diff options
| author | Volker Lendecke <vlendec@samba.org> | 2003-09-07 16:36:13 +0000 |
|---|---|---|
| committer | Volker Lendecke <vlendec@samba.org> | 2003-09-07 16:36:13 +0000 |
| commit | 5775690ee8e17d3e98355b5147e4aed47e8dc213 (patch) | |
| tree | 4e518238ccaa43ccd3511e4aea8e8fb5f4ffbf7a /source/passdb | |
| parent | f094555ed9d4f72841869e79037d6ff980ebe324 (diff) | |
| download | samba-5775690ee8e17d3e98355b5147e4aed47e8dc213.tar.gz samba-5775690ee8e17d3e98355b5147e4aed47e8dc213.tar.xz samba-5775690ee8e17d3e98355b5147e4aed47e8dc213.zip | |
Nobody complained on the team-list, so commit it ...
This implements some kind of improved AFS support for Samba on Linux with
OpenAFS 1.2.10. ./configure --with-fake-kaserver assumes that you have
OpenAFS on your machine. To use this, you have to put the AFS server's KeyFile
into secrets.tdb with 'net afskey'. If this is done, on each tree connect
smbd creates a Kerberos V4 ticket suitable for use by the AFS client and
gives it to the kernel via the AFS syscall. This is meant to be very
light-weight, so I did not link in a whole lot of libraries to be more
platform-independent using the ka_SetToken function call.
Volker
Diffstat (limited to 'source/passdb')
| -rw-r--r-- | source/passdb/secrets.c | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/source/passdb/secrets.c b/source/passdb/secrets.c index 2c99631e130..8a146f0d688 100644 --- a/source/passdb/secrets.c +++ b/source/passdb/secrets.c @@ -738,3 +738,56 @@ BOOL must_use_pdc( const char *domain ) } +/******************************************************************************* + Store a complete AFS keyfile into secrets.tdb. +*******************************************************************************/ + +BOOL secrets_store_afs_keyfile(const char *cell, const struct afs_keyfile *keyfile) +{ + fstring key; + + if ((cell == NULL) || (keyfile == NULL)) + return False; + + if (ntohl(keyfile->nkeys) > SECRETS_AFS_MAXKEYS) + return False; + + slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_AFS_KEYFILE, cell); + return secrets_store(key, keyfile, sizeof(struct afs_keyfile)); +} + +/******************************************************************************* + Fetch the current (highest) AFS key from secrets.tdb +*******************************************************************************/ +BOOL secrets_fetch_afs_key(const char *cell, struct afs_key *result) +{ + fstring key; + struct afs_keyfile *keyfile; + size_t size; + uint32 i; + + slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_AFS_KEYFILE, cell); + + keyfile = (struct afs_keyfile *)secrets_fetch(key, &size); + + if (keyfile == NULL) + return False; + + if (size != sizeof(struct afs_keyfile)) { + SAFE_FREE(keyfile); + return False; + } + + i = ntohl(keyfile->nkeys); + + if (i > SECRETS_AFS_MAXKEYS) { + SAFE_FREE(keyfile); + return False; + } + + *result = keyfile->entry[i-1]; + + result->kvno = ntohl(result->kvno); + + return True; +} |