void khm_cred_renew_cred(khm_handle cred)
{
khui_new_creds * c;
khui_cw_create_cred_blob(&c);
c->subtype = KMSG_CRED_RENEW_CREDS;
c->result = KHUI_NC_RESULT_PROCESS;
khui_context_create(&c->ctx,
KHUI_SCOPE_CRED,
NULL,
KCDB_CREDTYPE_INVALID,
cred);
_begin_task(KHERR_CF_TRANSITIVE);
_report_sr0(KHERR_NONE, IDS_CTX_RENEW_CREDS);
_describe();
/* if we are calling this while processing startup actions, we
need to keep track of how many we have issued. */
if (khm_startup.processing) {
InterlockedIncrement(&khm_startup.pending_renewals);
}
kmq_post_message(KMSG_CRED, KMSG_CRED_RENEW_CREDS, 0, (void *) c);
_end_task();
}
void khm_cred_destroy_identity(khm_handle identity)
{
khui_action_context * pctx;
wchar_t idname[KCDB_IDENT_MAXCCH_NAME];
khm_size cb;
if (identity == NULL)
return;
pctx = PMALLOC(sizeof(*pctx));
#ifdef DEBUG
assert(pctx);
#endif
khui_context_create(pctx,
KHUI_SCOPE_IDENT,
identity,
KCDB_CREDTYPE_INVALID,
NULL);
cb = sizeof(idname);
kcdb_identity_get_name(identity, idname, &cb);
_begin_task(KHERR_CF_TRANSITIVE);
_report_sr1(KHERR_NONE, IDS_CTX_DESTROY_ID, _dupstr(idname));
_describe();
kmq_post_message(KMSG_CRED,
KMSG_CRED_DESTROY_CREDS,
0,
(void *) pctx);
_end_task();
}
void khm_cred_import(void)
{
_begin_task(KHERR_CF_TRANSITIVE);
_report_sr0(KHERR_NONE, IDS_CTX_IMPORT);
_describe();
kmq_post_message(KMSG_CRED, KMSG_CRED_IMPORT, 0, 0);
_end_task();
}
void khm_cred_destroy_creds(khm_boolean sync, khm_boolean quiet)
{
khui_action_context * pctx;
pctx = PMALLOC(sizeof(*pctx));
#ifdef DEBUG
assert(pctx);
#endif
khui_context_get(pctx);
if(pctx->scope == KHUI_SCOPE_NONE && !quiet) {
/* this really shouldn't be necessary once we start enabling
and disbling actions based on context */
wchar_t title[256];
wchar_t message[256];
LoadString(khm_hInstance,
IDS_ALERT_NOSEL_TITLE,
title,
ARRAYLENGTH(title));
LoadString(khm_hInstance,
IDS_ALERT_NOSEL,
message,
ARRAYLENGTH(message));
khui_alert_show_simple(title,
message,
KHERR_WARNING);
khui_context_release(pctx);
PFREE(pctx);
return;
}
_begin_task(KHERR_CF_TRANSITIVE);
_report_sr0(KHERR_NONE, IDS_CTX_DESTROY_CREDS);
_describe();
if (sync)
kmq_send_message(KMSG_CRED,
KMSG_CRED_DESTROY_CREDS,
0,
(void *) pctx);
else
kmq_post_message(KMSG_CRED,
KMSG_CRED_DESTROY_CREDS,
0,
(void *) pctx);
_end_task();
}
/* process KMSG_CRED messages */
khm_int32 KHMAPI
afs_msg_cred(khm_int32 msg_subtype,
khm_ui_4 uparam,
void * vparam)
{
khm_int32 rv = KHM_ERROR_SUCCESS;
switch(msg_subtype) {
case KMSG_CRED_REFRESH:
afs_list_tokens();
break;
case KMSG_CRED_DESTROY_CREDS:
{
khui_action_context * ctx;
ctx = (khui_action_context *) vparam;
if (ctx->credset) {
_begin_task(0);
_report_cs0(KHERR_INFO, L"Destroying AFS Tokens");
_describe();
kcdb_credset_apply(ctx->credset,
afs_cred_destroy_proc,
NULL);
_end_task();
}
}
break;
default:
if (IS_CRED_ACQ_MSG(msg_subtype))
return afs_msg_newcred(msg_subtype, uparam, vparam);
}
return rv;
}
KHMEXP khm_int32 KHMAPI
kmm_load_default_modules(void) {
khm_handle csm = NULL;
khm_handle cs_mod = NULL;
khm_int32 rv;
wchar_t buf[KMM_MAXCCH_NAME];
khm_size s;
rv = kmm_get_modules_config(0, &csm);
if(KHM_FAILED(rv))
return rv;
_begin_task(KHERR_CF_TRANSITIVE);
_report_mr0(KHERR_NONE, MSG_LOAD_DEFAULT);
_describe();
kmmint_add_to_module_queue();
while(KHM_SUCCEEDED(khc_enum_subspaces(csm, cs_mod, &cs_mod))) {
s = sizeof(buf);
if (KHM_FAILED(khc_get_config_space_name(cs_mod, buf, &s)))
continue;
/* check for schema subspace. This is not an actual module. */
if (!wcscmp(buf, L"_Schema"))
continue;
kmm_load_module(buf, 0, NULL);
}
kmmint_remove_from_module_queue();
if(csm)
khc_close_space(csm);
_end_task();
return rv;
}
khm_int32
krb4_msg_newcred(khm_int32 msg_type, khm_int32 msg_subtype,
khm_ui_4 uparam, void * vparam) {
switch(msg_subtype) {
case KMSG_CRED_NEW_CREDS:
{
khui_new_creds * nc;
khui_new_creds_by_type * nct;
khm_size cbsize;
wchar_t wbuf[256];
nc = (khui_new_creds *) vparam;
nct = PMALLOC(sizeof(*nct));
#ifdef DEBUG
assert(nct);
#endif
ZeroMemory(nct, sizeof(*nct));
nct->type = credtype_id_krb4;
nct->ordinal = 3;
LoadString(hResModule, IDS_NC_K4_SHORT,
wbuf, ARRAYLENGTH(wbuf));
StringCbLength(wbuf, sizeof(wbuf), &cbsize);
cbsize += sizeof(wchar_t);
nct->name = PMALLOC(cbsize);
StringCbCopy(nct->name, cbsize, wbuf);
nct->type_deps[nct->n_type_deps++] = credtype_id_krb5;
nct->h_module = hResModule;
nct->dlg_proc = k4_nc_dlg_proc;
nct->dlg_template = MAKEINTRESOURCE(IDD_NC_KRB4);
khui_cw_add_type(nc, nct);
}
break;
case KMSG_CRED_RENEW_CREDS:
{
khui_new_creds * nc;
khui_new_creds_by_type * nct;
khm_size cbsize;
wchar_t wbuf[256];
khui_action_context * pctx = NULL;
nc = (khui_new_creds *) vparam;
pctx = khui_cw_get_ctx(nc);
if (!pctx->identity)
break;
nct = PMALLOC(sizeof(*nct));
#ifdef DEBUG
assert(nct);
#endif
ZeroMemory(nct, sizeof(*nct));
nct->type = credtype_id_krb4;
nct->ordinal = 3;
LoadString(hResModule, IDS_NC_K4_SHORT,
wbuf, ARRAYLENGTH(wbuf));
StringCbLength(wbuf, sizeof(wbuf), &cbsize);
cbsize += sizeof(wchar_t);
nct->name = PMALLOC(cbsize);
StringCbCopy(nct->name, cbsize, wbuf);
nct->type_deps[nct->n_type_deps++] = credtype_id_krb5;
khui_cw_add_type(nc, nct);
}
break;
case KMSG_CRED_DIALOG_SETUP:
break;
case KMSG_CRED_PROCESS:
{
khui_new_creds * nc;
khui_new_creds_by_type * nct = NULL;
khm_handle ident = NULL;
khui_action_context * pctx = NULL;
k4_dlg_data * d = NULL;
long code = 0;
wchar_t idname[KCDB_IDENT_MAXCCH_NAME];
khm_size cb;
khm_int32 subtype;
nc = (khui_new_creds *) vparam;
if (KHM_FAILED(khui_cw_find_type(nc, credtype_id_krb4, &nct)))
break;
subtype = khui_cw_get_subtype(nc);
if (subtype == KMSG_CRED_NEW_CREDS ||
subtype == KMSG_CRED_RENEW_CREDS) {
khm_int32 method;
if (subtype == KMSG_CRED_NEW_CREDS) {
d = (k4_dlg_data *) nct->aux;
if (KHM_FAILED(khui_cw_get_primary_id(nc, &ident)))
break;
if (!d ||
khui_cw_get_result(nc) != KHUI_NC_RESULT_PROCESS) {
khui_cw_set_response(nc, credtype_id_krb4,
KHUI_NC_RESPONSE_SUCCESS |
KHUI_NC_RESPONSE_EXIT);
kcdb_identity_release(ident);
break;
}
if (!d->k4_enabled) {
k4_write_identity_data(d);
khui_cw_set_response(nc, credtype_id_krb4,
KHUI_NC_RESPONSE_SUCCESS |
KHUI_NC_RESPONSE_EXIT);
kcdb_identity_release(ident);
break;
}
method = d->method;
cb = sizeof(idname);
kcdb_identity_get_name(ident, idname, &cb);
_begin_task(0);
_report_sr0(KHERR_NONE, IDS_MSG_K4NEW);
_resolve();
_describe();
} else if (subtype == KMSG_CRED_RENEW_CREDS) {
pctx = khui_cw_get_ctx(nc);
if ((pctx->scope == KHUI_SCOPE_IDENT &&
pctx->identity != NULL) ||
(pctx->scope == KHUI_SCOPE_CREDTYPE &&
pctx->cred_type == credtype_id_krb4 &&
pctx->identity != NULL) ||
(pctx->scope == KHUI_SCOPE_CRED &&
pctx->cred_type == credtype_id_krb4 &&
pctx->identity != NULL &&
pctx->cred != NULL)) {
ident = pctx->identity;
kcdb_identity_hold(ident);
if (!k4_should_identity_get_k4(ident)) {
_reportf(L"Kerberos 4 is not enabled for this identity. Skipping");
khui_cw_set_response(nc, credtype_id_krb4,
KHUI_NC_RESPONSE_FAILED |
KHUI_NC_RESPONSE_EXIT);
kcdb_identity_release(ident);
break;
}
} else {
_reportf(L"Kerberos 4 is not within renewal scope. Skipping");
khui_cw_set_response(nc, credtype_id_krb4,
KHUI_NC_RESPONSE_FAILED |
KHUI_NC_RESPONSE_EXIT);
break;
}
method = K4_METHOD_K524; /* only k524 is supported
for renewals */
_begin_task(0);
cb = sizeof(idname);
kcdb_identity_get_name(ident, idname, &cb);
_report_sr0(KHERR_NONE, IDS_MSG_K4RENEW);
_resolve();
_describe();
} else {
assert(FALSE);
break;
}
_progress(0,1);
if ((method == K4_METHOD_AUTO ||
method == K4_METHOD_K524) &&
khui_cw_type_succeeded(nc, credtype_id_krb5)) {
khm_handle tgt;
FILETIME ft_prev;
FILETIME ft_new;
khm_size cb;
_report_cs0(KHERR_INFO, L"Trying K524...");
tgt = khm_krb4_find_tgt(NULL, ident);
_progress(1,3);
if (tgt) {
cb = sizeof(ft_prev);
if (KHM_FAILED(kcdb_cred_get_attr(tgt,
KCDB_ATTR_EXPIRE,
NULL,
&ft_prev,
&cb)))
ZeroMemory(&ft_prev, sizeof(ft_prev));
kcdb_cred_release(tgt);
}
code = khm_convert524(ident);
_progress(2,3);
_reportf(L"khm_convert524 returns code %d", code);
if (code == 0) {
khui_cw_set_response(nc, credtype_id_krb4,
KHUI_NC_RESPONSE_SUCCESS |
KHUI_NC_RESPONSE_EXIT);
if (subtype == KMSG_CRED_NEW_CREDS) {
assert(d != NULL);
k4_write_identity_data(d);
} else if (subtype == KMSG_CRED_RENEW_CREDS &&
(pctx->scope == KHUI_SCOPE_CREDTYPE ||
pctx->scope == KHUI_SCOPE_CRED)) {
khm_krb4_list_tickets();
tgt = khm_krb4_find_tgt(NULL, ident);
if (tgt) {
cb = sizeof(ft_new);
ZeroMemory(&ft_new, sizeof(ft_new));
kcdb_cred_get_attr(tgt, KCDB_ATTR_EXPIRE,
NULL, &ft_new, &cb);
kcdb_cred_release(tgt);
}
if (!tgt ||
CompareFileTime(&ft_new, &ft_prev) <= 0) {
/* The new TGT wasn't much of an
improvement over what we already
had. We should go out and try to
renew the identity now. */
khui_action_context ctx;
_reportf(L"Renewal of Krb4 creds failed to get a longer TGT. Triggering identity renewal");
khui_context_create(&ctx,
KHUI_SCOPE_IDENT,
pctx->identity,
KCDB_CREDTYPE_INVALID,
NULL);
khui_action_trigger(KHUI_ACTION_RENEW_CRED,
&ctx);
khui_context_release(&ctx);
}
}
_progress(1,1);
_end_task();
if (ident)
kcdb_identity_release(ident);
break;
} else if (method == K4_METHOD_K524) {
khui_cw_set_response(nc, credtype_id_krb4,
KHUI_NC_RESPONSE_FAILED |
KHUI_NC_RESPONSE_EXIT);
if (subtype == KMSG_CRED_RENEW_CREDS &&
(pctx->scope == KHUI_SCOPE_CREDTYPE ||
pctx->scope == KHUI_SCOPE_CRED)) {
/* We were trying to get a new Krb4 TGT
for this identity. Sometimes this
fails because of restrictions placed on
K524d regarding the lifetime of the
issued K4 TGT. In this case, we
trigger a renewal of the identity in
the hope that the new K5 TGT will allow
us to successfully get a new K4 TGT
next time over using the new K5 TGT. */
khui_action_context ctx;
_reportf(L"Renewal of Krb4 creds failed using k524. Triggerring identity renewal.");
khui_context_create(&ctx,
KHUI_SCOPE_IDENT,
pctx->identity,
KCDB_CREDTYPE_INVALID,
NULL);
khui_action_trigger(KHUI_ACTION_RENEW_CRED,
&ctx);
khui_context_release(&ctx);
}
_progress(1,1);
_end_task();
if (ident)
kcdb_identity_release(ident);
break;
}
}
/* only supported for new credentials */
if (method == K4_METHOD_AUTO ||
method == K4_METHOD_PASSWORD) {
khm_size n_prompts = 0;
khm_size idx;
khm_size cb;
wchar_t wpwd[KHUI_MAXCCH_PROMPT_VALUE];
char pwd[KHUI_MAXCCH_PROMPT_VALUE];
wchar_t widname[KCDB_IDENT_MAXCCH_NAME];
char idname[KCDB_IDENT_MAXCCH_NAME];
char * aname = NULL;
char * inst = NULL;
char * realm = NULL;
assert(subtype == KMSG_CRED_NEW_CREDS);
_report_cs0(KHERR_INFO, L"Trying password ...");
code = TRUE; /* just has to be non-zero */
khui_cw_get_prompt_count(nc, &n_prompts);
if (n_prompts == 0)
goto _skip_pwd;
for (idx = 0; idx < n_prompts; idx++) {
khui_new_creds_prompt * p;
if (KHM_FAILED(khui_cw_get_prompt(nc, idx, &p)))
continue;
if (p->type == KHUI_NCPROMPT_TYPE_PASSWORD)
break;
}
if (idx >= n_prompts) {
_reportf(L"Password prompt not found");
goto _skip_pwd;
}
khui_cw_sync_prompt_values(nc);
cb = sizeof(wpwd);
if (KHM_FAILED(khui_cw_get_prompt_value(nc, idx,
wpwd,
&cb))) {
_reportf(L"Failed to obtain password value");
goto _skip_pwd;
}
UnicodeStrToAnsi(pwd, sizeof(pwd), wpwd);
cb = sizeof(widname);
kcdb_identity_get_name(ident,
widname,
&cb);
UnicodeStrToAnsi(idname, sizeof(idname), widname);
{
char * atsign;
atsign = strchr(idname, '@');
if (atsign == NULL) {
_reportf(L"Identity name does not contain an '@'");
goto _skip_pwd;
}
*atsign++ = 0;
realm = atsign;
}
{
char * slash;
slash = strchr(idname, '/');
if (slash != NULL) {
*slash++ = 0;
inst = slash;
} else {
inst = "";
}
}
aname = idname;
code = khm_krb4_kinit(aname, inst, realm,
(long) d->lifetime, pwd);
_progress(2,3);
_reportf(L"khm_krb4_kinit returns code %d", code);
_skip_pwd:
if (code) {
khui_cw_set_response(nc, credtype_id_krb4,
KHUI_NC_RESPONSE_EXIT |
KHUI_NC_RESPONSE_FAILED);
} else {
khui_cw_set_response(nc, credtype_id_krb4,
KHUI_NC_RESPONSE_EXIT |
KHUI_NC_RESPONSE_SUCCESS);
if (subtype == KMSG_CRED_NEW_CREDS) {
assert(d != NULL);
k4_write_identity_data(d);
}
}
}
_progress(1,1);
_end_task();
}
if (ident)
kcdb_identity_release(ident);
}
break;
case KMSG_CRED_END:
{
khui_new_creds * nc;
khui_new_creds_by_type * nct = NULL;
nc = (khui_new_creds *) vparam;
if (KHM_FAILED(khui_cw_find_type(nc, credtype_id_krb4, &nct)))
break;
khui_cw_del_type(nc, credtype_id_krb4);
if (nct->name)
PFREE(nct->name);
if (nct->credtext)
PFREE(nct->credtext);
PFREE(nct);
}
break;
}
return KHM_ERROR_SUCCESS;
}
/*! \internal
\brief Initialize a module
\a m is not in the linked list yet.
\note Should only be called from the context of the registrar thread. */
void kmmint_init_module(kmm_module_i * m) {
HMODULE hm;
init_module_t p_init_module;
kmm_plugin_i * pi;
khm_int32 rv;
khm_handle csp_mod = NULL;
khm_handle csp_mods = NULL;
khm_size sz;
khm_int32 i;
/* error condition handling */
BOOL exit_module = FALSE;
BOOL release_module = TRUE;
BOOL record_failure = FALSE;
/* failure handling */
khm_int32 max_fail_count = 0;
khm_int64 fail_reset_time = 0;
_begin_task(0);
_report_mr1(KHERR_NONE, MSG_INIT_MODULE, _cstr(m->name));
_describe();
kmm_hold_module(kmm_handle_from_module(m));
if(KHM_FAILED(kmm_get_modules_config(0, &csp_mods))) {
_report_mr0(KHERR_ERROR, MSG_IM_GET_CONFIG);
_location(L"kmm_get_modules_config()");
m->state = KMM_MODULE_STATE_FAIL_UNKNOWN;
goto _exit;
}
khc_read_int32(csp_mods, L"ModuleMaxFailureCount", &max_fail_count);
khc_read_int64(csp_mods, L"ModuleFailureCountResetTime", &fail_reset_time);
/* If the module is not in the pre-init state, we can't
initialize it. */
if(m->state != KMM_MODULE_STATE_PREINIT) {
_report_mr1(KHERR_INFO, MSG_IM_NOT_PREINIT, _int32(m->state));
goto _exit;
}
if(KHM_FAILED(kmm_get_module_config(m->name, 0, &csp_mod))) {
_report_mr0(KHERR_ERROR, MSG_IM_NOT_REGISTERED);
m->state = KMM_MODULE_STATE_FAIL_NOT_REGISTERED;
goto _exit;
}
if(KHM_SUCCEEDED(khc_read_int32(csp_mod, L"Disabled", &i)) && i) {
_report_mr0(KHERR_INFO, MSG_IM_DISABLED);
m->state = KMM_MODULE_STATE_FAIL_DISABLED;
goto _exit;
}
if(KHM_SUCCEEDED(khc_read_int32(csp_mod, L"NoUnload", &i)) && i) {
m->flags |= KMM_MODULE_FLAG_NOUNLOAD;
}
if(KHM_SUCCEEDED(khc_read_int32(csp_mod, L"FailureCount", &i))) {
khm_int64 tm;
khm_int64 ct;
FILETIME fct;
khm_int32 last_reason = 0;
/* reset the failure count if the failure count reset time
period has elapsed */
tm = 0;
khc_read_int64(csp_mod, L"FailureTime", &tm);
GetSystemTimeAsFileTime(&fct);
ct = (FtToInt(&fct) - tm) / 10000000i64;
if(tm > 0 &&
ct > fail_reset_time) {
i = 0;
khc_write_int32(csp_mod, L"FailureCount", 0);
khc_write_int64(csp_mod, L"FailureTime", 0);
}
khc_read_int32(csp_mod, L"FailureReason", &last_reason);
/* did we exceed the max failure count? However, we ignore
the max failure count if the reason why it didn't load the
last time was because the module wasn't found. */
if(i > max_fail_count &&
last_reason != KMM_MODULE_STATE_FAIL_NOT_FOUND) {
/* failed too many times */
_report_mr0(KHERR_INFO, MSG_IM_MAX_FAIL);
m->state = KMM_MODULE_STATE_FAIL_MAX_FAILURE;
goto _exit;
}
}
if(khc_read_string(csp_mod, L"ImagePath", NULL, &sz) ==
KHM_ERROR_TOO_LONG) {
if(m->path)
PFREE(m->path);
m->path = PMALLOC(sz);
khc_read_string(csp_mod, L"ImagePath", m->path, &sz);
} else {
_report_mr0(KHERR_ERROR, MSG_IM_NOT_REGISTERED);
m->state = KMM_MODULE_STATE_FAIL_NOT_REGISTERED;
goto _exit;
}
rv = kmmint_read_module_info(m);
if (KHM_FAILED(rv)) {
if (rv == KHM_ERROR_INCOMPATIBLE) {
_report_mr0(KHERR_ERROR, MSG_IM_INCOMPATIBLE);
m->state = KMM_MODULE_STATE_FAIL_INCOMPAT;
} else if (rv == KHM_ERROR_NOT_FOUND) {
_report_mr1(KHERR_ERROR, MSG_IM_NOT_FOUND, _dupstr(m->path));
m->state = KMM_MODULE_STATE_FAIL_NOT_FOUND;
} else {
_report_mr0(KHERR_ERROR, MSG_IM_INVALID_MODULE);
m->state = KMM_MODULE_STATE_FAIL_INV_MODULE;
}
goto _exit;
}
/* check again */
if(m->state != KMM_MODULE_STATE_PREINIT) {
_report_mr0(KHERR_ERROR, MSG_IM_NOT_PREINIT);
goto _exit;
}
/* from this point on, we must record any failure codes */
record_failure = TRUE;
hm = LoadLibrary(m->path);
if(!hm) {
m->h_module = NULL;
m->state = KMM_MODULE_STATE_FAIL_NOT_FOUND;
_report_mr1(KHERR_ERROR, MSG_IM_NOT_FOUND, _dupstr(m->path));
goto _exit;
}
/* from this point on, we need to discard the module through
exit_module */
ResetEvent(evt_exit);
kmm_active_modules++;
release_module = FALSE;
exit_module = TRUE;
m->flags |= KMM_MODULE_FLAG_LOADED;
m->h_module = hm;
/* TODO: check signatures */
p_init_module = (init_module_t) GetProcAddress(hm, EXP_INIT_MODULE);
if(!p_init_module) {
_report_mr1(KHERR_ERROR, MSG_IM_NO_ENTRY, _cstr(EXP_INIT_MODULE));
m->state = KMM_MODULE_STATE_FAIL_INVALID;
goto _exit;
}
m->state = KMM_MODULE_STATE_INIT;
/* call init_module() */
rv = (*p_init_module)(kmm_handle_from_module(m));
m->flags |= KMM_MODULE_FLAG_INITP;
if(KHM_FAILED(rv)) {
_report_mr1(KHERR_ERROR, MSG_IM_INIT_FAIL, _int32(rv));
m->state = KMM_MODULE_STATE_FAIL_LOAD;
goto _exit;
}
if(!m->plugins) {
_report_mr0(KHERR_ERROR, MSG_IM_NO_PLUGINS);
m->state = KMM_MODULE_STATE_FAIL_NO_PLUGINS;
record_failure = FALSE;
goto _exit;
}
m->state = KMM_MODULE_STATE_INITPLUG;
do {
LPOP(&(m->plugins), &pi);
if(pi) {
pi->flags &= ~KMM_PLUGIN_FLAG_IN_MODLIST;
kmmint_init_plugin(pi);
/* release the hold obtained in kmm_provide_plugin() */
kmm_release_plugin(kmm_handle_from_plugin(pi));
}
} while(pi);
if(!m->plugin_count) {
/* We don't want to report this case. This usually means that
the plugins that were provided by the module were
disabled. */
#ifdef REPORT_EMPTY_MODULES
_report_mr0(KHERR_ERROR, MSG_IM_NO_PLUGINS);
m->state = KMM_MODULE_STATE_FAIL_NO_PLUGINS;
#endif
record_failure = FALSE;
goto _exit;
}
m->state = KMM_MODULE_STATE_RUNNING;
exit_module = FALSE;
record_failure = FALSE;
_exit:
if(csp_mod) {
if(record_failure) {
FILETIME fct;
i = 0;
khc_read_int32(csp_mod, L"FailureCount", &i);
i++;
khc_write_int32(csp_mod, L"FailureCount", i);
if(i==1) { /* first fault */
GetSystemTimeAsFileTime(&fct);
khc_write_int64(csp_mod, L"FailureTime", FtToInt(&fct));
}
khc_write_int32(csp_mod, L"FailureReason", m->state);
}
khc_close_space(csp_mod);
}
if(csp_mods)
khc_close_space(csp_mods);
_report_mr2(KHERR_INFO, MSG_IM_MOD_STATE,
_dupstr(m->name), _int32(m->state));
kmmint_remove_from_module_queue();
/* if something went wrong after init_module was called on the
module code, we need to call exit_module */
if(exit_module)
kmmint_exit_module(m);
if(release_module)
kmm_release_module(kmm_handle_from_module(m));
if (kherr_is_error()) {
kherr_context * c;
kherr_event * err_e = NULL;
kherr_event * warn_e = NULL;
kherr_event * e;
c = kherr_peek_context();
err_e = kherr_get_err_event(c);
for(e = kherr_get_first_event(c);
e;
e = kherr_get_next_event(e)) {
if (e != err_e &&
e->severity == KHERR_WARNING) {
warn_e = e;
break;
}
}
kherr_evaluate_event(err_e);
if (warn_e)
kherr_evaluate_event(warn_e);
kherr_clear_error();
e = kherr_report(KHERR_ERROR,
(wchar_t *) MSG_IMERR_TITLE,
KHERR_FACILITY,
NULL,
err_e->long_desc,
((warn_e)? (wchar_t *)MSG_IMERR_SUGGEST: NULL),
KHERR_FACILITY_ID,
KHERR_SUGGEST_NONE,
_cstr(m->name),
((warn_e)? _cstr(warn_e->long_desc):_vnull()),
_vnull(),_vnull(),
KHERR_RF_MSG_SHORT_DESC |
((warn_e)? KHERR_RF_MSG_SUGGEST: 0),
KHERR_HMODULE);
kherr_evaluate_event(e);
kherr_release_context(c);
}
_end_task();
}
/*! \internal
\brief Initialize a plugin
\note If kmmint_init_plugin() is called on a plugin, then kmmint_exit_plugin()
\b must be called for the plugin.
\note Should only be called from the context of the registrar thread */
void kmmint_init_plugin(kmm_plugin_i * p) {
DWORD dummy;
khm_handle csp_plugin = NULL;
khm_handle csp_plugins = NULL;
khm_int32 t;
/* the following will be undone in kmmint_exit_plugin() */
kmm_hold_plugin(kmm_handle_from_plugin(p));
EnterCriticalSection(&cs_kmm);
if(p->state != KMM_PLUGIN_STATE_REG &&
p->state != KMM_PLUGIN_STATE_HOLD)
{
LeaveCriticalSection(&cs_kmm);
goto _exit;
}
_begin_task(0);
_report_mr1(KHERR_NONE, MSG_IP_TASK_DESC, _cstr(p->p.name));
_describe();
if(p->state == KMM_PLUGIN_STATE_HOLD) {
/* if this plugin was held, then we already had a hold
from the initial attempt to start the plugin. Undo
the hold we did a few lines earlier. */
kmm_release_plugin(kmm_handle_from_plugin(p));
/* same for the plugin count for the module. */
#ifdef DEBUG
assert(p->flags & KMM_PLUGIN_FLAG_IN_MODCOUNT);
#endif
p->module->plugin_count--;
p->flags &= ~KMM_PLUGIN_FLAG_IN_MODCOUNT;
}
p->state = KMM_PLUGIN_STATE_PREINIT;
kmmint_delist_plugin(p);
kmmint_list_plugin(p);
LeaveCriticalSection(&cs_kmm);
if(KHM_FAILED(kmm_get_plugins_config(0, &csp_plugins))) {
_report_mr0(KHERR_ERROR, MSG_IP_GET_CONFIG);
p->state = KMM_PLUGIN_STATE_FAIL_UNKNOWN;
goto _exit;
}
if(KHM_FAILED(kmm_get_plugin_config(p->p.name, 0, &csp_plugin))) {
if(KHM_FAILED(kmm_register_plugin(&(p->p), 0))) {
_report_mr0(KHERR_ERROR, MSG_IP_NOT_REGISTERED);
p->state = KMM_PLUGIN_STATE_FAIL_NOT_REGISTERED;
goto _exit;
}
if(KHM_FAILED(kmm_get_plugin_config(p->p.name, 0, &csp_plugin))) {
_report_mr0(KHERR_ERROR, MSG_IP_NOT_REGISTERED);
p->state = KMM_PLUGIN_STATE_FAIL_NOT_REGISTERED;
goto _exit;
}
}
if (KHM_SUCCEEDED(khc_read_int32(csp_plugin, L"Disabled", &t)) && t) {
p->flags |= KMM_PLUGIN_FLAG_DISABLED;
p->state = KMM_PLUGIN_STATE_FAIL_DISABLED;
goto _exit;
}
#if 0
/*TODO: check the failure count and act accordingly */
if(KHM_SUCCEEDED(khc_read_int32(csp_plugin, L"FailureCount", &t)) && (t > 0)) {
}
#endif
EnterCriticalSection(&cs_kmm);
p->n_depends = 0;
p->n_unresolved = 0;
do {
wchar_t * deps = NULL;
wchar_t * d;
khm_size sz = 0;
if(khc_read_multi_string(csp_plugin, L"Dependencies",
NULL, &sz) != KHM_ERROR_TOO_LONG)
break;
deps = PMALLOC(sz);
if(KHM_FAILED(khc_read_multi_string(csp_plugin, L"Dependencies",
deps, &sz))) {
if(deps)
PFREE(deps);
break;
}
for(d = deps; d && *d; d = multi_string_next(d)) {
kmm_plugin_i * pd;
int i;
pd = kmmint_get_plugin_i(d);
if(pd->state == KMM_PLUGIN_STATE_NONE) {
/* the dependant was not previously known */
pd->state = KMM_PLUGIN_STATE_PLACEHOLDER;
}
for(i=0; i < pd->n_dependants; i++) {
if(pd->dependants[i] == p)
break;
}
if(i >= pd->n_dependants) {
if( pd->n_dependants >= KMM_MAX_DEPENDANTS ) {
/*TODO: handle this gracefully */
RaiseException(1, EXCEPTION_NONCONTINUABLE, 0, NULL);
}
/* released in kmmint_free_plugin() */
kmm_hold_plugin(kmm_handle_from_plugin(p));
pd->dependants[pd->n_dependants] = p;
pd->n_dependants++;
}
p->n_depends++;
if(pd->state != KMM_PLUGIN_STATE_RUNNING) {
p->n_unresolved++;
}
}
if(p->n_unresolved > 0) {
p->state = KMM_PLUGIN_STATE_HOLD;
}
PFREE(deps);
} while(FALSE);
#ifdef DEBUG
assert(!(p->flags & KMM_PLUGIN_FLAG_IN_MODCOUNT));
#endif
p->flags |= KMM_PLUGIN_FLAG_IN_MODCOUNT;
p->module->plugin_count++;
LeaveCriticalSection(&cs_kmm);
if(p->state == KMM_PLUGIN_STATE_HOLD) {
_report_mr1(KHERR_INFO, MSG_IP_HOLD, _dupstr(p->p.name));
goto _exit_post;
}
kmmint_add_to_plugin_queue(p);
p->ht_thread = CreateThread(NULL,
0,
kmmint_plugin_broker,
(LPVOID) p,
CREATE_SUSPENDED,
&dummy);
p->state = KMM_PLUGIN_STATE_INIT;
ResumeThread(p->ht_thread);
_exit_post:
if(csp_plugin != NULL)
khc_close_space(csp_plugin);
if(csp_plugins != NULL)
khc_close_space(csp_plugins);
_report_mr2(KHERR_INFO, MSG_IP_STATE,
_dupstr(p->p.name), _int32(p->state));
_end_task();
return;
/* jump here if an error condition happens before the plugin
broker thread starts and the plugin should be unloaded */
_exit:
if(csp_plugin != NULL)
khc_close_space(csp_plugin);
if(csp_plugins != NULL)
khc_close_space(csp_plugins);
_report_mr2(KHERR_WARNING, MSG_IP_EXITING,
_dupstr(p->p.name), _int32(p->state));
_end_task();
#ifdef ASYNC_PLUGIN_UNLOAD_ON_FAILURE
kmm_hold_plugin(kmm_handle_from_plugin(p));
kmq_post_message(KMSG_KMM, KMSG_KMM_I_REG, KMM_REG_EXIT_PLUGIN, (void *) p);
#else
kmmint_exit_plugin(p);
#endif
}
/*! \internal
\brief Manages a plugin message thread.
Each plugin gets its own plugin thread which is used to dispatch
messages to the plugin. This acts as the thread function for the
plugin thread.*/
DWORD WINAPI kmmint_plugin_broker(LPVOID lpParameter)
{
DWORD rv = 0;
kmm_plugin_i * p = (kmm_plugin_i *) lpParameter;
PDESCTHREAD(p->p.name, L"KMM");
_begin_task(0);
_report_mr1(KHERR_NONE, MSG_PB_START, _cstr(p->p.name));
_describe();
TlsSetValue(tls_kmm, (LPVOID) p);
kmm_hold_plugin(kmm_handle_from_plugin(p));
p->tid_thread = GetCurrentThreadId();
if (IsBadCodePtr(p->p.msg_proc)) {
_report_mr0(KHERR_WARNING, MSG_PB_INVALID_CODE_PTR);
rv = KHM_ERROR_INVALID_PARAM;
} else {
rv = (*p->p.msg_proc)(KMSG_SYSTEM, KMSG_SYSTEM_INIT,
0, (void *) &(p->p));
_report_mr1(KHERR_INFO, MSG_PB_INIT_RV, _int32(rv));
}
/* if it fails to initialize, we exit the plugin */
if(KHM_FAILED(rv)) {
kherr_report(KHERR_ERROR,
(wchar_t *) MSG_PB_INIT_FAIL_S,
(wchar_t *) KHERR_FACILITY,
NULL,
(wchar_t *) MSG_PB_INIT_FAIL,
(wchar_t *) MSG_PB_INIT_FAIL_G,
KHERR_FACILITY_ID,
KHERR_SUGGEST_NONE,
_cstr(p->p.name),
_cstr(p->p.description),
_cstr(p->module->path),
_cstr(p->module->support),
KHERR_RF_MSG_SHORT_DESC |
KHERR_RF_MSG_LONG_DESC |
KHERR_RF_MSG_SUGGEST
#ifdef _WIN32
,KHERR_HMODULE
#endif
);
_resolve();
/* exit the plugin first. Otherwise it may not uninitialize correctly */
(*p->p.msg_proc)(KMSG_SYSTEM, KMSG_SYSTEM_EXIT, 0, (void *) &(p->p));
kmmint_remove_from_plugin_queue(p);
rv = 1;
_end_task();
p->state = KMM_PLUGIN_STATE_FAIL_INIT;
goto _exit;
}
/* subscribe to default message classes by plugin type */
if(p->p.type == KHM_PITYPE_CRED) {
kmq_subscribe(KMSG_SYSTEM, p->p.msg_proc);
kmq_subscribe(KMSG_KCDB, p->p.msg_proc);
kmq_subscribe(KMSG_CRED, p->p.msg_proc);
} else if(p->p.type == KHM_PITYPE_IDENT) {
khm_handle h = NULL;
kmq_subscribe(KMSG_SYSTEM, p->p.msg_proc);
kmq_subscribe(KMSG_KCDB, p->p.msg_proc);
kmq_create_subscription(p->p.msg_proc, &h);
kcdb_identity_set_provider(h);
/* kcdb deletes the subscription when it's done with it */
} else if(p->p.type == KHM_PITYPE_CONFIG) {
/*TODO: subscribe to configuration provider messages here */
}
p->state = KMM_PLUGIN_STATE_RUNNING;
_report_mr0(KHERR_INFO, MSG_PB_INIT_DONE);
_end_task();
/* if there were any plugins that were waiting for this one to
start, we should start them too */
EnterCriticalSection(&cs_kmm);
do {
kmm_plugin_i * pd;
int i;
for(i=0; i < p->n_dependants; i++) {
pd = p->dependants[i];
pd->n_unresolved--;
if(pd->n_unresolved == 0) {
kmmint_add_to_plugin_queue(pd);
kmm_hold_plugin(kmm_handle_from_plugin(pd));
kmq_post_message(KMSG_KMM, KMSG_KMM_I_REG, KMM_REG_INIT_PLUGIN, (void *) pd);
}
}
} while(FALSE);
LeaveCriticalSection(&cs_kmm);
kmmint_remove_from_plugin_queue(p);
/* main message loop */
while(KHM_SUCCEEDED(kmq_dispatch(INFINITE)));
/* unsubscribe from default message classes by plugin type */
if(p->p.type == KHM_PITYPE_CRED) {
kmq_unsubscribe(KMSG_SYSTEM, p->p.msg_proc);
kmq_unsubscribe(KMSG_KCDB, p->p.msg_proc);
kmq_unsubscribe(KMSG_CRED, p->p.msg_proc);
} else if (p->p.type == KHM_PITYPE_IDENT) {
kmq_unsubscribe(KMSG_KCDB, p->p.msg_proc);
kmq_unsubscribe(KMSG_SYSTEM, p->p.msg_proc);
kcdb_identity_set_provider(NULL);
} else if(p->p.type == KHM_PITYPE_CONFIG) {
/*TODO: unsubscribe from configuration provider messages here */
}
p->p.msg_proc(KMSG_SYSTEM, KMSG_SYSTEM_EXIT, 0, (void *) &(p->p));
_exit:
if (p->state >= 0)
p->state = KMM_PLUGIN_STATE_EXITED;
/* the following call will automatically release the plugin */
kmq_post_message(KMSG_KMM, KMSG_KMM_I_REG,
KMM_REG_EXIT_PLUGIN, (void *) p);
TlsSetValue(tls_kmm, (LPVOID) 0);
ExitThread(rv);
/* not reached */
return rv;
}
void khm_cred_obtain_new_creds(wchar_t * title)
{
khui_new_creds * nc;
LPNETID_DLGINFO pdlginfo;
khm_size cb;
if (!khm_cred_begin_dialog())
return;
khui_cw_create_cred_blob(&nc);
nc->subtype = KMSG_CRED_NEW_CREDS;
dialog_nc = nc;
khui_context_get(&nc->ctx);
kcdb_identpro_get_ui_cb((void *) &nc->ident_cb);
if (nc->ident_cb == NULL) {
wchar_t title[256];
wchar_t msg[512];
wchar_t suggestion[512];
khui_alert * a;
LoadString(khm_hInstance, IDS_ERR_TITLE_NO_IDENTPRO,
title, ARRAYLENGTH(title));
LoadString(khm_hInstance, IDS_ERR_MSG_NO_IDENTPRO,
msg, ARRAYLENGTH(msg));
LoadString(khm_hInstance, IDS_ERR_SUGG_NO_IDENTPRO,
suggestion, ARRAYLENGTH(suggestion));
khui_alert_create_simple(title,
msg,
KHERR_ERROR,
&a);
khui_alert_set_suggestion(a, suggestion);
khui_alert_show(a);
khui_alert_release(a);
khui_context_release(&nc->ctx);
nc->result = KHUI_NC_RESULT_CANCEL;
khm_cred_end_dialog(nc);
khui_cw_destroy_cred_blob(nc);
return;
}
if (title) {
if (SUCCEEDED(StringCbLength(title, KHUI_MAXCB_TITLE, &cb))) {
cb += sizeof(wchar_t);
nc->window_title = PMALLOC(cb);
#ifdef DEBUG
assert(nc->window_title);
#endif
StringCbCopy(nc->window_title, cb, title);
}
} else if (nc->ctx.cb_vparam == sizeof(NETID_DLGINFO) &&
(pdlginfo = nc->ctx.vparam) &&
pdlginfo->size == NETID_DLGINFO_V1_SZ &&
pdlginfo->in.title[0] &&
SUCCEEDED(StringCchLength(pdlginfo->in.title,
NETID_TITLE_SZ,
&cb))) {
cb = (cb + 1) * sizeof(wchar_t);
nc->window_title = PMALLOC(cb);
#ifdef DEBUG
assert(nc->window_title);
#endif
StringCbCopy(nc->window_title, cb, pdlginfo->in.title);
}
khm_create_newcredwnd(khm_hwnd_main, nc);
if (nc->hwnd != NULL) {
_begin_task(KHERR_CF_TRANSITIVE);
_report_sr0(KHERR_NONE, IDS_CTX_NEW_CREDS);
_describe();
kmq_post_message(KMSG_CRED, KMSG_CRED_NEW_CREDS, 0,
(void *) nc);
_end_task();
} else {
khui_context_release(&nc->ctx);
nc->result = KHUI_NC_RESULT_CANCEL;
khm_cred_end_dialog(nc);
khui_cw_destroy_cred_blob(nc);
}
}
void khm_cred_change_password(wchar_t * title)
{
khui_new_creds * nc;
LPNETID_DLGINFO pdlginfo;
khm_size cb;
if (!khm_cred_begin_dialog())
return;
khui_cw_create_cred_blob(&nc);
nc->subtype = KMSG_CRED_PASSWORD;
dialog_nc = nc;
khui_context_get(&nc->ctx);
kcdb_identpro_get_ui_cb((void *) &nc->ident_cb);
assert(nc->ident_cb);
if (title) {
if (SUCCEEDED(StringCbLength(title, KHUI_MAXCB_TITLE, &cb))) {
cb += sizeof(wchar_t);
nc->window_title = PMALLOC(cb);
#ifdef DEBUG
assert(nc->window_title);
#endif
StringCbCopy(nc->window_title, cb, title);
}
} else if (nc->ctx.cb_vparam == sizeof(NETID_DLGINFO) &&
(pdlginfo = nc->ctx.vparam) &&
pdlginfo->size == NETID_DLGINFO_V1_SZ &&
pdlginfo->in.title[0] &&
SUCCEEDED(StringCchLength(pdlginfo->in.title,
NETID_TITLE_SZ,
&cb))) {
cb = (cb + 1) * sizeof(wchar_t);
nc->window_title = PMALLOC(cb);
#ifdef DEBUG
assert(nc->window_title);
#endif
StringCbCopy(nc->window_title, cb, pdlginfo->in.title);
}
khm_create_newcredwnd(khm_hwnd_main, nc);
if (nc->hwnd != NULL) {
_begin_task(KHERR_CF_TRANSITIVE);
_report_sr0(KHERR_NONE, IDS_CTX_PASSWORD);
_describe();
kmq_post_message(KMSG_CRED, KMSG_CRED_PASSWORD, 0,
(void *) nc);
_end_task();
} else {
khui_cw_destroy_cred_blob(nc);
}
}
void
khm_cred_dispatch_process_message(khui_new_creds *nc)
{
khm_size i;
BOOL pending;
wchar_t wsinsert[512];
khm_size cbsize;
/* see if there's anything to do. We can check this without
obtaining a lock */
if(nc->n_types == 0 ||
(nc->subtype == KMSG_CRED_NEW_CREDS &&
nc->n_identities == 0) ||
(nc->subtype == KMSG_CRED_PASSWORD &&
nc->n_identities == 0))
goto _terminate_job;
/* check dependencies and stuff first */
EnterCriticalSection(&nc->cs);
for(i=0; i<nc->n_types; i++) {
nc->types[i]->flags &= ~ KHUI_NCT_FLAG_PROCESSED;
}
LeaveCriticalSection(&nc->cs);
/* Consindering all that can go wrong here and the desire to
handle errors here separately from others, we create a new task
for the purpose of tracking the credentials acquisition
process. */
_begin_task(KHERR_CF_TRANSITIVE);
/* Describe the context */
if(nc->subtype == KMSG_CRED_NEW_CREDS) {
cbsize = sizeof(wsinsert);
kcdb_identity_get_name(nc->identities[0], wsinsert, &cbsize);
_report_sr1(KHERR_NONE, IDS_CTX_PROC_NEW_CREDS,
_cstr(wsinsert));
_resolve();
} else if (nc->subtype == KMSG_CRED_RENEW_CREDS) {
cbsize = sizeof(wsinsert);
if (nc->ctx.scope == KHUI_SCOPE_IDENT)
kcdb_identity_get_name(nc->ctx.identity, wsinsert, &cbsize);
else if (nc->ctx.scope == KHUI_SCOPE_CREDTYPE) {
if (nc->ctx.identity != NULL)
kcdb_identity_get_name(nc->ctx.identity, wsinsert,
&cbsize);
else
kcdb_credtype_get_name(nc->ctx.cred_type, wsinsert,
&cbsize);
} else if (nc->ctx.scope == KHUI_SCOPE_CRED) {
kcdb_cred_get_name(nc->ctx.cred, wsinsert, &cbsize);
} else {
StringCbCopy(wsinsert, sizeof(wsinsert), L"(?)");
}
_report_sr1(KHERR_NONE, IDS_CTX_PROC_RENEW_CREDS,
_cstr(wsinsert));
_resolve();
} else if (nc->subtype == KMSG_CRED_PASSWORD) {
cbsize = sizeof(wsinsert);
kcdb_identity_get_name(nc->identities[0], wsinsert, &cbsize);
_report_sr1(KHERR_NONE, IDS_CTX_PROC_PASSWORD,
_cstr(wsinsert));
_resolve();
} else {
assert(FALSE);
}
_describe();
pending = khm_cred_dispatch_process_level(nc);
_end_task();
if(!pending)
goto _terminate_job;
return;
_terminate_job:
if (nc->subtype == KMSG_CRED_RENEW_CREDS)
kmq_post_message(KMSG_CRED, KMSG_CRED_END, 0, (void *) nc);
else
PostMessage(nc->hwnd, KHUI_WM_NC_NOTIFY,
MAKEWPARAM(0, WMNC_DIALOG_PROCESS_COMPLETE), 0);
}