1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

3719 Commits

Author SHA1 Message Date
David Mulder
627fb5471b gpo: Extract Access policy from Security extension
Rewrite the extension to be easier to understand,
and to remove references to gp_ext_setter.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:36 +00:00
David Mulder
8971876128 gpo: Extract Kerberos policy from Security extension
Rewrite the extension to be easier to understand,
and to remove references to gp_ext_setter.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:36 +00:00
David Mulder
f5202c7b55 gpo: Add --rsop option to samba-gpupdate
This command prints the Resultant Set of Policy
for applicable GPOs, for either the Computer or
User policy (depending on the target specified).
Policy specific output must be implemented for
each client side extension.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:36 +00:00
David Mulder
88b6266168 gpo: Apply Group Policy Sudo Rights
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:36 +00:00
Douglas Bagnall
e15ee51ef5 s4/scripting/samba_dnsupdate: remove unreachable code
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
2020-07-17 07:17:40 +00:00
David Mulder
a9d1ccc569 gpo: Run Group Policy Scripts
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-06-23 16:32:30 +00:00
Stefan Metzmacher
4d6864e08e samba_dnsupdate: fix delete (samba-tool) message
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-03-27 09:02:37 +00:00
Stefan Metzmacher
88500f7326 samba_dnsupdate: fix --no-credentials handling
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-03-27 09:02:37 +00:00
Andrew Bartlett
d3b385d596 source4/scripting/bin: Swap machine account password scripts
I regularly get requests for my simple script to print the
password from the secrets.tdb (or secrets.ldb on the AD DC).

This removes the old script that only reads the secrets.ldb.

Neither new nor old script has tests, however it seems
better to have it in the tree where it can be found rather
that me digging it out of my outbound e-mail.

Originally posted here:
 https://lists.samba.org/archive/samba/2017-November/212362.html

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-02-06 14:57:42 +00:00
Björn Jacke
e781db805e source4/scripting/bin/samba_upgradeprovision: typo fixes
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2019-10-31 00:43:38 +00:00
Philipp Gesang
3bb7ccb463 s4:scripting: make samba-gpupdate heed --disable-python
Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power<npower@samba.org>

Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed Sep 25 11:06:04 UTC 2019 on sn-devel-184
2019-09-25 11:06:04 +00:00
Björn Jacke
c9088c6aa8 pfm_verif: string concatenation efficiency cleanup
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Matthias Dieter Wallnöfer <mdw@samba.org>
2019-09-24 12:22:45 +00:00
Björn Jacke
c7fa030aec scripting: avoid inefficient string redefinition
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Matthias Dieter Wallnöfer <mdw@samba.org>
2019-09-24 12:22:45 +00:00
Mathieu Parent
eff558035b Spelling fixes s/exising/existing/
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-09-01 22:21:26 +00:00
Mathieu Parent
5fc2c7ddb8 Spelling fixes s/containter/container/
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-09-01 22:21:25 +00:00
Aaron Haslett
6dcf00ba0a downgradedatabase: installing script
Installing downgrade script so people don't need the source tree for it.

Exception added in usage test because running the script without arguments
is valid. (This avoids the need to knownfail it).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14059

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2019-08-20 03:40:28 +00:00
Tim Beale
fdaaee8d3a downgradedatabase: rename to samba_downgrade_db
Just so that it's slightly less of a mouthful for users.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14059

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2019-08-20 03:40:28 +00:00
Aaron Haslett
c4aebb1500 downgradedatabase: comply with samba.tests.source
In next commit we'll install the script, samba.tests.source picked up the
lack of a copyright message and some whitespace errors, so this patch
fixes that stuff first.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14059

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2019-08-20 03:40:28 +00:00
Douglas Bagnall
3134537640 s4/scripting/smbstatus: begone
Untested and unused.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-05 01:05:21 +00:00
Douglas Bagnall
3822a41f74 s4/scripting/autoidl: remove it
What does it even do? Possibly nothing, not least because nobody ever
runs it.

It was introduced as source4/scripting/bin/autoidl.py in
a2446e5f85 ("initial work for script
that uses probing to figure out IDL"). Since then it has only had
superficial patches, generally aimed at Python 3.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-05 01:05:20 +00:00
Douglas Bagnall
075bf60836 s4/scripting/samba_dnsupdate: print usage with no arguments
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-05 01:05:20 +00:00
Douglas Bagnall
c78eef6810 s4/scripting/demodirsync: print usage if no host named
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-05 01:05:20 +00:00
Douglas Bagnall
ffdb0ca8b0 s4/scripting/mymachinepw: print usage with bad arguments
Also, use sys.exit() function, not exit(), because sys.exit() reliably
exists.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-05 01:05:20 +00:00
Douglas Bagnall
e5e4c11371 s4/scripting/get-descriptors: print usage with insufficient arguments
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-05 01:05:20 +00:00
Gary Lockyer
82f327fce8 kcc: default to logging to DBGLVL_WARNING
If the "-d" debug level parameter is not supplied, default to DBGLVL_WARNING.
Overiding the "log level" set in smb.conf.

When samba runs the kcc command stderr output is logged at DBGLVL_ERR,
the default log destination is stderr.  As a result any log messages
generated by the kcc command, are effectively logged at DBGLVL_ERR.
This causes issues if auth or audit logging are enabled in smb.conf.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Tim Beale <timbeale@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jul  2 05:49:43 UTC 2019 on sn-devel-184
2019-07-02 05:49:43 +00:00
Douglas Bagnall
66620567ae s4/scripting/smbstatus: approach py3 compatibility
It is still unused and untested, probably not working.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-02 04:21:36 +00:00
Douglas Bagnall
ae1472834b s4/script/rodcdns: str type doesn't need decoding
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-02 04:21:36 +00:00
Douglas Bagnall
e406b6d796 s4/scripting/autoidl: another py3 incompatible except
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-07-02 04:21:36 +00:00
Aaron Haslett
0942a65b63 downgradedatabase: adding special case for MDB
Though this script was initially written for undoing GUID indexing on
TDB databases, we're repurposing it to do a full downgrade of any
database. MDB databases can't be DN indexed, but they can have pack
format version 2 and ORDERED_INTEGER data types, which must be removed
during a downgrade.

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2019-05-29 04:41:25 +00:00
Andrew Bartlett
09f2a187b3 sambadowngradedatabase: Add "or later" to warning about using tools from Samba 4.8
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2019-05-29 04:41:24 +00:00
Aaron Haslett
c0b679f6a3 sambaundoguididx: renamed to downgradedatabase
In forthcoming commits we're going to repurpose this script to do an
entire downgrade of a database, disabling all new database features.
downgradedatabase is a more appropriate name.

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2019-05-29 04:41:24 +00:00
Andrew Bartlett
40ca8ed5a1 sambaundoguididx: fix for -s
Quick fix running this script with -s instead of -H. samdb_url() returns
a url with a protocol prefix, which causes issues further down in the
script.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2019-05-29 04:41:24 +00:00
Andrew Bartlett
1a9da378a1 sambaundoguididx: Add flags=ldb.FLG_DONT_CREATE_DB and port to Python3
In py3 we need to add an extra str() around the returned ldb value to
enable .split() to be used.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed By: Noel Power <npower@samba.org>

Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Thu May 23 14:25:52 UTC 2019 on sn-devel-184
2019-05-23 14:25:52 +00:00
Joe Guo
165025a56e samba_dnsupdate: flush dns update cache file after write
While running samba python tests with `coverage.py`, `make test` failed
to start ad_dc env since dns_update_cache stays empty.
Flush the file after write fix the issue.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-05-10 08:19:16 +00:00
Noel Power
3e5a2749db s4/scripting/bin Remove unecessary scripts
Apparently we get official schema from MS these days

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-05-06 07:12:18 +00:00
Andrew Bartlett
154370a2e6 build: Remove ndr_PyLong_FromUnsignedLongLong wrapper from NT_STATUS and W_ERROR table generator
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2019-05-06 05:46:11 +00:00
Joe Guo
9314bd0b25 samba_dnsupdate: small tweaks to make code more pythonic
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
2019-04-02 16:09:25 +00:00
Douglas Bagnall
c69092e9ba s4/scripting: remove obsolete w32err_code.py
This has been replaced by gen_werror.py which shares common code with other scripts
(e.g. gen_ntstatus) and is more likely to work with conteporary microsoft HTML.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-03-14 02:12:18 +00:00
Tim Beale
a64c2e3bde s4/scripting: Remove legacy selftest-vars.sh script
This script was added in 2010 and has only been sporadically kept
up-to-date since. It doesn't appear to work (I think that selftest
and the testenvs have perhaps grown in complexity since 2010 and it's no
longer possible to try to access a testenv from a different
process-space, due to how we use the cwrap libraries).

There's now an alternative (export_envvars_to_file()) in the selftest
code to regenerate a similar file, if anyone actually needs it.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-03-12 01:53:26 +00:00
Tim Beale
3bee244394 selftest: Remove unused SELFTEST_INTERFACES
This doesn't appear to be used anywhere and dates back to 2008.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-03-12 01:53:26 +00:00
Douglas Bagnall
0a804d38c4 s4/scripting/autoidl: p3 exception syntax
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-03-12 00:42:18 +00:00
Douglas Bagnall
561b654bc5 s4/scripting: MORE py3 compatible print functions
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-03-12 00:42:18 +00:00
Tim Beale
b348045955 selftest: Remove unused environment variables
We only really want generic environment variables. For 2+ DC
environments, we have the $SERVER and $DC_SERVER (aka PDC) variables.
However, lots of testenvs also export really specific environment
variables, e.g. VAMPIRE_2000_DC_SERVER_IP (despite that testenv being
only used for a single test case).

Previously the <testenv>_SERVER variable was used for DRS tests, but we
can avoid the need to do this now. The other variables are not used at
all.

The RODC and TRUST environment variables are still used by a few tests.
SUBDOM_DC_SERVER is only used within Samba4.pm and not exported.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-02-18 05:42:09 +01:00
Björn Jacke
cd1ac3668c sambaundoguididx: use the right escaped oder unescaped sam ldb files
the correct filename is taken from the partition database before, we should not
unescape that because this can result in a new unescaped ldb file being created
and the script not to work at all.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13759

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-02-17 13:33:12 +01:00
Stefan Metzmacher
19f34b2161 samba_dnsupdate: make rodc_dns_update() more robust against timing problems
Without this we had an interesting race!

The messaging_dgm code caches connected datagram sockets based on the
destination pid for 1 second.

The fact that samba_dnsupdate constantly recreates its messaging
context (and the underlying datagram socket) means that we the winbindd
messaging context may get a stale connection. As a result sending any
message from winbindd back to samba_dnsupdate will result in
ECONNREFUSED.

That means the IRPC response from winbindd never reaches
samba_dnsupdate, which will then hit a timeout.

In turn samba_dnsupdate on the RODC times out.

This was a workaround for the problem, by having just one global
IRPC handle and thus just one messaging_dgm context.
The actual problem is solved a few commits before
("messages_dgm: Properly handle receiver re-initialization").
But we keep this as an performance optimization, which hopefully
means that the overall samba_dnsupdate is less likely to
timeout after the hardcoded 20 seconds.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-02-14 02:18:29 +01:00
Stefan Metzmacher
767e60d973 samba_dnsupdate: make it clear that opts.use_file is active and we're not using nsupdate
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-02-14 02:18:28 +01:00
Joe Guo
87149445af s4/scripting/bin: open unicode files with utf8 encoding and write unicode string
In files like `libcli/util/werror_err_table.txt` and `libcli/util/ntstatus_err_table.txt`,
there were unicode quote symbols at line 6:

    ...(“this documentation”)...

In `libcli/util/wscript_build`, it will run `gen_werror.py` and `gen_ntstatus.py`
to `open` above files, read content from them and write to other files.

When encoding not specified, `open` in both python 2/3 will guess encoding from locale.

When locale is not set, it defaults to POSIX or C, and then python will use
encoding `ANSI_X3.4-1968`.

So, on a system locale is not set, `make` will fail with encoding error
for both python 2 and 3:

    File "/home/ubuntu/samba/source4/scripting/bin/gen_werror.py", line 139, in main
        errors = parseErrorDescriptions(input_file, True, transformErrorName)
      File "/home/ubuntu/samba/source4/scripting/bin/gen_error_common.py", line 52, in parseErrorDescriptions
        for line in file_contents:
      File "/usr/lib/python3.5/encodings/ascii.py", line 26, in decode
        return codecs.ascii_decode(input, self.errors)[0]
    UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 318: ordinal not in range(128)

In this case, we have to use `io.open` with `encoding='utf8'`.
However, then we got unicode strs and try to write them with other strs
into new file, which means the new file must also open with utf-8 and
all other strs have to be unicode, too.

Instead of prefix `u` to all strs, a more easier/elegant way is to enable
unicode literals for the python scripts, which we normally didn't do in samba.

Since both `gen_werror.py` and `gen_ntstatus.py` are bin scripts and no
other modules import them, it should be ok for this case.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Feb  8 06:34:47 CET 2019 on sn-devel-144
2019-02-08 06:34:47 +01:00
Volker Lendecke
9563fcf6ff samba_dnsupdate: With dns_hub, we don't need resolv_wrap
Best viewed with git show -b

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-01-15 07:53:22 +01:00
Guo Qiao
0a449c2b74 s4:scripting:bin: rm rpcclient
This file only works in py2, and no one use it. Just delete it.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-12-17 01:24:14 +01:00
Joe Guo
338413ad5a PY3: change shebang to python3 in source4/scripting dir
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2018-12-14 14:40:20 +01:00
Joe Guo
a19d5bd771 PY3: change shebang to python3 in source4/scripting/bin dir
Samba default python is 3 now.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2018-12-14 14:40:20 +01:00
Noel Power
9116cc8cc8 s4/scripting: python3 fix string.find instance
string.find doesn't exist in python3. Instead use the 'find' method
    of the string instance itself

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-12-14 00:51:33 +01:00
Noel Power
923010d99b various: Remove references to about to be deleted thirdparty/dnspython
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-12-11 20:07:18 +01:00
Noel Power
a25bd836ee python/samba/tests: PY3 port samba.tests.dns
Misc hanges needed to get make test TEST=samba.tests.dns &
samb.tests.dns_fowarder to run and pass under PY3

* socket.send needs bytes not string
* rec.dwTimeStamp expects int not float (in PY3 / operator
  will give float results, for int use '//' instead)
* re.match using bytes needs a bytes search term

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-12-10 10:38:21 +01:00
Noel Power
3495f3fc83 s4/scripting/bin: gensec_client.update needs bytes
PY3 test was failing as param passed to update was str rather than bytes

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-11-14 05:07:17 +01:00
Tim Beale
48cc8a4e32 s4/scripting/bin: PY3 convert servicePrincipalName attr to string
res[0]["servicePrincipalName"] is an instance of ldb.bytes in PY3
If we wish to get the string value we need to call the custom
str function which attempts to decode the bytes to 'utf8'

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed by: Noel Power <npower@samba.org>
2018-11-14 05:07:17 +01:00
Douglas Bagnall
78f5b6e399 s4/scripting/*: py3 compatible print
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <noel.power@suse.com>
2018-11-02 03:48:52 +01:00
Tim Beale
018ff496e4 dnsupdate: Skip kerberos step if use-file specified
If there's a problem in get_credentials() (getting the machine account
Kerberos credentials), then we fallback to use_samba_tool (essentially
ignoring use-file). However, there's no need to do this, as use-file
shouldn't require Kerberos credentials.

This was making bootstrapping issues starting a testenv harder to debug.
Obviously, Kerberos is dependent on DNS functioning correctly, but
running dnsupdate was also dependent on having a working Kerberos KDC.
In my case, the testenv had a bad krb5.conf file, but the problem
appeared as resolv-wrapper errors (due to a missing RESOLV_WRAPPER_HOSTS
file, which should've been generated by dnsupdate).

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Garming Sam <garming@catalyst.net.nz>
2018-11-01 09:41:20 +01:00
Tim Beale
c35fb3a88b dnsupdate: Pass smb.conf through to samba-tool commands
If you call samba_dnsupdate with a --configfile option, this wasn't
passed through to the samba-tool commands the script tries to run.
Normally, samba_dnsupdate would only be run on the DC itself, so it
shouldn't be a big deal, however, this may be a problem if you install
the samba database into a non-default location (i.e. not
/usr/local/samba).

This patch passes through the smb.conf file, if one was specified.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-11-01 09:41:19 +01:00
Douglas Bagnall
b1ba193dd0 s4/scripting/pfm_verify: PY3: use compat.text_type
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <noel.power@suse.com>
2018-11-01 05:08:10 +01:00
Douglas Bagnall
b4fff0ac7d s4/scripting/samba_upgradedns: avoid .has_key()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <noel.power@suse.com>
2018-11-01 05:08:10 +01:00
Douglas Bagnall
2e6fccbb93 s4/scripting/minschema: whitespace reformat and py3 compatible print
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <noel.power@suse.com>
2018-11-01 05:08:10 +01:00
Douglas Bagnall
f109fde362 s4/scripting/autoidl: py3 compatible except
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <noel.power@suse.com>
2018-11-01 05:08:10 +01:00
Douglas Bagnall
105e14cbd1 s4/scripting/demodirsync: fix syntax error
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2018-10-25 21:45:58 +02:00
Douglas Bagnall
6ab7a3beb3 s4/scripting: py3 style 0o123 octal, not 0123
this works with py2.6+ too.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2018-10-25 21:45:58 +02:00
Douglas Bagnall
e9a57a5b01 s4/scripting/pfm_verify: remove duplicate import
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2018-10-25 21:45:56 +02:00
Noel Power
b142e28e35 python/samba: PY3 fix samba4.blackbox.upgradeprovision.release-4-0-0
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-10-23 05:50:28 +02:00
Noel Power
60e7aa86d8 s4/scripting/bin: blobs needs to be bytes
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-10-23 05:50:28 +02:00
Noel Power
1a4e95da2b s4/scripting/bin: PY3 make sure GUID result of format is string
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-10-23 05:50:27 +02:00
Noel Power
f94a813796 s4/scripting: Py2/Py3 for samba4.blackbox.upgradeprovision.alpha13
fixup source4/scripting/bin/samba_upgradedns
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-10-23 05:50:27 +02:00
Noel Power
0febd003b5 s4/scripting: PY2/PY3 port for samba4.blackbox.upgradeprovision.current
o Fix various ldb attribute that need to be converted to string
o dict has no 'has_key' method
o ndr_unpack needs bytes not string
o b64encode needs bytes (so open file with binary mode)
o StandardError was removed in python3 use Exception instead
o fix octal literals
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-10-23 05:50:27 +02:00
Noel Power
9ae5fd65a8 s4/scripting/bin: PY3 Fix exception tuple assignments.
In Python3 to access the exception arguments you need to now use
Exception.args, in Python2 you could access these direcly with the
'except' declaration.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-10-23 05:50:26 +02:00
Noel Power
dcf787b263 s4/scripting: PY3 need to convert cmp funct to key func for sort.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-10-23 05:50:24 +02:00
Noel Power
f5f8676b63 s4/scripting/bin: PY3 Make sure print statements are enclosed by '()'
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-10-23 05:50:24 +02:00
Douglas Bagnall
1139a4a6a0 s4/script/samba_upgradeprovision: set global dnNotToRecalculateFound var
as probably intended. Without this the local variable shadows the
global one and is never used while the global one is never changed.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <noel.power@suse.com>
2018-10-12 04:16:22 +02:00
Douglas Bagnall
69fad8bff0 s4/script/samba_upgradeprovision: remove unused variable
A similarly named variable is always set two lines down, so we don't need this

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <noel.power@suse.com>
2018-10-12 04:16:22 +02:00
Douglas Bagnall
1851c35e99 s4/script/samba_upgradeprovision: remove duplicate (contradictory) dict key
The second, winning, entry says '"defaultSecurityDescriptor": replace + add'

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <noel.power@suse.com>
2018-10-12 04:16:21 +02:00
Douglas Bagnall
cb5ad7fefe s4/script/samba_upgradeprovision: use int not long for Python 3
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <noel.power@suse.com>
2018-10-12 04:16:21 +02:00
David Mulder
4e98d18bea gpupdate: Add the --force option
This option forces the reapplication of policy,
and works the same as MS 'gpupdate /force'

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08 18:17:16 +02:00
David Mulder
4354071b7a gpo: Initialize gp_ext variables in constructor
Initialize variables for the gp_ext in the
constructor instead of passing them via the parse
function.
This is a dependency of the "gpo: Implement
process_group_policy() gp_ext func" patch, since
the parse() function is now called by the ext,
instead of by gpupdate within apply_gp(). The
parse() function should only take the path
variable, to simplify writing Client Side
Extensions.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08 18:17:15 +02:00
David Mulder
f702ad943e gpupdate: Remove the unnecessary url parameter
The samdb object isn't initialized here anymore,
but in the gp_sec_ext, so this parameter to
gpupdate does nothing.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Aurelien Aptel <aaptel@suse.com>
2018-10-08 18:17:15 +02:00
Björn Baumbach
cc30805e5c samba_dnsupdate: honor 'dns zone scavenging' option, only update if needed
Since scavenging is implemented the samba_dnsupdate command always updates all
dns records required by the dc. This is not needed if dns zone scavenging
is not enabled.

This avoids the repeating TSIG error messages:

 # samba_dnsupdate --option='dns zone scavenging = yes' 2>&1 | uniq -c
     29 ; TSIG error with server: tsig verify failure
      1 Failed update of 29 entries
 # echo ${PIPESTATUS[0]}
 29

 # samba_dnsupdate --option='dns zone scavenging = no' 2>&1 | uniq -c
 # echo ${PIPESTATUS[0]}
 0

Note that this results in about 60 lines in the log file,
which triggered every 10 minutes ("dnsupdate:name interval=600" is the default).

This restores the behavior before 8ef42d4dab,
if "dns zone scavenging" is not switched on (which is still the default).

Avoiding the message from happening at all is subject for more debugging,
most likely they are caused by bugs in 'nsupdate -g' (from the bind package).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13605

Pair-programmed-with: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Björn Baumbach <bb@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Björn Baumbach <bb@sernet.de>
Autobuild-Date(master): Wed Sep 12 18:03:10 CEST 2018 on sn-devel-144
2018-09-12 18:03:10 +02:00
Joe Guo
24fe85041f PEP8: fix E122: continuation line missing indentation or outdented
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-09-06 12:10:11 +02:00
Joe Guo
9f5bbcc10a PEP8: fix E713: test for membership should be 'not in'
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24 07:49:31 +02:00
Joe Guo
e940e4cd48 PEP8: fix E711: comparison to None should be 'if cond is not None:'
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24 07:49:30 +02:00
Joe Guo
cabb299749 PEP8: fix E703: statement ends with a semicolon
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24 07:49:30 +02:00
Joe Guo
7b031b01a1 PEP8: fix E502: the backslash is redundant between brackets
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24 07:49:30 +02:00
Joe Guo
115f2a71b8 PEP8: fix E305: expected 2 blank lines after class or function definition, found 1
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24 07:49:30 +02:00
Joe Guo
211c9a5f85 PEP8: fix E302: expected 2 blank lines, found 1
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24 07:49:29 +02:00
Joe Guo
7a07d42230 PEP8: fix E265: block comment should start with '# '
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24 07:49:29 +02:00
Joe Guo
12d3fbe15c PEP8: fix E231: missing whitespace after ','
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24 07:49:28 +02:00
Joe Guo
87bbc2df97 PEP8: fix E226: missing whitespace around arithmetic operator
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24 07:49:28 +02:00
Joe Guo
32266d2d48 PEP8: fix E225: missing whitespace around operator
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24 07:49:28 +02:00
Joe Guo
562411bd95 PEP8: fix E202: whitespace before ')'
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24 07:49:27 +02:00
Joe Guo
a9551edaee PEP8: fix E201: whitespace after '('
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24 07:49:27 +02:00
Joe Guo
bbb9f57603 PEP8: fix E127: continuation line over-indented for visual indent
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24 07:49:26 +02:00
Joe Guo
4fc08d8f14 PEP8: fix E111: indentation is not a multiple of four
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-08-24 07:49:25 +02:00
Aaron Haslett
f17d20123a netcmd: domain backup offline command
Unlike the existing 'domain backup online' command, this command allows an
admin to back up a local samba installation using the filesystem and the
tdbbackup tool instead of using remote protocols.  It replaces samba_backup
as that tool does not handle sam.ldb and secrets.ldb correctly.  Those two
databases need to have transactions started on them before their downstream
ldb and tdb files are backed up.

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-08-06 05:37:42 +02:00
David Mulder
de8b30a726 gpo: Add user policy extensions
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-07-12 22:11:23 +02:00
David Mulder
126b789268 gpo: Dynamically load gp_exts
This loads Group Policy Client Side Extensions
similar to the way that they are loaded on a
Windows client. Extensions are installed to a
configuration file in the samba cache path where
they receive a unique GUID matched with the path
to the python gp_ext file. Classes which inherit
from the gp_ext class (as defined in gpclass.py)
will be dynamically loaded.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-07-12 22:11:23 +02:00
Aaron Haslett
8ef42d4dab dns: update tool changed for scavenging
Now that scavenging is implemented, the DNS update tool needs to be changed so
that it always updates every name required by the DC.  Otherwise, the records
might be scavenged.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10812

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-07-12 04:31:55 +02:00
David Mulder
a958dc35bb samba-gpupdate: Change machine option to target
On a Windows client, you designate machine/user
apply with a 'target' parameter. This change
makes gpupdate work more like that command.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul  4 13:23:09 CEST 2018 on sn-devel-144
2018-07-04 13:23:09 +02:00
David Mulder
c8621948f6 samba_gpoupdate: Rename the command to samba-gpupdate
On a Windows client, this command is called 'gpupdate'

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-07-04 10:22:15 +02:00
Tim Beale
8b07ddde47 provision: set 'binddns dir' when making new smb.conf
When creating a new smb.conf from scratch during a join/clone/etc, the
'binddns dir' setting still uses the source smb.conf/default setting,
instead of the targetdir sub-directory.

I noticed this problem when trying to create a new testenv - the
provision() was trying to create /usr/local/samba/bind-dns directory,
which would fail if samba hadn't already been installed on the host
machine.

Now that this is fixed, we also need to fix tests that were explicitly
asserting that no unexpected directories were left behind after the test
completes.

This change also breaks the upgradeprovision script. The upgrade-
provision calls newprovision() to create a reference provision in a
temporary directory. However, previously this temporary provision was
creating the bind-dns directory in the actual upgrade directory as a
side-effect, e.g. it did a provision() with
targetdir=alpha13_upgrade_full/private/referenceprovisionLBKBh2 and this
ended up creating alpha13_upgrade_full/bind-dns as a side-effect.
The provision() now creates bind-dns in the specified targetdir, but
this means check_for_DNS() fails (it tries to create bind-dns sub-
directories, but the upgrade's bind-dns doesn't exist). I've avoided
this problem by making sure bind-dns exists as part of the
check_for_DNS() processing.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 28 06:22:16 CEST 2018 on sn-devel-144
2018-06-28 06:22:16 +02:00
Volker Lendecke
82175c0b91 dnsupdate: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2018-06-01 11:28:22 +02:00
Noel Power
bf95ecb35d s4/scripting/devel: py2/py3 compatability always decode result of b64encode
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-05-12 21:38:17 +02:00
Noel Power
ff1920fb67 s4/scripting/bin: py2/py3 compatability always decode result of b64encode
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-05-12 21:38:17 +02:00
Noel Power
63648af515 python/samba: Bulk replace of '.next()' method with function 'next()'
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-05-12 21:38:16 +02:00
Aaron Haslett
77ea31bccf devel: removing unused code from chgkrbtgtpass
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat May 12 12:05:31 CEST 2018 on sn-devel-144
2018-05-12 12:05:31 +02:00
Garming Sam
a82ca08f37 samba_dnsupdate: Put samba.kcc import after path insert of bin/python
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-05-03 05:25:27 +02:00
Joe Guo
9d79329d3d python: bulk replace dict.itervalues to values for py3
In py3, iterxxx methods are removed.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-04-13 07:27:12 +02:00
David Mulder
76cfbb6e8c gpo: Move implementation from samba_gpoupdate
The implementation of group policy apply should
not be in the application script. One reason is
to implement user apply, we can call these
functions via the python c-api, (passing creds
via the command line will expose them via ps).
Another reason for this is if some overrides
the smb.conf "gpo update command" option, it
would be useful to have these functions.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-04-12 08:13:34 +02:00
Gary Lockyer
946dfc783c upgradeprovision: detect and handle lmdb databases
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Apr  6 05:12:11 CEST 2018 on sn-devel-144
2018-04-06 05:12:11 +02:00
Gary Lockyer
8c848549ee upgradeprovision: Do not copy backup lmdb -lock files
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-04-06 02:08:44 +02:00
Noel Power
dd5c347da5 s4/scripting: convert print func to be py2/py3 compatible
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-03-23 07:28:24 +01:00
Garming Sam
2b87bf8c09 samba_dnsupdate: Introduce automatic site coverage
This uses the underlying function in kcc_utils.py which already has
tests.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2018-03-21 04:36:22 +01:00
Douglas Bagnall
f43cb7c38d source4/scripting python: convert 'except X, e' to 'except X as e'
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-02-15 00:18:30 +01:00
David Mulder
2ca73cba53 gpo: Add the winbind call to gpupdate
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-01-13 22:38:05 +01:00
David Mulder
88152adeca gpo: Continue parsing GPOs even if one fails
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-01-13 22:38:05 +01:00
David Mulder
b468245c32 gpo: Test that unapply works
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-12-15 21:43:19 +01:00
Tim Beale
c22d022cea upgradeprovision: Change test to always use 2008 R2 schema
This tool (and the corresponding test) is designed to migrate a Samba DC
from a pre-4.0.0 release up to a more recent schema (i.e. Windows 2008R2).

Going further than 2008R2 turns this test into a bit of a nightmare. We
now have a better adprep/'samba-tool domain schemaupgrade' option for
upgrading from 2008R2 to a more recent schema.

It seems to make most sense to leave this tests just running against
2008R2 schema provisions and add new tests to migrate from 2008R2 to
2012R2.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-12-14 08:20:16 +01:00
Garming Sam
6e7d037ace Fix formating of sources to be less than 80 lines
Signed-off-by: David Mulder <dmulder@suse.com>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Tue Nov 21 01:51:59 CET 2017 on sn-devel-144
2017-11-21 01:51:59 +01:00
David Mulder
8be71f97b6 doc: Add samba_gpoupdate man page, update WHATSNEW
Signed-off-by: David Mulder <dmulder@suse.com>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-11-20 21:41:15 +01:00
David Mulder
4a7ccbeab7 gpo: Always enforce policy, even if unchanged
Policies should always be enforced, even if the gpo hasn't changed.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-11-20 21:41:15 +01:00
David Mulder
8d4c7229e9 gpo: Add GPO unapply
Keep a log of applied settings, and add an option to samba_gpoupdate to allow unapply. An unapply will revert settings to a state prior to any policy application.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-11-20 21:41:15 +01:00
David Mulder
05235a56e3 gpo: Install the samba_gpoupdate script
The samba_gpoupdate script was not being installed by waf.
Added samba_gpoupdate to the wscripts so it gets installed as part of a make install.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-11-20 21:41:15 +01:00
David Mulder
de9cee2262 gpoupdate: Rewrite samba_gpoupdate
Use new python bindings and remove obsoleted code

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-11-20 21:41:15 +01:00
David Mulder
8eba3b5d38 gpo: Make the gpclass more easily extensible
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-11-20 21:41:15 +01:00
David Mulder
115615d836 gpo: Make the gpoupdate script much more reliable
Using a static file blanks the file when samba_gpoupdate crashes. Transformed
to a tdb file and added transactions. Add info logging to monitor gpo changes,
etc. Also handle parse errors and log an error message, then recover. Modified
the parsing code to use ConfigParser. Also, use the backslash in path names
when opening smb files, otherwise it fails against a windows server.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-11-20 21:41:14 +01:00
Luke Morrison
5194cd4e8d gpo: Initial commit for GPO work
Enclosed is my Summer of Code 2013 patch to have vital password GPO always applied to the Samba4 Domain Controller using a GPO update service.

To try it out "make -j" your samba with the patch, apply a security password GPO and see the difference in ~20 seconds. It also takes GPO hierarchy into account.

Split from "Initial commit for GPO work done by Luke Morrison" by David Mulder

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Luke Morrison <luke@hubtrek.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-11-20 21:41:14 +01:00
Andrew Bartlett
a80296b12e waf: Move script list to one-per-line
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-11-20 21:41:14 +01:00
Andreas Schneider
2d260b28f5 s4:scripting: Fix ntstatus_gen.h generation on 32bit
The hex() function results in different output on 32bit systems. It adds
a L for long for some numbers. Thus we have a different header file.

This patch makes sure we have a consistent file generation on different
paltforms.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13099

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Oct 25 22:28:39 CEST 2017 on sn-devel-144
2017-10-25 22:28:39 +02:00
Joe Guo
8ed3cac9e5 python: add a failed test to show Popen deadlock
`Popen.wait()` will deadlock when using stdout=PIPE and/or stderr=PIPE and the
child process generates large output to a pipe such that it blocks waiting for
the OS pipe buffer to accept more data. Use communicate() to avoid that.

This patch is commited to show the issue, a fix patch will come later.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-10-19 05:33:10 +02:00
Andrew Bartlett
7ddf47951b scripting: Add script (backportable) to undo a GUID index
This script allows the DB to be read, and re-indexed, by an earlier Samba version,
most likely 4.7 with some backported patches.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Sep 23 09:16:31 CEST 2017 on sn-devel-144
2017-09-23 09:16:31 +02:00
Andreas Schneider
05169a6047 samba_upgradedns: When we setup the internal dns cleanup bind-dns dir
Make sure to remove everything from the bind-dns directory to avoid
possible security issues with the named group having write access to all
AD partions

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-09-16 00:57:25 +02:00
Andreas Schneider
8cf5c5f0fa samba_upgradedns: Print better hints after we migrated the config
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-09-16 00:57:25 +02:00
Andreas Schneider
aef2b915a2 samba_upgradedns: Change the group of the 'binddns dir' too
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-09-16 00:57:24 +02:00
Andreas Schneider
2d0e13837d python:samba: Add code to remove obsolete files in the private dir
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep  6 03:54:19 CEST 2017 on sn-devel-144
2017-09-06 03:54:19 +02:00
Andreas Schneider
8f2dee256e python:samba: Use 'binddns dir' in samba-tool and samba_upgradedns
This provisions the bind_dlz files in the 'binddns dir'. If you want to
migrate to the new files strcuture you can run samba_upgradedns!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2017-09-05 23:58:20 +02:00
Lumir Balhar
0ffe030c0d python: Make generated modules samba.ntstatus and samba.werror Python 3 compatible.
Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Aug 22 17:38:17 CEST 2017 on sn-devel-144
2017-08-22 17:38:17 +02:00
Lumir Balhar
051a3ff6eb python: scripting: Port ntstatus and werror generators to Python 3 compatible form.
Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
2017-08-22 13:47:15 +02:00
Andrew Bartlett
3d313f7da5 samba_dnsupdate: fix "samba-tool" fallback error handling
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-06-10 21:48:21 +02:00
Andrew Bartlett
2f42f55ad4 samba_dnsupdate: Extend possible server list to all NS servers for the zone
This should eventually be removed, but for now this unblocks samba_dnsupdate operation
in existing domains that have lost the original Samba DC

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-06-10 21:48:21 +02:00
Andrew Bartlett
96ce51a189 samba_dnsupate: Try to get ticket to the SOA, not the NS servers
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-06-10 21:48:21 +02:00
Andrew Bartlett
5f7b7c2263 samba_dnsupdate: Make nsupdate use the server given by the SOA record
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-06-10 21:48:20 +02:00
Andrew Bartlett
4a437eb4be samba_dnsupdate: Ensure we only force "server" under resolv_wrapper
This ensures that nsupdate can use a namserver in /etc/resolv.conf that is a
cache or forwarder, rather than the AD DC directly.

This avoids a regression from forcing the nameservers to the
/etc/resolv.conf nameservers in
e85ef1dbfe

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-06-10 21:48:20 +02:00
Andreas Schneider
0e84e83252 samba_dnsupdate: Do not rewrite krb5.conf in selftest
The samba_dnsupdate script is responsible to provision the DNS entries.
The private krb5.conf uses dns lookups to find the KDC to acquire a
Kerberos ticket.  Obviously this will fail because currently we are are
in the process of adding the DNS entries for the KDC.

If we are inside of selftest we need to use the krb5.conf created by
selftest itself.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-04-29 23:31:08 +02:00
Garming Sam
6e8fcd8833 samba_dnsupdate: Remove extra argument from debug
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-04-13 07:29:16 +02:00
Garming Sam
f55399fb39 samba_dnsupdate: Add additional debugging
Tests are still flapping, because it claims it needs a cache rebuild.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Mar 28 00:04:54 CEST 2017 on sn-devel-144
2017-03-28 00:04:54 +02:00
Chris Lamb
bca0d8ee67 Correct "defered" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-02-22 08:26:23 +01:00