samba.git
14 years agor4114: added have_features bits to gensec schannel code. This fixes our
Andrew Tridgell [Thu, 9 Dec 2004 10:32:43 +0000 (10:32 +0000)]
r4114: added have_features bits to gensec schannel code. This fixes our
schannel code.

I would also like to give a gentle reminder to everyone to please run
the appropriate test scripts when you change a subsystem. It's a shame
to have this test code and not use it, and it takes much longer for
another developer to track down a bug in your new code than it would
take for you fix to it at the time you first add it.

 - for rpc changes run test_rpc.sh
 - for CIFS changes run test_posix.sh
 - for ldb changes run test-tdb in lib/ldb/
(This used to be commit 0c58b254cabd236911021aff87c73183356fa8e3)

14 years agor4113: modified EnumValue in winreg to take advantage of the new pidl handling
Andrew Tridgell [Thu, 9 Dec 2004 07:52:00 +0000 (07:52 +0000)]
r4113: modified EnumValue in winreg to take advantage of the new pidl handling
of arrays.
(This used to be commit b47e203a054e26d5d0c133a3c3b8d9502bd6ac69)

14 years agor4112: when a pointer is NULL on the wire ensure it is null in the structure
Andrew Tridgell [Thu, 9 Dec 2004 07:51:20 +0000 (07:51 +0000)]
r4112: when a pointer is NULL on the wire ensure it is null in the structure
(This used to be commit 83221a0da07bf7c45757e737782f2f4ee541ad88)

14 years agor4111: fixed winreg to use much simpler (and I believe correct) IDL for QueryValue
Andrew Tridgell [Thu, 9 Dec 2004 07:05:47 +0000 (07:05 +0000)]
r4111: fixed winreg to use much simpler (and I believe correct) IDL for QueryValue
(This used to be commit 659d0295314c6a070698fc81223044f4d7366993)

14 years agor4110: fixed pidl to allow arrays to have size_is() and length_is() elements
Andrew Tridgell [Thu, 9 Dec 2004 07:05:00 +0000 (07:05 +0000)]
r4110: fixed pidl to allow arrays to have size_is() and length_is() elements
that depend on variables that come after the array in the structure or function.

This has been something that has been problematic for a while, but the
winreg QueryValue problem finally prompted me to fix it properly. We
should now go back and fix up all the ugly workarounds we have used to
avoid this problem in other calls.

Unfortunately the solution is fairly complex, and involves the use of
the internal ndr token lists (similar to the solution for relative
pointers). I wonder if anyone else will be able to follow the logic if
I get run over by a bus :-)
(This used to be commit e839b19ec5581f669f2a7705b1fb80845313251c)

14 years agor4109: fixed an uninitialised socket write found by kukks
Andrew Tridgell [Thu, 9 Dec 2004 04:40:57 +0000 (04:40 +0000)]
r4109: fixed an uninitialised socket write found by kukks
(This used to be commit 30c58b046d65164da37f705de105662f806e1331)

14 years agor4106: Add full name of two more hives
Jelmer Vernooij [Wed, 8 Dec 2004 22:13:28 +0000 (22:13 +0000)]
r4106: Add full name of two more hives
(This used to be commit c1023db5e8336e495c06acae1773a28d7fc90658)

14 years agor4105: Fix IDL for QueryValue() and add a torture test for it.
Jelmer Vernooij [Wed, 8 Dec 2004 22:02:49 +0000 (22:02 +0000)]
r4105: Fix IDL for QueryValue() and add a torture test for it.
Thanks to Michael Allen for some hints on what was wrong with the previous IDL.
(This used to be commit 0fa6d847433eb281eaff15b8be4a26f898689f0a)

14 years agor4102: more uint64 vs HYPER_T fixes
Stefan Metzmacher [Wed, 8 Dec 2004 11:30:26 +0000 (11:30 +0000)]
r4102: more uint64 vs HYPER_T fixes

NOTE:
 [u]int64 uses 4 Byte alignment
 and HYPER_T uses 8 Byte alignment

metze
(This used to be commit 717454eb2fd2bf90e67074acefdae5304cd7433f)

14 years agor4101: ignore secondary session requests to cope with a OS/2 bug reported by
Andrew Tridgell [Wed, 8 Dec 2004 11:02:47 +0000 (11:02 +0000)]
r4101: ignore secondary session requests to cope with a OS/2 bug reported by
Guenter Kukkukk
(This used to be commit 49c8df5648eae1e8222c0dd2859fd2ff62ef34ce)

14 years agor4100: fix drsuapi_DsReplicaObjMetaData2() idl
Stefan Metzmacher [Wed, 8 Dec 2004 10:54:09 +0000 (10:54 +0000)]
r4100: fix drsuapi_DsReplicaObjMetaData2() idl

(many thanks to tridge for telling me that HYPER_T isn't the same as uint64!)

metze
(This used to be commit 74b9ef4de5263953aa2e03401a271f2830163efe)

14 years agor4099: Spelling fixes.
Tim Potter [Wed, 8 Dec 2004 10:36:14 +0000 (10:36 +0000)]
r4099: Spelling fixes.
(This used to be commit 24d9f97bd6059d90eeead23900225e286047a862)

14 years agor4098: catch null guid string so RPC-DRSUAPI works against my server
Andrew Tridgell [Wed, 8 Dec 2004 10:24:10 +0000 (10:24 +0000)]
r4098: catch null guid string so RPC-DRSUAPI works against my server
(This used to be commit c4c83f04f55d206716380330d2a4d2b31f893346)

14 years agor4097: add missing file from last commit
Stefan Metzmacher [Wed, 8 Dec 2004 10:13:45 +0000 (10:13 +0000)]
r4097: add missing file from last commit

sorry!:-)

metze
(This used to be commit c2495d60a11febb2715d0dbf3f6598d8edccfb11)

14 years agor4096: move the samdb code to source/dsdb/
Stefan Metzmacher [Wed, 8 Dec 2004 08:21:35 +0000 (08:21 +0000)]
r4096: move the samdb code to source/dsdb/

the idea is to have a directory service db layer
which will be used by the ldap server, samr server, drsuapi server
authentification...

I plan to make different implementations of this interface possible
- current default will be the current samdb code with sam.ldb
- a compat implementation for samba3 (if someone wants to write one)
- a new dsdb implementation which:
  - understands naming contexts (directory parrtitions)
  - do schema and acl checking checking
  - maintain objectGUID, timestamps and USN number,
    maybe linked attributes ('member' and 'memberOf' attributes)
  - store metadata on a attribute=value combination...

metze
(This used to be commit 893a8b8bca2f020fbbe6f469aaa8dd4478249eb8)

14 years agor4095: smbsrv_terminate_connection() doesn't exit() in single processor mode, so...
Andrew Tridgell [Wed, 8 Dec 2004 08:09:42 +0000 (08:09 +0000)]
r4095: smbsrv_terminate_connection() doesn't exit() in single processor mode, so after we
call it we need to return, and not continue processing packets
(This used to be commit 33e4cee17dbfbb79e5ae68fda893a4d313865eb5)

14 years agor4087: - add idl and torture tests for drsuapi_DsReplicaGetInfo()
Stefan Metzmacher [Tue, 7 Dec 2004 12:20:28 +0000 (12:20 +0000)]
r4087: - add idl and torture tests for drsuapi_DsReplicaGetInfo()

(NOTE: that the drsuapi_DsReplicaObjMetaData2 struct is not corrently parsed yet
 and there're some unknown fields left in someother infotypes)

metze
(This used to be commit 4fd57d5e7cff085a8c003ea82f282e26dc1346d9)

14 years agor4086: - make dcerpc_ndr_request_table_send() the default and rename it to just
Stefan Metzmacher [Tue, 7 Dec 2004 09:26:00 +0000 (09:26 +0000)]
r4086: - make dcerpc_ndr_request_table_send() the default and rename it to just
  dcerpc_ndr_request_send()
- this allows us to call dcerpc_log_packet() when we receive a packet we
  can't parse correctly

metze
(This used to be commit a7a6cea112a180a28188997ca99f30d8dd286bb8)

14 years agor4085: print out dcerpc_fault's as names
Stefan Metzmacher [Tue, 7 Dec 2004 09:21:13 +0000 (09:21 +0000)]
r4085: print out dcerpc_fault's as names

metze
(This used to be commit 979c453c4dedf0006997dfc9994331e49643b741)

14 years agor4084: add some more error codes
Stefan Metzmacher [Tue, 7 Dec 2004 09:18:56 +0000 (09:18 +0000)]
r4084: add some more error codes

metze
(This used to be commit e5db58526825476fd6d8d80c8ee6c3bca0e23c84)

14 years agor4082: support alter_context requests
Stefan Metzmacher [Mon, 6 Dec 2004 17:48:51 +0000 (17:48 +0000)]
r4082: support alter_context requests

metze
(This used to be commit ab6ec6b5f4e04322eb151b7bf9c530a0dc16bf89)

14 years agor4081: use clearer names
Stefan Metzmacher [Mon, 6 Dec 2004 17:44:33 +0000 (17:44 +0000)]
r4081: use clearer names

metze
(This used to be commit 5d7d6f02cf1aa731d371c97054480d83d85102cb)

14 years agor4080: missing file from the last commit
Stefan Metzmacher [Mon, 6 Dec 2004 15:45:48 +0000 (15:45 +0000)]
r4080: missing file from the last commit

metze
(This used to be commit ea7b496995573426486b7eab5de822d5602d7368)

14 years agor4079: implement the gensec_have_feature() correctly by asking
Stefan Metzmacher [Mon, 6 Dec 2004 15:44:17 +0000 (15:44 +0000)]
r4079: implement the gensec_have_feature() correctly by asking
the backend what is actually in use

metze
(This used to be commit 6f3eb7bc03609108b9e0ea5676fca3d04140e737)

14 years agor4078: use clearer names
Stefan Metzmacher [Mon, 6 Dec 2004 15:17:43 +0000 (15:17 +0000)]
r4078: use clearer names

metze
(This used to be commit 717f7c3555ecf6265b5b30783f3214f4ca3b6c00)

14 years agor4077: don't add wrapping to empty blobs
Stefan Metzmacher [Mon, 6 Dec 2004 15:14:42 +0000 (15:14 +0000)]
r4077: don't add wrapping to empty blobs

metze
(This used to be commit e6d83d019dc46ff7ae32e7c8f9f7a3ab7d0cdcf3)

14 years agor4076: fix compiler warning
Stefan Metzmacher [Mon, 6 Dec 2004 15:10:31 +0000 (15:10 +0000)]
r4076: fix compiler warning

metze
(This used to be commit 2647b47557c880dd5f24a4cd15475badfd7fdc94)

14 years agor4075: implement RemoteTOD server function
Stefan Metzmacher [Mon, 6 Dec 2004 11:10:15 +0000 (11:10 +0000)]
r4075: implement RemoteTOD server function

metze
(This used to be commit 0c6d4246a45f649e7373606f12db74c2acd0f538)

14 years agor4074: make the RAW-ACLS test use the new lsa helper functions to determine
Andrew Tridgell [Mon, 6 Dec 2004 07:13:50 +0000 (07:13 +0000)]
r4074: make the RAW-ACLS test use the new lsa helper functions to determine
the privileges of the user running the test. This allows the test to
work out what the expected access masks are.
(This used to be commit dcf6c297d372cfa421d757d43897f00ad1d4f5f5)

14 years agor4073: - added a set of lsa helper routines to make lsa lookups that are
Andrew Tridgell [Mon, 6 Dec 2004 07:12:38 +0000 (07:12 +0000)]
r4073: - added a set of lsa helper routines to make lsa lookups that are
  related to filesharing. For example, in order to manipulate ACLs
  properly its important to be able to call LookupSids, and to be able
  to lookup what privileges a SID has.

- added 3 new commands to smbclient "lookupname", "lookupsid" and
  "privileges"
(This used to be commit 8780c40f0539da72652d17455e98fcaee6d197d1)

14 years agor4072: - changed the names of some of the well known sids to be more consistent
Andrew Tridgell [Mon, 6 Dec 2004 07:10:25 +0000 (07:10 +0000)]
r4072: - changed the names of some of the well known sids to be more consistent

- added string constants for the important privileges.
(This used to be commit d5bc706140faf2d0a917f90f87884cd097e8a48c)

14 years agor4071: - ldap does allow adding additional attribute values with a modify
Andrew Tridgell [Mon, 6 Dec 2004 06:45:51 +0000 (06:45 +0000)]
r4071: - ldap does allow adding additional attribute values with a modify
  operation, but not if the value already exists

- fixed syntax of test.ldif for ldap backend
(This used to be commit 29225d0bec39038e42e68849bd9378898f062081)

14 years agor4070: move some defines from asn_1.h to the places they belong to
Stefan Metzmacher [Sun, 5 Dec 2004 16:29:27 +0000 (16:29 +0000)]
r4070: move some defines from asn_1.h to the places they belong to

metze
(This used to be commit ab2c2f27e1c61516e885f02bf26350f97209057a)

14 years agor4069: better error code for SMBwriteBMPX
Andrew Tridgell [Sun, 5 Dec 2004 11:13:14 +0000 (11:13 +0000)]
r4069: better error code for SMBwriteBMPX
(This used to be commit eef066175f98f38eff465f941a7bd747173e8db9)

14 years agor4068: added LANMAN2.1 to list of supported protocols (for OS/2)
Andrew Tridgell [Sun, 5 Dec 2004 07:59:42 +0000 (07:59 +0000)]
r4068: added LANMAN2.1 to list of supported protocols (for OS/2)
(This used to be commit 06e48d1276d3837db4d278400e7ee29561cd9205)

14 years agor4067: no matches in findnext is not an error
Andrew Tridgell [Sun, 5 Dec 2004 07:58:58 +0000 (07:58 +0000)]
r4067: no matches in findnext is not an error
(This used to be commit 6da058a28ba44a02964d375c9e390fbd472bc2b6)

14 years agor4066: add a mapping for NT_STATUS_NO_MORE_ENTRIES
Andrew Tridgell [Sun, 5 Dec 2004 07:53:57 +0000 (07:53 +0000)]
r4066: add a mapping for NT_STATUS_NO_MORE_ENTRIES
(This used to be commit 335b1c6a52b2e437e7f16a84ba547e5387ef64d1)

14 years agor4065: fixed ntstatus->dos error code for NT_STATUS_NO_SUCH_FILE
Andrew Tridgell [Sun, 5 Dec 2004 07:43:38 +0000 (07:43 +0000)]
r4065: fixed ntstatus->dos error code for NT_STATUS_NO_SUCH_FILE
(This used to be commit 19efd83b863a8c94f509d6a933a7d5de43aa95e9)

14 years agor4064: use the same name for type on both ends
Stefan Metzmacher [Sat, 4 Dec 2004 14:28:06 +0000 (14:28 +0000)]
r4064: use the same name for type on both ends

for long term we should remove all typedef's

metze
(This used to be commit 4b3f552cb373a0d91526412fc31699959c96a007)

14 years agor4063: - change char * -> uint8_t in struct request_buffer
Stefan Metzmacher [Sat, 4 Dec 2004 13:56:25 +0000 (13:56 +0000)]
r4063: - change char * -> uint8_t in struct request_buffer

- change smbcli_read/write to take void * for the buffers to match read(2)/write(2)

all this fixes a lot of gcc-4 warnings

metze
(This used to be commit b94f92bc6637f748d6f7049f4f9a30b0b8d18a7a)

14 years agor4062: the RAW-ACLS test now passes. The SEC_STD_DELETE bit is rather strange
Andrew Tridgell [Sat, 4 Dec 2004 12:42:40 +0000 (12:42 +0000)]
r4062: the RAW-ACLS test now passes. The SEC_STD_DELETE bit is rather strange
though - I expect we'll need to tweak that some more.
(This used to be commit e3500811b90b8423ee7694609340f394957d1160)

14 years agor4061: more additions to the RAW-ACLS test, to help me work out some details for...
Andrew Tridgell [Sat, 4 Dec 2004 10:16:47 +0000 (10:16 +0000)]
r4061: more additions to the RAW-ACLS test, to help me work out some details for pvfs
(This used to be commit 273165e53a606fa0a55ff8fb6fea440e19a7e285)

14 years agor4060: removed an unused file
Andrew Tridgell [Sat, 4 Dec 2004 10:15:54 +0000 (10:15 +0000)]
r4060: removed an unused file
(This used to be commit 35ca4e1e81c5d927238e90d0c6c09987c11b5d35)

14 years agor4059: moved the ldb -o option parsing to a common routine
Andrew Tridgell [Sat, 4 Dec 2004 10:14:03 +0000 (10:14 +0000)]
r4059: moved the ldb -o option parsing to a common routine
(This used to be commit ee52c1e38c9bac852458196ffbd677cca62a3965)

14 years agor4058: added a type safe version of smb_xmalloc()
Andrew Tridgell [Sat, 4 Dec 2004 09:30:38 +0000 (09:30 +0000)]
r4058: added a type safe version of smb_xmalloc()
(This used to be commit 1235afa5fe3a396cd7a180cbc500834a30fbaa80)

14 years agor4057: unknown5 represents the account policy "Users must logon to change
Günther Deschner [Sat, 4 Dec 2004 00:14:47 +0000 (00:14 +0000)]
r4057: unknown5 represents the account policy "Users must logon to change
password".

Guenther
(This used to be commit 18e01ae25493d2b4b9b86d090199d5202d7a9e42)

14 years agor4056: modified the access check code based on results from RAW-ACLS
Andrew Tridgell [Fri, 3 Dec 2004 13:04:10 +0000 (13:04 +0000)]
r4056: modified the access check code based on results from RAW-ACLS
test. Also added generic mapping bits for pvfs. We don't pass RAW-ACLS
yet, but its close.
(This used to be commit c7cbd966d49a5345ea326732587555d209c531fc)

14 years agor4055: fixed more places to use type safe allocation macros
Andrew Tridgell [Fri, 3 Dec 2004 07:20:30 +0000 (07:20 +0000)]
r4055: fixed more places to use type safe allocation macros
(This used to be commit eec698254f67365f27b4b7569fa982e22472aca1)

14 years agor4054: got rid of Realloc(), replacing it with the type safe macro realloc_p()
Andrew Tridgell [Fri, 3 Dec 2004 06:42:06 +0000 (06:42 +0000)]
r4054: got rid of Realloc(), replacing it with the type safe macro realloc_p()
(This used to be commit b0f6e21481745d1b2ced28d9ed6f09f6ffd99562)

14 years agor4053: expanded and fixed a bug in the RAW-ACLS test
Andrew Tridgell [Fri, 3 Dec 2004 06:25:56 +0000 (06:25 +0000)]
r4053: expanded and fixed a bug in the RAW-ACLS test
(This used to be commit 0d19b4a09f4ce0b0c5e7779809c383322f4de4fc)

14 years agor4052: fixed a bunch of code to use the type safe _p allocation macros
Andrew Tridgell [Fri, 3 Dec 2004 06:24:38 +0000 (06:24 +0000)]
r4052: fixed a bunch of code to use the type safe _p allocation macros
(This used to be commit 80d15fa3402a9d1183467463f6b21c0b674bc442)

14 years agor4051: use talloc_array() instead of talloc() when allocating arrays in auto-generate...
Andrew Tridgell [Fri, 3 Dec 2004 05:27:43 +0000 (05:27 +0000)]
r4051: use talloc_array() instead of talloc() when allocating arrays in auto-generated ndr code
(This used to be commit 90cdfd921e1a6f8806fe94bba61f1bbaa79c79f1)

14 years agor4050: make sure we add objectClass and sAMAccountName
Andrew Tridgell [Fri, 3 Dec 2004 05:24:09 +0000 (05:24 +0000)]
r4050: make sure we add objectClass and sAMAccountName
(This used to be commit 57d0079bb91b8edc625027e1f28203794e018afc)

14 years agor4049: a simple perl script to add a new user to Samba4 ldb
Andrew Tridgell [Fri, 3 Dec 2004 05:01:20 +0000 (05:01 +0000)]
r4049: a simple perl script to add a new user to Samba4 ldb
(This used to be commit 76f2ae32040fe494e703abb54dd7ad09d7110408)

14 years agor4048: a very simple howto for new developers to tell them how to build and install...
Andrew Tridgell [Fri, 3 Dec 2004 03:08:36 +0000 (03:08 +0000)]
r4048: a very simple howto for new developers to tell them how to build and install samba4
(This used to be commit 4e7d723dacc0d6d526721ee037502c02ffd3fdec)

14 years agor4046: add more servicePrincipalName's for the dc account
Stefan Metzmacher [Thu, 2 Dec 2004 18:32:48 +0000 (18:32 +0000)]
r4046: add more servicePrincipalName's for the dc account

metze
(This used to be commit 659a0b26e2fa466169078bab6dd4af1e5fffb48b)

14 years agor4045: readd krb5 support defaulted to disable
Stefan Metzmacher [Thu, 2 Dec 2004 18:27:08 +0000 (18:27 +0000)]
r4045: readd krb5 support defaulted to disable

use:
gensec:krb5=yes
gensec:ms_krb5=yes

to enable it

or -k on the client tools on the command line

metze
(This used to be commit 0ae5794cf44933d2554e0356baaca24c7a784f71)

14 years agor4044: only send supportedMech when we also send other data
Stefan Metzmacher [Thu, 2 Dec 2004 18:15:39 +0000 (18:15 +0000)]
r4044: only send supportedMech when we also send other data

metze
(This used to be commit 1e0483a8482574fa0f8d7ad31cc4bf4a6155ec52)

14 years agor4042: fix segfault on server schannel connections
Stefan Metzmacher [Thu, 2 Dec 2004 12:12:26 +0000 (12:12 +0000)]
r4042: fix segfault on server schannel connections

metze
(This used to be commit 57bd26f9c528687ca2ca9bbaa56f7f36efd2231f)

14 years agor4041: fix cut-n-paste typo
Stefan Metzmacher [Thu, 2 Dec 2004 11:40:18 +0000 (11:40 +0000)]
r4041: fix cut-n-paste typo

metze
(This used to be commit 54398aa889b5954c7c387b252dd1a9173eac36f0)

14 years agor4040: sorry today is not my day...
Stefan Metzmacher [Thu, 2 Dec 2004 10:35:25 +0000 (10:35 +0000)]
r4040: sorry today is not my day...

uint32 != uint8_t ...

metze
(This used to be commit a8a3b8ee341fda041383df225ea2b7f9b589fc04)

14 years agor4039: added a test for an element > 128 bytes in length, to ensure we test
Andrew Tridgell [Thu, 2 Dec 2004 10:28:19 +0000 (10:28 +0000)]
r4039: added a test for an element > 128 bytes in length, to ensure we test
for sign extending errors in element length
(This used to be commit 07378fca6c12ffffcd3fe5e91f4d70ef838a45d5)

14 years agor4038: fix sign/unsign bug I introduced in -r 4022
Stefan Metzmacher [Thu, 2 Dec 2004 10:14:40 +0000 (10:14 +0000)]
r4038: fix sign/unsign bug I introduced in -r 4022

this caused new ldb record to be corrupt if the length was > 12b byte

thanks tridge for finding this

metze
(This used to be commit 6998c37b473d8efeb2ed5285f10f469a29ad787a)

14 years agor4037: fixed a bunch of "might be uninitialised" warnings after enabling -O1 in my...
Andrew Tridgell [Thu, 2 Dec 2004 04:51:56 +0000 (04:51 +0000)]
r4037: fixed a bunch of "might be uninitialised" warnings after enabling -O1 in my compile
(This used to be commit 0928b1f5b68c858922c3ea6c27ed03b5091c6221)

14 years agor4036: expanded the RAW-ACLS torture test to include tests for the
Andrew Tridgell [Thu, 2 Dec 2004 04:38:41 +0000 (04:38 +0000)]
r4036: expanded the RAW-ACLS torture test to include tests for the
generic->specific access mask mappings, and tests of the behaviour of
SID_CREATOR_OWNER and SEC_FLAG_MAXIMUM_ALLOWED
(This used to be commit f572fe6d29d5a318b24d71a2ebfa2baca2b79a10)

14 years agor4035: more effort on consistent naming of the access mask bits.
Andrew Tridgell [Thu, 2 Dec 2004 04:37:36 +0000 (04:37 +0000)]
r4035: more effort on consistent naming of the access mask bits.

This removes the duplicate named SEC_RIGHTS_MAXIMUM_ALLOWED and
SEC_RIGHTS_FULL_CONTROL, which are just other names for
SEC_FLAG_MAXIMUM_ALLOWED and SEC_RIGHTS_FILE_ALL. The latter names
match the new naming conventions in security.idl

Also added names for the generic->specific mappings for files are
directories
(This used to be commit 17a4e0b3aca227b40957ed1e0c57e498debc6ddf)

14 years agor4034: add a function security_descriptor_create() which can be used to
Andrew Tridgell [Thu, 2 Dec 2004 04:34:11 +0000 (04:34 +0000)]
r4034: add a function security_descriptor_create() which can be used to
easily create complex security descriptors for testing. This greatly
simplifies the smbtorture code I am writing for testing our
new access_check code.
(This used to be commit 891a8bc16af3c6ce5800e793ce4ec8b0078e444f)

14 years agor4033: removed a pointless comment
Andrew Tridgell [Thu, 2 Dec 2004 04:31:08 +0000 (04:31 +0000)]
r4033: removed a pointless comment
(This used to be commit 1f3f9f829444cb889c6782c4fe52773fd6867b55)

14 years agor4027: add a useful function for debugging
Stefan Metzmacher [Wed, 1 Dec 2004 16:51:37 +0000 (16:51 +0000)]
r4027: add a useful function for debugging

metze
(This used to be commit 41b1ba53fc201b7b9f9d806dccef6258b2a1d157)

14 years agor4026: added NT ACL checking on pvfs_open() for existing files. I need to
Andrew Tridgell [Wed, 1 Dec 2004 11:35:01 +0000 (11:35 +0000)]
r4026: added NT ACL checking on pvfs_open() for existing files. I need to
work out some way to do a decent test suite for this.
(This used to be commit 9a9a0d0e791e4b64f0a35c921729e623b977af47)

14 years agor4025: added a sec_access_check() function for checking security descriptors
Andrew Tridgell [Wed, 1 Dec 2004 05:22:24 +0000 (05:22 +0000)]
r4025: added a sec_access_check() function for checking security descriptors
against a users security token and access_mask
(This used to be commit c4d21cd4b1ccffd5aaa70a551c57f6eab1ca9c6d)

14 years agor4022: fix compiler warnings
Stefan Metzmacher [Tue, 30 Nov 2004 22:55:36 +0000 (22:55 +0000)]
r4022: fix compiler warnings

metze
(This used to be commit 79d0eb2f677f9e985ba476a9680f68537d41be6f)

14 years agor4015: correct copyright attributions
Andrew Tridgell [Tue, 30 Nov 2004 05:45:37 +0000 (05:45 +0000)]
r4015: correct copyright attributions
(This used to be commit 078d9ab05bffc79e4f329ea18fe3dafd144d989c)

14 years agor4014: removed unused MacExtension.h header
Andrew Tridgell [Tue, 30 Nov 2004 05:41:21 +0000 (05:41 +0000)]
r4014: removed unused MacExtension.h header
(This used to be commit 5ffffdd79f23c461e30bc91e983b12939f063d2d)

14 years agor4013: got rid of a bunch of unused or unmaintained code
Andrew Tridgell [Tue, 30 Nov 2004 05:37:57 +0000 (05:37 +0000)]
r4013: got rid of a bunch of unused or unmaintained code

 - removed the clitar code. It is unmaintained, and a horribly badly done hack

 - removed client.h as it contained mostly unused definitions

 - removed the unused clidfs.c code
(This used to be commit 31a7bddbb3815b4d625e993dbce4805dae1c18f8)

14 years agor4012: split out the lsa lookup single name logic into a separate function
Andrew Tridgell [Tue, 30 Nov 2004 04:34:18 +0000 (04:34 +0000)]
r4012: split out the lsa lookup single name logic into a separate function
(This used to be commit 44d97619623830cc24905a5f4df941d45ebd41c3)

14 years agor4011: get rid of rpc_secdes.h and replace it with a single sane set of
Andrew Tridgell [Tue, 30 Nov 2004 04:33:27 +0000 (04:33 +0000)]
r4011: get rid of rpc_secdes.h and replace it with a single sane set of
definitions for security access masks, in security.idl

The previous definitions were inconsistently named, and contained many
duplicate and misleading entries. I kept finding myself tripping up
while using them.
(This used to be commit 01c0fa722f80ceeb3f81f01987de95f365a2ed3d)

14 years agor4010: fixed parsing of null attributes in the ldb ldif parser
Andrew Tridgell [Tue, 30 Nov 2004 02:15:43 +0000 (02:15 +0000)]
r4010: fixed parsing of null attributes in the ldb ldif parser
(This used to be commit b4fd76f78eadd8648ceed508766235e80702aa8f)

14 years agor4003: run successful against a nt4 sp6 pdc with one nt4 sp6 trust and a w2k3 trust
Stefan Metzmacher [Mon, 29 Nov 2004 17:51:13 +0000 (17:51 +0000)]
r4003: run successful against a nt4 sp6 pdc with one nt4 sp6 trust and a w2k3 trust

metze
(This used to be commit 5101cd51a24fdcda8dd8fc4da446782948290f9b)

14 years agor4002: NT 4.0 sp6a can't do schannel 128
Stefan Metzmacher [Mon, 29 Nov 2004 14:59:33 +0000 (14:59 +0000)]
r4002: NT 4.0 sp6a can't do schannel 128

metze
(This used to be commit c04a77ed6945db0292434fb5461a884708a9ebf2)

14 years agor4001: fix segfault fix auth failed
Stefan Metzmacher [Mon, 29 Nov 2004 14:46:17 +0000 (14:46 +0000)]
r4001: fix segfault fix auth failed

metze
(This used to be commit 6a7eee1d9917e0884072354dddae568645798da5)

14 years agor4000: DATA_BLOB.data is uint8_t * not void * :-)
Stefan Metzmacher [Mon, 29 Nov 2004 12:01:46 +0000 (12:01 +0000)]
r4000: DATA_BLOB.data is uint8_t * not void * :-)
(thanks abartlet for telling me)

metze
(This used to be commit 2783bf393f6310f9d827538329d619dad5b02dd0)

14 years agor3999: - reply with the same DsBindInfo blob as w2k3 in the server function
Stefan Metzmacher [Mon, 29 Nov 2004 11:13:56 +0000 (11:13 +0000)]
r3999: - reply with the same DsBindInfo blob as w2k3 in the server function

- add idl for drsuapi_DsReplicaSync() not yet complete

- just return WERR_OK for the drsuapi_DsReplicaSync() server function

metze
(This used to be commit e896925ac0b58bd48b5b9cc2d675682409d09ae1)

14 years agor3998: allow const arrays (see next commit to drsuapi.idl)
Stefan Metzmacher [Mon, 29 Nov 2004 11:08:15 +0000 (11:08 +0000)]
r3998: allow const arrays (see next commit to drsuapi.idl)

metze
(This used to be commit 7264a2227d7a1881db01964d0d713c144eb77152)

14 years agor3997: fix STR_CHARLEN pull case
Stefan Metzmacher [Mon, 29 Nov 2004 11:04:36 +0000 (11:04 +0000)]
r3997: fix STR_CHARLEN pull case

metze
(This used to be commit 623411f74ee766dee2170949b118216387779929)

14 years agor3996: add some comments
Stefan Metzmacher [Mon, 29 Nov 2004 10:54:52 +0000 (10:54 +0000)]
r3996: add some comments

metze
(This used to be commit 87a92d3d5c7c2ab0bc07a9fb101022b3db1d637b)

14 years agor3995: improved the default ACL mapping from unix perms
Andrew Tridgell [Mon, 29 Nov 2004 06:42:02 +0000 (06:42 +0000)]
r3995: improved the default ACL mapping from unix perms
(This used to be commit 01e89697fe837ee76fedda149e1e2b389a7d3889)

14 years agor3994: - removed the unused reference count code in lsa server
Andrew Tridgell [Mon, 29 Nov 2004 06:19:50 +0000 (06:19 +0000)]
r3994: - removed the unused reference count code in lsa server

- fixed the sid_index field in lsa LookupSids and LookupNames
(This used to be commit 677f701e71609d82376b1ea2fa9ebc3521896671)

14 years agor3993: use distinctive fnums in the ipc backend, to make monitoring sniffs easier
Andrew Tridgell [Mon, 29 Nov 2004 06:18:58 +0000 (06:18 +0000)]
r3993: use distinctive fnums in the ipc backend, to make monitoring sniffs easier
(This used to be commit 54209ed05686a442156f7927c58d8656aa5e4900)

14 years agor3992: provide hooks for lsa to lookup sids allocated using the linear id->sid mapping
Andrew Tridgell [Mon, 29 Nov 2004 04:24:50 +0000 (04:24 +0000)]
r3992: provide hooks for lsa to lookup sids allocated using the linear id->sid mapping
(This used to be commit e61140510905b6bbe57ad35dad8e4dd68d1f6bd8)

14 years agor3991: for uid->sid and gid->sid to be efficient we need to index on unixID
Andrew Tridgell [Mon, 29 Nov 2004 03:23:31 +0000 (03:23 +0000)]
r3991: for uid->sid and gid->sid to be efficient we need to index on unixID
and unixName in samdb.
(This used to be commit 5c966821e2eced9a1b34a5274cc317eab1a44eaf)

14 years agor3990: take advantage of the uid->sid and gid->sid code to create a much
Andrew Tridgell [Mon, 29 Nov 2004 03:22:44 +0000 (03:22 +0000)]
r3990: take advantage of the uid->sid and gid->sid code to create a much
better default NT ACL in pvfs
(This used to be commit 9ff6ecbdb6c08528193f7958d7ea7d9a8df6defd)

14 years agor3989: added a linear algorithmic mapping for uid->sid and gid->sid within
Andrew Tridgell [Mon, 29 Nov 2004 03:21:46 +0000 (03:21 +0000)]
r3989: added a linear algorithmic mapping for uid->sid and gid->sid within
our local domain. Note that this linear mapping does not suffer from
the "foreign sid" problems of the linear mappings we have previously
rejected for the sid->uid problem.

the mapping allows for 1 billion automatically allocated users or
groups for the local domain.
(This used to be commit 8f573439753e2a425305936107442c85cffb9369)

14 years agor3988: made dom_sid_add_rid() allocate the new sid with proper parent/child talloc
Andrew Tridgell [Mon, 29 Nov 2004 03:19:28 +0000 (03:19 +0000)]
r3988: made dom_sid_add_rid() allocate the new sid with proper parent/child talloc
relationship
(This used to be commit 5db0eb1fe3abb5150bef27bfed4b7da723e4a287)

14 years agor3984: success full parse the repsFrom/repsTo LDAP fields
Stefan Metzmacher [Sat, 27 Nov 2004 15:10:57 +0000 (15:10 +0000)]
r3984: success full parse the repsFrom/repsTo LDAP fields

metze
(This used to be commit 56c66f4a090b1efca011fc2fc9880c4d93da164c)

14 years agor3983: posix:fakeoplocks should default to False, not True !
Andrew Tridgell [Sat, 27 Nov 2004 00:28:03 +0000 (00:28 +0000)]
r3983: posix:fakeoplocks should default to False, not True !
(This used to be commit 052d91c59f177851b5e0e53c8a033bdd28702f64)

14 years agor3982: split out the sid -> uid/gid mapping routines into a ntvfs_sidmap
Andrew Tridgell [Sat, 27 Nov 2004 00:24:36 +0000 (00:24 +0000)]
r3982: split out the sid -> uid/gid mapping routines into a ntvfs_sidmap
subsystem. This is in preparation for adding better default ACL
generation in pvfs, which will require uid/gid -> sid mapping.
(This used to be commit b31108e49247495d98cf7c12ee303b12a9e44e92)

14 years agor3981: Use correct access-mask when querying aliases.
Günther Deschner [Fri, 26 Nov 2004 16:50:29 +0000 (16:50 +0000)]
r3981: Use correct access-mask when querying aliases.

Guenther
(This used to be commit 5dde59be0995b9893ef476b06c259776c1115ae7)

14 years agor3980: added server side support for lsa_LookupNames() and lsa_LookupNames2()
Andrew Tridgell [Fri, 26 Nov 2004 13:02:58 +0000 (13:02 +0000)]
r3980: added server side support for lsa_LookupNames() and lsa_LookupNames2()
(This used to be commit da12780bd98e566af13fe97ce5e84fe829a0fbd5)

14 years agor3979: added server side code for lsa_LookupSids2() and fixed authority_name
Andrew Tridgell [Fri, 26 Nov 2004 12:30:39 +0000 (12:30 +0000)]
r3979: added server side code for lsa_LookupSids2() and fixed authority_name
return code to include our own domain.

editing of ACLs via the w2k3 GUI works nicely (and faster) with these changes
(This used to be commit a3f7f34b3965ddbd89b06334e03d2e1bb6aa364b)