\r
#include "kfwlogon.h"\r
#include <winbase.h>\r
-#include <Aclapi.h>\r
-#include <userenv.h>\r
-#include <Sddl.h>\r
\r
#include <io.h>\r
#include <sys/stat.h>\r
return(code);\r
}\r
\r
-int KFW_set_ccache_dacl(char *filename, HANDLE hUserToken)\r
-{\r
- // SID_IDENTIFIER_AUTHORITY authority = SECURITY_NT_SID_AUTHORITY;\r
- PSID pSystemSID = NULL;\r
- DWORD SystemSIDlength, UserSIDlength;\r
- PACL ccacheACL = NULL;\r
- DWORD ccacheACLlength;\r
- PTOKEN_USER pTokenUser = NULL;\r
- DWORD retLen;\r
- int ret = 0; \r
-\r
- /* Get System SID */\r
- ConvertStringSidToSid(SDDL_LOCAL_SYSTEM, &pSystemSID);\r
-\r
- /* Create ACL */\r
- SystemSIDlength = GetLengthSid(pSystemSID);\r
- ccacheACLlength = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE)\r
- + SystemSIDlength - sizeof(DWORD);\r
-\r
- if (hUserToken) {\r
- if (!GetTokenInformation(hUserToken, TokenUser, NULL, 0, &retLen))\r
- {\r
- if ( GetLastError() == ERROR_INSUFFICIENT_BUFFER ) {\r
- pTokenUser = (PTOKEN_USER) LocalAlloc(LPTR, retLen);\r
-\r
- if (!GetTokenInformation(hUserToken, TokenUser, pTokenUser, retLen, &retLen))\r
- {\r
- DebugEvent("GetTokenInformation failed: GLE = %lX", GetLastError());\r
- }\r
- } \r
- }\r
-\r
- if (pTokenUser) {\r
- UserSIDlength = GetLengthSid(pTokenUser->User.Sid);\r
-\r
- ccacheACLlength += sizeof(ACCESS_ALLOWED_ACE) + UserSIDlength \r
- - sizeof(DWORD);\r
- }\r
- }\r
-\r
- ccacheACL = GlobalAlloc(GMEM_FIXED, ccacheACLlength);\r
- InitializeAcl(ccacheACL, ccacheACLlength, ACL_REVISION);\r
- AddAccessAllowedAceEx(ccacheACL, ACL_REVISION, 0,\r
- STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL,\r
- pSystemSID);\r
- if (pTokenUser) {\r
- AddAccessAllowedAceEx(ccacheACL, ACL_REVISION, 0,\r
- STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL,\r
- pTokenUser->User.Sid);\r
- if (!SetNamedSecurityInfo( filename, SE_FILE_OBJECT,\r
- DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION,\r
- NULL,\r
- NULL, \r
- ccacheACL,\r
- NULL)) {\r
- DebugEvent("SetNamedSecurityInfo DACL failed: GLE = 0x%lX", GetLastError());\r
- ret = 1;\r
- }\r
- if (!SetNamedSecurityInfo( filename, SE_FILE_OBJECT,\r
- OWNER_SECURITY_INFORMATION,\r
- pTokenUser->User.Sid,\r
- NULL, \r
- NULL,\r
- NULL)) {\r
- DebugEvent("SetNamedSecurityInfo Owner failed: GLE = 0x%lX", GetLastError());\r
- ret = 1;\r
- }\r
- } else {\r
- if (!SetNamedSecurityInfo( filename, SE_FILE_OBJECT,\r
- DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION,\r
- NULL,\r
- NULL, \r
- ccacheACL,\r
- NULL)) {\r
- DebugEvent("SetNamedSecurityInfo failed: GLE = 0x%lX", GetLastError());\r
- ret = 1;\r
- }\r
- }\r
-\r
- if (pSystemSID)\r
- LocalFree(pSystemSID);\r
- if (pTokenUser)\r
- LocalFree(pTokenUser);\r
- if (ccacheACL)\r
- GlobalFree(ccacheACL);\r
- return ret;\r
-}\r
-\r
-int KFW_obtain_user_temp_directory(HANDLE hUserToken, char *newfilename, int size)\r
-{\r
- int retval = 0;\r
- DWORD dwSize = size-1; /* leave room for nul */\r
-\r
- *newfilename = '\0';\r
-\r
- if ( !ExpandEnvironmentStringsForUser(hUserToken, "%TEMP%", newfilename, size) &&\r
- !ExpandEnvironmentStringsForUser(hUserToken, "%TMP%", newfilename, size))\r
- return 1;\r
- return 0;\r
-}\r
-\r
void\r
KFW_copy_cache_to_system_file(char * user, char * szLogonId)\r
{\r
krb5_principal princ = 0;\r
krb5_ccache cc = 0;\r
krb5_ccache ncc = 0;\r
- PSECURITY_ATTRIBUTES pSA = NULL;\r
- \r
+\r
if (!pkrb5_init_context)\r
return;\r
\r
\r
strcat(cachename, filename);\r
\r
- DebugEvent("KFW_Logon_Event - ccache %s", cachename);\r
-\r
DeleteFile(filename);\r
\r
code = pkrb5_init_context(&ctx);\r
code = pkrb5_cc_initialize(ctx, ncc, princ);\r
if (code) goto cleanup;\r
\r
- KFW_set_ccache_dacl(filename, NULL);\r
-\r
code = pkrb5_cc_copy_creds(ctx,cc,ncc);\r
\r
cleanup:\r
}\r
\r
int\r
-KFW_copy_file_cache_to_default_cache(char * filename)\r
+KFW_copy_system_file_to_default_cache(char * filename)\r
{\r
char cachename[264] = "FILE:";\r
krb5_context ctx = 0;\r
if (code) ctx = 0;\r
\r
code = pkrb5_cc_resolve(ctx, cachename, &cc);\r
- if (code) {\r
- DebugEvent0("kfwcpcc krb5_cc_resolve failed");\r
- goto cleanup;\r
- }\r
+ if (code) goto cleanup;\r
\r
code = pkrb5_cc_get_principal(ctx, cc, &princ);\r
- if (code) {\r
- DebugEvent0("kfwcpcc krb5_cc_get_principal failed");\r
- goto cleanup;\r
- }\r
+ if (code) goto cleanup;\r
\r
code = pkrb5_cc_default(ctx, &ncc);\r
- if (code) {\r
- DebugEvent0("kfwcpcc krb5_cc_default failed");\r
- goto cleanup;\r
- }\r
if (!code) {\r
code = pkrb5_cc_initialize(ctx, ncc, princ);\r
\r
if (!code)\r
code = pkrb5_cc_copy_creds(ctx,cc,ncc);\r
- if (code) {\r
- DebugEvent0("kfwcpcc krb5_cc_copy_creds failed");\r
- goto cleanup;\r
- }\r
}\r
if ( ncc ) {\r
pkrb5_cc_close(ctx, ncc);\r
/*\r
-Copyright 2005,2006 by the Massachusetts Institute of Technology\r
+Copyright 2005 by the Massachusetts Institute of Technology\r
\r
All rights reserved.\r
\r
char szLogonId[128] = "";\r
DWORD count;\r
char filename[256];\r
- char newfilename[256];\r
char commandline[512];\r
STARTUPINFO startupinfo;\r
PROCESS_INFORMATION procinfo;\r
GetWindowsDirectory(filename, sizeof(filename));\r
}\r
\r
- if ( strlen(filename) + strlen(szLogonId) + 2 > sizeof(filename) ) {\r
- DebugEvent0("KFW_Logon_Event - filename too long");\r
- return;\r
- }\r
-\r
- strcat(filename, "\\");\r
- strcat(filename, szLogonId); \r
+ if ( strlen(filename) + strlen(szLogonId) + 2 <= sizeof(filename) ) {\r
+ strcat(filename, "\\");\r
+ strcat(filename, szLogonId); \r
\r
- KFW_set_ccache_dacl(filename, pInfo->hToken);\r
+ sprintf(commandline, "kfwcpcc.exe \"%s\"", filename);\r
\r
- KFW_obtain_user_temp_directory(pInfo->hToken, newfilename, sizeof(newfilename));\r
-\r
- if ( strlen(newfilename) + strlen(szLogonId) + 2 > sizeof(newfilename) ) {\r
- DebugEvent0("KFW_Logon_Event - new filename too long");\r
- return;\r
- }\r
-\r
- strcat(newfilename, "\\");\r
- strcat(newfilename, szLogonId); \r
-\r
- if (!MoveFileEx(filename, newfilename, \r
- MOVEFILE_COPY_ALLOWED | MOVEFILE_REPLACE_EXISTING | MOVEFILE_WRITE_THROUGH)) {\r
- DebugEvent("KFW_Logon_Event - MoveFileEx failed GLE = 0x%x", GetLastError());\r
- return;\r
- }\r
-\r
- sprintf(commandline, "kfwcpcc.exe \"%s\"", newfilename);\r
-\r
- GetStartupInfo(&startupinfo);\r
- if (CreateProcessAsUser( pInfo->hToken,\r
+ GetStartupInfo(&startupinfo);\r
+ if (CreateProcessAsUser( pInfo->hToken,\r
"kfwcpcc.exe",\r
commandline,\r
NULL,\r
NULL,\r
&startupinfo,\r
&procinfo)) \r
- {\r
- DebugEvent("KFW_Logon_Event - CommandLine %s", commandline);\r
+ {\r
+ WaitForSingleObject(procinfo.hProcess, 30000);\r
\r
- WaitForSingleObject(procinfo.hProcess, 30000);\r
-\r
- CloseHandle(procinfo.hThread);\r
- CloseHandle(procinfo.hProcess);\r
- } else {\r
- DebugEvent0("KFW_Logon_Event - CreateProcessFailed");\r
+ CloseHandle(procinfo.hThread);\r
+ CloseHandle(procinfo.hProcess);\r
+ }\r
}\r
\r
DeleteFile(filename);\r
projects / krb5.git / commitdiff