Skip Menu |
 

Subject: modernize cc_mslsa.c
This file still has code to provide runtime compatibility with Windows 2000, and compile-time
compatibility with Windows XP SP2.

We require Windows XP SP3 in the installer, and only document building on Windows 7, so a
great deal of complexity can safely be removed.
From: kaduk@MIT.EDU
Subject: git commit
Download (untitled) / with headers
text/plain 1.5KiB

Remove old Windows support from cc_mslsa.c

It is safe to remove is_windows_2000(), is_windows_xp(), and
is_windows_vista(), since the former two only check for very old
versions of windows which are no longer supported, and
is_windows_vista() was unused. Note that the check being implemented
was whether the running OS was the named version or higher, not an
exact match. The current Microsoft documentation recommends against
the sort of OS version checks that were employed here, in favor of
explicit feature tests.

Remove is_broken_wow64() as the problem it works around (Microsoft
Article ID 960077) is believed to have been fixed in subsequent
updates to Windows Server 2003 and XP.

Remove does_retrieve_ticket_cache_ticket() since support for the
KERB_RETRIEVE_TICKET_CACHE_TICKET flag in the
KERB_RETRIEVE_TKT_REQUEST structure was added in service packs for
Windows Server 2003 and XP. Also remove buildtime fallbacks that
are no longer needed.

Remove the conditionals TRUST_ATTRIBUTE_TRUST_USES_AES_KEYS,
HAVE_CACHE_INFO_EX2, and KERB_SUBMIT_TICKET as all current SDK
versions have the relevant functionality.

In all cases, de-indent chunks that are no longer conditional.
Where indentation levels changed, update the style of the reindented
code to current practices.

https://github.com/krb5/krb5/commit/471b8474de8c5dfbbcc6a5a39201426bdca09f0d
Author: Ben Kaduk <kaduk@mit.edu>
Commit: 471b8474de8c5dfbbcc6a5a39201426bdca09f0d
Branch: master
src/lib/krb5/ccache/cc_mslsa.c | 603 +++++-----------------------------------
1 files changed, 66 insertions(+), 537 deletions(-)
From: kaduk@MIT.EDU
Subject: git commit

comment some future cleanup for cc_mslsa.c

The function does_query_ticket_cache_ex2() will not be needed once
Windows Server 2003 drops out of support in approximately one year's
time. Note the doom timer at its definition, to facilitate future
cleanup.

https://github.com/krb5/krb5/commit/9d16f24e59e2a0f0809741236344394da49935e2
Author: Ben Kaduk <kaduk@mit.edu>
Commit: 9d16f24e59e2a0f0809741236344394da49935e2
Branch: master
src/lib/krb5/ccache/cc_mslsa.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
From: kaduk@MIT.EDU
Subject: git commit

Remove unused code from cc_mslsa.c

Remove PreserveInitialTicketIdentity() and IsKerberosLogon(), as well
as the preprocessor conditionals ENABLE_PURGING and PURGE_ALL, which
have not been used in a very long time, if ever.

There was one potential callsite of IsKerberosLogon(), in
lcc_resolve(), which was disabled. It is perfectly reasonable to want
to use the MSLSA cache on a non-domain-joined workstation, as it is
now a read-write cache type, so we need not concern ourselves whether
the logon was performed or may have been performed using kerberos.

https://github.com/krb5/krb5/commit/07aaaee56bf40bfef2847b6f09897ce1aa96773d
Author: Ben Kaduk <kaduk@mit.edu>
Commit: 07aaaee56bf40bfef2847b6f09897ce1aa96773d
Branch: master
src/lib/krb5/ccache/cc_mslsa.c | 108 ----------------------------------------
1 files changed, 0 insertions(+), 108 deletions(-)
From: kaduk@MIT.EDU
Subject: git commit

Rename cc_mslsa.c routines to avoid OS versions

We don't care about XP versus non-XP; just indicate which
revision of the data type is being used.

Standardize on the lowercase 'x' in "Ex", for both the "Ex" and
"Ex2" forms.

While here, adjust the function definition prototypes to match
current style.

https://github.com/krb5/krb5/commit/bbf946566b32dcf2f9a718b28acd948eeb53ade4
Author: Ben Kaduk <kaduk@mit.edu>
Commit: bbf946566b32dcf2f9a718b28acd948eeb53ade4
Branch: master
src/lib/krb5/ccache/cc_mslsa.c | 38 +++++++++++++++++++++-----------------
1 files changed, 21 insertions(+), 17 deletions(-)
From: kaduk@MIT.EDU
Subject: git commit

Move realm conversion into helper in cc_mslsa.c

All the callers of UnicodeStringToMITPrinc() were already converting
a UnicodeString into a wchar* just to pass it in as the realm.

Simplify everyone's life by making the helper do the conversion.

https://github.com/krb5/krb5/commit/e2d1a3aea7789b6acc5fa963da75ea666614764c
Author: Ben Kaduk <kaduk@mit.edu>
Commit: e2d1a3aea7789b6acc5fa963da75ea666614764c
Branch: master
src/lib/krb5/ccache/cc_mslsa.c | 24 +++++++++++++-----------
1 files changed, 13 insertions(+), 11 deletions(-)
From: kaduk@MIT.EDU
Subject: git commit

Avoid unneeded GetMSTGT() calls in cc_mslsa.c

Both lcc_resolve() and lcc_get_principal() were using GetMSTGT()
to fetch a ticket from which to obtain the client principal name
of the credentials cache. However, that name is contained in
the results of the the cache information query; there is no need
to retrieve a full ticket of any sort to get it. Since there
may sometimes be difficulties obtaining a TGT when UAC is enabled,
avoid these unneeded calls.

https://github.com/krb5/krb5/commit/76a16d2652da483dd7bc95f24257e0f195b833f0
Author: Ben Kaduk <kaduk@mit.edu>
Commit: 76a16d2652da483dd7bc95f24257e0f195b833f0
Branch: master
src/lib/krb5/ccache/cc_mslsa.c | 62 ++++++++++++++++++---------------------
1 files changed, 29 insertions(+), 33 deletions(-)
From: tlyu@mit.edu
Subject: git commit
Download (untitled) / with headers
text/plain 1.6KiB

Remove old Windows support from cc_mslsa.c

It is safe to remove is_windows_2000(), is_windows_xp(), and
is_windows_vista(), since the former two only check for very old
versions of windows which are no longer supported, and
is_windows_vista() was unused. Note that the check being implemented
was whether the running OS was the named version or higher, not an
exact match. The current Microsoft documentation recommends against
the sort of OS version checks that were employed here, in favor of
explicit feature tests.

Remove is_broken_wow64() as the problem it works around (Microsoft
Article ID 960077) is believed to have been fixed in subsequent
updates to Windows Server 2003 and XP.

Remove does_retrieve_ticket_cache_ticket() since support for the
KERB_RETRIEVE_TICKET_CACHE_TICKET flag in the
KERB_RETRIEVE_TKT_REQUEST structure was added in service packs for
Windows Server 2003 and XP. Also remove buildtime fallbacks that
are no longer needed.

Remove the conditionals TRUST_ATTRIBUTE_TRUST_USES_AES_KEYS,
HAVE_CACHE_INFO_EX2, and KERB_SUBMIT_TICKET as all current SDK
versions have the relevant functionality.

In all cases, de-indent chunks that are no longer conditional.
Where indentation levels changed, update the style of the reindented
code to current practices.

(cherry picked from commit 471b8474de8c5dfbbcc6a5a39201426bdca09f0d)

https://github.com/krb5/krb5/commit/b8ea86af9765af59167b079cb81b17361a3fb12a
Author: Ben Kaduk <kaduk@mit.edu>
Committer: Tom Yu <tlyu@mit.edu>
Commit: b8ea86af9765af59167b079cb81b17361a3fb12a
Branch: krb5-1.13
src/lib/krb5/ccache/cc_mslsa.c | 603 +++++-----------------------------------
1 files changed, 66 insertions(+), 537 deletions(-)
From: tlyu@mit.edu
Subject: git commit

comment some future cleanup for cc_mslsa.c

The function does_query_ticket_cache_ex2() will not be needed once
Windows Server 2003 drops out of support in approximately one year's
time. Note the doom timer at its definition, to facilitate future
cleanup.

(cherry picked from commit 9d16f24e59e2a0f0809741236344394da49935e2)

https://github.com/krb5/krb5/commit/b3db53cc182a780f64c7ebfe3f2381f49c37716b
Author: Ben Kaduk <kaduk@mit.edu>
Committer: Tom Yu <tlyu@mit.edu>
Commit: b3db53cc182a780f64c7ebfe3f2381f49c37716b
Branch: krb5-1.13
src/lib/krb5/ccache/cc_mslsa.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
From: tlyu@mit.edu
Subject: git commit

Remove unused code from cc_mslsa.c

Remove PreserveInitialTicketIdentity() and IsKerberosLogon(), as well
as the preprocessor conditionals ENABLE_PURGING and PURGE_ALL, which
have not been used in a very long time, if ever.

There was one potential callsite of IsKerberosLogon(), in
lcc_resolve(), which was disabled. It is perfectly reasonable to want
to use the MSLSA cache on a non-domain-joined workstation, as it is
now a read-write cache type, so we need not concern ourselves whether
the logon was performed or may have been performed using kerberos.

(cherry picked from commit 07aaaee56bf40bfef2847b6f09897ce1aa96773d)

https://github.com/krb5/krb5/commit/32504cec153ee5bb27b804a66dbd9c61b5870e0d
Author: Ben Kaduk <kaduk@mit.edu>
Committer: Tom Yu <tlyu@mit.edu>
Commit: 32504cec153ee5bb27b804a66dbd9c61b5870e0d
Branch: krb5-1.13
src/lib/krb5/ccache/cc_mslsa.c | 108 ----------------------------------------
1 files changed, 0 insertions(+), 108 deletions(-)
From: tlyu@mit.edu
Subject: git commit

Rename cc_mslsa.c routines to avoid OS versions

We don't care about XP versus non-XP; just indicate which
revision of the data type is being used.

Standardize on the lowercase 'x' in "Ex", for both the "Ex" and
"Ex2" forms.

While here, adjust the function definition prototypes to match
current style.

(cherry picked from commit bbf946566b32dcf2f9a718b28acd948eeb53ade4)

https://github.com/krb5/krb5/commit/db13963e400fddb35a1bddf52d6a69ad93945be3
Author: Ben Kaduk <kaduk@mit.edu>
Committer: Tom Yu <tlyu@mit.edu>
Commit: db13963e400fddb35a1bddf52d6a69ad93945be3
Branch: krb5-1.13
src/lib/krb5/ccache/cc_mslsa.c | 38 +++++++++++++++++++++-----------------
1 files changed, 21 insertions(+), 17 deletions(-)
From: tlyu@mit.edu
Subject: git commit

Move realm conversion into helper in cc_mslsa.c

All the callers of UnicodeStringToMITPrinc() were already converting
a UnicodeString into a wchar* just to pass it in as the realm.

Simplify everyone's life by making the helper do the conversion.

(cherry picked from commit e2d1a3aea7789b6acc5fa963da75ea666614764c)

https://github.com/krb5/krb5/commit/c6dfeb57c8002db2c41bdc66e8e50570e83cd7f1
Author: Ben Kaduk <kaduk@mit.edu>
Committer: Tom Yu <tlyu@mit.edu>
Commit: c6dfeb57c8002db2c41bdc66e8e50570e83cd7f1
Branch: krb5-1.13
src/lib/krb5/ccache/cc_mslsa.c | 24 +++++++++++++-----------
1 files changed, 13 insertions(+), 11 deletions(-)
From: tlyu@mit.edu
Subject: git commit

Avoid unneeded GetMSTGT() calls in cc_mslsa.c

Both lcc_resolve() and lcc_get_principal() were using GetMSTGT()
to fetch a ticket from which to obtain the client principal name
of the credentials cache. However, that name is contained in
the results of the the cache information query; there is no need
to retrieve a full ticket of any sort to get it. Since there
may sometimes be difficulties obtaining a TGT when UAC is enabled,
avoid these unneeded calls.

(cherry picked from commit 76a16d2652da483dd7bc95f24257e0f195b833f0)

https://github.com/krb5/krb5/commit/90c0f8850ad9595866b8343a9d489cf148f41ba0
Author: Ben Kaduk <kaduk@mit.edu>
Committer: Tom Yu <tlyu@mit.edu>
Commit: 90c0f8850ad9595866b8343a9d489cf148f41ba0
Branch: krb5-1.13
src/lib/krb5/ccache/cc_mslsa.c | 62 ++++++++++++++++++---------------------
1 files changed, 29 insertions(+), 33 deletions(-)