[SCM] Samba Shared Repository - branch v4-0-stable updated
Andrew Bartlett
abartlet at samba.org
Mon Aug 27 18:20:51 MDT 2012
The branch, v4-0-stable has been updated
via c41894c VERSION: Mark as the beta7 release
via 3460340 WHATSNEW: prepare for 4.0 beta7
via 24f3147 selftest: Fix comment in blackbox_s3upgrade.sh
via 444c9ff s4-classicupgrade: Do the setting of the sysvol ACLs last, after idmap is configured
via 5aa9a6c s3-passdb: Allow reload of the static passdb from python
via f873d42 auth/credentials: Rework credentials handling to try and find the most recent machine pw
via 1a8fd71 selftest: Add test of smbclient --machine-pass against and using both s3 and s4
via e66fa2c auth/credentials: Expand secrets.tdb fetch of secrets to preserve workstation and realm
via 43904cb s4-dsdb: Remove double-free in update_keytab module
via 8c20539 s4-dsdb: Add secrets_tdb_sync - an ldb module to keep secrets.tdb in sync
via f2d9be5 s3-secrets: Use talloc_stackframe() in secrets_init_path()
via 5adf8c8 s3-secrets: Handle all valid ROLE_ values in get_default_sec_channel()
via 708ce41 s3-secrets: Add helper function to set machine account password from secrets_tdb_sync
via 62373b8 lib/krb5_wrap: Move enctype conversion functions into a simple helper file
via d5b9972 s4-classicupgrade: Read WINS DB before the provision
via 85f1c4f s4-classicupgrade: Do all the queries of data before the provision()
via 738f4ac s4-classicupgrade: Use s3param.get_context() instead of result.lp
via 1ed6070 lib/krb5_wrap: Move kerberos_enctype_to_bitmap() into krb5_wrap
via 0f7aa3d lib/krb5_wrap: Bring list of all enc types into krb5_wrap
via 8613539 s4-libnet: Ensure termination of enctype array in libnet_export_keytab()
via 098c5ec examples: Remove security=share and security=server from example smb.conf
via e17bf6a s3-param: Avoid assert on use of talloc_tos() without stackframe
via f118eae s4-torture: Test for #9058
via b05d28e s4:winbind: let wb_update_rodc_dns_send/recv use netlogon_queue (bug #9097)
via 6460129 s4:winbind: let wb_sam_logon_send/recv() use the netlogon_queue (bug #9097)
via 19daec6 s4:winbind: add a netlogon_queue (tevent_queue)
via d4aa897 s4:winbind: convert wb_update_rodc_dns_send/recv to tevent_req
via 0ccdaa9 s4:winbind: convert wb_sam_logon_send/recv to tevent_req
via d3756d8 s4:winbind: convert wb_sid2domain to tevent_req internally
via 89a5a71 s4:librpc/rpc: don't do async requests if gensec doesn't support async replies (bug #9097)
via 0bd0ad9 s4:librpc/rpc: also call dcerpc_schedule_io_trigger() after bind and alter_context responses
via e44b5bd s4:librpc/rpc: use dcerpc_req_dequeue() in dcerpc_request_recv_data()
via 81bc57d s4:librpc/rpc: use talloc_zero for 'struct rpc_request'
via 28350ae libcli/smb: split out a smb_transport private library
via 5eec19b libcli/smb: wscript_build => wscript
via aca444c Remove useless bool "upper_case_domain" parameter from ntv2_owf_gen().
via cbdf6c5 Remove useless bool "upper_case_domain" parameter.
via 43870fb Move uppercasing the domain out of smb_pwd_check_ntlmv2()
via ced27e1 s3:lib: make sure we don't try to send messages to server_id's marked as disconnected
via 1f7eac9 s3:lib: remove unused processes_exist()
via 9529301 s3:lib: readd the CTDB_CONTROL_CHECK_SRVIDS optimization to serverids_exist()
via 18c6757 s3:lib: only loop over the server_ids we need to verify in serverids_exist()
via 6c3c25b s3:lib: use server_id_is_disconnected() in serverids_exist()
via dc7d0f6 s3:lib: inline processes_exist() into serverids_exist()
via 84b5a5c s3:lib: SERVERID_UNIQUE_ID_NOT_TO_VERIFY only means not to verify the 'unique_id' part
via 95f3662 lib/util: don't SMB_ASSERT() in process_exists_by_pid()
via 0b5e354 s3:lib: implement process_exists() as wrapper of serverid_exists()
via 774c284 s3:g_lock: use serverid_exists() with SERVERID_UNIQUE_ID_NOT_TO_VERIFY
via 99b134a s3:lib: implement serverid_exists() as wrapper of serverids_exist()
via 6145329 s3:lib: remove CTDB_CONTROL_CHECK_SRVIDS optimization in serverids_exist() for now
via f83521a lib/param: fix usage of 'write list = +Group'
via cbecd15 s3: fix compile warning on openindiana
via b4252f8 crypto/aes_ccm_128: fix compile warning on openindiana
via cbcfd85 s3/registry: fix compile warning on openindiana
via e14bf39 s4-selftest: Always set vfs objects in selftest smb.conf
via 123ee7f s4-selftest: Add test for samba-tool ntacl sysvolcheck
via ebcdc4a s4-samba-tool: Add samba-tool ntacl sysvolcheck command
via 0aed291 s3-smbd: Add security_info_wanted argument to get_nt_acl_no_snum
via e058dfb s3-pysmbd: Fix return type of smbd.get_nt_acl
via e8e24a2 s3-smbd: Add talloc_stackframe() to get_nt_acl_no_snum()
via 7cf50b9 s4-selftest: Add testing of samba-tool ntacl sysvolreset
via 8c71dc3 param: Add startup checks for valid server role/binary combinations
via 332efe1 s3-pysmbd: Fix error message
via 7e7ed72 s4-provision: Fix internal documentation
via 51e3547 s3-pysmbd: Allow a mode to be specified for the simple ACL
via 8f90919 s4-samba-tool: Add 'samba-tool ntacl sysvolreset' tool
via 56fd072 selftest: Add a test of the NT ACL -> posix ACL mapping layer to selftest
via 4fe344e selftest: Cope with the multiple possible representations of -1 in posixacl.py
via bd00c92 selftest: Extend posixacl test to check the actual ACL
via 318b8cb selftest: Add a test of the NT ACL -> posix ACL mapping layer
via b1825c6 s4-scripting: Redefine getntacl() as accessing via the smbd VFS or directly
via a778662 s4-provision: set POSIX ACLs to for use with the smbd file server (s3fs)
via 8518dd6 file_server: Move default VFS module settings to loadparm.c
via be9a8cf s4-dsdb: Remove unused variables
via d1eac79 s4-dsdb: Do not use a possibly-old loadparm context in schema reload
via a58ac39 s4-upgradeprovision: Use ntvfs in reference provision
via ccac50c selftest: Set --use-ntvfs for rodc, vampire_dc, promoted_vampire_dc and subdom_dc
via c1012c6 selftest: Specify --use-ntvfs when testing the group code
via b2ff365 selftest: Specify --use-ntvfs when testing the newuser code
via 2fc6760 selftest: Specify --use-ntvfs when testing the LDAP backend init code
via 8c7f4f0 selftest: Specify --use-ntvfs for the chdcpass environment
via 069db9b s3:smb2_break: encrypt OPLOCK BREAK notifications
via 54dfd08 s3:smb2_server: use smbXsrv_session->nonce_*
via 6f9610e smbXsrv.idl: add nonce_* to smbsrv_session
via 6c7ffa9 s3:smb2_server: remove dump_data() from smbd_smb2_request_pending_timer()
via 27bc6cf Extending space for fqdn in wbinfo --trusted-domains in verbose mode
via 63ea428 Remove align_string(). No longer used.
via 7eee494 Fix bug in SMB_FIND_INFO_STANDARD parsing found by Volker.
via 1219eaf s4-python: Complete python bindings for idmap.idl
via 125e93c s3-pysmbd: Correct the python type for smb_acl_t
via 10267f1 s4-python: complete python bindigns for smb_acls.idl
via 450fcd7 s3-vfs: Remove extra calls to SMB_VFS_HANDLE_GET_DATA
via 2b40446 selftest: Pass --use-ntvfs to provison in renamedc test
via 9170f9c selftest: Specify --use-ntvfs to provision in test scripts
via 97b1379 s4-classicupgrade: Add --use-ntvfs option
via b5c2747 s4-provision: pass use_ntvfs from C wrappers and set to true in tests/vampire
via c4b9c3a s4:samldb LDB module - remove unused "member" attribute from search filter
via 32cd618 LDB:ldb_tdb.c - deny multi-valued attributes manipulation with doublets
via cb63b34 LDB:ldbsearch - add search filter tests
via 6a8c697 LDB:ldbsearch - search filters do not only contain "="
via c8bfb8e s4:dsdb - always fail if a search filter could not be parsed
via 536c082 LDB:ldif_handlers.c - LDB_OP_GREATER/LDB_OP_LESS are thought as ">=" or "<="
via 5f8006c s4:dsdb_sort_objectClass_attr - simplify memory context handling
via 166a7d3 s4:dsdb_sort_objectClass_attr - use "data_blob_string_const" for setting values
via db075b0 libcli: fix value of NT_STATUS_FILE_NOT_AVAILABLE
via c84e6ae Fix bug #9098 - winbind does not refresh kerberos tickets.
via ebb776f selftest: Add tests for vfs_aio_fork
via e79ed4f s3-vfs: Make vfs_aio_fork erratic timing behaviour a run-time option
via a817959 build: Create bin/ when doing 'waf dist' from a fresh checkout
via dc063bf s3-pysmbd: Add get/set functions for the posix ACL layer
via 4df2c65 s3-pysmbd: Correct comments in python VFS bindings
via 02e25b2 s3-passdb: Allow pdb_sid_to_id to work on any SID
via d963aaf s3-pysmbd: Add hook for a VFS chown()
via 4d5471f build: Remove special case for the build farm
via 7cd4eb0 build: Remove accidentily added line in samba_version.py
via 21e67bd Fix bug #9104 - winbindd can mis-identify idle clients - can cause crashes and NDR parsing errors.
via 84d6e09 s4-torture: Use torture_fail() in the unix.unix_info2 test
via 74a4c40 selftest: Use new fake_acls module
via c75b615 s4-torture: Show that we cannot list extended attributes on streams
via f9837d1 s4-torture: Show that we cannot have extended attributes on streams
via bf1e27b s4-torture: Improve raw.streams test to cover EAs and to use torture_assert()
via 3787dcf doc-BUILD_SYSTEMS.txt: The grand rename is complete
via 0e44163 WHATSNEW: Remove over-caution on s3fs and explain browsing better
via 921b927 build: Do not put a .distversion file into the GIT tree
via 7a59c3d s3-build: Enable vfs_fake_acls when in developer mode or on the build farm
via ae4195d s3-vfs: Add lstat and lchown hooks to the vfs_fake_acls module
via cbe758c s3-vfs: Correct the implementation of fake_acls_sys_acl_delete_def_file()
via 6c0bef1 s3-vfs: Use the system. namespace for fake ACLs
via 0f2d288 s3-smbd: ensure we give appropriate errors for EA requests on streams
via 6ce084f s3-smbd: Do not look for EA information on a stream
via f9f8a8c s3-smbd: Push smb_fname into estimate_ea_size
via 3ef0e22 s4-ntvfs: Add TODO on ea_size
via 0769d67 s4-ntvfs: Ensure we do not attempt to write EAs on streams
via 9699c33 s3-vfs: Allow vfs_xattr_tdb to work without a connected share
via 4f4bb1f s4:torture:basic: add more delete test - variants of deltest16 and deltest17
via c35bdb3 s3: add a debug message for failed execv in sys_popen()
via 471a853 lib/util: add server_id_set_disconnected() and server_id_is_disconnected()
via 3cdf441 lib/util: let server_id_str() skip the task_id if 0 in the cluster case too
via 6457fb5 s3:lib: implement interpret_pid() as wrapper of server_id_from_string()
via d4a0aeb lib/util: add server_id_from_string()
via 6a58c5f s3:lib: implement serverid_equal() as macro of server_id_equal()
via 8149623 lib/util: add server_id_equal()
via f46c4df s3:vfs_tsmsm only send notifications when file was offline before
via dda4c5d s3: Adapt the tsmsm module to the new aio routines
via d1e1f82 s3-vfs: Fix calls of lp_parm_talloc_string
via 3755a41 s3: Remove the gpfs_hsm_notify module
via 2c3a58d s3: Merge vfs_gpfs_hsm_notify into vfs_gpfs.c
via 2e1ab13 s4-dsdb: Use tmp_ctx in kccsrv_check_deleted to avoid leaking memory onto part->dn
via 26bfe70 s4-kcc: Avoid use-after-free of dn and add tmp_ctx
via 1b487ad s3:selftest: add some tests against a share the requires encryption
via 45471f4 s3:smb2_negprot: annouce/negotiate SMB3 encryption support
via 9397d67 s3:smb2_server: add SMB3 encryption support
via 9f1dfd8 s3:smbd: don't disconnect the client when a share has "smb encrypt = required"
via e5d4e8d s3:smbd: lp_smb_encrypt() returns SMB_SIGNING_* values
via 8b3da9a s3:smbd: make use of ENCRYPTION_REQUIRED()
via abf018e libcli/smb: make sure the SMB2_TRANSFORM pdu is complete
via e2b07c0 s4:libcli/smb2: reset trsnport->compound.related when a compound chain is finished
via 6ce362a build: Ensure -Werror=format works with -Wformat=2 on NULL format strings
via a7b8e9f5 s4-dsdb: Ensure we always free tmp_ctx in schema refresh check
via 21c8fa25 Fix bug #9085 - NMB registration for a duplicate workstation fails with registration refuse
via 6b7a9910 s3-torture: Allow vfstest to set ACLs on a directory
via 5251d07 s4: Fix returns in py_check_dcerpc_type
via 16edb6e s3:smb2_server: try to sign an error response if we have a signing key
via 19ca98a s3:smb2_server: verify the signature before the session_status
via f4432fe s3:smb2_server: add some const to print_req_vectors()
via 8dbfa93 s4:cldap_server: only return DS_SERVER_*TIMESERV if "ntp_signd" is used
via 4c5019d s4:cldap_server: set DS_SERVER_SELECT_SECRET_DOMAIN_6 if we're a RODC
via f3b69da s3-libsmb: Add a simple test for python bindings
via fbebd75 s3-libsmb: Add a python wrapper
via d7d8646 tevent: change version to 0.9.17 after adding the "poll_mt" backend
via d7af2c8 tevent: Add threaded poll_mt testcase
via fa71f32 lib/tevent: Add a thread-safe tevent backend
via d860aa2 tevent_poll: Decouple poll_ev->fds handling from adding/removing fds
via cbe2510 s3-g_lock: Make g_lock_lock more robust
via b83cd05 s3-msg: For msg_channel, correct the talloc hierarchy
via 8e50ff0 s3-msg: Rename msg_channel_init_destructor
via c2b29de s3-autoconf: Fix deps for dbwrap_torture
via 494003f s3-g_lock: Properly free "rec" on retry to avoid deadlock
via 7c56d80 s3:brlock: give traverse_fn a proper name
via 6e39011 s3:vfs_gpfs: make sure parameters are set correctly for leases
via a8b5830 s3:vfs_gpfs: Fix compile error in gpfs module
via 56fc7bc libcli/smb: support broken OS/2 error responses bug #9096
via df8e9c1 s3-selftest: Add a seperate test for ACL tests using vfstest
via 05885a8 s3-torture: Add ACL commands to vfstest
via 345b980 s3-torture: Use talloc more in vfstest
via 43255a1 s3-torture: Initialise fsp fully in vfstest open
via 1157db2 s3-smbd: Do not check no_acl_syscall_error(errno) after sys_acl_init()
via 802d67c selftest: Extend xattr-tdb-1 vfstest to call stat
via 820d179 s3-vfs: Continue to make vfs_xattr_tdb non-recursive
via 843e19e s3-vfs: Add new VFS module to fake setting an ACL
via 2129495 librpc/idl: Fix acl array definition in smb_acl_t
via 97e7c3b s3-selftest: convert xattr-tdb-1 vfstest driver into a subunit test
via 748d8f5 s3-selftest: convert stream_depot vfstest driver into a subunit test
via 08baa11 fix printf warning in net connections
via 31980cf s3:utils: remove standalone cclean tool
via 37ed821 s3:doc manpage for "net connections cleanup"
via 1c2bae0 s3:net add command "connections cleanup"
via 65976d6 s3-vfs: Set errno in xattr emulation
via cc3bdaa s3-vfs: Avoid loops in VFS modules: call _NEXT functions in xattr emulation
via 898c5e1 s3-vfs: ensure we strictly free the talloc_stackframe
via f9b9433 s4-selftest: Fix test name for samba.tests.dcerpc.bare
via fd42bc1 librpc/idl: Make smb_acl_t public so we can pull/push it as a blob
via d2d5fb1 libcli/smb: verify decrypted SMB2 pdus correctly
via 7a7e9b1 libcli/smb: fix parsing of compounded messages within a SMB2_TRANSFORM pdu
via 84f6b0f libcli/smb: fix smb2cli_req_compound_submit for multiple encrypted messages
via b596a11 s3:smb2_server: do calculations based on SMBD_SMB2_NUM_IOV_PER_REQ in smbd_smb2_request_validate()
via 7ffee47 libcli/smb: all flags except SMB2_HDR_FLAG_ASYNC should be cleared in a cancel request.
via 24b1143 s3-sysacls: Remove sys_acl_free_qualifier() as it is a no-op
via 6ccfd05 s3-sysacls: Remove sys_acl_free_acl() and replace with TALLOC_FREE()
via e25830d s3-smbd: Remove sys_acl_*() VFS wrapper functions
via a63a2a7 s3-smbd: Remove unused conn argument from convert_permset_to_mode_t()
via 3d031f2 s3-smbd: Call sys_acl_set_permset() directly rather than via the VFS
via 9f16fcf s3-smbd: Call sys_acl_set_qualifier() directly rather than via the VFS
via 21e0b91 s3-smbd: Call sys_acl_set_tag_type() directly rather than via the VFS
via 50d147b s3-smbd: Call sys_acl_create_entry() directly rather than via the VFS
via db54479 s3-smbd: Call sys_acl_add_perm() directly rather than via the VFS
via 631a356 s3-smbd: Call sys_acl_clear_perms() directly rather than via the VFS
via d78c7c3 s3-smbd: Call sys_acl_init() directly rather than via the VFS
via 8b3227e s3-smbd: Call sys_acl_free_acl() directly rather than via the VFS
via 6a46fbb s3-smbd: Call sys_acl_free_qualifier() directly rather than via the VFS
via e019b93 s3-smbd: Call sys_acl_get_entry() directly rather than via the VFS
via d8fb9e7 s3-smbd: Call sys_acl_free_qualifier() directly rather than via the VFS
via 6a2f142 s3-smbd: Call sys_acl_get_qualifier() directly rather than via the VFS
via d83276c s3-smbd: Call sys_acl_get_tagtype() directly rather than via the VFS
via 3b40932 s3-smbd: Call sys_acl_get_permset() directly rather than via the VFS
via 7dff34f s3-smbd: Call sys_acl_get_perm() directly rather than via the VFS
via 0705391 s3-smbd: Move smb_acl_t declaration to smb_acl.idl
via d5a8e58 pidl: Add mode_t as an alias so we can marshall posix ACL structures
via dcfb6aa s3-smbd: Change allocation of smb_acl_t to talloc()
via 47082ad libwbclient: Add test for wbcPingDc2
via 4c8616f wbinfo: Improve output of wbinfo --ping-dc
via bdb1f23 libwbclient: Add wbcPingDc2
via bd23c8f s3-winbind: Return the DC name from DC_PING
via 7baa709 s3-winbind: Pass ping-dc result to client
via 807fb16 selftest: Add knownfail for samba3.winbind.wbclient.wbcPingDc2
via 4ee602c s4:dsdb/repl: fix the usage of 'GC/' prefixed principal names
via 4e5e302 s4:samba-tool/drs: print the dns name of the server belonging to a connection
via a74ca56 s4:ntp_signd: fix SEGV if SID cannot be found
via ff5d177 s3-passdb: Silence scary DEBUG(0) message on first use of secrets.tdb databases
via 108c8b7 s4-dsdb: Use samdb_dn_is_our_ntdsa()
via d582e1b s4-dsdb: Add samdb_dn_is_our_ntdsa()
via 773d036 s4-dsdb: Use samdb_reference_dn_is_our_ntdsa()
via 7213199 s4-repl: Use samdb_reference_dn_is_our_ntdsa()
via 1e127b2 s4-dsdb: Add helper function samdb_reference_dn_is_our_ntdsa()
via 3c8d8f2 s4-dsdb: Use ldb_dn_copy() rather than talloc_reference()
via 0668f98 s4-libnet: Prepare libnet_BecomeDC for samdb_reference_dn() returning an extended DN
via fd0394d s4-libnet: Improve debugging of libnet_BecomeDC LDAP errors
via c47d73f s4:dsdb/repl: ldb_errstring() takes a 'struct ldb_context' not 'int'
via 0b926a2 s4:dsdb/repl: make sure instanceType_e is not changed by a reallocation
via d81d6af s4:dsdb/repl: avoid reallocation of msg->elements
via 9566786 s4-dsdb: Add mem_ctx argument to samdb_ntds_settings_dn
via 0f2a87b s4-dsdb: Improve memory handling in dsdb_schema_from_ldb_results() by adding a tmp_ctx
via 1f74773 s4-dsdb: Improve memory handling in kccsrv_add_connection()
via 77990c1 s4-dsdb: Improve memory handling in kccsrv_find_connections() by adding a tmp_ctx
via f74e7b5 s4-dsdb: Add const
via 9db35c9 VERSION: Move on to beta6!
via b5281eb VERSION: Mark as the beta6 release
via 03a20ae WHATSNEW: prepare for 4.0 beta6
via fe29535 s3-vfs: Put vfs_aixacl_util.c helper functions into a header file
via f11a1a4 s4:kdc/wdc-samba4.c - fix user logins on specific workstations
via a57c5eb s4-classicupgrade: Tests if sam policies exist before trying to import them.
via 34c4664 s3-selftest: Add smbclient tarmode test
via 1428500 s3-selftest: Fix copy/paste error in test usage string
via 4e4c306 Fix smbclient/tarmode panic on connecting to Windows 2000 clients.
via aaeb3f5 Ensure we update last_access on the winbindd child struct on each request.
via f7403d8 s3: skip loading vfs modules for printer connections
via 4631723 s4-dsdb: Take more care in handling of global schema memory
via 329e374 s4-dsdb: Remove support for per-partition sequence numbers
via 2d21a9b s4-dsdb: Use only the replication USN for schema reload.
via f36e28d s3-nfs4acls: Remove lookup_sid and sidmap from NFSv4 ACL mapping and check gid first
via c991ac0 s3-smbd: Merge ACE entries based on mapped UID/GID not SID
via d3188a0 s3-smbd: Convert posix_acls.c to use struct unixid internally
via 1c3c5e2 s3-smbd: Create a shortcut for building the token of a user by SID for posix_acls
via d7515b6 torture: Reproducer for 64c0367
via 1f50b6c tdb/test: fix build on OSF/1
via 8defcb8 Revert "s3:smbd: include smbXsrv.h before smbd/proto.h to have the smbXsrv_ structs available"
via 0e76bbc Revert "s3:smbd: Include smbXsrv.h before vfs.h (in smbd.h) so that the smbXsrv structures are available"
via 2cbfdd4 Revert "s3:smb: include "smbXsrv.h" before "vfs.h""
via 205185e s3:smbXsrv.idl: remove smbXsrv_*0 defines
via 2b41f37 s3:param: fix compiler warnings with FN_GLOBAL_CONST_STRING()
via 13f8674 build: rename security → samba-security
via 51a7154 nsswitch: add ABI checking and symbol versions to libwbclient
via fdd07e8 s4-dsdb: Explain better what records are written during schema set
via 1d1bdc3 lib/ldb: Use tdb_parse_record and a callback rather than tdb_fetch()
via a5495bc Remove smb_panic() from unix_strlower(). Just rely on error code return.
via b70f23c Correctly check for errors in strlower_m() returns.
via ce21d08 Fix strlower_m() to return an error indication.
via c13887d Check error returns on strnorm().
via 526e875 Check error returns from strupper_m() (in all reasonable places).
via e1ec86a Fix missing ads_destroy in error path.
via 9fcc6f2 Change strupper_m() to return a value.
via af3e529 Fix bad return in unix_strupper.
via b6eb3a6 Prepare to remove smb_panic() from unix_strlower().
via 8605b35 Fix bad return values in unix_strlower/unix_strupper.
via f64c970 s4:torture:basic: check the return status of the last open in deltest16
via 2352227 s4:torture:basic: fix a message typo in the delete17 test
via 6cc5a54 s4:torture:basic: fix abundance of spaces in deltest6
via fac4a0d s4:torture:basic:delete: fix 4 vs 8 spc tab formatting in check_delete_on_close()
via 5236028 s3:torture:delete: add a 12th subtest to the delete-on-close tests
via db160bf s3:torture:delete: fix 11th test to work against windows
via 2e53fb1 s3:torture:delete: simplify return code handling, fixing a couple of return codes in error cases
via 49a2c68 s3:torture:delete: reduce indentation
via 54e5810 s3:torture:delete: add a comment
via c228b7a s3:torture:delete: add a comment
via 7a7b86d s3:torture:delete: add a comment
via 5b1afa6 s3:torture:delete: move the success message for a subtest to the correct place
via 2f7a371 s3:torture:delete: remove an else, reducing indentation
via 3668a4c s3:torture:delete: remove an else, reducing indentation
via 777c7a9 s3:torture:delete: remove an else, reducing indentation
via c36deaf s3:torture:delete: remove an else, reducing indentation
via e833141 s3:torture:delete: really fail the test in a failure case
via 9058288 s3:torture:delete: fix a comment
via bf492d1 s3:torture:delete: fix a message
via ff5e6e3 s3:torture:delete: fix a message
via 4aac6d0 s3:torture:delete: fix a message
via 595845c s3:torture:delete: fix a message (counting the opens)
via 2aded6a s3:torture:delete: untangle function call from result check
via ef36847 s3:torture:delete: untangle function call from result check
via 4e75b0c s3:torture:delete: untangle function call from result check
via ccb2583 s3:torture:delete: untanlge function call from result check
via 8a92ae2 s3:torture:delete: untangle function call from result check
via 02b0925 s3:torture:delete: untangle function call from result check
via 5138eb5 s3:torture:delete: untangle function call from result check
via 5bc7c77 s3:torture:delete: untangle function call from result check
via b5e9378 s3:torture:delete: untangle function call from result check
via 361429d s3:torture:delete: untangle function call from result check
via 8684506 s3:torture:delete: untangle function call from result check
via 1db70c0 s3:torture:delete: untangle function call from result check
via a70a4ad s3:torture:delete: untangle function call from result check
via 11d60d1 s4-ldb_wrap: Do not vasprintf() the ldb debug messages that will not be shown
via 73f0cb5 lib/ldb: Do not vasprintf() the tevent debug messages that will not be shown
via 7e562cf s4-events: Do not vasprintf() the tevent debug messages that will not be shown
via 434bed7 s3-events: Do not vasprintf() the tevent debug messages that will not be shown
via 299fc75 lib/ldb: Use tdb_exists() rather than tdb_fetch()/talloc_free()
via d799b25 s4-dsdb: Remove strcasecmp() fallback in replmd_ldb_message_element_attid_sort
via 8dd09ef s4-dsdb: Do not reload partition metadata except on transaction start
via 0d7b17f s3:smb2_sesssetup: setup global->[en|de]cryption_key
via 0cb11ef s3:smb2_read: don't try sendfile if encryption is used
via a0cf42b s3:smb2_server: add smbd_smb2_request->do_encryption
via 95e4270 s3:smb2_tcon: set global->encryption_required and enforce it
via 64dce26 s3:smb2_sesssetup: set global->encryption_required and enforce it
via 8734887 s3:smbXsrv.idl: add encryption_required to smbXsrv_tcon_global0
via b5a72f4 s3:smb2_server: check the session before we could response with an error.
via f15d9a6 s3:smb2_server: do central file_id check if the operation requires it
via a117fd6 s4-dsdb: Ensure we have indexing enabled during the provision
via ef87b4e s4-pydsdb: Provide control of if we should write index attributes when reloading a schema
via 1a1f01e s4-dsdb: Change talloc parent
via 1727556 s4-dsdb: Remove ldb_sequence_type argument from partition_primary_sequence_number
via 6ec963e s4-dsdb: simplify migration of old-style seqence numbers to metadata.tdb
via 6a648b7 s4-dsdb: Reduce calls to the ldb layer by reloading less often
via 47c5900 s3:nmbd: log a failure in get_domain_master_name_node_status_success() as level 1
via a3ccdaf s3:nmbd: don't log get_domain_master_name_node_status_fail at level 0
via 1c76e99 s3:smb2_server: s/i/idx in smbd_smb2_request_pending_queue()
via 83d2620 s3:smb2_server: make use of SMBD_SMB2_OUT_HDR_PTR() in smbd_smb2_request_pending_queue()
via 0067de2 s3:smb2_server: remove useless variable 'i'
via 63d92a1 s3:smb2_server: rewrite dup_smb2_vec3() using SMBD_SMB2_*_IOV_OFS and helper variables
via fc8e3bd s3:smb2_server: make use of SMBD_SMB2_* macros in smbd_smb2_request_done_ex()
via 97b5aaa s3:smb2_server: make use of SMBD_SMB2_* macros in smbd_smb2_request_verify_sizes()
via 05ae95a s3:smb2_server: use the common buffer layout for smbd_smb2_request_pending*
via 644eab3 s3:smb2_read: use SMBD_SMB2_NUM_IOV_PER_REQ when checking for sendfile() support
via 2b9dd90 s3:smb2_read: fix indentation in schedule_smb2_sendfile_read()
via 9f51d61 s3:smb2_server: don't try to update req->in.vector[0] in smbd_smb2_request_pending_queue()
via 51dd39b selftest: Rename samba4.blackbox.pdbtest to samba.blackbox.pdbtest
via b7b4879 s3-torture: Extend pdbtest to also run an authentication unit-test
via de2d813 build: Remove pdbtest from the autoconf build
via 528d3fe libcli/smb: do not set SMB2_TF_MSG_SIZE in the caller
via 143fb84 libcli/smb: smb2_signing_[en|de]crypt_pdu() check and set SMB2_TF_MSG_SIZE
via 6bfdca4 s3:smb2_sesssetup: remove unused code in smbd_smb2_reauth_generic_return()
via 5f7d786 s3:smb2_sesssetup: remove TALLOC_FREE(session) from smbd_smb2_[re]auth_generic_return
via c9ecfd6 s3:smb2_server: sign the last request at the start of smbd_smb2_request_reply()
via 64c0367 s3: Fix a crash in reply_lockingX_error
via c2dee12 vfs_dirsort: Remove unnecessary return; statement
via 375ba1b vfs_afsacl.c: Remove some unnecessary return; statements
via ebc92d0 vfs_full_audit: Remove some unnecessary return; statements
via dab8fe5 vfs_time_audit: Remove unnecessary return; statement
via 3f9b2cc vfs_time_audit: Remove some unnecessary return; statements
via 9adf6a0 vfs-mediaharmony: Remove some unnecessary return; statements
via da4057f vfs_media_harmony: fix return of void
via c301691 s3:smb2_server: fix SMB2 signing of compound responses
via 40f771e s3:smb2_server: there's no need to copy req->out.vector when we just keep the last request
via 8d63efe s3:smb2_server: use memmove instead of copying single vector elements
via 9b8973d s3:smb2_server: make use of SMBD_SMB2_OUT_HDR_PTR() smbd_smb2_request_pending_queue()
via bfc87a4 s3:smb2_server: check for compound based on SMBD_SMB2_NUM_IOV_PER_REQ
via 5730272 s3:smb2_server: make use of SMBD_SMB2_OUT_*_IOV smbd_smb2_request_reply()
via 727b1d1 s3:smb2_server: check for compound based on SMBD_SMB2_NUM_IOV_PER_REQ
via 2da6217 s3:smb2_server: make use of SMBD_SMB2_*_IOV_OFS
via d609bb9 s3:smb2_server: make use of helper macros in smb2_calculate_credits()
via efaea8e s3:smb2_server: make use of helper macros in smbd_smb2_request_validate()
via 4e6e1ec s3:smb2_server: make use of SMBD_SMB2_NUM_IOV_PER_REQ
via 337604a s3:smb2_server: add some more SMBD_SMB2_* defines/macros
via d825adf s3-param: Remove never-reached condition for popts == NULL
via 31d1fde s3-param: Remove never-reached condition for opt_list == NULL
via d65bded source3/loadparm.c: Move string_set/string_free inside.
via 3bb65aa source3/smbd/conn.c: wean off string_set/string_free
via a14c02d source3/loadparm: make struct loadparm_service a talloc object.
via 592e3f4 loadparm: Add ctx member to struct loadparm_global.
via 9b7b736 media_harmony VFS module: Add and build by default.
via e7bf8e7 s3:smb2_server: do one central as_root check if the operation requires it
via eec941e s3:smb2_server: do one central tcon check if the operation requires it
via 59b9dfa s3:smb2_server: do one central session check if the operation requires it
via aba6df9 s3:smb2_server: add and use smbd_smb2_call()
via e013332 s3:smb2_server: add .as_root to smbd_smb2_dispatch_table
via f69ed57 s3:smb2_server: add .need_tcon to smbd_smb2_dispatch_table
via 46f7a60 s3:smb2_server: add .need_session to smbd_smb2_dispatch_table
via 357110c s3:smb2_server: introduce a smbd_smb2_dispatch_table (for now just with names)
via 5ac4d3d s3:smb2_server: move 'conn' to main block of smbd_smb2_request_dispatch()
via 83a746d libcli/util: add NT_STATUS_FILE_NOT_AVAILABLE
via 1453358 libcli/smb: use forward declaration instead of includes
via 33705f4 s4-scripting: Remove unused variables from ntacl tests
via 4aca56c s4-smbd: Check for failure of irpc_add_name
via f06c216 s3-pysmbd: Try opening as a file, then as a directory
via e571d5c s3-pysmbd: Use talloc_zero()
via e658421 s3-passdb: Simplify idmap wrapper in pdb_samba4
via 227d490 s3-pysmbd: Add talloc_stackframe() to smbd_set_simple_acl wrapper
via 721096b s3:smb2_server: make use of smbd_smb2_inbuf_parse_compound() in smbd_smb2_request_read*()
via fbd663c s3:smb2_server: make use of smbd_smb2_inbuf_parse_compound() in smbd_smb2_request_create()
via 9e9d784 s3:smb2_server: remove const from smbd_smb2_first_negprot()
via c1b3454 s3:smb2_server: add smbd_smb2_inbuf_parse_compound()
via b20fb15 s4:libcli/smb2/write correct error checking
via 4e91ccf smbXcli: add some includes to fix compiler warnings
via 0dfc330 lib/socket_wrapper: writev returns ssize_t, not int
via 18c152f lib/param: move enum dns_update_settings to lib/param
via efe28b1 s4:libcli/pyerrors: add PyErr_NTSTATUS_NOT_OK_RAISE()
via a370792 s4:libcli/pyerrors: s/PyErr_WERROR_IS_ERR_RAISE/PyErr_WERROR_NOT_OK_RAISE/
via 4e0fb8b Revert "ldb: Add parameter to avoid NULL format string flagged by -Werror=format"
via 33c79c8 build: Make -Werror=format check only run where NULL is still accepted
via 0514a84 Rework recursive waf build to be a selftest-enabled not a developer build
via dd8c0e5 build: Remove duplicate declaration of --enable-selftest
via 49b2720 lib/param: Also enable vlp when --enable-selftest is specified
via 1c7bd2b s3:smbd: remove unused variable in sesssetup.c
via 4384b1e s3:smb2_server: make use of SMBD_SMB2_* macros
via 47c67f2 s3:smb2_ioctl: make use of SMBD_SMB2_* macros
via e281b9f s3:smb2_lock: make use of SMBD_SMB2_* macros
via e67d07f s3:smb2_setinfo: make use of SMBD_SMB2_* macros
via 9c58a0a s3:smb2_getinfo: make use of SMBD_SMB2_* macros
via e9a21e5 s3:smb2_negprot: make use of SMBD_SMB2_* macros
via f28b2ac s3:smb2_write: make use of SMBD_SMB2_* macros
via f08e478 s3:smb2_tcon: make use of SMBD_SMB2_* macros
via 6e9a65d s3:smb2_create: make use of SMBD_SMB2_* macros
via 926379a s3:smb2_find: make use of SMBD_SMB2_* macros
via 559742f s3:smb2_sesssetup: make use of SMBD_SMB2_* macros
via 048c8d3 s3:smb2_glue: make use of SMBD_SMB2_IN_HDR_PTR()
via 8cf817d s3:smb2_read: make use of SMBD_SMB2_IN_BODY_PTR()
via 121dbd6 s3:smb2_notify: make use of SMBD_SMB2_IN_*_PTR()
via 88a3402 s3:smb2_flush: make use of SMBD_SMB2_IN_BODY_PTR()
via 52805c4 s3:smb2_close: make use of SMBD_SMB2_IN_BODY_PTR()
via 21742c3 s3:smb2_break: make use of SMBD_SMB2_IN_BODY_PTR()
via 7ee54cd s3:smbd: add helper macros to access smb2req->{in,out}.vector[]
via 7327310 s3:smb2_server: use 'i' instead of '1' as vector index in smbd_smb2_request_pending_timer()
via 1a0c40f s3:smb2_lock: remove unused in_smbpid
via 96fa47f s3:smb2_write: remove unused in_smbpid
via 056070f s3:smb2_read: remove unused in_smbpid
via 86ee590 s4:domain join: setup RODC invocationId
via 41cffa3 doc: Remove build/ from doxygen config or it will not work in brew.
via 401860c s3:smbd: add support for SMB_EXTENDED_SIGNATURES in SMBtconX
via ff75fd9 s3:smbd: setup the application session key with the first tcon on a session
via 3a0db4d s3:rpc_server/wkssvc: make usage of session_extract_session_key()
via 396f317 s3:rpc_server/netlogon: make usage of session_extract_session_key()
via 49d0432 s3:smbd: setup session->global->signing_/application_key during SPNEGO SMB1 session setups
via 2265e46 s3:smbd: setup session->global->signing_/application_key during old SMB1 session setups
via 3d63e4d s3:smbd: keep the "application session key" during SMB1 reauth
via ba864b8 s4:torture: add support for SMB_EXTENDED_SIGNATURES during SMBtconX
via 67767de s4:libcli: add support for SMB_EXTENDED_SIGNATURES during SMBtconX
via c32120b s3:libsmb: add EXTENDED_SIGNATURE support in cli_tcon_andx*()
via 97be49c libcli/smb: add smb1cli_session_protect_session_key()
via dbefd7d libcli/smb: add smb_key_derivation() for TREE_CONNECT_ANDX_EXTENDED_SIGNATURES support
via b1a0fda libcli/smb: pass hdr/len to smb_signing_check/sign_pdu() and skip the nbt header
via b1c5efb s3:smbd: skip nbt header in srv_check_sign_mac()
via d88a6c1 libcli/smb: change smb_signing to skip the NBT_HEADER_SIZE internally
via e8f4868 auth/ntlmssp: avoid talloc_tos() in ntlmssp_client_initial()
via 764f2f9 s3-ctdb: return proper exit code
via 0a45e9c s3-ctdb: adjust a loglevel
via 6cfe6e9 s3-ctdb: Fix ctdb_serverids_exist for target nodes that died
via 6d83e35 s3-ctdb: Add debugs to ctdb_serverids_exist
via cff3ad4 lib/dbwrap: rewrite lock order check to ease debugging
via d12831d docs-xml: fix pid directory example
via 5beb345 docs-xml: fix dfree cache time example
via 8dafdb5 s4:dsdb:replicated_objects: do not move 'instanceType' to the end of msg->elements on RODC replication
via d642831 s4: samba_spnupdate: fix "if we are DNS server" check
via 8dde55c build: fix typo
via 1e5098d s3-pysmbd: Add hook for get_nt_acl()
via 64f494d s3-pysmbd: fix DEBUG
via e5686a4 s3-pysmbd: Add my copyright
via 55a0d66 s3-pysmbd: Add set_nt_acl() function based on parts of vfstest
via b041d29 s3-pypassdb: Fix wrapper for pdb_domain_info to return correct dns_{domain,forest}
via e956253 s4:torture: send the TCONX_FLAG_EXTENDED_RESPONSE flag
via 95b64f0 s4:libcli: send the TCONX_FLAG_EXTENDED_RESPONSE flag
via 02dcf05 heimdal: fixed -Werror=format error in com_err
via b93e6ef s3:smbd: add a optional_support helper variable to reply_tcon_and_X()
via 3fb6549 s3:smbd: make use of TCONX_FLAG_DISCONNECT_TID define
via 3682eb8 s3:libsmb: add a optional_support helper variable
via 137d65b s3:libsmb: add a tcon_flags helper variable
via d3aaa1e libcli/smb: move some TCON related defines to smb_constants.h
via 8e1c6d4 s3:rpc_client: rename pipe_auth_data->user_session_key to transport_session_key
via 0ec50e8 s3:libsmb: remove unused cli_state->user_session_key
via 0068a9f s3:utils/net_rpc*: make use of cli_get_session_key()
via 616206a s3:libnet_join: make use of cli_get_session_key() in libnet_join_joindomain_rpc()
via 8b42f52 s3:rpc_client: make use of smbXcli_session_application_key()
via 00cde56 s4:libcli/raw: remove unused smbcli_session->user_session_key
via 7977d90 s4:librpc/dcerpc_smb2: sync smb2_session_key() with smb_session_key()
via 286e249 s4:librpc/dcerpc_smb: make use of smbXcli_session_application_key()
via 2f4f214 libcli/smb: remove unused smb2cli_session_application_key()
via 803fb40 s4:librpc/dcerpc_smb2: make use of smbXcli_session_application_key()
via 5f25567 libcli/smb: add smbXcli_session_application_key()
via ac1452c s4:libcli/smb_composite: make use of smb1cli_session_set_session_key()
via 1a9a910 s4:libcli/smb_composite: always use set_user_session_key() helper
via c9eac1a s3:libsmb: make use of smb1cli_session_set_session_key()
via 7af537e libcli/smb: allow resetting of the smb1 application_key
via 68c1eec libcli/smb: let smb1cli_session_set_id() reset the application_key
via c3cb672 libcli/smb: add smb1cli_session_set_session_key()
via 9b9ef92 s3:ctdbd_conn: use unitX_t types consistently throughout the module
via d4bce35 Add two flags to allow for handling of Extended Signatures (Session Key Protection) on a TCON_AND_X request and response.
via 610ac2d Make it possible to build under Solaris make as well as FreeBSD and Linux. Also add comments on changes that might be needed
via 23df816 VERSION: Move on to beta6!
from 50d6483 VERSION: Mark as the beta5 release
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
BUILD_SYSTEMS.txt | 9 +-
VERSION | 2 +-
WHATSNEW.txt | 115 +-
auth/credentials/credentials_secrets.c | 104 +-
auth/credentials/wscript_build | 2 +-
auth/ntlmssp/ntlmssp_client.c | 2 +-
auth/wscript_build | 2 +-
buildtools/wafsamba/samba_autoconf.py | 21 +-
buildtools/wafsamba/symbols.py | 2 +-
docs-xml/manpages-3/net.8.xml | 39 +
docs-xml/manpages-3/vfs_full_audit.8.xml | 17 -
docs-xml/manpages-3/vfs_media_harmony.8.xml | 142 ++
docs-xml/smbdotconf/misc/dfreecachetime.xml | 2 +-
docs-xml/smbdotconf/misc/piddirectory.xml | 2 +-
dynconfig/wscript | 2 +-
examples/VFS/Makefile.in | 21 +-
examples/VFS/skel_opaque.c | 119 -
examples/VFS/skel_transparent.c | 102 -
.../vfs/media_harmony/trigger_avid_update.py | 103 +
examples/smb.conf.default | 2 +-
file_server/file_server.c | 13 +-
lib/crypto/aes_ccm_128.c | 2 +-
lib/dbwrap/dbwrap.c | 85 +-
lib/dbwrap/dbwrap.h | 1 +
lib/krb5_wrap/enctype_convert.c | 104 +
lib/krb5_wrap/krb5_samba.h | 8 +
lib/krb5_wrap/wscript_build | 2 +-
lib/ldb-samba/ldb_wrap.c | 12 +-
lib/ldb-samba/ldif_handlers.c | 4 +-
lib/ldb-samba/wscript_build | 2 +-
lib/ldb/ABI/ldb-1.1.10.sigs | 259 +++
...yldb-util-1.1.2.sigs => pyldb-util-1.1.10.sigs} | 0
lib/ldb/common/ldb.c | 9 +-
lib/ldb/common/ldb_debug.c | 16 +-
lib/ldb/common/ldb_parse.c | 2 +-
lib/ldb/include/ldb_module.h | 1 +
lib/ldb/ldb_map/ldb_map.c | 2 +-
lib/ldb/ldb_tdb/ldb_search.c | 68 +-
lib/ldb/ldb_tdb/ldb_tdb.c | 19 +-
lib/ldb/tests/test-generic.sh | 2 +
lib/ldb/tools/ldbsearch.c | 2 +-
lib/ldb/wscript | 2 +-
lib/nss_wrapper/config.m4 | 2 +-
lib/param/loadparm.c | 11 +-
lib/param/loadparm.h | 5 +-
lib/param/param_table.c | 2 +-
lib/socket_wrapper/config.m4 | 2 +-
lib/socket_wrapper/socket_wrapper.c | 2 +-
lib/socket_wrapper/socket_wrapper.h | 2 +-
lib/talloc/doxy.config | 5 +-
lib/tdb/doxy.config | 5 +-
lib/tdb/test/lock-tracking.c | 30 +-
.../ABI/{tevent-0.9.16.sigs => tevent-0.9.17.sigs} | 0
lib/tevent/doxy.config | 5 +-
lib/tevent/testsuite.c | 145 ++
lib/tevent/tevent.c | 1 +
lib/tevent/tevent_internal.h | 1 +
lib/tevent/tevent_poll.c | 364 +++-
lib/tevent/wscript | 2 +-
lib/uid_wrapper/config.m4 | 2 +-
lib/util/samba_util.h | 15 +
lib/util/server_id.c | 99 +-
lib/util/util.c | 4 +-
libcli/auth/ntlm_check.c | 41 +-
libcli/auth/proto.h | 1 -
libcli/auth/smbencrypt.c | 11 +-
libcli/security/wscript_build | 4 +-
libcli/smb/smb2_signing.c | 22 +-
libcli/smb/smbXcli_base.c | 443 +++-
libcli/smb/smbXcli_base.h | 11 +-
libcli/smb/smb_constants.h | 13 +
libcli/smb/smb_signing.c | 93 +-
libcli/smb/smb_signing.h | 8 +-
libcli/smb/wscript | 45 +
libcli/smb/wscript_build | 32 -
libcli/util/nterr.c | 1 +
libcli/util/ntstatus.h | 1 +
libgpo/gpext/gpext.c | 4 +-
librpc/idl/smb_acl.idl | 63 +
librpc/idl/wscript_build | 2 +-
librpc/wscript_build | 17 +-
nsswitch/libwbclient/ABI/wbclient-0.10.sigs | 76 +
nsswitch/libwbclient/ABI/wbclient-0.9.sigs | 75 +
nsswitch/libwbclient/tests/wbclient.c | 14 +
nsswitch/libwbclient/wbc_pam.c | 21 +
nsswitch/libwbclient/wbclient.h | 18 +-
nsswitch/libwbclient/wscript | 5 +-
nsswitch/wbinfo.c | 12 +-
packaging/RHEL-CTDB/configure.rpm | 2 +-
packaging/RHEL-CTDB/samba.spec.tmpl | 4 +-
pidl/lib/Parse/Pidl/Typelist.pm | 1 +
script/mkparamdefs.pl | 4 +-
selftest/knownfail | 21 +-
selftest/target/Samba3.pm | 14 +-
selftest/target/Samba4.pm | 55 +-
selftest/wscript | 4 +
source3/Makefile-smbtorture4 | 2 +-
source3/Makefile.in | 46 +-
source3/auth/auth_builtin.c | 8 +-
source3/auth/auth_util.c | 4 +-
source3/auth/pampass.c | 4 +-
source3/auth/pass_check.c | 8 +-
source3/auth/proto.h | 1 +
source3/auth/token_util.c | 189 ++-
source3/auth/user_util.c | 4 +-
source3/client/client.c | 9 +-
source3/client/clitar.c | 29 +-
source3/configure.in | 14 +-
source3/include/client.h | 4 -
source3/include/ctdbd_conn.h | 18 +-
source3/include/proto.h | 11 +-
source3/include/secrets.h | 6 +
source3/include/serverid.h | 2 -
source3/include/smb.h | 13 -
source3/include/smb_acls.h | 39 +-
source3/include/smb_macros.h | 2 +-
source3/include/vfs.h | 59 +-
source3/include/vfs_macros.h | 85 -
source3/lib/afs.c | 4 +-
source3/lib/charcnv.c | 16 +-
source3/lib/ctdbd_conn.c | 98 +-
source3/lib/events.c | 10 +-
source3/lib/g_lock.c | 36 +-
source3/lib/messages.c | 4 +
source3/lib/msg_channel.c | 8 +-
source3/lib/serverid.c | 235 ++-
source3/lib/string_init.c | 77 -
source3/lib/substitute.c | 15 +-
source3/lib/sysacls.c | 28 +-
source3/lib/system.c | 7 +-
source3/lib/username.c | 16 +-
source3/lib/util.c | 127 +-
source3/lib/util_names.c | 3 +-
source3/lib/util_str.c | 52 +-
source3/libads/ads_struct.c | 6 +-
source3/libads/kerberos.c | 6 +-
source3/libads/kerberos_keytab.c | 5 +-
source3/libads/ldap.c | 33 +-
source3/libads/sasl.c | 27 +-
source3/libnet/libnet_join.c | 41 +-
source3/librpc/crypto/gse_krb5.c | 5 +-
source3/librpc/idl/smbXsrv.idl | 87 +-
source3/librpc/idl/wbint.idl | 1 +
source3/librpc/rpc/dcerpc.h | 2 +-
source3/libsmb/cliconnect.c | 62 +-
source3/libsmb/clientgen.c | 2 -
source3/libsmb/clilist.c | 4 +-
source3/libsmb/clirap.c | 8 +-
source3/libsmb/clirap2.c | 8 +-
source3/libsmb/namequery_dc.c | 6 +-
source3/libsmb/nmblib.c | 6 +-
source3/libsmb/pylibsmb.c | 671 ++++++
source3/locking/brlock.c | 4 +-
source3/m4/check_path.m4 | 8 +
source3/modules/gpfs.c | 1 +
source3/modules/nfs4_acls.c | 128 +-
source3/modules/vfs_afsacl.c | 9 +-
source3/modules/vfs_aio_fork.c | 53 +-
source3/modules/vfs_aixacl.c | 4 +-
source3/modules/vfs_aixacl2.c | 2 +-
source3/modules/vfs_aixacl_util.c | 29 +-
source3/modules/vfs_aixacl_util.h | 22 +
source3/modules/vfs_default.c | 102 -
source3/modules/vfs_dirsort.c | 2 -
source3/modules/vfs_fake_acls.c | 467 ++++
source3/modules/vfs_full_audit.c | 311 ---
source3/modules/vfs_gpfs.c | 219 ++-
source3/modules/vfs_gpfs_hsm_notify.c | 110 -
source3/modules/vfs_hpuxacl.c | 11 +-
source3/modules/vfs_media_harmony.c | 2438 ++++++++++++++++++++
source3/modules/vfs_posix_eadb.c | 9 +-
source3/modules/vfs_posixacl.c | 15 +-
source3/modules/vfs_prealloc.c | 4 +-
source3/modules/vfs_shadow_copy2.c | 2 -
source3/modules/vfs_solarisacl.c | 11 +-
source3/modules/vfs_streams_depot.c | 5 +-
source3/modules/vfs_streams_xattr.c | 4 +-
source3/modules/vfs_time_audit.c | 364 ---
source3/modules/vfs_tru64acl.c | 21 +-
source3/modules/vfs_tsmsm.c | 147 ++-
source3/modules/vfs_xattr_tdb.c | 198 ++-
source3/modules/wscript_build | 17 +-
source3/nmbd/nmbd.c | 10 +
source3/nmbd/nmbd_browserdb.c | 10 +-
source3/nmbd/nmbd_browsesync.c | 9 +-
source3/nmbd/nmbd_elections.c | 5 +-
source3/nmbd/nmbd_incomingdgrams.c | 5 +-
source3/nmbd/nmbd_incomingrequests.c | 5 +-
source3/nmbd/nmbd_namelistdb.c | 21 +-
source3/nmbd/nmbd_sendannounce.c | 10 +-
source3/nmbd/nmbd_serverlistdb.c | 6 +-
source3/nmbd/nmbd_winsserver.c | 4 +-
source3/param/loadparm.c | 96 +-
source3/param/service.c | 4 +-
source3/passdb/lookup_sid.c | 37 +-
source3/passdb/machine_account_secrets.c | 112 +-
source3/passdb/pdb_interface.c | 18 +-
source3/passdb/pdb_ipa.c | 4 +-
source3/passdb/pdb_ldap.c | 14 +-
source3/passdb/pdb_samba4.c | 59 +-
source3/passdb/pdb_tdb.c | 28 +-
source3/passdb/py_passdb.c | 22 +-
source3/passdb/secrets.c | 9 +-
source3/printing/lpq_parse.c | 4 +-
source3/printing/nt_printing_tdb.c | 4 +-
source3/registry/reg_backend_db.c | 4 +-
source3/registry/reg_parse_internal.c | 2 +-
source3/registry/reg_util_internal.c | 5 +-
source3/rpc_client/cli_pipe.c | 23 +-
source3/rpc_server/dfs/srv_dfs_nt.c | 4 +-
source3/rpc_server/dssetup/srv_dssetup_nt.c | 4 +-
source3/rpc_server/eventlog/srv_eventlog_nt.c | 2 +-
source3/rpc_server/netlogon/srv_netlog_nt.c | 10 +-
source3/rpc_server/wkssvc/srv_wkssvc_nt.c | 26 +-
source3/script/tests/stream-depot/run.sh | 37 +-
source3/script/tests/stream-depot/smb.conf | 5 -
source3/script/tests/test_smbclient_auth.sh | 2 +-
.../script/tests/test_smbclient_machine_auth.sh | 21 +
source3/script/tests/test_smbclient_tarmode.sh | 181 ++
source3/script/tests/vfstest-acl/run.sh | 52 +
source3/script/tests/vfstest-acl/vfstest.cmd | 15 +
source3/script/tests/xattr-tdb-1/run.sh | 55 +-
source3/script/tests/xattr-tdb-1/smb.conf | 5 -
source3/script/tests/xattr-tdb-1/vfstest.cmd | 1 +
source3/selftest/tests.py | 26 +-
source3/smbd/blocking.c | 15 +-
source3/smbd/conn.c | 10 +-
source3/smbd/filename.c | 15 +-
source3/smbd/globals.h | 94 +-
source3/smbd/lanman.c | 14 +-
source3/smbd/mangle_hash.c | 5 +-
source3/smbd/mangle_hash2.c | 2 +-
source3/smbd/negprot.c | 2 +-
source3/smbd/posix_acls.c | 331 ++--
source3/smbd/process.c | 10 +-
source3/smbd/proto.h | 2 +-
source3/smbd/pysmbd.c | 376 +++-
source3/smbd/reply.c | 107 +-
source3/smbd/server.c | 7 +
source3/smbd/service.c | 20 +-
source3/smbd/sesssetup.c | 106 +-
source3/smbd/signing.c | 24 +-
source3/smbd/smb2_break.c | 33 +-
source3/smbd/smb2_close.c | 3 +-
source3/smbd/smb2_create.c | 9 +-
source3/smbd/smb2_find.c | 9 +-
source3/smbd/smb2_flush.c | 3 +-
source3/smbd/smb2_getinfo.c | 9 +-
source3/smbd/smb2_glue.c | 5 +-
source3/smbd/smb2_ioctl.c | 14 +-
source3/smbd/smb2_lock.c | 25 +-
source3/smbd/smb2_negprot.c | 15 +-
source3/smbd/smb2_notify.c | 6 +-
source3/smbd/smb2_read.c | 28 +-
source3/smbd/smb2_server.c | 1867 +++++++++-------
source3/smbd/smb2_sesssetup.c | 93 +-
source3/smbd/smb2_setinfo.c | 9 +-
source3/smbd/smb2_tcon.c | 51 +-
source3/smbd/smb2_write.c | 17 +-
source3/smbd/smbd.h | 1 -
source3/smbd/trans2.c | 198 +-
source3/smbd/vfs.c | 135 +-
source3/torture/cmd_vfs.c | 390 +++-
source3/torture/masktest.c | 4 +-
source3/torture/pdbtest.c | 117 +-
source3/torture/torture.c | 265 ++-
source3/torture/vfstest.c | 35 +-
source3/utils/cclean.c | 305 ---
source3/utils/net.c | 7 +
source3/utils/net_ads.c | 20 +-
source3/utils/net_connections.c | 273 +++
source3/utils/net_idmap.c | 6 +-
source3/utils/net_proto.h | 4 +
source3/utils/net_registry_check.c | 10 +-
source3/utils/net_rpc.c | 49 +-
source3/utils/net_rpc_join.c | 21 +-
source3/utils/net_rpc_trust.c | 24 +-
source3/utils/net_usershare.c | 8 +-
source3/utils/ntlm_auth.c | 4 +-
source3/utils/pdbedit.c | 11 +-
source3/utils/smbcontrol.c | 2 +-
source3/utils/smbpasswd.c | 6 +-
source3/winbindd/idmap_ldap.c | 7 +-
source3/winbindd/wb_fill_pwent.c | 5 +-
source3/winbindd/winbindd.c | 10 +-
source3/winbindd/winbindd_ads.c | 10 +-
source3/winbindd/winbindd_cache.c | 22 +-
source3/winbindd/winbindd_cm.c | 5 +-
source3/winbindd/winbindd_cred_cache.c | 29 +
source3/winbindd/winbindd_dual_srv.c | 5 +
source3/winbindd/winbindd_pam.c | 21 +-
source3/winbindd/winbindd_ping_dc.c | 19 +-
source3/winbindd/winbindd_proto.h | 1 +
source3/winbindd/winbindd_util.c | 11 +-
source3/wscript | 13 +-
source3/wscript_build | 33 +-
source4/auth/kerberos/srv_keytab.c | 45 -
source4/auth/ntlm/wscript_build | 2 +-
source4/auth/wscript_build | 2 +-
source4/cldap_server/netlogon.c | 24 +-
source4/dns_server/dns_update.c | 2 +-
source4/dns_server/dns_update.h | 25 -
source4/dsdb/common/util.c | 129 +-
source4/dsdb/kcc/kcc_connection.c | 28 +-
source4/dsdb/kcc/kcc_deleted.c | 17 +-
source4/dsdb/kcc/kcc_periodic.c | 13 +-
source4/dsdb/kcc/kcc_topology.c | 2 +-
source4/dsdb/pydsdb.c | 19 +-
source4/dsdb/repl/drepl_fsmo.c | 36 +-
source4/dsdb/repl/drepl_partitions.c | 29 +-
source4/dsdb/repl/drepl_ridalloc.c | 13 +-
source4/dsdb/repl/replicated_objects.c | 124 +-
source4/dsdb/samdb/ldb_modules/objectclass.c | 31 +-
source4/dsdb/samdb/ldb_modules/partition.c | 162 +-
source4/dsdb/samdb/ldb_modules/partition_init.c | 8 +-
.../dsdb/samdb/ldb_modules/partition_metadata.c | 57 +-
source4/dsdb/samdb/ldb_modules/proxy.c | 3 +
source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 7 -
source4/dsdb/samdb/ldb_modules/ridalloc.c | 27 +-
source4/dsdb/samdb/ldb_modules/rootdse.c | 13 +-
source4/dsdb/samdb/ldb_modules/samba_secrets.c | 1 +
source4/dsdb/samdb/ldb_modules/samldb.c | 2 +-
source4/dsdb/samdb/ldb_modules/schema_load.c | 81 +-
source4/dsdb/samdb/ldb_modules/secrets_tdb_sync.c | 529 +++++
source4/dsdb/samdb/ldb_modules/update_keytab.c | 2 -
source4/dsdb/samdb/ldb_modules/util.c | 7 +-
source4/dsdb/samdb/ldb_modules/wscript_build | 2 +-
.../dsdb/samdb/ldb_modules/wscript_build_server | 25 +-
source4/dsdb/schema/schema.h | 7 +-
source4/dsdb/schema/schema_init.c | 44 +-
source4/dsdb/schema/schema_query.c | 35 +-
source4/dsdb/schema/schema_set.c | 23 +-
source4/heimdal/lib/com_err/error.c | 2 +-
source4/kdc/db-glue.c | 20 -
source4/kdc/wdc-samba4.c | 9 +-
source4/lib/events/tevent_s4.c | 10 +-
source4/lib/registry/pyregistry.c | 24 +-
source4/libcli/cliconnect.c | 8 +-
source4/libcli/ldap/ldap_ildap.c | 6 +-
source4/libcli/raw/libcliraw.h | 2 -
source4/libcli/raw/smb.h | 4 -
source4/libcli/smb2/transport.c | 1 +
source4/libcli/smb2/write.c | 2 +-
source4/libcli/smb_composite/connect.c | 11 +-
source4/libcli/smb_composite/sesssetup.c | 38 +-
source4/libcli/util/clilsa.c | 8 +-
source4/libcli/util/pyerrors.h | 8 +-
source4/libcli/wscript_build | 6 +-
source4/libnet/libnet_become_dc.c | 13 +
source4/libnet/libnet_export_keytab.c | 10 +-
source4/libnet/libnet_vampire.c | 2 +-
source4/librpc/rpc/dcerpc.c | 53 +-
source4/librpc/rpc/dcerpc_smb.c | 19 +-
source4/librpc/rpc/dcerpc_smb2.c | 4 +-
source4/librpc/rpc/pyrpc_util.c | 4 +-
source4/librpc/wscript_build | 12 +
source4/ntp_signd/ntp_signd.c | 6 +-
source4/ntvfs/posix/pvfs_fileinfo.c | 2 +-
source4/ntvfs/posix/pvfs_xattr.c | 6 +
source4/param/provision.c | 2 +
source4/param/provision.h | 1 +
source4/rpc_server/drsuapi/dcesrv_drsuapi.c | 2 +-
source4/rpc_server/drsuapi/getncchanges.c | 28 +-
source4/rpc_server/wscript_build | 4 +-
source4/scripting/bin/samba_spnupdate | 11 +-
source4/scripting/python/samba/join.py | 26 +
source4/scripting/python/samba/netcmd/domain.py | 6 +-
source4/scripting/python/samba/netcmd/drs.py | 5 +-
source4/scripting/python/samba/netcmd/ntacl.py | 108 +-
source4/scripting/python/samba/ntacls.py | 77 +-
.../scripting/python/samba/provision/__init__.py | 205 ++-
source4/scripting/python/samba/samdb.py | 8 +-
.../scripting/python/samba/tests/dcerpc/bare.py | 2 +-
.../python/samba/tests/libsmb_samba_internal.py | 78 +
source4/scripting/python/samba/tests/ntacls.py | 14 +-
source4/scripting/python/samba/tests/posixacl.py | 404 ++++
source4/scripting/python/samba/tests/provision.py | 2 +
.../python/samba/tests/samba_tool/ntacl.py | 70 +
.../python/samba/tests/upgradeprovision.py | 2 +-
.../python/samba/tests/upgradeprovisionneeddc.py | 2 +-
source4/scripting/python/samba/upgrade.py | 130 +-
source4/scripting/python/samba/upgradehelpers.py | 2 +-
source4/selftest/tests.py | 9 +-
source4/setup/tests/blackbox_group.sh | 2 +-
source4/setup/tests/blackbox_newuser.sh | 2 +-
source4/setup/tests/blackbox_provision-backend.sh | 10 +-
source4/setup/tests/blackbox_provision.sh | 18 +-
source4/setup/tests/blackbox_s3upgrade.sh | 8 +-
source4/setup/tests/blackbox_setpassword.sh | 2 +-
source4/setup/tests/blackbox_upgradeprovision.sh | 4 +-
source4/smbd/server.c | 16 +-
source4/torture/basic/delete.c | 641 +++++-
source4/torture/local/torture.c | 1 +
source4/torture/raw/context.c | 6 +-
source4/torture/raw/lock.c | 22 +-
source4/torture/raw/notify.c | 2 +-
source4/torture/raw/streams.c | 89 +-
source4/torture/rpc/samba3rpc.c | 9 +-
source4/torture/smb2/compound.c | 72 +
source4/torture/unix/unix_info2.c | 5 +-
source4/torture/util_smb.c | 10 +-
source4/utils/tests/test_smbclient.sh | 34 +
source4/winbind/wb_init_domain.c | 10 +
source4/winbind/wb_irpc.c | 48 +-
source4/winbind/wb_pam_auth.c | 21 +-
source4/winbind/wb_sam_logon.c | 220 ++-
source4/winbind/wb_server.h | 2 +
source4/winbind/wb_sid2domain.c | 248 ++-
source4/winbind/wb_update_rodc_dns.c | 206 ++-
testprogs/blackbox/renamedc.sh | 10 +-
wscript | 20 +-
411 files changed, 15439 insertions(+), 6018 deletions(-)
create mode 100644 docs-xml/manpages-3/vfs_media_harmony.8.xml
create mode 100755 examples/scripts/vfs/media_harmony/trigger_avid_update.py
create mode 100644 lib/krb5_wrap/enctype_convert.c
create mode 100644 lib/ldb/ABI/ldb-1.1.10.sigs
copy lib/ldb/ABI/{pyldb-util-1.1.2.sigs => pyldb-util-1.1.10.sigs} (100%)
copy lib/tevent/ABI/{tevent-0.9.16.sigs => tevent-0.9.17.sigs} (100%)
create mode 100755 libcli/smb/wscript
delete mode 100755 libcli/smb/wscript_build
create mode 100644 librpc/idl/smb_acl.idl
create mode 100644 nsswitch/libwbclient/ABI/wbclient-0.10.sigs
create mode 100644 nsswitch/libwbclient/ABI/wbclient-0.9.sigs
delete mode 100644 source3/lib/string_init.c
create mode 100644 source3/libsmb/pylibsmb.c
create mode 100644 source3/modules/vfs_aixacl_util.h
create mode 100644 source3/modules/vfs_fake_acls.c
delete mode 100644 source3/modules/vfs_gpfs_hsm_notify.c
create mode 100644 source3/modules/vfs_media_harmony.c
delete mode 100644 source3/script/tests/stream-depot/smb.conf
create mode 100755 source3/script/tests/test_smbclient_machine_auth.sh
create mode 100755 source3/script/tests/test_smbclient_tarmode.sh
create mode 100755 source3/script/tests/vfstest-acl/run.sh
create mode 100644 source3/script/tests/vfstest-acl/vfstest.cmd
delete mode 100644 source3/script/tests/xattr-tdb-1/smb.conf
delete mode 100644 source3/utils/cclean.c
create mode 100644 source3/utils/net_connections.c
delete mode 100644 source4/dns_server/dns_update.h
create mode 100644 source4/dsdb/samdb/ldb_modules/secrets_tdb_sync.c
create mode 100644 source4/scripting/python/samba/tests/libsmb_samba_internal.py
create mode 100644 source4/scripting/python/samba/tests/posixacl.py
create mode 100644 source4/scripting/python/samba/tests/samba_tool/ntacl.py
create mode 100755 source4/utils/tests/test_smbclient.sh
Changeset truncated at 500 lines:
diff --git a/BUILD_SYSTEMS.txt b/BUILD_SYSTEMS.txt
index 2aff56d..f8590f6 100644
--- a/BUILD_SYSTEMS.txt
+++ b/BUILD_SYSTEMS.txt
@@ -27,11 +27,10 @@ Kerberos library, provided the version is recent enough (otherwise we
will use our internal version of Heimdal). Please note that builds
with MIT krb5 support will not have AD DC features.
-By the time of the first release candidate, we will finish renaming
-the binaries that we ship so that where we provide a tool under a name
-that was used in Samba 3.x, it continues to behave in the same way it
-always has. This will ensure that our change in build system does not
-impact on our user's ability to use Samba as they always have.
+Where we provide a tool under a name that was used in Samba 3.x, it
+continues to behave in the same way it always has. This will ensure
+that our change in build system does not impact on our user's ability
+to use Samba as they always have.
For developers, this build system backs a comprehensive 'make test',
which provides code coverage of around 48% of our code by line:
diff --git a/VERSION b/VERSION
index a310c84..b9b3e8c 100644
--- a/VERSION
+++ b/VERSION
@@ -67,7 +67,7 @@ SAMBA_VERSION_ALPHA_RELEASE=
# e.g. SAMBA_VERSION_BETA_RELEASE=1 #
# -> "4.0.0beta1" #
########################################################
-SAMBA_VERSION_BETA_RELEASE=5
+SAMBA_VERSION_BETA_RELEASE=7
########################################################
# For 'pre' releases the version will be #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 1b08ff3..d9f2333 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,4 @@
-What's new in Samba 4.0 beta5
+What's new in Samba 4.0 beta7
=============================
Samba 4.0 will be the next version of the Samba suite and incorporates
@@ -11,25 +11,20 @@ and above.
WARNINGS
========
-Samba 4.0 beta5 is not a final Samba release, however we are now making
-good progress towards a Samba 4.0 release, of which this is a preview.
-Be aware the this release contains the best of all of Samba's
+Samba 4.0 beta7 is not a final Samba release, however we are now making
+good progress towards a Samba 4.0 release. However, this is expected to be the
+last beta release before we start on our release candidate series.
+
+This release contains the best of all of Samba's
technology parts, both a file server (that you can reasonably expect
to upgrade existing Samba 3.x releases to) and the AD domain
controller work previously known as 'samba4'.
Samba 4.0 is subjected to an awesome battery of tests on an automated
-basis, we have found Samba 4.0 to be very stable in it's behavior.
-However, we still recommend against upgrading production servers from
-Samba 3.x release to Samba 4.0 beta at this stage.
-
-In particular note that the new default configuration 's3fs' may have
-different stability characteristics compared with our previous default
-file server. We are making this release so that we can find and fix
-any of these issues that arise in the real world. New AD DC
-installations can provision or join with --use-ntvfs to obtain the
-previous default file server. See below how to continue using ntvfs
-in an existing installation.
+basis, we have found Samba 4.0 to be very stable in it's behaviour.
+However, as with all our pre-releases we still recommend against
+upgrading production servers from Samba 3.x release to Samba 4.0 beta
+at this stage.
If you are upgrading, or looking to develop, test or deploy Samba 4.0
beta releases, you should backup all configuration and data.
@@ -43,10 +38,16 @@ Samba 4.0 as an AD DC should use the 'samba-tool domain
classicupgrade' command. See the wiki for more details:
https://wiki.samba.org/index.php/Samba4/samba3upgrade/HOWTO
-Users upgrading from Samba 4.0 alpha and beta releases since alpha15
-should run 'samba-tool dbcheck --cross-ncs --fix'. Users upgrading
-from earlier alpha releases should contact the team for advice.
+Users upgrading from Samba 4.0 alpha and beta releases since alpha15
+should run 'samba-tool dbcheck --cross-ncs --fix' before re-starting
+Samba. Users upgrading from earlier alpha releases should contact the
+team for advice.
+Users upgrading an AD DC from any previous release should run
+'samba-tool ntacl sysvolreset' to re-sync ACLs on the sysvol share
+with those matching the GPOs in LDAP and the defaults from an initial
+provision. This will set an underlying POSIX ACL if required (eg not
+using the NTVFS file server).
NEW FEATURES
============
@@ -63,8 +64,7 @@ issue.
Samba 4.0 beta ships with two distinct file servers. We now use the
file server from the Samba 3.x series 'smbd' for all file serving by
-default. For pure file server work, the binaries users would expect
-from that series (nmbd, winbindd, smbpasswd) continue to be available.
+default.
Samba 4.0 also ships with the 'NTVFS' file server. This file server
is what was used in all previous alpha releases of Samba 4.0, and is
@@ -74,9 +74,11 @@ installations that have deployed it as part of an AD DC, but also as a
running example of the NT-FSA architecture we expect to move smbd to in
the longer term.
-As mentioned above, this change to the default file server may cause
-instability, as we learn about the real-world interactions between
-these two key components.
+For pure file server work, the binaries users would expect from that
+series (nmbd, winbindd, smbpasswd) continue to be available. When
+running an AD DC, you only need to run 'samba' (not
+nmbd/smbd/winbind), as the required services are co-ordinated by this
+master binary.
As DNS is an integral part of Active Directory, we also provide a DNS
solution, using the BIND DLZ mechanism in versions 9.8 and 9.9.
@@ -87,53 +89,45 @@ minimal internal DNS server from within the Samba process, for easier
complete (pending addition of secure DNS update support).
To provide accurate timestamps to Windows clients, we integrate with
-the NTP project to provide secured NTP replies.
+the NTP project to provide secured NTP replies. To use you need to
+start ntpd and configure it with the 'restrict ... ms-sntp' and
+ntpsigndsocket options.
Finally, a new scripting interface has been added to Samba 4, allowing
Python programs to interface to Samba's internals, and many tools and
internal workings of the DC code is now implemented in python.
-CHANGES SINCE beta4
+CHANGES SINCE beta6
=====================
-For a list of changes since beta4, please see the git log.
+For a list of changes since beta6, please see the git log.
$ git clone git://git.samba.org/samba.git
$ cd samba.git
-$ git log samba-4.0.0beta4..samba-4.0.0beta5
+$ git log samba-4.0.0beta6..samba-4.0.0beta7
Some major user-visible changes include:
-- The issue with beta4 being unable to build with a released version of
- ldb has been resolved.
-
-- The two parameter tables for our two smb.conf parsing engines have
- been merged. This removes the ugly (but harmless) "unknown
- parameter xxx" warnings, particularly from the smbd child process.
-
-- Major issues have been fixed in conflict and missing/deleted parent
- handling in or DRS replication engine.
-
-- Safety improvements to prevent corruption of read-write replicas
- by manual replication from a read-only replica.
+- ACLs are now set during provision at the POSIX layer for the sysvol
+ share. This allows group policies to be modified by Domain
+ Administrators (Policy Administrators) that are not the actual
+ Administrator user.
-- Improvements to dbcheck to correct incorrect instanceType values from
- the above and to relocate objects with missing parents.
+- A number of verified fixes for expanding memory use across the AD
+ domain controller, including in the Bind9 DLZ module.
-- smbd no longer places all accounts in the 'Domain Users' of the AD
- domain to which it is joined
+- A fix for bug #9097 (the winbind in the AD DC would lock up under
+ parallel requests).
-- AES support in NETLOGON Schannel
+- wbinfo --ping-dc now returns helpful information on what failed and
+ against which DC it failed
-- DCE/RPC timeout handling no longer crashes
+- SMB3 encryption support
-- "socket address" is now "nbt client socket address" as it only
- controls the binding of the NetBIOS client, not other protocols.
- See 'bind interfaces only = yes'. This parameter is also now depricated.
-
-- nmbd now always binds to it's broadcast sockets explicitly, rather
- than just relying on the socket address above.
+- New 'samba-tool ntacl' commands:
+ - samba-tool ntacl sysvolreset
+ - samba-tool ntacl sysvolcheck
Less visible, but important changes under the hood include:
@@ -144,17 +138,19 @@ Less visible, but important changes under the hood include:
- Patches to ensure that talloc_tos() and talloc_stackframe() are
always used correctly.
+- We can now test the implementation of NT -> POSIX ACL mapping in a
+ unit test with VFS bindings exposing both to python. We also store
+ the posix ACL in a tdb during make test, allowing testing of this
+ feature on all platforms, regardless of local FS settings.
+
+- Python bindings for the source3 async libsmb library (for use in testing)
+
KNOWN ISSUES
============
- This release makes the s3fs file server the default, as this is the
file server combination we will use for the Samba 4.0 release.
-- Modifying of group policies by members of the Domain Administrators
- group is not possible with the s3fs file server, only with the ntvfs
- file server. This is due to the underlying POSIX ACL not being set
- at provision time.
-
- For similar reasons, sites with ACLs stored by the ntvfs file server
may wish to continue to use that file server implementation, as a
posix ACL will similarly not be set in this case.
@@ -165,7 +161,7 @@ KNOWN ISSUES
this partition is not yet reliable.
- Replication may fail on FreeBSD due to getaddrinfo() rejecting names
- containing _. A workaround will be in the next beta.
+ containing _. A workaround will be in a future next beta.
- upgradeprovision should not be run when upgrading to this release
from a recent release. No important database format changes have
@@ -180,8 +176,9 @@ KNOWN ISSUES
use the 'samba' binary (provided for the AD server) on a member
server.
-- There is no NetBIOS browsing support (network neighbourhood) in the
- 'samba' binary (use nmbd and smbd instead)
+- There is no NetBIOS browsing support (network neighbourhood)
+ available for the AD domain controller. (Support in nmbd and smbd
+ for classic domains and member/standalone servers is unchanged).
- Clock Synchronisation is critical. Many 'wrong password' errors are
actually due to Kerberos objecting to a clock skew between client
diff --git a/auth/credentials/credentials_secrets.c b/auth/credentials/credentials_secrets.c
index ab7f5e8..3304200 100644
--- a/auth/credentials/credentials_secrets.c
+++ b/auth/credentials/credentials_secrets.c
@@ -203,6 +203,16 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr
char *filter;
char *error_string;
const char *domain;
+ const char *realm;
+ bool secrets_tdb_password_more_recent;
+ time_t secrets_tdb_lct = 0;
+ char *secrets_tdb_password = NULL;
+ char *keystr;
+ char *keystr_upper = NULL;
+ char *secrets_tdb = lpcfg_private_path(cred, lp_ctx, "secrets.tdb");
+ struct db_context *db_ctx = dbwrap_local_open(cred, lp_ctx, secrets_tdb, 0,
+ TDB_DEFAULT, O_RDWR, 0600,
+ DBWRAP_LOCK_ORDER_1);
/* Bleh, nasty recursion issues: We are setting a machine
* account here, so we don't want the 'pending' flag around
* any more */
@@ -211,47 +221,79 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr
/* We have to do this, as the fallback in
* cli_credentials_set_secrets is to run as anonymous, so the domain is wiped */
domain = cli_credentials_get_domain(cred);
+ realm = cli_credentials_get_realm(cred);
+
+ if (db_ctx) {
+ TDB_DATA dbuf;
+ keystr = talloc_asprintf(cred, "%s/%s",
+ SECRETS_MACHINE_LAST_CHANGE_TIME,
+ domain);
+ keystr_upper = strupper_talloc(cred, keystr);
+ TALLOC_FREE(keystr);
+ status = dbwrap_fetch(db_ctx, cred, string_tdb_data(keystr_upper),
+ &dbuf);
+ TALLOC_FREE(keystr_upper);
+ if (NT_STATUS_IS_OK(status) && dbuf.dsize == 4) {
+ secrets_tdb_lct = IVAL(dbuf.dptr,0);
+ }
+ TALLOC_FREE(dbuf.dptr);
+
+ keystr = talloc_asprintf(cred, "%s/%s",
+ SECRETS_MACHINE_PASSWORD,
+ domain);
+ keystr_upper = strupper_talloc(cred, keystr);
+ TALLOC_FREE(keystr);
+ status = dbwrap_fetch(db_ctx, cred, string_tdb_data(keystr_upper),
+ &dbuf);
+ if (NT_STATUS_IS_OK(status)) {
+ secrets_tdb_password = (char *)dbuf.dptr;
+ }
+ }
+
filter = talloc_asprintf(cred, SECRETS_PRIMARY_DOMAIN_FILTER,
domain);
status = cli_credentials_set_secrets(cred, lp_ctx, NULL,
SECRETS_PRIMARY_DOMAIN_DN,
filter, &error_string);
- if (NT_STATUS_EQUAL(NT_STATUS_CANT_ACCESS_DOMAIN_INFO, status)
+ if (secrets_tdb_password == NULL) {
+ secrets_tdb_password_more_recent = false;
+ } else if (NT_STATUS_EQUAL(NT_STATUS_CANT_ACCESS_DOMAIN_INFO, status)
|| NT_STATUS_EQUAL(NT_STATUS_NOT_FOUND, status)) {
- TDB_DATA dbuf;
- char *secrets_tdb = lpcfg_private_path(cred, lp_ctx, "secrets.tdb");
- struct db_context *db_ctx = dbwrap_local_open(cred, lp_ctx, secrets_tdb, 0,
- TDB_DEFAULT, O_RDWR, 0600,
- DBWRAP_LOCK_ORDER_1);
+ secrets_tdb_password_more_recent = true;
+ } else if (secrets_tdb_lct > cli_credentials_get_password_last_changed_time(cred)) {
+ secrets_tdb_password_more_recent = true;
+ } else if (secrets_tdb_lct == cli_credentials_get_password_last_changed_time(cred)) {
+ secrets_tdb_password_more_recent = strcmp(secrets_tdb_password, cli_credentials_get_password(cred)) != 0;
+ } else {
+ secrets_tdb_password_more_recent = false;
+ }
+
+ if (secrets_tdb_password_more_recent) {
+ char *machine_account = talloc_asprintf(cred, "%s$", lpcfg_netbios_name(lp_ctx));
+ cli_credentials_set_password(cred, secrets_tdb_password, CRED_SPECIFIED);
+ cli_credentials_set_domain(cred, domain, CRED_SPECIFIED);
+ cli_credentials_set_realm(cred, realm, CRED_SPECIFIED);
+ cli_credentials_set_workstation(cred, lpcfg_netbios_name(lp_ctx), CRED_SPECIFIED);
+ cli_credentials_set_username(cred, machine_account, CRED_SPECIFIED);
+ TALLOC_FREE(machine_account);
+ } else if (NT_STATUS_EQUAL(NT_STATUS_CANT_ACCESS_DOMAIN_INFO, status)
+ || NT_STATUS_EQUAL(NT_STATUS_NOT_FOUND, status)) {
if (db_ctx) {
- char *keystr;
- char *keystr_upper;
- keystr = talloc_asprintf(cred, "%s/%s",
- SECRETS_MACHINE_PASSWORD,
- domain);
- keystr_upper = strupper_talloc(cred, keystr);
- TALLOC_FREE(keystr);
- status = dbwrap_fetch(db_ctx, cred, string_tdb_data(keystr_upper),
- &dbuf);
-
- if (NT_STATUS_IS_OK(status)) {
- char *machine_account = talloc_asprintf(cred, "%s$", lpcfg_netbios_name(lp_ctx));
- cli_credentials_set_password(cred, (const char *)dbuf.dptr, CRED_SPECIFIED);
- cli_credentials_set_domain(cred, domain, CRED_SPECIFIED);
- cli_credentials_set_username(cred, machine_account, CRED_SPECIFIED);
- TALLOC_FREE(machine_account);
- TALLOC_FREE(dbuf.dptr);
- } else {
- error_string = talloc_asprintf(cred,
- "Failed to fetch machine account password from "
- "secrets.ldb: %s and failed to fetch %s from %s",
- error_string, keystr_upper, secrets_tdb);
- }
- TALLOC_FREE(keystr_upper);
- TALLOC_FREE(secrets_tdb);
+ error_string = talloc_asprintf(cred,
+ "Failed to fetch machine account password from "
+ "secrets.ldb: %s and failed to fetch %s from %s",
+ error_string, keystr_upper, secrets_tdb);
+ } else {
+ error_string = talloc_asprintf(cred,
+ "Failed to fetch machine account password from "
+ "secrets.ldb: %s and failed to open %s",
+ error_string, secrets_tdb);
}
}
+ TALLOC_FREE(secrets_tdb_password);
+ TALLOC_FREE(secrets_tdb);
+ TALLOC_FREE(db_ctx);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Could not find machine account in secrets database: %s: %s\n",
error_string, nt_errstr(status)));
diff --git a/auth/credentials/wscript_build b/auth/credentials/wscript_build
index 0b2aec2..06d58a7 100755
--- a/auth/credentials/wscript_build
+++ b/auth/credentials/wscript_build
@@ -5,7 +5,7 @@ bld.SAMBA_LIBRARY('samba-credentials',
autoproto='credentials_proto.h',
public_headers='credentials.h',
pc_files='samba-credentials.pc',
- deps='LIBCRYPTO errors events LIBCLI_AUTH security CREDENTIALS_SECRETS CREDENTIALS_KRB5',
+ deps='LIBCRYPTO errors events LIBCLI_AUTH samba-security CREDENTIALS_SECRETS CREDENTIALS_KRB5',
vnum='0.0.1'
)
diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
index f51a1ed..fc66a8d 100644
--- a/auth/ntlmssp/ntlmssp_client.c
+++ b/auth/ntlmssp/ntlmssp_client.c
@@ -96,7 +96,7 @@ NTSTATUS ntlmssp_client_initial(struct gensec_security *gensec_security,
if (DEBUGLEVEL >= 10) {
struct NEGOTIATE_MESSAGE *negotiate = talloc(
- talloc_tos(), struct NEGOTIATE_MESSAGE);
+ ntlmssp_state, struct NEGOTIATE_MESSAGE);
if (negotiate != NULL) {
status = ntlmssp_pull_NEGOTIATE_MESSAGE(
out, negotiate, negotiate);
diff --git a/auth/wscript_build b/auth/wscript_build
index 0194815..57f1270 100644
--- a/auth/wscript_build
+++ b/auth/wscript_build
@@ -2,7 +2,7 @@
bld.SAMBA_LIBRARY('auth_sam_reply',
source='auth_sam_reply.c',
- deps='talloc security samba-util',
+ deps='talloc samba-security samba-util',
autoproto='auth_sam_reply.h',
private_library=True
)
diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py
index cfab476..50039fc 100644
--- a/buildtools/wafsamba/samba_autoconf.py
+++ b/buildtools/wafsamba/samba_autoconf.py
@@ -437,10 +437,10 @@ def CHECK_STRUCTURE_MEMBER(conf, structname, member,
@conf
-def CHECK_CFLAGS(conf, cflags):
+def CHECK_CFLAGS(conf, cflags, fragment='int main(void) { return 0; }\n'):
'''check if the given cflags are accepted by the compiler
'''
- return conf.check(fragment='int main(void) { return 0; }\n',
+ return conf.check(fragment=fragment,
execute=0,
type='nolink',
ccflags=cflags,
@@ -622,11 +622,26 @@ def SAMBA_CONFIG_H(conf, path=None):
if Options.options.developer:
# we add these here to ensure that -Wstrict-prototypes is not set during configure
- conf.ADD_CFLAGS('-Wall -g -Wshadow -Werror=strict-prototypes -Wstrict-prototypes -Werror=pointer-arith -Wpointer-arith -Wcast-align -Werror=write-strings -Wwrite-strings -Werror-implicit-function-declaration -Werror=format -Wformat=2 -Wno-format-y2k -Wmissing-prototypes -fno-common -Werror=address',
+ conf.ADD_CFLAGS('-Wall -g -Wshadow -Werror=strict-prototypes -Wstrict-prototypes -Werror=pointer-arith -Wpointer-arith -Wcast-align -Werror=write-strings -Wwrite-strings -Werror-implicit-function-declaration -Wformat=2 -Wno-format-y2k -Wmissing-prototypes -fno-common -Werror=address',
testflags=True)
conf.ADD_CFLAGS('-Wcast-qual', testflags=True)
conf.env.DEVELOPER_MODE = True
+ # This check is because for ldb_search(), a NULL format string
+ # is not an error, but some compilers complain about that.
+ if CHECK_CFLAGS(conf, ["-Werror=format", "-Wformat=2"], '''
+int testformat(char *format, ...) __attribute__ ((format (__printf__, 1, 2)));
+
+int main(void) {
+ testformat(0);
+ return 0;
+}
+
+'''):
+ if not 'EXTRA_CFLAGS' in conf.env:
+ conf.env['EXTRA_CFLAGS'] = []
+ conf.env['EXTRA_CFLAGS'].extend(TO_LIST("-Werror=format"))
+
if Options.options.picky_developer:
conf.ADD_CFLAGS('-Werror', testflags=True)
diff --git a/buildtools/wafsamba/symbols.py b/buildtools/wafsamba/symbols.py
index c4b5599..13d84b9 100644
--- a/buildtools/wafsamba/symbols.py
+++ b/buildtools/wafsamba/symbols.py
@@ -647,7 +647,7 @@ def SYMBOL_CHECK(bld):
Build.BuildContext.SYMBOL_CHECK = SYMBOL_CHECK
def DUP_SYMBOL_CHECK(bld):
- if Options.options.DUP_SYMBOLCHECK and bld.env.DEVELOPER and not bld.env.BUILD_FARM:
+ if Options.options.DUP_SYMBOLCHECK and bld.env.DEVELOPER:
'''check for duplicate symbols'''
bld.SET_BUILD_GROUP('syslibcheck')
task = bld(rule=symbols_dupcheck_fatal, always=True, name='symbol duplicate checking')
diff --git a/docs-xml/manpages-3/net.8.xml b/docs-xml/manpages-3/net.8.xml
index c85f87f..7a7ca6d 100644
--- a/docs-xml/manpages-3/net.8.xml
+++ b/docs-xml/manpages-3/net.8.xml
@@ -2112,6 +2112,45 @@ string.</member>
</refsect2>
<refsect2>
+<title>CONNECTIONS</title>
+<para>
+Manipulate Samba's connections database.
+</para>
+
+<para>The registry commands are:
+<simplelist>
+<member>net connections cleanup - Remove orphaned entries from the connections database.</member>
+</simplelist>
+</para>
+
+<refsect3>
+ <title>CONNECTIONS CLEANUP [-avT]</title>
+ <para> Remove orphaned entries from the connections database. This may be necessary if restarting smbd isn't an option.
+ <variablelist>
+ <varlistentry><term>-a|--auto</term>
+ <listitem><para>
+ Noninteractive mode, don't ask.
+ </para></listitem>
+ </varlistentry>
--
Samba Shared Repository
More information about the samba-cvs
mailing list