DECL_FUNC_PTR(Leash_get_default_renew_min);
DECL_FUNC_PTR(Leash_get_default_renew_max);
DECL_FUNC_PTR(Leash_get_default_renewable);
+DECL_FUNC_PTR(Leash_get_default_mslsa_import);
// krb5 functions
DECL_FUNC_PTR(krb5_change_password);
DECL_FUNC_PTR(krb5_get_default_config_files);
DECL_FUNC_PTR(krb5_free_config_files);
DECL_FUNC_PTR(krb5_get_default_realm);
+DECL_FUNC_PTR(krb5_free_default_realm);
DECL_FUNC_PTR(krb5_free_ticket);
DECL_FUNC_PTR(krb5_decode_ticket);
DECL_FUNC_PTR(krb5_get_host_realm);
static int mid_cnt = 0;
static struct textField * mid_tb = NULL;
static HINSTANCE hKrb5 = 0;
+#ifdef USE_KRB4
static HINSTANCE hKrb4 = 0;
+#endif /* USE_KRB4 */
static HINSTANCE hKrb524 = 0;
#ifdef USE_MS2MIT
static HINSTANCE hSecur32 = 0;
{
if (hKrb5)
FreeLibrary(hKrb5);
+#ifdef USE_KRB4
if (hKrb4)
FreeLibrary(hKrb4);
+#endif /* USE_KRB4 */
if (hProfile)
FreeLibrary(hProfile);
if (hComErr)
char * pname = NULL;
krb5_data * princ_realm;
krb5_error_code code;
- char cell[128]="", realm[128]="";
+ char cell[128]="", realm[128]="", *def_realm = 0;
int i;
+ DWORD dwMsLsaImport;
if (!pkrb5_init_context)
return;
code = pkrb5_cc_get_principal(ctx, cc, &princ);
if ( code ) goto cleanup;
+ dwMsLsaImport = pLeash_get_default_mslsa_import();
+ switch ( dwMsLsaImport ) {
+ case 0: /* do not import */
+ goto cleanup;
+ case 1: /* always import */
+ break;
+ case 2: { /* matching realm */
+ char ms_realm[128] = "", *r;
+ int i;
+
+ for ( r=ms_realm, i=0; i<krb5_princ_realm(ctx, princ)->length; r++, i++ ) {
+ *r = krb5_princ_realm(ctx, princ)->data[i];
+ }
+ *r = '\0';
+
+ if (code = pkrb5_get_default_realm(ctx, &def_realm))
+ goto cleanup;
+
+ if (strcmp(def_realm, ms_realm))
+ goto cleanup;
+ break;
+ }
+ default:
+ break;
+ }
+
code = pkrb5_unparse_name(ctx,princ,&pname);
if ( code ) goto cleanup;
pkrb5_free_unparsed_name(ctx,pname);
if (princ)
pkrb5_free_principal(ctx,princ);
+ if (def_realm)
+ pkrb5_free_default_realm(ctx, def_realm);
if (cc)
pkrb5_cc_close(ctx,cc);
if (ctx)
DWORD code;
int pw_exp;
- char *reason;
+ char *reason = 0;
char *ctemp;
BOOLEAN interactive;
BOOLEAN afsWillAutoStart;
- BOOLEAN uppercased_name = TRUE;
+ BOOLEAN lowercased_name = TRUE;
LogonOptions_t opt; /* domain specific logon options */
int retryInterval;
ctemp = strchr(uname, '@');
if (ctemp) *ctemp = 0;
- /* is the name all uppercase? */
+ /* is the name all lowercase? */
for ( ctemp = uname; *ctemp ; ctemp++) {
- if ( islower(*ctemp) ) {
- uppercased_name = FALSE;
+ if ( !islower(*ctemp) ) {
+ lowercased_name = FALSE;
break;
}
}
/* if Integrated Logon */
if (ISLOGONINTEGRATED(opt.LogonOption))
- {
+ {
if ( KFW_is_available() ) {
code = KFW_AFS_get_cred(uname, cell, password, 0, opt.smbName, &reason);
- DebugEvent("KFW_AFS_get_cred uname=[%s] smbname=[%s] cell=[%s] code=[%d]",uname,opt.smbName,cell,code);
- }
- else {
+ DebugEvent("KFW_AFS_get_cred uname=[%s] smbname=[%s] cell=[%s] code=[%d]",
+ uname,opt.smbName,cell,code);
+ } else {
code = ka_UserAuthenticateGeneral2(KA_USERAUTH_VERSION+KA_USERAUTH_AUTHENT_LOGON,
uname, "", cell, password, opt.smbName, 0, &pw_exp, 0,
&reason);
- DebugEvent("AFS AfsLogon - (INTEGRATED only)ka_UserAuthenticateGeneral2","Code[%x]",
- code);
+
+ DebugEvent("AFS AfsLogon - ka_UserAuthenticateGeneral2","Code[%x] uname[%s] Cell[%s] Reason[%s]",
+ code,uname,cell,reason ? reason : "<none>");
+ {
+ char msg[2048];
+ sprintf(msg, "Code[%x] uname[%s] Cell[%s] Reason[%s]",
+ code,uname,cell,reason ? reason : "<none>");
+ MessageBox(hwndOwner,
+ msg,
+ "AFS Logon",
+ MB_ICONINFORMATION | MB_OK);
+ }
}
- if ( code && code != KTC_NOCM && code != KTC_NOCMRPC && uppercased_name ) {
+ if ( code && code != KTC_NOCM && code != KTC_NOCMRPC && !lowercased_name ) {
for ( ctemp = uname; *ctemp ; ctemp++) {
*ctemp = tolower(*ctemp);
}
- uppercased_name = FALSE;
+ lowercased_name = TRUE;
goto sleeping;
}
/* is service started yet?*/
- DebugEvent("AFS AfsLogon - ka_UserAuthenticateGeneral2","Code[%x] uname[%s] Cell[%s]",
- code,uname,cell);
-
/* If we've failed because the client isn't running yet and the
* client is set to autostart (and therefore it makes sense for
* us to wait for it to start) then sleep a while and try again.
* If the error was something else, then give up. */
if (code != KTC_NOCM && code != KTC_NOCMRPC || !afsWillAutoStart)
break;
- }
- else {
+ } else {
/*JUST check to see if its running*/
if (IsServiceRunning())
break;
projects / packages / o / openafs.git / commitdiff