| blob | 882442a79f1ac114692351d2868fa0c0fa851e0e |
1 /*
2 * Unix SMB/CIFS implementation.
3 * Generate AFS tickets
4 * Copyright (C) Volker Lendecke 2003
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19 */
23 #ifdef WITH_FAKE_KASERVER
25 #include <afs/stds.h>
26 #include <afs/afs.h>
27 #include <afs/auth.h>
28 #include <afs/venus.h>
29 #include <asm/unistd.h>
30 #include <openssl/des.h>
39 uint32 AuthHandle;
41 uint32 ViceId;
42 uint32 BeginTimestamp;
43 uint32 EndTimestamp;
44 };
46 /*
47 Put an AFS token into the Kernel so that it can authenticate against
48 the AFS server. This assumes correct local uid settings.
50 This is currently highly Linux and OpenAFS-specific. The correct API
51 call for this would be ktc_SetToken. But to do that we would have to
52 import a REALLY big bunch of libraries which I would currently like
53 to avoid.
54 */
59 {
90 }
102 #if 0
104 #endif
110 }
112 /*
113 This routine takes a radical approach completely defeating the
114 Kerberos idea of security and using AFS simply as an intelligent
115 file backend. Samba has persuaded itself somehow that the user is
116 actually correctly identified and then we create a ticket that the
117 AFS server hopefully accepts using its KeyFile that the admin has
118 kindly stored to our secrets.tdb.
120 Thanks to the book "Network Security -- PRIVATE Communication in a
121 PUBLIC World" by Charlie Kaufman, Radia Perlman and Mike Speciner
122 Kerberos 4 tickets are not really hard to construct.
124 For the comments "Alice" is the User to be auth'ed, and "Bob" is the
125 AFS server. */
128 {
129 fstring ticket;
131 uint32 len;
133 pstring afs_username;
140 des_key_schedule key_schedule;
151 }
166 }
170 /* Build the ticket. This is going to be encrypted, so in our
171 way we fill in ct while we still have the unencrypted
172 form. */
176 /* The byte-order */
180 /* "Alice", the client username */
188 /* As long as we still only use the effective UID we need to set the
189 * token for it here as well. This involves patching AFS in two
190 * places. Once we start using the real uid where we have the
191 * setresuid function, we can use getuid() here which would be more
192 * correct. */
197 /* Alice's network layer address. At least Openafs-1.2.10
198 ignores this, so we fill in a dummy value here. */
202 /* We need to create a session key */
205 /* Our client code needs the the key in the clear, it does not
206 know the server-key ... */
211 /* Ticket lifetime. We fake everything here, so go as long as
212 possible. This is in 5-minute intervals, so 255 is 21 hours
213 and 15 minutes.*/
217 /* Ticket creation time */
225 }
228 /* And here comes Bob's name and instance, in this case the
229 AFS server. */
235 /* And zero-pad to a multiple of 8 bytes */
241 }
251 }
253 #else
256 {
258 }