[SCM] Samba Shared Repository - annotated tag tdb-1.3.10 created
Stefan Metzmacher
metze at samba.org
Thu Jul 28 07:19:09 UTC 2016
The annotated tag, tdb-1.3.10 has been created
at da4d9e1f5149dc787c1d3500a047cfd0f60a7053 (tag)
tagging 2a97fb084f954968263fc2bca726c55d4e1d054f (commit)
replaces talloc-2.1.7
tagged by Stefan Metzmacher
on Thu Jul 28 09:18:57 2016 +0200
- Log -----------------------------------------------------------------
tdb: tag release tdb-1.3.10
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJXmbHhAAoJEEeTkWETCEAljnMH/juITcOUhecg7BQlzLHIZavz
9SoZ4if1u2Jl/wbCWJ+i7bGp4u5gzWjUpXROpNfQw9YMxbpoZDC5WnrBbAlW8NgO
0aY/o2s3m81v43gE22QcT/Uy75lyt4ZqtovJIpuzVzsBaGKmFXEOG3CML2xao7wm
5O727EJQkLLC4zg3XRI3x2UI52qvIH1+ZaKJHo181xytUmSof0g2fRbDAb1fzeW6
Fy7rsXtw03/UZFZ+2ndMqNXBLf2TW2KpCW4M9SiN5JvxxOKwYyPhiVU5BhcAQPQJ
DnhpzHzwbbnaRFHdhSwWHmItnyDi85JDHYAgYwVzrcULxmaFYF20WpQKqdmSiT4=
=gE+n
-----END PGP SIGNATURE-----
Abhidnya Joshi (1):
Efficient xattr handling for VxFS Signed-off-by: Abhidnya Joshi <Abhidnya.Joshi at veritas.com>
Alexander Bokovoy (3):
s3-smbd: Support systemd 230
libnet_join: use sitename if it was set by pre-join detection
Wrap krb5_cc_copy_creds and krb5_cc_copy_cache
Amitay Isaacs (165):
ctdb-tests: Get rid of ctdb func tests
ctdb-lvs: Allow override of CTDB for testing
ctdb-natgw: Allow override of CTDB for testing
ctdb-protocol: Add function to compare ctdb_sock_addr
ctdb-tool: Remove xpnn command and related tests
ctdb-tests: Remove ctdb reloadips tests
ctdb-tool: Add test-hooks to enable testing of the tool
ctdb-tool: All errors should be logged via stderr
ctdb-tests: Add fake ctdb daemon implementation for testing
ctdb-tests: Use fake_ctdbd for ctdb tool tests instead of ctdb stub
ctdb-tests: Remove ctdb tool stub code
ctdb-tests: Fix output for ctdb getcapabilities test
ctdb-tests: Fix output for ctdb lvs test
ctdb-tests: Fix output for ctdb reloadnodes tests
ctdb-tests: rename tests from stubby.* to ctdb.*
ctdb-recoverd: Freeze databases whenever the node is INACTIVE
ctdb-recovery: Update timeout and number of retries during recovery
lib/util: Avoid splitting tevent-unix-util as public library
ctdb-packaging: Remove tevent-unix-util public library
lib/poll_funcs: Build as SAMBA_SUBSYSTEM
lib/util: Expose few more subsystems for standalone ctdb build
ctdb-cluster-mutex: Fix #endif decoration
ctdb-tests: Re-use async accept wrapper from async_req
ctdb-tests: Re-use set_blocking instead of re-definition
lib/util: Add a generic definition for set_close_on_exec
ctdb-daemon: Use lib/util functions instead of redefinitions
ctdb-system: Remove duplicate functions
ctdb-recoverd: Avoid duplicate recoverd event in parallel recovery
ctdb-daemon: Reset push_started flag once DB_PUSH_CONFIRM is done
ctdb-protocol: Fix marshaling of uint arrays
ctdb-protocol: Add checks to validate data on wire before unmarshaling
ctdb-protocol: Add checks to validate data on wire before unmarshaling
ctdb-tests: Improve ctdb protocol tests
ctdb-daemon: Do explicit check for integer values
ctdb-daemon: Explicitly assign boolean values
ctdb-locking: Conditionally set real-time priority in lock helper
ctdb-locking: Avoid real-time in lock helper if nosetsched option is set
ctdb-scripts: Add new configuration variable CTDB_NOSETSCHED
ctdb-tests: Update local daemons tests to use CTDB_NOSETSCHED
s3-ctdb: Fail CTDB connection only on INACTIVE state
ctdb-recovery-helper: Fix a comment
ctdb-recovery: Terminate if recovery fails without any banning credits
s3-ctdb: Return an error when unexpected reply is received
ctdb-recoverd: Improve election win messages
ctdb-daemon: Improve log message
ctdb-client: Add sync version of sending multiple messages
ctdb-client: Fix ctdb_rec_buffer traversal routine
ctdb-client: Add async version of delete_record
ctdb-client: Fix implementation of delete_record
ctdb-client: Use async version of delete_record in g_lock unlock
ctdb-client: Factor out ctdb_client_get_server_id function
ctdb-client: If g_lock lock conflicts, try again sooner
ctdb-client: Fix g_lock implementation
ctdb-client: Release g_lock lock before retrying
ctdb-client: Remove commented old g_lock implemention code
ctdb-client: Release the g_lock record once the update is done
ctdb-client: During transaction commit fetch seqnum locally
ctdb-client: Fix implementation of transaction start
ctdb-client: Fix implementation of transaction commit
ctdb-client: Add async version of transaction cancel
ctdb-client: Fix implementation of transaction cancel
ctdb-client: Add debug messages to client db api
ctdb-client: Expose ctdb_ltdb_fetch in client API
ctdb-ib: Include system/wait.h for signal
ctdb-daemon: Check if method is initialized before calling
ctdb-pmda: CTDB client code does not require ctdb->methods
ctdb-daemon: Log ctdb socket in the main daemon
ctdb-build: Exit if requested feature cannot be built
swrap: Build socket_wrapper path relative to blddir
ctdb-tests: Common code to wait for synchronization across cluster
ctdb-tests: Common code to process commandline options
ctdb-tests: Add torture test for g_lock functions
ctdb-tests: Replace ctdb_bench with message_ring using new client API
ctdb-tests: Replace ctdb_fetch with fetch_ring using new client API
ctdb-tests: Replace ctdb_fetch_one with fetch_loop using new client API
ctdb-tests: Replace ctdb_fetch_readonly_once with fetch_readonly using new client API
ctdb-tests: Replace ctdb_fetch_readonly_loop with fetch_readonly_loop using new client API
ctdb-tests: Replace ctdb_transaction with transaction_loop using new client API
ctdb-tests: Replace ctdb_update_record with update_record using new client API
ctdb-tests: Replace ctdb_update_record_persistent with update_record_persistent
ctdb-tests: Convert rb_test into a unit test
ctdb-tests: Rename ctdb_lock_tdb to lock_tdb
ctdb-tests: Rename ctdb_porting_tests to porting_tests
ctdb-tests: Remove unused tests code
ctdb-tests: Add torture test for fetch functions
ctdb-pcp-pmda: Reimplement using new client API
ctdb-web: Remove ctdb webpages from source
ctdb-locking: Drop code for Samba 3.x compatibility
ctdb-tool: Remove ctdb thaw command
ctdb-client: Remove functions ctdb_ctrl_thaw_priority() and ctdb_ctrl_thaw()
ctdb-client: Remove function ctdb_ctrl_thaw() from new client API
ctdb-protocol: Drop marshalling code for THAW control
ctdb-client: Reimplement ctdb_ctrl_freeze_priority() using ctdb_control()
ctdb-client: Drop unused functions ctdb_ctrl_freeze_send/recv
ctdb-client: Mark ctdb_ctrl_freeze_priority static
ctdb-vacuum: Do not use freeze_mode outside freeze code
ctdb-recovery: Remove serial database recovery code
ctdb-daemon: Drop priorites from freeze/thaw code
ctdb-freeze: Drop function thaw_priority()
ctdb-client: Remove ctdb_ctrl_freeze_priority() function
ctdb-protocol: Remove CTDB_NUM_DB_PRIORITIES
ctdb-recoverd: Remove code that updates database priorities during recovery
dbwrap_ctdb: Remove setting of database priority from samba
ctdb-tool: Remove setdbprio and getdbprio commands
ctdb-daemon: Remove implementation of SET/GET_DB_PRIORITY
ctdb-client: Remove client code for set/get_db_priority
ctdb-client: Remove code to set/get_db_priority from new client code
ctdb-protocol: Drop marshalling code for set/get_db_priority
ctdb-protocol: Deprecate controls SET/GET_DB_PRIORITY
ctdb-daemon: Remove priority field from ctdb_db_context
ctdb-locking: Remove API for locking all databases
ctdb-locking: Remove API for locking databases with priority
ctdb-freeze: Remove ctdb_db_prio_frozen() function
ctdb-locking: Remove ctdb_db_prio_iterator function
ctdb-build: Add missing dependency on samba-util
ctdb-tool: Log a message at INFO level
ctdb-tests: Drop ctdb tool debug level to NOTICE
ctdb-tool: Drop arbitrary exit codes
ctdb-tool: Exit with 1 on failure instead of -1
ctdb-tool: Fix a log message in "ctdb reloadnodes"
ctdb-tests: Fix "ctdb status" test
ctdb-tool: Improve "ctdb uptime" output format
ctdb-tool: Simplify "ctdb process-exists"
ctdb-tool: Improve error output in "ctdb setdebug"
ctdb-tests: Implement GET_DEBUG and SET_DEBUG controls in fake_ctdbd
ctdb-tests: Implement GET_RUNSTATE control in fake_ctdbd
ctdb-common: Refactor tunable related functions
ctdb-daemon: Use refactored tunable code
ctdb-tests: Implement controls related to tunables in fake_ctdbd
ctdb-tests: Implement SET_IFACE_LINK_STATE control in fake_ctdbd
ctdb-tests: Add monitoring related controls in fake_ctdbd
ctdb-common: Fix CID 1363227 (Resource leak)
ctdb-tests: Fix CID 1364521 (Argument cannot be negative)
ctdb-tests: Fix CID 1364522 (Argument cannot be negative)
ctdb-tests: Fix CID 1364523 (Argument cannot be negative)
ctdb-tests: Fix CID 1364524 (Argument cannot be negative)
ctdb-tests: Fix CID 1364525 (Argument cannot be negative)
ctdb-tests: Fix CID 1364526 (Argument cannot be negative)
ctdb-doc: Drop documentation for obsolete tunable
ctdb-daemon: Fix statistics update macro
ctdb-tests: Clean database before the test
ctdb-tests: Fix typo
ctdb-tests: Improve test to match exact output
ctdb-tests: Add tests for idempotence
ctdb-tests: Add more tests for ctdb setdbsticky and setdbreadonly
ctdb-tests: Add machinereadable output tests
ctdb-common: Fix parsing of debug level
ctdb-protocol: Add function ctdb_sock_addr_same_ip
ctdb-daemon: Add QueueBufferSize tunable
ctdb-daemon: Reduce QueueBufferSize from 16k to 1k
ctdb-daemon: Use consistent naming for monitoring mode
ctdb-tool: Remove old ctdb tool
ctdb-tool: Add replacement ctdb tool using new client API
ctdb-tests: Adjust unit test output matching new ctdb
ctdb-daemon: Drop the implementation of THAW control
ctdb-protocol: Deprecate THAW control
ctdb-daemon: Drop implementation of global transaction controls
ctdb-client: Drop client code for global transaction controls
ctdb-protocol: Drop marshalling for global transaction controls
ctdb-protocol: Deprecate global transaction controls
ctdb-packaging: Move ctdb configuration to ctdbd.conf
WHATSNEW: ctdb updates
ctdb-tests: Fix valgrind unintialized error
ctdb-tests: Do not add $VALGRIND to ctdb command
ctdb-tests: Removing sleep from porting_tests
Andreas Schneider (66):
s3-net: Convert the key_name to UTF8 during migration
s3-net: Cleanup the code of printing migration
swrap: Update to version 1.1.7
s3-smbspool: Log to stderr
rwrap: Update resolve_wrapper to version 1.1.4
torture: Fix trailing whitespaces in krb5 tests
torture: Add a dummy test for MIT Kerberos case
sdb: Do not set disallow if we do not have ticket info in the DB
kdb: Do not allocate memory with size 0
sdb: Fix NULL pointer deference if we return early
sdb: Do not create kmod information if we return early
mit_samba: Return 0 in case of a wrong realm
mit_samba: Fix flags that we get a referral tickets
mit_samba: Allow to use SPNs for AS-REQ
selftest: Set the correct hostname
s3-script: Install the findsmb script
s3-libnetapi: Correctly check for lp_realm.
samba_dnsupdate: Work around a bug in nsupdate
selftest: Use the correct smb.conf for ldbsearch
selftest: Remove unneeded sleep before first ldbsearch execution
selftest: Consistently check for provision return code
selftest: Fix indentation in wait_for_start()
selftest: Add newlines for info output
selftest: Remove nbt wait time
s4-kdc: Rename heimdal KDC files
krb5_wrap: Add smb_krb5_mk_error()
s4-kdc: Use smb_krb5_mk_error() in kdc implemenation
s4-kdc: Use smb_krb5_mk_error() in kpasswd implementation
s4-kdc: Put the heimdal kdc config into a private data pointer
s4-kdc: Use better and simpler names for the kdc_process_ret enum
s4-kdc: Move definitions to kdc-server.h
s4-kdc: Move kdc_process_fn_t declaration to kdc-server.h
s4-kdc: Move KDC socket structs to krb5-server.h
s4-kdc: Rename proxy-heimdal.c to kdc-proxy.c
s4-kdc: Create a kdc-proxy.h header file
s4-kdc: Move KDC packet handling functions to kdc-server.c
util: Fix a possible null pointer dereference
librpc: Check for negative return value of socket_get_fd()
s3-torture: Do some code hygiene in the ldb test
s4-dsdb: Fix a possible NULL pointer dereference
s4-ntlm: Fix a NULL pointer dereference in error path
smbget: Fix a memory leak
nsswitch: Fix wbclient torture_assert_wbc_ok_goto_fail macro
nsswitch: Fix memory leak in test_wbc_pingdc()
nsswitch: Fix memory leak in test_wbc_get_sidaliases()
nsswitch: Fix memory leak in test_wbc_pingdc2()
nsswitch: Fix memory leak in test_wbc_domain_info()
nsswitch: Fix memory leak in test_wbc_users()
nsswitch: Fix memory leak in test_wbc_groups()
nsswitch: Fix memory leak in test_wbc_trusts()
s3-libnet: Add a comment to make cleaŕ we want to fall through
libutil: Support systemd 230
selftest: Skip smbtorture_s3 tests against ntvfs
selftest: Skip the Samba4 rap tests
selftest: Skip s4 smb2 rename tests
selftest: Remove samba4 delaywrite tests we skip
selftest: Remove samba4.smb2.compound tests we skip
selftest: Skip also s4 base.createx_sharemodes_dir
selftest: Skip the samba4.raw.eas tests
s3-winbind: Fix memory leak with each cached credential login
tsocket: Do not dereference a NULL pointer
s4-torture: Add torture_check_krb5_error() function
s4-torture: Add AES and RC4 enctype checks
s4-dsdb: Add missing header file for write() and close()
selftest: Do not use the deprecated samba-tool user add
testprogs: Do not use the deprecated samba-tool user add
Andrew Bartlett (157):
selftest: Print a message when RID allocation fails
selftest: Wait 60 seconds for a RID alloc
dsdb: Clarify rename handling as to which record is being renamed
dsdb: Improve debug messages in operational module
ldb: Fix error string when renaming to an DN that already exists
repl_meta_data: Explain why time(NULL) is good enough here
selftest: Include a few more details in selftest and samba startup.
join.py: Fetch the remote DC NTDS GUID early
pidl: Correct string handling to use talloc and be in common
classicupgrade: Avoid needing to quote CN values in an DN, use dn.set_component()
ldb-samba: Add "secret" as a value to hide in LDIF files
rpc_server/drsuapi: Return the correct 3 objects for DRSUAPI_EXOP_FSMO_RID_ALLOC
getncchanges: Give the correct error when RID_ALLOC fails on an invalid destination_dsa_guid
getncchanges: Use the talloc_stackframe() for tempory memory
getncchanges: Fill in ctr6.linked_attributes with a pointer to a zero-length array
dsdb/subtree_rename: Rename the base before we rename children
repl_meta_data: Do rename before deleted object cleanup
dsdb: Use DRSUAPI_ATTID_isDeleted constant in repl_meta_data
dsdb: Improve syntax clarity
selftest: Mark LDAPNotificationTest.test_max_search flapping
samba-tool domain demote: Fix error handling and error messages
torture: Only walk over objects actually converted in drs.dssync
repl: Do not consider userPassword differences to matter in rpc.dssync
build: Build less of Samba when building --without-ntvfs-fileserver
selftest: Use random OIDs from under the Samba OID arc
dsdb: Remove incorrect RDN attid check in replmd_replPropertyMetaDataCtr1_verify
repl: Allow GetNCChanges DRSUAPI_EXOP_REPL_OBJ to succeed against a deleted object
repl: Pass in the full partition DN to dsdb_replicated_objects_convert()
dsdb: Only search the provided partition for the object GUID
samba-tool domain join: Set drsuapi.DRSUAPI_DRS_GET_ANC during initial repl
selftest: Make replica_sync test pass against Windows 2012R2
dsdb: Allow "cn" to be missing on schema import
repl: Remove duplicated delete of sAMAccountType
selftest: Only mark runtime dbcheck as flapping
dbcheck: Find and fix a missing Deleted Objects container
repl: Retry replication of the schema on WERR_DS_DRA_SCHEMA_MISMATCH
dsdb: Cache our local invocation_id at the start of each request
dsdb: Move operational below repl_meta_data so we can query parentGUID
repl: Enforce that we have parent objects for all replicated objects
dsdb: Clearly fail to replicate objects not NC_HEAD with a all-zero parentGUID
dsdb: Give more errors in operational module when building the parentGUID
repl_meta_data: Fail to replicate over local objects not NC_HEAD with a all-zero parentGUID
repl_meta_data: Give more information on replication rename behaviour
dsdb: Split rename case out of replmd_op_possible_conflict_callback
dsdb: Simplify replmd_op_possible_conflict_callback behaviour
dsdb: Give the objectGUID ahead of LDIF dump of replicated changes
selftest: initial version of new repl_move test
selftest/drs: Show we return the correct 3 objects for DRSUAPI_EXOP_FSMO_RID_ALLOC
repl: Do not report all replication failures at level 0
selftest: Add another test case to replica_sync test
selftest: Assert that name, the RDN attribute and actual RDN are in sync
Remove the try/catch from urgent_replication.py
samldb: Make checks for schema attributes much more strict
selftest: Add tests to show that we can not create duplicate schema entries
selftest: These replication tests are now OK after we fixed all the replication bugs
selftest: Run the krb5.kdc test on a more selective basis
selftest: Do not scan the full DB to confirm a specific DN in dbcheck
dsdb: Add new helper function replmd_replPropertyMetaData1_new_should_be_taken()
dsdb: Use replmd_replPropertyMetaData1_new_should_be_taken in replmd_op_possible_conflict_callback()
dsdb: Use replmd_replPropertyMetaData1_new_should_be_taken in replmd_replicated_handle_rename()
dsdb: Use replmd_replPropertyMetaData1_new_should_be_taken in replmd_replicated_apply_merge()
dsdb: Use replmd_replPropertyMetaData1_new_should_be_taken in replmd_replicated_apply_search_callback()
selftest: Add more tests to cover attribute changes vs DN renames
dsdb: Show initial replicated modify as well as resolved modify in repl_meta_data
dsdb: Fix incorrect sorting of replPropertyMetaData with RDN last
dsdb: Fix rename and RDN handling for replPropertyMetaData
selftest: Assert replPropertyMetaData values before and after replication
selftest: Add a reverse variation to ReplicateMoveObject3
repl: Avoid use-after-free when working with the working_schema
build: Try to work around strict aliasing rules on Ubuntu 10.04
build: Address may be used uninitialized in this function on Ubuntu 10.04
selftest: Rebase DrsBaseTestCase on SambaToolCmdTest
samba-tool: Improve fsmo handling
samba-tool domain join: Refuse to re-join a DC with a still-valid password
s4-samr: Fix samr.QueryUserInfo level 1 primary group
selftest: Expand tokenGroups test to also build nested groups
selftest: Expand tokenGroups test to also compare with samr.GetGroupsForUser
libcli/smb: Fix compiler errors when building with --address-sanitizer
libgpo: Fix compiler errors when building with --address-sanitizer
s3-client: Fix compiler errors when building with --address-sanitizer
s3-libnet: Fix compiler errors when building with --address-sanitizer
s3-vfs/snapper: Fix compiler errors when building with --address-sanitizer
s4-kcc: Fix compiler errors when building with --address-sanitizer
s4-libcli/raw: Fix compiler errors when building with --address-sanitizer
s4-samr: Rework GetGroupsForUser to use memberOf
selftest: Add alias membership to the tokengroups test
selftest: Test that primaryGroupID is first in samr.GetUserGroups() reply
selftest: Check a user with only primaryGroupID is correct in samr.GetUserGroups() reply
samba_dnsupdate: Add a mode that calls samba-tool dns, rather than nsupdate
dns_update_list: Add in NS records
samba_dnsupdate: Allow admin to force a particular IP into samba_dnsupdate
samba_dnsupdate: Simplify logic and add more verbose debugging
samba_dnsupdate: Implement RPC <ZONE> prefix in dns_update_list
samba_dnsupdate: Give the administrator more detail when DNS lookups fail
selftest: Ensure we write 127. addresses into DNS
selftest: Always set up a resolv.conf and use it in samba_dnsupdate
selftest: confirm samba_dnsupdate works in both nsupdate and samba_tool mode
selftest: Add a DNS test matching Windows
selftest: Remove print attribute from getnc_exop test
repl: Avoid excessive stack use and instead sort the links in the heap
selftest: Do not run local.ndr 3 times
lib/ldb-samba: We can confirm a GUID is a GUID by length
selftest: Avoid running local.nss test against ad_dc_ntvfs
selftest: Do not run winbind tests against ad_dc_ntvfs
dsdb: Provide shortcuut for repl_meta_data avoiding search of link targets
dsdb: Fix use-after-free of parent_dn in operational module
dsdb: Only fetch changed attributes in replmd_update_rpmd
librpc: Avoid talloc in GUID_from_data_blob()
ldb: Allow repl_meta_data to override the O(^2) loop checking for duplciates
ldb: Do not allocate the extended DN name
dsdb: Apply linked attribute backlinks as we apply the forward links
dsdb: Avoid talloc() calls in dsdb_get_extended_dn_*()
dsdb: Make less talloc() for parsed_dn.guid
Revert "source4/scripting: add an option to samba_dnsupdate to add ns records."
lib: talloc: Change __talloc_with_prefix() to return a struct talloc_chunk *.
lib: talloc: Change __talloc() to return a struct talloc_chunk *.
lib: talloc: Change _talloc_set_name_const() to _tc_set_name_const()
lib: talloc: Add _vasprintf_tc() which returns the struct talloc_chunk *, not the talloc'ed pointer.
lib: talloc: Rename talloc_set_name_v() to tc_set_name_v(). Make it take a struct talloc_chunk *tc as the first argument.
lib: talloc: Call talloc_chunk_from_ptr() less often in __talloc_with_prefix()
lib: talloc: Rename the internals of _talloc_free_internal() to _tc_free_internal().
lib: talloc: As _tc_free_internal() takes a struct talloc_chunk *, add an extra paranoia check against destructor overwrite.
lib: talloc: As we have a struct talloc_chunk * in _talloc_free_children_internal(), use it to call _tc_free_internal() directly.
lib: talloc: Add check for destructor protection.
ldb: Avoid use-after-free when one error message is printed into another
schema: Make the fetch of the schema version fast
dsdb: Remove use of schema USN in samldb_add_handle_msDS_IntId
dsdb: Remove 120 second delay and USN from schema refresh check
schema: Reorder dsdb_set_schema() to unlink the old schema last
samba-tool: Add success message to samba-tool drs replicate --local
samba-tool: Add --local-online mode to samba-tool drs replicate
selftest: Add more tests for samba-tool drs replicate
Revert "dsdb: Disable tombstone_reanimation module until we isolate what causes flaky tests"
Revert selftest: Add knownfail entry required to disable tombstone_reanimation
pyrpc: Allow control of RPC timeout for IRPC
samba-tool drs replicate: Allow replication call to take as long as required
dsdb: Avoid search on * in replmd_replicated_apply_next()
dsdb: Improve debugging during SD recursion failure
build: Always build eventlog6. This is not a duplicate of eventlog
param: Correct the defaults for "dcerpc endpoint services"
Remove unused and untested source4 ntptr and spoolss systems
repl: Remove check for parentGUID being NULL in dsdb_convert_object_ex()
ldb: Add better debugging to ldb_wait()
samba-tool: Put full command and subcommand in informative name when testing samba-tool
selftest: Make repl_schema more robust by disabling replication before the test
selftest: Make repl_move more robust by disabling replication before the test
selftest: Disable replication before doing forced pre-test replicate
drs: pass the forced-replication flag from DsReplicaSync to GetNCChanges
selftest: Ensure we can call DRSUAPI_EXOP_REPL_OBJ with replication disabled
selftest: Disable all replication during most replication tests
WHATSNEW: Add features added for Samba 4.5
s4:torture/ndr: Add supplementalCredentials blobs from alpha13 and release_4_1_0rc3
s4:torture/ndr: Add supplementalCredentials blob from Win2012R2
torture: Add another sample of a PAC that broke the old PAC_UPN_DNS_INFO handling
s4:torture/ndr: Add supplementalCredentials blob from Samba with the new SambaGPG blob
build: Add hints on what libraries to install for gpgme support on failure
ldb_ldb: Do not re-scan the index list for new DNs
Anoop C S (3):
packaging: Remove ulimit usage for setting core file size limit
packaging: Set default limit for core file size in init scripts
packaging: Set default limit for core file size in service files
Aurelien Aptel (23):
s3/client/clitar.c: NULL-check correct variable
s3/client/clitar.c: always close fd
pidl/ws: Fix Dead Store (Dead assignement/Dead increment) warning found by Clang
pidl/ws: fix -Wmissing-prototype
pidl/ws: enhance dissector
pidl/ws: Fix Dead Store (Dead assignement/Dead increment) warning found by Clang
pidl/ws: fix indent (use 4 tabs) and remove trailing whitespace
pidl/ws: fix Assigned value is garbage or undefined found by Clang Analyzer
pidl/ws: Remove #pragma warning (MSVC)
pidl/ws: Eliminate e_uuid_t in favor of e_guid_t
pidl: use https urls and update dead msdn link
pidl/ws: avoid trailing tabs
pidl/ws: remove any starting _ in WS field names
pidl/ws: Remove pinfo->private_data from DCERPC dissectors.
pidl/ws: dereference pointers when passing name param.
pidl/ws: Add HEADER START/HEADER END in ws dissector
pidl/ws: whitespace cleanup
pidl/ws: Document CODE_START and HEADER_START
pidl/ws: directly use `di` param instead of casting `private_data` member.
pidl/s4/python: typo in comment
pidl/ws: fix failing tests
pidl/ws: fix missing $name when generating MAPI dissector
s3/winbindd: use == -1 instead of < 0 for error checking uid_t
Bob Campbell (9):
samba_dnsupdate: do not interpret failure count as unix error code
samba_spnupdate: do not interpret failure count as unix error code
tdb: avoid many fcntl calls when incrementing seqnum
selftest: add check password script test
check_password_script: Add a DEBUG message for timeouts
password_hash: Make an error message clearer
provision_fill: move most db accesses into transactions
provision_fill: move GPO into transaction
provision: Ignore duplicate attid and governsID check
Christian Ambach (6):
s3:libsmb/clifile use correct value for MaxParameterCount for setting EAs
s3:rpcclient make --pw-nt-hash option work
s3:selftest add a test for rpcclient --pw-nt-hash option
s3:rpcclient add -m option
s3:modules/vfs_snapper squelch -O3 compile warning
s4:repl_meta_data: squelch compile warning with -O3
Christof Schmitt (9):
gensec: Change log level for message when obtaining PAC from gss_get_name_attribute failed
selftest: Disable full audit logging in selftest
smbtorture: Add smb2.maxfid
selftest: Add tunable for smb2.maxfid limit
smbtorture: Correctly initialize notify request in smb2.notify.tree
smbd: Allow passing notify filter from inotify and fam
notify_inotify: Move mapping table to top of file
notify_inotify: Map inotify mask back to filter
vfs_gpfs: Retry getacl with DAC capability if necessary
Dirk Godau (2):
drsuapi tests for DsBind with w2k8
Extend DsBind and DsGetDomainControllerInfo to work with w2k8.
Douglas Bagnall (30):
python/join.py: Avoid unchecked print in error path
source4/param/pyparam.c: fix strange indentation
dsdb/common/util: remove some unnecessary str_list_length()s
dsdb/common/util: be careful about zero length string lists
dsdb schema_query: reduce calls to str_list_length
source4/registry/local: avoid str_list_length() to check first element
pytalloc: avoid double 0x0x in repr strings
Python pidl: avoid segfault with "del obj->attr"
tests/dcerpc/array.py: test deletion of arrays
selftest: Enable samba.tests.dcerpc.array test
tests/dcerpc: add tests for string allocation and deletion
gitignore: ignore library bin directories
python/tests/dns_forwarder: fix for python 2.6
Remove unused stf directory
s4/dsdb/repl_meta_data: use local bool version of flag
replmd_modify_delete: check talloc_new()
repl_meta_data: free context on error in replmd_modify_la_delete()
dsdb: add vanish links control
dsdb tests: add linked attribute tests
drs tests: querying linked attribute over DRS
dbcheck: cache linkIDs and reverse attribute names
dbcheck: check for linked atributes that should not exist
s4/selftest/provisions/dump.sh: dump to target dir if supplied
blackbox/dbcheck-oldrelease: more accurate temp filename
dbcheck linked attribute tests: save environment with bad links
VLV tests: reduce test duplication hence elapsed time
VLV tests: comment typo
VLV: fix handling with show_deleted and similar controls
VLV tests: add tests with show_deleted control
VLV tests: remove vestigial pdb stub
Garming (1):
drs: Send DRSUAPI_DRS_GET_ALL_GROUP_MEMBERSHIP by default
Garming Sam (68):
manpages: Markup led to missing space
typo: mplementation => implementation
examples/crackcheck: allow compilation with current builds
samr4: Remove talloc_asprintf leak onto mem_ctx
drsuapi.idl: Add attid used in testing in idl
tests/drs: cleanup some whitespace
samba_dnsupdate: Fix typo in -no-substitutions name
dns_server: Fix typo in dns_authoritative_for_zone() name.
flapping: temporarily add samba_dnsupdate test
tests/drs: extend getnc_exop test to check linked attributes
tests/drs: make cleanup more robust
tests/drs: assert sorted identifier GUIDs across getncchanges
tests/drs: change sort order in tests to match Windows
getncchanges: remove some whitespace
getncchanges: sort with precalculated target guid array
getncchanges: Match Windows on linked attribute sort
flapping: remove samba_dnsupdate from flapping
check-password-script: Allow AD to execute these scripts
param: fix a typo emtpy -> empty
tevent: typo in documentation
typo: componemt => component
typo: mandetory -> mandatory
kerberos: Return enc data on PREAUTH_FAILED
schema: Remove unnecessary schema reload code
schema: raise debug level
tests/dns_update: Add error message for diagnosis
tests: Allow alternative error code for backupkey test
dbcheck: Script swallows input when given a carriage return
match_rules: Fix a duplicated check
match_rules: Make cleanup faster and more efficient
link_attrs: Add tests for one way links (and pseudo one-way)
extended_dn_out: Force showing of one-way links if they exist
flapping: Add dbcheck to flapping
dbcheck: change argument to specify a partial --yes
tests/dbcheck: One way links are expected to be stale
dbcheck.sh: Fix the arguments supplied as $@
dbcheck: Split out valid stale DN links and invalid ones
dbcheck.sh: Remove all the plausible stale links
flapping: Remove dbcheck from flapping
renamedc: Make a more targeted dbcheck
pytalloc: Add a warning about enable_null_tracking
join.py: Remove talloc enable_null_tracking
samba-tool: Speed up all samba-tool commands
WHATSNEW: Samba-tool speed-up
drepl: Fix a typo
kcc: Make debug more scarce
selftest: Add more information when KCC fails
kcc: Prevent the KCC from doing work on the RODC
samba_kcc: match translate connection from old KCC for RODC
samba_kcc: match translate connection from old KCC for RWDC
kcc: Make more fault tolerant on DC demotion
dbcheck: Replica locations can now be leftover
join.py: Ensure that all expressions are escaped
join.py: Add Replica-Locations for DomainDNS and ForestDNS
join.py: Don't add replica locations without the backend
dbcheck/release-4-1-0rc3: Add a check regarding replica locations
dbcheck: Add a rule regarding replica locations
kcc: correct a typo in the debug messages
samba_kcc: Enable the python samba_kcc
WHATSNEW: Add the update for the samba kcc
AddressSanitizer: Initialize for kcc_topology.c
AddressSanitizer: Initialize for smbd/oplock.c
AddressSanitizer: Initialize for vfs_fruit.c
kcc: typo fix tupple => tuple
kcc: fix a typo
kcc: Add corresponding methods for repsTo
kcc: Add a TODO for msDS[-RO]-Replica-Locations
kcc: Clean up repsTo attribute for old DCs
Günther Deschner (11):
s3-winbind: Fix schannel connections against trusted domain DCs
s3-libnet: Print error string even on successfuly completion of libnetjoin.
s3:libnet: accept empty realm for AD domains when only security=domain is set.
librpc: add decode_netlogon_samlogon_response_packet for mailslot debugging.
torture: show the first differing byte and a dump in torture_assert_data_blob_equal().
s4-torture: rename torture_suite_add_ndr_pullpush_test to torture_suite_add_ndr_pull_validate_test.
krb5pac: no need for a noprint PAC_BUFFER.
s4-torture: add ndr krb5pac testsuite.
s4-torture: add another krb5pac buffer to the ndr test.
s4-torture: add new torture_assert_krb5_error_equal macro.
s4-torture: fix compile of new NDR PAC tests with MIT Kerberos.
Hemanth Thummala (1):
Fix memory leak in share mode locking.
Ira Cooper (2):
lib:dlinklist: avoid -Wtautological-compare errors with gcc6
ldb:dlinklist: avoid -Wtautological-compare errors with gcc6
Jeremy Allison (39):
s3: locking: Rename xxx_windows_lock_ref_count to xxx_lock_ref_count.
s3: locking: Add some const.
s3: locking: Add a const struct lock_context * paramter to set_posix_lock_posix_flavour()
s3: locking: Convert on the wire behavior of POSIX (UNIX extensions) locks from process-associated locks to open file description locks.
s3: torture: Add POSIX-OFD-LOCK test.
s3: lib: Add 'int op' parameter to fcntl_getlock().
s3: VFS: Add bool use_ofd_locks member to struct files_struct.
s3: lib: util: Add map_process_lock_to_ofd_lock() utility function.
s3: VFS: Map process-associated lock operation to open file description lock operation.
s3: wscript: Add checks for open file description locks.
s3: libsmb: Add sync and async cli_posix_whoami().
s3: smbclient: Add posix_whoami command.
s3: docs: Add documentation for posix_whoami command in smbclient.
s3: auth: Move the declaration of struct dom_sid tmp_sid to function level scope.
s3: lib: ldap: Use struct sockaddr_storage to cope with IPv6.
lib: tevent: Use struct sockaddr_storage to cope with IPv6.
lib: Fix uninitialized read in msghdr_copy
s3: krb5: keytab - The done label can be jumped to with context == NULL.
s4: dns: Correctly check for talloc failure.
s4: libcli: Internal SMB1 pid is already stored as and uses 32-bits. Correct getpid() cast.
s3: libsmb: Widen the internal client smb1.pid to 32-bits as is used on the wire and in libcli/smb/smb1*.c
s3: torture: Add test that proves Win2k12 correctly returns pidlow and pidhigh in SMB1 requests.
s3: smbd: Remove unused 'req' argument from setup_readX_header()
s3: smbd: Make setup_readX_header() externally accessible
s3: smbd: Use common function setup_readX_header() in aio read code.
s3: smbd: In reply_read_and_X() SMB1 server is overwriting part of the 'reserved' zero fields with reply data length.
s4: torture: Added raw readX test to ensure 'reserved' fields are zero.
s3: libsmb: Correctly trim a trailing \\ character in cli_smb2_create_fnum_send() when passing a pathname to SMB2 create.
s3: tldap: Remove asynchronous calls to gensec_update_send()/_recv() as for the spnego backend they're synchronous anyway.
s3: tldap: Make tldap_gensec_bind_send()/tldap_gensec_bind_recv() static.
s3: tdb: On some platforms pthread_mutex_trylock() returns EBUSY not EDEADLK.
s4: ldb: Ignore case of "range" in sscanf as we've already checked for its presence.
lib: talloc: Rename talloc_XXX() internal functions that take a 'struct talloc_chunk *' to tc_XXX().
s3: smbd: Fix delete operations enumerating streams inside a file. This must always be done as a Windows operation.
s3: torture: Regression test case to specify exactly how UNIX extensions should act on files with streams.
s4: torture: Don't crash if connections fail and treeXX variables are left as NULL.
WHATSNEW. Add text for Open File Description (OFD) locks.
s3: smbd: vfs: Remove any stale xattr values during file/directory create in vfs_xattr_tdb()
s4: messaging: Remove bool auto_remove parameter from imessaging_init().
Jim McDonough (1):
winbind: honor 'socket options' in winbind
Jose A. Rivera (10):
ctdb-scripts: Various small fixes to example nfs-ganesha-callout
ctdb-scripts: Organize global variables in nfs_ganesha_callout
ctdb-scripts: Add register action to nfs-ganesha-callout
ctdb-scripts: Use D-Bus messages to trigger grace in nfs-ganesha-callout
ctdb-scripts: Cleanup service_check() in nfs-ganesha-callout
ctdb-scripts: Parametize symlink checking in nfs-ganesha-callout
ctdb-scripts: Add config options for use by clustered NFS
ctdb-scripts: Section off GPFS-specific functionality in nfs-ganesha-callout
ctdb-scripts: Add GlusterFS support to nfs-ganesha-callout
krb5_wrap: Fix build error when not using heimdal.
Lorinczy Zsigmond (1):
lib: replace: snprintf - Fix length calculation for hex/octal 64-bit values.
Mantas Mikulėnas (1):
samr4: Use <SID=%s> in GetAliasMembership
Martin Schwenke (196):
ctdb-recover: Avoid duplicate deferred attach processing
ctdb-daemon: Don't use CTDB_SRVID_TAKEOVER_RUN_RESPONSE
ctdb-protocol: Drop unused CTDB_SRVID_TAKEOVER_RUN_RESPONSE
ctdb-recoverd: Drop unreachable code
ctdb-recoverd: Simplify return values when updating local flags
ctdb-recoverd: Call election when necessary in recovery master validation
ctdb-recoverd: Check that IP failover is active in IP verification
ctdb-recoverd: Skip known IP address checking when it is disabled
ctdb-recoverd: Clean up local IP verification
ctdb-recoverd: Fold IP allocation house-keeping into IP verification
ctdb-takeover: Drop ipreallocated fallback code
ctdb-takeover: PNN can be used to index into node map
ctdb-takeover: Takeover callback data doesn't need a node map
ctdb-takeover: New function takeover_callback_data_init()
ctdb-takeover: Use the takeover_run_fail_callback() in more cases
ctdb-takeover: Have the takeover fail callback log a message
ctdb-takeover: Send banning credit messages from fail callback
ctdb-takeover: Count takeover run failures
ctdb-takeover: Only apply banning credits to the worst offender
ctdb-takeover: Recovery daemon no longer passes fail callback
ctdb-takeover: Do not set node unhealthy when "takeip" fails
ctdb-recoverd: Drop explicit check to flag takeover run needed
ctdb-recoverd: Move takeover run checks after recover checks
ctdb-recoverd: Drop an unnecessary log message
ctdb-recoverd: Add early return in srvid_requests_reply()
ctdb-recoverd: Unify takeover run triggering code in main loop
ctdb-scripts: Support systemctl directly
ctdb-scripts: Drop unnecessary detect_init_style() call
ctdb-scripts: New functions ip_block() and ip_unblock()
ctdb-scripts: Rename get_iface_ip_maskbits_family() to get_iface_ip_maskbits()
ctdb-tests: Drop no-op functions and add an ip6tables stub
ctdb-scripts: Simplify ip_maskbits_iface()
ctdb-tests: Allow local daemons to be run under valgrind
ctdb-tests: Make sure empty override values are properly quoted
ctdb-common: Use correct macro for checking Ethernet hardware family
ctdb-tests: Replace "ctdb setrelock" test with "ctdb getreclock" test
ctdb-tool: Drop support for "ctdb setreclock" command
ctdb-recovery: Consistency check reclock in start recovery control
ctdb-recovery: Don't sync recovery lock across cluster
ctdb-recovery: Don't update recovery lock from daemon
ctdb-client: Remove support for SET_RECLOCK
ctdb-protocol: Drop support for SET_RECLOCK
ctdb-protocol: CTDB_CONTROL_SET_RECLOCK_FILE is obsolete
ctdb-daemon: Drop function ctdb_set_recovery_lock_file()
ctdb-daemon: Rename recovery lock file to just recovery lock
ctdb-recoverd: Don't expose internal cluster mutex status
ctdb-recoverd: Fix buggy function return on memory allocation failure
ctdb-cluster-mutex: Don't call the supplied hander more than once
ctdb-recoverd: No need to reset reclock handler
ctdb-cluster-mutex: Pass a talloc context to allocate the handle off
ctdb-recoverd: Recovery lock handle should be in recovery deamon context
ctdb-recoverd: Simplify reclock handler
ctdb-recovery: Wrap private data for reclock test callback
ctdb-cluster-mutex: Drop cluster_mutex_handler() ctdb and handle arguments
ctdb-cluster-mutex: ctdb_cluster_mutex() registers handler and private data
ctdb-cluster-mutex: Register an extra handler for when mutex is lost
ctdb-recoverd: Add handler for lost recovery lock
ctdb-recoverd: Release recovery lock on exit
ctdb-scripts: Move NFS callout-related code to functions file
ctdb-scripts: Add eventscript 06.nfs
torture: Add tests for trim_string()
lib/util: Optimise trim_string() to use a single memmove(3)
ctdb-tests: Remove unused tests from IP takeover test harness
ctdb-tests: Simplify read_ctdb_public_ip_info() using new function add_ip()
ctdb-tests: Don't bother setting all_ips
ctdb-tests: Drop all_ips argument from read_ctdb_public_ip_info()
ctdb-tests: Drop CTDB_TEST_MAX_IPS
ctdb-tests: read_ctdb_public_ip_info() reads all test input
ctdb-tests: Assign known and available arrays via pointers.
ctdb-tests: Build a node map instead of a hacky node flags array
ctdb-tests: Drop CTDB_TEST_MAX_NODES
ctdb-ipalloc: Move if-statement with broken condition
ctdb-ipalloc: Drop an unnecessary check
ctdb-ipalloc: Do not use node count or PNNs from CTDB context
ctdb-ipalloc: Drop a use of CTDB_NO_MEMORY_NULL()
ctdb-ipalloc: Drop remote IP verification
ctdb-recoverd: Drop code to change the IP assignment tree
ctdb-tools: Don't bother sending CTDB_SRVID_RECD_UPDATE_IP
ctdb-ipalloc: Drop code to update IP assignment tree
ctdb-ipalloc: Don't build a global IP tree
ctdb-ipalloc: Clean up reloading of remote public IPs
ctdb-ipalloc: Remove function ctdb_reload_remote_public_ips()
ctdb-ipalloc: New function ipalloc_set_public_ips()
ctdb-ipalloc: Move create_merged_ip_list() into ipalloc
ctdb-ipalloc: Drop known public IPs from IP allocation state
ctdb-ipalloc: New function ipalloc_can_host_ips()
ctdb-ipalloc: Fix buggy short-circuit when no IPs are available
ctdb-ipalloc: Make no_ip_failback a boolean
ctdb-ipalloc: Pass extra data to IP allocation state initialisation
ctdb-ipalloc: Move ipalloc state initialisation to ipalloc.c
ctdb-ipalloc: Switch set_ipflags_internal() to use a new-style node map
ctdb-ipalloc: Move set_ipflags_internal() to ipalloc
ctdb-ipalloc: ipalloc() returns public IP list
ctdb-ipalloc: IP allocation state is now an opaque structure
ctdb-tests: Drop use of CTDB context from takeover test
ctdb-tests: Allow takeover tests to be run under valgrind
ctdb-ipalloc: Drop implicit dependency on ctdb-common
ctdb-tests: Link to ctdb-ipalloc instead of using ctdbd_test.c
ctdb-scripts: Drop optional argument to nfs_check_services()
ctdb-scripts: Export CTDB_BASE in functions file
ctdb-scripts: Update script boilerplate to avoid shellcheck warnings
ctdb-scripts: Fix incorrect variable reference
ctdb-scripts: Fix incorrect variable reference
ctdb-scripts: Use globs instead of ls to list files
ctdb-scripts: Fix incorrect variable reference
ctdb-scripts: Quote some variable expansions
ctdb-client: Fix incorrect variable reference
ctdb-client: Fix access after free error
ctdb-tools: Avoid uninitialised memory access
ctdb-scripts: Fix a bug in counter checking
ctdb-tests: Add reclock event script tests
ctdb-tests: Add new vsftpd event script test
ctdb-tests: Add new httpd event script test
ctdb-tests: New event script test for corrupt TDB checking
ctdb-scripts: Drop use of ctdb_standard_event_handler()
ctdb-scripts: Event script indentation and whitespace cleanups
ctdb-scripts: Drop use of service_tcp_ports
ctdb-scripts: Drop use of ctdb_check_counter from httpd event script
ctdb-scripts: Drop use of ctdb_check_counter from reclock event script
ctdb-scripts: Drop use of ctdb_check_counter from vsftpd event script
ctdb-scripts: Drop function ctdb_check_counter()
ctdb-scripts: Avoid shellcheck warning SC2016 ($ in single quotes)
ctdb-scripts: Avoid shellcheck warnings SC2030, SC2031 (subshell variables)
ctdb-scripts: Avoid shellcheck warning SC2004 ($ in arithmetic)
ctdb-scripts: Avoid shellcheck warning SC2034 (unused variables)
ctdb-scripts: Avoid shellcheck warnings SC2046, SC2086 (double-quoting)
ctdb-scripts: Avoid shellcheck warning SC2154 (unassigned variables)
ctdb-scripts: Avoid shellcheck warning SC1004 (backslash in quotes)
ctdb-scripts: Avoid shellcheck warning SC2017 (arithmetic precision)
ctdb-scripts: Avoid shellcheck warning SC2002 (useless cat)
ctdb-scripts: Avoid shellcheck warnings SC2119, SC2120 (function arguments)
ctdb-scripts: Avoid shellcheck warning SC2015 (A && B || C)
ctdb-scripts: Avoid shellcheck warning SC2039 (type command)
ctdb-scripts: Avoid shellcheck warning SC2039 (echo -n)
ctdb-scripts: Avoid shellcheck warning SC2094 (read/write same file)
ctdb-scripts: Avoid shellcheck warning SC2039 (test -nt operator)
ctdb-scripts: Avoid shellcheck warning SC2039 (non-portable ulimit options)
ctdb-scripts: Avoid shellcheck warning SC2038 (find without -print0)
ctdb-scripts: Avoid shellcheck warning SC2012 (ls for file list)
ctdb-scripts: Avoid chellcheck warning SC2012 (ls for file list)
ctdb-scripts: Avoid shellcheck warning SC2059 ($ in printf format)
ctdb-scripts: Avoid shellcheck warning SC2155 (declare, assign)
ctdb-scripts: Avoid shellcheck warning SC2124 (string=array)
ctdb-scripts: Avoid shellcheck warning SC2006 (legacy `..`)
ctdb-tests: Add new test support script for script install paths
ctdb-tests: Add shellcheck test suite
ctdb-doc: Drop documentation for "ctdb setmonmode"
ctdb-doc: Drop documentation for "ctdb xpnn"
ctdb-doc: Update allowed debug levels to include "ERROR"
ctdb-doc: Document limitation of "ctdb reloadips"
ctdb-tests: Require setup_ctdbd() call in tool tests
ctdb-tests: Clean up temporary files in tool tests
ctdb-tests: Allow fake_ctdbd and tool to be run under valgrind in tool tests
ctdb-tests: Allow secondary tool commands to be tested
ctdb-tests: Have fake_ctdbd log request IDs
ctdb-tests: Error on invalid destnode in fake_ctdbd
ctdb-tests: Drop a "ctdb reloadnodes" tool test
ctdb-tests: Add "ctdb ifaces" tool test
ctdb-tests: Add "ctdb ping" tool test
ctdb-tests: Add "ctdb recmaster" tool tests
ctdb-tests: Add "ctdb uptime" tool test
ctdb-tests: Add "ctdb process-exists" tool test
ctdb-tools: Simplify "ctdb getpid" output format
ctdb-tests: Add "ctdb getpid" tool test
ctdb-tools: Simplify "ctdb pnn" output format
ctdb-tests: Add "ctdb pnn" tool test
ctdb-tools: Simplify "ctdb getdebug" output format
ctdb-tests: Add "ctdb setdebug" tool tests
ctdb-tests: Add "ctdb runstate" tool tests
ctdb-tests: Add "ctdb listvars/getvar/setvar" tool tests
ctdb-tests: Add "ctdb setifacelink" tool tests
ctdb-tools: Simplify "ctdb getmonmode" output format
ctdb-tests: Add "ctdb getmonmode/disablemonitor/enablemonitor" tool tests
ctdb-tests: Implement GET_RECLOCK_FILE control in fake_ctdbd
ctdb-tests: Add "ctdb getreclock" tool tests
ctdb-tests: Implement STOP_NODE and CONTINUE_NODE controls in fake_ctdbd
ctdb-tests: Implement TAKEOVER_RUN message in fake_ctdbd
ctdb-tests: Add "ctdb stop/continue" tool tests
ctdb-tests: Implement SET_BAN_STATE control in fake_ctdbd
ctdb-tests: Add "ctdb ban/unban" tool tests
ctdb-tests: Implement MODIFY_FLAGS control in fake_ctdbd
ctdb-tests: Add "ctdb disable/enable" tool tests
ctdb-tools: Simplify "ctdb getdbseqnum" output format
ctdb-tests: Implement database related controls in fake_ctdbd
ctdb-tests: Add database related tool tests
WHATSNEW: CTDB updates
ctdb-doc: Integrate ctdb_diagnostics man page into build
ctdb-doc: ctdb_diagnostics(1) tweaks and cross-references
ctdb-ipalloc: Use a cumulative timeout for takeover run stages
ctdb-daemon: Move CTDB VNN structure to IP takeover code
ctdb-daemon: Deletion of IPs is deferred until the next takeover run
ctdb-tests: Avoid division by zero in NFS eventscript unit test
ctdb-tests: Remove duplicate EOF terminators in some tool unit tests
ctdb-tests: Avoid portability issue in porting tests
ctdb-tests: Pretend not to ignore return from fgets()
ctdb-daemon: Fix CID 1364527/8/9: Null pointer dereferences (NULL_RETURNS)
Michael Adam (85):
tevent:threads: fix -O3 error unused result of write
tevent:signal: fix -O3 error unused result of write
tevent:signal: fix -O3 error unused result of read
tevent:testsuite: fix O3 errors unused result for read
tevent:testsuite: fix O3 errors unused result of write
tdb:torture: fix -O3 error unused result code of read
tdb:torture: fix -O3 error unused result of write
debug: fix -O3 warning - unused return code of write()
lib: add sys_read_v - void variant of sys_read
lib: add sys_write_v - void variant of sys_write
s4:libcli:resolve: fix O3 error unused result of write
s4:registry:patchfile: fix O3 error unused result of write
s4:ntvfs: fix O3 error unused result of asprintf
s4:ntvfs: fix O3 error unused result of asprintf in svfs_file_utime
s4:ntvfs: fix O3 error unused result of asprintf in cifspsx_map_fileinfo
s4:ntvfs: fix O3 error unused result of asprintf in cifspsx_list_unix
s4:ntvfs: fix O3 error unused result of asprintf in cifspsx_file_utime()
s4:ntvfs: fix O3 error unused result of write error in nbench_log()
s4:regshell: fix O3 error unused result of asprintf in reg_complete_key()
s4:torture:basic: fix O3 error unused result of asprintf
s4:torture:basic:misc: fix O3 error unused result of asprintf
s4:torture:basic: fix O3 error unused result of write
s4:torture:basic:dir: fix O3 error unused result of asprintf
s4:torture:basic:delete: fix O3 error unused result of asprintf
s4:torture:rpc:samlogon: fix O3 error unused result of asprintf
s4:torture:nbench: fix O3 error unused result of asprintf
s4:client: fix O3 error unused result of of chdir and system
s3:samlogon_cache: fix O3 error unused result of truncate
s3:utils:log2pcaphex: fix O3 error unused result of fgets
s3:utils:log2pcaphex: fix O3 error uninitialized variable
s3:smbfilter: fix O3 error unused result of system()
s3:vfs:aio_fork: fix O3 error unused result of write
s3:vfs:preopen: fix O3 error unused result of write
examples:smbclient:testacl3: fix O3 error unused result from fgets
examples:smbclient:notify: fix O3 error unused result from fgets
examples:smbclient:statvfs: fix O3 error unused result of fgets
examples:smbclient:fstatvfs: fix O3 error unused result of fgets
examples:smbclient:read: fix O3 error unused result of fgets
examples:smbclient:write: fix O3 error unused result of fgets
autobuild: add a target samba-o3 that is built with -O3
autobuild: run the samba-o3 target by default
travis: run the samba-o3 target
s3:vfs: add 'kernel_share_modes_taken' to files_struct
smbd:close: only remove kernel share modes if they had been taken at open
notifyd: prevent NULL deref segfault in notifyd_peer_destructor
selftest: fix printf in cleanup_child()
selftest: improve misleading indentation in cleanup_child()
selftest: improve logic in cleanup_child() with early return
selftest: systematize formatting of if/elseif/else indentation in cleanup_child
ctdb:tcp: add missing spaces in debug message in ctdb_tcp_node_connect()
ctdb:banning: timedout->timed out in dbg messages in ctdb_ban_node_event()
ctdb:eventscript: timedout->timed out in ctdb_event_script_args()
ctdb:tests: timedout->timed out in 60.nfs.multi.004 test
ctdb:banning: Improve a debug message
ctdb:banning: Improve debug message in ctdb_ban_node_event()
ctdb: set the path to 'ctdb' in 'functions' in CTDB
ctdb: make sure scripts using $CTDB called by test find ctdb
ctdb: use properly configured ctdb in functions
ctdb: use properly configured ctdb in ctdbd_wrapper
ctdb: use properly configured ctdb in 00.ctdb
ctdb: use properly configured ctdb in 01.reclock
ctdb: use properly configured ctdb in 10.external
ctdb: use properly configured ctdb in 13.per_ip_routing
ctdb: use properly configured ctdb in 10.interfaces
ctdb: use properly configured ctdb in 70.iscsi
ctdb: use properly configured ctdb in 91.lvs
ctdb: use properly configured ctdb in 99.timeout
ctdb: use properly configured ctdb in statd-callout
ctdb: use properly configured ctdb in debug-hung-script.sh
libnet: only create local private krb5.conf if joining an AD domain
ctdb-daemon: make bool assignment more obvious
Revert "s3:libnet: accept empty realm for AD domains when only security=domain is set."
libnet: ignore realm setting for domain security joins to AD domains if 'winbind rpc only = true'
autobuild: Don't compare socket wrapper so_path for xc check
ctdb: fix autotest with socket-wrapper installed in the system
libsmb:namequery: fix typo in comment in get_dc_list()
selftest: check for winbind on 1-second basis
selftest: check for smbd on a 1-second basis.
libads: improve debug messages in sitename_fetch()
rpc_server: add mssing '#pragma GCC diagnostic push'
tevent: avoid -Wtautological-compare errors with gcc6
Revert "ldb:dlinklist: avoid -Wtautological-compare errors with gcc6"
Revert "tevent: avoid -Wtautological-compare errors with gcc6"
Revert "lib:dlinklist: avoid -Wtautological-compare errors with gcc6"
build: avoid -Wtautological-compare errors from gcc6+ by disabling it globally
Nikolai Kondrashov (1):
tevent: Clarify apparently useless conditions
Per Forlin (1):
s3: smbd: Correctly reflect back SMB_PIDHIGH to a client.
Peter C. Kelly (1):
Improve help wording for samba-tool domain provision as per https://lists.samba.org/archive/samba-technical/2016-April/113740.html
Peter Somogyi (1):
Add yet another error code when forking an smbd and ctdb is not there. We can see NT_STATUS_CONNECTION_REFUSED in the logs upon such a rare case.
Raghavendra Talur (1):
init: set core file size to unlimited by default
Ralph Boehme (41):
talloc: rename local timeval function copies
winbindd: log domain name of failures to get trustdoms
winbindd: prevent log spam when enumerating users
librpc/ndr: add flag LIBNDR_FLAG_NO_COMPRESSION
librpc/dns: don't compress strings in TKEY and TSIG responses
librpc/dns: remove original_id from dns_fake_tsig_rec
s4/dns_server: include request MAC in TSIG response MAC calculation
s4/dns_server: split out function that does the MAC computation
s4/dns_server: not finding the key here is a fatal error
s4/dns_server: ensure we store the key name in error code paths
s4/dns_server: error codes for failing MAC verification in TSIG requests
s4/dns_server: don't compute TSIG MAC in TSIG error records
s4/dns_server: prepare sending correct error responses for dns_verify_tsig() errors
s4/dns_server: enable sending of TSIG error records
selftest: add test for DNS updates with TKEY/TSIG
selftest: Kerberos auth with netbios alias SPNs
selftest: make samba3.blackbox.smbclient_tar as flapping
s3/smbd: add helper func dos_mode_from_name()
s3/smbd: call dos_mode_from_name after SMB_VFS_GET_DOS_ATTRIBUTES()
s3/smbd: move check for "hide files" to dos_mode_from_name()
s3/smbd: only use stored dos attributes for open_match_attributes() check
s4/torture: add a test for dosmode and hidden files
winbindd/idmap_rfc2307: fix a crash
winbindd: in wb_lookupsids return domain name if we have it
selftest: make autorid the default idmap backend in admember_rfc2307
selftest: test idmap backend id allocation for unknown SIDS
smbd/cleanupd: use smbd_reinit_after_fork()
smbd/notifyd: use smbd_reinit_after_fork()
s3-rpc_server/mdssd: use smbd_reinit_after_fork()
ctdbd_conn: split ctdbd_init_connection()
ctdbd_conn: add ctdbd_reinit_connection()
s3-messaging/ctdb: split messaging_ctdbd_init()
s3-messaging/ctdb: add messaging_ctdbd_reinit()
s3-messaging: use messaging_ctdbd_reinit() in messaging_reinit()
s3/smbd: move make_default_filesystem_acl() to vfs_acl_common.c
vfs_acl_xattr: objects without NT ACL xattr
WHATSNEW: SMB 2.1 leases enabled by default
s3/lib: add smbd_cleanupd.tdb
s3/smbd: add cleanupd_init_send()/recv()
s3/cleanupd: use smbd_cleanupd.tdb
s3/notifyd: add async send/recv functions
Richard Sharpe (5):
s3: net: Return an error when no name servers were returned by the lookup so that we see an error in self test.
s3/net: print returned addresses in dns gethostbyname
source4/scripting: add an option to samba_dnsupdate to add ns records.
s4/selftests: test net ads dns register/unregister.
testprogs/blackbox: Improve the net ads dns register tests.
Rowland Penny (2):
samba-too: Allow 'samba-tool fsmo' to cope with empty or missing fsmo roles
Fix typo in python/samba/provision/__init__.py
Shyamsunder Rathi (1):
s3:utils/net: Add new option 'unregister' in 'net ads dns' command.
Stefan Metzmacher (216):
libcli/auth: let msrpc_parse() return talloc'ed empty strings
s3:rpc_server/samr: simplify the logic in get_user_info_18()
s3:ntlm_auth: make ntlm_auth_generate_session_info() more complete
s3:smbd: fix anonymous authentication if signing is mandatory
WHATSNEW: Clear release notes for Samba 4.5.0pre1.
WHATSNEW: add 'Support for LDAP_SERVER_NOTIFICATION_OID'
python:samba: move netcmd/time.py to python/samba/netcmd/nettime.py
Revert "s3:rpcclient add -m option"
s3:rpcclient: make use of SMB_SIGNING_IPC_DEFAULT
s3:selftest: run test_smbclient_ntlm also against ad_dc
selftest: use the default values for "server signing"
dcerpc.idl: add DCERPC_NCACN_{REQUEST,RESPONSE}_DEFAULT_MAX_SIZE
s4:librpc/rpc: allow a total reassembled response payload of 240 MBytes
s4:rpc_server: use a variable for the max total reassembled request payload
dcerpc.idl: remove unused DCERPC_NCACN_PAYLOAD_MAX_SIZE
s4:server_named_pipe: make sure we use lower case pipe name
s4:rpc_server: context_id fields of presentation contexts are just 16bit
s4:rpc_server: remove unused '_unused_auth_state'
s4:rpc_server: remove unused dcesrv_connection_context->assoc_group
s3:rpc_client: remove unused rpc_pipe_client->max_recv_frag
s4:rpc_server: parse auth data only for BIND,ALTER_REQ,AUTH3
s4:librpc/rpc: don't ask for auth_length if we ask for auth data only
librpc/rpc: let dcerpc_pull_auth_trailer() only accept auth_length!=NULL or auth_data_only=true
librpc/rpc: let dcerpc_pull_auth_trailer() check that auth_pad_length fits within the whole pdu.
librpc/rpc: ignore invalid auth_pad_length values in BIND, ALTER and AUTH3 pdus
s4:rpc_server: generate the correct error when we got an invalid auth_pad_length on BIND,ALTER,AUTH3
python/tests: add auth_pad test for the dcerpc raw_protocol test
selftest: add save.env.sh helper script.
librpc/tools: correctly validate relative pointers in ndrdump
librpc/ndr: add support for NDR_ALIGN* to ndr_push_short_relative_ptr2()
samba-tool: really deprecate 'samba-tool user add'
s4:dsdb/tests: make user_account_control.py executable
s4:dsdb/tests: use ncacn_ip_tcp:server[seal] for samr connections
s4:dsdb/tests: use GENSEC_SEAL for ldap connections in sam.py
s4:dsdb/tests: let the user_account_control.py test recover from a previous failure
s4:dsdb/tests: improve error message in test_new_user_default_attributes()
s4:dsdb/repl_meta_data: pass now to replmd_add_fix_la
s4:selftest: run samba4.ldap.password_lockout.python only against ad_dc_ntvfs
s4:dsdb/tests: use more useful userAccountControl/pwdLastSet values in the urgent_replication test
s3:pdb_samba_dsdb: fix calucating of dsdb_flags
s4:dsdb/samdb: allocate DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET_OID
s4:dsdb/samldb: add DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET_OID when defaulting pwdLastSet=0
s4:dsdb/samdb: allocate DSDB_CONTROL_PASSWORD_USER_ACCOUNT_CONTROL_OID
s4:samldb: pass down DSDB_CONTROL_PASSWORD_USER_ACCOUNT_CONTROL_OID with changed userAccountControl details
s4:dsdb/common: add some const to helper functions
s4:dsdb/password_hash: use full NTTIME resolution for pwdLastSet
s4:dsdb/password_hash: split out a password_hash_needed() function
s4:dsdb/password_hash: split out a update_final_msg() function
s4:dsdb/password_hash: make the variable names in setup_io() more clear
s4:dsdb/password_hash: leave the current value of pwdLastSet as 0 an add
s4:dsdb/password_hash: move the check for old passwords into setup_io()
s4:dsdb/password_hash: call ndr_pull_supplementalCredentialsBlob in setup_io()
s4:dsdb/password_hash: remember if we need to update the passwords and/or pwdLastSet
s4:dsdb/password_hash: move ldb_msg_add_empty() calls to update_final_msg()
s4:dsdb/password_hash: create a shallow copy of the client message for the final update
s4:dsdb/password_hash: only set pwdLastSet if required
s4:dsdb/password_hash: make the DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET code path more robust
s4:dsdb/password_hash: handle the DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET control
s4:dsdb/password_hash: make it possible to specify pwdLastSet together with a password change
s4:dsdb/password_hash: allow pwdLastSet only changes
s4:rpc_server/samr: only set pwdLastSet to "0" or "-1"
s4:dsdb/password_hash: only allow pwdLastSet as "0" or "-1"
s4:dsdb/samldb: fix comment "lockoutTime" reset as per MS-SAMR 3.1.1.8.10
s4:dsdb/samldb: pwdLastSet = -1 requires Unexpire-Password right
s4:dsdb/tests: add pwdLastSet tests
auth/auth_sam_reply: add some const to input parameters
s4:kdc: add some const to samba_get_logon_info_pac_blob()
krb5pac.idl: add PAC_CREDENTIAL related structures
s4:auth/sam: use "msDS-UserPasswordExpiryTimeComputed" instead of samdb_result_force_password_change()
s4:rpc_server/samr: use "msDS-UserPasswordExpiryTimeComputed" instead of samdb_result_force_password_change()
s4:kdc: use "msDS-UserPasswordExpiryTimeComputed" instead of samdb_result_force_password_change()
s4:dsdb/common: remove unused samdb_result_force_password_change()
s3:winbindd: pass 'interactive' down through winbindd_dual_auth_passdb()
s4:auth_sam: don't allow interactive logons with UF_SMARTCARD_REQUIRED
s4:kdc: don't allow interactive password logons with UF_SMARTCARD_REQUIRED
samdb.py: add smartcard_required option to newuser()
samba-tool: add --smartcard-required option to 'samba-tool user create'
samba-tool: do a password retype validation check for 'samba-tool user setpassword'
samba-tool: add 'samba-tool user setpassword --smartcard-required/--clear-smartcard-required'
test_pkinit_heimdal.sh: add a helper VARIABLE to store the certificate paths
test_pkinit_heimdal.sh: add a FILE: prefix to the KRB5CCNAME variable
s4:dsdb: add some const to {samdb_result,dsdb}_effective_badPwdCount()
s4:auth/sam: only reset badPwdCount when the effetive value is not 0 already
s4:auth/sam: don't update lastLogon just because it's 0 currently
s4:auth/sam: update the logonCount for interactive logons
s4:dsdb/tests: let password_lockout.py reduce the values for lockoutDuration and lockOutObservationWindow
s4:dsdb/tests: let password_lockout.py cross-check the lastLogon value with samr
s4:dsdb/tests: let password_lockout.py make the LDAP error string checks more useful
s4:dsdb/tests: let password_lockout.py add a _readd_user() helper function
s4:dsdb/tests: let password_lockout.py make use of the _readd_user() helper function
s4:dsdb/tests: let password_lockout.py let _readd_user() return the ldb connection as user
s4:dsdb/tests: let password_lockout.py pass username,userpass optionally to insta_creds()
s4:dsdb/tests: let password_lockout.py use user{name,pass,dn} variables in _readd_user()
s4:dsdb/tests: let password_lockout.py pass creds as argument to _readd_user()
s4:dsdb/tests: let password_lockout.py use _readd_user() for testuser3 too
s4:dsdb/tests: let password_lockout.py make use of self.addCleanup() to cleanup objects
s4:dsdb/tests: let password_lockout.py use userdn variables in all functions
s4:dsdb/tests: let password_lockout.py use other_ldb variables instead of self.ldb3
s4:dsdb/tests: let password_lockout.py use userpass variables in all functions
s4:dsdb/tests: let password_lockout.py use creds and other_ldb as function arguments
s4:dsdb/tests: let password_lockout.py copy user{name,pass} from the template in insta_creds()
s4:dsdb/tests: let password_lockout.py verify more fields in _readd_user()
s4:dsdb/tests: let password_lockout.py test with all combinations of krb5, ntlmssp and lockOutObservationWindow
s4:dsdb/tests: let password_lockout.py validate the lastLogon and lastLogonTimestamp interaction
s4:dsdb/tests: let password_lockout.py verify the logonCount values
lib/param: add lpcfg_sam_dnsname() helper function
auth.idl: add user_principal_* and dns_domain_name to auth_user_info
s4:auth: make use of lpcfg_sam_name() in authsam_get_user_info_dc_principal()
s4:auth: fill user_principal_* and dns_domain_name in authsam_make_user_info_dc()
s4:auth/kerberos: improve error message in kerberos_pac_to_user_info_dc()
auth/auth_sam_reply: let make_user_info_dc_netlogon_validation() correctly handle level 6
auth/wbc_auth_util: fill in base.logon_domain in wbcAuthUserInfo_to_netr_SamInfo3()
auth/wbc_auth_util: change wbcAuthUserInfo_to_netr_SamInfo* from level 3 to 6
auth/auth_sam_reply: add auth_convert_user_info_dc_saminfo6() and implement level 3 as wrapper
auth/auth_sam_reply: add auth_convert_user_info_dc_saminfo2() helper function
auth/auth_sam_reply: do a real copy of strings in auth_convert_user_info_dc_sambaseinfo()
s4:rpc_server/netlogon: initialize pointer to NULL in dcesrv_netr_LogonSamLogon_base()
s4:rpc_server/netlogon: make use of auth_convert_user_info_dc_saminfo{2,6}()
auth/auth_sam_reply: make auth_convert_user_info_dc_sambaseinfo() a private helper
netlogon.idl: make netr_SidAttr public
krb5pac.idl: introduce PAC_DOMAIN_GROUP_MEMBERSHIP to handle the resource groups
security.idl: add SID_NT_NFS S-1-5-88* sids
libcli/auth: remove unused variable in msrpc_parse()
s3:libsmb/clirap: remove unused cli_get_server_*() functions
CVE-2016-2019: libcli/smb: don't allow guest sessions if we require signing
CVE-2016-2019: s3:libsmb: add comment regarding smbXcli_session_is_guest() with mandatory signing
CVE-2016-2019: s3:selftest: add regression tests for guest logins and mandatory signing
s4:dsdb/samdb: add DSDB_FLAG_INTERNAL_FORCE_META_DATA
s4:samba_dsdb: add "dsdb_flags_ignore" module
tests:samba3sam: make use of the dsdb_flags_ignore module
selftest/flapping: mark samba4.drs.repl_move.python as temporary flapping
s4:dsdb/common: add a replication metadata stamp for an empty logonHours attribute
s4:dsdb/password_hash: force replication meta data for empty password attributes
Revert "selftest/flapping: mark samba4.drs.repl_move.python as temporary flapping"
s4:torture/drs: verify the whole metadata array to be the same in the repl_move tests
drsuapi.idl: add DRSUAPI_ATTID_operatorCount and DRSUAPI_ATTID_adminCount
s4:dsdb/samdb: add const to dsdb_make_object_category()
s4:password_hash: correctly update pwdLastSet on deleted objects.
s4:dsdb/repl_meta_data: sort preserved_attrs and add "msDS-PortLDAP"
s4:dsdb/repl_meta_data: remove secret attributes on delete
s4:dsdb/common: prepare dsdb_user_obj_set_defaults() for tombstone reanimation
s4:dsdb/tombstone_reanimate: restructure the module logic
s4:dsdb/tests: make use assertAttributesEqual() in RestoreUserObjectTestCase()
s4:dsdb/tests: make tombstone_reanimation.py executable
s4:dsdb/tests: improve tombstone_reanimation varifications
s4:dsdb/tests: improve the RestoreUserObjectTestCase test
s4:dsdb/tests: add RestoreUserPwdObjectTestCase test
libads: ensure the right ccache is used during gssapi bind
libads: ensure the right ccache is used during spnego bind
python/remove_dc: handle dnsNode objects without dnsRecord attribute
s4:kdc: ignore empty supplementalCredentialsBlob structures
s3:libnet_dssync_keytab: ignore empty supplementalCredentialsBlob structures
s4:dsdb/password_hash: explicitly set SUPPLEMENTAL_CREDENTIALS_SIGNATURE
drsblobs.idl: mark supplementalCredentialsSubBlob as nopull,nopush
drsblobs.idl: supplementalCredentialsSubBlob make it possible to parse strange blobs
s4:torture/ndr: add validation checks for strange supplementalCredentials blobs
krb5pac: fix push/pull of subcontexts in PAC_BUFFER
krb5pac.idl: implement PAC_UPN_DNS_INFO correct
krb5pac/netlogon: add a comment regarding PAC_LOGON_INFO unique pointers on push
krb5_wrap: provide CKSUMTYPE_HMAC_SHA1_96_AES_*
s4:torture/ndr: make use of torture_suite_add_ndr_pull_validate_test() in krb5pac when possible
s4:torture/ndr: add more krb5pac tests with PAC blobs from pkinit
s3:ntlm_auth: call fault_setup() in order to get usefull backtraces
s3:tests: add 'as user' to the test names in test_smbclient_auth.sh
s3:selftest: run smbclient_auth with a few more combinations
selftest: set "ntlm auth = yes" for now as a lot of tests rely on it
docs-xml:smbdotconf: default "ntlm auth" to "no"
selftest: don't allow ntlmv1 for 'nt4_member' and 'ad_member'
WHATNEW: the default for "ntlm auth" is "no"
pycredentials: add {get,set}_old_password()
pycredentials: add set_utf16_[old_]password()
samba-tool: add 'user getpassword' command
python:samba/tests: add simple 'samba-tool user getpassword' test
python:samba/tests: verify the packages order in supplementalCredentials
docs-xml:samba-tool.8: document "user getpassword" command
samba-tool: add 'user syncpasswords' command
python:samba/tests: add simple 'samba-tool user syncpasswords' test
docs-xml:samba-tool.8: document "user syncpasswords" command
docs-xml/smbdotconf: reference "unix password sync" with "samba-tool user syncpasswords"
.travis.yml: install libgpgme11-dev python[3]-gpgme
docs-xml/smbdotconf: add "password hash gpg key ids" option
docs-xml/smbdotconf: reference "unix password sync" with "password hash gpg key ids"
s4:dsdb/samdb: add configure checks for libgpgme
drsblobs.idl: add package_PrimarySambaGPGBlob
s4:dsdb/samdb: optionally store package_PrimarySambaGPGBlob in supplementalCredentials
samba-tool: add --decrypt-samba-gpg support to 'user getpasswords' and 'user syncpasswords'
selftest:gnupg: add a gpg key for Samba Selftest <selftest at samba.example.com>
s4:selftest: run samba.tests.samba_tool.user also against ad_dc:local
selftest:Samba4: configure "password hash gpg key ids" for ad_dc (if available)
python:samba/tests: use 'samba-tool user {getpassword,syncpasswords}' with --decrypt-samba-gpg
WHATSNEW: add 'Password sync as active directory domain controller'
WHATSNEW: recomment python-crypto and python-m2crypto
auth/credentials: also do a shallow copy of the krb5_ccache.
s4:torture/remote_pac: verify the order of PAC elements
HEIMDAL:lib/krb5: allow predefined PAC_{LOGON_NAME,PRIVSVR_CHECKSUM,SERVER_CHECKSUM} elements in _krb5_pac_sign()
HEIMDAL:kdc: reset e_text after successful pre-auth verification
HEIMDAL:kdc: add krb5plugin_windc_pac_pk_generate() hook
s4:kdc: hook into heimdal's windc.pac_pk_generate hook
s4:kdc: correctly update the PAC in samba_wdc_reget_pac()
s4:kdc: provide a PAC_CREDENTIAL_INFO element for PKINIT logons
s4:dsdb/password_hash: add the UF_SMARTCARD_REQUIRED password reset magic
s4:dsdb/tests: add UF_SMARTCARD_REQUIRED tests
selftest/Samba: remove compat admincert* files
selftest/manage-ca: add certificates for pkinit@[addom.]samba.example.com
selftest/manage-ca: update manage-CA-samba.example.com.sh
selftest/Samba: copy pkinit@$DOMAIN certificates to the environment
test_pkinit_heimdal.sh: add some more tests regarding the UF_SMARTCARD_REQUIRED behavior
testprogs/blackbox: add test_pkinit_pac_heimdal.sh
s4:selftest: run test_pkinit_pac_heimdal.sh test
s4:selftest: run the pkinit test in the ad_dc and ad_dc_ntvfs environment
WHATSNEW: add SmartCard/PKINIT improvements
auth/auth_sam_reply: fill user_principal_* and dns_domain_name in make_user_info_dc_pac()
s4:kdc: provide a PAC_UPN_DNS_INFO element for logons
s4:dsdb/repl_meta_data: remember originating updates when applying replicated changes
s4:dsdb/replicated_objects: don't skip notifications on resolved conflicts
tdb: version 1.3.10
Uri Simchoni (20):
Reset WHATSNEW.txt for 4.5.x series
smbd: remove "only user" and "username" parameters
WHATSNEW: Document "only user" removal
heimdal: encode/decode kvno as signed integer
s3-quotas: fix sysquotas_4B quota fetching for BSD
heimdal make kvno unisgned internally
s3-sysquotas-linux: remove support for old interfaces
s3-sysquotas-linux: remove check for EDQUOT on getting user quota
s3-sysquotas-linux - cleanup
vfs_fake_dfq: add more mocking options
selftest: add disk-free quota tests
smbd: dfree - ignore quota if not enforced
s3-sysquotas-linux: do not check for EDQUOT
selftest: remove test for EDQUOT returned from quota backend
vfs_fake_dfq - remove support for generating EDQUOT
s3-sysquotas: remove special handling of EDQUOT
s3-dfree-quota: remove special handling of EDQUOT
selftest: Add test for domain join + kerberos-only auth
s3-libads: fix a memory leak in ads_sasl_spnego_bind()
auth: fix a memory leak in gssapi_get_session_key()
Volker Lendecke (81):
smbd: Remove an unused #define
smbd: Fix an assert
ctdb: Improve debug in case of set_runstate failure
ctdb: Fix the O3 developer build
lib: Fix a signed/unsigned mixup
lib: Fix some whitespace
torture: Remove a use of get_my_vnn()
ctdbd_conn: remove ctdb_processes_exist
ctdbd_conn: Simplify two DEBUGs
ctdbd_conn: "sockname" is not needed anymore
ctdbd_conn: Expose ctdb socket readability handler
lib: Move async message handling out of ctdbd_conn
dbwrap_ctdb: Align loop index with terminator
dbwrap_ctdb: Add "conn" to db_ctdb_ctx
dbwrap_ctdb: Pass in ctdbd_connection
dbwrap: Add "msg_ctx" to db_open_ctdb
ctdbd_conn: Remove messages.h dependency
dbwrap_ctdb: Fix some 32-bit hickups
dbwrap_ctdb: Remove get_my_vnn dependency
ctdb: Fix CID 1361817 Dereference after null check
ctdb: Fix CID 1327222 Copy into fixed size buffer
vfs_fileid: Fix a signed/unsigned mixup
vfs_fruit: Fix a few signed/unsigned mixups
samdb: Improve debugging in acl_validate_spn_value()
drsuapi: Improve debug in DsWriteAccountSpn
dsdb: Simplify acl_validate_spn_value
lib: Move msghdr to lib/util/
lib: Move poll_funcs to lib/
lib: Add accept_send/recv
lib: Fix CID 1362566 Dereference null return value
rpc_server: Fix CID 1362565 Improper use of negative value
libsmb: Fix two CIDs for NULL dereference
lib: Fix a signed/unsigned mixup
libreplace: Add a closefrom() implementation
lib: Add a little closefrom() test
smbd: Fix a signed/unsigned hickup
smbd: Fix a valgrind error
libnet: Fix CID 1362934: CHECKED_RETURN
ldb: Fix CID 1362935: CHECKED_RETURN
dsdb: Fix CID 1363810: Null pointer dereferences
lib: Print own pid in messaging_init
lib: Avoid a "procid_is_local" call
lib: Allow NULL blob for messaging_send()
tdb: Don't malloc for every record in traverse
lib: Add server_id_watch_send
dbwrap: Add "blocker" to record_watch_send
g_lock: Use "blocker" argument to dbwrap_record_watch_send
dbwrap: Add overflow protection to dbwrap_record_watchers_key()
dbwrap: Add an alternative implementation of dbwrap_watch_record_send
lib: Convert g_lock to new dbwrap_watch
smbd: Convert locking.tdb to new dbwrap_watch
smbd: Convert smbXsrv_open_global.tdb to new dbwrap_watch
smbd: Remove a reference to dbwrap_watch_db()
dbwrap: Remove dbwrap_watchers.tdb based code
lib: Fix a signed/unsigned mixup
smbd: Don't stop sending to children when one send fails
smbd: sconn->sys_notify_ctx is not used
smbd: Factor out notify_init
smbd: Add fsp_fullbasepath
smbd: Avoid a talloc_asprintf
smbd: Add "path" to notify_remove
smbd: "path" is no longer needed in notify_list
smbd: Make notify_callback() public
smbd: There's only one notify_callback
smbd: Pass "sconn" via notify to notify_callback()
smbd: Protect notify_callback from stray pointers
smbd: Remove "listel" from notify_msg
notify_msg: Deregister handler upon talloc_free
smbd: Remember notifyd's serverid
smbd: Log which notifyd was found
smbd: Store notify filters in fsp->notify
smbd: Restart notifyd
smbd: Re-register notify requests
notifyd: Move BlockSignals calls to server.c
smbd: Enable leases by default
tevent: Save 32 bytes of .text in tevent_req_create
tevent: Save 140 bytes of .text in tevent_req_create
tevent: Add overflow protection to tevent_req_create
dsdb: Fix CID 1364520 Incorrect expression (EVALUATION_ORDER)
lib: Move "message_send_all" to serverid.c
fss_agent: Fix a signed/unsigned mixup
Yan, Zheng (2):
s3: vfs: generalize functions that set/get posix acl through xattr
s3: vfs: ceph: Add posix acl support
martijn van brummelen (1):
ctdb-doc: Add ctdb_diagnostics man page
-----------------------------------------------------------------------
--
Samba Shared Repository
More information about the samba-cvs
mailing list