[SCM] Samba Shared Repository - branch v4-0-stable updated

Andrew Bartlett abartlet at samba.org
Mon Aug 27 18:20:51 MDT 2012

The branch, v4-0-stable has been updated
       via  c41894c VERSION: Mark as the beta7 release
       via  3460340 WHATSNEW: prepare for 4.0 beta7
       via  24f3147 selftest: Fix comment in blackbox_s3upgrade.sh
       via  444c9ff s4-classicupgrade: Do the setting of the sysvol ACLs last, after idmap is configured
       via  5aa9a6c s3-passdb: Allow reload of the static passdb from python
       via  f873d42 auth/credentials: Rework credentials handling to try and find the most recent machine pw
       via  1a8fd71 selftest: Add test of smbclient --machine-pass against and using both s3 and s4
       via  e66fa2c auth/credentials: Expand secrets.tdb fetch of secrets to preserve workstation and realm
       via  43904cb s4-dsdb: Remove double-free in update_keytab module
       via  8c20539 s4-dsdb: Add secrets_tdb_sync - an ldb module to keep secrets.tdb in sync
       via  f2d9be5 s3-secrets: Use talloc_stackframe() in secrets_init_path()
       via  5adf8c8 s3-secrets: Handle all valid ROLE_ values in get_default_sec_channel()
       via  708ce41 s3-secrets: Add helper function to set machine account password from secrets_tdb_sync
       via  62373b8 lib/krb5_wrap: Move enctype conversion functions into a simple helper file
       via  d5b9972 s4-classicupgrade: Read WINS DB before the provision
       via  85f1c4f s4-classicupgrade: Do all the queries of data before the provision()
       via  738f4ac s4-classicupgrade: Use s3param.get_context() instead of result.lp
       via  1ed6070 lib/krb5_wrap: Move kerberos_enctype_to_bitmap() into krb5_wrap
       via  0f7aa3d lib/krb5_wrap: Bring list of all enc types into krb5_wrap
       via  8613539 s4-libnet: Ensure termination of enctype array in libnet_export_keytab()
       via  098c5ec examples: Remove security=share and security=server from example smb.conf
       via  e17bf6a s3-param: Avoid assert on use of talloc_tos() without stackframe
       via  f118eae s4-torture: Test for #9058
       via  b05d28e s4:winbind: let wb_update_rodc_dns_send/recv use netlogon_queue (bug #9097)
       via  6460129 s4:winbind: let wb_sam_logon_send/recv() use the netlogon_queue (bug #9097)
       via  19daec6 s4:winbind: add a netlogon_queue (tevent_queue)
       via  d4aa897 s4:winbind: convert wb_update_rodc_dns_send/recv to tevent_req
       via  0ccdaa9 s4:winbind: convert wb_sam_logon_send/recv to tevent_req
       via  d3756d8 s4:winbind: convert wb_sid2domain to tevent_req internally
       via  89a5a71 s4:librpc/rpc: don't do async requests if gensec doesn't support async replies (bug #9097)
       via  0bd0ad9 s4:librpc/rpc: also call dcerpc_schedule_io_trigger() after bind and alter_context responses
       via  e44b5bd s4:librpc/rpc: use dcerpc_req_dequeue() in dcerpc_request_recv_data()
       via  81bc57d s4:librpc/rpc: use talloc_zero for 'struct rpc_request'
       via  28350ae libcli/smb: split out a smb_transport private library
       via  5eec19b libcli/smb: wscript_build => wscript
       via  aca444c Remove useless bool "upper_case_domain" parameter from ntv2_owf_gen().
       via  cbdf6c5 Remove useless bool "upper_case_domain" parameter.
       via  43870fb Move uppercasing the domain out of smb_pwd_check_ntlmv2()
       via  ced27e1 s3:lib: make sure we don't try to send messages to server_id's marked as disconnected
       via  1f7eac9 s3:lib: remove unused processes_exist()
       via  9529301 s3:lib: readd the CTDB_CONTROL_CHECK_SRVIDS optimization to serverids_exist()
       via  18c6757 s3:lib: only loop over the server_ids we need to verify in serverids_exist()
       via  6c3c25b s3:lib: use server_id_is_disconnected() in serverids_exist()
       via  dc7d0f6 s3:lib: inline processes_exist() into serverids_exist()
       via  84b5a5c s3:lib: SERVERID_UNIQUE_ID_NOT_TO_VERIFY only means not to verify the 'unique_id' part
       via  95f3662 lib/util: don't SMB_ASSERT() in process_exists_by_pid()
       via  0b5e354 s3:lib: implement process_exists() as wrapper of serverid_exists()
       via  774c284 s3:g_lock: use serverid_exists() with SERVERID_UNIQUE_ID_NOT_TO_VERIFY
       via  99b134a s3:lib: implement serverid_exists() as wrapper of serverids_exist()
       via  6145329 s3:lib: remove CTDB_CONTROL_CHECK_SRVIDS optimization in serverids_exist() for now
       via  f83521a lib/param: fix usage of 'write list = +Group'
       via  cbecd15 s3: fix compile warning on openindiana
       via  b4252f8 crypto/aes_ccm_128: fix compile warning on openindiana
       via  cbcfd85 s3/registry: fix compile warning on openindiana
       via  e14bf39 s4-selftest: Always set vfs objects in selftest smb.conf
       via  123ee7f s4-selftest: Add test for samba-tool ntacl sysvolcheck
       via  ebcdc4a s4-samba-tool: Add samba-tool ntacl sysvolcheck command
       via  0aed291 s3-smbd: Add security_info_wanted argument to get_nt_acl_no_snum
       via  e058dfb s3-pysmbd: Fix return type of smbd.get_nt_acl
       via  e8e24a2 s3-smbd: Add talloc_stackframe() to get_nt_acl_no_snum()
       via  7cf50b9 s4-selftest: Add testing of samba-tool ntacl sysvolreset
       via  8c71dc3 param: Add startup checks for valid server role/binary combinations
       via  332efe1 s3-pysmbd: Fix error message
       via  7e7ed72 s4-provision: Fix internal documentation
       via  51e3547 s3-pysmbd: Allow a mode to be specified for the simple ACL
       via  8f90919 s4-samba-tool: Add 'samba-tool ntacl sysvolreset' tool
       via  56fd072 selftest: Add a test of the NT ACL -> posix ACL mapping layer to selftest
       via  4fe344e selftest: Cope with the multiple possible representations of -1 in posixacl.py
       via  bd00c92 selftest: Extend posixacl test to check the actual ACL
       via  318b8cb selftest: Add a test of the NT ACL -> posix ACL mapping layer
       via  b1825c6 s4-scripting: Redefine getntacl() as accessing via the smbd VFS or directly
       via  a778662 s4-provision: set POSIX ACLs to for use with the smbd file server (s3fs)
       via  8518dd6 file_server: Move default VFS module settings to loadparm.c
       via  be9a8cf s4-dsdb: Remove unused variables
       via  d1eac79 s4-dsdb: Do not use a possibly-old loadparm context in schema reload
       via  a58ac39 s4-upgradeprovision: Use ntvfs in reference provision
       via  ccac50c selftest: Set --use-ntvfs for rodc, vampire_dc, promoted_vampire_dc and subdom_dc
       via  c1012c6 selftest: Specify --use-ntvfs when testing the group code
       via  b2ff365 selftest: Specify --use-ntvfs when testing the newuser code
       via  2fc6760 selftest: Specify --use-ntvfs when testing the LDAP backend init code
       via  8c7f4f0 selftest: Specify --use-ntvfs for the chdcpass environment
       via  069db9b s3:smb2_break: encrypt OPLOCK BREAK notifications
       via  54dfd08 s3:smb2_server: use smbXsrv_session->nonce_*
       via  6f9610e smbXsrv.idl: add nonce_* to smbsrv_session
       via  6c7ffa9 s3:smb2_server: remove dump_data() from smbd_smb2_request_pending_timer()
       via  27bc6cf Extending space for fqdn in wbinfo --trusted-domains in verbose mode
       via  63ea428 Remove align_string(). No longer used.
       via  7eee494 Fix bug in SMB_FIND_INFO_STANDARD parsing found by Volker.
       via  1219eaf s4-python: Complete python bindings for idmap.idl
       via  125e93c s3-pysmbd: Correct the python type for smb_acl_t
       via  10267f1 s4-python: complete python bindigns for smb_acls.idl
       via  450fcd7 s3-vfs: Remove extra calls to SMB_VFS_HANDLE_GET_DATA
       via  2b40446 selftest: Pass --use-ntvfs to provison in renamedc test
       via  9170f9c selftest: Specify --use-ntvfs to provision in test scripts
       via  97b1379 s4-classicupgrade: Add --use-ntvfs option
       via  b5c2747 s4-provision: pass use_ntvfs from C wrappers and set to true in tests/vampire
       via  c4b9c3a s4:samldb LDB module - remove unused "member" attribute from search filter
       via  32cd618 LDB:ldb_tdb.c - deny multi-valued attributes manipulation with doublets
       via  cb63b34 LDB:ldbsearch - add search filter tests
       via  6a8c697 LDB:ldbsearch - search filters do not only contain "="
       via  c8bfb8e s4:dsdb - always fail if a search filter could not be parsed
       via  536c082 LDB:ldif_handlers.c - LDB_OP_GREATER/LDB_OP_LESS are thought as ">=" or "<="
       via  5f8006c s4:dsdb_sort_objectClass_attr - simplify memory context handling
       via  166a7d3 s4:dsdb_sort_objectClass_attr - use "data_blob_string_const" for setting values
       via  db075b0 libcli: fix value of NT_STATUS_FILE_NOT_AVAILABLE
       via  c84e6ae Fix bug #9098 - winbind does not refresh kerberos tickets.
       via  ebb776f selftest: Add tests for vfs_aio_fork
       via  e79ed4f s3-vfs: Make vfs_aio_fork erratic timing behaviour a run-time option
       via  a817959 build: Create bin/ when doing 'waf dist' from a fresh checkout
       via  dc063bf s3-pysmbd: Add get/set functions for the posix ACL layer
       via  4df2c65 s3-pysmbd: Correct comments in python VFS bindings
       via  02e25b2 s3-passdb: Allow pdb_sid_to_id to work on any SID
       via  d963aaf s3-pysmbd: Add hook for a VFS chown()
       via  4d5471f build: Remove special case for the build farm
       via  7cd4eb0 build: Remove accidentily added line in samba_version.py
       via  21e67bd Fix bug #9104 - winbindd can mis-identify idle clients - can cause crashes and NDR parsing errors.
       via  84d6e09 s4-torture: Use torture_fail() in the unix.unix_info2 test
       via  74a4c40 selftest: Use new fake_acls module
       via  c75b615 s4-torture: Show that we cannot list extended attributes on streams
       via  f9837d1 s4-torture: Show that we cannot have extended attributes on streams
       via  bf1e27b s4-torture: Improve raw.streams test to cover EAs and to use torture_assert()
       via  3787dcf doc-BUILD_SYSTEMS.txt: The grand rename is complete
       via  0e44163 WHATSNEW: Remove over-caution on s3fs and explain browsing better
       via  921b927 build: Do not put a .distversion file into the GIT tree
       via  7a59c3d s3-build: Enable vfs_fake_acls when in developer mode or on the build farm
       via  ae4195d s3-vfs: Add lstat and lchown hooks to the vfs_fake_acls module
       via  cbe758c s3-vfs: Correct the implementation of fake_acls_sys_acl_delete_def_file()
       via  6c0bef1 s3-vfs: Use the system. namespace for fake ACLs
       via  0f2d288 s3-smbd: ensure we give appropriate errors for EA requests on streams
       via  6ce084f s3-smbd: Do not look for EA information on a stream
       via  f9f8a8c s3-smbd: Push smb_fname into estimate_ea_size
       via  3ef0e22 s4-ntvfs: Add TODO on ea_size
       via  0769d67 s4-ntvfs: Ensure we do not attempt to write EAs on streams
       via  9699c33 s3-vfs: Allow vfs_xattr_tdb to work without a connected share
       via  4f4bb1f s4:torture:basic: add more delete test - variants of deltest16 and deltest17
       via  c35bdb3 s3: add a debug message for failed execv in sys_popen()
       via  471a853 lib/util: add server_id_set_disconnected() and server_id_is_disconnected()
       via  3cdf441 lib/util: let server_id_str() skip the task_id if 0 in the cluster case too
       via  6457fb5 s3:lib: implement interpret_pid() as wrapper of server_id_from_string()
       via  d4a0aeb lib/util: add server_id_from_string()
       via  6a58c5f s3:lib: implement serverid_equal() as macro of server_id_equal()
       via  8149623 lib/util: add server_id_equal()
       via  f46c4df s3:vfs_tsmsm only send notifications when file was offline before
       via  dda4c5d s3: Adapt the tsmsm module to the new aio routines
       via  d1e1f82 s3-vfs: Fix calls of lp_parm_talloc_string
       via  3755a41 s3: Remove the gpfs_hsm_notify module
       via  2c3a58d s3: Merge vfs_gpfs_hsm_notify into vfs_gpfs.c
       via  2e1ab13 s4-dsdb: Use tmp_ctx in kccsrv_check_deleted to avoid leaking memory onto part->dn
       via  26bfe70 s4-kcc: Avoid use-after-free of dn and add tmp_ctx
       via  1b487ad s3:selftest: add some tests against a share the requires encryption
       via  45471f4 s3:smb2_negprot: annouce/negotiate SMB3 encryption support
       via  9397d67 s3:smb2_server: add SMB3 encryption support
       via  9f1dfd8 s3:smbd: don't disconnect the client when a share has "smb encrypt = required"
       via  e5d4e8d s3:smbd: lp_smb_encrypt() returns SMB_SIGNING_* values
       via  8b3da9a s3:smbd: make use of ENCRYPTION_REQUIRED()
       via  abf018e libcli/smb: make sure the SMB2_TRANSFORM pdu is complete
       via  e2b07c0 s4:libcli/smb2: reset trsnport->compound.related when a compound chain is finished
       via  6ce362a build: Ensure -Werror=format works with -Wformat=2 on NULL format strings
       via  a7b8e9f5 s4-dsdb: Ensure we always free tmp_ctx in schema refresh check
       via  21c8fa25 Fix bug #9085 - NMB registration for a duplicate workstation fails with registration refuse
       via  6b7a9910 s3-torture: Allow vfstest to set ACLs on a directory
       via  5251d07 s4: Fix returns in py_check_dcerpc_type
       via  16edb6e s3:smb2_server: try to sign an error response if we have a signing key
       via  19ca98a s3:smb2_server: verify the signature before the session_status
       via  f4432fe s3:smb2_server: add some const to print_req_vectors()
       via  8dbfa93 s4:cldap_server: only return DS_SERVER_*TIMESERV if "ntp_signd" is used
       via  4c5019d s4:cldap_server: set DS_SERVER_SELECT_SECRET_DOMAIN_6 if we're a RODC
       via  f3b69da s3-libsmb: Add a simple test for python bindings
       via  fbebd75 s3-libsmb: Add a python wrapper
       via  d7d8646 tevent: change version to 0.9.17 after adding the "poll_mt" backend
       via  d7af2c8 tevent: Add threaded poll_mt testcase
       via  fa71f32 lib/tevent: Add a thread-safe tevent backend
       via  d860aa2 tevent_poll: Decouple poll_ev->fds handling from adding/removing fds
       via  cbe2510 s3-g_lock: Make g_lock_lock more robust
       via  b83cd05 s3-msg: For msg_channel, correct the talloc hierarchy
       via  8e50ff0 s3-msg: Rename msg_channel_init_destructor
       via  c2b29de s3-autoconf: Fix deps for dbwrap_torture
       via  494003f s3-g_lock: Properly free "rec" on retry to avoid deadlock
       via  7c56d80 s3:brlock: give traverse_fn a proper name
       via  6e39011 s3:vfs_gpfs: make sure parameters are set correctly for leases
       via  a8b5830 s3:vfs_gpfs: Fix compile error in gpfs module
       via  56fc7bc libcli/smb: support broken OS/2 error responses bug #9096
       via  df8e9c1 s3-selftest: Add a seperate test for ACL tests using vfstest
       via  05885a8 s3-torture: Add ACL commands to vfstest
       via  345b980 s3-torture: Use talloc more in vfstest
       via  43255a1 s3-torture: Initialise fsp fully in vfstest open
       via  1157db2 s3-smbd: Do not check no_acl_syscall_error(errno) after sys_acl_init()
       via  802d67c selftest: Extend xattr-tdb-1 vfstest to call stat
       via  820d179 s3-vfs: Continue to make vfs_xattr_tdb non-recursive
       via  843e19e s3-vfs: Add new VFS module to fake setting an ACL
       via  2129495 librpc/idl: Fix acl array definition in smb_acl_t
       via  97e7c3b s3-selftest: convert xattr-tdb-1 vfstest driver into a subunit test
       via  748d8f5 s3-selftest: convert stream_depot vfstest driver into a subunit test
       via  08baa11 fix printf warning in net connections
       via  31980cf s3:utils: remove standalone cclean tool
       via  37ed821 s3:doc manpage for "net connections cleanup"
       via  1c2bae0 s3:net add command "connections cleanup"
       via  65976d6 s3-vfs: Set errno in xattr emulation
       via  cc3bdaa s3-vfs: Avoid loops in VFS modules: call _NEXT functions in xattr emulation
       via  898c5e1 s3-vfs: ensure we strictly free the talloc_stackframe
       via  f9b9433 s4-selftest: Fix test name for samba.tests.dcerpc.bare
       via  fd42bc1 librpc/idl: Make smb_acl_t public so we can pull/push it as a blob
       via  d2d5fb1 libcli/smb: verify decrypted SMB2 pdus correctly
       via  7a7e9b1 libcli/smb: fix parsing of compounded messages within a SMB2_TRANSFORM pdu
       via  84f6b0f libcli/smb: fix smb2cli_req_compound_submit for multiple encrypted messages
       via  b596a11 s3:smb2_server: do calculations based on SMBD_SMB2_NUM_IOV_PER_REQ in smbd_smb2_request_validate()
       via  7ffee47 libcli/smb: all flags except SMB2_HDR_FLAG_ASYNC should be cleared in a cancel request.
       via  24b1143 s3-sysacls: Remove sys_acl_free_qualifier() as it is a no-op
       via  6ccfd05 s3-sysacls: Remove sys_acl_free_acl() and replace with TALLOC_FREE()
       via  e25830d s3-smbd: Remove sys_acl_*() VFS wrapper functions
       via  a63a2a7 s3-smbd: Remove unused conn argument from convert_permset_to_mode_t()
       via  3d031f2 s3-smbd: Call sys_acl_set_permset() directly rather than via the VFS
       via  9f16fcf s3-smbd: Call sys_acl_set_qualifier() directly rather than via the VFS
       via  21e0b91 s3-smbd: Call sys_acl_set_tag_type() directly rather than via the VFS
       via  50d147b s3-smbd: Call sys_acl_create_entry() directly rather than via the VFS
       via  db54479 s3-smbd: Call sys_acl_add_perm() directly rather than via the VFS
       via  631a356 s3-smbd: Call sys_acl_clear_perms() directly rather than via the VFS
       via  d78c7c3 s3-smbd: Call sys_acl_init() directly rather than via the VFS
       via  8b3227e s3-smbd: Call sys_acl_free_acl() directly rather than via the VFS
       via  6a46fbb s3-smbd: Call sys_acl_free_qualifier() directly rather than via the VFS
       via  e019b93 s3-smbd: Call sys_acl_get_entry() directly rather than via the VFS
       via  d8fb9e7 s3-smbd: Call sys_acl_free_qualifier() directly rather than via the VFS
       via  6a2f142 s3-smbd: Call sys_acl_get_qualifier() directly rather than via the VFS
       via  d83276c s3-smbd: Call sys_acl_get_tagtype() directly rather than via the VFS
       via  3b40932 s3-smbd: Call sys_acl_get_permset() directly rather than via the VFS
       via  7dff34f s3-smbd: Call sys_acl_get_perm() directly rather than via the VFS
       via  0705391 s3-smbd: Move smb_acl_t declaration to smb_acl.idl
       via  d5a8e58 pidl: Add mode_t as an alias so we can marshall posix ACL structures
       via  dcfb6aa s3-smbd: Change allocation of smb_acl_t to talloc()
       via  47082ad libwbclient: Add test for wbcPingDc2
       via  4c8616f wbinfo: Improve output of wbinfo --ping-dc
       via  bdb1f23 libwbclient: Add wbcPingDc2
       via  bd23c8f s3-winbind: Return the DC name from DC_PING
       via  7baa709 s3-winbind: Pass ping-dc result to client
       via  807fb16 selftest: Add knownfail for samba3.winbind.wbclient.wbcPingDc2
       via  4ee602c s4:dsdb/repl: fix the usage of 'GC/' prefixed principal names
       via  4e5e302 s4:samba-tool/drs: print the dns name of the server belonging to a connection
       via  a74ca56 s4:ntp_signd: fix SEGV if SID cannot be found
       via  ff5d177 s3-passdb: Silence scary DEBUG(0) message on first use of secrets.tdb databases
       via  108c8b7 s4-dsdb: Use samdb_dn_is_our_ntdsa()
       via  d582e1b s4-dsdb: Add samdb_dn_is_our_ntdsa()
       via  773d036 s4-dsdb: Use samdb_reference_dn_is_our_ntdsa()
       via  7213199 s4-repl: Use samdb_reference_dn_is_our_ntdsa()
       via  1e127b2 s4-dsdb: Add helper function samdb_reference_dn_is_our_ntdsa()
       via  3c8d8f2 s4-dsdb: Use ldb_dn_copy() rather than talloc_reference()
       via  0668f98 s4-libnet: Prepare libnet_BecomeDC for samdb_reference_dn() returning an extended DN
       via  fd0394d s4-libnet: Improve debugging of libnet_BecomeDC LDAP errors
       via  c47d73f s4:dsdb/repl: ldb_errstring() takes a 'struct ldb_context' not 'int'
       via  0b926a2 s4:dsdb/repl: make sure instanceType_e is not changed by a reallocation
       via  d81d6af s4:dsdb/repl: avoid reallocation of msg->elements
       via  9566786 s4-dsdb: Add mem_ctx argument to samdb_ntds_settings_dn
       via  0f2a87b s4-dsdb: Improve memory handling in dsdb_schema_from_ldb_results() by adding a tmp_ctx
       via  1f74773 s4-dsdb: Improve memory handling in kccsrv_add_connection()
       via  77990c1 s4-dsdb: Improve memory handling in kccsrv_find_connections() by adding a tmp_ctx
       via  f74e7b5 s4-dsdb: Add const
       via  9db35c9 VERSION: Move on to beta6!
       via  b5281eb VERSION: Mark as the beta6 release
       via  03a20ae WHATSNEW: prepare for 4.0 beta6
       via  fe29535 s3-vfs: Put vfs_aixacl_util.c helper functions into a header file
       via  f11a1a4 s4:kdc/wdc-samba4.c - fix user logins on specific workstations
       via  a57c5eb s4-classicupgrade: Tests if sam policies exist before trying to import them.
       via  34c4664 s3-selftest: Add smbclient tarmode test
       via  1428500 s3-selftest: Fix copy/paste error in test usage string
       via  4e4c306 Fix smbclient/tarmode panic on connecting to Windows 2000 clients.
       via  aaeb3f5 Ensure we update last_access on the winbindd child struct on each request.
       via  f7403d8 s3: skip loading vfs modules for printer connections
       via  4631723 s4-dsdb: Take more care in handling of global schema memory
       via  329e374 s4-dsdb: Remove support for per-partition sequence numbers
       via  2d21a9b s4-dsdb: Use only the replication USN for schema reload.
       via  f36e28d s3-nfs4acls: Remove lookup_sid and sidmap from NFSv4 ACL mapping and check gid first
       via  c991ac0 s3-smbd: Merge ACE entries based on mapped UID/GID not SID
       via  d3188a0 s3-smbd: Convert posix_acls.c to use struct unixid internally
       via  1c3c5e2 s3-smbd: Create a shortcut for building the token of a user by SID for posix_acls
       via  d7515b6 torture: Reproducer for 64c0367
       via  1f50b6c tdb/test: fix build on OSF/1
       via  8defcb8 Revert "s3:smbd: include smbXsrv.h before smbd/proto.h to have the smbXsrv_ structs available"
       via  0e76bbc Revert "s3:smbd: Include smbXsrv.h before vfs.h (in smbd.h) so that the smbXsrv structures are available"
       via  2cbfdd4 Revert "s3:smb: include "smbXsrv.h" before "vfs.h""
       via  205185e s3:smbXsrv.idl: remove smbXsrv_*0 defines
       via  2b41f37 s3:param: fix compiler warnings with FN_GLOBAL_CONST_STRING()
       via  13f8674 build: rename security → samba-security
       via  51a7154 nsswitch: add ABI checking and symbol versions to libwbclient
       via  fdd07e8 s4-dsdb: Explain better what records are written during schema set
       via  1d1bdc3 lib/ldb: Use tdb_parse_record and a callback rather than tdb_fetch()
       via  a5495bc Remove smb_panic() from unix_strlower(). Just rely on error code return.
       via  b70f23c Correctly check for errors in strlower_m() returns.
       via  ce21d08 Fix strlower_m() to return an error indication.
       via  c13887d Check error returns on strnorm().
       via  526e875 Check error returns from strupper_m() (in all reasonable places).
       via  e1ec86a Fix missing ads_destroy in error path.
       via  9fcc6f2 Change strupper_m() to return a value.
       via  af3e529 Fix bad return in unix_strupper.
       via  b6eb3a6 Prepare to remove smb_panic() from unix_strlower().
       via  8605b35 Fix bad return values in unix_strlower/unix_strupper.
       via  f64c970 s4:torture:basic: check the return status of the last open in deltest16
       via  2352227 s4:torture:basic: fix a message typo in the delete17 test
       via  6cc5a54 s4:torture:basic: fix abundance of spaces in deltest6
       via  fac4a0d s4:torture:basic:delete: fix 4 vs 8 spc tab formatting in check_delete_on_close()
       via  5236028 s3:torture:delete: add a 12th subtest to the delete-on-close tests
       via  db160bf s3:torture:delete: fix 11th test to work against windows
       via  2e53fb1 s3:torture:delete: simplify return code handling, fixing a couple of return codes in error cases
       via  49a2c68 s3:torture:delete: reduce indentation
       via  54e5810 s3:torture:delete: add a comment
       via  c228b7a s3:torture:delete: add a comment
       via  7a7b86d s3:torture:delete: add a comment
       via  5b1afa6 s3:torture:delete: move the success message for a subtest to the correct place
       via  2f7a371 s3:torture:delete: remove an else, reducing indentation
       via  3668a4c s3:torture:delete: remove an else, reducing indentation
       via  777c7a9 s3:torture:delete: remove an else, reducing indentation
       via  c36deaf s3:torture:delete: remove an else, reducing indentation
       via  e833141 s3:torture:delete: really fail the test in a failure case
       via  9058288 s3:torture:delete: fix a comment
       via  bf492d1 s3:torture:delete: fix a message
       via  ff5e6e3 s3:torture:delete: fix a message
       via  4aac6d0 s3:torture:delete: fix a message
       via  595845c s3:torture:delete: fix a message (counting the opens)
       via  2aded6a s3:torture:delete: untangle function call from result check
       via  ef36847 s3:torture:delete: untangle function call from result check
       via  4e75b0c s3:torture:delete: untangle function call from result check
       via  ccb2583 s3:torture:delete: untanlge function call from result check
       via  8a92ae2 s3:torture:delete: untangle function call from result check
       via  02b0925 s3:torture:delete: untangle function call from result check
       via  5138eb5 s3:torture:delete: untangle function call from result check
       via  5bc7c77 s3:torture:delete: untangle function call from result check
       via  b5e9378 s3:torture:delete: untangle function call from result check
       via  361429d s3:torture:delete: untangle function call from result check
       via  8684506 s3:torture:delete: untangle function call from result check
       via  1db70c0 s3:torture:delete: untangle function call from result check
       via  a70a4ad s3:torture:delete: untangle function call from result check
       via  11d60d1 s4-ldb_wrap: Do not vasprintf() the ldb debug messages that will not be shown
       via  73f0cb5 lib/ldb: Do not vasprintf() the tevent debug messages that will not be shown
       via  7e562cf s4-events: Do not vasprintf() the tevent debug messages that will not be shown
       via  434bed7 s3-events: Do not vasprintf() the tevent debug messages that will not be shown
       via  299fc75 lib/ldb: Use tdb_exists() rather than tdb_fetch()/talloc_free()
       via  d799b25 s4-dsdb: Remove strcasecmp() fallback in replmd_ldb_message_element_attid_sort
       via  8dd09ef s4-dsdb: Do not reload partition metadata except on transaction start
       via  0d7b17f s3:smb2_sesssetup: setup global->[en|de]cryption_key
       via  0cb11ef s3:smb2_read: don't try sendfile if encryption is used
       via  a0cf42b s3:smb2_server: add smbd_smb2_request->do_encryption
       via  95e4270 s3:smb2_tcon: set global->encryption_required and enforce it
       via  64dce26 s3:smb2_sesssetup: set global->encryption_required and enforce it
       via  8734887 s3:smbXsrv.idl: add encryption_required to smbXsrv_tcon_global0
       via  b5a72f4 s3:smb2_server: check the session before we could response with an error.
       via  f15d9a6 s3:smb2_server: do central file_id check if the operation requires it
       via  a117fd6 s4-dsdb: Ensure we have indexing enabled during the provision
       via  ef87b4e s4-pydsdb: Provide control of if we should write index attributes when reloading a schema
       via  1a1f01e s4-dsdb: Change talloc parent
       via  1727556 s4-dsdb: Remove ldb_sequence_type argument from partition_primary_sequence_number
       via  6ec963e s4-dsdb: simplify migration of old-style seqence numbers to metadata.tdb
       via  6a648b7 s4-dsdb: Reduce calls to the ldb layer by reloading less often
       via  47c5900 s3:nmbd: log a failure in get_domain_master_name_node_status_success() as level 1
       via  a3ccdaf s3:nmbd: don't log get_domain_master_name_node_status_fail at level 0
       via  1c76e99 s3:smb2_server: s/i/idx in smbd_smb2_request_pending_queue()
       via  83d2620 s3:smb2_server: make use of SMBD_SMB2_OUT_HDR_PTR() in smbd_smb2_request_pending_queue()
       via  0067de2 s3:smb2_server: remove useless variable 'i'
       via  63d92a1 s3:smb2_server: rewrite dup_smb2_vec3() using SMBD_SMB2_*_IOV_OFS and helper variables
       via  fc8e3bd s3:smb2_server: make use of SMBD_SMB2_* macros in smbd_smb2_request_done_ex()
       via  97b5aaa s3:smb2_server: make use of SMBD_SMB2_* macros in smbd_smb2_request_verify_sizes()
       via  05ae95a s3:smb2_server: use the common buffer layout for smbd_smb2_request_pending*
       via  644eab3 s3:smb2_read: use SMBD_SMB2_NUM_IOV_PER_REQ when checking for sendfile() support
       via  2b9dd90 s3:smb2_read: fix indentation in schedule_smb2_sendfile_read()
       via  9f51d61 s3:smb2_server: don't try to update req->in.vector[0] in smbd_smb2_request_pending_queue()
       via  51dd39b selftest: Rename samba4.blackbox.pdbtest to samba.blackbox.pdbtest
       via  b7b4879 s3-torture: Extend pdbtest to also run an authentication unit-test
       via  de2d813 build: Remove pdbtest from the autoconf build
       via  528d3fe libcli/smb: do not set SMB2_TF_MSG_SIZE in the caller
       via  143fb84 libcli/smb: smb2_signing_[en|de]crypt_pdu() check and set SMB2_TF_MSG_SIZE
       via  6bfdca4 s3:smb2_sesssetup: remove unused code in smbd_smb2_reauth_generic_return()
       via  5f7d786 s3:smb2_sesssetup: remove TALLOC_FREE(session) from smbd_smb2_[re]auth_generic_return
       via  c9ecfd6 s3:smb2_server: sign the last request at the start of smbd_smb2_request_reply()
       via  64c0367 s3: Fix a crash in reply_lockingX_error
       via  c2dee12 vfs_dirsort: Remove unnecessary return; statement
       via  375ba1b vfs_afsacl.c: Remove some unnecessary return; statements
       via  ebc92d0 vfs_full_audit: Remove some unnecessary return; statements
       via  dab8fe5 vfs_time_audit: Remove unnecessary return; statement
       via  3f9b2cc vfs_time_audit: Remove some unnecessary return; statements
       via  9adf6a0 vfs-mediaharmony: Remove some unnecessary return; statements
       via  da4057f vfs_media_harmony: fix return of void
       via  c301691 s3:smb2_server: fix SMB2 signing of compound responses
       via  40f771e s3:smb2_server: there's no need to copy req->out.vector when we just keep the last request
       via  8d63efe s3:smb2_server: use memmove instead of copying single vector elements
       via  9b8973d s3:smb2_server: make use of SMBD_SMB2_OUT_HDR_PTR() smbd_smb2_request_pending_queue()
       via  bfc87a4 s3:smb2_server: check for compound based on SMBD_SMB2_NUM_IOV_PER_REQ
       via  5730272 s3:smb2_server: make use of SMBD_SMB2_OUT_*_IOV smbd_smb2_request_reply()
       via  727b1d1 s3:smb2_server: check for compound based on SMBD_SMB2_NUM_IOV_PER_REQ
       via  2da6217 s3:smb2_server: make use of SMBD_SMB2_*_IOV_OFS
       via  d609bb9 s3:smb2_server: make use of helper macros in smb2_calculate_credits()
       via  efaea8e s3:smb2_server: make use of helper macros in smbd_smb2_request_validate()
       via  4e6e1ec s3:smb2_server: make use of SMBD_SMB2_NUM_IOV_PER_REQ
       via  337604a s3:smb2_server: add some more SMBD_SMB2_* defines/macros
       via  d825adf s3-param: Remove never-reached condition for popts == NULL
       via  31d1fde s3-param: Remove never-reached condition for opt_list == NULL
       via  d65bded source3/loadparm.c: Move string_set/string_free inside.
       via  3bb65aa source3/smbd/conn.c: wean off string_set/string_free
       via  a14c02d source3/loadparm: make struct loadparm_service a talloc object.
       via  592e3f4 loadparm: Add ctx member to struct loadparm_global.
       via  9b7b736 media_harmony VFS module: Add and build by default.
       via  e7bf8e7 s3:smb2_server: do one central as_root check if the operation requires it
       via  eec941e s3:smb2_server: do one central tcon check if the operation requires it
       via  59b9dfa s3:smb2_server: do one central session check if the operation requires it
       via  aba6df9 s3:smb2_server: add and use smbd_smb2_call()
       via  e013332 s3:smb2_server: add .as_root to smbd_smb2_dispatch_table
       via  f69ed57 s3:smb2_server: add .need_tcon to smbd_smb2_dispatch_table
       via  46f7a60 s3:smb2_server: add .need_session to smbd_smb2_dispatch_table
       via  357110c s3:smb2_server: introduce a smbd_smb2_dispatch_table (for now just with names)
       via  5ac4d3d s3:smb2_server: move 'conn' to main block of smbd_smb2_request_dispatch()
       via  83a746d libcli/util: add NT_STATUS_FILE_NOT_AVAILABLE
       via  1453358 libcli/smb: use forward declaration instead of includes
       via  33705f4 s4-scripting: Remove unused variables from ntacl tests
       via  4aca56c s4-smbd: Check for failure of irpc_add_name
       via  f06c216 s3-pysmbd: Try opening as a file, then as a directory
       via  e571d5c s3-pysmbd: Use talloc_zero()
       via  e658421 s3-passdb: Simplify idmap wrapper in pdb_samba4
       via  227d490 s3-pysmbd: Add talloc_stackframe() to smbd_set_simple_acl wrapper
       via  721096b s3:smb2_server: make use of smbd_smb2_inbuf_parse_compound() in smbd_smb2_request_read*()
       via  fbd663c s3:smb2_server: make use of smbd_smb2_inbuf_parse_compound() in smbd_smb2_request_create()
       via  9e9d784 s3:smb2_server: remove const from smbd_smb2_first_negprot()
       via  c1b3454 s3:smb2_server: add smbd_smb2_inbuf_parse_compound()
       via  b20fb15 s4:libcli/smb2/write correct error checking
       via  4e91ccf smbXcli: add some includes to fix compiler warnings
       via  0dfc330 lib/socket_wrapper: writev returns ssize_t, not int
       via  18c152f lib/param: move enum dns_update_settings to lib/param
       via  efe28b1 s4:libcli/pyerrors: add PyErr_NTSTATUS_NOT_OK_RAISE()
       via  a370792 s4:libcli/pyerrors: s/PyErr_WERROR_IS_ERR_RAISE/PyErr_WERROR_NOT_OK_RAISE/
       via  4e0fb8b Revert "ldb: Add parameter to avoid NULL format string flagged by -Werror=format"
       via  33c79c8 build: Make -Werror=format check only run where NULL is still accepted
       via  0514a84 Rework recursive waf build to be a selftest-enabled not a developer build
       via  dd8c0e5 build: Remove duplicate declaration of --enable-selftest
       via  49b2720 lib/param: Also enable vlp when --enable-selftest is specified
       via  1c7bd2b s3:smbd: remove unused variable in sesssetup.c
       via  4384b1e s3:smb2_server: make use of SMBD_SMB2_* macros
       via  47c67f2 s3:smb2_ioctl: make use of SMBD_SMB2_* macros
       via  e281b9f s3:smb2_lock: make use of SMBD_SMB2_* macros
       via  e67d07f s3:smb2_setinfo: make use of SMBD_SMB2_* macros
       via  9c58a0a s3:smb2_getinfo: make use of SMBD_SMB2_* macros
       via  e9a21e5 s3:smb2_negprot: make use of SMBD_SMB2_* macros
       via  f28b2ac s3:smb2_write: make use of SMBD_SMB2_* macros
       via  f08e478 s3:smb2_tcon: make use of SMBD_SMB2_* macros
       via  6e9a65d s3:smb2_create: make use of SMBD_SMB2_* macros
       via  926379a s3:smb2_find: make use of SMBD_SMB2_* macros
       via  559742f s3:smb2_sesssetup: make use of SMBD_SMB2_* macros
       via  048c8d3 s3:smb2_glue: make use of SMBD_SMB2_IN_HDR_PTR()
       via  8cf817d s3:smb2_read: make use of SMBD_SMB2_IN_BODY_PTR()
       via  121dbd6 s3:smb2_notify: make use of SMBD_SMB2_IN_*_PTR()
       via  88a3402 s3:smb2_flush: make use of SMBD_SMB2_IN_BODY_PTR()
       via  52805c4 s3:smb2_close: make use of SMBD_SMB2_IN_BODY_PTR()
       via  21742c3 s3:smb2_break: make use of SMBD_SMB2_IN_BODY_PTR()
       via  7ee54cd s3:smbd: add helper macros to access smb2req->{in,out}.vector[]
       via  7327310 s3:smb2_server: use 'i' instead of '1' as vector index in smbd_smb2_request_pending_timer()
       via  1a0c40f s3:smb2_lock: remove unused in_smbpid
       via  96fa47f s3:smb2_write: remove unused in_smbpid
       via  056070f s3:smb2_read: remove unused in_smbpid
       via  86ee590 s4:domain join: setup RODC invocationId
       via  41cffa3 doc: Remove build/ from doxygen config or it will not work in brew.
       via  401860c s3:smbd: add support for SMB_EXTENDED_SIGNATURES in SMBtconX
       via  ff75fd9 s3:smbd: setup the application session key with the first tcon on a session
       via  3a0db4d s3:rpc_server/wkssvc: make usage of session_extract_session_key()
       via  396f317 s3:rpc_server/netlogon: make usage of session_extract_session_key()
       via  49d0432 s3:smbd: setup session->global->signing_/application_key during SPNEGO SMB1 session setups
       via  2265e46 s3:smbd: setup session->global->signing_/application_key during old SMB1 session setups
       via  3d63e4d s3:smbd: keep the "application session key" during SMB1 reauth
       via  ba864b8 s4:torture: add support for SMB_EXTENDED_SIGNATURES during SMBtconX
       via  67767de s4:libcli: add support for SMB_EXTENDED_SIGNATURES during SMBtconX
       via  c32120b s3:libsmb: add EXTENDED_SIGNATURE support in cli_tcon_andx*()
       via  97be49c libcli/smb: add smb1cli_session_protect_session_key()
       via  dbefd7d libcli/smb: add smb_key_derivation() for TREE_CONNECT_ANDX_EXTENDED_SIGNATURES support
       via  b1a0fda libcli/smb: pass hdr/len to smb_signing_check/sign_pdu() and skip the nbt header
       via  b1c5efb s3:smbd: skip nbt header in srv_check_sign_mac()
       via  d88a6c1 libcli/smb: change smb_signing to skip the NBT_HEADER_SIZE internally
       via  e8f4868 auth/ntlmssp: avoid talloc_tos() in ntlmssp_client_initial()
       via  764f2f9 s3-ctdb: return proper exit code
       via  0a45e9c s3-ctdb: adjust a loglevel
       via  6cfe6e9 s3-ctdb: Fix ctdb_serverids_exist for target nodes that died
       via  6d83e35 s3-ctdb: Add debugs to ctdb_serverids_exist
       via  cff3ad4 lib/dbwrap: rewrite lock order check to ease debugging
       via  d12831d docs-xml: fix pid directory example
       via  5beb345 docs-xml: fix dfree cache time example
       via  8dafdb5 s4:dsdb:replicated_objects: do not move 'instanceType' to the end of msg->elements on RODC replication
       via  d642831 s4: samba_spnupdate: fix "if we are DNS server" check
       via  8dde55c build: fix typo
       via  1e5098d s3-pysmbd: Add hook for get_nt_acl()
       via  64f494d s3-pysmbd: fix DEBUG
       via  e5686a4 s3-pysmbd: Add my copyright
       via  55a0d66 s3-pysmbd: Add set_nt_acl() function based on parts of vfstest
       via  b041d29 s3-pypassdb: Fix wrapper for pdb_domain_info to return correct dns_{domain,forest}
       via  e956253 s4:torture: send the TCONX_FLAG_EXTENDED_RESPONSE flag
       via  95b64f0 s4:libcli: send the TCONX_FLAG_EXTENDED_RESPONSE flag
       via  02dcf05 heimdal: fixed -Werror=format error in com_err
       via  b93e6ef s3:smbd: add a optional_support helper variable to reply_tcon_and_X()
       via  3fb6549 s3:smbd: make use of TCONX_FLAG_DISCONNECT_TID define
       via  3682eb8 s3:libsmb: add a optional_support helper variable
       via  137d65b s3:libsmb: add a tcon_flags helper variable
       via  d3aaa1e libcli/smb: move some TCON related defines to smb_constants.h
       via  8e1c6d4 s3:rpc_client: rename pipe_auth_data->user_session_key to transport_session_key
       via  0ec50e8 s3:libsmb: remove unused cli_state->user_session_key
       via  0068a9f s3:utils/net_rpc*: make use of cli_get_session_key()
       via  616206a s3:libnet_join: make use of cli_get_session_key() in libnet_join_joindomain_rpc()
       via  8b42f52 s3:rpc_client: make use of smbXcli_session_application_key()
       via  00cde56 s4:libcli/raw: remove unused smbcli_session->user_session_key
       via  7977d90 s4:librpc/dcerpc_smb2: sync smb2_session_key() with smb_session_key()
       via  286e249 s4:librpc/dcerpc_smb: make use of smbXcli_session_application_key()
       via  2f4f214 libcli/smb: remove unused smb2cli_session_application_key()
       via  803fb40 s4:librpc/dcerpc_smb2: make use of smbXcli_session_application_key()
       via  5f25567 libcli/smb: add smbXcli_session_application_key()
       via  ac1452c s4:libcli/smb_composite: make use of smb1cli_session_set_session_key()
       via  1a9a910 s4:libcli/smb_composite: always use set_user_session_key() helper
       via  c9eac1a s3:libsmb: make use of smb1cli_session_set_session_key()
       via  7af537e libcli/smb: allow resetting of the smb1 application_key
       via  68c1eec libcli/smb: let smb1cli_session_set_id() reset the application_key
       via  c3cb672 libcli/smb: add smb1cli_session_set_session_key()
       via  9b9ef92 s3:ctdbd_conn: use unitX_t types consistently throughout the module
       via  d4bce35 Add two flags to allow for handling of Extended Signatures (Session Key Protection) on a TCON_AND_X request and response.
       via  610ac2d Make it possible to build under Solaris make as well as FreeBSD and Linux. Also add comments on changes that might be needed
       via  23df816 VERSION: Move on to beta6!
      from  50d6483 VERSION: Mark as the beta5 release


- Log -----------------------------------------------------------------

Summary of changes:
 BUILD_SYSTEMS.txt                                  |    9 +-
 VERSION                                            |    2 +-
 WHATSNEW.txt                                       |  115 +-
 auth/credentials/credentials_secrets.c             |  104 +-
 auth/credentials/wscript_build                     |    2 +-
 auth/ntlmssp/ntlmssp_client.c                      |    2 +-
 auth/wscript_build                                 |    2 +-
 buildtools/wafsamba/samba_autoconf.py              |   21 +-
 buildtools/wafsamba/symbols.py                     |    2 +-
 docs-xml/manpages-3/net.8.xml                      |   39 +
 docs-xml/manpages-3/vfs_full_audit.8.xml           |   17 -
 docs-xml/manpages-3/vfs_media_harmony.8.xml        |  142 ++
 docs-xml/smbdotconf/misc/dfreecachetime.xml        |    2 +-
 docs-xml/smbdotconf/misc/piddirectory.xml          |    2 +-
 dynconfig/wscript                                  |    2 +-
 examples/VFS/Makefile.in                           |   21 +-
 examples/VFS/skel_opaque.c                         |  119 -
 examples/VFS/skel_transparent.c                    |  102 -
 .../vfs/media_harmony/trigger_avid_update.py       |  103 +
 examples/smb.conf.default                          |    2 +-
 file_server/file_server.c                          |   13 +-
 lib/crypto/aes_ccm_128.c                           |    2 +-
 lib/dbwrap/dbwrap.c                                |   85 +-
 lib/dbwrap/dbwrap.h                                |    1 +
 lib/krb5_wrap/enctype_convert.c                    |  104 +
 lib/krb5_wrap/krb5_samba.h                         |    8 +
 lib/krb5_wrap/wscript_build                        |    2 +-
 lib/ldb-samba/ldb_wrap.c                           |   12 +-
 lib/ldb-samba/ldif_handlers.c                      |    4 +-
 lib/ldb-samba/wscript_build                        |    2 +-
 lib/ldb/ABI/ldb-1.1.10.sigs                        |  259 +++
 ...yldb-util-1.1.2.sigs => pyldb-util-1.1.10.sigs} |    0
 lib/ldb/common/ldb.c                               |    9 +-
 lib/ldb/common/ldb_debug.c                         |   16 +-
 lib/ldb/common/ldb_parse.c                         |    2 +-
 lib/ldb/include/ldb_module.h                       |    1 +
 lib/ldb/ldb_map/ldb_map.c                          |    2 +-
 lib/ldb/ldb_tdb/ldb_search.c                       |   68 +-
 lib/ldb/ldb_tdb/ldb_tdb.c                          |   19 +-
 lib/ldb/tests/test-generic.sh                      |    2 +
 lib/ldb/tools/ldbsearch.c                          |    2 +-
 lib/ldb/wscript                                    |    2 +-
 lib/nss_wrapper/config.m4                          |    2 +-
 lib/param/loadparm.c                               |   11 +-
 lib/param/loadparm.h                               |    5 +-
 lib/param/param_table.c                            |    2 +-
 lib/socket_wrapper/config.m4                       |    2 +-
 lib/socket_wrapper/socket_wrapper.c                |    2 +-
 lib/socket_wrapper/socket_wrapper.h                |    2 +-
 lib/talloc/doxy.config                             |    5 +-
 lib/tdb/doxy.config                                |    5 +-
 lib/tdb/test/lock-tracking.c                       |   30 +-
 .../ABI/{tevent-0.9.16.sigs => tevent-0.9.17.sigs} |    0
 lib/tevent/doxy.config                             |    5 +-
 lib/tevent/testsuite.c                             |  145 ++
 lib/tevent/tevent.c                                |    1 +
 lib/tevent/tevent_internal.h                       |    1 +
 lib/tevent/tevent_poll.c                           |  364 +++-
 lib/tevent/wscript                                 |    2 +-
 lib/uid_wrapper/config.m4                          |    2 +-
 lib/util/samba_util.h                              |   15 +
 lib/util/server_id.c                               |   99 +-
 lib/util/util.c                                    |    4 +-
 libcli/auth/ntlm_check.c                           |   41 +-
 libcli/auth/proto.h                                |    1 -
 libcli/auth/smbencrypt.c                           |   11 +-
 libcli/security/wscript_build                      |    4 +-
 libcli/smb/smb2_signing.c                          |   22 +-
 libcli/smb/smbXcli_base.c                          |  443 +++-
 libcli/smb/smbXcli_base.h                          |   11 +-
 libcli/smb/smb_constants.h                         |   13 +
 libcli/smb/smb_signing.c                           |   93 +-
 libcli/smb/smb_signing.h                           |    8 +-
 libcli/smb/wscript                                 |   45 +
 libcli/smb/wscript_build                           |   32 -
 libcli/util/nterr.c                                |    1 +
 libcli/util/ntstatus.h                             |    1 +
 libgpo/gpext/gpext.c                               |    4 +-
 librpc/idl/smb_acl.idl                             |   63 +
 librpc/idl/wscript_build                           |    2 +-
 librpc/wscript_build                               |   17 +-
 nsswitch/libwbclient/ABI/wbclient-0.10.sigs        |   76 +
 nsswitch/libwbclient/ABI/wbclient-0.9.sigs         |   75 +
 nsswitch/libwbclient/tests/wbclient.c              |   14 +
 nsswitch/libwbclient/wbc_pam.c                     |   21 +
 nsswitch/libwbclient/wbclient.h                    |   18 +-
 nsswitch/libwbclient/wscript                       |    5 +-
 nsswitch/wbinfo.c                                  |   12 +-
 packaging/RHEL-CTDB/configure.rpm                  |    2 +-
 packaging/RHEL-CTDB/samba.spec.tmpl                |    4 +-
 pidl/lib/Parse/Pidl/Typelist.pm                    |    1 +
 script/mkparamdefs.pl                              |    4 +-
 selftest/knownfail                                 |   21 +-
 selftest/target/Samba3.pm                          |   14 +-
 selftest/target/Samba4.pm                          |   55 +-
 selftest/wscript                                   |    4 +
 source3/Makefile-smbtorture4                       |    2 +-
 source3/Makefile.in                                |   46 +-
 source3/auth/auth_builtin.c                        |    8 +-
 source3/auth/auth_util.c                           |    4 +-
 source3/auth/pampass.c                             |    4 +-
 source3/auth/pass_check.c                          |    8 +-
 source3/auth/proto.h                               |    1 +
 source3/auth/token_util.c                          |  189 ++-
 source3/auth/user_util.c                           |    4 +-
 source3/client/client.c                            |    9 +-
 source3/client/clitar.c                            |   29 +-
 source3/configure.in                               |   14 +-
 source3/include/client.h                           |    4 -
 source3/include/ctdbd_conn.h                       |   18 +-
 source3/include/proto.h                            |   11 +-
 source3/include/secrets.h                          |    6 +
 source3/include/serverid.h                         |    2 -
 source3/include/smb.h                              |   13 -
 source3/include/smb_acls.h                         |   39 +-
 source3/include/smb_macros.h                       |    2 +-
 source3/include/vfs.h                              |   59 +-
 source3/include/vfs_macros.h                       |   85 -
 source3/lib/afs.c                                  |    4 +-
 source3/lib/charcnv.c                              |   16 +-
 source3/lib/ctdbd_conn.c                           |   98 +-
 source3/lib/events.c                               |   10 +-
 source3/lib/g_lock.c                               |   36 +-
 source3/lib/messages.c                             |    4 +
 source3/lib/msg_channel.c                          |    8 +-
 source3/lib/serverid.c                             |  235 ++-
 source3/lib/string_init.c                          |   77 -
 source3/lib/substitute.c                           |   15 +-
 source3/lib/sysacls.c                              |   28 +-
 source3/lib/system.c                               |    7 +-
 source3/lib/username.c                             |   16 +-
 source3/lib/util.c                                 |  127 +-
 source3/lib/util_names.c                           |    3 +-
 source3/lib/util_str.c                             |   52 +-
 source3/libads/ads_struct.c                        |    6 +-
 source3/libads/kerberos.c                          |    6 +-
 source3/libads/kerberos_keytab.c                   |    5 +-
 source3/libads/ldap.c                              |   33 +-
 source3/libads/sasl.c                              |   27 +-
 source3/libnet/libnet_join.c                       |   41 +-
 source3/librpc/crypto/gse_krb5.c                   |    5 +-
 source3/librpc/idl/smbXsrv.idl                     |   87 +-
 source3/librpc/idl/wbint.idl                       |    1 +
 source3/librpc/rpc/dcerpc.h                        |    2 +-
 source3/libsmb/cliconnect.c                        |   62 +-
 source3/libsmb/clientgen.c                         |    2 -
 source3/libsmb/clilist.c                           |    4 +-
 source3/libsmb/clirap.c                            |    8 +-
 source3/libsmb/clirap2.c                           |    8 +-
 source3/libsmb/namequery_dc.c                      |    6 +-
 source3/libsmb/nmblib.c                            |    6 +-
 source3/libsmb/pylibsmb.c                          |  671 ++++++
 source3/locking/brlock.c                           |    4 +-
 source3/m4/check_path.m4                           |    8 +
 source3/modules/gpfs.c                             |    1 +
 source3/modules/nfs4_acls.c                        |  128 +-
 source3/modules/vfs_afsacl.c                       |    9 +-
 source3/modules/vfs_aio_fork.c                     |   53 +-
 source3/modules/vfs_aixacl.c                       |    4 +-
 source3/modules/vfs_aixacl2.c                      |    2 +-
 source3/modules/vfs_aixacl_util.c                  |   29 +-
 source3/modules/vfs_aixacl_util.h                  |   22 +
 source3/modules/vfs_default.c                      |  102 -
 source3/modules/vfs_dirsort.c                      |    2 -
 source3/modules/vfs_fake_acls.c                    |  467 ++++
 source3/modules/vfs_full_audit.c                   |  311 ---
 source3/modules/vfs_gpfs.c                         |  219 ++-
 source3/modules/vfs_gpfs_hsm_notify.c              |  110 -
 source3/modules/vfs_hpuxacl.c                      |   11 +-
 source3/modules/vfs_media_harmony.c                | 2438 ++++++++++++++++++++
 source3/modules/vfs_posix_eadb.c                   |    9 +-
 source3/modules/vfs_posixacl.c                     |   15 +-
 source3/modules/vfs_prealloc.c                     |    4 +-
 source3/modules/vfs_shadow_copy2.c                 |    2 -
 source3/modules/vfs_solarisacl.c                   |   11 +-
 source3/modules/vfs_streams_depot.c                |    5 +-
 source3/modules/vfs_streams_xattr.c                |    4 +-
 source3/modules/vfs_time_audit.c                   |  364 ---
 source3/modules/vfs_tru64acl.c                     |   21 +-
 source3/modules/vfs_tsmsm.c                        |  147 ++-
 source3/modules/vfs_xattr_tdb.c                    |  198 ++-
 source3/modules/wscript_build                      |   17 +-
 source3/nmbd/nmbd.c                                |   10 +
 source3/nmbd/nmbd_browserdb.c                      |   10 +-
 source3/nmbd/nmbd_browsesync.c                     |    9 +-
 source3/nmbd/nmbd_elections.c                      |    5 +-
 source3/nmbd/nmbd_incomingdgrams.c                 |    5 +-
 source3/nmbd/nmbd_incomingrequests.c               |    5 +-
 source3/nmbd/nmbd_namelistdb.c                     |   21 +-
 source3/nmbd/nmbd_sendannounce.c                   |   10 +-
 source3/nmbd/nmbd_serverlistdb.c                   |    6 +-
 source3/nmbd/nmbd_winsserver.c                     |    4 +-
 source3/param/loadparm.c                           |   96 +-
 source3/param/service.c                            |    4 +-
 source3/passdb/lookup_sid.c                        |   37 +-
 source3/passdb/machine_account_secrets.c           |  112 +-
 source3/passdb/pdb_interface.c                     |   18 +-
 source3/passdb/pdb_ipa.c                           |    4 +-
 source3/passdb/pdb_ldap.c                          |   14 +-
 source3/passdb/pdb_samba4.c                        |   59 +-
 source3/passdb/pdb_tdb.c                           |   28 +-
 source3/passdb/py_passdb.c                         |   22 +-
 source3/passdb/secrets.c                           |    9 +-
 source3/printing/lpq_parse.c                       |    4 +-
 source3/printing/nt_printing_tdb.c                 |    4 +-
 source3/registry/reg_backend_db.c                  |    4 +-
 source3/registry/reg_parse_internal.c              |    2 +-
 source3/registry/reg_util_internal.c               |    5 +-
 source3/rpc_client/cli_pipe.c                      |   23 +-
 source3/rpc_server/dfs/srv_dfs_nt.c                |    4 +-
 source3/rpc_server/dssetup/srv_dssetup_nt.c        |    4 +-
 source3/rpc_server/eventlog/srv_eventlog_nt.c      |    2 +-
 source3/rpc_server/netlogon/srv_netlog_nt.c        |   10 +-
 source3/rpc_server/wkssvc/srv_wkssvc_nt.c          |   26 +-
 source3/script/tests/stream-depot/run.sh           |   37 +-
 source3/script/tests/stream-depot/smb.conf         |    5 -
 source3/script/tests/test_smbclient_auth.sh        |    2 +-
 .../script/tests/test_smbclient_machine_auth.sh    |   21 +
 source3/script/tests/test_smbclient_tarmode.sh     |  181 ++
 source3/script/tests/vfstest-acl/run.sh            |   52 +
 source3/script/tests/vfstest-acl/vfstest.cmd       |   15 +
 source3/script/tests/xattr-tdb-1/run.sh            |   55 +-
 source3/script/tests/xattr-tdb-1/smb.conf          |    5 -
 source3/script/tests/xattr-tdb-1/vfstest.cmd       |    1 +
 source3/selftest/tests.py                          |   26 +-
 source3/smbd/blocking.c                            |   15 +-
 source3/smbd/conn.c                                |   10 +-
 source3/smbd/filename.c                            |   15 +-
 source3/smbd/globals.h                             |   94 +-
 source3/smbd/lanman.c                              |   14 +-
 source3/smbd/mangle_hash.c                         |    5 +-
 source3/smbd/mangle_hash2.c                        |    2 +-
 source3/smbd/negprot.c                             |    2 +-
 source3/smbd/posix_acls.c                          |  331 ++--
 source3/smbd/process.c                             |   10 +-
 source3/smbd/proto.h                               |    2 +-
 source3/smbd/pysmbd.c                              |  376 +++-
 source3/smbd/reply.c                               |  107 +-
 source3/smbd/server.c                              |    7 +
 source3/smbd/service.c                             |   20 +-
 source3/smbd/sesssetup.c                           |  106 +-
 source3/smbd/signing.c                             |   24 +-
 source3/smbd/smb2_break.c                          |   33 +-
 source3/smbd/smb2_close.c                          |    3 +-
 source3/smbd/smb2_create.c                         |    9 +-
 source3/smbd/smb2_find.c                           |    9 +-
 source3/smbd/smb2_flush.c                          |    3 +-
 source3/smbd/smb2_getinfo.c                        |    9 +-
 source3/smbd/smb2_glue.c                           |    5 +-
 source3/smbd/smb2_ioctl.c                          |   14 +-
 source3/smbd/smb2_lock.c                           |   25 +-
 source3/smbd/smb2_negprot.c                        |   15 +-
 source3/smbd/smb2_notify.c                         |    6 +-
 source3/smbd/smb2_read.c                           |   28 +-
 source3/smbd/smb2_server.c                         | 1867 +++++++++-------
 source3/smbd/smb2_sesssetup.c                      |   93 +-
 source3/smbd/smb2_setinfo.c                        |    9 +-
 source3/smbd/smb2_tcon.c                           |   51 +-
 source3/smbd/smb2_write.c                          |   17 +-
 source3/smbd/smbd.h                                |    1 -
 source3/smbd/trans2.c                              |  198 +-
 source3/smbd/vfs.c                                 |  135 +-
 source3/torture/cmd_vfs.c                          |  390 +++-
 source3/torture/masktest.c                         |    4 +-
 source3/torture/pdbtest.c                          |  117 +-
 source3/torture/torture.c                          |  265 ++-
 source3/torture/vfstest.c                          |   35 +-
 source3/utils/cclean.c                             |  305 ---
 source3/utils/net.c                                |    7 +
 source3/utils/net_ads.c                            |   20 +-
 source3/utils/net_connections.c                    |  273 +++
 source3/utils/net_idmap.c                          |    6 +-
 source3/utils/net_proto.h                          |    4 +
 source3/utils/net_registry_check.c                 |   10 +-
 source3/utils/net_rpc.c                            |   49 +-
 source3/utils/net_rpc_join.c                       |   21 +-
 source3/utils/net_rpc_trust.c                      |   24 +-
 source3/utils/net_usershare.c                      |    8 +-
 source3/utils/ntlm_auth.c                          |    4 +-
 source3/utils/pdbedit.c                            |   11 +-
 source3/utils/smbcontrol.c                         |    2 +-
 source3/utils/smbpasswd.c                          |    6 +-
 source3/winbindd/idmap_ldap.c                      |    7 +-
 source3/winbindd/wb_fill_pwent.c                   |    5 +-
 source3/winbindd/winbindd.c                        |   10 +-
 source3/winbindd/winbindd_ads.c                    |   10 +-
 source3/winbindd/winbindd_cache.c                  |   22 +-
 source3/winbindd/winbindd_cm.c                     |    5 +-
 source3/winbindd/winbindd_cred_cache.c             |   29 +
 source3/winbindd/winbindd_dual_srv.c               |    5 +
 source3/winbindd/winbindd_pam.c                    |   21 +-
 source3/winbindd/winbindd_ping_dc.c                |   19 +-
 source3/winbindd/winbindd_proto.h                  |    1 +
 source3/winbindd/winbindd_util.c                   |   11 +-
 source3/wscript                                    |   13 +-
 source3/wscript_build                              |   33 +-
 source4/auth/kerberos/srv_keytab.c                 |   45 -
 source4/auth/ntlm/wscript_build                    |    2 +-
 source4/auth/wscript_build                         |    2 +-
 source4/cldap_server/netlogon.c                    |   24 +-
 source4/dns_server/dns_update.c                    |    2 +-
 source4/dns_server/dns_update.h                    |   25 -
 source4/dsdb/common/util.c                         |  129 +-
 source4/dsdb/kcc/kcc_connection.c                  |   28 +-
 source4/dsdb/kcc/kcc_deleted.c                     |   17 +-
 source4/dsdb/kcc/kcc_periodic.c                    |   13 +-
 source4/dsdb/kcc/kcc_topology.c                    |    2 +-
 source4/dsdb/pydsdb.c                              |   19 +-
 source4/dsdb/repl/drepl_fsmo.c                     |   36 +-
 source4/dsdb/repl/drepl_partitions.c               |   29 +-
 source4/dsdb/repl/drepl_ridalloc.c                 |   13 +-
 source4/dsdb/repl/replicated_objects.c             |  124 +-
 source4/dsdb/samdb/ldb_modules/objectclass.c       |   31 +-
 source4/dsdb/samdb/ldb_modules/partition.c         |  162 +-
 source4/dsdb/samdb/ldb_modules/partition_init.c    |    8 +-
 .../dsdb/samdb/ldb_modules/partition_metadata.c    |   57 +-
 source4/dsdb/samdb/ldb_modules/proxy.c             |    3 +
 source4/dsdb/samdb/ldb_modules/repl_meta_data.c    |    7 -
 source4/dsdb/samdb/ldb_modules/ridalloc.c          |   27 +-
 source4/dsdb/samdb/ldb_modules/rootdse.c           |   13 +-
 source4/dsdb/samdb/ldb_modules/samba_secrets.c     |    1 +
 source4/dsdb/samdb/ldb_modules/samldb.c            |    2 +-
 source4/dsdb/samdb/ldb_modules/schema_load.c       |   81 +-
 source4/dsdb/samdb/ldb_modules/secrets_tdb_sync.c  |  529 +++++
 source4/dsdb/samdb/ldb_modules/update_keytab.c     |    2 -
 source4/dsdb/samdb/ldb_modules/util.c              |    7 +-
 source4/dsdb/samdb/ldb_modules/wscript_build       |    2 +-
 .../dsdb/samdb/ldb_modules/wscript_build_server    |   25 +-
 source4/dsdb/schema/schema.h                       |    7 +-
 source4/dsdb/schema/schema_init.c                  |   44 +-
 source4/dsdb/schema/schema_query.c                 |   35 +-
 source4/dsdb/schema/schema_set.c                   |   23 +-
 source4/heimdal/lib/com_err/error.c                |    2 +-
 source4/kdc/db-glue.c                              |   20 -
 source4/kdc/wdc-samba4.c                           |    9 +-
 source4/lib/events/tevent_s4.c                     |   10 +-
 source4/lib/registry/pyregistry.c                  |   24 +-
 source4/libcli/cliconnect.c                        |    8 +-
 source4/libcli/ldap/ldap_ildap.c                   |    6 +-
 source4/libcli/raw/libcliraw.h                     |    2 -
 source4/libcli/raw/smb.h                           |    4 -
 source4/libcli/smb2/transport.c                    |    1 +
 source4/libcli/smb2/write.c                        |    2 +-
 source4/libcli/smb_composite/connect.c             |   11 +-
 source4/libcli/smb_composite/sesssetup.c           |   38 +-
 source4/libcli/util/clilsa.c                       |    8 +-
 source4/libcli/util/pyerrors.h                     |    8 +-
 source4/libcli/wscript_build                       |    6 +-
 source4/libnet/libnet_become_dc.c                  |   13 +
 source4/libnet/libnet_export_keytab.c              |   10 +-
 source4/libnet/libnet_vampire.c                    |    2 +-
 source4/librpc/rpc/dcerpc.c                        |   53 +-
 source4/librpc/rpc/dcerpc_smb.c                    |   19 +-
 source4/librpc/rpc/dcerpc_smb2.c                   |    4 +-
 source4/librpc/rpc/pyrpc_util.c                    |    4 +-
 source4/librpc/wscript_build                       |   12 +
 source4/ntp_signd/ntp_signd.c                      |    6 +-
 source4/ntvfs/posix/pvfs_fileinfo.c                |    2 +-
 source4/ntvfs/posix/pvfs_xattr.c                   |    6 +
 source4/param/provision.c                          |    2 +
 source4/param/provision.h                          |    1 +
 source4/rpc_server/drsuapi/dcesrv_drsuapi.c        |    2 +-
 source4/rpc_server/drsuapi/getncchanges.c          |   28 +-
 source4/rpc_server/wscript_build                   |    4 +-
 source4/scripting/bin/samba_spnupdate              |   11 +-
 source4/scripting/python/samba/join.py             |   26 +
 source4/scripting/python/samba/netcmd/domain.py    |    6 +-
 source4/scripting/python/samba/netcmd/drs.py       |    5 +-
 source4/scripting/python/samba/netcmd/ntacl.py     |  108 +-
 source4/scripting/python/samba/ntacls.py           |   77 +-
 .../scripting/python/samba/provision/__init__.py   |  205 ++-
 source4/scripting/python/samba/samdb.py            |    8 +-
 .../scripting/python/samba/tests/dcerpc/bare.py    |    2 +-
 .../python/samba/tests/libsmb_samba_internal.py    |   78 +
 source4/scripting/python/samba/tests/ntacls.py     |   14 +-
 source4/scripting/python/samba/tests/posixacl.py   |  404 ++++
 source4/scripting/python/samba/tests/provision.py  |    2 +
 .../python/samba/tests/samba_tool/ntacl.py         |   70 +
 .../python/samba/tests/upgradeprovision.py         |    2 +-
 .../python/samba/tests/upgradeprovisionneeddc.py   |    2 +-
 source4/scripting/python/samba/upgrade.py          |  130 +-
 source4/scripting/python/samba/upgradehelpers.py   |    2 +-
 source4/selftest/tests.py                          |    9 +-
 source4/setup/tests/blackbox_group.sh              |    2 +-
 source4/setup/tests/blackbox_newuser.sh            |    2 +-
 source4/setup/tests/blackbox_provision-backend.sh  |   10 +-
 source4/setup/tests/blackbox_provision.sh          |   18 +-
 source4/setup/tests/blackbox_s3upgrade.sh          |    8 +-
 source4/setup/tests/blackbox_setpassword.sh        |    2 +-
 source4/setup/tests/blackbox_upgradeprovision.sh   |    4 +-
 source4/smbd/server.c                              |   16 +-
 source4/torture/basic/delete.c                     |  641 +++++-
 source4/torture/local/torture.c                    |    1 +
 source4/torture/raw/context.c                      |    6 +-
 source4/torture/raw/lock.c                         |   22 +-
 source4/torture/raw/notify.c                       |    2 +-
 source4/torture/raw/streams.c                      |   89 +-
 source4/torture/rpc/samba3rpc.c                    |    9 +-
 source4/torture/smb2/compound.c                    |   72 +
 source4/torture/unix/unix_info2.c                  |    5 +-
 source4/torture/util_smb.c                         |   10 +-
 source4/utils/tests/test_smbclient.sh              |   34 +
 source4/winbind/wb_init_domain.c                   |   10 +
 source4/winbind/wb_irpc.c                          |   48 +-
 source4/winbind/wb_pam_auth.c                      |   21 +-
 source4/winbind/wb_sam_logon.c                     |  220 ++-
 source4/winbind/wb_server.h                        |    2 +
 source4/winbind/wb_sid2domain.c                    |  248 ++-
 source4/winbind/wb_update_rodc_dns.c               |  206 ++-
 testprogs/blackbox/renamedc.sh                     |   10 +-
 wscript                                            |   20 +-
 411 files changed, 15439 insertions(+), 6018 deletions(-)
 create mode 100644 docs-xml/manpages-3/vfs_media_harmony.8.xml
 create mode 100755 examples/scripts/vfs/media_harmony/trigger_avid_update.py
 create mode 100644 lib/krb5_wrap/enctype_convert.c
 create mode 100644 lib/ldb/ABI/ldb-1.1.10.sigs
 copy lib/ldb/ABI/{pyldb-util-1.1.2.sigs => pyldb-util-1.1.10.sigs} (100%)
 copy lib/tevent/ABI/{tevent-0.9.16.sigs => tevent-0.9.17.sigs} (100%)
 create mode 100755 libcli/smb/wscript
 delete mode 100755 libcli/smb/wscript_build
 create mode 100644 librpc/idl/smb_acl.idl
 create mode 100644 nsswitch/libwbclient/ABI/wbclient-0.10.sigs
 create mode 100644 nsswitch/libwbclient/ABI/wbclient-0.9.sigs
 delete mode 100644 source3/lib/string_init.c
 create mode 100644 source3/libsmb/pylibsmb.c
 create mode 100644 source3/modules/vfs_aixacl_util.h
 create mode 100644 source3/modules/vfs_fake_acls.c
 delete mode 100644 source3/modules/vfs_gpfs_hsm_notify.c
 create mode 100644 source3/modules/vfs_media_harmony.c
 delete mode 100644 source3/script/tests/stream-depot/smb.conf
 create mode 100755 source3/script/tests/test_smbclient_machine_auth.sh
 create mode 100755 source3/script/tests/test_smbclient_tarmode.sh
 create mode 100755 source3/script/tests/vfstest-acl/run.sh
 create mode 100644 source3/script/tests/vfstest-acl/vfstest.cmd
 delete mode 100644 source3/script/tests/xattr-tdb-1/smb.conf
 delete mode 100644 source3/utils/cclean.c
 create mode 100644 source3/utils/net_connections.c
 delete mode 100644 source4/dns_server/dns_update.h
 create mode 100644 source4/dsdb/samdb/ldb_modules/secrets_tdb_sync.c
 create mode 100644 source4/scripting/python/samba/tests/libsmb_samba_internal.py
 create mode 100644 source4/scripting/python/samba/tests/posixacl.py
 create mode 100644 source4/scripting/python/samba/tests/samba_tool/ntacl.py
 create mode 100755 source4/utils/tests/test_smbclient.sh

Changeset truncated at 500 lines:

diff --git a/BUILD_SYSTEMS.txt b/BUILD_SYSTEMS.txt
index 2aff56d..f8590f6 100644
@@ -27,11 +27,10 @@ Kerberos library, provided the version is recent enough (otherwise we
 will use our internal version of Heimdal).  Please note that builds
 with MIT krb5 support will not have AD DC features.
-By the time of the first release candidate, we will finish renaming
-the binaries that we ship so that where we provide a tool under a name
-that was used in Samba 3.x, it continues to behave in the same way it
-always has.  This will ensure that our change in build system does not
-impact on our user's ability to use Samba as they always have.
+Where we provide a tool under a name that was used in Samba 3.x, it
+continues to behave in the same way it always has.  This will ensure
+that our change in build system does not impact on our user's ability
+to use Samba as they always have.
 For developers, this build system backs a comprehensive 'make test',
 which provides code coverage of around 48% of our code by line:
diff --git a/VERSION b/VERSION
index a310c84..b9b3e8c 100644
 # e.g. SAMBA_VERSION_BETA_RELEASE=1                    #
 #  ->  "4.0.0beta1"                                    #
 # For 'pre' releases the version will be               #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 1b08ff3..d9f2333 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,4 @@
-What's new in Samba 4.0 beta5
+What's new in Samba 4.0 beta7
 Samba 4.0 will be the next version of the Samba suite and incorporates
@@ -11,25 +11,20 @@ and above.
-Samba 4.0 beta5 is not a final Samba release, however we are now making
-good progress towards a Samba 4.0 release, of which this is a preview.
-Be aware the this release contains the best of all of Samba's
+Samba 4.0 beta7 is not a final Samba release, however we are now making
+good progress towards a Samba 4.0 release.  However, this is expected to be the
+last beta release before we start on our release candidate series.
+This release contains the best of all of Samba's
 technology parts, both a file server (that you can reasonably expect
 to upgrade existing Samba 3.x releases to) and the AD domain
 controller work previously known as 'samba4'.
 Samba 4.0 is subjected to an awesome battery of tests on an automated
-basis, we have found Samba 4.0 to be very stable in it's behavior.
-However, we still recommend against upgrading production servers from
-Samba 3.x release to Samba 4.0 beta at this stage.
-In particular note that the new default configuration 's3fs' may have
-different stability characteristics compared with our previous default
-file server.  We are making this release so that we can find and fix
-any of these issues that arise in the real world.  New AD DC
-installations can provision or join with --use-ntvfs to obtain the
-previous default file server.  See below how to continue using ntvfs
-in an existing installation.
+basis, we have found Samba 4.0 to be very stable in it's behaviour.
+However, as with all our pre-releases we still recommend against
+upgrading production servers from Samba 3.x release to Samba 4.0 beta
+at this stage.
 If you are upgrading, or looking to develop, test or deploy Samba 4.0
 beta releases, you should backup all configuration and data.
@@ -43,10 +38,16 @@ Samba 4.0 as an AD DC should use the 'samba-tool domain
 classicupgrade' command.  See the wiki for more details:
-Users upgrading from Samba 4.0 alpha and beta releases since alpha15 
-should run 'samba-tool dbcheck --cross-ncs --fix'.  Users upgrading
-from earlier alpha releases should contact the team for advice. 
+Users upgrading from Samba 4.0 alpha and beta releases since alpha15
+should run 'samba-tool dbcheck --cross-ncs --fix' before re-starting
+Samba.  Users upgrading from earlier alpha releases should contact the
+team for advice.
+Users upgrading an AD DC from any previous release should run
+'samba-tool ntacl sysvolreset' to re-sync ACLs on the sysvol share
+with those matching the GPOs in LDAP and the defaults from an initial
+provision.  This will set an underlying POSIX ACL if required (eg not
+using the NTVFS file server).
@@ -63,8 +64,7 @@ issue.
 Samba 4.0 beta ships with two distinct file servers.  We now use the
 file server from the Samba 3.x series 'smbd' for all file serving by
-default.  For pure file server work, the binaries users would expect
-from that series (nmbd, winbindd, smbpasswd) continue to be available.
 Samba 4.0 also ships with the 'NTVFS' file server.  This file server
 is what was used in all previous alpha releases of Samba 4.0, and is
@@ -74,9 +74,11 @@ installations that have deployed it as part of an AD DC, but also as a
 running example of the NT-FSA architecture we expect to move smbd to in
 the longer term.  
-As mentioned above, this change to the default file server may cause
-instability, as we learn about the real-world interactions between
-these two key components. 
+For pure file server work, the binaries users would expect from that
+series (nmbd, winbindd, smbpasswd) continue to be available.  When
+running an AD DC, you only need to run 'samba' (not
+nmbd/smbd/winbind), as the required services are co-ordinated by this
+master binary.
 As DNS is an integral part of Active Directory, we also provide a DNS
 solution, using the BIND DLZ mechanism in versions 9.8 and 9.9.
@@ -87,53 +89,45 @@ minimal internal DNS server from within the Samba process, for easier
 complete (pending addition of secure DNS update support).
 To provide accurate timestamps to Windows clients, we integrate with
-the NTP project to provide secured NTP replies. 
+the NTP project to provide secured NTP replies.  To use you need to
+start ntpd and configure it with the 'restrict ... ms-sntp' and
+ntpsigndsocket options.
 Finally, a new scripting interface has been added to Samba 4, allowing
 Python programs to interface to Samba's internals, and many tools and
 internal workings of the DC code is now implemented in python.
-For a list of changes since beta4, please see the git log.
+For a list of changes since beta6, please see the git log.
 $ git clone git://git.samba.org/samba.git
 $ cd samba.git
-$ git log samba-4.0.0beta4..samba-4.0.0beta5
+$ git log samba-4.0.0beta6..samba-4.0.0beta7
 Some major user-visible changes include:
-- The issue with beta4 being unable to build with a released version of
-  ldb has been resolved. 
-- The two parameter tables for our two smb.conf parsing engines have
-  been merged.  This removes the ugly (but harmless) "unknown
-  parameter xxx" warnings, particularly from the smbd child process.
-- Major issues have been fixed in conflict and missing/deleted parent
-  handling in or DRS replication engine.
-- Safety improvements to prevent corruption of read-write replicas
-  by manual replication from a read-only replica.
+- ACLs are now set during provision at the POSIX layer for the sysvol
+  share.  This allows group policies to be modified by Domain
+  Administrators (Policy Administrators) that are not the actual
+  Administrator user.
-- Improvements to dbcheck to correct incorrect instanceType values from
-  the above and to relocate objects with missing parents.
+- A number of verified fixes for expanding memory use across the AD
+  domain controller, including in the Bind9 DLZ module.
-- smbd no longer places all accounts in the 'Domain Users' of the AD
-  domain to which it is joined
+- A fix for bug #9097 (the winbind in the AD DC would lock up under
+  parallel requests).
-- AES support in NETLOGON Schannel
+- wbinfo --ping-dc now returns helpful information on what failed and
+  against which DC it failed
-- DCE/RPC timeout handling no longer crashes
+- SMB3 encryption support
-- "socket address" is now "nbt client socket address" as it only
-  controls the binding of the NetBIOS client, not other protocols.
-  See 'bind interfaces only = yes'.  This parameter is also now depricated.
-- nmbd now always binds to it's broadcast sockets explicitly, rather
-  than just relying on the socket address above.
+- New 'samba-tool ntacl' commands:
+  - samba-tool ntacl sysvolreset
+  - samba-tool ntacl sysvolcheck
 Less visible, but important changes under the hood include:
@@ -144,17 +138,19 @@ Less visible, but important changes under the hood include:
 - Patches to ensure that talloc_tos() and talloc_stackframe() are
   always used correctly.
+- We can now test the implementation of NT -> POSIX ACL mapping in a
+  unit test with VFS bindings exposing both to python.  We also store
+  the posix ACL in a tdb during make test, allowing testing of this
+  feature on all platforms, regardless of local FS settings.
+- Python bindings for the source3 async libsmb library (for use in testing)
 - This release makes the s3fs file server the default, as this is the
   file server combination we will use for the Samba 4.0 release.
-- Modifying of group policies by members of the Domain Administrators
-  group is not possible with the s3fs file server, only with the ntvfs
-  file server.  This is due to the underlying POSIX ACL not being set
-  at provision time.
 - For similar reasons, sites with ACLs stored by the ntvfs file server
   may wish to continue to use that file server implementation, as a
   posix ACL will similarly not be set in this case.
@@ -165,7 +161,7 @@ KNOWN ISSUES
   this partition is not yet reliable.
 - Replication may fail on FreeBSD due to getaddrinfo() rejecting names
-  containing _.  A workaround will be in the next beta.
+  containing _.  A workaround will be in a future next beta.
 - upgradeprovision should not be run when upgrading to this release
   from a recent release.  No important database format changes have
@@ -180,8 +176,9 @@ KNOWN ISSUES
   use the 'samba' binary (provided for the AD server) on a member
-- There is no NetBIOS browsing support (network neighbourhood) in the
-  'samba' binary (use nmbd and smbd instead)
+- There is no NetBIOS browsing support (network neighbourhood)
+  available for the AD domain controller.  (Support in nmbd and smbd
+  for classic domains and member/standalone servers is unchanged).
 - Clock Synchronisation is critical.  Many 'wrong password' errors are
   actually due to Kerberos objecting to a clock skew between client
diff --git a/auth/credentials/credentials_secrets.c b/auth/credentials/credentials_secrets.c
index ab7f5e8..3304200 100644
--- a/auth/credentials/credentials_secrets.c
+++ b/auth/credentials/credentials_secrets.c
@@ -203,6 +203,16 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr
 	char *filter;
 	char *error_string;
 	const char *domain;
+	const char *realm;
+	bool secrets_tdb_password_more_recent;
+	time_t secrets_tdb_lct = 0;
+	char *secrets_tdb_password = NULL;
+	char *keystr;
+	char *keystr_upper = NULL;
+	char *secrets_tdb = lpcfg_private_path(cred, lp_ctx, "secrets.tdb");
+	struct db_context *db_ctx = dbwrap_local_open(cred, lp_ctx, secrets_tdb, 0,
+						      TDB_DEFAULT, O_RDWR, 0600,
+						      DBWRAP_LOCK_ORDER_1);
 	/* Bleh, nasty recursion issues: We are setting a machine
 	 * account here, so we don't want the 'pending' flag around
 	 * any more */
@@ -211,47 +221,79 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr
 	/* We have to do this, as the fallback in
 	 * cli_credentials_set_secrets is to run as anonymous, so the domain is wiped */
 	domain = cli_credentials_get_domain(cred);
+	realm = cli_credentials_get_realm(cred);
+	if (db_ctx) {
+		TDB_DATA dbuf;
+		keystr = talloc_asprintf(cred, "%s/%s",
+					 domain);
+		keystr_upper = strupper_talloc(cred, keystr);
+		TALLOC_FREE(keystr);
+		status = dbwrap_fetch(db_ctx, cred, string_tdb_data(keystr_upper),
+				      &dbuf);
+		TALLOC_FREE(keystr_upper);
+		if (NT_STATUS_IS_OK(status) && dbuf.dsize == 4) {
+			secrets_tdb_lct = IVAL(dbuf.dptr,0);
+		}
+		TALLOC_FREE(dbuf.dptr);
+		keystr = talloc_asprintf(cred, "%s/%s",
+					 domain);
+		keystr_upper = strupper_talloc(cred, keystr);
+		TALLOC_FREE(keystr);
+		status = dbwrap_fetch(db_ctx, cred, string_tdb_data(keystr_upper),
+				      &dbuf);
+		if (NT_STATUS_IS_OK(status)) {
+			secrets_tdb_password = (char *)dbuf.dptr;
+		}
+	}
 	filter = talloc_asprintf(cred, SECRETS_PRIMARY_DOMAIN_FILTER, 
 	status = cli_credentials_set_secrets(cred, lp_ctx, NULL,
 					     filter, &error_string);
+	if (secrets_tdb_password == NULL) {
+		secrets_tdb_password_more_recent = false;
-		TDB_DATA dbuf;
-		char *secrets_tdb = lpcfg_private_path(cred, lp_ctx, "secrets.tdb");
-		struct db_context *db_ctx = dbwrap_local_open(cred, lp_ctx, secrets_tdb, 0,
-							      TDB_DEFAULT, O_RDWR, 0600,
-							      DBWRAP_LOCK_ORDER_1);
+		secrets_tdb_password_more_recent = true;
+	} else if (secrets_tdb_lct > cli_credentials_get_password_last_changed_time(cred)) {
+		secrets_tdb_password_more_recent = true;
+	} else if (secrets_tdb_lct == cli_credentials_get_password_last_changed_time(cred)) {
+		secrets_tdb_password_more_recent = strcmp(secrets_tdb_password, cli_credentials_get_password(cred)) != 0;
+	} else {
+		secrets_tdb_password_more_recent = false;
+	}
+	if (secrets_tdb_password_more_recent) {
+		char *machine_account = talloc_asprintf(cred, "%s$", lpcfg_netbios_name(lp_ctx));
+		cli_credentials_set_password(cred, secrets_tdb_password, CRED_SPECIFIED);
+		cli_credentials_set_domain(cred, domain, CRED_SPECIFIED);
+		cli_credentials_set_realm(cred, realm, CRED_SPECIFIED);
+		cli_credentials_set_workstation(cred, lpcfg_netbios_name(lp_ctx), CRED_SPECIFIED);
+		cli_credentials_set_username(cred, machine_account, CRED_SPECIFIED);
+		TALLOC_FREE(machine_account);
 		if (db_ctx) {
-			char *keystr;
-			char *keystr_upper;
-			keystr = talloc_asprintf(cred, "%s/%s",
-						 domain);
-			keystr_upper = strupper_talloc(cred, keystr);
-			TALLOC_FREE(keystr);
-			status = dbwrap_fetch(db_ctx, cred, string_tdb_data(keystr_upper),
-					      &dbuf);
-			if (NT_STATUS_IS_OK(status)) {
-				char *machine_account = talloc_asprintf(cred, "%s$", lpcfg_netbios_name(lp_ctx));
-				cli_credentials_set_password(cred, (const char *)dbuf.dptr, CRED_SPECIFIED);
-				cli_credentials_set_domain(cred, domain, CRED_SPECIFIED);
-				cli_credentials_set_username(cred, machine_account, CRED_SPECIFIED);
-				TALLOC_FREE(machine_account);
-				TALLOC_FREE(dbuf.dptr);
-			} else {
-				error_string = talloc_asprintf(cred, 
-							       "Failed to fetch machine account password from "
-							       "secrets.ldb: %s and failed to fetch %s from %s", 
-							       error_string, keystr_upper, secrets_tdb);
-			}
-			TALLOC_FREE(keystr_upper);
-			TALLOC_FREE(secrets_tdb);
+			error_string = talloc_asprintf(cred,
+						       "Failed to fetch machine account password from "
+						       "secrets.ldb: %s and failed to fetch %s from %s",
+						       error_string, keystr_upper, secrets_tdb);
+		} else {
+			error_string = talloc_asprintf(cred,
+						       "Failed to fetch machine account password from "
+						       "secrets.ldb: %s and failed to open %s",
+						       error_string, secrets_tdb);
+	TALLOC_FREE(secrets_tdb_password);
+	TALLOC_FREE(secrets_tdb);
+	TALLOC_FREE(db_ctx);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(1, ("Could not find machine account in secrets database: %s: %s\n", 
 			  error_string, nt_errstr(status)));
diff --git a/auth/credentials/wscript_build b/auth/credentials/wscript_build
index 0b2aec2..06d58a7 100755
--- a/auth/credentials/wscript_build
+++ b/auth/credentials/wscript_build
@@ -5,7 +5,7 @@ bld.SAMBA_LIBRARY('samba-credentials',
diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
index f51a1ed..fc66a8d 100644
--- a/auth/ntlmssp/ntlmssp_client.c
+++ b/auth/ntlmssp/ntlmssp_client.c
@@ -96,7 +96,7 @@ NTSTATUS ntlmssp_client_initial(struct gensec_security *gensec_security,
 	if (DEBUGLEVEL >= 10) {
 		struct NEGOTIATE_MESSAGE *negotiate = talloc(
-			talloc_tos(), struct NEGOTIATE_MESSAGE);
+			ntlmssp_state, struct NEGOTIATE_MESSAGE);
 		if (negotiate != NULL) {
 			status = ntlmssp_pull_NEGOTIATE_MESSAGE(
 				out, negotiate, negotiate);
diff --git a/auth/wscript_build b/auth/wscript_build
index 0194815..57f1270 100644
--- a/auth/wscript_build
+++ b/auth/wscript_build
@@ -2,7 +2,7 @@
-                  deps='talloc security samba-util',
+                  deps='talloc samba-security samba-util',
diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py
index cfab476..50039fc 100644
--- a/buildtools/wafsamba/samba_autoconf.py
+++ b/buildtools/wafsamba/samba_autoconf.py
@@ -437,10 +437,10 @@ def CHECK_STRUCTURE_MEMBER(conf, structname, member,
-def CHECK_CFLAGS(conf, cflags):
+def CHECK_CFLAGS(conf, cflags, fragment='int main(void) { return 0; }\n'):
     '''check if the given cflags are accepted by the compiler
-    return conf.check(fragment='int main(void) { return 0; }\n',
+    return conf.check(fragment=fragment,
@@ -622,11 +622,26 @@ def SAMBA_CONFIG_H(conf, path=None):
     if Options.options.developer:
         # we add these here to ensure that -Wstrict-prototypes is not set during configure
-        conf.ADD_CFLAGS('-Wall -g -Wshadow -Werror=strict-prototypes -Wstrict-prototypes -Werror=pointer-arith -Wpointer-arith -Wcast-align -Werror=write-strings -Wwrite-strings -Werror-implicit-function-declaration -Werror=format -Wformat=2 -Wno-format-y2k -Wmissing-prototypes -fno-common -Werror=address',
+        conf.ADD_CFLAGS('-Wall -g -Wshadow -Werror=strict-prototypes -Wstrict-prototypes -Werror=pointer-arith -Wpointer-arith -Wcast-align -Werror=write-strings -Wwrite-strings -Werror-implicit-function-declaration -Wformat=2 -Wno-format-y2k -Wmissing-prototypes -fno-common -Werror=address',
         conf.ADD_CFLAGS('-Wcast-qual', testflags=True)
         conf.env.DEVELOPER_MODE = True
+        # This check is because for ldb_search(), a NULL format string
+        # is not an error, but some compilers complain about that.
+        if CHECK_CFLAGS(conf, ["-Werror=format", "-Wformat=2"], '''
+int testformat(char *format, ...) __attribute__ ((format (__printf__, 1, 2)));
+int main(void) {
+        testformat(0);
+        return 0;
+            if not 'EXTRA_CFLAGS' in conf.env:
+                conf.env['EXTRA_CFLAGS'] = []
+            conf.env['EXTRA_CFLAGS'].extend(TO_LIST("-Werror=format"))
     if Options.options.picky_developer:
         conf.ADD_CFLAGS('-Werror', testflags=True)
diff --git a/buildtools/wafsamba/symbols.py b/buildtools/wafsamba/symbols.py
index c4b5599..13d84b9 100644
--- a/buildtools/wafsamba/symbols.py
+++ b/buildtools/wafsamba/symbols.py
@@ -647,7 +647,7 @@ def SYMBOL_CHECK(bld):
-    if Options.options.DUP_SYMBOLCHECK and bld.env.DEVELOPER and not bld.env.BUILD_FARM:
+    if Options.options.DUP_SYMBOLCHECK and bld.env.DEVELOPER:
         '''check for duplicate symbols'''
         task = bld(rule=symbols_dupcheck_fatal, always=True, name='symbol duplicate checking')
diff --git a/docs-xml/manpages-3/net.8.xml b/docs-xml/manpages-3/net.8.xml
index c85f87f..7a7ca6d 100644
--- a/docs-xml/manpages-3/net.8.xml
+++ b/docs-xml/manpages-3/net.8.xml
@@ -2112,6 +2112,45 @@ string.</member>
+Manipulate Samba's connections database.
+<para>The registry commands are:
+<member>net connections cleanup - Remove orphaned entries from the connections database.</member>
+  <title>CONNECTIONS CLEANUP [-avT]</title>
+  <para> Remove orphaned entries from the connections database. This may be necessary if restarting smbd isn't an option.
+  <variablelist>
+    <varlistentry><term>-a|--auto</term>
+    <listitem><para>
+      Noninteractive mode, don't ask.
+    </para></listitem>
+    </varlistentry>

Samba Shared Repository

More information about the samba-cvs mailing list