summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2012-08-23selftest: Extend posixacl test to check the actual ACLAndrew Bartlett1-2/+274
Needing to be able to write this test is the primary reason I have been reworking the VFS and posix ACL layer over the past few weeks. By exposing the POSIX ACL as a IDL object we can eaisly manipulate it in python, and then verify that the ACL was handled correctly. This ensures the when we write an ACL in provision, that it will indeed allow that access at the FS layer. We need to extend this beyond just the critical two ACLs set during provision, to also include some special (hard) cases involving the merging of ACE entries, as this is the most delicate part of the ACL transfomation. A similar test should also be written to read the posix ACL and the mapped NT ACL on a file that has never had an NT ACL set. Andrew Bartlett
2012-08-23selftest: Add a test of the NT ACL -> posix ACL mapping layerAndrew Bartlett1-0/+131
This is the start of what will be a series of tests confirming exactly how some NT ACLs are mapped to posix ACLs. Andrew Bartlett
2012-08-23s4-scripting: Redefine getntacl() as accessing via the smbd VFS or directlyAndrew Bartlett2-6/+11
This allows us to write tests that compare the smbd vfs with what is in the DB or xattr. Andrew Bartlett
2012-08-23s4-provision: set POSIX ACLs to for use with the smbd file server (s3fs)Andrew Bartlett3-53/+94
This handles the fact that smbd will rarely override the POSIX ACL enforced by the kernel. This has caused issues with the creation of group policies by other members of the Domain Admins group. Andrew Bartlett
2012-08-23file_server: Move default VFS module settings to loadparm.cAndrew Bartlett3-13/+14
This means that any utility that calls into the VFS layer will get the right modules. Because we use the fake_acls backend we need to override this whole list in Samba4.pm however. Andrew Bartlett
2012-08-23s4-dsdb: Remove unused variablesAndrew Bartlett1-5/+0
2012-08-23s4-dsdb: Do not use a possibly-old loadparm context in schema reloadAndrew Bartlett3-19/+18
The loadparm context on the schema DB might have gone away already. Pre-cache the schema refresh interval at load time to avoid worrying about this. Andrew Bartlett
2012-08-23s4-upgradeprovision: Use ntvfs in reference provisionAndrew Bartlett1-1/+1
We do not need filesystem ACLs set when creating the reference provision, so it is easier to use the NTVFS backend as it does not cause trouble with make test. Andrew Bartlett
2012-08-23selftest: Set --use-ntvfs for rodc, vampire_dc, promoted_vampire_dc and ↵Andrew Bartlett1-4/+4
subdom_dc
2012-08-23selftest: Specify --use-ntvfs when testing the group codeAndrew Bartlett1-1/+1
We do not need to set filesystem ACLs in this case. Andrew Bartlett
2012-08-23selftest: Specify --use-ntvfs when testing the newuser codeAndrew Bartlett1-1/+1
We do not need to set filesystem ACLs in this case. Andrew Bartlett
2012-08-23selftest: Specify --use-ntvfs when testing the LDAP backend init codeAndrew Bartlett1-5/+5
We do not need to set filesystem ACLs in this case. Andrew Bartlett
2012-08-23selftest: Specify --use-ntvfs for the chdcpass environmentAndrew Bartlett1-1/+1
2012-08-23s3:smb2_break: encrypt OPLOCK BREAK notificationsStefan Metzmacher3-18/+107
metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Aug 23 10:01:14 CEST 2012 on sn-devel-104
2012-08-23s3:smb2_server: use smbXsrv_session->nonce_*Stefan Metzmacher2-25/+27
metze
2012-08-23smbXsrv.idl: add nonce_* to smbsrv_sessionStefan Metzmacher1-0/+2
metze
2012-08-23s3:smb2_server: remove dump_data() from smbd_smb2_request_pending_timer()Stefan Metzmacher1-1/+0
This was just for debugging... metze
2012-08-23Extending space for fqdn in wbinfo --trusted-domains in verbose modeDaniel Liberman1-2/+2
Microsoft documentation states that maximum fqdn length is 64 characters, so extending DNS Domain column to 65 characters. Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Aug 23 03:49:00 CEST 2012 on sn-devel-104
2012-08-22Remove align_string(). No longer used.Jeremy Allison2-12/+0
Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Aug 22 20:38:50 CEST 2012 on sn-devel-104
2012-08-22Fix bug in SMB_FIND_INFO_STANDARD parsing found by Volker.Jeremy Allison1-1/+3
The function align_string() is now broken as base_ptr no longer points at the start of the SMB data packet, but at the start of the returned TRANS2 data area. Replace it with a check for FLAGS2_UNICODE_STRINGS and a call to ucs2_align().
2012-08-22s4-python: Complete python bindings for idmap.idlAndrew Bartlett2-0/+11
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Aug 22 03:08:51 CEST 2012 on sn-devel-104
2012-08-22s3-pysmbd: Correct the python type for smb_acl_tAndrew Bartlett1-2/+2
The t is weird, but the python bindings trim the traditional IDL name prefix of each element, as it is usually rudundent. Andrew Bartlett
2012-08-22s4-python: complete python bindigns for smb_acls.idlAndrew Bartlett2-0/+11
2012-08-22s3-vfs: Remove extra calls to SMB_VFS_HANDLE_GET_DATAAndrew Bartlett1-6/+0
Found by the talloc_stackframe() out of order checker! Andrew Bartlett
2012-08-22selftest: Pass --use-ntvfs to provison in renamedc testAndrew Bartlett1-5/+5
Also fix test prefix to match the test Andrew Bartlett
2012-08-22selftest: Specify --use-ntvfs to provision in test scriptsAndrew Bartlett5-33/+35
Because these run as non-root, we need to avoid doing things that will fail during the provision. The main test of the s3fs provision is the plugin_s4_dc environment with a smb.conf that specifies vfs_fake_acls. Andrew Bartlett
2012-08-22s4-classicupgrade: Add --use-ntvfs optionAndrew Bartlett2-4/+8
This is an odd option, but is needed because I wish to add assertions about ACL setting that will not work in make test without the vfs_fake_acls module loaded. Andrew Bartlett
2012-08-22s4-provision: pass use_ntvfs from C wrappers and set to true in tests/vampireAndrew Bartlett5-3/+7
None of these cases need the complexity of the s3fs backend. Andrew Bartlett
2012-08-22s4:samldb LDB module - remove unused "member" attribute from search filterMatthias Dieter Wallnöfer1-1/+1
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-08-22LDB:ldb_tdb.c - deny multi-valued attributes manipulation with doubletsMatthias Dieter Wallnöfer1-1/+18
This refers to LDB add operations as well, we have only to be careful on "@ATTRIBUTES" entries. E.g. dn: cn=testperson,cn=users,dc=...,dc=... objectClass: person url: www.example.com url: www.example.com should not work. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-08-22LDB:ldbsearch - add search filter testsMatthias Dieter Wallnöfer1-0/+2
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-08-22LDB:ldbsearch - search filters do not only contain "="Matthias Dieter Wallnöfer1-1/+1
Also "<=", ">=", "~"... are allowed as well. Enumeration taken from ldb_parse_filtertype(). This was the cause of not identifying the search filter as described in bug https://bugzilla.samba.org/show_bug.cgi?id=8647. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-08-22s4:dsdb - always fail if a search filter could not be parsedMatthias Dieter Wallnöfer2-1/+8
A NULL string/expression returns the generic "(objectClass=*)" filter Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-08-22LDB:ldif_handlers.c - LDB_OP_GREATER/LDB_OP_LESS are thought as ">=" or "<="Matthias Dieter Wallnöfer2-3/+3
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-08-22s4:dsdb_sort_objectClass_attr - simplify memory context handlingMatthias Dieter Wallnöfer3-37/+23
Do only require the out memory context and build the temporary one in the body of the function. This greatly simplifies the callers. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-08-22s4:dsdb_sort_objectClass_attr - use "data_blob_string_const" for setting valuesMatthias Dieter Wallnöfer1-6/+1
As shown in commit c8e6d8b487 this looks easier and in any case we can treat schema context data like global data. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-08-22libcli: fix value of NT_STATUS_FILE_NOT_AVAILABLEBjörn Jacke1-1/+1
Autobuild-User(master): Björn Jacke <bj@sernet.de> Autobuild-Date(master): Wed Aug 22 01:30:06 CEST 2012 on sn-devel-104
2012-08-21Fix bug #9098 - winbind does not refresh kerberos tickets.Jeremy Allison3-0/+39
Based on work from Ian Gordon <ian.gordon@strath.ac.uk>. Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Aug 21 22:01:15 CEST 2012 on sn-devel-104
2012-08-21selftest: Add tests for vfs_aio_forkAndrew Bartlett2-0/+12
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Aug 21 13:12:33 CEST 2012 on sn-devel-104
2012-08-21s3-vfs: Make vfs_aio_fork erratic timing behaviour a run-time optionAndrew Bartlett1-5/+44
This will allow this to be tested as part of a normal selftest. Andrew Bartlett
2012-08-21build: Create bin/ when doing 'waf dist' from a fresh checkoutAndrew Bartlett1-0/+1
As suggested by Amitay. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Aug 21 09:03:02 CEST 2012 on sn-devel-104
2012-08-21s3-pysmbd: Add get/set functions for the posix ACL layerAndrew Bartlett1-0/+89
These will be used to verify that an ACL set as an NT ACL creates the correct posix ACL. Andrew Bartlett
2012-08-21s3-pysmbd: Correct comments in python VFS bindingsAndrew Bartlett1-2/+2
2012-08-21s3-passdb: Allow pdb_sid_to_id to work on any SIDAndrew Bartlett3-13/+19
This is needed so that pdb_samba4 can map any SID during a provision. At runtime, winbindd will be asked first, but this shortcut direct to the ldb file makes it possible to set the permissions on the sysvol share at provision time. Andrew Bartlett
2012-08-21s3-pysmbd: Add hook for a VFS chown()Andrew Bartlett1-0/+53
2012-08-21build: Remove special case for the build farmAndrew Bartlett12-23/+22
Except in the formatting of the selftest output, this removes the special case of the build farm, so that an autobuild, a manual make test and the build farm are more similar. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Aug 21 06:39:04 CEST 2012 on sn-devel-104
2012-08-21build: Remove accidentily added line in samba_version.pyAndrew Bartlett1-1/+0
This was incorrectly added in 0e441636afd5923a92f7eb29d66dfa52e2f0a5c3. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Aug 21 03:11:16 CEST 2012 on sn-devel-104
2012-08-21Fix bug #9104 - winbindd can mis-identify idle clients - can cause crashes ↵Herb Lewis1-1/+2
and NDR parsing errors. A connection is idle when both struct winbindd_cli_state->request AND struct winbindd_cli_state->response are NULL. Otherwise we can flag as idle a connection in the state of having sent the request to the winbindd child (request != NULL) but not yet received a reply (response == NULL). Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Aug 21 01:31:46 CEST 2012 on sn-devel-104
2012-08-20s4-torture: Use torture_fail() in the unix.unix_info2 testAndrew Bartlett1-2/+3
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Aug 20 15:36:48 CEST 2012 on sn-devel-104
2012-08-20selftest: Use new fake_acls moduleAndrew Bartlett3-8/+2
This isolates us from the OS ACL library, and allows chown to 'work' when we are non-root. In turn, this ensures that we can test the SMB -> POSIX layer even when the OS would refuse the set due to non-root or simply not having acls enabled on this particular file system. This should make a number of build farm tests much more reliable, and allows a number more tests to pass. Andrew Bartlett