* This is typically called when the user selects a "new tickets"
* control or menu item from a ticket management utility.
* If this UI calls into KIM to get new credentials it may
- * call auth_prompt below. */
+ * call auth_prompt below.
+ * If out_change_password is set to TRUE, KIM will call change_password
+ * on the identity and then call enter_identity again, allowing you
+ * to have a change password option on your UI. */
kim_error (*enter_identity) (void *in_context,
kim_options io_options,
- kim_identity *out_identity);
+ kim_identity *out_identity,
+ kim_boolean *out_change_password);
/* Present UI to select which identity to use.
* This is typically called the first time an application tries to use
* Kerberos and is used to establish a hints preference for the application.
* If this UI calls into KIM to get new credentials it may
- * call auth_prompt below. */
+ * call auth_prompt below.
+ * If out_change_password is set to TRUE, KIM will call change_password
+ * on the identity and then call select_identity again, allowing you
+ * to have a change password option on your UI. */
kim_error (*select_identity) (void *in_context,
kim_selection_hints io_hints,
- kim_identity *out_identity);
+ kim_identity *out_identity,
+ kim_boolean *out_change_password);
/* Present UI to display authentication to the user */
/* If in_allow_save_reply is FALSE do not display UI to allow the user
int32_t kim_handle_reply_enter_identity (mach_port_t in_reply_port,
kim_identity in_identity,
kim_options in_options,
+ kim_boolean in_change_password,
int32_t in_error);
int32_t kim_handle_reply_select_identity (mach_port_t in_reply_port,
kim_identity in_identity,
kim_options in_options,
+ kim_boolean in_change_password,
int32_t in_error);
int32_t kim_handle_reply_auth_prompt (mach_port_t in_reply_port,
int32_t kim_handle_reply_enter_identity (mach_port_t in_reply_port,
kim_identity in_identity,
kim_options in_options,
+ kim_boolean in_change_password,
int32_t in_error)
{
int32_t err = 0;
if (!err && !in_error) {
err = k5_ipc_stream_write_string (reply, identity_string);
}
+
+ if (!err && !in_error) {
+ err = k5_ipc_stream_write_uint32 (reply, in_change_password);
+ }
if (!err && !in_error) {
err = kim_options_write_to_stream (in_options, reply);
int32_t kim_handle_reply_select_identity (mach_port_t in_reply_port,
kim_identity in_identity,
kim_options in_options,
+ kim_boolean in_change_password,
int32_t in_error)
{
int32_t err = 0;
err = k5_ipc_stream_write_string (reply, identity_string);
}
+ if (!err && !in_error) {
+ err = k5_ipc_stream_write_uint32 (reply, in_change_password);
+ }
+
if (!err && !in_error) {
err = kim_options_write_to_stream (in_options, reply);
}
if (identity) {
done_with_identity = 1;
- } else {
- err = kim_ui_enter_identity (&context, options, &identity);
+
+ } else while (!err && !identity) {
+ kim_boolean user_wants_change_password = 0;
+
+ err = kim_ui_enter_identity (&context, options,
+ &identity,
+ &user_wants_change_password);
+
+ if (!err && user_wants_change_password) {
+ err = kim_identity_change_password_common (identity, 1,
+ &context,
+ NULL);
+
+ /* reenter enter_identity so just forget this identity
+ * even if we got an error */
+ if (err == KIM_USER_CANCELED_ERR) { err = KIM_NO_ERROR; }
+ kim_identity_free (&identity);
+ }
+
}
if (!err) {
err = kim_ui_init (&context);
- if (!err) {
+ while (!err && !identity) {
+ kim_boolean user_wants_change_password = 0;
+
err = kim_ui_select_identity (&context,
in_selection_hints,
- &identity);
+ &identity,
+ &user_wants_change_password);
+
+ if (!err && user_wants_change_password) {
+ err = kim_identity_change_password_common (identity, 1,
+ &context,
+ NULL);
+
+ /* reenter select_identity so just forget this identity
+ * even if we got an error */
+ if (err == KIM_USER_CANCELED_ERR) { err = KIM_NO_ERROR; }
+ kim_identity_free (&identity);
+ }
+
}
if (context.initialized) {
kim_error kim_ui_enter_identity (kim_ui_context *in_context,
kim_options io_options,
- kim_identity *out_identity)
+ kim_identity *out_identity,
+ kim_boolean *out_change_password)
{
kim_error err = KIM_NO_ERROR;
- if (!err && !in_context ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
- if (!err && !out_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+ if (!err && !in_context ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+ if (!err && !out_identity ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+ if (!err && !out_change_password) { err = check_error (KIM_NULL_PARAMETER_ERR); }
if (!err) {
err = kim_ui_init_lazy (in_context);
if (in_context->type == kim_ui_type_gui_plugin) {
err = kim_ui_plugin_enter_identity (in_context,
io_options,
- out_identity);
+ out_identity,
+ out_change_password);
#ifndef LEAN_CLIENT
} else if (in_context->type == kim_ui_type_gui_builtin) {
err = kim_os_ui_gui_enter_identity (in_context,
io_options,
- out_identity);
+ out_identity,
+ out_change_password);
} else if (in_context->type == kim_ui_type_cli) {
err = kim_ui_cli_enter_identity (in_context,
io_options,
- out_identity);
+ out_identity,
+ out_change_password);
#endif /* LEAN_CLIENT */
kim_error kim_ui_select_identity (kim_ui_context *in_context,
kim_selection_hints io_hints,
- kim_identity *out_identity)
+ kim_identity *out_identity,
+ kim_boolean *out_change_password)
{
kim_error err = KIM_NO_ERROR;
- if (!err && !in_context ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
- if (!err && !io_hints ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
- if (!err && !out_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+ if (!err && !in_context ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+ if (!err && !io_hints ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+ if (!err && !out_identity ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+ if (!err && !out_change_password) { err = check_error (KIM_NULL_PARAMETER_ERR); }
if (!err) {
err = kim_ui_init_lazy (in_context);
if (in_context->type == kim_ui_type_gui_plugin) {
err = kim_ui_plugin_select_identity (in_context,
io_hints,
- out_identity);
+ out_identity,
+ out_change_password);
#ifndef LEAN_CLIENT
} else if (in_context->type == kim_ui_type_gui_builtin) {
err = kim_os_ui_gui_select_identity (in_context,
io_hints,
- out_identity);
+ out_identity,
+ out_change_password);
} else if (in_context->type == kim_ui_type_cli) {
err = kim_ui_cli_select_identity (in_context,
io_hints,
- out_identity);
+ out_identity,
+ out_change_password);
#endif /* LEAN_CLIENT */
kim_error kim_ui_cli_enter_identity (kim_ui_context *in_context,
kim_options io_options,
- kim_identity *out_identity)
+ kim_identity *out_identity,
+ kim_boolean *out_change_password)
{
kim_error err = KIM_NO_ERROR;
kim_string enter_identity_string = NULL;
kim_string identity_string = NULL;
- if (!err && !io_options ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
- if (!err && !out_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+ if (!err && !io_options ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+ if (!err && !out_identity ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+ if (!err && !out_change_password) { err = check_error (KIM_NULL_PARAMETER_ERR); }
if (!err) {
err = kim_os_string_create_localized (&enter_identity_string,
err = kim_identity_create_from_string (out_identity, identity_string);
}
+ if (!err) {
+ *out_change_password = 0;
+ }
+
kim_string_free (&identity_string);
kim_string_free (&enter_identity_string);
kim_error kim_ui_cli_select_identity (kim_ui_context *in_context,
kim_selection_hints io_hints,
- kim_identity *out_identity)
+ kim_identity *out_identity,
+ kim_boolean *out_change_password)
{
kim_error err = KIM_NO_ERROR;
kim_options options = NULL;
- if (!err && !io_hints ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
- if (!err && !out_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+ if (!err && !io_hints ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+ if (!err && !out_identity ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+ if (!err && !out_change_password) { err = check_error (KIM_NULL_PARAMETER_ERR); }
if (!err) {
err = kim_selection_hints_get_options (io_hints, &options);
}
if (!err) {
- err = kim_ui_cli_enter_identity (in_context, options, out_identity);
+ err = kim_ui_cli_enter_identity (in_context, options,
+ out_identity,
+ out_change_password);
}
if (!err) {
kim_error kim_ui_cli_enter_identity (kim_ui_context *in_context,
kim_options io_options,
- kim_identity *out_identity);
+ kim_identity *out_identity,
+ kim_boolean *out_change_password);
kim_error kim_ui_cli_select_identity (kim_ui_context *in_context,
kim_selection_hints io_hints,
- kim_identity *out_identity);
+ kim_identity *out_identity,
+ kim_boolean *out_change_password);
kim_error kim_ui_cli_auth_prompt (kim_ui_context *in_context,
kim_identity in_identity,
kim_error kim_os_ui_gui_enter_identity (kim_ui_context *in_context,
kim_options io_options,
- kim_identity *out_identity);
+ kim_identity *out_identity,
+ kim_boolean *out_change_password);
kim_error kim_os_ui_gui_select_identity (kim_ui_context *in_context,
kim_selection_hints io_hints,
- kim_identity *out_identity);
+ kim_identity *out_identity,
+ kim_boolean *out_change_password);
kim_error kim_os_ui_gui_auth_prompt (kim_ui_context *in_context,
kim_identity in_identity,
kim_error kim_ui_plugin_enter_identity (kim_ui_context *in_context,
kim_options io_options,
- kim_identity *out_identity)
+ kim_identity *out_identity,
+ kim_boolean *out_change_password)
{
kim_error err = KIM_NO_ERROR;
- if (!err && !in_context ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
- if (!err && !io_options ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
- if (!err && !out_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+ if (!err && !in_context ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+ if (!err && !io_options ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+ if (!err && !out_identity ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+ if (!err && !out_change_password) { err = check_error (KIM_NULL_PARAMETER_ERR); }
if (!err) {
kim_ui_plugin_context context = (kim_ui_plugin_context) in_context->tcontext;
err = context->ftable->enter_identity (context->plugin_context,
io_options,
- out_identity);
+ out_identity,
+ out_change_password);
}
return check_error (err);
kim_error kim_ui_plugin_select_identity (kim_ui_context *in_context,
kim_selection_hints io_hints,
- kim_identity *out_identity)
+ kim_identity *out_identity,
+ kim_boolean *out_change_password)
{
kim_error err = KIM_NO_ERROR;
- if (!err && !in_context ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
- if (!err && !io_hints ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
- if (!err && !out_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+ if (!err && !in_context ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+ if (!err && !io_hints ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+ if (!err && !out_identity ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+ if (!err && !out_change_password) { err = check_error (KIM_NULL_PARAMETER_ERR); }
if (!err) {
kim_ui_plugin_context context = (kim_ui_plugin_context) in_context->tcontext;
err = context->ftable->select_identity (context->plugin_context,
io_hints,
- out_identity);
+ out_identity,
+ out_change_password);
}
return check_error (err);
kim_error kim_ui_plugin_enter_identity (kim_ui_context *in_context,
kim_options io_options,
- kim_identity *out_identity);
+ kim_identity *out_identity,
+ kim_boolean *out_change_password);
kim_error kim_ui_plugin_select_identity (kim_ui_context *in_context,
kim_selection_hints io_hints,
- kim_identity *out_identity);
+ kim_identity *out_identity,
+ kim_boolean *out_change_password);
kim_error kim_ui_plugin_auth_prompt (kim_ui_context *in_context,
kim_identity in_identity,
kim_error kim_ui_enter_identity (kim_ui_context *in_context,
kim_options io_options,
- kim_identity *out_identity);
+ kim_identity *out_identity,
+ kim_boolean *out_change_password);
kim_error kim_ui_select_identity (kim_ui_context *in_context,
kim_selection_hints io_hints,
- kim_identity *out_identity);
+ kim_identity *out_identity,
+ kim_boolean *out_change_password);
krb5_error_code kim_ui_prompter (krb5_context in_krb5_context,
void *in_context,
kim_error kim_os_ui_gui_enter_identity (kim_ui_context *in_context,
kim_options io_options,
- kim_identity *out_identity)
+ kim_identity *out_identity,
+ kim_boolean *out_change_password)
{
kim_error err = KIM_NO_ERROR;
k5_ipc_stream request = NULL;
k5_ipc_stream reply = NULL;
char *identity_string = NULL;
+ kim_identity identity = NULL;
+ uint32_t change_password = 0;
- if (!err && !io_options ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
- if (!err && !out_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+ if (!err && !io_options ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+ if (!err && !out_identity ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+ if (!err && !out_change_password) { err = check_error (KIM_NULL_PARAMETER_ERR); }
if (!err) {
err = k5_ipc_stream_new (&request);
if (!err) {
err = k5_ipc_stream_read_string (reply, &identity_string);
}
+
+ if (!err) {
+ err = k5_ipc_stream_read_uint32 (reply, &change_password);
+ }
if (!err) {
err = kim_options_read_from_stream (io_options, reply);
}
if (!err) {
- err = kim_identity_create_from_string (out_identity, identity_string);
+ err = kim_identity_create_from_string (&identity, identity_string);
+ }
+
+ if (!err) {
+ *out_identity = identity;
+ identity = NULL;
+ *out_change_password = change_password;
}
+ kim_identity_free (&identity);
k5_ipc_stream_free_string (identity_string);
k5_ipc_stream_release (request);
k5_ipc_stream_release (reply);
kim_error kim_os_ui_gui_select_identity (kim_ui_context *in_context,
kim_selection_hints io_hints,
- kim_identity *out_identity)
+ kim_identity *out_identity,
+ kim_boolean *out_change_password)
{
kim_error err = KIM_NO_ERROR;
k5_ipc_stream request = NULL;
k5_ipc_stream reply = NULL;
char *identity_string = NULL;
kim_options options = NULL;
+ kim_identity identity = NULL;
+ uint32_t change_password = 0;
- if (!err && !io_hints ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
- if (!err && !out_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+ if (!err && !io_hints ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+ if (!err && !out_identity ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+ if (!err && !out_change_password) { err = check_error (KIM_NULL_PARAMETER_ERR); }
if (!err) {
err = k5_ipc_stream_new (&request);
}
if (!err) {
- err = kim_identity_create_from_string (out_identity, identity_string);
+ err = kim_identity_create_from_string (&identity, identity_string);
}
+ if (!err) {
+ err = k5_ipc_stream_read_uint32 (reply, &change_password);
+ }
+
if (!err) {
err = kim_options_create_from_stream (&options, reply);
}
err = kim_selection_hints_set_options (io_hints, options);
}
+ if (!err) {
+ *out_identity = identity;
+ identity = NULL;
+ *out_change_password = change_password;
+ }
+
+ kim_identity_free (&identity);
kim_options_free (&options);
k5_ipc_stream_free_string (identity_string);
k5_ipc_stream_release (request);