summaryrefslogtreecommitdiff
path: root/source4/libcli
AgeCommit message (Collapse)AuthorFilesLines
2010-01-29s4/ldap: Fix nested searches SEGFAULT bugKamen Mazdrashki1-0/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-01-29s4:libcli: remove unneeded talloc_reference() usageStefan Metzmacher1-4/+1
metze
2010-01-26s4-libcli: Fixed a talloc_reference error.Andreas Schneider1-0/+1
Signed-off-by: Andreas Schneider <asn@redhat.com> Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
2010-01-08libcli/util: add tstream_read_pdu_blob_send/recvStefan Metzmacher1-0/+5
This will take the some full_request callback function as the Samba4 packet code. metze
2010-01-06s4: Fix result check for getaddrinfo()Kamen Mazdrashki1-6/+11
I think this completes commit 50feca550eed7828198b7c0fc5f0e5ddc863313d. Now result should be handled correctly both for systems that support EAI_NODATA but returns EAI_NONAME (as my Ubuntu 9.x) and systems that doesn't support EAI_NODATA at all. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-01-02s4-sddl: DRS replication needs REVISION_ADS for SDsAndrew Tridgell1-1/+1
DRS replication with w2k8-r2 fails with a schema mismatch error if we set the revision to NT4
2009-12-31s4-net: fixed finddcs to use empty SID instead of NULL sid (NDR error)Andrew Tridgell1-0/+3
2009-12-31py/security: Add test for dom_sid.split.Jelmer Vernooij1-3/+8
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-17Fixed incorrect checking of PRINCIPAL_SELF permissions.Nadezhda Ivanova1-3/+12
If an ace has the PRINCIPAL_SELF as trustee, this sid has to be replaced with the onjectSid of the object being checked. PRINCIPAL_SELF is the way to grant rights to an account over itself.
2009-12-10s4-libcli: GUID_from_ndr_blob() is strict about the blob sizeAndrew Tridgell1-2/+4
We need to create a blob of the right length
2009-12-10s4-libcli: use GUID_to_ndr_blob()Andrew Tridgell2-11/+9
2009-12-10s4-libcli: use new GUID functions in libcliAndrew Tridgell3-18/+9
2009-12-07s4 torure: Add SMB2 utility functionsZack Kirsch1-0/+1
- Add a torture_setup_dir() equivalent in SMB2, called smb2_util_setup_dir(). - Add verify_sd() and verify_attrib() helper functions for SMB2.
2009-12-07s4/libcli: add define for exclusive lock modeSteven Danneman1-0/+1
2009-12-03s4 torture: Add lockread_supported based off of CAP_LOCK_AND_READZachary Loafman2-0/+4
Signed-off-by: Tim Prouty <tprouty@samba.org>
2009-11-28s4: fix SD update and password change in upgrade scriptMatthieu Patou1-0/+20
- reserve a new Samba OID for recalculate SD control - fix the update SD function - fix handling of kvno in the update_machine_account_password function - fix handling of handles in RPC winreg server Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-11-27s4:security/sddl - rework of the security descriptor abbreviationsMatthias Dieter Wallnöfer1-28/+33
- Reoder them - Add some new ones (needed for the security descriptor in the provision script)
2009-11-25s4/libcli: rename previously reserved field in SMB2 LOCK structSteven Danneman2-2/+2
The lock.in.reserved field has been renamed lock_sequence in the SMB 2.1 dialect. See MS-SMB 2.2.26.
2009-11-25s4/libcli: Initialize client PID for SMB2 connectionsSteven Danneman3-0/+6
Set the SMB pid to the Unix pid of the client process.
2009-11-19s4:ldbcli - Added encoder/decoder for relax control.Endi S. Dewata1-2/+20
2009-11-17s4/libcli: add a FILE_NOTIFY_CHANGE_ALL macroAravind Srinivasan1-0/+8
This macro encompasses all possible file notifications that can be raised.
2009-11-17Fixed incorrect SID for RAS Servers.Nadezhda Ivanova2-1/+2
2009-11-15Fixed some major bugs in inheritance and access checks.Nadezhda Ivanova1-13/+16
Fixed sd creation not working on LDAP modify. Fixed incorrect replacement of CO and CG. Fixed incorrect access check on modify for SD modification. Fixed failing sec_descriptor test and enabled it. Fixed failing sd add test in ldap.python
2009-11-12s4:libcli/ldap Add 'relax' OID to known network representationsAndrew Bartlett1-0/+2
This patch, inspired by a patche by Endi S. Dewata <edewata@redhat.com>, allows this control to be passed to the LDAP backend. Andrew Bartlett
2009-11-05Version 1.0 of the directory service acls module.Nadezhda Ivanova2-47/+60
At this point, support for checks on LDAP add, delete, rename and modify. Old kludge_acl is still there to handle the searches. This module is synchronous as the async version was impossible to debug, will be converted to async after some user testing.
2009-11-03Fixed some missing flags and bugs in the security creation.Nadezhda Ivanova1-11/+47
Also, added some logging. It needs improvement, possibly ability to turn in on and off via configuration file.
2009-11-03Fixed a bug in object specific access checks.Nadezhda Ivanova1-2/+4
2009-10-22s4:libcli/security/access_check - Add "const" in front of "type"Matthias Dieter Wallnöfer1-1/+1
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-10-17s4-acl: SEC_FLAG_MAXIMUM_ALLOWED doesn't auto-apply privilege access masksAndrew Tridgell1-6/+2
2009-10-17s4-security: honor more of the privilege access bitsAndrew Tridgell1-4/+12
2009-10-15s4-libcli: fixed structure element bug in ntcreatexreadxAndrew Tridgell1-1/+1
This one didn't matter until the root_fid changed the alignment of the two structures.
2009-10-15s4-smb: declare root_fid as a file handleAndrew Tridgell4-7/+7
In order to implement root_fid in the s4 SMB server we need to declare it as a handle type, just as for other fnum values in SMB. This required some extensive (but simple) changes in many bits of code.
2009-10-14s4: Changes the old occurences of "lp_realm" in "lp_dnsdomain" where neededMatthias Dieter Wallnöfer1-1/+3
For KERBEROS applications the realm should be upcase (function "lp_realm") but for DNS ones it should be used lowcase (function "lp_dnsdomain"). This patch implements the use of both in the right way.
2009-10-02s4: fix various warnings (not "const" related ones)Matthias Dieter Wallnöfer3-6/+5
2009-10-01s4/torture: Add two new SMB RAW-OPEN testsAravind Srinivasan2-0/+126
* Add chained NTCREATEX_READX test which first tries to open/read a non-existant file failing on the open, then attempts the same operation on a file that does exist, opening and reading successfully. * Add test for open_dispositions on directories.
2009-10-01s4/torture: Ported SMB oplock torture tests to SMB2Steven Danneman1-0/+9
I've ported all applicable SMB oplock torture tests to SMB2, giving us a good base for SMB2 oplock testing. There are several differences between oplocks in SMB and SMB2, mostly because of differences in W2K3 and W2K8. The existing SMB oplock tests all pass against W2K3, but several fail against W2K8. These same tests were failing in SMB2, util I reworked them. BATCH19, BATCH20: In W2K3/SMB a setfileinfo - rename command wouldn't cause a sharing violation or break an existing oplock. It appears that in W2K8/SMB2 a sharing violation is raised. BATCH22: In W2K3/SMB when a second opener was waiting the full timeout of an oplock break, it would receive NT_STATUS_SHARING_VIOLATION after about 35 seconds. This bug has been fixed in W2K8/SMB2 and instead the second opener succeeds. LEVELII500: Added 1 new test checking that the server returns a proper error code when a client improperly replies to a levelII to none break notification. STREAM1: W2K8 now grants oplocks on alternate data streams.
2009-09-28s4-acl: fixed SD creationAndrew Tridgell1-12/+22
Thanks for Nadya and Metze for this. The SDs were being created with invalid fields (noticed by w2k8-r2 client when joining our domain)
2009-09-24Fixed a dereferenced null pointer.Nadezhda Ivanova1-16/+14
2009-09-21Initial Implementation of the DS objects access checks.Nadezhda Ivanova4-1/+252
Currently disabled. The search will be greatly modified, also the object tree stuff will be simplified.
2009-09-20Initial implementation of security descriptor creation in DSNadezhda Ivanova1-4/+348
TODO's: ACE sorting and clarifying the inheritance of object specific ace's.
2009-09-19s4-resolve: fixed a crash bug on timeoutAndrew Tridgell4-6/+8
We were creating the name resolution context as a child of lp_ctx, which meant when we gave up on a connection the timer on name resolution kept running, and when it timed out the callback crashed as the socket was already removed.
2009-09-17pyldb: Don't segfault when invalid type is specified to as_sddl and from_sddl.Matthieu Patou1-0/+17
Fix bug #6723
2009-09-16Owner and group defaulting.Nadezhda Ivanova2-1/+118
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-09-15s4-security: added a new security level SECURITY_DOMAIN_CONTROLLERAndrew Tridgell2-0/+10
This will be used as a simple way to lock down DRS replication to administrators and domain controllers
2009-09-15libcli:nbt make the lmhosts parsing code and dependicies commonAndrew Bartlett1-43/+0
This starts the process to have Samba4 use lmhosts. Andrew Bartlett
2009-09-11s4/libcli: when we get a DNS lookup failure show the nameAndrew Tridgell1-0/+2
When tracking down complex connection problems its useful knowing what name lookups failed.
2009-08-17s4:libcli/ldap Explain why we set a hostname for ldapi:// connectionsAndrew Bartlett1-1/+3
It is a pretty odd thing to do, and it's only because of the restrictions of DIGEST-MD5 in Cyrus SASL that we do it. Andrew Bartlett
2009-08-12libcli/smb: move smb2_create_blob code to libcli/smb/Stefan Metzmacher3-165/+2
I want to use this in source3/smbd/ metze
2009-08-12libcli: move some common SMB and SMB2 stuff into libcli/smb/Stefan Metzmacher3-177/+1
This will hold code that's shared between source3 and source4. metze
2009-08-07s4:libcli/smb2: move SMB2_GETINFO_* flags into smb2_constants.hStefan Metzmacher2-6/+6
metze