summaryrefslogtreecommitdiff
path: root/source4/torture/raw/acls.c
AgeCommit message (Collapse)AuthorFilesLines
2010-04-11subunit: Support formatting compatible with upstream subunit, for consistency.Jelmer Vernooij1-7/+7
Upstream subunit makes a ":" after commands optional, so I've fixed any places where we might trigger commands accidently. I've filed a bug about this in subunit.
2009-12-07s4 torture: Cleanup RAW-ACLS a bitTim Prouty1-2/+4
Don't check SEC_DESC_DACL_AUTO_INHERITED right now Disable RAW-ACLS-INHERITFLAGS for the short term Update samba4's knownfail accordingly
2009-12-07s4 torture: Add a new torture:hide_on_access_denied parameterTim Prouty1-7/+22
It appears some newer versions of windows return NT_STATUS_OBJECT_NAME_NOT_FOUND on a createfile when access is denied rather than NT_STATUS_ACCESS_DENIED. I'm not sure how this translates to directory enumeration yet, but for now make this a parameter that can be checked in the various torture tests. This also gets RAW-ACLS and SMB2-CREATE passing against win7.
2009-12-07s4 torture: RAW-ACL ImprovementsZack Kirsch1-268/+671
- Change RAW-ACLS test suite so each test can be run individually. - Add verify_sd() and verify_attrib() helper functions. - Change test_nttrans_create() to work for both files and directories. - Fix a segfault in test_inheritance() when the test errors out early. - test_sd_get_set() does not pass against XP or Vista, so it is no longer added to the RAW-ACLS test suite. - Minor fixes to test_inheritance(). - New INHERITFLAGS test, which tests the auto inheritance flags a bit more. - printf -> torture_comment / torture_warning / torture_result
2009-10-17s4-torture: fixed the default ACL for s4Andrew Tridgell1-13/+41
s4 returns group and world ACEs in the default acl, based on unix permissions
2009-10-17s4-torture: minor debugging enhancementsAndrew Tridgell1-3/+3
2009-10-17s4-torture: add a special check for administrators and privilegesAndrew Tridgell1-12/+12
lsa privileges calls don't expand groups. darn.
2009-10-15s4-smb: declare root_fid as a file handleAndrew Tridgell1-10/+10
In order to implement root_fid in the s4 SMB server we need to declare it as a handle type, just as for other fnum values in SMB. This required some extensive (but simple) changes in many bits of code.
2008-11-08Remove debug code added in error.Jeremy Allison1-13/+2
Jeremy.
2008-11-08Fix a subtle logic bug in the adaption of se_create_child_secdesc(), pass ↵Jeremy Allison1-5/+18
RAW-ACL inheritance tests. Only access masks for SD get/set left to fix. Jeremy.
2008-11-06Start factoring out the inheritance differences.Jeremy Allison1-1/+3
Jeremy.
2008-11-04Pass all of RAW-ACLS except for inheritence. Working on that next.Jeremy Allison1-1/+1
Jeremy.
2008-11-03Be more verbose about a directory ACL error.Jeremy Allison1-0/+5
Jeremy.
2008-10-28RAW-ACLS: test the behavior of NULL DACL vs. empty DACLStefan Metzmacher1-0/+244
This is based on the torture test attached to bug 4284 by Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>. metze
2007-12-21r25803: Make our security descriptor acl manipulation methods more generic ↵Günther Deschner1-20/+20
so that we can add and delete ACEs for SACLs as well as for DACLs. Guenther (This used to be commit 947fff994181f0ae50ac76d09621ddd684873112)
2007-12-21r25607: Allow to set security descriptor type flags at creation time withGünther Deschner1-20/+20
security_descriptor_create(). Guenther (This used to be commit 7dd0d28d254f78891b0807492baafa188b42df16)
2007-10-10r25554: Convert last instances of BOOL, True and False to the standard types.Jelmer Vernooij1-32/+32
(This used to be commit 566aa14139510788548a874e9213d91317f83ca9)
2007-10-10r25035: Fix some more warnings, use service pointer rather than service ↵Jelmer Vernooij1-1/+1
number in more places. (This used to be commit df9cebcb97e20564359097148665bd519f31bc6f)
2007-10-10r24758: More use of torture API.Jelmer Vernooij1-118/+126
(This used to be commit e6f571227ed7428a98a7039a5eb777d3670572fa)
2007-10-10r24735: Use torture API in more places.Jelmer Vernooij1-19/+9
(This used to be commit 1319d88c099496be29dd9214fa2492c81e848369)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r18301: I discovered how to load the warnings from a build farm build intoAndrew Tridgell1-5/+5
emacs compile mode (hint, paste to a file, and compile as "cat filename"). This allowed me to fix nearly all the warnings for a IA_64 SuSE build very quickly. (This used to be commit eba6c84efff735bb0ca941ac4b755ce2b0591667)
2007-10-10r16907: Add an index parameter to torture_open_connection. Next step is to ↵Volker Lendecke1-1/+1
enable the unclist parameter for all tests that do two connections, to enable cluster testing. Volker (This used to be commit a5d6db09244d444986f8fded3fc6e72c74c8ca1f)
2007-10-10r15881: fixed the RAW-ACLS test for 64 bit systems (was failing on ppc64)Andrew Tridgell1-3/+5
(This used to be commit c954a6662de70fb36772e85b96aecf64761a66aa)
2007-10-10r15328: Move some functions around, remove dependencies.Jelmer Vernooij1-1/+1
Remove some autogenerated headers (which had prototypes now autogenerated by pidl) Remove ndr_security.h from a few places - it's no longer necessary (This used to be commit c19c2b51d3e1ad347120b06a22bda5ec586c22e8)
2007-10-10r15070: test the needed access masks for read/write the differentStefan Metzmacher1-0/+209
security descriptor components metze (This used to be commit 88c57c8703565c4fb367b68e70030944d9f262e6)
2007-10-10r15066: - sync the dir_flags tests with the file_flags testsStefan Metzmacher1-4/+94
- add some more checks for the w2k3 bug case metze (This used to be commit a55b44b96c556c5a645b493faa8d9660e1fcda67)
2007-10-10r14860: create libcli/security/security.hStefan Metzmacher1-1/+1
metze (This used to be commit 9ec706238c173992dc938d537bdf1103bf519dbf)
2007-10-10r14720: Add torture_context argument to all torture testsJelmer Vernooij1-1/+1
(This used to be commit 3c7a5ce29108dd82210dc3e1f00414f545949e1d)
2007-10-10r14527: Fix build problems.Jelmer Vernooij1-0/+1
(This used to be commit 863ca4014d9b821706ee90f58ab5d5cf3899a4c7)
2007-10-10r14464: Don't include ndr_BASENAME.h files unless strictly required, insteadJelmer Vernooij1-0/+1
try to include just the BASENAME.h files (containing only structs) (This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd)
2007-10-10r14379: Build torture/rpc/ as a seperate smbtorture module. Move helperJelmer Vernooij1-0/+1
functions for rpc out of torture/torture.c (This used to be commit 1d2d970f3b8aef3f36c2befb94b5dd72c0086639)
2007-10-10r14256: - rename smb_file -> smb_handleStefan Metzmacher1-60/+60
- move it into the in/out substructs again - allow file.path only on smb_fileinfo/smb_setfileinfo metze (This used to be commit be6d5298a2cdb7e7c61d70471bad445645af5963)
2007-10-10r14173: change smb interface structures to always useStefan Metzmacher1-57/+57
a union smb_file, to abtract - const char *path fot qpathinfo and setpathinfo - uint16_t fnum for SMB - smb2_handle handle for SMB2 the idea is to later add a struct ntvfs_handle *ntvfs so that the ntvfs subsystem don't need to know the difference between SMB and SMB2 metze (This used to be commit 2ef3f5970901b5accdb50f0d0115b5d46b0c788f)
2007-10-10r13944: Yet another round of splitups.Jelmer Vernooij1-0/+1
(This used to be commit f87debeb12cebd734b47314554ab671c9e06237e)
2007-10-10r13924: Split more prototypes out of include/proto.h + initial work on headerJelmer Vernooij1-0/+1
file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
2007-10-10r12694: Move some headers to the directory of the subsystem they belong to.Jelmer Vernooij1-0/+1
(This used to be commit c722f665c90103f3ed57621c460e32ad33e7a8a3)
2007-10-10r12693: Move core data structures out of smb.h into core.hJelmer Vernooij1-0/+1
torture prototypes in seperate header (This used to be commit 73610639b23ca3743077193fa0b1de7c7f65944d)
2007-10-10r12608: Remove some unused #include lines.Jelmer Vernooij1-2/+0
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
2007-10-10r9046: fixed display of privileges in RAW-ACLS testAndrew Tridgell1-2/+2
(This used to be commit 0ab907af6a4c3d1adbafccdb1bd4150c491bcba4)
2007-10-10r6342: fixed a bad union assumption that caused ACLs to fail on 64 bit machinesAndrew Tridgell1-10/+10
Thanks to lars and agruen for finding this (This used to be commit 2acc06918574b1178eecf3d61026f84f85bb40e1)
2007-10-10r5298: - got rid of pstring.h from includes.h. This at least makes it a bitAndrew Tridgell1-1/+2
less likely that anyone will use pstring for new code - got rid of winbind_client.h from includes.h. This one triggered a huge change, as winbind_client.h was including system/filesys.h and defining the old uint32 and uint16 types, as well as its own pstring and fstring. (This used to be commit 9db6c79e902ec538108d6b7d3324039aabe1704f)
2007-10-10r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for theAndrew Tridgell1-1/+1
large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2007-10-10r4612: make the output for the w2k3 acl bug a bit clearerAndrew Tridgell1-0/+19
(This used to be commit 24ec8c4274241576683f1f6c86c33a2dfa43848c)
2007-10-10r4596: added a dynamic inheritance ACLs test. As far as I can tell w2k3 does ↵Andrew Tridgell1-10/+148
not do dynamic inheritance (This used to be commit ebe6b002843196bc6d6fadfa646aa3bc8eb27af8)
2007-10-10r4583: print which bit failed in the owner bits checkAndrew Tridgell1-0/+4
(This used to be commit f893ad9c45d6d06fa1b6f1f949a7834e7bf99ba7)
2007-10-10r4582: finally worked out what is going on with the inherited ACLs test and ↵Andrew Tridgell1-12/+197
win2003. It is a win2003 bug! This new test code works against w2k, and against longhorn, but fails against w2k3. When tested against w2k3 it allows a open with an access mask that should be denied by the given ACL, after setting up the ACL using inheritance. Note that only the very specific SEC_RIGHTS_FILE_ALL mask incorrectly succeeds, so they must have a special case for that mask. Maybe its an optimisation gone wrong? I don't know if there are any serious security implications to this, but it is pretty clearly wrong, and has been fixed in longhorn. (This used to be commit 4f9fd767dbb5e47f3786f5acda17267d57e839e0)
2007-10-10r4463: added testing of the special SID_CREATOR_OWNER inheritance rulesAndrew Tridgell1-21/+56
(This used to be commit 5448c72ebe58e264ee772f8e1c4caee2250c328c)
2007-10-10r4401: stricter test for correct ACL inheritance in RAW-ACLSAndrew Tridgell1-2/+2
(This used to be commit 1bb769196377772326151210309ff12362eb0f2f)
2007-10-10r4389: added checking for the default inherited ACL, which is used when no ACEsAndrew Tridgell1-6/+39
are inheritable (This used to be commit e30b8d5783e073a31f738a36400fe866c970464b)