From c58721acb8b2cc4d46315cb578515da6be873713 Mon Sep 17 00:00:00 2001
From: Jeffrey Altman <jaltman@secure-endpoints.com>
Date: Wed, 28 Jun 2006 23:00:09 +0000
Subject: [PATCH] 	cc_mslsa.c:  The WOW64 environment on 64-bit versions
 of   	Windows prior to Vista Beta 2 did not implement the Lsa 
 functions used by the MSLSA: ccache.   This patch disables 	the MSLSA:
 ccache in broken WOW64 environments by checking 	the Windows version
 and the existence and response of the 	IsWow64Process API.

ticket: 3940
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18250 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/krb5/ccache/cc_mslsa.c | 45 +++++++++++++++++++++++++++++++---
 1 file changed, 41 insertions(+), 4 deletions(-)

diff --git a/src/lib/krb5/ccache/cc_mslsa.c b/src/lib/krb5/ccache/cc_mslsa.c
index 6a75aef86..46fa507b3 100644
--- a/src/lib/krb5/ccache/cc_mslsa.c
+++ b/src/lib/krb5/ccache/cc_mslsa.c
@@ -136,6 +136,43 @@ is_windows_xp (void)
    return fIsWinXP;
 }
 
+typedef BOOL (WINAPI *LPFN_ISWOW64PROCESS) (HANDLE, PBOOL);
+
+static BOOL
+is_broken_wow64(void)
+{
+    static BOOL fChecked = FALSE;
+    static BOOL fIsBrokenWow64 = FALSE;
+
+    if (!fChecked)
+    {
+	BOOL isWow64 = FALSE;
+	OSVERSIONINFO Version;
+	LPFN_ISWOW64PROCESS fnIsWow64Process = 
+	    (LPFN_ISWOW64PROCESS)GetProcAddress(GetModuleHandle("kernel32"),
+						"IsWow64Process");
+
+	/* If we don't find the fnIsWow64Process function then we 
+	 * are not running in a broken Wow64 
+	 */
+	if (fnIsWow64Process) {
+	    memset (&Version, 0x00, sizeof(Version));
+	    Version.dwOSVersionInfoSize = sizeof(Version);
+
+	    if (fnIsWow64Process(GetCurrentProcess(), &isWow64) && 
+		GetVersionEx (&Version)) {
+		if (isWow64 && 
+		    Version.dwPlatformId == VER_PLATFORM_WIN32_NT &&
+		    Version.dwMajorVersion < 6)
+		    fIsBrokenWow64 = TRUE;
+	    } 
+	}
+	fChecked = TRUE;
+    }
+
+    return fIsBrokenWow64;
+}
+
 /* This flag is only supported by versions of Windows which have obtained
  * a code change from Microsoft.   When the code change is installed,
  * setting this flag will cause all retrieved credentials to be stored 
@@ -729,9 +766,9 @@ IsKerberosLogon(VOID)
             usLength = (pSessionData->AuthenticationPackage).Length;
             if (usLength < 256)
             {
-                lstrcpyn (buffer, usBuffer, usLength);
-                lstrcat (buffer,L"");
-                if ( !lstrcmp(L"Kerberos",buffer) )
+                lstrcpynW (buffer, usBuffer, usLength);
+                lstrcatW (buffer,L"");
+                if ( !lstrcmpW(L"Kerberos",buffer) )
                     Success = TRUE;
             }
         }
@@ -1888,7 +1925,7 @@ krb5_lcc_resolve (krb5_context context, krb5_ccache *id, const char *residual)
     KERB_EXTERNAL_TICKET *msticket;
     krb5_error_code retval = KRB5_OK;
 
-    if (!is_windows_2000())
+    if (!is_windows_2000() || is_broken_wow64())
         return KRB5_FCC_NOFILE;
 
 #ifdef COMMENT
-- 
2.26.2