summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeffrey Altman <jaltman@secure-endpoints.com>2004-03-31 21:22:25 +0000
committerJeffrey Altman <jaltman@secure-endpoints.com>2004-03-31 21:22:25 +0000
commit29751c62da571957e397ba3875b6bf79959ae41d (patch)
treeff6d5a492e4399756f03693c1927f9f9c49cd133
parent8f28d6aac5109199f321fc2f90e5e0fea8654505 (diff)
downloadkrb5-29751c62da571957e397ba3875b6bf79959ae41d.tar.gz
krb5-29751c62da571957e397ba3875b6bf79959ae41d.tar.xz
krb5-29751c62da571957e397ba3875b6bf79959ae41d.zip
Delay load the ADVAPI32.DLL and SECUR32.DLL libraries within KRB5_32.DLL
Then modify the MSLSA implementation to ensure that none of the APIs loaded from those DLLs are executed on Windows platforms prior to Windows 2000. This ensures that the DLLs will never be loaded enabling KRB5_32.DLL to continue to be used on Windows 9x. ticket: new target_version: 1.3.3 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16217 dc483132-0cff-0310-8789-dd5450dbe970
-rw-r--r--src/lib/ChangeLog6
-rw-r--r--src/lib/Makefile.in5
-rw-r--r--src/lib/krb5/ccache/ChangeLog8
-rw-r--r--src/lib/krb5/ccache/cc_mslsa.c97
4 files changed, 106 insertions, 10 deletions
diff --git a/src/lib/ChangeLog b/src/lib/ChangeLog
index 80e49d9fc9..d411299f4c 100644
--- a/src/lib/ChangeLog
+++ b/src/lib/ChangeLog
@@ -1,3 +1,9 @@
+2004-03-31 Jeffrey Altman <jaltman@mit.edu>
+
+ * Makefile.in: Delay Load the ADVAPI32.DLL and SECUR32.DLL libraries
+ to enable the KRB5_32.DLL to load on Windows 9x systems which do
+ not support the LSA Kerberos functionality.
+
2004-03-08 Ken Raeburn <raeburn@mit.edu>
* Makefile.in (LOCAL_SUBDIRS): Renamed from MY_SUBDIRS.
diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in
index 04659d08aa..b073437e4d 100644
--- a/src/lib/Makefile.in
+++ b/src/lib/Makefile.in
@@ -52,8 +52,9 @@ KRB5RC = krb5.rc
VERSIONRC = $(BUILDTOP)\windows\version.rc
WINLIBS = kernel32.lib ws2_32.lib user32.lib shell32.lib oldnames.lib \
- version.lib secur32.lib advapi32.lib gdi32.lib
-WINDLLFLAGS = $(DLL_LINKOPTS) -base:0x1c000000
+ version.lib secur32.lib advapi32.lib gdi32.lib delayimp.lib
+WINDLLFLAGS = $(DLL_LINKOPTS) -base:0x1c000000 /DELAYLOAD:secur32.dll \
+ /DELAYLOAD:advapi32.dll /DELAY:UNLOAD /DELAY:NOBIND
NO_GLUE=$(OUTPRE)no_glue.obj
K5_GLUE=$(OUTPRE)k5_glue.obj
diff --git a/src/lib/krb5/ccache/ChangeLog b/src/lib/krb5/ccache/ChangeLog
index a03f9fd291..61e7a665cd 100644
--- a/src/lib/krb5/ccache/ChangeLog
+++ b/src/lib/krb5/ccache/ChangeLog
@@ -1,3 +1,11 @@
+2004-03-31 Jeffrey Altman <jaltman@mit.edu>
+
+ * cc_mslsa.c: Add IsWindows2000() function and use it to return
+ errors whenever the MSLSA: ccache type is used on platforms
+ older than Windows 2000. This is needed to prevent calls to
+ the functions loaded from ADVAPI32.DLL and SECUR32.DLL which
+ do not exist on the Windows 9x platforms.
+
2004-03-26 Sam Hartman <hartmans@mit.edu>
* fcc.h: Remove all but the definition of krb5_cc_file_ops because
diff --git a/src/lib/krb5/ccache/cc_mslsa.c b/src/lib/krb5/ccache/cc_mslsa.c
index 44ef459390..0caf65a28c 100644
--- a/src/lib/krb5/ccache/cc_mslsa.c
+++ b/src/lib/krb5/ccache/cc_mslsa.c
@@ -67,6 +67,30 @@
#define MAX_MSG_SIZE 256
#define MAX_MSPRINC_SIZE 1024
+static BOOL IsWindows2000 (void)
+{
+ static BOOL fChecked = FALSE;
+ static BOOL fIsWin2K = FALSE;
+
+ if (!fChecked)
+ {
+ OSVERSIONINFO Version;
+ fChecked = TRUE;
+
+ memset (&Version, 0x00, sizeof(Version));
+ Version.dwOSVersionInfoSize = sizeof(Version);
+
+ if (GetVersionEx (&Version))
+ {
+ if (Version.dwPlatformId == VER_PLATFORM_WIN32_NT &&
+ Version.dwMajorVersion >= 5)
+ fIsWin2K = TRUE;
+ }
+ }
+
+ return fIsWin2K;
+}
+
static VOID
ShowWinError(LPSTR szAPI, DWORD dwError)
{
@@ -1099,6 +1123,9 @@ krb5_lcc_resolve (krb5_context context, krb5_ccache *id, const char *residual)
ULONG PackageId;
KERB_EXTERNAL_TICKET *msticket;
+ if (!IsWindows2000())
+ return KRB5_FCC_NOFILE;
+
if (!IsKerberosLogon())
return KRB5_FCC_NOFILE;
@@ -1168,6 +1195,9 @@ krb5_lcc_resolve (krb5_context context, krb5_ccache *id, const char *residual)
static krb5_error_code KRB5_CALLCONV
krb5_lcc_initialize(krb5_context context, krb5_ccache id, krb5_principal princ)
{
+ if (!IsWindows2000())
+ return KRB5_FCC_NOFILE;
+
return KRB5_CC_READONLY;
}
@@ -1184,13 +1214,20 @@ static krb5_error_code KRB5_CALLCONV
krb5_lcc_close(krb5_context context, krb5_ccache id)
{
register int closeval = KRB5_OK;
- register krb5_lcc_data *data = (krb5_lcc_data *) id->data;
-
- CloseHandle(data->LogonHandle);
+ register krb5_lcc_data *data;
+
+ if (!IsWindows2000())
+ return KRB5_FCC_NOFILE;
- krb5_xfree(data);
- krb5_xfree(id);
+ if (id) {
+ data = (krb5_lcc_data *) id->data;
+ if (data) {
+ CloseHandle(data->LogonHandle);
+ krb5_xfree(data);
+ }
+ krb5_xfree(id);
+ }
return closeval;
}
@@ -1204,9 +1241,17 @@ krb5_lcc_close(krb5_context context, krb5_ccache id)
static krb5_error_code KRB5_CALLCONV
krb5_lcc_destroy(krb5_context context, krb5_ccache id)
{
- register krb5_lcc_data *data = (krb5_lcc_data *) id->data;
+ register krb5_lcc_data *data;
+
+ if (!IsWindows2000())
+ return KRB5_FCC_NOFILE;
- return PurgeMSTGT(data->LogonHandle, data->PackageId) ? KRB5_FCC_INTERNAL : KRB5_OK;
+ if (id) {
+ data = (krb5_lcc_data *) id->data;
+
+ return PurgeMSTGT(data->LogonHandle, data->PackageId) ? KRB5_FCC_INTERNAL : KRB5_OK;
+ }
+ return KRB5_FCC_INTERNAL;
}
/*
@@ -1229,6 +1274,9 @@ krb5_lcc_start_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *cur
krb5_lcc_data *data = (krb5_lcc_data *)id->data;
KERB_EXTERNAL_TICKET *msticket;
+ if (!IsWindows2000())
+ return KRB5_FCC_NOFILE;
+
lcursor = (krb5_lcc_cursor *) malloc(sizeof(krb5_lcc_cursor));
if (lcursor == NULL) {
*cursor = 0;
@@ -1277,10 +1325,15 @@ static krb5_error_code KRB5_CALLCONV
krb5_lcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor, krb5_creds *creds)
{
krb5_lcc_cursor *lcursor = (krb5_lcc_cursor *) *cursor;
- krb5_lcc_data *data = (krb5_lcc_data *)id->data;
+ krb5_lcc_data *data;
KERB_EXTERNAL_TICKET *msticket;
krb5_error_code retval = KRB5_OK;
+ if (!IsWindows2000())
+ return KRB5_FCC_NOFILE;
+
+ data = (krb5_lcc_data *)id->data;
+
next_cred:
if ( lcursor->index >= lcursor->response->CountOfTickets ) {
if (retval == KRB5_OK)
@@ -1330,6 +1383,9 @@ krb5_lcc_end_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *curso
{
krb5_lcc_cursor *lcursor = (krb5_lcc_cursor *) *cursor;
+ if (!IsWindows2000())
+ return KRB5_FCC_NOFILE;
+
if ( lcursor ) {
LsaFreeReturnBuffer(lcursor->mstgt);
LsaFreeReturnBuffer(lcursor->response);
@@ -1348,6 +1404,9 @@ krb5_lcc_end_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *curso
static krb5_error_code KRB5_CALLCONV
krb5_lcc_generate_new (krb5_context context, krb5_ccache *id)
{
+ if (!IsWindows2000())
+ return KRB5_FCC_NOFILE;
+
return KRB5_CC_READONLY;
}
@@ -1361,6 +1420,13 @@ krb5_lcc_generate_new (krb5_context context, krb5_ccache *id)
static const char * KRB5_CALLCONV
krb5_lcc_get_name (krb5_context context, krb5_ccache id)
{
+
+ if (!IsWindows2000())
+ return KRB5_FCC_NOFILE;
+
+ if ( !id )
+ return "";
+
return (char *) ((krb5_lcc_data *) id->data)->cc_name;
}
@@ -1382,6 +1448,9 @@ krb5_lcc_get_principal(krb5_context context, krb5_ccache id, krb5_principal *pri
{
krb5_error_code kret = KRB5_OK;
+ if (!IsWindows2000())
+ return KRB5_FCC_NOFILE;
+
/* obtain principal */
return krb5_copy_principal(context, ((krb5_lcc_data *) id->data)->princ, princ);
}
@@ -1397,6 +1466,9 @@ krb5_lcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields,
krb5_creds * mcreds_noflags;
krb5_creds fetchcreds;
+ if (!IsWindows2000())
+ return KRB5_FCC_NOFILE;
+
memset(&fetchcreds, 0, sizeof(krb5_creds));
/* first try to find out if we have an existing ticket which meets the requirements */
@@ -1474,6 +1546,9 @@ krb5_lcc_store(krb5_context context, krb5_ccache id, krb5_creds *creds)
KERB_EXTERNAL_TICKET *msticket = 0;
krb5_creds * creds_noflags;
+ if (!IsWindows2000())
+ return KRB5_FCC_NOFILE;
+
/* if not, we must try to get a ticket without specifying any flags or etypes */
krb5_copy_creds(context, creds, &creds_noflags);
creds_noflags->ticket_flags = 0;
@@ -1496,6 +1571,9 @@ static krb5_error_code KRB5_CALLCONV
krb5_lcc_remove_cred(krb5_context context, krb5_ccache cache, krb5_flags flags,
krb5_creds *creds)
{
+ if (!IsWindows2000())
+ return KRB5_FCC_NOFILE;
+
return KRB5_CC_READONLY;
}
@@ -1507,6 +1585,9 @@ krb5_lcc_remove_cred(krb5_context context, krb5_ccache cache, krb5_flags flags,
static krb5_error_code KRB5_CALLCONV
krb5_lcc_set_flags(krb5_context context, krb5_ccache id, krb5_flags flags)
{
+ if (!IsWindows2000())
+ return KRB5_FCC_NOFILE;
+
return KRB5_OK;
}