diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/windows/ms2mit/ChangeLog | 6 | ||||
-rw-r--r-- | src/windows/ms2mit/ms2mit.c | 44 |
2 files changed, 48 insertions, 2 deletions
diff --git a/src/windows/ms2mit/ChangeLog b/src/windows/ms2mit/ChangeLog index 71577d979d..d7ac6af443 100644 --- a/src/windows/ms2mit/ChangeLog +++ b/src/windows/ms2mit/ChangeLog @@ -1,3 +1,9 @@ +2004-01-31 Jeffrey Altman <jaltman@mit.edu> + + * ms2mit.c: Do not allow ticket importing of the Initial TGT cannot + be obtained. The MSLSA krb5_ccache will not export the Initial TGT + if the session key enctype is NULL. + 2003-12-11 Jeffrey Altman <jaltman@mit.edu> * ms2mit.c, Makefile.in: diff --git a/src/windows/ms2mit/ms2mit.c b/src/windows/ms2mit/ms2mit.c index 4674a4b712..3d3809e6a5 100644 --- a/src/windows/ms2mit/ms2mit.c +++ b/src/windows/ms2mit/ms2mit.c @@ -39,36 +39,76 @@ main( krb5_error_code code; krb5_ccache ccache=NULL; krb5_ccache mslsa_ccache=NULL; - krb5_get_init_creds_opt opts; krb5_principal princ; + int initial_ticket = 0; if (code = krb5_init_context(&kcontext)) { com_err(argv[0], code, "while initializing kerberos library"); exit(1); } - krb5_get_init_creds_opt_init(&opts); if (code = krb5_cc_resolve(kcontext, "MSLSA:", &mslsa_ccache)) { com_err(argv[0], code, "while opening MS LSA ccache"); + krb5_free_context(kcontext); + exit(1); + } + + /* Enumerate tickets from cache looking for an initial ticket */ + if ((code = krb5_cc_start_seq_get(kcontext, mslsa_ccache, &cursor))) { + com_err(argv[0], code, "while initiating the cred sequence of MS LSA ccache"); + krb5_cc_close(kcontext, mslsa_ccache); + krb5_free_context(kcontext); + exit(1); + } + + while (!(code = krb5_cc_next_cred(kcontext, mslsa_ccache, &cursor, &creds))) + { + if ( creds.ticket_flags & TKT_FLG_INITIAL ) { + krb5_free_cred_contents(kcontext, &creds); + initial_ticket = 1; + break; + } + krb5_free_cred_contents(kcontext, &creds); + } + krb5_cc_end_seq_get(kcontext, mslsa_ccache, &cursor); + + if ( !initial_ticket ) { + fprintf(stderr, "%s: Initial Ticket Getting Tickets are not available from the MS LSA\n", + argv[0]); + krb5_cc_close(kcontext, mslsa_ccache); + krb5_free_context(kcontext); exit(1); } if (code = krb5_cc_get_principal(kcontext, mslsa_ccache, &princ)) { com_err(argv[0], code, "while obtaining MS LSA principal"); + krb5_cc_close(kcontext, mslsa_ccache); + krb5_free_context(kcontext); exit(1); } if (code = krb5_cc_default(kcontext, &ccache)) { com_err(argv[0], code, "while getting default ccache"); + krb5_free_principal(kcontext, princ); + krb5_cc_close(kcontext, mslsa_ccache); + krb5_free_context(kcontext); exit(1); } if (code = krb5_cc_initialize(kcontext, ccache, princ)) { com_err (argv[0], code, "when initializing ccache"); + krb5_free_principal(kcontext, princ); + krb5_cc_close(kcontext, mslsa_ccache); + krb5_cc_close(kcontext, ccache); + krb5_free_context(kcontext); exit(1); } if (code = krb5_cc_copy_creds(kcontext, mslsa_ccache, ccache)) { com_err (argv[0], code, "while copying MS LSA ccache to default ccache"); + krb5_free_principal(kcontext, princ); + krb5_cc_close(kcontext, ccache); + krb5_cc_close(kcontext, mslsa_ccache); + krb5_free_context(kcontext); exit(1); } |