ ZeroMemory(&lvc, sizeof(lvc));
+ lvc.mask = LVCF_TEXT | LVCF_WIDTH;
+ lvc.pszText = buf;
+ lvc.cx = (r.right - r.left);
+ LoadString(hResModule, IDS_CFG_RE_REALMS,
+ buf, ARRAYLENGTH(buf));
+
+ ListView_InsertColumn(hw, 0, &lvc);
+
+ ListView_SetImageList(hw,
+ k5_get_state_image_list(),
+ LVSIL_STATE);
+
+ k5_update_realms_display(hw, d);
+
+ /* set up columns for the servers list */
+ hw = GetDlgItem(hwnd, IDC_CFG_KDC);
+#ifdef DEBUG
+ assert(hw);
+#endif
+ GetWindowRect(hw, &r);
+ r.right -= 5;
+ ZeroMemory(&lvc, sizeof(lvc));
+ lvc.mask = LVCF_TEXT | LVCF_WIDTH;
+ lvc.pszText = buf;
+ lvc.cx = (r.right - r.left) * 2 / 4;
+ LoadString(hResModule, IDS_CFG_RE_HEAD_SVR,
+ buf, ARRAYLENGTH(buf));
+
+ ListView_InsertColumn(hw, 0, &lvc);
+
+ lvc.cx = (r.right - r.left) * 1 / 4;
+ LoadString(hResModule, IDS_CFG_RE_HEAD_ADMIN,
+ buf, ARRAYLENGTH(buf));
+ ListView_InsertColumn(hw, 1, &lvc);
+
+ LoadString(hResModule, IDS_CFG_RE_HEAD_MASTER,
+ buf, ARRAYLENGTH(buf));
+ ListView_InsertColumn(hw, 2, &lvc);
+
+ ListView_SetImageList(hw,
+ k5_get_state_image_list(),
+ LVSIL_STATE);
+
+ /* set up columns for the domain/host mapping list */
+ hw = GetDlgItem(hwnd, IDC_CFG_DMAP);
+#ifdef DEBUG
+ assert(hw);
+#endif
+ GetWindowRect(hw, &r);
+ r.right -= 5;
+ ZeroMemory(&lvc, sizeof(lvc));
+ lvc.mask = LVCF_TEXT | LVCF_WIDTH;
+ lvc.pszText = buf;
+ lvc.cx = (r.right - r.left);
+ LoadString(hResModule, IDS_CFG_RE_HEAD_DOMAIN,
+ buf, ARRAYLENGTH(buf));
+
+ ListView_InsertColumn(hw, 0, &lvc);
+
+
+ ListView_SetImageList(hw,
+ k5_get_state_image_list(),
+ LVSIL_STATE);
+ }
+ break;
+
+ case WM_NOTIFY:
+ {
+ LPNMHDR pnmh;
+ HWND hw_rlm = NULL;
+ HWND hw_kdc = NULL;
+ HWND hw_dmp = NULL;
+ int i;
+
+ pnmh = (LPNMHDR) lParam;
+
+ if (pnmh->idFrom == IDC_CFG_REALMS) {
+
+ hw_rlm = pnmh->hwndFrom;
+
+ switch(pnmh->code) {
+ case LVN_ITEMCHANGED:
+ i = ListView_GetSelectedCount(hw_rlm);
+ hw_kdc = GetDlgItem(hwnd, IDC_CFG_KDC);
+ hw_dmp = GetDlgItem(hwnd, IDC_CFG_DMAP);
+
+ d->c_realm = (khm_size) -1;
+
+ if (i == 1) {
+ LVITEM lvi;
+
+ i = ListView_GetNextItem(hw_rlm, -1,
+ LVNI_SELECTED);
+ if (i == -1)
+ goto _no_selection;
+
+ ZeroMemory(&lvi, sizeof(lvi));
+
+ lvi.iItem = i;
+ lvi.iSubItem = 0;
+ lvi.mask = LVIF_PARAM;
+
+ ListView_GetItem(hw_rlm, &lvi);
+
+ if (lvi.lParam == -1)
+ goto _no_selection;
+
+ d->c_realm = lvi.lParam;
+
+ k5_update_kdcs_display(hw_kdc, d, lvi.lParam);
+ k5_update_dmap_display(hw_dmp, d, lvi.lParam);
+ return TRUE;
+ }
+
+ _no_selection:
+ ListView_DeleteAllItems(hw_kdc);
+ ListView_DeleteAllItems(hw_dmp);
+ break;
+
+ case LVN_BEGINLABELEDIT:
+ {
+ NMLVDISPINFO * pdisp;
+ LVITEM lvi;
+
+ pdisp = (NMLVDISPINFO *) lParam;
+
+ ZeroMemory(&lvi, sizeof(lvi));
+ lvi.iItem = pdisp->item.iItem;
+ lvi.mask = LVIF_PARAM;
+
+ ListView_GetItem(hw_rlm, &lvi);
+
+ if (pdisp->item.iItem == -1 ||
+ lvi.lParam != -1) {
+ SetWindowLongPtr(hwnd, DWL_MSGRESULT, TRUE);
+ } else {
+ /* allow editing */
+ HWND hw_edit;
+
+ hw_edit = ListView_GetEditControl(hw_rlm);
+ if (hw_edit != NULL) {
+ SendMessage(hw_edit,
+ EM_SETLIMITTEXT,
+ K5_MAXCCH_REALM - 1,
+ 0);
+ }
+ SetWindowLongPtr(hwnd, DWL_MSGRESULT, FALSE);
+ }
+
+ return TRUE;
+ }
+ break;
+
+ case LVN_ENDLABELEDIT:
+ {
+ NMLVDISPINFO * pdisp;
+ khm_size n;
+
+ pdisp = (NMLVDISPINFO *) lParam;
+
+ if (pdisp->item.pszText) {
+ n = d->n_realms;
+ k5_assert_n_realms(d, n+1);
+ StringCbCopy(d->realms[n].realm,
+ sizeof(d->realms[n].realm),
+ pdisp->item.pszText);
+ d->realms[n].flags = K5_RDFLAG_NEW;
+ d->n_realms++;
+
+ d->flags |= K5_CDFLAG_MOD_REALMS;
+
+ k5_update_realms_display(hw_rlm, d);
+ }
+
+ return TRUE;
+ }
+ break;
+
+ case LVN_KEYDOWN:
+ {
+ NMLVKEYDOWN * pnmk;
+ LVITEM lvi;
+ khm_size r;
+ int idx;
+ BOOL modified = FALSE;
+
+ pnmk = (NMLVKEYDOWN *) lParam;
+
+ if (pnmk->wVKey == VK_DELETE) {
+ idx = -1;
+ while((idx = ListView_GetNextItem(hw_rlm, idx,
+ LVNI_SELECTED))
+ != -1) {
+ ZeroMemory(&lvi, sizeof(lvi));
+ lvi.iItem = idx;
+ lvi.iSubItem = 0;
+ lvi.mask = LVIF_PARAM;
+
+ ListView_GetItem(hw_rlm, &lvi);
+
+ if (lvi.lParam != -1 &&
+ (r = lvi.lParam) < d->n_realms) {
+ d->realms[r].flags ^= K5_RDFLAG_DELETED;
+ modified = TRUE;
+ }
+ }
+
+ if (modified) {
+ d->flags |= K5_CDFLAG_MOD_REALMS;
+
+ k5_purge_config_data(d, TRUE, TRUE, TRUE);
+ k5_update_realms_display(hw_rlm, d);
+ k5_update_dmap_display(GetDlgItem(hwnd, IDC_CFG_DMAP), NULL, 0);
+ k5_update_kdcs_display(GetDlgItem(hwnd, IDC_CFG_KDC), NULL, 0);
+ }
+ return TRUE;
+ }
+ }
+ break;
+ }
+ } else if (pnmh->idFrom == IDC_CFG_KDC) {
+ hw_kdc = pnmh->hwndFrom;
+
+ switch (pnmh->code) {
+ case LVN_BEGINLABELEDIT:
+ {
+ NMLVDISPINFO * pdisp;
+ LVITEM lvi;
+
+ pdisp = (NMLVDISPINFO *) lParam;
+
+ ZeroMemory(&lvi, sizeof(lvi));
+ lvi.iItem = pdisp->item.iItem;
+ lvi.mask = LVIF_PARAM;
+
+ ListView_GetItem(hw_kdc, &lvi);
+
+ if (pdisp->item.iItem == -1 ||
+ lvi.lParam != -1) {
+ SetWindowLongPtr(hwnd, DWL_MSGRESULT, TRUE);
+ } else {
+ /* allow editing */
+ HWND hw_edit;
+
+ hw_edit = ListView_GetEditControl(hw_kdc);
+ if (hw_edit != NULL) {
+ SendMessage(hw_edit,
+ EM_SETLIMITTEXT,
+ K5_MAXCCH_HOST - 1,
+ 0);
+ }
+ SetWindowLongPtr(hwnd, DWL_MSGRESULT, FALSE);
+ }
+ return TRUE;
+ }
+ break;
+
+ case LVN_ENDLABELEDIT:
+ {
+ NMLVDISPINFO * pdisp;
+ khm_size r;
+ khm_size k;
+
+ r = d->c_realm;
+
+ pdisp = (NMLVDISPINFO *) lParam;
+
+ if (pdisp->item.pszText) {
+ k = d->realms[r].n_kdcs;
+
+ if (k >= K5_MAX_KDC) {
+ SetWindowLongPtr(hwnd, DWL_MSGRESULT, FALSE);
+ /* TODO: show a message box saying
+ there are too many KDC's
+ already. */
+ return TRUE;
+ }
+
+ StringCbCopy(d->realms[r].kdcs[k].name,
+ sizeof(d->realms[0].kdcs[0].name),
+ pdisp->item.pszText);
+ d->realms[r].kdcs[k].flags = K5_RKFLAG_NEW;
+ d->realms[r].n_kdcs++;
+
+ d->realms[r].flags |= K5_RDFLAG_MODIFED;
+
+ k5_update_kdcs_display(hw_kdc, d, d->c_realm);
+ }
+ return TRUE;
+ }
+ break;
+
+ case LVN_KEYDOWN:
+ {
+#if 0
+ NMLVKEYDOWN * pnmk;
+ LVITEM lvi;
+ khm_size r;
+ int idx;
+ BOOL modified = FALSE;
+
+ pnmk = (NMLVKEYDOWN *) lParam;
+
+ if (pnmk->wVKey == VK_DELETE) {
+ idx = -1;
+ while((idx = ListView_GetNextItem(hw_rlm, idx,
+ LVNI_SELECTED))
+ != -1) {
+ ZeroMemory(&lvi, sizeof(lvi));
+ lvi.iItem = idx;
+ lvi.iSubItem = 0;
+ lvi.mask = LVIF_PARAM;
+
+ ListView_GetItem(hw_rlm, &lvi);
+
+ if (lvi.lParam != -1 &&
+ (r = lvi.lParam) < d->n_realms) {
+ d->realms[r].flags ^= K5_RDFLAG_DELETED;
+ modified = TRUE;
+ }
+ }
+
+ if (modified) {
+ d->flags |= K5_CDFLAG_MOD_REALMS;
+
+ k5_purge_config_data(d, TRUE, TRUE, TRUE);
+ k5_update_realms_display(hw_rlm, d);
+ k5_update_dmap_display(GetDlgItem(hwnd, IDC_CFG_DMAP), NULL, 0);
+ k5_update_kdcs_display(GetDlgItem(hwnd, IDC_CFG_KDC), NULL, 0);
+ }
+ return TRUE;
+ }
+#endif
+ }
+ break;
+ }
+ }
+ }
break;
case WM_DESTROY:
@@ -276,7 +1648,6 @@ k5_id_tab_dlgproc(HWND hwndDlg, return FALSE;
}
-
void
k5_register_config_panels(void) {
khui_config_node node;
@@ -308,6 +1679,7 @@ k5_register_config_panels(void) { #endif
}
+#ifdef REALM_EDITOR
ZeroMemory(®, sizeof(reg));
LoadString(hResModule, IDS_K5RLM_SHORT_DESC,
@@ -324,6 +1696,24 @@ k5_register_config_panels(void) { reg.flags = 0;
khui_cfg_register(node, ®);
+#endif
+
+ ZeroMemory(®, sizeof(reg));
+
+ LoadString(hResModule, IDS_K5CCC_SHORT_DESC,
+ wshort, ARRAYLENGTH(wshort));
+ LoadString(hResModule, IDS_K5CCC_LONG_DESC,
+ wlong, ARRAYLENGTH(wlong));
+
+ reg.name = L"KerberosCCaches";
+ reg.short_desc = wshort;
+ reg.long_desc = wlong;
+ reg.h_module = hResModule;
+ reg.dlg_template = MAKEINTRESOURCE(IDD_CFG_CACHES);
+ reg.dlg_proc = k5_ccconfig_dlgproc;
+ reg.flags = 0;
+
+ khui_cfg_register(node, ®);
khui_cfg_release(node);
@@ -374,9 +1764,12 @@ k5_register_config_panels(void) { void
k5_unregister_config_panels(void) {
khui_config_node node_main;
+#ifdef REALM_EDITOR
khui_config_node node_realms;
+#endif
khui_config_node node_ids;
khui_config_node node_tab;
+ khui_config_node node_ccaches;
if (KHM_FAILED(khui_cfg_open(NULL, L"Kerberos5", &node_main))) {
node_main = NULL;
@@ -385,6 +1778,7 @@ k5_unregister_config_panels(void) { #endif
}
+#ifdef REALM_EDITOR
if (KHM_SUCCEEDED(khui_cfg_open(node_main, L"KerberosRealms",
&node_realms))) {
khui_cfg_remove(node_realms);
@@ -394,6 +1788,17 @@ k5_unregister_config_panels(void) { else
assert(FALSE);
#endif
+#endif
+
+ if (KHM_SUCCEEDED(khui_cfg_open(node_main, L"KerberosCCaches",
+ &node_ccaches))) {
+ khui_cfg_remove(node_ccaches);
+ khui_cfg_release(node_ccaches);
+ }
+#ifdef DEBUG
+ else
+ assert(FALSE);
+#endif
if (node_main) {
khui_cfg_remove(node_main);
diff --git a/src/windows/identity/plugins/krb5/krb5configid.c b/src/windows/identity/plugins/krb5/krb5configid.c new file mode 100644 index 000000000..17ab40929 --- /dev/null +++ b/src/windows/identity/plugins/krb5/krb5configid.c @@ -0,0 +1,254 @@ +/*
+ * Copyright (c) 2005 Massachusetts Institute of Technology
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use, copy,
+ * modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+/* $Id$ */
+
+#include<krbcred.h>
+#include<krb5.h>
+#include<assert.h>
+#include<lm.h>
+#include<commctrl.h>
+
+#pragma warning(push)
+#pragma warning(disable: 4995)
+#include<shlwapi.h>
+#pragma warning(pop)
+
+typedef struct tag_k5_id_dlg_data {
+ khui_config_init_data cfg;
+
+ khm_handle ident;
+
+ khui_tracker tc_life;
+ khui_tracker tc_renew;
+
+ wchar_t ccache[KRB5_MAXCCH_CCNAME];
+
+ time_t life;
+ time_t renew_life;
+} k5_id_dlg_data;
+
+static void
+k5_id_read_params(k5_id_dlg_data * d) {
+
+ wchar_t idname[KCDB_IDENT_MAXCCH_NAME];
+ khm_size cb;
+ khm_int32 rv;
+ khm_int32 t;
+ khm_handle csp_ident;
+ khm_handle csp_idroot = NULL;
+
+ cb = sizeof(idname);
+ khui_cfg_get_name(d->cfg.ctx_node, idname, &cb);
+
+ rv = kcdb_identity_create(idname, 0, &d->ident);
+#ifdef DEBUG
+ assert(KHM_SUCCEEDED(rv));
+#endif
+
+ rv = kcdb_identity_get_config(d->ident, 0, &csp_idroot);
+ if (KHM_SUCCEEDED(rv) &&
+ KHM_SUCCEEDED(khc_open_space(csp_idroot, CSNAME_KRB5CRED, 0,
+ &csp_ident))) {
+ khc_shadow_space(csp_ident, csp_params);
+ } else {
+ csp_ident = csp_params;
+ }
+
+ if (csp_idroot)
+ khc_close_space(csp_idroot);
+
+ rv = khc_read_int32(csp_ident, L"DefaultLifetime", &t);
+ if (KHM_SUCCEEDED(rv))
+ d->life = t;
+ else
+ d->life = 36000;
+
+ rv = khc_read_int32(csp_ident, L"DefaultRenewLifetime", &t);
+ if (KHM_SUCCEEDED(rv))
+ d->renew_life = t;
+ else
+ d->renew_life = 604800;
+
+ cb = sizeof(d->ccache);
+ rv = khc_read_string(csp_ident, L"DefaultCCName", d->ccache, &cb);
+ if (KHM_FAILED(rv))
+ ZeroMemory(d->ccache, sizeof(d->ccache));
+
+ khui_tracker_initialize(&d->tc_life);
+ d->tc_life.current = d->life;
+ d->tc_life.min = 0;
+ d->tc_life.max = 3600 * 24 * 7;
+
+ khui_tracker_initialize(&d->tc_renew);
+ d->tc_renew.current = d->renew_life;
+ d->tc_renew.min = 0;
+ d->tc_renew.max = 3600 * 24 * 30;
+
+ if (csp_ident != csp_params)
+ khc_close_space(csp_ident);
+}
+
+static khm_boolean
+k5_id_is_mod(HWND hw, k5_id_dlg_data * d) {
+ wchar_t ccache[KRB5_MAXCCH_CCNAME];
+
+ GetDlgItemText(hw, IDC_CFG_CCACHE, ccache, ARRAYLENGTH(ccache));
+
+ if (wcsicmp(ccache, d->ccache) ||
+ d->tc_renew.current != d->renew_life ||
+ d->tc_life.current != d->life)
+ return TRUE;
+ return FALSE;
+}
+
+static void
+k5_id_check_mod(HWND hw, k5_id_dlg_data * d) {
+ BOOL modified = k5_id_is_mod(hw, d);
+
+ khui_cfg_set_flags_inst(&d->cfg,
+ (modified)?KHUI_CNFLAG_MODIFIED:0,
+ KHUI_CNFLAG_MODIFIED);
+}
+
+static void
+k5_id_write_params(HWND hw, k5_id_dlg_data * d) {
+
+ khm_handle csp_idroot = NULL;
+ khm_handle csp_ident = NULL;
+ wchar_t ccache[KRB5_MAXCCH_CCNAME];
+ khm_size cb;
+ khm_int32 rv;
+
+ if (!k5_id_is_mod(hw, d))
+ return;
+
+ rv = kcdb_identity_get_config(d->ident, KHM_FLAG_CREATE, &csp_idroot);
+ if (KHM_SUCCEEDED(rv)) {
+ khc_open_space(csp_idroot, CSNAME_KRB5CRED,
+ KHM_FLAG_CREATE,
+ &csp_ident);
+ }
+
+ if (csp_idroot)
+ khc_close_space(csp_idroot);
+
+ if (!csp_ident)
+ return;
+
+ if (d->life != d->tc_life.current) {
+ d->life = d->tc_life.current;
+ khc_write_int32(csp_ident, L"DefaultLifetime", (khm_int32) d->life);
+ }
+
+ if (d->renew_life != d->tc_renew.current) {
+ d->renew_life = d->tc_renew.current;
+ khc_write_int32(csp_ident, L"DefaultRenewLifetime", (khm_int32) d->renew_life);
+ }
+
+ GetDlgItemText(hw, IDC_CFG_CCACHE, ccache, ARRAYLENGTH(ccache));
+
+ if (SUCCEEDED(StringCbLength(ccache, sizeof(ccache), &cb)) &&
+ wcsicmp(ccache, d->ccache)) {
+ khc_write_string(csp_ident, L"DefaultCCName", ccache);
+ StringCbCopy(d->ccache, sizeof(d->ccache), ccache);
+ } else {
+ khc_remove_value(csp_ident, L"DefaultCCName", KCONF_FLAG_USER);
+ }
+
+ if (csp_ident)
+ khc_close_space(csp_ident);
+
+ khui_cfg_set_flags_inst(&d->cfg,
+ KHUI_CNFLAG_APPLIED,
+ KHUI_CNFLAG_APPLIED | KHUI_CNFLAG_MODIFIED);
+}
+
+INT_PTR CALLBACK
+k5_id_tab_dlgproc(HWND hwnd,
+ UINT uMsg,
+ WPARAM wParam,
+ LPARAM lParam) {
+
+ k5_id_dlg_data * d;
+
+ switch(uMsg) {
+ case WM_INITDIALOG:
+ d = PMALLOC(sizeof(*d));
+#ifdef DEBUG
+ assert(d);
+#endif
+ ZeroMemory(d, sizeof(*d));
+
+ d->cfg = *((khui_config_init_data *) lParam);
+
+#pragma warning(push)
+#pragma warning(disable: 4244)
+ SetWindowLongPtr(hwnd, DWLP_USER, (LONG_PTR) d);
+#pragma warning(pop)
+
+ k5_id_read_params(d);
+
+ khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_DEFLIFE),
+ &d->tc_life);
+ khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_DEFRLIFE),
+ &d->tc_renew);
+ khui_tracker_refresh(&d->tc_life);
+ khui_tracker_refresh(&d->tc_renew);
+
+ SetDlgItemText(hwnd, IDC_CFG_CCACHE, d->ccache);
+ break;
+
+ case WM_COMMAND:
+ d = (k5_id_dlg_data *) (LONG_PTR)
+ GetWindowLongPtr(hwnd, DWLP_USER);
+
+ if (HIWORD(wParam) == EN_CHANGE)
+ k5_id_check_mod(hwnd, d);
+ break;
+
+ case KHUI_WM_CFG_NOTIFY:
+ d = (k5_id_dlg_data *) (LONG_PTR)
+ GetWindowLongPtr(hwnd, DWLP_USER);
+
+ if (HIWORD(wParam) == WMCFG_APPLY) {
+ k5_id_write_params(hwnd, d);
+ }
+ break;
+
+ case WM_DESTROY:
+ d = (k5_id_dlg_data *) (LONG_PTR)
+ GetWindowLongPtr(hwnd, DWLP_USER);
+
+ khui_tracker_kill_controls(&d->tc_life);
+ khui_tracker_kill_controls(&d->tc_renew);
+
+ if (d->ident)
+ kcdb_identity_release(d->ident);
+
+ PFREE(d);
+ break;
+ }
+ return FALSE;
+}
diff --git a/src/windows/identity/plugins/krb5/krb5configids.c b/src/windows/identity/plugins/krb5/krb5configids.c new file mode 100644 index 000000000..4eebb9c62 --- /dev/null +++ b/src/windows/identity/plugins/krb5/krb5configids.c @@ -0,0 +1,250 @@ +/*
+ * Copyright (c) 2005 Massachusetts Institute of Technology
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use, copy,
+ * modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+/* $Id$ */
+
+#include<krbcred.h>
+#include<krb5.h>
+#include<assert.h>
+#include<lm.h>
+#include<commctrl.h>
+
+#pragma warning(push)
+#pragma warning(disable: 4995)
+#include<shlwapi.h>
+#pragma warning(pop)
+
+typedef struct tag_k5_ids_dlg_data {
+ khui_config_init_data cfg;
+
+ khui_tracker tc_life;
+ khui_tracker tc_renew;
+ khui_tracker tc_life_min;
+ khui_tracker tc_life_max;
+ khui_tracker tc_renew_min;
+ khui_tracker tc_renew_max;
+
+ time_t life;
+ time_t renew_life;
+ time_t life_min;
+ time_t life_max;
+ time_t renew_min;
+ time_t renew_max;
+} k5_ids_dlg_data;
+
+static khm_boolean
+k5_ids_is_mod(k5_ids_dlg_data * d) {
+ if (d->life != d->tc_life.current ||
+ d->renew_life != d->tc_renew.current ||
+ d->life_max != d->tc_life_max.current ||
+ d->life_min != d->tc_life_min.current ||
+ d->renew_max != d->tc_renew_max.current ||
+ d->renew_min != d->tc_renew_min.current)
+ return TRUE;
+ return FALSE;
+}
+
+static void
+k5_ids_check_mod(k5_ids_dlg_data * d) {
+ BOOL modified = k5_ids_is_mod(d);
+
+ khui_cfg_set_flags_inst(&d->cfg,
+ (modified)?KHUI_CNFLAG_MODIFIED:0,
+ KHUI_CNFLAG_MODIFIED);
+}
+
+static void
+k5_ids_write_params(k5_ids_dlg_data * d) {
+
+ khm_int32 rv;
+
+#ifdef DEBUG
+ assert(csp_params);
+#endif
+
+ if (!k5_ids_is_mod(d))
+ return;
+
+#define WRITEPARAM(po,pn,vn) \
+ if (po != pn) { \
+ po = pn; \
+ rv = khc_write_int32(csp_params, vn, (khm_int32) po); \
+ assert(KHM_SUCCEEDED(rv)); \
+ }
+
+ WRITEPARAM(d->life,d->tc_life.current, L"DefaultLifetime");
+ WRITEPARAM(d->renew_life,d->tc_renew.current, L"DefaultRenewLifetime");
+ WRITEPARAM(d->life_max,d->tc_life_max.current, L"MaxLifetime");
+ WRITEPARAM(d->life_min,d->tc_life_min.current, L"MinLifetime");
+ WRITEPARAM(d->renew_max,d->tc_renew_max.current, L"MaxRenewLifetime");
+ WRITEPARAM(d->renew_min,d->tc_renew_min.current, L"MinRenewLifetime");
+
+#undef WRITEPARAM
+
+ khui_cfg_set_flags_inst(&d->cfg,
+ KHUI_CNFLAG_APPLIED,
+ KHUI_CNFLAG_APPLIED | KHUI_CNFLAG_MODIFIED);
+}
+
+static void
+k5_ids_read_params(k5_ids_dlg_data * d) {
+ khm_int32 t;
+ khm_int32 rv;
+
+#ifdef DEBUG
+ assert(csp_params);
+#endif
+
+ rv = khc_read_int32(csp_params, L"DefaultLifetime", &t);
+ assert(KHM_SUCCEEDED(rv));
+ d->life = t;
+
+ rv = khc_read_int32(csp_params, L"DefaultRenewLifetime", &t);
+ assert(KHM_SUCCEEDED(rv));
+ d->renew_life = t;
+
+ rv = khc_read_int32(csp_params, L"MaxLifetime", &t);
+ assert(KHM_SUCCEEDED(rv));
+ d->life_max = t;
+
+ rv = khc_read_int32(csp_params, L"MinLifetime", &t);
+ assert(KHM_SUCCEEDED(rv));
+ d->life_min = t;
+
+ rv = khc_read_int32(csp_params, L"MaxRenewLifetime", &t);
+ assert(KHM_SUCCEEDED(rv));
+ d->renew_max = t;
+
+ rv = khc_read_int32(csp_params, L"MinRenewLifetime", &t);
+ assert(KHM_SUCCEEDED(rv));
+ d->renew_min = t;
+
+ khui_tracker_initialize(&d->tc_life);
+ d->tc_life.current = d->life;
+ d->tc_life.min = 0;
+ d->tc_life.max = 3600 * 24 * 7;
+
+ khui_tracker_initialize(&d->tc_renew);
+ d->tc_renew.current = d->renew_life;
+ d->tc_renew.min = 0;
+ d->tc_renew.max = 3600 * 24 * 30;
+
+ khui_tracker_initialize(&d->tc_life_min);
+ d->tc_life_min.current = d->life_min;
+ d->tc_life_min.min = d->tc_life.min;
+ d->tc_life_min.max = d->tc_life.max;
+
+ khui_tracker_initialize(&d->tc_life_max);
+ d->tc_life_max.current = d->life_max;
+ d->tc_life_max.min = d->tc_life.min;
+ d->tc_life_max.max = d->tc_life.max;
+
+ khui_tracker_initialize(&d->tc_renew_min);
+ d->tc_renew_min.current = d->renew_min;
+ d->tc_renew_min.min = d->tc_renew.min;
+ d->tc_renew_min.max = d->tc_renew.max;
+
+ khui_tracker_initialize(&d->tc_renew_max);
+ d->tc_renew_max.current = d->renew_max;
+ d->tc_renew_max.min = d->tc_renew.min;
+ d->tc_renew_max.max = d->tc_renew.max;
+}
+
+INT_PTR CALLBACK
+k5_ids_tab_dlgproc(HWND hwnd,
+ UINT uMsg,
+ WPARAM wParam,
+ LPARAM lParam) {
+ k5_ids_dlg_data * d;
+
+ switch(uMsg) {
+ case WM_INITDIALOG:
+ d = PMALLOC(sizeof(*d));
+#ifdef DEBUG
+ assert(d);
+#endif
+ ZeroMemory(d, sizeof(*d));
+#pragma warning(push)
+#pragma warning(disable: 4244)
+ SetWindowLongPtr(hwnd, DWLP_USER, (LONG_PTR) d);
+#pragma warning(pop)
+
+ d->cfg = *((khui_config_init_data *) lParam);
+
+ k5_ids_read_params(d);
+
+ khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_DEFLIFE),
+ &d->tc_life);
+ khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_DEFRLIFE),
+ &d->tc_renew);
+ khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_LRNG_MIN),
+ &d->tc_life_min);
+ khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_LRNG_MAX),
+ &d->tc_life_max);
+ khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_RLRNG_MIN),
+ &d->tc_renew_min);
+ khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_RLRNG_MAX),
+ &d->tc_renew_max);
+ khui_tracker_refresh(&d->tc_life);
+ khui_tracker_refresh(&d->tc_life_min);
+ khui_tracker_refresh(&d->tc_life_max);
+ khui_tracker_refresh(&d->tc_renew);
+ khui_tracker_refresh(&d->tc_renew_min);
+ khui_tracker_refresh(&d->tc_renew_max);
+ break;
+
+ case WM_COMMAND:
+ d = (k5_ids_dlg_data *) (LONG_PTR)
+ GetWindowLongPtr(hwnd, DWLP_USER);
+
+ if (HIWORD(wParam) == EN_CHANGE) {
+ k5_ids_check_mod(d);
+ }
+ break;
+
+ case KHUI_WM_CFG_NOTIFY:
+ d = (k5_ids_dlg_data *) (LONG_PTR)
+ GetWindowLongPtr(hwnd, DWLP_USER);
+ if (HIWORD(wParam) == WMCFG_APPLY) {
+ k5_ids_write_params(d);
+ }
+ break;
+
+ case WM_DESTROY:
+ d = (k5_ids_dlg_data *) (LONG_PTR)
+ GetWindowLongPtr(hwnd, DWLP_USER);
+
+ khui_tracker_kill_controls(&d->tc_life);
+ khui_tracker_kill_controls(&d->tc_renew);
+ khui_tracker_kill_controls(&d->tc_life_min);
+ khui_tracker_kill_controls(&d->tc_life_max);
+ khui_tracker_kill_controls(&d->tc_renew_min);
+ khui_tracker_kill_controls(&d->tc_renew_max);
+
+ PFREE(d);
+ break;
+ }
+ return FALSE;
+}
+
diff --git a/src/windows/identity/plugins/krb5/krb5funcs.c b/src/windows/identity/plugins/krb5/krb5funcs.c index d3c97fff2..d1a897d63 100644 --- a/src/windows/identity/plugins/krb5/krb5funcs.c +++ b/src/windows/identity/plugins/krb5/krb5funcs.c @@ -1,5 +1,5 @@ /*
-* Copyright (c) 2004 Massachusetts Institute of Technology
+* Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -59,7 +59,7 @@ khm_convert524(krb5_context alt_ctx) !pkrb524_convert_creds_kdc)
return 0;
- v4creds = (CREDENTIALS *) malloc(sizeof(CREDENTIALS));
+ v4creds = (CREDENTIALS *) PMALLOC(sizeof(CREDENTIALS));
memset((char *) v4creds, 0, sizeof(CREDENTIALS));
memset((char *) &increds, 0, sizeof(increds));
@@ -140,7 +140,7 @@ khm_convert524(krb5_context alt_ctx) cleanup:
memset(v4creds, 0, sizeof(v4creds));
- free(v4creds);
+ PFREE(v4creds);
if (v5creds) {
pkrb5_free_creds(ctx, v5creds);
@@ -237,10 +237,10 @@ static long get_tickets_from_cache(krb5_context ctx, cc_name = (*pkrb5_cc_get_name)(ctx, cache);
if(cc_name) {
namelen = strlen(cc_name);
- namelen = (namelen + 1 + 4) * sizeof(wchar_t);
- /* the +4 is for the possible addtion of API: during the
- cannonicalization process */
- wcc_name = malloc(namelen);
+ namelen = (namelen + 1 + 5) * sizeof(wchar_t);
+ /* the +5 is for the possible addtion of API: or FILE:
+ during the cannonicalization process */
+ wcc_name = PMALLOC(namelen);
AnsiStrToUnicode(wcc_name, namelen, cc_name);
khm_krb5_canon_cc_name(wcc_name, namelen);
}
@@ -311,6 +311,7 @@ static long get_tickets_from_cache(krb5_context ctx, &KRBv5Credentials)))
{
khm_handle tident = NULL;
+ khm_int32 cred_flags = 0;
if(ClientName != NULL)
(*pkrb5_free_unparsed_name)(ctx, ClientName);
@@ -371,7 +372,7 @@ static long get_tickets_from_cache(krb5_context ctx, eft -= ft;
kcdb_cred_set_attr(cred, KCDB_ATTR_LIFETIME, &eft, sizeof(eft));
- if (KRBv5Credentials.times.renew_till >= 0) {
+ if (KRBv5Credentials.times.renew_till > 0) {
tt = KRBv5Credentials.times.renew_till;
TimetToFileTime(tt, (LPFILETIME) &eft);
kcdb_cred_set_attr(cred, KCDB_ATTR_RENEW_EXPIRE, &eft,
@@ -387,18 +388,29 @@ static long get_tickets_from_cache(krb5_context ctx, /* special flags understood by NetIDMgr */
{
- khm_int32 oflags, nflags;
-
- kcdb_cred_get_flags(cred, &oflags);
- nflags = oflags;
+ khm_int32 nflags = 0;
if (ti & TKT_FLG_RENEWABLE)
nflags |= KCDB_CRED_FLAG_RENEWABLE;
if (ti & TKT_FLG_INITIAL)
nflags |= KCDB_CRED_FLAG_INITIAL;
+ else {
+ krb5_data * c0, *c1, *r;
+
+ /* these are macros that do not allocate any memory */
+ c0 = krb5_princ_component(ctx,KRBv5Credentials.server,0);
+ c1 = krb5_princ_component(ctx,KRBv5Credentials.server,1);
+ r = krb5_princ_realm(ctx,KRBv5Credentials.server);
+
+ if ( c0 && c1 && r && c1->length == r->length &&
+ !strncmp(c1->data,r->data,r->length) &&
+ !strncmp("krbtgt",c0->data,c0->length) )
+ nflags |= KCDB_CRED_FLAG_INITIAL;
+ }
+
+ kcdb_cred_set_flags(cred, nflags, KCDB_CRED_FLAGMASK_EXT);
- if (oflags != nflags)
- kcdb_cred_set_flags(cred, nflags, KCDB_CRED_FLAGMASK_ALL);
+ cred_flags = nflags;
}
if ( !pkrb5_decode_ticket(&KRBv5Credentials.ticket, &tkt)) {
@@ -410,8 +422,8 @@ static long get_tickets_from_cache(krb5_context ctx, ti = KRBv5Credentials.keyblock.enctype;
kcdb_cred_set_attr(cred, attr_id_key_enctype, &ti, sizeof(ti));
-
- kcdb_cred_set_attr(cred, KCDB_ATTR_LOCATION, wcc_name, KCDB_CBSIZE_AUTO);
+ kcdb_cred_set_attr(cred, KCDB_ATTR_LOCATION, wcc_name,
+ KCDB_CBSIZE_AUTO);
/*TODO: going here */
#if 0
@@ -438,7 +450,8 @@ static long get_tickets_from_cache(krb5_context ctx, }
#endif
- if(KRBv5Credentials.ticket_flags & TKT_FLG_INITIAL) {
+ if(cred_flags & KCDB_CRED_FLAG_INITIAL) {
+ __int64 t_issue_new;
__int64 t_expire_old;
__int64 t_expire_new;
khm_size cb;
@@ -451,6 +464,9 @@ static long get_tickets_from_cache(krb5_context ctx, tt = KRBv5Credentials.times.endtime;
TimetToFileTime(tt, (LPFILETIME) &t_expire_new);
+ tt = KRBv5Credentials.times.starttime;
+ TimetToFileTime(tt, (LPFILETIME) &t_issue_new);
+
cb = sizeof(t_expire_old);
if(KHM_FAILED(kcdb_identity_get_attr(tident,
KCDB_ATTR_EXPIRE,
@@ -463,8 +479,11 @@ static long get_tickets_from_cache(krb5_context ctx, kcdb_identity_set_attr(tident, KCDB_ATTR_EXPIRE,
&t_expire_new,
sizeof(t_expire_new));
+ kcdb_identity_set_attr(tident, KCDB_ATTR_ISSUE,
+ &t_issue_new,
+ sizeof(t_issue_new));
- if (KRBv5Credentials.times.renew_till >= 0) {
+ if (KRBv5Credentials.times.renew_till > 0) {
tt = KRBv5Credentials.times.renew_till;
TimetToFileTime(tt, (LPFILETIME) &ft);
kcdb_identity_set_attr(tident,
@@ -525,7 +544,7 @@ static long get_tickets_from_cache(krb5_context ctx, _exit:
if(wcc_name)
- free(wcc_name);
+ PFREE(wcc_name);
return code;
}
@@ -534,11 +553,14 @@ long khm_krb5_list_tickets(krb5_context *krbv5Context)
{
krb5_context ctx;
- krb5_ccache cache;
+ krb5_ccache cache = 0;
krb5_error_code code;
- apiCB * cc_ctx = 0;
- struct _infoNC ** pNCi = NULL;
- int i;
+ apiCB * cc_ctx = 0;
+ struct _infoNC ** pNCi = NULL;
+ int i;
+ khm_int32 t;
+ wchar_t * ms = NULL;
+ khm_size cb;
ctx = NULL;
cache = NULL;
@@ -576,6 +598,49 @@ khm_krb5_list_tickets(krb5_context *krbv5Context) cache = 0;
}
+ if (KHM_SUCCEEDED(khc_read_int32(csp_params, L"MsLsaList", &t)) && t) {
+ code = (*pkrb5_cc_resolve)(ctx, "MSLSA:", &cache);
+
+ if (code == 0 && cache) {
+ code = get_tickets_from_cache(ctx, cache);
+ }
+
+ if (ctx != NULL && cache != NULL)
+ (*pkrb5_cc_close)(ctx, cache);
+ cache = 0;
+ }
+
+ if (khc_read_multi_string(csp_params, L"FileCCList", NULL, &cb)
+ == KHM_ERROR_TOO_LONG &&
+ cb > sizeof(wchar_t) * 2) {
+ wchar_t * t;
+ char ccname[MAX_PATH + 6];
+
+ ms = PMALLOC(cb);
+#ifdef DEBUG
+ assert(ms);
+#endif
+ khc_read_multi_string(csp_params, L"FileCCList", ms, &cb);
+
+ for(t = ms; t && *t; t = multi_string_next(t)) {
+ StringCchPrintfA(ccname, ARRAYLENGTH(ccname),
+ "FILE:%S", t);
+
+ code = (*pkrb5_cc_resolve)(ctx, ccname, &cache);
+
+ if (code)
+ continue;
+
+ code = get_tickets_from_cache(ctx, cache);
+
+ if (ctx != NULL && cache != NULL)
+ (*pkrb5_cc_close)(ctx, cache);
+ cache = 0;
+ }
+
+ PFREE(ms);
+ }
+
_exit:
if (pNCi)
(*pcc_free_NC_info)(cc_ctx, &pNCi);
@@ -585,7 +650,6 @@ _exit: kcdb_credset_collect(NULL, krb5_credset, NULL, credtype_id_krb5, NULL);
return(code);
-
}
int
@@ -615,10 +679,10 @@ khm_krb5_renew(khm_handle identity) realm = krb5_princ_realm(ctx, me);
code = pkrb5_build_principal_ext(ctx, &server,
- realm->length,realm->data,
- KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME,
- realm->length,realm->data,
- 0);
+ realm->length,realm->data,
+ KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME,
+ realm->length,realm->data,
+ 0);
if (code)
goto cleanup;
@@ -744,7 +808,7 @@ khm_krb5_kinit(krb5_context alt_ctx, while ( local_addrs[i++] );
addr_count = i + 1;
- addrs = (krb5_address **) malloc((addr_count+1) * sizeof(krb5_address *));
+ addrs = (krb5_address **) PMALLOC((addr_count+1) * sizeof(krb5_address *));
if ( !addrs ) {
pkrb5_free_addresses(ctx, local_addrs);
assert(0);
@@ -752,7 +816,7 @@ khm_krb5_kinit(krb5_context alt_ctx, memset(addrs, 0, sizeof(krb5_address *) * (addr_count+1));
i = 0;
while ( local_addrs[i] ) {
- addrs[i] = (krb5_address *)malloc(sizeof(krb5_address));
+ addrs[i] = (krb5_address *)PMALLOC(sizeof(krb5_address));
if (addrs[i] == NULL) {
pkrb5_free_addresses(ctx, local_addrs);
assert(0);
@@ -761,7 +825,7 @@ khm_krb5_kinit(krb5_context alt_ctx, addrs[i]->magic = local_addrs[i]->magic;
addrs[i]->addrtype = local_addrs[i]->addrtype;
addrs[i]->length = local_addrs[i]->length;
- addrs[i]->contents = (unsigned char *)malloc(addrs[i]->length);
+ addrs[i]->contents = (unsigned char *)PMALLOC(addrs[i]->length);
if (!addrs[i]->contents) {
pkrb5_free_addresses(ctx, local_addrs);
assert(0);
@@ -773,14 +837,14 @@ khm_krb5_kinit(krb5_context alt_ctx, }
pkrb5_free_addresses(ctx, local_addrs);
- addrs[i] = (krb5_address *)malloc(sizeof(krb5_address));
+ addrs[i] = (krb5_address *)PMALLOC(sizeof(krb5_address));
if (addrs[i] == NULL)
assert(0);
addrs[i]->magic = KV5M_ADDRESS;
addrs[i]->addrtype = AF_INET;
addrs[i]->length = 4;
- addrs[i]->contents = (unsigned char *)malloc(addrs[i]->length);
+ addrs[i]->contents = (unsigned char *)PMALLOC(addrs[i]->length);
if (!addrs[i]->contents)
assert(0);
@@ -814,8 +878,8 @@ cleanup: for ( i=0;i<addr_count;i++ ) {
if ( addrs[i] ) {
if ( addrs[i]->contents )
- free(addrs[i]->contents);
- free(addrs[i]);
+ PFREE(addrs[i]->contents);
+ PFREE(addrs[i]);
}
}
}
@@ -921,8 +985,19 @@ khm_krb5_canon_cc_name(wchar_t * wcc_name, colon = wcschr(wcc_name, L':');
- if (colon)
+ if (colon) {
+ /* if the colon is just 1 character away from the beginning,
+ it's a FILE: cc */
+ if (colon - wcc_name == 1) {
+ if (cb_len + 5 * sizeof(wchar_t) > cb_cc_name)
+ return KHM_ERROR_TOO_LONG;
+
+ memmove(&wcc_name[5], &wcc_name[0], cb_len);
+ memmove(&wcc_name[0], L"FILE:", sizeof(wchar_t) * 5);
+ }
+
return 0;
+ }
if (cb_len + 4 * sizeof(wchar_t) > cb_cc_name)
return KHM_ERROR_TOO_LONG;
@@ -1495,18 +1570,29 @@ cleanup: #define KRB_FILE "KRB.CON"
#define KRBREALM_FILE "KRBREALM.CON"
#define KRB5_FILE "KRB5.INI"
+#define KRB5_TMP_FILE "KRB5.INI.TMP"
+
+BOOL
+khm_krb5_get_temp_profile_file(LPSTR confname, UINT szConfname)
+{
+ GetTempPathA(szConfname, confname);
+ confname[szConfname-1] = '\0';
+ StringCchCatA(confname, szConfname, KRB5_TMP_FILE);
+ confname[szConfname-1] = '\0';
+ return FALSE;
+}
BOOL
-khm_get_profile_file(LPSTR confname, UINT szConfname)
+khm_krb5_get_profile_file(LPSTR confname, UINT szConfname)
{
char **configFile = NULL;
if (pkrb5_get_default_config_files(&configFile))
{
GetWindowsDirectoryA(confname,szConfname);
confname[szConfname-1] = '\0';
- strncat(confname, "\\",sizeof(confname)-strlen(confname));
+ strncat(confname, "\\",sizeof(confname)-strlen(confname));
confname[szConfname-1] = '\0';
- strncat(confname, KRB5_FILE,sizeof(confname)-strlen(confname));
+ strncat(confname, KRB5_FILE,sizeof(confname)-strlen(confname));
confname[szConfname-1] = '\0';
return FALSE;
}
@@ -1523,9 +1609,9 @@ khm_get_profile_file(LPSTR confname, UINT szConfname) {
GetWindowsDirectoryA(confname,szConfname);
confname[szConfname-1] = '\0';
- strncat(confname, "\\",sizeof(confname)-strlen(confname));
+ strncat(confname, "\\",sizeof(confname)-strlen(confname));
confname[szConfname-1] = '\0';
- strncat(confname, KRB5_FILE,sizeof(confname)-strlen(confname));
+ strncat(confname, KRB5_FILE,sizeof(confname)-strlen(confname));
confname[szConfname-1] = '\0';
}
@@ -1540,7 +1626,7 @@ khm_get_krb4_con_file(LPSTR confname, UINT szConfname) LPSTR pFind;
//strcpy(krbConFile, CLeashApp::m_krbv5_profile->first_file->filename);
- if (khm_get_profile_file(krbConFile, sizeof(krbConFile))) {
+ if (khm_krb5_get_profile_file(krbConFile, sizeof(krbConFile))) {
GetWindowsDirectoryA(krbConFile,sizeof(krbConFile));
krbConFile[MAX_PATH-1] = '\0';
strncat(krbConFile, "\\",sizeof(krbConFile)-strlen(krbConFile));
@@ -1634,7 +1720,7 @@ wchar_t * khm_krb5_get_realm_list(void) char krb5_conf[MAX_PATH+1];
- if (!khm_get_profile_file(krb5_conf,sizeof(krb5_conf))) {
+ if (!khm_krb5_get_profile_file(krb5_conf,sizeof(krb5_conf))) {
profile_t profile;
long retval;
const char *filenames[2];
@@ -1659,7 +1745,7 @@ wchar_t * khm_krb5_get_realm_list(void) }
cbsize += sizeof(wchar_t); /* double null terminated */
- rlist = malloc(cbsize);
+ rlist = PMALLOC(cbsize);
d = rlist;
for (cpp = sections; *cpp; cpp++)
{
@@ -1697,7 +1783,7 @@ wchar_t * khm_krb5_get_realm_list(void) /*TODO: compute the actual required buffer size instead of hardcoding */
cbsize = 16384; // arbitrary
- rlist = malloc(cbsize);
+ rlist = PMALLOC(cbsize);
d = rlist;
// Skip the default realm
@@ -1760,7 +1846,7 @@ wchar_t * khm_krb5_get_default_realm(void) if (def) {
cch = strlen(def) + 1;
- realm = malloc(sizeof(wchar_t) * cch);
+ realm = PMALLOC(sizeof(wchar_t) * cch);
AnsiStrToUnicode(realm, sizeof(wchar_t) * cch, def);
pkrb5_free_default_realm(ctx, def);
} else
@@ -1771,6 +1857,32 @@ wchar_t * khm_krb5_get_default_realm(void) return realm;
}
+long
+khm_krb5_set_default_realm(wchar_t * realm) {
+ krb5_context ctx=0;
+ char * def = 0;
+ long rv = 0;
+ char astr[K5_MAXCCH_REALM];
+
+ UnicodeStrToAnsi(astr, sizeof(astr), realm);
+
+ pkrb5_init_context(&ctx);
+ pkrb5_get_default_realm(ctx,&def);
+
+ if ((def && strcmp(def, astr)) ||
+ !def) {
+ rv = pkrb5_set_default_realm(ctx, astr);
+ }
+
+ if (def) {
+ pkrb5_free_default_realm(ctx, def);
+ }
+
+ pkrb5_free_context(ctx);
+
+ return rv;
+}
+
wchar_t * khm_get_realm_from_princ(wchar_t * princ) {
wchar_t * t;
@@ -1858,7 +1970,7 @@ khm_krb5_changepwd(char * principal, (result_string.length ? (sizeof(": ") - 1) : 0) +
result_string.length;
if (len && error_str) {
- *error_str = malloc(len + 1);
+ *error_str = PMALLOC(len + 1);
if (*error_str)
StringCchPrintfA(*error_str, len+1,
"%.*s%s%.*s",
@@ -1887,3 +1999,13 @@ khm_krb5_changepwd(char * principal, return rc;
}
+
+khm_int32 KHMAPI
+khm_krb5_creds_is_equal(khm_handle vcred1, khm_handle vcred2, void * dummy) {
+ if (kcdb_creds_comp_attr(vcred1, vcred2, KCDB_ATTR_LOCATION) ||
+ kcdb_creds_comp_attr(vcred1, vcred2, attr_id_key_enctype) ||
+ kcdb_creds_comp_attr(vcred1, vcred2, attr_id_tkt_enctype))
+ return 1;
+ else
+ return 0;
+}
diff --git a/src/windows/identity/plugins/krb5/krb5funcs.h b/src/windows/identity/plugins/krb5/krb5funcs.h index 79ca95646..6c2c3eb6b 100644 --- a/src/windows/identity/plugins/krb5/krb5funcs.h +++ b/src/windows/identity/plugins/krb5/krb5funcs.h @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -90,6 +90,9 @@ khm_krb5_renew(khm_handle identity); wchar_t *
khm_krb5_get_default_realm(void);
+long
+khm_krb5_set_default_realm(wchar_t * realm);
+
wchar_t *
khm_krb5_get_realm_list(void);
@@ -116,6 +119,12 @@ khm_krb5_cc_name_cmp(const wchar_t * cc_name_1, const wchar_t * cc_name_2);
BOOL
-khm_get_profile_file(LPSTR confname, UINT szConfname);
+khm_krb5_get_profile_file(LPSTR confname, UINT szConfname);
+
+BOOL
+khm_krb5_get_temp_profile_file(LPSTR confname, UINT szConfname);
+
+khm_int32 KHMAPI
+khm_krb5_creds_is_equal(khm_handle vcred1, khm_handle vcred2, void * dummy);
#endif
diff --git a/src/windows/identity/plugins/krb5/krb5identpro.c b/src/windows/identity/plugins/krb5/krb5identpro.c index c568e49d0..dd4782e6f 100644 --- a/src/windows/identity/plugins/krb5/krb5identpro.c +++ b/src/windows/identity/plugins/krb5/krb5identpro.c @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -49,6 +49,7 @@ typedef struct tag_k5_new_cred_data { HWND hw_realm;
} k5_new_cred_data;
+/* Runs in the UI thread */
int
k5_get_realm_from_nc(khui_new_creds * nc,
wchar_t * buf,
@@ -118,6 +119,7 @@ set_identity_from_ui(khui_new_creds * nc, return;
}
+/* runs in the UI thread */
static BOOL
update_crossfeed(khui_new_creds * nc,
k5_new_cred_data * d,
@@ -127,6 +129,7 @@ update_crossfeed(khui_new_creds * nc, wchar_t realm[KCDB_IDENT_MAXCCH_NAME];
khm_size cch;
khm_size cch_left;
+ int idx;
cch = (khm_size) GetWindowTextLength(d->hw_username);
#ifdef DEBUG
@@ -145,6 +148,38 @@ update_crossfeed(khui_new_creds * nc, return FALSE;
if (ctrl_id_src == K5_NCID_UN) {
+
+ idx = (int)SendMessage(d->hw_realm,
+ CB_FINDSTRINGEXACT,
+ (WPARAM) -1,
+ (LPARAM) un_realm);
+
+ if (idx != CB_ERR) {
+ wchar_t srealm[KCDB_IDENT_MAXCCH_NAME];
+
+ cch = SendMessage(d->hw_realm,
+ CB_GETLBTEXTLEN,
+ (WPARAM) idx,
+ 0);
+
+#ifdef DEBUG
+ assert(cch < ARRAYLENGTH(srealm) - 1);
+#endif
+ SendMessage(d->hw_realm,
+ CB_GETLBTEXT,
+ (WPARAM) idx,
+ (LPARAM) srealm);
+
+ if (!wcsicmp(srealm, un_realm) && wcscmp(srealm, un_realm)) {
+ /* differ only by case */
+
+ StringCchCopy(un_realm, ARRAYLENGTH(un) - (un_realm - un),
+ srealm);
+
+ SetWindowText(d->hw_username, un);
+ }
+ }
+
SendMessage(d->hw_realm,
CB_SELECTSTRING,
(WPARAM) -1,
@@ -170,6 +205,26 @@ update_crossfeed(khui_new_creds * nc, GetWindowText(d->hw_realm, realm,
ARRAYLENGTH(realm));
+ idx = (int)SendMessage(d->hw_realm,
+ CB_FINDSTRINGEXACT,
+ (WPARAM) -1,
+ (LPARAM) realm);
+
+ if (idx != CB_ERR) {
+ wchar_t srealm[KCDB_IDENT_MAXCCH_NAME];
+
+ SendMessage(d->hw_realm,
+ CB_GETLBTEXT,
+ (WPARAM) idx,
+ (LPARAM) srealm);
+
+ if (!wcsicmp(srealm, realm) && wcscmp(srealm, realm)) {
+ StringCbCopy(realm, sizeof(realm), srealm);
+
+ SetWindowText(d->hw_realm, srealm);
+ }
+ }
+
StringCchCopy(un_realm, cch_left, realm);
SendMessage(d->hw_username,
@@ -258,6 +313,7 @@ ui_cb(khui_new_creds * nc, UINT uMsg,
WPARAM wParam,
LPARAM lParam) {
+
k5_new_cred_data * d;
d = (k5_new_cred_data *) nc->ident_aux;
@@ -285,7 +341,7 @@ ui_cb(khui_new_creds * nc, assert(hw_parent != NULL);
#endif
- d = malloc(sizeof(*d));
+ d = PMALLOC(sizeof(*d));
assert(d);
ZeroMemory(d, sizeof(*d));
@@ -385,7 +441,7 @@ ui_cb(khui_new_creds * nc, if (rv != KHM_ERROR_TOO_LONG)
goto _add_lru_realms;
- ms = malloc(cb_ms);
+ ms = PMALLOC(cb_ms);
assert(ms != NULL);
cb = cb_ms;
@@ -430,13 +486,13 @@ ui_cb(khui_new_creds * nc, if (ms != NULL) {
if (cb_ms < cb) {
- free(ms);
- ms = malloc(cb);
+ PFREE(ms);
+ ms = PMALLOC(cb);
assert(ms);
cb_ms = cb;
}
} else {
- ms = malloc(cb);
+ ms = PMALLOC(cb);
cb_ms = cb;
}
@@ -476,10 +532,10 @@ ui_cb(khui_new_creds * nc, }
if (defrealm)
- free(defrealm);
+ PFREE(defrealm);
if (ms)
- free(ms);
+ PFREE(ms);
/* now see about that default identity */
if (nc->ctx.identity) {
@@ -553,7 +609,7 @@ ui_cb(khui_new_creds * nc, /* since we created all the windows as child windows of
the new creds window, they will be destroyed when that
window is destroyed. */
- free(d);
+ PFREE(d);
}
return TRUE;
}
@@ -598,6 +654,20 @@ k5_ident_valiate_name(khm_int32 msg_type, return KHM_ERROR_SUCCESS;
}
+static void
+k5_update_last_default_identity(khm_handle ident) {
+ wchar_t idname[KCDB_IDENT_MAXCCH_NAME];
+ khm_size cb;
+
+ cb = sizeof(idname);
+ if (KHM_FAILED(kcdb_identity_get_name(ident, idname, &cb)))
+ return;
+
+ assert(csp_params);
+
+ khc_write_string(csp_params, L"LastDefaultIdent", idname);
+}
+
static khm_int32
k5_ident_set_default(khm_int32 msg_type,
khm_int32 msg_subtype,
@@ -702,9 +772,10 @@ k5_ident_set_default(khm_int32 msg_type, RegCloseKey(hk_ccname);
- if (l == ERROR_SUCCESS)
+ if (l == ERROR_SUCCESS) {
+ k5_update_last_default_identity(def_ident);
return KHM_ERROR_SUCCESS;
- else
+ } else
return KHM_ERROR_UNKNOWN;
} else if (dw > ARRAYLENGTH(env_ccname)) {
@@ -721,8 +792,10 @@ k5_ident_set_default(khm_int32 msg_type, /* if the %KRB5CCNAME is the same as the identity
ccache, then it is already the default. */
- if (!khm_krb5_cc_name_cmp(id_ccname, env_ccname))
+ if (!khm_krb5_cc_name_cmp(id_ccname, env_ccname)) {
+ k5_update_last_default_identity(def_ident);
return KHM_ERROR_SUCCESS;
+ }
/* if not, we have to copy the contents of id_ccname
to env_ccname */
@@ -734,8 +807,10 @@ k5_ident_set_default(khm_int32 msg_type, env_ccname,
id_ccname);
- if (code == 0)
+ if (code == 0) {
+ k5_update_last_default_identity(def_ident);
khm_krb5_list_tickets(&ctx);
+ }
if (ctx)
pkrb5_free_context(ctx);
@@ -784,6 +859,17 @@ k5_ident_notify_create(khm_int32 msg_type, khm_size cb;
khm_handle ident;
+ /* if there is a default identity already, we assume we don't need
+ to check this one. */
+
+ khm_handle def_ident;
+
+ if (KHM_SUCCEEDED(kcdb_identity_get_default(&def_ident))) {
+ kcdb_identity_release(def_ident);
+
+ return KHM_ERROR_SUCCESS;
+ }
+
ident = (khm_handle) vparam;
assert(k5_identpro_ctx != NULL);
@@ -829,7 +915,6 @@ k5_ident_notify_create(khm_int32 msg_type, if (cc)
pkrb5_cc_close(k5_identpro_ctx, cc);
-
return KHM_ERROR_SUCCESS;
}
@@ -842,6 +927,7 @@ k5_ident_update_apply_proc(khm_handle cred, khm_int32 t;
khm_int32 flags;
__int64 t_expire;
+ __int64 t_cexpire;
__int64 t_rexpire;
khm_size cb;
khm_int32 rv = KHM_ERROR_SUCCESS;
@@ -851,32 +937,34 @@ k5_ident_update_apply_proc(khm_handle cred, KHM_FAILED(kcdb_cred_get_identity(cred, &ident)))
return KHM_ERROR_SUCCESS;
- if (ident != tident)
+ if (!kcdb_identity_is_equal(ident,tident))
goto _cleanup;
if (KHM_FAILED(kcdb_cred_get_flags(cred, &flags)))
flags = 0;
- cb = sizeof(t_expire);
- if (KHM_SUCCEEDED(kcdb_cred_get_attr(cred,
- KCDB_ATTR_EXPIRE,
- NULL,
- &t_expire,
- &cb))) {
- __int64 t_cexpire;
-
+ if (flags & KCDB_CRED_FLAG_INITIAL) {
cb = sizeof(t_cexpire);
- if ((flags & KCDB_CRED_FLAG_INITIAL) ||
- KHM_FAILED(kcdb_identity_get_attr(tident,
- KCDB_ATTR_EXPIRE,
- NULL,
- &t_cexpire,
- &cb)) ||
- t_cexpire > t_expire)
- kcdb_identity_set_attr(tident, KCDB_ATTR_EXPIRE,
- &t_expire, sizeof(t_expire));
- } else if (flags & KCDB_CRED_FLAG_INITIAL) {
- kcdb_identity_set_attr(tident, KCDB_ATTR_EXPIRE, NULL, 0);
+ if (KHM_SUCCEEDED(kcdb_cred_get_attr(cred,
+ KCDB_ATTR_EXPIRE,
+ NULL,
+ &t_cexpire,
+ &cb))) {
+ t_expire = 0;
+ cb = sizeof(t_expire);
+ if (KHM_FAILED(kcdb_identity_get_attr(tident,
+ KCDB_ATTR_EXPIRE,
+ NULL,
+ &t_expire,
+ &cb)) ||
+ (t_cexpire > t_expire))
+ kcdb_identity_set_attr(tident, KCDB_ATTR_EXPIRE,
+ &t_cexpire, sizeof(t_cexpire));
+ } else {
+ kcdb_identity_set_attr(tident, KCDB_ATTR_EXPIRE, NULL, 0);
+ }
+ } else {
+ goto _cleanup;
}
cb = sizeof(ccname);
@@ -890,16 +978,14 @@ k5_ident_update_apply_proc(khm_handle cred, kcdb_identity_set_attr(tident, attr_id_krb5_ccname,
NULL, 0);
}
-
- if (!(flags & KCDB_CRED_FLAG_INITIAL))
- goto _cleanup;
-
+
cb = sizeof(t);
if (KHM_SUCCEEDED(kcdb_cred_get_attr(cred,
attr_id_krb5_flags,
NULL,
&t,
&cb))) {
+
kcdb_identity_set_attr(tident, attr_id_krb5_flags,
&t, sizeof(t));
@@ -939,6 +1025,13 @@ k5_ident_update(khm_int32 msg_type, void * vparam) {
khm_handle ident;
+ khm_handle tident;
+ krb5_ccache cc = NULL;
+ char * ccname;
+ krb5_error_code code;
+ khm_size cb;
+ wchar_t wid_ccname[MAX_PATH];
+ wchar_t w_ccname[MAX_PATH];
ident = (khm_handle) vparam;
if (ident == NULL)
@@ -948,6 +1041,42 @@ k5_ident_update(khm_int32 msg_type, k5_ident_update_apply_proc,
(void *) ident);
+ if (KHM_SUCCEEDED(kcdb_identity_get_default(&tident))) {
+ kcdb_identity_release(tident);
+ goto _iu_cleanup;
+ }
+
+ cb = sizeof(wid_ccname);
+ if (KHM_FAILED(kcdb_identity_get_attr(ident,
+ attr_id_krb5_ccname,
+ NULL,
+ wid_ccname,
+ &cb)))
+ goto _iu_cleanup;
+
+ if(k5_identpro_ctx == NULL)
+ goto _iu_cleanup;
+
+ code = pkrb5_cc_default(k5_identpro_ctx, &cc);
+ if (code)
+ goto _iu_cleanup;
+
+ ccname = pkrb5_cc_get_name(k5_identpro_ctx, cc);
+ if (ccname == NULL)
+ goto _iu_cleanup;
+
+ AnsiStrToUnicode(w_ccname, sizeof(w_ccname), ccname);
+
+ khm_krb5_canon_cc_name(w_ccname, sizeof(w_ccname));
+ khm_krb5_canon_cc_name(wid_ccname, sizeof(wid_ccname));
+
+ if (!wcsicmp(w_ccname, wid_ccname))
+ kcdb_identity_set_default_int(ident);
+
+ _iu_cleanup:
+ if (cc && k5_identpro_ctx)
+ pkrb5_cc_close(k5_identpro_ctx, cc);
+
return KHM_ERROR_SUCCESS;
}
@@ -965,6 +1094,7 @@ k5_ident_init(khm_int32 msg_type, char * princ_nameA = NULL;
wchar_t princ_nameW[KCDB_IDENT_MAXCCH_NAME];
khm_handle ident = NULL;
+ khm_boolean found_default = FALSE;
assert(k5_identpro_ctx != NULL);
@@ -995,6 +1125,8 @@ k5_ident_init(khm_int32 msg_type, kcdb_identity_set_default_int(ident);
+ found_default = TRUE;
+
_nc_cleanup:
if (princ_nameA)
pkrb5_free_unparsed_name(k5_identpro_ctx,
@@ -1008,6 +1140,25 @@ k5_ident_init(khm_int32 msg_type, if (ident)
kcdb_identity_release(ident);
+ if (!found_default) {
+ wchar_t widname[KCDB_IDENT_MAXCCH_NAME];
+ khm_size cb;
+
+ cb = sizeof(widname);
+
+ assert(csp_params);
+
+ if (KHM_SUCCEEDED(khc_read_string(csp_params, L"LastDefaultIdent",
+ widname, &cb))) {
+ ident = NULL;
+ kcdb_identity_create(widname, KCDB_IDENT_FLAG_CREATE, &ident);
+ if (ident) {
+ kcdb_identity_set_default_int(ident);
+ kcdb_identity_release(ident);
+ }
+ }
+ }
+
return KHM_ERROR_SUCCESS;
}
@@ -1106,3 +1257,121 @@ k5_msg_ident(khm_int32 msg_type, return KHM_ERROR_SUCCESS;
}
+
+khm_int32 KHMAPI
+k5_ident_name_comp_func(const void * dl, khm_size cb_dl,
+ const void * dr, khm_size cb_dr) {
+ wchar_t * idl = (wchar_t *) dl;
+ wchar_t * idr = (wchar_t *) dr;
+ wchar_t * rl;
+ wchar_t * rr;
+ khm_int32 r;
+
+ rl = khm_get_realm_from_princ(idl);
+ rr = khm_get_realm_from_princ(idr);
+
+ if (rl == NULL && rr == NULL)
+ return wcscmp(idl, idr);
+ else if (rl == NULL)
+ return 1;
+ else if (rr == NULL)
+ return -1;
+
+ r = wcscmp(rl, rr);
+ if (r == 0)
+ return wcscmp(idl, idr);
+ else
+ return r;
+}
+
+khm_int32
+k5_msg_system_idpro(khm_int32 msg_type, khm_int32 msg_subtype,
+ khm_ui_4 uparam, void * vparam) {
+
+ switch(msg_subtype) {
+ case KMSG_SYSTEM_INIT:
+ {
+
+ pkrb5_init_context(&k5_identpro_ctx);
+ kcdb_identity_set_type(credtype_id_krb5);
+
+ if (KHM_FAILED(kcdb_type_get_id(TYPENAME_KRB5_PRINC,
+ &type_id_krb5_princ))) {
+ kcdb_type dt;
+ kcdb_type * pstr;
+
+ kcdb_type_get_info(KCDB_TYPE_STRING, &pstr);
+
+ ZeroMemory(&dt, sizeof(dt));
+ dt.name = TYPENAME_KRB5_PRINC;
+ dt.id = KCDB_TYPE_INVALID;
+ dt.flags = KCDB_TYPE_FLAG_CB_AUTO;
+ dt.cb_min = pstr->cb_min;
+ dt.cb_max = pstr->cb_max;
+ dt.toString = pstr->toString;
+ dt.isValid = pstr->isValid;
+ dt.comp = k5_ident_name_comp_func;
+ dt.dup = pstr->dup;
+
+ kcdb_type_register(&dt, &type_id_krb5_princ);
+
+ type_regd_krb5_princ = TRUE;
+
+ kcdb_type_release_info(pstr);
+ }
+
+ if (type_id_krb5_princ != -1) {
+ kcdb_attrib * attr;
+
+ kcdb_attrib_get_info(KCDB_ATTR_ID_NAME, &attr);
+
+ attr->type = type_id_krb5_princ;
+
+ kcdb_attrib_release_info(attr);
+ }
+ }
+ break;
+
+ case KMSG_SYSTEM_EXIT:
+ {
+ if (k5_identpro_ctx) {
+ pkrb5_free_context(k5_identpro_ctx);
+ k5_identpro_ctx = NULL;
+ }
+
+ if (type_id_krb5_princ != -1) {
+ kcdb_attrib * attr;
+
+ kcdb_attrib_get_info(KCDB_ATTR_ID_NAME, &attr);
+
+ attr->type = KCDB_TYPE_STRING;
+
+ kcdb_attrib_release_info(attr);
+ }
+
+ /* allow a brief moment for any stale references to die */
+ Sleep(100);
+
+ if (type_regd_krb5_princ) {
+ kcdb_type_unregister(type_id_krb5_princ);
+ }
+ }
+ break;
+ }
+
+ return KHM_ERROR_SUCCESS;
+}
+
+khm_int32 KHMAPI
+k5_ident_callback(khm_int32 msg_type, khm_int32 msg_subtype,
+ khm_ui_4 uparam, void * vparam) {
+ switch(msg_type) {
+ case KMSG_SYSTEM:
+ return k5_msg_system_idpro(msg_type, msg_subtype, uparam, vparam);
+
+ case KMSG_IDENT:
+ return k5_msg_ident(msg_type, msg_subtype, uparam, vparam);
+ }
+
+ return KHM_ERROR_SUCCESS;
+}
diff --git a/src/windows/identity/plugins/krb5/main.c b/src/windows/identity/plugins/krb5/krb5main.c index db996d951..7bf121dd0 100644 --- a/src/windows/identity/plugins/krb5/main.c +++ b/src/windows/identity/plugins/krb5/krb5main.c @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -35,10 +35,12 @@ const wchar_t * k5_facility = L"Krb5"; khm_int32 type_id_enctype = -1;
khm_int32 type_id_addr_list = -1;
khm_int32 type_id_krb5_flags = -1;
+khm_int32 type_id_krb5_princ = -1;
BOOL type_regd_enctype = FALSE;
BOOL type_regd_addr_list = FALSE;
BOOL type_regd_krb5_flags = FALSE;
+BOOL type_regd_krb5_princ = FALSE;
khm_int32 attr_id_key_enctype = -1;
khm_int32 attr_id_tkt_enctype = -1;
@@ -89,13 +91,25 @@ KHMEXP khm_int32 KHMAPI init_module(kmm_module h_module) { pi.name = KRB5_PLUGIN_NAME;
pi.type = KHM_PITYPE_CRED;
pi.icon = NULL; /*TODO: Assign icon */
- pi.flags = KHM_PIFLAG_IDENTITY_PROVIDER;
+ pi.flags = 0;
pi.msg_proc = k5_msg_callback;
pi.description = buf;
LoadString(hResModule, IDS_PLUGIN_DESC,
buf, ARRAYLENGTH(buf));
kmm_provide_plugin(h_module, &pi);
+ ZeroMemory(&pi, sizeof(pi));
+ pi.name = KRB5_IDENTPRO_NAME;
+ pi.type = KHM_PITYPE_IDENT;
+ pi.icon = NULL; /* ignored */
+ pi.flags = 0;
+ pi.msg_proc = k5_ident_callback;
+ pi.description = buf;
+ pi.dependencies = KRB5_PLUGIN_NAME L"\0";
+ LoadString(hResModule, IDS_IDENTPRO_DESC,
+ buf, ARRAYLENGTH(buf));
+ kmm_provide_plugin(h_module, &pi);
+
if(KHM_FAILED(rv = init_imports()))
goto _exit;
diff --git a/src/windows/identity/plugins/krb5/krb5newcreds.c b/src/windows/identity/plugins/krb5/krb5newcreds.c index 968e0e290..fc36d2c20 100644 --- a/src/windows/identity/plugins/krb5/krb5newcreds.c +++ b/src/windows/identity/plugins/krb5/krb5newcreds.c @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -63,7 +63,7 @@ k5_handle_wm_initdialog(HWND hwnd, k5_dlg_data * d;
khui_new_creds_by_type * nct;
- d = malloc(sizeof(*d));
+ d = PMALLOC(sizeof(*d));
ZeroMemory(d, sizeof(*d));
/* lParam is a pointer to a khui_new_creds structure */
d->nc = (khui_new_creds *) lParam;
@@ -116,7 +116,7 @@ k5_handle_wm_destroy(HWND hwnd, khui_tracker_kill_controls(&d->tc_lifetime);
}
- free(d);
+ PFREE(d);
return TRUE;
}
@@ -200,7 +200,7 @@ k5_handle_wmnc_notify(HWND hwnd, break;
if(nct->credtext)
- free(nct->credtext);
+ PFREE(nct->credtext);
nct->credtext = NULL;
tbuf[0] = L'\0';
@@ -227,7 +227,7 @@ k5_handle_wmnc_notify(HWND hwnd, StringCbLength(sbuf, sizeof(sbuf), &cbsize);
cbsize += sizeof(wchar_t);
- nct->credtext = malloc(cbsize);
+ nct->credtext = PMALLOC(cbsize);
StringCbCopy(nct->credtext, cbsize, sbuf);
} else if (nc->n_identities > 0 &&
@@ -242,7 +242,7 @@ k5_handle_wmnc_notify(HWND hwnd, StringCbLength(sbuf, sizeof(sbuf), &cbsize);
cbsize += sizeof(wchar_t);
- nct->credtext = malloc(cbsize);
+ nct->credtext = PMALLOC(cbsize);
StringCbCopy(nct->credtext, cbsize, sbuf);
} else {
@@ -251,7 +251,7 @@ k5_handle_wmnc_notify(HWND hwnd, &cbsize);
cbsize += sizeof(wchar_t);
- nct->credtext = malloc(cbsize);
+ nct->credtext = PMALLOC(cbsize);
StringCbCopy(nct->credtext, cbsize, d->cred_message);
}
@@ -1131,7 +1131,7 @@ k5_prep_kinit_job(khui_new_creds * nc) g_fjob.nc = nc;
g_fjob.nct = nct;
g_fjob.dialog = nct->hwnd_panel;
- g_fjob.principal = malloc(size);
+ g_fjob.principal = PMALLOC(size);
UnicodeStrToAnsi(g_fjob.principal, size, idname);
g_fjob.password = NULL;
g_fjob.lifetime = (krb5_deltat) d->tc_lifetime.current;
@@ -1155,7 +1155,7 @@ k5_prep_kinit_job(khui_new_creds * nc) SUCCEEDED(StringCchLength(pdlginfo->in.ccache,
NETID_CCACHE_NAME_SZ,
&size))) {
- g_fjob.ccache = malloc(sizeof(char) * (size + 1));
+ g_fjob.ccache = PMALLOC(sizeof(char) * (size + 1));
#ifdef DEBUG
assert(g_fjob.ccache);
#endif
@@ -1210,16 +1210,16 @@ void k5_free_kinit_job(void)
{
if (g_fjob.principal)
- free(g_fjob.principal);
+ PFREE(g_fjob.principal);
if (g_fjob.password)
- free(g_fjob.password);
+ PFREE(g_fjob.password);
if (g_fjob.identity)
kcdb_identity_release(g_fjob.identity);
if (g_fjob.ccache)
- free(g_fjob.ccache);
+ PFREE(g_fjob.ccache);
ZeroMemory(&g_fjob, sizeof(g_fjob));
}
@@ -1272,7 +1272,7 @@ k5_msg_cred_dialog(khm_int32 msg_type, nc = (khui_new_creds *) vparam;
- nct = malloc(sizeof(*nct));
+ nct = PMALLOC(sizeof(*nct));
ZeroMemory(nct, sizeof(*nct));
nct->type = credtype_id_krb5;
@@ -1283,7 +1283,7 @@ k5_msg_cred_dialog(khm_int32 msg_type, StringCbLength(wbuf, sizeof(wbuf), &cbsize);
cbsize += sizeof(wchar_t);
- nct->name = malloc(cbsize);
+ nct->name = PMALLOC(cbsize);
StringCbCopy(nct->name, cbsize, wbuf);
nct->h_module = hResModule;
@@ -1304,7 +1304,7 @@ k5_msg_cred_dialog(khm_int32 msg_type, nc = (khui_new_creds *) vparam;
- nct = malloc(sizeof(*nct));
+ nct = PMALLOC(sizeof(*nct));
ZeroMemory(nct, sizeof(*nct));
nct->type = credtype_id_krb5;
@@ -1350,7 +1350,7 @@ k5_msg_cred_dialog(khm_int32 msg_type, 0, (LPARAM) t);
t = multi_string_next(t);
}
- free(realms);
+ PFREE(realms);
}
/* and set the default realm */
@@ -1364,7 +1364,7 @@ k5_msg_cred_dialog(khm_int32 msg_type, SendDlgItemMessage(hwnd, IDC_NCK5_REALM,
WM_SETTEXT,
0, (LPARAM) defrealm);
- free(defrealm);
+ PFREE(defrealm);
}
} else { /* if krb5 is the identity provider */
HWND hw_realms;
@@ -1526,14 +1526,15 @@ k5_msg_cred_dialog(khm_int32 msg_type, password */
if(g_fjob.code) {
if (is_k5_identpro)
- kcdb_identity_set_flags(ident,
+ kcdb_identity_set_flags(ident,
+ KCDB_IDENT_FLAG_INVALID,
KCDB_IDENT_FLAG_INVALID);
khui_cw_clear_prompts(nc);
}
if (d->cred_message) {
- free(d->cred_message);
+ PFREE(d->cred_message);
d->cred_message = NULL;
}
@@ -1576,7 +1577,7 @@ k5_msg_cred_dialog(khm_int32 msg_type, StringCbLength(msg, sizeof(msg), &cb);
cb += sizeof(wchar_t);
- d->cred_message = malloc(cb);
+ d->cred_message = PMALLOC(cb);
StringCbCopy(d->cred_message, cb, msg);
}
@@ -1587,6 +1588,7 @@ k5_msg_cred_dialog(khm_int32 msg_type, if(is_k5_identpro)
kcdb_identity_set_flags(ident,
+ KCDB_IDENT_FLAG_VALID,
KCDB_IDENT_FLAG_VALID);
} else {
/* huh?? */
@@ -1688,12 +1690,12 @@ k5_msg_cred_dialog(khm_int32 msg_type, (nc->n_identities == 0 ||
nc->identities[0] == NULL ||
KHM_SUCCEEDED(kcdb_credset_find_filtered
- (NULL,
- -1,
- k5_find_tgt_filter,
- nc->identities[0],
- NULL,
- NULL))))
+ (NULL,
+ -1,
+ k5_find_tgt_filter,
+ nc->identities[0],
+ NULL,
+ NULL))))
g_fjob.code = 0;
@@ -1776,7 +1778,7 @@ k5_msg_cred_dialog(khm_int32 msg_type, &cb);
assert(rv == KHM_ERROR_TOO_LONG);
- idname = malloc(cb);
+ idname = PMALLOC(cb);
assert(idname);
rv = kcdb_identity_get_name(nc->identities[0],
@@ -1793,7 +1795,7 @@ k5_msg_cred_dialog(khm_int32 msg_type, else
cb_ms += cb + sizeof(wchar_t);
- wbuf = malloc(cb_ms);
+ wbuf = PMALLOC(cb_ms);
assert(wbuf);
cb = cb_ms;
@@ -1838,8 +1840,8 @@ k5_msg_cred_dialog(khm_int32 msg_type, &cb);
if (rv == KHM_ERROR_TOO_LONG) {
- free(wbuf);
- wbuf = malloc(cb);
+ PFREE(wbuf);
+ wbuf = PMALLOC(cb);
assert(wbuf);
cb_ms = cb;
@@ -1886,10 +1888,10 @@ k5_msg_cred_dialog(khm_int32 msg_type, pkrb5_free_context(ctx);
if (idname)
- free(idname);
+ PFREE(idname);
if (wbuf)
- free(wbuf);
+ PFREE(wbuf);
} else if (g_fjob.state == FIBER_STATE_NONE) {
/* the user cancelled the operation */
r = KHUI_NC_RESPONSE_EXIT |
@@ -1921,6 +1923,12 @@ k5_msg_cred_dialog(khm_int32 msg_type, _end_task();
} else if (nc->subtype == KMSG_CRED_RENEW_CREDS) {
+ __int64 ftidexp = 0;
+ __int64 ftcurrent;
+ khm_size cb;
+
+ GetSystemTimeAsFileTime((LPFILETIME) &ftcurrent);
+
_begin_task(0);
_report_mr0(KHERR_NONE, MSG_CTX_RENEW_CREDS);
_describe();
@@ -1930,10 +1938,20 @@ k5_msg_cred_dialog(khm_int32 msg_type, nc->ctx.cred_type == credtype_id_krb5)) {
int code;
- if (nc->ctx.identity != 0)
+ if (nc->ctx.identity != 0) {
+ /* get the current identity expiration time */
+ cb = sizeof(ftidexp);
+
+ kcdb_identity_get_attr(nc->ctx.identity,
+ KCDB_ATTR_EXPIRE,
+ NULL,
+ &ftidexp,
+ &cb);
+
code = khm_krb5_renew(nc->ctx.identity);
- else
+ } else {
code = 1; /* it just has to be non-zero */
+ }
if (code == 0) {
khui_cw_set_response(nc, credtype_id_krb5,
@@ -1946,6 +1964,29 @@ k5_msg_cred_dialog(khm_int32 msg_type, khui_cw_set_response(nc, credtype_id_krb5,
KHUI_NC_RESPONSE_EXIT |
KHUI_NC_RESPONSE_FAILED);
+ } else if (ftcurrent < ftidexp) {
+ wchar_t tbuf[1024];
+ DWORD suggestion;
+ kherr_suggestion sug_id;
+
+ /* if we failed to get new tickets, but the
+ identity isstill valid, then we assume that
+ the current tickets are still good enough
+ for other credential types to obtain their
+ credentials. */
+
+ khm_err_describe(code, tbuf, sizeof(tbuf),
+ &suggestion, &sug_id);
+
+ _report_cs0(KHERR_WARNING, tbuf);
+ if (suggestion)
+ _suggest_mr(suggestion, sug_id);
+
+ _resolve();
+
+ khui_cw_set_response(nc, credtype_id_krb5,
+ KHUI_NC_RESPONSE_EXIT |
+ KHUI_NC_RESPONSE_SUCCESS);
} else {
wchar_t tbuf[1024];
DWORD suggestion;
@@ -2049,14 +2090,14 @@ k5_msg_cred_dialog(khm_int32 msg_type, }
if (wcscmp(wnpwd, wnpwd2)) {
- rv = KHM_ERROR_INVALID_PARM;
+ rv = KHM_ERROR_INVALID_PARAM;
_report_mr0(KHERR_ERROR, MSG_PWD_NOT_SAME);
_suggest_mr(MSG_PWD_S_NOT_SAME, KHERR_SUGGEST_INTERACT);
goto _pwd_exit;
}
if (!wcscmp(wpwd, wnpwd)) {
- rv = KHM_ERROR_INVALID_PARM;
+ rv = KHM_ERROR_INVALID_PARAM;
_report_mr0(KHERR_ERROR, MSG_PWD_SAME);
_suggest_mr(MSG_PWD_S_SAME, KHERR_SUGGEST_INTERACT);
goto _pwd_exit;
@@ -2082,7 +2123,7 @@ k5_msg_cred_dialog(khm_int32 msg_type, StringCchLengthA(result, KHERR_MAXCCH_STRING,
&len);
- wresult = malloc((len + 1) * sizeof(wchar_t));
+ wresult = PMALLOC((len + 1) * sizeof(wchar_t));
#ifdef DEBUG
assert(wresult);
#endif
@@ -2092,8 +2133,8 @@ k5_msg_cred_dialog(khm_int32 msg_type, _report_cs1(KHERR_ERROR, L"%1!s!", _cstr(wresult));
_resolve();
- free(result);
- free(wresult);
+ PFREE(result);
+ PFREE(wresult);
/* leave wresult. It will get freed when the
reported event is freed. */
@@ -2149,10 +2190,12 @@ k5_msg_cred_dialog(khm_int32 msg_type, khui_cw_del_type(nc, credtype_id_krb5);
- if(nct->name)
- free(nct->name);
+ if (nct->name)
+ PFREE(nct->name);
+ if (nct->credtext)
+ PFREE(nct->credtext);
- free(nct);
+ PFREE(nct);
}
break;
diff --git a/src/windows/identity/plugins/krb5/krb5plugin.c b/src/windows/identity/plugins/krb5/krb5plugin.c index 4b53ed3e8..ecfde2f5a 100644 --- a/src/windows/identity/plugins/krb5/krb5plugin.c +++ b/src/windows/identity/plugins/krb5/krb5plugin.c @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -47,91 +47,90 @@ krb5_context k5_identpro_ctx = NULL; /* The system message handler.
Runs in the context of the plugin thread */
-khm_int32 KHMAPI k5_msg_system(khm_int32 msg_type, khm_int32 msg_subtype, khm_ui_4 uparam, void * vparam)
+khm_int32 KHMAPI
+k5_msg_system(khm_int32 msg_type, khm_int32 msg_subtype,
+ khm_ui_4 uparam, void * vparam)
{
khm_int32 rv = KHM_ERROR_SUCCESS;
switch(msg_subtype) {
- case KMSG_SYSTEM_INIT:
- {
- kcdb_credtype ct;
- wchar_t buf[KCDB_MAXCCH_SHORT_DESC];
- size_t cbsize;
-
- /* perform critical registrations and initialization
- stuff */
- ZeroMemory(&ct, sizeof(ct));
- ct.id = KCDB_CREDTYPE_AUTO;
- ct.name = KRB5_CREDTYPE_NAME;
-
- if(LoadString(hResModule, IDS_KRB5_SHORT_DESC, buf, ARRAYLENGTH(buf)))
- {
- StringCbLength(buf, KCDB_MAXCB_SHORT_DESC, &cbsize);
- cbsize += sizeof(wchar_t);
- ct.short_desc = malloc(cbsize);
- StringCbCopy(ct.short_desc, cbsize, buf);
- }
-
- /* even though ideally we should be setting limits
- based KCDB_MAXCB_LONG_DESC, our long description
- actually fits nicely in KCDB_MAXCB_SHORT_DESC */
- if(LoadString(hResModule, IDS_KRB5_LONG_DESC, buf, ARRAYLENGTH(buf)))
- {
- StringCbLength(buf, KCDB_MAXCB_SHORT_DESC, &cbsize);
- cbsize += sizeof(wchar_t);
- ct.long_desc = malloc(cbsize);
- StringCbCopy(ct.long_desc, cbsize, buf);
- }
+ case KMSG_SYSTEM_INIT:
+ {
+ kcdb_credtype ct;
+ wchar_t buf[KCDB_MAXCCH_SHORT_DESC];
+ size_t cbsize;
+
+ /* perform critical registrations and initialization
+ stuff */
+ ZeroMemory(&ct, sizeof(ct));
+ ct.id = KCDB_CREDTYPE_AUTO;
+ ct.name = KRB5_CREDTYPE_NAME;
+
+ if(LoadString(hResModule, IDS_KRB5_SHORT_DESC,
+ buf, ARRAYLENGTH(buf))) {
+ StringCbLength(buf, KCDB_MAXCB_SHORT_DESC, &cbsize);
+ cbsize += sizeof(wchar_t);
+ ct.short_desc = PMALLOC(cbsize);
+ StringCbCopy(ct.short_desc, cbsize, buf);
+ }
- ct.icon = NULL; /* TODO: set a proper icon */
+ /* even though ideally we should be setting limits
+ based KCDB_MAXCB_LONG_DESC, our long description
+ actually fits nicely in KCDB_MAXCB_SHORT_DESC */
+ if(LoadString(hResModule, IDS_KRB5_LONG_DESC,
+ buf, ARRAYLENGTH(buf))) {
+ StringCbLength(buf, KCDB_MAXCB_SHORT_DESC, &cbsize);
+ cbsize += sizeof(wchar_t);
+ ct.long_desc = PMALLOC(cbsize);
+ StringCbCopy(ct.long_desc, cbsize, buf);
+ }
- kmq_create_subscription(k5_msg_callback, &ct.sub);
+ ct.icon = NULL; /* TODO: set a proper icon */
- rv = kcdb_credtype_register(&ct, &credtype_id_krb5);
+ kmq_create_subscription(k5_msg_callback, &ct.sub);
- if(KHM_SUCCEEDED(rv))
- rv = kcdb_credset_create(&krb5_credset);
+ ct.is_equal = khm_krb5_creds_is_equal;
- if(ct.short_desc)
- free(ct.short_desc);
+ rv = kcdb_credtype_register(&ct, &credtype_id_krb5);
- if(ct.long_desc)
- free(ct.long_desc);
+ if(KHM_SUCCEEDED(rv))
+ rv = kcdb_credset_create(&krb5_credset);
- if (is_k5_identpro)
- kcdb_identity_set_type(credtype_id_krb5);
+ if(ct.short_desc)
+ PFREE(ct.short_desc);
- if(KHM_SUCCEEDED(rv)) {
- krb5_context ctx = NULL;
+ if(ct.long_desc)
+ PFREE(ct.long_desc);
- krb5_initialized = TRUE;
+ if(KHM_SUCCEEDED(rv)) {
+ krb5_context ctx = NULL;
- khm_krb5_list_tickets(&ctx);
+ krb5_initialized = TRUE;
- if(ctx != NULL)
- pkrb5_free_context(ctx);
+ if(ctx != NULL)
+ pkrb5_free_context(ctx);
- /* now convert this thread to a fiber and create a
- separate fiber to do kinit stuff */
- k5_main_fiber = ConvertThreadToFiber(NULL);
- k5_kinit_fiber = CreateFiber(0,k5_kinit_fiber_proc,NULL);
+ /* now convert this thread to a fiber and create a
+ separate fiber to do kinit stuff */
+ k5_main_fiber = ConvertThreadToFiber(NULL);
+ k5_kinit_fiber = CreateFiber(0,k5_kinit_fiber_proc,NULL);
- ZeroMemory(&g_fjob, sizeof(g_fjob));
+ ZeroMemory(&g_fjob, sizeof(g_fjob));
- kmq_create_subscription(k5_msg_callback, &k5_sub);
+ kmq_create_subscription(k5_msg_callback, &k5_sub);
- pkrb5_init_context(&k5_identpro_ctx);
+ k5_register_config_panels();
- k5_register_config_panels();
- }
+ khm_krb5_list_tickets(&ctx);
}
- break;
+ }
+ break;
- case KMSG_SYSTEM_EXIT:
+ case KMSG_SYSTEM_EXIT:
- k5_unregister_config_panels();
+ k5_unregister_config_panels();
- if(credtype_id_krb5 >= 0)
+ if(credtype_id_krb5 >= 0)
{
/* basically just unregister the credential type */
kcdb_credtype_unregister(credtype_id_krb5);
@@ -141,22 +140,19 @@ khm_int32 KHMAPI k5_msg_system(khm_int32 msg_type, khm_int32 msg_subtype, khm_ui krb5_credset = NULL;
}
- if(k5_main_fiber != NULL) {
- ConvertFiberToThread();
- k5_main_fiber = NULL;
- }
+ if(k5_main_fiber != NULL) {
+#if (_WIN32_WINNT >= 0x0501)
+ ConvertFiberToThread();
+#endif
+ k5_main_fiber = NULL;
+ }
- if(k5_sub != NULL) {
- kmq_delete_subscription(k5_sub);
- k5_sub = NULL;
- }
+ if(k5_sub != NULL) {
+ kmq_delete_subscription(k5_sub);
+ k5_sub = NULL;
+ }
- if (k5_identpro_ctx) {
- pkrb5_free_context(k5_identpro_ctx);
- k5_identpro_ctx = NULL;
- }
-
- break;
+ break;
}
return rv;
@@ -167,45 +163,47 @@ khm_int32 KHMAPI k5_msg_system(khm_int32 msg_type, khm_int32 msg_subtype, khm_ui Runs in the context of the Krb5 plugin
*/
-khm_int32 KHMAPI k5_msg_cred(khm_int32 msg_type, khm_int32 msg_subtype, khm_ui_4 uparam, void * vparam)
+khm_int32 KHMAPI
+k5_msg_cred(khm_int32 msg_type, khm_int32 msg_subtype,
+ khm_ui_4 uparam, void * vparam)
{
khm_int32 rv = KHM_ERROR_SUCCESS;
switch(msg_subtype) {
- case KMSG_CRED_REFRESH:
- {
- krb5_context ctx = NULL;
+ case KMSG_CRED_REFRESH:
+ {
+ krb5_context ctx = NULL;
- khm_krb5_list_tickets(&ctx);
+ khm_krb5_list_tickets(&ctx);
- if(ctx != NULL)
- pkrb5_free_context(ctx);
- }
- break;
+ if(ctx != NULL)
+ pkrb5_free_context(ctx);
+ }
+ break;
- case KMSG_CRED_DESTROY_CREDS:
- {
- khui_action_context * ctx;
+ case KMSG_CRED_DESTROY_CREDS:
+ {
+ khui_action_context * ctx;
- ctx = (khui_action_context *) vparam;
+ ctx = (khui_action_context *) vparam;
- if (ctx->credset)
- khm_krb5_destroy_by_credset(ctx->credset);
- }
- break;
-
- case KMSG_CRED_PP_BEGIN:
- k5_pp_begin((khui_property_sheet *) vparam);
- break;
-
- case KMSG_CRED_PP_END:
- k5_pp_end((khui_property_sheet *) vparam);
- break;
-
- default:
- if(IS_CRED_ACQ_MSG(msg_subtype))
- return k5_msg_cred_dialog(msg_type, msg_subtype,
- uparam, vparam);
+ if (ctx->credset)
+ khm_krb5_destroy_by_credset(ctx->credset);
+ }
+ break;
+
+ case KMSG_CRED_PP_BEGIN:
+ k5_pp_begin((khui_property_sheet *) vparam);
+ break;
+
+ case KMSG_CRED_PP_END:
+ k5_pp_end((khui_property_sheet *) vparam);
+ break;
+
+ default:
+ if(IS_CRED_ACQ_MSG(msg_subtype))
+ return k5_msg_cred_dialog(msg_type, msg_subtype,
+ uparam, vparam);
}
return rv;
@@ -216,15 +214,15 @@ khm_int32 KHMAPI k5_msg_cred(khm_int32 msg_type, khm_int32 msg_subtype, khm_ui_4 Runs in the context of the Krb5 plugin
*/
-khm_int32 KHMAPI k5_msg_callback(khm_int32 msg_type, khm_int32 msg_subtype, khm_ui_4 uparam, void * vparam)
+khm_int32 KHMAPI
+k5_msg_callback(khm_int32 msg_type, khm_int32 msg_subtype,
+ khm_ui_4 uparam, void * vparam)
{
switch(msg_type) {
- case KMSG_SYSTEM:
- return k5_msg_system(msg_type, msg_subtype, uparam, vparam);
- case KMSG_CRED:
- return k5_msg_cred(msg_type, msg_subtype, uparam, vparam);
- case KMSG_IDENT:
- return k5_msg_ident(msg_type, msg_subtype, uparam, vparam);
+ case KMSG_SYSTEM:
+ return k5_msg_system(msg_type, msg_subtype, uparam, vparam);
+ case KMSG_CRED:
+ return k5_msg_cred(msg_type, msg_subtype, uparam, vparam);
}
return KHM_ERROR_SUCCESS;
}
diff --git a/src/windows/identity/plugins/krb5/krb5props.c b/src/windows/identity/plugins/krb5/krb5props.c index 9134de292..0d8d27276 100644 --- a/src/windows/identity/plugins/krb5/krb5props.c +++ b/src/windows/identity/plugins/krb5/krb5props.c @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -30,6 +30,9 @@ #include<commctrl.h>
#include<strsafe.h>
#include<krb5.h>
+#ifdef DEBUG
+#include<assert.h>
+#endif
/* Property page
@@ -42,44 +45,99 @@ INT_PTR CALLBACK krb5_pp_proc(HWND hwnd, )
{
switch(uMsg) {
- case WM_INITDIALOG:
- {
- khui_property_sheet * s;
- PROPSHEETPAGE * p;
- wchar_t buf[512];
- khm_size cbsize;
-
- p = (PROPSHEETPAGE *) lParam;
- s = (khui_property_sheet *) p->lParam;
+ case WM_INITDIALOG:
+ {
+ khui_property_sheet * s;
+ PROPSHEETPAGE * p;
+ wchar_t buf[512];
+ wchar_t unavailable[64];
+ khm_size cbsize;
+ khm_int32 rv;
+ khm_int32 tflags;
+
+ p = (PROPSHEETPAGE *) lParam;
+ s = (khui_property_sheet *) p->lParam;
#pragma warning(push)
#pragma warning(disable: 4244)
- SetWindowLongPtr(hwnd, DWLP_USER, (LONG_PTR) s);
+ SetWindowLongPtr(hwnd, DWLP_USER, (LONG_PTR) s);
#pragma warning(pop)
- if(s->cred) {
- cbsize = sizeof(buf);
- kcdb_cred_get_name(s->cred, buf, &cbsize);
- SetDlgItemText(hwnd, IDC_PPK5_NAME, buf);
+ LoadString(hResModule, IDS_UNAVAILABLE,
+ unavailable, ARRAYLENGTH(unavailable));
- cbsize = sizeof(buf);
- kcdb_cred_get_attr_string(s->cred, KCDB_ATTR_ISSUE, buf, &cbsize, 0);
- SetDlgItemText(hwnd, IDC_PPK5_ISSUE, buf);
+ if(s->cred) {
+ cbsize = sizeof(buf);
+ kcdb_cred_get_name(s->cred, buf, &cbsize);
+ SetDlgItemText(hwnd, IDC_PPK5_NAME, buf);
- cbsize = sizeof(buf);
- kcdb_cred_get_attr_string(s->cred, KCDB_ATTR_EXPIRE, buf, &cbsize, 0);
+ cbsize = sizeof(buf);
+ rv = kcdb_cred_get_attr_string(s->cred,
+ KCDB_ATTR_ISSUE,
+ buf, &cbsize, 0);
+ if (KHM_SUCCEEDED(rv))
+ SetDlgItemText(hwnd, IDC_PPK5_ISSUE, buf);
+ else
+ SetDlgItemText(hwnd, IDC_PPK5_ISSUE, unavailable);
+
+ cbsize = sizeof(buf);
+ rv = kcdb_cred_get_attr_string(s->cred,
+ KCDB_ATTR_EXPIRE,
+ buf, &cbsize, 0);
+ if (KHM_SUCCEEDED(rv))
SetDlgItemText(hwnd, IDC_PPK5_VALID, buf);
-
- cbsize = sizeof(buf);
- kcdb_cred_get_attr_string(s->cred, KCDB_ATTR_RENEW_EXPIRE, buf, &cbsize, 0);
+ else
+ SetDlgItemText(hwnd, IDC_PPK5_VALID, unavailable);
+
+ cbsize = sizeof(buf);
+ rv = kcdb_cred_get_attr_string(s->cred,
+ KCDB_ATTR_RENEW_EXPIRE,
+ buf, &cbsize, 0);
+ if (KHM_SUCCEEDED(rv))
SetDlgItemText(hwnd, IDC_PPK5_RENEW, buf);
+ else
+ SetDlgItemText(hwnd, IDC_PPK5_RENEW, unavailable);
+
+ tflags = 0;
+ cbsize = sizeof(tflags);
+ rv = kcdb_cred_get_attr(s->cred,
+ attr_id_krb5_flags,
+ NULL,
+ &tflags,
+ &cbsize);
+ if (KHM_SUCCEEDED(rv)) {
+
+#define ADDBITFLAG(f,s) \
+ if (tflags & f) { \
+ LoadString(hResModule, s, buf, ARRAYLENGTH(buf)); \
+ SendDlgItemMessage(hwnd, IDC_PPK5_FLAGS, LB_ADDSTRING, 0, (LPARAM) buf); \
+ }
+
+ ADDBITFLAG(TKT_FLG_FORWARDABLE, IDS_FLG_FORWARDABLE);
+ ADDBITFLAG(TKT_FLG_FORWARDED, IDS_FLG_FORWARDED);
+ ADDBITFLAG(TKT_FLG_PROXIABLE, IDS_FLG_PROXIABLE);
+ ADDBITFLAG(TKT_FLG_PROXY, IDS_FLG_PROXY);
+ ADDBITFLAG(TKT_FLG_MAY_POSTDATE, IDS_FLG_MAY_POSTDATE);
+ ADDBITFLAG(TKT_FLG_POSTDATED, IDS_FLG_POSTDATED);
+ ADDBITFLAG(TKT_FLG_INVALID, IDS_FLG_INVALID);
+ ADDBITFLAG(TKT_FLG_RENEWABLE, IDS_FLG_RENEWABLE);
+ ADDBITFLAG(TKT_FLG_INITIAL, IDS_FLG_INITIAL);
+ ADDBITFLAG(TKT_FLG_PRE_AUTH, IDS_FLG_PRE_AUTH);
+ ADDBITFLAG(TKT_FLG_HW_AUTH, IDS_FLG_HW_AUTH);
+ ADDBITFLAG(TKT_FLG_TRANSIT_POLICY_CHECKED, IDS_FLG_TRANSIT_POL);
+ ADDBITFLAG(TKT_FLG_OK_AS_DELEGATE, IDS_FLG_OK_DELEGATE);
+ ADDBITFLAG(TKT_FLG_ANONYMOUS, IDS_FLG_ANONYMOUS);
+
+#undef ADDBITFLAG
- /*TODO: select other properties */
- } else {
- /*TODO: select properties */
}
+ } else {
+#ifdef DEBUG
+ assert(FALSE);
+#endif
}
- return FALSE;
+ }
+ return FALSE;
}
return FALSE;
@@ -89,14 +147,15 @@ void k5_pp_begin(khui_property_sheet * s) {
PROPSHEETPAGE *p;
- if(s->credtype == credtype_id_krb5) {
- p = malloc(sizeof(*p));
+ if(s->credtype == credtype_id_krb5 &&
+ s->cred) {
+ p = PMALLOC(sizeof(*p));
ZeroMemory(p, sizeof(*p));
p->dwSize = sizeof(*p);
p->dwFlags = 0;
p->hInstance = hResModule;
- p->pszTemplate = (s->cred)? MAKEINTRESOURCE(IDD_PP_KRB5C): MAKEINTRESOURCE(IDD_PP_KRB5);
+ p->pszTemplate = MAKEINTRESOURCE(IDD_PP_KRB5C);
p->pfnDlgProc = krb5_pp_proc;
p->lParam = (LPARAM) s;
khui_ps_add_page(s, credtype_id_krb5, 0, p, NULL);
@@ -110,7 +169,7 @@ void k5_pp_end(khui_property_sheet * s) khui_ps_find_page(s, credtype_id_krb5, &p);
if(p) {
if(p->p_page)
- free(p->p_page);
+ PFREE(p->p_page);
p->p_page = NULL;
}
}
diff --git a/src/windows/identity/plugins/krb5/krb5util.c b/src/windows/identity/plugins/krb5/krb5util.c index b892531af..7be0f8e26 100644 --- a/src/windows/identity/plugins/krb5/krb5util.c +++ b/src/windows/identity/plugins/krb5/krb5util.c @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -178,8 +178,8 @@ make_postfix( base_size = strlen(base) + 1;
ret_size = base_size + strlen(postfix) + 1;
- copy = malloc(base_size);
- ret = malloc(ret_size);
+ copy = PMALLOC(base_size);
+ ret = PMALLOC(ret_size);
if (!copy || !ret)
goto cleanup;
@@ -194,9 +194,9 @@ make_postfix( cleanup:
if (!copy || !ret) {
if (copy)
- free(copy);
+ PFREE(copy);
if (ret)
- free(ret);
+ PFREE(ret);
copy = ret = 0;
}
// INVARIANT: (ret ==> copy) && (copy ==> ret)
@@ -218,7 +218,7 @@ make_temp_cache_v4( if (old_cache) {
pdest_tkt();
pkrb_set_tkt_string(old_cache);
- free(old_cache);
+ PFREE(old_cache);
old_cache = 0;
}
@@ -230,7 +230,7 @@ make_temp_cache_v4( return KFAILURE;
pkrb_set_tkt_string(tmp_cache);
- free(tmp_cache);
+ PFREE(tmp_cache);
}
return 0;
}
@@ -259,7 +259,7 @@ make_temp_cache_v5( if (!pkrb5_cc_resolve(ctx, pkrb5_cc_default_name(ctx), &cc))
pkrb5_cc_destroy(ctx, cc);
pkrb5_cc_set_default_name(ctx, old_cache);
- free(old_cache);
+ PFREE(old_cache);
old_cache = 0;
}
if (ctx) {
@@ -291,7 +291,7 @@ make_temp_cache_v5( ctx = 0;
}
if (tmp_cache)
- free(tmp_cache);
+ PFREE(tmp_cache);
if (pctx)
*pctx = ctx;
return rc;
@@ -408,7 +408,7 @@ Leash_changepwd_v5(char * principal, (result_string.length ? (sizeof(": ") - 1) : 0) +
result_string.length;
if (len && error_str) {
- *error_str = malloc(len + 1);
+ *error_str = PMALLOC(len + 1);
if (*error_str)
_snprintf(*error_str, len + 1,
"%.*s%s%.*s",
@@ -516,7 +516,7 @@ Leash_int_changepwd( if (v4_error_str)
len += sizeof(sep) + sizeof(v4_prefix) + strlen(v4_error_str) +
sizeof(sep);
- error_str = malloc(len + 1);
+ error_str = PMALLOC(len + 1);
if (error_str) {
char* p = error_str;
int size = len + 1;
@@ -1019,27 +1019,27 @@ not_an_API_LeashFreeTicketList(TicketList** ticketList) killList = tempList;
tempList = (TicketList*)tempList->next;
- free(killList->theTicket);
+ PFREE(killList->theTicket);
if (killList->tktEncType)
- free(killList->tktEncType);
+ PFREE(killList->tktEncType);
if (killList->keyEncType)
- free(killList->keyEncType);
+ PFREE(killList->keyEncType);
if (killList->addrCount) {
int n;
for ( n=0; n<killList->addrCount; n++) {
if (killList->addrList[n])
- free(killList->addrList[n]);
+ PFREE(killList->addrList[n]);
}
}
if (killList->addrList)
- free(killList->addrList);
+ PFREE(killList->addrList);
if (killList->name)
- free(killList->name);
+ PFREE(killList->name);
if (killList->inst)
- free(killList->inst);
+ PFREE(killList->inst);
if (killList->realm)
- free(killList->realm);
- free(killList);
+ PFREE(killList->realm);
+ PFREE(killList);
}
*ticketList = NULL;
diff --git a/src/windows/identity/plugins/krb5/krbconfig.csv b/src/windows/identity/plugins/krb5/krbconfig.csv index c577eec3b..0059f0ab1 100644 --- a/src/windows/identity/plugins/krb5/krbconfig.csv +++ b/src/windows/identity/plugins/krb5/krbconfig.csv @@ -6,7 +6,9 @@ Krb5Cred,KC_SPACE,0,Kerberos V Credentials Provider Flags,KC_INT32,0,
Parameters,KC_SPACE,0,Parameters for KrbCred
CreateMissingConfig,KC_INT32,0,Create missing configuration files
- MsLsaImport,KC_INT32,2,Automatically import MSLSA credentials
+ MsLsaImport,KC_INT32,1,Automatically import MSLSA credentials: 0-never 1-always 2-if principle matches
+ MsLsaList,KC_INT32,1,Include MSLSA in the credentials list
+ FileCCList,KC_STRING,,List of file CCaches to include in listing
AutoRenewTickets,KC_INT32,1,Automatically renew expiring tickets
DefaultLifetime,KC_INT32,36000,Default ticket lifetime
MaxLifetime,KC_INT32,86400,Maximum lifetime
@@ -20,6 +22,8 @@ Krb5Cred,KC_SPACE,0,Kerberos V Credentials Provider MinRenewLifetime,KC_INT32,60,Maximum renewable lifetime
LRURealms,KC_STRING,,
LRUPrincipals,KC_STRING,,
+ LastDefaultIdent,KC_STRING,,Last known default identity
+ DefaultCCName,KC_STRING,,Default CC name (only per identity)
PromptCache,KC_SPACE,0,Cache of prompts (only per identity)
Name,KC_STRING,,
Banner,KC_STRING,,
diff --git a/src/windows/identity/plugins/krb5/krbcred.h b/src/windows/identity/plugins/krb5/krbcred.h index 08978f11f..7efc360a0 100644 --- a/src/windows/identity/plugins/krb5/krbcred.h +++ b/src/windows/identity/plugins/krb5/krbcred.h @@ -1,5 +1,5 @@ /*
- * Copyright (c) 2004 Massachusetts Institute of Technology
+ * Copyright (c) 2005 Massachusetts Institute of Technology
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
@@ -41,6 +41,7 @@ #include<kconfig.h>
#include<khuidefs.h>
#include<kherr.h>
+#include<utils.h>
#include<krb5funcs.h>
#include<krb5common.h>
@@ -51,9 +52,16 @@ #include<datarep.h>
#include<krb5_msgs.h>
+typedef enum tag_k5_lsa_import {
+ K5_LSAIMPORT_NEVER = 0,
+ K5_LSAIMPORT_ALWAYS = 1,
+ K5_LSAIMPORT_MATCH = 2, /* only when the principal name matches */
+} k5_lsa_import;
+
#define TYPENAME_ENCTYPE L"EncType"
#define TYPENAME_ADDR_LIST L"AddrList"
#define TYPENAME_KRB5_FLAGS L"Krb5Flags"
+#define TYPENAME_KRB5_PRINC L"Krb5Principal"
#define ATTRNAME_KEY_ENCTYPE L"KeyEncType"
#define ATTRNAME_TKT_ENCTYPE L"TktEncType"
@@ -75,6 +83,9 @@ extern const wchar_t * k5_facility; extern khm_int32 type_id_enctype;
extern khm_int32 type_id_addr_list;
extern khm_int32 type_id_krb5_flags;
+extern khm_int32 type_id_krb5_princ;
+
+extern BOOL type_regd_krb5_princ;
extern khm_int32 attr_id_key_enctype;
extern khm_int32 attr_id_tkt_enctype;
@@ -89,9 +100,23 @@ extern khm_int32 attr_id_krb5_ccname; /* plugin constants */
#define KRB5_PLUGIN_NAME L"Krb5Cred"
+#define KRB5_IDENTPRO_NAME L"Krb5Ident"
#define KRB5_CREDTYPE_NAME L"Krb5Cred"
+/* limits */
+/* maximum number of characters in a realm name */
+#define K5_MAXCCH_REALM 256
+
+/* maximum number of characters in a host name */
+#define K5_MAXCCH_HOST 128
+
+/* maximum number of KDC's per realm */
+#define K5_MAX_KDC 64
+
+/* maximum number of domains that map to a realm */
+#define K5_MAX_DOMAIN_MAPPINGS 32
+
extern khm_handle csp_plugins;
extern khm_handle csp_krbcred;
extern khm_handle csp_params;
@@ -113,6 +138,7 @@ extern BOOL is_k5_identpro; /* plugin callbacks */
khm_int32 KHMAPI k5_msg_callback(khm_int32 msg_type, khm_int32 msg_subtype, khm_ui_4 uparam, void * vparam);
+khm_int32 KHMAPI k5_ident_callback(khm_int32 msg_type, khm_int32 msg_subtype, khm_ui_4 uparam, void * vparam);
/* kinit fiber */
typedef struct _fiber_job_t {
@@ -179,4 +205,22 @@ k5_register_config_panels(void); void
k5_unregister_config_panels(void);
+INT_PTR CALLBACK
+k5_ccconfig_dlgproc(HWND hwnd,
+ UINT uMsg,
+ WPARAM wParam,
+ LPARAM lParam);
+
+INT_PTR CALLBACK
+k5_id_tab_dlgproc(HWND hwndDlg,
+ UINT uMsg,
+ WPARAM wParam,
+ LPARAM lParam);
+
+INT_PTR CALLBACK
+k5_ids_tab_dlgproc(HWND hwnd,
+ UINT uMsg,
+ WPARAM wParam,
+ LPARAM lParam);
+
#endif
diff --git a/src/windows/identity/plugins/krb5/lang/en_us/langres.rc b/src/windows/identity/plugins/krb5/lang/en_us/langres.rc index 087b93e47..d95c58d86 100644 --- a/src/windows/identity/plugins/krb5/lang/en_us/langres.rc +++ b/src/windows/identity/plugins/krb5/lang/en_us/langres.rc @@ -83,22 +83,14 @@ BEGIN LTEXT "Name",IDC_STATIC,7,7,19,8
LTEXT "Valid till",IDC_STATIC,7,39,24,8
LTEXT "Renewable till",IDC_STATIC,7,55,45,12
- CONTROL "Renewable",IDC_PPK5_CRENEW,"Button",BS_AUTOCHECKBOX |
- WS_DISABLED | WS_TABSTOP,31,125,51,10
- CONTROL "Forwardable",IDC_PPK5_CFORWARD,"Button",BS_AUTOCHECKBOX |
- WS_DISABLED | WS_TABSTOP,91,125,56,10
- CONTROL "Proxiable",IDC_PPK5_CPROXY,"Button",BS_AUTOCHECKBOX |
- WS_DISABLED | WS_TABSTOP,156,125,45,10
LTEXT "Issued on",IDC_STATIC,7,23,32,8
- GROUPBOX "Ticket flags",IDC_STATIC,7,108,221,41
- LTEXT "Static",IDC_PPK5_NAME,72,7,156,12,NOT WS_GROUP,
- WS_EX_CLIENTEDGE
- LTEXT "Static",IDC_PPK5_ISSUE,72,23,156,12,NOT WS_GROUP,
- WS_EX_CLIENTEDGE
- LTEXT "Static",IDC_PPK5_VALID,72,39,156,12,NOT WS_GROUP,
- WS_EX_CLIENTEDGE
- LTEXT "Static",IDC_PPK5_RENEW,72,55,156,12,NOT WS_GROUP,
- WS_EX_CLIENTEDGE
+ LTEXT "Ticket flags",IDC_STATIC,7,75,37,8
+ EDITTEXT IDC_PPK5_NAME,72,7,156,12,ES_AUTOHSCROLL | ES_READONLY
+ EDITTEXT IDC_PPK5_ISSUE,72,23,156,12,ES_AUTOHSCROLL | ES_READONLY
+ EDITTEXT IDC_PPK5_VALID,72,39,156,12,ES_AUTOHSCROLL | ES_READONLY
+ EDITTEXT IDC_PPK5_RENEW,72,55,156,12,ES_AUTOHSCROLL | ES_READONLY
+ LISTBOX IDC_PPK5_FLAGS,72,74,156,75,LBS_SORT |
+ LBS_NOINTEGRALHEIGHT | WS_VSCROLL | WS_TABSTOP
END
IDD_PP_KRB5 DIALOGEX 0, 0, 235, 156
@@ -137,14 +129,15 @@ BEGIN LTEXT "Default Realm",IDC_CFG_LBL_REALM,13,9,46,8
COMBOBOX IDC_CFG_DEFREALM,76,7,166,30,CBS_DROPDOWN | CBS_SORT |
WS_VSCROLL | WS_TABSTOP
- PUSHBUTTON "Configure Realms ...",IDC_CFG_CFGREALMS,76,25,84,14
+ PUSHBUTTON "Configure Realms ...",IDC_CFG_CFGREALMS,76,25,84,14,
+ WS_DISABLED
GROUPBOX "Keberos Configuration File",IDC_CFG_CFGFILEGRP,7,57,241,
48
LTEXT "Location",IDC_CFG_LBL_CFGFILE,13,71,28,8
EDITTEXT IDC_CFG_CFGFILE,76,68,119,14,ES_AUTOHSCROLL
PUSHBUTTON "Browse...",IDC_CFG_BROWSE,198,68,44,14
CONTROL "Create file if missing",IDC_CFG_CREATECONFIG,"Button",
- BS_AUTOCHECKBOX | WS_TABSTOP,76,89,80,10
+ BS_AUTOCHECKBOX | WS_DISABLED | WS_TABSTOP,76,89,80,10
GROUPBOX "Windows® Options",IDC_CFG_WINGRP,7,110,241,65
LTEXT "Hostname",IDC_CFG_LBL_HOSTNAME,13,123,33,8
EDITTEXT IDC_CFG_HOSTNAME,76,120,166,14,ES_AUTOHSCROLL |
@@ -153,7 +146,7 @@ BEGIN EDITTEXT IDC_CFG_DOMAIN,76,138,166,14,ES_AUTOHSCROLL |
ES_READONLY
LTEXT "Import tickets",IDC_LBL_IMPORT,13,158,45,8
- COMBOBOX IDC_CFG_IMPORT,76,156,166,30,CBS_DROPDOWNLIST | CBS_SORT |
+ COMBOBOX IDC_CFG_IMPORT,76,156,166,30,CBS_DROPDOWNLIST |
WS_VSCROLL | WS_TABSTOP
END
@@ -162,15 +155,17 @@ STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_SYSMENU EXSTYLE WS_EX_CONTROLPARENT
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- CONTROL "",IDC_CFG_REALMS,"SysListView32",LVS_ALIGNLEFT |
- WS_BORDER | WS_TABSTOP,7,19,81,148
- GROUPBOX "Servers",IDC_CFG_SERVERSGRP,93,7,155,91
- GROUPBOX "Domain/Hostname mappings",IDC_CFG_DOMAINGRP,93,101,155,
- 74
- CONTROL "",IDC_LIST3,"SysListView32",LVS_ALIGNLEFT | WS_BORDER |
- WS_TABSTOP,99,19,143,72
- CONTROL "",IDC_LIST4,"SysListView32",LVS_ALIGNLEFT | WS_BORDER |
- WS_TABSTOP,99,111,143,56
+ CONTROL "",IDC_CFG_REALMS,"SysListView32",LVS_REPORT |
+ LVS_SHOWSELALWAYS | LVS_SORTASCENDING | LVS_EDITLABELS |
+ LVS_ALIGNLEFT | LVS_NOCOLUMNHEADER | WS_TABSTOP,7,19,81,
+ 148
+ GROUPBOX "Kerberos Servers",IDC_CFG_SERVERSGRP,93,7,155,91
+ GROUPBOX "Domain mappings",IDC_CFG_DOMAINGRP,93,101,155,74
+ CONTROL "",IDC_CFG_KDC,"SysListView32",LVS_REPORT |
+ LVS_EDITLABELS | LVS_ALIGNLEFT | WS_TABSTOP,99,19,143,72
+ CONTROL "",IDC_CFG_DMAP,"SysListView32",LVS_REPORT |
+ LVS_EDITLABELS | LVS_ALIGNLEFT | WS_TABSTOP,99,111,143,
+ 56
END
IDD_CFG_IDS_TAB DIALOGEX 0, 0, 235, 151
@@ -197,6 +192,7 @@ END IDD_CFG_ID_TAB DIALOGEX 0, 0, 235, 151
STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_SYSMENU
+EXSTYLE WS_EX_CONTROLPARENT
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
LTEXT "Ticket lifetime",IDC_CFG_LBL_DEFLIFE,7,10,44,8
@@ -222,6 +218,25 @@ BEGIN 43,112,16,BS_NOTIFY | WS_DISABLED
END
+IDD_CFG_CACHES DIALOGEX 0, 0, 255, 182
+STYLE DS_SETFONT | DS_FIXEDSYS | WS_CHILD | WS_SYSMENU
+EXSTYLE WS_EX_CONTROLPARENT
+FONT 8, "MS Shell Dlg", 400, 0, 0x1
+BEGIN
+ GROUPBOX "File Caches",IDC_CFG_FCGRP,7,38,241,137
+ CONTROL "",IDC_CFG_FCLIST,"SysListView32",LVS_REPORT |
+ LVS_SORTASCENDING | LVS_ALIGNLEFT | WS_BORDER |
+ WS_TABSTOP,13,48,229,86
+ EDITTEXT IDC_CFG_FCNAME,13,139,173,14,ES_AUTOHSCROLL
+ PUSHBUTTON "&Browse ...",IDC_CFG_BROWSE,192,139,50,14
+ PUSHBUTTON "Add",IDC_CFG_ADD,13,156,50,14
+ PUSHBUTTON "Remove Selected",IDC_CFG_REMOVE,88,156,80,14
+ CHECKBOX "Include all API: credentials caches",IDC_CFG_INCAPI,13,
+ 7,125,10
+ CONTROL "Include Windows LSA cache (MSLSA:)",IDC_CFG_INCMSLSA,
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,13,22,136,10
+END
+
/////////////////////////////////////////////////////////////////////////////
//
@@ -306,12 +321,36 @@ BEGIN TOPMARGIN, 7
BOTTOMMARGIN, 159
END
+
+ IDD_CFG_CACHES, DIALOG
+ BEGIN
+ LEFTMARGIN, 7
+ RIGHTMARGIN, 248
+ VERTGUIDE, 7
+ VERTGUIDE, 13
+ VERTGUIDE, 242
+ TOPMARGIN, 7
+ BOTTOMMARGIN, 175
+ END
END
#endif // APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
+// Icon
+//
+
+// Icon with lowest ID value placed first to ensure application icon
+// remains consistent on all systems.
+IDI_PLUGIN ICON "..\\..\\images\\krb5plugin.ico"
+IDI_DELETED ICON "..\\..\\images\\deleted.ico"
+IDI_NEW ICON "..\\..\\images\\new.ico"
+IDI_NORMAL ICON "..\\..\\images\\normal.ico"
+IDI_MODIFIED ICON "..\\..\\images\\modified.ico"
+
+/////////////////////////////////////////////////////////////////////////////
+//
// String Table
//
@@ -386,7 +425,61 @@ BEGIN IDS_NC_PWD_NPWD_AGAIN "New Password again"
IDS_KRB5_CREDTEXT_P0 "<p><a id=""SwitchPanel"" param=""Krb5Cred""><b>Krb5</b></a><tab>: Changing password for %s</p>"
IDS_K5CFG_IMPORT_OPTIONS
- "Never\000Always\000Only when the principal name matches\000 \000"
+ "Never\000Always\000Only when the principal name matches\000 "
+ IDS_IDENTPRO_DESC "Kerberos 5 Identity Provider"
+ IDS_K5CCC_SHORT_DESC "Credentials Caches"
+END
+
+STRINGTABLE
+BEGIN
+ IDS_K5CCC_LONG_DESC "Kerberos 5 Credentials Caches"
+ IDS_CFG_FCTITLE "File based Credential Caches"
+ IDS_CFG_FCN_WARNING "Warning:"
+ IDS_CFG_FCN_W_NOTFOUND "The credentials cache you specified does not exist."
+ IDS_CFG_FCN_W_RELATIVE "The path you specified not an absolute path."
+ IDS_CFG_FCOPENTITLE "Select a credential cache to add"
+ IDS_UNAVAILABLE "(Not available)"
+ IDS_FLG_FORWARDABLE "Forwardable"
+ IDS_FLG_FORWARDED "Forwarded"
+ IDS_FLG_PROXIABLE "Proxiable"
+ IDS_FLG_PROXY "Proxy"
+ IDS_FLG_MAY_POSTDATE "May postdate"
+ IDS_FLG_POSTDATED "Postdated"
+ IDS_FLG_INVALID "Invalid"
+ IDS_FLG_RENEWABLE "Renewable"
+ IDS_FLG_INITIAL "Initial"
+END
+
+STRINGTABLE
+BEGIN
+ IDS_FLG_PRE_AUTH "Pre-authenticated"
+ IDS_FLG_HW_AUTH "Hardware authentication"
+ IDS_FLG_TRANSIT_POL "Transit policy checked"
+ IDS_FLG_OK_DELEGATE "Approved for delegation"
+ IDS_FLG_ANONYMOUS "Anonymous"
+ IDS_K5ERR_CANTWRITEPROFILE
+ "The Kerberos 5 profile file could not be written"
+ IDS_K5ERR_PROFNOWRITE "The file %s could not be opened as a profile file for writing."
+ IDS_K5ERR_PROFUSETEMP "The file %s could not be opened for writing. The current changes will be saved to %s temporarily."
+ IDS_K5ERR_PROFSUGGEST "This may be due to not having privileges to modify the configuration file. Please contact your system administrator to resolve the issue."
+ IDS_CFG_RE_REALMS "Kerberos Realms"
+ IDS_CFG_RE_KDCS "Kerberos Servers"
+ IDS_CFG_RE_DMAPS "Domain mappings"
+ IDS_CFG_RE_KDCS_R "Kerberos Servers for %s"
+ IDS_CFG_RE_DMAPS_R "Domains that map to %s"
+ IDS_CFG_RE_HEAD_SVR "Server"
+ IDS_CFG_RE_HEAD_ADMIN "Admin"
+END
+
+STRINGTABLE
+BEGIN
+ IDS_CFG_RE_HEAD_MASTER "Master"
+ IDS_CFG_RE_HEAD_DOMAIN "Domain"
+ IDS_CFG_RE_NEWREALM "<New realm...>"
+ IDS_YES "Yes"
+ IDS_NO "No"
+ IDS_CFG_RE_NEWSERVER "<New server...>"
+ IDS_CFG_RE_NEWDMAP "<New domain mapping...>"
END
#endif // English (U.S.) resources
diff --git a/src/windows/identity/plugins/krb5/langres.h b/src/windows/identity/plugins/krb5/langres.h index 87f74f547..52adc34e3 100644 --- a/src/windows/identity/plugins/krb5/langres.h +++ b/src/windows/identity/plugins/krb5/langres.h @@ -1,6 +1,6 @@ //{{NO_DEPENDENCIES}}
// Microsoft Visual C++ generated include file.
-// Used by D:\work\khimaira\src\plugins\krb5\lang\en_us\langres.rc
+// Used by D:\work\pismere\athena\auth\krb5\src\windows\identity\plugins\krb5\lang\en_us\langres.rc
//
#define IDS_UNK_ADDR_FMT 101
#define IDD_NC_KRB5 102
@@ -21,11 +21,17 @@ #define IDS_ETYPE_NULL 110
#define IDD_NC_KRB5_PASSWORD 110
#define IDS_ETYPE_DES_CBC_CRC 111
+#define IDD_CFG_CACHES 111
#define IDS_ETYPE_DES_CBC_MD4 112
+#define IDI_PLUGIN 112
#define IDS_ETYPE_DES_CBC_MD5 113
+#define IDI_DELETED 113
#define IDS_ETYPE_DES_CBC_RAW 114
+#define IDI_NEW 114
#define IDS_ETYPE_DES3_CBC_SHA 115
+#define IDI_NORMAL 115
#define IDS_ETYPE_DES3_CBC_RAW 116
+#define IDI_MODIFIED 116
#define IDS_ETYPE_DES_HMAC_SHA1 117
#define IDS_ETYPE_DES3_CBC_SHA1 118
#define IDS_ETYPE_AES128_CTS_HMAC_SHA1_96 119
@@ -67,6 +73,47 @@ #define IDS_NC_PWD_NPWD_AGAIN 155
#define IDS_KRB5_CREDTEXT_P0 156
#define IDS_K5CFG_IMPORT_OPTIONS 157
+#define IDS_IDENTPRO_DESC 158
+#define IDS_K5CCC_SHORT_DESC 159
+#define IDS_K5CCC_LONG_DESC 160
+#define IDS_CFG_FCTITLE 161
+#define IDS_CFG_FCN_WARNING 162
+#define IDS_CFG_FCN_W_NOTFOUND 163
+#define IDS_CFG_FCN_W_RELATIVE 164
+#define IDS_CFG_FCOPENTITLE 165
+#define IDS_UNAVAILABLE 166
+#define IDS_FLG_FORWARDABLE 167
+#define IDS_FLG_FORWARDED 168
+#define IDS_FLG_PROXIABLE 169
+#define IDS_FLG_PROXY 170
+#define IDS_FLG_MAY_POSTDATE 171
+#define IDS_FLG_POSTDATED 172
+#define IDS_FLG_INVALID 173
+#define IDS_FLG_RENEWABLE 174
+#define IDS_FLG_INITIAL 175
+#define IDS_FLG_PRE_AUTH 176
+#define IDS_FLG_HW_AUTH 177
+#define IDS_FLG_TRANSIT_POL 178
+#define IDS_FLG_OK_DELEGATE 179
+#define IDS_FLG_ANONYMOUS 180
+#define IDS_K5ERR_CANTWRITEPROFILE 181
+#define IDS_K5ERR_PROFNOWRITE 182
+#define IDS_K5ERR_PROFUSETEMP 183
+#define IDS_K5ERR_PROFSUGGEST 184
+#define IDS_CFG_RE_REALMS 185
+#define IDS_CFG_RE_KDCS 186
+#define IDS_CFG_RE_DMAPS 187
+#define IDS_CFG_RE_KDCS_R 188
+#define IDS_CFG_RE_DMAPS_R 189
+#define IDS_CFG_RE_HEAD_SVR 190
+#define IDS_CFG_RE_HEAD_ADMIN 191
+#define IDS_CFG_RE_HEAD_MASTER 192
+#define IDS_CFG_RE_HEAD_DOMAIN 193
+#define IDS_CFG_RE_NEWREALM 194
+#define IDS_YES 195
+#define IDS_NO 196
+#define IDS_CFG_RE_NEWSERVER 197
+#define IDS_CFG_RE_NEWDMAP 198
#define IDC_NCK5_RENEWABLE 1002
#define IDC_NCK5_FORWARDABLE 1004
#define IDC_NCK5_REALM 1005
@@ -103,7 +150,9 @@ #define IDC_CFG_DOMAINGRP 1045
#define IDC_CFG_SERVERSGRP 1046
#define IDC_LIST3 1047
+#define IDC_CFG_KDC 1047
#define IDC_LIST4 1048
+#define IDC_CFG_DMAP 1048
#define IDC_CFG_LBL_DEFLIFE 1049
#define IDC_CFG_DEFLIFE 1050
#define IDC_CFG_LBL_DEFRLIFE 1051
@@ -114,14 +163,22 @@ #define IDC_CFG_RLRNG_MIN 1056
#define IDC_CFG_RLRNG_MAX 1057
#define IDC_CFG_CCACHE 1058
+#define IDC_CFG_FCGRP 1059
+#define IDC_CFG_FCLIST 1060
+#define IDC_CFG_FCNAME 1062
+#define IDC_CFG_ADD 1064
+#define IDC_CFG_REMOVE 1065
+#define IDC_CFG_INCAPI 1066
+#define IDC_CFG_INCMSLSA 1067
+#define IDC_PPK5_FLAGS 1072
// Next default values for new objects
//
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
-#define _APS_NEXT_RESOURCE_VALUE 111
+#define _APS_NEXT_RESOURCE_VALUE 117
#define _APS_NEXT_COMMAND_VALUE 40001
-#define _APS_NEXT_CONTROL_VALUE 1059
+#define _APS_NEXT_CONTROL_VALUE 1073
#define _APS_NEXT_SYMED_VALUE 101
#endif
#endif
diff --git a/src/windows/identity/plugins/krb5/version.rc b/src/windows/identity/plugins/krb5/version.rc new file mode 100644 index 000000000..10b16dd29 --- /dev/null +++ b/src/windows/identity/plugins/krb5/version.rc @@ -0,0 +1,64 @@ +/* Copyright (c) 2004 Massachusetts Institute of Technology
+ *
+ * Permission is hereby granted, free of charge, to any person
+ * obtaining a copy of this software and associated documentation
+ * files (the "Software"), to deal in the Software without
+ * restriction, including without limitation the rights to use, copy,
+ * modify, merge, publish, distribute, sublicense, and/or sell copies
+ * of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ *
+ */
+
+/* $Id$ */
+
+#include<netidmgr_intver.h>
+
+1 VERSIONINFO
+ FILEVERSION KH_VERSION_LIST
+ PRODUCTVERSION KH_VERSION_LIST
+ FILEFLAGSMASK KH_VER_FILEFLAGMASK
+ FILEFLAGS KH_VER_FILEFLAGS
+ FILEOS KH_VER_FILEOS
+ FILETYPE KH_VER_FILETYPEDLL
+ FILESUBTYPE 0
+ {
+ BLOCK "StringFileInfo"
+ {
+ BLOCK "040904b0"
+ {
+ VALUE "CompanyName", KH_VERSTR_COMPANY_1033
+ VALUE "FileDescription", "Kerberos 5 plugin for NetIDMgr"
+ VALUE "FileVersion", KH_VERSTR_VERSION_1033
+ VALUE "InternalName", "krb5cred"
+ VALUE "LegalCopyright", KH_VERSTR_COPYRIGHT_1033
+ VALUE "OriginalFilename", "krb5cred.dll"
+ VALUE "ProductName", "NetIDMgr"
+ VALUE "ProductVersion", KH_VERSTR_PRODUCT_1033
+#ifdef KH_VERSTR_COMMENT_1033
+ VALUE "Comment", KH_VERSTR_COMMENT_1033
+#endif
+ VALUE NIMV_MODULE, "MITKrb5"
+ VALUE NIMV_PLUGINS, "Krb5Cred,Krb5Ident"
+ VALUE NIMV_APIVER, KH_VERSION_STRINGAPI
+ VALUE NIMV_SUPPORT, "http://web.mit.edu/kerberos"
+ }
+ }
+
+ BLOCK "VarFileInfo"
+ {
+ VALUE "Translation", 0x409, 0x4b0
+ }
+ }
|