From 03daaf5a14da271187063fd0682c320965fb2a48 Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Tue, 27 Mar 2007 13:37:30 +0000 Subject: [PATCH] This commit addresses several issues: (1) The registry key used for activating event reporting to the Windows application log was wrong. It should be "NetworkProvider" not "Network Provider" (2) Event logging of the state of the "Debug" value has been added so that it is possible to debug the use of event reporting. (3) The code no longer performs the pre-kinit operations if a password was not provided. (4) A new function KFW_copy_file_cache_to_api_cache() has been added. This is used instead of KFW_copy_file_cache_to_default_cache() permitting the default cache to be MSLSA, FILE, or anything else. The API cache name will be of the form API:principal just as is done by Network Identity Manager. ticket: 5469 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19289 dc483132-0cff-0310-8789-dd5450dbe970 --- src/windows/kfwlogon/kfwcommon.c | 149 +++++++++++++++++++++++++++---- src/windows/kfwlogon/kfwcpcc.c | 2 +- 2 files changed, 131 insertions(+), 20 deletions(-) diff --git a/src/windows/kfwlogon/kfwcommon.c b/src/windows/kfwlogon/kfwcommon.c index b578d943b..1a2de0826 100644 --- a/src/windows/kfwlogon/kfwcommon.c +++ b/src/windows/kfwlogon/kfwcommon.c @@ -293,19 +293,41 @@ static HANDLE hDLL; BOOL IsDebugLogging(void) { - DWORD LSPtype, LSPsize; + DWORD LSPsize; HKEY NPKey; DWORD dwDebug = FALSE; if (RegOpenKeyEx(HKEY_LOCAL_MACHINE, - "System\\CurrentControlSet\\Services\\MIT Kerberos\\Network Provider", - 0, KEY_QUERY_VALUE, &NPKey) == ERROR_SUCCESS) { + "System\\CurrentControlSet\\Services\\MIT Kerberos\\NetworkProvider", + 0, KEY_QUERY_VALUE, &NPKey) == ERROR_SUCCESS) + { LSPsize=sizeof(dwDebug); - if (RegQueryValueEx(NPKey, "Debug", NULL, &LSPtype, (LPBYTE)&dwDebug, &LSPsize) != ERROR_SUCCESS - || LSPtype != REG_DWORD) + if (RegQueryValueEx(NPKey, "Debug", NULL, NULL, (LPBYTE)&dwDebug, &LSPsize) != ERROR_SUCCESS) + { + static int once = 0; + dwDebug = FALSE; + if (!once) { + HANDLE h; char *ptbuf[1]; + h = RegisterEventSource(NULL, KFW_LOGON_EVENT_NAME); + ptbuf[0] = "Unable to read debug value"; + ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, (const char **)ptbuf, NULL); + DeregisterEventSource(h); + once++; + } + } RegCloseKey (NPKey); + } else { + static int once = 0; + if (!once) { + HANDLE h; char *ptbuf[1]; + h = RegisterEventSource(NULL, KFW_LOGON_EVENT_NAME); + ptbuf[0] = "Unable to open network provider key"; + ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, (const char **)ptbuf, NULL); + DeregisterEventSource(h); + once++; + } } return(dwDebug ? TRUE : FALSE); @@ -719,7 +741,7 @@ KFW_get_cred( char * username, char * pname = 0; krb5_error_code code; - if (!pkrb5_init_context || !username || !password) + if (!pkrb5_init_context || !username || !password || !password[0]) return 0; DebugEvent0(username); @@ -751,22 +773,23 @@ KFW_get_cred( char * username, if ( code ) goto cleanup; DebugEvent0("got ccache"); + if ( lifetime == 0 ) lifetime = pLeash_get_default_lifetime(); - if ( password[0] ) { - code = KFW_kinit( ctx, cc, HWND_DESKTOP, - pname, - password, - lifetime, - pLeash_get_default_forwardable(), - pLeash_get_default_proxiable(), - pLeash_get_default_renewable() ? pLeash_get_default_renew_till() : 0, - pLeash_get_default_noaddresses(), - pLeash_get_default_publicip()); - DebugEvent0("kinit returned"); - if ( code ) goto cleanup; - } + DebugEvent0("got lifetime"); + + code = KFW_kinit( ctx, cc, HWND_DESKTOP, + pname, + password, + lifetime, + pLeash_get_default_forwardable(), + pLeash_get_default_proxiable(), + pLeash_get_default_renewable() ? pLeash_get_default_renew_till() : 0, + pLeash_get_default_noaddresses(), + pLeash_get_default_publicip()); + DebugEvent0("kinit returned"); + if ( code ) goto cleanup; cleanup: if ( pname ) @@ -1148,6 +1171,94 @@ KFW_copy_file_cache_to_default_cache(char * filename) } +int +KFW_copy_file_cache_to_api_cache(char * filename) +{ + char cachename[MAX_PATH + 8] = "FILE:"; + krb5_context ctx = 0; + krb5_error_code code; + krb5_principal princ = 0; + krb5_ccache cc = 0; + krb5_ccache ncc = 0; + char *name = NULL; + int retval = 1; + + if (!pkrb5_init_context || !filename) + return 1; + + if ( strlen(filename) + sizeof("FILE:") > sizeof(cachename) ) + return 1; + + strcat(cachename, filename); + + code = pkrb5_init_context(&ctx); + if (code) ctx = 0; + + code = pkrb5_cc_resolve(ctx, cachename, &cc); + if (code) { + DebugEvent0("kfwcpcc krb5_cc_resolve failed"); + goto cleanup; + } + + code = pkrb5_cc_get_principal(ctx, cc, &princ); + if (code) { + DebugEvent0("kfwcpcc krb5_cc_get_principal failed"); + goto cleanup; + } + + code = pkrb5_unparse_name(ctx, princ, &name); + if (code) { + DebugEvent0("kfwcpcc krb5_unparse_name failed"); + goto cleanup; + } + + sprintf(cachename, "API:%s", name); + + code = pkrb5_cc_resolve(ctx, cachename, &ncc); + if (code) { + DebugEvent0("kfwcpcc krb5_cc_default failed"); + goto cleanup; + } + if (!code) { + code = pkrb5_cc_initialize(ctx, ncc, princ); + + if (!code) + code = pkrb5_cc_copy_creds(ctx,cc,ncc); + if (code) { + DebugEvent0("kfwcpcc krb5_cc_copy_creds failed"); + goto cleanup; + } + } + if ( ncc ) { + pkrb5_cc_close(ctx, ncc); + ncc = 0; + } + + retval=0; /* success */ + + cleanup: + if (name) + pkrb5_free_unparsed_name(ctx, name); + + if ( cc ) { + pkrb5_cc_close(ctx, cc); + cc = 0; + } + + DeleteFile(filename); + + if ( princ ) { + pkrb5_free_principal(ctx, princ); + princ = 0; + } + + if (ctx) + pkrb5_free_context(ctx); + + return 0; +} + + int KFW_destroy_tickets_for_principal(char * user) { diff --git a/src/windows/kfwlogon/kfwcpcc.c b/src/windows/kfwlogon/kfwcpcc.c index c3485c02d..5ff778552 100644 --- a/src/windows/kfwlogon/kfwcpcc.c +++ b/src/windows/kfwlogon/kfwcpcc.c @@ -33,7 +33,7 @@ int main(int argc, char *argv[]) KFW_initialize(); - return KFW_copy_file_cache_to_default_cache(argv[1]); + return KFW_copy_file_cache_to_api_cache(argv[1]); } -- 2.26.2