summaryrefslogtreecommitdiff
path: root/source4/scripting/python
AgeCommit message (Collapse)AuthorFilesLines
2012-09-04s4-samba-tool: Ensure we also sync the SACL as well as the DACL during ↵Andrew Bartlett1-1/+1
sysvolreset
2012-09-04s3-passdb: Rename pdb_samba4 to samba_dsdb and autoconfigure when we are a AD DCAndrew Bartlett2-13/+14
The name samba_dsdb is not ideal, but it matches the primary ldb module we use, and more importantly it avoids having '4' in the name. We should slowly avoid using the term samba4 in long-term places like the smb.conf because it is confusing to users given we are shipping Samba 4.0 as an AD DC as well as all the other supported roles (domain member/standalone server/classic DC) Additionally, samba4 will be an odd name when we eventually release Samba 5.0! samba4 remains accepted as an alias to ensure existing smb.conf files load, but to allow changes here in the future, we set the value during the smb.conf load, and not during the provision when we are an AD DC. This simplifies the default smb.conf for the vast majority of our users and reduces the number of things listed in smb.conf files that we later have to work around if we wish to change the name/implementation of the passdb glue module again. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Sep 4 04:45:16 CEST 2012 on sn-devel-104
2012-09-03s4-classicupgrade: Show more clearly what is wrong with the Adminstrator SIDAndrew Bartlett1-0/+1
2012-08-28s3-classicupgrade: Fix import from ldapAndrew Bartlett1-2/+2
We must not reference result before provision(), and do not need session_info and lp for reading a normal ldap backend anyway. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Aug 28 09:49:39 CEST 2012 on sn-devel-104
2012-08-28s4-classicupgrade: Do the setting of the sysvol ACLs last, after idmap is ↵Andrew Bartlett2-7/+14
configured This will allow files to be correctly owned by the idmap that is imported. This appears to fix an issue that came up after s3fs-compatible ACLs were merged into provision. Andrew Bartlett
2012-08-28s3-passdb: Allow reload of the static passdb from pythonAndrew Bartlett1-0/+2
This is then used in provision when the passdb backend is forced. Andrew Bartlett
2012-08-28s4-dsdb: Add secrets_tdb_sync - an ldb module to keep secrets.tdb in syncAndrew Bartlett3-2/+4
secrets_tdb_sync is a new ldb module designed to sync secrets.ldb entries with the secrets.tdb file. While not ideal to keep two copies of this data, this routine will assist in allowing the samba-tool domain join code to operate correctly in most cases where winbindd and smbd are used. Andrew Bartlett
2012-08-28s4-classicupgrade: Read WINS DB before the provisionAndrew Bartlett1-6/+7
2012-08-28s4-classicupgrade: Do all the queries of data before the provision()Andrew Bartlett1-35/+35
This allows provision to change the s3 smb.conf settings if required. Andrew Bartlett
2012-08-28s4-classicupgrade: Use s3param.get_context() instead of result.lpAndrew Bartlett1-1/+1
We should not need the guessed values here, but by changing to using the s3 loadparm context we can move this block to before the provision. Andrew Bartlett
2012-08-23s4-selftest: Add test for samba-tool ntacl sysvolcheckAndrew Bartlett1-0/+26
2012-08-23s4-samba-tool: Add samba-tool ntacl sysvolcheck commandAndrew Bartlett2-1/+143
This command verifies that the current on-disk ACLs match the directory and the defaults from provision. Unlike sysvolreset, this does not change any of the permissions. Andrew Bartlett
2012-08-23s3-smbd: Add security_info_wanted argument to get_nt_acl_no_snumAndrew Bartlett1-1/+1
I need to get at the owner, group, DACL and SACL when testing correct ACL storage. Andrew Bartlett
2012-08-23s4-selftest: Add testing of samba-tool ntacl sysvolresetAndrew Bartlett1-0/+44
2012-08-23s4-provision: Fix internal documentationAndrew Bartlett1-0/+1
2012-08-23s3-pysmbd: Allow a mode to be specified for the simple ACLAndrew Bartlett1-1/+1
The additional group for the ACL is now optional. Andrew Bartlett
2012-08-23s4-samba-tool: Add 'samba-tool ntacl sysvolreset' toolAndrew Bartlett1-1/+73
This will reset the NT ACL on the sysvol share to the default from provision, with GPO objects matching the LDAP ACL (as required). Andrew Bartlett
2012-08-23selftest: Cope with the multiple possible representations of -1 in posixacl.pyAndrew Bartlett1-28/+29
2012-08-23selftest: Extend posixacl test to check the actual ACLAndrew Bartlett1-2/+274
Needing to be able to write this test is the primary reason I have been reworking the VFS and posix ACL layer over the past few weeks. By exposing the POSIX ACL as a IDL object we can eaisly manipulate it in python, and then verify that the ACL was handled correctly. This ensures the when we write an ACL in provision, that it will indeed allow that access at the FS layer. We need to extend this beyond just the critical two ACLs set during provision, to also include some special (hard) cases involving the merging of ACE entries, as this is the most delicate part of the ACL transfomation. A similar test should also be written to read the posix ACL and the mapped NT ACL on a file that has never had an NT ACL set. Andrew Bartlett
2012-08-23selftest: Add a test of the NT ACL -> posix ACL mapping layerAndrew Bartlett1-0/+131
This is the start of what will be a series of tests confirming exactly how some NT ACLs are mapped to posix ACLs. Andrew Bartlett
2012-08-23s4-scripting: Redefine getntacl() as accessing via the smbd VFS or directlyAndrew Bartlett2-6/+11
This allows us to write tests that compare the smbd vfs with what is in the DB or xattr. Andrew Bartlett
2012-08-23s4-provision: set POSIX ACLs to for use with the smbd file server (s3fs)Andrew Bartlett2-52/+92
This handles the fact that smbd will rarely override the POSIX ACL enforced by the kernel. This has caused issues with the creation of group policies by other members of the Domain Admins group. Andrew Bartlett
2012-08-23s4-upgradeprovision: Use ntvfs in reference provisionAndrew Bartlett1-1/+1
We do not need filesystem ACLs set when creating the reference provision, so it is easier to use the NTVFS backend as it does not cause trouble with make test. Andrew Bartlett
2012-08-22s4-classicupgrade: Add --use-ntvfs optionAndrew Bartlett2-4/+8
This is an odd option, but is needed because I wish to add assertions about ACL setting that will not work in make test without the vfs_fake_acls module loaded. Andrew Bartlett
2012-08-22s4-provision: pass use_ntvfs from C wrappers and set to true in tests/vampireAndrew Bartlett1-2/+2
None of these cases need the complexity of the s3fs backend. Andrew Bartlett
2012-08-16s3-libsmb: Add a simple test for python bindingsVolker Lendecke1-0/+78
Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Aug 16 22:49:06 CEST 2012 on sn-devel-104
2012-08-15s4-selftest: Fix test name for samba.tests.dcerpc.bareAndrew Bartlett1-1/+1
2012-08-14s4:samba-tool/drs: print the dns name of the server belonging to a connectionStefan Metzmacher1-1/+4
Pair-Programmed-With: Björn Baumbach <bb@sernet.de> metze
2012-08-14s4-classicupgrade: Tests if sam policies exist before trying to import them.Wesley Young1-21/+28
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-08-10s4-dsdb: Explain better what records are written during schema setAndrew Bartlett2-7/+7
This is controlled by setting write_indices_and_attributes. Andrew Bartlett
2012-08-09s4-dsdb: Ensure we have indexing enabled during the provisionAndrew Bartlett1-1/+6
Because we set the schema before we connected the ldb to a file, the @INDEX records were not added until next startup. This cost 100% more time in running provision on my laptop. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Aug 9 08:20:36 CEST 2012 on sn-devel-104
2012-08-09s4-pydsdb: Provide control of if we should write index attributes when ↵Andrew Bartlett1-4/+4
reloading a schema This allows us to carefully control the loading of the schema. Andrew Bartlett
2012-08-07s4-scripting: Remove unused variables from ntacl testsAndrew Bartlett1-10/+0
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Aug 7 11:15:41 CEST 2012 on sn-devel-104
2012-08-04s4:domain join: setup RODC invocationIdStefan Metzmacher1-0/+26
Pair-Programmed-With: Björn Baumbach <bb@sernet.de> metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sat Aug 4 18:27:21 CEST 2012 on sn-devel-104
2012-07-30s4-samba-tool ldapcmp: Fix synopsisAndrew Bartlett1-1/+1
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Jul 30 06:25:46 CEST 2012 on sn-devel-104
2012-07-30s4-samba-tool ldapcmp: Add ridNextRID and rIDPreviousAllocationPool as ↵Andrew Bartlett1-0/+1
per-DC attributes
2012-07-28s4-dbcheck: Add lastKnownParent when moving an object to lostAndFoundAndrew Bartlett1-7/+28
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Jul 28 05:40:43 CEST 2012 on sn-devel-104
2012-07-22s4-classicupgrade: Add unix attributes during upgradeGeza Gemes1-1/+108
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sun Jul 22 13:20:20 CEST 2012 on sn-devel-104
2012-07-18s4-dbcheck: Check for and correct incorrect instanceType valuesAndrew Bartlett1-0/+45
2012-07-13s4-provision: Provide YP/NIS subtree to allow ADUC to see and set rfc2307 attrsGeza Gemes1-1/+26
When provisioning with --use_rfc2307=yes populate the subtree: CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN} This makes it possible to manipulate the posix attributes via ADUC (commit message adjusted by abartlet) Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-07-06s4-dbcheck: Check for an object without a parentAndrew Bartlett1-0/+44
Such objects are then moved to the appropriate LostAndFound container, just as they would be if replicated. Andrew Bartlett
2012-07-06pydsdb: Add bindings for dsdb_wellknown_dn()Andrew Bartlett1-0/+3
2012-07-06s4-pydsdb: Add bindings for dsdb_find_nc_root()Andrew Bartlett1-0/+3
2012-07-06s4-classicupgrade: Demote any other 'BDC' accounts back to a member server ↵Andrew Bartlett1-2/+12
during upgrade This makes it clear that they cannot be a DC until they are upgraded with samba-tool domain dcpromo. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Jul 6 09:59:13 CEST 2012 on sn-devel-104
2012-07-06s4-samba-tool: Provide a samba-tool domain dcpromo that upgrades a member to ↵Andrew Bartlett2-10/+121
a DC This command is like dcpromo in that it upgrades the existing workstation account to be a domain controller. The SID (and therefore any file ownerships) is preserved. Andrew Bartlett
2012-07-03samba-tool: gpo: Update copyrightAmitay Isaacs1-1/+1
Autobuild-User(master): Amitay Isaacs <amitay@samba.org> Autobuild-Date(master): Tue Jul 3 09:10:21 CEST 2012 on sn-devel-104
2012-07-03samba-tool: gpo: Improve error messagesAmitay Isaacs1-26/+28
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
2012-07-03samba-tool: gpo: Add del subcommand to delete GPOAmitay Isaacs1-0/+79
Thanks to Denis Bonnenfant <denis.bonnenfant@diderot.org> for patch.
2012-07-03samba-tool: gpo: Add listcontainers subcommand to list containers using ↵Amitay Isaacs1-0/+37
given GPO Thanks to Denis Bonnenfant <denis.bonnenfant@diderot.org> for patch.
2012-07-03samba-tool: gpo: Use utility function dc_url() to set the connection urlAmitay Isaacs1-9/+18
In create and fetch subcommands, we also need to know DC hostname. So first find a DC and use DC hostname to construct connection url. If ldap:// url is specified with -H, then use that to construct DC hostname.
generated by cgit (git 2.34.1) at 2024-11-07 06:33:33 +0000