From e260ccde93009f7536d25ff6a42dcc1d126f08ec Mon Sep 17 00:00:00 2001
From: Jeffrey Altman <jaltman@secure-endpoints.com>
Date: Thu, 29 Nov 2007 20:53:53 +0000
Subject: [PATCH] windows-aklog-no-panic-if-no-kfw-20071129

LICENSE MIT
---
 src/WINNT/aklog/NTMakefile | 10 +++---
 src/WINNT/aklog/aklog.c    | 68 ++++++++++++++++++++++++++++++++++++++
 src/WINNT/aklog/aklog.rc   |  2 +-
 src/WINNT/aklog/asetkey.c  | 47 ++++++++++++++++++++++++++
 4 files changed, 122 insertions(+), 5 deletions(-)

diff --git a/src/WINNT/aklog/NTMakefile b/src/WINNT/aklog/NTMakefile
index 95ab603d9..8ff5c63ee 100644
--- a/src/WINNT/aklog/NTMakefile
+++ b/src/WINNT/aklog/NTMakefile
@@ -37,13 +37,15 @@ EXELIBS = \
 OTHERLIBS = \
     ..\kfw\lib\$(CPU)\krb5_64.lib \
     ..\kfw\lib\$(CPU)\comerr64.lib \
-    dnsapi.lib mpr.lib
+    dnsapi.lib mpr.lib delayimp.lib
+LINKOPTS = /DELAYLOAD:krb5_64.dll /DELAYLOAD:comerr64.dll
 !else
 OTHERLIBS = \
     ..\kfw\lib\$(CPU)\krbv4w32.lib \
     ..\kfw\lib\$(CPU)\krb5_32.lib \
     ..\kfw\lib\$(CPU)\comerr32.lib \
-    dnsapi.lib mpr.lib
+    dnsapi.lib mpr.lib delayimp.lib
+LINKOPTS = /DELAYLOAD:krbv4w32.dll /DELAYLOAD:krb5_32.dll /DELAYLOAD:comerr32.dll
 !endif
 afscflags = -I..\kfw\inc\krb5 -I..\kfw\inc\krb4 $(afscflags)
 
@@ -56,12 +58,12 @@ $(ASETKEYOBJS): $$(@B).c
 ############################################################################
 
 $(AKLOG) : $(AKLOGOBJS) $(EXELIBS) $(OUT)\aklog.res
-	$(EXECONLINK) $(EXELIBS) $(OTHERLIBS)
+	$(EXECONLINK) $(EXELIBS) $(OTHERLIBS) $(LINKOPTS)
         $(_VC_MANIFEST_EMBED_EXE)
 	$(EXEPREP) 
 
 $(ASETKEY) : $(ASETKEYOBJS) $(EXELIBS) $(OUT)\asetkey.res
-	$(EXECONLINK) $(EXELIBS) $(OTHERLIBS)
+	$(EXECONLINK) $(EXELIBS) $(OTHERLIBS) $(LINKOPTS)
         $(_VC_MANIFEST_EMBED_EXE)
 	$(EXEPREP) 
 
diff --git a/src/WINNT/aklog/aklog.c b/src/WINNT/aklog/aklog.c
index f3bd4f7d4..f3d01ac75 100644
--- a/src/WINNT/aklog/aklog.c
+++ b/src/WINNT/aklog/aklog.c
@@ -13,6 +13,34 @@
  * or implied warranty.
  */
 
+/*
+ * Copyright (c) 2007 Secure Endpoints Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *     * Neither the name of the Secure Endpoints Inc. nor the names of its
+ *       contributors may be used to endorse or promote products derived
+ *       from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
 #ifndef _WIN64
 #define HAVE_KRB4
 #endif
@@ -127,6 +155,7 @@ get_cellconfig_callback(void *cellconfig, struct sockaddr_in *addrp, char *namep
 #define AKLOG_TOKEN 5
 #define AKLOG_BADPATH 6
 #define AKLOG_MISC 7
+#define AKLOG_KFW_NOT_INSTALLED 8
 
 #ifndef NULL
 #define NULL 0
@@ -1166,6 +1195,40 @@ static void usage(void)
     exit(AKLOG_USAGE);
 }
 
+void
+validate_krb5_availability(void)
+{
+#ifndef _WIN64
+#define KRB5LIB "krb5_32.dll"
+#else
+#define KRB5LIB "krb5_64.dll"
+#endif
+    HINSTANCE h = LoadLibrary(KRB5LIB);
+    if (h) 
+        FreeLibrary(h);
+    else {
+        fprintf(stderr, "Kerberos for Windows library %s is not available.\n", KRB5LIB);
+        exit(AKLOG_KFW_NOT_INSTALLED);
+    }
+}
+
+void
+validate_krb4_availability(void)
+{
+#ifdef HAVE_KRB4
+    HINSTANCE h = LoadLibrary("krbv4w32.dll");
+    if (h) 
+        FreeLibrary(h);
+    else {
+        fprintf(stderr, "Kerberos for Windows library krbv4w32.dll is not available.\n");
+        exit(AKLOG_KFW_NOT_INSTALLED);
+    }
+#else
+    fprintf(stderr, "Kerberos v4 is not available in this build of aklog.\n");
+    exit(AKLOG_USAGE);
+#endif
+}
+
 int main(int argc, char *argv[])
 {
     int status = AKLOG_SUCCESS;
@@ -1328,6 +1391,11 @@ int main(int argc, char *argv[])
         }
     }
 
+    if (usev5)
+        validate_krb5_availability();
+    else 
+        validate_krb4_availability();
+
     if(usev5)
         krb5_init_context(&context);
 
diff --git a/src/WINNT/aklog/aklog.rc b/src/WINNT/aklog/aklog.rc
index 720ed3b31..7c1833a2b 100644
--- a/src/WINNT/aklog/aklog.rc
+++ b/src/WINNT/aklog/aklog.rc
@@ -9,7 +9,7 @@
 
 /* Define VERSIONINFO resource */
 
-#define  AFS_VERINFO_FILE_DESCRIPTION "AFS File Server Command"
+#define  AFS_VERINFO_FILE_DESCRIPTION "AFS Token from Kerberos Ticket Granting Ticket"
 #define AFS_VERINFO_NAME "aklog"
 #define AFS_VERINFO_FILENAME "aklog.exe"
 
diff --git a/src/WINNT/aklog/asetkey.c b/src/WINNT/aklog/asetkey.c
index 7f99770ef..63449558a 100644
--- a/src/WINNT/aklog/asetkey.c
+++ b/src/WINNT/aklog/asetkey.c
@@ -5,9 +5,37 @@
  *
  * Updated for Kerberos 5
  */
+/*
+ * Copyright (c) 2007 Secure Endpoints Inc.
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *     * Redistributions of source code must retain the above copyright
+ *       notice, this list of conditions and the following disclaimer.
+ *     * Neither the name of the Secure Endpoints Inc. nor the names of its
+ *       contributors may be used to endorse or promote products derived
+ *       from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
 
 #include <winsock.h>
 
+#include <stdio.h>
 #include <sys/types.h>
 #include <krb5.h>
 
@@ -19,6 +47,23 @@
 #endif /* !PRE_AFS35 */
 #include <afs/com_err.h>
 
+void
+validate_krb5_availability(void)
+{
+#ifndef _WIN64
+#define KRB5LIB "krb5_32.dll"
+#else
+#define KRB5LIB "krb5_64.dll"
+#endif
+    HINSTANCE h = LoadLibrary(KRB5LIB);
+    if (h) 
+        FreeLibrary(h);
+    else {
+        fprintf(stderr, "Kerberos for Windows library %s is not available.\n", KRB5LIB);
+        exit(2);
+    }
+}
+
 int
 main(int argc, char **argv)
 {
@@ -26,6 +71,8 @@ main(int argc, char **argv)
     register long code;
     const char *confdir;
 
+    validate_krb5_availability();
+
     if (argc == 1) {
 	printf("asetkey: usage is 'setkey <opcode> options, e.g.\n");
 	printf("    asetkey add <kvno> <keyfile> <princ>\n");
-- 
2.39.5