// ---------------------------------------------------------- // File: ni_krb4.c // // Contents: main module for ni_krb4.dll. // ni_krb4.dll is the DLL to provide // authentication module which authenticates on kerberos-5, // for ni_pam // // History: 7-2-97 Naomaru Itoi created #include "ni_krb4.h" HINSTANCE hDllInstance; // my instance extern int passwd_to_key(char *, char *, char *, C_Block); extern long kadm_change_your_password(LPSTR, LPSTR, LPSTR, HANDLE FAR *); //extern char far * get_krb_err_txt_entry( int i); // functions BOOL WINAPI DllMain( HINSTANCE hInstance, DWORD dwReason, LPVOID lpReserved) { switch (dwReason) { case DLL_PROCESS_ATTACH: DisableThreadLibraryCalls ( hInstance ); hDllInstance = hInstance; case DLL_PROCESS_DETACH: default: return(TRUE); } } BOOL WINAPI ni_sm_authenticate(NISTRUCT *niStruct) { WCHAR wcBuf[256]; WCHAR wlrealm[256]; CHAR username[256], password[256]; CHAR lrealm[REALM_SZ]; CHAR *tf_nam = NULL; INT tkt_life = DEFAULT_TKT_LIFE; INT retval; INT i; for (i=0; iusername,-1,username, 256,(LPCSTR)0,(LPBOOL)0); WideCharToMultiByte(CP_ACP,0,niStruct->password,-1,password, 256,(LPCSTR)0,(LPBOOL)0); D(L"ni_krb4 : ni_sm_authenticate() called. \n"); wprintf(L"%d: ni_krb4 start\n", GetTickCount()); // We don't allow null Kerberos password if (!password) return NI_FAILURE; // get local realm if (krb_get_lrealm(lrealm, 1) != KSUCCESS) { D(L"cannot get local realm\n"); return NI_FAILURE; } MultiByteToWideChar(CP_ACP, 0, lrealm, strlen(lrealm), wlrealm, 256); /* wsprintf (wcBuf,L"User=[%s], Password=[%s], Local Realm=[%s]", niStruct->username, niStruct->password, wlrealm); NIError(wcBuf, L"NI_KRB4");*/ wprintf(L"%d: ni_krb4 start\n", GetTickCount()); // NI, from here!! // tf_nam = tmpnam(NULL); // I don't do set_tkt string. Simply use TKT_FILE in krb.h: // "\\kerberos\\ticket.ses" retval = krb_get_pw_in_tkt((void *)username, (void *)"", lrealm, (void *)"krbtgt", lrealm, tkt_life, (void *)password); wprintf(L"%d: ni_krb4 done\n", GetTickCount()); if (retval==KSUCCESS) { wsprintf (wcBuf,L"%s: succeeded to get kerberos4 tgt\n", niStruct->username); NIError(wcBuf, L"NI_KRB4"); return (NI_SUCCESS); } else { printf("Failed to get Kerberos4 TGT\n"); wsprintf (wcBuf,L"error : %s : failed to get kerberos4 tgt error=%d\n", niStruct->username, retval); // NIError(wcBuf, L"NI_KRB4"); MessageBox(NULL, wcBuf, L"NI_KRB4", (MB_OK | MB_SETFOREGROUND)); return (NI_FAILURE); } } // ni_sm_logout() // logout kerberos 4 = destroy k4 ticket. // 1997/7/13, Naomaru Itoi, created INT WINAPI ni_sm_logout() { INT rv; if ((rv=dest_tkt()) == KSUCCESS) rv = NI_SUCCESS; else rv = NI_FAILURE; return rv; } // ni_sm_chpass_check() // preliminary check for change password protocol. // 7-14-1997, Naomaru Itoi, created INT WINAPI ni_sm_chpass_check(NISTRUCT *niStruct) { //WCHAR wcBuf[256]; CHAR username[256], oldPassword[256], newPassword[256]; CHAR lrealm[REALM_SZ]; CHAR *tf_nam = NULL; INT tkt_life = DEFAULT_TKT_LIFE; INT retval; WideCharToMultiByte(CP_ACP,0,niStruct->username,-1,username, 256,(LPCSTR)0,(LPBOOL)0); WideCharToMultiByte(CP_ACP,0,niStruct->oldPassword,-1,oldPassword, 256,(LPCSTR)0,(LPBOOL)0); WideCharToMultiByte(CP_ACP,0,niStruct->newPassword,-1,newPassword, 256,(LPCSTR)0,(LPBOOL)0); D(L"ni_krb4 : ni_sm_chpass_check() called. \n"); // We don't allow null Kerberos password if (!oldPassword) return NI_FAILURE; // get local realm if (krb_get_lrealm(lrealm, 1) != KSUCCESS) { D(L"cannot get local realm\n"); return NI_FAILURE; } printf("username=%s, local realm=%s\n", username, lrealm); printf("%s.%s@%s\n", PWSERV_NAME, KRB_MASTER, lrealm); // I don't do set_tkt string. Simply use TKT_FILE in krb.h: // "\\kerberos\\ticket.ses" retval = krb_get_pw_in_tkt((void *)username, (void *)"", lrealm, (void *)PWSERV_NAME, (void *)KRB_MASTER, tkt_life, (void *)oldPassword); /* retval = krb_get_in_tkt((void *)username, (void *)"", lrealm, (void *)PWSERV_NAME, (void *)KRB_MASTER, tkt_life, passwd_to_key, NULL, (void *)oldPassword); */ printf("krb_get_pw_in_tkt() returns %s (%d)\n", ""/*get_krb_err_txt_entry(retval)*/, retval); if (retval==KSUCCESS) { return (NI_SUCCESS); } else { return (NI_FAILURE); } } // ni_sm_chpass() // change password function. // 7-14-1997, Naomaru Itoi, created INT WINAPI ni_sm_chpass(NISTRUCT *niStruct) { HANDLE FAR *hInfo_desc; INT rv; CHAR username[256], oldPassword[256], newPassword[256]; WideCharToMultiByte(CP_ACP,0,niStruct->username,-1,username, 256,(LPCSTR)0,(LPBOOL)0); WideCharToMultiByte(CP_ACP,0,niStruct->oldPassword,-1,oldPassword, 256,(LPCSTR)0,(LPBOOL)0); WideCharToMultiByte(CP_ACP,0,niStruct->newPassword,-1,newPassword, 256,(LPCSTR)0,(LPBOOL)0); wprintf(L"ni_sm_chpass(%s, %s, %s)\n", niStruct->username, niStruct->oldPassword, niStruct->newPassword); // let's change! rv = kadm_change_your_password(username, oldPassword, newPassword, hInfo_desc); printf("kadm_change_your_password() returns %s (%d)\n", ""/*get_krb_err_txt_entry(rv)*/, rv); return rv; }