From b17783@atalanta.ctd.anl.gov Fri Jul 20 16:25:15 2001 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by rt-11.mit.edu (8.9.3/8.9.3) with ESMTP id QAA12211 for ; Fri, 20 Jul 2001 16:25:15 -0400 (EDT) Received: from atalanta.ctd.anl.gov (atalanta.ctd.anl.gov [146.137.64.60]) by pacific-carrier-annex.mit.edu (8.9.2/8.9.2) with ESMTP id QAA02803 for ; Fri, 20 Jul 2001 16:25:15 -0400 (EDT) Received: from orleans.ctd.anl.gov (orleans.ctd.anl.gov [146.137.180.252]) by atalanta.ctd.anl.gov (8.9.1a/8.9.1) with ESMTP id PAA23599 for ; Fri, 20 Jul 2001 15:25:13 -0500 (CDT) Received: (from b17783@localhost) by orleans.ctd.anl.gov (8.9.3+Sun/8.9.1) id PAA28551; Fri, 20 Jul 2001 15:25:14 -0500 (CDT) Message-Id: <200107202025.PAA28551@orleans.ctd.anl.gov> Date: Fri, 20 Jul 2001 15:25:14 -0500 (CDT) From: DEEngert@anl.gov Reply-To: DEEngert@anl.gov To: krb5-bugs@mit.edu Subject: NoAddresses for tickets obtained using the krb5.exe X-Send-Pr-Version: 3.99 >Number: 982 >Category: krb5-clients >Synopsis: Support NoAddresses from Windows krb5.exe >Confidential: no >Severity: non-critical >Priority: medium >Responsible: krb5-unassigned >State: open >Class: change-request >Submitter-Id: unknown >Arrival-Date: Fri Jul 20 16:26:01 EDT 2001 >Last-Modified: >Originator: Douglas Engert >Organization: Douglas E. Engert Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 >Release: krb5-1.2.2 >Environment: System: Windows and krb5.exe >Description: The krb5.exe can not request a ticket without addresses. This is needed as NAT and VPNs are becomming more common. >How-To-Repeat: >Fix: Attached are diffs to add a NoAddresses checkbox. *** src/windows/cns/,options.c Wed Feb 28 16:08:35 2001 --- src/windows/cns/options.c Thu Jul 12 15:09:21 2001 *************** *** 74,79 **** --- 74,82 ---- forwardable = cns_res.forwardable; SendDlgItemMessage(hwnd, IDD_FORWARDABLE, BM_SETCHECK, forwardable, 0); + noaddresses = cns_res.noaddresses; + SendDlgItemMessage(hwnd, IDD_NOADDRESSES, BM_SETCHECK, noaddresses, 0); + return TRUE; } *************** *** 160,165 **** --- 163,171 ---- forwardable = SendDlgItemMessage(hwnd, IDD_FORWARDABLE, BM_GETCHECK, 0, 0); cns_res.forwardable = forwardable; + + noaddresses = SendDlgItemMessage(hwnd, IDD_NOADDRESSES, BM_GETCHECK, 0, 0); + cns_res.noaddresses = noaddresses; EndDialog(hwnd, IDOK); *** src/windows/cns/,cnsres5.rc Wed Feb 28 16:08:35 2001 --- src/windows/cns/cnsres5.rc Thu Jul 12 15:34:02 2001 *************** *** 161,167 **** 95,65,39,12 GROUPBOX "Ticket options",IDD_TKOPT,5,86,158,23,WS_GROUP CONTROL "&Forwardable",IDD_FORWARDABLE,"Button",BS_AUTOCHECKBOX | ! WS_TABSTOP,54,95,65,12 DEFPUSHBUTTON "OK",IDOK,19,117,52,14 PUSHBUTTON "Cancel",IDCANCEL,95,117,52,14 END --- 161,169 ---- 95,65,39,12 GROUPBOX "Ticket options",IDD_TKOPT,5,86,158,23,WS_GROUP CONTROL "&Forwardable",IDD_FORWARDABLE,"Button",BS_AUTOCHECKBOX | ! WS_TABSTOP,25,95,65,12 ! CONTROL "&NoAddresses",IDD_NOADDRESSES,"Button",BS_AUTOCHECKBOX | ! WS_TABSTOP,90,95,65,12 DEFPUSHBUTTON "OK",IDOK,19,117,52,14 PUSHBUTTON "Cancel",IDCANCEL,95,117,52,14 END *** src/windows/cns/,cns.h Wed Feb 28 16:08:35 2001 --- src/windows/cns/cns.h Thu Jul 12 15:00:08 2001 *************** *** 145,150 **** --- 145,151 ---- #define IDD_ALERT 312 #define IDD_TKOPT 320 #define IDD_FORWARDABLE 321 + #define IDD_NOADDRESSES 322 /* * the entire range (400 through 499) is reserved for the blasted variable *************** *** 200,205 **** --- 201,207 ---- extern krb5_ccache k5_ccache; extern char ccname[FILENAME_MAX]; extern BOOL forwardable; + extern BOOL noaddresses; #endif /* *** src/windows/cns/,cns_reg.c Wed Feb 28 16:08:35 2001 --- src/windows/cns/cns_reg.c Thu Jul 12 14:57:53 2001 *************** *** 45,50 **** --- 45,51 ---- cns_res.beep = 0; cns_res.lifetime = DEFAULT_TKT_LIFE * 5; cns_res.forwardable = 1; + cns_res.noaddresses = 0; for (i = 1 ; i < FILE_MENU_MAX_LOGINS ; i++) *************** *** 117,122 **** --- 118,126 ---- if (registry_dword_get(key, "forwardable", &tdw) == 0) cns_res.forwardable = tdw; + if (registry_dword_get(key, "noaddresses", &tdw) == 0) + cns_res.noaddresses = tdw; + if (registry_dword_get(key, "alert", &tdw) == 0) cns_res.alert = tdw; *************** *** 196,201 **** --- 200,206 ---- registry_dword_set(key, "beep", cns_res.beep); registry_dword_set(key, "lifetime", cns_res.lifetime); registry_dword_set(key, "forwardable", cns_res.forwardable); + registry_dword_set(key, "noaddresses", cns_res.noaddresses); registry_string_set(key, "name", cns_res.name); registry_string_set(key, "realm", cns_res.realm); *** src/windows/cns/,cns.c Wed Feb 28 16:08:35 2001 --- src/windows/cns/cns.c Thu Jul 12 15:06:21 2001 *************** *** 56,61 **** --- 56,62 ---- #ifdef KRB5 char ccname[FILENAME_MAX]; /* ccache file location */ BOOL forwardable; /* TRUE to get forwardable tickets */ + BOOL noaddresses; krb5_context k5_context; krb5_ccache k5_ccache; #endif *************** *** 1222,1227 **** --- 1223,1231 ---- krb5_get_init_creds_opt_init(&opts); krb5_get_init_creds_opt_set_forwardable(&opts, forwardable); krb5_get_init_creds_opt_set_tkt_life(&opts, lifetime * 60); + if (noaddresses) { + krb5_get_init_creds_opt_set_address_list(&opts, NULL); + } /* * get the initial creds using the password and the options we set above *************** *** 1698,1703 **** --- 1702,1708 ---- * ticket options */ forwardable = cns_res.forwardable; + noaddresses = cns_res.noaddresses; /* * Load clock icons *** src/windows/cns/,cns_reg.h Wed Feb 28 16:08:35 2001 --- src/windows/cns/cns_reg.h Thu Jul 12 14:58:08 2001 *************** *** 17,22 **** --- 17,23 ---- DWORD forwardable; /* get forwardable tickets? */ DWORD conf_override; /* allow changing of confname */ DWORD cc_override; /* allow changing of ccname */ + DWORD noaddresses; /* Don't require address in tickets */ char name[MAX_K_NAME_SZ]; /* last user used */ char realm[MAX_K_NAME_SZ]; /* last realm used */ char confname[FILENAME_MAX]; >Audit-Trail: >Unformatted: