windows-query-afsid-20060420

In order to properly handle the local allocation of locks
the cache manager must enforce the locking rules associated
with PRSFS_WRITE and PRSFS_INSERT and PRSFS_LOCK.  Insert
affects "new files" which in AFS are defined as any file that
is owned by the user.  Therefore, we must know the afsid of the
user so that it can be compared to owner of the file.

This commit includes a query using PR_SNameToId where the name
is the name specified by the entity setting the token.  There
does not currently exist a Protection Service RPC to return the
AFSID of the entity that the rx connection was authenticated as.
Such a function will have to be added in order to make this
functionality secure.

====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================

Export functions missing from the UNIX version and the PR_ functions
required by the Windows Cache Manager.

diff --git a/src/WINNT/afsd/NTMakefile b/src/WINNT/afsd/NTMakefile
index 4231d62..198f970 100644 (file)
--- a/src/WINNT/afsd/NTMakefile
+++ b/src/WINNT/afsd/NTMakefile
@@ -101,6 +101,7 @@ AFSDOBJS=\
        $(OUT)\cm_cell.obj \
        $(OUT)\cm_server.obj \
        $(OUT)\cm_volume.obj \
+       $(OUT)\cm_config.obj \
        $(OUT)\cm_conn.obj \
        $(OUT)\cm_user.obj \
        $(OUT)\cm_buf.obj \

diff --git a/src/WINNT/afsd/cm_ioctl.c b/src/WINNT/afsd/cm_ioctl.c
index e7a93bb..70b93cb 100644 (file)
--- a/src/WINNT/afsd/cm_ioctl.c
+++ b/src/WINNT/afsd/cm_ioctl.c
@@ -9,6 +9,9 @@
 
 #include <afs/param.h>
 #include <afs/stds.h>
+#include <afs/cellconfig.h>
+#include <afs/ptserver.h>
+#include <ubik.h>
 
 #ifndef DJGPP
 #include <windows.h>
@@ -1893,6 +1896,82 @@ long cm_IoctlDeletelink(struct smb_ioctl *ioctlp, struct cm_user *userp)
     return code;
 }
 
+long cm_UsernameToId(char *uname, cm_ucell_t * ucellp, afs_uint32* uid)
+{
+    afs_int32 code;
+    namelist lnames;
+    idlist lids;
+    static struct afsconf_cell info;
+    struct rx_connection *serverconns[MAXSERVERS];
+    struct rx_securityClass *sc[3];
+    afs_int32 scIndex = 2;     /* authenticated - we have a token */
+    struct ubik_client *pruclient = NULL;
+    struct afsconf_dir *tdir;
+    int i;
+    char * p, * r;
+
+    tdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH);
+    code = afsconf_GetCellInfo(tdir, ucellp->cellp->name, "afsprot", &info);
+    afsconf_Close(tdir);
+
+    sc[0] = 0;
+    sc[1] = 0;
+    sc[2] = 0;
+
+    /* we have the token that was given to us in the settoken 
+     * call.   we just have to use it. 
+     */
+    scIndex = 2;       /* kerberos ticket */
+    sc[2] = rxkad_NewClientSecurityObject(rxkad_clear, &ucellp->sessionKey,
+                                         ucellp->kvno, ucellp->ticketLen,
+                                         ucellp->ticketp);
+
+    memset(serverconns, 0, sizeof(serverconns));       /* terminate list!!! */
+    for (i = 0; i < info.numServers; i++)
+       serverconns[i] =
+           rx_NewConnection(info.hostAddr[i].sin_addr.s_addr,
+                            info.hostAddr[i].sin_port, PRSRV, sc[scIndex],
+                            scIndex);
+
+    code = ubik_ClientInit(serverconns, &pruclient);
+    if (code) {
+       return code;
+    }
+
+    code = rxs_Release(sc[scIndex]);
+
+    lids.idlist_len = 0;
+    lids.idlist_val = 0;
+    lnames.namelist_len = 1;
+    lnames.namelist_val = (prname *) malloc(PR_MAXNAMELEN);
+    strncpy(lnames.namelist_val[0], uname, PR_MAXNAMELEN);
+    lnames.namelist_val[0][PR_MAXNAMELEN-1] = '\0';
+    for ( p=lnames.namelist_val[0], r=NULL; *p; p++ ) {
+       if (isupper(*p))
+           *p = tolower(*p);
+       if (*p == '@')
+           r = p;
+    }
+    if (r && !stricmp(r+1,ucellp->cellp->name))
+       *r = '\0';
+
+    code = ubik_Call(PR_NameToID, pruclient, 0, &lnames, &lids);
+    if (lids.idlist_val) {
+       *uid = *lids.idlist_val;
+       free(lids.idlist_val);
+    }
+    if (lnames.namelist_val)
+       free(lnames.namelist_val);
+
+    if ( pruclient ) {
+       ubik_ClientDestroy(pruclient);
+       pruclient = NULL;
+    }
+
+    return 0;
+}
+
+
 long cm_IoctlSetToken(struct smb_ioctl *ioctlp, struct cm_user *userp)
 {
     char *saveDataPtr;
@@ -1909,6 +1988,7 @@ long cm_IoctlSetToken(struct smb_ioctl *ioctlp, struct cm_user *userp)
     char sessionKey[8];
     char *smbname;
     int release_userp = 0;
+    char * wdir = NULL;
 
     saveDataPtr = ioctlp->inDatap;
 
@@ -2008,8 +2088,12 @@ long cm_IoctlSetToken(struct smb_ioctl *ioctlp, struct cm_user *userp)
     ucellp->kvno = ct.AuthHandle;
     ucellp->expirationTime = ct.EndTimestamp;
     ucellp->gen++;
-    if (uname) 
+    ucellp->uid = ANONYMOUSID;
+    if (uname) {
         StringCbCopyA(ucellp->userName, MAXKTCNAMELEN, uname);
+
+       cm_UsernameToId(uname, ucellp, &ucellp->uid);
+    }
     ucellp->flags |= CM_UCELLFLAG_RXKAD;
     lock_ReleaseMutex(&userp->mx);
 

diff --git a/src/WINNT/afsd/cm_user.h b/src/WINNT/afsd/cm_user.h
index f9f28b5..19013b1 100644 (file)
--- a/src/WINNT/afsd/cm_user.h
+++ b/src/WINNT/afsd/cm_user.h
@@ -32,6 +32,7 @@ typedef struct cm_ucell {
     int iterator;                      /* for use as ListTokens cookie */
     long flags;                                /* flags */
     char userName[MAXKTCNAMELEN];      /* user name */
+    afs_uint32 uid;                    /* User's AFS ID in this cell */
 } cm_ucell_t;
 
 #define CM_UCELLFLAG_HASTIX    1       /* has Kerberos tickets */

diff --git a/src/libafsauthent/afsauthent.def b/src/libafsauthent/afsauthent.def
index 86f2437..15ae52f 100644 (file)
--- a/src/libafsauthent/afsauthent.def
+++ b/src/libafsauthent/afsauthent.def
@@ -81,6 +81,45 @@ EXPORTS
        pr_CreateUser                                   @80
        pr_SNameToId                                    @81
 
-
        DISK_function_names                             @83 DATA
        VOTE_function_names                             @84 DATA
+
+        pr_End                                          @85
+        PR_INewEntry                                   @86
+        PR_WhereIsIt                                   @87
+        PR_DumpEntry                                   @88
+        PR_AddToGroup                                  @89
+        PR_NameToID                                    @90
+        PR_IDToName                                    @91
+        PR_Delete                                      @92
+        PR_RemoveFromGroup                             @93
+        PR_GetCPS                                      @94
+        PR_NewEntry                                    @95
+        PR_ListMax                                     @96
+        PR_SetMax                                      @97
+        PR_ListEntry                                   @98
+        PR_ChangeEntry                                 @99
+        PR_ListElements                                        @100
+        PR_IsAMemberOf                                 @101
+        PR_SetFieldsEntry                              @102
+        PR_ListOwned                                   @103
+        PR_GetCPS2                                     @104
+        PR_GetHostCPS                                  @105
+        PR_UpdateEntry                                 @106
+        PR_ListEntries                                 @107
+        PR_ListSuperGroups                             @108
+       ka_AuthSpecificServersConn                      @109
+       ka_KeyCheckSum                                  @110
+
+
+
+
+
+
+
+
+
+
+
+
+