diff options
author | Tom Yu <tlyu@mit.edu> | 2007-03-30 03:09:02 +0000 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2007-03-30 03:09:02 +0000 |
commit | 197a0ec89fb7ec93481df5f89e8a500eb94b4527 (patch) | |
tree | 0278cef150247691a3abdb48d7651e14a084a20b | |
parent | 479b83a65f5e4e05816245f49950841441fbc865 (diff) | |
download | krb5-197a0ec89fb7ec93481df5f89e8a500eb94b4527.zip krb5-197a0ec89fb7ec93481df5f89e8a500eb94b4527.tar.gz krb5-197a0ec89fb7ec93481df5f89e8a500eb94b4527.tar.bz2 |
pull up r19289 from trunk
r19289@cathode-dark-space: jaltman | 2007-03-27 09:37:30 -0400
ticket: 5469
This commit addresses several issues:
(1) The registry key used for activating event reporting to
the Windows application log was wrong. It should be
"NetworkProvider" not "Network Provider"
(2) Event logging of the state of the "Debug" value has been
added so that it is possible to debug the use of event
reporting.
(3) The code no longer performs the pre-kinit operations
if a password was not provided.
(4) A new function KFW_copy_file_cache_to_api_cache() has
been added. This is used instead of
KFW_copy_file_cache_to_default_cache() permitting the
default cache to be MSLSA, FILE, or anything else.
The API cache name will be of the form API:principal
just as is done by Network Identity Manager.
ticket: 5469
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19336 dc483132-0cff-0310-8789-dd5450dbe970
-rw-r--r-- | src/windows/kfwlogon/kfwcommon.c | 149 | ||||
-rw-r--r-- | src/windows/kfwlogon/kfwcpcc.c | 2 |
2 files changed, 131 insertions, 20 deletions
diff --git a/src/windows/kfwlogon/kfwcommon.c b/src/windows/kfwlogon/kfwcommon.c index b578d94..1a2de08 100644 --- a/src/windows/kfwlogon/kfwcommon.c +++ b/src/windows/kfwlogon/kfwcommon.c @@ -293,19 +293,41 @@ static HANDLE hDLL; BOOL IsDebugLogging(void)
{
- DWORD LSPtype, LSPsize;
+ DWORD LSPsize;
HKEY NPKey;
DWORD dwDebug = FALSE;
if (RegOpenKeyEx(HKEY_LOCAL_MACHINE,
- "System\\CurrentControlSet\\Services\\MIT Kerberos\\Network Provider",
- 0, KEY_QUERY_VALUE, &NPKey) == ERROR_SUCCESS) {
+ "System\\CurrentControlSet\\Services\\MIT Kerberos\\NetworkProvider",
+ 0, KEY_QUERY_VALUE, &NPKey) == ERROR_SUCCESS)
+ {
LSPsize=sizeof(dwDebug);
- if (RegQueryValueEx(NPKey, "Debug", NULL, &LSPtype, (LPBYTE)&dwDebug, &LSPsize) != ERROR_SUCCESS
- || LSPtype != REG_DWORD)
+ if (RegQueryValueEx(NPKey, "Debug", NULL, NULL, (LPBYTE)&dwDebug, &LSPsize) != ERROR_SUCCESS)
+ {
+ static int once = 0;
+
dwDebug = FALSE;
+ if (!once) {
+ HANDLE h; char *ptbuf[1];
+ h = RegisterEventSource(NULL, KFW_LOGON_EVENT_NAME);
+ ptbuf[0] = "Unable to read debug value";
+ ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, (const char **)ptbuf, NULL);
+ DeregisterEventSource(h);
+ once++;
+ }
+ }
RegCloseKey (NPKey);
+ } else {
+ static int once = 0;
+ if (!once) {
+ HANDLE h; char *ptbuf[1];
+ h = RegisterEventSource(NULL, KFW_LOGON_EVENT_NAME);
+ ptbuf[0] = "Unable to open network provider key";
+ ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, (const char **)ptbuf, NULL);
+ DeregisterEventSource(h);
+ once++;
+ }
}
return(dwDebug ? TRUE : FALSE);
@@ -719,7 +741,7 @@ KFW_get_cred( char * username, char * pname = 0;
krb5_error_code code;
- if (!pkrb5_init_context || !username || !password)
+ if (!pkrb5_init_context || !username || !password || !password[0])
return 0;
DebugEvent0(username);
@@ -751,22 +773,23 @@ KFW_get_cred( char * username, if ( code ) goto cleanup;
DebugEvent0("got ccache");
+
if ( lifetime == 0 )
lifetime = pLeash_get_default_lifetime();
- if ( password[0] ) {
- code = KFW_kinit( ctx, cc, HWND_DESKTOP,
- pname,
- password,
- lifetime,
- pLeash_get_default_forwardable(),
- pLeash_get_default_proxiable(),
- pLeash_get_default_renewable() ? pLeash_get_default_renew_till() : 0,
- pLeash_get_default_noaddresses(),
- pLeash_get_default_publicip());
- DebugEvent0("kinit returned");
- if ( code ) goto cleanup;
- }
+ DebugEvent0("got lifetime");
+
+ code = KFW_kinit( ctx, cc, HWND_DESKTOP,
+ pname,
+ password,
+ lifetime,
+ pLeash_get_default_forwardable(),
+ pLeash_get_default_proxiable(),
+ pLeash_get_default_renewable() ? pLeash_get_default_renew_till() : 0,
+ pLeash_get_default_noaddresses(),
+ pLeash_get_default_publicip());
+ DebugEvent0("kinit returned");
+ if ( code ) goto cleanup;
cleanup:
if ( pname )
@@ -1148,6 +1171,94 @@ KFW_copy_file_cache_to_default_cache(char * filename) }
+int
+KFW_copy_file_cache_to_api_cache(char * filename)
+{
+ char cachename[MAX_PATH + 8] = "FILE:";
+ krb5_context ctx = 0;
+ krb5_error_code code;
+ krb5_principal princ = 0;
+ krb5_ccache cc = 0;
+ krb5_ccache ncc = 0;
+ char *name = NULL;
+ int retval = 1;
+
+ if (!pkrb5_init_context || !filename)
+ return 1;
+
+ if ( strlen(filename) + sizeof("FILE:") > sizeof(cachename) )
+ return 1;
+
+ strcat(cachename, filename);
+
+ code = pkrb5_init_context(&ctx);
+ if (code) ctx = 0;
+
+ code = pkrb5_cc_resolve(ctx, cachename, &cc);
+ if (code) {
+ DebugEvent0("kfwcpcc krb5_cc_resolve failed");
+ goto cleanup;
+ }
+
+ code = pkrb5_cc_get_principal(ctx, cc, &princ);
+ if (code) {
+ DebugEvent0("kfwcpcc krb5_cc_get_principal failed");
+ goto cleanup;
+ }
+
+ code = pkrb5_unparse_name(ctx, princ, &name);
+ if (code) {
+ DebugEvent0("kfwcpcc krb5_unparse_name failed");
+ goto cleanup;
+ }
+
+ sprintf(cachename, "API:%s", name);
+
+ code = pkrb5_cc_resolve(ctx, cachename, &ncc);
+ if (code) {
+ DebugEvent0("kfwcpcc krb5_cc_default failed");
+ goto cleanup;
+ }
+ if (!code) {
+ code = pkrb5_cc_initialize(ctx, ncc, princ);
+
+ if (!code)
+ code = pkrb5_cc_copy_creds(ctx,cc,ncc);
+ if (code) {
+ DebugEvent0("kfwcpcc krb5_cc_copy_creds failed");
+ goto cleanup;
+ }
+ }
+ if ( ncc ) {
+ pkrb5_cc_close(ctx, ncc);
+ ncc = 0;
+ }
+
+ retval=0; /* success */
+
+ cleanup:
+ if (name)
+ pkrb5_free_unparsed_name(ctx, name);
+
+ if ( cc ) {
+ pkrb5_cc_close(ctx, cc);
+ cc = 0;
+ }
+
+ DeleteFile(filename);
+
+ if ( princ ) {
+ pkrb5_free_principal(ctx, princ);
+ princ = 0;
+ }
+
+ if (ctx)
+ pkrb5_free_context(ctx);
+
+ return 0;
+}
+
+
int
KFW_destroy_tickets_for_principal(char * user)
{
diff --git a/src/windows/kfwlogon/kfwcpcc.c b/src/windows/kfwlogon/kfwcpcc.c index c3485c0..5ff7785 100644 --- a/src/windows/kfwlogon/kfwcpcc.c +++ b/src/windows/kfwlogon/kfwcpcc.c @@ -33,7 +33,7 @@ int main(int argc, char *argv[]) KFW_initialize();
- return KFW_copy_file_cache_to_default_cache(argv[1]);
+ return KFW_copy_file_cache_to_api_cache(argv[1]);
}
|