summaryrefslogtreecommitdiff
path: root/source4/scripting/bin
AgeCommit message (Collapse)AuthorFilesLines
2013-03-25scripting: Move the list of well known SDs to samba.provision.descriptorAndrew Bartlett1-71/+2
This will allow us to call this from dbcheck. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-04samba_upgradeprovision: Do not reset every DN when changing an SDAndrew Bartlett1-22/+8
SD propogation is handled by an LDB module, we do not need to touch each and every DN to make it happen. Now that we do not need to put this via a hash, the dnToRecalculate list is changed to be a list of Dn objects, not strings so that: if dn in listWellknown is handled using a schema comparison (avoiding different case forms tripping it up). Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-04samba_upgradeprovision: do not maintain dnNotToRecalculate as a listAndrew Bartlett1-5/+3
We only need a boolean indication, not the actual values. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-04samba_upgradeprovision: only run rebuild_sd in --full modeAndrew Bartlett1-20/+17
This is a potentially destructive routine, and should not be run by default. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-04samba_upgradeprovision: Remove alwaysRecalculate, this is too dangerousAndrew Bartlett1-4/+1
I am unclear on why this was added, but the idea that we ever always reset data in the directory is not reasonable to me, so I am removing it. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-04samba_upgradeprovision: Remove unused checkKeepAttributeOldMtdAndrew Bartlett1-73/+6
lastProvisionUSNs is never None, instead the code requries the administrator to populate this attribute in the directory. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-04scripting: Rework samba.upgradehelpers.get_diff_sddls to be get_diff_sdsAndrew Bartlett1-11/+10
This moves the SDDL conversion inside the get_diff_sds function and prepares for removing inherited ACEs from the SD before comparison. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-04samba_upgradeprovision: Remove auto-detection of pre-alpha9 databasesAndrew Bartlett1-5/+6
These are incredibly rare, and administrators running such databases not only ask the Samba Team for help personally, they can read --help. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-02Remove incomplete check for IPv6 link-local addresses.Landon Fuller1-3/+1
This has been superceded by a check for link-local addresses in get_interfaces() Signed-Off-By: Landon Fuller <landonf@bikemonkey.org> Reviewed-By: Richard Sharpe <realrichardsharpe@gmail.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Mar 2 08:38:54 CET 2013 on sn-devel-104
2013-03-02Move python modules from source4/scripting/python/ to python/.Jelmer Vernooij1-1/+1
Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Mar 2 03:57:34 CET 2013 on sn-devel-104
2013-02-19samba_upgradeprovision: Use tdb_util.tdb_copy not shutil.copy2Andrew Bartlett1-13/+17
This is really important, because copying a file will both ignore locks held by another process and break any locks we hold (due to POSIX brain-damage regarding multiple fds on one file in a process). By leaving this to tdbbackup in a child, both of these issues are avoided. Andrew Bartlett Reviewed-by: Matthieu Patou <mat@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Feb 19 07:48:18 CET 2013 on sn-devel-104
2013-02-19samba_upgradeprovision: Do not update privileges.ldb any more (unchanged ↵Andrew Bartlett1-16/+4
since 2009) This update was only a total oblitoration of the existing database and not a merge, and the shutil.copy would both disregard and break locks on the database that are held at this point. Andrew Bartlett Reviewed-by: Matthieu Patou <mat@samba.org>
2013-02-19scripting: Make tdb_copy a common util function in samba.tdb_utilAndrew Bartlett1-0/+1
This will allow samba_upgradeprovision to also call it. Andrew Bartlett Reviewed-by: Matthieu Patou <mat@samba.org>
2013-02-19samba_upgradeprovision: Remove options to fix FS ACLsAndrew Bartlett1-223/+204
samba-tool ntacl sysvolreset handles this better, and makes this tool much less confusing internally. Andrew Bartlett Reviewed-by: Matthieu Patou <mat@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Feb 19 06:06:41 CET 2013 on sn-devel-104
2013-01-27samba_upgradeprovision: detect dns_backend for the reference provisionStefan Metzmacher1-8/+10
If we have a DomainDnsZone partition, we use BIND9_DLZ as backend and fix errors in the ForestDnsZone and DomainDnsZone partitions. Note: this should work fine also for SAMBA_INTERNAL. If the current setup doesn't use dns specific partitions (e.g. alpha13 setups) we pass dns_backend=BIND9_FLATFILE. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27samba_upgradeprovision: fix the nTSecurityDescriptor on more containers (bug ↵Stefan Metzmacher1-36/+92
#9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27samba_upgradeprovision: fix resetting of 'nTSecurityDescriptor' on schema ↵Stefan Metzmacher1-1/+1
objects Without this schema_data_modify() will reject updates to schema objects by default. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27samba_upgradeprovision: don't reset 'whenCreated' when resetting ↵Stefan Metzmacher1-2/+0
'nTSecurityDescriptor' Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-10scripting/samba_upgradedns: Only look for IPv4/IPv6 addresses if we actually ↵Andrew Bartlett1-21/+22
them This allows the script to be used to create/remove the samba-specific dns-SERVER account when we do not need to create the in-directory partition. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Jan 10 20:56:50 CET 2013 on sn-devel-104
2013-01-09samba_dnsupdate: set KRB5_CONFIG for nsupdate commandBjörn Baumbach1-4/+5
Let nslookup use krb5.conf, which is set in our KRB5_CONFIG. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2012-11-30s4:samba_upgradeprovision: use the sd_flags:1:15 control with an empty sdStefan Metzmacher1-7/+14
The sd_flags:1:15 control together with an empty security_descriptor has the same effect as the recalculate_sd:0 control (which is samba only). Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-10-18provision: No longer use the wheel group in new AD DomainsAndrew Bartlett1-1/+1
The issue here is that if we set S-1-5-32-544 (administrators) to a GID only, then users cannot force a mandetory profile to be owned by administrators (which is a requirement). There is no particularly useful reason for us to enforce this matching a system group. Andrew Bartlett
2012-10-03s4: samba_backup: Fix typos.Björn Baumbach1-2/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-09-27s4-python: Various formatting fixes.Jelmer Vernooij3-72/+76
* Trailing whitespace * use of "==" where "is" should be used * double spaces
2012-09-26samba_dnsupdate: Safely update/create names for Samba3 targets as wellAndrew Bartlett1-4/+14
This avoids unlocked writes to the dns_hosts_file, and may fix some of our issues on the build farm where large numbers of tests fail due to failed name resolution. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Sep 26 05:48:25 CEST 2012 on sn-devel-104
2012-09-26samba_dnsupdate: Move to using tmpfile/rename to keep the dns_hosts_file ↵Andrew Bartlett1-3/+10
consistent This may be the cause of some of the large failure modes on the build farm. Andrew Bartlett
2012-09-25s4-python: Override SIGINT handler in scripts only.Jelmer Vernooij4-1/+26
Override the SIGINT handler in a few select cases only, rather than doing so in one of the samba Python modules. I've done this where it matters most; we can add this code to other scripts too if necessary. This means that importing the 'samba' module from a third party application does not have side-effects on the state of the signal handlers. Bug: https://bugzilla.samba.org/show_bug.cgi?id=9068
2012-09-12s4:samba_upgradedns: delete dns-HOSTNAME account if using the internal dns ↵Stefan Metzmacher1-0/+28
server metze
2012-09-12s4 dns: use the internal DNS server per defaultKai Blin1-3/+3
2012-09-12s4:scripting: rename upgradeprovision -> samba_upgradeprovisionStefan Metzmacher2-1/+1
metze
2012-09-11s4:samba-tool: allow sys.exit(ret) to control the exit codeStefan Metzmacher1-1/+1
Some subcommands may use sys.exit(0), which shouldn't be reported as an error to the caller. metze
2012-08-03s4: samba_spnupdate: fix "if we are DNS server" checkBjörn Baumbach1-5/+6
We need to check if we have hasMasterNCs. If we are RODC we have hasFullReplicaNCs instead of hasMasterNCs. TODO: maybe check for hasFullReplicaNCs, too? Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-06-25s4-samba_upgradedns: Do not set DNS account for internal serverAndrew Bartlett1-32/+32
The internal DNS server does not need the samba-only NAME-dns account. Andrew Bartlett
2012-05-24s4/scripting: in MIT build do not install samba-tool, it is not usable yetAlexander Bokovoy1-3/+1
2012-05-23Introduce system MIT krb5 build with --with-system-mitkrb5 option.Alexander Bokovoy1-5/+4
System MIT krb5 build also enabled by specifying --without-ad-dc When --with-system-mitkrb5 (or --withou-ad-dc) option is passed to top level configure in WAF build we are trying to detect and use system-wide MIT krb5 libraries. As result, Samba 4 DC functionality will be disabled due to the fact that it is currently impossible to implement embedded KDC server with MIT krb5. Thus, --with-system-mitkrb5/--without-ad-dc build will only produce * Samba 4 client libraries and their Python bindings * Samba 3 server (smbd, nmbd, winbindd from source3/) * Samba 3 client libraries In addition, Samba 4 DC server-specific tests will not be compiled into smbtorture. This in particular affects spoolss_win, spoolss_notify, and remote_pac rpc tests.
2012-05-15samba-upgradedns: Use the correct magic incantation of sys.path.insert()Amitay Isaacs1-1/+1
This replaces "bin/python" with the correct path for python libraries. The pattern requires double quotes (") instead of single quotes ('). Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Tue May 15 05:19:46 CEST 2012 on sn-devel-104
2012-05-01s4-upgradedns: Update serverdn with only the attributes that have changedAmitay Isaacs1-11/+21
This fixes the issue of ldb 'Operations Error' when trying to modify hasPartialReplicaNCs attribute. Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Tue May 1 05:28:04 CEST 2012 on sn-devel-104
2012-04-19samba_spnupdate: don't try to register DNS related SPN if we are not ↵Matthieu Patou1-1/+24
mastering the NC For RW DC the impact is pretty small but for RODC the whole SPN set is rejected by the target DC as RODC hasn't the right to register DNS SPN if it is not mastering this NC.
2012-04-02s4-upgradedns: Fix the fqdn for forest dns zoneAmitay Isaacs1-1/+1
Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Mon Apr 2 10:56:10 CEST 2012 on sn-devel-104
2012-03-28s4-upgradedns: Make sure the attribute exists before accessing itAmitay Isaacs1-4/+8
Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Wed Mar 28 10:27:40 CEST 2012 on sn-devel-104
2012-03-26LDB/s4 - do not use the "(dn=...)" syntax on filters anymoreMatthias Dieter Wallnöfer3-13/+14
Make it AD-compatible using "(distinguishedName=...)". Reviewed-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-03-21s4-upgradedns: Add DNS partitions in msDS-hasMasterNCs in NTDS settingsAmitay Isaacs1-0/+40
Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Wed Mar 21 03:16:22 CET 2012 on sn-devel-104
2012-03-21s4-upgradedns: Allow fixing of dns provision after domain joinAmitay Isaacs1-39/+56
This change allows samba_upgradedns script to be run even on existing dns provision (DLZ_BIND9 or SAMBA_INTERNAL) without any side effects. This allows to "fix" dns provision after samba-tool domain join for running BIND with DLZ plugin.
2012-03-17upgrade provision didn't run findprovisionrange anymoreMatthieu Patou1-8/+13
Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Sat Mar 17 09:51:46 CET 2012 on sn-devel-104
2012-03-17Rewrite findprovisionrange to use factorized functionsMatthieu Patou1-98/+4
2012-03-13samba_dnsupdate: Mention contents of invalid line when encountering parsing ↵Jelmer Vernooij1-2/+5
error. Bug: https://bugzilla.samba.org/show_bug.cgi?id=8809
2012-03-13samba_dnsupdate: Raise proper exception when getting unexpected DNS reply.Jelmer Vernooij1-2/+1
2012-03-13samba_dnsupdate: Use docstrings, which show up nicely in API docs.Jelmer Vernooij1-21/+17
2012-03-11upgradedns: Remove unused import.Jelmer Vernooij1-1/+0
2012-03-11s4:upgradeprovision - fix some output messagesMatthias Dieter Wallnöfer1-3/+3
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Mar 11 21:54:54 CET 2012 on sn-devel-104
generated by cgit (git 2.34.1) at 2024-06-26 03:03:20 +0000