1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

41 Commits

Author SHA1 Message Date
Andrew Tridgell
0479a2f1cb r23792: convert Samba4 to GPLv3
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac)
2007-10-10 14:59:12 -05:00
Andrew Tridgell
30ee8beb93 r18301: I discovered how to load the warnings from a build farm build into
emacs compile mode (hint, paste to a file, and compile as "cat
filename").

This allowed me to fix nearly all the warnings for a IA_64 SuSE build
very quickly.
(This used to be commit eba6c84eff)
2007-10-10 14:18:04 -05:00
Volker Lendecke
b7c5bc522b r16907: Add an index parameter to torture_open_connection. Next step is to enable the
unclist parameter for all tests that do two connections, to enable cluster
testing.

Volker
(This used to be commit a5d6db0924)
2007-10-10 14:09:58 -05:00
Andrew Tridgell
373bf313cd r15881: fixed the RAW-ACLS test for 64 bit systems (was failing on ppc64)
(This used to be commit c954a6662d)
2007-10-10 14:08:37 -05:00
Jelmer Vernooij
e002300f23 r15328: Move some functions around, remove dependencies.
Remove some autogenerated headers (which had prototypes now autogenerated by pidl)
Remove ndr_security.h from a few places - it's no longer necessary
(This used to be commit c19c2b51d3)
2007-10-10 14:05:17 -05:00
Stefan Metzmacher
e7f34592eb r15070: test the needed access masks for read/write the different
security descriptor components

metze
(This used to be commit 88c57c8703)
2007-10-10 14:04:06 -05:00
Stefan Metzmacher
4d72f3f8d0 r15066: - sync the dir_flags tests with the file_flags tests
- add some more checks for the w2k3 bug case

metze
(This used to be commit a55b44b96c)
2007-10-10 14:04:06 -05:00
Stefan Metzmacher
1af925f394 r14860: create libcli/security/security.h
metze
(This used to be commit 9ec706238c)
2007-10-10 13:59:44 -05:00
Jelmer Vernooij
909b111f58 r14720: Add torture_context argument to all torture tests
(This used to be commit 3c7a5ce291)
2007-10-10 13:59:13 -05:00
Jelmer Vernooij
d09b70c98b r14527: Fix build problems.
(This used to be commit 863ca4014d)
2007-10-10 13:57:37 -05:00
Jelmer Vernooij
8528016978 r14464: Don't include ndr_BASENAME.h files unless strictly required, instead
try to include just the BASENAME.h files (containing only structs)
(This used to be commit 3dd477ca51)
2007-10-10 13:57:27 -05:00
Jelmer Vernooij
eefe30b7d8 r14379: Build torture/rpc/ as a seperate smbtorture module. Move helper
functions for rpc out of torture/torture.c
(This used to be commit 1d2d970f3b)
2007-10-10 13:57:16 -05:00
Stefan Metzmacher
a1b295ed48 r14256: - rename smb_file -> smb_handle
- move it into the in/out substructs again
- allow file.path only on smb_fileinfo/smb_setfileinfo

metze
(This used to be commit be6d5298a2)
2007-10-10 13:57:06 -05:00
Stefan Metzmacher
307e43bb56 r14173: change smb interface structures to always use
a union smb_file, to abtract
- const char *path fot qpathinfo and setpathinfo
- uint16_t fnum for SMB
- smb2_handle handle for SMB2

the idea is to later add a struct ntvfs_handle *ntvfs
so that the ntvfs subsystem don't need to know the difference between SMB and SMB2

metze
(This used to be commit 2ef3f59709)
2007-10-10 13:56:57 -05:00
Jelmer Vernooij
f8fdbc967c r13944: Yet another round of splitups.
(This used to be commit f87debeb12)
2007-10-10 13:52:31 -05:00
Jelmer Vernooij
4ac2be9958 r13924: Split more prototypes out of include/proto.h + initial work on header
file dependencies
(This used to be commit 1228358767)
2007-10-10 13:52:24 -05:00
Jelmer Vernooij
78c50015bb r12694: Move some headers to the directory of the subsystem they belong to.
(This used to be commit c722f665c9)
2007-10-10 13:49:39 -05:00
Jelmer Vernooij
25bb00fbcd r12693: Move core data structures out of smb.h into core.h
torture prototypes in seperate header
(This used to be commit 73610639b2)
2007-10-10 13:49:39 -05:00
Jelmer Vernooij
d4de4c2d21 r12608: Remove some unused #include lines.
(This used to be commit 70e7449318)
2007-10-10 13:49:03 -05:00
Andrew Tridgell
d07f01b203 r9046: fixed display of privileges in RAW-ACLS test
(This used to be commit 0ab907af6a)
2007-10-10 13:31:11 -05:00
Andrew Tridgell
d9c15b0f28 r6342: fixed a bad union assumption that caused ACLs to fail on 64 bit machines
Thanks to lars and agruen for finding this
(This used to be commit 2acc069185)
2007-10-10 13:11:33 -05:00
Andrew Tridgell
e82aad1ce3 r5298: - got rid of pstring.h from includes.h. This at least makes it a bit
less likely that anyone will use pstring for new code

 - got rid of winbind_client.h from includes.h. This one triggered a
   huge change, as winbind_client.h was including system/filesys.h and
   defining the old uint32 and uint16 types, as well as its own
   pstring and fstring.
(This used to be commit 9db6c79e90)
2007-10-10 13:09:38 -05:00
Andrew Tridgell
759da3b915 r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the
large commit. I thought this was worthwhile to get done for
consistency.
(This used to be commit ec32b22ed5)
2007-10-10 13:09:15 -05:00
Andrew Tridgell
4e73b4b222 r4612: make the output for the w2k3 acl bug a bit clearer
(This used to be commit 24ec8c4274)
2007-10-10 13:08:33 -05:00
Andrew Tridgell
297a63b6c9 r4596: added a dynamic inheritance ACLs test. As far as I can tell w2k3 does not do
dynamic inheritance
(This used to be commit ebe6b00284)
2007-10-10 13:08:31 -05:00
Andrew Tridgell
1a019f9883 r4583: print which bit failed in the owner bits check
(This used to be commit f893ad9c45)
2007-10-10 13:08:29 -05:00
Andrew Tridgell
468b3fcef2 r4582: finally worked out what is going on with the inherited ACLs test and win2003. It is a
win2003 bug!

This new test code works against w2k, and against longhorn, but fails
against w2k3. When tested against w2k3 it allows a open with an access
mask that should be denied by the given ACL, after setting up the ACL
using inheritance. Note that only the very specific
SEC_RIGHTS_FILE_ALL mask incorrectly succeeds, so they must have a
special case for that mask. Maybe its an optimisation gone wrong?

I don't know if there are any serious security implications to this,
but it is pretty clearly wrong, and has been fixed in longhorn.
(This used to be commit 4f9fd767db)
2007-10-10 13:08:29 -05:00
Andrew Tridgell
3b21422ae8 r4463: added testing of the special SID_CREATOR_OWNER inheritance rules
(This used to be commit 5448c72ebe)
2007-10-10 13:07:53 -05:00
Andrew Tridgell
a477387cd0 r4401: stricter test for correct ACL inheritance in RAW-ACLS
(This used to be commit 1bb7691963)
2007-10-10 13:07:43 -05:00
Andrew Tridgell
d39ae54341 r4389: added checking for the default inherited ACL, which is used when no ACEs
are inheritable
(This used to be commit e30b8d5783)
2007-10-10 13:07:41 -05:00
Andrew Tridgell
66b8ff22e0 r4388: - allow ACE flags to be specified in security_descriptor_create()
- added a test for all combinations of the inheritance ACE flags and how
  they are propogated to child directories and files
(This used to be commit fdb38c8e4b)
2007-10-10 13:07:41 -05:00
Andrew Tridgell
6ca874f71a r4147: converted from NT_USER_TOKEN to struct security_token
this is mostly just a tidyup, but also adds the privilege_mask, which
I will be using shortly in ACL checking.

note that I had to move the definition of struct security_token out of
security.idl as pidl doesn't yet handle arrays of pointers, and the
usual workaround (to use a intermediate structure) would make things
too cumbersome for this structure, especially given we never encode it
to NDR.
(This used to be commit 7b446af09b)
2007-10-10 13:06:31 -05:00
Andrew Tridgell
690b352fc1 r4074: make the RAW-ACLS test use the new lsa helper functions to determine
the privileges of the user running the test. This allows the test to
work out what the expected access masks are.
(This used to be commit dcf6c297d3)
2007-10-10 13:06:23 -05:00
Andrew Tridgell
6a58011be5 r4061: more additions to the RAW-ACLS test, to help me work out some details for pvfs
(This used to be commit 273165e53a)
2007-10-10 13:06:21 -05:00
Andrew Tridgell
7dcfd94f81 r4053: expanded and fixed a bug in the RAW-ACLS test
(This used to be commit 0d19b4a09f)
2007-10-10 13:06:18 -05:00
Andrew Tridgell
4183b2ac38 r4037: fixed a bunch of "might be uninitialised" warnings after enabling -O1 in my compile
(This used to be commit 0928b1f5b6)
2007-10-10 13:06:16 -05:00
Andrew Tridgell
3b863542dc r4036: expanded the RAW-ACLS torture test to include tests for the
generic->specific access mask mappings, and tests of the behaviour of
SID_CREATOR_OWNER and SEC_FLAG_MAXIMUM_ALLOWED
(This used to be commit f572fe6d29)
2007-10-10 13:06:16 -05:00
Andrew Tridgell
fdc9f417d8 r4011: get rid of rpc_secdes.h and replace it with a single sane set of
definitions for security access masks, in security.idl

The previous definitions were inconsistently named, and contained many
duplicate and misleading entries. I kept finding myself tripping up
while using them.
(This used to be commit 01c0fa722f)
2007-10-10 13:06:13 -05:00
Andrew Tridgell
85215a9a26 r3835: - added testing of setting an initial ACL on a file using NTTRANS create
- added support for initial ACLs in pvfs backend
(This used to be commit 05ee9179f7)
2007-10-10 13:05:58 -05:00
Andrew Tridgell
012be92f0a r3830: unified the query/set security descriptor code with the rest of the
queryfileinfo/setfileinfo logic, so querying/setting a security
descriptor is treated as just another file query/set operation.

This will allow NTVFS backends to see the query/set security
descriptor operations as RAW_FILEINFO_SEC_DESC and
RAW_SFILEINFO_SEC_DESC operations.
(This used to be commit f68a6b6b91)
2007-10-10 13:05:57 -05:00
Andrew Tridgell
bbf009b46f r3829: added a RAW-ACLS test suite that tests query/set of ACLs on a file
(This used to be commit 2ff9816ae0)
2007-10-10 13:05:57 -05:00