summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/lib/afs.c60
-rw-r--r--source3/param/loadparm.c7
-rw-r--r--source3/smbd/service.c4
-rw-r--r--source3/utils/net.c6
4 files changed, 49 insertions, 28 deletions
diff --git a/source3/lib/afs.c b/source3/lib/afs.c
index b96703e986..882442a79f 100644
--- a/source3/lib/afs.c
+++ b/source3/lib/afs.c
@@ -35,18 +35,6 @@ _syscall5(int, afs_syscall, int, subcall,
char *, cmarg,
int, follow);
-char *afs_cell(void)
-{
- static char *cell = NULL;
-
- if (cell == NULL) {
- cell = strdup(lp_realm());
- strlower_m(cell);
- }
-
- return cell;
-}
-
struct ClearToken {
uint32 AuthHandle;
char HandShakeKey[8];
@@ -65,7 +53,8 @@ struct ClearToken {
to avoid.
*/
-static BOOL afs_settoken(char *username, const struct ClearToken *ctok,
+static BOOL afs_settoken(const char *username, const char *cell,
+ const struct ClearToken *ctok,
char *v4tkt_data, int v4tkt_length)
{
int ret;
@@ -94,13 +83,13 @@ static BOOL afs_settoken(char *username, const struct ClearToken *ctok,
memcpy(p, &tmp, sizeof(uint32));
p += sizeof(uint32);
- tmp = strlen(afs_cell());
+ tmp = strlen(cell);
if (tmp >= MAXKTCREALMLEN) {
DEBUG(1, ("Realm too long\n"));
return False;
}
- strncpy(p, afs_cell(), tmp);
+ strncpy(p, cell, tmp);
p += tmp;
*p = 0;
p +=1;
@@ -135,12 +124,14 @@ static BOOL afs_settoken(char *username, const struct ClearToken *ctok,
For the comments "Alice" is the User to be auth'ed, and "Bob" is the
AFS server. */
-BOOL afs_login(char *username)
+BOOL afs_login(connection_struct *conn)
{
fstring ticket;
char *p = ticket;
uint32 len;
struct afs_key key;
+ pstring afs_username;
+ char *cell;
struct ClearToken ct;
@@ -148,13 +139,28 @@ BOOL afs_login(char *username)
des_key_schedule key_schedule;
- DEBUG(10, ("Trying to log into AFS for user %s@%s\n",
- username, afs_cell()));
+ pstrcpy(afs_username, lp_afs_username_map());
+ standard_sub_conn(conn, afs_username, sizeof(afs_username));
+
+ cell = strchr(afs_username, '@');
+
+ if (cell == NULL) {
+ DEBUG(1, ("AFS username doesn't contain a @, "
+ "could not find cell\n"));
+ return False;
+ }
+
+ *cell = '\0';
+ cell += 1;
+ strlower_m(cell);
+
+ DEBUG(10, ("Trying to log into AFS for user %s@%s\n",
+ afs_username, cell));
if (!secrets_init())
return False;
- if (!secrets_fetch_afs_key(afs_cell(), &key)) {
+ if (!secrets_fetch_afs_key(cell, &key)) {
DEBUG(5, ("Could not fetch AFS service key\n"));
return False;
}
@@ -172,14 +178,20 @@ BOOL afs_login(char *username)
p += 1;
/* "Alice", the client username */
- strncpy(p, username, sizeof(ticket)-PTR_DIFF(p,ticket)-1);
+ strncpy(p, afs_username, sizeof(ticket)-PTR_DIFF(p,ticket)-1);
p += strlen(p)+1;
strncpy(p, "", sizeof(ticket)-PTR_DIFF(p,ticket)-1);
p += strlen(p)+1;
- strncpy(p, afs_cell(), sizeof(ticket)-PTR_DIFF(p,ticket)-1);
+ strncpy(p, cell, sizeof(ticket)-PTR_DIFF(p,ticket)-1);
p += strlen(p)+1;
- ct.ViceId = getuid();
+ /* As long as we still only use the effective UID we need to set the
+ * token for it here as well. This involves patching AFS in two
+ * places. Once we start using the real uid where we have the
+ * setresuid function, we can use getuid() here which would be more
+ * correct. */
+
+ ct.ViceId = geteuid();
DEBUG(10, ("Creating Token for uid %d\n", ct.ViceId));
/* Alice's network layer address. At least Openafs-1.2.10
@@ -235,12 +247,12 @@ BOOL afs_login(char *username)
ZERO_STRUCT(key);
- return afs_settoken(username, &ct, ticket, len);
+ return afs_settoken(afs_username, cell, &ct, ticket, len);
}
#else
-BOOL afs_login(char *username)
+BOOL afs_login(connection_struct *conn)
{
return True;
}
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index b370b6b049..a334590e51 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -126,6 +126,7 @@ typedef struct
char *szPasswordServer;
char *szSocketOptions;
char *szRealm;
+ char *szAfsUsernameMap;
char *szUsernameMap;
char *szLogonScript;
char *szLogonPath;
@@ -413,6 +414,7 @@ typedef struct
BOOL bUseSendfile;
BOOL bProfileAcls;
BOOL bMap_acl_inherit;
+ BOOL bAfs_Share;
param_opt_struct *param_opt;
char dummy[3]; /* for alignment */
@@ -533,6 +535,7 @@ static service sDefault = {
False, /* bUseSendfile */
False, /* bProfileAcls */
False, /* bMap_acl_inherit */
+ False, /* bAfs_Share */
NULL, /* Parametric options */
@@ -761,6 +764,7 @@ static struct parm_struct parm_table[] = {
{"workgroup", P_USTRING, P_GLOBAL, &Globals.szWorkgroup, handle_workgroup, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD},
#ifdef WITH_ADS
{"realm", P_USTRING, P_GLOBAL, &Globals.szRealm, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD},
+ {"afs username map", P_USTRING, P_GLOBAL, &Globals.szAfsUsernameMap, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD},
#endif
{"netbios name", P_USTRING, P_GLOBAL, &Globals.szNetbiosName, handle_netbios_name, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD},
{"netbios aliases", P_LIST, P_GLOBAL, &Globals.szNetbiosAliases, handle_netbios_aliases, NULL, FLAG_ADVANCED},
@@ -890,6 +894,7 @@ static struct parm_struct parm_table[] = {
{"announce version", P_STRING, P_GLOBAL, &Globals.szAnnounceVersion, NULL, NULL, FLAG_ADVANCED},
{"announce as", P_ENUM, P_GLOBAL, &Globals.announce_as, NULL, enum_announce_as, FLAG_ADVANCED},
{"map acl inherit", P_BOOL, P_LOCAL, &sDefault.bMap_acl_inherit, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL},
+ {"afs share", P_BOOL, P_LOCAL, &sDefault.bAfs_Share, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL},
{"max mux", P_INTEGER, P_GLOBAL, &Globals.max_mux, NULL, NULL, FLAG_ADVANCED},
{"max xmit", P_INTEGER, P_GLOBAL, &Globals.max_xmit, NULL, NULL, FLAG_ADVANCED},
@@ -1634,6 +1639,7 @@ FN_GLOBAL_STRING(lp_passwd_chat, &Globals.szPasswdChat)
FN_GLOBAL_STRING(lp_passwordserver, &Globals.szPasswordServer)
FN_GLOBAL_STRING(lp_name_resolve_order, &Globals.szNameResolveOrder)
FN_GLOBAL_STRING(lp_realm, &Globals.szRealm)
+FN_GLOBAL_STRING(lp_afs_username_map, &Globals.szAfsUsernameMap)
FN_GLOBAL_STRING(lp_username_map, &Globals.szUsernameMap)
FN_GLOBAL_CONST_STRING(lp_logon_script, &Globals.szLogonScript)
FN_GLOBAL_CONST_STRING(lp_logon_path, &Globals.szLogonPath)
@@ -1871,6 +1877,7 @@ FN_LOCAL_BOOL(lp_nt_acl_support, bNTAclSupport)
FN_LOCAL_BOOL(_lp_use_sendfile, bUseSendfile)
FN_LOCAL_BOOL(lp_profile_acls, bProfileAcls)
FN_LOCAL_BOOL(lp_map_acl_inherit, bMap_acl_inherit)
+FN_LOCAL_BOOL(lp_afs_share, bAfs_Share)
FN_LOCAL_INTEGER(lp_create_mask, iCreate_mask)
FN_LOCAL_INTEGER(lp_force_create_mode, iCreate_force_mode)
FN_LOCAL_INTEGER(lp_security_mask, iSecurity_mask)
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index 70126b9e7f..44d73b2ab2 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -644,7 +644,9 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser,
}
#ifdef WITH_FAKE_KASERVER
- afs_login(user);
+ if (lp_afs_share(SNUM(conn))) {
+ afs_login(conn);
+ }
#endif
#if CHECK_PATH_ON_TCONX
diff --git a/source3/utils/net.c b/source3/utils/net.c
index e5c078da29..42966b4f83 100644
--- a/source3/utils/net.c
+++ b/source3/utils/net.c
@@ -476,8 +476,8 @@ static int net_afskey(int argc, const char **argv)
int fd;
struct afs_keyfile keyfile;
- if (argc != 1) {
- d_printf("usage: 'net afskey <keyfile>'\n");
+ if (argc != 2) {
+ d_printf("usage: 'net afskey <keyfile> cell'\n");
return -1;
}
@@ -496,7 +496,7 @@ static int net_afskey(int argc, const char **argv)
return -1;
}
- if (!secrets_store_afs_keyfile(afs_cell(), &keyfile)) {
+ if (!secrets_store_afs_keyfile(argv[1], &keyfile)) {
d_printf("Could not write keyfile to secrets.tdb\n");
return -1;
}