*/
#include "includes.h"
+#include "lib/afs/afs_funcs.h"
#ifdef WITH_FAKE_KASERVER
#include <afs/param.h>
#include <afs/stds.h>
-#include <afs/afs.h>
#include <afs/auth.h>
#include <afs/venus.h>
#include <asm/unistd.h>
struct afs_key key;
des_key_schedule key_schedule;
- if (!secrets_init())
+ if (!secrets_init())
return false;
if (!secrets_fetch_afs_key(cell, &key)) {
ct->AuthHandle = key.kvno;
/* Build the ticket. This is going to be encrypted, so in our
- way we fill in ct while we still have the unencrypted
- form. */
+ way we fill in ct while we still have the unencrypted
+ form. */
p = clear_ticket;
p += strlen(p)+1;
/* Alice's network layer address. At least Openafs-1.2.10
- ignores this, so we fill in a dummy value here. */
+ ignores this, so we fill in a dummy value here. */
SIVAL(p, 0, 0);
p += 4;
generate_random_buffer((uint8_t *)p, 8);
/* Our client code needs the the key in the clear, it does not
- know the server-key ... */
+ know the server-key ... */
memcpy(ct->HandShakeKey, p, 8);
p += 8;
p += 4;
/* And here comes Bob's name and instance, in this case the
- AFS server. */
+ AFS server. */
strncpy(p, "afs", sizeof(clear_ticket)-PTR_DIFF(p,clear_ticket)-1);
p += strlen(p)+1;
strncpy(p, "", sizeof(clear_ticket)-PTR_DIFF(p,clear_ticket)-1);
--- /dev/null
+/*
+ * Unix SMB/CIFS implementation.
+ * Generate AFS tickets
+ * Copyright (C) Volker Lendecke 2003
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef LIB_AFS_AFS_FUNCS_H
+#define LIB_AFS_AFS_FUNCS_H 1
+
+char *afs_createtoken_str(const char *username, const char *cell);
+
+/*
+ This routine takes a radical approach completely bypassing the
+ Kerberos idea of security and using AFS simply as an intelligent
+ file backend. Samba has persuaded itself somehow that the user is
+ actually correctly identified and then we create a ticket that the
+ AFS server hopefully accepts using its KeyFile that the admin has
+ kindly stored to our secrets.tdb.
+
+ Thanks to the book "Network Security -- PRIVATE Communication in a
+ PUBLIC World" by Charlie Kaufman, Radia Perlman and Mike Speciner
+ Kerberos 4 tickets are not really hard to construct.
+
+ For the comments "Alice" is the User to be auth'ed, and "Bob" is the
+ AFS server. */
+
+bool afs_login(connection_struct *conn);
+
+#endif
--- /dev/null
+#!/usr/bin/env python
+
+bld.SAMBA3_SUBSYSTEM('LIBAFS',
+ source='afs_funcs.c',
+ deps='samba-util LIBAFS_SETTOKEN')
+
/* The following definitions come from lib/adt_tree.c */
-
-/* The following definitions come from lib/afs.c */
-
-char *afs_createtoken_str(const char *username, const char *cell);
-bool afs_login(connection_struct *conn);
-
/* The following definitions come from lib/afs_settoken.c */
int afs_syscall(int subcall, const char *path, int cmd, char *cmarg, int follow);
#include "auth.h"
#include "lib/param/loadparm.h"
#include "messages.h"
+#include "lib/afs/afs_funcs.h"
static bool canonicalize_connect_path(connection_struct *conn)
{
#include "utils/net_afs.h"
#include "secrets.h"
#include "system/filesys.h"
+#include "lib/afs/afs_funcs.h"
int net_afs_usage(struct net_context *c, int argc, const char **argv)
{
#include "auth/kerberos/pac_utils.h"
#include "auth/gensec/gensec.h"
#include "librpc/crypto/gse_krb5.h"
+#include "lib/afs/afs_funcs.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
source='lib/afs_settoken.c',
deps='samba-util')
-bld.SAMBA3_SUBSYSTEM('LIBAFS',
- source='lib/afs.c',
- deps='samba-util LIBAFS_SETTOKEN')
-
bld.SAMBA3_LIBRARY('smbconf',
source='''lib/smbconf/smbconf_init.c
lib/smbconf/smbconf_reg.c''',
bld.RECURSE('lib/popt')
bld.RECURSE('lib/iniparser/src')
bld.RECURSE('source4/lib/stream')
+bld.RECURSE('lib/afs')
bld.RECURSE('lib/util')
bld.RECURSE('lib/tdb_wrap')
bld.RECURSE('lib/tdr')