From: Jeffrey Altman Date: Thu, 7 Jun 2012 13:52:13 +0000 (-0400) Subject: Windows: KFW_AFS_klog() changes X-Git-Tag: upstream/1.6.2_pre2^2~10 X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=7fd2d9ba8ba031308710c96c0c726f82e9b0b620;p=packages%2Fo%2Fopenafs.git Windows: KFW_AFS_klog() changes If an explicit 'realm' is specified as input: a. Do not duplicate a request for afs/cellname@REALM if the explicit realm matches the realm of the client principal. b. If afs/cellname@REALM fails, request afs@REALM for the explicit realm. This patchset does not apply to master due to Kerberos Compatibility SDK conversion. Reviewed-on: http://gerrit.openafs.org/8773 Tested-by: BuildBot Reviewed-by: Jeffrey Altman (cherry picked from commit f9e9d9aebf2f671b099253ec847b0dd32ce5c686) Change-Id: I0cbf8f9a540159b5169e4cdf409dc7e875527d77 Reviewed-on: http://gerrit.openafs.org/8776 Tested-by: BuildBot Reviewed-by: Paul Smeddle Reviewed-by: Stephan Wiesand --- diff --git a/src/WINNT/afsd/afskfw.c b/src/WINNT/afsd/afskfw.c index 11388b929..7ce4516b0 100644 --- a/src/WINNT/afsd/afskfw.c +++ b/src/WINNT/afsd/afskfw.c @@ -3019,11 +3019,11 @@ KFW_AFS_klog( /* ALWAYS first try service/cell@CLIENT_REALM */ if (code = pkrb5_build_principal(ctx, &increds.server, - (int)strlen(realm_of_user), - realm_of_user, - ServiceName, - CellName, - 0)) + (int)strlen(realm_of_user), + realm_of_user, + ServiceName, + CellName, + 0)) { goto cleanup; } @@ -3065,40 +3065,79 @@ KFW_AFS_klog( * then use it */ if (strlen(realm) != 0) { - /* service/cell@REALM */ - increds.server = 0; - code = pkrb5_build_principal(ctx, &increds.server, - (int)strlen(realm), - realm, - ServiceName, - CellName, - 0); - if ( IsDebuggerPresent() ) { - char * cname, *sname; - pkrb5_unparse_name(ctx, increds.client, &cname); - pkrb5_unparse_name(ctx, increds.server, &sname); - OutputDebugString("Getting tickets for \""); - OutputDebugString(cname); - OutputDebugString("\" and service \""); - OutputDebugString(sname); - OutputDebugString("\"\n"); - pkrb5_free_unparsed_name(ctx,cname); - pkrb5_free_unparsed_name(ctx,sname); - } + /* But only if the realm is different from the realm_of_user */ + if (strcmp(realm_of_user, realm)) { + /* service/cell@REALM */ + increds.server = 0; + code = pkrb5_build_principal(ctx, &increds.server, + (int)strlen(realm), + realm, + ServiceName, + CellName, + 0); + if ( IsDebuggerPresent() ) { + char * cname, *sname; + pkrb5_unparse_name(ctx, increds.client, &cname); + pkrb5_unparse_name(ctx, increds.server, &sname); + OutputDebugString("Getting tickets for \""); + OutputDebugString(cname); + OutputDebugString("\" and service \""); + OutputDebugString(sname); + OutputDebugString("\"\n"); + pkrb5_free_unparsed_name(ctx,cname); + pkrb5_free_unparsed_name(ctx,sname); + } - if (!code) { - do { - code = pkrb5_get_credentials(ctx, 0, cc, &increds, &k5creds); - if (code == KRB5KRB_AP_ERR_REPEAT) - Sleep(1000); - } while(code == KRB5KRB_AP_ERR_REPEAT); + if (!code) { + do { + code = pkrb5_get_credentials(ctx, 0, cc, &increds, &k5creds); + if (code == KRB5KRB_AP_ERR_REPEAT) + Sleep(1000); + } while(code == KRB5KRB_AP_ERR_REPEAT); + } + + if (code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN || + code == KRB5_ERR_HOST_REALM_UNKNOWN || + code == KRB5KRB_ERR_GENERIC /* heimdal */ || + code == KRB5KRB_AP_ERR_MSG_TYPE) { + /* Or service@REALM */ + pkrb5_free_principal(ctx,increds.server); + increds.server = 0; + code = pkrb5_build_principal(ctx, &increds.server, + (int)strlen(realm), + realm, + ServiceName, + 0); + + if ( IsDebuggerPresent() ) { + char * cname, *sname; + pkrb5_unparse_name(ctx, increds.client, &cname); + pkrb5_unparse_name(ctx, increds.server, &sname); + OutputDebugString("krb5_get_credentials() returned Service Principal Unknown\n"); + OutputDebugString("Trying again: getting tickets for \""); + OutputDebugString(cname); + OutputDebugString("\" and service \""); + OutputDebugString(sname); + OutputDebugString("\"\n"); + pkrb5_free_unparsed_name(ctx,cname); + pkrb5_free_unparsed_name(ctx,sname); + } + + if (!code) { + do { + code = pkrb5_get_credentials(ctx, 0, cc, &increds, &k5creds); + if (code == KRB5KRB_AP_ERR_REPEAT) + Sleep(1000); + } while(code == KRB5KRB_AP_ERR_REPEAT); + } + } } if (code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN || - code == KRB5_ERR_HOST_REALM_UNKNOWN || - code == KRB5KRB_ERR_GENERIC /* heimdal */ || - code == KRB5KRB_AP_ERR_MSG_TYPE) { - /* Or service@REALM */ + code == KRB5_ERR_HOST_REALM_UNKNOWN || + code == KRB5KRB_ERR_GENERIC /* heimdal */ || + code == KRB5KRB_AP_ERR_MSG_TYPE) { + /* Finally service@REALM */ pkrb5_free_principal(ctx,increds.server); increds.server = 0; code = pkrb5_build_principal(ctx, &increds.server, @@ -3128,6 +3167,9 @@ KFW_AFS_klog( Sleep(1000); } while(code == KRB5KRB_AP_ERR_REPEAT); } + + if (!code && !strlen(realm_of_cell)) + copy_realm_of_ticket(ctx, realm_of_cell, sizeof(realm_of_cell), k5creds); } if (code == 0) { @@ -3167,6 +3209,7 @@ KFW_AFS_klog( Sleep(1000); } while(code == KRB5KRB_AP_ERR_REPEAT); } + if (!code && !strlen(realm_of_cell)) copy_realm_of_ticket(ctx, realm_of_cell, sizeof(realm_of_cell), k5creds); }