1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

69 Commits

Author SHA1 Message Date
Andrew Tridgell
759da3b915 r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the
large commit. I thought this was worthwhile to get done for
consistency.
(This used to be commit ec32b22ed5)
2007-10-10 13:09:15 -05:00
Andrew Tridgell
4e73b4b222 r4612: make the output for the w2k3 acl bug a bit clearer
(This used to be commit 24ec8c4274)
2007-10-10 13:08:33 -05:00
Andrew Tridgell
297a63b6c9 r4596: added a dynamic inheritance ACLs test. As far as I can tell w2k3 does not do
dynamic inheritance
(This used to be commit ebe6b00284)
2007-10-10 13:08:31 -05:00
Andrew Tridgell
1a019f9883 r4583: print which bit failed in the owner bits check
(This used to be commit f893ad9c45)
2007-10-10 13:08:29 -05:00
Andrew Tridgell
468b3fcef2 r4582: finally worked out what is going on with the inherited ACLs test and win2003. It is a
win2003 bug!

This new test code works against w2k, and against longhorn, but fails
against w2k3. When tested against w2k3 it allows a open with an access
mask that should be denied by the given ACL, after setting up the ACL
using inheritance. Note that only the very specific
SEC_RIGHTS_FILE_ALL mask incorrectly succeeds, so they must have a
special case for that mask. Maybe its an optimisation gone wrong?

I don't know if there are any serious security implications to this,
but it is pretty clearly wrong, and has been fixed in longhorn.
(This used to be commit 4f9fd767db)
2007-10-10 13:08:29 -05:00
Andrew Tridgell
3b21422ae8 r4463: added testing of the special SID_CREATOR_OWNER inheritance rules
(This used to be commit 5448c72ebe)
2007-10-10 13:07:53 -05:00
Andrew Tridgell
a477387cd0 r4401: stricter test for correct ACL inheritance in RAW-ACLS
(This used to be commit 1bb7691963)
2007-10-10 13:07:43 -05:00
Andrew Tridgell
d39ae54341 r4389: added checking for the default inherited ACL, which is used when no ACEs
are inheritable
(This used to be commit e30b8d5783)
2007-10-10 13:07:41 -05:00
Andrew Tridgell
66b8ff22e0 r4388: - allow ACE flags to be specified in security_descriptor_create()
- added a test for all combinations of the inheritance ACE flags and how
  they are propogated to child directories and files
(This used to be commit fdb38c8e4b)
2007-10-10 13:07:41 -05:00
Andrew Tridgell
6ca874f71a r4147: converted from NT_USER_TOKEN to struct security_token
this is mostly just a tidyup, but also adds the privilege_mask, which
I will be using shortly in ACL checking.

note that I had to move the definition of struct security_token out of
security.idl as pidl doesn't yet handle arrays of pointers, and the
usual workaround (to use a intermediate structure) would make things
too cumbersome for this structure, especially given we never encode it
to NDR.
(This used to be commit 7b446af09b)
2007-10-10 13:06:31 -05:00
Andrew Tridgell
690b352fc1 r4074: make the RAW-ACLS test use the new lsa helper functions to determine
the privileges of the user running the test. This allows the test to
work out what the expected access masks are.
(This used to be commit dcf6c297d3)
2007-10-10 13:06:23 -05:00
Andrew Tridgell
6a58011be5 r4061: more additions to the RAW-ACLS test, to help me work out some details for pvfs
(This used to be commit 273165e53a)
2007-10-10 13:06:21 -05:00
Andrew Tridgell
7dcfd94f81 r4053: expanded and fixed a bug in the RAW-ACLS test
(This used to be commit 0d19b4a09f)
2007-10-10 13:06:18 -05:00
Andrew Tridgell
4183b2ac38 r4037: fixed a bunch of "might be uninitialised" warnings after enabling -O1 in my compile
(This used to be commit 0928b1f5b6)
2007-10-10 13:06:16 -05:00
Andrew Tridgell
3b863542dc r4036: expanded the RAW-ACLS torture test to include tests for the
generic->specific access mask mappings, and tests of the behaviour of
SID_CREATOR_OWNER and SEC_FLAG_MAXIMUM_ALLOWED
(This used to be commit f572fe6d29)
2007-10-10 13:06:16 -05:00
Andrew Tridgell
fdc9f417d8 r4011: get rid of rpc_secdes.h and replace it with a single sane set of
definitions for security access masks, in security.idl

The previous definitions were inconsistently named, and contained many
duplicate and misleading entries. I kept finding myself tripping up
while using them.
(This used to be commit 01c0fa722f)
2007-10-10 13:06:13 -05:00
Andrew Tridgell
85215a9a26 r3835: - added testing of setting an initial ACL on a file using NTTRANS create
- added support for initial ACLs in pvfs backend
(This used to be commit 05ee9179f7)
2007-10-10 13:05:58 -05:00
Andrew Tridgell
012be92f0a r3830: unified the query/set security descriptor code with the rest of the
queryfileinfo/setfileinfo logic, so querying/setting a security
descriptor is treated as just another file query/set operation.

This will allow NTVFS backends to see the query/set security
descriptor operations as RAW_FILEINFO_SEC_DESC and
RAW_SFILEINFO_SEC_DESC operations.
(This used to be commit f68a6b6b91)
2007-10-10 13:05:57 -05:00
Andrew Tridgell
bbf009b46f r3829: added a RAW-ACLS test suite that tests query/set of ACLs on a file
(This used to be commit 2ff9816ae0)
2007-10-10 13:05:57 -05:00