#include <osilog.h>
#include <afs/ptserver.h>
#include <afs/ptuser.h>
+#include <afs/auth.h>
+#include <afs/com_err.h>
#include <rx/rxkad.h>
#include <WINNT\afsreg.h>
#include "cm.h"
}
ReleaseMutex(hMutex);
CloseHandle(hMutex);
+
+ initialize_KTC_error_table();
+ initialize_PT_error_table();
}
}
*/
if (pkrb5_get_error_message)
- errText = pkrb5_get_error_message(ctx, rc);
+ errText = pkrb5_get_error_message(*ctx, rc);
else
errText = perror_message(rc);
StringCbPrintf(message, sizeof(message),
krb5Error,
FailedFunctionName);
if (pkrb5_free_error_message)
- pkrb5_free_error_message(ctx, (char *)errText);
+ pkrb5_free_error_message(*ctx, (char *)errText);
if ( IsDebuggerPresent() )
OutputDebugString(message);
code = pkrb5_timeofday(ctx, &now);
cc_code = pkrb5_cc_start_seq_get(ctx, cc, &cur);
+ if (cc_code) goto cleanup;
while (!(cc_code = pkrb5_cc_next_cred(ctx, cc, &cur, &creds))) {
if ( creds.ticket_flags & TKT_FLG_INITIAL ) {
KFW_AFS_update_princ_ccache_data(ctx, cc, !strcmp(pNCi[i]->name,LSA_CCNAME));
cc_code = pkrb5_cc_start_seq_get(ctx, cc, &cur);
+ if (cc_code) goto cleanup;
while (!(cc_code = pkrb5_cc_next_cred(ctx, cc, &cur, &creds))) {
krb5_data * sname = krb5_princ_name(ctx, creds.server);
while ( dot = strchr(pname,'.') ) {
*dot = '/';
}
- *userrealm++ = '@';
+ *userrealm = '@';
}
+ userrealm++;
} else {
size_t len = strlen(username) + strlen(realm) + 2;
pname = malloc(len);
StringCbCat( pname, len, realm);
}
if ( IsDebuggerPresent() ) {
- OutputDebugString("Realm: ");
+ OutputDebugString("Realm of Cell: ");
OutputDebugString(realm);
OutputDebugString("\n");
+ OutputDebugString("Realm of User: ");
+ OutputDebugString(userrealm?userrealm:"<NULL>");
+ OutputDebugString("\n");
}
code = pkrb5_parse_name(ctx, pname, &principal);
free(cellconfig.linkedCell);
if ( code && reasonP ) {
- if (pkrb5_get_error_message) {
- char *msg = pkrb5_get_error_message(ctx, code);
- StringCbCopyN( reason, sizeof(reason),
- msg, sizeof(reason) - 1);
- *reasonP = reason;
- pkrb5_free_error_message(ctx, msg);
- } else {
- *reasonP = perror_message(code);
+ int freemsg = 0;
+ char *msg = (char *)afs_error_message(code);
+ if (strncmp(msg, "unknown", strlen(msg)) == 0) {
+ if (pkrb5_get_error_message) {
+ msg = pkrb5_get_error_message(ctx, code);
+ freemsg = 1;
+ } else
+ msg = (char *)perror_message(code);
}
+ StringCbCopyN( reason, sizeof(reason),
+ msg, sizeof(reason) - 1);
+ *reasonP = reason;
+ if (freemsg)
+ pkrb5_free_error_message(ctx, msg);
}
return(code);
}
GlobalUnlock(hgbl);
ret = DialogBoxIndirect(hinst, (LPDLGTEMPLATE) hgbl,
- hwndOwner, (DLGPROC) MultiInputDialogProc);
+ hwndOwner, (DLGPROC) MultiInputDialogProc);
GlobalFree(hgbl);
switch ( ret ) {
multi_field_dialog(HWND hParent, char * preface, int n, struct textField tb[])
{
HINSTANCE hInst = 0;
- int maxwidth = 0;
+ size_t maxwidth = 0;
int numlines = 0;
- int len;
+ size_t len;
char * plines[16], *p = preface ? preface : "";
int i;
*p++ = '\0';
}
if ( strlen(plines[numlines-1]) > maxwidth )
- maxwidth = (int)strlen(plines[numlines-1]);
+ maxwidth = strlen(plines[numlines-1]);
}
for ( i=0;i<n;i++ ) {
/* Ask for DES since that is what V4 understands */
increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC;
- /* If there was a specific realm we are supposed to try
- * then use it
- */
- if (strlen(realm) != 0) {
- /* service/cell@REALM */
- increds.server = 0;
- code = pkrb5_build_principal(ctx, &increds.server,
- (int)strlen(realm),
- realm,
- ServiceName,
- CellName,
- 0);
- if ( IsDebuggerPresent() ) {
- char * cname, *sname;
- pkrb5_unparse_name(ctx, increds.client, &cname);
- pkrb5_unparse_name(ctx, increds.server, &sname);
- OutputDebugString("Getting tickets for \"");
- OutputDebugString(cname);
- OutputDebugString("\" and service \"");
- OutputDebugString(sname);
- OutputDebugString("\"\n");
- pkrb5_free_unparsed_name(ctx,cname);
- pkrb5_free_unparsed_name(ctx,sname);
- }
+ /* ALWAYS first try service/cell@CLIENT_REALM */
+ if (code = pkrb5_build_principal(ctx, &increds.server,
+ (int)strlen(realm_of_user),
+ realm_of_user,
+ ServiceName,
+ CellName,
+ 0))
+ {
+ goto cleanup;
+ }
+
+ if ( IsDebuggerPresent() ) {
+ char * cname, *sname;
+ pkrb5_unparse_name(ctx, increds.client, &cname);
+ pkrb5_unparse_name(ctx, increds.server, &sname);
+ OutputDebugString("Getting tickets for \"");
+ OutputDebugString(cname);
+ OutputDebugString("\" and service \"");
+ OutputDebugString(sname);
+ OutputDebugString("\"\n");
+ pkrb5_free_unparsed_name(ctx,cname);
+ pkrb5_free_unparsed_name(ctx,sname);
+ }
+
+ code = pkrb5_get_credentials(ctx, 0, cc, &increds, &k5creds);
+ if (code == 0) {
+ /* The client's realm is a local realm for the cell.
+ * Save it so that later the pts registration will not
+ * be performed.
+ */
+ StringCbCopyN( realm_of_cell, sizeof(realm_of_cell),
+ realm_of_user, sizeof(realm_of_cell) - 1);
+ }
- if (!code)
- code = pkrb5_get_credentials(ctx, 0, cc, &increds, &k5creds);
- if (code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN ||
- code == KRB5_ERR_HOST_REALM_UNKNOWN ||
- code == KRB5KRB_ERR_GENERIC /* heimdal */ ||
- code == KRB5KRB_AP_ERR_MSG_TYPE) {
- /* Or service@REALM */
- pkrb5_free_principal(ctx,increds.server);
+ if (code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN ||
+ code == KRB5_ERR_HOST_REALM_UNKNOWN ||
+ code == KRB5KRB_ERR_GENERIC /* heimdal */ ||
+ code == KRB5KRB_AP_ERR_MSG_TYPE) {
+ /* If there was a specific realm we are supposed to try
+ * then use it
+ */
+ if (strlen(realm) != 0) {
+ /* service/cell@REALM */
increds.server = 0;
code = pkrb5_build_principal(ctx, &increds.server,
- (int)strlen(realm),
- realm,
- ServiceName,
- 0);
-
+ (int)strlen(realm),
+ realm,
+ ServiceName,
+ CellName,
+ 0);
if ( IsDebuggerPresent() ) {
char * cname, *sname;
pkrb5_unparse_name(ctx, increds.client, &cname);
pkrb5_unparse_name(ctx, increds.server, &sname);
- OutputDebugString("krb5_get_credentials() returned Service Principal Unknown\n");
- OutputDebugString("Trying again: getting tickets for \"");
+ OutputDebugString("Getting tickets for \"");
OutputDebugString(cname);
OutputDebugString("\" and service \"");
OutputDebugString(sname);
if (!code)
code = pkrb5_get_credentials(ctx, 0, cc, &increds, &k5creds);
- }
- if (code == 0) {
- /* we have a local realm for the cell */
- StringCbCopyN( realm_of_cell, sizeof(realm_of_cell),
- realm, sizeof(realm_of_cell) - 1);
- }
- } else {
- /* Otherwise, first try service/cell@CLIENT_REALM */
- if (code = pkrb5_build_principal(ctx, &increds.server,
- (int)strlen(realm_of_user),
- realm_of_user,
- ServiceName,
- CellName,
- 0))
- {
- goto cleanup;
- }
+ if (code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN ||
+ code == KRB5_ERR_HOST_REALM_UNKNOWN ||
+ code == KRB5KRB_ERR_GENERIC /* heimdal */ ||
+ code == KRB5KRB_AP_ERR_MSG_TYPE) {
+ /* Or service@REALM */
+ pkrb5_free_principal(ctx,increds.server);
+ increds.server = 0;
+ code = pkrb5_build_principal(ctx, &increds.server,
+ (int)strlen(realm),
+ realm,
+ ServiceName,
+ 0);
- if ( IsDebuggerPresent() ) {
- char * cname, *sname;
- pkrb5_unparse_name(ctx, increds.client, &cname);
- pkrb5_unparse_name(ctx, increds.server, &sname);
- OutputDebugString("Getting tickets for \"");
- OutputDebugString(cname);
- OutputDebugString("\" and service \"");
- OutputDebugString(sname);
- OutputDebugString("\"\n");
- pkrb5_free_unparsed_name(ctx,cname);
- pkrb5_free_unparsed_name(ctx,sname);
- }
+ if ( IsDebuggerPresent() ) {
+ char * cname, *sname;
+ pkrb5_unparse_name(ctx, increds.client, &cname);
+ pkrb5_unparse_name(ctx, increds.server, &sname);
+ OutputDebugString("krb5_get_credentials() returned Service Principal Unknown\n");
+ OutputDebugString("Trying again: getting tickets for \"");
+ OutputDebugString(cname);
+ OutputDebugString("\" and service \"");
+ OutputDebugString(sname);
+ OutputDebugString("\"\n");
+ pkrb5_free_unparsed_name(ctx,cname);
+ pkrb5_free_unparsed_name(ctx,sname);
+ }
- code = pkrb5_get_credentials(ctx, 0, cc, &increds, &k5creds);
- if (code == 0) {
- /* The client's realm is a local realm for the cell.
- * Save it so that later the pts registration will not
- * be performed.
- */
- StringCbCopyN( realm_of_cell, sizeof(realm_of_cell),
- realm_of_user, sizeof(realm_of_cell) - 1);
- }
+ if (!code)
+ code = pkrb5_get_credentials(ctx, 0, cc, &increds, &k5creds);
+ }
- if ((code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN ||
- code == KRB5_ERR_HOST_REALM_UNKNOWN ||
- code == KRB5KRB_ERR_GENERIC /* heimdal */ ||
- code == KRB5KRB_AP_ERR_MSG_TYPE) &&
- strcmp(realm_of_user, realm_of_cell)) {
- /* Then service/cell@CELL_REALM */
- pkrb5_free_principal(ctx,increds.server);
- increds.server = 0;
- code = pkrb5_build_principal(ctx, &increds.server,
- (int)strlen(realm_of_cell),
- realm_of_cell,
- ServiceName,
- CellName,
- 0);
- if ( IsDebuggerPresent() ) {
- char * cname, *sname;
- pkrb5_unparse_name(ctx, increds.client, &cname);
- pkrb5_unparse_name(ctx, increds.server, &sname);
- OutputDebugString("krb5_get_credentials() returned Service Principal Unknown\n");
- OutputDebugString("Trying again: getting tickets for \"");
- OutputDebugString(cname);
- OutputDebugString("\" and service \"");
- OutputDebugString(sname);
- OutputDebugString("\"\n");
- pkrb5_free_unparsed_name(ctx,cname);
- pkrb5_free_unparsed_name(ctx,sname);
+ if (code == 0) {
+ /* we have a local realm for the cell */
+ StringCbCopyN( realm_of_cell, sizeof(realm_of_cell),
+ realm, sizeof(realm_of_cell) - 1);
}
+ } else {
+ if (strcmp(realm_of_user, realm_of_cell)) {
+ /* Then service/cell@CELL_REALM */
+ pkrb5_free_principal(ctx,increds.server);
+ increds.server = 0;
+ code = pkrb5_build_principal(ctx, &increds.server,
+ (int)strlen(realm_of_cell),
+ realm_of_cell,
+ ServiceName,
+ CellName,
+ 0);
+ if ( IsDebuggerPresent() ) {
+ char * cname, *sname;
+ pkrb5_unparse_name(ctx, increds.client, &cname);
+ pkrb5_unparse_name(ctx, increds.server, &sname);
+ OutputDebugString("krb5_get_credentials() returned Service Principal Unknown\n");
+ OutputDebugString("Trying again: getting tickets for \"");
+ OutputDebugString(cname);
+ OutputDebugString("\" and service \"");
+ OutputDebugString(sname);
+ OutputDebugString("\"\n");
+ pkrb5_free_unparsed_name(ctx,cname);
+ pkrb5_free_unparsed_name(ctx,sname);
+ }
- if (!code)
- code = pkrb5_get_credentials(ctx, 0, cc, &increds, &k5creds);
+ if (!code)
+ code = pkrb5_get_credentials(ctx, 0, cc, &increds, &k5creds);
- if (!code && !strlen(realm_of_cell))
- copy_realm_of_ticket(ctx, realm_of_cell, sizeof(realm_of_cell), k5creds);
- }
+ if (!code && !strlen(realm_of_cell))
+ copy_realm_of_ticket(ctx, realm_of_cell, sizeof(realm_of_cell), k5creds);
+ }
- if (code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN ||
- code == KRB5_ERR_HOST_REALM_UNKNOWN ||
- code == KRB5KRB_ERR_GENERIC /* heimdal */ ||
- code == KRB5KRB_AP_ERR_MSG_TYPE) {
- /* Finally service@CELL_REALM */
- pkrb5_free_principal(ctx,increds.server);
- increds.server = 0;
- code = pkrb5_build_principal(ctx, &increds.server,
- (int)strlen(realm_of_cell),
- realm_of_cell,
- ServiceName,
- 0);
+ if (code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN ||
+ code == KRB5_ERR_HOST_REALM_UNKNOWN ||
+ code == KRB5KRB_ERR_GENERIC /* heimdal */ ||
+ code == KRB5KRB_AP_ERR_MSG_TYPE) {
+ /* Finally service@CELL_REALM */
+ pkrb5_free_principal(ctx,increds.server);
+ increds.server = 0;
+ code = pkrb5_build_principal(ctx, &increds.server,
+ (int)strlen(realm_of_cell),
+ realm_of_cell,
+ ServiceName,
+ 0);
- if ( IsDebuggerPresent() ) {
- char * cname, *sname;
- pkrb5_unparse_name(ctx, increds.client, &cname);
- pkrb5_unparse_name(ctx, increds.server, &sname);
- OutputDebugString("krb5_get_credentials() returned Service Principal Unknown\n");
- OutputDebugString("Trying again: getting tickets for \"");
- OutputDebugString(cname);
- OutputDebugString("\" and service \"");
- OutputDebugString(sname);
- OutputDebugString("\"\n");
- pkrb5_free_unparsed_name(ctx,cname);
- pkrb5_free_unparsed_name(ctx,sname);
- }
+ if ( IsDebuggerPresent() ) {
+ char * cname, *sname;
+ pkrb5_unparse_name(ctx, increds.client, &cname);
+ pkrb5_unparse_name(ctx, increds.server, &sname);
+ OutputDebugString("krb5_get_credentials() returned Service Principal Unknown\n");
+ OutputDebugString("Trying again: getting tickets for \"");
+ OutputDebugString(cname);
+ OutputDebugString("\" and service \"");
+ OutputDebugString(sname);
+ OutputDebugString("\"\n");
+ pkrb5_free_unparsed_name(ctx,cname);
+ pkrb5_free_unparsed_name(ctx,sname);
+ }
- if (!code)
- code = pkrb5_get_credentials(ctx, 0, cc, &increds, &k5creds);
- if (!code && !strlen(realm_of_cell))
- copy_realm_of_ticket(ctx, realm_of_cell, sizeof(realm_of_cell), k5creds);
+ if (!code)
+ code = pkrb5_get_credentials(ctx, 0, cc, &increds, &k5creds);
+ if (!code && !strlen(realm_of_cell))
+ copy_realm_of_ticket(ctx, realm_of_cell, sizeof(realm_of_cell), k5creds);
+ }
}
}
* commented out in the code below
*/
if (KFW_use_krb524() ||
- k5creds->ticket.length > MAXKTCTICKETLEN)
+ k5creds->ticket.length > MAXKTCTICKETLEN) {
+ if ( IsDebuggerPresent() ) {
+ char message[256];
+ StringCbPrintf(message, sizeof(message),
+ "switching to krb524 .. ticket length %u\n",
+ k5creds->ticket.length);
+ OutputDebugString(message);
+ }
goto try_krb524d;
-
+ }
memset(&aserver, '\0', sizeof(aserver));
- StringCbCopyN( aserver.name, sizeof(aserver.name),
- ServiceName, sizeof(aserver.name) - 1);
- StringCbCopyN( aserver.cell, sizeof(aserver.cell),
- CellName, sizeof(aserver.cell) - 1);
+ StringCbCopyN(aserver.name, sizeof(aserver.name),
+ ServiceName, sizeof(aserver.name) - 1);
+ StringCbCopyN(aserver.cell, sizeof(aserver.cell),
+ CellName, sizeof(aserver.cell) - 1);
memset(&atoken, '\0', sizeof(atoken));
atoken.kvno = RXKAD_TKT_TYPE_KERBEROS_V5;
retry_gettoken5:
rc = ktc_GetToken(&aserver, &btoken, sizeof(btoken), &aclient);
+ if ( IsDebuggerPresent() ) {
+ char message[256];
+ StringCbPrintf(message, sizeof(message), "ktc_GetToken returns: %d\n", rc);
+ OutputDebugString(message);
+ }
if (rc != 0 && rc != KTC_NOENT && rc != KTC_NOCELL) {
if ( rc == KTC_NOCM && retry < 20 ) {
Sleep(500);
StringCbCopyN( aclient.cell, sizeof(aclient.cell),
realm_of_cell, sizeof(aclient.cell) - 1);
- len = min(k5creds->client->realm.length,(int)strlen(realm_of_cell));
/* For Khimaira, always append the realm name */
- if ( 1 /* strncmp(realm_of_cell, k5creds->client->realm.data, len) */ ) {
- StringCbCat( aclient.name, sizeof(aclient.name), "@");
- len = min(k5creds->client->realm.length, (int)(sizeof(aclient.name) - strlen(aclient.name) - 1));
- StringCbCatN( aclient.name, sizeof(aclient.name), k5creds->client->realm.data, len);
- }
+ StringCbCat( aclient.name, sizeof(aclient.name), "@");
+ len = min(k5creds->client->realm.length, (int)(sizeof(aclient.name) - strlen(aclient.name) - 1));
+ StringCbCatN( aclient.name, sizeof(aclient.name), k5creds->client->realm.data, len);
GetEnvironmentVariable(DO_NOT_REGISTER_VARNAME, NULL, 0);
if (GetLastError() == ERROR_ENVVAR_NOT_FOUND)
} else {
aclient.smbname[0] = '\0';
}
+ if ( IsDebuggerPresent() ) {
+ char message[256];
+ StringCbPrintf(message, sizeof(message), "aclient.name: %s\n", aclient.name);
+ OutputDebugString(message);
+ StringCbPrintf(message, sizeof(message), "aclient.smbname: %s\n", aclient.smbname);
+ OutputDebugString(message);
+ }
rc = ktc_SetToken(&aserver, &atoken, &aclient, (aclient.smbname[0]?AFS_SETTOK_LOGON:0));
+ if ( IsDebuggerPresent() ) {
+ char message[256];
+ StringCbPrintf(message, sizeof(message), "ktc_SetToken returns: %d\n", rc);
+ OutputDebugString(message);
+ }
if (!rc)
goto cleanup; /* We have successfully inserted the token */
retry_gettoken:
rc = ktc_GetToken(&aserver, &btoken, sizeof(btoken), &aclient);
+ if ( IsDebuggerPresent() ) {
+ char message[256];
+ StringCbPrintf(message, sizeof(message), "ktc_GetToken returns: %d\n", rc);
+ OutputDebugString(message);
+ }
if (rc != 0 && rc != KTC_NOENT && rc != KTC_NOCELL) {
if ( rc == KTC_NOCM && retry < 20 ) {
Sleep(500);
aclient.smbname[0] = '\0';
}
+ if ( IsDebuggerPresent() ) {
+ char message[256];
+ StringCbPrintf(message, sizeof(message), "aclient.name: %s\n", aclient.name);
+ OutputDebugString(message);
+ StringCbPrintf(message, sizeof(message), "aclient.smbname: %s\n", aclient.smbname);
+ OutputDebugString(message);
+ }
+
if (rc = ktc_SetToken(&aserver, &atoken, &aclient, (aclient.smbname[0]?AFS_SETTOK_LOGON:0)))
{
KFW_AFS_error(rc, "ktc_SetToken()");