pullup from trunk

ticket: 2574 version_fixed: 1.3.4 git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-3@16366 dc483132-0cff-0310-8789-dd5450dbe970
author: Tom Yu <tlyu@mit.edu> 2004-05-26 17:53:23 +0000
committer: Tom Yu <tlyu@mit.edu> 2004-05-26 17:53:23 +0000
commit: 8686f9a990a74233111b4142fbb793398b4c6aaa (patch)
tree: 6654291bfd867dd2c710a05864dd51cc693472c1 /src
parent: 4f6f620875ba9a2f1946025232daefed762fd811 (diff)
download: krb5-8686f9a990a74233111b4142fbb793398b4c6aaa.zip
krb5-8686f9a990a74233111b4142fbb793398b4c6aaa.tar.gz
krb5-8686f9a990a74233111b4142fbb793398b4c6aaa.tar.bz2
2 files changed, 31 insertions, 32 deletions
diff --git a/src/lib/krb5/ccache/ChangeLog b/src/lib/krb5/ccache/ChangeLog
index 18e15ab..1f129ea 100644
--- a/src/lib/krb5/ccache/ChangeLog
+++ b/src/lib/krb5/ccache/ChangeLog
@@ -1,3 +1,12 @@
+2004-05-25  Jeffrey Altman <jaltman@mit.edu>
+
+    * cc_mslsa.c:  GetMSTGT().  Initialize pTicketRequest to NULL 
+      to prevent it being freed prior to allocation.  Add krb5_context
+      parameter to allow krb5_get_permitted_enctype() to be called
+      instead of using a hardcoded list of enctypes which may change
+      in the future.
+      krb5_lcc_get_name(): fix return value if Kerberos is not supported.
+
 2004-05-15  Jeffrey Altman <jaltman@mit.edu>
 
     * cc_mslsa.c:  The FAILED() macro only considered an error 
diff --git a/src/lib/krb5/ccache/cc_mslsa.c b/src/lib/krb5/ccache/cc_mslsa.c
index 93a938d..1b3d759 100644
--- a/src/lib/krb5/ccache/cc_mslsa.c
+++ b/src/lib/krb5/ccache/cc_mslsa.c
@@ -592,7 +592,7 @@ PurgeMSTGT(HANDLE LogonHandle, ULONG  PackageId)
 // (ms calls this refresh).
 
 static BOOL
-GetMSTGT(HANDLE LogonHandle, ULONG PackageId,KERB_EXTERNAL_TICKET **ticket)
+GetMSTGT(krb5_context context, HANDLE LogonHandle, ULONG PackageId,KERB_EXTERNAL_TICKET **ticket)
 {
     //
     // INVARIANTS:
@@ -607,7 +607,7 @@ GetMSTGT(HANDLE LogonHandle, ULONG PackageId,KERB_EXTERNAL_TICKET **ticket)
     DWORD   Error;
 
     KERB_QUERY_TKT_CACHE_REQUEST CacheRequest;
-    PKERB_RETRIEVE_TKT_REQUEST pTicketRequest;
+    PKERB_RETRIEVE_TKT_REQUEST pTicketRequest = NULL;
     PKERB_RETRIEVE_TKT_RESPONSE pTicketResponse = NULL;
     ULONG RequestSize;
     ULONG ResponseSize;
@@ -616,6 +616,7 @@ GetMSTGT(HANDLE LogonHandle, ULONG PackageId,KERB_EXTERNAL_TICKET **ticket)
 #endif /* ENABLE_PURGING */
     int    ignore_cache = 0;
 
+    memset(&CacheRequest, 0, sizeof(KERB_QUERY_TKT_CACHE_REQUEST));
     CacheRequest.MessageType = KerbRetrieveTicketMessage;
     CacheRequest.LogonId.LowPart = 0;
     CacheRequest.LogonId.HighPart = 0;
@@ -698,15 +699,18 @@ GetMSTGT(HANDLE LogonHandle, ULONG PackageId,KERB_EXTERNAL_TICKET **ticket)
                 goto cleanup;
         }
     } else {
+        /* We have succeeded in obtaining a credential from the cache. 
+         * Assuming the enctype is one that we support and the ticket
+         * has not expired and is not marked invalid we will use it.
+         * Otherwise, we must create a new ticket request and obtain
+         * a credential we can use. 
+         */
+
 #ifdef PURGE_ALL
         purge_cache = 1;
 #else
-        switch (pTicketResponse->Ticket.SessionKey.KeyType) {
-        case KERB_ETYPE_DES_CBC_CRC:
-        case KERB_ETYPE_DES_CBC_MD4:
-        case KERB_ETYPE_DES_CBC_MD5:
-        case KERB_ETYPE_NULL:
-        case KERB_ETYPE_RC4_HMAC_NT: {
+        /* Check Supported Enctypes */
+        if ( krb5_is_permitted_enctype(context, pTicketResponse->Ticket.SessionKey.KeyType) ) {
             FILETIME Now, MinLife, EndTime, LocalEndTime;
             __int64  temp;
             // FILETIME is in units of 100 nano-seconds
@@ -728,19 +732,14 @@ GetMSTGT(HANDLE LogonHandle, ULONG PackageId,KERB_EXTERNAL_TICKET **ticket)
 #else
                 ignore_cache = 1;
 #endif /* ENABLE_PURGING */
-                break;
             }
             if (pTicketResponse->Ticket.TicketFlags & KERB_TICKET_FLAGS_invalid) {
-                ignore_cache = 1;
-                break;      // invalid, need to attempt a TGT request
+                ignore_cache = 1;   // invalid, need to attempt a TGT request
             }
-            goto cleanup;   // all done
-        }
-        case KERB_ETYPE_RC4_MD4:
-        default:
+            goto cleanup;           // we have a valid ticket, all done
+        } else {
             // not supported
             ignore_cache = 1;
-            break;
         }
 #endif /* PURGE_ALL */
 
@@ -809,20 +808,11 @@ GetMSTGT(HANDLE LogonHandle, ULONG PackageId,KERB_EXTERNAL_TICKET **ticket)
     // Check to make sure the new tickets we received are of a type we support
     //
 
-    switch (pTicketResponse->Ticket.SessionKey.KeyType) {
-    case KERB_ETYPE_DES_CBC_CRC:
-    case KERB_ETYPE_DES_CBC_MD4:
-    case KERB_ETYPE_DES_CBC_MD5:
-    case KERB_ETYPE_NULL:
-    case KERB_ETYPE_RC4_HMAC_NT:
-        goto cleanup;   // all done
-    case KERB_ETYPE_RC4_MD4:
-    default:
-        // not supported
-        break;
+    /* Check Supported Enctypes */
+    if ( krb5_is_permitted_enctype(context, pTicketResponse->Ticket.SessionKey.KeyType) ) {
+        goto cleanup;       // we have a valid ticket, all done
     }
 
-
     //
     // Try once more but this time specify the Encryption Type
     // (This will not store the retrieved tickets in the LSA cache)
@@ -1173,7 +1163,7 @@ krb5_lcc_resolve (krb5_context context, krb5_ccache *id, const char *residual)
     /*
      * we must obtain a tgt from the cache in order to determine the principal
      */
-    if (GetMSTGT(data->LogonHandle, data->PackageId, &msticket)) {
+    if (GetMSTGT(context, data->LogonHandle, data->PackageId, &msticket)) {
         /* convert the ticket */
         krb5_creds creds;
         MSCredToMITCred(msticket, msticket->DomainName, context, &creds);
@@ -1295,7 +1285,7 @@ krb5_lcc_start_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *cur
     /*
      * obtain a tgt to refresh the ccache in case the ticket is expired
      */
-    if (!GetMSTGT(data->LogonHandle, data->PackageId, &lcursor->mstgt)) {
+    if (!GetMSTGT(context, data->LogonHandle, data->PackageId, &lcursor->mstgt)) {
         free(lcursor);
         *cursor = 0;
         return KRB5_FCC_INTERNAL;
@@ -1431,7 +1421,7 @@ krb5_lcc_get_name (krb5_context context, krb5_ccache id)
 {
 
     if (!IsWindows2000())
-        return KRB5_FCC_NOFILE;
+        return "";
 
     if ( !id )
         return "";
@@ -1514,7 +1504,7 @@ krb5_lcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields,
     }
 
     /* convert the ticket */
-    GetMSTGT(data->LogonHandle, data->PackageId, &mstgt);
+    GetMSTGT(context, data->LogonHandle, data->PackageId, &mstgt);
 
     MSCredToMITCred(msticket, mstgt ? mstgt->DomainName : msticket->DomainName, context, &fetchcreds);
author	Tom Yu <tlyu@mit.edu>	2004-05-26 17:53:23 +0000
committer	Tom Yu <tlyu@mit.edu>	2004-05-26 17:53:23 +0000
commit	8686f9a990a74233111b4142fbb793398b4c6aaa (patch)
tree	6654291bfd867dd2c710a05864dd51cc693472c1 /src
parent	4f6f620875ba9a2f1946025232daefed762fd811 (diff)
download	krb5-8686f9a990a74233111b4142fbb793398b4c6aaa.zip krb5-8686f9a990a74233111b4142fbb793398b4c6aaa.tar.gz krb5-8686f9a990a74233111b4142fbb793398b4c6aaa.tar.bz2