Age | Commit message (Collapse) | Author | Files | Lines |
|
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
If an ace has the PRINCIPAL_SELF as trustee, this sid has to be replaced with
the onjectSid of the object being checked. PRINCIPAL_SELF is the way to grant rights
to an account over itself.
|
|
We need to create a blob of the right length
|
|
|
|
|
|
- Add a torture_setup_dir() equivalent in SMB2, called smb2_util_setup_dir().
- Add verify_sd() and verify_attrib() helper functions for SMB2.
|
|
|
|
Signed-off-by: Tim Prouty <tprouty@samba.org>
|
|
- reserve a new Samba OID for recalculate SD control
- fix the update SD function
- fix handling of kvno in the update_machine_account_password function
- fix handling of handles in RPC winreg server
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
- Reoder them
- Add some new ones (needed for the security descriptor in the provision script)
|
|
The lock.in.reserved field has been renamed lock_sequence in the
SMB 2.1 dialect. See MS-SMB 2.2.26.
|
|
Set the SMB pid to the Unix pid of the client process.
|
|
|
|
This macro encompasses all possible file notifications that can
be raised.
|
|
|
|
Fixed sd creation not working on LDAP modify.
Fixed incorrect replacement of CO and CG.
Fixed incorrect access check on modify for SD modification.
Fixed failing sec_descriptor test and enabled it.
Fixed failing sd add test in ldap.python
|
|
This patch, inspired by a patche by Endi S. Dewata
<edewata@redhat.com>, allows this control to be passed to the LDAP
backend.
Andrew Bartlett
|
|
At this point, support for checks on LDAP add, delete, rename and modify.
Old kludge_acl is still there to handle the searches.
This module is synchronous as the async version was impossible to debug,
will be converted to async after some user testing.
|
|
Also, added some logging. It needs improvement, possibly ability to
turn in on and off via configuration file.
|
|
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
This one didn't matter until the root_fid changed the alignment of the
two structures.
|
|
In order to implement root_fid in the s4 SMB server we need to declare
it as a handle type, just as for other fnum values in SMB. This
required some extensive (but simple) changes in many bits of code.
|
|
For KERBEROS applications the realm should be upcase (function "lp_realm") but
for DNS ones it should be used lowcase (function "lp_dnsdomain"). This patch
implements the use of both in the right way.
|
|
|
|
* Add chained NTCREATEX_READX test which first tries to open/read
a non-existant file failing on the open, then attempts the same
operation on a file that does exist, opening and reading
successfully.
* Add test for open_dispositions on directories.
|
|
I've ported all applicable SMB oplock torture tests to SMB2, giving us
a good base for SMB2 oplock testing.
There are several differences between oplocks in SMB and SMB2, mostly
because of differences in W2K3 and W2K8. The existing SMB oplock
tests all pass against W2K3, but several fail against W2K8. These
same tests were failing in SMB2, util I reworked them.
BATCH19, BATCH20: In W2K3/SMB a setfileinfo - rename command wouldn't
cause a sharing violation or break an existing oplock. It appears that
in W2K8/SMB2 a sharing violation is raised.
BATCH22: In W2K3/SMB when a second opener was waiting the full timeout
of an oplock break, it would receive NT_STATUS_SHARING_VIOLATION after
about 35 seconds. This bug has been fixed in W2K8/SMB2 and instead
the second opener succeeds.
LEVELII500: Added 1 new test checking that the server returns a proper
error code when a client improperly replies to a levelII to none break
notification.
STREAM1: W2K8 now grants oplocks on alternate data streams.
|
|
Thanks for Nadya and Metze for this. The SDs were being created with
invalid fields (noticed by w2k8-r2 client when joining our domain)
|
|
|
|
Currently disabled. The search will be greatly modified,
also the object tree stuff will be simplified.
|
|
TODO's:
ACE sorting and clarifying the inheritance of object specific ace's.
|
|
We were creating the name resolution context as a child of lp_ctx,
which meant when we gave up on a connection the timer on name
resolution kept running, and when it timed out the callback crashed as
the socket was already removed.
|
|
Fix bug #6723
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
This will be used as a simple way to lock down DRS replication to
administrators and domain controllers
|
|
This starts the process to have Samba4 use lmhosts.
Andrew Bartlett
|
|
When tracking down complex connection problems its useful knowing what
name lookups failed.
|
|
It is a pretty odd thing to do, and it's only because of the
restrictions of DIGEST-MD5 in Cyrus SASL that we do it.
Andrew Bartlett
|
|
I want to use this in source3/smbd/
metze
|
|
This will hold code that's shared between source3 and source4.
metze
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
These references were triggering the ambiguous talloc_free errors from
the recent talloc changes when the server is run using the 'standard'
process model instead of the 'single' process model. I am aiming to
move the build farm to use the 'standard' process model soon, as part
of an effort to make our test environment better match the real
deployment of Samba4.
The references are not needed as the way that the event context is
used is as the 'top parent', so when the event context is freed then
all of the structures that were taking a reference to the event
context were actually freed as well, thus making the references
redundent.
|
|
|
|
LDAP server)
|