windows-query-afsid-20060420

In order to properly handle the local allocation of locks
the cache manager must enforce the locking rules associated
with PRSFS_WRITE and PRSFS_INSERT and PRSFS_LOCK.  Insert
affects "new files" which in AFS are defined as any file that
is owned by the user.  Therefore, we must know the afsid of the
user so that it can be compared to owner of the file.

This commit includes a query using PR_SNameToId where the name
is the name specified by the entity setting the token.  There
does not currently exist a Protection Service RPC to return the
AFSID of the entity that the rx connection was authenticated as.
Such a function will have to be added in order to make this
functionality secure.

====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================

Export functions missing from the UNIX version and the PR_ functions
required by the Windows Cache Manager.

diff --git a/src/WINNT/afsd/NTMakefile b/src/WINNT/afsd/NTMakefile
index 4231d6269700e6cf8548b7869574133d083841c2..198f970123884f3e2ac1143d614d3f16f5a7ad6f 100644 (file)
--- a/src/WINNT/afsd/NTMakefile
+++ b/src/WINNT/afsd/NTMakefile
@@ -101,6 +101,7 @@ AFSDOBJS=\
        $(OUT)\cm_cell.obj \
        $(OUT)\cm_server.obj \
        $(OUT)\cm_volume.obj \
+       $(OUT)\cm_config.obj \
        $(OUT)\cm_conn.obj \
        $(OUT)\cm_user.obj \
        $(OUT)\cm_buf.obj \

diff --git a/src/WINNT/afsd/cm_ioctl.c b/src/WINNT/afsd/cm_ioctl.c
index e7a93bb77243f7b64b47c783ed55a3bcf9e7eaaf..70b93cbe0c6d4279a4a7a6d98d956ace435b4d98 100644 (file)
--- a/src/WINNT/afsd/cm_ioctl.c
+++ b/src/WINNT/afsd/cm_ioctl.c
@@ -9,6 +9,9 @@
 
 #include <afs/param.h>
 #include <afs/stds.h>
+#include <afs/cellconfig.h>
+#include <afs/ptserver.h>
+#include <ubik.h>
 
 #ifndef DJGPP
 #include <windows.h>
@@ -1893,6 +1896,82 @@ long cm_IoctlDeletelink(struct smb_ioctl *ioctlp, struct cm_user *userp)
     return code;
 }
 
+long cm_UsernameToId(char *uname, cm_ucell_t * ucellp, afs_uint32* uid)
+{
+    afs_int32 code;
+    namelist lnames;
+    idlist lids;
+    static struct afsconf_cell info;
+    struct rx_connection *serverconns[MAXSERVERS];
+    struct rx_securityClass *sc[3];
+    afs_int32 scIndex = 2;     /* authenticated - we have a token */
+    struct ubik_client *pruclient = NULL;
+    struct afsconf_dir *tdir;
+    int i;
+    char * p, * r;
+
+    tdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH);
+    code = afsconf_GetCellInfo(tdir, ucellp->cellp->name, "afsprot", &info);
+    afsconf_Close(tdir);
+
+    sc[0] = 0;
+    sc[1] = 0;
+    sc[2] = 0;
+
+    /* we have the token that was given to us in the settoken 
+     * call.   we just have to use it. 
+     */
+    scIndex = 2;       /* kerberos ticket */
+    sc[2] = rxkad_NewClientSecurityObject(rxkad_clear, &ucellp->sessionKey,
+                                         ucellp->kvno, ucellp->ticketLen,
+                                         ucellp->ticketp);
+
+    memset(serverconns, 0, sizeof(serverconns));       /* terminate list!!! */
+    for (i = 0; i < info.numServers; i++)
+       serverconns[i] =
+           rx_NewConnection(info.hostAddr[i].sin_addr.s_addr,
+                            info.hostAddr[i].sin_port, PRSRV, sc[scIndex],
+                            scIndex);
+
+    code = ubik_ClientInit(serverconns, &pruclient);
+    if (code) {
+       return code;
+    }
+
+    code = rxs_Release(sc[scIndex]);
+
+    lids.idlist_len = 0;
+    lids.idlist_val = 0;
+    lnames.namelist_len = 1;
+    lnames.namelist_val = (prname *) malloc(PR_MAXNAMELEN);
+    strncpy(lnames.namelist_val[0], uname, PR_MAXNAMELEN);
+    lnames.namelist_val[0][PR_MAXNAMELEN-1] = '\0';
+    for ( p=lnames.namelist_val[0], r=NULL; *p; p++ ) {
+       if (isupper(*p))
+           *p = tolower(*p);
+       if (*p == '@')
+           r = p;
+    }
+    if (r && !stricmp(r+1,ucellp->cellp->name))
+       *r = '\0';
+
+    code = ubik_Call(PR_NameToID, pruclient, 0, &lnames, &lids);
+    if (lids.idlist_val) {
+       *uid = *lids.idlist_val;
+       free(lids.idlist_val);
+    }
+    if (lnames.namelist_val)
+       free(lnames.namelist_val);
+
+    if ( pruclient ) {
+       ubik_ClientDestroy(pruclient);
+       pruclient = NULL;
+    }
+
+    return 0;
+}
+
+
 long cm_IoctlSetToken(struct smb_ioctl *ioctlp, struct cm_user *userp)
 {
     char *saveDataPtr;
@@ -1909,6 +1988,7 @@ long cm_IoctlSetToken(struct smb_ioctl *ioctlp, struct cm_user *userp)
     char sessionKey[8];
     char *smbname;
     int release_userp = 0;
+    char * wdir = NULL;
 
     saveDataPtr = ioctlp->inDatap;
 
@@ -2008,8 +2088,12 @@ long cm_IoctlSetToken(struct smb_ioctl *ioctlp, struct cm_user *userp)
     ucellp->kvno = ct.AuthHandle;
     ucellp->expirationTime = ct.EndTimestamp;
     ucellp->gen++;
-    if (uname) 
+    ucellp->uid = ANONYMOUSID;
+    if (uname) {
         StringCbCopyA(ucellp->userName, MAXKTCNAMELEN, uname);
+
+       cm_UsernameToId(uname, ucellp, &ucellp->uid);
+    }
     ucellp->flags |= CM_UCELLFLAG_RXKAD;
     lock_ReleaseMutex(&userp->mx);
 

diff --git a/src/WINNT/afsd/cm_user.h b/src/WINNT/afsd/cm_user.h
index f9f28b5b2533a6f50eade9be3cb2a11ce9b10b84..19013b14146da9a0295dd1563285fa5f1d89c875 100644 (file)
--- a/src/WINNT/afsd/cm_user.h
+++ b/src/WINNT/afsd/cm_user.h
@@ -32,6 +32,7 @@ typedef struct cm_ucell {
     int iterator;                      /* for use as ListTokens cookie */
     long flags;                                /* flags */
     char userName[MAXKTCNAMELEN];      /* user name */
+    afs_uint32 uid;                    /* User's AFS ID in this cell */
 } cm_ucell_t;
 
 #define CM_UCELLFLAG_HASTIX    1       /* has Kerberos tickets */

diff --git a/src/libafsauthent/afsauthent.def b/src/libafsauthent/afsauthent.def
index 86f2437e3725a5864f5930b231e2fb1eef26bd4c..15ae52f6028bb8566833e777b16cf3d72381dbd5 100644 (file)
--- a/src/libafsauthent/afsauthent.def
+++ b/src/libafsauthent/afsauthent.def
@@ -81,6 +81,45 @@ EXPORTS
        pr_CreateUser                                   @80
        pr_SNameToId                                    @81
 
-
        DISK_function_names                             @83 DATA
        VOTE_function_names                             @84 DATA
+
+        pr_End                                          @85
+        PR_INewEntry                                   @86
+        PR_WhereIsIt                                   @87
+        PR_DumpEntry                                   @88
+        PR_AddToGroup                                  @89
+        PR_NameToID                                    @90
+        PR_IDToName                                    @91
+        PR_Delete                                      @92
+        PR_RemoveFromGroup                             @93
+        PR_GetCPS                                      @94
+        PR_NewEntry                                    @95
+        PR_ListMax                                     @96
+        PR_SetMax                                      @97
+        PR_ListEntry                                   @98
+        PR_ChangeEntry                                 @99
+        PR_ListElements                                        @100
+        PR_IsAMemberOf                                 @101
+        PR_SetFieldsEntry                              @102
+        PR_ListOwned                                   @103
+        PR_GetCPS2                                     @104
+        PR_GetHostCPS                                  @105
+        PR_UpdateEntry                                 @106
+        PR_ListEntries                                 @107
+        PR_ListSuperGroups                             @108
+       ka_AuthSpecificServersConn                      @109
+       ka_KeyCheckSum                                  @110
+
+
+
+
+
+
+
+
+
+
+
+
+