From 14005bc769bbca0a1944aacce1f4c9aae7d55d9b Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Tue, 4 May 2004 23:48:15 +0000 Subject: [PATCH] afskfw-library-20040504 Migrate KFW functionality from src/WINNT/client_creds/afskfw* into a a new library to be shared by afslogon.dll, afscreds.exe Add KFW support to afslogon.dll ==================== This delta was composed from multiple commits as part of the CVS->Git migration. The checkin message with each commit was inconsistent. The following are the additional commit messages. ==================== Migrate KFW functionality from src/WINNT/client_creds/afskfw* into a a new library to be shared by afslogon.dll, afscreds.exe Move IP Address Change Monitor into new source files. Add smbname support to the KFW set token functionality in afscreds.exe --- src/WINNT/afsd/NTMakefile | 49 +- src/WINNT/{client_creds => afsd}/afskfw-int.h | 44 +- src/WINNT/{client_creds => afsd}/afskfw.c | 542 +++--------------- src/WINNT/{client_creds => afsd}/afskfw.h | 38 +- src/WINNT/afsd/afslogon.c | 16 +- src/WINNT/client_creds/NTMakefile | 9 +- src/WINNT/client_creds/afscreds.h | 2 + src/WINNT/client_creds/creds.cpp | 18 +- src/WINNT/client_creds/main.cpp | 16 +- src/WINNT/client_creds/window.cpp | 4 +- 10 files changed, 191 insertions(+), 547 deletions(-) rename src/WINNT/{client_creds => afsd}/afskfw-int.h (84%) rename src/WINNT/{client_creds => afsd}/afskfw.c (87%) rename src/WINNT/{client_creds => afsd}/afskfw.h (62%) diff --git a/src/WINNT/afsd/NTMakefile b/src/WINNT/afsd/NTMakefile index a0c28404d..a99b91f14 100644 --- a/src/WINNT/afsd/NTMakefile +++ b/src/WINNT/afsd/NTMakefile @@ -5,7 +5,7 @@ # License. For details, see the LICENSE file in the top-level source # directory or online at http://www.openafs.org/dl/license10.html -AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES) /D"_AFXDLL" +AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES) /D"_AFXDLL" -I..\kfw\inc\loadfuncs -I..\kfw\inc\krb5 -I..\kfw\inc\leash AFSDEV_NETGUI = 1 RELDIR=WINNT\afsd !INCLUDE ..\..\config\NTMakefile.$(SYS_NAME) @@ -63,7 +63,8 @@ INCFILES =\ $(INCFILEDIR)\cm_buf.h \ $(INCFILEDIR)\cm_freelance.h \ $(INCFILEDIR)\afsd_eventlog.h \ - $(INCFILEDIR)\afsd_eventmessages.h + $(INCFILEDIR)\afsd_eventmessages.h \ + $(INCFILEDIR)\afskfw.h IDLFILES =\ afsrpc.h $(OUT)\afsrpc_c.obj @@ -174,6 +175,32 @@ $(CONF_DLLFILE): $(CONFOBJS) $(OUT)\libafsconf.res $(CONF_DLLLIBS) $(COPY) $*.lib $(ILIBDIR) $(DEL) $*.lib $*.exp +############################################################################ +# lanahelper.lib + +LANAHELPERLIB = $(DESTDIR)\lib\lanahelper.lib + +LANAHELPERLIB_OBJS =\ + $(OUT)\lanahelper.obj + +$(LANAHELPERLIB_OBJS): + +$(LANAHELPERLIB): $(LANAHELPERLIB_OBJS) + $(LIBARCH) netapi32.lib + +############################################################################ +# afskfw.lib + +AFSKFWLIB = $(DESTDIR)\lib\afskfw.lib + +AFSKFWLIB_OBJS =\ + $(OUT)\afskfw.obj + +$(AFSKFWLIB_OBJS): + +$(AFSKFWLIB): $(AFSKFWLIB_OBJS) + $(LIBARCH) + ############################################################################ # afslogon.dll @@ -185,7 +212,10 @@ LOGON_DLLOBJS =\ LOGON_DLLLIBS =\ $(DESTDIR)\lib\afsauthent.lib \ - $(DESTDIR)\lib\libafsconf.lib + $(DESTDIR)\lib\libafsconf.lib \ + $(DESTDIR)\lib\afsrxkad.lib \ + $(DESTDIR)\lib\afsdes.lib \ + $(AFSKFWLIB) $(LOGON_DLLFILE): $(LOGON_DLLOBJS) $(LOGON_DLLLIBS) $(DLLGUILINK) $(LOGONLINKFLAGS) -def:afslogon.def dnsapi.lib secur32.lib @@ -212,19 +242,6 @@ $(LOG95_DLLFILE): $(LOG95_DLLOBJS) $(LOG95_DLLLIBS) $(COPY) $*.lib $(DESTDIR)\lib $(DEL) $*.lib $*.exp -############################################################################ -# lanahelper.lib - -LANAHELPERLIB = $(DESTDIR)\lib\lanahelper.lib - -LANAHELPERLIB_OBJS =\ - $(OUT)\lanahelper.obj - -$(LANAHELPERLIB_OBJS): - -$(LANAHELPERLIB): $(LANAHELPERLIB_OBJS) - $(LIBARCH) netapi32.lib - ############################################################################ # Install target; primary makefile target diff --git a/src/WINNT/client_creds/afskfw-int.h b/src/WINNT/afsd/afskfw-int.h similarity index 84% rename from src/WINNT/client_creds/afskfw-int.h rename to src/WINNT/afsd/afskfw-int.h index 139bceb93..329b83689 100644 --- a/src/WINNT/client_creds/afskfw-int.h +++ b/src/WINNT/afsd/afskfw-int.h @@ -104,31 +104,6 @@ typedef BOOL (WINAPI *FP_CloseServiceHandle)(SC_HANDLE); #define KRB5_DEFAULT_LIFE 60*60*10 /* 10 hours */ #define LSA_CCNAME "MSLSA:" -#define PROBE_USERNAME "OPENAFS-KDC-PROBE" -#define PROBE_PASSWORD_LEN 16 - -#define MAXCELLCHARS 64 -#define MAXHOSTCHARS 64 -#define MAXHOSTSPERCELL 8 -#define TRANSARCAFSDAEMON "TransarcAFSDaemon" -typedef struct { - char name[MAXCELLCHARS]; - short numServers; - short flags; - struct sockaddr_in hostAddr[MAXHOSTSPERCELL]; - char hostName[MAXHOSTSPERCELL][MAXHOSTCHARS]; - char *linkedCell; -} afsconf_cell; - -struct ktc_token { - time_t startTime; - time_t endTime; - struct ktc_encryptionKey sessionKey; - short kvno; /* XXX UNALIGNED */ - int ticketLen; - char ticket[MAXKTCTICKETLEN]; -}; - #define KTC_ERROR 11862784L #define KTC_TOOBIG 11862785L #define KTC_INVAL 11862786L @@ -266,27 +241,12 @@ int KFW_get_ccache(krb5_context, krb5_principal, krb5_ccache *); int KFW_error(krb5_error_code, LPCSTR, int, krb5_context *, krb5_ccache *); int KFW_kinit(krb5_context, krb5_ccache, HWND, char *, char *, krb5_deltat, DWORD, DWORD, krb5_deltat, DWORD, DWORD); -int KFW_AFS_get_cred(char *, char *, char *, char *, int, char **); int KFW_renew(krb5_context, krb5_ccache); int KFW_destroy(krb5_context, krb5_ccache); BOOL KFW_ms2mit(krb5_context, krb5_ccache, BOOL); int KFW_AFS_unlog(void); -int KFW_AFS_klog(krb5_context, krb5_ccache, char*, char*, char*, int); +int KFW_AFS_klog(krb5_context, krb5_ccache, char*, char*, char*, int, char*); void KFW_import_ccache_data(void); -void KFW_import_windows_lsa(void); BOOL MSLSA_IsKerberosLogon(); - -/* From afs/krb_prot.h */ -/* values for kerb error codes */ -#define KERB_ERR_OK 0 -#define KERB_ERR_NAME_EXP 1 -#define KERB_ERR_SERVICE_EXP 2 -#define KERB_ERR_AUTH_EXP 3 -#define KERB_ERR_PKT_VER 4 -#define KERB_ERR_NAME_MAST_KEY_VER 5 -#define KERB_ERR_SERV_MAST_KEY_VER 6 -#define KERB_ERR_BYTE_ORDER 7 -#define KERB_ERR_PRINCIPAL_UNKNOWN 8 -#define KERB_ERR_PRINCIPAL_NOT_UNIQUE 9 -#define KERB_ERR_NULL_KEY 10 +char *afs_realm_of_cell(struct afsconf_cell *); #endif /* AFSKFW_INT_H */ diff --git a/src/WINNT/client_creds/afskfw.c b/src/WINNT/afsd/afskfw.c similarity index 87% rename from src/WINNT/client_creds/afskfw.c rename to src/WINNT/afsd/afskfw.c index d64df2142..38402c2af 100644 --- a/src/WINNT/client_creds/afskfw.c +++ b/src/WINNT/afsd/afskfw.c @@ -59,7 +59,6 @@ #define USE_KRB4 #include "afskfw-int.h" #include "afskfw.h" -#include "creds.h" #include #include /* for life_to_time */ @@ -365,9 +364,9 @@ FUNC_INFO afsc_fi[] = { }; /* Static Prototypes */ -static char *afs_realm_of_cell(afsconf_cell *); +char *afs_realm_of_cell(struct afsconf_cell *); static long get_cellconfig_callback(void *, struct sockaddr_in *, char *); -static int get_cellconfig(char *, afsconf_cell *, char *); +int KFW_AFS_get_cellconfig(char *, struct afsconf_cell *, char *); static krb5_error_code KRB5_CALLCONV KRB5_prompter( krb5_context context, void *data, const char *name, const char *banner, int num_prompts, krb5_prompt prompts[]); @@ -926,7 +925,7 @@ KFW_import_windows_lsa(void) } cell[i] = '\0'; - code = KFW_AFS_klog(ctx, cc, "afs", cell, realm->data, pLeash_get_default_lifetime()); + code = KFW_AFS_klog(ctx, cc, "afs", cell, realm->data, pLeash_get_default_lifetime(),NULL); if ( IsDebuggerPresent() ) { char message[256]; sprintf(message,"KFW_AFS_klog() returns: %d\n",code); @@ -1099,7 +1098,7 @@ KFW_import_ccache_data(void) OutputDebugString("Calling KFW_AFS_klog() to obtain token\n"); } - code = KFW_AFS_klog(ctx, cc, "afs", cell->data, realm->data, pLeash_get_default_lifetime()); + code = KFW_AFS_klog(ctx, cc, "afs", cell->data, realm->data, pLeash_get_default_lifetime(),NULL); if ( IsDebuggerPresent() ) { char message[256]; sprintf(message,"KFW_AFS_klog() returns: %d\n",code); @@ -1154,6 +1153,7 @@ KFW_AFS_get_cred(char * username, char * cell, char * password, int lifetime, + char * smbname, char ** reasonP ) { krb5_context ctx = 0; @@ -1166,7 +1166,7 @@ KFW_AFS_get_cred(char * username, char local_cell[MAXCELLCHARS+1]; char **cells = NULL; int cell_count=0; - afsconf_cell cellconfig; + struct afsconf_cell cellconfig; if (!pkrb5_init_context) return 0; @@ -1186,7 +1186,7 @@ KFW_AFS_get_cred(char * username, code = pkrb5_init_context(&ctx); if ( code ) goto cleanup; - code = get_cellconfig( cell, (void*)&cellconfig, local_cell); + code = KFW_AFS_get_cellconfig( cell, (void*)&cellconfig, local_cell); if ( code ) goto cleanup; realm = strchr(username,'@'); @@ -1235,7 +1235,7 @@ KFW_AFS_get_cred(char * username, KFW_AFS_update_princ_ccache_data(ctx, cc, FALSE); - code = KFW_AFS_klog(ctx, cc, "afs", cell, realm, lifetime); + code = KFW_AFS_klog(ctx, cc, "afs", cell, realm, lifetime,smbname); if ( IsDebuggerPresent() ) { char message[256]; sprintf(message,"KFW_AFS_klog() returns: %d\n",code); @@ -1256,7 +1256,7 @@ KFW_AFS_get_cred(char * username, sprintf(message,"found another cell for the same principal: %s\n",cell); OutputDebugString(message); } - code = get_cellconfig( cells[cell_count], (void*)&cellconfig, local_cell); + code = KFW_AFS_get_cellconfig( cells[cell_count], (void*)&cellconfig, local_cell); if ( code ) continue; realm = afs_realm_of_cell(&cellconfig); // do not free @@ -1266,7 +1266,7 @@ KFW_AFS_get_cred(char * username, OutputDebugString("\n"); } - code = KFW_AFS_klog(ctx, cc, "afs", cells[cell_count], realm, lifetime); + code = KFW_AFS_klog(ctx, cc, "afs", cells[cell_count], realm, lifetime,smbname); if ( IsDebuggerPresent() ) { char message[256]; sprintf(message,"KFW_AFS_klog() returns: %d\n",code); @@ -1369,7 +1369,7 @@ KFW_AFS_renew_expiring_tokens(void) char ** cells=NULL; const char * realm = NULL; char local_cell[MAXCELLCHARS+1]=""; - afsconf_cell cellconfig; + struct afsconf_cell cellconfig; if (!pkrb5_init_context) return 0; @@ -1422,7 +1422,7 @@ KFW_AFS_renew_expiring_tokens(void) OutputDebugString(cells[cell_count]); OutputDebugString("\n"); } - code = get_cellconfig( cells[cell_count], (void*)&cellconfig, local_cell); + code = KFW_AFS_get_cellconfig( cells[cell_count], (void*)&cellconfig, local_cell); if ( code ) continue; realm = afs_realm_of_cell(&cellconfig); // do not free if ( IsDebuggerPresent() ) { @@ -1430,7 +1430,7 @@ KFW_AFS_renew_expiring_tokens(void) OutputDebugString(realm); OutputDebugString("\n"); } - code = KFW_AFS_klog(ctx, cc, "afs", cells[cell_count], (char *)realm, pLeash_get_default_lifetime()); + code = KFW_AFS_klog(ctx, cc, "afs", cells[cell_count], (char *)realm, pLeash_get_default_lifetime(),NULL); if ( IsDebuggerPresent() ) { char message[256]; sprintf(message,"KFW_AFS_klog() returns: %d\n",code); @@ -1495,7 +1495,7 @@ KFW_AFS_renew_token_for_cell(char * cell) #endif /* COMMENT */ krb5_ccache cc = 0; const char * realm = NULL; - afsconf_cell cellconfig; + struct afsconf_cell cellconfig; char local_cell[MAXCELLCHARS+1]; while ( count-- ) { @@ -1505,7 +1505,7 @@ KFW_AFS_renew_token_for_cell(char * cell) code = KFW_get_ccache(ctx, princ, &cc); if (code) goto loop_cleanup; - code = get_cellconfig( cell, (void*)&cellconfig, local_cell); + code = KFW_AFS_get_cellconfig( cell, (void*)&cellconfig, local_cell); if ( code ) goto loop_cleanup; realm = afs_realm_of_cell(&cellconfig); // do not free @@ -1548,7 +1548,7 @@ KFW_AFS_renew_token_for_cell(char * cell) } #endif /* COMMENT */ - code = KFW_AFS_klog(ctx, cc, "afs", cell, (char *)realm, pLeash_get_default_lifetime()); + code = KFW_AFS_klog(ctx, cc, "afs", cell, (char *)realm, pLeash_get_default_lifetime(),NULL); if ( IsDebuggerPresent() ) { char message[256]; sprintf(message,"KFW_AFS_klog() returns: %d\n",code); @@ -2403,7 +2403,8 @@ KFW_AFS_klog( char *service, char *cell, char *realm, - int LifeTime + int LifeTime, + char *smbname ) { long rc = 0; @@ -2417,7 +2418,7 @@ KFW_AFS_klog( char Dmycell[MAXCELLCHARS+1]; struct ktc_token atoken; struct ktc_token btoken; - afsconf_cell ak_cellconfig; /* General information about the cell */ + struct afsconf_cell ak_cellconfig; /* General information about the cell */ char RealmName[128]; char CellName[128]; char ServiceName[128]; @@ -2461,7 +2462,7 @@ KFW_AFS_klog( memset(Dmycell, '\0', sizeof(Dmycell)); // NULL or empty cell returns information on local cell - if (rc = get_cellconfig(Dmycell, &ak_cellconfig, local_cell)) + if (rc = KFW_AFS_get_cellconfig(Dmycell, &ak_cellconfig, local_cell)) { // KFW_AFS_error(rc, "get_cellconfig()"); return(rc); @@ -2529,8 +2530,7 @@ KFW_AFS_klog( memset(&creds, '\0', sizeof(creds)); if ( try_krb5 ) { - int i, len; - char *p; + int len; /* First try service/cell@REALM */ if (code = pkrb5_build_principal(ctx, &increds.server, @@ -2737,7 +2737,12 @@ KFW_AFS_klog( p[len] = '\0'; } - aclient.smbname[0] = '\0'; + if ( smbname ) { + strncpy(aclient.smbname, smbname, MAXRANDOMNAMELEN); + aclient.smbname[MAXRANDOMNAMELEN-1] = '\0'; + } else { + aclient.smbname[0] = '\0'; + } rc = pktc_SetToken(&aserver, &atoken, &aclient, 0); if (!rc) @@ -2843,7 +2848,6 @@ KFW_AFS_klog( if ( strcmp(realm_of_cell, creds.realm) ) { - char * p; strncat(aclient.name, "@", MAXKTCNAMELEN - 1); strncpy(aclient.name, creds.realm, MAXKTCREALMLEN - 1); } @@ -2851,6 +2855,13 @@ KFW_AFS_klog( strcpy(aclient.cell, CellName); + if ( smbname ) { + strncpy(aclient.smbname, smbname, MAXRANDOMNAMELEN); + aclient.smbname[MAXRANDOMNAMELEN-1] = '\0'; + } else { + aclient.smbname[0] = '\0'; + } + if (rc = pktc_SetToken(&aserver, &atoken, &aclient, 0)) { KFW_AFS_error(rc, "ktc_SetToken()"); @@ -2880,7 +2891,7 @@ KFW_AFS_klog( /* afs_realm_of_cell(): */ /**************************************/ static char * -afs_realm_of_cell(afsconf_cell *cellconfig) +afs_realm_of_cell(struct afsconf_cell *cellconfig) { static char krbrlm[REALM_SZ+1]=""; krb5_context ctx = 0; @@ -2920,10 +2931,10 @@ afs_realm_of_cell(afsconf_cell *cellconfig) } /**************************************/ -/* get_cellconfig(): */ +/* KFW_AFS_get_cellconfig(): */ /**************************************/ -static int -get_cellconfig(char *cell, afsconf_cell *cellconfig, char *local_cell) +int +KFW_AFS_get_cellconfig(char *cell, struct afsconf_cell *cellconfig, char *local_cell) { int rc; char newcell[MAXCELLCHARS+1]; @@ -2952,7 +2963,7 @@ get_cellconfig(char *cell, afsconf_cell *cellconfig, char *local_cell) static long get_cellconfig_callback(void *cellconfig, struct sockaddr_in *addrp, char *namep) { - afsconf_cell *cc = (afsconf_cell *)cellconfig; + struct afsconf_cell *cc = (struct afsconf_cell *)cellconfig; cc->hostAddr[cc->numServers] = *addrp; strcpy(cc->hostName[cc->numServers], namep); @@ -3127,471 +3138,72 @@ LoadFuncs( return 1; } -#ifdef USE_FSPROBE -// Cell Accessibility Functions -// based on work originally submitted to the CMU Computer Club -// by Jeffrey Hutzelman -// -// These would work great if the fsProbe interface had been -// ported to Windows - -static -void probeComplete() -{ - fsprobe_Cleanup(1); - rx_Finalize(); -} - -struct ping_params { - unsigned short port; // in - int retry_delay; // in seconds - int verbose; // in - struct { - int wait; // in seconds - int retry; // in attempts - } host; - int max_hosts; // in - int hosts_attempted; // out -} - -// the fsHandler is where we receive the answer to the probe -static -int fsHandler(void) +BOOL KFW_probe_kdc(struct afsconf_cell * cellconfig) { - ping_count = fsprobe_Results.probeNum; - if (!*fsprobe_Results.probeOK) - { - ok_count++; - if (waiting) complete(); - } - if (ping_count == retry) - complete(); - return 0; -} - -// ping_fs is a callback routine meant to be called from within -// cm_SearchCellFile() or cm_SearchCellDNS() -static long -pingFS(void *ping_params, struct sockaddr_in *addrp, char *namep) -{ - int rc; - struct ping_params * pp = (struct ping_params *) ping_params; - - if ( pp->max_hosts && pp->hosts_attempted >= pp->max_hosts ) - return 0; - - pp->hosts_attempted++; - - if (pp->port && addrp->sin_port != htons(pp->port)) - addrp->sin_port = htons(pp->port); - - rc = fsprobe_Init(1, addrp, pp->retry_delay, fsHandler, pp->verbose); - if (rc) - { - fprintf(stderr, "fsprobe_Init failed (%d)\n", rc); - fsprobe_Cleanup(1); - return 0; - } - - for (;;) - { - tv.tv_sec = pp->host.wait; - tv.tv_usec = 0; - if (IOMGR_Select(0, 0, 0, 0, &tv)) - break; - } - probeComplete(); - return(0); -} - - -static BOOL -pingCell(char *cell) -{ - int rc; - char rootcell[MAXCELLCHARS+1]; - char newcell[MAXCELLCHARS+1]; - struct ping_params pp; - - memset(&pp, 0, sizeof(struct ping_params)); - - if (!cell || strlen(cell) == 0) { - /* WIN32 NOTE: no way to get max chars */ - if (rc = pcm_GetRootCellName(rootcell)) - return(FALSE); - cell = rootcell; - } - - pp.port = 7000; // AFS FileServer - pp.retry_delay = 10; - pp.max_hosts = 3; - pp.host.wait = 30; - pp.host.retry = 0; - pp.verbose = 1; - - /* WIN32: cm_SearchCellFile(cell, pcallback, pdata) */ - rc = pcm_SearchCellFile(cell, newcell, pingFS, (void *)&pp); -} -#endif /* USE_FSPROBE */ - -// These two items are imported from afscreds.h -// but it cannot be included without causing conflicts -#define c100ns1SECOND (LONGLONG)10000000 -static void -TimeToSystemTime (SYSTEMTIME *pst, time_t TimeT) -{ - struct tm *pTime; - memset (pst, 0x00, sizeof(SYSTEMTIME)); - - if ((pTime = localtime (&TimeT)) != NULL) - { - pst->wYear = pTime->tm_year + 1900; - pst->wMonth = pTime->tm_mon + 1; - pst->wDayOfWeek = pTime->tm_wday; - pst->wDay = pTime->tm_mday; - pst->wHour = pTime->tm_hour; - pst->wMinute = pTime->tm_min; - pst->wSecond = pTime->tm_sec; - pst->wMilliseconds = 0; - } -} - -void -ObtainTokensFromUserIfNeeded(HWND hWnd) -{ - char * rootcell = NULL; - char cell[MAXCELLCHARS+1] = ""; - char password[PROBE_PASSWORD_LEN+1]; - krb5_data pwdata; - afsconf_cell cellconfig; - struct ktc_principal aserver; - struct ktc_principal aclient; - struct ktc_token atoken; krb5_context ctx = 0; - krb5_timestamp now = 0; - krb5_error_code code; - int serverReachable = 0; - int rc; -#ifndef USE_FSPROBE krb5_ccache cc = 0; + krb5_error_code code; + krb5_data pwdata; const char * realm = 0; krb5_principal principal = 0; char * pname = 0; -#endif /* USE_FSPROBE */ - DWORD CurrentState; - char HostName[64]; - int use_kfw = KFW_is_available(); - - CurrentState = 0; - memset(HostName, '\0', sizeof(HostName)); - gethostname(HostName, sizeof(HostName)); - if (GetServiceStatus(HostName, TRANSARCAFSDAEMON, &CurrentState) != NOERROR) - return; - if (CurrentState != SERVICE_RUNNING) { - SendMessage(hWnd, WM_START_SERVICE, FALSE, 0L); - return; - } - - if (!pkrb5_init_context) - return; - - if ( use_kfw ) { - code = pkrb5_init_context(&ctx); - if ( code ) goto cleanup; - } + char password[PROBE_PASSWORD_LEN+1]; + BOOL serverReachable = 0; - rootcell = (char *)GlobalAlloc(GPTR,MAXCELLCHARS+1); - if ( !rootcell ) goto cleanup; + realm = afs_realm_of_cell(cellconfig); // do not free - code = get_cellconfig(cell, (void*)&cellconfig, rootcell); + code = pkrb5_build_principal(ctx, &principal, strlen(realm), + realm, PROBE_USERNAME, NULL, NULL); if ( code ) goto cleanup; - memset(&aserver, '\0', sizeof(aserver)); - strcpy(aserver.name, "afs"); - strcpy(aserver.cell, rootcell); - - rc = pktc_GetToken(&aserver, &atoken, sizeof(atoken), &aclient); - - if ( use_kfw ) { - code = pkrb5_timeofday(ctx, &now); - if ( code ) - now = 0; - - if (!rc && (now < atoken.endTime)) - goto cleanup; - - if ( IsDebuggerPresent() ) { - char message[256]; - sprintf(message,"KFW_AFS_klog() returns: %d now = %ul endTime = %ul\n", - rc, now, atoken.endTime); - OutputDebugString(message); - } - } else { - SYSTEMTIME stNow; - FILETIME ftNow; - FILETIME ftExpires; - LONGLONG llNow; - LONGLONG llExpires; - SYSTEMTIME stExpires; - - TimeToSystemTime (&stExpires, atoken.endTime); - GetLocalTime (&stNow); - SystemTimeToFileTime (&stNow, &ftNow); - SystemTimeToFileTime (&stExpires, &ftExpires); - - llNow = (((LONGLONG)ftNow.dwHighDateTime) << 32) + (LONGLONG)(ftNow.dwLowDateTime); - llExpires = (((LONGLONG)ftExpires.dwHighDateTime) << 32) + (LONGLONG)(ftExpires.dwLowDateTime); - - llNow /= c100ns1SECOND; - llExpires /= c100ns1SECOND; - - if (!rc && (llNow < llExpires)) - goto cleanup; - - if ( IsDebuggerPresent() ) { - char message[256]; - sprintf(message,"KFW_AFS_klog() returns: %d now = %ul endTime = %ul\n", - rc, llNow, llExpires); - OutputDebugString(message); - } - } - - -#ifdef USE_FSPROBE - serverReachable = cellPing(NULL); -#else - if ( use_kfw ) { - // If we can't use the FSProbe interface we can attempt to forge - // a kinit and if we can back an invalid user error we know the - // kdc is at least reachable - realm = afs_realm_of_cell(&cellconfig); // do not free - - code = pkrb5_build_principal(ctx, &principal, strlen(realm), - realm, PROBE_USERNAME, NULL, NULL); - if ( code ) goto cleanup; - - code = KFW_get_ccache(ctx, principal, &cc); - if ( code ) goto cleanup; + code = KFW_get_ccache(ctx, principal, &cc); + if ( code ) goto cleanup; - code = pkrb5_unparse_name(ctx, principal, &pname); - if ( code ) goto cleanup; + code = pkrb5_unparse_name(ctx, principal, &pname); + if ( code ) goto cleanup; - pwdata.data = password; - pwdata.length = PROBE_PASSWORD_LEN; - code = pkrb5_c_random_make_octets(ctx, &pwdata); - if (code) { - int i; - for ( i=0 ; i - -DWORD -GetNumOfIpAddrs(void) -{ - PMIB_IPADDRTABLE pIpAddrTable = NULL; - ULONG dwSize; - DWORD code; - DWORD index; - DWORD validAddrs = 0; - - dwSize = 0; - code = GetIpAddrTable(NULL, &dwSize, 0); - if (code == ERROR_INSUFFICIENT_BUFFER) { - pIpAddrTable = malloc(dwSize); - code = GetIpAddrTable(pIpAddrTable, &dwSize, 0); - if ( code == NO_ERROR ) { - for ( index=0; index < pIpAddrTable->dwNumEntries; index++ ) { - if (pIpAddrTable->table[index].dwAddr != 0) - validAddrs++; - } - } - free(pIpAddrTable); - } - return validAddrs; -} - -void -IpAddrChangeMonitor(void * hWnd) -{ -#ifdef USE_OVERLAPPED - HANDLE Handle = INVALID_HANDLE_VALUE; /* Do Not Close This Handle */ - OVERLAPPED Ovlap; -#endif /* USE_OVERLAPPED */ - DWORD Result; - DWORD prevNumOfAddrs = GetNumOfIpAddrs(); - DWORD NumOfAddrs; - char message[256]; - - if ( !hWnd ) - return; - - while ( TRUE ) { -#ifdef USE_OVERLAPPED - ZeroMemory(&Ovlap, sizeof(OVERLAPPED)); - - Result = NotifyAddrChange(&Handle,&Ovlap); - if (Result != ERROR_IO_PENDING) - { - if ( IsDebuggerPresent() ) { - sprintf(message, "NotifyAddrChange() failed with error %d \n", Result); - OutputDebugString(message); - } - break; - } - - if ((Result = WaitForSingleObject(Handle,INFINITE)) != WAIT_OBJECT_0) - { - if ( IsDebuggerPresent() ) { - sprintf(message, "WaitForSingleObject() failed with error %d\n", - GetLastError()); - OutputDebugString(message); - } - continue; - } - - if (GetOverlappedResult(Handle, &Ovlap, - &DataTransfered, TRUE) == 0) - { - if ( IsDebuggerPresent() ) { - sprintf(message, "GetOverlapped result failed %d \n", - GetLastError()); - OutputDebugString(message); - } - break; - } -#else - Result = NotifyAddrChange(NULL,NULL); - if (Result != NO_ERROR) - { - if ( IsDebuggerPresent() ) { - sprintf(message, "NotifyAddrChange() failed with error %d \n", Result); - OutputDebugString(message); - } - break; - } -#endif - - NumOfAddrs = GetNumOfIpAddrs(); - if ( IsDebuggerPresent() ) { - sprintf(message,"IPAddrChangeMonitor() NumOfAddrs: now %d was %d\n", - NumOfAddrs, prevNumOfAddrs); - OutputDebugString(message); - } - - if ( NumOfAddrs != prevNumOfAddrs ) { - // Give AFS Client Service a chance to notice and die - // Or for network services to startup - Sleep(2000); - // this call should probably be mutex protected - ObtainTokensFromUserIfNeeded(hWnd); - } - prevNumOfAddrs = NumOfAddrs; - } -} - - -DWORD -IpAddrChangeMonitorInit(HWND hWnd) -{ - DWORD status = ERROR_SUCCESS; - HANDLE thread; - ULONG threadID = 0; - - thread = CreateThread(NULL, 0, (PTHREAD_START_ROUTINE)IpAddrChangeMonitor, - hWnd, 0, &threadID); - - if (thread == NULL) { - status = GetLastError(); - } - CloseHandle(thread); - return status; + return serverReachable; } diff --git a/src/WINNT/client_creds/afskfw.h b/src/WINNT/afsd/afskfw.h similarity index 62% rename from src/WINNT/client_creds/afskfw.h rename to src/WINNT/afsd/afskfw.h index a34341b47..d856013e0 100644 --- a/src/WINNT/client_creds/afskfw.h +++ b/src/WINNT/afsd/afskfw.h @@ -33,6 +33,16 @@ #ifdef __cplusplus extern "C" { #endif +#include +#include +#include +#include + +#define MAXCELLCHARS 64 +#define MAXHOSTCHARS 64 +#define MAXHOSTSPERCELL 8 +#define TRANSARCAFSDAEMON "TransarcAFSDaemon" + void KFW_initialize(void); void KFW_cleanup(void); int KFW_is_available(void); @@ -43,15 +53,35 @@ int KFW_AFS_get_cred( char * username, char * cell, char * password, int lifetime, + char * smbname, char ** reasonP ); int KFW_AFS_renew_token_for_cell(char * cell); int KFW_AFS_renew_tokens_for_all_cells(void); BOOL KFW_AFS_wait_for_service_start(void); +BOOL KFW_probe_kdc(struct afsconf_cell *); +int KFW_AFS_get_cellconfig(char *, struct afsconf_cell *, char *); +void KFW_import_windows_lsa(void); + +/* From afs/krb_prot.h */ +/* values for kerb error codes */ +#define KERB_ERR_OK 0 +#define KERB_ERR_NAME_EXP 1 +#define KERB_ERR_SERVICE_EXP 2 +#define KERB_ERR_AUTH_EXP 3 +#define KERB_ERR_PKT_VER 4 +#define KERB_ERR_NAME_MAST_KEY_VER 5 +#define KERB_ERR_SERV_MAST_KEY_VER 6 +#define KERB_ERR_BYTE_ORDER 7 +#define KERB_ERR_PRINCIPAL_UNKNOWN 8 +#define KERB_ERR_PRINCIPAL_NOT_UNIQUE 9 +#define KERB_ERR_NULL_KEY 10 + +/* From afs/krb.h */ +#define RD_AP_TIME 37 /* delta_t too big */ +#define INTK_BADPW 62 /* Incorrect password */ -#define WM_OBTAIN_TOKENS (WM_USER+77) -#define WM_START_SERVICE (WM_USER+78) -void ObtainTokensFromUserIfNeeded(HWND hWnd); -DWORD IpAddrChangeMonitorInit(HWND hWnd); +#define PROBE_USERNAME "OPENAFS-KDC-PROBE" +#define PROBE_PASSWORD_LEN 16 #ifdef __cplusplus } diff --git a/src/WINNT/afsd/afslogon.c b/src/WINNT/afsd/afslogon.c index 9e6bac974..6fd8924f3 100644 --- a/src/WINNT/afsd/afslogon.c +++ b/src/WINNT/afsd/afslogon.c @@ -427,8 +427,11 @@ DWORD APIENTRY NPLogonNotify( /* if Integrated Logon only */ if (ISLOGONINTEGRATED(LogonOption) && !ISHIGHSECURITY(LogonOption)) { - code = ka_UserAuthenticateGeneral2(KA_USERAUTH_VERSION+KA_USERAUTH_AUTHENT_LOGON, - uname, "", cell, password,uname, 0, &pw_exp, 0, + if ( KFW_is_available() ) + code = KFW_AFS_get_cred(uname, "", cell, password, 0, uname, &reason); + else + code = ka_UserAuthenticateGeneral2(KA_USERAUTH_VERSION+KA_USERAUTH_AUTHENT_LOGON, + uname, "", cell, password, uname, 0, &pw_exp, 0, &reason); DebugEvent("AFS AfsLogon - (INTEGRATED only)ka_UserAuthenticateGeneral2","Code[%x]", code); @@ -443,7 +446,10 @@ DWORD APIENTRY NPLogonNotify( /* if Integrated Logon and High Security pass random generated name*/ else if (ISLOGONINTEGRATED(LogonOption) && ISHIGHSECURITY(LogonOption)) { - code = ka_UserAuthenticateGeneral2(KA_USERAUTH_VERSION+KA_USERAUTH_AUTHENT_LOGON, + if ( KFW_is_available() ) + code = KFW_AFS_get_cred(uname, "", cell, password, 0, RandomName, &reason); + else + code = ka_UserAuthenticateGeneral2(KA_USERAUTH_VERSION+KA_USERAUTH_AUTHENT_LOGON, uname, "", cell, password,RandomName, 0, &pw_exp, 0, &reason); DebugEvent("AFS AfsLogon - (Both)ka_UserAuthenticateGeneral2","Code[%x] RandomName[%s]", @@ -499,6 +505,10 @@ DWORD APIENTRY NPLogonNotify( retryInterval -= sleepInterval; } + /* remove any kerberos 5 tickets currently held by the SYSTEM account */ + if ( KFW_is_available() ) + KFW_AFS_destroy_tickets_for_cell(cell); + if (code) { char msg[128]; sprintf(msg, "Integrated login failed: %s", reason); diff --git a/src/WINNT/client_creds/NTMakefile b/src/WINNT/client_creds/NTMakefile index 461d5dcb5..9d72cfc97 100644 --- a/src/WINNT/client_creds/NTMakefile +++ b/src/WINNT/client_creds/NTMakefile @@ -7,7 +7,7 @@ # include the AFSD source tree on our inclusion path -AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES) /D"_AFXDLL" -I..\afsd -I..\client_config -I..\kfw\inc\loadfuncs -I..\kfw\inc\krb5 -I..\kfw\inc\leash +AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES) /D"_AFXDLL" -I..\afsd -I..\client_config -I..\kfw\inc\krb5 # include the primary makefile RELDIR=WINNT\client_creds @@ -35,7 +35,7 @@ EXEOBJS = \ $(OUT)\window.obj EXECOBJS = \ - $(OUT)\afskfw.obj + $(OUT)\ipaddrchg.obj EXERES = \ $(OUT)\afscreds_stub.res @@ -67,7 +67,10 @@ EXELIBS = \ $(DESTDIR)\lib\afs\TaLocale.lib \ $(DESTDIR)\lib\lanahelper.lib \ $(DESTDIR)\lib\afsrxkad.lib \ - $(DESTDIR)\lib\afsdes.lib + $(DESTDIR)\lib\afsdes.lib \ + $(DESTDIR)\lib\afsauthent.lib \ + $(DESTDIR)\lib\libafsconf.lib \ + $(DESTDIR)\lib\afskfw.lib ############################################################################ # diff --git a/src/WINNT/client_creds/afscreds.h b/src/WINNT/client_creds/afscreds.h index a5aad5b3c..524457e40 100644 --- a/src/WINNT/client_creds/afscreds.h +++ b/src/WINNT/client_creds/afscreds.h @@ -30,6 +30,7 @@ extern "C" { #include #include #include +#include #ifdef __cplusplus } #endif @@ -92,6 +93,7 @@ typedef struct TCHAR szHelpFile[ MAX_PATH ]; osi_mutex_t expirationCheckLock; osi_mutex_t credsLock; + TCHAR SmbName[ MAXRANDOMNAMELEN ]; } GLOBALS; extern GLOBALS g; diff --git a/src/WINNT/client_creds/creds.cpp b/src/WINNT/client_creds/creds.cpp index 930418c79..7cf0c594c 100644 --- a/src/WINNT/client_creds/creds.cpp +++ b/src/WINNT/client_creds/creds.cpp @@ -7,17 +7,19 @@ * directory or online at http://www.openafs.org/dl/license10.html */ -#include "afscreds.h" -#include "afskfw.h" - extern "C" { #include #include #include #include +#include #include +#include +#include "ipaddrchg.h" } +#include "afscreds.h" + /* * DEFINITIONS ________________________________________________________________ @@ -390,11 +392,17 @@ int ObtainNewCredentials (LPCTSTR pszCell, LPCTSTR pszUser, LPCTSTR pszPassword, char szPasswordA[ 256 ]; CopyStringToAnsi (szPasswordA, pszPassword); + char szSmbNameA[ MAXRANDOMNAMELEN ]; + CopyStringToAnsi (szSmbNameA, g.SmbName); + int Expiration = 0; if ( KFW_is_available() ) - rc = KFW_AFS_get_cred(szNameA, NULL, szCellA, szPasswordA, 0, &Result); - else + rc = KFW_AFS_get_cred(szNameA, NULL, szCellA, szPasswordA, 0, szSmbNameA[0] ? szSmbNameA : NULL, &Result); + else if ( szSmbNameA[0] ) + rc = ka_UserAuthenticateGeneral2(KA_USERAUTH_VERSION+KA_USERAUTH_AUTHENT_LOGON, + szNameA, "", szCellA, szPasswordA, szSmbNameA, 0, &Expiration, 0, &Result); + else rc = ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION, szNameA, "", szCellA, szPasswordA, 0, &Expiration, 0, &Result); } diff --git a/src/WINNT/client_creds/main.cpp b/src/WINNT/client_creds/main.cpp index 6a977c567..ce24a9bf9 100644 --- a/src/WINNT/client_creds/main.cpp +++ b/src/WINNT/client_creds/main.cpp @@ -12,6 +12,9 @@ extern "C" { #include #include #include +#include +#include +#include "ipaddrchg.h" } #include "afscreds.h" @@ -19,8 +22,6 @@ extern "C" { #include "drivemap.h" #include #include -#include "rxkad.h" -#include "afskfw.h" /* * DEFINITIONS ________________________________________________________________ @@ -93,6 +94,11 @@ BOOL InitApp (LPSTR pszCmdLineA) BOOL fNetDetect = FALSE; BOOL fRenewMaps = FALSE; + // Initialize our global variables and window classes + // + memset (&g, 0x00, sizeof(g)); + g.fStartup = TRUE; + // Parse the command-line // while (pszCmdLineA && *pszCmdLineA) @@ -143,6 +149,7 @@ BOOL InitApp (LPSTR pszCmdLineA) break; case ':': + CopyAnsiToString(g.SmbName,pszCmdLineA); MapShareName(pszCmdLineA); break; @@ -205,11 +212,6 @@ BOOL InitApp (LPSTR pszCmdLineA) if (fExit || fUninstall || fInstall) return FALSE; - // Initialize our global variables and window classes - // - memset (&g, 0x00, sizeof(g)); - g.fStartup = TRUE; - HKEY hk; if (RegOpenKey (HKEY_CURRENT_USER, REGSTR_PATH_OPENAFS_CLIENT, &hk) == 0) { diff --git a/src/WINNT/client_creds/window.cpp b/src/WINNT/client_creds/window.cpp index e80b0b3ea..73ae6daaf 100644 --- a/src/WINNT/client_creds/window.cpp +++ b/src/WINNT/client_creds/window.cpp @@ -10,11 +10,11 @@ extern "C" { #include #include +#include +#include "ipaddrchg.h" } #include "afscreds.h" -#include "afskfw.h" - /* * DEFINITIONS ________________________________________________________________ -- 2.39.5