IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 12 22:40:53 CET 2014 on sn-devel-104
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Sep 27 22:09:29 CEST 2014 on sn-devel-104
This will make the dns_update_list more flexible.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9831
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We can't rely on the DNS delegation to be correct in the parent domain.
What we really want is to check if we already have registered ourself
as a NS record in our own domain.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9831
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This way we can delete records which are not used anymore.
E.g. if the ip address changed.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9831
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We should not implicitly use the global variable 'd'.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9831
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This patch makes '-H, --URL' param to actually work as expected
Change-Id: Ie7f4e9e3fc1f79a938473312e200f36de6886596
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
DS_BEHAVIOR_WIN2008 was used so far which is a leftover from previous
KCC implementation in "C"
Change-Id: Id9b6551073c0b17cc27e086faa315b01305f39a5
Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
It is very confusing if the env var uses the same name as the define in
the source code. So prefix it with SELFTEST.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
A ropey script to generate some missing NT_STATUS error codes and
and descriptions. The script generates ntstatus.c & ntstatus.h
whose contents are used to extend the existing contents of
libcli/util/nterr.c & libcli/util/ntstatus.h
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Apr 2 22:40:06 CEST 2014 on sn-devel-104
This hacky script was used to generate the contents of libcli/util/hresult.c
& libcli/util/hresult.h. It expects the table contents of
http://msdn.microsoft.com/en-us/library/cc704587.aspx cut'n'pasted into
the text file specified as it's single required input param
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(small corrections and TODO added following Jelmer's review by abartlet)
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Change-Id: Iba9a709641dad9f2ae05df0b26ac4cd2ebfc84f0
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Mar 9 02:52:50 CET 2014 on sn-devel-104
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Kai Blin <kai@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jan 7 06:05:15 CET 2014 on sn-devel-104
This skips handling the ForestDNSZone when we are setting up a subdomain.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Oct 11 10:27:49 CEST 2013 on sn-devel-104
This avoids confusion, because the LDAP backend does not use these,
and they do not set the password for the administrator account either!
This may break support for the 'existing' backend LDAP backend, but
that is nothing more than a stub for future development anyway, and
new work in this area should use EXTERNAL in any case.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Also remove .bak suffix from tdb/ldb backups for more consistent restore procedures
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Matthieu Patou <mat@matws.net>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Oct 5 13:51:34 CEST 2013 on sn-devel-104
This avoids asking for attributes that will not be used, and looks only for the
expected exceptions, rather than all exceptions.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
This will ensure that the DLZ plugin works out of the box when joining a second Samba DC to the
domain.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Apr 11 06:06:03 CEST 2013 on sn-devel-104
This avoids the need to fix it up again in samba_upgradedns.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Mar 25 13:25:30 CET 2013 on sn-devel-104
We need this routine not to use the names context as this is tied to
provision, and we end up in a circular dependency if we use that in
dbcheck.
Andrew Bartlett
This will allow dbcheck to import it, without a cirucular dependency via
samba.provision importing dbcheck.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
As we look to use this function in more places, it does not make sense to constantly create
Dn objects from the strings.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This tool is an important part of the toolkit a Samba Team member can
use to assist a user with the upgrade of a very old Samba 4.0 AD DC
installation.
However, like all powerful tools, it has sharp edges, and these need
to have more protection added before we recommend the tool be used.
The WHATSNEW already indicated that this tool should not be used but a
large number of users have run it, and due to lack of testing in the
past, some have run into bugs.
While this tool can be run in debug modes, by default it simply fixes
the database following a series of internal rule. This does a good
job much of the time, but does not request permission in the way that
dbcheck does, and will create extra objects for things like the DNS
partitions.
By removing this from the installed binaries, we provide another
signal that it should not be used right now, until these matters are
fixed and some clear documentation on how to safely use the tool can
be written.
Andrew Bartlett
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Mar 12 02:51:23 CET 2013 on sn-devel-104
SD propogation is handled by an LDB module, we do not need to touch each
and every DN to make it happen.
Now that we do not need to put this via a hash, the dnToRecalculate
list is changed to be a list of Dn objects, not strings so that:
if dn in listWellknown
is handled using a schema comparison (avoiding different case forms
tripping it up).
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
I am unclear on why this was added, but the idea that we ever always reset data
in the directory is not reasonable to me, so I am removing it.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
lastProvisionUSNs is never None, instead the code requries the administrator to populate this
attribute in the directory.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This moves the SDDL conversion inside the get_diff_sds function and prepares
for removing inherited ACEs from the SD before comparison.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
These are incredibly rare, and administrators running such databases
not only ask the Samba Team for help personally, they can read --help.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This has been superceded by a check for link-local
addresses in get_interfaces()
Signed-Off-By: Landon Fuller <landonf@bikemonkey.org>
Reviewed-By: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Mar 2 08:38:54 CET 2013 on sn-devel-104
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Mar 2 03:57:34 CET 2013 on sn-devel-104
Since we open with dbwrap, it auto-converts old tdbs (which it will
rename to secrets.tdb.bak once it's done).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Rusty Russell <rusty@rustcorp.com.au>
Autobuild-Date(master): Wed Feb 20 07:09:19 CET 2013 on sn-devel-104
This is really important, because copying a file will both ignore
locks held by another process and break any locks we hold (due to
POSIX brain-damage regarding multiple fds on one file in a process).
By leaving this to tdbbackup in a child, both of these issues are avoided.
Andrew Bartlett
Reviewed-by: Matthieu Patou <mat@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Feb 19 07:48:18 CET 2013 on sn-devel-104
This update was only a total oblitoration of the existing database
and not a merge, and the shutil.copy would both disregard and break
locks on the database that are held at this point.
Andrew Bartlett
Reviewed-by: Matthieu Patou <mat@samba.org>
samba-tool ntacl sysvolreset handles this better, and makes this tool
much less confusing internally.
Andrew Bartlett
Reviewed-by: Matthieu Patou <mat@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Feb 19 06:06:41 CET 2013 on sn-devel-104
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Feb 4 18:54:32 CET 2013 on sn-devel-104
this test shows that a change to POSIX ACL->SD mapping behavior does not invalidate the stored SD
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
If we have a DomainDnsZone partition, we use BIND9_DLZ as backend
and fix errors in the ForestDnsZone and DomainDnsZone partitions.
Note: this should work fine also for SAMBA_INTERNAL.
If the current setup doesn't use dns specific partitions (e.g. alpha13 setups)
we pass dns_backend=BIND9_FLATFILE.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
If we have a DomainDnsZone partition:
- we use BIND9_DLZ as backend if a dns-<netbiosname> account is available
- otherwise, we use SAMBA_INTERNAL
else:
- we use BIND9_FLATFILE if a dns or dns-<netbiosname> account is available
- otherwise, we use NONE
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This will be used to translated names in SDDL values,
which are not wellknown, e.g. 'DnsAdmins'.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is not used, but makes the prototype compatible with the
other get_*_descriptor() functions.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This will allow subsitute non-wellkown names in the SDDL,
e.g. 'DnsAdmins'.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Without this schema_data_modify() will reject updates to schema objects
by default.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
They inherited effective ACE for the wrong object classes.
For SACL ACEs the problem was also present in 4.0.0.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jan 22 00:12:17 CET 2013 on sn-devel-104
This allows the script to be used to create/remove the samba-specific dns-SERVER account
when we do not need to create the in-directory partition.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jan 10 20:56:50 CET 2013 on sn-devel-104
This changes the code to only set and show a new password if no admin
user is found during the upgrade.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jan 10 16:55:23 CET 2013 on sn-devel-104
Let nslookup use krb5.conf, which is set in our KRB5_CONFIG.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This also ensures a VFS connect is done to the correct service.
Andrew Bartlett
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 8 03:39:21 CET 2013 on sn-devel-104
This allows us to correctly load any modules that have been specified
by the smb.conf for [sysvol] and issue a VFS connect operation which
may be required by some VFS modules.
Andrew Bartlett
Reviewed-by: Jeremy Allison <jra@samba.org>
Providing a service allows a VFS connect to be issued on the correct
service, and so ensures that the correct modules are loaded rather
than just what is specified in [globals].
Andrew Bartlett
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Dec 11 07:05:39 CET 2012 on sn-devel-104
Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date(master): Sat Dec 8 03:34:29 CET 2012 on sn-devel-104
This allows the caller to ask for a security.descriptor instead of sddl
by passing 'as_sddl=False'.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
We should do it like the windows GUI.
1. create the LDAP objects
2. query the security_descriptor of the groupPolicyContainer
3. create the gPCFileSysPath via smb
4. set the security_descriptor of gPCFileSysPath
5. copy the files and directories into gPCFileSysPath
6. modify the groupPolicyContainer and link gPCFileSysPath
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
The sd_flags:1:15 control together with an empty security_descriptor
has the same effect as the recalculate_sd:0 control (which is samba only).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
This calls samba-tool gpo show as admin (which should be able to
see the full nTSecurityDescriptor.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Calling "samba-tool dns <cmd> localhost" provokes a stacktrace.
This just makes 'samba-tool dns <cmd> localhost' work and doesn't fix
the underlying issue, but I don't see it causing any harm (unless you
don't have an ipv4 localhost, I guess).
Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Nov 16 13:18:14 CET 2012 on sn-devel-104
Fix traceback:
samba-tool fsmo --role=schema --force
ERROR(<type 'exceptions.TypeError'>): uncaught exception - argument 2 must be string, not ldb.Dn
File "/usr/lib/python2.6/dist-packages/samba/netcmd/__init__.py", line 168, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.6/dist-packages/samba/netcmd/fsmo.py", line 160, in run
self.seize_role(role, samdb, force)
File "/usr/lib/python2.6/dist-packages/samba/netcmd/fsmo.py", line 119, in seize_role
m.dn = ldb.Dn(samdb, self.schema_dn)
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Nov 16 00:40:24 CET 2012 on sn-devel-104
On a new GPO created on windows, the SACL is not used.
Andrew Bartlett
Reviewed by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Nov 14 00:34:50 CET 2012 on sn-devel-104
NT4 is long dead, and we should not change which ACL we return based
on what we think the client is. The reason we should not do this, is
that if we are using vfs_acl_xattr then the hash will break if we do.
Additionally, it would require that the python VFS interface set the
global remote_arch to fake up being a modern client.
This instead seems cleaner and removes untested code (the tests are
updated to then handle the results of the modern codepath).
The supporting 'acl compatability' parameter is also removed.
Andrew Bartlett
Reviewed by: Jeremy Allison <jra@samba.org>
This was the cause of the flakey test, and was only noticed when
multiple different users ran autobuild at the same time on the same
server.
We use shutil.rmtree to wipe the directory before the tests finishes
as required by the TestCaseInTempDir class.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Nov 13 10:50:56 CET 2012 on sn-devel-104
This creates a new xattr.tdb per unit test, which avoids once and for all
the issue of dev/inode reuse.
For test_setposixacl_dir_getntacl_smbd the file ownership also set specifically.
Andrew Bartlett
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
This is important because it covers the codepath which had the talloc
error fixed by commit 60cf4cb5a6
(vfs_acl_common: In add_directory_inheritable_components allocate on
psd as parent)
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Nov 11 15:48:10 CET 2012 on sn-devel-104
This follows on from the successful conversion of samba.tests.posixacl.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Is is not required that these additional attributes be filled in, so
catch KeyError in both the nsswitch and ldap backend case.
We rework get_posix_attr_from_ldap_backend() so it raises KeyError
rather than trying to return None, and does not ignore other errors.
Andrew Bartlett
Tested-by: Chirana Gheorghita Eugeniu Theodor <office@adaptcom.ro>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Nov 6 00:12:43 CET 2012 on sn-devel-104
The directory walk was missed due to a cut-and-paste error.
Andrew Bartlett
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
This will allow administrators to inspect the process list in a
similar way to what running on a platform with setproctitle might
permit.
--pid= returns the registered server names for a PID (eg kdc, cldap_server)
--name= returns the pids registered with a particular name.
Andrew Bartlett
This manages the temp file more reliably, and reduces the repeated
code in each test case.
Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Oct 27 04:37:58 CEST 2012 on sn-devel-104
This is the new revision with the hash of the posix or system ACL.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Oct 25 15:04:39 CEST 2012 on sn-devel-104
This covers the case where we have a valid hash of the posix ACL (or the NT ACL from the
POSIX ACL) and we notice it no longer matches.
Andrew Bartlett
This tries to show the difference between the cases where we trap
the POSIX ACL change and where we actually detect an OS-level change.
Andrew Bartlett
This tests the mapping of posix ACLs to NT ACLs, the invalidation of
NT ACLs stored as an xattr and ensures this security-critical code
continues to work in the long term.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Oct 25 10:05:16 CEST 2012 on sn-devel-104
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Oct 18 09:51:35 CEST 2012 on sn-devel-104
Check if attributes are correctly set and read from SamDB
Test automatic creation of attributes from getpwent (NSS)
Check if overriding NSS attributes works
getpwent will be skipped if the current UID of the user running the
tests has no passwd entry (getpwuid(geteuid())).
If a user with the name of the current UID already exists in the
directory, the getpwent test will fail. If that should happen, the
test would need to be updated to use a nonexistent UID that is
visible to the Python 'pwd' module.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Optionally set RFC2307 (NIS Schema) attributes in samba-tool create.
Mainly needed for UID mapping to be usable.
Not all attributes are set-able, only harmless and non-overlapping
ones (uid, uidNumber, gidNumber, loginShell, gecos). Description and
homeDirectory should already be set, userPassword seems problematic.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
The issue here is that if we set S-1-5-32-544 (administrators) to a
GID only, then users cannot force a mandetory profile to be owned by
administrators (which is a requirement).
There is no particularly useful reason for us to enforce this matching
a system group.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Oct 17 12:55:44 CEST 2012 on sn-devel-104
The DNS user is currently only used by the bind9 plugin. This makes it
easier to later on switch between the builtin DNS server and bind
backend.
In addition, ideally the internal DNS server would use that (separate)
user too.
Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date(master): Thu Oct 11 17:05:40 CEST 2012 on sn-devel-104
This skips the chown of the files if (for example) the domain Admins group
were to own the file and not be able to because the group maps only to a GID.
This essentially papers over the problem, but may be enough to get us past
the Samba 4.0 release.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Oct 9 15:24:44 CEST 2012 on sn-devel-104
This fixes bug #9225. We already had a test for this scenario, but the test wasn't
correct. This patch fixes the test, and also fixes the bug.
Signed-off-by: Kai Blin <kai@samba.org>
Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Sun Sep 30 13:09:14 CEST 2012 on sn-devel-104
Provision would break with an exception if there was no value given for the DNS forwarder, this simply sets a default to "none".
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date(master): Thu Sep 27 04:35:33 CEST 2012 on sn-devel-104
This subcommand is provided for backwards compatibility only; new use of
it should be discouraged. Its new name is 'samba-tool domain
classicupgrade'.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9047
This avoids unlocked writes to the dns_hosts_file, and may fix some of our
issues on the build farm where large numbers of tests fail due to failed name resolution.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Sep 26 05:48:25 CEST 2012 on sn-devel-104
Override the SIGINT handler in a few select cases only, rather than
doing so in one of the samba Python modules. I've done this where it
matters most; we can add this code to other scripts too if necessary.
This means that importing the 'samba' module from a third party
application does not have side-effects on the state of the signal
handlers.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9068
This will allow us to run make test on all platforms again, as we emululate the posix ACLs using the fake_acls
module. By then testing smbd.have_posix_acls() we gain a more specific error message.
Andrew Bartlett
This avoid folks needing to specify --dns-backend=NONE
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Sep 6 04:48:55 CEST 2012 on sn-devel-104
This gets the SID for the local machine correctly.
We also add options for --use-ntvfs and --use-s3fs to help control
exactly which database is being read and written.
Andrew Bartlett
The name samba_dsdb is not ideal, but it matches the primary ldb
module we use, and more importantly it avoids having '4' in the name.
We should slowly avoid using the term samba4 in long-term places like
the smb.conf because it is confusing to users given we are shipping
Samba 4.0 as an AD DC as well as all the other supported roles (domain
member/standalone server/classic DC)
Additionally, samba4 will be an odd name when we eventually release
Samba 5.0!
samba4 remains accepted as an alias to ensure existing smb.conf files
load, but to allow changes here in the future, we set the value during
the smb.conf load, and not during the provision when we are an AD DC.
This simplifies the default smb.conf for the vast majority of our
users and reduces the number of things listed in smb.conf files that
we later have to work around if we wish to change the
name/implementation of the passdb glue module again.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Sep 4 04:45:16 CEST 2012 on sn-devel-104
We must not reference result before provision(), and do not need
session_info and lp for reading a normal ldap backend anyway.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 28 09:49:39 CEST 2012 on sn-devel-104
This will allow files to be correctly owned by the idmap that is imported.
This appears to fix an issue that came up after s3fs-compatible ACLs were
merged into provision.
Andrew Bartlett
secrets_tdb_sync is a new ldb module designed to sync secrets.ldb
entries with the secrets.tdb file.
While not ideal to keep two copies of this data, this routine will
assist in allowing the samba-tool domain join code to operate
correctly in most cases where winbindd and smbd are used.
Andrew Bartlett
We should not need the guessed values here, but by changing to using the s3 loadparm context
we can move this block to before the provision.
Andrew Bartlett
This command verifies that the current on-disk ACLs match the directory and
the defaults from provision.
Unlike sysvolreset, this does not change any of the permissions.
Andrew Bartlett
Needing to be able to write this test is the primary reason I have
been reworking the VFS and posix ACL layer over the past few weeks.
By exposing the POSIX ACL as a IDL object we can eaisly manipulate it
in python, and then verify that the ACL was handled correctly.
This ensures the when we write an ACL in provision, that it will
indeed allow that access at the FS layer.
We need to extend this beyond just the critical two ACLs set during
provision, to also include some special (hard) cases involving the
merging of ACE entries, as this is the most delicate part of the ACL
transfomation.
A similar test should also be written to read the posix ACL and the
mapped NT ACL on a file that has never had an NT ACL set.
Andrew Bartlett
This handles the fact that smbd will rarely override the POSIX ACL enforced by
the kernel. This has caused issues with the creation of group policies by
other members of the Domain Admins group.
Andrew Bartlett
We do not need filesystem ACLs set when creating the reference provision, so it is
easier to use the NTVFS backend as it does not cause trouble with make test.
Andrew Bartlett
This is an odd option, but is needed because I wish to add assertions about
ACL setting that will not work in make test without the vfs_fake_acls module
loaded.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Aug 16 22:49:06 CEST 2012 on sn-devel-104