From 4144f7756e6ca511ff244e06a547bc5594cdd596 Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Mon, 12 Dec 2011 20:45:33 +0000 Subject: [PATCH] kfw fixes: make leash ignore credentials that store config principals Signed-off-by: Kevin Wasserman ticket: 7050 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25555 dc483132-0cff-0310-8789-dd5450dbe970 --- src/windows/include/loadfuncs-krb5.h | 7 +++++++ src/windows/leashdll/krb5routines.c | 5 +++++ src/windows/leashdll/leashdll.c | 2 ++ src/windows/leashdll/leashdll.h | 1 + 4 files changed, 15 insertions(+) diff --git a/src/windows/include/loadfuncs-krb5.h b/src/windows/include/loadfuncs-krb5.h index 58ff443bf..b577a95cd 100644 --- a/src/windows/include/loadfuncs-krb5.h +++ b/src/windows/include/loadfuncs-krb5.h @@ -1775,4 +1775,11 @@ TYPEDEF_FUNC( krb5_clear_error_message, (krb5_context) ); + +TYPEDEF_FUNC( + krb5_boolean, + KRB5_CALLCONV, + krb5_is_config_principal, + (krb5_context, krb5_const_principal) + ); #endif /* __LOADFUNCS_KRB5_H__ */ diff --git a/src/windows/leashdll/krb5routines.c b/src/windows/leashdll/krb5routines.c index 521602c6f..ccd9dd8ce 100644 --- a/src/windows/leashdll/krb5routines.c +++ b/src/windows/leashdll/krb5routines.c @@ -450,6 +450,11 @@ not_an_API_LeashKRB5GetTickets( while (!(code = pkrb5_cc_next_cred(ctx, cache, &KRBv5Cursor, &KRBv5Credentials))) { + if ((*pkrb5_is_config_principal)(ctx, KRBv5Credentials.server)) + { /* skip configuration credentials */ + (*pkrb5_free_cred_contents)(ctx, &KRBv5Credentials); + continue; + } if (!list) { list = (TicketList*) calloc(1, sizeof(TicketList)); diff --git a/src/windows/leashdll/leashdll.c b/src/windows/leashdll/leashdll.c index 712a8e68b..eb11a366f 100644 --- a/src/windows/leashdll/leashdll.c +++ b/src/windows/leashdll/leashdll.c @@ -82,6 +82,7 @@ DECL_FUNC_PTR(krb5_free_addresses); DECL_FUNC_PTR(krb5_free_default_realm); DECL_FUNC_PTR(krb5_principal_compare); DECL_FUNC_PTR(krb5_string_to_deltat); +DECL_FUNC_PTR(krb5_is_config_principal); // ComErr functions DECL_FUNC_PTR(com_err); @@ -178,6 +179,7 @@ FUNC_INFO k5_fi[] = { MAKE_FUNC_INFO(krb5_free_default_realm), MAKE_FUNC_INFO(krb5_principal_compare), MAKE_FUNC_INFO(krb5_string_to_deltat), + MAKE_FUNC_INFO(krb5_is_config_principal), END_FUNC_INFO }; diff --git a/src/windows/leashdll/leashdll.h b/src/windows/leashdll/leashdll.h index 74cceab82..1b7ddfc12 100644 --- a/src/windows/leashdll/leashdll.h +++ b/src/windows/leashdll/leashdll.h @@ -221,6 +221,7 @@ extern DECL_FUNC_PTR(krb5_c_random_make_octets); extern DECL_FUNC_PTR(krb5_free_default_realm); extern DECL_FUNC_PTR(krb5_principal_compare); extern DECL_FUNC_PTR(krb5_string_to_deltat); +extern DECL_FUNC_PTR(krb5_is_config_principal); #ifndef NO_KRB4 // Krb524 functions -- 2.26.2