sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code
75,760 Commits 60 Branches 1,145 Tags 452 MiB
92169e9deb
Commit Graph

771 Commits

Author SHA1 Message Date
Kai Blin
b73a05e4e1 s4 net: rename to samba-tool in order to not clash with s3 net 
Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Thu Oct 28 07:25:16 UTC 2010 on sn-devel-104
 2010-10-28 07:25:16 +00:00
Matthias Dieter Wallnöfer
8c4d023cc9 s4:setup/schema_samba4.ldif - this control isn't used anymore 
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Wed Oct 27 16:32:28 UTC 2010 on sn-devel-104
 2010-10-27 16:32:28 +00:00
Matthias Dieter Wallnöfer
6e407a3c1c s4:provision_*_references.ldif - "add" and do not "replace" the "wellKnownObjects" 
This is the correct AD operation in this case. Multi-valued replaces are
generally denied most of the time.
 2010-10-25 12:51:52 +02:00
Matthias Dieter Wallnöfer
8b9a08e10f s4:provision.py - add the correct "CN=Sites" security descriptor 
This should help to fix bug #7403.

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Oct 23 20:16:59 UTC 2010 on sn-devel-104
 2010-10-23 20:16:59 +00:00
Matthias Dieter Wallnöfer
f9a6ff482c s4/ldb:introduce the LDB_CONTROL_PROVISION_OID control 
This control is exactly thought for the actions which previously were performed
using the RELAX one.

We agreed that the RELAX control will only remain for interactions with OpenLDAP.
 2010-10-23 16:37:29 +02:00
Matthias Dieter Wallnöfer
89c42a96fc ldb:rename LDB_CONTROL_BYPASSOPERATIONAL_OID into LDB_CONTROL_BYPASS_OPERATIONAL_OID 
It's nicer to have this consistent with "BYPASS_PASSWORD_HASH".
 2010-10-23 16:37:29 +02:00
Andrew Bartlett
f9c7365e53 s4-provisionbackend Allow a fixed URI to be specified for LDAP backend 
This is added to make the 'existing' LDAP backend class more useful,
and to allow debuging of our OpenLDAP backend class with wireshark, by
forcing the traffic over loopback TCP, which is much easier to sniff.

Andrew Bartlett
 2010-10-19 18:57:06 +11:00
Andrew Bartlett
ce01e36d8c s4-openldap-backend Don't set 'dbnosync' on cn=config 
This isn't valid in current OpenLDAP versions.

Andrew Bartlett
 2010-10-18 11:13:04 +00:00
Andrew Bartlett
ba9e787c7d s4-provision Use --ldap-backend-nosync rather than just --nosync 
For some reason we had both options, and --ldap-backend-nosync is
the better name.

Andrew Bartlett
 2010-10-18 11:13:04 +00:00
Matthias Dieter Wallnöfer
5cb99aa81a s4:setup/provision_self_join.ldif - let the samldb LDB module fill in "isCriticalSystemObject" 
It recognizes it now automatically.
 2010-10-13 13:35:21 +00:00
Matthieu Patou
6633a7b379 unit tests: do some cleanup after tests 
fix

Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Mon Oct 11 14:29:10 UTC 2010 on sn-devel-104
 2010-10-11 14:29:10 +00:00
Andrew Tridgell
c24240bcd2 waf: fixed some python3.x portability issues 
these have crept into the tree over time. Maybe we should add testing
of a range of python versions to autobuild?
 2010-10-06 11:13:05 +00:00
Matthias Dieter Wallnöfer
0fb9671a01 s4:setup/provision_rootdse_add.ldif - provide informations in the right order 
Doesn't change much - but nicer to read.

Btw: is the testdata/samba3 stuff still needed ("provision_samba3sam.ldif"...)?
It seems a bit outdated.
 2010-10-05 16:06:05 +00:00
Wilco Baan Hofman
927e4db090 Fix .reg file format parsing. 
* multiline data
 * doublequoted value name
 * handle windows format CRLF

Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-10-03 15:31:37 +02:00
Matthias Dieter Wallnöfer
a01467913a s4:schema_samba4.ldif - update allocated controls list 
This needs always to be done after a control allocation otherwise we end up in
double-allocations and unexpected behaviour.
 2010-10-03 12:05:13 +02:00
Jelmer Vernooij
fbee3586fd selftest: Let selftest provide the tempdir, rather than creating it as sideeffect of tests.py. 2010-10-01 01:31:06 +00:00
Andrew Tridgell
cc288603ce s4-provision: simplify our generated krb5.conf 
we don't want to force the KDC to be ourselves, we should
be using DNS to find a live KDC. Also remove some other options and
allow the krb5 lib to use defaults.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-28 19:25:51 -07:00
Andrew Tridgell
c7f6ab890e s4-provision: fixed the authority response for our SOA record 
some clients rely on this being the hostname, not the domain

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Sep 28 06:39:19 UTC 2010 on sn-devel-104
 2010-09-28 06:39:19 +00:00
Matthieu Patou
a8f8f277ff s4 provision: start with gpo of version 0 and be consistent between different policies 2010-09-26 06:22:43 +04:00
Andrew Tridgell
e8fec1d3c6 s4-dns: the DNS/${HOSTNAME} SPN should be on the DNS account only 2010-09-26 01:21:50 +00:00
Andrew Tridgell
b8444b64a3 s4-provision: switch to dns-HOSTNAME instead of dns 
We now use a host specific account name for the DNS account, which is
the account used for dynamic DNS updates. We also setup the
servicePrincipalName for automatic update, and add both DNS/${DNSDOMAIN}
and DNS/${DNSNAME} for compatibility with both the old and new SPNs

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-26 01:21:49 +00:00
Andrew Bartlett
c9b19d9b69 s4-kerberos Rework keytab handling to export servicePrincipalName entries 
This creates keytab entries with all the servicePrincipalNames listed
in the secrets.ldb entry.

Andrew Bartlett
 2010-09-24 15:07:56 +10:00
Matthias Dieter Wallnöfer
76c346dfc1 s4:provision - rootdse - remove static "ldapServiceName" attribute 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
ccc67a03d6 s4:provision - rootdse - remove static "dnsHostName" attribute 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
5f60f5e5e7 s4:provision - rootdse - remove the static attribute "serverName" 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
4fd8ce42ce s4:setup/provision_self_join.ldif - now the samldb LDB module detects automatically that this is a DC account 2010-09-12 19:23:06 +02:00
Stefan Metzmacher
0ad2890c4e s4:provision: remember the setup directory if it wasn't the default 
This fixes make test without a make install.

metze
 2010-09-10 17:21:31 +02:00
Andrew Bartlett
22d5a96550 s4-setup Make krb5.conf use DNS by default 
We set up our DNS pretty well these days, and I think the previous setting
was only there because Andrew Kroeger copied this out of our selftest code
in bf3f3af926.

Andrew Bartlett
 2010-09-09 21:39:24 +10:00
Jelmer Vernooij
3c58fb27b0 setup: Use standard octal ints rather than harcoding. 2010-09-08 22:11:55 +02:00
Matthieu Patou
2cadfe8f2a unit tests: debug to ease locating pb, remove dir if exists to avoid error 2010-08-19 15:59:05 +04:00
Matthias Dieter Wallnöfer
bbb9dc806e s4:DSDB - rename the "DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID" 
Rename it to "DSDB_CONTROL_PASSWORD_CHANGE_OID". This control will afterwards
contain a record with the specified old password as NT and/or LM hash.
 2010-08-17 18:45:32 +02:00
Stefan Metzmacher
76e5d41d6a s4:blackbox/newuser: use test specific user names 
As this test doesn't delete the user accounts at the end,
we should use test specific user names. That lowers the
chance of conflicts with other tests.

metze
 2010-07-31 11:35:31 +02:00
Matthieu Patou
d861ebbd81 s4 dsdb: create a new control: changereplmetadata 
This control is designed to allow replmetadata to be specified

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-07-15 22:08:20 +10:00
Stefan Metzmacher
23f810041b s4:provision: remove --policy-guid and --policy-guid-dc cmdline options 
metze
 2010-07-10 11:18:19 +02:00
Matthieu Patou
e962e7e956 s4 unittests: remove the provision directory before (re)generating 2010-07-10 11:18:18 +02:00
Matthieu Patou
cad04dabbb s4 net: Add spn module to list/add/remove spn on objects 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2010-07-10 11:18:17 +02:00
Stefan Metzmacher
6d7b9648e5 s4:dsdb: allocate DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID 
When importing users from Samba3 we need to control all values.

metze
 2010-07-05 18:00:14 +02:00
Matthias Dieter Wallnöfer
43b0c314d8 s4:setup/provision_basedn_modify.ldif - set "minPwdAge" to the right value 
Now we should have fixed all password related tests to cooperate with this value
 2010-07-03 11:38:54 +02:00
Stefan Metzmacher
50da834f13 s4:provision: add entries for root dns servers 
metze
 2010-06-26 09:50:56 +02:00
Stefan Metzmacher
6ab234cec9 s4:provision: move Samba4 specific DNS stuff to its own file 
metze
 2010-06-26 09:50:56 +02:00
Stefan Metzmacher
c6b21931c6 s4:provision: add --next-rid option 
Make it possible to provision a domain with a given next rid counter.
This will be useful for upgrades, where we want to import users
with already given SIDs.

metze
 2010-06-26 09:50:55 +02:00
Stefan Metzmacher
712a149802 s4:provision: don't use hardcoded values for 'nextRid' and 'rIDAvailablePool' 
On Windows dcpromo imports nextRid from the local SAM,
which means it's not hardcoded to 1000.

The initlal rIDAvailablePool starts at nextRid + 100.

I also found that the RID Set of the local dc
should be created via provision and not at runtime,
when the first rid is needed.
(Tested with dcpromo on w2k8r2, while disabling the DNS
 check box).

After provision we should have this (assuming nextRid=1000):

rIDAllocationPool: 1100-1599
rIDPrevAllocationPool: 1100-1599
rIDUsedPool: 0
rIDNextRID: 1100

rIDAvailablePool: 1600-1073741823

Because provision sets rIDNextRid=1100, the first created account
(typically DNS related accounts) will get 1101 as rid!

metze
 2010-06-26 09:50:54 +02:00
Matthias Dieter Wallnöfer
8ad01613f6 Revert "s4:provision.ldif - fix the number of available RIDs" 
This reverts commit 41cdcd54b7.

As per request of metze revert this (cause written on the mailing list).
 2010-06-24 15:13:40 +02:00
Matthias Dieter Wallnöfer
41cdcd54b7 s4:provision.ldif - fix the number of available RIDs 
There should be 4611686014132422209 and not 4611686014132422109.
 2010-06-24 10:04:53 +02:00
Matthias Dieter Wallnöfer
fec489bd87 s4:provision.ldif - this Win2003 revision level seems always to be "9" on Windows Server 2008 machines 2010-06-24 10:04:53 +02:00
Matthias Dieter Wallnöfer
64e19ef9fb s4:provision_users.ldif - change a group description to be correct 2010-06-24 10:04:52 +02:00
Matthias Dieter Wallnöfer
e88f37daa0 s4:setup/provision.reg - raise version to Windows Server 2008 R2 2010-06-24 10:04:50 +02:00
Jelmer Vernooij
237ab66f6c selftest: Use scripted testparm. 2010-06-20 14:14:47 +02:00
Lukasz Zalewski
e55c012acc make test modules for net group set of commands and modification to the newuser to include additional parameters 
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-06-20 01:29:03 +02:00
Matthieu Patou
3ebe560622 ldb: add a new control bypassioperationnal 
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-06-20 00:43:08 +02:00
Andrew Bartlett
d523e946b1 s4:provision Add import for DS_DOMAIN_FUNCTION_2000 2010-06-16 09:57:51 +10:00
Andrew Bartlett
814cb8895d s4:provision Allow functional level 2000 to be chosen 2010-06-16 09:57:51 +10:00
Andrew Bartlett
ecfce7365c s4:dsdb Add control for signaling between repl_meta_data and linked_attributes 
This control will allow the linked_attributes module to know if
repl_meta_data has already handled the creation of forward and back
links.

Andrew Bartlett
 2010-06-16 09:57:51 +10:00
Andrew Kroeger
352fb5c7e4 s4:provision: Make gc._msdcs DNS entries A/AAAA records 
When adding an additional DC as a GC server, the new DC attempts to register its
own gc._msdcs records.  If the existing gc._msdcs record is a CNAME, BIND fails
the update with the message "attempt to add non-CNAME alongside CNAME ignored",
and the new DC is not registered as a GC server.

The A & AAAA record types for gc._msdcs have been verified against the DNS
server of a W2K8 DC.
 2010-06-14 12:14:46 +02:00
Matthias Dieter Wallnöfer
4b6ce8efc0 s4:fix allocated control OIDs for "password_hash" LDB module 
The password hash module controls overlapped others. Sorry, but the
"schema_samba4.ldif" hasn't been kept up-to-date.
 2010-06-13 18:35:19 +02:00
Jelmer Vernooij
74ed48aa1c Friendlier message. 2010-06-13 18:19:03 +02:00
Jelmer Vernooij
d9d0d54475 upgradeprovision: Use logging infrastructure. 2010-06-13 18:19:03 +02:00
Jelmer Vernooij
956a256faa s4-python: Start using standard python logging infrastructure rather 
than simple messaging callbacks.
 2010-06-13 18:19:03 +02:00
Matthias Dieter Wallnöfer
b8ea2e0757 s4:provision - fix typo in substitution variable 2010-06-06 20:42:19 +02:00
Matthias Dieter Wallnöfer
40ced1a3be s4:setup/*.ldif - remove unneeded "cn" attributes 
Should be generated automatically
 2010-05-24 14:01:05 +02:00
Matthias Dieter Wallnöfer
38e9a7f577 s4:domain functional level - it is also specified in the domain object under partitions 
Discovered by the "ldapcmp" tool
 2010-05-13 15:14:06 +02:00
Matthias Dieter Wallnöfer
92aa194145 s4:provision_configuration.ldif - add more extended rights objects 2010-05-13 15:06:35 +02:00
Matthias Dieter Wallnöfer
9005227e72 s4:provision_users.ldif - fix up and reorder the well-known security principals 2010-05-13 14:51:10 +02:00
Matthias Dieter Wallnöfer
c715f6d3f9 s4:provision_configuration.ldif - add more Windows 2008 forest operations 2010-05-13 14:47:32 +02:00
Matthias Dieter Wallnöfer
eaea676916 s4:provision_configuration.ldif - the revision level of "Windows2003Update" should obviously be 10 
Compared against my Windows Server 2008 and Zahari's output.
 2010-05-13 14:47:31 +02:00
Matthias Dieter Wallnöfer
025eaceb5c s4:provision_configuration.ldif - "CN=94fdebc6-8eeb-4640-80de-ec52b9ca17fa" operation is of version 3 2010-05-13 14:47:30 +02:00
Matthias Dieter Wallnöfer
47818b19fc s4:provision*.ldif - always set the "msDS-NcType" attribute correctly 2010-05-13 14:47:30 +02:00
Matthias Dieter Wallnöfer
1885327b30 s4:provision_configuration.ldif - set the right schedule on the default site in the NTDS site settings 2010-05-13 14:47:29 +02:00
Matthias Dieter Wallnöfer
8acd8b97a6 s4:provision_configuration.ldif - The "NTDS Quotas" object is system-critical 2010-05-13 14:47:29 +02:00
Matthias Dieter Wallnöfer
79ac53eb3b s4:provision_configuration.ldif - "sites" object 
- The default site doesn't contain a licensing object
- Adequate two other values (a "showInAdvancedViewOnly" and a "systemFlags" one)
 2010-05-13 14:10:02 +02:00
Matthias Dieter Wallnöfer
f57bcc92b5 s4:provision.ldif - add IP security objects as they exist on Windows Server 2010-05-13 13:03:47 +02:00
Matthias Dieter Wallnöfer
44e05dfb73 s4:provision.ldif - add more Windows 2008 domain operations 2010-05-13 13:03:46 +02:00
Matthias Dieter Wallnöfer
cc2bd1f777 s4:provision_users.ldif - On Windows Server >= 2008 security principal S-1-5-20 doesn't exist anymore 2010-05-13 13:03:45 +02:00
Matthias Dieter Wallnöfer
350c61922e s4:provision.ldif - "passwordSettingsContainer" add "showInAdvancedViewOnly" 2010-05-13 13:03:44 +02:00
Matthias Dieter Wallnöfer
bbb5825a6f s4:provision.ldif - fix up "NTDS Quotas" "systemFlags" 2010-05-13 13:03:43 +02:00
Matthias Dieter Wallnöfer
b2bd02e11e s4:provision_users.ldif - fix up Administrator's "userAccountControl" 2010-05-13 13:03:43 +02:00
Matthias Dieter Wallnöfer
8c796715c1 s4:provision_basedn_modify.ldif - fix up "maxPwdAge" 2010-05-13 13:03:31 +02:00
Matthias Dieter Wallnöfer
5e4d91f7aa s4:provision_users.ldif - Fix typos in user/group objects 2010-05-13 11:17:52 +02:00
Matthias Dieter Wallnöfer
726fb35f9f s4:dsdb: add new controls 
- Add a new control for getting status informations (domain informations,
  password change status) directly from the module
- Add a new control for allowing direct hash changes
- Introduce an addtional control "change_old password checked" for the password
 2010-05-10 17:54:15 +02:00
Stefan Metzmacher
1913e03bd4 s4:setup: mark DSDB_CONTROL_DN_STORAGE_FORMAT_OID 1.3.6.1.4.1.7165.4.3.4 as allocated 
metze
 2010-05-10 17:54:15 +02:00
Stefan Metzmacher
6ee53309a1 s4:blackbox password tests - more complex passwords 2010-05-10 12:20:26 +02:00
Matthias Dieter Wallnöfer
e4ce727c8d s3:provision_basedn_modify.ldif - add "msDS-NcType" attribute and fix comments 2010-05-10 09:21:17 +02:00
Marcel Ritter
e6f59613fe Install spn_update_list to setup/ dir 
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
 2010-04-27 21:05:00 +02:00
Andrew Tridgell
fa26383884 s4-dsdb: added samba_spnupdate 
this script adds all our required servicePrincipalName entries at
runtime. The admin can add more entries to spn_update_list as needed
 2010-04-27 19:27:18 +10:00
Andrew Tridgell
570c89287e s4-dns: explain what the file is for 2010-04-27 19:27:18 +10:00
Andrew Tridgell
be35a40e03 s4-dns: fixed dc.dc duplication in DNS update list 2010-04-27 11:01:23 +10:00
Andrew Bartlett
bd08249d68 s4:provision Remove moduleload for 'hdb' (wrong name). 
The backends are not normally modules anyway
 2010-04-22 19:55:06 +10:00
Andrew Bartlett
e11f92ba73 s4:provision Make OpenLDAP backend more robust 
With the extra moduleload lines (which succeed if it's already
staticly linked), we now work with OpenLDAP overlays as modules.

Andrew Bartlett
 2010-04-22 18:37:19 +10:00
Andrew Bartlett
466fbe278a s4:provison Pass nosync in for the OpenLDAP cn=config too 2010-04-22 18:37:19 +10:00
Andrew Bartlett
cbb818222a s4:OpenLDAP-backend Use the new rdnval module in OpenLDAP 
This is rather than rdn_name, which tries to do the job on the client
side.  We need to leave this module in the stack for Fedora DS (and of
course the LDB backend).

Andrew Bartlett
 2010-04-22 18:37:18 +10:00
Andrew Bartlett
a50f6aad85 s4:provision Use more reasonable values for DB_CONFIG 
With the OpenLDAP backend, the old DB_CONFIG caused OpenLDAP to abort
on startup, and was very inefficient.  This new one, kindly supplied
by Matthew Backes <mbackes@symas.com> uses a more reasonable set of
buffer sizes.

Andrew Bartlett
 2010-04-22 18:37:18 +10:00
Andrew Tridgell
5e695dec2a s4-upgradeprovision: fixed --realm option duplicate in upgrade_from_s3 2010-04-21 13:35:56 +10:00
Andrew Tridgell
8fdfcde56c s4-provision: cope with --realm being in getopt.py 
we still need to allow for interactive querying of the realm

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-04-21 13:35:56 +10:00
Matthieu Patou
b8d6f1ce89 s4 provision: Remove hard coded ACL for GPO objects 
It is no longer needed to hard code ACL for GPO object as we have now code
that calculate ACL from defaultSecurityDescriptor and inheritance correctly.

In fact the resulting ACL returned by this hard coded value is a bit wrong as
some ACE are duplicated.

Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-04-15 18:45:40 +02:00
Stefan Metzmacher
f1ecdb980b s4:setup/wscript_build: install dns_update_list into ${SETUPDIR} 
metze
 2010-04-15 18:37:40 +02:00
Jelmer Vernooij
dd4ef4e106 s4-python: More cleanups. 2010-04-08 23:20:36 +02:00
Jelmer Vernooij
d7a46ee129 s4-python: Simplify code, improve formatting. 2010-04-08 23:20:36 +02:00
Thomas Nagy
7f3116a63d build: allow the waf build to work with python 3.0 and 3.1 
Python 3.x is a bit fussier about print statements and indentation.

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2010-04-08 07:46:39 +10:00
Andrew Tridgell
f9eae32f4b s4-waf: mark the wscript files as python so vim/emacs knows how to highlight them 2010-04-06 20:27:11 +10:00
Andrew Tridgell
bd7bf0e1a9 s4-waf: install the rest of our python files 2010-04-06 20:27:10 +10:00