krb5 commit: Remove Leash import functionality
Greg Hudson
ghudson at mit.edu
Fri Sep 11 13:48:12 EDT 2020
https://github.com/krb5/krb5/commit/f9655f08340d9789d53cdf156abfbab12751566b
commit f9655f08340d9789d53cdf156abfbab12751566b
Author: Greg Hudson <ghudson at mit.edu>
Date: Wed Aug 19 23:03:28 2020 -0400
Remove Leash import functionality
Copying tickets from the MSLSA cache to another cache is no longer
possible in most circumstances, and the Leash ribbon UI does not have
an import button. Remove all remaining support for importing tickets.
ticket: 8940 (new)
src/windows/installer/wix/config.wxi | 3 -
src/windows/installer/wix/features.wxi | 1 -
src/windows/installer/wix/files.wxi | 4 -
src/windows/installer/wix/msi-deployment-guide.txt | 21 ---
src/windows/installer/wix/platform.wxi | 2 -
src/windows/installer/wix/property.wxi | 1 -
src/windows/leash/Leash.cpp | 132 ++--------------
src/windows/leash/Leash.h | 1 -
src/windows/leash/Leash.rc | 8 -
src/windows/leash/LeashView.cpp | 116 +--------------
src/windows/leash/LeashView.h | 4 -
src/windows/leash/Lglobals.h | 3 -
src/windows/leash/res/import.ico | Bin 2862 -> 0 bytes
src/windows/leash/res/import_disabled.ico | Bin 2862 -> 0 bytes
src/windows/leash/resource.h | 9 -
src/windows/leashdll/krb5routines.c | 65 --------
src/windows/leashdll/leash-int.h | 2 -
src/windows/leashdll/lsh_pwd.rc | 1 -
src/windows/leashdll/lshfunc.c | 167 +-------------------
19 files changed, 22 insertions(+), 518 deletions(-)
diff --git a/src/windows/installer/wix/config.wxi b/src/windows/installer/wix/config.wxi
index f7ee93d..c789668 100644
--- a/src/windows/installer/wix/config.wxi
+++ b/src/windows/installer/wix/config.wxi
@@ -104,9 +104,6 @@
<?ifndef LeashLockFileLocations?>
<?define LeashLockFileLocations="0"?>
<?endif?>
- <?ifndef LeashMsLsaImport?>
- <?define LeashMsLsaImport="2"?>
- <?endif?>
<?ifndef LeashLifetime?>
<?define LeashLifetime="0"?>
<?endif?>
diff --git a/src/windows/installer/wix/features.wxi b/src/windows/installer/wix/features.wxi
index 5aa5f6f..5b0747a 100644
--- a/src/windows/installer/wix/features.wxi
+++ b/src/windows/installer/wix/features.wxi
@@ -103,7 +103,6 @@
<!-- Leash config options -->
<ComponentRef Id="rcm_leash_2" />
<ComponentRef Id="rcm_leash_3" />
- <ComponentRef Id="rcm_leash_6" />
<ComponentRef Id="cmf_leash32_chm" />
diff --git a/src/windows/installer/wix/files.wxi b/src/windows/installer/wix/files.wxi
index ad656a1..947bed5 100644
--- a/src/windows/installer/wix/files.wxi
+++ b/src/windows/installer/wix/files.wxi
@@ -185,10 +185,6 @@
<RegistryValue Id="reg_leash_3" Root="HKLM" Key="Software\MIT\Leash32\Settings" Name="AutoRenewTickets" Type="integer" Value="[LEASHAUTORENEWTICKETS]" KeyPath="yes"/>
<Condition>LEASHAUTORENEWTICKETS</Condition>
</Component>
- <Component Id="rcm_leash_6" Guid="$(var.rcm_leash_6_guid)" DiskId="1">
- <RegistryValue Id="reg_leash_6" Root="HKLM" Key="Software\MIT\Leash" Name="MsLsaImport" Type="integer" Value="[LEASHMSLSAIMPORT]" KeyPath="yes"/>
- <Condition>LEASHMSLSAIMPORT</Condition>
- </Component>
<Component Id="csc_LeashStartup" Guid="$(var.csc_LeashStartup_guid)" DiskId="1">
<RegistryValue Id="reg_sc_leash_marker" Root="HKCU" Key="$(var.KfwRegRoot)\Client\$(var.VersionString)" Name="LeashAutoStart" Type="integer" Value="1" KeyPath="yes" />
<Shortcut Id="sc_leash_exe_startup" Advertise="no" Directory="StartupFolder" Name="MIT Kerberos.lnk" Arguments="[LEASHAUTOINIT]" Target="[dirbin]MIT Kerberos.exe" Show="minimized" />
diff --git a/src/windows/installer/wix/msi-deployment-guide.txt b/src/windows/installer/wix/msi-deployment-guide.txt
index fd376a6..2d3bb86 100644
--- a/src/windows/installer/wix/msi-deployment-guide.txt
+++ b/src/windows/installer/wix/msi-deployment-guide.txt
@@ -180,10 +180,6 @@ Kerberos for Windows
Setting: automatic ticket renewal
Values : '0' or '1'
- LEASHMSLSAIMPORT
- Setting: automatic importation of MSLSA credentials
- Values : '0', '1' or '2'
-
2.1.3 Leash32 DLL properties
LEASHLIFETIME
@@ -650,23 +646,6 @@ Kerberos for Windows
If '1', creates any missing configuration files.
- Value : MsLsaImport
- Type : DWORD (0, 1 or 2)
- Default : 1
-
- Controls how credentials are imported from the MSLSA cache.
- This setting can be one of the following.
-
- 0 : Never
- 1 : Always
- 2 : Only if the principal matches
-
- Note that this setting only controls how the Kerberos 5
- plug-in handles importing of credentials from the MSLSA cache.
- Whether or not credentials are imported at start-up is
- controlled via general NetIDMgr settings as described in
- section 3.1.1.
-
Value : MsLsaList
Type : DWORD (0 or 1)
Default : 1
diff --git a/src/windows/installer/wix/platform.wxi b/src/windows/installer/wix/platform.wxi
index 493354e..8d21fd2 100644
--- a/src/windows/installer/wix/platform.wxi
+++ b/src/windows/installer/wix/platform.wxi
@@ -66,7 +66,6 @@
<?define rcm_leash_3_guid="66D97178-E735-499b-961F-C7B8B8074E1A"?>
<?define rcm_leash_4_guid="D20180CC-B68D-4a6d-95E4-5EB07B9EADCD"?>
<?define rcm_leash_5_guid="AF3B73AE-86ED-42f5-987A-9831B8799D2F"?>
- <?define rcm_leash_6_guid="0C72D4F8-096B-4295-8F0A-6B5723A8593D"?>
<?define csc_LeashStartup_guid="228192C5-D847-4c46-A726-0E8211742349"?>
<?define cmf_leash32_hlp_guid="EF1B0ED6-9C01-4adb-9F11-C3FF07F669D5"?>
<?define cmf_leash32_chm_guid="769B54EB-9B96-4abe-9B72-9EF346C8C03D"?>
@@ -142,7 +141,6 @@
<?define rcm_leash_3_guid="9610A7E3-251F-4286-B776-1C3AF5DE7815"?>
<?define rcm_leash_4_guid="815AED84-2437-4EBC-B561-F847833DB3A5"?>
<?define rcm_leash_5_guid="A0D3D75F-762E-4D5C-909B-53E7396CEDB6"?>
- <?define rcm_leash_6_guid="F675C145-6F9D-4BC4-9DA0-CAFB47A96A71"?>
<?define csc_LeashStartup_guid="0DF73BCD-F34E-4B01-AA71-0EE08EB62F70"?>
<?define cmf_leash32_hlp_guid="919616D6-1605-4A79-8E33-C18A0D0F25E3"?>
<?define cmf_leash32_chm_guid="C50E5E0A-B822-4419-855B-1713637BCA6A"?>
diff --git a/src/windows/installer/wix/property.wxi b/src/windows/installer/wix/property.wxi
index 2ed32f7..6c362f9 100644
--- a/src/windows/installer/wix/property.wxi
+++ b/src/windows/installer/wix/property.wxi
@@ -60,7 +60,6 @@
<?ifdef UseDefaultProperties?>
<Property Id="LEASHCREATEMISSINGCONFIG" Admin="yes" Secure="yes">$(var.LeashCreateMissingConfig)</Property>
<Property Id="LEASHAUTORENEWTICKETS" Admin="yes" Secure="yes">$(var.LeashAutoRenewTickets)</Property>
- <Property Id="LEASHMSLSAIMPORT" Admin="yes" Secure="yes">$(var.LeashMsLsaImport)</Property>
<Property Id="LEASHLIFETIME" Admin="yes" Secure="yes">$(var.LeashLifetime)</Property>
<Property Id="LEASHRENEWTILL" Admin="yes" Secure="yes">$(var.LeashRenewTill)</Property>
<Property Id="LEASHRENEWABLE" Admin="yes" Secure="yes">$(var.LeashRenewable)</Property>
diff --git a/src/windows/leash/Leash.cpp b/src/windows/leash/Leash.cpp
index 5aada73..9ba1e9a 100644
--- a/src/windows/leash/Leash.cpp
+++ b/src/windows/leash/Leash.cpp
@@ -238,26 +238,6 @@ BOOL CLeashApp::InitInstance()
}
return TRUE;
}
- else if (0 == stricmp(optionParam+1, "ms2mit") ||
- 0 == stricmp(optionParam+1, "import") ||
- 0 == stricmp(optionParam+1, "m"))
- {
- if (!pLeash_importable()) {
- MessageBox(hMsg,
- "The Microsoft Logon Session does not support importing Ticket Getting Tickets!",
- "Error", MB_OK);
- return FALSE;
- }
-
- if (!pLeash_import())
- {
- MessageBox(hMsg,
- "There was an error importing tickets from the Microsoft Logon Session!",
- "Error", MB_OK);
- return FALSE;
- }
- return TRUE;
- }
else if (0 == stricmp(optionParam+1, "destroy") ||
0 == stricmp(optionParam+1, "d"))
{
@@ -306,8 +286,7 @@ BOOL CLeashApp::InitInstance()
"'-renew' or '-r' to perform ticket renewal (and exit)\n"
"'-destroy' or '-d' to perform ticket destruction (and exit)\n"
"'-autoinit' or '-a' to perform automatic ticket initialization\n"
- "'-console' or '-c' to attach a console for debugging\n"
- "'-ms2mit' or '-import' or '-m' to perform ticket importation (and exit)",
+ "'-console' or '-c' to attach a console for debugging\n",
"MIT Kerberos Error", MB_OK);
return FALSE;
}
@@ -318,8 +297,7 @@ BOOL CLeashApp::InitInstance()
"'-kinit' or '-i' to perform ticket initialization (and exit)\n"
"'-renew' or '-r' to perform ticket renewal (and exit)\n"
"'-destroy' or '-d' to perform ticket destruction (and exit)\n"
- "'-autoinit' or '-a' to perform automatic ticket initialization\n"
- "'-ms2mit' or '-import' or '-m' to perform ticket importation (and exit)",
+ "'-autoinit' or '-a' to perform automatic ticket initialization\n",
"MIT Kerberos Error", MB_OK);
return FALSE;
}
@@ -394,8 +372,8 @@ BOOL CLeashApp::InitInstance()
if (!ProcessShellCommand(cmdInfo))
return FALSE;
- // Check to see if there are any tickets in the cache
- // If not and the Windows Logon Session is Kerberos authenticated attempt an import
+ // Check to see if there are any tickets in the cache. If not and
+ // autoinitialization is enabled, display the initial tickets dialog.
{
if (WaitForSingleObject( ticketinfo.lockObj, INFINITE ) != WAIT_OBJECT_0)
throw("Unable to lock ticketinfo");
@@ -404,57 +382,6 @@ BOOL CLeashApp::InitInstance()
LeashKRB5FreeTicketInfo(&ticketinfo.Krb5);
ReleaseMutex(ticketinfo.lockObj);
- DWORD dwMsLsaImport = pLeash_get_default_mslsa_import();
-
- if ( b_autoinit && dwMsLsaImport && pLeash_importable() ) {
- // We have the option of importing tickets from the MSLSA
- // but should we? Do the tickets in the MSLSA cache belong
- // to the default realm used by Leash? If so, import.
- int import = 0;
-
- if ( dwMsLsaImport == 1 ) { /* always import */
- import = 1;
- } else if ( dwMsLsaImport == 2 ) { /* import when realms match */
- krb5_error_code code;
- krb5_ccache mslsa_ccache=0;
- krb5_principal princ = 0;
- char ms_realm[128] = "", *def_realm = 0, *r;
- int i;
-
- if (code = pkrb5_cc_resolve(CLeashApp::m_krbv5_context, "MSLSA:", &mslsa_ccache))
- goto cleanup;
-
- if (code = pkrb5_cc_get_principal(CLeashApp::m_krbv5_context, mslsa_ccache, &princ))
- goto cleanup;
-
- for ( r=ms_realm, i=0; i<krb5_princ_realm(CLeashApp::m_krb5v5_context, princ)->length; r++, i++ ) {
- *r = krb5_princ_realm(CLeashApp::m_krb5v5_context, princ)->data[i];
- }
- *r = '\0';
-
- if (code = pkrb5_get_default_realm(CLeashApp::m_krbv5_context, &def_realm))
- goto cleanup;
-
- import = !strcmp(def_realm, ms_realm);
-
- cleanup:
- if (def_realm)
- pkrb5_free_default_realm(CLeashApp::m_krbv5_context, def_realm);
-
- if (princ)
- pkrb5_free_principal(CLeashApp::m_krbv5_context, princ);
-
- if (mslsa_ccache)
- pkrb5_cc_close(CLeashApp::m_krbv5_context, mslsa_ccache);
- }
-
- if (import && pLeash_import()) {
- CLeashView::m_importedTickets = 1;
- ::PostMessage(m_pMainWnd->m_hWnd, WM_COMMAND, ID_UPDATE_DISPLAY, 0);
- b_autoinit = FALSE;
- }
- }
-
if (autoInit) {
if ( b_autoinit )
AfxBeginThread(InitWorker, m_pMainWnd->m_hWnd);
@@ -487,9 +414,6 @@ DECL_FUNC_PTR(Leash_kinit_dlg_ex);
DECL_FUNC_PTR(Leash_timesync);
DECL_FUNC_PTR(Leash_get_default_uppercaserealm);
DECL_FUNC_PTR(Leash_set_default_uppercaserealm);
-DECL_FUNC_PTR(Leash_get_default_mslsa_import);
-DECL_FUNC_PTR(Leash_import);
-DECL_FUNC_PTR(Leash_importable);
DECL_FUNC_PTR(Leash_renew);
FUNC_INFO leash_fi[] = {
@@ -501,9 +425,6 @@ FUNC_INFO leash_fi[] = {
MAKE_FUNC_INFO(Leash_timesync),
MAKE_FUNC_INFO(Leash_get_default_uppercaserealm),
MAKE_FUNC_INFO(Leash_set_default_uppercaserealm),
- MAKE_FUNC_INFO(Leash_get_default_mslsa_import),
- MAKE_FUNC_INFO(Leash_import),
- MAKE_FUNC_INFO(Leash_importable),
MAKE_FUNC_INFO(Leash_renew),
END_FUNC_INFO
};
@@ -1153,40 +1074,17 @@ CLeashApp::ObtainTicketsViaUserIfNeeded(HWND hWnd)
LeashKRB5FreeTicketInfo(&ticketinfo.Krb5);
ReleaseMutex(ticketinfo.lockObj);
- if ( !btickets ) {
- if ( pLeash_importable() ) {
- if (pLeash_import())
- CLeashView::m_importedTickets = 1;
- }
- else if ( ProbeKDC() ) {
- LSH_DLGINFO_EX ldi;
- ldi.size = LSH_DLGINFO_EX_V1_SZ;
- ldi.dlgtype = DLGTYPE_PASSWD;
- ldi.title = "MIT Kerberos: Get Ticket";
- ldi.username = NULL;
- ldi.realm = NULL;
- ldi.dlgtype = DLGTYPE_PASSWD;
- ldi.use_defaults = 1;
-
- pLeash_kinit_dlg_ex(hWnd, &ldi);
- }
- } else {
- if ( CLeashView::m_importedTickets && pLeash_importable() ) {
- if (pLeash_import())
- CLeashView::m_importedTickets = 1;
- }
- else if ( ProbeKDC() && !pLeash_renew() ) {
- LSH_DLGINFO_EX ldi;
- ldi.size = LSH_DLGINFO_EX_V1_SZ;
- ldi.dlgtype = DLGTYPE_PASSWD;
- ldi.title = "MIT Kerberos: Get Ticket";
- ldi.username = NULL;
- ldi.realm = NULL;
- ldi.dlgtype = DLGTYPE_PASSWD;
- ldi.use_defaults = 1;
-
- pLeash_kinit_dlg_ex(hWnd, &ldi);
- }
+ if (ProbeKDC() && (!btickets || !pLeash_renew())) {
+ LSH_DLGINFO_EX ldi;
+ ldi.size = LSH_DLGINFO_EX_V1_SZ;
+ ldi.dlgtype = DLGTYPE_PASSWD;
+ ldi.title = "MIT Kerberos: Get Ticket";
+ ldi.username = NULL;
+ ldi.realm = NULL;
+ ldi.dlgtype = DLGTYPE_PASSWD;
+ ldi.use_defaults = 1;
+
+ pLeash_kinit_dlg_ex(hWnd, &ldi);
}
return;
}
diff --git a/src/windows/leash/Leash.h b/src/windows/leash/Leash.h
index c2b5f16..801df5f 100644
--- a/src/windows/leash/Leash.h
+++ b/src/windows/leash/Leash.h
@@ -27,7 +27,6 @@
// Help
#define HID_GET_TICKETS_COMMAND 98343 // ID_INIT_TICKET + 65536
#define HID_RENEW_TICKETS_COMMAND 98312 // ID_RENEW_TICKET + 65536
-#define HID_IMPORT_TICKETS_COMMAND 98342 // ID_IMPORT_TICKET + 65536
#define HID_DESTROY_TICKETS_COMMAND 98313
#define HID_SYNCHRONIZE_TIME_OPTION 98314
#define HID_CHANGE_PASSWORD_COMMAND 98315
diff --git a/src/windows/leash/Leash.rc b/src/windows/leash/Leash.rc
index b6ee1a0..a140dfc 100644
--- a/src/windows/leash/Leash.rc
+++ b/src/windows/leash/Leash.rc
@@ -86,14 +86,12 @@ IDI_LEASH_TICKET_SESSION ICON "res\\key.ico"
IDI_LEASH_TICKET_ENCRYPTION ICON "res\\encryption.ico"
IDI_TOOLBAR_INIT ICON "res\\new.ico"
IDI_TOOLBAR_RENEW ICON "res\\renew.ico"
-IDI_TOOLBAR_IMPORT ICON "res\\import.ico"
IDI_TOOLBAR_DESTROY ICON "res\\destroy.ico"
IDI_TOOLBAR_PASSWORD ICON "res\\password.ico"
IDI_TOOLBAR_REFRESH ICON "res\\refresh.ico"
IDI_TOOLBAR_SYNC ICON "res\\sync.ico"
IDI_TOOLBAR_INIT_DISABLED ICON "res\\new_disabled.ico"
IDI_TOOLBAR_RENEW_DISABLED ICON "res\\renew_disabled.ico"
-IDI_TOOLBAR_IMPORT_DISABLED ICON "res\\import_disabled.ico"
IDI_TOOLBAR_DESTROY_DISABLED ICON "res\\destroy_disabled.ico"
IDI_TOOLBAR_PASSWORD_DISABLED ICON "res\\password_disabled.ico"
IDI_TOOLBAR_REFRESH_DISABLED ICON "res\\refresh_disabled.ico"
@@ -110,7 +108,6 @@ BEGIN
BEGIN
MENUITEM "&Get Ticket(s)\tCtrl+T", ID_INIT_TICKET
MENUITEM "&Renew Ticket(s)\tCtrl+R", ID_RENEW_TICKET
- MENUITEM "&Import Ticket(s)\tCtrl+I", ID_IMPORT_TICKET
MENUITEM "&Destroy Ticket(s)\tCtrl+D", ID_DESTROY_TICKET
MENUITEM SEPARATOR
MENUITEM "&Change Password...", ID_CHANGE_PASSWORD
@@ -155,7 +152,6 @@ IDR_MAINFRAME ACCELERATORS
BEGIN
"C", ID_EDIT_COPY, VIRTKEY, CONTROL, NOINVERT
"D", ID_DESTROY_TICKET, VIRTKEY, CONTROL, NOINVERT
- "I", ID_IMPORT_TICKET, VIRTKEY, CONTROL, NOINVERT
"M", ID_MAKE_DEFAULT, VIRTKEY, CONTROL, NOINVERT
"N", ID_FILE_NEW, VIRTKEY, CONTROL, NOINVERT
"O", ID_FILE_OPEN, VIRTKEY, CONTROL, NOINVERT
@@ -629,7 +625,6 @@ IDR_MAINFRAME TOOLBAR 18, 18
BEGIN
BUTTON ID_INIT_TICKET
BUTTON ID_RENEW_TICKET
- BUTTON ID_IMPORT_TICKET
BUTTON ID_DESTROY_TICKET
SEPARATOR
BUTTON ID_CHANGE_PASSWORD
@@ -690,7 +685,6 @@ END
STRINGTABLE
BEGIN
ID_PROPERTIES "Enables you to change settings"
- ID_IMPORT_TICKET "import tickets from your Windows Logon Session.\n Import Tickets"
ID_INIT_TICKET "Obtain a new ticket\n Get Ticket"
ID_AUTO_RENEW "Automatically attempt to renew tickets.\n Automatic Ticket Renewal"
ID_TIME_ISSUED "Display column showing when your tickets will expire.\n Issued"
@@ -734,9 +728,7 @@ END
STRINGTABLE
BEGIN
ID_MAKE_DEFAULT "Make the selected principal the default principal.\n Make Default"
- ID_IMPORT_TICKETS "Automatically import tickets from your Windows Logon Session.\n Import Tickets"
ID_EXPORT_TICKET "Export tickets to your Windows Logon Sesion.\n Export Tickets"
- ID_AUTO_IMPORT_TICKET "Automatically import tickets from your Windows Logon Session.\n Automatic Import Tickets"
END
#endif // English (United States) resources
diff --git a/src/windows/leash/LeashView.cpp b/src/windows/leash/LeashView.cpp
index c175f2c..9413d75 100644
--- a/src/windows/leash/LeashView.cpp
+++ b/src/windows/leash/LeashView.cpp
@@ -48,7 +48,6 @@ BEGIN_MESSAGE_MAP(CLeashView, CListView)
ON_WM_SHOWWINDOW()
ON_COMMAND(ID_INIT_TICKET, OnInitTicket)
ON_COMMAND(ID_RENEW_TICKET, OnRenewTicket)
- ON_COMMAND(ID_IMPORT_TICKET, OnImportTicket)
ON_COMMAND(ID_DESTROY_TICKET, OnDestroyTicket)
ON_COMMAND(ID_CHANGE_PASSWORD, OnChangePassword)
ON_COMMAND(ID_MAKE_DEFAULT, OnMakeDefault)
@@ -74,7 +73,6 @@ BEGIN_MESSAGE_MAP(CLeashView, CListView)
ON_UPDATE_COMMAND_UI(ID_KILL_TIX_ONEXIT, OnUpdateKillTixOnExit)
ON_WM_DESTROY()
ON_UPDATE_COMMAND_UI(ID_DESTROY_TICKET, OnUpdateDestroyTicket)
- ON_UPDATE_COMMAND_UI(ID_IMPORT_TICKET, OnUpdateImportTicket)
ON_UPDATE_COMMAND_UI(ID_INIT_TICKET, OnUpdateInitTicket)
ON_UPDATE_COMMAND_UI(ID_RENEW_TICKET, OnUpdateRenewTicket)
ON_COMMAND(ID_APP_ABOUT, OnAppAbout)
@@ -117,7 +115,6 @@ INT CLeashView::m_alreadyPlayedDisplayCount;
INT CLeashView::m_autoRenewTickets = 0;
BOOL CLeashView::m_lowTicketAlarmSound;
INT CLeashView::m_autoRenewalAttempted = 0;
-BOOL CLeashView::m_importedTickets = 0;
LONG CLeashView::m_timerMsgNotInProgress = 1;
ViewColumnInfo CLeashView::sm_viewColumns[] =
{
@@ -329,7 +326,6 @@ CLeashView::CLeashView()
m_debugWindow = 0;
m_upperCaseRealm = 0;
m_lowTicketAlarm = 0;
- m_importedTickets = 0;
m_pDebugWindow = NULL;
m_pDebugWindow = new CLeashDebugWindow(this);
@@ -573,8 +569,6 @@ VOID CLeashView::OnInitTicket()
UINT CLeashView::InitTicket(void * hWnd)
{
- m_importedTickets = 0;
-
LSH_DLGINFO_EX ldi;
char username[64];
char realm[192];
@@ -637,82 +631,6 @@ UINT CLeashView::InitTicket(void * hWnd)
return 0;
}
-VOID CLeashView::OnImportTicket()
-{
- try {
- ImportTicket(m_hWnd);
- }
- catch(...) {
- AfxMessageBox("Ticket Getting operation already in progress", MB_OK|MB_ICONWARNING, 0);
- }
-}
-
-UINT CLeashView::ImportTicket(void * hWnd)
-{
- if ( !CLeashApp::m_hKrb5DLL )
- return 0;
-
- krb5_error_code code;
- krb5_ccache mslsa_ccache=0;
- krb5_principal princ = 0;
- char * pname = 0;
-
- if (code = pkrb5_cc_resolve(CLeashApp::m_krbv5_context, "MSLSA:", &mslsa_ccache))
- goto cleanup;
-
- if (code = pkrb5_cc_get_principal(CLeashApp::m_krbv5_context, mslsa_ccache, &princ))
- goto cleanup;
-
- if (code = pkrb5_unparse_name(CLeashApp::m_krbv5_context, princ, &pname))
- goto cleanup;
-
-cleanup:
- if (pname)
- pkrb5_free_unparsed_name(CLeashApp::m_krbv5_context, pname);
-
- if (princ)
- pkrb5_free_principal(CLeashApp::m_krbv5_context, princ);
-
- if (mslsa_ccache)
- pkrb5_cc_close(CLeashApp::m_krbv5_context, mslsa_ccache);
-
- if ( code == 0 ) {
- int result = pLeash_import();
- if (-1 == result)
- {
- AfxMessageBox("There is a problem importing tickets!",
- MB_OK|MB_ICONSTOP);
- ::SendMessage((HWND)hWnd,WM_COMMAND, ID_UPDATE_DISPLAY, 0);
- m_importedTickets = 0;
- }
- else
- {
- if (WaitForSingleObject( ticketinfo.lockObj, INFINITE ) != WAIT_OBJECT_0) {
- throw("Unable to lock ticketinfo");
- }
- ticketinfo.Krb5.btickets = GOOD_TICKETS;
- m_warningOfTicketTimeLeftKrb5 = 0;
- m_ticketStatusKrb5 = 0;
- ReleaseMutex(ticketinfo.lockObj);
- ::SendMessage((HWND)hWnd, WM_COMMAND, ID_UPDATE_DISPLAY, 0);
-
- if (WaitForSingleObject( ticketinfo.lockObj, INFINITE ) != WAIT_OBJECT_0) {
- throw("Unable to lock ticketinfo");
- }
-
- if (ticketinfo.Krb5.btickets != GOOD_TICKETS) {
- ReleaseMutex(ticketinfo.lockObj);
- AfxBeginThread(InitTicket,hWnd);
- } else {
- ReleaseMutex(ticketinfo.lockObj);
- m_importedTickets = 1;
- m_autoRenewalAttempted = 0;
- }
- }
- }
- return 0;
-}
-
static UINT krenew(void *param)
{
char *ccache_name = (char *)param;
@@ -723,9 +641,6 @@ static UINT krenew(void *param)
krb5_creds my_creds;
krb5_data *realm = 0;
- // @TODO: logic to check for imported tickets and auto-renew/re-import
- // from MSLSA
-
memset(&my_creds, 0, sizeof(krb5_creds));
if (ccache_name == NULL)
// Bad param
@@ -838,12 +753,7 @@ UINT CLeashView::RenewTicket(void * hWnd)
return 0;
}
- // If imported from Kerberos LSA, re-import
- // Otherwise, init the tickets
- if ( m_importedTickets )
- AfxBeginThread(ImportTicket,hWnd);
- else
- AfxBeginThread(InitTicket,hWnd);
+ AfxBeginThread(InitTicket,hWnd);
return 0;
}
@@ -906,7 +816,6 @@ VOID CLeashView::OnDestroyTicket()
SendMessage(WM_COMMAND, ID_UPDATE_DISPLAY, 0);
}
}
- m_importedTickets = 0;
m_autoRenewalAttempted = 0;
}
@@ -1806,24 +1715,6 @@ VOID CLeashView::OnUpdateRenewTicket(CCmdUI* pCmdUI)
pCmdUI->Enable(enable);
}
-VOID CLeashView::OnUpdateImportTicket(CCmdUI* pCmdUI)
-{
- bool ccIsMSLSA = false;
-
- if (CLeashApp::m_krbv5_context)
- {
- const char *ccName = pkrb5_cc_default_name(CLeashApp::m_krbv5_context);
-
- if (ccName)
- ccIsMSLSA = !strcmp(ccName, "MSLSA:");
- }
-
- if (!CLeashApp::m_hKrbLSA || !pLeash_importable() || ccIsMSLSA)
- pCmdUI->Enable(FALSE);
- else
- pCmdUI->Enable(TRUE);
-}
-
LRESULT CLeashView::OnGoodbye(WPARAM wParam, LPARAM lParam)
{
m_pDebugWindow->DestroyWindow();
@@ -1877,11 +1768,6 @@ LRESULT CLeashView::OnTrayIcon(WPARAM wParam, LPARAM lParam)
else
nFlags = MF_STRING;
menu->AppendMenu(nFlags, ID_RENEW_TICKET, "&Renew Tickets");
- if (!CLeashApp::m_hKrbLSA || !pLeash_importable())
- nFlags = MF_STRING | MF_GRAYED;
- else
- nFlags = MF_STRING;
- menu->AppendMenu(MF_STRING, ID_IMPORT_TICKET, "&Import Tickets");
if (!ticketinfo.Krb5.btickets)
nFlags = MF_STRING | MF_GRAYED;
else
diff --git a/src/windows/leash/LeashView.h b/src/windows/leash/LeashView.h
index 2caecef..48107e7 100644
--- a/src/windows/leash/LeashView.h
+++ b/src/windows/leash/LeashView.h
@@ -224,8 +224,6 @@ protected: // create from serialization only
// Attributes
public:
- static BOOL m_importedTickets;
-
CLeashView();
//LeashDoc* GetDocument();
@@ -267,7 +265,6 @@ protected:
afx_msg VOID OnClose(void);
afx_msg VOID OnInitTicket();
afx_msg VOID OnRenewTicket();
- afx_msg VOID OnImportTicket();
afx_msg VOID OnDestroyTicket();
afx_msg VOID OnMakeDefault();
afx_msg VOID OnChangePassword();
@@ -285,7 +282,6 @@ protected:
afx_msg VOID OnKillTixOnExit();
afx_msg VOID OnDestroy();
afx_msg VOID OnUpdateDestroyTicket(CCmdUI* pCmdUI);
- afx_msg VOID OnUpdateImportTicket(CCmdUI* pCmdUI);
afx_msg VOID OnUpdateInitTicket(CCmdUI* pCmdUI);
afx_msg VOID OnUpdateRenewTicket(CCmdUI* pCmdUI);
afx_msg VOID OnUpdateTimeIssued(CCmdUI* pCmdUI);
diff --git a/src/windows/leash/Lglobals.h b/src/windows/leash/Lglobals.h
index c462722..1fe0101 100644
--- a/src/windows/leash/Lglobals.h
+++ b/src/windows/leash/Lglobals.h
@@ -68,9 +68,6 @@ extern DECL_FUNC_PTR(Leash_kinit_dlg_ex);
extern DECL_FUNC_PTR(Leash_timesync);
extern DECL_FUNC_PTR(Leash_get_default_uppercaserealm);
extern DECL_FUNC_PTR(Leash_set_default_uppercaserealm);
-extern DECL_FUNC_PTR(Leash_get_default_mslsa_import);
-extern DECL_FUNC_PTR(Leash_import);
-extern DECL_FUNC_PTR(Leash_importable);
extern DECL_FUNC_PTR(Leash_renew);
// psapi functions
diff --git a/src/windows/leash/res/import.ico b/src/windows/leash/res/import.ico
deleted file mode 100644
index dd6ed29..0000000
Binary files a/src/windows/leash/res/import.ico and /dev/null differ
diff --git a/src/windows/leash/res/import_disabled.ico b/src/windows/leash/res/import_disabled.ico
deleted file mode 100644
index 9364bda..0000000
Binary files a/src/windows/leash/res/import_disabled.ico and /dev/null differ
diff --git a/src/windows/leash/resource.h b/src/windows/leash/resource.h
index 5b4a3e7..146c539 100644
--- a/src/windows/leash/resource.h
+++ b/src/windows/leash/resource.h
@@ -52,14 +52,12 @@
#define IDB_BITMAP1 239
#define IDI_TOOLBAR_INIT 240
#define IDI_TOOLBAR_RENEW 241
-#define IDI_TOOLBAR_IMPORT 242
#define IDI_TOOLBAR_DESTROY 243
#define IDI_TOOLBAR_PASSWORD 244
#define IDI_TOOLBAR_REFRESH 245
#define IDI_TOOLBAR_SYNC 246
#define IDI_TOOLBAR_INIT_DISABLED 247
#define IDI_TOOLBAR_RENEW_DISABLED 248
-#define IDI_TOOLBAR_IMPORT_DISABLED 249
#define IDI_TOOLBAR_DESTROY_DISABLED 250
#define IDI_TOOLBAR_PASSWORD_DISABLED 251
#define IDI_TOOLBAR_REFRESH_DISABLED 252
@@ -262,9 +260,6 @@
#define IDC_EDIT_RENEW_MAX_M 1200
#define IDC_EDIT_LIFETIME_M 1201
#define IDC_EDIT_RENEWTILL_M 1202
-#define IDC_RADIO_MSLSA_IMPORT_OFF 1203
-#define IDC_RADIO_MSLSA_IMPORT_ON 1204
-#define IDC_RADIO_MSLSA_IMPORT_MATCH 1205
#define IDC_STATIC_LEASH_MSLSA 1206
#define IDC_LEASH_MAINVIEW 1207
#define IDC_LIST3 1208
@@ -297,7 +292,6 @@
#define ID_HELP_FIND 32803
#define ID_HELP_LEASH32 32804
#define ID_HELP_WHYUSELEASH32 32805
-#define ID_IMPORT_TICKET 32806
#define ID_INIT_TICKET 32807
#define ID_AUTO_RENEW 32808
#define ID_OBTAIN_TGT_WITH_LPARAM 32809
@@ -312,10 +306,7 @@
#define ID_VALID_UNTIL 32828
#define ID_MAKE_DEFAULT 32835
#define ID_CHECK2 32836
-#define ID_IMPORT_TICKETS 32836
#define ID_EXPORT_TICKET 32837
-#define ID_AUTO_IMPORT_TICKET 32838
-#define ID_AUTO_IMPORT_TICKETS 32840
#define ID_CCACHE_NAME 32841
// Next default values for new objects
diff --git a/src/windows/leashdll/krb5routines.c b/src/windows/leashdll/krb5routines.c
index 587f044..4380d29 100644
--- a/src/windows/leashdll/krb5routines.c
+++ b/src/windows/leashdll/krb5routines.c
@@ -487,71 +487,6 @@ Leash_krb5_error(krb5_error_code rc, LPCSTR FailedFunctionName,
}
-BOOL
-Leash_ms2mit(BOOL save_creds)
-{
- krb5_context kcontext = 0;
- krb5_error_code code;
- krb5_ccache ccache=0;
- krb5_ccache mslsa_ccache=0;
- krb5_creds creds;
- krb5_cc_cursor cursor=0;
- krb5_principal princ = 0;
- BOOL rc = FALSE;
-
- if ( !pkrb5_init_context )
- goto cleanup;
-
- if (code = pkrb5_init_context(&kcontext))
- goto cleanup;
-
- if (code = pkrb5_cc_resolve(kcontext, "MSLSA:", &mslsa_ccache))
- goto cleanup;
-
- if ( save_creds ) {
- if (code = pkrb5_cc_get_principal(kcontext, mslsa_ccache, &princ))
- goto cleanup;
-
- if (code = pkrb5_cc_default(kcontext, &ccache))
- goto cleanup;
-
- if (code = pkrb5_cc_initialize(kcontext, ccache, princ))
- goto cleanup;
-
- if (code = pkrb5_cc_copy_creds(kcontext, mslsa_ccache, ccache))
- goto cleanup;
-
- rc = TRUE;
- } else {
- /* Enumerate tickets from cache looking for an initial ticket */
- if ((code = pkrb5_cc_start_seq_get(kcontext, mslsa_ccache, &cursor)))
- goto cleanup;
-
- while (!(code = pkrb5_cc_next_cred(kcontext, mslsa_ccache, &cursor, &creds)))
- {
- if ( creds.ticket_flags & TKT_FLG_INITIAL ) {
- rc = TRUE;
- pkrb5_free_cred_contents(kcontext, &creds);
- break;
- }
- pkrb5_free_cred_contents(kcontext, &creds);
- }
- pkrb5_cc_end_seq_get(kcontext, mslsa_ccache, &cursor);
- }
-
- cleanup:
- if (princ)
- pkrb5_free_principal(kcontext, princ);
- if (ccache)
- pkrb5_cc_close(kcontext, ccache);
- if (mslsa_ccache)
- pkrb5_cc_close(kcontext, mslsa_ccache);
- if (kcontext)
- pkrb5_free_context(kcontext);
- return(rc);
-}
-
-
/* User Query data structures and functions */
struct textField {
diff --git a/src/windows/leashdll/leash-int.h b/src/windows/leashdll/leash-int.h
index d914f7d..a2f33b2 100644
--- a/src/windows/leashdll/leash-int.h
+++ b/src/windows/leashdll/leash-int.h
@@ -29,7 +29,6 @@ extern char KRB_HelpFile[_MAX_PATH];
// Function Prototypes.
int DoNiftyErrorReport(long errnum, LPSTR what);
LONG Leash_timesync(int);
-BOOL Leash_ms2mit(BOOL);
// Crap...
#include <krb5.h>
@@ -247,7 +246,6 @@ cc_free_NC_info,
/* Must match the values used in Leash32.exe */
#define LEASH_SETTINGS_REGISTRY_KEY_NAME "Software\\MIT\\Leash32\\Settings"
#define LEASH_SETTINGS_REGISTRY_VALUE_UPPERCASEREALM "UpperCaseRealm"
-#define LEASH_SETTINGS_REGISTRY_VALUE_MSLSA_IMPORT "MsLsaImport"
/* These values are defined and used within Leashw32.dll */
#define LEASH_REGISTRY_KEY_NAME "Software\\MIT\\Leash"
diff --git a/src/windows/leashdll/lsh_pwd.rc b/src/windows/leashdll/lsh_pwd.rc
index d08378d..5fdf346 100644
--- a/src/windows/leashdll/lsh_pwd.rc
+++ b/src/windows/leashdll/lsh_pwd.rc
@@ -224,7 +224,6 @@ BEGIN
LSH_DEFAULT_DIALOG_RENEW_MAX "43200"
LSH_DEFAULT_TICKET_RENEW "1"
LSH_DEFAULT_UPPERCASEREALM "1"
- LSH_DEFAULT_MSLSA_IMPORT "2"
LSH_DEFAULT_PRESERVE_KINIT "0"
END
diff --git a/src/windows/leashdll/lshfunc.c b/src/windows/leashdll/lshfunc.c
index f2c50a2..14cb361 100644
--- a/src/windows/leashdll/lshfunc.c
+++ b/src/windows/leashdll/lshfunc.c
@@ -686,49 +686,17 @@ IsProcessUacLimited (void)
}
-// This looks really ugly because it is. The result of IsKerberosLogon()
-// does not prove whether or not there are Kerberos tickets available to
-// be imported. Only the call to Leash_ms2mit() which actually attempts
-// to import tickets can do that. However, calling Leash_ms2mit() can
-// result in a TGS_REQ being sent to the KDC and since Leash_importable()
-// is called quite often we want to avoid this if at all possible.
-// Unfortunately, we have be shown at least one case in which the primary
-// authentication package was not Kerberos and yet there were Kerberos
-// tickets available. Therefore, if IsKerberosLogon() is not TRUE we
-// must call Leash_ms2mit() but we still do not want to call it in a
-// tight loop so we cache the response and assume it won't change.
-
-// 2007-03-21
-// And the nightmare goes on. On Vista the Lsa call we use to determine
-// whether or not Kerberos was used for logon fails to return and worse
-// corrupts the stack. Therefore, we must now test to see if the
-// operating system is Vista and skip the call to IsKerberosLogon()
-// if it is.
long FAR
Leash_importable(void)
{
- if (IsProcessUacLimited())
- return FALSE;
-
- if ( !IsWindowsVista() && IsKerberosLogon() )
- return TRUE;
- else {
- static int response = -1;
- if (response == -1) {
- response = Leash_ms2mit(0);
- }
- return response;
- }
+ /* Import functionality has been removed. */
+ return FALSE;
}
long FAR
Leash_import(void)
{
- if ( Leash_ms2mit(1) ) {
- int lifetime;
- lifetime = Leash_get_default_lifetime() / 5;
- return 1;
- }
+ /* Import functionality has been removed. */
return 0;
}
@@ -2181,34 +2149,11 @@ Leash_get_default_uppercaserealm(
return 1;
}
-static
-BOOL
-get_default_mslsa_import_from_registry(
- HKEY hBaseKey,
- DWORD * result
- )
-{
- return get_DWORD_from_registry(hBaseKey,
- LEASH_SETTINGS_REGISTRY_KEY_NAME,
- LEASH_SETTINGS_REGISTRY_VALUE_MSLSA_IMPORT,
- result);
-}
-
DWORD
Leash_reset_default_mslsa_import(
)
{
- HKEY hKey;
- LONG rc;
-
- rc = RegOpenKeyEx(HKEY_CURRENT_USER, LEASH_SETTINGS_REGISTRY_KEY_NAME, 0, KEY_WRITE, &hKey);
- if (rc)
- return rc;
-
- rc = RegDeleteValue(hKey, LEASH_SETTINGS_REGISTRY_VALUE_MSLSA_IMPORT);
- RegCloseKey(hKey);
-
- return rc;
+ return ERROR_INVALID_FUNCTION;
}
DWORD
@@ -2216,46 +2161,14 @@ Leash_set_default_mslsa_import(
DWORD onoffmatch
)
{
- HKEY hKey;
- LONG rc;
-
- rc = RegCreateKeyEx(HKEY_CURRENT_USER, LEASH_SETTINGS_REGISTRY_KEY_NAME, 0,
- 0, 0, KEY_WRITE, 0, &hKey, 0);
- if (rc)
- return rc;
-
- rc = RegSetValueEx(hKey, LEASH_SETTINGS_REGISTRY_VALUE_MSLSA_IMPORT, 0, REG_DWORD,
- (LPBYTE) &onoffmatch, sizeof(DWORD));
- RegCloseKey(hKey);
-
- return rc;
+ return ERROR_INVALID_FUNCTION;
}
DWORD
Leash_get_default_mslsa_import(
)
{
- HMODULE hmLeash;
- DWORD result;
-
- if (get_default_mslsa_import_from_registry(HKEY_CURRENT_USER, &result) ||
- get_default_mslsa_import_from_registry(HKEY_LOCAL_MACHINE, &result))
- {
- return result;
- }
-
- hmLeash = GetModuleHandle(LEASH_DLL);
- if (hmLeash)
- {
- char mslsa_import[80];
- if (LoadString(hmLeash, LSH_DEFAULT_MSLSA_IMPORT,
- mslsa_import, sizeof(mslsa_import)))
- {
- mslsa_import[sizeof(mslsa_import) - 1] = 0;
- return atoi(mslsa_import);
- }
- }
- return 2; /* import only when mslsa realm matches default */
+ return 0;
}
@@ -2352,7 +2265,6 @@ Leash_reset_defaults(void)
Leash_reset_default_renew_min();
Leash_reset_default_renew_max();
Leash_reset_default_uppercaserealm();
- Leash_reset_default_mslsa_import();
Leash_reset_default_preserve_kinit_settings();
}
@@ -2679,9 +2591,7 @@ cleanup:
static void
acquire_tkt_no_princ(krb5_context context, char * ccname, int cclen)
{
- TicketList *list = NULL;
krb5_context ctx;
- DWORD dwMsLsaImport = Leash_get_default_mslsa_import();
DWORD gle;
char ccachename[272]="";
char loginenv[16];
@@ -2703,71 +2613,6 @@ acquire_tkt_no_princ(krb5_context context, char * ccname, int cclen)
}
haveTickets = cc_default_have_tickets(ctx);
- if ((!haveTickets) &&
- dwMsLsaImport && Leash_importable() ) {
- // We have the option of importing tickets from the MSLSA
- // but should we? Do the tickets in the MSLSA cache belong
- // to the default realm used by Leash? Does the default
- // ccache name specify a principal name? Only import if we
- // aren't going to break the default identity as specified
- // by the user in Network Identity Manager.
- int import = 0;
- BOOL isCCPrinc;
-
- /* Determine if the default ccachename is principal name. If so, don't
- * import the MSLSA: credentials into it unless the names match.
- */
- isCCPrinc = (strncmp("API:",ccachename, 4) == 0 && strchr(ccachename, '@'));
-
- if ( dwMsLsaImport == 1 && !isCCPrinc ) { /* always import */
- import = 1;
- } else if ( dwMsLsaImport ) { /* import when realms match */
- krb5_error_code code;
- krb5_ccache mslsa_ccache=NULL;
- krb5_principal princ = NULL;
- char *mslsa_principal = NULL;
- char ms_realm[128] = "", *def_realm = NULL, *r;
- size_t i;
-
- if (code = pkrb5_cc_resolve(ctx, "MSLSA:", &mslsa_ccache))
- goto cleanup;
-
- if (code = pkrb5_cc_get_principal(ctx, mslsa_ccache, &princ))
- goto cleanup;
-
- for ( r=ms_realm, i=0; i<krb5_princ_realm(ctx, princ)->length; r++, i++ ) {
- *r = krb5_princ_realm(ctx, princ)->data[i];
- }
- *r = '\0';
-
- if (code = pkrb5_get_default_realm(ctx, &def_realm))
- goto cleanup;
-
- if (code = pkrb5_unparse_name(ctx, princ, &mslsa_principal))
- goto cleanup;
-
- import = (!isCCPrinc && !strcmp(def_realm, ms_realm)) ||
- (isCCPrinc && !strcmp(&ccachename[4], mslsa_principal));
-
- cleanup:
- if (mslsa_principal)
- pkrb5_free_unparsed_name(ctx, mslsa_principal);
-
- if (def_realm)
- pkrb5_free_default_realm(ctx, def_realm);
-
- if (princ)
- pkrb5_free_principal(ctx, princ);
-
- if (mslsa_ccache)
- pkrb5_cc_close(ctx, mslsa_ccache);
- }
-
- if ( import ) {
- Leash_import();
- haveTickets = cc_default_have_tickets(ctx);
- }
- }
if ( prompt && !haveTickets ) {
acquire_tkt_send_msg(ctx, NULL, ccachename, NULL, ccname, cclen);
More information about the cvs-krb5
mailing list