/* C K O A T H . C -- Authentication for Kermit 95 Copyright (C) 1998, 2004, Trustees of Columbia University in the City of New York. Author: Jeffrey E Altman (jaltman@secure-endpoints.com) Secure Endpoints Inc., New York City */ #include "ckcdeb.h" #ifdef CK_AUTHENTICATION #define CKOATH_C #include "ckcker.h" #include "ckuusr.h" #include "ckucmd.h" /* For struct keytab */ #include "ckcnet.h" #include "ckctel.h" #ifdef CK_DES #ifdef CK_SSL #ifndef LIBDES #define LIBDES #endif /* LIBDES */ #endif /* CK_SSL */ #endif /* CK_DES */ #ifdef CRYPT_DLL #ifndef LIBDES #define LIBDES #endif /* LIBDES */ #ifdef OS2 #ifdef NT #include #define SECURITY_WIN32 #include #ifndef NTLMSP_NAME_A #define NTLMSP_NAME_A "NTLM" #endif /* NTLMSP_NAME_A */ #else /* NT */ #define INCL_DOSMODULEMGR #include #endif /* NT */ #endif /* OS2 */ #endif /* CRYPT_DLL */ #include "ckosyn.h" #ifdef NT #define KRB5_AUTOCONF__ #define NTLM #endif /* NT */ #ifndef CK_KERBEROS #ifdef KRB4 #undef KRB4 #endif /* KRB4 */ #ifdef KRB5 #undef KRB5 #endif /* KRB5 */ #ifdef KRB524 #undef KRB524 #endif /* KRB524 */ #endif /* CK_KERBEROS */ #include #include #include #include #include #include #ifdef KRB5 #include "krb5.h" #include "profile.h" #include "com_err.h" #ifdef KRB5_GET_INIT_CREDS_OPT_TKT_LIFE #define KRB5_HAVE_GET_INIT_CREDS #else #define krb5_free_unparsed_name(con,val) krb5_xfree((char *)(val)) #endif #ifndef KRB5_HAVE_GET_INIT_CREDS #define krb5_free_data_contents(c,v) krb5_xfree((char *)(v)->data) #endif #endif /* KRB5 */ #ifdef KRB4 #define des_cblock Block #define des_key_schedule Schedule #ifdef NT #define _WINDOWS #include "kerberosIV/krb.h" #else /* NT */ #ifdef KRB524 #include "kerberosIV/krb.h" _PROTOTYP(const char * krb_get_err_text_entry, (int)); #else /* KRB524 */ #include "krb.h" #define krb_get_err_text_entry krb_get_err_text #endif /* KRB524 */ #endif /* NT */ #else /* KRB4 */ #ifdef CK_SSL #define des_cblock Block #define des_key_schedule Schedule #endif /* CK_SSL */ #endif /* KRB4 */ #include "ckuath.h" #ifdef CK_KERBEROS #ifndef KRB5 #define NOBLOCKDEF #endif /* KRB5 */ #ifdef KRB524 #define NOBLOCKDEF #endif /* KRB524 */ #endif /* CK_KERBEROS */ #include "ckuat2.h" #ifdef CK_SSL #ifdef LIBDES #ifndef HEADER_DES_H #define HEADER_DES_H #endif /* HEADER_DES_H */ #endif /* LIBDES */ #include "ck_ssl.h" #endif /* SSL */ #ifdef CK_SRP #include #include #include #endif /* CK_SRP */ #ifdef OS2 #ifdef CK_ENCRYPTION #define MAP_DES #endif /* CK_ENCRYPTION */ #ifdef KRB4 #define MAP_KRB4 #endif /* KRB4 */ #ifdef SRPDLL #define MAP_SRP #endif /* SRPDLL */ #ifdef KRB5 #define MAP_KRB5 #endif /* KRB5 */ #ifdef CRYPT_DLL #define MAP_CRYPT #endif /* CRYPT_DLL */ #define MAP_NTLM #include "ckoath.h" extern char tn_msg[], hexbuf[]; /* from ckcnet.c */ extern int deblog, debses, tn_deb; extern int authentication_version; extern int auth_type_user[AUTHTYPLSTSZ]; extern int auth_how; extern int auth_crypt; extern int auth_fwd; extern int accept_complete; #define AUTHTMPBL 2048 static char strTmp[AUTHTMPBL+1]; extern char szUserNameRequested[UIDBUFLEN+1]; /* for incoming connections */ extern char szUserNameAuthenticated[UIDBUFLEN+1];/* for incoming connections */ extern char szHostName[UIDBUFLEN+1]; #ifdef CK_ENCRYPTION extern int encrypt_flag; #endif #ifdef KRB5 extern krb5_context k5_context; extern char * krb5_d_principal; /* Default principal */ extern char * krb5_d_instance; /* Default instance */ extern char * krb5_d_realm; /* Default realm */ extern char * krb5_d_cc; /* Default credentials cache */ extern char * krb5_d_srv; /* Default service name */ extern int krb5_d_lifetime; /* Default lifetime */ extern int krb5_d_forwardable; extern int krb5_d_proxiable; extern int krb5_d_renewable; extern int krb5_autoget; extern int krb5_checkaddrs; extern int krb5_d_getk4; extern int krb5_d_no_addresses; extern char * krb5_d_addrs[]; extern int krb5_errno; extern char * krb5_errmsg; #endif /* KRB5 */ #ifdef KRB4 extern char * krb4_d_principal; /* Default principal */ extern char * krb4_d_realm; /* Default realm */ extern char * krb4_d_srv; /* Default service name */ extern int krb4_d_lifetime; /* Default lifetime */ extern int krb4_d_preauth; extern char * krb4_d_instance; extern int krb4_autoget; extern int krb4_checkaddrs; extern char * k4_keytab; extern int krb4_errno; extern char * krb4_errmsg; #endif /* KRB4 */ #ifdef CK_KERBEROS #define CHECKADDRS #endif /* CK_KERBEROS */ #ifdef OS2ONLY #ifdef KRB5_CALLCONV #undef KRB5_CALLCONV #define KRB5_CALLCONV __cdecl #endif #ifdef KRB5_CALLCONV_C #undef KRB5_CALLCONV_C #endif #define KRB5_CALLCONV_C __cdecl #endif #ifndef KRB5_CALLCONV #define KRB5_CALLCONV __stdcall #endif /* KRB5_CALLCONV */ #ifndef KRB5_CALLCONV_C #define KRB5_CALLCONV_C __cdecl #endif /* KRB5_CALLCONV_C */ #ifdef OS2ONLY static char fail[_MAX_PATH]; #endif /* OS2ONLY */ int copy_for_net(unsigned char *to, unsigned char *from, int c); #ifdef SRPDLL /* These functions are located in DLLs which we are not linking to at */ /* compile time. Therefore, we have to redirect them to locally */ /* defined functions which will call the real thing only if they are */ /* available via Run-Time Linking. */ /* From SRP.DLL: unresolved external symbol _t_clientresponse unresolved external symbol _t_clientgetkey unresolved external symbol _t_clientpasswd unresolved external symbol _t_clientgenexp unresolved external symbol _t_clientopen unresolved external symbol _t_clientverify */ static unsigned char * (*p_t_clientresponse)(struct t_client *)=NULL; static unsigned char * (*p_t_clientgetkey)(struct t_client *, struct t_num *)=NULL; static void (*p_t_clientpasswd)(struct t_client *, char *)=NULL; static struct t_num * (*p_t_clientgenexp)(struct t_client *)=NULL; static struct t_client * (*p_t_clientopen) (const char *, struct t_num *, struct t_num *, struct t_num *)=NULL; static int (*p_t_clientverify)(struct t_client *, unsigned char *)=NULL; unsigned char * ck_t_clientresponse(struct t_client * client) { if ( p_t_clientresponse ) return(p_t_clientresponse(client)); else return(NULL); } unsigned char * ck_t_clientgetkey(struct t_client * client, struct t_num * num) { if ( p_t_clientgetkey ) return(p_t_clientgetkey(client,num)); return(NULL); } void ck_t_clientpasswd(struct t_client * client, char * pwd) { if ( p_t_clientpasswd ) p_t_clientpasswd(client,pwd); } struct t_num * ck_t_clientgenexp(struct t_client * client) { if ( p_t_clientgenexp ) return(p_t_clientgenexp(client)); else return(NULL); } struct t_client * ck_t_clientopen(const char * str, struct t_num * A, struct t_num * B, struct t_num * C) { if ( p_t_clientopen ) return(p_t_clientopen(str,A,B,C)); else return(NULL); } int ck_t_clientverify(struct t_client * client, unsigned char * str) { if ( p_t_clientverify ) return(p_t_clientverify(client,str)); else return(0); } #endif /* SRPDLL */ #ifdef KRB4 /* These functions are located in DLLs which we are not linking to at */ /* compile time. Therefore, we have to redirect them to locally */ /* defined functions which will call the real thing only if they are */ /* available via Run-Time Linking. */ /* From KRB4_32.DLL: unresolved external symbol __imp__krb_get_err_text@4 unresolved external symbol __imp__krb_get_cred@16 unresolved external symbol __imp__krb_mk_req@20 unresolved external symbol __imp__krb_realmofhost@4 unresolved external symbol __imp__krb_get_phost@4 unresolved external symbol _des_ecb_encrypt unresolved external symbol __imp__des_key_sched@8 unresolved external symbol _des_new_random_key unresolved external symbol _des_set_random_generator_seed Note: kerberosiv/krb.h contains a reference to errno which must be renamed to compile under Windows NT with errno.h unresolved external symbol __imp__krb_get_pw_in_tkt@28 unresolved external symbol __imp__krb_get_pw_in_tkt_preauth@28 unresolved external symbol __imp__krb_get_lrealm@8 unresolved external symbol __imp__krb_get_err_text@4 unresolved external symbol __imp__kname_parse@16 unresolved external symbol __imp__dest_tkt unresolved external symbol __imp__krb_get_tf_realm@8 Leash specific (not defined in Kerberos V/KerberosIV include files unresolved external symbol _tf_get_cred unresolved external symbol _tf_get_pinst unresolved external symbol _tf_get_pname unresolved external symbol _tf_close unresolved external symbol _tf_init unresolved external symbol _tkt_string C:\kerberos\leash\KRB4\INCLUDE\KRB.H int tf_get_pname(char*); int tf_get_pinst(char*); int tf_get_cred(CREDENTIALS*); void tf_close(void); int tf_init(char *,int); char * tkt_string(void); int krb_check_serv(char *); Added when we put in server side support: unresolved external symbol __imp__kuserok@8 unresolved external symbol _krb_kntoln unresolved external symbol __imp__krb_rd_req@24 */ /* these were all KRB5_CALLCONV */ static const char * (KRB5_CALLCONV * p_krb_get_err_text_entry)(int _errno)=NULL; static int (KRB5_CALLCONV_C * p_krb_get_cred)(char *service, char *instance, char *realm, CREDENTIALS *c)=NULL; static int (KRB5_CALLCONV * p_krb_mk_req)(KTEXT authent, char *service, char *instance, char *realm, KRB4_32 checksum)=NULL; static char * (KRB5_CALLCONV * p_krb_realmofhost)(char *host)=NULL; static char * (KRB5_CALLCONV_C * p_krb_get_phost)(char *alias)=NULL; static int (KRB5_CALLCONV_C * p_krb_get_pw_in_tkt) (char *user, char *instance, char *realm, char *service, char *sinstance, int life, char *password)=NULL; static int (KRB5_CALLCONV_C * p_krb_get_pw_in_tkt_preauth) (char *user, char *instance, char *realm, char *service, char *sinstance, int life, char *password)=NULL; static int (KRB5_CALLCONV_C * p_krb_get_lrealm)(char *realm, int index)=NULL; static const char * (KRB5_CALLCONV * p_krb_get_err_text)(int _errno)=NULL; static int (KRB5_CALLCONV_C * p_kname_parse)(char *name, char *inst, char *realm,char *fullname)=NULL; static int (KRB5_CALLCONV_C * p_dest_tkt)(void)=NULL; static int (KRB5_CALLCONV_C * p_tf_get_pname)(char*)=NULL; static int (KRB5_CALLCONV_C * p_tf_get_pinst)(char*)=NULL; static int (KRB5_CALLCONV_C * p_tf_get_cred)(CREDENTIALS*)=NULL; static void (KRB5_CALLCONV_C * p_tf_close)(void)=NULL; static int (KRB5_CALLCONV_C * p_tf_init)(char *,int)=NULL; static char * (KRB5_CALLCONV_C * p_tkt_string)(void)=NULL; static int (KRB5_CALLCONV_C * p_krb_get_tf_realm)(char *ticket_file, char *realm)=NULL; static int (KRB5_CALLCONV_C * p_krb_get_tf_fullname)(char *ticket_file, char *name, char *inst, char *realm)=NULL; static int (KRB5_CALLCONV_C * p_krb_check_serv)(char * service)=NULL; static int (KRB5_CALLCONV_C * p_kuserok)(AUTH_DAT *kdata, char *luser)=NULL; static int (KRB5_CALLCONV_C * p_k95_k4_userok)( const char * princ_name, const char * princ_inst, const char * princ_realm, const char * local_realm, const char *luser)=NULL; static int (KRB5_CALLCONV_C * p_krb_kntoln)(AUTH_DAT *kdata, char *luser)=NULL; static int (KRB5_CALLCONV_C * p_k95_k4_princ_to_userid)( const char * princ_name, const char * princ_inst, const char * princ_realm, const char * local_realm, char *luser, int len)=NULL; static int (KRB5_CALLCONV_C * p_krb_rd_req)(KTEXT, char *service, char *inst, unsigned KRB4_32 from_addr, AUTH_DAT *, char *srvtab)=NULL; static int (KRB5_CALLCONV * p_krb_sendauth)(long,int,KTEXT,CHAR *,CHAR *,CHAR *, unsigned long,MSG_DAT *,CREDENTIALS *, Key_schedule *, struct sockaddr_in *,struct sockaddr_in *, CHAR *)=NULL; static int (KRB5_CALLCONV_C * p_set_krb_debug)(int)=NULL; static int (KRB5_CALLCONV_C * p_set_krb_ap_req_debug)(int)=NULL; static long (KRB5_CALLCONV_C *p_krb_mk_safe)(char * in, char * out, unsigned long length, C_Block block, struct sockaddr_in * sender, struct sockaddr_in * receiver)=NULL; static long (KRB5_CALLCONV_C *p_krb_mk_priv)(char * in, char * out, unsigned long length, Schedule sched, C_Block block, struct sockaddr_in * sender, struct sockaddr_in * receiver)=NULL; static long (KRB5_CALLCONV_C *p_krb_rd_priv)(char * in, unsigned long in_length, Schedule sched, C_Block block, struct sockaddr_in * sender, struct sockaddr_in * receiver, MSG_DAT * m_data)=NULL; static long (KRB5_CALLCONV_C *p_krb_rd_safe)(char * in, unsigned long in_length, C_Block block, struct sockaddr_in * sender, struct sockaddr_in * receiver, MSG_DAT * m_data)=NULL; static int (KRB5_CALLCONV_C *p_krb_in_tkt)(char *, char *, char *)=NULL; static int (KRB5_CALLCONV_C *p_krb_save_credentials)(char *, char *, char *, C_Block, int, int, KTEXT, long)=NULL; int ck_krb_in_tkt(char *a, char *b, char *c) { if ( p_krb_in_tkt ) return(p_krb_in_tkt(a,b,c)); else return(KFAILURE); } int ck_krb_save_credentials(char *a, char *b, char *c, C_Block block, int n, int m, KTEXT k, long l) { if ( p_krb_save_credentials ) return(p_krb_save_credentials(a,b,c,block,n,m,k,l)); else return(KFAILURE); } const char * ck_krb_get_err_text_entry(int _errno) { if (_errno == -1 ) return("Function not supported by Kerberos installation"); if ( p_krb_get_err_text_entry ) return(p_krb_get_err_text_entry(_errno)); if ( p_krb_get_err_text ) return(p_krb_get_err_text(_errno)); else return(""); } int ck_krb_get_cred(char *service, char *instance, char *realm, LEASH_CREDENTIALS *c) { if ( p_krb_get_cred ) return(p_krb_get_cred(service,instance,realm,(CREDENTIALS *)c)); else return(-1); } int ck_krb_mk_req(KTEXT authent, char *service, char *instance, char *realm, KRB4_32 checksum) { if ( p_krb_mk_req ) return(p_krb_mk_req(authent,service, instance,realm,checksum)); else return(-1); } char * ck_krb_realmofhost(char *host) { debug(F110,"ck_krb_realmofhost",host,0); if ( p_krb_realmofhost ) return(p_krb_realmofhost(host)); else return(""); } char * ck_krb_get_phost(char *alias) { if ( p_krb_get_phost ) return(p_krb_get_phost(alias)); else return(""); } int ck_krb_get_pw_in_tkt( char *user, char *instance, char *realm, char *service, char *sinstance, int life, char *password) { if ( p_krb_get_pw_in_tkt ) return(p_krb_get_pw_in_tkt(user,instance,realm,service, sinstance,life,password)); else return(-1); } int ck_krb_get_pw_in_tkt_preauth( char *user, char *instance, char *realm, char *service, char *sinstance, int life, char *password) { if ( p_krb_get_pw_in_tkt_preauth ) return(p_krb_get_pw_in_tkt_preauth(user,instance,realm,service, sinstance,life,password)); else return(-1); } int ck_krb_get_lrealm(char *realm, int index) { if ( p_krb_get_lrealm ) return(p_krb_get_lrealm(realm,index)); else return(-1); } const char * ck_krb_get_err_text(int _errno) { if ( p_krb_get_err_text ) return(p_krb_get_err_text(_errno)); if ( p_krb_get_err_text_entry ) return(p_krb_get_err_text_entry(_errno)); else return(""); } int ck_kname_parse(char *name, char *inst, char *realm,char *fullname) { if ( p_kname_parse ) return(p_kname_parse(name,inst,realm,fullname)); return(-1); } int ck_dest_tkt(void) { if ( p_dest_tkt ) return(p_dest_tkt()); else return(-1); } int ck_tf_get_pname(char* pname) { if ( p_tf_get_pname ) return(p_tf_get_pname(pname)); else return(-1); } int ck_tf_get_pinst(char* pinst) { if ( p_tf_get_pinst ) return(p_tf_get_pinst(pinst)); else return(-1); } int ck_tf_get_cred(LEASH_CREDENTIALS* cred) { if ( p_tf_get_cred ) return(p_tf_get_cred((CREDENTIALS *)cred)); else return(-1); } void ck_tf_close(void) { if ( p_tf_close ) p_tf_close(); } int ck_tf_init(char * p,int n) { if ( p_tf_init ) return(p_tf_init(p,n)); else return(-1); } char * ck_tkt_string(void) { if ( p_tkt_string ) return(p_tkt_string()); else return(""); } int ck_krb_get_tf_realm(char *ticket_file, char *realm) { if ( p_krb_get_tf_realm ) return(p_krb_get_tf_realm(ticket_file,realm)); else return(-1); } int ck_krb_get_tf_fullname(char *tf, char * name, char * inst, char *realm) { if ( p_krb_get_tf_fullname ) return(p_krb_get_tf_fullname(tf,name,inst,realm)); else return(-1); } int ck_krb_check_serv(char * service) { if ( p_krb_check_serv ) return(p_krb_check_serv(service)); else return(-1); } static char lrealm[REALM_SZ] = ""; int ck_kuserok(AUTH_DAT *kdata, char *luser) { if ( p_k95_k4_userok ) { ckstrncpy(lrealm,ck_krb4_getrealm(),REALM_SZ); return(p_k95_k4_userok(kdata->pname, kdata->pinst, kdata->prealm, lrealm, luser)); } else if ( p_kuserok ) return(p_kuserok(kdata,luser)); else { return(stricmp(luser,kdata->pname)); } } int ck_krb_kntoln(AUTH_DAT *kdata, char *luser) { if ( p_k95_k4_princ_to_userid ) { if (krb_get_lrealm(lrealm,1) == KFAILURE) lrealm[0] = '\0'; return(p_k95_k4_princ_to_userid(kdata->pname, kdata->pinst, kdata->prealm, lrealm, luser, ANAME_SZ)); } else if ( p_krb_kntoln ) return(p_krb_kntoln(kdata,luser)); else { if (krb_get_lrealm(lrealm,1) == KFAILURE) return(KFAILURE); if (strcmp(kdata->pinst,"")) return(KFAILURE); if (strcmp(kdata->prealm,lrealm)) return(KFAILURE); (void) ckstrncpy(luser,kdata->pname,ANAME_SZ); return(KSUCCESS); } } int ck_krb_rd_req(KTEXT authent, char *service, char *inst, unsigned int from_addr, AUTH_DAT * adat, char *srvtab) { if ( p_krb_rd_req ) return(p_krb_rd_req(authent, service, inst, from_addr, adat, srvtab)); else return(-1); } int ck_krb_sendauth(long opts, int socket, KTEXT ticket, CHAR * service, CHAR * hostname, CHAR * realm, unsigned long pid, MSG_DAT * msg_dat, LEASH_CREDENTIALS * cred, Schedule * sched, struct sockaddr_in * l_addr, struct sockaddr_in * r_addr, CHAR * str) { if ( p_krb_sendauth ) return(p_krb_sendauth(opts,socket,ticket,service,hostname, realm,pid, msg_dat, (CREDENTIALS *)cred, sched, l_addr, r_addr, str)); else return(-1); } int ck_set_krb_debug(int x) { if ( p_set_krb_debug ) return(p_set_krb_debug(x)); else return(0); } int ck_set_krb_ap_req_debug(int x) { if ( p_set_krb_ap_req_debug ) return(p_set_krb_ap_req_debug(x)); else return(0); } long ck_krb_mk_safe(char * in, char * out, unsigned long length, C_Block block, struct sockaddr_in * sender, struct sockaddr_in * receiver) { if ( p_krb_mk_safe ) return(p_krb_mk_safe(in,out,length,block,sender,receiver)); else return(-1); } long ck_krb_mk_priv(char * in, char * out, unsigned long length, Schedule sched, C_Block block, struct sockaddr_in * sender, struct sockaddr_in * receiver) { if ( p_krb_mk_priv ) return(p_krb_mk_priv(in,out,length,sched,block,sender,receiver)); else return(-1); } long ck_krb_rd_priv(char * in, unsigned long in_length, Schedule sched, C_Block block, struct sockaddr_in * sender, struct sockaddr_in * receiver, MSG_DAT * m_data) { if ( p_krb_rd_priv ) return(p_krb_rd_priv(in, in_length,sched, block, sender, receiver, m_data)); else return(-1); } long ck_krb_rd_safe(char * in, unsigned long in_length, C_Block block, struct sockaddr_in * sender, struct sockaddr_in * receiver, MSG_DAT * m_data) { if ( p_krb_rd_safe ) return(p_krb_rd_safe(in, in_length, block, sender, receiver,m_data)); else return(-1); } #endif /* KRB4 */ #ifdef KRB5 /* These functions are located in DLLs which we are not linking to at */ /* compile time. Therefore, we have to redirect them to locally */ /* defined functions which will call the real thing only if they are */ /* available via Run-Time Linking. */ /* From COMERR32.DLL unresolved external symbol __imp__com_err unresolved external symbol __imp__error_message@4 From KRB5_32.DLL: unresolved external symbol __imp__krb5_free_creds@8 unresolved external symbol __imp__krb5_copy_keyblock@12 unresolved external symbol __imp__krb5_free_keyblock@8 unresolved external symbol __imp__krb5_auth_con_getlocalsubkey@12 unresolved external symbol __imp__krb5_mk_req_extended@24 unresolved external symbol __imp__krb5_auth_con_setflags@12 unresolved external symbol __imp__krb5_auth_con_init@8 unresolved external symbol __imp__krb5_auth_con_free@8 unresolved external symbol __imp__krb5_get_credentials@20 unresolved external symbol __imp__krb5_free_cred_contents@8 unresolved external symbol __imp__krb5_sname_to_principal@20 unresolved external symbol __imp__krb5_cc_default@8 unresolved external symbol __imp__krb5_free_ap_rep_enc_part@8 unresolved external symbol __imp__krb5_rd_rep@16 unresolved external symbol __imp__krb5_get_in_tkt_with_keytab@36 unresolved external symbol __imp__krb5_get_in_tkt_with_password@36 unresolved external symbol __imp__krb5_read_password@20 unresolved external symbol __imp__krb5_build_principal_ext unresolved external symbol __imp__krb5_unparse_name@12 unresolved external symbol __imp__krb5_parse_name@12 unresolved external symbol __imp__krb5_cc_resolve@12 unresolved external symbol __imp__krb5_string_to_timestamp@8 unresolved external symbol __imp__krb5_kt_resolve@12 unresolved external symbol __imp__krb5_string_to_deltat@8 unresolved external symbol __imp__krb5_timeofday@8 unresolved external symbol __imp__krb5_get_credentials_renew@20 unresolved external symbol __imp__krb5_get_credentials_validate@20 unresolved external symbol __imp__krb5_copy_principal@12 unresolved external symbol __imp__krb5_timestamp_to_sfstring@16 unresolved external symbol __imp__krb5_kt_default@8 unresolved external symbol __imp__krb5_free_ticket@8 unresolved external symbol _decode_krb5_ticket These were added when Server Side functionality was added: unresolved external symbol __imp__krb5_auth_con_getremotesubkey@12 unresolved external symbol __imp__krb5_mk_rep@12 unresolved external symbol __imp__krb5_free_authenticator@8 unresolved external symbol __imp__krb5_verify_checksum@28 unresolved external symbol __imp__krb5_auth_con_getkey@12 unresolved external symbol __imp__krb5_auth_con_getauthenticator@12 unresolved external symbol __imp__krb5_rd_req@28 unresolved external symbol _krb5_auth_con_setrcache unresolved external symbol _krb5_get_server_rcache unresolved external symbol _krb5_auth_con_getrcache unresolved external symbol __imp__krb5_free_tgt_creds@8 unresolved external symbol __imp__krb5_rd_cred@20 These were added for 7.1.198 so we can support hardware preauth __imp__krb5_get_init_creds_password@36 __imp__krb5_get_init_creds_opt_set_address_list@8 __imp__krb5_get_renewed_creds@20 __imp__krb5_get_validated_creds@20 __imp__krb5_get_init_creds_opt_set_tkt_life@8 __imp__krb5_get_init_creds_opt_set_forwardable@8 __imp__krb5_get_init_creds_opt_set_proxiable@8 __imp__krb5_get_init_creds_opt_set_renew_life@8 __imp__krb5_get_init_creds_opt_init@4 These were added 7-17-2000 __imp__krb5_cc_get_principal@12 __imp__krb5_cc_store_cred@12 __imp__krb5_cc_initialize@12 __imp__krb5_cc_destroy@8 __imp__krb5_cc_end_seq_get@12 __imp__krb5_cc_next_cred@16 __imp__krb5_cc_start_seq_get@12 __imp__krb5_cc_get_type __imp__krb5_cc_get_name@8 __imp__krb5_cc_set_flags@12 */ static void (KRB5_CALLCONV * p_com_err)(const char *, errcode_t, const char *, ...)=NULL; static void (KRB5_CALLCONV * p_com_err_va) (const char *, errcode_t, const char *, va_list)=NULL; static const char * (KRB5_CALLCONV *p_error_message)(errcode_t)=NULL; static void (KRB5_CALLCONV *p_krb5_free_creds)(krb5_context, krb5_creds*)=NULL; static void (KRB5_CALLCONV *p_krb5_free_data)(krb5_context, krb5_data *)=NULL; static void (KRB5_CALLCONV *p_krb5_free_data_contents)(krb5_context, krb5_data *)=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_copy_keyblock)(krb5_context, krb5_const krb5_keyblock *, krb5_keyblock * *)=NULL; static void (KRB5_CALLCONV *p_krb5_free_keyblock) (krb5_context, krb5_keyblock *)=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_auth_con_getlocalsubkey)(krb5_context, krb5_auth_context, krb5_keyblock * *)=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_mk_req_extended) (krb5_context, krb5_auth_context *, krb5_const krb5_flags, krb5_data *, krb5_creds *, krb5_data * )=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_mk_req) (krb5_context, krb5_auth_context *, krb5_const krb5_flags, char *, char *, krb5_data *, krb5_ccache, krb5_data * )=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_auth_con_setflags) (krb5_context, krb5_auth_context, krb5_int32)=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_auth_con_init) (krb5_context, krb5_auth_context *)=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_auth_con_free) (krb5_context, krb5_auth_context)=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_get_credentials)(krb5_context, krb5_const krb5_flags, krb5_ccache, krb5_creds *, krb5_creds * *)=NULL; static void (KRB5_CALLCONV *p_krb5_free_cred_contents)(krb5_context, krb5_creds *)=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_sname_to_principal)(krb5_context, krb5_const char *, krb5_const char *, krb5_int32, krb5_principal *)=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_cc_default)(krb5_context, krb5_ccache *)=NULL; static void (KRB5_CALLCONV *p_krb5_free_ap_rep_enc_part)(krb5_context, krb5_ap_rep_enc_part *)=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_rd_rep)(krb5_context, krb5_auth_context, krb5_const krb5_data *, krb5_ap_rep_enc_part * *)=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_init_context)(krb5_context *)=NULL; static void (KRB5_CALLCONV *p_krb5_free_context)(krb5_context)=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_init_ets)(krb5_context)=NULL; static void (KRB5_CALLCONV *p_krb5_free_principal) P((krb5_context, krb5_principal ))=NULL; static void (KRB5_CALLCONV *p_krb5_free_unparsed_name) P((krb5_context, char *))=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_fwd_tgt_creds)P((krb5_context, krb5_auth_context, char *, krb5_principal, krb5_principal, krb5_ccache, int forwardable, krb5_data *))=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_auth_con_genaddrs)P((krb5_context, krb5_auth_context, int, int))=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_get_host_realm)P((krb5_context, const char *, char ***))=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_free_host_realm)P((krb5_context, char **))=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_get_in_tkt_with_keytab)P((krb5_context, krb5_const krb5_flags, krb5_address * krb5_const *, krb5_enctype *, krb5_preauthtype *, krb5_const krb5_keytab, krb5_ccache, krb5_creds *, krb5_kdc_rep ** ))=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_get_in_tkt_with_password)P((krb5_context, krb5_const krb5_flags, krb5_address * krb5_const *, krb5_enctype *, krb5_preauthtype *, krb5_const char *, krb5_ccache, krb5_creds *, krb5_kdc_rep **))=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_read_password)P((krb5_context, const char *, const char *, char *, int * ))=NULL; static krb5_error_code (KRB5_CALLCONV_C *p_krb5_build_principal_ext)P((krb5_context, krb5_principal *, int, krb5_const char *, ...))=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_unparse_name)P((krb5_context, krb5_const_principal, char ** ))=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_parse_name)P((krb5_context, krb5_const char *, krb5_principal *))=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_cc_resolve)P((krb5_context, char *, krb5_ccache *))=NULL; static const char * (KRB5_CALLCONV *p_krb5_cc_default_name)P((krb5_context))=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_string_to_timestamp)P((char *, krb5_timestamp *))=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_kt_resolve)P((krb5_context, krb5_const char *, krb5_keytab *))=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_string_to_deltat)P((char *, krb5_deltat *))=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_timeofday)P((krb5_context, krb5_int32 *))=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_get_credentials_renew)P((krb5_context, krb5_const krb5_flags, krb5_ccache, krb5_creds *, krb5_creds **))=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_get_credentials_validate)P((krb5_context, krb5_const krb5_flags, krb5_ccache, krb5_creds *, krb5_creds **))=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_copy_principal)P((krb5_context, krb5_const_principal, krb5_principal *))=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_timestamp_to_sfstring)P((krb5_timestamp, char *, size_t, char *))=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_kt_default)P((krb5_context, krb5_keytab *))=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_free_ticket)P((krb5_context, krb5_ticket *))=NULL; static krb5_error_code (KRB5_CALLCONV_C *p_decode_krb5_ticket)P((const krb5_data *code, krb5_ticket **rep))=NULL; static krb5_error_code (KRB5_CALLCONV *p_cygnus_decode_krb5_ticket)P((const krb5_data *code, krb5_ticket **rep))=NULL; #ifdef CHECKADDRS static krb5_error_code (KRB5_CALLCONV *p_krb5_os_localaddr)P((krb5_context con, krb5_address *** ppp))=NULL; static krb5_boolean (KRB5_CALLCONV_C *p_krb5_address_search)P((krb5_context con, krb5_const krb5_address * p, krb5_address * krb5_const * pp))=NULL; static void (KRB5_CALLCONV * p_krb5_free_addresses)P((krb5_context con, krb5_address ** pp))=NULL; #endif /* CHECKADDRS */ static krb5_error_code (KRB5_CALLCONV * p_krb5_auth_con_getremotesubkey)P((krb5_context, krb5_auth_context, krb5_keyblock **)) = NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_mk_rep)P((krb5_context, krb5_auth_context, krb5_data *))=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_free_authenticator)P((krb5_context, krb5_authenticator *))=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_verify_checksum) P((krb5_context context, krb5_const krb5_cksumtype ctype, krb5_const krb5_checksum * cksum, krb5_const krb5_pointer in, krb5_const size_t in_length, krb5_const krb5_pointer seed, krb5_const size_t seed_length))=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_auth_con_getkey) P((krb5_context, krb5_auth_context, krb5_keyblock **))=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_auth_con_getauthenticator) P((krb5_context, krb5_auth_context, krb5_authenticator **))=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_rd_req) P((krb5_context, krb5_auth_context *, krb5_const krb5_data *, krb5_const_principal, krb5_keytab, krb5_flags *, krb5_ticket **))=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_auth_con_setrcache) P((krb5_context, krb5_auth_context, krb5_rcache))=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_get_server_rcache) P((krb5_context, krb5_const krb5_data *, krb5_rcache *))=NULL; static krb5_error_code (KRB5_CALLCONV_C * p_krb5_auth_con_getrcache) P((krb5_context, krb5_auth_context, krb5_rcache *))=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_free_tgt_creds) P((krb5_context, krb5_creds ** ))=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_rd_cred) P((krb5_context,krb5_auth_context,krb5_data *, krb5_creds ***, krb5_replay_data *))=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_c_enctype_compare) P((krb5_context, krb5_enctype, krb5_enctype, krb5_boolean *))=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_free_error) P((krb5_context, krb5_error *))=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_sendauth) P((krb5_context, krb5_auth_context *, krb5_pointer, char *, krb5_principal, krb5_principal, krb5_flags, krb5_data *, krb5_creds *, krb5_ccache, krb5_error **, krb5_ap_rep_enc_part **, krb5_creds **))=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_process_key) P((krb5_context, krb5_encrypt_block *, const krb5_keyblock *))=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_use_enctype) P((krb5_context, krb5_encrypt_block *, const krb5_enctype))=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_encrypt) P((krb5_context context, krb5_const krb5_pointer inptr, krb5_pointer outptr, krb5_const size_t size, krb5_encrypt_block * eblock, krb5_pointer ivec))=NULL; static size_t (KRB5_CALLCONV * p_krb5_encrypt_size) P((krb5_const size_t length, krb5_enctype crypto))=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_decrypt) P((krb5_context context, krb5_const krb5_pointer inptr, krb5_pointer outptr, krb5_const size_t size, krb5_encrypt_block * eblock, krb5_pointer ivec))=NULL; static krb5_boolean (KRB5_CALLCONV * p_krb5_kuserok) P((krb5_context context,krb5_principal princ, const char * p))=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_aname_to_localname) P((krb5_context context, krb5_const_principal aname, const int lnsize, char *lname))=NULL; static int (KRB5_CALLCONV_C * p_k95_k5_userok) P((const char * princ_name, const char * princ_inst, const char * princ_realm, const char * local_realm, const char * userid))=NULL; static int (KRB5_CALLCONV_C * p_k95_k5_principal_to_localname) P((const char * princ_name, const char * local_realm, char * userid, int len))=NULL; static void (KRB5_CALLCONV_C * p_krb5_appdefault_boolean) P((krb5_context,const char *,const krb5_data *,const char *, int,int * ))=NULL; static void (KRB5_CALLCONV_C * p_krb5_appdefault_string) P((krb5_context,const char *,const krb5_data *,const char *, char ** ))=NULL; static void (KRB5_CALLCONV * p_krb5_get_init_creds_opt_init) P((krb5_get_init_creds_opt *opt))=NULL; static void (KRB5_CALLCONV * p_krb5_get_init_creds_opt_set_tkt_life) P((krb5_get_init_creds_opt *opt, krb5_deltat tkt_life))=NULL; static void (KRB5_CALLCONV * p_krb5_get_init_creds_opt_set_renew_life) P((krb5_get_init_creds_opt *opt, krb5_deltat renew_life))=NULL; static void (KRB5_CALLCONV * p_krb5_get_init_creds_opt_set_forwardable) P((krb5_get_init_creds_opt *opt, int forwardable))=NULL; static void (KRB5_CALLCONV * p_krb5_get_init_creds_opt_set_proxiable) P((krb5_get_init_creds_opt *opt, int proxiable))=NULL; static void (KRB5_CALLCONV * p_krb5_get_init_creds_opt_set_etype_list) P((krb5_get_init_creds_opt *opt, krb5_enctype *etype_list, int etype_list_length))=NULL; static void (KRB5_CALLCONV * p_krb5_get_init_creds_opt_set_address_list) P((krb5_get_init_creds_opt *opt, krb5_address **addresses))=NULL; static void (KRB5_CALLCONV * p_krb5_get_init_creds_opt_set_preauth_list) P((krb5_get_init_creds_opt *opt, krb5_preauthtype *preauth_list, int preauth_list_length))=NULL; static void (KRB5_CALLCONV * p_krb5_get_init_creds_opt_set_salt) P((krb5_get_init_creds_opt *opt, krb5_data *salt))=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_get_init_creds_password) P((krb5_context context, krb5_creds *creds, krb5_principal client, char *password, krb5_prompter_fct prompter, void *data, krb5_deltat start_time, char *in_tkt_service, krb5_get_init_creds_opt *options))=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_get_init_creds_keytab) P((krb5_context context, krb5_creds *creds, krb5_principal client, krb5_keytab arg_keytab, krb5_deltat start_time, char *in_tkt_service, krb5_get_init_creds_opt *options))=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_get_validated_creds) P((krb5_context context, krb5_creds *creds, krb5_principal client, krb5_ccache ccache, char *in_tkt_service))=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_get_renewed_creds) P((krb5_context context, krb5_creds *creds, krb5_principal client, krb5_ccache ccache, char *in_tkt_service))=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_rd_safe) P((krb5_context, krb5_auth_context, krb5_const krb5_data *, krb5_data *, krb5_replay_data *))=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_mk_safe) P((krb5_context, krb5_auth_context, krb5_const krb5_data *, krb5_data *, krb5_replay_data *))=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_rd_priv) P((krb5_context, krb5_auth_context, krb5_const krb5_data *, krb5_data *, krb5_replay_data *))=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_mk_priv) P((krb5_context, krb5_auth_context, krb5_const krb5_data *, krb5_data *, krb5_replay_data *))=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_auth_con_setuseruserkey) P((krb5_context, krb5_auth_context, krb5_keyblock *))=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_get_profile) P((krb5_context, profile_t *))=NULL; static long (KRB5_CALLCONV *p_profile_get_relation_names) P((profile_t profile, const char **names, char ***ret_names))=NULL; static long (KRB5_CALLCONV *p_profile_get_subsection_names) P((profile_t profile, const char **names, char ***ret_names))=NULL; static void (KRB5_CALLCONV *p_krb5_free_keyblock_contents) P((krb5_context, krb5_keyblock FAR *))=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_c_encrypt) P((krb5_context context, krb5_const krb5_keyblock *key, krb5_keyusage usage, krb5_const krb5_data *ivec, krb5_const krb5_data *input, krb5_enc_data *output))=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_c_decrypt) P((krb5_context context, krb5_const krb5_keyblock *key, krb5_keyusage usage, krb5_const krb5_data *ivec, krb5_const krb5_enc_data *input, krb5_data *output))=NULL; static krb5_error_code (KRB5_CALLCONV *p_krb5_c_block_size) P((krb5_context context, krb5_enctype enctype, size_t *blocksize))=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_c_make_random_key) P((krb5_context context, krb5_enctype enctype, krb5_keyblock *random_key))=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_c_random_seed) P((krb5_context context, krb5_data *data))=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_c_encrypt_length) P((krb5_context context, krb5_enctype enctype, size_t inputlen, size_t *length))=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_kt_default_name) P((krb5_context context, char *, int))=NULL; static char * (KRB5_CALLCONV * p_krb5_cc_get_name ) (krb5_context context, krb5_ccache cache)=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_cc_gen_new ) (krb5_context context, krb5_ccache *cache)=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_cc_initialize) (krb5_context context, krb5_ccache cache, krb5_principal principal)=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_cc_destroy ) (krb5_context context, krb5_ccache cache)=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_cc_close ) (krb5_context context, krb5_ccache cache)=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_cc_store_cred ) (krb5_context context, krb5_ccache cache, krb5_creds *creds)=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_cc_retrieve_cred ) (krb5_context context, krb5_ccache cache, krb5_flags flags, krb5_creds *mcreds, krb5_creds *creds)=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_cc_get_principal ) (krb5_context context, krb5_ccache cache, krb5_principal *principal)=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_cc_start_seq_get ) (krb5_context context, krb5_ccache cache, krb5_cc_cursor *cursor)=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_cc_next_cred ) (krb5_context context, krb5_ccache cache, krb5_cc_cursor *cursor, krb5_creds *creds)=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_cc_end_seq_get ) (krb5_context context, krb5_ccache cache, krb5_cc_cursor *cursor)=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_cc_remove_cred ) (krb5_context context, krb5_ccache cache, krb5_flags flags, krb5_creds *creds)=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_cc_set_flags ) (krb5_context context, krb5_ccache cache, krb5_flags flags)=NULL; static const char * (KRB5_CALLCONV * p_krb5_cc_get_type ) (krb5_context context, krb5_ccache cache)=NULL; static const char * (KRB5_CALLCONV * p_krb5_kt_get_type ) (krb5_context context, krb5_keytab)=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_kt_get_name) (krb5_context, krb5_keytab, char *, int)=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_kt_close) (krb5_context, krb5_keytab)=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_kt_get_entry) (krb5_context, krb5_keytab, krb5_principal, krb5_kvno, krb5_enctype, krb5_keytab_entry *)=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_kt_start_seq_get) (krb5_context, krb5_keytab, krb5_kt_cursor *)=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_kt_next_entry) (krb5_context, krb5_keytab, krb5_keytab_entry *, krb5_kt_cursor *)=NULL; static krb5_error_code (KRB5_CALLCONV * p_krb5_kt_end_seq_get) (krb5_context, krb5_keytab, krb5_kt_cursor *)=NULL; static krb5_error_code (KRB5_CALLCONV_C * p_krb5_build_principal) (krb5_context, krb5_principal *, unsigned int, krb5_const char *, ...)=NULL; static int (KRB5_CALLCONV_C *p_krb524_init_ets)(krb5_context context)=NULL; static int (KRB5_CALLCONV_C *p_krb524_convert_creds_kdc)(krb5_context context, krb5_creds *v5creds, CREDENTIALS *v4creds)=NULL; const char * ck_error_message(errcode_t ec) { if ( ec == 0 ) return("OK"); else if ( ec == -1 ) return("Entry point not found in Dynamic Link Library"); else if ( p_error_message ) return(p_error_message(ec)); else return ckitoa(ec); } void ck_com_err(const char * s1, errcode_t ec, const char * s2, ...) { va_list ap; const char * msg= NULL; va_start( ap, s2 ); msg = error_message(ec); ckmakxmsg(tn_msg,TN_MSG_LEN, (char *)(s1?s1:""), (char *)(s1?" ":""), (char *)msg, (char *)(s2?" ":""), (char *)(s2?s2:""), NULL,NULL,NULL,NULL,NULL,NULL,NULL); debug(F111,"KERBEROS",tn_msg,ec); ckmakmsg(tn_msg,TN_MSG_LEN,"?Kerberos 5 error: ",(char *)msg,s2?" ":"",(char *)(s2?s2:"")); if (tn_deb || debses) tn_debug(tn_msg); printf("%s\n",tn_msg); } void ck_krb5_free_creds(krb5_context CO, krb5_creds * CR) { if ( p_krb5_free_creds ) p_krb5_free_creds(CO,CR); } void ck_krb5_free_data(krb5_context CO, krb5_data * data) { if ( p_krb5_free_data ) p_krb5_free_data(CO,data); } void ck_krb5_free_data_contents(krb5_context CO, krb5_data * data) { if ( p_krb5_free_data_contents ) p_krb5_free_data_contents(CO,data); } krb5_error_code ck_krb5_copy_keyblock(krb5_context CO, krb5_const krb5_keyblock * pKB, krb5_keyblock ** ppKB) { if ( p_krb5_copy_keyblock ) return(p_krb5_copy_keyblock(CO,pKB,ppKB)); else return KRB5KRB_ERR_GENERIC; } void ck_krb5_free_keyblock (krb5_context CO, krb5_keyblock * pKB) { if ( p_krb5_free_keyblock ) p_krb5_free_keyblock(CO,pKB); } krb5_error_code ck_krb5_auth_con_getlocalsubkey(krb5_context CO, krb5_auth_context ACO, krb5_keyblock ** ppKB) { if ( p_krb5_auth_con_getlocalsubkey ) return(p_krb5_auth_con_getlocalsubkey(CO,ACO,ppKB)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_mk_req_extended (krb5_context CO, krb5_auth_context * pACO, krb5_const krb5_flags F, krb5_data * pD1, krb5_creds * pC, krb5_data * pD2) { if ( p_krb5_mk_req_extended ) return(p_krb5_mk_req_extended(CO,pACO,F,pD1,pC,pD2)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_mk_req(krb5_context CO, krb5_auth_context *pACO, krb5_const krb5_flags F, char * s1, char * s2, krb5_data * pD1, krb5_ccache pC, krb5_data * pD2) { if ( p_krb5_mk_req ) return(p_krb5_mk_req(CO,pACO,F,s1,s2,pD1,pC,pD2)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_auth_con_setflags (krb5_context CO, krb5_auth_context ACO, krb5_int32 I) { if ( p_krb5_auth_con_setflags ) return(p_krb5_auth_con_setflags(CO,ACO,I)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_auth_con_init(krb5_context CO, krb5_auth_context * pACO) { if ( p_krb5_auth_con_init ) return(p_krb5_auth_con_init(CO,pACO)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_auth_con_free (krb5_context CO, krb5_auth_context ACO) { if ( p_krb5_auth_con_free ) return(p_krb5_auth_con_free(CO,ACO)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_get_credentials(krb5_context CO, krb5_const krb5_flags F, krb5_ccache CC, krb5_creds * pCR, krb5_creds ** ppCR) { if ( p_krb5_get_credentials ) return(p_krb5_get_credentials(CO,F,CC,pCR,ppCR)); else return KRB5KRB_ERR_GENERIC; } void ck_krb5_free_cred_contents(krb5_context CO, krb5_creds * pCR) { if ( p_krb5_free_cred_contents ) p_krb5_free_cred_contents(CO,pCR); } krb5_error_code ck_krb5_sname_to_principal(krb5_context CO, krb5_const char * pC1, krb5_const char * pC2, krb5_int32 I, krb5_principal * pPR) { if ( p_krb5_sname_to_principal ) return(p_krb5_sname_to_principal(CO,pC1,pC2,I,pPR)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_cc_default(krb5_context CO, krb5_ccache * pCC) { if ( p_krb5_cc_default ) return(p_krb5_cc_default(CO,pCC)); else return KRB5KRB_ERR_GENERIC; } void ck_krb5_free_ap_rep_enc_part(krb5_context CO, krb5_ap_rep_enc_part * pAP) { if ( p_krb5_free_ap_rep_enc_part ) p_krb5_free_ap_rep_enc_part(CO,pAP); } krb5_error_code ck_krb5_rd_rep(krb5_context CO, krb5_auth_context AC, krb5_const krb5_data * pD, krb5_ap_rep_enc_part ** ppAP) { if ( p_krb5_rd_rep ) return(p_krb5_rd_rep(CO,AC,pD,ppAP)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_init_context(krb5_context * pCO) { if ( p_krb5_init_context ) return(p_krb5_init_context(pCO)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_init_ets(krb5_context CO) { if ( p_krb5_init_ets ) return(p_krb5_init_ets(CO)); else return KRB5KRB_ERR_GENERIC; } void ck_krb5_free_context(krb5_context CO) { if ( p_krb5_free_context ) p_krb5_free_context(CO); } void ck_krb5_free_principal(krb5_context c, krb5_principal p) { if ( p_krb5_free_principal ) p_krb5_free_principal(c,p); } void ck_krb5_free_unparsed_name(krb5_context c, char * p) { if ( p_krb5_free_unparsed_name ) p_krb5_free_unparsed_name(c,p); else free(p); } krb5_error_code ck_krb5_fwd_tgt_creds(krb5_context con, krb5_auth_context acon, char * ptr, krb5_principal prin1, krb5_principal prin2, krb5_ccache cc, int fwd, krb5_data * data) { if ( p_krb5_fwd_tgt_creds ) return(p_krb5_fwd_tgt_creds(con,acon,ptr, prin1,prin2,cc,fwd,data)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_auth_con_genaddrs(krb5_context con, krb5_auth_context acon, int n, int m) { if ( p_krb5_auth_con_genaddrs ) return(p_krb5_auth_con_genaddrs(con,acon,n,m)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_get_host_realm(krb5_context con, const char * host, char *** realm) { if ( p_krb5_get_host_realm ) return(p_krb5_get_host_realm(con,host,realm)); else { if ( realm ) *realm = NULL; return KRB5KRB_ERR_GENERIC; } } krb5_error_code ck_krb5_free_host_realm(krb5_context con, char ** realmlist) { if ( p_krb5_free_host_realm ) return(p_krb5_free_host_realm(con,realmlist)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_get_in_tkt_with_keytab(krb5_context con, krb5_const krb5_flags flags, krb5_address * krb5_const * addr, krb5_enctype * enc, krb5_preauthtype * preauth, krb5_const krb5_keytab kt, krb5_ccache cc, krb5_creds * creds, krb5_kdc_rep ** rep) { if ( p_krb5_get_in_tkt_with_keytab ) return(p_krb5_get_in_tkt_with_keytab(con,flags,addr,enc,preauth, kt,cc,creds,rep)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_get_in_tkt_with_password(krb5_context con, krb5_const krb5_flags flags, krb5_address * krb5_const * addr, krb5_enctype * enc, krb5_preauthtype * preauth, krb5_const char * sz, krb5_ccache cc, krb5_creds * creds, krb5_kdc_rep ** rep) { if ( p_krb5_get_in_tkt_with_password ) return(p_krb5_get_in_tkt_with_password(con,flags,addr,enc, preauth,sz,cc,creds,rep)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_read_password(krb5_context con, const char * sz1, const char * sz2, char * sz3, int * pI) { if ( p_krb5_read_password ) return(p_krb5_read_password(con,sz1,sz2,sz3,pI)); else return KRB5KRB_ERR_GENERIC; } /* We can only due this because we know how many parameters */ /* we are going to use in the module. */ krb5_error_code ck_krb5_build_principal_ext(krb5_context con, krb5_principal * princ, int n, krb5_const char * sz, int n2, krb5_const char * sz2, int n3, krb5_const char * sz3, ...) { if ( p_krb5_build_principal_ext ) return(p_krb5_build_principal_ext(con,princ,n,sz,n2,sz2,n3,sz3,0)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_unparse_name(krb5_context con, krb5_const_principal princ, char ** psz) { if ( p_krb5_unparse_name ) return(p_krb5_unparse_name(con,princ,psz)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_parse_name(krb5_context con, krb5_const char * sz, krb5_principal * princ) { if ( p_krb5_parse_name ) return(p_krb5_parse_name(con,sz,princ)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_cc_resolve(krb5_context con, char * sz, krb5_ccache * cc) { if ( p_krb5_cc_resolve ) return(p_krb5_cc_resolve(con,sz,cc)); else return KRB5KRB_ERR_GENERIC; } const char * ck_krb5_cc_default_name(krb5_context con) { if ( p_krb5_cc_default_name ) return(p_krb5_cc_default_name(con)); else return NULL; } krb5_error_code ck_krb5_string_to_timestamp(char * sz, krb5_timestamp * ts) { if ( p_krb5_string_to_timestamp ) return(p_krb5_string_to_timestamp(sz,ts)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_kt_resolve(krb5_context con, krb5_const char * sz, krb5_keytab * kt) { if ( p_krb5_kt_resolve ) return(p_krb5_kt_resolve(con,sz,kt)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_string_to_deltat(char * sz, krb5_deltat * dt) { if ( p_krb5_string_to_deltat ) return(p_krb5_string_to_deltat(sz,dt)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_timeofday(krb5_context con, krb5_int32 * pN) { if ( p_krb5_timeofday ) return(p_krb5_timeofday(con,pN)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_get_credentials_renew(krb5_context con, krb5_const krb5_flags flags, krb5_ccache cc, krb5_creds * pCreds, krb5_creds ** ppCreds) { if ( p_krb5_get_credentials_renew ) return(p_krb5_get_credentials_renew(con,flags,cc,pCreds,ppCreds)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_get_credentials_validate(krb5_context con, krb5_const krb5_flags flags, krb5_ccache cc, krb5_creds * pCreds, krb5_creds ** ppCreds) { if ( p_krb5_get_credentials_validate ) return(p_krb5_get_credentials_validate(con,flags,cc,pCreds,ppCreds)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_copy_principal(krb5_context con, krb5_const_principal princ, krb5_principal * pPrinc) { if ( p_krb5_copy_principal ) return(p_krb5_copy_principal(con,princ,pPrinc)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_timestamp_to_sfstring(krb5_timestamp ts, char * sz1, size_t size, char * sz2) { if ( p_krb5_timestamp_to_sfstring ) return(p_krb5_timestamp_to_sfstring(ts,sz1,size,sz2)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_kt_default(krb5_context con, krb5_keytab * kt) { if ( p_krb5_kt_default ) return(p_krb5_kt_default(con,kt)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_free_ticket(krb5_context con, krb5_ticket * kt) { if ( p_krb5_free_ticket ) return(p_krb5_free_ticket(con,kt)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_decode_krb5_ticket(const krb5_data *code, krb5_ticket **rep) { if ( p_decode_krb5_ticket ) return(p_decode_krb5_ticket(code,rep)); else if ( p_cygnus_decode_krb5_ticket ) return(p_cygnus_decode_krb5_ticket(code,rep)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_os_localaddr(krb5_context con, krb5_address *** ppp) { if ( p_krb5_os_localaddr ) return(p_krb5_os_localaddr(con,ppp)); else return KRB5KRB_ERR_GENERIC; } BOOL ck_krb5_address_compare(krb5_context context, const krb5_address *addr1, const krb5_address *addr2) { if( addr1->addrtype != addr2->addrtype ) return(FALSE); if( addr1->length != addr2->length ) return(FALSE); if( memcmp((char *)addr1->contents,(char *)addr2->contents, addr1->length)) return FALSE; else return TRUE; } krb5_boolean ck_krb5_address_search(krb5_context context, krb5_const krb5_address * addr, krb5_address * krb5_const * addrlist) { if ( p_krb5_address_search ) return(p_krb5_address_search(context,addr,addrlist)); else { if( !addrlist ) return TRUE; for( ; *addrlist ; addrlist++ ) { if( ck_krb5_address_compare(context, addr, *addrlist) ) return TRUE; } } return FALSE; } void ck_krb5_free_addresses(krb5_context con, krb5_address ** pp) { if ( p_krb5_free_addresses ) p_krb5_free_addresses(con,pp); } krb5_error_code ck_krb5_auth_con_getremotesubkey(krb5_context con, krb5_auth_context acon, krb5_keyblock ** keyb) { if ( p_krb5_auth_con_getremotesubkey ) return(p_krb5_auth_con_getremotesubkey(con,acon,keyb)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_mk_rep(krb5_context con, krb5_auth_context auth_con, krb5_data * data) { if ( p_krb5_mk_rep ) return(p_krb5_mk_rep(con,auth_con, data)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_free_authenticator(krb5_context con, krb5_authenticator * pauth) { if ( p_krb5_free_authenticator ) return(p_krb5_free_authenticator(con,pauth)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_verify_checksum(krb5_context context, krb5_const krb5_cksumtype ctype, krb5_const krb5_checksum * cksum, krb5_const krb5_pointer in, krb5_const size_t in_length, krb5_const krb5_pointer seed, krb5_const size_t seed_length) { if ( p_krb5_verify_checksum ) return(p_krb5_verify_checksum(context, ctype, cksum, in, in_length, seed, seed_length)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_auth_con_getkey(krb5_context con, krb5_auth_context acon, krb5_keyblock ** ppkeyb) { if ( p_krb5_auth_con_getkey ) return(p_krb5_auth_con_getkey(con,acon,ppkeyb)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_auth_con_getauthenticator(krb5_context con, krb5_auth_context acon, krb5_authenticator ** ppauth) { if ( p_krb5_auth_con_getauthenticator ) return(p_krb5_auth_con_getauthenticator(con,acon,ppauth)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_rd_req(krb5_context con, krb5_auth_context * pacon, krb5_const krb5_data * data, krb5_const_principal princ, krb5_keytab keytab, krb5_flags * flags, krb5_ticket ** pptkt) { if ( p_krb5_rd_req ) return(p_krb5_rd_req(con,pacon,data,princ,keytab,flags,pptkt)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_auth_con_setrcache(krb5_context con, krb5_auth_context acon, krb5_rcache rcache) { if ( p_krb5_auth_con_setrcache ) return(p_krb5_auth_con_setrcache(con,acon,rcache)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_get_server_rcache(krb5_context con, krb5_const krb5_data * data, krb5_rcache * rcache) { if ( p_krb5_get_server_rcache ) return(p_krb5_get_server_rcache(con,data,rcache)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_auth_con_getrcache(krb5_context con, krb5_auth_context acon, krb5_rcache * prcache) { if ( p_krb5_auth_con_getrcache ) return(p_krb5_auth_con_getrcache(con,acon, prcache)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_free_tgt_creds(krb5_context con, krb5_creds ** ppcreds) { if ( p_krb5_free_tgt_creds ) return(p_krb5_free_tgt_creds(con,ppcreds)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_rd_cred(krb5_context con, krb5_auth_context acon, krb5_data * data, krb5_creds *** pppcreds, krb5_replay_data * replay_data) { if ( p_krb5_rd_cred ) return(p_krb5_rd_cred(con,acon,data,pppcreds,replay_data)); else return KRB5KRB_ERR_GENERIC; } krb5_error_code ck_krb5_c_enctype_compare(krb5_context con, krb5_enctype e1, krb5_enctype e2, krb5_boolean * pb) { if ( p_krb5_c_enctype_compare ) return(p_krb5_c_enctype_compare(con, e1,e2, pb)); else return(-1); } krb5_error_code ck_krb5_write_message(krb5_context con, krb5_pointer ptr, krb5_data *data) { int fd = *((int *)ptr); long msglen; msglen = htonl(data->length); if (net_write(fd,(CHAR *)&msglen,4) != 4) { return(-1); } if ( data->length ) { if (net_write(fd,data->data,data->length) != data->length) { return(-1); } } return(0); } krb5_error_code ck_krb5_read_message( krb5_context context, krb5_pointer ptr, krb5_data * data) { extern int ttyfd; int fd = *((int *)ptr); long msglen; char *p; int i, rc; if (net_read(fd,&msglen,4) < 0) return(-1); data->length = ntohl(msglen); if ( data->length ) { data->data = malloc(data->length); i = 0; while ( i < data->length ) { if ((rc = net_read(fd,&data->data[i],(data->length - i))) < 0) return(-1); i += rc; } } return(0); } krb5_error_code ck_krb5_free_error(krb5_context con, krb5_error * error) { if ( p_krb5_free_error ) return(p_krb5_free_error(con,error)); else return(-1); } krb5_error_code ck_krb5_sendauth(krb5_context con, krb5_auth_context * auth, krb5_pointer ptr, char * str, krb5_principal princ1, krb5_principal princ2, krb5_flags flags, krb5_data * data, krb5_creds * creds, krb5_ccache cc, krb5_error ** error, krb5_ap_rep_enc_part ** ap_rep, krb5_creds ** pcreds) { if ( p_krb5_sendauth ) return(p_krb5_sendauth(con,auth,ptr,str,princ1,princ2,flags, data, creds, cc, error, ap_rep, pcreds)); else return(-1); } krb5_error_code ck_krb5_process_key(krb5_context con, krb5_encrypt_block * eblock, const krb5_keyblock * kblock) { if ( p_krb5_process_key ) return(p_krb5_process_key(con,eblock,kblock)); else return(-1); } krb5_error_code ck_krb5_use_enctype(krb5_context con, krb5_encrypt_block * eblock, const krb5_enctype etype) { if ( p_krb5_use_enctype ) return(p_krb5_use_enctype(con,eblock,etype)); else return(-1); } krb5_error_code ck_krb5_encrypt(krb5_context context, krb5_const krb5_pointer inptr, krb5_pointer outptr, krb5_const size_t size, krb5_encrypt_block * eblock, krb5_pointer ivec) { if ( p_krb5_encrypt ) return(p_krb5_encrypt(context,inptr,outptr,size,eblock,ivec)); else return(-1); } size_t ck_krb5_encrypt_size(krb5_const size_t length, krb5_enctype crypto) { if ( p_krb5_encrypt_size ) return(p_krb5_encrypt_size(length,crypto)); else return((size_t)-1); } krb5_error_code ck_krb5_decrypt(krb5_context context, krb5_const krb5_pointer inptr, krb5_pointer outptr, krb5_const size_t size, krb5_encrypt_block * eblock, krb5_pointer ivec) { if ( p_krb5_decrypt ) return(p_krb5_decrypt(context,inptr,outptr,size,eblock,ivec)); else return(-1); } #ifdef COMMENT krb5_error_code ck_k5_princ_to_userid(krb5_context context, krb5_principal princ, char ** userid) { krb5_error_code code = 0; if ( p_k95_k5_princ_to_userid ) { char * princ_name; char * princ_inst; char * princ_realm; char * new_userid; int r; int len; char * data; /* Principal Name */ len = krb5_princ_component(k5_context, princ,0)->length; if ( len <= 0 ) { len = 0; data = ""; } else data = krb5_princ_component(k5_context, princ,0)->data; princ_name = (char *) malloc(len + 1); if (!princ_name) goto exitpoint; ckstrncpy(princ_name,data,len+1); /* Principal Instance */ len = krb5_princ_component(k5_context, princ,1)->length; if ( len <= 0 ) { len = 0; data = ""; } else data = krb5_princ_component(k5_context, princ,1)->data; princ_inst = (char *) malloc(len + 1); if (!princ_inst) goto exitpoint; ckstrncpy(princ_inst,data,len+1); /* Principal Realm */ len = krb5_princ_realm(k5_context, princ)->length; if ( len <= 0 ) { len = 0; data = ""; } else data = krb5_princ_realm(k5_context, princ)->data; princ_realm = (char *) malloc(len + 1); if (!princ_realm) goto exitpoint; ckstrncpy(princ_realm,data,len+1); new_userid = (char *) malloc(256); if ( !new_userid ) goto exitpoint; r = p_k95_k5_princ_to_userid(princ_name,princ_inst,princ_realm, krb5_d_realm ? krb5_d_realm : ck_krb5_getrealm(krb5_d_cc), new_userid,256); if (r == 0) *userid = new_userid; else free(new_userid); exitpoint: if ( princ_name ) free(princ_name); if ( princ_inst ) free(princ_inst); if ( princ_realm ) free(princ_realm); return(r); } else { if (code = krb5_unparse_name( k5_context, princ, userid)) *userid = 0; } return(code); } #endif krb5_boolean ck_krb5_kuserok(krb5_context context,krb5_principal princ, const char * p) { if ( p_k95_k5_userok ) { char * princ_name; char * princ_inst; char * princ_realm; int r; int len; char * data; /* Principal Name */ len = krb5_princ_component(k5_context, princ,0)->length; if ( len <= 0 ) { len = 0; data = ""; } else data = krb5_princ_component(k5_context, princ,0)->data; princ_name = (char *) malloc(len + 1); if (!princ_name) goto exitpoint; ckstrncpy(princ_name,data,len+1); /* Principal Instance */ len = krb5_princ_component(k5_context, princ,1)->length; if ( len <= 0 ) { len = 0; data = ""; } else data = krb5_princ_component(k5_context, princ,1)->data; princ_inst = (char *) malloc(len + 1); if (!princ_inst) goto exitpoint; ckstrncpy(princ_inst,data,len+1); /* Principal Realm */ len = krb5_princ_realm(k5_context, princ)->length; if ( len <= 0 ) { len = 0; data = ""; } else data = krb5_princ_realm(k5_context, princ)->data; princ_realm = (char *) malloc(len + 1); if (!princ_realm) goto exitpoint; ckstrncpy(princ_realm,data,len+1); r = p_k95_k5_userok(princ_name,princ_inst,princ_realm, krb5_d_realm ? krb5_d_realm : ck_krb5_getrealm(krb5_d_cc),p); exitpoint: if ( princ_name ) free(princ_name); if ( princ_inst ) free(princ_inst); if ( princ_realm ) free(princ_realm); return(r); } else if ( p_krb5_kuserok ) return(p_krb5_kuserok(context,princ,p)); else if ( !strncmp(p, krb5_princ_component(k5_context, princ,0)->data, krb5_princ_component(k5_context, princ,0)->length) ) return(1); else return(0); } krb5_error_code ck_krb5_aname_to_localname(krb5_context context, krb5_const_principal aname, const int lnsize, char *lname) { #ifdef COMMENT if ( p_k95_k5_aname_to_localname ) { return(p_k95_k5_aname_to_localname()); } else #endif if ( p_krb5_aname_to_localname ) return(p_krb5_aname_to_localname(context,aname,lnsize,lname)); else { char * name = NULL; if (krb5_unparse_name( context, aname, &name)) name = 0; if ( name ) { ckstrncpy(lname,name,lnsize); krb5_free_unparsed_name(context,name); return(0); } else return(KRB5_LNAME_NOTRANS); } } /* app_name - the name of the application realm - The realm for this application optionname - the name of the option default - the default value if it isn't found. variable - a pointer to the returned value the way this appears in the configuration file is: [appdefaults] option = false REALM = { option = false app_name = { option = true } } app_name = { option = true } For telnet, the app name I use is "telnet". The realm is the realm of the default principal. The options I use in the Unix telnet are: forward - Forward your credentials if TRUE forwardable - Make the credentials on the remote end forwardable if TRUE encrypt - Attempt to negotiate encryption if TRUE autologin - Attempt to perform AUTHENTICATION option if true forceencrypt - Fail if encryption does not succeed ftp is "ftp" and only 'forward' is defined. */ void ck_krb5_appdefault_boolean( krb5_context context, const char * app_name, const krb5_data * realm, const char * optionname, int def, int * variable) { if ( p_krb5_appdefault_boolean ) p_krb5_appdefault_boolean( context,app_name,realm, optionname,def,variable ); else *variable = def; } void ck_krb5_appdefault_string( krb5_context context, const char * app_name, const krb5_data * realm, const char * optionname, char ** value) { if ( p_krb5_appdefault_string ) p_krb5_appdefault_string( context,app_name,realm, optionname,value ); } void ck_krb5_get_init_creds_opt_init(krb5_get_init_creds_opt *opt) { if ( p_krb5_get_init_creds_opt_init ) p_krb5_get_init_creds_opt_init(opt); } void ck_krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt *opt, krb5_deltat tkt_life) { if ( p_krb5_get_init_creds_opt_set_tkt_life ) p_krb5_get_init_creds_opt_set_tkt_life(opt,tkt_life); } void ck_krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt *opt, krb5_deltat renew_life) { if ( p_krb5_get_init_creds_opt_set_renew_life ) p_krb5_get_init_creds_opt_set_renew_life(opt,renew_life); } void ck_krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt *opt, int forwardable) { if ( p_krb5_get_init_creds_opt_set_forwardable ) p_krb5_get_init_creds_opt_set_forwardable(opt,forwardable); } void ck_krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt *opt, int proxiable) { if ( p_krb5_get_init_creds_opt_set_proxiable ) p_krb5_get_init_creds_opt_set_proxiable(opt,proxiable); } void ck_krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt *opt, krb5_enctype *etype_list, int etype_list_length) { if ( p_krb5_get_init_creds_opt_set_etype_list) p_krb5_get_init_creds_opt_set_etype_list(opt,etype_list,etype_list_length); } void ck_krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt *opt, krb5_address **addresses) { if ( p_krb5_get_init_creds_opt_set_address_list ) p_krb5_get_init_creds_opt_set_address_list(opt,addresses); } void ck_krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt, krb5_preauthtype *preauth_list, int preauth_list_length) { if ( p_krb5_get_init_creds_opt_set_preauth_list ) p_krb5_get_init_creds_opt_set_preauth_list(opt,preauth_list,preauth_list_length); } void ck_krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt, krb5_data *salt) { if ( p_krb5_get_init_creds_opt_set_salt ) p_krb5_get_init_creds_opt_set_salt(opt,salt); } krb5_error_code ck_krb5_get_init_creds_password(krb5_context context, krb5_creds *creds, krb5_principal client, char *password, krb5_prompter_fct prompter, void *data, krb5_deltat start_time, char *in_tkt_service, krb5_get_init_creds_opt *options) { if ( p_krb5_get_init_creds_password ) return(p_krb5_get_init_creds_password(context,creds,client,password, prompter,data,start_time, in_tkt_service,options)); else return(-1); } krb5_error_code ck_krb5_get_init_creds_keytab(krb5_context context, krb5_creds *creds, krb5_principal client, krb5_keytab arg_keytab, krb5_deltat start_time, char *in_tkt_service, krb5_get_init_creds_opt *options) { if ( p_krb5_get_init_creds_keytab ) return(p_krb5_get_init_creds_keytab(context,creds,client, arg_keytab,start_time, in_tkt_service,options)); else return(-1); } krb5_error_code ck_krb5_get_validated_creds(krb5_context context, krb5_creds *creds, krb5_principal client, krb5_ccache ccache, char *in_tkt_service) { if ( p_krb5_get_validated_creds ) return(p_krb5_get_validated_creds(context,creds,client,ccache,in_tkt_service)); else return(-1); } krb5_error_code ck_krb5_get_renewed_creds(krb5_context context, krb5_creds *creds, krb5_principal client, krb5_ccache ccache, char *in_tkt_service) { if ( p_krb5_get_renewed_creds ) return(p_krb5_get_renewed_creds(context,creds,client,ccache,in_tkt_service)); else return(-1); } krb5_error_code ck_krb5_rd_safe( krb5_context context, krb5_auth_context auth, krb5_const krb5_data * data1, krb5_data * data2, krb5_replay_data * replay) { if ( p_krb5_rd_safe ) return(p_krb5_rd_safe(context,auth,data1,data2,replay)); else return(-1); } krb5_error_code ck_krb5_mk_safe( krb5_context context, krb5_auth_context auth, krb5_const krb5_data * data1, krb5_data * data2, krb5_replay_data * replay) { if ( p_krb5_mk_safe ) return(p_krb5_mk_safe( context, auth, data1, data2, replay)); else return(-1); } krb5_error_code ck_krb5_rd_priv( krb5_context context, krb5_auth_context auth, krb5_const krb5_data * data1, krb5_data * data2, krb5_replay_data * replay) { if ( p_krb5_rd_priv ) return(p_krb5_rd_priv(context,auth,data1,data2,replay)); else return(-1); } krb5_error_code ck_krb5_mk_priv( krb5_context context, krb5_auth_context auth, krb5_const krb5_data * data1, krb5_data * data2, krb5_replay_data * replay) { if ( p_krb5_mk_priv ) return(p_krb5_mk_priv( context, auth, data1, data2, replay)); else return(-1); } krb5_error_code ck_krb5_auth_con_setuseruserkey( krb5_context context, krb5_auth_context auth, krb5_keyblock * key) { if ( p_krb5_auth_con_setuseruserkey ) return(p_krb5_auth_con_setuseruserkey(context,auth,key)); else return(-1); } krb5_error_code ck_krb5_get_profile(krb5_context context, profile_t * profile) { if ( p_krb5_get_profile ) return(p_krb5_get_profile(context,profile)); else return(-1); } long ck_profile_get_relation_names(profile_t profile, const char **names, char ***ret_names) { if ( p_profile_get_relation_names ) return(p_profile_get_relation_names(profile,names,ret_names)); else return(-1); } long ck_profile_get_subsection_names(profile_t profile, const char **names, char ***ret_names) { if ( p_profile_get_subsection_names ) return(p_profile_get_subsection_names(profile,names,ret_names)); else return(-1); } void ck_krb5_free_keyblock_contents(krb5_context context, krb5_keyblock * keyblock) { if ( p_krb5_free_keyblock_contents ) p_krb5_free_keyblock_contents(context,keyblock); } krb5_error_code ck_krb5_c_encrypt(krb5_context context, krb5_const krb5_keyblock *key, krb5_keyusage usage, krb5_const krb5_data *ivec, krb5_const krb5_data *input, krb5_enc_data *output) { if ( p_krb5_c_encrypt ) return(p_krb5_c_encrypt(context,key,usage,ivec,input,output)); else return(-1); } krb5_error_code ck_krb5_c_decrypt(krb5_context context, krb5_const krb5_keyblock *key, krb5_keyusage usage, krb5_const krb5_data *ivec, krb5_const krb5_enc_data *input, krb5_data *output) { if ( p_krb5_c_decrypt ) return(p_krb5_c_decrypt(context,key,usage,ivec,input,output)); else return(-1); } krb5_error_code ck_krb5_c_block_size(krb5_context context, krb5_enctype enctype, size_t *blocksize) { if ( p_krb5_c_block_size ) return(p_krb5_c_block_size(context,enctype,blocksize)); else return(-1); } krb5_error_code ck_krb5_c_make_random_key(krb5_context context, krb5_enctype enctype, krb5_keyblock *random_key) { if ( p_krb5_c_make_random_key ) return(p_krb5_c_make_random_key(context,enctype,random_key)); else return(-1); } krb5_error_code ck_krb5_c_random_seed(krb5_context context, krb5_data *data) { if ( p_krb5_c_random_seed ) return(p_krb5_c_random_seed(context,data)); else return(-1); } krb5_error_code ck_krb5_c_encrypt_length(krb5_context context, krb5_enctype enctype, size_t inputlen, size_t *length) { if ( p_krb5_c_encrypt_length ) return(p_krb5_c_encrypt_length(context,enctype,inputlen,length)); else return(-1); } krb5_error_code ck_krb5_kt_default_name(krb5_context context, char * name, int len) { krb5_error_code code; krb5_keytab kt; if ( p_krb5_kt_default_name ) { code = p_krb5_kt_default_name(context,name,len); return(code); } else { code = krb5_kt_default(context,&kt); if ( code ) return(code); krb5_kt_get_name(context,kt,name,len); krb5_kt_close(context,kt); return(0); } } #ifndef krb5_x #define krb5_x(ptr,args) ((ptr)?((*(ptr)) args):(abort(),1)) #define krb5_xc(ptr,args) ((ptr)?((*(ptr)) args):(abort(),(char*)0)) #endif #ifndef NO_DEF_KRB5_CCACHE typedef krb5_pointer krb5_cc_cursor; /* cursor for sequential lookup */ typedef struct _krb5_ccache { krb5_magic magic; struct _krb5_cc_ops FAR *ops; krb5_pointer data; } *krb5_ccache; typedef struct _krb5_cc_ops { krb5_magic magic; char *prefix; char * (KRB5_CALLCONV *get_name) (krb5_context, krb5_ccache); krb5_error_code (KRB5_CALLCONV *resolve) (krb5_context, krb5_ccache *, const char *); krb5_error_code (KRB5_CALLCONV *gen_new) (krb5_context, krb5_ccache *); krb5_error_code (KRB5_CALLCONV *init) (krb5_context, krb5_ccache, krb5_principal); krb5_error_code (KRB5_CALLCONV *destroy) (krb5_context, krb5_ccache); krb5_error_code (KRB5_CALLCONV *close) (krb5_context, krb5_ccache); krb5_error_code (KRB5_CALLCONV *store) (krb5_context, krb5_ccache, krb5_creds *); krb5_error_code (KRB5_CALLCONV *retrieve) (krb5_context, krb5_ccache, krb5_flags, krb5_creds *, krb5_creds *); krb5_error_code (KRB5_CALLCONV *get_princ) (krb5_context, krb5_ccache, krb5_principal *); krb5_error_code (KRB5_CALLCONV *get_first) (krb5_context, krb5_ccache, krb5_cc_cursor *); krb5_error_code (KRB5_CALLCONV *get_next) (krb5_context, krb5_ccache, krb5_cc_cursor *, krb5_creds *); krb5_error_code (KRB5_CALLCONV *end_get) (krb5_context, krb5_ccache, krb5_cc_cursor *); krb5_error_code (KRB5_CALLCONV *remove_cred) (krb5_context, krb5_ccache, krb5_flags, krb5_creds *); krb5_error_code (KRB5_CALLCONV *set_flags) (krb5_context, krb5_ccache, krb5_flags); } krb5_cc_ops; #endif /* NO_DEF_KRB5_CCACHE */ char * ck_krb5_cc_get_name (krb5_context context, krb5_ccache cache) { if ( p_krb5_cc_get_name ) return(p_krb5_cc_get_name(context,cache)); else return(krb5_xc((cache)->ops->get_name,(context, cache))); } krb5_error_code ck_krb5_cc_gen_new (krb5_context context, krb5_ccache *cache) { if ( p_krb5_cc_gen_new ) return(p_krb5_cc_gen_new(context,cache)); else return(krb5_x ((*cache)->ops->gen_new,(context, cache))); } krb5_error_code ck_krb5_cc_initialize (krb5_context context, krb5_ccache cache, krb5_principal principal) { if ( p_krb5_cc_initialize ) return(p_krb5_cc_initialize(context,cache,principal)); else return(krb5_x ((cache)->ops->init,(context, cache, principal))); } krb5_error_code ck_krb5_cc_destroy (krb5_context context, krb5_ccache cache) { if ( p_krb5_cc_destroy ) return(p_krb5_cc_destroy(context,cache)); else return(krb5_x ((cache)->ops->destroy,(context, cache))); } krb5_error_code ck_krb5_cc_close (krb5_context context, krb5_ccache cache) { if ( p_krb5_cc_close ) return(p_krb5_cc_close(context,cache)); else return(krb5_x ((cache)->ops->close,(context, cache))); } krb5_error_code ck_krb5_cc_store_cred (krb5_context context, krb5_ccache cache, krb5_creds *creds) { if ( p_krb5_cc_store_cred ) return(p_krb5_cc_store_cred(context,cache,creds)); else return(krb5_x ((cache)->ops->store,(context, cache, creds))); } krb5_error_code ck_krb5_cc_retrieve_cred (krb5_context context, krb5_ccache cache, krb5_flags flags, krb5_creds *mcreds, krb5_creds *creds) { if ( p_krb5_cc_retrieve_cred ) return(p_krb5_cc_retrieve_cred(context,cache,flags,mcreds,creds)); else return(krb5_x ((cache)->ops->retrieve,(context, cache, flags, mcreds, creds))); } krb5_error_code ck_krb5_cc_get_principal (krb5_context context, krb5_ccache cache, krb5_principal *principal) { if ( p_krb5_cc_get_principal ) return(p_krb5_cc_get_principal(context,cache,principal)); else return(krb5_x ((cache)->ops->get_princ,(context, cache, principal))); } krb5_error_code ck_krb5_cc_start_seq_get (krb5_context context, krb5_ccache cache, krb5_cc_cursor *cursor) { if ( p_krb5_cc_start_seq_get ) return(p_krb5_cc_start_seq_get(context,cache,cursor)); else return(krb5_x ((cache)->ops->get_first,(context, cache, cursor))); } krb5_error_code ck_krb5_cc_next_cred (krb5_context context, krb5_ccache cache, krb5_cc_cursor *cursor, krb5_creds *creds) { if ( p_krb5_cc_next_cred ) return(p_krb5_cc_next_cred(context,cache,cursor,creds)); else return(krb5_x ((cache)->ops->get_next,(context, cache, cursor, creds))); } krb5_error_code ck_krb5_cc_end_seq_get (krb5_context context, krb5_ccache cache, krb5_cc_cursor *cursor) { if ( p_krb5_cc_end_seq_get ) return(p_krb5_cc_end_seq_get(context,cache,cursor)); else return(krb5_x ((cache)->ops->end_get,(context, cache, cursor))); } krb5_error_code ck_krb5_cc_remove_cred (krb5_context context, krb5_ccache cache, krb5_flags flags, krb5_creds *creds) { if ( p_krb5_cc_remove_cred ) return(p_krb5_cc_remove_cred(context,cache,flags,creds)); else return(krb5_x ((cache)->ops->remove_cred,(context, cache,flags, creds))); } krb5_error_code ck_krb5_cc_set_flags (krb5_context context, krb5_ccache cache, krb5_flags flags) { if ( p_krb5_cc_set_flags ) return(p_krb5_cc_set_flags(context,cache,flags)); else return(krb5_x ((cache)->ops->set_flags,(context, cache, flags))); } const char * ck_krb5_cc_get_type (krb5_context context, krb5_ccache cache) { if ( p_krb5_cc_get_type ) return(p_krb5_cc_get_type(context,cache)); else return(((cache)->ops->prefix)); } #ifndef NO_DEF_KRB5_KT typedef krb5_pointer krb5_kt_cursor; /* XXX */ typedef struct old_krb5_keytab_entry_st { krb5_magic magic; krb5_principal principal; /* principal of this key */ krb5_timestamp timestamp; /* time entry written to keytable */ krb5_kvno vno; /* key version number */ krb5_keyblock key; /* the secret key */ } old_krb5_keytab_entry; typedef struct _old_krb5_kt { krb5_magic magic; struct _krb5_kt_ops FAR *ops; krb5_pointer data; } *old_krb5_keytab; typedef struct _krb5_kt_ops { krb5_magic magic; char *prefix; /* routines always present */ krb5_error_code (KRB5_CALLCONV *resolve) (krb5_context, krb5_const char *, krb5_keytab *); krb5_error_code (KRB5_CALLCONV *get_name) (krb5_context, krb5_keytab, char *, int); krb5_error_code (KRB5_CALLCONV *close) (krb5_context, krb5_keytab); krb5_error_code (KRB5_CALLCONV *get) (krb5_context, krb5_keytab, krb5_principal, krb5_kvno, krb5_enctype, krb5_keytab_entry *); krb5_error_code (KRB5_CALLCONV *start_seq_get) (krb5_context, krb5_keytab, krb5_kt_cursor *); krb5_error_code (KRB5_CALLCONV *get_next) (krb5_context, krb5_keytab, krb5_keytab_entry *, krb5_kt_cursor *); krb5_error_code (KRB5_CALLCONV *end_get) (krb5_context, krb5_keytab, krb5_kt_cursor *); /* routines to be included on extended version (write routines) */ krb5_error_code (KRB5_CALLCONV *add) (krb5_context, krb5_keytab, krb5_keytab_entry *); krb5_error_code (KRB5_CALLCONV *remove) (krb5_context, krb5_keytab, krb5_keytab_entry *); /* Handle for serializer */ void * serializer; } krb5_kt_ops; #else #define old_krb5_keytab krb5_keytab #endif /* NO_DEF_KRB5_KT */ const char * ck_krb5_kt_get_type (krb5_context context, krb5_keytab keytab) { if ( p_krb5_kt_get_type ) return(p_krb5_kt_get_type(context,keytab)); else return(((old_krb5_keytab)keytab)->ops->prefix); } krb5_error_code ck_krb5_kt_get_name (krb5_context context, krb5_keytab keytab, char * name, unsigned int namelen) { if ( p_krb5_kt_get_name ) return(p_krb5_kt_get_name(context,keytab,name,namelen)); else return(krb5_x(((old_krb5_keytab)keytab)->ops->get_name,(context, keytab,name,namelen))); } krb5_error_code ck_krb5_kt_close(krb5_context context, krb5_keytab keytab) { if ( p_krb5_kt_close ) return(p_krb5_kt_close(context,keytab)); else return(krb5_x(((old_krb5_keytab)keytab)->ops->close,(context, keytab))); } krb5_error_code ck_krb5_kt_get_entry(krb5_context context, krb5_keytab keytab, krb5_principal princ, krb5_kvno kvno, krb5_enctype enc, krb5_keytab_entry * entry) { if ( p_krb5_kt_get_entry ) return(p_krb5_kt_get_entry(context,keytab,princ,kvno,enc,entry)); else return(krb5_x(((old_krb5_keytab)keytab)->ops->get,(context, keytab, princ, kvno, enc, entry))); } krb5_error_code ck_krb5_kt_start_seq_get(krb5_context context, krb5_keytab keytab, krb5_kt_cursor * cursor) { if ( p_krb5_kt_start_seq_get ) return(p_krb5_kt_start_seq_get(context,keytab,cursor)); else return(krb5_x(((old_krb5_keytab)keytab)->ops->start_seq_get,(context, keytab, cursor))); } krb5_error_code ck_krb5_kt_next_entry(krb5_context context, krb5_keytab keytab, krb5_keytab_entry * entry, krb5_kt_cursor * cursor) { if ( p_krb5_kt_next_entry ) return(p_krb5_kt_next_entry(context,keytab,entry,cursor) ); else return(krb5_x(((old_krb5_keytab)keytab)->ops->get_next,(context, keytab, entry, cursor))); } krb5_error_code ck_krb5_kt_end_seq_get(krb5_context context, krb5_keytab keytab, krb5_kt_cursor * cursor) { if ( p_krb5_kt_end_seq_get ) return(p_krb5_kt_end_seq_get(context,keytab,cursor)); else return(krb5_x(((old_krb5_keytab)keytab)->ops->end_get,(context, keytab, cursor))); } krb5_error_code ck_krb5_build_principal(krb5_context context, krb5_principal * princ, unsigned int len, krb5_const char * data1, krb5_const char * data2, krb5_const char * data3, krb5_const char *data4) { if ( p_krb5_build_principal ) return(p_krb5_build_principal(context,princ,len,data1,data2,data3,data4)); else return(-1); } int ck_krb524_init_ets(krb5_context context) { if ( p_krb524_init_ets ) return(p_krb524_init_ets(context)); else return(-1); } int ck_krb524_convert_creds_kdc(krb5_context context, krb5_creds *v5creds, LEASH_CREDENTIALS *v4creds) { if ( p_krb524_convert_creds_kdc ) return(p_krb524_convert_creds_kdc(context,v5creds,(CREDENTIALS *)v4creds)); else return(-1); } #endif /* KRB5 */ #ifdef CK_DES /* These functions are located in DLLs which we are not linking to at */ /* compile time. Therefore, we have to redirect them to locally */ /* defined functions which will call the real thing only if they are */ /* available via Run-Time Linking. */ /* From KRB5_32.DLL: unresolved external symbol __imp__des_ecb_encrypt@16 unresolved external symbol __imp__des_new_random_key@4 unresolved external symbol __imp__des_key_sched@8 unresolved external symbol __imp__des_set_random_generator_seed@4 */ static int (KRB5_CALLCONV *p_des_new_random_key) P((Block))=NULL; static void (KRB5_CALLCONV *p_des_set_random_generator_seed) P((Block))=NULL; static int (KRB5_CALLCONV *p_des_key_sched) P((Block, Schedule))=NULL; static void (KRB5_CALLCONV *p_des_ecb_encrypt) P((Block, Block, Schedule, int))=NULL; static void (KRB5_CALLCONV *p_des_pcbc_encrypt) P((Block, Block, long, Schedule, Block, int))=NULL; static int (KRB5_CALLCONV *p_des_string_to_key) P((char *, Block))=NULL; static void (KRB5_CALLCONV *p_des_fixup_key_parity) P((Block))=NULL; /* these were KRB5_CALLCONV */ static int (KRB5_CALLCONV_C *p_k4_des_new_random_key) P((Block))=NULL; static void (KRB5_CALLCONV_C *p_k4_des_set_random_generator_seed) P((Block))=NULL; static int (KRB5_CALLCONV_C *p_k4_des_key_sched) P((Block, Schedule))=NULL; static void (KRB5_CALLCONV_C *p_k4_des_ecb_encrypt) P((Block, Block, Schedule, int))=NULL; static void (KRB5_CALLCONV_C *p_k4_des_pcbc_encrypt) P((Block, Block, long, Schedule, Block, int))=NULL; static int (KRB5_CALLCONV_C *p_k4_des_string_to_key) P((char *, Block))=NULL; static void (KRB5_CALLCONV_C *p_k4_des_fixup_key_parity) P((Block))=NULL; #ifdef LIBDES #ifdef CRYPT_DLL int (*libdes_random_key)(Block)=NULL; void (*libdes_random_seed)(Block)=NULL; int (*libdes_key_sched)(Block, Schedule)=NULL; void (*libdes_ecb_encrypt)(Block, Block, Schedule, int)=NULL; int (*libdes_string_to_key)(char *, Block)=NULL; int (*libdes_fixup_key_parity)(Block)=NULL; int (*libdes_pcbc_encrypt)(Block, Block, long, Schedule, Block, int)=NULL; #else /* CRYPT_DLL */ int libdes_random_key(Block); void libdes_random_seed(Block); int libdes_key_sched(Block, Schedule); void libdes_ecb_encrypt(Block, Block, Schedule, int); int libdes_string_to_key(char *, Block); int libdes_fixup_key_parity(Block); int libdes_pcbc_encrypt(Block, Block, long, Schedule, Block, int); #endif /* CRYPT_DLL */ #endif /* LIBDES */ int ck_des_new_random_key(Block B) { int rc=0; #ifdef LIBDES #ifdef CRYPT_DLL if ( libdes_random_key ) { rc = libdes_random_key(B); return(rc); } else return(-1); #else /* CRYPT_DLL */ rc = libdes_random_key(B); return(rc); #endif /* CRYPT_DLL */ #endif /* LIBDES */ if ( authentication_version == AUTHTYPE_KERBEROS_V5 ) { if ( p_des_new_random_key == NULL ) return(-1); else { rc = p_des_new_random_key(B); return(rc); } } if ( authentication_version == AUTHTYPE_KERBEROS_V4 ) { if ( p_k4_des_new_random_key == NULL ) return(-1); else { rc = p_k4_des_new_random_key(B); return(rc); } } return(-1); } void ck_des_set_random_generator_seed(Block B) { #ifdef LIBDES #ifdef CRYPT_DLL if ( libdes_random_seed ) { libdes_random_seed(B); return; } #else /* CRYPT_DLL */ libdes_random_seed(B); return; #endif /* CRYPT_DLL */ #endif /* LIBDES */ if ( authentication_version == AUTHTYPE_KERBEROS_V5 ) { if ( p_des_set_random_generator_seed ) p_des_set_random_generator_seed(B); } if ( authentication_version == AUTHTYPE_KERBEROS_V4 ) { if ( p_k4_des_set_random_generator_seed ) p_k4_des_set_random_generator_seed(B); } } int ck_des_key_sched(Block B, Schedule S) { #ifdef LIBDES #ifdef CRYPT_DLL if ( libdes_key_sched ) { return libdes_key_sched(B,S); } else return(-3); #else /* CRYPT_DLL */ return libdes_key_sched(B,S); #endif /* CRYPT_DLL */ #endif /* LIBDES */ if ( authentication_version == AUTHTYPE_KERBEROS_V5 ) { if ( p_des_key_sched ) return p_des_key_sched(B,S); else return(-3); } else if ( authentication_version == AUTHTYPE_KERBEROS_V4 ) { if ( p_k4_des_key_sched ) return p_k4_des_key_sched(B,S); else return(-3); } return(-3); } int ck_k4_des_key_sched(Block B, Schedule S) { if ( p_k4_des_key_sched ) return p_k4_des_key_sched(B,S); else return(-3); } void ck_des_ecb_encrypt(Block B1, Block B2, Schedule S, int I) { if ( I ) { /* Encrypting */ hexdump("des_ecb_encrypt() encrypting",B1,sizeof(Block)); } else { /* Decrypting */ hexdump("des_ecb_encrypt() decrypting",B1,sizeof(Block)); } #ifdef LIBDES #ifdef CRYPT_DLL if ( libdes_ecb_encrypt ) { libdes_ecb_encrypt(B1,B2,S,I); goto exit_des_ecb_encrypt; } #else /* CRYPT_DLL */ libdes_ecb_encrypt(B1,B2,S,I); goto exit_des_ecb_encrypt; #endif /* CRYPT_DLL */ #endif /* LIBDES */ if ( authentication_version == AUTHTYPE_KERBEROS_V5 ) { if ( p_des_ecb_encrypt ) p_des_ecb_encrypt(B1,B2,S,I); } if ( authentication_version == AUTHTYPE_KERBEROS_V4 ) { if ( p_k4_des_ecb_encrypt ) p_k4_des_ecb_encrypt(B1,B2,S,I); } exit_des_ecb_encrypt: hexdump("des_ecb_encrypt() B1",B1,sizeof(Block)); hexdump("des_ecb_encrypt() B2",B2,sizeof(Block)); } int ck_des_string_to_key(char * p, Block B) { #ifdef LIBDES #ifdef CRYPT_DLL if ( libdes_string_to_key ) return(libdes_string_to_key(p,B)); else return(0); #else /* CRYPT_DLL */ return(libdes_string_to_key(p,B)); #endif /* CRYPT_DLL */ #endif /* LIBDES */ if ( authentication_version == AUTHTYPE_KERBEROS_V5 ) { if ( p_des_string_to_key ) return(p_des_string_to_key(p,B)); else return(-1); } if ( authentication_version == AUTHTYPE_KERBEROS_V4 ) { if ( p_k4_des_string_to_key ) return(p_k4_des_string_to_key(p,B)); else return(-1); } } void ck_des_fixup_key_parity(Block B) { #ifdef LIBDES #ifdef CRYPT_DLL if ( libdes_fixup_key_parity ) { libdes_fixup_key_parity(B); return; } #else /* CRYPT_DLL */ libdes_fixup_key_parity(B); return; #endif /* CRYPT_DLL */ #endif /* LIBDES */ if ( authentication_version == AUTHTYPE_KERBEROS_V5 ) { if ( p_des_fixup_key_parity ) p_des_fixup_key_parity(B); } if ( authentication_version == AUTHTYPE_KERBEROS_V4 ) { if ( p_k4_des_fixup_key_parity ) p_k4_des_fixup_key_parity(B); } } void ck_des_pcbc_encrypt(Block input, Block output, long length, Schedule schedule, Block ivec, int enc) { #ifdef LIBDES #ifdef CRYPT_DLL if ( libdes_pcbc_encrypt ) { libdes_pcbc_encrypt(input,output,length,schedule,ivec,enc); return; } #else /* CRYPT_DLL */ libdes_pcbc_encrypt(input,output,length,schedule,ivec,enc); return; #endif /* CRYPT_DLL */ #endif /* LIBDES */ if ( authentication_version == AUTHTYPE_KERBEROS_V5 ) { if ( p_des_pcbc_encrypt ) { p_des_pcbc_encrypt(input,output,length,schedule,ivec,enc); return; } } if ( authentication_version == AUTHTYPE_KERBEROS_V4 ) { if ( p_k4_des_pcbc_encrypt ) { p_k4_des_pcbc_encrypt(input,output,length,schedule,ivec,enc); return; } } } #endif /* CK_DES */ #ifdef CRYPT_DLL static int (*p_crypt_dll_init)(struct _crypt_dll_init *)=NULL; static int (*p_encrypt_parse)(unsigned char *, int)=NULL; static void (*p_encrypt_init)(kstream,int)=NULL; static int (*p_encrypt_session_key)(Session_Key *, int)=NULL; static int (*p_encrypt_dont_support)(int)=NULL; static void (*p_encrypt_send_request_start)(void)=NULL; static int (*p_encrypt_request_start)(void)=NULL; static int (*p_encrypt_send_request_end)(void)=NULL; static void (*p_encrypt_send_end)(void)=NULL; static void (*p_encrypt_send_support)(void)=NULL; static int (*p_encrypt_is_encrypting)(void)=NULL; static int (*p_encrypt_is_decrypting)(void)=NULL; static int (*p_get_crypt_table)(struct keytab ** pTable, int * pN)=NULL; static int (*p_des_is_weak_key)(Block)=NULL; static char * (*p_crypt_dll_version)()=NULL; int ck_encrypt_parse(unsigned char * s, int n) { if ( p_encrypt_parse ) return(p_encrypt_parse(s,n)); else return(0); } void ck_encrypt_init(kstream ks, int type) { if ( p_encrypt_init ) p_encrypt_init(ks,type); } int ck_encrypt_dont_support(int type) { if ( p_encrypt_dont_support ) return p_encrypt_dont_support(type); return(0); } int ck_encrypt_session_key(Session_Key * key, int n) { if ( p_encrypt_session_key ) return p_encrypt_session_key(key,n); return(0); } void ck_encrypt_send_support(void) { if ( p_encrypt_send_support ) p_encrypt_send_support(); } void ck_encrypt_send_request_start(void) { if ( p_encrypt_send_request_start ) p_encrypt_send_request_start(); } void ck_encrypt_request_start(void) { if ( p_encrypt_request_start ) p_encrypt_request_start(); } void ck_encrypt_send_request_end(void) { if ( p_encrypt_send_request_end ) p_encrypt_send_request_end(); } void ck_encrypt_send_end(void) { if ( p_encrypt_send_end ) p_encrypt_send_end(); } int ck_encrypt_is_encrypting(void) { if ( p_encrypt_is_encrypting ) return(p_encrypt_is_encrypting()); else return(0); } int ck_encrypt_is_decrypting(void) { if ( p_encrypt_is_decrypting ) return(p_encrypt_is_decrypting()); else return(0); } int ck_get_crypt_table(struct keytab ** pTable, int * pN) { if (p_get_crypt_table) { return(p_get_crypt_table(pTable,pN)); } else { int i = 0; if (*pTable) { for (i = 0; i < *pN; i++) free((*pTable)[i].kwd); free (*pTable); } *pTable = NULL; *pN = 0; *pTable = malloc( sizeof(struct keytab) * 2); if (!(*pTable)) return(0); (*pTable)[0].kwd = strdup("automatic"); (*pTable)[0].kwval = ENCTYPE_ANY; (*pTable)[0].flgs = 0; (*pTable)[1].kwd = strdup("none"); (*pTable)[1].kwval = -1; (*pTable)[1].flgs = 0; (*pN) = 2; return(2); } } int ck_des_is_weak_key(Block B) { if ( p_des_is_weak_key ) return(p_des_is_weak_key(B)); else return(0); /* assume it is not */ } void crypt_install_funcs(char * name, void * func) { #ifdef NT if ( !strcmp(name,"encrypt_parse") ) (FARPROC) p_encrypt_parse = (FARPROC) func; else if ( !strcmp(name,"encrypt_init") ) (FARPROC) p_encrypt_init = (FARPROC) func; else if ( !strcmp(name,"encrypt_session_key") ) (FARPROC) p_encrypt_session_key = (FARPROC) func; else if ( !strcmp(name,"encrypt_dont_support") ) (FARPROC) p_encrypt_dont_support = (FARPROC) func; else if ( !strcmp(name,"encrypt_send_request_start") ) (FARPROC) p_encrypt_send_request_start = (FARPROC) func; else if ( !strcmp(name,"encrypt_request_start") ) (FARPROC) p_encrypt_request_start = (FARPROC) func; else if ( !strcmp(name,"encrypt_send_request_end") ) (FARPROC) p_encrypt_send_request_end = (FARPROC) func; else if ( !strcmp(name, "encrypt_send_end") ) (FARPROC) p_encrypt_send_end = (FARPROC) func; else if ( !strcmp(name,"encrypt_send_support") ) (FARPROC) p_encrypt_send_support = (FARPROC) func; else if ( !strcmp(name,"encrypt_is_encrypting") ) (FARPROC) p_encrypt_is_encrypting = (FARPROC) func; else if ( !strcmp(name,"encrypt_is_decrypting") ) (FARPROC) p_encrypt_is_decrypting = (FARPROC) func; else if ( !strcmp(name,"get_crypt_table") ) (FARPROC) p_get_crypt_table = (FARPROC) func; else if ( !strcmp(name,"des_is_weak_key") ) (FARPROC) p_des_is_weak_key = (FARPROC) func; else if ( !strcmp(name,"libdes_random_key") ) (FARPROC) libdes_random_key = (FARPROC) func; else if ( !strcmp(name,"libdes_random_seed") ) (FARPROC) libdes_random_seed = (FARPROC) func; else if ( !strcmp(name,"libdes_key_sched") ) (FARPROC) libdes_key_sched = (FARPROC) func; else if ( !strcmp(name,"libdes_ecb_encrypt") ) (FARPROC) libdes_ecb_encrypt = (FARPROC) func; else if ( !strcmp(name,"libdes_string_to_key") ) (FARPROC) libdes_string_to_key = (FARPROC) func; else if ( !strcmp(name,"libdes_fixup_key_parity") ) (FARPROC) libdes_fixup_key_parity = (FARPROC) func; else if ( !strcmp(name,"libdes_pcbc_encrypt") ) (FARPROC) libdes_pcbc_encrypt = (FARPROC) func; else if ( !strcmp(name,"crypt_dll_version") ) (FARPROC) p_crypt_dll_version = (FARPROC) func; #else /* NT */ if ( !strcmp(name,"encrypt_parse") ) p_encrypt_parse = (PFN*) func; else if ( !strcmp(name,"encrypt_init") ) p_encrypt_init = (PFN*) func; else if ( !strcmp(name,"encrypt_session_key") ) p_encrypt_session_key = (PFN*) func; else if ( !strcmp(name,"encrypt_dont_support") ) p_encrypt_dont_support = (PFN*) func; else if ( !strcmp(name,"encrypt_send_request_start") ) p_encrypt_send_request_start = (PFN*) func; else if ( !strcmp(name,"encrypt_request_start") ) p_encrypt_request_start = (PFN*) func; else if ( !strcmp(name,"encrypt_send_request_end") ) p_encrypt_send_request_end = (PFN*) func; else if ( !strcmp(name, "encrypt_send_end") ) p_encrypt_send_end = (PFN*) func; else if ( !strcmp(name,"encrypt_send_support") ) p_encrypt_send_support = (PFN*) func; else if ( !strcmp(name,"encrypt_is_encrypting") ) p_encrypt_is_encrypting = (PFN*) func; else if ( !strcmp(name,"encrypt_is_decrypting") ) p_encrypt_is_decrypting = (PFN*) func; else if ( !strcmp(name,"get_crypt_table") ) p_get_crypt_table = (PFN*) func; else if ( !strcmp(name,"des_is_weak_key") ) p_des_is_weak_key = (PFN*) func; else if ( !strcmp(name,"libdes_random_key") ) libdes_random_key = (PFN*) func; else if ( !strcmp(name,"libdes_random_seed") ) libdes_random_seed = (PFN*) func; else if ( !strcmp(name,"libdes_key_sched") ) libdes_key_sched = (PFN*) func; else if ( !strcmp(name,"libdes_ecb_encrypt") ) libdes_ecb_encrypt = (PFN*) func; else if ( !strcmp(name,"libdes_string_to_key") ) libdes_string_to_key = (PFN*) func; else if ( !strcmp(name,"libdes_fixup_key_parity") ) libdes_fixup_key_parity = (PFN*) func; else if ( !strcmp(name,"libdes_pcbc_encrypt") ) libdes_pcbc_encrypt = (PFN*) func; else if ( !strcmp(name,"crypt_dll_version") ) p_crypt_dll_version = (PFN*) func; #endif /* NT */ } char * ck_crypt_dll_version() { if ( p_crypt_dll_version ) return(p_crypt_dll_version()); else return("Encryption provided via external DLL"); } #define encrypt_parse ck_encrypt_parse #define encrypt_init ck_encrypt_init #define encrypt_session_key ck_encrypt_session_key #define encrypt_dont_support ck_encrypt_dont_support #define encrypt_send_support ck_encrypt_send_support #define encrypt_send_end ck_encrypt_send_end #define encrypt_send_request_end ck_encrypt_send_request_end #define encrypt_send_request_start ck_encrypt_send_request_start #define encrypt_request_start ck_encrypt_request_start #define encrypt_is_encrypting ck_encrypt_is_encrypting #define encrypt_is_decrypting ck_encrypt_is_decrypting #ifdef NT HINSTANCE hCRYPT = NULL; #else /* NT */ HMODULE hCRYPT = 0; #endif /* NT */ static void ck_crypt_dll_loaddll_eh(void) { if ( hCRYPT ) { #ifdef NT FreeLibrary(hCRYPT); hCRYPT = NULL; #else /* NT */ DosFreeModule(hCRYPT); hCRYPT = 0; #endif /* NT */ } p_crypt_dll_init=NULL; p_encrypt_parse=NULL; p_encrypt_init=NULL; p_encrypt_session_key=NULL; p_encrypt_dont_support=NULL; p_encrypt_send_support=NULL; p_encrypt_send_request_start=NULL; p_encrypt_request_start=NULL; p_encrypt_send_request_end=NULL; p_encrypt_send_end=NULL; p_encrypt_is_encrypting=NULL; p_encrypt_is_decrypting=NULL; p_get_crypt_table = NULL; p_des_is_weak_key = NULL; libdes_random_key=NULL; libdes_random_seed=NULL; libdes_key_sched=NULL; libdes_ecb_encrypt=NULL; libdes_string_to_key=NULL; libdes_fixup_key_parity=NULL; libdes_pcbc_encrypt=NULL; p_crypt_dll_version=NULL; encrypt_flag = 0; } static int crypt_dll_loaded=0; int ck_crypt_loaddll( void ) { ULONG rc = 0 ; struct _crypt_dll_init init; extern unsigned long startflags; int load_error = 0, len; #ifdef OS2ONLY CHAR *exe_path; CHAR path[256]; CHAR * dllname = "K2CRYPT"; #endif /* OS2ONLY */ if ( crypt_dll_loaded ) return(1); if ( startflags & 8 ) /* do not load if we are not supposed to */ return(0); #ifdef NT hCRYPT = LoadLibrary("K95CRYPT"); if ( !hCRYPT ) { rc = GetLastError() ; debug(F101, "K95 Crypt LoadLibrary failed","",rc) ; return(0); } else { if (((FARPROC) p_crypt_dll_init = GetProcAddress( hCRYPT, "crypt_dll_init" )) == NULL ) { rc = GetLastError() ; debug(F111,"K95 Crypt GetProcAddress failed","crypt_dll_init",rc); load_error = 1; } if ( load_error ) { ck_crypt_dll_loaddll_eh(); return 0; } } #else /* NT */ exe_path = GetLoadPath(); len = get_dir_len(exe_path); if ( len + strlen(dllname) + 4 > sizeof(path) ) return(0); sprintf(path, "%.*s%s.DLL", len, exe_path,dllname); /* safe */ rc = DosLoadModule(fail, sizeof(fail), path, &hCRYPT); if (rc) { debug(F111, "K95 Crypt LoadLibrary failed",fail,rc) ; rc = DosLoadModule(fail, sizeof(fail), dllname, &hCRYPT); } if ( rc ) { debug(F111, "K95 Crypt LoadLibrary failed",fail,rc) ; return(0); } else { debug(F111, "K95 Crypt LoadLibrary success",fail,rc) ; if (rc = DosQueryProcAddr(hCRYPT,0,"crypt_dll_init",(PFN*)&p_crypt_dll_init)) { debug(F111,"K95 Crypt GetProcAddress failed","crypt_dll_init",rc); load_error = 1; ck_crypt_dll_loaddll_eh(); return 0; } } #endif /* NT */ init.version = 6; /* Version 1 */ init.p_ttol = ttol; #ifndef NODEBUG init.p_dodebug = dodebug; init.p_dohexdump = dohexdump; #else /* NODEBUG */ init.p_dodebug = NULL; init.p_dohexdump = NULL; #endif /* NODEBUG */ init.p_tn_debug = tn_debug; init.p_vscrnprintf = Vscrnprintf; /* Version 2 */ #ifdef KRB5 init.p_k5_context = &k5_context; #else /* KRB5 */ init.p_k5_context = NULL; #endif /* KRB5 */ /* Version 3 */ init.p_install_funcs = crypt_install_funcs; /* Version 5 */ init.p_reqtelmutex = RequestTelnetMutex; init.p_reltelmutex = ReleaseTelnetMutex; /* Version 6 - adds p_encrypt_dont_support */ if (!p_crypt_dll_init) { debug(F110,"K95 Crypt initialization failed", "p_crypt_dll_init is NULL",0); ck_crypt_dll_loaddll_eh(); return(0); } debug(F100,"Calling p_crypt_dll_init()","",0); if ( !p_crypt_dll_init(&init) ) { debug(F110,"K95 Crypt initialization failed", "error in crypt init",0); ck_crypt_dll_loaddll_eh(); return(0); } if ( p_crypt_dll_init==NULL || p_encrypt_parse==NULL || p_encrypt_init==NULL || p_encrypt_session_key==NULL || p_encrypt_dont_support==NULL || p_encrypt_send_support==NULL || p_encrypt_send_request_start==NULL || p_encrypt_request_start==NULL || p_encrypt_send_request_end==NULL || p_encrypt_send_end==NULL || p_encrypt_is_encrypting==NULL || p_encrypt_is_decrypting==NULL || p_get_crypt_table==NULL || p_des_is_weak_key==NULL || libdes_random_key==NULL || libdes_random_seed==NULL || libdes_key_sched==NULL || libdes_ecb_encrypt==NULL || libdes_string_to_key==NULL || libdes_fixup_key_parity==NULL || libdes_pcbc_encrypt==NULL /* p_crypt_dll_version is an optional function */ ) { debug(F110,"K95 Crypt initialization failed", "not all functions loaded",0); ck_crypt_dll_loaddll_eh(); return(0); } encrypt_flag = 1; crypt_dll_loaded = 1; if ( deblog ) printf("Encryption DLL Loaded\n"); return(1); } int ck_crypt_unloaddll( void ) { if ( !crypt_dll_loaded ) return(1); /* unload dlls */ ck_crypt_dll_loaddll_eh(); /* success */ crypt_dll_loaded = 0; return(1); } #endif /* CRYPT_DLL */ static int security_dll_loaded = 0; #ifdef NTLM #ifdef NT /* Where did I get these? */ #define NTLMSSP_REQUEST_INIT_RESPONSE 0x100000 /* get back session keys */ #define NTLMSSP_REQUEST_ACCEPT_RESPONSE 0x200000 /* get back session key, LUID */ #define NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0x400000 /* request non-nt session keys */ HINSTANCE hSSPI = NULL; #else /* NT */ NTLM is not supported on non-windows platforms #endif /* NT */ static int sspi_dll_loaded = 0; static PSecurityFunctionTable (*p_SSPI_InitSecurityInterface)(void)=NULL; static PSecurityFunctionTable p_SSPI_Func = NULL; CredHandle hNTLMCred = { 0, 0 }; static TimeStamp NTLMTimeStampCred; static CtxtHandle hNTLMContext; int haveNTLMContext = 0; static SecBufferDesc NTLMSecBufDesc; SecBuffer NTLMSecBuf[1]; static UCHAR NTLMBuffer[1024]; static UCHAR NTLMBuffer2[1024]; static SecBufferDesc NTLMInSecBufDesc; static SecBuffer NTLMInSecBuf; static UCHAR NTLMInBuffer[512]; static ULONG NTLMContextAttrib; static TimeStamp NTLMTimeStampContext; static SECURITY_STATUS ss = SEC_E_OK; static PBYTE ntlm_pClientBuf = NULL; static PBYTE ntlm_pServerBuf = NULL; static DWORD ntlm_cbMaxToken = 0; static void ck_sspi_loaddll_eh( void ) { if ( hSSPI ) { FreeLibrary(hSSPI); hSSPI = NULL; } p_SSPI_InitSecurityInterface = NULL; p_SSPI_Func = NULL; } static int ck_ntlm_unloaddll( void ) { if ( !sspi_dll_loaded ) return(1); /* unload dlls */ ck_sspi_loaddll_eh(); /* success */ sspi_dll_loaded = 0; return(1); } const char * sspi_errstr(SECURITY_STATUS ss) { switch ( ss ) { case SEC_E_OK: return("OK"); case SEC_E_INSUFFICIENT_MEMORY: return("Not enough memory is available to complete this request"); case SEC_E_INVALID_HANDLE: return("The handle specified is invalid"); case SEC_E_UNSUPPORTED_FUNCTION: return("The function requested is not supported"); case SEC_E_TARGET_UNKNOWN: return("The specified target is unknown or unreachable"); case SEC_E_INTERNAL_ERROR: return("The Local Security Authority cannot be contacted"); case SEC_E_SECPKG_NOT_FOUND: return("The requested security package does not exist"); case SEC_E_NOT_OWNER: return("The caller is not the owner of the desired credentials"); case SEC_E_CANNOT_INSTALL: return("The security pakage failed to initialize, and cannot be installed"); case SEC_E_INVALID_TOKEN: return("The token supplied to the function is invalid"); case SEC_E_CANNOT_PACK: return("The security package is not ablle to marshall the logon buffer so the logon attempt has failed"); case SEC_E_QOP_NOT_SUPPORTED: return("The per-message Quality of Protection is not supported by the security package"); case SEC_E_NO_IMPERSONATION: return("The security context does not allow impersonation of the client"); case SEC_E_LOGON_DENIED: return("The logon attempt failed"); case SEC_E_UNKNOWN_CREDENTIALS: return("The credentials supplied to the package were not recognized"); case SEC_E_NO_CREDENTIALS: return("No credentials are available in the security package"); case SEC_E_MESSAGE_ALTERED: return("The message supplied for verification has been altered"); case SEC_E_OUT_OF_SEQUENCE: return("The message supplied for verification is out of sequence"); case SEC_E_NO_AUTHENTICATING_AUTHORITY: return("No authority could be contacted for authentication"); case SEC_I_CONTINUE_NEEDED: return("The function completed successfully, but must be called again to complete the context"); case SEC_I_COMPLETE_NEEDED: return("The function completed successfully, but CompleteToken must be called"); case SEC_I_COMPLETE_AND_CONTINUE: return("The function completed successfully, but both CompleteToken and this function must be called again"); case SEC_I_LOCAL_LOGON: return("The logon was completed, but no network authority was available. The logon was made using locally known information"); case SEC_E_BAD_PKGID: return("The requested security package does not exist"); case SEC_E_CONTEXT_EXPIRED: return("The context has expired and can no longer be used"); case SEC_E_INCOMPLETE_MESSAGE: return("The supplied message is incomplete. The signature was not verified"); case SEC_E_INCOMPLETE_CREDENTIALS: return("The credentials supplied were not complete, and could not be verified. The context could not be initialized"); case SEC_E_BUFFER_TOO_SMALL: return("The buffers supplied to the function were too small"); case SEC_I_INCOMPLETE_CREDENTIALS: return("The credentials supplied were not complete, and could not be verified. Additional information can be returned from the context"); case SEC_I_RENEGOTIATE: return("The context data must be renegotiated with the user"); case SEC_E_WRONG_PRINCIPAL: return("The context data must be renegotiated with the peer"); default: return("Unknown security error"); } } int ck_sspi_loaddll( void ) { ULONG rc = 0 ; ULONG Packages; /* receives the number of packages */ PSecPkgInfo pPackageInfo; /* receives array of information */ SECURITY_STATUS ss = SEC_E_NOT_SUPPORTED; int ntlm_found = 0; int load_error = 0; if ( isWin95() ) hSSPI = LoadLibrary("SECUR32"); else hSSPI = LoadLibrary("SECURITY") ; if ( !hSSPI ) { rc = GetLastError() ; debug(F101, "NTLM LoadLibrary failed","",rc) ; return(0); } /* when we define UNICODE we must load the Unicode version of this function */ if (((FARPROC) p_SSPI_InitSecurityInterface = GetProcAddress( hSSPI, "InitSecurityInterfaceA" )) == NULL ) { rc = GetLastError() ; debug(F111, "NTLM GetProcAddress failed", "InitSecurityInterfaceA",rc) ; load_error = 1; } else { p_SSPI_Func = p_SSPI_InitSecurityInterface(); } if ( !p_SSPI_Func ) { rc = GetLastError() ; debug(F101, "NTLM InitSecurityInterface() failed","",rc) ; load_error = 1; } else { ss = p_SSPI_Func->EnumerateSecurityPackages(&Packages, &pPackageInfo); } if ( ss != SEC_E_OK ) { debug(F101, "NTLM EnumerateSecurityPackages() failed", sspi_errstr(ss),ss) ; load_error = 1; } else { debug(F101,"Microsoft Security Providers","",Packages); for (;Packages--;) { debug(F111,pPackageInfo[Packages].Name, pPackageInfo[Packages].Comment, Packages); if ( !strcmp(NTLMSP_NAME_A,pPackageInfo[Packages].Name) ) { ntlm_found = 1; ntlm_cbMaxToken = pPackageInfo[Packages].cbMaxToken; } } p_SSPI_Func->FreeContextBuffer(pPackageInfo); } if ( !ntlm_found || load_error ) { debug(F100, "NTLM not installed","",0) ; ck_sspi_loaddll_eh(); return 0; } if ( deblog ) { if ( hSSPI ) printf("NTLM available\n"); } return(1); } int ck_ntlm_is_valid(int query_user) { extern int sstelnet; extern char szUserName[]; extern char pwbuf[]; extern int pwflg, pwcrypt; SEC_WINNT_AUTH_IDENTITY AuthIdentity; char prompt[128]; char domain[128]="",name[128]="",pwd[128]="", *p; char localuser[128]=""; DWORD dw; int len; if ( !p_SSPI_Func || (isWin95() && sstelnet) ) return(0); p_SSPI_Func->FreeCredentialHandle( &hNTLMCred ); if (!sstelnet) { len = strlen(localuser); dw = sizeof(localuser)-len; GetUserName(&localuser[len],&dw); len = strlen(szUserName); if (len > 0 && query_user) { p = szUserName + len - 1; while ( p > szUserName ) { if ( *p == '\\' || *p == '/' ) { char q; /* we found a domain */ ckstrncpy(name,p+1,sizeof(name)); q = *p; *p = '\0'; ckstrncpy(domain,szUserName,sizeof(domain)); *p = q; } p--; } if (!name[0]) ckstrncpy(name,szUserName,sizeof(name)); if (pwbuf[0] && pwflg) { ckstrncpy(pwd,pwbuf,sizeof(pwd)); #ifdef OS2 if ( pwcrypt ) ck_encrypt((char *)pwd); #endif /* OS2 */ if (!domain[0]) strcpy(domain,"."); } else { #ifdef KUI struct txtbox tb[3]; int ok; tb[0].t_buf = domain; tb[0].t_len = sizeof(domain); tb[0].t_lbl = "Domain: "; tb[0].t_dflt = domain; tb[0].t_echo = 1; tb[1].t_buf = name; tb[1].t_len = sizeof(name); tb[1].t_lbl = "Username: "; tb[1].t_dflt = name; tb[1].t_echo = 1; tb[2].t_buf = pwd; tb[2].t_len = sizeof(pwd); tb[2].t_lbl = "Passphrase: "; tb[2].t_dflt = NULL; tb[2].t_echo = 2; ok = uq_mtxt("NTLM Authentication Required\n", NULL, 3, tb); #else /* KUI */ if (!domain[0]) { ckmakmsg(prompt,sizeof(prompt),name,"'s NTLM Domain: ",NULL,NULL); readtext(prompt,domain,sizeof(domain)); } if (domain[0]) { ckmakmsg(prompt,sizeof(prompt),domain,"\\",name,"'s NTLM password: "); } else { ckmakmsg(prompt,sizeof(prompt),name,"'s NTLM password: ",NULL,NULL); strcpy(domain,"."); } readpass(prompt,pwd,sizeof(pwd)); #endif /* KUI */ } ZeroMemory( &AuthIdentity, sizeof(AuthIdentity) ); AuthIdentity.Domain = domain; AuthIdentity.DomainLength = lstrlen(domain); AuthIdentity.User = name; AuthIdentity.UserLength = lstrlen(name); AuthIdentity.Password = pwd; AuthIdentity.PasswordLength = lstrlen(pwd); AuthIdentity.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI; } } ss = p_SSPI_Func-> AcquireCredentialsHandle( NULL, NTLMSP_NAME_A, sstelnet? SECPKG_CRED_INBOUND: SECPKG_CRED_OUTBOUND, NULL, (!sstelnet && query_user && szUserName[0]) ? &AuthIdentity : NULL, NULL, NULL, (PCredHandle) &hNTLMCred, &NTLMTimeStampCred); debug(F111,"ck_ntlm_is_valid AcquireCredentialsHandle",sspi_errstr(ss),ss); return(ss == SEC_E_OK); } void ntlm_reject(int how) { unsigned char buf[12]; sprintf(buf, "%c%c%c%c%c%c%c%c%c", IAC, SB, TELOPT_AUTHENTICATION, TELQUAL_IS, authentication_version, how, NTLM_REJECT, IAC, SE); if (deblog || tn_deb || debses) { int mode = AUTH_CLIENT_TO_SERVER | (auth_how & AUTH_HOW_MASK); ckmakxmsg(tn_msg,TN_MSG_LEN, "TELNET SENT SB ", TELOPT(TELOPT_AUTHENTICATION), " IS ", AUTHTYPE_NAME(authentication_version), " ", AUTHMODE_NAME(mode), " NTLM_REJECT IAC SE", NULL,NULL,NULL,NULL,NULL ); debug(F100,tn_msg,"",0); if (tn_deb || debses) tn_debug(tn_msg); } #ifdef OS2 RequestTelnetMutex( SEM_INDEFINITE_WAIT ); #endif ttol((char *)buf, 9); #ifdef OS2 ReleaseTelnetMutex(); #endif } int ntlm_auth_send() { DWORD context_requirements = 0; if ( !p_SSPI_Func ) { debug(F110,"ntlm_auth_send() failed","NTLM not installed",0); return(-1); } // // Set up the Buffer Descriptor // NTLMSecBufDesc.ulVersion = SECBUFFER_VERSION; NTLMSecBufDesc.cBuffers = 1; NTLMSecBufDesc.pBuffers = NTLMSecBuf; NTLMSecBuf[0].cbBuffer = 1024; NTLMSecBuf[0].BufferType = SECBUFFER_TOKEN; NTLMSecBuf[0].pvBuffer = NTLMBuffer; p_SSPI_Func->DeleteSecurityContext(&hNTLMContext); memset(&hNTLMContext,0,sizeof(hNTLMContext)); memset(&NTLMContextAttrib,0,sizeof(NTLMContextAttrib)); memset(&NTLMTimeStampContext,0,sizeof(NTLMTimeStampContext)); if ( !isWin95() ) { context_requirements = #ifdef COMMENT ISC_REQ_USE_DCE_STYLE | ISC_REQ_DELEGATE | ISC_REQ_MUTUAL_AUTH | ISC_REQ_REPLAY_DETECT | ISC_REQ_SEQUENCE_DETECT | ISC_REQ_CONFIDENTIALITY | ISC_REQ_CONNECTION | ISC_REQ_USE_SESSION_KEY | ISC_REQ_EXTENDED_ERROR | NTLMSSP_REQUEST_INIT_RESPONSE | NTLMSSP_REQUEST_ACCEPT_RESPONSE | NTLMSSP_REQUEST_NON_NT_SESSION_KEY, #else ISC_REQ_USE_DCE_STYLE | ISC_REQ_DELEGATE | ISC_REQ_MUTUAL_AUTH | ISC_REQ_REPLAY_DETECT | ISC_REQ_SEQUENCE_DETECT | ISC_REQ_CONFIDENTIALITY | ISC_REQ_CONNECTION | ISC_REQ_USE_SESSION_KEY | ISC_REQ_EXTENDED_ERROR #endif ; } ss = p_SSPI_Func->InitializeSecurityContext(&hNTLMCred, 0, NULL, context_requirements, 0, SECURITY_NETWORK_DREP, 0, 0, &hNTLMContext, &NTLMSecBufDesc, &NTLMContextAttrib, &NTLMTimeStampContext); debug(F111,"ntlm_auth_send() InitializeSecurityContext", sspi_errstr(ss),ss); hexdump("ntlm_auth_send() InitializeSecurityContext Context Requirements", &context_requirements,sizeof(context_requirements)); hexdump("ntlm_auth_send() InitializeSecurityContext Context Attributes", &NTLMContextAttrib,sizeof(NTLMContextAttrib)); switch ( ss ) { case SEC_E_OK: case SEC_I_CONTINUE_NEEDED: case SEC_I_COMPLETE_AND_CONTINUE: break; default: printf("ISC: %s\n",sspi_errstr(ss)); debug(F111,"ntlm_auth_send() failed", sspi_errstr(ss),ss); return(-1); } debug(F111,"ntlm_auth_send sending","NTLMSecBuf[0].cbBuffer", NTLMSecBuf[0].cbBuffer); debug(F111,"ntlm_auth_send sending","NTLMSecBuf[0].BufferType", NTLMSecBuf[0].BufferType); hexdump("ntlm_auth_send sending NTLMSecBuf[0].pvBuffer", NTLMSecBuf[0].pvBuffer, NTLMSecBuf[0].cbBuffer); /* The rest of the work is continued in auth_send() */ return(0); } int #ifdef CK_ANSIC ntlm_reply(int how, unsigned char *data, int cnt) #else ntlm_reply(how,data,cnt) int how; unsigned char *data; int cnt; #endif { DWORD context_requirements = 0; unsigned char buf[512], *p; int length = 0, iaccnt = 0, i; data += 4; /* Point to status byte */ cnt -= 4; if(cnt < 8 && ss != SEC_E_OK) { p_SSPI_Func->DeleteSecurityContext(&hNTLMContext); p_SSPI_Func->FreeCredentialHandle( &hNTLMCred ); ntlm_reject(how); auth_finished(AUTH_REJECT); return(AUTH_FAILURE); } if ( !isWin95() ) { context_requirements = #ifdef COMMENT ISC_REQ_USE_DCE_STYLE | ISC_REQ_DELEGATE | ISC_REQ_MUTUAL_AUTH | ISC_REQ_REPLAY_DETECT | ISC_REQ_SEQUENCE_DETECT | ISC_REQ_CONFIDENTIALITY | ISC_REQ_CONNECTION | ISC_REQ_USE_SESSION_KEY | ISC_REQ_EXTENDED_ERROR | NTLMSSP_REQUEST_INIT_RESPONSE | NTLMSSP_REQUEST_ACCEPT_RESPONSE | NTLMSSP_REQUEST_NON_NT_SESSION_KEY #else ISC_REQ_USE_DCE_STYLE | ISC_REQ_DELEGATE | ISC_REQ_MUTUAL_AUTH | ISC_REQ_REPLAY_DETECT | ISC_REQ_SEQUENCE_DETECT | ISC_REQ_CONFIDENTIALITY | ISC_REQ_CONNECTION | ISC_REQ_USE_SESSION_KEY | ISC_REQ_EXTENDED_ERROR #endif ; } cnt--; switch(*data++) { case 1: /* CONTINUE */ memcpy(buf,data,cnt); p = buf; NTLMInSecBufDesc.ulVersion = SECBUFFER_VERSION; NTLMInSecBufDesc.cBuffers = 1; NTLMInSecBufDesc.pBuffers = &NTLMInSecBuf; p = (unsigned char *)&NTLMInSecBuf.cbBuffer; p[0] = *data++; p[1] = *data++; p[2] = *data++; p[3] = *data++; p = (unsigned char *)&NTLMInSecBuf.BufferType; p[0] = *data++; p[1] = *data++; p[2] = *data++; p[3] = *data++; NTLMInSecBuf.pvBuffer = data; NTLMSecBufDesc.ulVersion = SECBUFFER_VERSION; NTLMSecBufDesc.cBuffers = 1; NTLMSecBufDesc.pBuffers = NTLMSecBuf; NTLMSecBuf[0].cbBuffer = 1024; NTLMSecBuf[0].BufferType = SECBUFFER_TOKEN; NTLMSecBuf[0].pvBuffer = NTLMBuffer; debug(F111,"ntlm_reply received","NTLMInSecBuf.cbBuffer", NTLMSecBuf[0].cbBuffer); debug(F111,"ntlm_reply received","NTLMInSecBuf.BufferType", NTLMSecBuf[0].BufferType); hexdump("ntlm_reply received NTLMInSecBuf[0].pvBuffer", NTLMInSecBuf.pvBuffer, NTLMInSecBuf.cbBuffer); ss = p_SSPI_Func->InitializeSecurityContext(0, &hNTLMContext, 0, context_requirements, 0, SECURITY_NETWORK_DREP, &NTLMInSecBufDesc, 0, &hNTLMContext, &NTLMSecBufDesc, &NTLMContextAttrib, &NTLMTimeStampContext); debug(F111,"ntlm_reply InitializeSecurityContext",sspi_errstr(ss),ss); hexdump("ntlm_reply() InitializeSecurityContext Context Requirements", &context_requirements,sizeof(context_requirements)); hexdump("ntlm_reply() InitializeSecurityContext Context Attributes", &NTLMContextAttrib,sizeof(NTLMContextAttrib)); switch ( ss ) { case SEC_E_OK: case SEC_I_CONTINUE_NEEDED: case SEC_I_COMPLETE_AND_CONTINUE: break; default: debug(F111,"ntlm_auth_reply() failed",sspi_errstr(ss),ss); p_SSPI_Func->DeleteSecurityContext(&hNTLMContext); p_SSPI_Func->FreeCredentialHandle( &hNTLMCred ); ntlm_reject(how); auth_finished(AUTH_REJECT); return(AUTH_FAILURE); } sprintf(buf, "%c%c%c%c%c%c%c", IAC, SB, TELOPT_AUTHENTICATION, TELQUAL_IS, authentication_version, how, NTLM_RESPONSE); /* safe */ debug(F111,"ntlm_reply sending","NTLMSecBuf[0].cbBuffer", NTLMSecBuf[0].cbBuffer); debug(F111,"ntlm_reply sending","NTLMSecBuf[0].BufferType", NTLMSecBuf[0].BufferType); hexdump("ntlm_reply sending NTLMSecBuf[0].pvBuffer", NTLMSecBuf[0].pvBuffer, NTLMSecBuf[0].cbBuffer); for ( i=0 ; i 0) { data[cnt] = '\0'; ckmakmsg(strTmp,sizeof(strTmp),"NTLM refuses authentication (", data,")\r\n",NULL); } else { sprintf(strTmp,"NTLM refuses authentication\r\n"); } printf("NTLM authentication failed!\r\n%s\r\n",strTmp); default: auth_finished(AUTH_REJECT); accept_complete = 1; return AUTH_FAILURE; break; } #ifdef COMMENT if ( ss == SEC_E_OK ) { SecPkgContext_Sizes sizes; SecPkgContext_Names names; SecPkgContext_Lifespan lifespan; SecPkgContext_DceInfo dce; SecPkgContext_StreamSizes stream; SecPkgContext_Authority authority; SecPkgContext_KeyInfo keyinfo; SecPkgContext_ProtoInfo proto; SecPkgContext_PasswordExpiry pwd; SecPkgContext_SessionKey skey; SecPkgContext_PackageInfo pkginf; /* The Server has now authenticated the Client's User */ ss = p_SSPI_Func->QueryContextAttributes(&hNTLMContext,SECPKG_ATTR_SIZES,&sizes); debug(F111,"SSPI QueryConextAttributes SECPKG_ATTR_SIZES",sspi_errstr(ss),ss); ss = p_SSPI_Func->QueryContextAttributes(&hNTLMContext,SECPKG_ATTR_NAMES,&names); debug(F111,"SSPI QueryConextAttributes SECPKG_ATTR_NAMES",sspi_errstr(ss),ss); ss = p_SSPI_Func->QueryContextAttributes(&hNTLMContext,SECPKG_ATTR_LIFESPAN,&lifespan); debug(F111,"SSPI QueryConextAttributes SECPKG_ATTR_LIFESPAN",sspi_errstr(ss),ss); ss = p_SSPI_Func->QueryContextAttributes(&hNTLMContext,SECPKG_ATTR_DCE_INFO,&dce); debug(F111,"SSPI QueryConextAttributes SECPKG_ATTR_DCE_INFO",sspi_errstr(ss),ss); ss = p_SSPI_Func->QueryContextAttributes(&hNTLMContext,SECPKG_ATTR_STREAM_SIZES,&stream); debug(F111,"SSPI QueryConextAttributes SECPKG_ATTR_STREAM_SIZES",sspi_errstr(ss),ss); ss = p_SSPI_Func->QueryContextAttributes(&hNTLMContext,SECPKG_ATTR_KEY_INFO,&keyinfo); debug(F111,"SSPI QueryConextAttributes SECPKG_ATTR_KEY_INFO",sspi_errstr(ss),ss); ss = p_SSPI_Func->QueryContextAttributes(&hNTLMContext,SECPKG_ATTR_AUTHORITY,&authority); debug(F111,"SSPI QueryConextAttributes SECPKG_ATTR_AUTHORITY",sspi_errstr(ss),ss); ss = p_SSPI_Func->QueryContextAttributes(&hNTLMContext,SECPKG_ATTR_PROTO_INFO,&proto); debug(F111,"SSPI QueryConextAttributes SECPKG_ATTR_PROTO_INFO",sspi_errstr(ss),ss); ss = p_SSPI_Func->QueryContextAttributes(&hNTLMContext,SECPKG_ATTR_PASSWORD_EXPIRY,&pwd); debug(F111,"SSPI QueryConextAttributes SECPKG_ATTR_PASSWORD_EXPIRY",sspi_errstr(ss),ss); ss = p_SSPI_Func->QueryContextAttributes(&hNTLMContext,SECPKG_ATTR_SESSION_KEY,&skey); debug(F111,"SSPI QueryConextAttributes SECPKG_ATTR_SESSION_KEY",sspi_errstr(ss),ss); ss = p_SSPI_Func->QueryContextAttributes(&hNTLMContext,SECPKG_ATTR_PACKAGE_INFO,&pkginf); debug(F111,"SSPI QueryConextAttributes SECPKG_ATTR_PACKAGE_INFO",sspi_errstr(ss),ss); ss = SEC_E_OK; } #endif /* COMMENT */ return AUTH_SUCCESS; } int ntlm_impersonate() { if ( p_SSPI_Func ) { ss = p_SSPI_Func->ImpersonateSecurityContext( &hNTLMContext ); debug(F111,"ntlm_impersonate() ImpersonateSecurityContext","ss",ss); return(ss == SEC_E_OK); } return(0); } int ntlm_revert() { if ( p_SSPI_Func ) { ss = p_SSPI_Func->RevertSecurityContext( &hNTLMContext ); debug(F111,"ntlm_revert() RevertSecurityContext","ss",ss); return(ss == SEC_E_OK); } return(0); } int #ifdef CK_ANSIC ntlm_is(unsigned char *data, int cnt) #else ntlm_is(data,cnt) unsigned char *data; int cnt; #endif { DWORD context_requirements = 0; unsigned char buf[512], *p; int length = 0; int round = -1; int i, iaccnt = 0; data += 4; /* Point to status byte */ cnt -= 4; if (cnt < 8) { p_SSPI_Func->DeleteSecurityContext(&hNTLMContext); p_SSPI_Func->FreeCredentialHandle( &hNTLMCred ); ntlm_reject(auth_how); auth_finished(AUTH_REJECT); return(AUTH_FAILURE); } cnt--; round = *data++; debug(F111,"ntlm_is","round",round); switch(round) { case 0: case 2: NTLMInSecBufDesc.ulVersion = 0; NTLMInSecBufDesc.cBuffers = 1; NTLMInSecBufDesc.pBuffers = &NTLMInSecBuf; p = (unsigned char *)&NTLMInSecBuf.cbBuffer; p[0] = *data++; p[1] = *data++; p[2] = *data++; p[3] = *data++; cnt -= 4; debug(F111,"ntlm_is","NTLMInSecBuf.cbBuffer",NTLMInSecBuf.cbBuffer); p = (unsigned char *)&NTLMInSecBuf.BufferType; p[0] = *data++; p[1] = *data++; p[2] = *data++; p[3] = *data++; cnt -= 4; debug(F111,"ntlm_is","NTLMInSecBuf.BufferType",NTLMInSecBuf.BufferType); hexdump("ntlm_is received NTLMInSecBuf.pvBuffer",data,cnt); NTLMInSecBuf.pvBuffer = data; NTLMSecBufDesc.ulVersion = SECBUFFER_VERSION; NTLMSecBufDesc.cBuffers = 1; NTLMSecBufDesc.pBuffers = NTLMSecBuf; NTLMSecBuf[0].cbBuffer = 1024; NTLMSecBuf[0].BufferType = SECBUFFER_TOKEN; NTLMSecBuf[0].pvBuffer = NTLMBuffer; if ( !isWin95() ) { context_requirements = #ifdef COMMENT ASC_REQ_USE_DCE_STYLE | ASC_REQ_DELEGATE | ASC_REQ_MUTUAL_AUTH | ASC_REQ_REPLAY_DETECT | ASC_REQ_SEQUENCE_DETECT | ASC_REQ_CONFIDENTIALITY | ASC_REQ_CONNECTION | ASC_REQ_USE_SESSION_KEY | ASC_REQ_EXTENDED_ERROR | NTLMSSP_REQUEST_INIT_RESPONSE | NTLMSSP_REQUEST_ACCEPT_RESPONSE | NTLMSSP_REQUEST_NON_NT_SESSION_KEY #else ASC_REQ_USE_DCE_STYLE | ASC_REQ_MUTUAL_AUTH | ASC_REQ_DELEGATE | ASC_REQ_SEQUENCE_DETECT | ASC_REQ_CONFIDENTIALITY | ASC_REQ_CONNECTION | ASC_REQ_USE_SESSION_KEY | ASC_REQ_EXTENDED_ERROR #endif ; } ss = p_SSPI_Func-> AcceptSecurityContext( #ifdef COMMENT round == 0 ? &hNTLMCred : 0, #else COMMENT &hNTLMCred, #endif /* COMMENT */ round == 2 ? &hNTLMContext : 0, &NTLMInSecBufDesc, context_requirements, SECURITY_NETWORK_DREP, &hNTLMContext, &NTLMSecBufDesc, &NTLMContextAttrib, &NTLMTimeStampContext); hexdump("ntlm_is() AcceptSecurityContext Context Requirements", &context_requirements,sizeof(context_requirements)); hexdump("ntlm_is() AcceptSecurityContext Context Attributes", &NTLMContextAttrib,sizeof(NTLMContextAttrib)); debug(F111,"ntlm_is AcceptSecurityContext",sspi_errstr(ss),ss); switch ( ss ) { case SEC_I_CONTINUE_NEEDED: case SEC_I_COMPLETE_AND_CONTINUE: sprintf(buf, "%c%c%c%c%c%c%c", IAC, SB, TELOPT_AUTHENTICATION, TELQUAL_REPLY, authentication_version, auth_how, NTLM_CHALLENGE); /* safe */ for ( i=0 ; iImpersonateSecurityContext( &hNTLMContext ); debug(F111,"ntlm_is ImpersonateSecurityContext",sspi_errstr(ss),ss); if ( ss == SEC_E_OK ) { sprintf(buf, "%c%c%c%c%c%c%c", IAC, SB, TELOPT_AUTHENTICATION, TELQUAL_REPLY, authentication_version, auth_how, NTLM_ACCEPT); /* safe */ ss = p_SSPI_Func->RevertSecurityContext( &hNTLMContext ); debug(F111,"ntlm_is RevertSecurityContext",sspi_errstr(ss),ss); break; } /* If there was an error Impersonating, fall through */ default: printf("?NTLM Accept failed: %s\r\n",sspi_errstr(ss)); p_SSPI_Func->DeleteSecurityContext(&hNTLMContext); p_SSPI_Func->FreeCredentialHandle( &hNTLMCred ); length = strlen(sspi_errstr(ss)); if ( length + 10 >= sizeof(buf) ) length = 0; sprintf(buf, "%c%c%c%c%c%c%c%s", IAC, SB, TELOPT_AUTHENTICATION, TELQUAL_REPLY, authentication_version, auth_how, NTLM_REJECT, (length ? sspi_errstr(ss) : "")); /* safe */ } sprintf(&buf[7+length], "%c%c", IAC, SE); /* safe */ if (deblog || tn_deb || debses) { int i; int mode = AUTH_CLIENT_TO_SERVER | (auth_how & AUTH_HOW_MASK); char * s = NULL; switch (buf[6]) { case NTLM_CHALLENGE: s = "NTLM_CHALLENGE"; break; case NTLM_ACCEPT: s = "NTLM_ACCEPT"; break; case NTLM_REJECT: s = "NTLM_REJECT"; break; } ckmakxmsg(tn_msg,TN_MSG_LEN, "TELNET SENT SB ", TELOPT(TELOPT_AUTHENTICATION), " REPLY ", AUTHTYPE_NAME(authentication_version), " ", AUTHMODE_NAME(mode), " ", s," ", NULL,NULL,NULL); tn_hex(tn_msg,TN_MSG_LEN,&buf[7],length); ckstrncat(tn_msg,"IAC SE",TN_MSG_LEN); debug(F100,tn_msg,"",0); if (tn_deb || debses) tn_debug(tn_msg); } #ifdef OS2 RequestTelnetMutex( SEM_INDEFINITE_WAIT ); #endif ttol((char *)buf, length+9); #ifdef OS2 ReleaseTelnetMutex(); #endif } switch (buf[6]) { case NTLM_ACCEPT: { char * p; SecPkgContext_Sizes sizes; SecPkgContext_Names names; SecPkgContext_Lifespan lifespan; SecPkgContext_DceInfo dce; SecPkgContext_StreamSizes stream; SecPkgContext_Authority authority; SecPkgContext_KeyInfo keyinfo; SecPkgContext_ProtoInfo proto; SecPkgContext_PasswordExpiry pwd; SecPkgContext_SessionKey skey; SecPkgContext_PackageInfo pkginf; #ifdef IKSD extern CHAR * pReferenceDomainName; extern int inserver; #endif /* IKSD */ /* The Server has now authenticated the Client's User */ p_SSPI_Func->QueryContextAttributes(&hNTLMContext,SECPKG_ATTR_SIZES,&sizes); p_SSPI_Func->QueryContextAttributes(&hNTLMContext,SECPKG_ATTR_NAMES,&names); p_SSPI_Func->QueryContextAttributes(&hNTLMContext,SECPKG_ATTR_LIFESPAN,&lifespan); p_SSPI_Func->QueryContextAttributes(&hNTLMContext,SECPKG_ATTR_DCE_INFO,&dce); p_SSPI_Func->QueryContextAttributes(&hNTLMContext,SECPKG_ATTR_STREAM_SIZES,&stream); p_SSPI_Func->QueryContextAttributes(&hNTLMContext,SECPKG_ATTR_KEY_INFO,&keyinfo); p_SSPI_Func->QueryContextAttributes(&hNTLMContext,SECPKG_ATTR_AUTHORITY,&authority); p_SSPI_Func->QueryContextAttributes(&hNTLMContext,SECPKG_ATTR_PROTO_INFO,&proto); p_SSPI_Func->QueryContextAttributes(&hNTLMContext,SECPKG_ATTR_PASSWORD_EXPIRY,&pwd); p_SSPI_Func->QueryContextAttributes(&hNTLMContext,SECPKG_ATTR_SESSION_KEY,&skey); p_SSPI_Func->QueryContextAttributes(&hNTLMContext,SECPKG_ATTR_PACKAGE_INFO,&pkginf); #ifdef IKSD /* Format of sUserName is HOST\user or DOMAIN\user */ if ( !inserver ) { p = names.sUserName + strlen(names.sUserName); while ( p != names.sUserName ) { if ( *p == '\\' ) { *p = '\0'; makestr(&pReferenceDomainName,names.sUserName); *p = '\\'; p++; break; } p--; } } else #endif /* IKSD */ { /* Let the Reference Domain Name be extracted by zvuser() */ /* if we are running as IKSD */ p = names.sUserName; } ckstrncpy(szUserNameRequested,p,UIDBUFLEN); cklower(szUserNameRequested); ckstrncpy(szUserNameAuthenticated,names.sUserName,UIDBUFLEN); auth_finished(AUTH_VALID); accept_complete = 1; return AUTH_SUCCESS; } case NTLM_REJECT: auth_finished(AUTH_REJECT); return(AUTH_FAILURE); case NTLM_CHALLENGE: return AUTH_SUCCESS; } return AUTH_FAILURE; } /* The following code is used to implement the SSPLogonUser() function */ // structure storing the state of the authentication sequence // int SSPLogonError = SEC_E_OK; typedef struct _AUTH_SEQ { BOOL _fNewConversation; CredHandle _hcred; BOOL _fHaveCredHandle; BOOL _fHaveCtxtHandle; struct _SecHandle _hctxt; } AUTH_SEQ, *PAUTH_SEQ; typedef struct _node_tag { DWORD dwKey; PVOID *pData; struct _node_tag *pNext; } NODE, *PNODE; static NODE Head = {(DWORD)-1, NULL, NULL}; BOOL GetEntry (DWORD dwKey, PVOID *ppData) { PNODE pCurrent; pCurrent = Head.pNext; while (NULL != pCurrent) { if (dwKey == pCurrent->dwKey) { *ppData = pCurrent->pData; return(TRUE); } pCurrent = pCurrent->pNext; } return(FALSE); } BOOL AddEntry (DWORD dwKey, PVOID pData) { PNODE pTemp; pTemp = (PNODE) malloc (sizeof (NODE)); if (NULL == pTemp) { return(FALSE); } pTemp->dwKey = dwKey; pTemp->pData = pData; pTemp->pNext = Head.pNext; Head.pNext = pTemp; return(TRUE); } BOOL DeleteEntry (DWORD dwKey, PVOID *ppData) { PNODE pCurrent, pTemp; pTemp = &Head; pCurrent = Head.pNext; while (NULL != pCurrent) { if (dwKey == pCurrent->dwKey) { pTemp->pNext = pCurrent->pNext; *ppData = pCurrent->pData; free (pCurrent); return(TRUE); } else { pTemp = pCurrent; pCurrent = pCurrent->pNext; } } return(FALSE); } BOOL InitSession (DWORD dwKey) /*++ Routine Description: Initializes the context associated with a key and adds it to the collection. Return Value: Returns TRUE is successful; otherwise FALSE is returned. --*/ { PAUTH_SEQ pAS; pAS = (PAUTH_SEQ) malloc (sizeof (AUTH_SEQ)); if (NULL == pAS) return(FALSE); pAS->_fNewConversation = TRUE; pAS->_fHaveCredHandle = FALSE; pAS->_fHaveCtxtHandle = FALSE; if (!AddEntry (dwKey, (PVOID)pAS)) { free (pAS); return(FALSE); } return(TRUE); } BOOL TermSession (DWORD dwKey) /*++ Routine Description: Releases the resources associated with a key and removes it from the collection. Return Value: Returns TRUE is successful; otherwise FALSE is returned. --*/ { PAUTH_SEQ pAS; if (!DeleteEntry (dwKey, (LPVOID*)&pAS)) return(FALSE); if (pAS->_fHaveCtxtHandle) { SSPLogonError = p_SSPI_Func->DeleteSecurityContext (&pAS->_hctxt); debug(F111,"TermSession DeleteSecurityContext", sspi_errstr(SSPLogonError),SSPLogonError); } if (pAS->_fHaveCredHandle) { SSPLogonError = p_SSPI_Func->FreeCredentialHandle (&pAS->_hcred); debug(F111,"TermSession FreeCredentials Handle", sspi_errstr(SSPLogonError),SSPLogonError); } free (pAS); return(TRUE); } BOOL GenClientContext ( DWORD dwKey, SEC_WINNT_AUTH_IDENTITY *pAuthIdentity, BYTE *pIn, DWORD cbIn, BYTE *pOut, DWORD *pcbOut, BOOL *pfDone) /*++ Routine Description: Optionally takes an input buffer coming from the server and returns a buffer of information to send back to the server. Also returns an indication of whether or not the context is complete. Return Value: Returns TRUE is successful; otherwise FALSE is returned. --*/ { SECURITY_STATUS ss; TimeStamp Lifetime; SecBufferDesc OutBuffDesc; SecBuffer OutSecBuff; SecBufferDesc InBuffDesc; SecBuffer InSecBuff; ULONG ContextAttributes; PAUTH_SEQ pAS; // Lookup pAS based on Key // if (!GetEntry (dwKey, (PVOID*) &pAS)) { debug(F110,"GenClientContext","GetEntry failed",0); return(FALSE); } if (pAS->_fNewConversation) { ss = p_SSPI_Func->AcquireCredentialsHandle (NULL, // principal NTLMSP_NAME_A, SECPKG_CRED_OUTBOUND, NULL, // LOGON id pAuthIdentity, // auth data NULL, // get key fn NULL, // get key arg &pAS->_hcred, &Lifetime ); debug(F111,"GenClientContext AcquireCredentialsHandle",sspi_errstr(ss),ss); if (ss >= 0) pAS->_fHaveCredHandle = TRUE; else { SSPLogonError = ss; return(FALSE); } } // prepare output buffer // OutBuffDesc.ulVersion = 0; OutBuffDesc.cBuffers = 1; OutBuffDesc.pBuffers = &OutSecBuff; OutSecBuff.cbBuffer = *pcbOut; OutSecBuff.BufferType = SECBUFFER_TOKEN; OutSecBuff.pvBuffer = pOut; // prepare input buffer // if (!pAS->_fNewConversation) { InBuffDesc.ulVersion = 0; InBuffDesc.cBuffers = 1; InBuffDesc.pBuffers = &InSecBuff; InSecBuff.cbBuffer = cbIn; InSecBuff.BufferType = SECBUFFER_TOKEN; InSecBuff.pvBuffer = pIn; } ss = p_SSPI_Func->InitializeSecurityContext ( &pAS->_hcred, pAS->_fNewConversation ? NULL : &pAS->_hctxt, NULL, 0, // context requirements 0, // reserved1 SECURITY_NATIVE_DREP, pAS->_fNewConversation ? NULL : &InBuffDesc, 0, // reserved2 &pAS->_hctxt, &OutBuffDesc, &ContextAttributes, &Lifetime ); if ( pAS->_fNewConversation ) debug(F111,"GenClientContext InitializeSecurityContext (new conversation)",sspi_errstr(ss),ss); else debug(F111,"GenClientContext InitializeSecurityContext (old conversation)",sspi_errstr(ss),ss); if (ss < 0) { SSPLogonError = ss; return FALSE; } pAS->_fHaveCtxtHandle = TRUE; // Complete token -- if applicable // if ((SEC_I_COMPLETE_NEEDED == ss) || (SEC_I_COMPLETE_AND_CONTINUE == ss)) { if (p_SSPI_Func->CompleteAuthToken) { ss = p_SSPI_Func->CompleteAuthToken (&pAS->_hctxt, &OutBuffDesc); debug(F111,"GenClientContext CompleteAuthToken",sspi_errstr(ss),ss); if (ss < 0) { SSPLogonError = ss; return FALSE; } } else { SSPLogonError = SEC_E_UNSUPPORTED_FUNCTION; debug(F110,"GenClientContext CompleteAuthToken missing","Logon not supported",0); return FALSE; } } *pcbOut = OutSecBuff.cbBuffer; if (pAS->_fNewConversation) pAS->_fNewConversation = FALSE; *pfDone = !((SEC_I_CONTINUE_NEEDED == ss) || (SEC_I_COMPLETE_AND_CONTINUE == ss)); SSPLogonError = SEC_E_OK; return TRUE; } BOOL GenServerContext ( DWORD dwKey, BYTE *pIn, DWORD cbIn, BYTE *pOut, DWORD *pcbOut, BOOL *pfDone, CtxtHandle * phContext) /*++ Routine Description: Takes an input buffer coming from the client and returns a buffer to be sent to the client. Also returns an indication of whether or not the context is complete. Return Value: Returns TRUE is successful; otherwise FALSE is returned. --*/ { SECURITY_STATUS ss; TimeStamp Lifetime; SecBufferDesc OutBuffDesc; SecBuffer OutSecBuff; SecBufferDesc InBuffDesc; SecBuffer InSecBuff; ULONG ContextAttributes; PAUTH_SEQ pAS; // Lookup pAS based on Key // if (!GetEntry (dwKey, (PVOID*) &pAS)) { SSPLogonError = SEC_E_INVALID_HANDLE; debug(F110,"GenServerContext","GetEntry failed",0); return(FALSE); } if (pAS->_fNewConversation) { ss = p_SSPI_Func->AcquireCredentialsHandle ( NULL, // principal NTLMSP_NAME_A, SECPKG_CRED_INBOUND, NULL, // LOGON id NULL, // auth data NULL, // get key fn NULL, // get key arg &pAS->_hcred, &Lifetime ); debug(F111,"GenServerContext AcquireCredentialsHandle()", sspi_errstr(ss),ss); if (ss >= 0) pAS->_fHaveCredHandle = TRUE; else { SSPLogonError = ss; return(FALSE); } } // prepare output buffer // OutBuffDesc.ulVersion = 0; OutBuffDesc.cBuffers = 1; OutBuffDesc.pBuffers = &OutSecBuff; OutSecBuff.cbBuffer = *pcbOut; OutSecBuff.BufferType = SECBUFFER_TOKEN; OutSecBuff.pvBuffer = pOut; // prepare input buffer // InBuffDesc.ulVersion = 0; InBuffDesc.cBuffers = 1; InBuffDesc.pBuffers = &InSecBuff; InSecBuff.cbBuffer = cbIn; InSecBuff.BufferType = SECBUFFER_TOKEN; InSecBuff.pvBuffer = pIn; ss = p_SSPI_Func->AcceptSecurityContext ( &pAS->_hcred, pAS->_fNewConversation ? NULL : &pAS->_hctxt, &InBuffDesc, 0, // context requirements SECURITY_NATIVE_DREP, &pAS->_hctxt, &OutBuffDesc, &ContextAttributes, &Lifetime ); if ( pAS->_fNewConversation ) debug(F111,"GenServerContext AcceptSecurityContext() (new conversation)", sspi_errstr(ss),ss); else debug(F111,"GenServerContext AcceptSecurityContext() (old conversation)", sspi_errstr(ss),ss); if (ss < 0) { SSPLogonError = ss; return FALSE; } pAS->_fHaveCtxtHandle = TRUE; // Complete token -- if applicable // if ((SEC_I_COMPLETE_NEEDED == ss) || (SEC_I_COMPLETE_AND_CONTINUE == ss)) { if (p_SSPI_Func->CompleteAuthToken) { ss = p_SSPI_Func->CompleteAuthToken (&pAS->_hctxt, &OutBuffDesc); debug(F111,"GenServerContext CompleteAuthToken()", sspi_errstr(ss),ss); if (ss < 0) { SSPLogonError = ss; return FALSE; } } else { SSPLogonError = SEC_E_UNSUPPORTED_FUNCTION; debug(F110,"GenServerContext CompleteAuthToken missing", "Logon Not Supported",0); return FALSE; } } *pcbOut = OutSecBuff.cbBuffer; if (pAS->_fNewConversation) pAS->_fNewConversation = FALSE; *pfDone = !((SEC_I_CONTINUE_NEEDED == ss) || (SEC_I_COMPLETE_AND_CONTINUE == ss)); if (*pfDone && phContext) { haveNTLMContext = 1; memcpy(phContext,&pAS->_hctxt,sizeof(CtxtHandle)); ZeroMemory(&pAS->_hctxt,sizeof(CtxtHandle)); pAS->_fHaveCtxtHandle = FALSE; } SSPLogonError = SEC_E_OK; return TRUE; } void ntlm_logout() { if ( haveNTLMContext ) { p_SSPI_Func->RevertSecurityContext(&hNTLMContext); p_SSPI_Func->DeleteSecurityContext(&hNTLMContext); } haveNTLMContext = 0; SSPLogonError = SEC_E_OK; } BOOL SSPLogonUser( LPTSTR DomainName, LPTSTR UserName, LPTSTR Password ) { BOOL done = FALSE; DWORD cbOut, cbIn; char szUser[80]; DWORD cbUser = 80; SEC_WINNT_AUTH_IDENTITY AuthIdentity; if ( !p_SSPI_Func ) { SSPLogonError = SEC_E_SECPKG_NOT_FOUND; debug(F110,"SSPLogonUser","NTLM SSPI not installed",0); return(FALSE); } if(!InitSession(0)) { debug(F110,"SSPLogonUser","unable to Init Session 0",0); SSPLogonError = SEC_E_INTERNAL_ERROR; return(FALSE); } if(!InitSession(1)) { debug(F110,"SSPLogonUser","unable to Init Session 1",0); SSPLogonError = SEC_E_INTERNAL_ERROR; return(FALSE); } ntlm_pClientBuf = (PBYTE) malloc(ntlm_cbMaxToken); ntlm_pServerBuf = (PBYTE) malloc(ntlm_cbMaxToken); if ( haveNTLMContext ) { SSPLogonError = p_SSPI_Func->DeleteSecurityContext(&hNTLMContext); debug(F110,"SSPLogonUser DeleteSecurityContext",sspi_errstr(SSPLogonError),SSPLogonError); } ZeroMemory( &hNTLMContext,sizeof(hNTLMContext)); ZeroMemory( &AuthIdentity, sizeof(AuthIdentity) ); if ( DomainName != NULL ) { AuthIdentity.Domain = DomainName; AuthIdentity.DomainLength = lstrlen(DomainName); } if ( UserName != NULL ) { AuthIdentity.User = UserName; AuthIdentity.UserLength = lstrlen(UserName); } if ( Password != NULL ) { AuthIdentity.Password = Password; AuthIdentity.PasswordLength = lstrlen(Password); } #ifdef UNICODE AuthIdentity.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE; #else AuthIdentity.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI; #endif // // Prepare client message (negotiate). // cbOut = ntlm_cbMaxToken; if (!GenClientContext (0, &AuthIdentity, NULL, 0, ntlm_pClientBuf, &cbOut, &done)) { debug(F111,"SSPLogonUser","GenClientContext failed (negotiate)", SSPLogonError); return(FALSE); } cbIn = cbOut; // // Prepare server message (challenge). // cbOut = ntlm_cbMaxToken; if (!GenServerContext (1, ntlm_pClientBuf, cbIn, ntlm_pServerBuf, &cbOut, &done, NULL)) { // // Most likely failure: AcceptServerContext fails with // SEC_E_LOGON_DENIED in the case of bad username or password // // Unexpected Result: Logon will succeed if you pass in a bad // username and the guest account is enabled in the specified // domain. // debug(F111,"SSPLogonUser","GenServerContext failed (challenge)", SSPLogonError); return(FALSE); } cbIn = cbOut; // // Prepare client message (authenticate). // cbOut = ntlm_cbMaxToken; if (!GenClientContext (0, &AuthIdentity, ntlm_pServerBuf, cbIn, ntlm_pClientBuf, &cbOut, &done)) { debug(F111,"SSPLogonUser","GenClientContext failed (authenticate)", SSPLogonError); return(FALSE); } cbIn = cbOut; // // Prepare server message (authentication). // cbOut = ntlm_cbMaxToken; if (!GenServerContext (1, ntlm_pClientBuf, cbIn, ntlm_pServerBuf, &cbOut, &done, &hNTLMContext)) { debug(F111,"SSPLogonUser","GenServerContext failed (authentication)", SSPLogonError); return(FALSE); } TermSession(0); TermSession(1); free(ntlm_pClientBuf); free(ntlm_pServerBuf); SSPLogonError = SEC_E_OK; return(TRUE); } #endif /* NTLM */ #ifdef NT HINSTANCE hKRB5_32 = NULL; HINSTANCE hKRB4_32 = NULL; HINSTANCE hCOMERR32 = NULL; HINSTANCE hPROFILE = NULL; HINSTANCE hKRB42UID = NULL; HINSTANCE hKRB52UID = NULL; HINSTANCE hGSSAPI = NULL; HINSTANCE hKRB524 = NULL; #else /* NT */ HMODULE hKRB5_32 = NULL; HMODULE hKRB4_32 = NULL; HMODULE hCOMERR32 = NULL; HMODULE hPROFILE = NULL; HMODULE hKRB42UID = NULL; HMODULE hKRB52UID = NULL; HMODULE hGSSAPI = NULL; HMODULE hEMX = NULL; #endif /* NT */ static int cygnus = 0; static void ck_krb4_loaddll_eh( void ) { if ( hKRB4_32 ) { #ifdef NT FreeLibrary(hKRB4_32); hKRB4_32 = NULL; #else /* NT */ DosFreeModule(hKRB4_32); hKRB4_32 = 0; #endif /* NT */ } if ( hKRB42UID ) { #ifdef NT FreeLibrary(hKRB42UID); hKRB42UID = NULL; #else /* NT */ DosFreeModule(hKRB42UID); hKRB42UID = 0; #endif /* NT */ } #ifdef KRB4 p_krb_get_err_text_entry = NULL; p_krb_get_cred = NULL; p_krb_mk_req = NULL; p_krb_realmofhost = NULL; p_krb_get_phost = NULL; p_k4_des_new_random_key = NULL; p_k4_des_set_random_generator_seed = NULL; p_k4_des_key_sched = NULL; p_k4_des_ecb_encrypt = NULL; p_k4_des_pcbc_encrypt = NULL; p_k4_des_string_to_key = NULL; p_k4_des_fixup_key_parity = NULL; p_krb_get_pw_in_tkt = NULL; p_krb_get_pw_in_tkt_preauth = NULL; p_krb_get_lrealm = NULL; p_krb_get_err_text = NULL; p_kname_parse = NULL; p_dest_tkt = NULL; p_krb_get_tf_realm = NULL; p_krb_get_tf_fullname = NULL; p_tf_get_pname = NULL; p_tf_get_pinst = NULL; p_tf_get_cred = NULL; p_tf_close = NULL; p_tf_init = NULL; p_tkt_string = NULL; p_krb_check_serv = NULL; p_kuserok = NULL; p_krb_kntoln = NULL; p_krb_rd_req = NULL; p_krb_sendauth = NULL; p_set_krb_debug = NULL; p_set_krb_ap_req_debug = NULL; p_krb_mk_safe = NULL; p_krb_mk_priv = NULL; p_krb_rd_priv = NULL; p_krb_rd_safe = NULL; p_krb_in_tkt = NULL; p_krb_save_credentials = NULL; p_k95_k4_princ_to_userid = NULL; p_k95_k4_userok = NULL; #endif /* KRB4 */ } static void ck_krb5_loaddll_eh( void ) { #ifdef OS2ONLY if ( hEMX ) { DosFreeModule(hEMX); hEMX = 0; } #endif /* OS2 */ if ( hPROFILE ) { #ifdef NT FreeLibrary(hPROFILE); hPROFILE = NULL; #else /* NT */ DosFreeModule(hPROFILE); hPROFILE = 0; #endif /* NT */ } if ( hKRB5_32 ) { #ifdef NT FreeLibrary(hKRB5_32); hKRB5_32 = NULL; #else /* NT */ DosFreeModule(hKRB5_32); hKRB5_32 = 0; #endif /* NT */ } if ( hCOMERR32 ) { #ifdef NT FreeLibrary(hCOMERR32); hCOMERR32 = NULL; #else /* NT */ DosFreeModule(hCOMERR32); hCOMERR32 = 0; #endif /* NT */ } #ifdef NT if ( hKRB524 ) { FreeLibrary(hKRB524); hKRB524 = NULL; } #endif /* NT */ if ( hKRB52UID ) { #ifdef NT FreeLibrary(hKRB52UID); hKRB52UID = NULL; #else /* NT */ DosFreeModule(hKRB52UID); hKRB52UID = 0; #endif /* NT */ } cygnus = 0; #ifdef KRB5 p_com_err = NULL; p_com_err_va = NULL; p_error_message = NULL; p_krb5_free_creds = NULL; p_krb5_free_data = NULL; p_krb5_free_data_contents = NULL; p_krb5_copy_keyblock = NULL; p_krb5_free_keyblock = NULL; p_krb5_auth_con_getlocalsubkey = NULL; p_krb5_mk_req_extended = NULL; p_krb5_mk_req = NULL; p_krb5_auth_con_setflags = NULL; p_krb5_auth_con_init = NULL; p_krb5_auth_con_free = NULL; p_krb5_get_credentials = NULL; p_krb5_free_cred_contents = NULL; p_krb5_sname_to_principal = NULL; p_krb5_cc_default = NULL; p_krb5_free_ap_rep_enc_part = NULL; p_krb5_rd_rep = NULL; p_krb5_init_context = NULL; p_krb5_init_ets = NULL; p_krb5_free_context = NULL; p_krb5_free_principal = NULL; p_krb5_free_unparsed_name = NULL; p_krb5_fwd_tgt_creds = NULL; p_krb5_auth_con_genaddrs = NULL; p_des_new_random_key = NULL; p_des_set_random_generator_seed = NULL; p_des_key_sched = NULL; p_des_ecb_encrypt = NULL; p_des_pcbc_encrypt = NULL; p_des_string_to_key = NULL; p_des_fixup_key_parity = NULL; p_krb5_get_host_realm = NULL; p_krb5_free_host_realm = NULL; p_krb5_get_in_tkt_with_keytab = NULL; p_krb5_get_in_tkt_with_password = NULL; p_krb5_read_password = NULL; p_krb5_build_principal_ext = NULL; p_krb5_unparse_name = NULL; p_krb5_parse_name = NULL; p_krb5_cc_resolve = NULL; p_krb5_cc_default_name = NULL; p_krb5_string_to_timestamp = NULL; p_krb5_kt_resolve = NULL; p_krb5_string_to_deltat = NULL; p_krb5_timeofday = NULL; p_krb5_get_credentials_renew = NULL; p_krb5_get_credentials_validate = NULL; p_krb5_copy_principal = NULL; p_krb5_timestamp_to_sfstring = NULL; p_krb5_kt_default = NULL; p_krb5_free_ticket = NULL; p_decode_krb5_ticket = NULL; p_cygnus_decode_krb5_ticket = NULL; #ifdef CHECKADDRS p_krb5_os_localaddr = NULL; p_krb5_address_search = NULL; p_krb5_free_addresses = NULL; #endif /* CHECKADDRS */ p_krb5_auth_con_getremotesubkey = NULL; p_krb5_mk_rep = NULL; p_krb5_free_authenticator = NULL; p_krb5_verify_checksum = NULL; p_krb5_auth_con_getkey = NULL; p_krb5_auth_con_getauthenticator = NULL; p_krb5_rd_req = NULL; p_krb5_auth_con_setrcache = NULL; p_krb5_get_server_rcache = NULL; p_krb5_auth_con_getrcache = NULL; p_krb5_free_tgt_creds = NULL; p_krb5_rd_cred = NULL; p_krb5_c_enctype_compare = NULL; p_krb5_free_error = NULL; p_krb5_sendauth = NULL; p_krb5_process_key = NULL; p_krb5_use_enctype = NULL; p_krb5_encrypt = NULL; p_krb5_encrypt_size = NULL; p_krb5_decrypt = NULL; p_krb5_kuserok = NULL; p_krb5_appdefault_boolean = NULL; p_krb5_appdefault_string = NULL; p_krb5_get_init_creds_password = NULL; p_krb5_get_init_creds_opt_set_address_list = NULL; p_krb5_get_renewed_creds = NULL; p_krb5_get_validated_creds = NULL; p_krb5_get_init_creds_opt_set_tkt_life = NULL; p_krb5_get_init_creds_opt_set_forwardable = NULL; p_krb5_get_init_creds_opt_set_proxiable = NULL; p_krb5_get_init_creds_opt_set_renew_life = NULL; p_krb5_get_init_creds_opt_init = NULL; p_krb5_get_init_creds_opt_set_etype_list = NULL; p_krb5_get_init_creds_opt_set_preauth_list = NULL; p_krb5_get_init_creds_opt_set_salt = NULL; p_krb5_rd_safe = NULL; p_krb5_mk_safe = NULL; p_krb5_rd_priv = NULL; p_krb5_mk_priv = NULL; p_krb5_auth_con_setuseruserkey = NULL; p_krb5_get_profile = NULL; p_profile_get_subsection_names = NULL; p_profile_get_relation_names = NULL; p_k95_k5_principal_to_localname = NULL; p_k95_k5_userok = NULL; p_krb5_free_keyblock_contents = NULL; p_krb5_c_encrypt = NULL; p_krb5_c_decrypt = NULL; p_krb5_c_make_random_key = NULL; p_krb5_c_random_seed = NULL; p_krb5_c_encrypt_length = NULL; p_krb5_c_block_size = NULL; p_krb5_kt_default_name = NULL; p_krb5_cc_get_principal = NULL; p_krb5_cc_store_cred = NULL; p_krb5_cc_initialize = NULL; p_krb5_cc_destroy = NULL; p_krb5_cc_end_seq_get = NULL; p_krb5_cc_next_cred = NULL; p_krb5_cc_start_seq_get = NULL; p_krb5_cc_get_type = NULL; p_krb5_cc_get_name = NULL; p_krb5_cc_set_flags = NULL; p_krb5_cc_close = NULL; p_krb5_kt_get_type = NULL; p_krb5_kt_get_name = NULL; p_krb5_kt_close = NULL; p_krb5_kt_get_entry = NULL; p_krb5_kt_start_seq_get = NULL; p_krb5_kt_next_entry = NULL; p_krb5_kt_end_seq_get = NULL; p_krb5_build_principal = NULL; p_krb524_init_ets = NULL; p_krb524_convert_creds_kdc = NULL; #endif /* KRB5 */ } int ck_krb4_loaddll( void ) { #ifdef KRB4 ULONG rc = 0 ; int load_error = 0, len; #ifdef OS2ONLY CHAR *exe_path; CHAR path[256]; CHAR * dllname = "KRB4_32"; #endif /* OS2ONLY */ #ifdef NT HINSTANCE hLEASH; if ( !(hKRB4_32 = LoadLibrary("KRBV4W32")) ) { rc = GetLastError() ; debug(F111, "Kerberos LoadLibrary failed","KRBV4W32",rc) ; ck_krb4_loaddll_eh(); } if ( !hKRB4_32 && !(hKRB4_32 = LoadLibrary("KRB4_32"))) { rc = GetLastError() ; debug(F111, "Kerberos LoadLibrary failed","KRB4_32",rc) ; ck_krb4_loaddll_eh(); } if (hKRB4_32) { debug(F100,"Kerberos IV support provided by MIT Leash","",0); if (((FARPROC) p_krb_get_err_text_entry = GetProcAddress( hKRB4_32, "get_krb_err_txt_entry" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed","get_krb_err_txt_entry",rc); load_error = 1; } if (((FARPROC) p_krb_get_cred = GetProcAddress( hKRB4_32, "krb_get_cred" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed","krb_get_cred",rc) ; load_error = 1; } if (((FARPROC) p_krb_mk_req = GetProcAddress( hKRB4_32, "krb_mk_req" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed","krb_mk_req",rc) ; load_error = 1; } if (((FARPROC) p_krb_realmofhost = GetProcAddress( hKRB4_32, "krb_realmofhost" )) == NULL ) { rc = GetLastError() ; debug(F111,"Kerberos GetProcAddress failed","krb_realmofhost",rc); load_error = 1; } if (((FARPROC) p_krb_get_phost = GetProcAddress( hKRB4_32, "krb_get_phost" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed","krb_get_phost",rc) ; load_error = 1; } /* The DES functions are not required. But if we do not have */ /* them and do not have the CRYPT DLL we will not be able to */ /* perform mutual authentication. */ if (((FARPROC) p_k4_des_ecb_encrypt = GetProcAddress( hKRB4_32, "des_ecb_encrypt" )) == NULL ) { rc = GetLastError() ; debug(F111,"Kerberos GetProcAddress failed","des_ecb_encrypt",rc); } if (((FARPROC) p_k4_des_pcbc_encrypt = GetProcAddress( hKRB4_32, "des_pcbc_encrypt" )) == NULL ) { rc = GetLastError() ; debug(F111,"Kerberos GetProcAddress failed","des_pcbc_encrypt",rc); } if (((FARPROC) p_k4_des_new_random_key = GetProcAddress( hKRB4_32, "des_new_random_key" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed","des_new_random_key",rc) ; } if (((FARPROC) p_k4_des_key_sched = GetProcAddress( hKRB4_32, "des_key_sched" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed","des_key_sched",rc) ; } if (((FARPROC) p_k4_des_set_random_generator_seed = GetProcAddress(hKRB4_32,"des_set_random_generator_seed")) == NULL) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "des_set_random_generator_seed",rc) ; } if (((FARPROC) p_krb_get_pw_in_tkt = GetProcAddress( hKRB4_32, "krb_get_pw_in_tkt" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb_get_pw_in_tkt",rc) ; load_error = 1; } /* Not supported in Leash */ if (((FARPROC) p_krb_get_pw_in_tkt_preauth = GetProcAddress( hKRB4_32, "krb_get_pw_in_tkt_preauth" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb_get_pw_in_tkt_preauth",rc) ; } if (((FARPROC) p_krb_get_lrealm = GetProcAddress( hKRB4_32, "krb_get_lrealm" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb_get_lrealm",rc) ; load_error = 1; } if (((FARPROC) p_krb_get_err_text = GetProcAddress( hKRB4_32, "krb_get_err_text" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb_get_err_text",rc) ; } if (((FARPROC) p_kname_parse = GetProcAddress( hKRB4_32, "kname_parse" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "kname_parse",rc) ; load_error = 1; } if (((FARPROC) p_dest_tkt = GetProcAddress( hKRB4_32, "dest_tkt" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "dest_tkt",rc) ; load_error = 1; } if (((FARPROC) p_krb_get_tf_realm = GetProcAddress( hKRB4_32, "krb_get_tf_realm" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb_get_tf_realm",rc) ; load_error = 1; } if (((FARPROC) p_krb_get_tf_fullname = GetProcAddress( hKRB4_32, "krb_get_tf_fullname" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb_get_tf_fullname",rc) ; load_error = 1; } if (((FARPROC) p_tf_get_pname = GetProcAddress( hKRB4_32, "tf_get_pname" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "tf_get_pname",rc) ; load_error = 1; } if (((FARPROC) p_tf_get_pinst = GetProcAddress( hKRB4_32, "tf_get_pinst" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "tf_get_pinst",rc) ; load_error = 1; } if (((FARPROC) p_tf_get_cred = GetProcAddress( hKRB4_32, "tf_get_cred" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "tf_get_cred",rc) ; load_error = 1; } if (((FARPROC) p_tf_close = GetProcAddress( hKRB4_32, "tf_close" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "tf_close",rc) ; load_error = 1; } if (((FARPROC) p_tf_init = GetProcAddress( hKRB4_32, "tf_init" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "tf_init",rc) ; load_error = 1; } if (((FARPROC) p_tkt_string = GetProcAddress( hKRB4_32, "tkt_string" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "tkt_string",rc) ; load_error = 1; } if (((FARPROC) p_krb_check_serv = GetProcAddress( hKRB4_32, "krb_check_serv" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb_check_serv",rc) ; load_error = 1; } if (((FARPROC) p_kuserok = GetProcAddress( hKRB4_32, "kuserok" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "kuserok",rc) ; } if (((FARPROC) p_krb_kntoln = GetProcAddress( hKRB4_32, "krb_kntoln" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb_kntoln",rc) ; } if (((FARPROC) p_krb_rd_req = GetProcAddress( hKRB4_32, "krb_rd_req" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb_rd_req",rc) ; } if (((FARPROC) p_krb_sendauth = GetProcAddress( hKRB4_32, "krb_sendauth" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb_sendauth",rc) ; load_error = 1; } if (((FARPROC) p_set_krb_debug = GetProcAddress( hKRB4_32, "set_krb_debug" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "set_krb_debug",rc) ; } if (((FARPROC) p_set_krb_ap_req_debug = GetProcAddress( hKRB4_32, "set_krb_ap_req_debug" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "set_krb_ap_req_debug",rc) ; } if (((FARPROC) p_krb_mk_safe = GetProcAddress( hKRB4_32, "krb_mk_safe" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb_mk_safe",rc) ; load_error = 1; } if (((FARPROC) p_krb_mk_priv = GetProcAddress( hKRB4_32, "krb_mk_priv" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb_mk_priv",rc) ; load_error = 1; } if (((FARPROC) p_krb_rd_priv = GetProcAddress( hKRB4_32, "krb_rd_priv" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb_rd_priv",rc) ; load_error = 1; } if (((FARPROC) p_krb_rd_safe = GetProcAddress( hKRB4_32, "krb_rd_safe" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb_rd_safe",rc) ; load_error = 1; } if (((FARPROC) p_krb_in_tkt = GetProcAddress( hKRB4_32, "krb_in_tkt" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb_in_tkt",rc) ; load_error = 1; } if (((FARPROC) p_krb_save_credentials = GetProcAddress( hKRB4_32, "krb_save_credentials" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb_save_credentials",rc) ; load_error = 1; } if ( load_error ) { ck_krb4_loaddll_eh(); return 0; } } #else /* NT */ exe_path = GetLoadPath(); len = get_dir_len(exe_path); if ( len + strlen(dllname) + 4 > sizeof(path) ) return(0); sprintf(path, "%.*s%s.DLL", len, exe_path,dllname); /* safe */ rc = DosLoadModule(fail, sizeof(fail), path, &hKRB4_32); if (rc) { debug(F111, "Kerberos IV LoadLibrary failed",fail,rc) ; rc = DosLoadModule(fail, sizeof(fail), dllname, &hKRB4_32); } if (rc) { debug(F111, "Kerberos IV LoadLibrary failed",fail,rc) ; ck_krb4_loaddll_eh(); } else { debug(F100,"Kerberos IV support provided by MIT","",0); if (rc = DosQueryProcAddr(hKRB4_32,0,"get_krb_err_txt_entry", (PFN*)&p_krb_get_err_text_entry)) { debug(F111,"Kerberos GetProcAddress failed","get_krb_err_txt_entry",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB4_32,0,"krb_get_cred", (PFN*)&p_krb_get_cred)) { debug(F111,"Kerberos GetProcAddress failed","krb_get_cred",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB4_32,0,"krb_mk_req", (PFN*)&p_krb_mk_req)) { debug(F111,"Kerberos GetProcAddress failed","krb_mk_req",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB4_32,0,"krb_realmofhost", (PFN*)&p_krb_realmofhost)) { debug(F111,"Kerberos GetProcAddress failed","krb_realmofhost",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB4_32,0,"krb_get_phost", (PFN*)&p_krb_get_phost)) { debug(F111,"Kerberos GetProcAddress failed","krb_get_phost",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB4_32,0,"des_ecb_encrypt", (PFN*)&p_k4_des_ecb_encrypt)) { debug(F111,"Kerberos GetProcAddress failed","des_ecb_encrypt",rc); } if (rc = DosQueryProcAddr(hKRB4_32,0,"des_pcbc_encrypt", (PFN*)&p_k4_des_pcbc_encrypt)) { debug(F111,"Kerberos GetProcAddress failed","des_pcbc_encrypt",rc); } if (rc = DosQueryProcAddr(hKRB4_32,0,"des_new_random_key", (PFN*)&p_k4_des_new_random_key)) { debug(F111,"Kerberos GetProcAddress failed","des_new_random_key",rc); } if (rc = DosQueryProcAddr(hKRB4_32,0,"des_key_sched", (PFN*)&p_k4_des_key_sched)) { debug(F111,"Kerberos GetProcAddress failed","des_key_sched",rc); } if (rc = DosQueryProcAddr(hKRB4_32,0,"des_set_random_generator_seed", (PFN*)&p_k4_des_set_random_generator_seed)) { debug(F111,"Kerberos GetProcAddress failed","des_set_random_generator_seed",rc); } if (rc = DosQueryProcAddr(hKRB4_32,0,"krb_get_pw_in_tkt", (PFN*)&p_krb_get_pw_in_tkt)) { debug(F111,"Kerberos GetProcAddress failed","krb_get_pw_in_tkt",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB4_32,0,"krb_get_pw_in_tkt_preauth", (PFN*)&p_krb_get_pw_in_tkt_preauth)) { debug(F111,"Kerberos GetProcAddress failed","krb_get_pw_in_tkt_preauth",rc); } if (rc = DosQueryProcAddr(hKRB4_32,0,"krb_get_lrealm", (PFN*)&p_krb_get_lrealm)) { debug(F111,"Kerberos GetProcAddress failed","krb_get_lrealm",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB4_32,0,"krb_get_err_text", (PFN*)&p_krb_get_err_text)) { debug(F111,"Kerberos GetProcAddress failed","krb_get_err_text",rc); } if (rc = DosQueryProcAddr(hKRB4_32,0,"kname_parse", (PFN*)&p_kname_parse)) { debug(F111,"Kerberos GetProcAddress failed","kname_parse",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB4_32,0,"dest_tkt", (PFN*)&p_dest_tkt)) { debug(F111,"Kerberos GetProcAddress failed","dest_tkt",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB4_32,0,"krb_get_tf_realm", (PFN*)&p_krb_get_tf_realm)) { debug(F111,"Kerberos GetProcAddress failed","krb_get_tf_realm",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB4_32,0,"krb_get_tf_fullname", (PFN*)&p_krb_get_tf_fullname)) { debug(F111,"Kerberos GetProcAddress failed","krb_get_tf_fullname",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB4_32,0,"tf_get_pname", (PFN*)&p_tf_get_pname)) { debug(F111,"Kerberos GetProcAddress failed","tf_get_pname",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB4_32,0,"tf_get_pinst", (PFN*)&p_tf_get_pinst)) { debug(F111,"Kerberos GetProcAddress failed","tf_get_pinst",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB4_32,0,"tf_get_cred", (PFN*)&p_tf_get_cred)) { debug(F111,"Kerberos GetProcAddress failed","tf_get_cred",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB4_32,0,"tf_close", (PFN*)&p_tf_close)) { debug(F111,"Kerberos GetProcAddress failed","tf_close",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB4_32,0,"tf_init", (PFN*)&p_tf_init)) { debug(F111,"Kerberos GetProcAddress failed","tf_init",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB4_32,0,"tkt_string", (PFN*)&p_tkt_string)) { debug(F111,"Kerberos GetProcAddress failed","tkt_string",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB4_32,0,"krb_check_serv", (PFN*)&p_krb_check_serv)) { debug(F111,"Kerberos GetProcAddress failed","krb_check_serv",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB4_32,0,"kuserok", (PFN*)&p_kuserok)) { debug(F111,"Kerberos GetProcAddress failed","kuserok",rc); } if (rc = DosQueryProcAddr(hKRB4_32,0,"krb_kntoln", (PFN*)&p_krb_kntoln)) { debug(F111,"Kerberos GetProcAddress failed","krb_kntoln",rc); } if (rc = DosQueryProcAddr(hKRB4_32,0,"krb_rd_req", (PFN*)&p_krb_rd_req)) { debug(F111,"Kerberos GetProcAddress failed","krb_rd_req",rc); } if (rc = DosQueryProcAddr(hKRB4_32,0,"krb_sendauth", (PFN*)&p_krb_sendauth)) { debug(F111,"Kerberos GetProcAddress failed","krb_sendauth",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB4_32,0,"set_krb_debug", (PFN*)&p_set_krb_debug)) { debug(F111,"Kerberos GetProcAddress failed","set_krb_debug",rc); } if (rc = DosQueryProcAddr(hKRB4_32,0,"set_krb_ap_req_debug", (PFN*)&p_set_krb_ap_req_debug)) { debug(F111,"Kerberos GetProcAddress failed","set_krb_ap_req_debug",rc); } if (rc = DosQueryProcAddr(hKRB4_32,0,"krb_mk_safe", (PFN*)&p_krb_mk_safe)) { debug(F111,"Kerberos GetProcAddress failed","krb_mk_safe",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB4_32,0,"krb_mk_priv", (PFN*)&p_krb_mk_priv)) { debug(F111,"Kerberos GetProcAddress failed","krb_mk_priv",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB4_32,0,"krb_rd_priv", (PFN*)&p_krb_rd_priv)) { debug(F111,"Kerberos GetProcAddress failed","krb_rd_priv",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB4_32,0,"krb_rd_safe", (PFN*)&p_krb_rd_safe)) { debug(F111,"Kerberos GetProcAddress failed","krb_rd_safe",rc); load_error = 1; } if ( load_error ) { ck_krb4_loaddll_eh(); return 0; } } #endif /* NT */ if ( deblog ) { if ( hKRB4_32 ) printf("MIT Kerberos 4 available\n"); } /* Attempt to load a krb4_principal_to_userid() function */ #ifdef NT hKRB42UID = LoadLibrary("KRB42UID"); if ( hKRB42UID ) { if (((FARPROC) p_k95_k4_princ_to_userid = GetProcAddress( hKRB42UID, "krb4_principal_to_userid" )) == NULL ) { rc = GetLastError() ; debug(F111,"KRB42UID GetProcAddress failed","krb4_principal_to_userid",rc); } if (((FARPROC) p_k95_k4_userok = GetProcAddress( hKRB42UID, "krb4_userok" )) == NULL ) { rc = GetLastError() ; debug(F111,"KRB42UID GetProcAddress failed","krb4_userok",rc); } } #else /* NT */ dllname = "KRB42UID"; len = get_dir_len(exe_path); if ( len + strlen(dllname) + 4 > sizeof(path) ) return(0); sprintf(path, "%.*s%s.DLL", len, exe_path,dllname); /* safe */ rc = DosLoadModule(fail, sizeof(fail), path, &hKRB42UID); if (rc) { debug(F111, "KRB42UID LoadLibrary failed",fail,rc) ; rc = DosLoadModule(fail, sizeof(fail), dllname, &hKRB42UID); } if ( rc ) { debug(F111, "KRB42UID LoadLibrary failed",fail,rc) ; } else { debug(F111, "KRB42UID LoadLibrary success",fail,rc) ; if (rc = DosQueryProcAddr( hKRB42UID, 0, "krb4_principal_to_userid", (PFN*) &p_k95_k4_princ_to_userid)) { debug(F111,"KRB42UID GetProcAddress failed", "krb4_principal_to_userid",rc); } if (rc = DosQueryProcAddr( hKRB42UID, 0, "krb4_userok", (PFN*) &p_k95_k4_userok)) { debug(F111,"KRB42UID GetProcAddress failed", "krb4_userok",rc); } } /* Initialize Kerberos 4 ticket options based upon MIT Leash selections */ hLEASH = LoadLibrary("LEASHW32"); if ( hLEASH ) { DWORD (* pLeash_get_default_lifetime)(void); (FARPROC) pLeash_get_default_lifetime = GetProcAddress(hLEASH, "Leash_get_default_lifetime"); if ( pLeash_get_default_lifetime ) krb4_d_lifetime = pLeash_get_default_lifetime(); FreeLibrary("LEASHW32"); } #endif /* NT */ return(1); #else /* KRB4 */ return(0); #endif /* KRB4 */ } int ck_krb5_loaddll( void ) { #ifdef KRB5 ULONG rc = 0 ; int load_error = 0, len; #ifdef OS2ONLY CHAR *exe_path; CHAR path[256]; CHAR * dllname = "KRB5_32"; static void (_System * p_emx_init)(void)=NULL; #endif /* OS2ONLY */ #ifdef NT HINSTANCE hLEASH = NULL; hKRB5_32 = LoadLibrary("KRB5_32") ; if ( !hKRB5_32 ) { /* Try Cygnus Solutions version */ hKRB5_32 = LoadLibrary("LIBKRB5"); cygnus = 1; } if ( !hKRB5_32 ) { rc = GetLastError() ; debug(F111, "Kerberos LoadLibrary failed","KRB5_32",rc) ; } hKRB524 = LoadLibrary("KRB524") ; if ( !hKRB524 ) { rc = GetLastError() ; debug(F111, "Kerberos LoadLibrary failed","KRB524",rc) ; } else { if (((FARPROC) p_krb524_init_ets = GetProcAddress( hKRB524, "krb524_init_ets" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb524_init_ets",rc); } if (((FARPROC) p_krb524_convert_creds_kdc = GetProcAddress( hKRB524, "krb524_convert_creds_kdc" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb524_convert_creds_kdc",rc); } } if ( hKRB5_32 != NULL ) { if ( cygnus ) { debug(F100,"Kerberos V support provided by Cygnus Solutions","",0); if (((FARPROC) p_com_err = GetProcAddress( hKRB5_32, "com_err" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed","com_err",rc) ; load_error = 1; } #ifdef COMMENT /* Cygnus Solutions does not have this function in their DLL */ if (((FARPROC) p_com_err_va = GetProcAddress( hKRB5_32, "com_err_va" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed","com_err_va",rc) ; load_error = 1; } #endif /* COMMENT */ if (((FARPROC) p_error_message = GetProcAddress( hKRB5_32, "error_message" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed","error_message",rc) ; load_error = 1; } if (((FARPROC) p_krb5_init_ets = GetProcAddress( hKRB5_32, "krb5_init_ets" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed","krb5_init_ets",rc) ; /* krb5_init_ets is a private function as of 1.2.5 */ } if (((FARPROC) p_cygnus_decode_krb5_ticket= GetProcAddress( hKRB5_32, "decode_krb5_ticket" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "decode_krb5_ticket",rc) ; load_error = 1; } } else { debug(F100,"Kerberos V support provided by MIT","",0); hCOMERR32 = LoadLibrary("COMERR32") ; if ( !hCOMERR32 ) { rc = GetLastError() ; debug(F111, "Kerberos LoadLibrary failed","COMERR32",rc) ; load_error = 1; } if (((FARPROC) p_com_err = GetProcAddress( hCOMERR32, "com_err" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed","com_err",rc) ; load_error = 1; } if (((FARPROC) p_com_err_va = GetProcAddress( hCOMERR32, "com_err_va" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed","com_err_va",rc) ; load_error = 1; } if (((FARPROC) p_error_message = GetProcAddress( hCOMERR32, "error_message" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed","error_message",rc) ; load_error = 1; } if (((FARPROC) p_decode_krb5_ticket = GetProcAddress( hKRB5_32, "decode_krb5_ticket" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "decode_krb5_ticket",rc) ; if (((FARPROC) p_cygnus_decode_krb5_ticket = GetProcAddress( hKRB5_32, "krb5_decode_ticket" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_decode_ticket",rc) ; load_error = 1; } } if (((FARPROC) p_krb5_mk_rep = GetProcAddress( hKRB5_32, "krb5_mk_rep" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_mk_rep",rc) ; load_error = 1; } if (((FARPROC) p_krb5_free_authenticator= GetProcAddress( hKRB5_32, "krb5_free_authenticator" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_free_authenticator",rc) ; load_error = 1; } if (((FARPROC) p_krb5_verify_checksum= GetProcAddress( hKRB5_32, "krb5_verify_checksum" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_verify_checksum",rc) ; load_error = 1; } if (((FARPROC) p_krb5_rd_req= GetProcAddress( hKRB5_32, "krb5_rd_req" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_rd_req",rc) ; load_error = 1; } } if (((FARPROC) p_krb5_free_creds = GetProcAddress( hKRB5_32, "krb5_free_creds" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed","krb5_free_creds",rc) ; load_error = 1; } if (((FARPROC) p_krb5_free_data = GetProcAddress( hKRB5_32, "krb5_free_data" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed","krb5_free_data",rc) ; load_error = 1; } if (((FARPROC) p_krb5_free_data_contents = GetProcAddress( hKRB5_32, "krb5_free_data_contents" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_free_data_contents",rc) ; load_error = 1; } if (((FARPROC) p_krb5_copy_keyblock = GetProcAddress( hKRB5_32, "krb5_copy_keyblock" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed","krb5_copy_keyblock",rc) ; load_error = 1; } if (((FARPROC) p_krb5_free_keyblock = GetProcAddress( hKRB5_32, "krb5_free_keyblock" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed","krb5_free_keyblock",rc) ; load_error = 1; } if (((FARPROC) p_krb5_auth_con_getlocalsubkey = GetProcAddress( hKRB5_32, "krb5_auth_con_getlocalsubkey" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_auth_con_getlocalsubkey",rc) ; load_error = 1; } if (((FARPROC) p_krb5_mk_req_extended = GetProcAddress( hKRB5_32, "krb5_mk_req_extended" )) == NULL ) { rc = GetLastError() ; debug(F111,"Kerberos GetProcAddress failed","krb5_mk_req_extended",rc); load_error = 1; } if (((FARPROC) p_krb5_mk_req = GetProcAddress( hKRB5_32, "krb5_mk_req" )) == NULL ) { rc = GetLastError() ; debug(F111,"Kerberos GetProcAddress failed","krb5_mk_req",rc); load_error = 1; } if (((FARPROC) p_krb5_auth_con_setflags = GetProcAddress( hKRB5_32, "krb5_auth_con_setflags" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_auth_con_setflags",rc) ; load_error = 1; } if (((FARPROC) p_krb5_auth_con_init = GetProcAddress( hKRB5_32, "krb5_auth_con_init" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed","krb5_auth_con_init",rc) ; load_error = 1; } if (((FARPROC) p_krb5_auth_con_free = GetProcAddress( hKRB5_32, "krb5_auth_con_free" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed","krb5_auth_con_free",rc) ; load_error = 1; } if (((FARPROC) p_krb5_get_credentials = GetProcAddress( hKRB5_32, "krb5_get_credentials" )) == NULL ) { rc = GetLastError() ; debug(F111,"Kerberos GetProcAddress failed","krb5_get_credentials",rc); load_error = 1; } if (((FARPROC) p_krb5_free_cred_contents = GetProcAddress( hKRB5_32, "krb5_free_cred_contents" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed","krb5_free_cred_contents",rc); load_error = 1; } if (((FARPROC) p_krb5_sname_to_principal = GetProcAddress( hKRB5_32, "krb5_sname_to_principal" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed","krb5_sname_to_principal",rc); load_error = 1; } if (((FARPROC) p_krb5_cc_default = GetProcAddress( hKRB5_32, "krb5_cc_default" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed","krb5_cc_default",rc) ; load_error = 1; } if (((FARPROC) p_krb5_free_ap_rep_enc_part = GetProcAddress( hKRB5_32, "krb5_free_ap_rep_enc_part" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_free_ap_rep_enc_part",rc) ; load_error = 1; } if (((FARPROC) p_krb5_rd_rep = GetProcAddress( hKRB5_32, "krb5_rd_rep" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed","krb5_rd_rep",rc) ; load_error = 1; } if (((FARPROC) p_krb5_init_context = GetProcAddress( hKRB5_32, "krb5_init_context" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed","krb5_init_context",rc) ; load_error = 1; } if (((FARPROC) p_krb5_free_context = GetProcAddress( hKRB5_32, "krb5_free_context" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed","krb5_free_context",rc) ; load_error = 1; } if (((FARPROC) p_krb5_free_principal = GetProcAddress( hKRB5_32, "krb5_free_principal" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_free_principal",rc) ; load_error = 1; } if (((FARPROC) p_krb5_free_unparsed_name = GetProcAddress( hKRB5_32, "krb5_free_unparsed_name" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_free_unparsed_name",rc) ; #ifdef COMMENT load_error = 1; #endif /* COMMENT */ } if (((FARPROC) p_krb5_fwd_tgt_creds = GetProcAddress( hKRB5_32, "krb5_fwd_tgt_creds" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_fwd_tgt_creds",rc) ; load_error = 1; } if (((FARPROC) p_krb5_auth_con_genaddrs = GetProcAddress( hKRB5_32, "krb5_auth_con_genaddrs" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_auth_con_genaddrs",rc) ; load_error = 1; } /* The DES functions are not required. But if we do not have */ /* them and do not have the CRYPT DLL we will not be able to */ /* perform mutual authentication. */ if (((FARPROC) p_des_ecb_encrypt = GetProcAddress( hKRB5_32, "des_ecb_encrypt" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed","des_ecb_encrypt",rc); } if (((FARPROC) p_des_pcbc_encrypt = GetProcAddress( hKRB5_32, "des_pcbc_encrypt" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed","des_pcbc_encrypt",rc); } if (((FARPROC) p_des_new_random_key = GetProcAddress( hKRB5_32, "des_new_random_key" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed","des_new_random_key",rc) ; } if (((FARPROC) p_des_key_sched = GetProcAddress( hKRB5_32, "des_key_sched" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed","des_key_sched",rc) ; } if (((FARPROC) p_des_set_random_generator_seed = GetProcAddress(hKRB5_32, "des_set_random_generator_seed" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "des_set_random_generator_seed",rc) ; } if (((FARPROC) p_krb5_get_host_realm= GetProcAddress(hKRB5_32,"krb5_get_host_realm")) == NULL) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_get_host_realm",rc) ; load_error = 1; } if (((FARPROC) p_krb5_free_host_realm= GetProcAddress(hKRB5_32,"krb5_free_host_realm")) == NULL) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_free_host_realm",rc) ; load_error = 1; } if (((FARPROC) p_krb5_get_in_tkt_with_keytab= GetProcAddress(hKRB5_32,"krb5_get_in_tkt_with_keytab")) == NULL) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_get_in_tkt_with_keytab",rc) ; load_error = 1; } if (((FARPROC) p_krb5_get_in_tkt_with_password= GetProcAddress(hKRB5_32,"krb5_get_in_tkt_with_password")) == NULL) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_get_in_tkt_with_password",rc) ; load_error = 1; } if (((FARPROC) p_krb5_read_password= GetProcAddress( hKRB5_32, "krb5_read_password" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_read_password",rc) ; load_error = 1; } if (((FARPROC) p_krb5_build_principal_ext= GetProcAddress( hKRB5_32, "krb5_build_principal_ext" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_build_principal_ext",rc) ; load_error = 1; } if (((FARPROC) p_krb5_unparse_name= GetProcAddress( hKRB5_32, "krb5_unparse_name" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_unparse_name",rc) ; load_error = 1; } if (((FARPROC) p_krb5_parse_name= GetProcAddress( hKRB5_32, "krb5_parse_name" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_parse_name",rc) ; load_error = 1; } if (((FARPROC) p_krb5_cc_resolve= GetProcAddress( hKRB5_32, "krb5_cc_resolve" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_cc_resolve",rc) ; load_error = 1; } if (((FARPROC) p_krb5_cc_default_name= GetProcAddress( hKRB5_32, "krb5_cc_default_name" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_cc_default_name",rc) ; } if (((FARPROC) p_krb5_string_to_timestamp= GetProcAddress( hKRB5_32, "krb5_string_to_timestamp" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_string_to_timestamp",rc) ; load_error = 1; } if (((FARPROC) p_krb5_kt_resolve= GetProcAddress( hKRB5_32, "krb5_kt_resolve" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_kt_resolve",rc) ; load_error = 1; } if (((FARPROC) p_krb5_string_to_deltat= GetProcAddress( hKRB5_32, "krb5_string_to_deltat" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_string_to_deltat",rc) ; load_error = 1; } if (((FARPROC) p_krb5_timeofday= GetProcAddress( hKRB5_32, "krb5_timeofday" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_timeofday",rc) ; load_error = 1; } if (((FARPROC) p_krb5_get_credentials_renew= GetProcAddress(hKRB5_32, "krb5_get_credentials_renew" )) == NULL) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_get_credentials_renew",rc) ; load_error = 1; } if (((FARPROC) p_krb5_get_credentials_validate= GetProcAddress(hKRB5_32,"krb5_get_credentials_validate")) == NULL) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_get_credentials_validate",rc) ; load_error = 1; } if (((FARPROC) p_krb5_copy_principal= GetProcAddress( hKRB5_32, "krb5_copy_principal" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_copy_principal",rc) ; load_error = 1; } if (((FARPROC) p_krb5_timestamp_to_sfstring= GetProcAddress(hKRB5_32,"krb5_timestamp_to_sfstring" )) == NULL) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_timestamp_to_sfstring",rc) ; load_error = 1; } if (((FARPROC) p_krb5_kt_default= GetProcAddress( hKRB5_32, "krb5_kt_default" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_kt_default",rc) ; load_error = 1; } if (((FARPROC) p_krb5_free_ticket= GetProcAddress( hKRB5_32, "krb5_free_ticket" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_free_ticket",rc) ; load_error = 1; } #ifdef CHECKADDRS if (((FARPROC) p_krb5_os_localaddr= GetProcAddress( hKRB5_32, "krb5_os_localaddr" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_os_localaddr",rc) ; load_error = 1; } if (((FARPROC) p_krb5_address_search= GetProcAddress( hKRB5_32, "krb5_address_search" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_address_search",rc) ; /* This is not a fatal error since we expect that most builds */ /* of krb5 dll will have an error in the export list that */ /* prevents this function from being found. Therefore a */ /* built in version is used if it is missing */ } if (((FARPROC) p_krb5_free_addresses= GetProcAddress( hKRB5_32, "krb5_free_addresses" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_free_addresses",rc) ; load_error = 1; } #endif /* CHECKADDRS */ if (((FARPROC) p_krb5_auth_con_getremotesubkey= GetProcAddress( hKRB5_32, "krb5_auth_con_getremotesubkey" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_auth_con_getremotesubkey",rc) ; load_error = 1; } if (((FARPROC) p_krb5_auth_con_getkey= GetProcAddress( hKRB5_32, "krb5_auth_con_getkey" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_auth_con_getkey",rc) ; load_error = 1; } if (((FARPROC) p_krb5_auth_con_getauthenticator= GetProcAddress( hKRB5_32, "krb5_auth_con_getauthenticator" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_auth_con_getauthenticator",rc) ; load_error = 1; } if (((FARPROC) p_krb5_auth_con_setrcache= GetProcAddress( hKRB5_32, "krb5_auth_con_setrcache" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_auth_con_setrcache",rc) ; } if (((FARPROC) p_krb5_get_server_rcache= GetProcAddress( hKRB5_32, "krb5_get_server_rcache" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_get_server_rcache",rc) ; } if (((FARPROC) p_krb5_auth_con_getrcache= GetProcAddress( hKRB5_32, "krb5_auth_con_getrcache" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_auth_con_getrcache",rc) ; } if (((FARPROC) p_krb5_free_tgt_creds= GetProcAddress( hKRB5_32, "krb5_free_tgt_creds" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_free_tgt_creds",rc) ; } if (((FARPROC) p_krb5_rd_cred= GetProcAddress( hKRB5_32, "krb5_rd_cred" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_rd_cred",rc) ; } if (((FARPROC) p_krb5_c_enctype_compare= GetProcAddress( hKRB5_32, "krb5_c_enctype_compare" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_c_enctype_compare",rc) ; } if (((FARPROC) p_krb5_free_error= GetProcAddress( hKRB5_32, "krb5_free_error" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_free_error",rc) ; } if (((FARPROC) p_krb5_sendauth= GetProcAddress( hKRB5_32, "krb5_sendauth" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_sendauth",rc) ; } if (((FARPROC) p_krb5_process_key= GetProcAddress( hKRB5_32, "krb5_process_key" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_process_key",rc) ; } if (((FARPROC) p_krb5_use_enctype= GetProcAddress( hKRB5_32, "krb5_use_enctype" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_use_enctype",rc) ; } if (((FARPROC) p_krb5_encrypt= GetProcAddress( hKRB5_32, "krb5_encrypt" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_encrypt",rc) ; } if (((FARPROC) p_krb5_decrypt= GetProcAddress( hKRB5_32, "krb5_decrypt" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_decrypt",rc) ; } if (((FARPROC) p_krb5_encrypt_size= GetProcAddress( hKRB5_32, "krb5_encrypt_size" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_encrypt_size",rc) ; } if (((FARPROC) p_krb5_kuserok= GetProcAddress( hKRB5_32, "krb5_kuserok" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_kuserok",rc) ; } if (((FARPROC) p_krb5_appdefault_boolean = GetProcAddress( hKRB5_32, "krb5_appdefault_boolean" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_appdefault_boolean",rc) ; /* NRL only */ } if (((FARPROC) p_krb5_appdefault_string = GetProcAddress( hKRB5_32, "krb5_appdefault_string" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_appdefault_string",rc) ; /* NRL only */ } if (((FARPROC) p_krb5_get_renewed_creds = GetProcAddress( hKRB5_32, "krb5_get_renewed_creds" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_get_renewed_creds",rc) ; /* Not in NRL or NT-ALPHA-2 */ } if (((FARPROC) p_krb5_get_validated_creds = GetProcAddress( hKRB5_32, "krb5_get_validated_creds" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_get_validated_creds",rc) ; /* Not in NRL or NT-ALPHA-2 */ } if (((FARPROC) p_krb5_get_init_creds_password = GetProcAddress( hKRB5_32, "krb5_get_init_creds_password" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_get_init_creds_password",rc) ; /* Not in NT-ALPHA-2 */ } if (((FARPROC) p_krb5_get_init_creds_opt_set_address_list = GetProcAddress( hKRB5_32, "krb5_get_init_creds_opt_set_address_list" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_get_init_creds_opt_set_address_list",rc) ; /* Not in NT-ALPHA-2 */ } if (((FARPROC) p_krb5_get_init_creds_opt_set_tkt_life = GetProcAddress( hKRB5_32, "krb5_get_init_creds_opt_set_tkt_life" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_get_init_creds_opt_set_tkt_life",rc) ; /* Not in NT-ALPHA-2 */ } if (((FARPROC) p_krb5_get_init_creds_opt_set_forwardable = GetProcAddress( hKRB5_32, "krb5_get_init_creds_opt_set_forwardable" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_get_init_creds_opt_set_forwardable",rc) ; /* Not in NT-ALPHA-2 */ } if (((FARPROC) p_krb5_get_init_creds_opt_set_proxiable = GetProcAddress( hKRB5_32, "krb5_get_init_creds_opt_set_proxiable" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_get_init_creds_opt_set_proxiable",rc) ; /* Not in NT-ALPHA-2 */ } if (((FARPROC) p_krb5_get_init_creds_opt_set_renew_life = GetProcAddress( hKRB5_32, "krb5_get_init_creds_opt_set_renew_life" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_get_init_creds_opt_set_renew_life",rc) ; /* Not in NT-ALPHA-2 */ } if (((FARPROC) p_krb5_get_init_creds_opt_init = GetProcAddress( hKRB5_32, "krb5_get_init_creds_opt_init" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_get_init_creds_opt_init",rc) ; /* Not in NT-ALPHA-2 */ } if (((FARPROC) p_krb5_get_init_creds_opt_set_etype_list = GetProcAddress( hKRB5_32, "krb5_get_init_creds_opt_set_etype_list" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_get_init_creds_opt_set_etype_list",rc) ; /* Not in NT-ALPHA-2 */ } if (((FARPROC) p_krb5_get_init_creds_opt_set_preauth_list = GetProcAddress( hKRB5_32, "krb5_get_init_creds_opt_set_preauth_list" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_get_init_creds_opt_set_preauth_list",rc) ; /* Not in NT-ALPHA-2 */ } if (((FARPROC) p_krb5_get_init_creds_opt_set_salt = GetProcAddress( hKRB5_32, "krb5_get_init_creds_opt_set_salt" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_get_init_creds_opt_set_salt",rc) ; /* Not in NT-ALPHA-2 */ } if (((FARPROC) p_krb5_rd_safe = GetProcAddress( hKRB5_32, "krb5_rd_safe" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_rd_safe",rc) ; load_error = 1; } if (((FARPROC) p_krb5_mk_safe = GetProcAddress( hKRB5_32, "krb5_mk_safe" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_mk_safe",rc) ; load_error = 1; } if (((FARPROC) p_krb5_rd_priv = GetProcAddress( hKRB5_32, "krb5_rd_priv" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_rd_priv",rc) ; load_error = 1; } if (((FARPROC) p_krb5_mk_priv = GetProcAddress( hKRB5_32, "krb5_mk_priv" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_mk_priv",rc) ; load_error = 1; } if (((FARPROC) p_krb5_auth_con_setuseruserkey = GetProcAddress( hKRB5_32, "krb5_auth_con_setuseruserkey" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_auth_con_setuseruserkey",rc) ; load_error = 1; } if (((FARPROC) p_krb5_get_profile = GetProcAddress( hKRB5_32, "krb5_get_profile" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_get_profile",rc) ; } if (((FARPROC) p_krb5_free_keyblock_contents = GetProcAddress( hKRB5_32, "krb5_free_keyblock_contents" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_free_keyblock_contents",rc) ; } if (((FARPROC) p_krb5_c_encrypt = GetProcAddress( hKRB5_32, "krb5_c_encrypt" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_c_encrypt",rc) ; } if (((FARPROC) p_krb5_c_decrypt = GetProcAddress( hKRB5_32, "krb5_c_decrypt" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_c_decrypt",rc) ; } if (((FARPROC) p_krb5_c_make_random_key = GetProcAddress( hKRB5_32, "krb5_c_make_random_key" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_c_make_random_key",rc) ; } if (((FARPROC) p_krb5_c_random_seed = GetProcAddress( hKRB5_32, "krb5_c_random_seed" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_c_random_seed",rc) ; } if (((FARPROC) p_krb5_c_block_size = GetProcAddress( hKRB5_32, "krb5_c_block_size" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_c_block_size",rc) ; } if (((FARPROC) p_krb5_c_encrypt_length = GetProcAddress( hKRB5_32, "krb5_c_encrypt_length" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_c_encrypt_length",rc) ; } if (((FARPROC) p_krb5_kt_default_name = GetProcAddress( hKRB5_32, "krb5_kt_default_name" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_kt_default_name",rc); } if (((FARPROC) p_krb5_cc_get_principal = GetProcAddress( hKRB5_32, "krb5_cc_get_principal" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_cc_get_principal",rc); } if (((FARPROC) p_krb5_cc_store_cred = GetProcAddress( hKRB5_32, "krb5_cc_store_cred" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_cc_store_cred",rc); } if (((FARPROC) p_krb5_cc_initialize = GetProcAddress( hKRB5_32, "krb5_cc_initialize" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_cc_initialize",rc); } if (((FARPROC) p_krb5_cc_destroy = GetProcAddress( hKRB5_32, "krb5_cc_destroy" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_cc_destroy",rc); } if (((FARPROC) p_krb5_cc_end_seq_get = GetProcAddress( hKRB5_32, "krb5_cc_end_seq_get" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_cc_end_seq_get",rc); } if (((FARPROC) p_krb5_cc_next_cred = GetProcAddress( hKRB5_32, "krb5_cc_next_cred" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_cc_next_cred",rc); } if (((FARPROC) p_krb5_cc_start_seq_get = GetProcAddress( hKRB5_32, "krb5_cc_start_seq_get" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_cc_start_seq_get",rc); } if (((FARPROC) p_krb5_cc_get_type = GetProcAddress( hKRB5_32, "krb5_cc_get_type" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_cc_get_type",rc); } if (((FARPROC) p_krb5_cc_get_name = GetProcAddress( hKRB5_32, "krb5_cc_get_name" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_cc_get_name",rc); } if (((FARPROC) p_krb5_cc_set_flags = GetProcAddress( hKRB5_32, "krb5_cc_set_flags" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_cc_set_flags",rc); } if (((FARPROC) p_krb5_cc_close = GetProcAddress( hKRB5_32, "krb5_cc_close" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_cc_close",rc); } if (((FARPROC) p_krb5_kt_get_type = GetProcAddress( hKRB5_32, "krb5_kt_get_type" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_kt_get_type",rc); } if (((FARPROC) p_krb5_kt_get_name = GetProcAddress( hKRB5_32, "krb5_kt_get_name" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_kt_get_name",rc); } if (((FARPROC) p_krb5_kt_close = GetProcAddress( hKRB5_32, "krb5_kt_close" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_kt_close",rc); } if (((FARPROC) p_krb5_kt_get_entry = GetProcAddress( hKRB5_32, "krb5_kt_get_entry" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_kt_get_entry",rc); } if (((FARPROC) p_krb5_kt_start_seq_get = GetProcAddress( hKRB5_32, "krb5_kt_start_seq_get" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_kt_start_seq_get",rc); } if (((FARPROC) p_krb5_kt_next_entry = GetProcAddress( hKRB5_32, "krb5_kt_next_entry" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_kt_next_entry",rc); } if (((FARPROC) p_krb5_kt_end_seq_get = GetProcAddress( hKRB5_32, "krb5_kt_end_seq_get" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_kt_end_seq_get",rc); } if (((FARPROC) p_krb5_build_principal = GetProcAddress( hKRB5_32, "krb5_build_principal" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "krb5_build_principal",rc); } if ( load_error ) { ck_krb5_loaddll_eh(); return 0; } } hPROFILE = LoadLibrary("XPPROF32") ; if ( hPROFILE ) { if (((FARPROC) p_profile_get_relation_names = GetProcAddress( hPROFILE, "profile_get_relation_names" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "profile_get_relation_names",rc) ; } if (((FARPROC) p_profile_get_subsection_names = GetProcAddress( hPROFILE, "profile_get_subsection_names" )) == NULL ) { rc = GetLastError() ; debug(F111, "Kerberos GetProcAddress failed", "profile_get_subsection_names",rc) ; } } #else /* NT */ exe_path = GetLoadPath(); len = get_dir_len(exe_path); if ( len + strlen("KRB5_32") + 4 > sizeof(path) ) return(0); sprintf(path, "%.*s%s.DLL", len, exe_path,"KRB5_32"); /* safe */ rc = DosLoadModule(fail, sizeof(fail), path, &hKRB5_32); if (rc) { debug(F111, "Kerberos V LoadLibrary failed",fail,rc) ; rc = DosLoadModule(fail, sizeof(fail), "KRB5_32", &hKRB5_32); } if (rc) { debug(F111, "Kerberos V LoadLibrary failed",fail,rc) ; } else { exe_path = GetLoadPath(); len = get_dir_len(exe_path); if ( len + strlen("COMERR32") + 4 > sizeof(path) ) return(0); sprintf(path, "%.*s%s.DLL", len, exe_path,"COMERR32"); /* safe */ rc = DosLoadModule(fail, sizeof(fail), path, &hCOMERR32); if (rc) { debug(F111, "Kerberos V Common Error LoadLibrary failed",fail,rc) ; rc = DosLoadModule(fail, sizeof(fail), "COMERR32", &hCOMERR32); } if (rc) { debug(F111, "Kerberos V Common Error LoadLibrary failed",fail,rc) ; } else { exe_path = GetLoadPath(); len = get_dir_len(exe_path); if ( len + strlen("EMX") + 4 > sizeof(path) ) return(0); sprintf(path, "%.*s%s.DLL", len, exe_path,"EMX"); /* safe */ rc = DosLoadModule(fail, sizeof(fail), path, &hEMX); if (rc) { debug(F111, "EMX LoadLibrary failed",fail,rc) ; rc = DosLoadModule(fail, sizeof(fail), "EMX", &hEMX); } if (rc) { debug(F111, "EMX LoadLibrary failed",fail,rc) ; } else { if (rc = DosQueryProcAddr(hEMX,0,"emx_init", (PFN*)&p_emx_init)) { debug(F111,"EMX GetProcAddress failed","emx_init",rc); } else { debug(F100,"calling EMX init routines","",0); p_emx_init(); } } } } if (rc) { ck_krb5_loaddll_eh(); } else { debug(F100,"Kerberos V support provided by MIT","",0); if (rc = DosQueryProcAddr(hCOMERR32,0,"com_err", (PFN*)&p_com_err)) { debug(F111,"Kerberos V GetProcAddress failed","com_err",rc); load_error = 1; } if (rc = DosQueryProcAddr(hCOMERR32,0,"com_err_va", (PFN*)&p_com_err_va)) { debug(F111,"Kerberos V GetProcAddress failed","com_err_va",rc); load_error = 1; } if (rc = DosQueryProcAddr(hCOMERR32,0,"error_message", (PFN*)&p_error_message)) { debug(F111,"Kerberos V GetProcAddress failed","error_message",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"decode_krb5_ticket", (PFN*)&p_decode_krb5_ticket)) { debug(F111,"Kerberos V GetProcAddress failed","decode_krb5_ticket",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_decode_ticket", (PFN*)&p_cygnus_decode_krb5_ticket)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_decode_ticket",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_mk_rep", (PFN*)&p_krb5_mk_rep)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_mk_rep",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_mk_rep", (PFN*)&p_krb5_mk_rep)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_mk_rep",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_free_authenticator", (PFN*)&p_krb5_free_authenticator)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_free_authenticator",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_verify_checksum", (PFN*)&p_krb5_verify_checksum)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_verify_checksum",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_rd_req", (PFN*)&p_krb5_rd_req)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_rd_req",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_free_creds", (PFN*)&p_krb5_free_creds)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_free_creds",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_free_data", (PFN*)&p_krb5_free_data)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_free_data",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_free_data_contents", (PFN*)&p_krb5_free_data_contents)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_free_data_contents",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_copy_keyblock", (PFN*)&p_krb5_copy_keyblock)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_copy_keyblock",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_free_keyblock", (PFN*)&p_krb5_free_keyblock)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_free_keyblock",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_auth_con_getlocalsubkey", (PFN*)&p_krb5_auth_con_getlocalsubkey)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_auth_con_getlocalsubkey",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_mk_req_extended", (PFN*)&p_krb5_mk_req_extended)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_mk_req_extended",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_mk_req", (PFN*)&p_krb5_mk_req)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_mk_req",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_auth_con_setflags", (PFN*)&p_krb5_auth_con_setflags)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_auth_con_setflags",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_auth_con_init", (PFN*)&p_krb5_auth_con_init)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_auth_con_init",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_auth_con_free", (PFN*)&p_krb5_auth_con_free)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_auth_con_free",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_get_credentials", (PFN*)&p_krb5_get_credentials)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_get_credentials",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_free_cred_contents", (PFN*)&p_krb5_free_cred_contents)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_free_cred_contents",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_sname_to_principal", (PFN*)&p_krb5_sname_to_principal)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_sname_to_principal",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_cc_default", (PFN*)&p_krb5_cc_default)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_cc_default",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_free_ap_rep_enc_part", (PFN*)&p_krb5_free_ap_rep_enc_part)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_free_ap_rep_enc_part",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_rd_rep", (PFN*)&p_krb5_rd_rep)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_rd_rep",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_init_context", (PFN*)&p_krb5_init_context)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_init_context",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_free_context", (PFN*)&p_krb5_free_context)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_free_context",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_free_principal", (PFN*)&p_krb5_free_principal)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_free_principal",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_free_unparsed_name", (PFN*)&p_krb5_free_unparsed_name)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_free_unparsed_name",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_fwd_tgt_creds", (PFN*)&p_krb5_fwd_tgt_creds)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_fwd_tgt_creds",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_auth_con_genaddrs", (PFN*)&p_krb5_auth_con_genaddrs)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_auth_con_genaddrs",rc); load_error = 1; } /* The DES functions are not required. But if we do not have */ /* them and do not have the CRYPT DLL we will not be able to */ /* perform mutual authentication. */ if (rc = DosQueryProcAddr(hKRB5_32,0,"des_ecb_encrypt", (PFN*)&p_des_ecb_encrypt)) { debug(F111,"Kerberos V GetProcAddress failed","des_ecb_encrypt",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"des_pcbc_encrypt", (PFN*)&p_des_pcbc_encrypt)) { debug(F111,"Kerberos V GetProcAddress failed","des_pcbc_encrypt",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"des_new_random_key", (PFN*)&p_des_new_random_key)) { debug(F111,"Kerberos V GetProcAddress failed","des_new_random_key",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"des_key_sched", (PFN*)&p_des_key_sched)) { debug(F111,"Kerberos V GetProcAddress failed","des_key_sched",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"des_set_random_generator_seed", (PFN*)&p_des_set_random_generator_seed)) { debug(F111,"Kerberos V GetProcAddress failed","des_set_random_generator_seed",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_get_host_realm", (PFN*)&p_krb5_get_host_realm)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_get_host_realm",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_free_host_realm", (PFN*)&p_krb5_free_host_realm)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_free_host_realm",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_get_in_tkt_with_keytab", (PFN*)&p_krb5_get_in_tkt_with_keytab)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_get_in_tkt_with_keytab",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_get_in_tkt_with_password", (PFN*)&p_krb5_get_in_tkt_with_password)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_get_in_tkt_with_password",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_read_password", (PFN*)&p_krb5_read_password)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_read_password",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_build_principal_ext", (PFN*)&p_krb5_build_principal_ext)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_build_principal_ext",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_unparse_name", (PFN*)&p_krb5_unparse_name)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_unparse_name",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_parse_name", (PFN*)&p_krb5_parse_name)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_parse_name",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_cc_resolve", (PFN*)&p_krb5_cc_resolve)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_cc_resolve",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_cc_default_name", (PFN*)&p_krb5_cc_default_name)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_cc_default_name",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_string_to_timestamp", (PFN*)&p_krb5_string_to_timestamp)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_string_to_timestamp",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_kt_resolve", (PFN*)&p_krb5_kt_resolve)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_kt_resolve",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_string_to_deltat", (PFN*)&p_krb5_string_to_deltat)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_string_to_deltat",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_timeofday", (PFN*)&p_krb5_timeofday)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_timeofday",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_get_credentials_renew", (PFN*)&p_krb5_get_credentials_renew)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_get_credentials_renew",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_get_credentials_validate", (PFN*)&p_krb5_get_credentials_validate)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_get_credentials_validate",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_copy_principal", (PFN*)&p_krb5_copy_principal)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_copy_principal",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_timestamp_to_sfstring", (PFN*)&p_krb5_timestamp_to_sfstring)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_timestamp_to_sfstring",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_kt_default", (PFN*)&p_krb5_kt_default)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_kt_default",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_free_ticket", (PFN*)&p_krb5_free_ticket)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_free_ticket",rc); load_error = 1; } #ifdef CHECKADDRS if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_os_localaddr", (PFN*)&p_krb5_os_localaddr)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_os_localaddr",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_address_search", (PFN*)&p_krb5_address_search)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_address_search",rc); /* This is not a fatal error since we expect that most builds */ /* of krb5 dll will have an error in the export list that */ /* prevents this function from being found. Therefore a */ /* built in version is used if it is missing */ } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_free_addresses", (PFN*)&p_krb5_free_addresses)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_free_addresses",rc); load_error = 1; } #endif /* CHECKADDRS */ if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_auth_con_getremotesubkey", (PFN*)&p_krb5_auth_con_getremotesubkey)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_auth_con_getremotesubkey",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_auth_con_getkey", (PFN*)&p_krb5_auth_con_getkey)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_auth_con_getkey",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_auth_con_getauthenticator", (PFN*)&p_krb5_auth_con_getauthenticator)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_auth_con_getauthenticator",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_auth_con_setrcache", (PFN*)&p_krb5_auth_con_setrcache)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_auth_con_setrcache",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_get_server_rcache", (PFN*)&p_krb5_get_server_rcache)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_get_server_rcache",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_auth_con_getrcache", (PFN*)&p_krb5_auth_con_getrcache)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_auth_con_getrcache",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_free_tgt_creds", (PFN*)&p_krb5_free_tgt_creds)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_free_tgt_creds",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_rd_cred", (PFN*)&p_krb5_rd_cred)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_rd_cred",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_c_enctype_compare", (PFN*)&p_krb5_c_enctype_compare)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_c_enctype_compare",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_free_error", (PFN*)&p_krb5_free_error)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_free_error",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_sendauth", (PFN*)&p_krb5_sendauth)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_sendauth",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_process_key", (PFN*)&p_krb5_process_key)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_process_key",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_use_enctype", (PFN*)&p_krb5_use_enctype)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_use_enctype",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_encrypt", (PFN*)&p_krb5_encrypt)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_encrypt",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_decrypt", (PFN*)&p_krb5_decrypt)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_decrypt",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_encrypt_size", (PFN*)&p_krb5_encrypt_size)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_encrypt_size",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_kuserok", (PFN*)&p_krb5_kuserok)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_kuserok",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_appdefault_boolean", (PFN*)&p_krb5_appdefault_boolean)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_appdefault_boolean",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_appdefault_string", (PFN*)&p_krb5_appdefault_string)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_appdefault_string",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_get_renewed_creds", (PFN*)&p_krb5_get_renewed_creds)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_get_renewed_creds",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_get_validated_creds", (PFN*)&p_krb5_get_validated_creds)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_get_validated_creds",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_get_init_creds_password", (PFN*)&p_krb5_get_init_creds_password)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_get_init_creds_password",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_get_init_creds_opt_set_address_list", (PFN*)&p_krb5_get_init_creds_opt_set_address_list)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_get_init_creds_opt_set_address_list",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_get_init_creds_opt_set_tkt_life", (PFN*)&p_krb5_get_init_creds_opt_set_tkt_life)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_get_init_creds_opt_set_tkt_life",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_get_init_creds_opt_set_forwardable", (PFN*)&p_krb5_get_init_creds_opt_set_forwardable)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_get_init_creds_opt_set_forwardable",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_get_init_creds_opt_set_proxiable", (PFN*)&p_krb5_get_init_creds_opt_set_proxiable)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_get_init_creds_opt_set_proxiable",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_get_init_creds_opt_set_renew_life", (PFN*)&p_krb5_get_init_creds_opt_set_renew_life)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_get_init_creds_opt_set_renew_life",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_get_init_creds_opt_init", (PFN*)&p_krb5_get_init_creds_opt_init)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_get_init_creds_opt_init",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_get_init_creds_opt_set_etype_list", (PFN*)&p_krb5_get_init_creds_opt_set_etype_list)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_get_init_creds_opt_set_etype_list",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_get_init_creds_opt_set_preauth_list", (PFN*)&p_krb5_get_init_creds_opt_set_preauth_list)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_get_init_creds_opt_set_preauth_list",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_get_init_creds_opt_set_salt", (PFN*)&p_krb5_get_init_creds_opt_set_salt)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_get_init_creds_opt_set_salt",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_rd_safe", (PFN*)&p_krb5_rd_safe)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_rd_safe",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_mk_safe", (PFN*)&p_krb5_mk_safe)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_mk_safe",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_rd_priv", (PFN*)&p_krb5_rd_priv)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_rd_priv",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_mk_priv", (PFN*)&p_krb5_mk_priv)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_mk_priv",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_auth_con_setuseruserkey", (PFN*)&p_krb5_auth_con_setuseruserkey)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_auth_con_setuseruserkey",rc); load_error = 1; } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_get_profile", (PFN*)&p_krb5_get_profile)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_get_profile",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_free_keyblock_contents", (PFN*)&p_krb5_free_keyblock_contents)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_free_keyblock_contents",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_c_encrypt", (PFN*)&p_krb5_c_encrypt)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_c_encrypt",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_c_decrypt", (PFN*)&p_krb5_c_decrypt)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_c_decrypt",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_c_make_random_key", (PFN*)&p_krb5_c_make_random_key)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_c_make_random_key",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_c_random_seed", (PFN*)&p_krb5_c_random_seed)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_c_random_seed",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_c_block_size", (PFN*)&p_krb5_c_block_size)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_c_block_size",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_c_encrypt_length", (PFN*)&p_krb5_c_encrypt_length)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_c_encrypt_length",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_kt_default_name", (PFN*)&p_krb5_kt_default_name)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_kt_default_name",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_cc_get_principal", (PFN*)&p_krb5_cc_get_principal)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_cc_get_principal",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_cc_store_cred", (PFN*)&p_krb5_cc_store_cred)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_cc_store_cred",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_cc_initialize", (PFN*)&p_krb5_cc_initialize)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_cc_initialize",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_cc_destroy", (PFN*)&p_krb5_cc_destroy)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_cc_destroy",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_cc_end_seq_get", (PFN*)&p_krb5_cc_end_seq_get)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_cc_end_seq_get",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_cc_next_cred", (PFN*)&p_krb5_cc_next_cred)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_cc_next_cred",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_cc_start_seq_get", (PFN*)&p_krb5_cc_start_seq_get)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_cc_start_seq_get",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_cc_get_type", (PFN*)&p_krb5_cc_get_type)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_cc_get_type",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_cc_get_name", (PFN*)&p_krb5_cc_get_name)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_cc_get_name",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_cc_set_flags", (PFN*)&p_krb5_cc_set_flags)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_cc_set_flags",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_cc_close", (PFN*)&p_krb5_cc_close)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_cc_close",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_kt_get_type", (PFN*)&p_krb5_kt_get_type)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_kt_get_type",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_kt_get_name", (PFN*)&p_krb5_kt_get_name)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_kt_get_name",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_kt_close", (PFN*)&p_krb5_kt_close)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_kt_close",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_kt_get_entry", (PFN*)&p_krb5_kt_get_entry)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_kt_get_entry",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_kt_start_seq_get", (PFN*)&p_krb5_kt_start_seq_get)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_kt_start_seq_get",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_kt_next_entry", (PFN*)&p_krb5_kt_next_entry)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_kt_next_entry",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_kt_end_seq_get", (PFN*)&p_krb5_kt_end_seq_get)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_kt_end_seq_get",rc); } if (rc = DosQueryProcAddr(hKRB5_32,0,"krb5_build_principal", (PFN*)&p_krb5_build_principal)) { debug(F111,"Kerberos V GetProcAddress failed","krb5_build_principal",rc); } } exe_path = GetLoadPath(); len = get_dir_len(exe_path); if ( len + strlen("XPPROF32") + 4 > sizeof(path) ) return(0); sprintf(path, "%.*s%s.DLL", len, exe_path,"XPPROF32"); /* safe */ rc = DosLoadModule(fail, sizeof(fail), path, &hPROFILE); if (rc) { debug(F111, "Kerberos V Profile LoadLibrary failed",fail,rc) ; rc = DosLoadModule(fail, sizeof(fail), "XPPROF32", &hPROFILE); } if ( rc ) { debug(F111, "Kerberos V Profile LoadLibrary failed",fail,rc) ; } else { if (rc = DosQueryProcAddr(hPROFILE,0,"profile_get_relation_names", (PFN*)&p_profile_get_relation_names)) { debug(F111,"Kerberos V GetProcAddress failed","profile_get_relation_names",rc); } if (rc = DosQueryProcAddr(hPROFILE,0,"profile_get_subsection_names", (PFN*)&p_profile_get_subsection_names)) { debug(F111,"Kerberos V GetProcAddress failed","profile_get_subsection_names",rc); } } #endif /* NT */ if ( deblog ) { if ( hKRB5_32 ) { if ( cygnus ) printf("Cygnus Kerberos 5 available\n"); else printf("MIT Kerberos 5 available\n"); } if ( hKRB524 ) printf("MIT Kerberos 524 available\n"); } /* Attempt to load a krb5_principal_to_userid() function */ #ifdef NT hKRB52UID = LoadLibrary("KRB52UID"); if ( hKRB52UID ) { if (((FARPROC) p_k95_k5_principal_to_localname = GetProcAddress( hKRB52UID, "krb5_principal_to_localname" )) == NULL ) { rc = GetLastError() ; debug(F111,"KRB52UID GetProcAddress failed", "krb5_principal_to_localname",rc); } if (((FARPROC) p_k95_k5_userok = GetProcAddress( hKRB52UID, "krb5_kuserok" )) == NULL ) { rc = GetLastError() ; debug(F111,"KRB52UID GetProcAddress failed","krb5_kuserok",rc); } } /* Initialize Kerberos 5 ticket options based upon MIT Leash selections */ hLEASH = LoadLibrary("LEASHW32"); if ( hLEASH ) { DWORD (* pLeash_get_default_lifetime)(void); DWORD (* pLeash_get_default_forwardable)(void); DWORD (* pLeash_get_default_proxiable)(void); DWORD (* pLeash_get_default_renewable)(void); DWORD (* pLeash_get_default_renew_till)(void); DWORD (* pLeash_get_default_noaddresses)(void); DWORD (* pLeash_get_default_publicip)(void); DWORD (* pLeash_get_default_use_krb4)(void); (FARPROC) pLeash_get_default_lifetime = GetProcAddress(hLEASH, "Leash_get_default_lifetime"); (FARPROC) pLeash_get_default_forwardable = GetProcAddress(hLEASH, "Leash_get_default_forwardable"); (FARPROC) pLeash_get_default_proxiable = GetProcAddress(hLEASH, "Leash_get_default_proxiable"); (FARPROC) pLeash_get_default_renewable = GetProcAddress(hLEASH, "Leash_get_default_renewable"); (FARPROC) pLeash_get_default_renew_till = GetProcAddress(hLEASH, "Leash_get_default_renew_till"); (FARPROC) pLeash_get_default_noaddresses = GetProcAddress(hLEASH, "Leash_get_default_noaddresses"); (FARPROC) pLeash_get_default_publicip = GetProcAddress(hLEASH, "Leash_get_default_publicip"); (FARPROC) pLeash_get_default_use_krb4 = GetProcAddress(hLEASH, "Leash_get_default_use_krb4"); if ( pLeash_get_default_lifetime ) krb5_d_lifetime = pLeash_get_default_lifetime(); if ( pLeash_get_default_forwardable ) krb5_d_forwardable = pLeash_get_default_forwardable(); if ( pLeash_get_default_proxiable ) krb5_d_proxiable = pLeash_get_default_proxiable(); if ( pLeash_get_default_renewable && pLeash_get_default_renew_till) krb5_d_renewable = pLeash_get_default_renewable() ? pLeash_get_default_renew_till() : 0; if ( pLeash_get_default_noaddresses ) krb5_d_no_addresses = pLeash_get_default_noaddresses(); if ( pLeash_get_default_publicip && pLeash_get_default_publicip() ) { DWORD dwValue = pLeash_get_default_publicip(); int i; char buf[17]; for ( i = 0; i < KRB5_NUM_OF_ADDRS && krb5_d_addrs[i]; i++) { if (krb5_d_addrs[i]) free(krb5_d_addrs[i]); krb5_d_addrs[i] = NULL; } sprintf(buf,"%d.%d.%d.%d", (dwValue&0xFF000000)>>24, (dwValue&0x00FF0000)>>16, (dwValue&0x0000FF00)>>8, (dwValue&0x000000FF)); makestr(&krb5_d_addrs[0],buf); } if ( pLeash_get_default_use_krb4 ) krb5_d_getk4 = pLeash_get_default_use_krb4(); FreeLibrary(hLEASH); } #else /* NT */ dllname = "KRB52UID"; len = get_dir_len(exe_path); if ( len + strlen(dllname) + 4 > sizeof(path) ) return(0); sprintf(path, "%.*s%s.DLL", len, exe_path,dllname); rc = DosLoadModule(fail, sizeof(fail), path, &hKRB52UID); if (rc) { debug(F111, "KRB52UID LoadLibrary failed",fail,rc) ; rc = DosLoadModule(fail, sizeof(fail), dllname, &hKRB52UID); } if ( rc ) { debug(F111, "KRB52UID LoadLibrary failed",fail,rc) ; } else { if (rc = DosQueryProcAddr( hKRB52UID, 0, "krb5_principal_to_userid", (PFN*) &p_k95_k5_principal_to_localname)) { debug(F111,"KRB52UID GetProcAddress failed", "krb5_principal_to_userid",rc); } if (rc = DosQueryProcAddr( hKRB52UID, 0, "krb5_userok", (PFN*) &p_k95_k5_userok)) { debug(F111,"KRB52UID GetProcAddress failed", "krb5_userok",rc); } } #endif /* NT */ return(1); #else /* KRB5 */ return(0); #endif /* KRB5 */ } #ifdef CK_SRP #ifdef SRPDLL static HINSTANCE hSRP = NULL; static int srp_dll_loaded = 0; #endif /* SRPDLL */ static int ck_srp_loaddll( void ) { #ifdef SRPDLL ULONG rc = 0 ; int load_error = 0; #ifdef NT hSRP = LoadLibrary("SRP"); if ( !hSRP ) { rc = GetLastError() ; debug(F111, "SRP LoadLibrary failed","SRP",rc) ; } else { if (((FARPROC) p_t_clientresponse = GetProcAddress( hSRP, "t_clientresponse" )) == NULL ) { rc = GetLastError() ; debug(F111, "SRP GetProcAddress failed","t_clientresponse",rc) ; load_error = 1; } if (((FARPROC) p_t_clientgetkey = GetProcAddress( hSRP, "t_clientgetkey" )) == NULL ) { rc = GetLastError() ; debug(F111, "SRP GetProcAddress failed","t_clientgetkey",rc) ; load_error = 1; } if (((FARPROC) p_t_clientpasswd = GetProcAddress( hSRP, "t_clientpasswd" )) == NULL ) { x2 rc = GetLastError() ; debug(F111, "SRP GetProcAddress failed","t_clientpasswd",rc) ; load_error = 1; } if (((FARPROC) p_t_clientgenexp = GetProcAddress( hSRP, "t_clientgenexp" )) == NULL ) { rc = GetLastError() ; debug(F111, "SRP GetProcAddress failed","t_clientgenexp",rc) ; load_error = 1; } if (((FARPROC) p_t_clientopen = GetProcAddress( hSRP, "t_clientopen" )) == NULL ) { rc = GetLastError() ; debug(F111, "SRP GetProcAddress failed","t_clientopen",rc) ; load_error = 1; } if (((FARPROC) p_t_clientverify = GetProcAddress( hSRP, "t_clientverify" )) == NULL ) { rc = GetLastError() ; debug(F111, "SRP GetProcAddress failed","t_clientverify",rc) ; load_error = 1; } if ( load_error ) { ck_srp_loaddll_eh(); return 0; } if ( deblog ) printf("SRP available\n"); } #else /* NT */ Not yet implemented #endif /* NT */ #else /* SRPDLL */ if ( deblog ) printf("SRP available\n"); #endif /* SRPDLL */ return(1); } #ifdef SRPDLL static void ck_srp_loaddll_eh( void ) { if ( hSRP ) { #ifdef NT FreeLibrary(hSRP); hSRP = NULL; #else /* NT */ DosFreeModule(hSRP); hSRP = 0; #endif /* NT */ } #ifdef SRP p_t_clientresponse=NULL; p_t_clientgetkey=NULL; p_t_clientpasswd=NULL; p_t_clientgenexp=NULL; p_t_clientopen=NULL; p_t_clientverify=NULL; #endif /* SRP */ } #endif /* SRPDLL */ int ck_srp_unloaddll( void ) { #ifdef SRPDLL if ( !srp_dll_loaded ) return(1); /* unload dlls */ ck_srp_dll_loaddll_eh(); /* success */ srp_dll_loaded = 0; #endif /* SRPDLL */ return(1); } #include static struct _cipher_desc * (*p_cipher_getdescbyid)(unsigned char id)=NULL; static unsigned char * (*p_cipher_getlist)()=NULL; static struct _cipher_desc * (*p_cipher_getdescbyname)(char * name)=NULL; static struct _hash_desc * (*p_hash_getdescbyid)(unsigned char id)=NULL; static unsigned char * (*p_hash_getlist)()=NULL; static struct _hash_desc * (*p_hash_getdescbyname)(char * name)=NULL; static void (*p_krypto_delete)(krypto_context * cc)=NULL; static krypto_context * (*p_krypto_new)( unsigned cid, unsigned hid, unsigned char *key, unsigned keylen, unsigned char *iv, unsigned ivlen, unsigned char *seq, unsigned state)=NULL; static int (*p_hash_supported)(unsigned char * a, unsigned char b)=NULL; static int (*p_cipher_supported)(unsigned char *a, unsigned char b)=NULL; static int (*p_krypto_msg_safe)(krypto_context *cc, unsigned char *in, unsigned char * out, int len)=NULL; static int (*p_krypto_msg_priv)(krypto_context *cc, unsigned char *in, unsigned char * out, int len)=NULL; struct _cipher_desc * ck_cipher_getdescbyid(unsigned char id) { if ( p_cipher_getdescbyid ) return(p_cipher_getdescbyid(id)); else return(NULL); } unsigned char * ck_cipher_getlist() { if ( p_cipher_getlist ) return(p_cipher_getlist()); else return(NULL); } struct _cipher_desc * ck_cipher_getdescbyname(char * name) { if ( p_cipher_getdescbyname ) return(p_cipher_getdescbyname(name)); else return(NULL); } struct _hash_desc * ck_hash_getdescbyid(unsigned char id) { if ( p_hash_getdescbyid ) return(p_hash_getdescbyid(id)); return(NULL); } unsigned char * ck_hash_getlist() { if ( p_hash_getlist ) return(p_hash_getlist()); else return(NULL); } struct _hash_desc * ck_hash_getdescbyname(char * name) { if ( p_hash_getdescbyname ) return(p_hash_getdescbyname(name)); else return(NULL); } void ck_krypto_delete(krypto_context * cc) { if ( p_krypto_delete && cc) p_krypto_delete(cc); } krypto_context * ck_krypto_new( unsigned cid, unsigned hid, unsigned char *key, unsigned keylen, unsigned char *iv, unsigned ivlen, unsigned char *seq, unsigned state) { if ( p_krypto_new ) return(p_krypto_new(cid, hid, key, keylen, iv, ivlen, seq, state)); else return(NULL); } int ck_hash_supported(unsigned char * a, unsigned char b) { if ( p_hash_supported ) return(p_hash_supported(a,b)); else return(0); } int ck_cipher_supported(unsigned char *a, unsigned char b) { if ( p_cipher_supported ) return(p_cipher_supported(a,b)); else return(0); } int ck_krypto_msg_safe(krypto_context *cc, unsigned char *in, unsigned char * out, int len) { if ( p_krypto_msg_safe ) return(p_krypto_msg_safe(cc,in,out,len)); else return(-1); } int ck_krypto_msg_priv(krypto_context *cc, unsigned char *in, unsigned char * out, int len) { if ( p_krypto_msg_priv ) return(p_krypto_msg_priv(cc,in,out,len)); else return(-1); } static int krypto_loaded=0; #ifdef NT HINSTANCE hLIBKRYPTO = NULL; #else HMODULE hLIBKRYPTO = 0; #endif /* NT */ static void load_krypto_eh() { if ( hLIBKRYPTO ) { #ifdef NT FreeLibrary(hLIBKRYPTO); hLIBKRYPTO = NULL; #else DosFreeModule(hLIBKRYPTO); hLIBKRYPTO = 0; #endif /* NT */ } p_cipher_getdescbyid = NULL; p_cipher_getlist = NULL; p_cipher_getdescbyname = NULL; p_hash_getdescbyid = NULL; p_hash_getlist = NULL; p_hash_getdescbyname = NULL; p_krypto_delete = NULL; p_krypto_new = NULL; p_hash_supported = NULL; p_cipher_supported = NULL; p_krypto_msg_safe = NULL; p_krypto_msg_priv = NULL; krypto_loaded = 0; } static int ck_krypto_loaddll() { ULONG rc = 0; int load_error = 0; #ifdef OS2ONLY CHAR *exe_path; CHAR path[256]; CHAR * dllname = "KRYPTO"; #endif /* OS2ONLY */ if ( krypto_loaded ) return(1); #ifdef NT hLIBKRYPTO = LoadLibrary("KRYPTO"); if ( !hLIBKRYPTO ) return(0); if (((FARPROC) p_cipher_getdescbyid = GetProcAddress( hLIBKRYPTO, "cipher_getdescbyid" )) == NULL ) { rc = GetLastError() ; load_error = 1; } if (((FARPROC) p_cipher_getlist = GetProcAddress( hLIBKRYPTO, "cipher_getlist" )) == NULL ) { rc = GetLastError() ; load_error = 1; } if (((FARPROC) p_cipher_getdescbyname = GetProcAddress( hLIBKRYPTO, "cipher_getdescbyname" )) == NULL ) { rc = GetLastError() ; load_error = 1; } if (((FARPROC) p_hash_getdescbyid = GetProcAddress( hLIBKRYPTO, "hash_getdescbyid" )) == NULL ) { rc = GetLastError() ; load_error = 1; } if (((FARPROC) p_hash_getlist = GetProcAddress( hLIBKRYPTO, "hash_getlist" )) == NULL ) { rc = GetLastError() ; load_error = 1; } if (((FARPROC) p_hash_getdescbyname = GetProcAddress( hLIBKRYPTO, "hash_getdescbyname" )) == NULL ) { rc = GetLastError() ; load_error = 1; } if (((FARPROC) p_krypto_delete = GetProcAddress( hLIBKRYPTO, "krypto_delete" )) == NULL ) { rc = GetLastError() ; load_error = 1; } if (((FARPROC) p_krypto_new = GetProcAddress( hLIBKRYPTO, "krypto_new" )) == NULL ) { rc = GetLastError() ; load_error = 1; } if (((FARPROC) p_hash_supported = GetProcAddress( hLIBKRYPTO, "hash_supported" )) == NULL ) { rc = GetLastError() ; load_error = 1; } if (((FARPROC) p_cipher_supported = GetProcAddress( hLIBKRYPTO, "cipher_supported" )) == NULL ) { rc = GetLastError() ; load_error = 1; } if (((FARPROC) p_krypto_msg_safe = GetProcAddress( hLIBKRYPTO, "krypto_msg_safe" )) == NULL ) { rc = GetLastError() ; load_error = 1; } if (((FARPROC) p_krypto_msg_priv = GetProcAddress( hLIBKRYPTO, "krypto_msg_priv" )) == NULL ) { rc = GetLastError() ; load_error = 1; } if ( load_error ) { load_krypto_eh(); return 0; } krypto_loaded = 1; #else /* NT */ return(0); #endif /* NT */ return(1); } static int ck_krypto_unloaddll() { if ( !krypto_loaded ) return(1); load_krypto_eh(); return(1); } int krypto_avail() { return krypto_loaded; } #else int krypto_avail() { return 0; } #endif /* CK_SRP */ #ifdef KRB5 #include #include static unsigned long (KRB5_CALLCONV * p_gss_release_buffer) ( unsigned long *, gss_buffer_t )= NULL; static unsigned long (KRB5_CALLCONV * p_gss_seal)(unsigned long *, gss_ctx_id_t, int, int, gss_buffer_t, int *, gss_buffer_t )= NULL; static unsigned long (KRB5_CALLCONV * p_gss_unseal)(unsigned long *, gss_ctx_id_t, gss_buffer_t, gss_buffer_t, int *, int * )= NULL; static unsigned long (KRB5_CALLCONV * p_gss_release_name)(unsigned long *, gss_name_t *)= NULL; static unsigned long (KRB5_CALLCONV * p_gss_init_sec_context) (unsigned long *, gss_cred_id_t, gss_ctx_id_t *, gss_name_t, gss_OID, OM_uint32, OM_uint32, gss_channel_bindings_t, gss_buffer_t, gss_OID *, gss_buffer_t, unsigned long *, unsigned long * )= NULL; static unsigned long (KRB5_CALLCONV * p_gss_import_name)(unsigned long *, gss_buffer_t, gss_OID, gss_name_t * )= NULL; static unsigned long (KRB5_CALLCONV * p_gss_display_status)(unsigned long *, unsigned long, int, gss_OID, unsigned long *, gss_buffer_t)= NULL; static unsigned long (KRB5_CALLCONV * p_gss_indicate_mechs) (OM_uint32 * minor_status, gss_OID_set * mech_set)= NULL; OM_uint32 (KRB5_CALLCONV * p_gss_verify_mic) (OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_buffer_t, /* message_buffer */ gss_buffer_t, /* message_token */ gss_qop_t * /* qop_state */ )=NULL; OM_uint32 (KRB5_CALLCONV * p_gss_release_cred) (OM_uint32 *, /* minor_status */ gss_cred_id_t * /* cred_handle */ )=NULL; OM_uint32 (KRB5_CALLCONV * p_gss_delete_sec_context) (OM_uint32 *, /* minor_status */ gss_ctx_id_t *, /* context_handle */ gss_buffer_t /* output_token */ )=NULL; OM_uint32 (KRB5_CALLCONV * p_gss_accept_sec_context) (OM_uint32 *, /* minor_status */ gss_ctx_id_t *, /* context_handle */ gss_cred_id_t, /* acceptor_cred_handle */ gss_buffer_t, /* input_token_buffer */ gss_channel_bindings_t, /* input_chan_bindings */ gss_name_t *, /* src_name */ gss_OID *, /* mech_type */ gss_buffer_t, /* output_token */ OM_uint32 *, /* ret_flags */ OM_uint32 *, /* time_rec */ gss_cred_id_t * /* delegated_cred_handle */ )=NULL; OM_uint32 (KRB5_CALLCONV * p_gss_acquire_cred) (OM_uint32 *, /* minor_status */ gss_name_t, /* desired_name */ OM_uint32, /* time_req */ gss_OID_set, /* desired_mechs */ gss_cred_usage_t, /* cred_usage */ gss_cred_id_t *, /* output_cred_handle */ gss_OID_set *, /* actual_mechs */ OM_uint32 * /* time_rec */ )=NULL; OM_uint32 (KRB5_CALLCONV * p_gss_get_mic) (OM_uint32 *, /* minor_status */ gss_ctx_id_t, /* context_handle */ gss_qop_t, /* qop_req */ gss_buffer_t, /* message_buffer */ gss_buffer_t /* message_token */ )=NULL; OM_uint32 (KRB5_CALLCONV * p_gss_display_name) (OM_uint32 *, /* minor_status */ gss_name_t, /* input_name */ gss_buffer_t, /* output_name_buffer */ gss_OID * /* output_name_type */ )=NULL; OM_uint32 (KRB5_CALLCONV * p_gss_test_oid_set_member) (OM_uint32 *, /* minor_status */ gss_OID, /* member */ gss_OID_set, /* set */ int * /* present */ )=NULL; OM_uint32 (KRB5_CALLCONV * p_gss_add_oid_set_member) (OM_uint32 *, /* minor_status */ gss_OID, /* member_oid */ gss_OID_set * /* oid_set */ )=NULL; OM_uint32 (KRB5_CALLCONV * p_gss_create_empty_oid_set) (OM_uint32 *, /* minor_status */ gss_OID_set * /* oid_set */ )=NULL; OM_uint32 (KRB5_CALLCONV * p_gss_release_oid_set) (OM_uint32 *, /* minor_status */ gss_OID_set * /* set */ )=NULL; unsigned long ck_gss_release_buffer( unsigned long * c, gss_buffer_t b) { if ( p_gss_release_buffer ) return(p_gss_release_buffer(c,b)); else return(GSS_S_UNAVAILABLE); } unsigned long ck_gss_seal(unsigned long * a, gss_ctx_id_t b, int c, int d, gss_buffer_t e, int * f, gss_buffer_t g) { if ( p_gss_seal ) return(p_gss_seal(a,b,c,d,e,f,g)); else return(GSS_S_UNAVAILABLE); } unsigned long ck_gss_unseal(unsigned long * a, gss_ctx_id_t b, gss_buffer_t c, gss_buffer_t d, int * e, int * f ) { if ( p_gss_unseal ) return(p_gss_unseal(a,b,c,d,e,f)); else return(GSS_S_UNAVAILABLE); } unsigned long ck_gss_release_name(unsigned long * a, gss_name_t * b) { if ( p_gss_release_name ) return(p_gss_release_name(a,b)); else return(GSS_S_UNAVAILABLE); } unsigned long ck_gss_init_sec_context(unsigned long * a, gss_cred_id_t b, gss_ctx_id_t * c, gss_name_t d, gss_OID e, OM_uint32 f, OM_uint32 g, gss_channel_bindings_t h, gss_buffer_t i, gss_OID * j, gss_buffer_t k, unsigned long * l, unsigned long * m) { if ( p_gss_init_sec_context ) return(p_gss_init_sec_context(a,b,c,d,e,f,g,h,i,j,k,l,m)); else return(GSS_S_UNAVAILABLE); } unsigned long ck_gss_import_name(unsigned long * a, gss_buffer_t b, gss_OID c, gss_name_t * d) { if ( p_gss_import_name ) return(p_gss_import_name(a,b,c,d)); else return(GSS_S_UNAVAILABLE); } unsigned long ck_gss_display_status(unsigned long * a, unsigned long b, int c, gss_OID d, unsigned long * e, gss_buffer_t f ) { if ( p_gss_display_status ) return(p_gss_display_status(a,b,c,d,e,f)); else return(GSS_S_UNAVAILABLE); } unsigned long ck_gss_indicate_mechs(OM_uint32 * minor_status, gss_OID_set * mech_set) { if ( p_gss_indicate_mechs ) return(p_gss_indicate_mechs(minor_status,mech_set)); else return(GSS_S_UNAVAILABLE); } OM_uint32 ck_gss_verify_mic(OM_uint32 * status, /* minor_status */ gss_ctx_id_t context, /* context_handle */ gss_buffer_t buf, /* message_buffer */ gss_buffer_t tok, /* message_token */ gss_qop_t * qop /* qop_state */ ) { if ( p_gss_verify_mic ) return(p_gss_verify_mic(status,context,buf,tok,qop)); else return(GSS_S_UNAVAILABLE); } OM_uint32 ck_gss_release_cred(OM_uint32 * status, /* minor_status */ gss_cred_id_t * cred /* cred_handle */ ) { if ( p_gss_release_cred ) return(p_gss_release_cred(status,cred)); else return(GSS_S_UNAVAILABLE); } OM_uint32 ck_gss_delete_sec_context(OM_uint32 * status, /* minor_status */ gss_ctx_id_t * context, /* context_handle */ gss_buffer_t tok /* output_token */ ) { if ( p_gss_delete_sec_context ) return(p_gss_delete_sec_context(status,context,tok)); else return(GSS_S_UNAVAILABLE); } OM_uint32 ck_gss_accept_sec_context(OM_uint32 * status, /* minor_status */ gss_ctx_id_t * context, /* context_handle */ gss_cred_id_t acceptor, /* acceptor_cred_handle */ gss_buffer_t buf, /* input_token_buffer */ gss_channel_bindings_t binding, /* input_chan_bindings */ gss_name_t * name, /* src_name */ gss_OID * type, /* mech_type */ gss_buffer_t out, /* output_token */ OM_uint32 * ret, /* ret_flags */ OM_uint32 * time, /* time_rec */ gss_cred_id_t * delcred /* delegated_cred_handle */ ) { if ( p_gss_accept_sec_context ) return(p_gss_accept_sec_context(status,context,acceptor,buf,binding, name, type, out, ret, time, delcred)); else return(GSS_S_UNAVAILABLE); } OM_uint32 ck_gss_acquire_cred(OM_uint32 * status, /* minor_status */ gss_name_t name, /* desired_name */ OM_uint32 timereq, /* time_req */ gss_OID_set dmechs, /* desired_mechs */ gss_cred_usage_t usage, /* cred_usage */ gss_cred_id_t * outcred, /* output_cred_handle */ gss_OID_set * amechs, /* actual_mechs */ OM_uint32 * timerec /* time_rec */ ) { if ( p_gss_acquire_cred ) return(p_gss_acquire_cred(status,name,timereq,dmechs,usage,outcred,amechs,timerec)); else return(GSS_S_UNAVAILABLE); } OM_uint32 ck_gss_get_mic(OM_uint32 * status, /* minor_status */ gss_ctx_id_t context, /* context_handle */ gss_qop_t qop, /* qop_req */ gss_buffer_t buf, /* message_buffer */ gss_buffer_t tok /* message_token */ ) { if ( p_gss_get_mic ) return(p_gss_get_mic(status,context,qop,buf,tok)); else return(GSS_S_UNAVAILABLE); } OM_uint32 ck_gss_display_name(OM_uint32 * status, /* minor_status */ gss_name_t inname, /* input_name */ gss_buffer_t outname, /* output_name_buffer */ gss_OID * outtype /* output_name_type */ ) { if ( p_gss_display_name ) return(p_gss_display_name(status,inname,outname,outtype)); else return(GSS_S_UNAVAILABLE); } OM_uint32 ck_gss_test_oid_set_member(OM_uint32 * status, /* minor_status */ gss_OID member, /* member */ gss_OID_set set, /* set */ int * present /* present */ ) { if ( p_gss_test_oid_set_member ) return(p_gss_test_oid_set_member(status,member,set,present)); else return(GSS_S_UNAVAILABLE); } OM_uint32 ck_gss_add_oid_set_member(OM_uint32 * status, /* minor_status */ gss_OID member, /* member_oid */ gss_OID_set * set /* oid_set */ ) { if ( p_gss_add_oid_set_member ) return(p_gss_add_oid_set_member(status,member,set)); else return(GSS_S_UNAVAILABLE); } OM_uint32 ck_gss_create_empty_oid_set(OM_uint32 * status, /* minor_status */ gss_OID_set * set /* oid_set */ ) { if ( p_gss_create_empty_oid_set ) return(p_gss_create_empty_oid_set(status,set)); else return(GSS_S_UNAVAILABLE); } OM_uint32 ck_gss_release_oid_set(OM_uint32 * status, /* minor_status */ gss_OID_set * set /* set */ ) { if ( p_gss_release_oid_set ) return(p_gss_release_oid_set(status,set)); else return(GSS_S_UNAVAILABLE); } static int gssapi_loaded = 0; static void load_gssapi_eh() { if ( hGSSAPI) { #ifdef NT FreeLibrary(hGSSAPI); hGSSAPI = NULL; #else DosFreeModule(hGSSAPI); hGSSAPI = 0; #endif /* NT */ } p_gss_release_buffer = NULL; p_gss_seal = NULL; p_gss_unseal = NULL; p_gss_release_name = NULL; p_gss_init_sec_context = NULL; p_gss_display_status = NULL; p_gss_indicate_mechs = NULL; p_gss_verify_mic = NULL; p_gss_test_oid_set_member = NULL; p_gss_add_oid_set_member = NULL; p_gss_create_empty_oid_set = NULL; p_gss_release_cred = NULL; p_gss_delete_sec_context = NULL; p_gss_accept_sec_context = NULL; p_gss_release_oid_set = NULL; p_gss_acquire_cred = NULL; p_gss_display_name = NULL; p_gss_get_mic = NULL; gssapi_loaded = 0; } int ck_gssapi_loaddll() { ULONG rc = 0; int load_error = 0; gss_OID_set mech_set=NULL; OM_uint32 minor_status=0; #ifdef OS2ONLY CHAR *exe_path; CHAR path[256]; CHAR * dllname = "GSSAPI32"; int len; #endif /* OS2ONLY */ if ( gssapi_loaded ) return(1); #ifdef NT hGSSAPI = LoadLibrary("GSSKRB5"); if ( !hGSSAPI ) hGSSAPI = LoadLibrary("GSSAPI32"); if ( !hGSSAPI ) return(0); if (((FARPROC) p_gss_release_buffer = GetProcAddress( hGSSAPI, "gss_release_buffer" )) == NULL ) { load_error = 1; } if (((FARPROC) p_gss_seal = GetProcAddress( hGSSAPI, "gss_seal" )) == NULL ) { load_error = 1; } if (((FARPROC) p_gss_unseal = GetProcAddress( hGSSAPI, "gss_unseal" )) == NULL ) { load_error = 1; } if (((FARPROC) p_gss_release_name = GetProcAddress( hGSSAPI, "gss_release_name" )) == NULL ) { load_error = 1; } if (((FARPROC) p_gss_init_sec_context = GetProcAddress( hGSSAPI, "gss_init_sec_context" )) == NULL ) { load_error = 1; } if (((FARPROC) p_gss_import_name = GetProcAddress( hGSSAPI, "gss_import_name" )) == NULL ) { load_error = 1; } if (((FARPROC) p_gss_display_status = GetProcAddress( hGSSAPI, "gss_display_status" )) == NULL ) { load_error = 1; } if (((FARPROC) p_gss_indicate_mechs = GetProcAddress( hGSSAPI, "gss_indicate_mechs" )) == NULL ) { load_error = 1; } if (((FARPROC) p_gss_verify_mic = GetProcAddress( hGSSAPI, "gss_verify_mic" )) == NULL ) { load_error = 1; } if (((FARPROC) p_gss_test_oid_set_member = GetProcAddress( hGSSAPI, "gss_test_oid_set_member" )) == NULL ) { load_error = 1; } if (((FARPROC) p_gss_add_oid_set_member = GetProcAddress( hGSSAPI, "gss_add_oid_set_member" )) == NULL ) { load_error = 1; } if (((FARPROC) p_gss_create_empty_oid_set = GetProcAddress( hGSSAPI, "gss_create_empty_oid_set" )) == NULL ) { load_error = 1; } if (((FARPROC) p_gss_release_cred = GetProcAddress( hGSSAPI, "gss_release_cred" )) == NULL ) { load_error = 1; } if (((FARPROC) p_gss_delete_sec_context = GetProcAddress( hGSSAPI, "gss_delete_sec_context" )) == NULL ) { load_error = 1; } if (((FARPROC) p_gss_accept_sec_context = GetProcAddress( hGSSAPI, "gss_accept_sec_context" )) == NULL ) { load_error = 1; } if (((FARPROC) p_gss_release_oid_set = GetProcAddress( hGSSAPI, "gss_release_oid_set" )) == NULL ) { load_error = 1; } if (((FARPROC) p_gss_acquire_cred = GetProcAddress( hGSSAPI, "gss_acquire_cred" )) == NULL ) { load_error = 1; } if (((FARPROC) p_gss_display_name = GetProcAddress( hGSSAPI, "gss_display_name" )) == NULL ) { load_error = 1; } if (((FARPROC) p_gss_get_mic = GetProcAddress( hGSSAPI, "gss_get_mic" )) == NULL ) { load_error = 1; } #else /* NT */ exe_path = GetLoadPath(); len = get_dir_len(exe_path); if ( len + strlen(dllname) + 4 > sizeof(path) ) return(0); sprintf(path, "%.*s%s.DLL", len, exe_path,dllname); /* safe */ rc = DosLoadModule(fail, sizeof(fail), path, &hGSSAPI); if (rc) { debug(F111, "GSSAPI LoadLibrary failed",fail,rc) ; rc = DosLoadModule(fail, sizeof(fail), dllname, &hGSSAPI); } if (rc) { debug(F111, "GSSAPI LoadLibrary failed",fail,rc) ; return(0); } if (rc = DosQueryProcAddr(hGSSAPI,0,"gss_release_buffer", (PFN*)&p_gss_release_buffer)) { debug(F111,"GSSAPI GetProcAddress failed","gss_release_buffer",rc); load_error = 1; } if (rc = DosQueryProcAddr(hGSSAPI,0,"gss_seal", (PFN*)&p_gss_seal)) { debug(F111,"GSSAPI GetProcAddress failed","gss_seal",rc); load_error = 1; } if (rc = DosQueryProcAddr(hGSSAPI,0,"gss_unseal", (PFN*)&p_gss_unseal)) { debug(F111,"GSSAPI GetProcAddress failed","gss_unseal",rc); load_error = 1; } if (rc = DosQueryProcAddr(hGSSAPI,0,"gss_release_name", (PFN*)&p_gss_release_name)) { debug(F111,"GSSAPI GetProcAddress failed","gss_release_name",rc); load_error = 1; } if (rc = DosQueryProcAddr(hGSSAPI,0,"gss_init_sec_context", (PFN*)&p_gss_init_sec_context)) { debug(F111,"GSSAPI GetProcAddress failed","gss_init_sec_context",rc); load_error = 1; } if (rc = DosQueryProcAddr(hGSSAPI,0,"gss_import_name", (PFN*)&p_gss_import_name)) { debug(F111,"GSSAPI GetProcAddress failed","gss_import_name",rc); load_error = 1; } if (rc = DosQueryProcAddr(hGSSAPI,0,"gss_display_status", (PFN*)&p_gss_display_status)) { debug(F111,"GSSAPI GetProcAddress failed","gss_display_status",rc); load_error = 1; } if (rc = DosQueryProcAddr(hGSSAPI,0,"gss_indicate_mechs", (PFN*)&p_gss_indicate_mechs)) { debug(F111,"GSSAPI GetProcAddress failed","gss_indicate_mechs",rc); load_error = 1; } #endif /* NT */ if ( load_error ) { load_gssapi_eh(); return 0; } gssapi_loaded = 1; return(1); } int ck_gssapi_unloaddll() { if ( !gssapi_loaded ) return(1); load_gssapi_eh(); return(1); } int gssapi_avail() { return gssapi_loaded; } #else /* GSSAPI */ int ck_gssapi_unloaddll() { return 0; } int gssapi_avail() { return 0; } #endif /* GSSAPI */ int ck_security_loaddll( void ) { ULONG rc = 0 ; extern unsigned long startflags; if ( security_dll_loaded ) return(1); if ( startflags & 8 ) /* do not load if we are not supposed to */ return(0); /* Cygnus Solutions builds the libraries differently from MIT */ /* Cygnus combines KRB5_32 and COMERR32 into a single DLL */ /* called LIBKRB5. */ /* load dlls */ #ifdef CRYPT_DLL ck_crypt_loaddll(); #endif /* CRYPT_DLL */ #ifdef NTLM ck_sspi_loaddll(); #endif /* NTLM */ #ifdef CK_SRP if (ck_srp_loaddll() && hCRYPT) ck_krypto_loaddll(); #endif /* CK_SRP */ #ifdef CK_KERBEROS #ifdef KRB5 ck_krb5_loaddll(); ck_gssapi_loaddll(); #endif /* KRB5 */ #ifdef KRB4 ck_krb4_loaddll(); #endif /* KRB4 */ #endif /* CK_KERBEROS */ #ifdef CK_SSL ck_crypto_loaddll(); ck_ssl_loaddll(); #endif /* CK_SSL */ #ifdef ZLIB ck_zlib_loaddll(); #endif /* ZLIB */ /* success */ security_dll_loaded = 1; return(1); } int ck_security_unloaddll( void ) { if ( !security_dll_loaded ) return(1); /* unload dlls */ ck_krb4_loaddll_eh(); ck_gssapi_unloaddll(); ck_krb5_loaddll_eh(); #ifdef CK_SSL ck_ssl_unloaddll(); ck_crypto_unloaddll(); #endif /* CK_SSL */ #ifdef ZLIB ck_zlib_unloaddll(); #endif /* ZLIB */ #ifdef CRYPT_DLL ck_crypt_unloaddll(); #endif /* CRYPT_DLL */ #ifdef NTLM ck_ntlm_unloaddll(); #endif /* NTLM */ #ifdef CK_SRP ck_srp_unloaddll(); ck_krypto_unloaddll(); #endif /* CK_SRP */ /* success */ security_dll_loaded = 0; return(1); } #ifdef KRB5 int is_NRL_KRB5() { return !cygnus && p_decode_krb5_ticket && p_des_set_random_generator_seed && p_krb5_appdefault_boolean && p_krb5_appdefault_string && !p_krb5_free_unparsed_name && !p_krb5_auth_con_getrcache && !p_krb5_c_enctype_compare && !p_krb5_kuserok && !p_krb5_get_renewed_creds && !p_krb5_get_validated_creds; } int has_NEW_KRB5_CRYPTO() { return(p_krb5_c_encrypt && p_krb5_c_decrypt && p_krb5_c_make_random_key && p_krb5_c_random_seed && p_krb5_c_block_size && p_krb5_c_encrypt_length); } #endif /* KRB5 */ #endif /* End OS2 DLL Function Pointers */ #ifdef COMMENT Undocumented function: From: "Maxim S. Shatskih" Looks like calling NtCreateToken from your service running under LocalSystem is the only way. The function is completely undocumented - looks like it accepts parameters like user's SID, all groups SID's (to which this user belongs) and all privilige IDs - which this user posesses. Calling the function will bypass NT security & log the specified user on without any password validation (you are free to use your own instead of NTs standard) & audit trail. In fact, this means that you implement your own LSA :-) // untested HCRYPTPROV hProvider = 0; BYTE randomBytes[128]; CryptAcquireContext(&hProvider, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT); CryptGenRandom(hProvider, sizeof(randomBytes), randomBytes); #endif /* COMMENT */ #endif /* CK_AUTHENTICATION */