[SCM] Samba Shared Repository - annotated tag samba-4.6.0rc1 created
Karolin Seeger
kseeger at samba.org
Thu Jan 5 07:51:30 UTC 2017
The annotated tag, samba-4.6.0rc1 has been created
at 3cf2eddd8be7df770167fd1bbd4113d6971c6677 (tag)
tagging b88d95e6b05a06c02043b9bf260ced7a247f2a60 (commit)
replaces ldb-1.1.29
tagged by Karolin Seeger
on Thu Jan 5 08:48:38 2017 +0100
- Log -----------------------------------------------------------------
samba: tag release samba-4.6.0rc1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQBYbfpWbzORW2Vot+oRApwbAJ9MXQ3GIG2b/UJ11xjWf1kMoY/LQwCdH8BV
k5Z9EqneAaeVzkRpwoDX9tI=
=IGzV
-----END PGP SIGNATURE-----
Alexander Bokovoy (2):
logon script: clarify usage for different Samba roles
smb.conf: add identity mapping section
Amitay Isaacs (48):
replace: Include libgen.h if available
ctdb-daemon: Remove tevent debug logging
ctdb-logging: Refactor logging code
ctdb-logging: Remove duplicate logging code
ctdb-daemon: Consolidate initialization of logging and debug level
ctdb-daemon: Fix debug messages
ctdb-daemon: Don't depend on debug_extra in exit handler
ctdb-daemon: Remove setting of debug_extra via ctdb_set_child_info()
ctdb-daemon: Remove setting of debug_extra from switch_from_server_to_client()
ctdb-daemon: Remove setting of debug_extra
ctdb-logging: Get rid of debug_extra
ctdb-recoverd: Log a message when terminating
ctdb-daemon: Initialize logging in recovery daemon
ctdb-daemon: Log to stderr when running in interactive mode
ctdb-daemon: Add ctdb_vfork_exec()
ctdb-locking: Start locking helper using ctdb_vfork_exec
ctdb-recovery: Start recovery helper with ctdb_vfork_exec
ctdb-build: Avoid duplicate list of man pages
ctdb-build: Generate pre-built documentation in wscript itself
ctdb-scripts: Add explicit check for service reconfiguration
ctdb-scripts: Drop ctdb_check_service_reconfigure
ctdb-daemon: Move function typedef to where it's used
ctdb-tests: Display filtered output when the test fails
ctdb-tests: Do not remove event script dir before shutting down ctdb
ctdb-build: Remove unnecessary intermediate build target
ctdb-tool: Allow passing multiple command-line arguments to helper
ctdb-tool: Improve error reporting if helper execution fails
ctdb-protocol: Fix marshalling of string with length
ctdb-protocol: Add marshalling for int32_t
ctdb-common: Add run_proc abstraction
ctdb-common: Add generic socket I/O
ctdb-common: Add sock_daemon abstraction
ctdb-protocol: Add data types for eventd communication
ctdb-protocol: Add marshalling for eventd protocol
ctdb-eventd: Add event script handling daemon
ctdb-client: Add client api for eventd communication
ctdb-tool: Add helper for talking to event daemon
ctdb-tests: Add tests for event daemon
ctdb-tool: Add new command "event" to ctdb tool
ctdb-tool: Drop disablescript, enablescript and eventscript commands
ctdb-daemon: Drop implementation of eventscript controls
ctdb-client: Drop client code for eventscript controls
ctdb-protocol: Drop marshaling for eventscript controls
ctdb-protocol: Deprecate eventscript controls
ctdb-daemon: Refactor check for valid events during recovery
ctdb-daemon: Add functions to talk to event daemon
ctdb-daemon: Switch to using event daemon
ctdb-daemon: Remove ctdb_event_helper
Andreas Schneider (88):
s3-libads: Fix canonicalization support with MIT Kerberos
s3:param: Add an 'include system krb5 conf' option
s3:libads: Include system /etc/krb5.conf if we use MIT Kerberos
selftest: Do not include system krb5.conf in selftest
util: Initialize pointer
libsocket: Make sure ifr.ifr_name is null-terminated
s3:waf: Reformat msrpc3
s3:waf: Reformat gpo
s3:waf: Reformat AVAHI
s3:waf: Reformat GROUPDB
s3:waf: Reformat TLDAP
s3:waf: Reformat samba-passdb
s3:waf: Reformat pdb
s3:waf: Reformat smbldaphelper
s3:waf: Reformat param
s3:waf: Reformat smbregistry
s3:waf: Reformat REG_SMBCONF
s3:waf: Reformat REG_FULL
s3:waf: Reformat samba3-util
s3:waf: Reformat TDB_LIB
s3:waf: Reformat messages_dgm
s3:waf: Reformat samba3core
s3:waf: Reformat libsmb
s3:waf: Reformat secrets3
s3:waf: Reformat ads
s3:waf: Reformat smbconf
s3:waf: Reformat smbd_base
s3:waf: Reformat LOCKING
s3:waf: Reformat PRINTBASE
s3:waf: Reformat PRINTBACKEND
s3:waf: Reformat printing_migrate
s3:waf: Reformat PRINTING
s3:waf: Reformat LIBNET_DSSYNC
s3:waf: Reformat LIBNET_SAMSYNC
s3:waf: Reformat LIBNMB
s3:waf: Reformat SERVICES
s3:waf: Reformat PLAINTEXT_AUTH
s3:waf: Reformat PASSCHANGE
s3:waf: Reformat SLCACHE
s3:waf: Reformat DCUTIL
s3:waf: Reformat trusts_util
s3:waf: Reformat samba3-util
s3:waf: Reformat CHARSET3
s3:waf: Reformat errors3
s3:waf: Reformat libcli_netlogon3
s3:waf: Reformat cli_spoolss
s3:waf: Reformat smbclient
s3:waf: Reformat smbspool
s3:waf: Reformat smbspool_krb5_wrapper
s3:waf: Reformat locktest2
s3:waf: Reformat smbstatus
s3:waf: Reformat smbtorture3
s3:waf: Reformat smbconftort
s3:waf: Reformat msgtest
s3:waf: Reformat msg_sink
s3:waf: Reformat msg_source
s3:waf: Reformat pdbtest
s3:waf: Reformat vfstest
s3:waf: Reformat versiontest
s3:waf: Reformat rpc_open_tcp
s3:waf: Reformat vlp
s3:waf: Move popt_samba3 up in the stack
s3:waf: Move cbuf functions to samba3-util
s3:waf samba3util requires CHARSET3
s4:waf: Remove unneded dependency to s3 param
s3:waf: Make PARAM and SMBREGISTRY a subsystem of smbconf only
s3:waf: Remove unneeded CHARSET3 dependency
printing: Fix building with CUPS version older than 1.7
s3-testparm: Fix trailing whitespaces
s3-testparm: Print error if the default backend is incorrect
s3-testparm: Print an error if we have overlapping idmap config
s3:winbind: Do not start with an invalid default idmap backend
s3:crypto: Use smb_krb5_kt_open_relative() for MEMORY keytab
krb5_wrap: More checks for absolute path in smb_krb5_kt_open()
krb5_wrap: Remove incorrect absolute path checks in smb_krb5_kt_open_relative()
docs: Update doc to use absolute path for 'dedicated keytab file'
testsuite: Add cmocka unit test for smb_krb5_kt_open()
WHATSNEW: Use capital K for Kerberos
WHATSNEW: Add Printing changes
WHATSNEW: Add some information about ID mapping
auth/credentials: Add talloc NULL check in cli_credentials_set_principal()
auth/credentials: Move function to free ccaches to the top
auth/credentials: Add NULL check in free_mccache()
auth/credentials: Add NULL check to free_dccache()
s3-rpc_client: Pass NULL as no password
testprogs: Use better KRB5CCNAME in test_password_settings.sh
auth/gensec: Fix typo in log message
auth/credentials: Add missing error code check for MIT Kerberos
Andrew Bartlett (23):
perf: Add simple tests for the open/close a database case
s4-rpc_server: Avoid extern reference to dcesrv_mgmt_interface and memcpy()
pidl: Make dcesrv\_$name\_interface "static const"
selftest: Print the POSIX ACL we got when the posixacl test fails
talloc: Add tests for talloc destructor behaviour after talloc_realloc()
torture: Add credentials downgrade and challenge reuse test to rpc.netlogon
torture: Use DCERPC_SCHANNEL_AUTO in rpc.schannel.schannel2 test
torture/samba3rpc: Use NETLOGON_NEG_AUTH2_ADS_FLAGS
torture: Add new test ServerReqChallengeReuseGlobal to rpc.netlogon
torture: Add ServerReqChallengeReuse to rpc.netlogon
torture: Add ServerReqChallengeReuseGlobal2 to rpc.netlogon
idl: Do not listen for lsarpc on \\pipe\netlogon
s4-rpc_server: Add back support for lsa over \\pipe\\netlogon optionally
selftest: test new "lsa over netlogon" smb.conf option
s4-rpc_server: Add comments explaining the control flow around dcesrv_bind()
s4-rpc_server: Allow each interface to declare if it uses handles
s4-rpc_server: Allow listener for RPC servers to use multiple processes
s4-rpc_server: Do not check association groups for NETLOGON
selftest: Use 'rpc server port:netlogon' and 'rpc server port' smb.conf option
s4-netlogon: Push the netlogon server in the AD DC into multiple processes
s4-rpc_server: Add braces to better follow coding style
dsdb: Parse linked attributes using their DN+Binary or DN+String syntax, if needed
WHATSNEW: Add text for AD DC changes
Anoop C S (3):
lib/util: Fix input arguments description for dbghdrclass() routine
lib/util: Fix indentation within routine description for dbghdrclass
docs-xml: Remove duplicate listing of configfile option in man pages
Björn Jacke (8):
docs-xml: change http://samba.org to https://www.samba.org
man pages: change http://samba.org to https://www.samba.org
ad/provision: change http://samba.org to https://www.samba.org
replace: make sure we have a SCOPE_DELIMITER define
util: use SCOPE_DELIMITER for the IPv6 scope delimiter
pam: map more NT password errors to PAM errors
pam: strip trailing whitespaces in pam_winbind.c
pam_winbind: Fix compiler warnings
Bob Campbell (10):
python/netcmd: print traceback through self.errf
python/tests: add tests for samba-tool dns
python/tests: expand tests for dns server over rpc
samba-tool/dns: reword error messages and make error catching specific
samba-tool/dns: remove use of dns_record_match from add and delete
dnsserver: add dns name checking
python/tests: expand samba-tool dns tests
dnsserver_common: Add name check in name2dn
torture/drs: move ExopBaseTest into DrsBaseTest and extend
torture/drs: test link replication with hwm and utdv
Clive Ferreira (1):
KCC: unconnected graph test
David Disseldorp (5):
ctdb-build: move ctdb_etcd_lock to utils/etcd
ctdb-build: configure time switch for etcd support
ctdb: cluster mutex helper using Ceph RADOS
ctdb/doc: man page for Ceph RADOS cluster mutex helper
ctdb: add test script for ctdb_mutex_ceph_rados_helper
David Mulder (1):
auth/gensec: Remove unneeded cli_credentials_set_conf() call
Douglas Bagnall (5):
KCC: Graphnode.add_edge_from expects dn strings, not objects
KCC: avoid infinite recursion when edgelist contains self
s4-torture: better, failing, tests for GUID_from_string
librpc/ndr/uuid.c: improve speed and accuracy of GUID string parsing
rpc_server:netlogon Move from memcache to a tdb cache
Garming Sam (6):
tests/dnsserver: Check security descriptors
python/tests: fix typo to use correct var
tests/dns: Check you cannot add empty CNAME
getncchanges: use the uptodateness_vector to filter links to replicate
ldbdump: Parse the -i option
ldb_tdb: avoid erroneous error messages
Jeremy Allison (11):
s3: libsmb: Setting the LIBSMBCLIENT_NO_CCACHE environment variable doesn't turn off credential cache use.
s3: smbd: rename - missing early error exit if source and destination prefixes are different.
s3: smbd: Make check_parent_access() available to rename code.
s3: smbd: Add missing permissions check on destination folder.
s3: torture: Regression test case for permissions check on rename.
lib: security: se_access_check() incorrectly processes owner rights (S-1-3-4) DENY ace entries
s3: torture: Adds regression test case for se_access_check() owner rights issue.
s3: ntlm_auth: Don't corrupt the output stream with debug messages.
s3: libsmb: Ensure SMB2 operations correctly set cli->raw_status.
s3: libsmb: Add cli_smb2_ftruncate(), plumb into cli_ftruncate().
s3: torture: Add test for cli_ftruncate calling cli_smb2_ftruncate.
Jose A. Rivera (1):
ctdb: Add new helper ctdb_etcd_lock
Karolin Seeger (3):
WHATSNEW: Some small formal fixes.
VERSION: Bump version up to 4.6.0rc1.
VERSION: Diable git snapshots for the 4.6.0rc1 release.
Lukas Slebodnik (5):
tevent: remove shebang from tevent.py
lib replace: Fix detection of features
WAF: Fix detection of linker features
WAF: Fix detection os sysname ...
WAF: Fix detection of IPv6
Martin Schwenke (52):
ctdb-daemon: Don't call ctdb_local_node_got_banned() on flag changes
ctdb-daemon: Exit early if there are trailing command-line arguments
ctdb-ipalloc: Optimise check to see if IP is available on a node
ctdb-tests: Use a separate directory for each local daemon
debug: Add minimalist D_* macros
ctdb-logging: Drop enum debug_level
ctdb-doc: Don't advertise numeric debug levels
ctdb-tests: Support symbolic debug level in takeover tests
ctdb-tests: Use symbolic debug levels in takeover tests
ctdb-tests: Use symbolic debug level for local daemons
ctdb-tests: Use symbolic debug levels in eventscript tests
ctdb-tests: Use symbolic debug levels in tool tests
ctdb-scripts: Update CTDB_SCRIPT_DEBUGLEVEL to be symbolic
ctdb-logging: Use Samba's debug levels
ctdb-scripts: Drop some tests for "reconfigure" event and monitor replay
ctdb-tests: Fix "ctdb reloadips" simple test
ctdb-protocol: Add generalised socket address comparison
ctdb-tests: Add unit test for protocol utilities
ctdb-tools: Fix sort order of "ctdb ip" output
ctdb-tools: Fix memory corruption in "ctdb ip -v"
ctdb-tools: Skip GET_PUBLIC_IP_INFO for unassigned addresses
ctdb-tools: Print PNN as int in "ctdb ip -v"
ctdb-tools: Don't trust non-hosting nodes in "ctdb ip all"
ctdb-protocol: Move CTDB_PUBLIC_IP_FLAGS_ONLY_AVAILABLE to protocol.h
ctdb-client: Add available-only option public IP fetching
ctdb-tests: Make fake_ctdbd use logging_init()
ctdb-tests: Allow FAKE_CTDBD_DEBUGLEVEL to be specified
ctdb-tests: Factor out reading of known public IP addresses
ctdb-tests: Add public IP state to fake_ctdbd
ctdb-tests: Factor out get_ctdb_iface_list()
ctdb-tests: Implement GET_PUBLIC_IP_INFO control in fake_ctdbd
ctdb-tests: Add tool tests for "ctdb ipinfo"
ctdb-tests: Implement GET_PUBLIC_IPS control in fake_ctdbd
ctdb-tests: Add tool tests for "ctdb ip"
ctdb-tests: Add RELEASE_IP control to fake_ctdbd
ctdb-tests: Add TAKEOVER_IP control to fake_ctdbd
ctdb-tests: Add IPREALLOCATED control to fake_ctdbd
ctdb-tests: Add faking of control failures/timeouts to fake_ctdbd
ctdb-docs: Document that tunables should be set the same on all nodes
ctdb-takeover: NoIPTakeover is global across cluster
ctdb-takeover: NoIPHostOnAllDisabled is global across cluster
ctdb-takeover: IPAllocAlgorithm replaces LCP2PublicIPs, DeterministicIPs
ctdb-takeover: Add takeover helper
ctdb-tests: New function unit_test_notrace()
ctdb-tests: Add tests for takeover helper
ctdb-recoverd: Generalise helper state, handler and launching
ctdb-recoverd: Integrate takeover helper
ctdb-takeover: Drop unused ctdb_takeover_run() and related code
ctdb-tests: Remove the python LCP2 simulation
WHATSNEW: CTDB updates
ctdb-takeover: Fix CID 1398169 Unchecked return value
ctdb-takeover: Clean up when exiting on error
Ralph Boehme (8):
vfs_fruit: fix fruit:resource option spelling
WHATSNEW: document fruit:resource option spelling issue
manpages/vfs_fruit: add warning to fruit:resoure=stream
vfs_gpfs: update btime in vfs_gpfs_(f)get_dos_attributes
vfs_gpfs: remove updating btime from stat VFS calls
vfs_gpfs: simplify stat_with_capability() ifdef
ctdbd_conn: fix a resource leak
ctdbd_conn: remove unused fde from struct ctdbd_connection
Stefan Metzmacher (79):
tests/libsmb_samba_internal.py: fully setup the Credentials by creds.guess(lp)
s3:winbindd: always use saf_store(domain->alt_name, controller) for ad domains
s3:libsmb: change cli_full_connection_send/recv into cli_full_connection_creds_send/recv
s3:libnet_join: make use of cli_full_connection_creds()
s3:libsmb: restructure cli_full_connection_creds* flow
s4:repl_meta_data: normalize rdn attribute name via the schema
auth/credentials: let cli_credentials_parse_string() handle the "winbind separator"
auth/credentials: fix cut'n'paste error in cli_credentials_get_principal_and_obtained()
auth/credentials: clear all unused blobs in cli_credentials_get_ntlm_response()
s3:torture: make use of cli_full_connection_creds() in torture.c
s3:libsmb: fix memory leak in cli_raw_ntlm_smb_encryption_start()
s3:libsmb: fix 'client lanman auth = no' DEBUG message in cli_session_setup_creds_send()
s3:libsmb: add cli_tree_connect_creds()
s3:client: make use of cli_tree_connect_creds() in smbspool.c
s3:client: avoid using cli->{use_kerberos,...} for cli_session_creds_init() in smbspool.c
s3:libsmb: avoid using cli->{use_kerberos,...} in remote_password_change()
s3:libsmb: don't pass 'passlen' to cli_tree_connect[_send]() and allow pass=NULL
script/autobuild.py: don't add subdirs of testbase to cleanup_list
script/autobuild.py: remove pointless mkdir/rmdir commands
script/autobuild.py: cleanup testbase/prefix before each retry
script/autobuild.py: create tmpdir for each try and export it as TMPDIR
selftest: also export TMPDIR
selftest: make sure we always export KRB5CCNAME
s3:lib/netapi: Use lp_client_ipc_max_protocol() in libnetapi_open_ipc_connection()
s3:torture: Use cli_tree_connect_creds() where we may use share level auth
s3:torture/masktest: Use cli_tree_connect_creds()
s3:torture/masktest: masktest only works with SMB1 currently
s3:libsmb: split out a cli_session_creds_prepare_krb5() function
s3:libsmb: don't let cli_session_creds_init() overwrite the default domain with ""
s3:libsmb: Use cli_cm_force_encryption() instead of cli_force_encryption()
s3:utils: Use cli_cm_force_encryption() instead of cli_force_encryption()
auth/credentials: make use of talloc_zero() in cli_credentials_init()
auth/credentials: let cli_credentials_set_password() fail if talloc_strdup() fails
auth/credentials: add cli_credentials_set_password_will_be_nt_hash() and the related logic
tests/credentials.py: add test for cli_credentials_set_password_will_be_nt_hash()
tests/credentials.py: verify the difference of parse_string("someone") and parse_string("someone%")
auth/credentials: add py_creds_parse_file()
tests/credentials.py: add very simple test for py_creds_parse_file
auth/credentials: add python bindings for enum credentials_obtained
auth/credentials: handle situations without a configured (default) realm
tests/credentials.py: add tests with a realm from smb.conf
auth/credentials: let cli_credentials_parse_string() always reset username and domain
auth/credentials: let cli_credentials_parse_string() always reset principal and realm
tests/credentials.py: add tests to verify realm/principal behaviour of cli_credentials_parse_string()
auth/credentials: let cli_credentials_parse_file() handle 'username' with cli_credentials_parse_string()
tests/credentials.py: verify the new cli_credentials_parse_file() 'username' parsing
auth/credentials: change the parsing order of cli_credentials_parse_file()
tests/credentials.py: demonstrate the last 'username' line of creds.parse_file() beats other lines
s3:popt_common: let POPT_COMMON_CREDENTIALS imply logfile and conffile loading
s3:user_auth_info: let struct user_auth_info use struct cli_credentials internally
CVE-2016-2125: s4:scripting: don't use GSS_C_DELEG_FLAG in nsupdate-gss
CVE-2016-2125: s3:gse: avoid using GSS_C_DELEG_FLAG
CVE-2016-2125: s4:gensec_gssapi: don't use GSS_C_DELEG_FLAG by default
CVE-2016-2126: auth/kerberos: only allow known checksum types in check_pac_checksum()
HEIMDAL:lib/krb5: move checksum vs. enctype checks into get_checksum_key()
HEIMDAL:lib/krb5: use krb5_verify_checksum() in krb5_c_verify_checksum()
s3:printing: remove double PRINT_SPOOL_PREFIX define
s3:libsmb: add cli_smb1_setup_encryption*() functions
s3:torture: make use of cli_smb1_setup_encryption() in force_cli_encryption()
s3:client: make use of cli_smb1_setup_encryption() in cmd_posix_encrypt()
s3:libsmb: make use of cli_smb1_setup_encryption() in cli_cm_force_encryption()
s3:libsmb: remove unused cli_*_encryption* functions
s3:libsmb: make use of get_cmdline_auth_info_creds() in clidfs.c:do_connect()
s3:libsmb: avoid using cli_session_setup() in SMBC_server_internal()
s3:libsmb: remove now unused cli_session_setup()
s3:libsmb: make use of cli_tree_connect_creds() in clidfs.c:do_connect()
s3:libsmb: make use of cli_tree_connect_creds() in SMBC_server_internal()
s3:libsmb: split out cli_cm_force_encryption_creds()
s3:libsmb: make use of cli_cm_force_encryption_creds() where we already have creds
s3:client: use cli_cm_force_encryption_creds in smbspool.c (in a #if 0 section)
s3:libsmb: pass cli_credentials to cli_check_msdfs_proxy()
s3:libsmb: Always use GENSEC_OID_SPNEGO in cli_smb1_setup_encryption_send()
krb5_wrap: fix smb_krb5_cc_copy_creds() for MIT krb5
Happy New Year 2017!
s4:librpc/rpc: don't do an anonymous bind over ncacn_np:server[packet]
s4:librpc/rpc: make sure we handle DCERPC_PACKET before DCERPC_CONNECT
s3:librpc/gse: include ccache_name in DEBUG message if krb5_cc_resolve() fails
s3:librpc/gse: remove unused #ifdef HAVE_GSS_KRB5_IMPORT_CRED
s3:librpc/gse: make use of gss_krb5_import_cred() instead of gss_acquire_cred()
Uri Simchoni (2):
smbd: avoid extra churn on a debug print
cli-quotas: fix potential memory leak
Volker Lendecke (138):
lib: Avoid includes.h in bitmap.c
lib: Delete an orphaned piece of code in samlogon_cache.c
lib: Delete unused netsamlogon_cache_shutdown
lib: Fix netsamlogon_cache_have for README.Coding
lib: Add samlogon_cache.h
lib: Avoid fstring in samlogon_cache.c
lib: Replace use of deprecated talloc_destroy
lib: Avoid includes.h in samlogon_cache.c
lib: Fix a comment
lib: Remove a used-once variable
winbind: lookup_usergroups_cached doesn't use the "domain" parameter
idmap_hash: Make lw_map_file static
idmap_hash: stdio.h comes with replace.h
idmap_autorid: Add a {} pair in an if-statement
lib: Make dom_sid_parse_endp init "endp" on all "ok" paths
idmap_autorid: dom_sid_parse_endp always initializes "endp" when ok
winbind: dom_sid_parse_endp always initializes "endp" when ok
smbclient4: xfile->stdio
smbclient: xfile->stdio
idmap_hash: xfile->stdio
lib: popt_common xfile->stdio
lib: Add fgets_slash
smbd: username map file handling xfile->stdio
torture: upload_printer_driver_file xfile->stdio
ntlm_auth3: xfile->stdio
vfs: expand_msdfs xfile->stdio
rpc_server: svcctl xfile->stdio
printing: std_pcap_cache_reload xfile->stdio
printing: Convert aix_cache_reload to stdio
libnbt: lmhosts xfile->stdio
lib: smbreadline xfile->stdio
nmbd: xfile->stdio
lib: Remove xfile
libsmb: Correctly report error for rename failure
samlogon_cache: Simplify netsamlogon_cache_have
samlogon_cache: Add the user's domain sid into the samlogon_cache
samlogon_cache: Rename "user_sid" to "sid"
idmap_autorid: Slightly simplify idmap_autorid_unixids_to_sids
idmap_tdb: Harden idmap_tdb_common_unixid_to_sid
idmap_autorid: Protect against dsize==0
idmap_autorid: Fix a comment
idmap_autorid: Tighten idmap_autorid_id_to_sid a bit
idmap_autorid: idmap_autorid_sid_to_id_rid only uses low_id from "range"
idmap_autorid: idmap_autorid_sid_to_id_rid only uses rangesize from "global"
idmap_autorid: Do a readonly attempt before looking at the tdc cache
idmap_autorid: Only look at the tdc cache when allocating ranges
idmap_autorid: Add ntstatus to a debug message
idmap_autorid: Fix checks for valid domains to allocate ranges for
idmap_autorid: Make idmap_autorid_acquire_range public
idmap_autorid: Use acquire_range directly
idmap_autorid: Fix a race condition when acquiring ranges
idmap_autorid: Fix a small memleak
idmap_autorid: Simplify idmap_autorid_loadconfig
CVE-2016-2123: Fix DNS vuln ZDI-CAN-3995
HEIMDAL:lib/krb5: Harden ARCFOUR_sub{en,de}crypt()
HEIMDAL:lib/krb5: Harden _krb5_derive_key()
idl: Fix a comment typo
lib: Fix whitespace in lmhosts.c
lib: Fix a comment in idmap_cache.c
ctdb: Fix CID 1398179 Argument cannot be negative
ctdb: Fix CID 1398178 Argument cannot be negative
ctdb: Fix CID 1398175 Dereference after null check
idmap_autorid: Add the error string in a debug
idmap_rid: Add the error string in a debug
idmap: Pass up the xid2sids unix-ids from the idmap child
idmap: Prime gencache after xids2sids calls
winbindd: Use idmap cache in xids2sids
idmap4: Fix idmap_ctx talloc hierarchy
idmap4: Fix error path memleaks in idmap_init
idmap4: Slightly simplify idmap_xid_to_sid
lib: Add lib/util_unixsids.h
passdb: Move lookup_unix_[user|group]_name to lookup_sid.c
lib: Add required prerequisites for librpc/gen_ndr/security.h
lib: Avoid an includes.h
idmap4: Use sid_check_is_in_unix_users()
idmap4: Use sid_check_is_in_unix_groups()
winbind: Initialize user list info to 0
winbind4: Remove unused code
winbind: Fix wb_lookupsids for AD DCs
idmap: Simplify idmap_ad_nss_init()
winbind: It's legitmate to have 0 groups in info3
winbind: Make "idmap_find_domain" public
winbind: Add a GetNssInfo parent/child call
winbind: Adapt cache to extended wbint_userinfo
winbind: Restructure wb_getpwsid
idmap_ad: Restore querying SFU nss info
winbind: Don't do supplementary group lookup manually
winbind: Simplify wb_gettoken
winbind: Fix a confusing indentation
winbind: Add wbint_QueryUserRidList
winbind: Go throught wb_getpwsid for listing users
winbind: Remove wb_fill_pwent
winbind: Remove find_builtin_domain helper function
libsmb: Add name_status_lmhosts
lib: Remove a duplicate prototype
libcli: Use "all_zero" where appropriate
auth3: Use "all_zero" where appropriate
libcli: Use "all_zero" where appropriate
libcli: Use "all_zero" where appropriate
ntlm_auth: Use "all_zero" where appropriate
auth3: Avoid some zeros footprint
passdb: Use "all_zero" where appropriate
libcli: Use "all_zero" where appropriate
librpc: Use "all_zero" where appropriate
auth: Use "all_zero" where appropriate
libnet: Use "all_zero" where appropriate
librpc: Use "all_zero" where appropriate
lib: Use "all_zero" where appropriate
libads: Use "all_zero" where appropriate
samr3: Use "all_zero" where appropriate
kdc: Use "all_zero" where appropriate
auth4: Use "all_zero" where appropriate
torture-dfs: Use "all_zero" where appropriate
torture-samlogon: Use "all_zero" where appropriate
torture-samlogon: Avoid static zeros
torture-netlogon: Use "all_zero" where appropriate
winbind: Remove wbint_QueryUser
winbind: Remove unused wb_cache_query_user
winbind: Remove "query_user" backend function
winbind: Remove rpc_query_user
winbind: Add "expand_local_aliases" to wb_gettoken
winbind: Use wb_gettoken in getuserdomgroups
winbind: Remove wb_lookupusergroups
winbind: Remove wbint_LookupUserGroups
winbind: Remove wb_cache_lookup_usergroups
winbind: Remove wcache_lookup_usergroups
winbind: Remove validate_ug
winbind: Remove "lookup_usergroups" winbind method
winbind: Remove rpc_lookup_usergroups
winbind: Make wb_query_user_list just return names
winbind: Make list_users use wb_query_user_list
winbind: Remove wbint_QueryUserList
winbind: Simplify query_user_list to only return rids
winbind: Remove unused nss_get_info_cached
winbind: Remove nss_get_info()
winbind: remove nss_get_info backend functions
winbind: Avoid a few explicit ZERO_STRUCT calls
winbind: Fix a typo
-----------------------------------------------------------------------
--
Samba Shared Repository
More information about the samba-cvs
mailing list