NIM Correct Visual Identity Expiration Status

	The visual status for the identities in NIM 1.1 was based
	upon the highest alert status of any credential that was
	associated with the identity.  The correct behavior that is
	now implemented is that the identity status should be based
	solely upon the expiration state of the credentials obtained
	by the identity provider.

	For example, the Kerberos v5 identity provider will based the
	identity expiration status on the initial TGT.  Service tickets
	with short lifetimes that expire do not prevent the acquisition
	of additional service tickets.  Therefore, the identity should
	not be listed as expired.

ticket: new
tags: pullup
component: windows

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19068 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/windows/identity/ui/credwnd.c b/src/windows/identity/ui/credwnd.c
index c9b314b3d59a68d646fad085cea5428901d590ca..d8dfcc50386904936ecb79c814c4a74225b10811 100644 (file)
--- a/src/windows/identity/ui/credwnd.c
+++ b/src/windows/identity/ui/credwnd.c
@@ -802,19 +802,27 @@ cw_new_outline_node(wchar_t * heading) {
     return o;\r
 }\r
 \r
+/* buf is a handle to a credential or an identity.  the kcdb_buf_*\r
+   functions work with either. */\r
 khm_int32 \r
-cw_get_cred_exp_flags(khui_credwnd_tbl * tbl, khm_handle cred)\r
+cw_get_buf_exp_flags(khui_credwnd_tbl * tbl, khm_handle buf)\r
 {\r
     khm_int32 flags;\r
     long s;\r
-    FILETIME ft;\r
+    FILETIME ft_expire;\r
+    FILETIME ft_current;\r
+    FILETIME ft_difference;\r
     khm_size cbsize;\r
 \r
-    cbsize = sizeof(ft);\r
-    if(KHM_FAILED(kcdb_cred_get_attr(cred, KCDB_ATTR_TIMELEFT, NULL, &ft, &cbsize)))\r
+    cbsize = sizeof(ft_expire);\r
+    if(KHM_FAILED(kcdb_buf_get_attr(buf, KCDB_ATTR_EXPIRE, NULL,\r
+                                    &ft_expire, &cbsize)))\r
         return 0;\r
 \r
-    s = FtIntervalToSeconds(&ft);\r
+    GetSystemTimeAsFileTime(&ft_current);\r
+    ft_difference = FtSub(&ft_expire, &ft_current);\r
+\r
+    s = FtIntervalToSeconds(&ft_difference);\r
 \r
     flags = 0;\r
     if(s < 0)\r
@@ -856,7 +864,7 @@ cw_timer_proc(HWND hwnd,
     if(!(r->flags & KHUI_CW_ROW_CRED))\r
         return; /* we only know what to do with cred rows */\r
 \r
-    nflags = cw_get_cred_exp_flags(tbl, (khm_handle) r->data);\r
+    nflags = cw_get_buf_exp_flags(tbl, (khm_handle) r->data);\r
     if((r->flags & CW_EXPSTATE_MASK) != nflags) {\r
         /* flags have changed */\r
         /* the outline needs to be updated */\r
@@ -1234,6 +1242,20 @@ cw_update_outline(khui_credwnd_tbl * tbl)
             }\r
             visible = visible && (ol->flags & KHUI_CW_O_EXPAND);\r
             selected = (selected || (ol->flags & KHUI_CW_O_SELECTED));\r
+\r
+            /* if the outline node is for an identity, then we have to\r
+               check the expiration state for the identity. */\r
+\r
+            if (ol->attr_id == KCDB_ATTR_ID) {\r
+                khm_handle ident = (khm_handle) ol->data;\r
+\r
+                flags = cw_get_buf_exp_flags(tbl, ident);\r
+\r
+                if (flags) {\r
+                    ol->flags |= flags;\r
+                    ol->flags |= KHUI_CW_O_SHOWFLAG;\r
+                }\r
+            }\r
         }\r
         \r
         /* we need to do this here too just in case we were already at\r
@@ -1241,7 +1263,7 @@ cw_update_outline(khui_credwnd_tbl * tbl)
         if (ol)\r
             visible = visible && (ol->flags & KHUI_CW_O_EXPAND);\r
 \r
-        flags = cw_get_cred_exp_flags(tbl, thiscred);\r
+        flags = cw_get_buf_exp_flags(tbl, thiscred);\r
         expstate |= flags;\r
 \r
         if(visible) {\r
@@ -1260,30 +1282,6 @@ cw_update_outline(khui_credwnd_tbl * tbl)
             tbl->rows[n_rows].idx_end = i;\r
 \r
             n_rows++;\r
-        } else if(flags) {\r
-            khui_credwnd_outline *to;\r
-            /* the row that is flagged is not visible.  We need to send\r
-               the flag upstream until we hit a visible outline node */\r
-            to = ol;\r
-            while(to && !(to->flags & KHUI_CW_O_VISIBLE)) {\r
-                to = TPARENT(to);\r
-            }\r
-            if(to) {\r
-                to->flags |= KHUI_CW_O_SHOWFLAG;\r
-            }\r
-        }\r
-\r
-        /* and we propagate the flags upstream */\r
-        if(flags) {\r
-            khui_credwnd_outline *to;\r
-\r
-            to = ol;\r
-            while(to) {\r
-                if((to->flags & CW_EXPSTATE_MASK) < flags) {\r
-                    to->flags = (to->flags & ~CW_EXPSTATE_MASK) | flags;\r
-                }\r
-                to = TPARENT(to);\r
-            }\r
         }\r
 \r
         if(prevcred)\r
@@ -4307,10 +4305,11 @@ cw_wm_command(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
                 wp = MK_SHIFT;\r
             else if (LOWORD(wParam) == KHUI_PACTION_UP_TOGGLE)\r
                 wp = 0; //MK_CONTROL;\r
+            else {\r
 #ifdef DEBUG\r
-            else\r
                 assert(FALSE);\r
 #endif\r
+            }\r
 \r
             cw_select_row(tbl, new_row, wp);\r
             cw_ensure_row_visible(hwnd, tbl, new_row);\r
@@ -4366,10 +4365,12 @@ cw_wm_command(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
                 wp = MK_SHIFT;\r
             else if (LOWORD(wParam) == KHUI_PACTION_DOWN_TOGGLE)\r
                 wp = 0; //MK_CONTROL;\r
+            else {\r
 #ifdef DEBUG\r
-            else\r
                 assert(FALSE);\r
 #endif\r
+            }\r
+\r
             cw_select_row(tbl, new_row, wp);\r
             cw_ensure_row_visible(hwnd, tbl, new_row);\r
         }\r