Support for change password checkbox in enter and select
authorAlexandra Ellwood <lxs@mit.edu>
Thu, 2 Oct 2008 17:38:36 +0000 (17:38 +0000)
committerAlexandra Ellwood <lxs@mit.edu>
Thu, 2 Oct 2008 17:38:36 +0000 (17:38 +0000)
identity ui elements.

ticket: 6055

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20812 dc483132-0cff-0310-8789-dd5450dbe970

13 files changed:
src/include/kim/kim_ui_plugin.h
src/kim/agent/mac/ServerDemux.h
src/kim/agent/mac/ServerDemux.m
src/kim/lib/kim_credential.c
src/kim/lib/kim_selection_hints.c
src/kim/lib/kim_ui.c
src/kim/lib/kim_ui_cli.c
src/kim/lib/kim_ui_cli_private.h
src/kim/lib/kim_ui_gui_private.h
src/kim/lib/kim_ui_plugin.c
src/kim/lib/kim_ui_plugin_private.h
src/kim/lib/kim_ui_private.h
src/kim/lib/mac/kim_os_ui_gui.c

index a2058da8370fce01fa3f8d40559aab8fff149025..a15aa419a3fe064bdb2665ba12d604dae07de7d6 100644 (file)
@@ -74,19 +74,27 @@ typedef struct kim_ui_plugin_ftable_v0 {
      * This is typically called when the user selects a "new tickets" 
      * control or menu item from a ticket management utility.
      * If this UI calls into KIM to get new credentials it may 
-     * call auth_prompt below. */
+     * call auth_prompt below. 
+     * If out_change_password is set to TRUE, KIM will call change_password
+     * on the identity and then call enter_identity again, allowing you
+     * to have a change password option on your UI. */
     kim_error (*enter_identity) (void         *in_context,
                                  kim_options   io_options,
-                                 kim_identity *out_identity);
+                                 kim_identity *out_identity,
+                                 kim_boolean  *out_change_password);
     
     /* Present UI to select which identity to use.
      * This is typically called the first time an application tries to use
      * Kerberos and is used to establish a hints preference for the application.
      * If this UI calls into KIM to get new credentials it may 
-     * call auth_prompt below. */
+     * call auth_prompt below. 
+     * If out_change_password is set to TRUE, KIM will call change_password
+     * on the identity and then call select_identity again, allowing you
+     * to have a change password option on your UI. */
     kim_error (*select_identity) (void                *in_context,
                                   kim_selection_hints  io_hints,
-                                  kim_identity        *out_identity);
+                                  kim_identity        *out_identity,
+                                  kim_boolean         *out_change_password);
     
     /* Present UI to display authentication to the user */
     /* If in_allow_save_reply is FALSE do not display UI to allow the user
index 09076d4dd1b279755d85dc591de46e9d22db83f0..39fd2810785ee9ea130ea48581399be42ef7ac72 100644 (file)
@@ -36,11 +36,13 @@ int32_t kim_handle_reply_init (mach_port_t   in_reply_port,
 int32_t kim_handle_reply_enter_identity (mach_port_t   in_reply_port, 
                                          kim_identity  in_identity,
                                          kim_options   in_options,
+                                         kim_boolean   in_change_password,
                                          int32_t       in_error);
 
 int32_t kim_handle_reply_select_identity (mach_port_t   in_reply_port, 
                                           kim_identity  in_identity,
                                           kim_options   in_options,
+                                          kim_boolean   in_change_password,
                                           int32_t       in_error);
 
 int32_t kim_handle_reply_auth_prompt (mach_port_t   in_reply_port, 
index 51759801af8dd85cd0298ebcc4712eaf0c3ddb1f..a2b0e6f8b619b96b18350adff452b310dddb9d41 100644 (file)
@@ -162,6 +162,7 @@ static int32_t kim_handle_request_enter_identity (mach_port_t   in_client_port,
 int32_t kim_handle_reply_enter_identity (mach_port_t   in_reply_port, 
                                          kim_identity  in_identity,
                                          kim_options   in_options,
+                                         kim_boolean   in_change_password,
                                          int32_t       in_error)
 {
     int32_t err = 0;
@@ -183,6 +184,10 @@ int32_t kim_handle_reply_enter_identity (mach_port_t   in_reply_port,
     if (!err && !in_error) {
         err = k5_ipc_stream_write_string (reply, identity_string);
     }
+
+    if (!err && !in_error) {
+        err = k5_ipc_stream_write_uint32 (reply, in_change_password);
+    }
     
     if (!err && !in_error) {
         err = kim_options_write_to_stream (in_options, reply);
@@ -231,6 +236,7 @@ static int32_t kim_handle_request_select_identity (mach_port_t   in_client_port,
 int32_t kim_handle_reply_select_identity (mach_port_t   in_reply_port, 
                                           kim_identity  in_identity,
                                           kim_options   in_options,
+                                          kim_boolean   in_change_password,
                                           int32_t       in_error)
 {
     int32_t err = 0;
@@ -253,6 +259,10 @@ int32_t kim_handle_reply_select_identity (mach_port_t   in_reply_port,
         err = k5_ipc_stream_write_string (reply, identity_string);
     }
     
+    if (!err && !in_error) {
+        err = k5_ipc_stream_write_uint32 (reply, in_change_password);
+    }
+
     if (!err && !in_error) {
         err = kim_options_write_to_stream (in_options, reply);
     }
index 44326989128150f9cda255ca6b4c286208303ad5..3dd17af847623f92a391254889c8c0523fcf89ca 100644 (file)
@@ -254,8 +254,25 @@ kim_error kim_credential_create_new_with_password (kim_credential *out_credentia
 
         if (identity) {
             done_with_identity = 1;
-        } else {
-            err = kim_ui_enter_identity (&context, options, &identity);
+            
+        } else while (!err && !identity) {
+            kim_boolean user_wants_change_password = 0;
+            
+            err = kim_ui_enter_identity (&context, options, 
+                                         &identity, 
+                                         &user_wants_change_password);
+            
+            if (!err && user_wants_change_password) {
+                err = kim_identity_change_password_common (identity, 1, 
+                                                           &context, 
+                                                           NULL);
+                
+                /* reenter enter_identity so just forget this identity
+                 * even if we got an error */
+                if (err == KIM_USER_CANCELED_ERR) { err = KIM_NO_ERROR; }
+                kim_identity_free (&identity);
+            }
+            
         }
         
         if (!err) {
index c9d5df16d68146b94f2adc203d10eeb76d4fc8de..90a0173f1715f3b4fdf6aedda343715d251138c7 100644 (file)
@@ -469,10 +469,25 @@ kim_error kim_selection_hints_get_identity (kim_selection_hints  in_selection_hi
         
         err = kim_ui_init (&context);
         
-        if (!err) {
+        while (!err && !identity) {
+            kim_boolean user_wants_change_password = 0;
+
             err = kim_ui_select_identity (&context, 
                                           in_selection_hints, 
-                                          &identity);
+                                          &identity,
+                                          &user_wants_change_password);
+            
+            if (!err && user_wants_change_password) {
+                err = kim_identity_change_password_common (identity, 1, 
+                                                           &context, 
+                                                           NULL);
+                
+                /* reenter select_identity so just forget this identity
+                 * even if we got an error */
+                if (err == KIM_USER_CANCELED_ERR) { err = KIM_NO_ERROR; }
+                kim_identity_free (&identity);
+            }
+                
         }
         
         if (context.initialized) {
index cd119c8d325f7757c7d34f44750420b721ba4338..ccc59f44076daa00c89f4f4e499b540885b18bd2 100644 (file)
@@ -113,12 +113,14 @@ kim_error kim_ui_init (kim_ui_context *io_context)
 
 kim_error kim_ui_enter_identity (kim_ui_context      *in_context,
                                  kim_options          io_options,
-                                 kim_identity        *out_identity)
+                                 kim_identity        *out_identity,
+                                 kim_boolean         *out_change_password)
 {
     kim_error err = KIM_NO_ERROR;
     
-    if (!err && !in_context  ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    if (!err && !out_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+    if (!err && !in_context         ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+    if (!err && !out_identity       ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+    if (!err && !out_change_password) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     
     if (!err) {
         err = kim_ui_init_lazy (in_context);
@@ -128,18 +130,21 @@ kim_error kim_ui_enter_identity (kim_ui_context      *in_context,
         if (in_context->type == kim_ui_type_gui_plugin) {
             err = kim_ui_plugin_enter_identity (in_context, 
                                                 io_options,
-                                                out_identity);
+                                                out_identity,
+                                                out_change_password);
             
 #ifndef LEAN_CLIENT
         } else if (in_context->type == kim_ui_type_gui_builtin) {
             err = kim_os_ui_gui_enter_identity (in_context, 
                                                 io_options,
-                                                out_identity);
+                                                out_identity,
+                                                out_change_password);
             
         } else if (in_context->type == kim_ui_type_cli) {
             err = kim_ui_cli_enter_identity (in_context, 
                                              io_options,
-                                             out_identity);
+                                             out_identity,
+                                             out_change_password);
             
 #endif /* LEAN_CLIENT */
             
@@ -155,13 +160,15 @@ kim_error kim_ui_enter_identity (kim_ui_context      *in_context,
 
 kim_error kim_ui_select_identity (kim_ui_context      *in_context,
                                   kim_selection_hints  io_hints,
-                                  kim_identity        *out_identity)
+                                  kim_identity        *out_identity,
+                                  kim_boolean         *out_change_password)
 {
     kim_error err = KIM_NO_ERROR;
     
-    if (!err && !in_context  ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    if (!err && !io_hints    ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    if (!err && !out_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+    if (!err && !in_context         ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+    if (!err && !io_hints           ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+    if (!err && !out_identity       ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+    if (!err && !out_change_password) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     
     if (!err) {
         err = kim_ui_init_lazy (in_context);
@@ -171,18 +178,21 @@ kim_error kim_ui_select_identity (kim_ui_context      *in_context,
         if (in_context->type == kim_ui_type_gui_plugin) {
             err = kim_ui_plugin_select_identity (in_context, 
                                                  io_hints,
-                                                 out_identity);
+                                                 out_identity,
+                                                 out_change_password);
             
 #ifndef LEAN_CLIENT
         } else if (in_context->type == kim_ui_type_gui_builtin) {
             err = kim_os_ui_gui_select_identity (in_context, 
                                                  io_hints,
-                                                 out_identity);
+                                                 out_identity,
+                                                 out_change_password);
             
         } else if (in_context->type == kim_ui_type_cli) {
             err = kim_ui_cli_select_identity (in_context, 
                                               io_hints,
-                                              out_identity);
+                                              out_identity,
+                                              out_change_password);
             
 #endif /* LEAN_CLIENT */
             
index 3301f322c683f76144c24e45759da7bf25c8a716..a595a3f4df38c53e60eb371bd3f2ec378ae0cab6 100644 (file)
@@ -102,14 +102,16 @@ kim_error kim_ui_cli_init (kim_ui_context *io_context)
 
 kim_error kim_ui_cli_enter_identity (kim_ui_context *in_context,
                                      kim_options     io_options,
-                                     kim_identity   *out_identity)
+                                     kim_identity   *out_identity,
+                                     kim_boolean    *out_change_password)
 {
     kim_error err = KIM_NO_ERROR;
     kim_string enter_identity_string = NULL;
     kim_string identity_string = NULL;
     
-    if (!err && !io_options  ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    if (!err && !out_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+    if (!err && !io_options         ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+    if (!err && !out_identity       ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+    if (!err && !out_change_password) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     
     if (!err) {
         err = kim_os_string_create_localized (&enter_identity_string, 
@@ -125,6 +127,10 @@ kim_error kim_ui_cli_enter_identity (kim_ui_context *in_context,
         err = kim_identity_create_from_string (out_identity, identity_string);
     }
     
+    if (!err) {
+        *out_change_password = 0;
+    }
+    
     kim_string_free (&identity_string);
     kim_string_free (&enter_identity_string);
     
@@ -135,20 +141,24 @@ kim_error kim_ui_cli_enter_identity (kim_ui_context *in_context,
 
 kim_error kim_ui_cli_select_identity (kim_ui_context      *in_context,
                                       kim_selection_hints  io_hints,
-                                      kim_identity        *out_identity)
+                                      kim_identity        *out_identity,
+                                      kim_boolean         *out_change_password)
 {
     kim_error err = KIM_NO_ERROR;
     kim_options options = NULL;
     
-    if (!err && !io_hints    ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    if (!err && !out_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+    if (!err && !io_hints           ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+    if (!err && !out_identity       ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+    if (!err && !out_change_password) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     
     if (!err) {
         err = kim_selection_hints_get_options (io_hints, &options);
     }
     
     if (!err) {
-        err = kim_ui_cli_enter_identity (in_context, options, out_identity);
+        err = kim_ui_cli_enter_identity (in_context, options, 
+                                         out_identity,
+                                         out_change_password);
     }
     
     if (!err) {
index 5b38cae080704f94a91309628e9ad3a7e340e773..f11a665b90222365e347984249dbdb911ac39e5f 100644 (file)
@@ -38,11 +38,13 @@ kim_error kim_ui_cli_init (kim_ui_context *io_context);
 
 kim_error kim_ui_cli_enter_identity (kim_ui_context *in_context,
                                      kim_options     io_options,
-                                     kim_identity   *out_identity);
+                                     kim_identity   *out_identity,
+                                     kim_boolean    *out_change_password);
 
 kim_error kim_ui_cli_select_identity (kim_ui_context      *in_context,
                                       kim_selection_hints  io_hints,
-                                      kim_identity        *out_identity);
+                                      kim_identity        *out_identity,
+                                      kim_boolean         *out_change_password);
 
 kim_error kim_ui_cli_auth_prompt (kim_ui_context      *in_context,
                                   kim_identity         in_identity,
index 4cf28f9927134a819bfbfa73f39e5f7ac4bc2a94..faf4e1596f2f4a20bd51207c150c95707c194913 100644 (file)
@@ -38,11 +38,13 @@ kim_error kim_os_ui_gui_init (kim_ui_context *io_context);
 
 kim_error kim_os_ui_gui_enter_identity (kim_ui_context *in_context,
                                         kim_options     io_options,
-                                        kim_identity   *out_identity);
+                                        kim_identity   *out_identity,
+                                        kim_boolean    *out_change_password);
 
 kim_error kim_os_ui_gui_select_identity (kim_ui_context      *in_context,
                                          kim_selection_hints  io_hints,
-                                         kim_identity        *out_identity);
+                                         kim_identity        *out_identity,
+                                         kim_boolean         *out_change_password);
 
 kim_error kim_os_ui_gui_auth_prompt (kim_ui_context      *in_context,
                                      kim_identity         in_identity,
index 2b20f34dfcc892506f36fcd1e0801677cca62d60..a19ae7535d56c62bf17eea16451f38cb8a27b445 100644 (file)
@@ -158,20 +158,23 @@ kim_error kim_ui_plugin_init (kim_ui_context *io_context)
 
 kim_error kim_ui_plugin_enter_identity (kim_ui_context *in_context,
                                         kim_options     io_options,
-                                        kim_identity   *out_identity)
+                                        kim_identity   *out_identity,
+                                        kim_boolean    *out_change_password)
 {
     kim_error err = KIM_NO_ERROR;
     
-    if (!err && !in_context  ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    if (!err && !io_options  ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    if (!err && !out_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+    if (!err && !in_context         ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+    if (!err && !io_options         ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+    if (!err && !out_identity       ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+    if (!err && !out_change_password) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     
     if (!err) {
         kim_ui_plugin_context context = (kim_ui_plugin_context) in_context->tcontext;
 
         err = context->ftable->enter_identity (context->plugin_context,
                                                io_options,
-                                               out_identity);
+                                               out_identity,
+                                               out_change_password);
     }
     
     return check_error (err);
@@ -181,20 +184,23 @@ kim_error kim_ui_plugin_enter_identity (kim_ui_context *in_context,
 
 kim_error kim_ui_plugin_select_identity (kim_ui_context      *in_context,
                                          kim_selection_hints  io_hints,
-                                         kim_identity        *out_identity)
+                                         kim_identity        *out_identity,
+                                         kim_boolean         *out_change_password)
 {
     kim_error err = KIM_NO_ERROR;
     
-    if (!err && !in_context  ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    if (!err && !io_hints    ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    if (!err && !out_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+    if (!err && !in_context         ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+    if (!err && !io_hints           ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+    if (!err && !out_identity       ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+    if (!err && !out_change_password) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     
     if (!err) {
         kim_ui_plugin_context context = (kim_ui_plugin_context) in_context->tcontext;
         
         err = context->ftable->select_identity (context->plugin_context,
                                                 io_hints, 
-                                                out_identity);
+                                                out_identity,
+                                                out_change_password);
     }
     
     return check_error (err);
index 0ee23039d7fd47adebc3f3ccad770b07716da467..397a7ad910c9c3cb91ab938b2ad531153275976e 100644 (file)
@@ -37,11 +37,13 @@ kim_error kim_ui_plugin_init (kim_ui_context *io_context);
 
 kim_error kim_ui_plugin_enter_identity (kim_ui_context *in_context,
                                         kim_options     io_options,
-                                        kim_identity   *out_identity);
+                                        kim_identity   *out_identity,
+                                        kim_boolean    *out_change_password);
 
 kim_error kim_ui_plugin_select_identity (kim_ui_context      *in_context,
                                          kim_selection_hints  io_hints,
-                                         kim_identity        *out_identity);
+                                         kim_identity        *out_identity,
+                                         kim_boolean         *out_change_password);
 
 kim_error kim_ui_plugin_auth_prompt (kim_ui_context      *in_context,
                                      kim_identity         in_identity,
index d4bf613e2731a51dfc69ab6cd77061e0022f6f93..b0a92dc99018e095a3601f5fbbc15534d7ed50a9 100644 (file)
@@ -59,11 +59,13 @@ kim_error kim_ui_init (kim_ui_context *io_context);
 
 kim_error kim_ui_enter_identity (kim_ui_context *in_context,
                                  kim_options     io_options,
-                                 kim_identity   *out_identity);
+                                 kim_identity   *out_identity,
+                                 kim_boolean    *out_change_password);
 
 kim_error kim_ui_select_identity (kim_ui_context       *in_context,
                                   kim_selection_hints   io_hints,
-                                  kim_identity         *out_identity);
+                                  kim_identity         *out_identity,
+                                  kim_boolean          *out_change_password);
 
 krb5_error_code kim_ui_prompter (krb5_context  in_krb5_context,
                                  void         *in_context,
index ec2ca608deee06d135aeb9480bfc289fcdf25e51..1b309b2e772dda019cfe1652b63ef027959e9cf7 100644 (file)
@@ -117,15 +117,19 @@ kim_error kim_os_ui_gui_init (kim_ui_context *io_context)
 
 kim_error kim_os_ui_gui_enter_identity (kim_ui_context *in_context,
                                         kim_options     io_options,
-                                        kim_identity   *out_identity)
+                                        kim_identity   *out_identity,
+                                        kim_boolean    *out_change_password)
 {
     kim_error err = KIM_NO_ERROR;
     k5_ipc_stream request = NULL;
     k5_ipc_stream reply = NULL;
     char *identity_string = NULL;
+    kim_identity identity = NULL;
+    uint32_t change_password = 0;
     
-    if (!err && !io_options  ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    if (!err && !out_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+    if (!err && !io_options         ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+    if (!err && !out_identity       ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+    if (!err && !out_change_password) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     
     if (!err) {
         err = k5_ipc_stream_new (&request);
@@ -156,15 +160,26 @@ kim_error kim_os_ui_gui_enter_identity (kim_ui_context *in_context,
     if (!err) {
         err  = k5_ipc_stream_read_string (reply, &identity_string);
     }
+
+    if (!err) {
+        err  = k5_ipc_stream_read_uint32 (reply, &change_password);
+    }
     
     if (!err) {
         err  = kim_options_read_from_stream (io_options, reply);
     }
     
     if (!err) {
-        err = kim_identity_create_from_string (out_identity, identity_string);
+        err = kim_identity_create_from_string (&identity, identity_string);
+    }
+    
+    if (!err) {
+        *out_identity = identity;
+        identity = NULL;
+        *out_change_password = change_password;
     }
     
+    kim_identity_free (&identity);
     k5_ipc_stream_free_string (identity_string);
     k5_ipc_stream_release (request);
     k5_ipc_stream_release (reply);
@@ -176,16 +191,20 @@ kim_error kim_os_ui_gui_enter_identity (kim_ui_context *in_context,
 
 kim_error kim_os_ui_gui_select_identity (kim_ui_context      *in_context,
                                          kim_selection_hints  io_hints,
-                                         kim_identity        *out_identity)
+                                         kim_identity        *out_identity,
+                                         kim_boolean         *out_change_password)
 {
     kim_error err = KIM_NO_ERROR;
     k5_ipc_stream request = NULL;
     k5_ipc_stream reply = NULL;
     char *identity_string = NULL;
     kim_options options = NULL;
+    kim_identity identity = NULL;
+    uint32_t change_password = 0;
     
-    if (!err && !io_hints    ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
-    if (!err && !out_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+    if (!err && !io_hints           ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+    if (!err && !out_identity       ) { err = check_error (KIM_NULL_PARAMETER_ERR); }
+    if (!err && !out_change_password) { err = check_error (KIM_NULL_PARAMETER_ERR); }
     
     if (!err) {
         err = k5_ipc_stream_new (&request);
@@ -218,9 +237,13 @@ kim_error kim_os_ui_gui_select_identity (kim_ui_context      *in_context,
     }
     
     if (!err) {
-        err = kim_identity_create_from_string (out_identity, identity_string);
+        err = kim_identity_create_from_string (&identity, identity_string);
     }
     
+    if (!err) {
+        err  = k5_ipc_stream_read_uint32 (reply, &change_password);
+    }
+
     if (!err) {
         err = kim_options_create_from_stream (&options, reply);
     }
@@ -229,6 +252,13 @@ kim_error kim_os_ui_gui_select_identity (kim_ui_context      *in_context,
         err = kim_selection_hints_set_options (io_hints, options);
     }
     
+    if (!err) {
+        *out_identity = identity;
+        identity = NULL;
+        *out_change_password = change_password;
+    }
+    
+    kim_identity_free (&identity);    
     kim_options_free (&options);
     k5_ipc_stream_free_string (identity_string);    
     k5_ipc_stream_release (request);