summaryrefslogtreecommitdiffstats
path: root/source/smbd/afsticket.c
blob: bb86d21014bd6d4214153a05d370862217cf4485 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

/* These routines are used for geting an AFS tocken from a local
   srvtab on file. Yes, user accounts with local srvtabs will be
   hacked in a root breakin, destoying the wounderfull AFS security,
   but it is a quick and dirty solution that works for a fairly secure
   Samba server machine. /Johan Hedin (johanh@fusion.kth.se)
   
   Based on kauth.c from krb-0.10.1 by
   Kungliga Tekniska Högskolan
   (Royal Institute of Technology, Stockholm, Sweden).
   */

#include "includes.h"

#ifdef RENEWABLE_AFS_TICKET

struct Srvtabinfo srvtabinfo;
int lifetime = DEFAULT_TKT_LIFE;

/* what user is current? */
extern struct current_user current_user;

extern int DEBUGLEVEL;

int get_afs_ticket_from_srvtab(void)
{
	BOOL isroot = current_user.uid == 0;
	int result;
	char srvtab[sizeof(pstring)] = "";
	char realm[REALM_SZ];

	if (!isroot)
	{
		unbecome_user();
	}			/* if */

	become_uid(srvtabinfo.uid);
	/* krb_set_tkt_string(tkfile); */

	pstrcat(srvtab, "/var/srvtabs/");
	pstrcat(srvtab, srvtabinfo.user);
	if (krb_get_lrealm(realm, 1) != KSUCCESS)
		(void)strncpy(realm, KRB_REALM, REALM_SZ - 1);
	result = krb_get_svc_in_tkt(srvtabinfo.user, "", realm,
				    KRB_TICKET_GRANTING_TICKET,
				    realm, lifetime, srvtab);

	if (isroot)
	{
		unbecome_user();
	}			/* if */
	if (result != KSUCCESS)
		DEBUG(1, ("Using file %s, error: %s\n",
			  srvtab, krb_get_err_text(result)));
	else
		if ((result = krb_afslog(NULL, NULL)) != KSUCCESS &&
		    result != KDC_PR_UNKNOWN)
		DEBUG(1, ("AFS ticket error: %s\n",
			  krb_get_err_text(result)));
	DEBUG(2, ("Renewing ticket for user %s\n", srvtabinfo.user));
	return (krb_life_to_time(0, lifetime) / 2 - 60);
}				/* get_afs_ticket_from_srvtab */

pid_t get_renewed_ticket(void)
{
	pid_t child;

	DEBUG(2, ("Getting ticket for user %s\n", srvtabinfo.user));
	if ((child = fork()) == 0)
	{
		/* Forking needed in order to use alarm */
		for (;;)
			sleep(get_afs_ticket_from_srvtab());
	}			/* if */
	return child;
}				/* get_renewed_ticket */

#endif /* RENEWABLE_AFS_TICKET */
generated by cgit (git 2.34.1) at 2024-06-08 10:57:21 +0000