Skip Menu |
 

From: tlyu@mit.edu
Subject: git commit

Add cleanup label in ms2mit

https://github.com/krb5/krb5/commit/e033a81c891030741952e4743a0b5503bdbcea17
Author: Sarah Day <sarahday@mit.edu>
Committer: Tom Yu <tlyu@mit.edu>
Commit: e033a81c891030741952e4743a0b5503bdbcea17
Branch: master
src/windows/ms2mit/ms2mit.c | 62 ++++++++++++++-----------------------------
1 files changed, 20 insertions(+), 42 deletions(-)
From: tlyu@mit.edu
Subject: git commit
Download (untitled) / with headers
text/plain 1.2KiB

Default to LSA when TGT in LSA is inaccessible

When UAC is enabled and a domain user with Administrator privileges
logs in, the TGT is inaccessible. Access to the TGT in a
UAC-restricted session may allow a non-elevated user to bypass the
UAC. In a UAC-restricted session, ms2mit copies the current tickets
from the LSA ccache to the API ccache except the TGT, effectively
preventing a user session from getting additional service tickets
while appearing, for some purposes, to have a usable ccache.

Another bug is that ms2mit always copies from the LSA ccache to the
default ccache, even if the default ccache is itself the LSA ccache.

New behavior:

* If the TGT is accessible in the LSA ccache, copy the LSA ccache to
the API ccache.

* Set the registry key for the default ccname to "API:" if the copy
occurred, or to "MSLSA:" if it didn't occur.

[tlyu@mit.edu: edit commit message]

https://github.com/krb5/krb5/commit/33b862799efa65b16e2acd1510c84d9f1ded2cbb
Author: Sarah Day <sarahday@mit.edu>
Committer: Tom Yu <tlyu@mit.edu>
Commit: 33b862799efa65b16e2acd1510c84d9f1ded2cbb
Branch: master
src/windows/ms2mit/ms2mit.c | 99 ++++++++++++++++++++++++++++++++++---------
1 files changed, 79 insertions(+), 20 deletions(-)
From: tlyu@mit.edu
Subject: git commit

Add cleanup label in ms2mit

(cherry picked from commit e033a81c891030741952e4743a0b5503bdbcea17)

https://github.com/krb5/krb5/commit/4afb175c2077881f7cd430e15c5d1f6ac3cc4aeb
Author: Sarah Day <sarahday@mit.edu>
Committer: Tom Yu <tlyu@mit.edu>
Commit: 4afb175c2077881f7cd430e15c5d1f6ac3cc4aeb
Branch: krb5-1.14
src/windows/ms2mit/ms2mit.c | 62 ++++++++++++++-----------------------------
1 files changed, 20 insertions(+), 42 deletions(-)
From: tlyu@mit.edu
Subject: git commit
Download (untitled) / with headers
text/plain 1.2KiB

Default to LSA when TGT in LSA is inaccessible

When UAC is enabled and a domain user with Administrator privileges
logs in, the TGT is inaccessible. Access to the TGT in a
UAC-restricted session may allow a non-elevated user to bypass the
UAC. In a UAC-restricted session, ms2mit copies the current tickets
from the LSA ccache to the API ccache except the TGT, effectively
preventing a user session from getting additional service tickets
while appearing, for some purposes, to have a usable ccache.

Another bug is that ms2mit always copies from the LSA ccache to the
default ccache, even if the default ccache is itself the LSA ccache.

New behavior:

* If the TGT is accessible in the LSA ccache, copy the LSA ccache to
the API ccache.

* Set the registry key for the default ccname to "API:" if the copy
occurred, or to "MSLSA:" if it didn't occur.

[tlyu@mit.edu: edit commit message]

(cherry picked from commit 33b862799efa65b16e2acd1510c84d9f1ded2cbb)

https://github.com/krb5/krb5/commit/e2ab5a8d7b5ec06dadadcf844132c2cc496c9bfa
Author: Sarah Day <sarahday@mit.edu>
Committer: Tom Yu <tlyu@mit.edu>
Commit: e2ab5a8d7b5ec06dadadcf844132c2cc496c9bfa
Branch: krb5-1.14
src/windows/ms2mit/ms2mit.c | 99 ++++++++++++++++++++++++++++++++++---------
1 files changed, 79 insertions(+), 20 deletions(-)
From: tlyu@mit.edu
Subject: git commit

Add cleanup label in ms2mit

(cherry picked from commit e033a81c891030741952e4743a0b5503bdbcea17)

https://github.com/krb5/krb5/commit/e77af6d50e8a4bd66988cdb231551614791b873e
Author: Sarah Day <sarahday@mit.edu>
Committer: Tom Yu <tlyu@mit.edu>
Commit: e77af6d50e8a4bd66988cdb231551614791b873e
Branch: krb5-1.13
src/windows/ms2mit/ms2mit.c | 62 ++++++++++++++-----------------------------
1 files changed, 20 insertions(+), 42 deletions(-)
From: tlyu@mit.edu
Subject: git commit
Download (untitled) / with headers
text/plain 1.2KiB

Default to LSA when TGT in LSA is inaccessible

When UAC is enabled and a domain user with Administrator privileges
logs in, the TGT is inaccessible. Access to the TGT in a
UAC-restricted session may allow a non-elevated user to bypass the
UAC. In a UAC-restricted session, ms2mit copies the current tickets
from the LSA ccache to the API ccache except the TGT, effectively
preventing a user session from getting additional service tickets
while appearing, for some purposes, to have a usable ccache.

Another bug is that ms2mit always copies from the LSA ccache to the
default ccache, even if the default ccache is itself the LSA ccache.

New behavior:

* If the TGT is accessible in the LSA ccache, copy the LSA ccache to
the API ccache.

* Set the registry key for the default ccname to "API:" if the copy
occurred, or to "MSLSA:" if it didn't occur.

[tlyu@mit.edu: edit commit message]

(cherry picked from commit 33b862799efa65b16e2acd1510c84d9f1ded2cbb)

https://github.com/krb5/krb5/commit/d61414189b4c157b19e3e7e7b9039a6ced88fbd8
Author: Sarah Day <sarahday@mit.edu>
Committer: Tom Yu <tlyu@mit.edu>
Commit: d61414189b4c157b19e3e7e7b9039a6ced88fbd8
Branch: krb5-1.13
src/windows/ms2mit/ms2mit.c | 99 ++++++++++++++++++++++++++++++++++---------
1 files changed, 79 insertions(+), 20 deletions(-)