char *, cmarg,
int, follow);
-char *afs_cell(void)
-{
- static char *cell = NULL;
-
- if (cell == NULL) {
- cell = strdup(lp_realm());
- strlower_m(cell);
- }
-
- return cell;
-}
-
struct ClearToken {
uint32 AuthHandle;
char HandShakeKey[8];
to avoid.
*/
-static BOOL afs_settoken(char *username, const struct ClearToken *ctok,
+static BOOL afs_settoken(const char *username, const char *cell,
+ const struct ClearToken *ctok,
char *v4tkt_data, int v4tkt_length)
{
int ret;
memcpy(p, &tmp, sizeof(uint32));
p += sizeof(uint32);
- tmp = strlen(afs_cell());
+ tmp = strlen(cell);
if (tmp >= MAXKTCREALMLEN) {
DEBUG(1, ("Realm too long\n"));
return False;
}
- strncpy(p, afs_cell(), tmp);
+ strncpy(p, cell, tmp);
p += tmp;
*p = 0;
p +=1;
For the comments "Alice" is the User to be auth'ed, and "Bob" is the
AFS server. */
-BOOL afs_login(char *username)
+BOOL afs_login(connection_struct *conn)
{
fstring ticket;
char *p = ticket;
uint32 len;
struct afs_key key;
+ pstring afs_username;
+ char *cell;
struct ClearToken ct;
des_key_schedule key_schedule;
- DEBUG(10, ("Trying to log into AFS for user %s@%s\n",
- username, afs_cell()));
+ pstrcpy(afs_username, lp_afs_username_map());
+ standard_sub_conn(conn, afs_username, sizeof(afs_username));
+
+ cell = strchr(afs_username, '@');
+
+ if (cell == NULL) {
+ DEBUG(1, ("AFS username doesn't contain a @, "
+ "could not find cell\n"));
+ return False;
+ }
+
+ *cell = '\0';
+ cell += 1;
+ strlower_m(cell);
+
+ DEBUG(10, ("Trying to log into AFS for user %s@%s\n",
+ afs_username, cell));
if (!secrets_init())
return False;
- if (!secrets_fetch_afs_key(afs_cell(), &key)) {
+ if (!secrets_fetch_afs_key(cell, &key)) {
DEBUG(5, ("Could not fetch AFS service key\n"));
return False;
}
p += 1;
/* "Alice", the client username */
- strncpy(p, username, sizeof(ticket)-PTR_DIFF(p,ticket)-1);
+ strncpy(p, afs_username, sizeof(ticket)-PTR_DIFF(p,ticket)-1);
p += strlen(p)+1;
strncpy(p, "", sizeof(ticket)-PTR_DIFF(p,ticket)-1);
p += strlen(p)+1;
- strncpy(p, afs_cell(), sizeof(ticket)-PTR_DIFF(p,ticket)-1);
+ strncpy(p, cell, sizeof(ticket)-PTR_DIFF(p,ticket)-1);
p += strlen(p)+1;
- ct.ViceId = getuid();
+ /* As long as we still only use the effective UID we need to set the
+ * token for it here as well. This involves patching AFS in two
+ * places. Once we start using the real uid where we have the
+ * setresuid function, we can use getuid() here which would be more
+ * correct. */
+
+ ct.ViceId = geteuid();
DEBUG(10, ("Creating Token for uid %d\n", ct.ViceId));
/* Alice's network layer address. At least Openafs-1.2.10
ZERO_STRUCT(key);
- return afs_settoken(username, &ct, ticket, len);
+ return afs_settoken(afs_username, cell, &ct, ticket, len);
}
#else
-BOOL afs_login(char *username)
+BOOL afs_login(connection_struct *conn)
{
return True;
}
char *szPasswordServer;
char *szSocketOptions;
char *szRealm;
+ char *szAfsUsernameMap;
char *szUsernameMap;
char *szLogonScript;
char *szLogonPath;
BOOL bUseSendfile;
BOOL bProfileAcls;
BOOL bMap_acl_inherit;
+ BOOL bAfs_Share;
param_opt_struct *param_opt;
char dummy[3]; /* for alignment */
False, /* bUseSendfile */
False, /* bProfileAcls */
False, /* bMap_acl_inherit */
+ False, /* bAfs_Share */
NULL, /* Parametric options */
{"workgroup", P_USTRING, P_GLOBAL, &Globals.szWorkgroup, handle_workgroup, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD},
#ifdef WITH_ADS
{"realm", P_USTRING, P_GLOBAL, &Globals.szRealm, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD},
+ {"afs username map", P_USTRING, P_GLOBAL, &Globals.szAfsUsernameMap, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD},
#endif
{"netbios name", P_USTRING, P_GLOBAL, &Globals.szNetbiosName, handle_netbios_name, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD},
{"netbios aliases", P_LIST, P_GLOBAL, &Globals.szNetbiosAliases, handle_netbios_aliases, NULL, FLAG_ADVANCED},
{"announce version", P_STRING, P_GLOBAL, &Globals.szAnnounceVersion, NULL, NULL, FLAG_ADVANCED},
{"announce as", P_ENUM, P_GLOBAL, &Globals.announce_as, NULL, enum_announce_as, FLAG_ADVANCED},
{"map acl inherit", P_BOOL, P_LOCAL, &sDefault.bMap_acl_inherit, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL},
+ {"afs share", P_BOOL, P_LOCAL, &sDefault.bAfs_Share, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL},
{"max mux", P_INTEGER, P_GLOBAL, &Globals.max_mux, NULL, NULL, FLAG_ADVANCED},
{"max xmit", P_INTEGER, P_GLOBAL, &Globals.max_xmit, NULL, NULL, FLAG_ADVANCED},
FN_GLOBAL_STRING(lp_passwordserver, &Globals.szPasswordServer)
FN_GLOBAL_STRING(lp_name_resolve_order, &Globals.szNameResolveOrder)
FN_GLOBAL_STRING(lp_realm, &Globals.szRealm)
+FN_GLOBAL_STRING(lp_afs_username_map, &Globals.szAfsUsernameMap)
FN_GLOBAL_STRING(lp_username_map, &Globals.szUsernameMap)
FN_GLOBAL_CONST_STRING(lp_logon_script, &Globals.szLogonScript)
FN_GLOBAL_CONST_STRING(lp_logon_path, &Globals.szLogonPath)
FN_LOCAL_BOOL(_lp_use_sendfile, bUseSendfile)
FN_LOCAL_BOOL(lp_profile_acls, bProfileAcls)
FN_LOCAL_BOOL(lp_map_acl_inherit, bMap_acl_inherit)
+FN_LOCAL_BOOL(lp_afs_share, bAfs_Share)
FN_LOCAL_INTEGER(lp_create_mask, iCreate_mask)
FN_LOCAL_INTEGER(lp_force_create_mode, iCreate_force_mode)
FN_LOCAL_INTEGER(lp_security_mask, iSecurity_mask)
git.samba.org / ira / wip.git / commitdiff