diff options
| -rw-r--r-- | lib/afs/afs_funcs.c (renamed from source3/lib/afs.c) | 14 | ||||
| -rw-r--r-- | lib/afs/afs_funcs.h | 42 | ||||
| -rw-r--r-- | lib/afs/wscript_build | 6 | ||||
| -rw-r--r-- | source3/include/proto.h | 6 | ||||
| -rw-r--r-- | source3/smbd/service.c | 1 | ||||
| -rw-r--r-- | source3/utils/net_afs.c | 1 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_pam.c | 1 | ||||
| -rwxr-xr-x | source3/wscript_build | 4 | ||||
| -rw-r--r-- | wscript_build | 1 |
9 files changed, 59 insertions, 17 deletions
diff --git a/source3/lib/afs.c b/lib/afs/afs_funcs.c index 2d77526dec8..316bb1b5ec1 100644 --- a/source3/lib/afs.c +++ b/lib/afs/afs_funcs.c @@ -18,6 +18,7 @@ */ #include "includes.h" +#include "lib/afs/afs_funcs.h" #ifdef WITH_FAKE_KASERVER @@ -30,7 +31,6 @@ #include <afs/param.h> #include <afs/stds.h> -#include <afs/afs.h> #include <afs/auth.h> #include <afs/venus.h> #include <asm/unistd.h> @@ -92,7 +92,7 @@ static bool afs_createtoken(const char *username, const char *cell, struct afs_key key; des_key_schedule key_schedule; - if (!secrets_init()) + if (!secrets_init()) return false; if (!secrets_fetch_afs_key(cell, &key)) { @@ -103,8 +103,8 @@ static bool afs_createtoken(const char *username, const char *cell, ct->AuthHandle = key.kvno; /* Build the ticket. This is going to be encrypted, so in our - way we fill in ct while we still have the unencrypted - form. */ + way we fill in ct while we still have the unencrypted + form. */ p = clear_ticket; @@ -121,7 +121,7 @@ static bool afs_createtoken(const char *username, const char *cell, p += strlen(p)+1; /* Alice's network layer address. At least Openafs-1.2.10 - ignores this, so we fill in a dummy value here. */ + ignores this, so we fill in a dummy value here. */ SIVAL(p, 0, 0); p += 4; @@ -129,7 +129,7 @@ static bool afs_createtoken(const char *username, const char *cell, generate_random_buffer((uint8_t *)p, 8); /* Our client code needs the the key in the clear, it does not - know the server-key ... */ + know the server-key ... */ memcpy(ct->HandShakeKey, p, 8); p += 8; @@ -160,7 +160,7 @@ static bool afs_createtoken(const char *username, const char *cell, p += 4; /* And here comes Bob's name and instance, in this case the - AFS server. */ + AFS server. */ strncpy(p, "afs", sizeof(clear_ticket)-PTR_DIFF(p,clear_ticket)-1); p += strlen(p)+1; strncpy(p, "", sizeof(clear_ticket)-PTR_DIFF(p,clear_ticket)-1); diff --git a/lib/afs/afs_funcs.h b/lib/afs/afs_funcs.h new file mode 100644 index 00000000000..95e916b47a2 --- /dev/null +++ b/lib/afs/afs_funcs.h @@ -0,0 +1,42 @@ +/* + * Unix SMB/CIFS implementation. + * Generate AFS tickets + * Copyright (C) Volker Lendecke 2003 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see <http://www.gnu.org/licenses/>. + */ + +#ifndef LIB_AFS_AFS_FUNCS_H +#define LIB_AFS_AFS_FUNCS_H 1 + +char *afs_createtoken_str(const char *username, const char *cell); + +/* + This routine takes a radical approach completely bypassing the + Kerberos idea of security and using AFS simply as an intelligent + file backend. Samba has persuaded itself somehow that the user is + actually correctly identified and then we create a ticket that the + AFS server hopefully accepts using its KeyFile that the admin has + kindly stored to our secrets.tdb. + + Thanks to the book "Network Security -- PRIVATE Communication in a + PUBLIC World" by Charlie Kaufman, Radia Perlman and Mike Speciner + Kerberos 4 tickets are not really hard to construct. + + For the comments "Alice" is the User to be auth'ed, and "Bob" is the + AFS server. */ + +bool afs_login(connection_struct *conn); + +#endif diff --git a/lib/afs/wscript_build b/lib/afs/wscript_build new file mode 100644 index 00000000000..45d8be5795f --- /dev/null +++ b/lib/afs/wscript_build @@ -0,0 +1,6 @@ +#!/usr/bin/env python + +bld.SAMBA3_SUBSYSTEM('LIBAFS', + source='afs_funcs.c', + deps='samba-util LIBAFS_SETTOKEN') + diff --git a/source3/include/proto.h b/source3/include/proto.h index d401dfbef3e..14af2ad6030 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -35,12 +35,6 @@ bool allow_access(const char **deny_list, /* The following definitions come from lib/adt_tree.c */ - -/* The following definitions come from lib/afs.c */ - -char *afs_createtoken_str(const char *username, const char *cell); -bool afs_login(connection_struct *conn); - /* The following definitions come from lib/afs_settoken.c */ int afs_syscall(int subcall, const char *path, int cmd, char *cmarg, int follow); diff --git a/source3/smbd/service.c b/source3/smbd/service.c index a9ad8477b0f..d3eabf8e360 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -30,6 +30,7 @@ #include "auth.h" #include "lib/param/loadparm.h" #include "messages.h" +#include "lib/afs/afs_funcs.h" static bool canonicalize_connect_path(connection_struct *conn) { diff --git a/source3/utils/net_afs.c b/source3/utils/net_afs.c index 3c7f28242ce..44e5193c884 100644 --- a/source3/utils/net_afs.c +++ b/source3/utils/net_afs.c @@ -22,6 +22,7 @@ #include "utils/net_afs.h" #include "secrets.h" #include "system/filesys.h" +#include "lib/afs/afs_funcs.h" int net_afs_usage(struct net_context *c, int argc, const char **argv) { diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 415dc79974c..65f27dfcadb 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -41,6 +41,7 @@ #include "auth/kerberos/pac_utils.h" #include "auth/gensec/gensec.h" #include "librpc/crypto/gse_krb5.h" +#include "lib/afs/afs_funcs.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND diff --git a/source3/wscript_build b/source3/wscript_build index d319e5e7ac3..1f1b75049aa 100755 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -472,10 +472,6 @@ bld.SAMBA3_SUBSYSTEM('LIBAFS_SETTOKEN', source='lib/afs_settoken.c', deps='samba-util') -bld.SAMBA3_SUBSYSTEM('LIBAFS', - source='lib/afs.c', - deps='samba-util LIBAFS_SETTOKEN') - bld.SAMBA3_LIBRARY('smbconf', source='''lib/smbconf/smbconf_init.c lib/smbconf/smbconf_reg.c''', diff --git a/wscript_build b/wscript_build index 9228d154107..59ba354d48c 100644 --- a/wscript_build +++ b/wscript_build @@ -74,6 +74,7 @@ bld.RECURSE('lib/uid_wrapper') bld.RECURSE('lib/popt') bld.RECURSE('lib/iniparser/src') bld.RECURSE('source4/lib/stream') +bld.RECURSE('lib/afs') bld.RECURSE('lib/util') bld.RECURSE('lib/tdb_wrap') bld.RECURSE('lib/tdr') |