<?ifndef LeashLockFileLocations?>
<?define LeashLockFileLocations="0"?>
<?endif?>
- <?ifndef LeashMsLsaImport?>
- <?define LeashMsLsaImport="2"?>
- <?endif?>
<?ifndef LeashLifetime?>
<?define LeashLifetime="0"?>
<?endif?>
<!-- Leash config options -->
<ComponentRef Id="rcm_leash_2" />
<ComponentRef Id="rcm_leash_3" />
- <ComponentRef Id="rcm_leash_6" />
<ComponentRef Id="cmf_leash32_chm" />
<RegistryValue Id="reg_leash_3" Root="HKLM" Key="Software\MIT\Leash32\Settings" Name="AutoRenewTickets" Type="integer" Value="[LEASHAUTORENEWTICKETS]" KeyPath="yes"/>
<Condition>LEASHAUTORENEWTICKETS</Condition>
</Component>
- <Component Id="rcm_leash_6" Guid="$(var.rcm_leash_6_guid)" DiskId="1">
- <RegistryValue Id="reg_leash_6" Root="HKLM" Key="Software\MIT\Leash" Name="MsLsaImport" Type="integer" Value="[LEASHMSLSAIMPORT]" KeyPath="yes"/>
- <Condition>LEASHMSLSAIMPORT</Condition>
- </Component>
<Component Id="csc_LeashStartup" Guid="$(var.csc_LeashStartup_guid)" DiskId="1">
<RegistryValue Id="reg_sc_leash_marker" Root="HKCU" Key="$(var.KfwRegRoot)\Client\$(var.VersionString)" Name="LeashAutoStart" Type="integer" Value="1" KeyPath="yes" />
<Shortcut Id="sc_leash_exe_startup" Advertise="no" Directory="StartupFolder" Name="MIT Kerberos.lnk" Arguments="[LEASHAUTOINIT]" Target="[dirbin]MIT Kerberos.exe" Show="minimized" />
Setting: automatic ticket renewal
Values : '0' or '1'
- LEASHMSLSAIMPORT
- Setting: automatic importation of MSLSA credentials
- Values : '0', '1' or '2'
-
2.1.3 Leash32 DLL properties
LEASHLIFETIME
If '1', creates any missing configuration files.
- Value : MsLsaImport
- Type : DWORD (0, 1 or 2)
- Default : 1
-
- Controls how credentials are imported from the MSLSA cache.
- This setting can be one of the following.
-
- 0 : Never
- 1 : Always
- 2 : Only if the principal matches
-
- Note that this setting only controls how the Kerberos 5
- plug-in handles importing of credentials from the MSLSA cache.
- Whether or not credentials are imported at start-up is
- controlled via general NetIDMgr settings as described in
- section 3.1.1.
-
Value : MsLsaList
Type : DWORD (0 or 1)
Default : 1
<?define rcm_leash_3_guid="66D97178-E735-499b-961F-C7B8B8074E1A"?>
<?define rcm_leash_4_guid="D20180CC-B68D-4a6d-95E4-5EB07B9EADCD"?>
<?define rcm_leash_5_guid="AF3B73AE-86ED-42f5-987A-9831B8799D2F"?>
- <?define rcm_leash_6_guid="0C72D4F8-096B-4295-8F0A-6B5723A8593D"?>
<?define csc_LeashStartup_guid="228192C5-D847-4c46-A726-0E8211742349"?>
<?define cmf_leash32_hlp_guid="EF1B0ED6-9C01-4adb-9F11-C3FF07F669D5"?>
<?define cmf_leash32_chm_guid="769B54EB-9B96-4abe-9B72-9EF346C8C03D"?>
<?define rcm_leash_3_guid="9610A7E3-251F-4286-B776-1C3AF5DE7815"?>
<?define rcm_leash_4_guid="815AED84-2437-4EBC-B561-F847833DB3A5"?>
<?define rcm_leash_5_guid="A0D3D75F-762E-4D5C-909B-53E7396CEDB6"?>
- <?define rcm_leash_6_guid="F675C145-6F9D-4BC4-9DA0-CAFB47A96A71"?>
<?define csc_LeashStartup_guid="0DF73BCD-F34E-4B01-AA71-0EE08EB62F70"?>
<?define cmf_leash32_hlp_guid="919616D6-1605-4A79-8E33-C18A0D0F25E3"?>
<?define cmf_leash32_chm_guid="C50E5E0A-B822-4419-855B-1713637BCA6A"?>
<?ifdef UseDefaultProperties?>
<Property Id="LEASHCREATEMISSINGCONFIG" Admin="yes" Secure="yes">$(var.LeashCreateMissingConfig)</Property>
<Property Id="LEASHAUTORENEWTICKETS" Admin="yes" Secure="yes">$(var.LeashAutoRenewTickets)</Property>
- <Property Id="LEASHMSLSAIMPORT" Admin="yes" Secure="yes">$(var.LeashMsLsaImport)</Property>
<Property Id="LEASHLIFETIME" Admin="yes" Secure="yes">$(var.LeashLifetime)</Property>
<Property Id="LEASHRENEWTILL" Admin="yes" Secure="yes">$(var.LeashRenewTill)</Property>
<Property Id="LEASHRENEWABLE" Admin="yes" Secure="yes">$(var.LeashRenewable)</Property>
}
return TRUE;
}
- else if (0 == stricmp(optionParam+1, "ms2mit") ||
- 0 == stricmp(optionParam+1, "import") ||
- 0 == stricmp(optionParam+1, "m"))
- {
- if (!pLeash_importable()) {
- MessageBox(hMsg,
- "The Microsoft Logon Session does not support importing Ticket Getting Tickets!",
- "Error", MB_OK);
- return FALSE;
- }
-
- if (!pLeash_import())
- {
- MessageBox(hMsg,
- "There was an error importing tickets from the Microsoft Logon Session!",
- "Error", MB_OK);
- return FALSE;
- }
- return TRUE;
- }
else if (0 == stricmp(optionParam+1, "destroy") ||
0 == stricmp(optionParam+1, "d"))
{
"'-renew' or '-r' to perform ticket renewal (and exit)\n"
"'-destroy' or '-d' to perform ticket destruction (and exit)\n"
"'-autoinit' or '-a' to perform automatic ticket initialization\n"
- "'-console' or '-c' to attach a console for debugging\n"
- "'-ms2mit' or '-import' or '-m' to perform ticket importation (and exit)",
+ "'-console' or '-c' to attach a console for debugging\n",
"MIT Kerberos Error", MB_OK);
return FALSE;
}
"'-kinit' or '-i' to perform ticket initialization (and exit)\n"
"'-renew' or '-r' to perform ticket renewal (and exit)\n"
"'-destroy' or '-d' to perform ticket destruction (and exit)\n"
- "'-autoinit' or '-a' to perform automatic ticket initialization\n"
- "'-ms2mit' or '-import' or '-m' to perform ticket importation (and exit)",
+ "'-autoinit' or '-a' to perform automatic ticket initialization\n",
"MIT Kerberos Error", MB_OK);
return FALSE;
}
if (!ProcessShellCommand(cmdInfo))
return FALSE;
- // Check to see if there are any tickets in the cache
- // If not and the Windows Logon Session is Kerberos authenticated attempt an import
+ // Check to see if there are any tickets in the cache. If not and
+ // autoinitialization is enabled, display the initial tickets dialog.
{
if (WaitForSingleObject( ticketinfo.lockObj, INFINITE ) != WAIT_OBJECT_0)
throw("Unable to lock ticketinfo");
LeashKRB5FreeTicketInfo(&ticketinfo.Krb5);
ReleaseMutex(ticketinfo.lockObj);
- DWORD dwMsLsaImport = pLeash_get_default_mslsa_import();
-
- if ( b_autoinit && dwMsLsaImport && pLeash_importable() ) {
- // We have the option of importing tickets from the MSLSA
- // but should we? Do the tickets in the MSLSA cache belong
- // to the default realm used by Leash? If so, import.
- int import = 0;
-
- if ( dwMsLsaImport == 1 ) { /* always import */
- import = 1;
- } else if ( dwMsLsaImport == 2 ) { /* import when realms match */
- krb5_error_code code;
- krb5_ccache mslsa_ccache=0;
- krb5_principal princ = 0;
- char ms_realm[128] = "", *def_realm = 0, *r;
- int i;
-
- if (code = pkrb5_cc_resolve(CLeashApp::m_krbv5_context, "MSLSA:", &mslsa_ccache))
- goto cleanup;
-
- if (code = pkrb5_cc_get_principal(CLeashApp::m_krbv5_context, mslsa_ccache, &princ))
- goto cleanup;
-
- for ( r=ms_realm, i=0; i<krb5_princ_realm(CLeashApp::m_krb5v5_context, princ)->length; r++, i++ ) {
- *r = krb5_princ_realm(CLeashApp::m_krb5v5_context, princ)->data[i];
- }
- *r = '\0';
-
- if (code = pkrb5_get_default_realm(CLeashApp::m_krbv5_context, &def_realm))
- goto cleanup;
-
- import = !strcmp(def_realm, ms_realm);
-
- cleanup:
- if (def_realm)
- pkrb5_free_default_realm(CLeashApp::m_krbv5_context, def_realm);
-
- if (princ)
- pkrb5_free_principal(CLeashApp::m_krbv5_context, princ);
-
- if (mslsa_ccache)
- pkrb5_cc_close(CLeashApp::m_krbv5_context, mslsa_ccache);
- }
-
- if (import && pLeash_import()) {
- CLeashView::m_importedTickets = 1;
- ::PostMessage(m_pMainWnd->m_hWnd, WM_COMMAND, ID_UPDATE_DISPLAY, 0);
- b_autoinit = FALSE;
- }
- }
-
if (autoInit) {
if ( b_autoinit )
AfxBeginThread(InitWorker, m_pMainWnd->m_hWnd);
DECL_FUNC_PTR(Leash_timesync);
DECL_FUNC_PTR(Leash_get_default_uppercaserealm);
DECL_FUNC_PTR(Leash_set_default_uppercaserealm);
-DECL_FUNC_PTR(Leash_get_default_mslsa_import);
-DECL_FUNC_PTR(Leash_import);
-DECL_FUNC_PTR(Leash_importable);
DECL_FUNC_PTR(Leash_renew);
FUNC_INFO leash_fi[] = {
MAKE_FUNC_INFO(Leash_timesync),
MAKE_FUNC_INFO(Leash_get_default_uppercaserealm),
MAKE_FUNC_INFO(Leash_set_default_uppercaserealm),
- MAKE_FUNC_INFO(Leash_get_default_mslsa_import),
- MAKE_FUNC_INFO(Leash_import),
- MAKE_FUNC_INFO(Leash_importable),
MAKE_FUNC_INFO(Leash_renew),
END_FUNC_INFO
};
LeashKRB5FreeTicketInfo(&ticketinfo.Krb5);
ReleaseMutex(ticketinfo.lockObj);
- if ( !btickets ) {
- if ( pLeash_importable() ) {
- if (pLeash_import())
- CLeashView::m_importedTickets = 1;
- }
- else if ( ProbeKDC() ) {
- LSH_DLGINFO_EX ldi;
- ldi.size = LSH_DLGINFO_EX_V1_SZ;
- ldi.dlgtype = DLGTYPE_PASSWD;
- ldi.title = "MIT Kerberos: Get Ticket";
- ldi.username = NULL;
- ldi.realm = NULL;
- ldi.dlgtype = DLGTYPE_PASSWD;
- ldi.use_defaults = 1;
-
- pLeash_kinit_dlg_ex(hWnd, &ldi);
- }
- } else {
- if ( CLeashView::m_importedTickets && pLeash_importable() ) {
- if (pLeash_import())
- CLeashView::m_importedTickets = 1;
- }
- else if ( ProbeKDC() && !pLeash_renew() ) {
- LSH_DLGINFO_EX ldi;
- ldi.size = LSH_DLGINFO_EX_V1_SZ;
- ldi.dlgtype = DLGTYPE_PASSWD;
- ldi.title = "MIT Kerberos: Get Ticket";
- ldi.username = NULL;
- ldi.realm = NULL;
- ldi.dlgtype = DLGTYPE_PASSWD;
- ldi.use_defaults = 1;
-
- pLeash_kinit_dlg_ex(hWnd, &ldi);
- }
+ if (ProbeKDC() && (!btickets || !pLeash_renew())) {
+ LSH_DLGINFO_EX ldi;
+ ldi.size = LSH_DLGINFO_EX_V1_SZ;
+ ldi.dlgtype = DLGTYPE_PASSWD;
+ ldi.title = "MIT Kerberos: Get Ticket";
+ ldi.username = NULL;
+ ldi.realm = NULL;
+ ldi.dlgtype = DLGTYPE_PASSWD;
+ ldi.use_defaults = 1;
+
+ pLeash_kinit_dlg_ex(hWnd, &ldi);
}
return;
}
// Help
#define HID_GET_TICKETS_COMMAND 98343 // ID_INIT_TICKET + 65536
#define HID_RENEW_TICKETS_COMMAND 98312 // ID_RENEW_TICKET + 65536
-#define HID_IMPORT_TICKETS_COMMAND 98342 // ID_IMPORT_TICKET + 65536
#define HID_DESTROY_TICKETS_COMMAND 98313
#define HID_SYNCHRONIZE_TIME_OPTION 98314
#define HID_CHANGE_PASSWORD_COMMAND 98315
IDI_LEASH_TICKET_ENCRYPTION ICON "res\\encryption.ico"
IDI_TOOLBAR_INIT ICON "res\\new.ico"
IDI_TOOLBAR_RENEW ICON "res\\renew.ico"
-IDI_TOOLBAR_IMPORT ICON "res\\import.ico"
IDI_TOOLBAR_DESTROY ICON "res\\destroy.ico"
IDI_TOOLBAR_PASSWORD ICON "res\\password.ico"
IDI_TOOLBAR_REFRESH ICON "res\\refresh.ico"
IDI_TOOLBAR_SYNC ICON "res\\sync.ico"
IDI_TOOLBAR_INIT_DISABLED ICON "res\\new_disabled.ico"
IDI_TOOLBAR_RENEW_DISABLED ICON "res\\renew_disabled.ico"
-IDI_TOOLBAR_IMPORT_DISABLED ICON "res\\import_disabled.ico"
IDI_TOOLBAR_DESTROY_DISABLED ICON "res\\destroy_disabled.ico"
IDI_TOOLBAR_PASSWORD_DISABLED ICON "res\\password_disabled.ico"
IDI_TOOLBAR_REFRESH_DISABLED ICON "res\\refresh_disabled.ico"
BEGIN
MENUITEM "&Get Ticket(s)\tCtrl+T", ID_INIT_TICKET
MENUITEM "&Renew Ticket(s)\tCtrl+R", ID_RENEW_TICKET
- MENUITEM "&Import Ticket(s)\tCtrl+I", ID_IMPORT_TICKET
MENUITEM "&Destroy Ticket(s)\tCtrl+D", ID_DESTROY_TICKET
MENUITEM SEPARATOR
MENUITEM "&Change Password...", ID_CHANGE_PASSWORD
BEGIN
"C", ID_EDIT_COPY, VIRTKEY, CONTROL, NOINVERT
"D", ID_DESTROY_TICKET, VIRTKEY, CONTROL, NOINVERT
- "I", ID_IMPORT_TICKET, VIRTKEY, CONTROL, NOINVERT
"M", ID_MAKE_DEFAULT, VIRTKEY, CONTROL, NOINVERT
"N", ID_FILE_NEW, VIRTKEY, CONTROL, NOINVERT
"O", ID_FILE_OPEN, VIRTKEY, CONTROL, NOINVERT
BEGIN
BUTTON ID_INIT_TICKET
BUTTON ID_RENEW_TICKET
- BUTTON ID_IMPORT_TICKET
BUTTON ID_DESTROY_TICKET
SEPARATOR
BUTTON ID_CHANGE_PASSWORD
STRINGTABLE
BEGIN
ID_PROPERTIES "Enables you to change settings"
- ID_IMPORT_TICKET "import tickets from your Windows Logon Session.\n Import Tickets"
ID_INIT_TICKET "Obtain a new ticket\n Get Ticket"
ID_AUTO_RENEW "Automatically attempt to renew tickets.\n Automatic Ticket Renewal"
ID_TIME_ISSUED "Display column showing when your tickets will expire.\n Issued"
STRINGTABLE
BEGIN
ID_MAKE_DEFAULT "Make the selected principal the default principal.\n Make Default"
- ID_IMPORT_TICKETS "Automatically import tickets from your Windows Logon Session.\n Import Tickets"
ID_EXPORT_TICKET "Export tickets to your Windows Logon Sesion.\n Export Tickets"
- ID_AUTO_IMPORT_TICKET "Automatically import tickets from your Windows Logon Session.\n Automatic Import Tickets"
END
#endif // English (United States) resources
ON_WM_SHOWWINDOW()
ON_COMMAND(ID_INIT_TICKET, OnInitTicket)
ON_COMMAND(ID_RENEW_TICKET, OnRenewTicket)
- ON_COMMAND(ID_IMPORT_TICKET, OnImportTicket)
ON_COMMAND(ID_DESTROY_TICKET, OnDestroyTicket)
ON_COMMAND(ID_CHANGE_PASSWORD, OnChangePassword)
ON_COMMAND(ID_MAKE_DEFAULT, OnMakeDefault)
ON_UPDATE_COMMAND_UI(ID_KILL_TIX_ONEXIT, OnUpdateKillTixOnExit)
ON_WM_DESTROY()
ON_UPDATE_COMMAND_UI(ID_DESTROY_TICKET, OnUpdateDestroyTicket)
- ON_UPDATE_COMMAND_UI(ID_IMPORT_TICKET, OnUpdateImportTicket)
ON_UPDATE_COMMAND_UI(ID_INIT_TICKET, OnUpdateInitTicket)
ON_UPDATE_COMMAND_UI(ID_RENEW_TICKET, OnUpdateRenewTicket)
ON_COMMAND(ID_APP_ABOUT, OnAppAbout)
INT CLeashView::m_autoRenewTickets = 0;
BOOL CLeashView::m_lowTicketAlarmSound;
INT CLeashView::m_autoRenewalAttempted = 0;
-BOOL CLeashView::m_importedTickets = 0;
LONG CLeashView::m_timerMsgNotInProgress = 1;
ViewColumnInfo CLeashView::sm_viewColumns[] =
{
m_debugWindow = 0;
m_upperCaseRealm = 0;
m_lowTicketAlarm = 0;
- m_importedTickets = 0;
m_pDebugWindow = NULL;
m_pDebugWindow = new CLeashDebugWindow(this);
UINT CLeashView::InitTicket(void * hWnd)
{
- m_importedTickets = 0;
-
LSH_DLGINFO_EX ldi;
char username[64];
char realm[192];
return 0;
}
-VOID CLeashView::OnImportTicket()
-{
- try {
- ImportTicket(m_hWnd);
- }
- catch(...) {
- AfxMessageBox("Ticket Getting operation already in progress", MB_OK|MB_ICONWARNING, 0);
- }
-}
-
-UINT CLeashView::ImportTicket(void * hWnd)
-{
- if ( !CLeashApp::m_hKrb5DLL )
- return 0;
-
- krb5_error_code code;
- krb5_ccache mslsa_ccache=0;
- krb5_principal princ = 0;
- char * pname = 0;
-
- if (code = pkrb5_cc_resolve(CLeashApp::m_krbv5_context, "MSLSA:", &mslsa_ccache))
- goto cleanup;
-
- if (code = pkrb5_cc_get_principal(CLeashApp::m_krbv5_context, mslsa_ccache, &princ))
- goto cleanup;
-
- if (code = pkrb5_unparse_name(CLeashApp::m_krbv5_context, princ, &pname))
- goto cleanup;
-
-cleanup:
- if (pname)
- pkrb5_free_unparsed_name(CLeashApp::m_krbv5_context, pname);
-
- if (princ)
- pkrb5_free_principal(CLeashApp::m_krbv5_context, princ);
-
- if (mslsa_ccache)
- pkrb5_cc_close(CLeashApp::m_krbv5_context, mslsa_ccache);
-
- if ( code == 0 ) {
- int result = pLeash_import();
- if (-1 == result)
- {
- AfxMessageBox("There is a problem importing tickets!",
- MB_OK|MB_ICONSTOP);
- ::SendMessage((HWND)hWnd,WM_COMMAND, ID_UPDATE_DISPLAY, 0);
- m_importedTickets = 0;
- }
- else
- {
- if (WaitForSingleObject( ticketinfo.lockObj, INFINITE ) != WAIT_OBJECT_0) {
- throw("Unable to lock ticketinfo");
- }
- ticketinfo.Krb5.btickets = GOOD_TICKETS;
- m_warningOfTicketTimeLeftKrb5 = 0;
- m_ticketStatusKrb5 = 0;
- ReleaseMutex(ticketinfo.lockObj);
- ::SendMessage((HWND)hWnd, WM_COMMAND, ID_UPDATE_DISPLAY, 0);
-
- if (WaitForSingleObject( ticketinfo.lockObj, INFINITE ) != WAIT_OBJECT_0) {
- throw("Unable to lock ticketinfo");
- }
-
- if (ticketinfo.Krb5.btickets != GOOD_TICKETS) {
- ReleaseMutex(ticketinfo.lockObj);
- AfxBeginThread(InitTicket,hWnd);
- } else {
- ReleaseMutex(ticketinfo.lockObj);
- m_importedTickets = 1;
- m_autoRenewalAttempted = 0;
- }
- }
- }
- return 0;
-}
-
static UINT krenew(void *param)
{
char *ccache_name = (char *)param;
krb5_creds my_creds;
krb5_data *realm = 0;
- // @TODO: logic to check for imported tickets and auto-renew/re-import
- // from MSLSA
-
memset(&my_creds, 0, sizeof(krb5_creds));
if (ccache_name == NULL)
// Bad param
return 0;
}
- // If imported from Kerberos LSA, re-import
- // Otherwise, init the tickets
- if ( m_importedTickets )
- AfxBeginThread(ImportTicket,hWnd);
- else
- AfxBeginThread(InitTicket,hWnd);
+ AfxBeginThread(InitTicket,hWnd);
return 0;
}
SendMessage(WM_COMMAND, ID_UPDATE_DISPLAY, 0);
}
}
- m_importedTickets = 0;
m_autoRenewalAttempted = 0;
}
pCmdUI->Enable(enable);
}
-VOID CLeashView::OnUpdateImportTicket(CCmdUI* pCmdUI)
-{
- bool ccIsMSLSA = false;
-
- if (CLeashApp::m_krbv5_context)
- {
- const char *ccName = pkrb5_cc_default_name(CLeashApp::m_krbv5_context);
-
- if (ccName)
- ccIsMSLSA = !strcmp(ccName, "MSLSA:");
- }
-
- if (!CLeashApp::m_hKrbLSA || !pLeash_importable() || ccIsMSLSA)
- pCmdUI->Enable(FALSE);
- else
- pCmdUI->Enable(TRUE);
-}
-
LRESULT CLeashView::OnGoodbye(WPARAM wParam, LPARAM lParam)
{
m_pDebugWindow->DestroyWindow();
else
nFlags = MF_STRING;
menu->AppendMenu(nFlags, ID_RENEW_TICKET, "&Renew Tickets");
- if (!CLeashApp::m_hKrbLSA || !pLeash_importable())
- nFlags = MF_STRING | MF_GRAYED;
- else
- nFlags = MF_STRING;
- menu->AppendMenu(MF_STRING, ID_IMPORT_TICKET, "&Import Tickets");
if (!ticketinfo.Krb5.btickets)
nFlags = MF_STRING | MF_GRAYED;
else
// Attributes
public:
- static BOOL m_importedTickets;
-
CLeashView();
//LeashDoc* GetDocument();
afx_msg VOID OnClose(void);
afx_msg VOID OnInitTicket();
afx_msg VOID OnRenewTicket();
- afx_msg VOID OnImportTicket();
afx_msg VOID OnDestroyTicket();
afx_msg VOID OnMakeDefault();
afx_msg VOID OnChangePassword();
afx_msg VOID OnKillTixOnExit();
afx_msg VOID OnDestroy();
afx_msg VOID OnUpdateDestroyTicket(CCmdUI* pCmdUI);
- afx_msg VOID OnUpdateImportTicket(CCmdUI* pCmdUI);
afx_msg VOID OnUpdateInitTicket(CCmdUI* pCmdUI);
afx_msg VOID OnUpdateRenewTicket(CCmdUI* pCmdUI);
afx_msg VOID OnUpdateTimeIssued(CCmdUI* pCmdUI);
extern DECL_FUNC_PTR(Leash_timesync);
extern DECL_FUNC_PTR(Leash_get_default_uppercaserealm);
extern DECL_FUNC_PTR(Leash_set_default_uppercaserealm);
-extern DECL_FUNC_PTR(Leash_get_default_mslsa_import);
-extern DECL_FUNC_PTR(Leash_import);
-extern DECL_FUNC_PTR(Leash_importable);
extern DECL_FUNC_PTR(Leash_renew);
// psapi functions
#define IDB_BITMAP1 239
#define IDI_TOOLBAR_INIT 240
#define IDI_TOOLBAR_RENEW 241
-#define IDI_TOOLBAR_IMPORT 242
#define IDI_TOOLBAR_DESTROY 243
#define IDI_TOOLBAR_PASSWORD 244
#define IDI_TOOLBAR_REFRESH 245
#define IDI_TOOLBAR_SYNC 246
#define IDI_TOOLBAR_INIT_DISABLED 247
#define IDI_TOOLBAR_RENEW_DISABLED 248
-#define IDI_TOOLBAR_IMPORT_DISABLED 249
#define IDI_TOOLBAR_DESTROY_DISABLED 250
#define IDI_TOOLBAR_PASSWORD_DISABLED 251
#define IDI_TOOLBAR_REFRESH_DISABLED 252
#define IDC_EDIT_RENEW_MAX_M 1200
#define IDC_EDIT_LIFETIME_M 1201
#define IDC_EDIT_RENEWTILL_M 1202
-#define IDC_RADIO_MSLSA_IMPORT_OFF 1203
-#define IDC_RADIO_MSLSA_IMPORT_ON 1204
-#define IDC_RADIO_MSLSA_IMPORT_MATCH 1205
#define IDC_STATIC_LEASH_MSLSA 1206
#define IDC_LEASH_MAINVIEW 1207
#define IDC_LIST3 1208
#define ID_HELP_FIND 32803
#define ID_HELP_LEASH32 32804
#define ID_HELP_WHYUSELEASH32 32805
-#define ID_IMPORT_TICKET 32806
#define ID_INIT_TICKET 32807
#define ID_AUTO_RENEW 32808
#define ID_OBTAIN_TGT_WITH_LPARAM 32809
#define ID_VALID_UNTIL 32828
#define ID_MAKE_DEFAULT 32835
#define ID_CHECK2 32836
-#define ID_IMPORT_TICKETS 32836
#define ID_EXPORT_TICKET 32837
-#define ID_AUTO_IMPORT_TICKET 32838
-#define ID_AUTO_IMPORT_TICKETS 32840
#define ID_CCACHE_NAME 32841
// Next default values for new objects
}
-BOOL
-Leash_ms2mit(BOOL save_creds)
-{
- krb5_context kcontext = 0;
- krb5_error_code code;
- krb5_ccache ccache=0;
- krb5_ccache mslsa_ccache=0;
- krb5_creds creds;
- krb5_cc_cursor cursor=0;
- krb5_principal princ = 0;
- BOOL rc = FALSE;
-
- if ( !pkrb5_init_context )
- goto cleanup;
-
- if (code = pkrb5_init_context(&kcontext))
- goto cleanup;
-
- if (code = pkrb5_cc_resolve(kcontext, "MSLSA:", &mslsa_ccache))
- goto cleanup;
-
- if ( save_creds ) {
- if (code = pkrb5_cc_get_principal(kcontext, mslsa_ccache, &princ))
- goto cleanup;
-
- if (code = pkrb5_cc_default(kcontext, &ccache))
- goto cleanup;
-
- if (code = pkrb5_cc_initialize(kcontext, ccache, princ))
- goto cleanup;
-
- if (code = pkrb5_cc_copy_creds(kcontext, mslsa_ccache, ccache))
- goto cleanup;
-
- rc = TRUE;
- } else {
- /* Enumerate tickets from cache looking for an initial ticket */
- if ((code = pkrb5_cc_start_seq_get(kcontext, mslsa_ccache, &cursor)))
- goto cleanup;
-
- while (!(code = pkrb5_cc_next_cred(kcontext, mslsa_ccache, &cursor, &creds)))
- {
- if ( creds.ticket_flags & TKT_FLG_INITIAL ) {
- rc = TRUE;
- pkrb5_free_cred_contents(kcontext, &creds);
- break;
- }
- pkrb5_free_cred_contents(kcontext, &creds);
- }
- pkrb5_cc_end_seq_get(kcontext, mslsa_ccache, &cursor);
- }
-
- cleanup:
- if (princ)
- pkrb5_free_principal(kcontext, princ);
- if (ccache)
- pkrb5_cc_close(kcontext, ccache);
- if (mslsa_ccache)
- pkrb5_cc_close(kcontext, mslsa_ccache);
- if (kcontext)
- pkrb5_free_context(kcontext);
- return(rc);
-}
-
-
/* User Query data structures and functions */
struct textField {
// Function Prototypes.
int DoNiftyErrorReport(long errnum, LPSTR what);
LONG Leash_timesync(int);
-BOOL Leash_ms2mit(BOOL);
// Crap...
#include <krb5.h>
/* Must match the values used in Leash32.exe */
#define LEASH_SETTINGS_REGISTRY_KEY_NAME "Software\\MIT\\Leash32\\Settings"
#define LEASH_SETTINGS_REGISTRY_VALUE_UPPERCASEREALM "UpperCaseRealm"
-#define LEASH_SETTINGS_REGISTRY_VALUE_MSLSA_IMPORT "MsLsaImport"
/* These values are defined and used within Leashw32.dll */
#define LEASH_REGISTRY_KEY_NAME "Software\\MIT\\Leash"
LSH_DEFAULT_DIALOG_RENEW_MAX "43200"
LSH_DEFAULT_TICKET_RENEW "1"
LSH_DEFAULT_UPPERCASEREALM "1"
- LSH_DEFAULT_MSLSA_IMPORT "2"
LSH_DEFAULT_PRESERVE_KINIT "0"
END
}
-// This looks really ugly because it is. The result of IsKerberosLogon()
-// does not prove whether or not there are Kerberos tickets available to
-// be imported. Only the call to Leash_ms2mit() which actually attempts
-// to import tickets can do that. However, calling Leash_ms2mit() can
-// result in a TGS_REQ being sent to the KDC and since Leash_importable()
-// is called quite often we want to avoid this if at all possible.
-// Unfortunately, we have be shown at least one case in which the primary
-// authentication package was not Kerberos and yet there were Kerberos
-// tickets available. Therefore, if IsKerberosLogon() is not TRUE we
-// must call Leash_ms2mit() but we still do not want to call it in a
-// tight loop so we cache the response and assume it won't change.
-
-// 2007-03-21
-// And the nightmare goes on. On Vista the Lsa call we use to determine
-// whether or not Kerberos was used for logon fails to return and worse
-// corrupts the stack. Therefore, we must now test to see if the
-// operating system is Vista and skip the call to IsKerberosLogon()
-// if it is.
long FAR
Leash_importable(void)
{
- if (IsProcessUacLimited())
- return FALSE;
-
- if ( !IsWindowsVista() && IsKerberosLogon() )
- return TRUE;
- else {
- static int response = -1;
- if (response == -1) {
- response = Leash_ms2mit(0);
- }
- return response;
- }
+ /* Import functionality has been removed. */
+ return FALSE;
}
long FAR
Leash_import(void)
{
- if ( Leash_ms2mit(1) ) {
- int lifetime;
- lifetime = Leash_get_default_lifetime() / 5;
- return 1;
- }
+ /* Import functionality has been removed. */
return 0;
}
return 1;
}
-static
-BOOL
-get_default_mslsa_import_from_registry(
- HKEY hBaseKey,
- DWORD * result
- )
-{
- return get_DWORD_from_registry(hBaseKey,
- LEASH_SETTINGS_REGISTRY_KEY_NAME,
- LEASH_SETTINGS_REGISTRY_VALUE_MSLSA_IMPORT,
- result);
-}
-
DWORD
Leash_reset_default_mslsa_import(
)
{
- HKEY hKey;
- LONG rc;
-
- rc = RegOpenKeyEx(HKEY_CURRENT_USER, LEASH_SETTINGS_REGISTRY_KEY_NAME, 0, KEY_WRITE, &hKey);
- if (rc)
- return rc;
-
- rc = RegDeleteValue(hKey, LEASH_SETTINGS_REGISTRY_VALUE_MSLSA_IMPORT);
- RegCloseKey(hKey);
-
- return rc;
+ return ERROR_INVALID_FUNCTION;
}
DWORD
DWORD onoffmatch
)
{
- HKEY hKey;
- LONG rc;
-
- rc = RegCreateKeyEx(HKEY_CURRENT_USER, LEASH_SETTINGS_REGISTRY_KEY_NAME, 0,
- 0, 0, KEY_WRITE, 0, &hKey, 0);
- if (rc)
- return rc;
-
- rc = RegSetValueEx(hKey, LEASH_SETTINGS_REGISTRY_VALUE_MSLSA_IMPORT, 0, REG_DWORD,
- (LPBYTE) &onoffmatch, sizeof(DWORD));
- RegCloseKey(hKey);
-
- return rc;
+ return ERROR_INVALID_FUNCTION;
}
DWORD
Leash_get_default_mslsa_import(
)
{
- HMODULE hmLeash;
- DWORD result;
-
- if (get_default_mslsa_import_from_registry(HKEY_CURRENT_USER, &result) ||
- get_default_mslsa_import_from_registry(HKEY_LOCAL_MACHINE, &result))
- {
- return result;
- }
-
- hmLeash = GetModuleHandle(LEASH_DLL);
- if (hmLeash)
- {
- char mslsa_import[80];
- if (LoadString(hmLeash, LSH_DEFAULT_MSLSA_IMPORT,
- mslsa_import, sizeof(mslsa_import)))
- {
- mslsa_import[sizeof(mslsa_import) - 1] = 0;
- return atoi(mslsa_import);
- }
- }
- return 2; /* import only when mslsa realm matches default */
+ return 0;
}
Leash_reset_default_renew_min();
Leash_reset_default_renew_max();
Leash_reset_default_uppercaserealm();
- Leash_reset_default_mslsa_import();
Leash_reset_default_preserve_kinit_settings();
}
static void
acquire_tkt_no_princ(krb5_context context, char * ccname, int cclen)
{
- TicketList *list = NULL;
krb5_context ctx;
- DWORD dwMsLsaImport = Leash_get_default_mslsa_import();
DWORD gle;
char ccachename[272]="";
char loginenv[16];
}
haveTickets = cc_default_have_tickets(ctx);
- if ((!haveTickets) &&
- dwMsLsaImport && Leash_importable() ) {
- // We have the option of importing tickets from the MSLSA
- // but should we? Do the tickets in the MSLSA cache belong
- // to the default realm used by Leash? Does the default
- // ccache name specify a principal name? Only import if we
- // aren't going to break the default identity as specified
- // by the user in Network Identity Manager.
- int import = 0;
- BOOL isCCPrinc;
-
- /* Determine if the default ccachename is principal name. If so, don't
- * import the MSLSA: credentials into it unless the names match.
- */
- isCCPrinc = (strncmp("API:",ccachename, 4) == 0 && strchr(ccachename, '@'));
-
- if ( dwMsLsaImport == 1 && !isCCPrinc ) { /* always import */
- import = 1;
- } else if ( dwMsLsaImport ) { /* import when realms match */
- krb5_error_code code;
- krb5_ccache mslsa_ccache=NULL;
- krb5_principal princ = NULL;
- char *mslsa_principal = NULL;
- char ms_realm[128] = "", *def_realm = NULL, *r;
- size_t i;
-
- if (code = pkrb5_cc_resolve(ctx, "MSLSA:", &mslsa_ccache))
- goto cleanup;
-
- if (code = pkrb5_cc_get_principal(ctx, mslsa_ccache, &princ))
- goto cleanup;
-
- for ( r=ms_realm, i=0; i<krb5_princ_realm(ctx, princ)->length; r++, i++ ) {
- *r = krb5_princ_realm(ctx, princ)->data[i];
- }
- *r = '\0';
-
- if (code = pkrb5_get_default_realm(ctx, &def_realm))
- goto cleanup;
-
- if (code = pkrb5_unparse_name(ctx, princ, &mslsa_principal))
- goto cleanup;
-
- import = (!isCCPrinc && !strcmp(def_realm, ms_realm)) ||
- (isCCPrinc && !strcmp(&ccachename[4], mslsa_principal));
-
- cleanup:
- if (mslsa_principal)
- pkrb5_free_unparsed_name(ctx, mslsa_principal);
-
- if (def_realm)
- pkrb5_free_default_realm(ctx, def_realm);
-
- if (princ)
- pkrb5_free_principal(ctx, princ);
-
- if (mslsa_ccache)
- pkrb5_cc_close(ctx, mslsa_ccache);
- }
-
- if ( import ) {
- Leash_import();
- haveTickets = cc_default_have_tickets(ctx);
- }
- }
if ( prompt && !haveTickets ) {
acquire_tkt_send_msg(ctx, NULL, ccachename, NULL, ccname, cclen);
projects / thirdparty / krb5.git / commitdiff
