pullup from trunk
authorTom Yu <tlyu@mit.edu>
Wed, 15 Dec 2004 22:20:46 +0000 (22:20 +0000)
committerTom Yu <tlyu@mit.edu>
Wed, 15 Dec 2004 22:20:46 +0000 (22:20 +0000)
ticket: 2814
version_fixed: 1.4

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@16943 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/krb5/ccache/ChangeLog
src/lib/krb5/ccache/cc_mslsa.c

index 757ce389c682f8df1d00c35c2c8a2e94dff029d1..14b585c014fdc42f8f7eebb1085ddf54dd3e0ad6 100644 (file)
@@ -1,3 +1,10 @@
+2004-12-15  Jeffrey Altman <jaltman@mit.edu>
+
+        * cc_mslsa.c: 
+          - Activate support for KerbSubmitTicketMessage
+          - Activate support for KerbQueryTicketCacheEx2Message
+          - Add locale support for regions which use MultiByte characters
+
 2004-10-07  Jeffrey Altman <jaltman@mit.edu>
         * cc_mslsa.c: Fix the forced setting of the Initial Ticket Flag
                 on Win2000 and add it to XP and 2003 SP1
index c12f5817e81035387ecd760a8008e29061b97e02..d1d895950690a782f82697599eecb7bd0349b164 100644 (file)
@@ -65,6 +65,9 @@
 #include <ntsecapi.h>
 #include <ntstatus.h>
 
+#define KERB_SUBMIT_TICKET 1
+#define HAVE_CACHE_INFO_EX2 1
+
 #define MAX_MSG_SIZE 256
 #define MAX_MSPRINC_SIZE 1024
 
@@ -189,9 +192,18 @@ UnicodeToANSI(LPTSTR lpInputString, LPSTR lpszOutputString, int nOutStringLen)
 
     GetCPInfo(CP_ACP, &CodePageInfo);
 
-    if (CodePageInfo.MaxCharSize > 1)
+    if (CodePageInfo.MaxCharSize > 1) {
         // Only supporting non-Unicode strings
-        return FALSE;
+        int reqLen = WideCharToMultiByte(CP_ACP, 0, (LPCWSTR) lpInputString, -1,
+                                         NULL, 0, NULL, NULL);
+        if ( reqLen > nOutStringLen) 
+        {
+            return FALSE;
+        } else {
+            WideCharToMultiByte(CP_ACP, 0, (LPCWSTR) lpInputString, -1,
+                                lpszOutputString, nOutStringLen, NULL, NULL);
+        }
+    } 
     else if (((LPBYTE) lpInputString)[1] == '\0')
     {
         // Looks like unicode, better translate it
@@ -200,12 +212,13 @@ UnicodeToANSI(LPTSTR lpInputString, LPSTR lpszOutputString, int nOutStringLen)
     }
     else
         lstrcpyA(lpszOutputString, (LPSTR) lpInputString);
+
     return TRUE;
 }  // UnicodeToANSI
 
 static VOID
 WINAPI
-ANSIToUnicode(LPSTR  lpInputString, LPTSTR lpszOutputString, int nOutStringLen)
+ANSIToUnicode(LPSTR lpInputString, LPTSTR lpszOutputString, int nOutStringLen)
 {
 
     CPINFO CodePageInfo;
@@ -214,12 +227,9 @@ ANSIToUnicode(LPSTR  lpInputString, LPTSTR lpszOutputString, int nOutStringLen)
 
     GetCPInfo(CP_ACP, &CodePageInfo);
 
-    if (CodePageInfo.MaxCharSize > 1)
-        // It must already be a Unicode string
-        return;
-    else if (((LPBYTE) lpInputString)[1] != '\0')
+    if (CodePageInfo.MaxCharSize > 1 || ((LPBYTE) lpInputString)[1] != '\0')
     {
-        // Looks like ANSI, better translate it
+        // Looks like ANSI or MultiByte, better translate it
         MultiByteToWideChar(CP_ACP, 0, (LPCSTR) lpInputString, -1,
                             (LPWSTR) lpszOutputString, nOutStringLen);
     }
@@ -243,9 +253,9 @@ MITPrincToMSPrinc(krb5_context context, krb5_principal principal, UNICODE_STRING
     }
 }
 
-static void
+static BOOL
 UnicodeStringToMITPrinc(UNICODE_STRING *service, WCHAR *realm, krb5_context context, 
-                  krb5_principal *principal)
+                        krb5_principal *principal)
 {
     WCHAR princbuf[512];
     char aname[512];
@@ -255,14 +265,17 @@ UnicodeStringToMITPrinc(UNICODE_STRING *service, WCHAR *realm, krb5_context cont
     princbuf[service->Length/sizeof(WCHAR)]=0;
     wcscat(princbuf, L"@");
     wcscat(princbuf, realm);
-    UnicodeToANSI(princbuf, aname, sizeof(aname));
-    krb5_parse_name(context, aname, principal);
+    if (UnicodeToANSI(princbuf, aname, sizeof(aname))) {
+        krb5_parse_name(context, aname, principal);
+        return TRUE;
+    }
+    return FALSE;
 }
 
 
-static void
+static BOOL
 KerbExternalNameToMITPrinc(KERB_EXTERNAL_NAME *msprinc, WCHAR *realm, krb5_context context, 
-                  krb5_principal *principal)
+                           krb5_principal *principal)
 {
     WCHAR princbuf[512],tmpbuf[128];
     char aname[512];
@@ -278,8 +291,11 @@ KerbExternalNameToMITPrinc(KERB_EXTERNAL_NAME *msprinc, WCHAR *realm, krb5_conte
     }
     wcscat(princbuf, L"@");
     wcscat(princbuf, realm);
-    UnicodeToANSI(princbuf, aname, sizeof(aname));
-    krb5_parse_name(context, aname, principal);
+    if (UnicodeToANSI(princbuf, aname, sizeof(aname))) {
+        krb5_parse_name(context, aname, principal);
+        return TRUE;
+    }
+    return FALSE;
 }
 
 static time_t
@@ -376,7 +392,7 @@ PreserveInitialTicketIdentity(void)
 }
 
 
-static void
+static BOOL
 MSCredToMITCred(KERB_EXTERNAL_TICKET *msticket, UNICODE_STRING ClientRealm, 
                 krb5_context context, krb5_creds *creds)
 {
@@ -387,13 +403,15 @@ MSCredToMITCred(KERB_EXTERNAL_TICKET *msticket, UNICODE_STRING ClientRealm,
     // construct Client Principal
     wcsncpy(wrealm, ClientRealm.Buffer, ClientRealm.Length/sizeof(WCHAR));
     wrealm[ClientRealm.Length/sizeof(WCHAR)]=0;
-    KerbExternalNameToMITPrinc(msticket->ClientName, wrealm, context, &creds->client);
+    if (!KerbExternalNameToMITPrinc(msticket->ClientName, wrealm, context, &creds->client))
+        return FALSE;
 
     // construct Service Principal
     wcsncpy(wrealm, msticket->DomainName.Buffer,
             msticket->DomainName.Length/sizeof(WCHAR));
     wrealm[msticket->DomainName.Length/sizeof(WCHAR)]=0;
-    KerbExternalNameToMITPrinc(msticket->ServiceName, wrealm, context, &creds->server);
+    if (!KerbExternalNameToMITPrinc(msticket->ServiceName, wrealm, context, &creds->server))
+        return FALSE;
     MSSessionKeyToMITKeyblock(&msticket->SessionKey, context, 
                               &creds->keyblock);
     MSFlagsToMITFlags(msticket->TicketFlags, &creds->ticket_flags);
@@ -408,6 +426,7 @@ MSCredToMITCred(KERB_EXTERNAL_TICKET *msticket, UNICODE_STRING ClientRealm,
     memset(creds->addresses, 0, sizeof(krb5_address *));
 
     MSTicketToMITTicket(msticket, context, &creds->ticket);
+    return TRUE;
 }
 
 #ifdef HAVE_CACHE_INFO_EX2
@@ -1622,8 +1641,8 @@ GetMSCacheTicketFromCacheInfoW2K( HANDLE LogonHandle, ULONG PackageId,
      */
     if ( tktinfo->TicketFlags & KERB_TICKET_FLAGS_initial )
         (*ticket)->TicketFlags |= KERB_TICKET_FLAGS_initial;
-    return(TRUE);
 
+    return(TRUE);
 }
 
 static BOOL
@@ -1679,7 +1698,7 @@ GetMSCacheTicketFromCacheInfoXP( HANDLE LogonHandle, ULONG PackageId,
     
     /* otherwise return ticket */
     *ticket = &(pTicketResponse->Ticket);
-
+    
     /* set the initial flag if we were attempting to retrieve one
      * because Windows won't necessarily return the initial ticket
      * to us.
@@ -1688,7 +1707,6 @@ GetMSCacheTicketFromCacheInfoXP( HANDLE LogonHandle, ULONG PackageId,
         (*ticket)->TicketFlags |= KERB_TICKET_FLAGS_initial;
 
     return(TRUE);
-
 }
 
 #ifdef HAVE_CACHE_INFO_EX2
@@ -1745,13 +1763,14 @@ GetMSCacheTicketFromCacheInfoEX2( HANDLE LogonHandle, ULONG PackageId,
     
     /* otherwise return ticket */
     *ticket = &(pTicketResponse->Ticket);
+
     
     /* set the initial flag if we were attempting to retrieve one
-     * because Windows won't necessarily return the initial ticket
-     * to us.
-     */
-    if ( tktinfo->TicketFlags & KERB_TICKET_FLAGS_initial )
-        (*ticket)->TicketFlags |= KERB_TICKET_FLAGS_initial;
+    * because Windows won't necessarily return the initial ticket
+    * to us.
+    */
+   if ( tktinfo->TicketFlags & KERB_TICKET_FLAGS_initial )
+       (*ticket)->TicketFlags |= KERB_TICKET_FLAGS_initial;
 
     return(TRUE);
 }
@@ -1856,6 +1875,7 @@ krb5_lcc_resolve (krb5_context context, krb5_ccache *id, const char *residual)
     HANDLE LogonHandle;
     ULONG  PackageId;
     KERB_EXTERNAL_TICKET *msticket;
+    krb5_error_code retval = KRB5_OK;
 
     if (!is_windows_2000())
         return KRB5_FCC_NOFILE;
@@ -1911,10 +1931,12 @@ krb5_lcc_resolve (krb5_context context, krb5_ccache *id, const char *residual)
     if (GetMSTGT(context, data->LogonHandle, data->PackageId, &msticket, FALSE)) {
         /* convert the ticket */
         krb5_creds creds;
-        MSCredToMITCred(msticket, msticket->DomainName, context, &creds);
+        if (!MSCredToMITCred(msticket, msticket->DomainName, context, &creds))
+            retval = KRB5_FCC_INTERNAL;
         LsaFreeReturnBuffer(msticket);
 
-        krb5_copy_principal(context, creds.client, &data->princ);
+        if (retval == KRB5_OK)
+            krb5_copy_principal(context, creds.client, &data->princ);
         krb5_free_cred_contents(context,&creds);
     } else if (!does_retrieve_ticket_cache_ticket()) {
         krb5_xfree(data->cc_name);
@@ -1929,7 +1951,7 @@ krb5_lcc_resolve (krb5_context context, krb5_ccache *id, const char *residual)
      * if cache is non-existent/unusable 
      */
     *id = lid;
-    return KRB5_OK;
+    return retval;
 }
 
 /*
@@ -2021,8 +2043,8 @@ krb5_lcc_destroy(krb5_context context, krb5_ccache id)
     if (id) { 
         data = (krb5_lcc_data *) id->data;
 
-               return PurgeAllTickets(data->LogonHandle, data->PackageId) ? KRB5_OK : KRB5_FCC_INTERNAL;
-    }
+        return PurgeAllTickets(data->LogonHandle, data->PackageId) ? KRB5_OK : KRB5_FCC_INTERNAL;
+    }   
     return KRB5_FCC_INTERNAL;
 }
 
@@ -2199,16 +2221,19 @@ krb5_lcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor,
     /* convert the ticket */
 #ifdef HAVE_CACHE_INFO_EX2
     if ( does_query_ticket_cache_ex2() ) {
-        MSCredToMITCred(msticket, lcursor->response.ex2->Tickets[lcursor->index-1].ClientRealm, context, creds);
+        if (!MSCredToMITCred(msticket, lcursor->response.ex2->Tickets[lcursor->index-1].ClientRealm, context, creds))
+            retval = KRB5_FCC_INTERNAL;
     } else 
 #endif /* HAVE_CACHE_INFO_EX2 */
     if ( is_windows_xp() ) {
-        MSCredToMITCred(msticket, lcursor->response.xp->Tickets[lcursor->index-1].ClientRealm, context, creds);
+        if (!MSCredToMITCred(msticket, lcursor->response.xp->Tickets[lcursor->index-1].ClientRealm, context, creds))
+            retval = KRB5_FCC_INTERNAL;
     } else {
-        MSCredToMITCred(msticket, lcursor->mstgt->DomainName, context, creds);
+        if (!MSCredToMITCred(msticket, lcursor->mstgt->DomainName, context, creds))
+            retval = KRB5_FCC_INTERNAL;
     }
     LsaFreeReturnBuffer(msticket);
-    return KRB5_OK;
+    return retval;
 }
 
 /*
@@ -2301,7 +2326,6 @@ static krb5_error_code KRB5_CALLCONV
 krb5_lcc_get_principal(krb5_context context, krb5_ccache id, krb5_principal *princ)
 {
     krb5_lcc_data *data = (krb5_lcc_data *)id->data;
-    krb5_error_code kret = KRB5_OK;
 
     if (!is_windows_2000())
         return KRB5_FCC_NOFILE;
@@ -2317,7 +2341,11 @@ krb5_lcc_get_principal(krb5_context context, krb5_ccache id, krb5_principal *pri
         if (GetMSTGT(context, data->LogonHandle, data->PackageId, &msticket, FALSE)) {
             /* convert the ticket */
             krb5_creds creds;
-            MSCredToMITCred(msticket, msticket->DomainName, context, &creds);
+            if (!MSCredToMITCred(msticket, msticket->DomainName, context, &creds))
+            {
+                LsaFreeReturnBuffer(msticket);
+                return KRB5_FCC_INTERNAL;
+            }
             LsaFreeReturnBuffer(msticket);
 
             krb5_copy_principal(context, creds.client, &data->princ);
@@ -2364,8 +2392,6 @@ krb5_lcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields,
     if ( !kret )
         goto cleanup;
 
-
-
     /* if not, obtain a ticket using the request flags and enctype even though it may not
      * be stored in the LSA cache for future use.
      */
@@ -2384,7 +2410,11 @@ krb5_lcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields,
         if ( PreserveInitialTicketIdentity() )
             GetMSTGT(context, data->LogonHandle, data->PackageId, &mstgt, FALSE);
 
-        MSCredToMITCred(msticket, mstgt ? mstgt->DomainName : msticket->DomainName, context, &fetchcreds);
+        if (!MSCredToMITCred(msticket, mstgt ? mstgt->DomainName : msticket->DomainName, context, &fetchcreds))
+        {
+            kret = KRB5_FCC_INTERNAL;
+            goto cleanup;
+        }
     } else {
         /* We can obtain the correct client realm for a ticket by walking the
          * cache contents until we find the matching service ticket.
@@ -2410,7 +2440,12 @@ krb5_lcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields,
             mstmp = 0;
         }
 
-        MSCredToMITCred(msticket, mstmp ? pResponse->Tickets[i].ClientRealm : msticket->DomainName, context, &fetchcreds);
+        if (!MSCredToMITCred(msticket, mstmp ? pResponse->Tickets[i].ClientRealm : msticket->DomainName, context, &fetchcreds))
+        {
+            LsaFreeReturnBuffer(pResponse);
+            kret = KRB5_FCC_INTERNAL;
+            goto cleanup;
+        }
         LsaFreeReturnBuffer(pResponse);
     }