diff options
| author | Volker Lendecke <vlendec@samba.org> | 2003-09-07 16:36:13 +0000 |
|---|---|---|
| committer | Volker Lendecke <vlendec@samba.org> | 2003-09-07 16:36:13 +0000 |
| commit | 1c38391c704756c31c1d8d7f84f9ac6ffcaeda34 (patch) | |
| tree | 441c2ae1a1649d71db20ef907c779f5c32a13e63 /source3/utils/net.c | |
| parent | c4b69a9ca1e7881aa6d37056ed12d8ccd18b0a41 (diff) | |
| download | samba-1c38391c704756c31c1d8d7f84f9ac6ffcaeda34.tar.gz samba-1c38391c704756c31c1d8d7f84f9ac6ffcaeda34.tar.xz samba-1c38391c704756c31c1d8d7f84f9ac6ffcaeda34.zip | |
Nobody complained on the team-list, so commit it ...
This implements some kind of improved AFS support for Samba on Linux with
OpenAFS 1.2.10. ./configure --with-fake-kaserver assumes that you have
OpenAFS on your machine. To use this, you have to put the AFS server's KeyFile
into secrets.tdb with 'net afskey'. If this is done, on each tree connect
smbd creates a Kerberos V4 ticket suitable for use by the AFS client and
gives it to the kernel via the AFS syscall. This is meant to be very
light-weight, so I did not link in a whole lot of libraries to be more
platform-independent using the ka_SetToken function call.
Volker
(This used to be commit 5775690ee8e17d3e98355b5147e4aed47e8dc213)
Diffstat (limited to 'source3/utils/net.c')
| -rw-r--r-- | source3/utils/net.c | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/source3/utils/net.c b/source3/utils/net.c index 080b0f4c8a3..e5c078da29f 100644 --- a/source3/utils/net.c +++ b/source3/utils/net.c @@ -462,6 +462,50 @@ static int net_getdomainsid(int argc, const char **argv) return 0; } +#ifdef WITH_FAKE_KASERVER + +int net_afskey_usage(int argc, const char **argv) +{ + d_printf(" net afskey filename\n" + "\tImports a OpenAFS KeyFile into our secrets.tdb\n\n"); + return -1; +} + +static int net_afskey(int argc, const char **argv) +{ + int fd; + struct afs_keyfile keyfile; + + if (argc != 1) { + d_printf("usage: 'net afskey <keyfile>'\n"); + return -1; + } + + if (!secrets_init()) { + d_printf("Could not open secrets.tdb\n"); + return -1; + } + + if ((fd = open(argv[0], O_RDONLY, 0)) < 0) { + d_printf("Could not open %s\n", argv[0]); + return -1; + } + + if (read(fd, &keyfile, sizeof(keyfile)) != sizeof(keyfile)) { + d_printf("Could not read keyfile\n"); + return -1; + } + + if (!secrets_store_afs_keyfile(afs_cell(), &keyfile)) { + d_printf("Could not write keyfile to secrets.tdb\n"); + return -1; + } + + return 0; +} + +#endif /* WITH_FAKE_KASERVER */ + static uint32 get_maxrid(void) { SAM_ACCOUNT *pwd = NULL; @@ -572,6 +616,9 @@ static struct functable net_func[] = { {"GETDOMAINSID", net_getdomainsid}, {"MAXRID", net_maxrid}, {"IDMAP", net_idmap}, +#ifdef WITH_FAKE_KASERVER + {"AFSKEY", net_afskey}, +#endif {"HELP", net_help}, {NULL, NULL} |