summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2010-03-05s4:libcli/wrepl: use UTIL_TEVENTStefan Metzmacher2-1/+2
metze
2010-03-05s4:libcli/wrepl: avoid neested named structuresStefan Metzmacher1-15/+19
metze
2010-03-05s4:torture/nbt: avoid the usage of wrepl_pull_table_send()Stefan Metzmacher1-3/+6
metze
2010-03-05s4:kcc - Change some counter variables to be unsignedMatthias Dieter Wallnöfer2-4/+5
The upper limits are unsigned variables therefore also the counter variables need to be like that.
2010-03-05s4:samdb_privilege.c - Change two counter variables to unsignedMatthias Dieter Wallnöfer1-2/+3
Also here in both cases the unsigned counter fits better than the signed one.
2010-03-05s4:cracknames - Change two counter variables to unsignedMatthias Dieter Wallnöfer1-2/+2
In both cases the unsigned counter fits better: - in the first one since we are counting LDB objects starting from 0 - in the second since we are counting an array starting from 0
2010-03-05s4-pvfs_sys: build on systems without O_NOFOLLOW or O_DIRECTORYAndrew Tridgell1-4/+22
2010-03-05s4-pvfs_sys: talloc_free should be before errno restoreAndrew Tridgell1-13/+13
talloc can potentially change the errno
2010-03-05s4-pvfs: use pvfs_sys_fchmod()Andrew Tridgell3-4/+4
2010-03-05s4-pvfs: set default for perm override based on system featuresAndrew Tridgell1-1/+9
If the system has O_NOFOLLOW and O_DIRECTORY then we allow for overrides by default. If not, then we disable by default, as we will be more vulnerable to symlink attacks
2010-03-05s4-pvfs: use O_FOLLOW one level at a time for security overridesAndrew Tridgell1-37/+357
To prevent symlink attacks we need to use O_NOFOLLOW one level at a time when processing a root security override
2010-03-05s4-pvfs: use pvfs_sys_*() functions to wrap posix callsAndrew Tridgell5-20/+20
This allows for root override, which fixes many problems with mismatches between NT ACL permissions and unix permissions. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-03-05s4-pvfs: new pvfs_sys module Andrew Tridgell2-0/+301
The pvfs_sys_*() calls provide wrapper functions for posix file functions which use root privileges to override EACCES failures if PVFS_FLAG_PERM_OVERRIDE is set Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-03-05s4-pvfs: added new pvfs flag PVFS_FLAG_PERM_OVERRIDEAndrew Tridgell2-0/+4
This flag indicates that we should use root privileges to override unix permissions when the NT ACLs indicate that access should be granted Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-03-05s4-smbtorture: skip NotifyChangeKeyValue test against s3 for now.Günther Deschner1-0/+4
Guenther
2010-03-05s4:torture/rpc/samr.c - add some decision possibility constants to some switchMatthias Dieter Wallnöfer1-0/+3
At the moment nothing is done when the enumeration variable is set to one of those constants as before. This is only to quite nasty warnings.
2010-03-05s4:torture/rpc/samr.c - make some argument of function ↵Matthias Dieter Wallnöfer1-1/+1
"test_SamLogon_with_creds" constant This to quiet warnings.
2010-03-05s4:torture/winbind/struct_based.c - fix up (un)signedness of a function argumentMatthias Dieter Wallnöfer1-1/+2
Otherwise always a warning is generated.
2010-03-05s4-pvfs: log more error conditions in NTVFS backendAndrew Tridgell3-0/+31
This should make is easier to track down some bug reports Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-03-05s4-pvfs: move the private ntcreatex flags to private_flagsAndrew Tridgell7-20/+21
Re-using two of the create_options bits was bound to eventually cause problems, and indeed, Windows7 now uses one of those bits when opening text files. Fixes bug 7189
2010-03-05s4-rpc: don't use s->credentials after it is freedAndrew Tridgell1-2/+1
2010-03-05s4-torture: fixed commas separating C statementsAndrew Tridgell1-4/+3
2010-03-05s4-python: only install external python libs that are missingAndrew Tridgell2-1/+19
2010-03-05s4-python: import a copy of the python dns libraryAndrew Tridgell114-0/+16829
This library is not installed on enough systems for us to rely on it being available. We use the system copy if possible, and fallback to this local copy Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-03-05s4-dns: use samba.external to pull in the dns.resolver libraryAndrew Tridgell1-3/+5
2010-03-05s4-python: allow us to have samba copies of python libraries we depend onAndrew Tridgell2-0/+54
For python libraries like dns.resolver it is useful to be able to install a copy of the library with Samba. This set of functions allows us to do that while using the locally installed version if it is available Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-03-05s4-dns-ex: use autoclose on the dns child pipeAndrew Tridgell1-2/+1
I'm hoping this will fix an occasional segfault I've noticed where epoll still calls events on a closed fde Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-03-05s4-messaging: use auto-close on the socketAndrew Tridgell1-0/+1
2010-03-04s4:auth/sam.c - change base context for the "tmp_ctx" context in ↵Matthias Dieter Wallnöfer1-1/+1
"authsam_expand_nested_groups" Better use the "res_sids_ctx" as base context for the "tmp_ctx" and not the long-living "sam_ctx"/"ldb" context to prevent memory leaks.
2010-03-04s4:ldap.py - give the "primaryGroupToken" test a better nameMatthias Dieter Wallnöfer1-3/+3
It tests also some other constructed attributes in a basic way.
2010-03-04s4:ldap.py - add test for "tokenGroups"Matthias Dieter Wallnöfer1-0/+44
2010-03-04s4:operational LDB - don't accidentally "ate" search helper attributes if we ↵Matthias Dieter Wallnöfer1-6/+14
need them for more constructed attributes With this patch we delete the helper attributes at the end where all constructed attributes have already been computed.
2010-03-04s4:operational LDB module - make the counters unsignedMatthias Dieter Wallnöfer1-2/+2
No need to have signed counters here.
2010-03-04s4:operational LDB - implement the "tokenGroups" constructed attributeMatthias Dieter Wallnöfer2-1/+96
It contains the transitive SID closure (expand member/memberOf attributes) of a certain SAM object. The "tokenGroups" attribute never contains the SID of the object itself. References: http://msdn.microsoft.com/en-us/library/ms680275(VS.85).aspx, http://support.microsoft.com/kb/301916, MS-ADTS 3.1.1.4.5.19.
2010-03-04s4:sam.c - make "authsam_expand_nested_groups" publicMatthias Dieter Wallnöfer2-1/+7
This is needed by the "tokenGroups" work in the operational LDB module.
2010-03-04s4:sam.c - cosmetic indentation fixMatthias Dieter Wallnöfer1-2/+1
2010-03-04s4:sam.c - change variable types to unsigned in "sids_contains_sid"Matthias Dieter Wallnöfer1-3/+4
Should also be unsigned - no need for a signed "i" and "num_sids" here.
2010-03-04s4:operational LDB module - use right memory context int ↵Matthias Dieter Wallnöfer1-2/+2
"construct_primary_group_token" Use the "msg" as temporary context and not "ldb" which lives much longer.
2010-03-04Refactored ACL python testsNadezhda Ivanova1-441/+256
Made each type into a separate class to be easily run individually, removed code duplication
2010-03-04s4:provision - use the new "interface_ips" python call to detect the right ↵Matthias Dieter Wallnöfer1-8/+8
host IPv4 address Inform the user when there are more possibilities (so he can check for the right address and otherwise he is able to do an immediate reprovision) and no possibility at all (then we fall back to the loopback address "127.0.0.1" - this is thought for testing purposes). I think this should be enough for closing bug #5484.
2010-03-04s4:ldif_handlers - Use "unsigned int" for counting purposesMatthias Dieter Wallnöfer1-4/+4
I changed "uint32_t" to "unsigned int" since the LDB specification prescrives "unsigned (int)" for counter variables (number of attributes, number of values...).
2010-03-03s4:samdb.c - Make it signed-safeMatthias Dieter Wallnöfer1-2/+2
Use an unsigned argument for the numbers of groups and the counter "i" since the function is called only by "auth_generate_session_info" with an unsigned number of groups argument.
2010-03-03s4:srvsvc RPC - "srvsvc_create_ntvfs_connect"Matthias Dieter Wallnöfer1-1/+1
Previous commit was incomplete. The "service" parameter in the "tcon" structure should point to "scfg->name". I'm not sure if "share" is right but the first was used before commit f390daef475126b4ff5a3d0ffd2babbd87d4c22b.
2010-03-03s4:srvsvc RPC - fix up the "ntvfs_connect" in "srvsvc_create_ntvfs_connect"Matthias Dieter Wallnöfer1-3/+5
This should be the right fix (set the service name in the tcon union to the share name/path). That should be the solution for bug #6784.
2010-03-03s4:torture/rpc/samr - Fix up SAMR-USERS testMatthias Dieter Wallnöfer1-10/+22
"QueryDomainInfo" returns only global groups, "QueryDisplayInfo" also universal ones. Consider MS-SAMR 3.1.5.5.1.1 and 3.1.5.3.1.
2010-03-03s4:torture/rpc/samr - enhance the "EnumDomainGroups" test regarding ↵Matthias Dieter Wallnöfer1-0/+15
universal groups Find the "Enterprise Admins" group which does exist on s4 and Windows directories and is always per default universal. Test this only when the target is set to s4 (s3 deployments don't contain this group). If the number of returned objects is "0" (count) then we are likely testing the builtin domain of an AD deployment.Then we ignore the inexistent "Enterprise Admins" group. I didn't enhance the test for "QueryDomainInfo" since this does itself a comparison of all returned objects with the "EnumDomainGroups" call. Therefore if the latter passes, and the "QueryDomainInfo" test passes also the "QueryDomainInfo" call is okay regarding groups.
2010-03-03s4:dcesrv_samr - Also "OpenGroup" needs to support universal groupsMatthias Dieter Wallnöfer1-2/+3
2010-03-03s4:dcesrv_samr - Fix up "EnumDomainGroups" and "QueryDisplayInfo" callsMatthias Dieter Wallnöfer1-3/+6
We need to look for both global and universal group types when querying them. Found by ekacnet (http://lists.samba.org/archive/samba-technical/2010-March/069777.html).
2010-03-03Fix typo in comments.Karolin Seeger1-2/+2
2010-03-03dns: make dns update script use unbuffered IOAndrew Tridgell1-0/+4
Otherwise we can lose debug output when a timeout happens