[SCM] Samba Shared Repository - annotated tag tdb-1.3.9 created
Stefan Metzmacher
metze at samba.org
Mon Apr 11 18:35:17 UTC 2016
The annotated tag, tdb-1.3.9 has been created
at b53028b2d9e583aee1bee432dd3c80db1d4efa3b (tag)
tagging acf6deb6981f3e4043b51c1ed134362cc9112d2c (commit)
replaces talloc-2.1.6
tagged by Stefan Metzmacher
on Mon Apr 11 20:35:02 2016 +0200
- Log -----------------------------------------------------------------
tdb: tag release tdb-1.3.9
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJXC+5WAAoJEEeTkWETCEAldc8H/2lULVfJWKxkS8fJcTtFT8Q7
6ovzESfacrCEq6JxI9jGR7DaUl9c0tUUupaHjoCqFr8nFOnBokK9hyRdiNTqwu9c
pOj7pwCQyxiIvC33hVTQcXlOeM2VZDZHHYj4JGVL6PDSgIGsGowUegb98ExZE80H
zUkK06WtJ0Pa4s0X8hMmYfZ2gBcHBY26Ku+mVRqiiJ7NCkDF6Wf+NlijQ8KFyslY
vcSlD92dj97mJKwsRHfKEBmOFOpi8y0EZD4KTTALMFtJAuZH2FjSrGa5FG6Acij9
QsjmfPLvj/jiObPPS2ltGmAqcAunSbqmMrpFLl38idgPBa3nKjo5Tt774BWEEIc=
=7+9l
-----END PGP SIGNATURE-----
Alexander Bokovoy (1):
s4-libnet: only build python-dckeytab module for Heimdal in AD DC mode
Amitay Isaacs (39):
ctdb-doc: Sort the tunable variables in alphabetical order
ctdb-tunables: Add missing flags in the initializer
ctdb-tunables: Mark tunable MaxRedirectCount obsolete
ctdb-tunables: Mark tunable ReclockPingPeriod obsolete
ctdb-doc: Update tunables documentation
ctdb-doc: Add documentation for missing tunables
ctdb-recovery-helper: Get tunables first, so control timeout can be set
ctdb-tunables: Fix the implementation of LIST_TUNABLES control
ctdb-doc: Update ctdb man page
ctdb-doc: Update ctdb man page
ctdb-client: Increase the timeout for TRANS3_COMMIT control
ctdb-protocol: Check header is not null before copying
ctdb-protocol: Add protocol debug routines
ctdb-tests: Add a utility to parse ctdb packets
ctdb-client: Add client API for sending message to multiple nodes
ctdb-tunables: Add new tunable RecBufferSizeLimit
ctdb-protocol: Add new data type ctdb_pulldb_ext for new control
ctdb-protocol: Add new controls DB_PULL and DB_PUSH_START/DB_PUSH_CONFIRM
ctdb-daemon: Implement new controls DB_PULL and DB_PUSH_START/DB_PUSH_CONFIRM
ctdb-client: Add client API functions for new controls
ctdb-recovery-helper: Factor out generic recv function
ctdb-recovery-helper: Pass capabilities to database recovery functions
ctdb-recovery-helper: Rename pnn to dmaster in recdb_records()
ctdb-recovery-helper: Create accessors for recdb structure fields
ctdb-protocol: Add file IO functions for ctdb_rec_buffer
ctdb-recovery-helper: Re-factor function to retain records from recdb
ctdb-recovery-helper: Write recovery records to a recovery file
ctdb-protocol: Introduce variable for checking srvid prefix
ctdb-protocol: Add srvid for messages during recovery
ctdb-protocol: Add new capability
ctdb-recovery-helper: Introduce pull database abstraction
ctdb-recovery-helper: Introduce push database abstraction
ctdb-tests: Add a test for recovery of large databases
ctdb-recovery-helper: Improve log message
ctdb-recovery-helper: Introduce new #define variable
ctdb-protocol: Add srvid for assigning banning credits
ctdb-recoverd: Add message handler to assigning banning credits
ctdb-recovery-helper: Add banning to parallel recovery
ctdb-system: Add ctdb_parse_connections() function
Andreas Schneider (33):
s3-libads: Pass down the salt principal in smb_krb5_kt_add_entry()
s3-libads: Call smb_krb5_create_key_from_string() directly
s3-libads: Use the C99 boolean false
krb5_wrap: Move smb_krb5_kt_add_entry() to krb5_wrap
krb5_wrap: Add smb_krb5_open_keytab_relative() function
s3-libnet: Allow the keytab function to use a relative path
s4-libnet: Implement export_keytab without HDB
s4-selftest: Make export keytab test heimdal specific
krb5-wrap: Use the principal returned by the KDC to create the ccache
mit_samba: Make mit_samba a shim layer between Samba and KDB
mit_samba: Directly pass the principal and kflags
mit_samba: Add ks_is_tgs_principal()
mit_samba: Add function to change the password
mit_samba: Add functions to generate random password and salt.
mit_samba: Add function for handling bad password count
mit_samba: Setup logging to stdout
wscript: Build the KDC code if we have the AD DC build enabled
mit-kdb: Add initial MIT KDB Samba driver
mit-kdb: Add more ks_is_kadmin* functions.
mit-kdb: Do not allow to get a kadmin ticket as a client.
mit-kdb: Add ks_create_principal().
mit-kdb: Add ks_get_admin_principal() and use it for kadmin users.
mit-kdb: Implement KDB function to change passwords
mit-kdb: Add support for bad password count
mit-kdb: Add support for KDB version 8
mit-kdb: Fix segfault in krb5kdc dereferencing an invalid pointer
mit-kdb: Add missing SDB_F_FOR_AS_REQ for AS requests
lib: Update socket_wrapper to version 1.1.6
lib: Update uid_wrapper to version 1.2.1
lib: Update nss_wrapper to version 1.1.3
s4-libnet: Link dckeytab.so correctly when is AD DC enabled
pam_winbind: Use the correct type to check the pam_parse() return code
pam_winbind: Create and use a wbclient context
Andrew Bartlett (4):
selftest: Avoid sorting issues on Ubuntu 10.04 vs 14.04
dsdb: Introduce LDB_SYNTAX_SAMBA_OCTET_STRING
smbd: Only check dev/inode in open_directory, not the full stat()
dsdb/repl: Ensure we use the LOCAL attid value, not the remote one
Anubhav Rakshit (1):
torture:smb2: Add test replay6 to verify Error Codes for DurableHandleReqV2 replay
Aurelien Aptel (6):
s3/utils/regedit.c: typo
s4/auth/ntlm/auth_unix.c: add parens
s4/client/cifsdd.c: typo
s4/heimdal/lib/gssapi/mech/gss_compare_name.c: typo
s4/heimdal/lib/krb5/pac.c: typo
examples/perfcounter/perf_writer.c: fix memset
Christof Schmitt (7):
gpfswrap: Add wrapper for gpfs_set_winattrs
vfs_gpfs: Implement new dos_attributes vfs functions
vfs_gpfs: Remove xattr functions
vfs: Add helper to check for missing VFS functions
vfs_full_audit: Assert that all VFS functions are implemented
vfs_time_audit: Assert that all VFS functions are implemented
selftest: Load time_audit and full_audit
Douglas Bagnall (36):
util/binsearch: macro for greater than or equal search
util/tests: add test for BINARY_ARRAY_SEARCH_V macro
ldb paged_results: quieten a warning.
ldb controls: better error string for VLV control
ldap VLV: memdup, not strdup VLV context_id
vlv: better syntax for parsing greater than or equal strings
ASN1: use a talloc context in read_contextSimple
ldb controls: use uint8_t* for contextID binary blob
asn1: make readContextSimple() add a NUL byte
ldb_controls: add base64 option to VLV
Add python server sort tests
ldb sort: allow sorting on attributes not returned in search
torture_ldap_sort: avoid segfault
configure: set HAVE___ATTRIBUTE__ for heimdal
ldb client controls: avoid talloc_memdup(x, y, (size_t)-1);
ndr: avoid unnecessary searches of token list
librpc ndr: add ndr_pull_steal_switch_value()
ndr: Use ndr_steal to avoid long lists
ndr: inline search for ndr_token_peek()
ndrdump: add quiet flag
Implement Virtual List View (VLV)
ldb controls: don't ignore memory allocation failure
ldb sort tests: point out a known fails against Windows
dsdb sort test: avoid exception with fewer elements
dsdb python tests: fix several usage strings
ldb client controls: don't ignore failed memdup
ldb controls: allow paged_search to use a cookie
ldb_controls: avoid unnecessary unchecked talloc_asprintf()s
util/attr.h: use HAVE___ATTRIBUTE__, not __GNUC__ comparisons
libreplace: use HAVE___ATTRIBUTE__ instead of __GNUC__
tevent.h: use HAVE___ATTRIBUTE__ instead of __GNUC__
s3/modules/getdate: use HAVE___ATTRIBUTE__ instead of __GNUC__
mdssvc/sparql_parser.c: use HAVE___ATTRIBUTE__ instead of __GNUC__
s4/lib/wmi_wrap: use HAVE___ATTRIBUTE__ instead of __GNUC__
third_party/zlib/zlib.h: use HAVE___ATTRIBUTE__ instead of __GNUC__
VLV: avoid name conflict with string.h's index()
Garming Sam (22):
tests: Allow alternative error code for backupkey test
ldb controls: base64 encode VLV response context strings
ldap VLV: use correct ASN.1 encoding for requests
ldap: fix search control rule identifiers ASN.1 type
ldap VLV: correct ASN1 parsing of VLV requests
CVE-2016-0771: tests/dns: Modify dns tests to match new IDL
CVE-2016-0771: tests/dns: prepare script for further testing
CVE-2016-0771: tests/dns: FORMERR can simply timeout against Windows
CVE-2016-0771: tests/dns: Add a comment regarding odd Windows behaviour
CVE-2016-0771: tests/dns: restore formerly segfaulting test
CVE-2016-0771: tests/dns: Correct error code for formerly unrun test
CVE-2016-0771: tests/dns: Add some more test cases for TXT records
CVE-2016-0771: tests/dns: modify tests to check via RPC
CVE-2016-0771: dnsserver: don't force UTF-8 for TXT
CVE-2016-0771: tests/dns: RPC => DNS roundtrip test
CVE-2016-0771: tests: rename test getopt to get_opt
CVE-2016-0771: tests/dns: change samba.tests.dns from being a unittest
CVE-2016-0771: tests/dns: Remove dependencies on env variables
tests: Allow alternative error code for backupkey test
build: mark explicit dependencies on pytalloc-util
sort: enable custom behaviour on critical control
autobuild: Return the last 50 log lines
Günther Deschner (31):
auth/ntlmssp: use ndr_push_AV_PAIR_LIST in gensec_ntlmssp_server_negotiate().
lib/socket/interfaces: Fix some uninitialied bytes.
Partly revert "s3:libads: setup the msDS-SupportedEncryptionTypes attribute on ldap_add"
s3:libnet:libnet_join: prepare to allow connecting with machine creds.
s3:libads:ldap: print LDAP error message with log level 10.
s3:libads:ndr: add ADS_AUTH_USER_CREDS to ndr_print_ads_auth_flags()
s3:libads:ldap: fix ads_check_ou_dn to deal with account_ou not being initialized
s3:libnet:libnet_join: always try to create machineaccount via LDAP first.
s3:librpc:idl:libnet_join: add encryption types to libnet_JoinCtx.
s3:libnet:libnet_join: define list of desired encryption types only once.
s3:libnet:libnet_join: fill in output enctypes and only modify when necessary.
s3:libnet:libnet_join: update msDS-SupportedEncryptionTypes (if required) with machine creds.
param: add parameter "server multi channel support", defaults to off.
s3:winbindd:idmap_hash: skip domains that already have their own idmap configuration.
s3:winbindd:idmap: check loadparm in domain_has_idmap_config() helper as well.
wscript: detect if we have libkdb5 and kdb.h.
s4-kdc: Introduce a simple sdb_kdb shim layer
mit_samba: Use sdb in the mit_samba plugin
mit_samba: Use talloc_zero in mit_samba_context_init().
mit-kdb: Do not overwrite the error code in failure case.
mit-kdb: Use calloc so both authdata elements are zeroed
mit-kdb: Use calloc to initialize master keylists.
mit-kdb: Return 0 in kdb_samba_db_put_principal()
mit-kdb: Restrict admin/changepw principal db_entry with some flags
s4-smb_server: check for return code of cli_credentials_set_machine_account().
s3-auth: check for return code of cli_credentials_set_machine_account().
s3:smbXsrv.idl: add 8 byte channel_sequence number and request counters to IDL.
libcli:smb:smbXcli_base: add smb2cli_session_current_channel_sequence() call.
torture:smb2: add test for checking sequence number wrap around.
lib/torture: add torture_assert_u64_not_equal_goto macro
s4:torture:smb2:rename.c: Fix file permissions.
Herwin Weststrate (1):
Added MSV1_0_ALLOW_MSVCHAPV2 flag to ntlm_auth
Jeremy Allison (69):
CVE-2015-7560: s3: smbd: Add refuse_symlink() function that can be used to prevent operations on a symlink.
CVE-2015-7560: s3: smbd: Refuse to get an ACL from a POSIX file handle on a symlink.
CVE-2015-7560: s3: smbd: Refuse to set an ACL from a POSIX file handle on a symlink.
CVE-2015-7560: s3: smbd: Refuse to set a POSIX ACL on a symlink.
CVE-2015-7560: s3: smbd: Refuse to get a POSIX ACL on a symlink.
CVE-2015-7560: s3: smbd: Set return values early, allows removal of code duplication.
CVE-2015-7560: s3: smbd: Silently return no EA's available on a symlink.
CVE-2015-7560: s3: smbd: Refuse to set EA's on a symlink.
CVE-2015-7560: s3: libsmb: Rename cli_posix_getfaclXX() functions to cli_posix_getacl() as they operate on pathnames.
CVE-2015-7560: s3: libsmb: Add SMB1-only POSIX cli_posix_setacl() functions. Needed for tests.
CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-ACL test.
CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-EA test.
s3:lib. Add split_stream_filename() Not yet used.
s3:lib: Rewrite synthetic_smb_fname_split() to use split_stream_filename().
s3:lib: Remove the const SMB_STRUCT_STAT * parameter from synthetic_smb_fname_split().
s3:lib: Move internal lp_posix_pathnames() call out of utility function synthetic_smb_fname_split().
s3: smbd: Simplify logic inside rename_internals_fsp() part 1.
s3: smbd: Simplify logic inside rename_internals_fsp() part 2
s3: smbd: Remove the last lp_posix_pathnames() in the rename path.
s3:smbd: Fix build for vfs_aixacl2.c.
s3:smbd:vfs: Change smb_get_nt_acl_nfs4() to take a const struct smb_filename *.
s3:smbd:vfs: Change posix_get_nt_acl() from const char * to const struct smb_filename *.
s3:vfs: Change smbacl4_GetFileOwner() to take const struct smb_filename * from const char *.
s3: vfs: vfs_hpuxacl. refuse_symlink() means we can always use STAT here.
s3: vfs: vfs_solarisacl. refuse_symlink() means we can always use STAT here.
s3:vfs: vfs_streams_xattr.c - Remove duplicate code. This is exactly vfs_stat_smb_basename().
s3:vfs: vfs_streams_xattr.c: Change walk_xattr_streams() to const struct smb_filename * from const char *.
s3: smbd: Reformatting - remove unneeded const char *fname variable.
s3: smbd: Change canonicalize_ea_name() to take a const smb_filename * parameter from const char *.
s3:smbd: Change get_ea_list_from_file_path() to take a const smb_filename * parameter from const char *.
s3:smbd: Change get_ea_names_from_file() to take a const smb_filename * parameter from const char *.
s3:smbd: Change refuse_symlink() to take a const smb_filename * parameter from const char *.
s3:vfs: Change get_acl_blob() to take a const smb_filename * parameter from const char *.
s3: vfs: vfs_xattr_tdb - cleanup. Remove unneeded variable "path".
nsswitch: linux: Remove use of strcpy().
examples: Remove all uses of strcpy in examples (except for validchr.c).
lib:tdb: Remove use of strcpy in tdb test.
nsswitch: winbind_nss_aix: Remove all uses of strcpy.
nsswitch: winbind_nss_solaris.c: Remove unused macro containing strcpy.
s3:smbd: Fix build for vfs_afsacl.c.
s3: vfs: vfs_afsacl. refuse_symlink() means we can always use STAT here.
s3:smbd: Move lp_posix_pathnames() out of ea_list_has_invalid_name().
s3: smbd: Add uint32_t flags field to struct smb_filename.
s3: Filenames: Add uint32_t flags parameter to synthetic_smb_fname().
s3: vfs: Remove use of lp_posix_pathnames() below the VFS.
s3: posix_acls. Always use STAT, not LSTAT here.
s3: smbd: Remove unneeded lp_posix_pathnames() check in SMB2 create.
s3: smbd: Remove many common uses of lp_posix_pathnames().
s3: vfs: recycle. Remove use of vfs_stat_smb_basename().
s3: vfs: vfs_acl_tdb. Remove use of vfs_stat_smb_basename().
s3: smbd: Modify vfs_stat_smb_basename() to take a const struct smb_filename * instead of const char *.
s3: torture. Remove spurious lp_posix_pathnames() included by cut-and-paste error.
s3: smbd: DFS - Remove the last lp_posix_pathnames() from the SMB2/3 code paths.
s3: smbd: DFS: Pass uint32_t ucf_flags through into resolve_dfspath_wcard().
s3: smbd: DFS: Pass uint32_t ucf_flags through into dfs_redirect().
s3: smbd: DFS: Pass uint32_t ucf_flags through into unix_convert().
s3: vfs: Use the new VFS functions for setting and getting DOS attributes.
lib:replace: Missing semicolon on function definition.
s3: vfs: full_audit. Sort vfs fn list and add comments on missing entries.
s3: vfs: full_audit. Add missing get_dfs_referrals_fn().
s3: vfs: full_audit. Add missing fsctl_fn().
s3: vfs: full_audit. Add audit_file_fn().
s3: vfs: full_audit. Implement missing durable_XXX functions.
s3: vfs: Sort vfs function entries in vfs_time_audit.
s3: vfs: time_audit. Add missing get_dfs_referrals().
s3: vfs: time_audit. Add missing fsctl().
s3: vfs: time_audit: Add get/fget/set/fset dos_attributes functions.
s3: vfs: time_audit. Add missing audit_file().
s3: libsmb: Fix error where short name length was read as 2 bytes, should be 1.
Jorge Schrauwen (1):
configure: Don't check for inotify on illumos
Martin Schwenke (42):
ctdb-tests: Fix description of NFS tickle test
ctdb-tests: Fix CIFS tickle test
ctdb-tests: Re-indent and re-format some functions
ctdb-tests: Allow tcptickle_sniff_wait_show() to filter by MAC address
ctdb-tests: Add a new NFS tickle test for the releasing node
ctdb-doc: Drop outdated NEWS file
ctdb-tools: Drop "ctdb rebalanceip"
ctdb-tools: Drop "ctdb rebalancenode"
ctdb-recoverd: Drop use of DeferredRebalanceOnNodeAdd tunable
ctdb-tunables: Mark tunable DeferredRebalanceOnNodeAdd obsolete
ctdb-daemon: Validate length of new interface names
ctdb-daemon: Replace an unsafe strcpy(3) call
ctdb-util: Move rb_tree.c to ctdb-util
ctdb-tests: Link ctdb-util instead of including
ctdb-killtcp: Use the given event context directly
ctdb-killtcp: Determine the interface as soon as vnn is known
ctdb-killtcp: Avoid CTDB_NO_MEMORY()
ctdb-killtcp: Change struct ctdb_tcp_kill to store arbitrary destructor data
ctdb-killtcp: Factor out ctdb_killtcp()
ctdb-killtcp: Factor out killtcp code into separate file.
ctdb-killtcp: Avoid unnecessary dependency on lib/util/time.h
ctdb-killtcp: Simplify includes by using ctdb_sock_addr_to_string()
ctdb-killtcp: New helper ctdb_killtcp
ctdb-scripts: Add interface argument to kill_tcp_connections()
ctdb-scripts: Use ctdb_killtcp helper to kill connections
ctdb-tools: Drop "ctdb killtcp" command
ctdb-client: Drop killtcp client functions
ctdb-daemon: Remove implementation of CTDB_CONTROL_KILL_TCP
ctdb-protocol: Drop killtcp protocol support
ctdb-killtcp: Merge "common" killtcp code into helper
ctdb-killtcp: Drop check to see if capture socket can be read
ctdb-killtcp: Drop unnecessary casts
ctdb-killtcp: Don't send initial tickle ACK during setup
ctdb-killtcp: Set debug level via environment variable CTDB_DEBUGLEVEL
ctdb-killtcp: Clarify a debug message
ctdb-system: Return window size and RST bit when reading TCP packets
ctdb-killtcp: Filter out sent packets
ctdb-killtcp: Keep track of number of kill attempts and maximum allowed
ctdb-killtcp: Don't count attempts for individual connections
ctdb-killtcp: Store retry interval in killtcp structure
ctdb-killtcp: Send tickle ACKs in batches
ctdb-killtcp: Change default retry interval, batch size and attempts
Michael Adam (21):
smbd:smb2: remove an unnecessary !! cast.
smbd: enable multi-channel if 'server multi channel support = yes' in the config
s3:winbindd:idmap: add domain_has_idmap_config() helper function.
idmap_hash: rename be_init() --> idmap_hash_initialize()
idmap_hash: only allow the hash module for default idmap config.
smbd: fix use after free via conn->fsp_fi_cache
smbd:smb2: add a modify flag to dispatch table
smbd:smb2: add request_counters_updated to the smbd_smb2_request struct
smbd:smb2: implement channel sequence checks and request counters in dispatch
smbd:smb2: update outstanding request counters before sending a reply
smbd:smb2: add some asserts before decrementing the counters
torture:smb2: use assert, not warning in error case in durable-open.reopen1a
torture:smb2: fix crashes in smb2.durable-open.reopen1a test
torture:smb2: durable-open.reopen1a only needs one io struct
torture:smb2: for oplocks, durable reconnect works with different client guid
torture:smb2: add durable-open.reopen1a-lease
torture:smb2: use assert, not warning in error case in durable-v2-open.reopen1a
torture:smb2: fix crashes in smb2.durable-v2-open.reopen1a test
torture:smb2: get rid of supefluous io2 var in durable-v2-open.reopen1a
torture:smb2: for oplocks, durable reconnect works with different client-guid
torture:smb2: add durable-v2-open.reopen1a-lease
Ralph Boehme (4):
testparm: vfs_fruit checks
docs: update vfs_fruit manpage
s3:mdssvc: older glib2 versions require g_type_init()
tdb: avoid a race condition when checking for robust mutexes
Richard Sharpe (2):
Fix an obvious error where we were converting a UNIX error to an NT STATUS but not returning it.
s3: vfs: Add VFS functions for setting and getting DOS attributes.
Robin Hack (1):
samba3.blackbox.smbclient_auth.plain: Add new regression test case.
Rowland Penny (1):
Bug 11818 : obvious missing word When trying to demote a dc, 'remove_dc.remove_sysvol_references' is sent 'remote_samdb, dc_name' , it expects 'remote_samdb, logger, dc_name'
Santiago Vila (1):
examples/smb.conf.default: Fix typo in comment line: sever -> server
Shyamsunder Rathi (1):
s3/vfs:stream_depots: Parse substitutions in streams-depot-directory path
Stefan Metzmacher (118):
CVE-2016-0771: s4:librpc: python_dns and python_dcerpc_dnsp doesn't require client bindings
CVE-2016-0771: librpc: add RPC_NDR_DNSSERVER to dcerpc-samba library
CVE-2016-0771: librpc: add ndr_dnsp_string_list_copy() helper function
CVE-2016-0771: s4:dns_server: fix idl for dns_txt_record
CVE-2016-0771: dns.idl: make use of dnsp_hinfo
lib/util_net: move ipv6 linklocal handling into interpret_string_addr_internal()
lib/util_net: add support for .ipv6-literal.net
s3:test_smbclient_auth.sh: test using the ip address in the unc path (incl. ipv6-literal.net)
s3:selftest: run samba3.blackbox.smbclient_auth.plain also with $SERVER_IPV6
epmapper.idl: make epm_twr_t available in python bindings
dcerpc.idl: make WERROR RPC faults available in ndr_print output
librpc/rpc: add error mappings for NO_CALL_ACTIVE, OUT_OF_RESOURCES and BAD_STUB_DATA
s4:librpc/rpc: map alter context SEC_PKG_ERROR to NT_STATUS_LOGON_FAILURE
s3:libads: remove unused ads_connect_gc()
wscript_configure_system_mitkrb5: add configure checks for GSS_KRB5_CRED_NO_CI_FLAGS_X
s3:librpc/gse: make use of GSS_C_EMPTY_BUFFER in gse_init_client
s3:librpc/gse: fix debug message in gse_init_client()
s3:librpc/gse: set GSS_KRB5_CRED_NO_CI_FLAGS_X in gse_init_client() if available
s3:librpc/gse: correctly support GENSEC_FEATURE_SESSION_KEY
s3:librpc/gse: don't log gss_acquire_creds failed at level 0
s3:librpc/gse: implement gensec_gse_max_{input,wrapped}_size()
s4:pygensec: make sig_size() and sign/check_packet() available
auth/gensec: keep a pointer to a possible child/sub gensec_security context
auth/gensec: handle gensec_security_by_sasl_name(NULL, ...)
auth/gensec: make gensec_security_by_name() public
s3:auth_generic: add auth_generic_client_start_by_name()
s3:auth_generic: add auth_generic_client_start_by_sasl()
auth/ntlmssp: keep ntlmssp_state->server.netbios_domain on the correct talloc context
auth/ntlmssp: add gensec_ntlmssp_server_domain()
s3:ntlm_auth: fix --use-cached-creds with ntlmssp-client-1
s3:torture/test_ntlm_auth.py: replace tabs with whitespaces
s3:torture/test_ntlm_auth.py: add --client-use-cached-creds option
s3:tests/test_ntlm_auth_s3: test ntlmssp-client-1 with cached credentials
winbindd: pass an memory context to do_ntlm_auth_with_stored_pw()
s3:auth_generic: make use of the top level NTLMSSP client code
s3:ntlmssp: remove unused libsmb/ntlmssp_wrap.c
auth/ntlmssp: provide a "ntlmssp_resume_ccache" backend
auth/gensec: add GENSEC_FEATURE_NTLM_CCACHE define
auth/ntlmssp: implement GENSEC_FEATURE_NTLM_CCACHE
s3:auth_generic: add "ntlmssp_resume_ccache" backend in auth_generic_client_prepare()
winbindd: make use of ntlmssp_resume_ccache backend for WINBINDD_CCACHE_NTLMAUTH
s3:ntlm_auth: also use gensec for "ntlmssp-client-1" and "gss-spnego-client"
auth/ntlmssp: split out a debug_ntlmssp_flags_raw() that's more complete
auth/ntlmssp: NTLMSSP_NEGOTIATE_VERSION is not a negotiated option
auth/ntlmssp: define all client neg_flags in gensec_ntlmssp_client_start()
auth/ntlmssp: set NTLMSSP_ANONYMOUS for anonymous authentication
auth/ntlmssp: don't send domain and workstation in the NEGOTIATE_MESSAGE
auth/ntlmssp: add ntlmssp_version_blob()
auth/ntlmssp: let the client always include NTLMSSP_NEGOTIATE_VERSION
auth/ntlmssp: use ntlmssp_version_blob() in the server
security.idl: add LSAP_TOKEN_INFO_INTEGRITY
ntlmssp.idl: MsAvRestrictions is MsvAvSingleHost now
ntlmssp.idl: make AV_PAIR_LIST public
librpc/ndr: add ndr_ntlmssp_find_av() helper function
auth/gensec: add GENSEC_FEATURE_LDAP_STYLE define
auth/ntlmssp: implement GENSEC_FEATURE_LDAP_STYLE
auth/ntlmssp: add more compat for GENSEC_FEATURE_LDAP_STYLE
auth/ntlmssp: remove ntlmssp_unwrap() fallback for LDAP
s4:libcli/ldap: make use of GENSEC_FEATURE_LDAP_STYLE
s4:libcli/ldap: fix retry authentication after a bad password
s4:selftest: we don't need to run ldap test with --option=socket:testnonblock=true
s4:selftest: simplify the loops over samba4.ldb.ldap
s4:ldap_server: make use of GENSEC_FEATURE_LDAP_STYLE
s3:libads: add missing TALLOC_FREE(frame) in error path
s3:libads: make use of GENSEC_FEATURE_LDAP_STYLE
s3:libads: make use of GENSEC_OID_SPNEGO in ads_sasl_spnego_ntlmssp_bind()
s3:libads: provide a generic ads_sasl_spnego_gensec_bind() function
s3:libads: don't pass given_principal to ads_generate_service_principal() anymore.
s3:libads: keep service and hostname separately in ads_service_principal
s3:libads: make use of ads_sasl_spnego_gensec_bind() for GSS-SPNEGO with Kerberos
s3:libsmb: make use gensec based SPNEGO/NTLMSSP
s3:libsmb: unused ntlmssp.c
s3:libsmb: let cli_session_setup_ntlmssp*() use gensec_update_send/recv()
s3:libsmb: provide generic cli_session_setup_gensec_send/recv() pair
s3:libsmb: call cli_state_remote_realm() within cli_session_setup_spnego_send()
s3:libsmb: make use of cli_session_setup_gensec*() for Kerberos
s3:libsmb: remove unused cli_session_setup_kerberos*() functions
s3:libsmb: remove unused functions in clispnego.c
s4:torture/rpc: do testjoin only via ncalrpc or ncacn_np
s4:torture: the backupkey tests need to use ncacn_np: for LSA calls
s4:selftest: run rpc.samr over ncacn_np instead of ncacn_ip_tcp
s4:torture:samba3rpc: use an authenticated SMB connection and an anonymous DCERPC connection on top
s4:librpc/rpc: dcerpc_generic_session_key() should only be available on local transports
s4:rpc_server/samr: hide a possible NO_USER_SESSION_KEY error
s4:rpc_server: dcesrv_generic_session_key should only work on local transports
s4:dsdb/test/notification: make test_invalid_filter more resilient against ordering races
s4:dsdb/test/sort: avoid 'from collections import Counter'
selftest: mark samba4.winbind.struct.domain_info.ad_member as flapping
s3:winbindd: don't unclude two '\0' at the end of the domain list
s4:torture/lsa: improve debug message
s3:wscript: pylibsmb depends on pycredentials
ldb-samba:wscript: python_samba__ldb depends on pyauth
selftest: s!addc.samba.example.com!addom.samba.example.com!
selftest: add some helper scripts to mange a CA
selftest: add config and script to create a samba.example.com CA
selftest: add CA-samba.example.com (non-binary) files
selftest: add CA-samba.example.com binary files (currently unused by Samba)
selftest: mark commands in manage-CA-samba.example.com.sh as DONE
selftest: add Samba::prepare_keyblobs() helper function
selftest: use Samba::prepare_keyblobs() and use the certs from the new CA
selftest: set tls crlfile if it exist
selftest: setup information of new samba.example.com CA in the client environment
s3:selftest: rpc.samr.passwords.validate should run with [seal] in order to be realistic
s3:test_rpcclient_samlogon.sh: test samlogon with schannel
s4:torture/netlogon: add/use test_SetupCredentialsPipe() helper function
s4:torture/rpc/samr: use DCERPC_SEAL in setup_schannel_netlogon_pipe()
s4:torture/rpc/samlogon: use DCERPC_SEAL for netr_LogonSamLogonEx and validation level 6
s4:torture/rpc: correctly use torture_skip() for test_ManyGetDCName() without NCACN_NP
s4:torture/rpc/schannel: don't use validation level 6 without privacy
auth/gensec: make sure gensec_security_by_auth_type() returns NULL for AUTH_TYPE_NONE
auth/gensec: split out a gensec_verify_dcerpc_auth_level() function
s4:rpc_server: require access to the machine account credentials
s4:selftest: run rpc.netlogon.admin also over ncalrpc and ncacn_ip_tcp
s3:rpc_server/samr: correctly handle session_extract_session_key() failures
s3:ntlm_auth: pass manage_squid_request() needs a valid struct ntlm_auth_state from within get_password()
Revert "autobuild: Return the last 50 log lines"
selftest/Samba3: use the correct "SELFTEST_WINBINDD_SOCKET_DIR" for "net join"
tdb: version 1.3.9
Uri Simchoni (24):
selftest: run net ads join test in a private client env
selftest: add some test cases to net ads join
build: fix disk-free quota support on Solaris 10
build: improve comments in tests/oldquotas.c
smbd: remove quota support for some ancient OSs
build: fix build when --without-quota specified
vfs_acl_common: avoid setting POSIX ACLs if "ignore system acls" is set
seltest: add test for "ignore system acls" in vfs_acl_xattr.
lib/util: fix function comment
s3-profile: reduce dependencies of smbprofile.h
s3-profile: add PROFILE_TIMESTAMP macro
asys: call clock_gettime_mono() only on profile-enabled build
vfs_aio_linux: call clock_gettime_mono() only on profile-enabled build
vfs_aio_fork: call clock_gettime_mono() only on profile-enabled build
vfs_glusterfs: call clock_gettime_mono() only on profile-enabled build
nt-quotas: vfs_get_ntquota() return NTSTATUS
nt-quotas: return 0 as indication of no quota
ntquotas - skip entry if the quota is zero
sys-quotas: do not fail if user has no quota
xfs-quota: do not fail if user has no quota
nfs-quota: do not fail on ECONNREFUSED
smbd: do not cover up VFS failures to get quota
smbcquotas: print "NO LIMIT" only if returned quota value is 0.
tdb: rework cleanup logic in tdb_runtime_check_for_robust_mutexes()
Volker Lendecke (25):
vfs_united_media: Fix CID 1355492 Uninitialized scalar variable
smbd: Avoid an "else"
smbd: Prevent a crash
libads: Fix CID 1356316 Uninitialized pointer read
crypto: Fix CID 1356314 Resource leak
lib: Fix CID 1356315 Dereference before null check
ctdb: Fix CID 1356313 Explicit null dereferenced
libsmb: Fix CID 1356312 Explicit null dereferenced
winbind: Fix CID 1357100 Unchecked return value
torture: Fix the O3 developer build
idmap: Factor out lp_scan_idmap_domains()
winbind: Introduce id_map_ptrs_init
winbind: Do per-domain xids2sids calls
winbind: Add idmap_backend_unixids_to_sids
winbind: Pass down the domain name to xids2sids
winbind: Use plural xids2sids in _wbint_UnixIDs2Sids
winbind: Remove unused idmap_[ug]id_to_sid
winbind: Remove unused idmap_backends_unixid_to_sid
winbind: Fix a typo in a wrong comment...
pam_winbind: Avoid a use of sprintf
docs: build idmap_script.8 by default
docs: Mention _NO_WINBINDD in idmap_script.8
nwrap: Fix the build on Solaris
vfs_catia: Align loop index with terminator
vfs_catia: Fix bug 11827, memleak
-----------------------------------------------------------------------
--
Samba Shared Repository
More information about the samba-cvs
mailing list