| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
To prevent symlink attacks we need to use O_NOFOLLOW one level at a
time when processing a root security override
|
|
|
|
This allows for root override, which fixes many problems with
mismatches between NT ACL permissions and unix permissions.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
The pvfs_sys_*() calls provide wrapper functions for posix file
functions which use root privileges to override EACCES failures if
PVFS_FLAG_PERM_OVERRIDE is set
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This flag indicates that we should use root privileges to override
unix permissions when the NT ACLs indicate that access should be
granted
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This can be used to get the uid we changed away from when we gained
root privileges
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Guenther
|
|
Guenther
|
|
At the moment nothing is done when the enumeration variable is set to one of
those constants as before. This is only to quite nasty warnings.
|
|
"test_SamLogon_with_creds" constant
This to quiet warnings.
|
|
Otherwise always a warning is generated.
|
|
This should make is easier to track down some bug reports
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Re-using two of the create_options bits was bound to eventually
cause problems, and indeed, Windows7 now uses one of those bits
when opening text files.
Fixes bug 7189
|
|
|
|
|
|
Signed-off-by: Bo Yang <boyang@samba.org>
|
|
|
|
This library is not installed on enough systems for us to rely
on it being available. We use the system copy if possible, and
fallback to this local copy
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
For python libraries like dns.resolver it is useful to be able to install
a copy of the library with Samba. This set of functions allows us to do that
while using the locally installed version if it is available
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
I'm hoping this will fix an occasional segfault I've noticed where
epoll still calls events on a closed fde
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
Jeremy.
|
|
"authsam_expand_nested_groups"
Better use the "res_sids_ctx" as base context for the "tmp_ctx" and not the
long-living "sam_ctx"/"ldb" context to prevent memory leaks.
|
|
It tests also some other constructed attributes in a basic way.
|
|
|
|
need them for more constructed attributes
With this patch we delete the helper attributes at the end where all constructed
attributes have already been computed.
|
|
No need to have signed counters here.
|
|
It contains the transitive SID closure (expand member/memberOf attributes) of a
certain SAM object. The "tokenGroups" attribute never contains the SID of the
object itself.
References: http://msdn.microsoft.com/en-us/library/ms680275(VS.85).aspx,
http://support.microsoft.com/kb/301916,
MS-ADTS 3.1.1.4.5.19.
|
|
This is needed by the "tokenGroups" work in the operational LDB module.
|
|
|
|
Should also be unsigned - no need for a signed "i" and "num_sids" here.
|
|
"construct_primary_group_token"
Use the "msg" as temporary context and not "ldb" which lives much longer.
|
|
This reverts commit 22d316926b9589608d332143c1fa134229b75b3c.
Please see bug #7209 for details.
|
|
Made each type into a separate class to be easily run individually,
removed code duplication
|
|
On some broken systems like RHEL5, we need to be able
to disable --as-needed.
metze
|
|
host IPv4 address
Inform the user when there are more possibilities (so he can check for the
right address and otherwise he is able to do an immediate reprovision) and no
possibility at all (then we fall back to the loopback address "127.0.0.1" - this
is thought for testing purposes).
I think this should be enough for closing bug #5484.
|
|
I changed "uint32_t" to "unsigned int" since the LDB specification prescrives
"unsigned (int)" for counter variables (number of attributes,
number of values...).
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Signed-off-by: Bo Yang <boyang@samba.org>
|
|
Signed-off-by: Bo Yang <boyang@samba.org>
|
|
Use an unsigned argument for the numbers of groups and the counter "i" since
the function is called only by "auth_generate_session_info" with an unsigned
number of groups argument.
|
|
Previous commit was incomplete. The "service" parameter in the "tcon" structure
should point to "scfg->name". I'm not sure if "share" is right but the first
was used before commit f390daef475126b4ff5a3d0ffd2babbd87d4c22b.
|
|
This should be the right fix (set the service name in the tcon union to the
share name/path). That should be the solution for bug #6784.
|
|
"QueryDomainInfo" returns only global groups, "QueryDisplayInfo" also universal
ones. Consider MS-SAMR 3.1.5.5.1.1 and 3.1.5.3.1.
|
|
universal groups
Find the "Enterprise Admins" group which does exist on s4 and Windows
directories and is always per default universal. Test this only when the target
is set to s4 (s3 deployments don't contain this group). If the number of
returned objects is "0" (count) then we are likely testing the builtin domain of
an AD deployment.Then we ignore the inexistent "Enterprise Admins" group.
I didn't enhance the test for "QueryDomainInfo" since this does itself a
comparison of all returned objects with the "EnumDomainGroups" call. Therefore
if the latter passes, and the "QueryDomainInfo" test passes also the
"QueryDomainInfo" call is okay regarding groups.
|
|
|
