krb5 commit [krb5-1.10]: Add krb5int_cc_user_set_default_name

Tom Yu tlyu at MIT.EDU
Mon Jul 23 16:26:19 EDT 2012 

https://github.com/krb5/krb5/commit/39f14ba4a3c3f8edc954ea11b3a02f472f1a4299
commit 39f14ba4a3c3f8edc954ea11b3a02f472f1a4299
Author: Tom Yu <tlyu at mit.edu>
Date:   Mon Jul 23 14:56:10 2012 -0400

    Add krb5int_cc_user_set_default_name
    
    Set the default credential cache name for all processes for the current
    user.  Currently implemented, for windows only, by setting
    HKEY_CURRENT_USER\Software\MIT\Kerberos5:ccname to the specified
    ccache name.  This will not override the environment variable 'KRB5CCNAME'.
    It will override HKEY_LOCAL_MACHINE and 'indirect' registry values.
    
    Signed-off-by: Kevin Wasserman <kevin.wasserman at painless-security.com>
    
    (cherry picked from commit 80097093062822dde3f1140d250023576e52f59c)
    
    ticket: 7199
    version_fixed: 1.10.3
    status: resolved

 src/include/k5-int.h        |    3 ++
 src/lib/krb5/os/ccdefname.c |   58 ++++++++++++++++++++++++++++++++++++++++---
 src/lib/krb5_32.def         |    3 ++
 3 files changed, 60 insertions(+), 4 deletions(-)

diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index 12fbbc8..7cb1ed4e 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -2389,6 +2389,9 @@ typedef struct _krb5_donot_replay {
     krb5_timestamp ctime;
 } krb5_donot_replay;
 
+krb5_error_code KRB5_CALLCONV
+krb5int_cc_user_set_default_name(krb5_context context, const char *name);
+
 krb5_error_code krb5_rc_default(krb5_context, krb5_rcache *);
 krb5_error_code krb5_rc_resolve_type(krb5_context, krb5_rcache *,char *);
 krb5_error_code krb5_rc_resolve_full(krb5_context, krb5_rcache *,char *);
diff --git a/src/lib/krb5/os/ccdefname.c b/src/lib/krb5/os/ccdefname.c
index c460133..0c69c73 100644
--- a/src/lib/krb5/os/ccdefname.c
+++ b/src/lib/krb5/os/ccdefname.c
@@ -81,6 +81,32 @@ static int get_from_registry_indirect(char *name_buf, int name_size)
     return 1;
 }
 
+static const char *key_path = "Software\\MIT\\Kerberos5";
+static const char *value_name = "ccname";
+static int
+set_to_registry(
+    HKEY hBaseKey,
+    const char *name_buf
+)
+{
+    HRESULT result;
+    HKEY hKey;
+
+    if ((result = RegCreateKeyEx(hBaseKey, key_path, 0, NULL,
+                                 REG_OPTION_NON_VOLATILE, KEY_WRITE, NULL,
+                                 &hKey, NULL)) != ERROR_SUCCESS) {
+        return 0;
+    }
+    if (RegSetValueEx(hKey, value_name, 0, REG_SZ, name_buf,
+                      strlen(name_buf)+1) != ERROR_SUCCESS) {
+        RegCloseKey(hKey);
+        return 0;
+    }
+    RegCloseKey(hKey);
+    return 1;
+}
+
+
 /*
  * get_from_registry
  *
@@ -97,8 +123,6 @@ get_from_registry(
 {
     HKEY hKey;
     DWORD name_buf_size = (DWORD)name_size;
-    const char *key_path = "Software\\MIT\\Kerberos5";
-    const char *value_name = "ccname";
 
     if (RegOpenKeyEx(hBaseKey, key_path, 0, KEY_QUERY_VALUE,
                      &hKey) != ERROR_SUCCESS)
@@ -143,7 +167,7 @@ try_dir(
 static krb5_error_code get_from_os(char *name_buf, unsigned int name_size)
 {
     char *prefix = krb5_cc_dfl_ops->prefix;
-    int size;
+    unsigned int size;
     char *p;
     DWORD gle;
 
@@ -179,7 +203,7 @@ static krb5_error_code get_from_os(char *name_buf, unsigned int name_size)
         if (!try_dir(getenv("TEMP"), p, size) &&
             !try_dir(getenv("TMP"), p, size))
         {
-            int len = GetWindowsDirectory(p, size);
+            unsigned int len = GetWindowsDirectory(p, size);
             name_buf[name_size - 1] = 0;
             if (len < size - sizeof(APPEND_KRB5CC))
                 strcat(p, APPEND_KRB5CC);
@@ -237,6 +261,32 @@ static krb5_error_code get_from_os(char *name_buf, unsigned int name_size)
 #endif
 #endif
 
+#if defined(_WIN32)
+static void set_for_os(const char *name)
+{
+    set_to_registry(HKEY_CURRENT_USER, name);
+}
+#else
+static void set_for_os(const char *name)
+{
+    // @TODO
+}
+#endif
+
+/*
+ * Set the default ccache name for all processes for the current user
+ * (and the current context)
+ */
+krb5_error_code KRB5_CALLCONV
+krb5int_cc_user_set_default_name(krb5_context context, const char *name)
+{
+    krb5_error_code code = 0;
+    if ((code = krb5_cc_set_default_name(context, name)))
+        return code;
+    set_for_os(name);
+    return code;
+}
+
 krb5_error_code KRB5_CALLCONV
 krb5_cc_set_default_name(krb5_context context, const char *name)
 {
diff --git a/src/lib/krb5_32.def b/src/lib/krb5_32.def
index 8ff1b1c..d899c3a 100644
--- a/src/lib/krb5_32.def
+++ b/src/lib/krb5_32.def
@@ -424,3 +424,6 @@ EXPORTS
 	krb5_pac_sign					@395
 	krb5_find_authdata				@396
 	krb5_check_clockskew				@397
+
+; New for 1.10.3 / KfW 4.0
+	krb5int_cc_user_set_default_name		@404 ; PRIVATE LEASH

More information about the cvs-krb5 mailing list