* apply ACL restrictions to credential cache immediately after
initialization
* move file from system temp directory to user temp directory
prior to starting executable as user to perform credential
import
(cherry picked from commit 1a0329fef030fedce3fb12d9c641825b0d49f053)
When afscreds.exe performs a drive map renewal it should not delete
all existing drive mappings. This undoes the efforts of the AFS
logon network provider and any persistent mappings created with the
explorer shell. This patch extends the interface to provide a mode
in which DoMapShareChange does not remove unknown drive mappings.
(cherry picked from commit 5ce322c9f13522cf96addaf09804021c6d78b22f)
FIXES 22032
Extend the fields so that more text can be displayed regarding the tokens.
(cherry picked from commit e12837391e2dbbf0cf113f9af64c4daeef6680a3)
FIXES 21958
For the afscreds program on Windows, if you right click the system tray icon
to display the menu and then click on the taskbar, the menu is not hidden,
but instead is covered by the taskbar.
This is a common issue documented at
http://support.microsoft.com/default.aspx?scid=kb;en-us;135788.
(cherry picked from commit 46e260b9e72925f9f5b2e5cee3159d4c6b02fc05)
found a deadlock in the expiration check if a MessageBox dialog is
being displayed
(cherry picked from commit 84e761d850c4cf5f76dd844e6e6f738a35f88102)
When tokens expire, do not display an obtain tokens dialog if there
is no network connectivity to the kdc for the realm associated with
the cell.
In the en_US build, stop displaying the expiration time of tokens
after the tokens expire.
(cherry picked from commit 7c34c9b5c0fbdf0b9b9429c2e763c635857974ab)
Visual Studio 2005 Beta 2 has been released. As part of this
release Microsoft has tightened the rules for their C++ compliance.
* no longer can a variable declared in a for() statement be used
outside of the associated command block
* no longer can a function or variable be declared implicitly as
'int'
* several types such as size_t have become 64-bit values on all platforms
* due to type changes the C++ function names in libraries have changed.
This requires the use of different .DEF file export lists
(cherry picked from commit c6a736486eb2704efd03082ff067858a198ae6d0)
This patch applies all of the work done to add persistent cache support,
cache manager debugging, and a variety of bug fixes. A full description
will be committed within doc/txt/winnotes as part of a later commit.
(cherry picked from commit 0b90d69f8a44e6c7ba20553cfb7d5cf7072bab57)
Fix the version info data stored in the resource block to
use the same language identifier as is advertised.
(cherry picked from commit 487bf88c403cbe0ae93b92556623913962b4b871)
fix a deadlock situation if an Obtain Tokens dialog is produced
by an expiration event and the user chooses to cancel instead of
obtain new credentials.
(cherry picked from commit 06edeed70c9b3c7a2b8909c2069e720c97478799)
replace QWORD with DWORD
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
add expanded registry string support to Submounts
====================
Correct a 64-bit time_t error
(cherry picked from commit f31658317a77346759f165ff13b5dcf77a8b3683)
time values in the cache manager and smb engine which are passed to
the run time library must be of type time_t and not long or int or
unsigned long or unsigned int or ...
(cherry picked from commit f21740a0acc44ae5493bbe1f53b94acc14af0ac8)
Increase max chunksize to 128K from 32K. Windows uses 64K SMB writes.
The large chunksize helps reduce the overlapped write to afs issue.
Increase number of server threads from 4 to 25. Also helps to aleviate
the symptoms of the overlapped write to afs issue. I can now write files
as large as 80MB. 120MB files still fail.
Export pr_CreateUser and pr_SNameToId from afsauthent.lib in order to
allow aklog.exe to use them to determine if a new pts uid should be
created for a user when accessing a foreign cell.
Modify pioctl to output a message to stderr if a Downgrade Detection error
has been returned when attempting to open the __IOCTL__ file.
Increase version number to 1.3.6601
Use HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer:Logon User Name
to determine the current user name for the afscreds.exe display
Do not allow submount names to have forward or backward slashes
Add debug info to cm_ioctl to track token addition and deletion
Add register new user code to aklog.exe from KenH's AFS kit
Correct test in cm_callback.c for freelance root.afs volume which
should not have been applied when freelance was not active.
* update winnotes
* add osi trace log entries to help diagnose issues with overlapped writes
from CIFS client
* fix osi trace log entries for freelance add mount to use osi_SaveLogString
* fix afscreds "Start Service" to automatically obtain tokens if kerberos
tickets are available
* update afscreds systray menu to use "..." after Remove Icon
* remove extra "." in wix installer resource
- Fix NTMakefiles in many directories to define WIN32_LEAN_AND_MEAN NOGDI
to avoid macro redefinitions
- update text files
- add "authentication cell" registry value for afscreds.exe
From asanka@mit.edu:
Network provider :
- If the user is logging into an AD domain, then look up the user's
profile path, find out which cell it's in and then authenticate to
that cell instead of the default cell.
- Domain specific registry keys
- A few fixes for handling UNICODE_STRINGs
smb3.c :
- Delete partial security context during negotiation
client_cpa :
- As per the SDK which says we must handle CPL_INQUIRE message, we do.
Also fixes a small bug where the icon isn't properly set when viewing
the Control Panel folder.
loopbackutils.cpp
- Don't bother setting the app data template, because we are setting
it in the MSI anyway.
install/wix/NTMakefile
- Add a configurable symbol AFSDEV_AUXWIXDEFINES which can be used to
customize a build of the msi.
install/wix
- Move afslogon.dll to SYSTEM32 directory
- Add registry keys to support WinLogon notifications.
- Rename afsdcell.ini to CellServDB and move it to the client directory.
- If there's already an afsdcell.ini in the Windows directory, copy
that over to the client directory instead.
- Add descriptions to AFS client and server services
ipaddrchg.[ch]: contains the ip address change monitor thread functionality
which was previously in afskfw.[ch] but which is now a
library in src/WINNT/afsd
creds.cpp: add support for principal name instances to the Obtain Tokens
function. Previously instances were not parsed.
main.cpp: Fix the -M (renewMaps) option to always call DoMapShare()
mounttab.cpp: When removing a drive mapping, remove the "active" entry
from the afsdsbmt.ini file.
Migrate KFW functionality from src/WINNT/client_creds/afskfw* into a
a new library to be shared by afslogon.dll, afscreds.exe
Add KFW support to afslogon.dll
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
Migrate KFW functionality from src/WINNT/client_creds/afskfw* into a
a new library to be shared by afslogon.dll, afscreds.exe
Move IP Address Change Monitor into new source files.
Add smbname support to the KFW set token functionality in afscreds.exe
(1) remove the tkt_lifetime table which is no longer used
(2) improve the handling of token to k5 principal mapping
(3) assign the REALM to the token client name if the realm of
the cell does not match the realm of the user
If afscreds.exe you can now obtain credentials for cell "foo.com" with
credentials from "user@BAR.COM" when specifying a password. This is a
first step since if there are already valid credentials for "user@BAR.COM"
the password should not be requested. That would allow you to obtain
tokens for multiple cells with the same kerberos tgt.
* fix uninitialized return variables in smb.c and smb3.c
* open the osi_log file as early as possible in afsd_init.c
* create an argv to use for non-service executions
* add support for \\afs\.cellname for rw volumes
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
Do not use IsKerberosLogon() it does not always report the right value.
Lowercase the cell name (from realm name) for which we are
requesting set/get token operations
Return the error code generated by the ktc_SetToken operation and
not one of the many Kerberos operations.
Remove internally defined life_to_time. Instead rely on version
in rxkad
Use kvno = RXKAD_TKT_TYPE_KERBEROS_V5 when setting tokens. No longer
use krb524d.
Fix the assignment of the username and instance to place the instance
within the aclient.instance field instead of appended to the aclient.name
field.
Renumber and re-organize all of the String Table entries
to adhere to the rules specified for dynamically loading
them with the tools in WINNT/talocale. All numbers must
be sequential. Each block must begin on a mod 16 == 0
value.
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
Update resource constants to avoid conflicts
Improve error checking in GetNumOfIpAddrs to prevent potential
invalid memory access if the IP Address Table cannot be accessed.
(win2000 with no privs)
NotifyAddrChange() on Win2000 without privs fails. Detect the failure
and terminate the IPChangeMonitor thread to prevent an infinite loop
eating up system resources.
Anyone have a clue which bits are required?
Fix the DependsOnGroup NetworkProvider key to ensure it is placed in
the correct location
Change the location of the ShowTrayIcon key so that we no longer store
user data in the HKLM Transarc tree
====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================
Move the locations of the ShowTrayIcon and cell name based expiration
reminder keys out of the HKLM\SOFTWARE\Transarc... key and into the
{HKCU,HKLM}\SOFTWARE\OpenAFS\... tree. This is safe to do because these
keys are transient in nature (created by afscreds.exe) and really do
belong to the user and not to the machine.
* at my request Asanka Hearth of MIT ripped out all of the code used
the compute the Netbios Name of the SMB Server and the mountRoot
and constructed one commonly used library called lanahelper.lib.
This library is now constructed in the WINNT/afsd directory and
used throughout the tree. At least we now have consistency if
nothing else.
Obtain Shortcut Parameters from Registry Key
{HKLM, HKCU}\SOFTWARE\OpenAFS\Client
(REG_SZ) AfscredsShortcutParams
Default value is "-A -M -N -Q" if not found
