summaryrefslogtreecommitdiffstats
path: root/src/lib
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/krb5/ccache/ChangeLog15
-rw-r--r--src/lib/krb5/ccache/cc_mslsa.c31
2 files changed, 36 insertions, 10 deletions
diff --git a/src/lib/krb5/ccache/ChangeLog b/src/lib/krb5/ccache/ChangeLog
index c7ba3ac6a..e3b86e6ee 100644
--- a/src/lib/krb5/ccache/ChangeLog
+++ b/src/lib/krb5/ccache/ChangeLog
@@ -1,3 +1,18 @@
+2004-02-02 Jeffrey Altman <jaltman@mit.edu>
+
+ * cc_mslsa.c: the MSLSA code was crashing on Pismere machines when
+ logging on with cross realm credentials. On these machines there are
+ 8 tickets within the LSA cache from two different realms. One of the
+ krbtgt/CLIENT-REALM@CLIENT-REALM tickets (not the Initial ticket but
+ a Forwarded ticket) is inaccessible to the ms2mit.exe and leash32.exe
+ processes. The attempt to access the ticket returns a SubStatus code
+ of STATUS_LOGON_FAILURE (0xC000006DL) which is supposed to mean that
+ the logon attempt was invalid due to bad authentication information.
+ kerbtray has no problem listing this ticket. The other seven tickets
+ in the cache including the Initial Ticket are accessible. Modified
+ krb5_lcc_next_cred() to skip to the next ticket if an attempt to read
+ a single ticket fails.
+
2004-01-31 Jeffrey Altman <jaltman@mit.edu>
* cc_mslsa.c: Optimize the get next logic by storing a handle to
diff --git a/src/lib/krb5/ccache/cc_mslsa.c b/src/lib/krb5/ccache/cc_mslsa.c
index c0df862f5..9c3a57bb9 100644
--- a/src/lib/krb5/ccache/cc_mslsa.c
+++ b/src/lib/krb5/ccache/cc_mslsa.c
@@ -62,6 +62,7 @@
#define SECURITY_WIN32
#include <security.h>
#include <ntsecapi.h>
+#include <ntstatus.h>
#define MAX_MSG_SIZE 256
#define MAX_MSPRINC_SIZE 1024
@@ -1265,18 +1266,25 @@ krb5_lcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor,
krb5_lcc_cursor *lcursor = (krb5_lcc_cursor *) *cursor;
krb5_lcc_data *data = (krb5_lcc_data *)id->data;
KERB_EXTERNAL_TICKET *msticket;
+ krb5_error_code retval = KRB5_OK;
next_cred:
- if ( lcursor->index >= lcursor->response->CountOfTickets )
- return KRB5_CC_END;
+ if ( lcursor->index >= lcursor->response->CountOfTickets ) {
+ if (retval == KRB5_OK)
+ return KRB5_CC_END;
+ else {
+ LsaFreeReturnBuffer(lcursor->mstgt);
+ LsaFreeReturnBuffer(lcursor->response);
+ free(*cursor);
+ *cursor = 0;
+ return retval;
+ }
+ }
if (!GetMSCacheTicketFromCacheInfo(data->LogonHandle, data->PackageId,
&lcursor->response->Tickets[lcursor->index++],&msticket)) {
- LsaFreeReturnBuffer(lcursor->mstgt);
- LsaFreeReturnBuffer(lcursor->response);
- free(*cursor);
- *cursor = 0;
- return KRB5_FCC_INTERNAL;
+ retval = KRB5_FCC_INTERNAL;
+ goto next_cred;
}
/* Don't return tickets with NULL Session Keys */
@@ -1309,10 +1317,13 @@ krb5_lcc_end_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *curso
{
krb5_lcc_cursor *lcursor = (krb5_lcc_cursor *) *cursor;
- LsaFreeReturnBuffer(lcursor->mstgt);
- LsaFreeReturnBuffer(lcursor->response);
- free(*cursor);
+ if ( lcursor ) {
+ LsaFreeReturnBuffer(lcursor->mstgt);
+ LsaFreeReturnBuffer(lcursor->response);
+ free(*cursor);
+ }
*cursor = 0;
+
return KRB5_OK;
}
generated by cgit (git 2.34.1) at 2026-03-09 10:05:54 +0000