[OpenAFS-devel] Alternate cell PAM patch
Charles Clancy
security@xauth.net
Tue, 25 Jun 2002 10:20:49 -0500 (CDT)
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime@docserver.cac.washington.edu for more info.
---559023410-851401618-1025018449=:28011
Content-Type: TEXT/PLAIN; charset=US-ASCII
Attached is a patch against the 1.2.5 source that will let you do
something like:
auth optional /lib/security/pam_afs.so cell other-cell.domain.net
auth sufficient /lib/security/pam_afs.so try_first_pass refresh_token \
cell main-cell.domain.net
auth required /lib/security/pam_unix.so
You need to specify "refresh_token" the second time you call it to prevent
it from getting a second PAG and making your first token useless.
Or, you can just use it once to authenticate to a cell other than what's
in /usr/vice/etc/ThisCell. Not specifying the "cell" argument causes the
expected behavior of authenticating against the local cell.
[ t charles clancy ]-[ tclancy@uiuc.edu ]-[ uiuc.edu/~tclancy ]
[ crypto ][ coordinated science lab ][ university of illinois ]
---559023410-851401618-1025018449=:28011
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="multi-cell-pam.patch"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.GSO.4.44.0206251020490.28011@ismene>
Content-Description:
Content-Disposition: attachment; filename="multi-cell-pam.patch"
LS0tIHNyYy9wYW0vYWZzX2F1dGguYwlXZWQgRGVjIDI2IDE0OjIzOjAzIDIw
MDENCisrKyBzcmMvcGFtL2Fmc19hdXRoLmMJVHVlIEp1biAyNSAwOTo0Nzoy
MCAyMDAyDQpAQCAtNDcsNiArNDcsNyBAQA0KICAgICBpbnQgaWdub3JlX3Vp
ZCAgPSAwOw0KICAgICB1aWRfdCBpZ25vcmVfdWlkX2lkID0gMDsNCiAgICAg
Y2hhciBteV9wYXNzd29yZF9idWZbMjU2XTsNCisgICAgY2hhciBjZWxsX25h
bWVbMjU2XTsNCiAgICAgLyoNCiAgICAgICogdGhlc2Ugb3B0aW9ucyBhcmUg
YWRkZWQgdG8gaGFuZGxlIHN0dXBpZCBhcHBzLCB3aGljaCB3b24ndCBjYWxs
DQogICAgICAqIHBhbV9zZXRfY3JlZCgpDQpAQCAtNzksNyArODAsNyBAQA0K
ICAgICBvcGVubG9nKHBhbV9hZnNfaWRlbnQsIExPR19DT05TfExPR19QSUQs
IExPR19BVVRIKTsNCiAjZW5kaWYNCiAgICAgb3JpZ21hc2sgPSBzZXRsb2dt
YXNrKGxvZ21hc2spOw0KLQ0KKyAgICBjZWxsX25hbWVbMF09MDsNCiAgICAg
LyoNCiAgICAgICogUGFyc2UgdGhlIHVzZXIgb3B0aW9ucy4gIExvZyBhbiBl
cnJvciBmb3IgYW55IHVua25vd24gb3B0aW9ucy4NCiAgICAgICovDQpAQCAt
MTA5LDYgKzExMCwxNCBAQA0KIAkJICAgICAgICBwYW1fYWZzX3N5c2xvZyhM
T0dfRVJSLCBQQU1BRlNfSUdOT1JFVUlELCBhcmd2W2ldKTsNCiAgICAgICAg
ICAgICAgICAgfQ0KIAkgICAgfQ0KKwl9IGVsc2UgaWYgKHN0cmNhc2VjbXAo
YXJndltpXSwgImNlbGwiKSA9PSAwKSB7DQorCSAgICBpKys7DQorCSAgICBp
ZiAoaSA9PSBhcmdjKSB7DQorICAgICAgICAgICAgICAgIHBhbV9hZnNfc3lz
bG9nKExPR19FUlIsIFBBTUFGU19PVEhFUkNFTEwsICJjZWxsIG1pc3Npbmcg
YXJndW1lbnQiKTsNCisJICAgIH0gZWxzZSB7DQorCQlzdHJuY3B5KGNlbGxf
bmFtZSwgYXJndltpXSwgMjU1KTsNCisgICAgICAgICAgICAgICAgcGFtX2Fm
c19zeXNsb2coTE9HX0lORk8sIFBBTUFGU19PVEhFUkNFTEwsIGNlbGxfbmFt
ZSk7DQorCSAgICB9CSAgICANCiAJfSBlbHNlIGlmIChzdHJjYXNlY21wKGFy
Z3ZbaV0sICJyZWZyZXNoX3Rva2VuIiApID09IDApIHsNCiAJICAgIHJlZnJl
c2hfdG9rZW4gPSAxOw0KIAl9IGVsc2UgaWYgKHN0cmNhc2VjbXAoYXJndltp
XSwgInNldF90b2tlbiIgKSA9PSAwKSB7DQpAQCAtMjgwLDkgKzI4OSw5IEBA
DQogICAgICAqLw0KIAlpZiAodXNlX2tsb2cpIHsgLyogdXNlZCBieSBrZG0g
Mi54ICovDQogCSAgIGlmIChyZWZyZXNoX3Rva2VuIHx8IHNldF90b2tlbikg
ew0KLQkgICAgICBpID0gZG9fa2xvZyh1c2VyLCBwYXNzd29yZCwgTlVMTCk7
DQorCSAgICAgIGkgPSBkb19rbG9nKHVzZXIsIHBhc3N3b3JkLCBOVUxMLCBj
ZWxsX25hbWUpOw0KIAkgICB9IGVsc2Ugew0KLQkgICAgICBpID0gZG9fa2xv
Zyh1c2VyLCBwYXNzd29yZCwgIjAwOjAwOjAxIik7DQorCSAgICAgIGkgPSBk
b19rbG9nKHVzZXIsIHBhc3N3b3JkLCAiMDA6MDA6MDEiLCBjZWxsX25hbWUp
Ow0KIAkgICAgICBrdGNfRm9yZ2V0QWxsVG9rZW5zKCk7DQogICAgICAgICAg
ICB9DQogCSAgIGlmIChsb2dtYXNrICYmIExPR19NQVNLKExPR19ERUJVRykp
DQpAQCAtMjk5LDcgKzMwOCw3IEBADQogICAgICAgICAgICAgICAgICBjb2Rl
ID0ga2FfVXNlckF1dGhlbnRpY2F0ZUdlbmVyYWwoS0FfVVNFUkFVVEhfVkVS
U0lPTiwNCiAJCQkJICAgIHVzZXIsIC8qIGtlcmJlcm9zIG5hbWUgKi8NCiAJ
CQkJICAgIChjaGFyICopMCwgLyogaW5zdGFuY2UgKi8NCi0JCQkJICAgIChj
aGFyICopMCwgLyogcmVhbG0gKi8NCisJCQkJICAgIGNlbGxfbmFtZSwgLyog
cmVhbG0gKi8NCiAJCQkJICAgIHBhc3N3b3JkLCAvKiBwYXNzd29yZCAqLw0K
IAkJCQkgICAgMCwgLyogZGVmYXVsdCBsaWZldGltZSAqLw0KICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICZwYXNzd29yZF9leHBpcmVz
LA0KQEAgLTMwOSw3ICszMTgsNyBAQA0KICAgICAgICAgICAgICAgICAgY29k
ZSA9IGthX1ZlcmlmeVVzZXJQYXNzd29yZChLQV9VU0VSQVVUSF9WRVJTSU9O
LA0KIAkJCQkgICAgdXNlciwgLyoga2VyYmVyb3MgbmFtZSAqLw0KIAkJCQkg
ICAgKGNoYXIgKikwLCAvKiBpbnN0YW5jZSAqLw0KLQkJCQkgICAgKGNoYXIg
KikwLCAvKiByZWFsbSAqLw0KKwkJCQkgICAgY2VsbF9uYW1lLCAvKiByZWFs
bSAqLw0KIAkJCQkgICAgcGFzc3dvcmQsIC8qIHBhc3N3b3JkICovDQogCQkJ
CSAgICAwLCAvKiBzcGFyZSAyICovDQogCQkJCSAgICAmcmVhc29uIC8qIGVy
cm9yIHN0cmluZyAqLyApOw0KQEAgLTM1MCw3ICszNTksNyBAQA0KICAgICAg
ICAgICAgIGNvZGUgPSBrYV9Vc2VyQXV0aGVudGljYXRlR2VuZXJhbChLQV9V
U0VSQVVUSF9WRVJTSU9OLA0KIAkJCQkgICAgdXNlciwgLyoga2VyYmVyb3Mg
bmFtZSAqLw0KIAkJCQkgICAgKGNoYXIgKikwLCAvKiBpbnN0YW5jZSAqLw0K
LQkJCQkgICAgKGNoYXIgKikwLCAvKiByZWFsbSAqLw0KKwkJCQkgICAgY2Vs
bF9uYW1lLCAvKiByZWFsbSAqLw0KIAkJCQkgICAgcGFzc3dvcmQsIC8qIHBh
c3N3b3JkICovDQogCQkJCSAgICAwLCAvKiBkZWZhdWx0IGxpZmV0aW1lICov
DQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJnBhc3N3
b3JkX2V4cGlyZXMsDQpAQCAtMzYwLDcgKzM2OSw3IEBADQogICAgICAgICAg
ICAgY29kZSA9IGthX1ZlcmlmeVVzZXJQYXNzd29yZChLQV9VU0VSQVVUSF9W
RVJTSU9OLA0KIAkJCQkgICAgdXNlciwgLyoga2VyYmVyb3MgbmFtZSAqLw0K
IAkJCQkgICAgKGNoYXIgKikwLCAvKiBpbnN0YW5jZSAqLw0KLQkJCQkgICAg
KGNoYXIgKikwLCAvKiByZWFsbSAqLw0KKwkJCQkgICAgY2VsbF9uYW1lLCAv
KiByZWFsbSAqLw0KIAkJCQkgICAgcGFzc3dvcmQsIC8qIHBhc3N3b3JkICov
DQogCQkJCSAgICAwLCAvKiBzcGFyZSAyICovDQogCQkJCSAgICAmcmVhc29u
IC8qIGVycm9yIHN0cmluZyAqLyApOw0KLS0tIHNyYy9wYW0vYWZzX21lc3Nh
Z2UuYwlUaHUgU2VwICA2IDIzOjM2OjQ0IDIwMDENCisrKyBzcmMvcGFtL2Fm
c19tZXNzYWdlLmMJVHVlIEp1biAyNSAwOTo0NzoyMCAyMDAyDQpAQCAtODUs
NiArODUsNyBAQA0KICAgICAia2EgZXJyb3IsIGNvZGU9JWQiLCAgICAgICAg
ICAgICAgICAgICAgICAgIC8qIDQ0OiBLQUVSUk9SICAgICAgICAgICovDQog
ICAgICJQYXNzd29yZHMgYXJlIG5vdCBlcXVhbCIsICAgICAgICAgICAgICAg
ICAgLyogNDU6IE5FX1BBU1NXT1JEICAgICAgKi8NCiAgICAgIkFGUyBpZ25v
cmluZyB1bnJlZ2lzdGVyZWQgdXNlciAlc1xuIiAgICAgICAvKiA0NjogSUdO
T1JFX1VOUkVHICAgICAqLw0KKyAgICAiQWx0ZXJuYXRlIGNlbGwgbmFtZTog
JXNcbiIsCQkvKiA0NzogT1RIRVJDRUxMCSovDQogfTsNCiANCiBzdGF0aWMg
aW50IG51bV9mYWxsYmFja3MgPSBzaXplb2YoZmFsbGJhY2tfbWVzc2FnZXMp
L3NpemVvZihjaGFyICopOw0KLS0tIHNyYy9wYW0vYWZzX21lc3NhZ2UuaAlU
aHUgU2VwICA2IDIzOjM2OjQ0IDIwMDENCisrKyBzcmMvcGFtL2Fmc19tZXNz
YWdlLmgJVHVlIEp1biAyNSAwOTo0NzoyMCAyMDAyDQpAQCAtNTcsNyArNTcs
NyBAQA0KICNkZWZpbmUgUEFNQUZTX0tBRVJST1IgICAgICAgICAgNDQgLyog
ImthIGVycm9yLCBjb2RlPSVkIiAgICAgICAgICAgICAgICovDQogI2RlZmlu
ZSBQQU1BRlNfTkVfUEFTU1dPUkQgICAgICA0NSAvKiAiUGFzc3dvcmRzIGFy
ZSBub3QgZXF1YWwiICAgICAgICAgKi8NCiAjZGVmaW5lIFBBTUFGU19JR05P
UkVfVU5SRUcgICAgIDQ2IC8qICJBRlMgaWdub3JpbmcgdW5yZWdpc3RlcmVk
IHVzZXIiICAqLw0KLQ0KKyNkZWZpbmUgUEFNQUZTX09USEVSQ0VMTAk0NyAv
KiAiQWx0ZXJuYXRlIGNlbGwgbmFtZSIJCSovDQogDQogY2hhciAqcGFtX2Fm
c19tZXNzYWdlKGludCBtc2dudW0sIGludCAqZnJlZWl0KTsNCiB2b2lkIHBh
bV9hZnNfc3lzbG9nKGludCBwcmlvcml0eSwgaW50IG1zZ2lkLCAuLi4pOw0K
LS0tIHNyYy9wYW0vYWZzX3NldGNyZWQuYwlXZWQgRGVjIDI2IDE0OjIzOjAz
IDIwMDENCisrKyBzcmMvcGFtL2Fmc19zZXRjcmVkLmMJVHVlIEp1biAyNSAw
OTo1NjoxMyAyMDAyDQpAQCAtNTcsNiArNTcsNyBAQA0KICAgICBpbnQgaTsN
CiAgICAgc3RydWN0IHBhbV9jb252ICpwYW1fY29udnAgPSBOVUxMOw0KICAg
ICBjaGFyIG15X3Bhc3N3b3JkX2J1ZlsyNTZdOw0KKyAgICBjaGFyIGNlbGxf
bmFtZVsyNTZdOw0KICAgICBjaGFyIHNidWZmZXJbMTAwXTsNCiAgICAgY2hh
ciAqcGFzc3dvcmQgPSBOVUxMOw0KICAgICBpbnQgdG9yY2hfcGFzc3dvcmQg
PSAxOw0KQEAgLTcyLDcgKzczLDcgQEANCiAgICAgb3BlbmxvZyhwYW1fYWZz
X2lkZW50LCBMT0dfQ09OUywgTE9HX0FVVEgpOw0KICNlbmRpZg0KICAgICBv
cmlnbWFzayA9IHNldGxvZ21hc2sobG9nbWFzayk7DQotDQorICAgIGNlbGxf
bmFtZVswXT0wOw0KICAgICAvKg0KICAgICAgKiBQYXJzZSB0aGUgdXNlciBv
cHRpb25zLiAgTG9nIGFuIGVycm9yIGZvciBhbnkgdW5rbm93biBvcHRpb25z
Lg0KICAgICAgKi8NCkBAIC0xMDIsNiArMTAzLDE0IEBADQogCQkgICAgICAg
IHBhbV9hZnNfc3lzbG9nKExPR19FUlIsIFBBTUFGU19JR05PUkVVSUQsIGFy
Z3ZbaV0pOw0KICAgICAgICAgICAgICAgICB9DQogCSAgICB9DQorICAgICAg
ICB9IGVsc2UgaWYgKHN0cmNhc2VjbXAoYXJndltpXSwgImNlbGwiKSA9PSAw
KSB7DQorICAgICAgICAgICAgaSsrOw0KKyAgICAgICAgICAgIGlmIChpID09
IGFyZ2MpIHsNCisgICAgICAgICAgICAgICAgcGFtX2Fmc19zeXNsb2coTE9H
X0VSUiwgUEFNQUZTX09USEVSQ0VMTCwgImNlbGwgbWlzc2luZyBhcmd1bWVu
dCIpOw0KKyAgICAgICAgICAgIH0gZWxzZSB7DQorICAgICAgICAgICAgICAg
IHN0cm5jcHkoY2VsbF9uYW1lLCBhcmd2W2ldLCAyNTUpOw0KKyAgICAgICAg
ICAgICAgICBwYW1fYWZzX3N5c2xvZyhMT0dfSU5GTywgUEFNQUZTX09USEVS
Q0VMTCwgY2VsbF9uYW1lKTsNCisgICAgICAgICAgICB9DQogCX0gZWxzZSBp
ZiAoc3RyY2FzZWNtcChhcmd2W2ldLCAibm9fdW5sb2ciKSA9PSAwKSB7DQog
CSAgICBub191bmxvZyA9IDE7DQogCX0gZWxzZSBpZiAoc3RyY2FzZWNtcChh
cmd2W2ldLCAicmVmcmVzaF90b2tlbiIgKSA9PSAwKSB7DQpAQCAtMjY5LDE0
ICsyNzgsMTQgQEANCiANCiAJaWYgKCBmbGFncyAmIFBBTV9SRUZSRVNIX0NS
RUQgKSB7DQogCSAgICBpZiAodXNlX2tsb2cpIHsNCi0gICAgICAgICAgICAg
ICBhdXRoX29rID0gISBkb19rbG9nKHVzZXIsIHBhc3N3b3JkLCAiMDA6MDA6
MDEiKTsNCisgICAgICAgICAgICAgICBhdXRoX29rID0gISBkb19rbG9nKHVz
ZXIsIHBhc3N3b3JkLCAiMDA6MDA6MDEiLCBjZWxsX25hbWUpOw0KIAkgICAg
ICAga3RjX0ZvcmdldEFsbFRva2VucygpOw0KIAkgICAgfSBlbHNlIHsNCiAg
ICAgICAgICAgICBpZiAoIGthX1ZlcmlmeVVzZXJQYXNzd29yZCgNCiAgICAg
ICAgICAgICAgICAgICAgICAgICAgICBLQV9VU0VSQVVUSF9WRVJTSU9OLA0K
ICAgICAgICAgICAgICAgICAgICAgICAgICAgIHVzZXIsIC8qIGtlcmJlcm9z
IG5hbWUgKi8NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAoY2hhciAq
KTAsIC8qIGluc3RhbmNlICovDQotICAgICAgICAgICAgICAgICAgICAgICAg
ICAgKGNoYXIgKikwLCAvKiByZWFsbSAqLw0KKyAgICAgICAgICAgICAgICAg
ICAgICAgICAgIGNlbGxfbmFtZSwgLyogcmVhbG0gKi8NCiAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgcGFzc3dvcmQsIC8qIHBhc3N3b3JkICovDQog
ICAgICAgICAgICAgICAgICAgICAgICAgICAgIDAsIC8qIHNwYXJlIDIgKi8N
CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgJnJlYXNvbiAvKiBlcnJv
ciBzdHJpbmcgKi8NCkBAIC0yODksMTMgKzI5OCwxMyBAQA0KIAl9DQogCSAg
ICANCiAJaWYgKCAgZmxhZ3MgJiBQQU1fRVNUQUJMSVNIX0NSRUQgKSB7DQot
CSAgIGlmICh1c2Vfa2xvZykgYXV0aF9vayA9ICEgZG9fa2xvZyh1c2VyLCBw
YXNzd29yZCwgTlVMTCk7DQorCSAgIGlmICh1c2Vfa2xvZykgYXV0aF9vayA9
ICEgZG9fa2xvZyh1c2VyLCBwYXNzd29yZCwgTlVMTCwgY2VsbF9uYW1lKTsN
CiAJICAgZWxzZSB7DQogCSAgICBpZiAoIGthX1VzZXJBdXRoZW50aWNhdGVH
ZW5lcmFsKA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgIEtBX1VTRVJB
VVRIX1ZFUlNJT04sDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgdXNl
ciwgLyoga2VyYmVyb3MgbmFtZSAqLw0KICAgICAgICAgICAgICAgICAgICAg
ICAgICAgIChjaGFyICopMCwgLyogaW5zdGFuY2UgKi8NCi0gICAgICAgICAg
ICAgICAgICAgICAgICAgICAoY2hhciAqKTAsIC8qIHJlYWxtICovDQorICAg
ICAgICAgICAgICAgICAgICAgICAgICAgY2VsbF9uYW1lLCAvKiByZWFsbSAq
Lw0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICBwYXNzd29yZCwgLyog
cGFzc3dvcmQgKi8NCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgMCwg
LyogZGVmYXVsdCBsaWZldGltZSAqLw0KICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAmcGFzc3dvcmRfZXhwaXJlcywNCi0tLSBzcmMvcGFtL2Fmc191
dGlsLmMJU3VuIEphbiAyMCAwMjozNDo0NCAyMDAyDQorKysgc3JjL3BhbS9h
ZnNfdXRpbC5jCVR1ZSBKdW4gMjUgMDk6NDc6MjEgMjAwMg0KQEAgLTkxLDcg
KzkxLDcgQEANCiAgICAgcmV0dXJuIHRwOw0KIH0NCiANCi1pbnQgZG9fa2xv
Zyhjb25zdCBjaGFyKiB1c2VyLCBjb25zdCBjaGFyKiBwYXNzd29yZCwgY29u
c3QgY2hhciogbGlmZXRpbWUpDQoraW50IGRvX2tsb2coY29uc3QgY2hhciog
dXNlciwgY29uc3QgY2hhciogcGFzc3dvcmQsIGNvbnN0IGNoYXIqIGxpZmV0
aW1lLCBjb25zdCBjaGFyKiBjZWxsX25hbWUpDQogew0KIHBpZF90CXBpZDsN
CiBpbnQJcGlwZWRlc1syXTsNCkBAIC0xMTcsNiArMTE3LDEwIEBADQogICAg
YXJndlthcmdjKytdID0gImtsb2ciOw0KICNlbmRpZg0KICAgIGFyZ3ZbYXJn
YysrXSA9IChjaGFyKil1c2VyOw0KKyAgIGlmIChjZWxsX25hbWVbMF0gIT0g
MCkgew0KKyAgICAgIGFyZ3ZbYXJnYysrXSA9ICItY2VsbCI7DQorICAgICAg
YXJndlthcmdjKytdID0gKGNoYXIqKWNlbGxfbmFtZTsNCisgICB9DQogICAg
YXJndlthcmdjKytdID0gIi1zaWxlbnQiOw0KICAgIGFyZ3ZbYXJnYysrXSA9
ICItcGlwZSI7DQogICAgaWYgKGxpZmV0aW1lICE9IE5VTEwpIHsNCg==
---559023410-851401618-1025018449=:28011--