[SCM] Samba Shared Repository - branch v4-1-stable updated
Karolin Seeger
kseeger at samba.org
Mon Jul 28 01:35:45 MDT 2014
The branch, v4-1-stable has been updated
via fcc634b Merge commit 'origin/v4-1-test^' into v4-1-stable
via 80a1dfd VERSION: Disable git snapshots for the 4.1.10 release.
via 7253047 WHATSNEW: Add release notes for Samba 4.1.10.
via 1a9a02d ldb-samba: fix a memory leak in ldif_canonicalise_objectCategory()
via 6526cb7 s3: SMB2 : Fix leak of blocking lock records in the database.
via 8fa384d s3: smb2: Simplify logic in reprocess_blocked_smb2_lock().
via ead305e s3: smb2: Remove unused code from remove_pending_lock().
via 4c32263 selftest/knownfail: ignore samba3.smb2.oplock.exclusive5 failures in v4-1-*
via f2da72f smbd: Remove 2 indentation levels
via f8af687 s3: smbd - Prevent file truncation on an open that fails with share mode violation.
via 610320e s4:dsdb/repl_meta_data: make sure objectGUID can't be deleted
via b532f24 selftest: teardown the environments also on getting SIGPIPE
via d485ebd libwbclient: allow only one initial_blob/challenge_blob in wbcCredentialCache()
via 0390735 s3: libwbclient: Don't break out of loop too soon - find all parameters.
via 82f4748 s4:dsdb/samldb: don't allow 'userParameters' to be modified over LDAP for now
via a29068f dbcheck: Add check and test for various invalid userParameters values
via 75eaf99 dsdb: Always store and return the userParameters as a array of LE 16-bit values
via 50b6474 dsdb: Set syntax of userParameters to binary string, not unicode string
via 30e638f torture4: Make raw.lock.multilock fail after 20 seconds
via dfe449a torture4: Adapt comment to code
via 7eb800d s4: smbtorture: Add multi-lock test. Regression test for bug #10684.
via 2f118b6 s3: smbd: Locking - re-add pending lock records if we fail to acquire a lock (and the lock hasn't timed out).
via 01753e8 s3: smbd: Locking - treat lock timeout the same as any other error.
via 6484211 s3: smbd: Locking - add and use utility function lock_timed_out().
via 76dd28b s3: smbd: Locking - convert to using utility macro used elsewhere.
via b23e9d5 s4:dsdb/extended_dn_in: don't force DSDB_SEARCH_SHOW_RECYCLED
via f23869c s4:dsdb/kcc: use SHOW_RECYCLED instead of SHOW_DELETED in when deleting tombstone/deleted objects
via 498e7cc s4:dsdb/schema_load: make error message more verbose
via 38c5f5b dbcheck: Ensure dbcheck can operate with --attrs set
via e4bf67a kerberos: Remove un-used event context argument from smb_krb5_init_context()
via c0091d0 dsdb: Specify no event context to smb_krb5_init_context() in dsdb
via 4c0595f dsdb: Add DSDB_SEARCH_ONE_ONLY support to dsdb_module_search*()
via bdd363a dsdb: Do not permit nested event loops when in a transaction, use a nested event context
via 5289cb9 dsdb: Rename private_data to rootdse_private_data in rootdse
via f377654 dsdb: Add more tests for DN+String and DN+Binary comparisons
via f18a67a selftest: Add tests for dbcheck detection and removal of partial objects
via ddfbfd7 dsdb: Make it harder to corrupt the database by requiring DBCHECK or RELAX for final object deletion
via 5572384 build: Exclude source4/selftest/provisions/release-4-1-0rc3 from the tarball
via f2c728d dbcheck: Directly call dn.get_rdn_{val,name}() for clarity and consistency
via 7746ad2 dbchecker: verify and fix broken dn values
via 8546c70 dbchecker: make the deleted objects container detection more generic
via 1b4a949 dsdb: Do not refresh the schema using the wrong event context
via f72899e dsdb: Do not store a struct ldb_dn in struct schema_data
via 4730d74 samba-tool dbcheck: handle missing objectClass
via 87b40d4 dsdb: Improve missing objectClass handling
via 56caec5 dsdb: Improve errors and checks for missing objectClass values
via 483d5e3 dsdb: Clarify how the DSDB_REPL_FLAG_PRIORITISE_INCOMING flag works
via a2d3f1a dsdb: Do not update notify_uSN until the transaction is genuinely committed to the DB
via 519d069 dsdb: Further assert that we always have an objectClass and an rDN
via ddf9b85 dsdb: Ensure to sort replPropertyMetaData as UNSIGNED, not SIGNED quantities
via 5ce7f30 s4:samdb: respect SEARCH_FLAG_PRESERVEONDELETE
via 73e5b13 s4-samldb: Do not allow deletion of objects with RID < 1000
via f4f9a65 dsdb: Use dsdb_next_callback() rather than a no-op per-module callback
via b5294f2 s4-dsdb: instanceType NC_HEAD is only allowed combined with WRITE for an originating add operation
via 48b8d0e s4:dsdb/repl: make use of dcerpc_binding_handle_is_connected()
via 0bd326d s3:smb2_read: let smb2_sendfile_send_data() behave like send_file_readX()
via a8adafa net/doc: make clear that net vampire is for NT4 domains only
via c0dd653 ldb:build: improve detection of srcdir
via dd2a1ea ldb: make the successful ldb_transaction_start() message clearer
via 4b5ec41 ldb: change version to 1.1.17
via 94c793d ldb:pyldb: add some more helper functions for LdbDn
via d2615ee ldb:pyldb: fix doc string for set_extended_component()
via 1ac7ee6 ldb:pyldb: add some const to PyObject_FromLdbValue()
via 0c1511e ldb: Add a env variable to disable RTLD_DEEPBIND.
via 86508d7 ldb: pass module init errors back to the caller
via ad4a09c ldb: Return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS rather than OPERATIONS_ERROR on EACCES and EPERM
via a8c9519 ldb: Fix 1138330 Dereference null return value
via 90da5f3 lib/ldb fix compiler warnings
via 7c98a57 lib/ldb fix compiler warnings
via 3f4d6d2 ldb: use of NULL pointer bugfix
via 0919ef3 ldb: Fix CID 241329 Array compared against 0
via 8a618ab ldb: Fix CID 240798 Uninitialized pointer read
via b4960c4 ldb:rdn_name: reject 'distinguishedName' depending of the MOD flags
via b89ef65 dsdb/tests/ldap: fix test_distinguished_name against w2k8r2
via 540dd6f s4-openldap: Remove use of talloc_reference in ldb_map_outbound.c
via cdd4ef6 Add LDB_MAP_RENDROP option
via c257bc6 Fix SEGV from improperly formed SUBSTRING/PRESENCE filter
via 3d932b0 Cleanup map return codes
via 1173cd7 ldb: Show the type of failing operation in default error message
via 06c993e ldb: Do not build libldb-cmdline when using system ldb.
via c638eee ldb_map: Fix CID 1034791 Dereference null return value
via d990fa2 pyldb: Fix CID 1034792 Dereference null return value
via c7a376e ldb: Fix CID 1034793 Dereference null return value
via fc8d199 ldb: Fix a const warning
via 3e51316 pyldb: decrement ref counters on py_results and quiet warnings
via b4904f6 provision: capture slightly less generic exceptions during the test for acls
via 8892da9 pysmbd: improve the return of error codes in the python smbd bindings
via a9b2df4 provision: improve error message when connecting to samdb without the correct permissions
via 1da8bec provision: Fix failures on re-provision incorrectly blamed on posix acl support.
via a4c1e9a passdb: Do not routinely clear the global memory returned by get_global_sam_sid()
via 656e363 samdb: Fix CID 1034910 Dereference before null check
via a678cd4 samdb: Fix CID 1034910 Dereference before null check
via 0b3f7af s4:dsdb/ldb_modules: avoid invalid pointer type warnings
via 3251430 s4:dsdb fix compiler warnings
via d6d69c6 s4-dsdb: Fix a use after free segfault.
via 7013fff s4:dsdb fix compiler warnings
via 6b2d4aa s4:dsdb fix compiler warnings
via c66913f s4:dsdb/ldb_modules: avoid declaration after code warnings
via bbe79b8 s4-rpc_server/drsuapi: Print ldb error showing why we failed to perform the access check
via 8bf3d4e s4-dsacl: Fixed incorrect handling of privileges in sec_access_check_ds
via ee2cf1d dsdb: Return LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS rather than OPERATIONS_ERROR on EACCES and EPERM
via 7e07e6d dsdb: Do not give an error is metadata.tdb does not yet exist
via ccfc87f dsdb: Provide a clearer error when we fail to store the sequence number in metadata.tdb
via dbaab08 samdb: Fix CID 1034910 Dereference before null check
via f18e5f5 drs-cracksname: fix problems that prevented to pass our torture tests
via 13a5eca drs-crackname: Fix error code so that we have the same as windows
via e7eed8f drs-cracknames: When cracking NT4 names we should just look at netbios for the match
via 4ffc82e drs-crackname: Fix cracknames for the format UNKNOWN when the data is actually a GUID
via 29ec8f4 selftest/subunithelper.py: correctly pass testsuite-uxsuccess to end_testsuite()
via 484d746 selftest/subunithelper.py: correctly handle fail_immediately in end_testsuite of FilterOps
via be09c41 selftest/subunithelper.py: correctly handle unexpected success in FilterOps
via 2354597 script/autobuild: use --force-rebase option
via 50af515 s4:repl_meta_data: fix array assignment in replmd_process_linked_attribute()
via 7408da9 torture3: Fix bug 10687
via 93c1a27 libsmb: Provide a talloc_stackframe() to external users of libsmb_setget.c
via 5c503dd libsmbclient: Wrap more function calls in talloc_stackframe() to protect against talloc_tos() calls
via 14a9705 pam_smbpass: Wrap calls in talloc_stackframe() to avoid warnings about leaking memory
via 14e7f98 smbd: Avoid double-free in get_print_db_byname
via c8904fa s3: smbd: Locking, fix off-by one calculation in brl_pending_overlap().
via 74a8055 smbstatus: Fix an uninitialized variable
via a9dcd02 s3: fix missing braces in nfs4_acls.c
via 79f1129 s3:winbindd - fix bad bugfix for bug #10280 - winbind panic if AD server is down.
via f925ebc s3/s4: smbd, rpc, ldap, cldap, kdc services.
via 2541ab3 samba-tool: add --site parameter to provision command (bug #10674)
via f1b969b provision/sambadns: remove redundant site parameter
via 7e38fcb msg_channel: Fix a 100% CPU loop
via 406e412 smbd: Fix bug 10593
via 3390f57 VERSION: Bump version up to 4.1.10.
via dffc7ba Merge tag 'samba-4.1.9' into v4-1-test
via 5663c4a winbindd: Ensure we do not look at rid_array before checking if it was returned
via b42fb61 s3: libsmbclient: Work around bugs in SLES cifsd and Apple smbx SMB1 servers.
via 5857b18 s3: client : correctly fill in the struct smb_create_returns from cli_ntcreate(), cli_ntcreate_recv(), cli_nttrans_create() and cli_nttrans_create_recv().
via 569a4e1 s3: client : Add extra return parameter to all client open calls.
via 2363553 s3: client - rename 'struct smb2_create_returns' to 'struct smb_create_returns' so we can use this in SMB1 create returns as well.
via b1523ef VERSION: Bump version number up to 4.1.9...
from 97d7291 Merge tag 'samba-4.1.9' into v4-1-stable
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-1-stable
- Log -----------------------------------------------------------------
commit fcc634b483255bedf53f3aea40334c018e13dcce
Merge: 97d7291d12e803076022d71556c792b0cd4e60e8 80a1dfddf9086700a8de5fd6005a9179b0bb3d9e
Author: Karolin Seeger <kseeger at samba.org>
Date: Mon Jul 28 09:13:45 2014 +0200
Merge commit 'origin/v4-1-test^' into v4-1-stable
This was needed because of a changed commit message (fixed version number)
in v4-1-stable after generating the 'samba-4.1.9' tag.
Karolin
Signed-off-by: Karolin Seeger <kseeger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 151 +-
auth/credentials/credentials_krb5.c | 2 +-
docs-xml/manpages/net.8.xml | 2 +
lib/ldb-samba/ldif_handlers.c | 7 +-
lib/ldb/ABI/{ldb-1.1.14.sigs => ldb-1.1.17.sigs} | 0
...ldb-util-1.1.10.sigs => pyldb-util-1.1.17.sigs} | 0
lib/ldb/common/ldb.c | 25 +-
lib/ldb/common/ldb_dn.c | 4 +-
lib/ldb/common/ldb_modules.c | 52 +-
lib/ldb/ldb_map/ldb_map.c | 16 +-
lib/ldb/ldb_map/ldb_map.h | 3 +-
lib/ldb/ldb_map/ldb_map_inbound.c | 21 +-
lib/ldb/ldb_map/ldb_map_outbound.c | 64 +-
lib/ldb/ldb_map/ldb_map_private.h | 2 +-
lib/ldb/ldb_tdb/ldb_tdb.c | 7 +-
lib/ldb/modules/rdn_name.c | 10 +-
lib/ldb/modules/sort.c | 2 +-
lib/ldb/pyldb.c | 124 +-
lib/ldb/tools/ldbtest.c | 4 +
lib/ldb/wscript | 12 +-
libcli/security/access_check.c | 12 +-
libcli/smb/smb2_create_blob.h | 2 +-
libcli/smb/smb2cli_create.c | 6 +-
libcli/smb/smbXcli_base.h | 6 +-
nsswitch/libwbclient/wbc_pam.c | 30 +-
python/samba/dbchecker.py | 222 +-
python/samba/netcmd/domain.py | 5 +-
python/samba/provision/__init__.py | 61 +-
python/samba/provision/sambadns.py | 5 +-
python/samba/tests/samba3sam.py | 12 +-
script/autobuild.py | 4 +-
selftest/knownfail | 1 +
selftest/selftest.pl | 25 +-
selftest/subunithelper.py | 25 +-
selftest/tests.py | 1 +
source3/client/client.c | 10 +-
source3/lib/msg_channel.c | 12 +
source3/libsmb/cli_np_tstream.c | 2 +-
source3/libsmb/cli_smb2_fnum.c | 4 +-
source3/libsmb/cli_smb2_fnum.h | 2 +-
source3/libsmb/clifile.c | 73 +-
source3/libsmb/cliquota.c | 2 +-
source3/libsmb/clisymlink.c | 4 +-
source3/libsmb/libsmb_context.c | 17 +
source3/libsmb/libsmb_setget.c | 17 +-
source3/libsmb/libsmb_xattr.c | 6 +-
source3/libsmb/proto.h | 14 +-
source3/libsmb/pylibsmb.c | 2 +-
source3/locking/brlock.c | 2 +-
source3/locking/share_mode_lock.c | 1 +
source3/modules/nfs4_acls.c | 3 +-
source3/pam_smbpass/pam_smb_acct.c | 9 +
source3/pam_smbpass/pam_smb_auth.c | 7 +
source3/pam_smbpass/pam_smb_passwd.c | 16 +-
source3/passdb/machine_account_secrets.c | 10 +-
source3/passdb/pdb_samba_dsdb.c | 77 +-
source3/printing/printing_db.c | 4 +-
source3/smbd/blocking.c | 195 +-
source3/smbd/open.c | 22 +-
source3/smbd/pysmbd.c | 58 +-
source3/smbd/server.c | 16 +-
source3/smbd/smb2_create.c | 9 +-
source3/smbd/smb2_lock.c | 69 +-
source3/smbd/smb2_read.c | 69 +-
source3/torture/nbench.c | 2 +-
source3/torture/nbio.c | 2 +-
source3/torture/test_chain3.c | 2 +-
source3/torture/test_cleanup.c | 14 +-
source3/torture/test_notify.c | 6 +-
source3/torture/test_notify_online.c | 4 +-
source3/torture/test_nttrans_create.c | 4 +-
source3/torture/test_nttrans_fsctl.c | 2 +-
source3/torture/test_posix_append.c | 2 +-
source3/torture/torture.c | 127 +-
source3/torture/utable.c | 2 +-
source3/utils/net_rpc.c | 3 +-
source3/utils/net_rpc_printer.c | 7 +-
source3/utils/smbcacls.c | 6 +-
source3/winbindd/winbindd_cache.c | 4 +-
source3/winbindd/winbindd_rpc.c | 6 +-
source4/auth/gensec/gensec_gssapi.c | 1 -
source4/auth/kerberos/krb5_init_context.c | 12 -
source4/auth/kerberos/krb5_init_context.h | 2 +-
source4/cldap_server/cldap_server.c | 8 +-
source4/dns_server/dlz_bind9.c | 2 +-
source4/dns_server/dns_server.c | 9 +-
source4/dsdb/common/tests/dsdb_dn.c | 14 +
source4/dsdb/common/util.c | 59 +-
source4/dsdb/kcc/kcc_deleted.c | 2 +-
source4/dsdb/repl/drepl_out_helpers.c | 52 +-
source4/dsdb/repl/replicated_objects.c | 14 +-
source4/dsdb/samdb/cracknames.c | 38 +-
source4/dsdb/samdb/ldb_modules/descriptor.c | 2 +-
source4/dsdb/samdb/ldb_modules/dirsync.c | 7 +-
source4/dsdb/samdb/ldb_modules/extended_dn_in.c | 37 +-
source4/dsdb/samdb/ldb_modules/instancetype.c | 3 +-
source4/dsdb/samdb/ldb_modules/objectclass.c | 54 +-
source4/dsdb/samdb/ldb_modules/operational.c | 2 +-
.../dsdb/samdb/ldb_modules/partition_metadata.c | 34 +-
source4/dsdb/samdb/ldb_modules/password_hash.c | 1 -
source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 267 +-
source4/dsdb/samdb/ldb_modules/rootdse.c | 110 +-
source4/dsdb/samdb/ldb_modules/samldb.c | 29 +-
source4/dsdb/samdb/ldb_modules/schema_data.c | 16 +-
source4/dsdb/samdb/ldb_modules/schema_load.c | 207 +-
source4/dsdb/samdb/ldb_modules/secrets_tdb_sync.c | 6 +-
source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 2 +-
source4/dsdb/samdb/ldb_modules/update_keytab.c | 11 +-
source4/dsdb/samdb/ldb_modules/util.c | 13 +
source4/dsdb/samdb/samdb.c | 7 -
source4/dsdb/samdb/samdb.h | 1 +
source4/dsdb/schema/schema.h | 10 +-
source4/dsdb/schema/schema_init.c | 10 -
source4/dsdb/schema/schema_set.c | 98 +-
source4/dsdb/schema/schema_syntax.c | 11 +
source4/dsdb/tests/python/acl.py | 26 +
source4/dsdb/tests/python/ldap.py | 27 +-
source4/dsdb/tests/python/sam.py | 37 +-
source4/kdc/kdc.c | 14 +-
source4/ldap_server/ldap_server.c | 8 +-
source4/libnet/libnet_export_keytab.c | 2 +-
source4/libnet/libnet_vampire.c | 5 -
source4/rpc_server/dcerpc_server.c | 8 +-
source4/rpc_server/drsuapi/drsutil.c | 2 +-
source4/rpc_server/lsa/dcesrv_lsa.c | 1 -
source4/rpc_server/samr/dcesrv_samr.c | 17 +-
.../etc/smb.conf.template | 16 +
.../private/dns_update_list | 0
.../private/hklm.ldb.dump | 80 +
.../private/idmap.ldb.dump | 48 +
.../release-4-1-6-partial-object/private/krb5.conf | 4 +
.../private/named.conf.update | 7 +
.../private/privilege.ldb.dump | 156 +
.../private/randseed.tdb.dump | 0
...NFIGURATION,DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump |29104 +++++++++++++
...NFIGURATION,DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump |43468 ++++++++++++++++++++
...AINDNSZONES,DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump | 928 +
...ESTDNSZONES,DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump | 488 +
.../sam.ldb.d/DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump | 6036 +++
.../private/sam.ldb.d/metadata.tdb.dump | 4 +
.../private/sam.ldb.dump | 40 +
.../private/schannel_store.tdb.dump | 0
.../private/secrets.keytab | Bin 0 -> 1222 bytes
.../private/secrets.ldb.dump | 44 +
.../private/secrets.tdb.dump | 16 +
.../private/share.ldb.dump | 32 +
.../private/smbd.tmp/msg/names.tdb.dump | 52 +
.../private/spn_update_list | 0
.../private/tls/admincert.pem | 17 +
.../private/tls/admincertupn.pem | 17 +
.../private/tls/adminkey.pem | 15 +
.../private/tls/ca.pem | 14 +
.../private/tls/cert.pem | 15 +
.../private/tls/dhparms.pem | 5 +
.../private/tls/kdc.pem | 17 +
.../private/tls/key.pem | 15 +
.../private/wins_config.ldb.dump | 8 +
source4/torture/auth/pac.c | 3 +-
source4/torture/raw/lock.c | 97 +
source4/utils/oLschema2ldif.c | 1 -
source4/utils/wscript_build | 2 +-
testdata/samba3/samba3.ldif | 4 +-
testprogs/blackbox/dbcheck-oldrelease.sh | 158 +-
testprogs/blackbox/dbcheck.sh | 5 +
wscript | 2 +-
166 files changed, 83187 insertions(+), 881 deletions(-)
copy lib/ldb/ABI/{ldb-1.1.14.sigs => ldb-1.1.17.sigs} (100%)
copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util-1.1.17.sigs} (100%)
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/etc/smb.conf.template
copy source4/selftest/provisions/{release-4-0-0 => release-4-1-6-partial-object}/private/dns_update_list (100%)
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/hklm.ldb.dump
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/idmap.ldb.dump
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/krb5.conf
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/named.conf.update
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/privilege.ldb.dump
copy source4/selftest/provisions/{release-4-1-0rc3 => release-4-1-6-partial-object}/private/randseed.tdb.dump (100%)
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/sam.ldb.d/CN=CONFIGURATION,DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/sam.ldb.d/DC=DOMAINDNSZONES,DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/sam.ldb.d/DC=FORESTDNSZONES,DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/sam.ldb.d/DC=SAMBA,DC=EXAMPLE,DC=COM.ldb.dump
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/sam.ldb.d/metadata.tdb.dump
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/sam.ldb.dump
copy source4/selftest/provisions/{release-4-1-0rc3 => release-4-1-6-partial-object}/private/schannel_store.tdb.dump (100%)
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/secrets.keytab
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/secrets.ldb.dump
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/secrets.tdb.dump
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/share.ldb.dump
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/smbd.tmp/msg/names.tdb.dump
copy source4/selftest/provisions/{release-4-0-0 => release-4-1-6-partial-object}/private/spn_update_list (100%)
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/tls/admincert.pem
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/tls/admincertupn.pem
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/tls/adminkey.pem
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/tls/ca.pem
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/tls/cert.pem
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/tls/dhparms.pem
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/tls/kdc.pem
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/tls/key.pem
create mode 100644 source4/selftest/provisions/release-4-1-6-partial-object/private/wins_config.ldb.dump
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 6783ea5..10e41cd 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=1
-SAMBA_VERSION_RELEASE=9
+SAMBA_VERSION_RELEASE=10
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 7ae1ce9..cb9a1c6 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,150 @@
+ ==============================
+ Release Notes for Samba 4.1.10
+ July 28, 2014
+ ==============================
+
+
+This is the latest stable release of Samba 4.1.
+
+
+Changes since 4.1.9:
+--------------------
+
+o Michael Adam <obnox at samba.org>
+ * BUG 10693: Backport ldb-1.1.17 + changes from master.
+
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 10587: s3: libsmbclient: Work around bugs in SLES cifsd and Apple smbx
+ SMB1 servers.
+ * BUG 10653: Samba won't start on a machine configured with only IPv4.
+ * BUG 10671: s3: smbd: Prevent file truncation on an open that fails with
+ share mode violation.
+ * BUG 10673: s3: SMB2: Fix leak of blocking lock records in the database.
+ * BUG 10684: SMB1 blocking locks can fail notification on unlock, causing
+ client timeout.
+ * BUG 10685: s3: smbd: Locking, fix off-by one calculation in
+ brl_pending_overlap().
+ * BUG 10692: wbcCredentialCache fails if challenge_blob is not first.
+
+
+o Christian Ambach <ambi at samba.org>
+ * BUG 10693: lib/ldb: Fix compiler warnings.
+
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 8077: dbcheck: Add check and test for various invalid userParameters
+ values.
+ * BUG 8449: Simple use case results in "no talloc stackframe around, leaking
+ memory" error.)
+ * BUG 10130: dsdb: Always store and return the userParameters as a array of
+ LE 16-bit values.
+ * BUG 10582: dsdb: Rename private_data to rootdse_private_data in rootdse.
+ * BUG 10627: rid_array used before status checked - segmentation fault due
+ to null pointer dereference.
+ * BUG 10693: ldb: make the successful ldb_transaction_start() message
+ clearer.
+ * BUG 10694: dsdb: Return NO_SUCH_OBJECT if a basedn is a deleted object.
+ * BUG 10700: Backport access check related fixes from master.
+
+
+o Björn Baumbach <bb at sernet.de>
+ * BUG 10674: samba-tool: Add --site parameter to provision command.
+
+
+o Howard Chu <hyc at symas.com>
+ * BUG 10693: Fix SEGV from improperly formed SUBSTRING/PRESENCE filter.
+
+
+o Jeroen Dekkers <jeroen at dekkers.ch>
+ * BUG 10693: ldb: Do not build libldb-cmdline when using system ldb.
+
+
+o Nadezhda Ivanova <nivanova at symas.com>
+ * BUG 10693: s4-openldap: Remove use of talloc_reference in
+ ldb_map_outbound.c
+
+
+o Björn Jacke <bj at sernet.de>
+ * BUG 3263: net/doc: Make clear that net vampire is for NT4 domains only.
+
+
+o Abhidnya Joshi <achirmul at in.ibm.com>
+ * BUG s3: Fix missing braces in nfs4_acls.c.
+
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 10593: Fix "PANIC: assert failed at ../source3/smbd/open.c(1582): ret".
+ * BUG 10663: msg_channel: Fix a 100% CPU loop.
+ * BUG 10671: s3: smbd: Prevent file truncation on an open that fails with
+ share mode violation.
+ * BUG 10680: smbstatus: Fix an uninitialized variable.
+ * BUG 10687: 'RW2' smbtorture test fails when -N <numprocs> is set to 2 due
+ to the invalid status check in the second client.
+ * BUG 10693: ldb: Fix 1138330 Dereference null return value, fix CIDs
+ 241329, 240798, 1034791, 1034792 1034910, 1034910).
+ * BUG 10699: smbd: Avoid double-free in get_print_db_byname.
+
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 8077: s4:dsdb/samldb: Don't allow 'userParameters' to be modified over
+ LDAP for now.
+ * BUG 9763: s4:dsdb/repl_meta_data: Make sure objectGUID can't be deleted.
+ * BUG 10469: ldb-samba: fix a memory leak in
+ ldif_canonicalise_objectCategory().
+ * BUG 10294: s4:repl_meta_data: fix array assignment in
+ replmd_process_linked_attribute().
+ * BUG 10536: dbchecker: Verify and fix broken dn values.
+ * BUG 10692: wbcCredentialCache fails if challenge_blob is not first.
+ * BUG 10693: ldb:pyldb: Add some more helper functions for LdbDn.
+ * BUG 10694: s4:dsdb/extended_dn_in: Don't force DSDB_SEARCH_SHOW_RECYCLED.
+ * BUG 10696: Backport autobuild/selftest fixes from master.
+ * BUG 10706: s3:smb2_read: let smb2_sendfile_send_data() behave like
+ send_file_readX().
+
+
+o Matthieu Patou <mat at matws.net>
+ * BUG 10693: pyldb: Decrement ref counters on py_results and quiet warnings.
+ * BUG 10698: Backport drs-crackname fixes from master.
+
+
+o Pavel Reichl <pavel.reichl at redhat.com>
+ * BUG 10693: ldb: Use of NULL pointer bugfix.
+
+
+o Garming Sam <garming at catalyst.net.nz>
+ * BUG 10703: Backport provision fixes from master.
+
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 10693: ldb: Add a env variable to disable RTLD_DEEPBIND.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+======================================================================
+
=============================
Release Notes for Samba 4.1.9
June 23, 2014
@@ -52,8 +199,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
=============================
Release Notes for Samba 4.1.8
diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c
index cc51f56..ec6a695 100644
--- a/auth/credentials/credentials_krb5.c
+++ b/auth/credentials/credentials_krb5.c
@@ -48,7 +48,7 @@ _PUBLIC_ int cli_credentials_get_krb5_context(struct cli_credentials *cred,
return 0;
}
- ret = smb_krb5_init_context(cred, NULL, lp_ctx,
+ ret = smb_krb5_init_context(cred, lp_ctx,
&cred->smb_krb5_context);
if (ret) {
cred->smb_krb5_context = NULL;
diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
index 5417054..e2e1b8f 100644
--- a/docs-xml/manpages/net.8.xml
+++ b/docs-xml/manpages/net.8.xml
@@ -1229,6 +1229,8 @@ to run this against the PDC, from a Samba machine joined as a BDC. </para>
<para>Export users, aliases and groups from remote server to
local server. You need to run this against the PDC, from a Samba machine joined as a BDC.
+This vampire command cannot be used against an Active Directory, only
+against an NT4 Domain Controller.
</para>
</refsect2>
diff --git a/lib/ldb-samba/ldif_handlers.c b/lib/ldb-samba/ldif_handlers.c
index c7385f6..93cce29 100644
--- a/lib/ldb-samba/ldif_handlers.c
+++ b/lib/ldb-samba/ldif_handlers.c
@@ -483,8 +483,13 @@ static int ldif_canonicalise_objectCategory(struct ldb_context *ldb, void *mem_c
const char *lDAPDisplayName = talloc_strndup(tmp_ctx, (char *)in->data, in->length);
sclass = dsdb_class_by_lDAPDisplayName(schema, lDAPDisplayName);
if (sclass) {
- struct ldb_dn *dn = ldb_dn_new(mem_ctx, ldb,
+ struct ldb_dn *dn = ldb_dn_new(tmp_ctx, ldb,
sclass->defaultObjectCategory);
+ if (dn == NULL) {
+ talloc_free(tmp_ctx);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
*out = data_blob_string_const(ldb_dn_alloc_casefold(mem_ctx, dn));
talloc_free(tmp_ctx);
diff --git a/lib/ldb/ABI/ldb-1.1.14.sigs b/lib/ldb/ABI/ldb-1.1.17.sigs
similarity index 100%
copy from lib/ldb/ABI/ldb-1.1.14.sigs
copy to lib/ldb/ABI/ldb-1.1.17.sigs
diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs b/lib/ldb/ABI/pyldb-util-1.1.17.sigs
similarity index 100%
copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs
copy to lib/ldb/ABI/pyldb-util-1.1.17.sigs
diff --git a/lib/ldb/common/ldb.c b/lib/ldb/common/ldb.c
index 3dc6d87..c49513c 100644
--- a/lib/ldb/common/ldb.c
+++ b/lib/ldb/common/ldb.c
@@ -112,6 +112,10 @@ struct ldb_context *ldb_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev_ctx)
* having to provide their own private one explicitly */
if (ev_ctx == NULL) {
ev_ctx = tevent_context_init(ldb);
+ if (ev_ctx == NULL) {
+ talloc_free(ldb);
+ return NULL;
+ }
tevent_set_debug(ev_ctx, ldb_tevent_debug, ldb);
tevent_loop_allow_nesting(ev_ctx);
}
@@ -253,11 +257,12 @@ int ldb_connect(struct ldb_context *ldb, const char *url,
return ret;
}
- if (ldb_load_modules(ldb, options) != LDB_SUCCESS) {
+ ret = ldb_load_modules(ldb, options);
+ if (ret != LDB_SUCCESS) {
ldb_debug(ldb, LDB_DEBUG_FATAL,
"Unable to load modules for %s: %s",
url, ldb_errstring(ldb));
- return LDB_ERR_OTHER;
+ return ret;
}
/* set the default base dn */
@@ -366,10 +371,14 @@ int ldb_transaction_start(struct ldb_context *ldb)
ldb_strerror(status),
status);
}
- }
- if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
- ldb_debug(module->ldb, LDB_DEBUG_TRACE, "start ldb transaction error: %s",
- ldb_errstring(module->ldb));
+ if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
+ ldb_debug(module->ldb, LDB_DEBUG_TRACE, "start ldb transaction error: %s",
+ ldb_errstring(module->ldb));
+ }
+ } else {
+ if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
+ ldb_debug(module->ldb, LDB_DEBUG_TRACE, "start ldb transaction success");
+ }
}
return status;
}
@@ -572,8 +581,8 @@ int ldb_wait(struct ldb_handle *handle, enum ldb_wait_type type)
struct tevent_context *ev;
int ret;
- if (!handle) {
- return ldb_error(handle->ldb, LDB_ERR_UNAVAILABLE, NULL);
+ if (handle == NULL) {
+ return LDB_ERR_UNAVAILABLE;
}
if (handle->state == LDB_ASYNC_DONE) {
diff --git a/lib/ldb/common/ldb_dn.c b/lib/ldb/common/ldb_dn.c
index 14596f6..6b6f90c 100644
--- a/lib/ldb/common/ldb_dn.c
+++ b/lib/ldb/common/ldb_dn.c
@@ -287,7 +287,7 @@ char *ldb_dn_escape_value(TALLOC_CTX *mem_ctx, struct ldb_val value)
*/
static bool ldb_dn_explode(struct ldb_dn *dn)
{
- char *p, *ex_name, *ex_value, *data, *d, *dt, *t;
+ char *p, *ex_name = NULL, *ex_value = NULL, *data, *d, *dt, *t;
bool trim = true;
bool in_extended = true;
bool in_ex_name = false;
@@ -298,7 +298,7 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
bool is_oid = false;
bool escape = false;
unsigned int x;
- size_t l;
+ size_t l = 0;
int ret;
char *parse_dn;
bool is_index;
diff --git a/lib/ldb/common/ldb_modules.c b/lib/ldb/common/ldb_modules.c
index 4403656..05a8d8a 100644
--- a/lib/ldb/common/ldb_modules.c
+++ b/lib/ldb/common/ldb_modules.c
@@ -554,8 +554,33 @@ int ldb_next_request(struct ldb_module *module, struct ldb_request *request)
return ret;
}
if (!ldb_errstring(module->ldb)) {
+ const char *op;
+ switch (request->operation) {
+ case LDB_SEARCH:
+ op = "LDB_SEARCH";
+ break;
+ case LDB_ADD:
+ op = "LDB_ADD";
+ break;
+ case LDB_MODIFY:
+ op = "LDB_MODIFY";
+ break;
+ case LDB_DELETE:
+ op = "LDB_DELETE";
+ break;
+ case LDB_RENAME:
+ op = "LDB_RENAME";
+ break;
+ case LDB_EXTENDED:
+ op = "LDB_EXTENDED";
+ break;
+ default:
+ op = "request";
+ break;
+ }
+
/* Set a default error string, to place the blame somewhere */
- ldb_asprintf_errstring(module->ldb, "error in module %s: %s (%d)", module->ops->name, ldb_strerror(ret), ret);
+ ldb_asprintf_errstring(module->ldb, "error in module %s: %s during %s (%d)", module->ops->name, ldb_strerror(ret), op, ret);
}
if (!(request->handle->flags & LDB_HANDLE_FLAG_DONE_CALLED)) {
@@ -876,6 +901,7 @@ static int ldb_modules_load_path(const char *path, const char *version)
} *loaded;
struct loaded *le;
int dlopen_flags;
+ bool deepbind_enabled = (getenv("LDB_MODULES_DISABLE_DEEPBIND") == NULL);
ret = stat(path, &st);
if (ret != 0) {
@@ -909,13 +935,25 @@ static int ldb_modules_load_path(const char *path, const char *version)
dlopen_flags = RTLD_NOW;
#ifdef RTLD_DEEPBIND
- /* use deepbind if possible, to avoid issues with different
- system library varients, for example ldb modules may be linked
- against Heimdal while the application may use MIT kerberos
-
- See the dlopen manpage for details
+ /*
+ * use deepbind if possible, to avoid issues with different
+ * system library varients, for example ldb modules may be linked
+ * against Heimdal while the application may use MIT kerberos.
+ *
+ * See the dlopen manpage for details.
+ *
+ * One typical user is the bind_dlz module of Samba,
+ * but symbol versioniong might be enough...
+ *
+ * We need a way to disable this in order to allow the
+ * ldb_*ldap modules to work with a preloaded socket wrapper.
+ *
+ * So in future we may remove this completely
+ * or at least invert the default behavior.
*/
- dlopen_flags |= RTLD_DEEPBIND;
+ if (deepbind_enabled) {
+ dlopen_flags |= RTLD_DEEPBIND;
+ }
#endif
handle = dlopen(path, dlopen_flags);
diff --git a/lib/ldb/ldb_map/ldb_map.c b/lib/ldb/ldb_map/ldb_map.c
index d35e5c6..66b0059 100644
--- a/lib/ldb/ldb_map/ldb_map.c
+++ b/lib/ldb/ldb_map/ldb_map.c
@@ -223,12 +223,18 @@ int ldb_next_remote_request(struct ldb_module *module, struct ldb_request *reque
case LDB_ADD:
msg = ldb_msg_copy_shallow(request, request->op.add.message);
+ if (msg == NULL) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
msg->dn = ldb_dn_rebase_remote(msg, data, msg->dn);
request->op.add.message = msg;
break;
case LDB_MODIFY:
msg = ldb_msg_copy_shallow(request, request->op.mod.message);
+ if (msg == NULL) {
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
msg->dn = ldb_dn_rebase_remote(msg, data, msg->dn);
request->op.mod.message = msg;
break;
@@ -326,6 +332,7 @@ const struct ldb_map_attribute *map_attr_find_remote(const struct ldb_map_contex
break;
case LDB_MAP_RENAME:
+ case LDB_MAP_RENDROP:
case LDB_MAP_CONVERT:
if (ldb_attr_cmp(map->u.rename.remote_name, name) == 0) {
return map;
@@ -333,7 +340,7 @@ const struct ldb_map_attribute *map_attr_find_remote(const struct ldb_map_contex
break;
case LDB_MAP_GENERATE:
- for (j = 0; map->u.generate.remote_names && map->u.generate.remote_names[j]; j++) {
+ for (j = 0; map->u.generate.remote_names[j]; j++) {
if (ldb_attr_cmp(map->u.generate.remote_names[j], name) == 0) {
return map;
}
@@ -377,6 +384,7 @@ const char *map_attr_map_local(void *mem_ctx, const struct ldb_map_attribute *ma
return talloc_strdup(mem_ctx, attr);
case LDB_MAP_RENAME:
+ case LDB_MAP_RENDROP:
case LDB_MAP_CONVERT:
return talloc_strdup(mem_ctx, map->u.rename.remote_name);
@@ -518,6 +526,7 @@ struct ldb_dn *ldb_dn_map_local(struct ldb_module *module, void *mem_ctx, struct
/* fall through */
case LDB_MAP_KEEP:
case LDB_MAP_RENAME:
+ case LDB_MAP_RENDROP:
name = map_attr_map_local(newdn, map, ldb_dn_get_component_name(dn, i));
if (name == NULL) goto failed;
@@ -593,6 +602,7 @@ struct ldb_dn *ldb_dn_map_remote(struct ldb_module *module, void *mem_ctx, struc
/* fall through */
case LDB_MAP_KEEP:
case LDB_MAP_RENAME:
+ case LDB_MAP_RENDROP:
name = map_attr_map_remote(newdn, map, ldb_dn_get_component_name(dn, i));
if (name == NULL) goto failed;
@@ -869,9 +879,9 @@ static int map_objectclass_convert_operator(struct ldb_module *module, void *mem
* ============================== */
/* Build a request to search a record by its DN. */
-struct ldb_request *map_search_base_req(struct map_context *ac, struct ldb_dn *dn, const char * const *attrs, const struct ldb_parse_tree *tree, void *context, ldb_map_callback_t callback)
+struct ldb_request *map_search_base_req(struct map_context *ac, struct ldb_dn *dn, const char * const *attrs, struct ldb_parse_tree *tree, void *context, ldb_map_callback_t callback)
{
- const struct ldb_parse_tree *search_tree;
+ struct ldb_parse_tree *search_tree;
struct ldb_context *ldb;
struct ldb_request *req;
int ret;
diff --git a/lib/ldb/ldb_map/ldb_map.h b/lib/ldb/ldb_map/ldb_map.h
index 5db3e02..46ef3cc 100644
--- a/lib/ldb/ldb_map/ldb_map.h
+++ b/lib/ldb/ldb_map/ldb_map.h
@@ -63,9 +63,10 @@ struct ldb_map_attribute {
LDB_MAP_KEEP, /* Keep as is. Same name locally and remotely. */
LDB_MAP_RENAME, /* Simply rename the attribute. Name changes, data is the same */
LDB_MAP_CONVERT, /* Rename + convert data */
- LDB_MAP_GENERATE /* Use generate function for generating new name/data.
+ LDB_MAP_GENERATE, /* Use generate function for generating new name/data.
Used for generating attributes based on
multiple remote attributes. */
+ LDB_MAP_RENDROP /* Rename the attribute. Strip from Add requests. */
} type;
/* if set, will be called for search expressions that contain this attribute */
diff --git a/lib/ldb/ldb_map/ldb_map_inbound.c b/lib/ldb/ldb_map/ldb_map_inbound.c
index 38dd5ac..461e681 100644
--- a/lib/ldb/ldb_map/ldb_map_inbound.c
+++ b/lib/ldb/ldb_map/ldb_map_inbound.c
@@ -65,7 +65,7 @@ static struct ldb_message_element *ldb_msg_el_map_local(struct ldb_module *modul
/* Add a message element either to a local or to a remote message,
* depending on whether it goes into the local or remote partition. */
-static int ldb_msg_el_partition(struct ldb_module *module, struct ldb_message *local, struct ldb_message *remote, const struct ldb_message *msg, const char *attr_name, /* const char * const names[], */ const struct ldb_message_element *old)
+static int ldb_msg_el_partition(struct ldb_module *module, enum ldb_request_type optype, struct ldb_message *local, struct ldb_message *remote, const struct ldb_message *msg, const char *attr_name, /* const char * const names[], */ const struct ldb_message_element *old)
{
const struct ldb_map_context *data = map_get_context(module);
const struct ldb_map_attribute *map = map_attr_find_local(data, attr_name);
@@ -81,6 +81,13 @@ static int ldb_msg_el_partition(struct ldb_module *module, struct ldb_message *l
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list