1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
/* These routines are used for geting an AFS tocken from a local
srvtab on file. Yes, user accounts with local srvtabs will be
hacked in a root breakin, destoying the wounderfull AFS security,
but it is a quick and dirty solution that works for a fairly secure
Samba server machine. /Johan Hedin (johanh@fusion.kth.se)
Based on kauth.c from krb-0.10.1 by
Kungliga Tekniska Högskolan
(Royal Institute of Technology, Stockholm, Sweden).
*/
#include "includes.h"
#ifdef RENEWABLE_AFS_TICKET
struct Srvtabinfo srvtabinfo;
int lifetime = DEFAULT_TKT_LIFE;
/* what user is current? */
extern struct current_user current_user;
extern int DEBUGLEVEL;
int get_afs_ticket_from_srvtab(void){
BOOL isroot = current_user.uid == 0;
int result;
char srvtab[sizeof(pstring)] = "";
char realm[REALM_SZ];
if(!isroot){
unbecome_user();
} /* if */
become_uid(srvtabinfo.uid);
/* krb_set_tkt_string(tkfile); */
pstrcat(srvtab, "/var/srvtabs/");
pstrcat(srvtab, srvtabinfo.user);
if (krb_get_lrealm(realm, 1) != KSUCCESS)
(void) strncpy(realm, KRB_REALM, REALM_SZ - 1);
result = krb_get_svc_in_tkt(srvtabinfo.user, "", realm,
KRB_TICKET_GRANTING_TICKET,
realm, lifetime, srvtab);
if(isroot){
unbecome_user();
} /* if */
if(result != KSUCCESS)
DEBUG(1,("Using file %s, error: %s\n",
srvtab,
krb_get_err_text(result)));
else
if((result = krb_afslog(NULL, NULL)) != KSUCCESS &&
result != KDC_PR_UNKNOWN)
DEBUG(1,("AFS ticket error: %s\n",
krb_get_err_text(result)));
DEBUG(2,("Renewing ticket for user %s\n", srvtabinfo.user));
return(krb_life_to_time(0, lifetime)/2 - 60);
} /* get_afs_ticket_from_srvtab */
pid_t get_renewed_ticket(void){
pid_t child;
DEBUG(2,("Getting ticket for user %s\n", srvtabinfo.user));
if((child = fork()) == 0){
/* Forking needed in order to use alarm */
for(;;)
sleep(get_afs_ticket_from_srvtab());
} /* if */
return child;
} /* get_renewed_ticket */
#endif /* RENEWABLE_AFS_TICKET */
|