Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
dom_sid.sub_auths rather than a dynamically allocated one.
This makes it possible to use the same DCE/RPC object code for Samba 3
and Samba 4's DCE/RPC parsers and allows copying sids more easily
(since they no longer contain any pointers). The cost of having additional
manual marshalling code is limited (~35 additional lines of C code).
|
|
(This used to be commit 15038d9586d0b58f301ca8c39c21ef10c4283f28)
|
|
so that we
can add and delete ACEs for SACLs as well as for DACLs.
Guenther
(This used to be commit 947fff994181f0ae50ac76d09621ddd684873112)
|
|
Guenther
(This used to be commit 0306e0183d4db0da331449b411814e7a93b6db2d)
|
|
Guenther
(This used to be commit 2e028503a36acd12009a4d2f0d217b2d940c9c30)
|
|
Guenther
(This used to be commit 99408cf20c6feb745cd2dd56c37015cfa11e9b3d)
|
|
Guenther
(This used to be commit 1ebcceb922bdb566e6a548aa1ad816eb8e9e26e9)
|
|
security_descriptor_create().
Guenther
(This used to be commit 7dd0d28d254f78891b0807492baafa188b42df16)
|
|
Guenther
(This used to be commit 7d8f53b1c73dc4025821d96d8f675b6866407acb)
|
|
(This used to be commit 566aa14139510788548a874e9213d91317f83ca9)
|
|
(This used to be commit 5085c53fcfade614e83d21fc2c1a5bc43bb2a729)
|
|
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
|
|
an ace
metze
(This used to be commit 18cc56be6a7c21e5b19d0826aca6ae2416c116b8)
|
|
metze
(This used to be commit 9ec706238c173992dc938d537bdf1103bf519dbf)
|
|
(This used to be commit 51b4270513752d2eafbe77f9de598de16ef84a1f)
|
|
file dependencies
(This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
|
|
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
|
|
(This used to be commit d151a9459dcbfc88b0dc2ec9dd1cafa18ad5b8f8)
|
|
- add a note about a possible talloc_free()
metze
(This used to be commit 550e3030f0e02720b527f3b4923457f05f484e6e)
|
|
the ndr_pull/push/print functions for it in the ntacl-lsm module
- fix compiler warnings in the ldap_encode_ndr_* code
metze
(This used to be commit 83d65d0d7ed9c240ad44aa2c881c1f07212bfda4)
|
|
metze
(This used to be commit 6ad7ffab043c3b510f4dff052973a054e5a75779)
|
|
- qfsinfo (query file system information)
- appendacl (append an ACL to existing file's security descriptor and get new
full ACL)
The second one also includes an improvement to security descriptor handling
which allows to copy security descriptor. Written by Peter Novodvorsky
<peter.novodvorsky@ru.ibm.com>
Both functions have corresponding torture tests added. Tested under valgrind and
work against Samba 4 and Windows XP.
ToDo: document composite call creation process in prog_guide.txt
(This used to be commit 441cff62ac75ed16851ce7b8daf9d03eb4c3ec79)
|
|
metze
(This used to be commit add1c579375d08040f722946da31ee3862f9e7ac)
|
|
large commit. I thought this was worthwhile to get done for
consistency.
(This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
|
|
and debug privileges
metze
(This used to be commit c981808ed4cfa63c7ba7c4f9190b6b14f74bab40)
|
|
- added a test for all combinations of the inheritance ACE flags and how
they are propogated to child directories and files
(This used to be commit fdb38c8e4b6279137892402b21d2d52e1921e456)
|
|
easily create complex security descriptors for testing. This greatly
simplifies the smbtorture code I am writing for testing our
new access_check code.
(This used to be commit 891a8bc16af3c6ce5800e793ce4ec8b0078e444f)
|
|
against a users security token and access_mask
(This used to be commit c4d21cd4b1ccffd5aaa70a551c57f6eab1ca9c6d)
|
|
verify that the security descriptor found in the SamSync is the same
as what is available over SAMR.
Unfortunately, the administrator seems unable to retrieve the SACL on
the security descriptor, so I've added a new function to compare with
a mask.
Andrew Bartlett
(This used to be commit 39ae5e1dac31a22086be50fb23261e02be877f3f)
|
|
- fixed revision number on default DACL
- fixed DACL_PRESENT bit in acl query
with these fixes cacls.exe and the GUI ACL editor in w2k both work
against pvfs. The GUI editor is slow as it times out looking up the
SID -> name mappings.
(This used to be commit 4468018cb63fd884920c2b0f5235bded50c6b5db)
|
|
based on the current nttoken, which is completely wrong, but works as a start.
The ACL is stored in the xattr system.DosAcl, using a NDR encoded IDL
union with a version number to allow for future expansion.
pvfs does not yet check the ACL for file access. At the moment the ACL
is just query/set.
We also need to do some RPC work to allow the windows ACL editor to be
used. At the moment is queries the ACL fine, but displays an error
when it fails to map the SIDs via rpc.
(This used to be commit 3a1f20d874ab2d8b2a2f2485b7a705847abf1263)
|
|
(This used to be commit 2ff9816ae0ae41e0e63e4276a70d292888346dc7)
|
|
- move dom_sid, security_descriptor, security_* funtions to one place
and rename some of them
metze
(This used to be commit b620bdd672cfdf0e009492e648b0709e6b6d8596)
|