Age | Commit message (Collapse) | Author | Files | Lines |
|
This is based on the torture test attached to bug 4284
by Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>.
metze
|
|
so that we
can add and delete ACEs for SACLs as well as for DACLs.
Guenther
(This used to be commit 947fff994181f0ae50ac76d09621ddd684873112)
|
|
security_descriptor_create().
Guenther
(This used to be commit 7dd0d28d254f78891b0807492baafa188b42df16)
|
|
(This used to be commit 566aa14139510788548a874e9213d91317f83ca9)
|
|
number in more places.
(This used to be commit df9cebcb97e20564359097148665bd519f31bc6f)
|
|
(This used to be commit e6f571227ed7428a98a7039a5eb777d3670572fa)
|
|
(This used to be commit 1319d88c099496be29dd9214fa2492c81e848369)
|
|
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
|
|
emacs compile mode (hint, paste to a file, and compile as "cat
filename").
This allowed me to fix nearly all the warnings for a IA_64 SuSE build
very quickly.
(This used to be commit eba6c84efff735bb0ca941ac4b755ce2b0591667)
|
|
enable the
unclist parameter for all tests that do two connections, to enable cluster
testing.
Volker
(This used to be commit a5d6db09244d444986f8fded3fc6e72c74c8ca1f)
|
|
(This used to be commit c954a6662de70fb36772e85b96aecf64761a66aa)
|
|
Remove some autogenerated headers (which had prototypes now autogenerated by pidl)
Remove ndr_security.h from a few places - it's no longer necessary
(This used to be commit c19c2b51d3e1ad347120b06a22bda5ec586c22e8)
|
|
security descriptor components
metze
(This used to be commit 88c57c8703565c4fb367b68e70030944d9f262e6)
|
|
- add some more checks for the w2k3 bug case
metze
(This used to be commit a55b44b96c556c5a645b493faa8d9660e1fcda67)
|
|
metze
(This used to be commit 9ec706238c173992dc938d537bdf1103bf519dbf)
|
|
(This used to be commit 3c7a5ce29108dd82210dc3e1f00414f545949e1d)
|
|
(This used to be commit 863ca4014d9b821706ee90f58ab5d5cf3899a4c7)
|
|
try to include just the BASENAME.h files (containing only structs)
(This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd)
|
|
functions for rpc out of torture/torture.c
(This used to be commit 1d2d970f3b8aef3f36c2befb94b5dd72c0086639)
|
|
- move it into the in/out substructs again
- allow file.path only on smb_fileinfo/smb_setfileinfo
metze
(This used to be commit be6d5298a2cdb7e7c61d70471bad445645af5963)
|
|
a union smb_file, to abtract
- const char *path fot qpathinfo and setpathinfo
- uint16_t fnum for SMB
- smb2_handle handle for SMB2
the idea is to later add a struct ntvfs_handle *ntvfs
so that the ntvfs subsystem don't need to know the difference between SMB and SMB2
metze
(This used to be commit 2ef3f5970901b5accdb50f0d0115b5d46b0c788f)
|
|
(This used to be commit f87debeb12cebd734b47314554ab671c9e06237e)
|
|
file dependencies
(This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
|
|
(This used to be commit c722f665c90103f3ed57621c460e32ad33e7a8a3)
|
|
torture prototypes in seperate header
(This used to be commit 73610639b23ca3743077193fa0b1de7c7f65944d)
|
|
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
|
|
(This used to be commit 0ab907af6a4c3d1adbafccdb1bd4150c491bcba4)
|
|
Thanks to lars and agruen for finding this
(This used to be commit 2acc06918574b1178eecf3d61026f84f85bb40e1)
|
|
less likely that anyone will use pstring for new code
- got rid of winbind_client.h from includes.h. This one triggered a
huge change, as winbind_client.h was including system/filesys.h and
defining the old uint32 and uint16 types, as well as its own
pstring and fstring.
(This used to be commit 9db6c79e902ec538108d6b7d3324039aabe1704f)
|
|
large commit. I thought this was worthwhile to get done for
consistency.
(This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
|
|
(This used to be commit 24ec8c4274241576683f1f6c86c33a2dfa43848c)
|
|
not do
dynamic inheritance
(This used to be commit ebe6b002843196bc6d6fadfa646aa3bc8eb27af8)
|
|
(This used to be commit f893ad9c45d6d06fa1b6f1f949a7834e7bf99ba7)
|
|
win2003. It is a
win2003 bug!
This new test code works against w2k, and against longhorn, but fails
against w2k3. When tested against w2k3 it allows a open with an access
mask that should be denied by the given ACL, after setting up the ACL
using inheritance. Note that only the very specific
SEC_RIGHTS_FILE_ALL mask incorrectly succeeds, so they must have a
special case for that mask. Maybe its an optimisation gone wrong?
I don't know if there are any serious security implications to this,
but it is pretty clearly wrong, and has been fixed in longhorn.
(This used to be commit 4f9fd767dbb5e47f3786f5acda17267d57e839e0)
|
|
(This used to be commit 5448c72ebe58e264ee772f8e1c4caee2250c328c)
|
|
(This used to be commit 1bb769196377772326151210309ff12362eb0f2f)
|
|
are inheritable
(This used to be commit e30b8d5783e073a31f738a36400fe866c970464b)
|
|
- added a test for all combinations of the inheritance ACE flags and how
they are propogated to child directories and files
(This used to be commit fdb38c8e4b6279137892402b21d2d52e1921e456)
|
|
this is mostly just a tidyup, but also adds the privilege_mask, which
I will be using shortly in ACL checking.
note that I had to move the definition of struct security_token out of
security.idl as pidl doesn't yet handle arrays of pointers, and the
usual workaround (to use a intermediate structure) would make things
too cumbersome for this structure, especially given we never encode it
to NDR.
(This used to be commit 7b446af09b8050746bfc2c50e9d56aa94397cc1a)
|
|
the privileges of the user running the test. This allows the test to
work out what the expected access masks are.
(This used to be commit dcf6c297d372cfa421d757d43897f00ad1d4f5f5)
|
|
for pvfs
(This used to be commit 273165e53a606fa0a55ff8fb6fea440e19a7e285)
|
|
(This used to be commit 0d19b4a09f4ce0b0c5e7779809c383322f4de4fc)
|
|
in my compile
(This used to be commit 0928b1f5b68c858922c3ea6c27ed03b5091c6221)
|
|
generic->specific access mask mappings, and tests of the behaviour of
SID_CREATOR_OWNER and SEC_FLAG_MAXIMUM_ALLOWED
(This used to be commit f572fe6d29d5a318b24d71a2ebfa2baca2b79a10)
|
|
definitions for security access masks, in security.idl
The previous definitions were inconsistently named, and contained many
duplicate and misleading entries. I kept finding myself tripping up
while using them.
(This used to be commit 01c0fa722f80ceeb3f81f01987de95f365a2ed3d)
|
|
- added support for initial ACLs in pvfs backend
(This used to be commit 05ee9179f74d243aa22fa00be7873c5db76a8ad1)
|
|
queryfileinfo/setfileinfo logic, so querying/setting a security
descriptor is treated as just another file query/set operation.
This will allow NTVFS backends to see the query/set security
descriptor operations as RAW_FILEINFO_SEC_DESC and
RAW_SFILEINFO_SEC_DESC operations.
(This used to be commit f68a6b6b915c37e48c42390c1e74c2d1c2636fa9)
|
|
(This used to be commit 2ff9816ae0ae41e0e63e4276a70d292888346dc7)
|