Stefan Metzmacher [Sun, 27 Jan 2013 16:10:08 +0000 (17:10 +0100)]
Revert "rename promoted..."
This reverts commit
05b54d17e083aba705d9a6bf42bdf5bba3601dba.
Stefan Metzmacher [Sun, 27 Jan 2013 11:16:03 +0000 (12:16 +0100)]
rename promoted...
Stefan Metzmacher [Mon, 10 Dec 2012 23:12:39 +0000 (00:12 +0100)]
allow_remaining
Stefan Metzmacher [Fri, 25 Jan 2013 16:40:41 +0000 (17:40 +0100)]
Stefan Metzmacher [Fri, 25 Jan 2013 16:40:36 +0000 (17:40 +0100)]
%r
Stefan Metzmacher [Wed, 23 Jan 2013 15:34:28 +0000 (16:34 +0100)]
Revert "dbcheck transaction..."
This reverts commit
772214889835d66e1fa3273ac7614ee169868acb.
Stefan Metzmacher [Wed, 23 Jan 2013 15:34:23 +0000 (16:34 +0100)]
Stefan Metzmacher [Mon, 14 Jan 2013 10:43:39 +0000 (11:43 +0100)]
more
Stefan Metzmacher [Mon, 14 Jan 2013 08:45:34 +0000 (09:45 +0100)]
dbcheck transaction...
Stefan Metzmacher [Tue, 8 Jan 2013 15:10:06 +0000 (16:10 +0100)]
revert ...
Conflicts:
source4/scripting/python/samba/provision/__init__.py
Stefan Metzmacher [Mon, 10 Dec 2012 23:12:39 +0000 (00:12 +0100)]
allow_remaining
Stefan Metzmacher [Wed, 23 Jan 2013 15:32:25 +0000 (16:32 +0100)]
Stefan Metzmacher [Wed, 23 Jan 2013 15:32:18 +0000 (16:32 +0100)]
reformat
Conflicts:
source4/scripting/python/samba/provision/descriptor.py
Stefan Metzmacher [Sat, 1 Dec 2012 16:25:44 +0000 (17:25 +0100)]
generic mapping inherit
Stefan Metzmacher [Sat, 1 Dec 2012 16:11:10 +0000 (17:11 +0100)]
ntvfs: inherit generic
Stefan Metzmacher [Sat, 1 Dec 2012 16:10:40 +0000 (17:10 +0100)]
debug gpo
Stefan Metzmacher [Sat, 1 Dec 2012 15:05:11 +0000 (16:05 +0100)]
TODO review after conflicts s4:provision: fix sysvol security_descriptors (let them match a Windows 2008R2 DC)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Sat, 1 Dec 2012 13:36:21 +0000 (14:36 +0100)]
s4:python/ntacl: add fsacl_child_sd() function
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Sat, 1 Dec 2012 14:59:18 +0000 (15:59 +0100)]
tests/posixacl.py
Stefan Metzmacher [Sat, 1 Dec 2012 13:31:19 +0000 (14:31 +0100)]
s4:samba-tool/gpo: fix 'aclcheck' against a Windows 2008R2 DC
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Sat, 1 Dec 2012 13:29:44 +0000 (14:29 +0100)]
s4:provision: add SYSVOL specific security_descriptors
These are the onces used to provision the SYSVOL on
a Windows 2008R2 DC.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 29 Nov 2012 08:57:44 +0000 (09:57 +0100)]
s4:samba-tool/gpo: set the same security.descriptor type as the Windows GUI
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 29 Nov 2012 08:57:44 +0000 (09:57 +0100)]
s4:python/ntacl: change dsacl2fsacl() to match a windows client
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 30 Nov 2012 13:50:09 +0000 (14:50 +0100)]
TODO s3:smbcacls: also print the SACL if available
Stefan Metzmacher [Sun, 2 Dec 2012 16:44:47 +0000 (17:44 +0100)]
Revert "TODO breaks tests libcli/security: fix the CREATOR_OWNER order in calculate_inherited_from_parent()"
This reverts commit
aa304704813fc80980d4dda2ede72acf33944a4c.
Stefan Metzmacher [Fri, 30 Nov 2012 21:44:58 +0000 (22:44 +0100)]
TODO breaks tests libcli/security: fix the CREATOR_OWNER order in calculate_inherited_from_parent()
The inherited object/container specific CREATOR_OWNER ace should be inserted
before the generic CREATOR_OWNER ace.
This also matches the behavior of a Windows (2008R2) DC
for active directory SDs and also matches the logic for filesystem SDs,
see se_create_child_secdesc().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 30 Nov 2012 10:34:39 +0000 (11:34 +0100)]
Revert "tevent: define TEVENT_NUM_SIGNALS based on SIGRTMAX"
This reverts commit
408f3a5a979b8e7b833c5269ca36ec8bebb6524d.
Stefan Metzmacher [Fri, 30 Nov 2012 10:34:35 +0000 (11:34 +0100)]
Revert "tevent: change version to 0.9.18 after the SIGRTMAX fix"
This reverts commit
27a4b1b94877404099e72591760a48eb3c730647.
Stefan Metzmacher [Fri, 30 Nov 2012 08:43:23 +0000 (09:43 +0100)]
tevent: change version to 0.9.18 after the SIGRTMAX fix
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Fri, 30 Nov 2012 08:39:18 +0000 (09:39 +0100)]
tevent: define TEVENT_NUM_SIGNALS based on SIGRTMAX
On FreeBSD SIGRTMIN is 65...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Sat, 15 Dec 2012 10:14:58 +0000 (11:14 +0100)]
DEBUG s4:torture/dssync: ...
Andrew Bartlett [Fri, 28 Dec 2012 10:00:28 +0000 (21:00 +1100)]
torture: Ensure that GSSAPI and SPNEGO packets are accepted by dlz_bind9
This exercises some more of the dlz_bind9 code outside BIND, by
sending in a ticket to be access checked, wrapped either in SPNEGO or
just in GSSAPI.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Thu, 27 Dec 2012 23:06:39 +0000 (10:06 +1100)]
selftest: Add a basic test of samba_upgradedns
This does not check that the command runs correctly, but does at least check
that the command runs to completion without errors.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Thu, 27 Dec 2012 22:25:11 +0000 (09:25 +1100)]
selftest: Start internal DNS server on domain provisioned for BIND9_DLZ
This shows that the internal server can use the dns-SERVER account.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Tue, 25 Dec 2012 23:03:47 +0000 (10:03 +1100)]
selftest: Test creation of the dns-SERVER account during selftest
We do this by having the samba-tool domain dcpromo for promoted_vampire_dc also create a
dns-SERVER account.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Sun, 23 Dec 2012 22:12:04 +0000 (09:12 +1100)]
scripting/samba_upgradedns: Tighten up exception and attribute list handling
This avoids asking for attributes that will not be used, and looks only for the
expected exceptions, rather than all exceptions.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Sun, 23 Dec 2012 21:56:50 +0000 (08:56 +1100)]
scripting/join.py: Handle creating the dns-NAME account during a DC join
This will ensure that the DLZ plugin works out of the box when joining a second Samba DC to the
domain.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 17 Jan 2013 12:46:11 +0000 (13:46 +0100)]
Revert "TODO this could be wrong, but NULL also...? dsdb-acl: pass the object type to dsdb_module_check_access_on_dn()"
This reverts commit
9020205e512ae075bdfc6d436708e68cd452d5f1.
Stefan Metzmacher [Thu, 17 Jan 2013 12:45:30 +0000 (13:45 +0100)]
TODO this could be wrong, but NULL also...? dsdb-acl: pass the object type to dsdb_module_check_access_on_dn()
Stefan Metzmacher [Fri, 18 Jan 2013 07:56:22 +0000 (08:56 +0100)]
Revert "libcli/security: tree and replace sid are not optional to sec_access_check_ds()"
This reverts commit
34fefc3915ad4e94ba6afd8569e7c19ee13db781.
Stefan Metzmacher [Wed, 16 Jan 2013 09:07:45 +0000 (10:07 +0100)]
libcli/security: tree and replace sid are not optional to sec_access_check_ds()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Matthieu Patou [Sun, 30 Dec 2012 00:43:53 +0000 (16:43 -0800)]
NO... dsdb-extended: use a cache of dsdb_attributes for the current request
The logic is that for a given search it's often the same given search of
attributes in the same order that is used, so we use a small cache
instead of doing a binary search in the attributes_by_ldapname of the
schema. It helps to reduce the time spent doing strcasecmp.
NO: if we use a cache then it should be global and hidden inside of
dsdb_attribute_by_lDAPDisplayName() in order to speed of all modules.
Matthieu Patou [Fri, 28 Dec 2012 02:29:49 +0000 (18:29 -0800)]
dsdb-operational: rework the loop for attribute removal
Instead of doing ldb_in_list size(operational_remove) * (attrs_user +
attr_searched) * number of entries times to get the list of attributes to remove we construct this
list before the search and then use it for every entries.
Matthieu Patou [Wed, 26 Dec 2012 18:21:23 +0000 (10:21 -0800)]
NO... ldb: Fix a compiler warning issue
STATIC_ldb_MODULES_PROTO is defined on the compilation command line by
-DSTATIC_ldb_MODULES_PROTO which the compiler seems to turn into
define STATIC_ldb_MODULES_PROTO 1 thus yielding a warning.
Matthieu Patou [Thu, 13 Dec 2012 05:15:57 +0000 (21:15 -0800)]
ldb: Make ldb_match_scope and ldb_match_message available to other ldb parts
This allow the indexing code to use them.
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Matthieu Patou [Fri, 14 Dec 2012 06:37:30 +0000 (22:37 -0800)]
LATER ldb: Use ldb_dn_compare_base_one in ldb_match_scope
In order to return the number of element in a DN, it has to be exploded
if it's not already the case which is costly, in most case where this
function is called DN are still in non exploded form
Also the ldb_compare_base_one has quick test for DN that are linearized but
are not case folded.
Matthieu Patou [Thu, 13 Dec 2012 10:18:34 +0000 (02:18 -0800)]
ldb: use strncmp instead of strcmp when comparing the val part
val part of a DN's component is DATA_BLOB and nothing insure that it
will be finished by a '\0'
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Matthieu Patou [Sun, 30 Dec 2012 00:42:28 +0000 (16:42 -0800)]
ldb: make test output more readable
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Matthieu Patou [Sun, 30 Dec 2012 05:48:46 +0000 (21:48 -0800)]
ldb: Add more tests related to onelevel search
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Matthieu Patou [Sun, 30 Dec 2012 05:47:29 +0000 (21:47 -0800)]
LATER... ldb: Add ldb_dn_compare_base_one for checking if a dn is just bellow the base
Matthieu Patou [Tue, 8 Jan 2013 08:09:32 +0000 (00:09 -0800)]
ldb: Add more data test data for one level test cases
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Matthieu Patou [Tue, 8 Jan 2013 08:28:03 +0000 (00:28 -0800)]
ldb: Add tests for the python api
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Matthieu Patou [Tue, 8 Jan 2013 08:09:16 +0000 (00:09 -0800)]
LATER ldb: Fix broken tests in api.py, extend ldb_dn_compare ones
Stefan Metzmacher [Wed, 23 Jan 2013 14:56:13 +0000 (15:56 +0100)]
HACK samba_upgradeprovision backtrace
Michael Adam [Tue, 22 Jan 2013 17:08:25 +0000 (18:08 +0100)]
s3:winbindd: change getpwsid() to return a passwd struct for a group sid id-mapped with ID_TYPE_BOTH
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Tue, 22 Jan 2013 16:39:44 +0000 (17:39 +0100)]
s3:winbindd: check the correct variable for talloc success in rpc_query_user()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Thu, 6 Dec 2012 23:55:18 +0000 (00:55 +0100)]
s3:winbindd:getgrnam: also produce a group struct for a user with ID_TYPE_BOTH
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Thu, 6 Dec 2012 21:02:32 +0000 (22:02 +0100)]
s3:winbindd: create group structs for gids that are coming from a user sid id-mapped with ID_TYPE_BOTH
This "fake" group contains exctly one member, namely the user that the sid is
actually belonging to.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Thu, 6 Dec 2012 17:06:49 +0000 (18:06 +0100)]
s3:winbindd: factor add_wbint_Principal_to_dict() out of wb_group_members_done()
for later reuse
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Fri, 7 Dec 2012 15:13:19 +0000 (16:13 +0100)]
s3:winbindd: fix a cut'n'paste comment typo in wb_fill_pwent
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Michael Adam [Fri, 7 Dec 2012 00:12:11 +0000 (01:12 +0100)]
s3:winbindd: rename winbindd_getgrnam_lookupsid_done to winbindd_getgrnam_lookupname_done
That's what it is.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Christian Ambach [Fri, 7 Dec 2012 11:33:38 +0000 (12:33 +0100)]
s3:utils/net remove aclmapset command
this was made for the nfs4:sidmap code that has been removed, so
this subcommand can also go away
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Jan 29 15:37:18 CET 2013 on sn-devel-104
Christian Ambach [Thu, 29 Nov 2012 20:40:15 +0000 (21:40 +0100)]
s3:net_idmap_dump support dumping autorid backend
- remember the type of idmapping database (tdb or autorid)
this allows to make rest of the code (e.g. dump) know which database-style it will encounter
- add a seperate dump function for autorid
- default to TDB if db-file is given on the command-line
Pair-Programmed-With: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Signed-off-by: Christian Ambach <ambi@samba.org>
Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Michael Adam <obnox@samba.org>
Christian Ambach [Tue, 4 Dec 2012 14:11:50 +0000 (15:11 +0100)]
s3:net_idmap_dump add missing braces
see README.Coding
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Christian Ambach [Mon, 3 Dec 2012 13:15:40 +0000 (14:15 +0100)]
s3:net_idmap_dump remove obsolete support for tdb:idmap2.tdb parameter
this one got removed from idmap_tdb2 a while ago
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Christian Ambach [Thu, 29 Nov 2012 20:39:54 +0000 (21:39 +0100)]
s3:net_idmap_dump deal with idmap config * : backend config style
this is the new config style since Samba 3.6 and should be detected by net idmap dump
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Jeremy Allison [Fri, 25 Jan 2013 00:20:14 +0000 (16:20 -0800)]
Regression test for bug #9571 - Unlink after open causes smbd to panic
Replicates the protocol activity that triggers the crash.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Jan 28 15:33:17 CET 2013 on sn-devel-104
Pavel Shilovsky [Wed, 16 Jan 2013 11:02:26 +0000 (15:02 +0400)]
Fix bug #9571 - Unlink after open causes smbd to panic.
s3:smbd: fix wrong lock order in posix unlink
Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Jeremy Allison [Fri, 25 Jan 2013 18:21:48 +0000 (10:21 -0800)]
Fix bug #9588 - ACLs are not inherited to directories for DFS shares.
We can return with NT_STATUS_OK in an error code path. This
has a really strange effect in that it prevents the ACL editor
in Windows XP from recursively changing ACE entries on sub-directories
after a change in a DFS-root share (we end up returning a path
that looks like: \\IPV4\share1\xptest/testdir with a mixture
of Windows and POSIX pathname separators).
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Jan 28 13:48:13 CET 2013 on sn-devel-104
Volker Lendecke [Sun, 27 Jan 2013 16:24:49 +0000 (17:24 +0100)]
smbcontrol: Fix undefined serverid_traverse_read warning
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jan 28 11:51:12 CET 2013 on sn-devel-104
Volker Lendecke [Sun, 27 Jan 2013 16:24:31 +0000 (17:24 +0100)]
smbcontrol: Fix the build with libunwind
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Sun, 27 Jan 2013 10:09:39 +0000 (11:09 +0100)]
s4:service_task: add missing imessaging_cleanup() to task_server_terminate()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sun Jan 27 15:50:30 CET 2013 on sn-devel-104
Stefan Metzmacher [Sun, 27 Jan 2013 10:01:07 +0000 (11:01 +0100)]
s4:service_task: prevent a segfault if task->msg_ctx is not initialized yet
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sun, 27 Jan 2013 11:15:50 +0000 (12:15 +0100)]
selftest: rename 'promoted_vampire_dc' to 'promoted_dc'
Unix domain socket are limited to 104 characters on Linux.
Using something like this fails as it uses more than 104 characters:
'/memdisk/autobuild/flakey/
b232141/samba/bin/ab/promoted_vampire_dc/private/smbd.tmp/msg/msg.482379.
2147483647'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 22 Jan 2013 12:39:15 +0000 (23:39 +1100)]
selftest: Add test of upgradeprovision using the old alpha13 tree
This ensures that upgradeprovision works as expected on a known good old database.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Jan 27 11:55:54 CET 2013 on sn-devel-104
Stefan Metzmacher [Fri, 25 Jan 2013 08:36:47 +0000 (09:36 +0100)]
samba_upgradeprovision: detect dns_backend for the reference provision
If we have a DomainDnsZone partition, we use BIND9_DLZ as backend
and fix errors in the ForestDnsZone and DomainDnsZone partitions.
Note: this should work fine also for SAMBA_INTERNAL.
If the current setup doesn't use dns specific partitions (e.g. alpha13 setups)
we pass dns_backend=BIND9_FLATFILE.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 25 Jan 2013 08:36:47 +0000 (09:36 +0100)]
provision: setup names.dns_backend
If we have a DomainDnsZone partition:
- we use BIND9_DLZ as backend if a dns-<netbiosname> account is available
- otherwise, we use SAMBA_INTERNAL
else:
- we use BIND9_FLATFILE if a dns or dns-<netbiosname> account is available
- otherwise, we use NONE
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 13 Dec 2012 11:56:37 +0000 (12:56 +0100)]
samba_upgradeprovision: fix the nTSecurityDescriptor on more containers (bug #9481)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 23 Jan 2013 15:27:17 +0000 (16:27 +0100)]
provision: fix nTSecurityDescriptor of containers in the DnsZones (bug #9481)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 23 Jan 2013 15:27:17 +0000 (16:27 +0100)]
provision: fix nTSecurityDescriptor attributes of CN=*,${CONFIGDN} (bug #9481)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 23 Jan 2013 15:27:17 +0000 (16:27 +0100)]
provision: fix nTSecurityDescriptor of CN={LostAndFound,System},${DOMAINDN} (bug #9481)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 23 Jan 2013 14:45:33 +0000 (15:45 +0100)]
provision: setup names.name_map['DnsAdmins']
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 23 Jan 2013 14:43:54 +0000 (15:43 +0100)]
provision: introduce names.name_map = {}
This will be used to translated names in SDDL values,
which are not wellknown, e.g. 'DnsAdmins'.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 23 Jan 2013 14:55:31 +0000 (15:55 +0100)]
provision: add get_dns_{forest,domain}_microsoft_dns_descriptor()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 23 Jan 2013 14:39:07 +0000 (15:39 +0100)]
provision: add get_config_ntds_quotas_descriptor()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 23 Jan 2013 09:51:10 +0000 (10:51 +0100)]
provision: add get_{config,domain}_delete_protected*_descriptor()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 23 Jan 2013 14:53:00 +0000 (15:53 +0100)]
schema.py: add optional name_map={} to get_schema_descriptor()
This is not used, but makes the prototype compatible with the
other get_*_descriptor() functions.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 23 Jan 2013 14:51:37 +0000 (15:51 +0100)]
provision: add optional name_map={} argument to get_*_descriptor()
This will allow subsitute non-wellkown names in the SDDL,
e.g. 'DnsAdmins'.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 23 Jan 2013 08:05:36 +0000 (09:05 +0100)]
provision: import/export get_dns_partition_descriptor()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 23 Jan 2013 07:56:00 +0000 (08:56 +0100)]
provision: setup names.dns{forest,domain}dn
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 23 Jan 2013 14:24:11 +0000 (15:24 +0100)]
samba_upgradeprovision: fix resetting of 'nTSecurityDescriptor' on schema objects
Without this schema_data_modify() will reject updates to schema objects
by default.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 23 Jan 2013 14:23:13 +0000 (15:23 +0100)]
samba_upgradeprovision: don't reset 'whenCreated' when resetting 'nTSecurityDescriptor'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Sat, 19 Jan 2013 08:41:00 +0000 (09:41 +0100)]
dbckecker: fix nTSecurityDescriptor values from before 4.0.0rc6 (bug #9481)
They inherited effective ACE for the wrong object classes.
For SACL ACEs the problem was also present in 4.0.0.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 24 Jan 2013 21:59:26 +0000 (22:59 +0100)]
dsdb-descriptor: get_default_group() should always return the DAG sid (bug #9481)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 24 Jan 2013 12:07:32 +0000 (13:07 +0100)]
tests/sec_descriptor: the default owner behavior depends on domainControllerFunctionality (bug #9481)
Not on the domainFunctionality.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Tue, 22 Jan 2013 14:38:07 +0000 (15:38 +0100)]
libcli/security: calculate INHERIT_ONLY correcty for AUDIT and ALARM aces (bug #9481)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 25 Jan 2013 12:00:12 +0000 (23:00 +1100)]
s4-process_single: Use pid,task_id as cluster_id in process_single just like process_prefork
This avoids two different process single task servers (eg the drepl
server) sharing the same server id. The task id starts at 2^31 to
avoid collision with the fd based scheme for connections.
Fix-bug: https://bugzilla.samba.org/show_bug.cgi?id=9598
Reported-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Jan 26 16:13:05 CET 2013 on sn-devel-104
Andrew Bartlett [Fri, 25 Jan 2013 22:09:23 +0000 (09:09 +1100)]
pymessaging: Pass around the server_id struct to python callbacks rather than the tuple
This is not used currently, but may avoid going to and from the python types when we do not need to.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Fri, 25 Jan 2013 21:58:46 +0000 (08:58 +1100)]
pymessaging: Use correct unsigned types for server ID tuple elememnts
This is needed if we start using the top bits of these values.
Andrew Bartlett
Reviewed-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Fri, 25 Jan 2013 22:35:21 +0000 (09:35 +1100)]
ldb: Ensure to decrement the transaction_active whenever we delete a transaction
This is in the error path for prepare_commit, which rarely fails, but
when it does we need to ensure that when a new transaction is opened,
that it really starts a new transaction.
We bump the version to recognise critical fix for the AD DC
Without this fix, a single invalid inbound replicated link disables
all subsequent replication as we operate without a transaction (which
is refused by ldb_tdb).
Andrew Bartlett
Reviewed-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
git.samba.org / metze / samba / wip.git / log