From 250fdf95725849dfc0936adbfb3a0a921bc613d5 Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Sun, 1 Feb 2004 05:40:48 +0000 Subject: * Do not perform ticket importing if the initial TGT is not available from the MSLSA krb5_ccache. This will be the case if the session key enctype is NULL. (AllowTGTSessionKey regkey = 0) ticket: new target: 1.3.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15994 dc483132-0cff-0310-8789-dd5450dbe970 --- src/windows/ms2mit/ChangeLog | 6 ++++++ src/windows/ms2mit/ms2mit.c | 44 ++++++++++++++++++++++++++++++++++++++++++-- 2 files changed, 48 insertions(+), 2 deletions(-) (limited to 'src/windows') diff --git a/src/windows/ms2mit/ChangeLog b/src/windows/ms2mit/ChangeLog index 71577d979d..d7ac6af443 100644 --- a/src/windows/ms2mit/ChangeLog +++ b/src/windows/ms2mit/ChangeLog @@ -1,3 +1,9 @@ +2004-01-31 Jeffrey Altman + + * ms2mit.c: Do not allow ticket importing of the Initial TGT cannot + be obtained. The MSLSA krb5_ccache will not export the Initial TGT + if the session key enctype is NULL. + 2003-12-11 Jeffrey Altman * ms2mit.c, Makefile.in: diff --git a/src/windows/ms2mit/ms2mit.c b/src/windows/ms2mit/ms2mit.c index 4674a4b712..3d3809e6a5 100644 --- a/src/windows/ms2mit/ms2mit.c +++ b/src/windows/ms2mit/ms2mit.c @@ -39,36 +39,76 @@ main( krb5_error_code code; krb5_ccache ccache=NULL; krb5_ccache mslsa_ccache=NULL; - krb5_get_init_creds_opt opts; krb5_principal princ; + int initial_ticket = 0; if (code = krb5_init_context(&kcontext)) { com_err(argv[0], code, "while initializing kerberos library"); exit(1); } - krb5_get_init_creds_opt_init(&opts); if (code = krb5_cc_resolve(kcontext, "MSLSA:", &mslsa_ccache)) { com_err(argv[0], code, "while opening MS LSA ccache"); + krb5_free_context(kcontext); + exit(1); + } + + /* Enumerate tickets from cache looking for an initial ticket */ + if ((code = krb5_cc_start_seq_get(kcontext, mslsa_ccache, &cursor))) { + com_err(argv[0], code, "while initiating the cred sequence of MS LSA ccache"); + krb5_cc_close(kcontext, mslsa_ccache); + krb5_free_context(kcontext); + exit(1); + } + + while (!(code = krb5_cc_next_cred(kcontext, mslsa_ccache, &cursor, &creds))) + { + if ( creds.ticket_flags & TKT_FLG_INITIAL ) { + krb5_free_cred_contents(kcontext, &creds); + initial_ticket = 1; + break; + } + krb5_free_cred_contents(kcontext, &creds); + } + krb5_cc_end_seq_get(kcontext, mslsa_ccache, &cursor); + + if ( !initial_ticket ) { + fprintf(stderr, "%s: Initial Ticket Getting Tickets are not available from the MS LSA\n", + argv[0]); + krb5_cc_close(kcontext, mslsa_ccache); + krb5_free_context(kcontext); exit(1); } if (code = krb5_cc_get_principal(kcontext, mslsa_ccache, &princ)) { com_err(argv[0], code, "while obtaining MS LSA principal"); + krb5_cc_close(kcontext, mslsa_ccache); + krb5_free_context(kcontext); exit(1); } if (code = krb5_cc_default(kcontext, &ccache)) { com_err(argv[0], code, "while getting default ccache"); + krb5_free_principal(kcontext, princ); + krb5_cc_close(kcontext, mslsa_ccache); + krb5_free_context(kcontext); exit(1); } if (code = krb5_cc_initialize(kcontext, ccache, princ)) { com_err (argv[0], code, "when initializing ccache"); + krb5_free_principal(kcontext, princ); + krb5_cc_close(kcontext, mslsa_ccache); + krb5_cc_close(kcontext, ccache); + krb5_free_context(kcontext); exit(1); } if (code = krb5_cc_copy_creds(kcontext, mslsa_ccache, ccache)) { com_err (argv[0], code, "while copying MS LSA ccache to default ccache"); + krb5_free_principal(kcontext, princ); + krb5_cc_close(kcontext, ccache); + krb5_cc_close(kcontext, mslsa_ccache); + krb5_free_context(kcontext); exit(1); } -- cgit