summaryrefslogtreecommitdiffstats
path: root/source4
Commit message (Collapse)AuthorAgeFilesLines
...
* dsdb-acl: ask for the objectClass attribute if it's not in the scope of the ↵Andrew Bartlett2013-01-211-1/+16
| | | | | | | | | | | clients search This will be used later. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-acl: use dsdb_get_structural_oc_from_msg() rather than ↵Andrew Bartlett2013-01-211-8/+7
| | | | | | | | | | | | | | | | class_schemaid_guid_by_lDAPDisplayName This uses dsdb_get_last_structural_objectclass(), which encodes this ordering knowledge in one place in the code, rather than using this uncommented magic expression: (char *)oc_el->values[oc_el->num_values-1].data Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-acl: Use dsdb_get_structural_oc_from_msg() in acl_rename()Andrew Bartlett2013-01-211-12/+14
| | | | | | Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-acl: Use dsdb_get_structural_oc_from_msg() in acl_modify()Andrew Bartlett2013-01-211-8/+10
| | | | | | Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-acl: add acl_check_access_on_objectclass() helperStefan Metzmacher2013-01-211-0/+39
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-acl: Add helper function dsdb_get_structural_oc_from_msg()Andrew Bartlett2013-01-211-0/+13
| | | | | | | | | | | This will eventually replace get_oc_guid_from_message(), returning the full dsdb_class. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-acl: attr is not optional to acl_check_access_on_attribute()Stefan Metzmacher2013-01-211-25/+24
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-acl: dsdb_attribute_by_lDAPDisplayName() is needed for all attributesStefan Metzmacher2013-01-211-16/+18
| | | | | | | | "clearTextPassword" is the only exception. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-acl: introduce a 'el' helper variable to acl_modify()Stefan Metzmacher2013-01-211-12/+11
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-acl: introduce a 'msg' helper variable to acl_modify()Stefan Metzmacher2013-01-211-20/+20
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-schema: make sure we build [system]PossibleInferiors completelyStefan Metzmacher2013-01-211-0/+4
| | | | | | | | | Otherwise callers like dsdb_schema_copy_shallow() will corrupt the talloc hierarchie. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-schema: make sure use clean caches in schema_inferiors.cStefan Metzmacher2013-01-212-28/+32
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb-schema: make schema_subclasses_order_recurse() staticStefan Metzmacher2013-01-211-3/+3
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Tests: remove redondent testsuites in provisionMatthieu Patou2013-01-211-6/+1
| | | | | | | | | | Removed provision are already tested somewhere else. Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Matthieu Patou <mat@samba.org> Autobuild-Date(master): Mon Jan 21 09:59:43 CET 2013 on sn-devel-104
* Tests: rewrite ldap_schema to specify attributesMatthieu Patou2013-01-211-15/+24
| | | | | Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* heimdal_build: Try again to sort out the strerror_r messAndrew Bartlett2013-01-193-8/+8
| | | | Reviewed-by: Stefan Metzmacher <metze@samba.org>
* spoolss: make spoolss deal with ndr64 SetForm by using proper container object.Günther Deschner2013-01-172-14/+17
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* spoolss: make spoolss deal with ndr64 AddForm by using proper container object.Günther Deschner2013-01-172-17/+20
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* s4-torture: add ndr64 spoolss_SetPrinter ndr test.Günther Deschner2013-01-171-0/+73
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* spoolss: make spoolss deal with ndr64 ULONG_PTR of devmode_ptr and secdesc_ptr.Günther Deschner2013-01-172-8/+8
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* dsdb-operational: Avoid doing the ldb_attr_cmp if bypass flag is not setMatthieu Patou2013-01-171-1/+1
| | | | | | | | | | Most of the time this flag is not set and so we can avoid the strcasecmp in ldb_attr_cmp() Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Jan 17 17:10:32 CET 2013 on sn-devel-104
* torture: Fix fsmo test to use correct -H samba-tool syntaxAndrew Bartlett2013-01-171-2/+2
| | | | | | However, the test still does not pass. Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Do not hold the transaction over the IRPC call to perform a role transferAndrew Bartlett2013-01-171-1/+26
| | | | | | | | This avoids one samba process locking out another from the DB. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
* drs-fsmo: Improve handling of FSMO role takeover.Andrew Bartlett2013-01-173-5/+14
| | | | | | | | This needs to be more async, and give less scary errors. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb-acl: calculate sDRightsEffective based on "nTSecurityDescriptor"Stefan Metzmacher2013-01-171-3/+11
| | | | | | | | | | | acl_check_access_on_attribute should never be called with attr=NULL because we don't check access on an attribute in that case Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Matthieu Patou <mat@matws.net> Autobuild-User(master): Matthieu Patou <mat@samba.org> Autobuild-Date(master): Thu Jan 17 11:21:10 CET 2013 on sn-devel-104
* dsdb-acl: add helper variable 'ldb' in acl_sDRightsEffectiveStefan Metzmacher2013-01-171-1/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Matthieu Patou <mat@matws.net>
* dsdb-acl: fix the order of special and system checksStefan Metzmacher2013-01-171-22/+61
| | | | | | | | | First we check for a special dn, then for system access. All allocations happen after this checks in order to avoid allocations we won't use. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Matthieu Patou <mat@matws.net>
* dsdb-acl: Do not apply ACL on special DNs to hide attributes that the user ↵Matthieu Patou2013-01-171-0/+4
| | | | | | | | | | | | | | | | shouldn't see This fix frequent reindexing when using python script with a user that is not system. The reindexing is caused by ACL module hidding (removing) attributes in the search request for all attributes in dn=@ATTRIBUTES and because dsdb_schema_set_indices_and_attributes checks that the list of attributes that it just calculated from the schema is the same as the list written in @ATTRIBUTES, if not the list is replaced and a reindexing is triggered. Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb-acl: talloc_free the private context when we pass to the next moduleStefan Metzmacher2013-01-171-0/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Matthieu Patou <mat@matws.net>
* dsdb-acl: don't call dsdb_user_password_support() if we don't use the resultStefan Metzmacher2013-01-171-2/+8
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Matthieu Patou <mat@matws.net>
* torture: copychunk test suite improvementsDavid Disseldorp2013-01-161-8/+719
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow for large files in test_setup_copy_chunk(): Write test data in 1M IOs, rather than attempting to do the whole thing in one go. Add copychunk bad resume key test: Send a copy chunk request with an intentionally bogus resume key (source key handle). Add copychunk src=dest test: Test copychunk requests where the source and destination handles refer to the same file. Add copychunk src=dest overlap test. Add desired access args to test_setup_copy_chunk(). Add copychunk_bad_access test: Open the copychunk source and destination files with differing desired_access values. Confirm copychunk response matches 2k8 and 2k12 behaviour. Add copy_chunk_src_exceed test: Attempts to copy more data than is present in the copychunk source file. Add copy_chunk_src_exceed_multi test: Test whether the first chunk in a multi-chunk copychunk request is written to disk, where the second chunk is invalid due to src file overrun. Add copy_chunk_sparse_dest test: Issue a request where the target offset exceeds the file size, resulting in a sparse region. Add copy_chunk_max_output_sz test. Reviewed by: Jeremy Allison <jra@samba.org>
* torture: replace ioctl failure returns with helper callsDavid Disseldorp2013-01-161-33/+25
| | | | | | | Also change test_ioctl_get_shadow_copy() to use torture_skip(), and clean up test output. Reviewed by: Jeremy Allison <jra@samba.org>
* torture: add locking tests for copychunkDavid Disseldorp2013-01-161-0/+228
| | | | Reviewed by: Jeremy Allison <jra@samba.org>
* torture: skip FSCTL_SRV_ENUM_SNAPS test when not supportedDavid Disseldorp2013-01-161-0/+6
| | | | | | | | If FSCTL_SRV_ENUM_SNAPS fails with NT_STATUS_NOT_SUPPORTED then skip the test, this means we can run the full ioctl test suite as part of autobuild. Reviewed by: Jeremy Allison <jra@samba.org>
* smb2_ioctl: remove ioctl error response assumptionsDavid Disseldorp2013-01-162-3/+92
| | | | | | | | | | | | MS-SMB2 3.3.4.4 documents cases where a ntstatus indicating an error should not be considered a failure. In such a case the output data buffer should be sent to the client rather than an error response packet. Add a new fsctl copy_chunk test to confirm field limits are sent back in response to an oversize chunk request. Reviewed by: Jeremy Allison <jra@samba.org>
* s4-torture: add ndr64 spoolss openprinterex to ndr test.Günther Deschner2013-01-161-0/+28
| | | | | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Jan 16 13:26:53 CET 2013 on sn-devel-104
* s4-torture: allow to do ndr tests with flags, not only ndr_flags.Günther Deschner2013-01-162-3/+14
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* spoolss: Make OpenPrinterEx work with NDR64 by using UserInfo Container.Günther Deschner2013-01-165-31/+29
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* dsdb: Add test for modification of two attributes, one permitted, one denied ↵Andrew Bartlett2013-01-151-0/+15
| | | | | | | | | | (bug #9554 - CVE-2013-0172) Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 8bafe0871526cd5d5e7fdbe123ab661379f64cb1) Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Jan 15 14:03:47 CET 2013 on sn-devel-104
* dsdb-acl: Run sec_access_check_ds on each attribute proposed to modify (bug ↵Andrew Bartlett2013-01-151-28/+27
| | | | | | | | | | | | | | | | | | #9554 - CVE-2013-0172) This seems inefficient, but is needed for correctness. The alternative might be to have the sec_access_check_ds code confirm that *all* of the nodes in the object tree have been cleared to node->remaining_bits == 0. Otherwise, I fear that write access to one attribute will become write access to all attributes. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit d776fd807e0c9a62f428ce666ff812655f98bc47)
* dsdb: Make linked_attributes module GUID based for renamesAndrew Bartlett2013-01-121-13/+64
| | | | | | | | | | | | | | | This ensures that when we have the backlink out of sync with the forward link (perhaps due to another operation that has put the backlink handling in an end-of-transaction TODO list in repl_meta_data) that we do not error out, we just cope as well as we can. The GUID is the unique identifier, not the DN. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sat Jan 12 12:52:28 CET 2013 on sn-devel-104
* s4-resolve: Fix parsing of IPv6/AAAA in dns_lookup (bug #9555)Arvid Requate2013-01-121-0/+1
| | | | Reviewed-by: Stefan Metzmacher <metze@samba.org>
* scripting/samba_upgradedns: Only look for IPv4/IPv6 addresses if we actually ↵Andrew Bartlett2013-01-101-21/+22
| | | | | | | | | | | | | | them This allows the script to be used to create/remove the samba-specific dns-SERVER account when we do not need to create the in-directory partition. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Jan 10 20:56:50 CET 2013 on sn-devel-104
* samba-tool classicupgrade: Do not print the admin password during upgradeAndrew Bartlett2013-01-101-1/+10
| | | | | | | | | | | | This changes the code to only set and show a new password if no admin user is found during the upgrade. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Jan 10 16:55:23 CET 2013 on sn-devel-104
* s4-idmap: Remove requirement that posixAccount or posixGroup be set for rfc2307Andrew Bartlett2013-01-101-6/+3
| | | | | | | | | | This change matches the source3/idmap/idmap_ad.c code, and allows this feature to work with only the setting of the UID/GID in Active Directory Users and Computers. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
* selftest: Add test for rfc2307 mapping handlingAndrew Bartlett2013-01-101-0/+1
| | | | Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb-acl: give error string if we can not obtain the schemaAndrew Bartlett2013-01-101-2/+3
| | | | Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-dbcheck: Allow forcing an override of an old @MODULES recordAndrew Bartlett2013-01-102-4/+29
| | | | Reviewed-by: Stefan Metzmacher <metze@samba.org>
* Use the new directory_create_or_exist_strict() function.Andreas Schneider2013-01-094-5/+10
| | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba_dnsupdate: set KRB5_CONFIG for nsupdate commandBjörn Baumbach2013-01-091-4/+5
| | | | | | | | | Let nslookup use krb5.conf, which is set in our KRB5_CONFIG. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
generated by cgit (git 2.34.1) at 2025-09-26 12:05:04 +0000