diff options
| author | Volker Lendecke <vlendec@samba.org> | 2003-09-07 16:36:13 +0000 |
|---|---|---|
| committer | Volker Lendecke <vlendec@samba.org> | 2003-09-07 16:36:13 +0000 |
| commit | 1c38391c704756c31c1d8d7f84f9ac6ffcaeda34 (patch) | |
| tree | 441c2ae1a1649d71db20ef907c779f5c32a13e63 /source3/passdb | |
| parent | c4b69a9ca1e7881aa6d37056ed12d8ccd18b0a41 (diff) | |
| download | samba-1c38391c704756c31c1d8d7f84f9ac6ffcaeda34.tar.gz samba-1c38391c704756c31c1d8d7f84f9ac6ffcaeda34.tar.bz2 samba-1c38391c704756c31c1d8d7f84f9ac6ffcaeda34.zip | |
Nobody complained on the team-list, so commit it ...
This implements some kind of improved AFS support for Samba on Linux with
OpenAFS 1.2.10. ./configure --with-fake-kaserver assumes that you have
OpenAFS on your machine. To use this, you have to put the AFS server's KeyFile
into secrets.tdb with 'net afskey'. If this is done, on each tree connect
smbd creates a Kerberos V4 ticket suitable for use by the AFS client and
gives it to the kernel via the AFS syscall. This is meant to be very
light-weight, so I did not link in a whole lot of libraries to be more
platform-independent using the ka_SetToken function call.
Volker
(This used to be commit 5775690ee8e17d3e98355b5147e4aed47e8dc213)
Diffstat (limited to 'source3/passdb')
| -rw-r--r-- | source3/passdb/secrets.c | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c index 2c99631e13..8a146f0d68 100644 --- a/source3/passdb/secrets.c +++ b/source3/passdb/secrets.c @@ -738,3 +738,56 @@ BOOL must_use_pdc( const char *domain ) } +/******************************************************************************* + Store a complete AFS keyfile into secrets.tdb. +*******************************************************************************/ + +BOOL secrets_store_afs_keyfile(const char *cell, const struct afs_keyfile *keyfile) +{ + fstring key; + + if ((cell == NULL) || (keyfile == NULL)) + return False; + + if (ntohl(keyfile->nkeys) > SECRETS_AFS_MAXKEYS) + return False; + + slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_AFS_KEYFILE, cell); + return secrets_store(key, keyfile, sizeof(struct afs_keyfile)); +} + +/******************************************************************************* + Fetch the current (highest) AFS key from secrets.tdb +*******************************************************************************/ +BOOL secrets_fetch_afs_key(const char *cell, struct afs_key *result) +{ + fstring key; + struct afs_keyfile *keyfile; + size_t size; + uint32 i; + + slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_AFS_KEYFILE, cell); + + keyfile = (struct afs_keyfile *)secrets_fetch(key, &size); + + if (keyfile == NULL) + return False; + + if (size != sizeof(struct afs_keyfile)) { + SAFE_FREE(keyfile); + return False; + } + + i = ntohl(keyfile->nkeys); + + if (i > SECRETS_AFS_MAXKEYS) { + SAFE_FREE(keyfile); + return False; + } + + *result = keyfile->entry[i-1]; + + result->kvno = ntohl(result->kvno); + + return True; +} |