sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-12 20:58:37 +03:00
Code
56,996 Commits 62 Branches 1,155 Tags
Commit Graph

19882 Commits

Author SHA1 Message Date
Andrew Tridgell
44612c74a6 s4-pvfs: rename with full name gives SHARING_VIOLATION 2009-10-18 15:06:12 +11:00
Andrew Tridgell
83db71e9a7 s4-pvfs: when reporting the file name, don't include the :$DATA suffix 2009-10-18 15:06:12 +11:00
Andrew Tridgell
2d4ad4f504 s4-pvfs: the STREAM_INFORMATION calls don't need any access flags 2009-10-18 15:06:11 +11:00
Andrew Tridgell
edd0ea5225 s4-pvfs: fixed update of stream sizes 
The data_blob_free() was changing the size we set the stream to
 2009-10-18 15:06:11 +11:00
Andrew Tridgell
a2aa13da32 s4-pvfs: more fixes for ACLs on file creation 
The passed in SD is not used to limit the access mask allowed on file
create.
 2009-10-18 10:32:06 +11:00
Andrew Tridgell
bae8c93d9b s4-smb2: fixed SMB2 find commands 
The change to check for invalid \ prefix on SMB2 paths broke the
internal SMB2 code.
 2009-10-18 10:30:10 +11:00
Andrew Tridgell
0463d69883 s4-pvfs: change the handling of access checking on create 
Previously when a file was created, we produces the resulting access
mask based on an ACL check against the parent. This change means we
now calculate the inherited ACL much earlier, and produce the
resulting access mask from that ACL, or the user supplied ACL.
 2009-10-18 07:13:47 +11:00
Andrew Tridgell
d1efaf39f5 smb2-torture: samba4 allows SEC_FLAG_SECURITY to be used with privileges 2009-10-18 07:13:47 +11:00
Jeremy Allison
d6351adca9 Fix the smbtorture4 build. root_fid is a "union smb_handle". tridge 
please check.
Jeremy.
 2009-10-17 12:56:15 -07:00
Jeremy Allison
7c51fa6d69 Merge branch 'master' of ssh://jra@git.samba.org/data/git/samba 2009-10-17 10:36:33 -07:00
Andrew Tridgell
46b7938d7e s4-smbserver: removed bogus initialisation of two union arms 
Thanks to Metze for spotting this.
 2009-10-17 13:12:24 +11:00
Andrew Tridgell
bf6fcc6121 s4-pvfs: when uwrap is enabled, ignore chown errors 
chown is expected to fail under uwrap
 2009-10-17 13:01:04 +11:00
Andrew Tridgell
dbebe0f621 s4-torture: fixed the default ACL for s4 
s4 returns group and world ACEs in the default acl, based on unix
permissions
 2009-10-17 13:01:04 +11:00
Andrew Tridgell
05f5f22361 s4-torture: minor debugging enhancements 2009-10-17 13:01:04 +11:00
Andrew Tridgell
8c7a81408a s4-schema: We should not need Samba4TopExtra now 
The last attribute this contained was 'privilege' which is now gone
 2009-10-17 13:01:03 +11:00
Andrew Tridgell
6b1ab9cd47 s4-pvfs: don't auto-apply privilege bits in unix acl handling either 2009-10-17 13:01:03 +11:00
Andrew Tridgell
c3b09d18a8 s4-acl: SEC_FLAG_MAXIMUM_ALLOWED doesn't auto-apply privilege access masks 2009-10-17 13:01:03 +11:00
Andrew Tridgell
53dec869b8 s4-torture: the BASE-CREATEX_ACCESS test is broken for non-administrators 
See my msg to samba-technical about this test and privilege testing.
 2009-10-17 13:01:03 +11:00
Andrew Tridgell
533b102493 s4-torture: cleanup after the MAXIMUM_ALLOWED test 2009-10-17 13:01:03 +11:00
Andrew Tridgell
5d5d951311 s4-pvfs: use privileges rather than "uid == 0" in unix access check 
This makes the unix access check much closer to the full ACL check
 2009-10-17 13:01:03 +11:00
Andrew Tridgell
9da4af062b s4-security: honor more of the privilege access bits 2009-10-17 13:01:03 +11:00
Andrew Tridgell
7226ba73a0 s4-torture: add a special check for administrators and privileges 
lsa privileges calls don't expand groups. darn.
 2009-10-17 13:01:03 +11:00
Andrew Tridgell
9526487010 s4-lsasrv: make sure only admins can alter privileges 2009-10-17 13:01:02 +11:00
Andrew Tridgell
f794e8d43d s4-provision: added the default privileges db 
privileges are now stored in a separate database
 2009-10-17 13:01:02 +11:00
Andrew Tridgell
cc3e1d9022 s4-provision: removed the old privilege attributes 
Our schema is getting a bit cleaner :-)
 2009-10-17 13:01:02 +11:00
Andrew Tridgell
f3f695f18f s4-torture: show the sid we are basing privilege tests on 2009-10-17 13:01:02 +11:00
Andrew Tridgell
30be3fd143 s4-privileges: moved privileges to private/privilege.ldb 
We were storing privileges in the sam, which was OK when we were a
standalone DC, but is no good when we replicate with a windows DC.

This moves the privileges to a separate (local) database
 2009-10-17 13:01:02 +11:00
Günther Deschner
22276961c3 s4-smbtorture: extend netr_LogonControl test in RPC-NETLOGON. 
Guenther
 2009-10-16 14:54:58 +02:00
Endi S. Dewata
aaca10b3e1 s4:provision - fixed invalid creationTime format 2009-10-16 14:08:11 +02:00
Endi S. Dewata
6cb652e05c s4:ldb - fixed dangling pointer in ldb_request_add_control() 2009-10-16 14:08:11 +02:00
Endi S. Dewata
180ca8ed88 s4:auth - fixed problem reading bind DN from secrets database 2009-10-16 14:08:11 +02:00
Endi S. Dewata
cf77bf3382 s4:provision - replaced linked_attributes with FDS plugins 
When FDS is used as a backend, Samba should not use the
linked_attributes LDB module, but instead use the built-in
DS plugins for attribute linking, indexing, and referential
integrity.
 2009-10-16 14:08:11 +02:00
Matthias Dieter Wallnöfer
925e96029e s4:auth_sam: Restructure tail in "authsam_get_server_info_principal" and fix a memory leak 2009-10-16 14:06:30 +02:00
Matthias Dieter Wallnöfer
ba7707176d s4:winsdb - Substitute LDB result numbers with constants 2009-10-16 14:06:24 +02:00
Kamen Mazdrashki
421191a443 s4/drs(tort): prefixMap unit test initial implementatoin 2009-10-16 12:54:14 +03:00
Kamen Mazdrashki
784e0c199e s4/drs: prefixMap module initial definition 2009-10-16 12:54:14 +03:00
Kamen Mazdrashki
47f30fd3e7 s4/drs(tort): fix compile time warning 2009-10-16 12:54:14 +03:00
Kamen Mazdrashki
1d3342e9fa s4/drs(tort): _drs_util_verify_attids() to verify ATTIDs in objects received 2009-10-16 12:54:14 +03:00
Kamen Mazdrashki
e3b707da94 s4/drs(tort): drs_util_DsAttributeId_to_string() function 2009-10-16 12:54:14 +03:00
Kamen Mazdrashki
8631548f12 s4/drs(tort): _drs_ldap_attr_by_oid() implementation 
Utility function to be used to fetch Attribute name and DN
giving attribute OID
 2009-10-16 12:54:14 +03:00
Kamen Mazdrashki
3c3f66f0df s4/drs(tort): oid_from_attid() reference implementation 
Decode Attribute OID using prefixMap and
ATTID received during replication

Based on MS documentation. See MS-DRSR.pdf - 5.16.4
 2009-10-16 12:54:14 +03:00
Kamen Mazdrashki
6a680cea6a s4/drs(tort): TORTURE_DRS torture module - initial implementation 
Drsuapi tests module registers two suites:
 - DRS-RPC - tests to be executed against remote machine
 - DRS-UNIT - unit test for internal testing
 2009-10-16 12:54:14 +03:00
Kamen Mazdrashki
40a8a22684 s4/drs: Propagate redefinition of drsuapi_DsReplicaOID into code base 
The biggest change is that 'oid' field is transmited in binary format.
Also the field name is changed to 'binary_oid' so that
field format to be clear for callers.

After those changes, Samba4 should work the way it works before -
i.e. no added value here but we should not fail when
partial-oid is part of prefixMap transmited from Win server.

Also, thre is a bug in this patch - partial-binary-OIDs are
not handled correctly. Partial-binary-OIDs received during
replication will be encoded, but not handled correctly.
 2009-10-16 12:54:14 +03:00
Andrew Tridgell
7bcc0b2966 s4-winsrepl: don't put in attributes with no elements 
Empty attributes are no longer allowed by ldb. This also fixes the
error checking in winsdb_message()

This fixes the samba4.nbt.winsreplication test
 2009-10-16 11:56:40 +11:00
Günther Deschner
612deb2699 s4-smbtorture: add very basic libwbclient testsuite. 
Guenther
 2009-10-16 02:04:29 +02:00
Andrew Tridgell
70b020ca76 s4-pvfs: fixed mask handling for SEC_FLAG_MAXIMUM_ALLOWED 
This matches the sec_access_check() code
 2009-10-16 10:12:18 +11:00
Andrew Tridgell
29929a3c46 s4-torture: take privileges into account in BASE-MAXIMUM_ALLOWED 
The correct answer depends on the users privileges.
 2009-10-16 10:12:18 +11:00
Matthias Dieter Wallnöfer
c35f18513a s4:dcerpc_server - Read the generic session key out from "dcerpc_generic_session_key" 
I don't think that this code needs to exist identically on the server and on the
client side. This patch leaves it on the client side (dcerpc lib) and calls it
from the server.
 2009-10-15 13:27:38 +02:00
Matthias Dieter Wallnöfer
fb13eb7db8 s4:w32err_code.py script - put it under "scripting/bin" 
I think this is a better location for this script. Since the subdirectory
"script" of "source4" contains only scripts for "make install" and "make
uninstall".
 2009-10-15 12:48:20 +02:00
Andrew Tridgell
d72b5a81ef s4-smb: fill in fnum as well for root_fid 
This helps with the CIFS NTVFS backend, but doesn't solve all problems
 2009-10-15 20:50:49 +11:00