* cc_mslsa.c: the MSLSA code was crashing on Pismere machines when

logging on with cross realm credentials. On these machines there are 8 tickets within the LSA cache from two different realms. One of the krbtgt/CLIENT-REALM@CLIENT-REALM tickets (not the Initial ticket but a Forwarded ticket) is inaccessible to the ms2mit.exe and leash32.exe processes. The attempt to access the ticket returns a SubStatus code of STATUS_LOGON_FAILURE (0xC000006DL) which is supposed to mean that the logon attempt was invalid due to bad authentication information. kerbtray has no problem listing this ticket. The other seven tickets in the cache including the Initial Ticket are accessible. Modified krb5_lcc_next_cred() to skip to the next ticket if an attempt to read a single ticket fails. ticket: 2184 tags: pullup target_version: 1.3.2 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15997 dc483132-0cff-0310-8789-dd5450dbe970
author: Jeffrey Altman <jaltman@secure-endpoints.com> 2004-02-02 17:40:19 +0000
committer: Jeffrey Altman <jaltman@secure-endpoints.com> 2004-02-02 17:40:19 +0000
commit: b5dc3ff298338b1587e98c5ed0ec58c20d3df612 (patch)
tree: cb9fd236481ec4553daabbb367e697d2a3add757
parent: 649558c81688632d3631b69200d485c0a1e6fc60 (diff)
download: krb5-b5dc3ff298338b1587e98c5ed0ec58c20d3df612.tar.gz
krb5-b5dc3ff298338b1587e98c5ed0ec58c20d3df612.tar.xz
krb5-b5dc3ff298338b1587e98c5ed0ec58c20d3df612.zip
2 files changed, 36 insertions, 10 deletions
diff --git a/src/lib/krb5/ccache/ChangeLog b/src/lib/krb5/ccache/ChangeLog
index c7ba3ac6a1..e3b86e6eeb 100644
--- a/src/lib/krb5/ccache/ChangeLog
+++ b/src/lib/krb5/ccache/ChangeLog
@@ -1,3 +1,18 @@
+2004-02-02  Jeffrey Altman <jaltman@mit.edu>
+
+   * cc_mslsa.c: the MSLSA code was crashing on Pismere machines when 
+     logging on with cross realm credentials.  On these machines there are
+     8 tickets within the LSA cache from two different realms.  One of the
+     krbtgt/CLIENT-REALM@CLIENT-REALM tickets (not the Initial ticket but
+     a Forwarded ticket) is inaccessible to the ms2mit.exe and leash32.exe
+     processes.  The attempt to access the ticket returns a SubStatus code
+     of STATUS_LOGON_FAILURE (0xC000006DL) which is supposed to mean that
+     the logon attempt was invalid due to bad authentication information.
+     kerbtray has no problem listing this ticket.  The other seven tickets
+     in the cache including the Initial Ticket are accessible.  Modified 
+     krb5_lcc_next_cred() to skip to the next ticket if an attempt to read
+     a single ticket fails.
+
 2004-01-31  Jeffrey Altman <jaltman@mit.edu>
 
    * cc_mslsa.c: Optimize the get next logic by storing a handle to
diff --git a/src/lib/krb5/ccache/cc_mslsa.c b/src/lib/krb5/ccache/cc_mslsa.c
index c0df862f52..9c3a57bb9d 100644
--- a/src/lib/krb5/ccache/cc_mslsa.c
+++ b/src/lib/krb5/ccache/cc_mslsa.c
@@ -62,6 +62,7 @@
 #define SECURITY_WIN32
 #include <security.h>
 #include <ntsecapi.h>
+#include <ntstatus.h>
 
 #define MAX_MSG_SIZE 256
 #define MAX_MSPRINC_SIZE 1024
@@ -1265,18 +1266,25 @@ krb5_lcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor,
     krb5_lcc_cursor *lcursor = (krb5_lcc_cursor *) *cursor;
     krb5_lcc_data *data = (krb5_lcc_data *)id->data;
     KERB_EXTERNAL_TICKET *msticket;
+    krb5_error_code  retval = KRB5_OK;
 
   next_cred:
-    if ( lcursor->index >= lcursor->response->CountOfTickets )
-        return KRB5_CC_END;
+    if ( lcursor->index >= lcursor->response->CountOfTickets ) {
+        if (retval == KRB5_OK)
+            return KRB5_CC_END;
+        else {
+            LsaFreeReturnBuffer(lcursor->mstgt);
+            LsaFreeReturnBuffer(lcursor->response);
+            free(*cursor);
+            *cursor = 0;
+            return retval;
+        }
+    }
 
     if (!GetMSCacheTicketFromCacheInfo(data->LogonHandle, data->PackageId,
                                         &lcursor->response->Tickets[lcursor->index++],&msticket)) {
-        LsaFreeReturnBuffer(lcursor->mstgt);
-        LsaFreeReturnBuffer(lcursor->response);
-        free(*cursor);
-        *cursor = 0;
-        return KRB5_FCC_INTERNAL;
+        retval = KRB5_FCC_INTERNAL;
+        goto next_cred;
     }
 
     /* Don't return tickets with NULL Session Keys */
@@ -1309,10 +1317,13 @@ krb5_lcc_end_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *curso
 {
     krb5_lcc_cursor *lcursor = (krb5_lcc_cursor *) *cursor;
 
-    LsaFreeReturnBuffer(lcursor->mstgt);
-    LsaFreeReturnBuffer(lcursor->response);
-    free(*cursor);
+    if ( lcursor ) {
+        LsaFreeReturnBuffer(lcursor->mstgt);
+        LsaFreeReturnBuffer(lcursor->response);
+        free(*cursor);
+    }
     *cursor = 0;
+
     return KRB5_OK;
 }
author	Jeffrey Altman <jaltman@secure-endpoints.com>	2004-02-02 17:40:19 +0000
committer	Jeffrey Altman <jaltman@secure-endpoints.com>	2004-02-02 17:40:19 +0000
commit	b5dc3ff298338b1587e98c5ed0ec58c20d3df612 (patch)
tree	cb9fd236481ec4553daabbb367e697d2a3add757
parent	649558c81688632d3631b69200d485c0a1e6fc60 (diff)
download	krb5-b5dc3ff298338b1587e98c5ed0ec58c20d3df612.tar.gz krb5-b5dc3ff298338b1587e98c5ed0ec58c20d3df612.tar.xz krb5-b5dc3ff298338b1587e98c5ed0ec58c20d3df612.zip