Andrew Bartlett [Fri, 10 Dec 2010 05:56:57 +0000 (16:56 +1100)]
wintest flush DNS on Windows clients to improve reliablity
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Dec 10 08:45:28 CET 2010 on sn-devel-104
Andrew Bartlett [Fri, 10 Dec 2010 04:32:08 +0000 (15:32 +1100)]
s3-dns Don't use DELEG_FLAG in DNS update, Windows 2008R2 does not like it
Andrew Bartlett [Fri, 10 Dec 2010 04:30:22 +0000 (15:30 +1100)]
s3-dns Don't use SEQUENCE_FLAG in DNS update, Windows 2008R2 does not like it
Andrew Bartlett
Andrew Bartlett [Fri, 10 Dec 2010 04:09:54 +0000 (15:09 +1100)]
wintest More work to make test-s3.py work
- Set the password on the newly added 'root' user so we can connect with a user that exists in getpwnam() without further configuration
- bind interfaces only so we don't conflict with other Samba instances
- use the full DNS name for smbclient
- don't connect to localhost (as we will be on ${INTERFACE_IP} only
- Use the windows domain in the wbinfo command (winbindd won't take bare name here).
- Register our IP address in DNS using 'net ads dns register'
Andrew Bartlett
Andrew Bartlett [Fri, 10 Dec 2010 04:08:53 +0000 (15:08 +1100)]
s3-net Allow 'net ads dns register' to take an optional hostname argument
This allows the administrator to more carefully chose what name to register.
Andrew Bartlett
Andrew Bartlett [Fri, 10 Dec 2010 01:13:58 +0000 (12:13 +1100)]
wintest Share more of the S4 test code with the s3 test
This allows us to run a private BIND in the S3 test, and allows the S3
test to join a freshly provisioned AD instance if the VM isn't already
configured.
Andrew Bartlett
Andrew Bartlett [Fri, 10 Dec 2010 01:12:23 +0000 (12:12 +1100)]
s3-winbind Improve memory handling in NTLMv2-backend plaintext authentication
Andrew Bartlett
Andrew Bartlett [Fri, 10 Dec 2010 01:10:07 +0000 (12:10 +1100)]
s3-winbind Don't send the LM password to the server, ever
This is for the case where we have the plaintext password locally, and
can construct the challenge-response values here.
We should never ever use the LM password in domain authentication.
The last domain controller to only have LM passwords stored was NT
3.5.
Andrew Bartlett
Andrew Bartlett [Thu, 9 Dec 2010 20:57:59 +0000 (07:57 +1100)]
s3-libsmb Don't ever ask for machine$ principals as a target.
It is never correct to ask for a machine$ principal as the target of a
kerberos connection. You should always connect via the
servicePrincipalName.
This current code appears to have built up from a series of minimal
changes, as the codebase adapted the to lack of a SPNEGO principal
from Windows 2008.
Andrew Bartlett
Andrew Bartlett [Thu, 9 Dec 2010 06:37:14 +0000 (17:37 +1100)]
s3-docs Add docs for 'client use spnego principal' and 'send spengo principal'
Andrew Bartlett
Andrew Bartlett [Thu, 9 Dec 2010 05:47:08 +0000 (16:47 +1100)]
s3-docs Explain change to NTLMv2 by default in the client
Andrew Bartlett [Sat, 4 Dec 2010 03:57:46 +0000 (14:57 +1100)]
s3-client Use NTLMv2 by default in the Samba client
This matches the improved security measures of Windows Vista.
Andrew Bartlett
Andrew Bartlett [Sat, 4 Dec 2010 03:11:57 +0000 (14:11 +1100)]
s3-smbd Don't send SPNEGO principal (rfc4178 hint) by default
This patch, based on the suggestion by Goldberg, Neil R. <ngoldber@mitre.org>
turns off the sending of the principal in the negprot by default, matching
Windows 2008 behaviour.
This slowly works us back from this hack, which from an RFC
perspective was never the right thing to do in the first place, but we
traditionally follow windows behaviour. It also discourages client
implmentations from relying on it, as if they do they are more open to
man-in-the-middle attacks.
Andrew Bartlett
Andrew Bartlett [Sat, 4 Dec 2010 02:48:37 +0000 (13:48 +1100)]
s3-libads Default to NOT using the server-supplied principal from SPNEGO
This principal is not supplied by later versions of windows, and using
it opens up some oportunities for man in the middle attacks. (Becuase
it isn't the name being contacted that is verified with the KDC).
This adds the option 'client use spnego principal' to the smb.conf (as
used in Samba4) to control this behaivour. As in Samba4, this
defaults to false.
Against 2008 servers, this will not change behaviour. Against earlier
servers, it may cause a downgrade to NTLMSSP more often, in
environments where server names are not registered with the KDC as
servicePrincipalName values.
Andrew Bartlett
Jelmer Vernooij [Fri, 10 Dec 2010 02:03:18 +0000 (03:03 +0100)]
subunitrun: Use unittest.TestProgram if subunit.TestProgram is not
available.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Fri Dec 10 03:49:03 CET 2010 on sn-devel-104
Jelmer Vernooij [Thu, 9 Dec 2010 23:47:33 +0000 (00:47 +0100)]
s4-python: Add convenience function for forcibly importing bundled
package.
Jelmer Vernooij [Thu, 9 Dec 2010 22:28:25 +0000 (23:28 +0100)]
subunitrun: Extend hack to cope with older system subunit run installs.
Jelmer Vernooij [Thu, 9 Dec 2010 21:48:16 +0000 (22:48 +0100)]
subunitrun: Remove global subunit module when reimporting from a
different location.
Jelmer Vernooij [Thu, 9 Dec 2010 21:46:08 +0000 (22:46 +0100)]
s4-dist: Remove no longer existing files from blacklist (fixes 'make
dist' inclusion of configure)
Jelmer Vernooij [Thu, 9 Dec 2010 20:38:48 +0000 (21:38 +0100)]
s4-python: Fix use of bundled modules.
Jelmer Vernooij [Thu, 9 Dec 2010 18:45:37 +0000 (19:45 +0100)]
s4-python: Split up ensure_external_module.
Jelmer Vernooij [Thu, 9 Dec 2010 17:49:38 +0000 (18:49 +0100)]
selftest: Make sure system subunit.run has TestProgram.
Jelmer Vernooij [Thu, 9 Dec 2010 15:57:45 +0000 (16:57 +0100)]
smbtorture: Rename --list to --list-suites, add stub --list.
Jelmer Vernooij [Thu, 9 Dec 2010 15:48:24 +0000 (16:48 +0100)]
selftest: Check exit code when listing tests.
Jelmer Vernooij [Thu, 9 Dec 2010 15:28:31 +0000 (16:28 +0100)]
s4-selftest: Add convenience function for running testsuites using
subunitrun.
Jelmer Vernooij [Thu, 9 Dec 2010 14:41:17 +0000 (15:41 +0100)]
selftest: Allow discovering tests in pure python testsuites.
Jelmer Vernooij [Thu, 9 Dec 2010 14:35:51 +0000 (15:35 +0100)]
subunitrun: Support --list.
Jelmer Vernooij [Thu, 9 Dec 2010 14:35:23 +0000 (15:35 +0100)]
selftest: Rename $LIST to $LISTOPT for consistency with testrepository.
Jelmer Vernooij [Thu, 9 Dec 2010 13:53:45 +0000 (14:53 +0100)]
dnspython: Update to newer upstream snapshot.
Jelmer Vernooij [Thu, 9 Dec 2010 13:51:51 +0000 (14:51 +0100)]
subunit: Update to newer upstream snapshot.
Jelmer Vernooij [Thu, 9 Dec 2010 13:51:17 +0000 (14:51 +0100)]
testtools: Import new upstream snapshot.
Jelmer Vernooij [Thu, 9 Dec 2010 13:46:09 +0000 (14:46 +0100)]
selftest: add --list option.
Jelmer Vernooij [Thu, 9 Dec 2010 12:37:13 +0000 (13:37 +0100)]
selftest: Document --testenv in --help output, remove documentation for
now obsolete --analyse-cmd.
Matthieu Patou [Thu, 9 Dec 2010 23:03:40 +0000 (02:03 +0300)]
pidl: use $CC -E if $CPP is not defined, if both undefined use cpp
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Fri Dec 10 01:26:44 CET 2010 on sn-devel-104
Matthieu Patou [Thu, 9 Dec 2010 23:36:24 +0000 (02:36 +0300)]
build: use CPP and CC values when calling pidl
Matthieu Patou [Thu, 9 Dec 2010 22:42:32 +0000 (01:42 +0300)]
build: introduce SAMBA_CHECK_PYTHON_HEADERS
This function is a wrapper around waf's check_python_header.
It avoids searching more than once for the headers bringing a small
speed improvement and a better lisibility of the logs.
But it's mainly to avoid a nasty bug when python libraries are in path
pointed by python_LIBPL (ie. /usr/local/lib/python2.6/config/) instead
of python_LIBDIR (ie. /usr/local/lib).
On the first call waf will correctly find that in order to link with
python libs it needs to add -L$python_LIBPL.
But on the next calls of check_python_headers, waf will use both the
current library path value (ie. -L/usr/local/lib/python2.6/config) and
-L$python_LIBDIR (ie. /usr/local/lib/) which will make him beleive that
python libraries are in $python_LIBDIR which at the end will make the
final link test fails in check_python_headers as it will not use the
good directory.
So by avoiding calling check_python_headers more than once we avoid
making waf fooling itself.
Matthieu Patou [Thu, 9 Dec 2010 20:31:16 +0000 (23:31 +0300)]
build: finishing fixing broken libiconv on hpux
Kai Blin [Mon, 15 Nov 2010 22:01:57 +0000 (23:01 +0100)]
s4 libcli: Add libcli_echo lib and torture test
Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Thu Dec 9 23:57:03 CET 2010 on sn-devel-104
Kai Blin [Sun, 7 Nov 2010 09:05:56 +0000 (10:05 +0100)]
s4: Implement UDP echo server example
This is a simple UDP-based echo server. It is mainly intended as an
example on how to do server service tasks in s4.
Stefan Metzmacher [Thu, 9 Dec 2010 08:59:52 +0000 (09:59 +0100)]
s4:pyrpc_util: s/typename/type_name to avoid c++ warnings
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Dec 9 17:55:57 CET 2010 on sn-devel-104
Stefan Metzmacher [Thu, 9 Dec 2010 08:36:55 +0000 (09:36 +0100)]
talloc: pytalloc-util should not have an ABI-file yet
Somehow I forgot to remove this after discussion with Jelmer.
metze
Andrew Bartlett [Thu, 9 Dec 2010 11:05:14 +0000 (22:05 +1100)]
wintest Remove the password expiry as the first step
This is particularly important before dcpromo, as the password will
otherwise be expired in the new domain.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Dec 9 13:33:00 CET 2010 on sn-devel-104
Andrew Tridgell [Thu, 9 Dec 2010 10:58:20 +0000 (21:58 +1100)]
waf: remove the restriction that private libraries must not have a vnum
we need the vnum for ABI checking for public libraries built as
private libraries when bundled
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Dec 9 12:47:41 CET 2010 on sn-devel-104
Andrew Tridgell [Thu, 9 Dec 2010 10:49:01 +0000 (21:49 +1100)]
waf: fixed path to abi_directory
this broke in a recent patch
Andrew Bartlett [Thu, 9 Dec 2010 06:51:36 +0000 (17:51 +1100)]
s4-spnego Match Windows 2008, and no longer supply a name in the CIFS Negprot
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu Dec 9 08:50:28 CET 2010 on sn-devel-104
Andrew Bartlett [Thu, 9 Dec 2010 03:17:54 +0000 (14:17 +1100)]
s4-lsa Implement kerberos ticket life policy
We now no longer print tickets with a potentially infinite life, and
we report the same life over LSA as we use in the KDC. We should get
this from group policy, but for now it's parametric smb.conf options.
Andrew Bartlett
Andrew Bartlett [Sat, 4 Dec 2010 06:02:49 +0000 (17:02 +1100)]
s4-tests Workaround new default of 'client ntlmv2 auth = yes' in tests
The new default breaks some tests that were assuming LM or NTLM auth
Andrew Bartlett
Andrew Bartlett [Sat, 4 Dec 2010 03:59:29 +0000 (14:59 +1100)]
s4-client Use NTLMv2 by default in the Samba4 client.
Andrew Tridgell [Thu, 9 Dec 2010 02:06:22 +0000 (13:06 +1100)]
waf: add a dependency between the library and its vscript
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Dec 9 04:32:18 CET 2010 on sn-devel-104
Andrew Tridgell [Thu, 9 Dec 2010 01:30:30 +0000 (12:30 +1100)]
waf: don't use symbol versioning on our modules
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Thu, 9 Dec 2010 01:24:48 +0000 (12:24 +1100)]
waf: use vscripts for our private libraries too
if the library has a vnum, then use it. If it doesn't have a vnum then
use the application version for symbol versions
Andrew Tridgell [Thu, 9 Dec 2010 01:23:40 +0000 (12:23 +1100)]
waf: make mkdir_p on a empty string not recurse forever
Andrew Tridgell [Thu, 9 Dec 2010 00:10:45 +0000 (11:10 +1100)]
waf-abi: auto-generate per-symbol versions from ABI files
This changes our version-script generation to use the ABI files that
are saved in git with each version number change of our public
libraries.
We use these ABI files to generate a linker version script that gives
the exact version number that each symbol was introduced. This
provides us with automatic fine grained symbol versioning.
Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Matthieu Patou [Wed, 8 Dec 2010 21:38:12 +0000 (00:38 +0300)]
build: do not duplicate the checks for python in samba4
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Thu Dec 9 00:47:23 CET 2010 on sn-devel-104
Matthieu Patou [Wed, 8 Dec 2010 21:17:37 +0000 (00:17 +0300)]
build: Cope with broken libiconv
library iconv needs mbrtowc but some system didn't provide it (ie.
HP-UX 11.0)
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Wed Dec 8 23:19:19 CET 2010 on sn-devel-104
Stefan Metzmacher [Wed, 8 Dec 2010 18:01:45 +0000 (19:01 +0100)]
dcerpc.idl: fix typo 0x800000000 => 0x80000000
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Dec 8 20:13:03 CET 2010 on sn-devel-104
Stefan Metzmacher [Wed, 8 Dec 2010 15:08:19 +0000 (16:08 +0100)]
s4:ldb: add ABI/ldb-0.9.20.sigs
metze
Stefan Metzmacher [Wed, 8 Dec 2010 14:12:57 +0000 (15:12 +0100)]
s4:ldb: build libldb and pyldb-util as private libraries when building for samba4
This matches the behavior of the talloc and tdb builds.
metze
Stefan Metzmacher [Wed, 8 Dec 2010 11:42:02 +0000 (12:42 +0100)]
talloc: build pytalloc-util with the same logic as libtalloc
metze
Stefan Metzmacher [Wed, 8 Dec 2010 14:10:21 +0000 (15:10 +0100)]
talloc: mark pytalloc-util functions as _PUBLIC_
metze
Stefan Metzmacher [Wed, 8 Dec 2010 14:09:33 +0000 (15:09 +0100)]
talloc: remove unused PyString_FromString_check_null() from pytalloc-util
metze
Stefan Metzmacher [Wed, 8 Dec 2010 14:08:45 +0000 (15:08 +0100)]
pidl:Samba4/Python.pm: use PyString_FromStringOrNULL() from pyrpc_util
metze
Stefan Metzmacher [Wed, 8 Dec 2010 14:07:32 +0000 (15:07 +0100)]
s4:python: add PyString_FromStringOrNULL() to pyrpc_util
metze
Stefan Metzmacher [Wed, 8 Dec 2010 11:40:19 +0000 (12:40 +0100)]
buildtools: private_libraries should not have a version in the soname
metze
Stefan Metzmacher [Wed, 8 Dec 2010 11:02:51 +0000 (12:02 +0100)]
buildtools: add the PRIVATE_EXTENSION for private libraries
metze
Stefan Metzmacher [Wed, 8 Dec 2010 11:40:59 +0000 (12:40 +0100)]
buildtools: make sure we have no '+' in the version scripts
This happens if '--git-local-changes' was used.
metze
Matthieu Patou [Wed, 8 Dec 2010 12:32:49 +0000 (15:32 +0300)]
smbtorture: use xxxULL notation instead of INT64_C(xxx)
The first one is portable the second not always
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Wed Dec 8 15:48:10 CET 2010 on sn-devel-104
Nadezhda Ivanova [Wed, 8 Dec 2010 12:30:23 +0000 (14:30 +0200)]
s4-acl: Replaced talloc_reference with talloc_steal, as aclread is the only one using this result message.
No need to reference as no one further up the stack uses the result, it is the result of a secondary request sent by aclread.
As a result from code review by Kamen Mazdrashki and Anatoliy Atanasov
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Wed Dec 8 15:01:51 CET 2010 on sn-devel-104
Julien Kerihuel [Sun, 5 Dec 2010 22:10:30 +0000 (23:10 +0100)]
Add ncacn_http (RTS) IDL implementation in dcerpc.idl
Signed-off-by: Julien Kerihuel <j.kerihuel@openchange.org>
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Wed Dec 8 14:17:45 CET 2010 on sn-devel-104
Jelmer Vernooij [Wed, 8 Dec 2010 12:19:20 +0000 (13:19 +0100)]
ldb: bump version number after introduction of new constant.
Nadezhda Ivanova [Wed, 8 Dec 2010 11:19:27 +0000 (13:19 +0200)]
s4-acl: Fixed incorrect value of LDB_FLAG_INTERNAL_INACCESSIBLE_ATTRIBUTE
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Wed Dec 8 13:31:48 CET 2010 on sn-devel-104
Andrew Tridgell [Wed, 8 Dec 2010 09:41:37 +0000 (20:41 +1100)]
s4-pkgconfig: add @LIB_RPATH@ to our link flags
this is only set when rpath is used on install. It ensures that
applications that link against Samba libraries get the rpath right
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Dec 8 12:46:00 CET 2010 on sn-devel-104
Andrew Tridgell [Wed, 8 Dec 2010 08:00:00 +0000 (19:00 +1100)]
waf: added --disable-symbol-versions configure option
some people may not want symbol versions.
Andrew Tridgell [Wed, 8 Dec 2010 07:47:54 +0000 (18:47 +1100)]
s4-ldb: added @LIB_RPATH@ to the ldb pc file
Andrew Tridgell [Wed, 8 Dec 2010 07:47:39 +0000 (18:47 +1100)]
waf: support @LIB_RPATH@ in pc files
this will be used to get the needed -Wl,-rpath options into our pc
files
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Nadezhda Ivanova [Wed, 8 Dec 2010 10:12:34 +0000 (12:12 +0200)]
s4-acl: Changed the mechanism of attribute removal to speed it up.
Instead of using ldb_msg_remove_attr, now we are flagging the attributes to be removed,
and allocating the new elements array to be returned at once. This seems to decrease the
overhead by 50 percent.
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Wed Dec 8 12:00:27 CET 2010 on sn-devel-104
Nadezhda Ivanova [Wed, 8 Dec 2010 10:03:43 +0000 (12:03 +0200)]
s4-acl: Added a flag to mark an element as failing an access check.
Kai Blin [Mon, 6 Dec 2010 06:43:35 +0000 (07:43 +0100)]
ndr: Another try to support the build on non-IPv6 systems
Signed-off-by: Matthieu Patou <mat@matws.net>
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Wed Dec 8 10:26:00 CET 2010 on sn-devel-104
Andrew Bartlett [Wed, 8 Dec 2010 05:27:38 +0000 (16:27 +1100)]
s4-param Allow +foo syntax in smb.conf list parsing
The idea here is to allow an smb.conf file to work from the defaults,
rather than override them. For example, 'server services = +openchange'.
Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Dec 8 09:39:06 CET 2010 on sn-devel-104
Andrew Bartlett [Wed, 8 Dec 2010 07:52:33 +0000 (18:52 +1100)]
s4-spnego use "not_defined_in_RFC4178@please_ignore" if no principal specified
We need to make this the default, but for now just send it if we have
not been given a target principal.
Andrew Bartlett
Andrew Bartlett [Sat, 4 Dec 2010 04:23:44 +0000 (15:23 +1100)]
libcli/auth bring ADS_IGNORE_PRINCIPAL in common
Matthieu Patou [Wed, 8 Dec 2010 06:47:36 +0000 (09:47 +0300)]
build: tru64 needs -shared for building libs
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Wed Dec 8 08:33:54 CET 2010 on sn-devel-104
Andrew Tridgell [Wed, 8 Dec 2010 04:04:33 +0000 (15:04 +1100)]
waf: added -Wmissing-prototypes to build
This ensures that we always have a prototype for any function we
declare
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Dec 8 06:12:07 CET 2010 on sn-devel-104
Andrew Tridgell [Wed, 8 Dec 2010 04:03:35 +0000 (15:03 +1100)]
waf: make all generators depend on their rules
this ensures we rebuild when a constructed rule changes
Andrew Tridgell [Wed, 8 Dec 2010 03:58:12 +0000 (14:58 +1100)]
s3-waf: fixed version number handling
Andrew Tridgell [Wed, 8 Dec 2010 03:57:31 +0000 (14:57 +1100)]
s4-heimdal: enable symbol versioning in heimdal
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>
Andrew Tridgell [Wed, 8 Dec 2010 03:52:43 +0000 (14:52 +1100)]
waf: use -Wl,--version-script if available
This enables symbol version on our libraries, if the system supports
it
If the library is a public library, then set the symbol version based
on the major number. If it is a private library then set it based on
the full version number (which will include the git hash if
available).
This ensures that applications using our libraries don't use symbols
from other libraries that they may be linked to. It also ensures we
only use the right version of any private libraries.
Note that the linker ends up generating both a version and unversioned
symbol for all symbols. This means existing users of our public
libraries will continue to work, with symbols resolved to the
unversioned symbol. When applications are re-linked they will bind to
the specific symbol version.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>
Andrew Tridgell [Wed, 8 Dec 2010 00:26:32 +0000 (11:26 +1100)]
waf: added configure test for -Wl,--version-script
this checks that the linker supports --version-script
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 8 Dec 2010 00:29:34 +0000 (11:29 +1100)]
s4-dns: dlz_bind9 doesn't need to link to gensec any more
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Wed, 8 Dec 2010 00:25:28 +0000 (11:25 +1100)]
s4-waf: get the version number right on private libraries
use the first digit of the version number for the library version
Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>
Andrew Tridgell [Tue, 7 Dec 2010 22:58:52 +0000 (09:58 +1100)]
s4-dns: use ldb hooks for samba extensions in dlz_bind9
this avoids linking dlz_bind9 directly to heimdal, which allows a
RTLD_DEEPBIND in ldb module loading to find the right kerberos version
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 7 Dec 2010 22:41:25 +0000 (09:41 +1100)]
s4-ldb: use RTLD_DEEPBIND if available for ldb modules
this allows us to avoid issues with ldb using heimdal while an
application using ldb using MIT kerberos
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 7 Dec 2010 22:04:49 +0000 (09:04 +1100)]
s4-dns: allow a remote ldap server to be used with dlz_bind9
this allows for configs like this:
dlz "Samba zone" {
database "dlopen /usr/lib/samba/modules/bind9/dlz_bind9.so
-H ldap://10.0.0.4 -Uadministrator@v2.tridgell.net%penguin -k no";
};
Andrew Tridgell [Tue, 7 Dec 2010 21:22:21 +0000 (08:22 +1100)]
s4-dsdb: register samba handlers in dsdb module
Andrew Tridgell [Tue, 7 Dec 2010 21:22:07 +0000 (08:22 +1100)]
s4-ldb: ensure ldb_register_samba_handlers() is not done twice
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Tridgell [Tue, 7 Dec 2010 21:21:40 +0000 (08:21 +1100)]
wintest: use --add-ref for RODC replication
this forces the creation of the repsTo attribute, and allows more
complete testing of RODC replication
Andrew Tridgell [Tue, 7 Dec 2010 21:20:54 +0000 (08:20 +1100)]
samba-tools: more reasonable defaults for samba-tool commands
- fallback to machine account where possible
- default to local hostname where this is reasonable
Andrew Tridgell [Tue, 7 Dec 2010 21:19:25 +0000 (08:19 +1100)]
samba-tools: export doesn't need any credentials
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Sat, 4 Dec 2010 02:47:05 +0000 (13:47 +1100)]
s4-provision Always run slaptest to convert the config file
If the directory exists, it does not mean that it is configured - we
may be on a re-run of the provision.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Dec 8 05:19:12 CET 2010 on sn-devel-104
Andrew Bartlett [Sat, 4 Dec 2010 01:34:44 +0000 (12:34 +1100)]
s4-provision Add an invalid names check for 'domain == netbiosname'
(This is also invalid)
Andrew Bartlett