summaryrefslogtreecommitdiff
path: root/source4/torture/raw/acls.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r4612: make the output for the w2k3 acl bug a bit clearerAndrew Tridgell1-0/+19
(This used to be commit 24ec8c4274241576683f1f6c86c33a2dfa43848c)
2007-10-10r4596: added a dynamic inheritance ACLs test. As far as I can tell w2k3 does ↵Andrew Tridgell1-10/+148
not do dynamic inheritance (This used to be commit ebe6b002843196bc6d6fadfa646aa3bc8eb27af8)
2007-10-10r4583: print which bit failed in the owner bits checkAndrew Tridgell1-0/+4
(This used to be commit f893ad9c45d6d06fa1b6f1f949a7834e7bf99ba7)
2007-10-10r4582: finally worked out what is going on with the inherited ACLs test and ↵Andrew Tridgell1-12/+197
win2003. It is a win2003 bug! This new test code works against w2k, and against longhorn, but fails against w2k3. When tested against w2k3 it allows a open with an access mask that should be denied by the given ACL, after setting up the ACL using inheritance. Note that only the very specific SEC_RIGHTS_FILE_ALL mask incorrectly succeeds, so they must have a special case for that mask. Maybe its an optimisation gone wrong? I don't know if there are any serious security implications to this, but it is pretty clearly wrong, and has been fixed in longhorn. (This used to be commit 4f9fd767dbb5e47f3786f5acda17267d57e839e0)
2007-10-10r4463: added testing of the special SID_CREATOR_OWNER inheritance rulesAndrew Tridgell1-21/+56
(This used to be commit 5448c72ebe58e264ee772f8e1c4caee2250c328c)
2007-10-10r4401: stricter test for correct ACL inheritance in RAW-ACLSAndrew Tridgell1-2/+2
(This used to be commit 1bb769196377772326151210309ff12362eb0f2f)
2007-10-10r4389: added checking for the default inherited ACL, which is used when no ACEsAndrew Tridgell1-6/+39
are inheritable (This used to be commit e30b8d5783e073a31f738a36400fe866c970464b)
2007-10-10r4388: - allow ACE flags to be specified in security_descriptor_create()Andrew Tridgell1-0/+270
- added a test for all combinations of the inheritance ACE flags and how they are propogated to child directories and files (This used to be commit fdb38c8e4b6279137892402b21d2d52e1921e456)
2007-10-10r4147: converted from NT_USER_TOKEN to struct security_tokenAndrew Tridgell1-2/+6
this is mostly just a tidyup, but also adds the privilege_mask, which I will be using shortly in ACL checking. note that I had to move the definition of struct security_token out of security.idl as pidl doesn't yet handle arrays of pointers, and the usual workaround (to use a intermediate structure) would make things too cumbersome for this structure, especially given we never encode it to NDR. (This used to be commit 7b446af09b8050746bfc2c50e9d56aa94397cc1a)
2007-10-10r4074: make the RAW-ACLS test use the new lsa helper functions to determineAndrew Tridgell1-16/+39
the privileges of the user running the test. This allows the test to work out what the expected access masks are. (This used to be commit dcf6c297d372cfa421d757d43897f00ad1d4f5f5)
2007-10-10r4061: more additions to the RAW-ACLS test, to help me work out some details ↵Andrew Tridgell1-5/+54
for pvfs (This used to be commit 273165e53a606fa0a55ff8fb6fea440e19a7e285)
2007-10-10r4053: expanded and fixed a bug in the RAW-ACLS testAndrew Tridgell1-6/+19
(This used to be commit 0d19b4a09f4ce0b0c5e7779809c383322f4de4fc)
2007-10-10r4037: fixed a bunch of "might be uninitialised" warnings after enabling -O1 ↵Andrew Tridgell1-4/+4
in my compile (This used to be commit 0928b1f5b68c858922c3ea6c27ed03b5091c6221)
2007-10-10r4036: expanded the RAW-ACLS torture test to include tests for theAndrew Tridgell1-2/+427
generic->specific access mask mappings, and tests of the behaviour of SID_CREATOR_OWNER and SEC_FLAG_MAXIMUM_ALLOWED (This used to be commit f572fe6d29d5a318b24d71a2ebfa2baca2b79a10)
2007-10-10r4011: get rid of rpc_secdes.h and replace it with a single sane set ofAndrew Tridgell1-10/+10
definitions for security access masks, in security.idl The previous definitions were inconsistently named, and contained many duplicate and misleading entries. I kept finding myself tripping up while using them. (This used to be commit 01c0fa722f80ceeb3f81f01987de95f365a2ed3d)
2007-10-10r3835: - added testing of setting an initial ACL on a file using NTTRANS createAndrew Tridgell1-0/+92
- added support for initial ACLs in pvfs backend (This used to be commit 05ee9179f74d243aa22fa00be7873c5db76a8ad1)
2007-10-10r3830: unified the query/set security descriptor code with the rest of theAndrew Tridgell1-18/+20
queryfileinfo/setfileinfo logic, so querying/setting a security descriptor is treated as just another file query/set operation. This will allow NTVFS backends to see the query/set security descriptor operations as RAW_FILEINFO_SEC_DESC and RAW_SFILEINFO_SEC_DESC operations. (This used to be commit f68a6b6b915c37e48c42390c1e74c2d1c2636fa9)
2007-10-10r3829: added a RAW-ACLS test suite that tests query/set of ACLs on a fileAndrew Tridgell1-0/+162
(This used to be commit 2ff9816ae0ae41e0e63e4276a70d292888346dc7)