Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
server
metze
|
|
metze
|
|
server
metze
|
|
|
|
|
|
metze
|
|
This is a clearer, long-term-stable structure we can hash without
risking it changing.
Andrew Bartlett
|
|
This will allow us to run make test on all platforms again, as we emululate the posix ACLs using the fake_acls
module. By then testing smbd.have_posix_acls() we gain a more specific error message.
Andrew Bartlett
|
|
It's use as "%s/samba_kcc", dyn_SCRIPTSBINDIR" similar
to samba_spnupdate and samba_dnsupdate.
metze
|
|
metze
|
|
This is mostly a copy of the standalone source4/setup/provision.
metze
|
|
metze
|
|
metze
|
|
Some subcommands may use sys.exit(0), which shouldn't be reported
as an error to the caller.
metze
|
|
This avoid folks needing to specify --dns-backend=NONE
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Sep 6 04:48:55 CEST 2012 on sn-devel-104
|
|
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Sep 5 15:47:55 CEST 2012 on sn-devel-104
|
|
This gets the SID for the local machine correctly.
We also add options for --use-ntvfs and --use-s3fs to help control
exactly which database is being read and written.
Andrew Bartlett
|
|
|
|
failed-to-match ACL
|
|
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Sep 4 11:30:17 CEST 2012 on sn-devel-104
|
|
We are trying to test combinations of setting and getting via the VFS
and directly to the underlying DB.
Andrew Bartlett
|
|
sysvolreset
|
|
The name samba_dsdb is not ideal, but it matches the primary ldb
module we use, and more importantly it avoids having '4' in the name.
We should slowly avoid using the term samba4 in long-term places like
the smb.conf because it is confusing to users given we are shipping
Samba 4.0 as an AD DC as well as all the other supported roles (domain
member/standalone server/classic DC)
Additionally, samba4 will be an odd name when we eventually release
Samba 5.0!
samba4 remains accepted as an alias to ensure existing smb.conf files
load, but to allow changes here in the future, we set the value during
the smb.conf load, and not during the provision when we are an AD DC.
This simplifies the default smb.conf for the vast majority of our
users and reduces the number of things listed in smb.conf files that
we later have to work around if we wish to change the
name/implementation of the passdb glue module again.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Sep 4 04:45:16 CEST 2012 on sn-devel-104
|
|
|
|
We must not reference result before provision(), and do not need
session_info and lp for reading a normal ldap backend anyway.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 28 09:49:39 CEST 2012 on sn-devel-104
|
|
configured
This will allow files to be correctly owned by the idmap that is imported.
This appears to fix an issue that came up after s3fs-compatible ACLs were
merged into provision.
Andrew Bartlett
|
|
This is then used in provision when the passdb backend is forced.
Andrew Bartlett
|
|
secrets_tdb_sync is a new ldb module designed to sync secrets.ldb
entries with the secrets.tdb file.
While not ideal to keep two copies of this data, this routine will
assist in allowing the samba-tool domain join code to operate
correctly in most cases where winbindd and smbd are used.
Andrew Bartlett
|
|
|
|
This allows provision to change the s3 smb.conf settings if required.
Andrew Bartlett
|
|
We should not need the guessed values here, but by changing to using the s3 loadparm context
we can move this block to before the provision.
Andrew Bartlett
|
|
|
|
This command verifies that the current on-disk ACLs match the directory and
the defaults from provision.
Unlike sysvolreset, this does not change any of the permissions.
Andrew Bartlett
|
|
I need to get at the owner, group, DACL and SACL when testing correct
ACL storage.
Andrew Bartlett
|
|
|
|
|
|
The additional group for the ACL is now optional.
Andrew Bartlett
|
|
This will reset the NT ACL on the sysvol share to the default from
provision, with GPO objects matching the LDAP ACL (as required).
Andrew Bartlett
|
|
|
|
Needing to be able to write this test is the primary reason I have
been reworking the VFS and posix ACL layer over the past few weeks.
By exposing the POSIX ACL as a IDL object we can eaisly manipulate it
in python, and then verify that the ACL was handled correctly.
This ensures the when we write an ACL in provision, that it will
indeed allow that access at the FS layer.
We need to extend this beyond just the critical two ACLs set during
provision, to also include some special (hard) cases involving the
merging of ACE entries, as this is the most delicate part of the ACL
transfomation.
A similar test should also be written to read the posix ACL and the
mapped NT ACL on a file that has never had an NT ACL set.
Andrew Bartlett
|
|
This is the start of what will be a series of tests confirming exactly how
some NT ACLs are mapped to posix ACLs.
Andrew Bartlett
|
|
This allows us to write tests that compare the smbd vfs with what is
in the DB or xattr.
Andrew Bartlett
|
|
This handles the fact that smbd will rarely override the POSIX ACL enforced by
the kernel. This has caused issues with the creation of group policies by
other members of the Domain Admins group.
Andrew Bartlett
|
|
We do not need filesystem ACLs set when creating the reference provision, so it is
easier to use the NTVFS backend as it does not cause trouble with make test.
Andrew Bartlett
|
|
This is an odd option, but is needed because I wish to add assertions about
ACL setting that will not work in make test without the vfs_fake_acls module
loaded.
Andrew Bartlett
|
|
None of these cases need the complexity of the s3fs backend.
Andrew Bartlett
|