sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code
69,098 Commits 60 Branches 1,145 Tags 452 MiB
f6c2d39d0b
Commit Graph

2128 Commits

Author SHA1 Message Date
Jelmer Vernooij
0ceb5018f3 waf: Remove unused EXT_LIB_PYTHON. 2010-10-26 10:17:19 -07:00
Jelmer Vernooij
1ae0981ce8 talloc: Move pytalloc to lib/talloc. 2010-10-26 10:17:18 -07:00
Jelmer Vernooij
8cf61377aa waf: Remove lib prefix from libraries manually. 2010-10-26 10:17:17 -07:00
Jelmer Vernooij
d9cbcdd410 s4: Drop duplicate 'lib' prefix for private libraries. 2010-10-26 10:17:16 -07:00
Jelmer Vernooij
833480d3ad s4: Rename LIBSAMBA-* to libsamba-* 2010-10-24 00:20:04 +00:00
Jelmer Vernooij
9065f9644b s4: Rename LIBNETIF to libnetif. 2010-10-23 22:24:06 +00:00
Matthias Dieter Wallnöfer
8b9a08e10f s4:provision.py - add the correct "CN=Sites" security descriptor 
This should help to fix bug #7403.

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sat Oct 23 20:16:59 UTC 2010 on sn-devel-104
 2010-10-23 20:16:59 +00:00
Matthias Dieter Wallnöfer
245642a36b s4:schema.py - reformat and fix the security descriptor 
- Now it matches Windows's order
- It contained a superfluous entry (an "Administrator" user grant)
 2010-10-23 19:35:06 +00:00
Andrew Tridgell
1748d10e47 s4-python: python_samba needs pyext 2010-10-21 19:03:27 +11:00
Andrew Tridgell
af36485ae5 s4-python: added a samba_python grouping library 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-10-21 19:03:26 +11:00
Matthias Dieter Wallnöfer
a9b58f6246 s4:samdb.py - remove a pointless comment 
We are only looking for the default DN - but the method name already tells
us this.

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Oct 19 10:03:12 UTC 2010 on sn-devel-104
 2010-10-19 10:03:12 +00:00
Matthias Dieter Wallnöfer
8c4f6bcd67 s4:samdb.py - use a more standard way to get to the domain realm/dns name 
We do always use the canonical name as a base if we don't have it around yet.
 2010-10-19 09:21:04 +00:00
Lukasz Zalewski
87fd2fd157 Addition of userPrincipalName attribute when new account is created 2010-10-19 09:21:04 +00:00
Andrew Bartlett
f9c7365e53 s4-provisionbackend Allow a fixed URI to be specified for LDAP backend 
This is added to make the 'existing' LDAP backend class more useful,
and to allow debuging of our OpenLDAP backend class with wireshark, by
forcing the traffic over loopback TCP, which is much easier to sniff.

Andrew Bartlett
 2010-10-19 18:57:06 +11:00
Andrew Bartlett
4d9b12ae8f s4-provision Remove serverdn parameter from Schema() 
We don't need to know the server DN here any more, and it
makes no sense for many callers.

Andrew Bartlett
 2010-10-19 18:57:00 +11:00
Jelmer Vernooij
5324b943e7 wafsamba: Fix handling of pyembed/pyext. 2010-10-10 23:54:04 +00:00
Jelmer Vernooij
c15e919a09 wafsamba: Clarify needs_python argument name, use pyembed/pyext where 
applicable.

Allow using both pyembed and pyext, to prevent unresolved symbols.

Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sun Oct 10 03:54:01 UTC 2010 on sn-devel-104
 2010-10-10 03:54:01 +00:00
Andrew Tridgell
c24240bcd2 waf: fixed some python3.x portability issues 
these have crept into the tree over time. Maybe we should add testing
of a range of python versions to autobuild?
 2010-10-06 11:13:05 +00:00
Kamen Mazdrashki
5218bcf76f s4-provision: Reset "debuglevel" after "provision" take place 
Otherwise "provision" resets our current debug level and
we don't get debug messages we may expect onwards

Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Tue Oct  5 11:32:50 UTC 2010 on sn-devel-104
 2010-10-05 11:32:50 +00:00
Matthias Dieter Wallnöfer
dda6c354f6 s4:dsdb python stuff - introduce also here the "show_recycled" control 
But also here beside "show_deleted" to not loose compatibility with older
provisions.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-10-03 15:23:18 +00:00
Andrew Tridgell
29e1a847dd s4-selftest: silence warnings about bind chown 2010-10-02 21:11:52 -07:00
Andrew Tridgell
762ad1c4ba s4-test: silence the Failed to chown message in make test 2010-10-02 21:11:52 -07:00
Kamen Mazdrashki
197a1514d6 s4-ldapcmp.py: Don't guess credentials for second Credentials object 
This allow us to fallback to first credentials given.

Autobuild-User: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date: Sat Oct  2 23:05:20 UTC 2010 on sn-devel-104
 2010-10-02 23:05:20 +00:00
Kamen Mazdrashki
da0f3bd229 s4-getopt.py: Make Anonymous creds when no credentials 
are supplied on command line and caller doesn't want us
to guess credentials from environment
 2010-10-03 01:24:57 +03:00
Kamen Mazdrashki
302e1d29d8 s4-python-test: Common implementation for getting environment variable value 
Unit-test based python tests require certain input parameters
to be set in environment, otherwise they can't be run
 2010-10-03 01:24:56 +03:00
Kamen Mazdrashki
6546127b64 s4-python-samba: Remove trailing ';'s 2010-10-03 01:24:56 +03:00
Kamen Mazdrashki
7acbb7346f s4-python-test: Implement global connect_samdb() function 
This helper makes proper ldb url to connect to
and is a shorthand for test to create SamDB connections
 2010-10-03 01:24:56 +03:00
Kamen Mazdrashki
46ac1c3b47 s4-samba.samdb: Fix masking names from outer context 
- 'filter' is built-in
- 'ldb' is a module name we imported
 2010-10-03 01:24:56 +03:00
Kamen Mazdrashki
0cb476fb26 s4-python-samba: 'file' is a built-in 2010-10-03 01:24:55 +03:00
Kamen Mazdrashki
edfb8c64f6 s4-samba.samdb: Fix leading indention and trailing ';' 2010-10-03 01:24:55 +03:00
Kamen Mazdrashki
e9620c5fd2 s4-python-samba: Fix few cosmetics 
- we have sys module already imported
- _glue module is part of samba package so be more precise how to import
 2010-10-03 01:24:55 +03:00
Andrew Tridgell
694f2876c9 s4-spn: don't try and send an empty SPN list 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-30 20:11:15 -07:00
Andrew Tridgell
176ecce9a6 s4-provision: wipe the old keytabs when provisioning 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-30 14:36:12 -07:00
Andrew Tridgell
67a04613e9 s4-rodc: fixed the keyVersionNumber on the RODC account in secrets.keytab 
we need to fetch the msDS-keyVersionNumber from the writeable DC

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-30 14:36:12 -07:00
Zahari Zahariev
73763b3678 LDAPCmp feature to compare nTSecurityDescriptors 
New feature that enables LDAPCmp users to find unmatched or
missing ACEs in objects for the three naming contexts between
DCs in one domain (default) or different domains. Comparing
security descriptors is not the default action but attribute
compatison. So to activate the new mode there is --sd switch.
However there are two view modes to the new --sd action which
are 'section' (default) or 'collision'. In 'section' mode you
can only find differences connected to missing or value
unmatched ACEs but not disorder unmatch if ACE values and count
are the same. All of the mentioned differences plus disorder
ACE unmatch you can observe under 'collision' view however
it is more verbose.

Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
 2010-09-30 09:41:20 -07:00
Andrew Tridgell
92586abac0 s4-dns: send A record updates via TKEY 2010-09-30 00:59:16 +00:00
Andrew Tridgell
768df75ed9 s4-devel: added new options to getncchanges script 
added --pas, --dest-dsa and --replica-flags options

Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
 2010-09-29 16:36:22 -07:00
Andrew Tridgell
31310826e0 s4-spnupdate: when we are a RODC we need to use the WriteSPN DRS call 
we can't do SPN updates via sam writes and replication, as the sam is
read-only
 2010-09-29 03:55:04 +00:00
Andrew Tridgell
739a4e4e23 s4-drsutils: expose DsBind() call in drs_utils.py 
this will be used by samba_spnupdate
 2010-09-29 03:55:04 +00:00
Andrew Tridgell
06022dad70 s4-kerberos: use TZ=GMT when we are invoking krb5 code in helpers 
Our helper scripts can fail on Fedora with the PDT timezone (Western
USA). This is the same issue we found with Heimdal earlier today, the
24 second difference between GMT and UTC, but this time in MIT
Kerberos as linked into bind9.

By forcing TZ=GMT in these scripts we avoid the problem

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-29 03:55:04 +00:00
Andrew Tridgell
6237d56027 s4-dns: added --update-list option to samba_dnsupdate 
this allows us to use it for RODC netlogon updates
 2010-09-27 22:55:05 -07:00
Andrew Tridgell
a40dcd161c s4-dns: use the generated krb5.conf in samba_dnsupdate 
this gives one less thing that an admin can get wrong

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Sep 27 02:35:29 UTC 2010 on sn-devel-104
 2010-09-27 02:35:29 +00:00
Andrew Tridgell
93be0d6178 s4-provision: fixed the generation of the krb5.conf for vampire 
we need a correct krb5.conf for nsupdate from bind9
 2010-09-27 01:53:45 +00:00
Andrew Tridgell
f3ceec9b1b s4-spn: don't try to do SPN updates as a RODC 
we don't have the permissions to do it
 2010-09-26 06:29:06 +00:00
Matthieu Patou
c680a42504 upgradeprovision: fix a typo 2010-09-26 06:22:43 +04:00
Matthieu Patou
873bd98904 upgradeprovision: Fix a bug with renamed entries 
The SD was not refetched for renamed entries, resulting with a try to
add an additional SD when there was already one.
 2010-09-26 06:22:43 +04:00
Matthieu Patou
43274c9071 upgradeprovision: fix a bug with not updated links 2010-09-26 06:22:43 +04:00
Matthieu Patou
a8f8f277ff s4 provision: start with gpo of version 0 and be consistent between different policies 2010-09-26 06:22:43 +04:00
Matthieu Patou
76d87b7fb5 s4 upgradeprovision: fix a bug with empty reference objects 
Thanks to lukas@eecs.qmul.ac.uk for poiting it to me
 2010-09-26 06:22:43 +04:00
Matthieu Patou
3c95d4d313 s4 upgradeprovision: Copy versionNumber if not present it helps to make gpo valid 2010-09-26 06:22:43 +04:00
Matthieu Patou
dfa468fd08 s4 provision: Make GPO folder group writable 
The group of this folder is domain administrator and it seems sensible
that all domain administrators have the right to modify the gpo (they
have it at the NT ACLs level ...)
 2010-09-26 06:22:43 +04:00
Matthieu Patou
69ef2b3705 upgradeprovision: use the same case for hostname in reference provision as in the current provision 
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sun Sep 26 01:21:52 UTC 2010 on sn-devel-104
 2010-09-26 01:21:52 +00:00
Andrew Tridgell
b8444b64a3 s4-provision: switch to dns-HOSTNAME instead of dns 
We now use a host specific account name for the DNS account, which is
the account used for dynamic DNS updates. We also setup the
servicePrincipalName for automatic update, and add both DNS/${DNSDOMAIN}
and DNS/${DNSNAME} for compatibility with both the old and new SPNs

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-26 01:21:49 +00:00
Kamen Mazdrashki
7e1e7b16f6 s4-ldapcmp: Fix usage of 'paged_search' module for remote LDB connections 2010-09-26 02:25:10 +03:00
Kamen Mazdrashki
9e6fa8553c s4-ldapcmp: Extend ldapcmp to be able to compare more than one context at a time 
If no arguments given, ldapcmp will compare all NCs
 2010-09-26 02:25:03 +03:00
Andrew Tridgell
c53210bf06 s4-net: added --ipaddress option to net commands 
this allows override of server IP address, bypassing NBT or DNS name
resolution of DCs

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
 2010-09-25 10:38:45 -07:00
Matthias Dieter Wallnöfer
76c346dfc1 s4:provision - rootdse - remove static "ldapServiceName" attribute 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
ccc67a03d6 s4:provision - rootdse - remove static "dnsHostName" attribute 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
65ca9e691b s4:provision.py - support still not fully provisioned trees regarding the rootDSE module 
We simply override the NTDS settings path manually

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:42 +10:00
Matthias Dieter Wallnöfer
439d7ff935 s4:provision.py - make more use of "names.serverdn" on NTDS settings location 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:42 +10:00
Matthias Dieter Wallnöfer
f45848e33a s4:python/samba/join.py - add a comment to point out that NCs have to be assigned dynamically 
We could also have DNS partitions (only to make one example).

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:42 +10:00
Matthias Dieter Wallnöfer
8223342e50 s4:python/samba/join.py - use constant for DC function level 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:42 +10:00
Andrew Tridgell
c0ff93b033 s4-drs: we don't need to decode to utf8 in python dcerpc strings any more 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-23 07:17:57 +00:00
Jelmer Vernooij
7378b6d2a2 s4-selftest: Move credentials tests to standard python directory. 2010-09-22 22:29:09 -07:00
Jelmer Vernooij
cc5b673e18 s4-selftest: Move samba3sam test to standard python directory. 2010-09-22 22:29:09 -07:00
Jelmer Vernooij
3d0e6db9dc selftest: Fix idlist running. 2010-09-22 22:29:09 -07:00
Jelmer Vernooij
1c3c9a483b s4-param: Fix more memory leaks, invalid memory context. 2010-09-22 17:48:24 -07:00
Jelmer Vernooij
3fea9df85a s4-param: Check type when converting python object to lp_ctx, fix some 
memory leaks.
 2010-09-22 17:48:23 -07:00
Jelmer Vernooij
63031a2a78 pygensec: Implement start_mech_by_name(). 2010-09-22 17:48:23 -07:00
Jelmer Vernooij
5a75fb194a ndrdump: Move blackbox test to standard python namespace. 2010-09-22 17:48:23 -07:00
Kamen Mazdrashki
e3b81c6062 s4-ldapcmp: Enable comparisons between LDBs too 
This will enable us to compare two LDBs or and LDB with running
AD server. Comparing LDB against running running server
may come into handy when one want to see if 'net vampire'
command does what it does the right way
 2010-09-22 15:07:24 +03:00
Jelmer Vernooij
e12e661f35 s4-selftest: Move more tests to scripting/python, simplifies running of tests. 2010-09-21 22:54:38 -07:00
Jelmer Vernooij
118c6548bb selftest: Fix run for systems without testtools installed. 2010-09-21 22:54:37 -07:00
Jelmer Vernooij
58cfbc510c rpc_talloc: Update test now that we create fewer references. 2010-09-20 22:40:47 -07:00
Jelmer Vernooij
7fc40d2ed3 pytestrpc: Be more verbose. 2010-09-20 22:40:47 -07:00
Jelmer Vernooij
f161fa3ac8 testrpc: Convert from a single unit test to a simple test script, be 
more verbose.
 2010-09-20 22:40:46 -07:00
Jelmer Vernooij
a7393449eb pidl: Fix segfault when accessing unicode objects. 2010-09-20 22:40:46 -07:00
Kamen Mazdrashki
0740d0ae85 s4-devel-getncchanges: Add common Samba options as a group to be displayed 
Those options are processed but never shown with --help argument
 2010-09-21 00:15:23 +03:00
Andrew Tridgell
01371d968e s4-rodc: override client site from cldap response 2010-09-19 13:36:02 -07:00
Andrew Tridgell
8beed3679d s4-dns: fixed the dns_domain_info_type for netlogon DNS calls 
w2k8r2 does check this field (WSPP docs need an update)
 2010-09-19 13:36:02 -07:00
Andrew Tridgell
6642ae9703 s4-dns: added --all-names option to samba_dnsupdate 
this forces the re-registration of all names
 2010-09-19 13:36:02 -07:00
Andrew Tridgell
f6fa73bbd3 s4-rodc: added RODC DNS update support to samba_dnsupdate 
for DNS updates that have a netlogon equivalent, send via netlogon
 2010-09-19 11:29:32 -07:00
Andrew Tridgell
e72a1e2055 s4-pydsdb: added am_rodc() method on samdb 2010-09-19 11:29:32 -07:00
Andrew Tridgell
2666cc9c16 s4-pydsdb: don't force am_rodc unless it is set by caller 
we should normally get the rodc flag by looking at the database, not
by forcing it in the database connect
 2010-09-19 11:29:32 -07:00
Kamen Mazdrashki
c3489a7918 s4-ldapcmp: Fix options parsing for common Samba options 
And also set 'creds2' to be equal to 'creds' in case
username2 paramater is not supplied on cmd line
 2010-09-18 15:09:46 +03:00
Andrew Tridgell
90d685afe5 s4-devel: developer script for adding DNS entries via netlogon RPC 
this calls the netlogon DsrUpdateReadOnlyServerDnsRecords call to add
DNS entries for a RODC via RPC calls. The call is routed via a IRPC
call to winbind, as winbind is the one with the schannel credential
chaining setup.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-17 19:02:19 +10:00
Andrew Tridgell
7e729c4f6a s4-dns: use a non-forwardable ticket in samba_dnsupdate 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-16 16:08:46 +10:00
Andrew Tridgell
eeafe1eb65 s4-pydrs: fix for python 2.4 
thanks to Kamen and David Gonzalez for spotting this
 2010-09-16 16:08:45 +10:00
Andrew Tridgell
aabd89d8f7 s4-pyjoin: use new pynet finddc interface 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-16 07:24:01 +10:00
Andrew Tridgell
59d415f43f s4-finddc: use NBT lookup for a 1C name if joining a short domain name 
once we get the 1C lookup reply, use a CLDAP query to find the details
for the server

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-15 15:39:36 +10:00
Andrew Tridgell
4e9f449106 s4-join: give a clear error when using short domain form 
we now require the full domain name, for the DNS/CLDAP lookup

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-15 15:39:36 +10:00
Andrew Tridgell
011978eb1b s4-rodc: use python finddc code to avoid the need for --server 
The DC is now found via DNS/CLDAP

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-15 15:39:35 +10:00
Matthias Dieter Wallnöfer
64af772b38 s4:fsmo.py - fix an obvious typo 2010-09-12 19:23:04 +02:00
Stefan Metzmacher
0ad2890c4e s4:provision: remember the setup directory if it wasn't the default 
This fixes make test without a make install.

metze
 2010-09-10 17:21:31 +02:00
Andrew Tridgell
3d420ea2bb s4-rodc: cope with missing searchFlags 
this can be missing after the schema tests
 2010-09-09 21:39:25 +10:00
Andrew Tridgell
b9c0b59034 s4-rodc: get the domain name from the partitions DN 
don't rely on the netbios domain name being the first part of the
realm

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-09 21:39:24 +10:00
Andrew Tridgell
c44bdbc01d s4-provision: fixed error format string 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-09 21:39:24 +10:00
Andrew Tridgell
54e86d881d s4-pydsdb: expose samdb_partitions_dn() as get_partitions_dn() in python 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-09 21:39:24 +10:00
Matthieu Patou
49321571ea upgradeprovision: avoid working with None objects ... 2010-09-05 12:29:21 +04:00
Matthieu Patou
b153558210 upgradeprovision: do not try to remove/change attribute before the RID Set object is present 2010-09-05 12:29:21 +04:00
Matthieu Patou
13d575d6e3 upgradeprovision: cleanup 2010-09-05 12:29:20 +04:00
Matthieu Patou
1d0815281e s4 upgradeprovision: add dns_update_list if missing 2010-09-05 12:29:20 +04:00
Jelmer Vernooij
0bc53f7d9f pidl: Keep only a single copy of samba.dcerpc.base.ClientConnection. 2010-09-03 02:39:38 +02:00
Andrew Tridgell
39599e949b s4-pidl: added a test for all generated rpc interfaces 
this tries to instantiate all types in all generated python RPC
interfaces, then checks that all attributes can be read, written and
compared.
 2010-09-02 13:37:07 +10:00
Andrew Tridgell
9f5dcb2235 s4-net: use CommandError() in net rodc 
this integrates better with the net command

Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>
 2010-09-02 13:37:07 +10:00
Andrew Bartlett
896553a1a8 s4:provision Allow OpenLDAP backend to provision again 
OpenLDAP does not have any post-setup requirements at the moment.

Andrew Bartlett
 2010-09-02 10:40:34 +10:00
Zahari Zahariev
9aae50443d s4:provision Improved error handling in provisionbackend 
When using OpenLDAP as a backend with Samba4 we get failure during
provision and this patch will help better determining the real error.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-02 10:40:34 +10:00
Andrew Tridgell
331905216a s4-devel: added enumprivs developer script 
this enumerates all LSA privileges on a server

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-26 22:50:20 +10:00
Andrew Tridgell
057a47130d s4-net: fixed docstring on spn command 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-26 22:50:20 +10:00
Andrew Tridgell
d8f48c7ffc s4-net: added "net rodc preload" command 
this command will preload the credentials for an account from the full
domain controller

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-26 22:50:20 +10:00
Andrew Tridgell
da366ba221 s4-drs: split out drs utility python functions 
these will be re-used by other net commands
 2010-08-26 22:50:20 +10:00
Andrew Tridgell
502a5313c4 s4-pyrpc: convert rpc_talloc.py test to unittest framework 
This fits in better with our test framework

Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>
 2010-08-26 22:50:20 +10:00
Andrew Tridgell
e69b13ccdd s4-pyrpc: added a test for talloc behaviour in pidl python code 2010-08-25 23:05:05 +10:00
Andrew Tridgell
717ee453dd s4-pyglue: added talloc_total_blocks() python call 2010-08-25 23:05:05 +10:00
Andrew Tridgell
ba5b3fb248 s4-rodc: removed python memory workaround 
we can now assign pidl generates structures directly without errors
 2010-08-25 23:05:05 +10:00
Andrew Tridgell
9218de4b74 s4-pyglue: pyglue now depends on pytalloc 2010-08-25 23:05:05 +10:00
Andrew Tridgell
956341965c s4-rodc: setup secrets database at end of RODC join 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-25 23:05:05 +10:00
Andrew Tridgell
5a367f641e s4-pyglue: added talloc_report_full() and talloc_enable_null_tracking() 
these are useful for tracking down leaks and bugs in python scripts

Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>
 2010-08-25 23:05:05 +10:00
Andrew Tridgell
64bf637edf s4-rodc: broke up RODC join into separate functions 
this also removes some of the magic constants
 2010-08-25 08:40:05 +10:00
Andrew Tridgell
e3c0409c7a s4-rodc: added REPL_SECRET exop replication of accounts 
During a RODC join, we need to fetch the secrets for the machine
account and krbtgt account using GetNCChanges
DRSUAPI_EXOP_REPL_SECRET calls

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-25 08:40:04 +10:00
Andrew Tridgell
8438da96ba s4-dsdb: added get_attid_from_lDAPDisplayName() on samdb 
This can be used to form the partial_attribute_set list for
GetNCChanges

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-25 08:40:04 +10:00
Andrew Tridgell
495bd182f5 s4-rodc: next step in RODC join code 
a RODC net join can now replicate the schame, config and base
partitions, by calling the net.replicate*() python hooks, and driving
the GetNCChanges calls from python

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-25 08:40:04 +10:00
Andrew Tridgell
85ebc495f6 s4-devel: added a getncchanges developer script 
this allows for command line access to getncchanges

it also provides a good example of calling DRSUAPI interfaces from
python

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-23 15:55:40 +10:00
Andrew Tridgell
b4a048d763 s4-net: role should be case insensitive for join 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-23 15:55:39 +10:00
Andrew Tridgell
bd7f9813de s4-net: added initial implemention of RODC join 
This does the join using python code

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-23 15:55:39 +10:00
Andrew Tridgell
a2cb6ef017 s4-net: moved the net join command to python 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-23 15:55:39 +10:00
Andrew Tridgell
10813bdd85 s4-python: added ndr_print() method in ndr 2010-08-23 15:55:39 +10:00
Jelmer Vernooij
8bc58990a4 s4: Only install testparm to /usr/bin/, no longer to /usr/sbin. 2010-08-22 17:12:26 +02:00
Jelmer Vernooij
4ec7dd8deb s4: Install testparm to /usr/bin, consistent with old behaviour. 2010-08-22 17:03:47 +02:00
Andrew Tridgell
d7d19fdc84 s4-net: better error message on net setpassword 2010-08-22 14:57:34 +10:00
Zahari Zahariev
5c272b8ce7 Remove place-holders when it is single domain 
This patch changes the behavior of LDAPCmp in a single domain
scenario. No place-holders will be applied during comparison
so replication will be fully tested and even the silightest
difference will pop up.

There is a second smaller fix when we compre hosts in different
domains. This fix disables ${SERVERNAME} paace-holder when there
are more then one serevr (domain controller) in the given domain.
 2010-08-20 13:52:08 +03:00
Andrew Tridgell
3d13c9e53a s4-pysamdb: fixed get_domain_sid() 
we need to actually return the SID!

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-20 20:34:11 +10:00
Matthieu Patou
4fec72db1c s4 provision: POLICY_ACL is already an FS acl no need to translate it 2010-08-19 15:59:06 +04:00
Matthieu Patou
6e7d684462 s4 provision: Add some documentation to GPO related functions 2010-08-19 15:59:05 +04:00
Matthieu Patou
ed51bf5f68 s4 upgradeprovision: exit with a non null return code so that it can be trapped in blackbox tests 2010-08-19 15:59:05 +04:00
Matthieu Patou
a5653bcf83 s4 upgradeprovision: add more attrbutes the ignore list 
Also format in a pretty way the int64 ranges
 2010-08-19 15:59:05 +04:00
Matthieu Patou
e378d7fd89 s4 upgradeprovision: Deal with bootstrap indexing attribute to avoid useless reindexing 2010-08-19 15:59:05 +04:00
Matthieu Patou
d79a5cc358 s4 upgradeprovision: Add a function for schema reloading 
Full schema reloading is needed when we modify exisiting elements that
have attributes that comes from not from the default schema (ie.
openchange schema, user schema ..)
 2010-08-19 15:59:04 +04:00
Matthieu Patou
eaf1d050fe s4 upgradeprovision: upgrade_delta_samdb return a msg_diff of @ATTRIBUTES 
This is used by upgradeprovision to readd this delta just before loading
a merged schema
 2010-08-19 15:59:04 +04:00
Matthieu Patou
3e49b20cf0 s4 upgradeprovision: Fixes for increment_keyversion 
fix
 2010-08-19 15:59:04 +04:00
Matthieu Patou
503824b757 s4 upgradeprovision: fix a typo and pass correct parameter to increment_calculated_keyversion 2010-08-19 15:59:04 +04:00
Andrew Tridgell
82c171aa55 s4-net: use an encrypted ldap session when setting passwords 
this allows for "net setpassword -H ldap://server -Uusername%password USERNAME"
to set a password remotely on a windows DC

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-17 21:21:51 +10:00
Andrew Tridgell
ec3ed2898f s3-provision: cope with the policy directory already existing 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-08-17 08:44:28 +10:00
Matthieu Patou
7b41969603 s4 upgradeprovision, fix a typo preventing the ridset to be correctly identified 2010-08-10 00:57:20 +04:00
Matthieu Patou
5a8c77f97b s4: create a simple version of ktpass 
This script is intended to be a replacement for the ktutil of Windows.
It's use is for exporting keytab that will be used for kerberized
services.
 2010-07-17 17:56:16 +04:00
Andrew Tridgell
6b266b85cf s4-loadparm: 2nd half of lp_ to lpcfg_ conversion 
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-07-16 18:24:27 +10:00
Andrew Bartlett
299057d8d9 s4:provision Handle machine account password changes while keeping keytab 
The challenge here is to update the existing record if it already
exists, rather than deleting the old record.  This ensures that the
secrets.keytab handling code keeps the previous password in the
keytab.

Andrew Bartlett
 2010-07-15 22:08:22 +10:00
Matthieu Patou
36b5feceee s4 upgradeprovision: Adapt the list of attribute modified 
* isMemberOfPartialAttributeSet is now allowed to be deleted (on schema
 objects)
* attributeDisplayNames is now allowed to be added and modified (used on
  display specifiers)
* spnMapping is now allowed to be altered on Directory Service objects
* minPwdAge is now modified if the previous value was 0

We issue a clear information about the userControl attribute for
administrator to invite the user to modify himself the value.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-07-15 22:08:21 +10:00
Matthieu Patou
7478224189 s4 upgradeprovision: Synchronize the calculated keyversionnumber with the one previously stored 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-07-15 22:08:21 +10:00
Matthieu Patou
0a1b1121c4 s4 upgradeprovision: do not copy RID Set it's automaticaly created by the RID manager 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-07-15 22:08:21 +10:00