diff options
author | Tom Yu <tlyu@mit.edu> | 2004-05-26 17:53:23 +0000 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2004-05-26 17:53:23 +0000 |
commit | 8686f9a990a74233111b4142fbb793398b4c6aaa (patch) | |
tree | 6654291bfd867dd2c710a05864dd51cc693472c1 /src | |
parent | 4f6f620875ba9a2f1946025232daefed762fd811 (diff) | |
download | krb5-8686f9a990a74233111b4142fbb793398b4c6aaa.zip krb5-8686f9a990a74233111b4142fbb793398b4c6aaa.tar.gz krb5-8686f9a990a74233111b4142fbb793398b4c6aaa.tar.bz2 |
pullup from trunk
ticket: 2574
version_fixed: 1.3.4
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-3@16366 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
-rw-r--r-- | src/lib/krb5/ccache/ChangeLog | 9 | ||||
-rw-r--r-- | src/lib/krb5/ccache/cc_mslsa.c | 54 |
2 files changed, 31 insertions, 32 deletions
diff --git a/src/lib/krb5/ccache/ChangeLog b/src/lib/krb5/ccache/ChangeLog index 18e15ab..1f129ea 100644 --- a/src/lib/krb5/ccache/ChangeLog +++ b/src/lib/krb5/ccache/ChangeLog @@ -1,3 +1,12 @@ +2004-05-25 Jeffrey Altman <jaltman@mit.edu> + + * cc_mslsa.c: GetMSTGT(). Initialize pTicketRequest to NULL + to prevent it being freed prior to allocation. Add krb5_context + parameter to allow krb5_get_permitted_enctype() to be called + instead of using a hardcoded list of enctypes which may change + in the future. + krb5_lcc_get_name(): fix return value if Kerberos is not supported. + 2004-05-15 Jeffrey Altman <jaltman@mit.edu> * cc_mslsa.c: The FAILED() macro only considered an error diff --git a/src/lib/krb5/ccache/cc_mslsa.c b/src/lib/krb5/ccache/cc_mslsa.c index 93a938d..1b3d759 100644 --- a/src/lib/krb5/ccache/cc_mslsa.c +++ b/src/lib/krb5/ccache/cc_mslsa.c @@ -592,7 +592,7 @@ PurgeMSTGT(HANDLE LogonHandle, ULONG PackageId) // (ms calls this refresh). static BOOL -GetMSTGT(HANDLE LogonHandle, ULONG PackageId,KERB_EXTERNAL_TICKET **ticket) +GetMSTGT(krb5_context context, HANDLE LogonHandle, ULONG PackageId,KERB_EXTERNAL_TICKET **ticket) { // // INVARIANTS: @@ -607,7 +607,7 @@ GetMSTGT(HANDLE LogonHandle, ULONG PackageId,KERB_EXTERNAL_TICKET **ticket) DWORD Error; KERB_QUERY_TKT_CACHE_REQUEST CacheRequest; - PKERB_RETRIEVE_TKT_REQUEST pTicketRequest; + PKERB_RETRIEVE_TKT_REQUEST pTicketRequest = NULL; PKERB_RETRIEVE_TKT_RESPONSE pTicketResponse = NULL; ULONG RequestSize; ULONG ResponseSize; @@ -616,6 +616,7 @@ GetMSTGT(HANDLE LogonHandle, ULONG PackageId,KERB_EXTERNAL_TICKET **ticket) #endif /* ENABLE_PURGING */ int ignore_cache = 0; + memset(&CacheRequest, 0, sizeof(KERB_QUERY_TKT_CACHE_REQUEST)); CacheRequest.MessageType = KerbRetrieveTicketMessage; CacheRequest.LogonId.LowPart = 0; CacheRequest.LogonId.HighPart = 0; @@ -698,15 +699,18 @@ GetMSTGT(HANDLE LogonHandle, ULONG PackageId,KERB_EXTERNAL_TICKET **ticket) goto cleanup; } } else { + /* We have succeeded in obtaining a credential from the cache. + * Assuming the enctype is one that we support and the ticket + * has not expired and is not marked invalid we will use it. + * Otherwise, we must create a new ticket request and obtain + * a credential we can use. + */ + #ifdef PURGE_ALL purge_cache = 1; #else - switch (pTicketResponse->Ticket.SessionKey.KeyType) { - case KERB_ETYPE_DES_CBC_CRC: - case KERB_ETYPE_DES_CBC_MD4: - case KERB_ETYPE_DES_CBC_MD5: - case KERB_ETYPE_NULL: - case KERB_ETYPE_RC4_HMAC_NT: { + /* Check Supported Enctypes */ + if ( krb5_is_permitted_enctype(context, pTicketResponse->Ticket.SessionKey.KeyType) ) { FILETIME Now, MinLife, EndTime, LocalEndTime; __int64 temp; // FILETIME is in units of 100 nano-seconds @@ -728,19 +732,14 @@ GetMSTGT(HANDLE LogonHandle, ULONG PackageId,KERB_EXTERNAL_TICKET **ticket) #else ignore_cache = 1; #endif /* ENABLE_PURGING */ - break; } if (pTicketResponse->Ticket.TicketFlags & KERB_TICKET_FLAGS_invalid) { - ignore_cache = 1; - break; // invalid, need to attempt a TGT request + ignore_cache = 1; // invalid, need to attempt a TGT request } - goto cleanup; // all done - } - case KERB_ETYPE_RC4_MD4: - default: + goto cleanup; // we have a valid ticket, all done + } else { // not supported ignore_cache = 1; - break; } #endif /* PURGE_ALL */ @@ -809,20 +808,11 @@ GetMSTGT(HANDLE LogonHandle, ULONG PackageId,KERB_EXTERNAL_TICKET **ticket) // Check to make sure the new tickets we received are of a type we support // - switch (pTicketResponse->Ticket.SessionKey.KeyType) { - case KERB_ETYPE_DES_CBC_CRC: - case KERB_ETYPE_DES_CBC_MD4: - case KERB_ETYPE_DES_CBC_MD5: - case KERB_ETYPE_NULL: - case KERB_ETYPE_RC4_HMAC_NT: - goto cleanup; // all done - case KERB_ETYPE_RC4_MD4: - default: - // not supported - break; + /* Check Supported Enctypes */ + if ( krb5_is_permitted_enctype(context, pTicketResponse->Ticket.SessionKey.KeyType) ) { + goto cleanup; // we have a valid ticket, all done } - // // Try once more but this time specify the Encryption Type // (This will not store the retrieved tickets in the LSA cache) @@ -1173,7 +1163,7 @@ krb5_lcc_resolve (krb5_context context, krb5_ccache *id, const char *residual) /* * we must obtain a tgt from the cache in order to determine the principal */ - if (GetMSTGT(data->LogonHandle, data->PackageId, &msticket)) { + if (GetMSTGT(context, data->LogonHandle, data->PackageId, &msticket)) { /* convert the ticket */ krb5_creds creds; MSCredToMITCred(msticket, msticket->DomainName, context, &creds); @@ -1295,7 +1285,7 @@ krb5_lcc_start_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *cur /* * obtain a tgt to refresh the ccache in case the ticket is expired */ - if (!GetMSTGT(data->LogonHandle, data->PackageId, &lcursor->mstgt)) { + if (!GetMSTGT(context, data->LogonHandle, data->PackageId, &lcursor->mstgt)) { free(lcursor); *cursor = 0; return KRB5_FCC_INTERNAL; @@ -1431,7 +1421,7 @@ krb5_lcc_get_name (krb5_context context, krb5_ccache id) { if (!IsWindows2000()) - return KRB5_FCC_NOFILE; + return ""; if ( !id ) return ""; @@ -1514,7 +1504,7 @@ krb5_lcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields, } /* convert the ticket */ - GetMSTGT(data->LogonHandle, data->PackageId, &mstgt); + GetMSTGT(context, data->LogonHandle, data->PackageId, &mstgt); MSCredToMITCred(msticket, mstgt ? mstgt->DomainName : msticket->DomainName, context, &fetchcreds); |