[3237] in Kerberos-V5-bugs
krb5-clients/982: NoAddresses for tickets obtained using the krb5.exe
daemon@ATHENA.MIT.EDU (DEEngert@anl.gov)
Fri Jul 20 16:26:05 2001
Resent-From: gnats@rt-11.mit.edu (GNATS Management)
Resent-To: krb5-unassigned@rt-11.mit.edu
Resent-Reply-To: krb5-bugs@MIT.EDU, DEEngert@anl.gov
Message-Id: <200107202025.PAA28551@orleans.ctd.anl.gov>
Date: Fri, 20 Jul 2001 15:25:14 -0500 (CDT)
From: DEEngert@anl.gov
Reply-To: DEEngert@anl.gov
To: krb5-bugs@mit.edu
>Number: 982
>Category: krb5-clients
>Synopsis: Support NoAddresses from Windows krb5.exe
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: change-request
>Submitter-Id: unknown
>Arrival-Date: Fri Jul 20 16:26:01 EDT 2001
>Last-Modified:
>Originator: Douglas Engert
>Organization:
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
>Release: krb5-1.2.2
>Environment:
System: Windows and krb5.exe
>Description:
The krb5.exe can not request a ticket without addresses.
This is needed as NAT and VPNs are becomming more common.
>How-To-Repeat:
>Fix:
Attached are diffs to add a NoAddresses checkbox.
*** src/windows/cns/,options.c Wed Feb 28 16:08:35 2001
--- src/windows/cns/options.c Thu Jul 12 15:09:21 2001
***************
*** 74,79 ****
--- 74,82 ----
forwardable = cns_res.forwardable;
SendDlgItemMessage(hwnd, IDD_FORWARDABLE, BM_SETCHECK, forwardable, 0);
+ noaddresses = cns_res.noaddresses;
+ SendDlgItemMessage(hwnd, IDD_NOADDRESSES, BM_SETCHECK, noaddresses, 0);
+
return TRUE;
}
***************
*** 160,165 ****
--- 163,171 ----
forwardable = SendDlgItemMessage(hwnd, IDD_FORWARDABLE, BM_GETCHECK, 0, 0);
cns_res.forwardable = forwardable;
+
+ noaddresses = SendDlgItemMessage(hwnd, IDD_NOADDRESSES, BM_GETCHECK, 0, 0);
+ cns_res.noaddresses = noaddresses;
EndDialog(hwnd, IDOK);
*** src/windows/cns/,cnsres5.rc Wed Feb 28 16:08:35 2001
--- src/windows/cns/cnsres5.rc Thu Jul 12 15:34:02 2001
***************
*** 161,167 ****
95,65,39,12
GROUPBOX "Ticket options",IDD_TKOPT,5,86,158,23,WS_GROUP
CONTROL "&Forwardable",IDD_FORWARDABLE,"Button",BS_AUTOCHECKBOX |
! WS_TABSTOP,54,95,65,12
DEFPUSHBUTTON "OK",IDOK,19,117,52,14
PUSHBUTTON "Cancel",IDCANCEL,95,117,52,14
END
--- 161,169 ----
95,65,39,12
GROUPBOX "Ticket options",IDD_TKOPT,5,86,158,23,WS_GROUP
CONTROL "&Forwardable",IDD_FORWARDABLE,"Button",BS_AUTOCHECKBOX |
! WS_TABSTOP,25,95,65,12
! CONTROL "&NoAddresses",IDD_NOADDRESSES,"Button",BS_AUTOCHECKBOX |
! WS_TABSTOP,90,95,65,12
DEFPUSHBUTTON "OK",IDOK,19,117,52,14
PUSHBUTTON "Cancel",IDCANCEL,95,117,52,14
END
*** src/windows/cns/,cns.h Wed Feb 28 16:08:35 2001
--- src/windows/cns/cns.h Thu Jul 12 15:00:08 2001
***************
*** 145,150 ****
--- 145,151 ----
#define IDD_ALERT 312
#define IDD_TKOPT 320
#define IDD_FORWARDABLE 321
+ #define IDD_NOADDRESSES 322
/*
* the entire range (400 through 499) is reserved for the blasted variable
***************
*** 200,205 ****
--- 201,207 ----
extern krb5_ccache k5_ccache;
extern char ccname[FILENAME_MAX];
extern BOOL forwardable;
+ extern BOOL noaddresses;
#endif
/*
*** src/windows/cns/,cns_reg.c Wed Feb 28 16:08:35 2001
--- src/windows/cns/cns_reg.c Thu Jul 12 14:57:53 2001
***************
*** 45,50 ****
--- 45,51 ----
cns_res.beep = 0;
cns_res.lifetime = DEFAULT_TKT_LIFE * 5;
cns_res.forwardable = 1;
+ cns_res.noaddresses = 0;
for (i = 1 ; i < FILE_MENU_MAX_LOGINS ; i++)
***************
*** 117,122 ****
--- 118,126 ----
if (registry_dword_get(key, "forwardable", &tdw) == 0)
cns_res.forwardable = tdw;
+ if (registry_dword_get(key, "noaddresses", &tdw) == 0)
+ cns_res.noaddresses = tdw;
+
if (registry_dword_get(key, "alert", &tdw) == 0)
cns_res.alert = tdw;
***************
*** 196,201 ****
--- 200,206 ----
registry_dword_set(key, "beep", cns_res.beep);
registry_dword_set(key, "lifetime", cns_res.lifetime);
registry_dword_set(key, "forwardable", cns_res.forwardable);
+ registry_dword_set(key, "noaddresses", cns_res.noaddresses);
registry_string_set(key, "name", cns_res.name);
registry_string_set(key, "realm", cns_res.realm);
*** src/windows/cns/,cns.c Wed Feb 28 16:08:35 2001
--- src/windows/cns/cns.c Thu Jul 12 15:06:21 2001
***************
*** 56,61 ****
--- 56,62 ----
#ifdef KRB5
char ccname[FILENAME_MAX]; /* ccache file location */
BOOL forwardable; /* TRUE to get forwardable tickets */
+ BOOL noaddresses;
krb5_context k5_context;
krb5_ccache k5_ccache;
#endif
***************
*** 1222,1227 ****
--- 1223,1231 ----
krb5_get_init_creds_opt_init(&opts);
krb5_get_init_creds_opt_set_forwardable(&opts, forwardable);
krb5_get_init_creds_opt_set_tkt_life(&opts, lifetime * 60);
+ if (noaddresses) {
+ krb5_get_init_creds_opt_set_address_list(&opts, NULL);
+ }
/*
* get the initial creds using the password and the options we set above
***************
*** 1698,1703 ****
--- 1702,1708 ----
* ticket options
*/
forwardable = cns_res.forwardable;
+ noaddresses = cns_res.noaddresses;
/*
* Load clock icons
*** src/windows/cns/,cns_reg.h Wed Feb 28 16:08:35 2001
--- src/windows/cns/cns_reg.h Thu Jul 12 14:58:08 2001
***************
*** 17,22 ****
--- 17,23 ----
DWORD forwardable; /* get forwardable tickets? */
DWORD conf_override; /* allow changing of confname */
DWORD cc_override; /* allow changing of ccname */
+ DWORD noaddresses; /* Don't require address in tickets */
char name[MAX_K_NAME_SZ]; /* last user used */
char realm[MAX_K_NAME_SZ]; /* last realm used */
char confname[FILENAME_MAX];
>Audit-Trail:
>Unformatted:
