int net_afs_impersonate(struct net_context *c, int argc,
const char **argv)
{
char *token;
if (argc != 2) {
d_fprintf(stderr, "%s net afs impersonate <user> <cell>\n",
_("Usage:"));
exit(1);
}
token = afs_createtoken_str(argv[0], argv[1]);
if (token == NULL) {
fprintf(stderr, _("Could not create token\n"));
exit(1);
}
if (!afs_settoken_str(token)) {
fprintf(stderr, _("Could not set token into kernel\n"));
exit(1);
}
printf(_("Success: %s@%s\n"), argv[0], argv[1]);
return 0;
}
static bool wbinfo_klog(char *username)
{
struct winbindd_request request;
struct winbindd_response response;
NSS_STATUS result;
char *p;
/* Send off request */
ZERO_STRUCT(request);
ZERO_STRUCT(response);
p = strchr(username, '%');
if (p) {
*p = 0;
fstrcpy(request.data.auth.user, username);
fstrcpy(request.data.auth.pass, p + 1);
*p = '%';
} else {
fstrcpy(request.data.auth.user, username);
fstrcpy(request.data.auth.pass, getpass("Password: "******"plaintext password authentication %s\n",
(result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
if (response.data.auth.nt_status)
d_fprintf(stderr, "error code was %s (0x%x)\nerror messsage was: %s\n",
response.data.auth.nt_status_string,
response.data.auth.nt_status,
response.data.auth.error_string);
if (result != NSS_STATUS_SUCCESS)
return false;
if (response.extra_data.data == NULL) {
d_fprintf(stderr, "Did not get token data\n");
return false;
}
if (!afs_settoken_str((char *)response.extra_data.data)) {
d_fprintf(stderr, "Could not set token\n");
return false;
}
d_printf("Successfully created AFS token\n");
return true;
}
BOOL afs_login(connection_struct *conn)
{
DATA_BLOB ticket;
pstring afs_username;
char *cell;
BOOL result;
char *ticket_str;
DOM_SID user_sid;
struct ClearToken ct;
pstrcpy(afs_username, lp_afs_username_map());
standard_sub_conn(conn, afs_username, sizeof(afs_username));
if (NT_STATUS_IS_OK(uid_to_sid(&user_sid, conn->uid)))
pstring_sub(afs_username, "%s", sid_string_static(&user_sid));
/* The pts command always generates completely lower-case user
* names. */
strlower_m(afs_username);
cell = strchr(afs_username, '@');
if (cell == NULL) {
DEBUG(1, ("AFS username doesn't contain a @, "
"could not find cell\n"));
return False;
}
*cell = '\0';
cell += 1;
DEBUG(10, ("Trying to log into AFS for user %s@%s\n",
afs_username, cell));
if (!afs_createtoken(afs_username, cell, &ticket, &ct))
return False;
/* For which Unix-UID do we want to set the token? */
ct.ViceId = getuid();
ticket_str = afs_encode_token(cell, ticket, &ct);
result = afs_settoken_str(ticket_str);
SAFE_FREE(ticket_str);
data_blob_free(&ticket);
return result;
}
static int net_afs_impersonate(int argc, const char **argv)
{
char *token;
if (argc != 2) {
fprintf(stderr, "Usage: net afs impersonate <user> <cell>\n");
exit(1);
}
token = afs_createtoken_str(argv[0], argv[1]);
if (token == NULL) {
fprintf(stderr, "Could not create token\n");
exit(1);
}
if (!afs_settoken_str(token)) {
fprintf(stderr, "Could not set token into kernel\n");
exit(1);
}
printf("Success: %s@%s\n", argv[0], argv[1]);
return 0;
}
bool afs_login(connection_struct *conn)
{
DATA_BLOB ticket;
char *afs_username = NULL;
char *cell = NULL;
bool result;
char *ticket_str = NULL;
const struct dom_sid *user_sid;
TALLOC_CTX *ctx = talloc_tos();
struct ClearToken ct;
afs_username = talloc_strdup(ctx,
lp_afs_username_map());
if (!afs_username) {
return false;
}
afs_username = talloc_sub_advanced(ctx,
lp_servicename(SNUM(conn)),
conn->session_info->unix_info->unix_name,
conn->connectpath,
conn->session_info->unix_token->gid,
conn->session_info->unix_info->sanitized_username,
conn->session_info->info->domain_name,
afs_username);
if (!afs_username) {
return false;
}
user_sid = &conn->session_info->security_token->sids[0];
afs_username = talloc_string_sub(talloc_tos(),
afs_username,
"%s",
sid_string_tos(user_sid));
if (!afs_username) {
return false;
}
/* The pts command always generates completely lower-case user
* names. */
strlower_m(afs_username);
cell = strchr(afs_username, '@');
if (cell == NULL) {
DEBUG(1, ("AFS username doesn't contain a @, "
"could not find cell\n"));
return false;
}
*cell = '\0';
cell += 1;
DEBUG(10, ("Trying to log into AFS for user %s@%s\n",
afs_username, cell));
if (!afs_createtoken(afs_username, cell, &ticket, &ct))
return false;
/* For which Unix-UID do we want to set the token? */
ct.ViceId = getuid();
ticket_str = afs_encode_token(cell, ticket, &ct);
result = afs_settoken_str(ticket_str);
SAFE_FREE(ticket_str);
data_blob_free(&ticket);
return result;
}
