summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2013-01-22drsuapi: Add documentationMatthieu Patou1-3/+18
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-22drepl-notify: change misleading messageMatthieu Patou1-1/+1
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-22devel-script: add options for RODC and partial replica for replicate flagsMatthieu Patou1-1/+21
Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Jan 22 00:12:17 CET 2013 on sn-devel-104
2013-01-21devel-scripts: ask with WRIT_REP by defaultMatthieu Patou1-0/+1
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21devel-getncchange: try to find the dest_dsa automaticallyMatthieu Patou1-3/+19
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21security: Add documentationMatthieu Patou1-0/+9
Names seems to be a bit cryptic and misleading (at least for me). So documenting them should remove at least partially this problem. Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21libcli-security: Add documentation for object_tree_modify_accessMatthieu Patou1-2/+12
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dbcheck: look in hasMasterNCs as well for determining the instance type of a NCMatthieu Patou1-2/+10
Forest of level 2000 don't hve the msDS-hasMasterNCs parameter Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb: Fix warning about unused varMatthieu Patou1-2/+0
Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Jan 21 17:51:16 CET 2013 on sn-devel-104
2013-01-21dsdb: Explain ordering constraints on the ACL module as well.Andrew Bartlett1-2/+2
Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb: Ensure "authenticated users" is processed for group membershipsAndrew Bartlett3-36/+64
This change moves the addition of "Authenticated Users" from the very end of the token processing to the start. The reason is that we need to see if "Authenticated Users" is a member of other builtin groups, just as we would for any other SID. This picks up the "Pre-Windows 2000 Compatible Access" group, which is in turn often used in ACLs on LDAP objects. Without this change, the eventual token does not contain S-1-5-32-554 and users other than "Administrator" are unable to read uidNumber (in particular). Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21libcli/security: remove useless if (root->num_of_children > 0) statementsAndrew Bartlett1-8/+4
The for loop does this implicitly when comparing for (i = 0; i < root->num_of_children; i++) Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21libcli/security: add init_mask to existing children in insert_in_object_treeStefan Metzmacher1-0/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21libcli/security: handle node initialisation in one spot in ↵Andrew Bartlett4-49/+47
insert_in_object_tree() This removes special-case for initalising the children array in insert_in_object_tree(). talloc_realloc() handles the intial allocate case perfectly well, so there is no need to have this duplicated. This also restores having just one place were the rest of the elements are intialised, to ensure uniform behaviour. To do this, we have to rework insert_in_object_tree to have only one output variable, both because having both root and new_node as output variables was too confusing, and because otherwise the two pointers were being allowed to point at the same memory. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21libcli/security: avoid usage of dom_sid_parse_talloc() in sec_access_check_ds()Stefan Metzmacher1-8/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21libcli/security: simplify get_ace_object_type()Stefan Metzmacher1-8/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21libcli/security: fix formating in access_check.cStefan Metzmacher1-8/+12
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21libcli/security: fix whitespaces in access_check.cStefan Metzmacher1-98/+100
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-acl: the SEC_ADS_DELETE_CHILD checks need objectclass->schemaIDGUIDStefan Metzmacher1-2/+7
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-acl: make use of acl_check_access_on_objectclass() for the object in ↵Stefan Metzmacher1-6/+50
acl_delete() We should only use dsdb_module_check_access_on_dn() on the parent. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-acl: make use of acl_check_access_on_{attribute,objectclass} in ↵Stefan Metzmacher1-47/+43
acl_rename() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-acl: make use of acl_check_access_on_attribute() in acl_modify()Stefan Metzmacher1-44/+16
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-acl: remove unused acl_check_access_on_class()Stefan Metzmacher1-46/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-acl: use acl_check_access_on_objectclass() instead of ↵Stefan Metzmacher1-8/+13
acl_check_access_on_class() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-acl: Use the structural objectClass in acl_check_access_on_attribute()Andrew Bartlett1-16/+16
This commit enters the GUID into the object tree so that that access rights assigned to the structural objectClass are also available, as well as rights assigned to the attribute property groups. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-acl: Pass the structural objectClass into acl_check_access_on_attributeAndrew Bartlett3-20/+57
This will, when the GUID is entered into the object tree (not in this commit) ensure that access rights assigned to the structural objectClass are also available, as well as rights assigned to the attribute property groups. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-acl: Remove unused get_oc_guid_from_message()Andrew Bartlett1-19/+0
Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-acl: ask for the objectClass attribute if it's not in the scope of the ↵Andrew Bartlett1-1/+16
clients search This will be used later. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-acl: use dsdb_get_structural_oc_from_msg() rather than ↵Andrew Bartlett1-8/+7
class_schemaid_guid_by_lDAPDisplayName This uses dsdb_get_last_structural_objectclass(), which encodes this ordering knowledge in one place in the code, rather than using this uncommented magic expression: (char *)oc_el->values[oc_el->num_values-1].data Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-acl: Use dsdb_get_structural_oc_from_msg() in acl_rename()Andrew Bartlett1-12/+14
Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-acl: Use dsdb_get_structural_oc_from_msg() in acl_modify()Andrew Bartlett1-8/+10
Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-acl: add acl_check_access_on_objectclass() helperStefan Metzmacher1-0/+39
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-acl: Add helper function dsdb_get_structural_oc_from_msg()Andrew Bartlett1-0/+13
This will eventually replace get_oc_guid_from_message(), returning the full dsdb_class. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-acl: attr is not optional to acl_check_access_on_attribute()Stefan Metzmacher1-25/+24
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-acl: dsdb_attribute_by_lDAPDisplayName() is needed for all attributesStefan Metzmacher1-16/+18
"clearTextPassword" is the only exception. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-acl: introduce a 'el' helper variable to acl_modify()Stefan Metzmacher1-12/+11
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-acl: introduce a 'msg' helper variable to acl_modify()Stefan Metzmacher1-20/+20
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-schema: make sure we build [system]PossibleInferiors completelyStefan Metzmacher1-0/+4
Otherwise callers like dsdb_schema_copy_shallow() will corrupt the talloc hierarchie. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-schema: make sure use clean caches in schema_inferiors.cStefan Metzmacher2-28/+32
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-schema: make schema_subclasses_order_recurse() staticStefan Metzmacher1-3/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21BUG 9474: Downgrade v4 printer driver requests to v3.Günther Deschner1-1/+8
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Jan 21 16:11:02 CET 2013 on sn-devel-104
2013-01-21BUG 9574: Fix a possible null pointer dereference in spoolss.Andreas Schneider1-1/+2
If the the client enumerates the printers and didn't specify a servername we have a null pointer dereference, so the process serving the connection crashes. Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Mon Jan 21 13:30:11 CET 2013 on sn-devel-104
2013-01-21Tests: remove redondent testsuites in provisionMatthieu Patou1-6/+1
Removed provision are already tested somewhere else. Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Matthieu Patou <mat@samba.org> Autobuild-Date(master): Mon Jan 21 09:59:43 CET 2013 on sn-devel-104
2013-01-21Tests: avoid adding python options that are functions in the envMatthieu Patou1-1/+6
This fix errors when running test --testenv --screen Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21Tests: rewrite ldap_schema to specify attributesMatthieu Patou1-15/+24
Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-19Fix warnings with mismatched sizes in arguments to DEBUG statements.Jeremy Allison1-8/+8
This can cause compile errors on 32-bit systems. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sat Jan 19 12:14:13 CET 2013 on sn-devel-104
2013-01-19Remove some unused variables.Jeremy Allison1-3/+0
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-19heimdal_build: Try again to sort out the strerror_r messAndrew Bartlett5-10/+11
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-19printing: Free talloc_stackframe() on all exit pathsAndrew Bartlett1-0/+2
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-18nsswitch: Fix two bitfield constants being the same.Ira Cooper1-3/+1
WBFLAG_PAM_AUTH_PAC and WBFLAG_BIG_NTLMV2_BLOB are the same causing errors in NTLMv2 authentication. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Jan 18 22:13:09 CET 2013 on sn-devel-104
generated by cgit (git 2.34.1) at 2024-11-03 18:51:37 +0000