summaryrefslogtreecommitdiffstats
path: root/source/smbd/afsticket.c
blob: 1f87a5bb8f46aa010b44ef6c81870b06acf74295 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

/* These routines are used for geting an AFS tocken from a local
   srvtab on file. Yes, user accounts with local srvtabs will be
   hacked in a root breakin, destoying the wounderfull AFS security,
   but it is a quick and dirty solution that works for a fairly secure
   Samba server machine. /Johan Hedin (johanh@fusion.kth.se)
   
   Based on kauth.c from krb-0.10.1 by
   Kungliga Tekniska Högskolan
   (Royal Institute of Technology, Stockholm, Sweden).
   */

#include "includes.h"

#ifdef RENEWABLE_AFS_TICKET

struct Srvtabinfo srvtabinfo;
int lifetime = DEFAULT_TKT_LIFE;

/* what user is current? */
extern struct current_user current_user;

extern int DEBUGLEVEL;

int get_afs_ticket_from_srvtab(void){
  BOOL isroot = current_user.uid == 0;
  int result;
  char srvtab[sizeof(pstring)] = "";
  char realm[REALM_SZ];

  if(!isroot){
    unbecome_user();
  } /* if */

  become_uid(srvtabinfo.uid);
  /* krb_set_tkt_string(tkfile); */

  pstrcat(srvtab, "/var/srvtabs/");
  pstrcat(srvtab, srvtabinfo.user);
  if (krb_get_lrealm(realm, 1) != KSUCCESS) 
    (void) strncpy(realm, KRB_REALM, REALM_SZ - 1);
  result = krb_get_svc_in_tkt(srvtabinfo.user, "", realm,
			      KRB_TICKET_GRANTING_TICKET,
			      realm, lifetime, srvtab);
  
  if(isroot){
    unbecome_user();
  } /* if */
  if(result != KSUCCESS)
    DEBUG(1,("Using file %s, error: %s\n",
	     srvtab,
	     krb_get_err_text(result)));
  else
    if((result = krb_afslog(NULL, NULL)) != KSUCCESS &&
       result != KDC_PR_UNKNOWN)
      DEBUG(1,("AFS ticket error: %s\n",
	       krb_get_err_text(result)));
  DEBUG(2,("Renewing ticket for user %s\n", srvtabinfo.user));
  return(krb_life_to_time(0, lifetime)/2 - 60);
} /* get_afs_ticket_from_srvtab */

pid_t get_renewed_ticket(void){
  pid_t child;

  DEBUG(2,("Getting ticket for user %s\n", srvtabinfo.user));
  if((child = fork()) == 0){
    /* Forking needed in order to use alarm */
    for(;;)
      sleep(get_afs_ticket_from_srvtab());
  } /* if */
  return child;
} /* get_renewed_ticket */

#endif /* RENEWABLE_AFS_TICKET */
generated by cgit (git 2.34.1) at 2024-06-08 08:40:05 +0000