[SCM] Samba Shared Repository - branch v4-2-stable updated
Karolin Seeger
kseeger at samba.org
Sat Dec 20 08:27:15 MST 2014
The branch, v4-2-stable has been updated
via f139544 VERSION: Disable git snapshots for the 4.2.0rc3 release.
via 2277f6a WHATSNEW: Add release notes for Samba 4.2.0rc3.
via 60748d1 s3:passdb: let pdb_get_trust_credentials() try pdb_get_trusteddom_creds() first
via 26c011d s3:passdb: add optional get_trusteddom_creds() hooks
via 611e95e pdb: fix build issues with shared modules
via ddc2bba s3:idmap_cache: remove unused idmap_cache_set_sid2[u|g]id()
via dac59a2 pdb: Increase version number to fix ABI
via 1a91c09 idmap: return the correct id type to *id_to_sid methods
via d655b56 idmap: unify passdb *id_to_sid methods
via 0c32df4 s3:passdb: avoid invalid pointer type warnings in pdb_wbc_sam.c
via f87e9b1 s3:passdb: always copy the history in pdb_set_plaintext_passwd()
via f1f0ca3 pdb_tdb: Avoid a nasty error message with ctdb
via a681688 pdb_tdb: don't leak state_path onto talloc tos
via 741ac3b account_pol: don't leak state_path onto talloc tos
via b14bed4 passdb: Use common code in cli_credentials_set_machine_account_db_ctx()
via d26278a auth/credentials: Ensure that we set the realm when reading secrets.tdb
via e3b6d3b credentials: Allow the secret.tdb handle to be passed in to cli_credentials_set_machine_account()
via a81b814 credentials: Improve error message on failure to set machine account password
via a13c21b credentials: Set secure_channel_type from secrets.tdb in cli_credentials_set_machine_account
via f80a108 s3:locking: fix uninitialiazed variable in brl_get_locks_readonly_parser()
via 5d3a3c8b ctdb-build: fix build without xsltproc
via c0d778c packaging: Include CTDB man pages in the tarball
via 6c01512 ctdb-build: Fix the installation of config files for top-level build
via d09a0e0 ctdb-build: Fix the indentation
via 27219c0 libcli/smb: only force signing of smb2 session setups when binding a new session
via 8bb6039 s3:smb2_server: allow reauthentication without signing
via c0aee74 vfs_streams_xattr: add missing call to SMB_VFS_NEXT_CONNECT
via 4190813 testprogs/test_ldb: check rootdse search with extended-dn control
via 23e43c3 s4:dsdb/rootdse: expand extended dn values with the AS_SYSTEM control
via 02ad559 s3:utils/profiles fix a use after free
via adb4618 s3:registry/regfio fix some valgrind warnings
via 238eb48 s3:registry/regfio read SD from the correct location
via 0055b0d ctdb-tests: Need to drop public IPs in kill-failover tests
via 12c1e89 ctdb-daemon: Gratuitous ARP equivalent for IPv6 is neighbor advertisement
via 7787cfa ctdb-tests: More debug on SSH failure
via bdaa7f2 ctdb-tests: Make tcpdump output more verbose
via 67bda03 ctdb-tests: Use ip neigh command instead of arp
via fe23b5b ctdb-tests: Generalise the gratarp and tickle sniffing code for IPv6
via aa84dec ctdb-tests: Match IPv6 connections in netstat output
via 1e6681f ctdb-tests: Use ping_wrapper to do relevant ping or ping6
via 2b9facf ctdb-tests: Extend regexps to handle IPv6 address matching
via 6299649 ctdb-tests: Bracket IP addresses in NFS mounts and scp command (for IPv6)
via 4f05acc ctdb-tests: Try to handle IPv6 addresses for local daemons
via 5d4a412 ctdb-tests: Extend regexp to match IPv6 addresses
via 6c245c5 ctdb-tools: Bracket IP addresses in onnode (for IPv6)
via 78f35cb ctdb-daemon: Fix IP address comparisons for IPv6 addresses
via dd6534f ctdb-scripts: Wait until IPv6 addresses are not "tentative"
via fee8c94 ctdb-eventscripts: Specify broadcast optionally to ip addr add
via 6e59d32 ctdb-daemon: Trust vnn->interface for an IP when releasing it
via cd26059 ctdb-scripts: Make 10.interface IPv6-safe
via 231fab1 ctdb-scripts: New functions ip6tables() and iptables_wrapper()
via fd796e6 ctdb-scripts: Add IPv6 addresses support in ip_maskbits_iface()
via 410c785 ctdb-utils: Update Nagios code to use ctdb -X
via 4d3d4bc ctdb-doc: Update examples to use ctdb -X
via 2524621 ctdb-tool: Fix "ctdb -Y ifaces" output to have trailing delimiters
via 645f1e2 ctdb-tests: Update integration tests to use ctdb -X
via dbda14a ctdb-tools: Update onnode and ctdb-diagnostics to use ctdb -X
via 8df3a81 ctdb-scripts: Update eventscripts to use ctdb -X instead of ctdb -Y
via a5ffa96 ctdb-tools: Add -X option for machine parsable output with separator '|'
via dbfc67a ctdb-tools: Add -x option to specify delimiter for machine readable output
via 9acafe9 ctdb-tools: Produce machine readable output with new function printm()
via decb761 ctdb-recoverd: Process all the records for vacuum fetch in a loop
via 7d4e0f0 ctdb-vacuum: Do not delete VACUUM MIGRATED records immediately
via 9fdde0e ctdb-vacuum: Use non-blocking lock when traversing delete tree
via df0b424 ctdb-vacuum: Use non-blocking lock when traversing delete queue
via 6027371 ctdb-vacuum: Stagger vacuuming child processes
via 5c4a1bb ctdb-vacuum: Track time for vacuuming in database statistics
via 2151f1d WHATSNEW: Announce SMB2 leases support.
via 434edeb s3:locking: Change the data model for leases_db to cope with dynamic path renames.
via 0547beb s3:locking: pass down servicepath to leases_db_add()
via 8ad49ec s3:locking: Add new utility function leases_db_copy_file_ids()
via 8f2b0eb s3:locking: prepare the data model for leases_db to cope with dynamic path renames.
via 4cf99a2 s3:locking: pass servicename_new to leases_db_rename()
via 636d109 socket_wrapper: Add missing prototype check for eventfd.
via bb2177e swrap: Bump version to 1.1.2.
via 6c220fc swrap: Add support for eventfd with unsigned count variable.
via c70e36a swrap: Add a trace message for swrap_socket().
via 48a42c5 swrap: Implement fcntl() to catch F_DUPFD.
via ec00684 swrap: Include the function name in the debug output.
via b1d8ee8 swrap: Silence alignment warnings.
via fee8d88 swrap: Fix type punning warnings when loading functions.
via 39aebaf swrap: Fix access to struct members in log messages.
via e046e44 swrap: Fix whitespace errors.
via 2eaca17 swrap: Update copyright notice.
via d09501a swrap: Wrap fopen to detect stale file descriptors.
via cbe2d33 swrap: Use swrap_address in swrap_accept().
via 55046c7 swrap: Remove unused sockaddr_dup() function.
via 848ca71 swrap: Use swrap_address in the socket_info struct.
via 728ed20 swrap: Use a sockaddr_un for the unix path in socket_info.
via e4d79ef swrap: Rename swrap_pcap_dump_packet().
via 92b0c5f swrap: Rename swrap_pcap_get_fd().
via 17b0e33 swrap: Rename swrap_marshall_packet().
via 7a23bdf swrap: Rename swrap_packet_init().
via 4041dfa swrap: Rename socket_wrapper_pcap_file().
via 183fb06 swrap: Fix type punning warnings.
via 049a0e7 Provide a compatible declaration of CMSG_ALIGN
via 596cfe8 swrap: fix another discard const warning in swrap_bind()
via 0f61a73 swrap: fix discard const warning in swrap_bind()
via 40a5196 swrap: fix discard const warning in swrap_remove_stale()
via 82bcad3 swrap: fix build when neither HAVE_STRUCT_IN_PKTINFO nor IP_RECVDSTADDR is defined
via ee6209b WHATSNEW: Apple's SMB2 extension AAPL
via 3e8a168 s3: modules: Fix *allocate* calls to follow POSIX error return convention.
via 46489da s3: smbd: Fix *allocate* calls to follow POSIX error return convention.
via 4d0390b s3: smbd: Fix *allocate* calls to follow POSIX error return convention.
via 8b67f30 vfs_fruit: add AAPL options
via 965bd1f s4:torture:vfs_fruit: smb2/create context AAPL test
via 2999c1d s4:libcli/raw: make short_name available in buffer
via 0a1b415 s3:smbd: add SMB_VFS_READDIR_ATTR() to marshall direntry
via 1422d17 vfs_fruit: AAPL support
via ee5c54a s3:smbd: ignore dacls with MS NFS ACEs
via c8bdd6c libcli/security: add a function that checks for MS NFS ACEs
via f684837 libcli/security: add NFS SID mappings
via 96056e3 s3:smbd: add SMB2 AAPL create context defines
via 0e30cea s3:vfs: add create tags to SMB_VFS_CREATEFILE
via 5f468c8 s3:smbd: allocate out_context_blobs with talloc
via 3ad8b94 s3:vfs: add SMB_VFS_READDIR_ATTR()
via bfc4cb7 vfs_snapper: check for <linux/ioctl.h>
via 861d34a s3-libsmb: Duplicate the memory before we free it.
via 55d388b s3-libsmb: Set the netbios_name in use_ccache case too.
via f7254bd s3-lib: Do not require a password with --use-ccache.
via 94c3e96 s4: torture: leases. Simple lease_v2 rename test "v2_rename".
via daabdfe s3: leases: Make SMB2 setinfo SMB2_FILE_RENAME_INFORMATION_INTERNAL async.
via 06db0a4 s3: leases: send_break_message() public.
via 0b61761 s3: leases: Make aio_add_req_to_fsp() public.
via 241fb75 s3: leases : Cope with renaming leased open files.
via 0694d3f s3: leases: Add leases_db_rename() to cope with renaming a leased file.
via 6cabeb5 docs-xml: document the interaction between "write cache size" and "aio read/write size"
via 553ff29 s3:smbd: document the interaction between "smb2 leases" and "write cache size"
via ca0dab7 selftest:Samba3: use "smb2 leases = yes"
via 73d1501 s3:smb2_negprot: announce support for SMB2.1 leases.
via 1e2a543 s3:param: Add "smb2 leases" parameter. Default "false".
via b93a2d4 s3:smb2_create: support leases and pass them down to the VFS layer.
via 5a5345c s3:smbd: Implementation of SMB2.1 and SMB3.0 leases.
via 9da5e9f s3:smbd: add lease related helper functions to oplock.c
via b2b0570 s3:smbd: add lease key validation functions to open.c
via dabc728 s3:smbd: add lease related helper functions to open.c
via 6b15f9d s3:smbd: add file_find_one_fsp_from_lease_key() helper function
via b29d5b5 s3:smb2_create: validate durable reconnects with leases
via de762d2 s3:smb2_create: allow durable handles with SMB2_LEASE_HANDLE
via 2a36fc7 s3:smbd: add fsp_lease_type() and get_lease_type() helper functions
via 84bd71b s3:vfs.h: add more elements to struct fsp_lease
via 4b74ec5 s3:locking: add downgrade_share_lease() helper function
via 3f2abc4 s3:locking: cleanup leases_db from share_mode_cleanup_disconnected()
via 83943f9 s3:locking: ensure all share mode removal functions go through a common lease refcount manager.
via a53965d s3:open_files.idl: add data structures for SMB2.1 and SMB3.0 leases.
via 42e94bc s3:locking: add leases_db infrastructure
via a1492ca s3: leases: libsmbsharemodes no longer works with SMB2 leases inside our locking.tdb.
via de36824 s3:smb2_server: add smbd_smb2_send_lease_break() helper function
via f873966 s3:smb2_server: allow smbd_smb2_send_break() with session == NULL and tcon == NULL
via 30c662e s3:smbd: Add fsp_client_guid() utility function to return the connected client guid.
via 7756eb7 s3:smbd: factor out a send_break_to_none() helper function
via 5f230d5 s4:torture:smb2: let smb2.lease.[v2_]complex1 check the R->NONE breaks
via d6b596e s4:torture:smb2: Add smb2.lease.v2_breaking3 test.
via 6986398 s4:torture:smb2: Add test that shows the client can respond to a lease break over a different connection.
via 7885650 profiling: Make WITH_PROFILE span more in smbprofile.h
via 24ce08e profiling: Remove a big DEBUG statement
via 0090cb4 profiling: Remove some #ifdefs
via ddbcf7e profiling: Only compile profile/profile.c if profiling is enabled
via c4063ef profiling: Only compile utils/status_profile.c if profiling is enabled
via ba7829b profiling: Fix a typo
via 03c2e8a profiling: Move some #defines to profile.c
via 21be4da profiling: Fix a typo
via 5cc5048 profiling: Make "struct profile_header" static
via ef6b3da s4: torture: leases - Add test for leases and blocking locks.
via 4ee38b0 s4: smb2 : torture: Add new dynamic_share leases test.
via c9ddda4 s3: leases - torture test for timeout of responding to lease break request.
via 490eeac s4:torture/smb2: smb2.lease.breaking6 test
via f722f42 s4:torture/smb2: smb2.lease.breaking5 test
via 3002568 s4:torture/smb2: smb2.lease.breaking4 test
via 34bcf75 s4:torture/smb2: smb2.lease.breaking3 test
via 544e458 s4:torture/smb2: smb2.lease.breaking2 test
via 44587fb s4:torture/smb2: smb2.lease.breaking1 test
via fe2cac8 s4:torture/smb2: make it possible to skip the automatic ack of lease breaks.
via b561f46 s4:torture/smb2: add smb2.lease.v2_epoch[2|3] tests
via 3ddd8ce s4:torture/smb2: add smb2.lease.[v2_]complex1 tests
via e5c0f23 s4:torture/smb2: pass the expected flags to CHECK_LEASE()
via e37a059 s4:torture/smb2: don't check the lease break connection against samba3
via c5bddf4 s4:torture/smb2: always verify the v2 lease epoch.
via b341d29 s4:torture/smb2: verify lease_flags in CHECK_LEASE_BREAK()
via 9f6162f s4:torture/smb2: lease per test fnames
via ef7ddd5 s4:torture/smb2: make lease tests more reliable by calling torture_wait_for_lease_break()
via 43235a0 s4:torture/smb2: skip lease tests if the server doesn't support them
via 98e2dd6 s4:libcli/smb2: initialize ls->lease_version
via 4cc1b07 s4:libcli/smb2: add new_epoch to struct smb2_lease_break
via 7ee9174 s4:param: don't expand PROTOCOL_DEFAULT in lpcfg_smbcli_options()
via ac4b453 s4:libcli/smb2: allow the caller to specify a specific value for max_protocol.
via 19141e1 s4:libcli/raw: fix up the max_protocol value for the current transport connection
via 2cd321c s4:libcli/smb_composite: use the options on the transport
via eecd04d s3:smb2_create: send interim responses after 0.5 milliseconds
via a69a575 Revert "libcli/smb: mask off SMB2_LEASE_FLAG_PARENT_LEASE_KEY_SET for version 1"
via 56da06a s3:smb2_break: First test for NT_STATUS_INVALID_OPLOCK_PROTOCOL, then for in_oplock_level being reasonable
via fa9a935 s3:locking: convert brl_have_read field to brl_num_read.
via eb5ae0c s3:smbd: Don't set fsp->oplock_type before we've granted any oplocks.
via 55fe857 s3:smbd: move all oplock granting code to grant_fsp_oplock_type()
via a2f10ba s3:smbd: break oplocks to none with FILE_OVERWRITE
via ee617e4 libcli/smb: Add smb2_lease_equal() which compares client_guids and keys.
via fae8aca libcli/smb: add smb2_lease_key_equal() helper function
via c813932 libcli/smb: mask off SMB2_LEASE_FLAG_PARENT_LEASE_KEY_SET for version 1
via f85ee9b libcli/smb: remember the lease_version in struct smb2_lease
via 6eb4aa2 s4:torture: Add smb2.oplock test batch9a and raw.oplock test batch9a
via 30999a3 s3-winbindd: Allow winbindd to connect over SMB2 to servers
via 53e0e53 pam_winbind: fix warn_pwd_expire implementation.
via 22e6ce3 libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does.
via 1e7e417 ldb: version 1.1.18
via 726cb76 lib-pyldb: Block elements should be surrounded by {} in py_msg.setitem()
via efcd88e lib-pyldb: Fix docstring for msg.add() method - it was "S.append()"
via fd215d1 lib-ldb-test: Test copying message element from a message to a new message
via fd55b04 lib-pyldb: Avoid crash when copying MessageElements between Python Message objects
via e6b7e82 lib-ldb_ldif: Stop processing if ldb_message element name is NULL
via eb8c868 lib-ldb: Check for input parameter when searching attributes by name
via 06b0465 lib-pyldb: Throw exception when we can't create MessageElement object
via a7d2060 lib-pyldb: Avoid leaking memory in error cases
via c4d3398 lib-pyldb: Avoid SEGFAULT in case we can't convert passed value to py_String
via e418c82 lib/ldb: remove unused 'allow_warnings=True'
via 5509a43 lib/ldb: fix compiler warnings in ldb_tdb.c
via d4503fa lib/ldb: fix compiler warnings in ldb_modules_list_from_string()
via cbda5fd tdb: version 1.3.3
via cd154b8 tdb/test: TDB_CLEAR_IF_FIRST | TDB_MUTEX_LOCKING, O_RDONLY is a valid combination
via efe372a tdb: version 1.3.2
via 6902d47 tdb: Fix tdb_runtime_check_for_robust_mutexes()
via dc0c274 tdb: allow tdb_open_ex() with O_RDONLY of TDB_FEATURE_FLAG_MUTEX tdbs.
via e7f393c vfs_streams_xattr: check stream type
via b619f83 vfs_streams_xattr: initialize pointer
via 2acf54b vfs_streams_xattr: fix check with samba_private_attr_name()
via 3b722dd s4-rpc: dnsserver: Fix enumeration of IPv4 and IPv6 addresses
via bf66d71 samba-tool: Fix the IP output of "samba-tool dns serverinfo <some_server>"
via fb6d916 samba-tool: Fix enum values in dns.py
via 6af694e param: fix testparm to show hidden share defaults
via e914042 s3-smbstatus: Fix exit code of profile output.
via a0b93c9 s3-smbclient: Return success if we listed the shares.
via e1b2b08 s4-dns: dlz-bind: Add trailing '.' to all fqdn strings
via d2d6c49 s4-dns: Add support for BIND 9.10
via 6e7d183 s4-dns: Update dlz_minimal.h based on BIND release 9.10
via 3f8552a s4-dns: Check DLZ_DLOPEN_VERSION for different BIND versions
via 8ba5688 s4-dns: Update template variables, change BIND98 --> BIND9_8
via 943f2b6 samba: pass down size_t instead of int to add_string_to_array().
via 26f9bf1 lib/util: use size_t for add_string_to_array().
via 05d0f5f s3-proto: remove duplicate proto for add_string_to_array().
via 8e2765b dbwrap_ctdb: Pass on mutex flags to tdb_open
via d1b9915 pdb_tdb: Fix a TALLOC/SAFE_FREE mixup
via 7552e2e s3-keytab: fix keytab array NULL termination.
via db7234f Added note about the support end of Samba 3 to WHATSNEW.TXT
via c279635 btrfs: don't leak opened directory handle
via c1ca930 spoolss: remove unused fill_job_info3()
via b7f4c0f spoolss: fix jobid in level 3 EnumJobs response
via 2a9764a spoolss: fix jobid in level 2 GetJob and EnumJobs responses
via 3a3577d spoolss: fix jobid in level 1 GetJob and EnumJobs responses
via 65d62dc spoolss: fix GetJob jobid lookups
via e95a6c0 printing: add jobid_to_sysjob helper function
via aea86fb WHATSNEW: CTDB integrated build
via 5907060 s3:smbstatus: fix return value in print_share_mode()
via f2cb16e s3:smbd: fix file corruption using "write cache size != 0"
via a7085ff s3: nmbd: Ensure NetBIOS names are only 15 characters stored.
via ce6b7c8 WHATSNEW: Mention smbclient archival improvements
via b2b76b8 autobuild: check whether ctdbd has been installed in the samba-ctdb target
via 3bd42c0 build: adapt comments for the clustering choice
via 9c6e0fd build: further simplify --with-cluster-support case in configure
via 80a51bb autobuild: adapt samba-ctdb target does not need a separate ctdb build any more
via 2522be0 ctdb: Rename CTDB_VERSION to CTDB_PROTOCOL
via f0c6853 build: Simplify check for building with ctdb
via 0f19c13 build: Remove configure checks for ctdb headers
via 1528ae0 ctdb: Rename ctdb socket variable from CTDB_PATH to CTDB_SOCKET
via 6a5ce20 build: Remove configure option --with-ctdb-dir
via 65df9df build: Remove checks for ctdb features
via 42f0859 build: Remove configure option --enable-old-ctdb
via 43c3851 ctdb-logging: Add missing newline when logging to file
via 18405d4 build: Hook CTDB into top level build using --with-cluster-support
via 6423a2b ctdb-build: Make some steps conditional on standalone build
via 874ac87 ctdb-build: Rename define BINDIR to CTDB_HELPER_BINDIR
via 525bee6 ctdb-build: Fix handling of public headers
via 3ca8895 ctdb-build: Change from ctdb-util to samba-util
via a75db09 ctdb-build: Add generation of Samba-style version.h
via bf70856 ctdb-build: Move generation of ctdb_version.h earlier
via 06b0dea ctdb-logging: Update to use Samba style debug.h/debug.c
via 2f59dd9 ctdb-logging: Change LogLevel to DEBUGLEVEL
via 01c8b6f ctdb-tests: Make the fake log timestamp string easy to modify
via d5e0a0c ctdb-logging: Remove log ringbuffer
via 412fc6e lib/util: Use charset_compat.h if SAMBA_UTIL_CORE_ONLY
via 0a9dc8d lib/util: Factor out subsystem samba-util-core from samba-util
via 37e8478 lib/util: Clean up includes for util.c
via 1e76601 lib/util: Clean up includes for fault.c
via e1479e0 lib/util: Clean up includes for substitute.c
via 000f583 lib/util: Replace an SMB_ASSERT()
via b9d0aa6 lib/util: Clean up includes for signal.c
via 71be3ed lib/util: Clean up includes for time.[ch]
via 8d0900a lib/util: Clean up includes for data_blob.[ch]
via c540f7d lib/util: Clean up includes for xfile.[ch]
via dd558ff lib/util: Clean up includes for blocking.c
via e7a90aa s3:locking: remove dead code from brl_get_locks_readonly()
via 38b8e09 s3:locking: Change from ndr_pull_struct_blob() to ndr_pull_struct_blob_all() so we fail if not all bytes are consumed.
via 1fd4868 s4:torture/smb2: test rename dir deny with open files
via b5cc961 s3:smbd: Don't rename a dir with files open underneath
via beb05a1b selftest:Samba3: use "strict rename = yes"
via 4ff4c58 s3:param: Add new option "strict rename".
via b527525 s3:locking: allow early return for share_entry_forall()
via cfa74dc s3:locking: Introduce share_mode_forall
via ac37fae s3:locking: Rename share_mode_forall->share_entry_forall
via e430584 s3: smbd: Preparation for leases code merge. Ensure VFS is ready for 4.2.0.
via fd4cc75 samba-tool group add: Add option --nis-domain and --gid
via 703957e s3: libsmbclient - smb2. MacOSX 10 SMB2 server doesn't set STATUS_NO_MORE_FILES when handed a non-wildcard path.
via bab7e51 spoolss: fix handling of bad EnumJobs levels
via 241da63 s3-nmbd: Fix netbios name truncation.
via ec9437d winbind3: Fix pwent variable substitution
via 4393649 nss_winbind: add getgroupmembership for FreeBSD
via aac155a lib: uid_wrapper: Fix setgroups and syscall detection on a system without native uid_wrapper library.
via dcfa1a1 WHATSNEW: vfs_fruit
via 9f8ad38 Merge remote-tracking branch 'origin/v4-2-stable' into v4-2-test
via e10ffb3 WHATSNEW: Remove double entry.
via 89617c9 VERSION: Set version to 4.2.0rc3...
from 8428085 WHATSNEW: Remove double entry.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-2-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 204 +-
auth/credentials/credentials.h | 16 +
auth/credentials/credentials_secrets.c | 87 +-
ctdb/client/ctdb_client.c | 6 +-
ctdb/common/cmdline.c | 8 +-
ctdb/common/ctdb_fork.c | 15 +-
ctdb/common/ctdb_logging.c | 151 --
ctdb/common/ctdb_util.c | 12 +-
ctdb/common/system_linux.c | 49 +-
ctdb/config/ctdbd_wrapper | 1 -
ctdb/config/events.d/10.interface | 87 +-
ctdb/config/events.d/13.per_ip_routing | 6 +-
ctdb/config/events.d/62.cnfs | 2 +-
ctdb/config/events.d/70.iscsi | 2 +-
ctdb/config/functions | 83 +-
ctdb/config/statd-callout | 8 +-
ctdb/configure.rpm | 2 +-
ctdb/doc/ctdb.1.xml | 104 +-
ctdb/doc/ctdbd.1.xml | 19 -
ctdb/doc/ctdbd.conf.5.xml | 10 -
ctdb/ib/ibwrapper_test.c | 6 +-
ctdb/include/ctdb_logging.h | 6 -
ctdb/include/ctdb_private.h | 12 -
ctdb/include/ctdb_protocol.h | 13 +-
ctdb/include/internal/includes.h | 12 +-
{include => ctdb/include}/public/README.txt | 0
ctdb/lib/tdb_wrap/tdb_wrap.c | 106 -
ctdb/lib/tdb_wrap/tdb_wrap.h | 39 -
ctdb/lib/tdb_wrap/wscript_build | 7 -
ctdb/lib/util/debug.c | 135 -
ctdb/lib/util/debug.h | 30 -
ctdb/lib/util/dlinklist.h | 181 --
ctdb/lib/util/fault.c | 235 --
ctdb/lib/util/idtree.c | 387 ---
ctdb/lib/util/signal.c | 144 --
ctdb/lib/util/substitute.c | 167 --
ctdb/lib/util/util.c | 52 -
ctdb/lib/util/util.h | 565 -----
ctdb/lib/util/util_file.c | 120 -
ctdb/lib/util/util_time.c | 102 -
ctdb/lib/util/wscript_build | 9 -
ctdb/packaging/RPM/ctdb.spec.in | 3 +-
ctdb/server/ctdb_control.c | 11 +-
ctdb/server/ctdb_daemon.c | 6 +-
ctdb/server/ctdb_lock.c | 2 +-
ctdb/server/ctdb_logging.c | 125 +-
ctdb/server/ctdb_ltdb_server.c | 5 +
ctdb/server/ctdb_recoverd.c | 59 +-
ctdb/server/ctdb_takeover.c | 25 +-
ctdb/server/ctdb_vacuum.c | 24 +-
ctdb/server/ctdbd.c | 1 -
ctdb/server/eventscript.c | 2 +-
ctdb/tcp/tcp_io.c | 2 +-
ctdb/tests/complex/11_ctdb_delip_removes_ip.sh | 4 +-
ctdb/tests/complex/18_ctdb_reloadips.sh | 4 +-
ctdb/tests/complex/31_nfs_tickle.sh | 7 +-
ctdb/tests/complex/33_gratuitous_arp.sh | 12 +-
ctdb/tests/complex/34_nfs_tickle_restart.sh | 4 +-
ctdb/tests/complex/41_failover_ping_discrete.sh | 12 +-
ctdb/tests/complex/42_failover_ssh_hostname.sh | 17 +-
ctdb/tests/complex/44_failover_nfs_oneway.sh | 2 +-
ctdb/tests/complex/45_failover_nfs_kill.sh | 7 +-
ctdb/tests/complex/scripts/local.bash | 91 +-
ctdb/tests/events.d/00.test | 4 +-
.../eventscripts/10.interface.releaseip.002.sh | 5 +-
ctdb/tests/eventscripts/scripts/local.sh | 6 +-
ctdb/tests/eventscripts/stubs/ctdb | 22 +-
ctdb/tests/onnode/0070.sh | 10 +-
ctdb/tests/onnode/0071.sh | 10 +-
ctdb/tests/onnode/0072.sh | 10 +-
ctdb/tests/onnode/0075.sh | 10 +-
ctdb/tests/onnode/stubs/onnode-buggy-001 | 12 +-
ctdb/tests/scripts/integration.bash | 79 +-
ctdb/tests/scripts/unit.sh | 1 +
ctdb/tests/simple/05_ctdb_listnodes.sh | 4 +-
ctdb/tests/simple/11_ctdb_ip.sh | 8 +-
ctdb/tests/simple/12_ctdb_getdebug.sh | 12 +-
ctdb/tests/simple/20_delip_iface_gc.sh | 18 +-
ctdb/tests/simple/27_ctdb_detach.sh | 2 +-
ctdb/tests/simple/75_readonly_records_basic.sh | 4 +-
ctdb/tests/simple/scripts/local_daemons.bash | 16 +-
ctdb/tests/src/ctdb_functest.c | 4 +-
ctdb/tests/src/ctdb_porting_tests.c | 2 +-
ctdb/tests/src/ctdb_takeover_tests.c | 4 +-
ctdb/tests/takeover/det.001.sh | 14 +-
ctdb/tests/takeover/det.002.sh | 8 +-
ctdb/tests/takeover/det.003.sh | 2 +-
ctdb/tests/takeover/lcp2.004.sh | 12 +-
ctdb/tests/takeover/lcp2.005.sh | 334 +--
ctdb/tests/takeover/lcp2.023.sh | 132 +-
ctdb/tests/takeover/lcp2.024.sh | 18 +-
ctdb/tests/takeover/lcp2.029.sh | 6 +-
ctdb/tests/takeover/lcp2.031.sh | 196 +-
ctdb/tests/takeover/nondet.001.sh | 12 +-
ctdb/tests/takeover/nondet.002.sh | 6 +-
ctdb/tests/tool/func.parse_nodestring.003.sh | 2 +-
ctdb/tests/tool/stubby.getcapabilities.003.sh | 2 +-
ctdb/tests/tool/stubby.listnodes.001.sh | 2 +-
ctdb/tests/tool/stubby.lvsmaster.002.sh | 2 +-
ctdb/tests/tool/stubby.natgwlist.009.sh | 8 +-
ctdb/tests/tool/stubby.xpnn.003.sh | 2 +-
ctdb/tools/ctdb.c | 356 ++-
ctdb/tools/ctdb_diagnostics | 2 +-
ctdb/tools/onnode | 10 +-
ctdb/utils/nagios/check_ctdb | 4 +-
ctdb/utils/pmda/pmda_ctdb.c | 2 +-
ctdb/wscript | 122 +-
docs-xml/manpages/vfs_fruit.8.xml | 35 +
docs-xml/smbdotconf/locking/kerneloplocks.xml | 1 +
docs-xml/smbdotconf/locking/oplocks.xml | 1 +
docs-xml/smbdotconf/locking/smb2leases.xml | 31 +
docs-xml/smbdotconf/protocol/clientmaxprotocol.xml | 9 +-
docs-xml/smbdotconf/tuning/strictrename.xml | 25 +
docs-xml/smbdotconf/tuning/writecachesize.xml | 5 +
examples/VFS/skel_opaque.c | 13 +-
examples/VFS/skel_transparent.c | 16 +-
lib/ldb/ABI/{ldb-1.1.14.sigs => ldb-1.1.18.sigs} | 0
...ldb-util-1.1.10.sigs => pyldb-util-1.1.18.sigs} | 0
lib/ldb/common/ldb_attributes.c | 15 +-
lib/ldb/common/ldb_ldif.c | 7 +
lib/ldb/common/ldb_modules.c | 4 +-
lib/ldb/ldb_tdb/ldb_tdb.c | 14 +-
lib/ldb/pyldb.c | 46 +-
lib/ldb/tests/python/api.py | 14 +
lib/ldb/wscript | 4 +-
lib/param/loadparm.c | 18 +-
lib/param/param_table.c | 21 +-
lib/socket_wrapper/socket_wrapper.c | 821 +++---
lib/socket_wrapper/wscript | 7 +-
lib/tdb/ABI/{tdb-1.3.0.sigs => tdb-1.3.2.sigs} | 0
lib/tdb/ABI/{tdb-1.3.0.sigs => tdb-1.3.3.sigs} | 0
lib/tdb/common/mutex.c | 8 +-
lib/tdb/common/open.c | 18 +-
lib/tdb/test/run-mutex-openflags2.c | 5 +-
lib/tdb/wscript | 2 +-
lib/uid_wrapper/wscript | 7 +
lib/util/blocking.c | 3 +-
libcli/smb/smb_util.h => lib/util/blocking.h | 21 +-
lib/util/charset_compat.h | 9 +
lib/util/data_blob.c | 4 +-
lib/util/data_blob.h | 1 +
lib/util/fault.c | 8 +-
lib/util/{util_pw.h => fault.h} | 46 +-
lib/util/samba_util.h | 97 +-
lib/util/signal.c | 4 +-
.../headers/test_headers.c => lib/util/signal.h | 46 +-
lib/util/substitute.c | 15 +-
lib/util/substitute.h | 56 +
lib/util/time.c | 6 +-
lib/util/time.h | 4 +
lib/util/util.c | 7 +-
lib/util/util_strlist.c | 2 +-
lib/util/wscript_build | 173 +-
lib/util/xfile.c | 3 +-
lib/util/xfile.h | 6 +
libcli/ldap/ldap_message.h | 2 +-
libcli/security/dom_sid.h | 5 +
libcli/security/security_descriptor.c | 22 +
libcli/security/security_descriptor.h | 2 +
libcli/security/util_sid.c | 17 +
libcli/smb/smb2_constants.h | 1 +
libcli/smb/smb2_create_ctx.h | 46 +
libcli/smb/smb2_lease.c | 15 +
libcli/smb/smb2_lease.h | 7 +
libcli/smb/smbXcli_base.c | 18 +-
libcli/smb/smb_constants.h | 3 +-
libgpo/gpext/gpext.c | 2 +-
librpc/idl/smb2_lease_struct.idl | 1 +
nsswitch/pam_winbind.c | 5 +-
nsswitch/winbind_nss_freebsd.c | 74 +-
packaging/RHEL-CTDB/configure.rpm | 1 -
packaging/RHEL-CTDB/samba.spec.tmpl | 3 -
packaging/RHEL/samba.spec.tmpl | 2 -
python/samba/netcmd/dns.py | 15 +-
python/samba/netcmd/group.py | 15 +-
python/samba/provision/sambadns.py | 16 +-
python/samba/samdb.py | 13 +-
script/autobuild.py | 8 +-
selftest/knownfail | 15 +-
selftest/target/Samba3.pm | 12 +
source3/client/client.c | 2 +-
source3/include/local.h | 2 +
source3/include/passdb.h | 36 +-
source3/include/printing.h | 1 +
source3/include/proto.h | 5 +-
source3/include/smb.h | 2 +
source3/include/smbprofile.h | 20 +-
source3/include/vfs.h | 28 +-
source3/include/vfs_macros.h | 17 +-
source3/lib/cluster_support.c | 46 +-
source3/lib/ctdb_conn.c | 8 +-
source3/lib/ctdbd_conn.c | 30 +-
source3/lib/dbwrap/dbwrap_ctdb.c | 14 +-
source3/lib/eventlog/eventlog.c | 2 +-
source3/lib/idmap_cache.c | 72 -
source3/lib/idmap_cache.h | 2 -
.../{utils/passwd_proto.h => lib/readdir_attr.h} | 29 +-
source3/lib/util_cmdline.c | 3 +-
source3/lib/util_names.c | 10 +-
source3/libads/kerberos_keytab.c | 3 +-
source3/libads/ldap.c | 2 +-
source3/libnet/libnet_join.c | 4 +-
source3/librpc/idl/leases_db.idl | 28 +
source3/librpc/idl/open_files.idl | 36 +
source3/librpc/idl/wscript_build | 1 +
source3/librpc/wscript_build | 7 +-
source3/libsmb/cli_smb2_fnum.c | 14 +
source3/libsmb/ntlmssp.c | 18 +-
source3/libsmb/smb_share_modes.c | 8 +
source3/libsmb/smbsharemodes.pc.in | 11 -
source3/locking/brlock.c | 200 +-
source3/locking/leases_db.c | 440 ++++
source3/locking/leases_db.h | 55 +
source3/locking/locking.c | 214 +-
source3/locking/proto.h | 23 +-
source3/locking/share_mode_lock.c | 129 +-
source3/modules/nfs4_acls.c | 3 +
source3/modules/vfs_acl_common.c | 9 +
source3/modules/vfs_btrfs.c | 22 +-
source3/modules/vfs_ceph.c | 13 +-
source3/modules/vfs_default.c | 32 +-
source3/modules/vfs_fruit.c | 467 +++-
source3/modules/vfs_full_audit.c | 25 +-
source3/modules/vfs_media_harmony.c | 12 +-
source3/modules/vfs_snapper.c | 2 +
source3/modules/vfs_streams_xattr.c | 40 +-
source3/modules/vfs_time_audit.c | 37 +-
source3/modules/vfs_worm.c | 7 +-
source3/nmbd/nmbd_nameregister.c | 76 +-
source3/param/loadparm.c | 22 +-
.../{pdb-0.1.2.sigs => samba-passdb-0.2.0.sigs} | 3 +-
.../{pdb-0.1.2.sigs => samba-passdb-0.24.1.sigs} | 4 +-
source3/passdb/account_pol.c | 12 +-
source3/passdb/lookup_sid.c | 19 +-
source3/passdb/passdb.c | 59 +-
source3/passdb/pdb_get_set.c | 33 +-
source3/passdb/pdb_interface.c | 68 +-
source3/passdb/pdb_ldap.c | 24 +-
source3/passdb/pdb_samba_dsdb.c | 46 +-
source3/passdb/pdb_tdb.c | 18 +-
source3/passdb/pdb_wbc_sam.c | 42 +-
source3/passdb/py_passdb.c | 13 +-
source3/printing/nt_printing.c | 9 +-
source3/printing/printing.c | 70 +-
source3/profile/profile.c | 29 +-
.../profile/profile_dummy.c | 19 +-
source3/registry/regfio.c | 10 +-
source3/rpc_server/lsa/srv_lsa_nt.c | 2 +-
source3/rpc_server/netlogon/srv_netlog_nt.c | 2 +-
source3/rpc_server/spoolss/srv_spoolss_nt.c | 222 +-
source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 60 +-
source3/rpcclient/cmd_spoolss.c | 5 +-
source3/script/tests/test_smbclient_s3.sh | 4 +-
source3/smbd/aio.c | 2 +-
source3/smbd/dir.c | 121 +-
source3/smbd/dosmode.c | 3 +-
source3/smbd/durable.c | 28 +-
source3/smbd/fileio.c | 36 +-
source3/smbd/files.c | 39 +
source3/smbd/globals.h | 10 +-
source3/smbd/nttrans.c | 12 +-
source3/smbd/open.c | 894 +++++--
source3/smbd/oplock.c | 686 ++++-
source3/smbd/posix_acls.c | 10 +
source3/smbd/proto.h | 34 +-
source3/smbd/reply.c | 30 +-
source3/smbd/server.c | 7 +-
source3/smbd/smb2_break.c | 271 +-
source3/smbd/smb2_create.c | 203 +-
source3/smbd/smb2_negprot.c | 8 +
source3/smbd/smb2_server.c | 41 +-
source3/smbd/smb2_sesssetup.c | 4 +
source3/smbd/smb2_setinfo.c | 218 ++
source3/smbd/trans2.c | 82 +-
source3/smbd/vfs.c | 37 +-
source3/torture/test_ctdbconn.c | 4 -
source3/utils/net_sam.c | 6 +-
source3/utils/profiles.c | 6 +-
source3/utils/status.c | 32 +-
source3/utils/status_profile.c | 21 -
.../utils/status_profile_dummy.c | 23 +-
source3/winbindd/idmap_passdb.c | 16 +-
source3/winbindd/wb_fill_pwent.c | 2 +-
source3/winbindd/winbindd_cm.c | 4 +-
source3/winbindd/wscript_build | 2 +-
source3/wscript | 311 +--
source3/wscript_build | 67 +-
source4/dns_server/dlz_bind9.c | 76 +-
source4/dns_server/dlz_minimal.h | 227 +-
source4/dns_server/wscript_build | 10 +
source4/dsdb/samdb/ldb_modules/rootdse.c | 6 +-
source4/libcli/raw/clitransport.c | 8 +
source4/libcli/raw/interfaces.h | 2 +
source4/libcli/raw/rawsearch.c | 1 +
source4/libcli/smb2/connect.c | 3 +-
source4/libcli/smb2/create.c | 2 +
source4/libcli/smb2/transport.c | 9 +
source4/libcli/smb_composite/connect.c | 2 +-
source4/param/loadparm.c | 2 +-
source4/rpc_server/dnsserver/dcerpc_dnsserver.c | 20 +-
source4/rpc_server/dnsserver/dnsdata.c | 56 +
source4/rpc_server/dnsserver/dnsserver.h | 7 +-
source4/rpc_server/dnsserver/dnsutils.c | 106 +-
source4/setup/named.conf.dlz | 11 +-
source4/torture/dns/dlz_bind9.c | 24 +-
source4/torture/raw/oplock.c | 121 +
source4/torture/rpc/samba3rpc.c | 4 +-
source4/torture/rpc/samr.c | 2 +-
source4/torture/rpc/wkssvc.c | 10 +-
source4/torture/smb2/lease.c | 2618 +++++++++++++++++++-
source4/torture/smb2/oplock.c | 128 +
source4/torture/smb2/rename.c | 97 +
source4/torture/vfs/fruit.c | 273 ++
source4/winbind/idmap.c | 20 +-
testprogs/blackbox/test_ldb.sh | 2 +
wscript | 6 +
wscript_build | 2 +
318 files changed, 11256 insertions(+), 6033 deletions(-)
copy {include => ctdb/include}/public/README.txt (100%)
delete mode 100644 ctdb/lib/tdb_wrap/tdb_wrap.c
delete mode 100644 ctdb/lib/tdb_wrap/tdb_wrap.h
delete mode 100755 ctdb/lib/tdb_wrap/wscript_build
delete mode 100644 ctdb/lib/util/debug.c
delete mode 100644 ctdb/lib/util/debug.h
delete mode 100644 ctdb/lib/util/dlinklist.h
delete mode 100644 ctdb/lib/util/fault.c
delete mode 100644 ctdb/lib/util/idtree.c
delete mode 100644 ctdb/lib/util/signal.c
delete mode 100644 ctdb/lib/util/substitute.c
delete mode 100644 ctdb/lib/util/util.c
delete mode 100644 ctdb/lib/util/util.h
delete mode 100644 ctdb/lib/util/util_file.c
delete mode 100644 ctdb/lib/util/util_time.c
delete mode 100755 ctdb/lib/util/wscript_build
mode change 100644 => 100755 ctdb/utils/nagios/check_ctdb
create mode 100644 docs-xml/smbdotconf/locking/smb2leases.xml
create mode 100644 docs-xml/smbdotconf/tuning/strictrename.xml
copy lib/ldb/ABI/{ldb-1.1.14.sigs => ldb-1.1.18.sigs} (100%)
copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util-1.1.18.sigs} (100%)
copy lib/tdb/ABI/{tdb-1.3.0.sigs => tdb-1.3.2.sigs} (100%)
copy lib/tdb/ABI/{tdb-1.3.0.sigs => tdb-1.3.3.sigs} (100%)
copy libcli/smb/smb_util.h => lib/util/blocking.h (65%)
create mode 100644 lib/util/charset_compat.h
copy lib/util/{util_pw.h => fault.h} (50%)
copy testsuite/headers/test_headers.c => lib/util/signal.h (50%)
create mode 100644 lib/util/substitute.h
create mode 100644 libcli/smb/smb2_create_ctx.h
copy source3/{utils/passwd_proto.h => lib/readdir_attr.h} (60%)
create mode 100644 source3/librpc/idl/leases_db.idl
delete mode 100644 source3/libsmb/smbsharemodes.pc.in
create mode 100644 source3/locking/leases_db.c
create mode 100644 source3/locking/leases_db.h
copy source3/passdb/ABI/{pdb-0.1.2.sigs => samba-passdb-0.2.0.sigs} (99%)
copy source3/passdb/ABI/{pdb-0.1.2.sigs => samba-passdb-0.24.1.sigs} (99%)
copy lib/util/close_low_fd.h => source3/profile/profile_dummy.c (69%)
copy lib/util/close_low_fd.h => source3/utils/status_profile_dummy.c (66%)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 3d28354..507ad30 100644
--- a/VERSION
+++ b/VERSION
@@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE=
# e.g. SAMBA_VERSION_RC_RELEASE=1 #
# -> "3.0.0rc1" #
########################################################
-SAMBA_VERSION_RC_RELEASE=2
+SAMBA_VERSION_RC_RELEASE=3
########################################################
# To mark SVN snapshots this should be set to 'yes' #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index fc17aae..4e394ad 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,7 +1,7 @@
Release Announcements
=====================
-This is the second release candidate of Samba 4.2. This is *not*
+This is the third release candidate of Samba 4.2. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
@@ -9,6 +9,39 @@ system at https://bugzilla.samba.org/.
Samba 4.2 will be the next version of the Samba suite.
+IMPORTANT NOTE ABOUT THE SUPPORT END OF SAMBA 3
+=================================================
+
+With the final release of Samba 4.2, the last series of Samba 3 has
+been discontinued! People still running 3.6.x or earlier,should
+consider moving to a more recent and maintained version (4.0 - 4.2).
+One of the common misconceptions is that Samba 4.x automatically
+means "Active Directory only": This is wrong!
+
+Acting as an Active Directory Domain Controller is just one of the
+enhancements included in Samba 4.0 and later. Version 4.0 was just the
+next release after the 3.6 series and contains all the features of the
+previous ones - including the NT4-style (classic) domain support. This
+means you can update a Samba 3.x NT4-style PDC to 4.x, just as you've
+updated in the past (e.g. from 3.4.x to 3.5.x). You don't have to move
+your NT4-style domain to an Active Directory!
+
+And of course the possibility remains unchanged, to setup a new NT4-style
+PDC with Samba 4.x, like done in the past (e.g. with openLDAP backend).
+Active Directory support in Samba 4 is additional and does not replace
+any of these features. We do understand the difficulty presented by
+existing LDAP structures and for that reason there isn't a plan to
+decommission the classic PDC support. It remains tested by the continuous
+integration system.
+
+The code that supports the classic Domain Controller is also the same
+code that supports the internal 'Domain' of standalone servers and
+Domain Member Servers. This means that we still use this code, even
+when not acting as an AD Domain Controller. It is also the basis for
+some of the features of FreeIPA and so it gets development attention
+from that direction as well.
+
+
UPGRADING
=========
@@ -112,6 +145,19 @@ The default values for "smb2 max read", "smb2 max write" and "smb2 max trans"
have been changed to 8388608 (8MiB) in order to match the default of
Windows 2012R2.
+SMB2 leases
+===========
+
+The SMB2 protocol allows clients to aggressively cache files
+locally above and beyond the caching allowed by SMB1 and SMB2 oplocks.
+
+Called SMB2 leases, this can greatly reduce traffic on an SMB2
+connection. Samba 4.2 now implements SMB2 leases.
+
+It can be turned on by setting the parameter "smb2 leases = yes"
+in the [global] section of your smb.conf. This parameter is set
+to off by default until the SMB2 leasing code is declared fully stable.
+
Improved DCERPC man in the middle detection
===========================================
@@ -159,16 +205,9 @@ versions as existed previously.
To build the Samba file server with cluster support, use the configure
command line option --with-cluster-support. This will build clustered
-file server against the in-tree ctdb. Building clustered samba with
-previous versions of CTDB is no longer supported.
-
-CTDB is built separately from the ctdb/ sub-directory. To build CTDB,
-use the following steps:
-
- $ cd ctdb
- $ ./configure
- $ make
- # make install
+file server against the in-tree CTDB and will also build CTDB.
+Building clustered samba with previous versions of CTDB is no longer
+supported.
Samba Registry Editor
=====================
@@ -246,12 +285,37 @@ The module does not provide complete WORM functions, like some archiving
products do! It is not audit-proof, because the WORM function is only
available on the client side, when accessing a share through SMB! If
the same folder is shared by other services like NFS, the access only
-depents on the underlaying filesystem ACLs. Equally if you access the
+depends on the underlying filesystem ACLs. Equally if you access the
content directly on the server.
For additional information, see
https://wiki.samba.org/index.php/VFS/vfs_worm
+vfs_fruit, a VFS module for OS X clients
+========================================
+
+A new VFS module that provides enhanced compatibility with Apple SMB
+clients and interoperability with a Netatalk 3 AFP fileserver.
+
+The module features enhanced performance with reliable named streams
+support, interoperability with special characters commonly used by OS
+X client (eg '*', '/'), integrated file locking and Mac metadata
+access with Netatalk 3 and enhanced performance by implementing
+Apple's SMB2 extension codenamed "AAPL".
+
+The modules behaviour is fully configurable, please refer to the
+manpage vfs_fruit for further details.
+
+smbclient archival improvements
+===============================
+
+Archive creation and extraction support in smbclient has been rewritten
+to use libarchive. This fixes a number of outstanding bugs in Samba's
+previous custom tar implementation and also adds support for the
+extraction of zipped archives.
+smbclient archive support can be enabled or disabled at build time with
+corresponding --with[out]-libarchive configure parameters.
+
######################################################################
Changes
@@ -274,6 +338,122 @@ smb.conf changes
winbind expand groups Changed default 0
+CHANGES SINCE 4.2.0rc2
+======================
+
+o Michael Adam <obnox at samba.org>
+ * BUG 10892: Integrate CTDB into top-level Samba build.
+
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 10851: lib: uid_wrapper: Fix setgroups and syscall detection on a
+ system without native uid_wrapper library.
+ * BUG 10896: s3-nmbd: Fix netbios name truncation.
+ * BUG 10904: Fix smbclient loops doing a directory listing against Mac OS X 10
+ server with a non-wildcard path.
+ * BUG 10911: Add support for SMB2 leases.
+ * BUG 10920: s3: nmbd: Ensure NetBIOS names are only 15 characters stored.
+ * BUG 10966: libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a
+ Windows client does.
+ * BUG 10982: s3: smbd: Fix *allocate* calls to follow POSIX error return
+ convention.
+
+
+o Christian Ambach <ambi at samba.org>
+ * BUG 9629: Make 'profiles' work again.
+
+
+o Björn Baumbach <bb at sernet.de>
+ * BUG 11014: ctdb-build: Fix build without xsltproc.
+
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 10834: Don't build vfs_snapper on FreeBSD.
+ * BUG 10971: vfs_streams_xattr: Check stream type.
+ * BUG 10983: vfs_fruit: Add support for AAPL.
+ * BUG 11005: vfs_streams_xattr: Add missing call to SMB_VFS_NEXT_CONNECT.
+
+
+o Günther Deschner <gd at samba.org>
+ * BUG 9056: pam_winbind: fix warn_pwd_expire implementation.
+ * BUG 10942: Cleanup add_string_to_array and usage.
+
+
+o David Disseldorp <ddiss at samba.org>
+ * BUG 10898: spoolss: Fix handling of bad EnumJobs levels.
+ * BUG 10905: Fix print job enumeration.
+
+
+o Amitay Isaacs <amitay at gmail.com>
+ * BUG 10620: s4-dns: Add support for BIND 9.10.
+ * BUG 10892: Integrate CTDB into top-level Samba build.
+ * BUG 10996: Fix IPv6 support in CTDB.
+ * BUG 11014: packaging: Include CTDB man pages in the tarball.
+
+
+o Björn Jacke <bj at sernet.de>
+ * BUG 10835: nss_winbind: Add getgroupmembership for FreeBSD.
+
+
+o Guenter Kukkukk <linux at kukkukk.com>
+ * BUG 10952: Fix 'samba-tool dns serverinfo <server>' for IPv6.
+
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 10932: pdb_tdb: Fix a TALLOC/SAFE_FREE mixup.
+ * BUG 10942: dbwrap_ctdb: Pass on mutex flags to tdb_open.
+
+
+o Justin Maggard <jmaggard10 at gmail.com>
+ * BUG 10852: winbind3: Fix pwent variable substitution.
+
+
+o Kamen Mazdrashki <kamenim at samba.org>
+ * BUG 10975: ldb: version 1.1.18
+
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 10781: tdb: version 1.3.3
+ * BUG 10911: Add support for SMB2 leases.
+ * BUG 10921: s3:smbd: Fix file corruption using "write cache size != 0".
+ * BUG 10949: Fix RootDSE search with extended dn control.
+ * BUG 10958: libcli/smb: only force signing of smb2 session setups when
+ binding a new session.
+ * BUG 10975: ldb: version 1.1.18
+ * BUG 11016: pdb_get_trusteddom_pw() fails with non valid UTF16 random
+ passwords.
+
+
+o Marc Muehlfeld <mmuehlfeld at samba.org>
+ * BUG 10895: samba-tool group add: Add option '--nis-domain' and '--gid'.
+
+
+o Noel Power <noel.power at suse.com>
+ * BUG 10918: btrfs: Don't leak opened directory handle.
+
+
+o Matt Rogers <mrogers at redhat.com>
+ * BUG 10933: s3-keytab: fix keytab array NULL termination.
+
+
+o Garming Sam <garming at catalyst.net.nz>
+ * BUG 10355: pdb: Fix build issues with shared modules.
+ * BUG 10720: idmap: Return the correct id type to *id_to_sid methods.
+ * BUG 10864: Fix testparm to show hidden share defaults.
+
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 10279: Make 'smbclient' use cached creds.
+ * BUG 10960: s3-smbclient: Return success if we listed the shares.
+ * BUG 10961: s3-smbstatus: Fix exit code of profile output.
+ * BUG 10965: socket_wrapper: Add missing prototype check for eventfd.
+
+
+o Martin Schwenke <martin at meltin.net>
+ * BUG 10892: Integrate CTDB into top-level Samba build.
+ * BUG 10996: Fix IPv6 support in CTDB.
+
+
CHANGES SINCE 4.2.0rc1
======================
diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h
index fdd35bb..2da47d2 100644
--- a/auth/credentials/credentials.h
+++ b/auth/credentials/credentials.h
@@ -36,6 +36,7 @@ struct ccache_container;
struct gssapi_creds_container;
struct smb_krb5_context;
struct keytab_container;
+struct db_context;
/* In order of priority */
enum credentials_obtained {
@@ -161,6 +162,21 @@ NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred,
const char *serviceprincipal);
NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred,
struct loadparm_context *lp_ctx);
+/**
+ * Fill in credentials for the machine trust account, from the
+ * secrets.ldb or passed in handle to secrets.tdb (perhaps in CTDB).
+ *
+ * This version is used in parts of the code that can link in the
+ * CTDB dbwrap backend, by passing down the already open handle.
+ *
+ * @param cred Credentials structure to fill in
+ * @param db_ctx dbwrap context for secrets.tdb
+ * @retval NTSTATUS error detailing any failure
+ */
+NTSTATUS cli_credentials_set_machine_account_db_ctx(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx,
+ struct db_context *db_ctx);
+
bool cli_credentials_authentication_requested(struct cli_credentials *cred);
void cli_credentials_guess(struct cli_credentials *cred,
struct loadparm_context *lp_ctx);
diff --git a/auth/credentials/credentials_secrets.c b/auth/credentials/credentials_secrets.c
index 625ce20..d259a4d 100644
--- a/auth/credentials/credentials_secrets.c
+++ b/auth/credentials/credentials_secrets.c
@@ -231,6 +231,43 @@ _PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
_PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred,
struct loadparm_context *lp_ctx)
{
+ struct db_context *db_ctx;
+ char *secrets_tdb_path;
+
+ secrets_tdb_path = lpcfg_private_db_path(cred, lp_ctx, "secrets");
+ if (secrets_tdb_path == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ db_ctx = dbwrap_local_open(cred, lp_ctx, secrets_tdb_path, 0,
+ TDB_DEFAULT, O_RDWR, 0600,
+ DBWRAP_LOCK_ORDER_1,
+ DBWRAP_FLAG_NONE);
+ TALLOC_FREE(secrets_tdb_path);
+
+ /*
+ * We do not check for errors here, we might not have a
+ * secrets.tdb at all, and so we just need to check the
+ * secrets.ldb
+ */
+ return cli_credentials_set_machine_account_db_ctx(cred, lp_ctx, db_ctx);
+}
+
+/**
+ * Fill in credentials for the machine trust account, from the
+ * secrets.ldb or passed in handle to secrets.tdb (perhaps in CTDB).
+ *
+ * This version is used in parts of the code that can link in the
+ * CTDB dbwrap backend, by passing down the already open handle.
+ *
+ * @param cred Credentials structure to fill in
+ * @param db_ctx dbwrap context for secrets.tdb
+ * @retval NTSTATUS error detailing any failure
+ */
+_PUBLIC_ NTSTATUS cli_credentials_set_machine_account_db_ctx(struct cli_credentials *cred,
+ struct loadparm_context *lp_ctx,
+ struct db_context *db_ctx)
+{
NTSTATUS status;
char *filter;
char *error_string;
@@ -239,24 +276,14 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr
time_t secrets_tdb_lct = 0;
char *secrets_tdb_password = NULL;
char *secrets_tdb_old_password = NULL;
+ uint32_t secrets_tdb_secure_channel_type = SEC_CHAN_NULL;
char *keystr;
char *keystr_upper = NULL;
- char *secrets_tdb;
- struct db_context *db_ctx;
TALLOC_CTX *tmp_ctx = talloc_named(cred, 0, "cli_credentials_set_secrets from ldb");
if (!tmp_ctx) {
return NT_STATUS_NO_MEMORY;
}
- secrets_tdb = lpcfg_private_db_path(cred, lp_ctx, "secrets");
- if (!secrets_tdb) {
- TALLOC_FREE(tmp_ctx);
- return NT_STATUS_NO_MEMORY;
- }
-
- db_ctx = dbwrap_local_open(cred, lp_ctx, secrets_tdb, 0,
- TDB_DEFAULT, O_RDWR, 0600,
- DBWRAP_LOCK_ORDER_1,
- DBWRAP_FLAG_NONE);
+
/* Bleh, nasty recursion issues: We are setting a machine
* account here, so we don't want the 'pending' flag around
* any more */
@@ -287,6 +314,7 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr
if (NT_STATUS_IS_OK(status)) {
secrets_tdb_password = (char *)dbuf.dptr;
}
+
keystr = talloc_asprintf(tmp_ctx, "%s/%s",
SECRETS_MACHINE_PASSWORD_PREV,
domain);
@@ -296,6 +324,16 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr
if (NT_STATUS_IS_OK(status)) {
secrets_tdb_old_password = (char *)dbuf.dptr;
}
+
+ keystr = talloc_asprintf(tmp_ctx, "%s/%s",
+ SECRETS_MACHINE_SEC_CHANNEL_TYPE,
+ domain);
+ keystr_upper = strupper_talloc(tmp_ctx, keystr);
+ status = dbwrap_fetch(db_ctx, tmp_ctx, string_tdb_data(keystr_upper),
+ &dbuf);
+ if (NT_STATUS_IS_OK(status) && dbuf.dsize == 4) {
+ secrets_tdb_secure_channel_type = IVAL(dbuf.dptr,0);
+ }
}
filter = talloc_asprintf(cred, SECRETS_PRIMARY_DOMAIN_FILTER,
@@ -321,20 +359,35 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cr
cli_credentials_set_password(cred, secrets_tdb_password, CRED_SPECIFIED);
cli_credentials_set_old_password(cred, secrets_tdb_old_password, CRED_SPECIFIED);
cli_credentials_set_domain(cred, domain, CRED_SPECIFIED);
+ if (strequal(domain, lpcfg_workgroup(lp_ctx))) {
+ cli_credentials_set_realm(cred, lpcfg_realm(lp_ctx), CRED_SPECIFIED);
+ }
cli_credentials_set_username(cred, machine_account, CRED_SPECIFIED);
cli_credentials_set_password_last_changed_time(cred, secrets_tdb_lct);
+ cli_credentials_set_secure_channel_type(cred, secrets_tdb_secure_channel_type);
status = NT_STATUS_OK;
} else if (!NT_STATUS_IS_OK(status)) {
if (db_ctx) {
- error_string = talloc_asprintf(cred,
- "Failed to fetch machine account password from "
- "secrets.ldb: %s and failed to fetch %s from %s",
- error_string, keystr_upper, secrets_tdb);
+ error_string
+ = talloc_asprintf(cred,
+ "Failed to fetch machine account password for %s from both "
+ "secrets.ldb (%s) and from %s",
+ domain, error_string,
+ dbwrap_name(db_ctx));
} else {
+ char *secrets_tdb_path;
+
+ secrets_tdb_path = lpcfg_private_db_path(tmp_ctx,
+ lp_ctx,
+ "secrets");
+ if (secrets_tdb_path == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
error_string = talloc_asprintf(cred,
"Failed to fetch machine account password from "
"secrets.ldb: %s and failed to open %s",
- error_string, secrets_tdb);
+ error_string, secrets_tdb_path);
}
DEBUG(1, ("Could not find machine account in secrets database: %s: %s\n",
error_string, nt_errstr(status)));
diff --git a/ctdb/client/ctdb_client.c b/ctdb/client/ctdb_client.c
index 7d629db..07b17d0 100644
--- a/ctdb/client/ctdb_client.c
+++ b/ctdb/client/ctdb_client.c
@@ -54,7 +54,7 @@ struct ctdb_req_header *_ctdbd_allocate_pkt(struct ctdb_context *ctdb,
hdr->length = length;
hdr->operation = operation;
hdr->ctdb_magic = CTDB_MAGIC;
- hdr->ctdb_version = CTDB_VERSION;
+ hdr->ctdb_version = CTDB_PROTOCOL;
hdr->srcnode = ctdb->pnn;
if (ctdb->vnn_map) {
hdr->generation = ctdb->vnn_map->generation;
@@ -216,7 +216,7 @@ void ctdb_client_read_cb(uint8_t *data, size_t cnt, void *args)
goto done;
}
- if (hdr->ctdb_version != CTDB_VERSION) {
+ if (hdr->ctdb_version != CTDB_PROTOCOL) {
ctdb_set_error(ctdb, "Bad CTDB version 0x%x rejected in client\n", hdr->ctdb_version);
goto done;
}
@@ -3375,7 +3375,7 @@ struct ctdb_context *ctdb_init(struct event_context *ev)
ctdb->lastid = INT_MAX-200;
CTDB_NO_MEMORY_NULL(ctdb, ctdb->idr);
- ret = ctdb_set_socketname(ctdb, CTDB_PATH);
+ ret = ctdb_set_socketname(ctdb, CTDB_SOCKET);
if (ret != 0) {
DEBUG(DEBUG_ERR,(__location__ " ctdb_set_socketname failed.\n"));
talloc_free(ctdb);
diff --git a/ctdb/common/cmdline.c b/ctdb/common/cmdline.c
index ebe68e4..ab2b45e 100644
--- a/ctdb/common/cmdline.c
+++ b/ctdb/common/cmdline.c
@@ -97,9 +97,9 @@ struct ctdb_context *ctdb_cmdline_init(struct event_context *ev)
/* Set the debug level */
if (isalpha(ctdb_cmdline.debuglevel[0]) || ctdb_cmdline.debuglevel[0] == '-') {
- LogLevel = get_debug_by_desc(ctdb_cmdline.debuglevel);
+ DEBUGLEVEL = get_debug_by_desc(ctdb_cmdline.debuglevel);
} else {
- LogLevel = strtol(ctdb_cmdline.debuglevel, NULL, 0);
+ DEBUGLEVEL = strtol(ctdb_cmdline.debuglevel, NULL, 0);
}
/* set up the tree to store server ids */
@@ -148,9 +148,9 @@ struct ctdb_context *ctdb_cmdline_client(struct tevent_context *ev,
/* Set the debug level */
if (isalpha(ctdb_cmdline.debuglevel[0]) || ctdb_cmdline.debuglevel[0] == '-') {
- LogLevel = get_debug_by_desc(ctdb_cmdline.debuglevel);
+ DEBUGLEVEL = get_debug_by_desc(ctdb_cmdline.debuglevel);
} else {
- LogLevel = strtol(ctdb_cmdline.debuglevel, NULL, 0);
+ DEBUGLEVEL = strtol(ctdb_cmdline.debuglevel, NULL, 0);
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list