diff options
| author | Kevin Wasserman <kevin.wasserman@painless-security.com> | 2012-07-19 11:18:13 -0400 |
|---|---|---|
| committer | Ben Kaduk <kaduk@mit.edu> | 2012-08-24 15:54:49 -0400 |
| commit | ba46ce0c0024b58b3d1b2e79384ec6e422ef40dd (patch) | |
| tree | 71a917e6fcf64205929a60a9d9fcb7f9c0edd0ca /src/windows/leash | |
| parent | 2db8f553df76e8086c0584e135701e584e83df87 (diff) | |
| download | krb5-ba46ce0c0024b58b3d1b2e79384ec6e422ef40dd.tar.gz krb5-ba46ce0c0024b58b3d1b2e79384ec6e422ef40dd.tar.xz krb5-ba46ce0c0024b58b3d1b2e79384ec6e422ef40dd.zip | |
KfW GUI -- renew selected principals
The renew button should act on the current selection.
-auto-renew still only renews default ccache
-renew doesn't work for UAC-limited MSLSA
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7262 (new)
queue: kfw
target_version: 1.10.4
tags: pullup
Diffstat (limited to 'src/windows/leash')
| -rw-r--r-- | src/windows/leash/LeashView.cpp | 104 |
1 files changed, 99 insertions, 5 deletions
diff --git a/src/windows/leash/LeashView.cpp b/src/windows/leash/LeashView.cpp index c139ff76e3..1375d9fdc0 100644 --- a/src/windows/leash/LeashView.cpp +++ b/src/windows/leash/LeashView.cpp @@ -739,17 +739,111 @@ cleanup: return 0; } +static UINT krenew(void *param) +{ + char *ccache_name = (char *)param; + krb5_context ctx = 0; + krb5_ccache ccache = NULL; + krb5_principal me = 0; + krb5_principal server = 0; + krb5_creds my_creds; + krb5_data *realm = 0; + + // @TODO: logic to check for imported tickets and auto-renew/re-import + // from MSLSA + + memset(&my_creds, 0, sizeof(krb5_creds)); + if (ccache_name == NULL) + // Bad param + goto cleanup; + + krb5_error_code code = pkrb5_init_context(&ctx); + if (code) { + // TODO: spew error + goto cleanup; + } + code = pkrb5_cc_resolve(ctx, ccache_name, &ccache); + if (code) { + // TODO: spew error + goto cleanup; + } + + code = pkrb5_cc_get_principal(ctx, ccache, &me); + if (code) + goto cleanup; + + realm = krb5_princ_realm(ctx, me); + + code = pkrb5_build_principal_ext(ctx, &server, + realm->length, realm->data, + KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME, + realm->length, realm->data, + 0); + if (code) + goto cleanup; + + my_creds.client = me; + my_creds.server = server; + +#ifdef KRB5_TC_NOTICKET + pkrb5_cc_set_flags(ctx, ccache, 0); +#endif + code = pkrb5_get_renewed_creds(ctx, &my_creds, me, ccache, NULL); +#ifdef KRB5_TC_NOTICKET + pkrb5_cc_set_flags(ctx, ccache, KRB5_TC_NOTICKET); +#endif + if (code) { +/* TODO + if (code != KRB5KDC_ERR_ETYPE_NOSUPP || code != KRB5_KDC_UNREACH) + Leash_krb5_error(code, "krb5_get_renewed_creds()", 0, &ctx, + &ccache); +*/ + goto cleanup; + } + + code = pkrb5_cc_initialize(ctx, ccache, me); + if (code) + goto cleanup; + + code = pkrb5_cc_store_cred(ctx, ccache, &my_creds); + if (code) + goto cleanup; + +cleanup: + if (my_creds.client == me) + my_creds.client = 0; + if (my_creds.server == server) + my_creds.server = 0; + pkrb5_free_cred_contents(ctx, &my_creds); + if (me != NULL) + pkrb5_free_principal(ctx, me); + if (server != NULL) + pkrb5_free_principal(ctx, server); + if (ccache != NULL) + pkrb5_cc_close(ctx, ccache); + if (ctx != NULL) + pkrb5_free_context(ctx); + if (ccache_name != NULL) + free(ccache_name); + return 0; +} + VOID CLeashView::OnRenewTicket() { if ( !CLeashApp::m_hKrb5DLL ) return; - try { - RenewTicket(m_hWnd); - } - catch(...) { - AfxMessageBox("Ticket Getting operation already in progress", MB_OK|MB_ICONWARNING, 0); + // @TODO: grab list mutex + CCacheDisplayData *elem = m_ccacheDisplay; + while (elem != NULL) { + if (elem->m_selected) { + char *ccache_name = strdup(elem->m_ccacheName); + if (ccache_name) + AfxBeginThread(krenew, (void *)ccache_name); + } + elem = elem->m_next; } + // release list mutex } UINT CLeashView::RenewTicket(void * hWnd) |