#ifdef WITH_FAKE_KASERVER
+#define NO_ASN1_TYPEDEFS 1
+
#include <afs/stds.h>
#include <afs/afs.h>
#include <afs/auth.h>
#include <asm/unistd.h>
#include <openssl/des.h>
-_syscall5(int, afs_syscall, int, subcall,
- char *, path,
- int, cmd,
- char *, cmarg,
- int, follow);
-
struct ClearToken {
uint32 AuthHandle;
char HandShakeKey[8];
return result;
}
-static BOOL afs_decode_token(const char *string, char **cell,
- DATA_BLOB *ticket, struct ClearToken *ct)
-{
- DATA_BLOB blob;
- struct ClearToken result_ct;
-
- char *s = strdup(string);
-
- char *t;
-
- if ((t = strtok(s, "\n")) == NULL) {
- DEBUG(10, ("strtok failed\n"));
- return False;
- }
-
- *cell = strdup(t);
-
- if ((t = strtok(NULL, "\n")) == NULL) {
- DEBUG(10, ("strtok failed\n"));
- return False;
- }
-
- if (sscanf(t, "%u", &result_ct.AuthHandle) != 1) {
- DEBUG(10, ("sscanf AuthHandle failed\n"));
- return False;
- }
-
- if ((t = strtok(NULL, "\n")) == NULL) {
- DEBUG(10, ("strtok failed\n"));
- return False;
- }
-
- blob = base64_decode_data_blob(t);
-
- if ( (blob.data == NULL) ||
- (blob.length != sizeof(result_ct.HandShakeKey) )) {
- DEBUG(10, ("invalid key: %x/%d\n", (uint32)blob.data,
- blob.length));
- return False;
- }
-
- memcpy(result_ct.HandShakeKey, blob.data, blob.length);
-
- data_blob_free(&blob);
-
- if ((t = strtok(NULL, "\n")) == NULL) {
- DEBUG(10, ("strtok failed\n"));
- return False;
- }
-
- if (sscanf(t, "%u", &result_ct.ViceId) != 1) {
- DEBUG(10, ("sscanf ViceId failed\n"));
- return False;
- }
-
- if ((t = strtok(NULL, "\n")) == NULL) {
- DEBUG(10, ("strtok failed\n"));
- return False;
- }
-
- if (sscanf(t, "%u", &result_ct.BeginTimestamp) != 1) {
- DEBUG(10, ("sscanf BeginTimestamp failed\n"));
- return False;
- }
-
- if ((t = strtok(NULL, "\n")) == NULL) {
- DEBUG(10, ("strtok failed\n"));
- return False;
- }
-
- if (sscanf(t, "%u", &result_ct.EndTimestamp) != 1) {
- DEBUG(10, ("sscanf EndTimestamp failed\n"));
- return False;
- }
-
- if ((t = strtok(NULL, "\n")) == NULL) {
- DEBUG(10, ("strtok failed\n"));
- return False;
- }
-
- blob = base64_decode_data_blob(t);
-
- if (blob.data == NULL) {
- DEBUG(10, ("Could not get ticket\n"));
- return False;
- }
-
- *ticket = blob;
- *ct = result_ct;
-
- return True;
-}
-
-/*
- Put an AFS token into the Kernel so that it can authenticate against
- the AFS server. This assumes correct local uid settings.
-
- This is currently highly Linux and OpenAFS-specific. The correct API
- call for this would be ktc_SetToken. But to do that we would have to
- import a REALLY big bunch of libraries which I would currently like
- to avoid.
-*/
-
-static BOOL afs_settoken(const char *cell,
- const struct ClearToken *ctok,
- DATA_BLOB ticket)
-{
- int ret;
- struct {
- char *in, *out;
- uint16 in_size, out_size;
- } iob;
-
- char buf[1024];
- char *p = buf;
- int tmp;
-
- memcpy(p, &ticket.length, sizeof(uint32));
- p += sizeof(uint32);
- memcpy(p, ticket.data, ticket.length);
- p += ticket.length;
-
- tmp = sizeof(struct ClearToken);
- memcpy(p, &tmp, sizeof(uint32));
- p += sizeof(uint32);
- memcpy(p, ctok, tmp);
- p += tmp;
-
- tmp = 0;
-
- memcpy(p, &tmp, sizeof(uint32));
- p += sizeof(uint32);
-
- tmp = strlen(cell);
- if (tmp >= MAXKTCREALMLEN) {
- DEBUG(1, ("Realm too long\n"));
- return False;
- }
-
- strncpy(p, cell, tmp);
- p += tmp;
- *p = 0;
- p +=1;
-
- iob.in = buf;
- iob.in_size = PTR_DIFF(p,buf);
- iob.out = buf;
- iob.out_size = sizeof(buf);
-
-#if 0
- file_save("/tmp/ioctlbuf", iob.in, iob.in_size);
-#endif
-
- ret = afs_syscall(AFSCALL_PIOCTL, 0, VIOCSETTOK, (char *)&iob, 0);
-
- DEBUG(10, ("afs VIOCSETTOK returned %d\n", ret));
- return (ret == 0);
-}
-
-BOOL afs_settoken_str(const char *token_string)
-{
- DATA_BLOB ticket;
- struct ClearToken ct;
- BOOL result;
- char *cell;
-
- if (!afs_decode_token(token_string, &cell, &ticket, &ct))
- return False;
-
- if (geteuid() != 0)
- ct.ViceId = getuid();
-
- result = afs_settoken(cell, &ct, ticket);
-
- SAFE_FREE(cell);
- data_blob_free(&ticket);
-
- return result;
- }
-
/* Create a ClearToken and an encrypted ticket. ClearToken has not yet the
* ViceId set, this should be set by the caller. */
p += 4;
/* We need to create a session key */
- generate_random_buffer(p, 8, False);
+ generate_random_buffer(p, 8);
/* Our client code needs the the key in the clear, it does not
know the server-key ... */
p += 8;
- /* Ticket lifetime. We fake everything here, so go as long as
- possible. This is in 5-minute intervals, so 255 is 21 hours
- and 15 minutes.*/
+ /* This is a kerberos 4 life time. The life time is expressed
+ * in units of 5 minute intervals up to 38400 seconds, after
+ * that a table is used up to lifetime 0xBF. Values between
+ * 0xC0 and 0xFF is undefined. 0xFF is defined to be the
+ * infinite time that never expire.
+ *
+ * So here we cheat and use the infinite time */
*p = 255;
p += 1;
SIVAL(p, 0, now);
ct->BeginTimestamp = now;
- ct->EndTimestamp = now + (255*60*5);
+ if(lp_afs_token_lifetime() == 0)
+ ct->EndTimestamp = NEVERDATE;
+ else
+ ct->EndTimestamp = now + lp_afs_token_lifetime();
+
if (((ct->EndTimestamp - ct->BeginTimestamp) & 1) == 1) {
ct->BeginTimestamp += 1; /* Lifetime must be even */
}
BOOL afs_login(connection_struct *conn)
{
+ extern userdom_struct current_user_info;
+ extern struct current_user current_user;
DATA_BLOB ticket;
pstring afs_username;
char *cell;
BOOL result;
+ char *ticket_str;
+ const DOM_SID *user_sid;
struct ClearToken ct;
pstrcpy(afs_username, lp_afs_username_map());
- standard_sub_conn(conn, afs_username, sizeof(afs_username));
+ standard_sub_advanced(SNUM(conn), conn->user,
+ conn->connectpath, conn->gid,
+ get_current_username(),
+ current_user_info.domain,
+ afs_username, sizeof(afs_username));
+
+ user_sid = ¤t_user.nt_user_token->user_sids[0];
+ pstring_sub(afs_username, "%s", sid_string_static(user_sid));
/* The pts command always generates completely lower-case user
* names. */
/* For which Unix-UID do we want to set the token? */
ct.ViceId = getuid();
- {
- char *str, *new_cell;
- DATA_BLOB test_ticket;
- struct ClearToken test_ct;
-
- hex_encode(ct.HandShakeKey, sizeof(ct.HandShakeKey), &str);
- DEBUG(10, ("Key: %s\n", str));
- free(str);
+ ticket_str = afs_encode_token(cell, ticket, &ct);
- str = afs_encode_token(cell, ticket, &ct);
+ result = afs_settoken_str(ticket_str);
- if (!afs_decode_token(str, &new_cell, &test_ticket,
- &test_ct)) {
- DEBUG(0, ("Could not decode token"));
- goto decode_failed;
- }
-
- if (strcmp(cell, new_cell) != 0) {
- DEBUG(0, ("cell changed\n"));
- }
-
- if ((ticket.length != test_ticket.length) ||
- (memcmp(ticket.data, test_ticket.data,
- ticket.length) != 0)) {
- DEBUG(0, ("Ticket changed\n"));
- }
-
- if (memcmp(&ct, &test_ct, sizeof(ct)) != 0) {
- DEBUG(0, ("ClearToken changed\n"));
- }
-
- data_blob_free(&test_ticket);
-
- decode_failed:
- SAFE_FREE(str);
- SAFE_FREE(new_cell);
- }
-
- result = afs_settoken(cell, &ct, ticket);
+ SAFE_FREE(ticket_str);
data_blob_free(&ticket);
return True;
}
-BOOL afs_settoken_str(const char *token_string)
-{
- return False;
-}
-
char *afs_createtoken_str(const char *username, const char *cell)
{
return False;