From 56840b1ea06d75507e0a8a13453dbf5348208827 Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Fri, 28 Sep 2007 23:39:06 +0000 Subject: [PATCH] pull up r19866 from trunk r19866@cathode-dark-space: jaltman | 2007-08-24 10:49:42 -0400 ticket: new subject: NIM: External changes to default identity are improperly reflected by krb5 provider component: windows The Kerberos v5 identity provider for Network Identity Manager monitors the "Software\MIT\kerberos5" registry key for the logged in user for changes to the "ccname" value. If a change is noticed, it would query the Kerberos v5 library for the default credentials cache and attempt to determine the new default identity, which it would then communicate to the Network Identity Manager application. When the identity provider queried the Kerberos v5 library after a registry change notification, it used a cached krb5_context for the thread. The default credentials cache found using this krb5_context may not be what the registry specified. This patch modifies the code in k5_ccname_monitor_thread() to create a use a new krb5_context when querying for the default credentials cache following a registry change notification. Doing so ensures that Kerberos v5 library takes the new registry value into account. ticket: 5687 version_fixed: 1.6.3 git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@20001 dc483132-0cff-0310-8789-dd5450dbe970 --- .../identity/plugins/krb5/krb5identpro.c | 21 +++++++++---------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/src/windows/identity/plugins/krb5/krb5identpro.c b/src/windows/identity/plugins/krb5/krb5identpro.c index db1422f01..c1c8f7be7 100644 --- a/src/windows/identity/plugins/krb5/krb5identpro.c +++ b/src/windows/identity/plugins/krb5/krb5identpro.c @@ -1644,7 +1644,6 @@ HANDLE h_ccname_exit_event; HANDLE h_ccname_thread; DWORD WINAPI k5_ccname_monitor_thread(LPVOID lpParameter) { - krb5_context ctx = 0; HKEY hk_ccname; HANDLE h_notify; @@ -1696,11 +1695,6 @@ DWORD WINAPI k5_ccname_monitor_thread(LPVOID lpParameter) { reg_ccname[0] = L'\0'; } - l = pkrb5_init_context(&ctx); - - if (l) - goto _exit_0; - h_notify = CreateEvent(NULL, FALSE, FALSE, L"Local\\Krb5CCNameChangeNotifier"); if (h_notify == NULL) @@ -1748,8 +1742,16 @@ DWORD WINAPI k5_ccname_monitor_thread(LPVOID lpParameter) { } if (_wcsicmp(new_ccname, reg_ccname)) { - k5_refresh_default_identity(ctx); - StringCbCopy(reg_ccname, sizeof(reg_ccname), new_ccname); + krb5_context ctx = NULL; + + l = pkrb5_init_context(&ctx); + if (l == 0 && ctx != NULL) { + k5_refresh_default_identity(ctx); + StringCbCopy(reg_ccname, sizeof(reg_ccname), new_ccname); + } + + if (ctx) + pkrb5_free_context(ctx); } } else { @@ -1766,9 +1768,6 @@ DWORD WINAPI k5_ccname_monitor_thread(LPVOID lpParameter) { RegCloseKey(hk_ccname); - if (ctx) - pkrb5_free_context(ctx); - _exit: ExitThread(rv); -- 2.26.2