#define NO_ASN1_TYPEDEFS 1
+#include <afs/param.h>
#include <afs/stds.h>
#include <afs/afs.h>
#include <afs/auth.h>
const struct ClearToken *ct)
{
char *base64_ticket;
- char *result;
+ char *result = NULL;
DATA_BLOB key = data_blob(ct->HandShakeKey, 8);
char *base64_key;
+ TALLOC_CTX *mem_ctx;
+
+ mem_ctx = talloc_stackframe();
+ if (mem_ctx == NULL)
+ goto done;
- base64_ticket = base64_encode_data_blob(ticket);
+ base64_ticket = base64_encode_data_blob(mem_ctx, ticket);
if (base64_ticket == NULL)
- return NULL;
+ goto done;
- base64_key = base64_encode_data_blob(key);
- if (base64_key == NULL) {
- free(base64_ticket);
- return NULL;
- }
+ base64_key = base64_encode_data_blob(mem_ctx, key);
+ if (base64_key == NULL)
+ goto done;
asprintf(&result, "%s\n%u\n%s\n%u\n%u\n%u\n%s\n", cell,
ct->AuthHandle, base64_key, ct->ViceId, ct->BeginTimestamp,
DEBUG(10, ("Got ticket string:\n%s\n", result));
- free(base64_ticket);
- free(base64_key);
+done:
+ TALLOC_FREE(mem_ctx);
return result;
}
bool afs_login(connection_struct *conn)
{
- extern userdom_struct current_user_info;
- extern struct current_user current_user;
DATA_BLOB ticket;
- pstring afs_username;
- char *cell;
+ char *afs_username = NULL;
+ char *cell = NULL;
bool result;
- char *ticket_str;
- const DOM_SID *user_sid;
+ char *ticket_str = NULL;
+ const struct dom_sid *user_sid;
+ TALLOC_CTX *ctx = talloc_tos();
struct ClearToken ct;
- pstrcpy(afs_username, lp_afs_username_map());
- standard_sub_advanced(SNUM(conn), conn->user,
- conn->connectpath, conn->gid,
- get_current_username(),
- current_user_info.domain,
- afs_username, sizeof(afs_username));
+ afs_username = talloc_strdup(ctx,
+ lp_afs_username_map());
+ if (!afs_username) {
+ return false;
+ }
- user_sid = ¤t_user.nt_user_token->user_sids[0];
- pstring_sub(afs_username, "%s", sid_string_static(user_sid));
+ afs_username = talloc_sub_advanced(ctx,
+ SNUM(conn), conn->session_info->unix_name,
+ conn->connectpath, conn->session_info->utok.gid,
+ conn->session_info->sanitized_username,
+ pdb_get_domain(conn->session_info->sam_account),
+ afs_username);
+ if (!afs_username) {
+ return false;
+ }
+
+ user_sid = &conn->session_info->security_token->user_sids[0];
+ afs_username = talloc_string_sub(talloc_tos(),
+ afs_username,
+ "%s",
+ sid_string_tos(user_sid));
+ if (!afs_username) {
+ return false;
+ }
/* The pts command always generates completely lower-case user
* names. */
if (cell == NULL) {
DEBUG(1, ("AFS username doesn't contain a @, "
"could not find cell\n"));
- return False;
+ return false;
}
*cell = '\0';
cell += 1;
- DEBUG(10, ("Trying to log into AFS for user %s@%s\n",
+ DEBUG(10, ("Trying to log into AFS for user %s@%s\n",
afs_username, cell));
if (!afs_createtoken(afs_username, cell, &ticket, &ct))
char *afs_createtoken_str(const char *username, const char *cell)
{
- return False;
+ return NULL;
}
#endif /* WITH_FAKE_KASERVER */