From: Tom Yu Date: Wed, 15 Dec 2004 22:20:46 +0000 (+0000) Subject: pullup from trunk X-Git-Tag: krb5-1.4.3-beta1~138 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=257cd15a2a6de20b34e19fce66ed0325eae804ff;p=krb5.git pullup from trunk ticket: 2814 version_fixed: 1.4 git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@16943 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/krb5/ccache/ChangeLog b/src/lib/krb5/ccache/ChangeLog index 757ce389c..14b585c01 100644 --- a/src/lib/krb5/ccache/ChangeLog +++ b/src/lib/krb5/ccache/ChangeLog @@ -1,3 +1,10 @@ +2004-12-15 Jeffrey Altman + + * cc_mslsa.c: + - Activate support for KerbSubmitTicketMessage + - Activate support for KerbQueryTicketCacheEx2Message + - Add locale support for regions which use MultiByte characters + 2004-10-07 Jeffrey Altman * cc_mslsa.c: Fix the forced setting of the Initial Ticket Flag on Win2000 and add it to XP and 2003 SP1 diff --git a/src/lib/krb5/ccache/cc_mslsa.c b/src/lib/krb5/ccache/cc_mslsa.c index c12f5817e..d1d895950 100644 --- a/src/lib/krb5/ccache/cc_mslsa.c +++ b/src/lib/krb5/ccache/cc_mslsa.c @@ -65,6 +65,9 @@ #include #include +#define KERB_SUBMIT_TICKET 1 +#define HAVE_CACHE_INFO_EX2 1 + #define MAX_MSG_SIZE 256 #define MAX_MSPRINC_SIZE 1024 @@ -189,9 +192,18 @@ UnicodeToANSI(LPTSTR lpInputString, LPSTR lpszOutputString, int nOutStringLen) GetCPInfo(CP_ACP, &CodePageInfo); - if (CodePageInfo.MaxCharSize > 1) + if (CodePageInfo.MaxCharSize > 1) { // Only supporting non-Unicode strings - return FALSE; + int reqLen = WideCharToMultiByte(CP_ACP, 0, (LPCWSTR) lpInputString, -1, + NULL, 0, NULL, NULL); + if ( reqLen > nOutStringLen) + { + return FALSE; + } else { + WideCharToMultiByte(CP_ACP, 0, (LPCWSTR) lpInputString, -1, + lpszOutputString, nOutStringLen, NULL, NULL); + } + } else if (((LPBYTE) lpInputString)[1] == '\0') { // Looks like unicode, better translate it @@ -200,12 +212,13 @@ UnicodeToANSI(LPTSTR lpInputString, LPSTR lpszOutputString, int nOutStringLen) } else lstrcpyA(lpszOutputString, (LPSTR) lpInputString); + return TRUE; } // UnicodeToANSI static VOID WINAPI -ANSIToUnicode(LPSTR lpInputString, LPTSTR lpszOutputString, int nOutStringLen) +ANSIToUnicode(LPSTR lpInputString, LPTSTR lpszOutputString, int nOutStringLen) { CPINFO CodePageInfo; @@ -214,12 +227,9 @@ ANSIToUnicode(LPSTR lpInputString, LPTSTR lpszOutputString, int nOutStringLen) GetCPInfo(CP_ACP, &CodePageInfo); - if (CodePageInfo.MaxCharSize > 1) - // It must already be a Unicode string - return; - else if (((LPBYTE) lpInputString)[1] != '\0') + if (CodePageInfo.MaxCharSize > 1 || ((LPBYTE) lpInputString)[1] != '\0') { - // Looks like ANSI, better translate it + // Looks like ANSI or MultiByte, better translate it MultiByteToWideChar(CP_ACP, 0, (LPCSTR) lpInputString, -1, (LPWSTR) lpszOutputString, nOutStringLen); } @@ -243,9 +253,9 @@ MITPrincToMSPrinc(krb5_context context, krb5_principal principal, UNICODE_STRING } } -static void +static BOOL UnicodeStringToMITPrinc(UNICODE_STRING *service, WCHAR *realm, krb5_context context, - krb5_principal *principal) + krb5_principal *principal) { WCHAR princbuf[512]; char aname[512]; @@ -255,14 +265,17 @@ UnicodeStringToMITPrinc(UNICODE_STRING *service, WCHAR *realm, krb5_context cont princbuf[service->Length/sizeof(WCHAR)]=0; wcscat(princbuf, L"@"); wcscat(princbuf, realm); - UnicodeToANSI(princbuf, aname, sizeof(aname)); - krb5_parse_name(context, aname, principal); + if (UnicodeToANSI(princbuf, aname, sizeof(aname))) { + krb5_parse_name(context, aname, principal); + return TRUE; + } + return FALSE; } -static void +static BOOL KerbExternalNameToMITPrinc(KERB_EXTERNAL_NAME *msprinc, WCHAR *realm, krb5_context context, - krb5_principal *principal) + krb5_principal *principal) { WCHAR princbuf[512],tmpbuf[128]; char aname[512]; @@ -278,8 +291,11 @@ KerbExternalNameToMITPrinc(KERB_EXTERNAL_NAME *msprinc, WCHAR *realm, krb5_conte } wcscat(princbuf, L"@"); wcscat(princbuf, realm); - UnicodeToANSI(princbuf, aname, sizeof(aname)); - krb5_parse_name(context, aname, principal); + if (UnicodeToANSI(princbuf, aname, sizeof(aname))) { + krb5_parse_name(context, aname, principal); + return TRUE; + } + return FALSE; } static time_t @@ -376,7 +392,7 @@ PreserveInitialTicketIdentity(void) } -static void +static BOOL MSCredToMITCred(KERB_EXTERNAL_TICKET *msticket, UNICODE_STRING ClientRealm, krb5_context context, krb5_creds *creds) { @@ -387,13 +403,15 @@ MSCredToMITCred(KERB_EXTERNAL_TICKET *msticket, UNICODE_STRING ClientRealm, // construct Client Principal wcsncpy(wrealm, ClientRealm.Buffer, ClientRealm.Length/sizeof(WCHAR)); wrealm[ClientRealm.Length/sizeof(WCHAR)]=0; - KerbExternalNameToMITPrinc(msticket->ClientName, wrealm, context, &creds->client); + if (!KerbExternalNameToMITPrinc(msticket->ClientName, wrealm, context, &creds->client)) + return FALSE; // construct Service Principal wcsncpy(wrealm, msticket->DomainName.Buffer, msticket->DomainName.Length/sizeof(WCHAR)); wrealm[msticket->DomainName.Length/sizeof(WCHAR)]=0; - KerbExternalNameToMITPrinc(msticket->ServiceName, wrealm, context, &creds->server); + if (!KerbExternalNameToMITPrinc(msticket->ServiceName, wrealm, context, &creds->server)) + return FALSE; MSSessionKeyToMITKeyblock(&msticket->SessionKey, context, &creds->keyblock); MSFlagsToMITFlags(msticket->TicketFlags, &creds->ticket_flags); @@ -408,6 +426,7 @@ MSCredToMITCred(KERB_EXTERNAL_TICKET *msticket, UNICODE_STRING ClientRealm, memset(creds->addresses, 0, sizeof(krb5_address *)); MSTicketToMITTicket(msticket, context, &creds->ticket); + return TRUE; } #ifdef HAVE_CACHE_INFO_EX2 @@ -1622,8 +1641,8 @@ GetMSCacheTicketFromCacheInfoW2K( HANDLE LogonHandle, ULONG PackageId, */ if ( tktinfo->TicketFlags & KERB_TICKET_FLAGS_initial ) (*ticket)->TicketFlags |= KERB_TICKET_FLAGS_initial; - return(TRUE); + return(TRUE); } static BOOL @@ -1679,7 +1698,7 @@ GetMSCacheTicketFromCacheInfoXP( HANDLE LogonHandle, ULONG PackageId, /* otherwise return ticket */ *ticket = &(pTicketResponse->Ticket); - + /* set the initial flag if we were attempting to retrieve one * because Windows won't necessarily return the initial ticket * to us. @@ -1688,7 +1707,6 @@ GetMSCacheTicketFromCacheInfoXP( HANDLE LogonHandle, ULONG PackageId, (*ticket)->TicketFlags |= KERB_TICKET_FLAGS_initial; return(TRUE); - } #ifdef HAVE_CACHE_INFO_EX2 @@ -1745,13 +1763,14 @@ GetMSCacheTicketFromCacheInfoEX2( HANDLE LogonHandle, ULONG PackageId, /* otherwise return ticket */ *ticket = &(pTicketResponse->Ticket); + /* set the initial flag if we were attempting to retrieve one - * because Windows won't necessarily return the initial ticket - * to us. - */ - if ( tktinfo->TicketFlags & KERB_TICKET_FLAGS_initial ) - (*ticket)->TicketFlags |= KERB_TICKET_FLAGS_initial; + * because Windows won't necessarily return the initial ticket + * to us. + */ + if ( tktinfo->TicketFlags & KERB_TICKET_FLAGS_initial ) + (*ticket)->TicketFlags |= KERB_TICKET_FLAGS_initial; return(TRUE); } @@ -1856,6 +1875,7 @@ krb5_lcc_resolve (krb5_context context, krb5_ccache *id, const char *residual) HANDLE LogonHandle; ULONG PackageId; KERB_EXTERNAL_TICKET *msticket; + krb5_error_code retval = KRB5_OK; if (!is_windows_2000()) return KRB5_FCC_NOFILE; @@ -1911,10 +1931,12 @@ krb5_lcc_resolve (krb5_context context, krb5_ccache *id, const char *residual) if (GetMSTGT(context, data->LogonHandle, data->PackageId, &msticket, FALSE)) { /* convert the ticket */ krb5_creds creds; - MSCredToMITCred(msticket, msticket->DomainName, context, &creds); + if (!MSCredToMITCred(msticket, msticket->DomainName, context, &creds)) + retval = KRB5_FCC_INTERNAL; LsaFreeReturnBuffer(msticket); - krb5_copy_principal(context, creds.client, &data->princ); + if (retval == KRB5_OK) + krb5_copy_principal(context, creds.client, &data->princ); krb5_free_cred_contents(context,&creds); } else if (!does_retrieve_ticket_cache_ticket()) { krb5_xfree(data->cc_name); @@ -1929,7 +1951,7 @@ krb5_lcc_resolve (krb5_context context, krb5_ccache *id, const char *residual) * if cache is non-existent/unusable */ *id = lid; - return KRB5_OK; + return retval; } /* @@ -2021,8 +2043,8 @@ krb5_lcc_destroy(krb5_context context, krb5_ccache id) if (id) { data = (krb5_lcc_data *) id->data; - return PurgeAllTickets(data->LogonHandle, data->PackageId) ? KRB5_OK : KRB5_FCC_INTERNAL; - } + return PurgeAllTickets(data->LogonHandle, data->PackageId) ? KRB5_OK : KRB5_FCC_INTERNAL; + } return KRB5_FCC_INTERNAL; } @@ -2199,16 +2221,19 @@ krb5_lcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor, /* convert the ticket */ #ifdef HAVE_CACHE_INFO_EX2 if ( does_query_ticket_cache_ex2() ) { - MSCredToMITCred(msticket, lcursor->response.ex2->Tickets[lcursor->index-1].ClientRealm, context, creds); + if (!MSCredToMITCred(msticket, lcursor->response.ex2->Tickets[lcursor->index-1].ClientRealm, context, creds)) + retval = KRB5_FCC_INTERNAL; } else #endif /* HAVE_CACHE_INFO_EX2 */ if ( is_windows_xp() ) { - MSCredToMITCred(msticket, lcursor->response.xp->Tickets[lcursor->index-1].ClientRealm, context, creds); + if (!MSCredToMITCred(msticket, lcursor->response.xp->Tickets[lcursor->index-1].ClientRealm, context, creds)) + retval = KRB5_FCC_INTERNAL; } else { - MSCredToMITCred(msticket, lcursor->mstgt->DomainName, context, creds); + if (!MSCredToMITCred(msticket, lcursor->mstgt->DomainName, context, creds)) + retval = KRB5_FCC_INTERNAL; } LsaFreeReturnBuffer(msticket); - return KRB5_OK; + return retval; } /* @@ -2301,7 +2326,6 @@ static krb5_error_code KRB5_CALLCONV krb5_lcc_get_principal(krb5_context context, krb5_ccache id, krb5_principal *princ) { krb5_lcc_data *data = (krb5_lcc_data *)id->data; - krb5_error_code kret = KRB5_OK; if (!is_windows_2000()) return KRB5_FCC_NOFILE; @@ -2317,7 +2341,11 @@ krb5_lcc_get_principal(krb5_context context, krb5_ccache id, krb5_principal *pri if (GetMSTGT(context, data->LogonHandle, data->PackageId, &msticket, FALSE)) { /* convert the ticket */ krb5_creds creds; - MSCredToMITCred(msticket, msticket->DomainName, context, &creds); + if (!MSCredToMITCred(msticket, msticket->DomainName, context, &creds)) + { + LsaFreeReturnBuffer(msticket); + return KRB5_FCC_INTERNAL; + } LsaFreeReturnBuffer(msticket); krb5_copy_principal(context, creds.client, &data->princ); @@ -2364,8 +2392,6 @@ krb5_lcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields, if ( !kret ) goto cleanup; - - /* if not, obtain a ticket using the request flags and enctype even though it may not * be stored in the LSA cache for future use. */ @@ -2384,7 +2410,11 @@ krb5_lcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields, if ( PreserveInitialTicketIdentity() ) GetMSTGT(context, data->LogonHandle, data->PackageId, &mstgt, FALSE); - MSCredToMITCred(msticket, mstgt ? mstgt->DomainName : msticket->DomainName, context, &fetchcreds); + if (!MSCredToMITCred(msticket, mstgt ? mstgt->DomainName : msticket->DomainName, context, &fetchcreds)) + { + kret = KRB5_FCC_INTERNAL; + goto cleanup; + } } else { /* We can obtain the correct client realm for a ticket by walking the * cache contents until we find the matching service ticket. @@ -2410,7 +2440,12 @@ krb5_lcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields, mstmp = 0; } - MSCredToMITCred(msticket, mstmp ? pResponse->Tickets[i].ClientRealm : msticket->DomainName, context, &fetchcreds); + if (!MSCredToMITCred(msticket, mstmp ? pResponse->Tickets[i].ClientRealm : msticket->DomainName, context, &fetchcreds)) + { + LsaFreeReturnBuffer(pResponse); + kret = KRB5_FCC_INTERNAL; + goto cleanup; + } LsaFreeReturnBuffer(pResponse); }