[SCM] Samba Shared Repository - annotated tag samba-4.5.6 created

Karolin Seeger kseeger at samba.org
Thu Mar 9 13:43:08 UTC 2017

The annotated tag, samba-4.5.6 has been created
        at  01f72137a68ad2fb2daa602e8a71ad1b2fa5d4bc (tag)
   tagging  4a7d5482fdc9963ddc290f5761cd7893f3b7f97b (commit)
  replaces  samba-4.5.5
 tagged by  Karolin Seeger
        on  Thu Mar 9 10:25:29 2017 +0100

- Log -----------------------------------------------------------------
samba: tag release samba-4.5.6
Version: GnuPG v1


Amitay Isaacs (5):
      ctdb-tests: Do not build mutex test if robust mutexes are not supported
      ctdb-tests: Use replace headers instead of system headers
      ctdb-build: Install CTDB tests correctly from toplevel
      ctdb-common: Fix use-after-free error in comm_fd_handler()
      ctdb-tests: Add more comm tests

Andreas Schneider (1):
      s3-vfs: Only walk the directory once in open_and_sort_dir()

Andrew Bartlett (2):
      samba_dsdb: Use and maintain compatibleFeatures and requiredFeatures in @SAMBA_DSDB
      dbcheck: Do not regard old one-way-links as errors

Garming Sam (4):
      dbcheck-links: Test that dbcheck against one-way links does not error
      tests/dbcheck: Add a test for two live objects, with a dangling backlink
      tests/dbcheck: Add a test for two live objects, with a dangling forward link
      dbchecker: Stop ignoring linked cases where both objects are alive

Jeremy Allison (25):
      s3: vfs: dirsort doesn't handle opendir of "." correctly.
      s3: VFS: vfs_streams_xattr.c: Make streams_xattr_open() store the same path as streams_xattr_recheck().
      s3: smbd: Correctly canonicalize any incoming shadow copy path.
      s3: lib: Add canonicalize_absolute_path().
      s3: lib: Fix two old, old bugs in set_conn_connectpath(), now in canonicalize_absolute_path().
      s3: smbtorture: Add new local test LOCAL-CANONICALIZE-PATH
      s3: smbd: Make set_conn_connectpath() call canonicalize_absolute_path().
      s3: VFS: shadow_copy2: Correctly initialize timestamp and stripped variables.
      s3: VFS: shadow_copy2: Ensure pathnames for parameters are correctly relative and terminated.
      s3: VFS: shadow_copy2: Fix length comparison to ensure we don't overstep a length.
      s3: VFS: shadow_copy2: Add two new variables to the private data. Not yet used.
      s3: VFS: shadow_copy2: Add a wrapper function to call the original shadow_copy2_strip_snapshot().
      s3: VFS: shadow_copy2: Change a parameter name.
      s3: VFS: shadow_copy2: Add two currently unused functions to make pathnames absolute or relative to $cwd.
      s3: VFS: shadow_copy2: Fix chdir to store off the needed private variables.
      s3: VFS: Allow shadow_copy2_connectpath() to return the cached path derived from $cwd.
      s3: VFS: Ensure shadow:format cannot contain a / path separator.
      s3: VFS: Add utility function check_for_converted_path().
      s3: VFS: shadow_copy2: Fix module to work with variable current working directory.
      s3: VFS: shadow_copy2: Fix a memory leak in the connectpath function.
      s3: VFS: shadow_copy2: Fix usage of saved_errno to only set errno on error.
      s3: VFS: Don't allow symlink, link or rename on already converted paths.
      s3: smbd: Don't loop infinitely on bad-symlink resolution.
      s3: torture: Regression test for smbd trying to open an invalid symlink.
      s3: smbd: Restart reading the incoming SMB2 fd when the send queue is drained.

Karolin Seeger (4):
      VERSION: Bump version up to 4.5.6...
      WHATSNEW: Clarify entry.
      WHATSNEW: Add release notes for Samba 4.5.6.
      VERSION: Disable GIT_SNAPSHOTS for the 4.5.6 release.

Martin Schwenke (1):
      ctdb-scripts: Initialise CTDB_NFS_CALLOUT in statd-callout

Ralph Boehme (75):
      s3/rpc_server: shared rpc modules loading
      s3/smbd: ensure global "smb encrypt = off" is effective for SMB 1 clients
      s3/smbd: ensure global "smb encrypt = off" is effective for SMB 3.1.1 clients
      s3/smbd: ensure global "smb encrypt = off" is effective for share with "smb encrypt = desired"
      docs: impact of a global "smb encrypt=off" on a share with "smb encrypt=required"
      selftest: disable SMB encryption in simpleserver environment
      selftest: add test for global "smb encrypt=off"
      s3/rpc_server: move rpc_modules.c to its own subsystem
      vfs_fruit: checks wrong AAPL config state and so always uses readdirattr
      selftest: also run test base.createx_access against ad_dc
      s3/smbd: check for invalid access_mask smbd_calculate_access_mask()
      s3/rpc_server/mdssvc: add attribute "kMDItemContentType"
      vfs_streams_xattr: use fsp, not base_fsp
      selftest: don't run vfs_fruit tests against ad_dc env
      s3/includes: add FinderInfo offset define to MacExtensions.h
      vfs_streams_xattr: call SMB_VFS_OPEN with smb_fname_base
      vfs_streams_xattr: use SMB_VFS_NEXT_OPEN and CLOSE
      vfs_catia: run translation on all handle based VFS functions
      vfs_catia: add catia_readdir_attr
      vfs_catia: add catia_(g|s)et_dos_attributes
      vfs_fruit: fix fruit_pread with metadata=stream
      vfs_fruit: fix fruit_ftruncate with metadata=stream
      vfs_fruit: rename empty_finderinfo() and make it more robust
      vfs_fruit: fix fruit_pwrite() with metadata=stream
      vfs_fruit: replace unsafe ad_entry macro with a function
      vfs_fruit: refactor fruit_open_meta()
      vfs_fruit: correct fruit_open_meta_stream() implementation
      vfs_fruit: refactor fruit_stat_meta()
      vfs_fruit: correct fruit_stat_meta_stream() implementation
      vfs_fruit: update_btime() is only needed for metadata=netatalk
      vfs_fruit: refactor readdir_attr_meta()
      vfs_fruit: correct readdir_attr_meta_finderi_stream() implementation
      vfs_fruit: fix fruit_rename() for the fruit:resource!=file case
      vfs_fruit: refactor fruit_unlink()
      vfs_fruit: fix fruit_chmod() for the fruit:resource!=file case
      vfs_fruit: fix fruit_chown() for the fruit:resource!=file case
      vfs_fruit: fix fruit_rmdir() for the fruit:resource!=file case
      vfs_fruit: in fruit_rmdir() check ._ files before deleting them
      vfs_fruit: refactor fruit_open_rsrc()
      vfs_fruit: refactor fruit_stat_rsrc()
      vfs_fruit: add fruit_stat_rsrc_stream() implementation
      vfs_fruit: add fruit_stat_rsrc_xattr() implementation
      vfs_fruit: refactor fruit_streaminfo()
      vfs_fruit: fix fruit_ntimes() for the fruit:metadata!=netatalk case
      vfs_fruit: refactor fruit_ftruncate() and fix stream case
      vfs_fruit: refactor readdir_attr_macmeta() resource fork size
      vfs_fruit: use SMB_VFS_NEXT_OPEN in two places
      vfs_fruit: remove base_fsp name translation
      vfs_fruit: fix fruit_check_access()
      selftest: disable vfs_fruit tests
      vfs_fruit: rework struct adouble API
      vfs_fruit: refactor fruit_open and use new adouble API
      vfs_fruit: refactor fruit_pread and fruit_pwrite and use new adouble API
      vfs_fruit: refactor fruit_fstat and use new adouble API
      vfs_fruit: use fio in fruit_fallocate
      vfs_fruit: refactor fruit_ftruncate and use new adouble API
      selftest: reenable vfs_fruit tests
      selftest: move vfs_fruit tests that require "fruit:metadata=netatalk" to vfs.fruit_netatalk
      selftest: run vfs_fruit tests against share with fruit:metadata=stream
      selftest: also run vfs_fruit tests with streams_depot
      selftest: add description to vfs_fruit testsuites
      s4/torture: vfs_fruit: add test_null_afpinfo test
      s4/torture: vfs_fruit: test deleting a file with resource fork
      s4/torture: add a vfs_fruit renaming test with open rsrc fork
      lib/torture: add torture_assert_mem_equal_goto
      s4/torture: add test for AAPL find with name with illegal NTFS characters
      docs/vfs_fruit: document known limitations with fruit:encoding=native
      s4/torture: change shares in used torture_suite_add_2ns_smb2_test()
      selftest: add shares without vfs_fruit for the vfs_fruit tests
      vfs_fruit: ignore or delete invalid AFP_AfpInfo streams
      s4/torture: vfs_fruit: test invalid AFPINFO_STREAM_NAME
      vfs_fruit: use stat info from base_fsp
      s4/torture: vfs_fruit: add stream with illegal ntfs characters to copyile test
      vfs_fruit: only veto AppleDouble files with fruit:resource=file
      vfs_fruit: enabling AAPL extensions must be a global switch

Stefan Metzmacher (42):
      s4:repl_meta_data: normalize rdn attribute name via the schema
      s3:smbd: allow "server min protocol = SMB3_00" to go via "SMB 2.???" negprot
      selftest/Samba3: use "server min protocol = SMB3_00" for "ktest"
      s3:librpc: remove bigendian argument from dcerpc_pull_ncacn_packet()
      libcli/auth: check E_md4hash() result in netlogon_creds_cli_ServerPasswordSet_send()
      libcli/auth: add netlogon_creds_cli_debug_string()
      lib/util: add generate_random_machine_password() function
      s3:libsmb: let trust_pw_change() debug more verbose information
      s3:libsmb: let trust_pw_change() verify the new password at the end.
      s3:libsmb: add trust_pw_new_value() helper function
      s3:libsmb: use trust_pw_new_value() in trust_pw_change()
      s3:libads: use trust_pw_new_value() for krb5 machine passwords
      s3:libnet_join: make use of trust_pw_new_value()
      s3:net_rpc_trust: make use of trust_pw_new_value()
      s3:include: remove unused DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH
      s4:libcli/raw: remove unused DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH
      s4:libnet: make use of generate_random_machine_password()
      s4:dsdb: autogenerate a random utf16 buffer for krbtgt password resets.
      python/samba: provision_dns_add_samba.ldif expects utf-16-le passwords
      python/samba: use an explicit .encode('utf-8') where we expect utf8 passwords
      pyglue: add generate_random_machine_password() wrapper
      samba-tool:domain: use generate_random_machine_password() for trusted domains
      samba-tool:domain: use generate_random_machine_password() for machine passwords
      samba-tool:provision: use generate_random_machine_password() for machine passwords
      s4:scripting: use generate_random_machine_password() for machine passwords
      krb5_wrap: use our own code to calculate the ENCTYPE_ARCFOUR_HMAC key
      librpc/rpc: fix regression in NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE error mapping
      libcli/auth: use the correct creds value against servers without LogonSamLogonEx
      s3:winbindd: make sure cm_prepare_connection() only returns OK with a valid tree connect
      Revert "s3-winbind: Fix schannel connections against trusted domain DCs"
      s3:winbindd: try a NETLOGON connection with noauth over NCACN_NP against trusted domains.
      auth/credentials: try to use kerberos with the machine account unless we're in an AD domain
      s3:winbindd: fix the valid usage anonymous smb authentication
      s3:passdb: use cli_credentials_set_kerberos_state() for trusts in pdb_get_trust_credentials()
      s3:winbindd: add more debugging to cm_prepare_connection()
      s3:winbindd: rely on the kerberos_state from pdb_get_trust_credentials()
      s3:libads: add more debugging to ads_sasl_spnego_bind()
      s3:winbindd: allow a fallback to NTLMSSP for LDAP connections
      s3:idmap_ad: make use of pdb_get_trust_credentials() to get the machine account creds
      s3:winbindd: fix endless forest trust scan
      ldb-samba: remember the error string of a failing bind in ildb_connect()
      s4:ldap_server: match windows in the error messages of failing LDAP Bind requests

Uri Simchoni (1):
      waf: backport finding of pkg-config

Volker Lendecke (1):
      smbd: Fix "map acl inherit" = yes


Samba Shared Repository

More information about the samba-cvs mailing list