afskfw-library-20040504
authorJeffrey Altman <jaltman@mit.edu>
Tue, 4 May 2004 23:48:15 +0000 (23:48 +0000)
committerJeffrey Altman <jaltman@secure-endpoints.com>
Tue, 4 May 2004 23:48:15 +0000 (23:48 +0000)
Migrate KFW functionality from src/WINNT/client_creds/afskfw* into a
a new library to be shared by afslogon.dll, afscreds.exe

Add KFW support to afslogon.dll

====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================

Migrate KFW functionality from src/WINNT/client_creds/afskfw* into a
a new library to be shared by afslogon.dll, afscreds.exe

Move IP Address Change Monitor into new source files.

Add smbname support to the KFW set token functionality in afscreds.exe

src/WINNT/afsd/NTMakefile
src/WINNT/afsd/afskfw-int.h [moved from src/WINNT/client_creds/afskfw-int.h with 84% similarity]
src/WINNT/afsd/afskfw.c [moved from src/WINNT/client_creds/afskfw.c with 87% similarity]
src/WINNT/afsd/afskfw.h [moved from src/WINNT/client_creds/afskfw.h with 62% similarity]
src/WINNT/afsd/afslogon.c
src/WINNT/client_creds/NTMakefile
src/WINNT/client_creds/afscreds.h
src/WINNT/client_creds/creds.cpp
src/WINNT/client_creds/main.cpp
src/WINNT/client_creds/window.cpp

index a0c2840..a99b91f 100644 (file)
@@ -5,7 +5,7 @@
 # License.  For details, see the LICENSE file in the top-level source
 # directory or online at http://www.openafs.org/dl/license10.html
 
-AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES) /D"_AFXDLL" 
+AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES) /D"_AFXDLL"  -I..\kfw\inc\loadfuncs -I..\kfw\inc\krb5 -I..\kfw\inc\leash
 AFSDEV_NETGUI = 1
 RELDIR=WINNT\afsd
 !INCLUDE ..\..\config\NTMakefile.$(SYS_NAME)
@@ -63,7 +63,8 @@ INCFILES =\
        $(INCFILEDIR)\cm_buf.h \
        $(INCFILEDIR)\cm_freelance.h \
     $(INCFILEDIR)\afsd_eventlog.h \
-    $(INCFILEDIR)\afsd_eventmessages.h
+    $(INCFILEDIR)\afsd_eventmessages.h \
+    $(INCFILEDIR)\afskfw.h
 
 IDLFILES =\
        afsrpc.h $(OUT)\afsrpc_c.obj
@@ -175,6 +176,32 @@ $(CONF_DLLFILE): $(CONFOBJS) $(OUT)\libafsconf.res $(CONF_DLLLIBS)
        $(DEL) $*.lib $*.exp
 
 ############################################################################
+# lanahelper.lib
+
+LANAHELPERLIB = $(DESTDIR)\lib\lanahelper.lib
+
+LANAHELPERLIB_OBJS =\
+      $(OUT)\lanahelper.obj
+
+$(LANAHELPERLIB_OBJS):
+
+$(LANAHELPERLIB): $(LANAHELPERLIB_OBJS)
+      $(LIBARCH) netapi32.lib
+
+############################################################################
+# afskfw.lib
+
+AFSKFWLIB = $(DESTDIR)\lib\afskfw.lib
+
+AFSKFWLIB_OBJS =\
+      $(OUT)\afskfw.obj
+
+$(AFSKFWLIB_OBJS):
+
+$(AFSKFWLIB): $(AFSKFWLIB_OBJS)
+      $(LIBARCH)
+
+############################################################################
 # afslogon.dll
 
 LOGON_DLLFILE = $(DESTDIR)\root.client\usr\vice\etc\afslogon.dll
@@ -185,7 +212,10 @@ LOGON_DLLOBJS =\
 
 LOGON_DLLLIBS =\
        $(DESTDIR)\lib\afsauthent.lib \
-       $(DESTDIR)\lib\libafsconf.lib
+       $(DESTDIR)\lib\libafsconf.lib \
+    $(DESTDIR)\lib\afsrxkad.lib \
+    $(DESTDIR)\lib\afsdes.lib \
+    $(AFSKFWLIB)
 
 $(LOGON_DLLFILE): $(LOGON_DLLOBJS) $(LOGON_DLLLIBS)
        $(DLLGUILINK) $(LOGONLINKFLAGS) -def:afslogon.def dnsapi.lib secur32.lib
@@ -213,19 +243,6 @@ $(LOG95_DLLFILE): $(LOG95_DLLOBJS) $(LOG95_DLLLIBS)
        $(DEL) $*.lib $*.exp
 
 ############################################################################
-# lanahelper.lib
-
-LANAHELPERLIB = $(DESTDIR)\lib\lanahelper.lib
-
-LANAHELPERLIB_OBJS =\
-      $(OUT)\lanahelper.obj
-
-$(LANAHELPERLIB_OBJS):
-
-$(LANAHELPERLIB): $(LANAHELPERLIB_OBJS)
-      $(LIBARCH) netapi32.lib
-
-############################################################################
 # Install target; primary makefile target
 
 install_objs: $(OUT)\cm_dns.obj $(OUT)\cm_config.obj $(LANAHELPERLIB)
similarity index 84%
rename from src/WINNT/client_creds/afskfw-int.h
rename to src/WINNT/afsd/afskfw-int.h
index 139bceb..329b836 100644 (file)
@@ -104,31 +104,6 @@ typedef BOOL (WINAPI *FP_CloseServiceHandle)(SC_HANDLE);
 #define KRB5_DEFAULT_LIFE            60*60*10 /* 10 hours */
 #define LSA_CCNAME                   "MSLSA:"
 
-#define PROBE_USERNAME               "OPENAFS-KDC-PROBE"
-#define PROBE_PASSWORD_LEN           16
-
-#define MAXCELLCHARS   64
-#define MAXHOSTCHARS   64
-#define MAXHOSTSPERCELL 8
-#define TRANSARCAFSDAEMON "TransarcAFSDaemon"
-typedef struct {
-    char name[MAXCELLCHARS];
-    short numServers;
-    short flags;
-    struct sockaddr_in hostAddr[MAXHOSTSPERCELL];
-    char hostName[MAXHOSTSPERCELL][MAXHOSTCHARS];
-    char *linkedCell;
-} afsconf_cell;
-
-struct ktc_token {
-        time_t startTime;
-        time_t endTime;
-        struct ktc_encryptionKey sessionKey;
-        short kvno;                     /* XXX UNALIGNED */
-        int ticketLen;
-        char ticket[MAXKTCTICKETLEN];
-};
-
 #define KTC_ERROR      11862784L
 #define KTC_TOOBIG     11862785L
 #define KTC_INVAL      11862786L
@@ -266,27 +241,12 @@ int  KFW_get_ccache(krb5_context, krb5_principal, krb5_ccache *);
 int  KFW_error(krb5_error_code, LPCSTR, int, krb5_context *, krb5_ccache *);
 int  KFW_kinit(krb5_context, krb5_ccache, HWND, char *, char *, krb5_deltat,
                 DWORD, DWORD, krb5_deltat, DWORD, DWORD);
-int  KFW_AFS_get_cred(char *, char *, char *, char *, int, char **);
 int  KFW_renew(krb5_context, krb5_ccache);
 int  KFW_destroy(krb5_context, krb5_ccache);
 BOOL KFW_ms2mit(krb5_context, krb5_ccache, BOOL);
 int  KFW_AFS_unlog(void);
-int  KFW_AFS_klog(krb5_context, krb5_ccache, char*, char*, char*, int);
+int  KFW_AFS_klog(krb5_context, krb5_ccache, char*, char*, char*, int, char*);
 void KFW_import_ccache_data(void);
-void KFW_import_windows_lsa(void);
 BOOL MSLSA_IsKerberosLogon();
-
-/* From afs/krb_prot.h */
-/* values for kerb error codes */
-#define         KERB_ERR_OK                              0
-#define         KERB_ERR_NAME_EXP                        1
-#define         KERB_ERR_SERVICE_EXP                     2
-#define         KERB_ERR_AUTH_EXP                        3
-#define         KERB_ERR_PKT_VER                         4
-#define         KERB_ERR_NAME_MAST_KEY_VER               5
-#define         KERB_ERR_SERV_MAST_KEY_VER               6
-#define         KERB_ERR_BYTE_ORDER                      7
-#define         KERB_ERR_PRINCIPAL_UNKNOWN               8
-#define         KERB_ERR_PRINCIPAL_NOT_UNIQUE            9
-#define         KERB_ERR_NULL_KEY                       10
+char *afs_realm_of_cell(struct afsconf_cell *);
 #endif /* AFSKFW_INT_H */
similarity index 87%
rename from src/WINNT/client_creds/afskfw.c
rename to src/WINNT/afsd/afskfw.c
index d64df21..38402c2 100644 (file)
@@ -59,7 +59,6 @@
 #define USE_KRB4
 #include "afskfw-int.h"
 #include "afskfw.h"
-#include "creds.h"
 
 #include <osilog.h>
 #include <rxkad_prototypes.h>   /* for life_to_time */
@@ -365,9 +364,9 @@ FUNC_INFO afsc_fi[] = {
 };
 
 /* Static Prototypes */
-static char *afs_realm_of_cell(afsconf_cell *);
+char *afs_realm_of_cell(struct afsconf_cell *);
 static long get_cellconfig_callback(void *, struct sockaddr_in *, char *);
-static int get_cellconfig(char *, afsconf_cell *, char *);
+int KFW_AFS_get_cellconfig(char *, struct afsconf_cell *, char *);
 static krb5_error_code KRB5_CALLCONV KRB5_prompter( krb5_context context,
            void *data, const char *name, const char *banner, int num_prompts,
            krb5_prompt prompts[]);
@@ -926,7 +925,7 @@ KFW_import_windows_lsa(void)
     }
        cell[i] = '\0';
 
-    code = KFW_AFS_klog(ctx, cc, "afs", cell, realm->data, pLeash_get_default_lifetime());
+    code = KFW_AFS_klog(ctx, cc, "afs", cell, realm->data, pLeash_get_default_lifetime(),NULL);
     if ( IsDebuggerPresent() ) {
         char message[256];
         sprintf(message,"KFW_AFS_klog() returns: %d\n",code);
@@ -1099,7 +1098,7 @@ KFW_import_ccache_data(void)
                         OutputDebugString("Calling KFW_AFS_klog() to obtain token\n");
                     }
 
-                    code = KFW_AFS_klog(ctx, cc, "afs", cell->data, realm->data, pLeash_get_default_lifetime());
+                    code = KFW_AFS_klog(ctx, cc, "afs", cell->data, realm->data, pLeash_get_default_lifetime(),NULL);
                     if ( IsDebuggerPresent() ) {
                         char message[256];
                         sprintf(message,"KFW_AFS_klog() returns: %d\n",code);
@@ -1154,6 +1153,7 @@ KFW_AFS_get_cred(char * username,
                   char * cell,
                   char * password,
                   int lifetime,
+                  char * smbname,
                   char ** reasonP )
 {
     krb5_context ctx = 0;
@@ -1166,7 +1166,7 @@ KFW_AFS_get_cred(char * username,
        char local_cell[MAXCELLCHARS+1];
     char **cells = NULL;
     int  cell_count=0;
-    afsconf_cell cellconfig;
+    struct afsconf_cell cellconfig;
 
     if (!pkrb5_init_context)
         return 0;
@@ -1186,7 +1186,7 @@ KFW_AFS_get_cred(char * username,
     code = pkrb5_init_context(&ctx);
     if ( code ) goto cleanup;
 
-    code = get_cellconfig( cell, (void*)&cellconfig, local_cell);
+    code = KFW_AFS_get_cellconfig( cell, (void*)&cellconfig, local_cell);
     if ( code ) goto cleanup;
 
     realm = strchr(username,'@');
@@ -1235,7 +1235,7 @@ KFW_AFS_get_cred(char * username,
                    
     KFW_AFS_update_princ_ccache_data(ctx, cc, FALSE);
 
-    code = KFW_AFS_klog(ctx, cc, "afs", cell, realm, lifetime);
+    code = KFW_AFS_klog(ctx, cc, "afs", cell, realm, lifetime,smbname);
     if ( IsDebuggerPresent() ) {
         char message[256];
         sprintf(message,"KFW_AFS_klog() returns: %d\n",code);
@@ -1256,7 +1256,7 @@ KFW_AFS_get_cred(char * username,
                     sprintf(message,"found another cell for the same principal: %s\n",cell);
                     OutputDebugString(message);
                 }
-                code = get_cellconfig( cells[cell_count], (void*)&cellconfig, local_cell);
+                code = KFW_AFS_get_cellconfig( cells[cell_count], (void*)&cellconfig, local_cell);
                 if ( code ) continue;
     
                 realm = afs_realm_of_cell(&cellconfig);  // do not free
@@ -1266,7 +1266,7 @@ KFW_AFS_get_cred(char * username,
                     OutputDebugString("\n");
                 }
                 
-                code = KFW_AFS_klog(ctx, cc, "afs", cells[cell_count], realm, lifetime);
+                code = KFW_AFS_klog(ctx, cc, "afs", cells[cell_count], realm, lifetime,smbname);
                 if ( IsDebuggerPresent() ) {
                     char message[256];
                     sprintf(message,"KFW_AFS_klog() returns: %d\n",code);
@@ -1369,7 +1369,7 @@ KFW_AFS_renew_expiring_tokens(void)
     char ** cells=NULL;
     const char * realm = NULL;
     char local_cell[MAXCELLCHARS+1]="";
-    afsconf_cell cellconfig;
+    struct afsconf_cell cellconfig;
 
     if (!pkrb5_init_context)
         return 0;
@@ -1422,7 +1422,7 @@ KFW_AFS_renew_expiring_tokens(void)
                         OutputDebugString(cells[cell_count]);
                         OutputDebugString("\n");
                     }
-                    code = get_cellconfig( cells[cell_count], (void*)&cellconfig, local_cell);
+                    code = KFW_AFS_get_cellconfig( cells[cell_count], (void*)&cellconfig, local_cell);
                     if ( code ) continue;
                     realm = afs_realm_of_cell(&cellconfig);  // do not free
                     if ( IsDebuggerPresent() ) {
@@ -1430,7 +1430,7 @@ KFW_AFS_renew_expiring_tokens(void)
                         OutputDebugString(realm);
                         OutputDebugString("\n");
                     }
-                    code = KFW_AFS_klog(ctx, cc, "afs", cells[cell_count], (char *)realm, pLeash_get_default_lifetime());
+                    code = KFW_AFS_klog(ctx, cc, "afs", cells[cell_count], (char *)realm, pLeash_get_default_lifetime(),NULL);
                     if ( IsDebuggerPresent() ) {
                         char message[256];
                         sprintf(message,"KFW_AFS_klog() returns: %d\n",code);
@@ -1495,7 +1495,7 @@ KFW_AFS_renew_token_for_cell(char * cell)
 #endif /* COMMENT */
         krb5_ccache                    cc  = 0;
         const char * realm = NULL;
-        afsconf_cell cellconfig;
+        struct afsconf_cell cellconfig;
         char local_cell[MAXCELLCHARS+1];
 
         while ( count-- ) {
@@ -1505,7 +1505,7 @@ KFW_AFS_renew_token_for_cell(char * cell)
             code = KFW_get_ccache(ctx, princ, &cc);
             if (code) goto loop_cleanup;
 
-            code = get_cellconfig( cell, (void*)&cellconfig, local_cell);
+            code = KFW_AFS_get_cellconfig( cell, (void*)&cellconfig, local_cell);
             if ( code ) goto loop_cleanup;
 
             realm = afs_realm_of_cell(&cellconfig);  // do not free
@@ -1548,7 +1548,7 @@ KFW_AFS_renew_token_for_cell(char * cell)
             }
 #endif /* COMMENT */
 
-            code = KFW_AFS_klog(ctx, cc, "afs", cell, (char *)realm, pLeash_get_default_lifetime());
+            code = KFW_AFS_klog(ctx, cc, "afs", cell, (char *)realm, pLeash_get_default_lifetime(),NULL);
             if ( IsDebuggerPresent() ) {
                 char message[256];
                 sprintf(message,"KFW_AFS_klog() returns: %d\n",code);
@@ -2403,7 +2403,8 @@ KFW_AFS_klog(
     char *service,
     char *cell,
     char *realm,
-    int LifeTime
+    int LifeTime,
+    char *smbname
     )
 {
     long       rc = 0;
@@ -2417,7 +2418,7 @@ KFW_AFS_klog(
     char       Dmycell[MAXCELLCHARS+1];
     struct ktc_token   atoken;
     struct ktc_token   btoken;
-    afsconf_cell       ak_cellconfig; /* General information about the cell */
+    struct afsconf_cell        ak_cellconfig; /* General information about the cell */
     char       RealmName[128];
     char       CellName[128];
     char       ServiceName[128];
@@ -2461,7 +2462,7 @@ KFW_AFS_klog(
                memset(Dmycell, '\0', sizeof(Dmycell));
 
     // NULL or empty cell returns information on local cell
-    if (rc = get_cellconfig(Dmycell, &ak_cellconfig, local_cell))
+    if (rc = KFW_AFS_get_cellconfig(Dmycell, &ak_cellconfig, local_cell))
     {
         // KFW_AFS_error(rc, "get_cellconfig()");
         return(rc);
@@ -2529,8 +2530,7 @@ KFW_AFS_klog(
     memset(&creds, '\0', sizeof(creds));
 
     if ( try_krb5 ) {
-        int i, len;
-        char *p;
+        int len;
 
         /* First try service/cell@REALM */
         if (code = pkrb5_build_principal(ctx, &increds.server,
@@ -2737,7 +2737,12 @@ KFW_AFS_klog(
             p[len] = '\0';
         }
 
-               aclient.smbname[0] = '\0';
+        if ( smbname ) {
+            strncpy(aclient.smbname, smbname, MAXRANDOMNAMELEN);
+            aclient.smbname[MAXRANDOMNAMELEN-1] = '\0';
+        } else {
+            aclient.smbname[0] = '\0';
+        }
 
         rc = pktc_SetToken(&aserver, &atoken, &aclient, 0);
         if (!rc)
@@ -2843,7 +2848,6 @@ KFW_AFS_klog(
 
     if ( strcmp(realm_of_cell, creds.realm) ) 
     {
-        char * p;
         strncat(aclient.name, "@", MAXKTCNAMELEN - 1);
         strncpy(aclient.name, creds.realm, MAXKTCREALMLEN - 1);
     }
@@ -2851,6 +2855,13 @@ KFW_AFS_klog(
 
     strcpy(aclient.cell, CellName);
 
+    if ( smbname ) {
+        strncpy(aclient.smbname, smbname, MAXRANDOMNAMELEN);
+        aclient.smbname[MAXRANDOMNAMELEN-1] = '\0';
+    } else {
+        aclient.smbname[0] = '\0';
+    }
+
     if (rc = pktc_SetToken(&aserver, &atoken, &aclient, 0))
     {
         KFW_AFS_error(rc, "ktc_SetToken()");
@@ -2880,7 +2891,7 @@ KFW_AFS_klog(
 /* afs_realm_of_cell():               */
 /**************************************/
 static char *
-afs_realm_of_cell(afsconf_cell *cellconfig)
+afs_realm_of_cell(struct afsconf_cell *cellconfig)
 {
     static char krbrlm[REALM_SZ+1]="";
     krb5_context  ctx = 0;
@@ -2920,10 +2931,10 @@ afs_realm_of_cell(afsconf_cell *cellconfig)
 }
 
 /**************************************/
-/* get_cellconfig():                  */
+/* KFW_AFS_get_cellconfig():                  */
 /**************************************/
-static int 
-get_cellconfig(char *cell, afsconf_cell *cellconfig, char *local_cell)
+int 
+KFW_AFS_get_cellconfig(char *cell, struct afsconf_cell *cellconfig, char *local_cell)
 {
     int        rc;
     char newcell[MAXCELLCHARS+1];
@@ -2952,7 +2963,7 @@ get_cellconfig(char *cell, afsconf_cell *cellconfig, char *local_cell)
 static long 
 get_cellconfig_callback(void *cellconfig, struct sockaddr_in *addrp, char *namep)
 {
-    afsconf_cell *cc = (afsconf_cell *)cellconfig;
+    struct afsconf_cell *cc = (struct afsconf_cell *)cellconfig;
 
     cc->hostAddr[cc->numServers] = *addrp;
     strcpy(cc->hostName[cc->numServers], namep);
@@ -3127,471 +3138,72 @@ LoadFuncs(
     return 1;
 }
 
-#ifdef USE_FSPROBE
-// Cell Accessibility Functions
-// based on work originally submitted to the CMU Computer Club
-// by Jeffrey Hutzelman
-//
-// These would work great if the fsProbe interface had been 
-// ported to Windows
-
-static 
-void probeComplete()
-{
-    fsprobe_Cleanup(1);
-    rx_Finalize();
-}
-
-struct ping_params {
-    unsigned short port;            // in
-    int            retry_delay;     // in seconds
-    int            verbose;         // in
-    struct {
-        int        wait;            // in seconds
-        int        retry;           // in attempts
-    }   host;
-    int            max_hosts;       // in
-    int            hosts_attempted; // out
-}
-
-// the fsHandler is where we receive the answer to the probe
-static 
-int fsHandler(void)
+BOOL KFW_probe_kdc(struct afsconf_cell * cellconfig)
 {
-    ping_count = fsprobe_Results.probeNum;
-    if (!*fsprobe_Results.probeOK)
-    {
-        ok_count++;
-        if (waiting) complete();
-    }
-    if (ping_count == retry) 
-        complete();
-    return 0;
-}
-
-// ping_fs is a callback routine meant to be called from within
-// cm_SearchCellFile() or cm_SearchCellDNS()
-static long 
-pingFS(void *ping_params, struct sockaddr_in *addrp, char *namep)
-{
-    int rc;
-    struct ping_params * pp = (struct ping_params *) ping_params;
-
-    if ( pp->max_hosts && pp->hosts_attempted >= pp->max_hosts )
-        return 0;
-
-    pp->hosts_attempted++;
-
-    if (pp->port && addrp->sin_port != htons(pp->port))
-        addrp->sin_port = htons(pp->port);
-
-    rc = fsprobe_Init(1, addrp, pp->retry_delay, fsHandler, pp->verbose);
-    if (rc)
-    {
-        fprintf(stderr, "fsprobe_Init failed (%d)\n", rc);
-        fsprobe_Cleanup(1);
-        return 0;
-    }
-
-    for (;;)
-    {
-        tv.tv_sec = pp->host.wait;
-        tv.tv_usec = 0;
-        if (IOMGR_Select(0, 0, 0, 0, &tv)) 
-            break;
-    }
-    probeComplete();
-    return(0);
-}
-
-
-static BOOL
-pingCell(char *cell)
-{
-    int        rc;
-    char rootcell[MAXCELLCHARS+1];
-    char newcell[MAXCELLCHARS+1];
-    struct ping_params pp;
-
-    memset(&pp, 0, sizeof(struct ping_params));
-
-    if (!cell || strlen(cell) == 0) {
-        /* WIN32 NOTE: no way to get max chars */
-        if (rc = pcm_GetRootCellName(rootcell))
-            return(FALSE);
-        cell = rootcell;
-    }
-
-    pp.port = 7000; // AFS FileServer
-    pp.retry_delay = 10;
-    pp.max_hosts = 3;
-    pp.host.wait = 30;
-    pp.host.retry = 0;
-    pp.verbose = 1;
-
-    /* WIN32: cm_SearchCellFile(cell, pcallback, pdata) */
-    rc = pcm_SearchCellFile(cell, newcell, pingFS, (void *)&pp);
-}
-#endif /* USE_FSPROBE */
-// These two items are imported from afscreds.h 
-// but it cannot be included without causing conflicts
-#define c100ns1SECOND        (LONGLONG)10000000
-static void 
-TimeToSystemTime (SYSTEMTIME *pst, time_t TimeT)
-{
-    struct tm *pTime;
-    memset (pst, 0x00, sizeof(SYSTEMTIME));
-
-    if ((pTime = localtime (&TimeT)) != NULL)
-    {
-        pst->wYear = pTime->tm_year + 1900;
-        pst->wMonth = pTime->tm_mon + 1;
-        pst->wDayOfWeek = pTime->tm_wday;
-        pst->wDay = pTime->tm_mday;
-        pst->wHour = pTime->tm_hour;
-        pst->wMinute = pTime->tm_min;
-        pst->wSecond = pTime->tm_sec;
-        pst->wMilliseconds = 0;
-    }
-}
-
-void
-ObtainTokensFromUserIfNeeded(HWND hWnd)
-{
-    char * rootcell = NULL;
-    char   cell[MAXCELLCHARS+1] = "";
-    char   password[PROBE_PASSWORD_LEN+1];
-    krb5_data pwdata;
-    afsconf_cell cellconfig;
-    struct ktc_principal    aserver;
-    struct ktc_principal    aclient;
-    struct ktc_token   atoken;
     krb5_context ctx = 0;
-    krb5_timestamp now = 0;
-    krb5_error_code code;
-    int serverReachable = 0;
-    int rc;
-#ifndef USE_FSPROBE
     krb5_ccache cc = 0;
+    krb5_error_code code;
+    krb5_data pwdata;
     const char * realm = 0;
     krb5_principal principal = 0;
     char * pname = 0;
-#endif /* USE_FSPROBE */
-    DWORD       CurrentState;
-    char        HostName[64];
-    int         use_kfw = KFW_is_available();
-
-    CurrentState = 0;
-    memset(HostName, '\0', sizeof(HostName));
-    gethostname(HostName, sizeof(HostName));
-    if (GetServiceStatus(HostName, TRANSARCAFSDAEMON, &CurrentState) != NOERROR)
-        return;
-    if (CurrentState != SERVICE_RUNNING) {
-        SendMessage(hWnd, WM_START_SERVICE, FALSE, 0L);
-        return;
-    }
-
-    if (!pkrb5_init_context)
-        return;
-
-    if ( use_kfw ) {
-        code = pkrb5_init_context(&ctx);
-        if ( code ) goto cleanup;
-    }
+    char   password[PROBE_PASSWORD_LEN+1];
+    BOOL serverReachable = 0;
 
-    rootcell = (char *)GlobalAlloc(GPTR,MAXCELLCHARS+1);
-    if ( !rootcell ) goto cleanup;
+    realm = afs_realm_of_cell(cellconfig);  // do not free
 
-    code = get_cellconfig(cell, (void*)&cellconfig, rootcell);
+    code = pkrb5_build_principal(ctx, &principal, strlen(realm),
+                                  realm, PROBE_USERNAME, NULL, NULL);
     if ( code ) goto cleanup;
 
-    memset(&aserver, '\0', sizeof(aserver));
-    strcpy(aserver.name, "afs");
-    strcpy(aserver.cell, rootcell);
-
-    rc = pktc_GetToken(&aserver, &atoken, sizeof(atoken), &aclient);
-
-    if ( use_kfw ) {
-        code = pkrb5_timeofday(ctx, &now);
-        if ( code ) 
-            now = 0;
-
-        if (!rc && (now < atoken.endTime))
-            goto cleanup;
-
-        if ( IsDebuggerPresent() ) {
-            char message[256];
-            sprintf(message,"KFW_AFS_klog() returns: %d  now = %ul  endTime = %ul\n",
-                     rc, now, atoken.endTime);
-            OutputDebugString(message);
-        }
-    } else {
-        SYSTEMTIME stNow;
-        FILETIME ftNow;
-        FILETIME ftExpires;
-        LONGLONG llNow;
-        LONGLONG llExpires;
-        SYSTEMTIME stExpires;
-
-        TimeToSystemTime (&stExpires, atoken.endTime);
-        GetLocalTime (&stNow);
-        SystemTimeToFileTime (&stNow, &ftNow);
-        SystemTimeToFileTime (&stExpires, &ftExpires);
-
-        llNow = (((LONGLONG)ftNow.dwHighDateTime) << 32) + (LONGLONG)(ftNow.dwLowDateTime);
-        llExpires = (((LONGLONG)ftExpires.dwHighDateTime) << 32) + (LONGLONG)(ftExpires.dwLowDateTime);
-
-        llNow /= c100ns1SECOND;
-        llExpires /= c100ns1SECOND;
-
-        if (!rc && (llNow < llExpires))
-            goto cleanup;
-
-        if ( IsDebuggerPresent() ) {
-            char message[256];
-            sprintf(message,"KFW_AFS_klog() returns: %d  now = %ul  endTime = %ul\n",
-                     rc, llNow, llExpires);
-            OutputDebugString(message);
-        }
-    }
-
-
-#ifdef USE_FSPROBE
-    serverReachable = cellPing(NULL);
-#else
-    if ( use_kfw ) {
-        // If we can't use the FSProbe interface we can attempt to forge
-        // a kinit and if we can back an invalid user error we know the
-        // kdc is at least reachable
-        realm = afs_realm_of_cell(&cellconfig);  // do not free
-
-        code = pkrb5_build_principal(ctx, &principal, strlen(realm),
-                                     realm, PROBE_USERNAME, NULL, NULL);
-        if ( code ) goto cleanup;
-
-        code = KFW_get_ccache(ctx, principal, &cc);
-        if ( code ) goto cleanup;
+    code = KFW_get_ccache(ctx, principal, &cc);
+    if ( code ) goto cleanup;
 
-        code = pkrb5_unparse_name(ctx, principal, &pname);
-        if ( code ) goto cleanup;
+    code = pkrb5_unparse_name(ctx, principal, &pname);
+    if ( code ) goto cleanup;
 
-        pwdata.data = password;
-        pwdata.length = PROBE_PASSWORD_LEN;
-        code = pkrb5_c_random_make_octets(ctx, &pwdata);
-        if (code) {
-            int i;
-            for ( i=0 ; i<PROBE_PASSWORD_LEN ; i++ )
-                password[i] = 'x';
-        }
-        password[PROBE_PASSWORD_LEN] = '\0';
-
-        code = KFW_kinit(NULL, NULL, HWND_DESKTOP, 
-                           pname, 
-                           password,
-                           5,
-                           0,
-                           0,
-                           0,
-                           1,
-                           0);
-        switch ( code ) {
-        case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN:
-        case KRB5KDC_ERR_CLIENT_REVOKED:
-        case KRB5KDC_ERR_CLIENT_NOTYET:
-        case KRB5KDC_ERR_PREAUTH_FAILED:
-        case KRB5KDC_ERR_PREAUTH_REQUIRED:
-        case KRB5KDC_ERR_PADATA_TYPE_NOSUPP:
-            serverReachable = TRUE;
-            break;
-        default:
-            serverReachable = FALSE;
-        }
-    } else {
+    pwdata.data = password;
+    pwdata.length = PROBE_PASSWORD_LEN;
+    code = pkrb5_c_random_make_octets(ctx, &pwdata);
+    if (code) {
         int i;
-
         for ( i=0 ; i<PROBE_PASSWORD_LEN ; i++ )
             password[i] = 'x';
-
-        code = ObtainNewCredentials(rootcell, PROBE_USERNAME, password, TRUE);
-        switch ( code ) {
-        case INTK_BADPW:
-        case KERB_ERR_PRINCIPAL_UNKNOWN:
-        case KERB_ERR_SERVICE_EXP:
-        case RD_AP_TIME:
-            serverReachable = TRUE;
-            break;
-        default:
-            serverReachable = FALSE;
-        }
-    }
-#endif
-    if ( !serverReachable ) {
-        if ( IsDebuggerPresent() )
-            OutputDebugString("Server Unreachable\n");
-        goto cleanup;
     }
+    password[PROBE_PASSWORD_LEN] = '\0';
 
-    if ( IsDebuggerPresent() )
-        OutputDebugString("Server Reachable\n");
-
-    if ( use_kfw ) {
-#ifdef USE_MS2MIT
-        KFW_import_windows_lsa();
-#endif /* USE_MS2MIT */
-        KFW_AFS_renew_expiring_tokens();
-        KFW_AFS_renew_token_for_cell(rootcell);
-
-        rc = pktc_GetToken(&aserver, &atoken, sizeof(atoken), &aclient);
-        if (!rc && (now < atoken.endTime))
-            goto cleanup;
+    code = KFW_kinit(NULL, NULL, HWND_DESKTOP, 
+                      pname, 
+                      password,
+                      5,
+                      0,
+                      0,
+                      0,
+                      1,
+                      0);
+    switch ( code ) {
+    case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN:
+    case KRB5KDC_ERR_CLIENT_REVOKED:
+    case KRB5KDC_ERR_CLIENT_NOTYET:
+    case KRB5KDC_ERR_PREAUTH_FAILED:
+    case KRB5KDC_ERR_PREAUTH_REQUIRED:
+    case KRB5KDC_ERR_PADATA_TYPE_NOSUPP:
+        serverReachable = TRUE;
+        break;
+    default:
+        serverReachable = FALSE;
     }
 
-    SendMessage(hWnd, WM_OBTAIN_TOKENS, FALSE, (long)rootcell);
-    rootcell = NULL;    // rootcell freed by message receiver
-
   cleanup:
-    if (rootcell)
-        GlobalFree(rootcell);
-
-#ifndef USE_FSPROBE
-       if (KFW_is_available()) {
     if ( pname )
         pkrb5_free_unparsed_name(ctx,pname);
     if ( principal )
         pkrb5_free_principal(ctx,principal);
     if (cc)
         pkrb5_cc_close(ctx,cc);
-#endif /* USE_FSPROBE */
     if (ctx)
         pkrb5_free_context(ctx);
-       }
-    return;
-}
-
-// IP Change Monitoring Functions
-#include <Iphlpapi.h>
-
-DWORD
-GetNumOfIpAddrs(void)
-{
-    PMIB_IPADDRTABLE pIpAddrTable = NULL;
-    ULONG            dwSize;
-    DWORD            code;
-    DWORD            index;
-    DWORD            validAddrs = 0;
-
-    dwSize = 0;
-    code = GetIpAddrTable(NULL, &dwSize, 0);
-    if (code == ERROR_INSUFFICIENT_BUFFER) {
-        pIpAddrTable = malloc(dwSize);
-        code = GetIpAddrTable(pIpAddrTable, &dwSize, 0);
-        if ( code == NO_ERROR ) {
-            for ( index=0; index < pIpAddrTable->dwNumEntries; index++ ) {
-                if (pIpAddrTable->table[index].dwAddr != 0)
-                    validAddrs++;
-            }
-        }
-        free(pIpAddrTable);
-    }
-    return validAddrs;
-}
-
-void
-IpAddrChangeMonitor(void * hWnd)
-{
-#ifdef USE_OVERLAPPED
-    HANDLE Handle = INVALID_HANDLE_VALUE;   /* Do Not Close This Handle */
-    OVERLAPPED Ovlap;
-#endif /* USE_OVERLAPPED */
-    DWORD Result;
-    DWORD prevNumOfAddrs = GetNumOfIpAddrs();
-    DWORD NumOfAddrs;
-    char message[256];
-
-    if ( !hWnd )
-        return;
-
-    while ( TRUE ) {
-#ifdef USE_OVERLAPPED
-        ZeroMemory(&Ovlap, sizeof(OVERLAPPED));
-
-        Result = NotifyAddrChange(&Handle,&Ovlap);
-        if (Result != ERROR_IO_PENDING)
-        {        
-            if ( IsDebuggerPresent() ) {
-                sprintf(message, "NotifyAddrChange() failed with error %d \n", Result);
-                OutputDebugString(message);
-            }
-            break;
-        }
-
-        if ((Result = WaitForSingleObject(Handle,INFINITE)) != WAIT_OBJECT_0)
-        {
-            if ( IsDebuggerPresent() ) {
-                sprintf(message, "WaitForSingleObject() failed with error %d\n",
-                        GetLastError());
-                OutputDebugString(message);
-            }
-            continue;
-        }
-
-        if (GetOverlappedResult(Handle, &Ovlap,
-                                 &DataTransfered, TRUE) == 0)
-        {
-            if ( IsDebuggerPresent() ) {
-                sprintf(message, "GetOverlapped result failed %d \n",
-                        GetLastError());
-                OutputDebugString(message);
-            }
-            break;
-        }
-#else
-        Result = NotifyAddrChange(NULL,NULL);
-        if (Result != NO_ERROR)
-        {        
-            if ( IsDebuggerPresent() ) {
-                sprintf(message, "NotifyAddrChange() failed with error %d \n", Result);
-                OutputDebugString(message);
-            }
-            break;
-        }
-#endif
-        
-        NumOfAddrs = GetNumOfIpAddrs();
 
-        if ( IsDebuggerPresent() ) {
-            sprintf(message,"IPAddrChangeMonitor() NumOfAddrs: now %d was %d\n",
-                    NumOfAddrs, prevNumOfAddrs);
-            OutputDebugString(message);
-        }
-
-        if ( NumOfAddrs != prevNumOfAddrs ) {
-            // Give AFS Client Service a chance to notice and die
-            // Or for network services to startup
-            Sleep(2000);
-            // this call should probably be mutex protected
-            ObtainTokensFromUserIfNeeded(hWnd);
-        }
-        prevNumOfAddrs = NumOfAddrs;
-    }
-}
-
-
-DWORD 
-IpAddrChangeMonitorInit(HWND hWnd)
-{
-    DWORD status = ERROR_SUCCESS;
-    HANDLE thread;
-    ULONG  threadID = 0;
-
-    thread = CreateThread(NULL, 0, (PTHREAD_START_ROUTINE)IpAddrChangeMonitor,
-                                    hWnd, 0, &threadID);
-
-    if (thread == NULL) {
-        status = GetLastError();
-    }
-    CloseHandle(thread);
-    return status;
+    return serverReachable;
 }
 
similarity index 62%
rename from src/WINNT/client_creds/afskfw.h
rename to src/WINNT/afsd/afskfw.h
index a34341b..d856013 100644 (file)
 #ifdef  __cplusplus
 extern "C" {
 #endif
+#include <afs/stds.h>
+#include <afs/auth.h>
+#include <afs/cellconfig.h>
+#include <rxkad.h>
+
+#define MAXCELLCHARS   64
+#define MAXHOSTCHARS   64
+#define MAXHOSTSPERCELL 8
+#define TRANSARCAFSDAEMON "TransarcAFSDaemon"
+
 void KFW_initialize(void);
 void KFW_cleanup(void);
 int  KFW_is_available(void);
@@ -43,15 +53,35 @@ int  KFW_AFS_get_cred( char * username,
                         char * cell,
                         char * password,
                         int lifetime,
+                        char * smbname,
                         char ** reasonP );
 int  KFW_AFS_renew_token_for_cell(char * cell);
 int  KFW_AFS_renew_tokens_for_all_cells(void);
 BOOL KFW_AFS_wait_for_service_start(void);
+BOOL KFW_probe_kdc(struct afsconf_cell *);
+int  KFW_AFS_get_cellconfig(char *, struct afsconf_cell *, char *);
+void KFW_import_windows_lsa(void);
+
+/* From afs/krb_prot.h */
+/* values for kerb error codes */
+#define         KERB_ERR_OK                              0
+#define         KERB_ERR_NAME_EXP                        1
+#define         KERB_ERR_SERVICE_EXP                     2
+#define         KERB_ERR_AUTH_EXP                        3
+#define         KERB_ERR_PKT_VER                         4
+#define         KERB_ERR_NAME_MAST_KEY_VER               5
+#define         KERB_ERR_SERV_MAST_KEY_VER               6
+#define         KERB_ERR_BYTE_ORDER                      7
+#define         KERB_ERR_PRINCIPAL_UNKNOWN               8
+#define         KERB_ERR_PRINCIPAL_NOT_UNIQUE            9
+#define         KERB_ERR_NULL_KEY                       10
+
+/* From afs/krb.h */
+#define           RD_AP_TIME     37       /* delta_t too big */
+#define           INTK_BADPW     62       /* Incorrect password */
 
-#define WM_OBTAIN_TOKENS (WM_USER+77)
-#define WM_START_SERVICE (WM_USER+78)
-void  ObtainTokensFromUserIfNeeded(HWND hWnd);
-DWORD IpAddrChangeMonitorInit(HWND hWnd);
+#define PROBE_USERNAME               "OPENAFS-KDC-PROBE"
+#define PROBE_PASSWORD_LEN           16
 
 #ifdef  __cplusplus
 }
index 9e6bac9..6fd8924 100644 (file)
@@ -427,8 +427,11 @@ DWORD APIENTRY NPLogonNotify(
         /* if Integrated Logon only */
         if (ISLOGONINTEGRATED(LogonOption) && !ISHIGHSECURITY(LogonOption))
                {                       
-                       code = ka_UserAuthenticateGeneral2(KA_USERAUTH_VERSION+KA_USERAUTH_AUTHENT_LOGON,
-                                                uname, "", cell, password,uname, 0, &pw_exp, 0,
+            if ( KFW_is_available() )
+                code = KFW_AFS_get_cred(uname, "", cell, password, 0, uname, &reason);
+            else
+                code = ka_UserAuthenticateGeneral2(KA_USERAUTH_VERSION+KA_USERAUTH_AUTHENT_LOGON,
+                                                uname, "", cell, password, uname, 0, &pw_exp, 0,
                                                 &reason);
                        DebugEvent("AFS AfsLogon - (INTEGRATED only)ka_UserAuthenticateGeneral2","Code[%x]",
                         code);
@@ -443,7 +446,10 @@ DWORD APIENTRY NPLogonNotify(
         /* if Integrated Logon and High Security pass random generated name*/
         else if (ISLOGONINTEGRATED(LogonOption) && ISHIGHSECURITY(LogonOption))
                {
-                       code = ka_UserAuthenticateGeneral2(KA_USERAUTH_VERSION+KA_USERAUTH_AUTHENT_LOGON,
+            if ( KFW_is_available() )
+                code = KFW_AFS_get_cred(uname, "", cell, password, 0, RandomName, &reason);
+            else
+                code = ka_UserAuthenticateGeneral2(KA_USERAUTH_VERSION+KA_USERAUTH_AUTHENT_LOGON,
                                                 uname, "", cell, password,RandomName, 0, &pw_exp, 0,
                                                 &reason);
                        DebugEvent("AFS AfsLogon - (Both)ka_UserAuthenticateGeneral2","Code[%x] RandomName[%s]",
@@ -499,6 +505,10 @@ DWORD APIENTRY NPLogonNotify(
         retryInterval -= sleepInterval;
     }
 
+    /* remove any kerberos 5 tickets currently held by the SYSTEM account */
+    if ( KFW_is_available() )
+        KFW_AFS_destroy_tickets_for_cell(cell);
+
        if (code) {
         char msg[128];
         sprintf(msg, "Integrated login failed: %s", reason);
index 461d5dc..9d72cfc 100644 (file)
@@ -7,7 +7,7 @@
 
 # include the AFSD source tree on our inclusion path
 
-AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES) /D"_AFXDLL" -I..\afsd -I..\client_config -I..\kfw\inc\loadfuncs -I..\kfw\inc\krb5 -I..\kfw\inc\leash
+AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES) /D"_AFXDLL" -I..\afsd -I..\client_config -I..\kfw\inc\krb5 
 
 # include the primary makefile
 RELDIR=WINNT\client_creds
@@ -35,7 +35,7 @@ EXEOBJS = \
        $(OUT)\window.obj
 
 EXECOBJS = \
-    $(OUT)\afskfw.obj
+    $(OUT)\ipaddrchg.obj
 
 EXERES = \
        $(OUT)\afscreds_stub.res
@@ -67,7 +67,10 @@ EXELIBS = \
        $(DESTDIR)\lib\afs\TaLocale.lib \
     $(DESTDIR)\lib\lanahelper.lib \
     $(DESTDIR)\lib\afsrxkad.lib \
-    $(DESTDIR)\lib\afsdes.lib
+    $(DESTDIR)\lib\afsdes.lib \
+       $(DESTDIR)\lib\afsauthent.lib \
+       $(DESTDIR)\lib\libafsconf.lib \
+    $(DESTDIR)\lib\afskfw.lib
 
 ############################################################################
 #
index a5aad5b..524457e 100644 (file)
@@ -30,6 +30,7 @@ extern "C" {
 #include <osithrdnt.h>
 #include <osisleep.h>
 #include <osibasel.h>
+#include <rxkad.h>
 #ifdef __cplusplus
 }
 #endif
@@ -92,6 +93,7 @@ typedef struct
    TCHAR szHelpFile[ MAX_PATH ];
    osi_mutex_t expirationCheckLock;
    osi_mutex_t credsLock;
+   TCHAR SmbName[ MAXRANDOMNAMELEN ];
    } GLOBALS;
 
 extern GLOBALS g;
index 930418c..7cf0c59 100644 (file)
@@ -7,17 +7,19 @@
  * directory or online at http://www.openafs.org/dl/license10.html
  */
 
-#include "afscreds.h"
-#include "afskfw.h"
-
 extern "C" {
 #include <afs\stds.h>
 #include <afs\param.h>
 #include <afs\auth.h>
 #include <afs\kautils.h>
+#include <rxkad.h>
 #include <afs\cm_config.h>
+#include <afs\afskfw.h>
+#include "ipaddrchg.h"
 }
 
+#include "afscreds.h"
+
 
 /*
  * DEFINITIONS ________________________________________________________________
@@ -390,11 +392,17 @@ int ObtainNewCredentials (LPCTSTR pszCell, LPCTSTR pszUser, LPCTSTR pszPassword,
       char szPasswordA[ 256 ];
       CopyStringToAnsi (szPasswordA, pszPassword);
 
+      char szSmbNameA[ MAXRANDOMNAMELEN ];
+      CopyStringToAnsi (szSmbNameA, g.SmbName);
+
       int Expiration = 0;
 
       if ( KFW_is_available() )
-          rc = KFW_AFS_get_cred(szNameA, NULL, szCellA, szPasswordA, 0, &Result);
-      else
+          rc = KFW_AFS_get_cred(szNameA, NULL, szCellA, szPasswordA, 0, szSmbNameA[0] ? szSmbNameA : NULL, &Result);
+      else if ( szSmbNameA[0] )
+          rc = ka_UserAuthenticateGeneral2(KA_USERAUTH_VERSION+KA_USERAUTH_AUTHENT_LOGON, 
+                                           szNameA, "", szCellA, szPasswordA, szSmbNameA, 0, &Expiration, 0, &Result);
+      else 
           rc = ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION, szNameA, "", szCellA, szPasswordA, 0, &Expiration, 0, &Result);
       }
 
index 6a977c5..ce24a9b 100644 (file)
@@ -12,6 +12,9 @@ extern "C" {
 #include <afs/stds.h>
 #include <osilog.h>
 #include <afs/fs_utils.h>
+#include <rxkad.h>
+#include <afs/afskfw.h>
+#include "ipaddrchg.h"
 }
 
 #include "afscreds.h"
@@ -19,8 +22,6 @@ extern "C" {
 #include "drivemap.h"
 #include <stdlib.h>
 #include <stdio.h>
-#include "rxkad.h"
-#include "afskfw.h"
 
 /*
  * DEFINITIONS ________________________________________________________________
@@ -93,6 +94,11 @@ BOOL InitApp (LPSTR pszCmdLineA)
    BOOL fNetDetect = FALSE;
    BOOL fRenewMaps = FALSE;
 
+   // Initialize our global variables and window classes
+   //
+   memset (&g, 0x00, sizeof(g));
+   g.fStartup = TRUE;
+
    // Parse the command-line
    //
    while (pszCmdLineA && *pszCmdLineA)
@@ -143,6 +149,7 @@ BOOL InitApp (LPSTR pszCmdLineA)
             break;
 
                 case ':':
+             CopyAnsiToString(g.SmbName,pszCmdLineA);
                         MapShareName(pszCmdLineA);
                         break;
 
@@ -205,11 +212,6 @@ BOOL InitApp (LPSTR pszCmdLineA)
    if (fExit || fUninstall || fInstall)
       return FALSE;
 
-   // Initialize our global variables and window classes
-   //
-   memset (&g, 0x00, sizeof(g));
-   g.fStartup = TRUE;
-
    HKEY hk;
     if (RegOpenKey (HKEY_CURRENT_USER, REGSTR_PATH_OPENAFS_CLIENT, &hk) == 0)
     {
index e80b0b3..73ae6da 100644 (file)
 extern "C" {
 #include <afs/param.h>
 #include <afs/stds.h>
+#include <afs/afskfw.h>
+#include "ipaddrchg.h"
 }
 
 #include "afscreds.h"
-#include "afskfw.h"
-
 
 /*
  * DEFINITIONS ________________________________________________________________