krb5 commit: Add 'read-only principal' flag
Benjamin Kaduk
kaduk at MIT.EDU
Mon Aug 27 11:52:06 EDT 2012
https://github.com/krb5/krb5/commit/88f425a7169a1f1d38b89d80a167f58e8ce475e8
commit 88f425a7169a1f1d38b89d80a167f58e8ce475e8
Author: Kevin Wasserman <kevin.wasserman at painless-security.com>
Date: Thu Jun 21 13:22:39 2012 -0400
Add 'read-only principal' flag
Reserve the high-order 16 bits of dlgtype for flags.
Add DLGFLAG_READONLY_PRINC. When specified, the get tickets dialog
does not allow the user to change the principal.
Signed-off-by: Kevin Wasserman <kevin.wasserman at painless-security.com>
ticket: 7274 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
src/windows/include/leashwin.h | 2 ++
src/windows/leashdll/lsh_pwd.c | 36 ++++++++++++++++++------------------
2 files changed, 20 insertions(+), 18 deletions(-)
diff --git a/src/windows/include/leashwin.h b/src/windows/include/leashwin.h
index fc210a6..9577365 100644
--- a/src/windows/include/leashwin.h
+++ b/src/windows/include/leashwin.h
@@ -16,6 +16,8 @@
#define DLGTYPE_PASSWD 0
#define DLGTYPE_CHPASSWD 1
+#define DLGTYPE_MASK 0x0000ffff
+#define DLGFLAG_READONLYPRINC 0x10000
typedef struct {
int dlgtype;
// Tells whether dialog box is in change pwd more or init ticket mode???
diff --git a/src/windows/leashdll/lsh_pwd.c b/src/windows/leashdll/lsh_pwd.c
index 06b7a69..1a1c6e4 100644
--- a/src/windows/leashdll/lsh_pwd.c
+++ b/src/windows/leashdll/lsh_pwd.c
@@ -354,8 +354,6 @@ int Leash_kinit_dlg_ex(HWND hParent, LPLSH_DLGINFO_EX lpdlginfo)
return 1; /* pretend the dialog was displayed and succeeded */
}
- lpdlginfo->dlgtype = DLGTYPE_PASSWD;
-
/* set the help file */
Leash_set_help_file(NULL);
@@ -1495,6 +1493,8 @@ AuthenticateProc(
long realm_count = 0;
int disable_noaddresses = 0;
HWND hEditCtrl=0;
+ HWND hFocusCtrl=0;
+ BOOL bReadOnlyPrinc=0;
switch (message) {
@@ -1513,13 +1513,15 @@ AuthenticateProc(
if ((lpdi->size != LSH_DLGINFO_EX_V1_SZ &&
lpdi->size != LSH_DLGINFO_EX_V2_SZ &&
lpdi->size < LSH_DLGINFO_EX_V3_SZ) ||
- lpdi->dlgtype != DLGTYPE_PASSWD) {
+ (lpdi->dlgtype & DLGTYPE_MASK) != DLGTYPE_PASSWD) {
MessageBox(hDialog, "An incorrect initialization data structure was provided.",
"AuthenticateProc()",
MB_OK | MB_ICONSTOP);
return FALSE;
}
+ bReadOnlyPrinc = (lpdi->dlgtype & DLGFLAG_READONLYPRINC) ?
+ TRUE : FALSE;
if ( lpdi->size >= LSH_DLGINFO_EX_V2_SZ ) {
lpdi->out.username[0] = 0;
@@ -1535,17 +1537,6 @@ AuthenticateProc(
SetWindowText(hDialog, lpdi->title);
SetProp(hDialog, "HANDLES_HELP", (HANDLE)1);
-// @TODO: in/out principal
-/*
- if ( lpdi->size >= LSH_DLGINFO_EX_V3_SZ )
- lstrcpy(username, lpdi->in.username);
- else if (lpdi->username)
- lstrcpy(username, lpdi->username);
- if ( lpdi->size >= LSH_DLGINFO_EX_V3_SZ )
- lstrcpy(realm, lpdi->in.realm);
- else if (lpdi->realm)
- lstrcpy(realm, lpdi->realm);
-*/
if (lpdi->use_defaults) {
lifetime = Leash_get_default_lifetime();
if (lifetime <= 0)
@@ -1576,7 +1567,14 @@ AuthenticateProc(
proxiable = lpdi->proxiable;
publicip = lpdi->publicip;
}
-
+ if (lpdi->username && (strlen(lpdi->username) > 0) &&
+ lpdi->realm && (strlen(lpdi->realm) > 0)) {
+ sprintf_s(principal, sizeof(principal), "%s@%s", lpdi->username,
+ lpdi->realm);
+ } else {
+ principal[0] = 0;
+ }
+ Edit_SetReadOnly(hEditCtrl, bReadOnlyPrinc);
CSetDlgItemText(hDialog, IDC_EDIT_PRINCIPAL, principal);
CSetDlgItemText(hDialog, IDC_EDIT_PASSWORD, "");
@@ -1658,9 +1656,11 @@ AuthenticateProc(
/* Take keyboard focus */
SetActiveWindow(hDialog);
SetForegroundWindow(hDialog);
- if (GetDlgCtrlID((HWND) wParam) != IDC_EDIT_PRINCIPAL)
- {
- SetFocus(GetDlgItem(hDialog, IDC_EDIT_PRINCIPAL));
+ /* put focus on password if princ is read-only */
+ hFocusCtrl = bReadOnlyPrinc ?
+ GetDlgItem(hDialog, IDC_EDIT_PASSWORD) : hEditCtrl;
+ if (((HWND)wParam) != hFocusCtrl) {
+ SetFocus(hFocusCtrl);
}
break;
More information about the cvs-krb5
mailing list