From: Tom Yu Date: Mon, 23 Jul 2012 18:56:10 +0000 (-0400) Subject: Add krb5int_cc_user_set_default_name X-Git-Tag: krb5-1.10.3-final~21 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=39f14ba4a3c3f8edc954ea11b3a02f472f1a4299;p=thirdparty%2Fkrb5.git Add krb5int_cc_user_set_default_name Set the default credential cache name for all processes for the current user. Currently implemented, for windows only, by setting HKEY_CURRENT_USER\Software\MIT\Kerberos5:ccname to the specified ccache name. This will not override the environment variable 'KRB5CCNAME'. It will override HKEY_LOCAL_MACHINE and 'indirect' registry values. Signed-off-by: Kevin Wasserman (cherry picked from commit 80097093062822dde3f1140d250023576e52f59c) ticket: 7199 version_fixed: 1.10.3 status: resolved --- diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 12fbbc8241..7cb1ed4ed3 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -2389,6 +2389,9 @@ typedef struct _krb5_donot_replay { krb5_timestamp ctime; } krb5_donot_replay; +krb5_error_code KRB5_CALLCONV +krb5int_cc_user_set_default_name(krb5_context context, const char *name); + krb5_error_code krb5_rc_default(krb5_context, krb5_rcache *); krb5_error_code krb5_rc_resolve_type(krb5_context, krb5_rcache *,char *); krb5_error_code krb5_rc_resolve_full(krb5_context, krb5_rcache *,char *); diff --git a/src/lib/krb5/os/ccdefname.c b/src/lib/krb5/os/ccdefname.c index c46013381f..0c69c73897 100644 --- a/src/lib/krb5/os/ccdefname.c +++ b/src/lib/krb5/os/ccdefname.c @@ -81,6 +81,32 @@ static int get_from_registry_indirect(char *name_buf, int name_size) return 1; } +static const char *key_path = "Software\\MIT\\Kerberos5"; +static const char *value_name = "ccname"; +static int +set_to_registry( + HKEY hBaseKey, + const char *name_buf +) +{ + HRESULT result; + HKEY hKey; + + if ((result = RegCreateKeyEx(hBaseKey, key_path, 0, NULL, + REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL, + &hKey, NULL)) != ERROR_SUCCESS) { + return 0; + } + if (RegSetValueEx(hKey, value_name, 0, REG_SZ, name_buf, + strlen(name_buf)+1) != ERROR_SUCCESS) { + RegCloseKey(hKey); + return 0; + } + RegCloseKey(hKey); + return 1; +} + + /* * get_from_registry * @@ -97,8 +123,6 @@ get_from_registry( { HKEY hKey; DWORD name_buf_size = (DWORD)name_size; - const char *key_path = "Software\\MIT\\Kerberos5"; - const char *value_name = "ccname"; if (RegOpenKeyEx(hBaseKey, key_path, 0, KEY_QUERY_VALUE, &hKey) != ERROR_SUCCESS) @@ -143,7 +167,7 @@ try_dir( static krb5_error_code get_from_os(char *name_buf, unsigned int name_size) { char *prefix = krb5_cc_dfl_ops->prefix; - int size; + unsigned int size; char *p; DWORD gle; @@ -179,7 +203,7 @@ static krb5_error_code get_from_os(char *name_buf, unsigned int name_size) if (!try_dir(getenv("TEMP"), p, size) && !try_dir(getenv("TMP"), p, size)) { - int len = GetWindowsDirectory(p, size); + unsigned int len = GetWindowsDirectory(p, size); name_buf[name_size - 1] = 0; if (len < size - sizeof(APPEND_KRB5CC)) strcat(p, APPEND_KRB5CC); @@ -237,6 +261,32 @@ static krb5_error_code get_from_os(char *name_buf, unsigned int name_size) #endif #endif +#if defined(_WIN32) +static void set_for_os(const char *name) +{ + set_to_registry(HKEY_CURRENT_USER, name); +} +#else +static void set_for_os(const char *name) +{ + // @TODO +} +#endif + +/* + * Set the default ccache name for all processes for the current user + * (and the current context) + */ +krb5_error_code KRB5_CALLCONV +krb5int_cc_user_set_default_name(krb5_context context, const char *name) +{ + krb5_error_code code = 0; + if ((code = krb5_cc_set_default_name(context, name))) + return code; + set_for_os(name); + return code; +} + krb5_error_code KRB5_CALLCONV krb5_cc_set_default_name(krb5_context context, const char *name) { diff --git a/src/lib/krb5_32.def b/src/lib/krb5_32.def index 8ff1b1c9d0..d899c3a092 100644 --- a/src/lib/krb5_32.def +++ b/src/lib/krb5_32.def @@ -424,3 +424,6 @@ EXPORTS krb5_pac_sign @395 krb5_find_authdata @396 krb5_check_clockskew @397 + +; New for 1.10.3 / KfW 4.0 + krb5int_cc_user_set_default_name @404 ; PRIVATE LEASH