/* Prevent inclusion of des.h to avoid conflicts with des types */
#define NO_DES_H_INCLUDE
-#include "afskfw-int.h"
-#include "afskfw.h"
-#include <userenv.h>
-#include "strsafe.h"
-
-#include <Sddl.h>
-#include <Aclapi.h>
-
#include <osilog.h>
#include <afs/ptserver.h>
#include <afs/ptuser.h>
#include <rx/rxkad.h>
-
#include <WINNT\afsreg.h>
#include "cm.h"
+#include "afskfw.h"
+#include "afskfw-int.h"
+#include <userenv.h>
+#include "strsafe.h"
+
+#include <Sddl.h>
+#include <Aclapi.h>
+
/*
* TIMING _____________________________________________________________________
*
char mutexName[MAX_PATH];
HANDLE hMutex = NULL;
- sprintf(mutexName, "AFS KFW Init pid=%d", getpid());
+ StringCbPrintf( mutexName, sizeof(mutexName), "AFS KFW Init pid=%d", getpid());
hMutex = CreateMutex( NULL, TRUE, mutexName );
if ( GetLastError() == ERROR_ALREADY_EXISTS ) {
errText = pkrb5_get_error_message(ctx, rc);
else
errText = perror_message(rc);
- _snprintf(message, sizeof(message),
- "%s\n(Kerberos error %ld)\n\n%s failed",
+ StringCbPrintf(message, sizeof(message),
+ "%s\n(Kerberos error %ld)\n\n%s failed",
errText,
krb5Error,
FailedFunctionName);
if (pkrb5_free_error_message)
- pkrb5_free_error_message(ctx, errText);
+ pkrb5_free_error_message(ctx, (char *)errText);
if ( IsDebuggerPresent() )
OutputDebugString(message);
ccfullname = malloc(strlen(ccname) + strlen(cctype) + 2);
if (!ccfullname) goto cleanup;
- sprintf(ccfullname, "%s:%s", cctype, ccname);
+ StringCbPrintf(ccfullname, sizeof(ccfullname), "%s:%s", cctype, ccname);
// Search the existing list to see if we have a match
if ( next ) {
if ( !KFW_AFS_find_ccache_for_principal(ctx,pname,&ccname,TRUE) &&
!KFW_AFS_find_ccache_for_principal(ctx,pname,&ccname,FALSE)) {
- ccname = (char *)malloc(strlen(pname) + 5);
- sprintf(ccname,"API:%s",pname);
+ size_t len = strlen(pname) + 5;
+ ccname = (char *)malloc(len);
+ StringCbPrintf(ccname, len, "API:%s", pname);
}
code = pkrb5_cc_resolve(ctx, ccname, cc);
} else {
krb5_data * princ_realm;
krb5_error_code code;
char cell[128]="", realm[128]="", *def_realm = 0;
- int i;
+ unsigned int i;
DWORD dwMsLsaImport;
if (!pkrb5_init_context)
break;
case 2: { /* matching realm */
char ms_realm[128] = "", *r;
- int i;
+ unsigned int j;
- for ( r=ms_realm, i=0; i<krb5_princ_realm(ctx, princ)->length; r++, i++ ) {
- *r = krb5_princ_realm(ctx, princ)->data[i];
+ for ( r=ms_realm, j=0; j<krb5_princ_realm(ctx, princ)->length; r++, j++ ) {
+ *r = krb5_princ_realm(ctx, princ)->data[j];
}
*r = '\0';
code = KFW_AFS_klog(ctx, cc, "afs", cell, realm, pLeash_get_default_lifetime(),NULL);
if ( IsDebuggerPresent() ) {
char message[256];
- sprintf(message,"KFW_AFS_klog() returns: %d\n",code);
+ StringCbPrintf(message, sizeof(message), "KFW_AFS_klog() returns: %d\n", code);
OutputDebugString(message);
}
if ( code ) goto cleanup;
}
memset(&aserver, '\0', sizeof(aserver));
- strcpy(aserver.name, sname->data);
- strcpy(aserver.cell, cell->data);
+ StringCbCopyN( aserver.name, sizeof(aserver.name),
+ sname->data, sizeof(aserver.name) - 1);
+ StringCbCopyN( aserver.cell, sizeof(aserver.cell),
+ cell->data, sizeof(aserver.cell) - 1);
code = ktc_GetToken(&aserver, &atoken, sizeof(atoken), &aclient);
if (!code) {
NULL);
if ( IsDebuggerPresent() ) {
char message[256];
- sprintf(message,"KFW_AFS_klog() returns: %d\n",code);
+ StringCbPrintf(message, sizeof(message), "KFW_AFS_klog() returns: %d\n", code);
OutputDebugString(message);
}
}
*userrealm++ = '@';
}
} else {
- pname = malloc(strlen(username) + strlen(realm) + 2);
-
- strcpy(pname, username);
+ size_t len = strlen(username) + strlen(realm) + 2;
+ pname = malloc(len);
+ if (pname == NULL) {
+ code = KRB5KRB_ERR_GENERIC;
+ goto cleanup;
+ }
+ StringCbCopy(pname, len, username);
if (!KFW_accept_dotted_usernames()) {
/* handle kerberos iv notation */
*dot = '/';
}
}
- strcat(pname,"@");
- strcat(pname,realm);
+ StringCbCat( pname, len, "@");
+ StringCbCat( pname, len, realm);
}
if ( IsDebuggerPresent() ) {
OutputDebugString("Realm: ");
if ( IsDebuggerPresent() ) {
char message[256];
- sprintf(message,"KFW_kinit() returns: %d\n",code);
+ StringCbPrintf(message, sizeof(message), "KFW_kinit() returns: %d\n", code);
OutputDebugString(message);
}
if ( code ) goto cleanup;
code = KFW_AFS_klog(ctx, cc, "afs", cell, realm, lifetime, smbname);
if ( IsDebuggerPresent() ) {
char message[256];
- sprintf(message,"KFW_AFS_klog() returns: %d\n",code);
+ StringCbPrintf(message, sizeof(message), "KFW_AFS_klog() returns: %d\n", code);
OutputDebugString(message);
}
if ( code ) goto cleanup;
if ( strcmp(cells[cell_count],cell) ) {
if ( IsDebuggerPresent() ) {
char message[256];
- sprintf(message,"found another cell for the same principal: %s\n",cell);
+ StringCbPrintf(message, sizeof(message),
+ "found another cell for the same principal: %s\n", cell);
OutputDebugString(message);
}
code = KFW_AFS_klog(ctx, cc, "afs", cells[cell_count], realm, lifetime, smbname);
if ( IsDebuggerPresent() ) {
char message[256];
- sprintf(message,"KFW_AFS_klog() returns: %d\n",code);
+ StringCbPrintf(message, sizeof(message), "KFW_AFS_klog() returns: %d\n", code);
OutputDebugString(message);
}
}
code = KFW_AFS_klog(ctx, cc, "afs", cells[cell_count], (char *)realm, 0, NULL);
if ( IsDebuggerPresent() ) {
char message[256];
- sprintf(message,"KFW_AFS_klog() returns: %d\n",code);
+ StringCbPrintf(message, sizeof(message), "KFW_AFS_klog() returns: %d\n", code);
OutputDebugString(message);
}
free(cells[cell_count]);
code = KFW_AFS_klog(ctx, cc, "afs", cell, (char *)realm, 0,NULL);
if ( IsDebuggerPresent() ) {
char message[256];
- sprintf(message,"KFW_AFS_klog() returns: %d\n",code);
+ StringCbPrintf(message, sizeof(message), "KFW_AFS_klog() returns: %d\n", code);
OutputDebugString(message);
}
if (code) {
if ( IsDebuggerPresent() ) {
char message[256];
- sprintf(message,"krb5_get_renewed_creds() failed: %d\n",code);
+ StringCbPrintf(message, sizeof(message), "krb5_get_renewed_creds() failed: %d\n", code);
OutputDebugString(message);
}
goto cleanup;
if (code) {
if ( IsDebuggerPresent() ) {
char message[256];
- sprintf(message,"krb5_cc_initialize() failed: %d\n",code);
+ StringCbPrintf(message, sizeof(message), "krb5_cc_initialize() failed: %d\n", code);
OutputDebugString(message);
}
goto cleanup;
if (code) {
if ( IsDebuggerPresent() ) {
char message[256];
- sprintf(message,"krb5_cc_store_cred() failed: %d\n",code);
+ StringCbPrintf(message, sizeof(message), "krb5_cc_store_cred() failed: %d\n", code);
OutputDebugString(message);
}
goto cleanup;
usLength = (pSessionData->AuthenticationPackage).Length;
if (usLength < 256)
{
- lstrcpynW (buffer, usBuffer, usLength);
- lstrcatW (buffer,L"");
+ StringCbCopyNW( buffer, sizeof(buffer)/sizeof(WCHAR),
+ usBuffer, usLength);
if ( !lstrcmpW(L"Kerberos",buffer) )
Success = TRUE;
}
return 0;
default: {
char buf[256];
- sprintf(buf,"DialogBoxIndirect() failed: %d",GetLastError());
+ StringCbPrintf(buf, sizeof(buf), "DialogBoxIndirect() failed: %d", GetLastError());
MessageBox(hwndOwner,
buf,
"GetLastError()",
if (confdir[0] == '\0')
cm_GetConfigDir(confdir, sizeof(confdir));
- strcpy(lastcell, aserver->cell);
+ StringCbCopyN( lastcell, sizeof(lastcell),
+ aserver->cell, sizeof(lastcell) - 1);
if (!pr_Initialize (0, confdir, aserver->cell)) {
char sname[PR_MAXNAMELEN];
- strncpy(sname, username, PR_MAXNAMELEN);
- sname[PR_MAXNAMELEN-1] = '\0';
+ StringCbCopyN( sname, sizeof(sname),
+ username, sizeof(sname) - 1);
status = pr_SNameToId (sname, &viceId);
pr_End();
}
#endif /* ALLOW_REGISTER */
{
#ifdef AFS_ID_TO_NAME
- strncpy(username_copy, username, BUFSIZ);
+ StringCbCopyN( username_copy, sizeof(username_copy),
+ username, sizeof(username_copy) - 1);
snprintf (username, BUFSIZ, "%s (AFS ID %d)", username_copy, (int) viceId);
#endif /* AFS_ID_TO_NAME */
}
#ifdef ALLOW_REGISTER
} else if (strcmp(realm_of_user, realm_of_cell) != 0) {
id = 0;
- strncpy(aclient->name, username, MAXKTCNAMELEN - 1);
- strcpy(aclient->instance, "");
- strncpy(aclient->cell, realm_of_user, MAXKTCREALMLEN - 1);
+ StringCbCopyN( aclient->name, sizeof(aclient->name),
+ username, sizeof(aclient->name) - 1);
+ aclient->instance[0] = '\0';
+ StringCbCopyN( aclient->cell, sizeof(aclient->cell),
+ realm_of_user, sizeof(aclient->cell) - 1);
if (status = ktc_SetToken(aserver, atoken, aclient, 0))
return status;
if (status = pr_Initialize(1L, confdir, aserver->cell))
if (status)
return status;
#ifdef AFS_ID_TO_NAME
- strncpy(username_copy, username, BUFSIZ);
+ StringCbCopyN( username_copy, sizeof(username_copy),
+ username, sizeof(username_copy) - 1);
snprintf (username, BUFSIZ, "%s (AFS ID %d)", username_copy, (int) viceId);
#endif /* AFS_ID_TO_NAME */
}
if (len > destlen - 1)
len = destlen - 1;
- strncpy(dest, krb5_princ_realm(context, ticket->server)->data, len);
- dest[len] = '\0';
+ StringCbCopyN(dest, destlen, krb5_princ_realm(context, ticket->server)->data, len);
pkrb5_free_ticket(context, ticket);
}
krb5_error_code code;
krb5_principal client_principal = NULL;
krb5_data * k5data = NULL;
- int i, retry = 0;
+ unsigned int i, retry = 0;
CurrentState = 0;
memset(HostName, '\0', sizeof(HostName));
memset(realm_of_user, '\0', sizeof(realm_of_user));
memset(realm_of_cell, '\0', sizeof(realm_of_cell));
if (cell && cell[0])
- strcpy(Dmycell, cell);
+ StringCbCopyN( Dmycell, sizeof(Dmycell),
+ cell, sizeof(Dmycell) - 1);
else
memset(Dmycell, '\0', sizeof(Dmycell));
i = krb5_princ_realm(ctx, client_principal)->length;
if (i > REALM_SZ-1)
i = REALM_SZ-1;
- strncpy(realm_of_user,krb5_princ_realm(ctx, client_principal)->data,i);
- realm_of_user[i] = 0;
+ StringCbCopyN( realm_of_user, sizeof(realm_of_user),
+ krb5_princ_realm(ctx, client_principal)->data, i);
try_krb5 = 1;
skip_krb5_init:
if (!try_krb5)
goto cleanup;
#endif
- strcpy(realm_of_cell, afs_realm_of_cell(ctx, &ak_cellconfig));
+ StringCbCopyN( realm_of_cell, sizeof(realm_of_cell),
+ afs_realm_of_cell(ctx, &ak_cellconfig),
+ sizeof(realm_of_cell) - 1);
if (strlen(service) == 0)
- strcpy(ServiceName, "afs");
+ StringCbCopy( ServiceName, sizeof(ServiceName), "afs");
else
- strcpy(ServiceName, service);
+ StringCbCopyN( ServiceName, sizeof(ServiceName),
+ service, sizeof(ServiceName) - 1);
if (strlen(cell) == 0)
- strcpy(CellName, local_cell);
+ StringCbCopyN( CellName, sizeof(CellName),
+ local_cell, sizeof(CellName) - 1);
else
- strcpy(CellName, cell);
+ StringCbCopyN( CellName, sizeof(CellName),
+ cell, sizeof(CellName) - 1);
/* This is for Kerberos v4 only */
if (strlen(realm) == 0)
- strcpy(RealmName, realm_of_cell);
+ StringCbCopyN( RealmName, sizeof(RealmName),
+ realm_of_cell, sizeof(RealmName) - 1);
else
- strcpy(RealmName, realm);
+ StringCbCopyN( RealmName, sizeof(RealmName),
+ realm, sizeof(RealmName) - 1);
memset(&creds, '\0', sizeof(creds));
if (code == 0) {
/* we have a local realm for the cell */
- strcpy(realm_of_cell, realm);
+ StringCbCopyN( realm_of_cell, sizeof(realm_of_cell),
+ realm, sizeof(realm_of_cell) - 1);
}
} else {
/* Otherwise, first try service/cell@CLIENT_REALM */
* Save it so that later the pts registration will not
* be performed.
*/
- strcpy(realm_of_cell, realm_of_user);
+ StringCbCopyN( realm_of_cell, sizeof(realm_of_cell),
+ realm_of_user, sizeof(realm_of_cell) - 1);
}
if ((code == KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN ||
if (code) {
if ( IsDebuggerPresent() ) {
char message[256];
- sprintf(message,"krb5_get_credentials returns: %d\n",code);
+ StringCbPrintf(message, sizeof(message), "krb5_get_credentials returns: %d\n", code);
OutputDebugString(message);
}
try_krb5 = 0;
goto try_krb524d;
memset(&aserver, '\0', sizeof(aserver));
- strncpy(aserver.name, ServiceName, MAXKTCNAMELEN - 1);
- strncpy(aserver.cell, CellName, MAXKTCREALMLEN - 1);
+ StringCbCopyN( aserver.name, sizeof(aserver.name),
+ ServiceName, sizeof(aserver.name) - 1);
+ StringCbCopyN( aserver.cell, sizeof(aserver.cell),
+ CellName, sizeof(aserver.cell) - 1);
memset(&atoken, '\0', sizeof(atoken));
atoken.kvno = RXKAD_TKT_TYPE_KERBEROS_V5;
// * This structure was first set by the ktc_GetToken call when
// * we were comparing whether identical tokens already existed.
- len = min(k5creds->client->data[0].length,MAXKTCNAMELEN - 1);
- strncpy(aclient.name, k5creds->client->data[0].data, len);
- aclient.name[len] = '\0';
+ len = min(k5creds->client->data[0].length, sizeof(aclient.name) - 1);
+ StringCbCopyN( aclient.name, sizeof(aclient.name),
+ k5creds->client->data[0].data, len);
if ( k5creds->client->length > 1 ) {
- char * p;
- strcat(aclient.name, ".");
- p = aclient.name + strlen(aclient.name);
- len = min(k5creds->client->data[1].length,MAXKTCNAMELEN - (int)strlen(aclient.name) - 1);
- strncpy(p, k5creds->client->data[1].data, len);
- p[len] = '\0';
+ StringCbCat( aclient.name, sizeof(aclient.name), ".");
+ len = min(k5creds->client->data[1].length, (int)(sizeof(aclient.name) - strlen(aclient.name) - 1));
+ StringCbCatN( aclient.name, sizeof(aclient.name),
+ k5creds->client->data[1].data, len);
}
aclient.instance[0] = '\0';
- strcpy(aclient.cell, realm_of_cell);
+ StringCbCopyN( aclient.cell, sizeof(aclient.cell),
+ realm_of_cell, sizeof(aclient.cell) - 1);
len = min(k5creds->client->realm.length,(int)strlen(realm_of_cell));
/* For Khimaira, always append the realm name */
if ( 1 /* strncmp(realm_of_cell, k5creds->client->realm.data, len) */ ) {
- char * p;
- strcat(aclient.name, "@");
- p = aclient.name + strlen(aclient.name);
- len = min(k5creds->client->realm.length,MAXKTCNAMELEN - (int)strlen(aclient.name) - 1);
- strncpy(p, k5creds->client->realm.data, len);
- p[len] = '\0';
+ StringCbCat( aclient.name, sizeof(aclient.name), "@");
+ len = min(k5creds->client->realm.length, (int)(sizeof(aclient.name) - strlen(aclient.name) - 1));
+ StringCbCatN( aclient.name, sizeof(aclient.name), k5creds->client->realm.data, len);
}
GetEnvironmentVariable(DO_NOT_REGISTER_VARNAME, NULL, 0);
&aclient, &aserver, &atoken);
if ( smbname ) {
- strncpy(aclient.smbname, smbname, sizeof(aclient.smbname));
- aclient.smbname[sizeof(aclient.smbname)-1] = '\0';
+ StringCbCopyN( aclient.smbname, sizeof(aclient.smbname),
+ smbname, sizeof(aclient.smbname) - 1);
} else {
aclient.smbname[0] = '\0';
}
if (code) {
if ( IsDebuggerPresent() ) {
char message[256];
- sprintf(message,"krb524_convert_creds_kdc returns: %d\n",code);
+ StringCbPrintf(message, sizeof(message), "krb524_convert_creds_kdc returns: %d\n", code);
OutputDebugString(message);
}
try_krb5 = 0;
}
memset(&aserver, '\0', sizeof(aserver));
- strncpy(aserver.name, ServiceName, MAXKTCNAMELEN - 1);
- strncpy(aserver.cell, CellName, MAXKTCREALMLEN - 1);
+ StringCbCopyN( aserver.name, sizeof(aserver.name), ServiceName, sizeof(aserver.name) - 1);
+ StringCbCopyN( aserver.cell, sizeof(aserver.cell), CellName, sizeof(aserver.cell) - 1);
memset(&atoken, '\0', sizeof(atoken));
atoken.kvno = creds.kvno;
// * This structure was first set by the ktc_GetToken call when
// * we were comparing whether identical tokens already existed.
- strncpy(aclient.name, creds.pname, MAXKTCNAMELEN - 1);
+ StringCbCopyN( aclient.name, sizeof(aclient.name), creds.pname, sizeof(aclient.name) - 1);
if (creds.pinst[0])
{
strncat(aclient.name, ".", MAXKTCNAMELEN - 1);
strncat(aclient.name, creds.pinst, MAXKTCNAMELEN - 1);
}
- strcpy(aclient.instance, "");
+ aclient.instance[0] = '\0';
strncat(aclient.name, "@", MAXKTCNAMELEN - 1);
strncat(aclient.name, creds.realm, MAXKTCREALMLEN - 1);
aclient.name[MAXKTCREALMLEN-1] = '\0';
- strcpy(aclient.cell, CellName);
+ StringCbCopyN( aclient.cell, sizeof(aclient.cell),
+ CellName, sizeof(aclient.cell) - 1);
GetEnvironmentVariable(DO_NOT_REGISTER_VARNAME, NULL, 0);
if (GetLastError() == ERROR_ENVVAR_NOT_FOUND)
&aclient, &aserver, &atoken);
if ( smbname ) {
- strncpy(aclient.smbname, smbname, sizeof(aclient.smbname));
- aclient.smbname[sizeof(aclient.smbname)-1] = '\0';
+ StringCbCopyN( aclient.smbname, sizeof(aclient.smbname),
+ smbname, sizeof(aclient.smbname) - 1);
} else {
aclient.smbname[0] = '\0';
}
r = pkrb5_get_host_realm(ctx, cellconfig->hostName[0], &realmlist);
if ( !r && realmlist && realmlist[0] ) {
- strcpy(krbrlm, realmlist[0]);
+ StringCbCopyN( krbrlm, sizeof(krbrlm),
+ realmlist[0], sizeof(krbrlm) - 1);
pkrb5_free_host_realm(ctx, realmlist);
}
}
if (rc == 0) {
- strcpy(cellconfig->name, newcell);
+ StringCbCopyN( cellconfig->name, sizeof(cellconfig->name),
+ newcell, sizeof(cellconfig->name) - 1);
if (linkedcell[0])
cellconfig->linkedCell = strdup(linkedcell);
}
struct afsconf_cell *cc = (struct afsconf_cell *)cellconfig;
cc->hostAddr[cc->numServers] = *addrp;
- strcpy(cc->hostName[cc->numServers], namep);
+ StringCbCopyN( cc->hostName[cc->numServers], sizeof(cc->hostName[cc->numServers]),
+ namep, sizeof(cc->hostName[cc->numServers]) - 1);
cc->numServers++;
return(0);
}
else
errText = "Unknown error!";
- sprintf(message, "%s (0x%x)\n(%s failed)", errText, rc, FailedFunctionName);
+ StringCbPrintf(message, sizeof(message), "%s (0x%x)\n(%s failed)", errText, rc, FailedFunctionName);
if ( IsDebuggerPresent() ) {
OutputDebugString(message);
goto cleanup;
if ( strlen(pname) < *dwSize ) {
- strncpy(szUser, pname, *dwSize);
- szUser[*dwSize-1] = '\0';
+ StringCbCopyN(szUser, *dwSize, pname, (*dwSize) - 1);
success = 1;
}
*dwSize = (DWORD)strlen(pname);
if ( strlen(filename) + strlen(szLogonId) + 2 > sizeof(filename) )
return;
- strcat(filename, "\\");
- strcat(filename, szLogonId);
+ StringCbCat( filename, sizeof(filename), "\\");
+ StringCbCat( filename, sizeof(filename), szLogonId);
- strcat(cachename, filename);
+ StringCbCat( cachename, sizeof(cachename), filename);
DeleteFile(filename);
code = pkrb5_init_context(&ctx);
if (code) return 1;
- strcat(cachename, filename);
+ StringCbCat( cachename, sizeof(cachename), filename);
code = pkrb5_cc_resolve(ctx, cachename, &cc);
if (code) goto cleanup;