From 67aa2eb7cd9ebbb08e2247c124f3947cb526136e Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Thu, 21 Sep 2006 21:49:41 +0000 Subject: [PATCH] KFW 3.1 Beta 2 NetIDMgr Changes source for (1.1.0.1) - Updated documentation with additional information and fixed errors. nidmgr32.dll (1.1.0.1) - Fixed a deadlock in the configuration provider that may cause NetIDMgr to deadlock on load. - Prevent the configuration provider handle list from getting corrupted in the event of a plug-in freeing a handle twice. - Add more parameter validation for the configuration provider. - If a plug-in is only partially registered (only some of the entries were set in the registry), the completion of the registration didn't complete successfully, leaving the plug-in in an unusable state. This has been fixed. Plug-ins will now successfully complete registration once they are loaded for the first time, assuming the correct resources are present in the module. - Fixed notifications for setting a default identity. Notifications were not being properly sent out resulting in the credentials window not being updated when the default identity changed. - Changes to the API for type safety. - Handling of binary data fields was changed to support validation and comparison. - Data types that do not support KCDB_CBSIZE_AUTO now check for and report an error if it is specified. - Password fields in the new credentials dialog will trim leading and trailing whitespace before using a user-entered value. - Change password action will no longer be disabled if no identity is selected. An identity selection control is present in the dialog making this restriction unnecessary. - When renewing credentials, error messages will be suppressed if the renewal was for an identity and the identity does not have any identity credentials associated with it. - Error messages that are related to credentials acquisition or password changes will now display the name of the identity that the error applies to. - Automatic renewals now renews all identities that have credentials associated with them instead of just the default identity. - Fixed a bug where error messages did not have a default button which can be invoked with the return key or the space bar. - The new credentials window will force itself to the top. This can be disabled via a registry setting, but is on by default. - Fixed the sort order in the new credentials tabs to respect sort hints provided by plug-ins. - If a new credentials operation fails, the password fields will be cleared. - Once a new credentials operation starts, the controls for specifying the identity and password and any other custom prompts will be disabled until the operation completes. - Notifications during the new credentials operation now supply a handle to the proper data structures as documented. - Hyperlinks in the new credentials dialog now support markup that will prevent the dialog from switching to the credentials type panel when the link is activated. - If there are too many buttons added by plug-ins in the new credentials dialog, they will be resized to accomodate all of them. - The options button in the new credentials dialog will be disabled while a new credentials operation is in progress. - The 'about' dialog retains the original copyright strings included in the resource. - Multiple modal dialogs are now supported. Only the topmost one will be active. Once it is closed, the other dialogs will gain focus in turn. This allows for error messages to be displayed from other modal dialogs. - The hypertext window supports italics. krb4cred.dll (1.1.0.1) - Fixed a bug where the plug-in would attempt to free a handle twice. - Fixed a handle leak. - Changed the facility name used for event reporting to match the credentials type name. krb5cred.dll (1.1.0.1) - Fixed handling of expired passwords. If the password for an identity is found to have expired at the time a new credentials acquisition is in progress, the user will be given an opportunity to change the password. If this is successful, the new credentials operation will continue with the new password. - Prevent the new credentials dialog from switching to the Kerberos 5 credentials panel during a password change. - Prompts that were cached indefinitely will now have a limited lifetime. Prompt caches that were created using prior versions of the plug-in will automatically expire. - Multistrings in the resource files were converted to CSV to protect them against a bug in Visual Studio 2005 which corrupted multistrings. - Added handling of and reporting WinSock errors that are returned from the Kerberos 5 libraries. - Fixed uninitialized variables. - The username and realm that is entered when selecting an identity will be trimmed of leading and trailing whitespace. - Changed the facility name used for event reporting to match the credentials type name. ticket: new component: windows tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18604 dc483132-0cff-0310-8789-dd5450dbe970 --- src/windows/identity/Makefile | 4 +- src/windows/identity/apiversion.txt | 35 ++- src/windows/identity/config/Makefile.w2k | 5 +- src/windows/identity/config/Makefile.w32 | 5 +- src/windows/identity/kconfig/api.c | 93 ++++++-- src/windows/identity/kcreddb/attrib.c | 4 +- src/windows/identity/kcreddb/buf.c | 6 +- src/windows/identity/kcreddb/credential.c | 10 +- src/windows/identity/kcreddb/credtype.c | 4 +- src/windows/identity/kcreddb/identity.c | 13 +- src/windows/identity/kcreddb/kcreddb.h | 81 +++++-- src/windows/identity/kcreddb/type.c | 34 ++- .../identity/plugins/krb4/krb4configdlg.c | 2 +- src/windows/identity/plugins/krb4/krbcred.h | 2 +- .../identity/plugins/krb5/errorfuncs.c | 46 +++- src/windows/identity/plugins/krb5/krb5funcs.c | 2 +- .../identity/plugins/krb5/krb5identpro.c | 43 +++- src/windows/identity/plugins/krb5/krb5main.c | 2 +- .../identity/plugins/krb5/krb5newcreds.c | 215 ++++++++++++++++-- .../identity/plugins/krb5/krbconfig.csv | 2 + .../plugins/krb5/lang/en_us/langres.rc | 2 +- .../identity/plugins/krb5/lang/krb5_msgs.mc | 36 +++ .../sample/templates/credprov/Makefile | 28 +-- src/windows/identity/ui/aboutwnd.c | 3 + src/windows/identity/ui/credfuncs.c | 157 +++++++++++-- src/windows/identity/ui/credwnd.c | 4 + src/windows/identity/ui/lang/en_us/khapp.rc | 13 +- src/windows/identity/ui/newcredwnd.c | 61 ++++- src/windows/identity/ui/notifier.c | 3 + src/windows/identity/ui/resource.h | 3 + src/windows/identity/ui/uiconfig.csv | 3 + src/windows/identity/uilib/action.c | 3 - src/windows/identity/uilib/creddlg.c | 30 +++ src/windows/identity/uilib/khconfigui.h | 11 + src/windows/identity/uilib/khhtlink.h | 29 ++- src/windows/identity/uilib/khnewcred.h | 10 +- 36 files changed, 843 insertions(+), 161 deletions(-) diff --git a/src/windows/identity/Makefile b/src/windows/identity/Makefile index f96cb0a11..1ed267d2e 100644 --- a/src/windows/identity/Makefile +++ b/src/windows/identity/Makefile @@ -160,7 +160,7 @@ krb5plugin: plugincommon $(ECHO) -- Done with $@ !ifndef NO_KRB4 -finale: krb4plugin +doc: krb4plugin krb4plugin: plugincommon $(ECHO) -- Entering $@ @@ -181,7 +181,7 @@ afsplugin: plugincommon $(ECHO) -- Done with $@ !endif -finale: krb5plugin +finale: krb5plugin doc $(ECHO) -- Done. pdoc: diff --git a/src/windows/identity/apiversion.txt b/src/windows/identity/apiversion.txt index 813dcd699..2a49540cd 100644 --- a/src/windows/identity/apiversion.txt +++ b/src/windows/identity/apiversion.txt @@ -1,4 +1,5 @@ -# Copyright (c) 2004 Massachusetts Institute of Technology +# Copyright (c) 2004-2006 Massachusetts Institute of Technology +# Copyright (c) 2006 Secure Endpoints Inc. # # Permission is hereby granted, free of charge, to any person # obtaining a copy of this software and associated documentation files @@ -180,3 +181,35 @@ Date=(TBD) +Schema:NetIDMgr\PluginManager\Modules\\Disabled +Schema:NetIDMgr\PluginManager\Plugins\\Disabled # If non-zero, the corresponding module or plug-in is disabled. + +!kcdb_identity_set_attrib(), kcdb_identity_get_attrib(), kcdb_identity_get_attrib_string() +# Attribute name parameter is now a const pointer to a wchar_t string + +!kcdb_cred_create() +# Name parameter is now a const pointer to a wchar_t string + +!kcdb_cred_set_attrib(), kcdb_cred_get_attrib() +!kcdb_cred_get_attrib_string(), kcdb_creds_comp_attrib() +# Attribute name parameter is now a const pointer to a wchar_t string + +!kcdb_type_get_id() +# Name parameter is now a const pointer to a wchar_t string + +!kcdb_type_register() +# type parameter is now a const pointer + +!kcdb_attrib_get_id() +# Name parameter is now a const pointer + +!kcdb_attrib_register() +# attrib parameter is now a const pointer + +!kcdb_credtype_register() +# type parameter is now a const pointer + +!kcdb_credtype_get_id() +# name parameter is now a const pointer + +!kcdb_buf_get_attrib(), kcdb_buf_get_attrib_string(), kcbd_buf_set_attrib() +# attr_name is now a const pointer + diff --git a/src/windows/identity/config/Makefile.w2k b/src/windows/identity/config/Makefile.w2k index f33176611..0677d13c9 100644 --- a/src/windows/identity/config/Makefile.w2k +++ b/src/windows/identity/config/Makefile.w2k @@ -4,6 +4,7 @@ # in the build tree. # # Copyright (c) 2004,2005 Massachusetts Institute of Technology +# Copyright (c) 2006 Secure Endpoints Inc. # # Permission is hereby granted, free of charge, to any person # obtaining a copy of this software and associated documentation files @@ -46,7 +47,7 @@ KHIMAIRA_WIN32_CONFIG=1 # Version info NETIDMGR_VERSION_MAJOR=1 NETIDMGR_VERSION_MINOR=1 -NETIDMGR_VERSION_PATCH=0 +NETIDMGR_VERSION_PATCH=1 NETIDMGR_VERSION_AUX=2 NETIDMGR_RELEASEDESC= @@ -57,7 +58,7 @@ NETIDMGR_RELEASEDESC= # # Changes to the API version numbers should be documented in # apiversion.txt at the root of the source tree. -NETIDMGR_VERSION_API=5 +NETIDMGR_VERSION_API=6 # Minimum backwards compatible version. API versions from # NETIDMGR_VERSION_API_MINCOMPAT through NETIDMGR_VERSION_API diff --git a/src/windows/identity/config/Makefile.w32 b/src/windows/identity/config/Makefile.w32 index e1e8e6064..0f47bcb13 100644 --- a/src/windows/identity/config/Makefile.w32 +++ b/src/windows/identity/config/Makefile.w32 @@ -3,7 +3,8 @@ # This file will be included by all the makefiles # in the build tree. # -# Copyright (c) 2004,2005 Massachusetts Institute of Technology +# Copyright (c) 2004,2005,2006 Massachusetts Institute of Technology +# Copyright (c) 2006 Secure Endpoints Inc. # # Permission is hereby granted, free of charge, to any person # obtaining a copy of this software and associated documentation files @@ -57,7 +58,7 @@ NETIDMGR_RELEASEDESC= # # Changes to the API version numbers should be documented in # apiversion.txt at the root of the source tree. -NETIDMGR_VERSION_API=5 +NETIDMGR_VERSION_API=6 # Minimum backwards compatible version. API versions from # NETIDMGR_VERSION_API_MINCOMPAT through NETIDMGR_VERSION_API diff --git a/src/windows/identity/kconfig/api.c b/src/windows/identity/kconfig/api.c index 4ee210d6c..190b59e07 100644 --- a/src/windows/identity/kconfig/api.c +++ b/src/windows/identity/kconfig/api.c @@ -64,6 +64,9 @@ void exit_kconf(void) { khcint_free_space(conf_root); + LeaveCriticalSection(&cs_conf_global); + DeleteCriticalSection(&cs_conf_global); + EnterCriticalSection(&cs_conf_handle); while(conf_free_handles) { LPOP(&conf_free_handles, &h); @@ -80,12 +83,10 @@ void exit_kconf(void) { } LeaveCriticalSection(&cs_conf_handle); DeleteCriticalSection(&cs_conf_handle); - - LeaveCriticalSection(&cs_conf_global); - DeleteCriticalSection(&cs_conf_global); } } +/* obtains cs_conf_handle/cs_conf_global */ kconf_handle * khcint_handle_from_space(kconf_conf_space * s, khm_int32 flags) { @@ -110,7 +111,7 @@ khcint_handle_from_space(kconf_conf_space * s, khm_int32 flags) return h; } -/* must be called with cs_conf_global held */ +/* obtains cs_conf_handle/cs_conf_global */ void khcint_handle_free(kconf_handle * h) { @@ -130,6 +131,10 @@ khcint_handle_free(kconf_handle * h) if(a == NULL) { DebugBreak(); + + /* hmm. the handle was not in the in-use list */ + LeaveCriticalSection(&cs_conf_handle); + return; } } #endif @@ -140,12 +145,14 @@ khcint_handle_free(kconf_handle * h) h->space = NULL; } lower = h->lower; + h->magic = 0; LPUSH(&conf_free_handles, h); h = lower; } LeaveCriticalSection(&cs_conf_handle); } +/* obains cs_conf_handle/cs_conf_global */ kconf_handle * khcint_handle_dup(kconf_handle * o) { @@ -165,6 +172,7 @@ khcint_handle_dup(kconf_handle * o) return r; } +/* obtains cs_conf_global */ void khcint_space_hold(kconf_conf_space * s) { EnterCriticalSection(&cs_conf_global); @@ -172,6 +180,7 @@ khcint_space_hold(kconf_conf_space * s) { LeaveCriticalSection(&cs_conf_global); } +/* obtains cs_conf_global */ void khcint_space_release(kconf_conf_space * s) { khm_int32 l; @@ -535,7 +544,7 @@ khcint_RegCreateKeyEx(HKEY hKey, return rv; } - +/* obtains cs_conf_global */ HKEY khcint_space_open_key(kconf_conf_space * s, khm_int32 flags) { HKEY hk = NULL; @@ -605,6 +614,7 @@ khcint_space_open_key(kconf_conf_space * s, khm_int32 flags) { } } +/* obtains cs_conf_handle/cs_conf_global */ KHMEXP khm_int32 KHMAPI khc_shadow_space(khm_handle upper, khm_handle lower) { @@ -613,18 +623,20 @@ khc_shadow_space(khm_handle upper, khm_handle lower) if(!khc_is_config_running()) return KHM_ERROR_NOT_READY; - if(!khc_is_handle(upper)) + if(!khc_is_handle(upper)) { +#ifdef DEBUG + DebugBreak(); +#endif return KHM_ERROR_INVALID_PARAM; + } h = (kconf_handle *) upper; EnterCriticalSection(&cs_conf_handle); if(h->lower) { - LeaveCriticalSection(&cs_conf_handle); EnterCriticalSection(&cs_conf_global); khcint_handle_free(h->lower); LeaveCriticalSection(&cs_conf_global); - EnterCriticalSection(&cs_conf_handle); h->lower = NULL; } @@ -633,9 +645,7 @@ khc_shadow_space(khm_handle upper, khm_handle lower) kconf_handle * lc; l = (kconf_handle *) lower; - LeaveCriticalSection(&cs_conf_handle); lc = khcint_handle_dup(l); - EnterCriticalSection(&cs_conf_handle); h->lower = lc; } LeaveCriticalSection(&cs_conf_handle); @@ -643,6 +653,7 @@ khc_shadow_space(khm_handle upper, khm_handle lower) return KHM_ERROR_SUCCESS; } +/* no locks */ kconf_conf_space * khcint_create_empty_space(void) { kconf_conf_space * r; @@ -654,6 +665,7 @@ khcint_create_empty_space(void) { return r; } +/* called with cs_conf_global */ void khcint_free_space(kconf_conf_space * r) { kconf_conf_space * c; @@ -682,6 +694,7 @@ khcint_free_space(kconf_conf_space * r) { PFREE(r); } +/* obtains cs_conf_global */ khm_int32 khcint_open_space(kconf_conf_space * parent, const wchar_t * sname, size_t n_sname, @@ -795,6 +808,7 @@ khcint_open_space(kconf_conf_space * parent, return KHM_ERROR_SUCCESS; } +/* obtains cs_conf_handle/cs_conf_global */ KHMEXP khm_int32 KHMAPI khc_open_space(khm_handle parent, const wchar_t * cspace, khm_int32 flags, khm_handle * result) { @@ -809,8 +823,12 @@ khc_open_space(khm_handle parent, const wchar_t * cspace, khm_int32 flags, return KHM_ERROR_NOT_READY; } - if(!result || (parent && !khc_is_handle(parent))) + if(!result || (parent && !khc_is_handle(parent))) { +#ifdef DEBUG + DebugBreak(); +#endif return KHM_ERROR_INVALID_PARAM; + } if(!parent) p = conf_root; @@ -891,18 +909,24 @@ khc_open_space(khm_handle parent, const wchar_t * cspace, khm_int32 flags, return rv; } +/* obtains cs_conf_handle/cs_conf_global */ KHMEXP khm_int32 KHMAPI khc_close_space(khm_handle csp) { if(!khc_is_config_running()) return KHM_ERROR_NOT_READY; - if(!khc_is_handle(csp)) + if(!khc_is_handle(csp)) { +#ifdef DEBUG + DebugBreak(); +#endif return KHM_ERROR_INVALID_PARAM; + } khcint_handle_free((kconf_handle *) csp); return KHM_ERROR_SUCCESS; } +/* obtains cs_conf_handle/cs_conf_global */ KHMEXP khm_int32 KHMAPI khc_read_string(khm_handle pconf, const wchar_t * pvalue, @@ -1066,6 +1090,7 @@ _exit: return rv; } +/* obtains cs_conf_handle/cs_conf_global */ KHMEXP khm_int32 KHMAPI khc_read_int32(khm_handle pconf, const wchar_t * pvalue, khm_int32 * buf) { kconf_conf_space * c; @@ -1188,6 +1213,7 @@ _exit: return rv; } +/* obtains cs_conf_handle/cs_conf_global */ KHMEXP khm_int32 KHMAPI khc_read_int64(khm_handle pconf, const wchar_t * pvalue, khm_int64 * buf) { kconf_conf_space * c; @@ -1307,6 +1333,7 @@ _exit: return rv; } +/* obtaincs cs_conf_handle/cs_conf_global */ KHMEXP khm_int32 KHMAPI khc_read_binary(khm_handle pconf, const wchar_t * pvalue, void * buf, khm_size * bufsize) { @@ -1431,6 +1458,7 @@ _exit: return rv; } +/* obtains cs_conf_handle/cs_conf_global */ KHMEXP khm_int32 KHMAPI khc_write_string(khm_handle pconf, const wchar_t * pvalue, @@ -1536,6 +1564,7 @@ _exit: return rv; } +/* obtaincs cs_conf_handle/cs_conf_global */ KHMEXP khm_int32 KHMAPI khc_write_int32(khm_handle pconf, const wchar_t * pvalue, @@ -1614,6 +1643,7 @@ khc_write_int32(khm_handle pconf, return rv; } +/* obtains cs_conf_handle/cs_conf_global */ KHMEXP khm_int32 KHMAPI khc_write_int64(khm_handle pconf, const wchar_t * pvalue, khm_int64 buf) { HKEY pk = NULL; @@ -1689,6 +1719,7 @@ khc_write_int64(khm_handle pconf, const wchar_t * pvalue, khm_int64 buf) { return rv; } +/* obtains cs_conf_handle/cs_conf_global */ KHMEXP khm_int32 KHMAPI khc_write_binary(khm_handle pconf, const wchar_t * pvalue, @@ -1757,6 +1788,7 @@ khc_write_binary(khm_handle pconf, return rv; } +/* no locks */ KHMEXP khm_int32 KHMAPI khc_get_config_space_name(khm_handle conf, wchar_t * buf, khm_size * bufsize) { @@ -1798,6 +1830,7 @@ khc_get_config_space_name(khm_handle conf, return rv; } +/* obtains cs_conf_handle/cs_conf_global */ KHMEXP khm_int32 KHMAPI khc_get_config_space_parent(khm_handle conf, khm_handle * parent) { kconf_conf_space * c; @@ -1818,6 +1851,7 @@ khc_get_config_space_parent(khm_handle conf, khm_handle * parent) { return KHM_ERROR_SUCCESS; } +/* obtains cs_conf_global */ KHMEXP khm_int32 KHMAPI khc_get_type(khm_handle conf, const wchar_t * value) { HKEY hkm = NULL; @@ -1833,7 +1867,7 @@ khc_get_type(khm_handle conf, const wchar_t * value) { if(!khc_is_handle(conf)) return KC_NONE; - c = (kconf_conf_space *) conf; + c = khc_space_from_handle(conf); if(!khc_is_machine_handle(conf)) hku = khcint_space_open_key(c, KHM_PERM_READ); @@ -1876,6 +1910,7 @@ khc_get_type(khm_handle conf, const wchar_t * value) { return rv; } +/* obtains cs_conf_global */ KHMEXP khm_int32 KHMAPI khc_value_exists(khm_handle conf, const wchar_t * value) { HKEY hku = NULL; @@ -1915,6 +1950,7 @@ khc_value_exists(khm_handle conf, const wchar_t * value) { return rv; } +/* obtains cs_conf_global */ KHMEXP khm_int32 KHMAPI khc_remove_value(khm_handle conf, const wchar_t * value, khm_int32 flags) { HKEY hku = NULL; @@ -2036,6 +2072,7 @@ khcint_remove_space(kconf_conf_space * c, khm_int32 flags) { return KHM_ERROR_SUCCESS; } +/* obtains cs_conf_global */ KHMEXP khm_int32 KHMAPI khc_remove_space(khm_handle conf) { @@ -2078,6 +2115,7 @@ khc_remove_space(khm_handle conf) { return rv; } +/* no locks */ khm_boolean khcint_is_valid_name(wchar_t * name) { @@ -2087,6 +2125,7 @@ khcint_is_valid_name(wchar_t * name) return TRUE; } +/* no locks */ khm_int32 khcint_validate_schema(const kconf_schema * schema, int begin, @@ -2149,6 +2188,7 @@ khcint_validate_schema(const kconf_schema * schema, return KHM_ERROR_SUCCESS; } +/* obtains cs_conf_handle/cs_conf_global; called with cs_conf_global */ khm_int32 khcint_load_schema_i(khm_handle parent, const kconf_schema * schema, int begin, int * end) @@ -2163,11 +2203,16 @@ khcint_load_schema_i(khm_handle parent, const kconf_schema * schema, while(!end_found) { switch(state) { case 0: /* initial. this record should start a config space */ + LeaveCriticalSection(&cs_conf_global); if(KHM_FAILED(khc_open_space(parent, schema[i].name, - KHM_FLAG_CREATE, &h))) + KHM_FLAG_CREATE, &h))) { + EnterCriticalSection(&cs_conf_global); return KHM_ERROR_INVALID_PARAM; + } + EnterCriticalSection(&cs_conf_global); thisconf = khc_space_from_handle(h); thisconf->schema = schema + (begin + 1); + thisconf->nSchema = 0; state = 1; break; @@ -2182,7 +2227,9 @@ khcint_load_schema_i(khm_handle parent, const kconf_schema * schema, end_found = 1; if(end) *end = i; + LeaveCriticalSection(&cs_conf_global); khc_close_space(h); + EnterCriticalSection(&cs_conf_global); } break; @@ -2194,7 +2241,9 @@ khcint_load_schema_i(khm_handle parent, const kconf_schema * schema, end_found = 1; if(end) *end = i; + LeaveCriticalSection(&cs_conf_global); khc_close_space(h); + EnterCriticalSection(&cs_conf_global); } else { return KHM_ERROR_INVALID_PARAM; } @@ -2210,6 +2259,7 @@ khcint_load_schema_i(khm_handle parent, const kconf_schema * schema, return KHM_ERROR_SUCCESS; } +/* obtains cs_conf_handle/cs_conf_global */ KHMEXP khm_int32 KHMAPI khc_load_schema(khm_handle conf, const kconf_schema * schema) { @@ -2231,6 +2281,7 @@ khc_load_schema(khm_handle conf, const kconf_schema * schema) return rv; } +/* obtains cs_conf_handle/cs_conf_global; called with cs_conf_global */ khm_int32 khcint_unload_schema_i(khm_handle parent, const kconf_schema * schema, int begin, int * end) @@ -2245,8 +2296,12 @@ khcint_unload_schema_i(khm_handle parent, const kconf_schema * schema, while(!end_found) { switch(state) { case 0: /* initial. this record should start a config space */ - if(KHM_FAILED(khc_open_space(parent, schema[i].name, 0, &h))) + LeaveCriticalSection(&cs_conf_global); + if(KHM_FAILED(khc_open_space(parent, schema[i].name, 0, &h))) { + EnterCriticalSection(&cs_conf_global); return KHM_ERROR_INVALID_PARAM; + } + EnterCriticalSection(&cs_conf_global); thisconf = khc_space_from_handle(h); if(thisconf->schema == (schema + (begin + 1))) { thisconf->schema = NULL; @@ -2264,7 +2319,9 @@ khcint_unload_schema_i(khm_handle parent, const kconf_schema * schema, end_found = 1; if(end) *end = i; + LeaveCriticalSection(&cs_conf_global); khc_close_space(h); + EnterCriticalSection(&cs_conf_global); } break; @@ -2276,7 +2333,9 @@ khcint_unload_schema_i(khm_handle parent, const kconf_schema * schema, end_found = 1; if(end) *end = i; + LeaveCriticalSection(&cs_conf_global); khc_close_space(h); + EnterCriticalSection(&cs_conf_global); } else { return KHM_ERROR_INVALID_PARAM; } @@ -2292,6 +2351,7 @@ khcint_unload_schema_i(khm_handle parent, const kconf_schema * schema, return KHM_ERROR_SUCCESS; } +/* obtains cs_conf_handle/cs_conf_global */ KHMEXP khm_int32 KHMAPI khc_unload_schema(khm_handle conf, const kconf_schema * schema) { @@ -2313,6 +2373,7 @@ khc_unload_schema(khm_handle conf, const kconf_schema * schema) return rv; } +/* obtaincs cs_conf_handle/cs_conf_global */ KHMEXP khm_int32 KHMAPI khc_enum_subspaces(khm_handle conf, khm_handle prev, @@ -2420,6 +2481,7 @@ khc_enum_subspaces(khm_handle conf, return rv; } +/* obtains cs_conf_handle/cs_conf_global */ KHMEXP khm_int32 KHMAPI khc_write_multi_string(khm_handle conf, const wchar_t * value, wchar_t * buf) { @@ -2451,6 +2513,7 @@ khc_write_multi_string(khm_handle conf, const wchar_t * value, wchar_t * buf) return rv; } +/* obtains cs_conf_handle/cs_conf_global */ KHMEXP khm_int32 KHMAPI khc_read_multi_string(khm_handle conf, const wchar_t * value, wchar_t * buf, khm_size * bufsize) diff --git a/src/windows/identity/kcreddb/attrib.c b/src/windows/identity/kcreddb/attrib.c index 4e9d7bf34..9c892dafc 100644 --- a/src/windows/identity/kcreddb/attrib.c +++ b/src/windows/identity/kcreddb/attrib.c @@ -500,7 +500,7 @@ kcdb_attrib_exit(void) } KHMEXP khm_int32 KHMAPI -kcdb_attrib_get_id(wchar_t *name, khm_int32 * id) +kcdb_attrib_get_id(const wchar_t *name, khm_int32 * id) { kcdb_attrib_i * ai; @@ -521,7 +521,7 @@ kcdb_attrib_get_id(wchar_t *name, khm_int32 * id) } KHMEXP khm_int32 KHMAPI -kcdb_attrib_register(kcdb_attrib * attrib, khm_int32 * new_id) +kcdb_attrib_register(const kcdb_attrib * attrib, khm_int32 * new_id) { kcdb_attrib_i * ai; size_t cb_name; diff --git a/src/windows/identity/kcreddb/buf.c b/src/windows/identity/kcreddb/buf.c index 07a65a1b0..6272924e5 100644 --- a/src/windows/identity/kcreddb/buf.c +++ b/src/windows/identity/kcreddb/buf.c @@ -298,7 +298,7 @@ KHMEXP khm_int32 KHMAPI kcdb_buf_get_attr( KHMEXP khm_int32 KHMAPI kcdb_buf_get_attrib( khm_handle record, - wchar_t * attr_name, + const wchar_t * attr_name, khm_int32 * attr_type, void * buffer, khm_size * pcb_buf) @@ -328,7 +328,7 @@ KHMEXP khm_int32 KHMAPI kcdb_buf_get_attr_string( KHMEXP khm_int32 KHMAPI kcdb_buf_get_attrib_string( khm_handle record, - wchar_t * attr_name, + const wchar_t * attr_name, wchar_t * buffer, khm_size * pcbbuf, khm_int32 flags) @@ -357,7 +357,7 @@ KHMEXP khm_int32 KHMAPI kcdb_buf_set_attr( KHMEXP khm_int32 KHMAPI kcdb_buf_set_attrib( khm_handle record, - wchar_t * attr_name, + const wchar_t * attr_name, void * buffer, khm_size cbbuf) { diff --git a/src/windows/identity/kcreddb/credential.c b/src/windows/identity/kcreddb/credential.c index 98854dab4..12b8c5fc5 100644 --- a/src/windows/identity/kcreddb/credential.c +++ b/src/windows/identity/kcreddb/credential.c @@ -60,7 +60,7 @@ void kcdb_cred_exit(void) places with a read lock on l_creds. New credentials must be creatable while holding either lock. */ KHMEXP khm_int32 KHMAPI -kcdb_cred_create(wchar_t * name, +kcdb_cred_create(const wchar_t * name, khm_handle identity, khm_int32 cred_type, khm_handle * result) @@ -318,7 +318,7 @@ KHMEXP khm_int32 KHMAPI kcdb_cred_get_type( KHMEXP khm_int32 KHMAPI kcdb_cred_set_attrib( khm_handle cred, - wchar_t * name, + const wchar_t * name, void * buffer, khm_size cbbuf) { @@ -421,7 +421,7 @@ _exit: KHMEXP khm_int32 KHMAPI kcdb_cred_get_attrib( khm_handle cred, - wchar_t * name, + const wchar_t * name, khm_int32 * attr_type, void * buffer, khm_size * cbbuf) @@ -441,7 +441,7 @@ KHMEXP khm_int32 KHMAPI kcdb_cred_get_attrib( KHMEXP khm_int32 KHMAPI kcdb_cred_get_attrib_string( khm_handle cred, - wchar_t * name, + const wchar_t * name, wchar_t * buffer, khm_size * cbbuf, khm_int32 flags) @@ -812,7 +812,7 @@ _exit: KHMEXP khm_int32 KHMAPI kcdb_creds_comp_attrib(khm_handle cred1, khm_handle cred2, - wchar_t * name) + const wchar_t * name) { khm_int32 attr_id; diff --git a/src/windows/identity/kcreddb/credtype.c b/src/windows/identity/kcreddb/credtype.c index 89e0175f0..89bd26b85 100644 --- a/src/windows/identity/kcreddb/credtype.c +++ b/src/windows/identity/kcreddb/credtype.c @@ -73,7 +73,7 @@ void kcdb_credtype_check_and_delete(khm_int32 id) } KHMEXP khm_int32 KHMAPI -kcdb_credtype_register(kcdb_credtype * type, khm_int32 * new_id) +kcdb_credtype_register(const kcdb_credtype * type, khm_int32 * new_id) { khm_int32 id; kcdb_credtype_i * ict; @@ -330,7 +330,7 @@ KHMEXP khm_int32 KHMAPI kcdb_credtype_get_name( } KHMEXP khm_int32 KHMAPI kcdb_credtype_get_id( - wchar_t * name, + const wchar_t * name, khm_int32 * id) { int i; diff --git a/src/windows/identity/kcreddb/identity.c b/src/windows/identity/kcreddb/identity.c index 07ceb5812..15c36130f 100644 --- a/src/windows/identity/kcreddb/identity.c +++ b/src/windows/identity/kcreddb/identity.c @@ -570,8 +570,8 @@ kcdbint_ident_set_default(khm_handle vid, LeaveCriticalSection(&cs_ident); - if (invoke_identpro) - kcdbint_ident_post_message(KCDB_OP_NEW_DEFAULT, new_def); + /* if (invoke_identpro) */ + kcdbint_ident_post_message(KCDB_OP_NEW_DEFAULT, new_def); } else { LeaveCriticalSection(&cs_ident); } @@ -929,7 +929,7 @@ _exit: KHMEXP khm_int32 KHMAPI kcdb_identity_set_attrib(khm_handle vid, - wchar_t * attr_name, + const wchar_t * attr_name, void * buffer, khm_size cbbuf) { @@ -1025,7 +1025,7 @@ _exit: KHMEXP khm_int32 KHMAPI kcdb_identity_get_attrib(khm_handle vid, - wchar_t * attr_name, + const wchar_t * attr_name, khm_int32 * attr_type, void * buffer, khm_size * pcbbuf) @@ -1121,9 +1121,8 @@ _exit: } KHMEXP khm_int32 KHMAPI -kcdb_identity_get_attrib_string( - khm_handle vid, - wchar_t * attr_name, +kcdb_identity_get_attrib_string(khm_handle vid, + const wchar_t * attr_name, wchar_t * buffer, khm_size * pcbbuf, khm_int32 flags) diff --git a/src/windows/identity/kcreddb/kcreddb.h b/src/windows/identity/kcreddb/kcreddb.h index 33c5d168d..1b5d9b67c 100644 --- a/src/windows/identity/kcreddb/kcreddb.h +++ b/src/windows/identity/kcreddb/kcreddb.h @@ -504,9 +504,7 @@ kcdb_identity_set_default(khm_handle id); to notify the KCDB that the specified identity is the default. This does not result in the invocation of any other semantics to make the identity the default other than releasing the previous - defualt identity and making the specified one the default. As - an additional side effect, the notification <::KMSG_KCDB, - ::KMSG_KCDB_IDENT, ::KCDB_OP_NEW_DEFAULT> will also not be sent. + defualt identity and making the specified one the default. */ KHMEXP khm_int32 KHMAPI kcdb_identity_set_default_int(khm_handle id); @@ -640,7 +638,7 @@ kcdb_identity_set_attr(khm_handle identity, */ KHMEXP khm_int32 KHMAPI kcdb_identity_set_attrib(khm_handle identity, - wchar_t * attr_name, + const wchar_t * attr_name, void * buffer, khm_size cbbuf); @@ -686,7 +684,7 @@ kcdb_identity_get_attr(khm_handle identity, */ KHMEXP khm_int32 KHMAPI kcdb_identity_get_attrib(khm_handle identity, - wchar_t * attr_name, + const wchar_t * attr_name, khm_int32 * attr_type, void * buffer, khm_size * pcbbuf); @@ -751,7 +749,7 @@ kcdb_identity_get_attr_string(khm_handle identity, */ KHMEXP khm_int32 KHMAPI kcdb_identity_get_attrib_string(khm_handle identity, - wchar_t * attr_name, + const wchar_t * attr_name, wchar_t * buffer, khm_size * pcbbuf, khm_int32 flags); @@ -1611,7 +1609,7 @@ typedef struct tag_kcdb_cred_request { \see kcdb_cred_release() */ KHMEXP khm_int32 KHMAPI -kcdb_cred_create(wchar_t * name, +kcdb_cred_create(const wchar_t * name, khm_handle identity, khm_int32 cred_type, khm_handle * result); @@ -1641,13 +1639,18 @@ kcdb_cred_update(khm_handle vdest, /*! \brief Set an attribute in a credential by name + + \param[in] cbbuf Number of bytes of data in \a buffer. The individual data type handlers may copy in less than this many - bytes in to the credential. + bytes in to the credential. For some data types where the + size of the buffer is fixed or can be determined from its + contents, you can specify ::KCDB_CBSIZE_AUTO for this + parameter. */ KHMEXP khm_int32 KHMAPI kcdb_cred_set_attrib(khm_handle cred, - wchar_t * name, + const wchar_t * name, void * buffer, khm_size cbbuf); @@ -1686,7 +1689,7 @@ kcdb_cred_set_attr(khm_handle cred, */ KHMEXP khm_int32 KHMAPI kcdb_cred_get_attrib(khm_handle cred, - wchar_t * name, + const wchar_t * name, khm_int32 * attr_type, void * buffer, khm_size * cbbuf); @@ -1791,7 +1794,7 @@ kcdb_cred_get_attr_string(khm_handle vcred, */ KHMEXP khm_int32 KHMAPI kcdb_cred_get_attrib_string(khm_handle cred, - wchar_t * name, + const wchar_t * name, wchar_t * buffer, khm_size * cbbuf, khm_int32 flags) ; @@ -1904,7 +1907,7 @@ kcdb_cred_delete(khm_handle cred); KHMEXP khm_int32 KHMAPI kcdb_creds_comp_attrib(khm_handle cred1, khm_handle cred2, - wchar_t * name); + const wchar_t * name); /*! \brief Compare an attribute of two credentials by attribute id. @@ -2219,7 +2222,7 @@ typedef struct tag_kcdb_type { /*@}*/ KHMEXP khm_int32 KHMAPI -kcdb_type_get_id(wchar_t *name, khm_int32 * id); +kcdb_type_get_id(const wchar_t *name, khm_int32 * id); /*! \brief Return the type descriptor for a given type id @@ -2262,7 +2265,7 @@ kcdb_type_get_name(khm_int32 id, \param[out] new_id Receives the identifier for the credential attribute type. */ KHMEXP khm_int32 KHMAPI -kcdb_type_register(kcdb_type * type, +kcdb_type_register(const kcdb_type * type, khm_int32 * new_id); /*! \brief Unregister a credential attribute type @@ -2422,12 +2425,48 @@ UnicodeStrToAnsi( char * dest, size_t cbdest, const wchar_t * src); */ #define KCDB_TYPE_ALL KCDB_TYPE_INVALID +/*! \brief Void + + No data. This is not an actual data type. + */ #define KCDB_TYPE_VOID 0 + +/*! \brief String + + NULL terminated Unicode string. The byte count for a string + attribute always includes the terminating NULL. + */ #define KCDB_TYPE_STRING 1 + +/*! \brief Data + + A date/time represented in FILETIME format. + */ #define KCDB_TYPE_DATE 2 + +/*! \brief Interval + + An interval of time represented as the difference between two + FILETIME values. + */ #define KCDB_TYPE_INTERVAL 3 + +/*! \brief 32-bit integer + + A 32-bit signed integer. + */ #define KCDB_TYPE_INT32 4 + +/*! \brief 64-bit integer + + A 64-bit integer. + */ #define KCDB_TYPE_INT64 5 + +/*! \brief Raw data + + A raw data buffer. + */ #define KCDB_TYPE_DATA 6 #define KCDB_TYPENAME_VOID L"Void" @@ -2509,7 +2548,7 @@ typedef struct tag_kcdb_attrib { /*! \brief Retrieve the ID of a named attribute */ KHMEXP khm_int32 KHMAPI -kcdb_attrib_get_id(wchar_t *name, +kcdb_attrib_get_id(const wchar_t *name, khm_int32 * id); /*! \brief Register an attribute @@ -2518,7 +2557,7 @@ kcdb_attrib_get_id(wchar_t *name, attribute. If the \a id member of the ::kcdb_attrib object is set to KCDB_ATTR_INVALID, then a unique ID is generated. */ KHMEXP khm_int32 KHMAPI -kcdb_attrib_register(kcdb_attrib * attrib, +kcdb_attrib_register(const kcdb_attrib * attrib, khm_int32 * new_id); /*! \brief Retrieve the attribute descriptor for an attribute @@ -2974,7 +3013,7 @@ typedef struct tag_kcdb_credtype { specified is already in use. */ KHMEXP khm_int32 KHMAPI -kcdb_credtype_register(kcdb_credtype * type, +kcdb_credtype_register(const kcdb_credtype * type, khm_int32 * new_id); /*! \brief Return a held reference to a \a kcdb_credtype object describing the credential type. @@ -3093,7 +3132,7 @@ kcdb_credtype_describe(khm_int32 id, */ KHMEXP khm_int32 KHMAPI -kcdb_credtype_get_id(wchar_t * name, +kcdb_credtype_get_id(const wchar_t * name, khm_int32 * id); /*@}*/ @@ -3155,7 +3194,7 @@ kcdb_buf_get_attr(khm_handle record, */ KHMEXP khm_int32 KHMAPI kcdb_buf_get_attrib(khm_handle record, - wchar_t * attr_name, + const wchar_t * attr_name, khm_int32 * attr_type, void * buffer, khm_size * pcb_buf); @@ -3220,7 +3259,7 @@ kcdb_buf_get_attr_string(khm_handle record, */ KHMEXP khm_int32 KHMAPI kcdb_buf_get_attrib_string(khm_handle record, - wchar_t * attr_name, + const wchar_t * attr_name, wchar_t * buffer, khm_size * pcbbuf, khm_int32 flags); @@ -3245,7 +3284,7 @@ kcdb_buf_set_attr(khm_handle record, */ KHMEXP khm_int32 KHMAPI kcdb_buf_set_attrib(khm_handle record, - wchar_t * attr_name, + const wchar_t * attr_name, void * buffer, khm_size cbbuf); diff --git a/src/windows/identity/kcreddb/type.c b/src/windows/identity/kcreddb/type.c index c1215f583..48630b5fd 100644 --- a/src/windows/identity/kcreddb/type.c +++ b/src/windows/identity/kcreddb/type.c @@ -679,8 +679,11 @@ khm_boolean KHMAPI kcdb_type_data_isValid( const void * d, khm_size cbd) { - /* data is always valid, even if d is NULL */ - return TRUE; + /* data is always valid */ + if (cbd != 0 && d == NULL) + return FALSE; + else + return TRUE; } khm_int32 KHMAPI kcdb_type_data_comp( @@ -689,8 +692,21 @@ khm_int32 KHMAPI kcdb_type_data_comp( const void * d2, khm_size cbd2) { - /* datas can not be compared */ - return 0; + khm_size pref; + khm_int32 rv = 0; + + pref = min(cbd1, cbd2); + + if (pref == 0) + return (cbd1 < cbd2)? -1 : ((cbd1 > cbd2)? 1 : 0); + + rv = memcmp(d1, d2, pref); + + if (rv == 0) { + return (cbd1 < cbd2)? -1 : ((cbd1 > cbd2)? 1 : 0); + } else { + return rv; + } } khm_int32 KHMAPI kcdb_type_data_dup( @@ -699,14 +715,14 @@ khm_int32 KHMAPI kcdb_type_data_dup( void * d_dst, khm_size * cbd_dst) { - if(!cbd_dst) + if(!cbd_dst || cbd_src == KCDB_CBSIZE_AUTO) return KHM_ERROR_INVALID_PARAM; - *cbd_dst = cbd_src; - if(!d_dst || *cbd_dst < cbd_src) { + *cbd_dst = cbd_src; return KHM_ERROR_TOO_LONG; } else { + *cbd_dst = cbd_src; memcpy(d_dst, d_src, cbd_src); return KHM_ERROR_SUCCESS; } @@ -889,7 +905,7 @@ void kcdb_type_check_and_delete(khm_int32 id) LeaveCriticalSection(&cs_type); } -KHMEXP khm_int32 KHMAPI kcdb_type_get_id(wchar_t *name, khm_int32 * id) +KHMEXP khm_int32 KHMAPI kcdb_type_get_id(const wchar_t *name, khm_int32 * id) { kcdb_type_i * t; size_t cbsize; @@ -968,7 +984,7 @@ KHMEXP khm_int32 KHMAPI kcdb_type_get_name(khm_int32 id, wchar_t * buffer, khm_s return KHM_ERROR_SUCCESS; } -KHMEXP khm_int32 KHMAPI kcdb_type_register(kcdb_type * type, khm_int32 * new_id) +KHMEXP khm_int32 KHMAPI kcdb_type_register(const kcdb_type * type, khm_int32 * new_id) { kcdb_type_i *t; size_t cbsize; diff --git a/src/windows/identity/plugins/krb4/krb4configdlg.c b/src/windows/identity/plugins/krb4/krb4configdlg.c index 3186633c4..6c2b02d43 100644 --- a/src/windows/identity/plugins/krb4/krb4configdlg.c +++ b/src/windows/identity/plugins/krb4/krb4configdlg.c @@ -280,7 +280,7 @@ krb4_id_config_proc(HWND hwnd, khc_close_space(csp_ident); if (csp_idk4) - khc_close_space(csp_ident); + khc_close_space(csp_idk4); khui_cfg_set_flags_inst(d, ((applied)? KHUI_CNFLAG_APPLIED: 0), diff --git a/src/windows/identity/plugins/krb4/krbcred.h b/src/windows/identity/plugins/krb4/krbcred.h index f31c4a4d3..7c3b31a13 100644 --- a/src/windows/identity/plugins/krb4/krbcred.h +++ b/src/windows/identity/plugins/krb4/krbcred.h @@ -29,7 +29,7 @@ #include -#define KHERR_FACILITY L"Kerberos4" +#define KHERR_FACILITY L"Krb4Cred" #define KHERR_FACILITY_ID 65 #define KHERR_HMODULE hResModule diff --git a/src/windows/identity/plugins/krb5/errorfuncs.c b/src/windows/identity/plugins/krb5/errorfuncs.c index d2fabbad4..f631b3c0c 100644 --- a/src/windows/identity/plugins/krb5/errorfuncs.c +++ b/src/windows/identity/plugins/krb5/errorfuncs.c @@ -77,12 +77,20 @@ void khm_err_describe(long code, wchar_t * buf, khm_size cbbuf, *suggestion = 0; *suggest_code = KHERR_SUGGEST_NONE; + if (WSABASEERR <= code && code < (WSABASEERR + 1064)) { + /* winsock error */ + table_num = WSABASEERR; + offset = code - WSABASEERR; + } + switch(table_num) { case krb_err_base: case kadm_err_base: + case WSABASEERR: break; default: + if (code == KRB5KRB_AP_ERR_BAD_INTEGRITY) { *suggestion = MSG_ERR_S_INTEGRITY; } @@ -91,9 +99,8 @@ void khm_err_describe(long code, wchar_t * buf, khm_size cbbuf, return; } - if (table_num == krb_err_base) - switch(offset) - { + if (table_num == krb_err_base) { + switch(offset) { case KDC_NAME_EXP: /* 001 Principal expired */ case KDC_SERVICE_EXP: /* 002 Service expired */ case KDC_AUTH_EXP: /* 003 Auth expired */ @@ -170,9 +177,8 @@ void khm_err_describe(long code, wchar_t * buf, khm_size cbbuf, /* no extra error msg */ break; } - else - switch(code) - { + } else if (table_num == kadm_err_base) { + switch(code) { case KADM_INSECURE_PW: /* if( kadm_info != NULL ){ * wsprintf(buf, "%s\n%s", com_err_msg, kadm_info); @@ -198,6 +204,34 @@ void khm_err_describe(long code, wchar_t * buf, khm_size cbbuf, /* no extra error msg */ break; } + } else if (table_num == WSABASEERR) { + switch(code) { + case WSAENETDOWN: + msg_id = MSG_ERR_NETDOWN; + sugg_id = MSG_ERR_S_NETRETRY; + sugg_code = KHERR_SUGGEST_RETRY; + break; + + case WSATRY_AGAIN: + msg_id = MSG_ERR_TEMPDOWN; + sugg_id = MSG_ERR_S_TEMPDOWN; + sugg_code = KHERR_SUGGEST_RETRY; + break; + + case WSAENETUNREACH: + case WSAENETRESET: + case WSAECONNABORTED: + case WSAECONNRESET: + case WSAETIMEDOUT: + case WSAECONNREFUSED: + case WSAEHOSTDOWN: + case WSAEHOSTUNREACH: + msg_id = MSG_ERR_NOHOST; + sugg_id = MSG_ERR_S_NOHOST; + sugg_code = KHERR_SUGGEST_RETRY; + break; + } + } if (msg_id != 0) { FormatMessage(FORMAT_MESSAGE_FROM_HMODULE | diff --git a/src/windows/identity/plugins/krb5/krb5funcs.c b/src/windows/identity/plugins/krb5/krb5funcs.c index 316263119..7db09526d 100644 --- a/src/windows/identity/plugins/krb5/krb5funcs.c +++ b/src/windows/identity/plugins/krb5/krb5funcs.c @@ -2056,7 +2056,7 @@ khm_krb5_changepwd(char * principal, char** error_str) { krb5_error_code rc = 0; - int result_code; + int result_code = 0; krb5_data result_code_string, result_string; krb5_context context = 0; krb5_principal princ = 0; diff --git a/src/windows/identity/plugins/krb5/krb5identpro.c b/src/windows/identity/plugins/krb5/krb5identpro.c index b263e6bf3..11a7410b1 100644 --- a/src/windows/identity/plugins/krb5/krb5identpro.c +++ b/src/windows/identity/plugins/krb5/krb5identpro.c @@ -49,15 +49,52 @@ typedef struct tag_k5_new_cred_data { HWND hw_realm; } k5_new_cred_data; +static +void +trim_str(wchar_t * s, khm_size cch) { + wchar_t * c, * last_ws; + + for (c = s; *c && iswspace(*c) && ((khm_size)(c - s)) < cch; c++); + + if (((khm_size)(c - s)) >= cch) + return; + + if (c != s && ((khm_size)(c - s)) < cch) { +#if _MSC_VER >= 1400 + wmemmove_s(s, cch, c, cch - ((khm_size)(c - s))); +#else + memmove(s, c, (cch - ((khm_size)(c - s))) * sizeof(wchar_t)); +#endif + } + + last_ws = NULL; + for (c = s; *c && ((khm_size)(c - s)) < cch; c++) { + if (!iswspace(*c)) + last_ws = NULL; + else if (last_ws == NULL) + last_ws = c; + } + + if (last_ws) + *last_ws = L'\0'; +} + /* Runs in the UI thread */ int k5_get_realm_from_nc(khui_new_creds * nc, wchar_t * buf, khm_size cch_buf) { k5_new_cred_data * d; + khm_size s; d = (k5_new_cred_data *) nc->ident_aux; - return GetWindowText(d->hw_realm, buf, (int) cch_buf); + buf[0] = L'\0'; + GetWindowText(d->hw_realm, buf, (int) cch_buf); + trim_str(buf, cch_buf); + + StringCchLength(buf, cch_buf, &s); + + return (int) s; } /* set the primary identity of a new credentials dialog depending on @@ -83,6 +120,7 @@ set_identity_from_ui(khui_new_creds * nc, assert(cch < KCDB_IDENT_MAXCCH_NAME - 1); GetWindowText(d->hw_username, un, ARRAYLENGTH(un)); + trim_str(un, ARRAYLENGTH(un)); realm = khm_get_realm_from_princ(un); if (realm) /* realm was specified */ @@ -113,6 +151,7 @@ set_identity_from_ui(khui_new_creds * nc, } GetWindowText(d->hw_realm, realm, (int) cch_left); + trim_str(realm, cch_left); _set_ident: if (KHM_FAILED(rv = kcdb_identity_create(un, @@ -183,6 +222,7 @@ update_crossfeed(khui_new_creds * nc, GetWindowText(d->hw_username, un, ARRAYLENGTH(un)); + trim_str(un, ARRAYLENGTH(un)); un_realm = khm_get_realm_from_princ(un); @@ -246,6 +286,7 @@ update_crossfeed(khui_new_creds * nc, GetWindowText(d->hw_realm, realm, ARRAYLENGTH(realm)); + trim_str(realm, ARRAYLENGTH(realm)); idx = (int)SendMessage(d->hw_realm, CB_FINDSTRINGEXACT, diff --git a/src/windows/identity/plugins/krb5/krb5main.c b/src/windows/identity/plugins/krb5/krb5main.c index 97ef85ee9..f1b7f0549 100644 --- a/src/windows/identity/plugins/krb5/krb5main.c +++ b/src/windows/identity/plugins/krb5/krb5main.c @@ -30,7 +30,7 @@ kmm_module h_khModule; /* KMM's handle to this module */ HINSTANCE hInstance; HMODULE hResModule; /* HMODULE to the resource library */ -const wchar_t * k5_facility = L"Krb5"; +const wchar_t * k5_facility = L"Krb5Cred"; khm_int32 type_id_enctype = -1; khm_int32 type_id_addr_list = -1; diff --git a/src/windows/identity/plugins/krb5/krb5newcreds.c b/src/windows/identity/plugins/krb5/krb5newcreds.c index 179ec4ede..db9462eb6 100644 --- a/src/windows/identity/plugins/krb5/krb5newcreds.c +++ b/src/windows/identity/plugins/krb5/krb5newcreds.c @@ -55,6 +55,7 @@ typedef struct k5_dlg_data_t { wchar_t * cred_message; /* overrides the credential text, if non-NULL */ + BOOL pwd_change; /* force a password change */ } k5_dlg_data; @@ -186,6 +187,56 @@ k5_handle_wmnc_notify(HWND hwnd, } break; + case WMNC_CREDTEXT_LINK: + { + k5_dlg_data * d; + khui_htwnd_link * l; + khui_new_creds * nc; + wchar_t linktext[128]; + + d = (k5_dlg_data *)(LONG_PTR) + GetWindowLongPtr(hwnd, DWLP_USER); + nc = d->nc; + l = (khui_htwnd_link *) lParam; + + if (!l) + break; + + StringCchCopyN(linktext, ARRAYLENGTH(linktext), + l->id, l->id_len); + + if (!wcscmp(linktext, L"Krb5Cred:!Passwd")) { + /* we are turning this dialog into a change password dialog... */ + wchar_t wbuf[KHUI_MAXCCH_BANNER]; + + khui_cw_clear_prompts(nc); + + LoadString(hResModule, IDS_NC_PWD_BANNER, + wbuf, ARRAYLENGTH(wbuf)); + khui_cw_begin_custom_prompts(nc, 3, NULL, wbuf); + + LoadString(hResModule, IDS_NC_PWD_PWD, + wbuf, ARRAYLENGTH(wbuf)); + khui_cw_add_prompt(nc, KHUI_NCPROMPT_TYPE_PASSWORD, + wbuf, NULL, KHUI_NCPROMPT_FLAG_HIDDEN); + + LoadString(hResModule, IDS_NC_PWD_NPWD, + wbuf, ARRAYLENGTH(wbuf)); + khui_cw_add_prompt(nc, KHUI_NCPROMPT_TYPE_NEW_PASSWORD, + wbuf, NULL, KHUI_NCPROMPT_FLAG_HIDDEN); + + LoadString(hResModule, IDS_NC_PWD_NPWD_AGAIN, + wbuf, ARRAYLENGTH(wbuf)); + khui_cw_add_prompt(nc, KHUI_NCPROMPT_TYPE_NEW_PASSWORD_AGAIN, + wbuf, NULL, KHUI_NCPROMPT_FLAG_HIDDEN); + + d->pwd_change = TRUE; + + return TRUE; + } + } + break; + case WMNC_UPDATE_CREDTEXT: { k5_dlg_data * d; @@ -215,7 +266,8 @@ k5_handle_wmnc_notify(HWND hwnd, KHM_SUCCEEDED(kcdb_identity_get_flags(nc->identities[0], &flags)) && (flags & KCDB_IDENT_FLAG_VALID) && - nc->subtype == KMSG_CRED_NEW_CREDS) { + nc->subtype == KMSG_CRED_NEW_CREDS && + !d->pwd_change) { if (is_k5_identpro) k5_get_realm_from_nc(nc, tbuf, ARRAYLENGTH(tbuf)); @@ -237,7 +289,8 @@ k5_handle_wmnc_notify(HWND hwnd, StringCbCopy(nct->credtext, cbsize, sbuf); } else if (nc->n_identities > 0 && - nc->subtype == KMSG_CRED_PASSWORD) { + (nc->subtype == KMSG_CRED_PASSWORD || + (nc->subtype == KMSG_CRED_NEW_CREDS && d->pwd_change))) { cbsize = sizeof(tbuf); kcdb_identity_get_name(nc->identities[0], tbuf, &cbsize); @@ -630,6 +683,9 @@ k5_cached_kinit_prompter(void) { khm_size n_cur_prompts; khm_int32 n_prompts; khm_int32 i; + khm_int64 iexpiry; + FILETIME expiry; + FILETIME current; #ifdef DEBUG assert(g_fjob.nc); @@ -656,6 +712,30 @@ k5_cached_kinit_prompter(void) { goto _cleanup; + if (KHM_SUCCEEDED(khc_read_int64(csp_prcache, L"ExpiresOn", &iexpiry))) { + /* has the cache expired? */ + expiry = IntToFt(iexpiry); + GetSystemTimeAsFileTime(¤t); + + if (CompareFileTime(&expiry, ¤t) < 0) + /* already expired */ + goto _cleanup; + } else { + FILETIME lifetime; + khm_int32 t; + + /* make the cache expire at some point */ + GetSystemTimeAsFileTime(¤t); + khc_read_int32(csp_params, L"PromptCacheLifetime", &t); + if (t == 0) + t = 172800; /* 48 hours */ + TimetToFileTimeInterval(t, &lifetime); + expiry = FtAdd(¤t, &lifetime); + iexpiry = FtToInt(&expiry); + + khc_write_int64(csp_prcache, L"ExpiresOn", iexpiry); + } + /* we found a prompt cache. We take this to imply that the principal is valid. */ g_fjob.valid_principal = TRUE; @@ -968,6 +1048,11 @@ k5_kinit_prompter(krb5_context context, { wchar_t wbanner[KHUI_MAXCCH_BANNER]; wchar_t wname[KHUI_MAXCCH_PNAME]; + FILETIME current; + FILETIME lifetime; + FILETIME expiry; + khm_int64 iexpiry; + khm_int32 t = 0; if(banner) AnsiStrToUnicode(wbanner, sizeof(wbanner), banner); @@ -982,28 +1067,40 @@ k5_kinit_prompter(krb5_context context, (banner)?wbanner:NULL, (name)?wname:NULL); - if (banner && csp_prcache) - khc_write_string(csp_prcache, - L"Banner", - wbanner); - else if (csp_prcache) - khc_write_string(csp_prcache, - L"Banner", - L""); + if (csp_prcache) { - if (name && csp_prcache) - khc_write_string(csp_prcache, - L"Name", - wname); - else if (csp_prcache) - khc_write_string(csp_prcache, - L"Name", - L""); + if (banner) + khc_write_string(csp_prcache, + L"Banner", + wbanner); + else + khc_write_string(csp_prcache, + L"Banner", + L""); + + if (name) + khc_write_string(csp_prcache, + L"Name", + wname); + else if (csp_prcache) + khc_write_string(csp_prcache, + L"Name", + L""); - if (csp_prcache) khc_write_int32(csp_prcache, L"PromptCount", (khm_int32) num_prompts); + + GetSystemTimeAsFileTime(¤t); + khc_read_int32(csp_params, L"PromptCacheLifetime", &t); + if (t == 0) + t = 172800; /* 48 hours */ + TimetToFileTimeInterval(t, &lifetime); + expiry = FtAdd(¤t, &lifetime); + iexpiry = FtToInt(&expiry); + + khc_write_int64(csp_prcache, L"ExpiresOn", iexpiry); + } } for(i=0; i < num_prompts; i++) { @@ -1757,6 +1854,10 @@ k5_msg_cred_dialog(khm_int32 msg_type, } khui_cw_unlock_nc(nc); + + /* reset the force-password-change flag if this is a new + identity. */ + d->pwd_change = FALSE; } /* fallthrough */ @@ -1950,6 +2051,11 @@ k5_msg_cred_dialog(khm_int32 msg_type, if (nc->subtype == KMSG_CRED_NEW_CREDS) { d = (k5_dlg_data *) nct->aux; + if (d->pwd_change) { + /* we are forcing a password change */ + goto change_password; + } + _begin_task(0); _report_mr0(KHERR_NONE, MSG_CTX_INITAL_CREDS); _describe(); @@ -2259,6 +2365,9 @@ k5_msg_cred_dialog(khm_int32 msg_type, } else if (nc->subtype == KMSG_CRED_PASSWORD && nc->result == KHUI_NC_RESULT_PROCESS) { + change_password: + /* we jump here if there was a password change forced */ + _begin_task(0); _report_mr0(KHERR_NONE, MSG_CTX_PASSWD); _describe(); @@ -2360,6 +2469,74 @@ k5_msg_cred_dialog(khm_int32 msg_type, if (code) rv = KHM_ERROR_UNKNOWN; + else if (nc->subtype == KMSG_CRED_NEW_CREDS) { + khm_handle csp_idcfg = NULL; + krb5_context ctx = NULL; + + /* we forced a password change. now we need + to get the initial credentials. */ + + d = (k5_dlg_data *) nct->aux; + + if (d == NULL) { + rv = KHM_ERROR_UNKNOWN; + goto _pwd_exit; + } + + code = khm_krb5_kinit(NULL, /* context (create one) */ + idname, /* principal_name */ + npwd, /* password */ + NULL, /* ccache name (figure out the identity cc)*/ + (krb5_deltat) d->tc_lifetime.current, + d->forwardable, + d->proxiable, + (krb5_deltat)((d->renewable)?d->tc_renew.current:0), + d->addressless, /* addressless */ + d->publicIP, /* public IP */ + NULL, /* prompter */ + NULL /* prompter data */); + + if (code) { + rv = KHM_ERROR_UNKNOWN; + goto _pwd_exit; + } + + /* save the settings that we used for + obtaining the ticket. */ + if (KHM_SUCCEEDED + (k5_open_config_handle(nc->identities[0], + KHM_FLAG_CREATE | + KCONF_FLAG_WRITEIFMOD, + &csp_idcfg))) { + k5_write_dlg_params(csp_idcfg, d); + khc_close_space(csp_idcfg); + } + + /* and do a quick refresh of the krb5 tickets + so that other plug-ins that depend on krb5 + can look up tickets inside NetIDMgr */ + khm_krb5_list_tickets(&ctx); + + /* if there was no default identity, we make + this one the default. */ + kcdb_identity_refresh(nc->identities[0]); + { + khm_handle tdefault = NULL; + + if (KHM_SUCCEEDED(kcdb_identity_get_default(&tdefault))) { + kcdb_identity_release(tdefault); + } else { + _reportf(L"There was no default identity. Setting defualt"); + kcdb_identity_set_default(nc->identities[0]); + } + } + + /* and then update the LRU too */ + k5_update_LRU(nc->identities[0]); + + if (ctx != NULL) + pkrb5_free_context(ctx); + } /* result is only set when code != 0 */ if (code && result) { diff --git a/src/windows/identity/plugins/krb5/krbconfig.csv b/src/windows/identity/plugins/krb5/krbconfig.csv index b6754409e..205cbcb42 100644 --- a/src/windows/identity/plugins/krb5/krbconfig.csv +++ b/src/windows/identity/plugins/krb5/krbconfig.csv @@ -25,11 +25,13 @@ Krb5Cred,KC_SPACE,0,Kerberos V Credentials Provider LRURealms,KC_STRING,, LRUPrincipals,KC_STRING,, LastDefaultIdent,KC_STRING,,Last known default identity + PromptCacheLifetime,KC_INT32,172800,Lifetime of the prompt cache in seconds DefaultCCName,KC_STRING,,Default CC name (only per identity) PromptCache,KC_SPACE,0,Cache of prompts (only per identity) Name,KC_STRING,, Banner,KC_STRING,, PromptCount,KC_INT32,0, + ExpiresOn,KC_INT64,0,FILETIME of when the prompt cache is set to expire (n),KC_SPACE,0,Parameters for each prompt Prompt,KC_STRING,, Type,KC_INT32,0, diff --git a/src/windows/identity/plugins/krb5/lang/en_us/langres.rc b/src/windows/identity/plugins/krb5/lang/en_us/langres.rc index aab909050..54f3ed787 100644 --- a/src/windows/identity/plugins/krb5/lang/en_us/langres.rc +++ b/src/windows/identity/plugins/krb5/lang/en_us/langres.rc @@ -382,7 +382,7 @@ BEGIN IDS_NC_REALM "Realm" IDS_KRB5_WARNING "Kerberos 5 Warning" IDS_K5ERR_NAME_EXPIRED "

Krb5: The selected principal name has expired.

Please contact your system administrator.

" - IDS_K5ERR_KEY_EXPIRED "

Krb5: The password for the selected identity has expired.

Click here to change the password

" + IDS_K5ERR_KEY_EXPIRED "

Krb5: The password for the selected identity has expired.

Click here to change the password

" IDS_KRB5_WARN_FMT "Kerberos 5: %s\n\n%s" IDS_K5ERR_FMT "

Krb5: %s

" IDS_K5CFG_SHORT_DESC "Kerberos 5" diff --git a/src/windows/identity/plugins/krb5/lang/krb5_msgs.mc b/src/windows/identity/plugins/krb5/lang/krb5_msgs.mc index 01e01761f..cadc66626 100644 --- a/src/windows/identity/plugins/krb5/lang/krb5_msgs.mc +++ b/src/windows/identity/plugins/krb5/lang/krb5_msgs.mc @@ -157,6 +157,42 @@ Language=English Destroying Krb5 tickets . +MessageId= +SymbolicName=MSG_ERR_NETDOWN +Language=English +A network connection is unavailable +. + +MessageId= +SymbolicName=MSG_ERR_S_NETRETRY +Language=English +Please check your network connection or contact your network administrator for assistance. +. + +MessageId= +SymbolicName=MSG_ERR_TEMPDOWN +Language=English +A temporary network error caused the operation to fail +. + +MessageId= +SymbolicName=MSG_ERR_S_TEMPDOWN +Language=English +Please try again in a few minutes +. + +MessageId= +SymbolicName=MSG_ERR_NOHOST +Language=English +A server could not be reached +. + +MessageId= +SymbolicName=MSG_ERR_S_NOHOST +Language=English +This can be caused by the server being unavailable, network errors, or improper configuration. Please try again or contact your administrator for assistance. +. + MessageId= SymbolicName=MSG_ Language=English diff --git a/src/windows/identity/sample/templates/credprov/Makefile b/src/windows/identity/sample/templates/credprov/Makefile index e53621059..b9400105a 100644 --- a/src/windows/identity/sample/templates/credprov/Makefile +++ b/src/windows/identity/sample/templates/credprov/Makefile @@ -110,8 +110,8 @@ MC=mc # Lots more macros -incflags = -I$(NIDMINCDIR) -I$(OBJ) -I. -rincflags = /i $(NIDMINCDIR) /i $(OBJ) /i . +incflags = -I"$(NIDMINCDIR)" -I"$(OBJ)" -I. +rincflags = /i "$(NIDMINCDIR)" /i "$(OBJ)" /i . ldebug = $(ldebug) /DEBUG cdebug = $(cdebug) -Os -Zi @@ -120,13 +120,13 @@ cdefines = $(cdefines) -DUNICODE -D_UNICODE C2OBJ=$(CC) $(cdebug) $(cflags) $(incflags) $(cdefines) /Fo"$@" /c $** -DLLGUILINK=$(LINK) /NOLOGO $(ldebug) $(dlllflags) $(guilibsmt) /OUT:$@ /IMPLIB:$(DEST)\$(@B).lib $** +DLLGUILINK=$(LINK) /NOLOGO $(ldebug) $(dlllflags) $(guilibsmt) /OUT:"$@" /IMPLIB:$(DEST)\$(@B).lib $** -DLLRESLINK=$(LINK) /NOLOGO /DLL /NOENTRY /MACHINE:$(PROCESSOR_ARCHITECTURE) /OUT:$@ $** +DLLRESLINK=$(LINK) /NOLOGO /DLL /NOENTRY /MACHINE:$(PROCESSOR_ARCHITECTURE) /OUT:"$@" $** -RC2RES=$(RC) $(RFLAGS) $(rincflags) /fo $@ $** +RC2RES=$(RC) $(RFLAGS) $(rincflags) /fo "$@" $** -MC2RC=$(MC) $(MCFLAGS) -h $(OBJ)\ -m 1024 -r $(OBJ)\ -x $(OBJ)\ $** +MC2RC=$(MC) $(MCFLAGS) -h "$(OBJ)\" -m 1024 -r "$(OBJ)\" -x "$(OBJ)\" $** {}.c{$(OBJ)}.obj: $(C2OBJ) @@ -139,15 +139,15 @@ MC2RC=$(MC) $(MCFLAGS) -h $(OBJ)\ -m 1024 -r $(OBJ)\ -x $(OBJ)\ $** mkdirs:: !if !exist($(DEST)) - $(MKDIR) $(DEST) + $(MKDIR) "$(DEST)" !endif !if !exist($(OBJ)) - $(MKDIR) $(OBJ) + $(MKDIR) "$(OBJ)" !endif clean:: - $(RM) $(OBJ)\*.* - $(RM) $(DEST)\*.* + $(RM) "$(OBJ)\*.*" + $(RM) "$(DEST)\*.*" .SUFFIXES: .h @@ -169,7 +169,7 @@ MT=mt.exe -nologo !endif _VC_MANIFEST_EMBED_EXE= \ -if exist $@.manifest $(MT) -outputresource:$@;1 -manifest $@.manifest +if exist "$@.manifest" $(MT) -outputresource:"$@";1 -manifest "$@.manifest" _VC_MANIFEST_EMBED_DLL=$(_VC_MANIFEST_EMBED_EXE) @@ -179,7 +179,7 @@ _VC_MANIFEST_EMBED_DLL=$(_VC_MANIFEST_EMBED_EXE) # embedded manifest will be used. Otherwise the $@.manifest file will # be used. _VC_MANIFEST_CLEAN= \ -if exist $@.manifest $(RM) $@.manifest +if exist "$@.manifest" $(RM) "$@.manifest" # End of manifest handling @@ -189,7 +189,7 @@ if exist $@.manifest $(RM) $@.manifest DLL=$(DEST)\$(DLLBASENAME).dll LIBFILES= \ - $(NIDMLIBDIR)\nidmgr32.lib + "$(NIDMLIBDIR)\nidmgr32.lib" OBJFILES= \ $(OBJ)\credacq.obj \ @@ -208,7 +208,7 @@ CONFIGHEADER=$(OBJ)\credacq_config.h all: mkdirs $(CONFIGHEADER) $(DLL) lang $(CONFIGHEADER): Makefile - $(CP) << $@ + $(CP) << "$@" /* This is a generated file. Do not modify directly. */ #pragma once diff --git a/src/windows/identity/ui/aboutwnd.c b/src/windows/identity/ui/aboutwnd.c index 242b1c589..f4dcfcc5e 100644 --- a/src/windows/identity/ui/aboutwnd.c +++ b/src/windows/identity/ui/aboutwnd.c @@ -46,8 +46,11 @@ about_dlg_proc(HWND hwnd, SetDlgItemText(hwnd, IDC_PRODUCT, TEXT(KH_VERSTR_PRODUCT_1033)); + /* retain the original copyright strings */ +#ifdef OVERRIDE_COPYRIGHT SetDlgItemText(hwnd, IDC_COPYRIGHT, TEXT(KH_VERSTR_COPYRIGHT_1033)); +#endif SetDlgItemText(hwnd, IDC_BUILDINFO, TEXT(KH_VERSTR_BUILDINFO_1033)); diff --git a/src/windows/identity/ui/credfuncs.c b/src/windows/identity/ui/credfuncs.c index 937e82ff9..d695afead 100644 --- a/src/windows/identity/ui/credfuncs.c +++ b/src/windows/identity/ui/credfuncs.c @@ -227,6 +227,9 @@ kmsg_cred_completion(kmq_message *m) if there's more */ nc = (khui_new_creds *) m->vparam; + /* if we are done processing all the plug-ins, then check if + there were any errors reported. Otherwise we dispatch + another set of messages. */ if(!khm_cred_dispatch_process_level(nc)) { if(kherr_is_error()) { @@ -238,39 +241,102 @@ kmsg_cred_completion(kmq_message *m) wchar_t ws_title[ARRAYLENGTH(ws_tfmt) + KCDB_IDENT_MAXCCH_NAME]; khm_size cb; + /* For renewals, we suppress the error message for the + following case: + + - The renewal was for an identity + + - There are no identity credentials for the + identity (no credentials that have the same type + as the identity provider). */ + + if (nc->subtype == KMSG_CRED_RENEW_CREDS && + nc->ctx.scope == KHUI_SCOPE_IDENT && + nc->ctx.identity != NULL) { + khm_handle tcs = NULL; /* credential set */ + khm_size count = 0; + khm_int32 id_ctype = KCDB_CREDTYPE_INVALID; + khm_int32 delta = 0; + + kcdb_identity_get_type(&id_ctype); + kcdb_credset_create(&tcs); + kcdb_credset_collect(tcs, NULL, + nc->ctx.identity, + id_ctype, + &delta); + kcdb_credset_get_size(tcs, &count); + kcdb_credset_delete(tcs); + + if (count == 0) + break; + } + ctx = kherr_peek_context(); evt = kherr_get_err_event(ctx); kherr_evaluate_event(evt); khui_alert_create_empty(&alert); - if (nc->subtype == KMSG_CRED_PASSWORD) - LoadString(khm_hInstance, IDS_NC_PWD_FAILED_TITLE, - ws_tfmt, ARRAYLENGTH(ws_tfmt)); - else if (nc->subtype == KMSG_CRED_RENEW_CREDS) - LoadString(khm_hInstance, IDS_NC_REN_FAILED_TITLE, - ws_tfmt, ARRAYLENGTH(ws_tfmt)); - else - LoadString(khm_hInstance, IDS_NC_FAILED_TITLE, - ws_tfmt, ARRAYLENGTH(ws_tfmt)); + if (nc->subtype == KMSG_CRED_NEW_CREDS) { + + cb = sizeof(w_idname); + if (nc->n_identities == 0 || + KHM_FAILED(kcdb_identity_get_name(nc->identities[0], + w_idname, &cb))) { + /* an identity could not be determined */ + LoadString(khm_hInstance, IDS_NC_FAILED_TITLE, + ws_title, ARRAYLENGTH(ws_title)); + } else { + LoadString(khm_hInstance, IDS_NC_FAILED_TITLE_I, + ws_tfmt, ARRAYLENGTH(ws_tfmt)); + StringCbPrintf(ws_title, sizeof(ws_title), + ws_tfmt, w_idname); + } + + } else if (nc->subtype == KMSG_CRED_PASSWORD) { - if (nc->n_identities > 0) { cb = sizeof(w_idname); - if (KHM_FAILED(kcdb_identity_get_name(nc->identities[0], - w_idname, &cb))) - StringCbCopy(w_idname, sizeof(w_idname), L"(?)"); + if (nc->n_identities == 0 || + KHM_FAILED(kcdb_identity_get_name(nc->identities[0], + w_idname, &cb))) { + LoadString(khm_hInstance, IDS_NC_PWD_FAILED_TITLE, + ws_title, ARRAYLENGTH(ws_title)); + } else { + LoadString(khm_hInstance, IDS_NC_PWD_FAILED_TITLE_I, + ws_tfmt, ARRAYLENGTH(ws_tfmt)); + StringCbPrintf(ws_title, sizeof(ws_title), + ws_tfmt, w_idname); + } + + } else if (nc->subtype == KMSG_CRED_RENEW_CREDS) { + + cb = sizeof(w_idname); + if (nc->ctx.identity == NULL || + KHM_FAILED(kcdb_identity_get_name(nc->ctx.identity, + w_idname, &cb))) { + LoadString(khm_hInstance, IDS_NC_REN_FAILED_TITLE, + ws_title, ARRAYLENGTH(ws_title)); + } else { + LoadString(khm_hInstance, IDS_NC_REN_FAILED_TITLE_I, + ws_tfmt, ARRAYLENGTH(ws_tfmt)); + StringCbPrintf(ws_title, sizeof(ws_title), + ws_tfmt, w_idname); + } + } else { - StringCbCopy(w_idname, sizeof(w_idname), L"(?)"); +#ifdef DEBUG + assert(FALSE); +#endif } - StringCbPrintf(ws_title, sizeof(ws_title), ws_tfmt, w_idname); - khui_alert_set_title(alert, ws_title); khui_alert_set_severity(alert, evt->severity); + if(!evt->long_desc) khui_alert_set_message(alert, evt->short_desc); else khui_alert_set_message(alert, evt->long_desc); + if(evt->suggestion) khui_alert_set_suggestion(alert, evt->suggestion); @@ -847,6 +913,8 @@ khm_cred_process_startup_actions(void) { if (khm_startup.renew) { khm_size count; + wchar_t * ident_names = NULL; + wchar_t * this_ident; kcdb_credset_get_size(NULL, &count); @@ -856,16 +924,55 @@ khm_cred_process_startup_actions(void) { khm_startup.renew = FALSE; if (count != 0) { - if (defident) - khui_context_set(KHUI_SCOPE_IDENT, - defident, - KCDB_CREDTYPE_INVALID, - NULL, NULL, 0, - NULL); - else - khui_context_reset(); + khm_size cb = 0; + khm_size n_idents = 0; + khm_int32 rv; + + ident_names = NULL; + + while (TRUE) { + if (ident_names) { + PFREE(ident_names); + ident_names = NULL; + } + + cb = 0; + rv = kcdb_identity_enum(KCDB_IDENT_FLAG_EMPTY, 0, + NULL, + &cb, &n_idents); + + if (n_idents == 0 || rv != KHM_ERROR_TOO_LONG || + cb == 0) + break; + + ident_names = PMALLOC(cb); - khm_cred_renew_creds(); + rv = kcdb_identity_enum(KCDB_IDENT_FLAG_EMPTY, 0, + ident_names, + &cb, &n_idents); + + if (KHM_SUCCEEDED(rv)) + break; + } + + if (ident_names) { + for (this_ident = ident_names; + this_ident && *this_ident; + this_ident = multi_string_next(this_ident)) { + khm_handle ident; + + if (KHM_FAILED(kcdb_identity_create(this_ident, 0, + &ident))) + continue; + + khm_cred_renew_identity(ident); + + kcdb_identity_release(ident); + } + + PFREE(ident_names); + ident_names = NULL; + } break; } } diff --git a/src/windows/identity/ui/credwnd.c b/src/windows/identity/ui/credwnd.c index 31df6bdf7..a870fe527 100644 --- a/src/windows/identity/ui/credwnd.c +++ b/src/windows/identity/ui/credwnd.c @@ -2669,16 +2669,20 @@ cw_kmq_wm_dispatch(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam) cw_update_outline(tbl); cw_update_extents(tbl, TRUE); InvalidateRect(hwnd, NULL, FALSE); + } else if (m->subtype == KMSG_KCDB_IDENT && m->uparam == KCDB_OP_NEW_DEFAULT) { InvalidateRect(hwnd, NULL, FALSE); + } else if (m->subtype == KMSG_KCDB_ATTRIB && (m->uparam == KCDB_OP_INSERT || m->uparam == KCDB_OP_DELETE)) { + cw_refresh_attribs(hwnd); + } } else if (m->type == KMSG_KMM && m->subtype == KMSG_KMM_I_DONE) { diff --git a/src/windows/identity/ui/lang/en_us/khapp.rc b/src/windows/identity/ui/lang/en_us/khapp.rc index 93e780575..eb84b8f1e 100644 --- a/src/windows/identity/ui/lang/en_us/khapp.rc +++ b/src/windows/identity/ui/lang/en_us/khapp.rc @@ -356,9 +356,9 @@ FONT 8, "MS Shell Dlg", 400, 0, 0x1 BEGIN DEFPUSHBUTTON "OK",IDOK,211,7,50,14 LTEXT "Productname",IDC_PRODUCT,41,7,163,13,NOT WS_GROUP - LTEXT "© 2005 Massachusetts Institute of Technology",IDC_COPYRIGHT,41,23,220,18,NOT WS_GROUP - LTEXT "BuildInfo",IDC_BUILDINFO,41,41,220,17,NOT WS_GROUP - ICON IDI_MAIN_APP,IDC_STATIC,6,7,21,20 + LTEXT "© 2005-2006 Massachusetts Institute of Technology\n© 2006 Secure Endpoints Inc.",IDC_COPYRIGHT,41,23,220,18,NOT WS_GROUP + LTEXT "BuildInfo",IDC_BUILDINFO,41,43,220,15,NOT WS_GROUP + ICON IDI_MAIN_APP,IDC_STATIC,6,7,20,20 CONTROL "",IDC_MODULES,"SysListView32",LVS_REPORT | LVS_ALIGNLEFT | WS_BORDER | WS_TABSTOP,41,72,220,91 LTEXT "Loaded modules",IDC_STATIC,41,60,52,8 END @@ -770,6 +770,13 @@ BEGIN IDS_ACTIONT_OPT_APPEAR "Change appearance and display settings" IDS_ACTIONT_HELP_CTX "Display user documentation" IDS_ACTIONT_IMPORT "Import credentials from external sources such as the Windows LSA" + IDS_NC_FAILED_TITLE_I "Failed to get credentials for %s" + IDS_NC_PWD_FAILED_TITLE_I "Failed to change password for %s" +END + +STRINGTABLE +BEGIN + IDS_NC_REN_FAILED_TITLE_I "Failed to renew creds for %s" END #endif // English (U.S.) resources diff --git a/src/windows/identity/ui/newcredwnd.c b/src/windows/identity/ui/newcredwnd.c index 1c5d19412..f5b302ec0 100644 --- a/src/windows/identity/ui/newcredwnd.c +++ b/src/windows/identity/ui/newcredwnd.c @@ -1,6 +1,5 @@ /* * Copyright (c) 2005 Massachusetts Institute of Technology - * Copyright (c) 2006 Secure Endpoints Inc. * * Permission is hereby granted, free of charge, to any person * obtaining a copy of this software and associated documentation @@ -264,6 +263,38 @@ nc_clear_password_fields(khui_nc_wnd_data * d) } } +struct nc_enum_wnd_data { + khui_nc_wnd_data * d; + khm_boolean enable; +}; + +static +BOOL CALLBACK +nc_enum_wnd_proc(HWND hwnd, + LPARAM lParam) +{ + struct nc_enum_wnd_data * wd; + + wd = (struct nc_enum_wnd_data *) lParam; + + EnableWindow(hwnd, wd->enable); + + return TRUE; +} + +static void +nc_enable_controls(khui_nc_wnd_data * d, khm_boolean enable) +{ + struct nc_enum_wnd_data wd; + + ZeroMemory(&wd, sizeof(wd)); + + wd.d = d; + wd.enable = enable; + + EnumChildWindows(d->dlg_main, nc_enum_wnd_proc, (LPARAM) &wd); +} + #define NC_MAXCCH_CREDTEXT 16384 #define NC_MAXCB_CREDTEXT (NC_MAXCCH_CREDTEXT * sizeof(wchar_t)) @@ -524,6 +555,7 @@ nc_handle_wm_create(HWND hwnd, int x, y; int width, height; RECT r; + khm_int32 t; lpc = (LPCREATESTRUCT) lParam; @@ -789,6 +821,17 @@ nc_handle_wm_create(HWND hwnd, /* add this to the dialog chain */ khm_add_dialog(hwnd); + /* bring the window to the top, if necessary */ + if (KHM_SUCCEEDED(khc_read_int32(NULL, + L"CredWindow\\Windows\\NewCred\\ForceToTop", + &t)) && + t != 0) { + + SetWindowPos(hwnd, HWND_TOP, 0, 0, 0, 0, + (SWP_NOMOVE | SWP_NOSIZE)); + + } + return TRUE; } @@ -936,6 +979,8 @@ nc_handle_wm_command(HWND hwnd, KHUI_NC_RESULT_CANCEL */ d->nc->response = KHUI_NC_RESPONSE_PROCESSING; + nc_enable_controls(d, FALSE); + nc_notify_types(d->nc, KHUI_WM_NC_NOTIFY, MAKEWPARAM(0,WMNC_DIALOG_PREPROCESS), @@ -1008,7 +1053,8 @@ nc_handle_wm_command(HWND hwnd, type that is participating in the credentials acquisition process, then we forward the message to the panel that is providing the UI for that cred - type. We also switch to that panel first. */ + type. We also switch to that panel first, unless + the link is of the form ':!'. */ colon = wcschr(sid, L':'); if (colon != NULL) { @@ -1020,7 +1066,8 @@ nc_handle_wm_command(HWND hwnd, KHM_SUCCEEDED(khui_cw_find_type(d->nc, credtype, &t))){ *colon = L':'; - if (t->ordinal != d->ctab) + if (t->ordinal != d->ctab && + *(colon + 1) != L'!') PostMessage(hwnd, KHUI_WM_NC_NOTIFY, MAKEWPARAM(t->ordinal, @@ -1031,6 +1078,8 @@ nc_handle_wm_command(HWND hwnd, KHUI_WM_NC_NOTIFY, MAKEWPARAM(0, WMNC_CREDTEXT_LINK), lParam); + } else { + *colon = L':'; } } @@ -1257,8 +1306,8 @@ static LRESULT nc_handle_wm_nc_notify(HWND hwnd, khui_cw_lock_nc(d->nc); GetWindowRect(d->dlg_ts, &r); - if (x + width * d->nc->n_types > (khm_size) (r.right - r.left)) { - width = (int)(((r.right - r.left) - x) / d->nc->n_types); + if (x + width * (d->nc->n_types + 1) > (khm_size) (r.right - r.left)) { + width = (int)(((r.right - r.left) - x) / (d->nc->n_types + 1)); } /* first, the control for the main panel */ @@ -1684,6 +1733,8 @@ static LRESULT nc_handle_wm_nc_notify(HWND hwnd, if(nc->response & KHUI_NC_RESPONSE_NOEXIT) { HWND hw; + nc_enable_controls(d, TRUE); + /* reset state */ nc->result = KHUI_NC_RESULT_CANCEL; diff --git a/src/windows/identity/ui/notifier.c b/src/windows/identity/ui/notifier.c index eb46824c7..12b746b1f 100644 --- a/src/windows/identity/ui/notifier.c +++ b/src/windows/identity/ui/notifier.c @@ -744,6 +744,9 @@ alerter_wnd_proc(HWND hwnd, } } + if (d->hwnd_buttons[0]) + SetFocus(d->hwnd_buttons[0]); + khm_notify_icon_change(a->severity); khui_alert_unlock(a); diff --git a/src/windows/identity/ui/resource.h b/src/windows/identity/ui/resource.h index 49fcf70e4..35b493e91 100644 --- a/src/windows/identity/ui/resource.h +++ b/src/windows/identity/ui/resource.h @@ -290,6 +290,9 @@ #define IDS_ACTIONT_OPT_APPEAR 283 #define IDS_ACTIONT_HELP_CTX 284 #define IDS_ACTIONT_IMPORT 285 +#define IDS_NC_FAILED_TITLE_I 286 +#define IDS_NC_PWD_FAILED_TITLE_I 287 +#define IDS_NC_REN_FAILED_TITLE_I 288 #define IDC_NC_USERNAME 1007 #define IDC_NC_PASSWORD 1008 #define IDC_NC_CREDTEXT_LABEL 1009 diff --git a/src/windows/identity/ui/uiconfig.csv b/src/windows/identity/ui/uiconfig.csv index 5c512bbac..f1bb4b195 100644 --- a/src/windows/identity/ui/uiconfig.csv +++ b/src/windows/identity/ui/uiconfig.csv @@ -35,6 +35,9 @@ CredWindow,KC_SPACE,0,Options for the credentials window _Schema,KC_ENDSPACE,0, Main,KC_SPACE,0,Main window Main,KC_ENDSPACE,0, + NewCred,KC_SPACE,0,New credentials window + ForceToTop,KC_INT32,1,Force new creds window to the top + NewCred,KC_ENDSPACE,0, Windows,KC_ENDSPACE,0, Views,KC_SPACE,0,Preconfigured views for credentials Custom_0,KC_SPACE,0,First custom view. Additional views have names of the form Custom_N diff --git a/src/windows/identity/uilib/action.c b/src/windows/identity/uilib/action.c index f96ec5dee..dcce3de93 100644 --- a/src/windows/identity/uilib/action.c +++ b/src/windows/identity/uilib/action.c @@ -1289,12 +1289,9 @@ khui_context_refresh(void) { khui_check_action(KHUI_ACTION_SET_DEF_ID, FALSE); khui_enable_action(KHUI_ACTION_SET_DEF_ID, TRUE); } - - khui_enable_action(KHUI_ACTION_PASSWD_ID, TRUE); } else { khui_check_action(KHUI_ACTION_SET_DEF_ID, FALSE); khui_enable_action(KHUI_ACTION_SET_DEF_ID, FALSE); - khui_enable_action(KHUI_ACTION_PASSWD_ID, FALSE); } if (khui_ctx.scope != KHUI_SCOPE_NONE) { diff --git a/src/windows/identity/uilib/creddlg.c b/src/windows/identity/uilib/creddlg.c index 458218d90..84d6e17ed 100644 --- a/src/windows/identity/uilib/creddlg.c +++ b/src/windows/identity/uilib/creddlg.c @@ -564,6 +564,35 @@ khui_cw_get_prompt(khui_new_creds * c, return rv; } +void +khuiint_trim_str(wchar_t * s, khm_size cch) { + wchar_t * c, * last_ws; + + for (c = s; *c && iswspace(*c) && ((khm_size)(c - s)) < cch; c++); + + if (((khm_size)(c - s)) >= cch) + return; + + if (c != s && ((khm_size)(c - s)) < cch) { +#if _MSC_VER >= 1400 + wmemmove_s(s, cch, c, cch - ((khm_size)(c - s))); +#else + memmove(s, c, (cch - ((khm_size)(c - s)))* sizeof(wchar_t)); +#endif + } + + last_ws = NULL; + for (c = s; *c && ((khm_size)(c - s)) < cch; c++) { + if (!iswspace(*c)) + last_ws = NULL; + else if (last_ws == NULL) + last_ws = c; + } + + if (last_ws) + *last_ws = L'\0'; +} + KHMEXP khm_int32 KHMAPI khui_cw_sync_prompt_values(khui_new_creds * c) { @@ -584,6 +613,7 @@ khui_cw_sync_prompt_values(khui_new_creds * c) LeaveCriticalSection(&c->cs); GetWindowText(hw, tmpbuf, ARRAYLENGTH(tmpbuf)); + khuiint_trim_str(tmpbuf, ARRAYLENGTH(tmpbuf)); EnterCriticalSection(&c->cs); if (n != c->n_prompts) diff --git a/src/windows/identity/uilib/khconfigui.h b/src/windows/identity/uilib/khconfigui.h index 1d09fae9e..efe14789d 100644 --- a/src/windows/identity/uilib/khconfigui.h +++ b/src/windows/identity/uilib/khconfigui.h @@ -142,7 +142,18 @@ typedef struct tag_khui_config_node_reg { */ #define KHUI_CNFLAG_SYSTEM 0x0010 +/*! \brief Settings have been modified + + Settings for this configuration panel have been modified. This + flag should be cleared once the settings have been successfully + applied. + */ #define KHUI_CNFLAG_MODIFIED 0x0100 + +/*! \brief Settings have been applied + + Set once any modified settings were successfully applied. + */ #define KHUI_CNFLAG_APPLIED 0x0200 #define KHUI_CNFLAGMASK_STATIC 0x00ff diff --git a/src/windows/identity/uilib/khhtlink.h b/src/windows/identity/uilib/khhtlink.h index f5fb3deef..1246923e2 100644 --- a/src/windows/identity/uilib/khhtlink.h +++ b/src/windows/identity/uilib/khhtlink.h @@ -42,11 +42,30 @@ Instead, the length fields should be used to extract the string. */ typedef struct tag_khui_htwnd_link { - RECT r; - wchar_t * id; - int id_len; - wchar_t * param; - int param_len; + RECT r; /*!< The enclosing rectangle of the + hyperlink. Units are screen units + and the coordinates are relative to + the top left hand corner of the + hypertext area. */ + wchar_t * id; /*!< The value of the \a id attribute + of the link or \a NULL if there was + no \a id attribute. This does not + point to a \a NULL terminated + string. The length of the string is + given by the \a id_len field. */ + int id_len; /*!< The length of the string pointed + to by \a id in characters. + Undefined if \a id is \a NULL. */ + wchar_t * param; /*!< The value of the \a param + attribute of the link or \a NULL if + there was no \a param attribute. + This does not point to a \a NULL + terminated string. The length of + the string is given by the \a + param_len field.*/ + int param_len; /*!< Length of the string pointed to + by \a param in characters. + Undefined if \a param is \a NULL. */ } khui_htwnd_link; #define KHUI_MAXCCH_HTLINK_FIELD 256 diff --git a/src/windows/identity/uilib/khnewcred.h b/src/windows/identity/uilib/khnewcred.h index 453575713..b2b014e4f 100644 --- a/src/windows/identity/uilib/khnewcred.h +++ b/src/windows/identity/uilib/khnewcred.h @@ -111,7 +111,9 @@ enum khui_wm_nc_notifications { WMNC_CREDTEXT_LINK, /*!< Sent to a panel dialog proc when a user clicks a credtext - embedded link that belongs to that panel */ + embedded link that belongs to that panel. The \a lParam + parameter of the message is a pointer to a ::khui_htwnd_link + structure describing the link. */ WMNC_IDENTITY_CHANGE, /*!< The primary identity has changed */ @@ -219,7 +221,7 @@ typedef LRESULT \see \ref cred_acq for more information */ typedef struct tag_khui_new_creds { - khm_int32 magic; + khm_int32 magic; /*!< Internal use */ khm_int32 subtype; /*!< Subtype of the request that is being handled through this object. @@ -227,7 +229,7 @@ typedef struct tag_khui_new_creds { ::KMSG_CRED_NEW_CREDS or ::KMSG_CRED_RENEW_CREDS */ - CRITICAL_SECTION cs; + CRITICAL_SECTION cs; /*!< Internal use */ khm_boolean set_default; /*!< After a successfull credentials acquisition, set the primary @@ -271,7 +273,7 @@ typedef struct tag_khui_new_creds { documentation for info on what to do with this field */ - wchar_t *password; /*!< Not set until the dialog ends */ + wchar_t *password; /*!< Not used. */ /* UI stuff */ -- 2.26.2