Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2012-08-28 | s4-dsdb: Add secrets_tdb_sync - an ldb module to keep secrets.tdb in sync | Andrew Bartlett | 6 | -2/+543 | |
secrets_tdb_sync is a new ldb module designed to sync secrets.ldb entries with the secrets.tdb file. While not ideal to keep two copies of this data, this routine will assist in allowing the samba-tool domain join code to operate correctly in most cases where winbindd and smbd are used. Andrew Bartlett | |||||
2012-08-28 | lib/krb5_wrap: Move enctype conversion functions into a simple helper file | Andrew Bartlett | 1 | -45/+0 | |
2012-08-28 | s4-classicupgrade: Read WINS DB before the provision | Andrew Bartlett | 1 | -6/+7 | |
2012-08-28 | s4-classicupgrade: Do all the queries of data before the provision() | Andrew Bartlett | 1 | -35/+35 | |
This allows provision to change the s3 smb.conf settings if required. Andrew Bartlett | |||||
2012-08-28 | s4-classicupgrade: Use s3param.get_context() instead of result.lp | Andrew Bartlett | 1 | -1/+1 | |
We should not need the guessed values here, but by changing to using the s3 loadparm context we can move this block to before the provision. Andrew Bartlett | |||||
2012-08-28 | lib/krb5_wrap: Move kerberos_enctype_to_bitmap() into krb5_wrap | Andrew Bartlett | 1 | -20/+0 | |
2012-08-28 | lib/krb5_wrap: Bring list of all enc types into krb5_wrap | Andrew Bartlett | 1 | -10/+1 | |
2012-08-28 | s4-libnet: Ensure termination of enctype array in libnet_export_keytab() | Andrew Bartlett | 1 | -1/+2 | |
2012-08-27 | s4-torture: Test for #9058 | Volker Lendecke | 1 | -0/+72 | |
Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Aug 27 17:43:09 CEST 2012 on sn-devel-104 | |||||
2012-08-25 | s4:winbind: let wb_update_rodc_dns_send/recv use netlogon_queue (bug #9097) | Stefan Metzmacher | 1 | -3/+30 | |
metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sat Aug 25 05:06:18 CEST 2012 on sn-devel-104 | |||||
2012-08-25 | s4:winbind: let wb_sam_logon_send/recv() use the netlogon_queue (bug #9097) | Stefan Metzmacher | 1 | -3/+30 | |
metze | |||||
2012-08-25 | s4:winbind: add a netlogon_queue (tevent_queue) | Stefan Metzmacher | 2 | -0/+12 | |
This will protect the netlogon_creds later. metze | |||||
2012-08-25 | s4:winbind: convert wb_update_rodc_dns_send/recv to tevent_req | Stefan Metzmacher | 2 | -78/+122 | |
metze | |||||
2012-08-25 | s4:winbind: convert wb_sam_logon_send/recv to tevent_req | Stefan Metzmacher | 3 | -93/+140 | |
metze | |||||
2012-08-25 | s4:winbind: convert wb_sid2domain to tevent_req internally | Stefan Metzmacher | 1 | -74/+174 | |
The public wrapper still uses composite_context, because I don't have time to fix all the callers... metze | |||||
2012-08-25 | s4:librpc/rpc: don't do async requests if gensec doesn't support async ↵ | Stefan Metzmacher | 1 | -0/+32 | |
replies (bug #9097) metze | |||||
2012-08-25 | s4:librpc/rpc: also call dcerpc_schedule_io_trigger() after bind and ↵ | Stefan Metzmacher | 1 | -0/+7 | |
alter_context responses metze | |||||
2012-08-25 | s4:librpc/rpc: use dcerpc_req_dequeue() in dcerpc_request_recv_data() | Stefan Metzmacher | 1 | -1/+1 | |
metze | |||||
2012-08-25 | s4:librpc/rpc: use talloc_zero for 'struct rpc_request' | Stefan Metzmacher | 1 | -11/+1 | |
metze | |||||
2012-08-23 | s4-selftest: Add test for samba-tool ntacl sysvolcheck | Andrew Bartlett | 1 | -0/+26 | |
2012-08-23 | s4-samba-tool: Add samba-tool ntacl sysvolcheck command | Andrew Bartlett | 2 | -1/+143 | |
This command verifies that the current on-disk ACLs match the directory and the defaults from provision. Unlike sysvolreset, this does not change any of the permissions. Andrew Bartlett | |||||
2012-08-23 | s3-smbd: Add security_info_wanted argument to get_nt_acl_no_snum | Andrew Bartlett | 1 | -1/+1 | |
I need to get at the owner, group, DACL and SACL when testing correct ACL storage. Andrew Bartlett | |||||
2012-08-23 | s4-selftest: Add testing of samba-tool ntacl sysvolreset | Andrew Bartlett | 2 | -0/+45 | |
2012-08-23 | param: Add startup checks for valid server role/binary combinations | Andrew Bartlett | 1 | -0/+11 | |
This should eliminate confusion from our users about what they can expect to successfully run. Andrew Bartlett | |||||
2012-08-23 | s4-provision: Fix internal documentation | Andrew Bartlett | 1 | -0/+1 | |
2012-08-23 | s3-pysmbd: Allow a mode to be specified for the simple ACL | Andrew Bartlett | 1 | -1/+1 | |
The additional group for the ACL is now optional. Andrew Bartlett | |||||
2012-08-23 | s4-samba-tool: Add 'samba-tool ntacl sysvolreset' tool | Andrew Bartlett | 1 | -1/+73 | |
This will reset the NT ACL on the sysvol share to the default from provision, with GPO objects matching the LDAP ACL (as required). Andrew Bartlett | |||||
2012-08-23 | selftest: Add a test of the NT ACL -> posix ACL mapping layer to selftest | Andrew Bartlett | 1 | -0/+1 | |
2012-08-23 | selftest: Cope with the multiple possible representations of -1 in posixacl.py | Andrew Bartlett | 1 | -28/+29 | |
2012-08-23 | selftest: Extend posixacl test to check the actual ACL | Andrew Bartlett | 1 | -2/+274 | |
Needing to be able to write this test is the primary reason I have been reworking the VFS and posix ACL layer over the past few weeks. By exposing the POSIX ACL as a IDL object we can eaisly manipulate it in python, and then verify that the ACL was handled correctly. This ensures the when we write an ACL in provision, that it will indeed allow that access at the FS layer. We need to extend this beyond just the critical two ACLs set during provision, to also include some special (hard) cases involving the merging of ACE entries, as this is the most delicate part of the ACL transfomation. A similar test should also be written to read the posix ACL and the mapped NT ACL on a file that has never had an NT ACL set. Andrew Bartlett | |||||
2012-08-23 | selftest: Add a test of the NT ACL -> posix ACL mapping layer | Andrew Bartlett | 1 | -0/+131 | |
This is the start of what will be a series of tests confirming exactly how some NT ACLs are mapped to posix ACLs. Andrew Bartlett | |||||
2012-08-23 | s4-scripting: Redefine getntacl() as accessing via the smbd VFS or directly | Andrew Bartlett | 2 | -6/+11 | |
This allows us to write tests that compare the smbd vfs with what is in the DB or xattr. Andrew Bartlett | |||||
2012-08-23 | s4-provision: set POSIX ACLs to for use with the smbd file server (s3fs) | Andrew Bartlett | 2 | -52/+92 | |
This handles the fact that smbd will rarely override the POSIX ACL enforced by the kernel. This has caused issues with the creation of group policies by other members of the Domain Admins group. Andrew Bartlett | |||||
2012-08-23 | s4-dsdb: Remove unused variables | Andrew Bartlett | 1 | -5/+0 | |
2012-08-23 | s4-dsdb: Do not use a possibly-old loadparm context in schema reload | Andrew Bartlett | 3 | -19/+18 | |
The loadparm context on the schema DB might have gone away already. Pre-cache the schema refresh interval at load time to avoid worrying about this. Andrew Bartlett | |||||
2012-08-23 | s4-upgradeprovision: Use ntvfs in reference provision | Andrew Bartlett | 1 | -1/+1 | |
We do not need filesystem ACLs set when creating the reference provision, so it is easier to use the NTVFS backend as it does not cause trouble with make test. Andrew Bartlett | |||||
2012-08-23 | selftest: Specify --use-ntvfs when testing the group code | Andrew Bartlett | 1 | -1/+1 | |
We do not need to set filesystem ACLs in this case. Andrew Bartlett | |||||
2012-08-23 | selftest: Specify --use-ntvfs when testing the newuser code | Andrew Bartlett | 1 | -1/+1 | |
We do not need to set filesystem ACLs in this case. Andrew Bartlett | |||||
2012-08-23 | selftest: Specify --use-ntvfs when testing the LDAP backend init code | Andrew Bartlett | 1 | -5/+5 | |
We do not need to set filesystem ACLs in this case. Andrew Bartlett | |||||
2012-08-22 | s4-python: Complete python bindings for idmap.idl | Andrew Bartlett | 1 | -0/+6 | |
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Aug 22 03:08:51 CEST 2012 on sn-devel-104 | |||||
2012-08-22 | s4-python: complete python bindigns for smb_acls.idl | Andrew Bartlett | 1 | -0/+6 | |
2012-08-22 | selftest: Specify --use-ntvfs to provision in test scripts | Andrew Bartlett | 4 | -15/+15 | |
Because these run as non-root, we need to avoid doing things that will fail during the provision. The main test of the s3fs provision is the plugin_s4_dc environment with a smb.conf that specifies vfs_fake_acls. Andrew Bartlett | |||||
2012-08-22 | s4-classicupgrade: Add --use-ntvfs option | Andrew Bartlett | 2 | -4/+8 | |
This is an odd option, but is needed because I wish to add assertions about ACL setting that will not work in make test without the vfs_fake_acls module loaded. Andrew Bartlett | |||||
2012-08-22 | s4-provision: pass use_ntvfs from C wrappers and set to true in tests/vampire | Andrew Bartlett | 5 | -3/+7 | |
None of these cases need the complexity of the s3fs backend. Andrew Bartlett | |||||
2012-08-22 | s4:samldb LDB module - remove unused "member" attribute from search filter | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2012-08-22 | s4:dsdb - always fail if a search filter could not be parsed | Matthias Dieter Wallnöfer | 2 | -1/+8 | |
A NULL string/expression returns the generic "(objectClass=*)" filter Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2012-08-22 | s4:dsdb_sort_objectClass_attr - simplify memory context handling | Matthias Dieter Wallnöfer | 3 | -37/+23 | |
Do only require the out memory context and build the temporary one in the body of the function. This greatly simplifies the callers. Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2012-08-22 | s4:dsdb_sort_objectClass_attr - use "data_blob_string_const" for setting values | Matthias Dieter Wallnöfer | 1 | -6/+1 | |
As shown in commit c8e6d8b487 this looks easier and in any case we can treat schema context data like global data. Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2012-08-20 | s4-torture: Use torture_fail() in the unix.unix_info2 test | Andrew Bartlett | 1 | -2/+3 | |
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Aug 20 15:36:48 CEST 2012 on sn-devel-104 | |||||
2012-08-20 | s4-torture: Show that we cannot list extended attributes on streams | Andrew Bartlett | 1 | -0/+11 | |