[SCM] Samba Shared Repository - annotated tag tdb-1.3.13 created
Stefan Metzmacher
metze at samba.org
Fri Apr 28 08:58:34 UTC 2017
The annotated tag, tdb-1.3.13 has been created
at eae52b521257fff2ba2f99b9b0d972420893bea7 (tag)
tagging 77d4e07ef3a0b9d7c2b1c660c8ac770c07120173 (commit)
replaces talloc-2.1.9
tagged by Stefan Metzmacher
on Fri Apr 28 10:58:22 2017 +0200
- Log -----------------------------------------------------------------
tdb: tag release tdb-1.3.13
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJZAwQuAAoJEEeTkWETCEAlJ4IH/jx8X8EAW7lRPEd3oOq7sjJO
LpLcB8+Sayce0IeFdjTuD2Ugyy6SNx2RGWMmnkkwdnIZ/kizu+a5YCyK5/CmAPH+
dxcUpxdZv/JXB/O5jEdTamUwzX1nFT7xCadZqXw1MaNzO7ldqJt0GvKam6yrUX6O
l2QzI6f4XAco3EsXyxNJ5Dn5a+xPfHuAEfG5ZzDPl+DHAl0XE13xbLJLwx53X520
HqcCWJ/k3ZqvIGsu7T4bdR9XT3gEyShFmJZww2D4PWleA98cUMSWT7nyxdsDokVo
2Drjib+QL9raiU01w1hyHSTyX8b5YWo2nICzP73hnKlGTxGFPBksONEbjRcOI80=
=cg++
-----END PGP SIGNATURE-----
Alexander Bokovoy (9):
gssapi: check for gss_acquire_cred_from
lib/krb5_wrap: add smb_gss_krb5_import_cred wrapper
credentials_krb5: convert to use smb_gss_krb5_import_cred
libads: convert to use smb_gss_krb5_import_cred
s3-gse: convert to use smb_gss_krb5_import_cred
s3-gse: move krb5 fallback to smb_gss_krb5_import_cred wrapper
lib/crypto: implement samba.crypto Python module for RC4
_netr_ServerPasswordSet2: use info level 26 to set plain text machine password
s3-tests: assignement in shell shall have no spaces around equal sign
Amitay Isaacs (9):
replace: Fix compiler warning flag
lib/util: Fix initializer
ctdb-readonly: Avoid a tight loop waiting for revoke to complete
ctdb-tools: Avoid deferencing argv[0] if argc == 0
ctdb-common: Add traverse_update function to db_hash abstraction
ctdb-common: Add hash_count abstraction
ctdb-daemon: For hot records, use count instead of hopcount
ctdb-daemon: Add tracking of migration records
ctdb-docs: Fix documentation of -n option to ctdb tool
Andreas Schneider (43):
s3:librpc: Handle gss_min in gse_get_client_auth_token() correctly
docs: Improve the idmap_hash manpage
idmap_hash: Add a deprecation message
s3-libads: Do not leak the msg on error
testprogs: Use smbclient by default in test_kinit_trusts
testprogs: Add kinit_trusts tests with smbclient4
krb5_wrap: Do not return an empty realm from smb_krb5_get_realm_from_hostname()
krb5_wrap: Try to guess the correct realm from the service hostname
krb5_wrap: pass client_realm to smb_krb5_get_realm_from_hostname()
krb5_wrap: Make smb_krb5_get_realm_from_hostname() public
s4:gensec-gssapi: Create a helper function to setup server_principal
s4:gensec_gssapi: Move setup of service_principal to update function
s4:gensec_gssapi: Use smb_krb5_get_realm_from_hostname()
s4:gensec_gssapi: Correctly handle external trusts with MIT
s3:gse: Use smb_krb5_get_realm_from_hostname()
krb5_wrap: Remove obsolete smb_krb5_get_principal_from_service_hostname()
s3:gse: Pass down the gensec_security pointer
s3:gse: Move setup of service_principal to update function
s3:gse: Check if we have a target_princpal set we should use
s3:gse: Correctly handle external trusts with MIT
selftest: Do not plan samba3.base.delaywrite twice
krb5_wrap: Print a warning for an invalid keytab name
s3:libads: Correctly handle the keytab kerberos methods
param: Allow to specify kerberos method on the commandline
testprogs: Test 'net ads join' with a dedicated keytab
krb5_wrap: Fix smb_gss_krb5_import_cred() picky-developer build
s3:vfs_expand_msdfs: Do not open the remote address as a file
testprogs: Correctly expand shell parameters
s3:winbind: Use correct struct member for size calculation
s3:winbind: Remove unused struct getpwent_user
s3:libsmb: Only print error message if kerberos use is forced
s3:libads: Remove obsolete smb_krb5_get_ntstatus_from_init_creds()
nsswtich: Add negative tests for authentication with wbinfo
s3:tests: Add a subsitution test for %D %u %g
selftest: Define template homedir for 'ad_member' env
lib: Add pam_wrapper 1.0.3
python: Add a simple pam_winbind test
s3:tests: Create a test directory for a clean test
wafsamba: Add CHECK_CMOCKA function
third_party: Add cmocka 1.1.1
waf: Only build pam_wrapper if we build with pam
docs: Update idmap_rid manpage
ldb:tests: Build a ldb test for the tdb backend
Andrew Bartlett (71):
repl_meta_data: Remove handling of backlinks from replmd_prepare_commit()
talloc: use the system pytalloc-util for python3 as well
lib/ldb: Enable use of a python3 pyldb-util system library
buildtools: Work around a . being in the target name when building python3 helpers
python: Remove unused import PY3
autobuild: Add nopython environment to test --disable-python builds (but without tests)
auth: Add SID_NT_NTLM_AUTHENTICATION / S-1-5-64-10 to the token during NTLM auth
heimdal: Add initializer for stack pointers
selftest: Add more RODC tests to avoid regressions here
selftest: Add more tests for "samba-tool processes"
samba-tool: Ensure that samba-tool processes --name=not-existing does not error
pymessaging: Add support for irpc_add_name
pymessaging: Add irpc_remove_name
selftest: Test server_id database add and removal
pymessaging: Add a hook to run the event loop, make callbacks practical
messaging.idl: Register a message type for authentication log messages
messaging: Declare well known server name auth_events as AUTH_EVENT_NAME in IDL
python: Provide Python bindings for messaging.idl
pysmb: Extend py_smb_new to allow use_ntlmv2 and use_spnego to be set by callers
auth_log: Add tests by listening for JSON messages over the message bus
s4-smbd: Remember the original client and server IPs from the SMB connection
s4-netlogon: Remember many more details in the auth_usersupplied info for future logs
gensec: Add gensec_{get,set}_target_service_description()
gensec: Pass service_description into auth_usersuppliedinfo during NTLMSSP
s3-auth: Pass service_description into gensec via auth_generic_prepare()
ntlm_auth: Set ntlm_auth as the service_description into gensec
auth: Fill in user_info->service_description from all callers
s4-ldap_server: Split gensec setup into a helper function
s4-ldap_server: Set remote and local address values into GENSEC
s4-ldap_server: Do not set conn->session_info to NULL, keep valid at all times
auth: Add a reminder about the strings currently used for auditing
ldap_server: Move code into authenticate_ldap_simple_bind()
auth: Add "auth_description" to allow logs to distinguish simple bind (etc)
winbindd: Clarify that we do not pre-hash the password for rpccli_netlogon_password_logon()
s4-rpc_server: Correct comment about where the current iface can be found
s3-auth: Split out get_user_sid_info3_and_extra() from create_local_nt_token_from_info3()
debug: Add debug class for auth_audit
s3-auth: Clarify the role and purpose of the auth_serversupplied_info->security_token
auth: Always supply both the remote and local address to the auth subsystem
auth: Add logging of service authorization
dns: Provide local and remote socket address to GENSEC
auth_log: Expand to include the type of password used (eg ntlmv2)
auth_log: Also log the final type of authentication (ntlmssp,krb5)
s3-auth: Log SMB authorization for bare NTLM (NTLMSSP/krb5 already done)
s4-auth: Log SMB authorization for bare NTLM (NTLMSSP/krb5 already done)
ldap_server: Log authorization for simple binds
s4-rpc_server: Log authorization to DCE/RPC for anonymous and ncacn_np pass-though
s3-rpc_server: Log authorization to DCE/RPC for anonymous and ncacn_np pass-though
auth_log: Split up auth/authz logging levels and handle anonymous better
ldap_server: Log access without a bind
auth: Log the transport connection for the authorization
s4-messaging: split up messaging into a smaller library for send only
auth_log: Prepared to allow logging JSON events to a server over the message bus
auth_log: Improve comment
auth: Add hooks for notification of authentication events over the message bus
selftest: Turn on auth event notification and so allow tests to pass
s3-rpc_server: pass remote and local address to rpc_pipe_open_external
s3-rpc_server: Re-order and rename remote and local address in make_external_rpc_pipe{,_p}()
s3-rpc_server: Provide hooks required for JSON message logging for the no-auth case
heimdal: Pass extra information to hdb_auth_status() to log success and failures
samr: Add logging of password change success and failure
dsdb: Add authentication audit logging for LDAP password change
pycredentials: Add bindings for get_ntlm_response()
python: Add bindings for NTLMSSP
WHATSNEW: Add entry for auth audit
autobuild: Do not require cmocka to be installed for samba-libs to build
selftest: Do not enable inbound replication during replica_sync
process_standard: clean up messaging for children after exit()
s4-messaging: Add helpful comments
tdb: Improve debugging when the allrecord lock fails to upgrade
tdb: Improve debugging in _tdb_transaction_start
Aurelien Aptel (1):
s3:smbd: exit early if srv_send_smb fails
Björn Baumbach (1):
tdb/tools: add documentation for the tdbbackup -n option
Bob Campbell (3):
python/tests: Add repl_rodc test
drsblobs: Add decode for replPropertyMetaData1
getncchanges: Do not filter secrets by PAS in EXOP_REPL_SECRET
Chris Lamb (1):
Correct "ommited" typos.
Christof Schmitt (1):
winbindd: Fix password policy for pam authentication
Douglas Bagnall (21):
ndr tests: silence a harmless warning
selftest: ndr_pack/unpack performance test
selftest: add search performance tests
ndr: fix whitespace in libndr.h, ndr.c
ndr: Use resizing array instead of linked lists (breaking ABI)
pyldb: p3k readiness: allow single unicode string in msg element
perftests/ad_dc_search: do less work in expensive member searches
gitignore: add some hidden files
selftest: remove unused broken client.py
python/join: correct spelling of "ctx.del_noerror"
samba-tool domain: correctly spell variable name
python/remove_dc: avoid using non-existent variable
python provision: FDSBackend takes forced uri
python sites/subnets: correctly spell variable name
python/examples/winreg: two variable name typos on a single line
./examples/scripts/SambaConfig.py: fix typo in "continue"
scripts/traffic_summary: documentation typo
dcerpc/misc tests: asset GUID ordering in python 2 and 3
getncchanges: remove whitespace
selftest/target/Samba.pm: Remove whitespace
whitespace: remove in rootdse
Garming Sam (69):
objectclass_attrs: Remove schema copy shallow from attr_handler2
typo: uppon -> upon
werror: Correct the error code checking
samba-tool/domain: Correctly re-enable replication
ldb_tdb: Do not care about duplicates if single value check disabled
ldb_tdb: Do not check for duplicate values during a rename
ldb_tdb: Add better comments for duplicate attr values
python/dsdb_dn: Add a generic get_bytes method on DNs
drsbase: use credentials if supplied
getncchanges: Return correct denied REPL_SECRET error code
tests/repl_rodc: Duplicate msDS-RevealedUsers test for RODC machine acct
getncchanges: Let security of RWDC+ manually replicate secrets to RODCs
replmd: Ensure that binary blobs in links are ordered in the database
replmd: Include extra data on DN in search if it exists
getncchanges: Implement functionality for msDS-RevealedUsers
tests/repl_rodc: Ensure that the machine account is tied to the destination DSA
getncchanges: Tie destination DSA GUID to authenticating RODC for REPL_SECRET
getncchanges: Refactor filter_attrs from build_object
getncchanges: Prevent a small, but possible race condition in build_object
getncchanges: Reorder and comment code for clarity
tests/repl_rodc: Test the direct allow/deny attribute works
getncchanges: include object SID in tokenGroups calculation for repl secret
dbcheck: Improve dbcheck to find (and may fix) dangling msDS-RevealedUsers
tests/match_rules: Use system privilege for msDS-RevealedUsers
objectclass_attrs: Restrict systemOnly attributes
getncchanges: Add a comment regarding sIDHistory for allow/deny in repl_secret
getncchanges: generalize samdb_result_sid_array_ndr a little
tests/dbcheck-links: remove spurious sleeping
dsdb: Move parsed_dn_find into a common location
dsdb: Allow parsed_dn_find to have a prefixed blob match
getncchanges: Remove O(n) loop in link parsing
auth/sam: Remove lastLogonTimestamp from RODC success accounting
repl_secret: Prevent null deref on DEBUG
repl_secret: Error condition should sound harmless
selftest: Check that LDAP is available during RODC startup
wbinfo: Prevent client segfault with given EOF
samba_dnsupdate: Add additional debugging
whitespace: auth_log.py python conventions
whitespace: auth_log.c C code conventions
ldap_server: Move a variable into a smaller scope
whitespace: auth_log_pass_change.py python conventions
whitespace: Remove some whitespace
winbindd: Make some debugging clearer
samba_dnsupdate: Remove extra argument from debug
drsuapi.idl: Expose GetNCChanges req8 like req10
replmd: Send RODC referrals preferably to the PDC
selftest: Add ldap rodc python test
rodc: Force all RODC add and delete to cause a referral
selftest: Make some assertions about RODC referrals
password_lockout: Begin moving helper methods to a base class
password_lockout: Move more helper methods to a base class
password_lockout: Move more helper methods to a base class
password_lockout: Remove use of global lp and host vars
password_lockout: Remove use of global creds variables
password_lockout: Factor out a base testcase
password_lockout: Move lockoutObservationWindow tests from setUp
password_lockout: Move some unnecessary methods from base
sam.c: Make NTLM login set logonCount when unset
tests/rodc: Add a number of tests for RODC-RWDC interaction
password_lockout: Tests against RODC (once preloaded)
drepl: Add partial attribute set in the case of repl secret
rodc: Allow local RODC changes with version 0
replmd: Reduce calls to ldb_request_get_control
password-lockout: Allow RODC to ensure lockout and lockout reset
join.py: Allow RODC to have push replication at join
rodc/dns: Do not put a trailing dot at end of a DNS record
dns_update: RODC updates should use lower case realm
drepl_server: Allow refresh of partitions on UpdateRef
updaterefs: Do not open transaction even when unnecessary
Gary Lockyer (26):
script: Add test data for traffic_summary.pl
script: Add script to provide an anonymous summary from tshark
script: Add test script for traffic_summary.pl
pymessaging: add single element tupple form of the server_id
pysmb: Check for credentials using same method as pyrpc
python net: add username, oldpassword and domain to change_password
TestBase: move insta_creds from password_lockout.py
lib/util: Add functions to escape log lines but not break all non-ascii
auth: Generate a human readable Authentication log message.
rpc: Always supply both the remote and local address to the auth subsystem
auth_log: Add JSON logging of Authorisation and Authentications
named_pipe_auth: Rename client -> remote_client and server -> local_server
s4-named_pipe_auth: Rename client -> remote_client and server -> local_server
s3-named_pipe_auth: Rename client -> remote_client and server -> local_server
s3-rpc_server: Re-order local and remote address in make_server_pipes_struct()
s3-rpc_server: Rename client -> remote_client and server -> local_server
s4-ntvfs: Correct mixup between local/remote addresses
auth log tests: password change tests
ldap_server: Log failures to find a valid user in the simple bind
rpc_server: Re-order and rename remote and local address in np_open()
auth log: Add tests for anonymous bind and SamLogon
TestBase: restore setting FEATURE_SEAL in insta_creds
password_hash: Add tests to allow refactoring
password_hash: refactor setup_supplemental_field
tests dsdb: load paramaters from test environment
pyrpc: Fix segfault in ClientConnection
Günther Deschner (1):
s3-libgpo: Fix the build of the group policy CSEs
Hanno Böck (1):
cleanupdb: Fix a memory read error
Ian Stakenvicius (14):
waf: disable-python - fix ctdb configuration
waf: disable-python - add option globally to build system
waf: disable-python - configuration adjustments
waf: disable-python - align talloc's wscript
waf: disable-python - align ldb's wscript
waf: disable-python - align tevent wscript
waf: disable-python - align tdb's wscript
waf: disable-python - don't build python/
waf: disable-python - don't build PROVISION, pyparam_util
waf: disable-python - don't build pyrpc_util, dcerpc.py
waf: disable-python - don't build samba-net
waf: disable-python - don't build samba-policy
waf: disable-python - don't build torture bits
waf: disable-python - don't include python.h in test_headers.c
Jakub Hrozek (13):
ldb_tdb: Remove unused function ltdb_add_attr_results
ldb_tdb: Remove unused function parameter
ldb_tdb: Remove unused function parameter
ldb: Clarify LDB_MODULES_PATH is used
ldb:tests: Add a simple cmocka test for ldb_connect()
ldb:tests: A rudimentary ldb_add() test
ldb:tests: Add a basic search test
ldb:tests: Add a basic delete test
ldb:tests: Add a test for ldb transactions
ldb:tests: Add a modify test
ldb:tests: unit test for ldb_search()
ldb:tests: Add tests for case insensitive searches
ldb:tests: Unit test the ldb_rename() operation
Jan Engelhardt (1):
build: correct package dependencies
Jeremy Allison (56):
s3: smbd: Restart reading the incoming SMB2 fd when the send queue is drained.
s3: locking: Move two leases functions into a new file.
s3: locking: Update oplock optimization for the leases era !
Fix for Solaris C compiler.
s3: libgpo: Allow skipping GPO objects that don't have the expected LDAP attributes.
Changes to make the Solaris C compiler happy.
CVE-2017-2619: s3: smbd: Create wrapper function for OpenDir in preparation for making robust.
CVE-2017-2619: s3: smbd: Opendir_internal() early return if SMB_VFS_OPENDIR failed.
CVE-2017-2619: s3: smbd: Create and use open_dir_safely(). Use from OpenDir().
CVE-2017-2619: s3: smbd: OpenDir_fsp() use early returns.
CVE-2017-2619: s3: smbd: OpenDir_fsp() - Fix memory leak on error.
CVE-2017-2619: s3: smbd: Move the reference counting and destructor setup to just before retuning success.
CVE-2017-2619: s3: smbd: Correctly fallback to open_dir_safely if FDOPENDIR not supported on system.
CVE-2017-2619: s3: smbd: Remove O_NOFOLLOW guards. We insist on O_NOFOLLOW existing.
CVE-2017-2619: s3: smbd: Move special handling of symlink errno's into a utility function.
CVE-2017-2619: s3: smbd: Add the core functions to prevent symlink open races.
CVE-2017-2619: s3: smbd: Use the new non_widelink_open() function.
s3: smbd: Change "strict sync" paramter from "no" to "yes" for 4.7.0.
WHATSNEW: Document "strict sync" default change.
s3: smbd: Fix incorrect logic exposed by fix for the security bug 12496 (CVE-2017-2619).
s3: Test for CVE-2017-2619 regression with "follow symlinks = no".
s3: Fixup test for CVE-2017-2619 regression with "follow symlinks = no"
s3: smbd: Fix "follow symlink = no" regression part 2.
s3: smbd: Fix "follow symlink = no" regression part 2.
s3: Test for CVE-2017-2619 regression with "follow symlinks = no" - part 2
s4: messaging. Add imessaging_reinit_all() function.
s4: server: Fix crash in NTVFS server caused by ordering of destructor calls.
s4: process_standard: Move talloc_free of event context so it is last thing freed before exit().
s4: process_standard: Always free tevent_context before exit().
s4: process_standard: Add return checking for tevent_add_fd() to standard_accept_connection() and standard_new_task().
s4: process_standard: Add tevent SIGHUP signal handler to standard_accept_connection() and standard_new_task().
s4: process_standard: Add a simplified SIGTERM handler based on code from source4/smbd/server.c. Use from a tevent handler added to standard_accept_connection() and standard_new_task()
s4: messaging. Minor cleanup. Check for error returns on imessaging_register calls.
s4: server. Whitespace and 80+ column cleanup.
s4: server: Create a server 'state' struct.
s4: server: Use server_state as a parameter to stdin handler, not just name.
s4: server: Use server_state as a parameter to max_runtime_handler, not just name.
s4: server: Plumb server_state through the irpc messaging for samba_terminate().
s4: server: Add error return checks for tevent_add_fde, tevent_add_timer.
s4: server: Add a tevent signal handler for SIGTERM.
s4: messaging: When talloc_free()'ing an event context, only remove msg_dgm_ref's that point to *that* context.
s4: server: Remove use of talloc_autofree_context as the parent of event_ctx.
s4: server: Use state as the talloc context for open_schannel_session_store.
lib: Remove smb_iconv_handle_reinit_lp()
lib:charset: Add utility functions reinit_iconv_handle() and free_iconv_handle(void)
s3:lib:charcnv: Remove use of global global_iconv_handle
s3:param: Use new utility function to hide use of global_iconv_handle
lib: param: Use utility functions to get rid of two more uses of global_iconv_handle.
lib: param: Remove the last external use of global_iconv_handle by calling the utility function reinit_iconv_handle().
lib:charset: Make global_iconv_handle private
lib:charset: Remove use of talloc_autofree_context() for global_iconv_handle
lib: debug: Avoid negative array access.
s3:lib: Fix incorrect logic in sys_broken_getgroups()
s3:smbd: Fix incorrect use of sys_getgroups()
lib: param: Remove lpcfg_register_defaults_hook().
lib: modules: Change XXX_init interface from XXX_init(void) to XXX_init(TALLOC_CTX *)
Lumir Balhar (25):
python: samba.credentials: Port pycredentials.c to Python3-compatible form.
python: samba.tests.credentials: Python 3 compatible tests
python: samba.param: Port param module to Python 3
python: samba.tests.param: Add missing tests
python: samba._glue: Port samba._glue module to Python 3.
python: samba.tests.glue: Add new tests for samba._glue.
python: samba.tests.dcerpc: Move Class RawDCERPCTest to separated file.
python: Make top-level samba modules Python 3 compatible
python: wscript_build: Build some modules for Python 3
python: samba.tests: Enable Python 3 tests for ported modules
python: pidl: Port Python interface generator
python: samba.dcerpc: Port RPC related stuff to Python 3
python: samba.tests.dcerpc.misc: Port and enable tests
python: samba.dcerpc: Port security module to Python 3 comp. form
python: wscript_build: Build some DCE/RPC modules with Python 3
python: samba.auth: Port samba.auth to Python 3 compatible form
python: samba.tests.auth: Add tests for samba.auth module
python: samba._ldb: Port of samba._ldb to Python 3 compatible form
python: samba.tests: Move import of ported modules out of PY3 condition
python: samba.tests.core: Port and enable core tests in Python 3
python: samba.getopt: Port module to Python 3 compatible form
python: selftests: Enable samba.getopt tests execution with Python 3
python: samba.gensec: Fix error handling in set_credentials() function
python: samba.gensec: Port module to Python 3 compatible form
python: selftest: Add possibility to run old Python test suites with Python 3
Martin Schwenke (4):
ctdb-build: Add WAFLOCK magic to manpages target
ctdb-build: Fix RPM build
ctdb-tests: Catch cases where mktemp fails due to missing TMPDIR
autobuild: Stop waf uninstall from removing test_tmpdir
Michael Adam (4):
s3:vfs:shadow_copy2: fix quoting in debug messages
s3:vfs:shadow_copy2: fix the corner case if cwd=/ in make_relative_path
s3:vfs:shadow_copy2: fix corner case of "/@GMT-token" in shadow_copy2_strip_snapshot
s3:tests: fix commment typo in the offline test
Noel Power (2):
param: Check for valid values of 'name resolve order' option
s3:tests: Add test for illegal value detection for 'name resolve order'
Petr Viktorin (1):
python: Port the samba.net module to Python 3
Ralph Boehme (145):
selftest: don't run vfs_fruit tests against ad_dc env
s3/includes: add FinderInfo offset define to MacExtensions.h
vfs_streams_xattr: call SMB_VFS_OPEN with smb_fname_base
vfs_streams_xattr: use SMB_VFS_NEXT_OPEN and CLOSE
vfs_catia: run translation on all handle based VFS functions
vfs_catia: add catia_readdir_attr
vfs_catia: add catia_(g|s)et_dos_attributes
vfs_fruit: fix fruit_pread with metadata=stream
vfs_fruit: fix fruit_ftruncate with metadata=stream
vfs_fruit: rename empty_finderinfo() and make it more robust
vfs_fruit: fix fruit_pwrite() with metadata=stream
vfs_fruit: replace unsafe ad_entry macro with a function
vfs_fruit: refactor fruit_open_meta()
vfs_fruit: correct fruit_open_meta_stream() implementation
vfs_fruit: refactor fruit_stat_meta()
vfs_fruit: correct fruit_stat_meta_stream() implementation
vfs_fruit: update_btime() is only needed for metadata=netatalk
vfs_fruit: refactor readdir_attr_meta()
vfs_fruit: correct readdir_attr_meta_finderi_stream() implementation
vfs_fruit: fix fruit_rename() for the fruit:resource!=file case
vfs_fruit: refactor fruit_unlink()
vfs_fruit: fix fruit_chmod() for the fruit:resource!=file case
vfs_fruit: fix fruit_chown() for the fruit:resource!=file case
vfs_fruit: fix fruit_rmdir() for the fruit:resource!=file case
vfs_fruit: in fruit_rmdir() check ._ files before deleting them
vfs_fruit: refactor fruit_open_rsrc()
vfs_fruit: refactor fruit_stat_rsrc()
vfs_fruit: add fruit_stat_rsrc_stream() implementation
vfs_fruit: add fruit_stat_rsrc_xattr() implementation
vfs_fruit: refactor fruit_streaminfo()
vfs_fruit: fix fruit_ntimes() for the fruit:metadata!=netatalk case
vfs_fruit: refactor fruit_ftruncate() and fix stream case
vfs_fruit: refactor readdir_attr_macmeta() resource fork size
vfs_fruit: use SMB_VFS_NEXT_OPEN in two places
vfs_fruit: remove base_fsp name translation
vfs_fruit: fix fruit_check_access()
selftest: disable vfs_fruit tests
vfs_fruit: rework struct adouble API
vfs_fruit: refactor fruit_open and use new adouble API
vfs_fruit: refactor fruit_pread and fruit_pwrite and use new adouble API
vfs_fruit: refactor fruit_fstat and use new adouble API
vfs_fruit: use fio in fruit_fallocate
vfs_fruit: refactor fruit_ftruncate and use new adouble API
selftest: reenable vfs_fruit tests
selftest: move vfs_fruit tests that require "fruit:metadata=netatalk" to vfs.fruit_netatalk
selftest: run vfs_fruit tests against share with fruit:metadata=stream
selftest: also run vfs_fruit tests with streams_depot
selftest: add description to vfs_fruit testsuites
s4/torture: vfs_fruit: add test_null_afpinfo test
s4/torture: vfs_fruit: test deleting a file with resource fork
s4/torture: add a vfs_fruit renaming test with open rsrc fork
lib/torture: add torture_assert_mem_equal_goto
s4/torture: add test for AAPL find with name with illegal NTFS characters
docs/vfs_fruit: document known limitations with fruit:encoding=native
s4/torture: change shares in used torture_suite_add_2ns_smb2_test()
selftest: add shares without vfs_fruit for the vfs_fruit tests
vfs_fruit: ignore or delete invalid AFP_AfpInfo streams
s4/torture: vfs_fruit: test invalid AFPINFO_STREAM_NAME
vfs_fruit: use stat info from base_fsp
s4/torture: vfs_fruit: add stream with illegal ntfs characters to copyile test
vfs_fruit: only veto AppleDouble files with fruit:resource=file
vfs_fruit: enabling AAPL extensions must be a global switch
libcli/smb: add max_credits arg to smbXcli_negprot_send()
libcli/smb: add smb2cli_conn_get_cur_credits
s4/torture: add some SMB2 crediting tests
libcli/smb: add smb2cli_conn_get_mid and smb2cli_conn_set_mid
s4/torture: add a creditting test skipping a SMB2 MID
manpages/vfs_fruit: document global options
s3/wscript: fix Linux kernel oplock detection
s3/smbd: add const to get_lease_type() args
s3/smbd: add comments and some reformatting to open_file_ntcreate()
s3/smbd: req is already validated at the beginning of open_file_ntcreate()
s3/smbd: simplify defer_open()
s3/smbd: add and use retry_open() instead of defer_open() in two places
s3/smbd: fix schedule_async_open() timer
s3/smbd: remove async_open arg from defer_open()
s3/smbd: all callers of defer_open() pass a lck
s3/smbd: fix deferred open with streams and kernel oplocks
s3/selftest: adopt config.h check from source4
s4/torture: some tests for kernel oplocks
s3/smbd: add my copyright to open.c
lib/pthreadpool: fix a memory leak
winbindd: use NULL for pointer check in get_cache()
winbindd: untangle reconnect_methods vs reconnect_ads_methods
winbindd: fix long lines in get_cache()
winbindd: README.Coding fixes for get_cache()
winbindd: remove trailing spaces in get_cache()
CVE-2017-2619: s3/smbd: re-open directory after dptr_CloseDir()
CVE-2017-2619: s4/torture: add SMB2_FIND tests with SMB2_CONTINUE_FLAG_REOPEN flag
s3/smbd: move copychunk ioctl limits to IDL
vfs_default: let copy_chunk_send use const from IDL
s3/smbd: move cc_copy into fsctl_srv_copychunk_state
s3/smbd: implement a serializing async copy-chunk loop
s3/smbd: optimize copy-chunk by merging chunks if possible
vfs_default: move check for fsp->op validity
s3/smbd: make copy chunk asynchronous
winbindd: use passdb backend for well-known SIDs
selftest: wbinfo -s tests for wellknown SIDs
selftest: wbinfo --sids-to-unix-ids tests for wellknown SIDs
winbindd: trigger possible passdb_dsdb initialisation
selftest: fix SID composition in a test script
winbindd: explicit check for well-known SIDs in wb_lookupsids_bulk()
selftest: fix for wbinfo -s tests for wellknown SIDs
winbindd: use correct domain name for failed lookupsids
winbindd: remove unused single_domains array
selftest: new environment "ad_member_idmap_rid"
selftest: tests idmap mapping with idmap_rid
vfs_fruit: resource fork open request with flags=O_CREAT|O_RDONLY
s4/torture: vfs_fruit: test for bug 12565
s3/include: add NT_STATUS_LOOKUP_ERR
s3/rpc_client: use NT_STATUS_LOOKUP_ERR
s3/rpc_client: lookupsids error handling of NT_STATUS_NONE_MAPPED
winbindd: error handling in rpc_lookup_sids()
libcli/security: fix dom_sid_in_domain()
winbindd: handling of SIDs without domain reference in wb_sids2xids_lookupsids_done()
winbindd: let wb_lookupsids_move_name() handle domain_index UINT32_MAX
winbindd: handling of failed lookupsids in wb_lookupsids_single_done()
winbindd: remove fallback to lookupsid for unknown SIDs
winbindd: remove lookupsid() fallback for a failed lookupsids()
winbindd: remove fallback from lookuprids
winbindd: only use the domain name from lookup sids if the domain matches
lib/util: add and use iov_concat
dbwrap: add enum dbwrap_req_state
dbwrap: add parse_record_send/recv to struct db_context
ctdb_conn: add ctdbd_parse_send/recv
dbwrap_ctdb: factor out a db_ctdb_try_parse_local_record() function
dbwrap_ctdb: implement parse_record_send()/recv()
dbwrap: add dbwrap_parse_record_send/recv
dbwrap_watch: add parse_record_send/recv wrappers
s3/locking: add fetch_share_mode_send/recv
s3/smbd: add file_id return arg to smbd_dirptr_lanman2_entry
s3/smbd: ask_sharemode is not needed for info_level SMB_FIND_FILE_NAMES_INFO
s3/smbd: enable processing SMB2 requests async internally
s3/smbd: make write time fetching async
s3/smbd: add "smbd:find async delay usec" to SMB2 FIND
s4/torture: add a test for compound SMB2 FIND requests
selftest: also run smb2.compound_find against share with async delay set
lib/util: add a test for tfork()
lib/util: make use of tfork in samba_runcmd_send()
wafsamba: add source directory define SRCDIR to config.h
lib/util: add a test for samba_runcmd_send()
vfs_acl_xattr|tdb: ensure create mask is at least 0666 if ignore_system_acls is set
vfs_fruit: lp_case_sensitive() does not return a bool
lib/util: fix a Coverity finding in tfork
tdb: runtime check for robust mutexes may hang in threaded programs
Shilpa Krishnareddy (1):
notify: Fix ordering of events in notifyd
Stefan Metzmacher (85):
py_net: make use of pytalloc_GenericObject_steal()
pidl:Python: make sure print HASH references for STRUCT types
pidl:Python: replace pytalloc_CObject_FromTallocPtr() with pytalloc_GenericObject_reference_ex()
pidl:Python: use of pytalloc_GenericObject_reference*() for pyrpc_{ex,im}port_union() wrapping
gensec:spnego: Add debug message for the failed principal
s3:winbindd: fix endless forest trust scan
dsdb/tests: remove duplicate test_smartcard_required3() from sam.py
ldb-samba: remember the error string of a failing bind in ildb_connect()
s4:ldap_server: match windows in the error messages of failing LDAP Bind requests
dsdb/tests: add test_ldap_bind_must_change_pwd()
s4:selftest: run samba4.sam.python also against fl2008r2dc
s3:libads: remove unused fallback to gss_acquire_cred()
winbindd: find the domain based on the sid within wb_lookupusergroups_send()
idmap_autorid: allocate new domain range if the callers knows the sid is valid
ldb: add LDB_FLG_DONT_CREATE_DB
HEIMDAL:kdc: make it possible to disable the principal based referral detection
s4:kdc: disable principal based autodetected referral detection
winbindd: remove bogus fallback to the forest root in wb_lookupname*()
winbindd: remove bogus fallback to the forest root in wb_lookupsid*()
winbindd: remove unused find_root_domain()
winbindd: avoid multiple wbint_LookupSids/lsa_LookupSids calls to the same domain
remove historic source3/change-log
netlogon.idl: make netr_LogonInfoClass public
lsa.idl: add SID_NAME_LABEL
libcli/security: add SID_NAME_LABEL to sid_type_lookup()
libwbclient: add WBC_SID_NAME_LABEL
auth4: add TODO comment on the auth_sam_trigger_repl_secret msDS-NeverRevealGroup interaction
netlogond3: only call make_auth_context_subsystem() in one place
auth3: add make_auth3_context_for_{ntlm,netlogon,winbind}
auth3: make use of make_auth3_context_for_ntlm()
pdbtest: make use of make_auth3_context_for_ntlm()
netlogond3: make use of make_auth3_context_for_netlogon()
winbindd: make use of make_auth3_context_for_winbind()
auth3: make make_auth_context_subsystem() static
auth4: make auth_check_password_wrapper() static
auth4: add auth_context_create_for_netlogon()
netlogon4: make use of auth_context_create_for_netlogon()
winbindd: let winbindd_dual_auth_passdb() return pauthoritative
auth3: let auth_check_ntlm_password() return pauthoritative
auth4: let auth_check_password* return pauthoritative
ntlm_auth3: let contact_winbind_auth_crap() return pauthoritative
auth: let auth4_context->check_ntlm_password() return pauthoritative
auth4: debug if method->ops->check_password() gives NOT_IMPLEMENTED
auth3: only use "[samba4:]sam" in make_auth3_context_for_winbind()
winbindd: no longer use USER_INFO_LOCAL_SAM_ONLY
auth3: remove unused USER_INFO_LOCAL_SAM_ONLY/AUTH_METHOD_LOCAL_SAM handling
auth4: remove unused USER_INFO_LOCAL_SAM_ONLY/AUTH_METHOD_LOCAL_SAM handling
auth: remove unused USER_INFO_LOCAL_SAM_ONLY/AUTH_METHOD_LOCAL_SAM defines
auth4: add a "winbind_rodc" backend
auth4: reflect the reality and use "winbind_rodc" instead of "winbind" for the auth methods as AD_DC
selftest: temporary skip samba.blackbox.pdbtest.s4winbind
auth3: handle ROLE_ACTIVE_DIRECTORY_DC before lp_auth_methods() in make_auth_context_subsystem()
auth4: implement the deprecated 'auth methods' in auth_methods_from_lp()
s4:selftest: specify auth methods of pdbtests without 'samba4:' prefix
Revert "selftest: temporary skip samba.blackbox.pdbtest.s4winbind"
wafsamba: move -L/some/path from LINKFLAGS_PYEMBED to LIBPATH_PYEMBED
rpcclient: allow -U'OTHERDOMAIN\user' again
pam_winbind: no longer use wbcUserPasswordPolicyInfo when authenticating
winbindd: let WBFLAG_PAM_GET_PWD_POLICY only fake the password policy
script/compare_cc_results.py: ignore all LIB*_WRAPPER_SO_PATH values
nss_wrapper: use conf.blddir to construct libnss_wrapper_so_path
resolv_wrapper: use conf.blddir to construct libnss_wrapper_so_path
uid_wrapper: use conf.blddir to construct libnss_wrapper_so_path
s3:ntlm_auth: fix memory leak in manage_gensec_request()
WHATSNEW: Deprecate "auth methods" and "map untrusted to domain"
selftest: make sure we don't have any umask limitations for selftest
testprogs/blackbox: use subunit_ helper functions in test_smbclient_*
testprogs/blackbox: add test_rpcclient_*_grep helper functions
auth4: use lpcfg_is_my_domain_or_realm() in authsam_want_check()
winbindd: allow wbinfo -a REALM\\user to work on a DC
testprogs/blackbox: add test_trust_ntlm.sh
s4:selftest: run test_trust_ntlm.sh against various environments
auth4: add a "sam_failtrusts" module
auth4: use "anonymous sam winbind_rodc sam_failtrusts sam_ignoredomain" as AD_DC
auth4: use "anonymous sam winbind sam_ignoredomain" with ROLE_DOMAIN_MEMBER
auth4: let authsam_check_password_internals use crack_name_to_nt4_name() for upn's
auth4: improve authsam_want_check for upn authentication
auth4: avoid map_user_info() in auth_check_password_send()
auth4: remove unused map_user_info[_cracknames]()
auth4: use "sam winbind_rodc sam_failtrusts" for the netlogon authentication
auth3: add "sam_netlogon3" which only reacts on lp_workgroup() as NT4 PDC/BDC
auth3: only use "sam_netlogon3 winbind:trustdomain" in make_auth3_context_for_netlogon
auth3: merge make_auth_context_subsystem() into make_auth3_context_for_ntlm()
lib/util: add tfork()
tdb: version 1.3.13
Uri Simchoni (27):
smbd: refuse_symlink() - do not fail if the file does not exist
smbd: get_ea_list_from_file_path() - remove a duplicate statement
smbd: remove coupling between get_ea_names_from_file() and "ea support"
testparm: remove check for "ea support" in fruit shares
vfs_fruit: drop "ea support" from the manpage
selftest: remove "ea support" from vfs_fruit-related setups.
talloc: fix doxygen of talloc_move
doc: update "ea support" section of the smb.conf manpage
smbd: add zero_file_id flag
vfs_fruit: enable zero file id
vfs_fruit: document added zero_file_id parameter
torture: add torture_assert_mem_not_equal_goto()
selftest: tests for vfs_fruite file-id behavior
s3: libsmb: add replace support to SMB2 rename
s3: libsmb: add replace support to cli_rename()
smbclient: add -f option to rename command
manpages: update smbclient manpage with rename -f option
libcli: introduce smbXcli_conn_support_passthrough()
s3-libsmb: cli_cifs_rename_send()
s3-libsmb: fail rename and replace inside cifs variant
s3-libsmb: support rename and replace for SMB1
docs: fixup smbclient rename -f option
build: refuse to build without PAM support if enabled
selftest: test fetching a large ACL from vfs_acl_xattr
vfs_xattr_tdb: handle case of zero size.
vfs_acl_xattr: factor out fetching of an extended attribute
vfs_acl_xattr: avoid needlessly supplying a large buffer to getxattr()
Volker Lendecke (132):
auth3: Fix some whitespace
auth3: Simplify get_system_info3
auth4: Fix map_user_info_cracknames for domain==NULL
auth4: Only use CrackNames if we're a DC
auth4: Reduce indentation level by an early error return
samdb: Fix a typo
posix_acls: Do a *bit* of reformatting
posix_acls: Use talloc_zero_array
waf: Fix a typo
winbind: Fix a cut&paste debug typo
smbd: Do an early exit on negprot failure
torture3: Add test for smbd crash
lib: Make gencache hash size configurable, default to 10000
Revert "winbind: Remove rpc_lookup_usergroups"
Revert "winbind: Remove "lookup_usergroups" winbind method"
Revert "winbind: Remove validate_ug"
Revert "winbind: Remove wcache_lookup_usergroups"
Revert "winbind: Remove wb_cache_lookup_usergroups"
Revert "winbind: Remove wbint_LookupUserGroups"
Revert "winbind: Remove wb_lookupusergroups"
Re-enable token groups fallback
auth4: Move a variable closer to its use
auth4: Remove an unused struct declaration
winbind: Fix a debug message
cli_netlogon: Remove a fallback for authoritative=NULL
cli_netlogon: Remove a fallback for flags=NULL
cli_netlogon: Add return parms to rpccli_netlogon_password_logon
winbind: Pass up args from winbind_samlogon_retry_loop
winbind: Pass up args from winbind_dual_SamLogon
winbind: Add "authoritative" to winbindd_response
winbind: Set "authoritative" in response to auth_crap
libwbclient: Add "authoritative" to wbcAuthErrorInfo
winbind: Correcly pass !authoritative from wb_irpc_SamLogon
winbind: Remove unused wcache_tdc_fetch_domainbysid
winbind: Add a debug message for out-of-range IDs
auth3: Centralize auth_check_ntlm_password failure handling
auth3: Use talloc_move instead of _steal
auth3: Simplify auth_check_ntlm_password talloc handling
auth3: Simplify auth_check_ntlm_password server_info handling
auth3: Simplify auth_check_ntlm_password logic with a "goto fail"
auth3: Simplify auth_check_ntlm_password logic with a "goto fail"
winbind: Fix a typo
ldap_server: Fix a typo
winbind: Use talloc_strdup_upper where appropriate
winbindd: Remove an unused #define
auth_winbind3: Correctly handle !authoritative
auth_winbind4: Correctly handle !authoritative
auth_ntdomain3: Correctly handle !authoritative
libsmb: Remove some stale code
libsmb: Make a few functions static
libsmb: Simplify trustdom_cache_store
libsmb: Use talloc in trustdom_cache_key
libsmb: Slightly simplify trustdom_cache_fetch
examples: Add '-p', '--port' to smb2mount
examples:clifuse: Add a stub for getattr
passdb: Remove pdb_ipa
lib: Fix an uninitialized variable warning
docs: Deprecate "map untrusted to domain"
docs: Deprecate "auth methods"
tldap: Allow dropping messages in tldap_search()
s3:winbind: Use the correct talloc context for user information
lib: Avoid an includes.h
lib: Make sys_poll_intr available to ctdb
lib: Simplify smb_nanosleep
winbind: Add idmap_config_const_string
winbind: Use idmap_config_const_string in domain_has_idmap_config
winbind: Use idmap_config_const_string in idmap_init_named_domain
winbind: Use idmap_config_const_string in wb_xids2sids_add_dom
winbind: Use idmap_config_const_string in idmap_tdb2_db_init
winbind: Use idmap_config_const_string in idmap_script_db_init
winbind: Use idmap_config_const_string in idmap_init_domain
idmap_ldap: Use idmap_config_const_string
idmap_ldap: Use idmap_config_const_string
idmap_rfc2307: Use idmap_config_const_string
idmap_ad: Use idmap_config_const_string
winbind: Add idmap_config_bool()
idmap: Use idmap_config_bool in idmap_init_domain
idmap_rfc2307: Use idmap_config_bool
idmap_ad: Use idmap_config_bool
idmap_autorid: Use idmap_config_bool
winbind: Add idmap_config_int
idmap_rid: Use idmap_config_int
idmap_autorid: Use idmap_config_int
idmap_tdb: Avoid a few casts
idmap_rfc2307: Slightly simplify idmap_rfc2307_initialize()
idmap_rfc2307: Clarify the documentation a bit
net: Don't crash if lsa_LookupPrivDisplayName returns NULL
wbinfo: Add "authoritative" to wbinfo -a output
auth3: Slightly simplify make_auth_context_subsystem() step1
auth3: Slightly simplify make_auth_context_subsystem() step2
auth3: Introduce make_auth_context_specific
auth3: Don't try other auth modules on any error
auth3: Simplify the logic in auth_check_ntlm_password
auth3: Introduce auth3_context_set_challenge
winbindd: Call make_auth_context_subsystem directly
netlogond3: "authorititative" is a uint8
netlogond3: Call make_auth_context_subsystem directly
pdbtest: Call make_auth_context_subsystem directly
auth3: Remove unused make_auth_context_fixed
winbindd: NT_STATUS_CANT_ACCESS_DOMAIN_INFO means "Dunno"
server_id_db: Protect against non-0-terminated data records
lib: Remove unused winbind_get_groups and _get_sid_aliases
lib: Remove an unnecessary include
lib: Avoid an includes.h
lib: Avoid an includes.h
lib: Avoid an includes.h
lib: Avoid an includes.h
lib: Avoid an includes.h
lib: Avoid an includes.h
idmap_ldap: Fix CID 1404836 Dereference before null check
smbd: Fix smb1 findfirst with DFS
auth3: fallback to "sam_ignoredomain" in make_auth3_context_for_ntlm()
selftest: Test for bug 12558
tdb: Fix some signed/unsigned hickups
tdb: Do lock upgrades properly
tdb: Test for readonly lock upgrade bug
winbind: Simplify a logic expression
winbind: Avoid a "ok==false"
winbind: Slightly simplify remove_timed_out_clients
winbind_pam: Use any_nt_status_not_ok in map_auth_samlogon
winbind_msrpc: Use any_nt_status_not_ok
smbldap: pdb_ipa is gone
smbldap: Move ldapsam_privates to pdb_ldap.h
smbldap: Fix a typo
smbldap: Introduce "smbldap_get_ldap"
smbldap: Introduce "smbldap_get_paged_results"
smbldap: Introduce "smbldap_get_paged_results"
smbldap: Privatize struct smbldap_state
smbldap: Bump version number
secrets: Protect against a non-0-terminated ldap password
tdbtool: Add "storehex" command
lib: Fix CID 1405493 Error handling issues (CHECKED_RETURN)
-----------------------------------------------------------------------
--
Samba Shared Repository
More information about the samba-cvs
mailing list