Matthias Dieter Wallnöfer [Sun, 20 Jun 2010 10:19:31 +0000 (12:19 +0200)]
ldb:controls - add the "TREE_DELETE" control for allowing subtree deletes
Matthias Dieter Wallnöfer [Sun, 20 Jun 2010 10:08:50 +0000 (12:08 +0200)]
ldb:ldb.h - add classifications to the control declarations
This makes it easier to understand which standard specifies which control.
Matthias Dieter Wallnöfer [Sun, 20 Jun 2010 11:03:59 +0000 (13:03 +0200)]
s4:python LDB __init__.py - remove completely unused "erase_partitions" call
Seems to be a relict from the past.
Matthias Dieter Wallnöfer [Sun, 20 Jun 2010 09:46:55 +0000 (11:46 +0200)]
s4:samldb LDB module - remove "samldb_set_defaultObjectCategory"
As far as I can tell and the test show the DN gets now normalised automatically
when stored into the database.
Anyway, if we find a case where this doesn't happen then I propose to do it
centrally for all DN attributes in common since we should get away from special
attribute hacks as far as possible.
Matthias Dieter Wallnöfer [Sun, 20 Jun 2010 13:33:29 +0000 (15:33 +0200)]
s4:ldap_backend.c - add some newlines to make logs easier to read
Matthias Dieter Wallnöfer [Sun, 20 Jun 2010 16:20:00 +0000 (18:20 +0200)]
ldb:pyldb.c - introduce a "mem_ctx" also on "py_ldb_search"
To prevent memory leaks
Matthias Dieter Wallnöfer [Sun, 20 Jun 2010 16:06:54 +0000 (18:06 +0200)]
ldb:pyldb.c - some cleanups and adequations also in "py_ldb_modify" and "py_ldb_rename"
To make them consistent.
Matthias Dieter Wallnöfer [Sun, 20 Jun 2010 16:46:51 +0000 (18:46 +0200)]
s4:ldap_controls.c - remove encoding functions for private recalculate SD control
Jelmer Vernooij [Sun, 20 Jun 2010 15:46:39 +0000 (17:46 +0200)]
provision: Look for Samba prefix a bit harder.
Stefan Metzmacher [Sun, 20 Jun 2010 14:22:46 +0000 (16:22 +0200)]
Revert "s4:ldb-samba: fix the build without a system ldb"
This reverts commit
44c01a5eb45a0cd5ca3de8be5c4680de75418dce.
This caused problems when using a system ldb and as we don't
do ABI checks for ldb-samba4 any more, we don't need this change.
metze
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Stefan Metzmacher [Sun, 20 Jun 2010 14:13:38 +0000 (16:13 +0200)]
s4:ldb: only do ABI checking for the standalone build for now
Otherwise we fail to build samba4 with a system ldb.
metze
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Jelmer Vernooij [Sun, 20 Jun 2010 13:50:12 +0000 (15:50 +0200)]
libpolicy: Fix the build.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Wilco Baan Hofman [Mon, 7 Jun 2010 13:21:53 +0000 (15:21 +0200)]
Add preliminary support for storing changed Group Policies.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Wilco Baan Hofman [Mon, 24 May 2010 23:21:45 +0000 (01:21 +0200)]
Refactor policy filesystem code.
* It now uses reusable code to download the GPT.
* It creates a list before copying for better error handling.
* String_replace is now used instead of manually replacing '\\' with '/'
for local paths.
* A security check has been added for file names with "../".
* It adheres to the 80 column rule, if at all possible.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Wilco Baan Hofman [Mon, 24 May 2010 19:36:49 +0000 (21:36 +0200)]
Fix memory allocation with error handling.
Also moved pypolicy.c headers around so as not to generate compile warnings
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Wilco Baan Hofman [Mon, 24 May 2010 18:11:15 +0000 (20:11 +0200)]
Add talloc_frees in error cases in net_gpo.c
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Wilco Baan Hofman [Mon, 24 May 2010 18:05:42 +0000 (20:05 +0200)]
Code cleanups: GUID generation, lp_dnsdomain instead of lp_realm, missing spaces.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Wilco Baan Hofman [Mon, 24 May 2010 17:56:07 +0000 (19:56 +0200)]
Set inherit flag type to bool.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Wilco Baan Hofman [Mon, 24 May 2010 17:53:12 +0000 (19:53 +0200)]
Fix 'magic' numbers to be strlen(something)
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Wilco Baan Hofman [Mon, 24 May 2010 17:47:27 +0000 (19:47 +0200)]
Change talloc_steal to strdup because function might not expect it.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Wilco Baan Hofman [Mon, 24 May 2010 15:07:48 +0000 (17:07 +0200)]
Add GP ini functions.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Wilco Baan Hofman [Fri, 21 May 2010 21:51:28 +0000 (23:51 +0200)]
Remove iconv convenience in used functions, which were deleted in commit
f9ca9e46ad24036bf00cb361a6cef4b2e7e98d7d
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Wilco Baan Hofman [Fri, 21 May 2010 21:49:45 +0000 (23:49 +0200)]
Fix net gpo list to use the dsdb with extended DN's. Fixes memberOf group memberships.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Wilco Baan Hofman [Fri, 21 May 2010 12:56:15 +0000 (14:56 +0200)]
Revert "Add old functionality back which was removed in commit
589a42e2."
This reverts commit
94e3b4a0d8b714c101803886d60ae6c484740d2f.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Wilco Baan Hofman [Fri, 21 May 2010 12:41:02 +0000 (14:41 +0200)]
Add ini parser for GPO's.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Wilco Baan Hofman [Thu, 20 May 2010 14:56:40 +0000 (16:56 +0200)]
Add net gpo setacl support. Create gp_set_acl function. Show ACL in net gpo show.
Cleanup memory allocation of gp_create_gpo
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Wilco Baan Hofman [Wed, 19 May 2010 16:58:54 +0000 (18:58 +0200)]
Fix set GPT security descriptor to match windows' behaviour.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Wilco Baan Hofman [Wed, 19 May 2010 16:31:19 +0000 (18:31 +0200)]
Fix crash when get_gpo_info returns incorrect data.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Wilco Baan Hofman [Wed, 19 May 2010 15:22:48 +0000 (17:22 +0200)]
Add preliminary NT ACL support for GPT (GPO on filesystem).
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Jelmer Vernooij [Thu, 6 May 2010 09:16:27 +0000 (11:16 +0200)]
samba4: Add python bindings for samba.policy.get_gplink_options.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Jelmer Vernooij [Thu, 6 May 2010 09:10:21 +0000 (11:10 +0200)]
policy: Add samba.policy.get_gpo_flags binding.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Wilco Baan Hofman [Thu, 6 May 2010 16:42:14 +0000 (18:42 +0200)]
Add gpo create functionality. Also fix gPLink handling bugs
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Wilco Baan Hofman [Wed, 5 May 2010 08:12:20 +0000 (10:12 +0200)]
Fix mode_t in mkdir.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Wilco Baan Hofman [Wed, 28 Apr 2010 09:34:31 +0000 (11:34 +0200)]
Finish net gpo fetch function. Reorder arguments to make them more understandable. Rename getgpo to show.
This makes the net gpo break for it's samba 3 origins, but makes the syntax more intuitive.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Wilco Baan Hofman [Wed, 28 Apr 2010 09:27:43 +0000 (11:27 +0200)]
Optimize the backslash logic in the path traversal.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Wilco Baan Hofman [Tue, 27 Apr 2010 20:41:25 +0000 (22:41 +0200)]
Fix error in logic, making recursion work past the first level.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Wilco Baan Hofman [Tue, 27 Apr 2010 19:06:11 +0000 (21:06 +0200)]
Add fetch function for GPO which fetches all relevant files from the sysvol share.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Wilco Baan Hofman [Mon, 26 Apr 2010 15:26:51 +0000 (17:26 +0200)]
Add getinheritance and setinheritance to net gpo util and library.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Wilco Baan Hofman [Fri, 23 Apr 2010 17:12:01 +0000 (19:12 +0200)]
Implemented delete group policy link function and corresponding feature in net gpo.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Wilco Baan Hofman [Fri, 23 Apr 2010 16:10:43 +0000 (18:10 +0200)]
Changed add_gplink to set_gplink, so we can change gPLink options as well.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Wilco Baan Hofman [Fri, 23 Apr 2010 15:31:21 +0000 (17:31 +0200)]
Add add gPLink function and corresponding net gpo linkadd call.
Also added some definitions for future functions in policy.h
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Wilco Baan Hofman [Fri, 23 Apr 2010 09:58:26 +0000 (11:58 +0200)]
Rename files to reflect the libpolicy naming convention. Also fix the GNU make build.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Wilco Baan Hofman [Fri, 23 Apr 2010 09:53:04 +0000 (11:53 +0200)]
Rename libgpo to lib/policy to avoid confusion with samba3 and add waf build
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Wilco Baan Hofman [Fri, 23 Apr 2010 09:10:11 +0000 (11:10 +0200)]
Add old functionality back which was removed in commit
589a42e2.
Andrew, please review!
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Wilco Baan Hofman [Fri, 23 Apr 2010 07:32:01 +0000 (09:32 +0200)]
Add gpo list function for listing applicable GPO's for users/machines.
Implements:
* Hierarchical listing through all parent containers
* security ACL checking on the GPO
* User/computer disabled flags on the GPO
* gPLink disabled
* gPLink enforced
* Block inheritance on the container
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Wilco Baan Hofman [Wed, 7 Apr 2010 19:22:36 +0000 (21:22 +0200)]
Add gPLink and getgpo functionality to net gpo.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Wilco Baan Hofman [Tue, 6 Apr 2010 18:15:38 +0000 (20:15 +0200)]
Created net gpo and new libgpo for samba 4. This adds the init function which finds a DC and connects to its LDAP. It also can return information on all group policy objects on a DC.
Aborted earlier attempt at reconciliation with samba 3.
Did not work out due to lack of ldb support in samba 3, also the
different registry libraries and different libnet did not help..
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Kai Blin [Sun, 20 Jun 2010 14:29:24 +0000 (16:29 +0200)]
s3: Attempt to fix the build on NetBSD
Unlike Linux and OSX, NetBSD seems to have *netgrent prototypes in netgroup.h.
Jelmer Vernooij [Sun, 20 Jun 2010 13:22:49 +0000 (15:22 +0200)]
pydsdb: Mark all SamDB and Schema methods that are in pydsdb as
private, to discourage them being called directly.
Jelmer Vernooij [Sun, 20 Jun 2010 13:04:42 +0000 (15:04 +0200)]
testparm: Check netbios name and workgroup characters and length.
Jelmer Vernooij [Sun, 20 Jun 2010 12:24:54 +0000 (14:24 +0200)]
provision: Properly cancel transactions on the secrets ldb.
Jelmer Vernooij [Sun, 20 Jun 2010 12:14:47 +0000 (14:14 +0200)]
selftest: Use scripted testparm.
Jelmer Vernooij [Sun, 20 Jun 2010 12:14:01 +0000 (14:14 +0200)]
pyparam: Support Loadparm.get(p, "global")
Jelmer Vernooij [Sun, 20 Jun 2010 11:54:51 +0000 (13:54 +0200)]
ldb: Add ABI file for use when including ildap in the build.
Jelmer Vernooij [Sun, 20 Jun 2010 11:51:39 +0000 (13:51 +0200)]
testparm: Simplify default option handling.
Jelmer Vernooij [Sun, 20 Jun 2010 11:51:14 +0000 (13:51 +0200)]
pyparam: Allow specifying None as section name to LoadparmContext.get()
to mean default section.
Jelmer Vernooij [Sun, 20 Jun 2010 11:47:36 +0000 (13:47 +0200)]
testparm: Fix suppress prompt option.
Jelmer Vernooij [Sun, 20 Jun 2010 11:41:38 +0000 (13:41 +0200)]
testparm: Fix exit value, install.
Jelmer Vernooij [Sun, 20 Jun 2010 11:40:49 +0000 (13:40 +0200)]
s4-python: Add LoadparmService.dump()
Jelmer Vernooij [Sun, 20 Jun 2010 11:29:35 +0000 (13:29 +0200)]
s4-python: Implement LoadParm.dump().
Jelmer Vernooij [Sun, 20 Jun 2010 11:22:26 +0000 (13:22 +0200)]
testparm: Split up functions that do multiple things.
Jelmer Vernooij [Sun, 20 Jun 2010 11:16:30 +0000 (13:16 +0200)]
testparm: Convert to Python.
Jelmer Vernooij [Sun, 20 Jun 2010 11:15:09 +0000 (13:15 +0200)]
s4-python: Remove more unused imports, fix use of sets in upgradehelpers.
Jelmer Vernooij [Sun, 20 Jun 2010 10:19:08 +0000 (12:19 +0200)]
setnttoken: Remove empty utility.
Jelmer Vernooij [Sun, 20 Jun 2010 10:06:50 +0000 (12:06 +0200)]
Use standard Python syntax, booleans and set()'s where appropriate.
Jelmer Vernooij [Sun, 20 Jun 2010 09:59:49 +0000 (11:59 +0200)]
Remove unnecessary use of transactions.
Jelmer Vernooij [Sun, 20 Jun 2010 09:49:08 +0000 (11:49 +0200)]
ldb: Change LDBSAMBA back to subsystem, update comments, use different
ABI file based on whether ldb_ildap is included.
Stefan Metzmacher [Sun, 20 Jun 2010 09:33:43 +0000 (11:33 +0200)]
s4:ldb-samba: fix the build without a system ldb
metze
Kai Blin [Sun, 20 Jun 2010 07:49:34 +0000 (09:49 +0200)]
s3-waf: Change the (set|get|end)netgrent checks to match the configure.in checks
Kai Blin [Sun, 20 Jun 2010 07:36:19 +0000 (09:36 +0200)]
s3 configure: Check for (set|get|end)netgrent prototypes
Kai Blin [Thu, 17 Jun 2010 20:41:57 +0000 (22:41 +0200)]
build: Allow for a custom message in CHECK_C_PROTOTYPE
Jelmer Vernooij [Sun, 20 Jun 2010 00:44:39 +0000 (02:44 +0200)]
ldb: Remove last import of dsdb.
Jelmer Vernooij [Sun, 20 Jun 2010 00:32:23 +0000 (02:32 +0200)]
Some more formatting fixes, move schema related functions from Ldb to Schema.
Jelmer Vernooij [Sat, 19 Jun 2010 23:43:51 +0000 (01:43 +0200)]
Move convert_to_openldap onto Schema class.
Jelmer Vernooij [Sat, 19 Jun 2010 23:56:52 +0000 (01:56 +0200)]
Formatting cleanups; use True/False for booleans, unnecessary backslashes, spacing.
Jelmer Vernooij [Sat, 19 Jun 2010 23:37:06 +0000 (01:37 +0200)]
Move a few more samdb-specific methods to SamDB, away from Ldb.
Jelmer Vernooij [Sat, 19 Jun 2010 23:28:39 +0000 (01:28 +0200)]
samdb: Fix formatting, move get_oid_from_attid from Ldb to SamDB.
Jelmer Vernooij [Sat, 19 Jun 2010 23:26:23 +0000 (01:26 +0200)]
s4-python: Remove trivial function, replace by dictionary.
Lukasz Zalewski [Sun, 13 Jun 2010 10:02:44 +0000 (11:02 +0100)]
make test modules for net group set of commands and modification to the newuser to include additional parameters
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Lukasz Zalewski [Tue, 8 Jun 2010 19:33:56 +0000 (20:33 +0100)]
Modifications extending functionality of newuser cmd and new net group set of commands for group related operations on ldb
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Lukasz Zalewski [Mon, 7 Jun 2010 16:10:28 +0000 (17:10 +0100)]
Modifications extending functionality of newuser cmd and new net group set of commands for group related operations on ldb
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Matthieu Patou [Wed, 16 Jun 2010 07:25:19 +0000 (11:25 +0400)]
s4 upgradeprovision: Make grouped commit / rollback more resistant to unexpected problems
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Matthieu Patou [Mon, 14 Jun 2010 08:28:58 +0000 (12:28 +0400)]
s4 upgradeprovision: Check that the policy for DC is present if not warn the user
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Matthieu Patou [Sun, 13 Jun 2010 22:14:48 +0000 (02:14 +0400)]
s4 upgradeprovision: Emit message instead of crashing when not able to set acl
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Matthieu Patou [Sun, 13 Jun 2010 21:50:47 +0000 (01:50 +0400)]
s4 upgradeprovision: add an option to force the rebuilding of FS ACLs on sysvols share
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Matthieu Patou [Tue, 15 Jun 2010 08:53:18 +0000 (12:53 +0400)]
s4 unittests: add unit tests for upgradehelpers
The functions tested are:
* construct_existor_expr
* search_constructed_attrs_stored
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Matthieu Patou [Tue, 15 Jun 2010 08:50:29 +0000 (12:50 +0400)]
s4 upgradeprovision: Add function for searching stored constructed attributes
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Matthieu Patou [Mon, 14 Jun 2010 22:41:18 +0000 (02:41 +0400)]
s4: Using control bypassoperational allow the logic of this module to be bypassed for some given attributes
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Matthieu Patou [Mon, 14 Jun 2010 22:23:11 +0000 (02:23 +0400)]
ldb: add a new control bypassioperationnal
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Matthieu Patou [Tue, 15 Jun 2010 19:41:39 +0000 (23:41 +0400)]
s4 upgradeprovision: additional restyling
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Matthieu Patou [Wed, 9 Jun 2010 21:00:43 +0000 (01:00 +0400)]
s4 upgradeprovision: Restyle imports
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Matthieu Patou [Mon, 7 Jun 2010 20:01:16 +0000 (00:01 +0400)]
s4 upgradeprovision: Move functions to helpers and improve code
Among code improvement the most significant part is that we now
compare DN object instead of their string representation. It allow
to better react to case an white space difference.
Some new move objects have been added (ie. System into well known
security principals).
This will allow more unittesting
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Matthieu Patou [Fri, 7 May 2010 00:22:36 +0000 (04:22 +0400)]
s4 python: Update unit tests related to create secrets
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Matthieu Patou [Mon, 24 May 2010 05:41:44 +0000 (09:41 +0400)]
s4: Add comments about setup_secrets
Comments are to inform people that this function should not handle
transaction within the function as it is mainly used in provision and
that we want to commit secrets only if all the action on secrets have
worked.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Matthieu Patou [Fri, 7 May 2010 12:26:26 +0000 (16:26 +0400)]
s4 upgradeprovision: Add documentation on the update process
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Matthieu Patou [Mon, 3 May 2010 20:01:00 +0000 (00:01 +0400)]
s4 python: Add unit tests for upgradeprovision related stuff
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Matthieu Patou [Mon, 7 Jun 2010 20:52:25 +0000 (00:52 +0400)]
s4 upgradeprovision: move some functions to upgradehelpers for unit tests
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Matthieu Patou [Mon, 7 Jun 2010 21:13:45 +0000 (01:13 +0400)]
s4 upgradeprovision: Fix style
reformat *_update_samdb functions
fix_partition_sd
rebuild_sd
update_samdb
update_privilege
update_machine_account_password
update_gpo
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Matthieu Patou [Mon, 7 Jun 2010 12:27:48 +0000 (16:27 +0400)]
s4 upgradeprovision: Use replPropertyMetaData for better guess
Rework upgradeprovision in order to get more precise updates when doing upgrade provision.
This is done through the use of replPropertyMetaData information and raw information revealed by the
"reveal" control.
The code has been changed also to avoid double free error when changing the schema (for old provision).
Checking of SD is done a bit more cleverly as we compare the different parts for an ACL separately.
Fix logic when upgrading provision without replPropertyMetaData infos
Also for old provision (pre alpha9) do not copy the usn range because data here will be wrong
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Matthieu Patou [Mon, 7 Jun 2010 19:47:43 +0000 (23:47 +0400)]
s4 upgradeprovision: Reformat attributes lists and reformat parser
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
git.samba.org / kamenim / samba.git / log