[SCM] Samba Shared Repository - annotated tag talloc-2.1.3 created

Stefan Metzmacher metze at samba.org
Tue Jul 21 20:34:39 UTC 2015

The annotated tag, talloc-2.1.3 has been created
        at  39f95f7944ba37461ab4f29172549306959436b1 (tag)
   tagging  e05cb33511da81a2916b7504308552bcb4cbd587 (commit)
  replaces  tdb-1.3.6
 tagged by  Stefan Metzmacher
        on  Tue Jul 21 22:34:23 2015 +0200

- Log -----------------------------------------------------------------
talloc: tag release talloc-2.1.3
Version: GnuPG v1


Alexander Bokovoy (1):
      auth/credentials: if credentials have principal set, they are not anonymous anymore

Amitay Isaacs (12):
      wafsamba: Cache final_libs for each target
      ctdb-packaging: Pass extra arguments to rpmbuild from commandline
      ctdb-packaging: Package private libraries
      ctdb-tests: Add simple test harnesses for running unit tests
      ctdb-tests: Remove extra_header and extra_footer variables
      ctdb-tests: Remove unsed code
      ctdb-tests: Add test cleanup hooks
      ctdb-tests: Refactor code using simple test harness functions
      ctdb-daemon: Fix valgrind invalid read error in db_statistics control
      ctdb-daemon: Remove control CTDB_CONTROL_SET_CALL
      ctdb-daemon: Avoid double-free during monitor cancellation
      ctdb-daemon: Return correct sequence number for CONTROL_GET_DB_SEQNUM

Andreas Schneider (27):
      wafsamba: Also build libraries with RELRO protection
      auth: Explain why GSS_KRB5_CRED_NO_CI_FLAGS_X is needed
      tests: Add test_preserve_case.sh
      selftest: Plan samba3.blackbox.preserve_case testcase
      CID 1311763: Fix incorrect return value
      CID 1311764: Fix logical compare in if clause
      CID 1311767: Cast enum type to avoid compiler warnings
      CID 1311771: Fix a null pointer dereference
      CID 1311772: Fix null pointer check
      docs: Documents length limitations for NetBIOS name
      s4-samdb: Correctly cast data pointer
      s4-auth: Add smb_krb5_create_principals_array()
      s4-auth: Add smb_krb5_remove_obsolete_keytab_entries()
      s4-auth: Use kerberos util functions in srv_keytab
      s4-auth: Always pass down the salt principal
      s4-waf: Reformat torture_rpc
      s4-torture: Make the backupkey test as a noop with MIT Kerberos.
      selftest: Do not lookup the realm with Kerberos
      s4-kerberos: Make sure we handle kvno's in keytabs correctly
      s3-auth: Fix a possible null pointer dereference
      s3-smbd: Leave sys_disk_free() if dfree command is used
      s3-smbd: Remove the global dfree_broken variable
      selftest: Add test for the dfree command
      s4-kdc: Fix a typo
      s4-kdc: Fix a casting warning
      waf: Make mit_samba a subsystem and do not build with Heimdal
      s4-auth: Make sure error_string is correctly initialized

Andrew Bartlett (10):
      selftest: Run winbind tests in chgdcpass environment
      winbindd: Use pdb_get_domain_info() to get exactly the local domain info when we are an AD DC
      winbindd: Sync secrets.ldb into secrets.tdb on startup
      selftest: Change chgdcpass environment to use winbindd
      Allow winbind removal by matching delays to Samba3.pm
      s4-winbindd: Remove the winbind rewrite from the samba4 effort
      Remove support for OpenPGP certificates in our TLS client and server
      lib/tls: Add new 'tls priority' option
      lib/tls: Change default supported TLS versions.
      selftest: Add knownfail entry required to disable tombstone_reanimation

Anoop C S (4):
      source3/registry: Fix CID 1273421 Useless call
      source3/registry: Fix CID 1273100 Stray semicolon
      source/libsmb: Fix CID 1272955 Logically dead code
      lib/sysquota_linux: Handle the quota flags properly

Anubhav Rakshit (2):
      s3:libsmb: Fix a bug in conversion of ea list to ea array.
      s3:client: Add "scopy" cmd to perform Server Side copy using smbclient.

Aurelien Aptel (1):
      tdb python binding: raise KeyError(key) when the key doesn't exist

Christof Schmitt (19):
      sharesec: Use non-numerical output for sharesec
      selftest: Add test for sharesec command
      docs-xml: Update sharesec manpage to reflect current output
      selftest: Add callout scripts for RPC SRVSVC share modifications
      selftest: Add blackbox test for srvsvc calls from rpcclient
      sharesec: Remove error message for unmarshall_sec_desc failure
      ctdb: Accept the key in hex format for the pstore command
      ctdb: Create helper function for optional hex input
      ctdb: Accept hex format for pdelete and ptrans commands
      vfs_gpfs: Use ACL defines from GPFS 3.5 header files
      vfs_gpfs: Use C99 initializers instead of ZERO_STRUCT
      gpfswrap: Remove unused wrapper for gpfs_fnctl
      gpfswrap: Use gpfs.h instead of gpfs_fcntl.h
      vfs: Make entry message for check_reduced_name a debug message
      vfs: Change final message in check_reduce_name to "info"
      dosmode: Change message of result to informational
      rpcclient: Set internal log level to 0
      smbstatus: Set internal log level to 0
      smbcontrol: Set internal log level to 0

Douglas Bagnall (13):
      Byte order reversal shouldn't assume size_t is 64 bit.
      Treat unsigned 64 bit IDL values as unsigned long long in Python
      remove trailing whitespace in Pidl/Samba4/Python.pm
      Use large enough unsigned values in server_id IDL
      Avoid casting pointer to unsigned long long for NULL check
      correct sense of macro variable name in SMB2 durable open test
      Avoid segfault in durable_open tests
      Revert "lib: Fix deps for LIBCRYPTO"
      Treat uid_t, git_t as 64 bit in Pidl Python bindings
      Fix gensec_gssapi compilation for i386
      Fix ldap_bind compilation for i386
      Fix format size errors for i386 in source3/librpc/crypto/gse.c
      Use uintptr_t for pointer int cast in SMBC_getdents_ctx()

Felix Janda (1):
      replace: Replace BSD strtoll by wrapping strtoll instead of strtoq

G√ľnther Deschner (46):
      s3-smbd: reset protocol in smbXsrv_connection_init_tables failure paths.
      ntlmssp: add NTLMSSP_WINDOWS_MINOR_VERSION_3 as seen from Windows 8.1 clients.
      librpc: prevent invalid NULL pointer derref in dcerpc_binding_get_auth_info().
      s4-torture: open a clusapi connection to get list of cluster nodes, etc.
      s4-torture: minor cleanup in test_witness_Register().
      s4-torture: make setup of the clusapi pipe non-critical in witness test.
      s4-torture: add some more tests for witness_AsyncNotify and RegisterEx with different timeouts.
      s3-rpcclient: add cmdline tools to toggle online/offline cluster resource state.
      witness: add default case to witness_notifyResponse_message union.
      witness: autogenerate the marshalling of the witness_notifyResponse_message.
      s3-rpcclient: add clusapi_get_resource_state command.
      libndr: better debug message in ndr_pull_subcontext_start().
      s3-rpcclient: use witness defines in witness rpcclient.
      s3-rpcclient: close policy handle in cmd_clusapi_open_resource().
      s4-torture: make some clusapi torture tests public.
      s4-torture: add clusapi resource online/offline toggle code to witness test.
      s3-rpcclient: remove old extra hand marshalling from witness cmds.
      s4-torture: finally enable witness_AsyncNotify ndr test.
      s4-torture: move torture_assert_sid_equal() out of ndr headers.
      lib/torture: be more verbose about ndr failures.
      s4-torture: using async dcerpc for witness async notifications.
      libndr: reformat libndr torture_suite macros to make differences more visible.
      s4-torture: add torture_ndr_push_struct_blob_flags() in order to manipulate push flags.
      s4-torture: add new torture_suite_add_ndr_pullpush_fn_test_flags().
      s4-torture: pull, push and compare a witness Notify struct in ndr test.
      s4-torture: use smb_krb5_make_principal() in lsa forest krb5 tests.
      s4-torture: use smb_krb5_principal_get_type in lsa forest krb5 tests.
      lib/krb5: add new KRB5_ERROR_CODE() abstraction macro.
      s4-torture: use smb_krb5_free_error() in lsa forest krb5 tests.
      s4-torture: use krb5_error in lsa forest trust tests.
      s4-torture: use smb_krb5_principal_set_type() in lsa forest krb5 tests.
      s4-torture: add test for ClusterControl to clusapi testsuite.
      s4-torture: do some more inspection on expected witness_AsyncNotify replies.
      s4-torture: make sure to always seal the clusapi connection in witness test.
      s4-torture: add more tests for dcerpc_clusapi_CreateEnum.
      clusapi: use winreg_AccessMask in clusapi.idl.
      s4-torture: add test for clusapi_QueryValue.
      s3-rpcclient: add cmd_clusapi_get_cluster_version2.
      clusapi: add and use clusapi_ClusterControlCode to IDL.
      s4-torture: add test for ClusterControl to clusapi testsuite.
      s4-kdc/wdc-samba4: add a copy of samba_kdc_build_edata_reply for Heimdal.
      s4-kdc/mit_samba: add a copy of samba_kdc_build_edata_reply for MIT.
      s4-kdc/pac_glue: remove old samba_kdc_build_edata_reply().
      s4-kdc: only use a void* in samba_kdc_entry instead of hdb_entry_ex.
      s4-kdc: move kdc_check_pac() to a new subsystem KDC-GLUE.
      s4-kdc_kpasswd: split out some code to a KPASSWD_GLUE subsystem.

Jeremy Allison (8):
      lib: ldap: Properly check talloc error returns.
      smbd: Fix clients connecting unencrypted with PROTOCOL_SMB2_24 or higher.
      s3: smbd - Fix SMB3.11 protocol encryption selection.
      dcerpc: NULL pointer deref crash in handling rpc request.
      s3: smbd: Codenomicon crash in do_smb_load_module().
      s3: smbd: Use separate flag to track become_root()/unbecome_root() state.
      docs: Document new scopy command.
      s3: tests: Add blackbox test for scopy.

Kamen Mazdrashki (1):
      dsdb: Disable tombstone_reanimation module until we isolate what causes flaky tests

Karolin Seeger (1):
      docs: Bump version up to 4.3.

Marc Muehlfeld (1):
      Group creation: Add msSFU30Name only when --nis-domain was given

Martin Schwenke (52):
      ctdb-tests: Run transaction tests with externally imposed timeout
      ctdb-scripts: Create the directory containing the recovery lock
      ctdb-recoverd: Add new function clear_ip_assignment_tree()
      ctdb-recoverd: Clear IP assignment tree on election loss
      ctdb-daemon: Promote debug messages about --start-as-* to NOTICE level
      ctdb-scripts: Only write to /proc route flush files if they exist
      ctdb-build: Fix building of PCP PMDA module
      ctdb-scripts: Use an "if" statement instead of "&&"
      ctdb-tests: Remove statd-callout when running NFS tests
      ctdb-scripts: Fix regression in VLAN interface support
      ctdb-scripts: Support monitoring of interestingly named VLANs on bonds
      ctdb-tests: Interface number in "ip link show" stub defaults to 42
      ctdb-tests: Add VLAN support to the "ip link" stub
      ctdb-tests: Add some 10.interfaces VLAN tests
      ctdb-tools: Avoiding printing "(null)" on "ctdb eventscript" error
      ctdb-daemon: Improve error messages when eventscript control is cancelled
      ctdb-daemon: Allow a new monitor event to cancel one already in progress
      ctdb-tests: Factor out stack dumping and background marking code
      ctdb-tests: Default fail count for rpc_set_service_failure_response() is 1
      ctdb-tests: Don't flag failure when there are no rpcinfo check failures
      ctdb-tests: rpc_set_service_failure_response() should take RPC service name
      ctdb-tests: New function nfs_iterate_test()
      ctdb-tests: Update NFS tests to use nfs_iterate_test()
      ctdb-tests: Automate expected NFS test results instead of hard-coding
      ctdb-tests: Allow 2nd argument of nfs_iterate_test() to be null
      ctdb-tests: New NFS test with all services up and 10 iterations
      ctdb-tests: Remove remaining uses of iterate_test()
      ctdb-tests: Remove function iterate_test()
      ctdb-tests: setup_nfs() should mark nfslock as started/stopped
      ctdb-scripts: NFS RPC checks should be simple and consistent
      ctdb-scripts: Clean up ctdb_check_rpc()
      ctdb-scripts: Move "ERROR:" prefix out of ctdb_check_rpc()
      ctdb-scripts: Factor out new function ctdb_counter_get()
      ctdb-scripts: Add new NFS service checking infrastructure
      ctdb-scripts: Switch NFS checks to new style
      ctdb-scripts: Remove old NFS checking code
      ctdb-scripts: Parameterise 60.nfs with $CTDB_NFS_CALLOUT
      ctdb-scripts: Remove configuration variable CTDB_MONITOR_NFS_THREAD_COUNT
      ctdb-scripts: Remove functions startstop_nfs() and startstop_nfslock()
      ctdb-scripts: Extend NFS .check files with service_check_cmd variable
      ctdb-scripts: Remove 60.ganesha, replace with callout for 60.nfs
      ctdb-scripts: Remove unused function startstop_ganesha()
      ctdb-scripts: Drop configuration variable CTDB_NFS_DUMP_STUCK_THREADS
      ctdb-scripts: Move NFS support functions to 60.nfs
      ctdb-scripts: Add portmapper NFS .check file
      ctdb-tests: Add some simple tests for CTDB_NFS_CALLOUT
      ctdb-scripts: Add registration for CTDB_NFS_CALLOUT operations
      ctdb-scripts: Implement registration in nfs-linux-kernel-callout
      doc: Fix documentation for "ctdb timeout" parameter
      ctdb-scripts: Support RPC checks for tcp6 and udp6
      ctdb-scripts: Move 60.nfs Ganesha callout to doc/examples/
      ctdb-daemon: Ignore SIGUSR1

Mathieu Parent (1):
      ctdb-build: Fix ctdb --with-socketpath configure option

Michael Adam (19):
      ctdb: remove useless setting of variable domain_socket_name
      ctdbd_conn: lower the debug level 0 for failing connection to ctdbd.
      ctdbd_conn: use the right error code from ctdbd_connect for debug and return
      ctdb: strip trailing spaces from nodes file.
      net:conf:import: print error message when importing fails.
      selftest: skip the ntvfs based base.defer_open tests
      s3:libsmb: fix resolve_ads return if there were no answers
      Introduce setting "desired" for 'smb encrypt' and 'client/server signing'
      smbXsrv: add bools encryption_desired to session and tcon
      smbd:smb2: separate between encryption required and enc desired
      smbd:smb2: only enable encryption in session if desired
      smbd:smb2: only enable encryption in tcon if desired
      smbd:smb2: use encryption_desired in send_break
      docs:smb.conf: explain effect of new setting 'desired' of smb encrypt
      librpc:ndr:witness: fix CID 1311245: Memory - illegal accesses (UNINIT)
      smbd:trans2: treat new SMB_SIGNING_DESIRED in case
      librpc:ndr:witness: move variables into scope
      librpc:ndr:witness: remove an unneeded block, reducing indentation.
      docs:smb.conf: fix typo in 'smb encrypt' text.

Paul Wayper (2):
      Spelling correction: exlusive -> exclusive
      Spelling correction: exlusive -> exclusive and semantincs -> semantics

Petr Viktorin (8):
      buildtools: Don't configure Python more than once
      buildtools: Fix crash on invalid --extra-python option
      pytdb: Allow nextkey() to be called
      pytdb: Port to Python 3
      pytdb: Build for two versions of Python at once
      pytdb: Use new dict API on Python 3
      pyldb: Add a text-based interface for Python 3
      pytdb: Add tests for text interface

Ralph Boehme (26):
      vfs_fruit: simplify lp_parm_bool check
      smbd/smb2_ioctl: fix error handling
      s3:util: use pread/pwrite in transfer_file
      smb2:ioctl: support for OS X AAPL copyfile style copy_chunk
      vfs:fruit: implement copyfile style copy_chunk
      s4:torture:vfs_fruit: copyfile
      debug: get rid of DBGC_MAX_FIXED
      tevent: add and use debug class for tevent
      s3:vfs: copy_chunk buffer size
      vfs_fruit: check offset and length for AFP_AfpInfo read requests
      s4:torture:vfs_fruit: check offset and length when reading AFP_AfpInfo stream
      s3-mdssvc: add configure option --enable-spotlight
      mdssvc: IDL file for new RPC service
      s3-mdssvc: add Spotlight RPC stubs
      s3-mdssvc: add new option 'spotlight'
      s3-mdssvc: dalloc: dynamic object store based on talloc
      s3-mdssvc: (un)marshalling Spotlight RPC blob
      s3-mdssvc: Spotlight attribute mappings
      s3-mdssvc: main Spotlight code
      s3-mdssvc: lexer and parser for Spotlight queries
      s3-mdssvc: add mdssd RPC service daemon for mdssvc
      s3-mdssvc: add documentation for mdssvc and mdssd
      WHATSNEW: Spotlight
      lib/util/charset: reduce loglevel for push_ucs2_talloc error
      vfs_shadow_copy2: change log level from 0 to 1 and log share path
      s3:smbd: change a loglevel from 0 to 1 when SMB_VFS_CONNECT fails

Robin Hack (1):
      selftest: Add setup_fileserver()

Robin McCorkell (4):
      Replace random() and related calls with generate_random_buffer()
      dfs_server: Fix whitespace
      Fix MSDFS with POSIX paths in vfs_dfs_samba4
      dfs_server: Use multi-byte string handling

Rowland Penny (1):
      samba-tool: make 'samba-tool fsmo *' aware of all 7 fsmo roles

Stefan Metzmacher (147):
      s3:smb2_setinfo: fix memory leak in the defer_rename case
      s4:heimdal_build: define HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X
      auth/credentials: use HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X instead of SAMBA4_USES_HEIMDAL
      auth/gensec: gensec_[un]seal_packet() should only work with GENSEC_FEATURE_DCE_STYLE
      auth/gensec: make sure gensec_start_mech_by_authtype() resets SIGN/SEAL before starting
      dcerpc.idl: add DCERPC_AUTH_PAD_ALIGNMENT (=16)
      librpc/rpc: add DCERPC_AUTH_PAD_LENGTH(stub_length) helper macro
      s3:librpc/rpc: allow up to DCERPC_AUTH_PAD_ALIGNMENT padding bytes in dcerpc_add_auth_footer()
      s3:librpc/rpc: fix padding calculation in dcerpc_guess_sizes()
      s3:rpc_server: remove pad handling from api_pipe_alter_context()
      s3:include: remove used unused {CLIENT,SERVER}_NDR_PADDING_SIZE
      s4:librpc/rpc: let dcerpc_ship_next_request() use DCERPC_AUTH_PAD_ALIGNMENT define
      s4:librpc/rpc: let dcerpc_ship_next_request() use a sig_size for a padded payload
      s4:librpc/rpc: let ncacn_push_request_sign() handle sig_size == 0 with auth_info as internal error
      s4:librpc/rpc: fix padding caclucation in ncacn_push_request_sign()
      s4:rpc_server: let dcesrv_reply() use DCERPC_AUTH_PAD_ALIGNMENT define
      s4:rpc_server: let dcesrv_reply() use a sig_size for a padded payload
      s4:rpc_server: let dcesrv_auth_response() handle sig_size == 0 with auth_info as error
      s4:rpc_server: fix padding caclucation in dcesrv_auth_response()
      s4:selftest: run rpc.echo tests also with krb5 krb5,sign krb5,seal
      s4:selftest: also run rpc.winreg with kerberos and all possible auth options
      s4:gensec/gssapi: use gensec_gssapi_max_{input,wrapped}_size() for all backends
      s4:gensec/gssapi: make calculation of gensec_gssapi_sig_size() for aes keys more clear
      s3:libads/sasl: use gensec_max_{input,wrapped}_size() in ads_sasl_spnego_ntlmssp_bind
      s4:lib/tls: fix tstream_tls_connect_send() define
      s4:lib/tls: ignore non-existing ca and crl files in tstream_tls_params_client()
      s4:libcli/ldap: conversion to tstream
      s4:auth/gensec: remove unused and untested cyrus_sasl module
      s4:auth/gensec: remove unused include of lib/socket/socket.h
      s4:auth/gensec: remove unused gensec_socket_init()
      auth/gensec: remove unused gensec_[un]wrap_packets() hooks
      s3:ntlm_auth: don't start gensec backend twice
      s4:kdc/db-glue: fix memory leak in samba_kdc_lookup_server()
      s4:kdc/db-glue: allow principals in form of computer at EXAMPLE.COM
      s4:selftest: run samba4.rpc.lsa.secrets with more principal combinations
      s4:torture/krb5: add a --option=torture:run_removedollar_test=true option to kdc-conon
      s4:selftest: add torture:run_removedollar_test=true to the machine account kdc tests
      heimdal:lib/gssapi/krb5: make _gssapi_verify_pad() more robust
      heimdal:lib/gssapi/krb5: fix indentation in _gk_wrap_iov()
      heimdal:lib/gssapi/krb5: clear temporary buffer with cleartext data.
      heimdal:lib/gssapi/krb5: add const to arcfour_mic_key()
      heimdal:lib/gssapi/krb5: split out a arcfour_mic_cksum_iov() function
      heimdal:lib/gssapi/krb5: implement gss_[un]wrap_iov[_length] with arcfour-hmac-md5
      auth/kerberos: add gssapi_get_sig_size() and gssapi_{seal,unseal,sign,check}_packet() helper functions
      s3:librpc/gse: make use of add gssapi_get_sig_size() and gssapi_{seal,unseal,sign,check}_packet() helper functions
      s4:gensec/gssapi: make use of add gssapi_get_sig_size() and gssapi_{seal,unseal,sign,check}_packet() helper functions
      s3:winbindd: remove unused argument 'server' from winbind_samlogon_retry_loop()
      selftest: use server_maxtime = 10800 by default
      s3:libads: improve debug levels/messages in ads_find_dc()
      s4:ntvfs/ipc: fix ipc_close()
      auth/credentials: anonymous should not try to use kerberos
      midltests: add valid/midltests_DRS_EXTENSIONS.*
      librpc/rpc: add faultcode to nt_status mappings
      librpc/rpc: add dcerpc_fault_from_nt_status()
      librpc/rpc: add dcerpc_[extract|construct]_bind_time_features()
      s4:pyrpc: add base.bind_time_features_syntax(features)
      lib/util: fix output format in dump_data*()
      librpc/ndr: make use of dump_data_cb() in ndr_dump_data()
      python/samba/tests: move hexdump() from DNSTest to TestCase
      python/samba/tests: let the output of hexdump() match our C code in dump_data_cb()
      python/samba/tests: add fallbacks for assert{Less,Greater}[Equal]()
      s3:winbindd: use check dcerpc_binding_handle_is_connected() instead of a specific status
      libcli/smb: let tstream_smbXcli_np report connection errors as EPIPE instead of EIO
      s4:torture/rpc: expect NT_STATUS_CONNECTION_DISCONNECTED when a dcerpc connection is not connected
      s4:torture/rpc: expect NT_STATUS_CONNECTION_DISCONNECTED in torture_rpc_alter_context()
      python:samba/tests: don't use the x.alter_context() method in dcerpc/bare.py
      s4:pyrpc: remove pointless alter_context() method
      lib/util: add strlen_m_ext_term_null() helper function
      lib/util: let strlen_m_term[_null]() use strlen_m_ext_term[_null]()
      lib/util:charset/tests: improve strlen_m[_term[_null]]() testing
      pidl:Samba3/ServerNDR: simplify CallWithStruct()
      pidl:Samba3/ServerNDR: make CallWithStruct() more flexible
      pidl:Samba3/ServerNDR: add pidl_reset() and pidl_return() helper functions
      pidl:Samba4/NDR/Parser: always initialize _mem_save_ pointers to NULL
      dcerpc.idl: fix calculatin of uint16 secondary_address_size;
      s4:librpc/rpc: add dcerpc_secondary_auth_connection()
      s4:libcli/clilsa: only remember the dcerpc_binding_handle
      s4:libnet: make use of dcerpc_secondary_auth_connection_send/recv()
      s4:torture/samba3rpc: move pipe_bind_smb() to the top
      s4:torture/samba3rpc: use pipe_bind_smb() in more places
      s4:torture/samba3rpc: add pipe_bind_smb2()
      s4:torture/samba3rpc: use pipe_bind_smb2()
      s4:torture/samba3rpc: add pipe_bind_smb_auth()
      s4:torture/samba3rpc: use pipe_bind_smb_auth()
      s4:torture/rpc: use dcerpc_secondary_auth_connection with anon creds
      s4:torture/rpc: use dcerpc_secondary_auth_connection with creds
      s3:wscript_build: fix the build using dmapi and fam together
      s4:kdc/db-glue: allow invalid kvno numbers in samba_kdc_trust_message2entry()
      s4:kdc/db-glue: preferr the previous password for trust accounts
      s4:kdc/db-glue: let samba_kdc_trust_message2entry always generate the principal
      heimdal:lib/krb5: correctly follow KRB5_KDC_ERR_WRONG_REALM client referrals
      heimdal:lib/krb5: add krb5_mk_error_ext() helper function
      heimdal:kdc: generic support for 3part servicePrincipalNames
      heimdal:kdc: add support for HDB_ERR_WRONG_REALM
      s4:dsdb/common: add helper functions for trusted domain objects (tdo)
      s4:kdc/db-glue: implement cross forest routing by return HDB_ERR_WRONG_REALM
      s4:dsdb/common: add dsdb_trust_search_tdo*() helper functions
      s4:kdc/db-glue: make use of dsdb_trust_search_tdo()
      s3:pdb_samba_dsdb: make use of dsdb_trust_search_tdo()
      s4:auth/sam: remove unused sam_get_results_trust()
      s4:dsdb/netlogon: add support for CLDAP requests with AAC=0x00000400(ACB_AUTOLOCK) and user="example.com."
      s4:dsdb/common: pass optional new_version to samdb_set_password_sid()
      s4:dsdb/common: make use of dsdb_search_one() in samdb_set_password_sid()
      s4:dsdb/common: supported trusted domains in samdb_set_password_sid()
      s4:dsdb/password_hash: reject interdomain trust password changes via LDAP
      s4:rpc_server/netlogon: extract and pass down the password version in dcesrv_netr_ServerPasswordSet2()
      s4:dsdb/common: add dsdb_trust_get_incoming_passwords() helper function
      s4:rpc_server/netlogon: let dcesrv_netr_ServerAuthenticate3() fallback to the previous hash for trusts
      s4:rpc_server/netlogon: implement dcesrv_netr_ServerGetTrustInfo()
      s4:rpc_server/netlogon: implement dcesrv_netr_ServerTrustPasswordsGet()
      s4:rpc_server/lsa: fix dcesrv_lsa_CreateTrustedDomain()
      s4:rpc_server/lsa: improve dcesrv_lsa_CreateTrustedDomain_base()
      s4:rpc_server/lsa: implement dcesrv_lsa_lsaRQueryForestTrustInformation()
      s4:dsdb/common: add dsdb_trust_forest_info_from_lsa() helper function
      s4:dsdb/common: add dsdb_trust_xref_tdo_info() helper function
      s4:dsdb/common: dsdb_trust_normalize_forest_info_step[1,2]() and dsdb_trust_verify_forest_info()
      s4:dsdb/common: add dsdb_trust_merge_forest_info() helper function
      s4:rpc_server/lsa: use dsdb_trust_*() helper functions in dcesrv_lsa_lsaRSetForestTrustInformation()
      s4:rpc_server/lsa: remove unused code
      librpc/idl: add winbind_LogonControl()
      s3:winbindd: implement _winbind_LogonControl*()
      s3:winbindd: add wb_irpc_LogonControl()
      librpc/idl: add winbind_GetForestTrustInformation()
      s3:winbindd: implement winbind_GetForestTrustInformation()
      s3:winbindd: add wb_irpc_GetForestTrustInformation()
      s4:rpc_server/netlogon: implement netr_DsRGetForestTrustInformation with trusted domains
      s4:rpc_server/netlogon: make use of dsdb_trust_xref_forest_info()
      s4:rpc_server/netlogon: check domain state in netr_*GetForestTrustInformation()
      python/samba: add current_unix_time()
      python/samba: add on optional 'special_name' argument to CredentialsOptions()
      samba-tool: add 'domain trust *' commands
      selftest/Samba4: setup trusts between forest:fl2008r2dc/ad_dc and externl:fl2003dc/ad_dc
      testprogs/blackbox: add test_kinit_trusts.sh
      selftest/Samba4: setup forest UPN and SPN namespaces for ad_dc and fl2008r2dc
      testprogs/blackbox: let test_kinit_trusts.sh test a enterprise upn from the other foreset
      testprogs/blackbox: let test_kinit_trusts.sh verify that setpassword (via LDAP) is rejected
      testprogs/blackbox: add test_trust_utils.sh
      s4:torture/rpc: handle NT_STATUS_NO_SUCH_DOMAIN in test_query_each_TrustDom()
      s4:torture/rpc: add missing \n in comments
      s4:torture/rpc: extend and improve rpc.lsa.trusted.domains
      script/librelease.sh: use download-master.samba.org:~ftp/pub/ for uploading
      s3:winbindd: initialize an [in,out] variable in rpc_try_lookup_sids3()
      s3:winbindd: initialize acct_desc fields in rpc_enum_{dom,local}_groups()
      s3:winbindd: initialize dst->primary_gid with (gid_t)-1
      testsuite/headers: remove unused checks for ntdb.h
      talloc: version 2.1.3

Thomas Nagy (2):
      Remove PYTHONDIR and PYTHONARCHDIR in a single place
      Always use Samba's CHECK_CFG instead of waf check_cfg

Uri Simchoni (29):
      libads: fix indentation in generated krb5.conf
      namequery: fix get_kdc_list() to look for _kerberos records
      kerberos: Move DEFAULT_KRB5_PORT to a header file
      namequery: correctly merge kdc ip address list
      libads: Keep 'good' server at the head of custom KDC list
      namequery: remove dead code
      libads: Fix fallback logic when finding a domain controller
      libads: further split resolve_and_ping into dns and netbios implementations
      heimdal: fix endless loop for specific KDC error code
      winbindd: disconnect child process if request is cancelled at main process
      docs: Correct list of supported socket options
      util.c: fix order of inclusion to correctly consume config.h
      net: fix the order of DC lookup methods when joining a domain
      winbindd: set file descriptor limit according to configuration
      winbindd: cleanup client connection if the client closes the connection
      async_req: check for errors when monitoring socket for readability
      winbindd: verify that client has closed the connection
      winbind client: avoid vicious cycle created by client retry
      winbindd: periodically remove timed out clients
      doc: clarify "winbind max clients"
      winbindd: add service routines to support a sorted client list
      winbindd: keep client list sorted by access time
      winbindd: shorten client list scan
      libads: disable dns_lookup_realm in auto-generated krb5.conf files
      tdbrestore: include config.h before any glibc headers
      lib/util: include config.h before any glibc headers
      source3/lib: include config.h before any glibc headers
      fssd: include config.h before any glibc headers
      torture: include config.h before any glibc headers

Volker Lendecke (85):
      ctdbd_conn: Fix a leak on talloc_tos()
      net: Fix messaging_init for clustering
      lib: Fix CID 1306764 Unchecked return value
      lib: Fix CID 1306765 Unchecked return value from library
      Fix a typo
      rpc: Simplify dcerpc_binding_handle_raw_call()
      lib: Strip genrand.c a bit
      lib: Fix whitespace
      lib: Streamline genrand.c includes
      lib: Simplify arcfour_crypt
      lib: Fix deps for LIBCRYPTO
      lib: Make time-basic a library
      lib: Make genrand independent
      lib: Fix CID 1272913 Calling risky function
      lib: Fix CID 1034723 Explicit null dereferenced
      lib: Fix CID 1273234 Untrusted value as argument
      lib: Fix CID 710685 Unchecked return value from library
      lib: Fix CID 1272858 Copy-paste error
      lib: Fix CID 1128556 Dereference after null check
      lib: Remove unused functions
      smbd: Fix CID 1273096 Dereference before null check
      dsdb: Fix CID 1034745 Dereference after null check
      dsdb: Fix CID 1034804 Dereference null return value
      dsdb: Fix CID 1034803 Dereference null return value
      dsdb: Fix CID 1034743 Dereference after null check
      dsdb: Fix CID 1034742 Dereference after null check
      dsdb: Fix CID 1034802 Dereference null return value
      dsdb: Fix CID 1034719 Evaluation order violation
      dsdb: Fix CID 1034687 Logically dead code
      dsdb: Fix CID 1034902 Dereference before null check
      libsmb: Streamline smb1cli_trans a bit
      libsmb: Use fstr_sprint in convert_sid_to_string
      lib: Fix rundown of open_socket_out()
      libldap: Fix CID 1308982 Unchecked return value from library
      dsdb: Rename a parameter
      lib: Trim blocking.c
      docs: Document smbclient "notify" command
      vfs_fruit: Fix CID 1311244 Out-of-bounds read
      lib: Add tevent_req_poll_unix
      lib: Add server_id_db_prune_name
      lib: Add server_id_db_pid()
      lib: Add server_id_db_set_exclusive
      param: Make "change notify" global
      param: Make "kernel change notify" global
      smbd: Add direct notify_fam support
      smbd: Add the notify daemon
      smbd: Start the notify daemon
      smbd: Don't start the notify cleanup anymore
      smbd: Replace the tdb-based notify_internal with notify_msg
      smbd: Kernel change notify is done by notifyd
      smbd: Remove the notify_fam module
      notifyd: Add notifyd_parse_db()
      notify: Re-add notify_walk()
      smbd: Remove SMB_VFS_NOTIFY_WATCH
      notify: Remove two now unused stubs
      utils: add net notify
      notifyd: Add notifydd
      Remove ctdb_conn.[ch]
      librpc: Fix a "ignoring asprint return" warning
      tdb: Fix bug 11381, deadlock
      tdb: Reproducer for Bug 11381
      dalloc: Fix a typo
      dalloc: Fix CID 1097369 API usage errors (VARARGS)
      smbd: Fix CID 1311337 Error handling issues (CHECKED_RETURN)
      smbd: Fix CID 1311338 Error handling issues (CHECKED_RETURN)
      rpc_server: Fix CID 1311339 Error handling issues (CHECKED_RETURN)
      rpc_server: Fix CID 1311340 Null pointer dereferences (NULL_RETURNS)
      rpc_server: Fix CID 1311341 Integer handling issues (OVERFLOW_BEFORE_WIDEN)
      rpc_server: Fix CID 1311342 Null pointer dereferences (REVERSE_INULL)
      libsmb: Implement smbc_notify
      vfs_fruit: Fix the 32-bit build
      torture-notify: Give nonrecursive updates 200ms
      ctdbd_conn: Fix a memleak
      ctdbd_conn: Rename "ret"->"ok"
      ctdbd_conn: Make ctdb_read_packet return 0/errno
      ctdbd_conn: Convert ctdb_handle_message to return 0/errno
      ctdbd_conn: Convert ctdb_read_req to return 0/errno
      ctdbd_conn: Make register_with_ctdbd use an int-returning callback
      ctdbd_conn: Return early from ctdbd_msg_call_back
      ctdbd_conn: Do an early return from ctdb_read_req
      ctdbd_conn: Move release_ip handling into process.c
      vfs: Fix CID 1035384 Unchecked return value from library
      vfs: Consolidate failure paths in vfswrap_init_asys_ctx
      dbwrap_rbt: Make "key" and "value" aligned to 16 byte
      pdb_tdb: Use fstr_sprintf


Samba Shared Repository

More information about the samba-cvs mailing list