[SCM] Samba Shared Repository - annotated tag samba-4.0.0rc6 created

Karolin Seeger kseeger at samba.org
Tue Dec 4 03:20:05 MST 2012

The annotated tag, samba-4.0.0rc6 has been created
        at  74db1e8ebcefd727a3fa14bc2fc423707598ec2c (tag)
   tagging  484747c5dacb71c5847682dd94e888091d101734 (commit)
  replaces  samba-4.0.0rc5
 tagged by  Karolin Seeger
        on  Tue Dec 4 11:16:56 2012 +0100

- Log -----------------------------------------------------------------
samba: tag release samba-4.0.0rc6
Version: GnuPG v2.0.18 (GNU/Linux)


Amitay Isaacs (3):
      s4-dns: Fix format string vulnerability in an error message (bug #9354)
      s4-dns: dlz_bind9: Ignore zones that are not used by BIND9 DLZ plugin
      s4-rpc: dnsserver: Ignore DNS zones that are not used by RPC dnsserver

Andreas Schneider (2):
      s3:winbind: BUG 9386: Failover if netlogon pipe is not available.
      BUG 9436: Fix leaking sockets of SMB connections to a DC.

Andrew Bartlett (53):
      lib/replace: Do not use STRERROR_R_PROTO_COMPATIBLE as only roken.h sets this
      build: Use ntlm_auth from source3 as the only ntlm_auth installed on the system
      torture: remove source3 locktest and masktest
      build: Be consistent with the name of smbtorture binaries
      build: Remove --enable-smbtorture, require bin/smbtorture (from waf) for make test
      packaging: Remove long-gone --disable-merged-build from RHEL-CTDB packaging
      build: Do not install testing binaries
      selftest: use an array when starting testenv with system()
      client: Fix talloc_stackframe() free order assertion in developer mode
      libads: Always free the talloc_stackframe() on error path
      samba-tool: Rework ldap attribute fetch in classicupgrade for missing attributes
      imessaging: Add irpc_all_servers() to list all available servers
      pymessaging: Use the server_id IDL structure rather than a tuple
      pymessaging: Add irpc_servers_byname() and irpc_all_servers()
      samba-tool: Add samba-tool processes subcommand
      smbd: Add mem_ctx to sys_acl_init() and all callers
      smbd: Add mem_ctx to {f,}get_nt_acl VFS call
      vfs: Fix alternative posix and no-op sys acl implementations to take a mem_ctx
      s3:vfs_gpfs fix the build
      rpc_server:srvsvc Remove psd variable that was no longer set by SMB_VFS_FGET_NT_ACL
      smbd: Always free the talloc_stackframe() before leaving smbd_do_query_security_desc
      vfs: Fix compilation of ACL support on solaris (cherry picked from commit 60a06ff09cb62d4102a89194ce8fef5c4c5a2f16)
      pysmbd: Fix pysmbd octal mode handling
      selftest: Add many more tests for our posix ACL handling
      selftest: Cover one more NT ACL invalidation case and improve comments
      selftest: Cover the important non-Samba invalidation of the NT ACL
      selftest: Always unlink the tempf in posixacl test (cherry picked from commit 1008f6fbf49d5b797c7d968ea7ffdcb29d623644)
      dbwrap: use talloc_stackframe() in db_tdb_log_key()
      python-ntacls: Cope with ACL revision 4
      pysmbd: Add hook for unlink() so python scripts can remove xattr.tdb entries
      pysmbd: Remember to close files after setting the NT ACL (cherry picked from commit 728e56b4636b668aaac60ec557d6fe16b530a6f9)
      pysmbd: Set umask to 0 during smbd operations (cherry picked from commit e146fe5ef96c1522175a8e81db15d1e8879e5652)
      vfstest: set umask(0) in vfstest
      provision: Fix comments in checksysvolacl (cherry picked from commit 7e90a064437790789726d701ada5de9503816281)
      sefltest: use TestCaseInTempDir and setUp/tearDown for posixacl.py temp file
      vfs_acl_common: In add_directory_inheritable_components allocate on psd as parent
      selftest: check that samba-tool gpo works for basic operations
      provision: Also walk directories checking ACLs
      provision: Make dsacl2fsacl() take a security.dom_sid, not str
      selftest: Make samba.tests.ntacl also use TestCaseInTempDir
      pysmbd: Add SMB_ACL_EXECUTE to the mask set by make_simple_acl()
      selftest: Add tests for expected behaviour on directories as well as files
      selftest: Avoid test cross-contamination in samba.tests.posixacl
      selftest: Avoid returning errors (rather than failures) in gpo test
      selftest: Add --tmpdir to 'samba-tool gpo create' test
      Ensure we Correctly set fsp->is_directory before dealing with ACLs.
      smbd: Correctly set fsp->is_directory before dealing with ACLs
      smbd: Remove NT4 compatability handling in posix -> NT ACL conversion
      ntvfs: Fill in sd->type based on the new ACL being added
      scripting ntacls: Do not place a SACL in the GPO filesystem ACL
      samba-tool: Add new samba-tool gpo aclcheck and test
      s3-param: Handle setting default AD DC per-share settings in init_locals()
      vfs: Remove type parameter from sys_acl_blob_get_{fd,file}

Arvid Requate (2):
      Fix bug 9376 - ensure_canon_entry_valid generates duplicate SMB_ACL_GROUP, acl_valid fails.
      s4:samba-tool: Fix samba-tool fsmo --role=schema

Christian Ambach (13):
      build(waf): support AIX 6.1
      build: add DMAPI configure option and checks
      s3:smbd/aio do not mark file modified during reads
      examples: fix build on AIX6
      s3:docs document shadow:snapdirseverywhere option of vfs_shadow_copy2
      build(waf): fix a typo
      s3:vfs_gpfs fix memory leak in gpfs_get_nfs4_acl
      s3:vfs_gpfs fix memory corruption in gpfs2smb_acl
      s3:vfs_gpfs fix a memory leak in gpfsacl_get_posix_acl
      s3:modules:nfs4_acls fix memory hierarchy in smb_create_smb4acl
      s3:modules:nfs4_acls remove unused mem_ctx parameter to smbacl4_fill_ace4
      s3:winbindd fix a compiler warning
      s3:winbindd fix a compiler warning

David Disseldorp (1):
      spoolss: fix segfault when "default devmode" is disabled

Günther Deschner (16):
      s3-rpc_client: lookup nametype 0x20 in rpc_pipe_open_tcp_port(). (bug #9426)
      s3-rpc_client: try to use socket_addr if available in rpc_pipe_open_tcp() (bug #9426)
      s3-rpc_cli: Remove some unused wrapping code.
      s3-winbindd: add cm_connect_lsat().
      s3-rpc_cli: make dcerpc_lsa_lookup_sids_generic() public.
      s3-rpc_client: make dcerpc_lsa_lookup_names_generic() public.
      s3-winbindd: remove lookup_names_fn_t.
      s3-winbindd: remove lookup_sids_fn_t.
      s3-winbindd: rework reconnect logic in winbindd_lookup_sids().
      s3-winbindd: rework reconnect logic in winbindd_lookup_names().
      s3-winbind: use new reconnect logic in rpc_lookup_sids() also.
      s3-net: pass down struct net_context to the dns update calls.
      s3-net: move out some prototypes to net_dns.h.
      s3-net: pass down a flags field to DoDNSUpdate().
      s3-net: give more control how to update/register DNS entries.
      s3-net: Fix DEBUG() location.

Jelmer Vernooij (7):
      dsdb: Rename _res argument to _result.
      ldb_secrets_tdb_sync: Add dependency on gssapi.
      heimdal_build: HEIMDAL_LIBRARY(): Remove unused cflags argument. (cherry picked from commit 9cf985c53eb1a4bbe8b8110f123744291026cee6)
      heimdal_build: Fix finding of system heimdal.
      configure: Support specifying PYTHON environment variable to run waf.
      Makefile: Allow specifying PYTHON environment variable.
      TestCaseInTempDir: Use addCleanup rather than tearDown. (cherry picked from commit 8d397b69bb29b7a464b610bc46cedd6be01b2455)

Jeremy Allison (8):
      Another fix needed for bug #9236 - ACL masks incorrectly applied when setting ACLs.
      Add comments explaining exactly *why* we don't check FILE_READ_ATTRIBUTES when evaluating file/directory ACE's.
      More for #9374 - Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend.
      Add samba3.samba3badnameblob test to check regressions in bug #9215.
      Simplify ensure_canon_entry_valid by splitting out the _get codepath. (cherry picked from commit 9466cd189d6a07411f451f7596feee36f0be7f32)
      We should never just assign an st_mode to an ace->perms field, theoretically they are different so should go through a mapping function. Ensure this is so.
      Move setting of psd->dacl->revision and protect against null SD's. (cherry picked from commit 5afabdc976d5ba1fd21dcdede85657b618fb6b76)
      Make sure the returned sd is on the right context, and if not it's always freed.

Kai Blin (2):
      utils: Remove unused samba-dig tool
      samba-tool dns: Don't use "localhost" to connect to local host

Karolin Seeger (43):
      VERSION: Bump version number up to 4.0.0rc6.
      popt_common: Fix typos.
      WHATSNEW: Start release notes for RC6.
      WHATSNEW: Update changes since rc5.
      WHATSNEW: Update changes since rc5.
      waf: Disable ntdb by default.
      WHATSNEW: Update changes since rc5.
      docs: Fix version in man smb.conf.
      docs: Add some binaries to the "SEE ALSO" section
      docs: Rename man ntlm_auth.
      WHATSNEW: Update changes since RC5.
      docs: man ldb.3: Add missing meta data.
      docs: man ldbadd: Add missing meta data.
      docs: man ldbdel: Add missing meta data.
      docs: man ldbedit: Add missing meta data.
      docs: man ldbmodify: Add missing meta data.
      docs: man ldbrename: Add missing meta data.
      docs: man ldbsearch: Add missing meta data.
      docs: man talloc: Add missing meta data.
      docs: man tdbtool: Add missing meta data.
      docs: man ndrdump: Add missing meta data.
      docs: man regdiff: Add missing meta data.
      docs: man regpatch: Add missing meta data.
      docs: man regshell: Add missing meta data.
      docs: man regtree: Add missing meta data.
      docs: man 8 samba: Add missing meta data.
      docs: man gentest: Add missing meta data.
      docs: man locktest: Add missing meta data.
      docs: man masktest: Add missing meta data.
      docs: man smbtorture: Add missing meta data.
      docs: man ntlm_auth4: Add missing meta data.
      docs: man oLschema2ldif: Add missing meta data.
      WHATSNEW: Update changes since RC5.
      WHATSNEW: Update changes since rc5.
      WHATSNEW: Update changes since rc5.
      lib/tdb: Rename manpages/ to man/.
      lib/talloc: Move manpage to man/.
      docs: Add samba.8 and samba-tool manpage to waf build.
      docs: Merge both samba.8 manpages.
      docs: Update man 7 samba.
      docs: Fix typo in the howto collection.
      WHATSNEW: Update changes since RC5.
      VERSION: Disable git snapshots to prepare rc6 release.

Matthieu Patou (1):
      Fix MD5 detection in the autoconf build

Michael Adam (51):
      configure(waf): Fail "configure --with-ads" if ads support is not available
      s3:param: make init_locals() static.
      s4:tests/samba_tool/gpo.py: fix accidential line break
      s3:winbind:idmap_tdb_common: improve readability of assignment by adding an "if"
      s3:winbind:idmap_tdb_common: improve readability of assignment by adding an "if"
      s3:winbindd:util: add a comment explaining the function parse_sidlist()
      s3:winbindd: simplify winbindd_sids_to_xids_recv() a bit.
      s3:winbindd: factor lsa_SidType_to_id_type() out of winbindd_sids_to_xids_lookupsids_done()
      s3:winbindd: add explaining comment winbindd_sids_to_xids_send()
      s3:winbindd: convert some spaces to tabs in winbindd_sids_to_xids_send()
      s3:winbindd: factor winbindd_sids_to_xids into external and internal part
      s3:winbindd: use wb_sids2xids instead of wb_sid2uid in winbindd_sid_to_uid
      s3:winbindd: use wb_sids2xids instead of wb_sid2gid in winbindd_sid_to_gid
      s3:winbindd: add an explanatory comment to _wbint_Sids2UnixIDs()
      s3:winbindd: add an explanatory comment to _wbint_Sids2UnixIDs()
      s3:winbindd: use struct unixid instead of uint64 in Sids2Xids parent<->child
      selftest:Samba3: provision the domain adminstrators group in the s3 environments
      s3:winbindd: rename idmap_init_passdb_domain() -> idmap_passdb_domain()
      s3:winbindd: add idmap_find_domain_with_sid()
      s3:winbindd: also use idmap_passdb for own sam and builtin in wbint_Sids2UnixIDs()
      s3:winbindd: make idmap_find_domain() static.
      selftest:Samba3: call wait_for_start() from check_or_start()
      selftest:Samba3: add nmbd, winbindd smbd arguments to wait_for_start()
      selftest:Samba3: add "wbinfo -p" test to wait_for_start()
      selftest:Samba3: provision the BUILTIN\Users group if the environment runs winbindd
      s3:winbindd: change wb_fill_pwent to use wb_sids2xids instead of wb_sid2[ug]id
      s3:winbindd: change wb_getgrsid to use wb_sids2xids instead of wb_sid2gid
      s3:winbindd: change winbindd_getgroups to use wb_sids2xids instead of wb_sid2gid
      s3:winbindd: remove now unused wb_sid2uid and wb_sid2gid modules
      s3:winbindd: remove wbint_Sid2Uid() from the wbint.idl
      s3:winbindd: remove wbint_Sid2Gid from the wbint.idl
      s3:winbindd: remove unused server implementation of wbint_Sid2Uid()
      s3:winbindd: remove unused server implementation of wbint_Sid2Gid()
      s3:winbindd: remove unused idmap_sid_to_uid()
      s3:winbindd: remove unused idmap_sid_to_gid()
      s3:idmap_rid: force mapping type to ID_TYPE_BOTH for sid->unixid mapping
      s3:idmap_autorid: force mapping type to ID_TYPE_BOTH for sid->unixid mapping
      s3:test: fix intialization of WBINFO in test_wbinfo_sids2xids.sh
      s3:test:wbinfo_sids2xids: test the results with singular calls with filled and with empty cache
      s3:winbindd: remove unused function idmap_backends_sid_to_unixid()
      s3:lib: add utility function sid_check_is_for_passdb()
      build the new sid_check_is_for_passdb() function into passdb
      s3:winbindd: use the new sid_check_is_for_passdb() in idmap_find_domain_with_sid()
      s3:passdb: don't bail out in pdb_default_sid_to_id() if sid is not in our sam
      s3:passdb: factor pdb_sid_to_id_unix_users_and_groups() out of pdb_default_sid_to_id()
      s3:passdb: add sid_check_object_is_for_passdb()
      s3:passdb:pdb_ldap: pre-validate sid with sid_check_object_is_for_passdb()
      s3:passdb:pdb_ldap: treat "Unix User" and "Unix Group" in sid_to_id()
      s3:passdb: don't look into group mappings in legacy_sid_to_unixid()
      s3:selftest: extend sids2xids test script to cope with "ID_TYPE_BOTH mappings
      s3:passdb: fix building pdb_ldap as shared module

Ricky Nance (1):
      Removed phpldapadmin inclusion for Samba 4.

Stefan Metzmacher (93):
      lib/ldb: add missing newline in the output of ldb_ldif_write_trace()
      lib/replace: replace all *printf function if we replace snprintf (bug #9390)
      lib/addns: remove pointless check for resp->num_additionals != 1
      lib/addns: don't depend on the order in resp->answers[]
      lib/addns: remove compiler warnings
      s4:samba-tool/testparm: report a CommandError if loading of the config file fails
      s4:tortore/rpc/lsa: make more use of torture_assert*
      selftest/knownfail: add samba3.rpc.lsa.privileges.lsa.Privileges
      s4:torture/rpc/handles: move a torture_comment()
      s4:torture/rpc/handles: try to make the assoc_group test less flakey
      s4:torture/rpc/handles: try to make all assoc_group tests less flakey
      s4:rpc_server/drsuapi: fix a crash in dcesrv_drsuapi_DsGetDomainControllerInfo_1()
      s4:rpc_server/drsuapi: use talloc_zero instead of talloc() in dcesrv_drsuapi_DsBind()
      s3:param: set "map archive = no" in ROLE_ACTIVE_DIRECTORY_DC
      s3:vfs_modules: fix *sys_acl_blob_get_{file,fd} and only return ENOSYS
      s3:vfs_aixacl2: make use of vfs_aixacl_util.h
      s4:smbd/open: add missing TALLOC_FREE(frame) to inherit_new_acl()
      s3:vfs_gpfs: make sure we return the correct errno in gpfs2smb_acl()
      s3:vfs_gpfs: add no memory check in gpfs2smb_acl()
      WHATSNEW.txt: "acl compatibility" was removed
      s4:netcmd/gpo.py: s/ntSecurityDescriptor/nTSecurityDescriptor
      s4:netcmd/gpo.py: the nTSecurityDescriptor may not be visible for the current user
      s4:netcmd/gpo.py: only ask for OWNER/GROUP/DACL when validating the nTSecurityDescriptor
      s4:netcmd/gpo.py: let get_gpo_info explicitly ask for the full ntSecurityDescriptor
      s4:tests/samba_tool/gpo.py: add test_show_as_admin()
      s3:smbd/open: use Builtin_Administrators as owner of files (if possible)
      s3:smbd/open: try the primary sid (user) as group_sid if the token has just one sid
      s3:smbd/open: fall back to Builtin_Administrators if SYSTEM doesn't map to a group
      libcli/security: remove duplicate aces in se_create_child_secdesc()
      s3:libsmb: add cli_{query,set}_security_descriptor() which take sec_info flags
      s3:smbcacls: add --query-security-info and --set-security-info options
      s4:libcli/finddcs_cldap: try all NBT#1C addresses
      s4:libcli/finddcs_cldap: allow io->in.server_address as hostname
      s4:samba-tool/gpo: use the dns_domain from the server when creating gpos
      s4:samba-tool/gpo: use 'gPCFileSysPath' when deleting gpos
      s4:samba-tool/gpo: fix the operation order when creating gpos
      s4:python/ntacl: allow string or objects for sd/sid in setntacl()
      s4:python/ntacl: add 'as_sddl' option to dsacl2fsacl()
      s4:dsdb/schema_data: fix debug message in schema_data_modify()
      s4:dsdb/dirsync: check result of replUpToDateVector fetch on nc_root
      s4:dsdb/dirsync: use the correct nc_root to fetch replUpToDateVector
      s4:dsdb/dirsync: explicitly ask for sdctr->secinfo_flags = 0xF
      s4:dsdb/rootdse: remove unused variable
      s4:dsdb/rootdse: do helper searches AS_SYSTEM
      s4:dsdb/objectclass: do helper searches AS_SYSTEM and with SHOW_RECYCLED
      s4:dsdb/extended_dn_in: do helper searches AS_SYSTEM and with SHOW_RECYCLED
      s4:dsdb/extended_dn_store: do helper searches AS_SYSTEM
      s4:dsdb/acl_util: do helper searches AS_SYSTEM
      s4:dsdb/acl_util: add dsdb_request_sd_flags() helper function
      s4:dsdb/descriptor: do searches for nTSecurityDescriptor AS_SYSTEM and with SHOW_RECYCLED
      s4:dsdb/descriptor: always use descriptor_search_callback if we return nTSecurityDescriptor
      s4:dsdb/descriptor: make use of dsdb_request_sd_flags()
      s4:dsdb/descriptor: make it clear that the SD Flags are ignored on add
      s4:dsdb/acl: do helper searches AS_SYSTEM and with SHOW_RECYCLED
      s4:dsdb/acl: remove unused "acl:perform" option
      s4:dsdb/acl: don't protect confidential attributes when "acl:search = yes" is set
      s4:dsdb/acl: calculate the correct access_mask when modifying nTSecurityDescriptor
      s4:dsdb/acl_read: do search for instanceType AS_SYSTEM and with SHOW_RECYCLED
      s4:dsdb/acl_read: specify the correct access_mask for nTSecurityDescriptor
      s4:dsdb/acl_read: enable acl checking on search by default (bug #8620)
      s4:dsdb/descriptor: give SYSTEM the correct default owner (group) sid
      s4:dsdb/descriptor: if the caller specifies no DACL/SACL the objects gets a default one
      s4:provision: add get_empty_descriptor()
      s4:samba_upgradeprovision: use the sd_flags:1:15 control with an empty sd
      s4:dsdb/descriptor: move special dn check to the start of descriptor_{add,modify,rename}
      s4:dsdb/descriptor: remove support for unused LDB_CONTROL_RECALCULATE_SD_OID
      s4:dsdb/descriptor: add some error checks to descriptor_{add,modify}
      s4:dsdb/descriptor: remove some unnecessary nesting
      s4:dsdb/descriptor: remove some nesting from descriptor_modify
      s4:dsdb/descriptor: make explicit that we don't support MOD_DELETE on nTSecurityDescriptor
      s4:dsdb/descriptor: the old nTSecurityDescriptor is always expected there on modify
      s4:dsdb/acl: also add DSDB_SECRET_ATTRIBUTES into the password attributes
      s4:dsdb/common: add pekList and msDS-ExecuteScriptPassword to DSDB_SECRET_ATTRIBUTES_EX
      s4:provision: add pekList and msDS-ExecuteScriptPassword to @KLUDGEACL
      s4:dsdb/dirsync: remove unused 'deletedattr' variable
      s4:dsdb/acl: require SEC_ADS_DELETE_TREE if the TREE_DELETE control is given (bug #7711)
      s4:dsdb/objectclass: do not pass the callers controls on helper searches
      s4:dsdb/subtree_delete: do an early return and avoid some nesting
      s4:dsdb/subtree_delete: do the recursive delete AS_SYSTEM/TRUSTED (bug #7711)
      s4:dsdb/subtree_delete: delete from the leafs to the root (bug #7711)
      s4:dsdb/objectclass_attrs: allow DSDB_CONTROL_SEC_DESC_PROPAGATION_OID on modify
      s4:dsdb/repl_meta_data: allow DSDB_CONTROL_SEC_DESC_PROPAGATION_OID on modify
      s4:dsdb/schema_data: allow DSDB_CONTROL_SEC_DESC_PROPAGATION_OID on modify
      s4:dsdb/descriptor: handle DSDB_CONTROL_SEC_DESC_PROPAGATION_OID
      s4:dsdb/descriptor: implement DSDB_EXTENDED_SEC_DESC_PROPAGATION_OID
      s4:dsdb/acl_util: add dsdb_module_schedule_sd_propagation()
      s4:dsdb/descriptor: recalculate nTSecurityDescriptor after a rename (bug #8621)
      s4:dsdb/descriptor: inherit nTSecurityDescriptor changes to children (bug #8621)
      s4:dsdb/repl_meta_data: call dsdb_module_schedule_sd_propagation() for replicated changes
      s4:dsdb/tests: add SdAutoInheritTests
      s4:dsdb/descriptor: NULL out user_descriptor elements depending on the sd_flags

Sumit Bose (1):
      Use work around for 'winbind use default domain' only if it is set

Volker Lendecke (3):
      Fix Bug 9422 - large read requests cause server to issue malformed reply
      dbwrap: Fix bug 9440: Do not rely on dbwrap_record_get_value to return a talloc object
      s3: Fix idmap_hash


Samba Shared Repository

More information about the samba-cvs mailing list