1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-27 03:21:53 +03:00
Commit Graph

526 Commits

Author SHA1 Message Date
Douglas Bagnall
ceb6ab99b5 KCC: use less verbose constructions in a few places
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-29 11:08:21 +02:00
Douglas Bagnall
5aa3fca44d KCC: colour dot graph vertices as well as edges
It's quicker to see who is RODC.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-29 06:58:27 +02:00
Douglas Bagnall
4d0f892a1a KCC: Comment about schedule types
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-29 06:58:27 +02:00
Douglas Bagnall
73fe7ed8ec KCC: use more efficient, less polluting dictionary operations
`in d` is more efficient and idiomatic than `in d.keys()`.

`for v in d.values()` is better than `for k, v in d.items()` when `k`
is not used.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-29 06:58:27 +02:00
Douglas Bagnall
b1c9039d51 KCC: a whole lot of debugging messages
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-29 06:58:27 +02:00
Douglas Bagnall
bb945df0ef KCC: set site topo_generator in RO case, for debug clarity
This has no actual effect except that it makes the Site object print with
the site_topo_generator that is actually used (because RODCs are always
their own topology generators and this variable doesn't affect that).

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-29 06:58:26 +02:00
Douglas Bagnall
6146a8a3f8 KCC: reuse convert_schedule_to_repltimes() for Sitelinks
This means wrenching it out of NTDSConnection, where it didn't really need to be anyway.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-29 06:58:26 +02:00
Douglas Bagnall
3aad85f2a2 KCC: fix NTDSConnection.convert_schedule_to_repltimes
There were two bugs: the wrong nibbles were being added, and they weren't actually being saved.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-29 06:58:26 +02:00
Douglas Bagnall
a8a172471f KCC: InternalEdge should know its sitelink
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-29 06:58:26 +02:00
Douglas Bagnall
4ad04a0f6f KCC: minor formatting changes
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-29 06:58:26 +02:00
Douglas Bagnall
5c72b13887 KCC: move console colours from kcc_utils to graph_utils
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-29 06:58:26 +02:00
Douglas Bagnall
c33761d9be KCC: pep8 for ldif_utils.py
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-29 06:58:26 +02:00
Douglas Bagnall
070c9f7094 KCC: move ldif import/export functions into their own module
They might be of use elsewhere, and they are easily separable from the
KCC core.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-29 06:58:25 +02:00
Douglas Bagnall
e753d11e4d KCC: rearrange samba_kcc entry point
For locality, so that it becomes clearer which variables are used
where.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-29 06:58:25 +02:00
Douglas Bagnall
edd4aa2d47 KCC graph_utils: rename KCCGraphError, GraphError
In case it gets used elsewhere.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-29 06:58:25 +02:00
Douglas Bagnall
222b8221d3 KCC: try graphing edges in colour for partition type
It doesn't add much.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-29 06:58:25 +02:00
Douglas Bagnall
195b9f4c79 KCC: shift graph plotting and verification into a separate module
These might possibly be useful outside the KCC context, and the don't
rely on the rest of kcc_utils.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-29 06:58:25 +02:00
Douglas Bagnall
d383cd6f5e KCC: improved documentation for verify_graph_directed_double_ring
The actual function is still somewhat broken.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-29 06:58:25 +02:00
Douglas Bagnall
7e59faa10f KCC: the commit that mops up stray comments
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-29 06:58:25 +02:00
Douglas Bagnall
0331c53b4c KCC: make --verify graph errors fatal
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-29 06:58:25 +02:00
Douglas Bagnall
d68387774d KCC: attempt to use correct verification tests for graphs
Before they were liberally assigned because the failures were as
interesting as the passes.

Also add a stub for the forest_of_rings test.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-29 06:58:25 +02:00
Douglas Bagnall
c35ba6f349 KCC: debug nc_type by name rather than enum number
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-29 06:58:25 +02:00
Douglas Bagnall
eb498a1575 KCC: consistently use ndr_pack() for DSA GUID comparisons
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-29 06:58:25 +02:00
Douglas Bagnall
7e4dfb7e75 KCC: Use ndrpack(GUID) sorting for all graph vertex operations
For intrasite rings, DSA GUIDs are sorted by their ndr_pack
representation, not their string/as-if-128-bit-int representation.

Supposing some consistency across KCC, the graph vertex guids might be
compared the same way. But we don't yet know for sure.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-29 06:58:25 +02:00
Douglas Bagnall
5246a13988 KCC: do not skip unrelated edges when rodc topology is found
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-29 06:58:24 +02:00
Douglas Bagnall
736ecf0244 KCC: A whole lot of debugging and other non-functional changes
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-29 06:58:24 +02:00
Douglas Bagnall
159db2a054 KCC: stub for check of 1 or 2 node or double ring directed graph
1 node graphs might have no directed edges.
2 node graphs might only have one pair.

I think I have seen this behaviour but I can't remember where.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-29 06:58:24 +02:00
Garming Sam
750131395b kcc: Interpret msDS-hasMasterNCs as hasMasterNCs
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-29 06:58:24 +02:00
Douglas Bagnall
0b17932682 KCC: rename "fully_connected" check, "complete"
We also change some of the graphs to do only the relevent validations.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-29 06:58:24 +02:00
Douglas Bagnall
2a01bcec90 KCC: write_dot_graph prints filename in --debug mode
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-29 06:58:24 +02:00
Douglas Bagnall
c8944ae38a KCC: add directed double ring verification
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-29 06:58:24 +02:00
Douglas Bagnall
7c39344767 KCC: add an option to list the graph verification options
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-29 06:58:24 +02:00
Douglas Bagnall
4889770f98 KCC: add graph verification at all dot file points
The tests are not yet relevant.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-29 06:58:24 +02:00
Douglas Bagnall
e19330e579 KCC: add an option to verify graph properties
Any function with a name in the form "verify_graph_FOO" will be available
as a graph verification option (with the property name "FOO"). The
signature is "verify_graph_FOO(edges, vertices, edge_vertices)", where
edge_vertices is the set of vertices found on the edges, while vertices
is the set of vertices given to verify_graph (or a copy of
edge_vertices if no such set was given).

This makes it easier to add new tests without making the function too
unwieldy.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-29 06:58:23 +02:00
Douglas Bagnall
d821456b84 KCC: more pythonic expression in select_istg
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu May 28 10:14:12 CEST 2015 on sn-devel-104
2015-05-28 10:14:12 +02:00
Douglas Bagnall
c7d39d0a52 KCC: Add comments regarding time handling
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-28 07:25:09 +02:00
Douglas Bagnall
e32b52c740 KCC: add comments, idiomatic changes to intrasite_graph code
Using `x in foo_dict.keys()` is the same as `x in foo_dict`, except it
is O(n) instead of O(1) and is not the way things are done in Python.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-28 07:25:09 +02:00
Douglas Bagnall
cee3f52d78 KCC: improve log legibility with colour; make more dot graphs
To see the colours in less, use -R.

  bin/samba_kcc --debug  -H whatever/sam.ldb | less -R

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-28 07:25:09 +02:00
Douglas Bagnall
7375abec64 KCC: helper function to find config NC replica for a DSA
This logic is going to be used elsewhere (for dot debugging).

Also add a dedicated KCC Exception class.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-28 07:25:09 +02:00
Douglas Bagnall
035a246679 KCC: use more pythonic construct for get_current_replica
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-28 07:25:09 +02:00
Douglas Bagnall
aee0a9620d kcc: Reduce code verbosity in dumpstr_* functions
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-28 07:25:09 +02:00
Douglas Bagnall
9dff16bd9c kcc: add labels to dot files
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-28 07:25:09 +02:00
Douglas Bagnall
9e78375d2c samba_kcc: add an option to set assumed current time
The KCC algorithm contains a timeouts in a couple of places, and we
need to be able to set the time for testing these.

This also means samba_kcc uses the same time in all places.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-28 07:25:08 +02:00
Douglas Bagnall
a59c8ed7bc KCC: Create Graphviz dot files showing network topology
This tries to record some information about what the graph is (e.g
which partition), though it is not very readable.

Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-28 07:25:08 +02:00
Douglas Bagnall
ddb5149373 KCC: correct the comparison for lost link timeout
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-28 07:25:08 +02:00
Garming Sam
547cdaa120 kcc: Remove unused is_sitelink call
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-28 07:25:08 +02:00
Garming Sam
d583913337 kcc: Remove DN translation for Site GUID
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-28 07:25:08 +02:00
Garming Sam
99d4efc917 kcc: Factor out MAX_DWORD
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-28 07:25:08 +02:00
Garming Sam
6a62db3983 kcc: convert identification of sites from DN to GUID
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-28 07:25:08 +02:00
Garming Sam
96ef2d556b kcc: Convert transport identification from DN to GUID
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-28 07:25:08 +02:00
Garming Sam
5e63b8f705 samba_kcc: Add basic skeleton for KCC intersite algorithm
This enables the use of the intersite calculated list of edges

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-28 07:25:08 +02:00
Garming Sam
4ac7c7998b kcc_utils: Create the new classes for the intersite algorithm
Also sorts vertex color by preference in sorting algorithms.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-28 07:25:07 +02:00
Andrew Bartlett
fc932eace8 samba_kcc: Fix compile failures and correctly implement MS-ADTS 6.2.2.3.1 ISTG selection
The previous code did not operate as c_rep.source_dsa_invocation_id was not valid, and in any case
this was not the correct check.  We need to look for the old interSiteTopologyGenerator in our
list of replication partners, and confirm it is current.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-05-28 07:25:07 +02:00
Garming Sam
17da38b99f kcc: typo fix in AttributeError Exception
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-28 07:25:07 +02:00
Garming Sam
a7c93139a1 kcc: Fix typos in original samba_kcc
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-28 07:25:07 +02:00
Garming Sam
d486e4ce6f samba_kcc: Fix existing syntax errors preventing samba_kcc from running
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-05-28 07:25:07 +02:00
Matthieu Patou
9f71b96ba0 Fix a typo in the name of the default domain level
Change-Id: I2df44546a74f19ef2c6f1100d29b67fe7362070a
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue May 19 19:26:22 CEST 2015 on sn-devel-104
2015-05-19 19:26:22 +02:00
Michael Adam
8489543e66 param: Remove unused P_SEP and P_SEPARATOR
This was only used in swat.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
2015-05-02 00:56:31 +02:00
David Disseldorp
9af9b436ed doc: "prune stale" and "sequence timeout" fssd parameters
This change adds smb.conf documentation for the "fss: prune stale" and
"fss: sequence timeout" parameters accepted by Samba's FSRVP server.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-03-31 18:40:25 +02:00
Volker Lendecke
9fbc2e5018 python: Remove ntdb references
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2015-03-17 11:30:51 +01:00
Volker Lendecke
334015ebca autobuild: Remove ntdb target
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2015-03-17 11:30:51 +01:00
Volker Lendecke
89052936ae Remove ntdb from scripts
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2015-03-17 11:30:51 +01:00
Michael Adam
3de5abb954 selftest: rename env dc to ad_dc_ntvfs
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-03-16 23:04:46 +01:00
Michael Adam
902aa3c710 selftest: rename env plugin_s4_dc to ad_dc
This is the environment that represents our supported production
setup of an active directory domain controller.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-03-16 23:04:46 +01:00
Andrew Bartlett
67c041ab76 samba-tool drs: Ensure we do not replicate all secrets to an RODC, even with --local
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2015-03-16 03:00:07 +01:00
Steve Howells
9198246f91 s4.2/fsmo.py: fixed fsmo transfer exception
In transfer_role() there is an duplicate call to samdb.modify() inside the if statement
where the type of role is being determined (specifically for the naming fsmo). This
call is unnecessary as after the if statement their is a correct call, with a try/catch
block, used by all fsmo transfers that will handle errors - such as the DC with the
fsmo role being offline.

The call to samdb.modify() inside the if statement for naming fsmo has been removed.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10924

Signed-off-by: Steve Howells <steve.howells@moscowfirst.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-03-16 03:00:06 +01:00
Michael Adam
79b927ac9e selftest: modify python.samba.test.posixacl to cope with nss_winbind active
It was observed that adding libnss_winbind (via nss_wrapper) lets
the posix acl mapping come out slightly differently with respect
to the owner/domain admin who is not explicitly nailed down in
the original NT acl.

This patch extends the test to react to the presence of
nss_winbind in environment and adapts the expected results.
This in particular fixes the run of the test against the
(changed) plugin_s4_dc environment while keeping the possibility
to successfully run it against an env without nss_winbind.

Pair-Programmed-With: Guenther Deschner <gd@samba.org>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
2015-03-12 14:35:06 +01:00
Andrew Bartlett
5b3c71cd9c provision: Give a more helpful message when find_provision_key_parameters() fails
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Mar  6 20:11:52 CET 2015 on sn-devel-104
2015-03-06 20:11:52 +01:00
Andrew Bartlett
63dbf4388a samba-tool: Add -P to options.CredentialsOptions
This matches our other binaries, and allows samba-tool commands to run with the machine account.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-03-06 17:39:58 +01:00
Jelmer Vernooij
7004ccc441 Implement TestCase.assertIsNotNone for python < 2.7.
Change-Id: Ieaefdc77495e27bad791075d985a70908e9be1ad
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Mar  6 07:11:43 CET 2015 on sn-devel-104
2015-03-06 07:11:43 +01:00
Jelmer Vernooij
a6b2110abd Implement TestCase.assertIn for older versions of Python.
Change-Id: I17d855166b439c0bd9344a17a454ea5bc6e057aa
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-03-06 04:41:49 +01:00
Jelmer Vernooij
d459096e7c Implement assertIsNone for Python < 2.7.
Change-Id: I3937acb16ca0c5430b70f0af305997878da53c37
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-03-06 04:41:49 +01:00
Jelmer Vernooij
1988e11585 Handle skips when running on python2.6.
Change-Id: I8b0a15760a72f41800d23150232c2b0e59e32c32
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-03-06 04:41:49 +01:00
Jelmer Vernooij
b53a6df3d0 Run cleanup after tearDown, for consistency with Python >= 2.7.
Change-Id: Ic3ce975e3b2e4b30e07643efb4496ebf36a93284
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-03-06 04:41:49 +01:00
Jelmer Vernooij
0acb1d49a7 Use samba TestCase so we get all compatibility functions on Python < 2.7.
Change-Id: Iba87e3c8fa9331c4d5438ab60a8385379da634d7
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-03-06 04:41:48 +01:00
Jelmer Vernooij
fe231bedec Provide TestCase.assertIsInstance for python < 2.7.
Change-Id: Id6d3c8a7dc56cb560eccc3db897a83c638dec7a6
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-03-06 04:41:48 +01:00
Jelmer Vernooij
9a4a7b9d3e Add replacement addCleanup.
Change-Id: Ie85756effde344fc4cc9b693c4a28611ea091677
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-03-06 04:41:48 +01:00
Jelmer Vernooij
e3a9feb698 Add custom implementations of TestCase.assertIs and TestCase.assertIsNot, for Python2.6.
Change-Id: I3b806abdaf9540b7c39c961c179c2d2b15d327fe
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-03-06 04:41:48 +01:00
Jelmer Vernooij
85c1dc9908 Fix use of TestCase.skipTest on python2.6 now that we no longer use testtools.
Change-Id: I630e4073bf1553dfc77e9fe7e843ee8b71907683
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-03-06 04:41:48 +01:00
Jelmer Vernooij
b0cba7950a Drop support for failfast mode, rather than adding support for it everywhere.
Change-Id: I4d6070a0e3b89d5e390f84754dddba9ec17ddf21
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-03-06 04:41:48 +01:00
Jelmer Vernooij
2e2c05c1fe Remove 'external' python module support code - use the third_party directory instead.
Change-Id: I2f5053bc5a42d3dfe71f5bd027eb6ead7d1b9752
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-03-06 04:41:48 +01:00
Jelmer Vernooij
850b3938e1 Support using third party iso8601 module if system doesn't provide one.
Change-Id: I5d035738d244d66d33788636c8ee8b322c227a0e
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-03-06 04:41:48 +01:00
Jelmer Vernooij
039fa938b1 Import UTC definition from utc8601 module.
Change-Id: I3ccd81090c4721b161aff272100aa71bc2f17055
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-03-06 04:41:47 +01:00
Jelmer Vernooij
940c277d83 Rename TestSkipped to Skiptest, consistent with Python 2.7.
Change-Id: I023df54363328333f1cb6c3ae3c1a406befa8f7b
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-03-06 04:41:47 +01:00
Jelmer Vernooij
7cb7d4b53e Avoid importing TestCase and TestSkipped from testtools.
Change-Id: I34488ddf253decd336a67a8634e7039096bdd160
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-03-06 04:41:47 +01:00
Jelmer Vernooij
8bbc343b5c Set default testRunner rather than requiring the user pass it in.
Change-Id: I8b5a5925030049975a83b090e5c7b76d5245c07d
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-03-06 04:41:47 +01:00
Jelmer Vernooij
84922852c3 Add RemoteTestCase and RemoteError to samba.subunit.
Change-Id: Ib3946cf4eae69f53270a299660f6029290d3791a
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-03-06 04:41:47 +01:00
Jelmer Vernooij
8487f4afc1 Use Samba-only subunit module in selftest/tests/.
Change-Id: I48c61f975c1fa49f6e244ad39dd720fe507db45b
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-03-06 04:41:46 +01:00
Jelmer Vernooij
9a1a34451f Fix copyright headers for python/samba/subunit.
Change-Id: I5b554051f23f31d20b4f4325debcd6717ba8369e
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-03-06 04:41:46 +01:00
Jelmer Vernooij
44a561fa45 subunitrun: Use new samba.subunit.run module.
Change-Id: I4a4d2237ec9ef090bf95a0ea57285610047451e5
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-03-06 04:41:46 +01:00
Jelmer Vernooij
daf63fef10 Add simple subunit runner outputting subunit v1.
This is a short module (< 1k lines) that removes the need to
depend on subunit, testtools, extras and mimeparse. It is
based on an extract from testtools and subunit.

Change-Id: I0a4f3060b25f7bde602a07ed6bef71c8196fca64
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2015-03-06 04:41:46 +01:00
Andrew Bartlett
e5f8b49e21 s4/scripting/devel: Add tool to roll over the krbtgt password
This may be handy if this key is compromised, or along with chgtdcpass to isolate test copies
of production domains in such a way that they cannot mix.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2015-02-25 01:08:12 +01:00
Marc Muehlfeld
16a526be4f group.py: Fix wrong example option, remove wrong comment line
Replaced "--gid" with the correct "--gid-number" in Example 3.
Additionally removed the first comment line in group.py, which
was wrong in that file.

Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2015-02-17 15:41:11 +01:00
Jelmer Vernooij
bee48acad0 rpc_talloc: Update instructions to use standard unittest runner.
Change-Id: Id90541b01073f1156ccba562ba750245aad091c2
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>

Reviewed-by: Andreas Schneider <asn@samba.org>
2015-02-17 15:41:10 +01:00
Marc Muehlfeld
362cac25a7 samba-tool: Create NIS enabled users and unixHomeDirectory attribute
Allow to create NIS enabled user accounts via 'samba-tool user add'.

To create NIS enabled accounts, the parameters
--uid-number=, --login-shell=, --unix-home=, --gid-number=
are mandatory. Because we didn't had a parameter to set unixHomeDirectory
yet, this patch also adds this feature.

'unixUserPassword: ABCD!efgh12345$67890' is added by default, when you
enable NIS on an account in ADUC. The same we do in samba-tool.

See: https://bugzilla.samba.org/show_bug.cgi?id=10909

Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>

Autobuild-User(master): Marc Muehlfeld <mmuehlfeld@samba.org>
Autobuild-Date(master): Tue Feb  3 17:18:32 CET 2015 on sn-devel-104
2015-02-03 17:18:32 +01:00
Kamen Mazdrashki
599187ead6 s4-dsdb-test: Implement samdb_connect_env() to rely solely on environment
this is to help me port Python tests to be more Unit test alike
and remove all global handling
Starting from a new test suite - tombstone_reanimation.py

Andrew Bartlett rose his concerns that passing parameters
through environment may make tests hard to trace for
failures. However, passing parameters on command line
is not Unit test alike either. After discussing this with him
offline, we agreed to continue this approach, but prefix
environment variables with "TEST_". So that an env var
should not be used by coincidence.

Change-Id: I29445c42cdcafede3897c8dd1f1529222a74afc9
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-02-03 05:02:11 +01:00
Nadezhda Ivanova
ac8b8e5539 s4-dsdb: Tests for security checks on undelete operation
Implemented according to MS-ADTS 3.1.1.5.3.7.1. Unfortunately it appears
LC is also necessary, and it is not granted by default to anyone but
System and Administrator, so tests had to be done negatively

Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Change-Id: Ic03b8fc4e222e7842ec8a9645a1bb33e7df9c438
2015-02-03 05:02:11 +01:00
Kamen Mazdrashki
e33c549143 s4-tests: Print out what the error is in delete_force()
Change-Id: Iaa631179dc79fa756416be8eaf8c55e3b0c1a29f
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2015-02-03 05:02:11 +01:00
Stefan Metzmacher
0e37189dab python/samba/tests: don't lower case path names in connect_samdb()
We should not lower case file names, because we may get a path to sam.ldb.
Now we only lower case ldap urls.

For a long time I got failing private autobuild like this:

[1623(9233)/1718 at 1h28m9s] samba4.urgent_replication.python(dc)(dc:local)
Failed to connect to ldap URL
'ldap:///memdisk/metze/w/b12985/samba/bin/ab/dc/private/sam.ldb' - LDAP client
internal error: NT_STATUS_NO_MEMORY
Failed to connect to
'ldap:///memdisk/metze/w/b12985/samba/bin/ab/dc/private/sam.ldb' with backend
'ldap': (null)
UNEXPECTED(error):
samba4.urgent_replication.python(dc).__main__.UrgentReplicationTests.test_attributeSchema_object(dc:local)
REASON: _StringException: _StringException: Content-Type:
text/x-traceback;charset=utf8,language=python
traceback
322

The problem is that /memdisk/metze/W/ is my test directory instead
of /memdisk/metze/w/.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2015-02-01 22:42:07 +01:00
Christof Schmitt
c31f54112e samba3.py: Correctly initialize cache directory for passdb test
Running 'make test TESTS=tests.samba3' succeeds, but the log shows that
it tried to open the gencache tdb in the wrong directory:
Unable to create directory /usr/local/samba/var/cache for file gencache.tdb. Error was No such file or directory

Fix this by correctly initializing the cache directory.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>

Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Fri Jan 16 02:36:39 CET 2015 on sn-devel-104
2015-01-16 02:36:39 +01:00
Andrew Bartlett
ad074795e3 dns.py: Always remove the test zone in tearDown()
Change-Id: Ic6d6c51579f8859b4e396179123974382c253bf7
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Mon Dec 22 08:21:22 CET 2014 on sn-devel-104
2014-12-22 08:21:22 +01:00
Samuel Cabrero
336ffb29b5 dns.py: Test dns server reload zones from DSDB when are created or deleted
Signed-off-by: Samuel Cabrero <samuelcabrero@kernevil.me>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2014-12-22 05:57:08 +01:00
Kamen Mazdrashki
29732b0d42 s4-tests/env_loadparm: Throw KeyError in case SMB_CONF_PATH
A bit more specific for the caller to "know" that env key is missing

Change-Id: I4d4c2121af868d79f46f865f420336222bc67347
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>

Autobuild-User(master): Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date(master): Mon Dec  8 05:27:34 CET 2014 on sn-devel-104
2014-12-08 05:27:33 +01:00
Daniel Cotton
87d39a8204 Minor spelling correction in samba-tool domain
Signed-Off-By: Daniel Cotton <danielcotton.patches at gmail.com>
Reviewed-By: Michael Adam <obnox@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>

Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date(master): Tue Dec  2 01:18:53 CET 2014 on sn-devel-104
2014-12-02 01:18:53 +01:00
Jelmer Vernooij
7dbc58f524 Reduce number of places where sys.path is (possibly) updated for external module paths.
Change-Id: I69d060f27ea090d14405e884d1ce271975358c56
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date(master): Sun Nov 30 20:54:04 CET 2014 on sn-devel-104
2014-11-30 20:54:03 +01:00
Guenter Kukkukk
d5af53c537 samba-tool: Fix the IP output of "samba-tool dns serverinfo <some_server>"
Avoid hardcoded IP-strings, use standard python IP functions to format
IPv4 and IPv6 addresses correctly.

I have removed the display of the port number.
MS-DNSP 2.2.3.2.2.1 DNS_ADDR: (from May 15, 2014)
Port Number (2bytes): Senders MUST set this to zero, and receivers MUST ignore
it.

Signed-off-by: Guenter Kukkukk <linux@kukkukk.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2014-11-26 01:22:05 +01:00
Guenter Kukkukk
4bda589c8e samba-tool: Fix enum values in dns.py
DNS_ZONE_UPDATE_SECURE was used twice, DNS_ZONE_UPDATE_UNSECURE was missing.

Signed-off-by: Guenter Kukkukk <linux@kukkukk.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2014-11-26 01:22:05 +01:00
Jelmer Vernooij
21280da0d6 sec_descriptor test: Simplify, use samba.tests.subunitrun module.
Change-Id: I4ffda49cf3e209eaa28fc83f6fd9ded47f0ad7ee
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-11-22 02:23:10 +01:00
Jelmer Vernooij
ee281c61d0 Move option handling into samba.tests.subunitrun.
Change-Id: I65a73b74854af636413f4f284147f3bcf28b6f82
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-11-22 02:23:10 +01:00
Jelmer Vernooij
24035a6b3e Move option parsing to samba.tests.subunitrun.
Change-Id: I2939c1b6ebb9739530efa9bc4667668cff7a7aeb
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-11-22 02:23:10 +01:00
Jelmer Vernooij
8d8d800a0f Add convenience class for old-style Samba subunit python tests.
Change-Id: I84a97cc71cfa99c14e0c93ec19ff9eea6149bb5a
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-11-22 02:23:10 +01:00
Jelmer Vernooij
776424e991 Add samba.ensure_third_party_module() function, loading external python modules from third_party/ if the system doesn't provide them.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-11-12 20:21:09 +01:00
Amitay Isaacs
faa3423d1a s4-dns: Add support for BIND 9.10
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Matthieu Patou <mat@matws.net>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Sat Oct 25 05:42:19 CEST 2014 on sn-devel-104
2014-10-25 05:42:19 +02:00
Amitay Isaacs
58334eb58e s4-dns: Update template variables, change BIND98 --> BIND9_8
This makes it easier to add suport for BIND 9.10.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Matthieu Patou <mat@matws.net>
2014-10-25 03:21:04 +02:00
Marc Muehlfeld
4bec186798 samba-tool group add: Add option --nis-domain and --gid
This allows creating RFC2307 enabled groups via samba-tool

Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Oct 23 18:19:35 CEST 2014 on sn-devel-104
2014-10-23 18:19:35 +02:00
Marc Muehlfeld
4ab6df622c samba-tool: Add exception when trying to add/remove none existent users from a group.
This allows a better scripting around samba-tool for adding/removing users
to/from groups. Before the output and the return code had indicated that
everything was successul.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10871

Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-10-23 15:56:04 +02:00
Michael Brown
88f9f50024 Add missing parameters to drs_Replicate in rodc.py
* rodc.py: destination_dsa_guid parameter was neglected
  in drs_Replicate call
* rodc.py: cancel the local_samdb transaction on error

Change-Id: I962315a26ec48dc8774bb41db760387a3469c919
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Thu Oct 23 03:05:00 CEST 2014 on sn-devel-104
2014-10-23 03:05:00 +02:00
Andrew Bartlett
022f1ca7fc tests: Allow "max open files" to differ from the documentation
It is system-dependent.

Andrew Bartlett

Change-Id: Icf21476c00295a428ad808bc56ab8153f109627f
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-10-17 12:57:06 +02:00
Jelmer Vernooij
23ac8d130c urgent_replication: Use subunit reporting, remove allow_empty_output.
Change-Id: I6d479b218eff6c4292fbb99e4760bbd62ce1f380
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-10-14 06:44:07 +02:00
Jelmer Vernooij
d9458aa2d9 samba.tests.unicodenames: Fix docstring formatting so pydoctor understands it.
Change-Id: I8983cd4483c380fd0c9e4da843eb70750450a0fa
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-10-14 06:44:06 +02:00
Jelmer Vernooij
eef3a7be2d samba_tool_drs: Fix docstring formatting so pydoctor groks it.
Change-Id: I827044ef876118935b0f91e318d3c815326a2f01
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-10-14 06:44:06 +02:00
Jelmer Vernooij
2cdf553545 samba.tests.source: Fix lint.
Change-Id: I3dc614c34aa2c4fca6f2ca68196e71b9129b5b76
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-10-14 06:44:06 +02:00
Jelmer Vernooij
997ee574a3 Remove obsolete pep8 test.
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Change-Id: I7f6634a035e9c93820cd4eef0261ecd5dd3865ab
2014-10-14 06:44:06 +02:00
Jelmer Vernooij
0c24085317 Fix more pep8 issues in code I touched recently.
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Change-Id: I35f3204bdf5d00b3280d703427ded2fa2163a6f7
2014-10-14 06:44:06 +02:00
Jelmer Vernooij
9a014d265b Remove last instances of pep8 error E602 (old style exceptions).
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Change-Id: If709757643e6eed8cffa8950170c337f51edb9d9
2014-10-14 06:44:06 +02:00
Jelmer Vernooij
2553714004 Remove last instance of pep8 error E701 (more statements on one line).
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Change-Id: I419f0536b43d98ce6bb52c5907413a02ea1a6937
2014-10-14 06:44:06 +02:00
Jelmer Vernooij
bbaa739bbd Remove remaining instance of pep8 E211 (too many spaces before operator).
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Change-Id: I9af3bf582bba8fc1094addb12cd0a5ce04406b5b
2014-10-14 06:44:06 +02:00
Matthieu Patou
3783f49abd tests: Pass the test context as lp_ctx for messaging tests
Change-Id: I1acf5c42b21465a8c45549039f0054414b8f31d1
Signed-off-by: Matthieu Patou <mat@matws.net>
2014-10-08 01:09:50 +02:00
Andrew Bartlett
b9701a0a79 provision: Change the default functional level of new Samba domains to 2008R2.
Windows 2003 is going out of support shortly, and we want users to have AES by default

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-09-30 12:32:05 +02:00
Andrew Bartlett
f80780925f provision: explain why this is required
Change-Id: Iaf8b13010b52e03db2eefe1ad565d7ca768ffb48
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-09-27 01:35:36 +02:00
Björn Jacke
815fdb493b samba-tool: fix reply when zero day pwd expiry is set
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10318

Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Mon Sep  8 14:15:51 CEST 2014 on sn-devel-104
2014-09-08 14:15:51 +02:00
Andrew Bartlett
b55a91e9d2 join.py: Set NT ACL on crossRef object for new partition
Change-Id: Icb1b00697cc5641481370ded26f2f0551a5b2a97
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Sep  2 14:15:54 CEST 2014 on sn-devel-104
2014-09-02 14:15:54 +02:00
Stefan Metzmacher
eee14f775e samba-tool/ldapcmp: update the list of non replicated attributes
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10788

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Sep  2 03:49:49 CEST 2014 on sn-devel-104
2014-09-02 03:49:48 +02:00
Andrew Bartlett
b9e1736216 join.py: Ensure to fill in samAccountName so we get the domain$ account
Otherwise, we get a random samAccountName

Andrew Bartlett

Change-Id: I87ea532fe22c1b2d2effd52859da3b357f692b5a
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-09-01 00:36:42 +02:00
Andrew Bartlett
36085a222c provision: Only create hard links for ForestDnsZones if it exists on this DC
We might be a subdomain, and not host this partition.

Andrew Bartlett

Change-Id: I9aa32c5692cd9fd0a6bced8bea37cd8593b31906
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2014-09-01 00:36:42 +02:00
Andrew Bartlett
0edc1476b7 join.py: Ensure we set the SID of the parent domain on the trust record
Change-Id: Ifaf3f2d1240d983a48ee1874fdc9c266354f6754
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
2014-09-01 00:36:42 +02:00
Andrew Bartlett
964e412ead python: Use the security.dom_sid type for ctx.domsid in join.py and provision
Change-Id: I1266f77184d68aae6a39a73bac8a432fdd707b2e
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
2014-09-01 00:36:42 +02:00
Andrew Bartlett
204337f454 provision: Use names.domainsid and names.domainguid
This is better than passing around parameters to functions all over
the provision stack and makes it easier to pass in a seperate forest
SID when we start to support subdomains.

Change-Id: I3787f4f3433ca04628f888135c7c0c8195379542
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
2014-09-01 00:36:42 +02:00
Andrew Bartlett
6ad24d072e provision: Only calculate ForestDNSZone GUID if we need it
Change-Id: Ie33812627ce7ececda681c2d784b1ca97b1b73c4
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
2014-09-01 00:36:41 +02:00
Andrew Bartlett
c11a89a2c1 join.py: Reinstate full_nc_list and make creation of NTDS-DSA object common
The new function join_ntdsdsa_obj() returns the object, to be added over LDAP or DsAddEntry().

Andrew Bartlett

Change-Id: I41ac256fb3d4edffc617af4ae580acd941b4de83

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
2014-09-01 00:36:41 +02:00
Jelmer Vernooij
b1229715ee samba.netcmd.domain: desactivating -> deactivating.
Change-Id: I463823589049e81bcd4032f3e7bc6b5f2fb0d28d
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2014-08-31 21:21:13 +02:00
Jelmer Vernooij
daaddc4c1d samba.netcmd.domain: Fix incorrect variable names, causing NameErrors.
Change-Id: I1c78f07f942a8b03ac88de98b18ac636b7124e22
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2014-08-31 21:21:13 +02:00
Jelmer Vernooij
3b04d16d6b samba.netcmd.domain: Remove unused import.
Change-Id: I33f3ba55540be01fd15bfc3d75ebb73cbf5ead9e
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2014-08-31 21:21:13 +02:00
Jelmer Vernooij
fdbd6efa13 samba.netcmd.domain: Just catch ImportError, not any parsing errors in cmd_domain_export_keytab.
Change-Id: If5710565c74e87fe218a83f31cddcf64605e522e
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2014-08-31 21:21:13 +02:00
Stefan Metzmacher
5533d9c3db python/join: use lowercase for the dnshostname.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-08-26 09:13:06 +02:00
Marc Muehlfeld
679d77a226 Redescribe --userou usage
Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2014-08-06 22:26:15 +02:00
Amitay Isaacs
ff13e28d8c tests: dnsserver: Remove duplicate empty test function
This test function is defined further in the file.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul 30 07:00:57 CEST 2014 on sn-devel-104
2014-07-30 07:00:57 +02:00
Amitay Isaacs
6d104182d9 tests: dnsserver: Add a update test with name set to '.'
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jul 29 19:33:19 CEST 2014 on sn-devel-104
2014-07-29 19:33:19 +02:00
Andrew Bartlett
9bfbff6543 dbcheck: Add check and test for various invalid userParameters values
Bug: https://bugzilla.samba.org/show_bug.cgi?id=8077
Change-Id: I6f2f4169856ce78c62e3a7e74b48520cca9cb9ae
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-07-09 08:42:08 +02:00
Garming Sam
fdc9a322b1 param: Amend docs.py test to check dumping of flagged parameters
This test uses an empty smb.conf file to check if the resulting
output from testparm is empty.

It also sets a parameter as default in an smb.conf file and then
sets the option on the command line to ensure they are displayed
correctly.

Change-Id: I48f05b6e3c9e5cd856e89b196e00ae35eb93bf9f
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jul  8 01:57:59 CEST 2014 on sn-devel-104
2014-07-08 01:57:59 +02:00
Garming Sam
cafe2966a0 param: remove idmap parameters as special cases in docs.py
Change-Id: Ie2395ddbe9e055b9972fd859615a022d9f675014
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@samba.org>
2014-07-07 23:32:36 +02:00
Garming Sam
e87cb83b47 param: handle smb_ports as a special handler
Avoids some problems with using str_list_make and str_list_make_v3 and tries to
verify if the ports assignment is reasonable

Change-Id: I441c4cca605c7548a5023b65994004fbac57d2df
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@samba.org>
2014-07-07 23:32:36 +02:00
Björn Baumbach
fe14a3f758 samba-tool domain: remove duplicate check if site is set
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
2014-06-18 14:07:11 +02:00
Björn Baumbach
4ca1d69d7d samba-tool: add --site parameter to provision command
This new parameter offers the option to specify a default initial site name.
Otherwise it will be "Default-First-Site-Name".

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
2014-06-18 14:07:11 +02:00
Björn Baumbach
4ebd7250ef provision/sambadns: remove redundant site parameter
The sitename is already included in "names" parameter.

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
2014-06-18 14:07:11 +02:00
Andreas Schneider
be07b8bc90 tests: Add doc exception for spoolss: OSVERSION.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri May 23 20:10:49 CEST 2014 on sn-devel-104
2014-05-23 20:10:49 +02:00
Kai Blin
634f116fbb provision: Correctly provision the SOA record minimum TTL
This fixes bug #10466

Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-by: Guenter Kukkukk <kukks@samba.org>

Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Wed May 21 10:55:00 CEST 2014 on sn-devel-104
2014-05-21 10:55:00 +02:00
Kai Blin
392ec4d241 bug #10609: CVE-2014-0239 Don't reply to replies
Due to insufficient input checking, the DNS server will reply to a packet that
has the "reply" bit set. Over UDP, this allows to send a packet with a spoofed
sender address and have two servers DOS each other with circular replies.

This patch fixes bug #10609 and adds a test to make sure we don't regress.
CVE-2014-2039 has been assigned to this issue.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10609

Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Tue May 20 04:15:44 CEST 2014 on sn-devel-104
2014-05-20 04:15:44 +02:00
Garming Sam
b6b9f0821a docs: enable checking of parametric options assignment
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-05-07 19:49:17 +02:00
Garming Sam
ad09b3e608 param: correctly use param_table.c as a regular C file
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-05-07 19:49:16 +02:00
Garming Sam
8abbfa9fc9 docs: add test to docs.py to set parameters to some arbitrary value
This does not currently test enums.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-05-07 19:49:15 +02:00
Garming Sam
8e9d2626eb docs: change docs.py to test the setting of parameters to defaults
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-05-07 19:49:15 +02:00
Björn Baumbach
4b4f4e0f4f samba-tool ldapcmp: fix a typo
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-05-03 01:51:08 +02:00
Andrew Bartlett
393348d11e dbcheck: Directly call dn.get_rdn_{val,name}() for clarity and consistency
When looking for incorrect name values, this improves the previous
code by avoiding one more manual parse step, and uses less cryptic
variable names.

Andrew Bartlett

Change-Id: Iff8e571a6359a67bf173f729dc12b8787292b3cb
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2014-05-02 01:19:19 +02:00
Stefan Metzmacher
709ed040ec dbchecker: verify and fix broken dn values
With older Samba versions (4.0.x) the following could happen:

- On account was created on DC1
- It was replicated to DC2
- The connection between the dcs is offline
- The account gets modified on DC2
- The account gets deleted on DC1
- The connection becomes online again
- DC1 replicates the modification from DC2,
  this resets the dn to the original value.
  'name' and 'cn' are correct (with '\nDEL${GUID}'),
  but 'dn' is wrong.
- DC2 replicates the deletion from DC1.
  this doesn't include a changed dn as DC1
  had a bug.
  'name' is correct (with '\nDEL${GUID}'),
  but 'cn' and 'dn' are wrong.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10536
Change-Id: Ia70a6c12e0ff0d4c2c8100cb1d8f3c6422b65591
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-05-02 01:19:19 +02:00
Stefan Metzmacher
821d7dc7b3 dbchecker: make the deleted objects container detection more generic
Change-Id: I282ad887c41412e25fdf73476e405f4e88e0b239
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-05-02 01:19:19 +02:00
Kamen Mazdrashki
1b71f080ea s4:kcc_util: fix loading connection transport object - used to refer to not defined object
Change-Id: If8dc8e8db85f1a882ec73dc83d28fa1b5156de84
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
2014-04-22 23:34:15 +02:00
Kamen Mazdrashki
42fb23b8b2 s4:kcc_utils: Propagate 'samdb' into load_connection_transport() method
so it is actually able to make samdb.search-es

Change-Id: I8491fd215710a53fbb41d607381f89afb5267464
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
2014-04-22 23:34:15 +02:00
Kamen Mazdrashki
8b68f9b931 s4:KCC: Use dsdb.DS_DOMAIN_FUNCTION_2008 constant for DS-Behavior comparisons
DS_BEHAVIOR_WIN2008 was used so far which is a leftover from previous
KCC implementation in "C"

Change-Id: Id9b6551073c0b17cc27e086faa315b01305f39a5
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
2014-04-22 23:34:15 +02:00
Kamen Mazdrashki
c9b1f6b366 samba-tool/upgrade: Fix exception thrown during upgrade from samba3
Change-Id: Ib486c0c7a68c53c61acdf270f966a43b1c61bace
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
2014-04-22 23:34:15 +02:00
Andreas Schneider
d1ee35dc36 dns.py: Use the python socket module.
We preload socket_wrapper, no need to use the special module.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-04-17 14:56:07 +02:00
Jelmer Vernooij
986e53967a Typo: Commiting -> Committing
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Change-Id: I9d71706ce6d6782da72a26fa37e33fe5b527788e
Reviewed-on: https://gerrit.samba.org/217
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-04-14 01:33:06 +02:00
Andrew Bartlett
ba4c9851f2 samba-tool add password lockout handling to samba-tool domain passwordsettings
Change-Id: I291924785b505b26b91152c0c13b4afd4de068a6
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-04-02 17:12:46 +02:00
Guenter Kukkukk
07b495b271 fix 2 typos
Signed-off-by: Guenter Kukkukk <linux@kukkukk.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-03-31 22:52:13 +02:00
Felix Botner
5b1d6e722e samba-tool dbcheck: handle missing objectClass
In several cases we have seen objects without the objectClass attribute.
Here the suggestion for a patch to find such objects in "samba-tool dbcheck"
with the option to delete them.

(patch improved by Andrew Bartlett to suggest DRS re-replication)

Signed-off-by: Felix Botner <botner@univention.de>

Change-Id: I8eb0d191a2089271a9af5884d6bfbf173a5c85c6
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-03-27 00:36:31 +01:00
Andrew Bartlett
f596dc94e1 dbcheck: Ensure dbcheck can operate with --attrs set
This also includes a test to ensure we do not regress on this point.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-03-21 08:03:07 +01:00
Garming Sam
cff0f8e75f samba-tool: make provision check for bind version
(small corrections and TODO added following Jelmer's review by abartlet)
Signed-off-by: Garming Sam <garming@catalyst.net.nz>

Change-Id: Iba9a709641dad9f2ae05df0b26ac4cd2ebfc84f0
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Mar  9 02:52:50 CET 2014 on sn-devel-104
2014-03-09 02:52:49 +01:00
Kai Blin
5bd47bb563 dns: Extend tests for records with another type
Add another check to the one added for bug #10471, for added paranoia

Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Tue Mar  4 15:47:10 CET 2014 on sn-devel-104
2014-03-04 15:47:10 +01:00
Kai Blin
d9829df133 bug #10471: Don't respond with NXDOMAIN to records that exist with another type
DNS queries for records with the wrong type need to trigger an empty
response with RCODE_OK instead of returning NXDOMAIN.

This adds a test and fixes bug #10471

Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-04 13:46:34 +01:00
Garming Sam
9f2e6f532d s4:samba-tool/testparm: add a warning when acting as an AD-DC and not using UTF-8
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>

Autobuild-User(master): Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date(master): Mon Feb 10 02:26:28 CET 2014 on sn-devel-104
2014-02-10 02:26:28 +01:00
Garming Sam
f279a297a4 provision: capture slightly less generic exceptions during the test for acls
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2014-02-05 08:42:25 +01:00
Garming Sam
b27543aa72 provision: improve error message when connecting to samdb without the correct permissions
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2014-02-05 08:42:25 +01:00
Garming Sam
a89060a021 provision: Fix failures on re-provision incorrectly blamed on posix acl support.
By doing the test later, there is an actual sam.ldb file that can be connected to.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2014-02-05 08:42:25 +01:00
Garming Sam
fca80dccf8 selftest: updated docs.py script
The script now checks the parameter defaults against the documentation by using
the output of testparm and samba-tool testparm.

It now also uses the ElementTree xml library.

Change-Id: I2657c8c56a8c8383735e659dc9f636b4c5ab460b
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Jan 31 23:22:09 CET 2014 on sn-devel-104
2014-01-31 23:22:09 +01:00
Garming Sam
e465634eec s4-testparm: modify dumping of parameters to use the lib/param code to have more consistent output
In making this change, it also fixes a bug where attempting to dump a parameter would immediately cause an error
(due to a lack of string conversion).

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2014-01-28 17:26:36 +13:00
Andrew Bartlett
6104b1fe98 samba-tool classicupgrade: Remove unsued upgrade_smbconf
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jan 23 23:51:56 CET 2014 on sn-devel-104
2014-01-23 23:51:55 +01:00
Andrew Bartlett
6c6c3fa7cc samba-tool classicupgrade: Remove unsued reference to samba3sam
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
2014-01-23 21:56:25 +01:00
Matthias Dieter Wallnöfer
0c2fbe5a0c samba:python - Py_RETURN_NONE remove compatibility code for releases < 2.4
http://www.python.org/doc//current/c-api/none.html

Reviewed-By: Jelmer Vernooij <jelmer@samba.org>

Autobuild-User(master): Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date(master): Thu Jan  9 16:27:47 CET 2014 on sn-devel-104
2014-01-09 16:27:47 +01:00
Amitay Isaacs
8e7f8a2ab1 netcmd/dns: Catch wildcard patterns when querying for name
DNS query should either be '@' to represent entire zone or a fixed string
and not wildcard search pattern.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Kai Blin <kai@samba.org>
2013-11-30 14:22:57 +11:00
Benjamin Franzke
ca8acb681a provision: Fix string replacement ordering
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-11-11 23:00:54 +01:00
Björn Baumbach
83a3ae18dd CVE-2013-4476: samba-tool provision: create ${private_dir}/tls with mode 0700
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-11-11 11:14:36 +01:00
Samuel Cabrero
d3aee80928 s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Oct 25 00:39:21 CEST 2013 on sn-devel-104
2013-10-25 00:39:21 +02:00
Nadezhda Ivanova
4cf4ed1c3e s4-openldap: Fixed a problem with provisioning with OpenLdap
Credentials are no longer used and there were too many arguments to the
constructor

Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-10-25 09:45:57 +13:00
Jeremy Allison
dfd65f9397 Fix comment showing how to print an ACL to allow debug.
Signed-off-by: Jeremy Allison <jra@samba.org>

Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-10-24 14:21:51 +02:00
Jeremy Allison
a1bc1c32e3 Fix bug 10196 - RW Deny for a specific user is not overriding RW Allow for a group.
Fix posix_acl tests to match the change in writing ACLs
with ID_TYPE_BOTH.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-10-24 14:21:31 +02:00
Nadezhda Ivanova
13a10d4314 s4-samldb: Do not allow deletion of objects with RID < 1000
According to [MS-SAMR] 3.1.5.7 Delete Pattern we should not allow deletion
of security objects with RID < 1000. This patch will prevent deletion of
well-known accounts and groups.

Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by:   Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Mon Oct 14 13:31:50 CEST 2013 on sn-devel-104
2013-10-14 13:31:50 +02:00
Andrew Bartlett
af3138e9b6 samba-tool domain join subdomain: Rework sambadns.py to allow setup of DomainDNSZone only
This skips handling the ForestDNSZone when we are setting up a subdomain.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Oct 11 10:27:49 CEST 2013 on sn-devel-104
2013-10-11 10:27:49 +02:00
Andrew Bartlett
d5077baee2 join.py: Reconnect to the DC based on the DC name in dnsHostName to allow connection to IPC$
The treeConnect&X of the GUID name fails against Windows 2003.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-11 08:34:08 +02:00
Andrew Bartlett
5a9265de88 join.py: Remove special full_ncs handling, we only need to updateRefs on an NC we replicate
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-11 08:34:03 +02:00
Andrew Bartlett
ca7c3fb279 join.py: Use ctx.forestdns_zone variable
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-11 08:33:23 +02:00
Andrew Bartlett
a8c6dd5438 join.py: Correct ctx.forestdns_zone and so remove the need for duplicate repl.replicate() call
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-11 08:33:00 +02:00
Andrew Bartlett
48b979c4fe provision: Remove --username and --password options from samba-tool domain provision
This avoids confusion, because the LDAP backend does not use these,
and they do not set the password for the administrator account either!

This may break support for the 'existing' backend LDAP backend, but
that is nothing more than a stub for future development anyway, and
new work in this area should use EXTERNAL in any case.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-11 08:32:10 +02:00
Stefan Metzmacher
a2d45cf49e provision/sambadns: CN=MicrosoftDNS,CN=System, is relative to DOMAINDN
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Oct 10 10:24:55 CEST 2013 on sn-devel-104
2013-10-10 10:24:55 +02:00
Andrew Bartlett
a90067ec8e provision: Fix comment to refer to correct file (krb5.conf)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-10 08:35:30 +02:00
Nadezhda Ivanova
fc486d861c s4-openldap: Restored openldap-related options to the provision script
At the moment they are only available if TEST_LDAP=yes to avoid accidental use
as the openldap backend is still failing some tests

Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Thu Sep 26 07:31:05 CEST 2013 on sn-devel-104
2013-09-26 07:31:05 +02:00
Andrew Bartlett
f4ff81f579 dbcheck: Add back the elements that were wrongly removed from CN=Deleted Objects
This is the final part of the fix for the issue in Samba 4.1
pre-release tree where we would wrongly delete the Deleted Objects
container during a join.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Sep 24 09:31:37 CEST 2013 on sn-devel-104
2013-09-24 09:31:37 +02:00
Andrew Bartlett
bcd535e95c dbcheck: Ensure to always increase the error_count
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-09-24 07:44:29 +02:00
Nadezhda Ivanova
5805b7abc8 s4-openldap: Added an -H option to delegation script
Also calling delegation locally without credentials, as this is not really
necessary and causes selftest errors against the openldap backend.

Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-09-23 18:40:25 -07:00
Andrew Bartlett
8d8872ae0a python-samba-tool fsmo: Do not give an error on a successful role transfer
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9461

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Sep 23 12:00:24 CEST 2013 on sn-devel-104
2013-09-23 12:00:24 +02:00
Andrew Bartlett
9e1dde15f9 dbcheck: Look for and fix the all-zero invocationID in replPropertyMetaData
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-09-22 14:39:50 -07:00
Andrew Bartlett
a623359fb8 python/drs: Ensure to pass in the local invocationID during the domain join
This ensures (and asserts) that we never write an all-zero GUID as an invocationID
to the database in replPropertyMetaData.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-19 12:25:41 -07:00
Howard Chu
31ca4fc674 OpenLDAP provisioning tweaks
Remove BerkeleyDB-specific setup.
Streamline cn=samba partition initialization - allow any backend type for it.
Use back-mdb instead of back-ldif for cn=samba partition

Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>

Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Wed Sep 18 21:39:51 CEST 2013 on sn-devel-104
2013-09-18 21:39:51 +02:00
Howard Chu
743d4a474e Use SASL/EXTERNAL over ldapi://
The provision script will map the uid of the user running the
script to the samba-admin LDAP DN.

Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-09-18 19:47:55 +02:00
Howard Chu
ff88694027 Give slapd a second to startup
Moving the sleep to the beginning of the loop avoids most
occurrences of the "connection failed" message

Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>

Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Wed Sep 18 07:43:09 CEST 2013 on sn-devel-104
2013-09-18 07:43:09 +02:00
Howard Chu
dcbd4ede2f Fix OpenLDAP partition configs
Update to use LMDB backend, BDB is deprecated
Update to support DomainDNSZones and ForestDNSZones partitions.

Signed-off-by: Howard Chu <hyc@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-09-17 05:56:56 +02:00
Andrew Bartlett
4dacaef2ea dsdb: Use credentials.get_forced_sasl_mech()
This will allow us to force the use of only DIGEST-MD5, for example,
which is useful to avoid hitting GSSAPI, SPNEGO or NTLM when talking
to OpenLDAP and Cyrus-SASL.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>

Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date(master): Tue Sep 17 01:41:41 CEST 2013 on sn-devel-104
2013-09-17 01:41:41 +02:00
Andrew Bartlett
68f7cd1724 samba-tool domain provision: Make ldap_backend_startup.sh +x and take optional arguments
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
2013-09-16 14:43:44 -07:00
Andrew Bartlett
ef830f7e71 samba-tool domain join: Set server role correctly to "active directory domain controller"
We changed the magic string when we reworked the list of server roles.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Sep 16 23:33:41 CEST 2013 on sn-devel-104
2013-09-16 23:33:40 +02:00
Andrew Bartlett
1d92d5b19b samba-tool domian join: Only print adminpass warning on subdomain creation
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16 19:37:12 +02:00
Andrew Bartlett
84dc9f8cc1 samba-tool domain join: Add --quite and --verbose
This means we now use logger consistently between doimin join, domain dcpromo
and domain provision.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16 19:37:04 +02:00
Andrew Bartlett
650eca0e06 join.py: Restore support for joining as a subdomain
This set of patches fixes up the errors that were introduced into the partial support
during the past couple of years.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16 19:36:45 +02:00
Andrew Bartlett
3af4f0377e join.py: Handle more error cases with useful exceptions
This will help track down strange failures in the future.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16 19:36:28 +02:00
Andrew Bartlett
a5e4c4520a samba-tool domain join subdomain: Set "reveal_internals:0" control so we can see the ncName
The issue here is that we create the ncName remotely with DsAddEntry,
and then replicate it back.  However, at this point the naming context
pointed at by the ncName does not exist!  The issue is that the
extended_dn_out module then hides the link, because it points to a
missing object.  The reveal_internals control forces this link to be
returned, and so we can then find the GUID, to create the domain with
the right GUID.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16 19:36:18 +02:00
Andrew Bartlett
bbeca62ccf join.py: Show which database we failed to find the DN on (clarify local v remote)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16 19:35:30 +02:00
Andrew Bartlett
ccb1beb9a3 join.py: Handle exceptions when looking for GUID in a DN
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-09-16 19:35:21 +02:00
Andrew Bartlett
b106d9090e scripting/join.py: Handle creating the dns-NAME account during a DC join
This will ensure that the DLZ plugin works out of the box when joining a second Samba DC to the
domain.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2013-09-04 07:06:05 +02:00
Stefan Metzmacher
3430448fc0 python/provision: remove unused linklocal=False argument from interface_ips_v6()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Bjoern Jacke <bj@sernet.de>

Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Fri Aug 30 17:33:58 CEST 2013 on sn-devel-104
2013-08-30 17:33:58 +02:00
Stefan Metzmacher
0e6aca4041 python/pyglue: filter out loopback and linklocal addresses unless all_interfaces is given
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10030

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Bjoern Jacke <bj@sernet.de>
2013-08-30 15:35:18 +02:00
Andrew Bartlett
7615b2549d samba-tool dbcheck: Correctly remove deleted DNs in dbcheck
The previous pattern never matched, as it was a typo.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jul 30 12:55:00 CEST 2013 on sn-devel-104
2013-07-30 12:55:00 +02:00
Andrew Bartlett
eec29db7c2 python samba-tool drs: Correctly print KCC references to deleted servers
Tested against Windows 2008R2, presumably before the KCC ran.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-06-12 10:02:07 +02:00
Andrew Bartlett
c0cbf5936f Remove remaining references to "password level" in the tree
Reviewed-by: Simo Sorce <idra@samba.org>

Autobuild-User(master): Simo Sorce <idra@samba.org>
Autobuild-Date(master): Tue Jun 11 16:25:54 CEST 2013 on sn-devel-104
2013-06-11 16:25:54 +02:00
Kai Blin
8b24c43b38 dns: Delete dnsNode objects when they are empty
If an update leaves the dnsNode without any entries, the dnsNode object
should be deleted. Thanks to Günter Kukkukk for his excellent debugging
work on this one.

This should fix bug #9559

Signed-off-by: Kai Blin <kai@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-06-01 18:48:11 +10:00
Amitay Isaacs
05578dcdbf samba-tool/dns: Set secure zone update flag after creating new zone
Windows DC ignores the secure update flag while creating new zone.  Windows
performs another operation to set the secure update flag.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
2013-05-30 10:44:13 +10:00
Amitay Isaacs
c22eb103d8 samba-tool/dns: Pass on additional flags when creating zones
Windows DCs require additional flags to be set when creating zones.

This fixes bug #9599.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
2013-05-30 10:44:11 +10:00
Amitay Isaacs
612fbc18c3 s4-dns: Support update of SOA records
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
2013-05-30 10:44:08 +10:00
Amitay Isaacs
5a633dd6bb s4-dns: Print/Set minimumTTL value in SOA record
Signed-off-by: Amitay Isaacs <amitay@gmail.com>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May 28 08:47:56 CEST 2013 on sn-devel-104
2013-05-28 08:47:56 +02:00
Andrew Bartlett
3482060271 python-samba-tool domain classicupgrade: Use transactions when adding users/groups/members
This should make things a bit faster when importing very large numbers of users
as we will not constantly rewrite the indicies on disk.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-05-16 19:02:02 +02:00
Andrew Bartlett
ef895fe9e4 samba-tool dbcheck: Use dsdb.DS_GUID_DELETED_OBJECTS_CONTAINER rather than the literal value
This is better practice.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-05-16 19:02:02 +02:00
Andrew Bartlett
9c5756c077 python-samba-tool domain classicupgrade: Correct message about re-promoting BDCs
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-05-16 19:02:02 +02:00
Andrew Bartlett
2c047198ca python-samba-tool domain classicupgrade: Actually Skip domain trust accounts
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-05-16 19:02:01 +02:00
Andrew Bartlett
2e1f14355c python-samba-tool domain classicupgrade: Skip machine accounts that do not end in $
These accounts will not work anyway, as all the domain member lookup code in netlogon expects the $.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-05-16 19:02:01 +02:00
Kai Blin
46e98cf20b dns: Fix allocation of txt_record in txt record tests
Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-By: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu May 16 15:39:15 CEST 2013 on sn-devel-104
2013-05-16 15:39:14 +02:00
Kai Blin
223cf7fb30 dns: more debug debug options in the tests
Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-By: Amitay Isaacs <amitay@gmail.com>
2013-05-16 21:40:42 +10:00
Kai Blin
4364a3faf6 dns: Add support for MX queries
Due to an oversight, the internal DNS server supports MX record updates,
but not MX record queries. Add support for MX queries and tests.

This should fix bug #9485

Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-By: Amitay Isaacs <amitay@gmail.com>
2013-05-16 21:40:35 +10:00
Karolin Seeger
948ef97f08 samba_tool/base.py: Fix typo.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-15 21:04:41 -07:00
Karolin Seeger
86a58b01e0 netcmd/group.py: Fix typo.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-15 21:04:41 -07:00
Matthieu Patou
fbb12b574d samba-tool/tests: Force the gecos of the user to a fixed value.
When --gecos is not specified samba-tool user add will try to read the
gecos field from a getpw call. And if user's GECOS is empty (like the
build user on sn-devel-104) then the test will fail because we can't add
an empty gecos.

Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed May 15 16:19:23 CEST 2013 on sn-devel-104
2013-05-15 16:19:23 +02:00
Matthieu Patou
fffbdf01fa selftest: Output error when samba_tool user command fails
It should help to debug why is it failing on some hosts in the build
farm (ie. sn-devel)
Signed-off-by: Matthieu Patou <mat@matws.net>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-05-06 21:05:29 +12:00
Amitay Isaacs
8543a7b9b3 samba-tool/dns: Fix a typo in ttl variable name
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-04-19 12:30:17 -07:00
David Disseldorp
bb7c6a0bd0 netcmd/dns: fix typo
Fix provided by Tobias Florek.

Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Apr 18 12:40:33 CEST 2013 on sn-devel-104
2013-04-18 12:40:33 +02:00
Rusty Russell
1cf46d2e35 source4/scripting/python/samba/samba3: handle ntdb files.
Upgrading old Samba 3 instances seems like a place where we don't have
to read ntdb files, but Andrew Bartlett points out that you can run a
Samba 4.0 and even a 4.1 'classic' domain and desire to migrate that
to the AD DC.

So make this upgrade code generic: if it finds an ntdb file, read
that, otherwise read the tdb file.

Cc: Jelmer Vernooij <jelmer@samba.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-04-12 14:59:16 -07:00
Andrew Bartlett
f7756137e8 scripting-provision: Do not enforce domain != realm if we are joining an existing domain
This will allow us users to join existing oddly named domains without
objection from provision.

Andrew Bartlett

Reviewed-by: Matthieu Patou <mat@matws.net>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Apr 11 10:41:02 CEST 2013 on sn-devel-104
2013-04-11 10:41:02 +02:00
Andrew Bartlett
e7e37b3b90 python-samba-tool domain classicupgrade: Make failure to connect directly to the LDAP backend fatal
This is better than failing just a little further down the stack with a useless error
about use-before-set.

Andrew Bartlett

Reviewed-by: Michael Adam <obnox@samba.org>
2013-04-10 00:13:45 +02:00
Andrew Bartlett
30adf0cdba scripting: Fill the ProvisionNames hash with strings, not ldb.MessageElement or Dn
This avoids the need to fix it up again in samba_upgradedns.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Mar 25 13:25:30 CET 2013 on sn-devel-104
2013-03-25 13:25:30 +01:00
Andrew Bartlett
5d42260eec samba-tool ldapcmp: Remove the GUID -> name mappings
These mappings are very convenient, however because they are not
one-to-one, they lead to differences being reported when none exist,
dependent only on the order the schema searches return results in.

Sadly the time saved by the names is offset by the time wasted chasing
the 'differences' that don't exist.

This in turn fixes some tests that were previously knownfail

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-25 11:35:04 +01:00
Andrew Bartlett
874a93bc1c scripting: Modify samba.descriptor.get_diff_sds() to cope with a missing reference owner
This allows the reference SD not to have an owner specified, and still
have the comparison with a database SD that does have an owner pass.
(And the same for owning group).

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-25 11:35:03 +01:00
Andrew Bartlett
4789a3072a samba-tool dbcheck: Allow dbcheck to correct an nTSecurityDescriptor without an owner or group
This is done by making a modification to the SD, which triggers it to be
filled in if we have the correct session_info established on the DB.

However, we normally want dbcheck running as system, so we wrap
the session_info set around this operation only.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-25 11:34:59 +01:00
Andrew Bartlett
810f8b48d9 samba-tool dbcheck: Add --reset-well-known-acls
This will allow an upgrade from Samba 4.0.0 without needing to run
samba_upgradeprovision, which for now is not the preferred upgrade
tool.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-25 10:53:47 +01:00
Andrew Bartlett
9040e26841 scripting: Move get_diff_sds from samba.upgradehelpers to samba.descriptor
This helps avoid a dependency loop when we use get_diff_sds in dbcheck.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-25 10:33:37 +01:00
Andrew Bartlett
a113ddbf88 scripting: Modify samba.descriptor.get_wellknown_sds() use samdb calls only
We need this routine not to use the names context as this is tied to
provision, and we end up in a circular dependency if we use that in
dbcheck.

Andrew Bartlett
2013-03-25 10:32:34 +01:00
Andrew Bartlett
352aff8ed7 scripting: Move samba.provision.descriptor to samba.descriptor
This will allow dbcheck to import it, without a cirucular dependency via
samba.provision importing dbcheck.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-25 10:32:11 +01:00
Andrew Bartlett
e81a97dd6f scripting: Make samba.provision.descriptor.get_wellknown_sds() return ldb.Dn objects
As we look to use this function in more places, it does not make sense to constantly create
Dn objects from the strings.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-25 10:29:26 +01:00
Andrew Bartlett
6df17fe799 scripting: Fix documentation comment on upgradehelpers.py:get_clean_sd
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-25 10:28:25 +01:00
Andrew Bartlett
3da89b01fa scripting: Move the list of well known SDs to samba.provision.descriptor
This will allow us to call this from dbcheck.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-25 10:27:58 +01:00
Ricky Nance
96d731c79b samba-tool group list: add more info to samba-tool group list
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Mar 17 12:56:47 CET 2013 on sn-devel-104
2013-03-17 12:56:47 +01:00
Andrew Bartlett
58e385a5ac Revert "Ensure the masks don't conflict with the ACL checks."
This reverts commit 78594909b8 which was
needed by 7622aa16ad.

This change masked bug #9462 which was fixed by
2013bb9b4d.  The issue was that the
defaults for the substituted parameters did not match the old
parameter.  Changing the values in our test suite hid the issue, but
did not fix the issue.

(Additional change in the revert is to correct the expected ACL value
in posixacl.py due to changed implied inherited permissions).

Andrew Bartlett

Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Mar 11 19:46:24 CET 2013 on sn-devel-104
2013-03-11 19:46:24 +01:00
Andrew Bartlett
9b8d5bba50 samba_upgradeprovision: Remove inherited ACEs before comparing the SDs
This avoids changing an SD when it is not really required.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-04 08:33:18 +01:00
Andrew Bartlett
5074b98714 scripting: Rework samba.upgradehelpers.get_diff_sddls to be get_diff_sds
This moves the SDDL conversion inside the get_diff_sds function and prepares
for removing inherited ACEs from the SD before comparison.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-04 08:33:08 +01:00
Andrew Bartlett
24c4d818d1 samba-tool ldapcmp: Add support for checking DNSDOMAIN and DNSFOREST by default
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-04 08:31:05 +01:00
Andrew Bartlett
f508435d23 samba-tool dbcheck: fix msDS-HasInstantiatedNCs attributes to match instanceType on our ntdsDSA
This value is only a link to the local value of intanceType on our server, so only fix it for our server.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-04 08:30:31 +01:00
Andrew Bartlett
97389c3ec2 scripting: Correct parsing of binary DN
The DN is of the form B:8:01020304:DC=samba,DC=example,DC=com.  We need
to account for the case where the 8 is actually (say) 16, and so not just
one character.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2013-03-04 08:24:02 +01:00
Andrew Bartlett
606f5d6cc6 samba-tool ldapcmp: Add --skip-missing-dn to not error on DNs present in one DB but not the other
This is needed to compare some parts of the database, particularly in --two mode, which
are just never going to have exactly the same DNs.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-02 21:52:20 +01:00
Andrew Bartlett
161fa15697 samba-tool domain classicupgrade: Fix typo in error path for multiple account flags
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-02 21:52:19 +01:00
Andrew Bartlett
669c302f2d samba-tool domain classicupgrade: Print a better error when the ldap backend PW was not found
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-02 21:52:19 +01:00
Andrew Bartlett
68f13f5d7e samba-tool dbcheck: fix comment on err_wrong_sd
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-02 21:52:19 +01:00
Jelmer Vernooij
87afc3aee1 Move python modules from source4/scripting/python/ to python/.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Mar  2 03:57:34 CET 2013 on sn-devel-104
2013-03-02 03:57:34 +01:00