Windows Integrated Login Fixes for KFW 3.1

    KFW integrated login was failing when the user is 
    not a power user or administrator.  This was occurring 
    because the temporary file ccache was being created in
    a directory the user could not read.  While fixing this
    it was noticed that the ACLs on the ccache were too broad.
    Instead of applying a fix to the FILE: krb5_ccache 
    implementation it was decided that simply applying a new
    set of ACLs (SYSTEM and "user" with no inheritance) to 
    the file immediately after the krb5_cc_initialize() call
    would close the broadest security issues.  

    The file is initially created in the SYSTEM %TEMP% directory
    with "SYSTEM" ACL only.  Then it is moved to the user's %TEMP%
    directory with "SYSTEM" and "user" ACLs.  Finally, after
    copying the credentials to the API: ccache, the file is deleted.
    

ticket: new
tags: pullup
component: windows

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18379 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 3 insertions, 1 deletions

diff --git a/src/windows/kfwlogon/kfwlogon.h b/src/windows/kfwlogon/kfwlogon.h
index 34c8cc70c8..d3fa6709d6 100644
--- a/src/windows/kfwlogon/kfwlogon.h
+++ b/src/windows/kfwlogon/kfwlogon.h
@@ -1,6 +1,6 @@
 /*

 

-Copyright 2005 by the Massachusetts Institute of Technology

+Copyright 2005,2006 by the Massachusetts Institute of Technology

 

 All rights reserved.

 

@@ -194,6 +194,8 @@ int KFW_is_available(void);
 int KFW_get_cred( char * username, char * password, int lifetime, char ** reasonP );

 void KFW_copy_cache_to_system_file(char * user, char * szLogonId);

 int KFW_destroy_tickets_for_principal(char * user);

+int KFW_set_ccache_dacl(char *filename, HANDLE hUserToken);

+int KFW_obtain_user_temp_directory(HANDLE hUserToken, char *newfilename, int size);

 

 #ifdef __cplusplus

 }