diff options
-rw-r--r-- | source3/lib/afs.c | 60 | ||||
-rw-r--r-- | source3/param/loadparm.c | 7 | ||||
-rw-r--r-- | source3/smbd/service.c | 4 | ||||
-rw-r--r-- | source3/utils/net.c | 6 |
4 files changed, 49 insertions, 28 deletions
diff --git a/source3/lib/afs.c b/source3/lib/afs.c index b96703e986..882442a79f 100644 --- a/source3/lib/afs.c +++ b/source3/lib/afs.c @@ -35,18 +35,6 @@ _syscall5(int, afs_syscall, int, subcall, char *, cmarg, int, follow); -char *afs_cell(void) -{ - static char *cell = NULL; - - if (cell == NULL) { - cell = strdup(lp_realm()); - strlower_m(cell); - } - - return cell; -} - struct ClearToken { uint32 AuthHandle; char HandShakeKey[8]; @@ -65,7 +53,8 @@ struct ClearToken { to avoid. */ -static BOOL afs_settoken(char *username, const struct ClearToken *ctok, +static BOOL afs_settoken(const char *username, const char *cell, + const struct ClearToken *ctok, char *v4tkt_data, int v4tkt_length) { int ret; @@ -94,13 +83,13 @@ static BOOL afs_settoken(char *username, const struct ClearToken *ctok, memcpy(p, &tmp, sizeof(uint32)); p += sizeof(uint32); - tmp = strlen(afs_cell()); + tmp = strlen(cell); if (tmp >= MAXKTCREALMLEN) { DEBUG(1, ("Realm too long\n")); return False; } - strncpy(p, afs_cell(), tmp); + strncpy(p, cell, tmp); p += tmp; *p = 0; p +=1; @@ -135,12 +124,14 @@ static BOOL afs_settoken(char *username, const struct ClearToken *ctok, For the comments "Alice" is the User to be auth'ed, and "Bob" is the AFS server. */ -BOOL afs_login(char *username) +BOOL afs_login(connection_struct *conn) { fstring ticket; char *p = ticket; uint32 len; struct afs_key key; + pstring afs_username; + char *cell; struct ClearToken ct; @@ -148,13 +139,28 @@ BOOL afs_login(char *username) des_key_schedule key_schedule; - DEBUG(10, ("Trying to log into AFS for user %s@%s\n", - username, afs_cell())); + pstrcpy(afs_username, lp_afs_username_map()); + standard_sub_conn(conn, afs_username, sizeof(afs_username)); + + cell = strchr(afs_username, '@'); + + if (cell == NULL) { + DEBUG(1, ("AFS username doesn't contain a @, " + "could not find cell\n")); + return False; + } + + *cell = '\0'; + cell += 1; + strlower_m(cell); + + DEBUG(10, ("Trying to log into AFS for user %s@%s\n", + afs_username, cell)); if (!secrets_init()) return False; - if (!secrets_fetch_afs_key(afs_cell(), &key)) { + if (!secrets_fetch_afs_key(cell, &key)) { DEBUG(5, ("Could not fetch AFS service key\n")); return False; } @@ -172,14 +178,20 @@ BOOL afs_login(char *username) p += 1; /* "Alice", the client username */ - strncpy(p, username, sizeof(ticket)-PTR_DIFF(p,ticket)-1); + strncpy(p, afs_username, sizeof(ticket)-PTR_DIFF(p,ticket)-1); p += strlen(p)+1; strncpy(p, "", sizeof(ticket)-PTR_DIFF(p,ticket)-1); p += strlen(p)+1; - strncpy(p, afs_cell(), sizeof(ticket)-PTR_DIFF(p,ticket)-1); + strncpy(p, cell, sizeof(ticket)-PTR_DIFF(p,ticket)-1); p += strlen(p)+1; - ct.ViceId = getuid(); + /* As long as we still only use the effective UID we need to set the + * token for it here as well. This involves patching AFS in two + * places. Once we start using the real uid where we have the + * setresuid function, we can use getuid() here which would be more + * correct. */ + + ct.ViceId = geteuid(); DEBUG(10, ("Creating Token for uid %d\n", ct.ViceId)); /* Alice's network layer address. At least Openafs-1.2.10 @@ -235,12 +247,12 @@ BOOL afs_login(char *username) ZERO_STRUCT(key); - return afs_settoken(username, &ct, ticket, len); + return afs_settoken(afs_username, cell, &ct, ticket, len); } #else -BOOL afs_login(char *username) +BOOL afs_login(connection_struct *conn) { return True; } diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index b370b6b049..a334590e51 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -126,6 +126,7 @@ typedef struct char *szPasswordServer; char *szSocketOptions; char *szRealm; + char *szAfsUsernameMap; char *szUsernameMap; char *szLogonScript; char *szLogonPath; @@ -413,6 +414,7 @@ typedef struct BOOL bUseSendfile; BOOL bProfileAcls; BOOL bMap_acl_inherit; + BOOL bAfs_Share; param_opt_struct *param_opt; char dummy[3]; /* for alignment */ @@ -533,6 +535,7 @@ static service sDefault = { False, /* bUseSendfile */ False, /* bProfileAcls */ False, /* bMap_acl_inherit */ + False, /* bAfs_Share */ NULL, /* Parametric options */ @@ -761,6 +764,7 @@ static struct parm_struct parm_table[] = { {"workgroup", P_USTRING, P_GLOBAL, &Globals.szWorkgroup, handle_workgroup, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD}, #ifdef WITH_ADS {"realm", P_USTRING, P_GLOBAL, &Globals.szRealm, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD}, + {"afs username map", P_USTRING, P_GLOBAL, &Globals.szAfsUsernameMap, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD}, #endif {"netbios name", P_USTRING, P_GLOBAL, &Globals.szNetbiosName, handle_netbios_name, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD}, {"netbios aliases", P_LIST, P_GLOBAL, &Globals.szNetbiosAliases, handle_netbios_aliases, NULL, FLAG_ADVANCED}, @@ -890,6 +894,7 @@ static struct parm_struct parm_table[] = { {"announce version", P_STRING, P_GLOBAL, &Globals.szAnnounceVersion, NULL, NULL, FLAG_ADVANCED}, {"announce as", P_ENUM, P_GLOBAL, &Globals.announce_as, NULL, enum_announce_as, FLAG_ADVANCED}, {"map acl inherit", P_BOOL, P_LOCAL, &sDefault.bMap_acl_inherit, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL}, + {"afs share", P_BOOL, P_LOCAL, &sDefault.bAfs_Share, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL}, {"max mux", P_INTEGER, P_GLOBAL, &Globals.max_mux, NULL, NULL, FLAG_ADVANCED}, {"max xmit", P_INTEGER, P_GLOBAL, &Globals.max_xmit, NULL, NULL, FLAG_ADVANCED}, @@ -1634,6 +1639,7 @@ FN_GLOBAL_STRING(lp_passwd_chat, &Globals.szPasswdChat) FN_GLOBAL_STRING(lp_passwordserver, &Globals.szPasswordServer) FN_GLOBAL_STRING(lp_name_resolve_order, &Globals.szNameResolveOrder) FN_GLOBAL_STRING(lp_realm, &Globals.szRealm) +FN_GLOBAL_STRING(lp_afs_username_map, &Globals.szAfsUsernameMap) FN_GLOBAL_STRING(lp_username_map, &Globals.szUsernameMap) FN_GLOBAL_CONST_STRING(lp_logon_script, &Globals.szLogonScript) FN_GLOBAL_CONST_STRING(lp_logon_path, &Globals.szLogonPath) @@ -1871,6 +1877,7 @@ FN_LOCAL_BOOL(lp_nt_acl_support, bNTAclSupport) FN_LOCAL_BOOL(_lp_use_sendfile, bUseSendfile) FN_LOCAL_BOOL(lp_profile_acls, bProfileAcls) FN_LOCAL_BOOL(lp_map_acl_inherit, bMap_acl_inherit) +FN_LOCAL_BOOL(lp_afs_share, bAfs_Share) FN_LOCAL_INTEGER(lp_create_mask, iCreate_mask) FN_LOCAL_INTEGER(lp_force_create_mode, iCreate_force_mode) FN_LOCAL_INTEGER(lp_security_mask, iSecurity_mask) diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 70126b9e7f..44d73b2ab2 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -644,7 +644,9 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, } #ifdef WITH_FAKE_KASERVER - afs_login(user); + if (lp_afs_share(SNUM(conn))) { + afs_login(conn); + } #endif #if CHECK_PATH_ON_TCONX diff --git a/source3/utils/net.c b/source3/utils/net.c index e5c078da29..42966b4f83 100644 --- a/source3/utils/net.c +++ b/source3/utils/net.c @@ -476,8 +476,8 @@ static int net_afskey(int argc, const char **argv) int fd; struct afs_keyfile keyfile; - if (argc != 1) { - d_printf("usage: 'net afskey <keyfile>'\n"); + if (argc != 2) { + d_printf("usage: 'net afskey <keyfile> cell'\n"); return -1; } @@ -496,7 +496,7 @@ static int net_afskey(int argc, const char **argv) return -1; } - if (!secrets_store_afs_keyfile(afs_cell(), &keyfile)) { + if (!secrets_store_afs_keyfile(argv[1], &keyfile)) { d_printf("Could not write keyfile to secrets.tdb\n"); return -1; } |