summaryrefslogtreecommitdiffstats
path: root/source4
Commit message (Collapse)AuthorAgeFilesLines
...
* selftest: Fix comment in blackbox_s3upgrade.shAndrew Bartlett2012-08-281-1/+1
|
* s4-classicupgrade: Do the setting of the sysvol ACLs last, after idmap is ↵Andrew Bartlett2012-08-282-7/+14
| | | | | | | | | | | configured This will allow files to be correctly owned by the idmap that is imported. This appears to fix an issue that came up after s3fs-compatible ACLs were merged into provision. Andrew Bartlett
* s3-passdb: Allow reload of the static passdb from pythonAndrew Bartlett2012-08-281-0/+2
| | | | | | This is then used in provision when the passdb backend is forced. Andrew Bartlett
* selftest: Add test of smbclient --machine-pass against and using both s3 and s4Andrew Bartlett2012-08-282-0/+37
| | | | | | This uses both smbclient binaries to ensure that both work in both environments. Andrew Bartlett
* s4-dsdb: Remove double-free in update_keytab moduleAndrew Bartlett2012-08-281-2/+0
|
* s4-dsdb: Add secrets_tdb_sync - an ldb module to keep secrets.tdb in syncAndrew Bartlett2012-08-286-2/+543
| | | | | | | | | | | secrets_tdb_sync is a new ldb module designed to sync secrets.ldb entries with the secrets.tdb file. While not ideal to keep two copies of this data, this routine will assist in allowing the samba-tool domain join code to operate correctly in most cases where winbindd and smbd are used. Andrew Bartlett
* lib/krb5_wrap: Move enctype conversion functions into a simple helper fileAndrew Bartlett2012-08-281-45/+0
|
* s4-classicupgrade: Read WINS DB before the provisionAndrew Bartlett2012-08-281-6/+7
|
* s4-classicupgrade: Do all the queries of data before the provision()Andrew Bartlett2012-08-281-35/+35
| | | | | | This allows provision to change the s3 smb.conf settings if required. Andrew Bartlett
* s4-classicupgrade: Use s3param.get_context() instead of result.lpAndrew Bartlett2012-08-281-1/+1
| | | | | | | We should not need the guessed values here, but by changing to using the s3 loadparm context we can move this block to before the provision. Andrew Bartlett
* lib/krb5_wrap: Move kerberos_enctype_to_bitmap() into krb5_wrapAndrew Bartlett2012-08-281-20/+0
|
* lib/krb5_wrap: Bring list of all enc types into krb5_wrapAndrew Bartlett2012-08-281-10/+1
|
* s4-libnet: Ensure termination of enctype array in libnet_export_keytab()Andrew Bartlett2012-08-281-1/+2
|
* s4-torture: Test for #9058Volker Lendecke2012-08-271-0/+72
| | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Aug 27 17:43:09 CEST 2012 on sn-devel-104
* s4:winbind: let wb_update_rodc_dns_send/recv use netlogon_queue (bug #9097)Stefan Metzmacher2012-08-251-3/+30
| | | | | | | metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sat Aug 25 05:06:18 CEST 2012 on sn-devel-104
* s4:winbind: let wb_sam_logon_send/recv() use the netlogon_queue (bug #9097)Stefan Metzmacher2012-08-251-3/+30
| | | | metze
* s4:winbind: add a netlogon_queue (tevent_queue)Stefan Metzmacher2012-08-252-0/+12
| | | | | | This will protect the netlogon_creds later. metze
* s4:winbind: convert wb_update_rodc_dns_send/recv to tevent_reqStefan Metzmacher2012-08-252-78/+122
| | | | metze
* s4:winbind: convert wb_sam_logon_send/recv to tevent_reqStefan Metzmacher2012-08-253-93/+140
| | | | metze
* s4:winbind: convert wb_sid2domain to tevent_req internallyStefan Metzmacher2012-08-251-74/+174
| | | | | | | The public wrapper still uses composite_context, because I don't have time to fix all the callers... metze
* s4:librpc/rpc: don't do async requests if gensec doesn't support async ↵Stefan Metzmacher2012-08-251-0/+32
| | | | | | replies (bug #9097) metze
* s4:librpc/rpc: also call dcerpc_schedule_io_trigger() after bind and ↵Stefan Metzmacher2012-08-251-0/+7
| | | | | | alter_context responses metze
* s4:librpc/rpc: use dcerpc_req_dequeue() in dcerpc_request_recv_data()Stefan Metzmacher2012-08-251-1/+1
| | | | metze
* s4:librpc/rpc: use talloc_zero for 'struct rpc_request'Stefan Metzmacher2012-08-251-11/+1
| | | | metze
* s4-selftest: Add test for samba-tool ntacl sysvolcheckAndrew Bartlett2012-08-231-0/+26
|
* s4-samba-tool: Add samba-tool ntacl sysvolcheck commandAndrew Bartlett2012-08-232-1/+143
| | | | | | | | | This command verifies that the current on-disk ACLs match the directory and the defaults from provision. Unlike sysvolreset, this does not change any of the permissions. Andrew Bartlett
* s3-smbd: Add security_info_wanted argument to get_nt_acl_no_snumAndrew Bartlett2012-08-231-1/+1
| | | | | | | I need to get at the owner, group, DACL and SACL when testing correct ACL storage. Andrew Bartlett
* s4-selftest: Add testing of samba-tool ntacl sysvolresetAndrew Bartlett2012-08-232-0/+45
|
* param: Add startup checks for valid server role/binary combinationsAndrew Bartlett2012-08-231-0/+11
| | | | | | | This should eliminate confusion from our users about what they can expect to successfully run. Andrew Bartlett
* s4-provision: Fix internal documentationAndrew Bartlett2012-08-231-0/+1
|
* s3-pysmbd: Allow a mode to be specified for the simple ACLAndrew Bartlett2012-08-231-1/+1
| | | | | | The additional group for the ACL is now optional. Andrew Bartlett
* s4-samba-tool: Add 'samba-tool ntacl sysvolreset' toolAndrew Bartlett2012-08-231-1/+73
| | | | | | | This will reset the NT ACL on the sysvol share to the default from provision, with GPO objects matching the LDAP ACL (as required). Andrew Bartlett
* selftest: Add a test of the NT ACL -> posix ACL mapping layer to selftestAndrew Bartlett2012-08-231-0/+1
|
* selftest: Cope with the multiple possible representations of -1 in posixacl.pyAndrew Bartlett2012-08-231-28/+29
|
* selftest: Extend posixacl test to check the actual ACLAndrew Bartlett2012-08-231-2/+274
| | | | | | | | | | | | | | | | | | | | Needing to be able to write this test is the primary reason I have been reworking the VFS and posix ACL layer over the past few weeks. By exposing the POSIX ACL as a IDL object we can eaisly manipulate it in python, and then verify that the ACL was handled correctly. This ensures the when we write an ACL in provision, that it will indeed allow that access at the FS layer. We need to extend this beyond just the critical two ACLs set during provision, to also include some special (hard) cases involving the merging of ACE entries, as this is the most delicate part of the ACL transfomation. A similar test should also be written to read the posix ACL and the mapped NT ACL on a file that has never had an NT ACL set. Andrew Bartlett
* selftest: Add a test of the NT ACL -> posix ACL mapping layerAndrew Bartlett2012-08-231-0/+131
| | | | | | | This is the start of what will be a series of tests confirming exactly how some NT ACLs are mapped to posix ACLs. Andrew Bartlett
* s4-scripting: Redefine getntacl() as accessing via the smbd VFS or directlyAndrew Bartlett2012-08-232-6/+11
| | | | | | | This allows us to write tests that compare the smbd vfs with what is in the DB or xattr. Andrew Bartlett
* s4-provision: set POSIX ACLs to for use with the smbd file server (s3fs)Andrew Bartlett2012-08-232-52/+92
| | | | | | | | This handles the fact that smbd will rarely override the POSIX ACL enforced by the kernel. This has caused issues with the creation of group policies by other members of the Domain Admins group. Andrew Bartlett
* s4-dsdb: Remove unused variablesAndrew Bartlett2012-08-231-5/+0
|
* s4-dsdb: Do not use a possibly-old loadparm context in schema reloadAndrew Bartlett2012-08-233-19/+18
| | | | | | | | The loadparm context on the schema DB might have gone away already. Pre-cache the schema refresh interval at load time to avoid worrying about this. Andrew Bartlett
* s4-upgradeprovision: Use ntvfs in reference provisionAndrew Bartlett2012-08-231-1/+1
| | | | | | | We do not need filesystem ACLs set when creating the reference provision, so it is easier to use the NTVFS backend as it does not cause trouble with make test. Andrew Bartlett
* selftest: Specify --use-ntvfs when testing the group codeAndrew Bartlett2012-08-231-1/+1
| | | | | | We do not need to set filesystem ACLs in this case. Andrew Bartlett
* selftest: Specify --use-ntvfs when testing the newuser codeAndrew Bartlett2012-08-231-1/+1
| | | | | | We do not need to set filesystem ACLs in this case. Andrew Bartlett
* selftest: Specify --use-ntvfs when testing the LDAP backend init codeAndrew Bartlett2012-08-231-5/+5
| | | | | | We do not need to set filesystem ACLs in this case. Andrew Bartlett
* s4-python: Complete python bindings for idmap.idlAndrew Bartlett2012-08-221-0/+6
| | | | | Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Aug 22 03:08:51 CEST 2012 on sn-devel-104
* s4-python: complete python bindigns for smb_acls.idlAndrew Bartlett2012-08-221-0/+6
|
* selftest: Specify --use-ntvfs to provision in test scriptsAndrew Bartlett2012-08-224-15/+15
| | | | | | | | Because these run as non-root, we need to avoid doing things that will fail during the provision. The main test of the s3fs provision is the plugin_s4_dc environment with a smb.conf that specifies vfs_fake_acls. Andrew Bartlett
* s4-classicupgrade: Add --use-ntvfs optionAndrew Bartlett2012-08-222-4/+8
| | | | | | | | This is an odd option, but is needed because I wish to add assertions about ACL setting that will not work in make test without the vfs_fake_acls module loaded. Andrew Bartlett
* s4-provision: pass use_ntvfs from C wrappers and set to true in tests/vampireAndrew Bartlett2012-08-225-3/+7
| | | | | | None of these cases need the complexity of the s3fs backend. Andrew Bartlett
* s4:samldb LDB module - remove unused "member" attribute from search filterMatthias Dieter Wallnöfer2012-08-221-1/+1
| | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org>
generated by cgit (git 2.34.1) at 2025-09-24 21:26:47 +0000