summaryrefslogtreecommitdiff
path: root/source4/scripting/bin
AgeCommit message (Collapse)AuthorFilesLines
2010-02-20s4:credentials Add hooks to extract a named Kerberos credentials cacheAndrew Bartlett1-0/+30
This allows the integration of external tools that can't be linked into C or python, but need to authenticate as the local machine account. The machineaccountccache script demonstrates this, and debugging has been improved in cli_credentials_set_secrets() by passing back and error string. Andrew Bartlett
2010-02-12s4-script: make enablerecyclebin use system_sessionAndrew Tridgell1-1/+2
This allows it to work against our local ldb
2010-01-21upgradeprovision: forbid running upgradeprovision when there is more than 1 DCMatthieu Patou1-0/+20
2010-01-21upgradeprovision: mark rIDAvailablePool never upgradedMatthieu Patou1-16/+121
handle properly the fact that missing object might depend on some other in order to be correctly created debug change also if we are in debugall mode
2010-01-21upgradeprovision: reformat + add groupType as possibly overwrittenMatthieu Patou1-9/+12
2010-01-21upgradeprovision: improve info messagesMatthieu Patou1-7/+5
2010-01-21Revert "s4:upgradeprovision - fix up the script regarding linked attributes"Matthieu Patou1-46/+12
This reverts commit 2cedefabc93c8a1fcb49d65a3f78a344e814f826.
2010-01-21upgradeprovision: never use xattr it's pointless in this usecaseMatthieu Patou1-1/+1
2010-01-16Import testtools as well, required for subunit.Jelmer Vernooij1-2/+1
2010-01-10s4:upgradeprovision - fix up the script regarding linked attributesMatthias Dieter Wallnöfer1-12/+46
We have to try to add new objects until between two iterations we didn't make any progress. Either we are then done (no objects remaining) or we are incapable to do this fully automatically. The latter can happen if important system objects (builtin groups, users...) moved (e.g. consider one of my recent comments). Then the new object can't be added if it contains the same "sAMAccountName" attribute as the old one. We have to let the user delete the old one (also to give him a chance to backup personal changes - if needed) and only then the script is capable to add the new one onto the right place. Make this clear with an exhaustive error output. I personally don't see a good way how to do this better for now so I would leave this as a manual step.
2010-01-10s4:upgradeprovision - Reformat commentsMatthias Dieter Wallnöfer1-28/+44
Make them break at line 80 (better readability).
2010-01-08s4-scripting: we need to use a base search for the NTDS GUIDAndrew Tridgell1-1/+1
now we have nTDSConnections structures we can get more than 1 reply
2009-12-18s4-scripts: add a enablerecyclebin scriptAndrew Tridgell1-0/+54
This can be used to enable the recyclebin on a windows box. Once we properly implement this feature in samba we will use this to enable the feature on ourselves as well.
2009-12-15s4: rename res/res2 to something more explicitMatthieu Patou1-71/+68
2009-12-15s4: upgradeprovision handle renaming and knownobjectsMatthieu Patou1-6/+18
2009-12-15s4: upgradeprovision rename also when there is a mismatch on the case of ↵Matthieu Patou1-2/+7
name attribute Renaming not only helps when name attribute is not here it also helps when the case is not the good one. So in order to avoid problem and have as much as possible similar provision we should use the rename whenever a name difference appear.
2009-12-15s4: reorder action to permit old provision to be correctly upgradedMatthieu Patou1-5/+8
2009-12-01s4: Remove targetdir as it can cause some trouble and can be replaced by an ↵Matthieu Patou1-3/+1
adapted -s smb.conf Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-12-01s4: Handle the case in secrets.ldb without name attributeMatthieu Patou1-5/+25
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-12-01s4: don't forget to update defaultSecurityDescriptorMatthieu Patou1-2/+3
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-12-01s4: load the domain level of the current provision and create a provision ↵Matthieu Patou1-2/+8
with the same domain level Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-11-28s4:upgrade_from_s3 - Move it back to "setup"Matthias Dieter Wallnöfer1-86/+0
Suggested by Jelmer
2009-11-28s4: fix SD update and password change in upgrade scriptMatthieu Patou1-82/+90
- reserve a new Samba OID for recalculate SD control - fix the update SD function - fix handling of kvno in the update_machine_account_password function - fix handling of handles in RPC winreg server Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-11-27s4:upgrade_from_s3 - Fix message outputsMatthias Dieter Wallnöfer1-3/+3
The quiet parameter was interpreted in the reverse manner.
2009-11-27s4:upgrade script - rename it to "upgrade_from_s3" and do some reworkMatthias Dieter Wallnöfer1-0/+86
- Give a better name to the script - Move it to the location where also "upgradeprovision" resides - Fix up trailing whitespaces and tabs
2009-11-27s4:upgradeprovision Rework update_machine_account_password() tranactionsAndrew Bartlett1-4/+6
This balances the transaction_begin() and transactin_prepare_commit() calls Andrew Bartlett
2009-11-27s4:upgradeprovision Use mkdtemp to create unique tempoary directory namesAndrew Bartlett1-2/+3
2009-11-27s4:upgradeprovision Rework script, and reset machine account pwAndrew Bartlett1-27/+58
The rework corrects some duplication and errors in the original script, found when preparing an automated test of the script. The code to reset the machine account password avoids issues with AES keys and salting, which may not otherwise be solved by the upgrade. Andrew Bartlett
2009-11-27s4: Improve updateprovisionMatthieu Patou1-33/+52
* Define a simple upgrade process mode (module storage change, file name change, copy of new file) * Move the schema, configuration and current object upgrade into full upgrade mode * Added the --full switch to select the full upgrade mode, and made simple upgrade mode the default * Make updateprovision works without any switch (update the provision in the default location) * Cleanup the messages * Create the reference provision in a subdirectory of the updated provision
2009-11-27s4: Rename the scriptMatthieu Patou1-45/+45
2009-11-25s4:upgradeschema.py Update to reflect recent change in provisionMatthieu Patou1-27/+31
- define which modules we want to use when loading the ldb - move partition in sam.ldb.d dir Changes have been suggested by Andrew Bartlett. (commit message clarified by Andrew Bartlett) Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-11-25s4:upgradeschema.py CleanupMatthieu Patou1-6/+1
- remove some useless comments - remove hardcoded paths (commit message clarified by Andrew Bartlett) Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-11-02s4:provision Move 'Schema' into it's own fileAndrew Bartlett2-3/+5
2009-11-02s4: Create a script for updating a running provision with change introduced ↵Matthieu Patou1-0/+694
since the initial provision
2009-10-15s4:w32err_code.py script - put it under "scripting/bin"Matthias Dieter Wallnöfer1-0/+361
I think this is a better location for this script. Since the subdirectory "script" of "source4" contains only scripts for "make install" and "make uninstall".
2009-10-15s4-script: flush DNS after adding new addressesAndrew Tridgell1-0/+1
2009-09-30Revert "python: create a script for reorgnizing an LDB file."Matthias Dieter Wallnöfer1-60/+0
This reverts commit 11a7842854c0be8c427a2dbf0a8fc3761cda6298. abartlet claims that this patch could lead to data loss (look at technical mailing list)
2009-09-18s4:minschema/fullschema - add correct header commentsMatthias Dieter Wallnöfer2-2/+2
2009-09-18python: create a script for reorgnizing an LDB file.Matthieu Patou1-0/+60
This script helps to reclaim waisted place.
2009-09-14s4: Script to build or rebuild extend DN attributesMatthieu Patou1-0/+141
This script can be used to upgrade a provision that didn't integrate extended dn. It can also be used to add missing extended DN that weren't created during provision.
2009-09-12s4-scripts: allow setup_dns.sh to take a PRIVATEDIRAndrew Tridgell1-1/+3
2009-09-07s4:setup_dns.sh fixed the update of the GUID CNAMEAndrew Tridgell1-8/+14
2009-09-07s4:nsupdate-gss allow forcing of the realmAndrew Tridgell1-35/+37
this is needed for the _msdcs zone
2009-09-07s4: bring nsupdate-gss into the s4 treeAndrew Tridgell2-0/+379
This is a perl script that does TSIG-GSS DNS updates against a AD DC. The bind 9.5 nsupdate still doesn't seem to work with TSIG-GSS, and we need a way to do DNS updates when we vampire a domain, so I revived this ancient perl script and added a wrapper script that can update DNS entries using our machine account credentials
2009-07-03s4: Remove stub endpoint mapper script.Jelmer Vernooij1-24/+0
2009-07-02show attribute values in sorted order to make comparison easierAndrew Tridgell1-0/+5
2009-06-17Make fullschema script executable.Jelmer Vernooij1-0/+0
2009-06-11A script to compare the differences in nTSecurityDescriptor between 2 hostsNadezhda Ivanova1-0/+153
This script walks the schema, configuration and domain partitions of the locally installed Ldb and a remote hosts and compares the descriptors disregarding the difference in domain SID. The goal is to make sure a freshly provisioned Samba has the correct descriptors so ACLs work correctly. It outputs the descriptors in short SDDL, where the correct SIDs are to be replaced during provisioning. Optionally it can be output as an LDIF file with the current local domain and domain SIDs.
2009-03-20s4:fullschema Use server-side sort to make the output deterministicAndrew Bartlett1-2/+4
2009-03-20s4: Remove autogenerated attributes from minschema and fullschema outputAndrew Bartlett2-16/+0
These attributes will be generated by Samba on import, and do not need to be in the schema file. Andrew Bartlett