summaryrefslogtreecommitdiffstats
path: root/source4/scripting
Commit message (Collapse)AuthorAgeFilesLines
...
* provision: setup names.name_map['DnsAdmins']Stefan Metzmacher2013-01-271-0/+5
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* provision: introduce names.name_map = {}Stefan Metzmacher2013-01-271-0/+1
| | | | | | | | This will be used to translated names in SDDL values, which are not wellknown, e.g. 'DnsAdmins'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* provision: add get_dns_{forest,domain}_microsoft_dns_descriptor()Stefan Metzmacher2013-01-272-0/+16
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* provision: add get_config_ntds_quotas_descriptor()Stefan Metzmacher2013-01-272-0/+8
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* provision: add get_{config,domain}_delete_protected*_descriptor()Stefan Metzmacher2013-01-272-0/+40
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* schema.py: add optional name_map={} to get_schema_descriptor()Stefan Metzmacher2013-01-271-1/+1
| | | | | | | | This is not used, but makes the prototype compatible with the other get_*_descriptor() functions. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* provision: add optional name_map={} argument to get_*_descriptor()Stefan Metzmacher2013-01-271-32/+30
| | | | | | | | This will allow subsitute non-wellkown names in the SDDL, e.g. 'DnsAdmins'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* provision: import/export get_dns_partition_descriptor()Stefan Metzmacher2013-01-271-1/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* provision: setup names.dns{forest,domain}dnStefan Metzmacher2013-01-271-1/+22
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba_upgradeprovision: fix resetting of 'nTSecurityDescriptor' on schema ↵Stefan Metzmacher2013-01-271-1/+1
| | | | | | | | | | objects Without this schema_data_modify() will reject updates to schema objects by default. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba_upgradeprovision: don't reset 'whenCreated' when resetting ↵Stefan Metzmacher2013-01-271-2/+0
| | | | | | | 'nTSecurityDescriptor' Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dbckecker: fix nTSecurityDescriptor values from before 4.0.0rc6 (bug #9481)Stefan Metzmacher2013-01-271-2/+181
| | | | | | | | | They inherited effective ACE for the wrong object classes. For SACL ACEs the problem was also present in 4.0.0. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* devel-script: add options for RODC and partial replica for replicate flagsMatthieu Patou2013-01-221-1/+21
| | | | | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Jan 22 00:12:17 CET 2013 on sn-devel-104
* devel-scripts: ask with WRIT_REP by defaultMatthieu Patou2013-01-211-0/+1
| | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* devel-getncchange: try to find the dest_dsa automaticallyMatthieu Patou2013-01-211-3/+19
| | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dbcheck: look in hasMasterNCs as well for determining the instance type of a NCMatthieu Patou2013-01-211-2/+10
| | | | | | Forest of level 2000 don't hve the msDS-hasMasterNCs parameter Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* scripting/samba_upgradedns: Only look for IPv4/IPv6 addresses if we actually ↵Andrew Bartlett2013-01-101-21/+22
| | | | | | | | | | | | | | them This allows the script to be used to create/remove the samba-specific dns-SERVER account when we do not need to create the in-directory partition. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Jan 10 20:56:50 CET 2013 on sn-devel-104
* samba-tool classicupgrade: Do not print the admin password during upgradeAndrew Bartlett2013-01-101-1/+10
| | | | | | | | | | | | This changes the code to only set and show a new password if no admin user is found during the upgrade. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Jan 10 16:55:23 CET 2013 on sn-devel-104
* s4-dbcheck: Allow forcing an override of an old @MODULES recordAndrew Bartlett2013-01-102-4/+29
| | | | Reviewed-by: Stefan Metzmacher <metze@samba.org>
* samba_dnsupdate: set KRB5_CONFIG for nsupdate commandBjörn Baumbach2013-01-091-4/+5
| | | | | | | | | Let nslookup use krb5.conf, which is set in our KRB5_CONFIG. Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool Add --service argument to samba-tool ntacl get/setAndrew Bartlett2013-01-081-6/+10
| | | | | | | | | | | This also ensures a VFS connect is done to the correct service. Andrew Bartlett Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Jan 8 03:39:21 CET 2013 on sn-devel-104
* pysmbd: Change to keyword based argumentsAndrew Bartlett2013-01-071-4/+4
| | | | Reviewed-by: Jeremy Allison <jra@samba.org>
* scripting-provision: Set sysvol ACLs on the sysvol shareAndrew Bartlett2013-01-071-14/+23
| | | | | | | | | | This allows us to correctly load any modules that have been specified by the smb.conf for [sysvol] and issue a VFS connect operation which may be required by some VFS modules. Andrew Bartlett Reviewed-by: Jeremy Allison <jra@samba.org>
* scripting-ntacls: Optionally allow the service to be specified.Andrew Bartlett2013-01-071-6/+6
| | | | | | | | | | Providing a service allows a VFS connect to be issued on the correct service, and so ensures that the correct modules are loaded rather than just what is specified in [globals]. Andrew Bartlett Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:scripting/python: always treat the highwatermark as opaque (bug #9508)Stefan Metzmacher2013-01-013-3/+3
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:provision: set the correct nTSecurityDescriptor on CN=Domain ↵Stefan Metzmacher2012-12-112-0/+15
| | | | | | | | | | Controllers,... (bug #9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Tue Dec 11 07:05:39 CET 2012 on sn-devel-104
* s4:provision: set the correct nTSecurityDescriptor on CN=Users,... (bug #9481)Stefan Metzmacher2012-12-112-1/+18
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:provision: set the correct nTSecurityDescriptor on CN=Computers,... (bug ↵Stefan Metzmacher2012-12-112-1/+19
| | | | | | | #9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:provision: set the correct nTSecurityDescriptor on CN=Builtin,... (bug #9481)Stefan Metzmacher2012-12-112-0/+60
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:provision: set the correct nTSecurityDescriptor on CN=Infrastructure,... ↵Stefan Metzmacher2012-12-112-2/+14
| | | | | | | (bug #9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:provision: set the correct nTSecurityDescriptor on ↵Stefan Metzmacher2012-12-112-0/+18
| | | | | | | CN=Sites,CN=Configuration... (bug #9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:provision: set the correct nTSecurityDescriptor on ↵Stefan Metzmacher2012-12-112-0/+20
| | | | | | | CN=Partitions,CN=Configuration... (bug #9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* samba-tool processes: Make the output a bit neaterRicky Nance2012-12-081-5/+5
| | | | | | | Reviewed-By: Jelmer Vernooij <jelmer@samba.org> Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org> Autobuild-Date(master): Sat Dec 8 03:34:29 CET 2012 on sn-devel-104
* scripting: Handle missing LDAP entries in samba-tool domain classicupgradeAndrew Bartlett2012-12-061-0/+6
| | | | Reported-by: Thomas Simmons <twsnnva@gmail.com>
* s4:python/ntacl: add 'as_sddl' option to dsacl2fsacl()Stefan Metzmacher2012-12-031-1/+4
| | | | | | | | This allows the caller to ask for a security.descriptor instead of sddl by passing 'as_sddl=False'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:python/ntacl: allow string or objects for sd/sid in setntacl()Stefan Metzmacher2012-12-031-3/+14
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:samba-tool/gpo: fix the operation order when creating gposStefan Metzmacher2012-12-031-13/+20
| | | | | | | | | | | | | | We should do it like the windows GUI. 1. create the LDAP objects 2. query the security_descriptor of the groupPolicyContainer 3. create the gPCFileSysPath via smb 4. set the security_descriptor of gPCFileSysPath 5. copy the files and directories into gPCFileSysPath 6. modify the groupPolicyContainer and link gPCFileSysPath Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:samba-tool/gpo: use 'gPCFileSysPath' when deleting gposStefan Metzmacher2012-12-031-4/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:samba-tool/gpo: use the dns_domain from the server when creating gposStefan Metzmacher2012-12-031-2/+14
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:samba_upgradeprovision: use the sd_flags:1:15 control with an empty sdStefan Metzmacher2012-11-301-7/+14
| | | | | | | | The sd_flags:1:15 control together with an empty security_descriptor has the same effect as the recalculate_sd:0 control (which is samba only). Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:provision: add get_empty_descriptor()Stefan Metzmacher2012-11-302-0/+6
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:tests/samba_tool/gpo.py: fix accidential line breakMichael Adam2012-11-301-2/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4:tests/samba_tool/gpo.py: add test_show_as_admin()Stefan Metzmacher2012-11-301-0/+5
| | | | | | | | This calls samba-tool gpo show as admin (which should be able to see the full nTSecurityDescriptor. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:netcmd/gpo.py: let get_gpo_info explicitly ask for the full ↵Stefan Metzmacher2012-11-301-2/+4
| | | | | | | ntSecurityDescriptor Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:netcmd/gpo.py: only ask for OWNER/GROUP/DACL when validating the ↵Stefan Metzmacher2012-11-301-5/+6
| | | | | | | nTSecurityDescriptor Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:netcmd/gpo.py: the nTSecurityDescriptor may not be visible for the ↵Stefan Metzmacher2012-11-301-3/+7
| | | | | | | current user Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:netcmd/gpo.py: s/ntSecurityDescriptor/nTSecurityDescriptorStefan Metzmacher2012-11-301-5/+5
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* web_server: Load SWAT if it is available.Jelmer Vernooij2012-11-231-3/+31
| | | | | | | Reviewed-by: Matthieu Patou <mat@matws.net> Autobuild-User(master): Matthieu Patou <mat@samba.org> Autobuild-Date(master): Fri Nov 23 01:39:38 CET 2012 on sn-devel-104
* s4/web_server: Fix typo in URL.Jelmer Vernooij2012-11-221-1/+1
| | | | | Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org> Autobuild-Date(master): Thu Nov 22 01:37:02 CET 2012 on sn-devel-104
* samba-tool dns: Don't use "localhost" to connect to local hostKai Blin2012-11-161-0/+2
| | | | | | | | | | | | | | Calling "samba-tool dns <cmd> localhost" provokes a stacktrace. This just makes 'samba-tool dns <cmd> localhost' work and doesn't fix the underlying issue, but I don't see it causing any harm (unless you don't have an ipv4 localhost, I guess). Signed-off-by: Kai Blin <kai@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Fri Nov 16 13:18:14 CET 2012 on sn-devel-104