[SCM] Samba Shared Repository - annotated tag samba-4.2.0rc1 created

Karolin Seeger kseeger at samba.org
Wed Oct 1 03:20:30 MDT 2014

The annotated tag, samba-4.2.0rc1 has been created
        at  5db3af28520f1b0fcc94a158f4146631072b4063 (tag)
   tagging  301177714b731e06257b852ced458f031e07359b (commit)
  replaces  tdb-1.3.1
 tagged by  Karolin Seeger
        on  Wed Oct 1 11:18:43 2014 +0200

- Log -----------------------------------------------------------------
samba: tag release samba-4.2.0rc1
Version: GnuPG v1


Abhidnya Joshi (1):
      s3: vfs module: Adding new vfs module for Symantec VxFS.

Amitay Isaacs (11):
      ctdb-build: Improve platform check
      ctdb-build: Check for ETIME in errno.h
      ctdb-build: Check for libpcap
      ctdb-scripts: Fix a typo
      ctdb-scripts: Do not export variables if they are not set
      ctdb-build: Add missing configure checks for backtrace
      WHATSNEW: Mention combined CTDB
      ctdb-locking: Reset ttimer before doing an early return
      ctdb-scripts: Fix the regular expresssion for parsing /proc/locks
      ctdb-recoverd: If obtaining recovery lock fails, try again
      ctdb-daemon: Fix the usage for lock helper

Andreas Schneider (11):
      lib: Add daemon_status() to util library.
      nmbd: Send waiting status to systemd.
      nsswitch: Skip groups we were not able to map.
      libcli: Fix a segfault calling smbXcli_req_set_pending() on NULL.
      s3-libads: Improve service principle guessing.
      s3-libads: Add a function to retrieve the SPNs of a computer account.
      s3-libads: Add function to search for an element in an array.
      s3-libads: Add all machine account principals to the keytab.
      s3-libnet: Add libnet_join_get_machine_spns().
      libcli: Remove unreachable code in dns_hosts_file.
      libcli: Remove unreachable code in cldap.

Andrew Bartlett (16):
      torture: Fix use-after-free in ldap.nested-search
      idl: Merge NETR_TRUST and LSA_TRUST definitions into one set only in lsa.idl
      librpc: Remove user/domain from struct pipe_auth_data
      librpc: gensec is our security provider abstraction, remove a void *
      provision: explain why this is required
      Fix commented out code in kpasswd server to use correct function
      credentials: Allow the secrets.tdb password to be newer than the secrets.ldb password
      WHATSNEW: Update WHATSNEW for new default winbind implementation
      samba_dnsupdate: Look for ForestDnsZones in the right place
      s3-winbindd: Require SMB signing by default to disrupt MITM attacks with our DC
      lib/util: Do not duplicate the protocol list, use smb_constants.h
      provision: Change the default functional level of new Samba domains to 2008R2.
      winbindd: Do not make anonymous connections by default
      winbindd: Change value of "ldap sasl wrapping" to sign
      WHATSNEW: Include info on secured winbindd connections
      repl: Specify the target realm in dreplsrv_get_target_principal()

Anubhav Rakshit (4):
      libcli/smb: Add routine to reset the Channel Sequence number.
      libcli/smb: Add routines to enable/disable SMB2_HDR_FLAG_REPLAY_OPERATION flag.
      s4:torture: Add Replay tests to examine server behaviour when Multiple Channels are utilized.
      s4:torture/smb2/lock: Add Lock Replay detection test case.

Brad Hards (1):
      WHATSNEW: some fixes

Christof Schmitt (2):
      s3: Move init_lsa_ref_domain_list to lib
      s3-winbindd: Do not use domain SID from LookupSids for Sids2UnixIDs call

Guy Harris (1):
      pidl: Strip trailing whitespace from pidl, for easier exchange of patches with wireshark.

Günther Deschner (5):
      s3-libnet: Make sure we do not overwrite precreated SPNs.
      s3-net: add "net ads enctypes {list,set,delete}".
      s3-net: add manpage documentation for "net ads enctypes".
      s3-libnet: set list of allowed krb5 encryption types in AD >= 2008.
      s4-auth/kerberos: fix salting principal, make sure hostname is lowercase.

Jelmer Vernooij (3):
      dsdb: Be less verbose when announcing kcc is being invoked.
      acl: Fix typo: structrual -> structural
      fileserver: raise debug level for share connection closing for non-IPC to 2.

Jeremy Allison (14):
      lib: util: Check *every* asn1 return call and early return.
      lib: util: asn1 fixes - check all returns.
      auth: gensec: asn1 fixes - check all returns.
      lib: util: asn1 tests. Check every asn1 return.
      libcli: auth: Ensure all asn1_XX returns are checked.
      s3: libsmb: Ensure all asn1_XX returns are checked.
      s3: tldap: Ensure all asn1_XX returns are checked.
      s4: auth: gensec: asn1 fixes - check all returns.
      s3: tldap_util: Ensure all asn1_XX returns are checked.
      s4: libcli: ldap controls - Ensure all asn1_XX returns are checked.
      s4: libcli: ldap message - Ensure all asn1_XX returns are checked.
      s3: nmbd: Ensure the main nmbd process doesn't create zombies.
      lib: util [ctdb]: Signal handling - change CatchChild() and CatchChildLeaveStatus() to return the previous handler.
      s3: lib: Signal handling - ensure smbrun and change password code save and restore existing SIGCHLD handlers.

Karolin Seeger (2):
      WHATSNEW: Fix typos.
      VERSION: Bump version up to 4.2.0rc1...

Martin Schwenke (20):
      ctdb-util: Log an error if there is no way to set scheduler
      ctdb-build: Add some missing configure checks
      util: Fix indentation
      dynconfig: Remove include of nsswitch/winbind_struct_protocol.h
      replace: Fix includes of unistd.h
      charset: Avoid compiler warnings with --enable-developer
      lib/crypto: Protect crypto.h against multiple inclusion
      tdb: tdb.h needs bool type
      tdb_wrap: tdb_wrap.h doesn't need struct loadparm_context
      tdb_wrap: Standalone compile without includes.h
      debug: Standalone compile without includes.h
      lib/util: Move idr_get_new_random() to new source file idtree_random.c
      lib/util: Move next_token* functions to util_str.c
      lib/util: Return some functions to util_str.c
      ctdb-tests: Simplify and rename wait_until_ips_are_on_nodeglob()
      ctdb-tests: Factor out new function get_test_ip_mask_and_iface()
      ctdb-tests: Make all_ips_on_node() do what it should
      ctdb-tests: Remove dependency on log ringbuffer from missing IP test
      ctdb-tests: Clean up some tests where IP movement is checked
      ctdb-logging: Add forward declaration of debug_level

Matthieu Patou (4):
      Add some plumbing in our top level Makefile to make life easier
      librpc/ndr_drsuapi: Allow ndrdump to dump dsinfo52 blobs
      Declare empty target as phony otherwise they are caught by the '%' rule
      ldb: fix a typo in the comment, LDB_FLAGS_MOD_xxx -> LDB_FLAG_MOD_xxx

Michael Adam (47):
      s3:smbd: use smbXsrv_connection_dbg() inreceive_smb_raw_talloc_partial_read()
      s3:smbd: use smbXsrv_connection_dbg() in receive_smb_talloc()
      s3:smbd: support xconn=NULL in init_smb_request()
      s3:smbd: use tevent_loop_wait() in the child process event loop
      s3:smbd: use tevent_loop_wait() in the parent smbd process.
      WHATSNEW: mention overhauled "net idmap" command
      s3: reset tracepoint handler in reinit_after fork.
      smbd: fix a comment typo.
      selftst: run the smbtorture3 local tests in the "none" environment
      s3:smbtorture: mention "-e" in the help text
      s3:smbtorture: align explanations for parameters
      s3:unix_msg: read fds from recvmsg in unix_dgram_recv_handler()
      s3:unix_msg: add fds-array to unix_dgram_send() for fd-passing
      s3:unix_msg: add fds-array to unix_msg_send() for fd passing
      s3:messaging: add fds-array to message-backend send function
      s3:messaging: add fds-array to messaging_send_iov()
      s3:torture: add test LOCAL-MESSAGING-FDPASS1
      selftest: run smbtorture3 LOCAL-MESSAGING-FDPASS1 test
      s3:torture: work on LOCAL-MESSAGING-FDPASS2
      selftest: run smbtorture3 LOCAL-MESSAGING-FDPASS2 test
      s3:torture: in LOCAL-MESSAGING-READ3, tell child to exit and wait
      s3:torture: in LOCAL-MESSAGING-READ3, print some messages to child
      smbd:smb2: improve smbd_smb2_protocol_dialect_match(), removing code duplication
      s3:unix_msg: fix a tab<->space mixup in unix_msg_recv()
      s3:torture: in LOCAL-MESSAGING-FDPASS2, close fds after passing them
      s3:messaging: fix uninitialized data introduced by padding
      s3:messaging: msg_type int->uint32_t in struct messaging_hdr
      s3:unix_msg: add "close_fds" exit point to unix_msg_recv()
      s3:unix_msg: don't close the fd-array at the end of unix_dgram_send_job()
      s3:unix_msg: remember errno in unix_dgram_send_job in case of send error.
      s3:unix_msg: use a buffer pointer instead of array indexes for the iov buffer
      s3:unix_msg: rename a variable buflen->data_len in queue_msg()
      s3:unix_msg: use an iov in unix_dgram_msg/queue_msg instead of buffer and length
      s3:unix_msg: simplify queue_msg() by moving space calculations up.
      s3:unix_msg: factor extract_fd_array_from_msghdr() out of unix_dgram_recv_handler()
      s3:unix_msg: add close_fd_array_cmsg()
      s3:unix_msg: don't fill cmsg buffer in unix_dgram_send_job()
      s3:messaging: allow the messaging receive callback to change the fds
      s3:messaging: upon receiving fds, dup them so the caller can safely close them.
      s3:unix_msg: close the fds in unix_dgram_recv_handler() after the callback has run
      s3:unix_msg: document closing of fds in the receive handler
      s3:messaging: explain why the messaging_send*() functions need a tevent-loop.
      s3:torture: add LOCAL-MESSAGING-READ4 - send 1MB message
      selftest: run LOCAL-MESSAGING-READ4
      s3:torture: fix a message in LOCAL-MESSAGING-FDPASS2 test
      s3:torture: wait in tevent-loop for child to confirm receive in FDPASS2 msg test
      s3:torture: transfer 1M message with fds in LOCAL-MESSAGING-FDPASS2 test

Ralph Boehme (9):
      s4:torture:vfs_fruit: add test for OS X AppleDouble conversion
      vfs_fruit: fix unpacking of AppleDouble files
      s4:torture:vfs_fruit: add size checks for resource fork IO
      vfs_fruit: fix resource fork length calculation
      vfs_fruit: ad_write: path may be NULL for rfork
      vfs_fruit: update rfork size in AppleDouble header
      vfs_fruit: fix possible uninitialized use
      vfs_fruit: remove redundant assignment
      vfs_fruit: deal with vfs_catia not being loaded

Samuel Cabrero (4):
      ncacn_http: Add http library
      ncacn_http: Authentication modules for http library
      ncacn_http: Client implementation
      ncacn_http: DCERPC pipe open using http transport

Stefan Metzmacher (90):
      s4:libcli/composite: correctly finish composite smb and smb2 requests
      libcli/smb: correctly report disconnect errors after getting STATUS_PENDING
      s3:selftest: run the smb2.replay test against the //$SERVER_IP/durable share
      s3:smb2_server: use the global signing key to check if signing is required
      s3:smb2_sesssetup: use smb2req->sconn in smbd_smb2_reauth_generic_return()
      s3:smbd: pass smbXsrv_connection to receive_smb*()
      s3:smbd: pass smbXsrv_connection to srv_send_smb()
      s3:smbd: use req->sconn in reply_negprot()
      s3:smbd: use req->sconn in reply_ntcancel()
      s3:smbd: use req->sconn in sesssetup.c
      s3:smbd: use req->sconn in reply.c where possible
      s3:smbd: only pass smbXsrv_connection to fork_echo_handler()
      s3:smbd: pass smbXsrv_connection to smb1_parse_chain()
      s3:smbd: pass smbXsrv_connection to construct_reply*()
      s3:smbd: pass smb_request to make_connection()
      s3:smbd: pass smbd_smb2_request to make_connection_smb2()
      s3:smbd: pass smb_request to make_connection_smb1()
      s3:smbd: pass smbXsrv_connection to make_connection_snum()
      s3:smbd: introduce 'struct smbXsrv_client' in order to prepare multi-channel support
      s3:smbd: use xconn->client->sconn in process_smb()
      s3:smbd: use xconn->client->sconn in reply_special()
      s3:smbd: use xconn->client->sconn in construct_reply()
      s3:smbd: use xconn->client->sconn in smb1_parse_chain()
      s3:smbd: use xconn->client->sconn in make_connection_snum()
      s3:smb2_server: use xconn->client->sconn in smbd_smb2_io_handler()
      s3:smb2_server: use xconn->client->sconn in smbd_smb2_first_negprot()
      s3:smb2_server: use xconn->client->sconn in smbd_smb2_request_create()
      s3:smb2_server: use xconn->client->sconn in smbd_smb2_request_next_incoming()
      s3:smbXsrv_session: use xconn->client->sconn in smbXsrv_session_logoff()
      s3:smbXsrv_open: use xconn->client->sconn in smb1srv_open_table_init()
      s3:smbd: remove now unused smbXsrv_connection->sconn
      s3:smbd: use sconn->client->connections in reload_services()
      s3:smbd: use sconn->client->connections in keepalive_fn()
      s3:smbd: use fsp->conn->sconn->client->connections to send SMB1 oplock breaks
      s3:smbXsrv_session: change smbXsrv_session->connection to smbXsrv_session->client
      s3:smbd: move smbXsrv_{session,tcon,open} tables to smbXsrv_client
      s3:smbd: pass smbXsrv_connection to open_was_deferred()
      s3:smbd: pass smbXsrv_connection to remove_deferred_open_message_smb()
      s3:smbd: pass smbXsrv_connection to schedule_deferred_open_message_smb()
      s3:smb2_create: pass smbXsrv_connection to *deferred*_smb2
      s3:smb2_break: pass smbXsrv_connection to smbd_smb2_send_oplock_break()
      s3:smb2_break: use fsp->conn->sconn->client->connections to send SMB2 oplock breaks
      s3:smb2_glue: remove chained fsps from all connections in remove_smb2_chained_fsp()
      s3:smb2_lock: always use tevent_req_defer_callback() if we go async
      s3:smb2_lock: iterate over all sconn->client->connections
      s3:smbd: remove now unused smbd_server_connection->conn
      s3:smbd: split out a smbd_add_connection() helper function.
      s3:smbXsrv_session: remember the smbXsrv_connection on channel attached to a session
      s3:smbXsrv_session: add smbXsrv_session_find_channel()
      s3:smb2_server: add smbd_smb2_signing_key() helper function
      s3:smb2_sesssetup: we don't need to do a 2nd smb2srv_session_lookup()
      s3:libsmb: add 'cli_state_client_guid'
      s3:torture: use cli_state_client_guid in run_smb2_multi_channel()
      WHATSNEW: Winbindd/Netlogon improvements
      WHATSNEW: Larger IO sizes for SMB2/3 per default
      WHATSNEW: Improved DCERPC man in the middle detection
      s4:rpc_server: ignore ncacn_http endpoints for now
      librpc/idl: specify ncacn_http endpoint mapper endpoint
      s4:librpc: use authenticated epmapping for ncacn_http
      s3:messaging: use struct initializers for 'struct messaging_rec'
      s3:unix_msg: use sendmsg() in unix_dgram_send_job()
      s3:unix_msg: add close_fd_array()
      s3:unix_msg: pass the fd array to the unix_dgram recv_callback function
      s3:unix_msg: pass the fd array to the unix_msg recv_callback function
      s3:messaging: make it possible to receive a fd array from another process
      s3:passdb: add pdb_get_trust_credentials()
      lib/param: set the kccsrv:samba_kcc option to false by default
      s3:net_rpc_printer: make use of cli_credentials_get_username()
      tevent: remove unused exit_code in tevent_poll.c
      tevent: remove unused exit_code in tevent_select.c
      tevent: version 0.9.22
      s3:smb2_negprot: allow really large io sizes up to allmost 16MB
      s4:libcli/smb_composite: don't try anonymous smb signing
      s3:libsmb: remove unused ';'
      libcli/smb: support additional_flags = SMB2_HDR_FLAG_SIGNED
      libcli/smb: add smbXcli_session_is_authenticated()
      libcli/smb: add smb2cli_tcon_should_encrypt()
      libcli/smb: add smb2cli_tcon_{should_sign,is_signing_on}()
      s3:smb2cli_tcon: use smb2 signing if possible
      libcli/smb: move smb2cli_tcon.c to the toplevel
      s3:libsmb: remove unused smb2cli.h
      s4:libcli/smb2: make use of smb2cli_tcon*() in connect.c
      s4:torture/smb2: torture_smb2_tree_connect() creates a secondary tree connect
      s4:torture/smb2: use torture_smb2_tree_connect() in notify.c
      s4:torture/smb2: use smb2cli_tcon*() in torture_smb2_tree_connect()
      s4:torture/smb2: remove unused variable in torture_smb2_con_sopt()
      s4:libcli/tcon: remove unused smb2_tree_connect*()
      libcli/smb: list NT_STATUS_FILE_CLOSED as expected ioctl response.
      libcli/smb: add smb2cli_validate_negotiate_info*()
      libcli/smb: call smb2cli_validate_negotiate_info*() after each authenticated tcon

Volker Lendecke (23):
      lib: Move "large_file_support()" to the source4 smb server
      lib: Remove unused file_lines_slashcont
      lib: Avoid a talloc in write_data_iov
      replace: Make EWOULDBLOCK always available
      lib: Make nt_err_code_struct private
      lib: Make samba-debug a private library
      lib: Make set_blocking() available independently
      lib: Reduce deps for "smb_transport"
      Remove a few #ifdef EWOULDBLOCk
      lib: Fix samba-util dep in "errors" module
      lib: Move tdb lock timeout fns to source3
      tdb_wrap: Only pull in samba-debug
      lib: util_tdb does not need samba-util
      messaging4: Fix an error path memleak
      ctdb_conn: Fix a small memory leak when releasing an IP
      lib: Add EMSGSIZE to map_nt_error_from_unix
      lib: Polish echo_server
      lib/util: Drop unnecessary use of talloc_tos()
      passdb: Use talloc_zero_array
      WHATSNEW: Mention tdb mutexes
      WHATSNEW: Mention unix domain datagram messaging
      tdb: Improve wording in a comment
      tdb: Fix a comment


Samba Shared Repository

More information about the samba-cvs mailing list