khm_boolean k4_should_identity_get_k4(khm_handle ident) {
khm_int32 idflags = 0;
khm_int32 t = TRUE;
khm_handle csp_ident = NULL;
khm_handle csp_k4 = NULL;
khm_boolean get_k4 = TRUE;
khm_boolean id_spec = FALSE;
if (KHM_FAILED(kcdb_identity_get_flags(ident, &idflags)))
return FALSE;
if (!(idflags & KCDB_IDENT_FLAG_DEFAULT)) {
/* we only support k4 for one identity, and that is the
default identity. If we are trying to get tickets for a
non-default identity, then we start off as disabled unless
there is no default identity. */
khm_handle defident = NULL;
if (KHM_SUCCEEDED(kcdb_identity_get_default(&defident))) {
kcdb_identity_release(defident);
return FALSE;
}
}
if (KHM_SUCCEEDED(kcdb_identity_get_config(ident, 0, &csp_ident))) {
if (KHM_SUCCEEDED(khc_open_space(csp_ident, CSNAME_KRB4CRED, 0,
&csp_k4))) {
khm_int32 t = 0;
if (KHM_SUCCEEDED(khc_read_int32(csp_k4, L"Krb4NewCreds", &t))) {
get_k4 = !!t;
id_spec = TRUE;
}
khc_close_space(csp_k4);
}
khc_close_space(csp_ident);
}
/* if there was a value specified for the identity, then that
takes precedence. */
if (id_spec || !get_k4)
return get_k4;
if (KHM_SUCCEEDED(khc_read_int32(csp_params, L"Krb4NewCreds", &t)) &&
!t)
return FALSE;
return TRUE;
}
void
khm_cred_process_startup_actions(void) {
khm_handle defident = NULL;
if (!khm_startup.processing)
return;
if (khm_startup.init ||
khm_startup.renew ||
khm_startup.destroy ||
khm_startup.autoinit) {
kcdb_identity_get_default(&defident);
}
/* For asynchronous actions, we trigger the action and then exit
the loop. Once the action completes, the completion handler
will trigger a continuation message which will result in this
function getting called again. Then we can proceed with the
rest of the startup actions. */
do {
if (khm_startup.init) {
khm_cred_obtain_new_creds_for_ident(defident, NULL);
khm_startup.init = FALSE;
break;
}
if (khm_startup.import) {
khm_cred_import();
khm_startup.import = FALSE;
/* we also set the renew command to false here because we
trigger a renewal for all the identities at the end of
the import operation anyway. */
khm_startup.renew = FALSE;
break;
}
if (khm_startup.renew) {
LONG pending_renewals;
/* if there are no credentials, we just skip over the
renew action. */
khm_startup.renew = FALSE;
InterlockedIncrement(&khm_startup.pending_renewals);
khm_cred_renew_all_identities();
pending_renewals = InterlockedDecrement(&khm_startup.pending_renewals);
if (pending_renewals != 0)
break;
/* if there were no pending renewals, then we just fall
through. This means that either there were no
identities to renew, or all the renewals completed. If
all the renewals completed, then the commandline
contiuation message wasn't triggered. Either way, we
must fall through if the count is zero. */
}
if (khm_startup.destroy) {
khm_startup.destroy = FALSE;
if (defident) {
khm_cred_destroy_identity(defident);
break;
}
}
if (khm_startup.autoinit) {
khm_size count = 0;
khm_handle credset = NULL;
khm_int32 ctype_ident = KCDB_CREDTYPE_INVALID;
khm_int32 delta = 0;
khm_startup.autoinit = FALSE;
kcdb_credset_create(&credset);
kcdb_identity_get_type(&ctype_ident);
kcdb_credset_collect(credset, NULL,
defident, ctype_ident,
&delta);
kcdb_credset_get_size(credset, &count);
kcdb_credset_delete(credset);
if (count == 0) {
if (defident)
khui_context_set(KHUI_SCOPE_IDENT,
defident,
KCDB_CREDTYPE_INVALID,
NULL, NULL, 0,
NULL);
else
khui_context_reset();
khm_cred_obtain_new_creds(NULL);
break;
}
}
if (khm_startup.exit) {
PostMessage(khm_hwnd_main,
WM_COMMAND,
MAKEWPARAM(KHUI_ACTION_EXIT, 0), 0);
khm_startup.exit = FALSE;
break;
}
if (khm_startup.display & SOPTS_DISPLAY_HIDE) {
khm_hide_main_window();
} else if (khm_startup.display & SOPTS_DISPLAY_SHOW) {
khm_show_main_window();
}
khm_startup.display = 0;
/* when we get here, then we are all done with the command
line stuff */
khm_startup.processing = FALSE;
khm_startup.remote = FALSE;
kmq_post_message(KMSG_ACT, KMSG_ACT_END_CMDLINE, 0, 0);
} while(FALSE);
if (defident)
kcdb_identity_release(defident);
}