1 | /*
|
---|
2 | * Unix SMB/CIFS implementation.
|
---|
3 | * Generate AFS tickets
|
---|
4 | * Copyright (C) Volker Lendecke 2004
|
---|
5 | *
|
---|
6 | * This program is free software; you can redistribute it and/or modify
|
---|
7 | * it under the terms of the GNU General Public License as published by
|
---|
8 | * the Free Software Foundation; either version 3 of the License, or
|
---|
9 | * (at your option) any later version.
|
---|
10 | *
|
---|
11 | * This program is distributed in the hope that it will be useful,
|
---|
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
---|
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
---|
14 | * GNU General Public License for more details.
|
---|
15 | *
|
---|
16 | * You should have received a copy of the GNU General Public License
|
---|
17 | * along with this program; if not, see <http://www.gnu.org/licenses/>.
|
---|
18 | */
|
---|
19 |
|
---|
20 | #include "includes.h"
|
---|
21 |
|
---|
22 | #ifdef WITH_FAKE_KASERVER
|
---|
23 |
|
---|
24 | #define NO_ASN1_TYPEDEFS 1
|
---|
25 |
|
---|
26 | #include <afs/param.h>
|
---|
27 | #include <afs/stds.h>
|
---|
28 | #include <afs/afs.h>
|
---|
29 | #include <afs/auth.h>
|
---|
30 | #include <afs/venus.h>
|
---|
31 | #include <asm/unistd.h>
|
---|
32 | #include <openssl/des.h>
|
---|
33 | #include <sys/syscall.h>
|
---|
34 |
|
---|
35 | int afs_syscall( int subcall,
|
---|
36 | char * path,
|
---|
37 | int cmd,
|
---|
38 | char * cmarg,
|
---|
39 | int follow)
|
---|
40 | {
|
---|
41 | /*
|
---|
42 | return( syscall( SYS_afs_syscall, subcall, path, cmd, cmarg, follow));
|
---|
43 | */
|
---|
44 | int errcode;
|
---|
45 | struct afsprocdata afs_syscall_data;
|
---|
46 | afs_syscall_data.syscall = subcall;
|
---|
47 | afs_syscall_data.param1 = (long)path;
|
---|
48 | afs_syscall_data.param2 = cmd;
|
---|
49 | afs_syscall_data.param3 = (long)cmarg;
|
---|
50 | afs_syscall_data.param4 = follow;
|
---|
51 | int proc_afs_file = open(PROC_SYSCALL_FNAME, O_RDWR);
|
---|
52 | if (proc_afs_file < 0)
|
---|
53 | proc_afs_file = open(PROC_SYSCALL_ARLA_FNAME, O_RDWR);
|
---|
54 | if (proc_afs_file < 0)
|
---|
55 | return -1;
|
---|
56 | errcode = ioctl(proc_afs_file, VIOC_SYSCALL, &afs_syscall_data);
|
---|
57 | close(proc_afs_file);
|
---|
58 | return errcode;
|
---|
59 | }
|
---|
60 |
|
---|
61 | struct ClearToken {
|
---|
62 | uint32 AuthHandle;
|
---|
63 | char HandShakeKey[8];
|
---|
64 | uint32 ViceId;
|
---|
65 | uint32 BeginTimestamp;
|
---|
66 | uint32 EndTimestamp;
|
---|
67 | };
|
---|
68 |
|
---|
69 | static bool afs_decode_token(const char *string, char **cell,
|
---|
70 | DATA_BLOB *ticket, struct ClearToken *ct)
|
---|
71 | {
|
---|
72 | DATA_BLOB blob;
|
---|
73 | struct ClearToken result_ct;
|
---|
74 | char *saveptr;
|
---|
75 |
|
---|
76 | char *s = SMB_STRDUP(string);
|
---|
77 |
|
---|
78 | char *t;
|
---|
79 |
|
---|
80 | if ((t = strtok_r(s, "\n", &saveptr)) == NULL) {
|
---|
81 | DEBUG(10, ("strtok_r failed\n"));
|
---|
82 | return False;
|
---|
83 | }
|
---|
84 |
|
---|
85 | *cell = SMB_STRDUP(t);
|
---|
86 |
|
---|
87 | if ((t = strtok_r(NULL, "\n", &saveptr)) == NULL) {
|
---|
88 | DEBUG(10, ("strtok_r failed\n"));
|
---|
89 | return False;
|
---|
90 | }
|
---|
91 |
|
---|
92 | if (sscanf(t, "%u", &result_ct.AuthHandle) != 1) {
|
---|
93 | DEBUG(10, ("sscanf AuthHandle failed\n"));
|
---|
94 | return False;
|
---|
95 | }
|
---|
96 |
|
---|
97 | if ((t = strtok_r(NULL, "\n", &saveptr)) == NULL) {
|
---|
98 | DEBUG(10, ("strtok_r failed\n"));
|
---|
99 | return False;
|
---|
100 | }
|
---|
101 |
|
---|
102 | blob = base64_decode_data_blob(t);
|
---|
103 |
|
---|
104 | if ( (blob.data == NULL) ||
|
---|
105 | (blob.length != sizeof(result_ct.HandShakeKey) )) {
|
---|
106 | DEBUG(10, ("invalid key: %x/%d\n", (uint32)blob.data,
|
---|
107 | blob.length));
|
---|
108 | return False;
|
---|
109 | }
|
---|
110 |
|
---|
111 | memcpy(result_ct.HandShakeKey, blob.data, blob.length);
|
---|
112 |
|
---|
113 | data_blob_free(&blob);
|
---|
114 |
|
---|
115 | if ((t = strtok_r(NULL, "\n", &saveptr)) == NULL) {
|
---|
116 | DEBUG(10, ("strtok_r failed\n"));
|
---|
117 | return False;
|
---|
118 | }
|
---|
119 |
|
---|
120 | if (sscanf(t, "%u", &result_ct.ViceId) != 1) {
|
---|
121 | DEBUG(10, ("sscanf ViceId failed\n"));
|
---|
122 | return False;
|
---|
123 | }
|
---|
124 |
|
---|
125 | if ((t = strtok_r(NULL, "\n", &saveptr)) == NULL) {
|
---|
126 | DEBUG(10, ("strtok_r failed\n"));
|
---|
127 | return False;
|
---|
128 | }
|
---|
129 |
|
---|
130 | if (sscanf(t, "%u", &result_ct.BeginTimestamp) != 1) {
|
---|
131 | DEBUG(10, ("sscanf BeginTimestamp failed\n"));
|
---|
132 | return False;
|
---|
133 | }
|
---|
134 |
|
---|
135 | if ((t = strtok_r(NULL, "\n", &saveptr)) == NULL) {
|
---|
136 | DEBUG(10, ("strtok_r failed\n"));
|
---|
137 | return False;
|
---|
138 | }
|
---|
139 |
|
---|
140 | if (sscanf(t, "%u", &result_ct.EndTimestamp) != 1) {
|
---|
141 | DEBUG(10, ("sscanf EndTimestamp failed\n"));
|
---|
142 | return False;
|
---|
143 | }
|
---|
144 |
|
---|
145 | if ((t = strtok_r(NULL, "\n", &saveptr)) == NULL) {
|
---|
146 | DEBUG(10, ("strtok_r failed\n"));
|
---|
147 | return False;
|
---|
148 | }
|
---|
149 |
|
---|
150 | blob = base64_decode_data_blob(t);
|
---|
151 |
|
---|
152 | if (blob.data == NULL) {
|
---|
153 | DEBUG(10, ("Could not get ticket\n"));
|
---|
154 | return False;
|
---|
155 | }
|
---|
156 |
|
---|
157 | *ticket = blob;
|
---|
158 | *ct = result_ct;
|
---|
159 |
|
---|
160 | return True;
|
---|
161 | }
|
---|
162 |
|
---|
163 | /*
|
---|
164 | Put an AFS token into the Kernel so that it can authenticate against
|
---|
165 | the AFS server. This assumes correct local uid settings.
|
---|
166 |
|
---|
167 | This is currently highly Linux and OpenAFS-specific. The correct API
|
---|
168 | call for this would be ktc_SetToken. But to do that we would have to
|
---|
169 | import a REALLY big bunch of libraries which I would currently like
|
---|
170 | to avoid.
|
---|
171 | */
|
---|
172 |
|
---|
173 | static bool afs_settoken(const char *cell,
|
---|
174 | const struct ClearToken *ctok,
|
---|
175 | DATA_BLOB ticket)
|
---|
176 | {
|
---|
177 | int ret;
|
---|
178 | struct {
|
---|
179 | char *in, *out;
|
---|
180 | uint16 in_size, out_size;
|
---|
181 | } iob;
|
---|
182 |
|
---|
183 | char buf[1024];
|
---|
184 | char *p = buf;
|
---|
185 | int tmp;
|
---|
186 |
|
---|
187 | memcpy(p, &ticket.length, sizeof(uint32));
|
---|
188 | p += sizeof(uint32);
|
---|
189 | memcpy(p, ticket.data, ticket.length);
|
---|
190 | p += ticket.length;
|
---|
191 |
|
---|
192 | tmp = sizeof(struct ClearToken);
|
---|
193 | memcpy(p, &tmp, sizeof(uint32));
|
---|
194 | p += sizeof(uint32);
|
---|
195 | memcpy(p, ctok, tmp);
|
---|
196 | p += tmp;
|
---|
197 |
|
---|
198 | tmp = 0;
|
---|
199 |
|
---|
200 | memcpy(p, &tmp, sizeof(uint32));
|
---|
201 | p += sizeof(uint32);
|
---|
202 |
|
---|
203 | tmp = strlen(cell);
|
---|
204 | if (tmp >= MAXKTCREALMLEN) {
|
---|
205 | DEBUG(1, ("Realm too long\n"));
|
---|
206 | return False;
|
---|
207 | }
|
---|
208 |
|
---|
209 | strncpy(p, cell, tmp);
|
---|
210 | p += tmp;
|
---|
211 | *p = 0;
|
---|
212 | p +=1;
|
---|
213 |
|
---|
214 | iob.in = buf;
|
---|
215 | iob.in_size = PTR_DIFF(p,buf);
|
---|
216 | iob.out = buf;
|
---|
217 | iob.out_size = sizeof(buf);
|
---|
218 |
|
---|
219 | #if 0
|
---|
220 | file_save("/tmp/ioctlbuf", iob.in, iob.in_size);
|
---|
221 | #endif
|
---|
222 |
|
---|
223 | ret = afs_syscall(AFSCALL_PIOCTL, 0, VIOCSETTOK, (char *)&iob, 0);
|
---|
224 |
|
---|
225 | DEBUG(10, ("afs VIOCSETTOK returned %d\n", ret));
|
---|
226 | return (ret == 0);
|
---|
227 | }
|
---|
228 |
|
---|
229 | bool afs_settoken_str(const char *token_string)
|
---|
230 | {
|
---|
231 | DATA_BLOB ticket;
|
---|
232 | struct ClearToken ct;
|
---|
233 | bool result;
|
---|
234 | char *cell;
|
---|
235 |
|
---|
236 | if (!afs_decode_token(token_string, &cell, &ticket, &ct))
|
---|
237 | return False;
|
---|
238 |
|
---|
239 | if (geteuid() != 0)
|
---|
240 | ct.ViceId = getuid();
|
---|
241 |
|
---|
242 | result = afs_settoken(cell, &ct, ticket);
|
---|
243 |
|
---|
244 | SAFE_FREE(cell);
|
---|
245 | data_blob_free(&ticket);
|
---|
246 |
|
---|
247 | return result;
|
---|
248 | }
|
---|
249 |
|
---|
250 | #else
|
---|
251 |
|
---|
252 | bool afs_settoken_str(const char *token_string)
|
---|
253 | {
|
---|
254 | return False;
|
---|
255 | }
|
---|
256 |
|
---|
257 | #endif
|
---|