[OpenAFS-win32-devel] post m37 WINNT Patch
Matt Benjamin
matt@linuxbox.com
Sun, 11 Feb 2007 21:10:46 -0500
This is a multi-part message in MIME format.
--------------020104070301060203060504
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Hi Marcus,
The following builds to finale on 1.5.14/WINNT.
The patch has one bit that isn't really rxk5--the change touching
src/WINNT/client_creds/NTMakefile. I sent this part separately to
openafs-win32-devel.
The rest is mostly what you expect. Here's a rundown:
1. I made the env_afs_rxk5_default() call in src/WINNT/aklog look like
the src/aklog--is that correct
2. I used rxk5_utilafs to load krb5.h and rxk5_ntfixprotos as we discussed
3. I worked around your narrowing of the prototype for ktc_SetK5Token--I
am not trying to be annoying, just not sure if I can lose aclient
param--I had the Windows code passing smbname there, and that is needed
for integrated authentication (I think). If your revert this again, can
you suggest another approach?
4. I updated my bogus kerberos 1.4.4/3.1.0-b2 for Windows to have and
export Jeff Altmans new MIT decrypt ticket functions, and folded them
into the afs interface
Matt
--
Matt Benjamin
The Linux Box
206 South Fifth Ave. Suite 150
Ann Arbor, MI 48104
http://linuxbox.com
tel. 734-761-4689
fax. 734-769-8938
cel. 734-216-5309
--------------020104070301060203060504
Content-Type: text/plain;
name="afs-rxk5-r1514-m37-winnt.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="afs-rxk5-r1514-m37-winnt.patch"
Index: src/rxk5/rxk5_common.c
===================================================================
--- src/rxk5/rxk5_common.c (revision 1)
+++ src/rxk5/rxk5_common.c (working copy)
@@ -47,6 +47,7 @@
#endif
#include <rx/rx.h>
#include <rx/xdr.h>
+#include <afs/rxk5_utilafs.h>
#ifdef USING_SHISHI
#include <shishi.h>
#else
@@ -70,10 +71,6 @@
#include "rxk5errors.h"
#endif /* !kernel */
-#ifdef AFS_NT40_ENV
-#include "rxk5_ntfixprotos.h"
-#endif
-
krb5_context rxk5_context;
#ifdef AFS_PTHREAD_ENV
/* this mostly just protects setting rxk5_context. */
Index: src/rxk5/rxk5_client.c
===================================================================
--- src/rxk5/rxk5_client.c (revision 1)
+++ src/rxk5/rxk5_client.c (working copy)
@@ -43,6 +43,7 @@
#else
#include <rx/rx.h>
#include <rx/xdr.h>
+#include <afs/rxk5_utilafs.h>
#ifdef USING_SHISHI
#include <shishi.h>
#else
@@ -66,10 +67,6 @@
#include "rxk5errors.h"
#endif /* !kernel */
-#ifdef AFS_NT40_ENV
-#include "rxk5_ntfixprotos.h"
-#endif
-
#ifdef AFS_PTHREAD_ENV
extern pthread_mutex_t rxk5_cuid_mutex[1];
#define LOCK_CUID assert(!pthread_mutex_lock(rxk5_cuid_mutex))
Index: src/rxk5/rxk5_getkey.c
===================================================================
--- src/rxk5/rxk5_getkey.c (revision 1)
+++ src/rxk5/rxk5_getkey.c (working copy)
@@ -35,6 +35,7 @@
#include <afsconfig.h>
#include <rx/rx.h>
#include <rx/xdr.h>
+#include <afs/rxk5_utilafs.h>
#ifdef USING_SHISHI
#include <shishi.h>
#else
@@ -56,10 +57,6 @@
#include "rxk5c.h"
#include "rxk5errors.h"
-#ifdef AFS_NT40_ENV
-#include "rxk5_ntfixprotos.h"
-#endif
-
int rxk5_default_get_key(void *arg,
krb5_context context,
#ifdef USING_SHISHI
Index: src/rxk5/rxk5_ntfixprotos.h
===================================================================
--- src/rxk5/rxk5_ntfixprotos.h (revision 1)
+++ src/rxk5/rxk5_ntfixprotos.h (working copy)
@@ -129,6 +129,10 @@
#define krb5_encrypt_tkt_part afskfw_krb5_encrypt_tkt_part
#define encode_krb5_ticket afskfw_encode_krb5_ticket
+/* new jaltman functions */
+#define krb5_server_decrypt_ticket_keyblock afskfw_krb5_server_decrypt_ticket_keyblock
+#define krb5_server_decrypt_ticket_keytab afskfw_krb5_server_decrypt_ticket_keytab
+
/* Special */
#define krb5_server_decrypt_ticket afskfw_krb5_server_decrypt_ticket
Index: src/rxk5/rxk5_server.c
===================================================================
--- src/rxk5/rxk5_server.c (revision 1)
+++ src/rxk5/rxk5_server.c (working copy)
@@ -35,6 +35,7 @@
#include <afsconfig.h>
#include <rx/rx.h>
#include <rx/xdr.h>
+#include <afs/rxk5_utilafs.h>
#ifdef USING_SHISHI
#include <shishi.h>
#else
@@ -57,12 +58,10 @@
#include "rxk5errors.h"
#if defined(USING_MIT)
+#ifndef AFS_NT40_ENV
krb5_error_code krb5_server_decrypt_ticket_keyblock(krb5_context,
krb5_keyblock *, krb5_ticket *);
#endif
-
-#ifdef AFS_NT40_ENV
-#include "rxk5_ntfixprotos.h"
#endif
int
Index: src/WINNT/aklog/NTMakefile
===================================================================
--- src/WINNT/aklog/NTMakefile (revision 1)
+++ src/WINNT/aklog/NTMakefile (working copy)
@@ -28,8 +28,9 @@
EXELIBS = \
$(DESTDIR)\lib\afs\afspioctl.lib \
- $(DESTDIR)\lib\afsauthent.lib \
- $(DESTDIR)\lib\afs\afskauth.lib
+ $(DESTDIR)\lib\afsauthent.lib \
+ $(DESTDIR)\lib\afs\afskauth.lib \
+ $(DESTDIR)\lib\afskfw_funcs.lib
!IF "$(CPU)" == "IA64" || "$(CPU)" == "AMD64" || "$(CPU)" == "ALPHA64"
OTHERLIBS = \
Index: src/WINNT/aklog/aklog.c
===================================================================
--- src/WINNT/aklog/aklog.c (revision 1)
+++ src/WINNT/aklog/aklog.c (working copy)
@@ -55,6 +55,15 @@
#define DRIVECOLON ':' /* Drive letter separator */
#define BDIR '\\' /* Other character that divides directories */
+#ifdef AFS_RXK5
+afs_int32 ktc_SetK5TokenNt(krb5_context context,
+ struct ktc_principal *aserver,
+ struct ktc_principal *aclient,
+ krb5_creds* v5cred,
+ afs_int32 viceId,
+ afs_int32 flags);
+#endif
+
static int
readlink(char *path, char *buf, int buffers)
{
@@ -839,7 +848,7 @@
printf("Getting tokens.\n");
#ifdef AFS_RXK5
if(rxk5) {
- if ((status = ktc_SetK5Token(context, &aserver, &aclient, v5cred, viceId, FALSE /* afssetpag */))) {
+ if ((status = ktc_SetK5TokenNt(context, &aserver, &aclient, v5cred, viceId, FALSE /* afssetpag */))) {
fprintf(stderr,
"%s: unable to obtain tokens for cell %s (status: %d).\n",
progname, cell_to_use, status);
@@ -1183,7 +1192,7 @@
#ifdef AFS_RXK5
/* Select for rxk5 unless AFS_RXK5_DEFAULT envvar is not 1|yes */
- rxk5 = (env_afs_rxk5_default() & FORCE_SECOBJ) != FORCE_RXKAD;
+ rxk5 = !!(env_afs_rxk5_default() & FORCE_RXK5);
#endif
/* Parse commandline arguments and make list of what to do. */
Index: src/WINNT/client_creds/NTMakefile
===================================================================
--- src/WINNT/client_creds/NTMakefile (revision 1)
+++ src/WINNT/client_creds/NTMakefile (working copy)
@@ -50,7 +50,7 @@
CLIENTOBJS = \
$(OUT)\drivemap.obj \
- $(OUT)\RegistrySupport.obj
+ $(OUT)\RegistrySupport.obj
VCLIBS =\
iphlpapi.lib \
@@ -66,6 +66,7 @@
$(DESTDIR)\lib\afs\afspioctl.lib \
$(DESTDIR)\lib\libosi.lib \
$(DESTDIR)\lib\afs\TaLocale.lib \
+ $(DESTDIR)\lib\afs\TaAfsAppLib.lib \
$(DESTDIR)\lib\lanahelper.lib \
$(DESTDIR)\lib\afsrxkad.lib \
$(DESTDIR)\lib\afsdes.lib \
@@ -101,6 +102,9 @@
$(AFSDOBJS): $(AFSD)\$$(@B).c
$(C2OBJ) -I$(*D) $**
+$(AFSAPPLIBOBJS): $(AFSAPPLIB)\$$(@B).cpp
+ $(C2OBJ) -I$(*D) $**
+
$(EXEOBJS): $$(@B).cpp
$(C2OBJ) -I$(*D) -I$(AFSAPPLIB) $**
@@ -109,7 +113,7 @@
############################################################################
-$(EXEFILE) : $(EXEOBJS) $(EXECOBJS) $(EXERES) $(AFSDOBJS) $(CLIENTOBJS) $(EXELIBS)
+$(EXEFILE) : $(EXEOBJS) $(EXECOBJS) $(EXERES) $(AFSAPPLIBOBJS) $(AFSDOBJS) $(CLIENTOBJS) $(EXELIBS)
$(EXEGUILINK) $(VCLIBS)
$(_VC_MANIFEST_EMBED_EXE)
$(EXEPREP)
Index: src/WINNT/install/NSIS/OpenAFS.nsi
===================================================================
--- src/WINNT/install/NSIS/OpenAFS.nsi (revision 1)
+++ src/WINNT/install/NSIS/OpenAFS.nsi (working copy)
@@ -67,9 +67,9 @@
;General
!ifndef AFSIFS
!ifndef DEBUG
- OutFile "${AFS_DESTDIR}\WinInstall\OpenAFSforWindows.exe"
+ OutFile "${AFS_DESTDIR}\WinInstall\OpenAFSforWindows-Rxk5-1514-m37.exe"
!else
- OutFile "${AFS_DESTDIR}\WinInstall\OpenAFSforWindows-DEBUG.exe"
+ OutFile "${AFS_DESTDIR}\WinInstall\OpenAFSforWindows-Rxk5-1514-m37-DEBUG.exe"
!endif
!else
!ifndef DEBUG
Index: src/WINNT/afsd/afskfw_funcs.def
===================================================================
--- src/WINNT/afsd/afskfw_funcs.def (revision 1)
+++ src/WINNT/afsd/afskfw_funcs.def (working copy)
@@ -10,6 +10,8 @@
afskfw_krb5_c_random_make_octets
afskfw_krb5_free_ticket
afskfw_krb5_server_decrypt_ticket
+ afskfw_krb5_server_decrypt_ticket_keytab
+ afskfw_krb5_server_decrypt_ticket_keyblock
afskfw_cc_shutdown
afskfw_krb5_sname_to_principal
afskfw_krb5_c_block_size
Index: src/WINNT/afsd/afskfw_funcs.c
===================================================================
--- src/WINNT/afsd/afskfw_funcs.c (revision 1)
+++ src/WINNT/afsd/afskfw_funcs.c (working copy)
@@ -198,6 +198,8 @@
// Special rxk5
DECL_FUNC_PTR(krb5_server_decrypt_ticket);
+DECL_FUNC_PTR(krb5_server_decrypt_ticket_keytab);
+DECL_FUNC_PTR(krb5_server_decrypt_ticket_keyblock);
DECL_FUNC_PTR(krb5_encrypt_tkt_part);
DECL_FUNC_PTR(encode_krb5_ticket);
@@ -351,6 +353,8 @@
MAKE_FUNC_INFO(krb5_c_is_coll_proof_cksum),
MAKE_FUNC_INFO(krb5_c_valid_cksumtype),
MAKE_FUNC_INFO(krb5_server_decrypt_ticket),
+ MAKE_FUNC_INFO(krb5_server_decrypt_ticket_keytab),
+ MAKE_FUNC_INFO(krb5_server_decrypt_ticket_keyblock),
MAKE_FUNC_INFO(krb5_encrypt_tkt_part),
MAKE_FUNC_INFO(encode_krb5_ticket),
END_FUNC_INFO
@@ -1357,6 +1361,20 @@
return pkrb5_server_decrypt_ticket(context, key, ticket);
}
+krb5_error_code KRB5_CALLCONV
+afskfw_krb5_server_decrypt_ticket_keyblock(krb5_context context,
+ krb5_keyblock *key, krb5_ticket *ticket)
+{
+ return pkrb5_server_decrypt_ticket_keyblock(context, key, ticket);
+}
+
+krb5_error_code KRB5_CALLCONV
+afskfw_krb5_server_decrypt_ticket_keytab(krb5_context context,
+ krb5_keytab *kt, krb5_ticket *ticket)
+{
+ return pkrb5_server_decrypt_ticket_keytab(context, kt, ticket);
+}
+
krb5_error_code KRB5_CALLCONV
afskfw_krb5_encrypt_tkt_part
(krb5_context context,
Index: src/WINNT/afsd/afskfw_funcs.h
===================================================================
--- src/WINNT/afsd/afskfw_funcs.h (revision 1)
+++ src/WINNT/afsd/afskfw_funcs.h (working copy)
@@ -408,10 +408,18 @@
(krb5_cksumtype ctype);
/* special rxk5 */
-
krb5_error_code KRB5_CALLCONV
afskfw_krb5_server_decrypt_ticket(krb5_context context,
krb5_keyblock *key, krb5_ticket *ticket);
+krb5_error_code KRB5_CALLCONV
+krb5_server_decrypt_ticket_keyblock(krb5_context context,
+ const krb5_keyblock *key,
+ krb5_ticket *ticket);
+krb5_error_code KRB5_CALLCONV
+
+krb5_server_decrypt_ticket_keytab(krb5_context context,
+ const krb5_keytab kt,
+ krb5_ticket *ticket);
krb5_error_code KRB5_CALLCONV
afskfw_krb5_encrypt_tkt_part
(krb5_context context,
Index: src/WINNT/afsd/afsd_eventmessages.rc
===================================================================
--- src/WINNT/afsd/afsd_eventmessages.rc (revision 1)
+++ src/WINNT/afsd/afsd_eventmessages.rc (working copy)
@@ -1,2 +1,2 @@
-LANGUAGE 0x9,0x1
-1 11 MSG00409.bin
+LANGUAGE 0x9,0x1
+1 11 MSG00409.bin
Index: src/ptserver/NTMakefile
===================================================================
--- src/ptserver/NTMakefile (revision 1)
+++ src/ptserver/NTMakefile (working copy)
@@ -21,10 +21,9 @@
afscflags = $(KRB5CFLAGS) -I.. $(afscflags) $(kfwincflags)
RXK5LIBS = $(RXK5LIBS) \
- $(DESTDIR)\lib\afs\afspioctl.lib
+ $(DESTDIR)\lib\afs\afspioctl.lib \
+ $(DESTDIR)\lib\afskfw_funcs.lib \
-# todo: wax
-# $(DESTDIR)\lib\cm_config.obj
!ENDIF
Index: src/ptserver/pts.c
===================================================================
--- src/ptserver/pts.c (revision 1)
+++ src/ptserver/pts.c (working copy)
@@ -73,7 +73,7 @@
};
int
-Interactive(struct cmd_syndesc *as, char *arock)
+pts_Interactive(struct cmd_syndesc *as, char *arock)
{
finished = 0;
return 0;
@@ -1166,7 +1166,7 @@
cmd_AddParm(ts, "-groups", CMD_FLAG, CMD_OPTIONAL, "list group entries");
add_std_args(ts);
- ts = cmd_CreateSyntax("interactive", Interactive, 0,
+ ts = cmd_CreateSyntax("interactive", pts_Interactive, 0,
"enter interactive mode");
add_std_args(ts);
cmd_CreateAlias(ts, "in");
Index: src/auth/auth.p.h
===================================================================
--- src/auth/auth.p.h (revision 1)
+++ src/auth/auth.p.h (working copy)
@@ -27,6 +27,8 @@
extern int ktc_SetTokenEx(afs_token *);
int ktc_GetTokenEx(afs_int32, char *, afs_token **);
+int ktc_GetToken(struct ktc_principal *server, struct ktc_token *token,
+ int tokenLen, struct ktc_principal *client);
int ktc_ForgetAllTokens(void);
#ifdef RXK5_UTILAFS_H
afs_int32 ktc_SetK5Token(krb5_context,
Index: src/auth/rxk5_tkt.c
===================================================================
--- src/auth/rxk5_tkt.c (revision 1)
+++ src/auth/rxk5_tkt.c (working copy)
@@ -61,6 +61,7 @@
# include <syslog.h>
# endif
# include <errno.h>
+# include "rxk5_utilafs.h"
# if defined(USING_K5SSL)
# include "k5ssl.h"
# else /* !USING_K5SSL && !KERNEL */
Index: src/auth/rxk5_tkt.h
===================================================================
--- src/auth/rxk5_tkt.h (revision 1)
+++ src/auth/rxk5_tkt.h (working copy)
@@ -43,6 +43,8 @@
#include <afs/afs_token_protos.h>
#endif /* !KERNEL */
+#include <afs/rxk5_utilafs.h>
+
#ifdef AFS_RXK5
/* In-kernel creds */
typedef struct _rxk5_creds
Index: src/auth/ktc_nt.c
===================================================================
--- src/auth/ktc_nt.c (revision 1)
+++ src/auth/ktc_nt.c (working copy)
@@ -390,7 +390,7 @@
afs_int32 ktc_SetK5Token(context, aserver, aclient, v5cred, viceId, flags)
krb5_context context;
struct ktc_principal *aserver;
- struct ktc_principal * aclient;
+ struct ktc_principal * aclient;
krb5_creds* v5cred;
afs_int32 viceId;
afs_int32 flags;
@@ -423,6 +423,17 @@
return 0;
}
+afs_int32
+ktc_SetK5TokenNt(krb5_context context,
+ struct ktc_principal *aserver,
+ struct ktc_principal * aclient,
+ krb5_creds *v5cred,
+ afs_int32 viceId,
+ afs_int32 flags)
+{
+ return ktc_SetK5Token(context, aserver, v5cred, viceId, flags);
+}
+
#endif /* AFS_RXK5 */
int
Index: src/auth/rxk5_utilafs.h
===================================================================
--- src/auth/rxk5_utilafs.h (revision 1)
+++ src/auth/rxk5_utilafs.h (working copy)
@@ -44,8 +44,12 @@
#endif
#endif
#include <krb5.h>
+#ifdef AFS_NT40_ENV
+#include "rxk5_ntfixprotos.h"
+#include <afs/afskfw_funcs.h>
#endif
#endif
+#endif
/* Format a full path to the AFS keytab, caller must free */
char* get_afs_rxk5_keytab(char *confdir_name);
Index: src/libafsauthent/afsauthent.def
===================================================================
--- src/libafsauthent/afsauthent.def (revision 1)
+++ src/libafsauthent/afsauthent.def (working copy)
@@ -138,6 +138,7 @@
free_afs_token @133
afs_token_to_rxk5_creds @134
ktc_SetK5Token @135
- ktc_GetTokenEx @136
- ktc_SetTokenEx @137
+ ktc_SetK5TokenNt @136
+ ktc_GetTokenEx @137
+ ktc_SetTokenEx @138
--------------020104070301060203060504--