1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

38 Commits

Author SHA1 Message Date
Andrew Bartlett
9c5756c077 python-samba-tool domain classicupgrade: Correct message about re-promoting BDCs
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-05-16 19:02:02 +02:00
Andrew Bartlett
2c047198ca python-samba-tool domain classicupgrade: Actually Skip domain trust accounts
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-05-16 19:02:01 +02:00
Andrew Bartlett
2e1f14355c python-samba-tool domain classicupgrade: Skip machine accounts that do not end in $
These accounts will not work anyway, as all the domain member lookup code in netlogon expects the $.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-05-16 19:02:01 +02:00
Kai Blin
46e98cf20b dns: Fix allocation of txt_record in txt record tests
Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-By: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu May 16 15:39:15 CEST 2013 on sn-devel-104
2013-05-16 15:39:14 +02:00
Kai Blin
223cf7fb30 dns: more debug debug options in the tests
Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-By: Amitay Isaacs <amitay@gmail.com>
2013-05-16 21:40:42 +10:00
Kai Blin
4364a3faf6 dns: Add support for MX queries
Due to an oversight, the internal DNS server supports MX record updates,
but not MX record queries. Add support for MX queries and tests.

This should fix bug #9485

Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-By: Amitay Isaacs <amitay@gmail.com>
2013-05-16 21:40:35 +10:00
Karolin Seeger
948ef97f08 samba_tool/base.py: Fix typo.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-15 21:04:41 -07:00
Karolin Seeger
86a58b01e0 netcmd/group.py: Fix typo.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-15 21:04:41 -07:00
Matthieu Patou
fbb12b574d samba-tool/tests: Force the gecos of the user to a fixed value.
When --gecos is not specified samba-tool user add will try to read the
gecos field from a getpw call. And if user's GECOS is empty (like the
build user on sn-devel-104) then the test will fail because we can't add
an empty gecos.

Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed May 15 16:19:23 CEST 2013 on sn-devel-104
2013-05-15 16:19:23 +02:00
Matthieu Patou
fffbdf01fa selftest: Output error when samba_tool user command fails
It should help to debug why is it failing on some hosts in the build
farm (ie. sn-devel)
Signed-off-by: Matthieu Patou <mat@matws.net>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-05-06 21:05:29 +12:00
Amitay Isaacs
8543a7b9b3 samba-tool/dns: Fix a typo in ttl variable name
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-04-19 12:30:17 -07:00
David Disseldorp
bb7c6a0bd0 netcmd/dns: fix typo
Fix provided by Tobias Florek.

Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Apr 18 12:40:33 CEST 2013 on sn-devel-104
2013-04-18 12:40:33 +02:00
Rusty Russell
1cf46d2e35 source4/scripting/python/samba/samba3: handle ntdb files.
Upgrading old Samba 3 instances seems like a place where we don't have
to read ntdb files, but Andrew Bartlett points out that you can run a
Samba 4.0 and even a 4.1 'classic' domain and desire to migrate that
to the AD DC.

So make this upgrade code generic: if it finds an ntdb file, read
that, otherwise read the tdb file.

Cc: Jelmer Vernooij <jelmer@samba.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-04-12 14:59:16 -07:00
Andrew Bartlett
f7756137e8 scripting-provision: Do not enforce domain != realm if we are joining an existing domain
This will allow us users to join existing oddly named domains without
objection from provision.

Andrew Bartlett

Reviewed-by: Matthieu Patou <mat@matws.net>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Apr 11 10:41:02 CEST 2013 on sn-devel-104
2013-04-11 10:41:02 +02:00
Andrew Bartlett
e7e37b3b90 python-samba-tool domain classicupgrade: Make failure to connect directly to the LDAP backend fatal
This is better than failing just a little further down the stack with a useless error
about use-before-set.

Andrew Bartlett

Reviewed-by: Michael Adam <obnox@samba.org>
2013-04-10 00:13:45 +02:00
Andrew Bartlett
30adf0cdba scripting: Fill the ProvisionNames hash with strings, not ldb.MessageElement or Dn
This avoids the need to fix it up again in samba_upgradedns.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Mar 25 13:25:30 CET 2013 on sn-devel-104
2013-03-25 13:25:30 +01:00
Andrew Bartlett
5d42260eec samba-tool ldapcmp: Remove the GUID -> name mappings
These mappings are very convenient, however because they are not
one-to-one, they lead to differences being reported when none exist,
dependent only on the order the schema searches return results in.

Sadly the time saved by the names is offset by the time wasted chasing
the 'differences' that don't exist.

This in turn fixes some tests that were previously knownfail

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-25 11:35:04 +01:00
Andrew Bartlett
874a93bc1c scripting: Modify samba.descriptor.get_diff_sds() to cope with a missing reference owner
This allows the reference SD not to have an owner specified, and still
have the comparison with a database SD that does have an owner pass.
(And the same for owning group).

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-25 11:35:03 +01:00
Andrew Bartlett
4789a3072a samba-tool dbcheck: Allow dbcheck to correct an nTSecurityDescriptor without an owner or group
This is done by making a modification to the SD, which triggers it to be
filled in if we have the correct session_info established on the DB.

However, we normally want dbcheck running as system, so we wrap
the session_info set around this operation only.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-25 11:34:59 +01:00
Andrew Bartlett
810f8b48d9 samba-tool dbcheck: Add --reset-well-known-acls
This will allow an upgrade from Samba 4.0.0 without needing to run
samba_upgradeprovision, which for now is not the preferred upgrade
tool.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-25 10:53:47 +01:00
Andrew Bartlett
9040e26841 scripting: Move get_diff_sds from samba.upgradehelpers to samba.descriptor
This helps avoid a dependency loop when we use get_diff_sds in dbcheck.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-25 10:33:37 +01:00
Andrew Bartlett
a113ddbf88 scripting: Modify samba.descriptor.get_wellknown_sds() use samdb calls only
We need this routine not to use the names context as this is tied to
provision, and we end up in a circular dependency if we use that in
dbcheck.

Andrew Bartlett
2013-03-25 10:32:34 +01:00
Andrew Bartlett
352aff8ed7 scripting: Move samba.provision.descriptor to samba.descriptor
This will allow dbcheck to import it, without a cirucular dependency via
samba.provision importing dbcheck.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-25 10:32:11 +01:00
Andrew Bartlett
e81a97dd6f scripting: Make samba.provision.descriptor.get_wellknown_sds() return ldb.Dn objects
As we look to use this function in more places, it does not make sense to constantly create
Dn objects from the strings.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-25 10:29:26 +01:00
Andrew Bartlett
6df17fe799 scripting: Fix documentation comment on upgradehelpers.py:get_clean_sd
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-25 10:28:25 +01:00
Andrew Bartlett
3da89b01fa scripting: Move the list of well known SDs to samba.provision.descriptor
This will allow us to call this from dbcheck.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-25 10:27:58 +01:00
Ricky Nance
96d731c79b samba-tool group list: add more info to samba-tool group list
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Mar 17 12:56:47 CET 2013 on sn-devel-104
2013-03-17 12:56:47 +01:00
Andrew Bartlett
58e385a5ac Revert "Ensure the masks don't conflict with the ACL checks."
This reverts commit 78594909b8 which was
needed by 7622aa16ad.

This change masked bug #9462 which was fixed by
2013bb9b4d.  The issue was that the
defaults for the substituted parameters did not match the old
parameter.  Changing the values in our test suite hid the issue, but
did not fix the issue.

(Additional change in the revert is to correct the expected ACL value
in posixacl.py due to changed implied inherited permissions).

Andrew Bartlett

Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Mar 11 19:46:24 CET 2013 on sn-devel-104
2013-03-11 19:46:24 +01:00
Andrew Bartlett
9b8d5bba50 samba_upgradeprovision: Remove inherited ACEs before comparing the SDs
This avoids changing an SD when it is not really required.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-04 08:33:18 +01:00
Andrew Bartlett
5074b98714 scripting: Rework samba.upgradehelpers.get_diff_sddls to be get_diff_sds
This moves the SDDL conversion inside the get_diff_sds function and prepares
for removing inherited ACEs from the SD before comparison.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-04 08:33:08 +01:00
Andrew Bartlett
24c4d818d1 samba-tool ldapcmp: Add support for checking DNSDOMAIN and DNSFOREST by default
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-04 08:31:05 +01:00
Andrew Bartlett
f508435d23 samba-tool dbcheck: fix msDS-HasInstantiatedNCs attributes to match instanceType on our ntdsDSA
This value is only a link to the local value of intanceType on our server, so only fix it for our server.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-04 08:30:31 +01:00
Andrew Bartlett
97389c3ec2 scripting: Correct parsing of binary DN
The DN is of the form B:8:01020304:DC=samba,DC=example,DC=com.  We need
to account for the case where the 8 is actually (say) 16, and so not just
one character.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2013-03-04 08:24:02 +01:00
Andrew Bartlett
606f5d6cc6 samba-tool ldapcmp: Add --skip-missing-dn to not error on DNs present in one DB but not the other
This is needed to compare some parts of the database, particularly in --two mode, which
are just never going to have exactly the same DNs.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-02 21:52:20 +01:00
Andrew Bartlett
161fa15697 samba-tool domain classicupgrade: Fix typo in error path for multiple account flags
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-02 21:52:19 +01:00
Andrew Bartlett
669c302f2d samba-tool domain classicupgrade: Print a better error when the ldap backend PW was not found
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-02 21:52:19 +01:00
Andrew Bartlett
68f13f5d7e samba-tool dbcheck: fix comment on err_wrong_sd
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-02 21:52:19 +01:00
Jelmer Vernooij
87afc3aee1 Move python modules from source4/scripting/python/ to python/.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Mar  2 03:57:34 CET 2013 on sn-devel-104
2013-03-02 03:57:34 +01:00