summaryrefslogtreecommitdiff
path: root/python
Commit message (Collapse)AuthorAgeFilesLines
* provision: Correctly provision the SOA record minimum TTLKai Blin2014-09-082-0/+2
| | | | | | | | | | | | This fixes bug #10466 Signed-off-by: Kai Blin <kai@samba.org> Reviewed-by: Guenter Kukkukk <kukks@samba.org> Autobuild-User(master): Kai Blin <kai@samba.org> Autobuild-Date(master): Wed May 21 10:55:00 CEST 2014 on sn-devel-104 (cherry picked from commit 634f116fbb89d723a627f4501b4cd89342cecb8e)
* python/join: use lowercase for the dnshostname.Stefan Metzmacher2014-09-081-2/+2
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 5533d9c3db31ac86769288527ec20ad4e57f703c)
* tests: dnsserver: Add a update test with name set to '.'Amitay Isaacs2014-08-071-1/+40
| | | | | | | | | | | | | | | | Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Jul 29 19:33:19 CEST 2014 on sn-devel-104 (cherry picked from commit 6d104182d9667e4f996439d24cfa052f34098ce4) Bug: https://bugzilla.samba.org/show_bug.cgi?id=10742 samba-tool dns add 172.31.9.161 s4xdom.base . NS mydns.org. => NO_MEMORY Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-1-test): Thu Aug 7 18:54:28 CEST 2014 on sn-devel-104
* dbcheck: Add check and test for various invalid userParameters valuesAndrew Bartlett2014-07-151-0/+90
| | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=8077 Change-Id: I6f2f4169856ce78c62e3a7e74b48520cca9cb9ae Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 9bfbff65436a088fab5d564b6c0bb122a76492bc)
* dbcheck: Ensure dbcheck can operate with --attrs setAndrew Bartlett2014-07-151-1/+1
| | | | | | | | This also includes a test to ensure we do not regress on this point. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit f596dc94e1ab839f13e2a9edbcec774635b5c211)
* dbcheck: Directly call dn.get_rdn_{val,name}() for clarity and consistencyAndrew Bartlett2014-07-151-18/+13
| | | | | | | | | | | | | When looking for incorrect name values, this improves the previous code by avoiding one more manual parse step, and uses less cryptic variable names. Andrew Bartlett Change-Id: Iff8e571a6359a67bf173f729dc12b8787292b3cb Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org> (cherry picked from commit 393348d11ed781d9f42049d5f996b0bab8b15d58)
* dbchecker: verify and fix broken dn valuesStefan Metzmacher2014-07-151-0/+94
| | | | | | | | | | | | | | | | | | | | | | | | | | With older Samba versions (4.0.x) the following could happen: - On account was created on DC1 - It was replicated to DC2 - The connection between the dcs is offline - The account gets modified on DC2 - The account gets deleted on DC1 - The connection becomes online again - DC1 replicates the modification from DC2, this resets the dn to the original value. 'name' and 'cn' are correct (with '\nDEL${GUID}'), but 'dn' is wrong. - DC2 replicates the deletion from DC1. this doesn't include a changed dn as DC1 had a bug. 'name' is correct (with '\nDEL${GUID}'), but 'cn' and 'dn' are wrong. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10536 Change-Id: Ia70a6c12e0ff0d4c2c8100cb1d8f3c6422b65591 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 709ed040ec161e99b3c1f7076eac4a631149f64a)
* dbchecker: make the deleted objects container detection more genericStefan Metzmacher2014-07-151-2/+8
| | | | | | | Change-Id: I282ad887c41412e25fdf73476e405f4e88e0b239 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 821d7dc7b33598f72c4518f8975073b058df5960)
* samba-tool dbcheck: handle missing objectClassFelix Botner2014-07-151-0/+31
| | | | | | | | | | | | | | | In several cases we have seen objects without the objectClass attribute. Here the suggestion for a patch to find such objects in "samba-tool dbcheck" with the option to delete them. (patch improved by Andrew Bartlett to suggest DRS re-replication) Signed-off-by: Felix Botner <botner@univention.de> Change-Id: I8eb0d191a2089271a9af5884d6bfbf173a5c85c6 Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 5b1d6e722e254522165ec512537a2efa2b979e6f)
* s4-samldb: Do not allow deletion of objects with RID < 1000Nadezhda Ivanova2014-07-151-6/+6
| | | | | | | | | | | | | | According to [MS-SAMR] 3.1.5.7 Delete Pattern we should not allow deletion of security objects with RID < 1000. This patch will prevent deletion of well-known accounts and groups. Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Nadezhda Ivanova <nivanova@samba.org> Autobuild-Date(master): Mon Oct 14 13:31:50 CEST 2013 on sn-devel-104 (cherry picked from commit 13a10d43141c29dad61868b451c0c1dca82360de)
* provision: capture slightly less generic exceptions during the test for aclsGarming Sam2014-07-151-2/+2
| | | | | | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org> (cherry picked from commit f279a297a4a94c5cbc049c9b2cde14b02960a76f) The last 4 patches address bug #10703 - backport provision fixes from master.
* provision: improve error message when connecting to samdb without the ↵Garming Sam2014-07-151-1/+7
| | | | | | | | | | correct permissions Signed-off-by: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org> (cherry picked from commit b27543aa729ca893270831d5c4fc74ea7ac6d407)
* provision: Fix failures on re-provision incorrectly blamed on posix acl support.Garming Sam2014-07-151-26/+25
| | | | | | | | | By doing the test later, there is an actual sam.ldb file that can be connected to. Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org> (cherry picked from commit a89060a0217f8740798d1dac4466222301a4d81b)
* samba-tool: add --site parameter to provision command (bug #10674)Björn Baumbach2014-07-151-1/+4
| | | | | | | | | | This new parameter offers the option to specify a default initial site name. Otherwise it will be "Default-First-Site-Name". Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org> (cherry picked from commit 4ca1d69d7daa8f4f92d44cd505aa0983f2ab56bf)
* provision/sambadns: remove redundant site parameterBjörn Baumbach2014-07-152-3/+4
| | | | | | | | | | | | | | | The sitename is already included in "names" parameter. Part of fix for bug #10674 Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org> (cherry picked from commit 4ebd7250ef18811e58d812670e96e61836e4770b) Conflicts: python/samba/provision/__init__.py python/samba/provision/sambadns.py
* bug #10609: CVE-2014-0239 Don't reply to repliesKai Blin2014-05-201-0/+29
| | | | | | | | | | | | | | | | | | | | | Due to insufficient input checking, the DNS server will reply to a packet that has the "reply" bit set. Over UDP, this allows to send a packet with a spoofed sender address and have two servers DOS each other with circular replies. This patch fixes bug #10609 and adds a test to make sure we don't regress. CVE-2014-2039 has been assigned to this issue. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10609 Signed-off-by: Kai Blin <kai@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Kai Blin <kai@samba.org> Autobuild-Date(master): Tue May 20 04:15:44 CEST 2014 on sn-devel-104 (cherry picked from commit 392ec4d241eb19c812cd49ff73bd32b2b09d8533) Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-1-test): Tue May 20 13:54:40 CEST 2014 on sn-devel-104
* provision: Fix string replacement orderingBenjamin Franzke2014-04-291-1/+1
| | | | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com> (cherry picked from commit ca8acb681a1ccaddf85376ff30c9b13b1a4c943d)
* dns: Extend tests for records with another typeKai Blin2014-04-011-0/+14
| | | | | | | | | | | | Add another check to the one added for bug #10471, for added paranoia Signed-off-by: Kai Blin <kai@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Kai Blin <kai@samba.org> Autobuild-Date(master): Tue Mar 4 15:47:10 CET 2014 on sn-devel-104 (cherry picked from commit 5bd47bb563c3736b9de1a3a93bdf46a498928643)
* bug #10471: Don't respond with NXDOMAIN to records that exist with another typeKai Blin2014-04-011-0/+16
| | | | | | | | | | | DNS queries for records with the wrong type need to trigger an empty response with RCODE_OK instead of returning NXDOMAIN. This adds a test and fixes bug #10471 Signed-off-by: Kai Blin <kai@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit d9829df13317b38677d92a499134727ab31fbb0e)
* Fix bug 10196 - RW Deny for a specific user is not overriding RW Allow for a ↵Jeremy Allison2013-11-141-44/+116
| | | | | | | | | | | | | | group. Fix posix_acl tests to match the change in writing ACLs with ID_TYPE_BOTH. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> (cherry picked from commit a1bc1c32e33508c45e614646d69a5f5d67ba22be) Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-1-test): Thu Nov 14 11:36:24 CET 2013 on sn-devel-104
* Merge tag 'samba-4.1.1' into v4-1-testKarolin Seeger2013-11-111-1/+1
|\ | | | | | | samba: tag release samba-4.1.1
| * CVE-2013-4476: samba-tool provision: create ${private_dir}/tls with mode 0700Björn Baumbach2013-11-081-1/+1
| | | | | | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234 Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* | s4-dns: dlz_bind9: Create dns-HOSTNAME account disabledSamuel Cabrero2013-11-061-4/+7
|/ | | | | | | | | | | | | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Oct 25 00:39:21 CEST 2013 on sn-devel-104 (cherry picked from commit d3aee80928dc7ccde9441309bf946c2503f7714a) Part of a fix for bug # 9091 - When replicating DNS for bind9_dlz we need to create the server-DNS account remotely. Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-1-test): Wed Nov 6 14:28:14 CET 2013 on sn-devel-104
* dbcheck: Add back the elements that were wrongly removed from CN=Deleted ObjectsAndrew Bartlett2013-09-271-0/+66
| | | | | | | | | | | | | | | | | | | This is the final part of the fix for the issue in Samba 4.1 pre-release tree where we would wrongly delete the Deleted Objects container during a join. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Tue Sep 24 09:31:37 CEST 2013 on sn-devel-104 (cherry picked from commit f4ff81f5797c5dd8f562aec2cfec789272e739fd) The last 19 patches address bug #10157 - Regression causes replication failure with Windows 2008R2 and deletes Deleted Objects.
* dbcheck: Ensure to always increase the error_countAndrew Bartlett2013-09-271-0/+1
| | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> (cherry picked from commit bcd535e95c5e8f83f6b30264ab1f0de3c6ac2cda)
* dbcheck: Look for and fix the all-zero invocationID in replPropertyMetaDataAndrew Bartlett2013-09-271-0/+68
| | | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> (cherry picked from commit 9e1dde15f9d3a374747d163e37016b54f008bd9f)
* python/drs: Ensure to pass in the local invocationID during the domain joinAndrew Bartlett2013-09-273-4/+10
| | | | | | | | | | | This ensures (and asserts) that we never write an all-zero GUID as an invocationID to the database in replPropertyMetaData. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit a623359fb8a54083b81436d14b7ba022c11efb18)
* python-samba-tool fsmo: Do not give an error on a successful role transferAndrew Bartlett2013-09-251-7/+7
| | | | | | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=9461 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Sep 23 12:00:24 CEST 2013 on sn-devel-104 (cherry picked from commit 8d8872ae0a19786452c3be044757b16814b82be8) Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-1-test): Wed Sep 25 10:47:35 CEST 2013 on sn-devel-104
* scripting/join.py: Handle creating the dns-NAME account during a DC joinAndrew Bartlett2013-09-062-7/+77
| | | | | | | | | | | This will ensure that the DLZ plugin works out of the box when joining a second Samba DC to the domain. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit b106d9090e8f8f44f02059d2ced3d10066787060)
* python/provision: remove unused linklocal=False argument from interface_ips_v6()Stefan Metzmacher2013-09-021-3/+3
| | | | | | | | | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Bjoern Jacke <bj@sernet.de> Autobuild-User(master): Björn Jacke <bj@sernet.de> Autobuild-Date(master): Fri Aug 30 17:33:58 CEST 2013 on sn-devel-104 (cherry picked from commit 3430448fc01ce3fbe0606a2c239d3c98a5b78361) The last 3 patches address bug #10030 - ::1 added to nameserver on join. Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-1-test): Mon Sep 2 11:50:45 CEST 2013 on sn-devel-104
* python/pyglue: filter out loopback and linklocal addresses unless ↵Stefan Metzmacher2013-09-021-2/+43
| | | | | | | | | | all_interfaces is given Bug: https://bugzilla.samba.org/show_bug.cgi?id=10030 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Bjoern Jacke <bj@sernet.de> (cherry picked from commit 0e6aca40413fb3cfd4300f282204a69743be4a65)
* samba-tool dbcheck: Correctly remove deleted DNs in dbcheckAndrew Bartlett2013-08-051-1/+1
| | | | | | | | | | | | | | | | The previous pattern never matched, as it was a typo. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Jul 30 12:55:00 CEST 2013 on sn-devel-104 (cherry picked from commit 7615b2549d9549683978cb3e85b926e2ba63e294) The last 4 patches address bug #9029 - Replication with --domain-crictical-only fails to fill in backlinks.
* python samba-tool drs: Correctly print KCC references to deleted serversAndrew Bartlett2013-06-121-3/+12
| | | | | | | | Tested against Windows 2008R2, presumably before the KCC ran. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
* Remove remaining references to "password level" in the treeAndrew Bartlett2013-06-111-1/+0
| | | | | | | Reviewed-by: Simo Sorce <idra@samba.org> Autobuild-User(master): Simo Sorce <idra@samba.org> Autobuild-Date(master): Tue Jun 11 16:25:54 CEST 2013 on sn-devel-104
* dns: Delete dnsNode objects when they are emptyKai Blin2013-06-011-0/+117
| | | | | | | | | | | | If an update leaves the dnsNode without any entries, the dnsNode object should be deleted. Thanks to Günter Kukkukk for his excellent debugging work on this one. This should fix bug #9559 Signed-off-by: Kai Blin <kai@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool/dns: Set secure zone update flag after creating new zoneAmitay Isaacs2013-05-301-3/+9
| | | | | | | Windows DC ignores the secure update flag while creating new zone. Windows performs another operation to set the secure update flag. Signed-off-by: Amitay Isaacs <amitay@gmail.com>
* samba-tool/dns: Pass on additional flags when creating zonesAmitay Isaacs2013-05-301-0/+6
| | | | | | | | Windows DCs require additional flags to be set when creating zones. This fixes bug #9599. Signed-off-by: Amitay Isaacs <amitay@gmail.com>
* s4-dns: Support update of SOA recordsAmitay Isaacs2013-05-301-2/+3
| | | | Signed-off-by: Amitay Isaacs <amitay@gmail.com>
* s4-dns: Print/Set minimumTTL value in SOA recordAmitay Isaacs2013-05-281-1/+3
| | | | | | | | | Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue May 28 08:47:56 CEST 2013 on sn-devel-104
* python-samba-tool domain classicupgrade: Use transactions when adding ↵Andrew Bartlett2013-05-161-31/+69
| | | | | | | | | | | users/groups/members This should make things a bit faster when importing very large numbers of users as we will not constantly rewrite the indicies on disk. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
* samba-tool dbcheck: Use dsdb.DS_GUID_DELETED_OBJECTS_CONTAINER rather than ↵Andrew Bartlett2013-05-161-1/+1
| | | | | | | | | | the literal value This is better practice. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
* python-samba-tool domain classicupgrade: Correct message about re-promoting BDCsAndrew Bartlett2013-05-161-1/+1
| | | | Reviewed-by: Stefan Metzmacher <metze@samba.org>
* python-samba-tool domain classicupgrade: Actually Skip domain trust accountsAndrew Bartlett2013-05-161-0/+1
| | | | Reviewed-by: Stefan Metzmacher <metze@samba.org>
* python-samba-tool domain classicupgrade: Skip machine accounts that do not ↵Andrew Bartlett2013-05-161-4/+11
| | | | | | | | | | end in $ These accounts will not work anyway, as all the domain member lookup code in netlogon expects the $. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dns: Fix allocation of txt_record in txt record testsKai Blin2013-05-161-8/+12
| | | | | | | | Signed-off-by: Kai Blin <kai@samba.org> Reviewed-By: Amitay Isaacs <amitay@gmail.com> Autobuild-User(master): Amitay Isaacs <amitay@samba.org> Autobuild-Date(master): Thu May 16 15:39:15 CEST 2013 on sn-devel-104
* dns: more debug debug options in the testsKai Blin2013-05-161-4/+26
| | | | | Signed-off-by: Kai Blin <kai@samba.org> Reviewed-By: Amitay Isaacs <amitay@gmail.com>
* dns: Add support for MX queriesKai Blin2013-05-161-0/+43
| | | | | | | | | | Due to an oversight, the internal DNS server supports MX record updates, but not MX record queries. Add support for MX queries and tests. This should fix bug #9485 Signed-off-by: Kai Blin <kai@samba.org> Reviewed-By: Amitay Isaacs <amitay@gmail.com>
* samba_tool/base.py: Fix typo.Karolin Seeger2013-05-151-1/+1
| | | | | Signed-off-by: Karolin Seeger <kseeger@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* netcmd/group.py: Fix typo.Karolin Seeger2013-05-151-2/+2
| | | | | Signed-off-by: Karolin Seeger <kseeger@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* samba-tool/tests: Force the gecos of the user to a fixed value.Matthieu Patou2013-05-151-1/+10
| | | | | | | | | | | | | | When --gecos is not specified samba-tool user add will try to read the gecos field from a getpw call. And if user's GECOS is empty (like the build user on sn-devel-104) then the test will fail because we can't add an empty gecos. Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed May 15 16:19:23 CEST 2013 on sn-devel-104
View Lorry Controller Status