Age | Commit message (Collapse) | Author | Files | Lines |
|
metze
|
|
The upper limits are unsigned variables therefore also the counter variables
need to be like that.
|
|
Also here in both cases the unsigned counter fits better than the signed one.
|
|
In both cases the unsigned counter fits better:
- in the first one since we are counting LDB objects starting from 0
- in the second since we are counting an array starting from 0
|
|
|
|
talloc can potentially change the errno
|
|
|
|
If the system has O_NOFOLLOW and O_DIRECTORY then we allow for
overrides by default. If not, then we disable by default, as we will
be more vulnerable to symlink attacks
|
|
To prevent symlink attacks we need to use O_NOFOLLOW one level at a
time when processing a root security override
|
|
This allows for root override, which fixes many problems with
mismatches between NT ACL permissions and unix permissions.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
The pvfs_sys_*() calls provide wrapper functions for posix file
functions which use root privileges to override EACCES failures if
PVFS_FLAG_PERM_OVERRIDE is set
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This flag indicates that we should use root privileges to override
unix permissions when the NT ACLs indicate that access should be
granted
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Guenther
|
|
At the moment nothing is done when the enumeration variable is set to one of
those constants as before. This is only to quite nasty warnings.
|
|
"test_SamLogon_with_creds" constant
This to quiet warnings.
|
|
Otherwise always a warning is generated.
|
|
This should make is easier to track down some bug reports
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Re-using two of the create_options bits was bound to eventually
cause problems, and indeed, Windows7 now uses one of those bits
when opening text files.
Fixes bug 7189
|
|
|
|
|
|
|
|
This library is not installed on enough systems for us to rely
on it being available. We use the system copy if possible, and
fallback to this local copy
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
For python libraries like dns.resolver it is useful to be able to install
a copy of the library with Samba. This set of functions allows us to do that
while using the locally installed version if it is available
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
I'm hoping this will fix an occasional segfault I've noticed where
epoll still calls events on a closed fde
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
"authsam_expand_nested_groups"
Better use the "res_sids_ctx" as base context for the "tmp_ctx" and not the
long-living "sam_ctx"/"ldb" context to prevent memory leaks.
|
|
It tests also some other constructed attributes in a basic way.
|
|
|
|
need them for more constructed attributes
With this patch we delete the helper attributes at the end where all constructed
attributes have already been computed.
|
|
No need to have signed counters here.
|
|
It contains the transitive SID closure (expand member/memberOf attributes) of a
certain SAM object. The "tokenGroups" attribute never contains the SID of the
object itself.
References: http://msdn.microsoft.com/en-us/library/ms680275(VS.85).aspx,
http://support.microsoft.com/kb/301916,
MS-ADTS 3.1.1.4.5.19.
|
|
This is needed by the "tokenGroups" work in the operational LDB module.
|
|
|
|
Should also be unsigned - no need for a signed "i" and "num_sids" here.
|
|
"construct_primary_group_token"
Use the "msg" as temporary context and not "ldb" which lives much longer.
|
|
Made each type into a separate class to be easily run individually,
removed code duplication
|
|
host IPv4 address
Inform the user when there are more possibilities (so he can check for the
right address and otherwise he is able to do an immediate reprovision) and no
possibility at all (then we fall back to the loopback address "127.0.0.1" - this
is thought for testing purposes).
I think this should be enough for closing bug #5484.
|
|
I changed "uint32_t" to "unsigned int" since the LDB specification prescrives
"unsigned (int)" for counter variables (number of attributes,
number of values...).
|
|
Use an unsigned argument for the numbers of groups and the counter "i" since
the function is called only by "auth_generate_session_info" with an unsigned
number of groups argument.
|
|
Previous commit was incomplete. The "service" parameter in the "tcon" structure
should point to "scfg->name". I'm not sure if "share" is right but the first
was used before commit f390daef475126b4ff5a3d0ffd2babbd87d4c22b.
|
|
This should be the right fix (set the service name in the tcon union to the
share name/path). That should be the solution for bug #6784.
|
|
"QueryDomainInfo" returns only global groups, "QueryDisplayInfo" also universal
ones. Consider MS-SAMR 3.1.5.5.1.1 and 3.1.5.3.1.
|
|
universal groups
Find the "Enterprise Admins" group which does exist on s4 and Windows
directories and is always per default universal. Test this only when the target
is set to s4 (s3 deployments don't contain this group). If the number of
returned objects is "0" (count) then we are likely testing the builtin domain of
an AD deployment.Then we ignore the inexistent "Enterprise Admins" group.
I didn't enhance the test for "QueryDomainInfo" since this does itself a
comparison of all returned objects with the "EnumDomainGroups" call. Therefore
if the latter passes, and the "QueryDomainInfo" test passes also the
"QueryDomainInfo" call is okay regarding groups.
|
|
|
|
We need to look for both global and universal group types when querying them.
Found by ekacnet (http://lists.samba.org/archive/samba-technical/2010-March/069777.html).
|
|
|
|
Otherwise we can lose debug output when a timeout happens
|
|
When a user has SEC_PRIV_TAKE_OWNERSHIP or SEC_PRIV_RESTORE they have
permission to change the ownership of a file.
This should fix bug 6987
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|