[SCM] Samba Shared Repository - annotated tag tdb-1.3.5 created

Stefan Metzmacher metze at samba.org
Wed Apr 29 03:26:00 MDT 2015

The annotated tag, tdb-1.3.5 has been created
        at  897c98bc484c2d22e365b650e7f52fa830dba864 (tag)
   tagging  3f35c1d52ee77f7cabd52dd503565cec360f1de2 (commit)
  replaces  talloc-2.1.2
 tagged by  Stefan Metzmacher
        on  Wed Apr 29 11:25:51 2015 +0200

- Log -----------------------------------------------------------------
tdb: tag release tdb-1.3.5
Version: GnuPG v1


Alexander Drozdov (2):
      tdb: introduce tdb_chainlock_read_nonblock(), a nonblock variant of tdb_chainlock_read()
      tdb: version 1.3.5

Amitay Isaacs (7):
      ctdb-scripts: Simplify 00.ctdb event script
      ctdb-tests: Avoid early exits in scripts that appear on tail of a pipe
      ctdb-recoverd: Fix typo in comment
      ctdb-daemon: Drop tunable that is no longer in use
      ctdb-scripts: Use tcp connection for checking RPC services
      ctdb-tests: Switch to tcp check in rpcinfo stub
      tdb: Do not build test binaries if it's not a standalone build

Andreas Schneider (21):
      replace: Remove superfluous check for gcrypt header.
      selftest: Add missing variable to @exported_envvars
      YouCompleteMe: Add missing path.
      dlz_bind9: Fix keytab location.
      s3-winbind: Correct debug message for starting winbind.
      kdc-db-glue: Fix a NULL pointer dereference.
      kdc-db-glue: Fix function format of samba_kdc_message2entry()
      kdc-db-glue: Fix memory cleanup to avoid crashes.
      kdc-db-glue: Do not allocate memory for the principal
      kdc-db-glue: Remove unused code.
      torture: Fix the usage of the MEMORY credential cache.
      Revert "lib: tdb: Use sigaction when testing for robust mutexes."
      s4-gensec: Check if we have delegated credentials.
      s4-process_model: Do not close random fds while forking.
      s4-process_model: Panic if the standard init function fails
      s3-passdb: Fix 'force user' with winbind default domain
      waf: Fix systemd detection
      rpcclient: Fix the timeout command
      torture: Correctly invalidate the memory ccache.
      torture: Free the temporary memory context
      s4-setup: Add saltPrincipal to secrets_dns.ldif

Andrew Bartlett (34):
      kdc: Fix S4U2Self handling with KRB5_NT_ENTERPRISE_PRINCIPAL containing a UPN
      torture-krb5: Add an initial test for s4u2self behaviour
      auth/kerberos: Do a string comparison in kerberos_decode_pac() not a principal comparison
      auth/kerberos: Use KRB5_PRINCIPAL_UNPARSE_DISPLAY in kerberos_create_pac()
      torture-krb5: Test accepting the ticket to ensure PAC is well-formed
      dsdb: Allow spaces in userPrincipalName values
      selftest: Change testsuite to use a UPN with a space in it
      dsdb: Ensure we cope with a samAccountName with a space in it in DsCrackName()
      kdc: Ensure we cope with a samAccountName with a space in it
      selftest: Change testsuite to use a samAccountName with a space in it
      lib/tls: Fix behaviour of --disable-gnutls and remove link to gcrypt
      backupkey: Explicitly link to gnutls and gcrypt
      pygensec: Add bindings for gensec_set_target_service and gensec_set_target_hostname
      selftest: Fix comments in provision_promoted_dc
      s4-process_model: Remove prefork and onefork
      dsdb-repl: Always set DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING when we are an RODC
      selftest: Run LOCAL-WBCLIENT against a test environment, not none
      samba-tool drs: Ensure we do not replicate all secrets to an RODC, even with --local
      smb.conf.5: Mark "dgram port" and "nbt port" as deprecated
      param: Use IDL-based constants for NBT and NBT dgram ports
      Do not use popt_common.h in dlz_bind9
      s4-process_standard: Remove signal(SIGCHLD, SIG_IGN)
      lib/util: Make ECHILD in samba_runcmd_io_handler an error
      build: Add talloc and samba-debug dep for gensec_external module
      dsdb-tests: Give more helpful information about attribute differences
      backupkey: Use ndr_pull_struct_blob_all()
      torture-lsa: Allow rpc.lsa.trusted.domains to run successfully
      torture: Run lsa.trusted.domains auth tests against samba4
      autobuild: Do not wait when running just one target
      .gitignore: Ignore pidl/MYMETA.json
      Improve output of check-clean-tree.sh script
      autobuild: Do not consider IDL.pm and Expr.pm changes to make a build bad
      autobuild: Add options to set mail host and send e-mail with logs

Anoop C S (5):
      libnetapi: Fix CID 1272947 Fix logically dead code
      registry: Fix 1273042 Identical code for if/else branch
      libnetapi: Fix 241166 Fixing logically dead code
      rpc_server/srvsvc: Fix CID 241162 Logically dead code
      libads: Fix CID 1272956 Fixing wrong if condition

Björn Jacke (1):
      vfs_fruit: also map characters below 0x20

Christof Schmitt (37):
      brlock: Use 0 instead of empty initializer list
      build: Move systemd checks to lib/util
      debug: Remove FORMAT_BUFR_MAX, use FORMAT_BUFR_SIZE - 1 instead
      debug: Remove some unneeded function declarations
      debug: Always store short version of prog_name in debug state
      debug: Move logging to callback to separate function
      debug: Move mapping from level to syslog priority to helper function
      debug: Add infrastructure for supporting multiple backends
      debug: Add file backend
      debug: Add syslog backend
      param: Add new 'logging' parameter
      debug: Set backends from logging parameter in smb.conf
      debug: Remove codepath to open file in Debug1
      debug: Use backends instead of explicitly logging to syslog or file
      debug: Simplify Debug1
      debug: Remove now unused syslog variables from debug_settings
      param: Mark syslog and syslog_only as deprecated
      debug: Add systemd backend
      debug: Add lttng backend
      gpfswrap: Move gpfswrap to lib/util
      gpfswrap: Add wrappers for tracing API
      debug: Add GPFS tracing backend
      WHATSNEW: Add logging backends
      selftest: Use 'logging' parameter instead of 'syslog'
      vfs_gpfs: Remove warning after failure of get_gpfs_fset_id
      vfs_gpfs: Remove check for fileset quota
      vfs_gpfs: Remove vfs_gpfs_get_quotas
      docs: Update vfs_gpfs manpage for the removed fileset quota check
      smbcacls: Make 'numeric' a local variable
      smbcacls: Use defines for security flags
      smbcacls: Move SidToString to common file
      smbcacls: Move StringToSid to common file
      smbcacls: Move print_ace and parse_ace to common file
      smbcacls: Move sec_desc_print to common file
      util_sd: Make server conncection optional
      sharesec: Print ACEs in similar format as expected in input
      sharesec: Use common parse_ace function

David Disseldorp (48):
      lib/system: remove useless HAVE_LINUX_FALLOCATE64 logic
      s3/vfs: change fallocate mode flags from enum->uint32_t
      build: check for fallocate hole-punch support
      system: add hole punch support to sys_fallocate()
      smbd/ioctl: add FSCTL_SET_ZERO_DATA support
      idl/ioctl: change QAR response array to a DATA_BLOB
      build: check for SEEK_HOLE and SEEK_DATA support
      smbd/ioctl: add FSCTL_QUERY_ALLOCATED_RANGES support
      s3/statvfs: expose FILE_SUPPORTS_SPARSE_FILES capability
      torture/ioctl: remove 64K chunk size assumptions
      torture/ioctl: remove FS specific sparse punch check
      torture/ioctl: remove FS specific sparse copy-chunk expectations
      torture/ioctl: add sparse_punch_invalid test
      torture/ioctl: rework and reduce pattern helper IO sizes
      torture/ioctl: add ioctl_sparse_perms test
      s3/smbd: fix FSCTL_SET_SPARSE permission checks
      torture/ioctl: test sparse file operation locking
      torture/ioctl: add QAR off-by-one bug paranoia test
      torture/ioctl: add multi-range QAR test
      torture/ioctl: add range overflow QAR test
      smbd/trans2: function scope qfsinfo bytes_per_sector
      s3/smbd: support FS_SECTOR_SIZE_INFORMATION query-info
      s4/client: add FS_SECTOR_SIZE_INFORMATION query support
      s4/ntvfs: support FS_SECTOR_SIZE_INFORMATION query-info
      torture: test FS_SECTOR_SIZE_INFORMATION queries
      idl: FSCTL_FILE_LEVEL_TRIM request & response structs
      torture/ioctl: add simple FSCTL_FILE_LEVEL_TRIM test
      util_tdb: mark tdb_pack() and friends as deprecated
      replace: clean-up strlcpy and add note on return value
      librpc: add FSRVP server state idl
      fsrvp: add server state storage back-end
      torture: add local FSRVP server state tests
      vfs: add snapshot create/delete hooks
      replace: check for dirname() and basename()
      vfs_btrfs: add snapshot create/delete calls
      vfs_snapper: create/delete snapshot support
      fsrvp: add remote snapshot RPC server
      doc: "prune stale" and "sequence timeout" fssd parameters
      doc: explain vfs_snapper remote snapshot configuration
      doc: explain vfs_btrfs remote snapshot configuration
      vfs: add vfs_shell_snap module
      doc: add vfs_shell_snap manpage
      selftest: add snapshot share configuration
      selftest: run the FSRVP test suite against s3fs
      ctdb: check for talloc_asprintf() failure
      spoolss: purge the printer name cache on name change
      spoolss: cache_key handle allocation failures early

Gregor Beck (1):
      librpc: further fixes for witness.idl.

Günther Deschner (121):
      netlogon.idl: netr_ServerPasswordGet returns NTSTATUS not WERROR.
      s4-torture: add ndr test for lsa_lsaRQueryForestTrustInformation().
      s4-scripting: fix hresult generator python script indentation.
      s4-scripting: add string representation of error code define to generated table.
      libcli/util/hresult: re-generate hresult.c.
      s4-scripting: generate a hresult_errstr() function.
      libcli/util/hresult: add generated hresult_errstr() function.
      lib/util: globally include herrors in error.h
      librpc/ndr: add ndr_{pull|push|print}_HRESULT and release new 0.0.5 ABI.
      pidl: support HRESULT in pidl.
      pidl/python: support HRESULT errors in generated python bindings.
      librpc: add clusapi idl version 3.0.
      librpc: build clusapi.idl
      s3-rpcclient: add very basic clusapi client.
      clusapi: add more enums to IDL.
      clusapi: use ClusterEnumType.
      s4-torture: add clusapi torture test.
      s4-torture: add tests for ClusterName and ClusterVersion.
      s4-torture: add test for clusapi_CreateEnum.
      s4-torture: add tests for cluster resources.
      librpc: use WERROR in the clusapi interface.
      s4-torture: add test for clusapi_GetClusterVersion2().
      s4-torture: add test for clusapi_CreateResEnum.
      s4-torture: add tests for cluster nodes.
      s4-torture: add tests for clusapi_OpenGroup and clusapi_CloseGroup.
      s4-torture: use a real cluster group handle in cluster resource tests.
      s4-torture: rename clusapi testcase to cluster testcase.
      s4-torture: use a specific resource clusapi testcase.
      librpc: add clusapi_ClusterResourceState enum to IDL.
      s4-torture: use clusapi_ClusterResourceState enum in torture test.
      librpc: add clusapi_ClusterNodeState enum to IDL.
      s4-torture: use clusapi_ClusterNodeState enum in torture test.
      s4-torture: fix clusapi_SetClusterName test by re-setting existing cluster name.
      librpc: add clusapi_ClusterGroupState enum to IDL.
      clusapi: add clusapi_CreateResourceFlags to IDL and torture test.
      s4-torture: add test for clusapi_SetResourceName.
      s4-torture: add more cluster group tests.
      librpc: add clusapi_ClusterNetworkState and clusapi_ClusterNetInterfaceState.
      s4-torture: pass down resource name down to clusapi_OpenResource.
      s4-torture: test all available resources on the cluster.
      librpc: add clusapi_DesiredAccessMask to IDL.
      s4-torture: add test for clusapi_OpenClusterEx.
      s4-torture: add test for clusapi_OpenResourceEx.
      s4-torture: pass down group name down to clusapi_OpenGroup.
      s4-torture: add test for clusapi_OpenGroupEx.
      s4-torture: pass down node name down to clusapi_OpenNode.
      s4-torture: test all available nodes on the cluster.
      s4-torture: test all available groups on the cluster.
      s4-torture: add tests for clusapi_BackupClusterDatabase and clusapi_SetServiceAccountPassword.
      s4-torture: add testing for clusapi Networks.
      s4-torture: add testing for clusapi NetInterfaces.
      s4-torture: add testing for clusapi Registry.
      pidl: add --template3 option to generate s3 server stubs.
      pidl: align s4 dcesrv template generation with coding standards.
      librpc: add ncacn_ip_tcp: endpoint to clusapi.
      s4-torture: establish a torture_clusapi_context to make it easier to keep state
      librpc: use the correct "MSServerClusterMgmtAPI" auth service for clusapi.
      s4-dsdb/samdb: use abstract functions for MIT compatibility.
      s4-rpc_server: only build backup_key rpc service when Heimdal is available.
      s4-libnet: only build python_dckeytab when heimdal is available.
      s4-kdc/pac-glue: use kerberos_free_data_contents().
      s4-kdc/db_glue: fix Debug messages.
      s4-kdc/db_glue: remove unused hdb_entry_ex from samba_kdc_seq().
      s4-kdc/db_glue: no need to NULL entry_ex->entry.generation.
      s4-kdc/db_glue: no need to include kdc/kdc-glue.h header here.
      s4-kdc/db_glue: use smb_krb5_keyblock_init_contents().
      s4-kdc/db_glue: use smb_krb5_make_principal().
      s4-kdc/db_glue: use krb5_copy_principal().
      s4-kdc/db_glue: use smb_krb5_principal_set_realm().
      s4-kdc/db_glue: use smb_krb5_principal_get_realm().
      s4-kdc/db_glue: use krb5_princ_size() instead of inspecting private structs.
      s4-kdc/db_glue: use krb5_principal_get_comp_string() to access members of private structs.
      s4-kdc/db_glue: use time_t directly instead of KerberosTime.
      s4-kdc/db_glue: use KRB5_KEY_TYPE to access private key members.
      s4-kdc/db_glue: use smb_krb5_principal_get_type() to access private members
      s4-kdc/db_glue: use KRB5_PW_SALT instead of hdb type.
      s4-kdc/pac_glue: use krb5_copy_data_contents in samba_make_krb5_pac().
      s4-kdc/db-glue: use krb5_copy_data_contents in samba_kdc_message2entry_keys().
      s4-kdc/pac_glue: use ENCTYPE_ARCFOUR_HMAC just like in db_glue.
      s4-kdc/pac_glue: only include required headers.
      s4-kdc/db_glue: bad idea to free parent mem_ctx when sub function got a failure.
      pidl/python: add prototypes into header section of generated c-files.
      s4-kdc/db_glue: workaround different CLIENT_NAME_MISMATCH error codes.
      lib/krb5_wrap: provide KRB5KDC_ERR_KEY_EXPIRED error code matching MIT.
      s4-kdc: build some kdc components only for Heimdal KDCs.
      s4-kdc/db_glue: pass down only a samba_kdc_entry to samba_kdc_check_s4u2self().
      s4-kdc/db_glue: pass down only a samba_kdc_entry to samba_kdc_check_pkinit_ms_upn_match().
      s4-kdc/db_glue: pass down only a samba_kdc_entry to samba_kdc_check_s4u2proxy().
      s4-kdc: pass down only a samba_kdc_entry to samba_princ_needs_pac().
      s4-kdc: pass down only a samba_kdc_entry to samba_kdc_get_pac_blob().
      s4-kdc: pass down only a samba_kdc_entry to samba_krbtgt_is_in_db().
      s4-kdc/db-glue: add principal_comp_str{case}cmp
      s4-kdc/db-glue: use principal_comp_str{case}cmp.
      s4-kdc/db-glue: use smb_krb5_principal_get_comp_string in dbglue.
      s4-auth: avoid double free of krb5 kt_entries when compiling with MIT kerberos library.
      lib/krb5_wrap: use krb5_const_principal in smb_krb5_create_key_from_string.
      lib/krb5_wrap: use krb5_const_principal in smb_krb5_get_pw_salt().
      s4-kdc/db-glue: make sure to use smb_krb5_get_pw_salt and smb_krb5_create_key_from_string.
      gensec: map KRB5KRB_AP_ERR_BAD_INTEGRITY to logon failure.
      s4-auth: fix DEBUG statement.
      krb5_wrap: add smb_krb5_principal_set_type().
      krb5_wrap: fix documentation for smb_krb5_principal_get_comp_string().
      s4-kdc/db_glue: use smb_krb5_principal_set_type().
      s4-kdc/db_glue: avoid accessing private struct members when there are accessor funcs.
      s4-torture: use tctx variable name in raw notify test consistently.
      s4-torture: use torture_comment instead of printf in raw notify test.
      s4-torture: add test to verify nbt_name with "." ending handling.
      s4-torture: add witness torture ndr testsuite.
      srvsvc: add cluster specific share types to IDL.
      s4-torture: add witness torture rpc testsuite.
      s4-torture: skip witness_AsyncNotify test for now.
      s3-passdb: fix memleak in pdb_default_get_trusted_domain().
      s4-torture: strip trailing whitespace.
      s4-torture: use tctx torture_context argument consistently.
      s4-torture: pass down struct torture_context to some more calls in mgmt test.
      s4-torture: use torture_comment instead of printf in mgmt test.
      s4-torture: use torture_assert() macros in mgmt test.
      s4-torture: do some additional length checks for the mgmt_inq_princ_name test.
      s4-torture: fix invalid dereference of binding handle in mgmt test.
      s4-torture: add one more test for witness_RegisterEx() and invalid sharenames.

Jelmer Vernooij (15):
      Require at least Python 2.6.
      lib/param: Add hook that allows modification of default settings.
      Update the copy of waf to current 1.5
      Update update-external.sh to use mirrors of third party projects on git.samba.org.
      Explicitly include util/debug.h from server stubs generated by pidl.
      Move waf into third_party/.
      Merge update-waf.sh into update-external.sh
      Move update-external.sh to third_party/
      Pass --recursive to 'git clone' in autobuild.
      Move configure part of third party to third_party/wscript.
      Check for third party Python modules during configure.
      Add refentryinfo date.
      pep8: Move to third_party/.
      Drop unused and uninstalled SWIG wrapper for talloc.
      Add set date to tdb manpages.

Jeremy Allison (16):
      lib: docs: talloc: Add a threads tutorial and samples showing how to use talloc with threads.
      lib: talloc: tests - add test_pthread_talloc_passing() testing talloc in a pthread environment.
      s4: lib: auth: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with servers that don't send the 2 unused fields.
      s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with servers that don't send the 2 unused fields.
      s3: libcli: smb1: Ensure we correctly finish a tevent req if the writev fails in the SMB1 case.
      s3: lib: libsmbclient: If reusing a server struct, check every cli->timout miliseconds if it's still valid before use.
      lib: tdb: Use sigaction when testing for robust mutexes.
      docs: Mark 'client use spnego principal' as deprecated and also a bad idea.
      s3: client - "client use spnego principal = yes" code checks wrong name.
      lib: tdb: Use sigaction when testing for robust mutexes.
      s3: libsmbclient: Add missing talloc stackframe.
      waf: Remove 'linkflags.remove(x)' line added in error.
      s3: libsmbclient: After getting attribute server, ensure main srv pointer is still valid.
      lib: memcache. Add a new talloc cache type - SHARE_MODE_LOCK_CACHE.
      s3: locking: Add a memcache based lock cache.
      s4: rpc: Refactor dcesrv_alter() function into setup and send steps.

Julien Kerihuel (2):
      Add multiplex state to dcerpc flags and control over multiplex PFC flag in bind_ack and and dcesrv_alter replies
      Add DCERPC flag to call unbind hooks without destroying the connection itself upon termination of a connection with outstanding pending calls.

Lukas Slebodnik (1):
      lib/util: Include DEBUG macro in internal header files before samba_util.h

Martin Schwenke (57):
      ctdb-common: New function ctdb_set_helper()
      ctdb-daemon: Use statically allocated arrays for helper paths
      ctdb-eventscripts: Make 11.natgw stateful
      ctdb-tests: Add ctdb_ctrl_setrecmode() stub
      ctdb-tests: Support CTDB_DEBUGLEVEL in tool tests
      ctdb-tests: Handle deleted nodes when loading fake nodemap
      ctdb-tests: Test stub fixes
      ctdb-tests: Add stubs for some CTDB client messaging functions
      ctdb-tests: Add stub for ctdb_ctrl_reload_nodes_file()
      ctdb-tests: Add stub for ctdb_client_async_control()
      ctdb-tools: Drop a debug message to DEBUG level
      ctdb-tests: Add tests for "ctdb reloadips" and "ctdb recover"
      ctdb-tests: Add asserts to ensure that pointers are set
      ctdb-tests: Fix error return for ctdb_client_async_control_stub()
      ctdb-daemon: Move VNN map initialisation out of node loading
      ctdb-daemon: Set node PNN in one place
      ctdb-daemon: Remove function ctdb_add_deleted_node()
      ctdb-common: Drop ctdb context from ctdb_parse_address()
      ctdb-daemon: Store node addresses as ctdb_sock_addr rather than strings
      ctdb-daemon: Factor out node parsing code
      ctdb-daemon: Move ctdb_read_nodes_file() to utilities
      ctdb-tools: Reimplement read_nodes_file() using ctdb_get_nodes_file()
      ctdb-tools: Reimplement read_natgw_nodes_file() using ctdb_read_nodes_file()
      ctdb-tools: Remove unused struct pnn_node and function read_pnn_node_file()
      ctdb-tools: "reloadnodes" should only run against current node
      ctdb-daemon: New control CTDB_CONTROL_GET_NODES_FILE
      ctdb-tests: Test stub for ctrl_getnodesfile()
      ctdb-tools: Add cross-node file comparison to "reloadnodes"
      ctdb-tests: Add "ctdb reloadnodes" unit tests
      ctdb-tools: Sanity check changes before processing "reloadnodes"
      ctdb-tests: Add unit tests for "reloadnodes" sanity checking
      ctdb-tools: Use a broadcast to connected nodes for "reloadnodes"
      ctdb-scripts: Respect $RPCMOUNTDOPTS when restarting rpc.mountd
      ctdb-tools: Fix spurious messages about deleted nodes being disconnected
      ctdb-tests: Add "ctdb reloadnodes" test for "node remains deleted"
      ctdb-daemon: Pass on consistent flag information to recovery daemon
      ctdb-recoverd: Add a new abstraction ctdb_op_disable()
      ctdb-recoverd: Reimplement disabling takeover runs using ctdb_op_disable()
      ctdb-recoverd: Use a goto for do_recovery() failures
      ctdb-recoverd: Reimplement ReRecoveryTimeout using ctdb_op_disable()
      ctdb-recoverd: Add slightly more abstraction for disabling takeover runs
      ctdb-recoverd: Simplify disable_ip_check_handler() using ctdb_op_disable()
      ctdb-recoverd: New message ID CTDB_SRVID_DISABLE_RECOVERIES
      ctdb-tool: Update "reloadnodes" to disable recoveries
      ctdb-recoverd: Avoid nodemap-related checks when recoveries are disabled
      ctdb-daemon: Don't delay reloading the nodes file
      ctdb-tools: Drop the recovery from "reloadnodes"
      ctdb-daemon: Factor out new function ctdb_node_list_to_map()
      ctdb-common: Move ctdb_node_list_to_map() to utilities
      ctdb-tests: Use ctdb_node_list_to_map() in tool stubs
      ctdb-scripts: New function ctdb_get_pnn() does cached retrieval of PNN
      ctdb-tests: New function ctdb_set_pnn() to change PNN
      ctdb-scripts: Changed uses of "ctdb xpnn" to ctdb_get_pnn()
      ctdb-scripts: Replace uses of "ctdb pnn" with ctdb_get_pnn()
      ctdb-scripts: Simplify a command pipeline
      ctdb-doc: Move --listen documentation from debugging options
      ctdb-scripts: New configuration variable CTDB_NODE_ADDRESS

Matthew Newton (8):
      Make winbind client library thread-safe by adding context
      Use global context for winbindd_request_response
      Add wbcContext struct, create and free functions
      Add wbcContext to wbcRequestResponse
      Add context versions of wbclient functions
      Move wbc global variables into global context instead
      Update libwbclient version to 0.12
      Ensure we always initialise the winbind context

Michael Adam (95):
      s3-winbind: Fix chached user group lookup of trusted domains.
      selftest: modify python.samba.test.posixacl to cope with nss_winbind active
      selftest: extend setup_plugin_s4_dc to allow for not using nss_winbindd
      selftest: add a new environment plugin_s4_dc_no_nss
      selftest: also test python.samba.tests.posixacl against plugin_s4_dc_no_nss
      dsdb: fix the user_account_control test.
      s3:winbind:grent: don't stop group enumeration when a group has no gid
      s3:util_sid: donate an empty line.
      s3:winbind:util: fix comment typo
      s3:winbind:pwent: use wb_next_find_domain()
      s3:winbind:pwent: rename wb_next_find_domain to wb_next_domain
      s3:winbind:pwent: move wb_next_domain() to winbindd_util.c for re-use
      s3:winbind:pwent: move resetting next_user up.
      s3:winbind:pwent: refactor duplication into wb_next_pwent_send_do()
      s3:winbind:grent: fix a debug message.
      s3:winbind:grent: use wb_next_domain() in wb_next_grent.c
      s3:winbind:grent: move resetting next_group up.
      s3:winbind:grent: refactor duplication into wb_next_grent_send_do()
      s3:winbind: add wb_query_group_list module - async query group list
      s3:winbind:grent: convert wb_next_grent to use wb_query_group_list.
      s3:winbind:grent: don't stop when querying one domain fails.
      doc: fix the idmap_script manpage to be named idmap_script
      selftest:test_kinit: remove commented out line with outdated content.
      selftest: make blackbox.passwords test independent of test environment.
      selftest: make blackbox.ktpass test independent of test environment.
      selftest: make blackbox.pkinit test independent of test environment.
      selftest: rename env plugin_s4_dc to ad_dc
      selftest: rename env dc to ad_dc_ntvfs
      selftest: rename env s3member to ad_member.
      selftest: rename env s3member_rfc2307 to ad_member_rfc2307
      selftest: rename env s3dc to nt4_dc
      selftest: rename env s3dc_schannel to nt4_dc_schannel
      selftest: rename env member to nt4_member
      dsdb: fix error message in sam test
      dsdb: fix error message in tombstone_reanimation test.
      selftest: the tombstone_reanimation test is currently flakey.
      selftest: the drs.delete_object is currently flakey.
      selftest: fix the flapping entry for the tombstone reanimation test
      selftet: fix the flapping entry for the drs.delete_object test.
      s3:torture: prepare the FDPASS2 test to be run with variable payload sizes.
      s3:torture: add samba3.smbtorture_s3.LOCAL-MESSAGING-FDPASS2a test.
      s3:torture: add samba3.smbtorture_s3.LOCAL-MESSAGING-FDPASS2b test.
      selftest: mark the samba4.blackbox.samba_tool_demote test flakey.
      selftest: mark the samba4.blackbox.dbcheck test as flapping.
      lib/crypto: fix header guard for crypto.h
      s4:torture: avoid free of uninitialized variables in error-case.
      s4:torture: avoid free of uninitialized variable in error case.
      s4:torture: avoid free of uninitialized variable in error case.
      s4:torture: avoid use of uninitialized variable in error case.
      docs: fix duplicate word in explanation of parameter 'logging'.
      torture: add torture_assert_int_not_equal_goto
      torture: add torture_assert_not_null[_goto]
      s4:torture:raw:notify: remove CHECK_STATUS.
      s4:torture:raw:notify: remove CHECK_VAL.
      s4:torture:raw:notify: remove CHECK_WSTR2.
      s4:torture:raw:notify: make check_rename_reply() properly use torture_result
      s4:torture:raw:notify: improve the CHECK_WSTR() macro
      s4:torture:raw:notify: add a few comments to torture_assert calls
      s4:torture:raw:notify: use torture_assert with torture_setup_dir
      s4:torture:raw:notify: treat torture_open_connection calls with torture_assert
      s4:torture:raw:notify: remove superfluous conditional goto
      s4:torture:raw:notify: use torture_assert instead of printf in failure case
      s4:torture:raw:notify: remove extra do-loop in NOTIFY_MASK_TEST macro.
      s4:torture:raw:notify: let NOTIFY_MASK_TEST use torture_assert macros
      s4:torture:raw:notify: use torture_assert instead of printf in test_notify_tree
      s4:torture:raw:notify: torture_assert on creation of secondary tcon
      build:wafsamba: fix a typo
      s3:spoolss: use lp_load() wrapper lp_load_global().
      s3:lsasd: use lp_load() wrapper lp_load_global()
      s3:param: let lp_load_global() call lp_load(), not lp_load_ex().
      s3:param: add wrapper lp_load_with_shares().
      s3:param: let lp_load_global_no_reinit() call lp_load() instead of lp_load_ex()
      s3:smbd: use lp_load_with_shares() in reload_services().
      nsswitch/wins: use lp_load_global() wrapper of lp_load().
      s3:auth: use lp_load_with_shares() in auth3_generate_session_info_pac()
      s3:auth: use lp_load_with_shares() in auth3_check_password()
      s3:param: remove "global_only" parameter from lp_load_with_registry_shares().
      s3:param: remove "add_ipc" parameter from lp_load_with_registry_shares().
      s4:torture:libnetapi: use lp_load_global() instead of lp_load()
      s3:torture:msg: use lp_load()-wrapper lp_load_global()
      s3:param: add lp_load_no_reinit()
      s3:param: use lp_load_no_reinit() in lp_load_for_s4_ctx()
      vfstest: use lp_load_with_shares() in cmd_conf
      s3:param: make lp_load() static
      s3:param: in lp_load_initial_only(), make sure to save defaults.
      s3:param: factor lp_enforce_ad_dc_settings() out of lp_load_ex()
      s3:param: use GLOBAL_SECTION_SNUM in lp_enforce_ad_dc_settings()
      s3:param: fix a comment
      s3:param: rename arg initialize_globals->reinit_globals in lp_load_ex()
      s3:param: rename arg initialize_globals->reinit_globals in lp_load()
      s3:param: remove arg initialize_globals from lp_load_with_registry_shares()
      s3:param: remove arg save_defaults from lp_load_with_registry_shares()
      param: remove two unused #defines
      docs: overhaul the description of "smb encrypt" to include SMB3 encryption.
      docs: correctly depend on used xsl files and catalog for building manpages.t

Noel Power (2):
      fix failing fd passing message by passing needed buffer size
      fsrvp: prune shadow copies if associated path doesn't exist

Petr Viktorin (5):
      pytalloc: Fix comparison of disparate types
      wafsamba: Add install argument to SAMBA_PYTHON
      pytalloc: Add tests
      buildtools: Honor LDVERSION when looking for Python library
      buildtools: Use all of pyext_PATTERN in map_shlib_extension

Rajesh Joseph (4):
      ctdb: Coverity fix for CID 1291643
      rpc_server: Coverity fix for CID 1273079
      ctdb: Coverity fix for CID 1125625
      ctdb: Coverity fix for CID 1125630

Ralph Boehme (7):
      vfs_fruit: enhance handling of malformed AppleDouble files
      s3:lib: use talloc_get_type_abort
      s3:smbd: missing tevent_req_nterror
      s3:smbd: update comment to correctly reflect MS-SMB2
      s3:smbd: add wrapper around reinit_after_fork
      s3:smbd: use smbd_reinit_after_fork
      Revert "wafsamba: flags from enviroment are put before our own internal versions"

Ralph Wuerthner (1):
      vfs_gpfs: Fix ENODATA for getacl on .snapshot dirs

Richard Sharpe (6):
      Rename SMB2_OP_FIND to SMB2_OP_QUERY_DIRECTORY so that it conforms with the MS document MS-SMB2.
      Change the registry subsystem to use uint32_t from uint32. Also change session.h.
      s3: smbd: Make sure we do not pass paths with ./ on the front to VFS routines.
      Change all uses of uint16/uint32/uint64 to uintXX_t in smb.h.
      Convert all uses of uint8/16/32 to uint8/16/32_t in the libads code.
      Make sure we initialize conn to NULL, because a routine we call may give an error and not touch conn, and then we get an error when trying to TALLOC_FREE it.

Roel van Meer (1):
      Fix incorrect order of arguments in error string

Stefan Metzmacher (122):
      heimdal:lib/krb5: remove KRB5_PADATA_CLIENT_CANONICALIZED handling
      heimdal:kdc: remove KRB5_PADATA_CLIENT_CANONICALIZED handling
      heimdal:krb5.asn1: remove KRB5_PADATA_CLIENT_CANONICALIZED handling
      heimdal:lib/krb5: allow enterprise principals in verify_logonname()
      heimdal:lib/krb5: let build_logon_name() use KRB5_PRINCIPAL_UNPARSE_DISPLAY
      selftest: fix the basedn for local accounts in non-DC environments e.g. s4member
      auth/credentials: add a missing talloc check to cli_credentials_set_nt_hash()
      auth/credentials: add cli_credentials_[g|s]et_old_nt_hash()
      auth/credentials: add cli_credentials_set_old_utf16_password()
      s3:cli_netlogon: cli_credentials_get_old_nt_hash() in rpccli_setup_netlogon_creds_with_creds()
      s3:rpc_client: remove unused auth_level paramter of cli_rpc_pipe_open_schannel()
      s3:rpc_client: use cli_credentials based functions in cli_rpc_pipe_open_schannel()
      s3:rpc_client: handle !NETLOGON_NEG_AUTHENTICATED_RPC in cli_rpc_pipe_open_schannel()
      s3:rpcclient: make use of rpccli_[create|setup]_netlogon_creds_with_creds()
      s3:auth_domain: fix talloc problem in connect_to_domain_password_server()
      s3:auth_domain: make use of cli_rpc_pipe_open_schannel()
      s3:libnet: use cli_credentials based functions in libnet_join_ok()
      s3:rpc_client: remove unused cli_rpc_pipe_open_schannel_with_key()
      s3:pdb_samba_dsdb: return the previous password and the kvno in pdb_samba_dsdb_get_trusteddom_creds()
      s3:pdb_samba_dsdb: return the domain sid in pdb_samba_dsdb_get_trusteddom_pw()
      s3:pdb_samba_dsdb: implement pdb_samba_dsdb_set_trusteddom_pw()
      s3:winbindd_cm: improve detection for the anonymous fallback.
      s3:winbindd: make open_internal_lsa_conn() non static
      s4:trust_utils: store new trust/machine passwords before trying it remotely.
      s4:librpc: add auth_type=ncalrpc_as_system as binding option
      s4:py_net: make domain and address fully optional to py_net_finddc
      drsblobs.idl: make replPropertyMetaData1 public
      ldb-samba: implement --show-binary for msDS-RevealedUsers
      netlogon.idl: improve idl for netr_ServerTrustPasswordsGet()
      netlogon.idl: remove netr_SupportedEncTypes and use kerb_EncTypes instead
      lsa.idl: fix idl for lsa_ForestTrustRecordType
      lsa.idl: use 'boolean8 check_only' instead of 'uint8 check_only'
      lsa.idl: improve idl for lsa_ForestTrust*Record*
      drsblobs.idl: improve idl for ForestTrustInfoRecord*
      s4:rpc_server/lsa: only return collision_info if filled in lsaRSetForestTrustInformation()
      s3:rpc_server/lsa: only return collision_info if filled in lsaRSetForestTrustInformation()
      s4:auth/gensec_gssapi: let gensec_gssapi_update() return NT_STATUS_LOGON_FAILURE for unknown errors
      selftest: use server_maxtime = 9000 by default
      s4:kdc: fix realm for outgoing trusts in samba_kdc_trust_message2entry()
      libcli/auth: add some const to netlogon_creds_server_{init,step_check}()
      libcli/auth: add forward declaration for struct wkssvc_PasswordBuffer
      s3:libnet: remove unused variables
      s3:wscript_build: remove allow_warnings=True from LIBNET_DSSYNC
      spoolss.idl: add SPOOLSS_JOB_CONTROL_NOOP = 0
      s3:rpc_server/spoolss: make use of SPOOLSS_JOB_CONTROL_NOOP
      s3:rpc_server/wscript_build: remove allow_warnings=True from RPC_SPOOLSS
      s4:rpc_server/drsuapi: fix warnings in dcesrv_drsuapi_DsGetDomainControllerInfo_1()
      s4:rpc_server/drsuapi: remove unused variable in dcesrv_drsuapi_DsWriteAccountSpn()
      s4:rpc_server/drsuapi: fix const warning in writespn_check_spn()
      s4:rpc_server/drsuapi: remove allow_warnings=True
      s4:rpc_server/samr: remove unused variables
      s4:rpc_server/samr: handle ROLE_AUTO explicit to avoid a compiler warning
      s4:rpc_server/samr: use the same logic in *info_DomInfo7() as in info_DomGeneralInformation()
      s4:rpc_server/samr: remove allow_warnings=True
      s4:lib/tls: add tls_cert_generate() prototype to tls.h
      s4:lib/tls: remove allow_warnings=True
      auth/kerberos: avoid compiler warnings
      auth/kerberos: remove allow_warnings=True
      s4:auth/gensec_gssapi: remove compiler warnings
      s4:auth/gensec_gssapi: remove allow_warnings=True
      s4:auth/gensec_cyrus_sasl: remove compiler warnings
      s4:auth/gensec_cyrus_sasl: allow_warnings=True
      ldb:tests/sample_module: don't be lazy and use ldb_msg_copy_shallow/ldb_build_add_req
      ldb:wscript: remove allow_warnings=True for ldb_sample
      s4:torture/smb2: avoid compiler warnings
      s4:torture/smb2: remove allow_warnings=True
      s4:torture/ndr: #if 0 unused code
      s4:torture/wscript_build: remove allow_warnings=True for TORTURE_NDR
      s4:torture/raw: avoid compiler warnings
      s4:torture/wscript_build: remove allow_warnings=True for TORTURE_RAW
      s4:torture/rpc: avoid compiler warnings
      s4:torture/wscript_build: remove allow_warnings=True for torture_rpc
      s4:torture/winbind: avoid compiler warnings
      s4:torture/winbind: remove allow_warnings=True
      s4:torture/libnetapi: avoid compiler warning
      s4:torture/libnetapi: remove allow_warnings=True
      s4:kdc/db-glue: pass a valid principal from samba_kdc_seq() to samba_kdc_message2entry()
      lib/util: fix the default code path for debug_set_settings()
      s4:heimdal_build: remove allow_warnings=True from HEIMDAL_ASN1()
      nsswitch: improve error messages in wbinfo calls
      libcli/util: let WERR_UNKNOWN_LEVEL be an alias to WERR_INVALID_LEVEL
      s4:torture/rpc: don't use the same names for 3 different tests
      s4:torture/rpc: let test_LogonControl() also accept WERR_NOT_SUPPORTED for NETLOGON_CONTROL_TRUNCATE_LOG
      s3:rpc_server/netlogon: improve the netr_LogonControl*() error returns
      s4:torture/rpc: let rpc.netlogon.admin pass against windows 2012r2
      s4:torture/rpc: sync test_LogonControl2Ex with test_LogonControl2
      s4:torture/rpc: use unique sids and names for trusted domains
      s4:rpc_server/lsa: correctly set *r->out.resume_handle with NT_STATUS_OK in lsa_EnumTrustedDomainsEx()
      s4:torture/rpc: fix test_EnumTrustDomEx() with existing domains
      s4:torture/rpc: use torture_assert*() macros for rpc.lsa.forest.trust
      s4:torture/rpc: really use LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE in rpc.lsa.forest.trust
      s4:torture/rpc: test the old password in test_validate_trust() for rpc.lsa.forest.trust
      s4:torture/rpc: use torture_skip() if torture:Forest_Trust_Dom2_Binding isn't specified for rpc.lsa.forest.trust
      s4:selftest: run rpc.netlogon.admin against also ad_dc
      librpc/ndr_nbt: we need to keep a trailing '.' in the last component of an nbt_string
      selftest: use dns_lookup_* = true in krb5.conf
      docs-xml/Samba3-HOWTO: add reference to WERR_INVALID_PASSWORD were we had only WERR_BAD_PASSWORD
      libcli/auth: use WERR_INVALID_PASSWORD instead of WERR_BAD_PASSWORD
      libcli/util: remove unused WERR_BAD_PASSWORD
      s4:kdc/db-glue: samba_kdc_trust_message2entry() should use the normalized principal as salt
      s3:rpcclient: only require netlogon_creds for specified netlogon calls
      libcli/security: support "IS" in SDDL for SID_NT_IUSR
      libcli/security: add security_descriptor_for_client() helper function
      s4:rpc_server/lsa: normalize the access_mask for lsa account objects
      s4:rpc_server/lsa: implement the policy security descriptor
      s4:selftest: run dbcheck against the ad_dc environment too
      lsa.idl: mark lsa_TrustDomainInfoInfoEx as public
      s3:winbindd: add MSG_WINBIND_NEW_TRUSTED_DOMAIN that takes a lsa_TrustDomainInfoInfoEx
      s4:rpc_server/lsa: notify winbindd about new trusted domains
      s4:rpc_server/lsa: we need to normalize the trustAuth* blobs before storing them
      s3:rpc_server/lsa: we need to normalize the trustAuth* blobs before storing them
      s3:trusts_util: add support for SEC_CHAN_DNS_DOMAIN in trust_pw_change()
      s3:trusts_util: make use of pdb_get_trust_credentials() and pdb_get_trusted_domain() in trust_pw_change()
      s3:trusts_util: pass new_trust_version to netlogon_creds_cli_ServerPasswordSet() in trust_pw_change()
      s3:trusts_util: generate completely random passwords in trust_pw_change()
      selftest/knownfail: remove unused ^samba4.winbind.struct.show_sequence\(ad_dc\) line
      selftest/Samba4: use 'testallowed account' instead of 'test allowed'
      s4:torture/local: add more torture_assert() checks
      s4:torture/winbind: add torture:winbindd_domain_without_prefix option

Steve Howells (1):
      s4.2/fsmo.py: fixed fsmo transfer exception

Thomas Nagy (2):
      Transition to waf 1.8: replaced on_results by update_outputs
      Transition to waf 1.8: wrapped conf.check_cfg

Thomas Schulz (1):
      libcli/auth: Match Declaration of netlogon_creds_cli_context_tmp with implementation

Volker Lendecke (88):
      torture4: Fix systems with a 32-bit "long"
      registry: Fix CID 241075 Unchecked return value
      registry: Fix CID 240989 Buffer not null terminated
      ctdb: Fix 1125553 Buffer not null terminated
      libreplace: Fix CID 1034926 Destination buffer too small
      smbcontrol: Simplify do_winbind_offline
      lib: Fix CID 1034838 Resource leak
      lib: Fix CID 1034839 Resource leak
      lib: Fix CID 1034840 Resource leak
      tdb: Fix CID 1034841 Resource leak
      tdb: Fix CID 1034842 Resource leak
      ctdb: Fix CID 1288201 Array compared against 0
      lib: Fix whitespace
      lib: Avoid a malloc/realloc in getgroups_unix_user
      smbd: Put a variable definition closer to its use
      smbd: Streamline the gids handling in create_token_from_sid()
      smbd: Simplify create_token_from_sid()
      smbd: Simplify create_token_from_sid()
      ctdb: Fix whitespace
      ctdb: Make for-loop in ctdb_get_script_list more idiomatic
      ctdb: Fix memleak in ctdb_get_script_list
      ctdb: Introduce a helper var in ctdb_get_script_list
      ctdb: Fix CID 1125613 Destination buffer too small
      passdb: Fix the O3 developer build
      samdb: Ignore ntdb in secrets_tdb_sync
      Remove callers of lp_use_ntdb
      lib: Remove "use_ntdb" param from secrets_init_path
      dbwrap: Remove ntdb logic from dbwrap_local_open
      dbwrap: Remove dbwrap_ntdb
      lib: Remove unused util_ntdb.[ch]
      param: Remove "use ntdb"
      Revert "Samba3-HOWTO: mention NTDB."
      param: Remove "use ntdb" reference
      Remove ntdb from scripts
      autobuild: Remove ntdb target
      python: Remove ntdb references
      Docs: Remove some ntdb references
      Remove ntdb protection from tdb_wrap
      Remove ntdb protection from db_open_tdb
      dbwrap: Remove a ntdb reference
      waf: Do not recurse into ntdb
      lib: Remove ntdb
      lib: Remove tdb_open_compat
      Remove tdb_[first|next]key_compat
      lib: Remove tdb_errorstr_compat
      lib: Remove tdb_fetch_compat
      lib: Remove tdb_compat
      smbd: Remove an unused #include
      source3: Replace ccan hash calls with tdb_jenkins_hash
      source3: Remove ccan-hash dependency
      texpect: Do not depend on ccan
      lib: Remove ccan
      smbd: Fix a typo
      dsdb: Fix CID 1034681 Copy-paste error
      lib: Move get_iconv_handle() call down
      lib: Fix CID 1272834 Unchecked return value
      lib: Convert [up|low]case.dat to C
      lib: Remove load_case_tables_library()
      lib: load_case_tables() -> smb_init_locale()
      smbd: Convert valid.dat to C code
      codepages/*.dat are gone
      lib: Remove unused [un]map_file
      loadparm: Fix CID 1273054 Improper use of negative value
      lib: Fix CID 1273009 Dereference after null check
      ctdb: Fix CID 1125634 Out-of-bounds write
      ctdb: Fix CID 1125615 Copy into fixed size buffer
      heimdal: Fix a warning
      heimdal: Fix a warning
      groupdb: Fix a typo
      fss: Fix CID 1293354 Wrong operator used
      winbind: Use tdb_parse_record in wcache_fetch_seqnum
      winbind: Avoid a few talloc_tos() in winbindd_cache.c
      ctdb: Fix the O3 developer build
      lib: Fix a few CIDs for Resource Leak
      tevent: Fix CID 1035381 Unchecked return value
      lib: Fix CID 1107218 Resource leak
      smbd: Save a few lines of C :-)
      smbd: Introduce reset_delete_on_close_lck
      smbd: Use reset_delete_on_close_lck directly
      smbd: Remove bool arg from set_delete_on_close_lck
      smbd: Cancel pending notifies if the directory goes away
      torture: Add smb2.notify.rmdir
      lib: Use isspace on unsigned char
      lib: Remove procid_str_static
      Fix the O3 developer build
      lib: Fix a typo
      lib: Simplify dom_sid_parse_length
      lib: Remove server_id_str()

Yan, Zheng (4):
      vfs_ceph: fix ntimes_fn callback
      vfs_ceph: remove cephwrap_init_stat_ex_from_stat()
      vfs_ceph: use 'file descriptor' version xattr functions when possible
      vfs_ceph: add empty ACL callbacks

Youzhong Yang (1):
      s3-unix_msg: remove socket file after closing socket fd


Samba Shared Repository

More information about the samba-cvs mailing list