2 * Copyright (c) 1992, 1994 Regents of the University of Michigan.
5 * kerberos.c - for the windows environment
22 * get_kerberosv4_credentials - obtain kerberos v4 credentials for ldap.
23 * this includes krbtgt, and any service tickets
28 get_kerberosv4_credentials( LDAP *ld, char *who, char *service, int *len )
30 static short authman_refnum = 0;
31 static char ticket[ MAX_KTXT_LEN ];
32 short version, ticketlen, err;
33 AUTH_PTR ticketStorage = ticket;
34 AUTH_SHORT_PTR pTicketLen = &ticketlen;
35 AUTH_STR_PTR pName = service;
36 AUTH_STR_PTR pInstance;
37 HINSTANCE instAuthLibDLL = NULL;
38 pfn_openAuthMan fp_openAuthMan = NULL;
39 pfn_closeAuthMan fp_closeAuthMan = NULL;
40 pfn_getV4Ticket fp_getV4Ticket = NULL;
44 pInstance = ld->ld_defconn->lconn_krbinstance;
45 #else /* LDAP_REFERRALS */
46 pInstance = ld->ld_host;
47 #endif /* LDAP_REFERRALS */
49 if ( !pInstance ) { // if we don't know name of service host, no chance for service tickets
50 ld->ld_errno = LDAP_LOCAL_ERROR;
51 WSASetLastError(WSANO_ADDRESS);
55 if ( !instAuthLibDLL )
57 unsigned int prevMode = SetErrorMode( SEM_NOOPENFILEERRORBOX ); // don't whine at user if you can't find it
58 instAuthLibDLL = LoadLibrary("AuthLib.DLL");
59 SetErrorMode( prevMode );
61 if ( instAuthLibDLL < HINSTANCE_ERROR ) // can't find authlib
63 ld->ld_errno = LDAP_AUTH_UNKNOWN;
67 fp_openAuthMan = (pfn_openAuthMan)GetProcAddress( instAuthLibDLL, "openAuthMan" );
68 fp_getV4Ticket = (pfn_getV4Ticket)GetProcAddress( instAuthLibDLL, "getV4Ticket" );
69 fp_closeAuthMan = (pfn_closeAuthMan)GetProcAddress( instAuthLibDLL, "closeAuthMan" );
71 // verify that we found all the routines we need
72 if (!(fp_closeAuthMan && fp_getV4Ticket && fp_openAuthMan))
74 FreeLibrary( instAuthLibDLL ); // free authlib.dll so it gets unloaded
75 instAuthLibDLL = NULL;
76 ld->ld_errno = LDAP_AUTH_UNKNOWN;
83 * make sure RJC's Authentication Manager version isn't > 4.0
85 if ( authman_refnum == 0 && (( err = (fp_openAuthMan)( &authman_refnum, &version )) != AUTH_NO_ERROR || AUTH_VERSION_CODE > version )) {
86 ld->ld_errno = LDAP_AUTH_UNKNOWN;
87 if ( AUTH_VERSION_CODE > version )
89 ld->ld_errno = LDAP_INAPPROPRIATE_AUTH; // version too old
91 (fp_closeAuthMan)( authman_refnum );
92 authman_refnum = NULL;
93 FreeLibrary( instAuthLibDLL ); // free authlib.dll so it gets unloaded
94 instAuthLibDLL = NULL;
98 if (( err = (fp_getV4Ticket)( authman_refnum, ticketStorage, pTicketLen, pName, pInstance,
99 NULL, INFINITE_LIFETIME, 1 )) != AUTH_NO_ERROR ) {
101 ld->ld_errno = AUTH_USER_CANCELED == err ? LDAP_USER_CANCELLED : LDAP_INVALID_CREDENTIALS;
102 (fp_closeAuthMan)( authman_refnum );
103 authman_refnum = NULL;
104 FreeLibrary( instAuthLibDLL ); // free authlib.dll so it gets unloaded
105 instAuthLibDLL = NULL;
110 (fp_closeAuthMan)( authman_refnum ); // open pukes if you call twice with no close in between
111 authman_refnum = NULL;
112 FreeLibrary( instAuthLibDLL ); // free authlib.dll so it gets unloaded
113 instAuthLibDLL = NULL;
114 return( (char *)ticket );
118 #endif /* KERBEROS */