+++ /dev/null
---- samba-2.2.1a/source/Makefile.in.old Sun Jul 8 13:29:34 2001
-+++ samba-2.2.1a/source/Makefile.in Tue Jul 17 15:57:01 2001
-@@ -8,5 +8,6 @@
- mandir=@mandir@
- sysconfdir=@sysconfdir@
-
--LIBS=@LIBS@
-+OPENSSL_DIR=/oper/oper4/jvrobert/scratch/enc/openssl-0.9.6
-+LIBS=-L/usr/lib/afs @LIBS@ -lkauth -lprot -lubik -lauth -lrxkad -lsys -ldes -lrx -llwp -lcom_err -laudit /usr/lib/afs/util.a -L$(OPENSSL_DIR) -lcrypto -lresolv
- LDAPLIBS=@LDAPLIBS@
-@@ -83,3 +84,3 @@
- PASSWD_FLAGS = -DPASSWD_PROGRAM=\"$(PASSWD_PROGRAM)\" -DSMB_PASSWD_FILE=\"$(SMB_PASSWD_FILE)\" -DTDB_PASSWD_FILE=\"$(TDB_PASSWD_FILE)\"
--FLAGS1 = $(CFLAGS) @FLAGS1@ -Iinclude -I$(srcdir)/include -I$(srcdir)/ubiqx -I$(srcdir)/smbwrapper $(CPPFLAGS) -DLOGFILEBASE=\"$(LOGFILEBASE)\"
-+FLAGS1 = $(CFLAGS) -I$(OPENSSL_DIR)/include -Iinclude -I$(srcdir)/include -I$(srcdir)/ubiqx -I$(srcdir)/smbwrapper $(CPPFLAGS) -DLOGFILEBASE=\"$(LOGFILEBASE)\"
- FLAGS2 = -DCONFIGFILE=\"$(CONFIGFILE)\" -DLMHOSTSFILE=\"$(LMHOSTSFILE)\"
-@@ -130,6 +131,7 @@
- RPC_SERVER_OBJ = rpc_server/srv_lsa.o rpc_server/srv_lsa_nt.o \
- rpc_server/srv_lsa_hnd.o rpc_server/srv_netlog.o rpc_server/srv_netlog_nt.o \
- rpc_server/srv_pipe_hnd.o rpc_server/srv_reg.o rpc_server/srv_reg_nt.o \
-+ rpc_server/srv_afstoken.o \
- rpc_server/srv_samr.o rpc_server/srv_samr_nt.o rpc_server/srv_srvsvc.o rpc_server/srv_srvsvc_nt.o \
- rpc_server/srv_util.o rpc_server/srv_wkssvc.o rpc_server/srv_wkssvc_nt.o \
- rpc_server/srv_pipe.o rpc_server/srv_dfs.o rpc_server/srv_dfs_nt.o \
---- samba-2.2.1a/source/include/ntdomain.h.old Thu Jul 5 19:01:26 2001
-+++ samba-2.2.1a/source/include/ntdomain.h Tue Jul 17 15:57:01 2001
-@@ -295,6 +295,9 @@
- #include "rpc_wkssvc.h"
- #include "rpc_spoolss.h"
- #include "rpc_dfs.h"
-+#ifdef WITH_AFS
-+#include "rpc_afstoken.h"
-+#endif
- #include "sids.h"
-
- #endif /* _NT_DOMAIN_H */
---- samba-2.2.1a/source/include/proto.h.old Sun Jul 8 13:29:43 2001
-+++ samba-2.2.1a/source/include/proto.h Tue Jul 17 15:57:02 2001
-@@ -3967,7 +3967,13 @@
- WERROR _dfs_enum(pipes_struct *p, DFS_Q_DFS_ENUM *q_u, DFS_R_DFS_ENUM *r_u);
- WERROR _dfs_get_info(pipes_struct *p, DFS_Q_DFS_GET_INFO *q_u,
- DFS_R_DFS_GET_INFO *r_u);
-
-+#ifdef WITH_AFS
-+/* The following definitions come from rpc_server/srv_afstoken.c */
-+BOOL api_afstoken_rpc(pipes_struct *p);
-+BOOL afstoken_init();
-+#endif /* WITH_AFS */
-+
- /* The following definitions come from rpc_server/srv_lsa.c */
-
- BOOL api_ntlsa_rpc(pipes_struct *p);
---- samba-2.2.1a/source/include/rpc_afstoken.h.old Wed Dec 31 17:00:00 1969
-+++ samba-2.2.1a/source/include/rpc_afstoken.h Tue Jul 17 15:57:02 2001
-@@ -0,0 +1,37 @@
-+/*
-+ Unix SMB/Netbios implementation.
-+ Version 1.9.
-+ SMB parameters and setup
-+ Copyright (C) Andrew Tridgell 1992-1997
-+ Copyright (C) Luke Kenneth Casson Leighton 1996-1997
-+ Copyright (C) Paul Ashton 1997
-+
-+ This program is free software; you can redistribute it and/or modify
-+ it under the terms of the GNU General Public License as published by
-+ the Free Software Foundation; either version 2 of the License, or
-+ (at your option) any later version.
-+
-+ This program is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ GNU General Public License for more details.
-+
-+ You should have received a copy of the GNU General Public License
-+ along with this program; if not, write to the Free Software
-+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-+*/
-+
-+#ifndef _RPC_AFSTOKEN_H /* _RPC_AFSTOKEN_H */
-+#define _RPC_AFSTOKEN_H
-+
-+/* afstoken pipe */
-+/* Note: these are definied by the order in the dispatch table
-+ Note: in the files generated by the IDL (afstoken_s.c file, afstoken_table)
-+*/
-+#define AFSTOKEN_GETPUBLICKEY 0x00
-+#define AFSTOKEN_GETAFSTOKEN 0x01
-+#define AFSTOKEN_LISTAFSTOKENS 0x02
-+#define AFSTOKEN_GETSERVICEVERSION 0x03
-+#define AFSTOKEN_FORGETTOKEN 0x04
-+
-+#endif /* _RPC_AFSTOKEN_H */
---- samba-2.2.1a/source/include/smb.h.old Thu Jul 5 19:01:30 2001
-+++ samba-2.2.1a/source/include/smb.h Tue Jul 17 15:57:02 2001
-@@ -302,6 +302,9 @@
- #define PIPE_LSARPC "\\PIPE\\lsarpc"
- #define PIPE_SPOOLSS "\\PIPE\\spoolss"
- #define PIPE_NETDFS "\\PIPE\\netdfs"
-+#ifdef WITH_AFS
-+#define PIPE_AFSTOKEN "\\PIPE\\afstoken"
-+#endif /* WITH_AFS */
-
- /* 64 bit time (100usec) since ????? - cifs6.txt, section 3.5, page 30 */
- typedef struct nttime_info
---- samba-2.2.1a/source/param/loadparm.c.old Thu Jul 5 19:01:44 2001
-+++ samba-2.2.1a/source/param/loadparm.c Tue Jul 17 15:57:02 2001
-@@ -228,6 +228,9 @@
- BOOL sslReqServerCert;
- BOOL sslCompatibility;
- #endif /* WITH_SSL */
-+#ifdef WITH_AFS
-+ int afstokenKeyBits;
-+#endif /* WITH_AFS */
- BOOL bMsAddPrinterWizard;
- BOOL bDNSproxy;
- BOOL bWINSsupport;
-@@ -755,6 +758,10 @@
- {"ssl version", P_ENUM, P_GLOBAL, &Globals.sslVersion, NULL, enum_ssl_version, 0},
- {"ssl compatibility", P_BOOL, P_GLOBAL, &Globals.sslCompatibility, NULL, NULL, 0},
- #endif /* WITH_SSL */
-+#ifdef WITH_AFS
-+ {"AFS Token Service Options", P_SEP, P_SEPARATOR},
-+ {"afstoken service keybits", P_INTEGER, P_GLOBAL, &Globals.afstokenKeyBits, NULL, NULL, 0},
-+#endif /* WITH_AFS */
-
- {"Logging Options", P_SEP, P_SEPARATOR},
- {"log level", P_INTEGER, P_GLOBAL, &DEBUGLEVEL_CLASS[DBGC_ALL], handle_debug_list, NULL, 0},
-@@ -1418,6 +1425,10 @@
- Globals.sslCompatibility = False;
- #endif /* WITH_SSL */
-
-+#ifdef WITH_AFS
-+ Globals.afstokenKeyBits = 768;
-+#endif /* WITH_AFS */
-+
- #ifdef WITH_LDAP_SAM
- string_set(&Globals.szLdapServer, "localhost");
- string_set(&Globals.szLdapSuffix, "");
-@@ -1497,6 +1508,10 @@
- FN_GLOBAL_BOOL(lp_ssl_reqServerCert, &Globals.sslReqServerCert)
- FN_GLOBAL_BOOL(lp_ssl_compatibility, &Globals.sslCompatibility)
- #endif /* WITH_SSL */
-+
-+#ifdef WITH_AFS
-+FN_GLOBAL_INTEGER(lp_afstoken_keybits, &Globals.afstokenKeyBits)
-+#endif /* WITH_AFS */
-
- FN_GLOBAL_BOOL(lp_ms_add_printer_wizard, &Globals.bMsAddPrinterWizard)
- FN_GLOBAL_BOOL(lp_dns_proxy, &Globals.bDNSproxy)
---- samba-2.2.1a/source/passdb/pass_check.c.old Thu Jul 5 19:01:46 2001
-+++ samba-2.2.1a/source/passdb/pass_check.c Tue Jul 17 15:57:02 2001
-@@ -33,8 +33,31 @@
-
- #ifdef WITH_AFS
-
-+#define xdr_op BROKEN_AFS5
-+#define xdrproc_t BROKEN_AFS6
-+#define xdr_ops BROKEN_AFS7
-+#define xdr_discrim BROKEN_AFS8
-+#define XDR_ENCODE BROKEN_AFS9
-+#define XDR_DECODE BROKEN_AFS10
-+#define XDR_FREE BROKEN_AFS11
-+#define XDR BROKEN_AFS12
-+#define des_ks_struct BROKEN_AFS13
-+#define des_key_schedule BROKEN_AFS14
-+#define bit_64 BROKEN_AFS15
- #include <afs/stds.h>
- #include <afs/kautils.h>
-+#undef xdr_op
-+#undef xdrproc_t
-+#undef xdr_ops
-+#undef xdr_discrim
-+#undef XDR_ENCODE
-+#undef XDR_DECODE
-+#undef XDR_FREE
-+#undef XDR
-+#undef des_ks_struct
-+#undef des_key_schedule
-+#undef bit_64
-+
-
- /*******************************************************************
- check on AFS authentication
---- samba-2.2.1a/source/rpc_parse/parse_rpc.c.old Mon Mar 12 14:09:53 2001
-+++ samba-2.2.1a/source/rpc_parse/parse_rpc.c Tue Jul 17 15:57:02 2001
-@@ -132,6 +132,18 @@
- }, 0x03 \
- }
-
-+#ifdef WITH_AFS
-+/* This is from the IDL file, and is in the output .c files as the GUID */
-+#define SYNT_AFSTOKEN_V1 \
-+{ \
-+ { \
-+ 0x328f6b2e, 0x3777, 0x4287, \
-+ { 0xb9, 0x31, 0x9c, 0xdc, \
-+ 0xc5, 0x2c, 0x84, 0x0a } \
-+ }, 0x01 \
-+}
-+#endif /* WITH_AFS */
-+
- struct pipe_id_info pipe_names [] =
- {
- /* client pipe , abstract syntax , server pipe , transfer syntax */
-@@ -143,6 +155,9 @@
- { PIPE_WINREG , SYNT_WINREG_V1 , PIPE_WINREG , TRANS_SYNT_V2 },
- { PIPE_SPOOLSS , SYNT_SPOOLSS_V1 , PIPE_SPOOLSS , TRANS_SYNT_V2 },
- { PIPE_NETDFS , SYNT_NETDFS_V3 , PIPE_NETDFS , TRANS_SYNT_V2 },
-+#ifdef WITH_AFS
-+ { PIPE_AFSTOKEN, SYNT_AFSTOKEN_V1, PIPE_AFSTOKEN , TRANS_SYNT_V2 },
-+#endif /* WITH_AFS */
- { NULL , SYNT_NONE_V0 , NULL , SYNT_NONE_V0 }
- };
-
---- samba-2.2.1a/source/rpc_server/srv_afstoken.c.old Wed Dec 31 17:00:00 1969
-+++ samba-2.2.1a/source/rpc_server/srv_afstoken.c Tue Jul 17 15:57:03 2001
-@@ -0,0 +1,589 @@
-+#define OLD_NTDOMAIN 1
-+/*
-+ * Unix SMB/Netbios implementation.
-+ * Version 1.9.
-+ * RPC Pipe client / server routines
-+ * Copyright (C) Andrew Tridgell 1992-1997,
-+ * Copyright (C) Luke Kenneth Casson Leighton 1996-1997,
-+ * Copyright (C) Paul Ashton 1997.
-+ *
-+ * This program is free software; you can redistribute it and/or modify
-+ * it under the terms of the GNU General Public License as published by
-+ * the Free Software Foundation; either version 2 of the License, or
-+ * (at your option) any later version.
-+ *
-+ * This program is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ * GNU General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU General Public License
-+ * along with this program; if not, write to the Free Software
-+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-+ */
-+
-+#include <openssl/rsa.h>
-+#include <openssl/evp.h>
-+#include <openssl/bio.h>
-+#include "includes.h"
-+/* There's a conflict between AFS includes and OpenSSL includes some des structs */
-+/* These effectively rename the AFS definitions */
-+/* Another conflict with stupid AFS and rpc xdr headers */
-+#define des_cblock BROKEN_AFS1
-+#define des_ks_struct BROKEN_AFS2
-+#define des_key_schedule BROKEN_AFS3
-+#define bit_64 BROKEN_AFS4
-+#define xdr_op BROKEN_AFS5
-+#define xdrproc_t BROKEN_AFS6
-+#define xdr_ops BROKEN_AFS7
-+#define xdr_discrim BROKEN_AFS8
-+#define XDR_ENCODE BROKEN_AFS9
-+#define XDR_DECODE BROKEN_AFS10
-+#define XDR_FREE BROKEN_AFS11
-+#define XDR BROKEN_AFS12
-+#include <afs/stds.h>
-+#include <afs/kautils.h>
-+#undef des_cblock
-+#undef des_ks_struct
-+#undef des_key_schedule
-+#undef bit_64
-+#undef xdr_op
-+#undef xdrproc_t
-+#undef xdr_ops
-+#undef xdr_discrim
-+#undef XDR_ENCODE
-+#undef XDR_DECODE
-+#undef XDR_FREE
-+#undef XDR
-+
-+#ifdef SUNOS5
-+#define SAVEME _FILE_OFFSET_BITS
-+#undef _FILE_OFFSET_BITS
-+#include <procfs.h>
-+#define _FILE_OFFSET_BITS SAVEME
-+#undef SAVEME
-+#endif
-+
-+#define AFSTOKEN_VERSION 2
-+
-+
-+/* AFS functions (from openafs, mostly) */
-+struct tokenInfo {
-+ struct ktc_token token;
-+ struct ktc_principal service;
-+ struct ktc_principal client;
-+ int deleted;
-+};
-+
-+BOOL unlog_NormalizeCellNames(char **list, int size) {
-+ char *newCellName, *lcstring();
-+ unsigned index;
-+ struct afsconf_dir *conf;
-+ int code;
-+ struct afsconf_cell cellinfo;
-+
-+ if(!(conf = afsconf_Open (AFSDIR_CLIENT_ETC_DIRPATH))) {
-+ DEBUG(0, ("unlog_NormalizeCellNameS(): Cannot get cell configuration info!\n"));
-+ return False;
-+ }
-+
-+ for(index = 0; index < size; index++, list++) {
-+ newCellName = malloc(MAXKTCREALMLEN);
-+ if(!newCellName) {
-+ DEBUG(0, ("unlog_NormalizeCellNameS(): malloc failed"));
-+ afsconf_Close (conf);
-+ return False;
-+ }
-+
-+ lcstring(newCellName,*list, MAXKTCREALMLEN);
-+ code = afsconf_GetCellInfo(conf, newCellName, 0, &cellinfo);
-+ if (code) {
-+ if(code == AFSCONF_NOTFOUND) {
-+ DEBUG(0, ("unlog_NormalizeCellNameS() Unrecognized cell name %s\n", newCellName));
-+ } else {
-+ DEBUG(0, ("unlog_NormalizeCellNameS() conf failed code %d\n", code));
-+ }
-+ afsconf_Close (conf);
-+ return False;
-+ }
-+
-+ strncpy(newCellName, cellinfo.name, MAXKTCREALMLEN);
-+
-+ free(*list);
-+ *list = newCellName;
-+ }
-+ afsconf_Close (conf);
-+ return True;
-+}
-+
-+
-+/* From unlog.c in AFS */
-+unlog_ForgetCertainTokens(char **list, int listSize) {
-+ unsigned count, index, index2, number;
-+ afs_int32 code;
-+ struct ktc_principal serviceName;
-+ struct tokenInfo *tokenInfoP;
-+
-+ if ( ! unlog_NormalizeCellNames(list, listSize)) {
-+ DEBUG(0, ("unlog_ForgetCertainTokens: normalize failed"));
-+ }
-+ /* figure out how many tokens exist */
-+ count = 0;
-+ number = 0;
-+ do {
-+ code = ktc_ListTokens(count, &count, &serviceName);
-+ if (! strcmp(serviceName.name, "afs")) {
-+ number++;
-+ }
-+ } while(!code);
-+
-+ tokenInfoP = (struct tokenInfo *)malloc((sizeof(struct tokenInfo) *
-+ number));
-+ if(!tokenInfoP) {
-+ DEBUG(0, ("unlog_ForgetCertainTokens(): Malloc failed"));
-+ return 0;
-+ }
-+
-+ for(code = index = index2 = 0; (!code) && (index2 < count); index++) {
-+ code = ktc_ListTokens(index2, &index2, &(tokenInfoP+index)->service);
-+ if (strcmp((tokenInfoP+index)->service.name, "afs")) {
-+ index--; /* Probably never happen, but... */
-+ continue;
-+ }
-+
-+ if(!code) {
-+ code = ktc_GetToken(&(tokenInfoP+index)->service,
-+ &(tokenInfoP+index)->token,
-+ sizeof(struct ktc_token),
-+ &(tokenInfoP+index)->client);
-+
-+ if(!code) {
-+ (tokenInfoP+index)->deleted =
-+ unlog_CheckUnlogList(list, listSize ,
-+ &(tokenInfoP+index)->client);
-+ }
-+
-+ }
-+ }
-+
-+ unlog_VerifyUnlog(list, listSize, tokenInfoP, number);
-+ DEBUG(3, ("unlog: unlogging all tokens"));
-+ code = ktc_ForgetAllTokens();
-+
-+ if (code) {
-+ DEBUG(0, ("unlog_ForgetCertainTokens(): ktc_ForgetAllTokens() failed: %d", code));
-+ return 0;
-+ }
-+
-+ for(code = index = 0; index < number ; index++) {
-+ if(!((tokenInfoP+index)->deleted)) {
-+ code = ktc_SetToken(&(tokenInfoP+index)->service,
-+ &(tokenInfoP+index)->token,
-+ &(tokenInfoP+index)->client, 0);
-+ if(code) {
-+ DEBUG(0, ("unlog_ForgetCertainTokens(): Couldn't re-register token, code = %d\n", code));
-+ return 0;
-+ }
-+ }
-+ }
-+
-+ free(tokenInfoP);
-+ return 1;
-+}
-+
-+unlog_CheckUnlogList(char **list, int count, struct ktc_principal *principal) {
-+ do {
-+ if(strcmp(*list, principal->cell) == 0)
-+ return 1;
-+ list++;
-+ --count;
-+ } while(count);
-+
-+ return 0;
-+}
-+
-+unlog_VerifyUnlog(char **cellList, int cellListSize, struct tokenInfo *tokenList, int tokenListSize) {
-+ int index;
-+
-+ for(index = 0; index < cellListSize; index++) {
-+ int index2;
-+ int found;
-+
-+ for(found = index2 = 0; !found && index2 < tokenListSize; index2++)
-+ found =
-+ strcmp(cellList[index], (tokenList+index2)->client.cell)==0;
-+
-+ if(!found)
-+ DEBUG(0, ("unlog: Warning - no tokens held for cell %s\n",
-+ cellList[index]));
-+ }
-+}
-+
-+
-+/* END AFS Functions */
-+
-+extern int DEBUGLEVEL;
-+extern pstring global_myname;
-+
-+RSA *rsaKey = NULL;
-+EVP_CIPHER *cipher = NULL;
-+EVP_PKEY *evp_key = NULL;
-+
-+#define NUMCELLS 30
-+
-+/* Decrypt data in *data of length len, and return it in **out
-+ **out should be free()'d when finished
-+*/
-+int decrypt_data(RSA *key, unsigned char *data, int len, unsigned char *ek, int ekl, unsigned char *iv, unsigned char **out) {
-+ EVP_CIPHER_CTX ctx;
-+ int outl;
-+ int ret = 0;
-+
-+ *out = malloc(len + 2 * EVP_CIPHER_block_size(cipher));
-+
-+ if (EVP_OpenInit(&ctx, cipher, ek, ekl, iv, evp_key)) {
-+ if (EVP_OpenUpdate(&ctx, *out, &outl, data, len)) {
-+ if (EVP_OpenFinal(&ctx, (*out) + outl, &outl)) {
-+ ret = 1;
-+ }
-+ }
-+ }
-+
-+ return ret;
-+}
-+
-+/* base64 encode data - you should free the return pointer */
-+char *base64encode(unsigned char *data, int length) {
-+ BIO *bio, *b1, *b2;
-+ char *p, *ret;
-+ long size;
-+
-+ b1 = BIO_new(BIO_f_base64());
-+ bio = BIO_push(BIO_new(BIO_f_base64()), BIO_new(BIO_s_mem()));
-+ BIO_write(bio, data, length);
-+ BIO_flush(bio);
-+ size = BIO_get_mem_data(bio, &p);
-+
-+ ret = malloc(size + 1);
-+ ret[size] = '\0';
-+ memcpy(ret, p, size);
-+ BIO_free_all(bio);
-+
-+ return ret;
-+}
-+
-+/* Initialize */
-+BOOL afstoken_init() {
-+#ifdef SUNOS5
-+ char seed_file_name[1024];
-+ int seed_fd;
-+ struct pstatus seed;
-+#endif
-+ int bits = lp_afstoken_keybits();
-+ DEBUG(1, ("afstoken_init: Initializing...\n"));
-+ ERR_load_crypto_strings();
-+ if (bits != 256 && bits != 512 && bits != 768 && bits != 1024 && bits != 2048) {
-+ DEBUG(0, ("afstoken_init: %d is not a supported bitsize - try 256,512,768,1024, or 2048. Defaulting to 768 bits.\n", bits));
-+ bits = 768;
-+ }
-+ DEBUG(3, ("afstoken_init: Generating RSA key of %d bits...\n", bits));
-+#ifdef SUNOS5
-+#undef sprintf
-+ sprintf(seed_file_name, "/proc/%d/status", getpid());
-+ seed_fd = open(seed_file_name, O_RDONLY);
-+ if (seed_fd == -1) {
-+ DEBUG(0, ("afstoken_init: Error getting random data from %s."));
-+ }
-+ else {
-+ if (read(seed_fd, &seed, sizeof(seed)) > 0) {
-+ DEBUG(3, ("afstoken_init: Random number generator seeded."));
-+ }
-+ close(seed_fd);
-+ }
-+ RAND_seed(&seed, sizeof(seed));
-+#define sprintf __ERROR__XX__NEVER_USE_SPRINTF__;
-+#endif
-+ rsaKey = RSA_generate_key(bits, RSA_F4, NULL, NULL);
-+ if (rsaKey == NULL) {
-+ DEBUG(0, ("afstoken_init: Error generating RSA key.\n"));
-+ return False;
-+ }
-+ DEBUG(3, ("afstoken_init: Done generating key.\n"));
-+
-+ /* Initialize crypto stuff */
-+ cipher = EVP_bf_cbc();
-+ evp_key = EVP_PKEY_new();
-+ EVP_PKEY_assign_RSA(evp_key, rsaKey);
-+ return True;
-+}
-+
-+BOOL enum_tokens(char *buf, int size, pipes_struct *p) {
-+ int cellNum = 0;
-+ struct ktc_principal service, client;
-+ struct ktc_token tok;
-+ int i;
-+ int offset = 0;
-+
-+ buf[0] = '\0';
-+
-+ for (i = 0; i < NUMCELLS && !ktc_ListTokens(cellNum, &cellNum, &service); i++) {
-+ if (!ktc_GetToken(&service, &tok, sizeof(tok), &client)) {
-+ DEBUG(3, ("enum_tokens: %d cell: %s name: %s instance: %s\n", i, client.cell, client.name, client.instance));
-+ DEBUG(3, ("enum_tokens: SERVICE cell: %s name: %s instance: %s\n", service.cell, service.name, service.instance));
-+ DEBUG(3, ("enum_tokens: start %d end %d\n", tok.startTime, tok.endTime));
-+#undef sprintf
-+ if ( ! strcmp(service.name, "afs") ) {
-+ safe_strcat(buf + offset, client.cell, size - offset - 1);
-+ offset += strlen(buf + offset) + 1;
-+ buf[offset] = '\0';
-+ safe_strcat(buf + offset, client.name, size - offset - 1);
-+ offset += strlen(buf + offset) + 1;
-+ buf[offset] = '\0';
-+ sprintf(buf + offset, "%d", tok.endTime);
-+ offset += strlen(buf + offset) + 2;
-+ buf[offset-1] = '\0';
-+ buf[offset] = '\0';
-+ }
-+#define sprintf __ERROR__XX__NEVER_USE_SPRINTF__;
-+ if (offset >= size) {
-+ DEBUG(0, ("AFS enum_tokens: insufficient buffer\n"));
-+ return False;
-+ }
-+ buf[offset] = '\0';
-+ }
-+ }
-+
-+ return True;
-+}
-+
-+static BOOL api_afstoken_getafstoken(pipes_struct *p)
-+{
-+ unsigned int retval = 0, len;
-+ unsigned char *passdata, *ek, *iv, *password, *msg;
-+ STRING2 user, cell;
-+ prs_struct *rdata = &p->out_data.rdata;
-+ prs_struct *indata = &p->in_data.data;
-+ int pdl, ekl, ivl, msgl;
-+
-+ DEBUG(3, ("api_afstoken_getafstoken: Entering\n"));
-+ /* read in user name and cell*/
-+ smb_io_string2("user", &user, 1, indata, 0);
-+ smb_io_string2("cell", &cell, 1, indata, 0);
-+
-+ DEBUG(3, ("api_afstoken_getafstoken: Request for user %s cell %s\n", user.buffer, cell.buffer));
-+
-+ /* read in encrypted password */
-+
-+ /* data */
-+ prs_align(indata);
-+ prs_uint32("passdata_len", indata, 0, &pdl);
-+ prs_align(indata);
-+ prs_uint32("passdata_len", indata, 0, &pdl);
-+ prs_align(indata);
-+ passdata = malloc(pdl);
-+ prs_uint8s(False, "passdata", indata, 0, passdata, pdl);
-+
-+ /* read in encrypted symmetric key */
-+ prs_align(indata);
-+ prs_uint32("ek_len", indata, 0, &ekl);
-+ prs_align(indata);
-+ prs_uint32("ek_len", indata, 0, &ekl);
-+ prs_align(indata);
-+ ek = malloc(ekl);
-+ prs_uint8s(False, "ek", indata, 0, ek, ekl);
-+
-+ /* read in IV */
-+ prs_align(indata);
-+ prs_uint32("iv_len", indata, 0, &ivl);
-+ prs_align(indata);
-+ prs_uint32("iv_len", indata, 0, &ivl);
-+ prs_align(indata);
-+ iv = malloc(ivl);
-+ prs_uint8s(False, "iv", indata, 0, iv, ivl);
-+
-+ /* read in msg */
-+ prs_align(indata);
-+ prs_uint32("msgl", indata, 0, &msgl);
-+ DEBUG(3, ("api_afstoken_getafstoken: msglen %d\n", msgl));
-+ msg = malloc(msgl);
-+ strncpy(msg, "Success.", msgl);
-+
-+ DEBUG(3, ("api_afstoken_getafstoken: read in encrypted password - decrypting.\n"));
-+ if (decrypt_data(rsaKey, passdata, pdl, ek, ekl, iv, &password)) {
-+ long password_expires = 0;
-+ char *reason;
-+ DEBUG(3, ("api_afstoken_getafstoken: password decrypted successfully.\n"));
-+ if (ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION, user.buffer, (char *) 0,
-+ cell.buffer, password, 0, &password_expires, 0, &reason) == 0) {
-+ DEBUG(3, ("api_afstoken_getafstoken: got token for %s in cell %s\n",
-+ user.buffer, cell.buffer));
-+ retval = 1;
-+ }
-+ else {
-+ DEBUG(3, ("api_afstoken_getafstoken: failed to authenticate %s: %s\n",
-+ user.buffer, reason));
-+ strncpy(msg, reason, msgl);
-+ retval = 0;
-+ }
-+
-+ }
-+ else {
-+ DEBUG(3, ("api_afstoken_getafstoken: failed to dencrypt password\n"));
-+ strncpy(msg, "failed to decrypt password from client.", msgl);
-+ retval = 0;
-+ }
-+ prs_align(rdata);
-+ prs_uint32("msgl", rdata, 0, &msgl);
-+ prs_align(rdata);
-+ prs_uint8s(False, "key", rdata, 1, msg, msgl);
-+ prs_align(rdata);
-+ prs_uint32("retvalue", rdata, 0, &retval);
-+
-+ free(passdata);
-+ free(ek);
-+ free(password);
-+ free(iv);
-+ free(msg);
-+
-+ return True;
-+}
-+
-+static BOOL api_afstoken_getpublickey(pipes_struct *p)
-+{
-+ /* retval is return value */
-+ /* len is the actual public key length */
-+ /* retsize is the buffer size we _always_ send regardless of key length */
-+ unsigned int retval, len, retsize;
-+ prs_struct *rdata = &p->out_data.rdata;
-+ prs_struct *indata = &p->in_data.data;
-+ unsigned char *out, *ptr;
-+
-+ if (rsaKey == NULL && ! afstoken_init()) {
-+ DEBUG(0, ("api_afstoken_getpublickey: Unable to initialize RSA Key.\n"));
-+ retval = 0;
-+ len = 0;
-+ }
-+ else {
-+ DEBUG(3, ("api_afstoken_getpublickey: Entering...\n"));
-+ prs_uint32("buf_size", indata, 0, &retsize);
-+ out = malloc(retsize);
-+
-+ len = i2d_RSAPublicKey(rsaKey, NULL);
-+ if (len > retsize) {
-+ DEBUG(0, ("api_afstoken_getpublickey: Not enough buffer sent.\n"));
-+ retval = 0;
-+ }
-+ else {
-+ ptr = out;
-+ len = i2d_RSAPublicKey(rsaKey, &ptr);
-+ retval = 1;
-+ }
-+ }
-+
-+ prs_align(rdata);
-+ prs_uint32("len", rdata, 0, &len);
-+ prs_align(rdata);
-+ prs_uint8s(False, "key", rdata, 1, out, retsize);
-+ prs_align(rdata);
-+ prs_uint32("getkey_ret", rdata, 0, &retval);
-+
-+ free(out);
-+ return True;
-+}
-+
-+static BOOL api_afstoken_forgettoken(pipes_struct *p) {
-+ unsigned int retval = 0;
-+ STRING2 cell;
-+ prs_struct *rdata = &p->out_data.rdata;
-+ prs_struct *indata = &p->in_data.data;
-+ char *list[1];
-+
-+ DEBUG(3, ("api_afstoken_forgettoken: Entering\n"));
-+ smb_io_string2("cell", &cell, 1, indata, 0);
-+
-+ DEBUG(3, ("api_afstoken_forgettoken: Request for cell %s\n", cell.buffer));
-+
-+ list[0] = malloc(MAXKTCREALMLEN);
-+ strncpy(list[0], cell.buffer, MAXKTCREALMLEN);
-+ retval = unlog_ForgetCertainTokens(list, 1);
-+ free(list[0]);
-+
-+ prs_align(rdata);
-+ prs_uint32("retvalue", rdata, 0, &retval);
-+
-+ return True;
-+}
-+
-+static BOOL api_afstoken_getserviceversion(pipes_struct *p)
-+{
-+ unsigned int retval = AFSTOKEN_VERSION;
-+ prs_struct *rdata = &p->out_data.rdata;
-+
-+ DEBUG(3, ("api_afstoken_getserviceversion: Entering...\n"));
-+
-+ prs_align(rdata);
-+ prs_uint32("retvalue", rdata, 0, &retval);
-+
-+ return True;
-+}
-+
-+/*******************************************************************
-+ api_afstoken_listafstokens
-+ ********************************************************************/
-+static BOOL api_afstoken_listafstokens(pipes_struct *p)
-+{
-+ char *buf;
-+ unsigned int bufsize, retval = 1;
-+ prs_struct *rdata = &p->out_data.rdata;
-+ prs_struct *indata = &p->in_data.data;
-+
-+ DEBUG(3, ("api_afstoken_listafstokens: Entering...\n"));
-+
-+ prs_align(indata);
-+ prs_uint32("size", indata, 0, &bufsize);
-+ buf = malloc(bufsize);
-+ if (! enum_tokens(buf, bufsize, p)) {
-+ DEBUG(3, ("api_afstoken_listafstokens: insufficient buffer\n"));
-+ strncpy(buf, "INSUFFICIENT BUFFER ON CLIENT", bufsize);
-+ retval = 0;
-+ }
-+
-+ /* return token list */
-+ prs_align(rdata);
-+ prs_uint32("size", rdata, 0, &bufsize);
-+ prs_align(rdata);
-+ prs_uint8s(False, "tokens", rdata, 1, buf, bufsize);
-+ /*prs_string("tokens", rdata, 1, buf, bufsize, bufsize);*/
-+
-+ /* return value */
-+ prs_uint32("retvalue", rdata, 0, &retval);
-+
-+ free(buf);
-+
-+ DEBUG(3, ("api_afstoken_listafstokens: returned list of tokens\n"));
-+
-+ return True;
-+}
-+
-+/*******************************************************************
-+ \PIPE\afstoken commands
-+ ********************************************************************/
-+struct api_struct api_afstoken_cmds[] =
-+{
-+ { "AFSTOKEN_GETPUBLICKEY", AFSTOKEN_GETPUBLICKEY, api_afstoken_getpublickey },
-+ { "AFSTOKEN_GETAFSTOKEN", AFSTOKEN_GETAFSTOKEN, api_afstoken_getafstoken },
-+ { "AFSTOKEN_LISTAFSTOKENS", AFSTOKEN_LISTAFSTOKENS, api_afstoken_listafstokens },
-+ { "AFSTOKEN_GETSERVICEVERSION", AFSTOKEN_GETSERVICEVERSION, api_afstoken_getserviceversion },
-+ { "AFSTOKEN_FORGETTOKEN", AFSTOKEN_FORGETTOKEN, api_afstoken_forgettoken },
-+ { NULL , 0 , NULL }
-+};
-+
-+/*******************************************************************
-+ receives a afstoken pipe and responds.
-+ ********************************************************************/
-+BOOL api_afstoken_rpc(pipes_struct *p)
-+{
-+ return api_rpcTNP(p, "api_afstoken_rpc", api_afstoken_cmds);
-+}
-+
-+#undef OLD_NTDOMAIN
---- samba-2.2.1a/source/rpc_server/srv_pipe.c.old Thu Jul 5 19:01:53 2001
-+++ samba-2.2.1a/source/rpc_server/srv_pipe.c Tue Jul 17 15:57:03 2001
-@@ -496,6 +496,9 @@
- #ifdef WITH_MSDFS
- { "netdfs", "netdfs" , api_netdfs_rpc },
- #endif
-+#ifdef WITH_AFS
-+ { "afstoken", "afstoken", api_afstoken_rpc },
-+#endif /* WITH_AFS */
- { NULL, NULL, NULL }
- };
-
---- samba-2.2.1a/source/smbd/nttrans.c.old Thu Jul 5 19:02:00 2001
-+++ samba-2.2.1a/source/smbd/nttrans.c Tue Jul 17 15:57:03 2001
-@@ -44,6 +44,9 @@
- #ifdef WITH_MSDFS
- "\\netdfs",
- #endif
-+#ifdef WITH_AFS
-+ "\\afstoken",
-+#endif
- NULL
- };
-
---- samba-2.2.1a/source/smbd/process.c.old Thu Jul 5 19:02:02 2001
-+++ samba-2.2.1a/source/smbd/process.c Tue Jul 17 15:59:43 2001
-@@ -1190,6 +1190,10 @@
- time_t last_timeout_processing_time = time(NULL);
- unsigned int num_smbs = 0;
-
-+#ifdef WITH_AFS
-+ DEBUG(3, ("smbd_process: creating pagsh for this child. %d\n", getpgrp()));
-+ setpag();
-+#endif
- InBuffer = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN);
- OutBuffer = (char *)malloc(BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE + SAFETY_MARGIN);
- if ((InBuffer == NULL) || (OutBuffer == NULL))
---- samba-2.2.1a/source/smbd/reply.c.old Wed Jul 11 13:08:46 2001
-+++ samba-2.2.1a/source/smbd/reply.c Tue Jul 17 15:57:03 2001
-@@ -1030,6 +1030,11 @@
- }
- }
-
-+#ifdef WITH_AFS
-+ DEBUG(3, ("afs_auth: calling setpag()\n"));
-+ setpag();
-+#endif
-+
- if (!smb_getpwnam(user,True)) {
- DEBUG(3,("No such user %s [%s] - using guest account\n",user, domain));
- pstrcpy(user,lp_guestaccount(-1));