1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

2870 Commits

Author SHA1 Message Date
Andrew Bartlett
4789a3072a samba-tool dbcheck: Allow dbcheck to correct an nTSecurityDescriptor without an owner or group
This is done by making a modification to the SD, which triggers it to be
filled in if we have the correct session_info established on the DB.

However, we normally want dbcheck running as system, so we wrap
the session_info set around this operation only.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-25 11:34:59 +01:00
Andrew Bartlett
810f8b48d9 samba-tool dbcheck: Add --reset-well-known-acls
This will allow an upgrade from Samba 4.0.0 without needing to run
samba_upgradeprovision, which for now is not the preferred upgrade
tool.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-25 10:53:47 +01:00
Andrew Bartlett
9040e26841 scripting: Move get_diff_sds from samba.upgradehelpers to samba.descriptor
This helps avoid a dependency loop when we use get_diff_sds in dbcheck.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-25 10:33:37 +01:00
Andrew Bartlett
a113ddbf88 scripting: Modify samba.descriptor.get_wellknown_sds() use samdb calls only
We need this routine not to use the names context as this is tied to
provision, and we end up in a circular dependency if we use that in
dbcheck.

Andrew Bartlett
2013-03-25 10:32:34 +01:00
Andrew Bartlett
352aff8ed7 scripting: Move samba.provision.descriptor to samba.descriptor
This will allow dbcheck to import it, without a cirucular dependency via
samba.provision importing dbcheck.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-25 10:32:11 +01:00
Andrew Bartlett
e81a97dd6f scripting: Make samba.provision.descriptor.get_wellknown_sds() return ldb.Dn objects
As we look to use this function in more places, it does not make sense to constantly create
Dn objects from the strings.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-25 10:29:26 +01:00
Andrew Bartlett
6df17fe799 scripting: Fix documentation comment on upgradehelpers.py:get_clean_sd
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-25 10:28:25 +01:00
Andrew Bartlett
3da89b01fa scripting: Move the list of well known SDs to samba.provision.descriptor
This will allow us to call this from dbcheck.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-25 10:27:58 +01:00
Ricky Nance
96d731c79b samba-tool group list: add more info to samba-tool group list
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Mar 17 12:56:47 CET 2013 on sn-devel-104
2013-03-17 12:56:47 +01:00
Andrew Bartlett
58e385a5ac Revert "Ensure the masks don't conflict with the ACL checks."
This reverts commit 78594909b8 which was
needed by 7622aa16ad.

This change masked bug #9462 which was fixed by
2013bb9b4d.  The issue was that the
defaults for the substituted parameters did not match the old
parameter.  Changing the values in our test suite hid the issue, but
did not fix the issue.

(Additional change in the revert is to correct the expected ACL value
in posixacl.py due to changed implied inherited permissions).

Andrew Bartlett

Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Mar 11 19:46:24 CET 2013 on sn-devel-104
2013-03-11 19:46:24 +01:00
Andrew Bartlett
9b8d5bba50 samba_upgradeprovision: Remove inherited ACEs before comparing the SDs
This avoids changing an SD when it is not really required.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-04 08:33:18 +01:00
Andrew Bartlett
5074b98714 scripting: Rework samba.upgradehelpers.get_diff_sddls to be get_diff_sds
This moves the SDDL conversion inside the get_diff_sds function and prepares
for removing inherited ACEs from the SD before comparison.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-04 08:33:08 +01:00
Andrew Bartlett
24c4d818d1 samba-tool ldapcmp: Add support for checking DNSDOMAIN and DNSFOREST by default
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-04 08:31:05 +01:00
Andrew Bartlett
f508435d23 samba-tool dbcheck: fix msDS-HasInstantiatedNCs attributes to match instanceType on our ntdsDSA
This value is only a link to the local value of intanceType on our server, so only fix it for our server.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-04 08:30:31 +01:00
Andrew Bartlett
97389c3ec2 scripting: Correct parsing of binary DN
The DN is of the form B:8:01020304:DC=samba,DC=example,DC=com.  We need
to account for the case where the 8 is actually (say) 16, and so not just
one character.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2013-03-04 08:24:02 +01:00
Andrew Bartlett
606f5d6cc6 samba-tool ldapcmp: Add --skip-missing-dn to not error on DNs present in one DB but not the other
This is needed to compare some parts of the database, particularly in --two mode, which
are just never going to have exactly the same DNs.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-02 21:52:20 +01:00
Andrew Bartlett
161fa15697 samba-tool domain classicupgrade: Fix typo in error path for multiple account flags
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-02 21:52:19 +01:00
Andrew Bartlett
669c302f2d samba-tool domain classicupgrade: Print a better error when the ldap backend PW was not found
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-02 21:52:19 +01:00
Andrew Bartlett
68f13f5d7e samba-tool dbcheck: fix comment on err_wrong_sd
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-02 21:52:19 +01:00
Jelmer Vernooij
87afc3aee1 Move python modules from source4/scripting/python/ to python/.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Mar  2 03:57:34 CET 2013 on sn-devel-104
2013-03-02 03:57:34 +01:00