Kamen Mazdrashki [Mon, 13 Dec 2010 18:15:26 +0000 (20:15 +0200)]
s4-test/repl_schema: Make sure every object is with unique name
This way, test writer don't have to be careful to choose
unique objects suffix
Kamen Mazdrashki [Fri, 10 Dec 2010 23:59:05 +0000 (01:59 +0200)]
s4-dsdb_schema: Handle remote ATTIDs based on msDs-IntId value
If we get such an msDs-IntId value, then we should just use it,
there is no mapping available for such values
Kamen Mazdrashki [Fri, 10 Dec 2010 02:22:58 +0000 (04:22 +0200)]
s4-schema_syntax: Log error message when _dsdb_syntax_OID_oid_drsuapi_to_ldb() fails
I haven't found a way to test this function during replication so far,
but when I do, it will be useful to notice this error in the log file
Kamen Mazdrashki [Fri, 10 Dec 2010 02:17:09 +0000 (04:17 +0200)]
s4-drepl: We won't need a working schema for empty replicas sent.
Without this check, receiving empty replica leads to a situation
where we left with a working_schema attached to the ldb.
The problem here is that working_schema is not fully functional
schema cache and keeping it attached to the ldb may lead
to modules failing to accomplish their jobs
Kamen Mazdrashki [Fri, 10 Dec 2010 02:08:58 +0000 (04:08 +0200)]
s4-dsdb_schema: We need base_dn in Schema's shallow copy too
Kamen Mazdrashki [Fri, 10 Dec 2010 02:03:00 +0000 (04:03 +0200)]
s4-schema_syntax: We should use make_ATTID function when converting remote-ATTID to local one
We may have no prefix for the remote ATTID (remote OID strictly speaking)
So this is the place for us to update our local prefixMap
adding a prefix for the numeric OID we've recived
Kamen Mazdrashki [Fri, 10 Dec 2010 01:55:24 +0000 (03:55 +0200)]
s4-drepl: User working schema for commiting objects when replicating Schema NC
Kamen Mazdrashki [Fri, 10 Dec 2010 00:55:30 +0000 (02:55 +0200)]
s4-repl: Allow dsdb_replicated_objects_commit() to use different schema while committing objects
working_schema is to be used while committing a Schema replica.
When we replicate Schema, then we most probably won't be
able to convert all replicated objects using the current
Schema cache (as we don't know anything about those new objects).
Thus, during Schema replication, we make a temporary
working_schema that contains both our current Schema +
all objects we get on the wire.
When we commit those new objects, we should use our working_schema
(by setting it to the ldb), and after all changes are commited,
we can refresh the schema cache so we have a brand new,
full-featured Schema cache
Kamen Mazdrashki [Thu, 9 Dec 2010 02:45:17 +0000 (04:45 +0200)]
s4-schema_syntax: Use remote prefixMap to map remote ATTID to local one
in dsdb_attribute_drsuapi_to_ldb() function.
drsuapi_DsReplicaAttribute *in parameter come from remote DC
so we can't rely on in->attid to map it directly to an
dsdb_attribute in our local schema cache
Kamen Mazdrashki [Thu, 9 Dec 2010 02:57:08 +0000 (04:57 +0200)]
s4-test/repl_schema: use 'top' as default base class for our test classSchema objects
Otherwise we will end up passing whole inheritance chain
every time we create some new fancy classSchema object
(as the 'cls-A' and 'cls-B' ones in test_classWithCustomAttribute test)
Kamen Mazdrashki [Thu, 9 Dec 2010 02:42:13 +0000 (04:42 +0200)]
s4-test/repl_schema: New test to test a classSchema with custom attribute
Create new Attribute and a Class,
that has value for newly created attribute.
This should check code path that searches for
AttributeID_id in Schema cacheThis test.
It also tests how we replicate a leaf classSchema that
inherits from a new classSchema with attribute added
- tests both dsdb_attribute_drsuapi_to_ldb() and
_dsdb_syntax_OID_obj_drsuapi_to_ldb() syntax handler
Kamen Mazdrashki [Thu, 9 Dec 2010 02:31:14 +0000 (04:31 +0200)]
s4-dsdb_schema: Seize using global_schema when referencing new schema for an LDB
Without this change, when a schema is set to ldb, the
effect is that dsdb_get_schema() returns global_schema
preferably.
Thus we end up with two schemas in effect:
- global one, which is the old one and it is still used everywhere
- new one, which is just cached in ldb, but can't be used, as
there is no way to access it
Stefan Metzmacher [Tue, 7 Dec 2010 15:10:49 +0000 (16:10 +0100)]
s4:dsdb:password_hash: verify content if the BYPASS_PASSWORD_HASH control is used
Make it much harder to import bad data into the password attributes.
This isn't 100% safe, but much better than no checks.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Dec 13 16:17:36 CET 2010 on sn-devel-104
Stefan Metzmacher [Wed, 1 Dec 2010 19:36:43 +0000 (20:36 +0100)]
s4:ldap_controls: allow DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID over sockets.
The DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID control has to data attached to it.
So we can allow it to be send over LDAP.
We'll accept this control over the privileged ldapi socket only.
metze
Stefan Metzmacher [Wed, 1 Dec 2010 11:18:21 +0000 (12:18 +0100)]
s4:ldap_server: don't call ldb_req_mark_untrusted() on the privileged ldapi socket
metze
Stefan Metzmacher [Wed, 1 Dec 2010 11:14:22 +0000 (12:14 +0100)]
s4:ldap_server: rename helper functions to ldapsrv_ prefix and pass ldapsrv_call
metze
Stefan Metzmacher [Mon, 13 Dec 2010 10:28:59 +0000 (11:28 +0100)]
s4:dsdb:util: dsdb_get_single_valued_attr() only needs a const ldb_messages
metze
Günther Deschner [Mon, 13 Dec 2010 11:56:38 +0000 (12:56 +0100)]
s3-waf: try to fix the build with snow leopard.
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Dec 13 15:03:08 CET 2010 on sn-devel-104
Stefan Metzmacher [Mon, 13 Dec 2010 11:04:28 +0000 (12:04 +0100)]
s3:selftest: fix knownfail for samba3.posix_s3.rpc.spoolss.*printserver.enum_printers_old
The name is in lowercase since commit
35fbc7bbda5851f7172538f79fc79be201f1d521
(s4-smbtorture: Make test names lowercase and dot-separated.)
This should avoid intermittent failures in make test.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Dec 13 13:52:18 CET 2010 on sn-devel-104
Stefan Metzmacher [Mon, 13 Dec 2010 10:53:03 +0000 (11:53 +0100)]
s4:heimdal_build: replace '+' by '_' for vscripts in HEIMDAL_LIBRARY()
metze
Günther Deschner [Fri, 10 Dec 2010 16:15:18 +0000 (17:15 +0100)]
s3-selftest: support differing VFSLIBDIR in autoconf and waf build.
With this change make test in the s3 waf build (w/o s4 smbtorture yet) works!
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Dec 13 13:06:05 CET 2010 on sn-devel-104
Günther Deschner [Thu, 9 Dec 2010 14:44:30 +0000 (15:44 +0100)]
s3-waf: add -Wl,--export-dynamic to LDFLAGS.
Our binaries did not export symbols so e.g. smbd could not load vfs modules.
Patch from tridge.
We might remove this later on, once we decide to resolve all symbols and fix all
dependencies in s3 modules.
Guenther
Günther Deschner [Thu, 9 Dec 2010 14:33:25 +0000 (15:33 +0100)]
nss_wrapper: make nss_wrapper.pl executeable.
Guenther
Matthieu Patou [Sun, 12 Dec 2010 21:55:08 +0000 (00:55 +0300)]
build: remove -no-undefined and -as-needed on openbsd
This is causing problems with linker
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Mon Dec 13 00:25:38 CET 2010 on sn-devel-104
Matthias Dieter Wallnöfer [Sun, 12 Dec 2010 20:42:30 +0000 (21:42 +0100)]
s4:dsdb/pydsdb.c - don't throw another exception on "PyObject_AsDn"
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Dec 12 23:40:17 CET 2010 on sn-devel-104
Matthias Dieter Wallnöfer [Sun, 12 Dec 2010 20:40:03 +0000 (21:40 +0100)]
ldb:pyldb.h - revert to the previous header behaviour
"ldb_private.h" is private and therefore might not always be available.
Matthieu Patou [Sun, 12 Dec 2010 20:57:37 +0000 (23:57 +0300)]
build: move the import near the place where need it, so that we can build on hosts with python's zlib
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Sun Dec 12 22:54:19 CET 2010 on sn-devel-104
Matthias Dieter Wallnöfer [Sun, 12 Dec 2010 18:23:53 +0000 (19:23 +0100)]
s4:scripting/python/pyglue.c - add a OOM handling
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Dec 12 20:50:55 CET 2010 on sn-devel-104
Matthias Dieter Wallnöfer [Sun, 12 Dec 2010 18:23:34 +0000 (19:23 +0100)]
s4:scripting/python/pyglue.c - optimise includes
Matthias Dieter Wallnöfer [Sun, 12 Dec 2010 18:19:43 +0000 (19:19 +0100)]
s4:param/provision.c - optimise includes
Matthias Dieter Wallnöfer [Sun, 12 Dec 2010 18:13:51 +0000 (19:13 +0100)]
s4:libcli/finddc.h - fix header dependancies
And optimise includes
Matthias Dieter Wallnöfer [Sun, 12 Dec 2010 18:01:23 +0000 (19:01 +0100)]
s4:libcli/finddcs_nbt.c - optimise headers
Matthias Dieter Wallnöfer [Sun, 12 Dec 2010 17:54:56 +0000 (18:54 +0100)]
s4:libnet/py_net.c - add checks for OOM conditions
Matthias Dieter Wallnöfer [Sun, 12 Dec 2010 17:45:07 +0000 (18:45 +0100)]
s4:dsdb/pydsdb.c and web_server/wsgi.c - remove accidentally introduced Py_RETURN_NONE
This was only thought for Python 2.3 which we generally no longer support (only
pyldb in the LDB library is an exception).
Matthias Dieter Wallnöfer [Sun, 12 Dec 2010 17:42:58 +0000 (18:42 +0100)]
s4:lib/ldb-samba/pyldb.c - optimise includes
Matthias Dieter Wallnöfer [Sun, 12 Dec 2010 17:31:37 +0000 (18:31 +0100)]
s4:dsdb/pydsdb.c - clean up memory handling
- Remove memory contexts when not really useful (if only one allocation)
- Try to find out OOM conditions and return correct error codes
- Move the parameter parsing always to the beginning (to prevent
unneeded allocations in case of errors)
Matthias Dieter Wallnöfer [Sun, 12 Dec 2010 16:44:04 +0000 (17:44 +0100)]
ldb:pyldb - optimise includes
Matthieu Patou [Sun, 12 Dec 2010 18:14:28 +0000 (21:14 +0300)]
change searched name from _ss_family to __ss_family
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Sun Dec 12 20:05:23 CET 2010 on sn-devel-104
Matthias Dieter Wallnöfer [Sun, 12 Dec 2010 16:36:16 +0000 (17:36 +0100)]
s4:web_server/*.c - optimise includes
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Dec 12 18:23:05 CET 2010 on sn-devel-104
Matthias Dieter Wallnöfer [Sun, 12 Dec 2010 16:27:36 +0000 (17:27 +0100)]
s4:web_server/wsgi.c - fix a counter type
Matthias Dieter Wallnöfer [Sun, 12 Dec 2010 16:27:09 +0000 (17:27 +0100)]
s4:web_server/wsgi.c - add missing Python compatibility code
Matthias Dieter Wallnöfer [Sun, 12 Dec 2010 13:34:14 +0000 (14:34 +0100)]
s4:kdc/*.c - minimise includes
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Dec 12 15:20:46 CET 2010 on sn-devel-104
Matthias Dieter Wallnöfer [Sun, 12 Dec 2010 11:33:08 +0000 (12:33 +0100)]
s4:smbd/process*.c - fix PID warnings on Solaris
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Dec 12 13:21:13 CET 2010 on sn-devel-104
Matthias Dieter Wallnöfer [Sun, 12 Dec 2010 11:15:51 +0000 (12:15 +0100)]
s4:kdc/proxy.c - optimise includes in order to fix a build warning on Tru64
Matthias Dieter Wallnöfer [Sun, 12 Dec 2010 11:07:24 +0000 (12:07 +0100)]
s4:param/loadparm.c - fix a warning by introducing a "const" cast
Matthias Dieter Wallnöfer [Sun, 12 Dec 2010 10:58:59 +0000 (11:58 +0100)]
s4:kdc/kpasswdd.c - don't return an uninitialised NT_STATUS
Discovered by Tru64 build
Matthieu Patou [Sun, 12 Dec 2010 09:06:31 +0000 (12:06 +0300)]
build: change lib order to fix build on netbsd
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Sun Dec 12 10:54:02 CET 2010 on sn-devel-104
Matthieu Patou [Sun, 12 Dec 2010 09:05:43 +0000 (12:05 +0300)]
build: add a check for _ss_family as it used on aix to replace ss_family
Matthieu Patou [Sun, 12 Dec 2010 09:04:51 +0000 (12:04 +0300)]
replace: add comments to make the #ifdef/#else/endif more readable
Jelmer Vernooij [Sat, 11 Dec 2010 17:47:11 +0000 (18:47 +0100)]
selftest-s4: Support listing smbtorture4 tests.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Dec 11 19:32:07 CET 2010 on sn-devel-104
Jelmer Vernooij [Sat, 11 Dec 2010 17:21:58 +0000 (18:21 +0100)]
selftest: Support multiple instances of $LISTOPT.
Jelmer Vernooij [Sat, 11 Dec 2010 17:21:27 +0000 (18:21 +0100)]
filter-subunit: Add --list argument.
Jelmer Vernooij [Sat, 11 Dec 2010 17:00:24 +0000 (18:00 +0100)]
smbtorture: Default to listing all tests if no prefix was specified.
Jelmer Vernooij [Sat, 11 Dec 2010 16:56:37 +0000 (17:56 +0100)]
smbtorture: Implement --list argument.
Matthieu Patou [Sat, 11 Dec 2010 16:20:51 +0000 (19:20 +0300)]
build: add more CFLAGS for aix
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Sat Dec 11 18:09:23 CET 2010 on sn-devel-104
Matthieu Patou [Sat, 11 Dec 2010 15:50:51 +0000 (18:50 +0300)]
build: add a dependency on lib iconv for lib intl if we are not able to find it
This is due that on some platform lib intl depend on lib iconv, failling
to provide this library cause waf to be unable to link with lib intl and
makes it think that the library doesn't exists !
Matthieu Patou [Sat, 11 Dec 2010 10:13:42 +0000 (13:13 +0300)]
build: On AIX we need _XOPEN_SOURCE >= 500 for CLOCK_REALTIME
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Sat Dec 11 14:48:21 CET 2010 on sn-devel-104
Stefan Metzmacher [Sat, 11 Dec 2010 10:17:17 +0000 (11:17 +0100)]
libcli/echo: fix off by 1 crash bug
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Dec 11 13:48:54 CET 2010 on sn-devel-104
Stefan Metzmacher [Sat, 11 Dec 2010 10:04:29 +0000 (11:04 +0100)]
s4:selftest: use correct name for the test "ECHO-UDP" => "echo.udp"
I wonder how commit
35fbc7bbda5851f7172538f79fc79be201f1d521
(s4-smbtorture: Make test names lowercase and dot-separated)
ever passed make test.
metze
Stefan Metzmacher [Sat, 11 Dec 2010 10:03:52 +0000 (11:03 +0100)]
libcli/echo: lowercase testsuite names
metze
Jelmer Vernooij [Sat, 11 Dec 2010 02:26:31 +0000 (03:26 +0100)]
s4-smbtorture: Make test names lowercase and dot-separated.
This is consistent with the test names used by selftest, should
make the names less confusing and easier to integrate with other tools.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Dec 11 04:16:13 CET 2010 on sn-devel-104
Jelmer Vernooij [Sat, 11 Dec 2010 00:05:13 +0000 (01:05 +0100)]
talloc: Add ability to generate Python docs using pydoctor.
James Peach [Mon, 6 Dec 2010 19:27:31 +0000 (11:27 -0800)]
smbtorture: correct error handling in BASE-OPEN.
There are a number of cases in BASE-OPEN where an initial failure cascades
into multiple failures due to lack of cleanup between test phases. Fix
all these so that they close open file handles correctly. Replace
torture_comment with torture_result where appropriate so that the results
output contains a useful diagnostic.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Dec 11 03:19:39 CET 2010 on sn-devel-104
Jeremy Allison [Fri, 10 Dec 2010 22:40:17 +0000 (14:40 -0800)]
Add documentation for "smb2 max credits".
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Dec 11 02:14:07 CET 2010 on sn-devel-104
Jeremy Allison [Fri, 10 Dec 2010 23:46:41 +0000 (15:46 -0800)]
Add a SMB2 crediting algorithm, by default the same as Windows. Defaults to 128 credits.
Jeremy.
Matthieu Patou [Fri, 10 Dec 2010 22:39:34 +0000 (01:39 +0300)]
heimdal: unset SLIST_ENTRY only if we are with windows
This is needed because otherwise on some OS like netbsd,openbsd,MacOSX.
The preprossessing of ./heimdal/lib/gssapi/mech/cred.h on this plateform
is broken because mechqueue.h's definition won't be used as SLIST_HEAD
is already defined.
The definition occurs when net/if.h is included as it includes
sys/queue.h
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Sat Dec 11 00:34:51 CET 2010 on sn-devel-104
Matthieu Patou [Fri, 10 Dec 2010 20:47:54 +0000 (23:47 +0300)]
build: cpp is prefixed by CPP=
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Fri Dec 10 22:34:45 CET 2010 on sn-devel-104
Matthieu Patou [Fri, 10 Dec 2010 20:16:28 +0000 (23:16 +0300)]
build: add a function to test if -lc is needed
This is needed on openbsd as some linking flags makes mandatory to
specify the libc for the linking
Stefan Metzmacher [Wed, 1 Dec 2010 14:12:58 +0000 (15:12 +0100)]
drsblobs.idl: remove nopython from package_PrimaryKerberosBlob related stuff
This allows parsing and construction of the supplementatlCredentials
attribute in python.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Dec 10 19:08:33 CET 2010 on sn-devel-104
Stefan Metzmacher [Wed, 8 Dec 2010 14:11:48 +0000 (15:11 +0100)]
pidl:Samba4/Python.pm: ignore "SUBCONTEXT" levels
These are only important for the NDR marshalling
and not for the python bindings.
metze
Stefan Metzmacher [Fri, 10 Dec 2010 15:32:35 +0000 (16:32 +0100)]
pidl:Samba4/Python.pm: don't handle scalar reference types special
The only special thing is that don't need get_value_of(),
all other checks are needed.
metze
Matthieu Patou [Fri, 10 Dec 2010 16:08:18 +0000 (19:08 +0300)]
build: compiler on aix is xlc_r not xlr_c
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Fri Dec 10 17:54:49 CET 2010 on sn-devel-104
Matthieu Patou [Fri, 10 Dec 2010 11:37:00 +0000 (14:37 +0300)]
build: reset cpp on host with xlr_c and let pidl use $CC -E
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Fri Dec 10 13:27:22 CET 2010 on sn-devel-104
Nadezhda Ivanova [Fri, 10 Dec 2010 08:31:58 +0000 (10:31 +0200)]
s4-tests: Modified sec_descriptor.py to use the sd_utils helpers.
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Fri Dec 10 11:03:28 CET 2010 on sn-devel-104
Nadezhda Ivanova [Fri, 10 Dec 2010 08:31:19 +0000 (10:31 +0200)]
s4-tests: Modified acl.py to use the sd_utils helpers.
Nadezhda Ivanova [Fri, 10 Dec 2010 08:29:14 +0000 (10:29 +0200)]
s4-tests: Moved some commonly redefined security descriptor methods to a utils class
These methods are used in more than one testsuite now so they are now in a utility class instead of being defined everywhere.
Matthieu Patou [Fri, 10 Dec 2010 07:06:44 +0000 (10:06 +0300)]
build: detect if conf.env['CPP'] is an array or not
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Fri Dec 10 10:18:20 CET 2010 on sn-devel-104
Andrew Tridgell [Fri, 10 Dec 2010 06:59:34 +0000 (17:59 +1100)]
waf: the libXX.inst.so file also depends on the vscript
this fixes a problem with installed libraries not relinking after a
git version change
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Fri Dec 10 09:30:46 CET 2010 on sn-devel-104
Andrew Tridgell [Thu, 9 Dec 2010 11:41:58 +0000 (22:41 +1100)]
s3-vfstest: fixed paths in vfstest
vfstest tries to create /messages.tdb as loadparm has not been
initialised
Andrew Bartlett [Fri, 10 Dec 2010 05:56:57 +0000 (16:56 +1100)]
wintest flush DNS on Windows clients to improve reliablity
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Dec 10 08:45:28 CET 2010 on sn-devel-104
Andrew Bartlett [Fri, 10 Dec 2010 04:32:08 +0000 (15:32 +1100)]
s3-dns Don't use DELEG_FLAG in DNS update, Windows 2008R2 does not like it
Andrew Bartlett [Fri, 10 Dec 2010 04:30:22 +0000 (15:30 +1100)]
s3-dns Don't use SEQUENCE_FLAG in DNS update, Windows 2008R2 does not like it
Andrew Bartlett
Andrew Bartlett [Fri, 10 Dec 2010 04:09:54 +0000 (15:09 +1100)]
wintest More work to make test-s3.py work
- Set the password on the newly added 'root' user so we can connect with a user that exists in getpwnam() without further configuration
- bind interfaces only so we don't conflict with other Samba instances
- use the full DNS name for smbclient
- don't connect to localhost (as we will be on ${INTERFACE_IP} only
- Use the windows domain in the wbinfo command (winbindd won't take bare name here).
- Register our IP address in DNS using 'net ads dns register'
Andrew Bartlett
Andrew Bartlett [Fri, 10 Dec 2010 04:08:53 +0000 (15:08 +1100)]
s3-net Allow 'net ads dns register' to take an optional hostname argument
This allows the administrator to more carefully chose what name to register.
Andrew Bartlett
Andrew Bartlett [Fri, 10 Dec 2010 01:13:58 +0000 (12:13 +1100)]
wintest Share more of the S4 test code with the s3 test
This allows us to run a private BIND in the S3 test, and allows the S3
test to join a freshly provisioned AD instance if the VM isn't already
configured.
Andrew Bartlett
Andrew Bartlett [Fri, 10 Dec 2010 01:12:23 +0000 (12:12 +1100)]
s3-winbind Improve memory handling in NTLMv2-backend plaintext authentication
Andrew Bartlett
Andrew Bartlett [Fri, 10 Dec 2010 01:10:07 +0000 (12:10 +1100)]
s3-winbind Don't send the LM password to the server, ever
This is for the case where we have the plaintext password locally, and
can construct the challenge-response values here.
We should never ever use the LM password in domain authentication.
The last domain controller to only have LM passwords stored was NT
3.5.
Andrew Bartlett
Andrew Bartlett [Thu, 9 Dec 2010 20:57:59 +0000 (07:57 +1100)]
s3-libsmb Don't ever ask for machine$ principals as a target.
It is never correct to ask for a machine$ principal as the target of a
kerberos connection. You should always connect via the
servicePrincipalName.
This current code appears to have built up from a series of minimal
changes, as the codebase adapted the to lack of a SPNEGO principal
from Windows 2008.
Andrew Bartlett
Andrew Bartlett [Thu, 9 Dec 2010 06:37:14 +0000 (17:37 +1100)]
s3-docs Add docs for 'client use spnego principal' and 'send spengo principal'
Andrew Bartlett
Andrew Bartlett [Thu, 9 Dec 2010 05:47:08 +0000 (16:47 +1100)]
s3-docs Explain change to NTLMv2 by default in the client
Andrew Bartlett [Sat, 4 Dec 2010 03:57:46 +0000 (14:57 +1100)]
s3-client Use NTLMv2 by default in the Samba client
This matches the improved security measures of Windows Vista.
Andrew Bartlett
Andrew Bartlett [Sat, 4 Dec 2010 03:11:57 +0000 (14:11 +1100)]
s3-smbd Don't send SPNEGO principal (rfc4178 hint) by default
This patch, based on the suggestion by Goldberg, Neil R. <ngoldber@mitre.org>
turns off the sending of the principal in the negprot by default, matching
Windows 2008 behaviour.
This slowly works us back from this hack, which from an RFC
perspective was never the right thing to do in the first place, but we
traditionally follow windows behaviour. It also discourages client
implmentations from relying on it, as if they do they are more open to
man-in-the-middle attacks.
Andrew Bartlett
Andrew Bartlett [Sat, 4 Dec 2010 02:48:37 +0000 (13:48 +1100)]
s3-libads Default to NOT using the server-supplied principal from SPNEGO
This principal is not supplied by later versions of windows, and using
it opens up some oportunities for man in the middle attacks. (Becuase
it isn't the name being contacted that is verified with the KDC).
This adds the option 'client use spnego principal' to the smb.conf (as
used in Samba4) to control this behaivour. As in Samba4, this
defaults to false.
Against 2008 servers, this will not change behaviour. Against earlier
servers, it may cause a downgrade to NTLMSSP more often, in
environments where server names are not registered with the KDC as
servicePrincipalName values.
Andrew Bartlett
Jelmer Vernooij [Fri, 10 Dec 2010 02:03:18 +0000 (03:03 +0100)]
subunitrun: Use unittest.TestProgram if subunit.TestProgram is not
available.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Fri Dec 10 03:49:03 CET 2010 on sn-devel-104
Jelmer Vernooij [Thu, 9 Dec 2010 23:47:33 +0000 (00:47 +0100)]
s4-python: Add convenience function for forcibly importing bundled
package.
Jelmer Vernooij [Thu, 9 Dec 2010 22:28:25 +0000 (23:28 +0100)]
subunitrun: Extend hack to cope with older system subunit run installs.
Jelmer Vernooij [Thu, 9 Dec 2010 21:48:16 +0000 (22:48 +0100)]
subunitrun: Remove global subunit module when reimporting from a
different location.
Jelmer Vernooij [Thu, 9 Dec 2010 21:46:08 +0000 (22:46 +0100)]
s4-dist: Remove no longer existing files from blacklist (fixes 'make
dist' inclusion of configure)
Jelmer Vernooij [Thu, 9 Dec 2010 20:38:48 +0000 (21:38 +0100)]
s4-python: Fix use of bundled modules.
Jelmer Vernooij [Thu, 9 Dec 2010 18:45:37 +0000 (19:45 +0100)]
s4-python: Split up ensure_external_module.