[SCM] Samba Shared Repository - branch master updated
Amitay Isaacs
amitay at samba.org
Tue Dec 13 23:32:01 MST 2011
The branch, master has been updated
via 010d600 s4-netlogon: Revert patch f02e4ebfafa6e5911e3fe744b1780527ab12c970
via a4ab152 tdb2: Fix python documentation for tdb.Tdb object
via 0cee9b0 samba-tool: Fix DN for GPO entries
via 8b94a34 samba-tool: gpo: fix a typo
via d8bed32 samba-tool: Remove duplicate code of dsacl to fsacl conversion
via 0a10b32 setup: Fix phpldapadmin configuration for version 1.2.x
from 19411c9 s4-smbtorture: fix some typos in schannel test.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 010d6003e323e57de16ec1f5b1c86bc5ed4bec95
Author: Amitay Isaacs <amitay at gmail.com>
Date: Wed Dec 14 10:07:17 2011 +1100
s4-netlogon: Revert patch f02e4ebfafa6e5911e3fe744b1780527ab12c970
DS_DNS_CONTROLLER bit is set if DC's domain name is dns name.
Autobuild-User: Amitay Isaacs <amitay at samba.org>
Autobuild-Date: Wed Dec 14 07:31:05 CET 2011 on sn-devel-104
commit a4ab152a05cafc443556c854a45aa025f8e4fc5d
Author: Amitay Isaacs <amitay at gmail.com>
Date: Wed Dec 14 09:45:15 2011 +1100
tdb2: Fix python documentation for tdb.Tdb object
commit 0cee9b01d9fbea94868a104d7140463923a3b95e
Author: Amitay Isaacs <amitay at gmail.com>
Date: Thu Dec 8 15:41:55 2011 +1100
samba-tool: Fix DN for GPO entries
commit 8b94a34bacc349d6354a6bfd17cda1a2dd248fee
Author: Amitay Isaacs <amitay at gmail.com>
Date: Wed Dec 7 17:14:58 2011 +1100
samba-tool: gpo: fix a typo
commit d8bed322fc67edd11641f7b8f4191a9dff787822
Author: Amitay Isaacs <amitay at gmail.com>
Date: Wed Dec 7 13:10:10 2011 +1100
samba-tool: Remove duplicate code of dsacl to fsacl conversion
Use samba.ntacls.dsacl2fsacl() instead.
commit 0a10b3260212982825d2bc78739ffef795ac63cb
Author: Amitay Isaacs <amitay at gmail.com>
Date: Wed Dec 7 12:26:46 2011 +1100
setup: Fix phpldapadmin configuration for version 1.2.x
-----------------------------------------------------------------------
Summary of changes:
lib/tdb2/pytdb.c | 2 +-
source4/cldap_server/netlogon.c | 5 --
source4/scripting/python/samba/netcmd/gpo.py | 60 ++++++--------------------
source4/setup/phpldapadmin-config.php | 28 ++++--------
4 files changed, 24 insertions(+), 71 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/tdb2/pytdb.c b/lib/tdb2/pytdb.c
index 98ce423..87e5bdc 100644
--- a/lib/tdb2/pytdb.c
+++ b/lib/tdb2/pytdb.c
@@ -532,7 +532,7 @@ static PyMappingMethods tdb_object_mapping = {
.mp_ass_subscript = (objobjargproc)obj_setitem,
};
static PyTypeObject PyTdb = {
- .tp_name = "Tdb",
+ .tp_name = "tdb.Tdb",
.tp_basicsize = sizeof(PyTdbObject),
.tp_methods = tdb_object_methods,
.tp_getset = tdb_object_getsetters,
diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c
index e9ec074..9d9f45e 100644
--- a/source4/cldap_server/netlogon.c
+++ b/source4/cldap_server/netlogon.c
@@ -61,7 +61,6 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
struct ldb_result *dom_res = NULL, *user_res = NULL;
int ret;
const char **services = lpcfg_server_services(lp_ctx);
- const char **rpc_services = lpcfg_dcerpc_endpoint_servers(lp_ctx);
uint32_t server_type;
const char *pdc_name;
struct GUID domain_uuid;
@@ -247,10 +246,6 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx,
server_type |= DS_SERVER_KDC;
}
- if (str_list_check(rpc_services, "dnsserver")) {
- server_type |= DS_DNS_CONTROLLER;
- }
-
if (samdb_rodc(sam_ctx, &am_rodc) == LDB_SUCCESS && !am_rodc) {
server_type |= DS_SERVER_WRITABLE;
}
diff --git a/source4/scripting/python/samba/netcmd/gpo.py b/source4/scripting/python/samba/netcmd/gpo.py
index f87d192..ede28cc 100644
--- a/source4/scripting/python/samba/netcmd/gpo.py
+++ b/source4/scripting/python/samba/netcmd/gpo.py
@@ -34,7 +34,8 @@ from samba.netcmd import (
SuperCommand,
)
from samba.samdb import SamDB
-from samba import dsdb, dcerpc
+from samba import dsdb
+from samba.dcerpc import security
from samba.ndr import ndr_unpack
import samba.security
import samba.auth
@@ -43,6 +44,7 @@ from samba.netcmd.common import netcmd_finddc
from samba import policy
from samba import smb
import uuid
+from samba.ntacls import dsacl2fsacl
def samdb_connect(ctx):
@@ -336,13 +338,13 @@ class cmd_list(Command):
continue
secdesc_ndr = gmsg[0]['ntSecurityDescriptor'][0]
- secdesc = ndr_unpack(dcerpc.security.descriptor, secdesc_ndr)
+ secdesc = ndr_unpack(security.descriptor, secdesc_ndr)
try:
samba.security.access_check(secdesc, token,
- dcerpc.security.SEC_STD_READ_CONTROL |
- dcerpc.security.SEC_ADS_LIST |
- dcerpc.security.SEC_ADS_READ_PROP)
+ security.SEC_STD_READ_CONTROL |
+ security.SEC_ADS_LIST |
+ security.SEC_ADS_READ_PROP)
except RuntimeError:
self.outf.write("Failed access check on %s\n" % msg.dn)
continue
@@ -406,7 +408,7 @@ class cmd_show(Command):
raise CommandError("GPO %s does not exist" % gpo, e)
secdesc_ndr = msg['ntSecurityDescriptor'][0]
- secdesc = ndr_unpack(dcerpc.security.descriptor, secdesc_ndr)
+ secdesc = ndr_unpack(security.descriptor, secdesc_ndr)
self.outf.write("GPO : %s\n" % msg['name'][0])
self.outf.write("display name : %s\n" % msg['displayName'][0])
@@ -871,11 +873,8 @@ class cmd_create(Command):
raise CommandError("Error adding GPO in AD", e)
# Add cn=User,cn=<guid>
- child_dn = gpo_dn
- child_dn.add_child(ldb.Dn(self.samdb, "CN=User"))
-
m = ldb.Message()
- m.dn = ldb.Dn(self.samdb, child_dn.get_linearized())
+ m.dn = ldb.Dn(self.samdb, "CN=User,%s" % str(gpo_dn))
m['a01'] = ldb.MessageElement("container", ldb.FLAG_MOD_ADD, "objectClass")
m['a02'] = ldb.MessageElement("TRUE", ldb.FLAG_MOD_ADD, "showInAdvancedViewOnly")
try:
@@ -883,12 +882,9 @@ class cmd_create(Command):
except Exception, e:
raise CommandError("Error adding GPO in AD", e)
- # Add cn=User,cn=<guid>
- child_dn = gpo_dn
- child_dn.add_child(ldb.Dn(self.samdb, "CN=Machine"))
-
+ # Add cn=Machine,cn=<guid>
m = ldb.Message()
- m.dn = ldb.Dn(self.samdb, child_dn.get_linearized())
+ m.dn = ldb.Dn(self.samdb, "CN=Machine,%s" % str(gpo_dn))
m['a01'] = ldb.MessageElement("container", ldb.FLAG_MOD_ADD, "objectClass")
m['a02'] = ldb.MessageElement("TRUE", ldb.FLAG_MOD_ADD, "showInAdvancedViewOnly")
try:
@@ -912,40 +908,10 @@ class cmd_create(Command):
# Get new security descriptor
msg = get_gpo_info(self.samdb, gpo=gpo)[0]
ds_sd_ndr = msg['ntSecurityDescriptor'][0]
- ds_sd = ndr_unpack(dcerpc.security.descriptor, ds_sd_ndr)
+ ds_sd = ndr_unpack(security.descriptor, ds_sd_ndr).as_sddl()
# Create a file system security descriptor
- fs_sd = dcerpc.security.descriptor()
- fs_sd.owner_sid = ds_sd.owner_sid
- fs_sd.group_sid = ds_sd.group_sid
- fs_sd.type = ds_sd.type
- fs_sd.revision = ds_sd.revision
-
- # Copy sacl
- fs_sd.sacl = ds_sd.sacl
-
- # Copy dacl
- dacl = ds_sd.dacl
- for ace in dacl.aces:
- # Don't add the allow for SID_BUILTIN_PREW2K
- if (not (ace.type & dcerpc.security.SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT) and
- ace.trustee == dcerpc.security.SID_BUILTIN_PREW2K):
- continue
-
- # Copy the ace from the directory server security descriptor
- new_ace = ace
-
- # Set specific inheritance flags for within the GPO
- new_ace.flags |= (dcerpc.security.SEC_ACE_FLAG_OBJECT_INHERIT |
- dcerpc.security.SEC_ACE_FLAG_CONTAINER_INHERIT)
- if ace.trustee == dcerpc.security.SID_CREATOR_OWNER:
- new_ace.flags |= dcerpc.security.SEC_ACE_FLAG_INHERIT_ONLY
-
- # Get a directory access mask from the assigned access mask on the ldap object
- new_ace.access_mask = policy.ads_to_dir_access_mask(ace.access_mask)
-
- # Add the ace to DACL
- fs_sd.dacl_add(new_ace)
+ fs_sd = security.descriptor(dsacl2fsacl(ds_sd, self.samdb.get_domain_sid()))
# Set ACL
try:
diff --git a/source4/setup/phpldapadmin-config.php b/source4/setup/phpldapadmin-config.php
index 5a4c2d7..8a2f215 100644
--- a/source4/setup/phpldapadmin-config.php
+++ b/source4/setup/phpldapadmin-config.php
@@ -1,28 +1,20 @@
<?php
/**
* The phpLDAPadmin config file, customised for use with Samba4
- * This overrides phpLDAPadmin defaults
- * that are defined in config_default.php.
*
- * DONT change config_default.php, you changes will be lost by the next release
- * of PLA. Instead change this file - as it will NOT be replaced by a new
- * version of phpLDAPadmin.
+ * Use config.php.example to create config.php, if you don't have one.
+ *
+ * Append this file to config.php.
*/
-/*********************************************/
-/* Useful important configuration overrides */
-/*********************************************/
-
-/* phpLDAPadmin can encrypt the content of sensitive cookies if you set this
- to a big random string. */
-
-$i=0;
-$ldapservers = new LDAPServers;
+/* Create a new LDAP server for SAMBA4 */
+$servers->newServer('ldap_pla');
/* A convenient name that will appear in the tree viewer and throughout
phpLDAPadmin to identify this LDAP server to users. */
-$ldapservers->SetValue($i,'server','name','Samba4 LDAP Server');
-$ldapservers->SetValue($i,'server','host','${S4_LDAPI_URI}');
-$ldapservers->SetValue($i,'server','auth_type','session');
-$ldapservers->SetValue($i,'login','attr','dn');
+$servers->setValue('server','name','Samba4 LDAP Server');
+$servers->setValue('server','host','${S4_LDAPI_URI}');
+$servers->setValue('login','auth_type','session');
+$servers->setValue('login','attr','dn');
+
?>
--
Samba Shared Repository
More information about the samba-cvs
mailing list