From: Tom Yu Date: Mon, 24 Jul 2006 23:40:24 +0000 (+0000) Subject: revert previous X-Git-Tag: kfw-3.1.0-beta1~4 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=1d7f4e9db55508a3045ba451b758118d7e712e45;p=krb5.git revert previous ticket: 4048 git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@18384 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/windows/kfwlogon/Makefile.in b/src/windows/kfwlogon/Makefile.in index 03fc6e7e4..10e7d4cfb 100644 --- a/src/windows/kfwlogon/Makefile.in +++ b/src/windows/kfwlogon/Makefile.in @@ -12,7 +12,7 @@ LOCALINCLUDES = -I$(BUILDTOP) -I$(PISMERE)\athena\util\loadfuncs \ -I$(PISMERE)\athena\auth\leash\include PROG_LIBPATH=-L$(TOPLIBD) -L$(KRB5_LIBDIR) -SYSLIBS = kernel32.lib user32.lib advapi32.lib wsock32.lib secur32.lib userenv.lib +SYSLIBS = kernel32.lib user32.lib advapi32.lib wsock32.lib secur32.lib RFLAGS = $(LOCALINCLUDES) RCFLAGS = $(RFLAGS) -D_WIN32 diff --git a/src/windows/kfwlogon/kfwcommon.c b/src/windows/kfwlogon/kfwcommon.c index a4263c838..251e1436b 100644 --- a/src/windows/kfwlogon/kfwcommon.c +++ b/src/windows/kfwlogon/kfwcommon.c @@ -24,9 +24,6 @@ SOFTWARE. #include "kfwlogon.h" #include -#include -#include -#include #include #include @@ -761,107 +758,6 @@ KFW_get_cred( char * username, return(code); } -int KFW_set_ccache_dacl(char *filename, HANDLE hUserToken) -{ - // SID_IDENTIFIER_AUTHORITY authority = SECURITY_NT_SID_AUTHORITY; - PSID pSystemSID = NULL; - DWORD SystemSIDlength, UserSIDlength; - PACL ccacheACL = NULL; - DWORD ccacheACLlength; - PTOKEN_USER pTokenUser = NULL; - DWORD retLen; - int ret = 0; - - /* Get System SID */ - ConvertStringSidToSid(SDDL_LOCAL_SYSTEM, &pSystemSID); - - /* Create ACL */ - SystemSIDlength = GetLengthSid(pSystemSID); - ccacheACLlength = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) - + SystemSIDlength - sizeof(DWORD); - - if (hUserToken) { - if (!GetTokenInformation(hUserToken, TokenUser, NULL, 0, &retLen)) - { - if ( GetLastError() == ERROR_INSUFFICIENT_BUFFER ) { - pTokenUser = (PTOKEN_USER) LocalAlloc(LPTR, retLen); - - if (!GetTokenInformation(hUserToken, TokenUser, pTokenUser, retLen, &retLen)) - { - DebugEvent("GetTokenInformation failed: GLE = %lX", GetLastError()); - } - } - } - - if (pTokenUser) { - UserSIDlength = GetLengthSid(pTokenUser->User.Sid); - - ccacheACLlength += sizeof(ACCESS_ALLOWED_ACE) + UserSIDlength - - sizeof(DWORD); - } - } - - ccacheACL = GlobalAlloc(GMEM_FIXED, ccacheACLlength); - InitializeAcl(ccacheACL, ccacheACLlength, ACL_REVISION); - AddAccessAllowedAceEx(ccacheACL, ACL_REVISION, 0, - STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL, - pSystemSID); - if (pTokenUser) { - AddAccessAllowedAceEx(ccacheACL, ACL_REVISION, 0, - STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL, - pTokenUser->User.Sid); - if (!SetNamedSecurityInfo( filename, SE_FILE_OBJECT, - DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION, - NULL, - NULL, - ccacheACL, - NULL)) { - DebugEvent("SetNamedSecurityInfo DACL failed: GLE = 0x%lX", GetLastError()); - ret = 1; - } - if (!SetNamedSecurityInfo( filename, SE_FILE_OBJECT, - OWNER_SECURITY_INFORMATION, - pTokenUser->User.Sid, - NULL, - NULL, - NULL)) { - DebugEvent("SetNamedSecurityInfo Owner failed: GLE = 0x%lX", GetLastError()); - ret = 1; - } - } else { - if (!SetNamedSecurityInfo( filename, SE_FILE_OBJECT, - DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION, - NULL, - NULL, - ccacheACL, - NULL)) { - DebugEvent("SetNamedSecurityInfo failed: GLE = 0x%lX", GetLastError()); - ret = 1; - } - } - - if (pSystemSID) - LocalFree(pSystemSID); - if (pTokenUser) - LocalFree(pTokenUser); - if (ccacheACL) - GlobalFree(ccacheACL); - return ret; -} - -int KFW_obtain_user_temp_directory(HANDLE hUserToken, char *newfilename, int size) -{ - int retval = 0; - DWORD dwSize = size-1; /* leave room for nul */ - - *newfilename = '\0'; - - if ( !ExpandEnvironmentStringsForUser(hUserToken, "%TEMP%", newfilename, size) && - !ExpandEnvironmentStringsForUser(hUserToken, "%TMP%", newfilename, size)) - return 1; - return 0; -} - void KFW_copy_cache_to_system_file(char * user, char * szLogonId) { @@ -873,8 +769,7 @@ KFW_copy_cache_to_system_file(char * user, char * szLogonId) krb5_principal princ = 0; krb5_ccache cc = 0; krb5_ccache ncc = 0; - PSECURITY_ATTRIBUTES pSA = NULL; - + if (!pkrb5_init_context) return; @@ -894,8 +789,6 @@ KFW_copy_cache_to_system_file(char * user, char * szLogonId) strcat(cachename, filename); - DebugEvent("KFW_Logon_Event - ccache %s", cachename); - DeleteFile(filename); code = pkrb5_init_context(&ctx); @@ -913,8 +806,6 @@ KFW_copy_cache_to_system_file(char * user, char * szLogonId) code = pkrb5_cc_initialize(ctx, ncc, princ); if (code) goto cleanup; - KFW_set_ccache_dacl(filename, NULL); - code = pkrb5_cc_copy_creds(ctx,cc,ncc); cleanup: @@ -936,7 +827,7 @@ KFW_copy_cache_to_system_file(char * user, char * szLogonId) } int -KFW_copy_file_cache_to_default_cache(char * filename) +KFW_copy_system_file_to_default_cache(char * filename) { char cachename[264] = "FILE:"; krb5_context ctx = 0; @@ -958,31 +849,17 @@ KFW_copy_file_cache_to_default_cache(char * filename) if (code) ctx = 0; code = pkrb5_cc_resolve(ctx, cachename, &cc); - if (code) { - DebugEvent0("kfwcpcc krb5_cc_resolve failed"); - goto cleanup; - } + if (code) goto cleanup; code = pkrb5_cc_get_principal(ctx, cc, &princ); - if (code) { - DebugEvent0("kfwcpcc krb5_cc_get_principal failed"); - goto cleanup; - } + if (code) goto cleanup; code = pkrb5_cc_default(ctx, &ncc); - if (code) { - DebugEvent0("kfwcpcc krb5_cc_default failed"); - goto cleanup; - } if (!code) { code = pkrb5_cc_initialize(ctx, ncc, princ); if (!code) code = pkrb5_cc_copy_creds(ctx,cc,ncc); - if (code) { - DebugEvent0("kfwcpcc krb5_cc_copy_creds failed"); - goto cleanup; - } } if ( ncc ) { pkrb5_cc_close(ctx, ncc); diff --git a/src/windows/kfwlogon/kfwcpcc.c b/src/windows/kfwlogon/kfwcpcc.c index c3485c02d..4dbace969 100644 --- a/src/windows/kfwlogon/kfwcpcc.c +++ b/src/windows/kfwlogon/kfwcpcc.c @@ -33,7 +33,7 @@ int main(int argc, char *argv[]) KFW_initialize(); - return KFW_copy_file_cache_to_default_cache(argv[1]); + return KFW_copy_system_file_to_default_cache(argv[1]); } diff --git a/src/windows/kfwlogon/kfwlogon.c b/src/windows/kfwlogon/kfwlogon.c index e815f73e0..eddf27341 100644 --- a/src/windows/kfwlogon/kfwlogon.c +++ b/src/windows/kfwlogon/kfwlogon.c @@ -1,5 +1,5 @@ /* -Copyright 2005,2006 by the Massachusetts Institute of Technology +Copyright 2005 by the Massachusetts Institute of Technology All rights reserved. @@ -292,7 +292,6 @@ VOID KFW_Logon_Event( PWLX_NOTIFICATION_INFO pInfo ) char szLogonId[128] = ""; DWORD count; char filename[256]; - char newfilename[256]; char commandline[512]; STARTUPINFO startupinfo; PROCESS_INFORMATION procinfo; @@ -322,36 +321,14 @@ VOID KFW_Logon_Event( PWLX_NOTIFICATION_INFO pInfo ) GetWindowsDirectory(filename, sizeof(filename)); } - if ( strlen(filename) + strlen(szLogonId) + 2 > sizeof(filename) ) { - DebugEvent0("KFW_Logon_Event - filename too long"); - return; - } - - strcat(filename, "\\"); - strcat(filename, szLogonId); + if ( strlen(filename) + strlen(szLogonId) + 2 <= sizeof(filename) ) { + strcat(filename, "\\"); + strcat(filename, szLogonId); - KFW_set_ccache_dacl(filename, pInfo->hToken); + sprintf(commandline, "kfwcpcc.exe \"%s\"", filename); - KFW_obtain_user_temp_directory(pInfo->hToken, newfilename, sizeof(newfilename)); - - if ( strlen(newfilename) + strlen(szLogonId) + 2 > sizeof(newfilename) ) { - DebugEvent0("KFW_Logon_Event - new filename too long"); - return; - } - - strcat(newfilename, "\\"); - strcat(newfilename, szLogonId); - - if (!MoveFileEx(filename, newfilename, - MOVEFILE_COPY_ALLOWED | MOVEFILE_REPLACE_EXISTING | MOVEFILE_WRITE_THROUGH)) { - DebugEvent("KFW_Logon_Event - MoveFileEx failed GLE = 0x%x", GetLastError()); - return; - } - - sprintf(commandline, "kfwcpcc.exe \"%s\"", newfilename); - - GetStartupInfo(&startupinfo); - if (CreateProcessAsUser( pInfo->hToken, + GetStartupInfo(&startupinfo); + if (CreateProcessAsUser( pInfo->hToken, "kfwcpcc.exe", commandline, NULL, @@ -362,15 +339,12 @@ VOID KFW_Logon_Event( PWLX_NOTIFICATION_INFO pInfo ) NULL, &startupinfo, &procinfo)) - { - DebugEvent("KFW_Logon_Event - CommandLine %s", commandline); + { + WaitForSingleObject(procinfo.hProcess, 30000); - WaitForSingleObject(procinfo.hProcess, 30000); - - CloseHandle(procinfo.hThread); - CloseHandle(procinfo.hProcess); - } else { - DebugEvent0("KFW_Logon_Event - CreateProcessFailed"); + CloseHandle(procinfo.hThread); + CloseHandle(procinfo.hProcess); + } } DeleteFile(filename); diff --git a/src/windows/kfwlogon/kfwlogon.h b/src/windows/kfwlogon/kfwlogon.h index d3fa6709d..34c8cc70c 100644 --- a/src/windows/kfwlogon/kfwlogon.h +++ b/src/windows/kfwlogon/kfwlogon.h @@ -1,6 +1,6 @@ /* -Copyright 2005,2006 by the Massachusetts Institute of Technology +Copyright 2005 by the Massachusetts Institute of Technology All rights reserved. @@ -194,8 +194,6 @@ int KFW_is_available(void); int KFW_get_cred( char * username, char * password, int lifetime, char ** reasonP ); void KFW_copy_cache_to_system_file(char * user, char * szLogonId); int KFW_destroy_tickets_for_principal(char * user); -int KFW_set_ccache_dacl(char *filename, HANDLE hUserToken); -int KFW_obtain_user_temp_directory(HANDLE hUserToken, char *newfilename, int size); #ifdef __cplusplus }