From 0f70ce0814ae83623a1188210fa36071d4ddec79 Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Tue, 6 Apr 2004 17:36:44 +0000 Subject: [PATCH] * cc_mslsa.c: In at least one case on Win2003 it appears that it is possible for the logon session to be authenticated via NTLM and yet for there to be Kerberos credentials obtained by the LSA on behalf of the logged in user. Therefore, we are removing the test for IsKerberosLogon() within krb5_lcc_resolve() which was meant to avoid the need to perform GetMSTGT() when there was no possibility of credentials being found. ticket: new tags: pullup target_version: next git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16235 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/ccache/ChangeLog | 11 +++++++++++ src/lib/krb5/ccache/cc_mslsa.c | 9 +++++++++ 2 files changed, 20 insertions(+) diff --git a/src/lib/krb5/ccache/ChangeLog b/src/lib/krb5/ccache/ChangeLog index 61e7a665c..ad73c2a54 100644 --- a/src/lib/krb5/ccache/ChangeLog +++ b/src/lib/krb5/ccache/ChangeLog @@ -1,3 +1,14 @@ +2004-04-06 Jeffrey Altman + + * cc_mslsa.c: + In at least one case on Win2003 it appears that it is possible + for the logon session to be authenticated via NTLM and yet for + there to be Kerberos credentials obtained by the LSA on behalf + of the logged in user. Therefore, we are removing the test + for IsKerberosLogon() within krb5_lcc_resolve() + which was meant to avoid the need to perform GetMSTGT() when + there was no possibility of credentials being found. + 2004-03-31 Jeffrey Altman * cc_mslsa.c: Add IsWindows2000() function and use it to return diff --git a/src/lib/krb5/ccache/cc_mslsa.c b/src/lib/krb5/ccache/cc_mslsa.c index 0caf65a28..9d0675359 100644 --- a/src/lib/krb5/ccache/cc_mslsa.c +++ b/src/lib/krb5/ccache/cc_mslsa.c @@ -1126,8 +1126,17 @@ krb5_lcc_resolve (krb5_context context, krb5_ccache *id, const char *residual) if (!IsWindows2000()) return KRB5_FCC_NOFILE; +#ifdef COMMENT + /* In at least one case on Win2003 it appears that it is possible + * for the logon session to be authenticated via NTLM and yet for + * there to be Kerberos credentials obtained by the LSA on behalf + * of the logged in user. Therefore, we are removing this test + * which was meant to avoid the need to perform GetMSTGT() when + * there was no possibility of credentials being found. + */ if (!IsKerberosLogon()) return KRB5_FCC_NOFILE; +#endif if(!PackageConnectLookup(&LogonHandle, &PackageId)) return KRB5_FCC_NOFILE; -- 2.26.2