Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 5085c53fcfade614e83d21fc2c1a5bc43bb2a729)
|
|
(This used to be commit 08bb1ef643ab906f1645cf6f32763dc73b1884e4)
|
|
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
|
|
if someone isn't interessted in one of it
metze
(This used to be commit 1fdc71918a430c35af91fa7788e191d381f76d56)
|
|
an ace
metze
(This used to be commit 18cc56be6a7c21e5b19d0826aca6ae2416c116b8)
|
|
metze
(This used to be commit 6ce994720cdd8b7dd0b789460b5ae7da19261696)
|
|
to be SECURITY_ACL_REVISION_ADS (4)
metze
(This used to be commit a67bb4365958f4bfadbf47b2231992e2aadd26a1)
|
|
the SDDL string has the sid strings embedded, so we need to create
a null terminated string...
metze
(This used to be commit 532395a18db84affa8a743b995e9fae2e3c312f2)
|
|
(This used to be commit bb393603707ada3d4b917f8374b7738f16c78f46)
|
|
snprintf seems
to be broken. The %lu modifies apparently can not cope with the high
bit==1. In dom_sid_string I added some printfs and got:
auth: 21
auth: 2666793276
auth: 679821296
auth: 2310223117
auth: 1206
sid=S-1-5-21-8446744072081377596-679821296-8446744071724807437-1206
The "auth:" values are direct printfs, the sid= is the resulting code from
dom_sid_string.
I could not reproduce it with a simple test program, and #ifdef'ing out
HAVE_SNPRINTF in config.h manually does not help either, probably because the
dynamic linker overwrites the symbol in lib/replace.
Checking it in because it fixes the RPC-SAMBA3-SHARESEC test directly on host
"sunx", I would like to see whether it also fixes IRIX and AIX.
Volker
(This used to be commit 1a9401738f652a87d377a32086342f5f98525fc2)
|
|
security
descriptor. This is something that W2k3 does _not_ pass and probably is not
expected to, it seems the don't check access at tconX time.
Thanks to metze for the hint how in the srvsvc_NetShareInfo1501 struct the
length of the sd can be encoded in idl.
As metze says, there's probably more to the share secdesc, this needs more
testing. This one is here to walk the samba3 code.
Volker
(This used to be commit 67185508229a8d7f144c22cb194f573c932d6de5)
|
|
Split of system/locale.h header from system/iconv.h
Previously, iconv wasn't being used on these systems
(This used to be commit aa6d66fda69779d1c2948a1aca85dbd5208f1cba)
|
|
(This used to be commit 849818dcdeb8eaf2eb22fea3896a4f7c777d8c5f)
|
|
Remove some autogenerated headers (which had prototypes now autogenerated by pidl)
Remove ndr_security.h from a few places - it's no longer necessary
(This used to be commit c19c2b51d3e1ad347120b06a22bda5ec586c22e8)
|
|
rest of LIBSECURITY doesn't)
Make the ldb password_hash module only depend on some keys manipulation code, not full heimdal
Some other dependency fixes
(This used to be commit 5b3ab728edfc9cdd9eee16ad0fe6dfd4b5ced630)
|
|
for REQUIRED_SUBSYSTEMS.
(This used to be commit adc8a019b6da256f104abed1b82bfde6998a2ac9)
|
|
desired but SeSecurityPrivilege isn't granted
metze
(This used to be commit be7285bdebd58e7a86fcc64f7b22b9f533bcc4f5)
|
|
- remove sid_active_in_token() was the same as security_token_has_sid()
- rename some functions
metze
(This used to be commit 81390dcda50f53d61e70059fb33014de0d283dc5)
|
|
the problem was that we shift with <<= (privilege-1)
and we called the function with privilege=0
add some checks to catch invalid privilege values
and hide the mask representation in privilege.c
metze
(This used to be commit a69f000324764bcd4cf420f2ecba1aca788258e4)
|
|
metze
(This used to be commit 9ec706238c173992dc938d537bdf1103bf519dbf)
|
|
- stack specific functions on top of generic ones
metze
(This used to be commit e391f3c98aae600c5f64d5975dd55567a09c3100)
|
|
metze
(This used to be commit 0ad464f686dddc5befdf1ec8d20101ee0ad83585)
|
|
(This used to be commit 51b4270513752d2eafbe77f9de598de16ef84a1f)
|
|
try to include just the BASENAME.h files (containing only structs)
(This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd)
|
|
file dependencies
(This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
|
|
the remote server's name, or in the absence of a local nbt_server to
communicate with (or without root access), a node status request.
The result is that we are in a better position to use kerberos, as well
as to remove the 'password server' mandatory parameter for the samsync
and samdump commands. (I need this to put these into SWAT).
The only problem I have is that I must create a messaging context, which
requires a server ID. As a client process, I don't expect to get
messages, but it is currently required for replies, so I generate a
random() number. We probably need the servers to accept connections on
streamed sockets too, for client-only tasks that want IRPC.
Because I wanted to test this code, I have put the NET-API-* tests into
our test scripts, to ensure they pass and keep passing. They are good
frontends onto the libnet system, and I see no reason not to test them.
In doing so the NET-API-RPCCONNECT test was simplified to take a
binding string on the command line, removing duplicate code, and
testing the combinations in the scripts instead.
(I have done a bit of work on the list shares code in libnet_share.c
to make it pass 'make test')
In the future, I would like to extend the libcli/findds.c code (based
off volker's winbind/wb_async_helpers.c, which is why it shows up a bit
odd in the patch) to handle getting multiple name replies, sending a
getdc request to each in turn.
(posted to samba-technical for review, and I'll happily update with
any comments)
Andrew Bartlett
(This used to be commit 7ccddfd3515fc2c0d6f447c768ccbf7a220c3380)
|
|
Andrew Bartlett
(This used to be commit 10eadf48124d61f2eb586fb277a66aa4b9e6cad3)
|
|
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
|
|
(This used to be commit ca8db1a0cd77682ac2c6dc4718f5d753a4fcc4db)
|
|
(This used to be commit 0aca5fd5130d980d07398f3291d294202aefe3c2)
|
|
the difference between these at all, and in the future the
fact that INIT_OBJ_FILES include smb_build.h will be sufficient to
have recompiles at the right time.
(This used to be commit b24f2583edee38abafa58578d8b5c4b43e517def)
|
|
(This used to be commit 82d87d62614a33ec9d2ed20e63d80a7af64e8678)
|
|
displaying security descriptors in ldbsearch or ldbedit you can see
the SDDL version.
This also allows us to specify security descriptors in our
setup/*.ldif files in SDDL format, which is much more convenient than
the NDR binary format!
(This used to be commit 8185731c1846412c1b3366824cdb3d05b2d50b73)
|
|
- allow for arbitrary access masks in sddl_encode_ace()
(This used to be commit 5e2b1bd6afafe2eb96e98c4636e0a62235693183)
|
|
(This used to be commit a0662ae9d3f719d2db193490361923095bd4d419)
|
|
couple of days ago. Doesn't yet encode using the shorthand for well
known SIDs.
(This used to be commit 655a4ebe8e0ee18133103bfba0ca6d14cbf81d56)
|
|
(This used to be commit 1eca19d597ea21a073361fc6fc550919abf97574)
|
|
- added a bunch more tests to LOCAL-SDDL (all the ones from our schema)
- fixed 'mixed coded declarations' bug
(This used to be commit c30e7698e8e1d9991d35bf86c0d4041a1814ad92)
|
|
all flags are covered yet, and object aces aren't done yet.
This is needed for ACL support in ldb, as the default security
descriptor for each object class is given by the
defaultSecurityDescriptor attribute in the schema, which is stored in
SDDL format
(This used to be commit dbdeecea01a8b362a9a525a3689cb03662a86776)
|
|
(This used to be commit 24e10300906c380919d2d631bfb3b8fd6b3f54ba)
|
|
http://lists.samba.org/archive/samba-technical/2005-October/043443.html)
(This used to be commit 7fffc5c9178158249be632ac0ca179c13bd1f98f)
|
|
before the bad merge
metze
(This used to be commit 471c0ca4abb17fb5f73c0efed195c67628c1c06e)
|
|
(This used to be commit 6913e338405a5aca5c70cf6e022532c596ed0a36)
|
|
authenticated session down into LDB. This associates a session info
structure with the open LDB, allowing a future ldb_ntacl module to
allow/deny operations on that basis.
Along the way, I cleaned up a few things, and added new helper functions
to assist. In particular the LSA pipe uses simpler queries for some of
the setup.
In ldap_server, I have removed the 'ldasrv:hacked' module, which hasn't
been worked on (other than making it continue to compile) since January,
and I think the features of this module are being put into ldb anyway.
I have also changed the partitions in ldap_server to be initialised
after the connection, with the private pointer used to associate the ldb
with the incoming session.
Andrew Bartlett
(This used to be commit fd7203789a2c0929eecea8125b57b833a67fed71)
|
|
that are then included by include/proto.h
(This used to be commit 703ffbaaaca11f3d8781cfe9e7542fcaa626d991)
|
|
but final linking still fails (as does generating files asn1, et, idl and proto
files)
(This used to be commit 4f0d7f75b99c7f4388d8acb0838577d86baf68b5)
|
|
some awful indentation. (-:
(This used to be commit 2f24fc7a7a195c04f88a25d52efc02ddf491126c)
|
|
(This used to be commit d151a9459dcbfc88b0dc2ec9dd1cafa18ad5b8f8)
|
|
- add a note about a possible talloc_free()
metze
(This used to be commit 550e3030f0e02720b527f3b4923457f05f484e6e)
|
|
metze
(This used to be commit 6d412cf0a4186ec04cee61dd5387903de051fde7)
|