diff options
author | Kevin Wasserman <kevin.wasserman@painless-security.com> | 2012-06-21 15:30:24 -0400 |
---|---|---|
committer | Ben Kaduk <kaduk@mit.edu> | 2012-08-24 15:54:51 -0400 |
commit | e2ad5d74adbf3edc8a7026cad8283c0077377e81 (patch) | |
tree | fd7ddcd010369f6612bd418e8d6fa27d8eec73e0 | |
parent | b89802f0a491c6e8c6a320bc1af2b2bbbdb92669 (diff) | |
download | krb5-e2ad5d74adbf3edc8a7026cad8283c0077377e81.tar.gz krb5-e2ad5d74adbf3edc8a7026cad8283c0077377e81.tar.xz krb5-e2ad5d74adbf3edc8a7026cad8283c0077377e81.zip |
Use file mapping to marshall message data
GlobalAlloc() is no longer supported for this purpose.
Also split out leash message marshalling code into a separate function
acquire_tkt_send_message_leash and improve string copy safety.
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7276 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
-rw-r--r-- | src/windows/leash/LeashView.cpp | 15 | ||||
-rw-r--r-- | src/windows/leashdll/lshfunc.c | 160 |
2 files changed, 126 insertions, 49 deletions
diff --git a/src/windows/leash/LeashView.cpp b/src/windows/leash/LeashView.cpp index 96c5127eb9..0460f2c8a1 100644 --- a/src/windows/leash/LeashView.cpp +++ b/src/windows/leash/LeashView.cpp @@ -2729,7 +2729,7 @@ LRESULT CLeashView::OnObtainTGTWithParam(WPARAM wParam, LPARAM lParam) { LRESULT res = 0; - char * param = (char *) GlobalLock((HGLOBAL) lParam); + char *param = 0; LSH_DLGINFO_EX ldi; ldi.size = sizeof(ldi); ldi.dlgtype = DLGTYPE_PASSWD; @@ -2737,6 +2737,14 @@ CLeashView::OnObtainTGTWithParam(WPARAM wParam, LPARAM lParam) ldi.title = ldi.in.title; ldi.username = ldi.in.username; ldi.realm = ldi.in.realm; + + if (lParam) + param = (char *) MapViewOfFile((HANDLE)lParam, + FILE_MAP_ALL_ACCESS, + 0, + 0, + 4096); + if ( param ) { if ( *param ) strcpy(ldi.in.title,param); @@ -2757,7 +2765,10 @@ CLeashView::OnObtainTGTWithParam(WPARAM wParam, LPARAM lParam) ldi.dlgtype |= DLGFLAG_READONLYPRINC; res = pLeash_kinit_dlg_ex(m_hWnd, &ldi); - GlobalUnlock((HGLOBAL) lParam); + if (param) + UnmapViewOfFile(param); + if (lParam) + CloseHandle((HANDLE )lParam); ::SendMessage(m_hWnd, WM_COMMAND, ID_UPDATE_DISPLAY, 0); return res; } diff --git a/src/windows/leashdll/lshfunc.c b/src/windows/leashdll/lshfunc.c index bd12121aa1..bc86634a7d 100644 --- a/src/windows/leashdll/lshfunc.c +++ b/src/windows/leashdll/lshfunc.c @@ -2662,6 +2662,117 @@ Leash_reset_defaults(void) Leash_reset_default_preserve_kinit_settings(); } +static void +acquire_tkt_send_msg_leash(const char *title, + const char *ccachename, + const char *name, + const char *realm) +{ + DWORD leashProcessId = 0; + DWORD bufsize = 4096; + DWORD step; + HANDLE hLeashProcess = NULL; + HANDLE hMapFile = NULL; + HANDLE hTarget = NULL; + HWND hLeashWnd = FindWindow("LEASH.0WNDCLASS", NULL); + char *strs; + void *view; + if (!hLeashWnd) + // no leash window + return; + + GetWindowThreadProcessId(hLeashWnd, &leashProcessId); + hLeashProcess = OpenProcess(PROCESS_DUP_HANDLE, + FALSE, + leashProcessId); + if (!hLeashProcess) + // can't get process handle; use GetLastError() for more info + return; + + hMapFile = CreateFileMapping(INVALID_HANDLE_VALUE, // use paging file + NULL, // default security + PAGE_READWRITE, // read/write access + 0, // max size (high 32) + bufsize, // max size (low 32) + NULL); // name + if (!hMapFile) { + // GetLastError() for more info + CloseHandle(hLeashProcess); + return; + } + + SetForegroundWindow(hLeashWnd); + + view = MapViewOfFile(hMapFile, + FILE_MAP_ALL_ACCESS, + 0, + 0, + bufsize); + if (view != NULL) { + /* construct a marshalling of data + * <title><principal><realm><ccache> + * then send to Leash + */ + strs = (char *)view; + // first reserve space for three more NULLs (4 strings total) + bufsize -= 3; + // Dialog title + if (title != NULL) + strcpy_s(strs, bufsize, title); + else if (name != NULL && realm != NULL) + sprintf_s(strs, bufsize, + "Obtain Kerberos TGT for %s@%s", name, realm); + else + strcpy_s(strs, bufsize, "Obtain Kerberos TGT"); + step = strlen(strs); + strs += step + 1; + bufsize -= step; + // name and realm + if (name != NULL) { + strcpy_s(strs, bufsize, name); + step = strlen(strs); + strs += step + 1; + bufsize -= step; + if (realm != NULL) { + strcpy_s(strs, bufsize, realm); + step = strlen(strs); + strs += step + 1; + bufsize -= step; + } else { + *strs = 0; + strs++; + } + } else { + *strs = 0; + strs++; + *strs = 0; + strs++; + } + + /* Append the ccache name */ + if (ccachename != NULL) + strcpy_s(strs, bufsize, ccachename); + else + *strs = 0; + + UnmapViewOfFile(view); + } + // Duplicate the file mapping handle to one leash can use + if (DuplicateHandle(GetCurrentProcess(), + hMapFile, + hLeashProcess, + &hTarget, + PAGE_READWRITE, + FALSE, + DUPLICATE_SAME_ACCESS | + DUPLICATE_CLOSE_SOURCE)) { + /* 32809 = ID_OBTAIN_TGT_WITH_LPARAM in src/windows/leash/resource.h */ + SendMessage(hLeashWnd, 32809, 0, (LPARAM) hTarget); + } else { + // GetLastError() + } +} + static int acquire_tkt_send_msg(krb5_context ctx, const char * title, const char * ccachename, @@ -2756,53 +2867,8 @@ acquire_tkt_send_msg(krb5_context ctx, const char * title, UnmapViewOfFile(dlginfo); CloseHandle(hMap); } else { - HGLOBAL hData; - HWND hLeash = FindWindow("LEASH.0WNDCLASS", NULL); - - /* construct a marshalling of data - * <title><principal><realm><ccache> - * then send to Leash - */ - - hData = GlobalAlloc( GHND, 4096 ); - SetForegroundWindow(hLeash); - if ( hData && hLeash ) { - char * strs = GlobalLock(hData); - if ( strs ) { - if (title) - strcpy(strs, title); - else if (desiredName) - sprintf(strs, "Obtain Kerberos TGT for %s@%s",desiredName,desiredRealm); - else - strcpy(strs, "Obtain Kerberos TGT"); - strs += strlen(strs) + 1; - if ( desiredName ) { - strcpy(strs, desiredName); - strs += strlen(strs) + 1; - if (desiredRealm) { - strcpy(strs, desiredRealm); - strs += strlen(strs) + 1; - } - } else { - *strs = 0; - strs++; - *strs = 0; - strs++; - } - - /* Append the ccache name */ - if (ccachename) - strcpy(strs, ccachename); - else - *strs = 0; - strs++; - - GlobalUnlock( hData ); - /* 32809 = ID_OBTAIN_TGT_WITH_LPARAM in src/windows/leash/resource.h */ - SendMessage(hLeash, 32809, 0, (LPARAM) hData); - } - } - GlobalFree( hData ); + acquire_tkt_send_msg_leash(title, + ccachename, desiredName, desiredRealm); } SetForegroundWindow(hForeground); |