This restructures lib/afs.c so that the token data can be but into a

stream. This is to implement wbinfo -k that asks winbind for authentication
which then creates the AFS token for the authenticated user.

Volker
(This used to be commit 2df6750a079820826013360fb9e47f90bc8223a5)

1 files changed, 35 insertions, 0 deletions

diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c
index 37b2a9f21b..1d232edfe3 100644
--- a/source3/nsswitch/winbindd_pam.c
+++ b/source3/nsswitch/winbindd_pam.c
@@ -211,6 +211,41 @@ done:
 	      state->response.data.auth.nt_status_string,
 	      state->response.data.auth.pam_error));	      
 
+	if ( NT_STATUS_IS_OK(result) &&
+	     (state->request.flags & WBFLAG_PAM_AFS_TOKEN) ) {
+
+		char *afsname = strdup(lp_afs_username_map());
+		char *cell;
+
+		if (afsname == NULL) goto no_token;
+
+		afsname = realloc_string_sub(afsname, "%D", name_domain);
+		afsname = realloc_string_sub(afsname, "%u", name_user);
+		afsname = realloc_string_sub(afsname, "%U", name_user);
+
+		if (afsname == NULL) goto no_token;
+
+		strlower_m(afsname);
+
+		cell = strchr(afsname, '@');
+
+		if (cell == NULL) goto no_token;
+
+		*cell = '\0';
+		cell += 1;
+
+		/* Append an AFS token string */
+		state->response.extra_data =
+			afs_createtoken_str(afsname, cell);
+
+		if (state->response.extra_data != NULL)
+			state->response.length +=
+				strlen(state->response.extra_data)+1;
+
+	no_token:
+		SAFE_FREE(afsname);
+	}
+		
 	if (mem_ctx) 
 		talloc_destroy(mem_ctx);