windows-netidmgr-20070505

Only automatically add configuration for cell foo.com if the realm
of the cell matches the realm of the identity

diff --git a/src/WINNT/netidmgr_plugin/afsfuncs.c b/src/WINNT/netidmgr_plugin/afsfuncs.c
index d185494e437f18d4f9e6143991bbb71640065a55..223fba2989cf22ce53e6d0a437a71cf4cebcc2cf 100644 (file)
--- a/src/WINNT/netidmgr_plugin/afsfuncs.c
+++ b/src/WINNT/netidmgr_plugin/afsfuncs.c
@@ -650,6 +650,7 @@ ViceIDToUsername(char *username,
        pr_End();
     }
 
+#ifdef AFS_ID_TO_NAME
     /*
      * This is a crock, but it is Transarc's crock, so
      * we have to play along in order to get the
@@ -659,7 +660,7 @@ ViceIDToUsername(char *username,
      * the code for tokens, this hack (AFS ID %d) will
      * not work if you change %d to something else.
      */
-
+#endif /* AFS_ID_TO_NAME */
     /*
      * This code is taken from cklog -- it lets people
      * automatically register with the ptserver in foreign cells
@@ -692,8 +693,6 @@ ViceIDToUsername(char *username,
             status = pr_CreateUser(username, &id);
            pr_End();
             StringCbCopyA(username, BUFSIZ, username_copy);
-           if (status)
-               return status;
 #ifdef AFS_ID_TO_NAME
             StringCchPrintfA(username, BUFSIZ, "%s (AFS ID %d)", username_copy, (int) viceId);
 #endif /* AFS_ID_TO_NAME */
@@ -727,7 +726,7 @@ afs_klog(khm_handle identity,
     char       RealmName[128];
     char       CellName[128];
     char       ServiceName[128];
-    khm_handle confighandle;
+    khm_handle confighandle = NULL;
     khm_int32  supports_krb4 = 1;
     khm_int32   got524cred = 0;
 
@@ -1155,11 +1154,6 @@ afs_klog(khm_handle identity,
         ViceIDToUsername(aclient.name, realm_of_user, realm_of_cell, CellName, 
                          &aclient, &aserver, &atoken);
 
-        // NOTE: On WIN32, the order of SetToken params changed...
-        // to   ktc_SetToken(&aserver, &aclient, &atoken, 0)
-        // from ktc_SetToken(&aserver, &atoken, &aclient, 0) on
-        // Unix...  The afscompat ktc_SetToken provides the Unix order
-
         if (rc = ktc_SetToken(&aserver, &atoken, &aclient, 0)) {
             afs_report_error(rc, "ktc_SetToken()");
             return(rc);
@@ -1470,3 +1464,38 @@ cleanup:
  
     return(hr); 
 }
+
+khm_boolean
+afs_check_for_cell_realm_match(khm_handle identity, char * cell) {
+    char local_cell[MAXCELLCHARS];
+    wchar_t wrealm[MAXCELLCHARS];
+    wchar_t idname[KCDB_IDENT_MAXCCH_NAME];
+    wchar_t * atsign;
+    khm_size cb;
+    char * realm;
+    afs_conf_cell cellconfig;
+    int rc;
+
+    ZeroMemory(local_cell, sizeof(local_cell));
+
+    rc = afs_get_cellconfig(cell, &cellconfig, local_cell);
+    if (rc)
+        return FALSE;
+
+    realm = afs_realm_of_cell(&cellconfig, FALSE);
+    if (realm == NULL)
+        return FALSE;
+
+    AnsiStrToUnicode(wrealm, sizeof(wrealm), realm);
+
+    cb = sizeof(idname);
+    idname[0] = L'\0';
+    kcdb_identity_get_name(identity, idname, &cb);
+
+    atsign = wcschr(idname, L'@');
+    if (atsign && atsign[1] && !wcsicmp(atsign + 1, wrealm)) {
+        return TRUE;
+    } else {
+        return FALSE;
+    }
+}

diff --git a/src/WINNT/netidmgr_plugin/afsfuncs.h b/src/WINNT/netidmgr_plugin/afsfuncs.h
index b1ba8f19ec9ba65db559be2b04f463cc0d9d1194..be55608e49901ec11b8d70c12af303da1fd051e5 100644 (file)
--- a/src/WINNT/netidmgr_plugin/afsfuncs.h
+++ b/src/WINNT/netidmgr_plugin/afsfuncs.h
@@ -73,8 +73,10 @@ ServiceControl(LPSTR lpszMachineName,
 
 void afs_report_error(LONG rc, LPCSTR FailedFunctionName);
 
+khm_boolean
+afs_check_for_cell_realm_match(khm_handle identity, char * cell);
+
 static char *afs_realm_of_cell(afs_conf_cell *, BOOL);
 static long afs_get_cellconfig_callback(void *, struct sockaddr_in *, char *);
 static int afs_get_cellconfig(char *, afs_conf_cell *, char *);
-
 #endif

diff --git a/src/WINNT/netidmgr_plugin/afsnewcreds.c b/src/WINNT/netidmgr_plugin/afsnewcreds.c
index 074d866258d40b50332223cbf5418928f629f8bb..de5c3896f72971f6cd040a74954de3351a4af1ad 100644 (file)
--- a/src/WINNT/netidmgr_plugin/afsnewcreds.c
+++ b/src/WINNT/netidmgr_plugin/afsnewcreds.c
@@ -535,6 +535,7 @@ afs_check_add_token_to_identity(wchar_t * cell, khm_handle ident,
     return ok_to_add;
 }
 
+
 void 
 afs_cred_get_identity_creds(afs_cred_list * l, 
                             khm_handle ident,
@@ -672,7 +673,8 @@ afs_cred_get_identity_creds(afs_cred_list * l,
 
         khc_open_space(csp_params, L"Cells", 0, &h_gcells);
 
-        if(!cm_GetRootCellName(buf)) {
+        if (!cm_GetRootCellName(buf) &&
+            afs_check_for_cell_realm_match(ident, buf)) {
             AnsiStrToUnicode(wbuf, sizeof(wbuf), buf);
 
             if (afs_check_add_token_to_identity(wbuf, ident, NULL)) {
@@ -753,6 +755,15 @@ afs_cred_get_identity_creds(afs_cred_list * l,
                 if (i < l->n_rows)
                     continue;
 
+                {
+                    char cell[MAXCELLCHARS];
+
+                    UnicodeStrToAnsi(cell, sizeof(cell), c_cell);
+
+                    if (!afs_check_for_cell_realm_match(ident, cell))
+                        continue;
+                }
+
                 r = afs_cred_get_new_row(l);
 
                 r->cell = PMALLOC(cb);