diff --git a/src/WINNT/client_creds/afskfw.c b/src/WINNT/client_creds/afskfw.c index 1603a37696..d64df2142c 100644 --- a/src/WINNT/client_creds/afskfw.c +++ b/src/WINNT/client_creds/afskfw.c @@ -797,7 +797,7 @@ KFW_AFS_find_principals_for_cell(krb5_context ctx, char * cell, char **principal next_map = next_map->next; } - if ( !principals ) + if ( !principals || !count ) return count; *principals = (char **) malloc(sizeof(char *) * count); @@ -999,37 +999,40 @@ KFW_import_ccache_data(void) && strcmp(pNCi[i]->name,LSA_CCNAME) ) { int found = 0; - krb5_ccache oldcc = 0; for ( j=0; pNCi[j]; j++ ) { if (!strcmp(pNCi[j]->name,pNCi[i]->principal)) { found = 1; break; } } - if (found) - continue; - - if ( IsDebuggerPresent() ) - OutputDebugString("copying ccache data to new ccache\n"); - + code = pkrb5_cc_resolve(ctx, pNCi[i]->principal, &cc); if (code) goto loop_cleanup; - code = pkrb5_parse_name(ctx, pNCi[i]->principal, &principal); - if (code) goto loop_cleanup; - code = pkrb5_cc_initialize(ctx, cc, principal); - if (code) goto loop_cleanup; - code = pkrb5_cc_resolve(ctx, pNCi[i]->name, &oldcc); - if (code) goto loop_cleanup; - code = pkrb5_cc_copy_creds(ctx,oldcc,cc); - if (code) { - code = pkrb5_cc_close(ctx,cc); - cc = 0; + + if (!found) { + krb5_ccache oldcc = 0; + + if ( IsDebuggerPresent() ) + OutputDebugString("copying ccache data to new ccache\n"); + + code = pkrb5_parse_name(ctx, pNCi[i]->principal, &principal); + if (code) goto loop_cleanup; + code = pkrb5_cc_initialize(ctx, cc, principal); + if (code) goto loop_cleanup; + + code = pkrb5_cc_resolve(ctx, pNCi[i]->name, &oldcc); + if (code) goto loop_cleanup; + code = pkrb5_cc_copy_creds(ctx,oldcc,cc); + if (code) { + code = pkrb5_cc_close(ctx,cc); + cc = 0; + code = pkrb5_cc_close(ctx,oldcc); + cc = 0; + KRB5_error(code, "krb5_cc_copy_creds", 0, NULL, NULL); + continue; + } code = pkrb5_cc_close(ctx,oldcc); - cc = 0; - KRB5_error(code, "krb5_cc_copy_creds", 0, NULL, NULL); - continue; - } - code = pkrb5_cc_close(ctx,oldcc); + } } else { code = pkrb5_cc_resolve(ctx, pNCi[i]->name, &cc); if (code) goto loop_cleanup; @@ -1129,11 +1132,13 @@ KFW_import_ccache_data(void) pkrb5_cc_close(ctx,cc); cc = 0; } + if (principal) { + pkrb5_free_principal(ctx,principal); + principal = 0; + } } cleanup: - if (principal) - pkrb5_free_principal(ctx,principal); if (ctx) pkrb5_free_context(ctx); if (pNCi) @@ -1189,7 +1194,7 @@ KFW_AFS_get_cred(char * username, *realm = '\0'; realm++; } - if ( !realm[0] ) + if ( !realm || !realm[0] ) realm = afs_realm_of_cell(&cellconfig); // do not free if ( IsDebuggerPresent() ) { @@ -1475,6 +1480,13 @@ KFW_AFS_renew_token_for_cell(char * cell) if (code) goto cleanup; count = KFW_AFS_find_principals_for_cell(ctx, cell, &principals, TRUE); + if ( count == 0 ) { + // We know we must have a credential somewhere since we are + // trying to renew a token + + KFW_import_ccache_data(); + count = KFW_AFS_find_principals_for_cell(ctx, cell, &principals, TRUE); + } if ( count > 0 ) { krb5_principal princ = 0; krb5_principal service = 0; @@ -2384,102 +2396,6 @@ KFW_AFS_unlog(void) return(0); } - -#define TKTLIFENUMFIXED 64 -#define TKTLIFEMINFIXED 0x80 -#define TKTLIFEMAXFIXED 0xBF -#define TKTLIFENOEXPIRE 0xFF -#define MAXTKTLIFETIME (30*24*3600) /* 30 days */ -#ifndef NEVERDATE -#define NEVERDATE ((unsigned long)0x7fffffffL) -#endif - -static int no_long_lifetimes = 0; -typedef unsigned long u_int32_t; - -static const int tkt_lifetimes[TKTLIFENUMFIXED] = { - 38400, /* 10.67 hours, 0.44 days */ - 41055, /* 11.40 hours, 0.48 days */ - 43894, /* 12.19 hours, 0.51 days */ - 46929, /* 13.04 hours, 0.54 days */ - 50174, /* 13.94 hours, 0.58 days */ - 53643, /* 14.90 hours, 0.62 days */ - 57352, /* 15.93 hours, 0.66 days */ - 61318, /* 17.03 hours, 0.71 days */ - 65558, /* 18.21 hours, 0.76 days */ - 70091, /* 19.47 hours, 0.81 days */ - 74937, /* 20.82 hours, 0.87 days */ - 80119, /* 22.26 hours, 0.93 days */ - 85658, /* 23.79 hours, 0.99 days */ - 91581, /* 25.44 hours, 1.06 days */ - 97914, /* 27.20 hours, 1.13 days */ - 104684, /* 29.08 hours, 1.21 days */ - 111922, /* 31.09 hours, 1.30 days */ - 119661, /* 33.24 hours, 1.38 days */ - 127935, /* 35.54 hours, 1.48 days */ - 136781, /* 37.99 hours, 1.58 days */ - 146239, /* 40.62 hours, 1.69 days */ - 156350, /* 43.43 hours, 1.81 days */ - 167161, /* 46.43 hours, 1.93 days */ - 178720, /* 49.64 hours, 2.07 days */ - 191077, /* 53.08 hours, 2.21 days */ - 204289, /* 56.75 hours, 2.36 days */ - 218415, /* 60.67 hours, 2.53 days */ - 233517, /* 64.87 hours, 2.70 days */ - 249664, /* 69.35 hours, 2.89 days */ - 266926, /* 74.15 hours, 3.09 days */ - 285383, /* 79.27 hours, 3.30 days */ - 305116, /* 84.75 hours, 3.53 days */ - 326213, /* 90.61 hours, 3.78 days */ - 348769, /* 96.88 hours, 4.04 days */ - 372885, /* 103.58 hours, 4.32 days */ - 398668, /* 110.74 hours, 4.61 days */ - 426234, /* 118.40 hours, 4.93 days */ - 455705, /* 126.58 hours, 5.27 days */ - 487215, /* 135.34 hours, 5.64 days */ - 520904, /* 144.70 hours, 6.03 days */ - 556921, /* 154.70 hours, 6.45 days */ - 595430, /* 165.40 hours, 6.89 days */ - 636601, /* 176.83 hours, 7.37 days */ - 680618, /* 189.06 hours, 7.88 days */ - 727680, /* 202.13 hours, 8.42 days */ - 777995, /* 216.11 hours, 9.00 days */ - 831789, /* 231.05 hours, 9.63 days */ - 889303, /* 247.03 hours, 10.29 days */ - - 950794, /* 264.11 hours, 11.00 days */ - - 1016537, /* 282.37 hours, 11.77 days */ - - 1086825, /* 301.90 hours, 12.58 days */ - - 1161973, /* 322.77 hours, 13.45 days */ - - 1242318, /* 345.09 hours, 14.38 days */ - - 1328218, /* 368.95 hours, 15.37 days */ - - 1420057, /* 394.46 hours, 16.44 days */ - - 1518247, /* 421.74 hours, 17.57 days */ - - 1623226, /* 450.90 hours, 18.79 days */ - - 1735464, /* 482.07 hours, 20.09 days */ - - 1855462, /* 515.41 hours, 21.48 days */ - - 1983758, /* 551.04 hours, 22.96 days */ - - 2120925, /* 589.15 hours, 24.55 days */ - - 2267576, /* 629.88 hours, 26.25 days */ - - 2424367, /* 673.44 hours, 28.06 days */ - - 2592000}; /* 720.00 hours, 30.00 days */ - - int KFW_AFS_klog( krb5_context alt_ctx, @@ -2800,16 +2716,27 @@ KFW_AFS_klog( aclient.name[len] = '\0'; if ( k5creds->client->length > 1 ) { - len = min(k5creds->client->data[1].length,MAXKTCNAMELEN - 1); - strncpy(aclient.instance, k5creds->client->data[1].data, len); - aclient.instance[len] = '\0'; - } else - aclient.instance[0] = '\0'; - len = min(k5creds->client->realm.length,MAXKTCNAMELEN - 1); - for ( i=0; iclient->realm.data[i]); - } - aclient.cell[len] = '\0'; + char * p; + strcat(aclient.name, "."); + p = aclient.name + strlen(aclient.name); + len = min(k5creds->client->data[1].length,MAXKTCNAMELEN - strlen(aclient.name) - 1); + strncpy(p, k5creds->client->data[1].data, len); + p[len] = '\0'; + } + aclient.instance[0] = '\0'; + + strcpy(aclient.cell, realm_of_cell); + + len = min(k5creds->client->realm.length,strlen(realm_of_cell)); + if ( strncmp(realm_of_cell, k5creds->client->realm.data, len) ) { + char * p; + strcat(aclient.name, "@"); + p = aclient.name + strlen(aclient.name); + len = min(k5creds->client->realm.length,MAXKTCNAMELEN - strlen(aclient.name) - 1); + strncpy(p, k5creds->client->realm.data, len); + p[len] = '\0'; + } + aclient.smbname[0] = '\0'; rc = pktc_SetToken(&aserver, &atoken, &aclient, 0); @@ -2907,8 +2834,22 @@ KFW_AFS_klog( // * we were comparing whether identical tokens already existed. strncpy(aclient.name, creds.pname, MAXKTCNAMELEN - 1); - strcpy(aclient.instance, creds.pinst); - strncpy(aclient.cell, creds.realm, MAXKTCREALMLEN - 1); + if (creds.pinst[0]) + { + strncat(aclient.name, ".", MAXKTCNAMELEN - 1); + strncat(aclient.name, creds.pinst, MAXKTCNAMELEN - 1); + } + strcpy(aclient.instance, ""); + + if ( strcmp(realm_of_cell, creds.realm) ) + { + char * p; + strncat(aclient.name, "@", MAXKTCNAMELEN - 1); + strncpy(aclient.name, creds.realm, MAXKTCREALMLEN - 1); + } + aclient.name[MAXKTCREALMLEN-1] = '\0'; + + strcpy(aclient.cell, CellName); if (rc = pktc_SetToken(&aserver, &atoken, &aclient, 0)) {