diff options
| author | Jeffrey Altman <jaltman@secure-endpoints.com> | 2005-12-02 10:34:34 +0000 |
|---|---|---|
| committer | Jeffrey Altman <jaltman@secure-endpoints.com> | 2005-12-02 10:34:34 +0000 |
| commit | 469a923cec9900a48204578e4f4c0656d11fb89b (patch) | |
| tree | 80df51b3e779c91f51cf69bd96acde44d37aa6bf /src/windows/identity/plugins | |
| parent | b5f6a77b27b8b942c0179f99131edca986f916d1 (diff) | |
| download | krb5-469a923cec9900a48204578e4f4c0656d11fb89b.tar.gz krb5-469a923cec9900a48204578e4f4c0656d11fb89b.tar.xz krb5-469a923cec9900a48204578e4f4c0656d11fb89b.zip | |
Network Identity Manager updates for KFW 3.0 Beta 3
Fix the handling of case sensitive names being stored in the
registry. Only apply case sensitive encoding logic to the
keys below the NetIdMgr key.
Fix the importing of credentials from MSLSA:
Apply an ugly hack to krb5configcc.c that forces _WIN32_WINNT
to 0x0501 for the one file so that the executable can be built
as APPVER=5.0 and yet still gain access to balloon tips on XP
and above.
ticket: new
component: windows
status: open
target_version: 1.4.4
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17535 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/windows/identity/plugins')
| -rw-r--r-- | src/windows/identity/plugins/common/dynimport.c | 80 | ||||
| -rw-r--r-- | src/windows/identity/plugins/common/dynimport.h | 1 | ||||
| -rw-r--r-- | src/windows/identity/plugins/common/krb5common.c | 3 | ||||
| -rw-r--r-- | src/windows/identity/plugins/krb5/krb5configcc.c | 66 | ||||
| -rw-r--r-- | src/windows/identity/plugins/krb5/krb5funcs.c | 98 | ||||
| -rw-r--r-- | src/windows/identity/plugins/krb5/krb5identpro.c | 2 | ||||
| -rw-r--r-- | src/windows/identity/plugins/krb5/krb5main.c | 4 | ||||
| -rw-r--r-- | src/windows/identity/plugins/krb5/krb5newcreds.c | 65 | ||||
| -rw-r--r-- | src/windows/identity/plugins/krb5/krb5plugin.c | 18 | ||||
| -rw-r--r-- | src/windows/identity/plugins/krb5/krbcred.h | 4 |
10 files changed, 232 insertions, 109 deletions
diff --git a/src/windows/identity/plugins/common/dynimport.c b/src/windows/identity/plugins/common/dynimport.c index ed5110e66..b906b6ae9 100644 --- a/src/windows/identity/plugins/common/dynimport.c +++ b/src/windows/identity/plugins/common/dynimport.c @@ -91,6 +91,7 @@ DECL_FUNC_PTR(krb5_get_init_creds_password); DECL_FUNC_PTR(krb5_get_prompt_types);
DECL_FUNC_PTR(krb5_build_principal_ext);
DECL_FUNC_PTR(krb5_cc_get_name);
+DECL_FUNC_PTR(krb5_cc_get_type);
DECL_FUNC_PTR(krb5_cc_resolve);
DECL_FUNC_PTR(krb5_cc_default);
DECL_FUNC_PTR(krb5_cc_default_name);
@@ -190,36 +191,36 @@ FUNC_INFO ccapi_fi[] = { FUNC_INFO k4_fi[] = {
MAKE_FUNC_INFO(get_krb_err_txt_entry),
- MAKE_FUNC_INFO(k_isinst),
- MAKE_FUNC_INFO(k_isname),
- MAKE_FUNC_INFO(k_isrealm),
- MAKE_FUNC_INFO(kadm_change_your_password),
- MAKE_FUNC_INFO(kname_parse),
- MAKE_FUNC_INFO(krb_get_cred),
- MAKE_FUNC_INFO(krb_get_krbhst),
- MAKE_FUNC_INFO(krb_get_lrealm),
- MAKE_FUNC_INFO(krb_get_pw_in_tkt),
- MAKE_FUNC_INFO(krb_get_tf_realm),
- MAKE_FUNC_INFO(krb_mk_req),
- MAKE_FUNC_INFO(krb_realmofhost),
- MAKE_FUNC_INFO(tf_init),
- MAKE_FUNC_INFO(tf_close),
- MAKE_FUNC_INFO(tf_get_cred),
- MAKE_FUNC_INFO(tf_get_pname),
- MAKE_FUNC_INFO(tf_get_pinst),
- MAKE_FUNC_INFO(LocalHostAddr),
- MAKE_FUNC_INFO(tkt_string),
- MAKE_FUNC_INFO(krb_set_tkt_string),
- MAKE_FUNC_INFO(initialize_krb_error_func),
- MAKE_FUNC_INFO(initialize_kadm_error_table),
- MAKE_FUNC_INFO(dest_tkt),
- /* MAKE_FUNC_INFO(lsh_LoadKrb4LeashErrorTables), */// XXX
- MAKE_FUNC_INFO(krb_in_tkt),
- MAKE_FUNC_INFO(krb_save_credentials),
- MAKE_FUNC_INFO(krb_get_krbconf2),
- MAKE_FUNC_INFO(krb_get_krbrealm2),
- MAKE_FUNC_INFO(krb_life_to_time),
- END_FUNC_INFO
+ MAKE_FUNC_INFO(k_isinst),
+ MAKE_FUNC_INFO(k_isname),
+ MAKE_FUNC_INFO(k_isrealm),
+ MAKE_FUNC_INFO(kadm_change_your_password),
+ MAKE_FUNC_INFO(kname_parse),
+ MAKE_FUNC_INFO(krb_get_cred),
+ MAKE_FUNC_INFO(krb_get_krbhst),
+ MAKE_FUNC_INFO(krb_get_lrealm),
+ MAKE_FUNC_INFO(krb_get_pw_in_tkt),
+ MAKE_FUNC_INFO(krb_get_tf_realm),
+ MAKE_FUNC_INFO(krb_mk_req),
+ MAKE_FUNC_INFO(krb_realmofhost),
+ MAKE_FUNC_INFO(tf_init),
+ MAKE_FUNC_INFO(tf_close),
+ MAKE_FUNC_INFO(tf_get_cred),
+ MAKE_FUNC_INFO(tf_get_pname),
+ MAKE_FUNC_INFO(tf_get_pinst),
+ MAKE_FUNC_INFO(LocalHostAddr),
+ MAKE_FUNC_INFO(tkt_string),
+ MAKE_FUNC_INFO(krb_set_tkt_string),
+ MAKE_FUNC_INFO(initialize_krb_error_func),
+ MAKE_FUNC_INFO(initialize_kadm_error_table),
+ MAKE_FUNC_INFO(dest_tkt),
+ /* MAKE_FUNC_INFO(lsh_LoadKrb4LeashErrorTables), */// XXX
+ MAKE_FUNC_INFO(krb_in_tkt),
+ MAKE_FUNC_INFO(krb_save_credentials),
+ MAKE_FUNC_INFO(krb_get_krbconf2),
+ MAKE_FUNC_INFO(krb_get_krbrealm2),
+ MAKE_FUNC_INFO(krb_life_to_time),
+ END_FUNC_INFO
};
FUNC_INFO k5_fi[] = {
@@ -234,6 +235,7 @@ FUNC_INFO k5_fi[] = { MAKE_FUNC_INFO(krb5_get_prompt_types),
MAKE_FUNC_INFO(krb5_build_principal_ext),
MAKE_FUNC_INFO(krb5_cc_get_name),
+ MAKE_FUNC_INFO(krb5_cc_get_type),
MAKE_FUNC_INFO(krb5_cc_resolve),
MAKE_FUNC_INFO(krb5_cc_default),
MAKE_FUNC_INFO(krb5_cc_default_name),
@@ -290,8 +292,8 @@ FUNC_INFO k5_fi[] = { FUNC_INFO k524_fi[] = {
MAKE_FUNC_INFO(krb524_init_ets),
- MAKE_FUNC_INFO(krb524_convert_creds_kdc),
- END_FUNC_INFO
+ MAKE_FUNC_INFO(krb524_convert_creds_kdc),
+ END_FUNC_INFO
};
FUNC_INFO profile_fi[] = {
@@ -312,8 +314,8 @@ FUNC_INFO profile_fi[] = { FUNC_INFO ce_fi[] = {
MAKE_FUNC_INFO(com_err),
- MAKE_FUNC_INFO(error_message),
- END_FUNC_INFO
+ MAKE_FUNC_INFO(error_message),
+ END_FUNC_INFO
};
FUNC_INFO service_fi[] = {
@@ -327,11 +329,11 @@ FUNC_INFO service_fi[] = { FUNC_INFO lsa_fi[] = {
MAKE_FUNC_INFO(LsaConnectUntrusted),
- MAKE_FUNC_INFO(LsaLookupAuthenticationPackage),
- MAKE_FUNC_INFO(LsaCallAuthenticationPackage),
- MAKE_FUNC_INFO(LsaFreeReturnBuffer),
- MAKE_FUNC_INFO(LsaGetLogonSessionData),
- END_FUNC_INFO
+ MAKE_FUNC_INFO(LsaLookupAuthenticationPackage),
+ MAKE_FUNC_INFO(LsaCallAuthenticationPackage),
+ MAKE_FUNC_INFO(LsaFreeReturnBuffer),
+ MAKE_FUNC_INFO(LsaGetLogonSessionData),
+ END_FUNC_INFO
};
// psapi functions
diff --git a/src/windows/identity/plugins/common/dynimport.h b/src/windows/identity/plugins/common/dynimport.h index 99aad9aed..778bff324 100644 --- a/src/windows/identity/plugins/common/dynimport.h +++ b/src/windows/identity/plugins/common/dynimport.h @@ -203,6 +203,7 @@ extern DECL_FUNC_PTR(krb5_get_init_creds_password); extern DECL_FUNC_PTR(krb5_get_prompt_types);
extern DECL_FUNC_PTR(krb5_build_principal_ext);
extern DECL_FUNC_PTR(krb5_cc_get_name);
+extern DECL_FUNC_PTR(krb5_cc_get_type);
extern DECL_FUNC_PTR(krb5_cc_resolve);
extern DECL_FUNC_PTR(krb5_cc_default);
extern DECL_FUNC_PTR(krb5_cc_default_name);
diff --git a/src/windows/identity/plugins/common/krb5common.c b/src/windows/identity/plugins/common/krb5common.c index 6019c928e..cb9d86bc5 100644 --- a/src/windows/identity/plugins/common/krb5common.c +++ b/src/windows/identity/plugins/common/krb5common.c @@ -139,6 +139,9 @@ khm_krb5_initialize(khm_handle ident, } while(FALSE);
}
+#ifndef FAILOVER_TO_DEFAULT_CCACHE
+ rc = 1;
+#endif
if (*cache == 0
#ifdef FAILOVER_TO_DEFAULT_CCACHE
&& (rc = (*pkrb5_cc_default)(*ctx, cache))
diff --git a/src/windows/identity/plugins/krb5/krb5configcc.c b/src/windows/identity/plugins/krb5/krb5configcc.c index 256f6b75e..66e7a08d0 100644 --- a/src/windows/identity/plugins/krb5/krb5configcc.c +++ b/src/windows/identity/plugins/krb5/krb5configcc.c @@ -24,6 +24,11 @@ /* $Id$ */
+#if _WIN32_WINNT < 0x501
+#undef _WIN32_WINNT
+#define _WIN32_WINNT 0x501
+#endif
+
#include<krbcred.h>
#include<krb5.h>
#include<assert.h>
@@ -381,42 +386,63 @@ k5_ccconfig_dlgproc(HWND hwnd, /* not there. we need to add. but check a few things
first */
if (!PathFileExists(path)) {
- EDITBALLOONTIP bt;
wchar_t title[64];
wchar_t text[128];
- bt.cbStruct = sizeof(bt);
- bt.pszTitle = title;
LoadString(hResModule, IDS_CFG_FCN_WARNING,
title, ARRAYLENGTH(title));
- bt.pszText = text;
+
LoadString(hResModule, IDS_CFG_FCN_W_NOTFOUND,
text, ARRAYLENGTH(text));
- bt.ttiIcon = TTI_WARNING;
-
- SendDlgItemMessage(hwnd, IDC_CFG_FCNAME,
- EM_SHOWBALLOONTIP,
- 0,
- (LPARAM) &bt);
-
+#if _WIN32_WINNT >= 0x501
+ if (IS_COMMCTL6())
+ {
+ EDITBALLOONTIP bt;
+
+ bt.cbStruct = sizeof(bt);
+ bt.pszTitle = title;
+ bt.pszText = text;
+ bt.ttiIcon = TTI_WARNING;
+
+ SendDlgItemMessage(hwnd, IDC_CFG_FCNAME,
+ EM_SHOWBALLOONTIP,
+ 0,
+ (LPARAM) &bt);
+ } else {
+#endif
+ MessageBox(hwnd, text, title, MB_OK | MB_ICONWARNING);
+#if _WIN32_WINNT >= 0x501
+ }
+#endif
} else if (PathIsRelative(path)) {
- EDITBALLOONTIP bt;
wchar_t title[64];
wchar_t text[128];
- bt.cbStruct = sizeof(bt);
- bt.pszTitle = title;
LoadString(hResModule, IDS_CFG_FCN_WARNING,
title, ARRAYLENGTH(title));
- bt.pszText = text;
LoadString(hResModule, IDS_CFG_FCN_W_RELATIVE,
text, ARRAYLENGTH(text));
- bt.ttiIcon = TTI_WARNING;
- SendDlgItemMessage(hwnd, IDC_CFG_FCNAME,
- EM_SHOWBALLOONTIP,
- 0,
- (LPARAM) &bt);
+#if _WIN32_WINNT >= 0x501
+ if (IS_COMMCTL6())
+ {
+ EDITBALLOONTIP bt;
+
+ bt.cbStruct = sizeof(bt);
+ bt.pszTitle = title;
+ bt.pszText = text;
+ bt.ttiIcon = TTI_WARNING;
+
+ SendDlgItemMessage(hwnd, IDC_CFG_FCNAME,
+ EM_SHOWBALLOONTIP,
+ 0,
+ (LPARAM) &bt);
+ } else {
+#endif
+ MessageBox(hwnd, text, title, MB_OK | MB_ICONWARNING);
+#if _WIN32_WINNT >= 0x501
+ }
+#endif
}
k5_add_file_cc(&d->work, path);
diff --git a/src/windows/identity/plugins/krb5/krb5funcs.c b/src/windows/identity/plugins/krb5/krb5funcs.c index d1a897d63..3dfea750c 100644 --- a/src/windows/identity/plugins/krb5/krb5funcs.c +++ b/src/windows/identity/plugins/krb5/krb5funcs.c @@ -206,17 +206,17 @@ int com_addr(void) static long get_tickets_from_cache(krb5_context ctx,
krb5_ccache cache)
{
- krb5_error_code code;
- krb5_principal KRBv5Principal;
- krb5_flags flags = 0;
- krb5_cc_cursor KRBv5Cursor;
- krb5_creds KRBv5Credentials;
+ krb5_error_code code;
+ krb5_principal KRBv5Principal;
+ krb5_flags flags = 0;
+ krb5_cc_cursor KRBv5Cursor;
+ krb5_creds KRBv5Credentials;
krb5_ticket *tkt=NULL;
- char *ClientName;
- char *PrincipalName;
- wchar_t wbuf[256]; /* temporary conversion buffer */
- wchar_t *wcc_name = NULL; /* credential cache name */
- char *sServerName;
+ char *ClientName;
+ char *PrincipalName;
+ wchar_t wbuf[256]; /* temporary conversion buffer */
+ wchar_t wcc_name[KRB5_MAXCCH_CCNAME]; /* credential cache name */
+ char *sServerName;
khm_handle ident = NULL;
khm_handle cred = NULL;
time_t tt;
@@ -231,18 +231,28 @@ static long get_tickets_from_cache(krb5_context ctx, #endif
{
- char * cc_name;
- size_t namelen;
+ const char * cc_name;
+ const char * cc_type;
cc_name = (*pkrb5_cc_get_name)(ctx, cache);
if(cc_name) {
- namelen = strlen(cc_name);
- namelen = (namelen + 1 + 5) * sizeof(wchar_t);
- /* the +5 is for the possible addtion of API: or FILE:
- during the cannonicalization process */
- wcc_name = PMALLOC(namelen);
- AnsiStrToUnicode(wcc_name, namelen, cc_name);
- khm_krb5_canon_cc_name(wcc_name, namelen);
+ cc_type = (*pkrb5_cc_get_type)(ctx, cache);
+ if (cc_type) {
+ StringCbPrintf(wcc_name, sizeof(wcc_name), L"%S:%S", cc_type, cc_name);
+ } else {
+ AnsiStrToUnicode(wcc_name, sizeof(wcc_name), cc_name);
+ khm_krb5_canon_cc_name(wcc_name, sizeof(wcc_name));
+ }
+ } else {
+ cc_type = (*pkrb5_cc_get_type)(ctx, cache);
+ if (cc_type) {
+ StringCbPrintf(wcc_name, sizeof(wcc_name), L"%S:", cc_type);
+ } else {
+#ifdef DEBUG
+ assert(FALSE);
+#endif
+ StringCbCopy(wcc_name, sizeof(wcc_name), L"");
+ }
}
}
@@ -543,8 +553,6 @@ static long get_tickets_from_cache(krb5_context ctx, }
_exit:
- if(wcc_name)
- PFREE(wcc_name);
return code;
}
@@ -1507,30 +1515,60 @@ khm_krb5_ms2mit(BOOL save_creds) char *princ_name = NULL;
BOOL rc = FALSE;
+#ifdef DEBUG
+ kherr_debug_printf(L"Begin : khm_krb5_ms2mit. save_cred=%d\n", (int) save_creds);
+#endif
if ( !pkrb5_init_context )
goto cleanup;
if (code = pkrb5_init_context(&kcontext))
goto cleanup;
+#ifdef DEBUG
+ kherr_debug_printf(L"Resolving MSLSA\n");
+#endif
if (code = pkrb5_cc_resolve(kcontext, "MSLSA:", &mslsa_ccache))
goto cleanup;
if ( save_creds ) {
- if (code = pkrb5_cc_get_principal(kcontext, mslsa_ccache, &princ))
+#ifdef DEBUG
+ kherr_debug_printf(L"Getting principal\n");
+#endif
+ if (code = pkrb5_cc_get_principal(kcontext, mslsa_ccache, &princ))
goto cleanup;
- if (code = pkrb5_unparse_name(kcontext, princ, &princ_name))
+#ifdef DEBUG
+ kherr_debug_printf(L"Unparsing name\n");
+#endif
+ if (code = pkrb5_unparse_name(kcontext, princ, &princ_name))
goto cleanup;
+#ifdef DEBUG
+ kherr_debug_printf(L"Unparsed [%S]. Resolving target cache\n", princ_name);
+#endif
/* TODO: actually look up the preferred ccache name */
- if ((code = pkrb5_cc_resolve(kcontext, princ_name, &ccache)) ||
- (code = pkrb5_cc_default(kcontext, &ccache)))
- goto cleanup;
+ if (code = pkrb5_cc_resolve(kcontext, princ_name, &ccache)) {
+#ifdef DEBUG
+ kherr_debug_printf(L"Cannot resolve cache [%S] with code=%d. Trying default.\n", princ_name, code);
+#endif
+
+ if (code = pkrb5_cc_default(kcontext, &ccache)) {
+#ifdef DEBUG
+ kherr_debug_printf(L"Failed to resolve default ccache. Code=%d", code);
+#endif
+ goto cleanup;
+ }
+ }
+#ifdef DEBUG
+ kherr_debug_printf(L"Initializing ccache\n");
+#endif
if (code = pkrb5_cc_initialize(kcontext, ccache, princ))
goto cleanup;
+#ifdef DEBUG
+ kherr_debug_printf(L"Copying credentials\n");
+#endif
if (code = pkrb5_cc_copy_creds(kcontext, mslsa_ccache, ccache))
goto cleanup;
@@ -1540,8 +1578,8 @@ khm_krb5_ms2mit(BOOL save_creds) if ((code = pkrb5_cc_start_seq_get(kcontext, mslsa_ccache, &cursor)))
goto cleanup;
- while (!(code = pkrb5_cc_next_cred(kcontext, mslsa_ccache, &cursor, &creds)))
- {
+ while (!(code = pkrb5_cc_next_cred(kcontext, mslsa_ccache,
+ &cursor, &creds))) {
if ( creds.ticket_flags & TKT_FLG_INITIAL ) {
rc = TRUE;
pkrb5_free_cred_contents(kcontext, &creds);
@@ -1553,6 +1591,10 @@ khm_krb5_ms2mit(BOOL save_creds) }
cleanup:
+#ifdef DEBUG
+ kherr_debug_printf(L" Received code=%d", code);
+#endif
+
if (princ_name)
pkrb5_free_unparsed_name(kcontext, princ_name);
if (princ)
diff --git a/src/windows/identity/plugins/krb5/krb5identpro.c b/src/windows/identity/plugins/krb5/krb5identpro.c index dd4782e6f..858243daf 100644 --- a/src/windows/identity/plugins/krb5/krb5identpro.c +++ b/src/windows/identity/plugins/krb5/krb5identpro.c @@ -438,7 +438,7 @@ ui_cb(khui_new_creds * nc, NULL,
&cb_ms);
- if (rv != KHM_ERROR_TOO_LONG)
+ if (rv != KHM_ERROR_TOO_LONG || cb_ms <= sizeof(wchar_t) * 2)
goto _add_lru_realms;
ms = PMALLOC(cb_ms);
diff --git a/src/windows/identity/plugins/krb5/krb5main.c b/src/windows/identity/plugins/krb5/krb5main.c index 7bf121dd0..d324857fe 100644 --- a/src/windows/identity/plugins/krb5/krb5main.c +++ b/src/windows/identity/plugins/krb5/krb5main.c @@ -60,6 +60,8 @@ khm_handle csp_params = NULL; BOOL is_k5_identpro = TRUE;
+khm_ui_4 k5_commctl_version;
+
kmm_module_locale locales[] = {
LOCALE_DEF(MAKELANGID(LANG_ENGLISH,SUBLANG_ENGLISH_US), L"krb5cred_en_us.dll", KMM_MLOC_FLAG_DEFAULT)
};
@@ -86,6 +88,8 @@ KHMEXP khm_int32 KHMAPI init_module(kmm_module h_module) { } else
goto _exit;
+ k5_commctl_version = khm_get_commctl_version(NULL);
+
/* register the plugin */
ZeroMemory(&pi, sizeof(pi));
pi.name = KRB5_PLUGIN_NAME;
diff --git a/src/windows/identity/plugins/krb5/krb5newcreds.c b/src/windows/identity/plugins/krb5/krb5newcreds.c index fc36d2c20..a08fb91d9 100644 --- a/src/windows/identity/plugins/krb5/krb5newcreds.c +++ b/src/windows/identity/plugins/krb5/krb5newcreds.c @@ -1771,6 +1771,18 @@ k5_msg_cred_dialog(khm_int32 msg_type, khm_krb5_list_tickets(&ctx);
+ /* If there is no default identity, then make this the default */
+ kcdb_identity_refresh(nc->identities[0]);
+ {
+ khm_handle tdefault = NULL;
+
+ if (KHM_SUCCEEDED(kcdb_identity_get_default(&tdefault))) {
+ kcdb_identity_release(tdefault);
+ } else {
+ kcdb_identity_set_default(nc->identities[0]);
+ }
+ }
+
/* also add the principal and the realm in to the
LRU lists */
rv = kcdb_identity_get_name(nc->identities[0],
@@ -1808,11 +1820,14 @@ k5_msg_cred_dialog(khm_int32 msg_type, assert(KHM_SUCCEEDED(rv));
if (multi_string_find(wbuf,
- idname,
- KHM_CASE_SENSITIVE)
- != NULL)
- /* it's already there */
- goto _add_realm_to_LRU;
+ idname,
+ KHM_CASE_SENSITIVE)
+ != NULL) {
+ /* it's already there. We remove it here
+ and add it at the top of the LRU
+ list. */
+ multi_string_delete(wbuf, idname, KHM_CASE_SENSITIVE);
+ }
} else {
multi_string_init(wbuf, cb_ms);
}
@@ -1825,13 +1840,14 @@ k5_msg_cred_dialog(khm_int32 msg_type, L"LRUPrincipals",
wbuf);
- _add_realm_to_LRU:
-
atsign = wcschr(idname, L'@');
- assert(atsign != NULL);
+ if (atsign != NULL)
+ goto _done_with_LRU;
atsign++;
- assert(*atsign != L'\0');
+
+ if (*atsign == L'\0')
+ goto _done_with_LRU;
cb = cb_ms;
rv = khc_read_multi_string(csp_params,
@@ -1854,25 +1870,28 @@ k5_msg_cred_dialog(khm_int32 msg_type, assert(KHM_SUCCEEDED(rv));
} else if (rv == KHM_ERROR_SUCCESS) {
if (multi_string_find(wbuf,
- atsign,
- KHM_CASE_SENSITIVE)
- != NULL)
- goto _done_with_LRU;
+ atsign,
+ KHM_CASE_SENSITIVE)
+ != NULL) {
+ /* remove the realm and add it at the top
+ later. */
+ multi_string_delete(wbuf, atsign, KHM_CASE_SENSITIVE);
+ }
} else {
multi_string_init(wbuf, cb_ms);
}
cb = cb_ms;
rv = multi_string_prepend(wbuf,
- &cb,
- atsign);
+ &cb,
+ atsign);
if (rv == KHM_ERROR_TOO_LONG) {
- wbuf = realloc(wbuf, cb);
+ wbuf = PREALLOC(wbuf, cb);
rv = multi_string_prepend(wbuf,
- &cb,
- atsign);
+ &cb,
+ atsign);
assert(KHM_SUCCEEDED(rv));
}
@@ -2201,7 +2220,15 @@ k5_msg_cred_dialog(khm_int32 msg_type, case KMSG_CRED_IMPORT:
{
- khm_krb5_ms2mit(TRUE);
+ khm_int32 t = 0;
+
+#ifdef DEBUG
+ assert(csp_params);
+#endif
+ khc_read_int32(csp_params, L"MsLsaImport", &t);
+
+ if (t == 1)
+ khm_krb5_ms2mit(TRUE);
}
break;
}
diff --git a/src/windows/identity/plugins/krb5/krb5plugin.c b/src/windows/identity/plugins/krb5/krb5plugin.c index ecfde2f5a..e58e69f34 100644 --- a/src/windows/identity/plugins/krb5/krb5plugin.c +++ b/src/windows/identity/plugins/krb5/krb5plugin.c @@ -31,6 +31,10 @@ #include<strsafe.h>
#include<krb5.h>
+#ifdef DEBUG
+#include<assert.h>
+#endif
+
khm_int32 credtype_id_krb5 = KCDB_CREDTYPE_INVALID;
khm_boolean krb5_initialized = FALSE;
khm_handle krb5_credset = NULL;
@@ -141,10 +145,20 @@ k5_msg_system(khm_int32 msg_type, khm_int32 msg_subtype, }
if(k5_main_fiber != NULL) {
-#if (_WIN32_WINNT >= 0x0501)
- ConvertFiberToThread();
+
+ if (k5_kinit_fiber) {
+#ifdef DEBUG
+ assert(k5_kinit_fiber != GetCurrentFiber());
+#endif
+#if CLEANUP_FIBERS_ON_EXIT
+ DeleteFiber(k5_kinit_fiber);
+ CloseHandle(k5_kinit_fiber);
#endif
+ k5_kinit_fiber = NULL;
+ }
+
k5_main_fiber = NULL;
+
}
if(k5_sub != NULL) {
diff --git a/src/windows/identity/plugins/krb5/krbcred.h b/src/windows/identity/plugins/krb5/krbcred.h index 7efc360a0..7ab035c8c 100644 --- a/src/windows/identity/plugins/krb5/krbcred.h +++ b/src/windows/identity/plugins/krb5/krbcred.h @@ -93,6 +93,10 @@ extern khm_int32 attr_id_addr_list; extern khm_int32 attr_id_krb5_flags;
extern khm_int32 attr_id_krb5_ccname;
+extern khm_ui_4 k5_commctl_version;
+
+#define IS_COMMCTL6() (k5_commctl_version >= 0x60000)
+
/* Configuration spaces */
#define CSNAME_KRB5CRED L"Krb5Cred"
#define CSNAME_PARAMS L"Parameters"
|