[SCM] Samba Shared Repository - branch v3-6-stable updated
Karolin Seeger
kseeger at samba.org
Tue Jun 7 12:12:57 MDT 2011
The branch, v3-6-stable has been updated
via 314f161 WHATSNEW: Update changes since rc1.
via 058d671 s3:idmap_ldap: allow creation of ldap stored mappings for explicitly configured domains.
via d741e32 s3:idmap_ldap: rename idmap_ldap_get_new_id to idmap_ldap_allocate_id
via 92060c5 s3:idmap_ldap: rename idmap_ldap_allocate_id to idmap_ldap_allocate_id_internal
via 748ed2f Fix bug #8203 - winbindd needs to reset the DC connection if an RPC times out.
via fa6fdab Fix bug #8175 - smbd deadlock.
via 8ea5b00 s3-docs Add documentation for ncalrpc dir (cherry picked from commit 838d69be074dab8ba9626b50916c7d14f7c4954e)
via 2b90b4a WHATSNEW: Add another change since rc1.
via b807fe5 Fix bug #8197 - winbind does not properly detect when a DC connection is dead.
via 709ef6b Add the same fix to the S3 event backend as the previous commit added to the tevent poll backend.
via 9546457 Fix the poll() backend to correctly respond to POLLHUP|POLLERR returns on a fd selected for TEVENT_FD_WRITE only.
via 4848637 WHATSNEW: Update changes since 3.6.0rc1.
via 26f3157 s3:doc: update the ldap_user_dn documentation in the idmap_ldap manpage
via 2653ab7 idmap_ldap.8: Add example with readonly backend
via b2dc899 s3:doc: clean up the example section of the idmap_tdb manpage
via aeaaa8e winbindd.8: Use new idmap syntax for smbconfoptions
via 29a0f67 s3:doc: document "idmap gid" as deprecated.
via 04f0296 s3:doc: document "idmap uid" as deprecated. (cherry picked from commit b3ae1c3694d576ecb414290be759f3f5a9eac5d4)
via bf58828 s3:doc: remove the documentation of "idmap alloc backend", which has been removed (cherry picked from commit f15abb1a16329460cab64d9708caac1a67cb5988)
via 79586ae s3:doc: document "idmap backend" as deprecated. (cherry picked from commit 3c8a743a875db9d68d12cd6d4175f2217f4ecd8b)
via 92de4c0 s3:doc: update documentation of the "idmap config FOO : BAR" familiy of parameters (cherry picked from commit 5ea21cadfa1b895a8fdf9310184daa651c4c6c03)
via 9be48d6 winbindd.8: Fix typo
via 6b428d9 idmap_tdb.8: Remove reference to idmap uid and idmap gid options as fallback
via afee131 idmap_tdb.8: Remove references to alloc backend
via 2f5ec20 idmap_tdb.8: Use new idmap syntax in examples
via 295778b idmap_ldap.8: Remove reference to idmap uid and idmap gid options as fallback
via 063a17c idmap_ldap.8: Backend is not only used for searching
via cfa365f idmap_ldap.8: Remove references to idmap alloc backend
via ae6fd0f idmap_ldap.8: Rework example to use new idmap syntax
via 5ec26dd idmap_tdb2.8: Remove mentioning of deprecated idmap uid and idmap gid options as fallback
via 6b653d4 idmap_tdb2.8: Avoid confusion with idmap uid and idmap gid options
via 3392c25 idmap_tdb2.8: Remove part about alloc backend
via 90fc910 idmap_tdb2.8: Use new syntax in example
via dbbdb20 winbindd.8: Use new syntax in example
via ddc9abc wbinfo.1: Avoid confusion with idmap uid option
via 2bb735e idmap_autorid.8: Avoid confusion with idmap uid and idmap gid options
via 39b7d18 idmap_autorid.8: Use new syntax in autorid backend examples
via 14f0843 idmap_rid.8: Use new syntax in rid backend example
via e0d4f2a idmap_nss.8: Use new syntax for nss backend
via 1d4e79c idmap_hash.8: Use new syntax for hash backend
via 8eeba50 idmap_adex.8: Use new syntax in adex backend example
via 3e73d6c idmap_ad.8: use new syntax in ad backend example
via 2031896 replace: remove waring if IOV_MAX is not defined
via ab101eb Fix bug #7998.
via f9eba8a struct make "struct shadow_copy_data" its own talloc context (cherry picked from commit d77854fbb22bc9237cea14aae1179bbfe3bd0998)
via ad73d37 s3: Remove SHADOW_COPY_DATA typedef (cherry picked from commit 0ec9a90c29b86435f32c1d47d89df85fa51742f2) (cherry picked from commit 0b78d42187ea7da6c14e26dc56b02447aa42eb49)
via fe84d0f s3: Support shadow copy display over SMB2
via 0c4bb56 Split the ACE flag mapping between nfs4 and Windows into two separate functions rather than trying to do it inline. Allows us to carefully control what flags are mapped to what in one place. Modification to bug #8191 - vfs_gpfs dosn't honor ACE_FLAG_INHERITED_ACE (cherry picked from commit 06a02e2f698076bcb8164efa15cc7b79ac19c927)
via 702f2a8 nfs4_acls: pass ACE_FLAG_INHERITED_ACE down from the client
via 9b31a04 nfs4_acls: pass ACE_FLAG_INHERITED_ACE up to the client
via b19cc76 s3-docs: Fix version.
via a865154 s3-winbind: BUG 8166 - Don't lockout users when offline.
via 2c678dc s3: Safely mark our sconn as smb2 if we have that protocol
via f5c83b0 s3:smbcacls: fix parsing of multiple flags
via f3dd047 Improve documentation for net rpc trust
via c6fa268 s3: Use the correct guest_login field in auth_server
via 04a39b2 s3: Extract the guest_login field in sesssetup (cherry picked from commit 01386ff3132ff5c786e83fc24328a80661de6bb7) (cherry picked from commit cce50095eaf4e0c040a4b1262b46d16890f6865a)
via 32940db s3: Fix wct check in cli_sesssetup_blob_done (cherry picked from commit 4ec00fd621e944ff979e9f0a20773202d8c66472) (cherry picked from commit 1afd58160f264079b9c25a1603590c72f68993fc)
via 29dcf09 WHATSNEW: Update changes since rc1.
via df0eba9 Fix bug #6911 - Kerberos authentication from vista to samba fails when security blob size is greater than 16 kB
via 482b3dc s3-docs: Fix some typos.
via 50dc8d0 s3: Fix a typo
via cc6153d Fix our asn.1 parser to handle negative numbers.
via c855074 Actually make use of the SMBTA_SUBRELEASE define in smb_traffic_analyzer.h. This will allow to introduce new features or fixes into the protocol after the 3.6.0 release. The client software is designed to take care for the subrelease number.
via e0a4750 Fix bug #7054 - X account flag does not work when pwdlastset is 0.
via 1f085e9 s3-testparm Warn about incorrect use of 'password server'
via 30374e1 s3-param Depricate 'password server = foo:12389' syntax
via df40b64 s3-param Deprecate a number of security parameters for 3.6
via aabf2a9 docs: Clarify the 'security=server' fails for NTLMv2 (cherry picked from commit 6fc56d402ecbb864f3b906f096ac9e2c77b9fbab)
via d952836 docs: Rewrite 'password server' documentation
via e7c7dba Fix bug #8150 - Ban 'dos charset = utf8' (cherry picked from commit 0b45809109bfbb5bca7913091b465afbd1462103)
via 12e9c37 s3: Document "async smb echo handler"
via 3610d2e WHATSNEW: Start adding changes since rc1.
via efb4239 Fix bug #8157 - std_pcap_cache_reload() fails to parse a cups printcap file correctly.
via c174641 Patch for bug #8156 - net ads join fails to use the user's kerberos ticket.
via 0c7712f s3: Remove two false references to cli->inbuf (cherry picked from commit b1a7bdb93c7fda54a29284f1691de1dc4f3bbf6b)
via b22364d s3: Fix a leftover from fstring removal in cli_state
via 87e5e4f Fix bug 8133 - strange behavior for the file (whose filename first character is period ) in SMB2 case.
via 6aea07c Optimization. If the attributes passed to can_rename() include both FILE_ATTRIBUTE_HIDDEN and FILE_ATTRIBUTE_SYSTEM then there's no point in reading the source DOS attribute, as we're not going to deny the rename on attribute match. (cherry picked from commit e66e505db8e3e6c7938eb09dc55e080f7754ddd1)
via 9dba659 Make protocol version 2 the default protocol, and only run on version 1 if V1 is explcitly given as a module option.
via b7b2b88 s3-epmapper: Fixed endpoint registration.
via dc9e169 Fix bug 8153 found when building on an IPv6-only system by Kai Blin.
via 9f68cd9 Fix Bug 8152 - smbd crash in release_ip()
via c3c3d94 s3:rpc_server: create lp_ncalrpc_dir() with 0755 before lp_ncalrpc_dir()/np with 0700
via 4b6d2eb ncalrpc: Force ncalrpc dir to be mode 755 in all users
via abf2d3a talloc: splitout _talloc_free_children_internal()
via 95400db talloc: fixed a use after free error in talloc_free_children()
via 1a8ea6c talloc: use _talloc_free_internal() in talloc_free_children()
via 4eb4dea talloc: test talloc_steal out of a talloc_pool
via b572ce1 talloc: add memset() calls to test_pool()
via ae69c18 talloc: setup the new 'tc' before TC_UNDEFINE_GROW_CHUNK() _talloc_realloc()
via 0a34d89 talloc: make really sure only optimize realloc if there's only one pool chunk
via 3860609 talloc: make use of _talloc_free_poolmem() in _talloc_realloc()
via 20e22b2 talloc: split the handling of FLAG_POOL/FLAG_POOLMEM in _talloc_free_internal
via 7e66355 Fix typos in LDAP schema files
via 70967f9 Fix bug #8144 - touch /mnt/newfile fails to set timestamp with CIFS client.
via c26bc6b WHATSNEW: Start release notes.
via 05c969c VERSION: Bump version up to 3.6.0rc2.
from ad36479 WHATSNEW: Add further changes since pre3.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-stable
- Log -----------------------------------------------------------------
commit 314f161c00cfe3957f10b0f6f24adab737dfbe88
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue Jun 7 20:12:24 2011 +0200
WHATSNEW: Update changes since rc1.
Karolin
(cherry picked from commit 8db38ec99bcecd80b892f26cf676acb13292c20e)
commit 058d671a24af3f3da409b810fa2f525656369b4c
Author: Michael Adam <obnox at samba.org>
Date: Wed Jun 1 00:30:11 2011 +0200
s3:idmap_ldap: allow creation of ldap stored mappings for explicitly configured domains.
After the preparations, this is achieved by using idmap_ldap_allocate_id_internal()
as get_new_id rw method instead of idmap_ldap_allocate_id().
(cherry picked from commit 74cd06b3dff42bda4dd0a0f3fd250a975d0258ed)
The last 3 patches address bug #8200 (Add Support for multiple writable ldap
idmap domains).
(cherry picked from commit 5c19b41e2b844fddbb88fea8b7cd16bc0e830cfd)
commit d741e32d3efbf7df01f5e0f6b72f33a29ebf3fef
Author: Michael Adam <obnox at samba.org>
Date: Wed Jun 1 00:25:23 2011 +0200
s3:idmap_ldap: rename idmap_ldap_get_new_id to idmap_ldap_allocate_id
This is in preparation of allowing allocating ldap based domain-specific configs.
(cherry picked from commit dea3ef1ab689a3d01846147d2a83377b09335f8f)
(cherry picked from commit 4a40ad004896ce30a997b5142fa73b50ab2762f3)
commit 92060c5b027d6a7ab66d2a41fec52cd060e8579e
Author: Michael Adam <obnox at samba.org>
Date: Wed Jun 1 00:25:23 2011 +0200
s3:idmap_ldap: rename idmap_ldap_allocate_id to idmap_ldap_allocate_id_internal
This is in preparation of allowing allocating ldap based domain-specific configs.
(cherry picked from commit 2de65b97b98e2c8cc218b60da749ac17195d8413)
(cherry picked from commit bf75cacae075a503c08d60f04e2a858271d8b923)
commit 748ed2f171f08433e2ce9c1d2a4bd779af4aa3d5
Author: Jeremy Allison <jra at samba.org>
Date: Fri Jun 3 14:28:33 2011 -0700
Fix bug #8203 - winbindd needs to reset the DC connection if an RPC times out.
Based on Volker's original code.
(cherry picked from commit 5b5ef7f20d34f4c6c1d3d02530ac7b13e051c960)
commit fa6fdabed87049a8351e31349fb3a00dde5ea2ee
Author: Jeremy Allison <jra at samba.org>
Date: Wed Jun 1 12:11:53 2011 -0700
Fix bug #8175 - smbd deadlock.
Force the open operation (which is the expensive one anyway) to
acquire and release locks in a way compatible with the more common
do_lock check.
Jeremy.
(cherry picked from commit f8e1eea238a332ce503c40108d59862b32f83fee)
commit 8ea5b00495307844b0d0ff60711ff7cbaf3f6457
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Jun 7 09:47:26 2011 +1000
s3-docs Add documentation for ncalrpc dir
(cherry picked from commit 838d69be074dab8ba9626b50916c7d14f7c4954e)
commit 2b90b4a1a21725dbdcb3d9f6a9a0ec62dab9f2e3
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue Jun 7 09:15:38 2011 +0200
WHATSNEW: Add another change since rc1.
Karolin
(cherry picked from commit 13eb6f4cd91d0be1208523b47a4ac7c8d9bd91d5)
commit b807fe54a3b1e68910b2ebee9d72ee040e9ecd17
Author: Jeremy Allison <jra at samba.org>
Date: Fri Jun 3 10:22:44 2011 -0700
Fix bug #8197 - winbind does not properly detect when a DC connection is dead.
Only waiting for writability doesn't get fd errors back with poll.
So always begin by selecting for readability, and if we get it then
see if bytes were available to read or it really is an error condition.
If bytes were available, remove the select on read as we know we
will retrieve the error when we've finished writing and start
reading the reply (or the write will timeout or fail).
Metze and Volker please check.
Autobuild-User: Jeremy Allison <jra at samba.org>
Autobuild-Date: Mon Jun 6 21:53:16 CEST 2011 on sn-devel-104
(cherry picked from commit 0efcc94fb834aeb03e8edc3034aa0cdeefdc0985)
(cherry picked from commit 92248f6e51f1e46de8c1a1304b2d48914f21e841)
commit 709ef6bdda3e86892437c79880cfdefcc0f4363c
Author: Jeremy Allison <jra at samba.org>
Date: Fri Jun 3 12:55:19 2011 -0700
Add the same fix to the S3 event backend as the previous commit added to the tevent poll backend.
Metze please check !
Autobuild-User: Jeremy Allison <jra at samba.org>
Autobuild-Date: Sat Jun 4 00:27:37 CEST 2011 on sn-devel-104
(cherry picked from commit 3c9b3b2befc524f21c59f46ea9be1602b4b1bfe8)
(cherry picked from commit 017f84a07dedf700c25da253ac7247633b616056)
commit 9546457783e89514d5be5a7a168f19152ffa6a21
Author: Jeremy Allison <jra at samba.org>
Date: Fri Jun 3 12:31:11 2011 -0700
Fix the poll() backend to correctly respond to POLLHUP|POLLERR returns on a fd selected for TEVENT_FD_WRITE only.
Don't trigger the write handler and remove the POLLOUT flag for this fd. Report errors on TEVENT_FD_READ requests only.
Metze please check !
Jeremy.
Autobuild-User: Jeremy Allison <jra at samba.org>
Autobuild-Date: Fri Jun 3 22:53:52 CEST 2011 on sn-devel-104
(cherry picked from commit dbcdf3e39c359241b743a9455ae695e14a30caa9)
(cherry picked from commit 4da2f8a8c578568d1e9a4770166c46240fce6664)
commit 4848637999bc2d1245936282d03c07610454c761
Author: Karolin Seeger <kseeger at samba.org>
Date: Sun Jun 5 21:34:06 2011 +0200
WHATSNEW: Update changes since 3.6.0rc1.
Karolin
(cherry picked from commit df4a86ebc1e53cc9af24a51cefa6766b88f12e86)
commit 26f315791d0d8d55617652e1e7a158999a59f0c2
Author: Michael Adam <obnox at samba.org>
Date: Wed Jun 1 01:19:50 2011 +0200
s3:doc: update the ldap_user_dn documentation in the idmap_ldap manpage
also extend the example with ldap_user_dn.
Autobuild-User: Michael Adam <obnox at samba.org>
Autobuild-Date: Wed Jun 1 02:53:32 CEST 2011 on sn-devel-104
(cherry picked from commit 36c9a94bc132e738d68e40288b213a895b835e6b)
commit 2653ab7488adecfa33909fd3ba0353b89c22f667
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 23:28:57 2011 +0200
idmap_ldap.8: Add example with readonly backend
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
(cherry picked from commit ed54e2a35234e3519fcc7d0a4587e39ceff36f6a)
commit b2dc899a5424e1bdb6ec70aaabfd3963cf00c816
Author: Michael Adam <obnox at samba.org>
Date: Tue May 31 18:09:14 2011 +0200
s3:doc: clean up the example section of the idmap_tdb manpage
Autobuild-User: Michael Adam <obnox at samba.org>
Autobuild-Date: Tue May 31 19:47:45 CEST 2011 on sn-devel-104
(cherry picked from commit 2c3a74542b81829c919ff70838edd070c65657d9)
commit aeaaa8e069cbd43ccdbca1b434806fc5100677d7
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 17:21:09 2011 +0200
winbindd.8: Use new idmap syntax for smbconfoptions
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
(cherry picked from commit e1709a664872a658e121bae673ab858753a157bf)
commit 29a0f6743497207311fc9eb483904e18e4ade16b
Author: Michael Adam <obnox at samba.org>
Date: Tue May 31 10:29:37 2011 +0200
s3:doc: document "idmap gid" as deprecated.
Autobuild-User: Michael Adam <obnox at samba.org>
Autobuild-Date: Tue May 31 11:39:38 CEST 2011 on sn-devel-104
(cherry picked from commit 16369ac9d84d9abd349bbf777ab6394b7b3ea942)
commit 04f02961b21238655682e9e5964da3c83a379bee
Author: Michael Adam <obnox at samba.org>
Date: Tue May 31 10:29:08 2011 +0200
s3:doc: document "idmap uid" as deprecated.
(cherry picked from commit b3ae1c3694d576ecb414290be759f3f5a9eac5d4)
commit bf58828b234860efff273b9f75888639857f4501
Author: Michael Adam <obnox at samba.org>
Date: Tue May 31 10:08:44 2011 +0200
s3:doc: remove the documentation of "idmap alloc backend", which has been removed
(cherry picked from commit f15abb1a16329460cab64d9708caac1a67cb5988)
commit 79586aeb1ed529651a224c48ed6e95c9e89fcabf
Author: Michael Adam <obnox at samba.org>
Date: Tue May 31 10:07:59 2011 +0200
s3:doc: document "idmap backend" as deprecated.
(cherry picked from commit 3c8a743a875db9d68d12cd6d4175f2217f4ecd8b)
commit 92de4c0e9538bb307ef9ffb65c43ba12a026a8dc
Author: Michael Adam <obnox at samba.org>
Date: Tue May 31 10:03:18 2011 +0200
s3:doc: update documentation of the "idmap config FOO : BAR" familiy of parameters
(cherry picked from commit 5ea21cadfa1b895a8fdf9310184daa651c4c6c03)
commit 9be48d659e2577ab48a32da6bd6d10cfec595ad7
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:39 2011 +0200
winbindd.8: Fix typo
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
Autobuild-User: Michael Adam <obnox at samba.org>
Autobuild-Date: Tue May 31 02:56:52 CEST 2011 on sn-devel-104
(cherry picked from commit 6a7bcff808e75099771ee0409c4e2457b05e30a5)
commit 6b428d91cd24d3633c9c9152d3d4380499cd5885
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:38 2011 +0200
idmap_tdb.8: Remove reference to idmap uid and idmap gid options as fallback
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 8bc2980ad18f1e0a51b3b496e40f46c756513885)
commit afee1312d65bd4ba26199308b399822e4dcc1124
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:37 2011 +0200
idmap_tdb.8: Remove references to alloc backend
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 1ec7b0df60769b39ed0fd4be558abbb679dfe504)
commit 2f5ec203fd3a7ffd49950009cfaea427ce564dfa
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:36 2011 +0200
idmap_tdb.8: Use new idmap syntax in examples
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
(cherry picked from commit c867ebb7b70ab886ff740fc3826b2801beaf8718)
commit 295778be13b2565560d0678a3fbd9546aef86c7e
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:35 2011 +0200
idmap_ldap.8: Remove reference to idmap uid and idmap gid options as fallback
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 40fbab5b48089390a61e7c8432f41c83daf7cd8d)
commit 063a17c2444b7c040441d5cd8400e9c83ec2414b
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:34 2011 +0200
idmap_ldap.8: Backend is not only used for searching
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 5e76967221a7281187aee534c662bf4eeb3ab338)
commit cfa365fc8ebb1f044b96ab2cc7cbab91026887dd
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:33 2011 +0200
idmap_ldap.8: Remove references to idmap alloc backend
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
(cherry picked from commit a1eb060670be257c2bc76f1033036a8aef27d070)
commit ae6fd0f145bd8a75df1fde3ee0f781d72cf1426f
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:32 2011 +0200
idmap_ldap.8: Rework example to use new idmap syntax
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 9ea550bf905e39ca47b8ca2bb56d34a368c04b65)
commit 5ec26dd12c6833539e292644505b9f41a5523f81
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:31 2011 +0200
idmap_tdb2.8: Remove mentioning of deprecated idmap uid and idmap gid options as fallback
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 7b3df5ebd08312b9c20cc4c6e9232d4b569219d1)
commit 6b653d43d5e65557f8675e812d5628881e8461a4
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:30 2011 +0200
idmap_tdb2.8: Avoid confusion with idmap uid and idmap gid options
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
(cherry picked from commit f5bfc2078ea4a1ead53856661390d32d3d4b6754)
commit 3392c25e2e8c356eefb240ef57cc3fd0a1704da8
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:29 2011 +0200
idmap_tdb2.8: Remove part about alloc backend
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 811a8c86cb16b9271bfe7441c8d53803b97fb5a3)
commit 90fc910779ff47b8c7a2ee9764ff537267846418
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:28 2011 +0200
idmap_tdb2.8: Use new syntax in example
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 838e0db43be446dbe72a527b87cde42aa86996f6)
commit dbbdb2076828f8d4258350b64fae66f975fdee86
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:27 2011 +0200
winbindd.8: Use new syntax in example
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
(cherry picked from commit ac7232346df2b1c555a0f6e7fca4f04b0965d112)
commit ddc9abcb844d59dabc9e0787e71fe3d99bc5c555
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:26 2011 +0200
wbinfo.1: Avoid confusion with idmap uid option
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 3fbfc960714f6f2e6a9ce6f80c5f79887861e5f6)
commit 2bb735ea7558ad98a18803966b47937ebad42d9d
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:25 2011 +0200
idmap_autorid.8: Avoid confusion with idmap uid and idmap gid options
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
(cherry picked from commit b21c3ca8e441fe13aec0c5dfd423e0d74c6ac9c2)
commit 39b7d18a42e8f9b7803c760f57e3908669752493
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:24 2011 +0200
idmap_autorid.8: Use new syntax in autorid backend examples
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 4e842a3d1d725b960a75053140585fff378f08ee)
commit 14f0843580e61e7e8b5826b5fbd33045b89ae46a
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:23 2011 +0200
idmap_rid.8: Use new syntax in rid backend example
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
(cherry picked from commit f8e75b44a0c49832d95eba1d1de728fd846f5c3a)
commit e0d4f2a4fcadb548814ae05edf49175789980132
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:22 2011 +0200
idmap_nss.8: Use new syntax for nss backend
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 6716667b7cf5c5b27008e6e10e5b30f9b20442ca)
commit 1d4e79c84e1bcddec44686ca65f2afa94f82a462
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:21 2011 +0200
idmap_hash.8: Use new syntax for hash backend
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
(cherry picked from commit b5e64725f3462ada0579529280aea0bc1963ad11)
commit 8eeba5039890525f6b9bc3663098560e67106a61
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:20 2011 +0200
idmap_adex.8: Use new syntax in adex backend example
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 28eb61ae0c7e1917e728d9dcad900f92e16230fd)
commit 3e73d6c090620e093b708ffbad02752a1a252405
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:19 2011 +0200
idmap_ad.8: use new syntax in ad backend example
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 3bf807f70bd9ca6ffe319b497190a9492eae3b10)
commit 203189653385cd74e304932b3b08b1be05bd6395
Author: Björn Jacke <bj at sernet.de>
Date: Tue May 31 09:47:17 2011 +0200
replace: remove waring if IOV_MAX is not defined
as discussed on samba-techincal we currelty don't rely on it and we don't want
to flood this warning message during compile.
Autobuild-User: Björn Jacke <bj at sernet.de>
Autobuild-Date: Tue May 31 18:36:53 CEST 2011 on sn-devel-104
(cherry picked from commit 65f0800a34270ff0c779c9f3feb63b02d3ec800f)
Fix bug #7998 (fails to build on Hurd because of undefined IOV_MAX or
UIO_MAXIOV).
(cherry picked from commit 65a59d62f82f7a042b05f7a6f527d70c86f6e352)
commit ab101ebf5d31d035b1b1910a8bd2bbd7ba48bbbc
Author: Samuel Thibault <sthibault at debian.org>
Date: Fri Jun 3 20:34:16 2011 +0200
Fix bug #7998.
(fails to build on Hurd because of undefined IOV_MAX or
UIO_MAXIOV)
(cherry picked from commit af5f3ddc46b455163f0b322051230ba1886ea69e)
commit f9eba8a56b1bef0317dc052fe11eeb8b70b3ab69
Author: Volker Lendecke <vl at samba.org>
Date: Mon May 30 12:11:53 2011 +0200
struct make "struct shadow_copy_data" its own talloc context (cherry picked from commit d77854fbb22bc9237cea14aae1179bbfe3bd0998)
The last 3 patches address bug #8189 (Snapshot display not supported over SMB2).
(cherry picked from commit 6aeb13996b2a7c1529a9083ad1a41c724ae1a35c)
commit ad73d377ebcc0e73307628c54315feed259490b2
Author: Volker Lendecke <vl at samba.org>
Date: Mon May 30 12:06:31 2011 +0200
s3: Remove SHADOW_COPY_DATA typedef (cherry picked from commit 0ec9a90c29b86435f32c1d47d89df85fa51742f2)
(cherry picked from commit 0b78d42187ea7da6c14e26dc56b02447aa42eb49)
commit fe84d0f191589f4624c7f72950d4b4707852c806
Author: Volker Lendecke <vl at samba.org>
Date: Mon May 30 17:14:56 2011 +0200
s3: Support shadow copy display over SMB2
Autobuild-User: Volker Lendecke <vlendec at samba.org>
Autobuild-Date: Tue May 31 12:53:10 CEST 2011 on sn-devel-104
(cherry picked from commit 0fcafbf69b345b703dc759518afc8620a7d6f2e8)
(cherry picked from commit 82187ece14c7162baec43a31970ef4ba2561f67b)
commit 0c4bb56ed49f432421c6ba3551e683f55423eeb6
Author: Jeremy Allison <jra at samba.org>
Date: Tue May 31 15:37:30 2011 -0700
Split the ACE flag mapping between nfs4 and Windows into two separate functions rather than trying to do it inline. Allows us to carefully control what flags are mapped to what in one place. Modification to bug #8191 - vfs_gpfs dosn't honor ACE_FLAG_INHERITED_ACE
(cherry picked from commit 06a02e2f698076bcb8164efa15cc7b79ac19c927)
commit 702f2a826691e1e7f51f2e75c4cdc5c047572b55
Author: Gregor Beck <gbeck at sernet.de>
Date: Mon May 23 14:45:57 2011 +0200
nfs4_acls: pass ACE_FLAG_INHERITED_ACE down from the client
Signed-off-by: Michael Adam <obnox at samba.org>
(cherry picked from commit 817c64f5de65c6ba7cc535446279f769d6552618)
Fix bug #8191
(cherry picked from commit 009ceeaad12d5b799c0a4249ce473da97a0e3fec)
commit 9b31a04f6fd1d9abc15cae7ca43d506073e321f1
Author: Gregor Beck <gbeck at sernet.de>
Date: Mon May 23 14:27:11 2011 +0200
nfs4_acls: pass ACE_FLAG_INHERITED_ACE up to the client
Signed-off-by: Michael Adam <obnox at samba.org>
(cherry picked from commit b0471303ba50caab7da5f50e6f7d8c4b1c664238)
Fix bug #8191
(cherry picked from commit ab1fd07266075acb78276ed0e6347c6db11759c2)
commit b19cc76c8a3b8feed8d347eff935e2aa8c73dc9d
Author: Karolin Seeger <kseeger at samba.org>
Date: Thu Jun 2 20:31:22 2011 +0200
s3-docs: Fix version.
s/4.0/3.6/g
Karolin
(cherry picked from commit d6b991a6dc4ea572d6c1d7678a4649e932cec772)
commit a865154b24547840e43b440ed7ca00ec6dd78e6d
Author: Jim McDonough <jmcd at samba.org>
Date: Wed May 25 10:49:41 2011 -0400
s3-winbind: BUG 8166 - Don't lockout users when offline.
Windows does not track bad password attempts when offline. We were locking users out but not honoring the lockout duration.
Autobuild-User: Jim McDonough <jmcd at samba.org>
Autobuild-Date: Wed May 25 18:11:10 CEST 2011 on sn-devel-104
(cherry picked from commit b58534f1fca27e3e72f4f4107538ec05734bd42a)
(cherry picked from commit c5b79122d9ea3945df721cb364249c5c33f35b19)
commit 2c678dcd6722dff74fa1016dab90071eb1bff5cd
Author: Volker Lendecke <vl at samba.org>
Date: Mon May 30 16:30:54 2011 +0200
s3: Safely mark our sconn as smb2 if we have that protocol
Otherwise smbd will crash at an unclean exit. Without this conn_close_all will
do a close_cnum() on all connection_struct's. In smb2, those are talloc
children of the smbd_smb2_tcon's. sconn is talloc_free'ed after the
conn_close_all, but the smbd_smb2_tcon destructor will still reference
tcon->compat_conn, referencing then free'ed (and null'ed out) memory.
Autobuild-User: Volker Lendecke <vlendec at samba.org>
Autobuild-Date: Mon May 30 22:49:53 CEST 2011 on sn-devel-104
(cherry picked from commit c981d4fa1269569a1c2db4bf72a67a357aacd69f)
Fix bug #8199 (potential crash in smbd handling smb2).
(cherry picked from commit 43610924c0052d8ea2defb54493677607a06332a)
commit f5c83b0bfd4f1a867ff4b9fb6de89372ba8634a3
Author: Gregor Beck <gbeck at sernet.de>
Date: Thu May 26 10:15:56 2011 +0200
s3:smbcacls: fix parsing of multiple flags
Signed-off-by: Michael Adam <obnox at samba.org>
(cherry picked from commit c967e8fae5babf6e337c0e2b85fc42eccfe9e4c4)
Fix bug #8192
(cherry picked from commit 28f0326b22483cce6cb86cfa9772bc5d4e3b7c5f)
commit f3dd047353d12b40f103e43594108998af689b78
Author: Sumit Bose <sbose at redhat.com>
Date: Mon May 30 11:14:47 2011 +0200
Improve documentation for net rpc trust
Add man pages entries and fix usage output.
Signed-off-by: Günther Deschner <gd at samba.org>
Autobuild-User: Günther Deschner <gd at samba.org>
Autobuild-Date: Mon May 30 20:05:34 CEST 2011 on sn-devel-104
(cherry picked from commit e10f27d5759b2d21c82fdb20f5641e1f6feab158)
(cherry picked from commit 330d16f39097208c807526ccdc4ff7ab4e7d9c48)
commit c6fa268956d0144cfcfcb0b8eafba48376940892
Author: Volker Lendecke <vl at samba.org>
Date: Sun May 29 10:58:46 2011 +0200
s3: Use the correct guest_login field in auth_server
Autobuild-User: Volker Lendecke <vlendec at samba.org>
Autobuild-Date: Sun May 29 13:57:21 CEST 2011 on sn-devel-104
(cherry picked from commit 0969c3398e73e66c9e004740127da7c29e951050)
The last 3 patches address bug #8185 (security=server does not obey guest login
field).
(cherry picked from commit 91447e8b49e27b9e2d76cf8f99efdc1faca49fc4)
commit 04a39b2d2a23bdbe78d2f2b71598165955e82b0a
Author: Volker Lendecke <vl at samba.org>
Date: Sun May 29 10:58:05 2011 +0200
s3: Extract the guest_login field in sesssetup
(cherry picked from commit 01386ff3132ff5c786e83fc24328a80661de6bb7)
(cherry picked from commit cce50095eaf4e0c040a4b1262b46d16890f6865a)
commit 32940db43c92d2b1a26e56b43ca0da3e6890cbc3
Author: Volker Lendecke <vl at samba.org>
Date: Sun May 29 10:56:39 2011 +0200
s3: Fix wct check in cli_sesssetup_blob_done
(cherry picked from commit 4ec00fd621e944ff979e9f0a20773202d8c66472)
(cherry picked from commit 1afd58160f264079b9c25a1603590c72f68993fc)
commit 29dcf096f352b104dd397f94165a0c4fb6e44414
Author: Karolin Seeger <kseeger at samba.org>
Date: Mon May 30 21:06:32 2011 +0200
WHATSNEW: Update changes since rc1.
Karolin
(cherry picked from commit a701f8f27e1b67c381f5c57603a461249e4c4e38)
commit df0eba99806a39a9caa1edb4841a3e03d50c76a9
Author: Jeremy Allison <jra at samba.org>
Date: Thu May 26 16:48:42 2011 -0700
Fix bug #6911 - Kerberos authentication from vista to samba fails when security blob size is greater than 16 kB
We were not correctly checking the output of asn1_start_tag().
asn1_start_tag() returns -1 and sets data->has_error if the
remaining blob size is too short to contain the tag length.
We were checking data->has_error and returning NT_STATUS_OK
(to allow the second asn.1 parse to fail in that case). We
should not be checking data->has_error in this case, but
falling through to the code that already checks the length.
Thanks to Jim for reproducing this for me. We don't get bitten
by this as we announce a max buffer size of 16k, greater than
Windows's 4k, which means that most krb5 spnego packets already
fit.
Jeremy.
(cherry picked from commit 2e490ae208d31c4112b851eeaf346837f637fcd3)
commit 482b3dc72b303a59e82ad8078f12d364adbfc349
Author: Benjamin Brunner <bbrunner at suse.de>
Date: Fri May 27 12:39:41 2011 +0200
s3-docs: Fix some typos.
This patch is a manpage update addressing the typos and mistakes in the vfs_smb_traffic_analyzer manpage and the smbta-util manpage, which have been brought up in these threads on samba-technical: http://lists.samba.org/archive/samba-technical/2011-May/077801.html http://lists.samba.org/archive/samba-technical/2011-May/077800.html http://lists.samba.org/archive/samba-technical/2011-May/077753.html
I have seen Volker already fixed the typos in
127d417e8ebc967572df7a75b342897a6a8fb71e , but I haven't found
"Ultimatively" in any dictionary, so this patch just removes the
word completely.
Thanks to Samba-JP oota <ribbon at samba.gr.jp> for reporting.
The last 2 patches address bug #8178 (Collection of manpage updates for SMB
Traffic Analyzer).
(cherry picked from commit 3e3b85f2796166109ce9a72f797a3ca708e7d186)
commit 50dc8d0e4ab00ae28a73c52481c37c7574711ab0
Author: Volker Lendecke <vl at samba.org>
Date: Fri May 27 08:42:30 2011 +0200
s3: Fix a typo
Thanks to Samba-JP oota <ribbon at samba.gr.jp>
(cherry picked from commit 127d417e8ebc967572df7a75b342897a6a8fb71e)
(cherry picked from commit b747545fa4cd8985f4e06a08623d38205fa5d0cf)
commit cc6153d647013ae16bb36237306ac2d908423da9
Author: Jeremy Allison <jra at samba.org>
Date: Tue May 24 12:47:31 2011 -0700
Fix our asn.1 parser to handle negative numbers.
Autobuild-User: Jeremy Allison <jra at samba.org>
Autobuild-Date: Tue May 24 22:57:16 CEST 2011 on sn-devel-104
(cherry picked from commit e719dfd4dc178f001a5f804fb1ac4e587574415f)
Fix bug #8163 (asn.1 library does not correctly read negative integers).
(cherry picked from commit 859d13141cd831488b60e413f7141514ae4464b5)
commit c855074c2e886c69bfa972962eaac25ed4d434b0
Author: Holger Hetterich <hhetter at novell.com>
Date: Sun Feb 20 11:32:39 2011 +0100
Actually make use of the SMBTA_SUBRELEASE define in smb_traffic_analyzer.h. This will allow to introduce new features or fixes into the protocol after the 3.6.0 release. The client software is designed to take care for the subrelease number.
Fix bug #8154 (Actually make use of SMBTA subversion numbers).
(cherry picked from commit 12c0c8bc79ec762f983be6955fe14f8561bf6bfd)
commit e0a4750a52e7e95b33322fba43a13841f48e3c37
Author: Jeremy Allison <jra at samba.org>
Date: Mon May 23 17:14:47 2011 -0700
Fix bug #7054 - X account flag does not work when pwdlastset is 0.
Don't allow pass_last_set_time to be set to zero (which means
"user must change password on next logon") if user object doesn't
allow password change.
Don't automatically allow user object password change if
"user must change password on next logon" is set.
Jim please check.
Jeremy.
(cherry picked from commit 4ae564df76c99a3866188dfb7e5a236188e97350)
commit 1f085e919c50ef56c34ced554e20e74cb94b9b57
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed May 18 11:53:34 2011 +1000
s3-testparm Warn about incorrect use of 'password server'
The last 5 patches address bug #8151 (deprecate security parameters for 3.6).
(cherry picked from commit c173b7bc0bf1e93406b692b27e1987928e81b47c)
commit 30374e1c9be4e60efc760506627c5a6efe818a2a
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon May 23 10:42:57 2011 +1000
s3-param Depricate 'password server = foo:12389' syntax
This was originally intended to allow the LDAP port on a DC to be
varied, but makes little sense to change one port when in an
environment where krb5, ldap, smb and potentially DCE/RPC over TCP are
involved.
Andrew Bartlett
(cherry picked from commit 7938753a2973f596bc4cfac7d7829faeb550e7c1)
commit df40b6463c1ebf671e3fb51d8029152beb740cac
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri May 13 17:55:41 2011 +0200
s3-param Deprecate a number of security parameters for 3.6
This follows up on the agreement on the samba-technical list in Jan
2011 to deprecate these options, and to possibly remove these in the
4.0 release after user feedback.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet at samba.org>
Autobuild-Date: Fri May 13 19:51:41 CEST 2011 on sn-devel-104
(cherry picked from commit da3c01387dc0ae0be0de768b4240f164b0a96c25)
commit aabf2a9aadd5367e6460f8851741a0667e9627bd
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon May 23 10:42:40 2011 +1000
docs: Clarify the 'security=server' fails for NTLMv2
(cherry picked from commit 6fc56d402ecbb864f3b906f096ac9e2c77b9fbab)
commit d952836d5f7699bb2bf8d644cdb86f9c96b26224
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon May 23 10:20:47 2011 +1000
docs: Rewrite 'password server' documentation
I think this new version is more clear.
Andrew Bartlett
(cherry picked from commit 168522c1cbb7981e87cc05bf619f65867e5d3cb3)
commit e7c7dba0f8e009275d68c02b143f67f0ae052c05
Author: Jeremy Allison <jra at samba.org>
Date: Mon May 23 10:57:56 2011 -0700
Fix bug #8150 - Ban 'dos charset = utf8'
(cherry picked from commit 0b45809109bfbb5bca7913091b465afbd1462103)
commit 12e9c3770a058b5db536fc0f14792cf737d47067
Author: Volker Lendecke <vl at samba.org>
Date: Thu May 26 11:40:21 2011 +0200
s3: Document "async smb echo handler"
Autobuild-User: Volker Lendecke <vlendec at samba.org>
Autobuild-Date: Thu May 26 12:50:55 CEST 2011 on sn-devel-104
(cherry picked from commit 875e29ba830b269faf8ca7ff7cd7fc95c0c18f28)
Fix bug #7571 (Documentation on new "async smb echo handler" parameter is
missing).
(cherry picked from commit 341694edc159b8b923ce4d5c22bebed6e1e7ad1b)
commit 3610d2e40eedfd4c19839e74bb1f4304989a3a83
Author: Karolin Seeger <kseeger at samba.org>
Date: Mon May 23 21:41:27 2011 +0200
WHATSNEW: Start adding changes since rc1.
Karolin
(cherry picked from commit 9a01a1569359ab7d527c2a080fb7861a03a8fe12)
commit efb4239e1dc7143a2562389888e9fef87a28d3a1
Author: Jeremy Allison <jra at samba.org>
Date: Fri May 20 12:27:02 2011 -0700
Fix bug #8157 - std_pcap_cache_reload() fails to parse a cups printcap file correctly.
The parsing code made some strange assumptions about what is a printer
name, and what is a comment.
(cherry picked from commit bc602ad464291380d4dea007668d453439467cc4)
commit c17464155a8a73fac843e08df540c83631428d14
Author: Jeremy Allison <jra at samba.org>
Date: Fri May 20 14:43:50 2011 -0700
Patch for bug #8156 - net ads join fails to use the user's kerberos ticket.
If kerberos_get_realm_from_hostname() or kerberos_get_default_realm_from_ccache() fails due to
a misconfigured krb5.conf, try the "realm =" from smb.conf as a fallcback before going back to
NTLMSSP (which we'll do anyway).
(cherry picked from commit ccab9efb653cfacdd357986f7a8a85c17df7abbb)
commit 0c7712f3559278cf7385ef1e6d1c2195f7198f32
Author: Volker Lendecke <vl at samba.org>
Date: Mon May 23 12:21:17 2011 +0200
s3: Remove two false references to cli->inbuf (cherry picked from commit b1a7bdb93c7fda54a29284f1691de1dc4f3bbf6b)
Fix bug #8159 (Memory corruption in fetching cli->server_domain from the
server.).
(cherry picked from commit d4c8b92a29aa9dcc976185aeb35ead8e911aab9c)
commit b22364db4d1c711890a75dec8d23549f0c268bef
Author: Volker Lendecke <vl at samba.org>
Date: Mon May 23 15:36:20 2011 +0200
s3: Fix a leftover from fstring removal in cli_state
Jeremy, please check!
(cherry picked from commit 9514f96856ccf822b683b5362fd2eb4a4e9e418a)
(cherry picked from commit 0f574d1a2fbc1b043c96b103bda1b74b1088fd5b)
commit 87e5e4f23214a00b701698be6e151ac169357e3d
Author: Jeremy Allison <jra at samba.org>
Date: Thu May 19 16:39:18 2011 -0700
Fix bug 8133 - strange behavior for the file (whose filename first character is period ) in SMB2 case.
When doing SMB2 renames, we need to match all filetypes (no attributes field in the SMB2 call).
By default a file starting with a period is returned as FILE_ATTRIBUTE_HIDDEN in Samba.
Autobuild-User: Jeremy Allison <jra at samba.org>
Autobuild-Date: Fri May 20 19:26:04 CEST 2011 on sn-devel-104
(cherry picked from commit 318c77ec46c3769d462bada130956d0081c48be2)
commit 6aea07c487f877dc1fe6de1982fc62fcaa2ecd64
Author: Jeremy Allison <jra at samba.org>
Date: Thu May 19 16:38:11 2011 -0700
Optimization. If the attributes passed to can_rename() include both FILE_ATTRIBUTE_HIDDEN and FILE_ATTRIBUTE_SYSTEM then there's no point in reading the source DOS attribute, as we're not going to deny the rename on attribute match.
(cherry picked from commit e66e505db8e3e6c7938eb09dc55e080f7754ddd1)
commit 9dba659e7232099b271eea79b396509bfeb085fd
Author: Holger Hetterich <hhetter at novell.com>
Date: Wed May 18 15:24:23 2011 +0200
Make protocol version 2 the default protocol, and only run on version 1 if V1 is explcitly given as a module option.
I haven't received a single line of feedback on protocol v1
for at least 1 1/2 years, whereas protocol v2 has an active
userbase and more people developing around it.
This patch includes a manpage update, describing the new
version handling, as well as documenting the recent changes
making the module transfer the IP address of the client machine
as submitted with
464c69609aa7e582f484c1d357b7c6d3eb2bcbe3.
Bug #8148 (Default to protocol version 2 for SMB Traffic Analyzer in Samba
3.6.0).
(cherry picked from commit 9231770df9189701da7020c77ebd672942f25773)
commit b7b2b8827e7442a2f61b41873cc55ae05a68df49
Author: Andreas Schneider <asn at samba.org>
Date: Wed May 18 12:10:42 2011 +0200
s3-epmapper: Fixed endpoint registration.
Autobuild-User: Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date: Fri May 20 12:03:18 CEST 2011 on sn-devel-104
(cherry picked from commit 7ab9e26b601e4e51736ce6eace46e6588fa1148f)
Fix bug #8155 (Registering only named pipes on EPM for a service doesn't work).
(cherry picked from commit aba30a8d502f0a425672205734bfb91d4286fc14)
commit dc9e1691f6b51658042d60a9f697afd4da9340a7
Author: Jeremy Allison <jra at samba.org>
Date: Thu May 19 12:32:15 2011 -0700
Fix bug 8153 found when building on an IPv6-only system by Kai Blin.
When building on IPv6-only, doing:
hints.ai_family = AF_INET;
getaddrinfo("0.0.0.0", NULL, &hints, &ppres)
fails as AF_INET is unavailable on an IPv6-only system. This
causes us to fallback to our replacement getaddrinfo code
which is IPv4-only.
As we're only trying to detect a specific AIX bug here,
broaden the tests to find that bug, and also test for
working getaddrinfo in an IPv6-only safe way.
(cherry picked from commit 85468960ebdb3d813bd863e57f6dca6bab61bec2)
commit 9f68cd9634dce9078d19f3addbb1f55bf28ae41f
Author: Christian Ambach <ambi at samba.org>
Date: Thu May 19 18:13:40 2011 +0200
Fix Bug 8152 - smbd crash in release_ip()
release_ip() needs the private_data, but it was never saved away
to feed it into release_ip() later
Autobuild-User: Christian Ambach <ambi at samba.org>
Autobuild-Date: Thu May 19 21:21:14 CEST 2011 on sn-devel-104
(cherry picked from commit 642c6ba2b9c581bacfcb9a6cb4c5c95d446263ce)
(cherry picked from commit 72e50d34eeac4cd72ec2f6b3609b5373f1f1ec15)
commit c3c3d94148bd5d6ea5cf5d089c76cfbc240fe9f0
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue May 17 10:32:38 2011 +0200
s3:rpc_server: create lp_ncalrpc_dir() with 0755 before lp_ncalrpc_dir()/np with 0700
metze
Autobuild-User: Stefan Metzmacher <metze at samba.org>
Autobuild-Date: Tue May 17 13:01:14 CEST 2011 on sn-devel-104
(cherry picked from commit cb227d6d1492247d8aff03807cac0b7266202a38)
The last 2 patches address bug #8141 (wrong permissions on lp_ncalrpc_dir()).
(cherry picked from commit ba6f63ca67fc9e0b2bfa54ccf2cf0b78c53db74b)
commit 4b6d2eba7ad02564fe51206bfab9815a582516b9
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sun May 8 10:29:27 2011 +0200
ncalrpc: Force ncalrpc dir to be mode 755 in all users
This allows this directory to be shared between Samba3 and Samba4 in a
Franky-style setup easily.
Andrew Bartlett
(cherry picked from commit aae9353ecf56323b63da66aa84d8a0a4f219d94d)
(cherry picked from commit 6e89c230046f1b7300ba5f76dfbc81c57af69fe5)
commit abf2d3a955fc15eaf645b5ca0cd0dd972a23e297
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue May 17 08:50:45 2011 +0200
talloc: splitout _talloc_free_children_internal()
metze
Autobuild-User: Stefan Metzmacher <metze at samba.org>
Autobuild-Date: Tue May 17 10:49:13 CEST 2011 on sn-devel-104
(cherry picked from commit df2cb2f672569e5d113fe2e77fdc1ee16c8b646d)
The last 9 patches address bug #8140 (talloc: valgrind false positives and other
backports).
(cherry picked from commit 7304370a2423230120a9ceebd1016966658f713f)
commit 95400db32f3064400dd7757b97f5193e80801746
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Apr 8 12:30:46 2011 +0200
talloc: fixed a use after free error in talloc_free_children()
This is similar to commit 6f51a1f45bf4de062cce7a562477e8140630a53d.
metze
(cherry picked from commit 38633c9f0b7f86673f08903999583ad5b62c3548)
(cherry picked from commit e3ff6f5bbe09913b45ea1aef613c8790b25a978c)
commit 1a8ea6ccdafbde5b60999fa12625b6301ab921cc
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Apr 8 12:27:05 2011 +0200
talloc: use _talloc_free_internal() in talloc_free_children()
metze
(cherry picked from commit f3b855d2ff9576715afe50d75678829c6bc0842d)
(cherry picked from commit d54493b4b43cc0d299486e571d813f90a7b22059)
commit 4eb4dea7bd767a37e019f912f8bd7b22dc8b9e47
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon May 16 19:25:47 2011 +0200
talloc: test talloc_steal out of a talloc_pool
metze
Autobuild-User: Stefan Metzmacher <metze at samba.org>
Autobuild-Date: Tue May 17 09:43:01 CEST 2011 on sn-devel-104
(cherry picked from commit 37b2130ed9612a7334888ecd2fee26b0b45ac271)
(cherry picked from commit ac6bb22a8c054e5949e07f563bf9fba46d22358d)
commit b572ce13426edc526a017e1f95260f874d7127a5
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue May 17 08:20:13 2011 +0200
talloc: add memset() calls to test_pool()
This way we the pool based valgrind code.
metze
(cherry picked from commit 16cc52cf70a9918843f9761baf483338c80bf1d0)
(cherry picked from commit ade2fe7e8fc299e01ba13a08c95598eefa5b99b5)
commit ae69c18ffb2fbf2c860ad97ed2a1caa15af7f29a
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue May 17 08:19:04 2011 +0200
talloc: setup the new 'tc' before TC_UNDEFINE_GROW_CHUNK() _talloc_realloc()
metze
(cherry picked from commit c281f2fc1a359d0d3b91b94438f11bb7c88170b5)
(cherry picked from commit 75ce3de1eb2e7042c7a4ffcb6f0f6aa2a41c19b5)
commit 0a34d89a35af746ac54440fe4812d85c77b39219
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon May 16 20:15:59 2011 +0200
talloc: make really sure only optimize realloc if there's only one pool chunk
*talloc_pool_objectcount(pool_tc) == 2 doesn't mean the one of the objects
is the pool itself! So we better check for == 1 and calculate the chunk count.
metze
(cherry picked from commit 7102105c8954627dc30a851327cf2642ac0783d5)
(cherry picked from commit 8e95d3201adc546000ca29816c83aba6fab52b1a)
commit 3860609d9ec4ea7ac74cc1a7518d25699af6a8e3
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon May 16 20:23:13 2011 +0200
talloc: make use of _talloc_free_poolmem() in _talloc_realloc()
This should follow the same logic...
metze
(cherry picked from commit 14b662ee4f278764b9dfd620851e908d29f29fc4)
(cherry picked from commit dc8b2979168c6688c647cdc39d321eb54bd0aa5b)
commit 20e22b2def86397f9f22cb89292fe500d6313600
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon May 16 19:06:07 2011 +0200
talloc: split the handling of FLAG_POOL/FLAG_POOLMEM in _talloc_free_internal
The optimization of the object_count == 1 case should only happen
for when we're not destroying the pool itself. And it should only
happen if the pool itself is still valid.
If the pool isn't valid (it has TALLOC_FLAG_FREE),
object_count == 1 does not mean that the pool is the last object,
which can happen if you use talloc_steal/move() on memory
from the pool and then free the pool itself.
Thanks to Volker for noticing this!
metze
(cherry picked from commit 2d514be1ed3b8245157a0a51186ec7f9db828202)
(cherry picked from commit 4cf761bb5a030340625172a51212b11613efea02)
commit 7e66355bea005c0dbae399daf709e8315b232410
Author: Sumit Bose <sbose at redhat.com>
Date: Tue May 17 08:58:50 2011 +0200
Fix typos in LDAP schema files
Reported by: John Danks <john.danks at gmail.com>
Signed-off-by: Günther Deschner <gd at samba.org>
Autobuild-User: Günther Deschner <gd at samba.org>
Autobuild-Date: Tue May 17 11:56:08 CEST 2011 on sn-devel-104
Fix bug #8142 (typo in several LDAP schema files).
(cherry picked from commit eb15457258ad7a54d5a3c4431be8307331e3a6e3)
commit 70967f9498fd23727228ed513547d4820f6dbe45
Author: Jeremy Allison <jra at samba.org>
Date: Tue May 17 16:18:51 2011 -0700
Fix bug #8144 - touch /mnt/newfile fails to set timestamp with CIFS client.
The extra checks added for Windows correctness in our metadata changing paths
to ensure the file handle has been opened with the correct access mask to
allow FILE_WRITE_ATTRIBUTES etc. caused problems with the POSIX open code.
The old POSIX open code maped O_RDONLY into FILE_READ, O_WRONLY into FILE_WRITE,
and O_RDWR into FILE_READ|FILE_WRITE. This patch extends the mapping to add
FILE_WRITE_ATTRIBUTES, FILE_READ_ATTRIBUTES and FILE_WRITE_EA, FILE_READ_EA to
allow POSIX opens to set these values.
(cherry picked from commit d68dbed16939a4ba04435f7dad490d0a9fa60bdb)
commit c26bc6b3019b465af23d8794487bf9e5623037e4
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue May 17 21:13:15 2011 +0200
WHATSNEW: Start release notes.
Karolin
(cherry picked from commit 881d39ca03588994c2f9e3e49db23470984d58e5)
commit 05c969cd354d23b411019a2a1085316c419e06e4
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue May 17 21:10:39 2011 +0200
VERSION: Bump version up to 3.6.0rc2.
Karolin
(cherry picked from commit 24f54eb90f18cb876cf1c49a56e399a946758363)
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 89 ++++++++-
docs-xml/manpages-3/idmap_ad.8.xml | 5 +-
docs-xml/manpages-3/idmap_adex.8.xml | 5 +-
docs-xml/manpages-3/idmap_autorid.8.xml | 12 +-
docs-xml/manpages-3/idmap_hash.8.xml | 5 +-
docs-xml/manpages-3/idmap_ldap.8.xml | 107 ++++------
docs-xml/manpages-3/idmap_nss.8.xml | 5 +-
docs-xml/manpages-3/idmap_rid.8.xml | 5 +-
docs-xml/manpages-3/idmap_tdb.8.xml | 55 +-----
docs-xml/manpages-3/idmap_tdb2.8.xml | 30 +---
docs-xml/manpages-3/ldbadd.1.xml | 2 +-
docs-xml/manpages-3/ldbdel.1.xml | 2 +-
docs-xml/manpages-3/ldbedit.1.xml | 2 +-
docs-xml/manpages-3/ldbmodify.1.xml | 2 +-
docs-xml/manpages-3/ldbrename.1.xml | 2 +-
docs-xml/manpages-3/ldbsearch.1.xml | 2 +-
docs-xml/manpages-3/net.8.xml | 120 +++++++++++
docs-xml/manpages-3/smbta-util.8.xml | 8 +-
docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml | 12 +-
docs-xml/manpages-3/wbinfo.1.xml | 2 +-
docs-xml/manpages-3/winbindd.8.xml | 18 +-
docs-xml/smbdotconf/logon/enableprivileges.xml | 2 +-
docs-xml/smbdotconf/misc/asyncsmbechohandler.xml | 15 ++
docs-xml/smbdotconf/misc/ncalrpcdir.xml | 13 ++
docs-xml/smbdotconf/protocol/usespnego.xml | 2 +-
docs-xml/smbdotconf/security/passwordlevel.xml | 2 +-
docs-xml/smbdotconf/security/passwordserver.xml | 106 +++++-----
docs-xml/smbdotconf/security/security.xml | 145 +++++++-------
docs-xml/smbdotconf/security/username.xml | 2 +-
docs-xml/smbdotconf/winbind/idmapallocconfig.xml | 14 --
docs-xml/smbdotconf/winbind/idmapbackend.xml | 35 +---
docs-xml/smbdotconf/winbind/idmapconfig.xml | 103 ++++++++--
docs-xml/smbdotconf/winbind/idmapgid.xml | 13 +-
docs-xml/smbdotconf/winbind/idmapuid.xml | 12 +-
examples/LDAP/samba-nds.schema | 2 +-
examples/LDAP/samba-schema-FDS.ldif | 2 +-
examples/LDAP/samba-schema-netscapeds5.x | 2 +-
examples/LDAP/samba.schema | 4 +-
examples/LDAP/samba.schema.oc.IBM-DS | 2 +-
lib/async_req/async_sock.c | 38 +++-
lib/replace/libreplace_network.m4 | 19 ++-
lib/replace/system/network.h | 2 -
lib/talloc/talloc.c | 216 +++++++++++---------
lib/talloc/testsuite.c | 86 ++++++++
lib/tevent/tevent_poll.c | 14 ++-
lib/util/asn1.c | 9 +
source3/VERSION | 2 +-
source3/auth/auth_server.c | 2 +-
source3/include/client.h | 1 +
source3/include/ntioctl.h | 5 +-
source3/lib/ctdbd_conn.c | 5 +
source3/lib/events.c | 15 ++-
source3/libsmb/cliconnect.c | 73 +++++--
source3/modules/nfs4_acls.c | 67 ++++++-
source3/modules/nfs4_acls.h | 3 +-
source3/modules/vfs_default.c | 5 +-
source3/modules/vfs_full_audit.c | 3 +-
source3/modules/vfs_shadow_copy.c | 7 +-
source3/modules/vfs_shadow_copy2.c | 6 +-
source3/modules/vfs_smb_traffic_analyzer.c | 22 ++-
source3/modules/vfs_smb_traffic_analyzer.h | 2 +-
source3/modules/vfs_time_audit.c | 2 +-
source3/param/loadparm.c | 61 +++++-
source3/passdb/pdb_get_set.c | 3 +-
source3/printing/print_standard.c | 13 +-
source3/rpc_server/rpc_ep_setup.c | 8 +-
source3/rpc_server/rpc_server.c | 15 ++-
source3/rpc_server/samr/srv_samr_util.c | 11 +-
source3/smbd/nttrans.c | 24 +--
source3/smbd/open.c | 98 +++++++---
source3/smbd/process.c | 3 +
source3/smbd/reply.c | 13 +-
source3/smbd/sesssetup.c | 28 +++-
source3/smbd/smb2_ioctl.c | 121 +++++++++++
source3/smbd/smb2_negprot.c | 2 +
source3/smbd/trans2.c | 30 ++-
source3/smbd/vfs.c | 2 +-
source3/utils/net_rpc_trust.c | 29 ++--
source3/utils/smbcacls.c | 7 +-
source3/utils/testparm.c | 21 ++-
source3/winbindd/idmap_ldap.c | 18 +-
source3/winbindd/winbindd_dual_srv.c | 81 ++++++--
source3/winbindd/winbindd_pam.c | 5 +-
source4/smbd/service_named_pipe.c | 7 +
84 files changed, 1462 insertions(+), 708 deletions(-)
create mode 100644 docs-xml/smbdotconf/misc/asyncsmbechohandler.xml
create mode 100644 docs-xml/smbdotconf/misc/ncalrpcdir.xml
delete mode 100644 docs-xml/smbdotconf/winbind/idmapallocconfig.xml
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 5626691..c3c514c 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,10 +1,10 @@
================================
- Release Notes for Samba 3.6.0rc1
- May 17, 2011
+ Release Notes for Samba 3.6.0rc2
+ June 7, 2011
================================
-This is the first release candidate of Samba 3.6.0. This is *not*
+This is the second release candidate of Samba 3.6.0. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
@@ -166,10 +166,10 @@ endpoint mapper is like a DNS server but for ports. If you want to talk to a
certain RPC service over TCP/IP, you just ask the endpoint mapper on which
port it is running. Then you can connect to the service and make sure that it
is running.
+
The code is deactivated by default, because it needs more testing and it
-doesn't scale yet. We will work on these limitations and hopefully release it
-with pre3. If you want to enable and test the endpoint mapper you can set
-"rpc_server:epmapper = daemon" in the smb.conf file.
+doesn't scale yet. If you want to enable and test the endpoint mapper
+you can set "rpc_server:epmapper = daemon" in the smb.conf file.
Internal restructuring
@@ -252,6 +252,83 @@ o Andreas Schneider <asn at samba.org>
* Add an Endpoint Mapper daemon.
+Changes since 3.6.0rc1
+----------------------
+
+o Michael Adam <obnox at samba.org>
+ * BUG 8200: Add support for multiple writeable ldap idmap domains.
+
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 6911: Fix Kerberos authentication from Vista to Samba.
+ * BUG 7054: Fix X account flag when "pwdlastset" is "0".
+ * BUG 8133: Fix strange behavior for the file (whose filename first
+ character is period ) in SMB2 case.
+ * BUG 8144: Fix setting timestamp when touching files with CIFS clients.
+ * BUG 8150: Ban "dos charset = utf8".
+ * BUG 8153: Fix setting up getaddrinfo on IPv6-only machines.
+ * BUG 8156: Fix 'net ads join' using the user's Kerberos ticket.
+ * BUG 8157: Fix parsing a cups printcap file.
+ * BUG 8163: Fix our asn.1 parser to handle negative numbers.
+ * BUG 8175: Fix smbd deadlock.
+ * BUG 8191: Split the ACE flag mapping between nfs4 and Windows into two
+ separate functions.
+ * BUG 8197: Winbind does not properly detect when a DC connection is dead.
+ * BUG 8203: Winbind needs to reset the DC connection if an RPC times out.
+
+
+o Christian Ambach <ambi at samba.org>
+ * BUG 8152: Fix smbd crash in release_ip().
+
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 8151: Deprecate security parameters.
+
+
+o Gregor Beck <gbeck at sernet.de>
+ * BUG 8191: nfs4_acls: Pass ACE_FLAG_INHERITED_ACE up to the client/down
+ from the client.
+ * BUG 8192: Fix parsing of multiple flags in 'smbcacls'.
+
+
+o Sumit Bose <sbose at redhat.com>
+ * BUG 8142: Fix typos in LDAP schema files.
+
+
+o Holger Hetterich <hhetter at novell.com>
+ * BUG 8148: Default to protocol version 2 for SMB Traffic Analyzer.
+ * BUG 8154: Actually make use of SMBTA subversion numbers.
+
+
+o Björn Jacke <bj at sernet.de>
+ * BUG 7998: Remove warning if IOV_MAX is not defined.
+
+
+o Jim McDonough <jmcd at samba.org>
+ * BUG 8166: Don't lockout users when offline.
+
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 8140: talloc: Fix Valgrind false positives and other backports.
+ * BUG 8141: Fix wrong permissions on lp_ncalrpc_dir().
+
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 8155: Fix registering only named pipes on EPM for a service.
+
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 8159: Fix memory corruption in fetching cli->server_domain from the
+ server.
+ * BUG 8185: "security=server" does not obey guest login field.
+ * BUG 8189: Support shadow copy display over SMB2.
+ * BUG 8199: Fix potential crash in smbd handling smb2.
+
+
+o Samuel Thibault <sthibault at debian.org>
+ * BUG 7998: Fix build on Hurd.
+
+
Changes since 3.6.0pre3
-----------------------
diff --git a/docs-xml/manpages-3/idmap_ad.8.xml b/docs-xml/manpages-3/idmap_ad.8.xml
index e628f0c..fbadaf2 100644
--- a/docs-xml/manpages-3/idmap_ad.8.xml
+++ b/docs-xml/manpages-3/idmap_ad.8.xml
@@ -85,9 +85,8 @@
<programlisting>
[global]
- idmap backend = tdb
- idmap uid = 1000000-1999999
- idmap gid = 1000000-1999999
+ idmap config * : backend = tdb
+ idmap config * : range = 1000000-1999999
idmap config CORP : backend = ad
idmap config CORP : range = 1000-999999
diff --git a/docs-xml/manpages-3/idmap_adex.8.xml b/docs-xml/manpages-3/idmap_adex.8.xml
index 7349caa..16d12cd 100644
--- a/docs-xml/manpages-3/idmap_adex.8.xml
+++ b/docs-xml/manpages-3/idmap_adex.8.xml
@@ -66,9 +66,8 @@
<programlisting>
[global]
- idmap backend = adex
- idmap uid = 1000-4000000000
- idmap gid = 1000-4000000000
+ idmap config * : backend = adex
+ idmap config * : range = 1000-4000000000
winbind nss info = adex
winbind normalize names = yes
diff --git a/docs-xml/manpages-3/idmap_autorid.8.xml b/docs-xml/manpages-3/idmap_autorid.8.xml
index 38790ea..3a56555 100644
--- a/docs-xml/manpages-3/idmap_autorid.8.xml
+++ b/docs-xml/manpages-3/idmap_autorid.8.xml
@@ -88,9 +88,8 @@
workgroup = CUSTOMER
realm = CUSTOMER.COM
- idmap backend = autorid
- idmap uid = 1000000-1999999
- idmap gid = 1000000-1999999
+ idmap config * : backend = autorid
+ idmap config * : range = 1000000-1999999
</programlisting>
@@ -98,7 +97,7 @@
This example shows how to configure idmap_autorid as default
for all domains with a potentially large amount of users
plus a specific configuration for a trusted domain
- that uses the SFU mapping scheme. Please note that idmap uid/gid
+ that uses the SFU mapping scheme. Please note that idmap
ranges and sfu ranges are not allowed to overlap.
</para>
@@ -108,10 +107,9 @@
workgroup = CUSTOMER
realm = CUSTOMER.COM
- idmap backend = autorid
+ idmap config * : backend = autorid
+ idmap config * : range = 1000000-19999999
autorid:rangesize = 1000000
- idmap uid = 1000000-19999999
- idmap gid = 1000000-19999999
idmap config TRUSTED : backend = ad
idmap config TRUSTED : range = 50000 - 99999
diff --git a/docs-xml/manpages-3/idmap_hash.8.xml b/docs-xml/manpages-3/idmap_hash.8.xml
index 2bbae71..f3ec6a7 100644
--- a/docs-xml/manpages-3/idmap_hash.8.xml
+++ b/docs-xml/manpages-3/idmap_hash.8.xml
@@ -52,9 +52,8 @@
<programlisting>
[global]
- idmap backend = hash
- idmap uid = 1000-4000000000
- idmap gid = 1000-4000000000
+ idmap config * : backend = hash
+ idmap config * : range = 1000-4000000000
winbind nss info = hash
winbind normalize names = yes
diff --git a/docs-xml/manpages-3/idmap_ldap.8.xml b/docs-xml/manpages-3/idmap_ldap.8.xml
index e3588b9..e68f278 100644
--- a/docs-xml/manpages-3/idmap_ldap.8.xml
+++ b/docs-xml/manpages-3/idmap_ldap.8.xml
@@ -27,26 +27,9 @@
<para>
In contrast to read only backends like idmap_rid, it is an allocating
backend: This means that it needs to allocate new user and group IDs in
- order to create new mappings. The allocator can be provided by the
- idmap_ldap backend itself or by any other allocating backend like
- idmap_tdb or idmap_tdb2. This is configured with the
- parameter <parameter>idmap alloc backend</parameter>.
+ order to create new mappings.
</para>
- <para>
- Note that in order for this (or any other allocating) backend to
- function at all, the default backend needs to be writeable.
- The ranges used for uid and gid allocation are the default ranges
- configured by "idmap uid" and "idmap gid".
- </para>
-
- <para>
- Furthermore, since there is only one global allocating backend
- responsible for all domains using writeable idmap backends,
- any explicitly configured domain with idmap backend ldap
- should have the same range as the default range, since it needs
- to use the global uid / gid allocator. See the example below.
- </para>
</refsynopsisdiv>
<refsect1>
@@ -56,7 +39,7 @@
<varlistentry>
<term>ldap_base_dn = DN</term>
<listitem><para>
- Defines the directory base suffix to use when searching for
+ Defines the directory base suffix to use for
SID/uid/gid mapping entries. If not defined, idmap_ldap will default
to using the "ldap idmap suffix" option from smb.conf.
</para></listitem>
@@ -65,15 +48,21 @@
<varlistentry>
<term>ldap_user_dn = DN</term>
<listitem><para>
- Defines the user DN to be used for authentication. If absent an
- anonymous bind will be performed.
+ Defines the user DN to be used for authentication.
+ The secret for authenticating this user should be
+ stored with net idmap secret
+ (see <citerefentry><refentrytitle>net</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry>).
+ If absent, the ldap credentials from the ldap passdb configuration
+ are used, and if these are also absent, an anonymous
+ bind will be performed as last fallback.
</para></listitem>
</varlistentry>
<varlistentry>
<term>ldap_url = ldap://server/</term>
<listitem><para>
- Specifies the LDAP server to use when searching for existing
+ Specifies the LDAP server to use for
SID/uid/gid map entries. If not defined, idmap_ldap will
assume that ldap://localhost/ should be used.
</para></listitem>
@@ -84,64 +73,50 @@
<listitem><para>
Defines the available matching uid and gid range for which the
backend is authoritative.
- If the parameter is absent, Winbind fails over to use the
- "idmap uid" and "idmap gid" options
- from smb.conf.
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
- <title>IDMAP ALLOC OPTIONS</title>
-
- <variablelist>
- <varlistentry>
- <term>ldap_base_dn = DN</term>
- <listitem><para>
- Defines the directory base suffix under which new SID/uid/gid mapping
- entries should be stored. If not defined, idmap_ldap will default
- to using the "ldap idmap suffix" option from smb.conf.
- </para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term>ldap_user_dn = DN</term>
- <listitem><para>
- Defines the user DN to be used for authentication. If absent an
- anonymous bind will be performed.
- </para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term>ldap_url = ldap://server/</term>
- <listitem><para>
- Specifies the LDAP server to which modify/add/delete requests should
- be sent. If not defined, idmap_ldap will assume that ldap://localhost/
- should be used.
- </para></listitem>
- </varlistentry>
- </variablelist>
-</refsect1>
-
-<refsect1>
<title>EXAMPLES</title>
<para>
- The follow sets of a LDAP configuration which uses two LDAP
- directories, one for storing the ID mappings and one for retrieving
- new IDs.
+ The following example shows how an ldap directory is used as the
+ default idmap backend. It also configures the idmap range and base
+ directory suffix. The secret for the ldap_user_dn has to be set with
+ "net idmap secret '*' password".
</para>
<programlisting>
[global]
- idmap backend = ldap:ldap://localhost/
- idmap uid = 1000000-1999999
- idmap gid = 1000000-1999999
+ idmap config * : backend = ldap
+ idmap config * : range = 1000000-1999999
+ idmap config * : ldap_url = ldap://localhost/
+ idmap config * : ldap_base_dn = ou=idmap,dc=example,dc=com
+ idmap config * : ldap_user_dn = cn=idmap_admin,dc=example,dc=com
+ </programlisting>
+
+ <para>
+ This example shows how ldap can be used as a readonly backend while
+ tdb is the default backend used to store the mappings.
+ It adds an explicit configuration for some domain DOM1, that
+ uses the ldap idmap backend. Note that a range disjoint from the
+ default range is used.
+ </para>
- idmap alloc backend = ldap
- idmap alloc config : ldap_url = ldap://id-master/
- idmap alloc config : ldap_base_dn = ou=idmap,dc=example,dc=com
+ <programlisting>
+ [global]
+ # "backend = tdb" is redundant here since it is the default
+ idmap config * : backend = tdb
+ idmap config * : range = 1000000-1999999
+
+ idmap config DOM1 : backend = ldap
+ idmap config DOM1 : range = 2000000-2999999
+ idmap config DOM1 : read only = yes
+ idmap config DOM1 : ldap_url = ldap://server/
+ idmap config DOM1 : ldap_base_dn = ou=idmap,dc=dom1,dc=example,dc=com
+ idmap config DOM1 : ldap_user_dn = cn=idmap_admin,dc=dom1,dc=example,dc=com
</programlisting>
</refsect1>
diff --git a/docs-xml/manpages-3/idmap_nss.8.xml b/docs-xml/manpages-3/idmap_nss.8.xml
index a7fdca0..576eef6 100644
--- a/docs-xml/manpages-3/idmap_nss.8.xml
+++ b/docs-xml/manpages-3/idmap_nss.8.xml
@@ -38,9 +38,8 @@
<programlisting>
[global]
- idmap backend = tdb
- idmap uid = 1000000-1999999
- idmap gid = 1000000-1999999
+ idmap config * : backend = tdb
+ idmap config * : range = 1000000-1999999
idmap config SAMBA : backend = nss
idmap config SAMBA : range = 1000-999999
diff --git a/docs-xml/manpages-3/idmap_rid.8.xml b/docs-xml/manpages-3/idmap_rid.8.xml
index a2a1c58..a29e978 100644
--- a/docs-xml/manpages-3/idmap_rid.8.xml
+++ b/docs-xml/manpages-3/idmap_rid.8.xml
@@ -106,9 +106,8 @@
security = domain
workgroup = MAIN
- idmap backend = tdb
- idmap uid = 1000000-1999999
- idmap gid = 1000000-1999999
+ idmap config * : backend = tdb
+ idmap config * : range = 1000000-1999999
idmap config MAIN : backend = rid
idmap config MAIN : range = 10000 - 49999
diff --git a/docs-xml/manpages-3/idmap_tdb.8.xml b/docs-xml/manpages-3/idmap_tdb.8.xml
index 06a2967..c67d6cb 100644
--- a/docs-xml/manpages-3/idmap_tdb.8.xml
+++ b/docs-xml/manpages-3/idmap_tdb.8.xml
@@ -27,25 +27,7 @@
<para>
In contrast to read only backends like idmap_rid, it is an allocating
backend: This means that it needs to allocate new user and group IDs in
- order to create new mappings. The allocator can be provided by the
- idmap_tdb backend itself or by any other allocating backend like
- idmap_ldap or idmap_tdb2. This is configured with the
- parameter <parameter>idmap alloc backend</parameter>.
- </para>
-
- <para>
- Note that in order for this (or any other allocating) backend to
- function at all, the default backend needs to be writeable.
- The ranges used for uid and gid allocation are the default ranges
- configured by "idmap uid" and "idmap gid".
- </para>
-
- <para>
- Furthermore, since there is only one global allocating backend
- responsible for all domains using writeable idmap backends,
- any explicitly configured domain with idmap backend tdb
- should have the same range as the default range, since it needs
- to use the global uid / gid allocator. See the example below.
+ order to create new mappings.
</para>
</refsynopsisdiv>
@@ -58,9 +40,6 @@
<listitem><para>
Defines the available matching uid and gid range for which the
backend is authoritative.
- If the parameter is absent, Winbind fails over to use
- the "idmap uid" and "idmap gid" options
- from smb.conf.
</para></listitem>
</varlistentry>
</variablelist>
@@ -71,38 +50,14 @@
<para>
This example shows how tdb is used as a the default idmap backend.
- It configures the idmap range through the global options for all
- domains encountered. This same range is used for uid/gid allocation.
- </para>
-
- <programlisting>
- [global]
- # "idmap backend = tdb" is redundant here since it is the default
- idmap backend = tdb
- idmap uid = 1000000-2000000
- idmap gid = 1000000-2000000
- </programlisting>
-
- <para>
- This (rather theoretical) example shows how tdb can be used as the
- allocating backend while ldap is the default backend used to store
- the mappings.
- It adds an explicit configuration for some domain DOM1, that
- uses the tdb idmap backend. Note that the same range as the
- default uid/gid range is used, since the allocator has to serve
- both the default backend and the explicitly configured domain DOM1.
+ This configured range is used for uid and gid allocation.
</para>
<programlisting>
[global]
- idmap backend = ldap
- idmap uid = 1000000-2000000
- idmap gid = 1000000-2000000
- # use a different uid/gid allocator:
- idmap alloc backend = tdb
-
- idmap config DOM1 : backend = tdb
- idmap config DOM1 : range = 1000000-2000000
+ # "backend = tdb" is redundant here since it is the default
+ idmap config * : backend = tdb
+ idmap config * : range = 1000000-2000000
</programlisting>
</refsect1>
diff --git a/docs-xml/manpages-3/idmap_tdb2.8.xml b/docs-xml/manpages-3/idmap_tdb2.8.xml
index a5d1080..980ffe6 100644
--- a/docs-xml/manpages-3/idmap_tdb2.8.xml
+++ b/docs-xml/manpages-3/idmap_tdb2.8.xml
@@ -28,25 +28,7 @@
<para>
In contrast to read only backends like idmap_rid, it is an allocating
backend: This means that it needs to allocate new user and group IDs in
- order to create new mappings. The allocator can be provided by the
- idmap_tdb2 backend itself or by any other allocating backend like
- idmap_tdb or idmap_ldap. This is configured with the
- parameter <parameter>idmap alloc backend</parameter>.
- </para>
-
- <para>
- Note that in order for this (or any other allocating) backend to
- function at all, the default backend needs to be writeable.
- The ranges used for uid and gid allocation are the default ranges
- configured by "idmap uid" and "idmap gid".
- </para>
-
--
Samba Shared Repository
More information about the samba-cvs
mailing list