Skip Menu |
 

Date: Tue, 18 Mar 2008 11:26:42 -0700
From: sam sharma <sam.sharma@gat.com>
Subject: kerberos bug while using GetWindowsDirectory API on Windows System
To: krb5-bugs@mit.edu

Hi

 

I came across a problem in latest 1.6.3 and 1.5.4 Kerberos source code where GetWindowsDirectory() returns private Windows System directory path for every logon user when windows terminal services are installed on a system.

 

See http://msdn2.microsoft.com/en-us/library/ms724454(VS.85).aspx Microsoft article which explains the GetWindowsDirectory() API. I think it may be good idea to use GetSystemWindowsDirectory to find the Windows System Directory name to locate the Windows Kerberos Configuration file.

 

krb5-1.6.3/src/windows/kfwlogon/kfwlogon.c:        GetWindowsDirectory(filename, sizeof(filename));

krb5-1.6.3/src/windows/identity/plugins/krb5/krb5funcs.c:        GetWindowsDirectoryA(confname,szConfname);

krb5-1.6.3/src/windows/identity/plugins/krb5/krb5funcs.c:        GetWindowsDirectoryA(confname,szConfname);

krb5-1.6.3/src/windows/identity/plugins/krb5/krb5funcs.c:            GetWindowsDirectoryA(krbConFile,sizeof(krbConFile));

krb5-1.6.3/src/windows/identity/plugins/krb5/krb5funcs.c:                GetWindowsDirectoryA(confname,szConfname);

krb5-1.6.3/src/windows/identity/plugins/krb4/krb4funcs.c:        GetWindowsDirectoryA(confname,szConfname);

krb5-1.6.3/src/windows/identity/plugins/krb4/krb4funcs.c:        GetWindowsDirectoryA(confname,szConfname);

krb5-1.6.3/src/windows/identity/plugins/krb4/krb4funcs.c:            GetWindowsDirectoryA(krbConFile,sizeof(krbConFile));

krb5-1.6.3/src/windows/identity/plugins/krb4/krb4funcs.c:            GetWindowsDirectoryA(confname,szConfname);

krb5-1.6.3/src/lib/krb5/os/init_os_ctx.c:    UINT size = GetWindowsDirectory(0, 0);

krb5-1.6.3/src/lib/krb5/os/init_os_ctx.c:        GetWindowsDirectory(*pname, size);

krb5-1.6.3/src/lib/krb5/os/ktdefname.c:     len= GetWindowsDirectory( defname, sizeof(defname)-2 );

krb5-1.6.3/src/lib/krb5/os/ccdefname.c:                    int len = GetWindowsDirectory(p, size);

krb5-1.6.3/src/lib/krb4/win_store.c:    rc = GetWindowsDirectory(defname, sizeof(defname) - 1);

krb5-1.6.3/src/lib/krb4/win_store.c:    rc = GetWindowsDirectory(defname, sizeof(defname) - 1);

 

SAM SHARMA

Date: Tue, 18 Mar 2008 12:55:40 -0600
From: Jeffrey Altman <jaltman@secure-endpoints.com>
To: rt@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #5917] kerberos bug while using GetWindowsDirectory API on Windows System
RT-Send-Cc:
sharma via RT wrote:
Show quoted text
> Hi
>
>
>
> I came across a problem in latest 1.6.3 and 1.5.4 Kerberos source code where
> GetWindowsDirectory() returns private Windows System directory path for
> every logon user when windows terminal services are installed on a system.

The problem that has been identified is correct. The current policy of
storing configuration data in the Windows directory or the Program Files
directory no longer works on Vista and 2008 Server due to directory
virtualization.

The preferred location to store configuration data that can be accessed
by all users and by both 32-bit and 64-bit instances of the
libraries/applications is the \ProgramData\MIT\Kerberos directory
(which on XP/2003 is \Documents and Settings\All Users\Application
Data\MIT\Kerberos\).
Download smime.p7s
application/x-pkcs7-signature 3.2KiB

Message body not shown because it is not plain text.