kfw fixes: krb5_get_init_creds_opt_init->krb5_get_init_creds_opt_alloc

Should enable leash to generate config credentials (needs verification!)

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>

ticket: 7050

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25559 dc483132-0cff-0310-8789-dd5450dbe970

4 files changed, 54 insertions, 20 deletions

diff --git a/src/windows/include/loadfuncs-krb5.h b/src/windows/include/loadfuncs-krb5.h
index b577a95cda..bff0ceae56 100644
--- a/src/windows/include/loadfuncs-krb5.h
+++ b/src/windows/include/loadfuncs-krb5.h
@@ -1384,6 +1384,22 @@ TYPEDEF_FUNC(
     );
 
 TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
+    krb5_get_init_creds_opt_alloc,
+    (krb5_context ctx,
+     krb5_get_init_creds_opt **opt)
+    );
+
+TYPEDEF_FUNC(
+    void,
+    KRB5_CALLCONV,
+    krb5_get_init_creds_opt_free,
+    (krb5_context ctx,
+     krb5_get_init_creds_opt *opt)
+    );
+
+TYPEDEF_FUNC(
     void,
     KRB5_CALLCONV,
     krb5_get_init_creds_opt_init,
@@ -1468,6 +1484,15 @@ TYPEDEF_FUNC(
 TYPEDEF_FUNC(
     krb5_error_code,
     KRB5_CALLCONV,
+    krb5_get_init_creds_opt_set_out_ccache,
+    (krb5_context context,
+     krb5_get_init_creds_opt *opt,
+     krb5_ccache ccache)
+    );
+
+TYPEDEF_FUNC(
+    krb5_error_code,
+    KRB5_CALLCONV,
     krb5_get_init_creds_password,
     (krb5_context context,
      krb5_creds *creds,
diff --git a/src/windows/leashdll/krb5routines.c b/src/windows/leashdll/krb5routines.c
index ccd9dd8ce3..b98abe7fa4 100644
--- a/src/windows/leashdll/krb5routines.c
+++ b/src/windows/leashdll/krb5routines.c
@@ -835,14 +835,13 @@ DWORD                       publicIP
     krb5_principal		        me = 0;
     char*                       name = 0;
     krb5_creds			        my_creds;
-    krb5_get_init_creds_opt     options;
+    krb5_get_init_creds_opt *   options = NULL;
     krb5_address **             addrs = NULL;
     int                         i = 0, addr_count = 0;
 
     if (!pkrb5_init_context)
         return 0;
 
-    pkrb5_get_init_creds_opt_init(&options);
     memset(&my_creds, 0, sizeof(my_creds));
 
     if (alt_ctx)
@@ -855,6 +854,9 @@ DWORD                       publicIP
         if (code) goto cleanup;
     }
 
+    code = pkrb5_get_init_creds_opt_alloc(ctx, &options);
+    if (code) goto cleanup;
+
     code = pkrb5_cc_default(ctx, &cc);
     if (code) goto cleanup;
 
@@ -873,15 +875,15 @@ DWORD                       publicIP
 		renew_life *= 5*60;
 
     if (lifetime)
-        pkrb5_get_init_creds_opt_set_tkt_life(&options, lifetime);
-	pkrb5_get_init_creds_opt_set_forwardable(&options,
-                                                 forwardable ? 1 : 0);
-	pkrb5_get_init_creds_opt_set_proxiable(&options,
-                                               proxiable ? 1 : 0);
-	pkrb5_get_init_creds_opt_set_renew_life(&options,
-                                               renew_life);
+        pkrb5_get_init_creds_opt_set_tkt_life(options, lifetime);
+	pkrb5_get_init_creds_opt_set_forwardable(options,
+                                             forwardable ? 1 : 0);
+	pkrb5_get_init_creds_opt_set_proxiable(options,
+                                           proxiable ? 1 : 0);
+	pkrb5_get_init_creds_opt_set_renew_life(options,
+                                            renew_life);
     if (addressless)
-        pkrb5_get_init_creds_opt_set_address_list(&options,NULL);
+        pkrb5_get_init_creds_opt_set_address_list(options,NULL);
     else {
 		if (publicIP)
         {
@@ -937,11 +939,15 @@ DWORD                       publicIP
             netIPAddr = htonl(publicIP);
             memcpy(addrs[i]->contents,&netIPAddr,4);
 
-            pkrb5_get_init_creds_opt_set_address_list(&options,addrs);
+            pkrb5_get_init_creds_opt_set_address_list(options,addrs);
 
         }
     }
 
+    code = pkrb5_get_init_creds_opt_set_out_ccache(ctx, options, cc);
+    if (code)
+        goto cleanup;
+
     code = pkrb5_get_init_creds_password(ctx,
                                        &my_creds,
                                        me,
@@ -950,15 +956,7 @@ DWORD                       publicIP
                                        hParent, // prompter data
                                        0, // start time
                                        0, // service name
-                                       &options);
-    if (code) goto cleanup;
-
-    code = pkrb5_cc_initialize(ctx, cc, me);
-    if (code) goto cleanup;
-
-    code = pkrb5_cc_store_cred(ctx, cc, &my_creds);
-    if (code) goto cleanup;
-
+                                       options);
  cleanup:
     if ( addrs ) {
         for ( i=0;i<addr_count;i++ ) {
@@ -978,6 +976,8 @@ DWORD                       publicIP
 	pkrb5_free_principal(ctx, me);
     if (cc)
 	pkrb5_cc_close(ctx, cc);
+    if (options)
+        pkrb5_get_init_creds_opt_free(ctx, options);
     if (ctx && (ctx != alt_ctx))
 	pkrb5_free_context(ctx);
     return(code);
diff --git a/src/windows/leashdll/leashdll.c b/src/windows/leashdll/leashdll.c
index eb11a366ff..4c736c0ead 100644
--- a/src/windows/leashdll/leashdll.c
+++ b/src/windows/leashdll/leashdll.c
@@ -22,12 +22,15 @@ DWORD     AfsAvailable = 0;
 
 // krb5 functions
 DECL_FUNC_PTR(krb5_change_password);
+DECL_FUNC_PTR(krb5_get_init_creds_opt_alloc);
+DECL_FUNC_PTR(krb5_get_init_creds_opt_free);
 DECL_FUNC_PTR(krb5_get_init_creds_opt_init);
 DECL_FUNC_PTR(krb5_get_init_creds_opt_set_tkt_life);
 DECL_FUNC_PTR(krb5_get_init_creds_opt_set_renew_life);
 DECL_FUNC_PTR(krb5_get_init_creds_opt_set_forwardable);
 DECL_FUNC_PTR(krb5_get_init_creds_opt_set_proxiable);
 DECL_FUNC_PTR(krb5_get_init_creds_opt_set_address_list);
+DECL_FUNC_PTR(krb5_get_init_creds_opt_set_out_ccache);
 DECL_FUNC_PTR(krb5_get_init_creds_password);
 DECL_FUNC_PTR(krb5_build_principal_ext);
 DECL_FUNC_PTR(krb5_cc_resolve);
@@ -119,12 +122,15 @@ DECL_FUNC_PTR(cc_free_NC_info);
 
 FUNC_INFO k5_fi[] = {
     MAKE_FUNC_INFO(krb5_change_password),
+    MAKE_FUNC_INFO(krb5_get_init_creds_opt_alloc),
+    MAKE_FUNC_INFO(krb5_get_init_creds_opt_free),
     MAKE_FUNC_INFO(krb5_get_init_creds_opt_init),
     MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_tkt_life),
     MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_renew_life),
     MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_forwardable),
     MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_proxiable),
     MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_address_list),
+    MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_out_ccache),
     MAKE_FUNC_INFO(krb5_get_init_creds_password),
     MAKE_FUNC_INFO(krb5_build_principal_ext),
     MAKE_FUNC_INFO(krb5_cc_resolve),
diff --git a/src/windows/leashdll/leashdll.h b/src/windows/leashdll/leashdll.h
index 1b7ddfc12a..6f34b9d47e 100644
--- a/src/windows/leashdll/leashdll.h
+++ b/src/windows/leashdll/leashdll.h
@@ -160,6 +160,8 @@ extern DECL_FUNC_PTR(krb_life_to_time);
 
 // krb5 functions
 extern DECL_FUNC_PTR(krb5_change_password);
+extern DECL_FUNC_PTR(krb5_get_init_creds_opt_alloc);
+extern DECL_FUNC_PTR(krb5_get_init_creds_opt_free);
 extern DECL_FUNC_PTR(krb5_get_init_creds_opt_init);
 extern DECL_FUNC_PTR(krb5_get_init_creds_opt_set_tkt_life);
 extern DECL_FUNC_PTR(krb5_get_init_creds_opt_set_renew_life);
@@ -167,6 +169,7 @@ extern DECL_FUNC_PTR(krb5_get_init_creds_opt_set_forwardable);
 extern DECL_FUNC_PTR(krb5_get_init_creds_opt_set_proxiable);
 extern DECL_FUNC_PTR(krb5_get_init_creds_opt_set_renew_life);
 extern DECL_FUNC_PTR(krb5_get_init_creds_opt_set_address_list);
+extern DECL_FUNC_PTR(krb5_get_init_creds_opt_set_out_ccache);
 extern DECL_FUNC_PTR(krb5_get_init_creds_password);
 extern DECL_FUNC_PTR(krb5_build_principal_ext);
 extern DECL_FUNC_PTR(krb5_cc_resolve);