Age | Commit message (Collapse) | Author | Files | Lines |
|
Upstream subunit makes a ":" after commands optional, so I've fixed any
places where we might trigger commands accidently. I've filed a bug
about this in subunit.
|
|
Don't check SEC_DESC_DACL_AUTO_INHERITED right now
Disable RAW-ACLS-INHERITFLAGS for the short term
Update samba4's knownfail accordingly
|
|
It appears some newer versions of windows return
NT_STATUS_OBJECT_NAME_NOT_FOUND on a createfile when access is denied
rather than NT_STATUS_ACCESS_DENIED. I'm not sure how this translates
to directory enumeration yet, but for now make this a parameter that
can be checked in the various torture tests.
This also gets RAW-ACLS and SMB2-CREATE passing against win7.
|
|
- Change RAW-ACLS test suite so each test can be run individually.
- Add verify_sd() and verify_attrib() helper functions.
- Change test_nttrans_create() to work for both files and directories.
- Fix a segfault in test_inheritance() when the test errors out early.
- test_sd_get_set() does not pass against XP or Vista, so it is no longer added
to the RAW-ACLS test suite.
- Minor fixes to test_inheritance().
- New INHERITFLAGS test, which tests the auto inheritance flags a bit more.
- printf -> torture_comment / torture_warning / torture_result
|
|
s4 returns group and world ACEs in the default acl, based on unix
permissions
|
|
|
|
lsa privileges calls don't expand groups. darn.
|
|
In order to implement root_fid in the s4 SMB server we need to declare
it as a handle type, just as for other fnum values in SMB. This
required some extensive (but simple) changes in many bits of code.
|
|
Jeremy.
|
|
RAW-ACL inheritance tests. Only access masks for SD get/set left to fix.
Jeremy.
|
|
Jeremy.
|
|
Jeremy.
|
|
Jeremy.
|
|
This is based on the torture test attached to bug 4284
by Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>.
metze
|
|
so that we
can add and delete ACEs for SACLs as well as for DACLs.
Guenther
(This used to be commit 947fff994181f0ae50ac76d09621ddd684873112)
|
|
security_descriptor_create().
Guenther
(This used to be commit 7dd0d28d254f78891b0807492baafa188b42df16)
|
|
(This used to be commit 566aa14139510788548a874e9213d91317f83ca9)
|
|
number in more places.
(This used to be commit df9cebcb97e20564359097148665bd519f31bc6f)
|
|
(This used to be commit e6f571227ed7428a98a7039a5eb777d3670572fa)
|
|
(This used to be commit 1319d88c099496be29dd9214fa2492c81e848369)
|
|
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
|
|
emacs compile mode (hint, paste to a file, and compile as "cat
filename").
This allowed me to fix nearly all the warnings for a IA_64 SuSE build
very quickly.
(This used to be commit eba6c84efff735bb0ca941ac4b755ce2b0591667)
|
|
enable the
unclist parameter for all tests that do two connections, to enable cluster
testing.
Volker
(This used to be commit a5d6db09244d444986f8fded3fc6e72c74c8ca1f)
|
|
(This used to be commit c954a6662de70fb36772e85b96aecf64761a66aa)
|
|
Remove some autogenerated headers (which had prototypes now autogenerated by pidl)
Remove ndr_security.h from a few places - it's no longer necessary
(This used to be commit c19c2b51d3e1ad347120b06a22bda5ec586c22e8)
|
|
security descriptor components
metze
(This used to be commit 88c57c8703565c4fb367b68e70030944d9f262e6)
|
|
- add some more checks for the w2k3 bug case
metze
(This used to be commit a55b44b96c556c5a645b493faa8d9660e1fcda67)
|
|
metze
(This used to be commit 9ec706238c173992dc938d537bdf1103bf519dbf)
|
|
(This used to be commit 3c7a5ce29108dd82210dc3e1f00414f545949e1d)
|
|
(This used to be commit 863ca4014d9b821706ee90f58ab5d5cf3899a4c7)
|
|
try to include just the BASENAME.h files (containing only structs)
(This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd)
|
|
functions for rpc out of torture/torture.c
(This used to be commit 1d2d970f3b8aef3f36c2befb94b5dd72c0086639)
|
|
- move it into the in/out substructs again
- allow file.path only on smb_fileinfo/smb_setfileinfo
metze
(This used to be commit be6d5298a2cdb7e7c61d70471bad445645af5963)
|
|
a union smb_file, to abtract
- const char *path fot qpathinfo and setpathinfo
- uint16_t fnum for SMB
- smb2_handle handle for SMB2
the idea is to later add a struct ntvfs_handle *ntvfs
so that the ntvfs subsystem don't need to know the difference between SMB and SMB2
metze
(This used to be commit 2ef3f5970901b5accdb50f0d0115b5d46b0c788f)
|
|
(This used to be commit f87debeb12cebd734b47314554ab671c9e06237e)
|
|
file dependencies
(This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
|
|
(This used to be commit c722f665c90103f3ed57621c460e32ad33e7a8a3)
|
|
torture prototypes in seperate header
(This used to be commit 73610639b23ca3743077193fa0b1de7c7f65944d)
|
|
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
|
|
(This used to be commit 0ab907af6a4c3d1adbafccdb1bd4150c491bcba4)
|
|
Thanks to lars and agruen for finding this
(This used to be commit 2acc06918574b1178eecf3d61026f84f85bb40e1)
|
|
less likely that anyone will use pstring for new code
- got rid of winbind_client.h from includes.h. This one triggered a
huge change, as winbind_client.h was including system/filesys.h and
defining the old uint32 and uint16 types, as well as its own
pstring and fstring.
(This used to be commit 9db6c79e902ec538108d6b7d3324039aabe1704f)
|
|
large commit. I thought this was worthwhile to get done for
consistency.
(This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
|
|
(This used to be commit 24ec8c4274241576683f1f6c86c33a2dfa43848c)
|
|
not do
dynamic inheritance
(This used to be commit ebe6b002843196bc6d6fadfa646aa3bc8eb27af8)
|
|
(This used to be commit f893ad9c45d6d06fa1b6f1f949a7834e7bf99ba7)
|
|
win2003. It is a
win2003 bug!
This new test code works against w2k, and against longhorn, but fails
against w2k3. When tested against w2k3 it allows a open with an access
mask that should be denied by the given ACL, after setting up the ACL
using inheritance. Note that only the very specific
SEC_RIGHTS_FILE_ALL mask incorrectly succeeds, so they must have a
special case for that mask. Maybe its an optimisation gone wrong?
I don't know if there are any serious security implications to this,
but it is pretty clearly wrong, and has been fixed in longhorn.
(This used to be commit 4f9fd767dbb5e47f3786f5acda17267d57e839e0)
|
|
(This used to be commit 5448c72ebe58e264ee772f8e1c4caee2250c328c)
|
|
(This used to be commit 1bb769196377772326151210309ff12362eb0f2f)
|
|
are inheritable
(This used to be commit e30b8d5783e073a31f738a36400fe866c970464b)
|