diff options
| author | Tom Yu <tlyu@mit.edu> | 2011-12-12 20:45:33 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2011-12-12 20:45:33 +0000 |
| commit | 4144f7756e6ca511ff244e06a547bc5594cdd596 (patch) | |
| tree | 3eb078424478269985c6049e858187e2c179da2f /src | |
| parent | 4b94b89dad01766239d43f505e4cefab3cac1a79 (diff) | |
| download | krb5-4144f7756e6ca511ff244e06a547bc5594cdd596.tar.gz krb5-4144f7756e6ca511ff244e06a547bc5594cdd596.tar.xz krb5-4144f7756e6ca511ff244e06a547bc5594cdd596.zip | |
kfw fixes: make leash ignore credentials that store config principals
Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 7050
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25555 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/windows/include/loadfuncs-krb5.h | 7 | ||||
| -rw-r--r-- | src/windows/leashdll/krb5routines.c | 5 | ||||
| -rw-r--r-- | src/windows/leashdll/leashdll.c | 2 | ||||
| -rw-r--r-- | src/windows/leashdll/leashdll.h | 1 |
4 files changed, 15 insertions, 0 deletions
diff --git a/src/windows/include/loadfuncs-krb5.h b/src/windows/include/loadfuncs-krb5.h index 58ff443bff..b577a95cda 100644 --- a/src/windows/include/loadfuncs-krb5.h +++ b/src/windows/include/loadfuncs-krb5.h @@ -1775,4 +1775,11 @@ TYPEDEF_FUNC( krb5_clear_error_message, (krb5_context) ); + +TYPEDEF_FUNC( + krb5_boolean, + KRB5_CALLCONV, + krb5_is_config_principal, + (krb5_context, krb5_const_principal) + ); #endif /* __LOADFUNCS_KRB5_H__ */ diff --git a/src/windows/leashdll/krb5routines.c b/src/windows/leashdll/krb5routines.c index 521602c6fa..ccd9dd8ce3 100644 --- a/src/windows/leashdll/krb5routines.c +++ b/src/windows/leashdll/krb5routines.c @@ -450,6 +450,11 @@ not_an_API_LeashKRB5GetTickets( while (!(code = pkrb5_cc_next_cred(ctx, cache, &KRBv5Cursor, &KRBv5Credentials))) { + if ((*pkrb5_is_config_principal)(ctx, KRBv5Credentials.server)) + { /* skip configuration credentials */ + (*pkrb5_free_cred_contents)(ctx, &KRBv5Credentials); + continue; + } if (!list) { list = (TicketList*) calloc(1, sizeof(TicketList)); diff --git a/src/windows/leashdll/leashdll.c b/src/windows/leashdll/leashdll.c index 712a8e68ba..eb11a366ff 100644 --- a/src/windows/leashdll/leashdll.c +++ b/src/windows/leashdll/leashdll.c @@ -82,6 +82,7 @@ DECL_FUNC_PTR(krb5_free_addresses); DECL_FUNC_PTR(krb5_free_default_realm); DECL_FUNC_PTR(krb5_principal_compare); DECL_FUNC_PTR(krb5_string_to_deltat); +DECL_FUNC_PTR(krb5_is_config_principal); // ComErr functions DECL_FUNC_PTR(com_err); @@ -178,6 +179,7 @@ FUNC_INFO k5_fi[] = { MAKE_FUNC_INFO(krb5_free_default_realm), MAKE_FUNC_INFO(krb5_principal_compare), MAKE_FUNC_INFO(krb5_string_to_deltat), + MAKE_FUNC_INFO(krb5_is_config_principal), END_FUNC_INFO }; diff --git a/src/windows/leashdll/leashdll.h b/src/windows/leashdll/leashdll.h index 74cceab823..1b7ddfc12a 100644 --- a/src/windows/leashdll/leashdll.h +++ b/src/windows/leashdll/leashdll.h @@ -221,6 +221,7 @@ extern DECL_FUNC_PTR(krb5_c_random_make_octets); extern DECL_FUNC_PTR(krb5_free_default_realm); extern DECL_FUNC_PTR(krb5_principal_compare); extern DECL_FUNC_PTR(krb5_string_to_deltat); +extern DECL_FUNC_PTR(krb5_is_config_principal); #ifndef NO_KRB4 // Krb524 functions |