BOOL afs_login(connection_struct *conn)
{
DATA_BLOB ticket;
pstring afs_username;
char *cell;
BOOL result;
char *ticket_str;
DOM_SID user_sid;
struct ClearToken ct;
pstrcpy(afs_username, lp_afs_username_map());
standard_sub_conn(conn, afs_username, sizeof(afs_username));
if (NT_STATUS_IS_OK(uid_to_sid(&user_sid, conn->uid)))
pstring_sub(afs_username, "%s", sid_string_static(&user_sid));
/* The pts command always generates completely lower-case user
* names. */
strlower_m(afs_username);
cell = strchr(afs_username, '@');
if (cell == NULL) {
DEBUG(1, ("AFS username doesn't contain a @, "
"could not find cell\n"));
return False;
}
*cell = '\0';
cell += 1;
DEBUG(10, ("Trying to log into AFS for user %s@%s\n",
afs_username, cell));
if (!afs_createtoken(afs_username, cell, &ticket, &ct))
return False;
/* For which Unix-UID do we want to set the token? */
ct.ViceId = getuid();
ticket_str = afs_encode_token(cell, ticket, &ct);
result = afs_settoken_str(ticket_str);
SAFE_FREE(ticket_str);
data_blob_free(&ticket);
return result;
}
char *afs_createtoken_str(const char *username, const char *cell)
{
DATA_BLOB ticket;
struct ClearToken ct;
char *result;
if (!afs_createtoken(username, cell, &ticket, &ct))
return NULL;
result = afs_encode_token(cell, ticket, &ct);
data_blob_free(&ticket);
return result;
}
bool afs_login(connection_struct *conn)
{
DATA_BLOB ticket;
char *afs_username = NULL;
char *cell = NULL;
bool result;
char *ticket_str = NULL;
const struct dom_sid *user_sid;
TALLOC_CTX *ctx = talloc_tos();
struct ClearToken ct;
afs_username = talloc_strdup(ctx,
lp_afs_username_map());
if (!afs_username) {
return false;
}
afs_username = talloc_sub_advanced(ctx,
lp_servicename(SNUM(conn)),
conn->session_info->unix_info->unix_name,
conn->connectpath,
conn->session_info->unix_token->gid,
conn->session_info->unix_info->sanitized_username,
conn->session_info->info->domain_name,
afs_username);
if (!afs_username) {
return false;
}
user_sid = &conn->session_info->security_token->sids[0];
afs_username = talloc_string_sub(talloc_tos(),
afs_username,
"%s",
sid_string_tos(user_sid));
if (!afs_username) {
return false;
}
/* The pts command always generates completely lower-case user
* names. */
strlower_m(afs_username);
cell = strchr(afs_username, '@');
if (cell == NULL) {
DEBUG(1, ("AFS username doesn't contain a @, "
"could not find cell\n"));
return false;
}
*cell = '\0';
cell += 1;
DEBUG(10, ("Trying to log into AFS for user %s@%s\n",
afs_username, cell));
if (!afs_createtoken(afs_username, cell, &ticket, &ct))
return false;
/* For which Unix-UID do we want to set the token? */
ct.ViceId = getuid();
ticket_str = afs_encode_token(cell, ticket, &ct);
result = afs_settoken_str(ticket_str);
SAFE_FREE(ticket_str);
data_blob_free(&ticket);
return result;
}
BOOL afs_login(connection_struct *conn)
{
DATA_BLOB ticket;
pstring afs_username;
char *cell;
BOOL result;
struct ClearToken ct;
pstrcpy(afs_username, lp_afs_username_map());
standard_sub_conn(conn, afs_username, sizeof(afs_username));
/* The pts command always generates completely lower-case user
* names. */
strlower_m(afs_username);
cell = strchr(afs_username, '@');
if (cell == NULL) {
DEBUG(1, ("AFS username doesn't contain a @, "
"could not find cell\n"));
return False;
}
*cell = '\0';
cell += 1;
DEBUG(10, ("Trying to log into AFS for user %s@%s\n",
afs_username, cell));
if (!afs_createtoken(afs_username, cell, &ticket, &ct))
return False;
/* For which Unix-UID do we want to set the token? */
ct.ViceId = getuid();
{
char *str, *new_cell;
DATA_BLOB test_ticket;
struct ClearToken test_ct;
hex_encode(ct.HandShakeKey, sizeof(ct.HandShakeKey), &str);
DEBUG(10, ("Key: %s\n", str));
free(str);
str = afs_encode_token(cell, ticket, &ct);
if (!afs_decode_token(str, &new_cell, &test_ticket,
&test_ct)) {
DEBUG(0, ("Could not decode token"));
goto decode_failed;
}
if (strcmp(cell, new_cell) != 0) {
DEBUG(0, ("cell changed\n"));
}
if ((ticket.length != test_ticket.length) ||
(memcmp(ticket.data, test_ticket.data,
ticket.length) != 0)) {
DEBUG(0, ("Ticket changed\n"));
}
if (memcmp(&ct, &test_ct, sizeof(ct)) != 0) {
DEBUG(0, ("ClearToken changed\n"));
}
data_blob_free(&test_ticket);
decode_failed:
SAFE_FREE(str);
SAFE_FREE(new_cell);
}
result = afs_settoken(cell, &ct, ticket);
data_blob_free(&ticket);
return result;
}