summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2013-02-04selftest: add a test that demonstrates how new ACL blob code helpsChristian Ambach1-0/+17
this test shows that a change to POSIX ACL->SD mapping behavior does not invalidate the stored SD Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-02-01s4-torture: make sure to deal with the highest relative pointer offset ↵Günther Deschner1-6/+26
correctly. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-31Fix the compound tests to correctly pass against Windows when run with ↵Jeremy Allison1-6/+6
--signing=required. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.org> Autobuild-User(master): Richard Sharpe <sharpe@samba.org> Autobuild-Date(master): Thu Jan 31 03:53:55 CET 2013 on sn-devel-104
2013-01-27s4:service_task: add missing imessaging_cleanup() to task_server_terminate()Stefan Metzmacher1-0/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sun Jan 27 15:50:30 CET 2013 on sn-devel-104
2013-01-27s4:service_task: prevent a segfault if task->msg_ctx is not initialized yetStefan Metzmacher1-1/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27selftest: rename 'promoted_vampire_dc' to 'promoted_dc'Stefan Metzmacher1-2/+2
Unix domain socket are limited to 104 characters on Linux. Using something like this fails as it uses more than 104 characters: '/memdisk/autobuild/flakey/b232141/samba/bin/ab/promoted_vampire_dc/private/smbd.tmp/msg/msg.482379.2147483647' Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27selftest: Add test of upgradeprovision using the old alpha13 treeAndrew Bartlett1-5/+5
This ensures that upgradeprovision works as expected on a known good old database. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sun Jan 27 11:55:54 CET 2013 on sn-devel-104
2013-01-27samba_upgradeprovision: detect dns_backend for the reference provisionStefan Metzmacher2-10/+11
If we have a DomainDnsZone partition, we use BIND9_DLZ as backend and fix errors in the ForestDnsZone and DomainDnsZone partitions. Note: this should work fine also for SAMBA_INTERNAL. If the current setup doesn't use dns specific partitions (e.g. alpha13 setups) we pass dns_backend=BIND9_FLATFILE. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27provision: setup names.dns_backendStefan Metzmacher1-0/+26
If we have a DomainDnsZone partition: - we use BIND9_DLZ as backend if a dns-<netbiosname> account is available - otherwise, we use SAMBA_INTERNAL else: - we use BIND9_FLATFILE if a dns or dns-<netbiosname> account is available - otherwise, we use NONE Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27samba_upgradeprovision: fix the nTSecurityDescriptor on more containers (bug ↵Stefan Metzmacher1-36/+92
#9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27provision: fix nTSecurityDescriptor of containers in the DnsZones (bug #9481)Stefan Metzmacher2-11/+23
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27provision: fix nTSecurityDescriptor attributes of CN=*,${CONFIGDN} (bug #9481)Stefan Metzmacher4-0/+34
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27provision: fix nTSecurityDescriptor of CN={LostAndFound,System},${DOMAINDN} ↵Stefan Metzmacher2-0/+6
(bug #9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27provision: setup names.name_map['DnsAdmins']Stefan Metzmacher1-0/+5
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27provision: introduce names.name_map = {}Stefan Metzmacher1-0/+1
This will be used to translated names in SDDL values, which are not wellknown, e.g. 'DnsAdmins'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27provision: add get_dns_{forest,domain}_microsoft_dns_descriptor()Stefan Metzmacher2-0/+16
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27provision: add get_config_ntds_quotas_descriptor()Stefan Metzmacher2-0/+8
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27provision: add get_{config,domain}_delete_protected*_descriptor()Stefan Metzmacher2-0/+40
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27schema.py: add optional name_map={} to get_schema_descriptor()Stefan Metzmacher1-1/+1
This is not used, but makes the prototype compatible with the other get_*_descriptor() functions. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27provision: add optional name_map={} argument to get_*_descriptor()Stefan Metzmacher1-32/+30
This will allow subsitute non-wellkown names in the SDDL, e.g. 'DnsAdmins'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27provision: import/export get_dns_partition_descriptor()Stefan Metzmacher1-1/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27provision: setup names.dns{forest,domain}dnStefan Metzmacher1-1/+22
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27samba_upgradeprovision: fix resetting of 'nTSecurityDescriptor' on schema ↵Stefan Metzmacher1-1/+1
objects Without this schema_data_modify() will reject updates to schema objects by default. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27samba_upgradeprovision: don't reset 'whenCreated' when resetting ↵Stefan Metzmacher1-2/+0
'nTSecurityDescriptor' Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27dbckecker: fix nTSecurityDescriptor values from before 4.0.0rc6 (bug #9481)Stefan Metzmacher1-2/+181
They inherited effective ACE for the wrong object classes. For SACL ACEs the problem was also present in 4.0.0. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27dsdb-descriptor: get_default_group() should always return the DAG sid (bug ↵Stefan Metzmacher1-5/+10
#9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27tests/sec_descriptor: the default owner behavior depends on ↵Stefan Metzmacher1-4/+4
domainControllerFunctionality (bug #9481) Not on the domainFunctionality. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-26s4-process_single: Use pid,task_id as cluster_id in process_single just like ↵Andrew Bartlett1-8/+13
process_prefork This avoids two different process single task servers (eg the drepl server) sharing the same server id. The task id starts at 2^31 to avoid collision with the fd based scheme for connections. Fix-bug: https://bugzilla.samba.org/show_bug.cgi?id=9598 Reported-by: Matthieu Patou <mat@matws.net> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sat Jan 26 16:13:05 CET 2013 on sn-devel-104
2013-01-26pymessaging: Pass around the server_id struct to python callbacks rather ↵Andrew Bartlett1-3/+13
than the tuple This is not used currently, but may avoid going to and from the python types when we do not need to. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-26pymessaging: Use correct unsigned types for server ID tuple elememntsAndrew Bartlett1-3/+3
This is needed if we start using the top bits of these values. Andrew Bartlett Reviewed-by: Matthieu Patou <mat@matws.net> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-25bug9598: s4-process_single: Use pid,fd as cluster_id in process_single just ↵Andrew Bartlett1-3/+8
like process_prefork This avoids two different process single servers (say LDAP and the RPC server) sharing the same server id. Fix-bug: https://bugzilla.samba.org/show_bug.cgi?id=9598 Reported-by: Matthieu Patou <mat@matws.net> Reviewed-by: Matthieu Patou <mat@matws.net> Signed-off-by: Andrew Bartlett <abartlett@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Jan 25 12:00:04 CET 2013 on sn-devel-104
2013-01-24s4-torture: add some basic tests for PlayGDIScriptOnPrinterIC.Günther Deschner1-1/+110
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Jan 24 19:20:52 CET 2013 on sn-devel-104
2013-01-24spoolss: make spoolss deal with ndr64 StartDocPrinter by using proper ↵Günther Deschner1-2/+6
container object. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2013-01-23dsdb-acl: remove unused variableStefan Metzmacher1-1/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Jan 23 20:04:09 CET 2013 on sn-devel-104
2013-01-22drsuapi: Add documentationMatthieu Patou1-3/+18
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-22drepl-notify: change misleading messageMatthieu Patou1-1/+1
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-22devel-script: add options for RODC and partial replica for replicate flagsMatthieu Patou1-1/+21
Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Jan 22 00:12:17 CET 2013 on sn-devel-104
2013-01-21devel-scripts: ask with WRIT_REP by defaultMatthieu Patou1-0/+1
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21devel-getncchange: try to find the dest_dsa automaticallyMatthieu Patou1-3/+19
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dbcheck: look in hasMasterNCs as well for determining the instance type of a NCMatthieu Patou1-2/+10
Forest of level 2000 don't hve the msDS-hasMasterNCs parameter Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb: Fix warning about unused varMatthieu Patou1-2/+0
Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Jan 21 17:51:16 CET 2013 on sn-devel-104
2013-01-21dsdb: Explain ordering constraints on the ACL module as well.Andrew Bartlett1-2/+2
Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb: Ensure "authenticated users" is processed for group membershipsAndrew Bartlett3-36/+64
This change moves the addition of "Authenticated Users" from the very end of the token processing to the start. The reason is that we need to see if "Authenticated Users" is a member of other builtin groups, just as we would for any other SID. This picks up the "Pre-Windows 2000 Compatible Access" group, which is in turn often used in ACLs on LDAP objects. Without this change, the eventual token does not contain S-1-5-32-554 and users other than "Administrator" are unable to read uidNumber (in particular). Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21libcli/security: handle node initialisation in one spot in ↵Andrew Bartlett2-11/+10
insert_in_object_tree() This removes special-case for initalising the children array in insert_in_object_tree(). talloc_realloc() handles the intial allocate case perfectly well, so there is no need to have this duplicated. This also restores having just one place were the rest of the elements are intialised, to ensure uniform behaviour. To do this, we have to rework insert_in_object_tree to have only one output variable, both because having both root and new_node as output variables was too confusing, and because otherwise the two pointers were being allowed to point at the same memory. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-acl: the SEC_ADS_DELETE_CHILD checks need objectclass->schemaIDGUIDStefan Metzmacher1-2/+7
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-acl: make use of acl_check_access_on_objectclass() for the object in ↵Stefan Metzmacher1-6/+50
acl_delete() We should only use dsdb_module_check_access_on_dn() on the parent. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-acl: make use of acl_check_access_on_{attribute,objectclass} in ↵Stefan Metzmacher1-47/+43
acl_rename() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-acl: make use of acl_check_access_on_attribute() in acl_modify()Stefan Metzmacher1-44/+16
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-acl: remove unused acl_check_access_on_class()Stefan Metzmacher1-46/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21dsdb-acl: use acl_check_access_on_objectclass() instead of ↵Stefan Metzmacher1-8/+13
acl_check_access_on_class() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
generated by cgit (git 2.34.1) at 2024-11-01 07:11:01 +0000