cc_mslsa.c: The WOW64 environment on 64-bit versions of
authorJeffrey Altman <jaltman@secure-endpoints.com>
Wed, 28 Jun 2006 23:00:09 +0000 (23:00 +0000)
committerJeffrey Altman <jaltman@secure-endpoints.com>
Wed, 28 Jun 2006 23:00:09 +0000 (23:00 +0000)
   Windows prior to Vista Beta 2 did not implement the Lsa
functions used by the MSLSA: ccache.   This patch disables
the MSLSA: ccache in broken WOW64 environments by checking
the Windows version and the existence and response of the
IsWow64Process API.

ticket: 3940
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18250 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/krb5/ccache/cc_mslsa.c

index 6a75aef864da2ad3a59b257e3f1169ad2a17669a..46fa507b31b1683065c82034631c2165aa1fe9c8 100644 (file)
@@ -136,6 +136,43 @@ is_windows_xp (void)
    return fIsWinXP;
 }
 
+typedef BOOL (WINAPI *LPFN_ISWOW64PROCESS) (HANDLE, PBOOL);
+
+static BOOL
+is_broken_wow64(void)
+{
+    static BOOL fChecked = FALSE;
+    static BOOL fIsBrokenWow64 = FALSE;
+
+    if (!fChecked)
+    {
+       BOOL isWow64 = FALSE;
+       OSVERSIONINFO Version;
+       LPFN_ISWOW64PROCESS fnIsWow64Process = 
+           (LPFN_ISWOW64PROCESS)GetProcAddress(GetModuleHandle("kernel32"),
+                                               "IsWow64Process");
+
+       /* If we don't find the fnIsWow64Process function then we 
+        * are not running in a broken Wow64 
+        */
+       if (fnIsWow64Process) {
+           memset (&Version, 0x00, sizeof(Version));
+           Version.dwOSVersionInfoSize = sizeof(Version);
+
+           if (fnIsWow64Process(GetCurrentProcess(), &isWow64) && 
+               GetVersionEx (&Version)) {
+               if (isWow64 && 
+                   Version.dwPlatformId == VER_PLATFORM_WIN32_NT &&
+                   Version.dwMajorVersion < 6)
+                   fIsBrokenWow64 = TRUE;
+           } 
+       }
+       fChecked = TRUE;
+    }
+
+    return fIsBrokenWow64;
+}
+
 /* This flag is only supported by versions of Windows which have obtained
  * a code change from Microsoft.   When the code change is installed,
  * setting this flag will cause all retrieved credentials to be stored 
@@ -729,9 +766,9 @@ IsKerberosLogon(VOID)
             usLength = (pSessionData->AuthenticationPackage).Length;
             if (usLength < 256)
             {
-                lstrcpyn (buffer, usBuffer, usLength);
-                lstrcat (buffer,L"");
-                if ( !lstrcmp(L"Kerberos",buffer) )
+                lstrcpynW (buffer, usBuffer, usLength);
+                lstrcatW (buffer,L"");
+                if ( !lstrcmpW(L"Kerberos",buffer) )
                     Success = TRUE;
             }
         }
@@ -1888,7 +1925,7 @@ krb5_lcc_resolve (krb5_context context, krb5_ccache *id, const char *residual)
     KERB_EXTERNAL_TICKET *msticket;
     krb5_error_code retval = KRB5_OK;
 
-    if (!is_windows_2000())
+    if (!is_windows_2000() || is_broken_wow64())
         return KRB5_FCC_NOFILE;
 
 #ifdef COMMENT