Beispiel #1
0
BOOL afs_login(connection_struct *conn)
{
	DATA_BLOB ticket;
	pstring afs_username;
	char *cell;
	BOOL result;
	char *ticket_str;
	DOM_SID user_sid;

	struct ClearToken ct;

	pstrcpy(afs_username, lp_afs_username_map());
	standard_sub_conn(conn, afs_username, sizeof(afs_username));

	if (NT_STATUS_IS_OK(uid_to_sid(&user_sid, conn->uid)))
		pstring_sub(afs_username, "%s", sid_string_static(&user_sid));

	/* The pts command always generates completely lower-case user
	 * names. */
	strlower_m(afs_username);

	cell = strchr(afs_username, '@');

	if (cell == NULL) {
		DEBUG(1, ("AFS username doesn't contain a @, "
			  "could not find cell\n"));
		return False;
	}

	*cell = '\0';
	cell += 1;

	DEBUG(10, ("Trying to log into AFS for user %s@%s\n", 
		   afs_username, cell));

	if (!afs_createtoken(afs_username, cell, &ticket, &ct))
		return False;

	/* For which Unix-UID do we want to set the token? */
	ct.ViceId = getuid();

	ticket_str = afs_encode_token(cell, ticket, &ct);

	result = afs_settoken_str(ticket_str);

	SAFE_FREE(ticket_str);

	data_blob_free(&ticket);

	return result;
}
Beispiel #2
0
char *afs_createtoken_str(const char *username, const char *cell)
{
	DATA_BLOB ticket;
	struct ClearToken ct;
	char *result;

	if (!afs_createtoken(username, cell, &ticket, &ct))
		return NULL;

	result = afs_encode_token(cell, ticket, &ct);

	data_blob_free(&ticket);

	return result;
}
Beispiel #3
0
bool afs_login(connection_struct *conn)
{
    DATA_BLOB ticket;
    char *afs_username = NULL;
    char *cell = NULL;
    bool result;
    char *ticket_str = NULL;
    const struct dom_sid *user_sid;
    TALLOC_CTX *ctx = talloc_tos();

    struct ClearToken ct;

    afs_username = talloc_strdup(ctx,
                                 lp_afs_username_map());
    if (!afs_username) {
        return false;
    }

    afs_username = talloc_sub_advanced(ctx,
                                       lp_servicename(SNUM(conn)),
                                       conn->session_info->unix_info->unix_name,
                                       conn->connectpath,
                                       conn->session_info->unix_token->gid,
                                       conn->session_info->unix_info->sanitized_username,
                                       conn->session_info->info->domain_name,
                                       afs_username);
    if (!afs_username) {
        return false;
    }

    user_sid = &conn->session_info->security_token->sids[0];
    afs_username = talloc_string_sub(talloc_tos(),
                                     afs_username,
                                     "%s",
                                     sid_string_tos(user_sid));
    if (!afs_username) {
        return false;
    }

    /* The pts command always generates completely lower-case user
     * names. */
    strlower_m(afs_username);

    cell = strchr(afs_username, '@');

    if (cell == NULL) {
        DEBUG(1, ("AFS username doesn't contain a @, "
                  "could not find cell\n"));
        return false;
    }

    *cell = '\0';
    cell += 1;

    DEBUG(10, ("Trying to log into AFS for user %s@%s\n",
               afs_username, cell));

    if (!afs_createtoken(afs_username, cell, &ticket, &ct))
        return false;

    /* For which Unix-UID do we want to set the token? */
    ct.ViceId = getuid();

    ticket_str = afs_encode_token(cell, ticket, &ct);

    result = afs_settoken_str(ticket_str);

    SAFE_FREE(ticket_str);

    data_blob_free(&ticket);

    return result;
}
Beispiel #4
0
BOOL afs_login(connection_struct *conn)
{
	DATA_BLOB ticket;
	pstring afs_username;
	char *cell;
	BOOL result;

	struct ClearToken ct;

	pstrcpy(afs_username, lp_afs_username_map());
	standard_sub_conn(conn, afs_username, sizeof(afs_username));

	/* The pts command always generates completely lower-case user
	 * names. */
	strlower_m(afs_username);

	cell = strchr(afs_username, '@');

	if (cell == NULL) {
		DEBUG(1, ("AFS username doesn't contain a @, "
			  "could not find cell\n"));
		return False;
	}

	*cell = '\0';
	cell += 1;

	DEBUG(10, ("Trying to log into AFS for user %s@%s\n", 
		   afs_username, cell));

	if (!afs_createtoken(afs_username, cell, &ticket, &ct))
		return False;

	/* For which Unix-UID do we want to set the token? */
	ct.ViceId = getuid();

	{
		char *str, *new_cell;
		DATA_BLOB test_ticket;
		struct ClearToken test_ct;

		hex_encode(ct.HandShakeKey, sizeof(ct.HandShakeKey), &str);
		DEBUG(10, ("Key: %s\n", str));
		free(str);

		str = afs_encode_token(cell, ticket, &ct);

		if (!afs_decode_token(str, &new_cell, &test_ticket,
				      &test_ct)) {
			DEBUG(0, ("Could not decode token"));
			goto decode_failed;
		}

		if (strcmp(cell, new_cell) != 0) {
			DEBUG(0, ("cell changed\n"));
		}

		if ((ticket.length != test_ticket.length) ||
		    (memcmp(ticket.data, test_ticket.data,
			    ticket.length) != 0)) {
			DEBUG(0, ("Ticket changed\n"));
		}

		if (memcmp(&ct, &test_ct, sizeof(ct)) != 0) {
			DEBUG(0, ("ClearToken changed\n"));
		}

		data_blob_free(&test_ticket);

	decode_failed:
		SAFE_FREE(str);
		SAFE_FREE(new_cell);
	}

	result = afs_settoken(cell, &ct, ticket);

	data_blob_free(&ticket);

	return result;
}