Skip Menu |
 

Subject: Replacing Windows KRBV4W32.DLL with KRB4_32.DLL
Download (untitled) / with headers
text/plain 1.1KiB
For KfW 3.0, one of the goals is to replace KRBV4W32.DLL with
KRB4_32.DLL built from the Krb5 distribution. As part of the migration
strategy we will want to build a replacement KRBV4W32.DLL which forwards
most if not all calls to KRB4_32.DLL or KRB5_32.DLL.

Attached is a file "krb4-differences.txt" which enumerates the public
API of both KRBV4W32.DLL and KRB4_32.DLL. There are three categories:

* only in KRBV4W32.DLL

* only in KRB4_32.DLL

* in both

For the purposes of this migration we can ignore those functions which
exist solely in KRB4_32.DLL as they will remain untouched.

For those functions which exist in both of the DLLs we need to ensure
that the functionality of both functions is identical. If they are not
we need to decide how they should be merged or document what the
functional changes will be.

For those functions which exist solely in KRBV4W32.DLL we need to decide
how to handle them. Possible options are:

* remove the function entirely

* implement the function as a stub which does nothing

* add the missing functionality to KRB4_32.DLL

* export a previously unexported function from KRB4_32.DLL
KRBV4W32.DLL has but KRB4_32 does not
================================
afs_string_to_key (exported from KRB5_32)
* DES functions * (exported from KRB5_32)
DllMain (inits CCache and registers MITPasswordControl)
get_cred (Leash compat. krb_get_cred - remove)
get_krb_err_txt (remove)
get_krb_err_txt_entry (remove)
GetKRBDLLVersionFlags (remove)
gettimeofday (remove)
hGetTimeZone (remove - private)
hQKrbInst (remove - private)
initialize_kadm_error_table (remove)
initialize_krb_error_func (remove)
k_decomp_ticket (remove - private)
k_gethostname (remove - private)
k_isinst (remove - private)
k_isname (remove - private)
k_isrealm (remove - private)
kadm_change_your_password (remove - private for Leash compat)
krb_atime_to_life (add to KRB4_32?)
krb_check_serv (add to KRB4_32?)
krb_get_in_tkt (export from KRB4_32?)
krb_get_krbconf (add stub to KRB4_32?)
krb_get_krbconf2 (add stub to KRB4_32?)
krb_get_krbrealm (add stub to KRB4_32?)
krb_get_krbrealm2 (add stub to KRB4_32?)
krb_life_to_atime (add to KRB4_32?)
krb_life_to_time (export from KRB4_32?)
krb_net_read (add stub to KRB4_32?)
krb_net_write (add stub to KRB4_32?)
krb_sendauth (export from KRB4_32?)
krb_sendauth_udp (add to KRB4_32?)
krb_sendauth_udpchk (add to KRB4_32?)
krb_set_lifetime (export from KRB4_32?)
krb_set_tkt_string (export from KRB4_32?)
krb_time_to_life (export from KRB4_32?)
LocalHostAddr (remove)
* Leash compatibility functions * (remove)
set_krb_ap_req_debug (remove)
set_krb_debug (remove)
tf_close (export from KRB4_32?)
tf_get_cred (export from KRB4_32?)
tf_get_pinst (export from KRB4_32?)
tf_get_pname (export from KRB4_32?)
tf_init (export from KRB4_32?)
tkt_string (export from KRB4_32?)
unix_time_gmt_unixsec (export from KRB4_32?)

KRB4_32.DLL has but KRBV4W32 does not
================================
get_service_key
in_tkt
krb_check_auth
krb_get_default_user
krb_get_err_text
krb_get_krbhst
krb_get_ticket_for_service
krb_mk_auth
krb_mk_err
krb_rd_err
krb_recvauth
krb_set_default_user
put_svc_key
read_service_key

In both
================================
dest_tkt
kname_parse
krb_get_admhst
krb_get_cred
krb_get_lrealm
krb_get_phost
krb_get_pw_in_tkt
krb_get_pw_in_tkt_preauth
krb_get_svc_in_tkt
krb_get_tf_fullname
krb_get_tf_realm
krb_in_tkt
krb_mk_priv
krb_mk_req
krb_mk_safe
krb_rd_priv
krb_rd_req
krb_rd_safe
krb_realmofhost
krb_save_credentials
Download (untitled) / with headers
text/plain 1.8KiB
After discussions with the group and examination of the MacOS exports
from libkrb4, here is an updated summary of the question marks. The
following functions are exported by KfM but are not exported by
KRB4_32.DLL nor KRBV4W32.DLL on Windows. Should they be exported by
KRB4_32.DLL?

krb_change_password
decomp_ticket
krb_ad_tkt
krb_get_in_tkt_creds
krb_get_pw_in_tkt_creds
krb_pw_tkt
kname_unparse
kuserok
krb_rd_req_int
krb_get_num_cred
krb_get_nth_cred
krb_delete_cred
dest_all_tkts
krb_get_profile
FSp_krb_get_svc_in_tkt
FSp_put_svc_key
FSp_read_service_key

The following items are exported by KRBV4W32 and KfM but not by KRB4_32.
The names are not always a one to one match. These will be exported by
KRB4_32 using the KfM name when there is a difference:

get_krb_err_txt (kfw) / krb_err_txt (kfm)
k_decomp_ticket (kfw) / decomp_ticket (kfm)
k_gethostname
k_isinst
k_isname
k_isrealm
krb_get_in_tkt
krb_life_to_time
krb_sendauth
krb_set_lifetime
krb_set_tkt_string
krb_time_to_life
tkt_string

The following functions will not be exported from KRB4_32 even though
they are exported from KRBV4W32:

afs_string_to_key
all DES functions
get_cred
get_krb_err_tkt_entry
GetKRBDLLVersionFlags
gettimeofday
hGetTimeZone
hQKrbInst
initialize_kadm_error_table
initialize_krb_error_func
kadm_change_your_password
krb_net_read
krb_net_write
krb_sendauth_udp
krb_sendauth_udpchk
LocalHostAddr
set_krb_ap_req_debug
set_krb_debug
all Leash compatibility functions

The following list of functions are currently exported from KRBV4W32;
are not exported from KRB4_32; are not exported by KfM; and are
implemented in KRB4_32:

tf_close
tf_get_cred
tf_get_pinst
tf_get_pname
tf_inst
unix_time_gmt_unixsec

The following list of functions are currently exported from KRBV4W32 and
are not implemented in KRB4_32:

krb_atime_to_life
krb_check_serv
krb_life_to_atime
krb_get_krbconf
krb_get_krbconf2
krb_get_krbrealm
krb_get_krbrealm2
Date: Tue, 23 Sep 2003 16:05:16 -0400
From: Jeffrey Altman <jaltman@columbia.edu>
To: rt-comment@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #1789] Replacing Windows KRBV4W32.DLL with KRB4_32.DLL
RT-Send-Cc:
I am down to less than a dozen functions to choose between whether or
not they are exported. Of these I believe that all of the implemented
functions should be exported and the krb_life_to_atime/krb_atime_to_life
functions should be implemented and exported.

The ticket file functions are implemented in KfW using CCAPIv2. I
believe compatible functionality can be added to KRB4_32.DLL. Perhaps
this functionality should only be exported for KfW and not on KfM.

Would there be any objections to exporting unix_time_gmt_unixsex,
krb_atime_to_life, krb_life_to_atime in KfM?

- Jeff


Show quoted text
>The following list of functions are currently exported from KRBV4W32;
>are not exported from KRB4_32; are not exported by KfM; and are
>implemented in KRB4_32:
>
>tf_close
>tf_get_cred
>tf_get_pinst
>tf_get_pname
>tf_inst
>unix_time_gmt_unixsec
>
>The following list of functions are currently exported from KRBV4W32 and
>are not implemented in KRB4_32:
>
>krb_atime_to_life
>krb_check_serv
>krb_life_to_atime
>krb_get_krbconf
>krb_get_krbconf2
>krb_get_krbrealm
>krb_get_krbrealm2
>
>
Download smime.p7s
application/x-pkcs7-signature 3.3KiB

Message body not shown because it is not plain text.

To: rt@krbdev.mit.edu
Cc:
Subject: Re: [krbdev.mit.edu #1789] Replacing Windows KRBV4W32.DLL with KRB4_32.DLL
From: Sam Hartman <hartmans@mit.edu>
Date: Wed, 24 Sep 2003 15:17:38 -0400
RT-Send-Cc:
Download (untitled) / with headers
text/plain 2.8KiB
Show quoted text
>>>>> "jaltman" == via RT <via> writes:

Show quoted text
jaltman> After discussions with the group and examination of the MacOS exports
jaltman> from libkrb4, here is an updated summary of the question marks. The
jaltman> following functions are exported by KfM but are not exported by
jaltman> KRB4_32.DLL nor KRBV4W32.DLL on Windows. Should they be exported by
jaltman> KRB4_32.DLL?

Show quoted text
jaltman> krb_change_password
yes

I'd prefer not to export these if we can help it.
Show quoted text
jaltman> decomp_ticket
jaltman> krb_ad_tkt

This seems fine.
Show quoted text
jaltman> krb_get_in_tkt_creds
jaltman> krb_get_pw_in_tkt_creds

Probably not these
Show quoted text
jaltman> krb_pw_tkt
jaltman> kname_unparse
jaltman> kuserok
jaltman> krb_rd_req_int
jaltman> krb_get_num_cred
jaltman> krb_get_nth_cred
jaltman> krb_delete_cred
jaltman> dest_all_tkts
jaltman> krb_get_profile
jaltman> FSp_krb_get_svc_in_tkt
jaltman> FSp_put_svc_key
jaltman> FSp_read_service_key

Show quoted text
jaltman> The following items are exported by KRBV4W32 and KfM but not by KRB4_32.
jaltman> The names are not always a one to one match. These will be exported by
jaltman> KRB4_32 using the KfM name when there is a difference:

Show quoted text
jaltman> get_krb_err_txt (kfw) / krb_err_txt (kfm)
jaltman> k_decomp_ticket (kfw) / decomp_ticket (kfm)

Why do people actually need decomp_tkt?

Show quoted text
jaltman> The following functions will not be exported from KRB4_32 even though
jaltman> they are exported from KRBV4W32:

Show quoted text
jaltman> afs_string_to_key
jaltman> all DES functions
jaltman> get_cred
jaltman> get_krb_err_tkt_entry
jaltman> GetKRBDLLVersionFlags
jaltman> gettimeofday
jaltman> hGetTimeZone
jaltman> hQKrbInst
jaltman> initialize_kadm_error_table
jaltman> initialize_krb_error_func
jaltman> kadm_change_your_password
jaltman> krb_net_read
jaltman> krb_net_write
jaltman> krb_sendauth_udp
jaltman> krb_sendauth_udpchk
jaltman> LocalHostAddr
jaltman> set_krb_ap_req_debug
jaltman> set_krb_debug
jaltman> all Leash compatibility functions

Show quoted text
jaltman> The following list of functions are currently exported from KRBV4W32;
jaltman> are not exported from KRB4_32; are not exported by KfM; and are
jaltman> implemented in KRB4_32:

Show quoted text
jaltman> tf_close
jaltman> tf_get_cred
jaltman> tf_get_pinst
jaltman> tf_get_pname
jaltman> tf_inst
These are tf functions; I think we are scheduled to discuss these when
you are in town.

Seems like these should only be in krbv432
Show quoted text
jaltman> unix_time_gmt_unixsec

Show quoted text
jaltman> The following list of functions are currently exported from KRBV4W32 and
jaltman> are not implemented in KRB4_32:

Show quoted text
jaltman> krb_atime_to_life
jaltman> krb_check_serv
jaltman> krb_life_to_atime
jaltman> krb_get_krbconf
jaltman> krb_get_krbconf2
jaltman> krb_get_krbrealm
jaltman> krb_get_krbrealm2
It was decided that since Kerberos v4 support is not going to be added
to 64-bit KFW and will soon be removed from KFW entirely, that doing
this work is no longer desirable.