Age | Commit message (Collapse) | Author | Files | Lines |
|
Needing to be able to write this test is the primary reason I have
been reworking the VFS and posix ACL layer over the past few weeks.
By exposing the POSIX ACL as a IDL object we can eaisly manipulate it
in python, and then verify that the ACL was handled correctly.
This ensures the when we write an ACL in provision, that it will
indeed allow that access at the FS layer.
We need to extend this beyond just the critical two ACLs set during
provision, to also include some special (hard) cases involving the
merging of ACE entries, as this is the most delicate part of the ACL
transfomation.
A similar test should also be written to read the posix ACL and the
mapped NT ACL on a file that has never had an NT ACL set.
Andrew Bartlett
|
|
This is the start of what will be a series of tests confirming exactly how
some NT ACLs are mapped to posix ACLs.
Andrew Bartlett
|
|
This allows us to write tests that compare the smbd vfs with what is
in the DB or xattr.
Andrew Bartlett
|
|
This handles the fact that smbd will rarely override the POSIX ACL enforced by
the kernel. This has caused issues with the creation of group policies by
other members of the Domain Admins group.
Andrew Bartlett
|
|
This means that any utility that calls into the VFS layer will get the
right modules.
Because we use the fake_acls backend we need to override this whole
list in Samba4.pm however.
Andrew Bartlett
|
|
|
|
The loadparm context on the schema DB might have gone away already.
Pre-cache the schema refresh interval at load time to avoid worrying
about this.
Andrew Bartlett
|
|
We do not need filesystem ACLs set when creating the reference provision, so it is
easier to use the NTVFS backend as it does not cause trouble with make test.
Andrew Bartlett
|
|
subdom_dc
|
|
We do not need to set filesystem ACLs in this case.
Andrew Bartlett
|
|
We do not need to set filesystem ACLs in this case.
Andrew Bartlett
|
|
We do not need to set filesystem ACLs in this case.
Andrew Bartlett
|
|
|
|
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Aug 23 10:01:14 CEST 2012 on sn-devel-104
|
|
metze
|
|
metze
|
|
This was just for debugging...
metze
|
|
Microsoft documentation states that maximum fqdn length is 64 characters, so extending DNS Domain column to 65 characters.
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 23 03:49:00 CEST 2012 on sn-devel-104
|
|
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Aug 22 20:38:50 CEST 2012 on sn-devel-104
|
|
The function align_string() is now broken as base_ptr no longer
points at the start of the SMB data packet, but
at the start of the returned TRANS2 data area.
Replace it with a check for FLAGS2_UNICODE_STRINGS and
a call to ucs2_align().
|
|
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Aug 22 03:08:51 CEST 2012 on sn-devel-104
|
|
The t is weird, but the python bindings trim the traditional IDL name
prefix of each element, as it is usually rudundent.
Andrew Bartlett
|
|
|
|
Found by the talloc_stackframe() out of order checker!
Andrew Bartlett
|
|
Also fix test prefix to match the test
Andrew Bartlett
|
|
Because these run as non-root, we need to avoid doing things that will
fail during the provision. The main test of the s3fs provision is the
plugin_s4_dc environment with a smb.conf that specifies vfs_fake_acls.
Andrew Bartlett
|
|
This is an odd option, but is needed because I wish to add assertions about
ACL setting that will not work in make test without the vfs_fake_acls module
loaded.
Andrew Bartlett
|
|
None of these cases need the complexity of the s3fs backend.
Andrew Bartlett
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
This refers to LDB add operations as well, we have only to be careful on
"@ATTRIBUTES" entries.
E.g.
dn: cn=testperson,cn=users,dc=...,dc=...
objectClass: person
url: www.example.com
url: www.example.com
should not work.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Also "<=", ">=", "~"... are allowed as well. Enumeration taken from
ldb_parse_filtertype().
This was the cause of not identifying the search filter as described in bug
https://bugzilla.samba.org/show_bug.cgi?id=8647.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
A NULL string/expression returns the generic "(objectClass=*)" filter
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Do only require the out memory context and build the temporary one in
the body of the function. This greatly simplifies the callers.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
As shown in commit c8e6d8b487 this looks easier and in any case we can
treat schema context data like global data.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Wed Aug 22 01:30:06 CEST 2012 on sn-devel-104
|
|
Based on work from Ian Gordon <ian.gordon@strath.ac.uk>.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 21 22:01:15 CEST 2012 on sn-devel-104
|
|
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 21 13:12:33 CEST 2012 on sn-devel-104
|
|
This will allow this to be tested as part of a normal selftest.
Andrew Bartlett
|
|
As suggested by Amitay.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 21 09:03:02 CEST 2012 on sn-devel-104
|
|
These will be used to verify that an ACL set as an NT ACL creates
the correct posix ACL.
Andrew Bartlett
|
|
|
|
This is needed so that pdb_samba4 can map any SID during a provision.
At runtime, winbindd will be asked first, but this shortcut direct to the
ldb file makes it possible to set the permissions on the sysvol share at
provision time.
Andrew Bartlett
|
|
|
|
Except in the formatting of the selftest output, this removes the special case
of the build farm, so that an autobuild, a manual make test and the build farm
are more similar.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 21 06:39:04 CEST 2012 on sn-devel-104
|
|
This was incorrectly added in 0e441636afd5923a92f7eb29d66dfa52e2f0a5c3.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 21 03:11:16 CEST 2012 on sn-devel-104
|
|
and NDR parsing errors.
A connection is idle when both struct winbindd_cli_state->request AND
struct winbindd_cli_state->response are NULL. Otherwise we can flag
as idle a connection in the state of having sent the request to
the winbindd child (request != NULL) but not yet received a reply
(response == NULL).
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 21 01:31:46 CEST 2012 on sn-devel-104
|
|
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Aug 20 15:36:48 CEST 2012 on sn-devel-104
|
|
This isolates us from the OS ACL library, and allows chown to 'work'
when we are non-root. In turn, this ensures that we can test the SMB
-> POSIX layer even when the OS would refuse the set due to non-root
or simply not having acls enabled on this particular file system.
This should make a number of build farm tests much more reliable, and
allows a number more tests to pass.
Andrew Bartlett
|