ticket: new

target_version: 1.3.3
tags: pullup

Delay load the ADVAPI32.DLL and SECUR32.DLL libraries within KRB5_32.DLL

Then modify the MSLSA implementation to ensure that none of the APIs loaded
from those DLLs are executed on Windows platforms prior to Windows 2000.
This ensures that the DLLs will never be loaded enabling KRB5_32.DLL to
continue to be used on Windows 9x.


git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16217 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/ChangeLog

@@ -1,3 +1,9 @@
+2004-03-31  Jeffrey Altman <jaltman@mit.edu>
+
+    * Makefile.in: Delay Load the ADVAPI32.DLL and SECUR32.DLL libraries
+      to enable the KRB5_32.DLL to load on Windows 9x systems which do
+      not support the LSA Kerberos functionality.
+
 2004-03-08  Ken Raeburn  <raeburn@mit.edu>
 
 	* Makefile.in (LOCAL_SUBDIRS): Renamed from MY_SUBDIRS.

src/lib/Makefile.in

@@ -52,8 +52,9 @@ KRB5RC = krb5.rc
 VERSIONRC = $(BUILDTOP)\windows\version.rc
 
 WINLIBS = kernel32.lib ws2_32.lib user32.lib shell32.lib oldnames.lib \
-	version.lib secur32.lib advapi32.lib gdi32.lib
-WINDLLFLAGS = $(DLL_LINKOPTS) -base:0x1c000000
+	version.lib secur32.lib advapi32.lib gdi32.lib delayimp.lib
+WINDLLFLAGS = $(DLL_LINKOPTS) -base:0x1c000000 /DELAYLOAD:secur32.dll \
+	/DELAYLOAD:advapi32.dll /DELAY:UNLOAD /DELAY:NOBIND
 
 NO_GLUE=$(OUTPRE)no_glue.obj
 K5_GLUE=$(OUTPRE)k5_glue.obj

src/lib/krb5/ccache/ChangeLog

@@ -1,3 +1,11 @@
+2004-03-31  Jeffrey Altman <jaltman@mit.edu>
+
+    * cc_mslsa.c: Add IsWindows2000() function and use it to return 
+      errors whenever the MSLSA: ccache type is used on platforms
+      older than Windows 2000.  This is needed to prevent calls to
+      the functions loaded from ADVAPI32.DLL and SECUR32.DLL which 
+      do not exist on the Windows 9x platforms.
+
 2004-03-26  Sam Hartman  <hartmans@mit.edu>
 
 	* fcc.h: Remove all but the definition of krb5_cc_file_ops because

src/lib/krb5/ccache/cc_mslsa.c

@@ -67,6 +67,30 @@
 #define MAX_MSG_SIZE 256
 #define MAX_MSPRINC_SIZE 1024
 
+static BOOL IsWindows2000 (void)
+{
+   static BOOL fChecked = FALSE;
+   static BOOL fIsWin2K = FALSE;
+
+   if (!fChecked)
+   {
+       OSVERSIONINFO Version;
+       fChecked = TRUE;
+
+       memset (&Version, 0x00, sizeof(Version));
+       Version.dwOSVersionInfoSize = sizeof(Version);
+
+       if (GetVersionEx (&Version))
+       {
+           if (Version.dwPlatformId == VER_PLATFORM_WIN32_NT &&
+                Version.dwMajorVersion >= 5)
+               fIsWin2K = TRUE;
+       }
+   }
+
+   return fIsWin2K;
+}
+
 static VOID
 ShowWinError(LPSTR szAPI, DWORD dwError)
 {
@@ -1099,6 +1123,9 @@ krb5_lcc_resolve (krb5_context context, krb5_ccache *id, const char *residual)
     ULONG  PackageId;
     KERB_EXTERNAL_TICKET *msticket;
 
+    if (!IsWindows2000())
+        return KRB5_FCC_NOFILE;
+
     if (!IsKerberosLogon())
         return KRB5_FCC_NOFILE;
 
@@ -1168,6 +1195,9 @@ krb5_lcc_resolve (krb5_context context, krb5_ccache *id, const char *residual)
 static krb5_error_code KRB5_CALLCONV
 krb5_lcc_initialize(krb5_context context, krb5_ccache id, krb5_principal princ)
 {
+    if (!IsWindows2000())
+        return KRB5_FCC_NOFILE;
+
     return KRB5_CC_READONLY;
 }
 
@@ -1184,13 +1214,20 @@ static krb5_error_code KRB5_CALLCONV
 krb5_lcc_close(krb5_context context, krb5_ccache id)
 {
     register int closeval = KRB5_OK;
-    register krb5_lcc_data *data = (krb5_lcc_data *) id->data;
-
-    CloseHandle(data->LogonHandle);
+    register krb5_lcc_data *data;
+
+    if (!IsWindows2000())
+        return KRB5_FCC_NOFILE;
 
-    krb5_xfree(data);
-    krb5_xfree(id);
+    if (id) {
+        data = (krb5_lcc_data *) id->data;
 
+        if (data) {
+            CloseHandle(data->LogonHandle);
+            krb5_xfree(data);
+        }
+        krb5_xfree(id);
+    }
     return closeval;
 }
 
@@ -1204,9 +1241,17 @@ krb5_lcc_close(krb5_context context, krb5_ccache id)
 static krb5_error_code KRB5_CALLCONV
 krb5_lcc_destroy(krb5_context context, krb5_ccache id)
 {
-    register krb5_lcc_data *data = (krb5_lcc_data *) id->data;
+    register krb5_lcc_data *data;
+
+    if (!IsWindows2000())
+        return KRB5_FCC_NOFILE;
 
-    return PurgeMSTGT(data->LogonHandle, data->PackageId) ? KRB5_FCC_INTERNAL : KRB5_OK;
+    if (id) { 
+        data = (krb5_lcc_data *) id->data;
+
+        return PurgeMSTGT(data->LogonHandle, data->PackageId) ? KRB5_FCC_INTERNAL : KRB5_OK;
+    }
+    return KRB5_FCC_INTERNAL;
 }
 
 /*
@@ -1229,6 +1274,9 @@ krb5_lcc_start_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *cur
     krb5_lcc_data *data = (krb5_lcc_data *)id->data;
     KERB_EXTERNAL_TICKET *msticket;
 
+    if (!IsWindows2000())
+        return KRB5_FCC_NOFILE;
+
     lcursor = (krb5_lcc_cursor *) malloc(sizeof(krb5_lcc_cursor));
     if (lcursor == NULL) {
         *cursor = 0;
@@ -1277,10 +1325,15 @@ static krb5_error_code KRB5_CALLCONV
 krb5_lcc_next_cred(krb5_context context, krb5_ccache id, krb5_cc_cursor *cursor, krb5_creds *creds)
 {
     krb5_lcc_cursor *lcursor = (krb5_lcc_cursor *) *cursor;
-    krb5_lcc_data *data = (krb5_lcc_data *)id->data;
+    krb5_lcc_data *data;
     KERB_EXTERNAL_TICKET *msticket;
     krb5_error_code  retval = KRB5_OK;
 
+    if (!IsWindows2000())
+        return KRB5_FCC_NOFILE;
+
+    data = (krb5_lcc_data *)id->data;
+
   next_cred:
     if ( lcursor->index >= lcursor->response->CountOfTickets ) {
         if (retval == KRB5_OK)
@@ -1330,6 +1383,9 @@ krb5_lcc_end_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *curso
 {
     krb5_lcc_cursor *lcursor = (krb5_lcc_cursor *) *cursor;
 
+    if (!IsWindows2000())
+        return KRB5_FCC_NOFILE;
+
     if ( lcursor ) {
         LsaFreeReturnBuffer(lcursor->mstgt);
         LsaFreeReturnBuffer(lcursor->response);
@@ -1348,6 +1404,9 @@ krb5_lcc_end_seq_get(krb5_context context, krb5_ccache id, krb5_cc_cursor *curso
 static krb5_error_code KRB5_CALLCONV
 krb5_lcc_generate_new (krb5_context context, krb5_ccache *id)
 {
+    if (!IsWindows2000())
+        return KRB5_FCC_NOFILE;
+
     return KRB5_CC_READONLY;
 }
 
@@ -1361,6 +1420,13 @@ krb5_lcc_generate_new (krb5_context context, krb5_ccache *id)
 static const char * KRB5_CALLCONV
 krb5_lcc_get_name (krb5_context context, krb5_ccache id)
 {
+
+    if (!IsWindows2000())
+        return KRB5_FCC_NOFILE;
+
+    if ( !id )
+        return "";
+
     return (char *) ((krb5_lcc_data *) id->data)->cc_name;
 }
 
@@ -1382,6 +1448,9 @@ krb5_lcc_get_principal(krb5_context context, krb5_ccache id, krb5_principal *pri
 {
     krb5_error_code kret = KRB5_OK;
 
+    if (!IsWindows2000())
+        return KRB5_FCC_NOFILE;
+
     /* obtain principal */
     return krb5_copy_principal(context, ((krb5_lcc_data *) id->data)->princ, princ);
 }
@@ -1397,6 +1466,9 @@ krb5_lcc_retrieve(krb5_context context, krb5_ccache id, krb5_flags whichfields,
     krb5_creds * mcreds_noflags;
     krb5_creds   fetchcreds;
 
+    if (!IsWindows2000())
+        return KRB5_FCC_NOFILE;
+
     memset(&fetchcreds, 0, sizeof(krb5_creds));
 
     /* first try to find out if we have an existing ticket which meets the requirements */
@@ -1474,6 +1546,9 @@ krb5_lcc_store(krb5_context context, krb5_ccache id, krb5_creds *creds)
     KERB_EXTERNAL_TICKET *msticket = 0;
     krb5_creds * creds_noflags;
 
+    if (!IsWindows2000())
+        return KRB5_FCC_NOFILE;
+
     /* if not, we must try to get a ticket without specifying any flags or etypes */
     krb5_copy_creds(context, creds, &creds_noflags);
     creds_noflags->ticket_flags = 0;
@@ -1496,6 +1571,9 @@ static krb5_error_code KRB5_CALLCONV
 krb5_lcc_remove_cred(krb5_context context, krb5_ccache cache, krb5_flags flags,
                      krb5_creds *creds)
 {
+    if (!IsWindows2000())
+        return KRB5_FCC_NOFILE;
+
     return KRB5_CC_READONLY;
 }
 
@@ -1507,6 +1585,9 @@ krb5_lcc_remove_cred(krb5_context context, krb5_ccache cache, krb5_flags flags,
 static krb5_error_code KRB5_CALLCONV
 krb5_lcc_set_flags(krb5_context context, krb5_ccache id, krb5_flags flags)
 {
+    if (!IsWindows2000())
+        return KRB5_FCC_NOFILE;
+
     return KRB5_OK;
 }