From 2feba2710fa6b28ee4dedb8c61e2c4e118fa39a0 Mon Sep 17 00:00:00 2001 From: S Rahul Date: Fri, 25 Sep 2009 06:06:03 +0000 Subject: [PATCH] Two changes: 1. Enable privileged process ('system' owned) to access logged in user's Kerberos credential cache while authenticating to the ATS. The LUID of the logged in user is an input. This is required by Zenworks. 2. Fix a buffer overflow. A memory buffer was being used after being freed. --- .../client/library/mechanisms/krb5/internal.h | 1 + .../library/mechanisms/krb5/windows/get.c | 28 +++++++++++++++++-- 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/CASA-auth-token/client/library/mechanisms/krb5/internal.h b/CASA-auth-token/client/library/mechanisms/krb5/internal.h index f2f1b8ec..0b9db672 100644 --- a/CASA-auth-token/client/library/mechanisms/krb5/internal.h +++ b/CASA-auth-token/client/library/mechanisms/krb5/internal.h @@ -29,6 +29,7 @@ #include "platform.h" #include +#include #include #include "config_if.h" #include "mech_if.h" diff --git a/CASA-auth-token/client/library/mechanisms/krb5/windows/get.c b/CASA-auth-token/client/library/mechanisms/krb5/windows/get.c index 0bec09c3..4f73c2e0 100644 --- a/CASA-auth-token/client/library/mechanisms/krb5/windows/get.c +++ b/CASA-auth-token/client/library/mechanisms/krb5/windows/get.c @@ -33,6 +33,7 @@ //===[ Global variables ]================================================== +#define WINDOWS_LOGIN_ID 1 //++======================================================================= CasaStatus SSCS_CALL @@ -101,6 +102,8 @@ AuthTokenIf_GetAuthToken( SECURITY_STATUS secStatus; TimeStamp expiry; CredHandle hCredentials = {0}; + LUID *pluid = NULL; + SSCS_EXT_T *ext = (SSCS_EXT_T *)pCredStoreScope; DbgTrace(1, "-AuthTokenIf_GetAuthToken- Start\n", 0); @@ -147,7 +150,16 @@ AuthTokenIf_GetAuthToken( // Process the setting if (stricmp(pSettingName, "SVC_PRINCIPAL") == 0) { - pKrbServiceName = pSettingValue; + pKrbServiceName = strdup(pSettingValue); + if (pKrbServiceName == NULL) + { + DbgTrace(0, "-AuthTokenIf_GetAuthToken- Memory allocation failure\n", 0); + retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_KRB5TOKEN, + CASA_STATUS_INSUFFICIENT_RESOURCES); + goto exit; + } + freeKrbSvcNameBuf = true; } } else @@ -191,12 +203,24 @@ AuthTokenIf_GetAuthToken( goto exit; } } + if (ext != NULL) { + char err[128]; + if ((ext->extID != WINDOWS_LOGIN_ID) || (ext->version != 1)) { + DbgTrace(0, "-AuthTokenIf_GetAuthToken- Unknown extension ID\n", 0); + retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, CASA_FACILITY_KRB5TOKEN, CASA_STATUS_INVALID_PARAMETER); + goto exit; + } + + pluid = (LUID *)ext->ext; + sprintf(err, "-AuthTokenIf_GetAuthToken- Found luid %d.%d\n", pluid->LowPart, pluid->HighPart); + DbgTrace(1, err, 0); + } // Acquire a credential handle for the current user secStatus = AcquireCredentialsHandle(NULL, // no principal name "Kerberos", // package name SECPKG_CRED_OUTBOUND, - NULL, // no logon id + pluid, NULL, // no auth data NULL, // no get key fn NULL, // noget key arg