Andrew Bartlett [Thu, 30 Aug 2012 22:31:45 +0000 (08:31 +1000)]
WHATSNEW: prepare for 4.0 beta8
Jeremy Allison [Thu, 30 Aug 2012 15:45:43 +0000 (08:45 -0700)]
The NTVFS server doesn't pass the SMB1 INHERITFLAGS test.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 30 21:38:02 CEST 2012 on sn-devel-104
Jeremy Allison [Wed, 29 Aug 2012 22:18:19 +0000 (15:18 -0700)]
Now ACL inheritance flags are working, add test_inheritance_flags() back into raw.acls to ensure we don't regress.
Jeremy Allison [Wed, 29 Aug 2012 21:22:33 +0000 (14:22 -0700)]
With the inheritance ACL changes we now pass samba3.smb2.acls.INHERITFLAGS.
Jeremy Allison [Wed, 29 Aug 2012 20:44:57 +0000 (13:44 -0700)]
Fix bug #9124 - Samba fails to set "inherited" bit on inherited ACE's.
Change se_create_child_secdesc() to handle inheritance correctly.
Jeremy Allison [Wed, 29 Aug 2012 20:40:29 +0000 (13:40 -0700)]
Windows does canonicalization of inheritance bits. Do the same.
We need to filter out the
SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ
bits. If both are set we store SEC_DESC_DACL_AUTO_INHERITED
as this alters whether SEC_ACE_FLAG_INHERITED_ACE is set
when an ACE is inherited. Otherwise we zero these bits out.
See:
http://social.msdn.microsoft.com/Forums/eu/os_fileservices/thread/
11f77b68-731e-407d-b1b3-
064750716531
for details.
Jeremy Allison [Wed, 29 Aug 2012 20:37:51 +0000 (13:37 -0700)]
Change the other two places where we set a security descriptor given by the client to got through set_sd(),
the canonicalize sd function.
Jeremy Allison [Wed, 29 Aug 2012 20:29:34 +0000 (13:29 -0700)]
Re-add set_sd(), called from set_sd_blob(). Allows us to centralize all ACL canonicalization.
Jeremy Allison [Wed, 29 Aug 2012 20:23:06 +0000 (13:23 -0700)]
Rename set_sd() to set_sd_blob() - this describes what it does.
Christian Ambach [Thu, 30 Aug 2012 14:43:33 +0000 (16:43 +0200)]
s3:libsmb correctly set isFsctl for snapshot list
FSCTL_GET_SHADOW_COPY_DATA is a FSCTL, so set the isFsctl marker
otherwise smbclient allinfo will not report snapshots any more with the changes
made for Bug #8311
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Thu Aug 30 18:57:24 CEST 2012 on sn-devel-104
Andreas Schneider [Thu, 30 Aug 2012 11:55:17 +0000 (13:55 +0200)]
selftest: Remove spoolss tests from knownfail.
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Aug 30 17:17:55 CEST 2012 on sn-devel-104
Andreas Schneider [Thu, 30 Aug 2012 12:09:49 +0000 (14:09 +0200)]
selftest: Add missing printing options for plugin_s4_dc.
Andreas Schneider [Thu, 30 Aug 2012 13:11:41 +0000 (15:11 +0200)]
file_server: Fix spoolss support with s3fs.
Andreas Schneider [Thu, 30 Aug 2012 12:09:10 +0000 (14:09 +0200)]
selftest: Define the log directory for s3fs.
Andrew Bartlett [Wed, 29 Aug 2012 21:49:21 +0000 (07:49 +1000)]
auth/credentials: Support match-by-key in cli_credentials_get_server_gss_creds()
This allows a password alone to be used to accept kerberos tickets.
Of course, we need to have got the salt right, but we do not need also
the correct kvno. This allows gensec_gssapi to accept tickets based on
a secrets.tdb entry.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Aug 30 01:26:12 CEST 2012 on sn-devel-104
Andrew Bartlett [Fri, 24 Aug 2012 00:01:42 +0000 (10:01 +1000)]
s4-torture: Add start of a test to confirm winbindd PAC parsing
So far this confirms that we can accept a ticket using the secrets.tdb
entry.
Andrew Bartlett
Andrew Bartlett [Wed, 29 Aug 2012 07:58:45 +0000 (17:58 +1000)]
lib/krb4_wrap: Add const to kt_copy_one_principal
Christof Schmitt [Thu, 16 Aug 2012 19:47:52 +0000 (12:47 -0700)]
s3:vfs_gpfs: Use directory not file to get fileset id
The query of the fileset quota needs to determine the file set id first.
With the currently available interface, this requires opening the file
to get a file descriptor. For files, this open can fail when a share
mode is set.
Workaround this by querying the fileset id on the directory instead.
The proper solution would be getting an interface for getting the
fileset id that does not require opening the file.
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Wed Aug 29 18:58:34 CEST 2012 on sn-devel-104
Björn Jacke [Wed, 29 Aug 2012 11:37:05 +0000 (13:37 +0200)]
vfs_media_harmony: fix some compile warnings with llvm
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Wed Aug 29 16:05:10 CEST 2012 on sn-devel-104
David Disseldorp [Tue, 28 Aug 2012 16:58:24 +0000 (18:58 +0200)]
s3-printing: fix bug 9123 lprng job tracking errors
The lprng printing back-end is truncating the print job filename in the
lpq output, which means that Samba is not able to determine the back-end
job ID for a newly submitted print job.
Remove the unneeded spoolss job ID from the print job file name to
ensure the job filename is not truncated. Also log these warnings at a
higher log level.
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Aug 29 14:25:13 CEST 2012 on sn-devel-104
Andreas Schneider [Wed, 29 Aug 2012 08:36:21 +0000 (10:36 +0200)]
libkrb5: Fix build with MIT Kerberos.
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Aug 29 12:23:37 CEST 2012 on sn-devel-104
Andrew Bartlett [Wed, 29 Aug 2012 06:22:24 +0000 (16:22 +1000)]
s4-libnet: Fix passing samba_all_enctypes as a fn rather than the encrypt array it returns
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Aug 29 09:56:27 CEST 2012 on sn-devel-104
Andrew Bartlett [Wed, 29 Aug 2012 01:32:26 +0000 (11:32 +1000)]
s4-dsdb: Avoid printing secret attributes in ldb trace logs
These are printed when Samba has debug level 10, which is often used for debugging.
To indicate that these attributes are secret, we set an opaque.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Aug 29 06:04:33 CEST 2012 on sn-devel-104
Andrew Bartlett [Wed, 29 Aug 2012 01:29:44 +0000 (11:29 +1000)]
lib/ldb: Avoid printing secret attributes in ldb trace logs
These are printed when Samba has debug level 10, which is often used for debugging.
Instead, print a note to say that this attribute has been skipped.
Andrew Bartlett
Andrew Bartlett [Tue, 28 Aug 2012 23:44:52 +0000 (09:44 +1000)]
auth/credentials: Remove unused, and un-declared cli_credentials_set_krbtgt()
Andrew Bartlett [Tue, 28 Aug 2012 23:44:12 +0000 (09:44 +1000)]
auth/credentials: Better integrate fetch of secrets.tdb and secrets.ldb records
By checking first if there is a secrets.tdb record and passing in the password and last change time
we avoid setting one series of values and then replacing them. We also avoid the need to work
around the setting of anonymous.
Andrew Bartlett
Andrew Bartlett [Tue, 28 Aug 2012 23:21:52 +0000 (09:21 +1000)]
auth/credentials: Improve memory handling in cli_credentials_set_machine_account
By using a tempoary talloc context this is much tidier and more reliable code.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Aug 29 03:11:10 CEST 2012 on sn-devel-104
Andrew Bartlett [Tue, 28 Aug 2012 23:10:40 +0000 (09:10 +1000)]
selftest: Add a test for smbclient --machine-pass without secrets.tdb
Errors in handling the upgrade case without a matching secrets.tdb caused segfaults
in the server. This essentially tests both sides.
Andrew Bartlett
Andrew Bartlett [Tue, 28 Aug 2012 23:09:10 +0000 (09:09 +1000)]
auth/credentials: Avoid double-free in the failure case
This pointer is only valid if dbwrap_fetch returned success.
Andrew Bartlett
Andreas Schneider [Tue, 28 Aug 2012 12:17:22 +0000 (14:17 +0200)]
s3-smbd: Fix flooding the logs with records we don't find in pcap.
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Aug 28 16:38:55 CEST 2012 on sn-devel-104
Andrew Bartlett [Tue, 28 Aug 2012 01:19:04 +0000 (11:19 +1000)]
s3-classicupgrade: Fix import from ldap
We must not reference result before provision(), and do not need
session_info and lp for reading a normal ldap backend anyway.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 28 09:49:39 CEST 2012 on sn-devel-104
Andrew Bartlett [Tue, 28 Aug 2012 00:00:34 +0000 (10:00 +1000)]
lib/ldb: Bump ldb version to 1.1.11
This will ensure the next Samba release requires an ldb with the recent
fixes.
Andrew Bartlett
Andrew Bartlett [Tue, 3 Jul 2012 03:09:33 +0000 (13:09 +1000)]
s3-vfs: Indicate the symlink destination when failing check_reduced_name
Andrew Bartlett [Mon, 2 Jul 2012 12:31:49 +0000 (22:31 +1000)]
s3-vfs: Try to be consistent about localtime vs GMT handling in vfs_shadow_copy2
With the ability to handle times a abolute time_t values since 1970
this becomes more important to get absolutly correct.
Andrew Bartlett
Andrew Bartlett [Mon, 2 Jul 2012 09:31:58 +0000 (19:31 +1000)]
s3-vfs_shadow_copy2: Also accept a sscanf result
Andrew Bartlett [Mon, 27 Aug 2012 21:43:06 +0000 (07:43 +1000)]
VERSION: Move on to beta8
We actually expect beta7 to be the last beta, but to avoid
confusion I won't mark it as rc1 until the actual release candidate.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 28 01:48:16 CEST 2012 on sn-devel-104
Andrew Bartlett [Mon, 27 Aug 2012 21:41:11 +0000 (07:41 +1000)]
VERSION: Mark as the beta7 release
Andrew Bartlett [Mon, 27 Aug 2012 21:39:36 +0000 (07:39 +1000)]
WHATSNEW: prepare for 4.0 beta7
Andrew Bartlett [Mon, 27 Aug 2012 12:39:35 +0000 (22:39 +1000)]
selftest: Fix comment in blackbox_s3upgrade.sh
Andrew Bartlett [Mon, 27 Aug 2012 12:38:53 +0000 (22:38 +1000)]
s4-classicupgrade: Do the setting of the sysvol ACLs last, after idmap is configured
This will allow files to be correctly owned by the idmap that is imported.
This appears to fix an issue that came up after s3fs-compatible ACLs were
merged into provision.
Andrew Bartlett
Andrew Bartlett [Mon, 27 Aug 2012 12:37:19 +0000 (22:37 +1000)]
s3-passdb: Allow reload of the static passdb from python
This is then used in provision when the passdb backend is forced.
Andrew Bartlett
Andrew Bartlett [Mon, 27 Aug 2012 11:37:19 +0000 (21:37 +1000)]
auth/credentials: Rework credentials handling to try and find the most recent machine pw
As winbindd will update secrets.tdb but not secrets.ldb, we need to detect this and use secrets.tdb
Andrew Bartlett
Andrew Bartlett [Mon, 27 Aug 2012 11:02:28 +0000 (21:02 +1000)]
selftest: Add test of smbclient --machine-pass against and using both s3 and s4
This uses both smbclient binaries to ensure that both work in both environments.
Andrew Bartlett
Andrew Bartlett [Mon, 27 Aug 2012 11:01:10 +0000 (21:01 +1000)]
auth/credentials: Expand secrets.tdb fetch of secrets to preserve workstation and realm
These would otherwise be set during the fetch from the secrets.ldb, but are wiped when that fails.
Andrew Bartlett
Andrew Bartlett [Mon, 27 Aug 2012 09:46:11 +0000 (19:46 +1000)]
s4-dsdb: Remove double-free in update_keytab module
Andrew Bartlett [Mon, 27 Aug 2012 09:29:38 +0000 (19:29 +1000)]
s4-dsdb: Add secrets_tdb_sync - an ldb module to keep secrets.tdb in sync
secrets_tdb_sync is a new ldb module designed to sync secrets.ldb
entries with the secrets.tdb file.
While not ideal to keep two copies of this data, this routine will
assist in allowing the samba-tool domain join code to operate
correctly in most cases where winbindd and smbd are used.
Andrew Bartlett
Andrew Bartlett [Mon, 27 Aug 2012 09:42:44 +0000 (19:42 +1000)]
s3-secrets: Use talloc_stackframe() in secrets_init_path()
Andrew Bartlett [Mon, 27 Aug 2012 09:28:56 +0000 (19:28 +1000)]
s3-secrets: Handle all valid ROLE_ values in get_default_sec_channel()
Andrew Bartlett [Mon, 27 Aug 2012 09:28:22 +0000 (19:28 +1000)]
s3-secrets: Add helper function to set machine account password from secrets_tdb_sync
secrets_tdb_sync will be a new ldb module designed to sync secrets.ldb
entries with the secrets.tdb file.
While not ideal to keep two copies of this data, this routine will
assist in allowing the samba-tool domain join code to operate
correctly in most cases where winbindd and smbd are used.
Andrew Bartlett
Andrew Bartlett [Mon, 27 Aug 2012 08:34:02 +0000 (18:34 +1000)]
lib/krb5_wrap: Move enctype conversion functions into a simple helper file
Andrew Bartlett [Mon, 27 Aug 2012 07:27:16 +0000 (17:27 +1000)]
s4-classicupgrade: Read WINS DB before the provision
Andrew Bartlett [Mon, 27 Aug 2012 07:20:51 +0000 (17:20 +1000)]
s4-classicupgrade: Do all the queries of data before the provision()
This allows provision to change the s3 smb.conf settings if required.
Andrew Bartlett
Andrew Bartlett [Mon, 27 Aug 2012 06:56:35 +0000 (16:56 +1000)]
s4-classicupgrade: Use s3param.get_context() instead of result.lp
We should not need the guessed values here, but by changing to using the s3 loadparm context
we can move this block to before the provision.
Andrew Bartlett
Andrew Bartlett [Mon, 27 Aug 2012 05:52:47 +0000 (15:52 +1000)]
lib/krb5_wrap: Move kerberos_enctype_to_bitmap() into krb5_wrap
Andrew Bartlett [Mon, 27 Aug 2012 05:51:52 +0000 (15:51 +1000)]
lib/krb5_wrap: Bring list of all enc types into krb5_wrap
Andrew Bartlett [Mon, 27 Aug 2012 05:34:41 +0000 (15:34 +1000)]
s4-libnet: Ensure termination of enctype array in libnet_export_keytab()
Andrew Bartlett [Mon, 27 Aug 2012 05:22:45 +0000 (15:22 +1000)]
examples: Remove security=share and security=server from example smb.conf
Andrew Bartlett [Mon, 27 Aug 2012 21:46:49 +0000 (07:46 +1000)]
s3-param: Avoid assert on use of talloc_tos() without stackframe
This is hit during samba-tool domain classicupgrade
Andrew Bartlett
Volker Lendecke [Sun, 26 Aug 2012 19:22:02 +0000 (21:22 +0200)]
s4-torture: Test for #9058
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Aug 27 17:43:09 CEST 2012 on sn-devel-104
Stefan Metzmacher [Fri, 24 Aug 2012 15:42:18 +0000 (17:42 +0200)]
s4:winbind: let wb_update_rodc_dns_send/recv use netlogon_queue (bug #9097)
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Aug 25 05:06:18 CEST 2012 on sn-devel-104
Stefan Metzmacher [Fri, 24 Aug 2012 11:40:13 +0000 (13:40 +0200)]
s4:winbind: let wb_sam_logon_send/recv() use the netlogon_queue (bug #9097)
metze
Stefan Metzmacher [Fri, 24 Aug 2012 11:39:14 +0000 (13:39 +0200)]
s4:winbind: add a netlogon_queue (tevent_queue)
This will protect the netlogon_creds later.
metze
Stefan Metzmacher [Fri, 24 Aug 2012 15:39:58 +0000 (17:39 +0200)]
s4:winbind: convert wb_update_rodc_dns_send/recv to tevent_req
metze
Stefan Metzmacher [Fri, 24 Aug 2012 11:15:42 +0000 (13:15 +0200)]
s4:winbind: convert wb_sam_logon_send/recv to tevent_req
metze
Stefan Metzmacher [Thu, 23 Aug 2012 11:14:17 +0000 (13:14 +0200)]
s4:winbind: convert wb_sid2domain to tevent_req internally
The public wrapper still uses composite_context, because I don't
have time to fix all the callers...
metze
Stefan Metzmacher [Fri, 24 Aug 2012 06:29:21 +0000 (08:29 +0200)]
s4:librpc/rpc: don't do async requests if gensec doesn't support async replies (bug #9097)
metze
Stefan Metzmacher [Fri, 24 Aug 2012 06:27:47 +0000 (08:27 +0200)]
s4:librpc/rpc: also call dcerpc_schedule_io_trigger() after bind and alter_context responses
metze
Stefan Metzmacher [Fri, 24 Aug 2012 06:26:53 +0000 (08:26 +0200)]
s4:librpc/rpc: use dcerpc_req_dequeue() in dcerpc_request_recv_data()
metze
Stefan Metzmacher [Fri, 24 Aug 2012 11:17:23 +0000 (13:17 +0200)]
s4:librpc/rpc: use talloc_zero for 'struct rpc_request'
metze
Stefan Metzmacher [Fri, 10 Aug 2012 10:34:59 +0000 (12:34 +0200)]
libcli/smb: split out a smb_transport private library
metze
Stefan Metzmacher [Fri, 10 Aug 2012 10:38:41 +0000 (12:38 +0200)]
libcli/smb: wscript_build => wscript
We'll need some configure checks in future.
metze
Jeremy Allison [Thu, 23 Aug 2012 23:02:09 +0000 (16:02 -0700)]
Remove useless bool "upper_case_domain" parameter from ntv2_owf_gen().
The code in SMBNTLMv2encrypt_hash() should not be requesting case
changes on the domain name.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 24 21:39:42 CEST 2012 on sn-devel-104
Jeremy Allison [Thu, 23 Aug 2012 22:59:54 +0000 (15:59 -0700)]
Remove useless bool "upper_case_domain" parameter.
Jeremy Allison [Thu, 23 Aug 2012 22:46:16 +0000 (15:46 -0700)]
Move uppercasing the domain out of smb_pwd_check_ntlmv2()
Allows us to remove a silly bool parameter.
Based on work done by "Blohm, Guntram (I/FP-37, extern)" <extern.guntram.blohm@audi.de>.
Stefan Metzmacher [Tue, 21 Aug 2012 12:14:40 +0000 (14:14 +0200)]
s3:lib: make sure we don't try to send messages to server_id's marked as disconnected
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Aug 24 15:54:48 CEST 2012 on sn-devel-104
Stefan Metzmacher [Wed, 22 Aug 2012 11:30:22 +0000 (13:30 +0200)]
s3:lib: remove unused processes_exist()
metze
Stefan Metzmacher [Fri, 24 Aug 2012 07:05:06 +0000 (09:05 +0200)]
s3:lib: readd the CTDB_CONTROL_CHECK_SRVIDS optimization to serverids_exist()
metze
Stefan Metzmacher [Thu, 23 Aug 2012 07:03:36 +0000 (09:03 +0200)]
s3:lib: only loop over the server_ids we need to verify in serverids_exist()
metze
Stefan Metzmacher [Wed, 22 Aug 2012 15:52:56 +0000 (17:52 +0200)]
s3:lib: use server_id_is_disconnected() in serverids_exist()
metze
Stefan Metzmacher [Wed, 22 Aug 2012 11:28:49 +0000 (13:28 +0200)]
s3:lib: inline processes_exist() into serverids_exist()
metze
Stefan Metzmacher [Tue, 21 Aug 2012 10:57:28 +0000 (12:57 +0200)]
s3:lib: SERVERID_UNIQUE_ID_NOT_TO_VERIFY only means not to verify the 'unique_id' part
It doesn't mean the the server_id is always valid.
metze
Stefan Metzmacher [Wed, 22 Aug 2012 15:52:01 +0000 (17:52 +0200)]
lib/util: don't SMB_ASSERT() in process_exists_by_pid()
Just return false...
metze
Stefan Metzmacher [Wed, 22 Aug 2012 10:36:22 +0000 (12:36 +0200)]
s3:lib: implement process_exists() as wrapper of serverid_exists()
The changes the behavior of process_exists() it checks the pid.unique_id
now, if it's not SERVERID_UNIQUE_ID_NOT_TO_VERIFY.
metze
Stefan Metzmacher [Wed, 22 Aug 2012 10:35:29 +0000 (12:35 +0200)]
s3:g_lock: use serverid_exists() with SERVERID_UNIQUE_ID_NOT_TO_VERIFY
metze
Stefan Metzmacher [Wed, 22 Aug 2012 10:07:02 +0000 (12:07 +0200)]
s3:lib: implement serverid_exists() as wrapper of serverids_exist()
metze
Stefan Metzmacher [Wed, 22 Aug 2012 10:02:43 +0000 (12:02 +0200)]
s3:lib: remove CTDB_CONTROL_CHECK_SRVIDS optimization in serverids_exist() for now
This will be readded...
metze
Stefan Metzmacher [Thu, 23 Aug 2012 13:32:05 +0000 (15:32 +0200)]
lib/param: fix usage of 'write list = +Group'
metze
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Fri Aug 24 11:28:17 CEST 2012 on sn-devel-104
Björn Jacke [Thu, 23 Aug 2012 13:57:47 +0000 (15:57 +0200)]
s3: fix compile warning on openindiana
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Thu Aug 23 18:22:13 CEST 2012 on sn-devel-104
Björn Jacke [Thu, 23 Aug 2012 13:56:57 +0000 (15:56 +0200)]
crypto/aes_ccm_128: fix compile warning on openindiana
Björn Jacke [Thu, 23 Aug 2012 13:55:40 +0000 (15:55 +0200)]
s3/registry: fix compile warning on openindiana
Andrew Bartlett [Thu, 23 Aug 2012 10:13:45 +0000 (20:13 +1000)]
s4-selftest: Always set vfs objects in selftest smb.conf
This sets it for all enviornments, as it is harmless if ntvfs is used
and critical if the provision script runs in s3fs mode.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Aug 23 16:42:41 CEST 2012 on sn-devel-104
Andrew Bartlett [Thu, 23 Aug 2012 00:38:06 +0000 (10:38 +1000)]
s4-selftest: Add test for samba-tool ntacl sysvolcheck
Andrew Bartlett [Thu, 23 Aug 2012 00:37:46 +0000 (10:37 +1000)]
s4-samba-tool: Add samba-tool ntacl sysvolcheck command
This command verifies that the current on-disk ACLs match the directory and
the defaults from provision.
Unlike sysvolreset, this does not change any of the permissions.
Andrew Bartlett
Andrew Bartlett [Wed, 22 Aug 2012 23:45:07 +0000 (09:45 +1000)]
s3-smbd: Add security_info_wanted argument to get_nt_acl_no_snum
I need to get at the owner, group, DACL and SACL when testing correct
ACL storage.
Andrew Bartlett
Andrew Bartlett [Wed, 22 Aug 2012 23:39:32 +0000 (09:39 +1000)]
s3-pysmbd: Fix return type of smbd.get_nt_acl
The security_ prefix is stripped off in the python bindings.
Andrew Bartlett
Andrew Bartlett [Wed, 22 Aug 2012 23:38:54 +0000 (09:38 +1000)]
s3-smbd: Add talloc_stackframe() to get_nt_acl_no_snum()
This is required because the functions it calls use talloc_tos().
Andrew Bartlett
Andrew Bartlett [Wed, 22 Aug 2012 11:19:41 +0000 (21:19 +1000)]
s4-selftest: Add testing of samba-tool ntacl sysvolreset
Andrew Bartlett [Wed, 22 Aug 2012 11:01:16 +0000 (21:01 +1000)]
param: Add startup checks for valid server role/binary combinations
This should eliminate confusion from our users about what they can
expect to successfully run.
Andrew Bartlett
Andrew Bartlett [Wed, 22 Aug 2012 11:00:17 +0000 (21:00 +1000)]
s3-pysmbd: Fix error message
Andrew Bartlett [Wed, 22 Aug 2012 08:35:52 +0000 (18:35 +1000)]
s4-provision: Fix internal documentation