From 68938182ff7ced3dd7fee30f9e7f090da2b53238 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 2 May 2004 12:13:16 +0000 Subject: r449: Two AFS-related things: Split off the non-crypto related parts of lib/afs.c into lib/afs_settoken.c. This makes wbinfo link without -lcrypto. Commit vfs_afsacl.c, display & set AFS acls via the NT security editor. Volker (This used to be commit 43870a3fc1073cf7d60f1becae5c2ff98ab49439) --- source3/lib/afs_settoken.c | 233 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 233 insertions(+) create mode 100644 source3/lib/afs_settoken.c (limited to 'source3/lib/afs_settoken.c') diff --git a/source3/lib/afs_settoken.c b/source3/lib/afs_settoken.c new file mode 100644 index 0000000000..eb10c4c66d --- /dev/null +++ b/source3/lib/afs_settoken.c @@ -0,0 +1,233 @@ +/* + * Unix SMB/CIFS implementation. + * Generate AFS tickets + * Copyright (C) Volker Lendecke 2004 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "includes.h" + +#ifdef WITH_FAKE_KASERVER + +#include +#include +#include +#include +#include +#include + +_syscall5(int, afs_syscall, int, subcall, + char *, path, + int, cmd, + char *, cmarg, + int, follow); + +struct ClearToken { + uint32 AuthHandle; + char HandShakeKey[8]; + uint32 ViceId; + uint32 BeginTimestamp; + uint32 EndTimestamp; +}; + +static BOOL afs_decode_token(const char *string, char **cell, + DATA_BLOB *ticket, struct ClearToken *ct) +{ + DATA_BLOB blob; + struct ClearToken result_ct; + + char *s = strdup(string); + + char *t; + + if ((t = strtok(s, "\n")) == NULL) { + DEBUG(10, ("strtok failed\n")); + return False; + } + + *cell = strdup(t); + + if ((t = strtok(NULL, "\n")) == NULL) { + DEBUG(10, ("strtok failed\n")); + return False; + } + + if (sscanf(t, "%u", &result_ct.AuthHandle) != 1) { + DEBUG(10, ("sscanf AuthHandle failed\n")); + return False; + } + + if ((t = strtok(NULL, "\n")) == NULL) { + DEBUG(10, ("strtok failed\n")); + return False; + } + + blob = base64_decode_data_blob(t); + + if ( (blob.data == NULL) || + (blob.length != sizeof(result_ct.HandShakeKey) )) { + DEBUG(10, ("invalid key: %x/%d\n", (uint32)blob.data, + blob.length)); + return False; + } + + memcpy(result_ct.HandShakeKey, blob.data, blob.length); + + data_blob_free(&blob); + + if ((t = strtok(NULL, "\n")) == NULL) { + DEBUG(10, ("strtok failed\n")); + return False; + } + + if (sscanf(t, "%u", &result_ct.ViceId) != 1) { + DEBUG(10, ("sscanf ViceId failed\n")); + return False; + } + + if ((t = strtok(NULL, "\n")) == NULL) { + DEBUG(10, ("strtok failed\n")); + return False; + } + + if (sscanf(t, "%u", &result_ct.BeginTimestamp) != 1) { + DEBUG(10, ("sscanf BeginTimestamp failed\n")); + return False; + } + + if ((t = strtok(NULL, "\n")) == NULL) { + DEBUG(10, ("strtok failed\n")); + return False; + } + + if (sscanf(t, "%u", &result_ct.EndTimestamp) != 1) { + DEBUG(10, ("sscanf EndTimestamp failed\n")); + return False; + } + + if ((t = strtok(NULL, "\n")) == NULL) { + DEBUG(10, ("strtok failed\n")); + return False; + } + + blob = base64_decode_data_blob(t); + + if (blob.data == NULL) { + DEBUG(10, ("Could not get ticket\n")); + return False; + } + + *ticket = blob; + *ct = result_ct; + + return True; +} + +/* + Put an AFS token into the Kernel so that it can authenticate against + the AFS server. This assumes correct local uid settings. + + This is currently highly Linux and OpenAFS-specific. The correct API + call for this would be ktc_SetToken. But to do that we would have to + import a REALLY big bunch of libraries which I would currently like + to avoid. +*/ + +static BOOL afs_settoken(const char *cell, + const struct ClearToken *ctok, + DATA_BLOB ticket) +{ + int ret; + struct { + char *in, *out; + uint16 in_size, out_size; + } iob; + + char buf[1024]; + char *p = buf; + int tmp; + + memcpy(p, &ticket.length, sizeof(uint32)); + p += sizeof(uint32); + memcpy(p, ticket.data, ticket.length); + p += ticket.length; + + tmp = sizeof(struct ClearToken); + memcpy(p, &tmp, sizeof(uint32)); + p += sizeof(uint32); + memcpy(p, ctok, tmp); + p += tmp; + + tmp = 0; + + memcpy(p, &tmp, sizeof(uint32)); + p += sizeof(uint32); + + tmp = strlen(cell); + if (tmp >= MAXKTCREALMLEN) { + DEBUG(1, ("Realm too long\n")); + return False; + } + + strncpy(p, cell, tmp); + p += tmp; + *p = 0; + p +=1; + + iob.in = buf; + iob.in_size = PTR_DIFF(p,buf); + iob.out = buf; + iob.out_size = sizeof(buf); + +#if 0 + file_save("/tmp/ioctlbuf", iob.in, iob.in_size); +#endif + + ret = afs_syscall(AFSCALL_PIOCTL, 0, VIOCSETTOK, (char *)&iob, 0); + + DEBUG(10, ("afs VIOCSETTOK returned %d\n", ret)); + return (ret == 0); +} + +BOOL afs_settoken_str(const char *token_string) +{ + DATA_BLOB ticket; + struct ClearToken ct; + BOOL result; + char *cell; + + if (!afs_decode_token(token_string, &cell, &ticket, &ct)) + return False; + + if (geteuid() != 0) + ct.ViceId = getuid(); + + result = afs_settoken(cell, &ct, ticket); + + SAFE_FREE(cell); + data_blob_free(&ticket); + + return result; +} + +#else + +BOOL afs_settoken_str(const char *token_string) +{ + return False; +} + +#endif -- cgit From 53babbb519759e415671278d44bddf13ef46334c Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 10 Jun 2004 17:13:30 +0000 Subject: r1106: Lars Mueller asked me to apply this patch, as this is needed for their build environment. The AFS stuff is linux 2.4 only currently, it works for me on this platform, so apply it. Volker (This used to be commit 69e8c65f1f0cb0c5237bb3b2560cd6f936503eb7) --- source3/lib/afs_settoken.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'source3/lib/afs_settoken.c') diff --git a/source3/lib/afs_settoken.c b/source3/lib/afs_settoken.c index eb10c4c66d..5c646c72e4 100644 --- a/source3/lib/afs_settoken.c +++ b/source3/lib/afs_settoken.c @@ -28,12 +28,16 @@ #include #include #include +#include -_syscall5(int, afs_syscall, int, subcall, - char *, path, - int, cmd, - char *, cmarg, - int, follow); +int afs_syscall( int subcall, + char * path, + int cmd, + char * cmarg, + int follow) +{ + return( syscall( SYS_afs_syscall, subcall, path, cmd, cmarg, follow)); +} struct ClearToken { uint32 AuthHandle; -- cgit From b46913fb95d59f3ec8e7e71da758cd16cda05f2c Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 20 Dec 2004 21:14:28 +0000 Subject: r4291: More *alloc fixes inspired by Albert Chin (china@thewrittenword.com). Jeremy (This used to be commit efc1b688cf9b1a17f1a6bf46d481280ed8bd0c46) --- source3/lib/afs_settoken.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/lib/afs_settoken.c') diff --git a/source3/lib/afs_settoken.c b/source3/lib/afs_settoken.c index 5c646c72e4..2e74328d5d 100644 --- a/source3/lib/afs_settoken.c +++ b/source3/lib/afs_settoken.c @@ -53,7 +53,7 @@ static BOOL afs_decode_token(const char *string, char **cell, DATA_BLOB blob; struct ClearToken result_ct; - char *s = strdup(string); + char *s = SMB_STRDUP(string); char *t; @@ -62,7 +62,7 @@ static BOOL afs_decode_token(const char *string, char **cell, return False; } - *cell = strdup(t); + *cell = SMB_STRDUP(t); if ((t = strtok(NULL, "\n")) == NULL) { DEBUG(10, ("strtok failed\n")); -- cgit From e2b4d0ad75001131f26e7f847b7e0d9959de2e98 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 13 Oct 2005 22:11:18 +0000 Subject: r10976: Fix the build with openssl-0.9.8a. Guenther (This used to be commit 081409a724fce1f6e6f29bfcc824fd3f5ec6d9ff) --- source3/lib/afs_settoken.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/lib/afs_settoken.c') diff --git a/source3/lib/afs_settoken.c b/source3/lib/afs_settoken.c index 2e74328d5d..46802e78cb 100644 --- a/source3/lib/afs_settoken.c +++ b/source3/lib/afs_settoken.c @@ -22,6 +22,8 @@ #ifdef WITH_FAKE_KASERVER +#define NO_ASN1_TYPEDEFS 1 + #include #include #include -- cgit From d824b98f80ba186030cbb70b3a1e5daf80469ecd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Jul 2007 19:25:36 +0000 Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) --- source3/lib/afs_settoken.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/lib/afs_settoken.c') diff --git a/source3/lib/afs_settoken.c b/source3/lib/afs_settoken.c index 46802e78cb..8f0490c512 100644 --- a/source3/lib/afs_settoken.c +++ b/source3/lib/afs_settoken.c @@ -5,7 +5,7 @@ * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, -- cgit From 153cfb9c83534b09f15cc16205d7adb19b394928 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 05:23:25 +0000 Subject: r23801: The FSF has moved around a lot. This fixes their Mass Ave address. (This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227) --- source3/lib/afs_settoken.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/lib/afs_settoken.c') diff --git a/source3/lib/afs_settoken.c b/source3/lib/afs_settoken.c index 8f0490c512..70768a6c9a 100644 --- a/source3/lib/afs_settoken.c +++ b/source3/lib/afs_settoken.c @@ -14,8 +14,7 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * along with this program; if not, see . */ #include "includes.h" -- cgit From 30191d1a5704ad2b158386b511558972d539ce47 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 18 Oct 2007 17:40:25 -0700 Subject: RIP BOOL. Convert BOOL -> bool. I found a few interesting bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f) --- source3/lib/afs_settoken.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/lib/afs_settoken.c') diff --git a/source3/lib/afs_settoken.c b/source3/lib/afs_settoken.c index 70768a6c9a..aeef1c3520 100644 --- a/source3/lib/afs_settoken.c +++ b/source3/lib/afs_settoken.c @@ -48,7 +48,7 @@ struct ClearToken { uint32 EndTimestamp; }; -static BOOL afs_decode_token(const char *string, char **cell, +static bool afs_decode_token(const char *string, char **cell, DATA_BLOB *ticket, struct ClearToken *ct) { DATA_BLOB blob; @@ -151,7 +151,7 @@ static BOOL afs_decode_token(const char *string, char **cell, to avoid. */ -static BOOL afs_settoken(const char *cell, +static bool afs_settoken(const char *cell, const struct ClearToken *ctok, DATA_BLOB ticket) { @@ -207,11 +207,11 @@ static BOOL afs_settoken(const char *cell, return (ret == 0); } -BOOL afs_settoken_str(const char *token_string) +bool afs_settoken_str(const char *token_string) { DATA_BLOB ticket; struct ClearToken ct; - BOOL result; + bool result; char *cell; if (!afs_decode_token(token_string, &cell, &ticket, &ct)) @@ -230,7 +230,7 @@ BOOL afs_settoken_str(const char *token_string) #else -BOOL afs_settoken_str(const char *token_string) +bool afs_settoken_str(const char *token_string) { return False; } -- cgit From 587cf54c61c9f1f7bcae431a82035fd942716c32 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 23 Jan 2008 11:04:10 +0100 Subject: strtok -> strtok_r (This used to be commit fd34ce437057bb34cdc37f4b066e424000d36789) --- source3/lib/afs_settoken.c | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) (limited to 'source3/lib/afs_settoken.c') diff --git a/source3/lib/afs_settoken.c b/source3/lib/afs_settoken.c index aeef1c3520..444f09efca 100644 --- a/source3/lib/afs_settoken.c +++ b/source3/lib/afs_settoken.c @@ -53,20 +53,21 @@ static bool afs_decode_token(const char *string, char **cell, { DATA_BLOB blob; struct ClearToken result_ct; + char *saveptr; char *s = SMB_STRDUP(string); char *t; - if ((t = strtok(s, "\n")) == NULL) { - DEBUG(10, ("strtok failed\n")); + if ((t = strtok_r(s, "\n", &saveptr)) == NULL) { + DEBUG(10, ("strtok_r failed\n")); return False; } *cell = SMB_STRDUP(t); - if ((t = strtok(NULL, "\n")) == NULL) { - DEBUG(10, ("strtok failed\n")); + if ((t = strtok_r(NULL, "\n", &saveptr)) == NULL) { + DEBUG(10, ("strtok_r failed\n")); return False; } @@ -75,8 +76,8 @@ static bool afs_decode_token(const char *string, char **cell, return False; } - if ((t = strtok(NULL, "\n")) == NULL) { - DEBUG(10, ("strtok failed\n")); + if ((t = strtok_r(NULL, "\n", &saveptr)) == NULL) { + DEBUG(10, ("strtok_r failed\n")); return False; } @@ -93,8 +94,8 @@ static bool afs_decode_token(const char *string, char **cell, data_blob_free(&blob); - if ((t = strtok(NULL, "\n")) == NULL) { - DEBUG(10, ("strtok failed\n")); + if ((t = strtok_r(NULL, "\n", &saveptr)) == NULL) { + DEBUG(10, ("strtok_r failed\n")); return False; } @@ -103,8 +104,8 @@ static bool afs_decode_token(const char *string, char **cell, return False; } - if ((t = strtok(NULL, "\n")) == NULL) { - DEBUG(10, ("strtok failed\n")); + if ((t = strtok_r(NULL, "\n", &saveptr)) == NULL) { + DEBUG(10, ("strtok_r failed\n")); return False; } @@ -113,8 +114,8 @@ static bool afs_decode_token(const char *string, char **cell, return False; } - if ((t = strtok(NULL, "\n")) == NULL) { - DEBUG(10, ("strtok failed\n")); + if ((t = strtok_r(NULL, "\n", &saveptr)) == NULL) { + DEBUG(10, ("strtok_r failed\n")); return False; } @@ -123,8 +124,8 @@ static bool afs_decode_token(const char *string, char **cell, return False; } - if ((t = strtok(NULL, "\n")) == NULL) { - DEBUG(10, ("strtok failed\n")); + if ((t = strtok_r(NULL, "\n", &saveptr)) == NULL) { + DEBUG(10, ("strtok_r failed\n")); return False; } -- cgit