debug_nt_user_token(DBGC_AUTH, 10, ptoken);
+ if ((lp_log_nt_token_command() != NULL) &&
+ (strlen(lp_log_nt_token_command()) > 0)) {
+ TALLOC_CTX *mem_ctx;
+ char *command;
+ fstring sidstr;
+ char *user_sidstr, *group_sidstr;
+
+ mem_ctx = talloc_init("setnttoken");
+ if (mem_ctx == NULL)
+ return NT_STATUS_NO_MEMORY;
+
+ sid_to_string(sidstr, &ptoken->user_sids[0]);
+ user_sidstr = talloc_strdup(mem_ctx, sidstr);
+
+ group_sidstr = talloc_strdup(mem_ctx, "");
+ for (i=1; i<ptoken->num_sids; i++) {
+ sid_to_string(sidstr, &ptoken->user_sids[i]);
+ group_sidstr = talloc_asprintf(mem_ctx, "%s %s",
+ group_sidstr, sidstr);
+ }
+
+ command = strdup(lp_log_nt_token_command());
+ command = realloc_string_sub(command, "%s", user_sidstr);
+ command = realloc_string_sub(command, "%t", group_sidstr);
+ DEBUG(8, ("running command: [%s]\n", command));
+ if (smbrun(command, NULL) != 0) {
+ DEBUG(0, ("Could not log NT token\n"));
+ nt_status = NT_STATUS_ACCESS_DENIED;
+ }
+ talloc_destroy(mem_ctx);
+ SAFE_FREE(command);
+ }
+
*token = ptoken;
return nt_status;
char *cell;
BOOL result;
char *ticket_str;
+ DOM_SID user_sid;
struct ClearToken ct;
pstrcpy(afs_username, lp_afs_username_map());
standard_sub_conn(conn, afs_username, sizeof(afs_username));
+ if (NT_STATUS_IS_OK(uid_to_sid(&user_sid, conn->uid)))
+ pstring_sub(afs_username, "%s", sid_string_static(&user_sid));
+
/* The pts command always generates completely lower-case user
* names. */
strlower_m(afs_username);
afsname = realloc_string_sub(afsname, "%u", name_user);
afsname = realloc_string_sub(afsname, "%U", name_user);
+ {
+ DOM_SID user_sid;
+ fstring sidstr;
+
+ sid_copy(&user_sid, &info3.dom_sid.sid);
+ sid_append_rid(&user_sid, info3.user_rid);
+ sid_to_string(sidstr, &user_sid);
+ afsname = realloc_string_sub(afsname, "%s", sidstr);
+ }
+
if (afsname == NULL) goto no_token;
strlower_m(afsname);
+ DEBUG(10, ("Generating token for user %s\n", afsname));
+
cell = strchr(afsname, '@');
if (cell == NULL) goto no_token;
char *szRealm;
char *szAfsUsernameMap;
int iAfsTokenLifetime;
+ char *szLogNtTokenCommand;
char *szUsernameMap;
char *szLogonScript;
char *szLogonPath;
{"homedir map", P_STRING, P_GLOBAL, &Globals.szNISHomeMapName, NULL, NULL, FLAG_ADVANCED},
{"afs username map", P_STRING, P_GLOBAL, &Globals.szAfsUsernameMap, NULL, NULL, FLAG_ADVANCED},
{"afs token lifetime", P_INTEGER, P_GLOBAL, &Globals.iAfsTokenLifetime, NULL, NULL, FLAG_ADVANCED},
+ {"log nt token command", P_STRING, P_GLOBAL, &Globals.szLogNtTokenCommand, NULL, NULL, FLAG_ADVANCED},
{"time offset", P_INTEGER, P_GLOBAL, &extra_time_offset, NULL, NULL, FLAG_ADVANCED},
{"NIS homedir", P_BOOL, P_GLOBAL, &Globals.bNISHomeMap, NULL, NULL, FLAG_ADVANCED},
{"-valid", P_BOOL, P_LOCAL, &sDefault.valid, NULL, NULL, FLAG_HIDE},
FN_GLOBAL_STRING(lp_realm, &Globals.szRealm)
FN_GLOBAL_CONST_STRING(lp_afs_username_map, &Globals.szAfsUsernameMap)
FN_GLOBAL_INTEGER(lp_afs_token_lifetime, &Globals.iAfsTokenLifetime)
+FN_GLOBAL_STRING(lp_log_nt_token_command, &Globals.szLogNtTokenCommand)
FN_GLOBAL_STRING(lp_username_map, &Globals.szUsernameMap)
FN_GLOBAL_CONST_STRING(lp_logon_script, &Globals.szLogonScript)
FN_GLOBAL_CONST_STRING(lp_logon_path, &Globals.szLogonPath)
projects / thirdparty / samba.git / commitdiff
