summaryrefslogtreecommitdiff
path: root/source4/libcli
AgeCommit message (Collapse)AuthorFilesLines
2009-12-31py/security: Add test for dom_sid.split.Jelmer Vernooij1-3/+8
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-17Fixed incorrect checking of PRINCIPAL_SELF permissions.Nadezhda Ivanova1-3/+12
If an ace has the PRINCIPAL_SELF as trustee, this sid has to be replaced with the onjectSid of the object being checked. PRINCIPAL_SELF is the way to grant rights to an account over itself.
2009-12-10s4-libcli: GUID_from_ndr_blob() is strict about the blob sizeAndrew Tridgell1-2/+4
We need to create a blob of the right length
2009-12-10s4-libcli: use GUID_to_ndr_blob()Andrew Tridgell2-11/+9
2009-12-10s4-libcli: use new GUID functions in libcliAndrew Tridgell3-18/+9
2009-12-07s4 torure: Add SMB2 utility functionsZack Kirsch1-0/+1
- Add a torture_setup_dir() equivalent in SMB2, called smb2_util_setup_dir(). - Add verify_sd() and verify_attrib() helper functions for SMB2.
2009-12-07s4/libcli: add define for exclusive lock modeSteven Danneman1-0/+1
2009-12-03s4 torture: Add lockread_supported based off of CAP_LOCK_AND_READZachary Loafman2-0/+4
Signed-off-by: Tim Prouty <tprouty@samba.org>
2009-11-28s4: fix SD update and password change in upgrade scriptMatthieu Patou1-0/+20
- reserve a new Samba OID for recalculate SD control - fix the update SD function - fix handling of kvno in the update_machine_account_password function - fix handling of handles in RPC winreg server Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-11-27s4:security/sddl - rework of the security descriptor abbreviationsMatthias Dieter Wallnöfer1-28/+33
- Reoder them - Add some new ones (needed for the security descriptor in the provision script)
2009-11-25s4/libcli: rename previously reserved field in SMB2 LOCK structSteven Danneman2-2/+2
The lock.in.reserved field has been renamed lock_sequence in the SMB 2.1 dialect. See MS-SMB 2.2.26.
2009-11-25s4/libcli: Initialize client PID for SMB2 connectionsSteven Danneman3-0/+6
Set the SMB pid to the Unix pid of the client process.
2009-11-19s4:ldbcli - Added encoder/decoder for relax control.Endi S. Dewata1-2/+20
2009-11-17s4/libcli: add a FILE_NOTIFY_CHANGE_ALL macroAravind Srinivasan1-0/+8
This macro encompasses all possible file notifications that can be raised.
2009-11-17Fixed incorrect SID for RAS Servers.Nadezhda Ivanova2-1/+2
2009-11-15Fixed some major bugs in inheritance and access checks.Nadezhda Ivanova1-13/+16
Fixed sd creation not working on LDAP modify. Fixed incorrect replacement of CO and CG. Fixed incorrect access check on modify for SD modification. Fixed failing sec_descriptor test and enabled it. Fixed failing sd add test in ldap.python
2009-11-12s4:libcli/ldap Add 'relax' OID to known network representationsAndrew Bartlett1-0/+2
This patch, inspired by a patche by Endi S. Dewata <edewata@redhat.com>, allows this control to be passed to the LDAP backend. Andrew Bartlett
2009-11-05Version 1.0 of the directory service acls module.Nadezhda Ivanova2-47/+60
At this point, support for checks on LDAP add, delete, rename and modify. Old kludge_acl is still there to handle the searches. This module is synchronous as the async version was impossible to debug, will be converted to async after some user testing.
2009-11-03Fixed some missing flags and bugs in the security creation.Nadezhda Ivanova1-11/+47
Also, added some logging. It needs improvement, possibly ability to turn in on and off via configuration file.
2009-11-03Fixed a bug in object specific access checks.Nadezhda Ivanova1-2/+4
2009-10-22s4:libcli/security/access_check - Add "const" in front of "type"Matthias Dieter Wallnöfer1-1/+1
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-10-17s4-acl: SEC_FLAG_MAXIMUM_ALLOWED doesn't auto-apply privilege access masksAndrew Tridgell1-6/+2
2009-10-17s4-security: honor more of the privilege access bitsAndrew Tridgell1-4/+12
2009-10-15s4-libcli: fixed structure element bug in ntcreatexreadxAndrew Tridgell1-1/+1
This one didn't matter until the root_fid changed the alignment of the two structures.
2009-10-15s4-smb: declare root_fid as a file handleAndrew Tridgell4-7/+7
In order to implement root_fid in the s4 SMB server we need to declare it as a handle type, just as for other fnum values in SMB. This required some extensive (but simple) changes in many bits of code.
2009-10-14s4: Changes the old occurences of "lp_realm" in "lp_dnsdomain" where neededMatthias Dieter Wallnöfer1-1/+3
For KERBEROS applications the realm should be upcase (function "lp_realm") but for DNS ones it should be used lowcase (function "lp_dnsdomain"). This patch implements the use of both in the right way.
2009-10-02s4: fix various warnings (not "const" related ones)Matthias Dieter Wallnöfer3-6/+5
2009-10-01s4/torture: Add two new SMB RAW-OPEN testsAravind Srinivasan2-0/+126
* Add chained NTCREATEX_READX test which first tries to open/read a non-existant file failing on the open, then attempts the same operation on a file that does exist, opening and reading successfully. * Add test for open_dispositions on directories.
2009-10-01s4/torture: Ported SMB oplock torture tests to SMB2Steven Danneman1-0/+9
I've ported all applicable SMB oplock torture tests to SMB2, giving us a good base for SMB2 oplock testing. There are several differences between oplocks in SMB and SMB2, mostly because of differences in W2K3 and W2K8. The existing SMB oplock tests all pass against W2K3, but several fail against W2K8. These same tests were failing in SMB2, util I reworked them. BATCH19, BATCH20: In W2K3/SMB a setfileinfo - rename command wouldn't cause a sharing violation or break an existing oplock. It appears that in W2K8/SMB2 a sharing violation is raised. BATCH22: In W2K3/SMB when a second opener was waiting the full timeout of an oplock break, it would receive NT_STATUS_SHARING_VIOLATION after about 35 seconds. This bug has been fixed in W2K8/SMB2 and instead the second opener succeeds. LEVELII500: Added 1 new test checking that the server returns a proper error code when a client improperly replies to a levelII to none break notification. STREAM1: W2K8 now grants oplocks on alternate data streams.
2009-09-28s4-acl: fixed SD creationAndrew Tridgell1-12/+22
Thanks for Nadya and Metze for this. The SDs were being created with invalid fields (noticed by w2k8-r2 client when joining our domain)
2009-09-24Fixed a dereferenced null pointer.Nadezhda Ivanova1-16/+14
2009-09-21Initial Implementation of the DS objects access checks.Nadezhda Ivanova4-1/+252
Currently disabled. The search will be greatly modified, also the object tree stuff will be simplified.
2009-09-20Initial implementation of security descriptor creation in DSNadezhda Ivanova1-4/+348
TODO's: ACE sorting and clarifying the inheritance of object specific ace's.
2009-09-19s4-resolve: fixed a crash bug on timeoutAndrew Tridgell4-6/+8
We were creating the name resolution context as a child of lp_ctx, which meant when we gave up on a connection the timer on name resolution kept running, and when it timed out the callback crashed as the socket was already removed.
2009-09-17pyldb: Don't segfault when invalid type is specified to as_sddl and from_sddl.Matthieu Patou1-0/+17
Fix bug #6723
2009-09-16Owner and group defaulting.Nadezhda Ivanova2-1/+118
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-09-15s4-security: added a new security level SECURITY_DOMAIN_CONTROLLERAndrew Tridgell2-0/+10
This will be used as a simple way to lock down DRS replication to administrators and domain controllers
2009-09-15libcli:nbt make the lmhosts parsing code and dependicies commonAndrew Bartlett1-43/+0
This starts the process to have Samba4 use lmhosts. Andrew Bartlett
2009-09-11s4/libcli: when we get a DNS lookup failure show the nameAndrew Tridgell1-0/+2
When tracking down complex connection problems its useful knowing what name lookups failed.
2009-08-17s4:libcli/ldap Explain why we set a hostname for ldapi:// connectionsAndrew Bartlett1-1/+3
It is a pretty odd thing to do, and it's only because of the restrictions of DIGEST-MD5 in Cyrus SASL that we do it. Andrew Bartlett
2009-08-12libcli/smb: move smb2_create_blob code to libcli/smb/Stefan Metzmacher3-165/+2
I want to use this in source3/smbd/ metze
2009-08-12libcli: move some common SMB and SMB2 stuff into libcli/smb/Stefan Metzmacher3-177/+1
This will hold code that's shared between source3 and source4. metze
2009-08-07s4:libcli/smb2: move SMB2_GETINFO_* flags into smb2_constants.hStefan Metzmacher2-6/+6
metze
2009-08-07s4:libcli/smb2: remove unused and redundant SMB2 security flagsStefan Metzmacher1-6/+0
metze
2009-08-07s4:libcli: move SMB2 Find constants to smb2_constants.hStefan Metzmacher2-16/+16
metze
2009-08-07s4:libcli/raw: we don't need to include "smb.h" explicitStefan Metzmacher4-4/+0
metze
2009-08-07s4:libcli/raw: also include smb2_constants.h into interfaces.hStefan Metzmacher1-1/+2
metze
2009-08-07fixed several places that unnecessarily take a reference to the event contextAndrew Tridgell5-12/+7
These references were triggering the ambiguous talloc_free errors from the recent talloc changes when the server is run using the 'standard' process model instead of the 'single' process model. I am aiming to move the build farm to use the 'standard' process model soon, as part of an effort to make our test environment better match the real deployment of Samba4. The references are not needed as the way that the event context is used is as the 'top parent', so when the event context is freed then all of the structures that were taking a reference to the event context were actually freed as well, thus making the references redundent.
2009-08-05handle large directories in smb2_deltree()Andrew Tridgell1-36/+42
2009-07-31Adds new error codes (needed for enhancing error messages for SAMBA 4 AD ↵Matthias Dieter Wallnöfer1-1/+1
LDAP server)