summaryrefslogtreecommitdiffstats
path: root/source4
Commit message (Collapse)AuthorAgeFilesLines
...
* s4:cracknames - Change two counter variables to unsignedMatthias Dieter Wallnöfer2010-03-051-2/+2
| | | | | | In both cases the unsigned counter fits better: - in the first one since we are counting LDB objects starting from 0 - in the second since we are counting an array starting from 0
* s4-pvfs_sys: build on systems without O_NOFOLLOW or O_DIRECTORYAndrew Tridgell2010-03-051-4/+22
|
* s4-pvfs_sys: talloc_free should be before errno restoreAndrew Tridgell2010-03-051-13/+13
| | | | talloc can potentially change the errno
* s4-pvfs: use pvfs_sys_fchmod()Andrew Tridgell2010-03-053-4/+4
|
* s4-pvfs: set default for perm override based on system featuresAndrew Tridgell2010-03-051-1/+9
| | | | | | If the system has O_NOFOLLOW and O_DIRECTORY then we allow for overrides by default. If not, then we disable by default, as we will be more vulnerable to symlink attacks
* s4-pvfs: use O_FOLLOW one level at a time for security overridesAndrew Tridgell2010-03-051-37/+357
| | | | | To prevent symlink attacks we need to use O_NOFOLLOW one level at a time when processing a root security override
* s4-pvfs: use pvfs_sys_*() functions to wrap posix callsAndrew Tridgell2010-03-055-20/+20
| | | | | | | This allows for root override, which fixes many problems with mismatches between NT ACL permissions and unix permissions. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-pvfs: new pvfs_sys module Andrew Tridgell2010-03-052-0/+301
| | | | | | | | The pvfs_sys_*() calls provide wrapper functions for posix file functions which use root privileges to override EACCES failures if PVFS_FLAG_PERM_OVERRIDE is set Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-pvfs: added new pvfs flag PVFS_FLAG_PERM_OVERRIDEAndrew Tridgell2010-03-052-0/+4
| | | | | | | | This flag indicates that we should use root privileges to override unix permissions when the NT ACLs indicate that access should be granted Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-smbtorture: skip NotifyChangeKeyValue test against s3 for now.Günther Deschner2010-03-051-0/+4
| | | | Guenther
* s4:torture/rpc/samr.c - add some decision possibility constants to some switchMatthias Dieter Wallnöfer2010-03-051-0/+3
| | | | | At the moment nothing is done when the enumeration variable is set to one of those constants as before. This is only to quite nasty warnings.
* s4:torture/rpc/samr.c - make some argument of function ↵Matthias Dieter Wallnöfer2010-03-051-1/+1
| | | | | | "test_SamLogon_with_creds" constant This to quiet warnings.
* s4:torture/winbind/struct_based.c - fix up (un)signedness of a function argumentMatthias Dieter Wallnöfer2010-03-051-1/+2
| | | | Otherwise always a warning is generated.
* s4-pvfs: log more error conditions in NTVFS backendAndrew Tridgell2010-03-053-0/+31
| | | | | | This should make is easier to track down some bug reports Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-pvfs: move the private ntcreatex flags to private_flagsAndrew Tridgell2010-03-057-20/+21
| | | | | | | | Re-using two of the create_options bits was bound to eventually cause problems, and indeed, Windows7 now uses one of those bits when opening text files. Fixes bug 7189
* s4-rpc: don't use s->credentials after it is freedAndrew Tridgell2010-03-051-2/+1
|
* s4-torture: fixed commas separating C statementsAndrew Tridgell2010-03-051-4/+3
|
* s4-python: only install external python libs that are missingAndrew Tridgell2010-03-052-1/+19
|
* s4-python: import a copy of the python dns libraryAndrew Tridgell2010-03-05114-0/+16829
| | | | | | | | This library is not installed on enough systems for us to rely on it being available. We use the system copy if possible, and fallback to this local copy Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-dns: use samba.external to pull in the dns.resolver libraryAndrew Tridgell2010-03-051-3/+5
|
* s4-python: allow us to have samba copies of python libraries we depend onAndrew Tridgell2010-03-052-0/+54
| | | | | | | | For python libraries like dns.resolver it is useful to be able to install a copy of the library with Samba. This set of functions allows us to do that while using the locally installed version if it is available Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-dns-ex: use autoclose on the dns child pipeAndrew Tridgell2010-03-051-2/+1
| | | | | | | I'm hoping this will fix an occasional segfault I've noticed where epoll still calls events on a closed fde Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-messaging: use auto-close on the socketAndrew Tridgell2010-03-051-0/+1
|
* s4:auth/sam.c - change base context for the "tmp_ctx" context in ↵Matthias Dieter Wallnöfer2010-03-041-1/+1
| | | | | | | "authsam_expand_nested_groups" Better use the "res_sids_ctx" as base context for the "tmp_ctx" and not the long-living "sam_ctx"/"ldb" context to prevent memory leaks.
* s4:ldap.py - give the "primaryGroupToken" test a better nameMatthias Dieter Wallnöfer2010-03-041-3/+3
| | | | It tests also some other constructed attributes in a basic way.
* s4:ldap.py - add test for "tokenGroups"Matthias Dieter Wallnöfer2010-03-041-0/+44
|
* s4:operational LDB - don't accidentally "ate" search helper attributes if we ↵Matthias Dieter Wallnöfer2010-03-041-6/+14
| | | | | | | need them for more constructed attributes With this patch we delete the helper attributes at the end where all constructed attributes have already been computed.
* s4:operational LDB module - make the counters unsignedMatthias Dieter Wallnöfer2010-03-041-2/+2
| | | | No need to have signed counters here.
* s4:operational LDB - implement the "tokenGroups" constructed attributeMatthias Dieter Wallnöfer2010-03-042-1/+96
| | | | | | | | | | It contains the transitive SID closure (expand member/memberOf attributes) of a certain SAM object. The "tokenGroups" attribute never contains the SID of the object itself. References: http://msdn.microsoft.com/en-us/library/ms680275(VS.85).aspx, http://support.microsoft.com/kb/301916, MS-ADTS 3.1.1.4.5.19.
* s4:sam.c - make "authsam_expand_nested_groups" publicMatthias Dieter Wallnöfer2010-03-042-1/+7
| | | | This is needed by the "tokenGroups" work in the operational LDB module.
* s4:sam.c - cosmetic indentation fixMatthias Dieter Wallnöfer2010-03-041-2/+1
|
* s4:sam.c - change variable types to unsigned in "sids_contains_sid"Matthias Dieter Wallnöfer2010-03-041-3/+4
| | | | Should also be unsigned - no need for a signed "i" and "num_sids" here.
* s4:operational LDB module - use right memory context int ↵Matthias Dieter Wallnöfer2010-03-041-2/+2
| | | | | | "construct_primary_group_token" Use the "msg" as temporary context and not "ldb" which lives much longer.
* Refactored ACL python testsNadezhda Ivanova2010-03-041-441/+256
| | | | | Made each type into a separate class to be easily run individually, removed code duplication
* s4:provision - use the new "interface_ips" python call to detect the right ↵Matthias Dieter Wallnöfer2010-03-041-8/+8
| | | | | | | | | | | host IPv4 address Inform the user when there are more possibilities (so he can check for the right address and otherwise he is able to do an immediate reprovision) and no possibility at all (then we fall back to the loopback address "127.0.0.1" - this is thought for testing purposes). I think this should be enough for closing bug #5484.
* s4:ldif_handlers - Use "unsigned int" for counting purposesMatthias Dieter Wallnöfer2010-03-041-4/+4
| | | | | | I changed "uint32_t" to "unsigned int" since the LDB specification prescrives "unsigned (int)" for counter variables (number of attributes, number of values...).
* s4:samdb.c - Make it signed-safeMatthias Dieter Wallnöfer2010-03-031-2/+2
| | | | | | Use an unsigned argument for the numbers of groups and the counter "i" since the function is called only by "auth_generate_session_info" with an unsigned number of groups argument.
* s4:srvsvc RPC - "srvsvc_create_ntvfs_connect"Matthias Dieter Wallnöfer2010-03-031-1/+1
| | | | | | Previous commit was incomplete. The "service" parameter in the "tcon" structure should point to "scfg->name". I'm not sure if "share" is right but the first was used before commit f390daef475126b4ff5a3d0ffd2babbd87d4c22b.
* s4:srvsvc RPC - fix up the "ntvfs_connect" in "srvsvc_create_ntvfs_connect"Matthias Dieter Wallnöfer2010-03-031-3/+5
| | | | | This should be the right fix (set the service name in the tcon union to the share name/path). That should be the solution for bug #6784.
* s4:torture/rpc/samr - Fix up SAMR-USERS testMatthias Dieter Wallnöfer2010-03-031-10/+22
| | | | | "QueryDomainInfo" returns only global groups, "QueryDisplayInfo" also universal ones. Consider MS-SAMR 3.1.5.5.1.1 and 3.1.5.3.1.
* s4:torture/rpc/samr - enhance the "EnumDomainGroups" test regarding ↵Matthias Dieter Wallnöfer2010-03-031-0/+15
| | | | | | | | | | | | | | | universal groups Find the "Enterprise Admins" group which does exist on s4 and Windows directories and is always per default universal. Test this only when the target is set to s4 (s3 deployments don't contain this group). If the number of returned objects is "0" (count) then we are likely testing the builtin domain of an AD deployment.Then we ignore the inexistent "Enterprise Admins" group. I didn't enhance the test for "QueryDomainInfo" since this does itself a comparison of all returned objects with the "EnumDomainGroups" call. Therefore if the latter passes, and the "QueryDomainInfo" test passes also the "QueryDomainInfo" call is okay regarding groups.
* s4:dcesrv_samr - Also "OpenGroup" needs to support universal groupsMatthias Dieter Wallnöfer2010-03-031-2/+3
|
* s4:dcesrv_samr - Fix up "EnumDomainGroups" and "QueryDisplayInfo" callsMatthias Dieter Wallnöfer2010-03-031-3/+6
| | | | | We need to look for both global and universal group types when querying them. Found by ekacnet (http://lists.samba.org/archive/samba-technical/2010-March/069777.html).
* Fix typo in comments.Karolin Seeger2010-03-031-2/+2
|
* dns: make dns update script use unbuffered IOAndrew Tridgell2010-03-031-0/+4
| | | | Otherwise we can lose debug output when a timeout happens
* s4-posix: allow change ownership of files if the user has the right privilegesAndrew Tridgell2010-03-031-2/+21
| | | | | | | | | When a user has SEC_PRIV_TAKE_OWNERSHIP or SEC_PRIV_RESTORE they have permission to change the ownership of a file. This should fix bug 6987 Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4-build: fix SMB_LIBRARY and change its name so it didn't collide with s3 oneMatthieu Patou2010-03-031-4/+4
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s4-winrepl: Migrated the wins replication server to tsocket.Andreas Schneider2010-03-034-141/+314
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s4:move the sddl code down to the top levelMichael Adam2010-03-033-627/+2
| | | | Michael
* s4/ildap: fine tune ildb_callback()Kamen Mazdrashki2010-03-031-3/+3
| | | | | | | | | | Actually ildb_context pointer is not supposed to be valid after calling ildb_request_done(). This is due to the fact that when calling ildb_request_done() caller will (most probably) free any locally built ldap_request objects - thus rendering ildb_context invalid. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
generated by cgit (git 2.34.1) at 2025-09-26 06:04:46 +0000