From 4251e386aa25bb3fc02fa255e92327fffc8b954d Mon Sep 17 00:00:00 2001 From: "Asanka C. Herath" Date: Fri, 8 Oct 2010 17:46:02 -0400 Subject: [PATCH] Windows: Build against KerbCompatSDK instead of KFW Build OpenAFS for Windows against the Secure Endpoints Kerberos Compatibility SDK instead of the in tree Kerberos for Windows SDK. The compatibility layer is available from: http://github.com/secure-endpoints/heimdal-krbcompat The SDK location must be specified with the KERBEROSCOMPATSDKROOT environment variable. The benefits of building against the Kerberos Compatibility SDK are: * Heimdal 1.5.1 or later assemblies will be used if available * MIT KFW 3.2.x will be searched for if Heimdal 1.5.1 is not installed Version 1.0 of the SDK is supported. Change-Id: I393e20d8bfb9ee1ca749cc54ecc1341927abaf82 Reviewed-on: http://gerrit.openafs.org/2867 Tested-by: BuildBot Tested-by: Jeffrey Altman Reviewed-by: Jeffrey Altman --- src/WINNT/afsd/NTMakefile | 64 +- src/WINNT/afsd/afskfw-int.h | 138 +- src/WINNT/afsd/afskfw.c | 2505 +++++++++--------------- src/WINNT/afsd/afskfw.h | 1 + src/WINNT/afssvrmgr/NTMakefile | 6 +- src/WINNT/aklog/NTMakefile | 26 +- src/WINNT/aklog/aklog.c | 112 +- src/WINNT/aklog/asetkey.c | 13 +- src/WINNT/client_creds/NTMakefile | 12 +- src/WINNT/install/wix/NTMakefile | 3 + src/WINNT/install/wix/feature.wxi | 5 + src/WINNT/install/wix/files.wxi | 3 + src/WINNT/netidmgr_plugin/NTMakefile | 17 +- src/WINNT/netidmgr_plugin/afsfuncs.c | 297 +-- src/WINNT/netidmgr_plugin/dynimport.c | 421 +--- src/WINNT/netidmgr_plugin/dynimport.h | 310 +-- src/WINNT/netidmgr_plugin/krb5common.c | 185 +- src/WINNT/netidmgr_plugin/krb5common.h | 4 + src/WINNT/netidmgr_plugin/main.c | 3 + src/auth/test/NTMakefile | 5 +- src/bozo/NTMakefile | 2 - src/budb/NTMakefile | 4 +- src/butc/NTMakefile | 2 +- src/config/NTMakefile.amd64_w2k | 24 +- src/config/NTMakefile.i386_nt40 | 25 +- src/config/NTMakefile.i386_w2k | 18 + src/kauth/NTMakefile | 5 +- src/libadmin/adminutil/NTMakefile | 42 +- src/libadmin/adminutil/afs_utilAdmin.c | 10 +- src/libafsauthent/NTMakefile | 5 +- src/ntbuild.bat | 3 + src/ptserver/NTMakefile | 6 +- src/sys/NTMakefile | 3 +- src/sys/pioctl_nt.c | 255 +-- src/tbutc/NTMakefile | 3 +- src/update/NTMakefile | 2 +- src/util/NTMakefile | 6 +- src/viced/NTMakefile | 2 +- src/volser/NTMakefile | 11 +- src/xstat/NTMakefile | 4 +- 40 files changed, 1560 insertions(+), 3002 deletions(-) diff --git a/src/WINNT/afsd/NTMakefile b/src/WINNT/afsd/NTMakefile index 525fcbb71..6d6646c12 100644 --- a/src/WINNT/afsd/NTMakefile +++ b/src/WINNT/afsd/NTMakefile @@ -5,9 +5,10 @@ # License. For details, see the LICENSE file in the top-level source # directory or online at http://www.openafs.org/dl/license10.html -AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES) /D"_AFXDLL" /DSMB_UNICODE -I..\kfw\inc\loadfuncs \ - -I..\kfw\inc\krb5 -I..\kfw\inc\leash -I$(DESTDIR)\include\afs \ - -I$(DESTDIR)\include\rx -I..\afsrdr\common -I..\afsrdr\user +AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES) /D"_AFXDLL" /DSMB_UNICODE \ + -I$(DESTDIR)\include\afs -I$(DESTDIR)\include\rx \ + -I..\afsrdr\common -I..\afsrdr\user -I$(HEIMINC) + AFSDEV_NETGUI = 1 RELDIR=WINNT\afsd !INCLUDE ..\..\config\NTMakefile.$(SYS_NAME) @@ -73,7 +74,12 @@ INCFILES =\ $(INCFILEDIR)\afsd_eventlog.h \ $(INCFILEDIR)\afsd_eventmessages.h \ $(INCFILEDIR)\afskfw.h \ - $(INCFILEDIR)\afsicf.h + $(INCFILEDIR)\afsicf.h \ +# $(INCFILEDIR)\krbcompat_delayload.h + + +$(INCFILEDIR)\krbcompat_delayload.h: $(HEIMINC)\krbcompat_delayload.h + $(COPY) $< $@ IDLFILES =\ afsrpc.h $(OUT)\afsrpc_c.obj @@ -245,6 +251,14 @@ AFSD_SDKLIBS =\ shell32.lib \ shlwapi.lib +############################################################################ +# krbcompat_delayload.obj + +KCOMPAT_OBJ = $(DESTDIR)\lib\krbcompat_delayload.obj + +$(KCOMPAT_OBJ): $(OUT)\krbcompat_delayload.obj + copy /y $** $@ + ############################################################################ # libafsconf.dll @@ -308,7 +322,8 @@ LOGON_DLLOBJS =\ $(OUT)\afslogon.obj \ $(OUT)\logon_ad.obj \ $(OUT)\afslogon.res \ - $(OUT)\cm_nls.obj + $(OUT)\cm_nls.obj \ + $(KRBCOMPATRES) LOGON_DLLLIBS =\ $(DESTDIR)\lib\afsauthent.lib \ @@ -331,13 +346,14 @@ LOGON_DLLSDKLIBS =\ ole32.lib \ adsiid.lib \ activeds.lib \ + rpcrt4.lib \ user32.lib \ userenv.lib \ shell32.lib \ - rpcrt4.lib + delayimp.lib -$(LOGON_DLLFILE): $(LOGON_DLLOBJS) $(LOGON_DLLLIBS) - $(DLLGUILINK) $(LOGONLINKFLAGS) -def:afslogon.def $(LOGON_DLLSDKLIBS) +$(LOGON_DLLFILE): $(LOGON_DLLOBJS) $(LOGON_DLLLIBS) $(HEIMDEPS) + $(DLLGUILINK) $(LOGONLINKFLAGS) -def:afslogon.def $(LOGON_DLLSDKLIBS) $(HEIMLINKOPTS) $(_VC_MANIFEST_EMBED_DLL) $(DLLPREP) $(CODESIGN_USERLAND) @@ -348,8 +364,9 @@ $(LOGON_DLLFILE): $(LOGON_DLLOBJS) $(LOGON_DLLLIBS) ############################################################################ # Install target; primary makefile target -install_objs: $(CONF_DLLFILE) $(LANAHELPERLIB) $(OUT)\afsicf.obj +install_objs: $(CONF_DLLFILE) $(LANAHELPERLIB) $(OUT)\afsicf.obj $(OUT)\krbcompat_delayload.obj $(COPY) $(OUT)\afsicf.obj $(DESTDIR)\lib + $(COPY) $(OUT)\krbcompat_delayload.obj $(DESTDIR)\lib install_headers: $(IDLFILES) $(INCFILES) ms-wkssvc.h ms-srvsvc.h @@ -427,32 +444,32 @@ EXELIBS3 = \ $(DESTDIR)\lib\afsroken.lib # klog.exe -$(EXEDIR)\klog.exe: $(OUT)\cklog.obj $(OUT)\klog.res $(EXELIBS) - $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib +$(EXEDIR)\klog.exe: $(OUT)\cklog.obj $(OUT)\klog.res $(DESTDIR)\lib\krbcompat_delayload.obj $(EXELIBS) $(HEIMDEPS) + $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib $(HEIMLINKOPTS) $(_VC_MANIFEST_EMBED_EXE) $(EXEPREP) $(CODESIGN_USERLAND) $(SYMSTORE_IMPORT) # tokens.exe -$(EXEDIR)\tokens.exe: $(OUT)\ctokens.obj $(OUT)\tokens.res $(EXELIBS) - $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib +$(EXEDIR)\tokens.exe: $(OUT)\ctokens.obj $(OUT)\tokens.res $(DESTDIR)\lib\krbcompat_delayload.obj $(EXELIBS) $(HEIMDEPS) + $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib $(HEIMLINKOPTS) $(_VC_MANIFEST_EMBED_EXE) $(EXEPREP) $(CODESIGN_USERLAND) $(SYMSTORE_IMPORT) # unlog.exe -$(EXEDIR)\unlog.exe: $(OUT)\cunlog.obj $(OUT)\unlog.res $(EXELIBS) - $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib +$(EXEDIR)\unlog.exe: $(OUT)\cunlog.obj $(OUT)\unlog.res $(DESTDIR)\lib\krbcompat_delayload.obj $(EXELIBS) $(HEIMDEPS) + $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib $(HEIMLINKOPTS) $(_VC_MANIFEST_EMBED_EXE) $(EXEPREP) $(CODESIGN_USERLAND) $(SYMSTORE_IMPORT) # afscpcc.exe -$(EXEDIR)\afscpcc.exe: $(OUT)\afscpcc.obj $(OUT)\afscpcc.res $(LOGON_DLLLIBS) - $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib userenv.lib +$(EXEDIR)\afscpcc.exe: $(OUT)\afscpcc.obj $(OUT)\afscpcc.res $(DESTDIR)\lib\krbcompat_delayload.obj $(LOGON_DLLLIBS) $(HEIMDEPS) + $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib userenv.lib $(HEIMLINKOPTS) $(_VC_MANIFEST_EMBED_EXE) $(EXEPREP) $(CODESIGN_USERLAND) @@ -493,8 +510,8 @@ $(EXEDIR)\afsd_service.exe: $(OUT)\afsd_service.obj $(AFSDOBJS) $(OUT)\afsd_serv $(SYMSTORE_IMPORT) # fs.exe -$(EXEDIR)\fs.exe: $(FSOBJS) $(OUT)\fs.res $(EXELIBS) - $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib +$(EXEDIR)\fs.exe: $(FSOBJS) $(OUT)\fs.res $(EXELIBS) $(HEIMDEPS) + $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib $(HEIMLINKOPTS) $(_VC_MANIFEST_EMBED_EXE) $(EXEPREP) $(CODESIGN_USERLAND) @@ -534,8 +551,8 @@ $(EXEDIR)\afsio.exe: $(AFSIOOBJS) $(OUT)\afsio.res $(RXOBJS) $(AFSD_EXELIBS) $(E $(SYMSTORE_IMPORT) # symlink.exe -$(EXEDIR)\symlink.exe: $(SLOBJS) $(OUT)\symlink.res $(EXELIBS) - $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib +$(EXEDIR)\symlink.exe: $(SLOBJS) $(OUT)\symlink.res $(EXELIBS) $(HEIMDEPS) + $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib $(HEIMLINKOPTS) $(_VC_MANIFEST_EMBED_EXE) $(EXEPREP) $(CODESIGN_USERLAND) @@ -601,6 +618,11 @@ $(DESTDIR)\bin\kpasswd.exe: $(KPASSWD_OBJS) $(KPASSWD_LIBS) $(CODESIGN_USERLAND) $(SYMSTORE_IMPORT) +{$(HEIMDALSDKDIR)\src\}.c{$(OUT)}.obj: + $(C2OBJ) /Fo$@ $** + +{$(HEIMDALSDKDIR)\inc\}.h{$(INCFILEDIR)}.h: + copy /y $< $@ ############################################################################ # generate versioninfo resources diff --git a/src/WINNT/afsd/afskfw-int.h b/src/WINNT/afsd/afskfw-int.h index fe8935fd6..81428f95d 100644 --- a/src/WINNT/afsd/afskfw-int.h +++ b/src/WINNT/afsd/afskfw-int.h @@ -72,32 +72,16 @@ #include #include #include - -#ifdef USE_MS2MIT -#include -#endif /* USE_MS2MIT */ +#include #include #include #include -/* Defined in the KRBV4W32 version of krb.h but not the Kerberos V version */ -/* Required for some of the loadfuncs headers */ -typedef struct ktext far *KTEXT; -typedef struct ktext far *KTEXT_FP; -#include - /* AFS has its own version of com_err.h */ typedef afs_int32 errcode_t; -#include -#include -#include -#include -#include -#include - // service definitions #define SERVICE_DLL "advapi32.dll" typedef SC_HANDLE (WINAPI *FP_OpenSCManagerA)(char *, char *, DWORD); @@ -106,7 +90,12 @@ typedef BOOL (WINAPI *FP_QueryServiceStatus)(SC_HANDLE, LPSERVICE_STATUS); typedef BOOL (WINAPI *FP_CloseServiceHandle)(SC_HANDLE); #define KRB5_DEFAULT_LIFE 60*60*10 /* 10 hours */ -#define LSA_CCNAME "MSLSA:" +#define LSA_CCTYPE "MSLSA" +#define LSA_CCNAME LSA_CCTYPE ":" + +#ifndef REALM_SZ +#define REALM_SZ 64 +#endif #ifndef KTC_ERROR #define KTC_ERROR 11862784L @@ -149,115 +138,36 @@ struct cell_principal_map { int active; }; -/* In order to avoid including the private CCAPI headers */ -typedef int cc_int32; - -#define CC_API_VER_1 1 -#define CC_API_VER_2 2 - -#define CCACHE_API cc_int32 - -/* -** The Official Error Codes -*/ -#define CC_NOERROR 0 -#define CC_BADNAME 1 -#define CC_NOTFOUND 2 -#define CC_END 3 -#define CC_IO 4 -#define CC_WRITE 5 -#define CC_NOMEM 6 -#define CC_FORMAT 7 -#define CC_LOCKED 8 -#define CC_BAD_API_VERSION 9 -#define CC_NO_EXIST 10 -#define CC_NOT_SUPP 11 -#define CC_BAD_PARM 12 -#define CC_ERR_CACHE_ATTACH 13 -#define CC_ERR_CACHE_RELEASE 14 -#define CC_ERR_CACHE_FULL 15 -#define CC_ERR_CRED_VERSION 16 - -enum { - CC_CRED_VUNKNOWN = 0, // For validation - CC_CRED_V4 = 1, - CC_CRED_V5 = 2, - CC_CRED_VMAX = 3 // For validation -}; - -typedef struct opaque_dll_control_block_type* apiCB; -typedef struct _infoNC { - char* name; - char* principal; - cc_int32 vers; -} infoNC; - -TYPEDEF_FUNC( -CCACHE_API, -CALLCONV_C, -cc_initialize, - ( - apiCB** cc_ctx, // < DLL's primary control structure. - // returned here, passed everywhere else - cc_int32 api_version, // > ver supported by caller (use CC_API_VER_1) - cc_int32* api_supported, // < if ~NULL, max ver supported by DLL - const char** vendor // < if ~NULL, vendor name in read only C string - ) -); - -TYPEDEF_FUNC( -CCACHE_API, -CALLCONV_C, -cc_shutdown, - ( - apiCB** cc_ctx // <> DLL's primary control structure. NULL after - ) -); - -TYPEDEF_FUNC( -CCACHE_API, -CALLCONV_C, -cc_get_NC_info, - ( - apiCB* cc_ctx, // > DLL's primary control structure - struct _infoNC*** ppNCi // < (NULL before call) null terminated, - // list of a structs (free via cc_free_infoNC()) - ) -); - -TYPEDEF_FUNC( -CCACHE_API, -CALLCONV_C, -cc_free_NC_info, - ( - apiCB* cc_ctx, - struct _infoNC*** ppNCi // < free list of structs returned by - // cc_get_cache_names(). set to NULL on return - ) -); - -#ifdef _WIN64 -#define CCAPI_DLL "krbcc64.dll" -#else -#define CCAPI_DLL "krbcc32.dll" -#endif - /* Function Prototypes */ DWORD GetServiceStatus(LPSTR, LPSTR, DWORD *); + void KFW_AFS_error(LONG, LPCSTR); -void UnloadFuncs(FUNC_INFO [], HINSTANCE); -int LoadFuncs(const char*, FUNC_INFO [], HINSTANCE*, int*, int, int, int); int KFW_get_ccache(krb5_context, krb5_principal, krb5_ccache *); + int KFW_error(krb5_error_code, LPCSTR, int, krb5_context *, krb5_ccache *); + int KFW_kinit(krb5_context, krb5_ccache, HWND, char *, char *, krb5_deltat, - DWORD, DWORD, krb5_deltat, DWORD, DWORD); + DWORD, DWORD, krb5_deltat, DWORD, DWORD); + int KFW_renew(krb5_context, krb5_ccache); + int KFW_destroy(krb5_context, krb5_ccache); + BOOL KFW_ms2mit(krb5_context, krb5_ccache, BOOL); + int KFW_AFS_unlog(void); + int KFW_AFS_klog(krb5_context, krb5_ccache, char*, char*, char*, int, char*); + void KFW_import_ccache_data(void); + BOOL MSLSA_IsKerberosLogon(); + char *afs_realm_of_cell(krb5_context, struct afsconf_cell *); + +DWORD KFW_get_default_mslsa_import(krb5_context); + +DWORD KFW_get_default_lifetime(krb5_context, const char *); + #endif /* AFSKFW_INT_H */ diff --git a/src/WINNT/afsd/afskfw.c b/src/WINNT/afsd/afskfw.c index 2671e1b25..7bcb71233 100644 --- a/src/WINNT/afsd/afskfw.c +++ b/src/WINNT/afsd/afskfw.c @@ -56,9 +56,7 @@ */ #undef USE_KRB4 -#ifndef _WIN64 -#define USE_KRB524 1 -#endif +#undef USE_KRB524 #define USE_MS2MIT 1 #include @@ -77,11 +75,17 @@ #include "afskfw.h" #include "afskfw-int.h" #include -#include "strsafe.h" +#include #include #include +#include + +#ifndef KRB5_TC_OPENCLOSE +#define KRB5_TC_OPENCLOSE 0x00000001 +#endif + /* * TIMING _____________________________________________________________________ * @@ -97,297 +101,6 @@ #define cmsec1MINUTE 60000 #define csec1MINUTE 60 -/* Function Pointer Declarations for Delayed Loading */ -// CCAPI -DECL_FUNC_PTR(cc_initialize); -DECL_FUNC_PTR(cc_shutdown); -DECL_FUNC_PTR(cc_get_NC_info); -DECL_FUNC_PTR(cc_free_NC_info); - -#ifdef USE_LEASH -// leash functions -DECL_FUNC_PTR(Leash_get_default_lifetime); -DECL_FUNC_PTR(Leash_get_default_forwardable); -DECL_FUNC_PTR(Leash_get_default_renew_till); -DECL_FUNC_PTR(Leash_get_default_noaddresses); -DECL_FUNC_PTR(Leash_get_default_proxiable); -DECL_FUNC_PTR(Leash_get_default_publicip); -DECL_FUNC_PTR(Leash_get_default_use_krb4); -DECL_FUNC_PTR(Leash_get_default_life_min); -DECL_FUNC_PTR(Leash_get_default_life_max); -DECL_FUNC_PTR(Leash_get_default_renew_min); -DECL_FUNC_PTR(Leash_get_default_renew_max); -DECL_FUNC_PTR(Leash_get_default_renewable); -DECL_FUNC_PTR(Leash_get_default_mslsa_import); -#endif - -// krb5 functions -DECL_FUNC_PTR(krb5_change_password); -DECL_FUNC_PTR(krb5_get_init_creds_opt_init); -DECL_FUNC_PTR(krb5_get_init_creds_opt_set_tkt_life); -DECL_FUNC_PTR(krb5_get_init_creds_opt_set_renew_life); -DECL_FUNC_PTR(krb5_get_init_creds_opt_set_forwardable); -DECL_FUNC_PTR(krb5_get_init_creds_opt_set_proxiable); -DECL_FUNC_PTR(krb5_get_init_creds_opt_set_address_list); -DECL_FUNC_PTR(krb5_get_init_creds_password); -DECL_FUNC_PTR(krb5_build_principal_ext); -DECL_FUNC_PTR(krb5_cc_get_name); -DECL_FUNC_PTR(krb5_cc_resolve); -DECL_FUNC_PTR(krb5_cc_default); -DECL_FUNC_PTR(krb5_cc_default_name); -DECL_FUNC_PTR(krb5_cc_set_default_name); -DECL_FUNC_PTR(krb5_cc_initialize); -DECL_FUNC_PTR(krb5_cc_destroy); -DECL_FUNC_PTR(krb5_cc_close); -DECL_FUNC_PTR(krb5_cc_store_cred); -DECL_FUNC_PTR(krb5_cc_copy_creds); -DECL_FUNC_PTR(krb5_cc_retrieve_cred); -DECL_FUNC_PTR(krb5_cc_get_principal); -DECL_FUNC_PTR(krb5_cc_start_seq_get); -DECL_FUNC_PTR(krb5_cc_next_cred); -DECL_FUNC_PTR(krb5_cc_end_seq_get); -DECL_FUNC_PTR(krb5_cc_remove_cred); -DECL_FUNC_PTR(krb5_cc_set_flags); -DECL_FUNC_PTR(krb5_cc_get_type); -DECL_FUNC_PTR(krb5_free_context); -DECL_FUNC_PTR(krb5_free_cred_contents); -DECL_FUNC_PTR(krb5_free_principal); -DECL_FUNC_PTR(krb5_get_in_tkt_with_password); -DECL_FUNC_PTR(krb5_init_context); -DECL_FUNC_PTR(krb5_parse_name); -DECL_FUNC_PTR(krb5_timeofday); -DECL_FUNC_PTR(krb5_timestamp_to_sfstring); -DECL_FUNC_PTR(krb5_unparse_name); -DECL_FUNC_PTR(krb5_get_credentials); -DECL_FUNC_PTR(krb5_mk_req); -DECL_FUNC_PTR(krb5_sname_to_principal); -DECL_FUNC_PTR(krb5_get_credentials_renew); -DECL_FUNC_PTR(krb5_free_data); -DECL_FUNC_PTR(krb5_free_data_contents); -DECL_FUNC_PTR(krb5_free_unparsed_name); -DECL_FUNC_PTR(krb5_os_localaddr); -DECL_FUNC_PTR(krb5_copy_keyblock_contents); -DECL_FUNC_PTR(krb5_copy_data); -DECL_FUNC_PTR(krb5_free_creds); -DECL_FUNC_PTR(krb5_build_principal); -DECL_FUNC_PTR(krb5_get_renewed_creds); -DECL_FUNC_PTR(krb5_get_default_config_files); -DECL_FUNC_PTR(krb5_free_config_files); -DECL_FUNC_PTR(krb5_get_default_realm); -DECL_FUNC_PTR(krb5_free_default_realm); -DECL_FUNC_PTR(krb5_free_ticket); -DECL_FUNC_PTR(krb5_decode_ticket); -DECL_FUNC_PTR(krb5_get_host_realm); -DECL_FUNC_PTR(krb5_free_host_realm); -DECL_FUNC_PTR(krb5_free_addresses); -DECL_FUNC_PTR(krb5_c_random_make_octets); - -// Krb5 KFW 3.2 functions -DECL_FUNC_PTR(krb5_get_error_message); -DECL_FUNC_PTR(krb5_free_error_message); - -#ifdef USE_KRB524 -// Krb524 functions -DECL_FUNC_PTR(krb524_init_ets); -DECL_FUNC_PTR(krb524_convert_creds_kdc); -#endif - -#ifdef USE_KRB4 -// krb4 functions -DECL_FUNC_PTR(krb_get_cred); -DECL_FUNC_PTR(tkt_string); -DECL_FUNC_PTR(krb_get_tf_realm); -DECL_FUNC_PTR(krb_mk_req); -#endif - -// ComErr functions -DECL_FUNC_PTR(com_err); -DECL_FUNC_PTR(error_message); - -// Profile functions -DECL_FUNC_PTR(profile_init); -DECL_FUNC_PTR(profile_release); -DECL_FUNC_PTR(profile_get_subsection_names); -DECL_FUNC_PTR(profile_free_list); -DECL_FUNC_PTR(profile_get_string); -DECL_FUNC_PTR(profile_release_string); - -// Service functions -DECL_FUNC_PTR(OpenSCManagerA); -DECL_FUNC_PTR(OpenServiceA); -DECL_FUNC_PTR(QueryServiceStatus); -DECL_FUNC_PTR(CloseServiceHandle); -#ifdef USE_MS2MIT -DECL_FUNC_PTR(LsaNtStatusToWinError); -#endif /* USE_MS2MIT */ - -#ifdef USE_MS2MIT -// LSA Functions -DECL_FUNC_PTR(LsaConnectUntrusted); -DECL_FUNC_PTR(LsaLookupAuthenticationPackage); -DECL_FUNC_PTR(LsaCallAuthenticationPackage); -DECL_FUNC_PTR(LsaFreeReturnBuffer); -DECL_FUNC_PTR(LsaGetLogonSessionData); -#endif /* USE_MS2MIT */ - -// CCAPI -FUNC_INFO ccapi_fi[] = { - MAKE_FUNC_INFO(cc_initialize), - MAKE_FUNC_INFO(cc_shutdown), - MAKE_FUNC_INFO(cc_get_NC_info), - MAKE_FUNC_INFO(cc_free_NC_info), - END_FUNC_INFO -}; - -#ifdef USE_LEASH -FUNC_INFO leash_fi[] = { - MAKE_FUNC_INFO(Leash_get_default_lifetime), - MAKE_FUNC_INFO(Leash_get_default_renew_till), - MAKE_FUNC_INFO(Leash_get_default_forwardable), - MAKE_FUNC_INFO(Leash_get_default_noaddresses), - MAKE_FUNC_INFO(Leash_get_default_proxiable), - MAKE_FUNC_INFO(Leash_get_default_publicip), - MAKE_FUNC_INFO(Leash_get_default_use_krb4), - MAKE_FUNC_INFO(Leash_get_default_life_min), - MAKE_FUNC_INFO(Leash_get_default_life_max), - MAKE_FUNC_INFO(Leash_get_default_renew_min), - MAKE_FUNC_INFO(Leash_get_default_renew_max), - MAKE_FUNC_INFO(Leash_get_default_renewable), - END_FUNC_INFO -}; - -FUNC_INFO leash_opt_fi[] = { - MAKE_FUNC_INFO(Leash_get_default_mslsa_import), - END_FUNC_INFO -}; -#endif - -FUNC_INFO k5_fi[] = { - MAKE_FUNC_INFO(krb5_change_password), - MAKE_FUNC_INFO(krb5_get_init_creds_opt_init), - MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_tkt_life), - MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_renew_life), - MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_forwardable), - MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_proxiable), - MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_address_list), - MAKE_FUNC_INFO(krb5_get_init_creds_password), - MAKE_FUNC_INFO(krb5_build_principal_ext), - MAKE_FUNC_INFO(krb5_cc_get_name), - MAKE_FUNC_INFO(krb5_cc_resolve), - MAKE_FUNC_INFO(krb5_cc_default), - MAKE_FUNC_INFO(krb5_cc_default_name), - MAKE_FUNC_INFO(krb5_cc_set_default_name), - MAKE_FUNC_INFO(krb5_cc_initialize), - MAKE_FUNC_INFO(krb5_cc_destroy), - MAKE_FUNC_INFO(krb5_cc_close), - MAKE_FUNC_INFO(krb5_cc_copy_creds), - MAKE_FUNC_INFO(krb5_cc_store_cred), - MAKE_FUNC_INFO(krb5_cc_retrieve_cred), - MAKE_FUNC_INFO(krb5_cc_get_principal), - MAKE_FUNC_INFO(krb5_cc_start_seq_get), - MAKE_FUNC_INFO(krb5_cc_next_cred), - MAKE_FUNC_INFO(krb5_cc_end_seq_get), - MAKE_FUNC_INFO(krb5_cc_remove_cred), - MAKE_FUNC_INFO(krb5_cc_set_flags), - MAKE_FUNC_INFO(krb5_cc_get_type), - MAKE_FUNC_INFO(krb5_free_context), - MAKE_FUNC_INFO(krb5_free_cred_contents), - MAKE_FUNC_INFO(krb5_free_principal), - MAKE_FUNC_INFO(krb5_get_in_tkt_with_password), - MAKE_FUNC_INFO(krb5_init_context), - MAKE_FUNC_INFO(krb5_parse_name), - MAKE_FUNC_INFO(krb5_timeofday), - MAKE_FUNC_INFO(krb5_timestamp_to_sfstring), - MAKE_FUNC_INFO(krb5_unparse_name), - MAKE_FUNC_INFO(krb5_get_credentials), - MAKE_FUNC_INFO(krb5_mk_req), - MAKE_FUNC_INFO(krb5_sname_to_principal), - MAKE_FUNC_INFO(krb5_get_credentials_renew), - MAKE_FUNC_INFO(krb5_free_data), - MAKE_FUNC_INFO(krb5_free_data_contents), - MAKE_FUNC_INFO(krb5_free_unparsed_name), - MAKE_FUNC_INFO(krb5_os_localaddr), - MAKE_FUNC_INFO(krb5_copy_keyblock_contents), - MAKE_FUNC_INFO(krb5_copy_data), - MAKE_FUNC_INFO(krb5_free_creds), - MAKE_FUNC_INFO(krb5_build_principal), - MAKE_FUNC_INFO(krb5_get_renewed_creds), - MAKE_FUNC_INFO(krb5_free_addresses), - MAKE_FUNC_INFO(krb5_get_default_config_files), - MAKE_FUNC_INFO(krb5_free_config_files), - MAKE_FUNC_INFO(krb5_get_default_realm), - MAKE_FUNC_INFO(krb5_free_default_realm), - MAKE_FUNC_INFO(krb5_free_ticket), - MAKE_FUNC_INFO(krb5_decode_ticket), - MAKE_FUNC_INFO(krb5_get_host_realm), - MAKE_FUNC_INFO(krb5_free_host_realm), - MAKE_FUNC_INFO(krb5_free_addresses), - MAKE_FUNC_INFO(krb5_c_random_make_octets), - END_FUNC_INFO -}; - -FUNC_INFO k5_kfw_32_fi[] = { - MAKE_FUNC_INFO(krb5_get_error_message), - MAKE_FUNC_INFO(krb5_free_error_message), - END_FUNC_INFO -}; - -#ifdef USE_KRB4 -FUNC_INFO k4_fi[] = { - MAKE_FUNC_INFO(krb_get_cred), - MAKE_FUNC_INFO(krb_get_tf_realm), - MAKE_FUNC_INFO(krb_mk_req), - MAKE_FUNC_INFO(tkt_string), - END_FUNC_INFO -}; -#endif - -#ifdef USE_KRB524 -FUNC_INFO k524_fi[] = { - MAKE_FUNC_INFO(krb524_init_ets), - MAKE_FUNC_INFO(krb524_convert_creds_kdc), - END_FUNC_INFO -}; -#endif - -FUNC_INFO profile_fi[] = { - MAKE_FUNC_INFO(profile_init), - MAKE_FUNC_INFO(profile_release), - MAKE_FUNC_INFO(profile_get_subsection_names), - MAKE_FUNC_INFO(profile_free_list), - MAKE_FUNC_INFO(profile_get_string), - MAKE_FUNC_INFO(profile_release_string), - END_FUNC_INFO -}; - -FUNC_INFO ce_fi[] = { - MAKE_FUNC_INFO(com_err), - MAKE_FUNC_INFO(error_message), - END_FUNC_INFO -}; - -FUNC_INFO service_fi[] = { - MAKE_FUNC_INFO(OpenSCManagerA), - MAKE_FUNC_INFO(OpenServiceA), - MAKE_FUNC_INFO(QueryServiceStatus), - MAKE_FUNC_INFO(CloseServiceHandle), -#ifdef USE_MS2MIT - MAKE_FUNC_INFO(LsaNtStatusToWinError), -#endif /* USE_MS2MIT */ - END_FUNC_INFO -}; - -#ifdef USE_MS2MIT -FUNC_INFO lsa_fi[] = { - MAKE_FUNC_INFO(LsaConnectUntrusted), - MAKE_FUNC_INFO(LsaLookupAuthenticationPackage), - MAKE_FUNC_INFO(LsaCallAuthenticationPackage), - MAKE_FUNC_INFO(LsaFreeReturnBuffer), - MAKE_FUNC_INFO(LsaGetLogonSessionData), - END_FUNC_INFO -}; -#endif /* USE_MS2MIT */ - /* Static Prototypes */ char *afs_realm_of_cell(krb5_context, struct afsconf_cell *); static long get_cellconfig_callback(void *, struct sockaddr_in *, char *, unsigned short); @@ -396,31 +109,10 @@ static krb5_error_code KRB5_CALLCONV KRB5_prompter( krb5_context context, void *data, const char *name, const char *banner, int num_prompts, krb5_prompt prompts[]); - /* Static Declarations */ static int inited = 0; static int mid_cnt = 0; static struct textField * mid_tb = NULL; -static HINSTANCE hKrb5 = 0; -static HINSTANCE hKrb5_kfw_32 = 0; -#ifdef USE_KRB4 -static HINSTANCE hKrb4 = 0; -#endif /* USE_KRB4 */ -#ifdef USE_KRB524 -static HINSTANCE hKrb524 = 0; -#endif -#ifdef USE_MS2MIT -static HINSTANCE hSecur32 = 0; -#endif /* USE_MS2MIT */ -static HINSTANCE hAdvApi32 = 0; -static HINSTANCE hComErr = 0; -static HINSTANCE hService = 0; -static HINSTANCE hProfile = 0; -#ifdef USE_LEASH -static HINSTANCE hLeash = 0; -static HINSTANCE hLeashOpt = 0; -#endif -static HINSTANCE hCCAPI = 0; static struct principal_ccache_data * princ_cc_data = NULL; static struct cell_principal_map * cell_princ_map = NULL; @@ -430,6 +122,20 @@ static struct cell_principal_map * cell_princ_map = NULL; #define DEFAULT_LIFETIME (24 * 60) #endif +void +DebugPrintf(const char * fmt, ...) +{ + if (IsDebuggerPresent()) { + va_list vl; + char buf[1024]; + + va_start(vl, fmt); + StringCbVPrintfA(buf, sizeof(buf), fmt, vl); + OutputDebugStringA(buf); + va_end(vl); + } +} + void KFW_initialize(void) { @@ -449,25 +155,8 @@ KFW_initialize(void) } if ( !inited ) { inited = 1; - LoadFuncs(KRB5_DLL, k5_fi, &hKrb5, 0, 1, 0, 0); - LoadFuncs(KRB5_DLL, k5_kfw_32_fi, &hKrb5_kfw_32, 0, 1, 0, 0); - LoadFuncs(COMERR_DLL, ce_fi, &hComErr, 0, 0, 1, 0); - LoadFuncs(PROFILE_DLL, profile_fi, &hProfile, 0, 1, 0, 0); -#ifdef USE_KRB4 - LoadFuncs(KRB4_DLL, k4_fi, &hKrb4, 0, 1, 0, 0); -#endif /* USE_KRB4 */ - LoadFuncs(SERVICE_DLL, service_fi, &hService, 0, 1, 0, 0); -#ifdef USE_MS2MIT - LoadFuncs(SECUR32_DLL, lsa_fi, &hSecur32, 0, 1, 1, 1); -#endif /* USE_MS2MIT */ -#ifdef USE_KRB524 - LoadFuncs(KRB524_DLL, k524_fi, &hKrb524, 0, 1, 1, 1); -#endif -#ifdef USE_LEASH - LoadFuncs(LEASH_DLL, leash_fi, &hLeash, 0, 1, 0, 0); - LoadFuncs(LEASH_DLL, leash_opt_fi, &hLeashOpt, 0, 1, 0, 0); -#endif - LoadFuncs(CCAPI_DLL, ccapi_fi, &hCCAPI, 0, 1, 0, 0); + + DelayLoadHeimdal(); if ( KFW_is_available() ) { char rootcell[CELL_MAXNAMELEN+1]; @@ -493,36 +182,6 @@ KFW_initialize(void) void KFW_cleanup(void) { -#ifdef USE_LEASH - if (hLeashOpt) - FreeLibrary(hLeashOpt); - if (hLeash) - FreeLibrary(hLeash); -#endif -#ifdef USE_KRB524 - if (hKrb524) - FreeLibrary(hKrb524); -#endif - if (hCCAPI) - FreeLibrary(hCCAPI); -#ifdef USE_MS2MIT - if (hSecur32) - FreeLibrary(hSecur32); -#endif /* USE_MS2MIT */ - if (hService) - FreeLibrary(hService); - if (hComErr) - FreeLibrary(hComErr); - if (hProfile) - FreeLibrary(hProfile); -#ifdef USE_KRB4 - if (hKrb4) - FreeLibrary(hKrb4); -#endif /* USE_KRB4 */ - if (hKrb5) - FreeLibrary(hKrb5); - if (hKrb5_kfw_32) - FreeLibrary(hKrb5_kfw_32); } typedef BOOL (WINAPI *LPFN_ISWOW64PROCESS) (HANDLE, PBOOL); @@ -562,20 +221,20 @@ KFW_accept_dotted_usernames(void) DWORD value = 1; code = RegOpenKeyEx(HKEY_CURRENT_USER, AFSREG_USER_OPENAFS_SUBKEY, - 0, (IsWow64()?KEY_WOW64_64KEY:0)|KEY_QUERY_VALUE, &parmKey); + 0, (IsWow64()?KEY_WOW64_64KEY:0)|KEY_QUERY_VALUE, &parmKey); if (code == ERROR_SUCCESS) { len = sizeof(value); code = RegQueryValueEx(parmKey, "AcceptDottedPrincipalNames", NULL, NULL, - (BYTE *) &value, &len); + (BYTE *) &value, &len); RegCloseKey(parmKey); } if (code != ERROR_SUCCESS) { code = RegOpenKeyEx(HKEY_LOCAL_MACHINE, AFSREG_CLT_OPENAFS_SUBKEY, - 0, (IsWow64()?KEY_WOW64_64KEY:0)|KEY_QUERY_VALUE, &parmKey); + 0, (IsWow64()?KEY_WOW64_64KEY:0)|KEY_QUERY_VALUE, &parmKey); if (code == ERROR_SUCCESS) { len = sizeof(value); code = RegQueryValueEx(parmKey, "AcceptDottedPrincipalNames", NULL, NULL, - (BYTE *) &value, &len); + (BYTE *) &value, &len); RegCloseKey (parmKey); } } @@ -586,29 +245,7 @@ KFW_accept_dotted_usernames(void) int KFW_use_krb524(void) { - HKEY parmKey; - DWORD code, len; - DWORD use524 = 0; - - code = RegOpenKeyEx(HKEY_CURRENT_USER, AFSREG_USER_OPENAFS_SUBKEY, - 0, (IsWow64()?KEY_WOW64_64KEY:0)|KEY_QUERY_VALUE, &parmKey); - if (code == ERROR_SUCCESS) { - len = sizeof(use524); - code = RegQueryValueEx(parmKey, "Use524", NULL, NULL, - (BYTE *) &use524, &len); - RegCloseKey(parmKey); - } - if (code != ERROR_SUCCESS) { - code = RegOpenKeyEx(HKEY_LOCAL_MACHINE, AFSREG_CLT_OPENAFS_SUBKEY, - 0, (IsWow64()?KEY_WOW64_64KEY:0)|KEY_QUERY_VALUE, &parmKey); - if (code == ERROR_SUCCESS) { - len = sizeof(use524); - code = RegQueryValueEx(parmKey, "Use524", NULL, NULL, - (BYTE *) &use524, &len); - RegCloseKey (parmKey); - } - } - return use524; + return 0; } int @@ -619,21 +256,21 @@ KFW_is_available(void) DWORD enableKFW = 1; code = RegOpenKeyEx(HKEY_CURRENT_USER, AFSREG_USER_OPENAFS_SUBKEY, - 0, (IsWow64()?KEY_WOW64_64KEY:0)|KEY_QUERY_VALUE, &parmKey); + 0, (IsWow64()?KEY_WOW64_64KEY:0)|KEY_QUERY_VALUE, &parmKey); if (code == ERROR_SUCCESS) { len = sizeof(enableKFW); code = RegQueryValueEx(parmKey, "EnableKFW", NULL, NULL, - (BYTE *) &enableKFW, &len); + (BYTE *) &enableKFW, &len); RegCloseKey (parmKey); } if (code != ERROR_SUCCESS) { code = RegOpenKeyEx(HKEY_LOCAL_MACHINE, AFSREG_CLT_OPENAFS_SUBKEY, - 0, (IsWow64()?KEY_WOW64_64KEY:0)|KEY_QUERY_VALUE, &parmKey); + 0, (IsWow64()?KEY_WOW64_64KEY:0)|KEY_QUERY_VALUE, &parmKey); if (code == ERROR_SUCCESS) { len = sizeof(enableKFW); code = RegQueryValueEx(parmKey, "EnableKFW", NULL, NULL, - (BYTE *) &enableKFW, &len); + (BYTE *) &enableKFW, &len); RegCloseKey (parmKey); } } @@ -642,69 +279,45 @@ KFW_is_available(void) return FALSE; KFW_initialize(); - if ( hKrb5 && hComErr && hService && -#ifdef USE_MS2MIT - hSecur32 && -#endif /* USE_MS2MIT */ -#ifdef USE_KRB524 - hKrb524 && -#endif -#ifdef USE_LEASH - hLeash && -#endif - hProfile && hCCAPI ) - return TRUE; - return FALSE; + + /* If this is non-zero, then some Kerberos library was loaded. */ + return (krb5_init_context != NULL); } int KRB5_error(krb5_error_code rc, LPCSTR FailedFunctionName, - int FreeContextFlag, krb5_context * ctx, - krb5_ccache * cache) + int FreeContextFlag, krb5_context * context, + krb5_ccache * cache) { char message[256]; const char *errText; int krb5Error = ((int)(rc & 255)); - /* - switch (krb5Error) - { - // Wrong password - case 31: - case 8: - return; - } - */ - - if (pkrb5_get_error_message) - errText = pkrb5_get_error_message(*ctx, rc); - else - errText = perror_message(rc); + errText = krb5_get_error_message(*context, rc); StringCbPrintf(message, sizeof(message), - "%s\n(Kerberos error %ld)\n\n%s failed", - errText, - krb5Error, - FailedFunctionName); - if (pkrb5_free_error_message) - pkrb5_free_error_message(*ctx, (char *)errText); + "%s\n(Kerberos error %ld)\n\n%s failed", + errText, + krb5Error, + FailedFunctionName); + krb5_free_error_message(*context, (char *)errText); - if ( IsDebuggerPresent() ) - OutputDebugString(message); + DebugPrintf("%s", message); MessageBox(NULL, message, "Kerberos Five", MB_OK | MB_ICONERROR | MB_TASKMODAL | MB_SETFOREGROUND); - if (FreeContextFlag == 1) - { - if (ctx && *ctx != NULL) - { + + if (FreeContextFlag == 1) { + + if (context && *context != NULL) { + if (cache && *cache != NULL) { - pkrb5_cc_close(*ctx, *cache); + krb5_cc_close(*context, *cache); *cache = NULL; } - pkrb5_free_context(*ctx); - *ctx = NULL; + krb5_free_context(*context); + *context = NULL; } } @@ -712,7 +325,7 @@ KRB5_error(krb5_error_code rc, LPCSTR FailedFunctionName, } void -KFW_AFS_update_princ_ccache_data(krb5_context ctx, krb5_ccache cc, int lsa) +KFW_AFS_update_princ_ccache_data(krb5_context context, krb5_ccache cc, int lsa) { struct principal_ccache_data * next = princ_cc_data; krb5_principal principal = 0; @@ -726,26 +339,28 @@ KFW_AFS_update_princ_ccache_data(krb5_context ctx, krb5_ccache cc, int lsa) krb5_creds creds; krb5_flags flags=0; krb5_timestamp now; + size_t len; - if (ctx == 0 || cc == 0) + if (context == 0 || cc == 0) return; - code = pkrb5_cc_get_principal(ctx, cc, &principal); + code = krb5_cc_get_principal(context, cc, &principal); if ( code ) return; - code = pkrb5_unparse_name(ctx, principal, &pname); + code = krb5_unparse_name(context, principal, &pname); if ( code ) goto cleanup; - ccname = pkrb5_cc_get_name(ctx, cc); + ccname = krb5_cc_get_name(context, cc); if (!ccname) goto cleanup; - cctype = pkrb5_cc_get_type(ctx, cc); + cctype = krb5_cc_get_type(context, cc); if (!cctype) goto cleanup; - ccfullname = malloc(strlen(ccname) + strlen(cctype) + 2); + len = strlen(ccname) + strlen(cctype) + 2; + ccfullname = malloc(len); if (!ccfullname) goto cleanup; - StringCbPrintf(ccfullname, sizeof(ccfullname), "%s:%s", cctype, ccname); + StringCbPrintf(ccfullname, len, "%s:%s", cctype, ccname); // Search the existing list to see if we have a match if ( next ) { @@ -770,16 +385,15 @@ KFW_AFS_update_princ_ccache_data(krb5_context ctx, krb5_ccache cc, int lsa) } flags = 0; // turn off OPENCLOSE mode - code = pkrb5_cc_set_flags(ctx, cc, flags); + code = krb5_cc_set_flags(context, cc, flags); if ( code ) goto cleanup; - code = pkrb5_timeofday(ctx, &now); + code = krb5_timeofday(context, &now); - cc_code = pkrb5_cc_start_seq_get(ctx, cc, &cur); - if (cc_code) goto cleanup; + cc_code = krb5_cc_start_seq_get(context, cc, &cur); - while (!(cc_code = pkrb5_cc_next_cred(ctx, cc, &cur, &creds))) { - if ( creds.ticket_flags & TKT_FLG_INITIAL ) { + while (!(cc_code = krb5_cc_next_cred(context, cc, &cur, &creds))) { + if ( creds.flags.b.initial) { int valid; // we found the ticket we are looking for // check validity of timestamp @@ -789,7 +403,7 @@ KFW_AFS_update_princ_ccache_data(krb5_context ctx, krb5_ccache cc, int lsa) valid = ((creds.times.starttime > 0) && now >= (creds.times.starttime - 300) && now < (creds.times.endtime + 300) && - !(creds.ticket_flags & TKT_FLG_INVALID)); + !creds.flags.b.invalid); if ( next->from_lsa) { next->expired = 0; @@ -799,39 +413,40 @@ KFW_AFS_update_princ_ccache_data(krb5_context ctx, krb5_ccache cc, int lsa) next->expired = 0; next->expiration_time = creds.times.endtime; next->renew = (creds.times.renew_till > creds.times.endtime) && - (creds.ticket_flags & TKT_FLG_RENEWABLE); + creds.flags.b.renewable; } else { next->expired = 1; next->expiration_time = 0; next->renew = 0; } - pkrb5_free_cred_contents(ctx, &creds); + krb5_free_cred_contents(context, &creds); cc_code = KRB5_CC_END; break; } - pkrb5_free_cred_contents(ctx, &creds); + krb5_free_cred_contents(context, &creds); } if (cc_code == KRB5_CC_END) { - code = pkrb5_cc_end_seq_get(ctx, cc, &cur); + code = krb5_cc_end_seq_get(context, cc, &cur); if (code) goto cleanup; } cleanup: flags = KRB5_TC_OPENCLOSE; //turn on OPENCLOSE - code = pkrb5_cc_set_flags(ctx, cc, flags); + code = krb5_cc_set_flags(context, cc, flags); if ( ccfullname) free(ccfullname); if ( pname ) - pkrb5_free_unparsed_name(ctx,pname); + krb5_free_unparsed_name(context,pname); if ( principal ) - pkrb5_free_principal(ctx,principal); + krb5_free_principal(context,principal); } int -KFW_AFS_find_ccache_for_principal(krb5_context ctx, char * principal, char **ccache, int valid_only) +KFW_AFS_find_ccache_for_principal(krb5_context context, char * principal, + char **ccache, int valid_only) { struct principal_ccache_data * next = princ_cc_data; char * response = NULL; @@ -840,12 +455,12 @@ KFW_AFS_find_ccache_for_principal(krb5_context ctx, char * principal, char **cca return 0; while ( next ) { - if ( (!valid_only || !next->expired) && !strcmp(next->principal,principal) ) { + if ( (!valid_only || !next->expired) && !strcmp(next->principal, principal) ) { if (response) { // we always want to prefer the MS Kerberos LSA cache or // the cache afscreds created specifically for the principal // if the current entry is either one, drop the previous find - if ( next->from_lsa || !strcmp(next->ccache_name,principal) ) + if ( next->from_lsa || !strcmp(next->ccache_name, principal) ) free(response); } response = _strdup(next->ccache_name); @@ -864,7 +479,7 @@ KFW_AFS_find_ccache_for_principal(krb5_context ctx, char * principal, char **cca } void -KFW_AFS_delete_princ_ccache_data(krb5_context ctx, char * pname, char * ccname) +KFW_AFS_delete_princ_ccache_data(krb5_context context, char * pname, char * ccname) { struct principal_ccache_data ** next = &princ_cc_data; @@ -885,7 +500,7 @@ KFW_AFS_delete_princ_ccache_data(krb5_context ctx, char * pname, char * ccname) } void -KFW_AFS_update_cell_princ_map(krb5_context ctx, char * cell, char *pname, int active) +KFW_AFS_update_cell_princ_map(krb5_context context, char * cell, char *pname, int active) { struct cell_principal_map * next = cell_princ_map; @@ -919,7 +534,7 @@ KFW_AFS_update_cell_princ_map(krb5_context ctx, char * cell, char *pname, int ac } void -KFW_AFS_delete_cell_princ_maps(krb5_context ctx, char * pname, char * cell) +KFW_AFS_delete_cell_princ_maps(krb5_context context, char * pname, char * cell) { struct cell_principal_map ** next = &cell_princ_map; @@ -945,7 +560,7 @@ KFW_AFS_delete_cell_princ_maps(krb5_context ctx, char * pname, char * cell) // TODO: Attempt to return one which has not yet expired by checking // the principal/ccache data int -KFW_AFS_find_principals_for_cell(krb5_context ctx, char * cell, char **principals[], int active_only) +KFW_AFS_find_principals_for_cell(krb5_context context, char * cell, char **principals[], int active_only) { struct cell_principal_map * next_map = cell_princ_map; const char * princ = NULL; @@ -975,7 +590,7 @@ KFW_AFS_find_principals_for_cell(krb5_context ctx, char * cell, char **principal } int -KFW_AFS_find_cells_for_princ(krb5_context ctx, char * pname, char **cells[], int active_only) +KFW_AFS_find_cells_for_princ(krb5_context context, char * pname, char **cells[], int active_only) { int count = 0, i; struct cell_principal_map * next_map = cell_princ_map; @@ -1004,38 +619,149 @@ KFW_AFS_find_cells_for_princ(krb5_context ctx, char * pname, char **cells[], int return count; } -/* Given a principal return an existing ccache or create one and return */ +static void +escape_unsafe_principal_characters(const char * pname, + char ** new_name) +{ + const char * src; + char * dest; + size_t len = 0; + + /* Count first */ + for (src = pname; *src != '\0'; ++len, ++src) { + if (*src == '\\' || *src == '#' || *src == '<' || + *src == '>' || *src == ':' || *src == '"' || + *src == '/' || *src == '|' || *src == '?' || + *src == '*') + ++len; + } + + ++len; + + *new_name = (char *) malloc(len); + + if (*new_name == NULL) + return; + + for (src = pname, dest = *new_name; *src != '\0'; ++src) { + switch (*src) { + case '\\': *dest++ = '#'; *dest++ = 'b'; break; + + case '#' : *dest++ = '#'; *dest++ = '#'; break; + + case '<' : *dest++ = '#'; *dest++ = 'l'; break; + + case '>' : *dest++ = '#'; *dest++ = 'g'; break; + + case ':' : *dest++ = '#'; *dest++ = 'c'; break; + + case '"' : *dest++ = '#'; *dest++ = 't'; break; + + case '/' : *dest++ = '#'; *dest++ = 'f'; break; + + case '|' : *dest++ = '#'; *dest++ = 'p'; break; + + case '?' : *dest++ = '#'; *dest++ = 'q'; break; + + case '*' : *dest++ = '#'; *dest++ = 'a'; break; + + default: *dest++ = *src; + } + } + + *dest++ = '\0'; +} + +static void +get_default_ccache_name_for_principal(krb5_context context, krb5_principal principal, + char ** cc_name) +{ + char * pname = NULL; + char * epname = NULL; + krb5_error_code code; + size_t len = 0; + char temppath[MAX_PATH]=""; + + *cc_name = NULL; + + code = krb5_unparse_name(context, principal, &pname); + if (code) goto cleanup; + + escape_unsafe_principal_characters(pname, &epname); + + len = strlen(epname); + len += 21; + *cc_name = (char *) malloc(len); + + GetTempPathA(MAX_PATH, temppath); + StringCbPrintfA(*cc_name, len, "FILE:%skrb5cc_%s", temppath, epname); + +cleanup: + if (pname) + krb5_free_unparsed_name(context, pname); + + if (epname) + free(epname); + + return; +} + +static int +is_default_ccache_for_principal(krb5_context context, krb5_principal principal, + krb5_ccache cc) +{ + const char * cc_name; + char * def_cc_name = NULL; + const char *bs_cc; + const char *bs_def_cc; + int is_default; + + cc_name = krb5_cc_get_name(context, cc); + + get_default_ccache_name_for_principal(context, principal, &def_cc_name); + + is_default = (cc_name != NULL && def_cc_name != NULL && + + (bs_cc = strrchr(cc_name, '\\')) != NULL && + + (bs_def_cc = strrchr(def_cc_name, '\\')) != NULL && + + !strcmp(bs_cc, bs_def_cc)); + + if (def_cc_name) + free(def_cc_name); + + return is_default; +} + +/** Given a principal return an existing ccache or create one and return */ int -KFW_get_ccache(krb5_context alt_ctx, krb5_principal principal, krb5_ccache * cc) +KFW_get_ccache(krb5_context alt_context, krb5_principal principal, krb5_ccache * cc) { - krb5_context ctx = NULL; + krb5_context context = NULL; char * pname = NULL; char * ccname = NULL; krb5_error_code code; - if (!pkrb5_init_context) - return KRB5_CONFIG_CANTOPEN; - - if ( alt_ctx ) { - ctx = alt_ctx; + if ( alt_context ) { + context = alt_context; } else { - code = pkrb5_init_context(&ctx); + code = krb5_init_context(&context); if (code) goto cleanup; } if ( principal ) { - code = pkrb5_unparse_name(ctx, principal, &pname); + code = krb5_unparse_name(context, principal, &pname); if (code) goto cleanup; - if ( !KFW_AFS_find_ccache_for_principal(ctx,pname,&ccname,TRUE) && - !KFW_AFS_find_ccache_for_principal(ctx,pname,&ccname,FALSE)) { - size_t len = strlen(pname) + 5; - ccname = (char *)malloc(len); - StringCbPrintf(ccname, len, "API:%s", pname); + if ( !KFW_AFS_find_ccache_for_principal(context,pname,&ccname,TRUE) && + !KFW_AFS_find_ccache_for_principal(context,pname,&ccname,FALSE)) { + + get_default_ccache_name_for_principal(context, principal, &ccname); } - code = pkrb5_cc_resolve(ctx, ccname, cc); + code = krb5_cc_resolve(context, ccname, cc); } else { - code = pkrb5_cc_default(ctx, cc); + code = krb5_cc_default(context, cc); if (code) goto cleanup; } @@ -1043,61 +769,50 @@ KFW_get_ccache(krb5_context alt_ctx, krb5_principal principal, krb5_ccache * cc) if (ccname) free(ccname); if (pname) - pkrb5_free_unparsed_name(ctx,pname); - if (ctx && (ctx != alt_ctx)) - pkrb5_free_context(ctx); + krb5_free_unparsed_name(context,pname); + if (context && (context != alt_context)) + krb5_free_context(context); return(code); } #ifdef USE_MS2MIT + // Import Microsoft Credentials into a new MIT ccache void KFW_import_windows_lsa(void) { - krb5_context ctx = NULL; + krb5_context context = NULL; krb5_ccache cc = NULL; krb5_principal princ = NULL; char * pname = NULL; - krb5_data * princ_realm; + const char * princ_realm; krb5_error_code code; char cell[128]="", realm[128]="", *def_realm = 0; - unsigned int i; - DWORD dwMsLsaImport; - - if (!pkrb5_init_context) - return; + DWORD dwMsLsaImport = 1; - code = pkrb5_init_context(&ctx); + code = krb5_init_context(&context); if (code) goto cleanup; - code = pkrb5_cc_resolve(ctx, LSA_CCNAME, &cc); + code = krb5_cc_resolve(context, LSA_CCNAME, &cc); if (code) goto cleanup; - KFW_AFS_update_princ_ccache_data(ctx, cc, TRUE); + KFW_AFS_update_princ_ccache_data(context, cc, TRUE); - code = pkrb5_cc_get_principal(ctx, cc, &princ); + code = krb5_cc_get_principal(context, cc, &princ); if ( code ) goto cleanup; -#ifdef USE_LEASH - dwMsLsaImport = pLeash_get_default_mslsa_import ? pLeash_get_default_mslsa_import() : 1; -#else - dwMsLsaImport = 1; -#endif + dwMsLsaImport = KFW_get_default_mslsa_import(context); switch ( dwMsLsaImport ) { case 0: /* do not import */ goto cleanup; case 1: /* always import */ break; case 2: { /* matching realm */ - char ms_realm[128] = "", *r; - unsigned int j; + const char *ms_realm; - for ( r=ms_realm, j=0; jlength; r++, j++ ) { - *r = krb5_princ_realm(ctx, princ)->data[j]; - } - *r = '\0'; + ms_realm = krb5_principal_get_realm(context, princ); - if (code = pkrb5_get_default_realm(ctx, &def_realm)) + if (code = krb5_get_default_realm(context, &def_realm)) goto cleanup; if (strcmp(def_realm, ms_realm)) @@ -1108,241 +823,265 @@ KFW_import_windows_lsa(void) break; } - code = pkrb5_unparse_name(ctx,princ,&pname); + code = krb5_unparse_name(context,princ,&pname); if ( code ) goto cleanup; - princ_realm = krb5_princ_realm(ctx, princ); - for ( i=0; ilength; i++ ) { - realm[i] = princ_realm->data[i]; - cell[i] = tolower(princ_realm->data[i]); - } - cell[i] = '\0'; - realm[i] = '\0'; + princ_realm = krb5_principal_get_realm(context, princ); + StringCchCopyA(realm, sizeof(realm), princ_realm); + StringCchCopyA(cell, sizeof(cell), princ_realm); + strlwr(cell); + + code = KFW_AFS_klog(context, cc, "afs", cell, realm, + KFW_get_default_lifetime(context, realm), NULL); + + DebugPrintf("KFW_AFS_klog() returns: %d\n", code); - code = KFW_AFS_klog(ctx, cc, "afs", cell, realm, DEFAULT_LIFETIME, NULL); - if ( IsDebuggerPresent() ) { - char message[256]; - StringCbPrintf(message, sizeof(message), "KFW_AFS_klog() returns: %d\n", code); - OutputDebugString(message); - } if ( code ) goto cleanup; - KFW_AFS_update_cell_princ_map(ctx, cell, pname, TRUE); + KFW_AFS_update_cell_princ_map(context, cell, pname, TRUE); cleanup: if (pname) - pkrb5_free_unparsed_name(ctx,pname); + krb5_free_unparsed_name(context,pname); if (princ) - pkrb5_free_principal(ctx,princ); + krb5_free_principal(context,princ); if (def_realm) - pkrb5_free_default_realm(ctx, def_realm); + krb5_free_default_realm(context, def_realm); if (cc) - pkrb5_cc_close(ctx,cc); - if (ctx) - pkrb5_free_context(ctx); + krb5_cc_close(context,cc); + if (context) + krb5_free_context(context); } #endif /* USE_MS2MIT */ -// If there are existing MIT credentials, copy them to a new -// ccache named after the principal - -// Enumerate all existing MIT ccaches and construct entries -// in the principal_ccache table - -// Enumerate all existing AFS Tokens and construct entries -// in the cell_principal table -void -KFW_import_ccache_data(void) +static krb5_boolean +get_canonical_ccache(krb5_context context, krb5_ccache * pcc) { - krb5_context ctx = NULL; - krb5_ccache cc = NULL; - krb5_principal principal = NULL; - krb5_creds creds; krb5_error_code code; - krb5_error_code cc_code; - krb5_cc_cursor cur; - apiCB * cc_ctx = NULL; - struct _infoNC ** pNCi = NULL; - int i, j, flags; + krb5_ccache cc = *pcc; + krb5_principal principal = 0; - if ( !pcc_initialize ) - return; + code = krb5_cc_get_principal(context, cc, &principal); + if (code) + return FALSE; - if ( IsDebuggerPresent() ) - OutputDebugString("KFW_import_ccache_data()\n"); + if ( !is_default_ccache_for_principal(context, principal, cc) + && strcmp(krb5_cc_get_type(context, cc), LSA_CCTYPE) != 0) { - code = pcc_initialize(&cc_ctx, CC_API_VER_2, NULL, NULL); - if (code) goto cleanup; + char * def_cc_name = NULL; + krb5_ccache def_cc = 0; + krb5_principal def_cc_princ = 0; - code = pcc_get_NC_info(cc_ctx, &pNCi); - if (code) goto cleanup; + do { + get_default_ccache_name_for_principal(context, principal, &def_cc_name); - code = pkrb5_init_context(&ctx); - if (code) goto cleanup; + code = krb5_cc_resolve(context, def_cc_name, &def_cc); + if (code) break; - for ( i=0; pNCi[i]; i++ ) { - if ( pNCi[i]->vers != CC_CRED_V5 ) - continue; - if ( IsDebuggerPresent() ) { - OutputDebugString("Principal: "); - OutputDebugString(pNCi[i]->principal); - OutputDebugString(" in ccache "); - OutputDebugString(pNCi[i]->name); - OutputDebugString("\n"); - } - if ( strcmp(pNCi[i]->name,pNCi[i]->principal) - && strcmp(pNCi[i]->name,LSA_CCNAME) - ) { - int found = 0; - for ( j=0; pNCi[j]; j++ ) { - if (!strcmp(pNCi[j]->name,pNCi[i]->principal)) { - found = 1; + code = krb5_cc_get_principal(context, def_cc, &def_cc_princ); + if (code || !krb5_principal_compare(context, def_cc_princ, principal)) { + /* def_cc either doesn't exist or is home to an + * imposter. */ + + DebugPrintf("Copying ccache [%s:%s]->[%s:%s]", + krb5_cc_get_type(context, cc), krb5_cc_get_name(context, cc), + krb5_cc_get_type(context, def_cc), + krb5_cc_get_name(context, def_cc)); + + code = krb5_cc_initialize(context, def_cc, principal); + if (code) break; + + code = krb5_cc_copy_creds(context, cc, def_cc); + if (code) { + KRB5_error(code, "krb5_cc_copy_creds", 0, NULL, NULL); break; } + + code = krb5_cc_close(context, cc); + + cc = def_cc; + def_cc = 0; } + } while (FALSE); - code = pkrb5_cc_resolve(ctx, pNCi[i]->principal, &cc); - if (code) goto loop_cleanup; + if (def_cc) + krb5_cc_close(context, def_cc); - if (!found) { - krb5_ccache oldcc = 0; + if (def_cc_princ) + krb5_free_principal(context, def_cc_princ); - if ( IsDebuggerPresent() ) - OutputDebugString("copying ccache data to new ccache\n"); + if (def_cc_name) + free(def_cc_name); + } - code = pkrb5_parse_name(ctx, pNCi[i]->principal, &principal); - if (code) goto loop_cleanup; - code = pkrb5_cc_initialize(ctx, cc, principal); - if (code) goto loop_cleanup; + if (principal) + krb5_free_principal(context, principal); - code = pkrb5_cc_resolve(ctx, pNCi[i]->name, &oldcc); - if (code) goto loop_cleanup; - code = pkrb5_cc_copy_creds(ctx,oldcc,cc); - if (code) { - code = pkrb5_cc_close(ctx,cc); - cc = 0; - code = pkrb5_cc_close(ctx,oldcc); - oldcc = 0; - KRB5_error(code, "krb5_cc_copy_creds", 0, NULL, NULL); - continue; - } - code = pkrb5_cc_close(ctx,oldcc); + if (code == 0 && cc != 0) { + *pcc = cc; + return TRUE; + } + + *pcc = cc; + return FALSE; +} + +static krb5_error_code +check_and_get_tokens_for_ccache(krb5_context context, krb5_ccache cc) +{ + krb5_error_code code = 0; + krb5_error_code cc_code = 0; + krb5_cc_cursor cur; + krb5_creds creds; + char * principal_name = NULL; + + { + krb5_principal principal = 0; + code = krb5_cc_get_principal(context, cc, &principal); + + if (code == 0) + code = krb5_unparse_name(context, principal, &principal_name); + + if (principal) + krb5_free_principal(context, principal); + } + + if (code != 0) { + if (principal_name) + krb5_free_unparsed_name(context, principal_name); + return code; + } + + cc_code = krb5_cc_start_seq_get(context, cc, &cur); + + while (!(cc_code = krb5_cc_next_cred(context, cc, &cur, &creds))) { + + const char * sname = krb5_principal_get_comp_string(context, creds.server, 0); + const char * cell = krb5_principal_get_comp_string(context, creds.server, 1); + const char * realm = krb5_principal_get_realm(context, creds.server); + + if ( sname && cell && !strcmp("afs",sname) ) { + + struct ktc_principal aserver; + struct ktc_principal aclient; + struct ktc_token atoken; + int active = TRUE; + + DebugPrintf("Found AFS ticket: %s%s%s@%s\n", + sname, (cell ? "/":""), (cell? cell : ""), realm); + + memset(&aserver, '\0', sizeof(aserver)); + StringCbCopy(aserver.name, sizeof(aserver.name), sname); + StringCbCopy(aserver.cell, sizeof(aserver.cell), cell); + + code = ktc_GetToken(&aserver, &atoken, sizeof(atoken), &aclient); + if (!code) { + // Found a token in AFS Client Server which matches + + char pname[128], *p, *q; + + for ( p=pname, q=aclient.name; *q; p++, q++) + *p = *q; + + for ( *p++ = '@', q=aclient.cell; *q; p++, q++) + *p = toupper(*q); + + *p = '\0'; + + DebugPrintf("Found AFS token: %s\n", pname); + + if (strcmp(pname, principal_name) != 0) + active = FALSE; + + KFW_AFS_update_cell_princ_map(context, cell, principal_name, active); + + } else { + // Attempt to import it + + KFW_AFS_update_cell_princ_map(context, cell, principal_name, active); + + DebugPrintf("Calling KFW_AFS_klog() to obtain token\n"); + + code = KFW_AFS_klog(context, cc, "afs", cell, realm, + KFW_get_default_lifetime(context, realm), NULL); + + DebugPrintf("KFW_AFS_klog() returns: %d\n", code); } + } else { - code = pkrb5_cc_resolve(ctx, pNCi[i]->name, &cc); - if (code) goto loop_cleanup; + + DebugPrintf("Found ticket: %s%s%s@%s\n", sname, + (cell? "/":""), (cell? cell:""), realm); } - flags = 0; // turn off OPENCLOSE mode - code = pkrb5_cc_set_flags(ctx, cc, flags); - if ( code ) goto cleanup; + krb5_free_cred_contents(context, &creds); + } - KFW_AFS_update_princ_ccache_data(ctx, cc, !strcmp(pNCi[i]->name,LSA_CCNAME)); - - cc_code = pkrb5_cc_start_seq_get(ctx, cc, &cur); - if (cc_code) goto cleanup; - - while (!(cc_code = pkrb5_cc_next_cred(ctx, cc, &cur, &creds))) { - krb5_data * sname = krb5_princ_name(ctx, creds.server); - krb5_data * cell = krb5_princ_component(ctx, creds.server, 1); - krb5_data * realm = krb5_princ_realm(ctx, creds.server); - if ( sname && cell && !strcmp("afs",sname->data) ) { - struct ktc_principal aserver; - struct ktc_principal aclient; - struct ktc_token atoken; - int active = TRUE; - - if ( IsDebuggerPresent() ) { - OutputDebugString("Found AFS ticket: "); - OutputDebugString(sname->data); - if ( cell->data ) { - OutputDebugString("/"); - OutputDebugString(cell->data); - } - OutputDebugString("@"); - OutputDebugString(realm->data); - OutputDebugString("\n"); - } + if (cc_code == KRB5_CC_END) { + cc_code = krb5_cc_end_seq_get(context, cc, &cur); + } - memset(&aserver, '\0', sizeof(aserver)); - StringCbCopyN( aserver.name, sizeof(aserver.name), - sname->data, sizeof(aserver.name) - 1); - StringCbCopyN( aserver.cell, sizeof(aserver.cell), - cell->data, sizeof(aserver.cell) - 1); + return code; +} - code = ktc_GetToken(&aserver, &atoken, sizeof(atoken), &aclient); - if (!code) { - // Found a token in AFS Client Server which matches - char pname[128], *p, *q; - for ( p=pname, q=aclient.name; *q; p++, q++) - *p = *q; - for ( *p++ = '@', q=aclient.cell; *q; p++, q++) - *p = toupper(*q); - *p = '\0'; - - if ( IsDebuggerPresent() ) { - OutputDebugString("Found AFS token: "); - OutputDebugString(pname); - OutputDebugString("\n"); - } +// If there are existing MIT credentials, copy them to a new +// ccache named after the principal - if ( strcmp(pname,pNCi[i]->principal) ) - active = FALSE; - KFW_AFS_update_cell_princ_map(ctx, cell->data, pNCi[i]->principal, active); - } else { - // Attempt to import it - KFW_AFS_update_cell_princ_map(ctx, cell->data, pNCi[i]->principal, active); +// Enumerate all existing MIT ccaches and construct entries +// in the principal_ccache table - if ( IsDebuggerPresent() ) { - OutputDebugString("Calling KFW_AFS_klog() to obtain token\n"); - } +// Enumerate all existing AFS Tokens and construct entries +// in the cell_principal table +void +KFW_import_ccache_data(void) +{ + krb5_context context = NULL; + krb5_ccache cc; + krb5_error_code code; + krb5_cccol_cursor cccol_cur; + int flags; - code = KFW_AFS_klog(ctx, cc, "afs", cell->data, realm->data, DEFAULT_LIFETIME, NULL); - if ( IsDebuggerPresent() ) { - char message[256]; - StringCbPrintf(message, sizeof(message), "KFW_AFS_klog() returns: %d\n", code); - OutputDebugString(message); - } - } - } else if ( IsDebuggerPresent() ) { - OutputDebugString("Found ticket: "); - OutputDebugString(sname->data); - if ( cell && cell->data ) { - OutputDebugString("/"); - OutputDebugString(cell->data); - } - OutputDebugString("@"); - OutputDebugString(realm->data); - OutputDebugString("\n"); - } - pkrb5_free_cred_contents(ctx, &creds); - } + if ( IsDebuggerPresent() ) + OutputDebugString("KFW_import_ccache_data()\n"); + + code = krb5_init_context(&context); + if (code) goto cleanup; + + code = krb5_cccol_cursor_new(context, &cccol_cur); + if (code) goto cleanup; - if (cc_code == KRB5_CC_END) { - cc_code = pkrb5_cc_end_seq_get(ctx, cc, &cur); - if (cc_code) goto loop_cleanup; + while ((code = krb5_cccol_cursor_next(context, cccol_cur, &cc)) == 0 && cc != NULL) { + + if (!get_canonical_ccache(context, &cc)) { + if (cc) + krb5_cc_close(context, cc); + continue; } - loop_cleanup: + /* Turn off OPENCLOSE mode */ + code = krb5_cc_set_flags(context, cc, 0); + if ( code ) goto cleanup; + + KFW_AFS_update_princ_ccache_data(context, cc, + !strcmp(krb5_cc_get_type(context, cc), + LSA_CCTYPE)); + + check_and_get_tokens_for_ccache(context, cc); + flags = KRB5_TC_OPENCLOSE; //turn on OPENCLOSE - code = pkrb5_cc_set_flags(ctx, cc, flags); + code = krb5_cc_set_flags(context, cc, flags); + if (cc) { - pkrb5_cc_close(ctx,cc); + krb5_cc_close(context,cc); cc = 0; } - if (principal) { - pkrb5_free_principal(ctx,principal); - principal = 0; - } } + krb5_cccol_cursor_free(context, &cccol_cur); + cleanup: - if (ctx) - pkrb5_free_context(ctx); - if (pNCi) - pcc_free_NC_info(cc_ctx, &pNCi); - if (cc_ctx) - pcc_shutdown(&cc_ctx); + if (context) + krb5_free_context(context); } @@ -1355,7 +1094,7 @@ KFW_AFS_get_cred( char * username, char ** reasonP ) { static char reason[1024]=""; - krb5_context ctx = NULL; + krb5_context context = NULL; krb5_ccache cc = NULL; char * realm = NULL, * userrealm = NULL; krb5_principal principal = NULL; @@ -1367,26 +1106,17 @@ KFW_AFS_get_cred( char * username, struct afsconf_cell cellconfig; char * dot; - if (!pkrb5_init_context) - return KRB5_CONFIG_CANTOPEN; - - if ( IsDebuggerPresent() ) { - OutputDebugString("KFW_AFS_get_cred for token "); - OutputDebugString(username); - OutputDebugString(" in cell "); - OutputDebugString(cell); - OutputDebugString("\n"); - } + DebugPrintf("KFW_AFS_get_cred for token %s in cell %s\n", username, cell); memset(&cellconfig, 0, sizeof(cellconfig)); - code = pkrb5_init_context(&ctx); + code = krb5_init_context(&context); if ( code ) goto cleanup; code = KFW_AFS_get_cellconfig( cell, (void*)&cellconfig, local_cell); if ( code ) goto cleanup; - realm = afs_realm_of_cell(ctx, &cellconfig); // do not free + realm = afs_realm_of_cell(context, &cellconfig); // do not free userrealm = strchr(username,'@'); if ( userrealm ) { @@ -1429,24 +1159,17 @@ KFW_AFS_get_cred( char * username, OutputDebugString("\n"); } - code = pkrb5_parse_name(ctx, pname, &principal); + code = krb5_parse_name(context, pname, &principal); if ( code ) goto cleanup; - code = KFW_get_ccache(ctx, principal, &cc); + code = KFW_get_ccache(context, principal, &cc); if ( code ) goto cleanup; if ( lifetime == 0 ) - lifetime = DEFAULT_LIFETIME; + lifetime = KFW_get_default_lifetime(context, realm); - code = KFW_AFS_klog(ctx, cc, "afs", cell, realm, lifetime, smbname); - if ( IsDebuggerPresent() ) { - char message[256]; - StringCbPrintf(message, sizeof(message), "KFW_AFS_klog() returns: %d\n", code); - OutputDebugString(message); - } - - if (code && password && password[0] ) { - code = KFW_kinit( ctx, cc, HWND_DESKTOP, + if ( password && password[0] ) { + code = KFW_kinit( context, cc, HWND_DESKTOP, pname, password, lifetime, @@ -1472,10 +1195,10 @@ KFW_AFS_get_cred( char * username, } if ( code ) goto cleanup; - KFW_AFS_update_princ_ccache_data(ctx, cc, FALSE); + KFW_AFS_update_princ_ccache_data(context, cc, FALSE); } - code = KFW_AFS_klog(ctx, cc, "afs", cell, realm, lifetime, smbname); + code = KFW_AFS_klog(context, cc, "afs", cell, realm, lifetime, smbname); if ( IsDebuggerPresent() ) { char message[256]; StringCbPrintf(message, sizeof(message), "KFW_AFS_klog() returns: %d\n", code); @@ -1483,11 +1206,11 @@ KFW_AFS_get_cred( char * username, } if ( code ) goto cleanup; - KFW_AFS_update_cell_princ_map(ctx, cell, pname, TRUE); + KFW_AFS_update_cell_princ_map(context, cell, pname, TRUE); // Attempt to obtain new tokens for other cells supported by the same // principal - cell_count = KFW_AFS_find_cells_for_princ(ctx, pname, &cells, TRUE); + cell_count = KFW_AFS_find_cells_for_princ(context, pname, &cells, TRUE); if ( cell_count > 1 ) { while ( cell_count-- ) { if ( strcmp(cells[cell_count],cell) ) { @@ -1505,14 +1228,14 @@ KFW_AFS_get_cred( char * username, code = KFW_AFS_get_cellconfig( cells[cell_count], (void*)&cellconfig, local_cell); if ( code ) continue; - realm = afs_realm_of_cell(ctx, &cellconfig); // do not free + realm = afs_realm_of_cell(context, &cellconfig); // do not free if ( IsDebuggerPresent() ) { OutputDebugString("Realm: "); OutputDebugString(realm); OutputDebugString("\n"); } - code = KFW_AFS_klog(ctx, cc, "afs", cells[cell_count], realm, lifetime, smbname); + code = KFW_AFS_klog(context, cc, "afs", cells[cell_count], realm, lifetime, smbname); if ( IsDebuggerPresent() ) { char message[256]; StringCbPrintf(message, sizeof(message), "KFW_AFS_klog() returns: %d\n", code); @@ -1531,25 +1254,16 @@ KFW_AFS_get_cred( char * username, if ( pname ) free(pname); if ( cc ) - pkrb5_cc_close(ctx, cc); + krb5_cc_close(context, cc); if ( cellconfig.linkedCell ) free(cellconfig.linkedCell); if ( code && reasonP ) { - int freemsg = 0; - char *msg = (char *)afs_error_message(code); - if (strncmp(msg, "unknown", strlen(msg)) == 0) { - if (pkrb5_get_error_message) { - msg = pkrb5_get_error_message(ctx, code); - freemsg = 1; - } else - msg = (char *)perror_message(code); - } + const char *msg = krb5_get_error_message(context, code); StringCbCopyN( reason, sizeof(reason), msg, sizeof(reason) - 1); *reasonP = reason; - if (freemsg) - pkrb5_free_error_message(ctx, msg); + krb5_free_error_message(context, msg); } return(code); } @@ -1557,30 +1271,23 @@ KFW_AFS_get_cred( char * username, int KFW_AFS_destroy_tickets_for_cell(char * cell) { - krb5_context ctx = NULL; + krb5_context context = NULL; krb5_error_code code; int count; char ** principals = NULL; - if (!pkrb5_init_context) - return KRB5_CONFIG_CANTOPEN; - - if ( IsDebuggerPresent() ) { - OutputDebugString("KFW_AFS_destroy_tickets_for_cell: "); - OutputDebugString(cell); - OutputDebugString("\n"); - } + DebugPrintf("KFW_AFS_destroy_tickets_for_cell: %s\n", cell); - code = pkrb5_init_context(&ctx); - if (code) ctx = 0; + code = krb5_init_context(&context); + if (code) context = 0; - count = KFW_AFS_find_principals_for_cell(ctx, cell, &principals, FALSE); + count = KFW_AFS_find_principals_for_cell(context, cell, &principals, FALSE); if ( count > 0 ) { krb5_principal princ = 0; krb5_ccache cc = 0; while ( count-- ) { - int cell_count = KFW_AFS_find_cells_for_princ(ctx, principals[count], NULL, TRUE); + int cell_count = KFW_AFS_find_cells_for_princ(context, principals[count], NULL, TRUE); if ( cell_count > 1 ) { // TODO - What we really should do here is verify whether or not any of the // other cells which use this principal to obtain its credentials actually @@ -1590,87 +1297,81 @@ KFW_AFS_destroy_tickets_for_cell(char * cell) goto loop_cleanup; } - code = pkrb5_parse_name(ctx, principals[count], &princ); + code = krb5_parse_name(context, principals[count], &princ); if (code) goto loop_cleanup; - code = KFW_get_ccache(ctx, princ, &cc); + code = KFW_get_ccache(context, princ, &cc); if (code) goto loop_cleanup; - code = pkrb5_cc_destroy(ctx, cc); + code = krb5_cc_destroy(context, cc); if (!code) cc = 0; loop_cleanup: if ( cc ) { - pkrb5_cc_close(ctx, cc); + krb5_cc_close(context, cc); cc = 0; } if ( princ ) { - pkrb5_free_principal(ctx, princ); + krb5_free_principal(context, princ); princ = 0; } - KFW_AFS_update_cell_princ_map(ctx, cell, principals[count], FALSE); + KFW_AFS_update_cell_princ_map(context, cell, principals[count], FALSE); free(principals[count]); } free(principals); } - if (ctx) - pkrb5_free_context(ctx); + if (context) + krb5_free_context(context); return 0; } int KFW_AFS_destroy_tickets_for_principal(char * user) { - krb5_context ctx = NULL; + krb5_context context = NULL; krb5_error_code code; int count; char ** cells = NULL; krb5_principal princ = NULL; krb5_ccache cc = NULL; - if (!pkrb5_init_context) - return KRB5_CONFIG_CANTOPEN; + DebugPrintf("KFW_AFS_destroy_tickets_for_user: %s\n", user); - if ( IsDebuggerPresent() ) { - OutputDebugString("KFW_AFS_destroy_tickets_for_user: "); - OutputDebugString(user); - OutputDebugString("\n"); - } - - code = pkrb5_init_context(&ctx); + code = krb5_init_context(&context); if (code) return 0; - code = pkrb5_parse_name(ctx, user, &princ); + code = krb5_parse_name(context, user, &princ); if (code) goto loop_cleanup; - code = KFW_get_ccache(ctx, princ, &cc); + code = KFW_get_ccache(context, princ, &cc); if (code) goto loop_cleanup; - code = pkrb5_cc_destroy(ctx, cc); + code = krb5_cc_destroy(context, cc); if (!code) cc = 0; loop_cleanup: if ( cc ) { - pkrb5_cc_close(ctx, cc); + krb5_cc_close(context, cc); cc = 0; } if ( princ ) { - pkrb5_free_principal(ctx, princ); + krb5_free_principal(context, princ); princ = 0; } - count = KFW_AFS_find_cells_for_princ(ctx, user, &cells, TRUE); + count = KFW_AFS_find_cells_for_princ(context, user, &cells, TRUE); if ( count >= 1 ) { while ( count-- ) { - KFW_AFS_update_cell_princ_map(ctx, cells[count], user, FALSE); + KFW_AFS_update_cell_princ_map(context, cells[count], user, FALSE); free(cells[count]); } free(cells); } - if (ctx) - pkrb5_free_context(ctx); + if (context) + krb5_free_context(context); + return 0; } @@ -1678,7 +1379,7 @@ int KFW_AFS_renew_expiring_tokens(void) { krb5_error_code code = 0; - krb5_context ctx = NULL; + krb5_context context = NULL; krb5_ccache cc = NULL; krb5_timestamp now; struct principal_ccache_data * pcc_next = princ_cc_data; @@ -1688,9 +1389,6 @@ KFW_AFS_renew_expiring_tokens(void) char local_cell[CELL_MAXNAMELEN+1]=""; struct afsconf_cell cellconfig; - if (!pkrb5_init_context) - return KRB5_CONFIG_CANTOPEN; - if ( pcc_next == NULL ) // nothing to do return 0; @@ -1700,10 +1398,10 @@ KFW_AFS_renew_expiring_tokens(void) memset(&cellconfig, 0, sizeof(cellconfig)); - code = pkrb5_init_context(&ctx); + code = krb5_init_context(&context); if (code) goto cleanup; - code = pkrb5_timeofday(ctx, &now); + code = krb5_timeofday(context, &now); if (code) goto cleanup; for ( ; pcc_next ; pcc_next = pcc_next->next ) { @@ -1718,22 +1416,22 @@ KFW_AFS_renew_expiring_tokens(void) } if ( pcc_next->renew && now >= (pcc_next->expiration_time - cminRENEW * csec1MINUTE) ) { - code = pkrb5_cc_resolve(ctx, pcc_next->ccache_name, &cc); + code = krb5_cc_resolve(context, pcc_next->ccache_name, &cc); if ( code ) - goto loop_cleanup; - code = KFW_renew(ctx,cc); + goto loop_cleanup; + code = KFW_renew(context,cc); #ifdef USE_MS2MIT if ( code && pcc_next->from_lsa) goto loop_cleanup; #endif /* USE_MS2MIT */ - KFW_AFS_update_princ_ccache_data(ctx, cc, pcc_next->from_lsa); + KFW_AFS_update_princ_ccache_data(context, cc, pcc_next->from_lsa); if (code) goto loop_cleanup; // Attempt to obtain new tokens for other cells supported by the same // principal - cell_count = KFW_AFS_find_cells_for_princ(ctx, pcc_next->principal, &cells, TRUE); + cell_count = KFW_AFS_find_cells_for_princ(context, pcc_next->principal, &cells, TRUE); if ( cell_count > 0 ) { while ( cell_count-- ) { if ( IsDebuggerPresent() ) { @@ -1747,13 +1445,13 @@ KFW_AFS_renew_expiring_tokens(void) } code = KFW_AFS_get_cellconfig( cells[cell_count], (void*)&cellconfig, local_cell); if ( code ) continue; - realm = afs_realm_of_cell(ctx, &cellconfig); // do not free + realm = afs_realm_of_cell(context, &cellconfig); // do not free if ( IsDebuggerPresent() ) { OutputDebugString("Realm: "); OutputDebugString(realm); OutputDebugString("\n"); } - code = KFW_AFS_klog(ctx, cc, "afs", cells[cell_count], (char *)realm, 0, NULL); + code = KFW_AFS_klog(context, cc, "afs", cells[cell_count], (char *)realm, 0, NULL); if ( IsDebuggerPresent() ) { char message[256]; StringCbPrintf(message, sizeof(message), "KFW_AFS_klog() returns: %d\n", code); @@ -1767,16 +1465,16 @@ KFW_AFS_renew_expiring_tokens(void) loop_cleanup: if ( cc ) { - pkrb5_cc_close(ctx,cc); + krb5_cc_close(context,cc); cc = 0; } } cleanup: if ( cc ) - pkrb5_cc_close(ctx,cc); - if ( ctx ) - pkrb5_free_context(ctx); + krb5_cc_close(context,cc); + if ( context ) + krb5_free_context(context); if (cellconfig.linkedCell) free(cellconfig.linkedCell); @@ -1788,29 +1486,26 @@ BOOL KFW_AFS_renew_token_for_cell(char * cell) { krb5_error_code code = 0; - krb5_context ctx = NULL; + krb5_context context = NULL; int count; char ** principals = NULL; - if (!pkrb5_init_context) - return KRB5_CONFIG_CANTOPEN; - if ( IsDebuggerPresent() ) { OutputDebugString("KFW_AFS_renew_token_for_cell:"); OutputDebugString(cell); OutputDebugString("\n"); } - code = pkrb5_init_context(&ctx); + code = krb5_init_context(&context); if (code) goto cleanup; - count = KFW_AFS_find_principals_for_cell(ctx, cell, &principals, TRUE); + count = KFW_AFS_find_principals_for_cell(context, cell, &principals, TRUE); if ( count == 0 ) { // We know we must have a credential somewhere since we are // trying to renew a token KFW_import_ccache_data(); - count = KFW_AFS_find_principals_for_cell(ctx, cell, &principals, TRUE); + count = KFW_AFS_find_principals_for_cell(context, cell, &principals, TRUE); } if ( count > 0 ) { krb5_principal princ = 0; @@ -1826,10 +1521,10 @@ KFW_AFS_renew_token_for_cell(char * cell) memset(&cellconfig, 0, sizeof(cellconfig)); while ( count-- ) { - code = pkrb5_parse_name(ctx, principals[count], &princ); + code = krb5_parse_name(context, principals[count], &princ); if (code) goto loop_cleanup; - code = KFW_get_ccache(ctx, princ, &cc); + code = KFW_get_ccache(context, princ, &cc); if (code) goto loop_cleanup; if (cellconfig.linkedCell) { @@ -1839,7 +1534,7 @@ KFW_AFS_renew_token_for_cell(char * cell) code = KFW_AFS_get_cellconfig( cell, (void*)&cellconfig, local_cell); if ( code ) goto loop_cleanup; - realm = afs_realm_of_cell(ctx, &cellconfig); // do not free + realm = afs_realm_of_cell(context, &cellconfig); // do not free if ( IsDebuggerPresent() ) { OutputDebugString("Realm: "); OutputDebugString(realm); @@ -1850,36 +1545,36 @@ KFW_AFS_renew_token_for_cell(char * cell) /* krb5_cc_remove_cred() is not implemented * for a single cred */ - code = pkrb5_build_principal(ctx, &service, strlen(realm), + code = krb5_build_principal(context, &service, strlen(realm), realm, "afs", cell, NULL); if (!code) { memset(&mcreds, 0, sizeof(krb5_creds)); mcreds.client = princ; mcreds.server = service; - code = pkrb5_cc_retrieve_cred(ctx, cc, 0, &mcreds, &creds); + code = krb5_cc_retrieve_cred(context, cc, 0, &mcreds, &creds); if (!code) { if ( IsDebuggerPresent() ) { char * cname, *sname; - pkrb5_unparse_name(ctx, creds.client, &cname); - pkrb5_unparse_name(ctx, creds.server, &sname); + krb5_unparse_name(context, creds.client, &cname); + krb5_unparse_name(context, creds.server, &sname); OutputDebugString("Removing credential for client \""); OutputDebugString(cname); OutputDebugString("\" and service \""); OutputDebugString(sname); OutputDebugString("\"\n"); - pkrb5_free_unparsed_name(ctx,cname); - pkrb5_free_unparsed_name(ctx,sname); + krb5_free_unparsed_name(context,cname); + krb5_free_unparsed_name(context,sname); } - code = pkrb5_cc_remove_cred(ctx, cc, 0, &creds); - pkrb5_free_principal(ctx, creds.client); - pkrb5_free_principal(ctx, creds.server); + code = krb5_cc_remove_cred(context, cc, 0, &creds); + krb5_free_principal(context, creds.client); + krb5_free_principal(context, creds.server); } } #endif /* COMMENT */ - code = KFW_AFS_klog(ctx, cc, "afs", cell, (char *)realm, 0,NULL); + code = KFW_AFS_klog(context, cc, "afs", cell, (char *)realm, 0,NULL); if ( IsDebuggerPresent() ) { char message[256]; StringCbPrintf(message, sizeof(message), "KFW_AFS_klog() returns: %d\n", code); @@ -1888,15 +1583,15 @@ KFW_AFS_renew_token_for_cell(char * cell) loop_cleanup: if (cc) { - pkrb5_cc_close(ctx, cc); + krb5_cc_close(context, cc); cc = 0; } if (princ) { - pkrb5_free_principal(ctx, princ); + krb5_free_principal(context, princ); princ = 0; } if (service) { - pkrb5_free_principal(ctx, service); + krb5_free_principal(context, service); princ = 0; } if (cellconfig.linkedCell) { @@ -1904,7 +1599,7 @@ KFW_AFS_renew_token_for_cell(char * cell) cellconfig.linkedCell = NULL; } - KFW_AFS_update_cell_princ_map(ctx, cell, principals[count], code ? FALSE : TRUE); + KFW_AFS_update_cell_princ_map(context, cell, principals[count], code ? FALSE : TRUE); free(principals[count]); } free(principals); @@ -1912,8 +1607,8 @@ KFW_AFS_renew_token_for_cell(char * cell) code = -1; // we did not renew the tokens cleanup: - if (ctx) - pkrb5_free_context(ctx); + if (context) + krb5_free_context(context); return (code ? FALSE : TRUE); } @@ -1923,8 +1618,7 @@ KFW_AFS_renew_tokens_for_all_cells(void) { struct cell_principal_map * next = cell_princ_map; - if ( IsDebuggerPresent() ) - OutputDebugString("KFW_AFS_renew_tokens_for_all()\n"); + DebugPrintf("KFW_AFS_renew_tokens_for_all()\n"); if ( !next ) return 0; @@ -1937,91 +1631,70 @@ KFW_AFS_renew_tokens_for_all_cells(void) } int -KFW_renew(krb5_context alt_ctx, krb5_ccache alt_cc) +KFW_renew(krb5_context alt_context, krb5_ccache alt_cc) { krb5_error_code code = 0; - krb5_context ctx = NULL; + krb5_context context = NULL; krb5_ccache cc = NULL; krb5_principal me = NULL; krb5_principal server = NULL; krb5_creds my_creds; - krb5_data *realm = NULL; + const char *realm = NULL; - if (!pkrb5_init_context) - return KRB5_CONFIG_CANTOPEN; + memset(&my_creds, 0, sizeof(krb5_creds)); - memset(&my_creds, 0, sizeof(krb5_creds)); - - if ( alt_ctx ) { - ctx = alt_ctx; + if ( alt_context ) { + context = alt_context; } else { - code = pkrb5_init_context(&ctx); + code = krb5_init_context(&context); if (code) goto cleanup; } if ( alt_cc ) { cc = alt_cc; } else { - code = pkrb5_cc_default(ctx, &cc); + code = krb5_cc_default(context, &cc); if (code) goto cleanup; } - code = pkrb5_cc_get_principal(ctx, cc, &me); + code = krb5_cc_get_principal(context, cc, &me); if (code) goto cleanup; - realm = krb5_princ_realm(ctx, me); + realm = krb5_principal_get_realm(context, me); - code = pkrb5_build_principal_ext(ctx, &server, - realm->length,realm->data, - KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME, - realm->length,realm->data, - 0); + code = krb5_make_principal(context, &server, realm, + KRB5_TGS_NAME, realm, NULL); if ( code ) goto cleanup; if ( IsDebuggerPresent() ) { char * cname, *sname; - pkrb5_unparse_name(ctx, me, &cname); - pkrb5_unparse_name(ctx, server, &sname); - OutputDebugString("Renewing credential for client \""); - OutputDebugString(cname); - OutputDebugString("\" and service \""); - OutputDebugString(sname); - OutputDebugString("\"\n"); - pkrb5_free_unparsed_name(ctx,cname); - pkrb5_free_unparsed_name(ctx,sname); + krb5_unparse_name(context, me, &cname); + krb5_unparse_name(context, server, &sname); + DebugPrintf("Renewing credential for client \"%s\" and service\"%s\"\n", + cname, sname); + krb5_free_unparsed_name(context,cname); + krb5_free_unparsed_name(context,sname); } my_creds.client = me; my_creds.server = server; - code = pkrb5_get_renewed_creds(ctx, &my_creds, me, cc, NULL); + code = krb5_get_renewed_creds(context, &my_creds, me, cc, NULL); if (code) { - if ( IsDebuggerPresent() ) { - char message[256]; - StringCbPrintf(message, sizeof(message), "krb5_get_renewed_creds() failed: %d\n", code); - OutputDebugString(message); - } + DebugPrintf("krb5_get_renewed_creds() failed: %d\n", code); goto cleanup; } - code = pkrb5_cc_initialize(ctx, cc, me); + code = krb5_cc_initialize(context, cc, me); if (code) { - if ( IsDebuggerPresent() ) { - char message[256]; - StringCbPrintf(message, sizeof(message), "krb5_cc_initialize() failed: %d\n", code); - OutputDebugString(message); - } + DebugPrintf("krb5_cc_initialize() failed: %d\n", code); goto cleanup; } - code = pkrb5_cc_store_cred(ctx, cc, &my_creds); + code = krb5_cc_store_cred(context, cc, &my_creds); if (code) { - if ( IsDebuggerPresent() ) { - char message[256]; - StringCbPrintf(message, sizeof(message), "krb5_cc_store_cred() failed: %d\n", code); - OutputDebugString(message); - } + DebugPrintf("krb5_cc_store_cred() failed: %d\n", code); goto cleanup; } @@ -2030,151 +1703,113 @@ KFW_renew(krb5_context alt_ctx, krb5_ccache alt_cc) my_creds.client = 0; if (my_creds.server == server) my_creds.server = 0; - pkrb5_free_cred_contents(ctx, &my_creds); + krb5_free_cred_contents(context, &my_creds); if (me) - pkrb5_free_principal(ctx, me); + krb5_free_principal(context, me); if (server) - pkrb5_free_principal(ctx, server); + krb5_free_principal(context, server); if (cc && (cc != alt_cc)) - pkrb5_cc_close(ctx, cc); - if (ctx && (ctx != alt_ctx)) - pkrb5_free_context(ctx); + krb5_cc_close(context, cc); + if (context && (context != alt_context)) + krb5_free_context(context); return(code); } int -KFW_kinit( krb5_context alt_ctx, - krb5_ccache alt_cc, - HWND hParent, - char *principal_name, - char *password, - krb5_deltat lifetime, - DWORD forwardable, - DWORD proxiable, - krb5_deltat renew_life, - DWORD addressless, - DWORD publicIP - ) +KFW_kinit( krb5_context alt_context, + krb5_ccache alt_cc, + HWND hParent, + char *principal_name, + char *password, + krb5_deltat lifetime, + DWORD forwardable, + DWORD proxiable, + krb5_deltat renew_life, + DWORD addressless, + DWORD publicIP) { krb5_error_code code = 0; - krb5_context ctx = NULL; + krb5_context context = NULL; krb5_ccache cc = NULL; krb5_principal me = NULL; char* name = NULL; krb5_creds my_creds; - krb5_get_init_creds_opt options; - krb5_address ** addrs = NULL; + krb5_get_init_creds_opt *options = NULL; + krb5_addresses addrs = {0, NULL}; int i = 0, addr_count = 0; - if (!pkrb5_init_context) - return KRB5_CONFIG_CANTOPEN; - - pkrb5_get_init_creds_opt_init(&options); memset(&my_creds, 0, sizeof(my_creds)); - if (alt_ctx) - { - ctx = alt_ctx; - } - else - { - code = pkrb5_init_context(&ctx); + if (alt_context) { + context = alt_context; + } else { + code = krb5_init_context(&context); if (code) goto cleanup; } if ( alt_cc ) { cc = alt_cc; } else { - code = pkrb5_cc_default(ctx, &cc); + code = krb5_cc_default(context, &cc); if (code) goto cleanup; } - code = pkrb5_parse_name(ctx, principal_name, &me); - if (code) - goto cleanup; + code = krb5_get_init_creds_opt_alloc(context, &options); + if (code) goto cleanup; - code = pkrb5_unparse_name(ctx, me, &name); - if (code) - goto cleanup; + code = krb5_parse_name(context, principal_name, &me); + if (code) goto cleanup; + + code = krb5_unparse_name(context, me, &name); + if (code) goto cleanup; if (lifetime == 0) - lifetime = DEFAULT_LIFETIME; + lifetime = KFW_get_default_lifetime(context, + krb5_principal_get_realm(context, me)); + lifetime *= 60; if (renew_life > 0) renew_life *= 60; if (lifetime) - pkrb5_get_init_creds_opt_set_tkt_life(&options, lifetime); - pkrb5_get_init_creds_opt_set_forwardable(&options, - forwardable ? 1 : 0); - pkrb5_get_init_creds_opt_set_proxiable(&options, - proxiable ? 1 : 0); - pkrb5_get_init_creds_opt_set_renew_life(&options, - renew_life); - if (addressless) - pkrb5_get_init_creds_opt_set_address_list(&options,NULL); - else { - if (publicIP) - { + krb5_get_init_creds_opt_set_tkt_life(options, lifetime); + krb5_get_init_creds_opt_set_forwardable(options, forwardable ? 1 : 0); + krb5_get_init_creds_opt_set_proxiable(options, proxiable ? 1 : 0); + krb5_get_init_creds_opt_set_renew_life(options, renew_life); + if (addressless) { + krb5_get_init_creds_opt_set_addressless(context, options, TRUE); + } else { + if (publicIP) { // we are going to add the public IP address specified by the user // to the list provided by the operating system - krb5_address ** local_addrs=NULL; - DWORD netIPAddr; - - pkrb5_os_localaddr(ctx, &local_addrs); - while ( local_addrs[i++] ); - addr_count = i + 1; - - addrs = (krb5_address **) malloc((addr_count+1) * sizeof(krb5_address *)); - if ( !addrs ) { - pkrb5_free_addresses(ctx, local_addrs); - goto cleanup; - } - memset(addrs, 0, sizeof(krb5_address *) * (addr_count+1)); - i = 0; - while ( local_addrs[i] ) { - addrs[i] = (krb5_address *)malloc(sizeof(krb5_address)); - if (addrs[i] == NULL) { - pkrb5_free_addresses(ctx, local_addrs); - goto cleanup; - } + struct sockaddr_in in_addr; + krb5_address addr; + krb5_addresses addr_l; - addrs[i]->magic = local_addrs[i]->magic; - addrs[i]->addrtype = local_addrs[i]->addrtype; - addrs[i]->length = local_addrs[i]->length; - addrs[i]->contents = (unsigned char *)malloc(addrs[i]->length); - if (!addrs[i]->contents) { - pkrb5_free_addresses(ctx, local_addrs); - goto cleanup; - } + krb5_get_all_client_addrs(context, &addrs); - memcpy(addrs[i]->contents,local_addrs[i]->contents, - local_addrs[i]->length); /* safe */ - i++; - } - pkrb5_free_addresses(ctx, local_addrs); + in_addr.sin_family = AF_INET; + in_addr.sin_port = 0; + in_addr.sin_addr.S_un.S_addr = htonl(publicIP); - addrs[i] = (krb5_address *)malloc(sizeof(krb5_address)); - if (addrs[i] == NULL) - goto cleanup; + code = krb5_sockaddr2address(context, (struct sockaddr *)&in_addr, + &addr); - addrs[i]->magic = KV5M_ADDRESS; - addrs[i]->addrtype = AF_INET; - addrs[i]->length = 4; - addrs[i]->contents = (unsigned char *)malloc(addrs[i]->length); - if (!addrs[i]->contents) - goto cleanup; + if (code == 0) { + addr_l.len = 1; + addr_l.val = &addr; - netIPAddr = htonl(publicIP); - memcpy(addrs[i]->contents,&netIPAddr,4); + code = krb5_append_addresses(context, &addrs, &addr_l); - pkrb5_get_init_creds_opt_set_address_list(&options,addrs); + krb5_free_address(context, &addr); + } + krb5_get_init_creds_opt_set_address_list(options, &addrs); } } - code = pkrb5_get_init_creds_password(ctx, + code = krb5_get_init_creds_password(context, &my_creds, me, password, // password @@ -2182,78 +1817,69 @@ KFW_kinit( krb5_context alt_ctx, hParent, // prompter data 0, // start time 0, // service name - &options); + options); if (code) goto cleanup; - code = pkrb5_cc_initialize(ctx, cc, me); + code = krb5_cc_initialize(context, cc, me); if (code) goto cleanup; - code = pkrb5_cc_store_cred(ctx, cc, &my_creds); + code = krb5_cc_store_cred(context, cc, &my_creds); if (code) goto cleanup; cleanup: - if ( addrs ) { - for ( i=0;icontents ) - free(addrs[i]->contents); - free(addrs[i]); - } - } - } + if ( addrs.len > 0 ) + krb5_free_addresses(context, &addrs); + if (my_creds.client == me) my_creds.client = 0; - pkrb5_free_cred_contents(ctx, &my_creds); + + krb5_free_cred_contents(context, &my_creds); if (name) - pkrb5_free_unparsed_name(ctx, name); + krb5_free_unparsed_name(context, name); if (me) - pkrb5_free_principal(ctx, me); + krb5_free_principal(context, me); + if (options) + krb5_get_init_creds_opt_free(context, options); if (cc && (cc != alt_cc)) - pkrb5_cc_close(ctx, cc); - if (ctx && (ctx != alt_ctx)) - pkrb5_free_context(ctx); + krb5_cc_close(context, cc); + if (context && (context != alt_context)) + krb5_free_context(context); return(code); } int -KFW_kdestroy(krb5_context alt_ctx, krb5_ccache alt_cc) +KFW_kdestroy(krb5_context alt_context, krb5_ccache alt_cc) { - krb5_context ctx = NULL; + krb5_context context = NULL; krb5_ccache cc = NULL; krb5_error_code code; - if (!pkrb5_init_context) - return KRB5_CONFIG_CANTOPEN; - - if (alt_ctx) - { - ctx = alt_ctx; - } - else - { - code = pkrb5_init_context(&ctx); + if (alt_context) { + context = alt_context; + } else { + code = krb5_init_context(&context); if (code) goto cleanup; } if ( alt_cc ) { cc = alt_cc; } else { - code = pkrb5_cc_default(ctx, &cc); + code = krb5_cc_default(context, &cc); if (code) goto cleanup; } - code = pkrb5_cc_destroy(ctx, cc); + code = krb5_cc_destroy(context, cc); if ( !code ) cc = 0; cleanup: if (cc && (cc != alt_cc)) - pkrb5_cc_close(ctx, cc); - if (ctx && (ctx != alt_ctx)) - pkrb5_free_context(ctx); + krb5_cc_close(context, cc); + if (context && (context != alt_context)) + krb5_free_context(context); return(code); } @@ -2282,7 +1908,7 @@ GetSecurityLogonSessionData(PSECURITY_LOGON_SESSION_DATA * ppSessionData) if ( !Success ) return FALSE; - Status = pLsaGetLogonSessionData( &Stats.AuthenticationId, ppSessionData ); + Status = LsaGetLogonSessionData( &Stats.AuthenticationId, ppSessionData ); if ( FAILED(Status) || !ppSessionData ) return FALSE; @@ -2321,7 +1947,7 @@ MSLSA_IsKerberosLogon(VOID) Success = TRUE; } } - pLsaFreeReturnBuffer(pSessionData); + LsaFreeReturnBuffer(pSessionData); } return Success; } @@ -2826,25 +2452,22 @@ ViceIDToUsername(char *username, static void copy_realm_of_ticket(krb5_context context, char * dest, size_t destlen, krb5_creds *v5cred) { - krb5_error_code code; - krb5_ticket *ticket; + Ticket ticket; size_t len; + int ret; - code = pkrb5_decode_ticket(&v5cred->ticket, &ticket); - if (code == 0) { - len = krb5_princ_realm(context, ticket->server)->length; - if (len > destlen - 1) - len = destlen - 1; - - StringCbCopyN(dest, destlen, krb5_princ_realm(context, ticket->server)->data, len); + ret = decode_Ticket(v5cred->ticket.data, v5cred->ticket.length, + &ticket, &len); + if (ret == 0) { + StringCbCopy(dest, destlen, ticket.realm); - pkrb5_free_ticket(context, ticket); + free_Ticket(&ticket); } } int KFW_AFS_klog( - krb5_context alt_ctx, + krb5_context alt_context, krb5_ccache alt_cc, char *service, char *cell, @@ -2854,10 +2477,6 @@ KFW_AFS_klog( ) { long rc = 0; - CREDENTIALS creds; -#ifdef USE_KRB4 - KTEXT_ST ticket; -#endif /* USE_KRB4 */ struct ktc_principal aserver; struct ktc_principal aclient; char realm_of_user[REALM_SZ]; /* Kerberos realm of user */ @@ -2872,15 +2491,14 @@ KFW_AFS_klog( char ServiceName[128]; DWORD CurrentState; char HostName[64]; - BOOL try_krb5 = 0; - krb5_context ctx = NULL; + krb5_context context = NULL; krb5_ccache cc = NULL; krb5_creds increds; krb5_creds * k5creds = NULL; krb5_error_code code; krb5_principal client_principal = NULL; krb5_data * k5data = NULL; - unsigned int i, retry = 0; + unsigned int retry = 0; CurrentState = 0; memset(HostName, '\0', sizeof(HostName)); @@ -2896,9 +2514,6 @@ KFW_AFS_klog( return(-2); } - if (!pkrb5_init_context) - return KRB5_CONFIG_CANTOPEN; - memset(&ak_cellconfig, 0, sizeof(ak_cellconfig)); memset(RealmName, '\0', sizeof(RealmName)); memset(CellName, '\0', sizeof(CellName)); @@ -2918,69 +2533,50 @@ KFW_AFS_klog( return(rc); } - if ( alt_ctx ) { - ctx = alt_ctx; + if ( alt_context ) { + context = alt_context; } else { - code = pkrb5_init_context(&ctx); + code = krb5_init_context(&context); if (code) goto cleanup; } if ( alt_cc ) { cc = alt_cc; } else { - code = pkrb5_cc_default(ctx, &cc); - if (code) goto skip_krb5_init; + code = krb5_cc_default(context, &cc); + if (code) + goto cleanup; } memset(&increds, 0, sizeof(increds)); - code = pkrb5_cc_get_principal(ctx, cc, &client_principal); + code = krb5_cc_get_principal(context, cc, &client_principal); if (code) { if ( code == KRB5_CC_NOTFOUND && IsDebuggerPresent() ) { OutputDebugString("Principal Not Found for ccache\n"); } - goto skip_krb5_init; + goto cleanup; } if (!KFW_accept_dotted_usernames()) { + const char * comp; /* look for client principals which cannot be distinguished * from Kerberos 4 multi-component principal names */ - k5data = krb5_princ_component(ctx,client_principal,0); - for ( i=0; ilength; i++ ) { - if ( k5data->data[i] == '.' ) - break; - } - if (i != k5data->length) - { + comp = krb5_principal_get_comp_string(context,client_principal,0); + if (strchr(comp, '.') != NULL) { OutputDebugString("Illegal Principal name contains dot in first component\n"); rc = KRB5KRB_ERR_GENERIC; goto cleanup; } } - i = krb5_princ_realm(ctx, client_principal)->length; - if (i > REALM_SZ-1) - i = REALM_SZ-1; - StringCbCopyN( realm_of_user, sizeof(realm_of_user), - krb5_princ_realm(ctx, client_principal)->data, i); - try_krb5 = 1; - - skip_krb5_init: -#ifdef USE_KRB4 - if ( !try_krb5 || !realm_of_user[0] ) { - if ((rc = (*pkrb_get_tf_realm)((*ptkt_string)(), realm_of_user)) != KSUCCESS) - { - goto cleanup; - } - } -#else - if (!try_krb5) - goto cleanup; -#endif + StringCbCopy(realm_of_user, sizeof(realm_of_user), + krb5_principal_get_realm(context, client_principal)); + StringCbCopyN( realm_of_cell, sizeof(realm_of_cell), - afs_realm_of_cell(ctx, &ak_cellconfig), + afs_realm_of_cell(context, &ak_cellconfig), sizeof(realm_of_cell) - 1); if (strlen(service) == 0) @@ -3004,374 +2600,198 @@ KFW_AFS_klog( StringCbCopyN( RealmName, sizeof(RealmName), realm, sizeof(RealmName) - 1); - memset(&creds, '\0', sizeof(creds)); + code = KRB5KRB_ERR_GENERIC; - if ( try_krb5 ) { - int len; - code = KRB5KRB_ERR_GENERIC; + increds.client = client_principal; + increds.times.endtime = 0; + /* Ask for DES since that is what V4 understands */ + increds.session.keytype = ENCTYPE_DES_CBC_CRC; + /* ALWAYS first try service/cell@CLIENT_REALM */ + if (code = krb5_build_principal(context, &increds.server, + (int)strlen(realm_of_user), + realm_of_user, + ServiceName, + CellName, + 0)) + { + goto cleanup; + } - increds.client = client_principal; - increds.times.endtime = 0; - /* Ask for DES since that is what V4 understands */ - increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC; + if ( IsDebuggerPresent() ) { + char * cname, *sname; + krb5_unparse_name(context, increds.client, &cname); + krb5_unparse_name(context, increds.server, &sname); + OutputDebugString("Getting tickets for \""); + OutputDebugString(cname); + OutputDebugString("\" and service \""); + OutputDebugString(sname); + OutputDebugString("\"\n"); + krb5_free_unparsed_name(context,cname); + krb5_free_unparsed_name(context,sname); + } - /* ALWAYS first try service/cell@CLIENT_REALM */ - if (code = pkrb5_build_principal(ctx, &increds.server, - (int)strlen(realm_of_user), - realm_of_user, - ServiceName, - CellName, - 0)) - { - goto cleanup; - } + code = krb5_get_credentials(context, 0, cc, &increds, &k5creds); + if (code == 0) { + /* + * The client's realm is a local realm for the cell. + * Save it so that later the pts registration will not + * be performed. + */ + StringCbCopyN(realm_of_cell, sizeof(realm_of_cell), + realm_of_user, sizeof(realm_of_cell) - 1); + } - if ( IsDebuggerPresent() ) { - char * cname, *sname; - pkrb5_unparse_name(ctx, increds.client, &cname); - pkrb5_unparse_name(ctx, increds.server, &sname); - OutputDebugString("Getting tickets for \""); - OutputDebugString(cname); - OutputDebugString("\" and service \""); - OutputDebugString(sname); - OutputDebugString("\"\n"); - pkrb5_free_unparsed_name(ctx,cname); - pkrb5_free_unparsed_name(ctx,sname); - } + if (code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN || + code == KRB5_ERR_HOST_REALM_UNKNOWN || + code == KRB5KRB_ERR_GENERIC /* heimdal */ || + code == KRB5KRB_AP_ERR_MSG_TYPE) { + /* + * If there was a specific realm we are supposed to try + * then use it + */ + if (strlen(realm) != 0) { + /* service/cell@REALM */ + increds.server = 0; + code = krb5_build_principal(context, &increds.server, + (int)strlen(realm), + realm, + ServiceName, + 0); - code = pkrb5_get_credentials(ctx, 0, cc, &increds, &k5creds); - if (code == 0) { - /* The client's realm is a local realm for the cell. - * Save it so that later the pts registration will not - * be performed. - */ - StringCbCopyN( realm_of_cell, sizeof(realm_of_cell), - realm_of_user, sizeof(realm_of_cell) - 1); - } + if ( IsDebuggerPresent() ) { + char * cname, *sname; + krb5_unparse_name(context, increds.client, &cname); + krb5_unparse_name(context, increds.server, &sname); + OutputDebugString("Getting tickets for \""); + OutputDebugString(cname); + OutputDebugString("\" and service \""); + OutputDebugString(sname); + OutputDebugString("\"\n"); + krb5_free_unparsed_name(context,cname); + krb5_free_unparsed_name(context,sname); + } + if (!code) + code = krb5_get_credentials(context, 0, cc, &increds, &k5creds); - if (code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN || - code == KRB5_ERR_HOST_REALM_UNKNOWN || - code == KRB5KRB_ERR_GENERIC /* heimdal */ || - code == KRB5KRB_AP_ERR_MSG_TYPE) { - /* If there was a specific realm we are supposed to try - * then use it - */ - if (strlen(realm) != 0) { - /* service/cell@REALM */ + if (code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN || + code == KRB5_ERR_HOST_REALM_UNKNOWN || + code == KRB5KRB_ERR_GENERIC /* heimdal */ || + code == KRB5KRB_AP_ERR_MSG_TYPE) { + /* Or service@REALM */ + krb5_free_principal(context,increds.server); increds.server = 0; - code = pkrb5_build_principal(ctx, &increds.server, - (int)strlen(realm), - realm, - ServiceName, - CellName, - 0); + code = krb5_build_principal(context, &increds.server, + (int)strlen(realm), + realm, + ServiceName, + 0); + if ( IsDebuggerPresent() ) { char * cname, *sname; - pkrb5_unparse_name(ctx, increds.client, &cname); - pkrb5_unparse_name(ctx, increds.server, &sname); - OutputDebugString("Getting tickets for \""); + krb5_unparse_name(context, increds.client, &cname); + krb5_unparse_name(context, increds.server, &sname); + DebugPrintf("Getting tickets for \"%s\" and service \"%s\"\n", cname, sname); + krb5_free_unparsed_name(context,cname); + krb5_free_unparsed_name(context,sname); + } + + if (!code) + code = krb5_get_credentials(context, 0, cc, &increds, &k5creds); + } + + if (code == 0) { + /* we have a local realm for the cell */ + StringCbCopyN( realm_of_cell, sizeof(realm_of_cell), + realm, sizeof(realm_of_cell) - 1); + } + } else { + if (strcmp(realm_of_user, realm_of_cell)) { + /* Then service/cell@CELL_REALM */ + krb5_free_principal(context,increds.server); + increds.server = 0; + code = krb5_build_principal(context, &increds.server, + (int)strlen(realm_of_cell), + realm_of_cell, + ServiceName, + CellName, + 0); + if ( IsDebuggerPresent()) { + char * cname, *sname; + krb5_unparse_name(context, increds.client, &cname); + krb5_unparse_name(context, increds.server, &sname); + OutputDebugString("krb5_get_credentials() returned Service Principal Unknown\n"); + OutputDebugString("Trying again: getting tickets for \""); OutputDebugString(cname); OutputDebugString("\" and service \""); OutputDebugString(sname); OutputDebugString("\"\n"); - pkrb5_free_unparsed_name(ctx,cname); - pkrb5_free_unparsed_name(ctx,sname); + krb5_free_unparsed_name(context,cname); + krb5_free_unparsed_name(context,sname); } if (!code) - code = pkrb5_get_credentials(ctx, 0, cc, &increds, &k5creds); - - if (code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN || - code == KRB5_ERR_HOST_REALM_UNKNOWN || - code == KRB5KRB_ERR_GENERIC /* heimdal */ || - code == KRB5KRB_AP_ERR_MSG_TYPE) { - /* Or service@REALM */ - pkrb5_free_principal(ctx,increds.server); - increds.server = 0; - code = pkrb5_build_principal(ctx, &increds.server, - (int)strlen(realm), - realm, - ServiceName, - 0); - - if ( IsDebuggerPresent() ) { - char * cname, *sname; - pkrb5_unparse_name(ctx, increds.client, &cname); - pkrb5_unparse_name(ctx, increds.server, &sname); - OutputDebugString("krb5_get_credentials() returned Service Principal Unknown\n"); - OutputDebugString("Trying again: getting tickets for \""); - OutputDebugString(cname); - OutputDebugString("\" and service \""); - OutputDebugString(sname); - OutputDebugString("\"\n"); - pkrb5_free_unparsed_name(ctx,cname); - pkrb5_free_unparsed_name(ctx,sname); - } - - if (!code) - code = pkrb5_get_credentials(ctx, 0, cc, &increds, &k5creds); - } - - if (code == 0) { - /* we have a local realm for the cell */ - StringCbCopyN( realm_of_cell, sizeof(realm_of_cell), - realm, sizeof(realm_of_cell) - 1); - } - } else { - if (strcmp(realm_of_user, realm_of_cell)) { - /* Then service/cell@CELL_REALM */ - pkrb5_free_principal(ctx,increds.server); - increds.server = 0; - code = pkrb5_build_principal(ctx, &increds.server, - (int)strlen(realm_of_cell), - realm_of_cell, - ServiceName, - CellName, - 0); - if ( IsDebuggerPresent() ) { - char * cname, *sname; - pkrb5_unparse_name(ctx, increds.client, &cname); - pkrb5_unparse_name(ctx, increds.server, &sname); - OutputDebugString("krb5_get_credentials() returned Service Principal Unknown\n"); - OutputDebugString("Trying again: getting tickets for \""); - OutputDebugString(cname); - OutputDebugString("\" and service \""); - OutputDebugString(sname); - OutputDebugString("\"\n"); - pkrb5_free_unparsed_name(ctx,cname); - pkrb5_free_unparsed_name(ctx,sname); - } - - if (!code) - code = pkrb5_get_credentials(ctx, 0, cc, &increds, &k5creds); - - if (!code && !strlen(realm_of_cell)) - copy_realm_of_ticket(ctx, realm_of_cell, sizeof(realm_of_cell), k5creds); - } + code = krb5_get_credentials(context, 0, cc, &increds, &k5creds); - if (code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN || - code == KRB5_ERR_HOST_REALM_UNKNOWN || - code == KRB5KRB_ERR_GENERIC /* heimdal */ || - code == KRB5KRB_AP_ERR_MSG_TYPE) { - /* Finally service@CELL_REALM */ - pkrb5_free_principal(ctx,increds.server); - increds.server = 0; - code = pkrb5_build_principal(ctx, &increds.server, - (int)strlen(realm_of_cell), - realm_of_cell, - ServiceName, - 0); - - if ( IsDebuggerPresent() ) { - char * cname, *sname; - pkrb5_unparse_name(ctx, increds.client, &cname); - pkrb5_unparse_name(ctx, increds.server, &sname); - OutputDebugString("krb5_get_credentials() returned Service Principal Unknown\n"); - OutputDebugString("Trying again: getting tickets for \""); - OutputDebugString(cname); - OutputDebugString("\" and service \""); - OutputDebugString(sname); - OutputDebugString("\"\n"); - pkrb5_free_unparsed_name(ctx,cname); - pkrb5_free_unparsed_name(ctx,sname); - } - - if (!code) - code = pkrb5_get_credentials(ctx, 0, cc, &increds, &k5creds); - if (!code && !strlen(realm_of_cell)) - copy_realm_of_ticket(ctx, realm_of_cell, sizeof(realm_of_cell), k5creds); - } + if (!code && !strlen(realm_of_cell)) + copy_realm_of_ticket(context, realm_of_cell, sizeof(realm_of_cell), k5creds); } } - if (code) { - if ( IsDebuggerPresent() ) { - char message[256]; - StringCbPrintf(message, sizeof(message), "krb5_get_credentials returns: %d\n", code); - OutputDebugString(message); - } - try_krb5 = 0; - goto use_krb4; - } + if (code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN || + code == KRB5_ERR_HOST_REALM_UNKNOWN || + code == KRB5KRB_ERR_GENERIC /* heimdal */ || + code == KRB5KRB_AP_ERR_MSG_TYPE) { + /* Finally service@CELL_REALM */ + krb5_free_principal(context,increds.server); + increds.server = 0; + code = krb5_build_principal(context, &increds.server, + (int)strlen(realm_of_cell), + realm_of_cell, + ServiceName, + 0); - /* This code inserts the entire K5 ticket into the token - * No need to perform a krb524 translation which is - * commented out in the code below - */ - if (KFW_use_krb524() || - k5creds->ticket.length > MAXKTCTICKETLEN) { if ( IsDebuggerPresent() ) { - char message[256]; - StringCbPrintf(message, sizeof(message), - "switching to krb524 .. ticket length %u\n", - k5creds->ticket.length); - OutputDebugString(message); - } - goto try_krb524d; - } - memset(&aserver, '\0', sizeof(aserver)); - StringCbCopyN(aserver.name, sizeof(aserver.name), - ServiceName, sizeof(aserver.name) - 1); - StringCbCopyN(aserver.cell, sizeof(aserver.cell), - CellName, sizeof(aserver.cell) - 1); - - memset(&atoken, '\0', sizeof(atoken)); - atoken.kvno = RXKAD_TKT_TYPE_KERBEROS_V5; - atoken.startTime = k5creds->times.starttime; - atoken.endTime = k5creds->times.endtime; - memcpy(&atoken.sessionKey, k5creds->keyblock.contents, k5creds->keyblock.length); - atoken.ticketLen = k5creds->ticket.length; - memcpy(atoken.ticket, k5creds->ticket.data, atoken.ticketLen); - - retry_gettoken5: - rc = ktc_GetToken(&aserver, &btoken, sizeof(btoken), &aclient); - if ( IsDebuggerPresent() ) { - char message[256]; - StringCbPrintf(message, sizeof(message), "ktc_GetToken returns: %d\n", rc); - OutputDebugString(message); - } - if (rc != 0 && rc != KTC_NOENT && rc != KTC_NOCELL) { - if ( rc == KTC_NOCM && retry < 20 ) { - Sleep(500); - retry++; - goto retry_gettoken5; + char * cname, *sname; + krb5_unparse_name(context, increds.client, &cname); + krb5_unparse_name(context, increds.server, &sname); + DebugPrintf("krb5_get_credentials() returned Service Principal Unknown\n" + "Trying again: getting tickets for \"%s\" and service \"%s\"\n", cname, sname); + krb5_free_unparsed_name(context,cname); + krb5_free_unparsed_name(context,sname); } - goto cleanup; - } - - if (atoken.kvno == btoken.kvno && - atoken.ticketLen == btoken.ticketLen && - !memcmp(&atoken.sessionKey, &btoken.sessionKey, sizeof(atoken.sessionKey)) && - !memcmp(atoken.ticket, btoken.ticket, atoken.ticketLen)) - { - /* Success - Nothing to do */ - goto cleanup; - } - - // * Reset the "aclient" structure before we call ktc_SetToken. - // * This structure was first set by the ktc_GetToken call when - // * we were comparing whether identical tokens already existed. - len = min(k5creds->client->data[0].length, sizeof(aclient.name) - 1); - StringCbCopyN( aclient.name, sizeof(aclient.name), - k5creds->client->data[0].data, len); - - if ( k5creds->client->length > 1 ) { - StringCbCat( aclient.name, sizeof(aclient.name), "."); - len = min(k5creds->client->data[1].length, (int)(sizeof(aclient.name) - strlen(aclient.name) - 1)); - StringCbCatN( aclient.name, sizeof(aclient.name), - k5creds->client->data[1].data, len); - } - aclient.instance[0] = '\0'; - - StringCbCopyN( aclient.cell, sizeof(aclient.cell), - realm_of_cell, sizeof(aclient.cell) - 1); - - /* For Khimaira, always append the realm name */ - StringCbCat( aclient.name, sizeof(aclient.name), "@"); - len = min(k5creds->client->realm.length, (int)(sizeof(aclient.name) - strlen(aclient.name) - 1)); - StringCbCatN( aclient.name, sizeof(aclient.name), k5creds->client->realm.data, len); - - GetEnvironmentVariable(DO_NOT_REGISTER_VARNAME, NULL, 0); - if (GetLastError() == ERROR_ENVVAR_NOT_FOUND) - ViceIDToUsername(aclient.name, realm_of_user, realm_of_cell, CellName, - &aclient, &aserver, &atoken); - - if ( smbname ) { - StringCbCopyN( aclient.smbname, sizeof(aclient.smbname), - smbname, sizeof(aclient.smbname) - 1); - } else { - aclient.smbname[0] = '\0'; - } - if ( IsDebuggerPresent() ) { - char message[256]; - StringCbPrintf(message, sizeof(message), "aclient.name: %s\n", aclient.name); - OutputDebugString(message); - StringCbPrintf(message, sizeof(message), "aclient.smbname: %s\n", aclient.smbname); - OutputDebugString(message); - } - - rc = ktc_SetToken(&aserver, &atoken, &aclient, (aclient.smbname[0]?AFS_SETTOK_LOGON:0)); - if ( IsDebuggerPresent() ) { - char message[256]; - StringCbPrintf(message, sizeof(message), "ktc_SetToken returns: %d\n", rc); - OutputDebugString(message); - } - if (!rc) - goto cleanup; /* We have successfully inserted the token */ - - try_krb524d: -#ifndef USE_KRB524 - goto cleanup; -#else - /* Otherwise, the ticket could have been too large so try to - * convert using the krb524d running with the KDC - */ - code = pkrb524_convert_creds_kdc(ctx, k5creds, &creds); - pkrb5_free_creds(ctx, k5creds); - if (code) { - if ( IsDebuggerPresent() ) { - char message[256]; - StringCbPrintf(message, sizeof(message), "krb524_convert_creds_kdc returns: %d\n", code); - OutputDebugString(message); - } - try_krb5 = 0; - goto use_krb4; - } -#endif /* USE_KRB524 */ - } else { - use_krb4: -#ifdef USE_KRB4 - code = (*pkrb_get_cred)(ServiceName, CellName, RealmName, &creds); - if (code == NO_TKT_FIL) { - // if the problem is that we have no krb4 tickets - // do not attempt to continue - goto cleanup; + if (!code) + code = krb5_get_credentials(context, 0, cc, &increds, &k5creds); + if (!code && !strlen(realm_of_cell)) + copy_realm_of_ticket(context, realm_of_cell, sizeof(realm_of_cell), k5creds); } - if (code != KSUCCESS) - code = (*pkrb_get_cred)(ServiceName, "", RealmName, &creds); + } - if (code != KSUCCESS) - { - if ((code = (*pkrb_mk_req)(&ticket, ServiceName, CellName, RealmName, 0)) == KSUCCESS) - { - if ((code = (*pkrb_get_cred)(ServiceName, CellName, RealmName, &creds)) != KSUCCESS) - { - goto cleanup; - } - } - else if ((code = (*pkrb_mk_req)(&ticket, ServiceName, "", RealmName, 0)) == KSUCCESS) - { - if ((code = (*pkrb_get_cred)(ServiceName, "", RealmName, &creds)) != KSUCCESS) - { - goto cleanup; - } - } - else - { - goto cleanup; - } - } -#else + if (code) { + DebugPrintf("krb5_get_credentials returns: %d\n", code); goto cleanup; -#endif } + /* This code inserts the entire K5 ticket into the token */ memset(&aserver, '\0', sizeof(aserver)); - StringCbCopyN( aserver.name, sizeof(aserver.name), ServiceName, sizeof(aserver.name) - 1); - StringCbCopyN( aserver.cell, sizeof(aserver.cell), CellName, sizeof(aserver.cell) - 1); + StringCbCopyN(aserver.name, sizeof(aserver.name), + ServiceName, sizeof(aserver.name) - 1); + StringCbCopyN(aserver.cell, sizeof(aserver.cell), + CellName, sizeof(aserver.cell) - 1); memset(&atoken, '\0', sizeof(atoken)); - atoken.kvno = creds.kvno; - atoken.startTime = creds.issue_date; - atoken.endTime = creds.issue_date + life_to_time(0,creds.lifetime); - memcpy(&atoken.sessionKey, creds.session, 8); - atoken.ticketLen = creds.ticket_st.length; - memcpy(atoken.ticket, creds.ticket_st.dat, atoken.ticketLen); - - retry_gettoken: + atoken.kvno = RXKAD_TKT_TYPE_KERBEROS_V5; + atoken.startTime = k5creds->times.starttime; + atoken.endTime = k5creds->times.endtime; + memcpy(&atoken.sessionKey, + k5creds->session.keyvalue.data, + k5creds->session.keyvalue.length); + atoken.ticketLen = k5creds->ticket.length; + memcpy(atoken.ticket, k5creds->ticket.data, atoken.ticketLen); + + retry_gettoken5: rc = ktc_GetToken(&aserver, &btoken, sizeof(btoken), &aclient); if ( IsDebuggerPresent() ) { char message[256]; @@ -3382,18 +2802,17 @@ KFW_AFS_klog( if ( rc == KTC_NOCM && retry < 20 ) { Sleep(500); retry++; - goto retry_gettoken; + goto retry_gettoken5; } - KFW_AFS_error(rc, "ktc_GetToken()"); - code = rc; goto cleanup; } if (atoken.kvno == btoken.kvno && - atoken.ticketLen == btoken.ticketLen && - !memcmp(&atoken.sessionKey, &btoken.sessionKey, sizeof(atoken.sessionKey)) && - !memcmp(atoken.ticket, btoken.ticket, atoken.ticketLen)) + atoken.ticketLen == btoken.ticketLen && + !memcmp(&atoken.sessionKey, &btoken.sessionKey, sizeof(atoken.sessionKey)) && + !memcmp(atoken.ticket, btoken.ticket, atoken.ticketLen)) { + /* Success - Nothing to do */ goto cleanup; } @@ -3401,33 +2820,35 @@ KFW_AFS_klog( // * This structure was first set by the ktc_GetToken call when // * we were comparing whether identical tokens already existed. - StringCbCopyN( aclient.name, sizeof(aclient.name), creds.pname, sizeof(aclient.name) - 1); - if (creds.pinst[0]) - { - strncat(aclient.name, ".", MAXKTCNAMELEN - 1); - strncat(aclient.name, creds.pinst, MAXKTCNAMELEN - 1); + StringCbCopy(aclient.name, sizeof(aclient.name), + krb5_principal_get_comp_string(context, k5creds->client, 0)); + + if ( krb5_principal_get_num_comp(context, k5creds->client) > 1 ) { + StringCbCat(aclient.name, sizeof(aclient.name), "."); + StringCbCat(aclient.name, sizeof(aclient.name), + krb5_principal_get_comp_string(context, k5creds->client, 1)); } aclient.instance[0] = '\0'; - strncat(aclient.name, "@", MAXKTCNAMELEN - 1); - strncat(aclient.name, creds.realm, MAXKTCREALMLEN - 1); - aclient.name[MAXKTCREALMLEN-1] = '\0'; + StringCbCopyN(aclient.cell, sizeof(aclient.cell), + realm_of_cell, sizeof(aclient.cell) - 1); - StringCbCopyN( aclient.cell, sizeof(aclient.cell), - CellName, sizeof(aclient.cell) - 1); + /* For Khimaira, always append the realm name */ + StringCbCat(aclient.name, sizeof(aclient.name), "@"); + StringCbCat(aclient.name, sizeof(aclient.name), + krb5_principal_get_realm(context, k5creds->client)); GetEnvironmentVariable(DO_NOT_REGISTER_VARNAME, NULL, 0); if (GetLastError() == ERROR_ENVVAR_NOT_FOUND) - ViceIDToUsername(aclient.name, realm_of_user, realm_of_cell, CellName, - &aclient, &aserver, &atoken); + ViceIDToUsername(aclient.name, realm_of_user, realm_of_cell, CellName, + &aclient, &aserver, &atoken); if ( smbname ) { - StringCbCopyN( aclient.smbname, sizeof(aclient.smbname), - smbname, sizeof(aclient.smbname) - 1); + StringCbCopyN(aclient.smbname, sizeof(aclient.smbname), + smbname, sizeof(aclient.smbname) - 1); } else { aclient.smbname[0] = '\0'; } - if ( IsDebuggerPresent() ) { char message[256]; StringCbPrintf(message, sizeof(message), "aclient.name: %s\n", aclient.name); @@ -3436,23 +2857,18 @@ KFW_AFS_klog( OutputDebugString(message); } - if (rc = ktc_SetToken(&aserver, &atoken, &aclient, (aclient.smbname[0]?AFS_SETTOK_LOGON:0))) - { - KFW_AFS_error(rc, "ktc_SetToken()"); - code = rc; - goto cleanup; - } + rc = ktc_SetToken(&aserver, &atoken, &aclient, (aclient.smbname[0]?AFS_SETTOK_LOGON:0)); - cleanup: +cleanup: if (client_principal) - pkrb5_free_principal(ctx,client_principal); + krb5_free_principal(context,client_principal); /* increds.client == client_principal */ if (increds.server) - pkrb5_free_principal(ctx,increds.server); + krb5_free_principal(context,increds.server); if (cc && (cc != alt_cc)) - pkrb5_cc_close(ctx, cc); - if (ctx && (ctx != alt_ctx)) - pkrb5_free_context(ctx); + krb5_cc_close(context, cc); + if (context && (context != alt_context)) + krb5_free_context(context); if (ak_cellconfig.linkedCell) free(ak_cellconfig.linkedCell); @@ -3463,7 +2879,7 @@ KFW_AFS_klog( /* afs_realm_of_cell(): */ /**************************************/ static char * -afs_realm_of_cell(krb5_context ctx, struct afsconf_cell *cellconfig) +afs_realm_of_cell(krb5_context context, struct afsconf_cell *cellconfig) { static char krbrlm[REALM_SZ+1]=""; char ** realmlist=NULL; @@ -3472,11 +2888,11 @@ afs_realm_of_cell(krb5_context ctx, struct afsconf_cell *cellconfig) if (!cellconfig) return 0; - r = pkrb5_get_host_realm(ctx, cellconfig->hostName[0], &realmlist); + r = krb5_get_host_realm(context, cellconfig->hostName[0], &realmlist); if ( !r && realmlist && realmlist[0] ) { StringCbCopyN( krbrlm, sizeof(krbrlm), realmlist[0], sizeof(krbrlm) - 1); - pkrb5_free_host_realm(ctx, realmlist); + krb5_free_host_realm(context, realmlist); } if ( !krbrlm[0] ) @@ -3515,7 +2931,7 @@ KFW_AFS_get_cellconfig(char *cell, struct afsconf_cell *cellconfig, char *local_ } if (strlen(cell) == 0) - strcpy(cell, local_cell); + StringCbCopy(cell, CELL_MAXNAMELEN, local_cell); rc = cm_SearchCellRegistry(1, cell, newcell, linkedcell, get_cellconfig_callback, (void*)cellconfig); if (rc && rc != CM_ERROR_FORCE_DNS_LOOKUP) @@ -3647,78 +3063,9 @@ cleanup: return(hr); } -void -UnloadFuncs( - FUNC_INFO fi[], - HINSTANCE h - ) -{ - int n; - if (fi) - for (n = 0; fi[n].func_ptr_var; n++) - *(fi[n].func_ptr_var) = 0; - if (h) FreeLibrary(h); -} - -int -LoadFuncs( - const char* dll_name, - FUNC_INFO fi[], - HINSTANCE* ph, // [out, optional] - DLL handle - int* pindex, // [out, optional] - index of last func loaded (-1 if none) - int cleanup, // cleanup function pointers and unload on error - int go_on, // continue loading even if some functions cannot be loaded - int silent // do not pop-up a system dialog if DLL cannot be loaded - ) -{ - HINSTANCE h; - int i, n, last_i; - int error = 0; - UINT em; - - if (ph) *ph = 0; - if (pindex) *pindex = -1; - - for (n = 0; fi[n].func_ptr_var; n++) - *(fi[n].func_ptr_var) = 0; - - if (silent) - em = SetErrorMode(SEM_FAILCRITICALERRORS); - h = LoadLibrary(dll_name); - if (silent) - SetErrorMode(em); - - if (!h) - return 0; - - last_i = -1; - for (i = 0; (go_on || !error) && (i < n); i++) - { - void* p = (void*)GetProcAddress(h, fi[i].func_name); - if (!p) - error = 1; - else - { - last_i = i; - *(fi[i].func_ptr_var) = p; - } - } - if (pindex) *pindex = last_i; - if (error && cleanup && !go_on) { - for (i = 0; i < n; i++) { - *(fi[i].func_ptr_var) = 0; - } - FreeLibrary(h); - return 0; - } - if (ph) *ph = h; - if (error) return 0; - return 1; -} - BOOL KFW_probe_kdc(struct afsconf_cell * cellconfig) { - krb5_context ctx = NULL; + krb5_context context = NULL; krb5_ccache cc = NULL; krb5_error_code code; krb5_data pwdata; @@ -3728,32 +3075,30 @@ BOOL KFW_probe_kdc(struct afsconf_cell * cellconfig) char password[PROBE_PASSWORD_LEN+1]; BOOL serverReachable = 0; - if (!pkrb5_init_context) - return KRB5_CONFIG_CANTOPEN; - - code = pkrb5_init_context(&ctx); + code = krb5_init_context(&context); if (code) goto cleanup; - realm = afs_realm_of_cell(ctx, cellconfig); // do not free + realm = afs_realm_of_cell(context, cellconfig); // do not free - code = pkrb5_build_principal(ctx, &principal, (int)strlen(realm), + code = krb5_build_principal(context, &principal, (int)strlen(realm), realm, PROBE_USERNAME, NULL, NULL); if ( code ) goto cleanup; - code = KFW_get_ccache(ctx, principal, &cc); + code = KFW_get_ccache(context, principal, &cc); if ( code ) goto cleanup; - code = pkrb5_unparse_name(ctx, principal, &pname); + code = krb5_unparse_name(context, principal, &pname); if ( code ) goto cleanup; pwdata.data = password; pwdata.length = PROBE_PASSWORD_LEN; - code = pkrb5_c_random_make_octets(ctx, &pwdata); - if (code) { + krb5_c_random_make_octets(context, &pwdata); + { int i; for ( i=0 ; i sizeof(cachename) ) return 1; - code = pkrb5_init_context(&ctx); + code = krb5_init_context(&context); if (code) return 1; StringCbCat( cachename, sizeof(cachename), filename); - code = pkrb5_cc_resolve(ctx, cachename, &cc); + code = krb5_cc_resolve(context, cachename, &cc); if (code) goto cleanup; - code = pkrb5_cc_get_principal(ctx, cc, &princ); + code = krb5_cc_get_principal(context, cc, &princ); - code = pkrb5_cc_default(ctx, &ncc); + code = krb5_cc_default(context, &ncc); if (!code) { - code = pkrb5_cc_initialize(ctx, ncc, princ); + code = krb5_cc_initialize(context, ncc, princ); if (!code) - code = pkrb5_cc_copy_creds(ctx,cc,ncc); + code = krb5_cc_copy_creds(context,cc,ncc); } if ( ncc ) { - pkrb5_cc_close(ctx, ncc); + krb5_cc_close(context, ncc); ncc = 0; } @@ -4073,19 +3418,19 @@ KFW_AFS_copy_file_cache_to_default_cache(char * filename) cleanup: if ( cc ) { - pkrb5_cc_close(ctx, cc); + krb5_cc_close(context, cc); cc = 0; } DeleteFile(filename); if ( princ ) { - pkrb5_free_principal(ctx, princ); + krb5_free_principal(context, princ); princ = 0; } - if (ctx) - pkrb5_free_context(ctx); + if (context) + krb5_free_context(context); return 0; } @@ -4240,3 +3585,55 @@ time_to_life(afs_uint32 start, afs_uint32 end) return best_i + TKTLIFEMINFIXED; } +DWORD KFW_get_default_mslsa_import(krb5_context context) +{ + static const char * lsh_settings_key = ""; + static const char * lsh_mslsa_value = ""; + DWORD import = 0; + HKEY hKey; + DWORD dwCount; + LONG rc; + + rc = RegOpenKeyEx(HKEY_CURRENT_USER, lsh_settings_key, 0, KEY_QUERY_VALUE, &hKey); + if (rc) + return import; + + dwCount = sizeof(DWORD); + rc = RegQueryValueEx(hKey, lsh_mslsa_value, 0, 0, (LPBYTE) &import, &dwCount); + RegCloseKey(hKey); + + if (rc == 0) + return import; + + rc = RegOpenKeyEx(HKEY_LOCAL_MACHINE, lsh_settings_key, 0, KEY_QUERY_VALUE, &hKey); + if (rc) + return import; + + dwCount = sizeof(DWORD); + rc = RegQueryValueEx(hKey, lsh_mslsa_value, 0, 0, (LPBYTE) &import, &dwCount); + RegCloseKey(hKey); + + return import; +} + +DWORD KFW_get_default_lifetime(krb5_context context, const char * realm) +{ + static const char * lifetime_val_name = "ticket_lifetime"; + time_t t = 0; + + krb5_appdefault_time(context, "aklog", realm, lifetime_val_name, 0, &t); + + if (t == 0) + t = krb5_config_get_time_default(context, NULL, 0, + "realms", realm, lifetime_val_name, NULL); + + if (t == 0) + t = krb5_config_get_time_default(context, NULL, 0, + "libdefaults", lifetime_val_name, NULL); + + if (t == 0) + t = 10 * 60 * 60; + + return (DWORD) t; +} + diff --git a/src/WINNT/afsd/afskfw.h b/src/WINNT/afsd/afskfw.h index 565f37a96..f9f5658d0 100644 --- a/src/WINNT/afsd/afskfw.h +++ b/src/WINNT/afsd/afskfw.h @@ -31,6 +31,7 @@ #ifndef AFSKFW_H #define AFSKFW_H + #ifdef __cplusplus extern "C" { #endif diff --git a/src/WINNT/afssvrmgr/NTMakefile b/src/WINNT/afssvrmgr/NTMakefile index 258732048..c279ae50d 100644 --- a/src/WINNT/afssvrmgr/NTMakefile +++ b/src/WINNT/afssvrmgr/NTMakefile @@ -7,7 +7,7 @@ # make compiler warnings fatal -AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES) -WX -I..\afsd -I..\client_config -I..\kfw\inc\krb5 +AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES) -WX -I..\afsd -I..\client_config # allow the resource compiler to search the dest\include tree @@ -107,8 +107,8 @@ EXELIBS = \ ############################################################################ -$(EXEFILE) : $(EXEOBJS) $(EXELIBS) - $(EXEGUILINK) $(VCLIBS) +$(EXEFILE) : $(EXEOBJS) $(EXELIBS) $(HEIMDEPS) + $(EXEGUILINK) $(VCLIBS) $(HEIMLINKOPTS) $(_VC_MANIFEST_EMBED_EXE) $(EXEPREP) $(CODESIGN_USERLAND) diff --git a/src/WINNT/aklog/NTMakefile b/src/WINNT/aklog/NTMakefile index 92a67586a..17d513f85 100644 --- a/src/WINNT/aklog/NTMakefile +++ b/src/WINNT/aklog/NTMakefile @@ -6,7 +6,7 @@ # directory or online at http://www.openafs.org/dl/license10.html # include the primary makefile -AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES) -DHAVE_KRB5_CREDS_KEYBLOCK=1 +AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES) -DHAVE_KRB5_CREDS_KEYBLOCK=1 -I$(HEIMINC) RELDIR=WINNT\aklog !INCLUDE ..\..\config\NTMakefile.$(SYS_NAME) !INCLUDE ..\..\config\NTMakefile.version @@ -41,21 +41,7 @@ EXELIBS = \ $(DESTDIR)\lib\opr.lib \ $(DESTDIR)\lib\afsroken.lib -!IF "$(CPU)" == "IA64" || "$(CPU)" == "AMD64" || "$(CPU)" == "ALPHA64" -OTHERLIBS = \ - ..\kfw\lib\$(CPU)\krb5_64.lib \ - ..\kfw\lib\$(CPU)\comerr64.lib \ - dnsapi.lib mpr.lib delayimp.lib -LINKOPTS = /DELAYLOAD:krb5_64.dll /DELAYLOAD:comerr64.dll -!else -OTHERLIBS = \ - ..\kfw\lib\$(CPU)\krbv4w32.lib \ - ..\kfw\lib\$(CPU)\krb5_32.lib \ - ..\kfw\lib\$(CPU)\comerr32.lib \ - dnsapi.lib mpr.lib delayimp.lib -LINKOPTS = /DELAYLOAD:krbv4w32.dll /DELAYLOAD:krb5_32.dll /DELAYLOAD:comerr32.dll -!endif -afscflags = -I..\kfw\inc\krb5 -I..\kfw\inc\krb4 $(afscflags) +OTHERLIBS = dnsapi.lib mpr.lib $(AKLOGOBJS): $$(@B).c $(C2OBJ) $** @@ -65,15 +51,15 @@ $(ASETKEYOBJS): $$(@B).c ############################################################################ -$(AKLOG) : $(AKLOGOBJS) $(PTERROBJS) $(EXELIBS) $(OUT)\aklog.res - $(EXECONLINK) $(EXELIBS) $(OTHERLIBS) $(LINKOPTS) +$(AKLOG) : $(AKLOGOBJS) $(PTERROBJS) $(EXELIBS) $(OUT)\aklog.res $(HEIMDEPS) + $(EXECONLINK) $(EXELIBS) $(OTHERLIBS) $(HEIMLINKOPTS) $(_VC_MANIFEST_EMBED_EXE) $(EXEPREP) $(CODESIGN_USERLAND) $(SYMSTORE_IMPORT) -$(ASETKEY) : $(ASETKEYOBJS) $(EXELIBS) $(OUT)\asetkey.res - $(EXECONLINK) $(EXELIBS) $(OTHERLIBS) $(LINKOPTS) +$(ASETKEY) : $(ASETKEYOBJS) $(EXELIBS) $(OUT)\asetkey.res $(HEIMDEPS) + $(EXECONLINK) $(EXELIBS) $(OTHERLIBS) $(HEIMLINKOPTS) $(_VC_MANIFEST_EMBED_EXE) $(EXEPREP) $(CODESIGN_USERLAND) diff --git a/src/WINNT/aklog/aklog.c b/src/WINNT/aklog/aklog.c index 3def0072e..ecfa5ddef 100644 --- a/src/WINNT/aklog/aklog.c +++ b/src/WINNT/aklog/aklog.c @@ -41,10 +41,6 @@ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#ifndef _WIN64 -#define HAVE_KRB4 1 -#endif - #include #include #include @@ -82,6 +78,7 @@ #include #include #include +#include #define DONT_HAVE_GET_AD_TKT #define MAXSYMLINKS 255 @@ -197,9 +194,6 @@ static int use524 = FALSE; /* use krb524? */ static krb5_context context = 0; static krb5_ccache _krb425_ccache = 0; -static char * (KRB5_CALLCONV *pkrb5_get_error_message)(krb5_context context, krb5_error_code code)=NULL; -static void (KRB5_CALLCONV *pkrb5_free_error_message)(krb5_context context, char *s) = NULL; - void akexit(int exit_code) { if (_krb425_ccache) @@ -225,16 +219,13 @@ redirect_errors(const char *who, afs_int32 code, const char *fmt, va_list ap) int freestr = 0; char *str = (char *)afs_error_message(code); if (strncmp(str, "unknown", strlen(str)) == 0) { - if (pkrb5_get_error_message) { - str = pkrb5_get_error_message(NULL, code); - freestr = 1; - } else - str = (char *)error_message(code); + str = krb5_get_error_message(NULL, code); + freestr = 1; } fputs(str, stderr); fputs(" ", stderr); if (freestr) - pkrb5_free_error_message(NULL, str); + krb5_free_error_message(NULL, str); } if (fmt) { vfprintf(stderr, fmt, ap); @@ -514,15 +505,17 @@ static int get_v5cred(krb5_context context, increds.client = client_principal; increds.times.endtime = 0; /* Ask for DES since that is what V4 understands */ - increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC; + increds.session.keytype = ENCTYPE_DES_CBC_CRC; r = krb5_get_credentials(context, 0, _krb425_ccache, &increds, creds); if (r) { return((int)r); } +#ifdef HAVE_KRB4 /* This requires krb524d to be running with the KDC */ if (c != NULL) r = krb5_524_convert_creds(context, *creds, c); +#endif return((int)r); } @@ -647,7 +640,6 @@ static int get_v5_user_realm(krb5_context context,char *realm) { static krb5_principal client_principal = 0; krb5_error_code code; - int i; if (!_krb425_ccache) { code = krb5_cc_default(context, &_krb425_ccache); @@ -659,29 +651,24 @@ static int get_v5_user_realm(krb5_context context,char *realm) if (code) return(code); } - i = krb5_princ_realm(context, client_principal)->length; - if (i < REALM_SZ-1) i = REALM_SZ-1; - strncpy(realm,krb5_princ_realm(context, client_principal)->data,i); - realm[i] = 0; + strncpy(realm, krb5_principal_get_realm(context, client_principal), REALM_SZ - 1); + realm[REALM_SZ - 1] = 0; return(KSUCCESS); } static void copy_realm_of_ticket(krb5_context context, char * dest, size_t destlen, krb5_creds *v5cred) { - krb5_error_code code; - krb5_ticket *ticket; + Ticket ticket; size_t len; + int ret; - code = krb5_decode_ticket(&v5cred->ticket, &ticket); - if (code == 0) { - len = krb5_princ_realm(context, ticket->server)->length; - if (len > destlen - 1) - len = destlen - 1; - - strncpy(dest, krb5_princ_realm(context, ticket->server)->data, len); - dest[len] = '\0'; + ret = decode_Ticket(v5cred->ticket.data, v5cred->ticket.length, + &ticket, &len); + if (ret == 0) { + strncpy(dest, ticket.realm, destlen - 1); + dest[destlen - 1] = '\0'; - krb5_free_ticket(context, ticket); + free_Ticket(&ticket); } } @@ -834,14 +821,10 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm) if ((status = get_v5_user_realm(context, realm_of_user)) != KSUCCESS) { char * msg; - if (pkrb5_get_error_message) - msg = pkrb5_get_error_message(context, status); - else - msg = (char *)error_message(status); + msg = krb5_get_error_message(context, status); fprintf(stderr, "%s: Couldn't determine realm of user: %s\n", - progname, msg); - if (pkrb5_free_error_message) - pkrb5_free_error_message(context, msg); + progname, msg); + krb5_free_error_message(context, msg); status = AKLOG_KERBEROS; goto done; } @@ -968,19 +951,16 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm) printf("Kerberos error code returned by get_cred: %d\n", status); if (usev5) { - if (pkrb5_get_error_message) - msg = pkrb5_get_error_message(context, status); - else - msg = (char *)error_message(status); + msg = krb5_get_error_message(context, status); } #ifdef HAVE_KRB4 else msg = krb_err_text(status); #endif fprintf(stderr, "%s: Couldn't get %s AFS tickets: %s\n", - progname, cell_to_use, msg?msg:"(unknown error)"); - if (usev5 && pkrb5_free_error_message) - pkrb5_free_error_message(context, msg); + progname, cell_to_use, msg?msg:"(unknown error)"); + if (usev5) + krb5_free_error_message(context, msg); status = AKLOG_KERBEROS; goto done; } @@ -996,16 +976,17 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm) */ char * p; int len; + const char *un; - len = min(v5cred->client->data[0].length,MAXKTCNAMELEN - 1); - strncpy(username, v5cred->client->data[0].data, len); - username[len] = '\0'; + un = krb5_principal_get_comp_string(context, v5cred->client, 0); + strncpy(username, un, MAXKTCNAMELEN - 1); + username[MAXKTCNAMELEN - 1] = '\0'; - if ( v5cred->client->length > 1 ) { + if ( krb5_principal_get_num_comp(context, v5cred->client) > 1 ) { strcat(username, "."); p = username + strlen(username); - len = min(v5cred->client->data[1].length, (unsigned int)(MAXKTCNAMELEN - strlen(username) - 1)); - strncpy(p, v5cred->client->data[1].data, len); + len = (unsigned int)(MAXKTCNAMELEN - strlen(username) - 1); + strncpy(p, krb5_principal_get_comp_string(context, v5cred->client, 1), len); p[len] = '\0'; } @@ -1013,7 +994,7 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm) atoken.kvno = RXKAD_TKT_TYPE_KERBEROS_V5; atoken.startTime = v5cred->times.starttime; atoken.endTime = v5cred->times.endtime; - memcpy(&atoken.sessionKey, v5cred->keyblock.contents, v5cred->keyblock.length); + memcpy(&atoken.sessionKey, v5cred->session.keyvalue.data, v5cred->session.keyvalue.length); atoken.ticketLen = v5cred->ticket.length; memcpy(atoken.ticket, v5cred->ticket.data, atoken.ticketLen); } else { @@ -1099,9 +1080,9 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm) strcpy(aclient.instance, ""); if (usev5 && !use524) { - int len = min(v5cred->client->realm.length,MAXKTCNAMELEN - 1); - strncpy(aclient.cell, v5cred->client->realm.data, len); - aclient.cell[len] = '\0'; + strncpy(aclient.cell, + krb5_principal_get_realm(context, v5cred->client), MAXKTCNAMELEN - 1); + aclient.cell[MAXKTCNAMELEN - 1] = '\0'; } #ifdef HAVE_KRB4 else @@ -1431,29 +1412,11 @@ static void usage(void) akexit(AKLOG_USAGE); } -#ifndef _WIN64 -#define KRB5LIB "krb5_32.dll" -#else -#define KRB5LIB "krb5_64.dll" -#endif -void -load_krb5_error_message_funcs(void) -{ - HINSTANCE h = LoadLibrary(KRB5LIB); - if (h) { - (FARPROC)pkrb5_get_error_message = GetProcAddress(h, "krb5_get_error_message"); - (FARPROC)pkrb5_free_error_message = GetProcAddress(h, "krb5_free_error_message"); - } -} - void validate_krb5_availability(void) { - HINSTANCE h = LoadLibrary(KRB5LIB); - if (h) - FreeLibrary(h); - else { - fprintf(stderr, "Kerberos for Windows library %s is not available.\n", KRB5LIB); + if (!DelayLoadHeimdal()) { + fprintf(stderr, "Kerberos for Windows or Heimdal is not available.\n"); akexit(AKLOG_KFW_NOT_INSTALLED); } } @@ -1642,7 +1605,6 @@ int main(int argc, char *argv[]) validate_krb5_availability(); if (krb5_init_context(&context)) return(AKLOG_KERBEROS); - load_krb5_error_message_funcs(); } else validate_krb4_availability(); afs_set_com_err_hook(redirect_errors); diff --git a/src/WINNT/aklog/asetkey.c b/src/WINNT/aklog/asetkey.c index b8ecb1378..51b8ecffb 100644 --- a/src/WINNT/aklog/asetkey.c +++ b/src/WINNT/aklog/asetkey.c @@ -33,7 +33,11 @@ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#include +#include +#include +#include + +#include #include #include @@ -46,6 +50,7 @@ #include #endif /* !PRE_AFS35 */ #include +#include void validate_krb5_availability(void) @@ -135,13 +140,13 @@ main(int argc, char **argv) exit(1); } - if (key->length != 8) { + if (key->keyvalue.length != 8) { printf("Key length should be 8, but is really %d!\n", - key->length); + key->keyvalue.length); exit(1); } - code = afsconf_AddKey(tdir, kvno, key->contents, 1); + code = afsconf_AddKey(tdir, kvno, key->keyvalue.data, 1); if (code) { printf("asetkey: failed to set key, code %d.\n", code); exit(1); diff --git a/src/WINNT/client_creds/NTMakefile b/src/WINNT/client_creds/NTMakefile index 2e3f6d0ad..030cb25c4 100644 --- a/src/WINNT/client_creds/NTMakefile +++ b/src/WINNT/client_creds/NTMakefile @@ -7,7 +7,7 @@ # include the AFSD source tree on our inclusion path -AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES) /D"_AFXDLL" -I..\afsd -I..\client_config -I..\kfw\inc\krb5 -DUAC_COMPATIBLE=1 +AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES) /D"_AFXDLL" -I..\afsd -I..\client_config -DUAC_COMPATIBLE=1 # include the primary makefile RELDIR=WINNT\client_creds @@ -49,7 +49,7 @@ CLIENTOBJS = \ $(OUT)\RegistrySupport.obj VCLIBS =\ - iphlpapi.lib \ + iphlpapi.lib \ comctl32.lib \ shell32.lib \ uuid.lib \ @@ -57,7 +57,8 @@ VCLIBS =\ mpr.lib \ userenv.lib \ netapi32.lib \ - secur32.lib + secur32.lib \ + delayimp.lib EXELIBS = \ $(DESTDIR)\lib\afs\afspioctl.lib \ @@ -74,7 +75,6 @@ EXELIBS = \ $(DESTDIR)\lib\opr.lib \ $(DESTDIR)\lib\afsroken.lib - ############################################################################ # # EXTERNAL SOURCE FILES @@ -109,8 +109,8 @@ $(EXECOBJS): $$(@B).c ############################################################################ -$(EXEFILE) : $(EXEOBJS) $(EXECOBJS) $(EXERES) $(AFSDOBJS) $(CLIENTOBJS) $(EXELIBS) - $(EXEGUILINK) $(VCLIBS) +$(EXEFILE) : $(EXEOBJS) $(EXECOBJS) $(EXERES) $(AFSDOBJS) $(CLIENTOBJS) $(EXELIBS) $(HEIMDEPS) + $(EXEGUILINK) $(VCLIBS) $(HEIMLINKOPTS) $(_VC_MANIFEST_EMBED_EXE) $(EXEPREP) $(CODESIGN_USERLAND) diff --git a/src/WINNT/install/wix/NTMakefile b/src/WINNT/install/wix/NTMakefile index 014cc8ac4..866719c2e 100644 --- a/src/WINNT/install/wix/NTMakefile +++ b/src/WINNT/install/wix/NTMakefile @@ -11,6 +11,7 @@ RELDIR=WINNT\install\wix MEDIADIR = $(DESTDIR)\WinInstall MEDIABINDIR = $(MEDIADIR)\Dll +HEIMREDISTDIR= $(HEIMDALSDKDIR)\redist\$(CPU) !IFDEF LITECLIENT LITE=-lite @@ -99,6 +100,7 @@ $(WIXOBJ): openafs.wxs $(WIXINCLUDES) "-dDestDir=$(DESTDIR)\\" \ -dCellDbFile=CellServDB \ "-dIDNMRedistDir=$(MSIDNNLS)\\REDIST" \ + "-dKrbCompatRedistDir=$(HEIMREDISTDIR)" \ !IFDEF LITECLIENT -dLiteClient=1 \ !ENDIF @@ -117,6 +119,7 @@ $(BINWIXOBJ): oafwbins.wxs $(WIXINCLUDES) -dVersionPatch=$(AFSPRODUCT_VER_PATCH) \ "-dDestDir=$(DESTDIR)\\" \ -dCellDbFile=CellServDB \ + "-dKrbCompatRedistDir=$(HEIMREDISTDIR)" \ !IFDEF LITECLIENT -dLiteClient=1 \ !ENDIF diff --git a/src/WINNT/install/wix/feature.wxi b/src/WINNT/install/wix/feature.wxi index 024934933..d30599807 100644 --- a/src/WINNT/install/wix/feature.wxi +++ b/src/WINNT/install/wix/feature.wxi @@ -155,6 +155,9 @@ + + + @@ -399,6 +402,8 @@ + + diff --git a/src/WINNT/install/wix/files.wxi b/src/WINNT/install/wix/files.wxi index 9c9b37ca1..e6913f39c 100644 --- a/src/WINNT/install/wix/files.wxi +++ b/src/WINNT/install/wix/files.wxi @@ -155,6 +155,9 @@ + + + diff --git a/src/WINNT/netidmgr_plugin/NTMakefile b/src/WINNT/netidmgr_plugin/NTMakefile index 8be7c4f42..698596442 100644 --- a/src/WINNT/netidmgr_plugin/NTMakefile +++ b/src/WINNT/netidmgr_plugin/NTMakefile @@ -47,13 +47,9 @@ INCFILEDIR = $(DESTDIR)\include\WINNT LIBFILEDIR = $(DESTDIR)\lib -KFWINCDIR = ..\kfw\inc - -KFWLIBDIR = ..\kfw\lib\$(CPU) - # Build environment -kfwincflags=-I$(KFWINCDIR)\krb5\KerberosIV -I$(KFWINCDIR)\loadfuncs -I$(KFWINCDIR)\krb5 -I$(KFWINCDIR)\netidmgr -I$(KFWINCDIR) +kfwincflags=-I$(HEIMDALSDKDIR)\inc -I$(HEIMDALSDKDIR)\inc\krb5 -I..\kfw\inc\netidmgr afsincflags=-I$(DESTDIR)\include -I$(DESTDIR)\include\afs -I$(DESTDIR)\include\rx incflags=$(kfwincflags) $(afsincflags) -I. @@ -98,17 +94,16 @@ OBJFILES= \ !if "$(CPU)" == "AMD64" LIBFILES= \ - $(KFWLIBDIR)\nidmgr64.lib + $(AFSROOT)\src\WINNT\kfw\lib\$(CPU)\nidmgr64.lib !else LIBFILES= \ - $(KFWLIBDIR)\nidmgr32.lib + $(AFSROOT)\src\WINNT\kfw\lib\$(CPU)\nidmgr32.lib !endif SDKLIBFILES= \ $(DESTDIR)\lib\afsauthent.lib \ $(DESTDIR)\lib\libafsconf.lib \ $(DESTDIR)\lib\afs\mtafsutil.lib\ - $(KFWLIBDIR)\loadfuncs.lib \ htmlhelp.lib \ shell32.lib \ comctl32.lib \ @@ -116,6 +111,8 @@ SDKLIBFILES= \ shlwapi.lib \ psapi.lib +DELAYOPT=/DELAYLOAD:advapi32.dll /DELAYLOAD:secur32.dll /DELAYLOAD:psapi.dll + VERRESFILE=$(OUT)\version.res $(OUT)\afsfuncs.obj: afsfuncs.c @@ -151,8 +148,8 @@ $(OUT)\dynimport.obj: dynimport.c $(OUT)\krb5common.obj: krb5common.c $(PC2OBJ) -$(DLLFILE): $(OBJFILES) $(VERRESFILE) - $(DLLGUILINK) $(LIBFILES) $(SDKLIBFILES) +$(DLLFILE): $(OBJFILES) $(VERRESFILE) $(HEIMDEPS) + $(DLLGUILINK) $(LIBFILES) $(SDKLIBFILES) $(DELAYOPT) $(HEIMLINKOPTS) $(_VC_MANIFEST_EMBED_DLL) $(_VC_MANIFEST_CLEAN) $(CODESIGN_USERLAND) diff --git a/src/WINNT/netidmgr_plugin/afsfuncs.c b/src/WINNT/netidmgr_plugin/afsfuncs.c index 6a779294a..93a83c431 100644 --- a/src/WINNT/netidmgr_plugin/afsfuncs.c +++ b/src/WINNT/netidmgr_plugin/afsfuncs.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005,2006,2007, 2008 Secure Endpoints Inc. + * Copyright (c) 2005-2011 Secure Endpoints Inc. * * Permission is hereby granted, free of charge, to any person * obtaining a copy of this software and associated documentation @@ -387,13 +387,13 @@ afs_list_tokens_internal(void) k5c = (krb5_creds *) atoken.ticket; - code = pkrb5_unparse_name(ctx, k5c->client, &princ); + code = krb5_unparse_name(ctx, k5c->client, &princ); if(code) goto _no_krb5; MultiByteToWideChar(CP_ACP, 0, princ, strlen(princ), idname, sizeof(idname)/sizeof(idname[0])); - pkrb5_free_unparsed_name(ctx, princ); + krb5_free_unparsed_name(ctx, princ); _no_krb5: ; } @@ -719,19 +719,16 @@ ViceIDToUsername(char *username, static void copy_realm_of_ticket(krb5_context context, char * dest, size_t destlen, krb5_creds *v5cred) { - krb5_error_code code; - krb5_ticket *ticket; + Ticket ticket; size_t len; + int ret; - code = pkrb5_decode_ticket(&v5cred->ticket, &ticket); - if (code == 0) { - len = krb5_princ_realm(context, ticket->server)->length; - if (len > destlen - 1) - len = destlen - 1; + ret = decode_Ticket(v5cred->ticket.data, v5cred->ticket.length, + &ticket, &len); + if (ret == 0) { + StringCbCopyA(dest, destlen, ticket.realm); - StringCbCopyA(dest, len, krb5_princ_realm(context, ticket->server)->data); - - pkrb5_free_ticket(context, ticket); + free_Ticket(&ticket); } } @@ -746,7 +743,9 @@ afs_klog(khm_handle identity, char *linkedCell) { long rc; +#ifdef USE_KRB4 CREDENTIALS creds; +#endif struct ktc_principal aserver; struct ktc_principal aclient; char realm_of_user[MAXKTCREALMLEN]; /* Kerberos realm of user */ @@ -760,8 +759,10 @@ afs_klog(khm_handle identity, char CellName[128]; char ServiceName[128]; khm_handle confighandle = NULL; +#ifdef USE_KRB4 khm_int32 supports_krb4 = (pkrb_get_tf_realm == NULL ? 0 : 1); khm_int32 got524cred = 0; +#endif /* signalling */ BOOL bGotCreds = FALSE; /* got creds? */ @@ -822,7 +823,9 @@ afs_klog(khm_handle identity, else StringCbCopyA(RealmName, sizeof(RealmName), realm); +#ifdef USE_KRB4 memset(&creds, '\0', sizeof(creds)); +#endif /*** Kerberos 5 and 524 ***/ @@ -849,54 +852,54 @@ afs_klog(khm_handle identity, memset(&increds, 0, sizeof(increds)); - pkrb5_cc_get_principal(context, k5cc, &client_principal); - i = krb5_princ_realm(context, client_principal)->length; - if (i > MAXKTCREALMLEN-1) - i = MAXKTCREALMLEN-1; - StringCchCopyNA(realm_of_user, ARRAYLENGTH(realm_of_user), - krb5_princ_realm(context, client_principal)->data, - i); + krb5_cc_get_principal(context, k5cc, &client_principal); + StringCchCopyA(realm_of_user, ARRAYLENGTH(realm_of_user), + krb5_principal_get_realm(context, client_principal)); } else { _reportf(L"khm_krb5_initialize returns code %d", r); +#ifdef USE_KRB4 goto try_krb4; +#else + goto end_krb5; +#endif } increds.client = client_principal; increds.times.endtime = 0; /* Ask for DES since that is what V4 understands */ - increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC; + increds.session.keytype = ENCTYPE_DES_CBC_CRC; #ifdef KRB5_TC_NOTICKET flags = KRB5_TC_OPENCLOSE; - r = pkrb5_cc_set_flags(context, k5cc, flags); + r = krb5_cc_set_flags(context, k5cc, flags); #endif if (strlen(realm) != 0) { - retry_retcred_1: + retry_retcred_1: /* First try Service/Cell@REALM */ - if (r = pkrb5_build_principal(context, &increds.server, - (int) strlen(realm), - realm, - ServiceName, - CellName, - 0)) { + if (r = krb5_build_principal(context, &increds.server, + (int) strlen(realm), + realm, + ServiceName, + CellName, + 0)) { _reportf(L"krb5_build_principal returns %d", r); goto end_krb5; } - r = pkrb5_get_credentials(context, 0, k5cc, &increds, &k5creds); + r = krb5_get_credentials(context, 0, k5cc, &increds, &k5creds); if (r == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN || r == KRB5_ERR_HOST_REALM_UNKNOWN || r == KRB5KRB_ERR_GENERIC /* Heimdal */) { /* Next try Service@REALM */ - pkrb5_free_principal(context, increds.server); - r = pkrb5_build_principal(context, &increds.server, - (int) strlen(realm), - realm, - ServiceName, - 0); + krb5_free_principal(context, increds.server); + r = krb5_build_principal(context, &increds.server, + (int) strlen(realm), + realm, + ServiceName, + 0); if (r == 0) - r = pkrb5_get_credentials(context, 0, k5cc, - &increds, &k5creds); + r = krb5_get_credentials(context, 0, k5cc, + &increds, &k5creds); } /* Check to make sure we received a valid ticket; if not remove it @@ -904,26 +907,26 @@ afs_klog(khm_handle identity, * same service in the ccache. */ if (r == 0 && k5creds && k5creds->times.endtime < time(NULL)) { - pkrb5_free_principal(context, increds.server); - pkrb5_cc_remove_cred(context, k5cc, 0, k5creds); - pkrb5_free_creds(context, k5creds); + krb5_free_principal(context, increds.server); + krb5_cc_remove_cred(context, k5cc, 0, k5creds); + krb5_free_creds(context, k5creds); k5creds = NULL; goto retry_retcred_1; } } else { retry_retcred_2: /* First try Service/Cell@_CLIENT_REALM */ - if (r = pkrb5_build_principal(context, &increds.server, - (int) strlen(realm_of_user), - realm_of_user, - ServiceName, - CellName, - 0)) { + if (r = krb5_build_principal(context, &increds.server, + (int) strlen(realm_of_user), + realm_of_user, + ServiceName, + CellName, + 0)) { _reportf(L"krb5_build_principal returns %d", r); goto end_krb5; } - r = pkrb5_get_credentials(context, 0, k5cc, &increds, &k5creds); + r = krb5_get_credentials(context, 0, k5cc, &increds, &k5creds); if (r == 0) { /* the user realm is a valid cell realm */ StringCbCopyA(realm_of_cell, sizeof(realm_of_cell), realm_of_user); @@ -931,96 +934,96 @@ afs_klog(khm_handle identity, if (r == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN || r == KRB5_ERR_HOST_REALM_UNKNOWN || r == KRB5KRB_ERR_GENERIC /* Heimdal */) { - pkrb5_free_principal(context, increds.server); - r = pkrb5_build_principal(context, &increds.server, - (int) strlen(realm_of_cell), - realm_of_cell, - ServiceName, - CellName, - 0); + krb5_free_principal(context, increds.server); + r = krb5_build_principal(context, &increds.server, + (int) strlen(realm_of_cell), + realm_of_cell, + ServiceName, + CellName, + 0); if (r == 0) - r = pkrb5_get_credentials(context, 0, k5cc, - &increds, &k5creds); + r = krb5_get_credentials(context, 0, k5cc, + &increds, &k5creds); } if ((r == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN || r == KRB5_ERR_HOST_REALM_UNKNOWN || r == KRB5KRB_ERR_GENERIC /* Heimdal */) && strlen(realm_of_cell) == 0) { StringCbCopyA(realm_of_cell, sizeof(realm_of_cell), - afs_realm_of_cell(&ak_cellconfig, TRUE)); - - pkrb5_free_principal(context, increds.server); - r = pkrb5_build_principal(context, &increds.server, - (int) strlen(realm_of_cell), - realm_of_cell, - ServiceName, - CellName, - 0); + afs_realm_of_cell(&ak_cellconfig, TRUE)); + + krb5_free_principal(context, increds.server); + r = krb5_build_principal(context, &increds.server, + (int) strlen(realm_of_cell), + realm_of_cell, + ServiceName, + CellName, + 0); if (r == 0) - r = pkrb5_get_credentials(context, 0, k5cc, - &increds, &k5creds); + r = krb5_get_credentials(context, 0, k5cc, + &increds, &k5creds); } if (r == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN || r == KRB5_ERR_HOST_REALM_UNKNOWN || r == KRB5KRB_ERR_GENERIC /* Heimdal */) { /* Next try Service@REALM */ StringCbCopyA(realm_of_cell, sizeof(realm_of_cell), - afs_realm_of_cell(&ak_cellconfig, FALSE)); - - pkrb5_free_principal(context, increds.server); - r = pkrb5_build_principal(context, &increds.server, - (int) strlen(realm_of_cell), - realm_of_cell, - ServiceName, - 0); + afs_realm_of_cell(&ak_cellconfig, FALSE)); + + krb5_free_principal(context, increds.server); + r = krb5_build_principal(context, &increds.server, + (int) strlen(realm_of_cell), + realm_of_cell, + ServiceName, + 0); if (r == 0) - r = pkrb5_get_credentials(context, 0, k5cc, - &increds, &k5creds); + r = krb5_get_credentials(context, 0, k5cc, + &increds, &k5creds); } if ((r == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN || r == KRB5_ERR_HOST_REALM_UNKNOWN || r == KRB5KRB_ERR_GENERIC /* Heimdal */) && - strlen(realm_of_cell) == 0) { + strlen(realm_of_cell) == 0) { /* Next try Service@REALM */ StringCbCopyA(realm_of_cell, sizeof(realm_of_cell), - afs_realm_of_cell(&ak_cellconfig, TRUE)); - - pkrb5_free_principal(context, increds.server); - r = pkrb5_build_principal(context, &increds.server, - (int) strlen(realm_of_cell), - realm_of_cell, - ServiceName, - 0); + afs_realm_of_cell(&ak_cellconfig, TRUE)); + + krb5_free_principal(context, increds.server); + r = krb5_build_principal(context, &increds.server, + (int) strlen(realm_of_cell), + realm_of_cell, + ServiceName, + 0); if (r == 0) - r = pkrb5_get_credentials(context, 0, k5cc, - &increds, &k5creds); + r = krb5_get_credentials(context, 0, k5cc, + &increds, &k5creds); } if (r == 0 && strlen(realm_of_cell) == 0) copy_realm_of_ticket(context, realm_of_cell, sizeof(realm_of_cell), k5creds); - /* Check to make sure we received a valid ticket; if not remove it - * and try again. Perhaps there are two service tickets for the - * same service in the ccache. + /* Check to make sure we received a valid ticket; if not + * remove it and try again. Perhaps there are two service + * tickets for the same service in the ccache. */ if (r == 0 && k5creds && k5creds->times.endtime < time(NULL)) { - pkrb5_free_principal(context, increds.server); - pkrb5_cc_remove_cred(context, k5cc, 0, k5creds); - pkrb5_free_creds(context, k5creds); + krb5_free_principal(context, increds.server); + krb5_cc_remove_cred(context, k5cc, 0, k5creds); + krb5_free_creds(context, k5creds); k5creds = NULL; goto retry_retcred_2; } } - pkrb5_free_principal(context, increds.server); - pkrb5_free_principal(context, client_principal); + krb5_free_principal(context, increds.server); + krb5_free_principal(context, client_principal); client_principal = 0; #ifdef KRB5_TC_NOTICKET flags = KRB5_TC_OPENCLOSE | KRB5_TC_NOTICKET; - pkrb5_cc_set_flags(context, k5cc, flags); + krb5_cc_set_flags(context, k5cc, flags); #endif - (void) pkrb5_cc_close(context, k5cc); + (void) krb5_cc_close(context, k5cc); k5cc = 0; if (r) { @@ -1029,10 +1032,12 @@ afs_klog(khm_handle identity, goto end_krb5; } +#ifdef USE_KRB4 if ( k5creds->ticket.length > MAXKTCTICKETLEN || method == AFS_TOKEN_KRB524) { goto try_krb524d; } +#endif /* This code inserts the entire K5 ticket into the token */ @@ -1047,8 +1052,8 @@ afs_klog(khm_handle identity, atoken.startTime = k5creds->times.starttime; atoken.endTime = k5creds->times.endtime; memcpy(&atoken.sessionKey, - k5creds->keyblock.contents, - k5creds->keyblock.length); + k5creds->session.keyvalue.data, + k5creds->session.keyvalue.length); atoken.ticketLen = k5creds->ticket.length; memcpy(atoken.ticket, k5creds->ticket.data, atoken.ticketLen); @@ -1063,7 +1068,11 @@ afs_klog(khm_handle identity, retry++; goto retry_gettoken5; } +#ifdef USE_KRB4 goto try_krb524d; +#else + goto end_krb5; +#endif } if (atoken.kvno == btoken.kvno && @@ -1074,10 +1083,10 @@ afs_klog(khm_handle identity, /* success */ if (k5creds && context) - pkrb5_free_creds(context, k5creds); + krb5_free_creds(context, k5creds); if (context) - pkrb5_free_context(context); + krb5_free_context(context); _reportf(L"Same token already exists"); @@ -1089,17 +1098,13 @@ afs_klog(khm_handle identity, // * This structure was first set by the ktc_GetToken call when // * we were comparing whether identical tokens already existed. - len = min(k5creds->client->data[0].length,MAXKTCNAMELEN - 1); - StringCchCopyNA(aclient.name, MAXKTCNAMELEN, - k5creds->client->data[0].data, len); + StringCchCopyA(aclient.name, MAXKTCNAMELEN, + krb5_principal_get_comp_string(context, k5creds->client, 0)); - if ( k5creds->client->length > 1 ) { + if ( krb5_principal_get_num_comp(context, k5creds->client) > 1 ) { StringCbCatA(aclient.name, sizeof(aclient.name), "."); - p = aclient.name + strlen(aclient.name); - len = (int) min(k5creds->client->data[1].length, - MAXKTCNAMELEN - strlen(aclient.name) - 1); - StringCchCopyNA(p, MAXKTCNAMELEN - strlen(aclient.name), - k5creds->client->data[1].data, len); + StringCbCatA(aclient.name, sizeof(aclient.name), + krb5_principal_get_comp_string(context, k5creds->client, 1)); } aclient.instance[0] = '\0'; @@ -1107,11 +1112,8 @@ afs_klog(khm_handle identity, StringCbCopyA(aclient.cell, sizeof(aclient.cell), realm_of_cell); StringCbCatA(aclient.name, sizeof(aclient.name), "@"); - p = aclient.name + strlen(aclient.name); - len = (int) min(k5creds->client->realm.length, - MAXKTCNAMELEN - strlen(aclient.name) - 1); - StringCchCopyNA(p, MAXKTCNAMELEN - strlen(aclient.name), - k5creds->client->realm.data, len); + StringCbCatA(aclient.name, sizeof(aclient.name), + krb5_principal_get_realm(context, k5creds->client)); ViceIDToUsername(aclient.name, realm_of_user, realm_of_cell, CellName, &aclient, &aserver, &atoken); @@ -1121,24 +1123,25 @@ afs_klog(khm_handle identity, /* success */ if (k5creds && context) - pkrb5_free_creds(context, k5creds); + krb5_free_creds(context, k5creds); if (context) - pkrb5_free_context(context); + krb5_free_context(context); goto cleanup; } _reportf(L"SetToken returns code %d", rc); +#ifdef USE_KRB4 try_krb524d: _reportf(L"Trying Krb524"); - if (pkrb524_convert_creds_kdc && + if (krb524_convert_creds_kdc && (method == AFS_TOKEN_AUTO || method == AFS_TOKEN_KRB524)) { /* This requires krb524d to be running with the KDC */ - r = pkrb524_convert_creds_kdc(context, k5creds, &creds); + r = krb524_convert_creds_kdc(context, k5creds, &creds); if (r) { _reportf(L"Code %d while converting credentials", r); goto end_krb5; @@ -1147,18 +1150,20 @@ afs_klog(khm_handle identity, got524cred = 1; bGotCreds = TRUE; } +#endif end_krb5: if (client_principal) - pkrb5_free_principal(context, client_principal); + krb5_free_principal(context, client_principal); if (k5creds && context) - pkrb5_free_creds(context, k5creds); + krb5_free_creds(context, k5creds); if (context) - pkrb5_free_context(context); + krb5_free_context(context); } +#ifdef USE_KRB4 /* Kerberos 4 */ try_krb4: @@ -1277,7 +1282,7 @@ afs_klog(khm_handle identity, StringCbCopyA(aclient.instance, sizeof(aclient.instance), ""); StringCchCatA(aclient.name, MAXKTCNAMELEN, "@"); - StringCchCatA(aclient.name, MAXKTCNAMELEN, got524cred ? realm_of_user : creds.realm); + StringCchCatA(aclient.name, MAXKTCNAMELEN, got524cred ? realm_of_user : creds.realm); StringCbCopyA(aclient.cell, sizeof(aclient.cell), CellName); @@ -1288,13 +1293,17 @@ afs_klog(khm_handle identity, afs_report_error(rc, "ktc_SetToken()"); goto cleanup; } - } else if (method == AFS_TOKEN_AUTO || - method >= AFS_TOKEN_USER) { - /* we couldn't get a token using Krb5, Krb524 or Krb4, either - because we couldn't get the necessary credentials or - because the method was set to not use those. Now we - dispatch to any extensions to see if they have better - luck. */ + } +#endif + + if (!bGotCreds && + (method == AFS_TOKEN_AUTO || + method >= AFS_TOKEN_USER)) { + /* we couldn't get a token using Krb5, Krb524 or Krb4, + either because we couldn't get the necessary + credentials or because the method was set to not use + those. Now we dispatch to any extensions to see if + they have better luck. */ rc = !afs_ext_klog(method, identity, @@ -1303,7 +1312,7 @@ afs_klog(khm_handle identity, RealmName, &ak_cellconfig, LifeTime); - } else { + } else if (!bGotCreds) { /* if the return code was not set, we should set it now. Otherwise we let the code go through. */ if (!rc) { @@ -1351,18 +1360,17 @@ afs_realm_of_cell(afs_conf_cell *cellconfig, BOOL referral_fallback) _strupr(krbrlm); #endif } else { - if ( pkrb5_init_context ) { - r = pkrb5_init_context(&ctx); - if ( !r ) - r = pkrb5_get_host_realm(ctx, cellconfig->hostName[0], &realmlist); - if ( !r && realmlist && realmlist[0] ) { - StringCbCopyA(krbrlm, sizeof(krbrlm), realmlist[0]); - pkrb5_free_host_realm(ctx, realmlist); - } - if (ctx) - pkrb5_free_context(ctx); - } + r = krb5_init_context(&ctx); + if ( !r ) + r = krb5_get_host_realm(ctx, cellconfig->hostName[0], &realmlist); + if ( !r && realmlist && realmlist[0] ) { + StringCbCopyA(krbrlm, sizeof(krbrlm), realmlist[0]); + krb5_free_host_realm(ctx, realmlist); + } + if (ctx) + krb5_free_context(ctx); +#ifdef USE_KRB4 if (r) { if (pkrb_get_krbhst && pkrb_realmofhost) { StringCbCopyA(krbrlm, sizeof(krbrlm), @@ -1385,6 +1393,7 @@ afs_realm_of_cell(afs_conf_cell *cellconfig, BOOL referral_fallback) #endif } } +#endif } return(krbrlm); } diff --git a/src/WINNT/netidmgr_plugin/dynimport.c b/src/WINNT/netidmgr_plugin/dynimport.c index b1ccee6bf..6ab10e2f7 100644 --- a/src/WINNT/netidmgr_plugin/dynimport.c +++ b/src/WINNT/netidmgr_plugin/dynimport.c @@ -29,405 +29,29 @@ #include #include -HINSTANCE hKrb4 = 0; -HINSTANCE hKrb5 = 0; -HINSTANCE hKrb5_KFW_32 = 0; -HINSTANCE hKrb524 = 0; -HINSTANCE hSecur32 = 0; -HINSTANCE hComErr = 0; -HINSTANCE hService = 0; -HINSTANCE hProfile = 0; -HINSTANCE hPsapi = 0; -HINSTANCE hToolHelp32 = 0; -HINSTANCE hCCAPI = 0; - DWORD AfsAvailable = 0; -// CCAPI -DECL_FUNC_PTR(cc_initialize); -DECL_FUNC_PTR(cc_shutdown); -DECL_FUNC_PTR(cc_get_NC_info); -DECL_FUNC_PTR(cc_free_NC_info); - -// krb4 functions -DECL_FUNC_PTR(get_krb_err_txt_entry); -DECL_FUNC_PTR(k_isinst); -DECL_FUNC_PTR(k_isname); -DECL_FUNC_PTR(k_isrealm); -DECL_FUNC_PTR(kadm_change_your_password); -DECL_FUNC_PTR(kname_parse); -DECL_FUNC_PTR(krb_get_cred); -DECL_FUNC_PTR(krb_get_krbhst); -DECL_FUNC_PTR(krb_get_lrealm); -DECL_FUNC_PTR(krb_get_pw_in_tkt); -DECL_FUNC_PTR(krb_get_tf_realm); -DECL_FUNC_PTR(krb_mk_req); -DECL_FUNC_PTR(krb_realmofhost); -DECL_FUNC_PTR(tf_init); -DECL_FUNC_PTR(tf_close); -DECL_FUNC_PTR(tf_get_cred); -DECL_FUNC_PTR(tf_get_pname); -DECL_FUNC_PTR(tf_get_pinst); -DECL_FUNC_PTR(LocalHostAddr); -DECL_FUNC_PTR(tkt_string); -DECL_FUNC_PTR(krb_set_tkt_string); -DECL_FUNC_PTR(initialize_krb_error_func); -DECL_FUNC_PTR(initialize_kadm_error_table); -DECL_FUNC_PTR(dest_tkt); -DECL_FUNC_PTR(krb_in_tkt); -DECL_FUNC_PTR(krb_save_credentials); -DECL_FUNC_PTR(krb_get_krbconf2); -DECL_FUNC_PTR(krb_get_krbrealm2); -DECL_FUNC_PTR(krb_life_to_time); - -// krb5 functions -DECL_FUNC_PTR(krb5_change_password); -DECL_FUNC_PTR(krb5_get_init_creds_opt_init); -DECL_FUNC_PTR(krb5_get_init_creds_opt_set_tkt_life); -DECL_FUNC_PTR(krb5_get_init_creds_opt_set_renew_life); -DECL_FUNC_PTR(krb5_get_init_creds_opt_set_forwardable); -DECL_FUNC_PTR(krb5_get_init_creds_opt_set_proxiable); -DECL_FUNC_PTR(krb5_get_init_creds_opt_set_address_list); -DECL_FUNC_PTR(krb5_get_init_creds_password); -DECL_FUNC_PTR(krb5_get_prompt_types); -DECL_FUNC_PTR(krb5_build_principal_ext); -DECL_FUNC_PTR(krb5_cc_get_name); -DECL_FUNC_PTR(krb5_cc_get_type); -DECL_FUNC_PTR(krb5_cc_resolve); -DECL_FUNC_PTR(krb5_cc_default); -DECL_FUNC_PTR(krb5_cc_default_name); -DECL_FUNC_PTR(krb5_cc_set_default_name); -DECL_FUNC_PTR(krb5_cc_initialize); -DECL_FUNC_PTR(krb5_cc_destroy); -DECL_FUNC_PTR(krb5_cc_close); -DECL_FUNC_PTR(krb5_cc_store_cred); -DECL_FUNC_PTR(krb5_cc_copy_creds); -DECL_FUNC_PTR(krb5_cc_retrieve_cred); -DECL_FUNC_PTR(krb5_cc_get_principal); -DECL_FUNC_PTR(krb5_cc_start_seq_get); -DECL_FUNC_PTR(krb5_cc_next_cred); -DECL_FUNC_PTR(krb5_cc_end_seq_get); -DECL_FUNC_PTR(krb5_cc_remove_cred); -DECL_FUNC_PTR(krb5_cc_set_flags); -// DECL_FUNC_PTR(krb5_cc_get_type); -DECL_FUNC_PTR(krb5_free_context); -DECL_FUNC_PTR(krb5_free_cred_contents); -DECL_FUNC_PTR(krb5_free_principal); -DECL_FUNC_PTR(krb5_get_in_tkt_with_password); -DECL_FUNC_PTR(krb5_init_context); -DECL_FUNC_PTR(krb5_parse_name); -DECL_FUNC_PTR(krb5_timeofday); -DECL_FUNC_PTR(krb5_timestamp_to_sfstring); -DECL_FUNC_PTR(krb5_unparse_name); -DECL_FUNC_PTR(krb5_get_credentials); -DECL_FUNC_PTR(krb5_mk_req); -DECL_FUNC_PTR(krb5_sname_to_principal); -DECL_FUNC_PTR(krb5_get_credentials_renew); -DECL_FUNC_PTR(krb5_free_data); -DECL_FUNC_PTR(krb5_free_data_contents); -// DECL_FUNC_PTR(krb5_get_realm_domain); -DECL_FUNC_PTR(krb5_free_unparsed_name); -DECL_FUNC_PTR(krb5_os_localaddr); -DECL_FUNC_PTR(krb5_copy_keyblock_contents); -DECL_FUNC_PTR(krb5_copy_data); -DECL_FUNC_PTR(krb5_free_creds); -DECL_FUNC_PTR(krb5_build_principal); -DECL_FUNC_PTR(krb5_get_renewed_creds); -DECL_FUNC_PTR(krb5_get_default_config_files); -DECL_FUNC_PTR(krb5_free_config_files); -DECL_FUNC_PTR(krb5_get_default_realm); -DECL_FUNC_PTR(krb5_set_default_realm); -DECL_FUNC_PTR(krb5_free_ticket); -DECL_FUNC_PTR(krb5_decode_ticket); -DECL_FUNC_PTR(krb5_get_host_realm); -DECL_FUNC_PTR(krb5_free_host_realm); -DECL_FUNC_PTR(krb5_c_random_make_octets); -DECL_FUNC_PTR(krb5_free_addresses); -DECL_FUNC_PTR(krb5_free_default_realm); - -// Krb5 (3.2) functions -DECL_FUNC_PTR(krb5_get_error_message); -DECL_FUNC_PTR(krb5_free_error_message); - -// Krb524 functions -DECL_FUNC_PTR(krb524_init_ets); -DECL_FUNC_PTR(krb524_convert_creds_kdc); - -// ComErr functions -DECL_FUNC_PTR(com_err); -DECL_FUNC_PTR(error_message); - -// Profile functions -DECL_FUNC_PTR(profile_init); -DECL_FUNC_PTR(profile_flush); -DECL_FUNC_PTR(profile_release); -DECL_FUNC_PTR(profile_get_subsection_names); -DECL_FUNC_PTR(profile_free_list); -DECL_FUNC_PTR(profile_get_string); -DECL_FUNC_PTR(profile_get_values); -DECL_FUNC_PTR(profile_get_relation_names); -DECL_FUNC_PTR(profile_clear_relation); -DECL_FUNC_PTR(profile_add_relation); -DECL_FUNC_PTR(profile_update_relation); -DECL_FUNC_PTR(profile_release_string); - -// Service functions -DECL_FUNC_PTR(OpenSCManagerA); -DECL_FUNC_PTR(OpenServiceA); -DECL_FUNC_PTR(QueryServiceStatus); -DECL_FUNC_PTR(CloseServiceHandle); -DECL_FUNC_PTR(LsaNtStatusToWinError); - -// LSA Functions -DECL_FUNC_PTR(LsaConnectUntrusted); -DECL_FUNC_PTR(LsaLookupAuthenticationPackage); -DECL_FUNC_PTR(LsaCallAuthenticationPackage); -DECL_FUNC_PTR(LsaFreeReturnBuffer); -DECL_FUNC_PTR(LsaGetLogonSessionData); - -// CCAPI -FUNC_INFO ccapi_fi[] = { - MAKE_FUNC_INFO(cc_initialize), - MAKE_FUNC_INFO(cc_shutdown), - MAKE_FUNC_INFO(cc_get_NC_info), - MAKE_FUNC_INFO(cc_free_NC_info), - END_FUNC_INFO -}; - -FUNC_INFO k4_fi[] = { - MAKE_FUNC_INFO(get_krb_err_txt_entry), - MAKE_FUNC_INFO(k_isinst), - MAKE_FUNC_INFO(k_isname), - MAKE_FUNC_INFO(k_isrealm), - MAKE_FUNC_INFO(kadm_change_your_password), - MAKE_FUNC_INFO(kname_parse), - MAKE_FUNC_INFO(krb_get_cred), - MAKE_FUNC_INFO(krb_get_krbhst), - MAKE_FUNC_INFO(krb_get_lrealm), - MAKE_FUNC_INFO(krb_get_pw_in_tkt), - MAKE_FUNC_INFO(krb_get_tf_realm), - MAKE_FUNC_INFO(krb_mk_req), - MAKE_FUNC_INFO(krb_realmofhost), - MAKE_FUNC_INFO(tf_init), - MAKE_FUNC_INFO(tf_close), - MAKE_FUNC_INFO(tf_get_cred), - MAKE_FUNC_INFO(tf_get_pname), - MAKE_FUNC_INFO(tf_get_pinst), - MAKE_FUNC_INFO(LocalHostAddr), - MAKE_FUNC_INFO(tkt_string), - MAKE_FUNC_INFO(krb_set_tkt_string), - MAKE_FUNC_INFO(initialize_krb_error_func), - MAKE_FUNC_INFO(initialize_kadm_error_table), - MAKE_FUNC_INFO(dest_tkt), - /* MAKE_FUNC_INFO(lsh_LoadKrb4LeashErrorTables), */// XXX - MAKE_FUNC_INFO(krb_in_tkt), - MAKE_FUNC_INFO(krb_save_credentials), - MAKE_FUNC_INFO(krb_get_krbconf2), - MAKE_FUNC_INFO(krb_get_krbrealm2), - MAKE_FUNC_INFO(krb_life_to_time), - END_FUNC_INFO -}; - -FUNC_INFO k5_fi[] = { - MAKE_FUNC_INFO(krb5_change_password), - MAKE_FUNC_INFO(krb5_get_init_creds_opt_init), - MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_tkt_life), - MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_renew_life), - MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_forwardable), - MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_proxiable), - MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_address_list), - MAKE_FUNC_INFO(krb5_get_init_creds_password), - MAKE_FUNC_INFO(krb5_get_prompt_types), - MAKE_FUNC_INFO(krb5_build_principal_ext), - MAKE_FUNC_INFO(krb5_cc_get_name), - MAKE_FUNC_INFO(krb5_cc_get_type), - MAKE_FUNC_INFO(krb5_cc_resolve), - MAKE_FUNC_INFO(krb5_cc_default), - MAKE_FUNC_INFO(krb5_cc_default_name), - MAKE_FUNC_INFO(krb5_cc_set_default_name), - MAKE_FUNC_INFO(krb5_cc_initialize), - MAKE_FUNC_INFO(krb5_cc_destroy), - MAKE_FUNC_INFO(krb5_cc_close), - MAKE_FUNC_INFO(krb5_cc_copy_creds), - MAKE_FUNC_INFO(krb5_cc_store_cred), - MAKE_FUNC_INFO(krb5_cc_retrieve_cred), - MAKE_FUNC_INFO(krb5_cc_get_principal), - MAKE_FUNC_INFO(krb5_cc_start_seq_get), - MAKE_FUNC_INFO(krb5_cc_next_cred), - MAKE_FUNC_INFO(krb5_cc_end_seq_get), - MAKE_FUNC_INFO(krb5_cc_remove_cred), - MAKE_FUNC_INFO(krb5_cc_set_flags), - // MAKE_FUNC_INFO(krb5_cc_get_type), - MAKE_FUNC_INFO(krb5_free_context), - MAKE_FUNC_INFO(krb5_free_cred_contents), - MAKE_FUNC_INFO(krb5_free_principal), - MAKE_FUNC_INFO(krb5_get_in_tkt_with_password), - MAKE_FUNC_INFO(krb5_init_context), - MAKE_FUNC_INFO(krb5_parse_name), - MAKE_FUNC_INFO(krb5_timeofday), - MAKE_FUNC_INFO(krb5_timestamp_to_sfstring), - MAKE_FUNC_INFO(krb5_unparse_name), - MAKE_FUNC_INFO(krb5_get_credentials), - MAKE_FUNC_INFO(krb5_mk_req), - MAKE_FUNC_INFO(krb5_sname_to_principal), - MAKE_FUNC_INFO(krb5_get_credentials_renew), - MAKE_FUNC_INFO(krb5_free_data), - MAKE_FUNC_INFO(krb5_free_data_contents), - // MAKE_FUNC_INFO(krb5_get_realm_domain), - MAKE_FUNC_INFO(krb5_free_unparsed_name), - MAKE_FUNC_INFO(krb5_os_localaddr), - MAKE_FUNC_INFO(krb5_copy_keyblock_contents), - MAKE_FUNC_INFO(krb5_copy_data), - MAKE_FUNC_INFO(krb5_free_creds), - MAKE_FUNC_INFO(krb5_build_principal), - MAKE_FUNC_INFO(krb5_get_renewed_creds), - MAKE_FUNC_INFO(krb5_free_addresses), - MAKE_FUNC_INFO(krb5_get_default_config_files), - MAKE_FUNC_INFO(krb5_free_config_files), - MAKE_FUNC_INFO(krb5_get_default_realm), - MAKE_FUNC_INFO(krb5_set_default_realm), - MAKE_FUNC_INFO(krb5_free_ticket), - MAKE_FUNC_INFO(krb5_decode_ticket), - MAKE_FUNC_INFO(krb5_get_host_realm), - MAKE_FUNC_INFO(krb5_free_host_realm), - MAKE_FUNC_INFO(krb5_c_random_make_octets), - MAKE_FUNC_INFO(krb5_free_default_realm), - END_FUNC_INFO -}; - -FUNC_INFO k5_kfw_32_fi[] = { - MAKE_FUNC_INFO(krb5_get_error_message), - MAKE_FUNC_INFO(krb5_free_error_message), - END_FUNC_INFO -}; - -FUNC_INFO k524_fi[] = { - MAKE_FUNC_INFO(krb524_init_ets), - MAKE_FUNC_INFO(krb524_convert_creds_kdc), - END_FUNC_INFO -}; - -FUNC_INFO profile_fi[] = { - MAKE_FUNC_INFO(profile_init), - MAKE_FUNC_INFO(profile_flush), - MAKE_FUNC_INFO(profile_release), - MAKE_FUNC_INFO(profile_get_subsection_names), - MAKE_FUNC_INFO(profile_free_list), - MAKE_FUNC_INFO(profile_get_string), - MAKE_FUNC_INFO(profile_get_values), - MAKE_FUNC_INFO(profile_get_relation_names), - MAKE_FUNC_INFO(profile_clear_relation), - MAKE_FUNC_INFO(profile_add_relation), - MAKE_FUNC_INFO(profile_update_relation), - MAKE_FUNC_INFO(profile_release_string), - END_FUNC_INFO -}; - -FUNC_INFO ce_fi[] = { - MAKE_FUNC_INFO(com_err), - MAKE_FUNC_INFO(error_message), - END_FUNC_INFO -}; - -FUNC_INFO service_fi[] = { - MAKE_FUNC_INFO(OpenSCManagerA), - MAKE_FUNC_INFO(OpenServiceA), - MAKE_FUNC_INFO(QueryServiceStatus), - MAKE_FUNC_INFO(CloseServiceHandle), - MAKE_FUNC_INFO(LsaNtStatusToWinError), - END_FUNC_INFO -}; - -FUNC_INFO lsa_fi[] = { - MAKE_FUNC_INFO(LsaConnectUntrusted), - MAKE_FUNC_INFO(LsaLookupAuthenticationPackage), - MAKE_FUNC_INFO(LsaCallAuthenticationPackage), - MAKE_FUNC_INFO(LsaFreeReturnBuffer), - MAKE_FUNC_INFO(LsaGetLogonSessionData), - END_FUNC_INFO -}; - -// psapi functions -DECL_FUNC_PTR(GetModuleFileNameExA); -DECL_FUNC_PTR(EnumProcessModules); - -FUNC_INFO psapi_fi[] = { - MAKE_FUNC_INFO(GetModuleFileNameExA), - MAKE_FUNC_INFO(EnumProcessModules), - END_FUNC_INFO -}; - -// toolhelp functions -DECL_FUNC_PTR(CreateToolhelp32Snapshot); -DECL_FUNC_PTR(Module32First); -DECL_FUNC_PTR(Module32Next); - -FUNC_INFO toolhelp_fi[] = { - MAKE_FUNC_INFO(CreateToolhelp32Snapshot), - MAKE_FUNC_INFO(Module32First), - MAKE_FUNC_INFO(Module32Next), - END_FUNC_INFO -}; - khm_int32 init_imports(void) { OSVERSIONINFO osvi; - int imp_rv = 1; + BOOL imp_rv = 1; #define CKRV if(!imp_rv) goto _err_ret -#ifndef _WIN64 - imp_rv = LoadFuncs(KRB4_DLL, k4_fi, &hKrb4, 0, 1, 0, 0); - CKRV; -#endif - - imp_rv = LoadFuncs(KRB5_DLL, k5_fi, &hKrb5, 0, 1, 0, 0); - CKRV; - - imp_rv = LoadFuncs(COMERR_DLL, ce_fi, &hComErr, 0, 0, 1, 0); + imp_rv = DelayLoadLibrary(SERVICE_DLL); CKRV; - imp_rv = LoadFuncs(SERVICE_DLL, service_fi, &hService, 0, 1, 0, 0); + imp_rv = DelayLoadLibrary(SECUR32_DLL); CKRV; - imp_rv = LoadFuncs(SECUR32_DLL, lsa_fi, &hSecur32, 0, 1, 1, 1); - CKRV; -#ifndef _WIN64 - imp_rv = LoadFuncs(KRB524_DLL, k524_fi, &hKrb524, 0, 1, 1, 1); - CKRV; -#endif - imp_rv = LoadFuncs(PROFILE_DLL, profile_fi, &hProfile, 0, 1, 0, 0); - CKRV; - - imp_rv = LoadFuncs(CCAPI_DLL, ccapi_fi, &hCCAPI, 0, 1, 0, 0); - /* CCAPI_DLL is optional. No error check. */ - - imp_rv = LoadFuncs(KRB5_DLL, k5_kfw_32_fi, &hKrb5_KFW_32, 0, 1, 0, 0); - /* KFW 3.2 krb5 functions are optional. No error check. */ - memset(&osvi, 0, sizeof(OSVERSIONINFO)); osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); GetVersionEx(&osvi); - // XXX: We should really use feature testing, first - // checking for CreateToolhelp32Snapshot. If that's - // not around, we try the psapi stuff. - // - // Only load LSA functions if on NT/2000/XP - if(osvi.dwPlatformId == VER_PLATFORM_WIN32_WINDOWS) - { - // Windows 9x - imp_rv = LoadFuncs(TOOLHELPDLL, toolhelp_fi, &hToolHelp32, 0, 1, 0, 0); - CKRV; - - hPsapi = 0; - } - else if(osvi.dwPlatformId == VER_PLATFORM_WIN32_NT) + if(osvi.dwPlatformId == VER_PLATFORM_WIN32_NT) { // Windows NT - imp_rv = LoadFuncs(PSAPIDLL, psapi_fi, &hPsapi, 0, 1, 0, 0); + imp_rv = DelayLoadLibrary(PSAPIDLL); CKRV; - - hToolHelp32 = 0; } AfsAvailable = TRUE; //afscompat_init(); @@ -441,40 +65,5 @@ khm_int32 init_imports(void) { khm_int32 exit_imports(void) { //afscompat_close(); - if (hKrb4) - FreeLibrary(hKrb4); - if (hKrb5) - FreeLibrary(hKrb5); - if (hKrb5_KFW_32) - FreeLibrary(hKrb5_KFW_32); - if (hProfile) - FreeLibrary(hProfile); - if (hComErr) - FreeLibrary(hComErr); - if (hService) - FreeLibrary(hService); - if (hSecur32) - FreeLibrary(hSecur32); - if (hKrb524) - FreeLibrary(hKrb524); - if (hPsapi) - FreeLibrary(hPsapi); - if (hToolHelp32) - FreeLibrary(hToolHelp32); - return KHM_ERROR_SUCCESS; } - -int (*Lcom_err)(LPSTR,long,LPSTR,...); -LPSTR (*Lerror_message)(long); -LPSTR (*Lerror_table_name)(long); - -#pragma warning (disable: 4213) -void Leash_load_com_err_callback(FARPROC ce, - FARPROC em, - FARPROC etn) -{ - (FARPROC)Lcom_err=ce; - (FARPROC)Lerror_message=em; - (FARPROC)Lerror_table_name=etn; -} diff --git a/src/WINNT/netidmgr_plugin/dynimport.h b/src/WINNT/netidmgr_plugin/dynimport.h index fd4557fff..14aa14a7e 100644 --- a/src/WINNT/netidmgr_plugin/dynimport.h +++ b/src/WINNT/netidmgr_plugin/dynimport.h @@ -30,6 +30,8 @@ /* Dynamic imports */ #include #include +#include +#include #if defined(_WIN32_WINNT) # if (_WIN32_WINNT < 0x0501) @@ -52,322 +54,16 @@ #define FAR #endif -extern HINSTANCE hKrb4; -extern HINSTANCE hKrb5; -extern HINSTANCE hProfile; - /////////////////////////////////////////////////////////////////////////////// -#ifdef _WIN64 -#define CCAPI_DLL "krbcc64.dll" -#define KRBCC32_DLL "krbcc64.dll" -#else -#define CCAPI_DLL "krbcc32.dll" -#define KRBCC32_DLL "krbcc32.dll" -#endif #define SERVICE_DLL "advapi32.dll" #define SECUR32_DLL "secur32.dll" +#define PSAPIDLL "psapi.dll" ////////////////////////////////////////////////////////////////////////////// -#include -#include -#include -#include -#include -#include - -//// CCAPI -/* In order to avoid including the private CCAPI headers */ -typedef int cc_int32; - -#define CC_API_VER_1 1 -#define CC_API_VER_2 2 - -#define CCACHE_API cc_int32 - -/* -** The Official Error Codes -*/ -#define CC_NOERROR 0 -#define CC_BADNAME 1 -#define CC_NOTFOUND 2 -#define CC_END 3 -#define CC_IO 4 -#define CC_WRITE 5 -#define CC_NOMEM 6 -#define CC_FORMAT 7 -#define CC_LOCKED 8 -#define CC_BAD_API_VERSION 9 -#define CC_NO_EXIST 10 -#define CC_NOT_SUPP 11 -#define CC_BAD_PARM 12 -#define CC_ERR_CACHE_ATTACH 13 -#define CC_ERR_CACHE_RELEASE 14 -#define CC_ERR_CACHE_FULL 15 -#define CC_ERR_CRED_VERSION 16 - -enum { - CC_CRED_VUNKNOWN = 0, // For validation - CC_CRED_V4 = 1, - CC_CRED_V5 = 2, - CC_CRED_VMAX = 3 // For validation -}; - -typedef struct opaque_dll_control_block_type* apiCB; -typedef struct _infoNC { - char* name; - char* principal; - cc_int32 vers; -} infoNC; - -TYPEDEF_FUNC( -CCACHE_API, -CALLCONV_C, -cc_initialize, - ( - apiCB** cc_ctx, // < DLL's primary control structure. - // returned here, passed everywhere else - cc_int32 api_version, // > ver supported by caller (use CC_API_VER_1) - cc_int32* api_supported, // < if ~NULL, max ver supported by DLL - const char** vendor // < if ~NULL, vendor name in read only C string - ) -); - -TYPEDEF_FUNC( -CCACHE_API, -CALLCONV_C, -cc_shutdown, - ( - apiCB** cc_ctx // <> DLL's primary control structure. NULL after - ) -); - -TYPEDEF_FUNC( -CCACHE_API, -CALLCONV_C, -cc_get_NC_info, - ( - apiCB* cc_ctx, // > DLL's primary control structure - struct _infoNC*** ppNCi // < (NULL before call) null terminated, - // list of a structs (free via cc_free_infoNC()) - ) -); - -TYPEDEF_FUNC( -CCACHE_API, -CALLCONV_C, -cc_free_NC_info, - ( - apiCB* cc_ctx, - struct _infoNC*** ppNCi // < free list of structs returned by - // cc_get_cache_names(). set to NULL on return - ) -); -//// \CCAPI - extern DWORD AfsAvailable; -// service definitions -typedef SC_HANDLE (WINAPI *FP_OpenSCManagerA)(char *, char *, DWORD); -typedef SC_HANDLE (WINAPI *FP_OpenServiceA)(SC_HANDLE, char *, DWORD); -typedef BOOL (WINAPI *FP_QueryServiceStatus)(SC_HANDLE, LPSERVICE_STATUS); -typedef BOOL (WINAPI *FP_CloseServiceHandle)(SC_HANDLE); - -////////////////////////////////////////////////////////////////////////////// - -// CCAPI -extern DECL_FUNC_PTR(cc_initialize); -extern DECL_FUNC_PTR(cc_shutdown); -extern DECL_FUNC_PTR(cc_get_NC_info); -extern DECL_FUNC_PTR(cc_free_NC_info); - -// krb4 functions -extern DECL_FUNC_PTR(get_krb_err_txt_entry); -extern DECL_FUNC_PTR(k_isinst); -extern DECL_FUNC_PTR(k_isname); -extern DECL_FUNC_PTR(k_isrealm); -extern DECL_FUNC_PTR(kadm_change_your_password); -extern DECL_FUNC_PTR(kname_parse); -extern DECL_FUNC_PTR(krb_get_cred); -extern DECL_FUNC_PTR(krb_get_krbhst); -extern DECL_FUNC_PTR(krb_get_lrealm); -extern DECL_FUNC_PTR(krb_get_pw_in_tkt); -extern DECL_FUNC_PTR(krb_get_tf_realm); -extern DECL_FUNC_PTR(krb_mk_req); -extern DECL_FUNC_PTR(krb_realmofhost); -extern DECL_FUNC_PTR(tf_init); -extern DECL_FUNC_PTR(tf_close); -extern DECL_FUNC_PTR(tf_get_cred); -extern DECL_FUNC_PTR(tf_get_pname); -extern DECL_FUNC_PTR(tf_get_pinst); -extern DECL_FUNC_PTR(LocalHostAddr); -extern DECL_FUNC_PTR(tkt_string); -extern DECL_FUNC_PTR(krb_set_tkt_string); -extern DECL_FUNC_PTR(initialize_krb_error_func); -extern DECL_FUNC_PTR(initialize_kadm_error_table); -extern DECL_FUNC_PTR(dest_tkt); -extern DECL_FUNC_PTR(lsh_LoadKrb4LeashErrorTables); // XXX -extern DECL_FUNC_PTR(krb_in_tkt); -extern DECL_FUNC_PTR(krb_save_credentials); -extern DECL_FUNC_PTR(krb_get_krbconf2); -extern DECL_FUNC_PTR(krb_get_krbrealm2); -extern DECL_FUNC_PTR(krb_life_to_time); - -// krb5 functions -extern DECL_FUNC_PTR(krb5_change_password); -extern DECL_FUNC_PTR(krb5_get_init_creds_opt_init); -extern DECL_FUNC_PTR(krb5_get_init_creds_opt_set_tkt_life); -extern DECL_FUNC_PTR(krb5_get_init_creds_opt_set_renew_life); -extern DECL_FUNC_PTR(krb5_get_init_creds_opt_set_forwardable); -extern DECL_FUNC_PTR(krb5_get_init_creds_opt_set_proxiable); -extern DECL_FUNC_PTR(krb5_get_init_creds_opt_set_renew_life); -extern DECL_FUNC_PTR(krb5_get_init_creds_opt_set_address_list); -extern DECL_FUNC_PTR(krb5_get_init_creds_password); -extern DECL_FUNC_PTR(krb5_get_prompt_types); -extern DECL_FUNC_PTR(krb5_build_principal_ext); -extern DECL_FUNC_PTR(krb5_cc_get_name); -extern DECL_FUNC_PTR(krb5_cc_get_type); -extern DECL_FUNC_PTR(krb5_cc_resolve); -extern DECL_FUNC_PTR(krb5_cc_default); -extern DECL_FUNC_PTR(krb5_cc_default_name); -extern DECL_FUNC_PTR(krb5_cc_set_default_name); -extern DECL_FUNC_PTR(krb5_cc_initialize); -extern DECL_FUNC_PTR(krb5_cc_destroy); -extern DECL_FUNC_PTR(krb5_cc_close); -extern DECL_FUNC_PTR(krb5_cc_copy_creds); -extern DECL_FUNC_PTR(krb5_cc_store_cred); -extern DECL_FUNC_PTR(krb5_cc_retrieve_cred); -extern DECL_FUNC_PTR(krb5_cc_get_principal); -extern DECL_FUNC_PTR(krb5_cc_start_seq_get); -extern DECL_FUNC_PTR(krb5_cc_next_cred); -extern DECL_FUNC_PTR(krb5_cc_end_seq_get); -extern DECL_FUNC_PTR(krb5_cc_remove_cred); -extern DECL_FUNC_PTR(krb5_cc_set_flags); -// extern DECL_FUNC_PTR(krb5_cc_get_type); -extern DECL_FUNC_PTR(krb5_free_context); -extern DECL_FUNC_PTR(krb5_free_cred_contents); -extern DECL_FUNC_PTR(krb5_free_principal); -extern DECL_FUNC_PTR(krb5_get_in_tkt_with_password); -extern DECL_FUNC_PTR(krb5_init_context); -extern DECL_FUNC_PTR(krb5_parse_name); -extern DECL_FUNC_PTR(krb5_timeofday); -extern DECL_FUNC_PTR(krb5_timestamp_to_sfstring); -extern DECL_FUNC_PTR(krb5_unparse_name); -extern DECL_FUNC_PTR(krb5_get_credentials); -extern DECL_FUNC_PTR(krb5_mk_req); -extern DECL_FUNC_PTR(krb5_sname_to_principal); -extern DECL_FUNC_PTR(krb5_get_credentials_renew); -extern DECL_FUNC_PTR(krb5_free_data); -extern DECL_FUNC_PTR(krb5_free_data_contents); -// extern DECL_FUNC_PTR(krb5_get_realm_domain); -extern DECL_FUNC_PTR(krb5_free_unparsed_name); -extern DECL_FUNC_PTR(krb5_os_localaddr); -extern DECL_FUNC_PTR(krb5_copy_keyblock_contents); -extern DECL_FUNC_PTR(krb5_copy_data); -extern DECL_FUNC_PTR(krb5_free_creds); -extern DECL_FUNC_PTR(krb5_build_principal); -extern DECL_FUNC_PTR(krb5_get_renewed_creds); -extern DECL_FUNC_PTR(krb5_free_addresses); -extern DECL_FUNC_PTR(krb5_get_default_config_files); -extern DECL_FUNC_PTR(krb5_free_config_files); -extern DECL_FUNC_PTR(krb5_get_default_realm); -extern DECL_FUNC_PTR(krb5_set_default_realm); -extern DECL_FUNC_PTR(krb5_free_ticket); -extern DECL_FUNC_PTR(krb5_decode_ticket); -extern DECL_FUNC_PTR(krb5_get_host_realm); -extern DECL_FUNC_PTR(krb5_free_host_realm); -extern DECL_FUNC_PTR(krb5_c_random_make_octets); -extern DECL_FUNC_PTR(krb5_free_default_realm); - -// Krb5 (3.2) functions -extern DECL_FUNC_PTR(krb5_get_error_message); -extern DECL_FUNC_PTR(krb5_free_error_message); - -// Krb524 functions -extern DECL_FUNC_PTR(krb524_init_ets); -extern DECL_FUNC_PTR(krb524_convert_creds_kdc); - -// ComErr functions -extern DECL_FUNC_PTR(com_err); -extern DECL_FUNC_PTR(error_message); - -// Profile functions -extern DECL_FUNC_PTR(profile_init); -extern DECL_FUNC_PTR(profile_flush); -extern DECL_FUNC_PTR(profile_release); -extern DECL_FUNC_PTR(profile_get_subsection_names); -extern DECL_FUNC_PTR(profile_free_list); -extern DECL_FUNC_PTR(profile_get_string); -extern DECL_FUNC_PTR(profile_get_values); -extern DECL_FUNC_PTR(profile_get_relation_names); -extern DECL_FUNC_PTR(profile_clear_relation); -extern DECL_FUNC_PTR(profile_add_relation); -extern DECL_FUNC_PTR(profile_update_relation); -extern DECL_FUNC_PTR(profile_release_string); - -// Service functions -extern DECL_FUNC_PTR(OpenSCManagerA); -extern DECL_FUNC_PTR(OpenServiceA); -extern DECL_FUNC_PTR(QueryServiceStatus); -extern DECL_FUNC_PTR(CloseServiceHandle); -extern DECL_FUNC_PTR(LsaNtStatusToWinError); - -// LSA Functions -extern DECL_FUNC_PTR(LsaConnectUntrusted); -extern DECL_FUNC_PTR(LsaLookupAuthenticationPackage); -extern DECL_FUNC_PTR(LsaCallAuthenticationPackage); -extern DECL_FUNC_PTR(LsaFreeReturnBuffer); -extern DECL_FUNC_PTR(LsaGetLogonSessionData); - -// toolhelp functions -TYPEDEF_FUNC( - HANDLE, - WINAPI, - CreateToolhelp32Snapshot, - (DWORD, DWORD) - ); -TYPEDEF_FUNC( - BOOL, - WINAPI, - Module32First, - (HANDLE, LPMODULEENTRY32) - ); -TYPEDEF_FUNC( - BOOL, - WINAPI, - Module32Next, - (HANDLE, LPMODULEENTRY32) - ); - -// psapi functions -TYPEDEF_FUNC( - DWORD, - WINAPI, - GetModuleFileNameExA, - (HANDLE, HMODULE, LPSTR, DWORD) - ); - -TYPEDEF_FUNC( - BOOL, - WINAPI, - EnumProcessModules, - (HANDLE, HMODULE*, DWORD, LPDWORD) - ); - -#define pGetModuleFileNameEx pGetModuleFileNameExA -#define TOOLHELPDLL "kernel32.dll" -#define PSAPIDLL "psapi.dll" - -// psapi functions -extern DECL_FUNC_PTR(GetModuleFileNameExA); -extern DECL_FUNC_PTR(EnumProcessModules); - -// toolhelp functions -extern DECL_FUNC_PTR(CreateToolhelp32Snapshot); -extern DECL_FUNC_PTR(Module32First); -extern DECL_FUNC_PTR(Module32Next); - khm_int32 init_imports(void); khm_int32 exit_imports(void); diff --git a/src/WINNT/netidmgr_plugin/krb5common.c b/src/WINNT/netidmgr_plugin/krb5common.c index 36c626547..90dd94ff4 100644 --- a/src/WINNT/netidmgr_plugin/krb5common.c +++ b/src/WINNT/netidmgr_plugin/krb5common.c @@ -26,9 +26,9 @@ #include #include - #include +#include #include #include #include @@ -43,8 +43,8 @@ /**************************************/ int khm_krb5_error(krb5_error_code rc, LPCSTR FailedFunctionName, - int FreeContextFlag, krb5_context * ctx, - krb5_ccache * cache) + int FreeContextFlag, krb5_context * ctx, + krb5_ccache * cache) { #ifdef NO_KRB5 return 0; @@ -55,8 +55,8 @@ khm_krb5_error(krb5_error_code rc, LPCSTR FailedFunctionName, const char *errText; int krb5Error = ((int)(rc & 255)); - if (pkrb5_get_error_message) - errText = pkrb5_get_error_message(rc); + if (krb5_get_error_message) + errText = krb5_get_error_message(rc); else errText = perror_message(rc); _snprintf(message, sizeof(message), @@ -64,8 +64,8 @@ khm_krb5_error(krb5_error_code rc, LPCSTR FailedFunctionName, errText, krb5Error, FailedFunctionName); - if (pkrb5_free_error_message) - pkrb5_free_error_message(errText); + if (krb5_free_error_message) + krb5_free_error_message(errText); MessageBoxA(NULL, message, "Kerberos Five", MB_OK | MB_ICONERROR | MB_TASKMODAL | @@ -77,11 +77,11 @@ khm_krb5_error(krb5_error_code rc, LPCSTR FailedFunctionName, if (*ctx != NULL) { if (*cache != NULL) { - pkrb5_cc_close(*ctx, *cache); + krb5_cc_close(*ctx, *cache); *cache = NULL; } - pkrb5_free_context(*ctx); + krb5_free_context(*ctx); *ctx = NULL; } } @@ -105,10 +105,10 @@ khm_krb5_initialize(khm_handle ident, krb5_error_code rc = 0; krb5_flags flags = KRB5_TC_OPENCLOSE; - if (pkrb5_init_context == NULL) + if (krb5_init_context == NULL) return 1; - if (*ctx == 0 && (rc = (*pkrb5_init_context)(ctx))) { + if (*ctx == 0 && (rc = krb5_init_context(ctx))) { functionName = "krb5_init_context()"; freeContextFlag = 0; goto on_error; @@ -142,7 +142,7 @@ khm_krb5_initialize(khm_handle ident, if(UnicodeStrToAnsi(ccname, sizeof(ccname), wccname) == 0) break; - if((*pkrb5_cc_resolve)(*ctx, ccname, cache)) { + if((rc = krb5_cc_resolve(*ctx, ccname, cache)) != 0) { functionName = "krb5_cc_resolve()"; freeContextFlag = 1; goto on_error; @@ -155,7 +155,7 @@ khm_krb5_initialize(khm_handle ident, #endif if (*cache == 0 #ifdef FAILOVER_TO_DEFAULT_CCACHE - && (rc = (*pkrb5_cc_default)(*ctx, cache)) + && (rc = krb5_cc_default(*ctx, cache)) #endif ) { functionName = "krb5_cc_default()"; @@ -168,14 +168,13 @@ khm_krb5_initialize(khm_handle ident, flags = KRB5_TC_NOTICKET; #endif - if ((rc = (*pkrb5_cc_set_flags)(*ctx, *cache, flags))) + if ((rc = krb5_cc_set_flags(*ctx, *cache, flags))) { if (rc != KRB5_FCC_NOFILE && rc != KRB5_CC_NOTFOUND) - khm_krb5_error(rc, "krb5_cc_set_flags()", 0, ctx, - cache); + khm_krb5_error(rc, "krb5_cc_set_flags()", 0, ctx, cache); else if ((rc == KRB5_FCC_NOFILE || rc == KRB5_CC_NOTFOUND) && *ctx != NULL) { if (*cache != NULL) - (*pkrb5_cc_close)(*ctx, *cache); + krb5_cc_close(*ctx, *cache); } return rc; } @@ -210,7 +209,7 @@ khm_get_identity_expiration_time(krb5_context ctx, krb5_ccache cc, if (!ctx || !cc || !ident || !pexpiration) return KHM_ERROR_GENERAL; - code = pkrb5_cc_get_principal(ctx, cc, &principal); + code = krb5_cc_get_principal(ctx, cc, &principal); if ( code ) return KHM_ERROR_INVALID_PARAM; @@ -219,47 +218,46 @@ khm_get_identity_expiration_time(krb5_context ctx, krb5_ccache cc, kcdb_identity_get_name(ident, w_ident_name, &cb); UnicodeStrToAnsi(ident_name, sizeof(ident_name), w_ident_name); - code = pkrb5_unparse_name(ctx, principal, &princ_name); + code = krb5_unparse_name(ctx, principal, &princ_name); /* compare principal to ident. */ if ( code || !princ_name || strcmp(princ_name, ident_name) ) { if (princ_name) - pkrb5_free_unparsed_name(ctx, princ_name); - pkrb5_free_principal(ctx, principal); + krb5_free_unparsed_name(ctx, princ_name); + krb5_free_principal(ctx, principal); return KHM_ERROR_UNKNOWN; } - pkrb5_free_unparsed_name(ctx, princ_name); - pkrb5_free_principal(ctx, principal); + krb5_free_unparsed_name(ctx, princ_name); + krb5_free_principal(ctx, principal); - code = pkrb5_timeofday(ctx, &now); + code = krb5_timeofday(ctx, &now); if (code) return KHM_ERROR_UNKNOWN; - cc_code = pkrb5_cc_start_seq_get(ctx, cc, &cur); + cc_code = krb5_cc_start_seq_get(ctx, cc, &cur); - while (!(cc_code = pkrb5_cc_next_cred(ctx, cc, &cur, &creds))) { - krb5_data * c0 = krb5_princ_name(ctx, creds.server); - krb5_data * c1 = krb5_princ_component(ctx, creds.server, 1); - krb5_data * r = krb5_princ_realm(ctx, creds.server); + while (!(cc_code = krb5_cc_next_cred(ctx, cc, &cur, &creds))) { + const char * c0 = krb5_principal_get_comp_string(ctx, creds.server, 0); + const char * c1 = krb5_principal_get_comp_string(ctx, creds.server, 1); + const char * r = krb5_principal_get_realm(ctx, creds.server); - if ( c0 && c1 && r && c1->length == r->length && - !strncmp(c1->data,r->data,r->length) && - !strncmp("krbtgt",c0->data,c0->length) ) { + if ( c0 && c1 && r && !strcmp(c1, r) && + !strcmp("krbtgt",c0) ) { /* we have a TGT, check for the expiration time. * if it is valid and renewable, use the renew time */ - if (!(creds.ticket_flags & TKT_FLG_INVALID) && + if (!creds.flags.b.invalid && creds.times.starttime < (now + TIMET_TOLERANCE) && (creds.times.endtime + TIMET_TOLERANCE) > now) { expiration = creds.times.endtime; - if ((creds.ticket_flags & TKT_FLG_RENEWABLE) && + if (creds.flags.b.renewable && (creds.times.renew_till > creds.times.endtime)) { expiration = creds.times.renew_till; } @@ -268,7 +266,7 @@ khm_get_identity_expiration_time(krb5_context ctx, krb5_ccache cc, } if (cc_code == KRB5_CC_END) { - cc_code = pkrb5_cc_end_seq_get(ctx, cc, &cur); + cc_code = krb5_cc_end_seq_get(ctx, cc, &cur); rv = KHM_ERROR_SUCCESS; *pexpiration = expiration; } @@ -280,12 +278,9 @@ khm_int32 KHMAPI khm_krb5_find_ccache_for_identity(khm_handle ident, krb5_context *pctx, void * buffer, khm_size * pcbbuf) { - krb5_context ctx = 0; + krb5_context context = 0; krb5_ccache cache = 0; krb5_error_code code; - apiCB * cc_ctx = 0; - struct _infoNC ** pNCi = NULL; - int i; khm_int32 t; wchar_t * ms = NULL; khm_size cb; @@ -296,65 +291,49 @@ khm_krb5_find_ccache_for_identity(khm_handle ident, krb5_context *pctx, khm_handle csp_plugins = NULL; if (!buffer || !pcbbuf) - return KHM_ERROR_GENERAL; - - ctx = *pctx; - - if (!pcc_initialize || - !pcc_get_NC_info || - !pcc_free_NC_info || - !pcc_shutdown) - goto _skip_cc_iter; - - code = pcc_initialize(&cc_ctx, CC_API_VER_2, NULL, NULL); - if (code) - goto _exit; - - code = pcc_get_NC_info(cc_ctx, &pNCi); + return KHM_ERROR_GENERAL; - if (code) - goto _exit; + context = *pctx; - for(i=0; pNCi[i]; i++) { - if (pNCi[i]->vers != CC_CRED_V5) - continue; + do { + krb5_cccol_cursor cciter = 0; - code = (*pkrb5_cc_resolve)(ctx, pNCi[i]->name, &cache); + code = krb5_cccol_cursor_new(context, &cciter); if (code) - continue; - - /* need a function to check the cache for the identity - * and determine if it has valid tickets. If it has - * the right identity and valid tickets, store the - * expiration time and the cache name. If it has the - * right identity but no valid tickets, store the ccache - * name and an expiration time of zero. if it does not - * have the right identity don't save the name. - * - * Keep searching to find the best cache available. - */ - - if (KHM_SUCCEEDED(khm_get_identity_expiration_time(ctx, cache, - ident, - &expiration))) { - if ( expiration > best_match_expiration ) { - best_match_expiration = expiration; - StringCbCopyA(best_match_ccname, - sizeof(best_match_ccname), - "API:"); - StringCbCatA(best_match_ccname, - sizeof(best_match_ccname), - pNCi[i]->name); - expiration = 0; + break; + + while (krb5_cccol_cursor_next(context, cciter, &cache) == 0) { + + /* need a function to check the cache for the identity and + * determine if it has valid tickets. If it has the right + * identity and valid tickets, store the expiration time + * and the cache name. If it has the right identity but + * no valid tickets, store the ccache name and an + * expiration time of zero. if it does not have the right + * identity don't save the name. + * + * Keep searching to find the best cache available. + */ + + if (KHM_SUCCEEDED(khm_get_identity_expiration_time(context, cache, + ident, + &expiration))) { + if ( expiration > best_match_expiration ) { + best_match_expiration = expiration; + StringCbPrintfA(best_match_ccname, sizeof(best_match_ccname), + "%s:%s", + krb5_cc_get_type(context, cache), + krb5_cc_get_name(context, cache)); + expiration = 0; + } } - } - if(ctx != NULL && cache != NULL) - (*pkrb5_cc_close)(ctx, cache); - cache = 0; - } + krb5_cc_close(context, cache); + cache = 0; + } - _skip_cc_iter: + krb5_cccol_cursor_free(context, &cciter); + } while (FALSE); if (KHM_SUCCEEDED(kmm_get_plugins_config(0, &csp_plugins))) { khc_open_space(csp_plugins, L"Krb5Cred\\Parameters", 0, &csp_params); @@ -370,9 +349,9 @@ khm_krb5_find_ccache_for_identity(khm_handle ident, krb5_context *pctx, if (csp_params && KHM_SUCCEEDED(khc_read_int32(csp_params, L"MsLsaList", &t)) && t) { - code = (*pkrb5_cc_resolve)(ctx, "MSLSA:", &cache); + code = krb5_cc_resolve(context, "MSLSA:", &cache); if (code == 0 && cache) { - if (KHM_SUCCEEDED(khm_get_identity_expiration_time(ctx, cache, + if (KHM_SUCCEEDED(khm_get_identity_expiration_time(context, cache, ident, &expiration))) { if ( expiration > best_match_expiration ) { @@ -384,8 +363,8 @@ khm_krb5_find_ccache_for_identity(khm_handle ident, krb5_context *pctx, } } - if (ctx != NULL && cache != NULL) - (*pkrb5_cc_close)(ctx, cache); + if (context != NULL && cache != NULL) + krb5_cc_close(context, cache); cache = 0; } @@ -409,11 +388,11 @@ khm_krb5_find_ccache_for_identity(khm_handle ident, krb5_context *pctx, StringCchPrintfA(ccname, ARRAYLENGTH(ccname), "FILE:%S", t); - code = (*pkrb5_cc_resolve)(ctx, ccname, &cache); + code = krb5_cc_resolve(context, ccname, &cache); if (code) continue; - if (KHM_SUCCEEDED(khm_get_identity_expiration_time(ctx, cache, + if (KHM_SUCCEEDED(khm_get_identity_expiration_time(context, cache, ident, &expiration))) { if ( expiration > best_match_expiration ) { @@ -425,23 +404,17 @@ khm_krb5_find_ccache_for_identity(khm_handle ident, krb5_context *pctx, } } - if (ctx != NULL && cache != NULL) - (*pkrb5_cc_close)(ctx, cache); + if (context != NULL && cache != NULL) + krb5_cc_close(context, cache); cache = 0; } PFREE(ms); } - _exit: + if (csp_params) khc_close_space(csp_params); - if (pNCi) - (*pcc_free_NC_info)(cc_ctx, &pNCi); - - if (cc_ctx) - (*pcc_shutdown)(&cc_ctx); - if (best_match_ccname[0]) { if (*pcbbuf = AnsiStrToUnicode((wchar_t *)buffer, diff --git a/src/WINNT/netidmgr_plugin/krb5common.h b/src/WINNT/netidmgr_plugin/krb5common.h index b01e0d5ce..eeee811b8 100644 --- a/src/WINNT/netidmgr_plugin/krb5common.h +++ b/src/WINNT/netidmgr_plugin/krb5common.h @@ -51,6 +51,10 @@ khm_int32 KHMAPI khm_get_identity_expiration_time(krb5_context ctx, krb5_ccache cc, khm_handle ident, krb5_timestamp * pexpiration); + +#ifndef MAX_HSTNM +#define MAX_HSTNM 100 +#endif #endif /* NO_KRB5 */ #endif diff --git a/src/WINNT/netidmgr_plugin/main.c b/src/WINNT/netidmgr_plugin/main.c index b46aa15a6..db6d89ad0 100644 --- a/src/WINNT/netidmgr_plugin/main.c +++ b/src/WINNT/netidmgr_plugin/main.c @@ -35,6 +35,7 @@ #ifdef DEBUG #include #endif +#include #pragma warning (pop) @@ -73,6 +74,8 @@ KHMEXP khm_int32 KHMAPI init_module(kmm_module h_module) { goto _exit; } + DelayLoadHeimdal(); + ZeroMemory(&pi,sizeof(pi)); pi.msg_proc = afs_plugin_cb; diff --git a/src/auth/test/NTMakefile b/src/auth/test/NTMakefile index 340d17b99..cb88d03d0 100644 --- a/src/auth/test/NTMakefile +++ b/src/auth/test/NTMakefile @@ -42,8 +42,8 @@ KTC_EXELIBS =\ $(DESTDIR)\lib\afs\afsreg.lib \ $(DESTDIR)\lib\afs\afspioctl.lib -$(KTC_EXEFILE): $(KTC_EXEOBJS) $(KTC_EXELIBS) - $(EXECONLINK) dnsapi.lib shell32.lib mpr.lib +$(KTC_EXEFILE): $(KTC_EXEOBJS) $(KTC_EXELIBS) $(HEIMDEPS) + $(EXECONLINK) dnsapi.lib shell32.lib mpr.lib $(HEIMLINKOPTS) $(_VC_MANIFEST_EMBED_EXE) $(EXEPREP) $(CODESIGN_USERLAND) @@ -54,4 +54,3 @@ test tests: $(CELL_EXEFILE) $(KTC_EXEFILE) clean:: mkdir: - diff --git a/src/bozo/NTMakefile b/src/bozo/NTMakefile index c6376cc38..a2ed44011 100644 --- a/src/bozo/NTMakefile +++ b/src/bozo/NTMakefile @@ -111,7 +111,6 @@ BOS_EXELIBS =\ $(DESTDIR)\lib\afshcrypto.lib \ $(DESTDIR)\lib\afsroken.lib - $(RS_BOS_EXEFILE): $(BOS_EXEOBJS) $(BOS_EXELIBS) $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib $(_VC_MANIFEST_EMBED_EXE) @@ -165,4 +164,3 @@ clean:: $(DEL) bnode.h boserr.c bosint.cs.c bosint.h bosint.ss.c bosint.xdr.c mkdir: - diff --git a/src/budb/NTMakefile b/src/budb/NTMakefile index a396dcb7b..5d9474173 100644 --- a/src/budb/NTMakefile +++ b/src/budb/NTMakefile @@ -19,7 +19,7 @@ INCFILES =\ $(INCFILEDIR)\budb_errs.h \ $(INCFILEDIR)\budb_client.h \ $(INCFILEDIR)\budb_prototypes.h - + ############################################################################ @@ -138,4 +138,4 @@ clean:: $(DEL) budb.cs.c budb.ss.c budb.xdr.c mkdir: - + diff --git a/src/butc/NTMakefile b/src/butc/NTMakefile index cb9d7a7f1..e0e0ffbb5 100644 --- a/src/butc/NTMakefile +++ b/src/butc/NTMakefile @@ -89,4 +89,4 @@ $(OUT)\butc_test.exe: $(OUT)\test.obj $(SYMSTORE_IMPORT) mkdir: - + diff --git a/src/config/NTMakefile.amd64_w2k b/src/config/NTMakefile.amd64_w2k index 08a044526..20fd00063 100644 --- a/src/config/NTMakefile.amd64_w2k +++ b/src/config/NTMakefile.amd64_w2k @@ -249,10 +249,10 @@ afscdefs =\ -DSTRICT \ -D_WIN32_IE=0x0502 \ -D_WIN32_WINNT=0x0502 \ - -DWINVER=0x0502 \ + -DWINVER=0x0502 \ -DNTDDI_VERSION=0x05020000 \ - -DREGISTER_POWER_NOTIFICATIONS \ - -DAFS_FREELANCE_CLIENT \ + -DREGISTER_POWER_NOTIFICATIONS \ + -DAFS_FREELANCE_CLIENT \ -DAFS_64BITPOINTER_ENV \ -DAFS_64BITUSERPOINTER_ENV \ -DAFS_64BIT_CLIENT \ @@ -567,3 +567,21 @@ MAKECYGLIB=\ !ELSE MAKECYGLIB=echo Skipping Cygwin archive !ENDIF + +######### Heimdal compatibility support + +!IFNDEF HEIMDALSDKDIR +!IFDEF KERBEROSCOMPATSDKROOT +HEIMDALSDKDIR=$(KERBEROSCOMPATSDKROOT)\1.0 +!ELSE +!ERROR HEIMDALSDKDIR or KERBEROSCOMPATSDKROOT needs to be defined +!ENDIF +!ENDIF + +HEIMINC=$(HEIMDALSDKDIR)\inc +HEIMLIB=$(HEIMDALSDKDIR)\lib\$(CPU) + +afscdefs=$(afscdefs) -I$(HEIMINC) -I$(HEIMINC)\krb5 + +HEIMDEPS=$(HEIMLIB)\heimdal.lib $(DESTDIR)\lib\krbcompat_delayload.obj +HEIMLINKOPTS=/DELAYLOAD:heimdal.dll diff --git a/src/config/NTMakefile.i386_nt40 b/src/config/NTMakefile.i386_nt40 index 768acb3f4..c7436a472 100644 --- a/src/config/NTMakefile.i386_nt40 +++ b/src/config/NTMakefile.i386_nt40 @@ -255,8 +255,8 @@ afscdefs =\ -D_WIN32_WINNT=0x0500 \ -DWINVER=0x0500 \ -DNTDDI_VERSION=0x05000000 \ - -DREGISTER_POWER_NOTIFICATIONS \ - -DAFS_FREELANCE_CLIENT \ + -DREGISTER_POWER_NOTIFICATIONS \ + -DAFS_FREELANCE_CLIENT \ -DAFS_64BIT_CLIENT \ $(AFSDEV_AUXCDEFINES) @@ -347,7 +347,7 @@ CPP2OBJ = $(C2OBJ) .c{$(OUT)\}.obj: $(C2OBJ) $< - + .c.obj: $(C2OBJ) $< @@ -519,3 +519,22 @@ MAKECYGLIB=\ !ELSE MAKECYGLIB=echo Skipping Cygwin archive !ENDIF + + +######### Heimdal compatibility support + +!IFNDEF HEIMDALSDKDIR +!IFDEF KERBEROSCOMPATSDKROOT +HEIMDALSDKDIR=$(KERBEROSCOMPATSDKROOT)\1.0 +!ELSE +!ERROR HEIMDALSDKDIR or KERBEROSCOMPATSDKROOT needs to be defined +!ENDIF +!ENDIF + +HEIMINC=$(HEIMDALSDKDIR)\inc +HEIMLIB=$(HEIMDALSDKDIR)\lib\$(CPU) + +afscdefs=$(afscdefs) -I$(HEIMINC) -I$(HEIMINC)\krb5 + +HEIMDEPS=$(HEIMLIB)\heimdal.lib $(DESTDIR)\lib\krbcompat_delayload.obj +HEIMLINKOPTS=/DELAYLOAD:heimdal.dll diff --git a/src/config/NTMakefile.i386_w2k b/src/config/NTMakefile.i386_w2k index ee5b5fa54..1b3c3febf 100644 --- a/src/config/NTMakefile.i386_w2k +++ b/src/config/NTMakefile.i386_w2k @@ -569,3 +569,21 @@ MAKECYGLIB=\ !ELSE MAKECYGLIB=echo Skipping Cygwin archive !ENDIF + +######### Heimdal compatibility support + +!IFNDEF HEIMDALSDKDIR +!IFDEF KERBEROSCOMPATSDKROOT +HEIMDALSDKDIR=$(KERBEROSCOMPATSDKROOT)\1.0 +!ELSE +!ERROR HEIMDALSDKDIR or KERBEROSCOMPATSDKROOT needs to be defined +!ENDIF +!ENDIF + +HEIMINC=$(HEIMDALSDKDIR)\inc +HEIMLIB=$(HEIMDALSDKDIR)\lib\$(CPU) + +afscdefs=$(afscdefs) -I$(HEIMINC) -I$(HEIMINC)\krb5 + +HEIMDEPS=$(HEIMLIB)\heimdal.lib $(DESTDIR)\lib\krbcompat_delayload.obj +HEIMLINKOPTS=/DELAYLOAD:heimdal.dll diff --git a/src/kauth/NTMakefile b/src/kauth/NTMakefile index a1efbd94d..6efcb3d73 100644 --- a/src/kauth/NTMakefile +++ b/src/kauth/NTMakefile @@ -96,7 +96,7 @@ AFSLIBS = \ $(DESTDIR)\lib\opr.lib \ $(DESTDIR)\lib\afshcrypto.lib \ $(DESTDIR)\lib\afsroken.lib - + TOKENLIB = $(DESTDIR)\lib\afs\afspioctl.lib ############################################################################ @@ -148,7 +148,7 @@ KAS_OBJS =\ $(OUT)\admin_tools.obj \ $(OUT)\kkids.obj \ $(OUT)\kas.res - + $(KAS): $(KAS_OBJS) $(AFSLIBS) $(KAUTH_LIBFILE) $(TOKENLIB) $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib $(_VC_MANIFEST_EMBED_EXE) @@ -253,4 +253,3 @@ clean:: $(DEL) kaerrors.c mkdir: - diff --git a/src/libadmin/adminutil/NTMakefile b/src/libadmin/adminutil/NTMakefile index 610893f14..92b7c9503 100644 --- a/src/libadmin/adminutil/NTMakefile +++ b/src/libadmin/adminutil/NTMakefile @@ -31,7 +31,7 @@ INCFILES= $(INCFILEDIR)\afs_AdminCommonErrors.h \ $(INCFILEDIR)\afs_AdminMiscErrors.h \ $(INCFILEDIR)\afs_AdminPtsErrors.h \ $(INCFILEDIR)\afs_AdminUtilErrors.h \ - $(INCFILEDIR)\afs_AdminVosErrors.h + $(INCFILEDIR)\afs_AdminVosErrors.h $(INCFILES):$$(@F) $(COPY) $** $(INCFILEDIR)\. @@ -43,31 +43,31 @@ afs_AdminBosErrors.h afs_AdminBosErrors.c : afs_AdminBosErrors.et afs_AdminCfgErrors.h afs_AdminCfgErrors.c : afs_AdminCfgErrors.et $(DEL) afs_AdminCfgErrors.h afs_AdminCfgErrors.c $(COMPILE_ET) afs_AdminCfgErrors -h afs_AdminCfgErrors - + afs_AdminClientErrors.h afs_AdminClientErrors.c : afs_AdminClientErrors.et $(DEL) afs_AdminClientErrors.h afs_AdminClientErrors.c $(COMPILE_ET) afs_AdminClientErrors -h afs_AdminClientErrors - + afs_AdminCommonErrors.h afs_AdminCommonErrors.c: afs_AdminCommonErrors.et $(DEL) afs_AdminCommonErrors.h afs_AdminCommonErrors.c $(COMPILE_ET) afs_AdminCommonErrors -h afs_AdminCommonErrors - + afs_AdminKasErrors.h afs_AdminKasErrors.c : afs_AdminKasErrors.et $(DEL) afs_AdminKasErrors.h afs_AdminKasErrors.c $(COMPILE_ET) afs_AdminKasErrors -h afs_AdminKasErrors - + afs_AdminMiscErrors.h afs_AdminMiscErrors.c : afs_AdminMiscErrors.et $(DEL) afs_AdminMiscErrors.h afs_AdminMiscErrors.c $(COMPILE_ET) afs_AdminMiscErrors -h afs_AdminMiscErrors - + afs_AdminPtsErrors.h afs_AdminPtsErrors.c : afs_AdminPtsErrors.et $(DEL) afs_AdminPtsErrors.h afs_AdminPtsErrors.c $(COMPILE_ET) afs_AdminPtsErrors -h afs_AdminPtsErrors - + afs_AdminUtilErrors.h afs_AdminUtilErrors.c : afs_AdminUtilErrors.et $(DEL) afs_AdminUtilErrors.h afs_AdminUtilErrors.c $(COMPILE_ET) afs_AdminUtilErrors -h afs_AdminUtilErrors - + afs_AdminVosErrors.h afs_AdminVosErrors.c : afs_AdminVosErrors.et $(DEL) afs_AdminVosErrors.h afs_AdminVosErrors.c $(COMPILE_ET) afs_AdminVosErrors -h afs_AdminVosErrors @@ -92,7 +92,7 @@ BOZOOBJS=\ KAUTHOBJS=\ $(OUT)\kaerrors.obj - + CMDOBJS=\ $(OUT)\cmd_errors.obj @@ -144,23 +144,10 @@ DLLLIBS =\ $(DESTDIR)\lib\opr.lib \ $(DESTDIR)\lib\afsroken.lib -!IF "$(CPU)" == "IA64" || "$(CPU)" == "AMD64" || "$(CPU)" == "ALPHA64" -KFWLIBS = \ - $(AFSROOT)\src\WINNT\kfw\lib\$(CPU)\krb5_64.lib \ - $(AFSROOT)\src\WINNT\kfw\lib\$(CPU)\comerr64.lib \ - dnsapi.lib mpr.lib delayimp.lib shell32.lib -LINKOPTS = /DELAYLOAD:krb5_64.dll /DELAYLOAD:comerr64.dll -!else -KFWLIBS = \ - $(AFSROOT)\src\WINNT\kfw\lib\$(CPU)\krb5_32.lib \ - $(AFSROOT)\src\WINNT\kfw\lib\$(CPU)\comerr32.lib \ - dnsapi.lib mpr.lib delayimp.lib shell32.lib -LINKOPTS = /DELAYLOAD:krb5_32.dll /DELAYLOAD:comerr32.dll -!endif -afscflags = -I$(AFSROOT)\src\WINNT\kfw\inc\krb5 $(afscflags) - -$(DLLFILE): $(DLLOBJS) $(DLLLIBS) - $(DLLCONLINK) /DEF:afsadminutil.def $(KFWLIBS) +NTLIBS = dnsapi.lib mpr.lib shell32.lib + +$(DLLFILE): $(DLLOBJS) $(DLLLIBS) $(HEIMDEPS) + $(DLLCONLINK) /DEF:afsadminutil.def $(NTLIBS) $(HEIMLINKOPTS) $(_VC_MANIFEST_EMBED_DLL) $(DLLPREP) $(CODESIGN_USERLAND) @@ -225,4 +212,5 @@ clean:: $(DEL) $(DLLOBJS) $(DEL) $(DLLFILE) mkdir: - + + diff --git a/src/libadmin/adminutil/afs_utilAdmin.c b/src/libadmin/adminutil/afs_utilAdmin.c index 22511737e..7160d636f 100644 --- a/src/libadmin/adminutil/afs_utilAdmin.c +++ b/src/libadmin/adminutil/afs_utilAdmin.c @@ -30,7 +30,9 @@ #include #ifdef AFS_NT40_ENV -# include +# define EncryptionKey Krb5EncryptionKey +# include +# undef EncryptionKey #endif #include "afs_AdminInternal.h" @@ -74,9 +76,6 @@ init_once(void) initialize_AU_error_table(); initialize_AV_error_table(); initialize_VOLS_error_table(); -#ifdef AFS_KRB5_ERROR_ENV - initialize_krb5(); -#endif error_init_done = 1; } @@ -103,8 +102,7 @@ util_AdminErrorCodeTranslate(afs_status_t errorCode, int langId, *errorTextP = afs_error_message(code); #ifdef AFS_KRB5_ERROR_ENV if (strncmp(*errorTextP, "unknown", strlen("unknown")) == 0) { - const char *msg = fetch_krb5_error_message(NULL, code); - *errorTextP = msg ? msg : error_message(code); + *errorTextP = krb5_get_error_message(NULL, code); } #endif rc = 1; diff --git a/src/libafsauthent/NTMakefile b/src/libafsauthent/NTMakefile index 684c6aec6..0164e3fef 100644 --- a/src/libafsauthent/NTMakefile +++ b/src/libafsauthent/NTMakefile @@ -8,8 +8,8 @@ # This is a pthread safe library containing ubikclient, auth, kauth. -AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES) -DAFS_PTHREAD_ENV -I..\WINNT\kfw\inc\loadfuncs \ - -I..\WINNT\kfw\inc\krb5 -I$(DESTDIR)\include\afs -I$(DESTDIR)\include\rx +AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES) -DAFS_PTHREAD_ENV -I$(DESTDIR)\include\afs \ + -I$(DESTDIR)\include\rx RELDIR=libafsauthent !include ..\config\NTMakefile.$(SYS_NAME) @@ -169,4 +169,3 @@ clean :: $(DEL) $(LIBFILE) mkdir: - diff --git a/src/ntbuild.bat b/src/ntbuild.bat index 2adce0cd3..07698549b 100755 --- a/src/ntbuild.bat +++ b/src/ntbuild.bat @@ -123,6 +123,9 @@ set NTDDKDIR=C:\WINDDK\7600.16385.0 REM Location of Microsoft IDN Normalization SDK set MSIDNNLS=C:\progra~1\MI5913~1 +REM Location of Secure Endpoints Kerberos Compatibility SDK 1.0 +set KERBEROSCOMPATSDKROOT=c:\progra~2\secure~1\kerber~1 + REM Location of the WiX Installer Toolkit set WIX=c:\tools\wix.2.0.5325 diff --git a/src/ptserver/NTMakefile b/src/ptserver/NTMakefile index d6180bb91..9e5e49d8c 100644 --- a/src/ptserver/NTMakefile +++ b/src/ptserver/NTMakefile @@ -128,7 +128,7 @@ PTS_EXELIBS =\ $(DESTDIR)\lib\afshcrypto.lib \ $(DESTDIR)\lib\afsroken.lib -$(PTS): $(PTS_EXEOBJS) $(PTS_EXELIBS) +$(PTS): $(PTS_EXEOBJS) $(PTS_EXELIBS) $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib $(_VC_MANIFEST_EMBED_EXE) $(EXEPREP) @@ -254,7 +254,7 @@ $(OUT)\readpwd.exe: $(OUT)\readpwd.obj $(LIBFILE) $(TEST_LIBS) $(SYMSTORE_IMPORT) $(OUT)\testpt.exe: $(OUT)\testpt.obj $(LIBFILE) $(TEST_LIBS) - $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib + $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib $(_VC_MANIFEST_EMBED_EXE) $(CODESIGN_USERLAND) $(SYMSTORE_IMPORT) @@ -266,4 +266,4 @@ $(OUT)\db_verify.exe: $(OUT)\db_verify.obj $(OUT)\pterror.obj $(OUT)\display.obj $(SYMSTORE_IMPORT) mkdir: - + diff --git a/src/sys/NTMakefile b/src/sys/NTMakefile index 54ac7f896..6a09caddb 100644 --- a/src/sys/NTMakefile +++ b/src/sys/NTMakefile @@ -5,8 +5,7 @@ # License. For details, see the LICENSE file in the top-level source # directory or online at http://www.openafs.org/dl/license10.html -AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES) -I..\WINNT\kfw\inc\loadfuncs -I..\WINNT\kfw\inc\krb5 \ - -I$(DESTDIR)\include\afs -I$(DESTDIR)\include\rx +AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES) -I$(DESTDIR)\include\afs -I$(DESTDIR)\include\rx RELDIR=sys !INCLUDE ..\config\NTMakefile.$(SYS_NAME) !INCLUDE ..\config\NTMakefile.version diff --git a/src/sys/pioctl_nt.c b/src/sys/pioctl_nt.c index f9f6dd9b9..e5e4a4d1a 100644 --- a/src/sys/pioctl_nt.c +++ b/src/sys/pioctl_nt.c @@ -19,6 +19,8 @@ #define SECURITY_WIN32 #include #include +#include +#include #include @@ -39,7 +41,6 @@ #include #include -#include #include #include <..\WINNT\afsrdr\common\AFSUserDefines.h> #include <..\WINNT\afsrdr\common\AFSUserIoctl.h> @@ -326,178 +327,138 @@ cleanup: return(hr); } -// krb5 functions -DECL_FUNC_PTR(krb5_cc_default_name); -DECL_FUNC_PTR(krb5_cc_set_default_name); -DECL_FUNC_PTR(krb5_get_default_config_files); -DECL_FUNC_PTR(krb5_free_config_files); -DECL_FUNC_PTR(krb5_free_context); -DECL_FUNC_PTR(krb5_get_default_realm); -DECL_FUNC_PTR(krb5_free_default_realm); -DECL_FUNC_PTR(krb5_init_context); -DECL_FUNC_PTR(krb5_cc_default); -DECL_FUNC_PTR(krb5_parse_name); -DECL_FUNC_PTR(krb5_free_principal); -DECL_FUNC_PTR(krb5_cc_close); -DECL_FUNC_PTR(krb5_cc_get_principal); -DECL_FUNC_PTR(krb5_build_principal); -DECL_FUNC_PTR(krb5_c_random_make_octets); -DECL_FUNC_PTR(krb5_get_init_creds_password); -DECL_FUNC_PTR(krb5_free_cred_contents); -DECL_FUNC_PTR(krb5_cc_resolve); -DECL_FUNC_PTR(krb5_unparse_name); -DECL_FUNC_PTR(krb5_free_unparsed_name); - -FUNC_INFO krb5_fi[] = { - MAKE_FUNC_INFO(krb5_cc_default_name), - MAKE_FUNC_INFO(krb5_cc_set_default_name), - MAKE_FUNC_INFO(krb5_get_default_config_files), - MAKE_FUNC_INFO(krb5_free_config_files), - MAKE_FUNC_INFO(krb5_free_context), - MAKE_FUNC_INFO(krb5_get_default_realm), - MAKE_FUNC_INFO(krb5_free_default_realm), - MAKE_FUNC_INFO(krb5_init_context), - MAKE_FUNC_INFO(krb5_cc_default), - MAKE_FUNC_INFO(krb5_parse_name), - MAKE_FUNC_INFO(krb5_free_principal), - MAKE_FUNC_INFO(krb5_cc_close), - MAKE_FUNC_INFO(krb5_cc_get_principal), - MAKE_FUNC_INFO(krb5_build_principal), - MAKE_FUNC_INFO(krb5_c_random_make_octets), - MAKE_FUNC_INFO(krb5_get_init_creds_password), - MAKE_FUNC_INFO(krb5_free_cred_contents), - MAKE_FUNC_INFO(krb5_cc_resolve), - MAKE_FUNC_INFO(krb5_unparse_name), - MAKE_FUNC_INFO(krb5_free_unparsed_name), - END_FUNC_INFO -}; - -static int -LoadFuncs( - const char* dll_name, - FUNC_INFO fi[], - HINSTANCE* ph, // [out, optional] - DLL handle - int* pindex, // [out, optional] - index of last func loaded (-1 if none) - int cleanup, // cleanup function pointers and unload on error - int go_on, // continue loading even if some functions cannot be loaded - int silent // do not pop-up a system dialog if DLL cannot be loaded - ) -{ - HINSTANCE h; - int i, n, last_i; - int error = 0; - UINT em; - - if (ph) *ph = 0; - if (pindex) *pindex = -1; - - for (n = 0; fi[n].func_ptr_var; n++) - *(fi[n].func_ptr_var) = 0; - - if (silent) - em = SetErrorMode(SEM_FAILCRITICALERRORS); - h = LoadLibrary(dll_name); - if (silent) - SetErrorMode(em); - - if (!h) - return 0; - - last_i = -1; - for (i = 0; (go_on || !error) && (i < n); i++) - { - void* p = (void*)GetProcAddress(h, fi[i].func_name); - if (!p) - error = 1; - else - { - last_i = i; - *(fi[i].func_ptr_var) = p; - } - } - if (pindex) *pindex = last_i; - if (error && cleanup && !go_on) { - for (i = 0; i < n; i++) { - *(fi[i].func_ptr_var) = 0; - } - FreeLibrary(h); - return 0; - } - if (ph) *ph = h; - if (error) return 0; - return 1; -} -#if defined(_IA64_) || defined(_AMD64_) -#define KERB5DLL "krb5_64.dll" -#else -#define KERB5DLL "krb5_32.dll" -#endif static BOOL -IsKrb5Available() +UnicodeToANSI(LPCWSTR lpInputString, LPSTR lpszOutputString, int nOutStringLen) { - static HINSTANCE hKrb5DLL = 0; + CPINFO CodePageInfo; - if ( hKrb5DLL ) - return TRUE; + GetCPInfo(CP_ACP, &CodePageInfo); - hKrb5DLL = LoadLibrary(KERB5DLL); - if (hKrb5DLL) { - if (!LoadFuncs(KERB5DLL, krb5_fi, 0, 0, 1, 0, 0)) + if (CodePageInfo.MaxCharSize > 1) { + // Only supporting non-Unicode strings + int reqLen = WideCharToMultiByte( CP_ACP, 0, + lpInputString, -1, + NULL, 0, NULL, NULL); + if ( reqLen > nOutStringLen) { - FreeLibrary(hKrb5DLL); - hKrb5DLL = 0; return FALSE; + } else { + if (WideCharToMultiByte( CP_ACP, + WC_COMPOSITECHECK, + lpInputString, -1, + lpszOutputString, + nOutStringLen, NULL, NULL) == 0) + return FALSE; } - return TRUE; } - return FALSE; + else + { + // Looks like unicode, better translate it + if (WideCharToMultiByte( CP_ACP, + WC_COMPOSITECHECK, + lpInputString, -1, + lpszOutputString, + nOutStringLen, NULL, NULL) == 0) + return FALSE; + } + + return TRUE; } static BOOL -GetLSAPrincipalName(char * szUser, DWORD *dwSize) +GetLSAPrincipalName(char * pszUser, DWORD dwUserSize) { - krb5_context ctx = 0; - krb5_error_code code; - krb5_ccache mslsa_ccache=0; - krb5_principal princ = 0; - char * pname = 0; - BOOL success = 0; - - if (!IsKrb5Available()) - return FALSE; + KERB_QUERY_TKT_CACHE_REQUEST CacheRequest; + PKERB_RETRIEVE_TKT_RESPONSE pTicketResponse = NULL; + ULONG ResponseSize; + PKERB_EXTERNAL_NAME pClientName = NULL; + PUNICODE_STRING pDomainName = NULL; + LSA_STRING Name; + HANDLE hLogon = INVALID_HANDLE_VALUE; + ULONG PackageId; + NTSTATUS ntStatus; + NTSTATUS ntSubStatus = 0; + WCHAR * wchUser = NULL; + DWORD dwSize; + SHORT sCount; + BOOL bRet = FALSE; + + ntStatus = LsaConnectUntrusted( &hLogon); + if (FAILED(ntStatus)) + goto cleanup; - if (code = pkrb5_init_context(&ctx)) + Name.Buffer = MICROSOFT_KERBEROS_NAME_A; + Name.Length = (USHORT)(sizeof(MICROSOFT_KERBEROS_NAME_A) - sizeof(char)); + Name.MaximumLength = Name.Length; + + ntStatus = LsaLookupAuthenticationPackage( hLogon, &Name, &PackageId); + if (FAILED(ntStatus)) goto cleanup; - if (code = pkrb5_cc_resolve(ctx, "MSLSA:", &mslsa_ccache)) + memset(&CacheRequest, 0, sizeof(KERB_QUERY_TKT_CACHE_REQUEST)); + CacheRequest.MessageType = KerbRetrieveTicketMessage; + CacheRequest.LogonId.LowPart = 0; + CacheRequest.LogonId.HighPart = 0; + + ntStatus = LsaCallAuthenticationPackage( hLogon, + PackageId, + &CacheRequest, + sizeof(CacheRequest), + &pTicketResponse, + &ResponseSize, + &ntSubStatus); + if (FAILED(ntStatus) || FAILED(ntSubStatus)) goto cleanup; - if (code = pkrb5_cc_get_principal(ctx, mslsa_ccache, &princ)) + /* We have a ticket in the response */ + pClientName = pTicketResponse->Ticket.ClientName; + pDomainName = &pTicketResponse->Ticket.DomainName; + + /* We want to return ClientName @ DomainName */ + + dwSize = 0; + for ( sCount = 0; sCount < pClientName->NameCount; sCount++) + { + dwSize += pClientName->Names[sCount].Length; + } + dwSize += pDomainName->Length + sizeof(WCHAR); + + if ( dwSize / sizeof(WCHAR) > dwUserSize ) goto cleanup; - if (code = pkrb5_unparse_name(ctx, princ, &pname)) + wchUser = malloc(dwSize); + if (wchUser == NULL) goto cleanup; - if ( strlen(pname) < *dwSize ) { - strncpy(szUser, pname, *dwSize); - szUser[*dwSize-1] = '\0'; - success = 1; + for ( sCount = 0, wchUser[0] = L'\0'; sCount < pClientName->NameCount; sCount++) + { + StringCbCatNW( wchUser, dwSize, + pClientName->Names[sCount].Buffer, + pClientName->Names[sCount].Length); } - *dwSize = (DWORD)strlen(pname); + StringCbCatNW( wchUser, dwSize, + pDomainName->Buffer, + pDomainName->Length); + + if ( !UnicodeToANSI( wchUser, pszUser, dwUserSize) ) + goto cleanup; + + bRet = TRUE; cleanup: - if (pname) - pkrb5_free_unparsed_name(ctx, pname); - if (princ) - pkrb5_free_principal(ctx, princ); + if (wchUser) + free(wchUser); - if (mslsa_ccache) - pkrb5_cc_close(ctx, mslsa_ccache); + if ( hLogon != INVALID_HANDLE_VALUE) + LsaDeregisterLogonProcess(hLogon); + + if ( pTicketResponse ) { + SecureZeroMemory(pTicketResponse,ResponseSize); + LsaFreeReturnBuffer(pTicketResponse); + } - if (ctx) - pkrb5_free_context(ctx); - return success; + return bRet; } // @@ -1005,7 +966,7 @@ GetIoctlHandle(char *fileNamep, HANDLE * handlep) int gonext = 0; dwSize = sizeof(szUser); - if (GetLSAPrincipalName(szUser, &dwSize)) { + if (GetLSAPrincipalName(szUser, dwSize)) { if ( ioctlDebug ) { saveerrno = errno; fprintf(stderr, "pioctl LSA Principal logon user: [%s]\r\n",szUser); diff --git a/src/tbutc/NTMakefile b/src/tbutc/NTMakefile index 4eb24e2ad..ee134fa4c 100644 --- a/src/tbutc/NTMakefile +++ b/src/tbutc/NTMakefile @@ -85,7 +85,6 @@ BUTCLIBS=$(DESTDIR)\lib\afs\afsbudb.lib \ $(DESTDIR)\lib\afshcrypto.lib \ $(DESTDIR)\lib\afsroken.lib - # rm $(OUT)\tcstatus.obj # nmake /nologo /f ntmakefile install #----------------------------------------------- BUTC @@ -162,6 +161,6 @@ install: all noversion: install mkdir: - + clean:: $(DEL) $(BUTCRES) diff --git a/src/update/NTMakefile b/src/update/NTMakefile index baf6e1486..5577e64d6 100644 --- a/src/update/NTMakefile +++ b/src/update/NTMakefile @@ -99,4 +99,4 @@ clean:: mkdir: copy home $(OUT)\. - + diff --git a/src/util/NTMakefile b/src/util/NTMakefile index b828a0ca2..71a068f3c 100644 --- a/src/util/NTMakefile +++ b/src/util/NTMakefile @@ -7,7 +7,6 @@ # General AFS utilities. -AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES) -I..\WINNT\kfw\inc\krb5 RELDIR=util !INCLUDE ..\config\NTMakefile.$(SYS_NAME) @@ -24,7 +23,6 @@ INCFILES =\ $(INCFILEDIR)\pthread_nosigs.h \ $(INCFILEDIR)\errmap_nt.h \ $(INCFILEDIR)\dirpath.h \ - $(INCFILEDIR)\krb5_nt.h \ $(INCFILEDIR)\ktime.h \ $(INCFILEDIR)\fileutil.h \ $(INCFILEDIR)\afsutil_prototypes.h \ @@ -45,7 +43,6 @@ LIBOBJS = \ $(OUT)\base32.obj \ $(OUT)\get_krbrlm.obj \ $(OUT)\hostparse.obj \ - $(OUT)\krb5_nt.obj \ $(OUT)\kreltime.obj \ $(OUT)\ktime.obj \ $(OUT)\netutils.obj \ @@ -64,7 +61,6 @@ MT_LIBOBJS = \ $(OUT)\base32.obj \ $(OUT)\get_krbrlm.obj \ $(OUT)\hostparse.obj \ - $(OUT)\krb5_nt.obj \ $(OUT)\kreltime.obj \ $(OUT)\ktime.obj \ $(OUT)\netutils.obj \ @@ -104,4 +100,4 @@ clean:: $(DEL) $(LIBFILE) mkdir: - + diff --git a/src/viced/NTMakefile b/src/viced/NTMakefile index aca371376..1da16aae2 100644 --- a/src/viced/NTMakefile +++ b/src/viced/NTMakefile @@ -95,7 +95,7 @@ $(CBDRES): cbd.rc AFS_component_version_number.h install: $(INCFILES) $(CBD) mkdir: - + clean:: $(DEL) $(EXERES) $(DEL) $(CBDRES) diff --git a/src/volser/NTMakefile b/src/volser/NTMakefile index 990f8cfc8..8622554b3 100644 --- a/src/volser/NTMakefile +++ b/src/volser/NTMakefile @@ -96,14 +96,13 @@ VOLSERVER_EXEOBJS = \ $(OUT)\voltrans.obj \ $(OUT)\vol_split.obj \ $(OUT)\volserver.res - VOLSERVER_EXELIBS = \ $(DESTDIR)\lib\afs\afsdir.lib \ $(DESTDIR)\lib\afs\afsprocmgmt.lib -$(VOLSERVER_EXEFILE): $(VOLSERVER_EXEOBJS) $(VOLSERVER_EXELIBS) $(EXEC_LIBS) - $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib +$(VOLSERVER_EXEFILE): $(VOLSERVER_EXEOBJS) $(VOLSERVER_EXELIBS) $(EXEC_LIBS) $(HEIMDEPS) + $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib $(HEIMLINKOPTS) $(_VC_MANIFEST_EMBED_EXE) $(EXEPREP) $(CODESIGN_USERLAND) @@ -130,8 +129,8 @@ VOS_EXELIBS = \ $(DESTDIR)\lib\afs\afsprocmgmt.lib \ $(DESTDIR)\lib\afs\afspioctl.lib -$(RS_VOS_EXEFILE): $(VOS_EXEOBJS) $(VOS_EXELIBS) $(EXEC_LIBS) - $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib +$(RS_VOS_EXEFILE): $(VOS_EXEOBJS) $(VOS_EXELIBS) $(EXEC_LIBS) $(HEIMDEPS) + $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib $(HEIMLINKOPTS) $(_VC_MANIFEST_EMBED_EXE) $(EXEPREP) $(CODESIGN_USERLAND) @@ -189,4 +188,4 @@ clean:: $(DEL) volint.cs.c volint.h volint.ss.c volint.xdr.c volser.h mkdir: - + diff --git a/src/xstat/NTMakefile b/src/xstat/NTMakefile index 99eda7068..23d456a9d 100644 --- a/src/xstat/NTMakefile +++ b/src/xstat/NTMakefile @@ -19,7 +19,7 @@ BINDIR = $(DESTDIR)\bin RPCINCLS=$(INCDIR)\lwp.h $(INCDIR)\rx\rx.h LIBS= \ - $(LIBDIR)\afs\afsint.lib \ + $(LIBDIR)\afs\afsint.lib \ $(LIBDIR)\afs\afscmd.lib \ $(LIBDIR)\afsrx.lib \ $(LIBDIR)\afslwp.lib \ @@ -83,7 +83,7 @@ clean:: $(DEL) -f $(OUT)\*.res $(DEL) -f $(OUT)\*.pdb $(DEL) -f $(OUT)\*.ilk - $(DEL) -f $(INCDIR)\afs\xstat_fs.h + $(DEL) -f $(INCDIR)\afs\xstat_fs.h $(DEL) -f $(INCDIR)\afs\xstat_cm.h $(DEL) -f $(LIBDIR)\afs_xstat_fs.lib $(DEL) -f $(LIBDIR)\afs_xstat_cm.lib -- 2.39.5