From b5f6a77b27b8b942c0179f99131edca986f916d1 Mon Sep 17 00:00:00 2001
From: Jeffrey Altman <jaltman@secure-endpoints.com>
Date: Fri, 2 Dec 2005 10:30:57 +0000
Subject: KFW Network Provider updates for KFW 3.0 Beta 3

Wrap debugging statements

Fix bug in KFW_get_cred that prevents acquisition of
credentials.

ticket: new
component: windows
status: resolved
target_version: 1.4.4
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17534 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/windows/kfwlogon/kfwcommon.c | 65 +++++++++++++++++-----------------------
 src/windows/kfwlogon/kfwlogon.c  | 22 ++++++++++----
 2 files changed, 44 insertions(+), 43 deletions(-)

(limited to 'src/windows/kfwlogon')

diff --git a/src/windows/kfwlogon/kfwcommon.c b/src/windows/kfwlogon/kfwcommon.c
index 4074d0da92..251e1436b7 100644
--- a/src/windows/kfwlogon/kfwcommon.c
+++ b/src/windows/kfwlogon/kfwcommon.c
@@ -289,17 +289,20 @@ static HANDLE hDLL;
 
 void DebugEvent0(char *a) 
 {
+#ifdef DEBUG
     HANDLE h; char *ptbuf[1];
     
     h = RegisterEventSource(NULL, KFW_LOGON_EVENT_NAME);
     ptbuf[0] = a;
     ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, (const char **)ptbuf, NULL);
     DeregisterEventSource(h);
+#endif
 }
 
 #define MAXBUF_ 512
 void DebugEvent(char *b,...) 
 {
+#ifdef DEBUG
     HANDLE h; char *ptbuf[1],buf[MAXBUF_+1];
     va_list marker;
 
@@ -311,6 +314,7 @@ void DebugEvent(char *b,...)
     ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, (const char **)ptbuf, NULL);
     DeregisterEventSource(h);
     va_end(marker);
+#endif
 }
 
 void
@@ -482,7 +486,8 @@ KFW_get_ccache(krb5_context alt_ctx, krb5_principal principal, krb5_ccache * cc)
 
 	ccname = (char *)malloc(strlen(pname) + 5);
 	sprintf(ccname,"API:%s",pname);
-        
+
+	DebugEvent0(ccname);
 	code = pkrb5_cc_resolve(ctx, ccname, cc);
     } else {
         code = pkrb5_cc_default(ctx, cc);
@@ -685,56 +690,47 @@ KFW_get_cred( char * username,
 {
     krb5_context ctx = 0;
     krb5_ccache cc = 0;
-    char * realm = 0, * userrealm = 0;
-    int free_realm = 0;
+    char * realm = 0;
     krb5_principal principal = 0;
     char * pname = 0;
     krb5_error_code code;
 
-    if (!pkrb5_init_context)
+    if (!pkrb5_init_context || !username || !password)
         return 0;
 
-    if ( IsDebuggerPresent() ) {
-        OutputDebugString("KFW_get_cred for token ");
-        OutputDebugString(username);
-        OutputDebugString("\n");
-    }
+    DebugEvent0(username);
 
     code = pkrb5_init_context(&ctx);
     if ( code ) goto cleanup;
 
     code = pkrb5_get_default_realm(ctx, &realm);
 
-    userrealm = strchr(username,'@');
     if (realm) {
-	free_realm = 1;
         pname = malloc(strlen(username) + strlen(realm) + 2);
-        userrealm = strchr(pname, '@');
-        userrealm++;
-	strcat(userrealm, realm);
+	if (!pname)
+	    goto cleanup;
+	strcpy(pname, username);
+	strcat(pname, "@");
+	strcat(pname, realm);
     } else {
-        pname = strdup(username);
-        userrealm = strchr(pname, '@');
-        userrealm++;
-	realm = userrealm;
+	goto cleanup;
     }
     
-    if ( IsDebuggerPresent() ) {
-        OutputDebugString("Realm: ");
-        OutputDebugString(realm);
-        OutputDebugString("\n");
-    }
+    DebugEvent0(realm);
+    DebugEvent0(pname);
 
     code = pkrb5_parse_name(ctx, pname, &principal);
     if ( code ) goto cleanup;
 
+    DebugEvent0("parsed name");
     code = KFW_get_ccache(ctx, principal, &cc);
     if ( code ) goto cleanup;
 
+    DebugEvent0("got ccache");
     if ( lifetime == 0 )
         lifetime = pLeash_get_default_lifetime();
 
-    if ( password && password[0] ) {
+    if ( password[0] ) {
         code = KFW_kinit( ctx, cc, HWND_DESKTOP, 
                           pname, 
                           password,
@@ -744,17 +740,15 @@ KFW_get_cred( char * username,
                           pLeash_get_default_renewable() ? pLeash_get_default_renew_till() : 0,
                           pLeash_get_default_noaddresses(),
                           pLeash_get_default_publicip());
-        if ( IsDebuggerPresent() ) {
-            char message[256];
-            sprintf(message,"KFW_kinit() returns: %d\n",code);
-            OutputDebugString(message);
-        }
+	DebugEvent0("kinit returned");
         if ( code ) goto cleanup;
     }
 
   cleanup:
     if ( pname )
         free(pname);
+    if ( realm )
+	pkrb5_free_default_realm(ctx, realm);
     if ( cc )
         pkrb5_cc_close(ctx, cc);
 
@@ -784,8 +778,11 @@ KFW_copy_cache_to_system_file(char * user, char * szLogonId)
         GetWindowsDirectory(filename, sizeof(filename));
     }
 
-    if ( strlen(filename) + strlen(szLogonId) + 2 > sizeof(filename) )
+    DebugEvent0(filename);
+    if ( strlen(filename) + strlen(szLogonId) + 2 > sizeof(filename) ) {
+	DebugEvent0("filename buffer too small");
         return;
+    }
 
     strcat(filename, "\\");
     strcat(filename, szLogonId);    
@@ -795,7 +792,7 @@ KFW_copy_cache_to_system_file(char * user, char * szLogonId)
     DeleteFile(filename);
 
     code = pkrb5_init_context(&ctx);
-    if (code) ctx = 0;
+    if (code) goto cleanup;
 
     code = pkrb5_parse_name(ctx, user, &princ);
     if (code) goto cleanup;
@@ -902,12 +899,6 @@ KFW_destroy_tickets_for_principal(char * user)
     if (!pkrb5_init_context)
         return 0;
 
-    if ( IsDebuggerPresent() ) {
-        OutputDebugString("KFW_destroy_tickets_for_user: ");
-        OutputDebugString(user);
-        OutputDebugString("\n");
-    }
-
     code = pkrb5_init_context(&ctx);
     if (code) ctx = 0;
 
diff --git a/src/windows/kfwlogon/kfwlogon.c b/src/windows/kfwlogon/kfwlogon.c
index 70b6234830..eddf273412 100644
--- a/src/windows/kfwlogon/kfwlogon.c
+++ b/src/windows/kfwlogon/kfwlogon.c
@@ -147,8 +147,11 @@ DWORD APIENTRY NPLogonNotify(
     if ( wcscmp(lpAuthentInfoType,L"MSV1_0:Interactive") && 
          wcscmp(lpAuthentInfoType,L"Kerberos:Interactive") )
     {
-        DebugEvent("Unsupported Authentication Info Type: %S",
-                   lpAuthentInfoType);
+	char msg[64];
+	WideCharToMultiByte(CP_ACP, 0, lpAuthentInfoType, 0, 
+			    msg, sizeof(msg), NULL, NULL);
+	msg[sizeof(msg)-1]='\0';
+        DebugEvent("NPLogonNotify - Unsupported Authentication Info Type: %s", msg);
         return 0;
     }
 
@@ -164,7 +167,7 @@ DWORD APIENTRY NPLogonNotify(
     UnicodeStringToANSI(IL->Password, password, MAX_PASSWORD_LENGTH);
     UnicodeStringToANSI(IL->LogonDomainName, logonDomain, MAX_DOMAIN_LENGTH);
 
-    /* Make sure AD-DOMANS sent from login that is sent to us is stripped */
+    /* Make sure AD-DOMAINS sent from login that is sent to us is stripped */
     ctemp = strchr(uname, '@');
     if (ctemp) *ctemp = 0;
 
@@ -177,13 +180,15 @@ DWORD APIENTRY NPLogonNotify(
     }
 
     code = KFW_get_cred(uname, password, 0, &reason);
-    DebugEvent("KFW_get_cred  uname=[%s] code=[%d]",uname, code);
+    DebugEvent("NPLogonNotify - KFW_get_cred  uname=[%s] code=[%d]",uname, code);
     
     /* remove any kerberos 5 tickets currently held by the SYSTEM account
      * for this user 
      */
-    sprintf(szLogonId,"kfwlogon-%d.%d",lpLogonId->HighPart, lpLogonId->LowPart);
-    KFW_copy_cache_to_system_file(uname, szLogonId);
+    if (!code) {
+	sprintf(szLogonId,"kfwlogon-%d.%d",lpLogonId->HighPart, lpLogonId->LowPart);
+	KFW_copy_cache_to_system_file(uname, szLogonId);
+    }
 
     KFW_destroy_tickets_for_principal(uname);
 
@@ -202,6 +207,11 @@ DWORD APIENTRY NPLogonNotify(
         SetLastError(code);
     }
 
+    if (code)
+	DebugEvent0("NPLogonNotify failure");
+    else
+	DebugEvent0("NPLogonNotify success");
+
     return code;
 }       
 
-- 
cgit