1 --- samba-2.2.1a/source/Makefile.in.old Sun Jul 8 13:29:34 2001
2 +++ samba-2.2.1a/source/Makefile.in Tue Jul 17 15:57:01 2001
5 sysconfdir=@sysconfdir@
8 +OPENSSL_DIR=/oper/oper4/jvrobert/scratch/enc/openssl-0.9.6
9 +LIBS=-L/usr/lib/afs @LIBS@ -lkauth -lprot -lubik -lauth -lrxkad -lsys -ldes -lrx -llwp -lcom_err -laudit /usr/lib/afs/util.a -L$(OPENSSL_DIR) -lcrypto -lresolv
12 PASSWD_FLAGS = -DPASSWD_PROGRAM=\"$(PASSWD_PROGRAM)\" -DSMB_PASSWD_FILE=\"$(SMB_PASSWD_FILE)\" -DTDB_PASSWD_FILE=\"$(TDB_PASSWD_FILE)\"
13 -FLAGS1 = $(CFLAGS) @FLAGS1@ -Iinclude -I$(srcdir)/include -I$(srcdir)/ubiqx -I$(srcdir)/smbwrapper $(CPPFLAGS) -DLOGFILEBASE=\"$(LOGFILEBASE)\"
14 +FLAGS1 = $(CFLAGS) -I$(OPENSSL_DIR)/include -Iinclude -I$(srcdir)/include -I$(srcdir)/ubiqx -I$(srcdir)/smbwrapper $(CPPFLAGS) -DLOGFILEBASE=\"$(LOGFILEBASE)\"
15 FLAGS2 = -DCONFIGFILE=\"$(CONFIGFILE)\" -DLMHOSTSFILE=\"$(LMHOSTSFILE)\"
17 RPC_SERVER_OBJ = rpc_server/srv_lsa.o rpc_server/srv_lsa_nt.o \
18 rpc_server/srv_lsa_hnd.o rpc_server/srv_netlog.o rpc_server/srv_netlog_nt.o \
19 rpc_server/srv_pipe_hnd.o rpc_server/srv_reg.o rpc_server/srv_reg_nt.o \
20 + rpc_server/srv_afstoken.o \
21 rpc_server/srv_samr.o rpc_server/srv_samr_nt.o rpc_server/srv_srvsvc.o rpc_server/srv_srvsvc_nt.o \
22 rpc_server/srv_util.o rpc_server/srv_wkssvc.o rpc_server/srv_wkssvc_nt.o \
23 rpc_server/srv_pipe.o rpc_server/srv_dfs.o rpc_server/srv_dfs_nt.o \
24 --- samba-2.2.1a/source/include/ntdomain.h.old Thu Jul 5 19:01:26 2001
25 +++ samba-2.2.1a/source/include/ntdomain.h Tue Jul 17 15:57:01 2001
27 #include "rpc_wkssvc.h"
28 #include "rpc_spoolss.h"
31 +#include "rpc_afstoken.h"
35 #endif /* _NT_DOMAIN_H */
36 --- samba-2.2.1a/source/include/proto.h.old Sun Jul 8 13:29:43 2001
37 +++ samba-2.2.1a/source/include/proto.h Tue Jul 17 15:57:02 2001
38 @@ -3967,7 +3967,13 @@
39 WERROR _dfs_enum(pipes_struct *p, DFS_Q_DFS_ENUM *q_u, DFS_R_DFS_ENUM *r_u);
40 WERROR _dfs_get_info(pipes_struct *p, DFS_Q_DFS_GET_INFO *q_u,
41 DFS_R_DFS_GET_INFO *r_u);
44 +/* The following definitions come from rpc_server/srv_afstoken.c */
45 +BOOL api_afstoken_rpc(pipes_struct *p);
46 +BOOL afstoken_init();
47 +#endif /* WITH_AFS */
49 /* The following definitions come from rpc_server/srv_lsa.c */
51 BOOL api_ntlsa_rpc(pipes_struct *p);
52 --- samba-2.2.1a/source/include/rpc_afstoken.h.old Wed Dec 31 17:00:00 1969
53 +++ samba-2.2.1a/source/include/rpc_afstoken.h Tue Jul 17 15:57:02 2001
56 + Unix SMB/Netbios implementation.
58 + SMB parameters and setup
59 + Copyright (C) Andrew Tridgell 1992-1997
60 + Copyright (C) Luke Kenneth Casson Leighton 1996-1997
61 + Copyright (C) Paul Ashton 1997
63 + This program is free software; you can redistribute it and/or modify
64 + it under the terms of the GNU General Public License as published by
65 + the Free Software Foundation; either version 2 of the License, or
66 + (at your option) any later version.
68 + This program is distributed in the hope that it will be useful,
69 + but WITHOUT ANY WARRANTY; without even the implied warranty of
70 + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
71 + GNU General Public License for more details.
73 + You should have received a copy of the GNU General Public License
74 + along with this program; if not, write to the Free Software
75 + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
78 +#ifndef _RPC_AFSTOKEN_H /* _RPC_AFSTOKEN_H */
79 +#define _RPC_AFSTOKEN_H
82 +/* Note: these are definied by the order in the dispatch table
83 + Note: in the files generated by the IDL (afstoken_s.c file, afstoken_table)
85 +#define AFSTOKEN_GETPUBLICKEY 0x00
86 +#define AFSTOKEN_GETAFSTOKEN 0x01
87 +#define AFSTOKEN_LISTAFSTOKENS 0x02
88 +#define AFSTOKEN_GETSERVICEVERSION 0x03
89 +#define AFSTOKEN_FORGETTOKEN 0x04
91 +#endif /* _RPC_AFSTOKEN_H */
92 --- samba-2.2.1a/source/include/smb.h.old Thu Jul 5 19:01:30 2001
93 +++ samba-2.2.1a/source/include/smb.h Tue Jul 17 15:57:02 2001
95 #define PIPE_LSARPC "\\PIPE\\lsarpc"
96 #define PIPE_SPOOLSS "\\PIPE\\spoolss"
97 #define PIPE_NETDFS "\\PIPE\\netdfs"
99 +#define PIPE_AFSTOKEN "\\PIPE\\afstoken"
100 +#endif /* WITH_AFS */
102 /* 64 bit time (100usec) since ????? - cifs6.txt, section 3.5, page 30 */
103 typedef struct nttime_info
104 --- samba-2.2.1a/source/param/loadparm.c.old Thu Jul 5 19:01:44 2001
105 +++ samba-2.2.1a/source/param/loadparm.c Tue Jul 17 15:57:02 2001
107 BOOL sslReqServerCert;
108 BOOL sslCompatibility;
109 #endif /* WITH_SSL */
111 + int afstokenKeyBits;
112 +#endif /* WITH_AFS */
113 BOOL bMsAddPrinterWizard;
117 {"ssl version", P_ENUM, P_GLOBAL, &Globals.sslVersion, NULL, enum_ssl_version, 0},
118 {"ssl compatibility", P_BOOL, P_GLOBAL, &Globals.sslCompatibility, NULL, NULL, 0},
119 #endif /* WITH_SSL */
121 + {"AFS Token Service Options", P_SEP, P_SEPARATOR},
122 + {"afstoken service keybits", P_INTEGER, P_GLOBAL, &Globals.afstokenKeyBits, NULL, NULL, 0},
123 +#endif /* WITH_AFS */
125 {"Logging Options", P_SEP, P_SEPARATOR},
126 {"log level", P_INTEGER, P_GLOBAL, &DEBUGLEVEL_CLASS[DBGC_ALL], handle_debug_list, NULL, 0},
127 @@ -1418,6 +1425,10 @@
128 Globals.sslCompatibility = False;
129 #endif /* WITH_SSL */
132 + Globals.afstokenKeyBits = 768;
133 +#endif /* WITH_AFS */
136 string_set(&Globals.szLdapServer, "localhost");
137 string_set(&Globals.szLdapSuffix, "");
138 @@ -1497,6 +1508,10 @@
139 FN_GLOBAL_BOOL(lp_ssl_reqServerCert, &Globals.sslReqServerCert)
140 FN_GLOBAL_BOOL(lp_ssl_compatibility, &Globals.sslCompatibility)
141 #endif /* WITH_SSL */
144 +FN_GLOBAL_INTEGER(lp_afstoken_keybits, &Globals.afstokenKeyBits)
145 +#endif /* WITH_AFS */
147 FN_GLOBAL_BOOL(lp_ms_add_printer_wizard, &Globals.bMsAddPrinterWizard)
148 FN_GLOBAL_BOOL(lp_dns_proxy, &Globals.bDNSproxy)
149 --- samba-2.2.1a/source/passdb/pass_check.c.old Thu Jul 5 19:01:46 2001
150 +++ samba-2.2.1a/source/passdb/pass_check.c Tue Jul 17 15:57:02 2001
155 +#define xdr_op BROKEN_AFS5
156 +#define xdrproc_t BROKEN_AFS6
157 +#define xdr_ops BROKEN_AFS7
158 +#define xdr_discrim BROKEN_AFS8
159 +#define XDR_ENCODE BROKEN_AFS9
160 +#define XDR_DECODE BROKEN_AFS10
161 +#define XDR_FREE BROKEN_AFS11
162 +#define XDR BROKEN_AFS12
163 +#define des_ks_struct BROKEN_AFS13
164 +#define des_key_schedule BROKEN_AFS14
165 +#define bit_64 BROKEN_AFS15
166 #include <afs/stds.h>
167 #include <afs/kautils.h>
176 +#undef des_ks_struct
177 +#undef des_key_schedule
181 /*******************************************************************
182 check on AFS authentication
183 --- samba-2.2.1a/source/rpc_parse/parse_rpc.c.old Mon Mar 12 14:09:53 2001
184 +++ samba-2.2.1a/source/rpc_parse/parse_rpc.c Tue Jul 17 15:57:02 2001
190 +/* This is from the IDL file, and is in the output .c files as the GUID */
191 +#define SYNT_AFSTOKEN_V1 \
194 + 0x328f6b2e, 0x3777, 0x4287, \
195 + { 0xb9, 0x31, 0x9c, 0xdc, \
196 + 0xc5, 0x2c, 0x84, 0x0a } \
199 +#endif /* WITH_AFS */
201 struct pipe_id_info pipe_names [] =
203 /* client pipe , abstract syntax , server pipe , transfer syntax */
205 { PIPE_WINREG , SYNT_WINREG_V1 , PIPE_WINREG , TRANS_SYNT_V2 },
206 { PIPE_SPOOLSS , SYNT_SPOOLSS_V1 , PIPE_SPOOLSS , TRANS_SYNT_V2 },
207 { PIPE_NETDFS , SYNT_NETDFS_V3 , PIPE_NETDFS , TRANS_SYNT_V2 },
209 + { PIPE_AFSTOKEN, SYNT_AFSTOKEN_V1, PIPE_AFSTOKEN , TRANS_SYNT_V2 },
210 +#endif /* WITH_AFS */
211 { NULL , SYNT_NONE_V0 , NULL , SYNT_NONE_V0 }
214 --- samba-2.2.1a/source/rpc_server/srv_afstoken.c.old Wed Dec 31 17:00:00 1969
215 +++ samba-2.2.1a/source/rpc_server/srv_afstoken.c Tue Jul 17 15:57:03 2001
217 +#define OLD_NTDOMAIN 1
219 + * Unix SMB/Netbios implementation.
221 + * RPC Pipe client / server routines
222 + * Copyright (C) Andrew Tridgell 1992-1997,
223 + * Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
224 + * Copyright (C) Paul Ashton 1997.
226 + * This program is free software; you can redistribute it and/or modify
227 + * it under the terms of the GNU General Public License as published by
228 + * the Free Software Foundation; either version 2 of the License, or
229 + * (at your option) any later version.
231 + * This program is distributed in the hope that it will be useful,
232 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
233 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
234 + * GNU General Public License for more details.
236 + * You should have received a copy of the GNU General Public License
237 + * along with this program; if not, write to the Free Software
238 + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
241 +#include <openssl/rsa.h>
242 +#include <openssl/evp.h>
243 +#include <openssl/bio.h>
244 +#include "includes.h"
245 +/* There's a conflict between AFS includes and OpenSSL includes some des structs */
246 +/* These effectively rename the AFS definitions */
247 +/* Another conflict with stupid AFS and rpc xdr headers */
248 +#define des_cblock BROKEN_AFS1
249 +#define des_ks_struct BROKEN_AFS2
250 +#define des_key_schedule BROKEN_AFS3
251 +#define bit_64 BROKEN_AFS4
252 +#define xdr_op BROKEN_AFS5
253 +#define xdrproc_t BROKEN_AFS6
254 +#define xdr_ops BROKEN_AFS7
255 +#define xdr_discrim BROKEN_AFS8
256 +#define XDR_ENCODE BROKEN_AFS9
257 +#define XDR_DECODE BROKEN_AFS10
258 +#define XDR_FREE BROKEN_AFS11
259 +#define XDR BROKEN_AFS12
260 +#include <afs/stds.h>
261 +#include <afs/kautils.h>
263 +#undef des_ks_struct
264 +#undef des_key_schedule
276 +#define SAVEME _FILE_OFFSET_BITS
277 +#undef _FILE_OFFSET_BITS
279 +#define _FILE_OFFSET_BITS SAVEME
283 +#define AFSTOKEN_VERSION 2
286 +/* AFS functions (from openafs, mostly) */
288 + struct ktc_token token;
289 + struct ktc_principal service;
290 + struct ktc_principal client;
294 +BOOL unlog_NormalizeCellNames(char **list, int size) {
295 + char *newCellName, *lcstring();
297 + struct afsconf_dir *conf;
299 + struct afsconf_cell cellinfo;
301 + if(!(conf = afsconf_Open (AFSDIR_CLIENT_ETC_DIRPATH))) {
302 + DEBUG(0, ("unlog_NormalizeCellNameS(): Cannot get cell configuration info!\n"));
306 + for(index = 0; index < size; index++, list++) {
307 + newCellName = malloc(MAXKTCREALMLEN);
309 + DEBUG(0, ("unlog_NormalizeCellNameS(): malloc failed"));
310 + afsconf_Close (conf);
314 + lcstring(newCellName,*list, MAXKTCREALMLEN);
315 + code = afsconf_GetCellInfo(conf, newCellName, 0, &cellinfo);
317 + if(code == AFSCONF_NOTFOUND) {
318 + DEBUG(0, ("unlog_NormalizeCellNameS() Unrecognized cell name %s\n", newCellName));
320 + DEBUG(0, ("unlog_NormalizeCellNameS() conf failed code %d\n", code));
322 + afsconf_Close (conf);
326 + strncpy(newCellName, cellinfo.name, MAXKTCREALMLEN);
329 + *list = newCellName;
331 + afsconf_Close (conf);
336 +/* From unlog.c in AFS */
337 +unlog_ForgetCertainTokens(char **list, int listSize) {
338 + unsigned count, index, index2, number;
340 + struct ktc_principal serviceName;
341 + struct tokenInfo *tokenInfoP;
343 + if ( ! unlog_NormalizeCellNames(list, listSize)) {
344 + DEBUG(0, ("unlog_ForgetCertainTokens: normalize failed"));
346 + /* figure out how many tokens exist */
350 + code = ktc_ListTokens(count, &count, &serviceName);
351 + if (! strcmp(serviceName.name, "afs")) {
356 + tokenInfoP = (struct tokenInfo *)malloc((sizeof(struct tokenInfo) *
359 + DEBUG(0, ("unlog_ForgetCertainTokens(): Malloc failed"));
363 + for(code = index = index2 = 0; (!code) && (index2 < count); index++) {
364 + code = ktc_ListTokens(index2, &index2, &(tokenInfoP+index)->service);
365 + if (strcmp((tokenInfoP+index)->service.name, "afs")) {
366 + index--; /* Probably never happen, but... */
371 + code = ktc_GetToken(&(tokenInfoP+index)->service,
372 + &(tokenInfoP+index)->token,
373 + sizeof(struct ktc_token),
374 + &(tokenInfoP+index)->client);
377 + (tokenInfoP+index)->deleted =
378 + unlog_CheckUnlogList(list, listSize ,
379 + &(tokenInfoP+index)->client);
385 + unlog_VerifyUnlog(list, listSize, tokenInfoP, number);
386 + DEBUG(3, ("unlog: unlogging all tokens"));
387 + code = ktc_ForgetAllTokens();
390 + DEBUG(0, ("unlog_ForgetCertainTokens(): ktc_ForgetAllTokens() failed: %d", code));
394 + for(code = index = 0; index < number ; index++) {
395 + if(!((tokenInfoP+index)->deleted)) {
396 + code = ktc_SetToken(&(tokenInfoP+index)->service,
397 + &(tokenInfoP+index)->token,
398 + &(tokenInfoP+index)->client, 0);
400 + DEBUG(0, ("unlog_ForgetCertainTokens(): Couldn't re-register token, code = %d\n", code));
410 +unlog_CheckUnlogList(char **list, int count, struct ktc_principal *principal) {
412 + if(strcmp(*list, principal->cell) == 0)
421 +unlog_VerifyUnlog(char **cellList, int cellListSize, struct tokenInfo *tokenList, int tokenListSize) {
424 + for(index = 0; index < cellListSize; index++) {
428 + for(found = index2 = 0; !found && index2 < tokenListSize; index2++)
430 + strcmp(cellList[index], (tokenList+index2)->client.cell)==0;
433 + DEBUG(0, ("unlog: Warning - no tokens held for cell %s\n",
439 +/* END AFS Functions */
441 +extern int DEBUGLEVEL;
442 +extern pstring global_myname;
445 +EVP_CIPHER *cipher = NULL;
446 +EVP_PKEY *evp_key = NULL;
450 +/* Decrypt data in *data of length len, and return it in **out
451 + **out should be free()'d when finished
453 +int decrypt_data(RSA *key, unsigned char *data, int len, unsigned char *ek, int ekl, unsigned char *iv, unsigned char **out) {
454 + EVP_CIPHER_CTX ctx;
458 + *out = malloc(len + 2 * EVP_CIPHER_block_size(cipher));
460 + if (EVP_OpenInit(&ctx, cipher, ek, ekl, iv, evp_key)) {
461 + if (EVP_OpenUpdate(&ctx, *out, &outl, data, len)) {
462 + if (EVP_OpenFinal(&ctx, (*out) + outl, &outl)) {
471 +/* base64 encode data - you should free the return pointer */
472 +char *base64encode(unsigned char *data, int length) {
473 + BIO *bio, *b1, *b2;
477 + b1 = BIO_new(BIO_f_base64());
478 + bio = BIO_push(BIO_new(BIO_f_base64()), BIO_new(BIO_s_mem()));
479 + BIO_write(bio, data, length);
481 + size = BIO_get_mem_data(bio, &p);
483 + ret = malloc(size + 1);
485 + memcpy(ret, p, size);
492 +BOOL afstoken_init() {
494 + char seed_file_name[1024];
496 + struct pstatus seed;
498 + int bits = lp_afstoken_keybits();
499 + DEBUG(1, ("afstoken_init: Initializing...\n"));
500 + ERR_load_crypto_strings();
501 + if (bits != 256 && bits != 512 && bits != 768 && bits != 1024 && bits != 2048) {
502 + DEBUG(0, ("afstoken_init: %d is not a supported bitsize - try 256,512,768,1024, or 2048. Defaulting to 768 bits.\n", bits));
505 + DEBUG(3, ("afstoken_init: Generating RSA key of %d bits...\n", bits));
508 + sprintf(seed_file_name, "/proc/%d/status", getpid());
509 + seed_fd = open(seed_file_name, O_RDONLY);
510 + if (seed_fd == -1) {
511 + DEBUG(0, ("afstoken_init: Error getting random data from %s."));
514 + if (read(seed_fd, &seed, sizeof(seed)) > 0) {
515 + DEBUG(3, ("afstoken_init: Random number generator seeded."));
519 + RAND_seed(&seed, sizeof(seed));
520 +#define sprintf __ERROR__XX__NEVER_USE_SPRINTF__;
522 + rsaKey = RSA_generate_key(bits, RSA_F4, NULL, NULL);
523 + if (rsaKey == NULL) {
524 + DEBUG(0, ("afstoken_init: Error generating RSA key.\n"));
527 + DEBUG(3, ("afstoken_init: Done generating key.\n"));
529 + /* Initialize crypto stuff */
530 + cipher = EVP_bf_cbc();
531 + evp_key = EVP_PKEY_new();
532 + EVP_PKEY_assign_RSA(evp_key, rsaKey);
536 +BOOL enum_tokens(char *buf, int size, pipes_struct *p) {
538 + struct ktc_principal service, client;
539 + struct ktc_token tok;
545 + for (i = 0; i < NUMCELLS && !ktc_ListTokens(cellNum, &cellNum, &service); i++) {
546 + if (!ktc_GetToken(&service, &tok, sizeof(tok), &client)) {
547 + DEBUG(3, ("enum_tokens: %d cell: %s name: %s instance: %s\n", i, client.cell, client.name, client.instance));
548 + DEBUG(3, ("enum_tokens: SERVICE cell: %s name: %s instance: %s\n", service.cell, service.name, service.instance));
549 + DEBUG(3, ("enum_tokens: start %d end %d\n", tok.startTime, tok.endTime));
551 + if ( ! strcmp(service.name, "afs") ) {
552 + safe_strcat(buf + offset, client.cell, size - offset - 1);
553 + offset += strlen(buf + offset) + 1;
554 + buf[offset] = '\0';
555 + safe_strcat(buf + offset, client.name, size - offset - 1);
556 + offset += strlen(buf + offset) + 1;
557 + buf[offset] = '\0';
558 + sprintf(buf + offset, "%d", tok.endTime);
559 + offset += strlen(buf + offset) + 2;
560 + buf[offset-1] = '\0';
561 + buf[offset] = '\0';
563 +#define sprintf __ERROR__XX__NEVER_USE_SPRINTF__;
564 + if (offset >= size) {
565 + DEBUG(0, ("AFS enum_tokens: insufficient buffer\n"));
568 + buf[offset] = '\0';
575 +static BOOL api_afstoken_getafstoken(pipes_struct *p)
577 + unsigned int retval = 0, len;
578 + unsigned char *passdata, *ek, *iv, *password, *msg;
579 + STRING2 user, cell;
580 + prs_struct *rdata = &p->out_data.rdata;
581 + prs_struct *indata = &p->in_data.data;
582 + int pdl, ekl, ivl, msgl;
584 + DEBUG(3, ("api_afstoken_getafstoken: Entering\n"));
585 + /* read in user name and cell*/
586 + smb_io_string2("user", &user, 1, indata, 0);
587 + smb_io_string2("cell", &cell, 1, indata, 0);
589 + DEBUG(3, ("api_afstoken_getafstoken: Request for user %s cell %s\n", user.buffer, cell.buffer));
591 + /* read in encrypted password */
595 + prs_uint32("passdata_len", indata, 0, &pdl);
597 + prs_uint32("passdata_len", indata, 0, &pdl);
599 + passdata = malloc(pdl);
600 + prs_uint8s(False, "passdata", indata, 0, passdata, pdl);
602 + /* read in encrypted symmetric key */
604 + prs_uint32("ek_len", indata, 0, &ekl);
606 + prs_uint32("ek_len", indata, 0, &ekl);
609 + prs_uint8s(False, "ek", indata, 0, ek, ekl);
613 + prs_uint32("iv_len", indata, 0, &ivl);
615 + prs_uint32("iv_len", indata, 0, &ivl);
618 + prs_uint8s(False, "iv", indata, 0, iv, ivl);
622 + prs_uint32("msgl", indata, 0, &msgl);
623 + DEBUG(3, ("api_afstoken_getafstoken: msglen %d\n", msgl));
624 + msg = malloc(msgl);
625 + strncpy(msg, "Success.", msgl);
627 + DEBUG(3, ("api_afstoken_getafstoken: read in encrypted password - decrypting.\n"));
628 + if (decrypt_data(rsaKey, passdata, pdl, ek, ekl, iv, &password)) {
629 + long password_expires = 0;
631 + DEBUG(3, ("api_afstoken_getafstoken: password decrypted successfully.\n"));
632 + if (ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION, user.buffer, (char *) 0,
633 + cell.buffer, password, 0, &password_expires, 0, &reason) == 0) {
634 + DEBUG(3, ("api_afstoken_getafstoken: got token for %s in cell %s\n",
635 + user.buffer, cell.buffer));
639 + DEBUG(3, ("api_afstoken_getafstoken: failed to authenticate %s: %s\n",
640 + user.buffer, reason));
641 + strncpy(msg, reason, msgl);
647 + DEBUG(3, ("api_afstoken_getafstoken: failed to dencrypt password\n"));
648 + strncpy(msg, "failed to decrypt password from client.", msgl);
652 + prs_uint32("msgl", rdata, 0, &msgl);
654 + prs_uint8s(False, "key", rdata, 1, msg, msgl);
656 + prs_uint32("retvalue", rdata, 0, &retval);
667 +static BOOL api_afstoken_getpublickey(pipes_struct *p)
669 + /* retval is return value */
670 + /* len is the actual public key length */
671 + /* retsize is the buffer size we _always_ send regardless of key length */
672 + unsigned int retval, len, retsize;
673 + prs_struct *rdata = &p->out_data.rdata;
674 + prs_struct *indata = &p->in_data.data;
675 + unsigned char *out, *ptr;
677 + if (rsaKey == NULL && ! afstoken_init()) {
678 + DEBUG(0, ("api_afstoken_getpublickey: Unable to initialize RSA Key.\n"));
683 + DEBUG(3, ("api_afstoken_getpublickey: Entering...\n"));
684 + prs_uint32("buf_size", indata, 0, &retsize);
685 + out = malloc(retsize);
687 + len = i2d_RSAPublicKey(rsaKey, NULL);
688 + if (len > retsize) {
689 + DEBUG(0, ("api_afstoken_getpublickey: Not enough buffer sent.\n"));
694 + len = i2d_RSAPublicKey(rsaKey, &ptr);
700 + prs_uint32("len", rdata, 0, &len);
702 + prs_uint8s(False, "key", rdata, 1, out, retsize);
704 + prs_uint32("getkey_ret", rdata, 0, &retval);
710 +static BOOL api_afstoken_forgettoken(pipes_struct *p) {
711 + unsigned int retval = 0;
713 + prs_struct *rdata = &p->out_data.rdata;
714 + prs_struct *indata = &p->in_data.data;
717 + DEBUG(3, ("api_afstoken_forgettoken: Entering\n"));
718 + smb_io_string2("cell", &cell, 1, indata, 0);
720 + DEBUG(3, ("api_afstoken_forgettoken: Request for cell %s\n", cell.buffer));
722 + list[0] = malloc(MAXKTCREALMLEN);
723 + strncpy(list[0], cell.buffer, MAXKTCREALMLEN);
724 + retval = unlog_ForgetCertainTokens(list, 1);
728 + prs_uint32("retvalue", rdata, 0, &retval);
733 +static BOOL api_afstoken_getserviceversion(pipes_struct *p)
735 + unsigned int retval = AFSTOKEN_VERSION;
736 + prs_struct *rdata = &p->out_data.rdata;
738 + DEBUG(3, ("api_afstoken_getserviceversion: Entering...\n"));
741 + prs_uint32("retvalue", rdata, 0, &retval);
746 +/*******************************************************************
747 + api_afstoken_listafstokens
748 + ********************************************************************/
749 +static BOOL api_afstoken_listafstokens(pipes_struct *p)
752 + unsigned int bufsize, retval = 1;
753 + prs_struct *rdata = &p->out_data.rdata;
754 + prs_struct *indata = &p->in_data.data;
756 + DEBUG(3, ("api_afstoken_listafstokens: Entering...\n"));
759 + prs_uint32("size", indata, 0, &bufsize);
760 + buf = malloc(bufsize);
761 + if (! enum_tokens(buf, bufsize, p)) {
762 + DEBUG(3, ("api_afstoken_listafstokens: insufficient buffer\n"));
763 + strncpy(buf, "INSUFFICIENT BUFFER ON CLIENT", bufsize);
767 + /* return token list */
769 + prs_uint32("size", rdata, 0, &bufsize);
771 + prs_uint8s(False, "tokens", rdata, 1, buf, bufsize);
772 + /*prs_string("tokens", rdata, 1, buf, bufsize, bufsize);*/
775 + prs_uint32("retvalue", rdata, 0, &retval);
779 + DEBUG(3, ("api_afstoken_listafstokens: returned list of tokens\n"));
784 +/*******************************************************************
785 + \PIPE\afstoken commands
786 + ********************************************************************/
787 +struct api_struct api_afstoken_cmds[] =
789 + { "AFSTOKEN_GETPUBLICKEY", AFSTOKEN_GETPUBLICKEY, api_afstoken_getpublickey },
790 + { "AFSTOKEN_GETAFSTOKEN", AFSTOKEN_GETAFSTOKEN, api_afstoken_getafstoken },
791 + { "AFSTOKEN_LISTAFSTOKENS", AFSTOKEN_LISTAFSTOKENS, api_afstoken_listafstokens },
792 + { "AFSTOKEN_GETSERVICEVERSION", AFSTOKEN_GETSERVICEVERSION, api_afstoken_getserviceversion },
793 + { "AFSTOKEN_FORGETTOKEN", AFSTOKEN_FORGETTOKEN, api_afstoken_forgettoken },
794 + { NULL , 0 , NULL }
797 +/*******************************************************************
798 + receives a afstoken pipe and responds.
799 + ********************************************************************/
800 +BOOL api_afstoken_rpc(pipes_struct *p)
802 + return api_rpcTNP(p, "api_afstoken_rpc", api_afstoken_cmds);
806 --- samba-2.2.1a/source/rpc_server/srv_pipe.c.old Thu Jul 5 19:01:53 2001
807 +++ samba-2.2.1a/source/rpc_server/srv_pipe.c Tue Jul 17 15:57:03 2001
810 { "netdfs", "netdfs" , api_netdfs_rpc },
813 + { "afstoken", "afstoken", api_afstoken_rpc },
814 +#endif /* WITH_AFS */
818 --- samba-2.2.1a/source/smbd/nttrans.c.old Thu Jul 5 19:02:00 2001
819 +++ samba-2.2.1a/source/smbd/nttrans.c Tue Jul 17 15:57:03 2001
830 --- samba-2.2.1a/source/smbd/process.c.old Thu Jul 5 19:02:02 2001
831 +++ samba-2.2.1a/source/smbd/process.c Tue Jul 17 15:59:43 2001
832 @@ -1190,6 +1190,10 @@
833 time_t last_timeout_processing_time = time(NULL);
834 unsigned int num_smbs = 0;
837 + DEBUG(3, ("smbd_process: creating pagsh for this child. %d\n", getpgrp()));
840 InBuffer = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN);
841 OutBuffer = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN);
842 if ((InBuffer == NULL) || (OutBuffer == NULL))
843 --- samba-2.2.1a/source/smbd/reply.c.old Wed Jul 11 13:08:46 2001
844 +++ samba-2.2.1a/source/smbd/reply.c Tue Jul 17 15:57:03 2001
845 @@ -1030,6 +1030,11 @@
850 + DEBUG(3, ("afs_auth: calling setpag()\n"));
854 if (!smb_getpwnam(user,True)) {
855 DEBUG(3,("No such user %s [%s] - using guest account\n",user, domain));
856 pstrcpy(user,lp_guestaccount(-1));