From f9655f08340d9789d53cdf156abfbab12751566b Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Wed, 19 Aug 2020 23:03:28 -0400 Subject: [PATCH] Remove Leash import functionality Copying tickets from the MSLSA cache to another cache is no longer possible in most circumstances, and the Leash ribbon UI does not have an import button. Remove all remaining support for importing tickets. ticket: 8940 (new) --- src/windows/installer/wix/config.wxi | 3 - src/windows/installer/wix/features.wxi | 1 - src/windows/installer/wix/files.wxi | 4 - .../installer/wix/msi-deployment-guide.txt | 21 --- src/windows/installer/wix/platform.wxi | 2 - src/windows/installer/wix/property.wxi | 1 - src/windows/leash/Leash.cpp | 132 ++------------ src/windows/leash/Leash.h | 1 - src/windows/leash/Leash.rc | 8 - src/windows/leash/LeashView.cpp | 116 +----------- src/windows/leash/LeashView.h | 4 - src/windows/leash/Lglobals.h | 3 - src/windows/leash/res/import.ico | Bin 2862 -> 0 bytes src/windows/leash/res/import_disabled.ico | Bin 2862 -> 0 bytes src/windows/leash/resource.h | 9 - src/windows/leashdll/krb5routines.c | 65 ------- src/windows/leashdll/leash-int.h | 2 - src/windows/leashdll/lsh_pwd.rc | 1 - src/windows/leashdll/lshfunc.c | 167 +----------------- 19 files changed, 22 insertions(+), 518 deletions(-) delete mode 100644 src/windows/leash/res/import.ico delete mode 100644 src/windows/leash/res/import_disabled.ico diff --git a/src/windows/installer/wix/config.wxi b/src/windows/installer/wix/config.wxi index f7ee93dccd..c789668bea 100644 --- a/src/windows/installer/wix/config.wxi +++ b/src/windows/installer/wix/config.wxi @@ -104,9 +104,6 @@ - - - diff --git a/src/windows/installer/wix/features.wxi b/src/windows/installer/wix/features.wxi index 5aa5f6fe4f..5b0747a6a9 100644 --- a/src/windows/installer/wix/features.wxi +++ b/src/windows/installer/wix/features.wxi @@ -103,7 +103,6 @@ - diff --git a/src/windows/installer/wix/files.wxi b/src/windows/installer/wix/files.wxi index ad656a14a7..947bed565f 100644 --- a/src/windows/installer/wix/files.wxi +++ b/src/windows/installer/wix/files.wxi @@ -185,10 +185,6 @@ LEASHAUTORENEWTICKETS - - - LEASHMSLSAIMPORT - diff --git a/src/windows/installer/wix/msi-deployment-guide.txt b/src/windows/installer/wix/msi-deployment-guide.txt index fd376a6b06..2d3bb866e2 100644 --- a/src/windows/installer/wix/msi-deployment-guide.txt +++ b/src/windows/installer/wix/msi-deployment-guide.txt @@ -180,10 +180,6 @@ Kerberos for Windows Setting: automatic ticket renewal Values : '0' or '1' - LEASHMSLSAIMPORT - Setting: automatic importation of MSLSA credentials - Values : '0', '1' or '2' - 2.1.3 Leash32 DLL properties LEASHLIFETIME @@ -650,23 +646,6 @@ Kerberos for Windows If '1', creates any missing configuration files. - Value : MsLsaImport - Type : DWORD (0, 1 or 2) - Default : 1 - - Controls how credentials are imported from the MSLSA cache. - This setting can be one of the following. - - 0 : Never - 1 : Always - 2 : Only if the principal matches - - Note that this setting only controls how the Kerberos 5 - plug-in handles importing of credentials from the MSLSA cache. - Whether or not credentials are imported at start-up is - controlled via general NetIDMgr settings as described in - section 3.1.1. - Value : MsLsaList Type : DWORD (0 or 1) Default : 1 diff --git a/src/windows/installer/wix/platform.wxi b/src/windows/installer/wix/platform.wxi index 493354e72a..8d21fd233d 100644 --- a/src/windows/installer/wix/platform.wxi +++ b/src/windows/installer/wix/platform.wxi @@ -66,7 +66,6 @@ - @@ -142,7 +141,6 @@ - diff --git a/src/windows/installer/wix/property.wxi b/src/windows/installer/wix/property.wxi index 2ed32f7b1b..6c362f902e 100644 --- a/src/windows/installer/wix/property.wxi +++ b/src/windows/installer/wix/property.wxi @@ -60,7 +60,6 @@ $(var.LeashCreateMissingConfig) $(var.LeashAutoRenewTickets) - $(var.LeashMsLsaImport) $(var.LeashLifetime) $(var.LeashRenewTill) $(var.LeashRenewable) diff --git a/src/windows/leash/Leash.cpp b/src/windows/leash/Leash.cpp index 5aada73891..9ba1e9a676 100644 --- a/src/windows/leash/Leash.cpp +++ b/src/windows/leash/Leash.cpp @@ -238,26 +238,6 @@ BOOL CLeashApp::InitInstance() } return TRUE; } - else if (0 == stricmp(optionParam+1, "ms2mit") || - 0 == stricmp(optionParam+1, "import") || - 0 == stricmp(optionParam+1, "m")) - { - if (!pLeash_importable()) { - MessageBox(hMsg, - "The Microsoft Logon Session does not support importing Ticket Getting Tickets!", - "Error", MB_OK); - return FALSE; - } - - if (!pLeash_import()) - { - MessageBox(hMsg, - "There was an error importing tickets from the Microsoft Logon Session!", - "Error", MB_OK); - return FALSE; - } - return TRUE; - } else if (0 == stricmp(optionParam+1, "destroy") || 0 == stricmp(optionParam+1, "d")) { @@ -306,8 +286,7 @@ BOOL CLeashApp::InitInstance() "'-renew' or '-r' to perform ticket renewal (and exit)\n" "'-destroy' or '-d' to perform ticket destruction (and exit)\n" "'-autoinit' or '-a' to perform automatic ticket initialization\n" - "'-console' or '-c' to attach a console for debugging\n" - "'-ms2mit' or '-import' or '-m' to perform ticket importation (and exit)", + "'-console' or '-c' to attach a console for debugging\n", "MIT Kerberos Error", MB_OK); return FALSE; } @@ -318,8 +297,7 @@ BOOL CLeashApp::InitInstance() "'-kinit' or '-i' to perform ticket initialization (and exit)\n" "'-renew' or '-r' to perform ticket renewal (and exit)\n" "'-destroy' or '-d' to perform ticket destruction (and exit)\n" - "'-autoinit' or '-a' to perform automatic ticket initialization\n" - "'-ms2mit' or '-import' or '-m' to perform ticket importation (and exit)", + "'-autoinit' or '-a' to perform automatic ticket initialization\n", "MIT Kerberos Error", MB_OK); return FALSE; } @@ -394,8 +372,8 @@ BOOL CLeashApp::InitInstance() if (!ProcessShellCommand(cmdInfo)) return FALSE; - // Check to see if there are any tickets in the cache - // If not and the Windows Logon Session is Kerberos authenticated attempt an import + // Check to see if there are any tickets in the cache. If not and + // autoinitialization is enabled, display the initial tickets dialog. { if (WaitForSingleObject( ticketinfo.lockObj, INFINITE ) != WAIT_OBJECT_0) throw("Unable to lock ticketinfo"); @@ -404,57 +382,6 @@ BOOL CLeashApp::InitInstance() LeashKRB5FreeTicketInfo(&ticketinfo.Krb5); ReleaseMutex(ticketinfo.lockObj); - DWORD dwMsLsaImport = pLeash_get_default_mslsa_import(); - - if ( b_autoinit && dwMsLsaImport && pLeash_importable() ) { - // We have the option of importing tickets from the MSLSA - // but should we? Do the tickets in the MSLSA cache belong - // to the default realm used by Leash? If so, import. - int import = 0; - - if ( dwMsLsaImport == 1 ) { /* always import */ - import = 1; - } else if ( dwMsLsaImport == 2 ) { /* import when realms match */ - krb5_error_code code; - krb5_ccache mslsa_ccache=0; - krb5_principal princ = 0; - char ms_realm[128] = "", *def_realm = 0, *r; - int i; - - if (code = pkrb5_cc_resolve(CLeashApp::m_krbv5_context, "MSLSA:", &mslsa_ccache)) - goto cleanup; - - if (code = pkrb5_cc_get_principal(CLeashApp::m_krbv5_context, mslsa_ccache, &princ)) - goto cleanup; - - for ( r=ms_realm, i=0; ilength; r++, i++ ) { - *r = krb5_princ_realm(CLeashApp::m_krb5v5_context, princ)->data[i]; - } - *r = '\0'; - - if (code = pkrb5_get_default_realm(CLeashApp::m_krbv5_context, &def_realm)) - goto cleanup; - - import = !strcmp(def_realm, ms_realm); - - cleanup: - if (def_realm) - pkrb5_free_default_realm(CLeashApp::m_krbv5_context, def_realm); - - if (princ) - pkrb5_free_principal(CLeashApp::m_krbv5_context, princ); - - if (mslsa_ccache) - pkrb5_cc_close(CLeashApp::m_krbv5_context, mslsa_ccache); - } - - if (import && pLeash_import()) { - CLeashView::m_importedTickets = 1; - ::PostMessage(m_pMainWnd->m_hWnd, WM_COMMAND, ID_UPDATE_DISPLAY, 0); - b_autoinit = FALSE; - } - } - if (autoInit) { if ( b_autoinit ) AfxBeginThread(InitWorker, m_pMainWnd->m_hWnd); @@ -487,9 +414,6 @@ DECL_FUNC_PTR(Leash_kinit_dlg_ex); DECL_FUNC_PTR(Leash_timesync); DECL_FUNC_PTR(Leash_get_default_uppercaserealm); DECL_FUNC_PTR(Leash_set_default_uppercaserealm); -DECL_FUNC_PTR(Leash_get_default_mslsa_import); -DECL_FUNC_PTR(Leash_import); -DECL_FUNC_PTR(Leash_importable); DECL_FUNC_PTR(Leash_renew); FUNC_INFO leash_fi[] = { @@ -501,9 +425,6 @@ FUNC_INFO leash_fi[] = { MAKE_FUNC_INFO(Leash_timesync), MAKE_FUNC_INFO(Leash_get_default_uppercaserealm), MAKE_FUNC_INFO(Leash_set_default_uppercaserealm), - MAKE_FUNC_INFO(Leash_get_default_mslsa_import), - MAKE_FUNC_INFO(Leash_import), - MAKE_FUNC_INFO(Leash_importable), MAKE_FUNC_INFO(Leash_renew), END_FUNC_INFO }; @@ -1153,40 +1074,17 @@ CLeashApp::ObtainTicketsViaUserIfNeeded(HWND hWnd) LeashKRB5FreeTicketInfo(&ticketinfo.Krb5); ReleaseMutex(ticketinfo.lockObj); - if ( !btickets ) { - if ( pLeash_importable() ) { - if (pLeash_import()) - CLeashView::m_importedTickets = 1; - } - else if ( ProbeKDC() ) { - LSH_DLGINFO_EX ldi; - ldi.size = LSH_DLGINFO_EX_V1_SZ; - ldi.dlgtype = DLGTYPE_PASSWD; - ldi.title = "MIT Kerberos: Get Ticket"; - ldi.username = NULL; - ldi.realm = NULL; - ldi.dlgtype = DLGTYPE_PASSWD; - ldi.use_defaults = 1; - - pLeash_kinit_dlg_ex(hWnd, &ldi); - } - } else { - if ( CLeashView::m_importedTickets && pLeash_importable() ) { - if (pLeash_import()) - CLeashView::m_importedTickets = 1; - } - else if ( ProbeKDC() && !pLeash_renew() ) { - LSH_DLGINFO_EX ldi; - ldi.size = LSH_DLGINFO_EX_V1_SZ; - ldi.dlgtype = DLGTYPE_PASSWD; - ldi.title = "MIT Kerberos: Get Ticket"; - ldi.username = NULL; - ldi.realm = NULL; - ldi.dlgtype = DLGTYPE_PASSWD; - ldi.use_defaults = 1; - - pLeash_kinit_dlg_ex(hWnd, &ldi); - } + if (ProbeKDC() && (!btickets || !pLeash_renew())) { + LSH_DLGINFO_EX ldi; + ldi.size = LSH_DLGINFO_EX_V1_SZ; + ldi.dlgtype = DLGTYPE_PASSWD; + ldi.title = "MIT Kerberos: Get Ticket"; + ldi.username = NULL; + ldi.realm = NULL; + ldi.dlgtype = DLGTYPE_PASSWD; + ldi.use_defaults = 1; + + pLeash_kinit_dlg_ex(hWnd, &ldi); } return; } diff --git a/src/windows/leash/Leash.h b/src/windows/leash/Leash.h index c2b5f1665a..801df5fbd4 100644 --- a/src/windows/leash/Leash.h +++ b/src/windows/leash/Leash.h @@ -27,7 +27,6 @@ // Help #define HID_GET_TICKETS_COMMAND 98343 // ID_INIT_TICKET + 65536 #define HID_RENEW_TICKETS_COMMAND 98312 // ID_RENEW_TICKET + 65536 -#define HID_IMPORT_TICKETS_COMMAND 98342 // ID_IMPORT_TICKET + 65536 #define HID_DESTROY_TICKETS_COMMAND 98313 #define HID_SYNCHRONIZE_TIME_OPTION 98314 #define HID_CHANGE_PASSWORD_COMMAND 98315 diff --git a/src/windows/leash/Leash.rc b/src/windows/leash/Leash.rc index b6ee1a0c5c..a140dfc69c 100644 --- a/src/windows/leash/Leash.rc +++ b/src/windows/leash/Leash.rc @@ -86,14 +86,12 @@ IDI_LEASH_TICKET_SESSION ICON "res\\key.ico" IDI_LEASH_TICKET_ENCRYPTION ICON "res\\encryption.ico" IDI_TOOLBAR_INIT ICON "res\\new.ico" IDI_TOOLBAR_RENEW ICON "res\\renew.ico" -IDI_TOOLBAR_IMPORT ICON "res\\import.ico" IDI_TOOLBAR_DESTROY ICON "res\\destroy.ico" IDI_TOOLBAR_PASSWORD ICON "res\\password.ico" IDI_TOOLBAR_REFRESH ICON "res\\refresh.ico" IDI_TOOLBAR_SYNC ICON "res\\sync.ico" IDI_TOOLBAR_INIT_DISABLED ICON "res\\new_disabled.ico" IDI_TOOLBAR_RENEW_DISABLED ICON "res\\renew_disabled.ico" -IDI_TOOLBAR_IMPORT_DISABLED ICON "res\\import_disabled.ico" IDI_TOOLBAR_DESTROY_DISABLED ICON "res\\destroy_disabled.ico" IDI_TOOLBAR_PASSWORD_DISABLED ICON "res\\password_disabled.ico" IDI_TOOLBAR_REFRESH_DISABLED ICON "res\\refresh_disabled.ico" @@ -110,7 +108,6 @@ BEGIN BEGIN MENUITEM "&Get Ticket(s)\tCtrl+T", ID_INIT_TICKET MENUITEM "&Renew Ticket(s)\tCtrl+R", ID_RENEW_TICKET - MENUITEM "&Import Ticket(s)\tCtrl+I", ID_IMPORT_TICKET MENUITEM "&Destroy Ticket(s)\tCtrl+D", ID_DESTROY_TICKET MENUITEM SEPARATOR MENUITEM "&Change Password...", ID_CHANGE_PASSWORD @@ -155,7 +152,6 @@ IDR_MAINFRAME ACCELERATORS BEGIN "C", ID_EDIT_COPY, VIRTKEY, CONTROL, NOINVERT "D", ID_DESTROY_TICKET, VIRTKEY, CONTROL, NOINVERT - "I", ID_IMPORT_TICKET, VIRTKEY, CONTROL, NOINVERT "M", ID_MAKE_DEFAULT, VIRTKEY, CONTROL, NOINVERT "N", ID_FILE_NEW, VIRTKEY, CONTROL, NOINVERT "O", ID_FILE_OPEN, VIRTKEY, CONTROL, NOINVERT @@ -629,7 +625,6 @@ IDR_MAINFRAME TOOLBAR 18, 18 BEGIN BUTTON ID_INIT_TICKET BUTTON ID_RENEW_TICKET - BUTTON ID_IMPORT_TICKET BUTTON ID_DESTROY_TICKET SEPARATOR BUTTON ID_CHANGE_PASSWORD @@ -690,7 +685,6 @@ END STRINGTABLE BEGIN ID_PROPERTIES "Enables you to change settings" - ID_IMPORT_TICKET "import tickets from your Windows Logon Session.\n Import Tickets" ID_INIT_TICKET "Obtain a new ticket\n Get Ticket" ID_AUTO_RENEW "Automatically attempt to renew tickets.\n Automatic Ticket Renewal" ID_TIME_ISSUED "Display column showing when your tickets will expire.\n Issued" @@ -734,9 +728,7 @@ END STRINGTABLE BEGIN ID_MAKE_DEFAULT "Make the selected principal the default principal.\n Make Default" - ID_IMPORT_TICKETS "Automatically import tickets from your Windows Logon Session.\n Import Tickets" ID_EXPORT_TICKET "Export tickets to your Windows Logon Sesion.\n Export Tickets" - ID_AUTO_IMPORT_TICKET "Automatically import tickets from your Windows Logon Session.\n Automatic Import Tickets" END #endif // English (United States) resources diff --git a/src/windows/leash/LeashView.cpp b/src/windows/leash/LeashView.cpp index c175f2c3ca..9413d7528c 100644 --- a/src/windows/leash/LeashView.cpp +++ b/src/windows/leash/LeashView.cpp @@ -48,7 +48,6 @@ BEGIN_MESSAGE_MAP(CLeashView, CListView) ON_WM_SHOWWINDOW() ON_COMMAND(ID_INIT_TICKET, OnInitTicket) ON_COMMAND(ID_RENEW_TICKET, OnRenewTicket) - ON_COMMAND(ID_IMPORT_TICKET, OnImportTicket) ON_COMMAND(ID_DESTROY_TICKET, OnDestroyTicket) ON_COMMAND(ID_CHANGE_PASSWORD, OnChangePassword) ON_COMMAND(ID_MAKE_DEFAULT, OnMakeDefault) @@ -74,7 +73,6 @@ BEGIN_MESSAGE_MAP(CLeashView, CListView) ON_UPDATE_COMMAND_UI(ID_KILL_TIX_ONEXIT, OnUpdateKillTixOnExit) ON_WM_DESTROY() ON_UPDATE_COMMAND_UI(ID_DESTROY_TICKET, OnUpdateDestroyTicket) - ON_UPDATE_COMMAND_UI(ID_IMPORT_TICKET, OnUpdateImportTicket) ON_UPDATE_COMMAND_UI(ID_INIT_TICKET, OnUpdateInitTicket) ON_UPDATE_COMMAND_UI(ID_RENEW_TICKET, OnUpdateRenewTicket) ON_COMMAND(ID_APP_ABOUT, OnAppAbout) @@ -117,7 +115,6 @@ INT CLeashView::m_alreadyPlayedDisplayCount; INT CLeashView::m_autoRenewTickets = 0; BOOL CLeashView::m_lowTicketAlarmSound; INT CLeashView::m_autoRenewalAttempted = 0; -BOOL CLeashView::m_importedTickets = 0; LONG CLeashView::m_timerMsgNotInProgress = 1; ViewColumnInfo CLeashView::sm_viewColumns[] = { @@ -329,7 +326,6 @@ CLeashView::CLeashView() m_debugWindow = 0; m_upperCaseRealm = 0; m_lowTicketAlarm = 0; - m_importedTickets = 0; m_pDebugWindow = NULL; m_pDebugWindow = new CLeashDebugWindow(this); @@ -573,8 +569,6 @@ VOID CLeashView::OnInitTicket() UINT CLeashView::InitTicket(void * hWnd) { - m_importedTickets = 0; - LSH_DLGINFO_EX ldi; char username[64]; char realm[192]; @@ -637,82 +631,6 @@ UINT CLeashView::InitTicket(void * hWnd) return 0; } -VOID CLeashView::OnImportTicket() -{ - try { - ImportTicket(m_hWnd); - } - catch(...) { - AfxMessageBox("Ticket Getting operation already in progress", MB_OK|MB_ICONWARNING, 0); - } -} - -UINT CLeashView::ImportTicket(void * hWnd) -{ - if ( !CLeashApp::m_hKrb5DLL ) - return 0; - - krb5_error_code code; - krb5_ccache mslsa_ccache=0; - krb5_principal princ = 0; - char * pname = 0; - - if (code = pkrb5_cc_resolve(CLeashApp::m_krbv5_context, "MSLSA:", &mslsa_ccache)) - goto cleanup; - - if (code = pkrb5_cc_get_principal(CLeashApp::m_krbv5_context, mslsa_ccache, &princ)) - goto cleanup; - - if (code = pkrb5_unparse_name(CLeashApp::m_krbv5_context, princ, &pname)) - goto cleanup; - -cleanup: - if (pname) - pkrb5_free_unparsed_name(CLeashApp::m_krbv5_context, pname); - - if (princ) - pkrb5_free_principal(CLeashApp::m_krbv5_context, princ); - - if (mslsa_ccache) - pkrb5_cc_close(CLeashApp::m_krbv5_context, mslsa_ccache); - - if ( code == 0 ) { - int result = pLeash_import(); - if (-1 == result) - { - AfxMessageBox("There is a problem importing tickets!", - MB_OK|MB_ICONSTOP); - ::SendMessage((HWND)hWnd,WM_COMMAND, ID_UPDATE_DISPLAY, 0); - m_importedTickets = 0; - } - else - { - if (WaitForSingleObject( ticketinfo.lockObj, INFINITE ) != WAIT_OBJECT_0) { - throw("Unable to lock ticketinfo"); - } - ticketinfo.Krb5.btickets = GOOD_TICKETS; - m_warningOfTicketTimeLeftKrb5 = 0; - m_ticketStatusKrb5 = 0; - ReleaseMutex(ticketinfo.lockObj); - ::SendMessage((HWND)hWnd, WM_COMMAND, ID_UPDATE_DISPLAY, 0); - - if (WaitForSingleObject( ticketinfo.lockObj, INFINITE ) != WAIT_OBJECT_0) { - throw("Unable to lock ticketinfo"); - } - - if (ticketinfo.Krb5.btickets != GOOD_TICKETS) { - ReleaseMutex(ticketinfo.lockObj); - AfxBeginThread(InitTicket,hWnd); - } else { - ReleaseMutex(ticketinfo.lockObj); - m_importedTickets = 1; - m_autoRenewalAttempted = 0; - } - } - } - return 0; -} - static UINT krenew(void *param) { char *ccache_name = (char *)param; @@ -723,9 +641,6 @@ static UINT krenew(void *param) krb5_creds my_creds; krb5_data *realm = 0; - // @TODO: logic to check for imported tickets and auto-renew/re-import - // from MSLSA - memset(&my_creds, 0, sizeof(krb5_creds)); if (ccache_name == NULL) // Bad param @@ -838,12 +753,7 @@ UINT CLeashView::RenewTicket(void * hWnd) return 0; } - // If imported from Kerberos LSA, re-import - // Otherwise, init the tickets - if ( m_importedTickets ) - AfxBeginThread(ImportTicket,hWnd); - else - AfxBeginThread(InitTicket,hWnd); + AfxBeginThread(InitTicket,hWnd); return 0; } @@ -906,7 +816,6 @@ VOID CLeashView::OnDestroyTicket() SendMessage(WM_COMMAND, ID_UPDATE_DISPLAY, 0); } } - m_importedTickets = 0; m_autoRenewalAttempted = 0; } @@ -1806,24 +1715,6 @@ VOID CLeashView::OnUpdateRenewTicket(CCmdUI* pCmdUI) pCmdUI->Enable(enable); } -VOID CLeashView::OnUpdateImportTicket(CCmdUI* pCmdUI) -{ - bool ccIsMSLSA = false; - - if (CLeashApp::m_krbv5_context) - { - const char *ccName = pkrb5_cc_default_name(CLeashApp::m_krbv5_context); - - if (ccName) - ccIsMSLSA = !strcmp(ccName, "MSLSA:"); - } - - if (!CLeashApp::m_hKrbLSA || !pLeash_importable() || ccIsMSLSA) - pCmdUI->Enable(FALSE); - else - pCmdUI->Enable(TRUE); -} - LRESULT CLeashView::OnGoodbye(WPARAM wParam, LPARAM lParam) { m_pDebugWindow->DestroyWindow(); @@ -1877,11 +1768,6 @@ LRESULT CLeashView::OnTrayIcon(WPARAM wParam, LPARAM lParam) else nFlags = MF_STRING; menu->AppendMenu(nFlags, ID_RENEW_TICKET, "&Renew Tickets"); - if (!CLeashApp::m_hKrbLSA || !pLeash_importable()) - nFlags = MF_STRING | MF_GRAYED; - else - nFlags = MF_STRING; - menu->AppendMenu(MF_STRING, ID_IMPORT_TICKET, "&Import Tickets"); if (!ticketinfo.Krb5.btickets) nFlags = MF_STRING | MF_GRAYED; else diff --git a/src/windows/leash/LeashView.h b/src/windows/leash/LeashView.h index 2caecef32b..48107e79b2 100644 --- a/src/windows/leash/LeashView.h +++ b/src/windows/leash/LeashView.h @@ -224,8 +224,6 @@ protected: // create from serialization only // Attributes public: - static BOOL m_importedTickets; - CLeashView(); //LeashDoc* GetDocument(); @@ -267,7 +265,6 @@ protected: afx_msg VOID OnClose(void); afx_msg VOID OnInitTicket(); afx_msg VOID OnRenewTicket(); - afx_msg VOID OnImportTicket(); afx_msg VOID OnDestroyTicket(); afx_msg VOID OnMakeDefault(); afx_msg VOID OnChangePassword(); @@ -285,7 +282,6 @@ protected: afx_msg VOID OnKillTixOnExit(); afx_msg VOID OnDestroy(); afx_msg VOID OnUpdateDestroyTicket(CCmdUI* pCmdUI); - afx_msg VOID OnUpdateImportTicket(CCmdUI* pCmdUI); afx_msg VOID OnUpdateInitTicket(CCmdUI* pCmdUI); afx_msg VOID OnUpdateRenewTicket(CCmdUI* pCmdUI); afx_msg VOID OnUpdateTimeIssued(CCmdUI* pCmdUI); diff --git a/src/windows/leash/Lglobals.h b/src/windows/leash/Lglobals.h index c462722ba1..1fe0101a89 100644 --- a/src/windows/leash/Lglobals.h +++ b/src/windows/leash/Lglobals.h @@ -68,9 +68,6 @@ extern DECL_FUNC_PTR(Leash_kinit_dlg_ex); extern DECL_FUNC_PTR(Leash_timesync); extern DECL_FUNC_PTR(Leash_get_default_uppercaserealm); extern DECL_FUNC_PTR(Leash_set_default_uppercaserealm); -extern DECL_FUNC_PTR(Leash_get_default_mslsa_import); -extern DECL_FUNC_PTR(Leash_import); -extern DECL_FUNC_PTR(Leash_importable); extern DECL_FUNC_PTR(Leash_renew); // psapi functions diff --git a/src/windows/leash/res/import.ico b/src/windows/leash/res/import.ico deleted file mode 100644 index dd6ed298a605a57b42ba55b89fa2eea9b87fc6a3..0000000000000000000000000000000000000000 GIT binary patch literal 0 Hc-jL100001 literal 2862 zc-pO&ZD>?y7RS#xj&sGvs0F36WCFXjI-1&0T?>8~Mf|WIbn~HiRRl*=OrRzVt?r~? zI-|%a7MhkWUAHVur84Rh%?L_1nz%EzG}tKB)ZlCMj>H#?F^n(iH751H|L2)RYD(#s zy_4UZ^MB4g&wZYA?>!R{k9cL$q)D`6Wu`~u&mz=9ZAq0+WQ}J;mrB)Gk+yLnGxa&7 zRK(iTJ0qR~7r*V4Re zm%eOEMqi{J-CR&E){R_oE|&A=inEgQW@XfeBXMum8~4OD<|CxUE1s9@Wc{j692}_= zM%77w$A`bN*{*Cn-<}c`3JQpXgRqGr2vf(Xi6S79q)rBF6)lp%h-9cU!Kk7ItvJ+9 zFrsMTP=gvlSJ47NmcoWDwyS6%c3uM10cu(Vs6%#(9kRI|y9FT|61KbTu$@x`L}GT< zCW?SalA5Tb9S4z&9k+?f*a9LBujbf3MLRoB|uFS0g(`O zh;ah?5~e1KfJlrw#yA0eNm3IEwDkxsp!Sr<3cU z4s^0UovaUah?*z@B4O$<;{^02Mokm}ktB7JaRU01p(cueh(ql#PC#EkO%#FlMOOtr z3BYFu=o1hL@o6H8AjEi>@h~+3kr?Ad5yTizGM=O+Ad+F6D1r>*4&x3r0ntyZ(tYIY zS)%*M+hilx^e=K&KSrFNcdu|uIlpjzY62n|#)%@xFzzt!P!l-%t)Q=)lmxlQAn$*W z_n+@yfSM=*B78^fP|%kjgm2$hU;Tcc1N?aTD7UPahRWT9O8;W0%yoCB*ijN?Wk!}; zZpunoy2n^713pT)u4Of-4vw%3!gaS(Hm3Cnc_3fT!(P?UsJjxw@6OEYX{?U4q_t-& zcRNi-A!q@?QnqZ_B6W3jCO?r#$S(d&Y}~l<^5MgWapJ@YY~8x``NWA6 zzcCL6k0nc%{AT{{-Mh{B%9SgBN~KazO5yzZ^SE{E7WkXU_7r>0b?LcY)7KiEzi!<+ zS-*b0EMLAHM~@zbp5w@oBWP`HHS@TxYYKbvIM$V%xTD z(EC4h=n$Hknvlt4aQgIVbaZs!%9Sg)dGjXj-MfcJj~#J$U^1vB{r3d-k_Ff9lk!QuN39z2V9l ztXj1SYu2m*>w&7OD!oQrym%2eZrs4_+qco%+xub*#Ow7A|34(J^4T-B|M<%kUYYkdyfJ?f!r`#Vzjo~!y1Tpa;K2iv&ssI`U6t|U z$B*QHvVZ@6?B3UmSE`%w`r3N@=R_;2|Gw4aU%!6+rM*9S@&x0?jr(-oym>Ob|KneL z^F1bfJ%B%b(uH(WtGVwr+dnt;(EGh}=MMV%`q1CsZ{`SvLbq3}SYh)2P*E{d#P|30 z3lH(%@6X}VrAwyXwO=-wn(AD=_lFN3VqjpvC>lw$Jm|Kt5^R#ckWzSuwa37vytUuV4opgAS)=(ieK9i%ClaTjx!eb7|PeTe<)M diff --git a/src/windows/leash/res/import_disabled.ico b/src/windows/leash/res/import_disabled.ico deleted file mode 100644 index 9364bda80a0535ab8d5f0f76f5270d64ca9d40dd..0000000000000000000000000000000000000000 GIT binary patch literal 0 Hc-jL100001 literal 2862 zc-pO&O>9%y6~|A2&U>5DWZ8OSmcb$_0j3&(kToL~sA3ce>5Y_4Ocx-8K(eMPwh)S6 z91&X#!Ar{5I4~hW*U$(M;u{+f-vJab-y;l^c2UqMQL!GKVL0=<37Ba zCtFqJ?uY;4`xA}$5zI)XQlZQCX!y_IiAFSn842SHI&tM+{XT5d`QLtFTR)Zmbo>+5 z6xXU(aoS|cNw>dFStAvHozLe}j?*6Gd-BQTpEE%!y(;AtG)U#s$#g+;sa!sleyyo= zDxFMiB-}}-oUb)VCX*s*o|DdhmMif1&;4%he!N?K$B+9>+?)I+37PzJLLACy3IBYk zIR5na>*W5bPINZvq#xAD-u=m2rSg5nAG?up6By7q{sjI68Wbdh9}H*)e-VEX4GL1m4+gZ1zlOht1_jLX7Xc>PEe+>-^9w``mNJ)$}#@PQD`_Jbu ziUtD;!e`Wr$0B1tX=I?k|9_uz>Wt}om*c$}Z=0fn;45c#{o{9Cf$Mg4Ic=@=mfVCc z(c_vyr|ng}RkgJ@a0lHX*DaZBM_skexTeH_JFYvNWfEuNvK^x?JH&<5DXIGjvBXvfZmc}UYB9RCa^i% ziH3*6vo6Y3}as&a}3+{=hXr-*)JOBzy^T z;dk(n9seO*f84ln6{_T=}qGuiLr)3Y#bAS^_Q54AZ8>|D{+g z)(;*$sM%~*SFBi}3l}cbdGqGIo9oS+H{UUKEA&7oESM6X9UL6g%aXOo*|U1#!Uer} z@uHqQc~bZ7+oxN$Y|)O64qdQdfzF>lU)$T;pEcr_ELl=Kbm&kRcjn9)J$LS07<={V zRlRZJhTgh$ORrzQuBT6**1dc8>iYHTZBD^t?q7Cxc2;bh_1pIR`SW2e*REaDn>TOj z?c2BY-o1PJ@Zm#!^yrb=I(eSAb25H)PfyPaJMY%5TXp;P?Ye8%u5kUkckkBG(NV2d zt6{v2eg6D;nBUT+OTTW^ZqJ@QS|}9kPY31e{yl8`ojZ5*{{8!5thLv!T|08%z=7~9 zdfK#U-`IRcMn=N?4(;G%7jM^YW9%AieU>d-wr1+PGi%nYz7r=-gzG(WS%XVJ-?43Jz>b7m$!ukyi421EGwcEYu z>+1{mkG=e^5zn}P+IraaluD(rHdn4(QTsmFdNkH<=Qw`+c(}I3ix+?2i06HJYxmmb z_u#<;ef;>bK6&yad>8xs`$PNb)2I6E*|X5Ldy_~c{xo$B?D5Zx|B+|CZOmb7{qp5Y z9UmVL85<|?0x(voV*mgE diff --git a/src/windows/leash/resource.h b/src/windows/leash/resource.h index 5b4a3e73b3..146c539d80 100644 --- a/src/windows/leash/resource.h +++ b/src/windows/leash/resource.h @@ -52,14 +52,12 @@ #define IDB_BITMAP1 239 #define IDI_TOOLBAR_INIT 240 #define IDI_TOOLBAR_RENEW 241 -#define IDI_TOOLBAR_IMPORT 242 #define IDI_TOOLBAR_DESTROY 243 #define IDI_TOOLBAR_PASSWORD 244 #define IDI_TOOLBAR_REFRESH 245 #define IDI_TOOLBAR_SYNC 246 #define IDI_TOOLBAR_INIT_DISABLED 247 #define IDI_TOOLBAR_RENEW_DISABLED 248 -#define IDI_TOOLBAR_IMPORT_DISABLED 249 #define IDI_TOOLBAR_DESTROY_DISABLED 250 #define IDI_TOOLBAR_PASSWORD_DISABLED 251 #define IDI_TOOLBAR_REFRESH_DISABLED 252 @@ -262,9 +260,6 @@ #define IDC_EDIT_RENEW_MAX_M 1200 #define IDC_EDIT_LIFETIME_M 1201 #define IDC_EDIT_RENEWTILL_M 1202 -#define IDC_RADIO_MSLSA_IMPORT_OFF 1203 -#define IDC_RADIO_MSLSA_IMPORT_ON 1204 -#define IDC_RADIO_MSLSA_IMPORT_MATCH 1205 #define IDC_STATIC_LEASH_MSLSA 1206 #define IDC_LEASH_MAINVIEW 1207 #define IDC_LIST3 1208 @@ -297,7 +292,6 @@ #define ID_HELP_FIND 32803 #define ID_HELP_LEASH32 32804 #define ID_HELP_WHYUSELEASH32 32805 -#define ID_IMPORT_TICKET 32806 #define ID_INIT_TICKET 32807 #define ID_AUTO_RENEW 32808 #define ID_OBTAIN_TGT_WITH_LPARAM 32809 @@ -312,10 +306,7 @@ #define ID_VALID_UNTIL 32828 #define ID_MAKE_DEFAULT 32835 #define ID_CHECK2 32836 -#define ID_IMPORT_TICKETS 32836 #define ID_EXPORT_TICKET 32837 -#define ID_AUTO_IMPORT_TICKET 32838 -#define ID_AUTO_IMPORT_TICKETS 32840 #define ID_CCACHE_NAME 32841 // Next default values for new objects diff --git a/src/windows/leashdll/krb5routines.c b/src/windows/leashdll/krb5routines.c index 587f044bda..4380d29392 100644 --- a/src/windows/leashdll/krb5routines.c +++ b/src/windows/leashdll/krb5routines.c @@ -487,71 +487,6 @@ Leash_krb5_error(krb5_error_code rc, LPCSTR FailedFunctionName, } -BOOL -Leash_ms2mit(BOOL save_creds) -{ - krb5_context kcontext = 0; - krb5_error_code code; - krb5_ccache ccache=0; - krb5_ccache mslsa_ccache=0; - krb5_creds creds; - krb5_cc_cursor cursor=0; - krb5_principal princ = 0; - BOOL rc = FALSE; - - if ( !pkrb5_init_context ) - goto cleanup; - - if (code = pkrb5_init_context(&kcontext)) - goto cleanup; - - if (code = pkrb5_cc_resolve(kcontext, "MSLSA:", &mslsa_ccache)) - goto cleanup; - - if ( save_creds ) { - if (code = pkrb5_cc_get_principal(kcontext, mslsa_ccache, &princ)) - goto cleanup; - - if (code = pkrb5_cc_default(kcontext, &ccache)) - goto cleanup; - - if (code = pkrb5_cc_initialize(kcontext, ccache, princ)) - goto cleanup; - - if (code = pkrb5_cc_copy_creds(kcontext, mslsa_ccache, ccache)) - goto cleanup; - - rc = TRUE; - } else { - /* Enumerate tickets from cache looking for an initial ticket */ - if ((code = pkrb5_cc_start_seq_get(kcontext, mslsa_ccache, &cursor))) - goto cleanup; - - while (!(code = pkrb5_cc_next_cred(kcontext, mslsa_ccache, &cursor, &creds))) - { - if ( creds.ticket_flags & TKT_FLG_INITIAL ) { - rc = TRUE; - pkrb5_free_cred_contents(kcontext, &creds); - break; - } - pkrb5_free_cred_contents(kcontext, &creds); - } - pkrb5_cc_end_seq_get(kcontext, mslsa_ccache, &cursor); - } - - cleanup: - if (princ) - pkrb5_free_principal(kcontext, princ); - if (ccache) - pkrb5_cc_close(kcontext, ccache); - if (mslsa_ccache) - pkrb5_cc_close(kcontext, mslsa_ccache); - if (kcontext) - pkrb5_free_context(kcontext); - return(rc); -} - - /* User Query data structures and functions */ struct textField { diff --git a/src/windows/leashdll/leash-int.h b/src/windows/leashdll/leash-int.h index d914f7d366..a2f33b2b7c 100644 --- a/src/windows/leashdll/leash-int.h +++ b/src/windows/leashdll/leash-int.h @@ -29,7 +29,6 @@ extern char KRB_HelpFile[_MAX_PATH]; // Function Prototypes. int DoNiftyErrorReport(long errnum, LPSTR what); LONG Leash_timesync(int); -BOOL Leash_ms2mit(BOOL); // Crap... #include @@ -247,7 +246,6 @@ cc_free_NC_info, /* Must match the values used in Leash32.exe */ #define LEASH_SETTINGS_REGISTRY_KEY_NAME "Software\\MIT\\Leash32\\Settings" #define LEASH_SETTINGS_REGISTRY_VALUE_UPPERCASEREALM "UpperCaseRealm" -#define LEASH_SETTINGS_REGISTRY_VALUE_MSLSA_IMPORT "MsLsaImport" /* These values are defined and used within Leashw32.dll */ #define LEASH_REGISTRY_KEY_NAME "Software\\MIT\\Leash" diff --git a/src/windows/leashdll/lsh_pwd.rc b/src/windows/leashdll/lsh_pwd.rc index d08378d063..5fdf346a5a 100644 --- a/src/windows/leashdll/lsh_pwd.rc +++ b/src/windows/leashdll/lsh_pwd.rc @@ -224,7 +224,6 @@ BEGIN LSH_DEFAULT_DIALOG_RENEW_MAX "43200" LSH_DEFAULT_TICKET_RENEW "1" LSH_DEFAULT_UPPERCASEREALM "1" - LSH_DEFAULT_MSLSA_IMPORT "2" LSH_DEFAULT_PRESERVE_KINIT "0" END diff --git a/src/windows/leashdll/lshfunc.c b/src/windows/leashdll/lshfunc.c index f2c50a2125..14cb361db8 100644 --- a/src/windows/leashdll/lshfunc.c +++ b/src/windows/leashdll/lshfunc.c @@ -686,49 +686,17 @@ IsProcessUacLimited (void) } -// This looks really ugly because it is. The result of IsKerberosLogon() -// does not prove whether or not there are Kerberos tickets available to -// be imported. Only the call to Leash_ms2mit() which actually attempts -// to import tickets can do that. However, calling Leash_ms2mit() can -// result in a TGS_REQ being sent to the KDC and since Leash_importable() -// is called quite often we want to avoid this if at all possible. -// Unfortunately, we have be shown at least one case in which the primary -// authentication package was not Kerberos and yet there were Kerberos -// tickets available. Therefore, if IsKerberosLogon() is not TRUE we -// must call Leash_ms2mit() but we still do not want to call it in a -// tight loop so we cache the response and assume it won't change. - -// 2007-03-21 -// And the nightmare goes on. On Vista the Lsa call we use to determine -// whether or not Kerberos was used for logon fails to return and worse -// corrupts the stack. Therefore, we must now test to see if the -// operating system is Vista and skip the call to IsKerberosLogon() -// if it is. long FAR Leash_importable(void) { - if (IsProcessUacLimited()) - return FALSE; - - if ( !IsWindowsVista() && IsKerberosLogon() ) - return TRUE; - else { - static int response = -1; - if (response == -1) { - response = Leash_ms2mit(0); - } - return response; - } + /* Import functionality has been removed. */ + return FALSE; } long FAR Leash_import(void) { - if ( Leash_ms2mit(1) ) { - int lifetime; - lifetime = Leash_get_default_lifetime() / 5; - return 1; - } + /* Import functionality has been removed. */ return 0; } @@ -2181,34 +2149,11 @@ Leash_get_default_uppercaserealm( return 1; } -static -BOOL -get_default_mslsa_import_from_registry( - HKEY hBaseKey, - DWORD * result - ) -{ - return get_DWORD_from_registry(hBaseKey, - LEASH_SETTINGS_REGISTRY_KEY_NAME, - LEASH_SETTINGS_REGISTRY_VALUE_MSLSA_IMPORT, - result); -} - DWORD Leash_reset_default_mslsa_import( ) { - HKEY hKey; - LONG rc; - - rc = RegOpenKeyEx(HKEY_CURRENT_USER, LEASH_SETTINGS_REGISTRY_KEY_NAME, 0, KEY_WRITE, &hKey); - if (rc) - return rc; - - rc = RegDeleteValue(hKey, LEASH_SETTINGS_REGISTRY_VALUE_MSLSA_IMPORT); - RegCloseKey(hKey); - - return rc; + return ERROR_INVALID_FUNCTION; } DWORD @@ -2216,46 +2161,14 @@ Leash_set_default_mslsa_import( DWORD onoffmatch ) { - HKEY hKey; - LONG rc; - - rc = RegCreateKeyEx(HKEY_CURRENT_USER, LEASH_SETTINGS_REGISTRY_KEY_NAME, 0, - 0, 0, KEY_WRITE, 0, &hKey, 0); - if (rc) - return rc; - - rc = RegSetValueEx(hKey, LEASH_SETTINGS_REGISTRY_VALUE_MSLSA_IMPORT, 0, REG_DWORD, - (LPBYTE) &onoffmatch, sizeof(DWORD)); - RegCloseKey(hKey); - - return rc; + return ERROR_INVALID_FUNCTION; } DWORD Leash_get_default_mslsa_import( ) { - HMODULE hmLeash; - DWORD result; - - if (get_default_mslsa_import_from_registry(HKEY_CURRENT_USER, &result) || - get_default_mslsa_import_from_registry(HKEY_LOCAL_MACHINE, &result)) - { - return result; - } - - hmLeash = GetModuleHandle(LEASH_DLL); - if (hmLeash) - { - char mslsa_import[80]; - if (LoadString(hmLeash, LSH_DEFAULT_MSLSA_IMPORT, - mslsa_import, sizeof(mslsa_import))) - { - mslsa_import[sizeof(mslsa_import) - 1] = 0; - return atoi(mslsa_import); - } - } - return 2; /* import only when mslsa realm matches default */ + return 0; } @@ -2352,7 +2265,6 @@ Leash_reset_defaults(void) Leash_reset_default_renew_min(); Leash_reset_default_renew_max(); Leash_reset_default_uppercaserealm(); - Leash_reset_default_mslsa_import(); Leash_reset_default_preserve_kinit_settings(); } @@ -2679,9 +2591,7 @@ cleanup: static void acquire_tkt_no_princ(krb5_context context, char * ccname, int cclen) { - TicketList *list = NULL; krb5_context ctx; - DWORD dwMsLsaImport = Leash_get_default_mslsa_import(); DWORD gle; char ccachename[272]=""; char loginenv[16]; @@ -2703,71 +2613,6 @@ acquire_tkt_no_princ(krb5_context context, char * ccname, int cclen) } haveTickets = cc_default_have_tickets(ctx); - if ((!haveTickets) && - dwMsLsaImport && Leash_importable() ) { - // We have the option of importing tickets from the MSLSA - // but should we? Do the tickets in the MSLSA cache belong - // to the default realm used by Leash? Does the default - // ccache name specify a principal name? Only import if we - // aren't going to break the default identity as specified - // by the user in Network Identity Manager. - int import = 0; - BOOL isCCPrinc; - - /* Determine if the default ccachename is principal name. If so, don't - * import the MSLSA: credentials into it unless the names match. - */ - isCCPrinc = (strncmp("API:",ccachename, 4) == 0 && strchr(ccachename, '@')); - - if ( dwMsLsaImport == 1 && !isCCPrinc ) { /* always import */ - import = 1; - } else if ( dwMsLsaImport ) { /* import when realms match */ - krb5_error_code code; - krb5_ccache mslsa_ccache=NULL; - krb5_principal princ = NULL; - char *mslsa_principal = NULL; - char ms_realm[128] = "", *def_realm = NULL, *r; - size_t i; - - if (code = pkrb5_cc_resolve(ctx, "MSLSA:", &mslsa_ccache)) - goto cleanup; - - if (code = pkrb5_cc_get_principal(ctx, mslsa_ccache, &princ)) - goto cleanup; - - for ( r=ms_realm, i=0; ilength; r++, i++ ) { - *r = krb5_princ_realm(ctx, princ)->data[i]; - } - *r = '\0'; - - if (code = pkrb5_get_default_realm(ctx, &def_realm)) - goto cleanup; - - if (code = pkrb5_unparse_name(ctx, princ, &mslsa_principal)) - goto cleanup; - - import = (!isCCPrinc && !strcmp(def_realm, ms_realm)) || - (isCCPrinc && !strcmp(&ccachename[4], mslsa_principal)); - - cleanup: - if (mslsa_principal) - pkrb5_free_unparsed_name(ctx, mslsa_principal); - - if (def_realm) - pkrb5_free_default_realm(ctx, def_realm); - - if (princ) - pkrb5_free_principal(ctx, princ); - - if (mslsa_ccache) - pkrb5_cc_close(ctx, mslsa_ccache); - } - - if ( import ) { - Leash_import(); - haveTickets = cc_default_have_tickets(ctx); - } - } if ( prompt && !haveTickets ) { acquire_tkt_send_msg(ctx, NULL, ccachename, NULL, ccname, cclen); -- 2.47.2