summaryrefslogtreecommitdiff
path: root/source4/scripting
AgeCommit message (Collapse)AuthorFilesLines
2010-02-12s4:getopt.py - set the password callback only when no password has been providedMatthias Dieter Wallnöfer1-4/+6
Previously the "no_pass" and "no_pass2" variables weren't handled correctly. Since at the initialisation of the "CredentialsOptions" we don't have any password at all. Only afterwards we could get one through "set_password". If a password is specified, use it. If no password is specified, consider the use fo an input mask on STDOUT. But if the loadparm context contains one prefer it over the input.
2010-02-12s4-provision: import the R2 functional levelAndrew Tridgell1-1/+1
this makes it easier to modify the script to set us at R2 level in provision. We should make this a parameter.
2010-02-12s4-build: avoid finding python symlinksAndrew Tridgell1-1/+1
emacs creates symlinks to .py files while you are editing them. This could cause build failures.
2010-02-12s4-script: make enablerecyclebin use system_sessionAndrew Tridgell1-1/+2
This allows it to work against our local ldb
2010-02-11provision: Use short name for assignee of ACE (BA, SA, CO, ...)Matthieu Patou1-8/+6
Use short name (shortcut for wellknown SID/RID) for assignee in each entry of ACL (when possible) of sysvol files (GPO objects and netlogon folders). This avoid error prone substitution of DOMAINSID in ACL and make ACL clearer by using shortname for assignee accordingly with SDDL synthax rules. Translation to real SID is handled internaly by the from_sddl function. Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
2010-02-11python-s4: use secrets.ldb instead of sam.ldb for reading domain SIDMatthieu Patou1-2/+2
This allow to be able to run net acl set xxx yyy on DC, but also on domain member. Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
2010-02-11provision: Fix an error with eadb when using not default install dir and ↵Matthieu Patou1-1/+5
running as a non root user Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
2010-02-11s4-provision: cope with umask in creating private/dnsAndrew Tridgell1-0/+2
2010-02-11s4-provision: pre-create a named.conf.update fileAndrew Tridgell1-1/+5
The named.conf.update file will be filled in at runtime by Samba to contain the list of bind9 grant rules for granting DNS dynamic update permissions on the domain.
2010-02-11s4-provision: move zone file to dns subdirectoryAndrew Tridgell1-12/+52
This allows the permissions to be correctly set for bind to write to a journal file. It also sets the right group ownership and permissions on the files that bind needs to access. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-11s4:provision Be more polite to long-suffering Samba testers.Andrew Bartlett1-2/+3
Our testers put up with a lot of odd things when testing out Samba4. Andrew Bartlett
2010-02-10s4:provision Just 'do the right thing' with empty smb.conf filesAndrew Bartlett1-2/+10
For some reason, JHT keeps on creating an empty smb.conf file, expecting it to be the same as a non-existant one. It is easier to just realise what he meant. Andrew Bartlett
2010-02-09s4:Remove "Py_RETURN_NONE" compatibility codeMatthias Dieter Wallnöfer1-4/+0
This was needed only by Python 2.3 which we no longer support.
2010-01-29Fixed a bug caused by a typo. Infrastructure role didn't work.Nadezhda Ivanova1-1/+1
2010-01-27Implemented net fsmo command for transferring fsmo rolesNadezhda Ivanova2-0/+204
The command allows the user to transfer a fsmo role to the server to which the connection is established. Roles can be transferred or seized. By default a transfer is attempted even if seize option is chosen, as it is dangerous to seize a role if the current owner is still running. example use: net fsmo show --host=hostnameoraddress --username=username --password=password net fsmo transfer --role=role --host=hostnameoraddress --username=username --password=password net fsmo seize --role=role --host=hostnameoraddress --username=username --password=password [--force] Tested against Win2008. Does not work for samba 4 yet as we are missing the GetNCChanges extensions.
2010-01-25s4-python: Fix formatting.Jelmer Vernooij3-33/+27
2010-01-25pyxattr: Move to the same directory as the xattr code.Jelmer Vernooij3-269/+0
2010-01-23s4-provision: Fixed typos and redundant codeEndi S. Dewata1-10/+10
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
2010-01-21pyxattr: Factor out helper functions.Jelmer Vernooij1-24/+24
2010-01-21pyxattr: Simplify tests.Jelmer Vernooij2-57/+62
2010-01-21pyxattr: Fix tests by not opening tdb files multiple times.Jelmer Vernooij1-2/+0
2010-01-21pyxattr: Fix tests by avoiding opening tdb files multiple times.Jelmer Vernooij1-8/+8
2010-01-21pyxattr: Fix memory leaks.Jelmer Vernooij2-8/+20
2010-01-21pyxattr: Simplify tests.Jelmer Vernooij1-80/+50
2010-01-21pyxattr: Use standard functions for error handling.Jelmer Vernooij2-21/+23
2010-01-21pyxattr: Remove unnecessary hacks.Jelmer Vernooij2-26/+1
2010-01-21s4-python: add some helper for converting ldb_flag to textMatthieu Patou1-0/+33
2010-01-21upgradeprovision: forbid running upgradeprovision when there is more than 1 DCMatthieu Patou1-0/+20
2010-01-21upgradeprovision: mark rIDAvailablePool never upgradedMatthieu Patou1-16/+121
handle properly the fact that missing object might depend on some other in order to be correctly created debug change also if we are in debugall mode
2010-01-21upgradeprovision: reformat + add groupType as possibly overwrittenMatthieu Patou1-9/+12
2010-01-21upgradeprovision: improve info messagesMatthieu Patou1-7/+5
2010-01-21Revert "s4:upgradeprovision - fix up the script regarding linked attributes"Matthieu Patou1-46/+12
This reverts commit 2cedefabc93c8a1fcb49d65a3f78a344e814f826.
2010-01-21upgradeprovision: never use xattr it's pointless in this usecaseMatthieu Patou1-1/+1
2010-01-21s4: utils recreate in python setntacl and getntaclMatthieu Patou3-5/+126
setntacl is able to set NTACL attribute from command line getntacl now use getopt for parsing command line option and is also able to dump the acl in the SDDL format.
2010-01-21provision: introduce use-xattr parameter for defining where to store attributesMatthieu Patou1-25/+35
This option allow simple user (non root) to invoke provision without facing an error while insuring that ACL on shared files will always be set
2010-01-21s4-tests: register new unit testsMatthieu Patou2-37/+106
make unit test emit a visible warning
2010-01-21s4-python: add unit test for ntacls manipulation in pythonMatthieu Patou1-0/+99
2010-01-21s4-python: add more unit tests for xattr manipulation in pythonMatthieu Patou1-11/+39
2010-01-21s4: update setntacl and getntacl to select the adaquate backend (fs/tdb) for ↵Matthieu Patou1-16/+54
storing xattr
2010-01-21s4: Set acls correctly on all sysvol and scripts sharesMatthieu Patou1-26/+45
2010-01-21s4: Make unixid optionalMatthieu Patou1-2/+26
Make unixid optional, if value not supplied next id from id pool will be used. Create a function to get next id in id pool.
2010-01-21s4: regroup gpo modification in one function, set acl on files accordingly ↵Matthieu Patou2-19/+164
with ACL in LDAP
2010-01-21s4: Create unit tests for python "samba.xattr" moduleMatthieu Patou2-4/+53
2010-01-21s4: add python bindings for wrap_(s|g)etxattrMatthieu Patou4-2/+286
2010-01-16Import testtools as well, required for subunit.Jelmer Vernooij2-3/+2
2010-01-16Fix permissions - net subcommand modules don't need to be executable.Jelmer Vernooij2-0/+0
2010-01-16s4-devel: added rebuild_zone.shAndrew Tridgell1-0/+107
This rebuilds a DNS zone file, including all DCs from sam.ldb
2010-01-13Fixed a problem with incorrect default SD owner/group.Nadezhda Ivanova1-1/+1
2010-01-13Comparison tool for LDAP servers (using Ldb)Zahari Zahariev2-0/+501
This tool is integrated with Samba4 Ldb. It provides a useful output where you can find easy differences in objects or attributes within naming context (Domain, Configuration or Schema). Added functionality for two sets of credentials.
2010-01-10s4:upgradeprovision - fix up the script regarding linked attributesMatthias Dieter Wallnöfer1-12/+46
We have to try to add new objects until between two iterations we didn't make any progress. Either we are then done (no objects remaining) or we are incapable to do this fully automatically. The latter can happen if important system objects (builtin groups, users...) moved (e.g. consider one of my recent comments). Then the new object can't be added if it contains the same "sAMAccountName" attribute as the old one. We have to let the user delete the old one (also to give him a chance to backup personal changes - if needed) and only then the script is capable to add the new one onto the right place. Make this clear with an exhaustive error output. I personally don't see a good way how to do this better for now so I would leave this as a manual step.