KFW 3.1 Beta 2 NetIDMgr Changes
authorJeffrey Altman <jaltman@secure-endpoints.com>
Thu, 21 Sep 2006 21:49:41 +0000 (21:49 +0000)
committerJeffrey Altman <jaltman@secure-endpoints.com>
Thu, 21 Sep 2006 21:49:41 +0000 (21:49 +0000)
         source for (1.1.0.1)

         - Updated documentation with additional information and fixed errors.

         nidmgr32.dll (1.1.0.1)

         - Fixed a deadlock in the configuration provider that may cause
           NetIDMgr to deadlock on load.

         - Prevent the configuration provider handle list from getting
           corrupted in the event of a plug-in freeing a handle twice.

         - Add more parameter validation for the configuration provider.

         - If a plug-in is only partially registered (only some of the entries
           were set in the registry), the completion of the registration didn't
           complete successfully, leaving the plug-in in an unusable state.
           This has been fixed.  Plug-ins will now successfully complete
           registration once they are loaded for the first time, assuming the
           correct resources are present in the module.

         - Fixed notifications for setting a default identity.  Notifications
           were not being properly sent out resulting in the credentials window
           not being updated when the default identity changed.

         - Changes to the API for type safety.

         - Handling of binary data fields was changed to support validation and
           comparison.

         - Data types that do not support KCDB_CBSIZE_AUTO now check for and
           report an error if it is specified.

         - Password fields in the new credentials dialog will trim leading and
           trailing whitespace before using a user-entered value.

         - Change password action will no longer be disabled if no identity is
           selected.  An identity selection control is present in the dialog
           making this restriction unnecessary.

         - When renewing credentials, error messages will be suppressed if the
           renewal was for an identity and the identity does not have any
           identity credentials associated with it.

         - Error messages that are related to credentials acquisition or
           password changes will now display the name of the identity that the
           error applies to.

         - Automatic renewals now renews all identities that have credentials
           associated with them instead of just the default identity.

         - Fixed a bug where error messages did not have a default button which
           can be invoked with the return key or the space bar.

         - The new credentials window will force itself to the top.  This can
           be disabled via a registry setting, but is on by default.

         - Fixed the sort order in the new credentials tabs to respect sort
           hints provided by plug-ins.

         - If a new credentials operation fails, the password fields will be
           cleared.

         - Once a new credentials operation starts, the controls for specifying
           the identity and password and any other custom prompts will be
           disabled until the operation completes.

         - Notifications during the new credentials operation now supply a
           handle to the proper data structures as documented.

         - Hyperlinks in the new credentials dialog now support markup that
           will prevent the dialog from switching to the credentials type panel
           when the link is activated.

         - If there are too many buttons added by plug-ins in the new
           credentials dialog, they will be resized to accomodate all of them.

         - The options button in the new credentials dialog will be disabled
           while a new credentials operation is in progress.

         - The 'about' dialog retains the original copyright strings included
           in the resource.

         - Multiple modal dialogs are now supported.  Only the topmost one will
           be active.  Once it is closed, the other dialogs will gain focus in
           turn.  This allows for error messages to be displayed from other
           modal dialogs.

         - The hypertext window supports italics.

         krb4cred.dll (1.1.0.1)

         - Fixed a bug where the plug-in would attempt to free a handle twice.

         - Fixed a handle leak.

         - Changed the facility name used for event reporting to match the
           credentials type name.

         krb5cred.dll (1.1.0.1)

         - Fixed handling of expired passwords.  If the password for an
           identity is found to have expired at the time a new credentials
           acquisition is in progress, the user will be given an opportunity to
           change the password.  If this is successful, the new credentials
           operation will continue with the new password.

         - Prevent the new credentials dialog from switching to the Kerberos 5
           credentials panel during a password change.

         - Prompts that were cached indefinitely will now have a limited
           lifetime.  Prompt caches that were created using prior versions of
           the plug-in will automatically expire.

         - Multistrings in the resource files were converted to CSV to protect
           them against a bug in Visual Studio 2005 which corrupted
           multistrings.

         - Added handling of and reporting WinSock errors that are returned
           from the Kerberos 5 libraries.

         - Fixed uninitialized variables.

         - The username and realm that is entered when selecting an identity
           will be trimmed of leading and trailing whitespace.

         - Changed the facility name used for event reporting to match the
           credentials type name.

ticket: new
component: windows
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18604 dc483132-0cff-0310-8789-dd5450dbe970

36 files changed:
src/windows/identity/Makefile
src/windows/identity/apiversion.txt
src/windows/identity/config/Makefile.w2k
src/windows/identity/config/Makefile.w32
src/windows/identity/kconfig/api.c
src/windows/identity/kcreddb/attrib.c
src/windows/identity/kcreddb/buf.c
src/windows/identity/kcreddb/credential.c
src/windows/identity/kcreddb/credtype.c
src/windows/identity/kcreddb/identity.c
src/windows/identity/kcreddb/kcreddb.h
src/windows/identity/kcreddb/type.c
src/windows/identity/plugins/krb4/krb4configdlg.c
src/windows/identity/plugins/krb4/krbcred.h
src/windows/identity/plugins/krb5/errorfuncs.c
src/windows/identity/plugins/krb5/krb5funcs.c
src/windows/identity/plugins/krb5/krb5identpro.c
src/windows/identity/plugins/krb5/krb5main.c
src/windows/identity/plugins/krb5/krb5newcreds.c
src/windows/identity/plugins/krb5/krbconfig.csv
src/windows/identity/plugins/krb5/lang/en_us/langres.rc
src/windows/identity/plugins/krb5/lang/krb5_msgs.mc
src/windows/identity/sample/templates/credprov/Makefile
src/windows/identity/ui/aboutwnd.c
src/windows/identity/ui/credfuncs.c
src/windows/identity/ui/credwnd.c
src/windows/identity/ui/lang/en_us/khapp.rc
src/windows/identity/ui/newcredwnd.c
src/windows/identity/ui/notifier.c
src/windows/identity/ui/resource.h
src/windows/identity/ui/uiconfig.csv
src/windows/identity/uilib/action.c
src/windows/identity/uilib/creddlg.c
src/windows/identity/uilib/khconfigui.h
src/windows/identity/uilib/khhtlink.h
src/windows/identity/uilib/khnewcred.h

index f96cb0a11cdd31a392e39a8560de4aaa3f6528eb..1ed267d2e89281a6ec86a669fcddc833f011fdf0 100644 (file)
@@ -160,7 +160,7 @@ krb5plugin: plugincommon
        $(ECHO) -- Done with $@\r
 \r
 !ifndef NO_KRB4\r
-finale: krb4plugin\r
+doc: krb4plugin\r
 \r
 krb4plugin: plugincommon\r
        $(ECHO) -- Entering $@\r
@@ -181,7 +181,7 @@ afsplugin: plugincommon
        $(ECHO) -- Done with $@\r
 !endif\r
 \r
-finale: krb5plugin\r
+finale: krb5plugin doc\r
        $(ECHO) -- Done.\r
 \r
 pdoc:\r
index 813dcd69923b81b0bad5caab87e2ddf2834d0ece..2a49540cdd51bb9fc1e6b6657484765208e65519 100644 (file)
@@ -1,4 +1,5 @@
-# Copyright (c) 2004 Massachusetts Institute of Technology\r
+# Copyright (c) 2004-2006 Massachusetts Institute of Technology\r
+# Copyright (c) 2006 Secure Endpoints Inc.\r
 #\r
 # Permission is hereby granted, free of charge, to any person\r
 # obtaining a copy of this software and associated documentation files\r
@@ -180,3 +181,35 @@ Date=(TBD)
 +Schema:NetIDMgr\PluginManager\Modules\<module name>\Disabled\r
 +Schema:NetIDMgr\PluginManager\Plugins\<plugin name>\Disabled\r
 # If non-zero, the corresponding module or plug-in is disabled.\r
+\r
+!kcdb_identity_set_attrib(), kcdb_identity_get_attrib(), kcdb_identity_get_attrib_string()\r
+# Attribute name parameter is now a const pointer to a wchar_t string\r
+\r
+!kcdb_cred_create()\r
+# Name parameter is now a const pointer to a wchar_t string\r
+\r
+!kcdb_cred_set_attrib(), kcdb_cred_get_attrib()\r
+!kcdb_cred_get_attrib_string(), kcdb_creds_comp_attrib()\r
+# Attribute name parameter is now a const pointer to a wchar_t string\r
+\r
+!kcdb_type_get_id()\r
+# Name parameter is now a const pointer to a wchar_t string\r
+\r
+!kcdb_type_register()\r
+# type parameter is now a const pointer\r
+\r
+!kcdb_attrib_get_id()\r
+# Name parameter is now a const pointer\r
+\r
+!kcdb_attrib_register()\r
+# attrib parameter is now a const pointer\r
+\r
+!kcdb_credtype_register()\r
+# type parameter is now a const pointer\r
+\r
+!kcdb_credtype_get_id()\r
+# name parameter is now a const pointer\r
+\r
+!kcdb_buf_get_attrib(), kcdb_buf_get_attrib_string(), kcbd_buf_set_attrib()\r
+# attr_name is now a const pointer\r
+\r
index f33176611a8d279b9c6de49ee5c1f23c492080c9..0677d13c90cf4d97ec6d9314bfe09ba79a2bddf6 100644 (file)
@@ -4,6 +4,7 @@
 #             in the build tree.\r
 #\r
 # Copyright (c) 2004,2005 Massachusetts Institute of Technology\r
+# Copyright (c) 2006 Secure Endpoints Inc.\r
 #\r
 # Permission is hereby granted, free of charge, to any person\r
 # obtaining a copy of this software and associated documentation files\r
@@ -46,7 +47,7 @@ KHIMAIRA_WIN32_CONFIG=1
 # Version info\r
 NETIDMGR_VERSION_MAJOR=1\r
 NETIDMGR_VERSION_MINOR=1\r
-NETIDMGR_VERSION_PATCH=0\r
+NETIDMGR_VERSION_PATCH=1\r
 NETIDMGR_VERSION_AUX=2\r
 NETIDMGR_RELEASEDESC=\r
 \r
@@ -57,7 +58,7 @@ NETIDMGR_RELEASEDESC=
 #\r
 # Changes to the API version numbers should be documented in\r
 # apiversion.txt at the root of the source tree.\r
-NETIDMGR_VERSION_API=5\r
+NETIDMGR_VERSION_API=6\r
 \r
 # Minimum backwards compatible version.  API versions from\r
 # NETIDMGR_VERSION_API_MINCOMPAT through NETIDMGR_VERSION_API\r
index e1e8e6064d05b9752e446022a4c6934fdd3ed2bf..0f47bcb13b9602a309807c3eabf01495325d0a02 100644 (file)
@@ -3,7 +3,8 @@
 #             This file will be included by all the makefiles\r
 #             in the build tree.\r
 #\r
-# Copyright (c) 2004,2005 Massachusetts Institute of Technology\r
+# Copyright (c) 2004,2005,2006 Massachusetts Institute of Technology\r
+# Copyright (c) 2006 Secure Endpoints Inc.\r
 #\r
 # Permission is hereby granted, free of charge, to any person\r
 # obtaining a copy of this software and associated documentation files\r
@@ -57,7 +58,7 @@ NETIDMGR_RELEASEDESC=
 #\r
 # Changes to the API version numbers should be documented in\r
 # apiversion.txt at the root of the source tree.\r
-NETIDMGR_VERSION_API=5\r
+NETIDMGR_VERSION_API=6\r
 \r
 # Minimum backwards compatible version.  API versions from\r
 # NETIDMGR_VERSION_API_MINCOMPAT through NETIDMGR_VERSION_API\r
index 4ee210d6cdad980ea12c2566c756883da736487b..190b59e07bf426a1dccf4d598ca7f5b0eb44f0ff 100644 (file)
@@ -64,6 +64,9 @@ void exit_kconf(void) {
 \r
         khcint_free_space(conf_root);\r
 \r
+        LeaveCriticalSection(&cs_conf_global);\r
+        DeleteCriticalSection(&cs_conf_global);\r
+\r
         EnterCriticalSection(&cs_conf_handle);\r
         while(conf_free_handles) {\r
             LPOP(&conf_free_handles, &h);\r
@@ -80,12 +83,10 @@ void exit_kconf(void) {
         }\r
         LeaveCriticalSection(&cs_conf_handle);\r
         DeleteCriticalSection(&cs_conf_handle);\r
-\r
-        LeaveCriticalSection(&cs_conf_global);\r
-        DeleteCriticalSection(&cs_conf_global);\r
     }\r
 }\r
 \r
+/* obtains cs_conf_handle/cs_conf_global */\r
 kconf_handle * \r
 khcint_handle_from_space(kconf_conf_space * s, khm_int32 flags)\r
 {\r
@@ -110,7 +111,7 @@ khcint_handle_from_space(kconf_conf_space * s, khm_int32 flags)
     return h;\r
 }\r
 \r
-/* must be called with cs_conf_global held */\r
+/* obtains cs_conf_handle/cs_conf_global */\r
 void \r
 khcint_handle_free(kconf_handle * h)\r
 {\r
@@ -130,6 +131,10 @@ khcint_handle_free(kconf_handle * h)
 \r
         if(a == NULL) {\r
             DebugBreak();\r
+\r
+            /* hmm.  the handle was not in the in-use list */\r
+            LeaveCriticalSection(&cs_conf_handle);\r
+            return;\r
         }\r
     }\r
 #endif\r
@@ -140,12 +145,14 @@ khcint_handle_free(kconf_handle * h)
             h->space = NULL;\r
         }\r
         lower = h->lower;\r
+        h->magic = 0;\r
         LPUSH(&conf_free_handles, h);\r
         h = lower;\r
     }\r
     LeaveCriticalSection(&cs_conf_handle);\r
 }\r
 \r
+/* obains cs_conf_handle/cs_conf_global */\r
 kconf_handle * \r
 khcint_handle_dup(kconf_handle * o)\r
 {\r
@@ -165,6 +172,7 @@ khcint_handle_dup(kconf_handle * o)
     return r;\r
 }\r
 \r
+/* obtains cs_conf_global */\r
 void \r
 khcint_space_hold(kconf_conf_space * s) {\r
     EnterCriticalSection(&cs_conf_global);\r
@@ -172,6 +180,7 @@ khcint_space_hold(kconf_conf_space * s) {
     LeaveCriticalSection(&cs_conf_global);\r
 }\r
 \r
+/* obtains cs_conf_global */\r
 void \r
 khcint_space_release(kconf_conf_space * s) {\r
     khm_int32 l;\r
@@ -535,7 +544,7 @@ khcint_RegCreateKeyEx(HKEY hKey,
     return rv;\r
 }\r
 \r
-\r
+/* obtains cs_conf_global */\r
 HKEY \r
 khcint_space_open_key(kconf_conf_space * s, khm_int32 flags) {\r
     HKEY hk = NULL;\r
@@ -605,6 +614,7 @@ khcint_space_open_key(kconf_conf_space * s, khm_int32 flags) {
     }\r
 }\r
 \r
+/* obtains cs_conf_handle/cs_conf_global */\r
 KHMEXP khm_int32 KHMAPI \r
 khc_shadow_space(khm_handle upper, khm_handle lower)\r
 {\r
@@ -613,18 +623,20 @@ khc_shadow_space(khm_handle upper, khm_handle lower)
     if(!khc_is_config_running())\r
         return KHM_ERROR_NOT_READY;\r
 \r
-    if(!khc_is_handle(upper))\r
+    if(!khc_is_handle(upper)) {\r
+#ifdef DEBUG\r
+        DebugBreak();\r
+#endif\r
         return KHM_ERROR_INVALID_PARAM;\r
+    }\r
 \r
     h = (kconf_handle *) upper;\r
 \r
     EnterCriticalSection(&cs_conf_handle);\r
     if(h->lower) {\r
-        LeaveCriticalSection(&cs_conf_handle);\r
         EnterCriticalSection(&cs_conf_global);\r
         khcint_handle_free(h->lower);\r
         LeaveCriticalSection(&cs_conf_global);\r
-        EnterCriticalSection(&cs_conf_handle);\r
         h->lower = NULL;\r
     }\r
 \r
@@ -633,9 +645,7 @@ khc_shadow_space(khm_handle upper, khm_handle lower)
         kconf_handle * lc;\r
 \r
         l = (kconf_handle *) lower;\r
-        LeaveCriticalSection(&cs_conf_handle);\r
         lc = khcint_handle_dup(l);\r
-        EnterCriticalSection(&cs_conf_handle);\r
         h->lower = lc;\r
     }\r
     LeaveCriticalSection(&cs_conf_handle);\r
@@ -643,6 +653,7 @@ khc_shadow_space(khm_handle upper, khm_handle lower)
     return KHM_ERROR_SUCCESS;\r
 }\r
 \r
+/* no locks */\r
 kconf_conf_space * \r
 khcint_create_empty_space(void) {\r
     kconf_conf_space * r;\r
@@ -654,6 +665,7 @@ khcint_create_empty_space(void) {
     return r;\r
 }\r
 \r
+/* called with cs_conf_global */\r
 void \r
 khcint_free_space(kconf_conf_space * r) {\r
     kconf_conf_space * c;\r
@@ -682,6 +694,7 @@ khcint_free_space(kconf_conf_space * r) {
     PFREE(r);\r
 }\r
 \r
+/* obtains cs_conf_global */\r
 khm_int32 \r
 khcint_open_space(kconf_conf_space * parent, \r
                   const wchar_t * sname, size_t n_sname, \r
@@ -795,6 +808,7 @@ khcint_open_space(kconf_conf_space * parent,
     return KHM_ERROR_SUCCESS;\r
 }\r
 \r
+/* obtains cs_conf_handle/cs_conf_global */\r
 KHMEXP khm_int32 KHMAPI \r
 khc_open_space(khm_handle parent, const wchar_t * cspace, khm_int32 flags, \r
                khm_handle * result) {\r
@@ -809,8 +823,12 @@ khc_open_space(khm_handle parent, const wchar_t * cspace, khm_int32 flags,
         return KHM_ERROR_NOT_READY;\r
     }\r
 \r
-    if(!result || (parent && !khc_is_handle(parent)))\r
+    if(!result || (parent && !khc_is_handle(parent))) {\r
+#ifdef DEBUG\r
+        DebugBreak();\r
+#endif\r
         return KHM_ERROR_INVALID_PARAM;\r
+    }\r
 \r
     if(!parent)\r
         p = conf_root;\r
@@ -891,18 +909,24 @@ khc_open_space(khm_handle parent, const wchar_t * cspace, khm_int32 flags,
     return rv;\r
 }\r
 \r
+/* obtains cs_conf_handle/cs_conf_global */\r
 KHMEXP khm_int32 KHMAPI \r
 khc_close_space(khm_handle csp) {\r
     if(!khc_is_config_running())\r
         return KHM_ERROR_NOT_READY;\r
 \r
-    if(!khc_is_handle(csp))\r
+    if(!khc_is_handle(csp)) {\r
+#ifdef DEBUG\r
+        DebugBreak();\r
+#endif\r
         return KHM_ERROR_INVALID_PARAM;\r
+    }\r
 \r
     khcint_handle_free((kconf_handle *) csp);\r
     return KHM_ERROR_SUCCESS;\r
 }\r
 \r
+/* obtains cs_conf_handle/cs_conf_global */\r
 KHMEXP khm_int32 KHMAPI \r
 khc_read_string(khm_handle pconf, \r
                 const wchar_t * pvalue, \r
@@ -1066,6 +1090,7 @@ _exit:
     return rv;\r
 }\r
 \r
+/* obtains cs_conf_handle/cs_conf_global */\r
 KHMEXP khm_int32 KHMAPI \r
 khc_read_int32(khm_handle pconf, const wchar_t * pvalue, khm_int32 * buf) {\r
     kconf_conf_space * c;\r
@@ -1188,6 +1213,7 @@ _exit:
     return rv;\r
 }\r
 \r
+/* obtains cs_conf_handle/cs_conf_global */\r
 KHMEXP khm_int32 KHMAPI \r
 khc_read_int64(khm_handle pconf, const wchar_t * pvalue, khm_int64 * buf) {\r
     kconf_conf_space * c;\r
@@ -1307,6 +1333,7 @@ _exit:
     return rv;\r
 }\r
 \r
+/* obtaincs cs_conf_handle/cs_conf_global */\r
 KHMEXP khm_int32 KHMAPI \r
 khc_read_binary(khm_handle pconf, const wchar_t * pvalue, \r
                 void * buf, khm_size * bufsize) {\r
@@ -1431,6 +1458,7 @@ _exit:
     return rv;\r
 }\r
 \r
+/* obtains cs_conf_handle/cs_conf_global */\r
 KHMEXP khm_int32 KHMAPI \r
 khc_write_string(khm_handle pconf, \r
                  const wchar_t * pvalue, \r
@@ -1536,6 +1564,7 @@ _exit:
     return rv;\r
 }\r
 \r
+/* obtaincs cs_conf_handle/cs_conf_global */\r
 KHMEXP khm_int32 KHMAPI \r
 khc_write_int32(khm_handle pconf, \r
                 const wchar_t * pvalue, \r
@@ -1614,6 +1643,7 @@ khc_write_int32(khm_handle pconf,
     return rv;\r
 }\r
 \r
+/* obtains cs_conf_handle/cs_conf_global */\r
 KHMEXP khm_int32 KHMAPI \r
 khc_write_int64(khm_handle pconf, const wchar_t * pvalue, khm_int64 buf) {\r
     HKEY pk = NULL;\r
@@ -1689,6 +1719,7 @@ khc_write_int64(khm_handle pconf, const wchar_t * pvalue, khm_int64 buf) {
     return rv;\r
 }\r
 \r
+/* obtains cs_conf_handle/cs_conf_global */\r
 KHMEXP khm_int32 KHMAPI \r
 khc_write_binary(khm_handle pconf, \r
                  const wchar_t * pvalue, \r
@@ -1757,6 +1788,7 @@ khc_write_binary(khm_handle pconf,
     return rv;\r
 }\r
 \r
+/* no locks */\r
 KHMEXP khm_int32 KHMAPI \r
 khc_get_config_space_name(khm_handle conf, \r
                           wchar_t * buf, khm_size * bufsize) {\r
@@ -1798,6 +1830,7 @@ khc_get_config_space_name(khm_handle conf,
     return rv;\r
 }\r
 \r
+/* obtains cs_conf_handle/cs_conf_global */\r
 KHMEXP khm_int32 KHMAPI \r
 khc_get_config_space_parent(khm_handle conf, khm_handle * parent) {\r
     kconf_conf_space * c;\r
@@ -1818,6 +1851,7 @@ khc_get_config_space_parent(khm_handle conf, khm_handle * parent) {
     return KHM_ERROR_SUCCESS;\r
 }\r
 \r
+/* obtains cs_conf_global */\r
 KHMEXP khm_int32 KHMAPI \r
 khc_get_type(khm_handle conf, const wchar_t * value) {\r
     HKEY hkm = NULL;\r
@@ -1833,7 +1867,7 @@ khc_get_type(khm_handle conf, const wchar_t * value) {
     if(!khc_is_handle(conf))\r
         return KC_NONE;\r
 \r
-    c = (kconf_conf_space *) conf;\r
+    c = khc_space_from_handle(conf);\r
 \r
     if(!khc_is_machine_handle(conf))\r
         hku = khcint_space_open_key(c, KHM_PERM_READ);\r
@@ -1876,6 +1910,7 @@ khc_get_type(khm_handle conf, const wchar_t * value) {
     return rv;\r
 }\r
 \r
+/* obtains cs_conf_global */\r
 KHMEXP khm_int32 KHMAPI \r
 khc_value_exists(khm_handle conf, const wchar_t * value) {\r
     HKEY hku = NULL;\r
@@ -1915,6 +1950,7 @@ khc_value_exists(khm_handle conf, const wchar_t * value) {
     return rv;\r
 }\r
 \r
+/* obtains cs_conf_global */\r
 KHMEXP khm_int32 KHMAPI\r
 khc_remove_value(khm_handle conf, const wchar_t * value, khm_int32 flags) {\r
     HKEY hku = NULL;\r
@@ -2036,6 +2072,7 @@ khcint_remove_space(kconf_conf_space * c, khm_int32 flags) {
     return KHM_ERROR_SUCCESS;\r
 }\r
 \r
+/* obtains cs_conf_global */\r
 KHMEXP khm_int32 KHMAPI\r
 khc_remove_space(khm_handle conf) {\r
 \r
@@ -2078,6 +2115,7 @@ khc_remove_space(khm_handle conf) {
     return rv;\r
 }\r
 \r
+/* no locks */\r
 khm_boolean \r
 khcint_is_valid_name(wchar_t * name)\r
 {\r
@@ -2087,6 +2125,7 @@ khcint_is_valid_name(wchar_t * name)
     return TRUE;\r
 }\r
 \r
+/* no locks */\r
 khm_int32 \r
 khcint_validate_schema(const kconf_schema * schema,\r
                        int begin,\r
@@ -2149,6 +2188,7 @@ khcint_validate_schema(const kconf_schema * schema,
     return KHM_ERROR_SUCCESS;\r
 }\r
 \r
+/* obtains cs_conf_handle/cs_conf_global; called with cs_conf_global */\r
 khm_int32 \r
 khcint_load_schema_i(khm_handle parent, const kconf_schema * schema, \r
                      int begin, int * end)\r
@@ -2163,11 +2203,16 @@ khcint_load_schema_i(khm_handle parent, const kconf_schema * schema,
     while(!end_found) {\r
         switch(state) {\r
             case 0: /* initial.  this record should start a config space */\r
+                LeaveCriticalSection(&cs_conf_global);\r
                 if(KHM_FAILED(khc_open_space(parent, schema[i].name, \r
-                                             KHM_FLAG_CREATE, &h)))\r
+                                             KHM_FLAG_CREATE, &h))) {\r
+                    EnterCriticalSection(&cs_conf_global);\r
                     return KHM_ERROR_INVALID_PARAM;\r
+                }\r
+                EnterCriticalSection(&cs_conf_global);\r
                 thisconf = khc_space_from_handle(h);\r
                 thisconf->schema = schema + (begin + 1);\r
+                thisconf->nSchema = 0;\r
                 state = 1;\r
                 break;\r
 \r
@@ -2182,7 +2227,9 @@ khcint_load_schema_i(khm_handle parent, const kconf_schema * schema,
                     end_found = 1;\r
                     if(end)\r
                         *end = i;\r
+                    LeaveCriticalSection(&cs_conf_global);\r
                     khc_close_space(h);\r
+                    EnterCriticalSection(&cs_conf_global);\r
                 }\r
                 break;\r
 \r
@@ -2194,7 +2241,9 @@ khcint_load_schema_i(khm_handle parent, const kconf_schema * schema,
                     end_found = 1;\r
                     if(end)\r
                         *end = i;\r
+                    LeaveCriticalSection(&cs_conf_global);\r
                     khc_close_space(h);\r
+                    EnterCriticalSection(&cs_conf_global);\r
                 } else {\r
                     return KHM_ERROR_INVALID_PARAM;\r
                 }\r
@@ -2210,6 +2259,7 @@ khcint_load_schema_i(khm_handle parent, const kconf_schema * schema,
     return KHM_ERROR_SUCCESS;\r
 }\r
 \r
+/* obtains cs_conf_handle/cs_conf_global */\r
 KHMEXP khm_int32 KHMAPI \r
 khc_load_schema(khm_handle conf, const kconf_schema * schema)\r
 {\r
@@ -2231,6 +2281,7 @@ khc_load_schema(khm_handle conf, const kconf_schema * schema)
     return rv;\r
 }\r
 \r
+/* obtains cs_conf_handle/cs_conf_global; called with cs_conf_global */\r
 khm_int32 \r
 khcint_unload_schema_i(khm_handle parent, const kconf_schema * schema, \r
                        int begin, int * end)\r
@@ -2245,8 +2296,12 @@ khcint_unload_schema_i(khm_handle parent, const kconf_schema * schema,
     while(!end_found) {\r
         switch(state) {\r
             case 0: /* initial.  this record should start a config space */\r
-                if(KHM_FAILED(khc_open_space(parent, schema[i].name, 0, &h)))\r
+                LeaveCriticalSection(&cs_conf_global);\r
+                if(KHM_FAILED(khc_open_space(parent, schema[i].name, 0, &h))) {\r
+                    EnterCriticalSection(&cs_conf_global);\r
                     return KHM_ERROR_INVALID_PARAM;\r
+                }\r
+                EnterCriticalSection(&cs_conf_global);\r
                 thisconf = khc_space_from_handle(h);\r
                 if(thisconf->schema == (schema + (begin + 1))) {\r
                     thisconf->schema = NULL;\r
@@ -2264,7 +2319,9 @@ khcint_unload_schema_i(khm_handle parent, const kconf_schema * schema,
                     end_found = 1;\r
                     if(end)\r
                         *end = i;\r
+                    LeaveCriticalSection(&cs_conf_global);\r
                     khc_close_space(h);\r
+                    EnterCriticalSection(&cs_conf_global);\r
                 }\r
                 break;\r
 \r
@@ -2276,7 +2333,9 @@ khcint_unload_schema_i(khm_handle parent, const kconf_schema * schema,
                     end_found = 1;\r
                     if(end)\r
                         *end = i;\r
+                    LeaveCriticalSection(&cs_conf_global);\r
                     khc_close_space(h);\r
+                    EnterCriticalSection(&cs_conf_global);\r
                 } else {\r
                     return KHM_ERROR_INVALID_PARAM;\r
                 }\r
@@ -2292,6 +2351,7 @@ khcint_unload_schema_i(khm_handle parent, const kconf_schema * schema,
     return KHM_ERROR_SUCCESS;\r
 }\r
 \r
+/* obtains cs_conf_handle/cs_conf_global */\r
 KHMEXP khm_int32 KHMAPI \r
 khc_unload_schema(khm_handle conf, const kconf_schema * schema)\r
 {\r
@@ -2313,6 +2373,7 @@ khc_unload_schema(khm_handle conf, const kconf_schema * schema)
     return rv;\r
 }\r
 \r
+/* obtaincs cs_conf_handle/cs_conf_global */\r
 KHMEXP khm_int32 KHMAPI \r
 khc_enum_subspaces(khm_handle conf,\r
                    khm_handle prev,\r
@@ -2420,6 +2481,7 @@ khc_enum_subspaces(khm_handle conf,
     return rv;\r
 }\r
 \r
+/* obtains cs_conf_handle/cs_conf_global */\r
 KHMEXP khm_int32 KHMAPI \r
 khc_write_multi_string(khm_handle conf, const wchar_t * value, wchar_t * buf)\r
 {\r
@@ -2451,6 +2513,7 @@ khc_write_multi_string(khm_handle conf, const wchar_t * value, wchar_t * buf)
     return rv;\r
 }\r
 \r
+/* obtains cs_conf_handle/cs_conf_global */\r
 KHMEXP khm_int32 KHMAPI \r
 khc_read_multi_string(khm_handle conf, const wchar_t * value, \r
                       wchar_t * buf, khm_size * bufsize)\r
index 4e9d7bf341cc51f6037f6a74ad5bd79cd34f4beb..9c892dafcb06a3ad2be0777dabc1ab63f57d335c 100644 (file)
@@ -500,7 +500,7 @@ kcdb_attrib_exit(void)
 }\r
 \r
 KHMEXP khm_int32 KHMAPI \r
-kcdb_attrib_get_id(wchar_t *name, khm_int32 * id)\r
+kcdb_attrib_get_id(const wchar_t *name, khm_int32 * id)\r
 {\r
     kcdb_attrib_i * ai;\r
 \r
@@ -521,7 +521,7 @@ kcdb_attrib_get_id(wchar_t *name, khm_int32 * id)
 }\r
 \r
 KHMEXP khm_int32 KHMAPI \r
-kcdb_attrib_register(kcdb_attrib * attrib, khm_int32 * new_id)\r
+kcdb_attrib_register(const kcdb_attrib * attrib, khm_int32 * new_id)\r
 {\r
     kcdb_attrib_i * ai;\r
     size_t cb_name;\r
index 07a65a1b04d07cda372edb91c1ec6c11d4bb865b..6272924e5c993798bec18340452e70cfd4109fc7 100644 (file)
@@ -298,7 +298,7 @@ KHMEXP khm_int32 KHMAPI kcdb_buf_get_attr(
 \r
 KHMEXP khm_int32 KHMAPI kcdb_buf_get_attrib(\r
     khm_handle  record,\r
-    wchar_t *   attr_name,\r
+    const wchar_t *   attr_name,\r
     khm_int32 * attr_type,\r
     void *      buffer,\r
     khm_size *  pcb_buf)\r
@@ -328,7 +328,7 @@ KHMEXP khm_int32 KHMAPI kcdb_buf_get_attr_string(
 \r
 KHMEXP khm_int32 KHMAPI kcdb_buf_get_attrib_string(\r
     khm_handle  record,\r
-    wchar_t *   attr_name,\r
+    const wchar_t *   attr_name,\r
     wchar_t *   buffer,\r
     khm_size *  pcbbuf,\r
     khm_int32   flags)\r
@@ -357,7 +357,7 @@ KHMEXP khm_int32 KHMAPI kcdb_buf_set_attr(
 \r
 KHMEXP khm_int32 KHMAPI kcdb_buf_set_attrib(\r
     khm_handle  record,\r
-    wchar_t *   attr_name,\r
+    const wchar_t *   attr_name,\r
     void *      buffer,\r
     khm_size    cbbuf)\r
 {\r
index 98854dab46dfe7b9dad9ba4058ad864a01bae792..12b8c5fc5378944da6c2b60fd01c9a1e0f007e1c 100644 (file)
@@ -60,7 +60,7 @@ void kcdb_cred_exit(void)
     places with a read lock on l_creds.  New credentials must be creatable while\r
     holding either lock. */\r
 KHMEXP khm_int32 KHMAPI \r
-kcdb_cred_create(wchar_t *   name, \r
+kcdb_cred_create(const wchar_t *   name, \r
                  khm_handle  identity,\r
                  khm_int32   cred_type,\r
                  khm_handle * result) \r
@@ -318,7 +318,7 @@ KHMEXP khm_int32 KHMAPI kcdb_cred_get_type(
 \r
 KHMEXP khm_int32 KHMAPI kcdb_cred_set_attrib(\r
     khm_handle cred, \r
-    wchar_t * name, \r
+    const wchar_t * name, \r
     void * buffer, \r
     khm_size cbbuf)\r
 {\r
@@ -421,7 +421,7 @@ _exit:
 \r
 KHMEXP khm_int32 KHMAPI kcdb_cred_get_attrib(\r
     khm_handle cred, \r
-    wchar_t * name, \r
+    const wchar_t * name, \r
     khm_int32 * attr_type,\r
     void * buffer, \r
     khm_size * cbbuf) \r
@@ -441,7 +441,7 @@ KHMEXP khm_int32 KHMAPI kcdb_cred_get_attrib(
 \r
 KHMEXP khm_int32 KHMAPI kcdb_cred_get_attrib_string(\r
     khm_handle cred, \r
-    wchar_t * name, \r
+    const wchar_t * name, \r
     wchar_t * buffer, \r
     khm_size * cbbuf,\r
     khm_int32 flags) \r
@@ -812,7 +812,7 @@ _exit:
 KHMEXP khm_int32 KHMAPI \r
 kcdb_creds_comp_attrib(khm_handle cred1, \r
                        khm_handle cred2, \r
-                       wchar_t * name)\r
+                       const wchar_t * name)\r
 {\r
     khm_int32 attr_id;\r
 \r
index 89e0175f008593f9d3f761214c362b9fe0778261..89bd26b85dcfeef4b08df81a979721e49adbd010 100644 (file)
@@ -73,7 +73,7 @@ void kcdb_credtype_check_and_delete(khm_int32 id)
 }\r
 \r
 KHMEXP khm_int32 KHMAPI \r
-kcdb_credtype_register(kcdb_credtype * type, khm_int32 * new_id) \r
+kcdb_credtype_register(const kcdb_credtype * type, khm_int32 * new_id) \r
 {\r
     khm_int32 id;\r
     kcdb_credtype_i * ict;\r
@@ -330,7 +330,7 @@ KHMEXP khm_int32 KHMAPI kcdb_credtype_get_name(
 }\r
 \r
 KHMEXP khm_int32 KHMAPI kcdb_credtype_get_id(\r
-    wchar_t * name, \r
+    const wchar_t * name, \r
     khm_int32 * id)\r
 {\r
     int i;\r
index 07ceb5812d08ae8f5c17cb0eb910065bb91a1a72..15c36130ffad1bb0bda6fb832571c6ee8a367215 100644 (file)
@@ -570,8 +570,8 @@ kcdbint_ident_set_default(khm_handle vid,
 \r
         LeaveCriticalSection(&cs_ident);\r
 \r
-        if (invoke_identpro)\r
-            kcdbint_ident_post_message(KCDB_OP_NEW_DEFAULT, new_def);\r
+        /* if (invoke_identpro) */\r
+        kcdbint_ident_post_message(KCDB_OP_NEW_DEFAULT, new_def);\r
     } else {\r
         LeaveCriticalSection(&cs_ident);\r
     }\r
@@ -929,7 +929,7 @@ _exit:
 \r
 KHMEXP khm_int32 KHMAPI \r
 kcdb_identity_set_attrib(khm_handle vid,\r
-                         wchar_t * attr_name,\r
+                         const wchar_t * attr_name,\r
                          void * buffer,\r
                          khm_size cbbuf)\r
 {\r
@@ -1025,7 +1025,7 @@ _exit:
 \r
 KHMEXP khm_int32 KHMAPI \r
 kcdb_identity_get_attrib(khm_handle vid,\r
-                         wchar_t * attr_name,\r
+                         const wchar_t * attr_name,\r
                          khm_int32 * attr_type,\r
                          void * buffer,\r
                          khm_size * pcbbuf)\r
@@ -1121,9 +1121,8 @@ _exit:
 }\r
 \r
 KHMEXP khm_int32 KHMAPI \r
-kcdb_identity_get_attrib_string(\r
-                                khm_handle vid,\r
-                                wchar_t * attr_name,\r
+kcdb_identity_get_attrib_string(khm_handle vid,\r
+                                const wchar_t * attr_name,\r
                                 wchar_t * buffer,\r
                                 khm_size * pcbbuf,\r
                                 khm_int32 flags)\r
index 33c5d168d503da946e9b55aeb0b6cda58b8dc142..1b5d9b67cb60ccca3c35acfc419e864ae2d738da 100644 (file)
@@ -504,9 +504,7 @@ kcdb_identity_set_default(khm_handle id);
       to notify the KCDB that the specified identity is the default.\r
       This does not result in the invocation of any other semantics to\r
       make the identity the default other than releasing the previous\r
-      defualt identity and making the specified one the default.  As\r
-      an additional side effect, the notification <::KMSG_KCDB,\r
-      ::KMSG_KCDB_IDENT, ::KCDB_OP_NEW_DEFAULT> will also not be sent.\r
+      defualt identity and making the specified one the default.\r
  */\r
 KHMEXP khm_int32 KHMAPI\r
 kcdb_identity_set_default_int(khm_handle id);\r
@@ -640,7 +638,7 @@ kcdb_identity_set_attr(khm_handle identity,
 */\r
 KHMEXP khm_int32 KHMAPI \r
 kcdb_identity_set_attrib(khm_handle identity,\r
-                         wchar_t * attr_name,\r
+                         const wchar_t * attr_name,\r
                          void * buffer,\r
                          khm_size cbbuf);\r
 \r
@@ -686,7 +684,7 @@ kcdb_identity_get_attr(khm_handle identity,
 */\r
 KHMEXP khm_int32 KHMAPI \r
 kcdb_identity_get_attrib(khm_handle identity,\r
-                         wchar_t * attr_name,\r
+                         const wchar_t * attr_name,\r
                          khm_int32 * attr_type,\r
                          void * buffer,\r
                          khm_size * pcbbuf);\r
@@ -751,7 +749,7 @@ kcdb_identity_get_attr_string(khm_handle identity,
 */\r
 KHMEXP khm_int32 KHMAPI \r
 kcdb_identity_get_attrib_string(khm_handle identity,\r
-                                wchar_t * attr_name,\r
+                                const wchar_t * attr_name,\r
                                 wchar_t * buffer,\r
                                 khm_size * pcbbuf,\r
                                 khm_int32 flags);\r
@@ -1611,7 +1609,7 @@ typedef struct tag_kcdb_cred_request {
     \see kcdb_cred_release()\r
 */\r
 KHMEXP khm_int32 KHMAPI \r
-kcdb_cred_create(wchar_t *   name, \r
+kcdb_cred_create(const wchar_t *   name, \r
                  khm_handle  identity,\r
                  khm_int32   cred_type,\r
                  khm_handle * result);\r
@@ -1641,13 +1639,18 @@ kcdb_cred_update(khm_handle vdest,
 \r
 /*! \brief Set an attribute in a credential by name\r
 \r
+    \r
+\r
     \param[in] cbbuf Number of bytes of data in \a buffer.  The\r
         individual data type handlers may copy in less than this many\r
-        bytes in to the credential.\r
+        bytes in to the credential.  For some data types where the\r
+        size of the buffer is fixed or can be determined from its\r
+        contents, you can specify ::KCDB_CBSIZE_AUTO for this\r
+        parameter.\r
 */\r
 KHMEXP khm_int32 KHMAPI \r
 kcdb_cred_set_attrib(khm_handle cred, \r
-                     wchar_t * name, \r
+                     const wchar_t * name, \r
                      void * buffer, \r
                      khm_size cbbuf);\r
 \r
@@ -1686,7 +1689,7 @@ kcdb_cred_set_attr(khm_handle cred,
 */\r
 KHMEXP khm_int32 KHMAPI \r
 kcdb_cred_get_attrib(khm_handle cred, \r
-                     wchar_t * name, \r
+                     const wchar_t * name, \r
                      khm_int32 * attr_type,\r
                      void * buffer, \r
                      khm_size * cbbuf);\r
@@ -1791,7 +1794,7 @@ kcdb_cred_get_attr_string(khm_handle vcred,
 */\r
 KHMEXP khm_int32 KHMAPI \r
 kcdb_cred_get_attrib_string(khm_handle cred, \r
-                            wchar_t * name, \r
+                            const wchar_t * name, \r
                             wchar_t * buffer, \r
                             khm_size * cbbuf,\r
                             khm_int32 flags) ;\r
@@ -1904,7 +1907,7 @@ kcdb_cred_delete(khm_handle cred);
 KHMEXP khm_int32 KHMAPI \r
 kcdb_creds_comp_attrib(khm_handle cred1, \r
                        khm_handle cred2, \r
-                       wchar_t * name);\r
+                       const wchar_t * name);\r
 \r
 /*! \brief Compare an attribute of two credentials by attribute id.\r
 \r
@@ -2219,7 +2222,7 @@ typedef struct tag_kcdb_type {
 /*@}*/\r
 \r
 KHMEXP khm_int32 KHMAPI \r
-kcdb_type_get_id(wchar_t *name, khm_int32 * id);\r
+kcdb_type_get_id(const wchar_t *name, khm_int32 * id);\r
 \r
 /*! \brief Return the type descriptor for a given type id\r
 \r
@@ -2262,7 +2265,7 @@ kcdb_type_get_name(khm_int32 id,
     \param[out] new_id Receives the identifier for the credential attribute type.\r
 */\r
 KHMEXP khm_int32 KHMAPI \r
-kcdb_type_register(kcdb_type * type, \r
+kcdb_type_register(const kcdb_type * type, \r
                    khm_int32 * new_id);\r
 \r
 /*! \brief Unregister a credential attribute type\r
@@ -2422,12 +2425,48 @@ UnicodeStrToAnsi( char * dest, size_t cbdest, const wchar_t * src);
 */\r
 #define KCDB_TYPE_ALL       KCDB_TYPE_INVALID\r
 \r
+/*! \brief Void\r
+\r
+    No data.  This is not an actual data type.\r
+ */\r
 #define KCDB_TYPE_VOID      0\r
+\r
+/*! \brief String\r
+\r
+    NULL terminated Unicode string.  The byte count for a string\r
+    attribute always includes the terminating NULL.\r
+ */\r
 #define KCDB_TYPE_STRING    1\r
+\r
+/*! \brief Data\r
+\r
+    A date/time represented in FILETIME format.\r
+ */\r
 #define KCDB_TYPE_DATE      2\r
+\r
+/*! \brief Interval\r
+\r
+    An interval of time represented as the difference between two\r
+    FILETIME values.\r
+ */\r
 #define KCDB_TYPE_INTERVAL  3\r
+\r
+/*! \brief 32-bit integer\r
+\r
+    A 32-bit signed integer.\r
+ */\r
 #define KCDB_TYPE_INT32     4\r
+\r
+/*! \brief 64-bit integer\r
+\r
+    A 64-bit integer.\r
+ */\r
 #define KCDB_TYPE_INT64     5\r
+\r
+/*! \brief Raw data\r
+\r
+    A raw data buffer.\r
+ */\r
 #define KCDB_TYPE_DATA      6\r
 \r
 #define KCDB_TYPENAME_VOID      L"Void"\r
@@ -2509,7 +2548,7 @@ typedef struct tag_kcdb_attrib {
 \r
 /*! \brief Retrieve the ID of a named attribute */\r
 KHMEXP khm_int32 KHMAPI \r
-kcdb_attrib_get_id(wchar_t *name, \r
+kcdb_attrib_get_id(const wchar_t *name, \r
                    khm_int32 * id);\r
 \r
 /*! \brief Register an attribute\r
@@ -2518,7 +2557,7 @@ kcdb_attrib_get_id(wchar_t *name,
         attribute.  If the \a id member of the ::kcdb_attrib object is\r
         set to KCDB_ATTR_INVALID, then a unique ID is generated. */\r
 KHMEXP khm_int32 KHMAPI \r
-kcdb_attrib_register(kcdb_attrib * attrib, \r
+kcdb_attrib_register(const kcdb_attrib * attrib, \r
                      khm_int32 * new_id);\r
 \r
 /*! \brief Retrieve the attribute descriptor for an attribute \r
@@ -2974,7 +3013,7 @@ typedef struct tag_kcdb_credtype {
         specified is already in use.\r
 */\r
 KHMEXP khm_int32 KHMAPI \r
-kcdb_credtype_register(kcdb_credtype * type, \r
+kcdb_credtype_register(const kcdb_credtype * type, \r
                        khm_int32 * new_id);\r
 \r
 /*! \brief Return a held reference to a \a kcdb_credtype object describing the credential type.\r
@@ -3093,7 +3132,7 @@ kcdb_credtype_describe(khm_int32 id,
 \r
  */\r
 KHMEXP khm_int32 KHMAPI \r
-kcdb_credtype_get_id(wchar_t * name, \r
+kcdb_credtype_get_id(const wchar_t * name, \r
                      khm_int32 * id);\r
 \r
 /*@}*/\r
@@ -3155,7 +3194,7 @@ kcdb_buf_get_attr(khm_handle  record,
 */\r
 KHMEXP khm_int32 KHMAPI \r
 kcdb_buf_get_attrib(khm_handle  record,\r
-                    wchar_t *   attr_name,\r
+                    const wchar_t *   attr_name,\r
                     khm_int32 * attr_type,\r
                     void *      buffer,\r
                     khm_size *  pcb_buf);\r
@@ -3220,7 +3259,7 @@ kcdb_buf_get_attr_string(khm_handle  record,
 */\r
 KHMEXP khm_int32 KHMAPI \r
 kcdb_buf_get_attrib_string(khm_handle  record,\r
-                           wchar_t *   attr_name,\r
+                           const wchar_t *   attr_name,\r
                            wchar_t *   buffer,\r
                            khm_size *  pcbbuf,\r
                            khm_int32   flags);\r
@@ -3245,7 +3284,7 @@ kcdb_buf_set_attr(khm_handle  record,
 */\r
 KHMEXP khm_int32 KHMAPI \r
 kcdb_buf_set_attrib(khm_handle  record,\r
-                    wchar_t *   attr_name,\r
+                    const wchar_t *   attr_name,\r
                     void *      buffer,\r
                     khm_size    cbbuf);\r
 \r
index c1215f583425b506e50cff5a5e5339573f6cee99..48630b5fd5ca3195326c3e22ad3a9651515f8fc0 100644 (file)
@@ -679,8 +679,11 @@ khm_boolean KHMAPI kcdb_type_data_isValid(
     const void * d,\r
     khm_size cbd)\r
 {\r
-    /* data is always valid, even if d is NULL */\r
-    return TRUE;\r
+    /* data is always valid */\r
+    if (cbd != 0 && d == NULL)\r
+        return FALSE;\r
+    else\r
+        return TRUE;\r
 }\r
 \r
 khm_int32 KHMAPI kcdb_type_data_comp(\r
@@ -689,8 +692,21 @@ khm_int32 KHMAPI kcdb_type_data_comp(
     const void * d2,\r
     khm_size cbd2)\r
 {\r
-    /* datas can not be compared */\r
-    return 0;\r
+    khm_size pref;\r
+    khm_int32 rv = 0;\r
+\r
+    pref = min(cbd1, cbd2);\r
+\r
+    if (pref == 0)\r
+        return (cbd1 < cbd2)? -1 : ((cbd1 > cbd2)? 1 : 0);\r
+\r
+    rv = memcmp(d1, d2, pref);\r
+\r
+    if (rv == 0) {\r
+        return (cbd1 < cbd2)? -1 : ((cbd1 > cbd2)? 1 : 0);\r
+    } else {\r
+        return rv;\r
+    }\r
 }\r
 \r
 khm_int32 KHMAPI kcdb_type_data_dup(\r
@@ -699,14 +715,14 @@ khm_int32 KHMAPI kcdb_type_data_dup(
     void * d_dst,\r
     khm_size * cbd_dst)\r
 {\r
-    if(!cbd_dst)\r
+    if(!cbd_dst || cbd_src == KCDB_CBSIZE_AUTO)\r
         return KHM_ERROR_INVALID_PARAM;\r
 \r
-    *cbd_dst = cbd_src;\r
-\r
     if(!d_dst || *cbd_dst < cbd_src) {\r
+        *cbd_dst = cbd_src;\r
         return KHM_ERROR_TOO_LONG;\r
     } else {\r
+        *cbd_dst = cbd_src;\r
         memcpy(d_dst, d_src, cbd_src);\r
         return KHM_ERROR_SUCCESS;\r
     }\r
@@ -889,7 +905,7 @@ void kcdb_type_check_and_delete(khm_int32 id)
     LeaveCriticalSection(&cs_type);\r
 }\r
 \r
-KHMEXP khm_int32 KHMAPI kcdb_type_get_id(wchar_t *name, khm_int32 * id)\r
+KHMEXP khm_int32 KHMAPI kcdb_type_get_id(const wchar_t *name, khm_int32 * id)\r
 {\r
     kcdb_type_i * t;\r
     size_t cbsize;\r
@@ -968,7 +984,7 @@ KHMEXP khm_int32 KHMAPI kcdb_type_get_name(khm_int32 id, wchar_t * buffer, khm_s
     return KHM_ERROR_SUCCESS;\r
 }\r
 \r
-KHMEXP khm_int32 KHMAPI kcdb_type_register(kcdb_type * type, khm_int32 * new_id)\r
+KHMEXP khm_int32 KHMAPI kcdb_type_register(const kcdb_type * type, khm_int32 * new_id)\r
 {\r
     kcdb_type_i *t;\r
     size_t cbsize;\r
index 3186633c457d67a758c10694af783cd949343d8b..6c2b02d43f4fdac1d6a88bf926d6c82df0168baf 100644 (file)
@@ -280,7 +280,7 @@ krb4_id_config_proc(HWND hwnd,
                     khc_close_space(csp_ident);\r
 \r
                 if (csp_idk4)\r
-                    khc_close_space(csp_ident);\r
+                    khc_close_space(csp_idk4);\r
 \r
                 khui_cfg_set_flags_inst(d,\r
                                         ((applied)? KHUI_CNFLAG_APPLIED: 0),\r
index f31c4a4d3201e2b5f2504def333c94cbc2542fa5..7c3b31a133d84618d443fd54df132ff7fc0c94a6 100644 (file)
@@ -29,7 +29,7 @@
 \r
 #include<windows.h>\r
 \r
-#define KHERR_FACILITY L"Kerberos4"\r
+#define KHERR_FACILITY L"Krb4Cred"\r
 #define KHERR_FACILITY_ID 65\r
 #define KHERR_HMODULE hResModule\r
 \r
index d2fabbad4066e01e891987042250ac09455138fe..f631b3c0ceee93e9cfe8271c3fee492d37ece276 100644 (file)
@@ -77,12 +77,20 @@ void khm_err_describe(long code, wchar_t * buf, khm_size cbbuf,
     *suggestion = 0;\r
     *suggest_code = KHERR_SUGGEST_NONE;\r
 \r
+    if (WSABASEERR <= code && code < (WSABASEERR + 1064)) {\r
+        /* winsock error */\r
+        table_num = WSABASEERR;\r
+        offset = code - WSABASEERR;\r
+    }\r
+\r
     switch(table_num)\r
     {\r
     case krb_err_base:\r
     case kadm_err_base:\r
+    case WSABASEERR:\r
        break;\r
     default:\r
+\r
         if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY) {\r
             *suggestion = MSG_ERR_S_INTEGRITY;\r
         }\r
@@ -91,9 +99,8 @@ void khm_err_describe(long code, wchar_t * buf, khm_size cbbuf,
        return;\r
     }\r
 \r
-    if (table_num == krb_err_base)\r
-        switch(offset)\r
-        {\r
+    if (table_num == krb_err_base) {\r
+        switch(offset) {\r
         case KDC_NAME_EXP:           /* 001 Principal expired */\r
         case KDC_SERVICE_EXP:        /* 002 Service expired */\r
         case KDC_AUTH_EXP:           /* 003 Auth expired */\r
@@ -170,9 +177,8 @@ void khm_err_describe(long code, wchar_t * buf, khm_size cbbuf,
             /* no extra error msg */\r
             break;\r
         }\r
-    else\r
-        switch(code)\r
-        {\r
+    } else if (table_num == kadm_err_base) {\r
+        switch(code) {\r
         case KADM_INSECURE_PW:\r
             /* if( kadm_info != NULL ){\r
              * wsprintf(buf, "%s\n%s", com_err_msg, kadm_info);\r
@@ -198,6 +204,34 @@ void khm_err_describe(long code, wchar_t * buf, khm_size cbbuf,
             /* no extra error msg */\r
             break;\r
         }\r
+    } else if (table_num == WSABASEERR) {\r
+        switch(code) {\r
+        case WSAENETDOWN:\r
+            msg_id = MSG_ERR_NETDOWN;\r
+            sugg_id = MSG_ERR_S_NETRETRY;\r
+            sugg_code = KHERR_SUGGEST_RETRY;\r
+            break;\r
+\r
+        case WSATRY_AGAIN:\r
+            msg_id = MSG_ERR_TEMPDOWN;\r
+            sugg_id = MSG_ERR_S_TEMPDOWN;\r
+            sugg_code = KHERR_SUGGEST_RETRY;\r
+            break;\r
+\r
+        case WSAENETUNREACH:\r
+        case WSAENETRESET:\r
+        case WSAECONNABORTED:\r
+        case WSAECONNRESET:\r
+        case WSAETIMEDOUT:\r
+        case WSAECONNREFUSED:\r
+        case WSAEHOSTDOWN:\r
+        case WSAEHOSTUNREACH:\r
+            msg_id = MSG_ERR_NOHOST;\r
+            sugg_id = MSG_ERR_S_NOHOST;\r
+            sugg_code = KHERR_SUGGEST_RETRY;\r
+            break;\r
+        }\r
+    }\r
 \r
     if (msg_id != 0) {\r
         FormatMessage(FORMAT_MESSAGE_FROM_HMODULE |\r
index 31626311903c9c25bfd63a7006970fb2e9ce4652..7db09526db220470573f990f2b90cb92c067e02e 100644 (file)
@@ -2056,7 +2056,7 @@ khm_krb5_changepwd(char * principal,
                    char** error_str)\r
 {\r
     krb5_error_code rc = 0;\r
-    int result_code;\r
+    int result_code = 0;\r
     krb5_data result_code_string, result_string;\r
     krb5_context context = 0;\r
     krb5_principal princ = 0;\r
index b263e6bf3071c1be284b830c185fbdf45585de40..11a7410b122e2987b06388796c1c7b562494c3b9 100644 (file)
@@ -49,15 +49,52 @@ typedef struct tag_k5_new_cred_data {
     HWND hw_realm;\r
 } k5_new_cred_data;\r
 \r
+static\r
+void\r
+trim_str(wchar_t * s, khm_size cch) {\r
+    wchar_t * c, * last_ws;\r
+\r
+    for (c = s; *c && iswspace(*c) && ((khm_size)(c - s)) < cch; c++);\r
+\r
+    if (((khm_size)(c - s)) >= cch)\r
+        return;\r
+\r
+    if (c != s && ((khm_size)(c - s)) < cch) {\r
+#if _MSC_VER >= 1400\r
+        wmemmove_s(s, cch, c, cch - ((khm_size)(c - s)));\r
+#else\r
+        memmove(s, c, (cch - ((khm_size)(c - s))) * sizeof(wchar_t));\r
+#endif\r
+    }\r
+\r
+    last_ws = NULL;\r
+    for (c = s; *c && ((khm_size)(c - s)) < cch; c++) {\r
+        if (!iswspace(*c))\r
+            last_ws = NULL;\r
+        else if (last_ws == NULL)\r
+            last_ws = c;\r
+    }\r
+\r
+    if (last_ws)\r
+        *last_ws = L'\0';\r
+}\r
+\r
 /* Runs in the UI thread */\r
 int \r
 k5_get_realm_from_nc(khui_new_creds * nc, \r
                      wchar_t * buf, \r
                      khm_size cch_buf) {\r
     k5_new_cred_data * d;\r
+    khm_size s;\r
 \r
     d = (k5_new_cred_data *) nc->ident_aux;\r
-    return GetWindowText(d->hw_realm, buf, (int) cch_buf);\r
+    buf[0] = L'\0';\r
+    GetWindowText(d->hw_realm, buf, (int) cch_buf);\r
+    trim_str(buf, cch_buf);\r
+\r
+    StringCchLength(buf, cch_buf, &s);\r
+\r
+    return (int) s;\r
 }\r
 \r
 /* set the primary identity of a new credentials dialog depending on\r
@@ -83,6 +120,7 @@ set_identity_from_ui(khui_new_creds * nc,
     assert(cch < KCDB_IDENT_MAXCCH_NAME - 1);\r
 \r
     GetWindowText(d->hw_username, un, ARRAYLENGTH(un));\r
+    trim_str(un, ARRAYLENGTH(un));\r
 \r
     realm = khm_get_realm_from_princ(un);\r
     if (realm)          /* realm was specified */\r
@@ -113,6 +151,7 @@ set_identity_from_ui(khui_new_creds * nc,
     }\r
 \r
     GetWindowText(d->hw_realm, realm, (int) cch_left);\r
+    trim_str(realm, cch_left);\r
 \r
  _set_ident:\r
     if (KHM_FAILED(rv = kcdb_identity_create(un,\r
@@ -183,6 +222,7 @@ update_crossfeed(khui_new_creds * nc,
     GetWindowText(d->hw_username,\r
                   un,\r
                   ARRAYLENGTH(un));\r
+    trim_str(un, ARRAYLENGTH(un));\r
 \r
     un_realm = khm_get_realm_from_princ(un);\r
 \r
@@ -246,6 +286,7 @@ update_crossfeed(khui_new_creds * nc,
 \r
     GetWindowText(d->hw_realm, realm,\r
                   ARRAYLENGTH(realm));\r
+    trim_str(realm, ARRAYLENGTH(realm));\r
 \r
     idx = (int)SendMessage(d->hw_realm,\r
                            CB_FINDSTRINGEXACT,\r
index 97ef85ee9503436022540d26423cba6b6c7a04e1..f1b7f05491b174e5cf38093e01f66d605983962d 100644 (file)
@@ -30,7 +30,7 @@
 kmm_module h_khModule; /* KMM's handle to this module */\r
 HINSTANCE hInstance;\r
 HMODULE hResModule;    /* HMODULE to the resource library */\r
-const wchar_t * k5_facility = L"Krb5";\r
+const wchar_t * k5_facility = L"Krb5Cred";\r
 \r
 khm_int32 type_id_enctype       = -1;\r
 khm_int32 type_id_addr_list     = -1;\r
index 179ec4ede3c3690bb954a6ed724a571ab3d728b2..db9462eb6ebbf4bfaf7cb62ea91034686e8f3d69 100644 (file)
@@ -55,6 +55,7 @@ typedef struct k5_dlg_data_t {
 \r
     wchar_t * cred_message;     /* overrides the credential text, if\r
                                    non-NULL */\r
+    BOOL    pwd_change;         /* force a password change */\r
 } k5_dlg_data;\r
 \r
 \r
@@ -186,6 +187,56 @@ k5_handle_wmnc_notify(HWND hwnd,
         }\r
         break;\r
 \r
+    case WMNC_CREDTEXT_LINK:\r
+        {\r
+            k5_dlg_data * d;\r
+            khui_htwnd_link * l;\r
+            khui_new_creds * nc;\r
+            wchar_t linktext[128];\r
+\r
+            d = (k5_dlg_data *)(LONG_PTR)\r
+                GetWindowLongPtr(hwnd, DWLP_USER);\r
+            nc = d->nc;\r
+            l = (khui_htwnd_link *) lParam;\r
+\r
+            if (!l)\r
+                break;\r
+\r
+            StringCchCopyN(linktext, ARRAYLENGTH(linktext),\r
+                           l->id, l->id_len);\r
+\r
+            if (!wcscmp(linktext, L"Krb5Cred:!Passwd")) {\r
+                /* we are turning this dialog into a change password dialog... */\r
+                wchar_t wbuf[KHUI_MAXCCH_BANNER];\r
+\r
+                khui_cw_clear_prompts(nc);\r
+\r
+                LoadString(hResModule, IDS_NC_PWD_BANNER,\r
+                           wbuf, ARRAYLENGTH(wbuf));\r
+                khui_cw_begin_custom_prompts(nc, 3, NULL, wbuf);\r
+\r
+                LoadString(hResModule, IDS_NC_PWD_PWD,\r
+                           wbuf, ARRAYLENGTH(wbuf));\r
+                khui_cw_add_prompt(nc, KHUI_NCPROMPT_TYPE_PASSWORD,\r
+                                   wbuf, NULL, KHUI_NCPROMPT_FLAG_HIDDEN);\r
+\r
+                LoadString(hResModule, IDS_NC_PWD_NPWD,\r
+                           wbuf, ARRAYLENGTH(wbuf));\r
+                khui_cw_add_prompt(nc, KHUI_NCPROMPT_TYPE_NEW_PASSWORD,\r
+                                   wbuf, NULL, KHUI_NCPROMPT_FLAG_HIDDEN);\r
+\r
+                LoadString(hResModule, IDS_NC_PWD_NPWD_AGAIN,\r
+                           wbuf, ARRAYLENGTH(wbuf));\r
+                khui_cw_add_prompt(nc, KHUI_NCPROMPT_TYPE_NEW_PASSWORD_AGAIN,\r
+                                   wbuf, NULL, KHUI_NCPROMPT_FLAG_HIDDEN);\r
+\r
+                d->pwd_change = TRUE;\r
+\r
+                return TRUE;\r
+            }\r
+        }\r
+        break;\r
+\r
     case WMNC_UPDATE_CREDTEXT:\r
         {\r
             k5_dlg_data * d;\r
@@ -215,7 +266,8 @@ k5_handle_wmnc_notify(HWND hwnd,
                 KHM_SUCCEEDED(kcdb_identity_get_flags(nc->identities[0], \r
                                                       &flags)) &&\r
                 (flags & KCDB_IDENT_FLAG_VALID) &&\r
-                nc->subtype == KMSG_CRED_NEW_CREDS) {\r
+                nc->subtype == KMSG_CRED_NEW_CREDS &&\r
+                !d->pwd_change) {\r
 \r
                 if (is_k5_identpro)\r
                     k5_get_realm_from_nc(nc, tbuf, ARRAYLENGTH(tbuf));\r
@@ -237,7 +289,8 @@ k5_handle_wmnc_notify(HWND hwnd,
 \r
                 StringCbCopy(nct->credtext, cbsize, sbuf);\r
             } else if (nc->n_identities > 0 &&\r
-                       nc->subtype == KMSG_CRED_PASSWORD) {\r
+                       (nc->subtype == KMSG_CRED_PASSWORD ||\r
+                        (nc->subtype == KMSG_CRED_NEW_CREDS && d->pwd_change))) {\r
                 cbsize = sizeof(tbuf);\r
                 kcdb_identity_get_name(nc->identities[0], tbuf, &cbsize);\r
 \r
@@ -630,6 +683,9 @@ k5_cached_kinit_prompter(void) {
     khm_size n_cur_prompts;\r
     khm_int32 n_prompts;\r
     khm_int32 i;\r
+    khm_int64 iexpiry;\r
+    FILETIME expiry;\r
+    FILETIME current;\r
 \r
 #ifdef DEBUG\r
     assert(g_fjob.nc);\r
@@ -656,6 +712,30 @@ k5_cached_kinit_prompter(void) {
 \r
         goto _cleanup;\r
 \r
+    if (KHM_SUCCEEDED(khc_read_int64(csp_prcache, L"ExpiresOn", &iexpiry))) {\r
+        /* has the cache expired? */\r
+        expiry = IntToFt(iexpiry);\r
+        GetSystemTimeAsFileTime(&current);\r
+\r
+        if (CompareFileTime(&expiry, &current) < 0)\r
+            /* already expired */\r
+            goto _cleanup;\r
+    } else {\r
+        FILETIME lifetime;\r
+        khm_int32 t;\r
+\r
+        /* make the cache expire at some point */\r
+        GetSystemTimeAsFileTime(&current);\r
+        khc_read_int32(csp_params, L"PromptCacheLifetime", &t);\r
+        if (t == 0)\r
+            t = 172800;         /* 48 hours */\r
+        TimetToFileTimeInterval(t, &lifetime);\r
+        expiry = FtAdd(&current, &lifetime);\r
+        iexpiry = FtToInt(&expiry);\r
+\r
+        khc_write_int64(csp_prcache, L"ExpiresOn", iexpiry);\r
+    }\r
+\r
     /* we found a prompt cache.  We take this to imply that the\r
        principal is valid. */\r
     g_fjob.valid_principal = TRUE;\r
@@ -968,6 +1048,11 @@ k5_kinit_prompter(krb5_context context,
     {\r
         wchar_t wbanner[KHUI_MAXCCH_BANNER];\r
         wchar_t wname[KHUI_MAXCCH_PNAME];\r
+        FILETIME current;\r
+        FILETIME lifetime;\r
+        FILETIME expiry;\r
+        khm_int64 iexpiry;\r
+        khm_int32 t = 0;\r
 \r
         if(banner)\r
             AnsiStrToUnicode(wbanner, sizeof(wbanner), banner);\r
@@ -982,28 +1067,40 @@ k5_kinit_prompter(krb5_context context,
             (banner)?wbanner:NULL,\r
             (name)?wname:NULL);\r
 \r
-        if (banner && csp_prcache)\r
-            khc_write_string(csp_prcache,\r
-                             L"Banner",\r
-                             wbanner);\r
-        else if (csp_prcache)\r
-            khc_write_string(csp_prcache,\r
-                             L"Banner",\r
-                             L"");\r
+        if (csp_prcache) {\r
 \r
-        if (name && csp_prcache)\r
-            khc_write_string(csp_prcache,\r
-                             L"Name",\r
-                             wname);\r
-        else if (csp_prcache)\r
-            khc_write_string(csp_prcache,\r
-                             L"Name",\r
-                             L"");\r
+            if (banner)\r
+                khc_write_string(csp_prcache,\r
+                                 L"Banner",\r
+                                 wbanner);\r
+            else\r
+                khc_write_string(csp_prcache,\r
+                                 L"Banner",\r
+                                 L"");\r
+\r
+            if (name)\r
+                khc_write_string(csp_prcache,\r
+                                 L"Name",\r
+                                 wname);\r
+            else if (csp_prcache)\r
+                khc_write_string(csp_prcache,\r
+                                 L"Name",\r
+                                 L"");\r
 \r
-        if (csp_prcache)\r
             khc_write_int32(csp_prcache,\r
                             L"PromptCount",\r
                             (khm_int32) num_prompts);\r
+\r
+            GetSystemTimeAsFileTime(&current);\r
+            khc_read_int32(csp_params, L"PromptCacheLifetime", &t);\r
+            if (t == 0)\r
+                t = 172800;         /* 48 hours */\r
+            TimetToFileTimeInterval(t, &lifetime);\r
+            expiry = FtAdd(&current, &lifetime);\r
+            iexpiry = FtToInt(&expiry);\r
+\r
+            khc_write_int64(csp_prcache, L"ExpiresOn", iexpiry);\r
+        }\r
     }\r
 \r
     for(i=0; i < num_prompts; i++) {\r
@@ -1757,6 +1854,10 @@ k5_msg_cred_dialog(khm_int32 msg_type,
             }\r
 \r
             khui_cw_unlock_nc(nc);\r
+\r
+            /* reset the force-password-change flag if this is a new\r
+               identity. */\r
+            d->pwd_change = FALSE;\r
         }\r
 \r
         /* fallthrough */\r
@@ -1950,6 +2051,11 @@ k5_msg_cred_dialog(khm_int32 msg_type,
             if (nc->subtype == KMSG_CRED_NEW_CREDS) {\r
                 d = (k5_dlg_data *) nct->aux;\r
 \r
+                if (d->pwd_change) {\r
+                    /* we are forcing a password change */\r
+                    goto change_password;\r
+                }\r
+\r
                 _begin_task(0);\r
                 _report_mr0(KHERR_NONE, MSG_CTX_INITAL_CREDS);\r
                 _describe();\r
@@ -2259,6 +2365,9 @@ k5_msg_cred_dialog(khm_int32 msg_type,
             } else if (nc->subtype == KMSG_CRED_PASSWORD &&\r
                        nc->result == KHUI_NC_RESULT_PROCESS) {\r
 \r
+            change_password:\r
+                /* we jump here if there was a password change forced */\r
+\r
                 _begin_task(0);\r
                 _report_mr0(KHERR_NONE, MSG_CTX_PASSWD);\r
                 _describe();\r
@@ -2360,6 +2469,74 @@ k5_msg_cred_dialog(khm_int32 msg_type,
 \r
                     if (code)\r
                         rv = KHM_ERROR_UNKNOWN;\r
+                    else if (nc->subtype == KMSG_CRED_NEW_CREDS) {\r
+                        khm_handle csp_idcfg = NULL;\r
+                        krb5_context ctx = NULL;\r
+\r
+                        /* we forced a password change.  now we need\r
+                           to get the initial credentials. */\r
+\r
+                        d = (k5_dlg_data *) nct->aux;\r
+\r
+                        if (d == NULL) {\r
+                            rv = KHM_ERROR_UNKNOWN;\r
+                            goto _pwd_exit;\r
+                        }\r
+\r
+                        code = khm_krb5_kinit(NULL, /* context (create one) */\r
+                                              idname, /* principal_name */\r
+                                              npwd, /* password */\r
+                                              NULL, /* ccache name (figure out the identity cc)*/\r
+                                              (krb5_deltat) d->tc_lifetime.current,\r
+                                              d->forwardable,\r
+                                              d->proxiable,\r
+                                              (krb5_deltat)((d->renewable)?d->tc_renew.current:0),\r
+                                              d->addressless, /* addressless */\r
+                                              d->publicIP, /* public IP */\r
+                                              NULL, /* prompter */\r
+                                              NULL /* prompter data */);\r
+\r
+                        if (code) {\r
+                            rv = KHM_ERROR_UNKNOWN;\r
+                            goto _pwd_exit;\r
+                        }\r
+\r
+                        /* save the settings that we used for\r
+                           obtaining the ticket. */\r
+                        if (KHM_SUCCEEDED\r
+                            (k5_open_config_handle(nc->identities[0],\r
+                                                   KHM_FLAG_CREATE |\r
+                                                   KCONF_FLAG_WRITEIFMOD,\r
+                                                   &csp_idcfg))) {\r
+                            k5_write_dlg_params(csp_idcfg, d);\r
+                            khc_close_space(csp_idcfg);\r
+                        }\r
+\r
+                        /* and do a quick refresh of the krb5 tickets\r
+                           so that other plug-ins that depend on krb5\r
+                           can look up tickets inside NetIDMgr */\r
+                        khm_krb5_list_tickets(&ctx);\r
+\r
+                        /* if there was no default identity, we make\r
+                           this one the default. */\r
+                        kcdb_identity_refresh(nc->identities[0]);\r
+                        {\r
+                            khm_handle tdefault = NULL;\r
+\r
+                            if (KHM_SUCCEEDED(kcdb_identity_get_default(&tdefault))) {\r
+                                kcdb_identity_release(tdefault);\r
+                            } else {\r
+                                _reportf(L"There was no default identity.  Setting defualt");\r
+                                kcdb_identity_set_default(nc->identities[0]);\r
+                            }\r
+                        }\r
+\r
+                        /* and then update the LRU too */\r
+                        k5_update_LRU(nc->identities[0]);\r
+\r
+                        if (ctx != NULL)\r
+                            pkrb5_free_context(ctx);\r
+                    }\r
 \r
                     /* result is only set when code != 0 */\r
                     if (code && result) {\r
index b6754409e1590cdec9111c8dcf69d9215752aebb..205cbcb42a732e705239808cebb5e1fbcbbe643d 100644 (file)
@@ -25,11 +25,13 @@ Krb5Cred,KC_SPACE,0,Kerberos V Credentials Provider
     LRURealms,KC_STRING,,\r
     LRUPrincipals,KC_STRING,,\r
     LastDefaultIdent,KC_STRING,,Last known default identity\r
+    PromptCacheLifetime,KC_INT32,172800,Lifetime of the prompt cache in seconds\r
     DefaultCCName,KC_STRING,,Default CC name (only per identity)\r
     PromptCache,KC_SPACE,0,Cache of prompts (only per identity)\r
       Name,KC_STRING,,\r
       Banner,KC_STRING,,\r
       PromptCount,KC_INT32,0,\r
+      ExpiresOn,KC_INT64,0,FILETIME of when the prompt cache is set to expire\r
       (n),KC_SPACE,0,Parameters for each prompt\r
         Prompt,KC_STRING,,\r
         Type,KC_INT32,0,\r
index aab9090503429cda29d9ff16499b7468414a0886..54f3ed78743883872c1c67126b1aefc0c8c5a053 100644 (file)
@@ -382,7 +382,7 @@ BEGIN
     IDS_NC_REALM            "Realm"\r
     IDS_KRB5_WARNING        "Kerberos 5 Warning"\r
     IDS_K5ERR_NAME_EXPIRED  "<p><a id=""SwitchPanel"" param=""Krb5Cred""><b>Krb5</b></a><tab>: The selected principal name has expired.</p><p><tab>  Please contact your system administrator.</p>"\r
-    IDS_K5ERR_KEY_EXPIRED   "<p><a id=""SwitchPanel"" param=""Krb5Cred""><b>Krb5</b></a><tab>: The password for the selected identity has expired.</p><p><tab>  Click <a id=""Krb5Cred:Passwd"">here</a> to change the password</p>"\r
+    IDS_K5ERR_KEY_EXPIRED   "<p><a id=""SwitchPanel"" param=""Krb5Cred""><b>Krb5</b></a><tab>: The password for the selected identity has expired.</p><p><tab>  Click <a id=""Krb5Cred:!Passwd"">here</a> to change the password</p>"\r
     IDS_KRB5_WARN_FMT       "Kerberos 5: %s\n\n%s"\r
     IDS_K5ERR_FMT           "<p><a id=""SwitchPanel"" param=""Krb5Cred""><b>Krb5</b></a><tag>: %s</p>"\r
     IDS_K5CFG_SHORT_DESC    "Kerberos 5"\r
index 01e01761fd5251f5e6dce2f9e64cf6e80b2eedb1..cadc66626774a443d4030fb7ae6d74eabdc5f8e2 100644 (file)
@@ -157,6 +157,42 @@ Language=English
 Destroying Krb5 tickets\r
 .\r
 \r
+MessageId=\r
+SymbolicName=MSG_ERR_NETDOWN\r
+Language=English\r
+A network connection is unavailable\r
+.\r
+\r
+MessageId=\r
+SymbolicName=MSG_ERR_S_NETRETRY\r
+Language=English\r
+Please check your network connection or contact your network administrator for assistance.\r
+.\r
+\r
+MessageId=\r
+SymbolicName=MSG_ERR_TEMPDOWN\r
+Language=English\r
+A temporary network error caused the operation to fail\r
+.\r
+\r
+MessageId=\r
+SymbolicName=MSG_ERR_S_TEMPDOWN\r
+Language=English\r
+Please try again in a few minutes\r
+.\r
+\r
+MessageId=\r
+SymbolicName=MSG_ERR_NOHOST\r
+Language=English\r
+A server could not be reached\r
+.\r
+\r
+MessageId=\r
+SymbolicName=MSG_ERR_S_NOHOST\r
+Language=English\r
+This can be caused by the server being unavailable, network errors, or improper configuration.  Please try again or contact your administrator for assistance.\r
+.\r
+\r
 MessageId=\r
 SymbolicName=MSG_\r
 Language=English\r
index e536210599bc54425a6277a1d5dd8bf10eecaacb..b9400105a712d2205cce1ed46fca9ea5105ab88f 100644 (file)
@@ -110,8 +110,8 @@ MC=mc
 \r
 # Lots more macros\r
 \r
-incflags = -I$(NIDMINCDIR) -I$(OBJ) -I.\r
-rincflags = /i $(NIDMINCDIR) /i $(OBJ) /i .\r
+incflags = -I"$(NIDMINCDIR)" -I"$(OBJ)" -I.\r
+rincflags = /i "$(NIDMINCDIR)" /i "$(OBJ)" /i .\r
 \r
 ldebug = $(ldebug) /DEBUG\r
 cdebug = $(cdebug) -Os -Zi\r
@@ -120,13 +120,13 @@ cdefines = $(cdefines) -DUNICODE -D_UNICODE
 \r
 C2OBJ=$(CC) $(cdebug) $(cflags) $(incflags) $(cdefines) /Fo"$@" /c $**\r
 \r
-DLLGUILINK=$(LINK) /NOLOGO $(ldebug) $(dlllflags) $(guilibsmt) /OUT:$@ /IMPLIB:$(DEST)\$(@B).lib $**\r
+DLLGUILINK=$(LINK) /NOLOGO $(ldebug) $(dlllflags) $(guilibsmt) /OUT:"$@" /IMPLIB:$(DEST)\$(@B).lib $**\r
 \r
-DLLRESLINK=$(LINK) /NOLOGO /DLL /NOENTRY /MACHINE:$(PROCESSOR_ARCHITECTURE) /OUT:$@ $**\r
+DLLRESLINK=$(LINK) /NOLOGO /DLL /NOENTRY /MACHINE:$(PROCESSOR_ARCHITECTURE) /OUT:"$@" $**\r
 \r
-RC2RES=$(RC) $(RFLAGS) $(rincflags) /fo $@ $**\r
+RC2RES=$(RC) $(RFLAGS) $(rincflags) /fo "$@" $**\r
 \r
-MC2RC=$(MC) $(MCFLAGS) -h $(OBJ)\ -m 1024 -r $(OBJ)\ -x $(OBJ)\ $**\r
+MC2RC=$(MC) $(MCFLAGS) -h "$(OBJ)\" -m 1024 -r "$(OBJ)\" -x "$(OBJ)\" $**\r
 \r
 {}.c{$(OBJ)}.obj:\r
        $(C2OBJ)\r
@@ -139,15 +139,15 @@ MC2RC=$(MC) $(MCFLAGS) -h $(OBJ)\ -m 1024 -r $(OBJ)\ -x $(OBJ)\ $**
 \r
 mkdirs::\r
 !if !exist($(DEST))\r
-       $(MKDIR) $(DEST)\r
+       $(MKDIR) "$(DEST)"\r
 !endif\r
 !if !exist($(OBJ))\r
-       $(MKDIR) $(OBJ)\r
+       $(MKDIR) "$(OBJ)"\r
 !endif\r
 \r
 clean::\r
-       $(RM) $(OBJ)\*.*\r
-       $(RM) $(DEST)\*.*\r
+       $(RM) "$(OBJ)\*.*"\r
+       $(RM) "$(DEST)\*.*"\r
 \r
 .SUFFIXES: .h\r
 \r
@@ -169,7 +169,7 @@ MT=mt.exe -nologo
 !endif\r
 \r
 _VC_MANIFEST_EMBED_EXE= \\r
-if exist $@.manifest $(MT) -outputresource:$@;1 -manifest $@.manifest\r
+if exist "$@.manifest" $(MT) -outputresource:"$@";1 -manifest "$@.manifest"\r
 \r
 _VC_MANIFEST_EMBED_DLL=$(_VC_MANIFEST_EMBED_EXE)\r
 \r
@@ -179,7 +179,7 @@ _VC_MANIFEST_EMBED_DLL=$(_VC_MANIFEST_EMBED_EXE)
 # embedded manifest will be used.  Otherwise the $@.manifest file will\r
 # be used.\r
 _VC_MANIFEST_CLEAN= \\r
-if exist $@.manifest $(RM) $@.manifest\r
+if exist "$@.manifest" $(RM) "$@.manifest"\r
 \r
 # End of manifest handling\r
 \r
@@ -189,7 +189,7 @@ if exist $@.manifest $(RM) $@.manifest
 DLL=$(DEST)\$(DLLBASENAME).dll\r
 \r
 LIBFILES= \\r
-       $(NIDMLIBDIR)\nidmgr32.lib\r
+       "$(NIDMLIBDIR)\nidmgr32.lib"\r
 \r
 OBJFILES= \\r
        $(OBJ)\credacq.obj      \\r
@@ -208,7 +208,7 @@ CONFIGHEADER=$(OBJ)\credacq_config.h
 all: mkdirs $(CONFIGHEADER) $(DLL) lang\r
 \r
 $(CONFIGHEADER): Makefile\r
-       $(CP) << $@\r
+       $(CP) << "$@"\r
 /* This is a generated file.  Do not modify directly. */\r
 \r
 #pragma once\r
index 242b1c589082351073de9689db1f06632d132e39..f4dcfcc5e1d5b0aaa2fdf80474008573343e0b84 100644 (file)
@@ -46,8 +46,11 @@ about_dlg_proc(HWND hwnd,
 \r
             SetDlgItemText(hwnd, IDC_PRODUCT,\r
                            TEXT(KH_VERSTR_PRODUCT_1033));\r
+            /* retain the original copyright strings */\r
+#ifdef OVERRIDE_COPYRIGHT\r
             SetDlgItemText(hwnd, IDC_COPYRIGHT,\r
                            TEXT(KH_VERSTR_COPYRIGHT_1033));\r
+#endif\r
             SetDlgItemText(hwnd, IDC_BUILDINFO,\r
                            TEXT(KH_VERSTR_BUILDINFO_1033));\r
 \r
index 937e82ff9773ce15a44f54288a84318601fcfa35..d695afead30fd9a1881b95e7b13c9aefe1516489 100644 (file)
@@ -227,6 +227,9 @@ kmsg_cred_completion(kmq_message *m)
            if there's more */\r
         nc = (khui_new_creds *) m->vparam;\r
 \r
+        /* if we are done processing all the plug-ins, then check if\r
+           there were any errors reported.  Otherwise we dispatch\r
+           another set of messages. */\r
         if(!khm_cred_dispatch_process_level(nc)) {\r
 \r
             if(kherr_is_error()) {\r
@@ -238,39 +241,102 @@ kmsg_cred_completion(kmq_message *m)
                 wchar_t ws_title[ARRAYLENGTH(ws_tfmt) + KCDB_IDENT_MAXCCH_NAME];\r
                 khm_size cb;\r
 \r
+                /* For renewals, we suppress the error message for the\r
+                   following case:\r
+\r
+                   - The renewal was for an identity\r
+\r
+                   - There are no identity credentials for the\r
+                     identity (no credentials that have the same type\r
+                     as the identity provider). */\r
+\r
+                if (nc->subtype == KMSG_CRED_RENEW_CREDS &&\r
+                    nc->ctx.scope == KHUI_SCOPE_IDENT &&\r
+                    nc->ctx.identity != NULL) {\r
+                    khm_handle tcs = NULL; /* credential set */\r
+                    khm_size count = 0;\r
+                    khm_int32 id_ctype = KCDB_CREDTYPE_INVALID;\r
+                    khm_int32 delta = 0;\r
+\r
+                    kcdb_identity_get_type(&id_ctype);\r
+                    kcdb_credset_create(&tcs);\r
+                    kcdb_credset_collect(tcs, NULL,\r
+                                         nc->ctx.identity,\r
+                                         id_ctype,\r
+                                         &delta);\r
+                    kcdb_credset_get_size(tcs, &count);\r
+                    kcdb_credset_delete(tcs);\r
+\r
+                    if (count == 0)\r
+                        break;\r
+                }\r
+\r
                 ctx = kherr_peek_context();\r
                 evt = kherr_get_err_event(ctx);\r
                 kherr_evaluate_event(evt);\r
 \r
                 khui_alert_create_empty(&alert);\r
 \r
-                if (nc->subtype == KMSG_CRED_PASSWORD)\r
-                    LoadString(khm_hInstance, IDS_NC_PWD_FAILED_TITLE,\r
-                               ws_tfmt, ARRAYLENGTH(ws_tfmt));\r
-                else if (nc->subtype == KMSG_CRED_RENEW_CREDS)\r
-                    LoadString(khm_hInstance, IDS_NC_REN_FAILED_TITLE,\r
-                               ws_tfmt, ARRAYLENGTH(ws_tfmt));\r
-                else\r
-                    LoadString(khm_hInstance, IDS_NC_FAILED_TITLE,\r
-                               ws_tfmt, ARRAYLENGTH(ws_tfmt));\r
+                if (nc->subtype == KMSG_CRED_NEW_CREDS) {\r
+\r
+                    cb = sizeof(w_idname);\r
+                    if (nc->n_identities == 0 ||\r
+                        KHM_FAILED(kcdb_identity_get_name(nc->identities[0],\r
+                                                          w_idname, &cb))) {\r
+                        /* an identity could not be determined */\r
+                        LoadString(khm_hInstance, IDS_NC_FAILED_TITLE,\r
+                                   ws_title, ARRAYLENGTH(ws_title));\r
+                    } else {\r
+                        LoadString(khm_hInstance, IDS_NC_FAILED_TITLE_I,\r
+                                   ws_tfmt, ARRAYLENGTH(ws_tfmt));\r
+                        StringCbPrintf(ws_title, sizeof(ws_title),\r
+                                       ws_tfmt, w_idname);\r
+                    }\r
+\r
+                } else if (nc->subtype == KMSG_CRED_PASSWORD) {\r
 \r
-                if (nc->n_identities > 0) {\r
                     cb = sizeof(w_idname);\r
-                    if (KHM_FAILED(kcdb_identity_get_name(nc->identities[0], \r
-                                                          w_idname, &cb)))\r
-                        StringCbCopy(w_idname, sizeof(w_idname), L"(?)");\r
+                    if (nc->n_identities == 0 ||\r
+                        KHM_FAILED(kcdb_identity_get_name(nc->identities[0],\r
+                                                          w_idname, &cb))) {\r
+                        LoadString(khm_hInstance, IDS_NC_PWD_FAILED_TITLE,\r
+                                   ws_title, ARRAYLENGTH(ws_title));\r
+                    } else {\r
+                        LoadString(khm_hInstance, IDS_NC_PWD_FAILED_TITLE_I,\r
+                                   ws_tfmt, ARRAYLENGTH(ws_tfmt));\r
+                        StringCbPrintf(ws_title, sizeof(ws_title),\r
+                                       ws_tfmt, w_idname);\r
+                    }\r
+\r
+                } else if (nc->subtype == KMSG_CRED_RENEW_CREDS) {\r
+\r
+                    cb = sizeof(w_idname);\r
+                    if (nc->ctx.identity == NULL ||\r
+                        KHM_FAILED(kcdb_identity_get_name(nc->ctx.identity,\r
+                                                          w_idname, &cb))) {\r
+                        LoadString(khm_hInstance, IDS_NC_REN_FAILED_TITLE,\r
+                                   ws_title, ARRAYLENGTH(ws_title));\r
+                    } else {\r
+                        LoadString(khm_hInstance, IDS_NC_REN_FAILED_TITLE_I,\r
+                                   ws_tfmt, ARRAYLENGTH(ws_tfmt));\r
+                        StringCbPrintf(ws_title, sizeof(ws_title),\r
+                                       ws_tfmt, w_idname);\r
+                    }\r
+\r
                 } else {\r
-                    StringCbCopy(w_idname, sizeof(w_idname), L"(?)");\r
+#ifdef DEBUG\r
+                    assert(FALSE);\r
+#endif\r
                 }\r
 \r
-                StringCbPrintf(ws_title, sizeof(ws_title), ws_tfmt, w_idname);\r
-\r
                 khui_alert_set_title(alert, ws_title);\r
                 khui_alert_set_severity(alert, evt->severity);\r
+\r
                 if(!evt->long_desc)\r
                     khui_alert_set_message(alert, evt->short_desc);\r
                 else\r
                     khui_alert_set_message(alert, evt->long_desc);\r
+\r
                 if(evt->suggestion)\r
                     khui_alert_set_suggestion(alert, evt->suggestion);\r
 \r
@@ -847,6 +913,8 @@ khm_cred_process_startup_actions(void) {
 \r
         if (khm_startup.renew) {\r
             khm_size count;\r
+            wchar_t * ident_names = NULL;\r
+            wchar_t * this_ident;\r
 \r
             kcdb_credset_get_size(NULL, &count);\r
 \r
@@ -856,16 +924,55 @@ khm_cred_process_startup_actions(void) {
             khm_startup.renew = FALSE;\r
 \r
             if (count != 0) {\r
-                if (defident)\r
-                    khui_context_set(KHUI_SCOPE_IDENT,\r
-                                     defident,\r
-                                     KCDB_CREDTYPE_INVALID,\r
-                                     NULL, NULL, 0,\r
-                                     NULL);\r
-                else\r
-                    khui_context_reset();\r
+                khm_size cb = 0;\r
+                khm_size n_idents = 0;\r
+                khm_int32 rv;\r
+\r
+                ident_names = NULL;\r
+\r
+                while (TRUE) {\r
+                    if (ident_names) {\r
+                        PFREE(ident_names);\r
+                        ident_names = NULL;\r
+                    }\r
+\r
+                    cb = 0;\r
+                    rv = kcdb_identity_enum(KCDB_IDENT_FLAG_EMPTY, 0,\r
+                                            NULL,\r
+                                            &cb, &n_idents);\r
+\r
+                    if (n_idents == 0 || rv != KHM_ERROR_TOO_LONG ||\r
+                        cb == 0)\r
+                        break;\r
+\r
+                    ident_names = PMALLOC(cb);\r
 \r
-                khm_cred_renew_creds();\r
+                    rv = kcdb_identity_enum(KCDB_IDENT_FLAG_EMPTY, 0,\r
+                                            ident_names,\r
+                                            &cb, &n_idents);\r
+\r
+                    if (KHM_SUCCEEDED(rv))\r
+                        break;\r
+                }\r
+\r
+                if (ident_names) {\r
+                    for (this_ident = ident_names;\r
+                         this_ident && *this_ident;\r
+                         this_ident = multi_string_next(this_ident)) {\r
+                        khm_handle ident;\r
+\r
+                        if (KHM_FAILED(kcdb_identity_create(this_ident, 0,\r
+                                                            &ident)))\r
+                            continue;\r
+\r
+                        khm_cred_renew_identity(ident);\r
+\r
+                        kcdb_identity_release(ident);\r
+                    }\r
+\r
+                    PFREE(ident_names);\r
+                    ident_names = NULL;\r
+                }\r
                 break;\r
             }\r
         }\r
index 31df6bdf7079f93ebf4fb604d66216c6c8f6cc28..a870fe527e22c86bcb461ab94e029c1960bdfcfd 100644 (file)
@@ -2669,16 +2669,20 @@ cw_kmq_wm_dispatch(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
             cw_update_outline(tbl);\r
             cw_update_extents(tbl, TRUE);\r
             InvalidateRect(hwnd, NULL, FALSE);\r
+\r
         }\r
         else if (m->subtype == KMSG_KCDB_IDENT && \r
                  m->uparam == KCDB_OP_NEW_DEFAULT) {\r
 \r
             InvalidateRect(hwnd, NULL, FALSE);\r
+\r
         }\r
         else if (m->subtype == KMSG_KCDB_ATTRIB &&\r
                  (m->uparam == KCDB_OP_INSERT ||\r
                   m->uparam == KCDB_OP_DELETE)) {\r
+\r
             cw_refresh_attribs(hwnd);\r
+\r
         }\r
     } else if (m->type == KMSG_KMM &&\r
                m->subtype == KMSG_KMM_I_DONE) {\r
index 93e7805755f2897c5fc999cab89e4c127ce2dc1a..eb84b8f1e41cd0afca447d174c37d35d50ce72de 100644 (file)
@@ -356,9 +356,9 @@ FONT 8, "MS Shell Dlg", 400, 0, 0x1
 BEGIN\r
     DEFPUSHBUTTON   "OK",IDOK,211,7,50,14\r
     LTEXT           "Productname",IDC_PRODUCT,41,7,163,13,NOT WS_GROUP\r
-    LTEXT           "© 2005 Massachusetts Institute of Technology",IDC_COPYRIGHT,41,23,220,18,NOT WS_GROUP\r
-    LTEXT           "BuildInfo",IDC_BUILDINFO,41,41,220,17,NOT WS_GROUP\r
-    ICON            IDI_MAIN_APP,IDC_STATIC,6,7,21,20\r
+    LTEXT           "© 2005-2006 Massachusetts Institute of Technology\n© 2006 Secure Endpoints Inc.",IDC_COPYRIGHT,41,23,220,18,NOT WS_GROUP\r
+    LTEXT           "BuildInfo",IDC_BUILDINFO,41,43,220,15,NOT WS_GROUP\r
+    ICON            IDI_MAIN_APP,IDC_STATIC,6,7,20,20\r
     CONTROL         "",IDC_MODULES,"SysListView32",LVS_REPORT | LVS_ALIGNLEFT | WS_BORDER | WS_TABSTOP,41,72,220,91\r
     LTEXT           "Loaded modules",IDC_STATIC,41,60,52,8\r
 END\r
@@ -770,6 +770,13 @@ BEGIN
     IDS_ACTIONT_OPT_APPEAR  "Change appearance and display settings"\r
     IDS_ACTIONT_HELP_CTX    "Display user documentation"\r
     IDS_ACTIONT_IMPORT      "Import credentials from external sources such as the Windows LSA"\r
+    IDS_NC_FAILED_TITLE_I   "Failed to get credentials for %s"\r
+    IDS_NC_PWD_FAILED_TITLE_I "Failed to change password for %s"\r
+END\r
+\r
+STRINGTABLE \r
+BEGIN\r
+    IDS_NC_REN_FAILED_TITLE_I "Failed to renew creds for %s"\r
 END\r
 \r
 #endif    // English (U.S.) resources\r
index 1c5d1941211e71935124122311eb6069bb14c56c..f5b302ec06d0ed4a0adfee4fede96dfe89f6c764 100644 (file)
@@ -1,6 +1,5 @@
 /*\r
  * Copyright (c) 2005 Massachusetts Institute of Technology\r
- * Copyright (c) 2006 Secure Endpoints Inc.\r
  *\r
  * Permission is hereby granted, free of charge, to any person\r
  * obtaining a copy of this software and associated documentation\r
@@ -264,6 +263,38 @@ nc_clear_password_fields(khui_nc_wnd_data * d)
     }\r
 }\r
 \r
+struct nc_enum_wnd_data {\r
+    khui_nc_wnd_data * d;\r
+    khm_boolean enable;\r
+};\r
+\r
+static\r
+BOOL CALLBACK\r
+nc_enum_wnd_proc(HWND hwnd,\r
+                 LPARAM lParam)\r
+{\r
+    struct nc_enum_wnd_data * wd;\r
+\r
+    wd = (struct nc_enum_wnd_data *) lParam;\r
+\r
+    EnableWindow(hwnd, wd->enable);\r
+\r
+    return TRUE;\r
+}\r
+\r
+static void\r
+nc_enable_controls(khui_nc_wnd_data * d, khm_boolean enable)\r
+{\r
+    struct nc_enum_wnd_data wd;\r
+\r
+    ZeroMemory(&wd, sizeof(wd));\r
+\r
+    wd.d = d;\r
+    wd.enable = enable;\r
+\r
+    EnumChildWindows(d->dlg_main, nc_enum_wnd_proc, (LPARAM) &wd);\r
+}\r
+\r
 #define NC_MAXCCH_CREDTEXT 16384\r
 #define NC_MAXCB_CREDTEXT (NC_MAXCCH_CREDTEXT * sizeof(wchar_t))\r
 \r
@@ -524,6 +555,7 @@ nc_handle_wm_create(HWND hwnd,
     int x, y;\r
     int width, height;\r
     RECT r;\r
+    khm_int32 t;\r
 \r
     lpc = (LPCREATESTRUCT) lParam;\r
 \r
@@ -789,6 +821,17 @@ nc_handle_wm_create(HWND hwnd,
     /* add this to the dialog chain */\r
     khm_add_dialog(hwnd);\r
 \r
+    /* bring the window to the top, if necessary */\r
+    if (KHM_SUCCEEDED(khc_read_int32(NULL,\r
+                                     L"CredWindow\\Windows\\NewCred\\ForceToTop",\r
+                                     &t)) &&\r
+        t != 0) {\r
+\r
+        SetWindowPos(hwnd, HWND_TOP, 0, 0, 0, 0,\r
+                     (SWP_NOMOVE | SWP_NOSIZE));\r
+\r
+    }\r
+\r
     return TRUE;\r
 }\r
 \r
@@ -936,6 +979,8 @@ nc_handle_wm_command(HWND hwnd,
                KHUI_NC_RESULT_CANCEL */\r
             d->nc->response = KHUI_NC_RESPONSE_PROCESSING;\r
 \r
+            nc_enable_controls(d, FALSE);\r
+\r
             nc_notify_types(d->nc, \r
                             KHUI_WM_NC_NOTIFY, \r
                             MAKEWPARAM(0,WMNC_DIALOG_PREPROCESS), \r
@@ -1008,7 +1053,8 @@ nc_handle_wm_command(HWND hwnd,
                    type that is participating in the credentials\r
                    acquisition process, then we forward the message to\r
                    the panel that is providing the UI for that cred\r
-                   type.  We also switch to that panel first. */\r
+                   type.  We also switch to that panel first, unless\r
+                   the link is of the form '<credtype>:!<link_tag>'. */\r
 \r
                 colon = wcschr(sid, L':');\r
                 if (colon != NULL) {\r
@@ -1020,7 +1066,8 @@ nc_handle_wm_command(HWND hwnd,
                         KHM_SUCCEEDED(khui_cw_find_type(d->nc, credtype, &t))){\r
                         *colon = L':';\r
 \r
-                        if (t->ordinal != d->ctab)\r
+                        if (t->ordinal != d->ctab &&\r
+                            *(colon + 1) != L'!')\r
                             PostMessage(hwnd,\r
                                         KHUI_WM_NC_NOTIFY,\r
                                         MAKEWPARAM(t->ordinal,\r
@@ -1031,6 +1078,8 @@ nc_handle_wm_command(HWND hwnd,
                                            KHUI_WM_NC_NOTIFY,\r
                                            MAKEWPARAM(0, WMNC_CREDTEXT_LINK),\r
                                            lParam);\r
+                    } else {\r
+                        *colon = L':';\r
                     }\r
                 }\r
 \r
@@ -1257,8 +1306,8 @@ static LRESULT nc_handle_wm_nc_notify(HWND hwnd,
             khui_cw_lock_nc(d->nc);\r
 \r
             GetWindowRect(d->dlg_ts, &r);\r
-            if (x + width * d->nc->n_types > (khm_size) (r.right - r.left)) {\r
-                width = (int)(((r.right - r.left) - x) / d->nc->n_types);\r
+            if (x + width * (d->nc->n_types + 1) > (khm_size) (r.right - r.left)) {\r
+                width = (int)(((r.right - r.left) - x) / (d->nc->n_types + 1));\r
             }\r
 \r
             /* first, the control for the main panel */\r
@@ -1684,6 +1733,8 @@ static LRESULT nc_handle_wm_nc_notify(HWND hwnd,
             if(nc->response & KHUI_NC_RESPONSE_NOEXIT) {\r
                 HWND hw;\r
 \r
+                nc_enable_controls(d, TRUE);\r
+\r
                 /* reset state */\r
                 nc->result = KHUI_NC_RESULT_CANCEL;\r
 \r
index eb46824c71e581b665308871037b95bc0fd12196..12b746b1f7c4ce883853c8e80bddc2734490711f 100644 (file)
@@ -744,6 +744,9 @@ alerter_wnd_proc(HWND hwnd,
                 }\r
             }\r
 \r
+            if (d->hwnd_buttons[0])\r
+                SetFocus(d->hwnd_buttons[0]);\r
+\r
             khm_notify_icon_change(a->severity);\r
 \r
             khui_alert_unlock(a);\r
index 49fcf70e451042179417337537e95a6f9d17f67b..35b493e919e4368178b89f9320b249266cc7c309 100644 (file)
 #define IDS_ACTIONT_OPT_APPEAR          283\r
 #define IDS_ACTIONT_HELP_CTX            284\r
 #define IDS_ACTIONT_IMPORT              285\r
+#define IDS_NC_FAILED_TITLE_I           286\r
+#define IDS_NC_PWD_FAILED_TITLE_I       287\r
+#define IDS_NC_REN_FAILED_TITLE_I       288\r
 #define IDC_NC_USERNAME                 1007\r
 #define IDC_NC_PASSWORD                 1008\r
 #define IDC_NC_CREDTEXT_LABEL           1009\r
index 5c512bbac16362021476b7d945464a7fa05353e3..f1bb4b19566d8c81395eb3af57ca3b98ffb97ebd 100644 (file)
@@ -35,6 +35,9 @@ CredWindow,KC_SPACE,0,Options for the credentials window
     _Schema,KC_ENDSPACE,0,\r
     Main,KC_SPACE,0,Main window\r
     Main,KC_ENDSPACE,0,\r
+    NewCred,KC_SPACE,0,New credentials window\r
+      ForceToTop,KC_INT32,1,Force new creds window to the top\r
+    NewCred,KC_ENDSPACE,0,\r
   Windows,KC_ENDSPACE,0,\r
   Views,KC_SPACE,0,Preconfigured views for credentials\r
    Custom_0,KC_SPACE,0,First custom view.  Additional views have names of the form Custom_N\r
index f96ec5deecfb3f9abceb1a53abf05245254b7f9a..dcce3de93d973eef1601b9a2a2686371ca67a8de 100644 (file)
@@ -1289,12 +1289,9 @@ khui_context_refresh(void) {
             khui_check_action(KHUI_ACTION_SET_DEF_ID, FALSE);\r
             khui_enable_action(KHUI_ACTION_SET_DEF_ID, TRUE);\r
         }\r
-\r
-        khui_enable_action(KHUI_ACTION_PASSWD_ID, TRUE);\r
     } else {\r
         khui_check_action(KHUI_ACTION_SET_DEF_ID, FALSE);\r
         khui_enable_action(KHUI_ACTION_SET_DEF_ID, FALSE);\r
-        khui_enable_action(KHUI_ACTION_PASSWD_ID, FALSE);\r
     }\r
 \r
     if (khui_ctx.scope != KHUI_SCOPE_NONE) {\r
index 458218d90b0a2edd98587f5dddadb61e75c8fb54..84d6e17ed66b10bc0ebaf47551207e1eae0be7bd 100644 (file)
@@ -564,6 +564,35 @@ khui_cw_get_prompt(khui_new_creds * c,
     return rv;\r
 }\r
 \r
+void\r
+khuiint_trim_str(wchar_t * s, khm_size cch) {\r
+    wchar_t * c, * last_ws;\r
+\r
+    for (c = s; *c && iswspace(*c) && ((khm_size)(c - s)) < cch; c++);\r
+\r
+    if (((khm_size)(c - s)) >= cch)\r
+        return;\r
+\r
+    if (c != s && ((khm_size)(c - s)) < cch) {\r
+#if _MSC_VER >= 1400\r
+        wmemmove_s(s, cch, c, cch - ((khm_size)(c - s)));\r
+#else\r
+        memmove(s, c, (cch - ((khm_size)(c - s)))* sizeof(wchar_t));\r
+#endif\r
+    }\r
+\r
+    last_ws = NULL;\r
+    for (c = s; *c && ((khm_size)(c - s)) < cch; c++) {\r
+        if (!iswspace(*c))\r
+            last_ws = NULL;\r
+        else if (last_ws == NULL)\r
+            last_ws = c;\r
+    }\r
+\r
+    if (last_ws)\r
+        *last_ws = L'\0';\r
+}\r
+\r
 KHMEXP khm_int32 KHMAPI \r
 khui_cw_sync_prompt_values(khui_new_creds * c)\r
 {\r
@@ -584,6 +613,7 @@ khui_cw_sync_prompt_values(khui_new_creds * c)
             LeaveCriticalSection(&c->cs);\r
 \r
             GetWindowText(hw, tmpbuf, ARRAYLENGTH(tmpbuf));\r
+            khuiint_trim_str(tmpbuf, ARRAYLENGTH(tmpbuf));\r
 \r
             EnterCriticalSection(&c->cs);\r
             if (n != c->n_prompts)\r
index 1d09fae9ea0c7649cf3bc0f6a07e4bcec5b8d6dc..efe14789d3516250f05b0b24b34219453445f514 100644 (file)
@@ -142,7 +142,18 @@ typedef struct tag_khui_config_node_reg {
 */\r
 #define KHUI_CNFLAG_SYSTEM        0x0010\r
 \r
+/*! \brief Settings have been modified\r
+\r
+    Settings for this configuration panel have been modified.  This\r
+    flag should be cleared once the settings have been successfully\r
+    applied.\r
+ */\r
 #define KHUI_CNFLAG_MODIFIED      0x0100\r
+\r
+/*! \brief Settings have been applied\r
+\r
+    Set once any modified settings were successfully applied.\r
+ */\r
 #define KHUI_CNFLAG_APPLIED       0x0200\r
 \r
 #define KHUI_CNFLAGMASK_STATIC    0x00ff\r
index f5fb3deeff73f24d3efb356f6a69f90c068f2c61..1246923e23422b4d6c4e75b5add88deb662e84b3 100644 (file)
     Instead, the length fields should be used to extract the string.\r
  */\r
 typedef struct tag_khui_htwnd_link {\r
-    RECT r;\r
-    wchar_t * id;\r
-    int id_len;\r
-    wchar_t * param;\r
-    int param_len;\r
+    RECT r;                     /*!< The enclosing rectangle of the\r
+                                  hyperlink.  Units are screen units\r
+                                  and the coordinates are relative to\r
+                                  the top left hand corner of the\r
+                                  hypertext area.  */\r
+    wchar_t * id;               /*!< The value of the \a id attribute\r
+                                  of the link or \a NULL if there was\r
+                                  no \a id attribute.  This does not\r
+                                  point to a \a NULL terminated\r
+                                  string.  The length of the string is\r
+                                  given by the \a id_len field. */\r
+    int id_len;                 /*!< The length of the string pointed\r
+                                  to by \a id in characters.\r
+                                  Undefined if \a id is \a NULL. */\r
+    wchar_t * param;            /*!< The value of the \a param\r
+                                  attribute of the link or \a NULL if\r
+                                  there was no \a param attribute.\r
+                                  This does not point to a \a NULL\r
+                                  terminated string.  The length of\r
+                                  the string is given by the \a\r
+                                  param_len field.*/\r
+    int param_len;              /*!< Length of the string pointed to\r
+                                  by \a param in characters.\r
+                                  Undefined if \a param is \a NULL. */\r
 } khui_htwnd_link;\r
 \r
 #define KHUI_MAXCCH_HTLINK_FIELD 256\r
index 453575713850c633ca9bd68dc24f73a69617d990..b2b014e4f3978dacc2d0474dc859ef284c1c280d 100644 (file)
@@ -111,7 +111,9 @@ enum khui_wm_nc_notifications {
 \r
     WMNC_CREDTEXT_LINK,    \r
     /*!< Sent to a panel dialog proc when a user clicks a credtext\r
-      embedded link that belongs to that panel */\r
+      embedded link that belongs to that panel.  The \a lParam\r
+      parameter of the message is a pointer to a ::khui_htwnd_link\r
+      structure describing the link. */\r
 \r
     WMNC_IDENTITY_CHANGE,   \r
     /*!< The primary identity has changed */\r
@@ -219,7 +221,7 @@ typedef LRESULT
     \see \ref cred_acq for more information\r
 */\r
 typedef struct tag_khui_new_creds {\r
-    khm_int32   magic;\r
+    khm_int32   magic;          /*!< Internal use */\r
 \r
     khm_int32   subtype;        /*!< Subtype of the request that is\r
                                   being handled through this object.\r
@@ -227,7 +229,7 @@ typedef struct tag_khui_new_creds {
                                   ::KMSG_CRED_NEW_CREDS or\r
                                   ::KMSG_CRED_RENEW_CREDS */\r
 \r
-    CRITICAL_SECTION cs;\r
+    CRITICAL_SECTION cs;        /*!< Internal use */\r
 \r
     khm_boolean set_default;    /*!< After a successfull credentials\r
                                   acquisition, set the primary\r
@@ -271,7 +273,7 @@ typedef struct tag_khui_new_creds {
                                 documentation for info on what to do\r
                                 with this field */\r
 \r
-    wchar_t     *password;  /*!< Not set until the dialog ends */\r
+    wchar_t     *password;  /*!< Not used. */\r
 \r
     /* UI stuff */\r
 \r