diff options
| author | Greg Hudson <ghudson@mit.edu> | 2020-08-19 23:03:28 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2020-09-11 11:49:08 -0400 |
| commit | f9655f08340d9789d53cdf156abfbab12751566b (patch) | |
| tree | 8a098743d93b7e7db10fe261ac4c833e5736d68f | |
| parent | 7fc4cdae79d0689afed32f9bcfeb28f410a9d79c (diff) | |
| download | krb5-f9655f08340d9789d53cdf156abfbab12751566b.zip krb5-f9655f08340d9789d53cdf156abfbab12751566b.tar.gz krb5-f9655f08340d9789d53cdf156abfbab12751566b.tar.bz2 | |
Remove Leash import functionality
Copying tickets from the MSLSA cache to another cache is no longer
possible in most circumstances, and the Leash ribbon UI does not have
an import button. Remove all remaining support for importing tickets.
ticket: 8940 (new)
| -rw-r--r-- | src/windows/installer/wix/config.wxi | 3 | ||||
| -rw-r--r-- | src/windows/installer/wix/features.wxi | 1 | ||||
| -rw-r--r-- | src/windows/installer/wix/files.wxi | 4 | ||||
| -rw-r--r-- | src/windows/installer/wix/msi-deployment-guide.txt | 21 | ||||
| -rw-r--r-- | src/windows/installer/wix/platform.wxi | 2 | ||||
| -rw-r--r-- | src/windows/installer/wix/property.wxi | 1 | ||||
| -rw-r--r-- | src/windows/leash/Leash.cpp | 132 | ||||
| -rw-r--r-- | src/windows/leash/Leash.h | 1 | ||||
| -rw-r--r-- | src/windows/leash/Leash.rc | 8 | ||||
| -rw-r--r-- | src/windows/leash/LeashView.cpp | 116 | ||||
| -rw-r--r-- | src/windows/leash/LeashView.h | 4 | ||||
| -rw-r--r-- | src/windows/leash/Lglobals.h | 3 | ||||
| -rw-r--r-- | src/windows/leash/res/import.ico | bin | 2862 -> 0 bytes | |||
| -rw-r--r-- | src/windows/leash/res/import_disabled.ico | bin | 2862 -> 0 bytes | |||
| -rw-r--r-- | src/windows/leash/resource.h | 9 | ||||
| -rw-r--r-- | src/windows/leashdll/krb5routines.c | 65 | ||||
| -rw-r--r-- | src/windows/leashdll/leash-int.h | 2 | ||||
| -rw-r--r-- | src/windows/leashdll/lsh_pwd.rc | 1 | ||||
| -rw-r--r-- | src/windows/leashdll/lshfunc.c | 167 |
19 files changed, 22 insertions, 518 deletions
diff --git a/src/windows/installer/wix/config.wxi b/src/windows/installer/wix/config.wxi index f7ee93d..c789668 100644 --- a/src/windows/installer/wix/config.wxi +++ b/src/windows/installer/wix/config.wxi @@ -104,9 +104,6 @@ <?ifndef LeashLockFileLocations?> <?define LeashLockFileLocations="0"?> <?endif?> - <?ifndef LeashMsLsaImport?> - <?define LeashMsLsaImport="2"?> - <?endif?> <?ifndef LeashLifetime?> <?define LeashLifetime="0"?> <?endif?> diff --git a/src/windows/installer/wix/features.wxi b/src/windows/installer/wix/features.wxi index 5aa5f6f..5b0747a 100644 --- a/src/windows/installer/wix/features.wxi +++ b/src/windows/installer/wix/features.wxi @@ -103,7 +103,6 @@ <!-- Leash config options --> <ComponentRef Id="rcm_leash_2" /> <ComponentRef Id="rcm_leash_3" /> - <ComponentRef Id="rcm_leash_6" /> <ComponentRef Id="cmf_leash32_chm" /> diff --git a/src/windows/installer/wix/files.wxi b/src/windows/installer/wix/files.wxi index ad656a1..947bed5 100644 --- a/src/windows/installer/wix/files.wxi +++ b/src/windows/installer/wix/files.wxi @@ -185,10 +185,6 @@ <RegistryValue Id="reg_leash_3" Root="HKLM" Key="Software\MIT\Leash32\Settings" Name="AutoRenewTickets" Type="integer" Value="[LEASHAUTORENEWTICKETS]" KeyPath="yes"/> <Condition>LEASHAUTORENEWTICKETS</Condition> </Component> - <Component Id="rcm_leash_6" Guid="$(var.rcm_leash_6_guid)" DiskId="1"> - <RegistryValue Id="reg_leash_6" Root="HKLM" Key="Software\MIT\Leash" Name="MsLsaImport" Type="integer" Value="[LEASHMSLSAIMPORT]" KeyPath="yes"/> - <Condition>LEASHMSLSAIMPORT</Condition> - </Component> <Component Id="csc_LeashStartup" Guid="$(var.csc_LeashStartup_guid)" DiskId="1"> <RegistryValue Id="reg_sc_leash_marker" Root="HKCU" Key="$(var.KfwRegRoot)\Client\$(var.VersionString)" Name="LeashAutoStart" Type="integer" Value="1" KeyPath="yes" /> <Shortcut Id="sc_leash_exe_startup" Advertise="no" Directory="StartupFolder" Name="MIT Kerberos.lnk" Arguments="[LEASHAUTOINIT]" Target="[dirbin]MIT Kerberos.exe" Show="minimized" /> diff --git a/src/windows/installer/wix/msi-deployment-guide.txt b/src/windows/installer/wix/msi-deployment-guide.txt index fd376a6..2d3bb86 100644 --- a/src/windows/installer/wix/msi-deployment-guide.txt +++ b/src/windows/installer/wix/msi-deployment-guide.txt @@ -180,10 +180,6 @@ Kerberos for Windows Setting: automatic ticket renewal Values : '0' or '1' - LEASHMSLSAIMPORT - Setting: automatic importation of MSLSA credentials - Values : '0', '1' or '2' - 2.1.3 Leash32 DLL properties LEASHLIFETIME @@ -650,23 +646,6 @@ Kerberos for Windows If '1', creates any missing configuration files. - Value : MsLsaImport - Type : DWORD (0, 1 or 2) - Default : 1 - - Controls how credentials are imported from the MSLSA cache. - This setting can be one of the following. - - 0 : Never - 1 : Always - 2 : Only if the principal matches - - Note that this setting only controls how the Kerberos 5 - plug-in handles importing of credentials from the MSLSA cache. - Whether or not credentials are imported at start-up is - controlled via general NetIDMgr settings as described in - section 3.1.1. - Value : MsLsaList Type : DWORD (0 or 1) Default : 1 diff --git a/src/windows/installer/wix/platform.wxi b/src/windows/installer/wix/platform.wxi index 493354e..8d21fd2 100644 --- a/src/windows/installer/wix/platform.wxi +++ b/src/windows/installer/wix/platform.wxi @@ -66,7 +66,6 @@ <?define rcm_leash_3_guid="66D97178-E735-499b-961F-C7B8B8074E1A"?> <?define rcm_leash_4_guid="D20180CC-B68D-4a6d-95E4-5EB07B9EADCD"?> <?define rcm_leash_5_guid="AF3B73AE-86ED-42f5-987A-9831B8799D2F"?> - <?define rcm_leash_6_guid="0C72D4F8-096B-4295-8F0A-6B5723A8593D"?> <?define csc_LeashStartup_guid="228192C5-D847-4c46-A726-0E8211742349"?> <?define cmf_leash32_hlp_guid="EF1B0ED6-9C01-4adb-9F11-C3FF07F669D5"?> <?define cmf_leash32_chm_guid="769B54EB-9B96-4abe-9B72-9EF346C8C03D"?> @@ -142,7 +141,6 @@ <?define rcm_leash_3_guid="9610A7E3-251F-4286-B776-1C3AF5DE7815"?> <?define rcm_leash_4_guid="815AED84-2437-4EBC-B561-F847833DB3A5"?> <?define rcm_leash_5_guid="A0D3D75F-762E-4D5C-909B-53E7396CEDB6"?> - <?define rcm_leash_6_guid="F675C145-6F9D-4BC4-9DA0-CAFB47A96A71"?> <?define csc_LeashStartup_guid="0DF73BCD-F34E-4B01-AA71-0EE08EB62F70"?> <?define cmf_leash32_hlp_guid="919616D6-1605-4A79-8E33-C18A0D0F25E3"?> <?define cmf_leash32_chm_guid="C50E5E0A-B822-4419-855B-1713637BCA6A"?> diff --git a/src/windows/installer/wix/property.wxi b/src/windows/installer/wix/property.wxi index 2ed32f7..6c362f9 100644 --- a/src/windows/installer/wix/property.wxi +++ b/src/windows/installer/wix/property.wxi @@ -60,7 +60,6 @@ <?ifdef UseDefaultProperties?> <Property Id="LEASHCREATEMISSINGCONFIG" Admin="yes" Secure="yes">$(var.LeashCreateMissingConfig)</Property> <Property Id="LEASHAUTORENEWTICKETS" Admin="yes" Secure="yes">$(var.LeashAutoRenewTickets)</Property> - <Property Id="LEASHMSLSAIMPORT" Admin="yes" Secure="yes">$(var.LeashMsLsaImport)</Property> <Property Id="LEASHLIFETIME" Admin="yes" Secure="yes">$(var.LeashLifetime)</Property> <Property Id="LEASHRENEWTILL" Admin="yes" Secure="yes">$(var.LeashRenewTill)</Property> <Property Id="LEASHRENEWABLE" Admin="yes" Secure="yes">$(var.LeashRenewable)</Property> diff --git a/src/windows/leash/Leash.cpp b/src/windows/leash/Leash.cpp index 5aada73..9ba1e9a 100644 --- a/src/windows/leash/Leash.cpp +++ b/src/windows/leash/Leash.cpp @@ -238,26 +238,6 @@ BOOL CLeashApp::InitInstance() } return TRUE; } - else if (0 == stricmp(optionParam+1, "ms2mit") || - 0 == stricmp(optionParam+1, "import") || - 0 == stricmp(optionParam+1, "m")) - { - if (!pLeash_importable()) { - MessageBox(hMsg, - "The Microsoft Logon Session does not support importing Ticket Getting Tickets!", - "Error", MB_OK); - return FALSE; - } - - if (!pLeash_import()) - { - MessageBox(hMsg, - "There was an error importing tickets from the Microsoft Logon Session!", - "Error", MB_OK); - return FALSE; - } - return TRUE; - } else if (0 == stricmp(optionParam+1, "destroy") || 0 == stricmp(optionParam+1, "d")) { @@ -306,8 +286,7 @@ BOOL CLeashApp::InitInstance() "'-renew' or '-r' to perform ticket renewal (and exit)\n" "'-destroy' or '-d' to perform ticket destruction (and exit)\n" "'-autoinit' or '-a' to perform automatic ticket initialization\n" - "'-console' or '-c' to attach a console for debugging\n" - "'-ms2mit' or '-import' or '-m' to perform ticket importation (and exit)", + "'-console' or '-c' to attach a console for debugging\n", "MIT Kerberos Error", MB_OK); return FALSE; } @@ -318,8 +297,7 @@ BOOL CLeashApp::InitInstance() "'-kinit' or '-i' to perform ticket initialization (and exit)\n" "'-renew' or '-r' to perform ticket renewal (and exit)\n" "'-destroy' or '-d' to perform ticket destruction (and exit)\n" - "'-autoinit' or '-a' to perform automatic ticket initialization\n" - "'-ms2mit' or '-import' or '-m' to perform ticket importation (and exit)", + "'-autoinit' or '-a' to perform automatic ticket initialization\n", "MIT Kerberos Error", MB_OK); return FALSE; } @@ -394,8 +372,8 @@ BOOL CLeashApp::InitInstance() if (!ProcessShellCommand(cmdInfo)) return FALSE; - // Check to see if there are any tickets in the cache - // If not and the Windows Logon Session is Kerberos authenticated attempt an import + // Check to see if there are any tickets in the cache. If not and + // autoinitialization is enabled, display the initial tickets dialog. { if (WaitForSingleObject( ticketinfo.lockObj, INFINITE ) != WAIT_OBJECT_0) throw("Unable to lock ticketinfo"); @@ -404,57 +382,6 @@ BOOL CLeashApp::InitInstance() LeashKRB5FreeTicketInfo(&ticketinfo.Krb5); ReleaseMutex(ticketinfo.lockObj); - DWORD dwMsLsaImport = pLeash_get_default_mslsa_import(); - - if ( b_autoinit && dwMsLsaImport && pLeash_importable() ) { - // We have the option of importing tickets from the MSLSA - // but should we? Do the tickets in the MSLSA cache belong - // to the default realm used by Leash? If so, import. - int import = 0; - - if ( dwMsLsaImport == 1 ) { /* always import */ - import = 1; - } else if ( dwMsLsaImport == 2 ) { /* import when realms match */ - krb5_error_code code; - krb5_ccache mslsa_ccache=0; - krb5_principal princ = 0; - char ms_realm[128] = "", *def_realm = 0, *r; - int i; - - if (code = pkrb5_cc_resolve(CLeashApp::m_krbv5_context, "MSLSA:", &mslsa_ccache)) - goto cleanup; - - if (code = pkrb5_cc_get_principal(CLeashApp::m_krbv5_context, mslsa_ccache, &princ)) - goto cleanup; - - for ( r=ms_realm, i=0; i<krb5_princ_realm(CLeashApp::m_krb5v5_context, princ)->length; r++, i++ ) { - *r = krb5_princ_realm(CLeashApp::m_krb5v5_context, princ)->data[i]; - } - *r = '\0'; - - if (code = pkrb5_get_default_realm(CLeashApp::m_krbv5_context, &def_realm)) - goto cleanup; - - import = !strcmp(def_realm, ms_realm); - - cleanup: - if (def_realm) - pkrb5_free_default_realm(CLeashApp::m_krbv5_context, def_realm); - - if (princ) - pkrb5_free_principal(CLeashApp::m_krbv5_context, princ); - - if (mslsa_ccache) - pkrb5_cc_close(CLeashApp::m_krbv5_context, mslsa_ccache); - } - - if (import && pLeash_import()) { - CLeashView::m_importedTickets = 1; - ::PostMessage(m_pMainWnd->m_hWnd, WM_COMMAND, ID_UPDATE_DISPLAY, 0); - b_autoinit = FALSE; - } - } - if (autoInit) { if ( b_autoinit ) AfxBeginThread(InitWorker, m_pMainWnd->m_hWnd); @@ -487,9 +414,6 @@ DECL_FUNC_PTR(Leash_kinit_dlg_ex); DECL_FUNC_PTR(Leash_timesync); DECL_FUNC_PTR(Leash_get_default_uppercaserealm); DECL_FUNC_PTR(Leash_set_default_uppercaserealm); -DECL_FUNC_PTR(Leash_get_default_mslsa_import); -DECL_FUNC_PTR(Leash_import); -DECL_FUNC_PTR(Leash_importable); DECL_FUNC_PTR(Leash_renew); FUNC_INFO leash_fi[] = { @@ -501,9 +425,6 @@ FUNC_INFO leash_fi[] = { MAKE_FUNC_INFO(Leash_timesync), MAKE_FUNC_INFO(Leash_get_default_uppercaserealm), MAKE_FUNC_INFO(Leash_set_default_uppercaserealm), - MAKE_FUNC_INFO(Leash_get_default_mslsa_import), - MAKE_FUNC_INFO(Leash_import), - MAKE_FUNC_INFO(Leash_importable), MAKE_FUNC_INFO(Leash_renew), END_FUNC_INFO }; @@ -1153,40 +1074,17 @@ CLeashApp::ObtainTicketsViaUserIfNeeded(HWND hWnd) LeashKRB5FreeTicketInfo(&ticketinfo.Krb5); ReleaseMutex(ticketinfo.lockObj); - if ( !btickets ) { - if ( pLeash_importable() ) { - if (pLeash_import()) - CLeashView::m_importedTickets = 1; - } - else if ( ProbeKDC() ) { - LSH_DLGINFO_EX ldi; - ldi.size = LSH_DLGINFO_EX_V1_SZ; - ldi.dlgtype = DLGTYPE_PASSWD; - ldi.title = "MIT Kerberos: Get Ticket"; - ldi.username = NULL; - ldi.realm = NULL; - ldi.dlgtype = DLGTYPE_PASSWD; - ldi.use_defaults = 1; - - pLeash_kinit_dlg_ex(hWnd, &ldi); - } - } else { - if ( CLeashView::m_importedTickets && pLeash_importable() ) { - if (pLeash_import()) - CLeashView::m_importedTickets = 1; - } - else if ( ProbeKDC() && !pLeash_renew() ) { - LSH_DLGINFO_EX ldi; - ldi.size = LSH_DLGINFO_EX_V1_SZ; - ldi.dlgtype = DLGTYPE_PASSWD; - ldi.title = "MIT Kerberos: Get Ticket"; - ldi.username = NULL; - ldi.realm = NULL; - ldi.dlgtype = DLGTYPE_PASSWD; - ldi.use_defaults = 1; - - pLeash_kinit_dlg_ex(hWnd, &ldi); - } + if (ProbeKDC() && (!btickets || !pLeash_renew())) { + LSH_DLGINFO_EX ldi; + ldi.size = LSH_DLGINFO_EX_V1_SZ; + ldi.dlgtype = DLGTYPE_PASSWD; + ldi.title = "MIT Kerberos: Get Ticket"; + ldi.username = NULL; + ldi.realm = NULL; + ldi.dlgtype = DLGTYPE_PASSWD; + ldi.use_defaults = 1; + + pLeash_kinit_dlg_ex(hWnd, &ldi); } return; } diff --git a/src/windows/leash/Leash.h b/src/windows/leash/Leash.h index c2b5f16..801df5f 100644 --- a/src/windows/leash/Leash.h +++ b/src/windows/leash/Leash.h @@ -27,7 +27,6 @@ // Help #define HID_GET_TICKETS_COMMAND 98343 // ID_INIT_TICKET + 65536 #define HID_RENEW_TICKETS_COMMAND 98312 // ID_RENEW_TICKET + 65536 -#define HID_IMPORT_TICKETS_COMMAND 98342 // ID_IMPORT_TICKET + 65536 #define HID_DESTROY_TICKETS_COMMAND 98313 #define HID_SYNCHRONIZE_TIME_OPTION 98314 #define HID_CHANGE_PASSWORD_COMMAND 98315 diff --git a/src/windows/leash/Leash.rc b/src/windows/leash/Leash.rc index b6ee1a0..a140dfc 100644 --- a/src/windows/leash/Leash.rc +++ b/src/windows/leash/Leash.rc @@ -86,14 +86,12 @@ IDI_LEASH_TICKET_SESSION ICON "res\\key.ico" IDI_LEASH_TICKET_ENCRYPTION ICON "res\\encryption.ico" IDI_TOOLBAR_INIT ICON "res\\new.ico" IDI_TOOLBAR_RENEW ICON "res\\renew.ico" -IDI_TOOLBAR_IMPORT ICON "res\\import.ico" IDI_TOOLBAR_DESTROY ICON "res\\destroy.ico" IDI_TOOLBAR_PASSWORD ICON "res\\password.ico" IDI_TOOLBAR_REFRESH ICON "res\\refresh.ico" IDI_TOOLBAR_SYNC ICON "res\\sync.ico" IDI_TOOLBAR_INIT_DISABLED ICON "res\\new_disabled.ico" IDI_TOOLBAR_RENEW_DISABLED ICON "res\\renew_disabled.ico" -IDI_TOOLBAR_IMPORT_DISABLED ICON "res\\import_disabled.ico" IDI_TOOLBAR_DESTROY_DISABLED ICON "res\\destroy_disabled.ico" IDI_TOOLBAR_PASSWORD_DISABLED ICON "res\\password_disabled.ico" IDI_TOOLBAR_REFRESH_DISABLED ICON "res\\refresh_disabled.ico" @@ -110,7 +108,6 @@ BEGIN BEGIN MENUITEM "&Get Ticket(s)\tCtrl+T", ID_INIT_TICKET MENUITEM "&Renew Ticket(s)\tCtrl+R", ID_RENEW_TICKET - MENUITEM "&Import Ticket(s)\tCtrl+I", ID_IMPORT_TICKET MENUITEM "&Destroy Ticket(s)\tCtrl+D", ID_DESTROY_TICKET MENUITEM SEPARATOR MENUITEM "&Change Password...", ID_CHANGE_PASSWORD @@ -155,7 +152,6 @@ IDR_MAINFRAME ACCELERATORS BEGIN "C", ID_EDIT_COPY, VIRTKEY, CONTROL, NOINVERT "D", ID_DESTROY_TICKET, VIRTKEY, CONTROL, NOINVERT - "I", ID_IMPORT_TICKET, VIRTKEY, CONTROL, NOINVERT "M", ID_MAKE_DEFAULT, VIRTKEY, CONTROL, NOINVERT "N", ID_FILE_NEW, VIRTKEY, CONTROL, NOINVERT "O", ID_FILE_OPEN, VIRTKEY, CONTROL, NOINVERT @@ -629,7 +625,6 @@ IDR_MAINFRAME TOOLBAR 18, 18 BEGIN BUTTON ID_INIT_TICKET BUTTON ID_RENEW_TICKET - BUTTON ID_IMPORT_TICKET BUTTON ID_DESTROY_TICKET SEPARATOR BUTTON ID_CHANGE_PASSWORD @@ -690,7 +685,6 @@ END STRINGTABLE BEGIN ID_PROPERTIES "Enables you to change settings" - ID_IMPORT_TICKET "import tickets from your Windows Logon Session.\n Import Tickets" ID_INIT_TICKET "Obtain a new ticket\n Get Ticket" ID_AUTO_RENEW "Automatically attempt to renew tickets.\n Automatic Ticket Renewal" ID_TIME_ISSUED "Display column showing when your tickets will expire.\n Issued" @@ -734,9 +728,7 @@ END STRINGTABLE BEGIN ID_MAKE_DEFAULT "Make the selected principal the default principal.\n Make Default" - ID_IMPORT_TICKETS "Automatically import tickets from your Windows Logon Session.\n Import Tickets" ID_EXPORT_TICKET "Export tickets to your Windows Logon Sesion.\n Export Tickets" - ID_AUTO_IMPORT_TICKET "Automatically import tickets from your Windows Logon Session.\n Automatic Import Tickets" END #endif // English (United States) resources diff --git a/src/windows/leash/LeashView.cpp b/src/windows/leash/LeashView.cpp index c175f2c..9413d75 100644 --- a/src/windows/leash/LeashView.cpp +++ b/src/windows/leash/LeashView.cpp @@ -48,7 +48,6 @@ BEGIN_MESSAGE_MAP(CLeashView, CListView) ON_WM_SHOWWINDOW() ON_COMMAND(ID_INIT_TICKET, OnInitTicket) ON_COMMAND(ID_RENEW_TICKET, OnRenewTicket) - ON_COMMAND(ID_IMPORT_TICKET, OnImportTicket) ON_COMMAND(ID_DESTROY_TICKET, OnDestroyTicket) ON_COMMAND(ID_CHANGE_PASSWORD, OnChangePassword) ON_COMMAND(ID_MAKE_DEFAULT, OnMakeDefault) @@ -74,7 +73,6 @@ BEGIN_MESSAGE_MAP(CLeashView, CListView) ON_UPDATE_COMMAND_UI(ID_KILL_TIX_ONEXIT, OnUpdateKillTixOnExit) ON_WM_DESTROY() ON_UPDATE_COMMAND_UI(ID_DESTROY_TICKET, OnUpdateDestroyTicket) - ON_UPDATE_COMMAND_UI(ID_IMPORT_TICKET, OnUpdateImportTicket) ON_UPDATE_COMMAND_UI(ID_INIT_TICKET, OnUpdateInitTicket) ON_UPDATE_COMMAND_UI(ID_RENEW_TICKET, OnUpdateRenewTicket) ON_COMMAND(ID_APP_ABOUT, OnAppAbout) @@ -117,7 +115,6 @@ INT CLeashView::m_alreadyPlayedDisplayCount; INT CLeashView::m_autoRenewTickets = 0; BOOL CLeashView::m_lowTicketAlarmSound; INT CLeashView::m_autoRenewalAttempted = 0; -BOOL CLeashView::m_importedTickets = 0; LONG CLeashView::m_timerMsgNotInProgress = 1; ViewColumnInfo CLeashView::sm_viewColumns[] = { @@ -329,7 +326,6 @@ CLeashView::CLeashView() m_debugWindow = 0; m_upperCaseRealm = 0; m_lowTicketAlarm = 0; - m_importedTickets = 0; m_pDebugWindow = NULL; m_pDebugWindow = new CLeashDebugWindow(this); @@ -573,8 +569,6 @@ VOID CLeashView::OnInitTicket() UINT CLeashView::InitTicket(void * hWnd) { - m_importedTickets = 0; - LSH_DLGINFO_EX ldi; char username[64]; char realm[192]; @@ -637,82 +631,6 @@ UINT CLeashView::InitTicket(void * hWnd) return 0; } -VOID CLeashView::OnImportTicket() -{ - try { - ImportTicket(m_hWnd); - } - catch(...) { - AfxMessageBox("Ticket Getting operation already in progress", MB_OK|MB_ICONWARNING, 0); - } -} - -UINT CLeashView::ImportTicket(void * hWnd) -{ - if ( !CLeashApp::m_hKrb5DLL ) - return 0; - - krb5_error_code code; - krb5_ccache mslsa_ccache=0; - krb5_principal princ = 0; - char * pname = 0; - - if (code = pkrb5_cc_resolve(CLeashApp::m_krbv5_context, "MSLSA:", &mslsa_ccache)) - goto cleanup; - - if (code = pkrb5_cc_get_principal(CLeashApp::m_krbv5_context, mslsa_ccache, &princ)) - goto cleanup; - - if (code = pkrb5_unparse_name(CLeashApp::m_krbv5_context, princ, &pname)) - goto cleanup; - -cleanup: - if (pname) - pkrb5_free_unparsed_name(CLeashApp::m_krbv5_context, pname); - - if (princ) - pkrb5_free_principal(CLeashApp::m_krbv5_context, princ); - - if (mslsa_ccache) - pkrb5_cc_close(CLeashApp::m_krbv5_context, mslsa_ccache); - - if ( code == 0 ) { - int result = pLeash_import(); - if (-1 == result) - { - AfxMessageBox("There is a problem importing tickets!", - MB_OK|MB_ICONSTOP); - ::SendMessage((HWND)hWnd,WM_COMMAND, ID_UPDATE_DISPLAY, 0); - m_importedTickets = 0; - } - else - { - if (WaitForSingleObject( ticketinfo.lockObj, INFINITE ) != WAIT_OBJECT_0) { - throw("Unable to lock ticketinfo"); - } - ticketinfo.Krb5.btickets = GOOD_TICKETS; - m_warningOfTicketTimeLeftKrb5 = 0; - m_ticketStatusKrb5 = 0; - ReleaseMutex(ticketinfo.lockObj); - ::SendMessage((HWND)hWnd, WM_COMMAND, ID_UPDATE_DISPLAY, 0); - - if (WaitForSingleObject( ticketinfo.lockObj, INFINITE ) != WAIT_OBJECT_0) { - throw("Unable to lock ticketinfo"); - } - - if (ticketinfo.Krb5.btickets != GOOD_TICKETS) { - ReleaseMutex(ticketinfo.lockObj); - AfxBeginThread(InitTicket,hWnd); - } else { - ReleaseMutex(ticketinfo.lockObj); - m_importedTickets = 1; - m_autoRenewalAttempted = 0; - } - } - } - return 0; -} - static UINT krenew(void *param) { char *ccache_name = (char *)param; @@ -723,9 +641,6 @@ static UINT krenew(void *param) krb5_creds my_creds; krb5_data *realm = 0; - // @TODO: logic to check for imported tickets and auto-renew/re-import - // from MSLSA - memset(&my_creds, 0, sizeof(krb5_creds)); if (ccache_name == NULL) // Bad param @@ -838,12 +753,7 @@ UINT CLeashView::RenewTicket(void * hWnd) return 0; } - // If imported from Kerberos LSA, re-import - // Otherwise, init the tickets - if ( m_importedTickets ) - AfxBeginThread(ImportTicket,hWnd); - else - AfxBeginThread(InitTicket,hWnd); + AfxBeginThread(InitTicket,hWnd); return 0; } @@ -906,7 +816,6 @@ VOID CLeashView::OnDestroyTicket() SendMessage(WM_COMMAND, ID_UPDATE_DISPLAY, 0); } } - m_importedTickets = 0; m_autoRenewalAttempted = 0; } @@ -1806,24 +1715,6 @@ VOID CLeashView::OnUpdateRenewTicket(CCmdUI* pCmdUI) pCmdUI->Enable(enable); } -VOID CLeashView::OnUpdateImportTicket(CCmdUI* pCmdUI) -{ - bool ccIsMSLSA = false; - - if (CLeashApp::m_krbv5_context) - { - const char *ccName = pkrb5_cc_default_name(CLeashApp::m_krbv5_context); - - if (ccName) - ccIsMSLSA = !strcmp(ccName, "MSLSA:"); - } - - if (!CLeashApp::m_hKrbLSA || !pLeash_importable() || ccIsMSLSA) - pCmdUI->Enable(FALSE); - else - pCmdUI->Enable(TRUE); -} - LRESULT CLeashView::OnGoodbye(WPARAM wParam, LPARAM lParam) { m_pDebugWindow->DestroyWindow(); @@ -1877,11 +1768,6 @@ LRESULT CLeashView::OnTrayIcon(WPARAM wParam, LPARAM lParam) else nFlags = MF_STRING; menu->AppendMenu(nFlags, ID_RENEW_TICKET, "&Renew Tickets"); - if (!CLeashApp::m_hKrbLSA || !pLeash_importable()) - nFlags = MF_STRING | MF_GRAYED; - else - nFlags = MF_STRING; - menu->AppendMenu(MF_STRING, ID_IMPORT_TICKET, "&Import Tickets"); if (!ticketinfo.Krb5.btickets) nFlags = MF_STRING | MF_GRAYED; else diff --git a/src/windows/leash/LeashView.h b/src/windows/leash/LeashView.h index 2caecef..48107e7 100644 --- a/src/windows/leash/LeashView.h +++ b/src/windows/leash/LeashView.h @@ -224,8 +224,6 @@ protected: // create from serialization only // Attributes public: - static BOOL m_importedTickets; - CLeashView(); //LeashDoc* GetDocument(); @@ -267,7 +265,6 @@ protected: afx_msg VOID OnClose(void); afx_msg VOID OnInitTicket(); afx_msg VOID OnRenewTicket(); - afx_msg VOID OnImportTicket(); afx_msg VOID OnDestroyTicket(); afx_msg VOID OnMakeDefault(); afx_msg VOID OnChangePassword(); @@ -285,7 +282,6 @@ protected: afx_msg VOID OnKillTixOnExit(); afx_msg VOID OnDestroy(); afx_msg VOID OnUpdateDestroyTicket(CCmdUI* pCmdUI); - afx_msg VOID OnUpdateImportTicket(CCmdUI* pCmdUI); afx_msg VOID OnUpdateInitTicket(CCmdUI* pCmdUI); afx_msg VOID OnUpdateRenewTicket(CCmdUI* pCmdUI); afx_msg VOID OnUpdateTimeIssued(CCmdUI* pCmdUI); diff --git a/src/windows/leash/Lglobals.h b/src/windows/leash/Lglobals.h index c462722..1fe0101 100644 --- a/src/windows/leash/Lglobals.h +++ b/src/windows/leash/Lglobals.h @@ -68,9 +68,6 @@ extern DECL_FUNC_PTR(Leash_kinit_dlg_ex); extern DECL_FUNC_PTR(Leash_timesync); extern DECL_FUNC_PTR(Leash_get_default_uppercaserealm); extern DECL_FUNC_PTR(Leash_set_default_uppercaserealm); -extern DECL_FUNC_PTR(Leash_get_default_mslsa_import); -extern DECL_FUNC_PTR(Leash_import); -extern DECL_FUNC_PTR(Leash_importable); extern DECL_FUNC_PTR(Leash_renew); // psapi functions diff --git a/src/windows/leash/res/import.ico b/src/windows/leash/res/import.ico Binary files differdeleted file mode 100644 index dd6ed29..0000000 --- a/src/windows/leash/res/import.ico +++ /dev/null diff --git a/src/windows/leash/res/import_disabled.ico b/src/windows/leash/res/import_disabled.ico Binary files differdeleted file mode 100644 index 9364bda..0000000 --- a/src/windows/leash/res/import_disabled.ico +++ /dev/null diff --git a/src/windows/leash/resource.h b/src/windows/leash/resource.h index 5b4a3e7..146c539 100644 --- a/src/windows/leash/resource.h +++ b/src/windows/leash/resource.h @@ -52,14 +52,12 @@ #define IDB_BITMAP1 239 #define IDI_TOOLBAR_INIT 240 #define IDI_TOOLBAR_RENEW 241 -#define IDI_TOOLBAR_IMPORT 242 #define IDI_TOOLBAR_DESTROY 243 #define IDI_TOOLBAR_PASSWORD 244 #define IDI_TOOLBAR_REFRESH 245 #define IDI_TOOLBAR_SYNC 246 #define IDI_TOOLBAR_INIT_DISABLED 247 #define IDI_TOOLBAR_RENEW_DISABLED 248 -#define IDI_TOOLBAR_IMPORT_DISABLED 249 #define IDI_TOOLBAR_DESTROY_DISABLED 250 #define IDI_TOOLBAR_PASSWORD_DISABLED 251 #define IDI_TOOLBAR_REFRESH_DISABLED 252 @@ -262,9 +260,6 @@ #define IDC_EDIT_RENEW_MAX_M 1200 #define IDC_EDIT_LIFETIME_M 1201 #define IDC_EDIT_RENEWTILL_M 1202 -#define IDC_RADIO_MSLSA_IMPORT_OFF 1203 -#define IDC_RADIO_MSLSA_IMPORT_ON 1204 -#define IDC_RADIO_MSLSA_IMPORT_MATCH 1205 #define IDC_STATIC_LEASH_MSLSA 1206 #define IDC_LEASH_MAINVIEW 1207 #define IDC_LIST3 1208 @@ -297,7 +292,6 @@ #define ID_HELP_FIND 32803 #define ID_HELP_LEASH32 32804 #define ID_HELP_WHYUSELEASH32 32805 -#define ID_IMPORT_TICKET 32806 #define ID_INIT_TICKET 32807 #define ID_AUTO_RENEW 32808 #define ID_OBTAIN_TGT_WITH_LPARAM 32809 @@ -312,10 +306,7 @@ #define ID_VALID_UNTIL 32828 #define ID_MAKE_DEFAULT 32835 #define ID_CHECK2 32836 -#define ID_IMPORT_TICKETS 32836 #define ID_EXPORT_TICKET 32837 -#define ID_AUTO_IMPORT_TICKET 32838 -#define ID_AUTO_IMPORT_TICKETS 32840 #define ID_CCACHE_NAME 32841 // Next default values for new objects diff --git a/src/windows/leashdll/krb5routines.c b/src/windows/leashdll/krb5routines.c index 587f044..4380d29 100644 --- a/src/windows/leashdll/krb5routines.c +++ b/src/windows/leashdll/krb5routines.c @@ -487,71 +487,6 @@ Leash_krb5_error(krb5_error_code rc, LPCSTR FailedFunctionName, } -BOOL -Leash_ms2mit(BOOL save_creds) -{ - krb5_context kcontext = 0; - krb5_error_code code; - krb5_ccache ccache=0; - krb5_ccache mslsa_ccache=0; - krb5_creds creds; - krb5_cc_cursor cursor=0; - krb5_principal princ = 0; - BOOL rc = FALSE; - - if ( !pkrb5_init_context ) - goto cleanup; - - if (code = pkrb5_init_context(&kcontext)) - goto cleanup; - - if (code = pkrb5_cc_resolve(kcontext, "MSLSA:", &mslsa_ccache)) - goto cleanup; - - if ( save_creds ) { - if (code = pkrb5_cc_get_principal(kcontext, mslsa_ccache, &princ)) - goto cleanup; - - if (code = pkrb5_cc_default(kcontext, &ccache)) - goto cleanup; - - if (code = pkrb5_cc_initialize(kcontext, ccache, princ)) - goto cleanup; - - if (code = pkrb5_cc_copy_creds(kcontext, mslsa_ccache, ccache)) - goto cleanup; - - rc = TRUE; - } else { - /* Enumerate tickets from cache looking for an initial ticket */ - if ((code = pkrb5_cc_start_seq_get(kcontext, mslsa_ccache, &cursor))) - goto cleanup; - - while (!(code = pkrb5_cc_next_cred(kcontext, mslsa_ccache, &cursor, &creds))) - { - if ( creds.ticket_flags & TKT_FLG_INITIAL ) { - rc = TRUE; - pkrb5_free_cred_contents(kcontext, &creds); - break; - } - pkrb5_free_cred_contents(kcontext, &creds); - } - pkrb5_cc_end_seq_get(kcontext, mslsa_ccache, &cursor); - } - - cleanup: - if (princ) - pkrb5_free_principal(kcontext, princ); - if (ccache) - pkrb5_cc_close(kcontext, ccache); - if (mslsa_ccache) - pkrb5_cc_close(kcontext, mslsa_ccache); - if (kcontext) - pkrb5_free_context(kcontext); - return(rc); -} - - /* User Query data structures and functions */ struct textField { diff --git a/src/windows/leashdll/leash-int.h b/src/windows/leashdll/leash-int.h index d914f7d..a2f33b2 100644 --- a/src/windows/leashdll/leash-int.h +++ b/src/windows/leashdll/leash-int.h @@ -29,7 +29,6 @@ extern char KRB_HelpFile[_MAX_PATH]; // Function Prototypes. int DoNiftyErrorReport(long errnum, LPSTR what); LONG Leash_timesync(int); -BOOL Leash_ms2mit(BOOL); // Crap... #include <krb5.h> @@ -247,7 +246,6 @@ cc_free_NC_info, /* Must match the values used in Leash32.exe */ #define LEASH_SETTINGS_REGISTRY_KEY_NAME "Software\\MIT\\Leash32\\Settings" #define LEASH_SETTINGS_REGISTRY_VALUE_UPPERCASEREALM "UpperCaseRealm" -#define LEASH_SETTINGS_REGISTRY_VALUE_MSLSA_IMPORT "MsLsaImport" /* These values are defined and used within Leashw32.dll */ #define LEASH_REGISTRY_KEY_NAME "Software\\MIT\\Leash" diff --git a/src/windows/leashdll/lsh_pwd.rc b/src/windows/leashdll/lsh_pwd.rc index d08378d..5fdf346 100644 --- a/src/windows/leashdll/lsh_pwd.rc +++ b/src/windows/leashdll/lsh_pwd.rc @@ -224,7 +224,6 @@ BEGIN LSH_DEFAULT_DIALOG_RENEW_MAX "43200" LSH_DEFAULT_TICKET_RENEW "1" LSH_DEFAULT_UPPERCASEREALM "1" - LSH_DEFAULT_MSLSA_IMPORT "2" LSH_DEFAULT_PRESERVE_KINIT "0" END diff --git a/src/windows/leashdll/lshfunc.c b/src/windows/leashdll/lshfunc.c index f2c50a2..14cb361 100644 --- a/src/windows/leashdll/lshfunc.c +++ b/src/windows/leashdll/lshfunc.c @@ -686,49 +686,17 @@ IsProcessUacLimited (void) } -// This looks really ugly because it is. The result of IsKerberosLogon() -// does not prove whether or not there are Kerberos tickets available to -// be imported. Only the call to Leash_ms2mit() which actually attempts -// to import tickets can do that. However, calling Leash_ms2mit() can -// result in a TGS_REQ being sent to the KDC and since Leash_importable() -// is called quite often we want to avoid this if at all possible. -// Unfortunately, we have be shown at least one case in which the primary -// authentication package was not Kerberos and yet there were Kerberos -// tickets available. Therefore, if IsKerberosLogon() is not TRUE we -// must call Leash_ms2mit() but we still do not want to call it in a -// tight loop so we cache the response and assume it won't change. - -// 2007-03-21 -// And the nightmare goes on. On Vista the Lsa call we use to determine -// whether or not Kerberos was used for logon fails to return and worse -// corrupts the stack. Therefore, we must now test to see if the -// operating system is Vista and skip the call to IsKerberosLogon() -// if it is. long FAR Leash_importable(void) { - if (IsProcessUacLimited()) - return FALSE; - - if ( !IsWindowsVista() && IsKerberosLogon() ) - return TRUE; - else { - static int response = -1; - if (response == -1) { - response = Leash_ms2mit(0); - } - return response; - } + /* Import functionality has been removed. */ + return FALSE; } long FAR Leash_import(void) { - if ( Leash_ms2mit(1) ) { - int lifetime; - lifetime = Leash_get_default_lifetime() / 5; - return 1; - } + /* Import functionality has been removed. */ return 0; } @@ -2181,34 +2149,11 @@ Leash_get_default_uppercaserealm( return 1; } -static -BOOL -get_default_mslsa_import_from_registry( - HKEY hBaseKey, - DWORD * result - ) -{ - return get_DWORD_from_registry(hBaseKey, - LEASH_SETTINGS_REGISTRY_KEY_NAME, - LEASH_SETTINGS_REGISTRY_VALUE_MSLSA_IMPORT, - result); -} - DWORD Leash_reset_default_mslsa_import( ) { - HKEY hKey; - LONG rc; - - rc = RegOpenKeyEx(HKEY_CURRENT_USER, LEASH_SETTINGS_REGISTRY_KEY_NAME, 0, KEY_WRITE, &hKey); - if (rc) - return rc; - - rc = RegDeleteValue(hKey, LEASH_SETTINGS_REGISTRY_VALUE_MSLSA_IMPORT); - RegCloseKey(hKey); - - return rc; + return ERROR_INVALID_FUNCTION; } DWORD @@ -2216,46 +2161,14 @@ Leash_set_default_mslsa_import( DWORD onoffmatch ) { - HKEY hKey; - LONG rc; - - rc = RegCreateKeyEx(HKEY_CURRENT_USER, LEASH_SETTINGS_REGISTRY_KEY_NAME, 0, - 0, 0, KEY_WRITE, 0, &hKey, 0); - if (rc) - return rc; - - rc = RegSetValueEx(hKey, LEASH_SETTINGS_REGISTRY_VALUE_MSLSA_IMPORT, 0, REG_DWORD, - (LPBYTE) &onoffmatch, sizeof(DWORD)); - RegCloseKey(hKey); - - return rc; + return ERROR_INVALID_FUNCTION; } DWORD Leash_get_default_mslsa_import( ) { - HMODULE hmLeash; - DWORD result; - - if (get_default_mslsa_import_from_registry(HKEY_CURRENT_USER, &result) || - get_default_mslsa_import_from_registry(HKEY_LOCAL_MACHINE, &result)) - { - return result; - } - - hmLeash = GetModuleHandle(LEASH_DLL); - if (hmLeash) - { - char mslsa_import[80]; - if (LoadString(hmLeash, LSH_DEFAULT_MSLSA_IMPORT, - mslsa_import, sizeof(mslsa_import))) - { - mslsa_import[sizeof(mslsa_import) - 1] = 0; - return atoi(mslsa_import); - } - } - return 2; /* import only when mslsa realm matches default */ + return 0; } @@ -2352,7 +2265,6 @@ Leash_reset_defaults(void) Leash_reset_default_renew_min(); Leash_reset_default_renew_max(); Leash_reset_default_uppercaserealm(); - Leash_reset_default_mslsa_import(); Leash_reset_default_preserve_kinit_settings(); } @@ -2679,9 +2591,7 @@ cleanup: static void acquire_tkt_no_princ(krb5_context context, char * ccname, int cclen) { - TicketList *list = NULL; krb5_context ctx; - DWORD dwMsLsaImport = Leash_get_default_mslsa_import(); DWORD gle; char ccachename[272]=""; char loginenv[16]; @@ -2703,71 +2613,6 @@ acquire_tkt_no_princ(krb5_context context, char * ccname, int cclen) } haveTickets = cc_default_have_tickets(ctx); - if ((!haveTickets) && - dwMsLsaImport && Leash_importable() ) { - // We have the option of importing tickets from the MSLSA - // but should we? Do the tickets in the MSLSA cache belong - // to the default realm used by Leash? Does the default - // ccache name specify a principal name? Only import if we - // aren't going to break the default identity as specified - // by the user in Network Identity Manager. - int import = 0; - BOOL isCCPrinc; - - /* Determine if the default ccachename is principal name. If so, don't - * import the MSLSA: credentials into it unless the names match. - */ - isCCPrinc = (strncmp("API:",ccachename, 4) == 0 && strchr(ccachename, '@')); - - if ( dwMsLsaImport == 1 && !isCCPrinc ) { /* always import */ - import = 1; - } else if ( dwMsLsaImport ) { /* import when realms match */ - krb5_error_code code; - krb5_ccache mslsa_ccache=NULL; - krb5_principal princ = NULL; - char *mslsa_principal = NULL; - char ms_realm[128] = "", *def_realm = NULL, *r; - size_t i; - - if (code = pkrb5_cc_resolve(ctx, "MSLSA:", &mslsa_ccache)) - goto cleanup; - - if (code = pkrb5_cc_get_principal(ctx, mslsa_ccache, &princ)) - goto cleanup; - - for ( r=ms_realm, i=0; i<krb5_princ_realm(ctx, princ)->length; r++, i++ ) { - *r = krb5_princ_realm(ctx, princ)->data[i]; - } - *r = '\0'; - - if (code = pkrb5_get_default_realm(ctx, &def_realm)) - goto cleanup; - - if (code = pkrb5_unparse_name(ctx, princ, &mslsa_principal)) - goto cleanup; - - import = (!isCCPrinc && !strcmp(def_realm, ms_realm)) || - (isCCPrinc && !strcmp(&ccachename[4], mslsa_principal)); - - cleanup: - if (mslsa_principal) - pkrb5_free_unparsed_name(ctx, mslsa_principal); - - if (def_realm) - pkrb5_free_default_realm(ctx, def_realm); - - if (princ) - pkrb5_free_principal(ctx, princ); - - if (mslsa_ccache) - pkrb5_cc_close(ctx, mslsa_ccache); - } - - if ( import ) { - Leash_import(); - haveTickets = cc_default_have_tickets(ctx); - } - } if ( prompt && !haveTickets ) { acquire_tkt_send_msg(ctx, NULL, ccachename, NULL, ccname, cclen); |