summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2012-11-30s4:dsdb/acl_read: enable acl checking on search by default (bug #8620)Stefan Metzmacher4-13/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:dsdb/acl_read: specify the correct access_mask for nTSecurityDescriptorStefan Metzmacher1-1/+19
We need to base the access mask on the given SD Flags. Originally, we always checked for SEC_FLAG_SYSTEM_SECURITY, which could lead to INSUFFICIENT_RIGHTS when we should have been allowed to read. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:dsdb/acl_read: do search for instanceType AS_SYSTEM and with SHOW_RECYCLEDStefan Metzmacher1-1/+3
Note that SHOW_RECYCLED implies SHOW_DELETED. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:dsdb/acl: calculate the correct access_mask when modifying ↵Stefan Metzmacher1-1/+14
nTSecurityDescriptor The access_mask depends on the SD Flags. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:dsdb/acl: don't protect confidential attributes when "acl:search = yes" ↵Stefan Metzmacher1-0/+11
is set In that case the acl_read module does the protection. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:dsdb/acl: remove unused "acl:perform" optionStefan Metzmacher1-3/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:dsdb/acl: do helper searches AS_SYSTEM and with SHOW_RECYCLEDStefan Metzmacher1-5/+15
The searches are done in order to do access checks and the results are not directly exposed to the client. Note that SHOW_RECYCLED implies SHOW_DELETED. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:dsdb/descriptor: make it clear that the SD Flags are ignored on addStefan Metzmacher1-1/+7
See [MS-ADTS] 6.1.3.2 SD Flags Control: ... When performing an LDAP add operation, the client can supply an SD flags control with the operation; however, it will be ignored by the server. ... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:dsdb/descriptor: make use of dsdb_request_sd_flags()Stefan Metzmacher1-47/+15
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:dsdb/descriptor: always use descriptor_search_callback if we return ↵Stefan Metzmacher1-1/+12
nTSecurityDescriptor If the nTSecurityDescriptor is explicitly specified without the SD Flags control we should go through descriptor_search_callback(). This is not strictly needed at the moment, but makes the code clearer and might avoid surprises in the future. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:dsdb/descriptor: do searches for nTSecurityDescriptor AS_SYSTEM and with ↵Stefan Metzmacher1-11/+12
SHOW_RECYCLED Note that SHOW_RECYCLED implies SHOW_DELETED. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:dsdb/acl_util: add dsdb_request_sd_flags() helper functionStefan Metzmacher1-0/+37
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:dsdb/acl_util: do helper searches AS_SYSTEMStefan Metzmacher1-0/+1
The search is done in order to do access checks. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:dsdb/extended_dn_store: do helper searches AS_SYSTEMStefan Metzmacher1-1/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:dsdb/extended_dn_in: do helper searches AS_SYSTEM and with SHOW_RECYCLEDStefan Metzmacher1-12/+13
Note that SHOW_RECYCLED implies SHOW_DELETED. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:dsdb/objectclass: do helper searches AS_SYSTEM and with SHOW_RECYCLEDStefan Metzmacher1-3/+31
Note that SHOW_RECYCLED implies SHOW_DELETED. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:dsdb/rootdse: do helper searches AS_SYSTEMStefan Metzmacher1-7/+29
As anonymous users can read all rootdse attributes, we should do helper searches with DSDB_FLAG_AS_SYSTEM in order to avoid unnecessary access checks. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:dsdb/rootdse: remove unused variableStefan Metzmacher1-1/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:tests/samba_tool/gpo.py: fix accidential line breakMichael Adam1-2/+1
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-11-30s4:tests/samba_tool/gpo.py: add test_show_as_admin()Stefan Metzmacher1-0/+5
This calls samba-tool gpo show as admin (which should be able to see the full nTSecurityDescriptor. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:netcmd/gpo.py: let get_gpo_info explicitly ask for the full ↵Stefan Metzmacher1-2/+4
ntSecurityDescriptor Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:netcmd/gpo.py: only ask for OWNER/GROUP/DACL when validating the ↵Stefan Metzmacher1-5/+6
nTSecurityDescriptor Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:netcmd/gpo.py: the nTSecurityDescriptor may not be visible for the ↵Stefan Metzmacher1-3/+7
current user Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:netcmd/gpo.py: s/ntSecurityDescriptor/nTSecurityDescriptorStefan Metzmacher1-5/+5
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:dsdb/dirsync: explicitly ask for sdctr->secinfo_flags = 0xFStefan Metzmacher1-2/+2
A value of 0 is mapped to 0xF. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:dsdb/dirsync: use the correct nc_root to fetch replUpToDateVectorStefan Metzmacher1-3/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:dsdb/dirsync: check result of replUpToDateVector fetch on nc_rootStefan Metzmacher1-0/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:dsdb/schema_data: fix debug message in schema_data_modify()Stefan Metzmacher1-1/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30ldb: fix a typo in the comment for ldb_req_is_untrusted()Michael Adam1-1/+1
Signed-off-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Fri Nov 30 15:44:46 CET 2012 on sn-devel-104
2012-11-30libnet: Fix a typo in dbsync error message.Michael Adam1-1/+1
Signed-off-by: Michael Adam <obnox@samba.org>
2012-11-30libnet: Fix copy and paste error in dbsync error message.Andreas Schneider1-1/+1
2012-11-30torture: Fix copy and paste error in debug message.Andreas Schneider1-1/+1
Found by Coverity.
2012-11-30torture: Fix copy and paste error.Andreas Schneider1-1/+1
Found by Coverity.
2012-11-30s3-reg: Fix copy and paste error in debug message.Andreas Schneider1-2/+2
Found by coverity.
2012-11-30s3:popt_common: Fix password processing.Stefan Metzmacher1-11/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Nov 30 14:01:08 CET 2012 on sn-devel-104
2012-11-30s3:util: fix usage of popt_burn_cmdline_password()Stefan Metzmacher2-2/+0
We should only call popt_burn_cmdline_password() after poptFreeContext(), otherwise we remove the password to early. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2012-11-30s3-winbind: use new reconnect logic in rpc_lookup_sids() also.Günther Deschner1-16/+7
Volker, please check. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2012-11-30s3-winbindd: rework reconnect logic in winbindd_lookup_names().Günther Deschner1-12/+13
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2012-11-30s3-winbindd: rework reconnect logic in winbindd_lookup_sids().Günther Deschner1-12/+14
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2012-11-30s3-winbindd: remove lookup_sids_fn_t.Günther Deschner1-21/+12
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2012-11-30s3-winbindd: remove lookup_names_fn_t.Günther Deschner1-23/+13
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2012-11-30s3-rpc_client: make dcerpc_lsa_lookup_names_generic() public.Günther Deschner2-11/+22
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2012-11-30s3-rpc_cli: make dcerpc_lsa_lookup_sids_generic() public.Günther Deschner2-11/+20
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2012-11-30s3-winbindd: add cm_connect_lsat().Günther Deschner2-0/+35
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2012-11-30s3-rpc_cli: Remove some unused wrapping code.Günther Deschner2-76/+0
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2012-11-30Fix Bug 9422 - large read requests cause server to issue malformed replyVolker Lendecke2-2/+2
Reviewed by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Nov 30 03:27:07 CET 2012 on sn-devel-104
2012-11-29dbwrap: Do not rely on dbwrap_record_get_value to return a talloc objectVolker Lendecke1-2/+3
db_tdb_fetch_locked returns the value as part of a larger talloc object that also contains the key. This means we can not realloc, but have to freshly alloc. Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Thu Nov 29 20:21:51 CET 2012 on sn-devel-104
2012-11-29dbwrap: Remove an unnecessary if-statementVolker Lendecke1-3/+1
TALLOC_FREE can live with a NULL pointer Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-29dbwrap: No need to NULL out a talloc_zero'ed structure elementVolker Lendecke1-1/+0
Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-29dbwrap: Use talloc_zero in db_open_rbtVolker Lendecke1-5/+1
Reviewed-by: Michael Adam <obnox@samba.org>
generated by cgit (git 2.34.1) at 2024-08-28 14:42:40 +0000