summaryrefslogtreecommitdiff
path: root/source4/scripting
AgeCommit message (Collapse)AuthorFilesLines
2012-12-08samba-tool processes: Make the output a bit neaterRicky Nance1-5/+5
Reviewed-By: Jelmer Vernooij <jelmer@samba.org> Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org> Autobuild-Date(master): Sat Dec 8 03:34:29 CET 2012 on sn-devel-104
2012-12-06scripting: Handle missing LDAP entries in samba-tool domain classicupgradeAndrew Bartlett1-0/+6
Reported-by: Thomas Simmons <twsnnva@gmail.com>
2012-12-03s4:python/ntacl: add 'as_sddl' option to dsacl2fsacl()Stefan Metzmacher1-1/+4
This allows the caller to ask for a security.descriptor instead of sddl by passing 'as_sddl=False'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-03s4:python/ntacl: allow string or objects for sd/sid in setntacl()Stefan Metzmacher1-3/+14
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-03s4:samba-tool/gpo: fix the operation order when creating gposStefan Metzmacher1-13/+20
We should do it like the windows GUI. 1. create the LDAP objects 2. query the security_descriptor of the groupPolicyContainer 3. create the gPCFileSysPath via smb 4. set the security_descriptor of gPCFileSysPath 5. copy the files and directories into gPCFileSysPath 6. modify the groupPolicyContainer and link gPCFileSysPath Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-03s4:samba-tool/gpo: use 'gPCFileSysPath' when deleting gposStefan Metzmacher1-4/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-03s4:samba-tool/gpo: use the dns_domain from the server when creating gposStefan Metzmacher1-2/+14
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:samba_upgradeprovision: use the sd_flags:1:15 control with an empty sdStefan Metzmacher1-7/+14
The sd_flags:1:15 control together with an empty security_descriptor has the same effect as the recalculate_sd:0 control (which is samba only). Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:provision: add get_empty_descriptor()Stefan Metzmacher2-0/+6
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:tests/samba_tool/gpo.py: fix accidential line breakMichael Adam1-2/+1
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-11-30s4:tests/samba_tool/gpo.py: add test_show_as_admin()Stefan Metzmacher1-0/+5
This calls samba-tool gpo show as admin (which should be able to see the full nTSecurityDescriptor. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:netcmd/gpo.py: let get_gpo_info explicitly ask for the full ↵Stefan Metzmacher1-2/+4
ntSecurityDescriptor Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:netcmd/gpo.py: only ask for OWNER/GROUP/DACL when validating the ↵Stefan Metzmacher1-5/+6
nTSecurityDescriptor Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:netcmd/gpo.py: the nTSecurityDescriptor may not be visible for the ↵Stefan Metzmacher1-3/+7
current user Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:netcmd/gpo.py: s/ntSecurityDescriptor/nTSecurityDescriptorStefan Metzmacher1-5/+5
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-23web_server: Load SWAT if it is available.Jelmer Vernooij1-3/+31
Reviewed-by: Matthieu Patou <mat@matws.net> Autobuild-User(master): Matthieu Patou <mat@samba.org> Autobuild-Date(master): Fri Nov 23 01:39:38 CET 2012 on sn-devel-104
2012-11-22s4/web_server: Fix typo in URL.Jelmer Vernooij1-1/+1
Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org> Autobuild-Date(master): Thu Nov 22 01:37:02 CET 2012 on sn-devel-104
2012-11-16samba-tool dns: Don't use "localhost" to connect to local hostKai Blin1-0/+2
Calling "samba-tool dns <cmd> localhost" provokes a stacktrace. This just makes 'samba-tool dns <cmd> localhost' work and doesn't fix the underlying issue, but I don't see it causing any harm (unless you don't have an ipv4 localhost, I guess). Signed-off-by: Kai Blin <kai@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Fri Nov 16 13:18:14 CET 2012 on sn-devel-104
2012-11-16s4:samba-tool: Fix samba-tool fsmo --role=schemaArvid Requate1-1/+1
Fix traceback: samba-tool fsmo --role=schema --force ERROR(<type 'exceptions.TypeError'>): uncaught exception - argument 2 must be string, not ldb.Dn File "/usr/lib/python2.6/dist-packages/samba/netcmd/__init__.py", line 168, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.6/dist-packages/samba/netcmd/fsmo.py", line 160, in run self.seize_role(role, samdb, force) File "/usr/lib/python2.6/dist-packages/samba/netcmd/fsmo.py", line 119, in seize_role m.dn = ldb.Dn(samdb, self.schema_dn) Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Nov 16 00:40:24 CET 2012 on sn-devel-104
2012-11-16samba-tool: Add new samba-tool gpo aclcheck and testAndrew Bartlett2-0/+73
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2012-11-14scripting ntacls: Do not place a SACL in the GPO filesystem ACLAndrew Bartlett1-1/+0
On a new GPO created on windows, the SACL is not used. Andrew Bartlett Reviewed by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Nov 14 00:34:50 CET 2012 on sn-devel-104
2012-11-13smbd: Remove NT4 compatability handling in posix -> NT ACL conversionAndrew Bartlett1-6/+6
NT4 is long dead, and we should not change which ACL we return based on what we think the client is. The reason we should not do this, is that if we are using vfs_acl_xattr then the hash will break if we do. Additionally, it would require that the python VFS interface set the global remote_arch to fake up being a modern client. This instead seems cleaner and removes untested code (the tests are updated to then handle the results of the modern codepath). The supporting 'acl compatability' parameter is also removed. Andrew Bartlett Reviewed by: Jeremy Allison <jra@samba.org>
2012-11-13s4:samba-tool/testparm: report a CommandError if loading of the config file ↵Stefan Metzmacher1-1/+4
fails Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2012-11-13selftest: Add --tmpdir to 'samba-tool gpo create' testAndrew Bartlett2-3/+9
This was the cause of the flakey test, and was only noticed when multiple different users ran autobuild at the same time on the same server. We use shutil.rmtree to wipe the directory before the tests finishes as required by the TestCaseInTempDir class. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Nov 13 10:50:56 CET 2012 on sn-devel-104
2012-11-13selftest: Avoid returning errors (rather than failures) in gpo testAndrew Bartlett1-2/+4
This should help find the real cause of the flakey test, if it ever returns. Andrew Bartlett Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2012-11-12selftest: Avoid test cross-contamination in samba.tests.posixaclAndrew Bartlett1-81/+59
This creates a new xattr.tdb per unit test, which avoids once and for all the issue of dev/inode reuse. For test_setposixacl_dir_getntacl_smbd the file ownership also set specifically. Andrew Bartlett Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2012-11-11selftest: Add tests for expected behaviour on directories as well as filesAndrew Bartlett1-0/+197
This is important because it covers the codepath which had the talloc error fixed by commit 60cf4cb5a630506747431ecbf00d890509baf2f3 (vfs_acl_common: In add_directory_inheritable_components allocate on psd as parent) Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sun Nov 11 15:48:10 CET 2012 on sn-devel-104
2012-11-12pysmbd: Add SMB_ACL_EXECUTE to the mask set by make_simple_acl()Andrew Bartlett1-2/+2
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2012-11-12selftest: Make samba.tests.ntacl also use TestCaseInTempDirAndrew Bartlett1-37/+31
This follows on from the successful conversion of samba.tests.posixacl. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2012-11-12samba-tool: Rework ldap attribute fetch in classicupgrade for missing attributesAndrew Bartlett1-17/+24
Is is not required that these additional attributes be filled in, so catch KeyError in both the nsswitch and ldap backend case. We rework get_posix_attr_from_ldap_backend() so it raises KeyError rather than trying to return None, and does not ignore other errors. Andrew Bartlett Tested-by: Chirana Gheorghita Eugeniu Theodor <office@adaptcom.ro> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2012-11-09samba-tool: Fix typo in --help output.Karolin Seeger1-1/+1
Signed-off-by: Karolin Seeger <kseeger@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Fri Nov 9 11:04:50 CET 2012 on sn-devel-104
2012-11-06provision: Make dsacl2fsacl() take a security.dom_sid, not strAndrew Bartlett3-6/+5
Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Nov 6 00:12:43 CET 2012 on sn-devel-104
2012-11-06provision: Also walk directories checking ACLsAndrew Bartlett1-1/+1
The directory walk was missed due to a cut-and-paste error. Andrew Bartlett Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-11-06selftest: check that samba-tool gpo works for basic operationsAndrew Bartlett1-0/+57
Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-11-01samba-tool: "drs options" does not need a samdb connectionAndrew Tridgell1-1/+0
this gives us a handy pure RPC client test for use in blackbox testing Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2012-10-31samba-tool: Add samba-tool processes subcommandAndrew Bartlett3-0/+115
This will allow administrators to inspect the process list in a similar way to what running on a platform with setproctitle might permit. --pid= returns the registered server names for a PID (eg kdc, cldap_server) --name= returns the pids registered with a particular name. Andrew Bartlett
2012-10-31pymessaging: Add irpc_servers_byname() and irpc_all_servers()Andrew Bartlett1-0/+9
This will allow python scripts to inspect the process list. Andrew Bartlett
2012-10-31pymessaging: Use the server_id IDL structure rather than a tupleAndrew Bartlett1-2/+2
This will make it easier to pass this structure in and out. The tuple is still accepted as input. Andrew Bartlett
2012-10-27TestCaseInTempDir: Use addCleanup rather than tearDown.Jelmer Vernooij1-2/+3
2012-10-27sefltest: use TestCaseInTempDir and setUp/tearDown for posixacl.py temp fileAndrew Bartlett1-170/+62
This manages the temp file more reliably, and reduces the repeated code in each test case. Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Oct 27 04:37:58 CEST 2012 on sn-devel-104
2012-10-27provision: Fix comments in checksysvolaclAndrew Bartlett1-1/+2
2012-10-26pysmbd: Add hook for unlink() so python scripts can remove xattr.tdb entriesAndrew Bartlett1-20/+20
If we do not provide a way to remove files from xattr.tdb, we can re-use the inode. Andrew Bartlett
2012-10-25python-ntacls: Cope with ACL revision 4Andrew Bartlett1-0/+2
This is the new revision with the hash of the posix or system ACL. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Oct 25 15:04:39 CEST 2012 on sn-devel-104
2012-10-25selftest: Always unlink the tempf in posixacl testAndrew Bartlett1-1/+4
2012-10-25selftest: Cover the important non-Samba invalidation of the NT ACLAndrew Bartlett1-0/+23
This covers the case where we have a valid hash of the posix ACL (or the NT ACL from the POSIX ACL) and we notice it no longer matches. Andrew Bartlett
2012-10-25selftest: Cover one more NT ACL invalidation case and improve commentsAndrew Bartlett1-8/+7
This tries to show the difference between the cases where we trap the POSIX ACL change and where we actually detect an OS-level change. Andrew Bartlett
2012-10-25selftest: Add many more tests for our posix ACL handlingAndrew Bartlett1-1/+236
This tests the mapping of posix ACLs to NT ACLs, the invalidation of NT ACLs stored as an xattr and ensures this security-critical code continues to work in the long term. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Oct 25 10:05:16 CEST 2012 on sn-devel-104
2012-10-21pyglue: Make all_interfaces argumen to interface_ips() optional.Jelmer Vernooij1-2/+2
Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org> Autobuild-Date(master): Sun Oct 21 21:26:01 CEST 2012 on sn-devel-104
2012-10-21pyglue: Mention parameters in interface_ips() docstring.Jelmer Vernooij1-0/+2
2012-10-19samba-tool user test: Fix expected output.Jelmer Vernooij1-1/+1
Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org> Autobuild-Date(master): Fri Oct 19 11:37:44 CEST 2012 on sn-devel-104