Age | Commit message (Collapse) | Author | Files | Lines |
|
This removes the duplicate named SEC_RIGHTS_MAXIMUM_ALLOWED and
SEC_RIGHTS_FULL_CONTROL, which are just other names for
SEC_FLAG_MAXIMUM_ALLOWED and SEC_RIGHTS_FILE_ALL. The latter names
match the new naming conventions in security.idl
Also added names for the generic->specific mappings for files are
directories
(This used to be commit 17a4e0b3aca227b40957ed1e0c57e498debc6ddf)
|
|
definitions for security access masks, in security.idl
The previous definitions were inconsistently named, and contained many
duplicate and misleading entries. I kept finding myself tripping up
while using them.
(This used to be commit 01c0fa722f80ceeb3f81f01987de95f365a2ed3d)
|
|
w2k3 trust
metze
(This used to be commit 5101cd51a24fdcda8dd8fc4da446782948290f9b)
|
|
- add idl for drsuapi_DsReplicaSync() not yet complete
- just return WERR_OK for the drsuapi_DsReplicaSync() server function
metze
(This used to be commit e896925ac0b58bd48b5b9cc2d675682409d09ae1)
|
|
metze
(This used to be commit 87a92d3d5c7c2ab0bc07a9fb101022b3db1d637b)
|
|
metze
(This used to be commit 56c66f4a090b1efca011fc2fc9880c4d93da164c)
|
|
(This used to be commit 9da455ed56ebc167f295b231c2730e3ff9c94617)
|
|
metze
(This used to be commit 44f168c44de908fdf38b39aae8bf10e80206410a)
|
|
metze
(This used to be commit 42b9f0bd476f2175e856ea8f79577eb9eda905e2)
|
|
- added support for sticky write times after a setfileinfo, by using a
write_time field in the DosAttrib xattr structure.
(This used to be commit 4a52fae82d8305e999f94f1947daa21dab54cdfd)
|
|
service
metze
(This used to be commit 07803f28863db72a7691766da912878459eec70a)
|
|
that works only on SCHANNEL secured connections (as it needs the
implicit credentials).
Fix some of the IDL.
Andrew Bartlett
(This used to be commit 90cd7b34cc18e758e939e0183281b7a517d728f0)
|
|
to make DsWriteAccountSpn() work
- add idl and torture test for DsWriteAccountSpn()
metze
(This used to be commit 625826ad9050c68407ae5e8abfee13699986303c)
|
|
names and other assistance from the ethereal sources.
More work needs to be done to validate some of the levels, which do
not appear in the query - perhaps they are modification levels.
Andrew Bartlett
(This used to be commit 63635533693fa364b0c697a3fe1010b3eb8b17d3)
|
|
seem to be 'shortcut' RPCs, that just avoid an open/query pair).
Rename a few others to give us a slightly sensible pattern.
Andrew Bartlett
(This used to be commit d6a7ab57e74ab89dd163d5f9f5f901e586b0aad4)
|
|
metze
(This used to be commit 1ffabbaa667c7dec6657ec523f92f072a2a47a95)
|
|
output on LSA.
Andrew Bartlett
(This used to be commit e3dce0f5be9d43d84d60e8402344dadd079f1e47)
|
|
* Add new IDL to LSA, to query information about trusted domains (for
cross-check with SamSync).
Andrew Bartlett
(This used to be commit 174c0778421b5154ff2ba809688ea6ef38a1478b)
|
|
* Add new tests for ACCOUNTs in SamSync
* Clean up names in NETLOGON and LSA
* Verify Security Descriptors against LSA, as well as SamR
Andrew Bartlett
(This used to be commit 7094502fe0346255a89667f702289b4c8dc9fa08)
|
|
some other minor fixes
(This used to be commit 9fca748fe3c12af83a006f1d0821aa560d08fc95)
|
|
(This used to be commit 4840eaeed3cfd72026babb382f26929c29702713)
|
|
verify that the security descriptor found in the SamSync is the same
as what is available over SAMR.
Unfortunately, the administrator seems unable to retrieve the SACL on
the security descriptor, so I've added a new function to compare with
a mask.
Andrew Bartlett
(This used to be commit 39ae5e1dac31a22086be50fb23261e02be877f3f)
|
|
for ACLs
(This used to be commit db72290bbe87644a89385c465855629a1f881e4f)
|
|
the GUI ACL editor on w2k to
correctly display names instead of SIDs.
(This used to be commit fdaa753578c7b80806d4040ed131f87ddbf988e0)
|
|
(This used to be commit 17911eea5995c12a2300dd3928612c77f8f0883e)
|
|
based on the current nttoken, which is completely wrong, but works as a start.
The ACL is stored in the xattr system.DosAcl, using a NDR encoded IDL
union with a version number to allow for future expansion.
pvfs does not yet check the ACL for file access. At the moment the ACL
is just query/set.
We also need to do some RPC work to allow the windows ACL editor to be
used. At the moment is queries the ACL fine, but displays an error
when it fails to map the SIDs via rpc.
(This used to be commit 3a1f20d874ab2d8b2a2f2485b7a705847abf1263)
|
|
(This used to be commit 2ff9816ae0ae41e0e63e4276a70d292888346dc7)
|
|
- move dom_sid, security_descriptor, security_* funtions to one place
and rename some of them
metze
(This used to be commit b620bdd672cfdf0e009492e648b0709e6b6d8596)
|
|
Andrew Bartlett
(This used to be commit 90398fda41dd15480899e3628df186eb02fdc139)
|
|
call has an optional sec_desc and ea_list.
(This used to be commit 8379ad14e3d51a848a99865d9ce8d56a301e8a3c)
|
|
This compares values for the domain and for secrets. We still have
some problems we need to sort out for secrets.
Also rename a number of structures in samr.idl and netlogon.idl, to
better express their consistancy.
Andrew Bartlett
(This used to be commit 3f52fa3a42b030c9aef21c8bd88aad87a0aae078)
|
|
The trickiest part about this was getting the sharing and locking
rules right, as alternate streams are separate locking spaces from the
main file for the purposes of byte range locking, and separate for
most share violation rules.
I suspect there are still problems with delete on close with alternate
data streams. I'll look at that next.
(This used to be commit b6452c4a2068cf7e837778559da002ae191b508a)
|
|
(the IDL, and the load/save meta-data logic)
- changed pvfs_resolve_name() to default to non-wildcard, needing
PVFS_RESOLVE_WILDCARD to enable wildcards. Most callers don't want
wildcards, so defaulting this way makes more sense.
- fixed deletion of EAs
(This used to be commit e7afd4403cc1b7e0928776929f8988aa6f15640b)
|
|
NETLOGON.
In particular, rename samr_Name to samr_String - given that many
strings in this pipe are not 'names', the previous was just confusing.
(I look forward to PIDL turning these into simple char * some day...).
Also export out a few changes from testjoin.c to allow for how I have
written the new RPC-SAMSYNC test.
Andrew Bartlett
(This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
|
|
We now (for the first time) start to parse the 'user sensitive info'
field, which reveals the user's NT and LM passwords from Win2k3.
Using this, the 'validate samsync against netlogon' portion of the
tests works for accounts.
Trusted domains and secrets are now retreived, but like users,
require further cross-validation work.
Andrew Bartlett
(This used to be commit c1d3794cad8b001661b48ecb05df5c38a69be92c)
|
|
- Work on server side and local COM support (should work, just no
example classes yet)
- Use vtables so that local and remote calls can be used transparently
- Generate 'proxies and stubs' rather then heavily modified code in client.pm and server.pm. proxies (client side code) are generated in proxy.pm, stubs (server side dispatchers) are generated in stubs.pm
- Support registering classes and interfaces
- DCOM interfaces no longer have to be in the same IDL file as their
base interface, which will allow us to split up dcom.idl
(This used to be commit 7466947a23985f9bb15209b67880f7b94dc515c8)
|
|
Break out the samsync tests from RPC-NETLOGON into a new RPC-SAMSYNC,
that will cross-verify all the values.
Add support for the way netlogon credentials are shared between the
pipe that sets up schannel and the pipe that is encrypted with it.
Test this support, by calling both NETLOGON and SAMR operations in the
RPC-SCHANNEL test.
Move some of the Netlogon NEG flags into the .idl, now we have an idea
what a few of them really are.
Rename the sam_pwd_hash into a name that has meaning (all other crypto
functions were renamed in Samba4 ages ago).
Break out NTLMv2 functionality for operation on the NT hash - I intend
to do NTLMv2 logins in the samsync test in future, and naturally I
only have the hash.
Andrew Bartlett
(This used to be commit 6e6cc6fb9842113a1b0c7f6904dac709b320a6e5)
|
|
(This used to be commit 7484b9be7423ccd7e37432951700939e8a53d513)
|
|
(This used to be commit e7b67ff22fe0a76afc93ee522b253eaf5dccb11d)
|
|
(This used to be commit 709f279b192c8f9eeea04749169c00f2d57b20d3)
|
|
The torture test DCOM-SIMPLE now successfully does an
IStream_Read and a IStream_Write call.
This test can now be run successfully against the "Simple DCOM" Visual
Studio example.
(You have to quote out line 337 in pidl. pidl complains if the variable
that contains the array size follows the array. I still need to fix this
properly)
Next goals:
- Clean up code
- Server side support
- Support custom marshalling
- Support DCOM interfaces in files other then dcom.idl
(This used to be commit 8693344772a9b700533179f4bacfe27ec27dfcfe)
|
|
- OXID tables work now. IOXIDResolver is used if there is used for getting a STRINGBINDING if none is known yet
- Add custom dissectors for STRINGARRAY and DUALSTRINGARRAY. If there's a way to get rid of these later on (by supporting them thru pidl somehow), I'd be happy to use that instead of doing it manually.
I can now get to the point where we have created an object and are connected to
it. The only thing left to do is being able to set the Object UUID properly..
(This used to be commit 54e1e5edca50d3cd496c080715e84ec62cb2a10c)
|
|
use of contexts.
(This used to be commit 93eb3cd99c4fb065a69eabcead0c33804259c976)
|
|
open->generic ntvfs mapping code.
(This used to be commit ed844192d7f7ed487290f719df65f256a5b0b9bc)
|
|
This concludes the proper fixes.
Andrew Bartlett
(This used to be commit c1d025793f2994c8f1cab304c3394ab186654071)
|
|
Andrew Bartlett
(This used to be commit f1d0bb409a481aeb094c586458f2b05576d2bef8)
|
|
stored in posix xattrs
(This used to be commit bad6a88371264cffce2bf5d6ce904b7b357081de)
|
|
attributes of files.
I decided to use IDL/NDR to encode the attribute, as it gives us a
simple way to describe and extend the saved attributes.
The xattr code needs to hook into quite a few more places in the pvfs
code, but this at least gets the basics done. I will start encoding
alternate data streams streams, DOS EAs etc soon using the same basic
mechanism.
I'll probably stick to "version 1" for the xattr.idl for quite a while
even though it will be changing, as I don't expect anyone to be
deploying this in production just yet. Once we have production users
we will need to keep compatibility by supporting all the old version
numbers in xattr.idl.
(This used to be commit c54253ed1b7dce1d14f43e747da61089aea87094)
|
|
(This used to be commit 6fab01df000a126d2d01c41ead952d027f755309)
|
|
and then possibly does a epm_Map call().
ncacn_np now also uses dcerpc_epm_map_binding()
(This used to be commit 77eec3fa18dbbf4d774ccf04c7a38b0887f26ca6)
|