* Copyright (c) 2004, 2005, 2006, 2007, 2008 Secure Endpoints Inc.
* Copyright (c) 2003 SkyRope, LLC
* All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
+ *
+ * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
- *
- * - Redistributions of source code must retain the above copyright notice,
+ *
+ * - Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
- * - Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
+ * - Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
- * - Neither the name of Skyrope, LLC nor the names of its contributors may be
- * used to endorse or promote products derived from this software without
+ * - Neither the name of Skyrope, LLC nor the names of its contributors may be
+ * used to endorse or promote products derived from this software without
* specific prior written permission from Skyrope, LLC.
*
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
DECL_FUNC_PTR(Leash_get_default_renew_max);
DECL_FUNC_PTR(Leash_get_default_renewable);
DECL_FUNC_PTR(Leash_get_default_mslsa_import);
-#endif
+#endif
// krb5 functions
DECL_FUNC_PTR(krb5_change_password);
HANDLE hMutex = NULL;
StringCbPrintf( mutexName, sizeof(mutexName), "AFS KFW Init pid=%d", getpid());
-
+
hMutex = CreateMutex( NULL, TRUE, mutexName );
if ( GetLastError() == ERROR_ALREADY_EXISTS ) {
if ( WaitForSingleObject( hMutex, INFINITE ) != WAIT_OBJECT_0 ) {
hModule = GetModuleHandle(TEXT("kernel32"));
if (hModule) {
fnIsWow64Process = (LPFN_ISWOW64PROCESS)GetProcAddress(hModule, "IsWow64Process");
-
+
if (NULL != fnIsWow64Process)
{
if (!fnIsWow64Process(GetCurrentProcess(),&bIsWow64))
return use524;
}
-int
+int
KFW_is_available(void)
{
HKEY parmKey;
(BYTE *) &enableKFW, &len);
RegCloseKey (parmKey);
}
-
+
if (code != ERROR_SUCCESS) {
code = RegOpenKeyEx(HKEY_LOCAL_MACHINE, AFSREG_CLT_OPENAFS_SUBKEY,
0, (IsWow64()?KEY_WOW64_64KEY:0)|KEY_QUERY_VALUE, &parmKey);
(BYTE *) &enableKFW, &len);
RegCloseKey (parmKey);
}
- }
+ }
if ( !enableKFW )
return FALSE;
KFW_initialize();
- if ( hKrb5 && hComErr && hService &&
+ if ( hKrb5 && hComErr && hService &&
#ifdef USE_MS2MIT
- hSecur32 &&
+ hSecur32 &&
#endif /* USE_MS2MIT */
#ifdef USE_KRB524
hKrb524 &&
return FALSE;
}
-int
-KRB5_error(krb5_error_code rc, LPCSTR FailedFunctionName,
- int FreeContextFlag, krb5_context * ctx,
+int
+KRB5_error(krb5_error_code rc, LPCSTR FailedFunctionName,
+ int FreeContextFlag, krb5_context * ctx,
krb5_ccache * cache)
{
char message[256];
const char *errText;
- int krb5Error = ((int)(rc & 255));
-
+ int krb5Error = ((int)(rc & 255));
+
/*
switch (krb5Error)
{
return;
}
*/
-
+
if (pkrb5_get_error_message)
errText = pkrb5_get_error_message(ctx, rc);
else
errText = perror_message(rc);
- StringCbPrintf(message, sizeof(message),
+ StringCbPrintf(message, sizeof(message),
"%s\n(Kerberos error %ld)\n\n%s failed",
- errText,
- krb5Error,
+ errText,
+ krb5Error,
FailedFunctionName);
if (pkrb5_free_error_message)
pkrb5_free_error_message(ctx, (char *)errText);
if ( IsDebuggerPresent() )
OutputDebugString(message);
- MessageBox(NULL, message, "Kerberos Five", MB_OK | MB_ICONERROR |
- MB_TASKMODAL |
+ MessageBox(NULL, message, "Kerberos Five", MB_OK | MB_ICONERROR |
+ MB_TASKMODAL |
MB_SETFOREGROUND);
if (FreeContextFlag == 1)
{
pkrb5_cc_close(*ctx, *cache);
*cache = NULL;
}
-
+
pkrb5_free_context(*ctx);
*ctx = NULL;
}
ccfullname = malloc(strlen(ccname) + strlen(cctype) + 2);
if (!ccfullname) goto cleanup;
-
+
StringCbPrintf(ccfullname, sizeof(ccfullname), "%s:%s", cctype, ccname);
- // Search the existing list to see if we have a match
+ // Search the existing list to see if we have a match
if ( next ) {
for ( ; next ; next = next->next ) {
if ( !strcmp(next->principal,pname) && !strcmp(next->ccache_name, ccfullname) )
break;
}
- }
+ }
// If not, match add a new node to the beginning of the list and assign init it
if ( !next ) {
if ( creds.ticket_flags & TKT_FLG_INITIAL ) {
int valid;
// we found the ticket we are looking for
- // check validity of timestamp
+ // check validity of timestamp
// We add a 5 minutes fudge factor to compensate for potential
// clock skew errors between the KDC and client OS
} else if ( valid ) {
next->expired = 0;
next->expiration_time = creds.times.endtime;
- next->renew = (creds.times.renew_till > creds.times.endtime) &&
+ next->renew = (creds.times.renew_till > creds.times.endtime) &&
(creds.ticket_flags & TKT_FLG_RENEWABLE);
} else {
next->expired = 1;
pkrb5_free_unparsed_name(ctx,pname);
if ( principal )
pkrb5_free_principal(ctx,principal);
-}
+}
int
KFW_AFS_find_ccache_for_principal(krb5_context ctx, char * principal, char **ccache, int valid_only)
}
response = _strdup(next->ccache_name);
// MS Kerberos LSA is our best option so use it and quit
- if ( next->from_lsa )
+ if ( next->from_lsa )
break;
}
next = next->next;
return 0;
}
-void
+void
KFW_AFS_delete_princ_ccache_data(krb5_context ctx, char * pname, char * ccname)
{
struct principal_ccache_data ** next = &princ_cc_data;
return;
while ( (*next) ) {
- if ( !strcmp((*next)->principal,pname) ||
+ if ( !strcmp((*next)->principal,pname) ||
!strcmp((*next)->ccache_name,ccname) ) {
void * temp;
free((*next)->principal);
}
}
-void
+void
KFW_AFS_update_cell_princ_map(krb5_context ctx, char * cell, char *pname, int active)
{
struct cell_principal_map * next = cell_princ_map;
- // Search the existing list to see if we have a match
+ // Search the existing list to see if we have a match
if ( next ) {
for ( ; next ; next = next->next ) {
if ( !strcmp(next->cell, cell) ) {
}
}
}
- }
+ }
// If not, match add a new node to the beginning of the list and assign init it
if ( !next ) {
}
}
-void
+void
KFW_AFS_delete_cell_princ_maps(krb5_context ctx, char * pname, char * cell)
{
struct cell_principal_map ** next = &cell_princ_map;
return;
while ( (*next) ) {
- if ( !strcmp((*next)->principal,pname) ||
+ if ( !strcmp((*next)->principal,pname) ||
!strcmp((*next)->cell,cell) ) {
void * temp;
free((*next)->principal);
}
}
-// Returns (if possible) a principal which has been known in
+// Returns (if possible) a principal which has been known in
// the past to have been used to obtain tokens for the specified
-// cell.
+// cell.
// TODO: Attempt to return one which has not yet expired by checking
// the principal/ccache data
int
int count = 0, i;
struct cell_principal_map * next_map = cell_princ_map;
const char * princ = NULL;
-
+
if ( !pname )
return 0;
char cell[128]="", realm[128]="", *def_realm = 0;
unsigned int i;
DWORD dwMsLsaImport;
-
+
if (!pkrb5_init_context)
return;
OutputDebugString("\n");
}
if ( strcmp(pNCi[i]->name,pNCi[i]->principal)
- && strcmp(pNCi[i]->name,LSA_CCNAME)
+ && strcmp(pNCi[i]->name,LSA_CCNAME)
) {
int found = 0;
for ( j=0; pNCi[j]; j++ ) {
break;
}
}
-
+
code = pkrb5_cc_resolve(ctx, pNCi[i]->principal, &cc);
if (code) goto loop_cleanup;
OutputDebugString("Calling KFW_AFS_klog() to obtain token\n");
}
- code = KFW_AFS_klog(ctx, cc, "afs", cell->data, realm->data,
+ code = KFW_AFS_klog(ctx, cc, "afs", cell->data, realm->data,
#ifndef USE_LEASH
600,
#else
int
-KFW_AFS_get_cred( char * username,
+KFW_AFS_get_cred( char * username,
char * cell,
char * password,
int lifetime,
#endif
if ( password && password[0] ) {
- code = KFW_kinit( ctx, cc, HWND_DESKTOP,
- pname,
+ code = KFW_kinit( ctx, cc, HWND_DESKTOP,
+ pname,
password,
lifetime,
#ifndef USE_LEASH
KFW_AFS_update_cell_princ_map(ctx, cell, pname, TRUE);
- // Attempt to obtain new tokens for other cells supported by the same
+ // Attempt to obtain new tokens for other cells supported by the same
// principal
cell_count = KFW_AFS_find_cells_for_princ(ctx, pname, &cells, TRUE);
if ( cell_count > 1 ) {
}
code = KFW_AFS_get_cellconfig( cells[cell_count], (void*)&cellconfig, local_cell);
if ( code ) continue;
-
+
realm = afs_realm_of_cell(ctx, &cellconfig); // do not free
if ( IsDebuggerPresent() ) {
OutputDebugString("Realm: ");
OutputDebugString(realm);
OutputDebugString("\n");
}
-
+
code = KFW_AFS_klog(ctx, cc, "afs", cells[cell_count], realm, lifetime, smbname);
if ( IsDebuggerPresent() ) {
char message[256];
return(code);
}
-int
+int
KFW_AFS_destroy_tickets_for_cell(char * cell)
{
krb5_context ctx = NULL;
return 0;
}
-int
+int
KFW_AFS_destroy_tickets_for_principal(char * user)
{
krb5_context ctx = NULL;
if (code) goto cleanup;
code = pkrb5_timeofday(ctx, &now);
- if (code) goto cleanup;
+ if (code) goto cleanup;
for ( ; pcc_next ; pcc_next = pcc_next->next ) {
- if ( pcc_next->expired )
+ if ( pcc_next->expired )
continue;
if ( now >= (pcc_next->expiration_time) ) {
if ( pcc_next->renew && now >= (pcc_next->expiration_time - cminRENEW * csec1MINUTE) ) {
code = pkrb5_cc_resolve(ctx, pcc_next->ccache_name, &cc);
- if ( code )
+ if ( code )
goto loop_cleanup;
code = KFW_renew(ctx,cc);
#ifdef USE_MS2MIT
KFW_AFS_update_princ_ccache_data(ctx, cc, pcc_next->from_lsa);
if (code) goto loop_cleanup;
- // Attempt to obtain new tokens for other cells supported by the same
+ // Attempt to obtain new tokens for other cells supported by the same
// principal
cell_count = KFW_AFS_find_cells_for_princ(ctx, pcc_next->principal, &cells, TRUE);
if ( cell_count > 0 ) {
}
#ifdef COMMENT
- /* krb5_cc_remove_cred() is not implemented
- * for a single cred
+ /* krb5_cc_remove_cred() is not implemented
+ * for a single cred
*/
code = pkrb5_build_principal(ctx, &service, strlen(realm),
realm, "afs", cell, NULL);
}
free(principals);
} else
- code = -1; // we did not renew the tokens
+ code = -1; // we did not renew the tokens
cleanup:
- if (ctx)
+ if (ctx)
pkrb5_free_context(ctx);
return (code ? FALSE : TRUE);
KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME,
realm->length,realm->data,
0);
- if ( code )
+ if ( code )
goto cleanup;
if ( IsDebuggerPresent() ) {
if ( alt_cc ) {
cc = alt_cc;
} else {
- code = pkrb5_cc_default(ctx, &cc);
+ code = pkrb5_cc_default(ctx, &cc);
if (code) goto cleanup;
}
code = pkrb5_parse_name(ctx, principal_name, &me);
- if (code)
+ if (code)
goto cleanup;
code = pkrb5_unparse_name(ctx, me, &name);
- if (code)
+ if (code)
goto cleanup;
if (lifetime == 0)
netIPAddr = htonl(publicIP);
memcpy(addrs[i]->contents,&netIPAddr,4);
-
+
pkrb5_get_init_creds_opt_set_address_list(&options,addrs);
}
}
- code = pkrb5_get_init_creds_password(ctx,
- &my_creds,
+ code = pkrb5_get_init_creds_password(ctx,
+ &my_creds,
me,
password, // password
KRB5_prompter, // prompter
0, // start time
0, // service name
&options);
- if (code)
+ if (code)
goto cleanup;
code = pkrb5_cc_initialize(ctx, cc, me);
- if (code)
+ if (code)
goto cleanup;
code = pkrb5_cc_store_cred(ctx, cc, &my_creds);
- if (code)
+ if (code)
goto cleanup;
cleanup:
if ( alt_cc ) {
cc = alt_cc;
} else {
- code = pkrb5_cc_default(ctx, &cc);
+ code = pkrb5_cc_default(ctx, &cc);
if (code) goto cleanup;
}
}
//
-// MSLSA_IsKerberosLogon() does not validate whether or not there are valid tickets in the
-// cache. It validates whether or not it is reasonable to assume that if we
-// attempted to retrieve valid tickets we could do so. Microsoft does not
+// MSLSA_IsKerberosLogon() does not validate whether or not there are valid tickets in the
+// cache. It validates whether or not it is reasonable to assume that if we
+// attempted to retrieve valid tickets we could do so. Microsoft does not
// automatically renew expired tickets. Therefore, the cache could contain
-// expired or invalid tickets. Microsoft also caches the user's password
+// expired or invalid tickets. Microsoft also caches the user's password
// and will use it to retrieve new TGTs if the cache is empty and tickets
// are requested.
}
#endif /* USE_MS2MIT */
-static BOOL CALLBACK
+static BOOL CALLBACK
MultiInputDialogProc( HWND hDialog, UINT message, WPARAM wParam, LPARAM lParam)
{
int i;
for ( i=0; i < mid_cnt ; i++ ) {
if (mid_tb[i].echo == 0)
SendDlgItemMessage(hDialog, ID_MID_TEXT+i, EM_SETPASSWORDCHAR, 32, 0);
- else if (mid_tb[i].echo == 2)
+ else if (mid_tb[i].echo == 2)
SendDlgItemMessage(hDialog, ID_MID_TEXT+i, EM_SETPASSWORDCHAR, '*', 0);
}
return TRUE;
return FALSE;
}
-static LPWORD
+static LPWORD
lpwAlign( LPWORD lpIn )
{
ULONG_PTR ul;
*/
static LRESULT
-MultiInputDialog( HINSTANCE hinst, HWND hwndOwner,
- char * ptext[], int numlines, int width,
+MultiInputDialog( HINSTANCE hinst, HWND hwndOwner,
+ char * ptext[], int numlines, int width,
int tb_cnt, struct textField * tb)
{
HGLOBAL hgbl;
hgbl = GlobalAlloc(GMEM_ZEROINIT, 4096);
if (!hgbl)
return -1;
-
+
mid_cnt = tb_cnt;
mid_tb = tb;
lpdt = (LPDLGTEMPLATE)GlobalLock(hgbl);
-
+
// Define a dialog box.
-
+
lpdt->style = WS_POPUP | WS_BORDER | WS_SYSMENU
- | DS_MODALFRAME | WS_CAPTION | DS_CENTER
+ | DS_MODALFRAME | WS_CAPTION | DS_CENTER
| DS_SETFOREGROUND | DS_3DLOOK
| DS_SETFONT | DS_FIXEDSYS | DS_NOFAILCREATE;
lpdt->cdit = numlines + (2 * tb_cnt) + 2; // number of controls
- lpdt->x = 10;
+ lpdt->x = 10;
lpdt->y = 10;
- lpdt->cx = 20 + width * 4;
+ lpdt->cx = 20 + width * 4;
lpdt->cy = 20 + (numlines + tb_cnt + 4) * 14;
lpw = (LPWORD) (lpdt + 1);
lpw += nchar;
*lpw++ = 8; // font size (points)
lpwsz = (LPWSTR) lpw;
- nchar = MultiByteToWideChar (CP_ACP, 0, "MS Shell Dlg",
+ nchar = MultiByteToWideChar (CP_ACP, 0, "MS Shell Dlg",
-1, lpwsz, 128);
lpw += nchar;
lpdit = (LPDLGITEMTEMPLATE) lpw;
lpdit->style = WS_CHILD | WS_VISIBLE | BS_DEFPUSHBUTTON | WS_TABSTOP | WS_BORDER;
lpdit->dwExtendedStyle = 0;
- lpdit->x = (lpdt->cx - 14)/4 - 20;
+ lpdit->x = (lpdt->cx - 14)/4 - 20;
lpdit->y = 10 + (numlines + tb_cnt + 2) * 14;
- lpdit->cx = 40;
+ lpdit->cx = 40;
lpdit->cy = 14;
lpdit->id = IDOK; // OK button identifier
lpdit = (LPDLGITEMTEMPLATE) lpw;
lpdit->style = WS_CHILD | WS_VISIBLE | BS_PUSHBUTTON | WS_TABSTOP | WS_BORDER;
lpdit->dwExtendedStyle = 0;
- lpdit->x = (lpdt->cx - 14)*3/4 - 20;
+ lpdit->x = (lpdt->cx - 14)*3/4 - 20;
lpdit->y = 10 + (numlines + tb_cnt + 2) * 14;
- lpdit->cx = 40;
+ lpdit->cx = 40;
lpdit->cy = 14;
lpdit->id = IDCANCEL; // CANCEL button identifier
lpdit = (LPDLGITEMTEMPLATE) lpw;
lpdit->style = WS_CHILD | WS_VISIBLE | SS_LEFT;
lpdit->dwExtendedStyle = 0;
- lpdit->x = 10;
+ lpdit->x = 10;
lpdit->y = 10 + i * 14;
- lpdit->cx = (short)strlen(ptext[i]) * 4 + 10;
+ lpdit->cx = (short)strlen(ptext[i]) * 4 + 10;
lpdit->cy = 14;
lpdit->id = ID_TEXT + i; // text identifier
*lpw++ = 0x0082; // static class
lpwsz = (LPWSTR) lpw;
- nchar = MultiByteToWideChar (CP_ACP, 0, ptext[i],
+ nchar = MultiByteToWideChar (CP_ACP, 0, ptext[i],
-1, lpwsz, 2*width);
lpw += nchar;
*lpw++ = 0; // no creation data
}
-
+
for ( i=0, pwid = 0; i<tb_cnt; i++) {
int len = (int)strlen(tb[i].label);
if ( pwid < len )
lpdit = (LPDLGITEMTEMPLATE) lpw;
lpdit->style = WS_CHILD | WS_VISIBLE | SS_LEFT;
lpdit->dwExtendedStyle = 0;
- lpdit->x = 10;
+ lpdit->x = 10;
lpdit->y = 10 + (numlines + i + 1) * 14;
- lpdit->cx = pwid * 4;
+ lpdit->cx = pwid * 4;
lpdit->cy = 14;
lpdit->id = ID_TEXT + numlines + i; // text identifier
*lpw++ = 0x0082; // static class
lpwsz = (LPWSTR) lpw;
- nchar = MultiByteToWideChar (CP_ACP, 0, tb[i].label ? tb[i].label : "",
+ nchar = MultiByteToWideChar (CP_ACP, 0, tb[i].label ? tb[i].label : "",
-1, lpwsz, 128);
lpw += nchar;
*lpw++ = 0; // no creation data
lpdit = (LPDLGITEMTEMPLATE) lpw;
lpdit->style = WS_CHILD | WS_VISIBLE | ES_LEFT | WS_TABSTOP | WS_BORDER | (tb[i].echo == 1 ? 0L : ES_PASSWORD);
lpdit->dwExtendedStyle = 0;
- lpdit->x = 10 + (pwid + 1) * 4;
+ lpdit->x = 10 + (pwid + 1) * 4;
lpdit->y = 10 + (numlines + i + 1) * 14;
- lpdit->cx = (width - (pwid + 1)) * 4;
+ lpdit->cx = (width - (pwid + 1)) * 4;
lpdit->cy = 14;
lpdit->id = ID_MID_TEXT + i; // identifier
*lpw++ = 0x0081; // edit class
lpwsz = (LPWSTR) lpw;
- nchar = MultiByteToWideChar (CP_ACP, 0, tb[i].def ? tb[i].def : "",
+ nchar = MultiByteToWideChar (CP_ACP, 0, tb[i].def ? tb[i].def : "",
-1, lpwsz, 128);
lpw += nchar;
*lpw++ = 0; // no creation data
}
- GlobalUnlock(hgbl);
- ret = DialogBoxIndirect(hinst, (LPDLGTEMPLATE) hgbl,
- hwndOwner, (DLGPROC) MultiInputDialogProc);
- GlobalFree(hgbl);
+ GlobalUnlock(hgbl);
+ ret = DialogBoxIndirect(hinst, (LPDLGTEMPLATE) hgbl,
+ hwndOwner, (DLGPROC) MultiInputDialogProc);
+ GlobalFree(hgbl);
switch ( ret ) {
case 0: /* Timeout */
char * plines[16], *p = preface ? preface : "";
int i;
- for ( i=0; i<16; i++ )
+ for ( i=0; i<16; i++ )
plines[i] = NULL;
while (*p && numlines < 16) {
p++;
} else if ( *p == '\n' ) {
*p++ = '\0';
- }
+ }
if ( strlen(plines[numlines-1]) > maxwidth )
maxwidth = (int)strlen(plines[numlines-1]);
}
tb[i].label = prompts[i].prompt;
tb[i].def = NULL;
tb[i].echo = (prompts[i].hidden ? 2 : 1);
- }
+ }
ok = multi_field_dialog(hParent,(char *)banner,num_prompts,tb);
if ( ok ) {
#define ALLOW_REGISTER 1
static int
-ViceIDToUsername(char *username,
- char *realm_of_user,
+ViceIDToUsername(char *username,
+ char *realm_of_user,
char *realm_of_cell,
char * cell_to_use,
- struct ktc_principal *aclient,
- struct ktc_principal *aserver,
+ struct ktc_principal *aclient,
+ struct ktc_principal *aserver,
struct ktc_token *atoken)
{
static char lastcell[CELL_MAXNAMELEN+1] = { 0 };
code = pkrb5_cc_get_principal(ctx, cc, &client_principal);
if (code) {
- if ( code == KRB5_CC_NOTFOUND && IsDebuggerPresent() )
+ if ( code == KRB5_CC_NOTFOUND && IsDebuggerPresent() )
{
OutputDebugString("Principal Not Found for ccache\n");
}
}
if (!KFW_accept_dotted_usernames()) {
- /* look for client principals which cannot be distinguished
+ /* look for client principals which cannot be distinguished
* from Kerberos 4 multi-component principal names
*/
k5data = krb5_princ_component(ctx,client_principal,0);
}
i = krb5_princ_realm(ctx, client_principal)->length;
- if (i > REALM_SZ-1)
+ if (i > REALM_SZ-1)
i = REALM_SZ-1;
StringCbCopyN( realm_of_user, sizeof(realm_of_user),
krb5_princ_realm(ctx, client_principal)->data, i);
if ((rc = (*pkrb_get_tf_realm)((*ptkt_string)(), realm_of_user)) != KSUCCESS)
{
goto cleanup;
- }
+ }
}
#else
if (!try_krb5)
increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC;
/* If there was a specific realm we are supposed to try
- * then use it
+ * then use it
*/
if (strlen(realm) != 0) {
/* service/cell@REALM */
realm_of_user,
ServiceName,
CellName,
- 0))
+ 0))
{
goto cleanup;
}
if ((code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN ||
code == KRB5_ERR_HOST_REALM_UNKNOWN ||
code == KRB5KRB_ERR_GENERIC /* heimdal */ ||
- code == KRB5KRB_AP_ERR_MSG_TYPE) &&
+ code == KRB5KRB_AP_ERR_MSG_TYPE) &&
strcmp(realm_of_user, realm_of_cell)) {
/* Then service/cell@CELL_REALM */
pkrb5_free_principal(ctx,increds.server);
if (!code)
code = pkrb5_get_credentials(ctx, 0, cc, &increds, &k5creds);
- if (!code && !strlen(realm_of_cell))
+ if (!code && !strlen(realm_of_cell))
copy_realm_of_ticket(ctx, realm_of_cell, sizeof(realm_of_cell), k5creds);
}
if (!code)
code = pkrb5_get_credentials(ctx, 0, cc, &increds, &k5creds);
- if (!code && !strlen(realm_of_cell))
+ if (!code && !strlen(realm_of_cell))
copy_realm_of_ticket(ctx, realm_of_cell, sizeof(realm_of_cell), k5creds);
}
}
}
/* This code inserts the entire K5 ticket into the token
- * No need to perform a krb524 translation which is
+ * No need to perform a krb524 translation which is
* commented out in the code below
*/
if (KFW_use_krb524() ||
if (atoken.kvno == btoken.kvno &&
atoken.ticketLen == btoken.ticketLen &&
!memcmp(&atoken.sessionKey, &btoken.sessionKey, sizeof(atoken.sessionKey)) &&
- !memcmp(atoken.ticket, btoken.ticket, atoken.ticketLen))
+ !memcmp(atoken.ticket, btoken.ticket, atoken.ticketLen))
{
/* Success - Nothing to do */
goto cleanup;
GetEnvironmentVariable(DO_NOT_REGISTER_VARNAME, NULL, 0);
if (GetLastError() == ERROR_ENVVAR_NOT_FOUND)
- ViceIDToUsername(aclient.name, realm_of_user, realm_of_cell, CellName,
+ ViceIDToUsername(aclient.name, realm_of_user, realm_of_cell, CellName,
&aclient, &aserver, &atoken);
if ( smbname ) {
goto cleanup;
#else
/* Otherwise, the ticket could have been too large so try to
- * convert using the krb524d running with the KDC
+ * convert using the krb524d running with the KDC
*/
code = pkrb524_convert_creds_kdc(ctx, k5creds, &creds);
pkrb5_free_creds(ctx, k5creds);
if (atoken.kvno == btoken.kvno &&
atoken.ticketLen == btoken.ticketLen &&
!memcmp(&atoken.sessionKey, &btoken.sessionKey, sizeof(atoken.sessionKey)) &&
- !memcmp(atoken.ticket, btoken.ticket, atoken.ticketLen))
+ !memcmp(atoken.ticket, btoken.ticket, atoken.ticketLen))
{
goto cleanup;
}
GetEnvironmentVariable(DO_NOT_REGISTER_VARNAME, NULL, 0);
if (GetLastError() == ERROR_ENVVAR_NOT_FOUND)
- ViceIDToUsername(aclient.name, realm_of_user, realm_of_cell, CellName,
+ ViceIDToUsername(aclient.name, realm_of_user, realm_of_cell, CellName,
&aclient, &aserver, &atoken);
if ( smbname ) {
/**************************************/
/* get_cellconfig_callback(): */
/**************************************/
-static long
+static long
get_cellconfig_callback(void *cellconfig, struct sockaddr_in *addrp, char *namep, unsigned short ipRank)
{
struct afsconf_cell *cc = (struct afsconf_cell *)cellconfig;
KFW_AFS_error(LONG rc, LPCSTR FailedFunctionName)
{
char message[256];
- const char *errText;
+ const char *errText;
- // Using AFS defines as error messages for now, until Transarc
- // gets back to me with "string" translations of each of these
- // const. defines.
+ // Using AFS defines as error messages for now, until Transarc
+ // gets back to me with "string" translations of each of these
+ // const. defines.
if (rc == KTC_ERROR)
errText = "KTC_ERROR";
else if (rc == KTC_TOOBIG)
return;
}
-static DWORD
+static DWORD
GetServiceStatus(
- LPSTR lpszMachineName,
+ LPSTR lpszMachineName,
LPSTR lpszServiceName,
- DWORD *lpdwCurrentState)
-{
- DWORD hr = NOERROR;
- SC_HANDLE schSCManager = NULL;
- SC_HANDLE schService = NULL;
- DWORD fdwDesiredAccess = 0;
- SERVICE_STATUS ssServiceStatus = {0};
- BOOL fRet = FALSE;
-
- *lpdwCurrentState = 0;
-
- fdwDesiredAccess = GENERIC_READ;
-
- schSCManager = OpenSCManager(lpszMachineName,
+ DWORD *lpdwCurrentState)
+{
+ DWORD hr = NOERROR;
+ SC_HANDLE schSCManager = NULL;
+ SC_HANDLE schService = NULL;
+ DWORD fdwDesiredAccess = 0;
+ SERVICE_STATUS ssServiceStatus = {0};
+ BOOL fRet = FALSE;
+
+ *lpdwCurrentState = 0;
+
+ fdwDesiredAccess = GENERIC_READ;
+
+ schSCManager = OpenSCManager(lpszMachineName,
NULL,
- fdwDesiredAccess);
-
- if(schSCManager == NULL)
- {
+ fdwDesiredAccess);
+
+ if(schSCManager == NULL)
+ {
hr = GetLastError();
- goto cleanup;
- }
-
+ goto cleanup;
+ }
+
schService = OpenService(schSCManager,
lpszServiceName,
- fdwDesiredAccess);
-
- if(schService == NULL)
- {
+ fdwDesiredAccess);
+
+ if(schService == NULL)
+ {
hr = GetLastError();
- goto cleanup;
- }
-
+ goto cleanup;
+ }
+
fRet = QueryServiceStatus(schService,
- &ssServiceStatus);
-
- if(fRet == FALSE)
- {
- hr = GetLastError();
- goto cleanup;
- }
-
- *lpdwCurrentState = ssServiceStatus.dwCurrentState;
-
-cleanup:
-
- CloseServiceHandle(schService);
- CloseServiceHandle(schSCManager);
-
- return(hr);
-}
+ &ssServiceStatus);
+
+ if(fRet == FALSE)
+ {
+ hr = GetLastError();
+ goto cleanup;
+ }
+
+ *lpdwCurrentState = ssServiceStatus.dwCurrentState;
+
+cleanup:
+
+ CloseServiceHandle(schService);
+ CloseServiceHandle(schSCManager);
+
+ return(hr);
+}
void
UnloadFuncs(
- FUNC_INFO fi[],
+ FUNC_INFO fi[],
HINSTANCE h
)
{
int
LoadFuncs(
- const char* dll_name,
- FUNC_INFO fi[],
+ const char* dll_name,
+ FUNC_INFO fi[],
HINSTANCE* ph, // [out, optional] - DLL handle
int* pindex, // [out, optional] - index of last func loaded (-1 if none)
int cleanup, // cleanup function pointers and unload on error
}
password[PROBE_PASSWORD_LEN] = '\0';
- code = KFW_kinit(NULL, NULL, HWND_DESKTOP,
- pname,
+ code = KFW_kinit(NULL, NULL, HWND_DESKTOP,
+ pname,
password,
5,
0,
return success;
}
-int
+int
KFW_AFS_set_file_cache_dacl(char *filename, HANDLE hUserToken)
{
// SID_IDENTIFIER_AUTHORITY authority = SECURITY_NT_SID_AUTHORITY;
PTOKEN_USER pTokenUser = NULL;
DWORD retLen;
DWORD gle;
- int ret = 0;
+ int ret = 0;
if (!filename) {
return 1;
pTokenUser = (PTOKEN_USER) LocalAlloc(LPTR, retLen);
GetTokenInformation(hUserToken, TokenUser, pTokenUser, retLen, &retLen);
- }
+ }
}
if (pTokenUser) {
UserSIDlength = GetLengthSid(pTokenUser->User.Sid);
- ccacheACLlength += sizeof(ACCESS_ALLOWED_ACE) + UserSIDlength
+ ccacheACLlength += sizeof(ACCESS_ALLOWED_ACE) + UserSIDlength
- sizeof(DWORD);
}
}
if (!SetNamedSecurityInfo( filename, SE_FILE_OBJECT,
DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION,
NULL,
- NULL,
+ NULL,
ccacheACL,
NULL)) {
gle = GetLastError();
if (!SetNamedSecurityInfo( filename, SE_FILE_OBJECT,
OWNER_SECURITY_INFORMATION,
pTokenUser->User.Sid,
- NULL,
+ NULL,
NULL,
NULL)) {
gle = GetLastError();
if (!SetNamedSecurityInfo( filename, SE_FILE_OBJECT,
DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION,
NULL,
- NULL,
+ NULL,
ccacheACL,
NULL)) {
gle = GetLastError();
return ret;
}
-int
+int
KFW_AFS_obtain_user_temp_directory(HANDLE hUserToken, char *newfilename, int size)
{
int retval = 0;
DWORD dwSize = size-1; /* leave room for nul */
DWORD dwLen = 0;
-
+
if (!hUserToken || !newfilename || size <= 0)
return 1;
-
+
*newfilename = '\0';
-
+
dwLen = ExpandEnvironmentStringsForUser(hUserToken, "%TEMP%", newfilename, dwSize);
if ( !dwLen || dwLen > dwSize )
dwLen = ExpandEnvironmentStringsForUser(hUserToken, "%TMP%", newfilename, dwSize);
if ( !dwLen || dwLen > dwSize )
return 1;
-
+
newfilename[dwSize] = '\0';
return 0;
}
code = pkrb5_cc_resolve(ctx, cachename, &cc);
if (code) goto cleanup;
-
+
code = pkrb5_cc_get_principal(ctx, cc, &princ);
code = pkrb5_cc_default(ctx, &ncc);
return 0;
}
-/* We are including this
+/* We are including this
/* Ticket lifetime. This defines the table used to lookup lifetime for the
fixed part of rande of the one byte lifetime field. Values less than 0x80