From 29751c62da571957e397ba3875b6bf79959ae41d Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Wed, 31 Mar 2004 21:22:25 +0000 Subject: [PATCH] Delay load the ADVAPI32.DLL and SECUR32.DLL libraries within KRB5_32.DLL Then modify the MSLSA implementation to ensure that none of the APIs loaded from those DLLs are executed on Windows platforms prior to Windows 2000. This ensures that the DLLs will never be loaded enabling KRB5_32.DLL to continue to be used on Windows 9x. ticket: new target_version: 1.3.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16217 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/ChangeLog | 6 +++ src/lib/Makefile.in | 5 +- src/lib/krb5/ccache/ChangeLog | 8 +++ src/lib/krb5/ccache/cc_mslsa.c | 97 +++++++++++++++++++++++++++++++--- 4 files changed, 106 insertions(+), 10 deletions(-) diff --git a/src/lib/ChangeLog b/src/lib/ChangeLog index 80e49d9fc..d411299f4 100644 --- a/src/lib/ChangeLog +++ b/src/lib/ChangeLog @@ -1,3 +1,9 @@ +2004-03-31 Jeffrey Altman + + * Makefile.in: Delay Load the ADVAPI32.DLL and SECUR32.DLL libraries + to enable the KRB5_32.DLL to load on Windows 9x systems which do + not support the LSA Kerberos functionality. + 2004-03-08 Ken Raeburn * Makefile.in (LOCAL_SUBDIRS): Renamed from MY_SUBDIRS. diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in index 04659d08a..b073437e4 100644 --- a/src/lib/Makefile.in +++ b/src/lib/Makefile.in @@ -52,8 +52,9 @@ KRB5RC = krb5.rc VERSIONRC = $(BUILDTOP)\windows\version.rc WINLIBS = kernel32.lib ws2_32.lib user32.lib shell32.lib oldnames.lib \ - version.lib secur32.lib advapi32.lib gdi32.lib -WINDLLFLAGS = $(DLL_LINKOPTS) -base:0x1c000000 + version.lib secur32.lib advapi32.lib gdi32.lib delayimp.lib +WINDLLFLAGS = $(DLL_LINKOPTS) -base:0x1c000000 /DELAYLOAD:secur32.dll \ + /DELAYLOAD:advapi32.dll /DELAY:UNLOAD /DELAY:NOBIND NO_GLUE=$(OUTPRE)no_glue.obj K5_GLUE=$(OUTPRE)k5_glue.obj diff --git a/src/lib/krb5/ccache/ChangeLog b/src/lib/krb5/ccache/ChangeLog index a03f9fd29..61e7a665c 100644 --- a/src/lib/krb5/ccache/ChangeLog +++ b/src/lib/krb5/ccache/ChangeLog @@ -1,3 +1,11 @@ +2004-03-31 Jeffrey Altman + + * cc_mslsa.c: Add IsWindows2000() function and use it to return + errors whenever the MSLSA: ccache type is used on platforms + older than Windows 2000. This is needed to prevent calls to + the functions loaded from ADVAPI32.DLL and SECUR32.DLL which + do not exist on the Windows 9x platforms. + 2004-03-26 Sam Hartman * fcc.h: Remove all but the definition of krb5_cc_file_ops because diff --git a/src/lib/krb5/ccache/cc_mslsa.c b/src/lib/krb5/ccache/cc_mslsa.c index 44ef45939..0caf65a28 100644 --- a/src/lib/krb5/ccache/cc_mslsa.c +++ b/src/lib/krb5/ccache/cc_mslsa.c @@ -67,6 +67,30 @@ #define MAX_MSG_SIZE 256 #define MAX_MSPRINC_SIZE 1024 +static BOOL IsWindows2000 (void) +{ + static BOOL fChecked = FALSE; + static BOOL fIsWin2K = FALSE; + + if (!fChecked) + { + OSVERSIONINFO Version; + fChecked = TRUE; + + memset (&Version, 0x00, sizeof(Version)); + Version.dwOSVersionInfoSize = sizeof(Version); + + if (GetVersionEx (&Version)) + { + if (Version.dwPlatformId == VER_PLATFORM_WIN32_NT && + Version.dwMajorVersion >= 5) + fIsWin2K = TRUE; + } + } + + return fIsWin2K; +} + static VOID ShowWinError(LPSTR szAPI, DWORD dwError) { @@ -1099,6 +1123,9 @@ krb5_lcc_resolve (krb5_context context, krb5_ccache *id, const char *residual) ULONG PackageId; KERB_EXTERNAL_TICKET *msticket; + if (!IsWindows2000()) + return KRB5_FCC_NOFILE; + if (!IsKerberosLogon()) return KRB5_FCC_NOFILE; @@ -1168,6 +1195,9 @@ krb5_lcc_resolve (krb5_context context, krb5_ccache *id, const char *residual) static krb5_error_code KRB5_CALLCONV krb5_lcc_initialize(krb5_context context, krb5_ccache id, krb5_principal princ) { + if (!IsWindows2000()) + return KRB5_FCC_NOFILE; + return KRB5_CC_READONLY; } @@ -1184,13 +1214,20 @@ static krb5_error_code KRB5_CALLCONV krb5_lcc_close(krb5_context context, krb5_ccache id) { register int closeval = KRB5_OK; - register krb5_lcc_data *data = (krb5_lcc_data *) id->data; - - CloseHandle(data->LogonHandle); + register krb5_lcc_data *data; + + if (!IsWindows2000()) + return KRB5_FCC_NOFILE; - krb5_xfree(data); - krb5_xfree(id); + if (id) { + data = (krb5_lcc_data *) id->data; + if (data) { + CloseHandle(data->LogonHandle); + krb5_xfree(data); + } + krb5_xfree(id); + } return closeval; } @@ -1204,9 +1241,17 @@ krb5_lcc_close(krb5_context context, krb5_ccache id) static krb5_error_code KRB5_CALLCONV krb5_lcc_destroy(krb5_context context, krb5_ccache id) { - register krb5_lcc_data *data = (krb5_lcc_data *) id->data; + register krb5_lcc_data *data; + + if (!IsWindows2000()) + return KRB5_FCC_NOFILE; - return PurgeMSTGT(data->LogonHandle, data->PackageId) ? KRB5_FCC_INTERNAL : KRB5_OK; + if (id) { + data = (krb5_lcc_data *) id->data; + + return PurgeMSTGT(data->LogonHandle, data->PackageId) ? KRB5_FCC_INTERNAL : KRB5_OK; + } + return KRB5_FCC_INTERNAL; } /* @@ -1229,6 +1274,9 @@ krb5_lcc_start_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *cur krb5_lcc_data *data = (krb5_lcc_data *)id->data; KERB_EXTERNAL_TICKET *msticket; + if (!IsWindows2000()) + return KRB5_FCC_NOFILE; + lcursor = (krb5_lcc_cursor *) malloc(sizeof(krb5_lcc_cursor)); if (lcursor == NULL) { *cursor = 0; @@ -1277,10 +1325,15 @@ static krb5_error_code KRB5_CALLCONV krb5_lcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor, krb5_creds *creds) { krb5_lcc_cursor *lcursor = (krb5_lcc_cursor *) *cursor; - krb5_lcc_data *data = (krb5_lcc_data *)id->data; + krb5_lcc_data *data; KERB_EXTERNAL_TICKET *msticket; krb5_error_code retval = KRB5_OK; + if (!IsWindows2000()) + return KRB5_FCC_NOFILE; + + data = (krb5_lcc_data *)id->data; + next_cred: if ( lcursor->index >= lcursor->response->CountOfTickets ) { if (retval == KRB5_OK) @@ -1330,6 +1383,9 @@ krb5_lcc_end_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *curso { krb5_lcc_cursor *lcursor = (krb5_lcc_cursor *) *cursor; + if (!IsWindows2000()) + return KRB5_FCC_NOFILE; + if ( lcursor ) { LsaFreeReturnBuffer(lcursor->mstgt); LsaFreeReturnBuffer(lcursor->response); @@ -1348,6 +1404,9 @@ krb5_lcc_end_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *curso static krb5_error_code KRB5_CALLCONV krb5_lcc_generate_new (krb5_context context, krb5_ccache *id) { + if (!IsWindows2000()) + return KRB5_FCC_NOFILE; + return KRB5_CC_READONLY; } @@ -1361,6 +1420,13 @@ krb5_lcc_generate_new (krb5_context context, krb5_ccache *id) static const char * KRB5_CALLCONV krb5_lcc_get_name (krb5_context context, krb5_ccache id) { + + if (!IsWindows2000()) + return KRB5_FCC_NOFILE; + + if ( !id ) + return ""; + return (char *) ((krb5_lcc_data *) id->data)->cc_name; } @@ -1382,6 +1448,9 @@ krb5_lcc_get_principal(krb5_context context, krb5_ccache id, krb5_principal *pri { krb5_error_code kret = KRB5_OK; + if (!IsWindows2000()) + return KRB5_FCC_NOFILE; + /* obtain principal */ return krb5_copy_principal(context, ((krb5_lcc_data *) id->data)->princ, princ); } @@ -1397,6 +1466,9 @@ krb5_lcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields, krb5_creds * mcreds_noflags; krb5_creds fetchcreds; + if (!IsWindows2000()) + return KRB5_FCC_NOFILE; + memset(&fetchcreds, 0, sizeof(krb5_creds)); /* first try to find out if we have an existing ticket which meets the requirements */ @@ -1474,6 +1546,9 @@ krb5_lcc_store(krb5_context context, krb5_ccache id, krb5_creds *creds) KERB_EXTERNAL_TICKET *msticket = 0; krb5_creds * creds_noflags; + if (!IsWindows2000()) + return KRB5_FCC_NOFILE; + /* if not, we must try to get a ticket without specifying any flags or etypes */ krb5_copy_creds(context, creds, &creds_noflags); creds_noflags->ticket_flags = 0; @@ -1496,6 +1571,9 @@ static krb5_error_code KRB5_CALLCONV krb5_lcc_remove_cred(krb5_context context, krb5_ccache cache, krb5_flags flags, krb5_creds *creds) { + if (!IsWindows2000()) + return KRB5_FCC_NOFILE; + return KRB5_CC_READONLY; } @@ -1507,6 +1585,9 @@ krb5_lcc_remove_cred(krb5_context context, krb5_ccache cache, krb5_flags flags, static krb5_error_code KRB5_CALLCONV krb5_lcc_set_flags(krb5_context context, krb5_ccache id, krb5_flags flags) { + if (!IsWindows2000()) + return KRB5_FCC_NOFILE; + return KRB5_OK; } -- 2.26.2