Remove legacy samba domain support
DragonFish was last release where we support this legacy feature.
This commit removes most of middleware code, but leaves database
untouched. Next related PR for FreeIPA support will finalize
schema changes.
Remove legacy samba domain support
DragonFish was last release where we support this legacy feature.
This commit removes most of middleware code, but leaves database
untouched. Next related PR for FreeIPA support will finalize
schema changes.
NAS-128802 / 24.10 / Improve configuration file generation (#13669)
1. use os.rename to overwrite config files. Avoid possibility of
having applications read partially written configuration files by
first writing the changed config to a temporary file, then renaming
over existing file.
2. have write_if_changed allow specifying the desired permissions
and ownership of the file. This allows us to ensure that ownership and
permissions changes happen before we close and rename the file.
3. alter return value for write_if_changed from boolean indicating
whether changes were written to a bitmask of changes made. This allows
us to flag when permissions and ownership had to be altered (logging
potentially unexpected CLI changes).
4. add optional non-default parameter to raise an exception if
we had to change ownership and permissions. This exception can be
used in future to generate audit messages / alerts if we had
[2 lines not shown]
Improve validation of SMB options (#13668)
Users will sometimes set completely invalid global SMB auxiliary
parameters in the smb plugin such as "oplocks = no # does this work".
This is rejected by libparam and breaks samba entirely if written
as-is. This commit improves validation by running global parameters
through loadparm_ctx.set() so that we can check both the parameter
name and its value.
Fix AD cache retrieval issue (#13666)
Due to legacy behavior with dscache.get_uncached_user we passed
None for fields that were not used. user.get_user_obj and
group.get_group_obj do not allow null values for these fields.
Improve configuration file generation
1. use os.rename to overwrite config files. Avoid possibility of
having applications read partially written configuration files by
first writing the changed config to a temporary file, then renaming
over existing file.
2. have write_if_changed allow specifying the desired permissions
and ownership of the file. This allows us to ensure that ownership and
permissions changes happen before we close and rename the file.
3. alter return value for write_if_changed from boolean indicating
whether changes were written to a bitmask of changes made. This allows
us to flag when permissions and ownership had to be altered (logging
potentially unexpected CLI changes).
4. add optional non-default parameter to raise an exception if
we had to change ownership and permissions. This exception can be
used in future to generate audit messages / alerts if we had
[3 lines not shown]