summaryrefslogtreecommitdiffstats
path: root/python
Commit message (Collapse)AuthorAgeFilesLines
* provision: Correctly provision the SOA record minimum TTLKai Blin2014-05-212-0/+2
| | | | | | | | | | This fixes bug #10466 Signed-off-by: Kai Blin <kai@samba.org> Reviewed-by: Guenter Kukkukk <kukks@samba.org> Autobuild-User(master): Kai Blin <kai@samba.org> Autobuild-Date(master): Wed May 21 10:55:00 CEST 2014 on sn-devel-104
* bug #10609: CVE-2014-0239 Don't reply to repliesKai Blin2014-05-201-0/+29
| | | | | | | | | | | | | | | | Due to insufficient input checking, the DNS server will reply to a packet that has the "reply" bit set. Over UDP, this allows to send a packet with a spoofed sender address and have two servers DOS each other with circular replies. This patch fixes bug #10609 and adds a test to make sure we don't regress. CVE-2014-2039 has been assigned to this issue. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10609 Signed-off-by: Kai Blin <kai@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Kai Blin <kai@samba.org> Autobuild-Date(master): Tue May 20 04:15:44 CEST 2014 on sn-devel-104
* docs: enable checking of parametric options assignmentGarming Sam2014-05-071-4/+2
| | | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: correctly use param_table.c as a regular C fileGarming Sam2014-05-071-1/+1
| | | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* docs: add test to docs.py to set parameters to some arbitrary valueGarming Sam2014-05-071-10/+93
| | | | | | | | This does not currently test enums. Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* docs: change docs.py to test the setting of parameters to defaultsGarming Sam2014-05-071-0/+39
| | | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* samba-tool ldapcmp: fix a typoBjörn Baumbach2014-05-031-2/+2
| | | | | | Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* dbcheck: Directly call dn.get_rdn_{val,name}() for clarity and consistencyAndrew Bartlett2014-05-021-18/+13
| | | | | | | | | | | | When looking for incorrect name values, this improves the previous code by avoiding one more manual parse step, and uses less cryptic variable names. Andrew Bartlett Change-Id: Iff8e571a6359a67bf173f729dc12b8787292b3cb Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
* dbchecker: verify and fix broken dn valuesStefan Metzmacher2014-05-021-0/+94
| | | | | | | | | | | | | | | | | | | | | | | | | With older Samba versions (4.0.x) the following could happen: - On account was created on DC1 - It was replicated to DC2 - The connection between the dcs is offline - The account gets modified on DC2 - The account gets deleted on DC1 - The connection becomes online again - DC1 replicates the modification from DC2, this resets the dn to the original value. 'name' and 'cn' are correct (with '\nDEL${GUID}'), but 'dn' is wrong. - DC2 replicates the deletion from DC1. this doesn't include a changed dn as DC1 had a bug. 'name' is correct (with '\nDEL${GUID}'), but 'cn' and 'dn' are wrong. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10536 Change-Id: Ia70a6c12e0ff0d4c2c8100cb1d8f3c6422b65591 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dbchecker: make the deleted objects container detection more genericStefan Metzmacher2014-05-021-2/+8
| | | | | | Change-Id: I282ad887c41412e25fdf73476e405f4e88e0b239 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:kcc_util: fix loading connection transport object - used to refer to not ↵Kamen Mazdrashki2014-04-221-0/+1
| | | | | | | | defined object Change-Id: If8dc8e8db85f1a882ec73dc83d28fa1b5156de84 Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
* s4:kcc_utils: Propagate 'samdb' into load_connection_transport() methodKamen Mazdrashki2014-04-221-2/+2
| | | | | | | | so it is actually able to make samdb.search-es Change-Id: I8491fd215710a53fbb41d607381f89afb5267464 Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
* s4:KCC: Use dsdb.DS_DOMAIN_FUNCTION_2008 constant for DS-Behavior comparisonsKamen Mazdrashki2014-04-221-1/+1
| | | | | | | | | DS_BEHAVIOR_WIN2008 was used so far which is a leftover from previous KCC implementation in "C" Change-Id: Id9b6551073c0b17cc27e086faa315b01305f39a5 Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
* samba-tool/upgrade: Fix exception thrown during upgrade from samba3Kamen Mazdrashki2014-04-221-1/+1
| | | | | | Change-Id: Ib486c0c7a68c53c61acdf270f966a43b1c61bace Signed-off-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
* dns.py: Use the python socket module.Andreas Schneider2014-04-171-1/+1
| | | | | | | We preload socket_wrapper, no need to use the special module. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* Typo: Commiting -> CommittingJelmer Vernooij2014-04-141-3/+3
| | | | | | | Signed-Off-By: Jelmer Vernooij <jelmer@samba.org> Change-Id: I9d71706ce6d6782da72a26fa37e33fe5b527788e Reviewed-on: https://gerrit.samba.org/217 Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool add password lockout handling to samba-tool domain passwordsettingsAndrew Bartlett2014-04-021-4/+73
| | | | | | Change-Id: I291924785b505b26b91152c0c13b4afd4de068a6 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* fix 2 typosGuenter Kukkukk2014-03-311-2/+2
| | | | | Signed-off-by: Guenter Kukkukk <linux@kukkukk.com> Reviewed-by: Jeremy Allison <jra@samba.org>
* samba-tool dbcheck: handle missing objectClassFelix Botner2014-03-271-0/+31
| | | | | | | | | | | | | | In several cases we have seen objects without the objectClass attribute. Here the suggestion for a patch to find such objects in "samba-tool dbcheck" with the option to delete them. (patch improved by Andrew Bartlett to suggest DRS re-replication) Signed-off-by: Felix Botner <botner@univention.de> Change-Id: I8eb0d191a2089271a9af5884d6bfbf173a5c85c6 Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dbcheck: Ensure dbcheck can operate with --attrs setAndrew Bartlett2014-03-211-1/+1
| | | | | | | This also includes a test to ensure we do not regress on this point. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* samba-tool: make provision check for bind versionGarming Sam2014-03-091-2/+28
| | | | | | | | | | | | (small corrections and TODO added following Jelmer's review by abartlet) Signed-off-by: Garming Sam <garming@catalyst.net.nz> Change-Id: Iba9a709641dad9f2ae05df0b26ac4cd2ebfc84f0 Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sun Mar 9 02:52:50 CET 2014 on sn-devel-104
* dns: Extend tests for records with another typeKai Blin2014-03-041-0/+14
| | | | | | | | | | Add another check to the one added for bug #10471, for added paranoia Signed-off-by: Kai Blin <kai@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Kai Blin <kai@samba.org> Autobuild-Date(master): Tue Mar 4 15:47:10 CET 2014 on sn-devel-104
* bug #10471: Don't respond with NXDOMAIN to records that exist with another typeKai Blin2014-03-041-0/+16
| | | | | | | | | | DNS queries for records with the wrong type need to trigger an empty response with RCODE_OK instead of returning NXDOMAIN. This adds a test and fixes bug #10471 Signed-off-by: Kai Blin <kai@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:samba-tool/testparm: add a warning when acting as an AD-DC and not using ↵Garming Sam2014-02-101-0/+8
| | | | | | | | | | | | UTF-8 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org> Autobuild-User(master): Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date(master): Mon Feb 10 02:26:28 CET 2014 on sn-devel-104
* provision: capture slightly less generic exceptions during the test for aclsGarming Sam2014-02-051-2/+2
| | | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
* provision: improve error message when connecting to samdb without the ↵Garming Sam2014-02-051-1/+7
| | | | | | | | | correct permissions Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
* provision: Fix failures on re-provision incorrectly blamed on posix acl support.Garming Sam2014-02-051-26/+25
| | | | | | | | By doing the test later, there is an actual sam.ldb file that can be connected to. Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
* selftest: updated docs.py scriptGarming Sam2014-01-311-37/+118
| | | | | | | | | | | | | | | The script now checks the parameter defaults against the documentation by using the output of testparm and samba-tool testparm. It now also uses the ElementTree xml library. Change-Id: I2657c8c56a8c8383735e659dc9f636b4c5ab460b Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Fri Jan 31 23:22:09 CET 2014 on sn-devel-104
* s4-testparm: modify dumping of parameters to use the lib/param code to have ↵Garming Sam2014-01-281-1/+1
| | | | | | | | | | | more consistent output In making this change, it also fixes a bug where attempting to dump a parameter would immediately cause an error (due to a lack of string conversion). Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
* samba-tool classicupgrade: Remove unsued upgrade_smbconfAndrew Bartlett2014-01-231-117/+0
| | | | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-By: Jelmer Vernooij <jelmer@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Jan 23 23:51:56 CET 2014 on sn-devel-104
* samba-tool classicupgrade: Remove unsued reference to samba3samAndrew Bartlett2014-01-231-16/+0
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
* samba:python - Py_RETURN_NONE remove compatibility code for releases < 2.4Matthias Dieter Wallnöfer2014-01-091-4/+0
| | | | | | | | | http://www.python.org/doc//current/c-api/none.html Reviewed-By: Jelmer Vernooij <jelmer@samba.org> Autobuild-User(master): Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date(master): Thu Jan 9 16:27:47 CET 2014 on sn-devel-104
* netcmd/dns: Catch wildcard patterns when querying for nameAmitay Isaacs2013-11-301-0/+3
| | | | | | | | DNS query should either be '@' to represent entire zone or a fixed string and not wildcard search pattern. Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Kai Blin <kai@samba.org>
* provision: Fix string replacement orderingBenjamin Franzke2013-11-111-1/+1
| | | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* CVE-2013-4476: samba-tool provision: create ${private_dir}/tls with mode 0700Björn Baumbach2013-11-111-1/+1
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234 Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-dns: dlz_bind9: Create dns-HOSTNAME account disabledSamuel Cabrero2013-10-251-4/+7
| | | | | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Oct 25 00:39:21 CEST 2013 on sn-devel-104
* s4-openldap: Fixed a problem with provisioning with OpenLdapNadezhda Ivanova2013-10-251-1/+1
| | | | | | | | | Credentials are no longer used and there were too many arguments to the constructor Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Fix comment showing how to print an ACL to allow debug.Jeremy Allison2013-10-241-2/+4
| | | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* Fix bug 10196 - RW Deny for a specific user is not overriding RW Allow for a ↵Jeremy Allison2013-10-241-44/+116
| | | | | | | | | | group. Fix posix_acl tests to match the change in writing ACLs with ID_TYPE_BOTH. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* s4-samldb: Do not allow deletion of objects with RID < 1000Nadezhda Ivanova2013-10-141-6/+6
| | | | | | | | | | | | According to [MS-SAMR] 3.1.5.7 Delete Pattern we should not allow deletion of security objects with RID < 1000. This patch will prevent deletion of well-known accounts and groups. Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Mon Oct 14 13:31:50 CEST 2013 on sn-devel-104
* samba-tool domain join subdomain: Rework sambadns.py to allow setup of ↵Andrew Bartlett2013-10-117-44/+80
| | | | | | | | | | | | | | DomainDNSZone only This skips handling the ForestDNSZone when we are setting up a subdomain. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Oct 11 10:27:49 CEST 2013 on sn-devel-104
* join.py: Reconnect to the DC based on the DC name in dnsHostName to allow ↵Andrew Bartlett2013-10-111-0/+4
| | | | | | | | | | | connection to IPC$ The treeConnect&X of the GUID name fails against Windows 2003. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* join.py: Remove special full_ncs handling, we only need to updateRefs on an ↵Andrew Bartlett2013-10-111-7/+2
| | | | | | | NC we replicate Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* join.py: Use ctx.forestdns_zone variableAndrew Bartlett2013-10-111-2/+2
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* join.py: Correct ctx.forestdns_zone and so remove the need for duplicate ↵Andrew Bartlett2013-10-111-5/+1
| | | | | | | repl.replicate() call Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* provision: Remove --username and --password options from samba-tool domain ↵Andrew Bartlett2013-10-116-57/+26
| | | | | | | | | | | | | | | provision This avoids confusion, because the LDAP backend does not use these, and they do not set the password for the administrator account either! This may break support for the 'existing' backend LDAP backend, but that is nothing more than a stub for future development anyway, and new work in this area should use EXTERNAL in any case. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* provision/sambadns: CN=MicrosoftDNS,CN=System, is relative to DOMAINDNStefan Metzmacher2013-10-101-8/+8
| | | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Oct 10 10:24:55 CEST 2013 on sn-devel-104
* provision: Fix comment to refer to correct file (krb5.conf)Andrew Bartlett2013-10-101-3/+2
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-openldap: Restored openldap-related options to the provision scriptNadezhda Ivanova2013-09-263-12/+48
| | | | | | | | | | | At the moment they are only available if TEST_LDAP=yes to avoid accidental use as the openldap backend is still failing some tests Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Thu Sep 26 07:31:05 CEST 2013 on sn-devel-104
* dbcheck: Add back the elements that were wrongly removed from CN=Deleted ObjectsAndrew Bartlett2013-09-241-0/+66
| | | | | | | | | | | | | | This is the final part of the fix for the issue in Samba 4.1 pre-release tree where we would wrongly delete the Deleted Objects container during a join. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Tue Sep 24 09:31:37 CEST 2013 on sn-devel-104
generated by cgit (git 2.34.1) at 2024-11-12 11:31:12 +0000