summaryrefslogtreecommitdiff
path: root/source4/scripting
AgeCommit message (Collapse)AuthorFilesLines
2012-11-16samba-tool: Add new samba-tool gpo aclcheck and testAndrew Bartlett2-0/+73
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2012-11-14scripting ntacls: Do not place a SACL in the GPO filesystem ACLAndrew Bartlett1-1/+0
On a new GPO created on windows, the SACL is not used. Andrew Bartlett Reviewed by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Nov 14 00:34:50 CET 2012 on sn-devel-104
2012-11-13smbd: Remove NT4 compatability handling in posix -> NT ACL conversionAndrew Bartlett1-6/+6
NT4 is long dead, and we should not change which ACL we return based on what we think the client is. The reason we should not do this, is that if we are using vfs_acl_xattr then the hash will break if we do. Additionally, it would require that the python VFS interface set the global remote_arch to fake up being a modern client. This instead seems cleaner and removes untested code (the tests are updated to then handle the results of the modern codepath). The supporting 'acl compatability' parameter is also removed. Andrew Bartlett Reviewed by: Jeremy Allison <jra@samba.org>
2012-11-13s4:samba-tool/testparm: report a CommandError if loading of the config file ↵Stefan Metzmacher1-1/+4
fails Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2012-11-13selftest: Add --tmpdir to 'samba-tool gpo create' testAndrew Bartlett2-3/+9
This was the cause of the flakey test, and was only noticed when multiple different users ran autobuild at the same time on the same server. We use shutil.rmtree to wipe the directory before the tests finishes as required by the TestCaseInTempDir class. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Nov 13 10:50:56 CET 2012 on sn-devel-104
2012-11-13selftest: Avoid returning errors (rather than failures) in gpo testAndrew Bartlett1-2/+4
This should help find the real cause of the flakey test, if it ever returns. Andrew Bartlett Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2012-11-12selftest: Avoid test cross-contamination in samba.tests.posixaclAndrew Bartlett1-81/+59
This creates a new xattr.tdb per unit test, which avoids once and for all the issue of dev/inode reuse. For test_setposixacl_dir_getntacl_smbd the file ownership also set specifically. Andrew Bartlett Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2012-11-11selftest: Add tests for expected behaviour on directories as well as filesAndrew Bartlett1-0/+197
This is important because it covers the codepath which had the talloc error fixed by commit 60cf4cb5a630506747431ecbf00d890509baf2f3 (vfs_acl_common: In add_directory_inheritable_components allocate on psd as parent) Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sun Nov 11 15:48:10 CET 2012 on sn-devel-104
2012-11-12pysmbd: Add SMB_ACL_EXECUTE to the mask set by make_simple_acl()Andrew Bartlett1-2/+2
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2012-11-12selftest: Make samba.tests.ntacl also use TestCaseInTempDirAndrew Bartlett1-37/+31
This follows on from the successful conversion of samba.tests.posixacl. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2012-11-12samba-tool: Rework ldap attribute fetch in classicupgrade for missing attributesAndrew Bartlett1-17/+24
Is is not required that these additional attributes be filled in, so catch KeyError in both the nsswitch and ldap backend case. We rework get_posix_attr_from_ldap_backend() so it raises KeyError rather than trying to return None, and does not ignore other errors. Andrew Bartlett Tested-by: Chirana Gheorghita Eugeniu Theodor <office@adaptcom.ro> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2012-11-09samba-tool: Fix typo in --help output.Karolin Seeger1-1/+1
Signed-off-by: Karolin Seeger <kseeger@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Fri Nov 9 11:04:50 CET 2012 on sn-devel-104
2012-11-06provision: Make dsacl2fsacl() take a security.dom_sid, not strAndrew Bartlett3-6/+5
Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Nov 6 00:12:43 CET 2012 on sn-devel-104
2012-11-06provision: Also walk directories checking ACLsAndrew Bartlett1-1/+1
The directory walk was missed due to a cut-and-paste error. Andrew Bartlett Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-11-06selftest: check that samba-tool gpo works for basic operationsAndrew Bartlett1-0/+57
Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-11-01samba-tool: "drs options" does not need a samdb connectionAndrew Tridgell1-1/+0
this gives us a handy pure RPC client test for use in blackbox testing Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2012-10-31samba-tool: Add samba-tool processes subcommandAndrew Bartlett3-0/+115
This will allow administrators to inspect the process list in a similar way to what running on a platform with setproctitle might permit. --pid= returns the registered server names for a PID (eg kdc, cldap_server) --name= returns the pids registered with a particular name. Andrew Bartlett
2012-10-31pymessaging: Add irpc_servers_byname() and irpc_all_servers()Andrew Bartlett1-0/+9
This will allow python scripts to inspect the process list. Andrew Bartlett
2012-10-31pymessaging: Use the server_id IDL structure rather than a tupleAndrew Bartlett1-2/+2
This will make it easier to pass this structure in and out. The tuple is still accepted as input. Andrew Bartlett
2012-10-27TestCaseInTempDir: Use addCleanup rather than tearDown.Jelmer Vernooij1-2/+3
2012-10-27sefltest: use TestCaseInTempDir and setUp/tearDown for posixacl.py temp fileAndrew Bartlett1-170/+62
This manages the temp file more reliably, and reduces the repeated code in each test case. Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Oct 27 04:37:58 CEST 2012 on sn-devel-104
2012-10-27provision: Fix comments in checksysvolaclAndrew Bartlett1-1/+2
2012-10-26pysmbd: Add hook for unlink() so python scripts can remove xattr.tdb entriesAndrew Bartlett1-20/+20
If we do not provide a way to remove files from xattr.tdb, we can re-use the inode. Andrew Bartlett
2012-10-25python-ntacls: Cope with ACL revision 4Andrew Bartlett1-0/+2
This is the new revision with the hash of the posix or system ACL. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Oct 25 15:04:39 CEST 2012 on sn-devel-104
2012-10-25selftest: Always unlink the tempf in posixacl testAndrew Bartlett1-1/+4
2012-10-25selftest: Cover the important non-Samba invalidation of the NT ACLAndrew Bartlett1-0/+23
This covers the case where we have a valid hash of the posix ACL (or the NT ACL from the POSIX ACL) and we notice it no longer matches. Andrew Bartlett
2012-10-25selftest: Cover one more NT ACL invalidation case and improve commentsAndrew Bartlett1-8/+7
This tries to show the difference between the cases where we trap the POSIX ACL change and where we actually detect an OS-level change. Andrew Bartlett
2012-10-25selftest: Add many more tests for our posix ACL handlingAndrew Bartlett1-1/+236
This tests the mapping of posix ACLs to NT ACLs, the invalidation of NT ACLs stored as an xattr and ensures this security-critical code continues to work in the long term. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Oct 25 10:05:16 CEST 2012 on sn-devel-104
2012-10-21pyglue: Make all_interfaces argumen to interface_ips() optional.Jelmer Vernooij1-2/+2
Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org> Autobuild-Date(master): Sun Oct 21 21:26:01 CEST 2012 on sn-devel-104
2012-10-21pyglue: Mention parameters in interface_ips() docstring.Jelmer Vernooij1-0/+2
2012-10-19samba-tool user test: Fix expected output.Jelmer Vernooij1-1/+1
Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org> Autobuild-Date(master): Fri Oct 19 11:37:44 CEST 2012 on sn-devel-104
2012-10-19samba.tests.docs: Ignore removed parameters.Jelmer Vernooij1-0/+2
2012-10-19samba.tests.docs: Assume docs are generated by waf.Jelmer Vernooij1-2/+6
2012-10-19samba.tests.docs: Write error output from xsltproc to standard out.Jelmer Vernooij1-1/+1
2012-10-19samba.tests.docs: Skip tests if xsltproc is not present.Jelmer Vernooij1-5/+24
2012-10-19smb.conf(5): Consistent spelling of parameter names.Jelmer Vernooij1-3/+3
This includes spacing and casing.
2012-10-19samba.tests.docs: Support spaces before synonyms.Jelmer Vernooij1-1/+1
2012-10-19samba.tests.docs: Support synonyms.Jelmer Vernooij1-0/+4
2012-10-19samba.tests.docs: Distinguish between unknown and undocumened parameters.Jelmer Vernooij1-1/+9
2012-10-19tests: Convert find_missing_doc into a unit test.Jelmer Vernooij1-0/+90
2012-10-18samba-tool user: Fix typos, improve messages.Jelmer Vernooij1-6/+10
2012-10-18Warn when setting UID/GID without idmap_ldb:use rfc2307 = YesAlexander Wuerstlein1-0/+4
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Oct 18 09:51:35 CEST 2012 on sn-devel-104
2012-10-18Tests for 'samba-tool user create' with RFC2307 attributesAlexander Wuerstlein2-8/+139
Check if attributes are correctly set and read from SamDB Test automatic creation of attributes from getpwent (NSS) Check if overriding NSS attributes works getpwent will be skipped if the current UID of the user running the tests has no passwd entry (getpwuid(geteuid())). If a user with the name of the current UID already exists in the directory, the getpwent test will fail. If that should happen, the test would need to be updated to use a nonexistent UID that is visible to the Python 'pwd' module. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-10-18Set RFC2307 attributes in samba-tool createAlexander Wuerstlein2-3/+58
Optionally set RFC2307 (NIS Schema) attributes in samba-tool create. Mainly needed for UID mapping to be usable. Not all attributes are set-able, only harmless and non-overlapping ones (uid, uidNumber, gidNumber, loginShell, gecos). Description and homeDirectory should already be set, userPassword seems problematic. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-10-18provision: No longer use the wheel group in new AD DomainsAndrew Bartlett6-31/+29
The issue here is that if we set S-1-5-32-544 (administrators) to a GID only, then users cannot force a mandetory profile to be owned by administrators (which is a requirement). There is no particularly useful reason for us to enforce this matching a system group. Andrew Bartlett
2012-10-17Removed phpldapadmin inclusion for Samba 4.Ricky Nance2-30/+0
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Oct 17 12:55:44 CEST 2012 on sn-devel-104
2012-10-16Revert "provision: Always create DNS user."Stefan Metzmacher1-13/+18
This reverts commit c2d14747d608d406de6410556807d467cd0b85ef. samba_upgradedns handles creates/removed the dns acount. See https://lists.samba.org/archive/samba-technical/2012-October/thread.html#87578 metze
2012-10-11samba.join: Fix multiple spaces.Jelmer Vernooij1-1/+1
Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org> Autobuild-Date(master): Thu Oct 11 20:30:43 CEST 2012 on sn-devel-104
2012-10-11samba.provision.sambadns: Use == to compare strings, not 'is'.Jelmer Vernooij1-1/+1
2012-10-11provision: Always create DNS user.Jelmer Vernooij1-18/+13
The DNS user is currently only used by the bind9 plugin. This makes it easier to later on switch between the builtin DNS server and bind backend. In addition, ideally the internal DNS server would use that (separate) user too. Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org> Autobuild-Date(master): Thu Oct 11 17:05:40 CEST 2012 on sn-devel-104
generated by cgit (git 2.34.1) at 2024-07-08 12:42:54 +0000