IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This previously caused all accounts to be locked out.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Sep 7 13:44:44 CEST 2011 on sn-devel-104
It's possible that the test runs on a full hour, e.g. Tue Sep 6 03:00:00 2011.
So better check that the a_time is different from the current time.
metze
this uses the bitwise comparison ldap operators to ensure we only get
NC roots
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Sep 5 12:48:39 CEST 2011 on sn-devel-104
Real world databass have the wrong account flags (U and W at the same time) and have the wrong
group type in group mapping databases. Cope with these.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Sep 5 04:58:09 CEST 2011 on sn-devel-104
The eadb flag tells us to avoid using system extended attributes, typcially if we
are not running as root (ie, in a test environment).
The ProvisioningError class allows us to return failures to the upgrade_from_s3 script
which can then be detected correctly by the selftest framework.
Andrew Bartlett
Some incorrect LDAP backends have entries with this group type, but
due to the pdb_ldap code, we cannot read the group members, and we
already skip them in add_group_from_mapping_entry().
Andrew Bartlett
the web server is not being actively maintained, and is causing
problems with memory errors (as shown by valgrind). It is better to
disable this until it can get some TLC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Instead of using empty authinfo and authinfo_internal structures a trust
password is added to these structures. After creating the trust the trust
account is used to validate that the trust password is set correctly.
Signed-off-by: Günther Deschner <gd@samba.org>
This continues to break my autobuild even if I just check something into
source3.
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Aug 29 21:04:06 CEST 2011 on sn-devel-104
We previously only allowed objects of class ntDSDSA
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Aug 26 15:34:21 CEST 2011 on sn-devel-104
Samba3 python module using passdb api modifies the database files, to
upgrade them to latest version. So copy the sample database before
running tests on it.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Aug 26 07:04:15 CEST 2011 on sn-devel-104
upgrade_from_s3 script now requires samba3 configuration file and target
directory for samba4 database. In addition, it either uses --libdir option
or --testparm option to correctly guess the paths for samba3 databases
(private dir and state directory).
Usage: upgrade_from_s3 [options] <configuration_file> <targetdir>
Input arguments are:
<configuration_file> - path to existing smb.conf
<targetdir> - directory in which samba4 database will be created
In addition, specify either samba3 database directory (with --libdir) or
samba3 testparm utility (with --testparm).
Before using passdb interface, initialize s3 loadparm context using
correct path settings for private dir and state directory.
Export account policy from s3 to s4.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Instead of parsing samba3 database files (password, group mapping,
account policy, secrets), use passdb python wrapper.
Similarly for parsing configuration, use samba3 param python wrapper.
Other databases (idmap, registry, wins) are still parsed in python.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
I'm pretty sure a SHOW_DELETED was wanted here
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Aug 25 01:10:13 CEST 2011 on sn-devel-104
this converts a DC into the equivalent DNS domain. It is used when
forming t_msdcs NTDS DNS names
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
windows does not allow a search on the empty DN except for rootDSE
searches or for phantom_root searches (ie. with --cross-ncs). By
enforcing this in Samba we make it more likely that our tests and
utilities will work against windows
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
NULL should be used when doing all partition searches. The default
basedn should be used when wanting just the domain NC
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
when searching all partitions we must use the NULL basedn, or we will
miss partitions in multi-domain setups
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
In the upgrade process, set the administrator password from the
existing root or administrator account.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Need to copy the password from s3 for administrator/root to s4.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Added users/groups import from s3 using python wrapper for passdb.
Fix idmap entries for users/groups when migrating from s3 idmap.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
It is required in s3_upgrade script to migrate idmap database from s3 to s4.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
This is required in upgrade_s3 script to migrate idmap database from s3 to s4
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
dom_sid_compare() function can return values other than -1, 0, 1.
Python requires compare function to return value from [-1, 0, 1].
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Aug 18 02:58:55 CEST 2011 on sn-devel-104
when in FL 2000 we were not correctly deleting backlinks as we uses
dsdb_find_dn_by_guid() which doesn't find deleted objects. Modules
should use dsdb_module_dn_by_guid() which prevents going to the top
level, and finds deleted objects
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
added comments explaining the backlink deletion code, plus fix a use
of a bitwise operation in a boolean expression, and avoid calling
dsdb_functional_level() inside a loop
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
This will allow an upgraded DC to keep its SID, while being upgraded
to AD. We also watch for the highest RID in the existing DB to set
next_rid for other additional users.
Andrew Bartlett
Use passdb backend to import/export users
Remove unused options for upgrade_from_s3 command (--blank) and credentials options
Config file is specified with -s/--configfile option and no need to specify as an argument.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
this DN can change due to a server rename, so we cannot cache it. It
is set by provision, but not anywhere else.
This seems to not have a large performance impact
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
when joining another domain as a DC we should setup our dsServiceName
in @ROOTDSE to be a GUID so we can cope with later server renames
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
this allows dsServiceName to be stored as an extended DN or GUID form
in @ROOTDSE, and its string form will be found at runtime.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
these are not needed now that the rootdse modules calculates the
validFSMOs attribute at runtime
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
this changes the rootdse to compute the validFSMOs attribute at
runtime by checking the fSMORoleOwner attribute on the appropriate
DN. This avoids the need for the pdc_fsmo and naming_fsmo modules.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
s4:subtree_rename LDB module - fix the move/rename constraints
By the inspiration of an email request by ekacnet I have rechecked the
move/rename constraints and re-read the chapter 3.1.1.5.4.1 located in the
MS-ADTS technical documentation.
It really turns out that the constraint checking is only performed on
the root object of a request.
In addition add my copyright notice (I've written these constraint checks).
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Wed Aug 10 01:05:19 CEST 2011 on sn-devel-104
This happens if we have a custom schema - we need to build up the schema until
it loads, by converting more objects.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Aug 9 13:10:25 CEST 2011 on sn-devel-104
this can be used to force re-indexing of samdb when we change
something that affects index comparison, in this case the
canonicalisation of booleans
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
this auto-normalises some attributes when they are added/modified. The
list that we auto-normalise is currently:
Boolean
INT32
INTEGER
UTC_TIME
This fixes a problem with groupType being stored in an unnormalised
form
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
If we pass variable references we don't get implicit casting!
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Aug 8 18:01:19 CEST 2011 on sn-devel-104
this replaces DN components in incoming filter expressions with the
full extended DN of the target, which allows search expressions based
on <GUID=> and <SID=> DNs, as well as fixing the problem with one-way
links in search expressions
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
this is used when rewriting filter rules to replace a filter rule with
one that is guaranteed not to match
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
this allows for searches like member=<SID=S-1-2-3>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
this is faster than string comparisons during searches at runtime
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
when we return a DN which is a one way link, fix the string DN
component by searching for the GUID and replacing the DN components
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
this allows us to quickly determine if a DN is a one way link
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
this allows us to use dsdb_module_dn_by_guid() from levels below the
extended_dn_out module
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
This avoids having the same check in 3 different parts of the code
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Aug 3 12:45:04 CEST 2011 on sn-devel-104
The auth4_context is already in the gensec_security structure, which is
available by de-reference here anyway.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This allows the current behaviour of the NTLMSSP code to be unchanged
while adding a way to hook in an alternate implementation via an auth
module.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This is slightly less efficient, because we no longer keep a cache on
the gensec structures, but much clearer in terms of memory ownership.
Both gensec_session_info() and gensec_session_key() now take a mem_ctx
and put the result only on that context.
Some duplication of memory in the callers (who were rightly uncertain
about who was the rightful owner of the returned memory) has been
removed to compensate for the internal copy.
Andrew Bartlett
The startup and runtime functions that have no dependencies are moved
into the top level.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Aug 3 07:49:12 CEST 2011 on sn-devel-104
gpo fetch is remote->local and gpo create is local->remote
local is local filesystem and remote is smb share.
Need two functions to copy local->remote and remote->local.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
this allows us to deal with search elements containing characters that
must be escaped in LDAP
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Jul 29 05:33:03 CEST 2011 on sn-devel-104
In my rework of this function in 2006 with
459a2301a5 I ignored the incoming
handle, instead feching the LSA state again (dispite the commit
message indicating otherwise).
This means that data->access_mask is uninitialised, which doesn't
matter right now, but will once we start checking that.
Andrew Bartlett
ask the creds object for the password before prompting for the new
password in the user password change code, to ensure the user is asked
for the old password first
Pair-Programmed-With: Amitay Isaacs <amitay@gmail.com>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Jul 28 08:35:45 CEST 2011 on sn-devel-104
To copy the GPO files, use libcli python interface list() to get directory
listing and loadfile() to read the contents of the file.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Instead of using gpo dn as the key to refer to a gpo, use the gpo name
as the key.
If no URL is specified (-H option), find a writable DC and use that.
Extract a commonly used method as get_gpo_info() to find details of a GPO.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Update do_smb_connect function to return NTSTATUS rather than raise
python exception on error. Error checking done in py_smb_new().
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This command is a user-level command and differs from setpassword
command which is administrator command.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This module will support file system access using SMB.
based on smb_composite - loadfile(), savefile()
based on raw - getacl(), setacl()
Signed-off-by: Andrew Tridgell <tridge@samba.org>
The rest of the commands are available in python version of samba-tool.
C version of samba-tool is for testing only and will be phased out once
all the commands are ported to python.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Exceptions are captured at top-level samba-tool and reported using
the base class (Command) method show_command_error().
Signed-off-by: Andrew Tridgell <tridge@samba.org>
C version of samba-tool is now called samba-tool-c, which will be
removed as soon as all the samba-tool commands are ported to python.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Use the object names as <modulename>.<objectname> to correctly generate the
object hierarchy in pydoc.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Use the object names as <modulename>.<objectname> to correctly generate the
object hierarchy in pydoc.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
