summaryrefslogtreecommitdiff
path: root/source4/libcli
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r4404: check for SEC_ACE_FLAG_INHERIT_ONLY in the "maximum allowed" logicAndrew Tridgell1-0/+4
(This used to be commit e4ee8b776ba164a89afca43de20c166ccbfddb99)
2007-10-10r4388: - allow ACE flags to be specified in security_descriptor_create()Andrew Tridgell1-1/+2
- added a test for all combinations of the inheritance ACE flags and how they are propogated to child directories and files (This used to be commit fdb38c8e4b6279137892402b21d2d52e1921e456)
2007-10-10r4386: Grr, fix copy-and-paste bug.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 13aa88ed65a8914000cccbecf80929db3df65037)
2007-10-10r4385: Set the correct target service.Andrew Bartlett1-0/+7
Andrew Bartlett (This used to be commit 722f59c7c8d09f548d9325c6051d6687d7aa16c2)
2007-10-10r4364: - added support for testing of chained SMB operations in smbtortureAndrew Tridgell3-6/+140
- added test for chained OpenX/ReadX, simulating the OS/2 workplace shell - fixed a bug in handling chained fnum in openx and ntcreatex in the server (yes, I'm on holiday, but this bug was annoying me ....) (This used to be commit b3b8958a18e302b815d98c0e3879e404bced6a08)
2007-10-10r4361: fix the buildStefan Metzmacher1-2/+3
metze (This used to be commit 78b2af77e9e4b97c698d6d9e680207b1df289cb4)
2007-10-10r4358: At metze's request, the Christmas elves have removed gensec_end inAndrew Bartlett2-33/+16
favor of talloc_free(). Andrew Bartlett (This used to be commit 1933cd12fbaed56e13f2386b19de6ade99bf9478)
2007-10-10r4357: Return a more sensible error code if a NULL (as opposed to the validAndrew Bartlett1-2/+3
"") username is asked for. Andrew Bartlett (This used to be commit 9c9055603e1171e204f67b019900339f88414841)
2007-10-10r4356: Allow anonymous connections to use NTLMSSP. The silly bugs thatAndrew Bartlett1-1/+0
prevented this are gone. Andrew Bartlett (This used to be commit 87dad5ec538abad93d621078a82f162675847f9f)
2007-10-10r4355: More work from the elves on Christmas eve:Andrew Bartlett10-211/+891
- Update Samba4's kerberos code to match the 'salting' changes in Samba3 (and many other cleanups by jra). - Move GENSEC into the modern era of talloc destructors. This avoids many of the memory leaks in this code, as we now can't somehow 'forget' to call the end routine. - This required fixing some of the talloc hierarchies. - The new krb5 seems more sensitive to getting the service name right, so start actually setting the service name on the krb5 context. Andrew Bartlett (This used to be commit 278bf1a61a6da6ef955a12c13d7b1a0357cebf1f)
2007-10-10r4338: reuse netlogon structs in the krb5 PACStefan Metzmacher1-105/+19
that simplifies the code a lot... also add a note: we should fail the krb5 auth if there's no PAC present (when heimdal is ready for that:-) metze (This used to be commit 532641a7003d23b034a253d166482f18c2de6191)
2007-10-10r4326: fix memory leakStefan Metzmacher1-1/+1
metze (This used to be commit 1ceeb77fc716729c69f2dba4a84579c366eefa1c)
2007-10-10r4325: add the GENSEC_FEATURE_DCE_STYLE flagStefan Metzmacher2-0/+2
this will be used by krb5 dcerpc auth metze (This used to be commit 04dc7fb9b24a1e38f31559ec6032701a176209ae)
2007-10-10r4316: - now that the trans2 code properly supports multi-part requests, we ↵Andrew Tridgell4-7/+7
can set a maximum sized max_data in libcli trans2 code - fixed string termination in the EA_LIST trans2 findfirst level (This used to be commit a2a5f147f4faac8a48ff8f1b3e5f1334c92575bb)
2007-10-10r4315: use the remote hosts max_xmit, not the local hosts, in calculating ↵Andrew Tridgell1-1/+1
max trans2 data sizes (This used to be commit 827008cfebf29d081b457ba7162d89c8150cb24b)
2007-10-10r4263: added support for the trans2 RAW_SEARCH_EA_LIST informationAndrew Tridgell2-2/+61
level. This is quite a strange level that we've never seen before, but is used by the os2 workplace shell. note w2k screws up this level when unicode is negotiated, so it only passes the RAW-SEARCH test when you force non-unicode (This used to be commit 25189b8fbf6515d573e3398dc9fca56505dc37b9)
2007-10-10r4261: added the RAW_FILEINFO_EA_LIST trans2 qfileinfo and qpathinfoAndrew Tridgell2-10/+170
level. Interestingly, this level did now show up on our trans2 scanner previously as we didn't have the FLAGS2_EXTENDED_ATTRIBUTES bit set in the client code. Now that we set that bit, new levels appear in windows servers. (This used to be commit 0b76d405a73e924dc2706f28bbf1084a59c9b393)
2007-10-10r4243: a sniff from kukks showed that the ea_set interface in trans2 ↵Andrew Tridgell2-4/+4
setfileinfo allows for multiple EAs to be set at once. This fixes all the ea code to allow for that. (This used to be commit b26828bef5d55e5eef0e34a164e76292df45e207)
2007-10-10r4229: - added support for multi-part SMBtrans and SMBtrans2 requests in theAndrew Tridgell2-18/+106
client code. This was essential to test the multi-part server code (which I will commit soon) - when the request state is an error, ensure that req->status is not NT_STATUS_OK (This used to be commit ef502c403044b68ccdff15b1a94d447d0f53473d)
2007-10-10r4228: make sure the caller knows the packet is in error when a signing ↵Andrew Tridgell1-0/+1
error occurs (This used to be commit 5e13571e6b9f5eb35f710c2c8bd85b5569665613)
2007-10-10r4202: added smbclient commands "addprivileges" and "delprivileges" forAndrew Tridgell1-0/+46
easily adding/removing privileges from users (This used to be commit 8764909c05c4829d1e4f7eaf8c18e8ef1e53645f)
2007-10-10r4196: - added server side code for lsa_LookupPrivDisplayNameAndrew Tridgell1-24/+112
- added english descriptions of privileges. We should add other languages in the future. (This used to be commit 3eee8b7c13de3ffe7c5a87d6f1ebdcc66ff391eb)
2007-10-10r4182: fixed trans2 mkdir, allowing mkdir with an initial EA listAndrew Tridgell1-2/+2
(This used to be commit 7d981c29c28391813c7f93245f64b3ee108378a4)
2007-10-10r4177: add some more error codesStefan Metzmacher1-0/+3
metze (This used to be commit e624bb52886db80a3600b79494ad1150592efebe)
2007-10-10r4173: - new t2open code, that can cope with "create with EAs". Many thanksAndrew Tridgell2-7/+7
to kukks on #samba-technical for the sniffs that allowed me to work this out - much simpler ntvfs open generic mapping code - added t2open create with EA torture test to RAW-OPEN test (This used to be commit a56d95ad89b4f32a05974c4fe9a816d67aa369e3)
2007-10-10r4151: added privilege attribute handling on samdb.Andrew Tridgell2-5/+20
pvfs will now honor some privileges on ACLs, and it will be quite easy to add the checks for more privileges in the necessary places, by making calls to sec_privilege_check(). (This used to be commit 3549039d0fbc54f87ae679e7288b82b28713e487)
2007-10-10r4150: - add fns for manipulating the privilege_mask in a security_tokenAndrew Tridgell2-6/+33
- add the hooks in access_check that check the privilege bitmasks for SEC_STD_DELETE and SEC_FLAG_SYSTEM_SECURITY (This used to be commit 0fa3764edcabffe8f7d5e40f0097f97d0c4519c4)
2007-10-10r4147: converted from NT_USER_TOKEN to struct security_tokenAndrew Tridgell5-34/+111
this is mostly just a tidyup, but also adds the privilege_mask, which I will be using shortly in ACL checking. note that I had to move the definition of struct security_token out of security.idl as pidl doesn't yet handle arrays of pointers, and the usual workaround (to use a intermediate structure) would make things too cumbersome for this structure, especially given we never encode it to NDR. (This used to be commit 7b446af09b8050746bfc2c50e9d56aa94397cc1a)
2007-10-10r4084: add some more error codesStefan Metzmacher1-0/+2
metze (This used to be commit e5db58526825476fd6d8d80c8ee6c3bca0e23c84)
2007-10-10r4080: missing file from the last commitStefan Metzmacher1-1/+1
metze (This used to be commit ea7b496995573426486b7eab5de822d5602d7368)
2007-10-10r4079: implement the gensec_have_feature() correctly by askingStefan Metzmacher4-25/+42
the backend what is actually in use metze (This used to be commit 6f3eb7bc03609108b9e0ea5676fca3d04140e737)
2007-10-10r4077: don't add wrapping to empty blobsStefan Metzmacher1-1/+5
metze (This used to be commit e6d83d019dc46ff7ae32e7c8f9f7a3ab7d0cdcf3)
2007-10-10r4073: - added a set of lsa helper routines to make lsa lookups that areAndrew Tridgell3-1/+304
related to filesharing. For example, in order to manipulate ACLs properly its important to be able to call LookupSids, and to be able to lookup what privileges a SID has. - added 3 new commands to smbclient "lookupname", "lookupsid" and "privileges" (This used to be commit 8780c40f0539da72652d17455e98fcaee6d197d1)
2007-10-10r4070: move some defines from asn_1.h to the places they belong toStefan Metzmacher8-17/+28
metze (This used to be commit ab2c2f27e1c61516e885f02bf26350f97209057a)
2007-10-10r4066: add a mapping for NT_STATUS_NO_MORE_ENTRIESAndrew Tridgell1-0/+1
(This used to be commit 335b1c6a52b2e437e7f16a84ba547e5387ef64d1)
2007-10-10r4065: fixed ntstatus->dos error code for NT_STATUS_NO_SUCH_FILEAndrew Tridgell1-1/+1
(This used to be commit 19efd83b863a8c94f509d6a933a7d5de43aa95e9)
2007-10-10r4063: - change char * -> uint8_t in struct request_bufferStefan Metzmacher14-37/+40
- change smbcli_read/write to take void * for the buffers to match read(2)/write(2) all this fixes a lot of gcc-4 warnings metze (This used to be commit b94f92bc6637f748d6f7049f4f9a30b0b8d18a7a)
2007-10-10r4062: the RAW-ACLS test now passes. The SEC_STD_DELETE bit is rather strangeAndrew Tridgell1-4/+7
though - I expect we'll need to tweak that some more. (This used to be commit e3500811b90b8423ee7694609340f394957d1160)
2007-10-10r4056: modified the access check code based on results from RAW-ACLSAndrew Tridgell1-26/+19
test. Also added generic mapping bits for pvfs. We don't pass RAW-ACLS yet, but its close. (This used to be commit c7cbd966d49a5345ea326732587555d209c531fc)
2007-10-10r4055: fixed more places to use type safe allocation macrosAndrew Tridgell6-14/+12
(This used to be commit eec698254f67365f27b4b7569fa982e22472aca1)
2007-10-10r4054: got rid of Realloc(), replacing it with the type safe macro realloc_p()Andrew Tridgell2-4/+7
(This used to be commit b0f6e21481745d1b2ced28d9ed6f09f6ffd99562)
2007-10-10r4052: fixed a bunch of code to use the type safe _p allocation macrosAndrew Tridgell3-16/+12
(This used to be commit 80d15fa3402a9d1183467463f6b21c0b674bc442)
2007-10-10r4045: readd krb5 support defaulted to disableStefan Metzmacher6-5/+17
use: gensec:krb5=yes gensec:ms_krb5=yes to enable it or -k on the client tools on the command line metze (This used to be commit 0ae5794cf44933d2554e0356baaca24c7a784f71)
2007-10-10r4044: only send supportedMech when we also send other dataStefan Metzmacher1-5/+8
metze (This used to be commit 1e0483a8482574fa0f8d7ad31cc4bf4a6155ec52)
2007-10-10r4037: fixed a bunch of "might be uninitialised" warnings after enabling -O1 ↵Andrew Tridgell2-1/+3
in my compile (This used to be commit 0928b1f5b68c858922c3ea6c27ed03b5091c6221)
2007-10-10r4034: add a function security_descriptor_create() which can be used toAndrew Tridgell1-0/+79
easily create complex security descriptors for testing. This greatly simplifies the smbtorture code I am writing for testing our new access_check code. (This used to be commit 891a8bc16af3c6ce5800e793ce4ec8b0078e444f)
2007-10-10r4025: added a sec_access_check() function for checking security descriptorsAndrew Tridgell3-39/+163
against a users security token and access_mask (This used to be commit c4d21cd4b1ccffd5aaa70a551c57f6eab1ca9c6d)
2007-10-10r4015: correct copyright attributionsAndrew Tridgell1-3/+2
(This used to be commit 078d9ab05bffc79e4f329ea18fe3dafd144d989c)
2007-10-10r4013: got rid of a bunch of unused or unmaintained codeAndrew Tridgell3-590/+25
- removed the clitar code. It is unmaintained, and a horribly badly done hack - removed client.h as it contained mostly unused definitions - removed the unused clidfs.c code (This used to be commit 31a7bddbb3815b4d625e993dbce4805dae1c18f8)
2007-10-10r4001: fix segfault fix auth failedStefan Metzmacher1-0/+3
metze (This used to be commit 6a7eee1d9917e0884072354dddae568645798da5)