From: Alexandra Ellwood Date: Thu, 2 Oct 2008 17:38:36 +0000 (+0000) Subject: Support for change password checkbox in enter and select X-Git-Tag: krb5-1.7-alpha1~359 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=a9b51cea161acb118428631eb5a3828bb1f8047a;p=krb5.git Support for change password checkbox in enter and select identity ui elements. ticket: 6055 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20812 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/include/kim/kim_ui_plugin.h b/src/include/kim/kim_ui_plugin.h index a2058da83..a15aa419a 100644 --- a/src/include/kim/kim_ui_plugin.h +++ b/src/include/kim/kim_ui_plugin.h @@ -74,19 +74,27 @@ typedef struct kim_ui_plugin_ftable_v0 { * This is typically called when the user selects a "new tickets" * control or menu item from a ticket management utility. * If this UI calls into KIM to get new credentials it may - * call auth_prompt below. */ + * call auth_prompt below. + * If out_change_password is set to TRUE, KIM will call change_password + * on the identity and then call enter_identity again, allowing you + * to have a change password option on your UI. */ kim_error (*enter_identity) (void *in_context, kim_options io_options, - kim_identity *out_identity); + kim_identity *out_identity, + kim_boolean *out_change_password); /* Present UI to select which identity to use. * This is typically called the first time an application tries to use * Kerberos and is used to establish a hints preference for the application. * If this UI calls into KIM to get new credentials it may - * call auth_prompt below. */ + * call auth_prompt below. + * If out_change_password is set to TRUE, KIM will call change_password + * on the identity and then call select_identity again, allowing you + * to have a change password option on your UI. */ kim_error (*select_identity) (void *in_context, kim_selection_hints io_hints, - kim_identity *out_identity); + kim_identity *out_identity, + kim_boolean *out_change_password); /* Present UI to display authentication to the user */ /* If in_allow_save_reply is FALSE do not display UI to allow the user diff --git a/src/kim/agent/mac/ServerDemux.h b/src/kim/agent/mac/ServerDemux.h index 09076d4dd..39fd28107 100644 --- a/src/kim/agent/mac/ServerDemux.h +++ b/src/kim/agent/mac/ServerDemux.h @@ -36,11 +36,13 @@ int32_t kim_handle_reply_init (mach_port_t in_reply_port, int32_t kim_handle_reply_enter_identity (mach_port_t in_reply_port, kim_identity in_identity, kim_options in_options, + kim_boolean in_change_password, int32_t in_error); int32_t kim_handle_reply_select_identity (mach_port_t in_reply_port, kim_identity in_identity, kim_options in_options, + kim_boolean in_change_password, int32_t in_error); int32_t kim_handle_reply_auth_prompt (mach_port_t in_reply_port, diff --git a/src/kim/agent/mac/ServerDemux.m b/src/kim/agent/mac/ServerDemux.m index 51759801a..a2b0e6f8b 100644 --- a/src/kim/agent/mac/ServerDemux.m +++ b/src/kim/agent/mac/ServerDemux.m @@ -162,6 +162,7 @@ static int32_t kim_handle_request_enter_identity (mach_port_t in_client_port, int32_t kim_handle_reply_enter_identity (mach_port_t in_reply_port, kim_identity in_identity, kim_options in_options, + kim_boolean in_change_password, int32_t in_error) { int32_t err = 0; @@ -183,6 +184,10 @@ int32_t kim_handle_reply_enter_identity (mach_port_t in_reply_port, if (!err && !in_error) { err = k5_ipc_stream_write_string (reply, identity_string); } + + if (!err && !in_error) { + err = k5_ipc_stream_write_uint32 (reply, in_change_password); + } if (!err && !in_error) { err = kim_options_write_to_stream (in_options, reply); @@ -231,6 +236,7 @@ static int32_t kim_handle_request_select_identity (mach_port_t in_client_port, int32_t kim_handle_reply_select_identity (mach_port_t in_reply_port, kim_identity in_identity, kim_options in_options, + kim_boolean in_change_password, int32_t in_error) { int32_t err = 0; @@ -253,6 +259,10 @@ int32_t kim_handle_reply_select_identity (mach_port_t in_reply_port, err = k5_ipc_stream_write_string (reply, identity_string); } + if (!err && !in_error) { + err = k5_ipc_stream_write_uint32 (reply, in_change_password); + } + if (!err && !in_error) { err = kim_options_write_to_stream (in_options, reply); } diff --git a/src/kim/lib/kim_credential.c b/src/kim/lib/kim_credential.c index 443269891..3dd17af84 100644 --- a/src/kim/lib/kim_credential.c +++ b/src/kim/lib/kim_credential.c @@ -254,8 +254,25 @@ kim_error kim_credential_create_new_with_password (kim_credential *out_credentia if (identity) { done_with_identity = 1; - } else { - err = kim_ui_enter_identity (&context, options, &identity); + + } else while (!err && !identity) { + kim_boolean user_wants_change_password = 0; + + err = kim_ui_enter_identity (&context, options, + &identity, + &user_wants_change_password); + + if (!err && user_wants_change_password) { + err = kim_identity_change_password_common (identity, 1, + &context, + NULL); + + /* reenter enter_identity so just forget this identity + * even if we got an error */ + if (err == KIM_USER_CANCELED_ERR) { err = KIM_NO_ERROR; } + kim_identity_free (&identity); + } + } if (!err) { diff --git a/src/kim/lib/kim_selection_hints.c b/src/kim/lib/kim_selection_hints.c index c9d5df16d..90a0173f1 100644 --- a/src/kim/lib/kim_selection_hints.c +++ b/src/kim/lib/kim_selection_hints.c @@ -469,10 +469,25 @@ kim_error kim_selection_hints_get_identity (kim_selection_hints in_selection_hi err = kim_ui_init (&context); - if (!err) { + while (!err && !identity) { + kim_boolean user_wants_change_password = 0; + err = kim_ui_select_identity (&context, in_selection_hints, - &identity); + &identity, + &user_wants_change_password); + + if (!err && user_wants_change_password) { + err = kim_identity_change_password_common (identity, 1, + &context, + NULL); + + /* reenter select_identity so just forget this identity + * even if we got an error */ + if (err == KIM_USER_CANCELED_ERR) { err = KIM_NO_ERROR; } + kim_identity_free (&identity); + } + } if (context.initialized) { diff --git a/src/kim/lib/kim_ui.c b/src/kim/lib/kim_ui.c index cd119c8d3..ccc59f440 100644 --- a/src/kim/lib/kim_ui.c +++ b/src/kim/lib/kim_ui.c @@ -113,12 +113,14 @@ kim_error kim_ui_init (kim_ui_context *io_context) kim_error kim_ui_enter_identity (kim_ui_context *in_context, kim_options io_options, - kim_identity *out_identity) + kim_identity *out_identity, + kim_boolean *out_change_password) { kim_error err = KIM_NO_ERROR; - if (!err && !in_context ) { err = check_error (KIM_NULL_PARAMETER_ERR); } - if (!err && !out_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); } + if (!err && !in_context ) { err = check_error (KIM_NULL_PARAMETER_ERR); } + if (!err && !out_identity ) { err = check_error (KIM_NULL_PARAMETER_ERR); } + if (!err && !out_change_password) { err = check_error (KIM_NULL_PARAMETER_ERR); } if (!err) { err = kim_ui_init_lazy (in_context); @@ -128,18 +130,21 @@ kim_error kim_ui_enter_identity (kim_ui_context *in_context, if (in_context->type == kim_ui_type_gui_plugin) { err = kim_ui_plugin_enter_identity (in_context, io_options, - out_identity); + out_identity, + out_change_password); #ifndef LEAN_CLIENT } else if (in_context->type == kim_ui_type_gui_builtin) { err = kim_os_ui_gui_enter_identity (in_context, io_options, - out_identity); + out_identity, + out_change_password); } else if (in_context->type == kim_ui_type_cli) { err = kim_ui_cli_enter_identity (in_context, io_options, - out_identity); + out_identity, + out_change_password); #endif /* LEAN_CLIENT */ @@ -155,13 +160,15 @@ kim_error kim_ui_enter_identity (kim_ui_context *in_context, kim_error kim_ui_select_identity (kim_ui_context *in_context, kim_selection_hints io_hints, - kim_identity *out_identity) + kim_identity *out_identity, + kim_boolean *out_change_password) { kim_error err = KIM_NO_ERROR; - if (!err && !in_context ) { err = check_error (KIM_NULL_PARAMETER_ERR); } - if (!err && !io_hints ) { err = check_error (KIM_NULL_PARAMETER_ERR); } - if (!err && !out_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); } + if (!err && !in_context ) { err = check_error (KIM_NULL_PARAMETER_ERR); } + if (!err && !io_hints ) { err = check_error (KIM_NULL_PARAMETER_ERR); } + if (!err && !out_identity ) { err = check_error (KIM_NULL_PARAMETER_ERR); } + if (!err && !out_change_password) { err = check_error (KIM_NULL_PARAMETER_ERR); } if (!err) { err = kim_ui_init_lazy (in_context); @@ -171,18 +178,21 @@ kim_error kim_ui_select_identity (kim_ui_context *in_context, if (in_context->type == kim_ui_type_gui_plugin) { err = kim_ui_plugin_select_identity (in_context, io_hints, - out_identity); + out_identity, + out_change_password); #ifndef LEAN_CLIENT } else if (in_context->type == kim_ui_type_gui_builtin) { err = kim_os_ui_gui_select_identity (in_context, io_hints, - out_identity); + out_identity, + out_change_password); } else if (in_context->type == kim_ui_type_cli) { err = kim_ui_cli_select_identity (in_context, io_hints, - out_identity); + out_identity, + out_change_password); #endif /* LEAN_CLIENT */ diff --git a/src/kim/lib/kim_ui_cli.c b/src/kim/lib/kim_ui_cli.c index 3301f322c..a595a3f4d 100644 --- a/src/kim/lib/kim_ui_cli.c +++ b/src/kim/lib/kim_ui_cli.c @@ -102,14 +102,16 @@ kim_error kim_ui_cli_init (kim_ui_context *io_context) kim_error kim_ui_cli_enter_identity (kim_ui_context *in_context, kim_options io_options, - kim_identity *out_identity) + kim_identity *out_identity, + kim_boolean *out_change_password) { kim_error err = KIM_NO_ERROR; kim_string enter_identity_string = NULL; kim_string identity_string = NULL; - if (!err && !io_options ) { err = check_error (KIM_NULL_PARAMETER_ERR); } - if (!err && !out_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); } + if (!err && !io_options ) { err = check_error (KIM_NULL_PARAMETER_ERR); } + if (!err && !out_identity ) { err = check_error (KIM_NULL_PARAMETER_ERR); } + if (!err && !out_change_password) { err = check_error (KIM_NULL_PARAMETER_ERR); } if (!err) { err = kim_os_string_create_localized (&enter_identity_string, @@ -125,6 +127,10 @@ kim_error kim_ui_cli_enter_identity (kim_ui_context *in_context, err = kim_identity_create_from_string (out_identity, identity_string); } + if (!err) { + *out_change_password = 0; + } + kim_string_free (&identity_string); kim_string_free (&enter_identity_string); @@ -135,20 +141,24 @@ kim_error kim_ui_cli_enter_identity (kim_ui_context *in_context, kim_error kim_ui_cli_select_identity (kim_ui_context *in_context, kim_selection_hints io_hints, - kim_identity *out_identity) + kim_identity *out_identity, + kim_boolean *out_change_password) { kim_error err = KIM_NO_ERROR; kim_options options = NULL; - if (!err && !io_hints ) { err = check_error (KIM_NULL_PARAMETER_ERR); } - if (!err && !out_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); } + if (!err && !io_hints ) { err = check_error (KIM_NULL_PARAMETER_ERR); } + if (!err && !out_identity ) { err = check_error (KIM_NULL_PARAMETER_ERR); } + if (!err && !out_change_password) { err = check_error (KIM_NULL_PARAMETER_ERR); } if (!err) { err = kim_selection_hints_get_options (io_hints, &options); } if (!err) { - err = kim_ui_cli_enter_identity (in_context, options, out_identity); + err = kim_ui_cli_enter_identity (in_context, options, + out_identity, + out_change_password); } if (!err) { diff --git a/src/kim/lib/kim_ui_cli_private.h b/src/kim/lib/kim_ui_cli_private.h index 5b38cae08..f11a665b9 100644 --- a/src/kim/lib/kim_ui_cli_private.h +++ b/src/kim/lib/kim_ui_cli_private.h @@ -38,11 +38,13 @@ kim_error kim_ui_cli_init (kim_ui_context *io_context); kim_error kim_ui_cli_enter_identity (kim_ui_context *in_context, kim_options io_options, - kim_identity *out_identity); + kim_identity *out_identity, + kim_boolean *out_change_password); kim_error kim_ui_cli_select_identity (kim_ui_context *in_context, kim_selection_hints io_hints, - kim_identity *out_identity); + kim_identity *out_identity, + kim_boolean *out_change_password); kim_error kim_ui_cli_auth_prompt (kim_ui_context *in_context, kim_identity in_identity, diff --git a/src/kim/lib/kim_ui_gui_private.h b/src/kim/lib/kim_ui_gui_private.h index 4cf28f992..faf4e1596 100644 --- a/src/kim/lib/kim_ui_gui_private.h +++ b/src/kim/lib/kim_ui_gui_private.h @@ -38,11 +38,13 @@ kim_error kim_os_ui_gui_init (kim_ui_context *io_context); kim_error kim_os_ui_gui_enter_identity (kim_ui_context *in_context, kim_options io_options, - kim_identity *out_identity); + kim_identity *out_identity, + kim_boolean *out_change_password); kim_error kim_os_ui_gui_select_identity (kim_ui_context *in_context, kim_selection_hints io_hints, - kim_identity *out_identity); + kim_identity *out_identity, + kim_boolean *out_change_password); kim_error kim_os_ui_gui_auth_prompt (kim_ui_context *in_context, kim_identity in_identity, diff --git a/src/kim/lib/kim_ui_plugin.c b/src/kim/lib/kim_ui_plugin.c index 2b20f34df..a19ae7535 100644 --- a/src/kim/lib/kim_ui_plugin.c +++ b/src/kim/lib/kim_ui_plugin.c @@ -158,20 +158,23 @@ kim_error kim_ui_plugin_init (kim_ui_context *io_context) kim_error kim_ui_plugin_enter_identity (kim_ui_context *in_context, kim_options io_options, - kim_identity *out_identity) + kim_identity *out_identity, + kim_boolean *out_change_password) { kim_error err = KIM_NO_ERROR; - if (!err && !in_context ) { err = check_error (KIM_NULL_PARAMETER_ERR); } - if (!err && !io_options ) { err = check_error (KIM_NULL_PARAMETER_ERR); } - if (!err && !out_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); } + if (!err && !in_context ) { err = check_error (KIM_NULL_PARAMETER_ERR); } + if (!err && !io_options ) { err = check_error (KIM_NULL_PARAMETER_ERR); } + if (!err && !out_identity ) { err = check_error (KIM_NULL_PARAMETER_ERR); } + if (!err && !out_change_password) { err = check_error (KIM_NULL_PARAMETER_ERR); } if (!err) { kim_ui_plugin_context context = (kim_ui_plugin_context) in_context->tcontext; err = context->ftable->enter_identity (context->plugin_context, io_options, - out_identity); + out_identity, + out_change_password); } return check_error (err); @@ -181,20 +184,23 @@ kim_error kim_ui_plugin_enter_identity (kim_ui_context *in_context, kim_error kim_ui_plugin_select_identity (kim_ui_context *in_context, kim_selection_hints io_hints, - kim_identity *out_identity) + kim_identity *out_identity, + kim_boolean *out_change_password) { kim_error err = KIM_NO_ERROR; - if (!err && !in_context ) { err = check_error (KIM_NULL_PARAMETER_ERR); } - if (!err && !io_hints ) { err = check_error (KIM_NULL_PARAMETER_ERR); } - if (!err && !out_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); } + if (!err && !in_context ) { err = check_error (KIM_NULL_PARAMETER_ERR); } + if (!err && !io_hints ) { err = check_error (KIM_NULL_PARAMETER_ERR); } + if (!err && !out_identity ) { err = check_error (KIM_NULL_PARAMETER_ERR); } + if (!err && !out_change_password) { err = check_error (KIM_NULL_PARAMETER_ERR); } if (!err) { kim_ui_plugin_context context = (kim_ui_plugin_context) in_context->tcontext; err = context->ftable->select_identity (context->plugin_context, io_hints, - out_identity); + out_identity, + out_change_password); } return check_error (err); diff --git a/src/kim/lib/kim_ui_plugin_private.h b/src/kim/lib/kim_ui_plugin_private.h index 0ee23039d..397a7ad91 100644 --- a/src/kim/lib/kim_ui_plugin_private.h +++ b/src/kim/lib/kim_ui_plugin_private.h @@ -37,11 +37,13 @@ kim_error kim_ui_plugin_init (kim_ui_context *io_context); kim_error kim_ui_plugin_enter_identity (kim_ui_context *in_context, kim_options io_options, - kim_identity *out_identity); + kim_identity *out_identity, + kim_boolean *out_change_password); kim_error kim_ui_plugin_select_identity (kim_ui_context *in_context, kim_selection_hints io_hints, - kim_identity *out_identity); + kim_identity *out_identity, + kim_boolean *out_change_password); kim_error kim_ui_plugin_auth_prompt (kim_ui_context *in_context, kim_identity in_identity, diff --git a/src/kim/lib/kim_ui_private.h b/src/kim/lib/kim_ui_private.h index d4bf613e2..b0a92dc99 100644 --- a/src/kim/lib/kim_ui_private.h +++ b/src/kim/lib/kim_ui_private.h @@ -59,11 +59,13 @@ kim_error kim_ui_init (kim_ui_context *io_context); kim_error kim_ui_enter_identity (kim_ui_context *in_context, kim_options io_options, - kim_identity *out_identity); + kim_identity *out_identity, + kim_boolean *out_change_password); kim_error kim_ui_select_identity (kim_ui_context *in_context, kim_selection_hints io_hints, - kim_identity *out_identity); + kim_identity *out_identity, + kim_boolean *out_change_password); krb5_error_code kim_ui_prompter (krb5_context in_krb5_context, void *in_context, diff --git a/src/kim/lib/mac/kim_os_ui_gui.c b/src/kim/lib/mac/kim_os_ui_gui.c index ec2ca608d..1b309b2e7 100644 --- a/src/kim/lib/mac/kim_os_ui_gui.c +++ b/src/kim/lib/mac/kim_os_ui_gui.c @@ -117,15 +117,19 @@ kim_error kim_os_ui_gui_init (kim_ui_context *io_context) kim_error kim_os_ui_gui_enter_identity (kim_ui_context *in_context, kim_options io_options, - kim_identity *out_identity) + kim_identity *out_identity, + kim_boolean *out_change_password) { kim_error err = KIM_NO_ERROR; k5_ipc_stream request = NULL; k5_ipc_stream reply = NULL; char *identity_string = NULL; + kim_identity identity = NULL; + uint32_t change_password = 0; - if (!err && !io_options ) { err = check_error (KIM_NULL_PARAMETER_ERR); } - if (!err && !out_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); } + if (!err && !io_options ) { err = check_error (KIM_NULL_PARAMETER_ERR); } + if (!err && !out_identity ) { err = check_error (KIM_NULL_PARAMETER_ERR); } + if (!err && !out_change_password) { err = check_error (KIM_NULL_PARAMETER_ERR); } if (!err) { err = k5_ipc_stream_new (&request); @@ -156,15 +160,26 @@ kim_error kim_os_ui_gui_enter_identity (kim_ui_context *in_context, if (!err) { err = k5_ipc_stream_read_string (reply, &identity_string); } + + if (!err) { + err = k5_ipc_stream_read_uint32 (reply, &change_password); + } if (!err) { err = kim_options_read_from_stream (io_options, reply); } if (!err) { - err = kim_identity_create_from_string (out_identity, identity_string); + err = kim_identity_create_from_string (&identity, identity_string); + } + + if (!err) { + *out_identity = identity; + identity = NULL; + *out_change_password = change_password; } + kim_identity_free (&identity); k5_ipc_stream_free_string (identity_string); k5_ipc_stream_release (request); k5_ipc_stream_release (reply); @@ -176,16 +191,20 @@ kim_error kim_os_ui_gui_enter_identity (kim_ui_context *in_context, kim_error kim_os_ui_gui_select_identity (kim_ui_context *in_context, kim_selection_hints io_hints, - kim_identity *out_identity) + kim_identity *out_identity, + kim_boolean *out_change_password) { kim_error err = KIM_NO_ERROR; k5_ipc_stream request = NULL; k5_ipc_stream reply = NULL; char *identity_string = NULL; kim_options options = NULL; + kim_identity identity = NULL; + uint32_t change_password = 0; - if (!err && !io_hints ) { err = check_error (KIM_NULL_PARAMETER_ERR); } - if (!err && !out_identity) { err = check_error (KIM_NULL_PARAMETER_ERR); } + if (!err && !io_hints ) { err = check_error (KIM_NULL_PARAMETER_ERR); } + if (!err && !out_identity ) { err = check_error (KIM_NULL_PARAMETER_ERR); } + if (!err && !out_change_password) { err = check_error (KIM_NULL_PARAMETER_ERR); } if (!err) { err = k5_ipc_stream_new (&request); @@ -218,9 +237,13 @@ kim_error kim_os_ui_gui_select_identity (kim_ui_context *in_context, } if (!err) { - err = kim_identity_create_from_string (out_identity, identity_string); + err = kim_identity_create_from_string (&identity, identity_string); } + if (!err) { + err = k5_ipc_stream_read_uint32 (reply, &change_password); + } + if (!err) { err = kim_options_create_from_stream (&options, reply); } @@ -229,6 +252,13 @@ kim_error kim_os_ui_gui_select_identity (kim_ui_context *in_context, err = kim_selection_hints_set_options (io_hints, options); } + if (!err) { + *out_identity = identity; + identity = NULL; + *out_change_password = change_password; + } + + kim_identity_free (&identity); kim_options_free (&options); k5_ipc_stream_free_string (identity_string); k5_ipc_stream_release (request);