summaryrefslogtreecommitdiff
path: root/source3/lib/afs.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r6779: Use the SID in the user token for the %s expansion in 'afs username ↵Volker Lendecke1-3/+4
map'. This fixes a rather weird problem where an algorithmic SID ended up as the replacement for %s. Volker (This used to be commit 67dbc91b27aeeeab3cc1360137db1dd955728061)
2007-10-10r5331: Support SIDs as %s replacements in the afs username map parameter.Volker Lendecke1-0/+4
Add 'log nt token command' parameter. If set, %s is replaced with the user sid, and %t takes all the group sids. Volker (This used to be commit e7dc9fde45c750013ad07f584599dd51f8eb8a54)
2007-10-10r4256: Add a patch from kllin@it.su.se: New Parameter 'afs token lifetime' ↵Volker Lendecke1-1/+5
tells the AFS client when to throw away a token. Thanks, Volker (This used to be commit 836a8277b2281bcdb6eab8339b05bec61b49eb74)
2007-10-10r4252: Comment clarification from Love Hörnquist Åstrand <lha@stacken.kth.se>.Volker Lendecke1-3/+7
Thanks, Volker (This used to be commit 207625c7ab8ce41d7b59981e6a767dc299178335)
2007-10-10r1492: Rework our random number generation system.Andrew Bartlett1-1/+1
On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork(). For other systems, we now only re-seed after a fork, and on startup. No need to do it per-operation. This removes the 'need_reseed' parameter from generate_random_buffer(). Andrew Bartlett (This used to be commit 36741d3cf53a7bd17d361251f2bb50851cdb035f)
2007-10-10r449: Two AFS-related things:Volker Lendecke1-228/+4
Split off the non-crypto related parts of lib/afs.c into lib/afs_settoken.c. This makes wbinfo link without -lcrypto. Commit vfs_afsacl.c, display & set AFS acls via the NT security editor. Volker (This used to be commit 43870a3fc1073cf7d60f1becae5c2ff98ab49439)
2004-04-01This restructures lib/afs.c so that the token data can be but into aVolker Lendecke1-67/+294
stream. This is to implement wbinfo -k that asks winbind for authentication which then creates the AFS token for the authenticated user. Volker (This used to be commit 2df6750a079820826013360fb9e47f90bc8223a5)
2003-12-30The AFS pts command always generates completely lower-case user names. As caseVolker Lendecke1-1/+4
is not significant in windows user names we should not lose information by lower-casing the name before handing it to AFS. Volker (This used to be commit 6d2285b6d1599648661be47abaaa888419700d22)
2003-10-23After a phonecall with jra finally commit this.Volker Lendecke1-7/+3
This changes our behaviour when the setresuid call is available. We now not only change the effective uid but also the real uid when becoming unprivileged. This is mainly for improved AFS compatibility, as AFS selects the token to send to the server based on the real uid of the process. I tested this with a W2k server with two non-root 'runas' sessions. They come in via a single smbd as two different users using two session setups. Samba on Linux can still switch between the two uids, proved by two different files created via those sessions. Volker (This used to be commit 556c62f93535c606122b22e7e843d9da9a1cd438)
2003-09-23This only touches the fake kaserver support. It adds two parameters:Volker Lendecke1-24/+36
afs share -- this is an AFS share, do AFS magic things afs username map -- We need a way to specify the cell and possibly weird username codings for several windows domains in the afs cell Volker (This used to be commit 4a3f7a9356cd5068d9ed4fd6e2336d9bf7923fbd)
2003-09-07Nobody complained on the team-list, so commit it ...Volker Lendecke1-0/+248
This implements some kind of improved AFS support for Samba on Linux with OpenAFS 1.2.10. ./configure --with-fake-kaserver assumes that you have OpenAFS on your machine. To use this, you have to put the AFS server's KeyFile into secrets.tdb with 'net afskey'. If this is done, on each tree connect smbd creates a Kerberos V4 ticket suitable for use by the AFS client and gives it to the kernel via the AFS syscall. This is meant to be very light-weight, so I did not link in a whole lot of libraries to be more platform-independent using the ka_SetToken function call. Volker (This used to be commit 5775690ee8e17d3e98355b5147e4aed47e8dc213)