[SCM] Samba Shared Repository - annotated tag samba-4.0.0rc6 created
Karolin Seeger
kseeger at samba.org
Tue Dec 4 03:20:05 MST 2012
The annotated tag, samba-4.0.0rc6 has been created
at 74db1e8ebcefd727a3fa14bc2fc423707598ec2c (tag)
tagging 484747c5dacb71c5847682dd94e888091d101734 (commit)
replaces samba-4.0.0rc5
tagged by Karolin Seeger
on Tue Dec 4 11:16:56 2012 +0100
- Log -----------------------------------------------------------------
samba: tag release samba-4.0.0rc6
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
iD8DBQBQvc2pbzORW2Vot+oRAmFjAKC8hQeNKZ8XG2VsKF2aZv81A5spKQCfQXsH
zmMZnVV6WkwJ7/2XERziGEI=
=l/uR
-----END PGP SIGNATURE-----
Amitay Isaacs (3):
s4-dns: Fix format string vulnerability in an error message (bug #9354)
s4-dns: dlz_bind9: Ignore zones that are not used by BIND9 DLZ plugin
s4-rpc: dnsserver: Ignore DNS zones that are not used by RPC dnsserver
Andreas Schneider (2):
s3:winbind: BUG 9386: Failover if netlogon pipe is not available.
BUG 9436: Fix leaking sockets of SMB connections to a DC.
Andrew Bartlett (53):
lib/replace: Do not use STRERROR_R_PROTO_COMPATIBLE as only roken.h sets this
build: Use ntlm_auth from source3 as the only ntlm_auth installed on the system
torture: remove source3 locktest and masktest
build: Be consistent with the name of smbtorture binaries
build: Remove --enable-smbtorture, require bin/smbtorture (from waf) for make test
packaging: Remove long-gone --disable-merged-build from RHEL-CTDB packaging
build: Do not install testing binaries
selftest: use an array when starting testenv with system()
client: Fix talloc_stackframe() free order assertion in developer mode
libads: Always free the talloc_stackframe() on error path
samba-tool: Rework ldap attribute fetch in classicupgrade for missing attributes
imessaging: Add irpc_all_servers() to list all available servers
pymessaging: Use the server_id IDL structure rather than a tuple
pymessaging: Add irpc_servers_byname() and irpc_all_servers()
samba-tool: Add samba-tool processes subcommand
smbd: Add mem_ctx to sys_acl_init() and all callers
smbd: Add mem_ctx to {f,}get_nt_acl VFS call
vfs: Fix alternative posix and no-op sys acl implementations to take a mem_ctx
s3:vfs_gpfs fix the build
rpc_server:srvsvc Remove psd variable that was no longer set by SMB_VFS_FGET_NT_ACL
smbd: Always free the talloc_stackframe() before leaving smbd_do_query_security_desc
vfs: Fix compilation of ACL support on solaris (cherry picked from commit 60a06ff09cb62d4102a89194ce8fef5c4c5a2f16)
pysmbd: Fix pysmbd octal mode handling
selftest: Add many more tests for our posix ACL handling
selftest: Cover one more NT ACL invalidation case and improve comments
selftest: Cover the important non-Samba invalidation of the NT ACL
selftest: Always unlink the tempf in posixacl test (cherry picked from commit 1008f6fbf49d5b797c7d968ea7ffdcb29d623644)
dbwrap: use talloc_stackframe() in db_tdb_log_key()
python-ntacls: Cope with ACL revision 4
pysmbd: Add hook for unlink() so python scripts can remove xattr.tdb entries
pysmbd: Remember to close files after setting the NT ACL (cherry picked from commit 728e56b4636b668aaac60ec557d6fe16b530a6f9)
pysmbd: Set umask to 0 during smbd operations (cherry picked from commit e146fe5ef96c1522175a8e81db15d1e8879e5652)
vfstest: set umask(0) in vfstest
provision: Fix comments in checksysvolacl (cherry picked from commit 7e90a064437790789726d701ada5de9503816281)
sefltest: use TestCaseInTempDir and setUp/tearDown for posixacl.py temp file
vfs_acl_common: In add_directory_inheritable_components allocate on psd as parent
selftest: check that samba-tool gpo works for basic operations
provision: Also walk directories checking ACLs
provision: Make dsacl2fsacl() take a security.dom_sid, not str
selftest: Make samba.tests.ntacl also use TestCaseInTempDir
pysmbd: Add SMB_ACL_EXECUTE to the mask set by make_simple_acl()
selftest: Add tests for expected behaviour on directories as well as files
selftest: Avoid test cross-contamination in samba.tests.posixacl
selftest: Avoid returning errors (rather than failures) in gpo test
selftest: Add --tmpdir to 'samba-tool gpo create' test
Ensure we Correctly set fsp->is_directory before dealing with ACLs.
smbd: Correctly set fsp->is_directory before dealing with ACLs
smbd: Remove NT4 compatability handling in posix -> NT ACL conversion
ntvfs: Fill in sd->type based on the new ACL being added
scripting ntacls: Do not place a SACL in the GPO filesystem ACL
samba-tool: Add new samba-tool gpo aclcheck and test
s3-param: Handle setting default AD DC per-share settings in init_locals()
vfs: Remove type parameter from sys_acl_blob_get_{fd,file}
Arvid Requate (2):
Fix bug 9376 - ensure_canon_entry_valid generates duplicate SMB_ACL_GROUP, acl_valid fails.
s4:samba-tool: Fix samba-tool fsmo --role=schema
Christian Ambach (13):
build(waf): support AIX 6.1
build: add DMAPI configure option and checks
s3:smbd/aio do not mark file modified during reads
examples: fix build on AIX6
s3:docs document shadow:snapdirseverywhere option of vfs_shadow_copy2
build(waf): fix a typo
s3:vfs_gpfs fix memory leak in gpfs_get_nfs4_acl
s3:vfs_gpfs fix memory corruption in gpfs2smb_acl
s3:vfs_gpfs fix a memory leak in gpfsacl_get_posix_acl
s3:modules:nfs4_acls fix memory hierarchy in smb_create_smb4acl
s3:modules:nfs4_acls remove unused mem_ctx parameter to smbacl4_fill_ace4
s3:winbindd fix a compiler warning
s3:winbindd fix a compiler warning
David Disseldorp (1):
spoolss: fix segfault when "default devmode" is disabled
Günther Deschner (16):
s3-rpc_client: lookup nametype 0x20 in rpc_pipe_open_tcp_port(). (bug #9426)
s3-rpc_client: try to use socket_addr if available in rpc_pipe_open_tcp() (bug #9426)
s3-rpc_cli: Remove some unused wrapping code.
s3-winbindd: add cm_connect_lsat().
s3-rpc_cli: make dcerpc_lsa_lookup_sids_generic() public.
s3-rpc_client: make dcerpc_lsa_lookup_names_generic() public.
s3-winbindd: remove lookup_names_fn_t.
s3-winbindd: remove lookup_sids_fn_t.
s3-winbindd: rework reconnect logic in winbindd_lookup_sids().
s3-winbindd: rework reconnect logic in winbindd_lookup_names().
s3-winbind: use new reconnect logic in rpc_lookup_sids() also.
s3-net: pass down struct net_context to the dns update calls.
s3-net: move out some prototypes to net_dns.h.
s3-net: pass down a flags field to DoDNSUpdate().
s3-net: give more control how to update/register DNS entries.
s3-net: Fix DEBUG() location.
Jelmer Vernooij (7):
dsdb: Rename _res argument to _result.
ldb_secrets_tdb_sync: Add dependency on gssapi.
heimdal_build: HEIMDAL_LIBRARY(): Remove unused cflags argument. (cherry picked from commit 9cf985c53eb1a4bbe8b8110f123744291026cee6)
heimdal_build: Fix finding of system heimdal.
configure: Support specifying PYTHON environment variable to run waf.
Makefile: Allow specifying PYTHON environment variable.
TestCaseInTempDir: Use addCleanup rather than tearDown. (cherry picked from commit 8d397b69bb29b7a464b610bc46cedd6be01b2455)
Jeremy Allison (8):
Another fix needed for bug #9236 - ACL masks incorrectly applied when setting ACLs.
Add comments explaining exactly *why* we don't check FILE_READ_ATTRIBUTES when evaluating file/directory ACE's.
More for #9374 - Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend.
Add samba3.samba3badnameblob test to check regressions in bug #9215.
Simplify ensure_canon_entry_valid by splitting out the _get codepath. (cherry picked from commit 9466cd189d6a07411f451f7596feee36f0be7f32)
We should never just assign an st_mode to an ace->perms field, theoretically they are different so should go through a mapping function. Ensure this is so.
Move setting of psd->dacl->revision and protect against null SD's. (cherry picked from commit 5afabdc976d5ba1fd21dcdede85657b618fb6b76)
Make sure the returned sd is on the right context, and if not it's always freed.
Kai Blin (2):
utils: Remove unused samba-dig tool
samba-tool dns: Don't use "localhost" to connect to local host
Karolin Seeger (43):
VERSION: Bump version number up to 4.0.0rc6.
popt_common: Fix typos.
WHATSNEW: Start release notes for RC6.
WHATSNEW: Update changes since rc5.
WHATSNEW: Update changes since rc5.
waf: Disable ntdb by default.
WHATSNEW: Update changes since rc5.
docs: Fix version in man smb.conf.
docs: Add some binaries to the "SEE ALSO" section
docs: Rename man ntlm_auth.
WHATSNEW: Update changes since RC5.
docs: man ldb.3: Add missing meta data.
docs: man ldbadd: Add missing meta data.
docs: man ldbdel: Add missing meta data.
docs: man ldbedit: Add missing meta data.
docs: man ldbmodify: Add missing meta data.
docs: man ldbrename: Add missing meta data.
docs: man ldbsearch: Add missing meta data.
docs: man talloc: Add missing meta data.
docs: man tdbtool: Add missing meta data.
docs: man ndrdump: Add missing meta data.
docs: man regdiff: Add missing meta data.
docs: man regpatch: Add missing meta data.
docs: man regshell: Add missing meta data.
docs: man regtree: Add missing meta data.
docs: man 8 samba: Add missing meta data.
docs: man gentest: Add missing meta data.
docs: man locktest: Add missing meta data.
docs: man masktest: Add missing meta data.
docs: man smbtorture: Add missing meta data.
docs: man ntlm_auth4: Add missing meta data.
docs: man oLschema2ldif: Add missing meta data.
WHATSNEW: Update changes since RC5.
WHATSNEW: Update changes since rc5.
WHATSNEW: Update changes since rc5.
lib/tdb: Rename manpages/ to man/.
lib/talloc: Move manpage to man/.
docs: Add samba.8 and samba-tool manpage to waf build.
docs: Merge both samba.8 manpages.
docs: Update man 7 samba.
docs: Fix typo in the howto collection.
WHATSNEW: Update changes since RC5.
VERSION: Disable git snapshots to prepare rc6 release.
Matthieu Patou (1):
Fix MD5 detection in the autoconf build
Michael Adam (51):
configure(waf): Fail "configure --with-ads" if ads support is not available
s3:param: make init_locals() static.
s4:tests/samba_tool/gpo.py: fix accidential line break
s3:winbind:idmap_tdb_common: improve readability of assignment by adding an "if"
s3:winbind:idmap_tdb_common: improve readability of assignment by adding an "if"
s3:winbindd:util: add a comment explaining the function parse_sidlist()
s3:winbindd: simplify winbindd_sids_to_xids_recv() a bit.
s3:winbindd: factor lsa_SidType_to_id_type() out of winbindd_sids_to_xids_lookupsids_done()
s3:winbindd: add explaining comment winbindd_sids_to_xids_send()
s3:winbindd: convert some spaces to tabs in winbindd_sids_to_xids_send()
s3:winbindd: factor winbindd_sids_to_xids into external and internal part
s3:winbindd: use wb_sids2xids instead of wb_sid2uid in winbindd_sid_to_uid
s3:winbindd: use wb_sids2xids instead of wb_sid2gid in winbindd_sid_to_gid
s3:winbindd: add an explanatory comment to _wbint_Sids2UnixIDs()
s3:winbindd: add an explanatory comment to _wbint_Sids2UnixIDs()
s3:winbindd: use struct unixid instead of uint64 in Sids2Xids parent<->child
selftest:Samba3: provision the domain adminstrators group in the s3 environments
s3:winbindd: rename idmap_init_passdb_domain() -> idmap_passdb_domain()
s3:winbindd: add idmap_find_domain_with_sid()
s3:winbindd: also use idmap_passdb for own sam and builtin in wbint_Sids2UnixIDs()
s3:winbindd: make idmap_find_domain() static.
selftest:Samba3: call wait_for_start() from check_or_start()
selftest:Samba3: add nmbd, winbindd smbd arguments to wait_for_start()
selftest:Samba3: add "wbinfo -p" test to wait_for_start()
selftest:Samba3: provision the BUILTIN\Users group if the environment runs winbindd
s3:winbindd: change wb_fill_pwent to use wb_sids2xids instead of wb_sid2[ug]id
s3:winbindd: change wb_getgrsid to use wb_sids2xids instead of wb_sid2gid
s3:winbindd: change winbindd_getgroups to use wb_sids2xids instead of wb_sid2gid
s3:winbindd: remove now unused wb_sid2uid and wb_sid2gid modules
s3:winbindd: remove wbint_Sid2Uid() from the wbint.idl
s3:winbindd: remove wbint_Sid2Gid from the wbint.idl
s3:winbindd: remove unused server implementation of wbint_Sid2Uid()
s3:winbindd: remove unused server implementation of wbint_Sid2Gid()
s3:winbindd: remove unused idmap_sid_to_uid()
s3:winbindd: remove unused idmap_sid_to_gid()
s3:idmap_rid: force mapping type to ID_TYPE_BOTH for sid->unixid mapping
s3:idmap_autorid: force mapping type to ID_TYPE_BOTH for sid->unixid mapping
s3:test: fix intialization of WBINFO in test_wbinfo_sids2xids.sh
s3:test:wbinfo_sids2xids: test the results with singular calls with filled and with empty cache
s3:winbindd: remove unused function idmap_backends_sid_to_unixid()
s3:lib: add utility function sid_check_is_for_passdb()
build the new sid_check_is_for_passdb() function into passdb
s3:winbindd: use the new sid_check_is_for_passdb() in idmap_find_domain_with_sid()
s3:passdb: don't bail out in pdb_default_sid_to_id() if sid is not in our sam
s3:passdb: factor pdb_sid_to_id_unix_users_and_groups() out of pdb_default_sid_to_id()
s3:passdb: add sid_check_object_is_for_passdb()
s3:passdb:pdb_ldap: pre-validate sid with sid_check_object_is_for_passdb()
s3:passdb:pdb_ldap: treat "Unix User" and "Unix Group" in sid_to_id()
s3:passdb: don't look into group mappings in legacy_sid_to_unixid()
s3:selftest: extend sids2xids test script to cope with "ID_TYPE_BOTH mappings
s3:passdb: fix building pdb_ldap as shared module
Ricky Nance (1):
Removed phpldapadmin inclusion for Samba 4.
Stefan Metzmacher (93):
lib/ldb: add missing newline in the output of ldb_ldif_write_trace()
lib/replace: replace all *printf function if we replace snprintf (bug #9390)
lib/addns: remove pointless check for resp->num_additionals != 1
lib/addns: don't depend on the order in resp->answers[]
lib/addns: remove compiler warnings
s4:samba-tool/testparm: report a CommandError if loading of the config file fails
s4:tortore/rpc/lsa: make more use of torture_assert*
selftest/knownfail: add samba3.rpc.lsa.privileges.lsa.Privileges
s4:torture/rpc/handles: move a torture_comment()
s4:torture/rpc/handles: try to make the assoc_group test less flakey
s4:torture/rpc/handles: try to make all assoc_group tests less flakey
s4:rpc_server/drsuapi: fix a crash in dcesrv_drsuapi_DsGetDomainControllerInfo_1()
s4:rpc_server/drsuapi: use talloc_zero instead of talloc() in dcesrv_drsuapi_DsBind()
s3:param: set "map archive = no" in ROLE_ACTIVE_DIRECTORY_DC
s3:vfs_modules: fix *sys_acl_blob_get_{file,fd} and only return ENOSYS
s3:vfs_aixacl2: make use of vfs_aixacl_util.h
s4:smbd/open: add missing TALLOC_FREE(frame) to inherit_new_acl()
s3:vfs_gpfs: make sure we return the correct errno in gpfs2smb_acl()
s3:vfs_gpfs: add no memory check in gpfs2smb_acl()
WHATSNEW.txt: "acl compatibility" was removed
s4:netcmd/gpo.py: s/ntSecurityDescriptor/nTSecurityDescriptor
s4:netcmd/gpo.py: the nTSecurityDescriptor may not be visible for the current user
s4:netcmd/gpo.py: only ask for OWNER/GROUP/DACL when validating the nTSecurityDescriptor
s4:netcmd/gpo.py: let get_gpo_info explicitly ask for the full ntSecurityDescriptor
s4:tests/samba_tool/gpo.py: add test_show_as_admin()
s3:smbd/open: use Builtin_Administrators as owner of files (if possible)
s3:smbd/open: try the primary sid (user) as group_sid if the token has just one sid
s3:smbd/open: fall back to Builtin_Administrators if SYSTEM doesn't map to a group
libcli/security: remove duplicate aces in se_create_child_secdesc()
s3:libsmb: add cli_{query,set}_security_descriptor() which take sec_info flags
s3:smbcacls: add --query-security-info and --set-security-info options
s4:libcli/finddcs_cldap: try all NBT#1C addresses
s4:libcli/finddcs_cldap: allow io->in.server_address as hostname
s4:samba-tool/gpo: use the dns_domain from the server when creating gpos
s4:samba-tool/gpo: use 'gPCFileSysPath' when deleting gpos
s4:samba-tool/gpo: fix the operation order when creating gpos
s4:python/ntacl: allow string or objects for sd/sid in setntacl()
s4:python/ntacl: add 'as_sddl' option to dsacl2fsacl()
s4:dsdb/schema_data: fix debug message in schema_data_modify()
s4:dsdb/dirsync: check result of replUpToDateVector fetch on nc_root
s4:dsdb/dirsync: use the correct nc_root to fetch replUpToDateVector
s4:dsdb/dirsync: explicitly ask for sdctr->secinfo_flags = 0xF
s4:dsdb/rootdse: remove unused variable
s4:dsdb/rootdse: do helper searches AS_SYSTEM
s4:dsdb/objectclass: do helper searches AS_SYSTEM and with SHOW_RECYCLED
s4:dsdb/extended_dn_in: do helper searches AS_SYSTEM and with SHOW_RECYCLED
s4:dsdb/extended_dn_store: do helper searches AS_SYSTEM
s4:dsdb/acl_util: do helper searches AS_SYSTEM
s4:dsdb/acl_util: add dsdb_request_sd_flags() helper function
s4:dsdb/descriptor: do searches for nTSecurityDescriptor AS_SYSTEM and with SHOW_RECYCLED
s4:dsdb/descriptor: always use descriptor_search_callback if we return nTSecurityDescriptor
s4:dsdb/descriptor: make use of dsdb_request_sd_flags()
s4:dsdb/descriptor: make it clear that the SD Flags are ignored on add
s4:dsdb/acl: do helper searches AS_SYSTEM and with SHOW_RECYCLED
s4:dsdb/acl: remove unused "acl:perform" option
s4:dsdb/acl: don't protect confidential attributes when "acl:search = yes" is set
s4:dsdb/acl: calculate the correct access_mask when modifying nTSecurityDescriptor
s4:dsdb/acl_read: do search for instanceType AS_SYSTEM and with SHOW_RECYCLED
s4:dsdb/acl_read: specify the correct access_mask for nTSecurityDescriptor
s4:dsdb/acl_read: enable acl checking on search by default (bug #8620)
s4:dsdb/descriptor: give SYSTEM the correct default owner (group) sid
s4:dsdb/descriptor: if the caller specifies no DACL/SACL the objects gets a default one
s4:provision: add get_empty_descriptor()
s4:samba_upgradeprovision: use the sd_flags:1:15 control with an empty sd
s4:dsdb/descriptor: move special dn check to the start of descriptor_{add,modify,rename}
s4:dsdb/descriptor: remove support for unused LDB_CONTROL_RECALCULATE_SD_OID
s4:dsdb/descriptor: add some error checks to descriptor_{add,modify}
s4:dsdb/descriptor: remove some unnecessary nesting
s4:dsdb/descriptor: remove some nesting from descriptor_modify
s4:dsdb/descriptor: make explicit that we don't support MOD_DELETE on nTSecurityDescriptor
s4:dsdb/descriptor: the old nTSecurityDescriptor is always expected there on modify
s4:dsdb/acl: also add DSDB_SECRET_ATTRIBUTES into the password attributes
s4:dsdb/common: add pekList and msDS-ExecuteScriptPassword to DSDB_SECRET_ATTRIBUTES_EX
s4:provision: add pekList and msDS-ExecuteScriptPassword to @KLUDGEACL
s4:dsdb/dirsync: remove unused 'deletedattr' variable
s4:dsdb/acl: require SEC_ADS_DELETE_TREE if the TREE_DELETE control is given (bug #7711)
s4:dsdb/objectclass: do not pass the callers controls on helper searches
s4:dsdb/subtree_delete: do an early return and avoid some nesting
s4:dsdb/subtree_delete: do the recursive delete AS_SYSTEM/TRUSTED (bug #7711)
s4:dsdb/subtree_delete: delete from the leafs to the root (bug #7711)
s4:dsdb: define DSDB_CONTROL_SEC_DESC_PROPAGATION_OID
s4:dsdb/objectclass_attrs: allow DSDB_CONTROL_SEC_DESC_PROPAGATION_OID on modify
s4:dsdb/repl_meta_data: allow DSDB_CONTROL_SEC_DESC_PROPAGATION_OID on modify
s4:dsdb/schema_data: allow DSDB_CONTROL_SEC_DESC_PROPAGATION_OID on modify
s4:dsdb/descriptor: handle DSDB_CONTROL_SEC_DESC_PROPAGATION_OID
s4:dsdb: define DSDB_EXTENDED_SEC_DESC_PROPAGATION_OID
s4:dsdb/descriptor: implement DSDB_EXTENDED_SEC_DESC_PROPAGATION_OID
s4:dsdb/acl_util: add dsdb_module_schedule_sd_propagation()
s4:dsdb/descriptor: recalculate nTSecurityDescriptor after a rename (bug #8621)
s4:dsdb/descriptor: inherit nTSecurityDescriptor changes to children (bug #8621)
s4:dsdb/repl_meta_data: call dsdb_module_schedule_sd_propagation() for replicated changes
s4:dsdb/tests: add SdAutoInheritTests
s4:dsdb/descriptor: NULL out user_descriptor elements depending on the sd_flags
Sumit Bose (1):
Use work around for 'winbind use default domain' only if it is set
Volker Lendecke (3):
Fix Bug 9422 - large read requests cause server to issue malformed reply
dbwrap: Fix bug 9440: Do not rely on dbwrap_record_get_value to return a talloc object
s3: Fix idmap_hash
-----------------------------------------------------------------------
--
Samba Shared Repository
More information about the samba-cvs
mailing list