samba.git
15 years agor4488: removed an unused variable
Andrew Tridgell [Sun, 2 Jan 2005 23:09:11 +0000 (23:09 +0000)]
r4488: removed an unused variable

15 years agor4487: fixed the use of ldb_msg_add_*() in the samr password backend
Andrew Tridgell [Sun, 2 Jan 2005 23:05:27 +0000 (23:05 +0000)]
r4487: fixed the use of ldb_msg_add_*() in the samr password backend

15 years agor4486: fixed some memory leaks in the new ldb code, by ensuring that memory is always
Andrew Tridgell [Sun, 2 Jan 2005 23:03:50 +0000 (23:03 +0000)]
r4486: fixed some memory leaks in the new ldb code, by ensuring that memory is always
allocated as a child of the right context

15 years agor4485: remove unused TODO comment we already handle the DS_ROLE_STANDALONE_SERVER...
Stefan Metzmacher [Sun, 2 Jan 2005 16:25:30 +0000 (16:25 +0000)]
r4485: remove unused TODO comment we already handle the DS_ROLE_STANDALONE_SERVER case
correct

metze

15 years agor4484: - use the nTMixedDomain attribute to check if our domain is mixed mode or not
Stefan Metzmacher [Sun, 2 Jan 2005 16:24:05 +0000 (16:24 +0000)]
r4484: - use the nTMixedDomain attribute to check if our domain is mixed mode or not

metze

15 years agor4483: - rename same structs, enums and uninons of the dssetup pipe
Stefan Metzmacher [Sun, 2 Jan 2005 16:11:59 +0000 (16:11 +0000)]
r4483: - rename same structs, enums and uninons of the dssetup pipe
  to match the style we are using in other pipes

- first fillin local vars and only set the out parameter on success

- for the server code only to the samdb lookup when it's needed

NOTE: the DsRoleGetPrimaryDomainInformation() code with DS_ROLE_MEMBER_SERVER
      is not tested yet, does someone has a w2k3 member server to test with?

metze

15 years agor4482: in ads mixed mode there are also only one PDC and multiple BDC's
Stefan Metzmacher [Sun, 2 Jan 2005 16:06:21 +0000 (16:06 +0000)]
r4482: in ads mixed mode there are also only one PDC and multiple BDC's

metze

15 years agor4481: get rid of the last leak
Andrew Tridgell [Sun, 2 Jan 2005 13:04:32 +0000 (13:04 +0000)]
r4481: get rid of the last leak

15 years agor4480: autofree the dcom proxy tables
Andrew Tridgell [Sun, 2 Jan 2005 12:56:21 +0000 (12:56 +0000)]
r4480: autofree the dcom proxy tables

15 years agor4479: added the function talloc_autofree_context() which returns a talloc context...
Andrew Tridgell [Sun, 2 Jan 2005 12:55:33 +0000 (12:55 +0000)]
r4479: added the function talloc_autofree_context() which returns a talloc context that
will automatically be freed on program exit. This is useful for reducing
clutter in leak reports

15 years agor4477: expanded the test suite to increase code coverage a lot
Andrew Tridgell [Sun, 2 Jan 2005 09:46:59 +0000 (09:46 +0000)]
r4477: expanded the test suite to increase code coverage a lot

15 years agor4476: added a little gcov howto for ldb
Andrew Tridgell [Sun, 2 Jan 2005 08:53:58 +0000 (08:53 +0000)]
r4476: added a little gcov howto for ldb

15 years agor4475: fixed smbd to work with the small changes in the ldb API (the most important
Andrew Tridgell [Sun, 2 Jan 2005 07:51:13 +0000 (07:51 +0000)]
r4475: fixed smbd to work with the small changes in the ldb API (the most important
change was in the ldb_msg_add_*() routines, which now use the msg as a context,
and thus it needs to be a talloc ptr)

15 years agor4474: - converted ldb to use talloc internally
Andrew Tridgell [Sun, 2 Jan 2005 07:49:29 +0000 (07:49 +0000)]
r4474: - converted ldb to use talloc internally

- added gcov flags to Makefile.ldb

- expanded ldb test suite to get more coverage

15 years agor4473: - moved talloc into its own lib/talloc/ area
Andrew Tridgell [Sun, 2 Jan 2005 07:47:34 +0000 (07:47 +0000)]
r4473: - moved talloc into its own lib/talloc/ area

- added gcov flags to Makefile.talloc

- expanded talloc testsuite to add a test for realloc with a child ptr

- fixed a bug in talloc_realloc() with realloc of a ptr that has child ptrs

15 years agor4472: improve the discard_const() macro for standalone build of talloc
Andrew Tridgell [Sun, 2 Jan 2005 04:21:32 +0000 (04:21 +0000)]
r4472: improve the discard_const() macro for standalone build of talloc

15 years agor4471: Running 'make eparser_idl' doesn't need --header anymore.
Tim Potter [Sun, 2 Jan 2005 03:24:57 +0000 (03:24 +0000)]
r4471: Running 'make eparser_idl' doesn't need --header anymore.

15 years agor4470: Try not to have GSSAPI built unless we detected krb5. We should split
Andrew Bartlett [Sun, 2 Jan 2005 03:10:28 +0000 (03:10 +0000)]
r4470: Try not to have GSSAPI built unless we detected krb5.  We should split
these tests out a bit, but for now it's an indicator we can use.

Andrew Bartlett

15 years agor4469: Version n + 1 of the pidl ethereal parser generator. This version is
Tim Potter [Sun, 2 Jan 2005 00:00:43 +0000 (00:00 +0000)]
r4469: Version n + 1 of the pidl ethereal parser generator.  This version is
based on the idea of manipulating the .c and .h files generated by
parser.pm with perl regexps and glueing it all together to make an
ethereal plugin.

I thought this was a pretty crazy idea to start off with but it has
turned out to be not as complicated as I thought and has the huge advantage
of not duplicating any of the difficult code in parser.pm.

15 years agor4468: Don't be a slacker and leave out parameter names when generating
Tim Potter [Sat, 1 Jan 2005 23:18:59 +0000 (23:18 +0000)]
r4468: Don't be a slacker and leave out parameter names when generating
prototypes for ndr push/pull/print functions.

15 years agor4467: - tdb standalone build doesn't need -DSTANDALONE any more
Andrew Tridgell [Sat, 1 Jan 2005 05:08:41 +0000 (05:08 +0000)]
r4467: - tdb standalone build doesn't need -DSTANDALONE any more

- fixed standalone build

15 years agor4466: rather than defining "STANDALONE" for building tdb, ldb and talloc
Andrew Tridgell [Sat, 1 Jan 2005 05:06:22 +0000 (05:06 +0000)]
r4466: rather than defining "STANDALONE" for building tdb, ldb and talloc
outside the tree, instead defined _SAMBA_BUILD_ inside the Samba
build. This makes it easier to pull code out of Samba for external
use.

15 years agor4465: remove unused file
Andrew Tridgell [Sat, 1 Jan 2005 04:40:11 +0000 (04:40 +0000)]
r4465: remove unused file

15 years agor4464: added pvfs backend support for the special CREATOR_OWNER and CREATOR_GROUP...
Andrew Tridgell [Sat, 1 Jan 2005 04:25:46 +0000 (04:25 +0000)]
r4464: added pvfs backend support for the special CREATOR_OWNER and CREATOR_GROUP inheritance rules

15 years agor4463: added testing of the special SID_CREATOR_OWNER inheritance rules
Andrew Tridgell [Sat, 1 Jan 2005 03:46:55 +0000 (03:46 +0000)]
r4463: added testing of the special SID_CREATOR_OWNER inheritance rules

15 years agor4462: - enable DSSETUP on ncalrpc
Andrew Tridgell [Sat, 1 Jan 2005 01:40:45 +0000 (01:40 +0000)]
r4462: - enable DSSETUP on ncalrpc

- add DSSETUP to the list of tests run in test_rpc.sh

15 years agor4461: finished the remaining information levels in the DSSETUP pipe. The pipe is...
Andrew Tridgell [Sat, 1 Jan 2005 01:32:01 +0000 (01:32 +0000)]
r4461: finished the remaining information levels in the DSSETUP pipe. The pipe is now complete!

The only glitch is that I am returning DS_ROLE_MEMBER_SERVER when I
should be returning DS_ROLE_PRIMARY_DC. This is needed for the moment
or ACL editing doesn't work from w2k3. Once we have some more ADS
calls we should be able to fix this.

15 years agor4460: Add a new GENSEC module: gensec_gssapi
Andrew Bartlett [Sat, 1 Jan 2005 00:19:08 +0000 (00:19 +0000)]
r4460: Add a new GENSEC module: gensec_gssapi
(disabled by default, set parametric option: gensec:gssapi=yes to enable).

This module backs directly onto GSSAPI, and allows us to sign and seal
GSSAPI/Krb5 connections in particular.  This avoids me reinventing the
entire GSSAPI wheel.

Currently a lot of things are left as default - we will soon start
specifiying OIDs as well as passwords (it uses the keytab only at the
moment).  Tested with our LDAP-* torture tests against Win2k3.

My hope is to use this module to access the new SPNEGO implementation
in Heimdal, to avoid having to standards-verify our own.

Andrew Bartlett

15 years agor4459: GENSEC refinements:
Andrew Bartlett [Fri, 31 Dec 2004 22:45:11 +0000 (22:45 +0000)]
r4459: GENSEC refinements:

In developing a GSSAPI plugin for GENSEC, it became clear that the API
needed to change:
 - GSSAPI exposes only a wrap() and unwrap() interface, and determines
   the location of the signature itself.
 - The 'have feature' API did not correctly function in the recursive
   SPNEGO environment.

As such, NTLMSSP has been updated to support these methods.

The LDAP client and server have been updated to use the new wrap() and
unwrap() methods, and now pass the LDAP-* tests in our smbtorture.
(Unfortunely I still get valgrind warnings, in the code that was
previously unreachable).

Andrew Bartlett

15 years agor4458: Create ncalrpc directory with 0755 rather then 0700 so non-root users
Jelmer Vernooij [Fri, 31 Dec 2004 22:38:00 +0000 (22:38 +0000)]
r4458: Create ncalrpc directory with 0755 rather then 0700 so non-root users
can use ncalrpc as well.

15 years agor4457: Fix IDL + add torture test for InqObject
Jelmer Vernooij [Fri, 31 Dec 2004 22:12:44 +0000 (22:12 +0000)]
r4457: Fix IDL + add torture test for InqObject

15 years agor4456: NT4 usrmgr.exe asks for 4096 accounts, allow twice that.
Volker Lendecke [Fri, 31 Dec 2004 17:56:05 +0000 (17:56 +0000)]
r4456: NT4 usrmgr.exe asks for 4096 accounts, allow twice that.

Volker

15 years agor4455: LSADS was a duplicate of DSSETUP, and is now gone
Andrew Tridgell [Fri, 31 Dec 2004 13:28:31 +0000 (13:28 +0000)]
r4455: LSADS was a duplicate of DSSETUP, and is now gone

15 years agor4454: This is the patch I use to Samba3 nmbd to allow a WinXP box
Andrew Tridgell [Fri, 31 Dec 2004 13:23:37 +0000 (13:23 +0000)]
r4454: This is the patch I use to Samba3 nmbd to allow a WinXP box
to join a Samba4 domain. It is hard-coded for my GUID, so
you will need to edit it to suit.

I'm committing this so others can experiment. Obviously
what we really need is a new nmbd in Samba4.

15 years agor4453: use lp_server_role(), which currently returns 3, for the dssetup
Andrew Tridgell [Fri, 31 Dec 2004 12:10:35 +0000 (12:10 +0000)]
r4453: use lp_server_role(), which currently returns 3, for the dssetup
role. The value '5', which is what my w2k3 DC returns, doesn't
work. I'm not sure why this is.

with this change the GUI ACL editor from w2k3 works properly, with
either server role in the HKLM registry.

15 years agor4452: the beginnings of a dssetup rpc server.
Andrew Tridgell [Fri, 31 Dec 2004 11:37:26 +0000 (11:37 +0000)]
r4452: the beginnings of a dssetup rpc server.

15 years agor4451: added initial RPC-DSSETUP torture test. It works for level1 of
Andrew Tridgell [Fri, 31 Dec 2004 10:49:35 +0000 (10:49 +0000)]
r4451: added initial RPC-DSSETUP torture test. It works for level1 of
ds_RolerGetPrimaryDomainInformation()

15 years agor4450: the beginnings of IDL for the dssetup pipe. I need this pipe for ACL editing...
Andrew Tridgell [Fri, 31 Dec 2004 10:47:04 +0000 (10:47 +0000)]
r4450: the beginnings of IDL for the dssetup pipe. I need this pipe for ACL editing from w2k3
when we present ourselves as a DC in the registry

15 years agor4449: fixed the helpstring for LSA IDL
Andrew Tridgell [Fri, 31 Dec 2004 10:45:48 +0000 (10:45 +0000)]
r4449: fixed the helpstring for LSA IDL

15 years agor4448: - fixed access_mask checking on acl set
Andrew Tridgell [Fri, 31 Dec 2004 08:56:32 +0000 (08:56 +0000)]
r4448: - fixed access_mask checking on acl set

- honor the change ownership requests of acl set, changing the underlying
  unix owner/group

- fix the access mask on file create with SEC_FLAG_MAXIMUM_ALLOWED

15 years agor4447: implement server side of lsa_LookupSids3() and lsa_LookupNames3()
Andrew Tridgell [Fri, 31 Dec 2004 08:54:59 +0000 (08:54 +0000)]
r4447: implement server side of lsa_LookupSids3() and lsa_LookupNames3()

15 years agor4446: attempt to fix the build - andrew, can you check I've done this right?
Andrew Tridgell [Fri, 31 Dec 2004 08:54:07 +0000 (08:54 +0000)]
r4446: attempt to fix the build - andrew, can you check I've done this right?

15 years agor4445: put the unlink test in a subdirectory, and ensure it cleans up
Andrew Tridgell [Fri, 31 Dec 2004 08:44:08 +0000 (08:44 +0000)]
r4445: put the unlink test in a subdirectory, and ensure it cleans up

15 years agor4444: - initialise registry:HKEY_LOCAL_MACHINE to a reasonable default (where
Andrew Tridgell [Fri, 31 Dec 2004 08:43:34 +0000 (08:43 +0000)]
r4444: - initialise registry:HKEY_LOCAL_MACHINE to a reasonable default (where
  provision.pl suggests hklm.ldb be put)

- fix the globals init not to wipe parametic values after initialising
  them (this bug prevented default values for parametric parameters)

15 years agor4443: test lsa_LookupNames3() even when lsa_LookupSids3() fails
Andrew Tridgell [Fri, 31 Dec 2004 07:53:42 +0000 (07:53 +0000)]
r4443: test lsa_LookupNames3() even when lsa_LookupSids3() fails

15 years agor4442: fix lsa_TranslatedSid3 (its a dom_sid2 not a dom_sid)
Andrew Tridgell [Fri, 31 Dec 2004 07:52:54 +0000 (07:52 +0000)]
r4442: fix lsa_TranslatedSid3 (its a dom_sid2 not a dom_sid)

15 years agor4441: gensec_krb5 update:
Andrew Bartlett [Fri, 31 Dec 2004 07:43:08 +0000 (07:43 +0000)]
r4441: gensec_krb5 update:

 - Use more of the clikrb5.c wrapper calls

 - Don't use the session keytab if we kinit for the user.

Andrew Bartlett

15 years agor4440: - add a start of srvsvc_NetShareCheck() server code
Stefan Metzmacher [Fri, 31 Dec 2004 07:42:57 +0000 (07:42 +0000)]
r4440: - add a start of srvsvc_NetShareCheck() server code

- filterout hidden shares in NetShareEnum()

- get max_connections right

metze

15 years agor4439: unlimited connections is -1
Stefan Metzmacher [Fri, 31 Dec 2004 07:40:14 +0000 (07:40 +0000)]
r4439: unlimited connections is -1

metze

15 years agor4438: the ADMIN$ share is a diskshare but hidden
Stefan Metzmacher [Fri, 31 Dec 2004 07:35:14 +0000 (07:35 +0000)]
r4438: the ADMIN$ share is a diskshare but hidden

metze

15 years agor4437: added IDL and test code for lsa_LookupSids3() and lsa_LookupNames3().
Andrew Tridgell [Fri, 31 Dec 2004 07:26:26 +0000 (07:26 +0000)]
r4437: added IDL and test code for lsa_LookupSids3() and lsa_LookupNames3().

For some reason I am getting ACCESS_DENIED from w2k3 on
lsa_LookupSids3(). I will investigate.

15 years agor4436: add one more flag
Stefan Metzmacher [Fri, 31 Dec 2004 07:22:10 +0000 (07:22 +0000)]
r4436: add one more flag

metze

15 years agor4435: add another error code
Stefan Metzmacher [Fri, 31 Dec 2004 07:21:31 +0000 (07:21 +0000)]
r4435: add another error code

metze

15 years agor4434: - fix some NetShare* idl functions
Stefan Metzmacher [Fri, 31 Dec 2004 06:19:05 +0000 (06:19 +0000)]
r4434: - fix some NetShare* idl functions

- add torture test for NetShareCheck()

metze

15 years agor4433: added the boilerplate for the new w2k3 LSA functions in preparation
Andrew Tridgell [Fri, 31 Dec 2004 06:08:43 +0000 (06:08 +0000)]
r4433: added the boilerplate for the new w2k3 LSA functions in preparation
for adding LookupSids3 (needed for ACL editing from w2k3)

15 years agor4432: - add srvsvc_NetShareInfo level 1006 and 1501 idl
Stefan Metzmacher [Fri, 31 Dec 2004 05:34:31 +0000 (05:34 +0000)]
r4432: - add srvsvc_NetShareInfo level 1006 and 1501 idl

- implement srvsvc_NetGetShareInfo()

- add more error checks

- bring the rest of the code in the same layout

metze

15 years agor4431: add WERR_NET_NAME_NOT_FOUND
Stefan Metzmacher [Fri, 31 Dec 2004 04:45:13 +0000 (04:45 +0000)]
r4431: add WERR_NET_NAME_NOT_FOUND

metze

15 years agor4430: - fixed the BASE-LOCK* tests to use a subdirectory, and properly setup the...
Andrew Tridgell [Fri, 31 Dec 2004 04:17:03 +0000 (04:17 +0000)]
r4430: - fixed the BASE-LOCK* tests to use a subdirectory, and properly setup the directory before each test,
  thus avoiding errors due to previous failures

15 years agor4429: the owner of a file always gets SEC_STD_DELETE
Andrew Tridgell [Fri, 31 Dec 2004 03:55:37 +0000 (03:55 +0000)]
r4429: the owner of a file always gets SEC_STD_DELETE

15 years agor4428: use minimum open permissions in the 'acl' command in smbclient, so the user is
Andrew Tridgell [Fri, 31 Dec 2004 03:54:49 +0000 (03:54 +0000)]
r4428: use minimum open permissions in the 'acl' command in smbclient, so the user is
not prevented from viewing the acl by other access bits

15 years agor4427: - added ldb_msg_*() functions for sorting, comparing and copying messages
Andrew Tridgell [Fri, 31 Dec 2004 03:51:42 +0000 (03:51 +0000)]
r4427: - added ldb_msg_*() functions for sorting, comparing and copying messages

- added a ldb_msg_canonicalize() function that fixes a record to not have any duplicate
  elements

- changed ldbedit to use ldb_msg_canonicalize(). This fixes a bug when you rename multiple
  elements in a record in one edit

15 years agor4426: fix same names
Stefan Metzmacher [Fri, 31 Dec 2004 03:32:36 +0000 (03:32 +0000)]
r4426: fix same names

metze

15 years agor4425: - move srvsvc and wkssvc server code to the new W_ERROR_HAVE_NO_MEMORY() macro
Stefan Metzmacher [Fri, 31 Dec 2004 02:48:11 +0000 (02:48 +0000)]
r4425: - move srvsvc and wkssvc server code to the new W_ERROR_HAVE_NO_MEMORY() macro

- add parameters for
  server_info:platform_id = 500 /* this is PLATFORM_ID_NT */
  server_info:version_major = 5
  server_info:version_minor = 2

- implmented srvsvc_NetSrvGetInfo level 101

- make dcesrv_common_get_server_name() match w2k3

metze

15 years agor4424: fixed a simple bug in the '|' handling in indexed ldb searches. I'm
Andrew Tridgell [Fri, 31 Dec 2004 02:18:14 +0000 (02:18 +0000)]
r4424: fixed a simple bug in the '|' handling in indexed ldb searches. I'm
amazed we got along for so long with this bug!

15 years agor4423: give lp_parm_int() and lp_parm_ulong() default values
Stefan Metzmacher [Fri, 31 Dec 2004 01:03:57 +0000 (01:03 +0000)]
r4423: give lp_parm_int() and lp_parm_ulong() default values

metze

15 years agor4422: make lp_set_cmdline("torture:dangerous", "Yes") a bool parameter
Stefan Metzmacher [Fri, 31 Dec 2004 01:02:22 +0000 (01:02 +0000)]
r4422: make lp_set_cmdline("torture:dangerous", "Yes") a bool parameter

metze

15 years agor4421: fix typo
Stefan Metzmacher [Fri, 31 Dec 2004 00:07:37 +0000 (00:07 +0000)]
r4421: fix typo

metze

15 years agor4420: - add usefull helper macros for allocation failures,
Stefan Metzmacher [Thu, 30 Dec 2004 23:51:18 +0000 (23:51 +0000)]
r4420: - add usefull helper macros for allocation failures,
  they should be used in mostly all our code after
  calling a talloc_* function

- the current NTSTATUS_TALLOC_CHECK() and WERR_TALLOC_CHECK()
  should be replaced by this new macros

metze

15 years agor4419: move security_token stuff to the libcli/security/
Stefan Metzmacher [Thu, 30 Dec 2004 20:34:20 +0000 (20:34 +0000)]
r4419: move security_token stuff to the libcli/security/
and debug privileges

metze

15 years agor4418: fix compiler warning and remove unused typedef
Stefan Metzmacher [Thu, 30 Dec 2004 19:55:23 +0000 (19:55 +0000)]
r4418: fix compiler warning and remove unused typedef

metze

15 years agor4417: Reply to samr_QueryDomainInfo with the same static value as level2 does.
Volker Lendecke [Thu, 30 Dec 2004 19:11:25 +0000 (19:11 +0000)]
r4417: Reply to samr_QueryDomainInfo with the same static value as level2 does.

Volker

15 years agor4416: [in,out] variables do have an r->out component...
Volker Lendecke [Thu, 30 Dec 2004 19:08:32 +0000 (19:08 +0000)]
r4416: [in,out] variables do have an r->out component...

Volker

15 years agor4415: Implement samr_RemoveMemberFromForeignDomain. This is needed to delete a user
Volker Lendecke [Thu, 30 Dec 2004 18:50:15 +0000 (18:50 +0000)]
r4415: Implement samr_RemoveMemberFromForeignDomain. This is needed to delete a user
with usrmgr.exe.

To fix: Remove domain group membership attrib values when a user is deleted.

Volker

15 years agor4414: Various bits&pieces:
Volker Lendecke [Thu, 30 Dec 2004 17:01:49 +0000 (17:01 +0000)]
r4414: Various bits&pieces:

* Implement samr_search_domain, filter out all elements with no "objectSid"
  attribute and all objects outside a specified domain sid.

* Minor cleanups in dcerpc_samr.c due to that.

* Implement srvsvc_NetSrvGetInfo level 100. A quick hack to get usrmgr.exe
  one step further.

* Same for samr_info_DomInfo1.

Volker

15 years agor4413: login failure doesn't warrant a level 1 debug (its filling my logs during...
Andrew Tridgell [Thu, 30 Dec 2004 11:24:49 +0000 (11:24 +0000)]
r4413: login failure doesn't warrant a level 1 debug (its filling my logs during torture tests)

15 years agor4412: SEC_FILE_READ_ATTRIBUTE is always granted, even if not requested. This was...
Andrew Tridgell [Thu, 30 Dec 2004 07:10:31 +0000 (07:10 +0000)]
r4412: SEC_FILE_READ_ATTRIBUTE is always granted, even if not requested. This was being done
in the full ACL code, but not in the unix access check code, which meant that qfileinfo
was failing for some parameters

15 years agor4411: when checking for create permissions, we need to check the parent, not the...
Andrew Tridgell [Thu, 30 Dec 2004 06:51:13 +0000 (06:51 +0000)]
r4411: when checking for create permissions, we need to check the parent, not the child!

15 years agor4410: pvfs_rename_one() should not check for create permissions, as the rename
Andrew Tridgell [Thu, 30 Dec 2004 06:37:37 +0000 (06:37 +0000)]
r4410: pvfs_rename_one() should not check for create permissions, as the rename
is always in the same directory

15 years agor4409: fixed handling of zero access masks for the POSITION_INFORMATION query/set...
Andrew Tridgell [Thu, 30 Dec 2004 06:02:54 +0000 (06:02 +0000)]
r4409: fixed handling of zero access masks for the POSITION_INFORMATION query/set levels

15 years agor4408: added the remaining access check hooks into pvfs. All calls should now have...
Andrew Tridgell [Thu, 30 Dec 2004 05:50:23 +0000 (05:50 +0000)]
r4408: added the remaining access check hooks into pvfs. All calls should now have acl checking,
and obey the various inheritance rules.

15 years agor4407: stricter checking of parameters on hard link creation in the RAW-RENAME test
Andrew Tridgell [Thu, 30 Dec 2004 05:48:32 +0000 (05:48 +0000)]
r4407: stricter checking of parameters on hard link creation in the RAW-RENAME test

15 years agor4406: - don't call the xattr unlink hook on unlink unless the link count is 1, otherwise
Andrew Tridgell [Thu, 30 Dec 2004 03:19:27 +0000 (03:19 +0000)]
r4406: - don't call the xattr unlink hook on unlink unless the link count is 1, otherwise
  the xattrs of the remaining link are removed

- fix the handling of attribute set on directories

15 years agor4405: added acl inheritance to the mkdir and t2mkdir backends.
Andrew Tridgell [Thu, 30 Dec 2004 02:38:44 +0000 (02:38 +0000)]
r4405: added acl inheritance to the mkdir and t2mkdir backends.

15 years agor4404: check for SEC_ACE_FLAG_INHERIT_ONLY in the "maximum allowed" logic
Andrew Tridgell [Thu, 30 Dec 2004 02:27:16 +0000 (02:27 +0000)]
r4404: check for SEC_ACE_FLAG_INHERIT_ONLY in the "maximum allowed" logic

15 years agor4403: - added ACL inheritance in the pvfs backend. ACLs are now inherited on
Andrew Tridgell [Thu, 30 Dec 2004 02:25:20 +0000 (02:25 +0000)]
r4403: - added ACL inheritance in the pvfs backend. ACLs are now inherited on
  file and directory creation via ntcreatex. pvfs now passes the
  inheritance test in RAW-ACLS

- cleaned up the error handling a bit in pvfs_open()

15 years agor4402: use __location__ instead of __LINE__ in the RAW-RENAME test
Andrew Tridgell [Thu, 30 Dec 2004 02:22:29 +0000 (02:22 +0000)]
r4402: use __location__ instead of __LINE__ in the RAW-RENAME test

15 years agor4401: stricter test for correct ACL inheritance in RAW-ACLS
Andrew Tridgell [Thu, 30 Dec 2004 02:22:03 +0000 (02:22 +0000)]
r4401: stricter test for correct ACL inheritance in RAW-ACLS

15 years agor4400: Pass rootdse.ldif past the subst code.
Andrew Bartlett [Wed, 29 Dec 2004 22:59:28 +0000 (22:59 +0000)]
r4400: Pass rootdse.ldif past the subst code.

Andrew Bartlett

15 years agor4399: Implement samr_GetAliasMembership and samr_GetGroupsForUser. With these two,
Volker Lendecke [Wed, 29 Dec 2004 22:57:20 +0000 (22:57 +0000)]
r4399: Implement samr_GetAliasMembership and samr_GetGroupsForUser. With these two,
usrmgr.exe seems to become usable. Some quirks, but it's worth a try.

Volker

15 years agor4398: Make usrmgr.exe believe we're a DC. Otherwise it will not show global groups.
Volker Lendecke [Wed, 29 Dec 2004 22:54:24 +0000 (22:54 +0000)]
r4398: Make usrmgr.exe believe we're a DC. Otherwise it will not show global groups.

Index on "key" attribute.

Volker

15 years agor4397: Fix a bug where '(&(objectclass=domain)(!(objectclass=builtindomain)))' fell
Volker Lendecke [Wed, 29 Dec 2004 22:25:46 +0000 (22:25 +0000)]
r4397: Fix a bug where '(&(objectclass=domain)(!(objectclass=builtindomain)))' fell
back to a full search.

Volker

15 years agor4396: Generate newrootdse.ldb in provision.pl as well
Jelmer Vernooij [Wed, 29 Dec 2004 21:41:17 +0000 (21:41 +0000)]
r4396: Generate newrootdse.ldb in provision.pl as well

15 years agor4395: Generate "newhklm.ldb" using provision.pl
Jelmer Vernooij [Wed, 29 Dec 2004 21:21:14 +0000 (21:21 +0000)]
r4395: Generate "newhklm.ldb" using provision.pl

15 years agor4394: Use 'raw' protocol towers in the lists in the endpoint rather then
Jelmer Vernooij [Wed, 29 Dec 2004 15:36:45 +0000 (15:36 +0000)]
r4394: Use 'raw' protocol towers in the lists in the endpoint rather then
dcerpc_binding structs.

15 years agor4393: Trivial bugfix for a silly bug
Volker Lendecke [Wed, 29 Dec 2004 13:22:00 +0000 (13:22 +0000)]
r4393: Trivial bugfix for a silly bug

15 years agor4392: Fix samr_GetAliasMembership idl
Volker Lendecke [Wed, 29 Dec 2004 13:20:17 +0000 (13:20 +0000)]
r4392: Fix samr_GetAliasMembership idl

15 years agor4391: bring the default ACL inline with what w2k3 uses
Andrew Tridgell [Wed, 29 Dec 2004 12:41:27 +0000 (12:41 +0000)]
r4391: bring the default ACL inline with what w2k3 uses

15 years agor4390: Registry value and key names are case-insensitive
Jelmer Vernooij [Wed, 29 Dec 2004 12:28:35 +0000 (12:28 +0000)]
r4390: Registry value and key names are case-insensitive
Nicer menu layout in gregedit

15 years agor4389: added checking for the default inherited ACL, which is used when no ACEs
Andrew Tridgell [Wed, 29 Dec 2004 07:28:03 +0000 (07:28 +0000)]
r4389: added checking for the default inherited ACL, which is used when no ACEs
are inheritable

15 years agor4388: - allow ACE flags to be specified in security_descriptor_create()
Andrew Tridgell [Wed, 29 Dec 2004 06:53:15 +0000 (06:53 +0000)]
r4388: - allow ACE flags to be specified in security_descriptor_create()

- added a test for all combinations of the inheritance ACE flags and how
  they are propogated to child directories and files