summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2012-11-30s4:tests/samba_tool/gpo.py: add test_show_as_admin()Stefan Metzmacher1-0/+5
This calls samba-tool gpo show as admin (which should be able to see the full nTSecurityDescriptor. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:netcmd/gpo.py: let get_gpo_info explicitly ask for the full ↵Stefan Metzmacher1-2/+4
ntSecurityDescriptor Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:netcmd/gpo.py: only ask for OWNER/GROUP/DACL when validating the ↵Stefan Metzmacher1-5/+6
nTSecurityDescriptor Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:netcmd/gpo.py: the nTSecurityDescriptor may not be visible for the ↵Stefan Metzmacher1-3/+7
current user Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:netcmd/gpo.py: s/ntSecurityDescriptor/nTSecurityDescriptorStefan Metzmacher1-5/+5
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:dsdb/dirsync: explicitly ask for sdctr->secinfo_flags = 0xFStefan Metzmacher1-2/+2
A value of 0 is mapped to 0xF. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:dsdb/dirsync: use the correct nc_root to fetch replUpToDateVectorStefan Metzmacher1-3/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:dsdb/dirsync: check result of replUpToDateVector fetch on nc_rootStefan Metzmacher1-0/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30s4:dsdb/schema_data: fix debug message in schema_data_modify()Stefan Metzmacher1-1/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30libnet: Fix a typo in dbsync error message.Michael Adam1-1/+1
Signed-off-by: Michael Adam <obnox@samba.org>
2012-11-30libnet: Fix copy and paste error in dbsync error message.Andreas Schneider1-1/+1
2012-11-30torture: Fix copy and paste error in debug message.Andreas Schneider1-1/+1
Found by Coverity.
2012-11-30torture: Fix copy and paste error.Andreas Schneider1-1/+1
Found by Coverity.
2012-11-29docs: man oLschema2ldif: Add missing meta data.Karolin Seeger1-0/+3
This avoids warnings during the waf build and removes "FIXME" entries from the manpage. Karolin Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Nov 29 15:27:45 CET 2012 on sn-devel-104
2012-11-29docs: man ntlm_auth4: Add missing meta data.Karolin Seeger1-0/+3
This avoids warnings during the waf build and removes "FIXME" entries from the manpage. Karolin Reviewed-by: Andreas Schneider <asn@samba.org>
2012-11-29docs: man smbtorture: Add missing meta data.Karolin Seeger1-0/+3
This avoids warnings during the waf build and removes "FIXME" entries from the manpage. Karolin Reviewed-by: Andreas Schneider <asn@samba.org>
2012-11-29docs: man masktest: Add missing meta data.Karolin Seeger1-0/+3
This avoids warnings during the waf build and removes "FIXME" entries from the manpage. Karolin Reviewed-by: Andreas Schneider <asn@samba.org>
2012-11-29docs: man locktest: Add missing meta data.Karolin Seeger1-0/+3
This avoids warnings during the waf build and removes "FIXME" entries from the manpage. Karolin Reviewed-by: Andreas Schneider <asn@samba.org>
2012-11-29docs: man gentest: Add missing meta data.Karolin Seeger1-0/+3
This avoids warnings during the waf build and removes "FIXME" entries from the manpage. Karolin Reviewed-by: Andreas Schneider <asn@samba.org>
2012-11-29docs: man 8 samba: Add missing meta data.Karolin Seeger1-0/+3
This avoids warnings during the waf build and removes "FIXME" entries from the manpage. Karolin Reviewed-by: Andreas Schneider <asn@samba.org>
2012-11-29docs: man regtree: Add missing meta data.Karolin Seeger1-0/+3
This avoids warnings during the waf build and removes "FIXME" entries from the manpage. Karolin Reviewed-by: Andreas Schneider <asn@samba.org>
2012-11-29docs: man regshell: Add missing meta data.Karolin Seeger1-0/+3
This avoids warnings during the waf build and removes "FIXME" entries from the manpage. Karolin Reviewed-by: Andreas Schneider <asn@samba.org>
2012-11-29docs: man regpatch: Add missing meta data.Karolin Seeger1-0/+3
This avoids warnings during the waf build and removes "FIXME" entries from the manpage. Karolin Reviewed-by: Andreas Schneider <asn@samba.org>
2012-11-29docs: man regdiff: Add missing meta data.Karolin Seeger1-0/+3
This avoids warnings during the waf build and removes "FIXME" entries from the manpage. Karolin Reviewed-by: Andreas Schneider <asn@samba.org>
2012-11-28docs: Rename man ntlm_auth.Karolin Seeger2-38/+38
Rename man ntlm_auth to ntlm_auth4. Karolin Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Nov 28 20:41:48 CET 2012 on sn-devel-104
2012-11-26s4:torture/rpc/handles: try to make all assoc_group tests less flakeyStefan Metzmacher1-0/+5
Just incrementing the assoc_group_id makes it too likely to hit a number that is already in use. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Mon Nov 26 13:53:22 CET 2012 on sn-devel-104
2012-11-23web_server: Load SWAT if it is available.Jelmer Vernooij1-3/+31
Reviewed-by: Matthieu Patou <mat@matws.net> Autobuild-User(master): Matthieu Patou <mat@samba.org> Autobuild-Date(master): Fri Nov 23 01:39:38 CET 2012 on sn-devel-104
2012-11-22web_server: the web server is not multi-process, indicate so in WSGI.Jelmer Vernooij1-1/+1
This is a requirement for some of the paster middleware used by SWAT2. Reviewed-by: Matthieu Patou <mat@matws.net>
2012-11-22web_server: Properly decrement reference counters for python objects in wsgi.Jelmer Vernooij1-29/+81
Reviewed-by: Matthieu Patou <mat@matws.net>
2012-11-22web_server: Properly set SCRIPT_NAME and PATH_INFO.Jelmer Vernooij1-2/+5
Reviewed-by: Matthieu Patou <mat@matws.net>
2012-11-22web_server: Create a string object for SERVER_PORT variable.Jelmer Vernooij1-1/+1
This matches the behaviour of other wsgi server implementations. Reviewed-by: Matthieu Patou <mat@matws.net>
2012-11-22web_server/wsgi: Don't segfault when wsgi app doesn't return iterable.Jelmer Vernooij1-0/+5
There is a bug in the application if this happens, but invalid Python code shouldn't cause segfaults. Reviewed-by: Matthieu Patou <mat@matws.net>
2012-11-22build: Use ntlm_auth from source3 as the only ntlm_auth installed on the systemAndrew Bartlett1-6/+8
The ntlm_auth4 binary is untested, and is missing major features compared with the source3 binary. The two are being slowly merged, but I have not finished that. Andrew Bartlett Reviewed-by: Andreas Schneider <asn@samba.org>
2012-11-22s4/web_server: Fix typo in URL.Jelmer Vernooij1-1/+1
Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org> Autobuild-Date(master): Thu Nov 22 01:37:02 CET 2012 on sn-devel-104
2012-11-20s4:torture/rpc/handles: try to make the assoc_group test less flakeyStefan Metzmacher1-1/+5
Just incrementing the assoc_group_id makes it too likely to hit a number that is already in use. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-20s4:torture/rpc/handles: move a torture_comment()Stefan Metzmacher1-2/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-16samba-tool dns: Don't use "localhost" to connect to local hostKai Blin1-0/+2
Calling "samba-tool dns <cmd> localhost" provokes a stacktrace. This just makes 'samba-tool dns <cmd> localhost' work and doesn't fix the underlying issue, but I don't see it causing any harm (unless you don't have an ipv4 localhost, I guess). Signed-off-by: Kai Blin <kai@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Fri Nov 16 13:18:14 CET 2012 on sn-devel-104
2012-11-16dsdb: Make secrets_tdb_sync cope with -H secrets.ldbAndrew Bartlett1-2/+3
The issue was, without a / in the path, we did not cope. Andrew Bartlett Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-16s4:samba-tool: Fix samba-tool fsmo --role=schemaArvid Requate1-1/+1
Fix traceback: samba-tool fsmo --role=schema --force ERROR(<type 'exceptions.TypeError'>): uncaught exception - argument 2 must be string, not ldb.Dn File "/usr/lib/python2.6/dist-packages/samba/netcmd/__init__.py", line 168, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.6/dist-packages/samba/netcmd/fsmo.py", line 160, in run self.seize_role(role, samdb, force) File "/usr/lib/python2.6/dist-packages/samba/netcmd/fsmo.py", line 119, in seize_role m.dn = ldb.Dn(samdb, self.schema_dn) Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Nov 16 00:40:24 CET 2012 on sn-devel-104
2012-11-16samba-tool: Add new samba-tool gpo aclcheck and testAndrew Bartlett2-0/+73
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2012-11-15popt_common: Fix typos.Karolin Seeger1-2/+2
Karolin Signed-off-by: Karolin Seeger <kseeger@samba.org> Reviewed by: Jelmer Vernooij <jelmer@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Nov 15 01:31:50 CET 2012 on sn-devel-104
2012-11-14scripting ntacls: Do not place a SACL in the GPO filesystem ACLAndrew Bartlett1-1/+0
On a new GPO created on windows, the SACL is not used. Andrew Bartlett Reviewed by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Nov 14 00:34:50 CET 2012 on sn-devel-104
2012-11-13ntvfs: Fill in sd->type based on the new ACL being addedAndrew Bartlett1-0/+21
Previously we would not change the type field, and just relied on what was in the original ACL based on the default SD. This is required to ensure the SEC_DESC_DACL_PROTECTED is set which is in turn required for GPOs to be set correctly to match what windows does. Andrew Bartlett Reviewed by: Jeremy Allison <jra@samba.org>
2012-11-13smbd: Remove NT4 compatability handling in posix -> NT ACL conversionAndrew Bartlett2-9/+10
NT4 is long dead, and we should not change which ACL we return based on what we think the client is. The reason we should not do this, is that if we are using vfs_acl_xattr then the hash will break if we do. Additionally, it would require that the python VFS interface set the global remote_arch to fake up being a modern client. This instead seems cleaner and removes untested code (the tests are updated to then handle the results of the modern codepath). The supporting 'acl compatability' parameter is also removed. Andrew Bartlett Reviewed by: Jeremy Allison <jra@samba.org>
2012-11-13s4:samba-tool/testparm: report a CommandError if loading of the config file ↵Stefan Metzmacher1-1/+4
fails Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2012-11-13selftest: Add --tmpdir to 'samba-tool gpo create' testAndrew Bartlett2-3/+9
This was the cause of the flakey test, and was only noticed when multiple different users ran autobuild at the same time on the same server. We use shutil.rmtree to wipe the directory before the tests finishes as required by the TestCaseInTempDir class. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Nov 13 10:50:56 CET 2012 on sn-devel-104
2012-11-13selftest: Avoid returning errors (rather than failures) in gpo testAndrew Bartlett1-2/+4
This should help find the real cause of the flakey test, if it ever returns. Andrew Bartlett Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2012-11-12ntp_signd: Only allow group access to the ntp signd directory.Andrew Bartlett1-1/+1
Existing installations running ntp as group 'ntp' will need to change the permissions on the ntp_signd socket directory (eg PREFIX/lib/ntp_signd or /var/lib/samba/ntp_signd) The reason is that allowing other users on the host access to this directory would allow them to potentially spoof time on the network, or attack the password database with a chosen plaintext attack. Permissions should be changed to: ownership root:ntp (if ntp runs as gid ntp) mode 0750 (this is what it will be created as) If the permissions are not changed, Samba will refuse to start the ntp_signd server, and NTP operations will not be signed. As the error is declared fatal, in the future, Samba may totally refused to start. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Mon Nov 12 12:36:30 CET 2012 on sn-devel-104
2012-11-12s4:dsdb/acl_read: make sure confidential attributes require CONTROL_ACCESS ↵Stefan Metzmacher1-0/+4
(bug #8620) Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Nov 12 01:25:21 CET 2012 on sn-devel-104
2012-11-12s4:dsdb/acl_read: fix whitespace formatting errorsStefan Metzmacher1-124/+128
Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>