Age | Commit message (Collapse) | Author | Files | Lines |
|
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date(master): Sat Dec 8 03:34:29 CET 2012 on sn-devel-104
|
|
Reported-by: Thomas Simmons <twsnnva@gmail.com>
|
|
This allows the caller to ask for a security.descriptor instead of sddl
by passing 'as_sddl=False'.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
We should do it like the windows GUI.
1. create the LDAP objects
2. query the security_descriptor of the groupPolicyContainer
3. create the gPCFileSysPath via smb
4. set the security_descriptor of gPCFileSysPath
5. copy the files and directories into gPCFileSysPath
6. modify the groupPolicyContainer and link gPCFileSysPath
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
The sd_flags:1:15 control together with an empty security_descriptor
has the same effect as the recalculate_sd:0 control (which is samba only).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
This calls samba-tool gpo show as admin (which should be able to
see the full nTSecurityDescriptor.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
ntSecurityDescriptor
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
nTSecurityDescriptor
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
current user
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
Reviewed-by: Matthieu Patou <mat@matws.net>
Autobuild-User(master): Matthieu Patou <mat@samba.org>
Autobuild-Date(master): Fri Nov 23 01:39:38 CET 2012 on sn-devel-104
|
|
Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date(master): Thu Nov 22 01:37:02 CET 2012 on sn-devel-104
|
|
Calling "samba-tool dns <cmd> localhost" provokes a stacktrace.
This just makes 'samba-tool dns <cmd> localhost' work and doesn't fix
the underlying issue, but I don't see it causing any harm (unless you
don't have an ipv4 localhost, I guess).
Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Nov 16 13:18:14 CET 2012 on sn-devel-104
|
|
Fix traceback:
samba-tool fsmo --role=schema --force
ERROR(<type 'exceptions.TypeError'>): uncaught exception - argument 2 must be string, not ldb.Dn
File "/usr/lib/python2.6/dist-packages/samba/netcmd/__init__.py", line 168, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.6/dist-packages/samba/netcmd/fsmo.py", line 160, in run
self.seize_role(role, samdb, force)
File "/usr/lib/python2.6/dist-packages/samba/netcmd/fsmo.py", line 119, in seize_role
m.dn = ldb.Dn(samdb, self.schema_dn)
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Nov 16 00:40:24 CET 2012 on sn-devel-104
|
|
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
|
|
On a new GPO created on windows, the SACL is not used.
Andrew Bartlett
Reviewed by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Nov 14 00:34:50 CET 2012 on sn-devel-104
|
|
NT4 is long dead, and we should not change which ACL we return based
on what we think the client is. The reason we should not do this, is
that if we are using vfs_acl_xattr then the hash will break if we do.
Additionally, it would require that the python VFS interface set the
global remote_arch to fake up being a modern client.
This instead seems cleaner and removes untested code (the tests are
updated to then handle the results of the modern codepath).
The supporting 'acl compatability' parameter is also removed.
Andrew Bartlett
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
fails
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
This was the cause of the flakey test, and was only noticed when
multiple different users ran autobuild at the same time on the same
server.
We use shutil.rmtree to wipe the directory before the tests finishes
as required by the TestCaseInTempDir class.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Nov 13 10:50:56 CET 2012 on sn-devel-104
|
|
This should help find the real cause of the flakey test, if it ever returns.
Andrew Bartlett
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
|
|
This creates a new xattr.tdb per unit test, which avoids once and for all
the issue of dev/inode reuse.
For test_setposixacl_dir_getntacl_smbd the file ownership also set specifically.
Andrew Bartlett
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
|
|
This is important because it covers the codepath which had the talloc
error fixed by commit 60cf4cb5a630506747431ecbf00d890509baf2f3
(vfs_acl_common: In add_directory_inheritable_components allocate on
psd as parent)
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Nov 11 15:48:10 CET 2012 on sn-devel-104
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
This follows on from the successful conversion of samba.tests.posixacl.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Is is not required that these additional attributes be filled in, so
catch KeyError in both the nsswitch and ldap backend case.
We rework get_posix_attr_from_ldap_backend() so it raises KeyError
rather than trying to return None, and does not ignore other errors.
Andrew Bartlett
Tested-by: Chirana Gheorghita Eugeniu Theodor <office@adaptcom.ro>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
|
|
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Nov 9 11:04:50 CET 2012 on sn-devel-104
|
|
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Nov 6 00:12:43 CET 2012 on sn-devel-104
|
|
The directory walk was missed due to a cut-and-paste error.
Andrew Bartlett
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
this gives us a handy pure RPC client test for use in blackbox testing
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This will allow administrators to inspect the process list in a
similar way to what running on a platform with setproctitle might
permit.
--pid= returns the registered server names for a PID (eg kdc, cldap_server)
--name= returns the pids registered with a particular name.
Andrew Bartlett
|
|
This will allow python scripts to inspect the process list.
Andrew Bartlett
|
|
This will make it easier to pass this structure in and out. The tuple is still
accepted as input.
Andrew Bartlett
|
|
|
|
This manages the temp file more reliably, and reduces the repeated
code in each test case.
Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Oct 27 04:37:58 CEST 2012 on sn-devel-104
|
|
|
|
If we do not provide a way to remove files from xattr.tdb, we can re-use the inode.
Andrew Bartlett
|
|
This is the new revision with the hash of the posix or system ACL.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Oct 25 15:04:39 CEST 2012 on sn-devel-104
|
|
|
|
This covers the case where we have a valid hash of the posix ACL (or the NT ACL from the
POSIX ACL) and we notice it no longer matches.
Andrew Bartlett
|
|
This tries to show the difference between the cases where we trap
the POSIX ACL change and where we actually detect an OS-level change.
Andrew Bartlett
|
|
This tests the mapping of posix ACLs to NT ACLs, the invalidation of
NT ACLs stored as an xattr and ensures this security-critical code
continues to work in the long term.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Oct 25 10:05:16 CEST 2012 on sn-devel-104
|
|
Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date(master): Sun Oct 21 21:26:01 CEST 2012 on sn-devel-104
|
|
|
|
Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date(master): Fri Oct 19 11:37:44 CEST 2012 on sn-devel-104
|