From: Jeffrey Altman <jaltman@your-file-system.com>
Date: Wed, 21 Nov 2012 23:03:10 +0000 (-0500)
Subject: Windows: afslogon do not specify smbName for tokens
X-Git-Tag: openafs-stable-1_8_0pre1~1794
X-Git-Url: https://git.openafs.org/?p=openafs.git;a=commitdiff_plain;h=305133cde60fec7fb1050caf60a4319cdcf88a27

Windows: afslogon do not specify smbName for tokens

The smbName was added to the Windows ktc_SetTokens() interface
to provide a mechanism for passing the Windows account name
that the tokens should be associated with via Integrated Logon.
This was only required when the Authentication Provider did not
impersonate the user context prior to calling ktc_SetTokens().
Now that impersonation is used, the ktc_SetTokens() call will
do the right thing without the smbName.  In fact, when impersonation
is used setting the smbName does the wrong thing by specifying
the AFS_PIOCTL_LOGON flag which is only valid if the SYSTEM account
is issuing the ktc_SetToken() call.

Change-Id: I6d04b56b815571f6e9fe3557544bd93a5b9ca735
Reviewed-on: http://gerrit.openafs.org/8490
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Tested-by: Jeffrey Altman <jaltman@your-file-system.com>
---

diff --git a/src/WINNT/afsd/afslogon.c b/src/WINNT/afsd/afslogon.c
index ecee4ab..241cbfe 100644
--- a/src/WINNT/afsd/afslogon.c
+++ b/src/WINNT/afsd/afslogon.c
@@ -1071,7 +1071,7 @@ ObtainTokens( PLUID lpLogonId,
             p = principal + tlen;
             *p++ = '@';
             StringCchCopy(p, len - tlen -1, pOpt->realm ? pOpt->realm : realm);
-            code = KFW_AFS_get_cred(principal, cell, password, 0, pOpt->smbName, preason);
+            code = KFW_AFS_get_cred(principal, cell, password, 0, NULL, preason);
             DebugEvent("KFW_AFS_get_cred  uname=[%s] smbname=[%s] cell=[%s] code=[%d]",
                         principal, pOpt->smbName, cell, code);
 
@@ -1080,7 +1080,7 @@ ObtainTokens( PLUID lpLogonId,
                 while ( *p ) {
                     if ( cm_stricmp_utf8(p, cell) ) {
                         SetEnvironmentVariable(DO_NOT_REGISTER_VARNAME, "");
-                        code2 = KFW_AFS_get_cred(principal, p, password, 0, pOpt->smbName, preason);
+                        code2 = KFW_AFS_get_cred(principal, p, password, 0, NULL, preason);
                         SetEnvironmentVariable(DO_NOT_REGISTER_VARNAME, NULL);
                         DebugEvent("KFW_AFS_get_cred  uname=[%s] smbname=[%s] cell=[%s] code=[%d]",
                                     principal, pOpt->smbName, p, code2);
@@ -1095,7 +1095,7 @@ ObtainTokens( PLUID lpLogonId,
 
     } else {
         code = ka_UserAuthenticateGeneral2(KA_USERAUTH_VERSION+KA_USERAUTH_AUTHENT_LOGON,
-                                            uname, "", cell, password, pOpt->smbName, 0, &pw_exp, 0,
+                                            uname, "", cell, password, NULL, 0, &pw_exp, 0,
                                             preason);
         DebugEvent("AFS AfsLogon - (INTEGRATED only)ka_UserAuthenticateGeneral2 Code[%x] uname[%s] smbname=[%s] Cell[%s] PwExp=[%d] Reason=[%s]",
                     code, uname, pOpt->smbName, cell, pw_exp, *preason ? *preason : "");