Windows: Build against KerbCompatSDK instead of KFW
authorAsanka C. Herath <asanka@secure-endpoints.com>
Fri, 8 Oct 2010 21:46:02 +0000 (17:46 -0400)
committerJeffrey Altman <jaltman@openafs.org>
Sat, 1 Oct 2011 04:40:26 +0000 (21:40 -0700)
Build OpenAFS for Windows against the Secure Endpoints
Kerberos Compatibility SDK instead of the in tree
Kerberos for Windows SDK.

The compatibility layer is available from:

   http://github.com/secure-endpoints/heimdal-krbcompat

The SDK location must be specified with the
KERBEROSCOMPATSDKROOT environment variable.

The benefits of building against the Kerberos Compatibility
SDK are:

 * Heimdal 1.5.1 or later assemblies will be used
   if available

 * MIT KFW 3.2.x will be searched for if Heimdal 1.5.1
   is not installed

Version 1.0 of the SDK is supported.

Change-Id: I393e20d8bfb9ee1ca749cc54ecc1341927abaf82
Reviewed-on: http://gerrit.openafs.org/2867
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Tested-by: Jeffrey Altman <jaltman@openafs.org>
Reviewed-by: Jeffrey Altman <jaltman@openafs.org>

40 files changed:
src/WINNT/afsd/NTMakefile
src/WINNT/afsd/afskfw-int.h
src/WINNT/afsd/afskfw.c
src/WINNT/afsd/afskfw.h
src/WINNT/afssvrmgr/NTMakefile
src/WINNT/aklog/NTMakefile
src/WINNT/aklog/aklog.c
src/WINNT/aklog/asetkey.c
src/WINNT/client_creds/NTMakefile
src/WINNT/install/wix/NTMakefile
src/WINNT/install/wix/feature.wxi
src/WINNT/install/wix/files.wxi
src/WINNT/netidmgr_plugin/NTMakefile
src/WINNT/netidmgr_plugin/afsfuncs.c
src/WINNT/netidmgr_plugin/dynimport.c
src/WINNT/netidmgr_plugin/dynimport.h
src/WINNT/netidmgr_plugin/krb5common.c
src/WINNT/netidmgr_plugin/krb5common.h
src/WINNT/netidmgr_plugin/main.c
src/auth/test/NTMakefile
src/bozo/NTMakefile
src/budb/NTMakefile
src/butc/NTMakefile
src/config/NTMakefile.amd64_w2k
src/config/NTMakefile.i386_nt40
src/config/NTMakefile.i386_w2k
src/kauth/NTMakefile
src/libadmin/adminutil/NTMakefile
src/libadmin/adminutil/afs_utilAdmin.c
src/libafsauthent/NTMakefile
src/ntbuild.bat
src/ptserver/NTMakefile
src/sys/NTMakefile
src/sys/pioctl_nt.c
src/tbutc/NTMakefile
src/update/NTMakefile
src/util/NTMakefile
src/viced/NTMakefile
src/volser/NTMakefile
src/xstat/NTMakefile

index 525fcbb..6d6646c 100644 (file)
@@ -5,9 +5,10 @@
 # License.  For details, see the LICENSE file in the top-level source
 # directory or online at http://www.openafs.org/dl/license10.html
 
-AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES) /D"_AFXDLL" /DSMB_UNICODE -I..\kfw\inc\loadfuncs \
-        -I..\kfw\inc\krb5 -I..\kfw\inc\leash -I$(DESTDIR)\include\afs \
-        -I$(DESTDIR)\include\rx -I..\afsrdr\common -I..\afsrdr\user
+AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES) /D"_AFXDLL" /DSMB_UNICODE \
+       -I$(DESTDIR)\include\afs -I$(DESTDIR)\include\rx \
+        -I..\afsrdr\common -I..\afsrdr\user -I$(HEIMINC)
+
 AFSDEV_NETGUI = 1
 RELDIR=WINNT\afsd
 !INCLUDE ..\..\config\NTMakefile.$(SYS_NAME)
@@ -73,7 +74,12 @@ INCFILES =\
         $(INCFILEDIR)\afsd_eventlog.h \
         $(INCFILEDIR)\afsd_eventmessages.h \
         $(INCFILEDIR)\afskfw.h \
-        $(INCFILEDIR)\afsicf.h
+        $(INCFILEDIR)\afsicf.h \
+#      $(INCFILEDIR)\krbcompat_delayload.h
+
+
+$(INCFILEDIR)\krbcompat_delayload.h: $(HEIMINC)\krbcompat_delayload.h
+        $(COPY) $< $@
 
 IDLFILES =\
        afsrpc.h $(OUT)\afsrpc_c.obj
@@ -246,6 +252,14 @@ AFSD_SDKLIBS =\
         shlwapi.lib
 
 ############################################################################
+# krbcompat_delayload.obj
+
+KCOMPAT_OBJ = $(DESTDIR)\lib\krbcompat_delayload.obj
+
+$(KCOMPAT_OBJ): $(OUT)\krbcompat_delayload.obj
+       copy /y $** $@
+
+############################################################################
 # libafsconf.dll
 
 CONF_DLLFILE = $(DESTDIR)\lib\libafsconf.dll
@@ -308,7 +322,8 @@ LOGON_DLLOBJS =\
     $(OUT)\afslogon.obj \
     $(OUT)\logon_ad.obj \
     $(OUT)\afslogon.res \
-    $(OUT)\cm_nls.obj
+    $(OUT)\cm_nls.obj  \
+    $(KRBCOMPATRES)
 
 LOGON_DLLLIBS =\
     $(DESTDIR)\lib\afsauthent.lib \
@@ -331,13 +346,14 @@ LOGON_DLLSDKLIBS =\
        ole32.lib \
        adsiid.lib \
        activeds.lib \
+        rpcrt4.lib \
        user32.lib \
         userenv.lib \
         shell32.lib \
-        rpcrt4.lib
+       delayimp.lib
 
-$(LOGON_DLLFILE): $(LOGON_DLLOBJS) $(LOGON_DLLLIBS)
-       $(DLLGUILINK) $(LOGONLINKFLAGS) -def:afslogon.def $(LOGON_DLLSDKLIBS)
+$(LOGON_DLLFILE): $(LOGON_DLLOBJS) $(LOGON_DLLLIBS) $(HEIMDEPS)
+       $(DLLGUILINK) $(LOGONLINKFLAGS) -def:afslogon.def $(LOGON_DLLSDKLIBS) $(HEIMLINKOPTS)
         $(_VC_MANIFEST_EMBED_DLL)
        $(DLLPREP)
         $(CODESIGN_USERLAND)
@@ -348,8 +364,9 @@ $(LOGON_DLLFILE): $(LOGON_DLLOBJS) $(LOGON_DLLLIBS)
 ############################################################################
 # Install target; primary makefile target
 
-install_objs: $(CONF_DLLFILE) $(LANAHELPERLIB) $(OUT)\afsicf.obj
+install_objs: $(CONF_DLLFILE) $(LANAHELPERLIB) $(OUT)\afsicf.obj $(OUT)\krbcompat_delayload.obj
      $(COPY) $(OUT)\afsicf.obj $(DESTDIR)\lib
+     $(COPY) $(OUT)\krbcompat_delayload.obj $(DESTDIR)\lib
 
 install_headers: $(IDLFILES) $(INCFILES) ms-wkssvc.h ms-srvsvc.h
 
@@ -427,32 +444,32 @@ EXELIBS3 = \
        $(DESTDIR)\lib\afsroken.lib
 
 # klog.exe
-$(EXEDIR)\klog.exe: $(OUT)\cklog.obj $(OUT)\klog.res $(EXELIBS)
-       $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib
+$(EXEDIR)\klog.exe: $(OUT)\cklog.obj $(OUT)\klog.res $(DESTDIR)\lib\krbcompat_delayload.obj $(EXELIBS) $(HEIMDEPS)
+       $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib $(HEIMLINKOPTS)
         $(_VC_MANIFEST_EMBED_EXE)
        $(EXEPREP)
         $(CODESIGN_USERLAND)
         $(SYMSTORE_IMPORT)
 
 # tokens.exe
-$(EXEDIR)\tokens.exe: $(OUT)\ctokens.obj $(OUT)\tokens.res $(EXELIBS)
-       $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib
+$(EXEDIR)\tokens.exe: $(OUT)\ctokens.obj $(OUT)\tokens.res $(DESTDIR)\lib\krbcompat_delayload.obj $(EXELIBS) $(HEIMDEPS)
+       $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib $(HEIMLINKOPTS)
         $(_VC_MANIFEST_EMBED_EXE)
        $(EXEPREP)
         $(CODESIGN_USERLAND)
         $(SYMSTORE_IMPORT)
 
 # unlog.exe
-$(EXEDIR)\unlog.exe: $(OUT)\cunlog.obj $(OUT)\unlog.res $(EXELIBS)
-       $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib
+$(EXEDIR)\unlog.exe: $(OUT)\cunlog.obj $(OUT)\unlog.res $(DESTDIR)\lib\krbcompat_delayload.obj $(EXELIBS) $(HEIMDEPS)
+       $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib $(HEIMLINKOPTS)
         $(_VC_MANIFEST_EMBED_EXE)
        $(EXEPREP)
         $(CODESIGN_USERLAND)
         $(SYMSTORE_IMPORT)
 
 # afscpcc.exe
-$(EXEDIR)\afscpcc.exe: $(OUT)\afscpcc.obj $(OUT)\afscpcc.res $(LOGON_DLLLIBS)
-       $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib userenv.lib
+$(EXEDIR)\afscpcc.exe: $(OUT)\afscpcc.obj $(OUT)\afscpcc.res $(DESTDIR)\lib\krbcompat_delayload.obj $(LOGON_DLLLIBS) $(HEIMDEPS)
+       $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib userenv.lib $(HEIMLINKOPTS)
         $(_VC_MANIFEST_EMBED_EXE)
        $(EXEPREP)
         $(CODESIGN_USERLAND)
@@ -493,8 +510,8 @@ $(EXEDIR)\afsd_service.exe: $(OUT)\afsd_service.obj $(AFSDOBJS) $(OUT)\afsd_serv
         $(SYMSTORE_IMPORT)
 
 # fs.exe
-$(EXEDIR)\fs.exe: $(FSOBJS) $(OUT)\fs.res $(EXELIBS)
-       $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib
+$(EXEDIR)\fs.exe: $(FSOBJS) $(OUT)\fs.res $(EXELIBS) $(HEIMDEPS)
+       $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib $(HEIMLINKOPTS)
         $(_VC_MANIFEST_EMBED_EXE)
        $(EXEPREP)
         $(CODESIGN_USERLAND)
@@ -534,8 +551,8 @@ $(EXEDIR)\afsio.exe: $(AFSIOOBJS) $(OUT)\afsio.res $(RXOBJS) $(AFSD_EXELIBS) $(E
         $(SYMSTORE_IMPORT)
 
 # symlink.exe
-$(EXEDIR)\symlink.exe: $(SLOBJS) $(OUT)\symlink.res  $(EXELIBS)
-       $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib
+$(EXEDIR)\symlink.exe: $(SLOBJS) $(OUT)\symlink.res  $(EXELIBS) $(HEIMDEPS)
+       $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib $(HEIMLINKOPTS)
         $(_VC_MANIFEST_EMBED_EXE)
        $(EXEPREP)
         $(CODESIGN_USERLAND)
@@ -601,6 +618,11 @@ $(DESTDIR)\bin\kpasswd.exe: $(KPASSWD_OBJS) $(KPASSWD_LIBS)
         $(CODESIGN_USERLAND)
         $(SYMSTORE_IMPORT)
 
+{$(HEIMDALSDKDIR)\src\}.c{$(OUT)}.obj:
+       $(C2OBJ) /Fo$@ $**
+
+{$(HEIMDALSDKDIR)\inc\}.h{$(INCFILEDIR)}.h:
+       copy /y $< $@
 
 ############################################################################
 # generate versioninfo resources
index fe8935f..81428f9 100644 (file)
 #include <string.h>
 #include <time.h>
 #include <winsock2.h>
-
-#ifdef USE_MS2MIT
-#include <loadfuncs-lsa.h>
-#endif /* USE_MS2MIT */
+#include <process.h>
 
 #include <afs/stds.h>
 #include <krb5.h>
 
 #include <rxkad.h>
 
-/* Defined in the KRBV4W32 version of krb.h but not the Kerberos V version */
-/* Required for some of the loadfuncs headers */
-typedef struct ktext far *KTEXT;
-typedef struct ktext far *KTEXT_FP;
-#include <KerberosIV/krb.h>
-
 /* AFS has its own version of com_err.h */
 typedef afs_int32 errcode_t;
 
-#include <loadfuncs-com_err.h>
-#include <loadfuncs-krb5.h>
-#include <loadfuncs-profile.h>
-#include <loadfuncs-krb.h>
-#include <loadfuncs-krb524.h>
-#include <loadfuncs-leash.h>
-
 // service definitions
 #define SERVICE_DLL   "advapi32.dll"
 typedef SC_HANDLE (WINAPI *FP_OpenSCManagerA)(char *, char *, DWORD);
@@ -106,7 +90,12 @@ typedef BOOL (WINAPI *FP_QueryServiceStatus)(SC_HANDLE, LPSERVICE_STATUS);
 typedef BOOL (WINAPI *FP_CloseServiceHandle)(SC_HANDLE);
 
 #define KRB5_DEFAULT_LIFE            60*60*10 /* 10 hours */
-#define LSA_CCNAME                   "MSLSA:"
+#define LSA_CCTYPE                   "MSLSA"
+#define LSA_CCNAME                   LSA_CCTYPE ":"
+
+#ifndef REALM_SZ
+#define REALM_SZ     64
+#endif
 
 #ifndef KTC_ERROR
 #define KTC_ERROR      11862784L
@@ -149,115 +138,36 @@ struct cell_principal_map {
     int    active;
 };
 
-/* In order to avoid including the private CCAPI headers */
-typedef int cc_int32;
-
-#define CC_API_VER_1 1
-#define CC_API_VER_2 2
-
-#define CCACHE_API cc_int32
-
-/*
-** The Official Error Codes
-*/
-#define CC_NOERROR           0
-#define CC_BADNAME           1
-#define CC_NOTFOUND          2
-#define CC_END               3
-#define CC_IO                4
-#define CC_WRITE             5
-#define CC_NOMEM             6
-#define CC_FORMAT            7
-#define CC_LOCKED            8
-#define CC_BAD_API_VERSION   9
-#define CC_NO_EXIST          10
-#define CC_NOT_SUPP          11
-#define CC_BAD_PARM          12
-#define CC_ERR_CACHE_ATTACH  13
-#define CC_ERR_CACHE_RELEASE 14
-#define CC_ERR_CACHE_FULL    15
-#define CC_ERR_CRED_VERSION  16
-
-enum {
-    CC_CRED_VUNKNOWN = 0,       // For validation
-    CC_CRED_V4 = 1,
-    CC_CRED_V5 = 2,
-    CC_CRED_VMAX = 3            // For validation
-};
-
-typedef struct opaque_dll_control_block_type* apiCB;
-typedef struct _infoNC {
-    char*     name;
-    char*     principal;
-    cc_int32  vers;
-} infoNC;
-
-TYPEDEF_FUNC(
-CCACHE_API,
-CALLCONV_C,
-cc_initialize,
-    (
-    apiCB** cc_ctx,           // <  DLL's primary control structure.
-                              //    returned here, passed everywhere else
-    cc_int32 api_version,     // >  ver supported by caller (use CC_API_VER_1)
-    cc_int32*  api_supported, // <  if ~NULL, max ver supported by DLL
-    const char** vendor       // <  if ~NULL, vendor name in read only C string
-    )
-);
-
-TYPEDEF_FUNC(
-CCACHE_API,
-CALLCONV_C,
-cc_shutdown,
-    (
-    apiCB** cc_ctx            // <> DLL's primary control structure. NULL after
-    )
-);
-
-TYPEDEF_FUNC(
-CCACHE_API,
-CALLCONV_C,
-cc_get_NC_info,
-    (
-    apiCB* cc_ctx,          // >  DLL's primary control structure
-    struct _infoNC*** ppNCi // <  (NULL before call) null terminated,
-                            //    list of a structs (free via cc_free_infoNC())
-    )
-);
-
-TYPEDEF_FUNC(
-CCACHE_API,
-CALLCONV_C,
-cc_free_NC_info,
-    (
-    apiCB* cc_ctx,
-    struct _infoNC*** ppNCi // <  free list of structs returned by
-                            //    cc_get_cache_names().  set to NULL on return
-    )
-);
-
-#ifdef _WIN64
-#define CCAPI_DLL   "krbcc64.dll"
-#else
-#define CCAPI_DLL   "krbcc32.dll"
-#endif
-
 /* Function Prototypes */
 DWORD GetServiceStatus(LPSTR, LPSTR, DWORD *);
+
 void KFW_AFS_error(LONG, LPCSTR);
 
-void UnloadFuncs(FUNC_INFO [], HINSTANCE);
-int  LoadFuncs(const char*, FUNC_INFO [], HINSTANCE*, int*, int, int, int);
 int  KFW_get_ccache(krb5_context, krb5_principal, krb5_ccache *);
+
 int  KFW_error(krb5_error_code, LPCSTR, int, krb5_context *, krb5_ccache *);
+
 int  KFW_kinit(krb5_context, krb5_ccache, HWND, char *, char *, krb5_deltat,
-                DWORD, DWORD, krb5_deltat, DWORD, DWORD);
+               DWORD, DWORD, krb5_deltat, DWORD, DWORD);
+
 int  KFW_renew(krb5_context, krb5_ccache);
+
 int  KFW_destroy(krb5_context, krb5_ccache);
+
 BOOL KFW_ms2mit(krb5_context, krb5_ccache, BOOL);
+
 int  KFW_AFS_unlog(void);
+
 int  KFW_AFS_klog(krb5_context, krb5_ccache, char*, char*, char*, int, char*);
+
 void KFW_import_ccache_data(void);
+
 BOOL MSLSA_IsKerberosLogon();
+
 char *afs_realm_of_cell(krb5_context, struct afsconf_cell *);
+
+DWORD KFW_get_default_mslsa_import(krb5_context);
+
+DWORD KFW_get_default_lifetime(krb5_context, const char *);
+
 #endif /* AFSKFW_INT_H */
index 2671e1b..7bcb712 100644 (file)
@@ -56,9 +56,7 @@
  */
 
 #undef  USE_KRB4
-#ifndef _WIN64
-#define USE_KRB524 1
-#endif
+#undef  USE_KRB524
 #define USE_MS2MIT 1
 
 #include <afsconfig.h>
 #include "afskfw.h"
 #include "afskfw-int.h"
 #include <userenv.h>
-#include "strsafe.h"
+#include <strsafe.h>
 
 #include <Sddl.h>
 #include <Aclapi.h>
 
+#include <krbcompat_delayload.h>
+
+#ifndef KRB5_TC_OPENCLOSE
+#define KRB5_TC_OPENCLOSE 0x00000001
+#endif
+
 /*
  * TIMING _____________________________________________________________________
  *
 #define cmsec1MINUTE         60000
 #define csec1MINUTE          60
 
-/* Function Pointer Declarations for Delayed Loading */
-// CCAPI
-DECL_FUNC_PTR(cc_initialize);
-DECL_FUNC_PTR(cc_shutdown);
-DECL_FUNC_PTR(cc_get_NC_info);
-DECL_FUNC_PTR(cc_free_NC_info);
-
-#ifdef USE_LEASH
-// leash functions
-DECL_FUNC_PTR(Leash_get_default_lifetime);
-DECL_FUNC_PTR(Leash_get_default_forwardable);
-DECL_FUNC_PTR(Leash_get_default_renew_till);
-DECL_FUNC_PTR(Leash_get_default_noaddresses);
-DECL_FUNC_PTR(Leash_get_default_proxiable);
-DECL_FUNC_PTR(Leash_get_default_publicip);
-DECL_FUNC_PTR(Leash_get_default_use_krb4);
-DECL_FUNC_PTR(Leash_get_default_life_min);
-DECL_FUNC_PTR(Leash_get_default_life_max);
-DECL_FUNC_PTR(Leash_get_default_renew_min);
-DECL_FUNC_PTR(Leash_get_default_renew_max);
-DECL_FUNC_PTR(Leash_get_default_renewable);
-DECL_FUNC_PTR(Leash_get_default_mslsa_import);
-#endif
-
-// krb5 functions
-DECL_FUNC_PTR(krb5_change_password);
-DECL_FUNC_PTR(krb5_get_init_creds_opt_init);
-DECL_FUNC_PTR(krb5_get_init_creds_opt_set_tkt_life);
-DECL_FUNC_PTR(krb5_get_init_creds_opt_set_renew_life);
-DECL_FUNC_PTR(krb5_get_init_creds_opt_set_forwardable);
-DECL_FUNC_PTR(krb5_get_init_creds_opt_set_proxiable);
-DECL_FUNC_PTR(krb5_get_init_creds_opt_set_address_list);
-DECL_FUNC_PTR(krb5_get_init_creds_password);
-DECL_FUNC_PTR(krb5_build_principal_ext);
-DECL_FUNC_PTR(krb5_cc_get_name);
-DECL_FUNC_PTR(krb5_cc_resolve);
-DECL_FUNC_PTR(krb5_cc_default);
-DECL_FUNC_PTR(krb5_cc_default_name);
-DECL_FUNC_PTR(krb5_cc_set_default_name);
-DECL_FUNC_PTR(krb5_cc_initialize);
-DECL_FUNC_PTR(krb5_cc_destroy);
-DECL_FUNC_PTR(krb5_cc_close);
-DECL_FUNC_PTR(krb5_cc_store_cred);
-DECL_FUNC_PTR(krb5_cc_copy_creds);
-DECL_FUNC_PTR(krb5_cc_retrieve_cred);
-DECL_FUNC_PTR(krb5_cc_get_principal);
-DECL_FUNC_PTR(krb5_cc_start_seq_get);
-DECL_FUNC_PTR(krb5_cc_next_cred);
-DECL_FUNC_PTR(krb5_cc_end_seq_get);
-DECL_FUNC_PTR(krb5_cc_remove_cred);
-DECL_FUNC_PTR(krb5_cc_set_flags);
-DECL_FUNC_PTR(krb5_cc_get_type);
-DECL_FUNC_PTR(krb5_free_context);
-DECL_FUNC_PTR(krb5_free_cred_contents);
-DECL_FUNC_PTR(krb5_free_principal);
-DECL_FUNC_PTR(krb5_get_in_tkt_with_password);
-DECL_FUNC_PTR(krb5_init_context);
-DECL_FUNC_PTR(krb5_parse_name);
-DECL_FUNC_PTR(krb5_timeofday);
-DECL_FUNC_PTR(krb5_timestamp_to_sfstring);
-DECL_FUNC_PTR(krb5_unparse_name);
-DECL_FUNC_PTR(krb5_get_credentials);
-DECL_FUNC_PTR(krb5_mk_req);
-DECL_FUNC_PTR(krb5_sname_to_principal);
-DECL_FUNC_PTR(krb5_get_credentials_renew);
-DECL_FUNC_PTR(krb5_free_data);
-DECL_FUNC_PTR(krb5_free_data_contents);
-DECL_FUNC_PTR(krb5_free_unparsed_name);
-DECL_FUNC_PTR(krb5_os_localaddr);
-DECL_FUNC_PTR(krb5_copy_keyblock_contents);
-DECL_FUNC_PTR(krb5_copy_data);
-DECL_FUNC_PTR(krb5_free_creds);
-DECL_FUNC_PTR(krb5_build_principal);
-DECL_FUNC_PTR(krb5_get_renewed_creds);
-DECL_FUNC_PTR(krb5_get_default_config_files);
-DECL_FUNC_PTR(krb5_free_config_files);
-DECL_FUNC_PTR(krb5_get_default_realm);
-DECL_FUNC_PTR(krb5_free_default_realm);
-DECL_FUNC_PTR(krb5_free_ticket);
-DECL_FUNC_PTR(krb5_decode_ticket);
-DECL_FUNC_PTR(krb5_get_host_realm);
-DECL_FUNC_PTR(krb5_free_host_realm);
-DECL_FUNC_PTR(krb5_free_addresses);
-DECL_FUNC_PTR(krb5_c_random_make_octets);
-
-// Krb5 KFW 3.2 functions
-DECL_FUNC_PTR(krb5_get_error_message);
-DECL_FUNC_PTR(krb5_free_error_message);
-
-#ifdef USE_KRB524
-// Krb524 functions
-DECL_FUNC_PTR(krb524_init_ets);
-DECL_FUNC_PTR(krb524_convert_creds_kdc);
-#endif
-
-#ifdef USE_KRB4
-// krb4 functions
-DECL_FUNC_PTR(krb_get_cred);
-DECL_FUNC_PTR(tkt_string);
-DECL_FUNC_PTR(krb_get_tf_realm);
-DECL_FUNC_PTR(krb_mk_req);
-#endif
-
-// ComErr functions
-DECL_FUNC_PTR(com_err);
-DECL_FUNC_PTR(error_message);
-
-// Profile functions
-DECL_FUNC_PTR(profile_init);
-DECL_FUNC_PTR(profile_release);
-DECL_FUNC_PTR(profile_get_subsection_names);
-DECL_FUNC_PTR(profile_free_list);
-DECL_FUNC_PTR(profile_get_string);
-DECL_FUNC_PTR(profile_release_string);
-
-// Service functions
-DECL_FUNC_PTR(OpenSCManagerA);
-DECL_FUNC_PTR(OpenServiceA);
-DECL_FUNC_PTR(QueryServiceStatus);
-DECL_FUNC_PTR(CloseServiceHandle);
-#ifdef USE_MS2MIT
-DECL_FUNC_PTR(LsaNtStatusToWinError);
-#endif /* USE_MS2MIT */
-
-#ifdef USE_MS2MIT
-// LSA Functions
-DECL_FUNC_PTR(LsaConnectUntrusted);
-DECL_FUNC_PTR(LsaLookupAuthenticationPackage);
-DECL_FUNC_PTR(LsaCallAuthenticationPackage);
-DECL_FUNC_PTR(LsaFreeReturnBuffer);
-DECL_FUNC_PTR(LsaGetLogonSessionData);
-#endif /* USE_MS2MIT */
-
-// CCAPI
-FUNC_INFO ccapi_fi[] = {
-    MAKE_FUNC_INFO(cc_initialize),
-    MAKE_FUNC_INFO(cc_shutdown),
-    MAKE_FUNC_INFO(cc_get_NC_info),
-    MAKE_FUNC_INFO(cc_free_NC_info),
-    END_FUNC_INFO
-};
-
-#ifdef USE_LEASH
-FUNC_INFO leash_fi[] = {
-    MAKE_FUNC_INFO(Leash_get_default_lifetime),
-    MAKE_FUNC_INFO(Leash_get_default_renew_till),
-    MAKE_FUNC_INFO(Leash_get_default_forwardable),
-    MAKE_FUNC_INFO(Leash_get_default_noaddresses),
-    MAKE_FUNC_INFO(Leash_get_default_proxiable),
-    MAKE_FUNC_INFO(Leash_get_default_publicip),
-    MAKE_FUNC_INFO(Leash_get_default_use_krb4),
-    MAKE_FUNC_INFO(Leash_get_default_life_min),
-    MAKE_FUNC_INFO(Leash_get_default_life_max),
-    MAKE_FUNC_INFO(Leash_get_default_renew_min),
-    MAKE_FUNC_INFO(Leash_get_default_renew_max),
-    MAKE_FUNC_INFO(Leash_get_default_renewable),
-    END_FUNC_INFO
-};
-
-FUNC_INFO leash_opt_fi[] = {
-    MAKE_FUNC_INFO(Leash_get_default_mslsa_import),
-    END_FUNC_INFO
-};
-#endif
-
-FUNC_INFO k5_fi[] = {
-    MAKE_FUNC_INFO(krb5_change_password),
-    MAKE_FUNC_INFO(krb5_get_init_creds_opt_init),
-    MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_tkt_life),
-    MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_renew_life),
-    MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_forwardable),
-    MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_proxiable),
-    MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_address_list),
-    MAKE_FUNC_INFO(krb5_get_init_creds_password),
-    MAKE_FUNC_INFO(krb5_build_principal_ext),
-    MAKE_FUNC_INFO(krb5_cc_get_name),
-    MAKE_FUNC_INFO(krb5_cc_resolve),
-    MAKE_FUNC_INFO(krb5_cc_default),
-    MAKE_FUNC_INFO(krb5_cc_default_name),
-    MAKE_FUNC_INFO(krb5_cc_set_default_name),
-    MAKE_FUNC_INFO(krb5_cc_initialize),
-    MAKE_FUNC_INFO(krb5_cc_destroy),
-    MAKE_FUNC_INFO(krb5_cc_close),
-    MAKE_FUNC_INFO(krb5_cc_copy_creds),
-    MAKE_FUNC_INFO(krb5_cc_store_cred),
-    MAKE_FUNC_INFO(krb5_cc_retrieve_cred),
-    MAKE_FUNC_INFO(krb5_cc_get_principal),
-    MAKE_FUNC_INFO(krb5_cc_start_seq_get),
-    MAKE_FUNC_INFO(krb5_cc_next_cred),
-    MAKE_FUNC_INFO(krb5_cc_end_seq_get),
-    MAKE_FUNC_INFO(krb5_cc_remove_cred),
-    MAKE_FUNC_INFO(krb5_cc_set_flags),
-    MAKE_FUNC_INFO(krb5_cc_get_type),
-    MAKE_FUNC_INFO(krb5_free_context),
-    MAKE_FUNC_INFO(krb5_free_cred_contents),
-    MAKE_FUNC_INFO(krb5_free_principal),
-    MAKE_FUNC_INFO(krb5_get_in_tkt_with_password),
-    MAKE_FUNC_INFO(krb5_init_context),
-    MAKE_FUNC_INFO(krb5_parse_name),
-    MAKE_FUNC_INFO(krb5_timeofday),
-    MAKE_FUNC_INFO(krb5_timestamp_to_sfstring),
-    MAKE_FUNC_INFO(krb5_unparse_name),
-    MAKE_FUNC_INFO(krb5_get_credentials),
-    MAKE_FUNC_INFO(krb5_mk_req),
-    MAKE_FUNC_INFO(krb5_sname_to_principal),
-    MAKE_FUNC_INFO(krb5_get_credentials_renew),
-    MAKE_FUNC_INFO(krb5_free_data),
-    MAKE_FUNC_INFO(krb5_free_data_contents),
-    MAKE_FUNC_INFO(krb5_free_unparsed_name),
-    MAKE_FUNC_INFO(krb5_os_localaddr),
-    MAKE_FUNC_INFO(krb5_copy_keyblock_contents),
-    MAKE_FUNC_INFO(krb5_copy_data),
-    MAKE_FUNC_INFO(krb5_free_creds),
-    MAKE_FUNC_INFO(krb5_build_principal),
-    MAKE_FUNC_INFO(krb5_get_renewed_creds),
-    MAKE_FUNC_INFO(krb5_free_addresses),
-    MAKE_FUNC_INFO(krb5_get_default_config_files),
-    MAKE_FUNC_INFO(krb5_free_config_files),
-    MAKE_FUNC_INFO(krb5_get_default_realm),
-    MAKE_FUNC_INFO(krb5_free_default_realm),
-    MAKE_FUNC_INFO(krb5_free_ticket),
-    MAKE_FUNC_INFO(krb5_decode_ticket),
-    MAKE_FUNC_INFO(krb5_get_host_realm),
-    MAKE_FUNC_INFO(krb5_free_host_realm),
-    MAKE_FUNC_INFO(krb5_free_addresses),
-    MAKE_FUNC_INFO(krb5_c_random_make_octets),
-    END_FUNC_INFO
-};
-
-FUNC_INFO k5_kfw_32_fi[] = {
-    MAKE_FUNC_INFO(krb5_get_error_message),
-    MAKE_FUNC_INFO(krb5_free_error_message),
-    END_FUNC_INFO
-};
-
-#ifdef USE_KRB4
-FUNC_INFO k4_fi[] = {
-    MAKE_FUNC_INFO(krb_get_cred),
-    MAKE_FUNC_INFO(krb_get_tf_realm),
-    MAKE_FUNC_INFO(krb_mk_req),
-    MAKE_FUNC_INFO(tkt_string),
-    END_FUNC_INFO
-};
-#endif
-
-#ifdef USE_KRB524
-FUNC_INFO k524_fi[] = {
-    MAKE_FUNC_INFO(krb524_init_ets),
-    MAKE_FUNC_INFO(krb524_convert_creds_kdc),
-    END_FUNC_INFO
-};
-#endif
-
-FUNC_INFO profile_fi[] = {
-        MAKE_FUNC_INFO(profile_init),
-        MAKE_FUNC_INFO(profile_release),
-        MAKE_FUNC_INFO(profile_get_subsection_names),
-        MAKE_FUNC_INFO(profile_free_list),
-        MAKE_FUNC_INFO(profile_get_string),
-        MAKE_FUNC_INFO(profile_release_string),
-        END_FUNC_INFO
-};
-
-FUNC_INFO ce_fi[] = {
-    MAKE_FUNC_INFO(com_err),
-    MAKE_FUNC_INFO(error_message),
-    END_FUNC_INFO
-};
-
-FUNC_INFO service_fi[] = {
-    MAKE_FUNC_INFO(OpenSCManagerA),
-    MAKE_FUNC_INFO(OpenServiceA),
-    MAKE_FUNC_INFO(QueryServiceStatus),
-    MAKE_FUNC_INFO(CloseServiceHandle),
-#ifdef USE_MS2MIT
-    MAKE_FUNC_INFO(LsaNtStatusToWinError),
-#endif /* USE_MS2MIT */
-    END_FUNC_INFO
-};
-
-#ifdef USE_MS2MIT
-FUNC_INFO lsa_fi[] = {
-    MAKE_FUNC_INFO(LsaConnectUntrusted),
-    MAKE_FUNC_INFO(LsaLookupAuthenticationPackage),
-    MAKE_FUNC_INFO(LsaCallAuthenticationPackage),
-    MAKE_FUNC_INFO(LsaFreeReturnBuffer),
-    MAKE_FUNC_INFO(LsaGetLogonSessionData),
-    END_FUNC_INFO
-};
-#endif /* USE_MS2MIT */
-
 /* Static Prototypes */
 char *afs_realm_of_cell(krb5_context, struct afsconf_cell *);
 static long get_cellconfig_callback(void *, struct sockaddr_in *, char *, unsigned short);
@@ -396,31 +109,10 @@ static krb5_error_code KRB5_CALLCONV KRB5_prompter( krb5_context context,
            void *data, const char *name, const char *banner, int num_prompts,
            krb5_prompt prompts[]);
 
-
 /* Static Declarations */
 static int                inited = 0;
 static int                mid_cnt = 0;
 static struct textField * mid_tb = NULL;
-static HINSTANCE hKrb5 = 0;
-static HINSTANCE hKrb5_kfw_32 = 0;
-#ifdef USE_KRB4
-static HINSTANCE hKrb4 = 0;
-#endif /* USE_KRB4 */
-#ifdef USE_KRB524
-static HINSTANCE hKrb524 = 0;
-#endif
-#ifdef USE_MS2MIT
-static HINSTANCE hSecur32 = 0;
-#endif /* USE_MS2MIT */
-static HINSTANCE hAdvApi32 = 0;
-static HINSTANCE hComErr = 0;
-static HINSTANCE hService = 0;
-static HINSTANCE hProfile = 0;
-#ifdef USE_LEASH
-static HINSTANCE hLeash = 0;
-static HINSTANCE hLeashOpt = 0;
-#endif
-static HINSTANCE hCCAPI = 0;
 static struct principal_ccache_data * princ_cc_data = NULL;
 static struct cell_principal_map    * cell_princ_map = NULL;
 
@@ -431,6 +123,20 @@ static struct cell_principal_map    * cell_princ_map = NULL;
 #endif
 
 void
+DebugPrintf(const char * fmt, ...)
+{
+    if (IsDebuggerPresent()) {
+        va_list vl;
+        char buf[1024];
+
+        va_start(vl, fmt);
+        StringCbVPrintfA(buf, sizeof(buf), fmt, vl);
+        OutputDebugStringA(buf);
+        va_end(vl);
+    }
+}
+
+void
 KFW_initialize(void)
 {
     static int inited = 0;
@@ -449,25 +155,8 @@ KFW_initialize(void)
         }
         if ( !inited ) {
             inited = 1;
-            LoadFuncs(KRB5_DLL, k5_fi, &hKrb5, 0, 1, 0, 0);
-            LoadFuncs(KRB5_DLL, k5_kfw_32_fi, &hKrb5_kfw_32, 0, 1, 0, 0);
-            LoadFuncs(COMERR_DLL, ce_fi, &hComErr, 0, 0, 1, 0);
-            LoadFuncs(PROFILE_DLL, profile_fi, &hProfile, 0, 1, 0, 0);
-#ifdef USE_KRB4
-            LoadFuncs(KRB4_DLL, k4_fi, &hKrb4, 0, 1, 0, 0);
-#endif /* USE_KRB4 */
-            LoadFuncs(SERVICE_DLL, service_fi, &hService, 0, 1, 0, 0);
-#ifdef USE_MS2MIT
-            LoadFuncs(SECUR32_DLL, lsa_fi, &hSecur32, 0, 1, 1, 1);
-#endif /* USE_MS2MIT */
-#ifdef USE_KRB524
-            LoadFuncs(KRB524_DLL, k524_fi, &hKrb524, 0, 1, 1, 1);
-#endif
-#ifdef USE_LEASH
-            LoadFuncs(LEASH_DLL, leash_fi, &hLeash, 0, 1, 0, 0);
-            LoadFuncs(LEASH_DLL, leash_opt_fi, &hLeashOpt, 0, 1, 0, 0);
-#endif
-            LoadFuncs(CCAPI_DLL, ccapi_fi, &hCCAPI, 0, 1, 0, 0);
+
+            DelayLoadHeimdal();
 
             if ( KFW_is_available() ) {
                 char rootcell[CELL_MAXNAMELEN+1];
@@ -493,36 +182,6 @@ KFW_initialize(void)
 void
 KFW_cleanup(void)
 {
-#ifdef USE_LEASH
-    if (hLeashOpt)
-        FreeLibrary(hLeashOpt);
-    if (hLeash)
-        FreeLibrary(hLeash);
-#endif
-#ifdef USE_KRB524
-    if (hKrb524)
-        FreeLibrary(hKrb524);
-#endif
-    if (hCCAPI)
-        FreeLibrary(hCCAPI);
-#ifdef USE_MS2MIT
-    if (hSecur32)
-        FreeLibrary(hSecur32);
-#endif /* USE_MS2MIT */
-    if (hService)
-        FreeLibrary(hService);
-    if (hComErr)
-        FreeLibrary(hComErr);
-    if (hProfile)
-        FreeLibrary(hProfile);
-#ifdef USE_KRB4
-    if (hKrb4)
-        FreeLibrary(hKrb4);
-#endif /* USE_KRB4 */
-    if (hKrb5)
-        FreeLibrary(hKrb5);
-    if (hKrb5_kfw_32)
-        FreeLibrary(hKrb5_kfw_32);
 }
 
 typedef BOOL (WINAPI *LPFN_ISWOW64PROCESS) (HANDLE, PBOOL);
@@ -562,20 +221,20 @@ KFW_accept_dotted_usernames(void)
     DWORD value = 1;
 
     code = RegOpenKeyEx(HKEY_CURRENT_USER, AFSREG_USER_OPENAFS_SUBKEY,
-                         0, (IsWow64()?KEY_WOW64_64KEY:0)|KEY_QUERY_VALUE, &parmKey);
+                        0, (IsWow64()?KEY_WOW64_64KEY:0)|KEY_QUERY_VALUE, &parmKey);
     if (code == ERROR_SUCCESS) {
         len = sizeof(value);
         code = RegQueryValueEx(parmKey, "AcceptDottedPrincipalNames", NULL, NULL,
-                                (BYTE *) &value, &len);
+                               (BYTE *) &value, &len);
         RegCloseKey(parmKey);
     }
     if (code != ERROR_SUCCESS) {
         code = RegOpenKeyEx(HKEY_LOCAL_MACHINE, AFSREG_CLT_OPENAFS_SUBKEY,
-                             0, (IsWow64()?KEY_WOW64_64KEY:0)|KEY_QUERY_VALUE, &parmKey);
+                            0, (IsWow64()?KEY_WOW64_64KEY:0)|KEY_QUERY_VALUE, &parmKey);
         if (code == ERROR_SUCCESS) {
             len = sizeof(value);
             code = RegQueryValueEx(parmKey, "AcceptDottedPrincipalNames", NULL, NULL,
-                                    (BYTE *) &value, &len);
+                                   (BYTE *) &value, &len);
             RegCloseKey (parmKey);
         }
     }
@@ -586,29 +245,7 @@ KFW_accept_dotted_usernames(void)
 int
 KFW_use_krb524(void)
 {
-    HKEY parmKey;
-    DWORD code, len;
-    DWORD use524 = 0;
-
-    code = RegOpenKeyEx(HKEY_CURRENT_USER, AFSREG_USER_OPENAFS_SUBKEY,
-                         0, (IsWow64()?KEY_WOW64_64KEY:0)|KEY_QUERY_VALUE, &parmKey);
-    if (code == ERROR_SUCCESS) {
-        len = sizeof(use524);
-        code = RegQueryValueEx(parmKey, "Use524", NULL, NULL,
-                                (BYTE *) &use524, &len);
-        RegCloseKey(parmKey);
-    }
-    if (code != ERROR_SUCCESS) {
-        code = RegOpenKeyEx(HKEY_LOCAL_MACHINE, AFSREG_CLT_OPENAFS_SUBKEY,
-                             0, (IsWow64()?KEY_WOW64_64KEY:0)|KEY_QUERY_VALUE, &parmKey);
-        if (code == ERROR_SUCCESS) {
-            len = sizeof(use524);
-            code = RegQueryValueEx(parmKey, "Use524", NULL, NULL,
-                                    (BYTE *) &use524, &len);
-            RegCloseKey (parmKey);
-        }
-    }
-    return use524;
+    return 0;
 }
 
 int
@@ -619,21 +256,21 @@ KFW_is_available(void)
     DWORD enableKFW = 1;
 
     code = RegOpenKeyEx(HKEY_CURRENT_USER, AFSREG_USER_OPENAFS_SUBKEY,
-                         0, (IsWow64()?KEY_WOW64_64KEY:0)|KEY_QUERY_VALUE, &parmKey);
+                        0, (IsWow64()?KEY_WOW64_64KEY:0)|KEY_QUERY_VALUE, &parmKey);
     if (code == ERROR_SUCCESS) {
         len = sizeof(enableKFW);
         code = RegQueryValueEx(parmKey, "EnableKFW", NULL, NULL,
-                                (BYTE *) &enableKFW, &len);
+                               (BYTE *) &enableKFW, &len);
         RegCloseKey (parmKey);
     }
 
     if (code != ERROR_SUCCESS) {
         code = RegOpenKeyEx(HKEY_LOCAL_MACHINE, AFSREG_CLT_OPENAFS_SUBKEY,
-                             0, (IsWow64()?KEY_WOW64_64KEY:0)|KEY_QUERY_VALUE, &parmKey);
+                            0, (IsWow64()?KEY_WOW64_64KEY:0)|KEY_QUERY_VALUE, &parmKey);
         if (code == ERROR_SUCCESS) {
             len = sizeof(enableKFW);
             code = RegQueryValueEx(parmKey, "EnableKFW", NULL, NULL,
-                                    (BYTE *) &enableKFW, &len);
+                                   (BYTE *) &enableKFW, &len);
             RegCloseKey (parmKey);
         }
     }
@@ -642,69 +279,45 @@ KFW_is_available(void)
         return FALSE;
 
     KFW_initialize();
-    if ( hKrb5 && hComErr && hService &&
-#ifdef USE_MS2MIT
-         hSecur32 &&
-#endif /* USE_MS2MIT */
-#ifdef USE_KRB524
-         hKrb524 &&
-#endif
-#ifdef USE_LEASH
-         hLeash &&
-#endif
-         hProfile && hCCAPI )
-        return TRUE;
-    return FALSE;
+
+    /* If this is non-zero, then some Kerberos library was loaded. */
+    return (krb5_init_context != NULL);
 }
 
 int
 KRB5_error(krb5_error_code rc, LPCSTR FailedFunctionName,
-                 int FreeContextFlag, krb5_context * ctx,
-                 krb5_ccache * cache)
+           int FreeContextFlag, krb5_context * context,
+           krb5_ccache * cache)
 {
     char message[256];
     const char *errText;
     int krb5Error = ((int)(rc & 255));
 
-    /*
-    switch (krb5Error)
-    {
-        // Wrong password
-        case 31:
-        case 8:
-            return;
-    }
-    */
-
-    if (pkrb5_get_error_message)
-        errText = pkrb5_get_error_message(*ctx, rc);
-    else
-        errText = perror_message(rc);
+    errText = krb5_get_error_message(*context, rc);
     StringCbPrintf(message, sizeof(message),
-              "%s\n(Kerberos error %ld)\n\n%s failed",
-              errText,
-              krb5Error,
-              FailedFunctionName);
-    if (pkrb5_free_error_message)
-        pkrb5_free_error_message(*ctx, (char *)errText);
+                   "%s\n(Kerberos error %ld)\n\n%s failed",
+                   errText,
+                   krb5Error,
+                   FailedFunctionName);
+    krb5_free_error_message(*context, (char *)errText);
 
-    if ( IsDebuggerPresent() )
-        OutputDebugString(message);
+    DebugPrintf("%s", message);
 
     MessageBox(NULL, message, "Kerberos Five", MB_OK | MB_ICONERROR |
                MB_TASKMODAL |
                MB_SETFOREGROUND);
-    if (FreeContextFlag == 1)
-    {
-        if (ctx && *ctx != NULL)
-        {
+
+    if (FreeContextFlag == 1) {
+
+        if (context && *context != NULL) {
+
             if (cache && *cache != NULL) {
-                pkrb5_cc_close(*ctx, *cache);
+                krb5_cc_close(*context, *cache);
                 *cache = NULL;
             }
 
-            pkrb5_free_context(*ctx);
-            *ctx = NULL;
+            krb5_free_context(*context);
+            *context = NULL;
         }
     }
 
@@ -712,7 +325,7 @@ KRB5_error(krb5_error_code rc, LPCSTR FailedFunctionName,
 }
 
 void
-KFW_AFS_update_princ_ccache_data(krb5_context ctx, krb5_ccache cc, int lsa)
+KFW_AFS_update_princ_ccache_data(krb5_context context, krb5_ccache cc, int lsa)
 {
     struct principal_ccache_data * next = princ_cc_data;
     krb5_principal principal = 0;
@@ -726,26 +339,28 @@ KFW_AFS_update_princ_ccache_data(krb5_context ctx, krb5_ccache cc, int lsa)
     krb5_creds creds;
     krb5_flags flags=0;
     krb5_timestamp now;
+    size_t len;
 
-    if (ctx == 0 || cc == 0)
+    if (context == 0 || cc == 0)
         return;
 
-    code = pkrb5_cc_get_principal(ctx, cc, &principal);
+    code = krb5_cc_get_principal(context, cc, &principal);
     if ( code ) return;
 
-    code = pkrb5_unparse_name(ctx, principal, &pname);
+    code = krb5_unparse_name(context, principal, &pname);
     if ( code ) goto cleanup;
 
-    ccname = pkrb5_cc_get_name(ctx, cc);
+    ccname = krb5_cc_get_name(context, cc);
     if (!ccname) goto cleanup;
 
-    cctype = pkrb5_cc_get_type(ctx, cc);
+    cctype = krb5_cc_get_type(context, cc);
     if (!cctype) goto cleanup;
 
-    ccfullname = malloc(strlen(ccname) + strlen(cctype) + 2);
+    len = strlen(ccname) + strlen(cctype) + 2;
+    ccfullname = malloc(len);
     if (!ccfullname) goto cleanup;
 
-    StringCbPrintf(ccfullname, sizeof(ccfullname), "%s:%s", cctype, ccname);
+    StringCbPrintf(ccfullname, len, "%s:%s", cctype, ccname);
 
     // Search the existing list to see if we have a match
     if ( next ) {
@@ -770,16 +385,15 @@ KFW_AFS_update_princ_ccache_data(krb5_context ctx, krb5_ccache cc, int lsa)
     }
 
     flags = 0;  // turn off OPENCLOSE mode
-    code = pkrb5_cc_set_flags(ctx, cc, flags);
+    code = krb5_cc_set_flags(context, cc, flags);
     if ( code ) goto cleanup;
 
-    code = pkrb5_timeofday(ctx, &now);
+    code = krb5_timeofday(context, &now);
 
-    cc_code = pkrb5_cc_start_seq_get(ctx, cc, &cur);
-    if (cc_code) goto cleanup;
+    cc_code = krb5_cc_start_seq_get(context, cc, &cur);
 
-    while (!(cc_code = pkrb5_cc_next_cred(ctx, cc, &cur, &creds))) {
-        if ( creds.ticket_flags & TKT_FLG_INITIAL ) {
+    while (!(cc_code = krb5_cc_next_cred(context, cc, &cur, &creds))) {
+        if ( creds.flags.b.initial) {
             int valid;
             // we found the ticket we are looking for
             // check validity of timestamp
@@ -789,7 +403,7 @@ KFW_AFS_update_princ_ccache_data(krb5_context ctx, krb5_ccache cc, int lsa)
             valid = ((creds.times.starttime > 0) &&
                      now >= (creds.times.starttime - 300) &&
                      now < (creds.times.endtime + 300) &&
-                     !(creds.ticket_flags & TKT_FLG_INVALID));
+                     !creds.flags.b.invalid);
 
             if ( next->from_lsa) {
                 next->expired = 0;
@@ -799,39 +413,40 @@ KFW_AFS_update_princ_ccache_data(krb5_context ctx, krb5_ccache cc, int lsa)
                 next->expired = 0;
                 next->expiration_time = creds.times.endtime;
                 next->renew = (creds.times.renew_till > creds.times.endtime) &&
-                               (creds.ticket_flags & TKT_FLG_RENEWABLE);
+                    creds.flags.b.renewable;
             } else {
                 next->expired = 1;
                 next->expiration_time = 0;
                 next->renew = 0;
             }
 
-            pkrb5_free_cred_contents(ctx, &creds);
+            krb5_free_cred_contents(context, &creds);
             cc_code = KRB5_CC_END;
             break;
         }
-        pkrb5_free_cred_contents(ctx, &creds);
+        krb5_free_cred_contents(context, &creds);
     }
 
     if (cc_code == KRB5_CC_END) {
-        code = pkrb5_cc_end_seq_get(ctx, cc, &cur);
+        code = krb5_cc_end_seq_get(context, cc, &cur);
         if (code) goto cleanup;
     }
 
   cleanup:
     flags = KRB5_TC_OPENCLOSE;  //turn on OPENCLOSE
-    code = pkrb5_cc_set_flags(ctx, cc, flags);
+    code = krb5_cc_set_flags(context, cc, flags);
 
     if ( ccfullname)
         free(ccfullname);
     if ( pname )
-        pkrb5_free_unparsed_name(ctx,pname);
+        krb5_free_unparsed_name(context,pname);
     if ( principal )
-        pkrb5_free_principal(ctx,principal);
+        krb5_free_principal(context,principal);
 }
 
 int
-KFW_AFS_find_ccache_for_principal(krb5_context ctx, char * principal, char **ccache, int valid_only)
+KFW_AFS_find_ccache_for_principal(krb5_context context, char * principal,
+                                  char **ccache, int valid_only)
 {
     struct principal_ccache_data * next = princ_cc_data;
     char * response = NULL;
@@ -840,12 +455,12 @@ KFW_AFS_find_ccache_for_principal(krb5_context ctx, char * principal, char **cca
         return 0;
 
     while ( next ) {
-        if ( (!valid_only || !next->expired) && !strcmp(next->principal,principal) ) {
+        if ( (!valid_only || !next->expired) && !strcmp(next->principal, principal) ) {
             if (response) {
                 // we always want to prefer the MS Kerberos LSA cache or
                 // the cache afscreds created specifically for the principal
                 // if the current entry is either one, drop the previous find
-                if ( next->from_lsa || !strcmp(next->ccache_name,principal) )
+                if ( next->from_lsa || !strcmp(next->ccache_name, principal) )
                     free(response);
             }
             response = _strdup(next->ccache_name);
@@ -864,7 +479,7 @@ KFW_AFS_find_ccache_for_principal(krb5_context ctx, char * principal, char **cca
 }
 
 void
-KFW_AFS_delete_princ_ccache_data(krb5_context ctx, char * pname, char * ccname)
+KFW_AFS_delete_princ_ccache_data(krb5_context context, char * pname, char * ccname)
 {
     struct principal_ccache_data ** next = &princ_cc_data;
 
@@ -885,7 +500,7 @@ KFW_AFS_delete_princ_ccache_data(krb5_context ctx, char * pname, char * ccname)
 }
 
 void
-KFW_AFS_update_cell_princ_map(krb5_context ctx, char * cell, char *pname, int active)
+KFW_AFS_update_cell_princ_map(krb5_context context, char * cell, char *pname, int active)
 {
     struct cell_principal_map * next = cell_princ_map;
 
@@ -919,7 +534,7 @@ KFW_AFS_update_cell_princ_map(krb5_context ctx, char * cell, char *pname, int ac
 }
 
 void
-KFW_AFS_delete_cell_princ_maps(krb5_context ctx, char * pname, char * cell)
+KFW_AFS_delete_cell_princ_maps(krb5_context context, char * pname, char * cell)
 {
     struct cell_principal_map ** next = &cell_princ_map;
 
@@ -945,7 +560,7 @@ KFW_AFS_delete_cell_princ_maps(krb5_context ctx, char * pname, char * cell)
 // TODO: Attempt to return one which has not yet expired by checking
 // the principal/ccache data
 int
-KFW_AFS_find_principals_for_cell(krb5_context ctx, char * cell, char **principals[], int active_only)
+KFW_AFS_find_principals_for_cell(krb5_context context, char * cell, char **principals[], int active_only)
 {
     struct cell_principal_map * next_map = cell_princ_map;
     const char * princ = NULL;
@@ -975,7 +590,7 @@ KFW_AFS_find_principals_for_cell(krb5_context ctx, char * cell, char **principal
 }
 
 int
-KFW_AFS_find_cells_for_princ(krb5_context ctx, char * pname, char **cells[], int active_only)
+KFW_AFS_find_cells_for_princ(krb5_context context, char * pname, char **cells[], int active_only)
 {
     int     count = 0, i;
     struct cell_principal_map * next_map = cell_princ_map;
@@ -1004,38 +619,149 @@ KFW_AFS_find_cells_for_princ(krb5_context ctx, char * pname, char **cells[], int
     return count;
 }
 
-/* Given a principal return an existing ccache or create one and return */
+static void
+escape_unsafe_principal_characters(const char * pname,
+                                   char ** new_name)
+{
+    const char * src;
+    char * dest;
+    size_t len = 0;
+
+    /* Count first */
+    for (src = pname; *src != '\0'; ++len, ++src) {
+        if (*src == '\\' || *src == '#' || *src == '<' ||
+            *src == '>' || *src == ':' || *src == '"' ||
+            *src == '/' || *src == '|' || *src == '?' ||
+            *src == '*')
+            ++len;
+    }
+
+    ++len;
+
+    *new_name = (char *) malloc(len);
+
+    if (*new_name == NULL)
+        return;
+
+    for (src = pname, dest = *new_name; *src != '\0'; ++src) {
+        switch (*src) {
+        case '\\': *dest++ = '#'; *dest++ = 'b'; break;
+
+        case '#' : *dest++ = '#'; *dest++ = '#'; break;
+
+        case '<' : *dest++ = '#'; *dest++ = 'l'; break;
+
+        case '>' : *dest++ = '#'; *dest++ = 'g'; break;
+
+        case ':' : *dest++ = '#'; *dest++ = 'c'; break;
+
+        case '"' : *dest++ = '#'; *dest++ = 't'; break;
+
+        case '/' : *dest++ = '#'; *dest++ = 'f'; break;
+
+        case '|' : *dest++ = '#'; *dest++ = 'p'; break;
+
+        case '?' : *dest++ = '#'; *dest++ = 'q'; break;
+
+        case '*' : *dest++ = '#'; *dest++ = 'a'; break;
+
+        default: *dest++ = *src;
+        }
+    }
+
+    *dest++ = '\0';
+}
+
+static void
+get_default_ccache_name_for_principal(krb5_context context, krb5_principal principal,
+                                      char ** cc_name)
+{
+    char * pname = NULL;
+    char * epname = NULL;
+    krb5_error_code code;
+    size_t len = 0;
+    char temppath[MAX_PATH]="";
+
+    *cc_name = NULL;
+
+    code = krb5_unparse_name(context, principal, &pname);
+    if (code) goto cleanup;
+
+    escape_unsafe_principal_characters(pname, &epname);
+
+    len = strlen(epname);
+    len += 21;
+    *cc_name = (char *) malloc(len);
+
+    GetTempPathA(MAX_PATH, temppath);
+    StringCbPrintfA(*cc_name, len, "FILE:%skrb5cc_%s", temppath, epname);
+
+cleanup:
+    if (pname)
+        krb5_free_unparsed_name(context, pname);
+
+    if (epname)
+        free(epname);
+
+    return;
+}
+
+static int
+is_default_ccache_for_principal(krb5_context context, krb5_principal principal,
+                                krb5_ccache cc)
+{
+    const char * cc_name;
+    char * def_cc_name = NULL;
+    const char *bs_cc;
+    const char *bs_def_cc;
+    int is_default;
+
+    cc_name = krb5_cc_get_name(context, cc);
+
+    get_default_ccache_name_for_principal(context, principal, &def_cc_name);
+
+    is_default = (cc_name != NULL && def_cc_name != NULL &&
+
+                  (bs_cc = strrchr(cc_name, '\\')) != NULL &&
+
+                  (bs_def_cc = strrchr(def_cc_name, '\\')) != NULL &&
+
+                  !strcmp(bs_cc, bs_def_cc));
+
+    if (def_cc_name)
+        free(def_cc_name);
+
+    return is_default;
+}
+
+/** Given a principal return an existing ccache or create one and return */
 int
-KFW_get_ccache(krb5_context alt_ctx, krb5_principal principal, krb5_ccache * cc)
+KFW_get_ccache(krb5_context alt_context, krb5_principal principal, krb5_ccache * cc)
 {
-    krb5_context ctx = NULL;
+    krb5_context context = NULL;
     char * pname = NULL;
     char * ccname = NULL;
     krb5_error_code code;
 
-    if (!pkrb5_init_context)
-        return KRB5_CONFIG_CANTOPEN;
-
-    if ( alt_ctx ) {
-        ctx = alt_ctx;
+    if ( alt_context ) {
+        context = alt_context;
     } else {
-        code = pkrb5_init_context(&ctx);
+        code = krb5_init_context(&context);
         if (code) goto cleanup;
     }
 
     if ( principal ) {
-        code = pkrb5_unparse_name(ctx, principal, &pname);
+        code = krb5_unparse_name(context, principal, &pname);
         if (code) goto cleanup;
 
-        if ( !KFW_AFS_find_ccache_for_principal(ctx,pname,&ccname,TRUE) &&
-             !KFW_AFS_find_ccache_for_principal(ctx,pname,&ccname,FALSE)) {
-            size_t len = strlen(pname) + 5;
-            ccname = (char *)malloc(len);
-            StringCbPrintf(ccname, len, "API:%s", pname);
+        if ( !KFW_AFS_find_ccache_for_principal(context,pname,&ccname,TRUE) &&
+             !KFW_AFS_find_ccache_for_principal(context,pname,&ccname,FALSE)) {
+
+            get_default_ccache_name_for_principal(context, principal, &ccname);
         }
-        code = pkrb5_cc_resolve(ctx, ccname, cc);
+        code = krb5_cc_resolve(context, ccname, cc);
     } else {
-        code = pkrb5_cc_default(ctx, cc);
+        code = krb5_cc_default(context, cc);
         if (code) goto cleanup;
     }
 
@@ -1043,61 +769,50 @@ KFW_get_ccache(krb5_context alt_ctx, krb5_principal principal, krb5_ccache * cc)
     if (ccname)
         free(ccname);
     if (pname)
-        pkrb5_free_unparsed_name(ctx,pname);
-    if (ctx && (ctx != alt_ctx))
-        pkrb5_free_context(ctx);
+        krb5_free_unparsed_name(context,pname);
+    if (context && (context != alt_context))
+        krb5_free_context(context);
     return(code);
 }
 
 #ifdef USE_MS2MIT
+
 // Import Microsoft Credentials into a new MIT ccache
 void
 KFW_import_windows_lsa(void)
 {
-    krb5_context ctx = NULL;
+    krb5_context context = NULL;
     krb5_ccache  cc = NULL;
     krb5_principal princ = NULL;
     char * pname = NULL;
-    krb5_data *  princ_realm;
+    const char *  princ_realm;
     krb5_error_code code;
     char cell[128]="", realm[128]="", *def_realm = 0;
-    unsigned int i;
-    DWORD dwMsLsaImport;
-
-    if (!pkrb5_init_context)
-        return;
+    DWORD dwMsLsaImport = 1;
 
-    code = pkrb5_init_context(&ctx);
+    code = krb5_init_context(&context);
     if (code) goto cleanup;
 
-    code = pkrb5_cc_resolve(ctx, LSA_CCNAME, &cc);
+    code = krb5_cc_resolve(context, LSA_CCNAME, &cc);
     if (code) goto cleanup;
 
-    KFW_AFS_update_princ_ccache_data(ctx, cc, TRUE);
+    KFW_AFS_update_princ_ccache_data(context, cc, TRUE);
 
-    code = pkrb5_cc_get_principal(ctx, cc, &princ);
+    code = krb5_cc_get_principal(context, cc, &princ);
     if ( code ) goto cleanup;
 
-#ifdef USE_LEASH
-    dwMsLsaImport = pLeash_get_default_mslsa_import ? pLeash_get_default_mslsa_import() : 1;
-#else
-    dwMsLsaImport = 1;
-#endif
+    dwMsLsaImport = KFW_get_default_mslsa_import(context);
     switch ( dwMsLsaImport ) {
     case 0: /* do not import */
         goto cleanup;
     case 1: /* always import */
         break;
     case 2: { /* matching realm */
-        char ms_realm[128] = "", *r;
-        unsigned int j;
+        const char *ms_realm;
 
-        for ( r=ms_realm, j=0; j<krb5_princ_realm(ctx, princ)->length; r++, j++ ) {
-            *r = krb5_princ_realm(ctx, princ)->data[j];
-        }
-        *r = '\0';
+        ms_realm = krb5_principal_get_realm(context, princ);
 
-        if (code = pkrb5_get_default_realm(ctx, &def_realm))
+        if (code = krb5_get_default_realm(context, &def_realm))
             goto cleanup;
 
         if (strcmp(def_realm, ms_realm))
@@ -1108,241 +823,265 @@ KFW_import_windows_lsa(void)
         break;
     }
 
-    code = pkrb5_unparse_name(ctx,princ,&pname);
+    code = krb5_unparse_name(context,princ,&pname);
     if ( code ) goto cleanup;
 
-    princ_realm = krb5_princ_realm(ctx, princ);
-    for ( i=0; i<princ_realm->length; i++ ) {
-        realm[i] = princ_realm->data[i];
-        cell[i] = tolower(princ_realm->data[i]);
-    }
-    cell[i] = '\0';
-    realm[i] = '\0';
+    princ_realm = krb5_principal_get_realm(context, princ);
+    StringCchCopyA(realm, sizeof(realm), princ_realm);
+    StringCchCopyA(cell, sizeof(cell), princ_realm);
+    strlwr(cell);
+
+    code = KFW_AFS_klog(context, cc, "afs", cell, realm,
+                        KFW_get_default_lifetime(context, realm), NULL);
+
+    DebugPrintf("KFW_AFS_klog() returns: %d\n", code);
 
-    code = KFW_AFS_klog(ctx, cc, "afs", cell, realm, DEFAULT_LIFETIME, NULL);
-    if ( IsDebuggerPresent() ) {
-        char message[256];
-        StringCbPrintf(message, sizeof(message), "KFW_AFS_klog() returns: %d\n", code);
-        OutputDebugString(message);
-    }
     if ( code ) goto cleanup;
 
-    KFW_AFS_update_cell_princ_map(ctx, cell, pname, TRUE);
+    KFW_AFS_update_cell_princ_map(context, cell, pname, TRUE);
 
   cleanup:
     if (pname)
-        pkrb5_free_unparsed_name(ctx,pname);
+        krb5_free_unparsed_name(context,pname);
     if (princ)
-        pkrb5_free_principal(ctx,princ);
+        krb5_free_principal(context,princ);
     if (def_realm)
-        pkrb5_free_default_realm(ctx, def_realm);
+        krb5_free_default_realm(context, def_realm);
     if (cc)
-        pkrb5_cc_close(ctx,cc);
-    if (ctx)
-        pkrb5_free_context(ctx);
+        krb5_cc_close(context,cc);
+    if (context)
+        krb5_free_context(context);
 }
 #endif /* USE_MS2MIT */
 
-// If there are existing MIT credentials, copy them to a new
-// ccache named after the principal
-
-// Enumerate all existing MIT ccaches and construct entries
-// in the principal_ccache table
-
-// Enumerate all existing AFS Tokens and construct entries
-// in the cell_principal table
-void
-KFW_import_ccache_data(void)
+static krb5_boolean
+get_canonical_ccache(krb5_context context, krb5_ccache * pcc)
 {
-    krb5_context ctx = NULL;
-    krb5_ccache  cc = NULL;
-    krb5_principal principal = NULL;
-    krb5_creds creds;
     krb5_error_code code;
-    krb5_error_code cc_code;
-    krb5_cc_cursor cur;
-    apiCB * cc_ctx = NULL;
-    struct _infoNC ** pNCi = NULL;
-    int i, j, flags;
+    krb5_ccache cc = *pcc;
+    krb5_principal principal = 0;
 
-    if ( !pcc_initialize )
-        return;
+    code = krb5_cc_get_principal(context, cc, &principal);
+    if (code)
+        return FALSE;
 
-    if ( IsDebuggerPresent() )
-        OutputDebugString("KFW_import_ccache_data()\n");
+    if ( !is_default_ccache_for_principal(context, principal, cc)
+         && strcmp(krb5_cc_get_type(context, cc), LSA_CCTYPE) != 0) {
 
-    code = pcc_initialize(&cc_ctx, CC_API_VER_2, NULL, NULL);
-    if (code) goto cleanup;
+        char * def_cc_name = NULL;
+        krb5_ccache def_cc = 0;
+        krb5_principal def_cc_princ = 0;
 
-    code = pcc_get_NC_info(cc_ctx, &pNCi);
-    if (code) goto cleanup;
+        do {
+            get_default_ccache_name_for_principal(context, principal, &def_cc_name);
 
-    code = pkrb5_init_context(&ctx);
-    if (code) goto cleanup;
+            code = krb5_cc_resolve(context, def_cc_name, &def_cc);
+            if (code) break;
 
-    for ( i=0; pNCi[i]; i++ ) {
-        if ( pNCi[i]->vers != CC_CRED_V5 )
-            continue;
-        if ( IsDebuggerPresent() ) {
-            OutputDebugString("Principal: ");
-            OutputDebugString(pNCi[i]->principal);
-            OutputDebugString(" in ccache ");
-            OutputDebugString(pNCi[i]->name);
-            OutputDebugString("\n");
-        }
-        if ( strcmp(pNCi[i]->name,pNCi[i]->principal)
-             && strcmp(pNCi[i]->name,LSA_CCNAME)
-             ) {
-            int found = 0;
-            for ( j=0; pNCi[j]; j++ ) {
-                if (!strcmp(pNCi[j]->name,pNCi[i]->principal)) {
-                    found = 1;
+            code = krb5_cc_get_principal(context, def_cc, &def_cc_princ);
+            if (code || !krb5_principal_compare(context, def_cc_princ, principal)) {
+                /* def_cc either doesn't exist or is home to an
+                 * imposter. */
+
+                DebugPrintf("Copying ccache [%s:%s]->[%s:%s]",
+                            krb5_cc_get_type(context, cc), krb5_cc_get_name(context, cc),
+                            krb5_cc_get_type(context, def_cc),
+                            krb5_cc_get_name(context, def_cc));
+
+                code = krb5_cc_initialize(context, def_cc, principal);
+                if (code) break;
+
+                code = krb5_cc_copy_creds(context, cc, def_cc);
+                if (code) {
+                    KRB5_error(code, "krb5_cc_copy_creds", 0, NULL, NULL);
                     break;
                 }
+
+                code = krb5_cc_close(context, cc);
+
+                cc = def_cc;
+                def_cc = 0;
             }
+        } while (FALSE);
 
-            code = pkrb5_cc_resolve(ctx, pNCi[i]->principal, &cc);
-            if (code) goto loop_cleanup;
+        if (def_cc)
+            krb5_cc_close(context, def_cc);
 
-            if (!found) {
-                krb5_ccache oldcc = 0;
+        if (def_cc_princ)
+            krb5_free_principal(context, def_cc_princ);
 
-                if ( IsDebuggerPresent() )
-                    OutputDebugString("copying ccache data to new ccache\n");
+        if (def_cc_name)
+            free(def_cc_name);
+    }
 
-                code = pkrb5_parse_name(ctx, pNCi[i]->principal, &principal);
-                if (code) goto loop_cleanup;
-                code = pkrb5_cc_initialize(ctx, cc, principal);
-                if (code) goto loop_cleanup;
+    if (principal)
+        krb5_free_principal(context, principal);
 
-                code = pkrb5_cc_resolve(ctx, pNCi[i]->name, &oldcc);
-                if (code) goto loop_cleanup;
-                code = pkrb5_cc_copy_creds(ctx,oldcc,cc);
-                if (code) {
-                    code = pkrb5_cc_close(ctx,cc);
-                    cc = 0;
-                    code = pkrb5_cc_close(ctx,oldcc);
-                    oldcc = 0;
-                    KRB5_error(code, "krb5_cc_copy_creds", 0, NULL, NULL);
-                    continue;
-                }
-                code = pkrb5_cc_close(ctx,oldcc);
+    if (code == 0 && cc != 0) {
+        *pcc = cc;
+        return TRUE;
+    }
+
+    *pcc = cc;
+    return FALSE;
+}
+
+static krb5_error_code
+check_and_get_tokens_for_ccache(krb5_context context, krb5_ccache cc)
+{
+    krb5_error_code code = 0;
+    krb5_error_code cc_code = 0;
+    krb5_cc_cursor  cur;
+    krb5_creds      creds;
+    char * principal_name = NULL;
+
+    {
+        krb5_principal principal = 0;
+        code = krb5_cc_get_principal(context, cc, &principal);
+
+        if (code == 0)
+            code = krb5_unparse_name(context, principal, &principal_name);
+
+        if (principal)
+            krb5_free_principal(context, principal);
+    }
+
+    if (code != 0) {
+        if (principal_name)
+            krb5_free_unparsed_name(context, principal_name);
+        return code;
+    }
+
+    cc_code = krb5_cc_start_seq_get(context, cc, &cur);
+
+    while (!(cc_code = krb5_cc_next_cred(context, cc, &cur, &creds))) {
+
+        const char * sname = krb5_principal_get_comp_string(context, creds.server, 0);
+        const char * cell  = krb5_principal_get_comp_string(context, creds.server, 1);
+        const char * realm = krb5_principal_get_realm(context, creds.server);
+
+        if ( sname && cell && !strcmp("afs",sname) ) {
+
+            struct ktc_principal    aserver;
+            struct ktc_principal    aclient;
+            struct ktc_token       atoken;
+            int active = TRUE;
+
+            DebugPrintf("Found AFS ticket: %s%s%s@%s\n",
+                        sname, (cell ? "/":""), (cell? cell : ""), realm);
+
+            memset(&aserver, '\0', sizeof(aserver));
+            StringCbCopy(aserver.name, sizeof(aserver.name), sname);
+            StringCbCopy(aserver.cell, sizeof(aserver.cell), cell);
+
+            code = ktc_GetToken(&aserver, &atoken, sizeof(atoken), &aclient);
+            if (!code) {
+                // Found a token in AFS Client Server which matches
+
+                char pname[128], *p, *q;
+
+                for ( p=pname, q=aclient.name; *q; p++, q++)
+                    *p = *q;
+
+                for ( *p++ = '@', q=aclient.cell; *q; p++, q++)
+                    *p = toupper(*q);
+
+                *p = '\0';
+
+                DebugPrintf("Found AFS token: %s\n", pname);
+
+                if (strcmp(pname, principal_name) != 0)
+                    active = FALSE;
+
+                KFW_AFS_update_cell_princ_map(context, cell, principal_name, active);
+
+            } else {
+                // Attempt to import it
+
+                KFW_AFS_update_cell_princ_map(context, cell, principal_name, active);
+
+                DebugPrintf("Calling KFW_AFS_klog() to obtain token\n");
+
+                code = KFW_AFS_klog(context, cc, "afs", cell, realm,
+                                    KFW_get_default_lifetime(context, realm), NULL);
+
+                DebugPrintf("KFW_AFS_klog() returns: %d\n", code);
             }
+
         } else {
-            code = pkrb5_cc_resolve(ctx, pNCi[i]->name, &cc);
-            if (code) goto loop_cleanup;
+
+            DebugPrintf("Found ticket: %s%s%s@%s\n", sname,
+                        (cell? "/":""), (cell? cell:""), realm);
         }
 
-        flags = 0;  // turn off OPENCLOSE mode
-        code = pkrb5_cc_set_flags(ctx, cc, flags);
-        if ( code ) goto cleanup;
+        krb5_free_cred_contents(context, &creds);
+    }
 
-        KFW_AFS_update_princ_ccache_data(ctx, cc, !strcmp(pNCi[i]->name,LSA_CCNAME));
-
-        cc_code = pkrb5_cc_start_seq_get(ctx, cc, &cur);
-        if (cc_code) goto cleanup;
-
-        while (!(cc_code = pkrb5_cc_next_cred(ctx, cc, &cur, &creds))) {
-            krb5_data * sname = krb5_princ_name(ctx, creds.server);
-            krb5_data * cell  = krb5_princ_component(ctx, creds.server, 1);
-            krb5_data * realm = krb5_princ_realm(ctx, creds.server);
-            if ( sname && cell && !strcmp("afs",sname->data) ) {
-                struct ktc_principal    aserver;
-                struct ktc_principal    aclient;
-                struct ktc_token       atoken;
-                int active = TRUE;
-
-                if ( IsDebuggerPresent() )  {
-                    OutputDebugString("Found AFS ticket: ");
-                    OutputDebugString(sname->data);
-                    if ( cell->data ) {
-                        OutputDebugString("/");
-                        OutputDebugString(cell->data);
-                    }
-                    OutputDebugString("@");
-                    OutputDebugString(realm->data);
-                    OutputDebugString("\n");
-                }
+    if (cc_code == KRB5_CC_END) {
+        cc_code = krb5_cc_end_seq_get(context, cc, &cur);
+    }
 
-                memset(&aserver, '\0', sizeof(aserver));
-                StringCbCopyN( aserver.name, sizeof(aserver.name),
-                               sname->data, sizeof(aserver.name) - 1);
-                StringCbCopyN( aserver.cell, sizeof(aserver.cell),
-                               cell->data, sizeof(aserver.cell) - 1);
+    return code;
+}
 
-                code = ktc_GetToken(&aserver, &atoken, sizeof(atoken), &aclient);
-                if (!code) {
-                    // Found a token in AFS Client Server which matches
-                    char pname[128], *p, *q;
-                    for ( p=pname, q=aclient.name; *q; p++, q++)
-                        *p = *q;
-                    for ( *p++ = '@', q=aclient.cell; *q; p++, q++)
-                        *p = toupper(*q);
-                    *p = '\0';
-
-                    if ( IsDebuggerPresent() )  {
-                        OutputDebugString("Found AFS token: ");
-                        OutputDebugString(pname);
-                        OutputDebugString("\n");
-                    }
+// If there are existing MIT credentials, copy them to a new
+// ccache named after the principal
 
-                    if ( strcmp(pname,pNCi[i]->principal)  )
-                        active = FALSE;
-                    KFW_AFS_update_cell_princ_map(ctx, cell->data, pNCi[i]->principal, active);
-                } else {
-                    // Attempt to import it
-                    KFW_AFS_update_cell_princ_map(ctx, cell->data, pNCi[i]->principal, active);
+// Enumerate all existing MIT ccaches and construct entries
+// in the principal_ccache table
 
-                    if ( IsDebuggerPresent() )  {
-                        OutputDebugString("Calling KFW_AFS_klog() to obtain token\n");
-                    }
+// Enumerate all existing AFS Tokens and construct entries
+// in the cell_principal table
+void
+KFW_import_ccache_data(void)
+{
+    krb5_context context = NULL;
+    krb5_ccache  cc;
+    krb5_error_code code;
+    krb5_cccol_cursor cccol_cur;
+    int flags;
 
-                    code = KFW_AFS_klog(ctx, cc, "afs", cell->data, realm->data, DEFAULT_LIFETIME, NULL);
-                    if ( IsDebuggerPresent() ) {
-                        char message[256];
-                        StringCbPrintf(message, sizeof(message), "KFW_AFS_klog() returns: %d\n", code);
-                        OutputDebugString(message);
-                    }
-                }
-            } else if ( IsDebuggerPresent() ) {
-                OutputDebugString("Found ticket: ");
-                OutputDebugString(sname->data);
-                if ( cell && cell->data ) {
-                    OutputDebugString("/");
-                    OutputDebugString(cell->data);
-                }
-                OutputDebugString("@");
-                OutputDebugString(realm->data);
-                OutputDebugString("\n");
-            }
-            pkrb5_free_cred_contents(ctx, &creds);
-        }
+    if ( IsDebuggerPresent() )
+        OutputDebugString("KFW_import_ccache_data()\n");
+
+    code = krb5_init_context(&context);
+    if (code) goto cleanup;
+
+    code = krb5_cccol_cursor_new(context, &cccol_cur);
+    if (code) goto cleanup;
 
-        if (cc_code == KRB5_CC_END) {
-            cc_code = pkrb5_cc_end_seq_get(ctx, cc, &cur);
-            if (cc_code) goto loop_cleanup;
+    while ((code = krb5_cccol_cursor_next(context, cccol_cur, &cc)) == 0 && cc != NULL) {
+
+        if (!get_canonical_ccache(context, &cc)) {
+            if (cc)
+                krb5_cc_close(context, cc);
+            continue;
         }
 
-      loop_cleanup:
+        /* Turn off OPENCLOSE mode */
+        code = krb5_cc_set_flags(context, cc, 0);
+        if ( code ) goto cleanup;
+
+        KFW_AFS_update_princ_ccache_data(context, cc,
+                                         !strcmp(krb5_cc_get_type(context, cc),
+                                                 LSA_CCTYPE));
+
+        check_and_get_tokens_for_ccache(context, cc);
+
         flags = KRB5_TC_OPENCLOSE;  //turn on OPENCLOSE
-        code = pkrb5_cc_set_flags(ctx, cc, flags);
+        code = krb5_cc_set_flags(context, cc, flags);
+
         if (cc) {
-            pkrb5_cc_close(ctx,cc);
+            krb5_cc_close(context,cc);
             cc = 0;
         }
-        if (principal) {
-            pkrb5_free_principal(ctx,principal);
-            principal = 0;
-        }
     }
 
+    krb5_cccol_cursor_free(context, &cccol_cur);
+
   cleanup:
-    if (ctx)
-        pkrb5_free_context(ctx);
-    if (pNCi)
-        pcc_free_NC_info(cc_ctx, &pNCi);
-    if (cc_ctx)
-        pcc_shutdown(&cc_ctx);
+    if (context)
+        krb5_free_context(context);
 }
 
 
@@ -1355,7 +1094,7 @@ KFW_AFS_get_cred( char * username,
                   char ** reasonP )
 {
     static char reason[1024]="";
-    krb5_context ctx = NULL;
+    krb5_context context = NULL;
     krb5_ccache cc = NULL;
     char * realm = NULL, * userrealm = NULL;
     krb5_principal principal = NULL;
@@ -1367,26 +1106,17 @@ KFW_AFS_get_cred( char * username,
     struct afsconf_cell cellconfig;
     char * dot;
 
-    if (!pkrb5_init_context)
-        return KRB5_CONFIG_CANTOPEN;
-
-    if ( IsDebuggerPresent() ) {
-        OutputDebugString("KFW_AFS_get_cred for token ");
-        OutputDebugString(username);
-        OutputDebugString(" in cell ");
-        OutputDebugString(cell);
-        OutputDebugString("\n");
-    }
+    DebugPrintf("KFW_AFS_get_cred for token %s in cell %s\n", username, cell);
 
     memset(&cellconfig, 0, sizeof(cellconfig));
 
-    code = pkrb5_init_context(&ctx);
+    code = krb5_init_context(&context);
     if ( code ) goto cleanup;
 
     code = KFW_AFS_get_cellconfig( cell, (void*)&cellconfig, local_cell);
     if ( code ) goto cleanup;
 
-    realm = afs_realm_of_cell(ctx, &cellconfig);  // do not free
+    realm = afs_realm_of_cell(context, &cellconfig);  // do not free
 
     userrealm = strchr(username,'@');
     if ( userrealm ) {
@@ -1429,24 +1159,17 @@ KFW_AFS_get_cred( char * username,
         OutputDebugString("\n");
     }
 
-    code = pkrb5_parse_name(ctx, pname, &principal);
+    code = krb5_parse_name(context, pname, &principal);
     if ( code ) goto cleanup;
 
-    code = KFW_get_ccache(ctx, principal, &cc);
+    code = KFW_get_ccache(context, principal, &cc);
     if ( code ) goto cleanup;
 
     if ( lifetime == 0 )
-        lifetime = DEFAULT_LIFETIME;
+        lifetime = KFW_get_default_lifetime(context, realm);
 
-    code = KFW_AFS_klog(ctx, cc, "afs", cell, realm, lifetime, smbname);
-    if ( IsDebuggerPresent() ) {
-        char message[256];
-        StringCbPrintf(message, sizeof(message), "KFW_AFS_klog() returns: %d\n", code);
-        OutputDebugString(message);
-    }
-
-    if (code && password && password[0] ) {
-        code = KFW_kinit( ctx, cc, HWND_DESKTOP,
+    if ( password && password[0] ) {
+        code = KFW_kinit( context, cc, HWND_DESKTOP,
                           pname,
                           password,
                           lifetime,
@@ -1472,10 +1195,10 @@ KFW_AFS_get_cred( char * username,
         }
         if ( code ) goto cleanup;
 
-        KFW_AFS_update_princ_ccache_data(ctx, cc, FALSE);
+        KFW_AFS_update_princ_ccache_data(context, cc, FALSE);
     }
 
-    code = KFW_AFS_klog(ctx, cc, "afs", cell, realm, lifetime, smbname);
+    code = KFW_AFS_klog(context, cc, "afs", cell, realm, lifetime, smbname);
     if ( IsDebuggerPresent() ) {
         char message[256];
         StringCbPrintf(message, sizeof(message), "KFW_AFS_klog() returns: %d\n", code);
@@ -1483,11 +1206,11 @@ KFW_AFS_get_cred( char * username,
     }
     if ( code ) goto cleanup;
 
-    KFW_AFS_update_cell_princ_map(ctx, cell, pname, TRUE);
+    KFW_AFS_update_cell_princ_map(context, cell, pname, TRUE);
 
     // Attempt to obtain new tokens for other cells supported by the same
     // principal
-    cell_count = KFW_AFS_find_cells_for_princ(ctx, pname, &cells, TRUE);
+    cell_count = KFW_AFS_find_cells_for_princ(context, pname, &cells, TRUE);
     if ( cell_count > 1 ) {
         while ( cell_count-- ) {
             if ( strcmp(cells[cell_count],cell) ) {
@@ -1505,14 +1228,14 @@ KFW_AFS_get_cred( char * username,
                 code = KFW_AFS_get_cellconfig( cells[cell_count], (void*)&cellconfig, local_cell);
                 if ( code ) continue;
 
-                realm = afs_realm_of_cell(ctx, &cellconfig);  // do not free
+                realm = afs_realm_of_cell(context, &cellconfig);  // do not free
                 if ( IsDebuggerPresent() ) {
                     OutputDebugString("Realm: ");
                     OutputDebugString(realm);
                     OutputDebugString("\n");
                 }
 
-                code = KFW_AFS_klog(ctx, cc, "afs", cells[cell_count], realm, lifetime, smbname);
+                code = KFW_AFS_klog(context, cc, "afs", cells[cell_count], realm, lifetime, smbname);
                 if ( IsDebuggerPresent() ) {
                     char message[256];
                     StringCbPrintf(message, sizeof(message), "KFW_AFS_klog() returns: %d\n", code);
@@ -1531,25 +1254,16 @@ KFW_AFS_get_cred( char * username,
     if ( pname )
         free(pname);
     if ( cc )
-        pkrb5_cc_close(ctx, cc);
+        krb5_cc_close(context, cc);
     if ( cellconfig.linkedCell )
         free(cellconfig.linkedCell);
 
     if ( code && reasonP ) {
-        int freemsg = 0;
-        char *msg = (char *)afs_error_message(code);
-        if (strncmp(msg, "unknown", strlen(msg)) == 0) {
-            if (pkrb5_get_error_message) {
-                msg = pkrb5_get_error_message(ctx, code);
-                freemsg = 1;
-            } else
-                msg = (char *)perror_message(code);
-        }
+        const char *msg = krb5_get_error_message(context, code);
         StringCbCopyN( reason, sizeof(reason),
                        msg, sizeof(reason) - 1);
         *reasonP = reason;
-        if (freemsg)
-            pkrb5_free_error_message(ctx, msg);
+        krb5_free_error_message(context, msg);
     }
     return(code);
 }
@@ -1557,30 +1271,23 @@ KFW_AFS_get_cred( char * username,
 int
 KFW_AFS_destroy_tickets_for_cell(char * cell)
 {
-    krb5_context       ctx = NULL;
+    krb5_context       context = NULL;
     krb5_error_code    code;
     int count;
     char ** principals = NULL;
 
-    if (!pkrb5_init_context)
-        return KRB5_CONFIG_CANTOPEN;
-
-    if ( IsDebuggerPresent() ) {
-        OutputDebugString("KFW_AFS_destroy_tickets_for_cell: ");
-        OutputDebugString(cell);
-        OutputDebugString("\n");
-    }
+    DebugPrintf("KFW_AFS_destroy_tickets_for_cell: %s\n", cell);
 
-    code = pkrb5_init_context(&ctx);
-    if (code) ctx = 0;
+    code = krb5_init_context(&context);
+    if (code) context = 0;
 
-    count = KFW_AFS_find_principals_for_cell(ctx, cell, &principals, FALSE);
+    count = KFW_AFS_find_principals_for_cell(context, cell, &principals, FALSE);
     if ( count > 0 ) {
         krb5_principal      princ = 0;
         krb5_ccache                    cc  = 0;
 
         while ( count-- ) {
-            int cell_count = KFW_AFS_find_cells_for_princ(ctx, principals[count], NULL, TRUE);
+            int cell_count = KFW_AFS_find_cells_for_princ(context, principals[count], NULL, TRUE);
             if ( cell_count > 1 ) {
                 // TODO - What we really should do here is verify whether or not any of the
                 // other cells which use this principal to obtain its credentials actually
@@ -1590,87 +1297,81 @@ KFW_AFS_destroy_tickets_for_cell(char * cell)
                 goto loop_cleanup;
             }
 
-            code = pkrb5_parse_name(ctx, principals[count], &princ);
+            code = krb5_parse_name(context, principals[count], &princ);
             if (code) goto loop_cleanup;
 
-            code = KFW_get_ccache(ctx, princ, &cc);
+            code = KFW_get_ccache(context, princ, &cc);
             if (code) goto loop_cleanup;
 
-            code = pkrb5_cc_destroy(ctx, cc);
+            code = krb5_cc_destroy(context, cc);
             if (!code) cc = 0;
 
           loop_cleanup:
             if ( cc ) {
-                pkrb5_cc_close(ctx, cc);
+                krb5_cc_close(context, cc);
                 cc = 0;
             }
             if ( princ ) {
-                pkrb5_free_principal(ctx, princ);
+                krb5_free_principal(context, princ);
                 princ = 0;
             }
 
-            KFW_AFS_update_cell_princ_map(ctx, cell, principals[count], FALSE);
+            KFW_AFS_update_cell_princ_map(context, cell, principals[count], FALSE);
             free(principals[count]);
         }
         free(principals);
     }
-    if (ctx)
-               pkrb5_free_context(ctx);
+    if (context)
+               krb5_free_context(context);
     return 0;
 }
 
 int
 KFW_AFS_destroy_tickets_for_principal(char * user)
 {
-    krb5_context       ctx = NULL;
+    krb5_context       context = NULL;
     krb5_error_code    code;
     int count;
     char ** cells = NULL;
     krb5_principal      princ = NULL;
     krb5_ccache                cc  = NULL;
 
-    if (!pkrb5_init_context)
-        return KRB5_CONFIG_CANTOPEN;
+    DebugPrintf("KFW_AFS_destroy_tickets_for_user: %s\n", user);
 
-    if ( IsDebuggerPresent() ) {
-        OutputDebugString("KFW_AFS_destroy_tickets_for_user: ");
-        OutputDebugString(user);
-        OutputDebugString("\n");
-    }
-
-    code = pkrb5_init_context(&ctx);
+    code = krb5_init_context(&context);
     if (code) return 0;
 
-    code = pkrb5_parse_name(ctx, user, &princ);
+    code = krb5_parse_name(context, user, &princ);
     if (code) goto loop_cleanup;
 
-    code = KFW_get_ccache(ctx, princ, &cc);
+    code = KFW_get_ccache(context, princ, &cc);
     if (code) goto loop_cleanup;
 
-    code = pkrb5_cc_destroy(ctx, cc);
+    code = krb5_cc_destroy(context, cc);
     if (!code) cc = 0;
 
   loop_cleanup:
     if ( cc ) {
-        pkrb5_cc_close(ctx, cc);
+        krb5_cc_close(context, cc);
         cc = 0;
     }
     if ( princ ) {
-        pkrb5_free_principal(ctx, princ);
+        krb5_free_principal(context, princ);
         princ = 0;
     }
 
-    count = KFW_AFS_find_cells_for_princ(ctx, user, &cells, TRUE);
+    count = KFW_AFS_find_cells_for_princ(context, user, &cells, TRUE);
     if ( count >= 1 ) {
         while ( count-- ) {
-            KFW_AFS_update_cell_princ_map(ctx, cells[count], user, FALSE);
+            KFW_AFS_update_cell_princ_map(context, cells[count], user, FALSE);
             free(cells[count]);
         }
         free(cells);
     }
 
-    if (ctx)
-        pkrb5_free_context(ctx);
+    if (context)
+        krb5_free_context(context);
+
     return 0;
 }
 
@@ -1678,7 +1379,7 @@ int
 KFW_AFS_renew_expiring_tokens(void)
 {
     krb5_error_code     code = 0;
-    krb5_context       ctx = NULL;
+    krb5_context       context = NULL;
     krb5_ccache                cc = NULL;
     krb5_timestamp now;
     struct principal_ccache_data * pcc_next = princ_cc_data;
@@ -1688,9 +1389,6 @@ KFW_AFS_renew_expiring_tokens(void)
     char local_cell[CELL_MAXNAMELEN+1]="";
     struct afsconf_cell cellconfig;
 
-    if (!pkrb5_init_context)
-        return KRB5_CONFIG_CANTOPEN;
-
     if ( pcc_next == NULL ) // nothing to do
         return 0;
 
@@ -1700,10 +1398,10 @@ KFW_AFS_renew_expiring_tokens(void)
 
     memset(&cellconfig, 0, sizeof(cellconfig));
 
-    code = pkrb5_init_context(&ctx);
+    code = krb5_init_context(&context);
     if (code) goto cleanup;
 
-    code = pkrb5_timeofday(ctx, &now);
+    code = krb5_timeofday(context, &now);
     if (code) goto cleanup;
 
     for ( ; pcc_next ; pcc_next = pcc_next->next ) {
@@ -1718,22 +1416,22 @@ KFW_AFS_renew_expiring_tokens(void)
         }
 
         if ( pcc_next->renew && now >= (pcc_next->expiration_time - cminRENEW * csec1MINUTE) ) {
-            code = pkrb5_cc_resolve(ctx, pcc_next->ccache_name, &cc);
+            code = krb5_cc_resolve(context, pcc_next->ccache_name, &cc);
             if ( code )
-                               goto loop_cleanup;
-            code = KFW_renew(ctx,cc);
+                goto loop_cleanup;
+            code = KFW_renew(context,cc);
 #ifdef USE_MS2MIT
             if ( code && pcc_next->from_lsa)
                 goto loop_cleanup;
 #endif /* USE_MS2MIT */
 
 
-            KFW_AFS_update_princ_ccache_data(ctx, cc, pcc_next->from_lsa);
+            KFW_AFS_update_princ_ccache_data(context, cc, pcc_next->from_lsa);
             if (code) goto loop_cleanup;
 
             // Attempt to obtain new tokens for other cells supported by the same
             // principal
-            cell_count = KFW_AFS_find_cells_for_princ(ctx, pcc_next->principal, &cells, TRUE);
+            cell_count = KFW_AFS_find_cells_for_princ(context, pcc_next->principal, &cells, TRUE);
             if ( cell_count > 0 ) {
                 while ( cell_count-- ) {
                     if ( IsDebuggerPresent() ) {
@@ -1747,13 +1445,13 @@ KFW_AFS_renew_expiring_tokens(void)
                     }
                     code = KFW_AFS_get_cellconfig( cells[cell_count], (void*)&cellconfig, local_cell);
                     if ( code ) continue;
-                    realm = afs_realm_of_cell(ctx, &cellconfig);  // do not free
+                    realm = afs_realm_of_cell(context, &cellconfig);  // do not free
                     if ( IsDebuggerPresent() ) {
                         OutputDebugString("Realm: ");
                         OutputDebugString(realm);
                         OutputDebugString("\n");
                     }
-                    code = KFW_AFS_klog(ctx, cc, "afs", cells[cell_count], (char *)realm, 0, NULL);
+                    code = KFW_AFS_klog(context, cc, "afs", cells[cell_count], (char *)realm, 0, NULL);
                     if ( IsDebuggerPresent() ) {
                         char message[256];
                         StringCbPrintf(message, sizeof(message), "KFW_AFS_klog() returns: %d\n", code);
@@ -1767,16 +1465,16 @@ KFW_AFS_renew_expiring_tokens(void)
 
       loop_cleanup:
         if ( cc ) {
-            pkrb5_cc_close(ctx,cc);
+            krb5_cc_close(context,cc);
             cc = 0;
         }
     }
 
   cleanup:
     if ( cc )
-        pkrb5_cc_close(ctx,cc);
-    if ( ctx )
-        pkrb5_free_context(ctx);
+        krb5_cc_close(context,cc);
+    if ( context )
+        krb5_free_context(context);
     if (cellconfig.linkedCell)
         free(cellconfig.linkedCell);
 
@@ -1788,29 +1486,26 @@ BOOL
 KFW_AFS_renew_token_for_cell(char * cell)
 {
     krb5_error_code     code = 0;
-    krb5_context       ctx = NULL;
+    krb5_context       context = NULL;
     int count;
     char ** principals = NULL;
 
-    if (!pkrb5_init_context)
-        return KRB5_CONFIG_CANTOPEN;
-
     if ( IsDebuggerPresent() ) {
         OutputDebugString("KFW_AFS_renew_token_for_cell:");
         OutputDebugString(cell);
         OutputDebugString("\n");
     }
 
-    code = pkrb5_init_context(&ctx);
+    code = krb5_init_context(&context);
     if (code) goto cleanup;
 
-    count = KFW_AFS_find_principals_for_cell(ctx, cell, &principals, TRUE);
+    count = KFW_AFS_find_principals_for_cell(context, cell, &principals, TRUE);
     if ( count == 0 ) {
         // We know we must have a credential somewhere since we are
         // trying to renew a token
 
         KFW_import_ccache_data();
-        count = KFW_AFS_find_principals_for_cell(ctx, cell, &principals, TRUE);
+        count = KFW_AFS_find_principals_for_cell(context, cell, &principals, TRUE);
     }
     if ( count > 0 ) {
         krb5_principal      princ = 0;
@@ -1826,10 +1521,10 @@ KFW_AFS_renew_token_for_cell(char * cell)
         memset(&cellconfig, 0, sizeof(cellconfig));
 
         while ( count-- ) {
-            code = pkrb5_parse_name(ctx, principals[count], &princ);
+            code = krb5_parse_name(context, principals[count], &princ);
             if (code) goto loop_cleanup;
 
-            code = KFW_get_ccache(ctx, princ, &cc);
+            code = KFW_get_ccache(context, princ, &cc);
             if (code) goto loop_cleanup;
 
             if (cellconfig.linkedCell) {
@@ -1839,7 +1534,7 @@ KFW_AFS_renew_token_for_cell(char * cell)
             code = KFW_AFS_get_cellconfig( cell, (void*)&cellconfig, local_cell);
             if ( code ) goto loop_cleanup;
 
-            realm = afs_realm_of_cell(ctx, &cellconfig);  // do not free
+            realm = afs_realm_of_cell(context, &cellconfig);  // do not free
             if ( IsDebuggerPresent() ) {
                 OutputDebugString("Realm: ");
                 OutputDebugString(realm);
@@ -1850,36 +1545,36 @@ KFW_AFS_renew_token_for_cell(char * cell)
             /* krb5_cc_remove_cred() is not implemented
              * for a single cred
              */
-            code = pkrb5_build_principal(ctx, &service, strlen(realm),
+            code = krb5_build_principal(context, &service, strlen(realm),
                                           realm, "afs", cell, NULL);
             if (!code) {
                 memset(&mcreds, 0, sizeof(krb5_creds));
                 mcreds.client = princ;
                 mcreds.server = service;
 
-                code = pkrb5_cc_retrieve_cred(ctx, cc, 0, &mcreds, &creds);
+                code = krb5_cc_retrieve_cred(context, cc, 0, &mcreds, &creds);
                 if (!code) {
                     if ( IsDebuggerPresent() ) {
                         char * cname, *sname;
-                        pkrb5_unparse_name(ctx, creds.client, &cname);
-                        pkrb5_unparse_name(ctx, creds.server, &sname);
+                        krb5_unparse_name(context, creds.client, &cname);
+                        krb5_unparse_name(context, creds.server, &sname);
                         OutputDebugString("Removing credential for client \"");
                         OutputDebugString(cname);
                         OutputDebugString("\" and service \"");
                         OutputDebugString(sname);
                         OutputDebugString("\"\n");
-                        pkrb5_free_unparsed_name(ctx,cname);
-                        pkrb5_free_unparsed_name(ctx,sname);
+                        krb5_free_unparsed_name(context,cname);
+                        krb5_free_unparsed_name(context,sname);
                     }
 
-                    code = pkrb5_cc_remove_cred(ctx, cc, 0, &creds);
-                    pkrb5_free_principal(ctx, creds.client);
-                    pkrb5_free_principal(ctx, creds.server);
+                    code = krb5_cc_remove_cred(context, cc, 0, &creds);
+                    krb5_free_principal(context, creds.client);
+                    krb5_free_principal(context, creds.server);
                 }
             }
 #endif /* COMMENT */
 
-            code = KFW_AFS_klog(ctx, cc, "afs", cell, (char *)realm, 0,NULL);
+            code = KFW_AFS_klog(context, cc, "afs", cell, (char *)realm, 0,NULL);
             if ( IsDebuggerPresent() ) {
                 char message[256];
                 StringCbPrintf(message, sizeof(message), "KFW_AFS_klog() returns: %d\n", code);
@@ -1888,15 +1583,15 @@ KFW_AFS_renew_token_for_cell(char * cell)
 
           loop_cleanup:
             if (cc) {
-                pkrb5_cc_close(ctx, cc);
+                krb5_cc_close(context, cc);
                 cc = 0;
             }
             if (princ) {
-                pkrb5_free_principal(ctx, princ);
+                krb5_free_principal(context, princ);
                 princ = 0;
             }
             if (service) {
-                pkrb5_free_principal(ctx, service);
+                krb5_free_principal(context, service);
                 princ = 0;
             }
             if (cellconfig.linkedCell) {
@@ -1904,7 +1599,7 @@ KFW_AFS_renew_token_for_cell(char * cell)
                 cellconfig.linkedCell = NULL;
             }
 
-            KFW_AFS_update_cell_princ_map(ctx, cell, principals[count], code ? FALSE : TRUE);
+            KFW_AFS_update_cell_princ_map(context, cell, principals[count], code ? FALSE : TRUE);
             free(principals[count]);
         }
         free(principals);
@@ -1912,8 +1607,8 @@ KFW_AFS_renew_token_for_cell(char * cell)
         code = -1;      // we did not renew the tokens
 
   cleanup:
-    if (ctx)
-        pkrb5_free_context(ctx);
+    if (context)
+        krb5_free_context(context);
     return (code ? FALSE : TRUE);
 
 }
@@ -1923,8 +1618,7 @@ KFW_AFS_renew_tokens_for_all_cells(void)
 {
     struct cell_principal_map * next = cell_princ_map;
 
-    if ( IsDebuggerPresent() )
-        OutputDebugString("KFW_AFS_renew_tokens_for_all()\n");
+    DebugPrintf("KFW_AFS_renew_tokens_for_all()\n");
 
     if ( !next )
         return 0;
@@ -1937,91 +1631,70 @@ KFW_AFS_renew_tokens_for_all_cells(void)
 }
 
 int
-KFW_renew(krb5_context alt_ctx, krb5_ccache alt_cc)
+KFW_renew(krb5_context alt_context, krb5_ccache alt_cc)
 {
     krb5_error_code     code = 0;
-    krb5_context       ctx = NULL;
+    krb5_context       context = NULL;
     krb5_ccache                cc = NULL;
     krb5_principal     me = NULL;
     krb5_principal      server = NULL;
     krb5_creds         my_creds;
-    krb5_data           *realm = NULL;
+    const char          *realm = NULL;
 
-    if (!pkrb5_init_context)
-        return KRB5_CONFIG_CANTOPEN;
+    memset(&my_creds, 0, sizeof(krb5_creds));
 
-       memset(&my_creds, 0, sizeof(krb5_creds));
-
-    if ( alt_ctx ) {
-        ctx = alt_ctx;
+    if ( alt_context ) {
+        context = alt_context;
     } else {
-        code = pkrb5_init_context(&ctx);
+        code = krb5_init_context(&context);
         if (code) goto cleanup;
     }
 
     if ( alt_cc ) {
         cc = alt_cc;
     } else {
-        code = pkrb5_cc_default(ctx, &cc);
+        code = krb5_cc_default(context, &cc);
         if (code) goto cleanup;
     }
 
-    code = pkrb5_cc_get_principal(ctx, cc, &me);
+    code = krb5_cc_get_principal(context, cc, &me);
     if (code) goto cleanup;
 
-    realm = krb5_princ_realm(ctx, me);
+    realm = krb5_principal_get_realm(context, me);
 
-    code = pkrb5_build_principal_ext(ctx, &server,
-                                    realm->length,realm->data,
-                                    KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME,
-                                    realm->length,realm->data,
-                                    0);
+    code = krb5_make_principal(context, &server, realm,
+                               KRB5_TGS_NAME, realm, NULL);
     if ( code )
         goto cleanup;
 
     if ( IsDebuggerPresent() ) {
         char * cname, *sname;
-        pkrb5_unparse_name(ctx, me, &cname);
-        pkrb5_unparse_name(ctx, server, &sname);
-        OutputDebugString("Renewing credential for client \"");
-        OutputDebugString(cname);
-        OutputDebugString("\" and service \"");
-        OutputDebugString(sname);
-        OutputDebugString("\"\n");
-        pkrb5_free_unparsed_name(ctx,cname);
-        pkrb5_free_unparsed_name(ctx,sname);
+        krb5_unparse_name(context, me, &cname);
+        krb5_unparse_name(context, server, &sname);
+        DebugPrintf("Renewing credential for client \"%s\" and service\"%s\"\n",
+                    cname, sname);
+        krb5_free_unparsed_name(context,cname);
+        krb5_free_unparsed_name(context,sname);
     }
 
     my_creds.client = me;
     my_creds.server = server;
 
-    code = pkrb5_get_renewed_creds(ctx, &my_creds, me, cc, NULL);
+    code = krb5_get_renewed_creds(context, &my_creds, me, cc, NULL);
     if (code) {
-        if ( IsDebuggerPresent() ) {
-            char message[256];
-            StringCbPrintf(message, sizeof(message), "krb5_get_renewed_creds() failed: %d\n", code);
-            OutputDebugString(message);
-        }
+        DebugPrintf("krb5_get_renewed_creds() failed: %d\n", code);
         goto cleanup;
     }
 
-    code = pkrb5_cc_initialize(ctx, cc, me);
+    code = krb5_cc_initialize(context, cc, me);
     if (code) {
-        if ( IsDebuggerPresent() ) {
-            char message[256];
-            StringCbPrintf(message, sizeof(message), "krb5_cc_initialize() failed: %d\n", code);
-            OutputDebugString(message);
-        }
+        DebugPrintf("krb5_cc_initialize() failed: %d\n", code);
         goto cleanup;
     }
 
-    code = pkrb5_cc_store_cred(ctx, cc, &my_creds);
+    code = krb5_cc_store_cred(context, cc, &my_creds);
     if (code) {
-        if ( IsDebuggerPresent() ) {
-            char message[256];
-            StringCbPrintf(message, sizeof(message), "krb5_cc_store_cred() failed: %d\n", code);
-            OutputDebugString(message);
-        }
+        DebugPrintf("krb5_cc_store_cred() failed: %d\n", code);
         goto cleanup;
     }
 
@@ -2030,151 +1703,113 @@ KFW_renew(krb5_context alt_ctx, krb5_ccache alt_cc)
         my_creds.client = 0;
     if (my_creds.server == server)
         my_creds.server = 0;
-    pkrb5_free_cred_contents(ctx, &my_creds);
+    krb5_free_cred_contents(context, &my_creds);
     if (me)
-        pkrb5_free_principal(ctx, me);
+        krb5_free_principal(context, me);
     if (server)
-        pkrb5_free_principal(ctx, server);
+        krb5_free_principal(context, server);
     if (cc && (cc != alt_cc))
-        pkrb5_cc_close(ctx, cc);
-    if (ctx && (ctx != alt_ctx))
-        pkrb5_free_context(ctx);
+        krb5_cc_close(context, cc);
+    if (context && (context != alt_context))
+        krb5_free_context(context);
     return(code);
 }
 
 int
-KFW_kinit( krb5_context alt_ctx,
-            krb5_ccache  alt_cc,
-            HWND hParent,
-            char *principal_name,
-            char *password,
-            krb5_deltat lifetime,
-            DWORD                       forwardable,
-            DWORD                       proxiable,
-            krb5_deltat                 renew_life,
-            DWORD                       addressless,
-            DWORD                       publicIP
-            )
+KFW_kinit( krb5_context alt_context,
+           krb5_ccache  alt_cc,
+           HWND hParent,
+           char *principal_name,
+           char *password,
+           krb5_deltat lifetime,
+           DWORD                       forwardable,
+           DWORD                       proxiable,
+           krb5_deltat                 renew_life,
+           DWORD                       addressless,
+           DWORD                       publicIP)
 {
     krb5_error_code            code = 0;
-    krb5_context               ctx = NULL;
+    krb5_context               context = NULL;
     krb5_ccache                        cc = NULL;
     krb5_principal             me = NULL;
     char*                       name = NULL;
     krb5_creds                 my_creds;
-    krb5_get_init_creds_opt     options;
-    krb5_address **             addrs = NULL;
+    krb5_get_init_creds_opt     *options = NULL;
+    krb5_addresses              addrs = {0, NULL};
     int                         i = 0, addr_count = 0;
 
-    if (!pkrb5_init_context)
-        return KRB5_CONFIG_CANTOPEN;
-
-    pkrb5_get_init_creds_opt_init(&options);
     memset(&my_creds, 0, sizeof(my_creds));
 
-    if (alt_ctx)
-    {
-        ctx = alt_ctx;
-    }
-    else
-    {
-        code = pkrb5_init_context(&ctx);
+    if (alt_context) {
+        context = alt_context;
+    } else {
+        code = krb5_init_context(&context);
         if (code) goto cleanup;
     }
 
     if ( alt_cc ) {
         cc = alt_cc;
     } else {
-        code = pkrb5_cc_default(ctx, &cc);
+        code = krb5_cc_default(context, &cc);
         if (code) goto cleanup;
     }
 
-    code = pkrb5_parse_name(ctx, principal_name, &me);
-    if (code)
-       goto cleanup;
+    code = krb5_get_init_creds_opt_alloc(context, &options);
+    if (code) goto cleanup;
 
-    code = pkrb5_unparse_name(ctx, me, &name);
-    if (code)
-       goto cleanup;
+    code = krb5_parse_name(context, principal_name, &me);
+    if (code) goto cleanup;
+
+    code = krb5_unparse_name(context, me, &name);
+    if (code) goto cleanup;
 
     if (lifetime == 0)
-        lifetime = DEFAULT_LIFETIME;
+        lifetime = KFW_get_default_lifetime(context,
+                                            krb5_principal_get_realm(context, me));
+
     lifetime *= 60;
 
     if (renew_life > 0)
        renew_life *= 60;
 
     if (lifetime)
-        pkrb5_get_init_creds_opt_set_tkt_life(&options, lifetime);
-       pkrb5_get_init_creds_opt_set_forwardable(&options,
-                                                 forwardable ? 1 : 0);
-       pkrb5_get_init_creds_opt_set_proxiable(&options,
-                                               proxiable ? 1 : 0);
-       pkrb5_get_init_creds_opt_set_renew_life(&options,
-                                               renew_life);
-    if (addressless)
-        pkrb5_get_init_creds_opt_set_address_list(&options,NULL);
-    else {
-       if (publicIP)
-        {
+        krb5_get_init_creds_opt_set_tkt_life(options, lifetime);
+    krb5_get_init_creds_opt_set_forwardable(options, forwardable ? 1 : 0);
+    krb5_get_init_creds_opt_set_proxiable(options, proxiable ? 1 : 0);
+    krb5_get_init_creds_opt_set_renew_life(options, renew_life);
+    if (addressless) {
+        krb5_get_init_creds_opt_set_addressless(context, options, TRUE);
+    } else {
+       if (publicIP) {
             // we are going to add the public IP address specified by the user
             // to the list provided by the operating system
-            krb5_address ** local_addrs=NULL;
-            DWORD           netIPAddr;
-
-            pkrb5_os_localaddr(ctx, &local_addrs);
-            while ( local_addrs[i++] );
-            addr_count = i + 1;
-
-            addrs = (krb5_address **) malloc((addr_count+1) * sizeof(krb5_address *));
-            if ( !addrs ) {
-                pkrb5_free_addresses(ctx, local_addrs);
-                goto cleanup;
-            }
-            memset(addrs, 0, sizeof(krb5_address *) * (addr_count+1));
-            i = 0;
-            while ( local_addrs[i] ) {
-                addrs[i] = (krb5_address *)malloc(sizeof(krb5_address));
-                if (addrs[i] == NULL) {
-                    pkrb5_free_addresses(ctx, local_addrs);
-                    goto cleanup;
-                }
+            struct sockaddr_in     in_addr;
+            krb5_address    addr;
+            krb5_addresses  addr_l;
 
-                addrs[i]->magic = local_addrs[i]->magic;
-                addrs[i]->addrtype = local_addrs[i]->addrtype;
-                addrs[i]->length = local_addrs[i]->length;
-                addrs[i]->contents = (unsigned char *)malloc(addrs[i]->length);
-                if (!addrs[i]->contents) {
-                    pkrb5_free_addresses(ctx, local_addrs);
-                    goto cleanup;
-                }
+            krb5_get_all_client_addrs(context, &addrs);
 
-                memcpy(addrs[i]->contents,local_addrs[i]->contents,
-                        local_addrs[i]->length);        /* safe */
-                i++;
-            }
-            pkrb5_free_addresses(ctx, local_addrs);
+            in_addr.sin_family = AF_INET;
+            in_addr.sin_port = 0;
+            in_addr.sin_addr.S_un.S_addr = htonl(publicIP);
 
-            addrs[i] = (krb5_address *)malloc(sizeof(krb5_address));
-            if (addrs[i] == NULL)
-                goto cleanup;
+            code = krb5_sockaddr2address(context, (struct sockaddr *)&in_addr,
+                                         &addr);
 
-            addrs[i]->magic = KV5M_ADDRESS;
-            addrs[i]->addrtype = AF_INET;
-            addrs[i]->length = 4;
-            addrs[i]->contents = (unsigned char *)malloc(addrs[i]->length);
-            if (!addrs[i]->contents)
-                goto cleanup;
+            if (code == 0) {
+                addr_l.len = 1;
+                addr_l.val = &addr;
 
-            netIPAddr = htonl(publicIP);
-            memcpy(addrs[i]->contents,&netIPAddr,4);
+                code = krb5_append_addresses(context, &addrs, &addr_l);
 
-            pkrb5_get_init_creds_opt_set_address_list(&options,addrs);
+                krb5_free_address(context, &addr);
+            }
 
+            krb5_get_init_creds_opt_set_address_list(options, &addrs);
         }
     }
 
-    code = pkrb5_get_init_creds_password(ctx,
+    code = krb5_get_init_creds_password(context,
                                        &my_creds,
                                        me,
                                        password, // password
@@ -2182,78 +1817,69 @@ KFW_kinit( krb5_context alt_ctx,
                                        hParent, // prompter data
                                        0, // start time
                                        0, // service name
-                                       &options);
+                                       options);
     if (code)
        goto cleanup;
 
-    code = pkrb5_cc_initialize(ctx, cc, me);
+    code = krb5_cc_initialize(context, cc, me);
     if (code)
        goto cleanup;
 
-    code = pkrb5_cc_store_cred(ctx, cc, &my_creds);
+    code = krb5_cc_store_cred(context, cc, &my_creds);
     if (code)
        goto cleanup;
 
  cleanup:
-    if ( addrs ) {
-        for ( i=0;i<addr_count;i++ ) {
-            if ( addrs[i] ) {
-                if ( addrs[i]->contents )
-                    free(addrs[i]->contents);
-                free(addrs[i]);
-            }
-        }
-    }
+    if ( addrs.len > 0 )
+        krb5_free_addresses(context, &addrs);
+
     if (my_creds.client == me)
        my_creds.client = 0;
-    pkrb5_free_cred_contents(ctx, &my_creds);
+
+    krb5_free_cred_contents(context, &my_creds);
     if (name)
-        pkrb5_free_unparsed_name(ctx, name);
+        krb5_free_unparsed_name(context, name);
     if (me)
-        pkrb5_free_principal(ctx, me);
+        krb5_free_principal(context, me);
+    if (options)
+        krb5_get_init_creds_opt_free(context, options);
     if (cc && (cc != alt_cc))
-        pkrb5_cc_close(ctx, cc);
-    if (ctx && (ctx != alt_ctx))
-        pkrb5_free_context(ctx);
+        krb5_cc_close(context, cc);
+    if (context && (context != alt_context))
+        krb5_free_context(context);
     return(code);
 }
 
 
 int
-KFW_kdestroy(krb5_context alt_ctx, krb5_ccache alt_cc)
+KFW_kdestroy(krb5_context alt_context, krb5_ccache alt_cc)
 {
-    krb5_context               ctx = NULL;
+    krb5_context               context = NULL;
     krb5_ccache                        cc = NULL;
     krb5_error_code            code;
 
-    if (!pkrb5_init_context)
-        return KRB5_CONFIG_CANTOPEN;
-
-    if (alt_ctx)
-    {
-        ctx = alt_ctx;
-    }
-    else
-    {
-        code = pkrb5_init_context(&ctx);
+    if (alt_context) {
+        context = alt_context;
+    } else {
+        code = krb5_init_context(&context);
         if (code) goto cleanup;
     }
 
     if ( alt_cc ) {
         cc = alt_cc;
     } else {
-        code = pkrb5_cc_default(ctx, &cc);
+        code = krb5_cc_default(context, &cc);
         if (code) goto cleanup;
     }
 
-    code = pkrb5_cc_destroy(ctx, cc);
+    code = krb5_cc_destroy(context, cc);
     if ( !code ) cc = 0;
 
   cleanup:
     if (cc && (cc != alt_cc))
-        pkrb5_cc_close(ctx, cc);
-    if (ctx && (ctx != alt_ctx))
-        pkrb5_free_context(ctx);
+        krb5_cc_close(context, cc);
+    if (context && (context != alt_context))
+        krb5_free_context(context);
 
     return(code);
 }
@@ -2282,7 +1908,7 @@ GetSecurityLogonSessionData(PSECURITY_LOGON_SESSION_DATA * ppSessionData)
     if ( !Success )
         return FALSE;
 
-    Status = pLsaGetLogonSessionData( &Stats.AuthenticationId, ppSessionData );
+    Status = LsaGetLogonSessionData( &Stats.AuthenticationId, ppSessionData );
     if ( FAILED(Status) || !ppSessionData )
         return FALSE;
 
@@ -2321,7 +1947,7 @@ MSLSA_IsKerberosLogon(VOID)
                     Success = TRUE;
             }
         }
-        pLsaFreeReturnBuffer(pSessionData);
+        LsaFreeReturnBuffer(pSessionData);
     }
     return Success;
 }
@@ -2826,25 +2452,22 @@ ViceIDToUsername(char *username,
 
 static void
 copy_realm_of_ticket(krb5_context context, char * dest, size_t destlen, krb5_creds *v5cred) {
-    krb5_error_code code;
-    krb5_ticket *ticket;
+    Ticket ticket;
     size_t len;
+    int ret;
 
-    code = pkrb5_decode_ticket(&v5cred->ticket, &ticket);
-    if (code == 0) {
-        len = krb5_princ_realm(context, ticket->server)->length;
-        if (len > destlen - 1)
-            len = destlen - 1;
-
-        StringCbCopyN(dest, destlen, krb5_princ_realm(context, ticket->server)->data, len);
+    ret = decode_Ticket(v5cred->ticket.data, v5cred->ticket.length,
+                        &ticket, &len);
+    if (ret == 0) {
+        StringCbCopy(dest, destlen, ticket.realm);
 
-        pkrb5_free_ticket(context, ticket);
+        free_Ticket(&ticket);
     }
 }
 
 int
 KFW_AFS_klog(
-    krb5_context alt_ctx,
+    krb5_context alt_context,
     krb5_ccache  alt_cc,
     char *service,
     char *cell,
@@ -2854,10 +2477,6 @@ KFW_AFS_klog(
     )
 {
     long       rc = 0;
-    CREDENTIALS        creds;
-#ifdef USE_KRB4
-    KTEXT_ST    ticket;
-#endif /* USE_KRB4 */
     struct ktc_principal       aserver;
     struct ktc_principal       aclient;
     char       realm_of_user[REALM_SZ]; /* Kerberos realm of user */
@@ -2872,15 +2491,14 @@ KFW_AFS_klog(
     char       ServiceName[128];
     DWORD       CurrentState;
     char        HostName[64];
-    BOOL        try_krb5 = 0;
-    krb5_context  ctx = NULL;
+    krb5_context  context = NULL;
     krb5_ccache   cc = NULL;
     krb5_creds increds;
     krb5_creds * k5creds = NULL;
     krb5_error_code code;
     krb5_principal client_principal = NULL;
     krb5_data * k5data = NULL;
-    unsigned int i, retry = 0;
+    unsigned int retry = 0;
 
     CurrentState = 0;
     memset(HostName, '\0', sizeof(HostName));
@@ -2896,9 +2514,6 @@ KFW_AFS_klog(
         return(-2);
     }
 
-    if (!pkrb5_init_context)
-        return KRB5_CONFIG_CANTOPEN;
-
     memset(&ak_cellconfig, 0, sizeof(ak_cellconfig));
     memset(RealmName, '\0', sizeof(RealmName));
     memset(CellName, '\0', sizeof(CellName));
@@ -2918,69 +2533,50 @@ KFW_AFS_klog(
         return(rc);
     }
 
-    if ( alt_ctx ) {
-        ctx = alt_ctx;
+    if ( alt_context ) {
+        context = alt_context;
     } else {
-        code = pkrb5_init_context(&ctx);
+        code = krb5_init_context(&context);
         if (code) goto cleanup;
     }
 
     if ( alt_cc ) {
         cc = alt_cc;
     } else {
-        code = pkrb5_cc_default(ctx, &cc);
-        if (code) goto skip_krb5_init;
+        code = krb5_cc_default(context, &cc);
+        if (code)
+            goto cleanup;
     }
 
     memset(&increds, 0, sizeof(increds));
 
-    code = pkrb5_cc_get_principal(ctx, cc, &client_principal);
+    code = krb5_cc_get_principal(context, cc, &client_principal);
     if (code) {
         if ( code == KRB5_CC_NOTFOUND && IsDebuggerPresent() )
         {
             OutputDebugString("Principal Not Found for ccache\n");
         }
-        goto skip_krb5_init;
+        goto cleanup;
     }
 
     if (!KFW_accept_dotted_usernames()) {
+        const char * comp;
         /* look for client principals which cannot be distinguished
          * from Kerberos 4 multi-component principal names
          */
-        k5data = krb5_princ_component(ctx,client_principal,0);
-        for ( i=0; i<k5data->length; i++ ) {
-            if ( k5data->data[i] == '.' )
-                break;
-        }
-        if (i != k5data->length)
-        {
+        comp = krb5_principal_get_comp_string(context,client_principal,0);
+        if (strchr(comp, '.') != NULL) {
             OutputDebugString("Illegal Principal name contains dot in first component\n");
             rc = KRB5KRB_ERR_GENERIC;
             goto cleanup;
         }
     }
 
-    i = krb5_princ_realm(ctx, client_principal)->length;
-    if (i > REALM_SZ-1)
-        i = REALM_SZ-1;
-    StringCbCopyN( realm_of_user, sizeof(realm_of_user),
-                   krb5_princ_realm(ctx, client_principal)->data, i);
-    try_krb5 = 1;
-
-  skip_krb5_init:
-#ifdef USE_KRB4
-    if ( !try_krb5 || !realm_of_user[0] ) {
-        if ((rc = (*pkrb_get_tf_realm)((*ptkt_string)(), realm_of_user)) != KSUCCESS)
-        {
-            goto cleanup;
-        }
-    }
-#else
-    if (!try_krb5)
-        goto cleanup;
-#endif
+    StringCbCopy(realm_of_user, sizeof(realm_of_user),
+                 krb5_principal_get_realm(context, client_principal));
+
     StringCbCopyN( realm_of_cell, sizeof(realm_of_cell),
-                   afs_realm_of_cell(ctx, &ak_cellconfig),
+                   afs_realm_of_cell(context, &ak_cellconfig),
                    sizeof(realm_of_cell) - 1);
 
     if (strlen(service) == 0)
@@ -3004,374 +2600,198 @@ KFW_AFS_klog(
         StringCbCopyN( RealmName, sizeof(RealmName),
                        realm, sizeof(RealmName) - 1);
 
-    memset(&creds, '\0', sizeof(creds));
+    code = KRB5KRB_ERR_GENERIC;
 
-    if ( try_krb5 ) {
-        int len;
-        code = KRB5KRB_ERR_GENERIC;
+    increds.client = client_principal;
+    increds.times.endtime = 0;
+    /* Ask for DES since that is what V4 understands */
+    increds.session.keytype = ENCTYPE_DES_CBC_CRC;
 
+    /* ALWAYS first try service/cell@CLIENT_REALM */
+    if (code = krb5_build_principal(context, &increds.server,
+                                    (int)strlen(realm_of_user),
+                                    realm_of_user,
+                                    ServiceName,
+                                    CellName,
+                                    0))
+    {
+        goto cleanup;
+    }
 
-        increds.client = client_principal;
-        increds.times.endtime = 0;
-        /* Ask for DES since that is what V4 understands */
-        increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC;
+    if ( IsDebuggerPresent() ) {
+        char * cname, *sname;
+        krb5_unparse_name(context, increds.client, &cname);
+        krb5_unparse_name(context, increds.server, &sname);
+        OutputDebugString("Getting tickets for \"");
+        OutputDebugString(cname);
+        OutputDebugString("\" and service \"");
+        OutputDebugString(sname);
+        OutputDebugString("\"\n");
+        krb5_free_unparsed_name(context,cname);
+        krb5_free_unparsed_name(context,sname);
+    }
 
-        /* ALWAYS first try service/cell@CLIENT_REALM */
-        if (code = pkrb5_build_principal(ctx, &increds.server,
-                                          (int)strlen(realm_of_user),
-                                          realm_of_user,
-                                          ServiceName,
-                                          CellName,
-                                          0))
-        {
-            goto cleanup;
-        }
+    code = krb5_get_credentials(context, 0, cc, &increds, &k5creds);
+    if (code == 0) {
+        /*
+         * The client's realm is a local realm for the cell.
+         * Save it so that later the pts registration will not
+         * be performed.
+         */
+        StringCbCopyN(realm_of_cell, sizeof(realm_of_cell),
+                      realm_of_user, sizeof(realm_of_cell) - 1);
+    }
 
-        if ( IsDebuggerPresent() ) {
-            char * cname, *sname;
-            pkrb5_unparse_name(ctx, increds.client, &cname);
-            pkrb5_unparse_name(ctx, increds.server, &sname);
-            OutputDebugString("Getting tickets for \"");
-            OutputDebugString(cname);
-            OutputDebugString("\" and service \"");
-            OutputDebugString(sname);
-            OutputDebugString("\"\n");
-            pkrb5_free_unparsed_name(ctx,cname);
-            pkrb5_free_unparsed_name(ctx,sname);
-        }
+    if (code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN ||
+        code == KRB5_ERR_HOST_REALM_UNKNOWN ||
+        code == KRB5KRB_ERR_GENERIC /* heimdal */ ||
+        code == KRB5KRB_AP_ERR_MSG_TYPE) {
+        /*
+         * If there was a specific realm we are supposed to try
+         * then use it
+         */
+        if (strlen(realm) != 0) {
+            /* service/cell@REALM */
+            increds.server = 0;
+            code = krb5_build_principal(context, &increds.server,
+                                        (int)strlen(realm),
+                                        realm,
+                                        ServiceName,
+                                        0);
 
-        code = pkrb5_get_credentials(ctx, 0, cc, &increds, &k5creds);
-        if (code == 0) {
-            /* The client's realm is a local realm for the cell.
-            * Save it so that later the pts registration will not
-            * be performed.
-            */
-            StringCbCopyN( realm_of_cell, sizeof(realm_of_cell),
-                           realm_of_user, sizeof(realm_of_cell) - 1);
-        }
+            if ( IsDebuggerPresent() ) {
+                char * cname, *sname;
+                krb5_unparse_name(context, increds.client, &cname);
+                krb5_unparse_name(context, increds.server, &sname);
+                OutputDebugString("Getting tickets for \"");
+                OutputDebugString(cname);
+                OutputDebugString("\" and service \"");
+                OutputDebugString(sname);
+                OutputDebugString("\"\n");
+                krb5_free_unparsed_name(context,cname);
+                krb5_free_unparsed_name(context,sname);
+            }
 
+            if (!code)
+                code = krb5_get_credentials(context, 0, cc, &increds, &k5creds);
 
-        if (code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN ||
-            code == KRB5_ERR_HOST_REALM_UNKNOWN ||
-            code == KRB5KRB_ERR_GENERIC /* heimdal */ ||
-            code == KRB5KRB_AP_ERR_MSG_TYPE) {
-            /* If there was a specific realm we are supposed to try
-             * then use it
-             */
-            if (strlen(realm) != 0) {
-                /* service/cell@REALM */
+            if (code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN ||
+                 code == KRB5_ERR_HOST_REALM_UNKNOWN ||
+                 code == KRB5KRB_ERR_GENERIC /* heimdal */ ||
+                 code == KRB5KRB_AP_ERR_MSG_TYPE) {
+                /* Or service@REALM */
+                krb5_free_principal(context,increds.server);
                 increds.server = 0;
-                code = pkrb5_build_principal(ctx, &increds.server,
-                                             (int)strlen(realm),
-                                             realm,
-                                             ServiceName,
-                                             CellName,
-                                             0);
+                code = krb5_build_principal(context, &increds.server,
+                                            (int)strlen(realm),
+                                            realm,
+                                            ServiceName,
+                                            0);
+
                 if ( IsDebuggerPresent() ) {
                     char * cname, *sname;
-                    pkrb5_unparse_name(ctx, increds.client, &cname);
-                    pkrb5_unparse_name(ctx, increds.server, &sname);
-                    OutputDebugString("Getting tickets for \"");
+                    krb5_unparse_name(context, increds.client, &cname);
+                    krb5_unparse_name(context, increds.server, &sname);
+                    DebugPrintf("Getting tickets for \"%s\" and service \"%s\"\n", cname, sname);
+                    krb5_free_unparsed_name(context,cname);
+                    krb5_free_unparsed_name(context,sname);
+                }
+
+                if (!code)
+                    code = krb5_get_credentials(context, 0, cc, &increds, &k5creds);
+            }
+
+            if (code == 0) {
+                /* we have a local realm for the cell */
+                StringCbCopyN( realm_of_cell, sizeof(realm_of_cell),
+                               realm, sizeof(realm_of_cell) - 1);
+            }
+        } else {
+            if (strcmp(realm_of_user, realm_of_cell)) {
+                /* Then service/cell@CELL_REALM */
+                krb5_free_principal(context,increds.server);
+                increds.server = 0;
+                code = krb5_build_principal(context, &increds.server,
+                                            (int)strlen(realm_of_cell),
+                                            realm_of_cell,
+                                            ServiceName,
+                                            CellName,
+                                             0);
+                if ( IsDebuggerPresent()) {
+                    char * cname, *sname;
+                    krb5_unparse_name(context, increds.client, &cname);
+                    krb5_unparse_name(context, increds.server, &sname);
+                    OutputDebugString("krb5_get_credentials() returned Service Principal Unknown\n");
+                    OutputDebugString("Trying again: getting tickets for \"");
                     OutputDebugString(cname);
                     OutputDebugString("\" and service \"");
                     OutputDebugString(sname);
                     OutputDebugString("\"\n");
-                    pkrb5_free_unparsed_name(ctx,cname);
-                    pkrb5_free_unparsed_name(ctx,sname);
+                    krb5_free_unparsed_name(context,cname);
+                    krb5_free_unparsed_name(context,sname);
                 }
 
                 if (!code)
-                    code = pkrb5_get_credentials(ctx, 0, cc, &increds, &k5creds);
-
-                if (code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN ||
-                    code == KRB5_ERR_HOST_REALM_UNKNOWN ||
-                    code == KRB5KRB_ERR_GENERIC /* heimdal */ ||
-                    code == KRB5KRB_AP_ERR_MSG_TYPE) {
-                    /* Or service@REALM */
-                    pkrb5_free_principal(ctx,increds.server);
-                    increds.server = 0;
-                    code = pkrb5_build_principal(ctx, &increds.server,
-                                                 (int)strlen(realm),
-                                                 realm,
-                                                 ServiceName,
-                                                 0);
-
-                    if ( IsDebuggerPresent() ) {
-                        char * cname, *sname;
-                        pkrb5_unparse_name(ctx, increds.client, &cname);
-                        pkrb5_unparse_name(ctx, increds.server, &sname);
-                        OutputDebugString("krb5_get_credentials() returned Service Principal Unknown\n");
-                        OutputDebugString("Trying again: getting tickets for \"");
-                        OutputDebugString(cname);
-                        OutputDebugString("\" and service \"");
-                        OutputDebugString(sname);
-                        OutputDebugString("\"\n");
-                        pkrb5_free_unparsed_name(ctx,cname);
-                        pkrb5_free_unparsed_name(ctx,sname);
-                    }
-
-                    if (!code)
-                        code = pkrb5_get_credentials(ctx, 0, cc, &increds, &k5creds);
-                }
-
-                if (code == 0) {
-                    /* we have a local realm for the cell */
-                    StringCbCopyN( realm_of_cell, sizeof(realm_of_cell),
-                                   realm, sizeof(realm_of_cell) - 1);
-                }
-            } else {
-                if (strcmp(realm_of_user, realm_of_cell)) {
-                    /* Then service/cell@CELL_REALM */
-                    pkrb5_free_principal(ctx,increds.server);
-                    increds.server = 0;
-                    code = pkrb5_build_principal(ctx, &increds.server,
-                                                 (int)strlen(realm_of_cell),
-                                                 realm_of_cell,
-                                                 ServiceName,
-                                                 CellName,
-                                                 0);
-                    if ( IsDebuggerPresent() ) {
-                        char * cname, *sname;
-                        pkrb5_unparse_name(ctx, increds.client, &cname);
-                        pkrb5_unparse_name(ctx, increds.server, &sname);
-                        OutputDebugString("krb5_get_credentials() returned Service Principal Unknown\n");
-                        OutputDebugString("Trying again: getting tickets for \"");
-                        OutputDebugString(cname);
-                        OutputDebugString("\" and service \"");
-                        OutputDebugString(sname);
-                        OutputDebugString("\"\n");
-                        pkrb5_free_unparsed_name(ctx,cname);
-                        pkrb5_free_unparsed_name(ctx,sname);
-                    }
-
-                    if (!code)
-                        code = pkrb5_get_credentials(ctx, 0, cc, &increds, &k5creds);
-
-                    if (!code && !strlen(realm_of_cell))
-                        copy_realm_of_ticket(ctx, realm_of_cell, sizeof(realm_of_cell), k5creds);
-                }
+                    code = krb5_get_credentials(context, 0, cc, &increds, &k5creds);
 
-                if (code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN ||
-                    code == KRB5_ERR_HOST_REALM_UNKNOWN ||
-                    code == KRB5KRB_ERR_GENERIC /* heimdal */ ||
-                    code == KRB5KRB_AP_ERR_MSG_TYPE) {
-                    /* Finally service@CELL_REALM */
-                    pkrb5_free_principal(ctx,increds.server);
-                    increds.server = 0;
-                    code = pkrb5_build_principal(ctx, &increds.server,
-                                                 (int)strlen(realm_of_cell),
-                                                 realm_of_cell,
-                                                 ServiceName,
-                                                 0);
-
-                    if ( IsDebuggerPresent() ) {
-                        char * cname, *sname;
-                        pkrb5_unparse_name(ctx, increds.client, &cname);
-                        pkrb5_unparse_name(ctx, increds.server, &sname);
-                        OutputDebugString("krb5_get_credentials() returned Service Principal Unknown\n");
-                        OutputDebugString("Trying again: getting tickets for \"");
-                        OutputDebugString(cname);
-                        OutputDebugString("\" and service \"");
-                        OutputDebugString(sname);
-                        OutputDebugString("\"\n");
-                        pkrb5_free_unparsed_name(ctx,cname);
-                        pkrb5_free_unparsed_name(ctx,sname);
-                    }
-
-                    if (!code)
-                        code = pkrb5_get_credentials(ctx, 0, cc, &increds, &k5creds);
-                    if (!code && !strlen(realm_of_cell))
-                        copy_realm_of_ticket(ctx, realm_of_cell, sizeof(realm_of_cell), k5creds);
-                }
+                if (!code && !strlen(realm_of_cell))
+                    copy_realm_of_ticket(context, realm_of_cell, sizeof(realm_of_cell), k5creds);
             }
         }
 
-        if (code) {
-            if ( IsDebuggerPresent() ) {
-                char message[256];
-                StringCbPrintf(message, sizeof(message), "krb5_get_credentials returns: %d\n", code);
-                OutputDebugString(message);
-            }
-            try_krb5 = 0;
-            goto use_krb4;
-        }
+        if (code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN ||
+             code == KRB5_ERR_HOST_REALM_UNKNOWN ||
+             code == KRB5KRB_ERR_GENERIC /* heimdal */ ||
+             code == KRB5KRB_AP_ERR_MSG_TYPE) {
+            /* Finally service@CELL_REALM */
+            krb5_free_principal(context,increds.server);
+            increds.server = 0;
+            code = krb5_build_principal(context, &increds.server,
+                                        (int)strlen(realm_of_cell),
+                                        realm_of_cell,
+                                        ServiceName,
+                                        0);
 
-        /* This code inserts the entire K5 ticket into the token
-         * No need to perform a krb524 translation which is
-         * commented out in the code below
-         */
-        if (KFW_use_krb524() ||
-            k5creds->ticket.length > MAXKTCTICKETLEN) {
             if ( IsDebuggerPresent() ) {
-                char message[256];
-                StringCbPrintf(message, sizeof(message),
-                               "switching to krb524 .. ticket length %u\n",
-                               k5creds->ticket.length);
-                OutputDebugString(message);
-            }
-            goto try_krb524d;
-        }
-        memset(&aserver, '\0', sizeof(aserver));
-        StringCbCopyN(aserver.name, sizeof(aserver.name),
-                      ServiceName, sizeof(aserver.name) - 1);
-        StringCbCopyN(aserver.cell, sizeof(aserver.cell),
-                      CellName, sizeof(aserver.cell) - 1);
-
-        memset(&atoken, '\0', sizeof(atoken));
-        atoken.kvno = RXKAD_TKT_TYPE_KERBEROS_V5;
-        atoken.startTime = k5creds->times.starttime;
-        atoken.endTime = k5creds->times.endtime;
-        memcpy(&atoken.sessionKey, k5creds->keyblock.contents, k5creds->keyblock.length);
-        atoken.ticketLen = k5creds->ticket.length;
-        memcpy(atoken.ticket, k5creds->ticket.data, atoken.ticketLen);
-
-      retry_gettoken5:
-        rc = ktc_GetToken(&aserver, &btoken, sizeof(btoken), &aclient);
-        if ( IsDebuggerPresent() ) {
-            char message[256];
-            StringCbPrintf(message, sizeof(message), "ktc_GetToken returns: %d\n", rc);
-            OutputDebugString(message);
-        }
-        if (rc != 0 && rc != KTC_NOENT && rc != KTC_NOCELL) {
-            if ( rc == KTC_NOCM && retry < 20 ) {
-                Sleep(500);
-                retry++;
-                goto retry_gettoken5;
+                char * cname, *sname;
+                krb5_unparse_name(context, increds.client, &cname);
+                krb5_unparse_name(context, increds.server, &sname);
+                DebugPrintf("krb5_get_credentials() returned Service Principal Unknown\n"
+                            "Trying again: getting tickets for \"%s\" and service \"%s\"\n", cname, sname);
+                krb5_free_unparsed_name(context,cname);
+                krb5_free_unparsed_name(context,sname);
             }
-            goto cleanup;
-        }
-
-        if (atoken.kvno == btoken.kvno &&
-             atoken.ticketLen == btoken.ticketLen &&
-             !memcmp(&atoken.sessionKey, &btoken.sessionKey, sizeof(atoken.sessionKey)) &&
-             !memcmp(atoken.ticket, btoken.ticket, atoken.ticketLen))
-        {
-            /* Success - Nothing to do */
-            goto cleanup;
-        }
-
-        // * Reset the "aclient" structure before we call ktc_SetToken.
-        // * This structure was first set by the ktc_GetToken call when
-        // * we were comparing whether identical tokens already existed.
 
-        len = min(k5creds->client->data[0].length, sizeof(aclient.name) - 1);
-        StringCbCopyN( aclient.name, sizeof(aclient.name),
-                       k5creds->client->data[0].data, len);
-
-        if ( k5creds->client->length > 1 ) {
-            StringCbCat( aclient.name, sizeof(aclient.name), ".");
-            len = min(k5creds->client->data[1].length, (int)(sizeof(aclient.name) - strlen(aclient.name) - 1));
-            StringCbCatN( aclient.name, sizeof(aclient.name),
-                          k5creds->client->data[1].data, len);
-        }
-        aclient.instance[0] = '\0';
-
-        StringCbCopyN( aclient.cell, sizeof(aclient.cell),
-                       realm_of_cell, sizeof(aclient.cell) - 1);
-
-        /* For Khimaira, always append the realm name */
-        StringCbCat( aclient.name, sizeof(aclient.name), "@");
-        len = min(k5creds->client->realm.length, (int)(sizeof(aclient.name) - strlen(aclient.name) - 1));
-        StringCbCatN( aclient.name, sizeof(aclient.name), k5creds->client->realm.data, len);
-
-       GetEnvironmentVariable(DO_NOT_REGISTER_VARNAME, NULL, 0);
-       if (GetLastError() == ERROR_ENVVAR_NOT_FOUND)
-           ViceIDToUsername(aclient.name, realm_of_user, realm_of_cell, CellName,
-                            &aclient, &aserver, &atoken);
-
-        if ( smbname ) {
-            StringCbCopyN( aclient.smbname, sizeof(aclient.smbname),
-                           smbname, sizeof(aclient.smbname) - 1);
-        } else {
-            aclient.smbname[0] = '\0';
-        }
-        if ( IsDebuggerPresent() ) {
-            char message[256];
-            StringCbPrintf(message, sizeof(message), "aclient.name: %s\n", aclient.name);
-            OutputDebugString(message);
-            StringCbPrintf(message, sizeof(message), "aclient.smbname: %s\n", aclient.smbname);
-            OutputDebugString(message);
-        }
-
-        rc = ktc_SetToken(&aserver, &atoken, &aclient, (aclient.smbname[0]?AFS_SETTOK_LOGON:0));
-        if ( IsDebuggerPresent() ) {
-            char message[256];
-            StringCbPrintf(message, sizeof(message), "ktc_SetToken returns: %d\n", rc);
-            OutputDebugString(message);
-        }
-        if (!rc)
-            goto cleanup;   /* We have successfully inserted the token */
-
-      try_krb524d:
-#ifndef USE_KRB524
-        goto cleanup;
-#else
-        /* Otherwise, the ticket could have been too large so try to
-         * convert using the krb524d running with the KDC
-         */
-        code = pkrb524_convert_creds_kdc(ctx, k5creds, &creds);
-        pkrb5_free_creds(ctx, k5creds);
-        if (code) {
-            if ( IsDebuggerPresent() ) {
-                char message[256];
-                StringCbPrintf(message, sizeof(message), "krb524_convert_creds_kdc returns: %d\n", code);
-                OutputDebugString(message);
-            }
-            try_krb5 = 0;
-            goto use_krb4;
-        }
-#endif /* USE_KRB524 */
-    } else {
-      use_krb4:
-#ifdef USE_KRB4
-        code = (*pkrb_get_cred)(ServiceName, CellName, RealmName, &creds);
-        if (code == NO_TKT_FIL) {
-            // if the problem is that we have no krb4 tickets
-            // do not attempt to continue
-            goto cleanup;
+            if (!code)
+                code = krb5_get_credentials(context, 0, cc, &increds, &k5creds);
+            if (!code && !strlen(realm_of_cell))
+                copy_realm_of_ticket(context, realm_of_cell, sizeof(realm_of_cell), k5creds);
         }
-        if (code != KSUCCESS)
-            code = (*pkrb_get_cred)(ServiceName, "", RealmName, &creds);
+    }
 
-        if (code != KSUCCESS)
-        {
-            if ((code = (*pkrb_mk_req)(&ticket, ServiceName, CellName, RealmName, 0)) == KSUCCESS)
-            {
-                if ((code = (*pkrb_get_cred)(ServiceName, CellName, RealmName, &creds)) != KSUCCESS)
-                {
-                    goto cleanup;
-                }
-            }
-            else if ((code = (*pkrb_mk_req)(&ticket, ServiceName, "", RealmName, 0)) == KSUCCESS)
-            {
-                if ((code = (*pkrb_get_cred)(ServiceName, "", RealmName, &creds)) != KSUCCESS)
-                {
-                    goto cleanup;
-                }
-            }
-            else
-            {
-                goto cleanup;
-            }
-        }
-#else
+    if (code) {
+        DebugPrintf("krb5_get_credentials returns: %d\n", code);
         goto cleanup;
-#endif
     }
 
+    /* This code inserts the entire K5 ticket into the token */
     memset(&aserver, '\0', sizeof(aserver));
-    StringCbCopyN( aserver.name, sizeof(aserver.name), ServiceName, sizeof(aserver.name) - 1);
-    StringCbCopyN( aserver.cell, sizeof(aserver.cell), CellName, sizeof(aserver.cell) - 1);
+    StringCbCopyN(aserver.name, sizeof(aserver.name),
+                  ServiceName, sizeof(aserver.name) - 1);
+    StringCbCopyN(aserver.cell, sizeof(aserver.cell),
+                  CellName, sizeof(aserver.cell) - 1);
 
     memset(&atoken, '\0', sizeof(atoken));
-    atoken.kvno = creds.kvno;
-    atoken.startTime = creds.issue_date;
-    atoken.endTime = creds.issue_date + life_to_time(0,creds.lifetime);
-    memcpy(&atoken.sessionKey, creds.session, 8);
-    atoken.ticketLen = creds.ticket_st.length;
-    memcpy(atoken.ticket, creds.ticket_st.dat, atoken.ticketLen);
-
-  retry_gettoken:
+    atoken.kvno = RXKAD_TKT_TYPE_KERBEROS_V5;
+    atoken.startTime = k5creds->times.starttime;
+    atoken.endTime = k5creds->times.endtime;
+    memcpy(&atoken.sessionKey,
+            k5creds->session.keyvalue.data,
+            k5creds->session.keyvalue.length);
+    atoken.ticketLen = k5creds->ticket.length;
+    memcpy(atoken.ticket, k5creds->ticket.data, atoken.ticketLen);
+
+  retry_gettoken5:
     rc = ktc_GetToken(&aserver, &btoken, sizeof(btoken), &aclient);
     if ( IsDebuggerPresent() ) {
         char message[256];
@@ -3382,18 +2802,17 @@ KFW_AFS_klog(
         if ( rc == KTC_NOCM && retry < 20 ) {
             Sleep(500);
             retry++;
-            goto retry_gettoken;
+            goto retry_gettoken5;
         }
-        KFW_AFS_error(rc, "ktc_GetToken()");
-        code = rc;
         goto cleanup;
     }
 
     if (atoken.kvno == btoken.kvno &&
-        atoken.ticketLen == btoken.ticketLen &&
-        !memcmp(&atoken.sessionKey, &btoken.sessionKey, sizeof(atoken.sessionKey)) &&
-        !memcmp(atoken.ticket, btoken.ticket, atoken.ticketLen))
+         atoken.ticketLen == btoken.ticketLen &&
+         !memcmp(&atoken.sessionKey, &btoken.sessionKey, sizeof(atoken.sessionKey)) &&
+         !memcmp(atoken.ticket, btoken.ticket, atoken.ticketLen))
     {
+        /* Success - Nothing to do */
         goto cleanup;
     }
 
@@ -3401,33 +2820,35 @@ KFW_AFS_klog(
     // * This structure was first set by the ktc_GetToken call when
     // * we were comparing whether identical tokens already existed.
 
-    StringCbCopyN( aclient.name, sizeof(aclient.name), creds.pname, sizeof(aclient.name) - 1);
-    if (creds.pinst[0])
-    {
-        strncat(aclient.name, ".", MAXKTCNAMELEN - 1);
-        strncat(aclient.name, creds.pinst, MAXKTCNAMELEN - 1);
+    StringCbCopy(aclient.name, sizeof(aclient.name),
+                 krb5_principal_get_comp_string(context, k5creds->client, 0));
+
+    if ( krb5_principal_get_num_comp(context, k5creds->client) > 1 ) {
+        StringCbCat(aclient.name, sizeof(aclient.name), ".");
+        StringCbCat(aclient.name, sizeof(aclient.name),
+                    krb5_principal_get_comp_string(context, k5creds->client, 1));
     }
     aclient.instance[0] = '\0';
 
-    strncat(aclient.name, "@", MAXKTCNAMELEN - 1);
-    strncat(aclient.name, creds.realm, MAXKTCREALMLEN - 1);
-    aclient.name[MAXKTCREALMLEN-1] = '\0';
+    StringCbCopyN(aclient.cell, sizeof(aclient.cell),
+                  realm_of_cell, sizeof(aclient.cell) - 1);
 
-    StringCbCopyN( aclient.cell, sizeof(aclient.cell),
-                   CellName, sizeof(aclient.cell) - 1);
+    /* For Khimaira, always append the realm name */
+    StringCbCat(aclient.name, sizeof(aclient.name), "@");
+    StringCbCat(aclient.name, sizeof(aclient.name),
+                krb5_principal_get_realm(context, k5creds->client));
 
     GetEnvironmentVariable(DO_NOT_REGISTER_VARNAME, NULL, 0);
     if (GetLastError() == ERROR_ENVVAR_NOT_FOUND)
-       ViceIDToUsername(aclient.name, realm_of_user, realm_of_cell, CellName,
-                        &aclient, &aserver, &atoken);
+        ViceIDToUsername(aclient.name, realm_of_user, realm_of_cell, CellName,
+                         &aclient, &aserver, &atoken);
 
     if ( smbname ) {
-        StringCbCopyN( aclient.smbname, sizeof(aclient.smbname),
-                       smbname, sizeof(aclient.smbname) - 1);
+        StringCbCopyN(aclient.smbname, sizeof(aclient.smbname),
+                      smbname, sizeof(aclient.smbname) - 1);
     } else {
         aclient.smbname[0] = '\0';
     }
-
     if ( IsDebuggerPresent() ) {
         char message[256];
         StringCbPrintf(message, sizeof(message), "aclient.name: %s\n", aclient.name);
@@ -3436,23 +2857,18 @@ KFW_AFS_klog(
         OutputDebugString(message);
     }
 
-    if (rc = ktc_SetToken(&aserver, &atoken, &aclient, (aclient.smbname[0]?AFS_SETTOK_LOGON:0)))
-    {
-        KFW_AFS_error(rc, "ktc_SetToken()");
-        code = rc;
-        goto cleanup;
-    }
+    rc = ktc_SetToken(&aserver, &atoken, &aclient, (aclient.smbname[0]?AFS_SETTOK_LOGON:0));
 
-  cleanup:
+cleanup:
     if (client_principal)
-        pkrb5_free_principal(ctx,client_principal);
+        krb5_free_principal(context,client_principal);
     /* increds.client == client_principal */
     if (increds.server)
-        pkrb5_free_principal(ctx,increds.server);
+        krb5_free_principal(context,increds.server);
     if (cc && (cc != alt_cc))
-        pkrb5_cc_close(ctx, cc);
-    if (ctx && (ctx != alt_ctx))
-        pkrb5_free_context(ctx);
+        krb5_cc_close(context, cc);
+    if (context && (context != alt_context))
+        krb5_free_context(context);
     if (ak_cellconfig.linkedCell)
         free(ak_cellconfig.linkedCell);
 
@@ -3463,7 +2879,7 @@ KFW_AFS_klog(
 /* afs_realm_of_cell():               */
 /**************************************/
 static char *
-afs_realm_of_cell(krb5_context ctx, struct afsconf_cell *cellconfig)
+afs_realm_of_cell(krb5_context context, struct afsconf_cell *cellconfig)
 {
     static char krbrlm[REALM_SZ+1]="";
     char ** realmlist=NULL;
@@ -3472,11 +2888,11 @@ afs_realm_of_cell(krb5_context ctx, struct afsconf_cell *cellconfig)
     if (!cellconfig)
         return 0;
 
-    r = pkrb5_get_host_realm(ctx, cellconfig->hostName[0], &realmlist);
+    r = krb5_get_host_realm(context, cellconfig->hostName[0], &realmlist);
     if ( !r && realmlist && realmlist[0] ) {
         StringCbCopyN( krbrlm, sizeof(krbrlm),
                        realmlist[0], sizeof(krbrlm) - 1);
-        pkrb5_free_host_realm(ctx, realmlist);
+        krb5_free_host_realm(context, realmlist);
     }
 
     if ( !krbrlm[0] )
@@ -3515,7 +2931,7 @@ KFW_AFS_get_cellconfig(char *cell, struct afsconf_cell *cellconfig, char *local_
     }
 
     if (strlen(cell) == 0)
-        strcpy(cell, local_cell);
+        StringCbCopy(cell, CELL_MAXNAMELEN, local_cell);
 
     rc = cm_SearchCellRegistry(1, cell, newcell, linkedcell, get_cellconfig_callback, (void*)cellconfig);
     if (rc && rc != CM_ERROR_FORCE_DNS_LOOKUP)
@@ -3647,78 +3063,9 @@ cleanup:
     return(hr);
 }
 
-void
-UnloadFuncs(
-    FUNC_INFO fi[],
-    HINSTANCE h
-    )
-{
-    int n;
-    if (fi)
-        for (n = 0; fi[n].func_ptr_var; n++)
-            *(fi[n].func_ptr_var) = 0;
-    if (h) FreeLibrary(h);
-}
-
-int
-LoadFuncs(
-    const char* dll_name,
-    FUNC_INFO fi[],
-    HINSTANCE* ph,  // [out, optional] - DLL handle
-    int* pindex,    // [out, optional] - index of last func loaded (-1 if none)
-    int cleanup,    // cleanup function pointers and unload on error
-    int go_on,      // continue loading even if some functions cannot be loaded
-    int silent      // do not pop-up a system dialog if DLL cannot be loaded
-    )
-{
-    HINSTANCE h;
-    int i, n, last_i;
-    int error = 0;
-    UINT em;
-
-    if (ph) *ph = 0;
-    if (pindex) *pindex = -1;
-
-    for (n = 0; fi[n].func_ptr_var; n++)
-       *(fi[n].func_ptr_var) = 0;
-
-    if (silent)
-       em = SetErrorMode(SEM_FAILCRITICALERRORS);
-    h = LoadLibrary(dll_name);
-    if (silent)
-        SetErrorMode(em);
-
-    if (!h)
-        return 0;
-
-    last_i = -1;
-    for (i = 0; (go_on || !error) && (i < n); i++)
-    {
-       void* p = (void*)GetProcAddress(h, fi[i].func_name);
-       if (!p)
-           error = 1;
-        else
-        {
-            last_i = i;
-           *(fi[i].func_ptr_var) = p;
-        }
-    }
-    if (pindex) *pindex = last_i;
-    if (error && cleanup && !go_on) {
-       for (i = 0; i < n; i++) {
-           *(fi[i].func_ptr_var) = 0;
-       }
-       FreeLibrary(h);
-       return 0;
-    }
-    if (ph) *ph = h;
-    if (error) return 0;
-    return 1;
-}
-
 BOOL KFW_probe_kdc(struct afsconf_cell * cellconfig)
 {
-    krb5_context ctx = NULL;
+    krb5_context context = NULL;
     krb5_ccache cc = NULL;
     krb5_error_code code;
     krb5_data pwdata;
@@ -3728,32 +3075,30 @@ BOOL KFW_probe_kdc(struct afsconf_cell * cellconfig)
     char   password[PROBE_PASSWORD_LEN+1];
     BOOL serverReachable = 0;
 
-    if (!pkrb5_init_context)
-        return KRB5_CONFIG_CANTOPEN;
-
-    code = pkrb5_init_context(&ctx);
+    code = krb5_init_context(&context);
     if (code) goto cleanup;
 
 
-    realm = afs_realm_of_cell(ctx, cellconfig);  // do not free
+    realm = afs_realm_of_cell(context, cellconfig);  // do not free
 
-    code = pkrb5_build_principal(ctx, &principal, (int)strlen(realm),
+    code = krb5_build_principal(context, &principal, (int)strlen(realm),
                                   realm, PROBE_USERNAME, NULL, NULL);
     if ( code ) goto cleanup;
 
-    code = KFW_get_ccache(ctx, principal, &cc);
+    code = KFW_get_ccache(context, principal, &cc);
     if ( code ) goto cleanup;
 
-    code = pkrb5_unparse_name(ctx, principal, &pname);
+    code = krb5_unparse_name(context, principal, &pname);
     if ( code ) goto cleanup;
 
     pwdata.data = password;
     pwdata.length = PROBE_PASSWORD_LEN;
-    code = pkrb5_c_random_make_octets(ctx, &pwdata);
-    if (code) {
+    krb5_c_random_make_octets(context, &pwdata);
+    {
         int i;
         for ( i=0 ; i<PROBE_PASSWORD_LEN ; i++ )
-            password[i] = 'x';
+            if (password[i] == '\0')
+                password[i] = 'x';
     }
     password[PROBE_PASSWORD_LEN] = '\0';
 
@@ -3781,13 +3126,13 @@ BOOL KFW_probe_kdc(struct afsconf_cell * cellconfig)
 
   cleanup:
     if ( pname )
-        pkrb5_free_unparsed_name(ctx,pname);
+        krb5_free_unparsed_name(context,pname);
     if ( principal )
-        pkrb5_free_principal(ctx,principal);
+        krb5_free_principal(context,principal);
     if (cc)
-        pkrb5_cc_close(ctx,cc);
-    if (ctx)
-        pkrb5_free_context(ctx);
+        krb5_cc_close(context,cc);
+    if (context)
+        krb5_free_context(context);
 
     return serverReachable;
 }
@@ -3795,7 +3140,7 @@ BOOL KFW_probe_kdc(struct afsconf_cell * cellconfig)
 BOOL
 KFW_AFS_get_lsa_principal(char * szUser, DWORD *dwSize)
 {
-    krb5_context   ctx = NULL;
+    krb5_context   context = NULL;
     krb5_error_code code;
     krb5_ccache mslsa_ccache=NULL;
     krb5_principal princ = NULL;
@@ -3805,16 +3150,16 @@ KFW_AFS_get_lsa_principal(char * szUser, DWORD *dwSize)
     if (!KFW_is_available())
         return FALSE;
 
-    if (code = pkrb5_init_context(&ctx))
+    if (code = krb5_init_context(&context))
         goto cleanup;
 
-    if (code = pkrb5_cc_resolve(ctx, "MSLSA:", &mslsa_ccache))
+    if (code = krb5_cc_resolve(context, "MSLSA:", &mslsa_ccache))
         goto cleanup;
 
-    if (code = pkrb5_cc_get_principal(ctx, mslsa_ccache, &princ))
+    if (code = krb5_cc_get_principal(context, mslsa_ccache, &princ))
         goto cleanup;
 
-    if (code = pkrb5_unparse_name(ctx, princ, &pname))
+    if (code = krb5_unparse_name(context, princ, &pname))
         goto cleanup;
 
     if ( strlen(pname) < *dwSize ) {
@@ -3825,16 +3170,16 @@ KFW_AFS_get_lsa_principal(char * szUser, DWORD *dwSize)
 
   cleanup:
     if (pname)
-        pkrb5_free_unparsed_name(ctx, pname);
+        krb5_free_unparsed_name(context, pname);
 
     if (princ)
-        pkrb5_free_principal(ctx, princ);
+        krb5_free_principal(context, princ);
 
     if (mslsa_ccache)
-        pkrb5_cc_close(ctx, mslsa_ccache);
+        krb5_cc_close(context, mslsa_ccache);
 
-    if (ctx)
-        pkrb5_free_context(ctx);
+    if (context)
+        krb5_free_context(context);
     return success;
 }
 
@@ -3968,13 +3313,13 @@ KFW_AFS_copy_cache_to_system_file(char * user, char * szLogonId)
     char filename[MAX_PATH] = "";
     DWORD count;
     char cachename[MAX_PATH + 8] = "FILE:";
-    krb5_context               ctx = NULL;
+    krb5_context               context = NULL;
     krb5_error_code            code;
     krb5_principal              princ = NULL;
     krb5_ccache                        cc  = NULL;
     krb5_ccache                 ncc = NULL;
 
-    if (!pkrb5_init_context || !user || !szLogonId)
+    if (!user || !szLogonId)
         return;
 
     count = GetEnvironmentVariable("TEMP", filename, sizeof(filename));
@@ -3992,80 +3337,80 @@ KFW_AFS_copy_cache_to_system_file(char * user, char * szLogonId)
 
     DeleteFile(filename);
 
-    code = pkrb5_init_context(&ctx);
+    code = krb5_init_context(&context);
     if (code) goto cleanup;
 
-    code = pkrb5_parse_name(ctx, user, &princ);
+    code = krb5_parse_name(context, user, &princ);
     if (code) goto cleanup;
 
-    code = KFW_get_ccache(ctx, princ, &cc);
+    code = KFW_get_ccache(context, princ, &cc);
     if (code) goto cleanup;
 
-    code = pkrb5_cc_resolve(ctx, cachename, &ncc);
+    code = krb5_cc_resolve(context, cachename, &ncc);
     if (code) goto cleanup;
 
-    code = pkrb5_cc_initialize(ctx, ncc, princ);
+    code = krb5_cc_initialize(context, ncc, princ);
     if (code) goto cleanup;
 
     code = KFW_AFS_set_file_cache_dacl(filename, NULL);
     if (code) goto cleanup;
 
-    code = pkrb5_cc_copy_creds(ctx,cc,ncc);
+    code = krb5_cc_copy_creds(context,cc,ncc);
 
   cleanup:
     if ( cc ) {
-        pkrb5_cc_close(ctx, cc);
+        krb5_cc_close(context, cc);
         cc = 0;
     }
     if ( ncc ) {
-        pkrb5_cc_close(ctx, ncc);
+        krb5_cc_close(context, ncc);
         ncc = 0;
     }
     if ( princ ) {
-        pkrb5_free_principal(ctx, princ);
+        krb5_free_principal(context, princ);
         princ = 0;
     }
 
-    if (ctx)
-        pkrb5_free_context(ctx);
+    if (context)
+        krb5_free_context(context);
 }
 
 int
 KFW_AFS_copy_file_cache_to_default_cache(char * filename)
 {
     char cachename[MAX_PATH + 8] = "FILE:";
-    krb5_context               ctx = NULL;
+    krb5_context               context = NULL;
     krb5_error_code            code;
     krb5_principal              princ = NULL;
     krb5_ccache                        cc  = NULL;
     krb5_ccache                 ncc = NULL;
     int retval = 1;
 
-    if (!pkrb5_init_context || !filename)
+    if (!filename)
         return 1;
 
     if ( strlen(filename) + sizeof("FILE:") > sizeof(cachename) )
         return 1;
 
-    code = pkrb5_init_context(&ctx);
+    code = krb5_init_context(&context);
     if (code) return 1;
 
     StringCbCat( cachename, sizeof(cachename), filename);
 
-    code = pkrb5_cc_resolve(ctx, cachename, &cc);
+    code = krb5_cc_resolve(context, cachename, &cc);
     if (code) goto cleanup;
 
-    code = pkrb5_cc_get_principal(ctx, cc, &princ);
+    code = krb5_cc_get_principal(context, cc, &princ);
 
-    code = pkrb5_cc_default(ctx, &ncc);
+    code = krb5_cc_default(context, &ncc);
     if (!code) {
-        code = pkrb5_cc_initialize(ctx, ncc, princ);
+        code = krb5_cc_initialize(context, ncc, princ);
 
         if (!code)
-            code = pkrb5_cc_copy_creds(ctx,cc,ncc);
+            code = krb5_cc_copy_creds(context,cc,ncc);
     }
     if ( ncc ) {
-        pkrb5_cc_close(ctx, ncc);
+        krb5_cc_close(context, ncc);
         ncc = 0;
     }
 
@@ -4073,19 +3418,19 @@ KFW_AFS_copy_file_cache_to_default_cache(char * filename)
 
   cleanup:
     if ( cc ) {
-        pkrb5_cc_close(ctx, cc);
+        krb5_cc_close(context, cc);
         cc = 0;
     }
 
     DeleteFile(filename);
 
     if ( princ ) {
-        pkrb5_free_principal(ctx, princ);
+        krb5_free_principal(context, princ);
         princ = 0;
     }
 
-    if (ctx)
-        pkrb5_free_context(ctx);
+    if (context)
+        krb5_free_context(context);
 
     return 0;
 }
@@ -4240,3 +3585,55 @@ time_to_life(afs_uint32 start, afs_uint32 end)
     return best_i + TKTLIFEMINFIXED;
 }
 
+DWORD KFW_get_default_mslsa_import(krb5_context context)
+{
+    static const char * lsh_settings_key = "";
+    static const char * lsh_mslsa_value = "";
+    DWORD import = 0;
+    HKEY hKey;
+    DWORD dwCount;
+    LONG rc;
+
+    rc = RegOpenKeyEx(HKEY_CURRENT_USER, lsh_settings_key, 0, KEY_QUERY_VALUE, &hKey);
+    if (rc)
+        return import;
+
+    dwCount = sizeof(DWORD);
+    rc = RegQueryValueEx(hKey, lsh_mslsa_value, 0, 0, (LPBYTE) &import, &dwCount);
+    RegCloseKey(hKey);
+
+    if (rc == 0)
+        return import;
+
+    rc = RegOpenKeyEx(HKEY_LOCAL_MACHINE, lsh_settings_key, 0, KEY_QUERY_VALUE, &hKey);
+    if (rc)
+        return import;
+
+    dwCount = sizeof(DWORD);
+    rc = RegQueryValueEx(hKey, lsh_mslsa_value, 0, 0, (LPBYTE) &import, &dwCount);
+    RegCloseKey(hKey);
+
+    return import;
+}
+
+DWORD KFW_get_default_lifetime(krb5_context context, const char * realm)
+{
+    static const char * lifetime_val_name = "ticket_lifetime";
+    time_t t = 0;
+
+    krb5_appdefault_time(context, "aklog", realm, lifetime_val_name, 0, &t);
+
+    if (t == 0)
+        t = krb5_config_get_time_default(context, NULL, 0,
+                                         "realms", realm, lifetime_val_name, NULL);
+
+    if (t == 0)
+        t = krb5_config_get_time_default(context, NULL, 0,
+                                         "libdefaults", lifetime_val_name, NULL);
+
+    if (t == 0)
+        t = 10 * 60 * 60;
+
+    return (DWORD) t;
+}
+
index 565f37a..f9f5658 100644 (file)
@@ -31,6 +31,7 @@
 
 #ifndef AFSKFW_H
 #define AFSKFW_H
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
index 2587320..c279ae5 100644 (file)
@@ -7,7 +7,7 @@
 
 # make compiler warnings fatal
 
-AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES) -WX -I..\afsd -I..\client_config -I..\kfw\inc\krb5
+AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES) -WX -I..\afsd -I..\client_config
 
 # allow the resource compiler to search the dest\include tree
 
@@ -107,8 +107,8 @@ EXELIBS = \
 
 ############################################################################
 
-$(EXEFILE) : $(EXEOBJS) $(EXELIBS)
-       $(EXEGUILINK) $(VCLIBS)
+$(EXEFILE) : $(EXEOBJS) $(EXELIBS) $(HEIMDEPS)
+       $(EXEGUILINK) $(VCLIBS) $(HEIMLINKOPTS)
         $(_VC_MANIFEST_EMBED_EXE)
        $(EXEPREP)
         $(CODESIGN_USERLAND)
index 92a6758..17d513f 100644 (file)
@@ -6,7 +6,7 @@
 # directory or online at http://www.openafs.org/dl/license10.html
 
 # include the primary makefile
-AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES)  -DHAVE_KRB5_CREDS_KEYBLOCK=1
+AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES)  -DHAVE_KRB5_CREDS_KEYBLOCK=1 -I$(HEIMINC)
 RELDIR=WINNT\aklog
 !INCLUDE ..\..\config\NTMakefile.$(SYS_NAME)
 !INCLUDE ..\..\config\NTMakefile.version
@@ -41,21 +41,7 @@ EXELIBS = \
        $(DESTDIR)\lib\opr.lib \
        $(DESTDIR)\lib\afsroken.lib
 
-!IF "$(CPU)" == "IA64" || "$(CPU)" == "AMD64" || "$(CPU)" == "ALPHA64"
-OTHERLIBS = \
-    ..\kfw\lib\$(CPU)\krb5_64.lib \
-    ..\kfw\lib\$(CPU)\comerr64.lib \
-    dnsapi.lib mpr.lib delayimp.lib
-LINKOPTS = /DELAYLOAD:krb5_64.dll /DELAYLOAD:comerr64.dll
-!else
-OTHERLIBS = \
-    ..\kfw\lib\$(CPU)\krbv4w32.lib \
-    ..\kfw\lib\$(CPU)\krb5_32.lib \
-    ..\kfw\lib\$(CPU)\comerr32.lib \
-    dnsapi.lib mpr.lib delayimp.lib
-LINKOPTS = /DELAYLOAD:krbv4w32.dll /DELAYLOAD:krb5_32.dll /DELAYLOAD:comerr32.dll
-!endif
-afscflags = -I..\kfw\inc\krb5 -I..\kfw\inc\krb4 $(afscflags)
+OTHERLIBS = dnsapi.lib mpr.lib
 
 $(AKLOGOBJS): $$(@B).c
        $(C2OBJ) $**
@@ -65,15 +51,15 @@ $(ASETKEYOBJS): $$(@B).c
 
 ############################################################################
 
-$(AKLOG) : $(AKLOGOBJS) $(PTERROBJS) $(EXELIBS) $(OUT)\aklog.res
-       $(EXECONLINK) $(EXELIBS) $(OTHERLIBS) $(LINKOPTS)
+$(AKLOG) : $(AKLOGOBJS) $(PTERROBJS) $(EXELIBS) $(OUT)\aklog.res $(HEIMDEPS)
+       $(EXECONLINK) $(EXELIBS) $(OTHERLIBS) $(HEIMLINKOPTS)
         $(_VC_MANIFEST_EMBED_EXE)
        $(EXEPREP)
         $(CODESIGN_USERLAND)
         $(SYMSTORE_IMPORT)
 
-$(ASETKEY) : $(ASETKEYOBJS) $(EXELIBS) $(OUT)\asetkey.res
-       $(EXECONLINK) $(EXELIBS) $(OTHERLIBS) $(LINKOPTS)
+$(ASETKEY) : $(ASETKEYOBJS) $(EXELIBS) $(OUT)\asetkey.res $(HEIMDEPS)
+       $(EXECONLINK) $(EXELIBS) $(OTHERLIBS) $(HEIMLINKOPTS)
         $(_VC_MANIFEST_EMBED_EXE)
        $(EXEPREP)
         $(CODESIGN_USERLAND)
index 3def007..ecfa5dd 100644 (file)
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#ifndef _WIN64
-#define HAVE_KRB4 1
-#endif
-
 #include <afsconfig.h>
 #include <afs/param.h>
 #include <roken.h>
@@ -82,6 +78,7 @@
 #include <afs\pioctl_nt.h>
 #include <afs\smb_iocons.h>
 #include <WINNT\afsreg.h>
+#include <krbcompat_delayload.h>
 
 #define DONT_HAVE_GET_AD_TKT
 #define MAXSYMLINKS 255
@@ -197,9 +194,6 @@ static int use524 = FALSE;  /* use krb524? */
 static krb5_context context = 0;
 static krb5_ccache _krb425_ccache = 0;
 
-static char * (KRB5_CALLCONV *pkrb5_get_error_message)(krb5_context context, krb5_error_code code)=NULL;
-static void (KRB5_CALLCONV *pkrb5_free_error_message)(krb5_context context, char *s) = NULL;
-
 void akexit(int exit_code)
 {
     if (_krb425_ccache)
@@ -225,16 +219,13 @@ redirect_errors(const char *who, afs_int32 code, const char *fmt, va_list ap)
         int freestr = 0;
         char *str = (char *)afs_error_message(code);
         if (strncmp(str, "unknown", strlen(str)) == 0) {
-            if (pkrb5_get_error_message) {
-                str = pkrb5_get_error_message(NULL, code);
-                freestr = 1;
-            } else
-                str = (char *)error_message(code);
+            str = krb5_get_error_message(NULL, code);
+            freestr = 1;
         }
         fputs(str, stderr);
         fputs(" ", stderr);
         if (freestr)
-            pkrb5_free_error_message(NULL, str);
+            krb5_free_error_message(NULL, str);
     }
     if (fmt) {
         vfprintf(stderr, fmt, ap);
@@ -514,15 +505,17 @@ static int get_v5cred(krb5_context context,
     increds.client = client_principal;
     increds.times.endtime = 0;
        /* Ask for DES since that is what V4 understands */
-    increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC;
+    increds.session.keytype = ENCTYPE_DES_CBC_CRC;
 
     r = krb5_get_credentials(context, 0, _krb425_ccache, &increds, creds);
     if (r) {
         return((int)r);
     }
+#ifdef HAVE_KRB4
     /* This requires krb524d to be running with the KDC */
     if (c != NULL)
         r = krb5_524_convert_creds(context, *creds, c);
+#endif
 
     return((int)r);
 }
@@ -647,7 +640,6 @@ static int get_v5_user_realm(krb5_context context,char *realm)
 {
     static krb5_principal client_principal = 0;
     krb5_error_code code;
-    int i;
 
     if (!_krb425_ccache) {
         code = krb5_cc_default(context, &_krb425_ccache);
@@ -659,29 +651,24 @@ static int get_v5_user_realm(krb5_context context,char *realm)
         if (code)
             return(code);
     }
-    i = krb5_princ_realm(context, client_principal)->length;
-    if (i < REALM_SZ-1) i = REALM_SZ-1;
-    strncpy(realm,krb5_princ_realm(context, client_principal)->data,i);
-    realm[i] = 0;
+    strncpy(realm, krb5_principal_get_realm(context, client_principal), REALM_SZ - 1);
+    realm[REALM_SZ - 1] = 0;
     return(KSUCCESS);
 }
 
 static void
 copy_realm_of_ticket(krb5_context context, char * dest, size_t destlen, krb5_creds *v5cred) {
-    krb5_error_code code;
-    krb5_ticket *ticket;
+    Ticket ticket;
     size_t len;
+    int ret;
 
-    code = krb5_decode_ticket(&v5cred->ticket, &ticket);
-    if (code == 0) {
-        len = krb5_princ_realm(context, ticket->server)->length;
-        if (len > destlen - 1)
-            len = destlen - 1;
-
-        strncpy(dest, krb5_princ_realm(context, ticket->server)->data, len);
-        dest[len] = '\0';
+    ret = decode_Ticket(v5cred->ticket.data, v5cred->ticket.length,
+                        &ticket, &len);
+    if (ret == 0) {
+        strncpy(dest, ticket.realm, destlen - 1);
+        dest[destlen - 1] = '\0';
 
-        krb5_free_ticket(context, ticket);
+        free_Ticket(&ticket);
     }
 }
 
@@ -834,14 +821,10 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm)
         if ((status = get_v5_user_realm(context, realm_of_user)) != KSUCCESS) {
             char * msg;
 
-            if (pkrb5_get_error_message)
-                msg = pkrb5_get_error_message(context, status);
-            else
-                msg = (char *)error_message(status);
+            msg = krb5_get_error_message(context, status);
             fprintf(stderr, "%s: Couldn't determine realm of user: %s\n",
-                     progname, msg);
-            if (pkrb5_free_error_message)
-                pkrb5_free_error_message(context, msg);
+                    progname, msg);
+            krb5_free_error_message(context, msg);
             status = AKLOG_KERBEROS;
             goto done;
         }
@@ -968,19 +951,16 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm)
             printf("Kerberos error code returned by get_cred: %d\n", status);
 
         if (usev5) {
-            if (pkrb5_get_error_message)
-                msg = pkrb5_get_error_message(context, status);
-            else
-                msg = (char *)error_message(status);
+            msg = krb5_get_error_message(context, status);
         }
 #ifdef HAVE_KRB4
         else
             msg = krb_err_text(status);
 #endif
         fprintf(stderr, "%s: Couldn't get %s AFS tickets: %s\n",
-                 progname, cell_to_use, msg?msg:"(unknown error)");
-        if (usev5 && pkrb5_free_error_message)
-            pkrb5_free_error_message(context, msg);
+                progname, cell_to_use, msg?msg:"(unknown error)");
+        if (usev5)
+            krb5_free_error_message(context, msg);
         status = AKLOG_KERBEROS;
         goto done;
     }
@@ -996,16 +976,17 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm)
          */
         char * p;
         int len;
+        const char *un;
 
-        len = min(v5cred->client->data[0].length,MAXKTCNAMELEN - 1);
-        strncpy(username, v5cred->client->data[0].data, len);
-        username[len] = '\0';
+        un = krb5_principal_get_comp_string(context, v5cred->client, 0);
+        strncpy(username, un, MAXKTCNAMELEN - 1);
+        username[MAXKTCNAMELEN - 1] = '\0';
 
-        if ( v5cred->client->length > 1 ) {
+        if ( krb5_principal_get_num_comp(context, v5cred->client) > 1 ) {
             strcat(username, ".");
             p = username + strlen(username);
-            len = min(v5cred->client->data[1].length, (unsigned int)(MAXKTCNAMELEN - strlen(username) - 1));
-            strncpy(p, v5cred->client->data[1].data, len);
+            len = (unsigned int)(MAXKTCNAMELEN - strlen(username) - 1);
+            strncpy(p, krb5_principal_get_comp_string(context, v5cred->client, 1), len);
             p[len] = '\0';
         }
 
@@ -1013,7 +994,7 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm)
         atoken.kvno = RXKAD_TKT_TYPE_KERBEROS_V5;
         atoken.startTime = v5cred->times.starttime;
         atoken.endTime = v5cred->times.endtime;
-        memcpy(&atoken.sessionKey, v5cred->keyblock.contents, v5cred->keyblock.length);
+        memcpy(&atoken.sessionKey, v5cred->session.keyvalue.data, v5cred->session.keyvalue.length);
         atoken.ticketLen = v5cred->ticket.length;
         memcpy(atoken.ticket, v5cred->ticket.data, atoken.ticketLen);
     } else {
@@ -1099,9 +1080,9 @@ static int auth_to_cell(krb5_context context, char *cell, char *realm)
     strcpy(aclient.instance, "");
 
     if (usev5 && !use524) {
-        int len = min(v5cred->client->realm.length,MAXKTCNAMELEN - 1);
-        strncpy(aclient.cell, v5cred->client->realm.data, len);
-        aclient.cell[len] = '\0';
+        strncpy(aclient.cell,
+                krb5_principal_get_realm(context, v5cred->client), MAXKTCNAMELEN - 1);
+        aclient.cell[MAXKTCNAMELEN - 1] = '\0';
     }
 #ifdef HAVE_KRB4
     else
@@ -1431,29 +1412,11 @@ static void usage(void)
     akexit(AKLOG_USAGE);
 }
 
-#ifndef _WIN64
-#define KRB5LIB "krb5_32.dll"
-#else
-#define KRB5LIB "krb5_64.dll"
-#endif
-void
-load_krb5_error_message_funcs(void)
-{
-    HINSTANCE h = LoadLibrary(KRB5LIB);
-    if (h) {
-        (FARPROC)pkrb5_get_error_message = GetProcAddress(h, "krb5_get_error_message");
-        (FARPROC)pkrb5_free_error_message = GetProcAddress(h, "krb5_free_error_message");
-    }
-}
-
 void
 validate_krb5_availability(void)
 {
-    HINSTANCE h = LoadLibrary(KRB5LIB);
-    if (h)
-        FreeLibrary(h);
-    else {
-        fprintf(stderr, "Kerberos for Windows library %s is not available.\n", KRB5LIB);
+    if (!DelayLoadHeimdal()) {
+        fprintf(stderr, "Kerberos for Windows or Heimdal is not available.\n");
         akexit(AKLOG_KFW_NOT_INSTALLED);
     }
 }
@@ -1642,7 +1605,6 @@ int main(int argc, char *argv[])
         validate_krb5_availability();
         if (krb5_init_context(&context))
             return(AKLOG_KERBEROS);
-        load_krb5_error_message_funcs();
     } else
         validate_krb4_availability();
     afs_set_com_err_hook(redirect_errors);
index b8ecb13..51b8ecf 100644 (file)
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-#include <winsock.h>
+#include <afsconfig.h>
+#include <afs/param.h>
+#include <roken.h>
+
+#include <ws2tcpip.h>
 
 #include <stdio.h>
 #include <sys/types.h>
@@ -46,6 +50,7 @@
 #include <afs/dirpath.h>
 #endif /* !PRE_AFS35 */
 #include <afs/com_err.h>
+#include <krbcompat_delayload.h>
 
 void
 validate_krb5_availability(void)
@@ -135,13 +140,13 @@ main(int argc, char **argv)
                exit(1);
        }
 
-       if (key->length != 8) {
+       if (key->keyvalue.length != 8) {
                printf("Key length should be 8, but is really %d!\n",
-                      key->length);
+                      key->keyvalue.length);
                exit(1);
        }
 
-       code = afsconf_AddKey(tdir, kvno, key->contents, 1);
+       code = afsconf_AddKey(tdir, kvno, key->keyvalue.data, 1);
        if (code) {
            printf("asetkey: failed to set key, code %d.\n", code);
            exit(1);
index 2e3f6d0..030cb25 100644 (file)
@@ -7,7 +7,7 @@
 
 # include the AFSD source tree on our inclusion path
 
-AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES) /D"_AFXDLL" -I..\afsd -I..\client_config -I..\kfw\inc\krb5 -DUAC_COMPATIBLE=1
+AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES) /D"_AFXDLL" -I..\afsd -I..\client_config -DUAC_COMPATIBLE=1
 
 # include the primary makefile
 RELDIR=WINNT\client_creds
@@ -49,7 +49,7 @@ CLIENTOBJS = \
        $(OUT)\RegistrySupport.obj
 
 VCLIBS =\
-       iphlpapi.lib \
+       iphlpapi.lib \
        comctl32.lib \
        shell32.lib \
        uuid.lib \
@@ -57,7 +57,8 @@ VCLIBS =\
        mpr.lib \
        userenv.lib \
        netapi32.lib \
-        secur32.lib
+        secur32.lib  \
+       delayimp.lib
 
 EXELIBS = \
        $(DESTDIR)\lib\afs\afspioctl.lib \
@@ -74,7 +75,6 @@ EXELIBS = \
        $(DESTDIR)\lib\opr.lib \
        $(DESTDIR)\lib\afsroken.lib
 
-
 ############################################################################
 #
 # EXTERNAL SOURCE FILES
@@ -109,8 +109,8 @@ $(EXECOBJS): $$(@B).c
 
 ############################################################################
 
-$(EXEFILE) : $(EXEOBJS) $(EXECOBJS) $(EXERES) $(AFSDOBJS) $(CLIENTOBJS) $(EXELIBS)
-       $(EXEGUILINK) $(VCLIBS)
+$(EXEFILE) : $(EXEOBJS) $(EXECOBJS) $(EXERES) $(AFSDOBJS) $(CLIENTOBJS) $(EXELIBS) $(HEIMDEPS)
+       $(EXEGUILINK) $(VCLIBS) $(HEIMLINKOPTS)
         $(_VC_MANIFEST_EMBED_EXE)
        $(EXEPREP)
         $(CODESIGN_USERLAND)
index 014cc8a..866719c 100644 (file)
@@ -11,6 +11,7 @@ RELDIR=WINNT\install\wix
 
 MEDIADIR = $(DESTDIR)\WinInstall
 MEDIABINDIR = $(MEDIADIR)\Dll
+HEIMREDISTDIR= $(HEIMDALSDKDIR)\redist\$(CPU)
 
 !IFDEF LITECLIENT
 LITE=-lite
@@ -99,6 +100,7 @@ $(WIXOBJ): openafs.wxs $(WIXINCLUDES)
                "-dDestDir=$(DESTDIR)\\" \
                -dCellDbFile=CellServDB \
                "-dIDNMRedistDir=$(MSIDNNLS)\\REDIST"   \
+               "-dKrbCompatRedistDir=$(HEIMREDISTDIR)" \
 !IFDEF LITECLIENT
                -dLiteClient=1 \
 !ENDIF
@@ -117,6 +119,7 @@ $(BINWIXOBJ): oafwbins.wxs $(WIXINCLUDES)
                -dVersionPatch=$(AFSPRODUCT_VER_PATCH)  \
                "-dDestDir=$(DESTDIR)\\" \
                -dCellDbFile=CellServDB \
+               "-dKrbCompatRedistDir=$(HEIMREDISTDIR)" \
 !IFDEF LITECLIENT
                -dLiteClient=1 \
 !ENDIF
index 0249349..d305998 100644 (file)
                 
                 <!-- Runtime -->
                 <?include runtime.wxi?>
+
+                <MergeRef Id="mergeHeimdalCompat" />
+
             </Feature>
 
             <?ifndef LiteClient ?>
                 <!-- Runtime -->
                 <?include runtime.wxi?>
 
+                <MergeRef Id="mergeHeimdalCompat" />
+
             </Feature>
   <?endif?>
         </Feature>
index 9c9b37c..e6913f3 100644 (file)
                 <!-- <</LanguageSpecific:1033/en_US>> -->
   <?endif?> <!-- /ifndef BinsOnly -->
 
+  <!-- Dependencies -->
+  <Merge Id="mergeHeimdalCompat" Language="0" DiskId="1" FileCompression="yes" src="$(var.KrbCompatRedistDir)\SecureEndpoints-krbcompat.msm" />
+
                 <!-- Runtime libraries -->
           <?ifndef Debug?>
 
index 8be7c4f..6985964 100644 (file)
@@ -47,13 +47,9 @@ INCFILEDIR = $(DESTDIR)\include\WINNT
 
 LIBFILEDIR = $(DESTDIR)\lib
 
-KFWINCDIR = ..\kfw\inc
-
-KFWLIBDIR = ..\kfw\lib\$(CPU)
-
 # Build environment
 
-kfwincflags=-I$(KFWINCDIR)\krb5\KerberosIV -I$(KFWINCDIR)\loadfuncs -I$(KFWINCDIR)\krb5 -I$(KFWINCDIR)\netidmgr -I$(KFWINCDIR)
+kfwincflags=-I$(HEIMDALSDKDIR)\inc -I$(HEIMDALSDKDIR)\inc\krb5 -I..\kfw\inc\netidmgr
 afsincflags=-I$(DESTDIR)\include -I$(DESTDIR)\include\afs -I$(DESTDIR)\include\rx
 
 incflags=$(kfwincflags) $(afsincflags) -I.
@@ -98,17 +94,16 @@ OBJFILES=                           \
 
 !if "$(CPU)" == "AMD64"
 LIBFILES=                              \
-       $(KFWLIBDIR)\nidmgr64.lib
+       $(AFSROOT)\src\WINNT\kfw\lib\$(CPU)\nidmgr64.lib
 !else
 LIBFILES=                              \
-       $(KFWLIBDIR)\nidmgr32.lib
+       $(AFSROOT)\src\WINNT\kfw\lib\$(CPU)\nidmgr32.lib
 !endif
 
 SDKLIBFILES=                           \
        $(DESTDIR)\lib\afsauthent.lib   \
        $(DESTDIR)\lib\libafsconf.lib   \
         $(DESTDIR)\lib\afs\mtafsutil.lib\
-       $(KFWLIBDIR)\loadfuncs.lib      \
        htmlhelp.lib                    \
        shell32.lib                     \
        comctl32.lib                    \
@@ -116,6 +111,8 @@ SDKLIBFILES=                                \
        shlwapi.lib                     \
        psapi.lib
 
+DELAYOPT=/DELAYLOAD:advapi32.dll /DELAYLOAD:secur32.dll /DELAYLOAD:psapi.dll
+
 VERRESFILE=$(OUT)\version.res
 
 $(OUT)\afsfuncs.obj: afsfuncs.c
@@ -151,8 +148,8 @@ $(OUT)\dynimport.obj: dynimport.c
 $(OUT)\krb5common.obj: krb5common.c
        $(PC2OBJ)
 
-$(DLLFILE): $(OBJFILES) $(VERRESFILE)
-       $(DLLGUILINK) $(LIBFILES) $(SDKLIBFILES)
+$(DLLFILE): $(OBJFILES) $(VERRESFILE) $(HEIMDEPS)
+       $(DLLGUILINK) $(LIBFILES) $(SDKLIBFILES) $(DELAYOPT) $(HEIMLINKOPTS)
        $(_VC_MANIFEST_EMBED_DLL)
        $(_VC_MANIFEST_CLEAN)
         $(CODESIGN_USERLAND)
index 6a77929..93a83c4 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005,2006,2007, 2008 Secure Endpoints Inc.
+ * Copyright (c) 2005-2011 Secure Endpoints Inc.
  *
  * Permission is hereby granted, free of charge, to any person
  * obtaining a copy of this software and associated documentation
@@ -387,13 +387,13 @@ afs_list_tokens_internal(void)
 
             k5c = (krb5_creds *) atoken.ticket;
 
-            code = pkrb5_unparse_name(ctx, k5c->client, &princ);
+            code = krb5_unparse_name(ctx, k5c->client, &princ);
             if(code)
                 goto _no_krb5;
 
             MultiByteToWideChar(CP_ACP, 0, princ, strlen(princ), idname, sizeof(idname)/sizeof(idname[0]));
 
-            pkrb5_free_unparsed_name(ctx, princ);
+            krb5_free_unparsed_name(ctx, princ);
 _no_krb5:
             ;
         }
@@ -719,19 +719,16 @@ ViceIDToUsername(char *username,
 
 static void
 copy_realm_of_ticket(krb5_context context, char * dest, size_t destlen, krb5_creds *v5cred) {
-    krb5_error_code code;
-    krb5_ticket *ticket;
+    Ticket ticket;
     size_t len;
+    int ret;
 
-    code = pkrb5_decode_ticket(&v5cred->ticket, &ticket);
-    if (code == 0) {
-        len = krb5_princ_realm(context, ticket->server)->length;
-        if (len > destlen - 1)
-            len = destlen - 1;
+    ret = decode_Ticket(v5cred->ticket.data, v5cred->ticket.length,
+                        &ticket, &len);
+    if (ret == 0) {
+        StringCbCopyA(dest, destlen, ticket.realm);
 
-        StringCbCopyA(dest, len, krb5_princ_realm(context, ticket->server)->data);
-
-        pkrb5_free_ticket(context, ticket);
+        free_Ticket(&ticket);
     }
 }
 
@@ -746,7 +743,9 @@ afs_klog(khm_handle identity,
          char *linkedCell) {
 
     long       rc;
+#ifdef USE_KRB4
     CREDENTIALS        creds;
+#endif
     struct ktc_principal       aserver;
     struct ktc_principal       aclient;
     char       realm_of_user[MAXKTCREALMLEN]; /* Kerberos realm of user */
@@ -760,8 +759,10 @@ afs_klog(khm_handle identity,
     char       CellName[128];
     char       ServiceName[128];
     khm_handle confighandle = NULL;
+#ifdef USE_KRB4
     khm_int32  supports_krb4 = (pkrb_get_tf_realm == NULL ? 0 : 1);
     khm_int32   got524cred = 0;
+#endif
 
     /* signalling */
     BOOL        bGotCreds = FALSE; /* got creds? */
@@ -822,7 +823,9 @@ afs_klog(khm_handle identity,
     else
         StringCbCopyA(RealmName, sizeof(RealmName), realm);
 
+#ifdef USE_KRB4
     memset(&creds, '\0', sizeof(creds));
+#endif
 
     /*** Kerberos 5 and 524 ***/
 
@@ -849,54 +852,54 @@ afs_klog(khm_handle identity,
 
             memset(&increds, 0, sizeof(increds));
 
-            pkrb5_cc_get_principal(context, k5cc, &client_principal);
-            i = krb5_princ_realm(context, client_principal)->length;
-            if (i > MAXKTCREALMLEN-1)
-                i = MAXKTCREALMLEN-1;
-            StringCchCopyNA(realm_of_user, ARRAYLENGTH(realm_of_user),
-                            krb5_princ_realm(context, client_principal)->data,
-                            i);
+            krb5_cc_get_principal(context, k5cc, &client_principal);
+            StringCchCopyA(realm_of_user, ARRAYLENGTH(realm_of_user),
+                           krb5_principal_get_realm(context, client_principal));
         } else {
             _reportf(L"khm_krb5_initialize returns code %d", r);
+#ifdef USE_KRB4
             goto try_krb4;
+#else
+            goto end_krb5;
+#endif
         }
 
         increds.client = client_principal;
         increds.times.endtime = 0;
         /* Ask for DES since that is what V4 understands */
-        increds.keyblock.enctype = ENCTYPE_DES_CBC_CRC;
+        increds.session.keytype = ENCTYPE_DES_CBC_CRC;
 
 #ifdef KRB5_TC_NOTICKET
         flags = KRB5_TC_OPENCLOSE;
-        r = pkrb5_cc_set_flags(context, k5cc, flags);
+        r = krb5_cc_set_flags(context, k5cc, flags);
 #endif
         if (strlen(realm) != 0) {
-          retry_retcred_1:
+        retry_retcred_1:
             /* First try Service/Cell@REALM */
-            if (r = pkrb5_build_principal(context, &increds.server,
-                                           (int) strlen(realm),
-                                           realm,
-                                           ServiceName,
-                                           CellName,
-                                           0)) {
+            if (r = krb5_build_principal(context, &increds.server,
+                                         (int) strlen(realm),
+                                         realm,
+                                         ServiceName,
+                                         CellName,
+                                         0)) {
                 _reportf(L"krb5_build_principal returns %d", r);
                 goto end_krb5;
             }
 
-            r = pkrb5_get_credentials(context, 0, k5cc, &increds, &k5creds);
+            r = krb5_get_credentials(context, 0, k5cc, &increds, &k5creds);
             if (r == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN ||
                 r == KRB5_ERR_HOST_REALM_UNKNOWN ||
                 r == KRB5KRB_ERR_GENERIC /* Heimdal */) {
                 /* Next try Service@REALM */
-                pkrb5_free_principal(context, increds.server);
-                r = pkrb5_build_principal(context, &increds.server,
-                                           (int) strlen(realm),
-                                           realm,
-                                           ServiceName,
-                                           0);
+                krb5_free_principal(context, increds.server);
+                r = krb5_build_principal(context, &increds.server,
+                                         (int) strlen(realm),
+                                         realm,
+                                         ServiceName,
+                                         0);
                 if (r == 0)
-                    r = pkrb5_get_credentials(context, 0, k5cc,
-                                               &increds, &k5creds);
+                    r = krb5_get_credentials(context, 0, k5cc,
+                                             &increds, &k5creds);
             }
 
             /* Check to make sure we received a valid ticket; if not remove it
@@ -904,26 +907,26 @@ afs_klog(khm_handle identity,
              * same service in the ccache.
              */
             if (r == 0 && k5creds && k5creds->times.endtime < time(NULL)) {
-                pkrb5_free_principal(context, increds.server);
-                pkrb5_cc_remove_cred(context, k5cc, 0, k5creds);
-                pkrb5_free_creds(context, k5creds);
+                krb5_free_principal(context, increds.server);
+                krb5_cc_remove_cred(context, k5cc, 0, k5creds);
+                krb5_free_creds(context, k5creds);
                 k5creds = NULL;
                 goto retry_retcred_1;
             }
         } else {
           retry_retcred_2:
             /* First try Service/Cell@_CLIENT_REALM */
-            if (r = pkrb5_build_principal(context, &increds.server,
-                                           (int) strlen(realm_of_user),
-                                           realm_of_user,
-                                           ServiceName,
-                                           CellName,
-                                           0)) {
+            if (r = krb5_build_principal(context, &increds.server,
+                                         (int) strlen(realm_of_user),
+                                         realm_of_user,
+                                         ServiceName,
+                                         CellName,
+                                         0)) {
                 _reportf(L"krb5_build_principal returns %d", r);
                 goto end_krb5;
             }
 
-            r = pkrb5_get_credentials(context, 0, k5cc, &increds, &k5creds);
+            r = krb5_get_credentials(context, 0, k5cc, &increds, &k5creds);
             if (r == 0) {
                 /* the user realm is a valid cell realm */
                 StringCbCopyA(realm_of_cell, sizeof(realm_of_cell), realm_of_user);
@@ -931,96 +934,96 @@ afs_klog(khm_handle identity,
             if (r == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN ||
                 r == KRB5_ERR_HOST_REALM_UNKNOWN ||
                 r == KRB5KRB_ERR_GENERIC /* Heimdal */) {
-                pkrb5_free_principal(context, increds.server);
-                r = pkrb5_build_principal(context, &increds.server,
-                                           (int) strlen(realm_of_cell),
-                                           realm_of_cell,
-                                           ServiceName,
-                                           CellName,
-                                           0);
+                krb5_free_principal(context, increds.server);
+                r = krb5_build_principal(context, &increds.server,
+                                         (int) strlen(realm_of_cell),
+                                         realm_of_cell,
+                                         ServiceName,
+                                         CellName,
+                                         0);
                 if (r == 0)
-                    r = pkrb5_get_credentials(context, 0, k5cc,
-                                               &increds, &k5creds);
+                    r = krb5_get_credentials(context, 0, k5cc,
+                                             &increds, &k5creds);
             }
             if ((r == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN ||
                  r == KRB5_ERR_HOST_REALM_UNKNOWN ||
                  r == KRB5KRB_ERR_GENERIC /* Heimdal */) &&
                  strlen(realm_of_cell) == 0) {
                 StringCbCopyA(realm_of_cell, sizeof(realm_of_cell),
-                               afs_realm_of_cell(&ak_cellconfig, TRUE));
-
-                pkrb5_free_principal(context, increds.server);
-                r = pkrb5_build_principal(context, &increds.server,
-                                           (int) strlen(realm_of_cell),
-                                           realm_of_cell,
-                                           ServiceName,
-                                           CellName,
-                                           0);
+                              afs_realm_of_cell(&ak_cellconfig, TRUE));
+
+                krb5_free_principal(context, increds.server);
+                r = krb5_build_principal(context, &increds.server,
+                                         (int) strlen(realm_of_cell),
+                                         realm_of_cell,
+                                         ServiceName,
+                                         CellName,
+                                         0);
                 if (r == 0)
-                    r = pkrb5_get_credentials(context, 0, k5cc,
-                                               &increds, &k5creds);
+                    r = krb5_get_credentials(context, 0, k5cc,
+                                             &increds, &k5creds);
             }
             if (r == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN ||
                 r == KRB5_ERR_HOST_REALM_UNKNOWN ||
                 r == KRB5KRB_ERR_GENERIC /* Heimdal */) {
                 /* Next try Service@REALM */
                 StringCbCopyA(realm_of_cell, sizeof(realm_of_cell),
-                               afs_realm_of_cell(&ak_cellconfig, FALSE));
-
-                pkrb5_free_principal(context, increds.server);
-                r = pkrb5_build_principal(context, &increds.server,
-                                           (int) strlen(realm_of_cell),
-                                           realm_of_cell,
-                                           ServiceName,
-                                           0);
+                              afs_realm_of_cell(&ak_cellconfig, FALSE));
+
+                krb5_free_principal(context, increds.server);
+                r = krb5_build_principal(context, &increds.server,
+                                         (int) strlen(realm_of_cell),
+                                         realm_of_cell,
+                                         ServiceName,
+                                         0);
                 if (r == 0)
-                    r = pkrb5_get_credentials(context, 0, k5cc,
-                                               &increds, &k5creds);
+                    r = krb5_get_credentials(context, 0, k5cc,
+                                             &increds, &k5creds);
             }
             if ((r == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN ||
                  r == KRB5_ERR_HOST_REALM_UNKNOWN ||
                  r == KRB5KRB_ERR_GENERIC /* Heimdal */) &&
-                 strlen(realm_of_cell) == 0) {
+                strlen(realm_of_cell) == 0) {
                 /* Next try Service@REALM */
                 StringCbCopyA(realm_of_cell, sizeof(realm_of_cell),
-                               afs_realm_of_cell(&ak_cellconfig, TRUE));
-
-                pkrb5_free_principal(context, increds.server);
-                r = pkrb5_build_principal(context, &increds.server,
-                                           (int) strlen(realm_of_cell),
-                                           realm_of_cell,
-                                           ServiceName,
-                                           0);
+                              afs_realm_of_cell(&ak_cellconfig, TRUE));
+
+                krb5_free_principal(context, increds.server);
+                r = krb5_build_principal(context, &increds.server,
+                                         (int) strlen(realm_of_cell),
+                                         realm_of_cell,
+                                         ServiceName,
+                                         0);
                 if (r == 0)
-                    r = pkrb5_get_credentials(context, 0, k5cc,
-                                               &increds, &k5creds);
+                    r = krb5_get_credentials(context, 0, k5cc,
+                                             &increds, &k5creds);
             }
 
             if (r == 0 && strlen(realm_of_cell) == 0)
                 copy_realm_of_ticket(context, realm_of_cell, sizeof(realm_of_cell), k5creds);
 
-            /* Check to make sure we received a valid ticket; if not remove it
-             * and try again.  Perhaps there are two service tickets for the
-             * same service in the ccache.
+            /* Check to make sure we received a valid ticket; if not
+             * remove it and try again.  Perhaps there are two service
+             * tickets for the same service in the ccache.
              */
             if (r == 0 && k5creds && k5creds->times.endtime < time(NULL)) {
-                pkrb5_free_principal(context, increds.server);
-                pkrb5_cc_remove_cred(context, k5cc, 0, k5creds);
-                pkrb5_free_creds(context, k5creds);
+                krb5_free_principal(context, increds.server);
+                krb5_cc_remove_cred(context, k5cc, 0, k5creds);
+                krb5_free_creds(context, k5creds);
                 k5creds = NULL;
                 goto retry_retcred_2;
             }
         }
 
-        pkrb5_free_principal(context, increds.server);
-        pkrb5_free_principal(context, client_principal);
+        krb5_free_principal(context, increds.server);
+        krb5_free_principal(context, client_principal);
         client_principal = 0;
 #ifdef KRB5_TC_NOTICKET
         flags = KRB5_TC_OPENCLOSE | KRB5_TC_NOTICKET;
-        pkrb5_cc_set_flags(context, k5cc, flags);
+        krb5_cc_set_flags(context, k5cc, flags);
 #endif
 
-        (void) pkrb5_cc_close(context, k5cc);
+        (void) krb5_cc_close(context, k5cc);
         k5cc = 0;
 
         if (r) {
@@ -1029,10 +1032,12 @@ afs_klog(khm_handle identity,
             goto end_krb5;
         }
 
+#ifdef USE_KRB4
         if ( k5creds->ticket.length > MAXKTCTICKETLEN ||
              method == AFS_TOKEN_KRB524) {
             goto try_krb524d;
         }
+#endif
 
         /* This code inserts the entire K5 ticket into the token */
 
@@ -1047,8 +1052,8 @@ afs_klog(khm_handle identity,
         atoken.startTime = k5creds->times.starttime;
         atoken.endTime = k5creds->times.endtime;
         memcpy(&atoken.sessionKey,
-               k5creds->keyblock.contents,
-               k5creds->keyblock.length);
+               k5creds->session.keyvalue.data,
+               k5creds->session.keyvalue.length);
         atoken.ticketLen = k5creds->ticket.length;
         memcpy(atoken.ticket, k5creds->ticket.data, atoken.ticketLen);
 
@@ -1063,7 +1068,11 @@ afs_klog(khm_handle identity,
                 retry++;
                 goto retry_gettoken5;
             }
+#ifdef USE_KRB4
             goto try_krb524d;
+#else
+            goto end_krb5;
+#endif
         }
 
         if (atoken.kvno == btoken.kvno &&
@@ -1074,10 +1083,10 @@ afs_klog(khm_handle identity,
 
             /* success */
             if (k5creds && context)
-                pkrb5_free_creds(context, k5creds);
+                krb5_free_creds(context, k5creds);
 
             if (context)
-                pkrb5_free_context(context);
+                krb5_free_context(context);
 
             _reportf(L"Same token already exists");
 
@@ -1089,17 +1098,13 @@ afs_klog(khm_handle identity,
         // * This structure was first set by the ktc_GetToken call when
         // * we were comparing whether identical tokens already existed.
 
-        len = min(k5creds->client->data[0].length,MAXKTCNAMELEN - 1);
-        StringCchCopyNA(aclient.name, MAXKTCNAMELEN,
-                        k5creds->client->data[0].data, len);
+        StringCchCopyA(aclient.name, MAXKTCNAMELEN,
+                       krb5_principal_get_comp_string(context, k5creds->client, 0));
 
-        if ( k5creds->client->length > 1 ) {
+        if ( krb5_principal_get_num_comp(context, k5creds->client) > 1 ) {
             StringCbCatA(aclient.name, sizeof(aclient.name), ".");
-            p = aclient.name + strlen(aclient.name);
-            len = (int) min(k5creds->client->data[1].length,
-                            MAXKTCNAMELEN - strlen(aclient.name) - 1);
-            StringCchCopyNA(p, MAXKTCNAMELEN - strlen(aclient.name),
-                            k5creds->client->data[1].data, len);
+            StringCbCatA(aclient.name, sizeof(aclient.name),
+                         krb5_principal_get_comp_string(context, k5creds->client, 1));
         }
 
         aclient.instance[0] = '\0';
@@ -1107,11 +1112,8 @@ afs_klog(khm_handle identity,
         StringCbCopyA(aclient.cell, sizeof(aclient.cell), realm_of_cell);
 
        StringCbCatA(aclient.name, sizeof(aclient.name), "@");
-       p = aclient.name + strlen(aclient.name);
-       len = (int) min(k5creds->client->realm.length,
-                        MAXKTCNAMELEN - strlen(aclient.name) - 1);
-        StringCchCopyNA(p, MAXKTCNAMELEN - strlen(aclient.name),
-                        k5creds->client->realm.data, len);
+        StringCbCatA(aclient.name, sizeof(aclient.name),
+                     krb5_principal_get_realm(context, k5creds->client));
 
         ViceIDToUsername(aclient.name, realm_of_user, realm_of_cell, CellName,
                          &aclient, &aserver, &atoken);
@@ -1121,24 +1123,25 @@ afs_klog(khm_handle identity,
             /* success */
 
             if (k5creds && context)
-                pkrb5_free_creds(context, k5creds);
+                krb5_free_creds(context, k5creds);
 
             if (context)
-                pkrb5_free_context(context);
+                krb5_free_context(context);
 
             goto cleanup;
         }
 
         _reportf(L"SetToken returns code %d", rc);
 
+#ifdef USE_KRB4
     try_krb524d:
 
         _reportf(L"Trying Krb524");
 
-        if (pkrb524_convert_creds_kdc &&
+        if (krb524_convert_creds_kdc &&
             (method == AFS_TOKEN_AUTO || method == AFS_TOKEN_KRB524)) {
             /* This requires krb524d to be running with the KDC */
-            r = pkrb524_convert_creds_kdc(context, k5creds, &creds);
+            r = krb524_convert_creds_kdc(context, k5creds, &creds);
             if (r) {
                 _reportf(L"Code %d while converting credentials", r);
                 goto end_krb5;
@@ -1147,18 +1150,20 @@ afs_klog(khm_handle identity,
            got524cred = 1;
             bGotCreds = TRUE;
         }
+#endif
 
     end_krb5:
         if (client_principal)
-            pkrb5_free_principal(context, client_principal);
+            krb5_free_principal(context, client_principal);
 
         if (k5creds && context)
-            pkrb5_free_creds(context, k5creds);
+            krb5_free_creds(context, k5creds);
 
         if (context)
-            pkrb5_free_context(context);
+            krb5_free_context(context);
     }
 
+#ifdef USE_KRB4
     /* Kerberos 4 */
  try_krb4:
 
@@ -1277,7 +1282,7 @@ afs_klog(khm_handle identity,
         StringCbCopyA(aclient.instance, sizeof(aclient.instance), "");
 
         StringCchCatA(aclient.name, MAXKTCNAMELEN, "@");
-               StringCchCatA(aclient.name, MAXKTCNAMELEN, got524cred ? realm_of_user : creds.realm);
+        StringCchCatA(aclient.name, MAXKTCNAMELEN, got524cred ? realm_of_user : creds.realm);
 
         StringCbCopyA(aclient.cell, sizeof(aclient.cell), CellName);
 
@@ -1288,13 +1293,17 @@ afs_klog(khm_handle identity,
             afs_report_error(rc, "ktc_SetToken()");
             goto cleanup;
         }
-    } else if (method == AFS_TOKEN_AUTO ||
-               method >= AFS_TOKEN_USER) {
-        /* we couldn't get a token using Krb5, Krb524 or Krb4, either
-           because we couldn't get the necessary credentials or
-           because the method was set to not use those.  Now we
-           dispatch to any extensions to see if they have better
-           luck. */
+    }
+#endif
+
+    if (!bGotCreds &&
+        (method == AFS_TOKEN_AUTO ||
+         method >= AFS_TOKEN_USER)) {
+            /* we couldn't get a token using Krb5, Krb524 or Krb4,
+               either because we couldn't get the necessary
+               credentials or because the method was set to not use
+               those.  Now we dispatch to any extensions to see if
+               they have better luck. */
 
         rc = !afs_ext_klog(method,
                            identity,
@@ -1303,7 +1312,7 @@ afs_klog(khm_handle identity,
                            RealmName,
                            &ak_cellconfig,
                            LifeTime);
-    } else {
+    } else if (!bGotCreds) {
         /* if the return code was not set, we should set it now.
            Otherwise we let the code go through. */
         if (!rc) {
@@ -1351,18 +1360,17 @@ afs_realm_of_cell(afs_conf_cell *cellconfig, BOOL referral_fallback)
         _strupr(krbrlm);
 #endif
     } else {
-       if ( pkrb5_init_context ) {
-           r = pkrb5_init_context(&ctx);
-           if ( !r )
-               r = pkrb5_get_host_realm(ctx, cellconfig->hostName[0], &realmlist);
-           if ( !r && realmlist && realmlist[0] ) {
-               StringCbCopyA(krbrlm, sizeof(krbrlm), realmlist[0]);
-               pkrb5_free_host_realm(ctx, realmlist);
-           }
-           if (ctx)
-               pkrb5_free_context(ctx);
-       }
+        r = krb5_init_context(&ctx);
+        if ( !r )
+            r = krb5_get_host_realm(ctx, cellconfig->hostName[0], &realmlist);
+        if ( !r && realmlist && realmlist[0] ) {
+            StringCbCopyA(krbrlm, sizeof(krbrlm), realmlist[0]);
+            krb5_free_host_realm(ctx, realmlist);
+        }
+        if (ctx)
+            krb5_free_context(ctx);
 
+#ifdef USE_KRB4
        if (r) {
            if (pkrb_get_krbhst && pkrb_realmofhost) {
                StringCbCopyA(krbrlm, sizeof(krbrlm),
@@ -1385,6 +1393,7 @@ afs_realm_of_cell(afs_conf_cell *cellconfig, BOOL referral_fallback)
 #endif
            }
        }
+#endif
     }
     return(krbrlm);
 }
index b1ccee6..6ab10e2 100644 (file)
 #include<kherror.h>
 #include<dynimport.h>
 
-HINSTANCE hKrb4 = 0;
-HINSTANCE hKrb5 = 0;
-HINSTANCE hKrb5_KFW_32 = 0;
-HINSTANCE hKrb524 = 0;
-HINSTANCE hSecur32 = 0;
-HINSTANCE hComErr = 0;
-HINSTANCE hService = 0;
-HINSTANCE hProfile = 0;
-HINSTANCE hPsapi = 0;
-HINSTANCE hToolHelp32 = 0;
-HINSTANCE hCCAPI = 0;
-
 DWORD     AfsAvailable = 0;
 
-// CCAPI
-DECL_FUNC_PTR(cc_initialize);
-DECL_FUNC_PTR(cc_shutdown);
-DECL_FUNC_PTR(cc_get_NC_info);
-DECL_FUNC_PTR(cc_free_NC_info);
-
-// krb4 functions
-DECL_FUNC_PTR(get_krb_err_txt_entry);
-DECL_FUNC_PTR(k_isinst);
-DECL_FUNC_PTR(k_isname);
-DECL_FUNC_PTR(k_isrealm);
-DECL_FUNC_PTR(kadm_change_your_password);
-DECL_FUNC_PTR(kname_parse);
-DECL_FUNC_PTR(krb_get_cred);
-DECL_FUNC_PTR(krb_get_krbhst);
-DECL_FUNC_PTR(krb_get_lrealm);
-DECL_FUNC_PTR(krb_get_pw_in_tkt);
-DECL_FUNC_PTR(krb_get_tf_realm);
-DECL_FUNC_PTR(krb_mk_req);
-DECL_FUNC_PTR(krb_realmofhost);
-DECL_FUNC_PTR(tf_init);
-DECL_FUNC_PTR(tf_close);
-DECL_FUNC_PTR(tf_get_cred);
-DECL_FUNC_PTR(tf_get_pname);
-DECL_FUNC_PTR(tf_get_pinst);
-DECL_FUNC_PTR(LocalHostAddr);
-DECL_FUNC_PTR(tkt_string);
-DECL_FUNC_PTR(krb_set_tkt_string);
-DECL_FUNC_PTR(initialize_krb_error_func);
-DECL_FUNC_PTR(initialize_kadm_error_table);
-DECL_FUNC_PTR(dest_tkt);
-DECL_FUNC_PTR(krb_in_tkt);
-DECL_FUNC_PTR(krb_save_credentials);
-DECL_FUNC_PTR(krb_get_krbconf2);
-DECL_FUNC_PTR(krb_get_krbrealm2);
-DECL_FUNC_PTR(krb_life_to_time);
-
-// krb5 functions
-DECL_FUNC_PTR(krb5_change_password);
-DECL_FUNC_PTR(krb5_get_init_creds_opt_init);
-DECL_FUNC_PTR(krb5_get_init_creds_opt_set_tkt_life);
-DECL_FUNC_PTR(krb5_get_init_creds_opt_set_renew_life);
-DECL_FUNC_PTR(krb5_get_init_creds_opt_set_forwardable);
-DECL_FUNC_PTR(krb5_get_init_creds_opt_set_proxiable);
-DECL_FUNC_PTR(krb5_get_init_creds_opt_set_address_list);
-DECL_FUNC_PTR(krb5_get_init_creds_password);
-DECL_FUNC_PTR(krb5_get_prompt_types);
-DECL_FUNC_PTR(krb5_build_principal_ext);
-DECL_FUNC_PTR(krb5_cc_get_name);
-DECL_FUNC_PTR(krb5_cc_get_type);
-DECL_FUNC_PTR(krb5_cc_resolve);
-DECL_FUNC_PTR(krb5_cc_default);
-DECL_FUNC_PTR(krb5_cc_default_name);
-DECL_FUNC_PTR(krb5_cc_set_default_name);
-DECL_FUNC_PTR(krb5_cc_initialize);
-DECL_FUNC_PTR(krb5_cc_destroy);
-DECL_FUNC_PTR(krb5_cc_close);
-DECL_FUNC_PTR(krb5_cc_store_cred);
-DECL_FUNC_PTR(krb5_cc_copy_creds);
-DECL_FUNC_PTR(krb5_cc_retrieve_cred);
-DECL_FUNC_PTR(krb5_cc_get_principal);
-DECL_FUNC_PTR(krb5_cc_start_seq_get);
-DECL_FUNC_PTR(krb5_cc_next_cred);
-DECL_FUNC_PTR(krb5_cc_end_seq_get);
-DECL_FUNC_PTR(krb5_cc_remove_cred);
-DECL_FUNC_PTR(krb5_cc_set_flags);
-// DECL_FUNC_PTR(krb5_cc_get_type);
-DECL_FUNC_PTR(krb5_free_context);
-DECL_FUNC_PTR(krb5_free_cred_contents);
-DECL_FUNC_PTR(krb5_free_principal);
-DECL_FUNC_PTR(krb5_get_in_tkt_with_password);
-DECL_FUNC_PTR(krb5_init_context);
-DECL_FUNC_PTR(krb5_parse_name);
-DECL_FUNC_PTR(krb5_timeofday);
-DECL_FUNC_PTR(krb5_timestamp_to_sfstring);
-DECL_FUNC_PTR(krb5_unparse_name);
-DECL_FUNC_PTR(krb5_get_credentials);
-DECL_FUNC_PTR(krb5_mk_req);
-DECL_FUNC_PTR(krb5_sname_to_principal);
-DECL_FUNC_PTR(krb5_get_credentials_renew);
-DECL_FUNC_PTR(krb5_free_data);
-DECL_FUNC_PTR(krb5_free_data_contents);
-// DECL_FUNC_PTR(krb5_get_realm_domain);
-DECL_FUNC_PTR(krb5_free_unparsed_name);
-DECL_FUNC_PTR(krb5_os_localaddr);
-DECL_FUNC_PTR(krb5_copy_keyblock_contents);
-DECL_FUNC_PTR(krb5_copy_data);
-DECL_FUNC_PTR(krb5_free_creds);
-DECL_FUNC_PTR(krb5_build_principal);
-DECL_FUNC_PTR(krb5_get_renewed_creds);
-DECL_FUNC_PTR(krb5_get_default_config_files);
-DECL_FUNC_PTR(krb5_free_config_files);
-DECL_FUNC_PTR(krb5_get_default_realm);
-DECL_FUNC_PTR(krb5_set_default_realm);
-DECL_FUNC_PTR(krb5_free_ticket);
-DECL_FUNC_PTR(krb5_decode_ticket);
-DECL_FUNC_PTR(krb5_get_host_realm);
-DECL_FUNC_PTR(krb5_free_host_realm);
-DECL_FUNC_PTR(krb5_c_random_make_octets);
-DECL_FUNC_PTR(krb5_free_addresses);
-DECL_FUNC_PTR(krb5_free_default_realm);
-
-// Krb5 (3.2) functions
-DECL_FUNC_PTR(krb5_get_error_message);
-DECL_FUNC_PTR(krb5_free_error_message);
-
-// Krb524 functions
-DECL_FUNC_PTR(krb524_init_ets);
-DECL_FUNC_PTR(krb524_convert_creds_kdc);
-
-// ComErr functions
-DECL_FUNC_PTR(com_err);
-DECL_FUNC_PTR(error_message);
-
-// Profile functions
-DECL_FUNC_PTR(profile_init);
-DECL_FUNC_PTR(profile_flush);
-DECL_FUNC_PTR(profile_release);
-DECL_FUNC_PTR(profile_get_subsection_names);
-DECL_FUNC_PTR(profile_free_list);
-DECL_FUNC_PTR(profile_get_string);
-DECL_FUNC_PTR(profile_get_values);
-DECL_FUNC_PTR(profile_get_relation_names);
-DECL_FUNC_PTR(profile_clear_relation);
-DECL_FUNC_PTR(profile_add_relation);
-DECL_FUNC_PTR(profile_update_relation);
-DECL_FUNC_PTR(profile_release_string);
-
-// Service functions
-DECL_FUNC_PTR(OpenSCManagerA);
-DECL_FUNC_PTR(OpenServiceA);
-DECL_FUNC_PTR(QueryServiceStatus);
-DECL_FUNC_PTR(CloseServiceHandle);
-DECL_FUNC_PTR(LsaNtStatusToWinError);
-
-// LSA Functions
-DECL_FUNC_PTR(LsaConnectUntrusted);
-DECL_FUNC_PTR(LsaLookupAuthenticationPackage);
-DECL_FUNC_PTR(LsaCallAuthenticationPackage);
-DECL_FUNC_PTR(LsaFreeReturnBuffer);
-DECL_FUNC_PTR(LsaGetLogonSessionData);
-
-// CCAPI
-FUNC_INFO ccapi_fi[] = {
-    MAKE_FUNC_INFO(cc_initialize),
-    MAKE_FUNC_INFO(cc_shutdown),
-    MAKE_FUNC_INFO(cc_get_NC_info),
-    MAKE_FUNC_INFO(cc_free_NC_info),
-    END_FUNC_INFO
-};
-
-FUNC_INFO k4_fi[] = {
-    MAKE_FUNC_INFO(get_krb_err_txt_entry),
-    MAKE_FUNC_INFO(k_isinst),
-    MAKE_FUNC_INFO(k_isname),
-    MAKE_FUNC_INFO(k_isrealm),
-    MAKE_FUNC_INFO(kadm_change_your_password),
-    MAKE_FUNC_INFO(kname_parse),
-    MAKE_FUNC_INFO(krb_get_cred),
-    MAKE_FUNC_INFO(krb_get_krbhst),
-    MAKE_FUNC_INFO(krb_get_lrealm),
-    MAKE_FUNC_INFO(krb_get_pw_in_tkt),
-    MAKE_FUNC_INFO(krb_get_tf_realm),
-    MAKE_FUNC_INFO(krb_mk_req),
-    MAKE_FUNC_INFO(krb_realmofhost),
-    MAKE_FUNC_INFO(tf_init),
-    MAKE_FUNC_INFO(tf_close),
-    MAKE_FUNC_INFO(tf_get_cred),
-    MAKE_FUNC_INFO(tf_get_pname),
-    MAKE_FUNC_INFO(tf_get_pinst),
-    MAKE_FUNC_INFO(LocalHostAddr),
-    MAKE_FUNC_INFO(tkt_string),
-    MAKE_FUNC_INFO(krb_set_tkt_string),
-    MAKE_FUNC_INFO(initialize_krb_error_func),
-    MAKE_FUNC_INFO(initialize_kadm_error_table),
-    MAKE_FUNC_INFO(dest_tkt),
-    /*        MAKE_FUNC_INFO(lsh_LoadKrb4LeashErrorTables), */// XXX
-    MAKE_FUNC_INFO(krb_in_tkt),
-    MAKE_FUNC_INFO(krb_save_credentials),
-    MAKE_FUNC_INFO(krb_get_krbconf2),
-    MAKE_FUNC_INFO(krb_get_krbrealm2),
-    MAKE_FUNC_INFO(krb_life_to_time),
-    END_FUNC_INFO
-};
-
-FUNC_INFO k5_fi[] = {
-    MAKE_FUNC_INFO(krb5_change_password),
-    MAKE_FUNC_INFO(krb5_get_init_creds_opt_init),
-    MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_tkt_life),
-    MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_renew_life),
-    MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_forwardable),
-    MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_proxiable),
-    MAKE_FUNC_INFO(krb5_get_init_creds_opt_set_address_list),
-    MAKE_FUNC_INFO(krb5_get_init_creds_password),
-    MAKE_FUNC_INFO(krb5_get_prompt_types),
-    MAKE_FUNC_INFO(krb5_build_principal_ext),
-    MAKE_FUNC_INFO(krb5_cc_get_name),
-    MAKE_FUNC_INFO(krb5_cc_get_type),
-    MAKE_FUNC_INFO(krb5_cc_resolve),
-    MAKE_FUNC_INFO(krb5_cc_default),
-    MAKE_FUNC_INFO(krb5_cc_default_name),
-    MAKE_FUNC_INFO(krb5_cc_set_default_name),
-    MAKE_FUNC_INFO(krb5_cc_initialize),
-    MAKE_FUNC_INFO(krb5_cc_destroy),
-    MAKE_FUNC_INFO(krb5_cc_close),
-    MAKE_FUNC_INFO(krb5_cc_copy_creds),
-    MAKE_FUNC_INFO(krb5_cc_store_cred),
-    MAKE_FUNC_INFO(krb5_cc_retrieve_cred),
-    MAKE_FUNC_INFO(krb5_cc_get_principal),
-    MAKE_FUNC_INFO(krb5_cc_start_seq_get),
-    MAKE_FUNC_INFO(krb5_cc_next_cred),
-    MAKE_FUNC_INFO(krb5_cc_end_seq_get),
-    MAKE_FUNC_INFO(krb5_cc_remove_cred),
-    MAKE_FUNC_INFO(krb5_cc_set_flags),
-    // MAKE_FUNC_INFO(krb5_cc_get_type),
-    MAKE_FUNC_INFO(krb5_free_context),
-    MAKE_FUNC_INFO(krb5_free_cred_contents),
-    MAKE_FUNC_INFO(krb5_free_principal),
-    MAKE_FUNC_INFO(krb5_get_in_tkt_with_password),
-    MAKE_FUNC_INFO(krb5_init_context),
-    MAKE_FUNC_INFO(krb5_parse_name),
-    MAKE_FUNC_INFO(krb5_timeofday),
-    MAKE_FUNC_INFO(krb5_timestamp_to_sfstring),
-    MAKE_FUNC_INFO(krb5_unparse_name),
-    MAKE_FUNC_INFO(krb5_get_credentials),
-    MAKE_FUNC_INFO(krb5_mk_req),
-    MAKE_FUNC_INFO(krb5_sname_to_principal),
-    MAKE_FUNC_INFO(krb5_get_credentials_renew),
-    MAKE_FUNC_INFO(krb5_free_data),
-    MAKE_FUNC_INFO(krb5_free_data_contents),
-    //  MAKE_FUNC_INFO(krb5_get_realm_domain),
-    MAKE_FUNC_INFO(krb5_free_unparsed_name),
-    MAKE_FUNC_INFO(krb5_os_localaddr),
-    MAKE_FUNC_INFO(krb5_copy_keyblock_contents),
-    MAKE_FUNC_INFO(krb5_copy_data),
-    MAKE_FUNC_INFO(krb5_free_creds),
-    MAKE_FUNC_INFO(krb5_build_principal),
-    MAKE_FUNC_INFO(krb5_get_renewed_creds),
-    MAKE_FUNC_INFO(krb5_free_addresses),
-    MAKE_FUNC_INFO(krb5_get_default_config_files),
-    MAKE_FUNC_INFO(krb5_free_config_files),
-    MAKE_FUNC_INFO(krb5_get_default_realm),
-    MAKE_FUNC_INFO(krb5_set_default_realm),
-    MAKE_FUNC_INFO(krb5_free_ticket),
-    MAKE_FUNC_INFO(krb5_decode_ticket),
-    MAKE_FUNC_INFO(krb5_get_host_realm),
-    MAKE_FUNC_INFO(krb5_free_host_realm),
-    MAKE_FUNC_INFO(krb5_c_random_make_octets),
-    MAKE_FUNC_INFO(krb5_free_default_realm),
-    END_FUNC_INFO
-};
-
-FUNC_INFO k5_kfw_32_fi[] = {
-    MAKE_FUNC_INFO(krb5_get_error_message),
-    MAKE_FUNC_INFO(krb5_free_error_message),
-    END_FUNC_INFO
-};
-
-FUNC_INFO k524_fi[] = {
-    MAKE_FUNC_INFO(krb524_init_ets),
-    MAKE_FUNC_INFO(krb524_convert_creds_kdc),
-    END_FUNC_INFO
-};
-
-FUNC_INFO profile_fi[] = {
-    MAKE_FUNC_INFO(profile_init),
-    MAKE_FUNC_INFO(profile_flush),
-    MAKE_FUNC_INFO(profile_release),
-    MAKE_FUNC_INFO(profile_get_subsection_names),
-    MAKE_FUNC_INFO(profile_free_list),
-    MAKE_FUNC_INFO(profile_get_string),
-    MAKE_FUNC_INFO(profile_get_values),
-    MAKE_FUNC_INFO(profile_get_relation_names),
-    MAKE_FUNC_INFO(profile_clear_relation),
-    MAKE_FUNC_INFO(profile_add_relation),
-    MAKE_FUNC_INFO(profile_update_relation),
-    MAKE_FUNC_INFO(profile_release_string),
-    END_FUNC_INFO
-};
-
-FUNC_INFO ce_fi[] = {
-    MAKE_FUNC_INFO(com_err),
-    MAKE_FUNC_INFO(error_message),
-    END_FUNC_INFO
-};
-
-FUNC_INFO service_fi[] = {
-    MAKE_FUNC_INFO(OpenSCManagerA),
-    MAKE_FUNC_INFO(OpenServiceA),
-    MAKE_FUNC_INFO(QueryServiceStatus),
-    MAKE_FUNC_INFO(CloseServiceHandle),
-    MAKE_FUNC_INFO(LsaNtStatusToWinError),
-    END_FUNC_INFO
-};
-
-FUNC_INFO lsa_fi[] = {
-    MAKE_FUNC_INFO(LsaConnectUntrusted),
-    MAKE_FUNC_INFO(LsaLookupAuthenticationPackage),
-    MAKE_FUNC_INFO(LsaCallAuthenticationPackage),
-    MAKE_FUNC_INFO(LsaFreeReturnBuffer),
-    MAKE_FUNC_INFO(LsaGetLogonSessionData),
-    END_FUNC_INFO
-};
-
-// psapi functions
-DECL_FUNC_PTR(GetModuleFileNameExA);
-DECL_FUNC_PTR(EnumProcessModules);
-
-FUNC_INFO psapi_fi[] = {
-    MAKE_FUNC_INFO(GetModuleFileNameExA),
-        MAKE_FUNC_INFO(EnumProcessModules),
-        END_FUNC_INFO
-};
-
-// toolhelp functions
-DECL_FUNC_PTR(CreateToolhelp32Snapshot);
-DECL_FUNC_PTR(Module32First);
-DECL_FUNC_PTR(Module32Next);
-
-FUNC_INFO toolhelp_fi[] = {
-    MAKE_FUNC_INFO(CreateToolhelp32Snapshot),
-        MAKE_FUNC_INFO(Module32First),
-        MAKE_FUNC_INFO(Module32Next),
-        END_FUNC_INFO
-};
-
 khm_int32 init_imports(void) {
     OSVERSIONINFO osvi;
-    int imp_rv = 1;
+    BOOL imp_rv = 1;
 
 #define CKRV if(!imp_rv) goto _err_ret
 
-#ifndef _WIN64
-    imp_rv = LoadFuncs(KRB4_DLL, k4_fi, &hKrb4, 0, 1, 0, 0);
-    CKRV;
-#endif
-
-    imp_rv = LoadFuncs(KRB5_DLL, k5_fi, &hKrb5, 0, 1, 0, 0);
-    CKRV;
-
-    imp_rv = LoadFuncs(COMERR_DLL, ce_fi, &hComErr, 0, 0, 1, 0);
+    imp_rv = DelayLoadLibrary(SERVICE_DLL);
     CKRV;
 
-    imp_rv = LoadFuncs(SERVICE_DLL, service_fi, &hService, 0, 1, 0, 0);
+    imp_rv = DelayLoadLibrary(SECUR32_DLL);
     CKRV;
 
-    imp_rv = LoadFuncs(SECUR32_DLL, lsa_fi, &hSecur32, 0, 1, 1, 1);
-    CKRV;
-#ifndef _WIN64
-    imp_rv = LoadFuncs(KRB524_DLL, k524_fi, &hKrb524, 0, 1, 1, 1);
-    CKRV;
-#endif
-    imp_rv = LoadFuncs(PROFILE_DLL, profile_fi, &hProfile, 0, 1, 0, 0);
-    CKRV;
-
-    imp_rv = LoadFuncs(CCAPI_DLL, ccapi_fi, &hCCAPI, 0, 1, 0, 0);
-    /* CCAPI_DLL is optional.  No error check. */
-
-    imp_rv = LoadFuncs(KRB5_DLL, k5_kfw_32_fi, &hKrb5_KFW_32, 0, 1, 0, 0);
-    /* KFW 3.2 krb5 functions are optional.  No error check. */
-
     memset(&osvi, 0, sizeof(OSVERSIONINFO));
     osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
     GetVersionEx(&osvi);
 
-    // XXX: We should really use feature testing, first
-    // checking for CreateToolhelp32Snapshot.  If that's
-    // not around, we try the psapi stuff.
-    //
-    // Only load LSA functions if on NT/2000/XP
-    if(osvi.dwPlatformId == VER_PLATFORM_WIN32_WINDOWS)
-    {
-        // Windows 9x
-        imp_rv = LoadFuncs(TOOLHELPDLL, toolhelp_fi, &hToolHelp32, 0, 1, 0, 0);
-        CKRV;
-
-        hPsapi = 0;
-    }
-    else if(osvi.dwPlatformId == VER_PLATFORM_WIN32_NT)
+    if(osvi.dwPlatformId == VER_PLATFORM_WIN32_NT)
     {
         // Windows NT
-        imp_rv = LoadFuncs(PSAPIDLL, psapi_fi, &hPsapi, 0, 1, 0, 0);
+        imp_rv = DelayLoadLibrary(PSAPIDLL);
         CKRV;
-
-        hToolHelp32 = 0;
     }
 
     AfsAvailable = TRUE; //afscompat_init();
@@ -441,40 +65,5 @@ khm_int32 init_imports(void) {
 khm_int32 exit_imports(void) {
     //afscompat_close();
 
-    if (hKrb4)
-        FreeLibrary(hKrb4);
-    if (hKrb5)
-        FreeLibrary(hKrb5);
-    if (hKrb5_KFW_32)
-        FreeLibrary(hKrb5_KFW_32);
-    if (hProfile)
-        FreeLibrary(hProfile);
-    if (hComErr)
-        FreeLibrary(hComErr);
-    if (hService)
-        FreeLibrary(hService);
-    if (hSecur32)
-        FreeLibrary(hSecur32);
-    if (hKrb524)
-        FreeLibrary(hKrb524);
-    if (hPsapi)
-        FreeLibrary(hPsapi);
-    if (hToolHelp32)
-        FreeLibrary(hToolHelp32);
-
     return KHM_ERROR_SUCCESS;
 }
-
-int (*Lcom_err)(LPSTR,long,LPSTR,...);
-LPSTR (*Lerror_message)(long);
-LPSTR (*Lerror_table_name)(long);
-
-#pragma warning (disable: 4213)
-void Leash_load_com_err_callback(FARPROC ce,
-                                 FARPROC em,
-                                 FARPROC etn)
-{
-    (FARPROC)Lcom_err=ce;
-    (FARPROC)Lerror_message=em;
-    (FARPROC)Lerror_table_name=etn;
-}
index fd4557f..14aa14a 100644 (file)
@@ -30,6 +30,8 @@
 /* Dynamic imports */
 #include<khdefs.h>
 #include<tlhelp32.h>
+#include<delayload_library.h>
+#include<krbcompat_delayload.h>
 
 #if defined(_WIN32_WINNT)
 #  if (_WIN32_WINNT < 0x0501)
 #define FAR
 #endif
 
-extern HINSTANCE hKrb4;
-extern HINSTANCE hKrb5;
-extern HINSTANCE hProfile;
-
 ///////////////////////////////////////////////////////////////////////////////
 
-#ifdef _WIN64
-#define CCAPI_DLL     "krbcc64.dll"
-#define KRBCC32_DLL   "krbcc64.dll"
-#else
-#define CCAPI_DLL     "krbcc32.dll"
-#define KRBCC32_DLL   "krbcc32.dll"
-#endif
 #define SERVICE_DLL   "advapi32.dll"
 #define SECUR32_DLL   "secur32.dll"
+#define PSAPIDLL      "psapi.dll"
 
 //////////////////////////////////////////////////////////////////////////////
 
-#include <loadfuncs-com_err.h>
-#include <loadfuncs-krb5.h>
-#include <loadfuncs-profile.h>
-#include <loadfuncs-krb.h>
-#include <loadfuncs-krb524.h>
-#include <loadfuncs-lsa.h>
-
-//// CCAPI
-/* In order to avoid including the private CCAPI headers */
-typedef int cc_int32;
-
-#define CC_API_VER_1 1
-#define CC_API_VER_2 2
-
-#define CCACHE_API cc_int32
-
-/*
-** The Official Error Codes
-*/
-#define CC_NOERROR           0
-#define CC_BADNAME           1
-#define CC_NOTFOUND          2
-#define CC_END               3
-#define CC_IO                4
-#define CC_WRITE             5
-#define CC_NOMEM             6
-#define CC_FORMAT            7
-#define CC_LOCKED            8
-#define CC_BAD_API_VERSION   9
-#define CC_NO_EXIST          10
-#define CC_NOT_SUPP          11
-#define CC_BAD_PARM          12
-#define CC_ERR_CACHE_ATTACH  13
-#define CC_ERR_CACHE_RELEASE 14
-#define CC_ERR_CACHE_FULL    15
-#define CC_ERR_CRED_VERSION  16
-
-enum {
-    CC_CRED_VUNKNOWN = 0,       // For validation
-    CC_CRED_V4 = 1,
-    CC_CRED_V5 = 2,
-    CC_CRED_VMAX = 3            // For validation
-};
-
-typedef struct opaque_dll_control_block_type* apiCB;
-typedef struct _infoNC {
-    char*     name;
-    char*     principal;
-    cc_int32  vers;
-} infoNC;
-
-TYPEDEF_FUNC(
-CCACHE_API,
-CALLCONV_C,
-cc_initialize,
-    (
-    apiCB** cc_ctx,           // <  DLL's primary control structure.
-                              //    returned here, passed everywhere else
-    cc_int32 api_version,     // >  ver supported by caller (use CC_API_VER_1)
-    cc_int32*  api_supported, // <  if ~NULL, max ver supported by DLL
-    const char** vendor       // <  if ~NULL, vendor name in read only C string
-    )
-);
-
-TYPEDEF_FUNC(
-CCACHE_API,
-CALLCONV_C,
-cc_shutdown,
-    (
-    apiCB** cc_ctx            // <> DLL's primary control structure. NULL after
-    )
-);
-
-TYPEDEF_FUNC(
-CCACHE_API,
-CALLCONV_C,
-cc_get_NC_info,
-    (
-    apiCB* cc_ctx,          // >  DLL's primary control structure
-    struct _infoNC*** ppNCi // <  (NULL before call) null terminated,
-                            //    list of a structs (free via cc_free_infoNC())
-    )
-);
-
-TYPEDEF_FUNC(
-CCACHE_API,
-CALLCONV_C,
-cc_free_NC_info,
-    (
-    apiCB* cc_ctx,
-    struct _infoNC*** ppNCi // <  free list of structs returned by
-                            //    cc_get_cache_names().  set to NULL on return
-    )
-);
-//// \CCAPI
-
 extern  DWORD AfsAvailable;
 
-// service definitions
-typedef SC_HANDLE (WINAPI *FP_OpenSCManagerA)(char *, char *, DWORD);
-typedef SC_HANDLE (WINAPI *FP_OpenServiceA)(SC_HANDLE, char *, DWORD);
-typedef BOOL (WINAPI *FP_QueryServiceStatus)(SC_HANDLE, LPSERVICE_STATUS);
-typedef BOOL (WINAPI *FP_CloseServiceHandle)(SC_HANDLE);
-
-//////////////////////////////////////////////////////////////////////////////
-
-// CCAPI
-extern DECL_FUNC_PTR(cc_initialize);
-extern DECL_FUNC_PTR(cc_shutdown);
-extern DECL_FUNC_PTR(cc_get_NC_info);
-extern DECL_FUNC_PTR(cc_free_NC_info);
-
-// krb4 functions
-extern DECL_FUNC_PTR(get_krb_err_txt_entry);
-extern DECL_FUNC_PTR(k_isinst);
-extern DECL_FUNC_PTR(k_isname);
-extern DECL_FUNC_PTR(k_isrealm);
-extern DECL_FUNC_PTR(kadm_change_your_password);
-extern DECL_FUNC_PTR(kname_parse);
-extern DECL_FUNC_PTR(krb_get_cred);
-extern DECL_FUNC_PTR(krb_get_krbhst);
-extern DECL_FUNC_PTR(krb_get_lrealm);
-extern DECL_FUNC_PTR(krb_get_pw_in_tkt);
-extern DECL_FUNC_PTR(krb_get_tf_realm);
-extern DECL_FUNC_PTR(krb_mk_req);
-extern DECL_FUNC_PTR(krb_realmofhost);
-extern DECL_FUNC_PTR(tf_init);
-extern DECL_FUNC_PTR(tf_close);
-extern DECL_FUNC_PTR(tf_get_cred);
-extern DECL_FUNC_PTR(tf_get_pname);
-extern DECL_FUNC_PTR(tf_get_pinst);
-extern DECL_FUNC_PTR(LocalHostAddr);
-extern DECL_FUNC_PTR(tkt_string);
-extern DECL_FUNC_PTR(krb_set_tkt_string);
-extern DECL_FUNC_PTR(initialize_krb_error_func);
-extern DECL_FUNC_PTR(initialize_kadm_error_table);
-extern DECL_FUNC_PTR(dest_tkt);
-extern DECL_FUNC_PTR(lsh_LoadKrb4LeashErrorTables); // XXX
-extern DECL_FUNC_PTR(krb_in_tkt);
-extern DECL_FUNC_PTR(krb_save_credentials);
-extern DECL_FUNC_PTR(krb_get_krbconf2);
-extern DECL_FUNC_PTR(krb_get_krbrealm2);
-extern DECL_FUNC_PTR(krb_life_to_time);
-
-// krb5 functions
-extern DECL_FUNC_PTR(krb5_change_password);
-extern DECL_FUNC_PTR(krb5_get_init_creds_opt_init);
-extern DECL_FUNC_PTR(krb5_get_init_creds_opt_set_tkt_life);
-extern DECL_FUNC_PTR(krb5_get_init_creds_opt_set_renew_life);
-extern DECL_FUNC_PTR(krb5_get_init_creds_opt_set_forwardable);
-extern DECL_FUNC_PTR(krb5_get_init_creds_opt_set_proxiable);
-extern DECL_FUNC_PTR(krb5_get_init_creds_opt_set_renew_life);
-extern DECL_FUNC_PTR(krb5_get_init_creds_opt_set_address_list);
-extern DECL_FUNC_PTR(krb5_get_init_creds_password);
-extern DECL_FUNC_PTR(krb5_get_prompt_types);
-extern DECL_FUNC_PTR(krb5_build_principal_ext);
-extern DECL_FUNC_PTR(krb5_cc_get_name);
-extern DECL_FUNC_PTR(krb5_cc_get_type);
-extern DECL_FUNC_PTR(krb5_cc_resolve);
-extern DECL_FUNC_PTR(krb5_cc_default);
-extern DECL_FUNC_PTR(krb5_cc_default_name);
-extern DECL_FUNC_PTR(krb5_cc_set_default_name);
-extern DECL_FUNC_PTR(krb5_cc_initialize);
-extern DECL_FUNC_PTR(krb5_cc_destroy);
-extern DECL_FUNC_PTR(krb5_cc_close);
-extern DECL_FUNC_PTR(krb5_cc_copy_creds);
-extern DECL_FUNC_PTR(krb5_cc_store_cred);
-extern DECL_FUNC_PTR(krb5_cc_retrieve_cred);
-extern DECL_FUNC_PTR(krb5_cc_get_principal);
-extern DECL_FUNC_PTR(krb5_cc_start_seq_get);
-extern DECL_FUNC_PTR(krb5_cc_next_cred);
-extern DECL_FUNC_PTR(krb5_cc_end_seq_get);
-extern DECL_FUNC_PTR(krb5_cc_remove_cred);
-extern DECL_FUNC_PTR(krb5_cc_set_flags);
-// extern DECL_FUNC_PTR(krb5_cc_get_type);
-extern DECL_FUNC_PTR(krb5_free_context);
-extern DECL_FUNC_PTR(krb5_free_cred_contents);
-extern DECL_FUNC_PTR(krb5_free_principal);
-extern DECL_FUNC_PTR(krb5_get_in_tkt_with_password);
-extern DECL_FUNC_PTR(krb5_init_context);
-extern DECL_FUNC_PTR(krb5_parse_name);
-extern DECL_FUNC_PTR(krb5_timeofday);
-extern DECL_FUNC_PTR(krb5_timestamp_to_sfstring);
-extern DECL_FUNC_PTR(krb5_unparse_name);
-extern DECL_FUNC_PTR(krb5_get_credentials);
-extern DECL_FUNC_PTR(krb5_mk_req);
-extern DECL_FUNC_PTR(krb5_sname_to_principal);
-extern DECL_FUNC_PTR(krb5_get_credentials_renew);
-extern DECL_FUNC_PTR(krb5_free_data);
-extern DECL_FUNC_PTR(krb5_free_data_contents);
-// extern DECL_FUNC_PTR(krb5_get_realm_domain);
-extern DECL_FUNC_PTR(krb5_free_unparsed_name);
-extern DECL_FUNC_PTR(krb5_os_localaddr);
-extern DECL_FUNC_PTR(krb5_copy_keyblock_contents);
-extern DECL_FUNC_PTR(krb5_copy_data);
-extern DECL_FUNC_PTR(krb5_free_creds);
-extern DECL_FUNC_PTR(krb5_build_principal);
-extern DECL_FUNC_PTR(krb5_get_renewed_creds);
-extern DECL_FUNC_PTR(krb5_free_addresses);
-extern DECL_FUNC_PTR(krb5_get_default_config_files);
-extern DECL_FUNC_PTR(krb5_free_config_files);
-extern DECL_FUNC_PTR(krb5_get_default_realm);
-extern DECL_FUNC_PTR(krb5_set_default_realm);
-extern DECL_FUNC_PTR(krb5_free_ticket);
-extern DECL_FUNC_PTR(krb5_decode_ticket);
-extern DECL_FUNC_PTR(krb5_get_host_realm);
-extern DECL_FUNC_PTR(krb5_free_host_realm);
-extern DECL_FUNC_PTR(krb5_c_random_make_octets);
-extern DECL_FUNC_PTR(krb5_free_default_realm);
-
-// Krb5 (3.2) functions
-extern DECL_FUNC_PTR(krb5_get_error_message);
-extern DECL_FUNC_PTR(krb5_free_error_message);
-
-// Krb524 functions
-extern DECL_FUNC_PTR(krb524_init_ets);
-extern DECL_FUNC_PTR(krb524_convert_creds_kdc);
-
-// ComErr functions
-extern DECL_FUNC_PTR(com_err);
-extern DECL_FUNC_PTR(error_message);
-
-// Profile functions
-extern DECL_FUNC_PTR(profile_init);
-extern DECL_FUNC_PTR(profile_flush);
-extern DECL_FUNC_PTR(profile_release);
-extern DECL_FUNC_PTR(profile_get_subsection_names);
-extern DECL_FUNC_PTR(profile_free_list);
-extern DECL_FUNC_PTR(profile_get_string);
-extern DECL_FUNC_PTR(profile_get_values);
-extern DECL_FUNC_PTR(profile_get_relation_names);
-extern DECL_FUNC_PTR(profile_clear_relation);
-extern DECL_FUNC_PTR(profile_add_relation);
-extern DECL_FUNC_PTR(profile_update_relation);
-extern DECL_FUNC_PTR(profile_release_string);
-
-// Service functions
-extern DECL_FUNC_PTR(OpenSCManagerA);
-extern DECL_FUNC_PTR(OpenServiceA);
-extern DECL_FUNC_PTR(QueryServiceStatus);
-extern DECL_FUNC_PTR(CloseServiceHandle);
-extern DECL_FUNC_PTR(LsaNtStatusToWinError);
-
-// LSA Functions
-extern DECL_FUNC_PTR(LsaConnectUntrusted);
-extern DECL_FUNC_PTR(LsaLookupAuthenticationPackage);
-extern DECL_FUNC_PTR(LsaCallAuthenticationPackage);
-extern DECL_FUNC_PTR(LsaFreeReturnBuffer);
-extern DECL_FUNC_PTR(LsaGetLogonSessionData);
-
-// toolhelp functions
-TYPEDEF_FUNC(
-    HANDLE,
-    WINAPI,
-    CreateToolhelp32Snapshot,
-    (DWORD, DWORD)
-    );
-TYPEDEF_FUNC(
-    BOOL,
-    WINAPI,
-    Module32First,
-    (HANDLE, LPMODULEENTRY32)
-    );
-TYPEDEF_FUNC(
-    BOOL,
-    WINAPI,
-    Module32Next,
-    (HANDLE, LPMODULEENTRY32)
-    );
-
-// psapi functions
-TYPEDEF_FUNC(
-    DWORD,
-    WINAPI,
-    GetModuleFileNameExA,
-    (HANDLE, HMODULE, LPSTR, DWORD)
-    );
-
-TYPEDEF_FUNC(
-    BOOL,
-    WINAPI,
-    EnumProcessModules,
-    (HANDLE, HMODULE*, DWORD, LPDWORD)
-    );
-
-#define pGetModuleFileNameEx pGetModuleFileNameExA
-#define TOOLHELPDLL "kernel32.dll"
-#define PSAPIDLL "psapi.dll"
-
-// psapi functions
-extern DECL_FUNC_PTR(GetModuleFileNameExA);
-extern DECL_FUNC_PTR(EnumProcessModules);
-
-// toolhelp functions
-extern DECL_FUNC_PTR(CreateToolhelp32Snapshot);
-extern DECL_FUNC_PTR(Module32First);
-extern DECL_FUNC_PTR(Module32Next);
-
 khm_int32 init_imports(void);
 khm_int32 exit_imports(void);
 
index 36c6265..90dd94f 100644 (file)
@@ -26,9 +26,9 @@
 
 #include <afsconfig.h>
 #include <afs/param.h>
-
 #include <roken.h>
 
+#include<ws2tcpip.h>
 #include<windows.h>
 #include<netidmgr.h>
 #include<dynimport.h>
@@ -43,8 +43,8 @@
 /**************************************/
 int
 khm_krb5_error(krb5_error_code rc, LPCSTR FailedFunctionName,
-                 int FreeContextFlag, krb5_context * ctx,
-                 krb5_ccache * cache)
+               int FreeContextFlag, krb5_context * ctx,
+               krb5_ccache * cache)
 {
 #ifdef NO_KRB5
     return 0;
@@ -55,8 +55,8 @@ khm_krb5_error(krb5_error_code rc, LPCSTR FailedFunctionName,
     const char *errText;
     int krb5Error = ((int)(rc & 255));
 
-    if (pkrb5_get_error_message)
-        errText = pkrb5_get_error_message(rc);
+    if (krb5_get_error_message)
+        errText = krb5_get_error_message(rc);
     else
         errText = perror_message(rc);
     _snprintf(message, sizeof(message),
@@ -64,8 +64,8 @@ khm_krb5_error(krb5_error_code rc, LPCSTR FailedFunctionName,
         errText,
         krb5Error,
         FailedFunctionName);
-    if (pkrb5_free_error_message)
-        pkrb5_free_error_message(errText);
+    if (krb5_free_error_message)
+        krb5_free_error_message(errText);
 
     MessageBoxA(NULL, message, "Kerberos Five", MB_OK | MB_ICONERROR |
         MB_TASKMODAL |
@@ -77,11 +77,11 @@ khm_krb5_error(krb5_error_code rc, LPCSTR FailedFunctionName,
         if (*ctx != NULL)
         {
             if (*cache != NULL) {
-                pkrb5_cc_close(*ctx, *cache);
+                krb5_cc_close(*ctx, *cache);
                 *cache = NULL;
             }
 
-            pkrb5_free_context(*ctx);
+            krb5_free_context(*ctx);
             *ctx = NULL;
         }
     }
@@ -105,10 +105,10 @@ khm_krb5_initialize(khm_handle ident,
     krb5_error_code    rc = 0;
     krb5_flags          flags = KRB5_TC_OPENCLOSE;
 
-    if (pkrb5_init_context == NULL)
+    if (krb5_init_context == NULL)
         return 1;
 
-    if (*ctx == 0 && (rc = (*pkrb5_init_context)(ctx))) {
+    if (*ctx == 0 && (rc = krb5_init_context(ctx))) {
         functionName = "krb5_init_context()";
         freeContextFlag = 0;
         goto on_error;
@@ -142,7 +142,7 @@ khm_krb5_initialize(khm_handle ident,
                 if(UnicodeStrToAnsi(ccname, sizeof(ccname), wccname) == 0)
                     break;
 
-                if((*pkrb5_cc_resolve)(*ctx, ccname, cache)) {
+                if((rc = krb5_cc_resolve(*ctx, ccname, cache)) != 0) {
                     functionName = "krb5_cc_resolve()";
                     freeContextFlag = 1;
                     goto on_error;
@@ -155,7 +155,7 @@ khm_krb5_initialize(khm_handle ident,
 #endif
         if (*cache == 0
 #ifdef FAILOVER_TO_DEFAULT_CCACHE
-            && (rc = (*pkrb5_cc_default)(*ctx, cache))
+            && (rc = krb5_cc_default(*ctx, cache))
 #endif
             ) {
             functionName = "krb5_cc_default()";
@@ -168,14 +168,13 @@ khm_krb5_initialize(khm_handle ident,
     flags = KRB5_TC_NOTICKET;
 #endif
 
-    if ((rc = (*pkrb5_cc_set_flags)(*ctx, *cache, flags)))
+    if ((rc = krb5_cc_set_flags(*ctx, *cache, flags)))
     {
         if (rc != KRB5_FCC_NOFILE && rc != KRB5_CC_NOTFOUND)
-            khm_krb5_error(rc, "krb5_cc_set_flags()", 0, ctx,
-            cache);
+            khm_krb5_error(rc, "krb5_cc_set_flags()", 0, ctx, cache);
         else if ((rc == KRB5_FCC_NOFILE || rc == KRB5_CC_NOTFOUND) && *ctx != NULL) {
             if (*cache != NULL)
-                (*pkrb5_cc_close)(*ctx, *cache);
+                krb5_cc_close(*ctx, *cache);
         }
         return rc;
     }
@@ -210,7 +209,7 @@ khm_get_identity_expiration_time(krb5_context ctx, krb5_ccache cc,
     if (!ctx || !cc || !ident || !pexpiration)
         return KHM_ERROR_GENERAL;
 
-    code = pkrb5_cc_get_principal(ctx, cc, &principal);
+    code = krb5_cc_get_principal(ctx, cc, &principal);
 
     if ( code )
         return KHM_ERROR_INVALID_PARAM;
@@ -219,47 +218,46 @@ khm_get_identity_expiration_time(krb5_context ctx, krb5_ccache cc,
     kcdb_identity_get_name(ident, w_ident_name, &cb);
     UnicodeStrToAnsi(ident_name, sizeof(ident_name), w_ident_name);
 
-    code = pkrb5_unparse_name(ctx, principal, &princ_name);
+    code = krb5_unparse_name(ctx, principal, &princ_name);
 
     /* compare principal to ident. */
 
     if ( code || !princ_name ||
          strcmp(princ_name, ident_name) ) {
         if (princ_name)
-            pkrb5_free_unparsed_name(ctx, princ_name);
-        pkrb5_free_principal(ctx, principal);
+            krb5_free_unparsed_name(ctx, princ_name);
+        krb5_free_principal(ctx, principal);
         return KHM_ERROR_UNKNOWN;
     }
 
-    pkrb5_free_unparsed_name(ctx, princ_name);
-    pkrb5_free_principal(ctx, principal);
+    krb5_free_unparsed_name(ctx, princ_name);
+    krb5_free_principal(ctx, principal);
 
-    code = pkrb5_timeofday(ctx, &now);
+    code = krb5_timeofday(ctx, &now);
 
     if (code)
         return KHM_ERROR_UNKNOWN;
 
-    cc_code = pkrb5_cc_start_seq_get(ctx, cc, &cur);
+    cc_code = krb5_cc_start_seq_get(ctx, cc, &cur);
 
-    while (!(cc_code = pkrb5_cc_next_cred(ctx, cc, &cur, &creds))) {
-        krb5_data * c0 = krb5_princ_name(ctx, creds.server);
-        krb5_data * c1  = krb5_princ_component(ctx, creds.server, 1);
-        krb5_data * r = krb5_princ_realm(ctx, creds.server);
+    while (!(cc_code = krb5_cc_next_cred(ctx, cc, &cur, &creds))) {
+        const char * c0 = krb5_principal_get_comp_string(ctx, creds.server, 0);
+        const char * c1 = krb5_principal_get_comp_string(ctx, creds.server, 1);
+        const char * r =  krb5_principal_get_realm(ctx, creds.server);
 
-        if ( c0 && c1 && r && c1->length == r->length &&
-             !strncmp(c1->data,r->data,r->length) &&
-             !strncmp("krbtgt",c0->data,c0->length) ) {
+        if ( c0 && c1 && r && !strcmp(c1, r) &&
+             !strcmp("krbtgt",c0) ) {
 
             /* we have a TGT, check for the expiration time.
              * if it is valid and renewable, use the renew time
              */
 
-            if (!(creds.ticket_flags & TKT_FLG_INVALID) &&
+            if (!creds.flags.b.invalid &&
                 creds.times.starttime < (now + TIMET_TOLERANCE) &&
                 (creds.times.endtime + TIMET_TOLERANCE) > now) {
                 expiration = creds.times.endtime;
 
-                if ((creds.ticket_flags & TKT_FLG_RENEWABLE) &&
+                if (creds.flags.b.renewable &&
                     (creds.times.renew_till > creds.times.endtime)) {
                     expiration = creds.times.renew_till;
                 }
@@ -268,7 +266,7 @@ khm_get_identity_expiration_time(krb5_context ctx, krb5_ccache cc,
     }
 
     if (cc_code == KRB5_CC_END) {
-        cc_code = pkrb5_cc_end_seq_get(ctx, cc, &cur);
+        cc_code = krb5_cc_end_seq_get(ctx, cc, &cur);
         rv = KHM_ERROR_SUCCESS;
         *pexpiration = expiration;
     }
@@ -280,12 +278,9 @@ khm_int32 KHMAPI
 khm_krb5_find_ccache_for_identity(khm_handle ident, krb5_context *pctx,
                                   void * buffer, khm_size * pcbbuf)
 {
-    krb5_context        ctx = 0;
+    krb5_context        context = 0;
     krb5_ccache         cache = 0;
     krb5_error_code     code;
-    apiCB *             cc_ctx = 0;
-    struct _infoNC **   pNCi = NULL;
-    int                 i;
     khm_int32           t;
     wchar_t *           ms = NULL;
     khm_size            cb;
@@ -296,65 +291,49 @@ khm_krb5_find_ccache_for_identity(khm_handle ident, krb5_context *pctx,
     khm_handle          csp_plugins = NULL;
 
     if (!buffer || !pcbbuf)
-    return KHM_ERROR_GENERAL;
-
-    ctx = *pctx;
-
-    if (!pcc_initialize ||
-        !pcc_get_NC_info ||
-        !pcc_free_NC_info ||
-        !pcc_shutdown)
-        goto _skip_cc_iter;
-
-    code = pcc_initialize(&cc_ctx, CC_API_VER_2, NULL, NULL);
-    if (code)
-        goto _exit;
-
-    code = pcc_get_NC_info(cc_ctx, &pNCi);
+        return KHM_ERROR_GENERAL;
 
-    if (code)
-        goto _exit;
+    context = *pctx;
 
-    for(i=0; pNCi[i]; i++) {
-        if (pNCi[i]->vers != CC_CRED_V5)
-            continue;
+    do {
+        krb5_cccol_cursor cciter = 0;
 
-        code = (*pkrb5_cc_resolve)(ctx, pNCi[i]->name, &cache);
+        code = krb5_cccol_cursor_new(context, &cciter);
         if (code)
-            continue;
-
-        /* need a function to check the cache for the identity
-         * and determine if it has valid tickets.  If it has
-         * the right identity and valid tickets, store the
-         * expiration time and the cache name.  If it has the
-         * right identity but no valid tickets, store the ccache
-         * name and an expiration time of zero.  if it does not
-         * have the right identity don't save the name.
-         *
-         * Keep searching to find the best cache available.
-         */
-
-        if (KHM_SUCCEEDED(khm_get_identity_expiration_time(ctx, cache,
-                                                           ident,
-                                                           &expiration))) {
-            if ( expiration > best_match_expiration ) {
-                best_match_expiration = expiration;
-                StringCbCopyA(best_match_ccname,
-                              sizeof(best_match_ccname),
-                              "API:");
-                StringCbCatA(best_match_ccname,
-                             sizeof(best_match_ccname),
-                             pNCi[i]->name);
-                expiration = 0;
+            break;
+
+        while (krb5_cccol_cursor_next(context, cciter, &cache) == 0) {
+
+            /* need a function to check the cache for the identity and
+             * determine if it has valid tickets.  If it has the right
+             * identity and valid tickets, store the expiration time
+             * and the cache name.  If it has the right identity but
+             * no valid tickets, store the ccache name and an
+             * expiration time of zero.  if it does not have the right
+             * identity don't save the name.
+             *
+             * Keep searching to find the best cache available.
+             */
+
+            if (KHM_SUCCEEDED(khm_get_identity_expiration_time(context, cache,
+                                                               ident,
+                                                               &expiration))) {
+                if ( expiration > best_match_expiration ) {
+                    best_match_expiration = expiration;
+                    StringCbPrintfA(best_match_ccname, sizeof(best_match_ccname),
+                                    "%s:%s",
+                                    krb5_cc_get_type(context, cache),
+                                    krb5_cc_get_name(context, cache));
+                    expiration = 0;
+                }
             }
-        }
 
-        if(ctx != NULL && cache != NULL)
-            (*pkrb5_cc_close)(ctx, cache);
-        cache = 0;
-    }
+            krb5_cc_close(context, cache);
+            cache = 0;
+        }
 
- _skip_cc_iter:
+        krb5_cccol_cursor_free(context, &cciter);
+    } while (FALSE);
 
     if (KHM_SUCCEEDED(kmm_get_plugins_config(0, &csp_plugins))) {
         khc_open_space(csp_plugins, L"Krb5Cred\\Parameters",  0, &csp_params);
@@ -370,9 +349,9 @@ khm_krb5_find_ccache_for_identity(khm_handle ident, krb5_context *pctx,
 
     if (csp_params &&
         KHM_SUCCEEDED(khc_read_int32(csp_params, L"MsLsaList", &t)) && t) {
-        code = (*pkrb5_cc_resolve)(ctx, "MSLSA:", &cache);
+        code = krb5_cc_resolve(context, "MSLSA:", &cache);
         if (code == 0 && cache) {
-            if (KHM_SUCCEEDED(khm_get_identity_expiration_time(ctx, cache,
+            if (KHM_SUCCEEDED(khm_get_identity_expiration_time(context, cache,
                                                                ident,
                                                                &expiration))) {
                 if ( expiration > best_match_expiration ) {
@@ -384,8 +363,8 @@ khm_krb5_find_ccache_for_identity(khm_handle ident, krb5_context *pctx,
             }
         }
 
-        if (ctx != NULL && cache != NULL)
-            (*pkrb5_cc_close)(ctx, cache);
+        if (context != NULL && cache != NULL)
+            krb5_cc_close(context, cache);
 
         cache = 0;
     }
@@ -409,11 +388,11 @@ khm_krb5_find_ccache_for_identity(khm_handle ident, krb5_context *pctx,
             StringCchPrintfA(ccname, ARRAYLENGTH(ccname),
                              "FILE:%S", t);
 
-            code = (*pkrb5_cc_resolve)(ctx, ccname, &cache);
+            code = krb5_cc_resolve(context, ccname, &cache);
             if (code)
                 continue;
 
-            if (KHM_SUCCEEDED(khm_get_identity_expiration_time(ctx, cache,
+            if (KHM_SUCCEEDED(khm_get_identity_expiration_time(context, cache,
                                                                ident,
                                                                &expiration))) {
                 if ( expiration > best_match_expiration ) {
@@ -425,23 +404,17 @@ khm_krb5_find_ccache_for_identity(khm_handle ident, krb5_context *pctx,
                 }
             }
 
-            if (ctx != NULL && cache != NULL)
-                (*pkrb5_cc_close)(ctx, cache);
+            if (context != NULL && cache != NULL)
+                krb5_cc_close(context, cache);
             cache = 0;
         }
 
         PFREE(ms);
     }
- _exit:
+
     if (csp_params)
         khc_close_space(csp_params);
 
-    if (pNCi)
-        (*pcc_free_NC_info)(cc_ctx, &pNCi);
-
-    if (cc_ctx)
-        (*pcc_shutdown)(&cc_ctx);
-
     if (best_match_ccname[0]) {
 
         if (*pcbbuf = AnsiStrToUnicode((wchar_t *)buffer,
index b01e0d5..eeee811 100644 (file)
@@ -51,6 +51,10 @@ khm_int32 KHMAPI
 khm_get_identity_expiration_time(krb5_context ctx, krb5_ccache cc,
                                  khm_handle ident,
                                  krb5_timestamp * pexpiration);
+
+#ifndef MAX_HSTNM
+#define MAX_HSTNM 100
+#endif
 #endif /* NO_KRB5 */
 
 #endif
index b46aa15..db6d89a 100644 (file)
@@ -35,6 +35,7 @@
 #ifdef DEBUG
 #include<assert.h>
 #endif
+#include <krbcompat_delayload.h>
 
 #pragma warning (pop)
 
@@ -73,6 +74,8 @@ KHMEXP khm_int32 KHMAPI init_module(kmm_module h_module) {
         goto _exit;
     }
 
+    DelayLoadHeimdal();
+
     ZeroMemory(&pi,sizeof(pi));
 
     pi.msg_proc = afs_plugin_cb;
index 340d17b..cb88d03 100644 (file)
@@ -42,8 +42,8 @@ KTC_EXELIBS =\
        $(DESTDIR)\lib\afs\afsreg.lib \
        $(DESTDIR)\lib\afs\afspioctl.lib
 
-$(KTC_EXEFILE): $(KTC_EXEOBJS)  $(KTC_EXELIBS)
-       $(EXECONLINK) dnsapi.lib shell32.lib mpr.lib
+$(KTC_EXEFILE): $(KTC_EXEOBJS)  $(KTC_EXELIBS) $(HEIMDEPS)
+       $(EXECONLINK) dnsapi.lib shell32.lib mpr.lib $(HEIMLINKOPTS)
         $(_VC_MANIFEST_EMBED_EXE)
        $(EXEPREP) 
         $(CODESIGN_USERLAND)
@@ -54,4 +54,3 @@ test tests: $(CELL_EXEFILE) $(KTC_EXEFILE)
 clean::
 
 mkdir: 
-       
index c6376cc..a2ed440 100644 (file)
@@ -111,7 +111,6 @@ BOS_EXELIBS =\
        $(DESTDIR)\lib\afshcrypto.lib \
        $(DESTDIR)\lib\afsroken.lib
 
-
 $(RS_BOS_EXEFILE): $(BOS_EXEOBJS) $(BOS_EXELIBS)
        $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib
         $(_VC_MANIFEST_EMBED_EXE)
@@ -165,4 +164,3 @@ clean::
        $(DEL) bnode.h boserr.c bosint.cs.c bosint.h bosint.ss.c bosint.xdr.c
 
 mkdir:
-       
index a396dcb..5d94741 100644 (file)
@@ -19,7 +19,7 @@ INCFILES =\
        $(INCFILEDIR)\budb_errs.h \
        $(INCFILEDIR)\budb_client.h \
        $(INCFILEDIR)\budb_prototypes.h
-       
+
 
 
 ############################################################################
@@ -138,4 +138,4 @@ clean::
        $(DEL) budb.cs.c budb.ss.c budb.xdr.c
 
 mkdir:
-       
+
index cb9d7a7..e0e0ffb 100644 (file)
@@ -89,4 +89,4 @@ $(OUT)\butc_test.exe: $(OUT)\test.obj
         $(SYMSTORE_IMPORT)
 
 mkdir:
-       
+
index 08a0445..20fd000 100644 (file)
@@ -249,10 +249,10 @@ afscdefs =\
        -DSTRICT \
        -D_WIN32_IE=0x0502 \
        -D_WIN32_WINNT=0x0502 \
-       -DWINVER=0x0502 \
+       -DWINVER=0x0502 \
        -DNTDDI_VERSION=0x05020000 \
-       -DREGISTER_POWER_NOTIFICATIONS \
-       -DAFS_FREELANCE_CLIENT \
+       -DREGISTER_POWER_NOTIFICATIONS \
+       -DAFS_FREELANCE_CLIENT \
         -DAFS_64BITPOINTER_ENV \
         -DAFS_64BITUSERPOINTER_ENV \
        -DAFS_64BIT_CLIENT \
@@ -567,3 +567,21 @@ MAKECYGLIB=\
 !ELSE
 MAKECYGLIB=echo Skipping Cygwin archive
 !ENDIF
+
+######### Heimdal compatibility support
+
+!IFNDEF HEIMDALSDKDIR
+!IFDEF KERBEROSCOMPATSDKROOT
+HEIMDALSDKDIR=$(KERBEROSCOMPATSDKROOT)\1.0
+!ELSE
+!ERROR HEIMDALSDKDIR or KERBEROSCOMPATSDKROOT needs to be defined
+!ENDIF
+!ENDIF
+
+HEIMINC=$(HEIMDALSDKDIR)\inc
+HEIMLIB=$(HEIMDALSDKDIR)\lib\$(CPU)
+
+afscdefs=$(afscdefs) -I$(HEIMINC) -I$(HEIMINC)\krb5
+
+HEIMDEPS=$(HEIMLIB)\heimdal.lib $(DESTDIR)\lib\krbcompat_delayload.obj
+HEIMLINKOPTS=/DELAYLOAD:heimdal.dll
index 768acb3..c7436a4 100644 (file)
@@ -255,8 +255,8 @@ afscdefs =\
        -D_WIN32_WINNT=0x0500 \
        -DWINVER=0x0500 \
        -DNTDDI_VERSION=0x05000000 \
-       -DREGISTER_POWER_NOTIFICATIONS \
-       -DAFS_FREELANCE_CLIENT \
+       -DREGISTER_POWER_NOTIFICATIONS \
+       -DAFS_FREELANCE_CLIENT \
        -DAFS_64BIT_CLIENT \
         $(AFSDEV_AUXCDEFINES)
 
@@ -347,7 +347,7 @@ CPP2OBJ = $(C2OBJ)
 
 .c{$(OUT)\}.obj:
        $(C2OBJ) $<
-   
+
 .c.obj:
    $(C2OBJ) $<
 
@@ -519,3 +519,22 @@ MAKECYGLIB=\
 !ELSE
 MAKECYGLIB=echo Skipping Cygwin archive
 !ENDIF
+
+
+######### Heimdal compatibility support
+
+!IFNDEF HEIMDALSDKDIR
+!IFDEF KERBEROSCOMPATSDKROOT
+HEIMDALSDKDIR=$(KERBEROSCOMPATSDKROOT)\1.0
+!ELSE
+!ERROR HEIMDALSDKDIR or KERBEROSCOMPATSDKROOT needs to be defined
+!ENDIF
+!ENDIF
+
+HEIMINC=$(HEIMDALSDKDIR)\inc
+HEIMLIB=$(HEIMDALSDKDIR)\lib\$(CPU)
+
+afscdefs=$(afscdefs) -I$(HEIMINC) -I$(HEIMINC)\krb5
+
+HEIMDEPS=$(HEIMLIB)\heimdal.lib $(DESTDIR)\lib\krbcompat_delayload.obj
+HEIMLINKOPTS=/DELAYLOAD:heimdal.dll
index ee5b5fa..1b3c3fe 100644 (file)
@@ -569,3 +569,21 @@ MAKECYGLIB=\
 !ELSE
 MAKECYGLIB=echo Skipping Cygwin archive
 !ENDIF
+
+######### Heimdal compatibility support
+
+!IFNDEF HEIMDALSDKDIR
+!IFDEF KERBEROSCOMPATSDKROOT
+HEIMDALSDKDIR=$(KERBEROSCOMPATSDKROOT)\1.0
+!ELSE
+!ERROR HEIMDALSDKDIR or KERBEROSCOMPATSDKROOT needs to be defined
+!ENDIF
+!ENDIF
+
+HEIMINC=$(HEIMDALSDKDIR)\inc
+HEIMLIB=$(HEIMDALSDKDIR)\lib\$(CPU)
+
+afscdefs=$(afscdefs) -I$(HEIMINC) -I$(HEIMINC)\krb5
+
+HEIMDEPS=$(HEIMLIB)\heimdal.lib $(DESTDIR)\lib\krbcompat_delayload.obj
+HEIMLINKOPTS=/DELAYLOAD:heimdal.dll
index a1efbd9..6efcb3d 100644 (file)
@@ -96,7 +96,7 @@ AFSLIBS =  \
        $(DESTDIR)\lib\opr.lib \
        $(DESTDIR)\lib\afshcrypto.lib \
        $(DESTDIR)\lib\afsroken.lib
-       
+
 TOKENLIB = $(DESTDIR)\lib\afs\afspioctl.lib
 
 ############################################################################
@@ -148,7 +148,7 @@ KAS_OBJS =\
        $(OUT)\admin_tools.obj \
        $(OUT)\kkids.obj \
        $(OUT)\kas.res
-       
+
 $(KAS): $(KAS_OBJS) $(AFSLIBS) $(KAUTH_LIBFILE) $(TOKENLIB)
        $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib
         $(_VC_MANIFEST_EMBED_EXE)
@@ -253,4 +253,3 @@ clean::
        $(DEL) kaerrors.c
 
 mkdir:
-       
index 610893f..92b7c95 100644 (file)
@@ -31,7 +31,7 @@ INCFILES= $(INCFILEDIR)\afs_AdminCommonErrors.h \
        $(INCFILEDIR)\afs_AdminMiscErrors.h \
        $(INCFILEDIR)\afs_AdminPtsErrors.h \
        $(INCFILEDIR)\afs_AdminUtilErrors.h \
-       $(INCFILEDIR)\afs_AdminVosErrors.h
+       $(INCFILEDIR)\afs_AdminVosErrors.h
 
 $(INCFILES):$$(@F)
         $(COPY)  $** $(INCFILEDIR)\.
@@ -43,31 +43,31 @@ afs_AdminBosErrors.h afs_AdminBosErrors.c : afs_AdminBosErrors.et
 afs_AdminCfgErrors.h afs_AdminCfgErrors.c : afs_AdminCfgErrors.et
         $(DEL) afs_AdminCfgErrors.h afs_AdminCfgErrors.c
         $(COMPILE_ET) afs_AdminCfgErrors -h afs_AdminCfgErrors
+
 afs_AdminClientErrors.h afs_AdminClientErrors.c : afs_AdminClientErrors.et
         $(DEL) afs_AdminClientErrors.h afs_AdminClientErrors.c
         $(COMPILE_ET) afs_AdminClientErrors -h afs_AdminClientErrors
+
 afs_AdminCommonErrors.h afs_AdminCommonErrors.c: afs_AdminCommonErrors.et
         $(DEL) afs_AdminCommonErrors.h afs_AdminCommonErrors.c
         $(COMPILE_ET) afs_AdminCommonErrors -h afs_AdminCommonErrors
+
 afs_AdminKasErrors.h afs_AdminKasErrors.c : afs_AdminKasErrors.et
         $(DEL) afs_AdminKasErrors.h afs_AdminKasErrors.c
         $(COMPILE_ET) afs_AdminKasErrors -h afs_AdminKasErrors
+
 afs_AdminMiscErrors.h afs_AdminMiscErrors.c : afs_AdminMiscErrors.et
         $(DEL) afs_AdminMiscErrors.h afs_AdminMiscErrors.c
         $(COMPILE_ET) afs_AdminMiscErrors -h afs_AdminMiscErrors
+
 afs_AdminPtsErrors.h afs_AdminPtsErrors.c : afs_AdminPtsErrors.et
         $(DEL) afs_AdminPtsErrors.h afs_AdminPtsErrors.c
         $(COMPILE_ET) afs_AdminPtsErrors -h afs_AdminPtsErrors
+
 afs_AdminUtilErrors.h afs_AdminUtilErrors.c : afs_AdminUtilErrors.et
         $(DEL) afs_AdminUtilErrors.h afs_AdminUtilErrors.c
         $(COMPILE_ET) afs_AdminUtilErrors -h afs_AdminUtilErrors
+
 afs_AdminVosErrors.h afs_AdminVosErrors.c : afs_AdminVosErrors.et
         $(DEL) afs_AdminVosErrors.h afs_AdminVosErrors.c
         $(COMPILE_ET) afs_AdminVosErrors -h afs_AdminVosErrors
@@ -92,7 +92,7 @@ BOZOOBJS=\
 
 KAUTHOBJS=\
        $(OUT)\kaerrors.obj 
-       
+
 CMDOBJS=\
        $(OUT)\cmd_errors.obj 
 
@@ -144,23 +144,10 @@ DLLLIBS =\
        $(DESTDIR)\lib\opr.lib \
         $(DESTDIR)\lib\afsroken.lib
 
-!IF "$(CPU)" == "IA64" || "$(CPU)" == "AMD64" || "$(CPU)" == "ALPHA64"
-KFWLIBS = \
-    $(AFSROOT)\src\WINNT\kfw\lib\$(CPU)\krb5_64.lib \
-    $(AFSROOT)\src\WINNT\kfw\lib\$(CPU)\comerr64.lib \
-    dnsapi.lib mpr.lib delayimp.lib shell32.lib
-LINKOPTS = /DELAYLOAD:krb5_64.dll /DELAYLOAD:comerr64.dll
-!else
-KFWLIBS = \
-    $(AFSROOT)\src\WINNT\kfw\lib\$(CPU)\krb5_32.lib \
-    $(AFSROOT)\src\WINNT\kfw\lib\$(CPU)\comerr32.lib \
-    dnsapi.lib mpr.lib delayimp.lib shell32.lib
-LINKOPTS = /DELAYLOAD:krb5_32.dll /DELAYLOAD:comerr32.dll
-!endif
-afscflags = -I$(AFSROOT)\src\WINNT\kfw\inc\krb5 $(afscflags)
-
-$(DLLFILE): $(DLLOBJS) $(DLLLIBS)
-       $(DLLCONLINK) /DEF:afsadminutil.def $(KFWLIBS)
+NTLIBS = dnsapi.lib mpr.lib shell32.lib
+
+$(DLLFILE): $(DLLOBJS) $(DLLLIBS) $(HEIMDEPS)
+       $(DLLCONLINK) /DEF:afsadminutil.def $(NTLIBS) $(HEIMLINKOPTS)
         $(_VC_MANIFEST_EMBED_DLL)
        $(DLLPREP)
         $(CODESIGN_USERLAND)
@@ -225,4 +212,5 @@ clean::
        $(DEL) $(DLLOBJS)
        $(DEL) $(DLLFILE)
 mkdir:
-       
+
+
index 2251173..7160d63 100644 (file)
@@ -30,7 +30,9 @@
 #include <afs/afscbint.h>
 
 #ifdef AFS_NT40_ENV
-# include <afs/krb5_nt.h>
+# define EncryptionKey Krb5EncryptionKey
+#  include <krb5/krb5.h>
+# undef EncryptionKey
 #endif
 
 #include "afs_AdminInternal.h"
@@ -74,9 +76,6 @@ init_once(void)
     initialize_AU_error_table();
     initialize_AV_error_table();
     initialize_VOLS_error_table();
-#ifdef AFS_KRB5_ERROR_ENV
-    initialize_krb5();
-#endif
     error_init_done = 1;
 }
 
@@ -103,8 +102,7 @@ util_AdminErrorCodeTranslate(afs_status_t errorCode, int langId,
     *errorTextP = afs_error_message(code);
 #ifdef AFS_KRB5_ERROR_ENV
     if (strncmp(*errorTextP, "unknown", strlen("unknown")) == 0) {
-        const char *msg = fetch_krb5_error_message(NULL, code);
-        *errorTextP = msg ? msg : error_message(code);
+        *errorTextP = krb5_get_error_message(NULL, code);
     }
 #endif
     rc = 1;
index 684c6ae..0164e3f 100644 (file)
@@ -8,8 +8,8 @@
 # This is a pthread safe library containing ubikclient, auth, kauth.
 
 
-AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES) -DAFS_PTHREAD_ENV -I..\WINNT\kfw\inc\loadfuncs \
-        -I..\WINNT\kfw\inc\krb5 -I$(DESTDIR)\include\afs -I$(DESTDIR)\include\rx
+AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES) -DAFS_PTHREAD_ENV -I$(DESTDIR)\include\afs \
+       -I$(DESTDIR)\include\rx
 
 RELDIR=libafsauthent
 !include ..\config\NTMakefile.$(SYS_NAME)
@@ -169,4 +169,3 @@ clean ::
        $(DEL) $(LIBFILE)
 
 mkdir:
-       
index 2adce0c..0769854 100755 (executable)
@@ -123,6 +123,9 @@ set NTDDKDIR=C:\WINDDK\7600.16385.0
 REM Location of Microsoft IDN Normalization SDK
 set MSIDNNLS=C:\progra~1\MI5913~1
 
+REM Location of Secure Endpoints Kerberos Compatibility SDK 1.0
+set KERBEROSCOMPATSDKROOT=c:\progra~2\secure~1\kerber~1
+
 REM Location of the WiX Installer Toolkit
 set WIX=c:\tools\wix.2.0.5325
 
index d6180bb..9e5e49d 100644 (file)
@@ -128,7 +128,7 @@ PTS_EXELIBS =\
        $(DESTDIR)\lib\afshcrypto.lib \
        $(DESTDIR)\lib\afsroken.lib
 
-$(PTS): $(PTS_EXEOBJS) $(PTS_EXELIBS) 
+$(PTS): $(PTS_EXEOBJS) $(PTS_EXELIBS)
        $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib
         $(_VC_MANIFEST_EMBED_EXE)
        $(EXEPREP) 
@@ -254,7 +254,7 @@ $(OUT)\readpwd.exe: $(OUT)\readpwd.obj $(LIBFILE) $(TEST_LIBS)
         $(SYMSTORE_IMPORT)
 
 $(OUT)\testpt.exe: $(OUT)\testpt.obj $(LIBFILE) $(TEST_LIBS)
-       $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib 
+       $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib
         $(_VC_MANIFEST_EMBED_EXE)
         $(CODESIGN_USERLAND)
         $(SYMSTORE_IMPORT)
@@ -266,4 +266,4 @@ $(OUT)\db_verify.exe: $(OUT)\db_verify.obj $(OUT)\pterror.obj $(OUT)\display.obj
         $(SYMSTORE_IMPORT)
 
 mkdir:
-       
+
index 54ac7f8..6a09cad 100644 (file)
@@ -5,8 +5,7 @@
 # License.  For details, see the LICENSE file in the top-level source
 # directory or online at http://www.openafs.org/dl/license10.html
 
-AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES) -I..\WINNT\kfw\inc\loadfuncs -I..\WINNT\kfw\inc\krb5 \
-        -I$(DESTDIR)\include\afs -I$(DESTDIR)\include\rx
+AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES) -I$(DESTDIR)\include\afs -I$(DESTDIR)\include\rx
 RELDIR=sys
 !INCLUDE ..\config\NTMakefile.$(SYS_NAME)
 !INCLUDE ..\config\NTMakefile.version
index f9f6dd9..e5e4a4d 100644 (file)
@@ -19,6 +19,8 @@
 #define SECURITY_WIN32
 #include <security.h>
 #include <nb30.h>
+#include <tchar.h>
+#include <strsafe.h>
 
 #include <osi.h>
 
@@ -39,7 +41,6 @@
 #include <WINNT/afsreg.h>
 #include <lanahelper.h>
 
-#include <loadfuncs-krb5.h>
 #include <krb5.h>
 #include <..\WINNT\afsrdr\common\AFSUserDefines.h>
 #include <..\WINNT\afsrdr\common\AFSUserIoctl.h>
@@ -326,178 +327,138 @@ cleanup:
     return(hr);
 }
 
-// krb5 functions
-DECL_FUNC_PTR(krb5_cc_default_name);
-DECL_FUNC_PTR(krb5_cc_set_default_name);
-DECL_FUNC_PTR(krb5_get_default_config_files);
-DECL_FUNC_PTR(krb5_free_config_files);
-DECL_FUNC_PTR(krb5_free_context);
-DECL_FUNC_PTR(krb5_get_default_realm);
-DECL_FUNC_PTR(krb5_free_default_realm);
-DECL_FUNC_PTR(krb5_init_context);
-DECL_FUNC_PTR(krb5_cc_default);
-DECL_FUNC_PTR(krb5_parse_name);
-DECL_FUNC_PTR(krb5_free_principal);
-DECL_FUNC_PTR(krb5_cc_close);
-DECL_FUNC_PTR(krb5_cc_get_principal);
-DECL_FUNC_PTR(krb5_build_principal);
-DECL_FUNC_PTR(krb5_c_random_make_octets);
-DECL_FUNC_PTR(krb5_get_init_creds_password);
-DECL_FUNC_PTR(krb5_free_cred_contents);
-DECL_FUNC_PTR(krb5_cc_resolve);
-DECL_FUNC_PTR(krb5_unparse_name);
-DECL_FUNC_PTR(krb5_free_unparsed_name);
-
-FUNC_INFO krb5_fi[] = {
-    MAKE_FUNC_INFO(krb5_cc_default_name),
-    MAKE_FUNC_INFO(krb5_cc_set_default_name),
-    MAKE_FUNC_INFO(krb5_get_default_config_files),
-    MAKE_FUNC_INFO(krb5_free_config_files),
-    MAKE_FUNC_INFO(krb5_free_context),
-    MAKE_FUNC_INFO(krb5_get_default_realm),
-    MAKE_FUNC_INFO(krb5_free_default_realm),
-    MAKE_FUNC_INFO(krb5_init_context),
-    MAKE_FUNC_INFO(krb5_cc_default),
-    MAKE_FUNC_INFO(krb5_parse_name),
-    MAKE_FUNC_INFO(krb5_free_principal),
-    MAKE_FUNC_INFO(krb5_cc_close),
-    MAKE_FUNC_INFO(krb5_cc_get_principal),
-    MAKE_FUNC_INFO(krb5_build_principal),
-    MAKE_FUNC_INFO(krb5_c_random_make_octets),
-    MAKE_FUNC_INFO(krb5_get_init_creds_password),
-    MAKE_FUNC_INFO(krb5_free_cred_contents),
-    MAKE_FUNC_INFO(krb5_cc_resolve),
-    MAKE_FUNC_INFO(krb5_unparse_name),
-    MAKE_FUNC_INFO(krb5_free_unparsed_name),
-    END_FUNC_INFO
-};
-
-static int
-LoadFuncs(
-    const char* dll_name,
-    FUNC_INFO fi[],
-    HINSTANCE* ph,  // [out, optional] - DLL handle
-    int* pindex,    // [out, optional] - index of last func loaded (-1 if none)
-    int cleanup,    // cleanup function pointers and unload on error
-    int go_on,      // continue loading even if some functions cannot be loaded
-    int silent      // do not pop-up a system dialog if DLL cannot be loaded
-    )
-{
-    HINSTANCE h;
-    int i, n, last_i;
-    int error = 0;
-    UINT em;
-
-    if (ph) *ph = 0;
-    if (pindex) *pindex = -1;
-
-    for (n = 0; fi[n].func_ptr_var; n++)
-        *(fi[n].func_ptr_var) = 0;
-
-    if (silent)
-        em = SetErrorMode(SEM_FAILCRITICALERRORS);
-    h = LoadLibrary(dll_name);
-    if (silent)
-        SetErrorMode(em);
-
-    if (!h)
-        return 0;
-
-    last_i = -1;
-    for (i = 0; (go_on || !error) && (i < n); i++)
-    {
-        void* p = (void*)GetProcAddress(h, fi[i].func_name);
-        if (!p)
-            error = 1;
-        else
-        {
-            last_i = i;
-            *(fi[i].func_ptr_var) = p;
-        }
-    }
-    if (pindex) *pindex = last_i;
-    if (error && cleanup && !go_on) {
-        for (i = 0; i < n; i++) {
-            *(fi[i].func_ptr_var) = 0;
-        }
-        FreeLibrary(h);
-        return 0;
-    }
-    if (ph) *ph = h;
-    if (error) return 0;
-    return 1;
-}
-#if defined(_IA64_) || defined(_AMD64_)
-#define KERB5DLL "krb5_64.dll"
-#else
-#define KERB5DLL "krb5_32.dll"
-#endif
 static BOOL
-IsKrb5Available()
+UnicodeToANSI(LPCWSTR lpInputString, LPSTR lpszOutputString, int nOutStringLen)
 {
-    static HINSTANCE hKrb5DLL = 0;
+    CPINFO CodePageInfo;
 
-    if ( hKrb5DLL )
-        return TRUE;
+    GetCPInfo(CP_ACP, &CodePageInfo);
 
-    hKrb5DLL = LoadLibrary(KERB5DLL);
-    if (hKrb5DLL) {
-        if (!LoadFuncs(KERB5DLL, krb5_fi, 0, 0, 1, 0, 0))
+    if (CodePageInfo.MaxCharSize > 1) {
+        // Only supporting non-Unicode strings
+        int reqLen = WideCharToMultiByte( CP_ACP, 0,
+                                          lpInputString, -1,
+                                          NULL, 0, NULL, NULL);
+        if ( reqLen > nOutStringLen)
         {
-            FreeLibrary(hKrb5DLL);
-            hKrb5DLL = 0;
             return FALSE;
+        } else {
+            if (WideCharToMultiByte( CP_ACP,
+                                     WC_COMPOSITECHECK,
+                                     lpInputString, -1,
+                                     lpszOutputString,
+                                     nOutStringLen, NULL, NULL) == 0)
+                return FALSE;
         }
-        return TRUE;
     }
-    return FALSE;
+    else
+    {
+        // Looks like unicode, better translate it
+        if (WideCharToMultiByte( CP_ACP,
+                                 WC_COMPOSITECHECK,
+                                 lpInputString, -1,
+                                 lpszOutputString,
+                                 nOutStringLen, NULL, NULL) == 0)
+            return FALSE;
+    }
+
+    return TRUE;
 }
 
 static BOOL
-GetLSAPrincipalName(char * szUser, DWORD *dwSize)
+GetLSAPrincipalName(char * pszUser, DWORD dwUserSize)
 {
-    krb5_context   ctx = 0;
-    krb5_error_code code;
-    krb5_ccache mslsa_ccache=0;
-    krb5_principal princ = 0;
-    char * pname = 0;
-    BOOL success = 0;
-
-    if (!IsKrb5Available())
-        return FALSE;
+    KERB_QUERY_TKT_CACHE_REQUEST CacheRequest;
+    PKERB_RETRIEVE_TKT_RESPONSE pTicketResponse = NULL;
+    ULONG ResponseSize;
+    PKERB_EXTERNAL_NAME pClientName = NULL;
+    PUNICODE_STRING     pDomainName = NULL;
+    LSA_STRING Name;
+    HANDLE hLogon = INVALID_HANDLE_VALUE;
+    ULONG PackageId;
+    NTSTATUS ntStatus;
+    NTSTATUS ntSubStatus = 0;
+    WCHAR * wchUser = NULL;
+    DWORD   dwSize;
+    SHORT   sCount;
+    BOOL bRet = FALSE;
+
+    ntStatus = LsaConnectUntrusted( &hLogon);
+    if (FAILED(ntStatus))
+        goto cleanup;
 
-    if (code = pkrb5_init_context(&ctx))
+    Name.Buffer = MICROSOFT_KERBEROS_NAME_A;
+    Name.Length = (USHORT)(sizeof(MICROSOFT_KERBEROS_NAME_A) - sizeof(char));
+    Name.MaximumLength = Name.Length;
+
+    ntStatus = LsaLookupAuthenticationPackage( hLogon, &Name, &PackageId);
+    if (FAILED(ntStatus))
         goto cleanup;
 
-    if (code = pkrb5_cc_resolve(ctx, "MSLSA:", &mslsa_ccache))
+    memset(&CacheRequest, 0, sizeof(KERB_QUERY_TKT_CACHE_REQUEST));
+    CacheRequest.MessageType = KerbRetrieveTicketMessage;
+    CacheRequest.LogonId.LowPart = 0;
+    CacheRequest.LogonId.HighPart = 0;
+
+    ntStatus = LsaCallAuthenticationPackage( hLogon,
+                                             PackageId,
+                                             &CacheRequest,
+                                             sizeof(CacheRequest),
+                                             &pTicketResponse,
+                                             &ResponseSize,
+                                             &ntSubStatus);
+    if (FAILED(ntStatus) || FAILED(ntSubStatus))
         goto cleanup;
 
-    if (code = pkrb5_cc_get_principal(ctx, mslsa_ccache, &princ))
+    /* We have a ticket in the response */
+    pClientName = pTicketResponse->Ticket.ClientName;
+    pDomainName = &pTicketResponse->Ticket.DomainName;
+
+    /* We want to return ClientName @ DomainName */
+
+    dwSize = 0;
+    for ( sCount = 0; sCount < pClientName->NameCount; sCount++)
+    {
+        dwSize += pClientName->Names[sCount].Length;
+    }
+    dwSize += pDomainName->Length + sizeof(WCHAR);
+
+    if ( dwSize / sizeof(WCHAR) > dwUserSize )
         goto cleanup;
 
-    if (code = pkrb5_unparse_name(ctx, princ, &pname))
+    wchUser = malloc(dwSize);
+    if (wchUser == NULL)
         goto cleanup;
 
-    if ( strlen(pname) < *dwSize ) {
-        strncpy(szUser, pname, *dwSize);
-        szUser[*dwSize-1] = '\0';
-        success = 1;
+    for ( sCount = 0, wchUser[0] = L'\0'; sCount < pClientName->NameCount; sCount++)
+    {
+        StringCbCatNW( wchUser, dwSize,
+                       pClientName->Names[sCount].Buffer,
+                       pClientName->Names[sCount].Length);
     }
-    *dwSize = (DWORD)strlen(pname);
+    StringCbCatNW( wchUser, dwSize,
+                   pDomainName->Buffer,
+                   pDomainName->Length);
+
+    if ( !UnicodeToANSI( wchUser, pszUser, dwUserSize) )
+        goto cleanup;
+
+    bRet = TRUE;
 
   cleanup:
-    if (pname)
-        pkrb5_free_unparsed_name(ctx, pname);
 
-    if (princ)
-        pkrb5_free_principal(ctx, princ);
+    if (wchUser)
+        free(wchUser);
 
-    if (mslsa_ccache)
-        pkrb5_cc_close(ctx, mslsa_ccache);
+    if ( hLogon != INVALID_HANDLE_VALUE)
+        LsaDeregisterLogonProcess(hLogon);
+
+    if ( pTicketResponse ) {
+        SecureZeroMemory(pTicketResponse,ResponseSize);
+        LsaFreeReturnBuffer(pTicketResponse);
+    }
 
-    if (ctx)
-        pkrb5_free_context(ctx);
-    return success;
+    return bRet;
 }
 
 //
@@ -1005,7 +966,7 @@ GetIoctlHandle(char *fileNamep, HANDLE * handlep)
         int  gonext = 0;
 
         dwSize = sizeof(szUser);
-        if (GetLSAPrincipalName(szUser, &dwSize)) {
+        if (GetLSAPrincipalName(szUser, dwSize)) {
             if ( ioctlDebug ) {
                 saveerrno = errno;
                 fprintf(stderr, "pioctl LSA Principal logon user: [%s]\r\n",szUser);
index 4eb24e2..ee134fa 100644 (file)
@@ -85,7 +85,6 @@ BUTCLIBS=$(DESTDIR)\lib\afs\afsbudb.lib  \
             $(DESTDIR)\lib\afshcrypto.lib \
             $(DESTDIR)\lib\afsroken.lib
 
-
 # rm $(OUT)\tcstatus.obj
 # nmake /nologo /f ntmakefile install
 #----------------------------------------------- BUTC
@@ -162,6 +161,6 @@ install: all
 noversion: install
 
 mkdir:
-       
+
 clean::
        $(DEL) $(BUTCRES)
index baf6e14..5577e64 100644 (file)
@@ -99,4 +99,4 @@ clean::
 
 mkdir:
         copy home $(OUT)\.
-       
+
index b828a0c..71a068f 100644 (file)
@@ -7,7 +7,6 @@
 
 # General AFS utilities.
 
-AFSDEV_AUXCDEFINES = $(AFSDEV_AUXCDEFINES) -I..\WINNT\kfw\inc\krb5
 RELDIR=util
 !INCLUDE ..\config\NTMakefile.$(SYS_NAME)
 
@@ -24,7 +23,6 @@ INCFILES =\
        $(INCFILEDIR)\pthread_nosigs.h \
        $(INCFILEDIR)\errmap_nt.h \
        $(INCFILEDIR)\dirpath.h \
-        $(INCFILEDIR)\krb5_nt.h \
        $(INCFILEDIR)\ktime.h \
        $(INCFILEDIR)\fileutil.h \
        $(INCFILEDIR)\afsutil_prototypes.h \
@@ -45,7 +43,6 @@ LIBOBJS = \
        $(OUT)\base32.obj \
        $(OUT)\get_krbrlm.obj \
        $(OUT)\hostparse.obj \
-        $(OUT)\krb5_nt.obj \
        $(OUT)\kreltime.obj \
        $(OUT)\ktime.obj \
         $(OUT)\netutils.obj \
@@ -64,7 +61,6 @@ MT_LIBOBJS = \
        $(OUT)\base32.obj \
        $(OUT)\get_krbrlm.obj \
        $(OUT)\hostparse.obj \
-        $(OUT)\krb5_nt.obj \
        $(OUT)\kreltime.obj \
        $(OUT)\ktime.obj \
         $(OUT)\netutils.obj \
@@ -104,4 +100,4 @@ clean::
        $(DEL) $(LIBFILE)
 
 mkdir:
-       
+
index aca3713..1da16aa 100644 (file)
@@ -95,7 +95,7 @@ $(CBDRES): cbd.rc AFS_component_version_number.h
 install:  $(INCFILES) $(CBD)
 
 mkdir:
-       
+
 clean::
        $(DEL) $(EXERES)
        $(DEL) $(CBDRES)
index 990f8cf..8622554 100644 (file)
@@ -96,14 +96,13 @@ VOLSERVER_EXEOBJS = \
        $(OUT)\voltrans.obj \
        $(OUT)\vol_split.obj \
        $(OUT)\volserver.res
-       
 
 VOLSERVER_EXELIBS = \
        $(DESTDIR)\lib\afs\afsdir.lib \
        $(DESTDIR)\lib\afs\afsprocmgmt.lib
 
-$(VOLSERVER_EXEFILE): $(VOLSERVER_EXEOBJS) $(VOLSERVER_EXELIBS) $(EXEC_LIBS)
-       $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib
+$(VOLSERVER_EXEFILE): $(VOLSERVER_EXEOBJS) $(VOLSERVER_EXELIBS) $(EXEC_LIBS) $(HEIMDEPS)
+       $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib $(HEIMLINKOPTS)
         $(_VC_MANIFEST_EMBED_EXE)
        $(EXEPREP) 
         $(CODESIGN_USERLAND)
@@ -130,8 +129,8 @@ VOS_EXELIBS = \
        $(DESTDIR)\lib\afs\afsprocmgmt.lib \
        $(DESTDIR)\lib\afs\afspioctl.lib
 
-$(RS_VOS_EXEFILE): $(VOS_EXEOBJS) $(VOS_EXELIBS) $(EXEC_LIBS)
-       $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib
+$(RS_VOS_EXEFILE): $(VOS_EXEOBJS) $(VOS_EXELIBS) $(EXEC_LIBS) $(HEIMDEPS)
+       $(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib $(HEIMLINKOPTS)
         $(_VC_MANIFEST_EMBED_EXE)
        $(EXEPREP) 
         $(CODESIGN_USERLAND)
@@ -189,4 +188,4 @@ clean::
        $(DEL) volint.cs.c volint.h volint.ss.c volint.xdr.c volser.h
 
 mkdir:
-       
+
index 99eda70..23d456a 100644 (file)
@@ -19,7 +19,7 @@ BINDIR = $(DESTDIR)\bin
 RPCINCLS=$(INCDIR)\lwp.h $(INCDIR)\rx\rx.h
 
 LIBS= \
-       $(LIBDIR)\afs\afsint.lib \
+       $(LIBDIR)\afs\afsint.lib \
        $(LIBDIR)\afs\afscmd.lib \
        $(LIBDIR)\afsrx.lib \
        $(LIBDIR)\afslwp.lib \
@@ -83,7 +83,7 @@ clean::
        $(DEL) -f $(OUT)\*.res
        $(DEL) -f $(OUT)\*.pdb
        $(DEL) -f $(OUT)\*.ilk
-       $(DEL) -f $(INCDIR)\afs\xstat_fs.h
+       $(DEL) -f $(INCDIR)\afs\xstat_fs.h
        $(DEL) -f $(INCDIR)\afs\xstat_cm.h
        $(DEL) -f $(LIBDIR)\afs_xstat_fs.lib
        $(DEL) -f $(LIBDIR)\afs_xstat_cm.lib