summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* lib/param: fix usage of 'write list = +Group'Stefan Metzmacher2012-08-241-2/+8
| | | | | | | metze Autobuild-User(master): Björn Jacke <bj@sernet.de> Autobuild-Date(master): Fri Aug 24 11:28:17 CEST 2012 on sn-devel-104
* s3: fix compile warning on openindianaBjörn Jacke2012-08-231-5/+5
| | | | | Autobuild-User(master): Björn Jacke <bj@sernet.de> Autobuild-Date(master): Thu Aug 23 18:22:13 CEST 2012 on sn-devel-104
* crypto/aes_ccm_128: fix compile warning on openindianaBjörn Jacke2012-08-231-1/+1
|
* s3/registry: fix compile warning on openindianaBjörn Jacke2012-08-231-1/+1
|
* s4-selftest: Always set vfs objects in selftest smb.confAndrew Bartlett2012-08-231-2/+2
| | | | | | | | | | This sets it for all enviornments, as it is harmless if ntvfs is used and critical if the provision script runs in s3fs mode. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Aug 23 16:42:41 CEST 2012 on sn-devel-104
* s4-selftest: Add test for samba-tool ntacl sysvolcheckAndrew Bartlett2012-08-231-0/+26
|
* s4-samba-tool: Add samba-tool ntacl sysvolcheck commandAndrew Bartlett2012-08-232-1/+143
| | | | | | | | | This command verifies that the current on-disk ACLs match the directory and the defaults from provision. Unlike sysvolreset, this does not change any of the permissions. Andrew Bartlett
* s3-smbd: Add security_info_wanted argument to get_nt_acl_no_snumAndrew Bartlett2012-08-235-8/+8
| | | | | | | I need to get at the owner, group, DACL and SACL when testing correct ACL storage. Andrew Bartlett
* s3-pysmbd: Fix return type of smbd.get_nt_aclAndrew Bartlett2012-08-231-1/+1
| | | | | | The security_ prefix is stripped off in the python bindings. Andrew Bartlett
* s3-smbd: Add talloc_stackframe() to get_nt_acl_no_snum()Andrew Bartlett2012-08-231-3/+8
| | | | | | This is required because the functions it calls use talloc_tos(). Andrew Bartlett
* s4-selftest: Add testing of samba-tool ntacl sysvolresetAndrew Bartlett2012-08-232-0/+45
|
* param: Add startup checks for valid server role/binary combinationsAndrew Bartlett2012-08-235-0/+35
| | | | | | | This should eliminate confusion from our users about what they can expect to successfully run. Andrew Bartlett
* s3-pysmbd: Fix error messageAndrew Bartlett2012-08-231-2/+2
|
* s4-provision: Fix internal documentationAndrew Bartlett2012-08-231-0/+1
|
* s3-pysmbd: Allow a mode to be specified for the simple ACLAndrew Bartlett2012-08-232-28/+33
| | | | | | The additional group for the ACL is now optional. Andrew Bartlett
* s4-samba-tool: Add 'samba-tool ntacl sysvolreset' toolAndrew Bartlett2012-08-231-1/+73
| | | | | | | This will reset the NT ACL on the sysvol share to the default from provision, with GPO objects matching the LDAP ACL (as required). Andrew Bartlett
* selftest: Add a test of the NT ACL -> posix ACL mapping layer to selftestAndrew Bartlett2012-08-231-0/+1
|
* selftest: Cope with the multiple possible representations of -1 in posixacl.pyAndrew Bartlett2012-08-231-28/+29
|
* selftest: Extend posixacl test to check the actual ACLAndrew Bartlett2012-08-231-2/+274
| | | | | | | | | | | | | | | | | | | | Needing to be able to write this test is the primary reason I have been reworking the VFS and posix ACL layer over the past few weeks. By exposing the POSIX ACL as a IDL object we can eaisly manipulate it in python, and then verify that the ACL was handled correctly. This ensures the when we write an ACL in provision, that it will indeed allow that access at the FS layer. We need to extend this beyond just the critical two ACLs set during provision, to also include some special (hard) cases involving the merging of ACE entries, as this is the most delicate part of the ACL transfomation. A similar test should also be written to read the posix ACL and the mapped NT ACL on a file that has never had an NT ACL set. Andrew Bartlett
* selftest: Add a test of the NT ACL -> posix ACL mapping layerAndrew Bartlett2012-08-231-0/+131
| | | | | | | This is the start of what will be a series of tests confirming exactly how some NT ACLs are mapped to posix ACLs. Andrew Bartlett
* s4-scripting: Redefine getntacl() as accessing via the smbd VFS or directlyAndrew Bartlett2012-08-232-6/+11
| | | | | | | This allows us to write tests that compare the smbd vfs with what is in the DB or xattr. Andrew Bartlett
* s4-provision: set POSIX ACLs to for use with the smbd file server (s3fs)Andrew Bartlett2012-08-233-53/+94
| | | | | | | | This handles the fact that smbd will rarely override the POSIX ACL enforced by the kernel. This has caused issues with the creation of group policies by other members of the Domain Admins group. Andrew Bartlett
* file_server: Move default VFS module settings to loadparm.cAndrew Bartlett2012-08-233-13/+14
| | | | | | | | | | This means that any utility that calls into the VFS layer will get the right modules. Because we use the fake_acls backend we need to override this whole list in Samba4.pm however. Andrew Bartlett
* s4-dsdb: Remove unused variablesAndrew Bartlett2012-08-231-5/+0
|
* s4-dsdb: Do not use a possibly-old loadparm context in schema reloadAndrew Bartlett2012-08-233-19/+18
| | | | | | | | The loadparm context on the schema DB might have gone away already. Pre-cache the schema refresh interval at load time to avoid worrying about this. Andrew Bartlett
* s4-upgradeprovision: Use ntvfs in reference provisionAndrew Bartlett2012-08-231-1/+1
| | | | | | | We do not need filesystem ACLs set when creating the reference provision, so it is easier to use the NTVFS backend as it does not cause trouble with make test. Andrew Bartlett
* selftest: Set --use-ntvfs for rodc, vampire_dc, promoted_vampire_dc and ↵Andrew Bartlett2012-08-231-4/+4
| | | | subdom_dc
* selftest: Specify --use-ntvfs when testing the group codeAndrew Bartlett2012-08-231-1/+1
| | | | | | We do not need to set filesystem ACLs in this case. Andrew Bartlett
* selftest: Specify --use-ntvfs when testing the newuser codeAndrew Bartlett2012-08-231-1/+1
| | | | | | We do not need to set filesystem ACLs in this case. Andrew Bartlett
* selftest: Specify --use-ntvfs when testing the LDAP backend init codeAndrew Bartlett2012-08-231-5/+5
| | | | | | We do not need to set filesystem ACLs in this case. Andrew Bartlett
* selftest: Specify --use-ntvfs for the chdcpass environmentAndrew Bartlett2012-08-231-1/+1
|
* s3:smb2_break: encrypt OPLOCK BREAK notificationsStefan Metzmacher2012-08-233-18/+107
| | | | | | | metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Aug 23 10:01:14 CEST 2012 on sn-devel-104
* s3:smb2_server: use smbXsrv_session->nonce_*Stefan Metzmacher2012-08-232-25/+27
| | | | metze
* smbXsrv.idl: add nonce_* to smbsrv_sessionStefan Metzmacher2012-08-231-0/+2
| | | | metze
* s3:smb2_server: remove dump_data() from smbd_smb2_request_pending_timer()Stefan Metzmacher2012-08-231-1/+0
| | | | | | This was just for debugging... metze
* Extending space for fqdn in wbinfo --trusted-domains in verbose modeDaniel Liberman2012-08-231-2/+2
| | | | | | | | | Microsoft documentation states that maximum fqdn length is 64 characters, so extending DNS Domain column to 65 characters. Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Aug 23 03:49:00 CEST 2012 on sn-devel-104
* Remove align_string(). No longer used.Jeremy Allison2012-08-222-12/+0
| | | | | Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Aug 22 20:38:50 CEST 2012 on sn-devel-104
* Fix bug in SMB_FIND_INFO_STANDARD parsing found by Volker.Jeremy Allison2012-08-221-1/+3
| | | | | | | | | The function align_string() is now broken as base_ptr no longer points at the start of the SMB data packet, but at the start of the returned TRANS2 data area. Replace it with a check for FLAGS2_UNICODE_STRINGS and a call to ucs2_align().
* s4-python: Complete python bindings for idmap.idlAndrew Bartlett2012-08-222-0/+11
| | | | | Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Aug 22 03:08:51 CEST 2012 on sn-devel-104
* s3-pysmbd: Correct the python type for smb_acl_tAndrew Bartlett2012-08-221-2/+2
| | | | | | | The t is weird, but the python bindings trim the traditional IDL name prefix of each element, as it is usually rudundent. Andrew Bartlett
* s4-python: complete python bindigns for smb_acls.idlAndrew Bartlett2012-08-222-0/+11
|
* s3-vfs: Remove extra calls to SMB_VFS_HANDLE_GET_DATAAndrew Bartlett2012-08-221-6/+0
| | | | | | Found by the talloc_stackframe() out of order checker! Andrew Bartlett
* selftest: Pass --use-ntvfs to provison in renamedc testAndrew Bartlett2012-08-221-5/+5
| | | | | | Also fix test prefix to match the test Andrew Bartlett
* selftest: Specify --use-ntvfs to provision in test scriptsAndrew Bartlett2012-08-225-33/+35
| | | | | | | | Because these run as non-root, we need to avoid doing things that will fail during the provision. The main test of the s3fs provision is the plugin_s4_dc environment with a smb.conf that specifies vfs_fake_acls. Andrew Bartlett
* s4-classicupgrade: Add --use-ntvfs optionAndrew Bartlett2012-08-222-4/+8
| | | | | | | | This is an odd option, but is needed because I wish to add assertions about ACL setting that will not work in make test without the vfs_fake_acls module loaded. Andrew Bartlett
* s4-provision: pass use_ntvfs from C wrappers and set to true in tests/vampireAndrew Bartlett2012-08-225-3/+7
| | | | | | None of these cases need the complexity of the s3fs backend. Andrew Bartlett
* s4:samldb LDB module - remove unused "member" attribute from search filterMatthias Dieter Wallnöfer2012-08-221-1/+1
| | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* LDB:ldb_tdb.c - deny multi-valued attributes manipulation with doubletsMatthias Dieter Wallnöfer2012-08-221-1/+18
| | | | | | | | | | | | | | | | This refers to LDB add operations as well, we have only to be careful on "@ATTRIBUTES" entries. E.g. dn: cn=testperson,cn=users,dc=...,dc=... objectClass: person url: www.example.com url: www.example.com should not work. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* LDB:ldbsearch - add search filter testsMatthias Dieter Wallnöfer2012-08-221-0/+2
| | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* LDB:ldbsearch - search filters do not only contain "="Matthias Dieter Wallnöfer2012-08-221-1/+1
| | | | | | | | | Also "<=", ">=", "~"... are allowed as well. Enumeration taken from ldb_parse_filtertype(). This was the cause of not identifying the search filter as described in bug https://bugzilla.samba.org/show_bug.cgi?id=8647. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
View Lorry Controller Status