Two changes:

1. Enable privileged process ('system' owned) to access logged in user's Kerberos credential cache while authenticating to the ATS. The LUID of the logged in user is an input. This is required by Zenworks. 2. Fix a buffer overflow. A memory buffer was being used after being freed.
2009-09-25 06:06:03 +00:00 · 2009-09-25 06:06:03 +00:00 · 2feba2710f
commit 2feba2710f
parent f867391074
2 changed files with 27 additions and 2 deletions
--- a/CASA-auth-token/client/library/mechanisms/krb5/internal.h
+++ b/CASA-auth-token/client/library/mechanisms/krb5/internal.h
@ -29,6 +29,7 @@

 #include "platform.h"
 #include <micasa_types.h>
+#include <micasa_mgmd.h>
 #include <casa_status.h>
 #include "config_if.h"
 #include "mech_if.h"
--- a/CASA-auth-token/client/library/mechanisms/krb5/windows/get.c
+++ b/CASA-auth-token/client/library/mechanisms/krb5/windows/get.c
@ -33,6 +33,7 @@

 //===[ Global variables ]==================================================

+#define WINDOWS_LOGIN_ID 1

 //++=======================================================================
 CasaStatus SSCS_CALL
@ -101,6 +102,8 @@ AuthTokenIf_GetAuthToken(
   SECURITY_STATUS   secStatus;
   TimeStamp         expiry;
   CredHandle        hCredentials = {0};
+   LUID              *pluid = NULL;
+   SSCS_EXT_T        *ext = (SSCS_EXT_T *)pCredStoreScope;

   DbgTrace(1, "-AuthTokenIf_GetAuthToken- Start\n", 0);

@ -147,7 +150,16 @@ AuthTokenIf_GetAuthToken(
               // Process the setting
               if (stricmp(pSettingName, "SVC_PRINCIPAL") == 0)
               {
-                  pKrbServiceName = pSettingValue;
+                  pKrbServiceName = strdup(pSettingValue);
+                  if (pKrbServiceName == NULL)
+                  {
+                     DbgTrace(0, "-AuthTokenIf_GetAuthToken- Memory allocation failure\n", 0);
+                     retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
+                                                 CASA_FACILITY_KRB5TOKEN,
+                                                 CASA_STATUS_INSUFFICIENT_RESOURCES);
+                     goto exit;
+                  }
+                  freeKrbSvcNameBuf = true;
               }
            }
            else
@ -191,12 +203,24 @@ AuthTokenIf_GetAuthToken(
         goto exit;
      }
   }
+   if (ext != NULL) {
+      char err[128];

+      if ((ext->extID != WINDOWS_LOGIN_ID) || (ext->version != 1)) {
+         DbgTrace(0, "-AuthTokenIf_GetAuthToken- Unknown extension ID\n", 0);
+         retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, CASA_FACILITY_KRB5TOKEN, CASA_STATUS_INVALID_PARAMETER);
+         goto exit;
+      }
+
+      pluid = (LUID *)ext->ext;
+      sprintf(err, "-AuthTokenIf_GetAuthToken- Found luid %d.%d\n", pluid->LowPart, pluid->HighPart);
+      DbgTrace(1, err, 0);
+   }
   // Acquire a credential handle for the current user
   secStatus = AcquireCredentialsHandle(NULL,                  // no principal name
                                        "Kerberos",            // package name
                                        SECPKG_CRED_OUTBOUND,
-                                        NULL,                  // no logon id
+                                        pluid,
                                        NULL,                  // no auth data
                                        NULL,                  // no get key fn
                                        NULL,                  // noget key arg