sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code
69,098 Commits 60 Branches 1,145 Tags 452 MiB
f6c2d39d0b
Commit Graph

2128 Commits

Author SHA1 Message Date
Matthieu Patou
dfa468fd08 s4 provision: Make GPO folder group writable 
The group of this folder is domain administrator and it seems sensible
that all domain administrators have the right to modify the gpo (they
have it at the NT ACLs level ...)
 2010-09-26 06:22:43 +04:00
Matthieu Patou
69ef2b3705 upgradeprovision: use the same case for hostname in reference provision as in the current provision 
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Sun Sep 26 01:21:52 UTC 2010 on sn-devel-104
 2010-09-26 01:21:52 +00:00
Andrew Tridgell
b8444b64a3 s4-provision: switch to dns-HOSTNAME instead of dns 
We now use a host specific account name for the DNS account, which is
the account used for dynamic DNS updates. We also setup the
servicePrincipalName for automatic update, and add both DNS/${DNSDOMAIN}
and DNS/${DNSNAME} for compatibility with both the old and new SPNs

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-26 01:21:49 +00:00
Kamen Mazdrashki
7e1e7b16f6 s4-ldapcmp: Fix usage of 'paged_search' module for remote LDB connections 2010-09-26 02:25:10 +03:00
Kamen Mazdrashki
9e6fa8553c s4-ldapcmp: Extend ldapcmp to be able to compare more than one context at a time 
If no arguments given, ldapcmp will compare all NCs
 2010-09-26 02:25:03 +03:00
Andrew Tridgell
c53210bf06 s4-net: added --ipaddress option to net commands 
this allows override of server IP address, bypassing NBT or DNS name
resolution of DCs

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
 2010-09-25 10:38:45 -07:00
Matthias Dieter Wallnöfer
76c346dfc1 s4:provision - rootdse - remove static "ldapServiceName" attribute 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
ccc67a03d6 s4:provision - rootdse - remove static "dnsHostName" attribute 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:43 +10:00
Matthias Dieter Wallnöfer
65ca9e691b s4:provision.py - support still not fully provisioned trees regarding the rootDSE module 
We simply override the NTDS settings path manually

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:42 +10:00
Matthias Dieter Wallnöfer
439d7ff935 s4:provision.py - make more use of "names.serverdn" on NTDS settings location 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:42 +10:00
Matthias Dieter Wallnöfer
f45848e33a s4:python/samba/join.py - add a comment to point out that NCs have to be assigned dynamically 
We could also have DNS partitions (only to make one example).

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:42 +10:00
Matthias Dieter Wallnöfer
8223342e50 s4:python/samba/join.py - use constant for DC function level 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-24 09:25:42 +10:00
Andrew Tridgell
c0ff93b033 s4-drs: we don't need to decode to utf8 in python dcerpc strings any more 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-23 07:17:57 +00:00
Jelmer Vernooij
7378b6d2a2 s4-selftest: Move credentials tests to standard python directory. 2010-09-22 22:29:09 -07:00
Jelmer Vernooij
cc5b673e18 s4-selftest: Move samba3sam test to standard python directory. 2010-09-22 22:29:09 -07:00
Jelmer Vernooij
3d0e6db9dc selftest: Fix idlist running. 2010-09-22 22:29:09 -07:00
Jelmer Vernooij
1c3c9a483b s4-param: Fix more memory leaks, invalid memory context. 2010-09-22 17:48:24 -07:00
Jelmer Vernooij
3fea9df85a s4-param: Check type when converting python object to lp_ctx, fix some 
memory leaks.
 2010-09-22 17:48:23 -07:00
Jelmer Vernooij
63031a2a78 pygensec: Implement start_mech_by_name(). 2010-09-22 17:48:23 -07:00
Jelmer Vernooij
5a75fb194a ndrdump: Move blackbox test to standard python namespace. 2010-09-22 17:48:23 -07:00
Kamen Mazdrashki
e3b81c6062 s4-ldapcmp: Enable comparisons between LDBs too 
This will enable us to compare two LDBs or and LDB with running
AD server. Comparing LDB against running running server
may come into handy when one want to see if 'net vampire'
command does what it does the right way
 2010-09-22 15:07:24 +03:00
Jelmer Vernooij
e12e661f35 s4-selftest: Move more tests to scripting/python, simplifies running of tests. 2010-09-21 22:54:38 -07:00
Jelmer Vernooij
118c6548bb selftest: Fix run for systems without testtools installed. 2010-09-21 22:54:37 -07:00
Jelmer Vernooij
58cfbc510c rpc_talloc: Update test now that we create fewer references. 2010-09-20 22:40:47 -07:00
Jelmer Vernooij
7fc40d2ed3 pytestrpc: Be more verbose. 2010-09-20 22:40:47 -07:00
Jelmer Vernooij
f161fa3ac8 testrpc: Convert from a single unit test to a simple test script, be 
more verbose.
 2010-09-20 22:40:46 -07:00
Jelmer Vernooij
a7393449eb pidl: Fix segfault when accessing unicode objects. 2010-09-20 22:40:46 -07:00
Kamen Mazdrashki
0740d0ae85 s4-devel-getncchanges: Add common Samba options as a group to be displayed 
Those options are processed but never shown with --help argument
 2010-09-21 00:15:23 +03:00
Andrew Tridgell
01371d968e s4-rodc: override client site from cldap response 2010-09-19 13:36:02 -07:00
Andrew Tridgell
8beed3679d s4-dns: fixed the dns_domain_info_type for netlogon DNS calls 
w2k8r2 does check this field (WSPP docs need an update)
 2010-09-19 13:36:02 -07:00
Andrew Tridgell
6642ae9703 s4-dns: added --all-names option to samba_dnsupdate 
this forces the re-registration of all names
 2010-09-19 13:36:02 -07:00
Andrew Tridgell
f6fa73bbd3 s4-rodc: added RODC DNS update support to samba_dnsupdate 
for DNS updates that have a netlogon equivalent, send via netlogon
 2010-09-19 11:29:32 -07:00
Andrew Tridgell
e72a1e2055 s4-pydsdb: added am_rodc() method on samdb 2010-09-19 11:29:32 -07:00
Andrew Tridgell
2666cc9c16 s4-pydsdb: don't force am_rodc unless it is set by caller 
we should normally get the rodc flag by looking at the database, not
by forcing it in the database connect
 2010-09-19 11:29:32 -07:00
Kamen Mazdrashki
c3489a7918 s4-ldapcmp: Fix options parsing for common Samba options 
And also set 'creds2' to be equal to 'creds' in case
username2 paramater is not supplied on cmd line
 2010-09-18 15:09:46 +03:00
Andrew Tridgell
90d685afe5 s4-devel: developer script for adding DNS entries via netlogon RPC 
this calls the netlogon DsrUpdateReadOnlyServerDnsRecords call to add
DNS entries for a RODC via RPC calls. The call is routed via a IRPC
call to winbind, as winbind is the one with the schannel credential
chaining setup.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-17 19:02:19 +10:00
Andrew Tridgell
7e729c4f6a s4-dns: use a non-forwardable ticket in samba_dnsupdate 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-16 16:08:46 +10:00
Andrew Tridgell
eeafe1eb65 s4-pydrs: fix for python 2.4 
thanks to Kamen and David Gonzalez for spotting this
 2010-09-16 16:08:45 +10:00
Andrew Tridgell
aabd89d8f7 s4-pyjoin: use new pynet finddc interface 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-16 07:24:01 +10:00
Andrew Tridgell
59d415f43f s4-finddc: use NBT lookup for a 1C name if joining a short domain name 
once we get the 1C lookup reply, use a CLDAP query to find the details
for the server

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-15 15:39:36 +10:00
Andrew Tridgell
4e9f449106 s4-join: give a clear error when using short domain form 
we now require the full domain name, for the DNS/CLDAP lookup

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-15 15:39:36 +10:00
Andrew Tridgell
011978eb1b s4-rodc: use python finddc code to avoid the need for --server 
The DC is now found via DNS/CLDAP

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-15 15:39:35 +10:00
Matthias Dieter Wallnöfer
64af772b38 s4:fsmo.py - fix an obvious typo 2010-09-12 19:23:04 +02:00
Stefan Metzmacher
0ad2890c4e s4:provision: remember the setup directory if it wasn't the default 
This fixes make test without a make install.

metze
 2010-09-10 17:21:31 +02:00
Andrew Tridgell
3d420ea2bb s4-rodc: cope with missing searchFlags 
this can be missing after the schema tests
 2010-09-09 21:39:25 +10:00
Andrew Tridgell
b9c0b59034 s4-rodc: get the domain name from the partitions DN 
don't rely on the netbios domain name being the first part of the
realm

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-09 21:39:24 +10:00
Andrew Tridgell
c44bdbc01d s4-provision: fixed error format string 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-09 21:39:24 +10:00
Andrew Tridgell
54e86d881d s4-pydsdb: expose samdb_partitions_dn() as get_partitions_dn() in python 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-09-09 21:39:24 +10:00
Matthieu Patou
49321571ea upgradeprovision: avoid working with None objects ... 2010-09-05 12:29:21 +04:00
Matthieu Patou
b153558210 upgradeprovision: do not try to remove/change attribute before the RID Set object is present 2010-09-05 12:29:21 +04:00
Matthieu Patou
13d575d6e3 upgradeprovision: cleanup 2010-09-05 12:29:20 +04:00
Matthieu Patou
1d0815281e s4 upgradeprovision: add dns_update_list if missing 2010-09-05 12:29:20 +04:00
Jelmer Vernooij
0bc53f7d9f pidl: Keep only a single copy of samba.dcerpc.base.ClientConnection. 2010-09-03 02:39:38 +02:00
Andrew Tridgell
39599e949b s4-pidl: added a test for all generated rpc interfaces 
this tries to instantiate all types in all generated python RPC
interfaces, then checks that all attributes can be read, written and
compared.
 2010-09-02 13:37:07 +10:00
Andrew Tridgell
9f5dcb2235 s4-net: use CommandError() in net rodc 
this integrates better with the net command

Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>
 2010-09-02 13:37:07 +10:00
Andrew Bartlett
896553a1a8 s4:provision Allow OpenLDAP backend to provision again 
OpenLDAP does not have any post-setup requirements at the moment.

Andrew Bartlett
 2010-09-02 10:40:34 +10:00
Zahari Zahariev
9aae50443d s4:provision Improved error handling in provisionbackend 
When using OpenLDAP as a backend with Samba4 we get failure during
provision and this patch will help better determining the real error.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-09-02 10:40:34 +10:00
Andrew Tridgell
331905216a s4-devel: added enumprivs developer script 
this enumerates all LSA privileges on a server

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-26 22:50:20 +10:00
Andrew Tridgell
057a47130d s4-net: fixed docstring on spn command 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-26 22:50:20 +10:00
Andrew Tridgell
d8f48c7ffc s4-net: added "net rodc preload" command 
this command will preload the credentials for an account from the full
domain controller

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-26 22:50:20 +10:00
Andrew Tridgell
da366ba221 s4-drs: split out drs utility python functions 
these will be re-used by other net commands
 2010-08-26 22:50:20 +10:00
Andrew Tridgell
502a5313c4 s4-pyrpc: convert rpc_talloc.py test to unittest framework 
This fits in better with our test framework

Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>
 2010-08-26 22:50:20 +10:00
Andrew Tridgell
e69b13ccdd s4-pyrpc: added a test for talloc behaviour in pidl python code 2010-08-25 23:05:05 +10:00
Andrew Tridgell
717ee453dd s4-pyglue: added talloc_total_blocks() python call 2010-08-25 23:05:05 +10:00
Andrew Tridgell
ba5b3fb248 s4-rodc: removed python memory workaround 
we can now assign pidl generates structures directly without errors
 2010-08-25 23:05:05 +10:00
Andrew Tridgell
9218de4b74 s4-pyglue: pyglue now depends on pytalloc 2010-08-25 23:05:05 +10:00
Andrew Tridgell
956341965c s4-rodc: setup secrets database at end of RODC join 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-25 23:05:05 +10:00
Andrew Tridgell
5a367f641e s4-pyglue: added talloc_report_full() and talloc_enable_null_tracking() 
these are useful for tracking down leaks and bugs in python scripts

Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>
 2010-08-25 23:05:05 +10:00
Andrew Tridgell
64bf637edf s4-rodc: broke up RODC join into separate functions 
this also removes some of the magic constants
 2010-08-25 08:40:05 +10:00
Andrew Tridgell
e3c0409c7a s4-rodc: added REPL_SECRET exop replication of accounts 
During a RODC join, we need to fetch the secrets for the machine
account and krbtgt account using GetNCChanges
DRSUAPI_EXOP_REPL_SECRET calls

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-25 08:40:04 +10:00
Andrew Tridgell
8438da96ba s4-dsdb: added get_attid_from_lDAPDisplayName() on samdb 
This can be used to form the partial_attribute_set list for
GetNCChanges

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-25 08:40:04 +10:00
Andrew Tridgell
495bd182f5 s4-rodc: next step in RODC join code 
a RODC net join can now replicate the schame, config and base
partitions, by calling the net.replicate*() python hooks, and driving
the GetNCChanges calls from python

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-25 08:40:04 +10:00
Andrew Tridgell
85ebc495f6 s4-devel: added a getncchanges developer script 
this allows for command line access to getncchanges

it also provides a good example of calling DRSUAPI interfaces from
python

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-23 15:55:40 +10:00
Andrew Tridgell
b4a048d763 s4-net: role should be case insensitive for join 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-23 15:55:39 +10:00
Andrew Tridgell
bd7f9813de s4-net: added initial implemention of RODC join 
This does the join using python code

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-23 15:55:39 +10:00
Andrew Tridgell
a2cb6ef017 s4-net: moved the net join command to python 
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-23 15:55:39 +10:00
Andrew Tridgell
10813bdd85 s4-python: added ndr_print() method in ndr 2010-08-23 15:55:39 +10:00
Jelmer Vernooij
8bc58990a4 s4: Only install testparm to /usr/bin/, no longer to /usr/sbin. 2010-08-22 17:12:26 +02:00
Jelmer Vernooij
4ec7dd8deb s4: Install testparm to /usr/bin, consistent with old behaviour. 2010-08-22 17:03:47 +02:00
Andrew Tridgell
d7d19fdc84 s4-net: better error message on net setpassword 2010-08-22 14:57:34 +10:00
Zahari Zahariev
5c272b8ce7 Remove place-holders when it is single domain 
This patch changes the behavior of LDAPCmp in a single domain
scenario. No place-holders will be applied during comparison
so replication will be fully tested and even the silightest
difference will pop up.

There is a second smaller fix when we compre hosts in different
domains. This fix disables ${SERVERNAME} paace-holder when there
are more then one serevr (domain controller) in the given domain.
 2010-08-20 13:52:08 +03:00
Andrew Tridgell
3d13c9e53a s4-pysamdb: fixed get_domain_sid() 
we need to actually return the SID!

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-20 20:34:11 +10:00
Matthieu Patou
4fec72db1c s4 provision: POLICY_ACL is already an FS acl no need to translate it 2010-08-19 15:59:06 +04:00
Matthieu Patou
6e7d684462 s4 provision: Add some documentation to GPO related functions 2010-08-19 15:59:05 +04:00
Matthieu Patou
ed51bf5f68 s4 upgradeprovision: exit with a non null return code so that it can be trapped in blackbox tests 2010-08-19 15:59:05 +04:00
Matthieu Patou
a5653bcf83 s4 upgradeprovision: add more attrbutes the ignore list 
Also format in a pretty way the int64 ranges
 2010-08-19 15:59:05 +04:00
Matthieu Patou
e378d7fd89 s4 upgradeprovision: Deal with bootstrap indexing attribute to avoid useless reindexing 2010-08-19 15:59:05 +04:00
Matthieu Patou
d79a5cc358 s4 upgradeprovision: Add a function for schema reloading 
Full schema reloading is needed when we modify exisiting elements that
have attributes that comes from not from the default schema (ie.
openchange schema, user schema ..)
 2010-08-19 15:59:04 +04:00
Matthieu Patou
eaf1d050fe s4 upgradeprovision: upgrade_delta_samdb return a msg_diff of @ATTRIBUTES 
This is used by upgradeprovision to readd this delta just before loading
a merged schema
 2010-08-19 15:59:04 +04:00
Matthieu Patou
3e49b20cf0 s4 upgradeprovision: Fixes for increment_keyversion 
fix
 2010-08-19 15:59:04 +04:00
Matthieu Patou
503824b757 s4 upgradeprovision: fix a typo and pass correct parameter to increment_calculated_keyversion 2010-08-19 15:59:04 +04:00
Andrew Tridgell
82c171aa55 s4-net: use an encrypted ldap session when setting passwords 
this allows for "net setpassword -H ldap://server -Uusername%password USERNAME"
to set a password remotely on a windows DC

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
 2010-08-17 21:21:51 +10:00
Andrew Tridgell
ec3ed2898f s3-provision: cope with the policy directory already existing 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-08-17 08:44:28 +10:00
Matthieu Patou
7b41969603 s4 upgradeprovision, fix a typo preventing the ridset to be correctly identified 2010-08-10 00:57:20 +04:00
Matthieu Patou
5a8c77f97b s4: create a simple version of ktpass 
This script is intended to be a replacement for the ktutil of Windows.
It's use is for exporting keytab that will be used for kerberized
services.
 2010-07-17 17:56:16 +04:00
Andrew Tridgell
6b266b85cf s4-loadparm: 2nd half of lp_ to lpcfg_ conversion 
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-07-16 18:24:27 +10:00
Andrew Bartlett
299057d8d9 s4:provision Handle machine account password changes while keeping keytab 
The challenge here is to update the existing record if it already
exists, rather than deleting the old record.  This ensures that the
secrets.keytab handling code keeps the previous password in the
keytab.

Andrew Bartlett
 2010-07-15 22:08:22 +10:00
Matthieu Patou
36b5feceee s4 upgradeprovision: Adapt the list of attribute modified 
* isMemberOfPartialAttributeSet is now allowed to be deleted (on schema
 objects)
* attributeDisplayNames is now allowed to be added and modified (used on
  display specifiers)
* spnMapping is now allowed to be altered on Directory Service objects
* minPwdAge is now modified if the previous value was 0

We issue a clear information about the userControl attribute for
administrator to invite the user to modify himself the value.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-07-15 22:08:21 +10:00
Matthieu Patou
7478224189 s4 upgradeprovision: Synchronize the calculated keyversionnumber with the one previously stored 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-07-15 22:08:21 +10:00
Matthieu Patou
0a1b1121c4 s4 upgradeprovision: do not copy RID Set it's automaticaly created by the RID manager 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-07-15 22:08:21 +10:00
Matthieu Patou
2afc2f20b6 s4 upgradeprovision: add function to backup the provision before updating 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-07-15 22:08:21 +10:00
Matthieu Patou
6c51b3a432 s4 upgradeprovision: fix whitespaces 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-07-15 22:08:21 +10:00
Matthieu Patou
62a32975c8 s4: Add unit test for increment_calculated_keyversion_number 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-07-15 22:08:21 +10:00
Matthieu Patou
9323901644 s4 upgradeprovision: introduce a new function to update the field use for calculating msds-keyversionnumber 
This function change the version field of the unicodePwd in the
replPropertyMetaData so that the version is equal or
superior to the reference value passed.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-07-15 22:08:21 +10:00
Matthieu Patou
f97c90c9cd s4 python: Add functions to samdb to manipulate version of replPropertyMetaData attribute 
This change contains also helpers for attribute id to attribute oid
conversion and from attribute id to attribute name.
It brings also unit tests

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-07-15 22:08:20 +10:00
Matthieu Patou
6a0856da9c s4 dsdb: Use the changereplmetadata control 
This control allow to specify the replPropertyMetaData attribute to
be specified on modify request. It can be used for very specific needs
to tweak the content of the replication data.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-07-15 22:08:20 +10:00
Matthieu Patou
7ea70f86ac s4: Add a simple script to change dc password 
This script will mostly be used by unit test (blackbox type) to test the
change of the dc password

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-07-15 22:08:20 +10:00
Matthieu Patou
fd2eb0dfd0 s4 provision: move update_machine_account_password to helpers 
This is to allow reuse of this function and also unit tests

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-07-15 22:08:20 +10:00
Stefan Metzmacher
800c7af0c9 s4:provision: also use fixed GUID names of the default group policies for domain and domain controllers in tests 
metze
 2010-07-10 11:18:19 +02:00
Matthieu Patou
f16007430a s4 provision: use correct GUID for default policies 
The value of GUID for policy is not random for default policies, it is
described here ("How Core Group Policy Works"):
http://technet.microsoft.com/en-us/library/cc784268%28WS.10%29.aspx
at paragraph System\Policies Container.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2010-07-10 11:18:18 +02:00
Matthieu Patou
cad04dabbb s4 net: Add spn module to list/add/remove spn on objects 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2010-07-10 11:18:17 +02:00
Matthias Dieter Wallnöfer
32a2bbb44b s4:samdb.py - "setpassword" - performs password sets using the "unicodePwd" attribute 
This does work per default on each AD-compatible DC. "userPassword" support on
Windows however has to be activated explicitly by the "dSHeuristics".
 2010-07-08 19:28:43 +02:00
Matthieu Patou
61be498adb s4 upgradeprovision: For SID > 1000 do not copy them, let the system regenerated a new one 
This should avoid colliion with newly added objects that use the same
SID as existing users in the upgraded provision.

Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
 2010-07-08 19:28:42 +02:00
Zahari Zahariev
4a0edb597c DNS objects should not be ignored 
Recently I have found that after vampireing from a clean Windows
server we have the same DNS objects in the ldb. So ldapcmp has to
no longer ignore them.

Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
 2010-07-05 18:54:15 +03:00
Matthias Dieter Wallnöfer
c0ee606474 s4:pwsettings net utility - change also here the "minPwdAge" to be the real default 
Which is one day.
 2010-07-03 11:38:54 +02:00
Andrew Bartlett
94637e5fe4 s4:provision Add an msDS-SupportedEncryptionTypes entry to our DC 
This ensures that our DC will use all the available encyption types.

(The KDC reads this entry to determine what the server supports)

Andrew Bartlett
 2010-06-29 16:59:22 +10:00
Endi S. Dewata
7cb98a0cdc s4/spnupdate: Fixed spnupdate to use secrets credentials when accessing SamDB. 
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
 2010-06-28 19:33:47 +02:00
Matthias Dieter Wallnöfer
c7b52b233e s4:provision.py - fix comment regarding DNS entries 
I think this should mean partially Samba4 specified (all beside the "dns"
account is standard)
 2010-06-26 11:11:46 +02:00
Stefan Metzmacher
6ab234cec9 s4:provision: move Samba4 specific DNS stuff to its own file 
metze
 2010-06-26 09:50:56 +02:00
Stefan Metzmacher
c6b21931c6 s4:provision: add --next-rid option 
Make it possible to provision a domain with a given next rid counter.
This will be useful for upgrades, where we want to import users
with already given SIDs.

metze
 2010-06-26 09:50:55 +02:00
Stefan Metzmacher
712a149802 s4:provision: don't use hardcoded values for 'nextRid' and 'rIDAvailablePool' 
On Windows dcpromo imports nextRid from the local SAM,
which means it's not hardcoded to 1000.

The initlal rIDAvailablePool starts at nextRid + 100.

I also found that the RID Set of the local dc
should be created via provision and not at runtime,
when the first rid is needed.
(Tested with dcpromo on w2k8r2, while disabling the DNS
 check box).

After provision we should have this (assuming nextRid=1000):

rIDAllocationPool: 1100-1599
rIDPrevAllocationPool: 1100-1599
rIDUsedPool: 0
rIDNextRID: 1100

rIDAvailablePool: 1600-1073741823

Because provision sets rIDNextRid=1100, the first created account
(typically DNS related accounts) will get 1101 as rid!

metze
 2010-06-26 09:50:54 +02:00
Stefan Metzmacher
89f94a43d8 s4:provision: pass relax control also to modify_ldif 
metze
 2010-06-26 09:50:54 +02:00
Matthieu Patou
5c98ccd706 s4 python: Add unit tests related to PyLong/PyInt handling 
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-06-25 11:33:33 +02:00
Michael Wood
92cfc63287 s4 upgradeprovision: Try to support older Pythons. 
Use "...".split(sep, 1) instead of "...".partition(sep).

Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
 2010-06-25 08:46:13 +02:00
Andrew Tridgell
4cb423f527 s4-python: python is not always in /usr/bin 
Using "#!/usr/bin/env python" is more portable. It still isn't ideal
though, as we should really use the python path found at configure
time. We do that in many places already, but some don't.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
 2010-06-24 18:46:57 +10:00
Matthias Dieter Wallnöfer
560620a53d s4:upgradeprovision - fix include order for "ldb" 
Patch originally posted on the list by Matthieu Patou.
 2010-06-24 10:04:52 +02:00
Lukasz Zalewski
740c97b513 Fix to undo nasty hack for for grouptype conversion 
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-06-23 14:49:02 +02:00
Andrew Bartlett
86ed5eb892 s4:net Remove warnings for 2000 native mode and Samba4. 
We now support 2000 native mode, and so we just need to warn about mixed mode.

Andrew Bartlett
 2010-06-23 20:10:07 +10:00
Andrew Bartlett
d0f52ddac2 s4:provision Raise default max functional level to 2008R2 
We don't support many of the extra features, but that applies across many
other parts of AD.  Allow the admin to join a 2008R2 domain if he or she wants.

This also makes it possible to test 2008R2 domain code in 'make test'

Andrew Bartlett
 2010-06-23 20:10:06 +10:00
Andrew Bartlett
b26125b7d3 s4:provision Remove am_rodc from Schema 
The SamDB created in the schema code isn't real enough to care if it's an
rodc or not.
 2010-06-23 20:10:05 +10:00
Andrew Bartlett
c4482bf53e libds:common Remove DS_DC_* domain functionality flags 
These are just a subset of the DS_DOMAIN_ functionality flags, are compared and often confused with each other.  Just make them one set.

Andrew Bartlett
 2010-06-23 20:10:03 +10:00
Kamen Mazdrashki
acebfcb938 s4/test: fix DC password in selftest-vars.sh 2010-06-22 04:50:19 +03:00
Matthieu Patou
32f82fbec0 s4 upgradeprovision: fix the logging stuff so that it actually log 
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-06-21 23:11:50 +02:00
Matthias Dieter Wallnöfer
e062e7300b s4:python LDB __init__.py - remove completely unused "erase_partitions" call 
Seems to be a relict from the past.
 2010-06-20 18:52:28 +02:00
Jelmer Vernooij
0714e23971 provision: Look for Samba prefix a bit harder. 2010-06-20 17:46:39 +02:00
Jelmer Vernooij
9e02764f7c pydsdb: Mark all SamDB and Schema methods that are in pydsdb as 
private, to discourage them being called directly.
 2010-06-20 15:22:49 +02:00
Jelmer Vernooij
7b32f65600 testparm: Check netbios name and workgroup characters and length. 2010-06-20 15:04:42 +02:00
Jelmer Vernooij
5f3d5a3ad8 provision: Properly cancel transactions on the secrets ldb. 2010-06-20 14:24:54 +02:00
Jelmer Vernooij
237ab66f6c selftest: Use scripted testparm. 2010-06-20 14:14:47 +02:00
Jelmer Vernooij
08a3e8b9f4 testparm: Simplify default option handling. 2010-06-20 13:51:39 +02:00
Jelmer Vernooij
f0ab4503d6 testparm: Fix suppress prompt option. 2010-06-20 13:47:36 +02:00
Jelmer Vernooij
c0e9a41f67 testparm: Fix exit value, install. 2010-06-20 13:41:38 +02:00
Jelmer Vernooij
74c66c9a3f s4-python: Implement LoadParm.dump(). 2010-06-20 13:29:35 +02:00
Jelmer Vernooij
f051a8557f testparm: Split up functions that do multiple things. 2010-06-20 13:22:26 +02:00
Jelmer Vernooij
0a07b8ebfe testparm: Convert to Python. 2010-06-20 13:16:30 +02:00
Jelmer Vernooij
8f383fc5c8 s4-python: Remove more unused imports, fix use of sets in upgradehelpers. 2010-06-20 13:15:09 +02:00
Jelmer Vernooij
3795358aca Use standard Python syntax, booleans and set()'s where appropriate. 2010-06-20 12:06:50 +02:00
Jelmer Vernooij
66e27e5214 Remove unnecessary use of transactions. 2010-06-20 11:59:49 +02:00
Jelmer Vernooij
1f07f53827 ldb: Remove last import of dsdb. 2010-06-20 02:46:57 +02:00
Jelmer Vernooij
94e06fe203 Some more formatting fixes, move schema related functions from Ldb to Schema. 2010-06-20 02:46:57 +02:00
Jelmer Vernooij
d3d7ff66d4 Move convert_to_openldap onto Schema class. 2010-06-20 02:46:56 +02:00
Jelmer Vernooij
afad634207 Formatting cleanups; use True/False for booleans, unnecessary backslashes, spacing. 2010-06-20 01:57:11 +02:00
Jelmer Vernooij
a5e8ef884b Move a few more samdb-specific methods to SamDB, away from Ldb. 2010-06-20 01:37:06 +02:00
Jelmer Vernooij
1d86414eb0 samdb: Fix formatting, move get_oid_from_attid from Ldb to SamDB. 2010-06-20 01:30:51 +02:00
Jelmer Vernooij
b48182007c s4-python: Remove trivial function, replace by dictionary. 2010-06-20 01:30:51 +02:00
Lukasz Zalewski
214133fbec Modifications extending functionality of newuser cmd and new net group set of commands for group related operations on ldb 
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-06-20 01:29:03 +02:00
Lukasz Zalewski
c58c0c2129 Modifications extending functionality of newuser cmd and new net group set of commands for group related operations on ldb 
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-06-20 01:29:03 +02:00
Matthieu Patou
38a26f79ea s4 upgradeprovision: Make grouped commit / rollback more resistant to unexpected problems 
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-06-20 00:43:09 +02:00
Matthieu Patou
c4f7b0e5f6 s4 upgradeprovision: Check that the policy for DC is present if not warn the user 
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-06-20 00:43:09 +02:00
Matthieu Patou
aea0003d08 s4 upgradeprovision: Emit message instead of crashing when not able to set acl 
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-06-20 00:43:09 +02:00
Matthieu Patou
17af115de5 s4 upgradeprovision: add an option to force the rebuilding of FS ACLs on sysvols share 
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-06-20 00:43:09 +02:00
Matthieu Patou
59f17f9e64 s4 unittests: add unit tests for upgradehelpers 
The functions tested are:
* construct_existor_expr
* search_constructed_attrs_stored

Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-06-20 00:43:09 +02:00
Matthieu Patou
75389cecdd s4 upgradeprovision: Add function for searching stored constructed attributes 
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-06-20 00:43:08 +02:00
Matthieu Patou
9c5f0ed729 s4 upgradeprovision: additional restyling 
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-06-20 00:43:08 +02:00
Matthieu Patou
423f99172e s4 upgradeprovision: Restyle imports 
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-06-20 00:43:08 +02:00
Matthieu Patou
fbeacc1013 s4 upgradeprovision: Move functions to helpers and improve code 
Among code improvement the most significant part is that we now
compare DN object instead of their string representation. It allow
 to better react to case an white space difference.
Some new move objects have been added (ie. System into well known
security principals).

This will allow more unittesting

Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-06-20 00:43:08 +02:00
Matthieu Patou
8ff65b0136 s4 python: Update unit tests related to create secrets 
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-06-20 00:43:08 +02:00
Matthieu Patou
9c808c47fc s4: Add comments about setup_secrets 
Comments are to inform people that this function should not handle
transaction within the function as it is mainly used in provision and
that we want to commit secrets only if all the action on secrets have
worked.

Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-06-20 00:43:08 +02:00
Matthieu Patou
84342b1c7f s4 upgradeprovision: Add documentation on the update process 
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-06-20 00:43:08 +02:00
Matthieu Patou
a466e0d61a s4 python: Add unit tests for upgradeprovision related stuff 
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-06-20 00:43:08 +02:00
Matthieu Patou
ad55248958 s4 upgradeprovision: move some functions to upgradehelpers for unit tests 
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-06-20 00:43:08 +02:00
Matthieu Patou
0537de17c1 s4 upgradeprovision: Fix style 
reformat *_update_samdb functions
  fix_partition_sd
  rebuild_sd
  update_samdb
  update_privilege
  update_machine_account_password
  update_gpo

Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-06-20 00:43:08 +02:00
Matthieu Patou
b624440a0f s4 upgradeprovision: Use replPropertyMetaData for better guess 
Rework upgradeprovision in order to get more precise updates when doing upgrade provision.
This is done through the use of replPropertyMetaData information and raw information revealed by the
"reveal" control.
The code has been changed also to avoid double free error when changing the schema (for old provision).
Checking of SD is done a bit more cleverly as we compare the different parts for an ACL separately.
Fix logic when upgrading provision without replPropertyMetaData infos
Also for old provision (pre alpha9) do not copy the usn range because data here will be wrong

Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-06-20 00:43:08 +02:00
Matthieu Patou
dd963ddb4e s4 upgradeprovision: Reformat attributes lists and reformat parser 
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-06-20 00:43:08 +02:00
Matthieu Patou
60400a7803 s4 upgradeprovision: Inform about new dns dynamic update if the provision didn't have it 
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-06-20 00:43:07 +02:00
Matthieu Patou
26ccc3f440 s4 upgradeprovision: fix style 
add_deletedobj_containers
  add missing objects
  clean add-mising
  handle special add + dump denied

Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-06-20 00:43:07 +02:00
Matthieu Patou
0ff46ec557 s4 upgrade provision: Refactor code to do all the modification within 1 transaction 
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-06-20 00:43:07 +02:00
Matthieu Patou
ec90b1b40e s4 upgrade provision: Fix style in gen_dn_index 
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-06-20 00:43:07 +02:00
Matthieu Patou
50072e27fe s4 Add functions related to ldb manipulation when doing upgrade 
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-06-20 00:43:07 +02:00
Matthieu Patou
e2df3c2510 s4 provision: Add information about provisioned usn range in sam.ldb 
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
 2010-06-20 00:43:07 +02:00
Jelmer Vernooij
c92db7b6dc python: Use samba.tests.TestCase, make sure base class tearDown and 
setUp methods are called, fix formatting.
 2010-06-19 22:46:45 +02:00
Jelmer Vernooij
50429fb750 samba.tests.samba3: Clean up imports, use new TestCase class. 2010-06-19 22:46:44 +02:00
Jelmer Vernooij
f57b26b6f4 ntacls: Raise TestSkipped rather than writing to stdout. 2010-06-19 22:46:44 +02:00
Jelmer Vernooij
026a4d85a1 samba.tests: Provide TestCase and TestSkipped classes (from testtools) for convenience. 2010-06-19 22:46:44 +02:00
Jelmer Vernooij
c2cb0a710b python: Remove unnecessary Ldb.set_invocation_id - use SamDB.set_invocation_id instead. 2010-06-19 22:46:44 +02:00
Jelmer Vernooij
827ce7b0a3 pyglue: Trim dependencies. 2010-06-19 22:46:44 +02:00
Jelmer Vernooij
27d82685da pyglue: Remove unused code. 2010-06-19 22:46:44 +02:00
Jelmer Vernooij
74309eb29c pydsdb: Move write_prefixes_from_schema_to_ldb to pydsdb from pyglue. 2010-06-19 22:46:43 +02:00
Jelmer Vernooij
a4f60ffe4b pydsdb: Move dsdb_set_schema_from_ldb to pydsdb. 2010-06-19 22:46:43 +02:00
Jelmer Vernooij
05b108a06b pydsdb: Move set_schema_from_ldif function to pydsdb from pyglue. 2010-06-19 22:46:43 +02:00
Stefan Metzmacher
cadca1f6ba s4:provision: don't use hardcoded 'Default-First-Site-Name' 
metze

Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
 2010-06-19 21:32:43 +02:00
Matthias Dieter Wallnöfer
bce8017ca9 s4:python/samba/__init__.py - now specify the "relax" control for the delete operation before the provision 2010-06-19 17:53:22 +02:00
Jelmer Vernooij
f36a9afc2f s4-python: Use sys.prefix rather than guessing prefix from current 
file path.
 2010-06-19 13:41:48 +02:00
Jelmer Vernooij
bf8045037d waf: Add missing dependency (so header paths are inherited) on talloc to internal python lib. 2010-06-19 02:26:13 +02:00
Jelmer Vernooij
4c22434b3b s4: Don't build a $prefix/lib/libpython.so, as such a library often already exists :-) 2010-06-18 23:51:40 +02:00
Jelmer Vernooij
b391b7d072 s4-waf: Don't include pytalloc when embedding python. 2010-06-18 23:51:40 +02:00
Jelmer Vernooij
ebd0bca555 s4: Build more python convenience files as subsystems rather than as python modules. 2010-06-18 23:51:40 +02:00
Matthias Dieter Wallnöfer
5779c21e41 s4:provision.py - we do now support the "Windows 2000 Native" domain function level 2010-06-16 15:34:41 +02:00
Jelmer Vernooij
8c88c9c500 Attempt to fix SamDB test infrastructure (not used in Samba anywhere, only in OpenChange). 2010-06-15 17:21:39 +02:00
Andrew Bartlett
7c60ac97bf s4:provision Allow a specific prefix map to be loaded into a new schema provision 
This allows the prefixMap from a DRS server to be used when loading
the schema from the local files.  This helps us then import other
schema with this map in place.

Andrew Bartlett

Signed-off-by: Kamen Mazdrashki <kamenim@samba.org>
 2010-06-15 10:51:34 +10:00