void k4_write_identity_data(k4_dlg_data * d) {
khm_handle csp_ident = NULL;
khm_handle csp_k4 = NULL;
khm_handle identity = NULL;
if (KHM_SUCCEEDED(khui_cw_get_primary_id(d->nc, &identity)) &&
KHM_SUCCEEDED(kcdb_identity_get_config(identity,
KHM_FLAG_CREATE,
&csp_ident))) {
khc_open_space(csp_ident, CSNAME_KRB4CRED,
KHM_FLAG_CREATE | KCONF_FLAG_WRITEIFMOD,
&csp_k4);
if (csp_k4) {
khc_write_int32(csp_k4, L"Krb4NewCreds", !!d->k4_enabled);
khc_write_int32(csp_k4, L"Krb4Method", d->method);
khc_close_space(csp_k4);
}
khc_close_space(csp_ident);
}
if (identity)
kcdb_identity_release(identity);
}
/* Note: This callback runs under the UI thread */
INT_PTR
handle_khui_wm_nc_notify(HWND hwnd, WPARAM wParam, LPARAM lParam) {
struct nc_dialog_data * d;
/* Refer to the khui_wm_nc_notifications enumeration in the
NetIDMgr SDK for the full list of notification messages that
can be sent. */
d = (struct nc_dialog_data *) GetWindowLongPtr(hwnd, DWLP_USER);
if (!d)
return TRUE;
/* this should be set by now */
assert(d->nct.nc);
switch (HIWORD(wParam)) {
case WMNC_IDENTITY_CHANGE:
/* Sent when the primary identity associated with the new
credentials operation has changed. */
/* TODO: Handle this message */
assert(h_idprov != NULL);
{
khm_handle ident = NULL;
khui_cw_get_primary_id(d->nct.nc, &ident);
if (ident &&
kcdb_identity_by_provider(ident, IDPROV_NAMEW)) {
khui_cw_enable_type(d->nct.nc, credtype_id, TRUE);
khui_cw_notify_identity_state(d->nct.nc, NULL, L"",
KHUI_CWNIS_VALIDATED |
KHUI_CWNIS_READY, 0);
} else {
khui_cw_enable_type(d->nct.nc, credtype_id, FALSE);
}
if (ident)
kcdb_identity_release(ident);
}
break;
case WMNC_DIALOG_PREPROCESS:
/* Sent before KMSG_CRED_PROCESS messages are dispatched. */
/* TODO: Handle this message */
break;
}
return TRUE;
}
KHMEXP khm_int32 KHMAPI kcdb_buf_release(khm_handle record)
{
if(kcdb_cred_is_active_cred(record))
return kcdb_cred_release(record);
else if(kcdb_is_active_identity(record))
return kcdb_identity_release(record);
else
return KHM_ERROR_INVALID_PARAM;
}
void k4_read_identity_data(k4_dlg_data * d) {
khm_handle csp_ident = NULL;
khm_handle csp_k4 = NULL;
khm_handle identity = NULL;
khm_int32 idflags = 0;
khm_int32 t;
if (KHM_SUCCEEDED(khc_read_int32(csp_params, L"Krb4NewCreds", &t)))
d->k4_enabled = !!t;
else
d->k4_enabled = TRUE;
if (KHM_SUCCEEDED(khc_read_int32(csp_params, L"Krb4Method", &t)))
d->method = t;
else
d->method = K4_METHOD_AUTO;
if (KHM_SUCCEEDED(khc_read_int32(csp_params, L"DefaultLifetime", &t)))
d->lifetime = t;
else
d->lifetime = 10 * 60 * 60; /* 10 hours */
if (KHM_SUCCEEDED(khui_cw_get_primary_id(d->nc, &identity))) {
if (KHM_SUCCEEDED(kcdb_identity_get_config(identity, 0,
&csp_ident))) {
khc_open_space(csp_ident, CSNAME_KRB4CRED, 0, &csp_k4);
if (csp_k4) {
if (KHM_SUCCEEDED(khc_read_int32(csp_k4, L"Krb4NewCreds", &t)))
d->k4_enabled = !!t;
if (KHM_SUCCEEDED(khc_read_int32(csp_k4, L"Krb4Method", &t)))
d->method = t;
khc_close_space(csp_k4);
}
khc_close_space(csp_ident);
}
if (d->k4_enabled) {
d->k4_enabled = k4_should_identity_get_k4(identity);
}
} else {
d->k4_enabled = FALSE;
}
if (d->method < 0 || d->method > K4_METHOD_K524)
d->method = K4_METHOD_AUTO;
if (identity)
kcdb_identity_release(identity);
}
void
k4_id_read_params(k4_id_data * d) {
khm_handle ident = NULL;
khm_handle csp_ident = NULL;
khm_handle csp_idk4 = NULL;
khm_int32 flags = 0;
khm_int32 t;
khc_read_int32(csp_params, L"Krb4NewCreds", &d->gettix);
ident = khui_cfg_get_data(d->cfg.ctx_node);
if (ident == NULL) {
d->gettix = 0;
goto done;
}
kcdb_identity_get_flags(ident, &flags);
if (!(flags & KCDB_IDENT_FLAG_DEFAULT)) {
d->gettix = 0;
goto done;
}
d->is_default_ident = TRUE;
if (d->gettix == 0)
goto done;
if (KHM_FAILED(kcdb_identity_get_config(ident, 0, &csp_ident)))
goto done;
if (KHM_FAILED(khc_open_space(csp_ident, CSNAME_KRB4CRED,
0, &csp_idk4)))
goto close_config;
if (KHM_SUCCEEDED(khc_read_int32(csp_idk4, L"Krb4NewCreds", &t)) &&
!t)
d->gettix = 1;
close_config:
if (csp_ident)
khc_close_space(csp_ident);
if (csp_idk4)
khc_close_space(csp_idk4);
done:
if (ident)
kcdb_identity_release(ident);
return;
}
khm_boolean k4_should_identity_get_k4(khm_handle ident) {
khm_int32 idflags = 0;
khm_int32 t = TRUE;
khm_handle csp_ident = NULL;
khm_handle csp_k4 = NULL;
khm_boolean get_k4 = TRUE;
khm_boolean id_spec = FALSE;
if (KHM_FAILED(kcdb_identity_get_flags(ident, &idflags)))
return FALSE;
if (!(idflags & KCDB_IDENT_FLAG_DEFAULT)) {
/* we only support k4 for one identity, and that is the
default identity. If we are trying to get tickets for a
non-default identity, then we start off as disabled unless
there is no default identity. */
khm_handle defident = NULL;
if (KHM_SUCCEEDED(kcdb_identity_get_default(&defident))) {
kcdb_identity_release(defident);
return FALSE;
}
}
if (KHM_SUCCEEDED(kcdb_identity_get_config(ident, 0, &csp_ident))) {
if (KHM_SUCCEEDED(khc_open_space(csp_ident, CSNAME_KRB4CRED, 0,
&csp_k4))) {
khm_int32 t = 0;
if (KHM_SUCCEEDED(khc_read_int32(csp_k4, L"Krb4NewCreds", &t))) {
get_k4 = !!t;
id_spec = TRUE;
}
khc_close_space(csp_k4);
}
khc_close_space(csp_ident);
}
/* if there was a value specified for the identity, then that
takes precedence. */
if (id_spec || !get_k4)
return get_k4;
if (KHM_SUCCEEDED(khc_read_int32(csp_params, L"Krb4NewCreds", &t)) &&
!t)
return FALSE;
return TRUE;
}
static void
check_and_set_refresh_bit_for_identity(khm_handle cred,
khm_handle * plast_identity)
{
khm_handle this_identity;
if (KHM_SUCCEEDED(kcdb_cred_get_identity(cred,
&this_identity))) {
if (!kcdb_identity_is_equal(this_identity, *plast_identity)) {
kcdb_identity_set_flags(this_identity,
KCDB_IDENT_FLAG_NEEDREFRESH,
KCDB_IDENT_FLAG_NEEDREFRESH);
kcdb_identity_hold(this_identity);
if (*plast_identity)
kcdb_identity_release(*plast_identity);
*plast_identity = this_identity;
}
kcdb_identity_release(this_identity);
this_identity = NULL;
}
}
khm_boolean
k4_id_write_params(HWND hwnd, k4_id_data * d) {
khm_handle ident = NULL;
khm_int32 flags = 0;
khm_handle csp_ident = NULL;
khm_handle csp_idk4 = NULL;
khm_int32 gettix = 0;
khm_boolean applied = FALSE;
ident = khui_cfg_get_data(d->cfg.ctx_node);
if (ident == NULL)
return FALSE;
kcdb_identity_get_flags(ident, &flags);
if (!(flags & KCDB_IDENT_FLAG_DEFAULT))
goto done_apply;
if (IsDlgButtonChecked(hwnd, IDC_CFG_GETTIX) == BST_CHECKED)
gettix = TRUE;
if (KHM_FAILED(kcdb_identity_get_config(ident, KHM_FLAG_CREATE,
&csp_ident)))
goto done_apply;
if (KHM_FAILED(khc_open_space(csp_ident, CSNAME_KRB4CRED,
KHM_FLAG_CREATE | KCONF_FLAG_WRITEIFMOD,
&csp_idk4)))
goto done_apply;
khc_write_int32(csp_idk4, L"Krb4NewCreds", gettix);
applied = TRUE;
done_apply:
if (ident)
kcdb_identity_release(ident);
if (csp_ident)
khc_close_space(csp_ident);
if (csp_idk4)
khc_close_space(csp_idk4);
return applied;
}
static void
kinit_task_free(k5_kinit_task * kt)
{
EnterCriticalSection(&kt->cs);
if (kt->refcount != 0 ||
(kt->state != K5_KINIT_STATE_NONE &&
kt->state != K5_KINIT_STATE_DONE)) {
LeaveCriticalSection(&kt->cs);
return;
}
kt->magic = 0;
if (kt->principal)
PFREE(kt->principal);
if (kt->password) {
SecureZeroMemory(kt->password, strlen(kt->password));
PFREE(kt->password);
}
if (kt->identity)
kcdb_identity_release(kt->identity);
if (kt->ccache)
PFREE(kt->ccache);
if (kt->context)
krb5_free_context(kt->context);
LeaveCriticalSection(&kt->cs);
DeleteCriticalSection(&kt->cs);
CloseHandle(kt->h_task_wait);
CloseHandle(kt->h_parent_wait);
if (kt->task)
task_release(kt->task);
ZeroMemory(kt, sizeof(*kt));
}
static void
free_idents_data(void) {
int i;
if (!cfg_idents.valid)
return;
for (i=0; i< (int) cfg_idents.n_idents; i++) {
if (cfg_idents.idents[i].ident)
kcdb_identity_release(cfg_idents.idents[i].ident);
if (cfg_idents.idents[i].idname)
PFREE(cfg_idents.idents[i].idname);
}
if (cfg_idents.idents)
PFREE(cfg_idents.idents);
cfg_idents.idents = NULL;
cfg_idents.n_idents = 0;
cfg_idents.nc_idents = 0;
cfg_idents.valid = FALSE;
}
bool NewCredIdentitySpecifier::ProcessNewIdentity()
{
if (idx_current >= 0 &&
idx_current < (khm_ssize) nc->n_selectors) {
khm_handle ident = NULL;
khui_identity_selector * p;
p = &nc->selectors[idx_current];
assert(p->hwnd_selector);
::SendMessage(p->hwnd_selector, KHUI_WM_NC_NOTIFY, MAKEWPARAM(0, WMNC_IDSEL_GET_IDENT),
(LPARAM) &ident);
if (ident) {
khui_cw_set_primary_id(nc, ident);
kcdb_identity_release(ident);
return true;
}
}
return false;
}
/* Note: This callback runs under the UI thread */
INT_PTR
handle_khui_wm_nc_notify(HWND hwnd, WPARAM wParam, LPARAM lParam) {
struct nc_dialog_data * d;
/* Refer to the khui_wm_nc_notifications enumeration in the
NetIDMgr SDK for the full list of notification messages that
can be sent. */
d = (struct nc_dialog_data *) GetWindowLongPtr(hwnd, DWLP_USER);
if (!d)
return TRUE;
/* these should be set by now */
assert(d->nc);
assert(d->nct);
switch (HIWORD(wParam)) {
case WMNC_UPDATE_CREDTEXT:
{
wchar_t fmt[KHUI_MAXCCH_LONG_DESC];
wchar_t tbuf[256];
/* we are being requested to update the credentials
text. We already allocated a buffer when we created the
nct structure. So we can just set the text here.*/
/* TODO: The credtext should reflect the credentials that
will be obtained when the new credentials operation
completes. */
LoadString(hResModule, IDS_NC_CT_TEMPLATE,
fmt, ARRAYLENGTH(fmt));
LoadString(hResModule, IDS_GEN_NONE,
tbuf, ARRAYLENGTH(tbuf));
assert(d->nct->credtext);
StringCbPrintf(d->nct->credtext, KHUI_MAXCB_LONG_DESC,
fmt, tbuf);
}
break;
case WMNC_CREDTEXT_LINK:
break;
case WMNC_IDENTITY_CHANGE:
{
khm_handle ident = NULL;
khui_cw_get_primary_id(d->nc, &ident);
if (ident &&
kcdb_identity_by_provider(ident, IDPROV_NAMEW)) {
khui_cw_enable_type(d->nc, credtype_id, TRUE);
khui_cw_notify_identity_state(d->nc, NULL, L"",
KHUI_CWNIS_VALIDATED |
KHUI_CWNIS_READY, 0);
} else {
khui_cw_enable_type(d->nc, credtype_id, FALSE);
}
if (ident)
kcdb_identity_release(ident);
}
break;
case WMNC_DIALOG_PREPROCESS:
break;
}
return TRUE;
}
khm_int32
krb4_msg_newcred(khm_int32 msg_type, khm_int32 msg_subtype,
khm_ui_4 uparam, void * vparam) {
switch(msg_subtype) {
case KMSG_CRED_NEW_CREDS:
{
khui_new_creds * nc;
khui_new_creds_by_type * nct;
khm_size cbsize;
wchar_t wbuf[256];
nc = (khui_new_creds *) vparam;
nct = PMALLOC(sizeof(*nct));
#ifdef DEBUG
assert(nct);
#endif
ZeroMemory(nct, sizeof(*nct));
nct->type = credtype_id_krb4;
nct->ordinal = 3;
LoadString(hResModule, IDS_NC_K4_SHORT,
wbuf, ARRAYLENGTH(wbuf));
StringCbLength(wbuf, sizeof(wbuf), &cbsize);
cbsize += sizeof(wchar_t);
nct->name = PMALLOC(cbsize);
StringCbCopy(nct->name, cbsize, wbuf);
nct->type_deps[nct->n_type_deps++] = credtype_id_krb5;
nct->h_module = hResModule;
nct->dlg_proc = k4_nc_dlg_proc;
nct->dlg_template = MAKEINTRESOURCE(IDD_NC_KRB4);
khui_cw_add_type(nc, nct);
}
break;
case KMSG_CRED_RENEW_CREDS:
{
khui_new_creds * nc;
khui_new_creds_by_type * nct;
khm_size cbsize;
wchar_t wbuf[256];
khui_action_context * pctx = NULL;
nc = (khui_new_creds *) vparam;
pctx = khui_cw_get_ctx(nc);
if (!pctx->identity)
break;
nct = PMALLOC(sizeof(*nct));
#ifdef DEBUG
assert(nct);
#endif
ZeroMemory(nct, sizeof(*nct));
nct->type = credtype_id_krb4;
nct->ordinal = 3;
LoadString(hResModule, IDS_NC_K4_SHORT,
wbuf, ARRAYLENGTH(wbuf));
StringCbLength(wbuf, sizeof(wbuf), &cbsize);
cbsize += sizeof(wchar_t);
nct->name = PMALLOC(cbsize);
StringCbCopy(nct->name, cbsize, wbuf);
nct->type_deps[nct->n_type_deps++] = credtype_id_krb5;
khui_cw_add_type(nc, nct);
}
break;
case KMSG_CRED_DIALOG_SETUP:
break;
case KMSG_CRED_PROCESS:
{
khui_new_creds * nc;
khui_new_creds_by_type * nct = NULL;
khm_handle ident = NULL;
khui_action_context * pctx = NULL;
k4_dlg_data * d = NULL;
long code = 0;
wchar_t idname[KCDB_IDENT_MAXCCH_NAME];
khm_size cb;
khm_int32 subtype;
nc = (khui_new_creds *) vparam;
if (KHM_FAILED(khui_cw_find_type(nc, credtype_id_krb4, &nct)))
break;
subtype = khui_cw_get_subtype(nc);
if (subtype == KMSG_CRED_NEW_CREDS ||
subtype == KMSG_CRED_RENEW_CREDS) {
khm_int32 method;
if (subtype == KMSG_CRED_NEW_CREDS) {
d = (k4_dlg_data *) nct->aux;
if (KHM_FAILED(khui_cw_get_primary_id(nc, &ident)))
break;
if (!d ||
khui_cw_get_result(nc) != KHUI_NC_RESULT_PROCESS) {
khui_cw_set_response(nc, credtype_id_krb4,
KHUI_NC_RESPONSE_SUCCESS |
KHUI_NC_RESPONSE_EXIT);
kcdb_identity_release(ident);
break;
}
if (!d->k4_enabled) {
k4_write_identity_data(d);
khui_cw_set_response(nc, credtype_id_krb4,
KHUI_NC_RESPONSE_SUCCESS |
KHUI_NC_RESPONSE_EXIT);
kcdb_identity_release(ident);
break;
}
method = d->method;
cb = sizeof(idname);
kcdb_identity_get_name(ident, idname, &cb);
_begin_task(0);
_report_sr0(KHERR_NONE, IDS_MSG_K4NEW);
_resolve();
_describe();
} else if (subtype == KMSG_CRED_RENEW_CREDS) {
pctx = khui_cw_get_ctx(nc);
if ((pctx->scope == KHUI_SCOPE_IDENT &&
pctx->identity != NULL) ||
(pctx->scope == KHUI_SCOPE_CREDTYPE &&
pctx->cred_type == credtype_id_krb4 &&
pctx->identity != NULL) ||
(pctx->scope == KHUI_SCOPE_CRED &&
pctx->cred_type == credtype_id_krb4 &&
pctx->identity != NULL &&
pctx->cred != NULL)) {
ident = pctx->identity;
kcdb_identity_hold(ident);
if (!k4_should_identity_get_k4(ident)) {
_reportf(L"Kerberos 4 is not enabled for this identity. Skipping");
khui_cw_set_response(nc, credtype_id_krb4,
KHUI_NC_RESPONSE_FAILED |
KHUI_NC_RESPONSE_EXIT);
kcdb_identity_release(ident);
break;
}
} else {
_reportf(L"Kerberos 4 is not within renewal scope. Skipping");
khui_cw_set_response(nc, credtype_id_krb4,
KHUI_NC_RESPONSE_FAILED |
KHUI_NC_RESPONSE_EXIT);
break;
}
method = K4_METHOD_K524; /* only k524 is supported
for renewals */
_begin_task(0);
cb = sizeof(idname);
kcdb_identity_get_name(ident, idname, &cb);
_report_sr0(KHERR_NONE, IDS_MSG_K4RENEW);
_resolve();
_describe();
} else {
assert(FALSE);
break;
}
_progress(0,1);
if ((method == K4_METHOD_AUTO ||
method == K4_METHOD_K524) &&
khui_cw_type_succeeded(nc, credtype_id_krb5)) {
khm_handle tgt;
FILETIME ft_prev;
FILETIME ft_new;
khm_size cb;
_report_cs0(KHERR_INFO, L"Trying K524...");
tgt = khm_krb4_find_tgt(NULL, ident);
_progress(1,3);
if (tgt) {
cb = sizeof(ft_prev);
if (KHM_FAILED(kcdb_cred_get_attr(tgt,
KCDB_ATTR_EXPIRE,
NULL,
&ft_prev,
&cb)))
ZeroMemory(&ft_prev, sizeof(ft_prev));
kcdb_cred_release(tgt);
}
code = khm_convert524(ident);
_progress(2,3);
_reportf(L"khm_convert524 returns code %d", code);
if (code == 0) {
khui_cw_set_response(nc, credtype_id_krb4,
KHUI_NC_RESPONSE_SUCCESS |
KHUI_NC_RESPONSE_EXIT);
if (subtype == KMSG_CRED_NEW_CREDS) {
assert(d != NULL);
k4_write_identity_data(d);
} else if (subtype == KMSG_CRED_RENEW_CREDS &&
(pctx->scope == KHUI_SCOPE_CREDTYPE ||
pctx->scope == KHUI_SCOPE_CRED)) {
khm_krb4_list_tickets();
tgt = khm_krb4_find_tgt(NULL, ident);
if (tgt) {
cb = sizeof(ft_new);
ZeroMemory(&ft_new, sizeof(ft_new));
kcdb_cred_get_attr(tgt, KCDB_ATTR_EXPIRE,
NULL, &ft_new, &cb);
kcdb_cred_release(tgt);
}
if (!tgt ||
CompareFileTime(&ft_new, &ft_prev) <= 0) {
/* The new TGT wasn't much of an
improvement over what we already
had. We should go out and try to
renew the identity now. */
khui_action_context ctx;
_reportf(L"Renewal of Krb4 creds failed to get a longer TGT. Triggering identity renewal");
khui_context_create(&ctx,
KHUI_SCOPE_IDENT,
pctx->identity,
KCDB_CREDTYPE_INVALID,
NULL);
khui_action_trigger(KHUI_ACTION_RENEW_CRED,
&ctx);
khui_context_release(&ctx);
}
}
_progress(1,1);
_end_task();
if (ident)
kcdb_identity_release(ident);
break;
} else if (method == K4_METHOD_K524) {
khui_cw_set_response(nc, credtype_id_krb4,
KHUI_NC_RESPONSE_FAILED |
KHUI_NC_RESPONSE_EXIT);
if (subtype == KMSG_CRED_RENEW_CREDS &&
(pctx->scope == KHUI_SCOPE_CREDTYPE ||
pctx->scope == KHUI_SCOPE_CRED)) {
/* We were trying to get a new Krb4 TGT
for this identity. Sometimes this
fails because of restrictions placed on
K524d regarding the lifetime of the
issued K4 TGT. In this case, we
trigger a renewal of the identity in
the hope that the new K5 TGT will allow
us to successfully get a new K4 TGT
next time over using the new K5 TGT. */
khui_action_context ctx;
_reportf(L"Renewal of Krb4 creds failed using k524. Triggerring identity renewal.");
khui_context_create(&ctx,
KHUI_SCOPE_IDENT,
pctx->identity,
KCDB_CREDTYPE_INVALID,
NULL);
khui_action_trigger(KHUI_ACTION_RENEW_CRED,
&ctx);
khui_context_release(&ctx);
}
_progress(1,1);
_end_task();
if (ident)
kcdb_identity_release(ident);
break;
}
}
/* only supported for new credentials */
if (method == K4_METHOD_AUTO ||
method == K4_METHOD_PASSWORD) {
khm_size n_prompts = 0;
khm_size idx;
khm_size cb;
wchar_t wpwd[KHUI_MAXCCH_PROMPT_VALUE];
char pwd[KHUI_MAXCCH_PROMPT_VALUE];
wchar_t widname[KCDB_IDENT_MAXCCH_NAME];
char idname[KCDB_IDENT_MAXCCH_NAME];
char * aname = NULL;
char * inst = NULL;
char * realm = NULL;
assert(subtype == KMSG_CRED_NEW_CREDS);
_report_cs0(KHERR_INFO, L"Trying password ...");
code = TRUE; /* just has to be non-zero */
khui_cw_get_prompt_count(nc, &n_prompts);
if (n_prompts == 0)
goto _skip_pwd;
for (idx = 0; idx < n_prompts; idx++) {
khui_new_creds_prompt * p;
if (KHM_FAILED(khui_cw_get_prompt(nc, idx, &p)))
continue;
if (p->type == KHUI_NCPROMPT_TYPE_PASSWORD)
break;
}
if (idx >= n_prompts) {
_reportf(L"Password prompt not found");
goto _skip_pwd;
}
khui_cw_sync_prompt_values(nc);
cb = sizeof(wpwd);
if (KHM_FAILED(khui_cw_get_prompt_value(nc, idx,
wpwd,
&cb))) {
_reportf(L"Failed to obtain password value");
goto _skip_pwd;
}
UnicodeStrToAnsi(pwd, sizeof(pwd), wpwd);
cb = sizeof(widname);
kcdb_identity_get_name(ident,
widname,
&cb);
UnicodeStrToAnsi(idname, sizeof(idname), widname);
{
char * atsign;
atsign = strchr(idname, '@');
if (atsign == NULL) {
_reportf(L"Identity name does not contain an '@'");
goto _skip_pwd;
}
*atsign++ = 0;
realm = atsign;
}
{
char * slash;
slash = strchr(idname, '/');
if (slash != NULL) {
*slash++ = 0;
inst = slash;
} else {
inst = "";
}
}
aname = idname;
code = khm_krb4_kinit(aname, inst, realm,
(long) d->lifetime, pwd);
_progress(2,3);
_reportf(L"khm_krb4_kinit returns code %d", code);
_skip_pwd:
if (code) {
khui_cw_set_response(nc, credtype_id_krb4,
KHUI_NC_RESPONSE_EXIT |
KHUI_NC_RESPONSE_FAILED);
} else {
khui_cw_set_response(nc, credtype_id_krb4,
KHUI_NC_RESPONSE_EXIT |
KHUI_NC_RESPONSE_SUCCESS);
if (subtype == KMSG_CRED_NEW_CREDS) {
assert(d != NULL);
k4_write_identity_data(d);
}
}
}
_progress(1,1);
_end_task();
}
if (ident)
kcdb_identity_release(ident);
}
break;
case KMSG_CRED_END:
{
khui_new_creds * nc;
khui_new_creds_by_type * nct = NULL;
nc = (khui_new_creds *) vparam;
if (KHM_FAILED(khui_cw_find_type(nc, credtype_id_krb4, &nct)))
break;
khui_cw_del_type(nc, credtype_id_krb4);
if (nct->name)
PFREE(nct->name);
if (nct->credtext)
PFREE(nct->credtext);
PFREE(nct);
}
break;
}
return KHM_ERROR_SUCCESS;
}
/* Dialog procedure for IDD_IDSEL
runs in UI thread */
static INT_PTR CALLBACK
idspec_dlg_proc(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
{
switch(uMsg) {
case WM_INITDIALOG:
{
struct idsel_dlg_data * d;
d = PMALLOC(sizeof(*d));
ZeroMemory(d, sizeof(*d));
d->magic = IDSEL_DLG_DATA_MAGIC;
d->identity = NULL;
#pragma warning(push)
#pragma warning(disable: 4244)
SetWindowLongPtr(hwnd, DWLP_USER, (LONG_PTR) d);
#pragma warning(pop)
/* TODO: Initialize controls etc. */
}
CheckRadioButton(hwnd, IDC_REGISTRY, IDC_FILE, IDC_REGISTRY);
EnableWindow(GetDlgItem(hwnd, IDC_PATH), FALSE);
EnableWindow(GetDlgItem(hwnd, IDC_BROWSE), FALSE);
SendDlgItemMessage(hwnd, IDC_NAME, EM_SETLIMITTEXT, KCDB_MAXCCH_NAME, 0);
SendDlgItemMessage(hwnd, IDC_DESCRIPTION, EM_SETLIMITTEXT, KCDB_MAXCCH_SHORT_DESC, 0);
SendDlgItemMessage(hwnd, IDC_PATH, EM_SETLIMITTEXT, MAX_PATH, 0);
{
wchar_t cuebanner[KCDB_MAXCCH_NAME];
LoadString(hResModule, IDS_CUE_NAME, cuebanner, ARRAYLENGTH(cuebanner));
SendDlgItemMessage(hwnd, IDC_NAME, EM_SETCUEBANNER, 0, (LPARAM)cuebanner);
LoadString(hResModule, IDS_CUE_DESC, cuebanner, ARRAYLENGTH(cuebanner));
SendDlgItemMessage(hwnd, IDC_DESCRIPTION, EM_SETCUEBANNER, 0, (LPARAM)cuebanner);
}
/* We return FALSE here because this is an embedded modeless
dialog and we don't want to steal focus from the
container. */
return FALSE;
case WM_DESTROY:
{
struct idsel_dlg_data * d;
d = (struct idsel_dlg_data *)(LONG_PTR)
GetWindowLongPtr(hwnd, DWLP_USER);
#ifdef DEBUG
assert(d != NULL);
assert(d->magic == IDSEL_DLG_DATA_MAGIC);
#endif
if (d && d->magic == IDSEL_DLG_DATA_MAGIC) {
if (d->identity) {
kcdb_identity_release(d->identity);
d->identity = NULL;
}
d->magic = 0;
PFREE(d);
}
#pragma warning(push)
#pragma warning(disable: 4244)
SetWindowLongPtr(hwnd, DWLP_USER, 0);
#pragma warning(pop)
}
return TRUE;
case WM_COMMAND:
{
switch (wParam) {
case MAKEWPARAM(IDC_REGISTRY, BN_CLICKED):
EnableWindow(GetDlgItem(hwnd, IDC_PATH), FALSE);
EnableWindow(GetDlgItem(hwnd, IDC_BROWSE), FALSE);
return TRUE;
case MAKEWPARAM(IDC_FILE, BN_CLICKED):
EnableWindow(GetDlgItem(hwnd, IDC_PATH), TRUE);
EnableWindow(GetDlgItem(hwnd, IDC_BROWSE), TRUE);
return TRUE;
case MAKEWPARAM(IDC_BROWSE, BN_CLICKED):
return on_browse(hwnd);
}
}
break;
case KHUI_WM_NC_NOTIFY:
{
struct idsel_dlg_data * d;
khm_handle * ph;
d = (struct idsel_dlg_data *)(LONG_PTR)
GetWindowLongPtr(hwnd, DWLP_USER);
switch (HIWORD(wParam)) {
case WMNC_IDSEL_GET_IDENT:
ph = (khm_handle *) lParam;
on_get_ident(hwnd, d, ph);
break;
}
}
return TRUE;
}
return FALSE;
}
void
khm_cred_addr_change(void) {
khm_handle csp_cw = NULL;
khm_int32 check_net = 0;
wchar_t * ids = NULL;
wchar_t * t;
khm_size cb;
khm_size n_idents;
FILETIME ft_now;
FILETIME ft_exp;
FILETIME ft_issue;
if (KHM_SUCCEEDED(khc_open_space(NULL, L"CredWindow",
0, &csp_cw))) {
khc_read_int32(csp_cw, L"AutoDetectNet", &check_net);
khc_close_space(csp_cw);
}
if (!check_net)
return;
while(TRUE) {
if (ids)
PFREE(ids);
ids = NULL;
if (kcdb_identity_enum(KCDB_IDENT_FLAG_VALID |
KCDB_IDENT_FLAG_RENEWABLE,
KCDB_IDENT_FLAG_VALID |
KCDB_IDENT_FLAG_RENEWABLE,
NULL,
&cb,
&n_idents) != KHM_ERROR_TOO_LONG)
break;
ids = PMALLOC(cb);
if (KHM_SUCCEEDED
(kcdb_identity_enum(KCDB_IDENT_FLAG_VALID |
KCDB_IDENT_FLAG_RENEWABLE,
KCDB_IDENT_FLAG_VALID |
KCDB_IDENT_FLAG_RENEWABLE,
ids,
&cb,
&n_idents)))
break;
}
if (!ids)
return;
GetSystemTimeAsFileTime(&ft_now);
for (t=ids; t && *t; t = multi_string_next(t)) {
khm_handle ident;
if (KHM_FAILED
(kcdb_identity_create(t, 0, &ident)))
continue;
cb = sizeof(ft_issue);
if (KHM_SUCCEEDED
(kcdb_identity_get_attr(ident, KCDB_ATTR_ISSUE, NULL,
&ft_issue, &cb)) &&
(cb = sizeof(ft_exp)) &&
KHM_SUCCEEDED
(kcdb_identity_get_attr(ident, KCDB_ATTR_EXPIRE, NULL,
&ft_exp, &cb)) &&
CompareFileTime(&ft_now, &ft_exp) < 0) {
khm_int64 i_issue;
khm_int64 i_exp;
khm_int64 i_now;
i_issue = FtToInt(&ft_issue);
i_exp = FtToInt(&ft_exp);
i_now = FtToInt(&ft_now);
if (i_now > (i_issue + i_exp) / 2) {
khm_cred_renew_identity(ident);
}
}
kcdb_identity_release(ident);
}
}
void
khm_cred_process_startup_actions(void) {
khm_handle defident = NULL;
if (!khm_startup.processing)
return;
if (khm_startup.init ||
khm_startup.renew ||
khm_startup.destroy ||
khm_startup.autoinit) {
kcdb_identity_get_default(&defident);
}
/* For asynchronous actions, we trigger the action and then exit
the loop. Once the action completes, the completion handler
will trigger a continuation message which will result in this
function getting called again. Then we can proceed with the
rest of the startup actions. */
do {
if (khm_startup.init) {
khm_cred_obtain_new_creds_for_ident(defident, NULL);
khm_startup.init = FALSE;
break;
}
if (khm_startup.import) {
khm_cred_import();
khm_startup.import = FALSE;
/* we also set the renew command to false here because we
trigger a renewal for all the identities at the end of
the import operation anyway. */
khm_startup.renew = FALSE;
break;
}
if (khm_startup.renew) {
LONG pending_renewals;
/* if there are no credentials, we just skip over the
renew action. */
khm_startup.renew = FALSE;
InterlockedIncrement(&khm_startup.pending_renewals);
khm_cred_renew_all_identities();
pending_renewals = InterlockedDecrement(&khm_startup.pending_renewals);
if (pending_renewals != 0)
break;
/* if there were no pending renewals, then we just fall
through. This means that either there were no
identities to renew, or all the renewals completed. If
all the renewals completed, then the commandline
contiuation message wasn't triggered. Either way, we
must fall through if the count is zero. */
}
if (khm_startup.destroy) {
khm_startup.destroy = FALSE;
if (defident) {
khm_cred_destroy_identity(defident);
break;
}
}
if (khm_startup.autoinit) {
khm_size count = 0;
khm_handle credset = NULL;
khm_int32 ctype_ident = KCDB_CREDTYPE_INVALID;
khm_int32 delta = 0;
khm_startup.autoinit = FALSE;
kcdb_credset_create(&credset);
kcdb_identity_get_type(&ctype_ident);
kcdb_credset_collect(credset, NULL,
defident, ctype_ident,
&delta);
kcdb_credset_get_size(credset, &count);
kcdb_credset_delete(credset);
if (count == 0) {
if (defident)
khui_context_set(KHUI_SCOPE_IDENT,
defident,
KCDB_CREDTYPE_INVALID,
NULL, NULL, 0,
NULL);
else
khui_context_reset();
khm_cred_obtain_new_creds(NULL);
break;
}
}
if (khm_startup.exit) {
PostMessage(khm_hwnd_main,
WM_COMMAND,
MAKEWPARAM(KHUI_ACTION_EXIT, 0), 0);
khm_startup.exit = FALSE;
break;
}
if (khm_startup.display & SOPTS_DISPLAY_HIDE) {
khm_hide_main_window();
} else if (khm_startup.display & SOPTS_DISPLAY_SHOW) {
khm_show_main_window();
}
khm_startup.display = 0;
/* when we get here, then we are all done with the command
line stuff */
khm_startup.processing = FALSE;
khm_startup.remote = FALSE;
kmq_post_message(KMSG_ACT, KMSG_ACT_END_CMDLINE, 0, 0);
} while(FALSE);
if (defident)
kcdb_identity_release(defident);
}
INT_PTR CALLBACK
k5_id_tab_dlgproc(HWND hwnd,
UINT uMsg,
WPARAM wParam,
LPARAM lParam) {
k5_id_dlg_data * d;
switch(uMsg) {
case WM_INITDIALOG:
d = PMALLOC(sizeof(*d));
#ifdef DEBUG
assert(d);
#endif
ZeroMemory(d, sizeof(*d));
d->cfg = *((khui_config_init_data *) lParam);
#pragma warning(push)
#pragma warning(disable: 4244)
SetWindowLongPtr(hwnd, DWLP_USER, (LONG_PTR) d);
#pragma warning(pop)
k5_id_read_params(d);
khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_DEFLIFE),
&d->tc_life);
khui_tracker_install(GetDlgItem(hwnd, IDC_CFG_DEFRLIFE),
&d->tc_renew);
khui_tracker_refresh(&d->tc_life);
khui_tracker_refresh(&d->tc_renew);
SetDlgItemText(hwnd, IDC_CFG_CCACHE, d->ccache);
#ifdef EM_SETCUEBANNER
{
wchar_t defcc[KRB5_MAXCCH_CCNAME];
khm_size cb;
cb = sizeof(defcc);
if (KHM_SUCCEEDED(khm_krb5_get_identity_default_ccache_failover(d->ident,
defcc,
&cb))) {
SendDlgItemMessage(hwnd, IDC_CFG_CCACHE, EM_SETCUEBANNER,
TRUE, (LPARAM) defcc);
}
}
#endif
CheckDlgButton(hwnd, IDC_CFG_RENEW,
(d->renewable? BST_CHECKED: BST_UNCHECKED));
CheckDlgButton(hwnd, IDC_CFG_FORWARD,
(d->forwardable? BST_CHECKED: BST_UNCHECKED));
CheckDlgButton(hwnd, IDC_CFG_PROXY,
(d->proxiable? BST_CHECKED: BST_UNCHECKED));
CheckDlgButton(hwnd, IDC_CFG_ADDRESSLESS,
(d->addressless? BST_CHECKED: BST_UNCHECKED));
SendDlgItemMessage(hwnd, IDC_CFG_PUBLICIP,
IPM_SETADDRESS,
0, (LPARAM) d->public_ip);
break;
case WM_COMMAND:
d = (k5_id_dlg_data *) (LONG_PTR)
GetWindowLongPtr(hwnd, DWLP_USER);
if (d == NULL)
break;
if (wParam == MAKEWPARAM(IDC_BROWSE, BN_CLICKED)) {
k5_browse_for_ccache(hwnd, d);
return TRUE;
}
if (HIWORD(wParam) == EN_CHANGE ||
HIWORD(wParam) == BN_CLICKED)
k5_id_check_mod(hwnd, d);
break;
case KHUI_WM_CFG_NOTIFY:
d = (k5_id_dlg_data *) (LONG_PTR)
GetWindowLongPtr(hwnd, DWLP_USER);
if (d == NULL)
break;
if (HIWORD(wParam) == WMCFG_APPLY) {
k5_id_write_params(hwnd, d);
}
break;
case WM_DESTROY:
d = (k5_id_dlg_data *) (LONG_PTR)
GetWindowLongPtr(hwnd, DWLP_USER);
if (d == NULL)
break;
khui_tracker_kill_controls(&d->tc_life);
khui_tracker_kill_controls(&d->tc_renew);
if (d->ident)
kcdb_identity_release(d->ident);
PFREE(d);
SetWindowLongPtr(hwnd, DWLP_USER, 0);
break;
}
return FALSE;
}
static void
refresh_identity_config_panels(void) {
khm_handle ident = NULL;
kcdb_enumeration e = NULL;
khui_config_node cfg_iter = NULL;
khui_config_node cfg_ids = NULL;
if (KHM_FAILED(khui_cfg_open(NULL, L"KhmIdentities", &cfg_ids)))
goto _cleanup;
if (KHM_FAILED(kcdb_identity_begin_enum(KCDB_IDENT_FLAG_CONFIG,
KCDB_IDENT_FLAG_CONFIG,
&e, NULL)))
goto _done_adding;
while (KHM_SUCCEEDED(kcdb_enum_next(e, &ident))) {
khui_config_node cfg_id;
wchar_t cfgname[KCDB_MAXCCH_NAME];
khm_size cb;
cb = sizeof(cfgname);
if (KHM_FAILED(kcdb_identity_get_short_name(ident, FALSE, cfgname, &cb)))
continue;
if (KHM_SUCCEEDED(khui_cfg_open(cfg_ids, cfgname, &cfg_id))) {
/* it's already there */
khui_cfg_release(cfg_id);
continue;
} else {
khui_config_node_reg reg;
wchar_t wshort[KHUI_MAXCCH_SHORT_DESC];
wchar_t wlong[KHUI_MAXCCH_LONG_DESC];
wchar_t wfmt[KHUI_MAXCCH_NAME];
wchar_t widname[KHUI_MAXCCH_SHORT_DESC];
khm_size cb;
ZeroMemory(®, sizeof(reg));
reg.name = cfgname;
reg.short_desc = wshort;
reg.long_desc = wlong;
reg.h_module = khm_hInstance;
reg.dlg_template = MAKEINTRESOURCE(IDD_CFG_IDENTITY);
reg.dlg_proc = khm_cfg_identity_proc;
reg.flags = 0;
cb = sizeof(widname);
kcdb_get_resource(ident, KCDB_RES_DISPLAYNAME, KCDB_RFS_SHORT,
NULL, NULL, widname, &cb);
LoadString(khm_hInstance, IDS_CFG_IDENTITY_SHORT,
wfmt, ARRAYLENGTH(wfmt));
StringCbPrintf(wshort, sizeof(wshort), wfmt, widname);
LoadString(khm_hInstance, IDS_CFG_IDENTITY_LONG,
wfmt, ARRAYLENGTH(wfmt));
StringCbPrintf(wlong, sizeof(wlong), wfmt, widname);
khui_cfg_register(cfg_ids, ®);
if (KHM_SUCCEEDED(khui_cfg_open(cfg_ids, cfgname, &cfg_id))) {
khui_cfg_set_data(cfg_id, ident);
kcdb_identity_hold(ident);
khui_cfg_release(cfg_id);
}
}
} /* while enumerating through e */
kcdb_enum_end(e);
_done_adding:
for (khui_cfg_get_first_child(cfg_ids, &cfg_iter);
cfg_iter;
khui_cfg_get_next_release(&cfg_iter)) {
khm_int32 flags = 0;
ident = khui_cfg_get_data(cfg_iter);
if (ident == NULL ||
KHM_FAILED(kcdb_identity_get_flags(ident, &flags)) ||
(flags & (KCDB_IDENT_FLAG_ACTIVE|
KCDB_IDENT_FLAG_CONFIG)) != (KCDB_IDENT_FLAG_ACTIVE |
KCDB_IDENT_FLAG_CONFIG)) {
/* this configuration node needs to be removed */
if (ident) /* undo the hold done above for for
configuration node data */
kcdb_identity_release(ident);
khui_cfg_set_data(cfg_iter, NULL);
khui_cfg_remove(cfg_iter);
}
}
_cleanup:
if (cfg_ids) {
khui_cfg_release(cfg_ids);
}
}
void khm_cred_renew_all_identities(void)
{
khm_size count;
khm_size cb = 0;
khm_size n_idents = 0;
khm_int32 rv;
wchar_t * ident_names = NULL;
wchar_t * this_ident;
kcdb_credset_get_size(NULL, &count);
/* if there are no credentials, we just skip over the renew
action. */
if (count == 0)
return;
ident_names = NULL;
while (TRUE) {
if (ident_names) {
PFREE(ident_names);
ident_names = NULL;
}
cb = 0;
rv = kcdb_identity_enum(KCDB_IDENT_FLAG_EMPTY, 0,
NULL,
&cb, &n_idents);
if (n_idents == 0 || rv != KHM_ERROR_TOO_LONG ||
cb == 0)
break;
ident_names = PMALLOC(cb);
ident_names[0] = L'\0';
rv = kcdb_identity_enum(KCDB_IDENT_FLAG_EMPTY, 0,
ident_names,
&cb, &n_idents);
if (KHM_SUCCEEDED(rv))
break;
}
if (ident_names) {
for (this_ident = ident_names;
this_ident && *this_ident;
this_ident = multi_string_next(this_ident)) {
khm_handle ident;
if (KHM_FAILED(kcdb_identity_create(this_ident, 0,
&ident)))
continue;
khm_cred_renew_identity(ident);
kcdb_identity_release(ident);
}
PFREE(ident_names);
ident_names = NULL;
}
}
KHMEXP khm_int32 KHMAPI
kcdb_cred_comp_generic(khm_handle cred1,
khm_handle cred2,
void * rock)
{
kcdb_cred_comp_order * o = (kcdb_cred_comp_order *) rock;
int i;
khm_int32 r = 0;
khm_int32 f1, f2;
khm_int32 t1, t2;
khm_int32 pt = KCDB_CREDTYPE_INVALID;
for(i=0; i<o->nFields; i++) {
if (o->fields[i].order & KCDB_CRED_COMP_INITIAL_FIRST) {
if (o->fields[i].attrib == KCDB_ATTR_TYPE_NAME ||
o->fields[i].attrib == KCDB_ATTR_TYPE) {
khm_handle id1 = NULL;
khm_handle id2 = NULL;
khm_handle idpro = NULL;
kcdb_cred_get_type(cred1, &t1);
kcdb_cred_get_type(cred2, &t2);
if (t1 == t2) {
continue;
} else {
kcdb_cred_get_identity(cred1, &id1);
kcdb_cred_get_identity(cred2, &id2);
if (kcdb_identity_is_equal(id1, id2)) {
kcdb_identity_get_identpro(id1, &idpro);
kcdb_identpro_get_type(idpro, &pt);
if (t1 == pt)
r = -1;
else if (t2 == pt)
r = 1;
kcdb_identpro_release(idpro);
}
kcdb_identity_release(id1);
kcdb_identity_release(id2);
}
} else {
kcdb_cred_get_flags(cred1, &f1);
kcdb_cred_get_flags(cred2, &f2);
if (((f1 ^ f2) & KCDB_CRED_FLAG_INITIAL) == 0)
r = 0;
else if (f1 & KCDB_CRED_FLAG_INITIAL)
r = -1;
else
r = 1;
}
} else {
r = 0;
}
if (r == 0 &&
(o->fields[i].attrib == KCDB_ATTR_ID_DISPLAY_NAME ||
o->fields[i].attrib == KCDB_ATTR_ID)) {
khm_handle id1 = NULL;
khm_handle id2 = NULL;
wchar_t idname1[KCDB_IDENT_MAXCCH_NAME] = L"";
wchar_t idname2[KCDB_IDENT_MAXCCH_NAME] = L"";
khm_size cb;
kcdb_cred_get_identity(cred1, &id1);
kcdb_cred_get_identity(cred2, &id2);
r = (((cb = sizeof(idname1)) &&
KHM_SUCCEEDED(kcdb_get_resource(id1, KCDB_RES_DISPLAYNAME,
0, NULL, NULL, idname1, &cb)) &&
(cb = sizeof(idname2)) &&
KHM_SUCCEEDED(kcdb_get_resource(id2, KCDB_RES_DISPLAYNAME,
0, NULL, NULL, idname2, &cb)))?
_wcsicmp(idname1, idname2) : 0);
kcdb_identity_release(id1);
kcdb_identity_release(id2);
}
if (r == 0)
r = kcdb_creds_comp_attr(cred1,cred2,o->fields[i].attrib);
if(r != 0) {
if(o->fields[i].order & KCDB_CRED_COMP_DECREASING)
r = -r;
break;
}
}
return r;
}
/*! \internal
Collect credentials from cs_src to cs_dest which have already been
selected into cl_dest and cl_src.
- Credentials in cl_src that are not in cl_dest will get added to
cs_dest
- Credentials in cl_dest that are not in cl_src will get removed
from cs_dest
- Credentials in cl_dest and cl_src will be updated in cs_dest
cl_dest and cl_src will be modified.
*/
khm_int32
kcdb_credset_collect_core(kcdb_credset * cs_dest,
kcdb_cred ** cl_dest,
khm_int32 ncl_dest,
kcdb_credset * cs_src,
kcdb_cred ** cl_src,
khm_int32 ncl_src,
khm_int32 * delta)
{
int i, j;
int ldelta = 0;
khm_int32 rv;
khm_boolean dest_is_root;
khm_handle last_identity = NULL;
dest_is_root = (cs_dest == kcdb_root_credset);
/* find matching credentials and update them */
for (i=0; i < ncl_dest; i++) {
if (cl_dest[i]) {
for (j=0; j < ncl_src; j++) {
if (cl_src[j] &&
kcdb_creds_is_equal((khm_handle) cl_dest[i], (khm_handle) cl_src[j])) {
/* depending on whether any changes were made,
update ldelta with the proper bit flag */
rv = kcdb_cred_update(cl_dest[i], cl_src[j]);
if (rv == KHM_ERROR_SUCCESS) {
kcdb_credset_update_cred_ref((khm_handle) cs_dest,
(khm_handle) cl_dest[i]);
ldelta |= KCDB_DELTA_MODIFY;
if (dest_is_root)
check_and_set_refresh_bit_for_identity(cl_dest[i],
&last_identity);
}
cl_src[j] = NULL;
cl_dest[i] = NULL;
break;
}
}
}
}
/* all the creds that are left in cl_dest need to be removed */
for (i=0; i < ncl_dest; i++) {
if (cl_dest[i]) {
if (dest_is_root)
check_and_set_refresh_bit_for_identity(cl_dest[i],
&last_identity);
kcdb_credset_del_cred_ref((khm_handle) cs_dest, (khm_handle) cl_dest[i]);
ldelta |= KCDB_DELTA_DEL;
cl_dest[i] = NULL;
}
}
/* all the creds in cl_src need to be added to cs_dest */
for (j=0; j < ncl_src; j++) {
if (cl_src[j]) {
/* duplicate the credential and add it if we are adding it
to or from the root credential store. */
if (cs_dest == kcdb_root_credset ||
cs_src == kcdb_root_credset) {
khm_handle h;
if (KHM_SUCCEEDED(kcdb_cred_dup((khm_handle) cl_src[j], &h))) {
kcdb_credset_add_cred((khm_handle) cs_dest, h, -1);
kcdb_cred_release(h);
}
} else {
kcdb_credset_add_cred((khm_handle) cs_dest, cl_src[j], -1);
}
if (dest_is_root)
check_and_set_refresh_bit_for_identity(cl_src[j],
&last_identity);
cl_src[j] = NULL;
ldelta |= KCDB_DELTA_ADD;
}
}
if (last_identity) {
kcdb_identity_release(last_identity);
last_identity = NULL;
}
if (delta)
*delta = ldelta;
if (dest_is_root && ldelta) {
/* something changed in the root credential set */
kmq_post_message(KMSG_CRED,KMSG_CRED_ROOTDELTA,ldelta,NULL);
}
return KHM_ERROR_SUCCESS;
}
/* dialog box procedure for the "Add new identity" dialog */
INT_PTR CALLBACK
khm_cfg_add_ident_proc(HWND hwnd,
UINT umsg,
WPARAM wParam,
LPARAM lParam) {
add_ident_data * d;
switch(umsg) {
case WM_INITDIALOG:
/* we create a new credentials blob and pull in the identity
selectors from the identity provider. */
d = PMALLOC(sizeof(*d));
ZeroMemory(d, sizeof(*d));
khui_cw_create_cred_blob(&d->nc);
#ifdef DEBUG
assert(d->nc != NULL);
#endif
if (d->nc == NULL) {
PFREE(d);
break;
}
if (KHM_FAILED(kcdb_identpro_get_ui_cb(&d->nc->ident_cb))) {
/* this should have worked. The only reason it would fail
is if there is no identity provider or if the identity
provider does not support providing idnetity
selectors. */
khui_cw_destroy_cred_blob(d->nc);
PFREE(d);
break;
}
#pragma warning(push)
#pragma warning(disable: 4244)
SetWindowLongPtr(hwnd, DWLP_USER, (LONG_PTR) d);
#pragma warning(pop)
/* get metrics for dynamic controls */
get_ctrl_row_metrics(&d->dim_small,
GetDlgItem(hwnd, IDC_SM_LBL),
GetDlgItem(hwnd, IDC_SM_CTL));
get_ctrl_row_metrics(&d->dim_medium,
GetDlgItem(hwnd, IDC_MED_LBL),
GetDlgItem(hwnd, IDC_MED_CTL));
get_ctrl_row_metrics(&d->dim_large,
GetDlgItem(hwnd, IDC_LG_LBL),
GetDlgItem(hwnd, IDC_LG_CTL));
{
RECT rlbl;
RECT rctl;
RECT rwnd;
GetWindowRect(GetDlgItem(hwnd, IDC_SM_LBL),
&rlbl);
GetWindowRect(GetDlgItem(hwnd, IDC_SM_CTL),
&rctl);
GetWindowRect(hwnd, &rwnd);
OffsetRect(&rlbl, -rwnd.left, -rwnd.top);
OffsetRect(&rctl, -rwnd.left, -rwnd.top);
d->current_x = rlbl.left;
d->current_y = rctl.top - GetSystemMetrics(SM_CYCAPTION);
GetWindowRect(GetDlgItem(hwnd, IDC_MED_CTL),
&rlbl);
OffsetRect(&rlbl, -rwnd.left, -rwnd.top);
d->row_gap = rlbl.top - rctl.bottom;
}
d->nc->hwnd = hwnd;
/* now call the UI callback and make it create the
controls. */
d->nc->ident_cb(d->nc, WMNC_IDENT_INIT, NULL, 0, 0,
(LPARAM) hwnd);
break;
case WM_DESTROY:
d = (add_ident_data *)(LONG_PTR)
GetWindowLongPtr(hwnd, DWLP_USER);
if (d == NULL)
break;
d->nc->ident_cb(d->nc, WMNC_IDENT_EXIT, NULL, 0, 0, 0);
khui_cw_destroy_cred_blob(d->nc);
PFREE(d);
break;
case KHUI_WM_NC_NOTIFY:
d = (add_ident_data *)(LONG_PTR)
GetWindowLongPtr(hwnd, DWLP_USER);
switch(HIWORD(wParam)) {
case WMNC_ADD_CONTROL_ROW:
{
khui_control_row * row;
RECT r_lbl, r_inp, r_enc;
struct ctrl_row_dimensions * dim;
HFONT hf;
row = (khui_control_row *) lParam;
#ifdef DEBUG
assert(row->label);
assert(row->input);
assert(d);
#endif
if (row->size == KHUI_CTRLSIZE_SMALL) {
dim = &d->dim_small;
} else if (row->size == KHUI_CTRLSIZE_HALF) {
dim = &d->dim_medium;
} else {
dim = &d->dim_large;
#ifdef DEBUG
assert(row->size == KHUI_CTRLSIZE_FULL);
#endif
}
CopyRect(&r_enc, &dim->enclosure);
CopyRect(&r_lbl, &dim->label);
CopyRect(&r_inp, &dim->control);
OffsetRect(&r_enc, d->current_x, d->current_y);
OffsetRect(&r_lbl, r_enc.left, r_enc.top);
OffsetRect(&r_inp, r_enc.left, r_enc.top);
d->current_y += r_enc.bottom - r_enc.top;
hf = (HFONT) SendDlgItemMessage(hwnd, IDOK, WM_GETFONT, 0, 0);
if (row->label) {
SetWindowPos(row->label,
((d->hwnd_last_ctrl != NULL)?
d->hwnd_last_ctrl :
HWND_TOP),
r_lbl.left, r_lbl.top,
r_lbl.right - r_lbl.left,
r_lbl.bottom - r_lbl.top,
SWP_DEFERERASE | SWP_NOACTIVATE |
SWP_NOOWNERZORDER);
if (hf)
SendMessage(row->label, WM_SETFONT,
(WPARAM) hf,
TRUE);
d->hwnd_last_ctrl = row->label;
}
if (row->input) {
SetWindowPos(row->input,
((d->hwnd_last_ctrl != NULL)?
d->hwnd_last_ctrl :
HWND_TOP),
r_inp.left, r_inp.top,
r_inp.right - r_inp.left,
r_inp.bottom - r_inp.top,
SWP_DEFERERASE | SWP_NOACTIVATE |
SWP_NOOWNERZORDER);
if (hf)
SendMessage(row->input, WM_SETFONT,
(WPARAM) hf,
TRUE);
d->hwnd_last_ctrl = row->input;
}
}
break;
case WMNC_IDENTITY_CHANGE:
break;
}
return TRUE;
case WM_COMMAND:
if (LOWORD(wParam) == IDOK) {
wchar_t idname[KCDB_IDENT_MAXCCH_NAME];
wchar_t err_msg[1024];
khm_handle ident = NULL;
khm_handle csp_ident = NULL;
khm_size cb;
khm_int32 rv = KHM_ERROR_SUCCESS;
d = (add_ident_data *)(LONG_PTR)
GetWindowLongPtr(hwnd, DWLP_USER);
if (!d || !d->nc)
break;
/* check if there was an identity selected */
if (d->nc->n_identities == 0 ||
d->nc->identities[0] == NULL) {
StringCbCopy(idname, sizeof(idname), L"");
LoadString(khm_hInstance, IDS_CFG_IDNAME_NON,
err_msg, ARRAYLENGTH(err_msg));
goto show_failure;
}
ident = d->nc->identities[0];
kcdb_identity_hold(ident);
cb = sizeof(idname);
kcdb_identity_get_name(ident, idname, &cb);
/* now we have to create the identity configuration. */
if (KHM_FAILED(rv = kcdb_identity_get_config(ident,
KHM_FLAG_CREATE,
&csp_ident))) {
wchar_t fmt[256];
LoadString(khm_hInstance, IDS_CFG_IDNAME_CCC,
fmt, ARRAYLENGTH(fmt));
StringCbPrintf(err_msg, sizeof(err_msg), fmt, rv);
kcdb_identity_release(ident);
goto show_failure;
}
/* create a value so that the configuration space will
actually be created in the registry. We don't want
this new identity to be sticky. */
khc_write_int32(csp_ident, L"Sticky", 0);
khm_refresh_config();
kcdb_identity_release(ident);
khc_close_space(csp_ident);
EndDialog(hwnd, 0);
break;
show_failure:
{
wchar_t title[512];
wchar_t fmt[256];
if (!err_msg[0])
break;
LoadString(khm_hInstance, IDS_CFG_IDNAME_PRB,
fmt, ARRAYLENGTH(fmt));
StringCbPrintf(title, sizeof(title), fmt, idname);
MessageBox(hwnd, err_msg, title, MB_OK | MB_ICONSTOP);
/* don't end the dialog yet */
break;
}
break;
} else if (LOWORD(wParam) == IDCANCEL) {
EndDialog(hwnd, 1);
} else {
d = (add_ident_data *)(LONG_PTR)
GetWindowLongPtr(hwnd, DWLP_USER);
if (d && d->nc && d->nc->ident_cb) {
return d->nc->ident_cb(d->nc, WMNC_IDENT_WMSG,
hwnd, umsg, wParam, lParam);
}
}
break;
}
return FALSE;
}
KHMEXP khm_int32 KHMAPI
kcdb_identpro_set_default_identity(khm_handle videntity, khm_boolean ask_idpro)
{
khm_handle sub = NULL;
khm_int32 rv = KHM_ERROR_SUCCESS;
kcdb_identpro_i * p;
if(!kcdb_is_identity(videntity))
return KHM_ERROR_INVALID_PARAM;
p = identpro_get_provider_for_identity(videntity);
EnterCriticalSection(&cs_identpro);
if (!kcdb_is_active_identpro(p)) {
rv = KHM_ERROR_INVALID_PARAM;
} else {
if (kcdb_identity_is_equal(videntity, p->default_id))
rv = KHM_ERROR_DUPLICATE;
}
LeaveCriticalSection(&cs_identpro);
if (KHM_FAILED(rv)) {
return (rv == KHM_ERROR_DUPLICATE)? KHM_ERROR_SUCCESS : rv;
}
if (ask_idpro) {
sub = identpro_get_sub_for_identity(videntity);
if(sub != NULL) {
rv = kmq_send_sub_msg(sub, KMSG_IDENT, KMSG_IDENT_SET_DEFAULT,
TRUE, (void *) videntity);
} else {
#ifdef DEBUG
assert(FALSE);
#endif
rv = KHM_ERROR_NO_PROVIDER;
}
}
if (KHM_SUCCEEDED(rv)) {
khm_handle h_old_id = NULL;
int new_default = FALSE;
kcdb_identity * id;
EnterCriticalSection(&cs_identpro);
if (!kcdb_identity_is_equal(videntity, p->default_id)) {
h_old_id = p->default_id;
p->default_id = videntity;
new_default = TRUE;
}
LeaveCriticalSection(&cs_identpro);
EnterCriticalSection(&cs_ident);
if (new_default)
kcdb_identity_hold(videntity);
id = (kcdb_identity *) videntity;
id->flags |= KCDB_IDENT_FLAG_DEFAULT;
if (h_old_id) {
id = (kcdb_identity *) h_old_id;
id->flags &= ~KCDB_IDENT_FLAG_DEFAULT;
kcdb_identity_release(h_old_id);
}
LeaveCriticalSection(&cs_ident);
if (new_default) {
kcdb_identity_hold(videntity);
kcdbint_ident_post_message(KCDB_OP_NEW_DEFAULT, (kcdb_identity *) videntity);
}
}
return rv;
}
