| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This should eliminate confusion from our users about what they can
expect to successfully run.
Andrew Bartlett
|
|
|
|
The additional group for the ACL is now optional.
Andrew Bartlett
|
|
This will reset the NT ACL on the sysvol share to the default from
provision, with GPO objects matching the LDAP ACL (as required).
Andrew Bartlett
|
|
|
|
|
|
Needing to be able to write this test is the primary reason I have
been reworking the VFS and posix ACL layer over the past few weeks.
By exposing the POSIX ACL as a IDL object we can eaisly manipulate it
in python, and then verify that the ACL was handled correctly.
This ensures the when we write an ACL in provision, that it will
indeed allow that access at the FS layer.
We need to extend this beyond just the critical two ACLs set during
provision, to also include some special (hard) cases involving the
merging of ACE entries, as this is the most delicate part of the ACL
transfomation.
A similar test should also be written to read the posix ACL and the
mapped NT ACL on a file that has never had an NT ACL set.
Andrew Bartlett
|
|
This is the start of what will be a series of tests confirming exactly how
some NT ACLs are mapped to posix ACLs.
Andrew Bartlett
|
|
This allows us to write tests that compare the smbd vfs with what is
in the DB or xattr.
Andrew Bartlett
|
|
This handles the fact that smbd will rarely override the POSIX ACL enforced by
the kernel. This has caused issues with the creation of group policies by
other members of the Domain Admins group.
Andrew Bartlett
|
|
|
|
The loadparm context on the schema DB might have gone away already.
Pre-cache the schema refresh interval at load time to avoid worrying
about this.
Andrew Bartlett
|
|
We do not need filesystem ACLs set when creating the reference provision, so it is
easier to use the NTVFS backend as it does not cause trouble with make test.
Andrew Bartlett
|
|
We do not need to set filesystem ACLs in this case.
Andrew Bartlett
|
|
We do not need to set filesystem ACLs in this case.
Andrew Bartlett
|
|
We do not need to set filesystem ACLs in this case.
Andrew Bartlett
|
|
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Aug 22 03:08:51 CEST 2012 on sn-devel-104
|
|
|
|
Because these run as non-root, we need to avoid doing things that will
fail during the provision. The main test of the s3fs provision is the
plugin_s4_dc environment with a smb.conf that specifies vfs_fake_acls.
Andrew Bartlett
|
|
This is an odd option, but is needed because I wish to add assertions about
ACL setting that will not work in make test without the vfs_fake_acls module
loaded.
Andrew Bartlett
|
|
None of these cases need the complexity of the s3fs backend.
Andrew Bartlett
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
A NULL string/expression returns the generic "(objectClass=*)" filter
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Do only require the out memory context and build the temporary one in
the body of the function. This greatly simplifies the callers.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
As shown in commit c8e6d8b487 this looks easier and in any case we can
treat schema context data like global data.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Aug 20 15:36:48 CEST 2012 on sn-devel-104
|
|
|
|
|
|
The extension of this test is to create an extended attribute, so we
can confirm that the easize field on a stream actually refers to the
parent file.
This has been run against Windows 7.
Andrew Bartlett
|
|
This is almost certainly un-important.
Andrew Bartlett
|
|
|
|
There seems to be a difference if the initial delete_on_close flag
was set on a handle that created the file or if the handle if was
for a file that already existed.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Aug 17 21:44:24 CEST 2012 on sn-devel-104
|
|
part->dn
The confusing use of do_dn as a memory context while legitimate
created a bug when it was copied and modified to search on a DN from
long-term state.
By always using a temporary memory context it is clear what paramter
is the memory context.
This was found based on a log provided by Ricky Nance
<ricky.nance@weaubleau.k12.mo.us>. Thanks Ricky!
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Aug 17 18:24:10 CEST 2012 on sn-devel-104
|
|
By using a tmp_ctx we are clearer about allocating temporary memory.
Andrew Bartlett
|
|
finished
metze
|
|
This was found based on a log provided by Ricky Nance
<ricky.nance@weaubleau.k12.mo.us>. Thanks Ricky!
In that log, over 2.5 days this particular allocation was repeated:
1715099 talloc_new: ../source4/dsdb/samdb/ldb_modules/schema_load.c:120 contains 0 bytes in 1 blocks
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Aug 17 06:21:18 CEST 2012 on sn-devel-104
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
metze
|
|
metze
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Aug 16 22:49:06 CEST 2012 on sn-devel-104
|
|
|
|
The "serverReference" attribute is available on the "server" object
not on the "nTDSA" object.
This allows connections to RODCs, as they don't have a
E3514235-4B06-11D1-AB04-00C04FC2DCD2/${NTDSGUID}/${DNSDOMAIN}
principal.
Pair-Programmed-With: Björn Baumbach <bb@sernet.de>
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Aug 14 18:57:41 CEST 2012 on sn-devel-104
|
|
Pair-Programmed-With: Björn Baumbach <bb@sernet.de>
metze
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 14 17:16:54 CEST 2012 on sn-devel-104
|
|
This uses a GUID based comparison, and avoids re-fetching the
samdb_ntds_settings_dn each time.
Andrew Bartlett
|
|
This is like samdb_reference_dn_is_our_ntdsa but without the attribute de-reference.
Andrew Bartlett
|
|
|
|
|
|
We often want to know if we own an FSMO role (for example). This tries to be more
efficient by comparing the GUID, rather than the string DN, as this does not need
to be re-fetched each time.
Andrew Bartlett
|
|
As the normal case (outside provision) uses a copy, this avoids a case
where a caller might modify a global variable accidentily.
As suggested by metze.
Andrew Bartlett
|
