summaryrefslogtreecommitdiff
path: root/source3/lib/afs.c
AgeCommit message (Collapse)AuthorFilesLines
2012-08-09Correctly check for errors in strlower_m() returns.Jeremy Allison1-1/+3
2011-07-21s3:lib/afs use stdbool typesChristian Ambach1-5/+5
2011-07-21s3:lib/afs fix some compiler warningsChristian Ambach1-2/+3
2011-07-21s3:lib/afs fix the build with --with-fake-kaserverChristian Ambach1-4/+11
This fixes one piece of Bug #8263
2011-07-20s3-auth Use struct auth_user_info_unix for unix_name and sanitized_usernameAndrew Bartlett1-2/+2
This is closer to the layout of struct auth_session_info in auth.idl Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20s3-auth Use *unix_token rather than utok in struct auth3_session_infoAndrew Bartlett1-1/+1
This brings this structure one step closer to the struct auth_session_info. A few SMB_ASSERT calls are added in some key places to ensure that this pointer is initialised, to make tracing any bugs here easier in future. NOTE: Many of the users of this structure should be reviewed, as unix and NT access checks are mixed in a way that should just be done using the NT ACL. This patch has not changed this behaviour however. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-05s3:lib fix non-empty blank linesChristian Ambach1-3/+3
2011-02-22s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_infoAndrew Bartlett1-5/+5
These variables, of type struct auth_serversupplied_info were poorly named when added into 2001, and in good consistant practice, this has extended all over the codebase in the years since. The structure is also not ideal for it's current purpose. Originally intended to convey the results of the authentication modules, it really describes all the essential attributes of a session. This rename will reduce the volume of a future patch to replaced these with a struct auth_session_info, with auth_serversupplied_info confined to the lower levels of the auth subsystem, and then eliminated. (The new structure will be the output of create_local_token(), and the change in struct definition will ensure that this is always run, populating local groups and privileges). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-02-10s3-auth Rename cryptic 'ptok' to security_tokenAndrew Bartlett1-1/+1
This will allow the auth_serversupplied_info struct to be migrated to auth_session_info easier. Adnrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-05-21s3:dom_sid Global replace of DOM_SID with struct dom_sidAndrew Bartlett1-1/+1
This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2009-05-03Fix bug 6136: New AFS syscall conventionsGeza Gemes1-2/+3
Haven't checked this myself, but as I've already got several reports that Samba won't compile against current OpenAFS anymore, I just believe Geza Gemes. This patch only affects AFS code, so it should not hurt anything else. Volker
2008-05-25Remove some references to get_current_username() and current_user_infoVolker Lendecke1-5/+3
(This used to be commit 344d69f95e217d16213eaa6b53141af6ab459708)
2008-05-14AFS: The dummy afs_createtoken_str should return NULL, not False.Kai Blin1-1/+1
(This used to be commit c84d49429191423a81d558042fe949c26f5de5fe)
2008-01-19afs: Use talloc_stackframe() instead of talloc_init()Kai Blin1-1/+1
Thanks to vl for pointing this out. (This used to be commit 76cf5a979bf3014b1de660520e538546b3676b23)
2008-01-19util_str: Don't return memory from talloc_tos(), use mem_ctx instead.Kai Blin1-10/+13
(This used to be commit ab0ee6e9a6a9eee317228f0c2bde254ad9a59b85)
2007-12-15Replace sid_string_static by sid_string_dbg in DEBUGsVolker Lendecke1-1/+1
(This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09)
2007-12-07Don't build rpctorture anymore - not maintained. Just remove.Jeremy Allison1-7/+17
Remove all vestiges of pstring (except for smbctool as noted in previous commit). Jeremy (This used to be commit 4c32a22ac50ada3275d2ffba3c1aa08bee7d1549)
2007-11-15More pstring removal. This one was tricky. I had to addJeremy Allison1-6/+12
one horror (pstring_clean_name()) which will have to remain until I've removed all pstrings from the client code. Jeremy. (This used to be commit 1ea3ac80146b83c2522b69e7747c823366a2b47d)
2007-11-09Make base64_encode_data_blob return a talloced stringVolker Lendecke1-3/+3
(This used to be commit 5f205ab48d8ac3b7af573ea0be1ce095ab835448)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-4/+4
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-10r23801: The FSF has moved around a lot. This fixes their Mass Ave address.Andrew Tridgell1-2/+1
(This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison1-1/+6
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r10976: Fix the build with openssl-0.9.8a.Günther Deschner1-0/+2
Guenther (This used to be commit 081409a724fce1f6e6f29bfcc824fd3f5ec6d9ff)
2007-10-10r6779: Use the SID in the user token for the %s expansion in 'afs username ↵Volker Lendecke1-3/+4
map'. This fixes a rather weird problem where an algorithmic SID ended up as the replacement for %s. Volker (This used to be commit 67dbc91b27aeeeab3cc1360137db1dd955728061)
2007-10-10r5331: Support SIDs as %s replacements in the afs username map parameter.Volker Lendecke1-0/+4
Add 'log nt token command' parameter. If set, %s is replaced with the user sid, and %t takes all the group sids. Volker (This used to be commit e7dc9fde45c750013ad07f584599dd51f8eb8a54)
2007-10-10r4256: Add a patch from kllin@it.su.se: New Parameter 'afs token lifetime' ↵Volker Lendecke1-1/+5
tells the AFS client when to throw away a token. Thanks, Volker (This used to be commit 836a8277b2281bcdb6eab8339b05bec61b49eb74)
2007-10-10r4252: Comment clarification from Love Hörnquist Åstrand <lha@stacken.kth.se>.Volker Lendecke1-3/+7
Thanks, Volker (This used to be commit 207625c7ab8ce41d7b59981e6a767dc299178335)
2007-10-10r1492: Rework our random number generation system.Andrew Bartlett1-1/+1
On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork(). For other systems, we now only re-seed after a fork, and on startup. No need to do it per-operation. This removes the 'need_reseed' parameter from generate_random_buffer(). Andrew Bartlett (This used to be commit 36741d3cf53a7bd17d361251f2bb50851cdb035f)
2007-10-10r449: Two AFS-related things:Volker Lendecke1-228/+4
Split off the non-crypto related parts of lib/afs.c into lib/afs_settoken.c. This makes wbinfo link without -lcrypto. Commit vfs_afsacl.c, display & set AFS acls via the NT security editor. Volker (This used to be commit 43870a3fc1073cf7d60f1becae5c2ff98ab49439)
2004-04-01This restructures lib/afs.c so that the token data can be but into aVolker Lendecke1-67/+294
stream. This is to implement wbinfo -k that asks winbind for authentication which then creates the AFS token for the authenticated user. Volker (This used to be commit 2df6750a079820826013360fb9e47f90bc8223a5)
2003-12-30The AFS pts command always generates completely lower-case user names. As caseVolker Lendecke1-1/+4
is not significant in windows user names we should not lose information by lower-casing the name before handing it to AFS. Volker (This used to be commit 6d2285b6d1599648661be47abaaa888419700d22)
2003-10-23After a phonecall with jra finally commit this.Volker Lendecke1-7/+3
This changes our behaviour when the setresuid call is available. We now not only change the effective uid but also the real uid when becoming unprivileged. This is mainly for improved AFS compatibility, as AFS selects the token to send to the server based on the real uid of the process. I tested this with a W2k server with two non-root 'runas' sessions. They come in via a single smbd as two different users using two session setups. Samba on Linux can still switch between the two uids, proved by two different files created via those sessions. Volker (This used to be commit 556c62f93535c606122b22e7e843d9da9a1cd438)
2003-09-23This only touches the fake kaserver support. It adds two parameters:Volker Lendecke1-24/+36
afs share -- this is an AFS share, do AFS magic things afs username map -- We need a way to specify the cell and possibly weird username codings for several windows domains in the afs cell Volker (This used to be commit 4a3f7a9356cd5068d9ed4fd6e2336d9bf7923fbd)
2003-09-07Nobody complained on the team-list, so commit it ...Volker Lendecke1-0/+248
This implements some kind of improved AFS support for Samba on Linux with OpenAFS 1.2.10. ./configure --with-fake-kaserver assumes that you have OpenAFS on your machine. To use this, you have to put the AFS server's KeyFile into secrets.tdb with 'net afskey'. If this is done, on each tree connect smbd creates a Kerberos V4 ticket suitable for use by the AFS client and gives it to the kernel via the AFS syscall. This is meant to be very light-weight, so I did not link in a whole lot of libraries to be more platform-independent using the ka_SetToken function call. Volker (This used to be commit 5775690ee8e17d3e98355b5147e4aed47e8dc213)