Age | Commit message (Collapse) | Author | Files | Lines |
|
metze
(This used to be commit 64570b7a4734ec1cc56a07e6bd9b20a155a876c0)
|
|
metze
(This used to be commit df924e18220aedbfbfae569e1fb37da652914c0b)
|
|
(not introduce new warnings:-)
metze
(This used to be commit 36b11992dc3b08914db24ec23f10cc8b3eb55320)
|
|
metze
(This used to be commit ce7686ac3e15b0d52ef01bd8bd773641c8ce2e35)
|
|
metze
(This used to be commit efe840c8b0dd599d205068a4946ef587d542f2a5)
|
|
metze
(This used to be commit f2ff50dfc40f7bf329ab83eefcc2cff9e575a84e)
|
|
metze
(This used to be commit b1b47bda0177c42687b9c291e4e28ae123fb4eac)
|
|
on Simple example server side implementation
(This used to be commit 98afb504d95ccca4d6ec48273e10b52ccfa26ad0)
|
|
verify that the security descriptor found in the SamSync is the same
as what is available over SAMR.
Unfortunately, the administrator seems unable to retrieve the SACL on
the security descriptor, so I've added a new function to compare with
a mask.
Andrew Bartlett
(This used to be commit 39ae5e1dac31a22086be50fb23261e02be877f3f)
|
|
- fixed revision number on default DACL
- fixed DACL_PRESENT bit in acl query
with these fixes cacls.exe and the GUI ACL editor in w2k both work
against pvfs. The GUI editor is slow as it times out looking up the
SID -> name mappings.
(This used to be commit 4468018cb63fd884920c2b0f5235bded50c6b5db)
|
|
based on the current nttoken, which is completely wrong, but works as a start.
The ACL is stored in the xattr system.DosAcl, using a NDR encoded IDL
union with a version number to allow for future expansion.
pvfs does not yet check the ACL for file access. At the moment the ACL
is just query/set.
We also need to do some RPC work to allow the windows ACL editor to be
used. At the moment is queries the ACL fine, but displays an error
when it fails to map the SIDs via rpc.
(This used to be commit 3a1f20d874ab2d8b2a2f2485b7a705847abf1263)
|
|
queryfileinfo/setfileinfo logic, so querying/setting a security
descriptor is treated as just another file query/set operation.
This will allow NTVFS backends to see the query/set security
descriptor operations as RAW_FILEINFO_SEC_DESC and
RAW_SFILEINFO_SEC_DESC operations.
(This used to be commit f68a6b6b915c37e48c42390c1e74c2d1c2636fa9)
|
|
(This used to be commit 2ff9816ae0ae41e0e63e4276a70d292888346dc7)
|
|
in this file
(This used to be commit c75eb859391f747abc3fe513166c9f8d73ca349c)
|
|
- fixed push/pull of chained ea lists
- fixed a bug in the nttrans wire encoding
(This used to be commit fcd09224076508f9c10095bf2e2c394232a4d297)
|
|
(This used to be commit 8422789c06c203ea1c4761fecb16f79f99ac479b)
|
|
- move dom_sid, security_descriptor, security_* funtions to one place
and rename some of them
metze
(This used to be commit b620bdd672cfdf0e009492e648b0709e6b6d8596)
|
|
call has an optional sec_desc and ea_list.
(This used to be commit 8379ad14e3d51a848a99865d9ce8d56a301e8a3c)
|
|
secrets interface correctly. (New interface added).
Andrew Bartlett
(This used to be commit 994ac7f031e2b2d528595a4a0a446d92074d6ecf)
|
|
NT_STATUS_HOST_UNREACHABLE instead of NT_STATUS_UNSUCCESSFUL
(This used to be commit f2a488e5668ab5d262269f1bab1b33a63265cbe9)
|
|
metze
(This used to be commit 2403186562698b8e13c20741a0cbed812e1b8e89)
|
|
- fix compiler warnings
metze
(This used to be commit 37a8bd2e30cab98bc8b1bf10d0a516827cbb3373)
|
|
modules
(This used to be commit c7757dd9adc18549fa3f908c2714624ec3f91394)
|
|
so while this does compile, it does not work yet.
(This used to be commit 3d885562c9f83d60c5d4957b067e35387dfa50dd)
|
|
(This used to be commit a7c3c8cb6256acf672996fc6bf6128865a9ba0a9)
|
|
(This used to be commit 2a38b77a1d8674b46028214896e37747c4082f13)
|
|
- Re-disable tdbtool (it was building fine on my Debian box but other
machines were having problems)
(This used to be commit 0d7bb2c40b7a9ed59df3f8944133ea562697e814)
|
|
this support, run SUBSYSTEM_OUTPUT_TYPE=STATIC_LIBRARY ./config.status
I haven't enabled this by default because there are some circular dependencies
in the makefile that have to be resolved first (LIBRPC depends on LIBSMB
and LIBSMB depends on LIBRPC..)
(This used to be commit fc0432069bf3569a47a7c32f4bf789cec2ca44db)
|
|
- Use .mk files directly (no need for a SMB_*_MK() macro when adding a new SUBSYSTEM, MODULE or BINARY). This allows addition of new modules and subsystems without running configure
- Add support for generating .dot files with the Samba4 dependency tree (as used by the graphviz and springgraph utilities)
(This used to be commit 64826da834e26ee0488674e27a0eae36491ee179)
|
|
the hierarchy in the init functions is correct now
will also make it easier to implement some other features
(This used to be commit cbe819a75568403ac8850ea4d344c607a46d61c2)
|
|
Remove the conditional set.
Andrew Bartlett
(This used to be commit f5d8a4dde58a88408892501fd3ce53f19e67f1f1)
|
|
Break out the samsync tests from RPC-NETLOGON into a new RPC-SAMSYNC,
that will cross-verify all the values.
Add support for the way netlogon credentials are shared between the
pipe that sets up schannel and the pipe that is encrypted with it.
Test this support, by calling both NETLOGON and SAMR operations in the
RPC-SCHANNEL test.
Move some of the Netlogon NEG flags into the .idl, now we have an idea
what a few of them really are.
Rename the sam_pwd_hash into a name that has meaning (all other crypto
functions were renamed in Samba4 ages ago).
Break out NTLMv2 functionality for operation on the NT hash - I intend
to do NTLMv2 logins in the samsync test in future, and naturally I
only have the hash.
Andrew Bartlett
(This used to be commit 6e6cc6fb9842113a1b0c7f6904dac709b320a6e5)
|
|
Interestingly, all the interesting flags are a '4' (as hex digits in
the flag).
Andrew Bartlett
(This used to be commit 295e09fa3ea2cae48da1e934c1ec180e5678f0c9)
|
|
RPC-SAMLOGON of their own.
I have expanded the tests to validate the use of various flags, which
change some of the crypto behaviour.
Andrew Bartlett
(This used to be commit 3a140a3691ce49ebf4d1efcb99cfffd26c68a28f)
|
|
parameter to SMBNTLMv2encrypt().
Andrew Bartlett
(This used to be commit 75ff351faf0a3231e17f000b006beb9cb545d905)
|
|
Andrew Bartlett
(This used to be commit cef31134ec4cd09eafd4f9f8f64e5fe3d68f19de)
|
|
Because -r 3591 removed the over-allocation, realloc() had a chance of
returning a different pointer. This broke the length calculations in
the trans2 send code.
I think the length calculations coudld be better expressed (less cute
PTR_DIFF tricks) but I'm not going to touch this any more than I need
to.
Andrew Bartlett
(This used to be commit 4bfc916a2c3b9745f47ce4eaa892cdcc431e19db)
|
|
(This used to be commit e995a1c0e5d2ee2dc50c31c01ce281a303dd5231)
|
|
(This used to be commit 891e3097ee00d75f8f28efcccd8c15cd08b80e88)
|
|
Andrew Bartlett
(This used to be commit 47d67c6e5b265e4192fcae0d9cd72b3ac097785e)
|
|
(This used to be commit a4598e7fa17c7ec0fed9cb81f5a0fb30b133861b)
|
|
krb5 going on recent heimdal installs.
Andrew Bartlett
(This used to be commit a758725407df0c87922a15aa32cc841bc4c059a2)
|
|
deliberate over-allocation of request structures in smbd and
libcli/raw code for now.
(This used to be commit 07596d87213e8ccbf6a0e7bc216d692065f43403)
|
|
Both subsystems and modules can now have init functions, which can be
specified in .mk files (INIT_FUNCTION = ...)
The build system will define :
- SUBSYSTEM_init_static_modules that calls the init functions of all statically compiled modules. Failing to load will generate an error which is not fatal
- BINARY_init_subsystems that calls the init functions (if defined) for the subsystems the binary depends on
This removes the hack with the "static bool Initialised = " and the
"lazy_init" functions
(This used to be commit 7a8244761bfdfdfb48f8264d76951ebdfbf7bd8a)
|
|
metze
(This used to be commit 9701abfa3a5f6351c8c7bced6adb751be9f5ff31)
|
|
metze
(This used to be commit 4868f1ea857e94f60dbde83bfb54def8a5ee728f)
|
|
(vl: we should only sync the parsing code with trunk)
- use hierachical talloc in the ldap client code
metze
(This used to be commit 1e9c0b68ca9ddb28877d45fc1b47653b13a7446d)
|
|
This concludes the proper fixes.
Andrew Bartlett
(This used to be commit c1d025793f2994c8f1cab304c3394ab186654071)
|
|
(which I suspect was missing some pieces)
this at least fixes the build so i can keep going on pvfs. Please review/fix Andrew.
(This used to be commit bffd18d09df04c1e492ef12f744ff4b6c561d53c)
|
|
basic krb5 request path.
The idea is that we should not do the extra work, if we are not going
to use the results.
Andrew Bartlett
(This used to be commit 13a2a9e326c027d76d27ecd08fb9863fe881bf30)
|