summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* s4:dsdb/acl_read: do search for instanceType AS_SYSTEM and with SHOW_RECYCLEDStefan Metzmacher2012-11-301-1/+3
| | | | | | | Note that SHOW_RECYCLED implies SHOW_DELETED. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/acl: calculate the correct access_mask when modifying ↵Stefan Metzmacher2012-11-301-1/+14
| | | | | | | | | nTSecurityDescriptor The access_mask depends on the SD Flags. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/acl: don't protect confidential attributes when "acl:search = yes" ↵Stefan Metzmacher2012-11-301-0/+11
| | | | | | | | | is set In that case the acl_read module does the protection. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/acl: remove unused "acl:perform" optionStefan Metzmacher2012-11-301-3/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/acl: do helper searches AS_SYSTEM and with SHOW_RECYCLEDStefan Metzmacher2012-11-301-5/+15
| | | | | | | | | | The searches are done in order to do access checks and the results are not directly exposed to the client. Note that SHOW_RECYCLED implies SHOW_DELETED. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/descriptor: make it clear that the SD Flags are ignored on addStefan Metzmacher2012-11-301-1/+7
| | | | | | | | | | | See [MS-ADTS] 6.1.3.2 SD Flags Control: ... When performing an LDAP add operation, the client can supply an SD flags control with the operation; however, it will be ignored by the server. ... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/descriptor: make use of dsdb_request_sd_flags()Stefan Metzmacher2012-11-301-47/+15
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/descriptor: always use descriptor_search_callback if we return ↵Stefan Metzmacher2012-11-301-1/+12
| | | | | | | | | | | | | nTSecurityDescriptor If the nTSecurityDescriptor is explicitly specified without the SD Flags control we should go through descriptor_search_callback(). This is not strictly needed at the moment, but makes the code clearer and might avoid surprises in the future. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/descriptor: do searches for nTSecurityDescriptor AS_SYSTEM and with ↵Stefan Metzmacher2012-11-301-11/+12
| | | | | | | | | SHOW_RECYCLED Note that SHOW_RECYCLED implies SHOW_DELETED. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/acl_util: add dsdb_request_sd_flags() helper functionStefan Metzmacher2012-11-301-0/+37
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/acl_util: do helper searches AS_SYSTEMStefan Metzmacher2012-11-301-0/+1
| | | | | | | The search is done in order to do access checks. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/extended_dn_store: do helper searches AS_SYSTEMStefan Metzmacher2012-11-301-1/+3
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/extended_dn_in: do helper searches AS_SYSTEM and with SHOW_RECYCLEDStefan Metzmacher2012-11-301-12/+13
| | | | | | | Note that SHOW_RECYCLED implies SHOW_DELETED. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/objectclass: do helper searches AS_SYSTEM and with SHOW_RECYCLEDStefan Metzmacher2012-11-301-3/+31
| | | | | | | Note that SHOW_RECYCLED implies SHOW_DELETED. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/rootdse: do helper searches AS_SYSTEMStefan Metzmacher2012-11-301-7/+29
| | | | | | | | | As anonymous users can read all rootdse attributes, we should do helper searches with DSDB_FLAG_AS_SYSTEM in order to avoid unnecessary access checks. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/rootdse: remove unused variableStefan Metzmacher2012-11-301-1/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:tests/samba_tool/gpo.py: fix accidential line breakMichael Adam2012-11-301-2/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4:tests/samba_tool/gpo.py: add test_show_as_admin()Stefan Metzmacher2012-11-301-0/+5
| | | | | | | | This calls samba-tool gpo show as admin (which should be able to see the full nTSecurityDescriptor. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:netcmd/gpo.py: let get_gpo_info explicitly ask for the full ↵Stefan Metzmacher2012-11-301-2/+4
| | | | | | | ntSecurityDescriptor Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:netcmd/gpo.py: only ask for OWNER/GROUP/DACL when validating the ↵Stefan Metzmacher2012-11-301-5/+6
| | | | | | | nTSecurityDescriptor Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:netcmd/gpo.py: the nTSecurityDescriptor may not be visible for the ↵Stefan Metzmacher2012-11-301-3/+7
| | | | | | | current user Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:netcmd/gpo.py: s/ntSecurityDescriptor/nTSecurityDescriptorStefan Metzmacher2012-11-301-5/+5
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/dirsync: explicitly ask for sdctr->secinfo_flags = 0xFStefan Metzmacher2012-11-301-2/+2
| | | | | | | A value of 0 is mapped to 0xF. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/dirsync: use the correct nc_root to fetch replUpToDateVectorStefan Metzmacher2012-11-301-3/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/dirsync: check result of replUpToDateVector fetch on nc_rootStefan Metzmacher2012-11-301-0/+4
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/schema_data: fix debug message in schema_data_modify()Stefan Metzmacher2012-11-301-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* ldb: fix a typo in the comment for ldb_req_is_untrusted()Michael Adam2012-11-301-1/+1
| | | | | | | Signed-off-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Fri Nov 30 15:44:46 CET 2012 on sn-devel-104
* libnet: Fix a typo in dbsync error message.Michael Adam2012-11-301-1/+1
| | | | Signed-off-by: Michael Adam <obnox@samba.org>
* libnet: Fix copy and paste error in dbsync error message.Andreas Schneider2012-11-301-1/+1
|
* torture: Fix copy and paste error in debug message.Andreas Schneider2012-11-301-1/+1
| | | | Found by Coverity.
* torture: Fix copy and paste error.Andreas Schneider2012-11-301-1/+1
| | | | Found by Coverity.
* s3-reg: Fix copy and paste error in debug message.Andreas Schneider2012-11-301-2/+2
| | | | Found by coverity.
* s3:popt_common: Fix password processing.Stefan Metzmacher2012-11-301-11/+2
| | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Nov 30 14:01:08 CET 2012 on sn-devel-104
* s3:util: fix usage of popt_burn_cmdline_password()Stefan Metzmacher2012-11-302-2/+0
| | | | | | | | We should only call popt_burn_cmdline_password() after poptFreeContext(), otherwise we remove the password to early. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-winbind: use new reconnect logic in rpc_lookup_sids() also.Günther Deschner2012-11-301-16/+7
| | | | | | | | | Volker, please check. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-winbindd: rework reconnect logic in winbindd_lookup_names().Günther Deschner2012-11-301-12/+13
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-winbindd: rework reconnect logic in winbindd_lookup_sids().Günther Deschner2012-11-301-12/+14
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-winbindd: remove lookup_sids_fn_t.Günther Deschner2012-11-301-21/+12
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-winbindd: remove lookup_names_fn_t.Günther Deschner2012-11-301-23/+13
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-rpc_client: make dcerpc_lsa_lookup_names_generic() public.Günther Deschner2012-11-302-11/+22
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-rpc_cli: make dcerpc_lsa_lookup_sids_generic() public.Günther Deschner2012-11-302-11/+20
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-winbindd: add cm_connect_lsat().Günther Deschner2012-11-302-0/+35
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-rpc_cli: Remove some unused wrapping code.Günther Deschner2012-11-302-76/+0
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* Fix Bug 9422 - large read requests cause server to issue malformed replyVolker Lendecke2012-11-302-2/+2
| | | | | | | Reviewed by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Nov 30 03:27:07 CET 2012 on sn-devel-104
* dbwrap: Do not rely on dbwrap_record_get_value to return a talloc objectVolker Lendecke2012-11-291-2/+3
| | | | | | | | | | | db_tdb_fetch_locked returns the value as part of a larger talloc object that also contains the key. This means we can not realloc, but have to freshly alloc. Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Thu Nov 29 20:21:51 CET 2012 on sn-devel-104
* dbwrap: Remove an unnecessary if-statementVolker Lendecke2012-11-291-3/+1
| | | | | | TALLOC_FREE can live with a NULL pointer Reviewed-by: Michael Adam <obnox@samba.org>
* dbwrap: No need to NULL out a talloc_zero'ed structure elementVolker Lendecke2012-11-291-1/+0
| | | | Reviewed-by: Michael Adam <obnox@samba.org>
* dbwrap: Use talloc_zero in db_open_rbtVolker Lendecke2012-11-291-5/+1
| | | | Reviewed-by: Michael Adam <obnox@samba.org>
* dbwrap: Use talloc_zero in db_open_cacheVolker Lendecke2012-11-291-6/+1
| | | | Reviewed-by: Michael Adam <obnox@samba.org>
* s3: Remove db_ctdb_fetchVolker Lendecke2012-11-291-55/+11
| | | | | | | Note that this also makes the request for read only copies much more explicity visible in the code. Reviewed-by: Michael Adam <obnox@samba.org>
generated by cgit (git 2.34.1) at 2025-09-25 22:51:38 +0000