[OpenAFS] Authentication problems with 1.0.4

Peter Popovics pop@dtv.dk
Fri, 27 Apr 2001 19:36:28 +0200 

> >- if I get my personal tokens with aklog, they are not usable to reach my
protected files 
> 
> aklog seems to work for me.

Sry... it was klog. And it's still klog. It works but the tokens you get are
not usable. 

> >  Isn't it included in the WinNT binary distribution ???)
> 
> i am not aware of this patch.  where is it?

-------------------------------------------------------------
-----Original Message-----
From: Dave Koziol [mailto:dkoziol@dragonflywireless.com]
Sent: Wednesday, March 07, 2001 12:21 AM
To: Jason Young; openafs-devel@openafs.org
Subject: Re: [OpenAFS-devel] Windows build problems

................

There is also a Win2K problem with making logins work correctly.  Here is 
the current work in progress patch for that.   I don't think this is in CVS 
either because there are still some potential security issues with this 
change.

*** c:\afs\openafs\src\winnt\afsd\smb.c	Sat Nov 04 10:01:43 2000
--- c:\openafs\src\winnt\afsd\smb.c	Fri Jan 19 00:19:48 2001
***************
*** 548,553 ****
--- 548,569 ----
          return uidp;
  }

+ // Allows you to find an smb_user_t record by the name field
+ smb_user_t *smb_FindUserByName(smb_vc_t *vcp, char *name)
+ {
+ 	smb_user_t *uidp= NULL;
+
+ 	lock_ObtainWrite(&smb_rctLock);
+ 	for(uidp = vcp->usersp; uidp; uidp = uidp->nextp) {
+ 		if (stricmp(uidp->name, name) == 0) {
+ 			uidp->refCount++;
+                 	break;
+ 		}
+         }
+         lock_ReleaseWrite(&smb_rctLock);
+         return uidp;
+ }
+
  void smb_ReleaseUID(smb_user_t *uidp)
  {
  	smb_user_t *up;


*** c:\afs\openafs\src\winnt\afsd\smb.h	Sat Nov 04 10:01:44 2000
--- c:\openafs\src\winnt\afsd\smb.h	Fri Jan 19 00:23:40 2001
***************
*** 307,312 ****
--- 307,314 ----

  extern smb_user_t *smb_FindUID(smb_vc_t *vcp, unsigned short uid, int
flags);

+ extern smb_user_t *smb_FindUserByName(smb_vc_t *vcp, char *name);
+
  extern void smb_ReleaseUID(smb_user_t *uidp);

  extern cm_user_t *smb_GetUser(smb_vc_t *vcp, smb_packet_t *inp);


*** c:\afs\openafs\src\winnt\afsd\smb3.c	Sat Nov 04 10:01:44 2000
--- c:\openafs\src\winnt\afsd\smb3.c	Fri Jan 19 14:38:20 2001
***************
*** 132,150 ****
  	pwd = smb_ParseString(tp, &tp);
  	usern = smb_ParseString(tp, &tp);

! 	/* Create a new UID and cm_user_t structure */
! 	userp = cm_NewUser();
! 	lock_ObtainMutex(&vcp->mx);
! 	newUid = vcp->uidCounter++;
! 	lock_ReleaseMutex(&vcp->mx);

! 	/* Create a new smb_user_t structure and connect them up */
! 	uidp = smb_FindUID(vcp, newUid, SMB_FLAG_CREATE);
! 	lock_ObtainMutex(&uidp->mx);
! 	uidp->userp = userp;
! 	uidp->name = strdup(usern);
! 	lock_ReleaseMutex(&uidp->mx);
! 	smb_ReleaseUID(uidp);

  	if (dead_vcp) {
  		dead_uidp = dead_vcp->usersp;
--- 132,164 ----
  	pwd = smb_ParseString(tp, &tp);
  	usern = smb_ParseString(tp, &tp);

! 	// On Windows 2000, this function appears to be called more often
than
! 	// it is expected to be called. This resulted in multiple smb_user_t
! 	// records existing all for the same user session which results in
all
! 	// of the users tokens disappearing.
! 	//
! 	// To avoid this problem, we look for an existing smb_user_t record
! 	// based on the users name, and use that one if we find it.
! 	if (uidp = smb_FindUserByName(vcp, usern)) {
! 		userp = uidp->userp;
! 		newUid = (unsigned short)uidp->userID;	// For some reason
these are
different types!
! 		smb_ReleaseUID(uidp);
! 	}
! 	else {
! 		/* Create a new UID and cm_user_t structure */
! 		userp = cm_NewUser();
! 		lock_ObtainMutex(&vcp->mx);
! 		newUid = vcp->uidCounter++;
! 		lock_ReleaseMutex(&vcp->mx);

! 		/* Create a new smb_user_t structure and connect them up */
! 		uidp = smb_FindUID(vcp, newUid, SMB_FLAG_CREATE);
! 		lock_ObtainMutex(&uidp->mx);
! 		uidp->userp = userp;
! 		uidp->name = strdup(usern);
! 		lock_ReleaseMutex(&uidp->mx);
! 		smb_ReleaseUID(uidp);
! 	}

  	if (dead_vcp) {
  		dead_uidp = dead_vcp->usersp;


----------------------------

> >- if I try to get "admin" tokens, klog replies:
> >  "Unable to authenticate to AFS because user doesn't exist."
> 
> C:\> klog emt.admin@depot.nrl.navy.mil
> Non-null instance (admin) may cuase strange behavior.
> Password:
> Unable to authenticate to AFS because password was incorrect.
> 
> C:\> klog chas.admin@depot.nrl.navy.mil
> Non-null instance (admin) may cuase strange behavior.
> Password:
> Unable to authenticate to AFS because user doesn't exist.
> 
> klog on windows seems to know how to handle instances.  what did you
> try to run?

simply:

klog admin

P.Peter