From 01fe275679740d516b78a477c8976fbefe1217b4 Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Thu, 20 Apr 2006 18:19:22 +0000 Subject: [PATCH] windows-query-afsid-20060420 In order to properly handle the local allocation of locks the cache manager must enforce the locking rules associated with PRSFS_WRITE and PRSFS_INSERT and PRSFS_LOCK. Insert affects "new files" which in AFS are defined as any file that is owned by the user. Therefore, we must know the afsid of the user so that it can be compared to owner of the file. This commit includes a query using PR_SNameToId where the name is the name specified by the entity setting the token. There does not currently exist a Protection Service RPC to return the AFSID of the entity that the rx connection was authenticated as. Such a function will have to be added in order to make this functionality secure. ==================== This delta was composed from multiple commits as part of the CVS->Git migration. The checkin message with each commit was inconsistent. The following are the additional commit messages. ==================== Export functions missing from the UNIX version and the PR_ functions required by the Windows Cache Manager. --- src/WINNT/afsd/NTMakefile | 1 + src/WINNT/afsd/cm_ioctl.c | 86 +++++++++++++++++++++++++++++++- src/WINNT/afsd/cm_user.h | 1 + src/libafsauthent/afsauthent.def | 41 ++++++++++++++- 4 files changed, 127 insertions(+), 2 deletions(-) diff --git a/src/WINNT/afsd/NTMakefile b/src/WINNT/afsd/NTMakefile index 4231d6269..198f97012 100644 --- a/src/WINNT/afsd/NTMakefile +++ b/src/WINNT/afsd/NTMakefile @@ -101,6 +101,7 @@ AFSDOBJS=\ $(OUT)\cm_cell.obj \ $(OUT)\cm_server.obj \ $(OUT)\cm_volume.obj \ + $(OUT)\cm_config.obj \ $(OUT)\cm_conn.obj \ $(OUT)\cm_user.obj \ $(OUT)\cm_buf.obj \ diff --git a/src/WINNT/afsd/cm_ioctl.c b/src/WINNT/afsd/cm_ioctl.c index e7a93bb77..70b93cbe0 100644 --- a/src/WINNT/afsd/cm_ioctl.c +++ b/src/WINNT/afsd/cm_ioctl.c @@ -9,6 +9,9 @@ #include #include +#include +#include +#include #ifndef DJGPP #include @@ -1893,6 +1896,82 @@ long cm_IoctlDeletelink(struct smb_ioctl *ioctlp, struct cm_user *userp) return code; } +long cm_UsernameToId(char *uname, cm_ucell_t * ucellp, afs_uint32* uid) +{ + afs_int32 code; + namelist lnames; + idlist lids; + static struct afsconf_cell info; + struct rx_connection *serverconns[MAXSERVERS]; + struct rx_securityClass *sc[3]; + afs_int32 scIndex = 2; /* authenticated - we have a token */ + struct ubik_client *pruclient = NULL; + struct afsconf_dir *tdir; + int i; + char * p, * r; + + tdir = afsconf_Open(AFSDIR_CLIENT_ETC_DIRPATH); + code = afsconf_GetCellInfo(tdir, ucellp->cellp->name, "afsprot", &info); + afsconf_Close(tdir); + + sc[0] = 0; + sc[1] = 0; + sc[2] = 0; + + /* we have the token that was given to us in the settoken + * call. we just have to use it. + */ + scIndex = 2; /* kerberos ticket */ + sc[2] = rxkad_NewClientSecurityObject(rxkad_clear, &ucellp->sessionKey, + ucellp->kvno, ucellp->ticketLen, + ucellp->ticketp); + + memset(serverconns, 0, sizeof(serverconns)); /* terminate list!!! */ + for (i = 0; i < info.numServers; i++) + serverconns[i] = + rx_NewConnection(info.hostAddr[i].sin_addr.s_addr, + info.hostAddr[i].sin_port, PRSRV, sc[scIndex], + scIndex); + + code = ubik_ClientInit(serverconns, &pruclient); + if (code) { + return code; + } + + code = rxs_Release(sc[scIndex]); + + lids.idlist_len = 0; + lids.idlist_val = 0; + lnames.namelist_len = 1; + lnames.namelist_val = (prname *) malloc(PR_MAXNAMELEN); + strncpy(lnames.namelist_val[0], uname, PR_MAXNAMELEN); + lnames.namelist_val[0][PR_MAXNAMELEN-1] = '\0'; + for ( p=lnames.namelist_val[0], r=NULL; *p; p++ ) { + if (isupper(*p)) + *p = tolower(*p); + if (*p == '@') + r = p; + } + if (r && !stricmp(r+1,ucellp->cellp->name)) + *r = '\0'; + + code = ubik_Call(PR_NameToID, pruclient, 0, &lnames, &lids); + if (lids.idlist_val) { + *uid = *lids.idlist_val; + free(lids.idlist_val); + } + if (lnames.namelist_val) + free(lnames.namelist_val); + + if ( pruclient ) { + ubik_ClientDestroy(pruclient); + pruclient = NULL; + } + + return 0; +} + + long cm_IoctlSetToken(struct smb_ioctl *ioctlp, struct cm_user *userp) { char *saveDataPtr; @@ -1909,6 +1988,7 @@ long cm_IoctlSetToken(struct smb_ioctl *ioctlp, struct cm_user *userp) char sessionKey[8]; char *smbname; int release_userp = 0; + char * wdir = NULL; saveDataPtr = ioctlp->inDatap; @@ -2008,8 +2088,12 @@ long cm_IoctlSetToken(struct smb_ioctl *ioctlp, struct cm_user *userp) ucellp->kvno = ct.AuthHandle; ucellp->expirationTime = ct.EndTimestamp; ucellp->gen++; - if (uname) + ucellp->uid = ANONYMOUSID; + if (uname) { StringCbCopyA(ucellp->userName, MAXKTCNAMELEN, uname); + + cm_UsernameToId(uname, ucellp, &ucellp->uid); + } ucellp->flags |= CM_UCELLFLAG_RXKAD; lock_ReleaseMutex(&userp->mx); diff --git a/src/WINNT/afsd/cm_user.h b/src/WINNT/afsd/cm_user.h index f9f28b5b2..19013b141 100644 --- a/src/WINNT/afsd/cm_user.h +++ b/src/WINNT/afsd/cm_user.h @@ -32,6 +32,7 @@ typedef struct cm_ucell { int iterator; /* for use as ListTokens cookie */ long flags; /* flags */ char userName[MAXKTCNAMELEN]; /* user name */ + afs_uint32 uid; /* User's AFS ID in this cell */ } cm_ucell_t; #define CM_UCELLFLAG_HASTIX 1 /* has Kerberos tickets */ diff --git a/src/libafsauthent/afsauthent.def b/src/libafsauthent/afsauthent.def index 86f2437e3..15ae52f60 100644 --- a/src/libafsauthent/afsauthent.def +++ b/src/libafsauthent/afsauthent.def @@ -81,6 +81,45 @@ EXPORTS pr_CreateUser @80 pr_SNameToId @81 - DISK_function_names @83 DATA VOTE_function_names @84 DATA + + pr_End @85 + PR_INewEntry @86 + PR_WhereIsIt @87 + PR_DumpEntry @88 + PR_AddToGroup @89 + PR_NameToID @90 + PR_IDToName @91 + PR_Delete @92 + PR_RemoveFromGroup @93 + PR_GetCPS @94 + PR_NewEntry @95 + PR_ListMax @96 + PR_SetMax @97 + PR_ListEntry @98 + PR_ChangeEntry @99 + PR_ListElements @100 + PR_IsAMemberOf @101 + PR_SetFieldsEntry @102 + PR_ListOwned @103 + PR_GetCPS2 @104 + PR_GetHostCPS @105 + PR_UpdateEntry @106 + PR_ListEntries @107 + PR_ListSuperGroups @108 + ka_AuthSpecificServersConn @109 + ka_KeyCheckSum @110 + + + + + + + + + + + + + -- 2.39.5