sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-14 19:24:43 +03:00
Code
56,893 Commits 60 Branches 1,145 Tags
Commit Graph

56893 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andrew Tridgell
dbebe0f621 s4-torture: fixed the default ACL for s4 
s4 returns group and world ACEs in the default acl, based on unix
permissions
 2009-10-17 13:01:04 +11:00
Andrew Tridgell
05f5f22361 s4-torture: minor debugging enhancements 2009-10-17 13:01:04 +11:00
Andrew Tridgell
8c7a81408a s4-schema: We should not need Samba4TopExtra now 
The last attribute this contained was 'privilege' which is now gone
 2009-10-17 13:01:03 +11:00
Andrew Tridgell
6b1ab9cd47 s4-pvfs: don't auto-apply privilege bits in unix acl handling either 2009-10-17 13:01:03 +11:00
Andrew Tridgell
c3b09d18a8 s4-acl: SEC_FLAG_MAXIMUM_ALLOWED doesn't auto-apply privilege access masks 2009-10-17 13:01:03 +11:00
Andrew Tridgell
53dec869b8 s4-torture: the BASE-CREATEX_ACCESS test is broken for non-administrators 
See my msg to samba-technical about this test and privilege testing.
 2009-10-17 13:01:03 +11:00
Andrew Tridgell
533b102493 s4-torture: cleanup after the MAXIMUM_ALLOWED test 2009-10-17 13:01:03 +11:00
Andrew Tridgell
5d5d951311 s4-pvfs: use privileges rather than "uid == 0" in unix access check 
This makes the unix access check much closer to the full ACL check
 2009-10-17 13:01:03 +11:00
Andrew Tridgell
9da4af062b s4-security: honor more of the privilege access bits 2009-10-17 13:01:03 +11:00
Andrew Tridgell
7226ba73a0 s4-torture: add a special check for administrators and privileges 
lsa privileges calls don't expand groups. darn.
 2009-10-17 13:01:03 +11:00
Andrew Tridgell
9526487010 s4-lsasrv: make sure only admins can alter privileges 2009-10-17 13:01:02 +11:00
Andrew Tridgell
f794e8d43d s4-provision: added the default privileges db 
privileges are now stored in a separate database
 2009-10-17 13:01:02 +11:00
Andrew Tridgell
cc3e1d9022 s4-provision: removed the old privilege attributes 
Our schema is getting a bit cleaner :-)
 2009-10-17 13:01:02 +11:00
Andrew Tridgell
f3f695f18f s4-torture: show the sid we are basing privilege tests on 2009-10-17 13:01:02 +11:00
Andrew Tridgell
30be3fd143 s4-privileges: moved privileges to private/privilege.ldb 
We were storing privileges in the sam, which was OK when we were a
standalone DC, but is no good when we replicate with a windows DC.

This moves the privileges to a separate (local) database
 2009-10-17 13:01:02 +11:00
Andrew Tridgell
b6a1beb131 added NT_STATUS_NOT_OK_RETURN_AND_FREE() 
Try to make it a bit easier to avoid leaks in common code
 2009-10-17 13:01:02 +11:00
Jeremy Allison
f1d9960284 Add comment explaining about symlink following & posix. 
Jeremy.
 2009-10-16 18:13:06 -07:00
Jeremy Allison
ea3c077236 Last 2 VFS_STAT -> LSTAT fixes I can see in the modules code. 
Jeremy.
 2009-10-16 17:20:40 -07:00
Jeremy Allison
010dfbf1fd Fix one missing STAT -> LSTAT with POSIX pathnames in vfs_xattr_tdb.c. Caught by the torture tester. I love unit tests :-). Jeremy. 2009-10-16 16:38:59 -07:00
Björn Jacke
7655282ede s3: build pam_smbpass when possible 2009-10-16 23:46:52 +02:00
Günther Deschner
64e8aa1b14 s3-netlogon: fix updating trust accout passwords with downlevel domains. 
When choosing the netlogon password set function, make sure to look at the
*negotiated* flags in the cli->dc state, not the ones we start the negotiation
with.

Guenther
 2009-10-16 18:03:32 +02:00
Günther Deschner
20c07674f6 nsswitch: increase libwbclient version after adding wbcChangeTrustCredentials(). 
Guenther
 2009-10-16 16:08:55 +02:00
Karolin Seeger
79c2c61b99 s3:packaging: Fix building RHEL packages. 
Fix bug #6721.
Thanks to Eero Volotinen <eero.volotinen@medicel.com> for providing the patch!

Karolin
 2009-10-16 16:00:26 +02:00
Matthias Dieter Wallnöfer
fef032fac7 s3:srv_samr_nt - another fix for the reject reason 2009-10-16 15:26:14 +02:00
Günther Deschner
22276961c3 s4-smbtorture: extend netr_LogonControl test in RPC-NETLOGON. 
Guenther
 2009-10-16 14:54:58 +02:00
Günther Deschner
8267564e1c s3-netlogon: Fix _netr_ServerPasswordSet2 cleartext blob handling. 
Following Andrew's advice, let's straight md4 the plaintext blob and avoid
trying to get a paintext string out of the input the client sends.

Guenther
 2009-10-16 14:54:57 +02:00
Günther Deschner
c2966a0766 s4-smbtorture: test wbcLookupUserSids in WINBIND-WBCLIENT as well. 
Guenther
 2009-10-16 14:54:57 +02:00
Günther Deschner
246597cb0d s4-smbtorture: test wbcGuidToString and friends as well in WINBIND-WBCLIENT. 
Guenther
 2009-10-16 14:54:57 +02:00
Endi S. Dewata
aaca10b3e1 s4:provision - fixed invalid creationTime format 2009-10-16 14:08:11 +02:00
Endi S. Dewata
6cb652e05c s4:ldb - fixed dangling pointer in ldb_request_add_control() 2009-10-16 14:08:11 +02:00
Endi S. Dewata
180ca8ed88 s4:auth - fixed problem reading bind DN from secrets database 2009-10-16 14:08:11 +02:00
Endi S. Dewata
cf77bf3382 s4:provision - replaced linked_attributes with FDS plugins 
When FDS is used as a backend, Samba should not use the
linked_attributes LDB module, but instead use the built-in
DS plugins for attribute linking, indexing, and referential
integrity.
 2009-10-16 14:08:11 +02:00
Matthias Dieter Wallnöfer
925e96029e s4:auth_sam: Restructure tail in "authsam_get_server_info_principal" and fix a memory leak 2009-10-16 14:06:30 +02:00
Matthias Dieter Wallnöfer
ba7707176d s4:winsdb - Substitute LDB result numbers with constants 2009-10-16 14:06:24 +02:00
Matthias Dieter Wallnöfer
441f0326be s3: Try to fix the build on Solaris & AIX regarding the password change reject reason 2009-10-16 12:27:57 +02:00
Kamen Mazdrashki
421191a443 s4/drs(tort): prefixMap unit test initial implementatoin 2009-10-16 12:54:14 +03:00
Kamen Mazdrashki
784e0c199e s4/drs: prefixMap module initial definition 2009-10-16 12:54:14 +03:00
Kamen Mazdrashki
47f30fd3e7 s4/drs(tort): fix compile time warning 2009-10-16 12:54:14 +03:00
Kamen Mazdrashki
1d3342e9fa s4/drs(tort): _drs_util_verify_attids() to verify ATTIDs in objects received 2009-10-16 12:54:14 +03:00
Kamen Mazdrashki
e3b707da94 s4/drs(tort): drs_util_DsAttributeId_to_string() function 2009-10-16 12:54:14 +03:00
Kamen Mazdrashki
8631548f12 s4/drs(tort): _drs_ldap_attr_by_oid() implementation 
Utility function to be used to fetch Attribute name and DN
giving attribute OID
 2009-10-16 12:54:14 +03:00
Kamen Mazdrashki
8639ba2237 s4/drs(tort): ignore drs/proto.h file 2009-10-16 12:54:14 +03:00
Kamen Mazdrashki
3c3f66f0df s4/drs(tort): oid_from_attid() reference implementation 
Decode Attribute OID using prefixMap and
ATTID received during replication

Based on MS documentation. See MS-DRSR.pdf - 5.16.4
 2009-10-16 12:54:14 +03:00
Kamen Mazdrashki
6a680cea6a s4/drs(tort): TORTURE_DRS torture module - initial implementation 
Drsuapi tests module registers two suites:
 - DRS-RPC - tests to be executed against remote machine
 - DRS-UNIT - unit test for internal testing
 2009-10-16 12:54:14 +03:00
Kamen Mazdrashki
40a8a22684 s4/drs: Propagate redefinition of drsuapi_DsReplicaOID into code base 
The biggest change is that 'oid' field is transmited in binary format.
Also the field name is changed to 'binary_oid' so that
field format to be clear for callers.

After those changes, Samba4 should work the way it works before -
i.e. no added value here but we should not fail when
partial-oid is part of prefixMap transmited from Win server.

Also, thre is a bug in this patch - partial-binary-OIDs are
not handled correctly. Partial-binary-OIDs received during
replication will be encoded, but not handled correctly.
 2009-10-16 12:54:14 +03:00
Kamen Mazdrashki
7e8fb4ad06 s4/drs(NDR): Print implementation for drsuapi_DsReplicaOID 
Custom ndr_print functions is implemented so that transmited
partia-binary-oid to be printed both in hex and
partial-oid formats
 2009-10-16 12:54:13 +03:00
Kamen Mazdrashki
4bfd132b08 s4/drs(NDR): Remove push/pull code for drsuapi_DsReplicaOID struct 
New structure definition is automarshaled so custom marshaling
code is not used anymore
 2009-10-16 12:54:13 +03:00
Kamen Mazdrashki
f11cdc19d1 s4/asn1: Use explicite TALLOC_CTX in ber_write_OID functions 2009-10-16 12:54:13 +03:00
Kamen Mazdrashki
cb71e8a731 s4/drs(idl): Regenerate idl 2009-10-16 12:54:13 +03:00
Kamen Mazdrashki
cf51787382 s4/drs(idl): Redefine drsuapi_DsReplicaOID in drsuapi.idl 
Structure redefined to be more similar with OID_t structure
defined in [ref. MS-DRSR.pdf - p.496].
 2009-10-16 12:54:13 +03:00