summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2010-12-10s4-tests: Moved some commonly redefined security descriptor methods to a ↵Nadezhda Ivanova1-0/+79
utils class These methods are used in more than one testsuite now so they are now in a utility class instead of being defined everywhere.
2010-12-10build: detect if conf.env['CPP'] is an array or notMatthieu Patou1-1/+6
Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Fri Dec 10 10:18:20 CET 2010 on sn-devel-104
2010-12-10waf: the libXX.inst.so file also depends on the vscriptAndrew Tridgell1-0/+4
this fixes a problem with installed libraries not relinking after a git version change Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Fri Dec 10 09:30:46 CET 2010 on sn-devel-104
2010-12-10s3-vfstest: fixed paths in vfstestAndrew Tridgell1-0/+2
vfstest tries to create /messages.tdb as loadparm has not been initialised
2010-12-10wintest flush DNS on Windows clients to improve reliablityAndrew Bartlett1-0/+2
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Dec 10 08:45:28 CET 2010 on sn-devel-104
2010-12-10s3-dns Don't use DELEG_FLAG in DNS update, Windows 2008R2 does not like itAndrew Bartlett1-1/+1
2010-12-10s3-dns Don't use SEQUENCE_FLAG in DNS update, Windows 2008R2 does not like itAndrew Bartlett1-1/+1
Andrew Bartlett
2010-12-10wintest More work to make test-s3.py workAndrew Bartlett1-4/+17
- Set the password on the newly added 'root' user so we can connect with a user that exists in getpwnam() without further configuration - bind interfaces only so we don't conflict with other Samba instances - use the full DNS name for smbclient - don't connect to localhost (as we will be on ${INTERFACE_IP} only - Use the windows domain in the wbinfo command (winbindd won't take bare name here). - Register our IP address in DNS using 'net ads dns register' Andrew Bartlett
2010-12-10s3-net Allow 'net ads dns register' to take an optional hostname argumentAndrew Bartlett1-6/+10
This allows the administrator to more carefully chose what name to register. Andrew Bartlett
2010-12-10wintest Share more of the S4 test code with the s3 testAndrew Bartlett3-257/+298
This allows us to run a private BIND in the S3 test, and allows the S3 test to join a freshly provisioned AD instance if the VM isn't already configured. Andrew Bartlett
2010-12-10s3-winbind Improve memory handling in NTLMv2-backend plaintext authenticationAndrew Bartlett1-17/+6
Andrew Bartlett
2010-12-10s3-winbind Don't send the LM password to the server, everAndrew Bartlett1-11/+1
This is for the case where we have the plaintext password locally, and can construct the challenge-response values here. We should never ever use the LM password in domain authentication. The last domain controller to only have LM passwords stored was NT 3.5. Andrew Bartlett
2010-12-10s3-libsmb Don't ever ask for machine$ principals as a target.Andrew Bartlett1-30/+6
It is never correct to ask for a machine$ principal as the target of a kerberos connection. You should always connect via the servicePrincipalName. This current code appears to have built up from a series of minimal changes, as the codebase adapted the to lack of a SPNEGO principal from Windows 2008. Andrew Bartlett
2010-12-10s3-docs Add docs for 'client use spnego principal' and 'send spengo principal'Andrew Bartlett2-0/+56
Andrew Bartlett
2010-12-10s3-docs Explain change to NTLMv2 by default in the clientAndrew Bartlett1-6/+7
2010-12-10s3-client Use NTLMv2 by default in the Samba clientAndrew Bartlett1-2/+2
This matches the improved security measures of Windows Vista. Andrew Bartlett
2010-12-10s3-smbd Don't send SPNEGO principal (rfc4178 hint) by defaultAndrew Bartlett3-0/+15
This patch, based on the suggestion by Goldberg, Neil R. <ngoldber@mitre.org> turns off the sending of the principal in the negprot by default, matching Windows 2008 behaviour. This slowly works us back from this hack, which from an RFC perspective was never the right thing to do in the first place, but we traditionally follow windows behaviour. It also discourages client implmentations from relying on it, as if they do they are more open to man-in-the-middle attacks. Andrew Bartlett
2010-12-10s3-libads Default to NOT using the server-supplied principal from SPNEGOAndrew Bartlett4-6/+19
This principal is not supplied by later versions of windows, and using it opens up some oportunities for man in the middle attacks. (Becuase it isn't the name being contacted that is verified with the KDC). This adds the option 'client use spnego principal' to the smb.conf (as used in Samba4) to control this behaivour. As in Samba4, this defaults to false. Against 2008 servers, this will not change behaviour. Against earlier servers, it may cause a downgrade to NTLMSSP more often, in environments where server names are not registered with the KDC as servicePrincipalName values. Andrew Bartlett
2010-12-10subunitrun: Use unittest.TestProgram if subunit.TestProgram is notJelmer Vernooij2-27/+12
available. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Fri Dec 10 03:49:03 CET 2010 on sn-devel-104
2010-12-10s4-python: Add convenience function for forcibly importing bundledJelmer Vernooij2-4/+17
package.
2010-12-10subunitrun: Extend hack to cope with older system subunit run installs.Jelmer Vernooij1-0/+2
2010-12-10subunitrun: Remove global subunit module when reimporting from aJelmer Vernooij1-1/+6
different location.
2010-12-10s4-dist: Remove no longer existing files from blacklist (fixes 'makeJelmer Vernooij1-2/+1
dist' inclusion of configure)
2010-12-10s4-python: Fix use of bundled modules.Jelmer Vernooij1-1/+1
2010-12-10s4-python: Split up ensure_external_module.Jelmer Vernooij2-10/+23
2010-12-10selftest: Make sure system subunit.run has TestProgram.Jelmer Vernooij1-1/+1
2010-12-10smbtorture: Rename --list to --list-suites, add stub --list.Jelmer Vernooij4-13/+14
2010-12-10selftest: Check exit code when listing tests.Jelmer Vernooij1-0/+11
2010-12-10s4-selftest: Add convenience function for running testsuites usingJelmer Vernooij1-9/+17
subunitrun.
2010-12-10selftest: Allow discovering tests in pure python testsuites.Jelmer Vernooij1-2/+2
2010-12-10subunitrun: Support --list.Jelmer Vernooij1-3/+8
2010-12-10selftest: Rename $LIST to $LISTOPT for consistency with testrepository.Jelmer Vernooij1-2/+2
2010-12-10dnspython: Update to newer upstream snapshot.Jelmer Vernooij22-95/+1175
2010-12-10subunit: Update to newer upstream snapshot.Jelmer Vernooij8-16/+47
2010-12-10testtools: Import new upstream snapshot.Jelmer Vernooij36-367/+3694
2010-12-10selftest: add --list option.Jelmer Vernooij2-1/+25
2010-12-10selftest: Document --testenv in --help output, remove documentation forJelmer Vernooij1-1/+1
now obsolete --analyse-cmd.
2010-12-10pidl: use $CC -E if $CPP is not defined, if both undefined use cppMatthieu Patou1-2/+8
Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Fri Dec 10 01:26:44 CET 2010 on sn-devel-104
2010-12-10build: use CPP and CC values when calling pidlMatthieu Patou2-1/+19
2010-12-10build: introduce SAMBA_CHECK_PYTHON_HEADERSMatthieu Patou5-4/+13
This function is a wrapper around waf's check_python_header. It avoids searching more than once for the headers bringing a small speed improvement and a better lisibility of the logs. But it's mainly to avoid a nasty bug when python libraries are in path pointed by python_LIBPL (ie. /usr/local/lib/python2.6/config/) instead of python_LIBDIR (ie. /usr/local/lib). On the first call waf will correctly find that in order to link with python libs it needs to add -L$python_LIBPL. But on the next calls of check_python_headers, waf will use both the current library path value (ie. -L/usr/local/lib/python2.6/config) and -L$python_LIBDIR (ie. /usr/local/lib/) which will make him beleive that python libraries are in $python_LIBDIR which at the end will make the final link test fails in check_python_headers as it will not use the good directory. So by avoiding calling check_python_headers more than once we avoid making waf fooling itself.
2010-12-10build: finishing fixing broken libiconv on hpuxMatthieu Patou1-0/+2
2010-12-09s4 libcli: Add libcli_echo lib and torture testKai Blin8-0/+372
Autobuild-User: Kai Blin <kai@samba.org> Autobuild-Date: Thu Dec 9 23:57:03 CET 2010 on sn-devel-104
2010-12-09s4: Implement UDP echo server exampleKai Blin4-0/+388
This is a simple UDP-based echo server. It is mainly intended as an example on how to do server service tasks in s4.
2010-12-09s4:pyrpc_util: s/typename/type_name to avoid c++ warningsStefan Metzmacher2-6/+6
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Dec 9 17:55:57 CET 2010 on sn-devel-104
2010-12-09talloc: pytalloc-util should not have an ABI-file yetStefan Metzmacher1-2/+0
Somehow I forgot to remove this after discussion with Jelmer. metze
2010-12-09wintest Remove the password expiry as the first stepAndrew Bartlett2-4/+13
This is particularly important before dcpromo, as the password will otherwise be expired in the new domain. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Dec 9 13:33:00 CET 2010 on sn-devel-104
2010-12-09waf: remove the restriction that private libraries must not have a vnumAndrew Tridgell5-19/+6
we need the vnum for ABI checking for public libraries built as private libraries when bundled Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Thu Dec 9 12:47:41 CET 2010 on sn-devel-104
2010-12-09waf: fixed path to abi_directoryAndrew Tridgell1-1/+1
this broke in a recent patch
2010-12-09s4-spnego Match Windows 2008, and no longer supply a name in the CIFS NegprotAndrew Bartlett1-10/+1
Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Dec 9 08:50:28 CET 2010 on sn-devel-104
2010-12-09s4-lsa Implement kerberos ticket life policyAndrew Bartlett8-11/+117
We now no longer print tickets with a potentially infinite life, and we report the same life over LSA as we use in the KDC. We should get this from group policy, but for now it's parametric smb.conf options. Andrew Bartlett