[SCM] Samba Shared Repository - branch v4-0-test updated
Andrew Bartlett
abartlet at samba.org
Mon Jul 16 22:43:31 MDT 2012
The branch, v4-0-test has been updated
via 3a6f1f9 VERSION: Mark as the beta4 release
via 4b44002 WHATSNEW: prepare for 4.0 beta4
via a7d5d08 Revert "Remove XSLT script to generate image dependencies, instead rely on make"
via c92a567 pytdb: Check if the database is closed before we touch it
via a8e8833 pytdb: Check for errors parsing strings into TDB_DATA
via dff29e4 auth/credentials: Look in the secrets.tdb for the machine account
via 6d24c89 s4-param: Use a unique header name
via 4b61c48 s3-secrets: Use C99 types
via 726ecf6 Fix bug #9016 - Connection to outbound trusted domain goes offline.
via 27e20d5 s3: Make us survive smb2.lock.rw-shared with aio enabled
via 10b818b s3-auth_samba4: Explain that check_samba4_security is actually unused
via 1013fab lib/util: Allocate enough space to reference blob->data[len]
via 15fedb3 s3-auth Remove unused global_machine_account_needs_changing
via d55cde1 s3-auth Remove confusing reference to global_machine_password_needs_changing
via 70de501 s4-provision: Provide YP/NIS subtree to allow ADUC to see and set rfc2307 attrs
via 5a9ce8b Use HAVE_FSYNC, we bothered to test for it.
via bf650a1 s4:registry:regdiff: use existing talloc context for the event context
via 342ab97 s4:registry:regdiff: add TALLOC_CTX * argument to open_backend()
via 6ee16ce s4:registry: add a TALLOC_CTX argument to reg_open_remote()
via e454681 Linux-specific optimization in aio_open code.
via a7c63ac Set fsp->initial_allocation_size before calling open_file_ntcreate().
via 775014b Make sure we reset fsp->initial_allocation_size to zero if we didn't create the file.
via cb40594 Add an optimization to pthread aio writes to also do fsync if requested.
via 622eb59 s3: Make us survive base-delaywrite with aio enabled
via 67e7e14 s3: Factor out "mark_file_modified"
via 1ee95e4 s3: rename sid_check_is_in_our_domain() to sid_check_is_in_our_sam()
via c43505b s3: rename sid_check_is_domain() to sid_check_is_our_sam()
via ac2644b s3:passdb: remove commented out pdb_lookup_names code
via 19e8002 s3/torture: adjust dependency to fix build when no winbind was build before
via b865cdd s3: make log message of FSCTL_IS_VOLUME_DIRTY more clear
via a93f56a test: fix compile warning on test summary
via 2cc38ac mkversion: Remove quotes around SAMBA_VERSION_VENDOR_PATCH string
via 73ede32 s3:vfs_gpfs: fix ACL length calculation
via 35ab9be s3:vfs_gpfs: Check softquota before gracetime
via 149cae8 build: fix some indentation (tabs/vs spaces) in source3/wscript
via 5231d70 build: fix waf checks for seteuid on non-Linux platforms
via 8ee30be Add in the threaded async open engine.
via d81e206 Move set_thread_credentials_permanently() to set_thread_credentials() as we need to keep the saved set uid/gid otherwise there is an interaction with open[at]() and NO_ATIME returning EPERM. As this is meant for threaded code inside the process we don't need to do an irreverisble change anyway.
via b256191 Fix typo we've had for a long time in set_re_uid() in the USE_SETRESUID case.
via 6d903bf Cope with a (non-security) open race we've had for ever as NTCreateX isn't atomic on POSIX.
via 69a3e94 Now we have a guaranteed indication of a file being created, use it to set the create disposition correctly.
via 02d42be Add function fd_open_atomic() which uses O_CREAT|O_EXCL to return a guaranteed indication of creation of a new file.
via 3aa186f Simplify the logic in open_file() some more.
via 3a705e5 Simplify the logic in open_file().
via 1144b0d Use new common function.
via 9d5e026 Make check_same_stat() and check_same_dev_ino() common functions.
via 1f37ed7 Factor out check_same_dev_ino() from check_same_stat() so it can be called separately.
via 7b1fb36 lib/ldb: Bump ldb release due to pyldb changes
via 4cafbb4 s4-torture: add ntprinting ndr operations testsuite.
via 8835eab ntprinting: mark the final 4 byte null pointer for printer data in ndr_pull_ntprinting_printer as read.
via 0d3249b ndr: fix push/pull DATA_BLOB with NDR_NOALIGN
via 66514f8 ntprinting: make decode_ntprinting helpers public in idl.
via d27a9c4 s3: Fix Coverity ID 709470 Uninitialized scalar variable
via 4654dca s4-selftest: do a dbcheck on our two vampire DCs
via f9d9092 s4-dbcheck: Check for an object without a parent
via 7782e33 s4-dsdb: Remove unused variables in py_dsdb_get_partitions_dn
via 023508e pydsdb: Add bindings for dsdb_wellknown_dn()
via 979215a pyldb: Add bindings for ldb_dn_remove_base_components
via e4077a8 s4-pydsdb: Add bindings for dsdb_find_nc_root()
via 507e6fd s4-pydsdb: Improve PyErr_LDB_{DN,}_OR_RAISE to use py_check_dcerpc_type
via 8d99b39 pyldb: Fix dn concat operation to be the other way around
via 7285ed5 auth: Common function for retrieving PAC_LOGIN_INFO from PAC
via a49eb60 s4-lsarpc: DCERPC_FAULT_ACCESS_DENIED for tcp
via 1744e99 s4-lsarpc: DCERPC_FAULT_ACCESS_DENIED for np
via 997c780 s4-lsarpc: Restrict LookupSids3 to crypto connections only.
via 1a12bbd s4-lsarpc: Restrict LookupNames4 to crypto connections only.
via 13a7f98 s4-lsarpc: Don't call lsa_OpenPolicy2 in lsa_LookupSids3.
via 9fa979c s4-lsaprc: Don't call lsa_OpenPolicy2 in lsa_LookupNames4.
via 8e32715 selftest: Update knownfail list for samba4.rpc.lsalookup.
via de54047 s4-selftest: Don't run lsarpc requiring a named pipe over tcpip.
via 48b30bf s4-selftest: Don't plan lsa.secrets tests over tcpip.
via 0b93587 s4-libnet: Skip calling lsarpc functions over a wrong pipe.
via 027b913 s4-torture: Call lsarpc tests over the correct pipe.
via a070ce3 s4-torture: Don't consider NONE_MAPPED an error in LookupSids3.
via 2a46c7f s4-torture: Don't consider NONE_MAPPED an error in LookupNames4.
via eeba5ad s4-torture: Add a lsarpc test_GetUserName_fail function.
via 5dc5cda s4-torture: Add a lsarpc test_OpenPolicy2_fail function.
via 39a13d1 s4-torture: Add a lsarpc test_OpenPolicy_fail function.
via 4ece074 s4-torture: Add a lsarpc test_LookupNames4_fail function.
via ed7be19 s4-torture: Add a lsarpc test_LookupSids3_fail function.
via d37643c s3-lsarpc: Enforce a secure connection for LookupSids3 and LookupNames4.
via d1e829b s3-lsarpc: Restrict lsa_LookupNames4 to ncacn_ip_tcp connections.
via 426cf36 s3-lsarpc: Restrict lsa_LookupSids3 to ncacn_ip_tcp connections.
via bbf70e7 s3-lsarpc: Restrict the transport for ncacn_np functions.
via a866dcc s3-rpc: Return the correct ntstatus depending on the transport.
via fae6091 s3-rpc_server: Make it possible to use more rpc exceptions.
via 81ff67c s3-selftest: Run lsa tests over np and tcpip.
via 47e5a8c s4-torture: Test LookupSids3/LookupNames4 over np and tcpip.
via 1c46bff s4-torture: Make sure lsa_OpenPolicy2 fails over TCP/IP.
via 8bc4d7a s4-torture: Make sure lsa_OpenPolicy fails over TCP/IP.
via 22da710 s4-torture: Make sure ncacn_np tests are only called over the a pipe.
via 00171a5 s4-torture: Test LookupSids3 and LookupNames4 only over tcpip.
via 682277b s4-torture: Use test_LookupSids3 function.
via 1000884 s4-torture: Fix build warnings in lsa test.
via 8f44389 s4-classicupgrade: Demote any other 'BDC' accounts back to a member server during upgrade
via 2908bbe s4-selftest: Test samba-tool domain dcpromo
via 1c86ab9 s4-samba-tool: Provide a samba-tool domain dcpromo that upgrades a member to a DC
via c436f98 s4-dsdb: Give a much better error message when parentGUID generation fails
via 8b32d9a s4-dsdb: Use parent_object_guid to find the correct parent for new objects
via 7abe51f talloc: remove unused variables
via a79496d lib/addns: remove defines we don't need or have for sure via libreplace
via 4b83d61 lib/addns: remove use of uint8 uint16 and uint32 in favour of C99 types
via f9fb1ef s3: evaluate MNT_QUOTA and MNT_RDONLY in statvfs also on darwin
via 5ba91ff s3:registry: untangle assignment from check in reg_enumkey()
via e481afc s3:registry: untangle assignment from check in reg_enumvalue()
via bb4995b s4/heimdal: fix make-proto.pl with perl 5.16
via fa98ef1 replace: make the INT64_MAX define more portable
via b40fb6e s3: if we know a file is immutable, report it to be readonly
via 74bf0c6 ntdb: make --disable-ntdb work properly.
via 6449022 Add waf/configure tests for openat.
via 90881da Move copy_unix_token() from locking/locking.c to lib/util.c.
via a559fcf Add function set_thread_credentials_permanently(). Panic if fail.
via ed85252 Allow init_aio_threadpool() to be setup for different threadpool handles with different completion functions.
via 0ed3433 doc: Remove references to deprecated 'share modes' parameter.
via d0878b3 s3-smbd: Remove deprecated 'share modes' option.
via 571a4b6 doc: Remove documentation for obsolete ldapsam_compat.
via 02c239c s3-passdb: Remove obsolte ldapsam_compat support.
via 3f14155 doc: Remove all references to 'printer admin' option.
via 98ab074 s3-printing: Remove deprecated lp_printer_admin().
via c87aceb doc: Remove documentation about idmap_adex.
via e0e55ca s3-winbind: Remove obsolte idmap_adex.
via a8acaee ldb: bump version due to header and internal implementation changes
via 6612bca WHATSNEW: Spell out version, avoid samba4 except to refer to the past
via f48f65e wafsamba: samba_version: add samba version suffix to vcs_fields
via ec3d1f0 build: Run distcheck in the correct directory
via abda9d3 s3: Fix Coverity ID 709217 Dereference after null check
via 6710e4e s3: Fix Coverity ID 709218 Uninitialized pointer read
via 3e6d8ac s3:vfs: use smbXsrv_open instead of smbXsrv_open0 in files_struct
via f2e8409 s3:vfs: use smbXsrv_tcon instead of smbXsrv_tcon0 in connection_struct.
via db0c233 s3:smb: include "smbXsrv.h" before "vfs.h"
via e332bfa s3:smbd: Include smbXsrv.h before vfs.h (in smbd.h) so that the smbXsrv structures are available
via 8a32d62 s3:smbd:smb2: fix prototype of make_connection_smb2() to use smbXsrv_tcon
via 98ccca8 s3:smbd: include smbXsrv.h before smbd/proto.h to have the smbXsrv_ structs available
via bfc38d7 s3:smbd:smb2: change smbXsrv_tcon0 to smbXsrv_tcon in smbd_smb2_request_check_tcon()
via cca51e2 s3:smbd:smb2: change smbXsrv_session0 to smbXsrv_session in struct user_struct.
via 01a425e samba-tool: gpo: Update copyright
via 5c9ecb4 samba-tool: gpo: Improve error messages
via df4a6e3 samba-tool: gpo: Add del subcommand to delete GPO
via 8768f4f samba-tool: gpo: Add listcontainers subcommand to list containers using given GPO
via 0365df9 samba-tool: gpo: Use utility function dc_url() to set the connection url
via a9c4336 samba-tool: gpo: Refactor code using utility functions
via 5ca2434 samba-tool: gpo: Add utility functions get_gpo_containers and del_gpo_link
via e3828d4 s4-pysmb: Add deltree() method to remove directory and its contents
via 807ff1e samba-tool: Fix indentation
via e93ed5f samba-tool: gpo: Use gpo (id) instead of gpo_dn (DN)
via 963f0df samba-tool: gpo: Correct the attribute name from gPlink to gPLink
via 7563032 samba-tool: gpo: Fix policy DN
via 3fe2c54 Fix the waf/autoconf builds to detect correctly the 32-bit or 64-bit syscall ABI on Linux.
via ec9aae6 Ensure we select the correct syscall numbers on a 32-bit Linux system.
via 4b47e1b VERSION: Move on to beta4!
from a656789 VERSION: Mark as the beta3 release
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 74 +-
auth/credentials/credentials_secrets.c | 51 +-
auth/credentials/wscript_build | 2 +-
auth/kerberos/kerberos_pac.c | 37 +
auth/kerberos/pac_utils.h | 10 +
buildtools/wafsamba/samba_dist.py | 24 +
buildtools/wafsamba/samba_version.py | 38 +
docs-xml/Makefile | 70 +-
docs-xml/Samba3-ByExample/SBE-2000UserNetwork.xml | 1 -
.../Samba3-ByExample/SBE-AddingUNIXClients.xml | 4 -
docs-xml/Samba3-ByExample/SBE-UpgradingSamba.xml | 62 -
docs-xml/Samba3-HOWTO/TOSHARG-CUPS-printing.xml | 8 +-
docs-xml/Samba3-HOWTO/TOSHARG-FastStart.xml | 4 -
docs-xml/Samba3-HOWTO/TOSHARG-IDMAP.xml | 2 -
docs-xml/Samba3-HOWTO/TOSHARG-Passdb.xml | 23 -
docs-xml/Samba3-HOWTO/TOSHARG-Printing.xml | 60 +-
.../Samba3-HOWTO/TOSHARG-RightsAndPriviliges.xml | 10 +-
docs-xml/Samba3-HOWTO/TOSHARG-StandAloneServer.xml | 1 -
docs-xml/Samba3-HOWTO/TOSHARG-upgrading-to-3.0.xml | 967 ----------------
docs-xml/Samba3-HOWTO/index.xml | 2 -
docs-xml/manpages-3/idmap_adex.8.xml | 88 --
docs-xml/smbdotconf/locking/sharemodes.xml | 29 -
.../smbdotconf/printing/showaddprinterwizard.xml | 5 +-
docs-xml/smbdotconf/security/printeradmin.xml | 27 -
docs-xml/smbdotconf/winbind/idmapconfig.xml | 6 +-
docs-xml/using_samba/appc.xml | 14 -
docs-xml/using_samba/appf.xml | 1 -
docs-xml/using_samba/ch05.xml | 9 -
docs-xml/xslt/generate-dependencies.xsl | 36 +
examples/printing/VampireDriversFunctions | 10 +-
examples/scripts/shares/python/smbparm.py | 1 -
lib/addns/dns.h | 184 +---
lib/addns/dnserr.h | 4 +-
lib/addns/dnsgss.c | 6 +-
lib/addns/dnsmarshall.c | 56 +-
lib/addns/dnsrecord.c | 40 +-
lib/addns/dnssock.c | 18 +-
lib/dbwrap/dbwrap_local_open.c | 2 +
lib/ldb/ABI/{ldb-1.1.6.sigs => ldb-1.1.7.sigs} | 0
lib/ldb/ABI/{ldb-1.1.6.sigs => ldb-1.1.8.sigs} | 0
...pyldb-util-1.1.2.sigs => pyldb-util-1.1.7.sigs} | 0
...pyldb-util-1.1.2.sigs => pyldb-util-1.1.8.sigs} | 0
lib/ldb/pyldb.c | 17 +-
lib/ldb/tests/python/api.py | 7 +-
lib/ldb/wscript | 2 +-
lib/replace/replace.h | 2 +-
lib/socket_wrapper/socket_wrapper.c | 2 +-
lib/talloc/pytalloc.c | 5 -
lib/tdb/pytdb.c | 106 ++-
lib/tdb/python/tests/simple.py | 5 +
lib/util/asn1.c | 6 +-
lib/util/setid.c | 46 +
lib/util/wscript_build | 13 +-
librpc/idl/ntprinting.idl | 6 +-
librpc/ndr/ndr_basic.c | 34 +-
librpc/ndr/ndr_ntprinting.c | 1 +
packaging/SGI/smb.conf | 3 -
pidl/lib/Parse/Pidl/Samba3/ServerNDR.pm | 2 +-
selftest/knownfail | 7 +-
selftest/target/Samba.pm | 1 +
selftest/target/Samba4.pm | 131 +++-
source3/Makefile.in | 17 +-
source3/auth/auth_domain.c | 74 --
source3/auth/auth_generic.c | 28 +-
source3/auth/auth_samba4.c | 10 +
source3/auth/token_util.c | 2 +-
source3/configure.in | 110 ++-
source3/include/proto.h | 11 +-
source3/include/secrets.h | 10 +-
source3/include/smb.h | 6 +
source3/include/vfs.h | 4 +-
source3/lib/pidfile.c | 2 +-
source3/lib/smbldap.c | 6 -
source3/lib/util.c | 59 +
source3/lib/util_sec.c | 50 +-
source3/libads/authdata.c | 29 +-
source3/locking/locking.c | 29 -
source3/modules/vfs_aio_pthread.c | 461 ++++++++-
source3/modules/vfs_default.c | 2 +-
source3/modules/vfs_gpfs.c | 16 +-
source3/param/loadparm.c | 21 +-
source3/passdb/lookup_sid.c | 8 +-
source3/passdb/machine_account_secrets.c | 23 +-
source3/passdb/machine_sid.c | 8 +-
source3/passdb/machine_sid.h | 4 +-
source3/passdb/passdb.c | 4 +-
source3/passdb/pdb_interface.c | 86 +--
source3/passdb/pdb_ldap.c | 111 +--
source3/passdb/pdb_ldap.h | 1 -
source3/passdb/pdb_ldap_schema.c | 55 -
source3/passdb/pdb_ldap_schema.h | 10 +-
source3/passdb/pdb_nds.c | 20 -
source3/printing/nt_printing.c | 11 -
source3/registry/reg_api.c | 6 +-
source3/rpc_client/rpc_transport_tstream.c | 18 +-
source3/rpc_server/dfs/srv_dfs_nt.c | 36 +-
source3/rpc_server/dssetup/srv_dssetup_nt.c | 20 +-
source3/rpc_server/echo/srv_echo_nt.c | 10 +-
source3/rpc_server/epmapper/srv_epmapper.c | 10 +-
source3/rpc_server/eventlog/srv_eventlog_nt.c | 32 +-
source3/rpc_server/lsa/srv_lsa_nt.c | 178 ++-
source3/rpc_server/netlogon/srv_netlog_nt.c | 60 +-
source3/rpc_server/ntsvcs/srv_ntsvcs_nt.c | 116 +-
source3/rpc_server/rpc_handles.c | 2 +-
source3/rpc_server/rpc_ncacn_np.c | 19 +-
source3/rpc_server/rpc_pipes.h | 17 +-
source3/rpc_server/samr/srv_samr_nt.c | 40 +-
source3/rpc_server/spoolss/srv_spoolss_nt.c | 168 ++--
source3/rpc_server/srv_pipe.c | 21 +-
source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 70 +-
source3/rpc_server/svcctl/srv_svcctl_nt.c | 56 +-
source3/rpc_server/winreg/srv_winreg_nt.c | 10 +-
source3/rpc_server/wkssvc/srv_wkssvc_nt.c | 53 +-
source3/script/mkversion.sh | 2 +-
source3/selftest/tests.py | 5 +
source3/smbd/aio.c | 13 +
source3/smbd/conn_idle.c | 5 +
source3/smbd/dosmode.c | 6 +
source3/smbd/fileio.c | 67 +-
source3/smbd/globals.h | 2 +-
source3/smbd/open.c | 298 ++++--
source3/smbd/process.c | 5 -
source3/smbd/proto.h | 7 +-
source3/smbd/smb2_server.c | 14 +-
source3/smbd/smb2_write.c | 2 +-
source3/smbd/smbd.h | 1 +
source3/smbd/statvfs.c | 2 +-
source3/utils/net_groupmap.c | 2 +-
source3/utils/ntlm_auth.c | 28 +-
source3/winbindd/idmap.c | 2 +-
source3/winbindd/idmap_adex/cell_util.c | 295 -----
source3/winbindd/idmap_adex/domain_util.c | 288 -----
source3/winbindd/idmap_adex/gc_util.c | 862 --------------
source3/winbindd/idmap_adex/idmap_adex.c | 407 -------
source3/winbindd/idmap_adex/idmap_adex.h | 254 -----
source3/winbindd/idmap_adex/likewise_cell.c | 447 --------
source3/winbindd/idmap_adex/provider_unified.c | 1198 --------------------
source3/winbindd/wb_lookupsids.c | 4 +-
source3/winbindd/wb_next_grent.c | 4 +-
source3/winbindd/wb_next_pwent.c | 4 +-
source3/winbindd/winbindd_cache.c | 4 +-
source3/winbindd/winbindd_cm.c | 8 +-
source3/winbindd/winbindd_samr.c | 6 +-
source3/winbindd/winbindd_util.c | 4 +-
source3/winbindd/wscript_build | 30 -
source3/wscript | 79 ++-
source4/auth/kerberos/kerberos.h | 8 -
source4/auth/kerberos/kerberos_pac.c | 37 -
source4/dsdb/pydsdb.c | 72 ++-
source4/dsdb/repl/replicated_objects.c | 11 +
source4/dsdb/samdb/ldb_modules/operational.c | 6 +-
source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 118 ++-
source4/dsdb/samdb/samdb.h | 1 +
source4/heimdal/cf/make-proto.pl | 5 +-
source4/lib/registry/registry.h | 3 +-
source4/lib/registry/rpc.c | 5 +-
source4/lib/registry/tools/common.c | 2 +-
source4/lib/registry/tools/regdiff.c | 15 +-
source4/libcli/pysmb.c | 25 +
source4/libnet/libnet_rpc.c | 9 +
source4/param/secrets.h | 6 +-
source4/rpc_server/lsa/dcesrv_lsa.c | 10 +
source4/rpc_server/lsa/lsa_init.c | 10 +
source4/rpc_server/lsa/lsa_lookup.c | 241 +++--
source4/scripting/python/samba/dbchecker.py | 44 +
source4/scripting/python/samba/join.py | 64 +-
source4/scripting/python/samba/netcmd/domain.py | 67 ++
source4/scripting/python/samba/netcmd/gpo.py | 295 ++++--
source4/scripting/python/samba/netcmd/group.py | 4 +-
.../scripting/python/samba/provision/__init__.py | 27 +-
source4/scripting/python/samba/samdb.py | 10 +-
source4/scripting/python/samba/upgrade.py | 14 +-
source4/selftest/tests.py | 15 +-
source4/setup/provision | 4 +-
source4/setup/ypServ30.ldif | 507 +++++++++
source4/torture/ndr/ndr.c | 1 +
source4/torture/ndr/ntprinting.c | 440 +++++++
source4/torture/rpc/lsa.c | 484 +++++++--
source4/torture/rpc/lsa_lookup.c | 16 +
source4/torture/rpc/schannel.c | 6 +
source4/torture/wscript_build | 2 +-
tests/summary.c | 2 +-
wscript | 17 +-
184 files changed, 4631 insertions(+), 6941 deletions(-)
delete mode 100644 docs-xml/Samba3-HOWTO/TOSHARG-upgrading-to-3.0.xml
delete mode 100644 docs-xml/manpages-3/idmap_adex.8.xml
delete mode 100644 docs-xml/smbdotconf/locking/sharemodes.xml
delete mode 100644 docs-xml/smbdotconf/security/printeradmin.xml
create mode 100644 docs-xml/xslt/generate-dependencies.xsl
copy lib/ldb/ABI/{ldb-1.1.6.sigs => ldb-1.1.7.sigs} (100%)
copy lib/ldb/ABI/{ldb-1.1.6.sigs => ldb-1.1.8.sigs} (100%)
copy lib/ldb/ABI/{pyldb-util-1.1.2.sigs => pyldb-util-1.1.7.sigs} (100%)
copy lib/ldb/ABI/{pyldb-util-1.1.2.sigs => pyldb-util-1.1.8.sigs} (100%)
delete mode 100644 source3/winbindd/idmap_adex/cell_util.c
delete mode 100644 source3/winbindd/idmap_adex/domain_util.c
delete mode 100644 source3/winbindd/idmap_adex/gc_util.c
delete mode 100644 source3/winbindd/idmap_adex/idmap_adex.c
delete mode 100644 source3/winbindd/idmap_adex/idmap_adex.h
delete mode 100644 source3/winbindd/idmap_adex/likewise_cell.c
delete mode 100644 source3/winbindd/idmap_adex/provider_unified.c
create mode 100644 source4/setup/ypServ30.ldif
create mode 100644 source4/torture/ndr/ntprinting.c
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 1ded558..57b1289 100644
--- a/VERSION
+++ b/VERSION
@@ -67,7 +67,7 @@ SAMBA_VERSION_ALPHA_RELEASE=
# e.g. SAMBA_VERSION_BETA_RELEASE=1 #
# -> "4.0.0beta1" #
########################################################
-SAMBA_VERSION_BETA_RELEASE=3
+SAMBA_VERSION_BETA_RELEASE=4
########################################################
# For 'pre' releases the version will be #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index b41f3a3..b7af995 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,4 @@
-What's new in Samba 4 beta3
+What's new in Samba 4.0 beta4
=============================
Samba 4.0 will be the next version of the Samba suite and incorporates
@@ -11,14 +11,14 @@ and above.
WARNINGS
========
-Samba4 beta3 is not a final Samba release, however we are now making
+Samba 4.0 beta4 is not a final Samba release, however we are now making
good progress towards a Samba 4.0 release, of which this is a preview.
Be aware the this release contains the best of all of Samba's
technology parts, both a file server (that you can reasonably expect
to upgrade existing Samba 3.x releases to) and the AD domain
controller work previously known as 'samba4'.
-Samba4 is subjected to an awesome battery of tests on an automated
+Samba 4.0 is subjected to an awesome battery of tests on an automated
basis, we have found Samba 4.0 to be very stable in it's behavior.
However, we still recommend against upgrading production servers from
Samba 3.x release to Samba 4.0 beta at this stage.
@@ -94,39 +94,46 @@ Python programs to interface to Samba's internals, and many tools and
internal workings of the DC code is now implemented in python.
-CHANGES SINCE beta2
+CHANGES SINCE beta3
=====================
-For a list of changes since beta2, please see the git log.
+For a list of changes since beta3, please see the git log.
$ git clone git://git.samba.org/samba.git
$ cd samba.git
-$ git log samba-4.0.0beta2..samba-4.0.0beta3
+$ git log samba-4.0.0beta3..samba-4.0.0beta4
Some major user-visible changes include:
-The failure to start up due to a blocking smbd-fileserver.conf.pid has
-been resolved.
-
-Samba now includes support for version 2.1 of the SMB protocol,
-the SMB2 version of Windows 7 and 2008R2, including dynamic
-reauthentication and support for multi-credit (large MTU).
-Consequently, Samba negotiates SMB 2.1 by default: The value "SMB2"
-for the configuration parameter "max protocol" has been changed to
-be an alias for SMB 2.1. Previously, the default SMB2 version of
-Samba was the original version 2.0 of SMB that was shipped with
-Windows Vista and 2008.
-
-Samba now offers basic experimental support for SMB3, the next version
-of the SMB protocol (formerly known as SMB 2.2) that will be available
-with Windows 8 and Windows Server 2012. Negotiation of SMB3 can be
-activated by setting "max protocol" to "SMB3" in smb.conf.
-
-Thanks to upgrades to our AD DC code, particularly in schema handling,
-Samba can now correctly handle the installation of Microsoft Exchange
-2010. Other issues prevent run-time operation, but this is a major
-milestone in supporting one of the single mode demanding Active
-Directory applications.
+- The issue with beta3 being unable to build with a released version of
+ ldb has been resolved.
+
+- A new tool 'samba-tool domain dcpromo' has been added to allow the
+ promotion of existing domain member accounts to a DC without creating
+ a new SID
+
+- When provisioning with --use_rfc2307=yes we will populate the
+ subtree CN=ypServ30,CN=RpcServices,CN=System,${DOMAINDN}. This makes
+ it possible to manipulate the posix attributes via ADUC.
+
+- Improved 'samba-tool gpo' subcommands
+
+- --disable-ntdb now works properly
+
+- Bug 9026 - 3.6.6 upgrade from 3.5.x fails with "Couldn't migrate
+ printers tdb file: NT_STATUS_NO_MEMORY" has been resolved
+
+- Bug 9016 - Connection to outbound trusted domain goes offline has
+ been resolved
+
+Less visible, but important changes under the hood include:
+
+- Continued work to support SMB2 and SMB3
+
+- Correct restrictions and permissions on LSA calls over TCP and via
+ Schannel have been implemented and tested
+
+- Continued work to use async IO to improve file server performance.
KNOWN ISSUES
============
@@ -137,9 +144,18 @@ KNOWN ISSUES
warnings about invalid parameters from the two respective parameter
parsing engines.
+- Modifying of group policies by members of the Domain Administrators
+ group is not possible with the s3fs file server, only with the ntvfs
+ file server. This is due to the underlying POSIX ACL not being set
+ at provision time.
+
+- For similar reasons, sites with ACLs stored by the ntvfs file server
+ may wish to continue to use that file server implementation, as a
+ posix ACL will similarly not be set in this case.
+
- Replication of DNS data from one AD server to another may not work.
The DNS data used by the internal DNS server and bind9_dlz is stored
- in an application partition in our directory. The replicaton of
+ in an application partition in our directory. The replication of
this partition is not yet reliable.
- Replication may fail on FreeBSD due to getaddrinfo() rejecting names
diff --git a/auth/credentials/credentials_secrets.c b/auth/credentials/credentials_secrets.c
index bc08d9d..8206173 100644
--- a/auth/credentials/credentials_secrets.c
+++ b/auth/credentials/credentials_secrets.c
@@ -34,6 +34,11 @@
#include "param/param.h"
#include "lib/events/events.h"
#include "dsdb/samdb/samdb.h"
+#include "source3/include/secrets.h"
+#include "dbwrap/dbwrap.h"
+#include "dbwrap/dbwrap_open.h"
+#include "lib/util/util_tdb.h"
+
/**
* Fill in credentials for the machine trust account, from the secrets database.
@@ -197,17 +202,59 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr
NTSTATUS status;
char *filter;
char *error_string;
+ const char *domain;
/* Bleh, nasty recursion issues: We are setting a machine
* account here, so we don't want the 'pending' flag around
* any more */
cred->machine_account_pending = false;
+
+ /* We have to do this, as the fallback in
+ * cli_credentials_set_secrets is to run as anonymous, so the domain is wiped */
+ domain = cli_credentials_get_domain(cred);
filter = talloc_asprintf(cred, SECRETS_PRIMARY_DOMAIN_FILTER,
- cli_credentials_get_domain(cred));
+ domain);
status = cli_credentials_set_secrets(cred, lp_ctx, NULL,
SECRETS_PRIMARY_DOMAIN_DN,
filter, &error_string);
+ if (NT_STATUS_EQUAL(NT_STATUS_CANT_ACCESS_DOMAIN_INFO, status)
+ || NT_STATUS_EQUAL(NT_STATUS_NOT_FOUND, status)) {
+ TDB_DATA dbuf;
+ char *secrets_tdb = lpcfg_private_path(cred, lp_ctx, "secrets.tdb");
+ struct db_context *db_ctx = dbwrap_local_open(cred, lp_ctx, secrets_tdb, 0,
+ TDB_DEFAULT, O_RDWR, 0600,
+ DBWRAP_LOCK_ORDER_1);
+ if (db_ctx) {
+ char *keystr;
+ char *keystr_upper;
+ keystr = talloc_asprintf(cred, "%s/%s",
+ SECRETS_MACHINE_PASSWORD,
+ domain);
+ keystr_upper = strupper_talloc(cred, keystr);
+ TALLOC_FREE(keystr);
+ status = dbwrap_fetch(db_ctx, cred, string_tdb_data(keystr_upper),
+ &dbuf);
+
+ if (NT_STATUS_IS_OK(status)) {
+ char *machine_account = talloc_asprintf(cred, "%s$", lpcfg_netbios_name(lp_ctx));
+ cli_credentials_set_password(cred, (const char *)dbuf.dptr, CRED_SPECIFIED);
+ cli_credentials_set_domain(cred, domain, CRED_SPECIFIED);
+ cli_credentials_set_username(cred, machine_account, CRED_SPECIFIED);
+ TALLOC_FREE(machine_account);
+ TALLOC_FREE(dbuf.dptr);
+ } else {
+ error_string = talloc_asprintf(cred,
+ "Failed to fetch machine account password from "
+ "secrets.ldb: %s and failed to fetch %s from %s",
+ error_string, keystr_upper, secrets_tdb);
+ }
+ TALLOC_FREE(keystr_upper);
+ TALLOC_FREE(secrets_tdb);
+ }
+ }
+
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(1, ("Could not find machine account in secrets database: %s: %s\n", nt_errstr(status), error_string));
+ DEBUG(1, ("Could not find machine account in secrets database: %s: %s\n",
+ error_string, nt_errstr(status)));
talloc_free(error_string);
}
return status;
diff --git a/auth/credentials/wscript_build b/auth/credentials/wscript_build
index a7936e9..0b2aec2 100755
--- a/auth/credentials/wscript_build
+++ b/auth/credentials/wscript_build
@@ -17,7 +17,7 @@ bld.SAMBA_SUBSYSTEM('CREDENTIALS_KRB5',
bld.SAMBA_SUBSYSTEM('CREDENTIALS_SECRETS',
source='credentials_secrets.c',
- deps='CREDENTIALS_KRB5 CREDENTIALS_NTLM ldb SECRETS samdb-common',
+ deps='CREDENTIALS_KRB5 CREDENTIALS_NTLM ldb SECRETS samdb-common dbwrap',
)
bld.SAMBA_SUBSYSTEM('CREDENTIALS_NTLM',
diff --git a/auth/kerberos/kerberos_pac.c b/auth/kerberos/kerberos_pac.c
index eacf39d..80f31d8 100644
--- a/auth/kerberos/kerberos_pac.c
+++ b/auth/kerberos/kerberos_pac.c
@@ -402,4 +402,41 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
+NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx,
+ DATA_BLOB blob,
+ krb5_context context,
+ const krb5_keyblock *krbtgt_keyblock,
+ const krb5_keyblock *service_keyblock,
+ krb5_const_principal client_principal,
+ time_t tgs_authtime,
+ struct PAC_LOGON_INFO **logon_info)
+{
+ NTSTATUS nt_status;
+ struct PAC_DATA *pac_data;
+ int i;
+ nt_status = kerberos_decode_pac(mem_ctx,
+ blob,
+ context,
+ krbtgt_keyblock,
+ service_keyblock,
+ client_principal,
+ tgs_authtime,
+ &pac_data);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return nt_status;
+ }
+
+ *logon_info = NULL;
+ for (i=0; i < pac_data->num_buffers; i++) {
+ if (pac_data->buffers[i].type != PAC_TYPE_LOGON_INFO) {
+ continue;
+ }
+ *logon_info = pac_data->buffers[i].info->logon_info.info;
+ }
+ if (!*logon_info) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ return NT_STATUS_OK;
+}
+
#endif
diff --git a/auth/kerberos/pac_utils.h b/auth/kerberos/pac_utils.h
index d654bec..b9b6664 100644
--- a/auth/kerberos/pac_utils.h
+++ b/auth/kerberos/pac_utils.h
@@ -26,6 +26,7 @@
struct PAC_SIGNATURE_DATA;
struct PAC_DATA;
+struct PAC_LOGON_INFO;
krb5_error_code check_pac_checksum(DATA_BLOB pac_data,
struct PAC_SIGNATURE_DATA *sig,
@@ -41,6 +42,15 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
time_t tgs_authtime,
struct PAC_DATA **pac_data_out);
+NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx,
+ DATA_BLOB blob,
+ krb5_context context,
+ const krb5_keyblock *krbtgt_keyblock,
+ const krb5_keyblock *service_keyblock,
+ krb5_const_principal client_principal,
+ time_t tgs_authtime,
+ struct PAC_LOGON_INFO **logon_info);
+
NTSTATUS gssapi_obtain_pac_blob(TALLOC_CTX *mem_ctx,
gss_ctx_id_t gssapi_context,
gss_name_t gss_client_name,
diff --git a/buildtools/wafsamba/samba_dist.py b/buildtools/wafsamba/samba_dist.py
index 79cb721..1f56f2e 100644
--- a/buildtools/wafsamba/samba_dist.py
+++ b/buildtools/wafsamba/samba_dist.py
@@ -5,6 +5,7 @@ import Utils, os, sys, tarfile, stat, Scripting, Logs, Options
from samba_utils import *
dist_dirs = None
+dist_files = None
dist_blacklist = ""
def add_symlink(tar, fname, abspath, basedir):
@@ -157,6 +158,22 @@ def dist(appname='',version=''):
fname = dist_base + '/' + f
add_tarfile(tar, fname, abspath, dir)
+ if dist_files:
+ for file in dist_files.split():
+ if file.find(':') != -1:
+ destfile = file.split(':')[1]
+ file = file.split(':')[0]
+ else:
+ destfile = file
+
+ absfile = os.path.join(srcdir, file)
+
+ if destfile != file:
+ file = destfile
+
+ fname = dist_base + '/' + file
+ add_tarfile(tar, fname, absfile, file)
+
tar.close()
if Options.options.SIGN_RELEASE:
@@ -195,6 +212,13 @@ def DIST_DIRS(dirs):
dist_dirs = dirs
@conf
+def DIST_FILES(files):
+ '''set additional files for packaging, relative to top srcdir'''
+ global dist_files
+ if not dist_files:
+ dist_files = files
+
+ at conf
def DIST_BLACKLIST(blacklist):
'''set the files to exclude from packaging, relative to top srcdir'''
global dist_blacklist
diff --git a/buildtools/wafsamba/samba_version.py b/buildtools/wafsamba/samba_version.py
index 9dae23a..e82fd47 100644
--- a/buildtools/wafsamba/samba_version.py
+++ b/buildtools/wafsamba/samba_version.py
@@ -92,6 +92,41 @@ def git_version_summary(path, env=None):
return (ret, fields)
+def distversion_version_summary(path):
+ #get version from .distversion file
+ f = open(path + '/.distversion', 'r')
+ suffix = None
+ fields = {}
+
+ for line in f:
+ line = line.strip()
+ if line == '':
+ continue
+ if line.startswith("#"):
+ continue
+ try:
+ split_line = line.split("=")
+ if split_line[1] != "":
+ key = split_line[0]
+ value = split_line[1]
+ if key == "SUFFIX":
+ suffix = value
+ continue
+ fields[key] = value
+ except:
+ print("Failed to parse line %s from .distversion file." % (line))
+ raise
+ f.close()
+
+ if "COMMIT_TIME" in fields:
+ fields["COMMIT_TIME"] = int(fields["COMMIT_TIME"])
+
+ if suffix is None:
+ return ("UNKNOWN", fields)
+
+ return (suffix, fields)
+
+
class SambaVersion(object):
def __init__(self, version_dict, path, env=None, is_install=True):
@@ -167,9 +202,12 @@ also accepted as dictionary entries here
suffix, self.vcs_fields = git_version_summary(path, env=env)
elif os.path.exists(os.path.join(path, ".bzr")):
suffix, self.vcs_fields = bzr_version_summary(path)
+ elif os.path.exists(os.path.join(path, ".distversion")):
+ suffix, self.vcs_fields = distversion_version_summary(path)
else:
suffix = "UNKNOWN"
self.vcs_fields = {}
+ self.vcs_fields["SUFFIX"] = suffix
SAMBA_VERSION_STRING += "-" + suffix
else:
self.vcs_fields = {}
diff --git a/docs-xml/Makefile b/docs-xml/Makefile
index 40aa161..8cf05f7 100644
--- a/docs-xml/Makefile
+++ b/docs-xml/Makefile
@@ -53,10 +53,15 @@ release:: manpages3 htmlman3 html pdf
clean::
@echo "Cleaning up..."
rm -rf $(OUTPUTDIR)/* $(DOCBOOKDIR)
- rm -f $(patsubst %.svg,%.png,$(wildcard */images/*.svg)) \
- $(patsubst %.svg,%.eps,$(wildcard */images/*.svg)) \
- $(patsubst %.png,%.eps,$(wildcard */images/*.png))
rm -f *-attributions.xml
+ rm -f $(patsubst %.svg,%.png,$(foreach DOC,$(MAIN_DOCS),$($(DOC)-images-latex-dia))) \
+ $(patsubst %.svg,%.pdf,$(foreach DOC,$(MAIN_DOCS),$($(DOC)-images-latex-svg))) \
+ $(patsubst %.svg,%.eps,$(foreach DOC,$(MAIN_DOCS),$($(DOC)-images-latex-svg))) \
+ $(patsubst %.svg,%.png,$(foreach DOC,$(MAIN_DOCS),$($(DOC)-images-latex-svg)))
+ rm -f *-attributions.xml *.d *.tpt *.tex *.loc *.toc *.lof *.glo *.idx *.aux
+ rm -f *-images-html*
+ rm -f *-images-latex-* $(LATEX_FIGURES)
+ rm -f xslt/figures/*pdf
rm -f $(SMBDOTCONFDOC)/parameters.*.xml
rm -f build/catalog.xml
@@ -104,7 +109,7 @@ $(HTMLDIR)/index.html: htmldocs.html
@mkdir -p $(@D)
cp $< $@
-$(HTMLDIR)/%/index.html: $(DOCBOOKDIR)/%.xml $(HTMLDIR)/%/samba.css xslt/html-chunk.xsl
+$(HTMLDIR)/%/index.html: $(DOCBOOKDIR)/%.xml $(HTMLDIR)/%/samba.css xslt/html-chunk.xsl %-images-html-chunks
@mkdir -p $(@D)
$(XSLTPROC) --stringparam base.dir "$(HTMLDIR)/$*/" xslt/html-chunk.xsl $<
@@ -113,16 +118,7 @@ $(OUTPUTDIR)/%/samba.css: xslt/html/samba.css
@mkdir -p $(@D)
cp $< $@
-$(patsubst %,$(HTMLDIR)/%.html,$(MAIN_DOCS)): $(HTMLDIR)/%.html: %-images-png
-
-define IMAGES_TEMPLATE
-$(1)-images-png:: $$(patsubst %.svg,%.png,$$(wildcard $(1)/images/*.svg)) ;
-$(1)-images-eps:: $$(patsubst %.svg,%.eps,$$(wildcard $(1)/images/*.svg)) ;
-$(1)-images-eps:: $$(patsubst %.png,%.eps,$$(wildcard $(1)/images/*.png)) ;
-
-endef
-
-$(eval $(foreach DOC, $(MAIN_DOCS),$(call IMAGES_TEMPLATE,$(DOC))))
+$(patsubst %,$(HTMLDIR)/%.html,$(MAIN_DOCS)): $(HTMLDIR)/%.html: %-images-html-single
$(HTMLDIR)/%.html: $(DOCBOOKDIR)/%.xml $(HTMLDIR)/samba.css xslt/html.xsl
$(XSLTPROC) --output $@ xslt/html.xsl $<
@@ -144,12 +140,47 @@ $(TXTDIR)/%.txt: $(HTMLDIR)/%.html
@mkdir -p $(@D)
@$(DBLATEX) $(DBLATEX_OPTIONS) -t tex -o $@ $<
+# Dependency files
+%.d: $(DOCBOOKDIR)/%.xml xslt/generate-dependencies.xsl
+ @echo "Generating dependency file for $*"
+ @$(XSLTPROC) --novalid \
+ --stringparam txtbasedir "$(TXTDIR)/$*/" \
+ --stringparam target "$*" \
+ -o $@ xslt/generate-dependencies.xsl $<
+ @echo "$*-images-latex-svg = \$$(wildcard \$$(addsuffix .svg, \$$($*-images-latex)))" >> $@
+ @echo "$*-images-latex-eps: \$$(addsuffix .eps, \$$($*-images-latex))" >> $@
+ @echo "$*-images-latex-pdf: \$$(patsubst %.svg, %.pdf, \$$($*-images-latex-svg))" >> $@
+ @echo "$*-images-latex-png: \$$(filter-out \$$(patsubst %.svg,%.png,\$$($*-images-latex-svg)), \$$(addsuffix .png, \$$($*-images-latex)))" >> $@
+
+ @echo >> $@
+ @echo "\$$(HTMLDIR)/%: $*/%" >> $@
+ @echo " @mkdir -p \$$(@D)" >> $@
+ @echo " @cp \$$< \$$@" >> $@
+ @echo >> $@
+ @echo "\$$(HTMLDIR)/$*/%: $*/%" >> $@
+ @echo " @mkdir -p \$$(@D)" >> $@
+ @echo " @cp \$$< \$$@" >> $@
+ @echo >> $@
+ @echo "\$$(HTMLHELPDIR)/$*/%: $*/%" >> $@
+ @echo " @mkdir -p \$$(@D)" >> $@
+ @echo " @cp \$$< \$$@" >> $@
+ @echo >> $@
+ @echo "$*-images-html-single: \$$(addprefix \$$(HTMLDIR)/, \$$($*-images-html))" >> $@
+ @echo "$*-images-html-chunks: \$$(addprefix \$$(HTMLDIR)/$*/, \$$($*-images-html))" >> $@
+ @echo "$*-images-htmlhelp: \$$(addprefix \$$(HTMLHELPDIR)/$*/, \$$($*-images-html))" >> $@
+
+ifdef OUTPUTDIR
+ifneq ($(MAKECMDGOALS),clobber)
+-include $(addsuffix .d,$(MAIN_DOCS))
+endif
+endif
+
# Adobe PDF files
-$(PDFDIR)/%.pdf: %/index.xml $(PDFDIR) xslt/latex.xsl %-images-png
+$(PDFDIR)/%.pdf: %/index.xml $(PDFDIR) xslt/latex.xsl %-images-latex-png %-images-latex-pdf
$(DBLATEX) $(DBLATEX_OPTIONS) -I $*/images -t pdf -o $@ $<
# PostScript files
--
Samba Shared Repository
More information about the samba-cvs
mailing list