7 #include <KerberosIV/krb.h>
10 /* General definitions */
18 #include "leash-int.h"
25 static char FAR *err_context;
27 char KRB_HelpFile[_MAX_PATH] = HELPFILE;
29 #define LEN 64 /* Maximum Hostname Length */
31 #define LIFE DEFAULT_TKT_LIFE /* lifetime of ticket in 5-minute units */
44 for (p = s; *p; p++) {
47 /* Add more cases here */
71 int size = sizeof(message) - 1; /* -1 to leave room for NULL terminator */
74 // XXX: ignore AFS for now.
79 n = _snprintf(p, size, "%s\n\n", error);
83 if (rc5 && !result_string)
85 n = _snprintf(p, size,
86 "Kerberos 5: %s (error %ld)\n",
96 n = _snprintf(p, size,
98 err_describe(buffer, rcL)
105 n = _snprintf(p, size,
111 #ifdef USE_MESSAGE_BOX
112 *p = 0; /* ensure NULL termination of message */
114 MessageBox(NULL, message, "MIT Kerberos",
115 MB_OK | MB_ICONERROR | MB_TASKMODAL | MB_SETFOREGROUND);
116 #endif /* USE_MESSAGE_BOX */
127 const char * postfix,
136 base_size = strlen(base) + 1;
137 ret_size = base_size + strlen(postfix) + 1;
138 copy = malloc(base_size);
139 ret = malloc(ret_size);
144 strncpy(copy, base, base_size);
145 copy[base_size - 1] = 0;
147 strncpy(ret, base, base_size);
148 strncpy(ret + (base_size - 1), postfix, ret_size - (base_size - 1));
149 ret[ret_size - 1] = 0;
159 // INVARIANT: (ret ==> copy) && (copy ==> ret)
167 const char * postfix,
171 static krb5_context ctx = 0;
172 static char * old_cache = 0;
174 // INVARIANT: old_cache ==> ctx && ctx ==> old_cache
179 if (!pkrb5_init_context || !pkrb5_free_context || !pkrb5_cc_resolve ||
180 !pkrb5_cc_default_name || !pkrb5_cc_set_default_name)
185 if (!pkrb5_cc_resolve(ctx, pkrb5_cc_default_name(ctx), &cc))
186 pkrb5_cc_destroy(ctx, cc);
187 pkrb5_cc_set_default_name(ctx, old_cache);
192 pkrb5_free_context(ctx);
198 char * tmp_cache = 0;
199 krb5_error_code rc = 0;
201 rc = pkrb5_init_context(&ctx);
202 if (rc) goto cleanup;
204 tmp_cache = make_postfix(pkrb5_cc_default_name(ctx), postfix,
212 rc = pkrb5_cc_set_default_name(ctx, tmp_cache);
216 pkrb5_free_context(ctx);
234 return Leash_int_checkpwd(principal, password, 0);
245 krb5_context ctx = 0; // statically allocated in make_temp_cache_v5
246 // XXX - we ignore errors in make_temp_cache_v? This is BAD!!!
247 make_temp_cache_v5("_checkpwd", &ctx);
248 rc = Leash_int_kinit_ex( ctx, 0,
249 principal, password, 0, 0, 0, 0,
250 Leash_get_default_noaddresses(),
251 Leash_get_default_publicip(),
254 make_temp_cache_v5(0, &ctx);
267 krb5_error_code rc = 0;
269 krb5_data result_code_string, result_string;
270 krb5_context context = 0;
271 krb5_principal princ = 0;
272 krb5_get_init_creds_opt opts;
274 DWORD addressless = 0;
276 result_string.data = 0;
277 result_code_string.data = 0;
279 if ( !pkrb5_init_context )
282 if (rc = pkrb5_init_context(&context)) {
284 com_err(argv[0], ret, "initializing kerberos library");
289 if (rc = pkrb5_parse_name(context, principal, &princ)) {
291 com_err(argv[0], ret, "parsing client name");
296 pkrb5_get_init_creds_opt_init(&opts);
297 pkrb5_get_init_creds_opt_set_tkt_life(&opts, 5*60);
298 pkrb5_get_init_creds_opt_set_renew_life(&opts, 0);
299 pkrb5_get_init_creds_opt_set_forwardable(&opts, 0);
300 pkrb5_get_init_creds_opt_set_proxiable(&opts, 0);
302 addressless = Leash_get_default_noaddresses();
304 pkrb5_get_init_creds_opt_set_address_list(&opts,NULL);
307 if (rc = pkrb5_get_init_creds_password(context, &creds, princ, password,
308 0, 0, 0, "kadmin/changepw", &opts)) {
309 if (rc == KRB5KRB_AP_ERR_BAD_INTEGRITY) {
312 "Password incorrect while getting initial ticket");
317 com_err(argv[0], ret, "getting initial ticket");
323 if (rc = pkrb5_change_password(context, &creds, newpassword,
324 &result_code, &result_code_string,
327 com_err(argv[0], ret, "changing password");
333 int len = result_code_string.length +
334 (result_string.length ? (sizeof(": ") - 1) : 0) +
335 result_string.length;
336 if (len && error_str) {
337 *error_str = malloc(len + 1);
339 _snprintf(*error_str, len + 1,
341 result_code_string.length, result_code_string.data,
342 result_string.length?": ":"",
343 result_string.length, result_string.data);
350 if (result_string.data)
351 pkrb5_free_data_contents(context, &result_string);
353 if (result_code_string.data)
354 pkrb5_free_data_contents(context, &result_code_string);
357 pkrb5_free_principal(context, princ);
360 pkrb5_free_context(context);
368 * Try to change the password using krb5.
378 return Leash_int_changepwd(principal, password, newpassword, result_string, 0);
386 char** result_string,
390 char* v5_error_str = 0;
395 rc = rc5 = Leash_changepwd_v5(principal, password, newpassword,
401 char v5_prefix[] = "Kerberos 5: ";
404 clean_string(v5_error_str);
407 len += sizeof(sep) + sizeof(v5_prefix) + strlen(v5_error_str) +
409 error_str = malloc(len + 1);
415 n = _snprintf(p, size, "%s%s%s%s",
416 sep, v5_prefix, v5_error_str, sep);
421 *result_string = error_str;
424 return leash_error_message("Error while changing password.",
425 0, rc5, 0, error_str,
430 int (*Lcom_err)(LPSTR,long,LPSTR,...);
431 LPSTR (*Lerror_message)(long);
432 LPSTR (*Lerror_table_name)(long);
442 return Leash_int_kinit_ex( 0, 0,
446 Leash_get_default_forwardable(),
447 Leash_get_default_proxiable(),
448 Leash_get_default_renew_till(),
449 Leash_get_default_noaddresses(),
450 Leash_get_default_publicip(),
464 unsigned long publicip
467 return Leash_int_kinit_ex( 0, /* krb5 context */
468 0, /* parent window */
492 unsigned long publicip,
496 char aname[ANAME_SZ];
498 char realm[REALM_SZ];
499 char first_part[256];
500 char second_part[256];
515 if (renew_life > 0 && renew_life < 5)
520 /* This should be changed if the maximum ticket lifetime */
526 err_context = "parsing principal";
528 memset(temp, '\0', sizeof(temp));
529 memset(inst, '\0', sizeof(inst));
530 memset(realm, '\0', sizeof(realm));
531 memset(first_part, '\0', sizeof(first_part));
532 memset(second_part, '\0', sizeof(second_part));
534 sscanf(principal, "%[/0-9a-zA-Z._-]@%[/0-9a-zA-Z._-]", first_part, second_part);
535 strcpy(temp, first_part);
536 strcpy(realm, second_part);
537 memset(first_part, '\0', sizeof(first_part));
538 memset(second_part, '\0', sizeof(second_part));
539 if (sscanf(temp, "%[@0-9a-zA-Z._-]/%[@0-9a-zA-Z._-]", first_part, second_part) == 2)
541 strcpy(aname, first_part);
542 strcpy(inst, second_part);
548 for (i = 0; temp[i]; i++)
565 memset(temp, '\0', sizeof(temp));
567 if (strlen(inst) != 0)
572 if (strlen(realm) != 0)
578 rc5 = Leash_krb5_kinit(ctx, hParent,
579 temp, password, lifetime,
591 for ( r=realm, t=temp; c=*r; r++,t++ )
592 *t = isupper(c) ? tolower(c) : c;
595 rcA = Leash_afs_klog("afs", temp, "", lifetime);
596 rcB = Leash_afs_klog("afs", "", "", lifetime);
603 custom_msg = (rc5 == KRB5KRB_AP_ERR_BAD_INTEGRITY) ? "Password incorrect" : NULL;
604 return leash_error_message("Ticket initialization failed.",
605 rcL, rc5, rcA, custom_msg,
612 if ( hKrb5 && !LeashKRB5_renew() ) {
614 lifetime = Leash_get_default_lifetime() / 5;
617 TicketList * list = NULL, * token;
618 not_an_API_LeashAFSGetToken(NULL,&list,NULL);
619 for ( token = list ; token ; token = token->next )
620 Leash_afs_klog("afs", token->realm, "", lifetime);
621 not_an_API_LeashFreeTicketList(&list);
630 GetSecurityLogonSessionData(PSECURITY_LOGON_SESSION_DATA * ppSessionData)
634 TOKEN_STATISTICS Stats;
637 PSECURITY_LOGON_SESSION_DATA pSessionData;
641 *ppSessionData = NULL;
643 Success = OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY, &TokenHandle );
647 Success = GetTokenInformation( TokenHandle, TokenStatistics, &Stats, sizeof(TOKEN_STATISTICS), &ReqLen );
648 CloseHandle( TokenHandle );
652 Status = pLsaGetLogonSessionData( &Stats.AuthenticationId, &pSessionData );
653 if ( FAILED(Status) || !pSessionData )
656 *ppSessionData = pSessionData;
660 // IsKerberosLogon() does not validate whether or not there are valid tickets in the
661 // cache. It validates whether or not it is reasonable to assume that if we
662 // attempted to retrieve valid tickets we could do so. Microsoft does not
663 // automatically renew expired tickets. Therefore, the cache could contain
664 // expired or invalid tickets. Microsoft also caches the user's password
665 // and will use it to retrieve new TGTs if the cache is empty and tickets
669 IsKerberosLogon(VOID)
671 PSECURITY_LOGON_SESSION_DATA pSessionData = NULL;
672 BOOL Success = FALSE;
674 if ( GetSecurityLogonSessionData(&pSessionData) ) {
675 if ( pSessionData->AuthenticationPackage.Buffer ) {
681 usBuffer = (pSessionData->AuthenticationPackage).Buffer;
682 usLength = (pSessionData->AuthenticationPackage).Length;
685 lstrcpynW (buffer, usBuffer, usLength);
686 lstrcatW (buffer,L"");
687 if ( !lstrcmpW(L"Kerberos",buffer) )
691 pLsaFreeReturnBuffer(pSessionData);
697 IsWindowsVista (void)
699 static BOOL fChecked = FALSE;
700 static BOOL fIsVista = FALSE;
704 OSVERSIONINFO Version;
706 memset (&Version, 0x00, sizeof(Version));
707 Version.dwOSVersionInfoSize = sizeof(Version);
709 if (GetVersionEx (&Version))
711 if (Version.dwPlatformId == VER_PLATFORM_WIN32_NT && Version.dwMajorVersion >= 6)
721 IsProcessUacLimited (void)
723 static BOOL fChecked = FALSE;
724 static BOOL fIsUAC = FALSE;
730 DWORD ElevationLevel;
734 if (IsWindowsVista()) {
735 Success = OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY, &TokenHandle );
737 Success = GetTokenInformation( TokenHandle,
738 TokenOrigin+1 /* ElevationLevel */,
739 &ElevationLevel, sizeof(DWORD), &ReqLen );
740 CloseHandle( TokenHandle );
741 if ( Success && ElevationLevel == 3 /* Limited */ )
751 // This looks really ugly because it is. The result of IsKerberosLogon()
752 // does not prove whether or not there are Kerberos tickets available to
753 // be imported. Only the call to Leash_ms2mit() which actually attempts
754 // to import tickets can do that. However, calling Leash_ms2mit() can
755 // result in a TGS_REQ being sent to the KDC and since Leash_importable()
756 // is called quite often we want to avoid this if at all possible.
757 // Unfortunately, we have be shown at least one case in which the primary
758 // authentication package was not Kerberos and yet there were Kerberos
759 // tickets available. Therefore, if IsKerberosLogon() is not TRUE we
760 // must call Leash_ms2mit() but we still do not want to call it in a
761 // tight loop so we cache the response and assume it won't change.
764 // And the nightmare goes on. On Vista the Lsa call we use to determine
765 // whether or not Kerberos was used for logon fails to return and worse
766 // corrupts the stack. Therefore, we must now test to see if the
767 // operating system is Vista and skip the call to IsKerberosLogon()
770 Leash_importable(void)
772 if (IsProcessUacLimited())
775 if ( !IsWindowsVista() && IsKerberosLogon() )
778 static int response = -1;
779 if (response == -1) {
780 response = Leash_ms2mit(0);
789 if ( Leash_ms2mit(1) ) {
791 lifetime = Leash_get_default_lifetime() / 5;
803 krb5_context ctx = 0;
804 krb5_error_code code = 0;
806 krb5_principal me = 0;
808 if ( !pkrb5_init_context )
811 code = pkrb5_init_context(&ctx);
812 if (code) goto cleanup;
814 code = pkrb5_cc_default(ctx, &cc);
815 if (code) goto cleanup;
817 if (code = pkrb5_cc_get_principal(ctx, cc, &me))
820 for ( r=realm, t=cell, i=0; i<krb5_princ_realm(ctx, me)->length; r++,t++,i++ ) {
821 c = krb5_princ_realm(ctx, me)->data[i];
823 *t = isupper(c) ? tolower(c) : c;
827 rcA = Leash_afs_klog("afs", cell, "", lifetime);
828 rcB = Leash_afs_klog("afs", "", "", lifetime);
836 pkrb5_free_principal(ctx, me);
838 pkrb5_cc_close(ctx, cc);
840 pkrb5_free_context(ctx);
852 Leash_krb5_kdestroy();
858 not_an_API_LeashFreeTicketList(TicketList** ticketList)
860 TicketList* tempList = *ticketList, *killList;
862 //if (tempList == NULL)
869 tempList = (TicketList*)tempList->next;
870 free(killList->service);
871 if (killList->encTypes)
872 free(killList->encTypes);
881 not_an_API_LeashKRB4GetTickets(TICKETINFO FAR* ticketinfo,
882 TicketList** ticketList)
887 long FAR Leash_klist(HWND hlist, TICKETINFO FAR *ticketinfo)
893 // This function can be used to set the help file that will be
894 // referenced the DLL's PasswordProcDLL function and err_describe
895 // function. Returns true if the help file has been set to the
896 // argument or the environment variable KERB_HELP. Returns FALSE if
897 // the default helpfile as defined in by HELPFILE in lsh_pwd.h is
899 BOOL Leash_set_help_file( char *szHelpFile )
901 char tmpHelpFile[256];
904 if( szHelpFile == NULL ){
905 GetEnvironmentVariable("KERB_HELP", tmpHelpFile, sizeof(tmpHelpFile));
907 strcpy( KRB_HelpFile, szHelpFile );
911 if( !ret && tmpHelpFile[0] ){
912 strcpy( KRB_HelpFile, tmpHelpFile );
917 strcpy( KRB_HelpFile, HELPFILE );
925 LPSTR Leash_get_help_file(void)
927 return( KRB_HelpFile);
943 get_profile_file(LPSTR confname, UINT szConfname)
945 char **configFile = NULL;
947 if (pkrb5_get_default_config_files(&configFile) || !configFile[0])
949 GetWindowsDirectory(confname,szConfname);
950 confname[szConfname-1] = '\0';
951 strncat(confname,"\\KRB5.INI",szConfname-strlen(confname));
952 confname[szConfname-1] = '\0';
960 strncpy(confname, *configFile, szConfname);
961 confname[szConfname-1] = '\0';
962 pkrb5_free_config_files(configFile);
968 GetWindowsDirectory(confname,szConfname);
969 confname[szConfname-1] = '\0';
970 strncat(confname,"\\KRB5.INI",szConfname-strlen(confname));
971 confname[szConfname-1] = '\0';
977 static const char *const conf_yes[] = {
978 "y", "yes", "true", "t", "1", "on",
982 static const char *const conf_no[] = {
983 "n", "no", "false", "nil", "0", "off",
988 config_boolean_to_int(const char *s)
990 const char *const *p;
992 for(p=conf_yes; *p; p++) {
993 if (!strcasecmp(*p,s))
997 for(p=conf_no; *p; p++) {
998 if (!strcasecmp(*p,s))
1002 /* Default to "no" */
1007 * Leash_get_default_lifetime:
1009 * This function is used to get the default ticket lifetime for this
1010 * process in minutes. A return value of 0 indicates no setting or
1011 * "default" setting obtained.
1013 * Here is where we look in order:
1015 * - LIFETIME environment variable
1016 * - HKCU\Software\MIT\Leash,lifetime
1017 * - HKLM\Software\MIT\Leash,lifetime
1018 * - string resource in the leash DLL
1022 get_DWORD_from_registry(
1033 rc = RegOpenKeyEx(hBaseKey, key, 0, KEY_QUERY_VALUE, &hKey);
1037 dwCount = sizeof(DWORD);
1038 rc = RegQueryValueEx(hKey, value, 0, 0, (LPBYTE) result, &dwCount);
1041 return rc?FALSE:TRUE;
1045 get_STRING_from_registry(
1057 if (!outbuf || outlen == 0)
1060 rc = RegOpenKeyEx(hBaseKey, key, 0, KEY_QUERY_VALUE, &hKey);
1065 rc = RegQueryValueEx(hKey, value, 0, 0, (LPBYTE) outbuf, &dwCount);
1068 return rc?FALSE:TRUE;
1073 get_default_lifetime_from_registry(
1078 return get_DWORD_from_registry(hBaseKey,
1079 LEASH_REGISTRY_KEY_NAME,
1080 LEASH_REGISTRY_VALUE_LIFETIME,
1085 Leash_reset_default_lifetime(
1091 rc = RegOpenKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0, KEY_WRITE, &hKey);
1095 rc = RegDeleteValue(hKey, LEASH_REGISTRY_VALUE_LIFETIME);
1102 Leash_set_default_lifetime(
1109 rc = RegCreateKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0,
1110 0, 0, KEY_WRITE, 0, &hKey, 0);
1114 rc = RegSetValueEx(hKey, LEASH_REGISTRY_VALUE_LIFETIME, 0, REG_DWORD,
1115 (LPBYTE) &minutes, sizeof(DWORD));
1122 Leash_get_default_lifetime(
1130 if (GetEnvironmentVariable("LIFETIME",env,sizeof(env)))
1136 if (get_default_lifetime_from_registry(HKEY_CURRENT_USER, &result) ||
1137 get_default_lifetime_from_registry(HKEY_LOCAL_MACHINE, &result))
1143 CHAR confname[MAX_PATH];
1145 if (!get_profile_file(confname, sizeof(confname)))
1148 const char *filenames[2];
1151 filenames[0] = confname;
1152 filenames[1] = NULL;
1153 if (!pprofile_init(filenames, &profile)) {
1154 char * value = NULL;
1156 retval = pprofile_get_string(profile, "libdefaults", "ticket_lifetime", NULL, NULL, &value);
1157 if (retval == 0 && value) {
1160 retval = pkrb5_string_to_deltat(value, &d);
1162 if (retval == KRB5_DELTAT_BADFORMAT) {
1163 /* Historically some sites use relations of
1164 the form 'ticket_lifetime = 24000' where
1165 the unit is left out but is assumed to be
1166 seconds. Then there are other sites which
1167 use the form 'ticket_lifetime = 600' where
1168 the unit is assumed to be minutes. While
1169 these are technically wrong (a unit needs
1170 to be specified), we try to accomodate for
1171 this using the safe assumption that the
1172 unit is seconds and tack an 's' to the end
1173 and see if that works. */
1175 /* Of course, Leash is one of the platforms
1176 that historically assumed no units and minutes
1177 so this change is going to break some people
1178 but its better to be consistent. */
1183 cch = strlen(value) + 2; /* NUL and new 's' */
1184 if (cch > sizeof(buf))
1190 retval = pkrb5_string_to_deltat(buf, &d);
1196 } else if (retval == 0) {
1200 pprofile_release_string(value);
1202 pprofile_release(profile);
1203 /* value has been released but we can still use a check for
1204 * non-NULL to see if we were able to read a value.
1206 if (retval == 0 && value)
1212 hmLeash = GetModuleHandle(LEASH_DLL);
1216 if (LoadString(hmLeash, LSH_DEFAULT_TICKET_LIFE,
1217 lifetime, sizeof(lifetime)))
1219 lifetime[sizeof(lifetime) - 1] = 0;
1220 return atoi(lifetime);
1228 get_default_renew_till_from_registry(
1233 return get_DWORD_from_registry(hBaseKey,
1234 LEASH_REGISTRY_KEY_NAME,
1235 LEASH_REGISTRY_VALUE_RENEW_TILL,
1240 Leash_reset_default_renew_till(
1246 rc = RegOpenKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0, KEY_WRITE, &hKey);
1250 rc = RegDeleteValue(hKey, LEASH_REGISTRY_VALUE_RENEW_TILL);
1257 Leash_set_default_renew_till(
1264 rc = RegCreateKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0,
1265 0, 0, KEY_WRITE, 0, &hKey, 0);
1269 rc = RegSetValueEx(hKey, LEASH_REGISTRY_VALUE_RENEW_TILL, 0, REG_DWORD,
1270 (LPBYTE) &minutes, sizeof(DWORD));
1277 Leash_get_default_renew_till(
1284 if(GetEnvironmentVariable("RENEW_TILL",env,sizeof(env)))
1289 if (get_default_renew_till_from_registry(HKEY_CURRENT_USER, &result) ||
1290 get_default_renew_till_from_registry(HKEY_LOCAL_MACHINE, &result))
1296 CHAR confname[MAX_PATH];
1297 if (!get_profile_file(confname, sizeof(confname)))
1300 const char *filenames[2];
1303 filenames[0] = confname;
1304 filenames[1] = NULL;
1306 if (!pprofile_init(filenames, &profile)) {
1307 char * value = NULL;
1309 retval = pprofile_get_string(profile, "libdefaults", "renew_lifetime", NULL, NULL, &value);
1310 if (retval == 0 && value) {
1313 retval = pkrb5_string_to_deltat(value, &d);
1314 if (retval == KRB5_DELTAT_BADFORMAT) {
1315 /* Historically some sites use relations of
1316 the form 'ticket_lifetime = 24000' where
1317 the unit is left out but is assumed to be
1318 seconds. Then there are other sites which
1319 use the form 'ticket_lifetime = 600' where
1320 the unit is assumed to be minutes. While
1321 these are technically wrong (a unit needs
1322 to be specified), we try to accomodate for
1323 this using the safe assumption that the
1324 unit is seconds and tack an 's' to the end
1325 and see if that works. */
1327 /* Of course, Leash is one of the platforms
1328 that historically assumed no units and minutes
1329 so this change is going to break some people
1330 but its better to be consistent. */
1334 cch = strlen(value) + 2; /* NUL and new 's' */
1335 if (cch > sizeof(buf))
1341 retval = pkrb5_string_to_deltat(buf, &d);
1346 } else if (retval == 0) {
1349 pprofile_release_string(value);
1351 pprofile_release(profile);
1352 /* value has been released but we can still use a check for
1353 * non-NULL to see if we were able to read a value.
1355 if (retval == 0 && value)
1358 pprofile_release(profile);
1363 hmLeash = GetModuleHandle(LEASH_DLL);
1366 char renew_till[80];
1367 if (LoadString(hmLeash, LSH_DEFAULT_TICKET_RENEW_TILL,
1368 renew_till, sizeof(renew_till)))
1370 renew_till[sizeof(renew_till) - 1] = 0;
1371 return atoi(renew_till);
1379 get_default_forwardable_from_registry(
1384 return get_DWORD_from_registry(hBaseKey,
1385 LEASH_REGISTRY_KEY_NAME,
1386 LEASH_REGISTRY_VALUE_FORWARDABLE,
1391 Leash_reset_default_forwardable(
1397 rc = RegOpenKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0, KEY_WRITE, &hKey);
1401 rc = RegDeleteValue(hKey, LEASH_REGISTRY_VALUE_FORWARDABLE);
1408 Leash_set_default_forwardable(
1415 rc = RegCreateKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0,
1416 0, 0, KEY_WRITE, 0, &hKey, 0);
1420 rc = RegSetValueEx(hKey, LEASH_REGISTRY_VALUE_FORWARDABLE, 0, REG_DWORD,
1421 (LPBYTE) &minutes, sizeof(DWORD));
1428 Leash_get_default_forwardable(
1436 if(GetEnvironmentVariable("FORWARDABLE",env,sizeof(env)))
1441 if (get_default_forwardable_from_registry(HKEY_CURRENT_USER, &result) ||
1442 get_default_forwardable_from_registry(HKEY_LOCAL_MACHINE, &result))
1448 CHAR confname[MAX_PATH];
1449 if (!get_profile_file(confname, sizeof(confname)))
1452 const char *filenames[2];
1455 filenames[0] = confname;
1456 filenames[1] = NULL;
1457 if (!pprofile_init(filenames, &profile)) {
1458 retval = pprofile_get_string(profile, "libdefaults","forwardable", 0, 0, &value);
1460 result = config_boolean_to_int(value);
1461 pprofile_release_string(value);
1462 pprofile_release(profile);
1465 pprofile_release(profile);
1470 hmLeash = GetModuleHandle(LEASH_DLL);
1473 char forwardable[80];
1474 if (LoadString(hmLeash, LSH_DEFAULT_TICKET_FORWARD,
1475 forwardable, sizeof(forwardable)))
1477 forwardable[sizeof(forwardable) - 1] = 0;
1478 return atoi(forwardable);
1486 get_default_renewable_from_registry(
1491 return get_DWORD_from_registry(hBaseKey,
1492 LEASH_REGISTRY_KEY_NAME,
1493 LEASH_REGISTRY_VALUE_RENEWABLE,
1498 Leash_reset_default_renewable(
1504 rc = RegOpenKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0, KEY_WRITE, &hKey);
1508 rc = RegDeleteValue(hKey, LEASH_REGISTRY_VALUE_RENEWABLE);
1515 Leash_set_default_renewable(
1522 rc = RegCreateKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0,
1523 0, 0, KEY_WRITE, 0, &hKey, 0);
1527 rc = RegSetValueEx(hKey, LEASH_REGISTRY_VALUE_RENEWABLE, 0, REG_DWORD,
1528 (LPBYTE) &minutes, sizeof(DWORD));
1535 Leash_get_default_renewable(
1542 if(GetEnvironmentVariable("RENEWABLE",env,sizeof(env)))
1547 if (get_default_renewable_from_registry(HKEY_CURRENT_USER, &result) ||
1548 get_default_renewable_from_registry(HKEY_LOCAL_MACHINE, &result))
1554 CHAR confname[MAX_PATH];
1555 if (!get_profile_file(confname, sizeof(confname)))
1558 const char *filenames[2];
1561 filenames[0] = confname;
1562 filenames[1] = NULL;
1563 if (!pprofile_init(filenames, &profile)) {
1564 retval = pprofile_get_string(profile, "libdefaults","renewable", 0, 0, &value);
1566 result = config_boolean_to_int(value);
1567 pprofile_release_string(value);
1568 pprofile_release(profile);
1571 pprofile_release(profile);
1576 hmLeash = GetModuleHandle(LEASH_DLL);
1580 if (LoadString(hmLeash, LSH_DEFAULT_TICKET_RENEW,
1581 renewable, sizeof(renewable)))
1583 renewable[sizeof(renewable) - 1] = 0;
1584 return atoi(renewable);
1592 get_default_noaddresses_from_registry(
1597 return get_DWORD_from_registry(hBaseKey,
1598 LEASH_REGISTRY_KEY_NAME,
1599 LEASH_REGISTRY_VALUE_NOADDRESSES,
1604 Leash_reset_default_noaddresses(
1610 rc = RegOpenKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0, KEY_WRITE, &hKey);
1614 rc = RegDeleteValue(hKey, LEASH_REGISTRY_VALUE_NOADDRESSES);
1621 Leash_set_default_noaddresses(
1628 rc = RegCreateKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0,
1629 0, 0, KEY_WRITE, 0, &hKey, 0);
1633 rc = RegSetValueEx(hKey, LEASH_REGISTRY_VALUE_NOADDRESSES, 0, REG_DWORD,
1634 (LPBYTE) &minutes, sizeof(DWORD));
1641 Leash_get_default_noaddresses(
1649 // if the profile file cannot be opened then the value will be true
1650 // if the noaddresses name cannot be found then the value will be true
1651 // if true in the library, we can't alter it by other means
1652 CHAR confname[MAX_PATH];
1654 if (!get_profile_file(confname, sizeof(confname)))
1657 const char *filenames[2];
1660 filenames[0] = confname;
1661 filenames[1] = NULL;
1662 if (!pprofile_init(filenames, &profile)) {
1663 retval = pprofile_get_string(profile, "libdefaults","noaddresses", 0, "true", &value);
1665 result = config_boolean_to_int(value);
1666 pprofile_release_string(value);
1668 pprofile_release(profile);
1676 // The library default is false, check other locations
1678 if(GetEnvironmentVariable("NOADDRESSES",env,sizeof(env)))
1683 if (get_default_noaddresses_from_registry(HKEY_CURRENT_USER, &result) ||
1684 get_default_noaddresses_from_registry(HKEY_LOCAL_MACHINE, &result))
1689 hmLeash = GetModuleHandle(LEASH_DLL);
1692 char noaddresses[80];
1693 if (LoadString(hmLeash, LSH_DEFAULT_TICKET_NOADDRESS,
1694 noaddresses, sizeof(noaddresses)))
1696 noaddresses[sizeof(noaddresses) - 1] = 0;
1704 get_default_proxiable_from_registry(
1709 return get_DWORD_from_registry(hBaseKey,
1710 LEASH_REGISTRY_KEY_NAME,
1711 LEASH_REGISTRY_VALUE_PROXIABLE,
1716 Leash_reset_default_proxiable(
1722 rc = RegOpenKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0, KEY_WRITE, &hKey);
1726 rc = RegDeleteValue(hKey, LEASH_REGISTRY_VALUE_PROXIABLE);
1733 Leash_set_default_proxiable(
1740 rc = RegCreateKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0,
1741 0, 0, KEY_WRITE, 0, &hKey, 0);
1745 rc = RegSetValueEx(hKey, LEASH_REGISTRY_VALUE_PROXIABLE, 0, REG_DWORD,
1746 (LPBYTE) &minutes, sizeof(DWORD));
1753 Leash_get_default_proxiable(
1760 if(GetEnvironmentVariable("PROXIABLE",env,sizeof(env)))
1765 if (get_default_proxiable_from_registry(HKEY_CURRENT_USER, &result) ||
1766 get_default_proxiable_from_registry(HKEY_LOCAL_MACHINE, &result))
1772 CHAR confname[MAX_PATH];
1773 if (!get_profile_file(confname, sizeof(confname)))
1776 const char *filenames[2];
1779 filenames[0] = confname;
1780 filenames[1] = NULL;
1781 if (!pprofile_init(filenames, &profile)) {
1782 retval = pprofile_get_string(profile, "libdefaults","proxiable", 0, 0, &value);
1784 result = config_boolean_to_int(value);
1785 pprofile_release_string(value);
1786 pprofile_release(profile);
1789 pprofile_release(profile);
1794 hmLeash = GetModuleHandle(LEASH_DLL);
1798 if (LoadString(hmLeash, LSH_DEFAULT_TICKET_PROXIABLE,
1799 proxiable, sizeof(proxiable)))
1801 proxiable[sizeof(proxiable) - 1] = 0;
1802 return atoi(proxiable);
1810 get_default_publicip_from_registry(
1815 return get_DWORD_from_registry(hBaseKey,
1816 LEASH_REGISTRY_KEY_NAME,
1817 LEASH_REGISTRY_VALUE_PUBLICIP,
1822 Leash_reset_default_publicip(
1828 rc = RegOpenKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0, KEY_WRITE, &hKey);
1832 rc = RegDeleteValue(hKey, LEASH_REGISTRY_VALUE_PUBLICIP);
1839 Leash_set_default_publicip(
1846 rc = RegCreateKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0,
1847 0, 0, KEY_WRITE, 0, &hKey, 0);
1851 rc = RegSetValueEx(hKey, LEASH_REGISTRY_VALUE_PUBLICIP, 0, REG_DWORD,
1852 (LPBYTE) &minutes, sizeof(DWORD));
1859 Leash_get_default_publicip(
1866 if(GetEnvironmentVariable("PUBLICIP",env,sizeof(env)))
1871 if (get_default_publicip_from_registry(HKEY_CURRENT_USER, &result) ||
1872 get_default_publicip_from_registry(HKEY_LOCAL_MACHINE, &result))
1877 hmLeash = GetModuleHandle(LEASH_DLL);
1881 if (LoadString(hmLeash, LSH_DEFAULT_TICKET_PUBLICIP,
1882 publicip, sizeof(publicip)))
1884 publicip[sizeof(publicip) - 1] = 0;
1885 return atoi(publicip);
1893 get_default_use_krb4_from_registry(
1898 return get_DWORD_from_registry(hBaseKey,
1899 LEASH_REGISTRY_KEY_NAME,
1900 LEASH_REGISTRY_VALUE_USEKRB4,
1905 Leash_reset_default_use_krb4(
1911 rc = RegOpenKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0, KEY_WRITE, &hKey);
1915 rc = RegDeleteValue(hKey, LEASH_REGISTRY_VALUE_USEKRB4);
1922 Leash_set_default_use_krb4(
1929 rc = RegCreateKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0,
1930 0, 0, KEY_WRITE, 0, &hKey, 0);
1934 rc = RegSetValueEx(hKey, LEASH_REGISTRY_VALUE_USEKRB4, 0, REG_DWORD,
1935 (LPBYTE) &minutes, sizeof(DWORD));
1942 Leash_get_default_use_krb4(
1945 return 0; /* don't use krb4 */
1950 get_hide_kinit_options_from_registry(
1955 return get_DWORD_from_registry(hBaseKey,
1956 LEASH_REGISTRY_KEY_NAME,
1957 LEASH_REGISTRY_VALUE_KINIT_OPT,
1962 Leash_reset_hide_kinit_options(
1968 rc = RegOpenKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0, KEY_WRITE, &hKey);
1972 rc = RegDeleteValue(hKey, LEASH_REGISTRY_VALUE_KINIT_OPT);
1979 Leash_set_hide_kinit_options(
1986 rc = RegCreateKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0,
1987 0, 0, KEY_WRITE, 0, &hKey, 0);
1991 rc = RegSetValueEx(hKey, LEASH_REGISTRY_VALUE_KINIT_OPT, 0, REG_DWORD,
1992 (LPBYTE) &minutes, sizeof(DWORD));
1999 Leash_get_hide_kinit_options(
2005 if (get_hide_kinit_options_from_registry(HKEY_CURRENT_USER, &result) ||
2006 get_hide_kinit_options_from_registry(HKEY_LOCAL_MACHINE, &result))
2011 hmLeash = GetModuleHandle(LEASH_DLL);
2015 if (LoadString(hmLeash, LSH_DEFAULT_DIALOG_KINIT_OPT,
2016 use_krb4, sizeof(use_krb4)))
2018 use_krb4[sizeof(use_krb4) - 1] = 0;
2019 return atoi(use_krb4);
2022 return 0; /* hide unless otherwise indicated */
2029 get_default_life_min_from_registry(
2034 return get_DWORD_from_registry(hBaseKey,
2035 LEASH_REGISTRY_KEY_NAME,
2036 LEASH_REGISTRY_VALUE_LIFE_MIN,
2041 Leash_reset_default_life_min(
2047 rc = RegOpenKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0, KEY_WRITE, &hKey);
2051 rc = RegDeleteValue(hKey, LEASH_REGISTRY_VALUE_LIFE_MIN);
2058 Leash_set_default_life_min(
2065 rc = RegCreateKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0,
2066 0, 0, KEY_WRITE, 0, &hKey, 0);
2070 rc = RegSetValueEx(hKey, LEASH_REGISTRY_VALUE_LIFE_MIN, 0, REG_DWORD,
2071 (LPBYTE) &minutes, sizeof(DWORD));
2078 Leash_get_default_life_min(
2084 if (get_default_life_min_from_registry(HKEY_CURRENT_USER, &result) ||
2085 get_default_life_min_from_registry(HKEY_LOCAL_MACHINE, &result))
2090 hmLeash = GetModuleHandle(LEASH_DLL);
2094 if (LoadString(hmLeash, LSH_DEFAULT_DIALOG_LIFE_MIN,
2095 use_krb4, sizeof(use_krb4)))
2097 use_krb4[sizeof(use_krb4) - 1] = 0;
2098 return atoi(use_krb4);
2101 return 5; /* 5 minutes */
2106 get_default_life_max_from_registry(
2111 return get_DWORD_from_registry(hBaseKey,
2112 LEASH_REGISTRY_KEY_NAME,
2113 LEASH_REGISTRY_VALUE_LIFE_MAX,
2118 Leash_reset_default_life_max(
2124 rc = RegOpenKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0, KEY_WRITE, &hKey);
2128 rc = RegDeleteValue(hKey, LEASH_REGISTRY_VALUE_LIFE_MAX);
2135 Leash_set_default_life_max(
2142 rc = RegCreateKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0,
2143 0, 0, KEY_WRITE, 0, &hKey, 0);
2147 rc = RegSetValueEx(hKey, LEASH_REGISTRY_VALUE_LIFE_MAX, 0, REG_DWORD,
2148 (LPBYTE) &minutes, sizeof(DWORD));
2155 Leash_get_default_life_max(
2161 if (get_default_life_max_from_registry(HKEY_CURRENT_USER, &result) ||
2162 get_default_life_max_from_registry(HKEY_LOCAL_MACHINE, &result))
2167 hmLeash = GetModuleHandle(LEASH_DLL);
2171 if (LoadString(hmLeash, LSH_DEFAULT_DIALOG_LIFE_MAX,
2172 use_krb4, sizeof(use_krb4)))
2174 use_krb4[sizeof(use_krb4) - 1] = 0;
2175 return atoi(use_krb4);
2183 get_default_renew_min_from_registry(
2188 return get_DWORD_from_registry(hBaseKey,
2189 LEASH_REGISTRY_KEY_NAME,
2190 LEASH_REGISTRY_VALUE_RENEW_MIN,
2195 Leash_reset_default_renew_min(
2201 rc = RegOpenKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0, KEY_WRITE, &hKey);
2205 rc = RegDeleteValue(hKey, LEASH_REGISTRY_VALUE_RENEW_MIN);
2212 Leash_set_default_renew_min(
2219 rc = RegCreateKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0,
2220 0, 0, KEY_WRITE, 0, &hKey, 0);
2224 rc = RegSetValueEx(hKey, LEASH_REGISTRY_VALUE_RENEW_MIN, 0, REG_DWORD,
2225 (LPBYTE) &minutes, sizeof(DWORD));
2232 Leash_get_default_renew_min(
2238 if (get_default_renew_min_from_registry(HKEY_CURRENT_USER, &result) ||
2239 get_default_renew_min_from_registry(HKEY_LOCAL_MACHINE, &result))
2244 hmLeash = GetModuleHandle(LEASH_DLL);
2248 if (LoadString(hmLeash, LSH_DEFAULT_DIALOG_RENEW_MIN,
2249 use_krb4, sizeof(use_krb4)))
2251 use_krb4[sizeof(use_krb4) - 1] = 0;
2252 return atoi(use_krb4);
2255 return 600; /* 10 hours */
2260 get_default_renew_max_from_registry(
2265 return get_DWORD_from_registry(hBaseKey,
2266 LEASH_REGISTRY_KEY_NAME,
2267 LEASH_REGISTRY_VALUE_RENEW_MAX,
2272 Leash_reset_default_renew_max(
2278 rc = RegOpenKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0, KEY_WRITE, &hKey);
2282 rc = RegDeleteValue(hKey, LEASH_REGISTRY_VALUE_RENEW_MAX);
2289 Leash_set_default_renew_max(
2296 rc = RegCreateKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0,
2297 0, 0, KEY_WRITE, 0, &hKey, 0);
2301 rc = RegSetValueEx(hKey, LEASH_REGISTRY_VALUE_RENEW_MAX, 0, REG_DWORD,
2302 (LPBYTE) &minutes, sizeof(DWORD));
2309 Leash_get_default_renew_max(
2315 if (get_default_renew_max_from_registry(HKEY_CURRENT_USER, &result) ||
2316 get_default_renew_max_from_registry(HKEY_LOCAL_MACHINE, &result))
2321 hmLeash = GetModuleHandle(LEASH_DLL);
2325 if (LoadString(hmLeash, LSH_DEFAULT_DIALOG_RENEW_MAX,
2326 use_krb4, sizeof(use_krb4)))
2328 use_krb4[sizeof(use_krb4) - 1] = 0;
2329 return atoi(use_krb4);
2332 return 60 * 24 * 30;
2337 get_lock_file_locations_from_registry(
2342 return get_DWORD_from_registry(hBaseKey,
2343 LEASH_REGISTRY_KEY_NAME,
2344 LEASH_REGISTRY_VALUE_LOCK_LOCATION,
2349 Leash_reset_lock_file_locations(
2355 rc = RegOpenKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0, KEY_WRITE, &hKey);
2359 rc = RegDeleteValue(hKey, LEASH_REGISTRY_VALUE_LOCK_LOCATION);
2366 Leash_set_lock_file_locations(
2373 rc = RegCreateKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0,
2374 0, 0, KEY_WRITE, 0, &hKey, 0);
2378 rc = RegSetValueEx(hKey, LEASH_REGISTRY_VALUE_LOCK_LOCATION, 0, REG_DWORD,
2379 (LPBYTE) &onoff, sizeof(DWORD));
2386 Leash_get_lock_file_locations(
2392 if (get_lock_file_locations_from_registry(HKEY_CURRENT_USER, &result) ||
2393 get_lock_file_locations_from_registry(HKEY_LOCAL_MACHINE, &result))
2398 hmLeash = GetModuleHandle(LEASH_DLL);
2401 char lock_file_locations[80];
2402 if (LoadString(hmLeash, LSH_DEFAULT_DIALOG_LOCK_LOCATION,
2403 lock_file_locations, sizeof(lock_file_locations)))
2405 lock_file_locations[sizeof(lock_file_locations) - 1] = 0;
2406 return atoi(lock_file_locations);
2414 get_default_uppercaserealm_from_registry(
2419 return get_DWORD_from_registry(hBaseKey,
2420 LEASH_SETTINGS_REGISTRY_KEY_NAME,
2421 LEASH_SETTINGS_REGISTRY_VALUE_UPPERCASEREALM,
2426 Leash_reset_default_uppercaserealm(
2432 rc = RegOpenKeyEx(HKEY_CURRENT_USER, LEASH_SETTINGS_REGISTRY_KEY_NAME, 0, KEY_WRITE, &hKey);
2436 rc = RegDeleteValue(hKey, LEASH_SETTINGS_REGISTRY_VALUE_UPPERCASEREALM);
2443 Leash_set_default_uppercaserealm(
2450 rc = RegCreateKeyEx(HKEY_CURRENT_USER, LEASH_SETTINGS_REGISTRY_KEY_NAME, 0,
2451 0, 0, KEY_WRITE, 0, &hKey, 0);
2455 rc = RegSetValueEx(hKey, LEASH_SETTINGS_REGISTRY_VALUE_UPPERCASEREALM, 0, REG_DWORD,
2456 (LPBYTE) &onoff, sizeof(DWORD));
2463 Leash_get_default_uppercaserealm(
2469 if (get_default_uppercaserealm_from_registry(HKEY_CURRENT_USER, &result) ||
2470 get_default_uppercaserealm_from_registry(HKEY_LOCAL_MACHINE, &result))
2475 hmLeash = GetModuleHandle(LEASH_DLL);
2478 char uppercaserealm[80];
2479 if (LoadString(hmLeash, LSH_DEFAULT_UPPERCASEREALM,
2480 uppercaserealm, sizeof(uppercaserealm)))
2482 uppercaserealm[sizeof(uppercaserealm) - 1] = 0;
2483 return atoi(uppercaserealm);
2491 get_default_mslsa_import_from_registry(
2496 return get_DWORD_from_registry(hBaseKey,
2497 LEASH_SETTINGS_REGISTRY_KEY_NAME,
2498 LEASH_SETTINGS_REGISTRY_VALUE_MSLSA_IMPORT,
2503 Leash_reset_default_mslsa_import(
2509 rc = RegOpenKeyEx(HKEY_CURRENT_USER, LEASH_SETTINGS_REGISTRY_KEY_NAME, 0, KEY_WRITE, &hKey);
2513 rc = RegDeleteValue(hKey, LEASH_SETTINGS_REGISTRY_VALUE_MSLSA_IMPORT);
2520 Leash_set_default_mslsa_import(
2527 rc = RegCreateKeyEx(HKEY_CURRENT_USER, LEASH_SETTINGS_REGISTRY_KEY_NAME, 0,
2528 0, 0, KEY_WRITE, 0, &hKey, 0);
2532 rc = RegSetValueEx(hKey, LEASH_SETTINGS_REGISTRY_VALUE_MSLSA_IMPORT, 0, REG_DWORD,
2533 (LPBYTE) &onoffmatch, sizeof(DWORD));
2540 Leash_get_default_mslsa_import(
2546 if (get_default_mslsa_import_from_registry(HKEY_CURRENT_USER, &result) ||
2547 get_default_mslsa_import_from_registry(HKEY_LOCAL_MACHINE, &result))
2552 hmLeash = GetModuleHandle(LEASH_DLL);
2555 char mslsa_import[80];
2556 if (LoadString(hmLeash, LSH_DEFAULT_MSLSA_IMPORT,
2557 mslsa_import, sizeof(mslsa_import)))
2559 mslsa_import[sizeof(mslsa_import) - 1] = 0;
2560 return atoi(mslsa_import);
2563 return 2; /* import only when mslsa realm matches default */
2569 get_default_preserve_kinit_settings_from_registry(
2574 return get_DWORD_from_registry(hBaseKey,
2575 LEASH_REGISTRY_KEY_NAME,
2576 LEASH_REGISTRY_VALUE_PRESERVE_KINIT,
2581 Leash_reset_default_preserve_kinit_settings(
2587 rc = RegOpenKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0, KEY_WRITE, &hKey);
2591 rc = RegDeleteValue(hKey, LEASH_REGISTRY_VALUE_PRESERVE_KINIT);
2598 Leash_set_default_preserve_kinit_settings(
2605 rc = RegCreateKeyEx(HKEY_CURRENT_USER, LEASH_REGISTRY_KEY_NAME, 0,
2606 0, 0, KEY_WRITE, 0, &hKey, 0);
2610 rc = RegSetValueEx(hKey, LEASH_REGISTRY_VALUE_PRESERVE_KINIT, 0, REG_DWORD,
2611 (LPBYTE) &onoff, sizeof(DWORD));
2618 Leash_get_default_preserve_kinit_settings(
2624 if (get_default_preserve_kinit_settings_from_registry(HKEY_CURRENT_USER, &result) ||
2625 get_default_preserve_kinit_settings_from_registry(HKEY_LOCAL_MACHINE, &result))
2630 hmLeash = GetModuleHandle(LEASH_DLL);
2633 char preserve_kinit_settings[80];
2634 if (LoadString(hmLeash, LSH_DEFAULT_PRESERVE_KINIT,
2635 preserve_kinit_settings, sizeof(preserve_kinit_settings)))
2637 preserve_kinit_settings[sizeof(preserve_kinit_settings) - 1] = 0;
2638 return atoi(preserve_kinit_settings);
2645 Leash_reset_defaults(void)
2647 Leash_reset_default_lifetime();
2648 Leash_reset_default_renew_till();
2649 Leash_reset_default_renewable();
2650 Leash_reset_default_forwardable();
2651 Leash_reset_default_noaddresses();
2652 Leash_reset_default_proxiable();
2653 Leash_reset_default_publicip();
2654 Leash_reset_default_use_krb4();
2655 Leash_reset_hide_kinit_options();
2656 Leash_reset_default_life_min();
2657 Leash_reset_default_life_max();
2658 Leash_reset_default_renew_min();
2659 Leash_reset_default_renew_max();
2660 Leash_reset_default_uppercaserealm();
2661 Leash_reset_default_mslsa_import();
2662 Leash_reset_default_preserve_kinit_settings();
2666 acquire_tkt_send_msg_leash(const char *title,
2667 const char *ccachename,
2671 DWORD leashProcessId = 0;
2672 DWORD bufsize = 4096;
2674 HANDLE hLeashProcess = NULL;
2675 HANDLE hMapFile = NULL;
2676 HANDLE hTarget = NULL;
2677 HWND hLeashWnd = FindWindow("LEASH.0WNDCLASS", NULL);
2684 GetWindowThreadProcessId(hLeashWnd, &leashProcessId);
2685 hLeashProcess = OpenProcess(PROCESS_DUP_HANDLE,
2689 // can't get process handle; use GetLastError() for more info
2692 hMapFile = CreateFileMapping(INVALID_HANDLE_VALUE, // use paging file
2693 NULL, // default security
2694 PAGE_READWRITE, // read/write access
2695 0, // max size (high 32)
2696 bufsize, // max size (low 32)
2699 // GetLastError() for more info
2700 CloseHandle(hLeashProcess);
2704 SetForegroundWindow(hLeashWnd);
2706 view = MapViewOfFile(hMapFile,
2707 FILE_MAP_ALL_ACCESS,
2712 /* construct a marshalling of data
2713 * <title><principal><realm><ccache>
2714 * then send to Leash
2716 strs = (char *)view;
2717 // first reserve space for three more NULLs (4 strings total)
2721 strcpy_s(strs, bufsize, title);
2722 else if (name != NULL && realm != NULL)
2723 sprintf_s(strs, bufsize,
2724 "MIT Kerberos: Get Ticket for %s@%s", name, realm);
2726 strcpy_s(strs, bufsize, "MIT Kerberos: Get Ticket");
2727 step = strlen(strs);
2732 strcpy_s(strs, bufsize, name);
2733 step = strlen(strs);
2736 if (realm != NULL) {
2737 strcpy_s(strs, bufsize, realm);
2738 step = strlen(strs);
2752 /* Append the ccache name */
2753 if (ccachename != NULL)
2754 strcpy_s(strs, bufsize, ccachename);
2758 UnmapViewOfFile(view);
2760 // Duplicate the file mapping handle to one leash can use
2761 if (DuplicateHandle(GetCurrentProcess(),
2767 DUPLICATE_SAME_ACCESS |
2768 DUPLICATE_CLOSE_SOURCE)) {
2769 /* 32809 = ID_OBTAIN_TGT_WITH_LPARAM in src/windows/leash/resource.h */
2770 SendMessage(hLeashWnd, 32809, 0, (LPARAM) hTarget);
2777 acquire_tkt_send_msg(krb5_context ctx, const char * title,
2778 const char * ccachename,
2779 krb5_principal desiredKrb5Principal,
2780 char * out_ccname, int out_cclen)
2782 krb5_error_code err;
2785 char *desiredName = 0;
2786 char *desiredRealm = 0;
2788 /* do we want a specific client principal? */
2789 if (desiredKrb5Principal != NULL) {
2790 err = pkrb5_unparse_name (ctx, desiredKrb5Principal, &desiredName);
2793 for (p = desiredName; *p && *p != '@'; p++);
2801 hForeground = GetForegroundWindow();
2802 hNetIdMgr = FindWindow("IDMgrRequestDaemonCls", "IDMgrRequestDaemon");
2803 if (hNetIdMgr != NULL) {
2805 DWORD tid = GetCurrentThreadId();
2807 NETID_DLGINFO *dlginfo;
2809 sprintf(mapname,"Local\\NetIDMgr_DlgInfo_%lu",tid);
2811 hMap = CreateFileMapping(INVALID_HANDLE_VALUE, NULL, PAGE_READWRITE,
2815 } else if (hMap != NULL && GetLastError() == ERROR_ALREADY_EXISTS) {
2820 dlginfo = (NETID_DLGINFO *)MapViewOfFileEx(hMap, FILE_MAP_READ|FILE_MAP_WRITE,
2822 if (dlginfo == NULL) {
2827 memset(dlginfo, 0, sizeof(NETID_DLGINFO));
2829 dlginfo->size = sizeof(NETID_DLGINFO);
2830 dlginfo->dlgtype = NETID_DLGTYPE_TGT;
2831 dlginfo->in.use_defaults = 1;
2834 MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
2836 dlginfo->in.title, NETID_TITLE_SZ);
2837 } else if (desiredName && (strlen(desiredName) + strlen(desiredRealm) + 32 < NETID_TITLE_SZ)) {
2838 char mytitle[NETID_TITLE_SZ];
2839 sprintf(mytitle, "Obtain Kerberos TGT for %s@%s",desiredName,desiredRealm);
2840 MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
2842 dlginfo->in.title, NETID_TITLE_SZ);
2844 MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
2845 "Obtain Kerberos TGT", -1,
2846 dlginfo->in.title, NETID_TITLE_SZ);
2849 MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
2851 dlginfo->in.username, NETID_USERNAME_SZ);
2853 MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
2855 dlginfo->in.realm, NETID_REALM_SZ);
2857 MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED|MB_ERR_INVALID_CHARS,
2859 dlginfo->in.ccache, NETID_CCACHE_NAME_SZ);
2860 SendMessage(hNetIdMgr, 32810, 0, (LPARAM) tid);
2862 if (out_ccname && out_cclen > 0) {
2863 WideCharToMultiByte(CP_ACP, WC_COMPOSITECHECK, dlginfo->out.ccache, -1,
2864 out_ccname, out_cclen, NULL, NULL);
2867 UnmapViewOfFile(dlginfo);
2870 acquire_tkt_send_msg_leash(title,
2871 ccachename, desiredName, desiredRealm);
2874 SetForegroundWindow(hForeground);
2875 if (desiredName != NULL)
2876 pkrb5_free_unparsed_name(ctx, desiredName);
2881 static BOOL cc_have_tickets(krb5_context ctx, krb5_ccache cache)
2883 krb5_cc_cursor cur = NULL;
2886 krb5_error_code code;
2887 BOOL have_tickets = FALSE;
2889 // Don't need the actual ticket.
2890 flags = KRB5_TC_NOTICKET;
2891 code = pkrb5_cc_set_flags(ctx, cache, flags);
2894 code = pkrb5_cc_start_seq_get(ctx, cache, &cur);
2899 while (!(code = pkrb5_cc_next_cred(ctx, cache, &cur, &creds))) {
2900 if ((!pkrb5_is_config_principal(ctx, creds.server)) &&
2901 (creds.times.endtime - time(0) > 0))
2902 have_tickets = TRUE;
2904 pkrb5_free_cred_contents(ctx, &creds);
2906 if (code == KRB5_CC_END) {
2907 code = pkrb5_cc_end_seq_get(ctx, cache, &cur);
2911 code = pkrb5_cc_set_flags(ctx, cache, flags);
2916 return have_tickets;
2920 cc_have_tickets_for_princ(krb5_context ctx,
2922 krb5_principal princ)
2924 krb5_error_code code;
2925 krb5_principal cc_princ = NULL;
2926 BOOL have_tickets = FALSE;
2927 code = pkrb5_cc_get_principal(ctx, cache, &cc_princ);
2931 if (pkrb5_principal_compare(ctx, princ, cc_princ))
2932 have_tickets = cc_have_tickets(ctx, cache);
2935 if (cc_princ != NULL)
2936 pkrb5_free_principal(ctx, cc_princ);
2937 return have_tickets;
2940 static BOOL cc_default_have_tickets(krb5_context ctx)
2942 krb5_ccache cache = NULL;
2943 BOOL have_tickets = FALSE;
2944 if (pkrb5_cc_default(ctx, &cache) == 0)
2945 have_tickets = cc_have_tickets(ctx, cache);
2947 pkrb5_cc_close(ctx, cache);
2948 return have_tickets;
2952 cccol_have_tickets_for_princ(krb5_context ctx,
2953 krb5_principal princ,
2957 krb5_error_code code;
2959 krb5_cccol_cursor cursor;
2960 BOOL have_tickets = FALSE;
2963 code = pkrb5_cccol_cursor_new(ctx, &cursor);
2967 while (!have_tickets &&
2968 !(code = pkrb5_cccol_cursor_next(ctx, cursor, &cache)) &&
2970 if (cc_have_tickets_for_princ(ctx, cache, princ)) {
2971 if (pkrb5_cc_get_full_name(ctx, cache, &ccfullname)==0) {
2972 strcpy_s(ccname, cclen, ccfullname);
2973 pkrb5_free_string(ctx, ccfullname);
2974 have_tickets = TRUE;
2977 pkrb5_cc_close(ctx, cache);
2979 pkrb5_cccol_cursor_free(ctx, &cursor);
2982 return have_tickets;
2986 acquire_tkt_no_princ(krb5_context context, char * ccname, int cclen)
2988 TicketList *list = NULL;
2990 DWORD dwMsLsaImport = Leash_get_default_mslsa_import();
2992 char ccachename[272]="";
2997 GetEnvironmentVariable("KERBEROSLOGIN_NEVER_PROMPT", loginenv, sizeof(loginenv));
2998 prompt = (GetLastError() == ERROR_ENVVAR_NOT_FOUND);
3003 GetEnvironmentVariable("KRB5CCNAME", ccachename, sizeof(ccachename));
3004 gle = GetLastError();
3005 if ( ((gle == ERROR_ENVVAR_NOT_FOUND) || !ccachename[0]) && context ) {
3006 const char * ccdef = pkrb5_cc_default_name(ctx);
3007 SetEnvironmentVariable("KRB5CCNAME", ccdef ? ccdef : NULL);
3008 GetEnvironmentVariable("KRB5CCNAME", ccachename, sizeof(ccachename));
3011 haveTickets = cc_default_have_tickets(ctx);
3012 if ((!haveTickets) &&
3013 dwMsLsaImport && Leash_importable() ) {
3014 // We have the option of importing tickets from the MSLSA
3015 // but should we? Do the tickets in the MSLSA cache belong
3016 // to the default realm used by Leash? Does the default
3017 // ccache name specify a principal name? Only import if we
3018 // aren't going to break the default identity as specified
3019 // by the user in Network Identity Manager.
3023 /* Determine if the default ccachename is principal name. If so, don't
3024 * import the MSLSA: credentials into it unless the names match.
3026 isCCPrinc = (strncmp("API:",ccachename, 4) == 0 && strchr(ccachename, '@'));
3028 if ( dwMsLsaImport == 1 && !isCCPrinc ) { /* always import */
3030 } else if ( dwMsLsaImport ) { /* import when realms match */
3031 krb5_error_code code;
3032 krb5_ccache mslsa_ccache=NULL;
3033 krb5_principal princ = NULL;
3034 char *mslsa_principal = NULL;
3035 char ms_realm[128] = "", *def_realm = NULL, *r;
3038 if (code = pkrb5_cc_resolve(ctx, "MSLSA:", &mslsa_ccache))
3041 if (code = pkrb5_cc_get_principal(ctx, mslsa_ccache, &princ))
3044 for ( r=ms_realm, i=0; i<krb5_princ_realm(ctx, princ)->length; r++, i++ ) {
3045 *r = krb5_princ_realm(ctx, princ)->data[i];
3049 if (code = pkrb5_get_default_realm(ctx, &def_realm))
3052 if (code = pkrb5_unparse_name(ctx, princ, &mslsa_principal))
3055 import = (!isCCPrinc && !strcmp(def_realm, ms_realm)) ||
3056 (isCCPrinc && !strcmp(&ccachename[4], mslsa_principal));
3059 if (mslsa_principal)
3060 pkrb5_free_unparsed_name(ctx, mslsa_principal);
3063 pkrb5_free_default_realm(ctx, def_realm);
3066 pkrb5_free_principal(ctx, princ);
3069 pkrb5_cc_close(ctx, mslsa_ccache);
3074 haveTickets = cc_default_have_tickets(ctx);
3078 if ( prompt && !haveTickets ) {
3079 acquire_tkt_send_msg(ctx, NULL, ccachename, NULL, ccname, cclen);
3081 * If the ticket manager returned an alternative credential cache
3082 * remember it as the default for this process.
3084 if ( ccname && ccname[0] && strcmp(ccachename,ccname) ) {
3085 SetEnvironmentVariable("KRB5CCNAME",ccname);
3088 } else if (ccachename[0] && ccname) {
3089 strncpy(ccname, ccachename, cclen);
3090 ccname[cclen-1] = '\0';
3093 pkrb5_free_context(ctx);
3098 acquire_tkt_for_princ(krb5_context ctx, krb5_principal desiredPrincipal,
3099 char * ccname, int cclen)
3102 char ccachename[272]="";
3106 GetEnvironmentVariable("KERBEROSLOGIN_NEVER_PROMPT", loginenv, sizeof(loginenv));
3107 prompt = (GetLastError() == ERROR_ENVVAR_NOT_FOUND);
3110 GetEnvironmentVariable("KRB5CCNAME", ccachename, sizeof(ccachename));
3111 gle = GetLastError();
3112 if ((gle == ERROR_ENVVAR_NOT_FOUND || !ccachename[0]) && ctx != NULL) {
3113 const char * ccdef = pkrb5_cc_default_name(ctx);
3114 SetEnvironmentVariable("KRB5CCNAME", ccdef ? ccdef : NULL);
3115 GetEnvironmentVariable("KRB5CCNAME", ccachename, sizeof(ccachename));
3117 if (!cccol_have_tickets_for_princ(ctx, desiredPrincipal, ccname, cclen)) {
3119 acquire_tkt_send_msg(ctx, NULL,
3120 ccachename, desiredPrincipal, ccname, cclen);
3122 * If the ticket manager returned an alternative credential cache
3123 * remember it as the default for this process.
3125 if (ccname != NULL && ccname[0] &&
3126 strcmp(ccachename, ccname)) {
3127 SetEnvironmentVariable("KRB5CCNAME",ccname);
3135 not_an_API_Leash_AcquireInitialTicketsIfNeeded(krb5_context context,
3136 krb5_principal desiredKrb5Principal,
3137 char * ccname, int cclen)
3139 if (!desiredKrb5Principal) {
3140 acquire_tkt_no_princ(context, ccname, cclen);
3142 acquire_tkt_for_princ(context, desiredKrb5Principal, ccname, cclen);