summaryrefslogtreecommitdiff
AgeCommit message (Expand)AuthorFilesLines
2012-12-02libcli/security: remove duplicate aces in se_create_child_secdesc()Stefan Metzmacher1-0/+34
2012-12-02s3:smbd/open: fall back to Builtin_Administrators if SYSTEM doesn't map to a ...Stefan Metzmacher1-0/+54
2012-12-02s3:smbd/open: try the primary sid (user) as group_sid if the token has just o...Stefan Metzmacher1-1/+5
2012-12-02s3:smbd/open: use Builtin_Administrators as owner of files (if possible)Stefan Metzmacher1-4/+41
2012-12-02s4:dsdb/descriptor: NULL out user_descriptor elements depending on the sd_flagsStefan Metzmacher1-0/+44
2012-11-30s4:dsdb/tests: add SdAutoInheritTestsStefan Metzmacher1-1/+83
2012-11-30s4:dsdb/repl_meta_data: call dsdb_module_schedule_sd_propagation() for replic...Stefan Metzmacher1-2/+70
2012-11-30s4:dsdb/descriptor: inherit nTSecurityDescriptor changes to children (bug #8621)Stefan Metzmacher1-3/+17
2012-11-30s4:dsdb/descriptor: recalculate nTSecurityDescriptor after a rename (bug #8621)Stefan Metzmacher1-1/+18
2012-11-30s4:dsdb/acl_util: add dsdb_module_schedule_sd_propagation()Stefan Metzmacher1-0/+29
2012-11-30s4:dsdb/descriptor: implement DSDB_EXTENDED_SEC_DESC_PROPAGATION_OIDStefan Metzmacher1-8/+395
2012-11-30s4:dsdb: define DSDB_EXTENDED_SEC_DESC_PROPAGATION_OIDStefan Metzmacher2-0/+13
2012-11-30s4:dsdb/descriptor: handle DSDB_CONTROL_SEC_DESC_PROPAGATION_OIDStefan Metzmacher1-5/+67
2012-11-30s4:dsdb/schema_data: allow DSDB_CONTROL_SEC_DESC_PROPAGATION_OID on modifyStefan Metzmacher1-0/+16
2012-11-30s4:dsdb/repl_meta_data: allow DSDB_CONTROL_SEC_DESC_PROPAGATION_OID on modifyStefan Metzmacher1-0/+16
2012-11-30s4:dsdb/objectclass_attrs: allow DSDB_CONTROL_SEC_DESC_PROPAGATION_OID on modifyStefan Metzmacher1-0/+18
2012-11-30s4:dsdb: define DSDB_CONTROL_SEC_DESC_PROPAGATION_OIDStefan Metzmacher2-0/+8
2012-11-30s4:dsdb/subtree_delete: delete from the leafs to the root (bug #7711)Stefan Metzmacher1-0/+19
2012-11-30s4:dsdb/subtree_delete: do the recursive delete AS_SYSTEM/TRUSTED (bug #7711)Stefan Metzmacher1-3/+11
2012-11-30s4:dsdb/subtree_delete: do an early return and avoid some nestingStefan Metzmacher1-24/+28
2012-11-30s4:dsdb/objectclass: do not pass the callers controls on helper searchesStefan Metzmacher1-1/+1
2012-11-30s4:dsdb/acl: require SEC_ADS_DELETE_TREE if the TREE_DELETE control is given ...Stefan Metzmacher1-0/+12
2012-11-30s4:dsdb/dirsync: remove unused 'deletedattr' variableStefan Metzmacher1-2/+0
2012-11-30s4:provision: add pekList and msDS-ExecuteScriptPassword to @KLUDGEACLStefan Metzmacher1-0/+2
2012-11-30s4:dsdb/common: add pekList and msDS-ExecuteScriptPassword to DSDB_SECRET_ATT...Stefan Metzmacher1-0/+2
2012-11-30s4:dsdb/acl: also add DSDB_SECRET_ATTRIBUTES into the password attributesStefan Metzmacher1-5/+36
2012-11-30s4:dsdb/descriptor: the old nTSecurityDescriptor is always expected there on ...Stefan Metzmacher1-0/+3
2012-11-30s4:dsdb/descriptor: make explicit that we don't support MOD_DELETE on nTSecur...Stefan Metzmacher1-0/+11
2012-11-30s4:dsdb/descriptor: remove some nesting from descriptor_modifyStefan Metzmacher1-10/+10
2012-11-30s4:dsdb/descriptor: remove some unnecessary nestingStefan Metzmacher1-10/+8
2012-11-30s4:dsdb/descriptor: add some error checks to descriptor_{add,modify}Stefan Metzmacher1-0/+12
2012-11-30s4:dsdb/descriptor: remove support for unused LDB_CONTROL_RECALCULATE_SD_OIDStefan Metzmacher1-26/+1
2012-11-30s4:dsdb/descriptor: move special dn check to the start of descriptor_{add,mod...Stefan Metzmacher1-19/+21
2012-11-30s4:samba_upgradeprovision: use the sd_flags:1:15 control with an empty sdStefan Metzmacher1-7/+14
2012-11-30s4:provision: add get_empty_descriptor()Stefan Metzmacher2-0/+6
2012-11-30s4:dsdb/descriptor: if the caller specifies no DACL/SACL the objects gets a d...Stefan Metzmacher1-1/+28
2012-11-30s4:dsdb/descriptor: give SYSTEM the correct default owner (group) sidStefan Metzmacher1-0/+6
2012-11-30s4:dsdb/acl_read: enable acl checking on search by default (bug #8620)Stefan Metzmacher4-13/+2
2012-11-30s4:dsdb/acl_read: specify the correct access_mask for nTSecurityDescriptorStefan Metzmacher1-1/+19
2012-11-30s4:dsdb/acl_read: do search for instanceType AS_SYSTEM and with SHOW_RECYCLEDStefan Metzmacher1-1/+3
2012-11-30s4:dsdb/acl: calculate the correct access_mask when modifying nTSecurityDescr...Stefan Metzmacher1-1/+14
2012-11-30s4:dsdb/acl: don't protect confidential attributes when "acl:search = yes" is...Stefan Metzmacher1-0/+11
2012-11-30s4:dsdb/acl: remove unused "acl:perform" optionStefan Metzmacher1-3/+0
2012-11-30s4:dsdb/acl: do helper searches AS_SYSTEM and with SHOW_RECYCLEDStefan Metzmacher1-5/+15
2012-11-30s4:dsdb/descriptor: make it clear that the SD Flags are ignored on addStefan Metzmacher1-1/+7
2012-11-30s4:dsdb/descriptor: make use of dsdb_request_sd_flags()Stefan Metzmacher1-47/+15
2012-11-30s4:dsdb/descriptor: always use descriptor_search_callback if we return nTSecu...Stefan Metzmacher1-1/+12
2012-11-30s4:dsdb/descriptor: do searches for nTSecurityDescriptor AS_SYSTEM and with S...Stefan Metzmacher1-11/+12
2012-11-30s4:dsdb/acl_util: add dsdb_request_sd_flags() helper functionStefan Metzmacher1-0/+37
2012-11-30s4:dsdb/acl_util: do helper searches AS_SYSTEMStefan Metzmacher1-0/+1