[SCM] Samba Shared Repository - branch v4-8-stable updated

Karolin Seeger kseeger at samba.org
Thu Mar 1 20:27:11 UTC 2018


The branch, v4-8-stable has been updated
       via  562b385 VERSION: Disable GIT_SNAPSHOT for the 4.8.0rc4 release.
       via  9d4ae41 WHATSNEW: Add changes since rc4.
       via  0486f44 WHATSNEW: document changed wbinfo -m --verbose output
       via  c76d2e0 WHATSNEW: add 'Improved support for trusted domains (as AD DC)' section
       via  608d1b81f WHATSNEW: reference 'smbclient reparse point symlink parameters reversed' to 'UPGRADING'
       via  44685eb WHATSNEW: move descriptions of removed features to "REMOVED FEATURES"
       via  4cfa1f5 s4:kdc: disable support for CROSS_ORGANIZATION domains
       via  1d92e79 s4:kdc: only support LSA_TRUST_TYPE_UPLEVEL domains in samba_kdc_trust_message2entry()
       via  b524562 s4:kdc: make use of dsdb_trust_parse_tdo_info() in samba_kdc_trust_message2entry()
       via  896a530 winbindd: disable support for CROSS_ORGANIZATION domains
       via  a775187 vfs_fruit: use off_t, not size_t for TM size calculations
       via  95dd73c build: fix libceph-common detection
       via  222a361 WHATSNEW: Explain implications of GUID index change
       via  b0120b5 ldb: version 1.3.2
       via  7aee235 ldb_debug tests: Fix binary data in debug log
       via  da216fa ldb_debug: Fix binary data in debug log
       via  93cfa46 ldb tests: fix null test on incorrect variable
       via  105a5b0 repl_md: avoid returning LDB_SUCCESS on failure
       via  633df98 repl_metadata: Avoid silent skipping an object during DRS (due to RODC rename collisions)
       via  1765edc repl_metadata: Avoid silent skipping an object during DRS (due to RODC name collisions)
       via  c57f17b tests/replica_sync_rodc: Test conflict handling on an RODC
       via  7e17897 selftest: Add RODC variables to list of those exported
       via  8d81d9b tests/drs_base: Allow the net drs replicate to try with a single object
       via  59725be tests/replica_sync: Add some additional replication in setUp
       via  0b0664b winbind: don't try to do an authenticated SMB connection as AD DC
       via  61af154 winbind: set_dc_type_and_flags() is not needed on a DC
       via  f767b7b winbind: make sure we don't contact trusted domains via LDAP as AD DC
       via  24f8170 winbind: make sure we don't contact trusted domains via SAMR as AD DC
       via  ae962f8 winbind: let cm_connect_netlogon_transport() only work against direct trust as AD DC
       via  ceaf7ac winbind: force the usage of schannel in cm_connect_lsa() as AD DC
       via  cdcb8a9 s3:smb_macros.h: add IS_AD_DC as addition to IS_DC
       via  c6f69f7 dsdb/encrypted_secrets: remove dependency to libnettle and use our own aes_gcm_128_*()
       via  9535550 winbind: Use one queue for all domain children
       via  0465985 winbind: Maintain a binding handle per domain and always go via wb_domain_request_send()
       via  0dc0c59 winbind: make choose_domain_child() static
       via  d4970bc winbind: add locator_child_handle() and use it instead of child->binding_handle
       via  f613d22 winbind: add idmap_child_handle() and use it instead of child->binding_handle
       via  52de132 winbind: improve wb_domain_request_send() to use wb_dsgetdcname_send() for a foreign domain
       via  8996baa winbind: use state->{ev,request} in wb_domain_request_send()
       via  3b49053 winbind: avoid using fstrcpy(dcname,...) in _dual_init_connection
       via  a993d0f winbind: cleanup winbindd_cli_state->pwent_state if winbindd_getpwent_recv() returns an error
       via  0032296 winbind: cleanup winbindd_cli_state->grent_state if winbindd_getgrent_recv() returns an error
       via  f9103fc winbind: call lp_winbind_enum_{users,groups}() already in set{pw,gr}ent()
       via  4c1e32d winbind: protect a pending wb_child_request against a talloc_free()
       via  be881cb winbind: use tevent_queue_wait_send/recv in wb_child_request_*()
       via  456d7eb winbind: Improve child selection
       via  5e43980 tevent: version 0.9.36
       via  8a29a03 tevent: add tevent_queue_entry_untrigger()
       via  5eaf80b tevent: improve documentation of tevent_queue_add_optimize_empty()
       via  73121c4 s4:auth_sam: allow logons with an empty domain name
       via  e3bbe2c tests/bind.py: Add a bind test with NTLMSSP with no domain
       via  f0a233d tests/py_creds: Add a SamLogonEx test with an empty string domain
       via  cacf4bb s3:cliconnect.c: remove useless ';'
       via  0b69a7a s3:libsmb: allow -U"\administrator" to work
       via  a72353a s4:rpc_server: fix call_id truncation in dcesrv_find_fragmented_call()
       via  0fa4986 tests:dcerpc/raw_protocol: reproduce call_id truncation bug
       via  bb2dc6c s4:rpc_server/lsa: implement forwarding lsa_Lookup{Sids,Names}() requests to winbindd
       via  d130e1f winbindd: implement wb_irpc_lsa_{LookupNames4,LookupSids3}()
       via  bd083ae s4:rpc_server/lsa: rewrite lookup sids/names code to honor the given lookup level
       via  5defe8c test_trust_ntlm.sh: add lookup name tests
       via  80266e1 libcli/security: add dom_sid_lookup_predefined_{sid,name}()
       via  6075763 s4:dsdb: add dsdb_trust_domain_by_{sid,name}()
       via  4e6f20a s4:rpc_server/lsa: prepare dcesrv_lsa_LookupNames* for async processing
       via  6a2ff19 s4:rpc_server/lsa: prepare dcesrv_lsa_LookupSids* for async processing
       via  82a36e4 s4:rpc_server/lsa: base dcesrv_lsa_LookupNames2() on dcesrv_lsa_LookupNames_common()
       via  7ab3d8c s4:rpc_server/lsa: base dcesrv_lsa_LookupNames() on dcesrv_lsa_LookupNames_common()
       via  b45afd3 s4:rpc_server/lsa: rename 'state' variable to 'policy_state' in dcesrv_lsa_LookupNames2()
       via  7c8c5ed s4:rpc_server/lsa: rename 'state' variable to 'policy_state' in dcesrv_lsa_LookupSids2()
       via  552b0f7 s4:rpc_server/lsa: rename 'state' variable to 'policy_state' in dcesrv_lsa_LookupSids_common()
       via  d210946 s4:rpc_server/lsa: simplify [ref] pointer handling in dcesrv_lsa_LookupNames()
       via  4276801 s4:rpc_server/lsa: simplify [ref] pointer handling in dcesrv_lsa_LookupSids()
       via  62879fe s4:rpc_server/lsa: remove unused 'status' variable in dcesrv_lsa_LookupSids_common()
       via  0c331d5 s4:rpc_server/lsa: make sure dcesrv_lsa_LookupNames2() gets prepared [ref] pointers
       via  efe06ef s4:rpc_server/lsa: expect prepared [ref] pointers in dcesrv_lsa_LookupNames_common()
       via  a4a619d s4:rpc_server/lsa: make sure dcesrv_lsa_LookupSids_common() gets prepared [ref] pointers
       via  d68a14e s4:rpc_server/lsa: use LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES/LSA_CLIENT_REVISION_1 in compat code
       via  5e399aa rpcclient: add lookupsids_level command
       via  0d4e2c8 rpcclient: fix variable initialisation and add parenthesis to if clauses
       via  92f0b55 provision: fix the 'dnsdomain' for the local sam of a domain member
       via  46f9507 traffic_packets.py: let Lookup{Sids,Names}() work against a sane server
       via  2ba8639 nsswitch: fix double free errors in nsstest.c
       via  3bc00ec s4:torture: zero initialize variables in test_LookupSidsReply()
       via  2d1b48a winbindd: make use of talloc_zero_array() in wb_lookupsids*()
       via  d90f8fe s3:cli_lsarpc: use talloc_zero_array() in dcerpc_lsa_lookup_names_generic()
       via  00b55da s3:cli_lsarpc: use talloc_zero_array() in dcerpc_lsa_lookup_sids_generic()
       via  41562d1 winbindd: initialize type = SID_NAME_UNKNOWN in wb_lookupsids_single_done()
       via  3c426d6 winbindd: don't split the rid for SID_NAME_DOMAIN sids in wb_lookupsids
       via  d113629 vfs_fileid: Fix the 32-bit build
       via  e002514 mit-kdb: support MIT Kerberos 1.16 KDB API changes
       via  6b9c094 vfs_glusterfs: Fix the wrong pointer being sent in glfs_fsync_async
       via  4d47c72 vfs_glusterfs: Add fallocate support for vfs_glusterfs
       via  a46dc61 subnet: Avoid a segfault when renaming subnet objects
       via  f093cdd ctdb-tests: Set test timeout to an hour
       via  6711e70 ctdb-tests: Fix a typo
       via  74e2d61 ctdb-tests: Add a UNIT pseudo-test-suite
       via  10ffffa ctdb-tests: Only use socket-wrapper for simple, local daemon tests
       via  e7af9b0 ctdb-tests: Add timeout for individual tests, default is 10 minutes
       via  83b2971 ctdb-tests: Avoid race condition in sock_daemon test 5
       via  11acdbe selftest: fix envvars for creation of default user in wait_for_start
       via  f20fcac VERSION: Bump version up to 4.8.0rc4...
      from  4348e64 VERSION: Disable GIT_SNAPSHOT for the 4.8.0rc3 release.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-stable


- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 VERSION                                            |    2 +-
 WHATSNEW.txt                                       |  217 +-
 auth/credentials/tests/bind.py                     |   26 +-
 ctdb/tests/run_tests.sh                            |   52 +-
 ctdb/tests/simple/14_ctdb_statistics.sh            |    1 -
 ctdb/tests/simple/scripts/local_daemons.bash       |    6 +
 ctdb/tests/src/sock_daemon_test.c                  |   26 +-
 ctdb/wscript                                       |    3 +-
 lib/ldb/ABI/{ldb-1.3.0.sigs => ldb-1.3.2.sigs}     |    0
 ...yldb-util-1.1.10.sigs => pyldb-util-1.3.2.sigs} |    0
 ...-util-1.1.10.sigs => pyldb-util.py3-1.3.2.sigs} |    0
 lib/ldb/ldb_tdb/ldb_index.c                        |   65 +-
 lib/ldb/tests/ldb_mod_op_test.c                    |  302 ++-
 lib/ldb/wscript                                    |    2 +-
 .../ABI/{tevent-0.9.34.sigs => tevent-0.9.36.sigs} |    1 +
 lib/tevent/tevent.h                                |   25 +
 lib/tevent/tevent_queue.c                          |   13 +
 lib/tevent/wscript                                 |    2 +-
 libcli/security/dom_sid.h                          |   13 +
 libcli/security/util_sid.c                         |  499 ++++
 nsswitch/nsstest.c                                 |   18 +-
 python/samba/emulate/traffic_packets.py            |   16 +-
 python/samba/provision/__init__.py                 |   16 +
 python/samba/subnets.py                            |   33 +
 python/samba/tests/dcerpc/raw_protocol.py          |    2 +-
 python/samba/tests/py_credentials.py               |   27 +
 selftest/knownfail.d/s3-lsa-server                 |    1 +
 selftest/selftest.pl                               |    6 +
 selftest/target/Samba3.pm                          |    4 +
 source3/include/smb_macros.h                       |    1 +
 source3/libsmb/cliconnect.c                        |    9 +-
 source3/modules/vfs_fileid.c                       |    4 +-
 source3/modules/vfs_fruit.c                        |   13 +-
 source3/modules/vfs_glusterfs.c                    |   30 +-
 source3/rpc_client/cli_lsarpc.c                    |   17 +-
 source3/rpcclient/cmd_lsarpc.c                     |  103 +-
 source3/winbindd/idmap_ad.c                        |   11 +
 source3/winbindd/wb_dsgetdcname.c                  |    8 +-
 source3/winbindd/wb_lookupsids.c                   |   16 +-
 source3/winbindd/wb_sids2xids.c                    |    6 +-
 source3/winbindd/winbindd.h                        |    3 +
 source3/winbindd/winbindd_ads.c                    |   23 +
 source3/winbindd/winbindd_allocate_gid.c           |    6 +-
 source3/winbindd/winbindd_allocate_uid.c           |    6 +-
 source3/winbindd/winbindd_cm.c                     |  108 +-
 source3/winbindd/winbindd_dsgetdcname.c            |    6 +-
 source3/winbindd/winbindd_dual.c                   |  285 ++-
 source3/winbindd/winbindd_dual_ndr.c               |   61 +-
 source3/winbindd/winbindd_getgrent.c               |    9 +-
 source3/winbindd/winbindd_getpwent.c               |    6 +-
 source3/winbindd/winbindd_idmap.c                  |    5 +
 source3/winbindd/winbindd_irpc.c                   |  408 +++
 source3/winbindd/winbindd_locator.c                |    5 +
 source3/winbindd/winbindd_proto.h                  |    3 +-
 source3/winbindd/winbindd_setgrent.c               |    5 +
 source3/winbindd/winbindd_setpwent.c               |    5 +
 source3/winbindd/winbindd_util.c                   |   30 +-
 source3/wscript                                    |   10 +-
 source4/auth/ntlm/auth_sam.c                       |   16 +-
 source4/dsdb/common/util_trusts.c                  |  222 ++
 source4/dsdb/samdb/ldb_modules/encrypted_secrets.c |  278 +-
 source4/dsdb/samdb/ldb_modules/repl_meta_data.c    |   12 +-
 source4/dsdb/samdb/ldb_modules/samldb.c            |    8 +-
 .../ldb_modules/tests/test_encrypted_secrets.c     |   54 +-
 source4/dsdb/samdb/ldb_modules/wscript             |   22 -
 source4/dsdb/samdb/ldb_modules/wscript_build       |    1 -
 .../dsdb/samdb/ldb_modules/wscript_build_server    |    1 -
 source4/dsdb/tests/python/sites.py                 |   45 +
 source4/kdc/db-glue.c                              |   48 +-
 source4/kdc/mit-kdb/kdb_samba.h                    |   13 +-
 source4/kdc/mit-kdb/kdb_samba_policies.c           |   42 +-
 source4/kdc/mit-kdb/kdb_samba_principals.c         |    2 +-
 source4/rpc_server/dcerpc_server.c                 |    2 +-
 source4/rpc_server/lsa/lsa_lookup.c                | 2651 ++++++++++++++------
 source4/selftest/tests.py                          |    6 +
 source4/torture/drs/python/drs_base.py             |    5 +-
 source4/torture/drs/python/replica_sync.py         |    2 +
 source4/torture/drs/python/replica_sync_rodc.py    |  156 ++
 source4/torture/rpc/lsa_lookup.c                   |   12 +-
 testprogs/blackbox/test_trust_ntlm.sh              |   77 +-
 80 files changed, 4929 insertions(+), 1326 deletions(-)
 copy lib/ldb/ABI/{ldb-1.3.0.sigs => ldb-1.3.2.sigs} (100%)
 copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util-1.3.2.sigs} (100%)
 copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util.py3-1.3.2.sigs} (100%)
 copy lib/tevent/ABI/{tevent-0.9.34.sigs => tevent-0.9.36.sigs} (99%)
 create mode 100644 selftest/knownfail.d/s3-lsa-server
 create mode 100644 source4/torture/drs/python/replica_sync_rodc.py


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index de9fb9c..d3ed508 100644
--- a/VERSION
+++ b/VERSION
@@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE=
 # e.g. SAMBA_VERSION_RC_RELEASE=1                      #
 #  ->  "3.0.0rc1"                                      #
 ########################################################
-SAMBA_VERSION_RC_RELEASE=3
+SAMBA_VERSION_RC_RELEASE=4
 
 ########################################################
 # To mark SVN snapshots this should be set to 'yes'    #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 6b111c4..5151564 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,7 +1,7 @@
 Release Announcements
 =====================
 
-This is the third release candidate of Samba 4.8.  This is *not*
+This is the fourth release candidate of Samba 4.8.  This is *not*
 intended for production environments and is designed for testing
 purposes only.  Please report any defects via the Samba bug reporting
 system at https://bugzilla.samba.org/.
@@ -12,10 +12,42 @@ Samba 4.8 will be the next version of the Samba suite.
 UPGRADING
 =========
 
+New GUID Index mode in sam.ldb for the AD DC
+--------------------------------------------
+
+Users who upgrade a Samba AD DC in-place will experience a short delay
+in the first startup of Samba while the sam.ldb is re-indexed.
+
+Unlike in previous releases a transparent downgrade is not possible.
+If you wish to downgrade such a DB to a Samba 4.7 or earlier version,
+please run the source4/scripting/bin/sambaundoguididx script first.
+
+smbclient reparse point symlink parameters reversed
+---------------------------------------------------
+
+See the more detailed description below.
+
+Changed trusted domains listing with wbinfo -m --verbose
+--------------------------------------------------------
+
+See the more detailed description below.
 
 NEW FEATURES/CHANGES
 ====================
 
+New GUID Index mode in sam.ldb for the AD DC
+--------------------------------------------
+
+The new layout used for sam.ldb is GUID, rather than DN oriented.
+This provides Samba's Active Directory Domain Controller with a faster
+database, particularly at larger scale.
+
+The underlying DB is still TDB, simply the choice of key has changed.
+
+The new mode is not optional, so no configuration is required.  Older
+Samba versions cannot read the new database (see the upgrade
+note above).
+
 KDC GPO application
 -------------------
 
@@ -111,37 +143,6 @@ dot or xdot, this shows the network as a graph with DCs as vertices
 and connections edges. Certain types of degenerate edges are shown in
 different colours or line-styles.
 
-NT4-style replication based net commands removed
-------------------------------------------------
-
-The following commands and sub-commands have been removed from the
-"net" utility:
-
-net rpc samdump
-net rpc vampire ldif
-
-Also, replicating from a real NT4 domain with "net rpc vampire" and
-"net rpc vampire keytab" has been removed.
-
-The NT4-based commands were accidentially broken in 2013, and nobody
-noticed the breakage. So instead of fixing them including tests (which
-would have meant writing a server for the protocols, which we don't
-have) we decided to remove them.
-
-For the same reason, the "samsync", "samdeltas" and "database_redo"
-commands have been removed from rpcclient.
-
-"net rpc vampire keytab" from Active Directory domains continues to be
-supported.
-
-vfs_aio_linux module removed
-----------------------------
-
-The current Linux kernel aio does not match what Samba would
-do. Shipping code that uses it leads people to false
-assumptions. Samba implements async I/O based on threads by default,
-there is no special module required to see benefits of read and write
-request being sent do the disk in parallel.
 
 smbclient reparse point symlink parameters reversed
 ---------------------------------------------------
@@ -170,6 +171,74 @@ domains. Some pam_winbind setups may also require the global list.
 If you have a setup that doesn't require the global list, you should set
 "winbind scan trusted domains = no".
 
+Improved support for trusted domains (as AD DC)
+-----------------------------------------------
+
+The support for trusted domains/forests has improved a lot.
+
+External domain trusts, as well a transitive forest trusts,
+are supported in both directions (inbound and outbound)
+for Kerberos and NTLM authentication now.
+
+The LSA LookupNames and LookupSids implementations
+support resolving names and sids from trusts domains/forest
+now. This is important in order to allow Samba based
+domain members to make use of the trust.
+
+However there are currently still a few limitations:
+
+- It's not possible to add users/groups of a trusted domain
+  into domain groups. So group memberships are not expanded
+  on trust boundaries.
+  See https://bugzilla.samba.org/show_bug.cgi?id=13300
+- Both sides of the trust need to fully trust each other!
+- No SID filtering rules are applied at all!
+- This means DCs of domain A can grant domain admin rights
+  in domain B.
+- Selective (CROSS_ORIGANIZATION) authentication is
+  not supported. It's possible to create such a trust,
+  but the KDC and winbindd ignore them.
+
+Changed trusted domains listing with wbinfo -m --verbose
+--------------------------------------------------------
+
+The trust properties printed by wbinfo -m --verbose have been changed to
+correctly reflect the view of the system where wbinfo is executed.
+
+The trust type field in particular can show additional values that correctly
+reflect the type of the trust: "Local" for the local SAM and BUILTIN,
+"Workstation" for a workstation trust to the primary domain, "RWDC" for the SAM
+on a AD DC, "RODC" for the SAM on a read-only DC, "PDC" for the SAM on a
+NT4-style DC, "Forest" for a AD forest trust and "External" for quarantined,
+external or NT4-style trusts.
+
+Indirect trusts are shown as "Routed" including the routing domain.
+
+Example, on a AD DC (SDOM1):
+
+Domain Name DNS Domain          Trust Type  Transitive  In   Out
+BUILTIN                         Local
+SDOM1       sdom1.site          RWDC
+WDOM3       wdom3.site          Forest      Yes         No   Yes
+WDOM2       wdom2.site          Forest      Yes         Yes  Yes
+SUBDOM31    subdom31.wdom3.site Routed (via WDOM3)
+SUBDOM21    subdom21.wdom2.site Routed (via WDOM2)
+
+Same setup, on a member of WDOM2:
+
+Domain Name DNS Domain          Trust Type  Transitive  In   Out
+BUILTIN                         Local
+TITAN                           Local
+WDOM2       wdom2.site          Workstation Yes         No   Yes
+WDOM1       wdom1.site          Routed (via WDOM2)
+WDOM3       wdom3.site          Routed (via WDOM2)
+SUBDOM21    subdom21.wdom2.site Routed (via WDOM2)
+SDOM1       sdom1.site          Routed (via WDOM2)
+SUBDOM11    subdom11.wdom1.site Routed (via WDOM2)
+
+The list of trusts may be incomplete and additional domains may appear as
+"Routed" if a user of an unknown domain is successfully authenticated.
+
 VirusFilter VFS module
 ----------------------
 
@@ -180,6 +249,9 @@ software to provide scanning and filtering of files on a Samba share.
 REMOVED FEATURES
 ================
 
+'net serverid' commands removed
+-------------------------------
+
 The two commands 'net serverid list' and 'net serverid wipe' have been
 removed, because the file serverid.tdb is not used anymore.
 
@@ -194,6 +266,38 @@ properly cleaned up after single node crashes. Nowadays smbd and
 winbind take care of cleaning up the msg.lock and msg.sock directories
 automatically.
 
+NT4-style replication based net commands removed
+------------------------------------------------
+
+The following commands and sub-commands have been removed from the
+"net" utility:
+
+net rpc samdump
+net rpc vampire ldif
+
+Also, replicating from a real NT4 domain with "net rpc vampire" and
+"net rpc vampire keytab" has been removed.
+
+The NT4-based commands were accidentally broken in 2013, and nobody
+noticed the breakage. So instead of fixing them including tests (which
+would have meant writing a server for the protocols, which we don't
+have) we decided to remove them.
+
+For the same reason, the "samsync", "samdeltas" and "database_redo"
+commands have been removed from rpcclient.
+
+"net rpc vampire keytab" from Active Directory domains continues to be
+supported.
+
+vfs_aio_linux module removed
+----------------------------
+
+The current Linux kernel aio does not match what Samba would
+do. Shipping code that uses it leads people to false
+assumptions. Samba implements async I/O based on threads by default,
+there is no special module required to see benefits of read and write
+request being sent do the disk in parallel.
+
 
 smb.conf changes
 ================
@@ -221,6 +325,55 @@ smb.conf changes
   winbind trusted domains only       Removed
 
 
+CHANGES SINCE 4.8.0rc3
+======================
+
+o  Ralph Boehme <slow at samba.org>
+   * BUG 13287: Fix numerous trust related bugs in winbindd and s4 LSA RPC
+     server.
+   * BUG 13296: vfs_fruit: Use off_t, not size_t for TM size calculations.
+
+o  Alexander Bokovoy <ab at samba.org>
+   * BUG 13304: mit-kdb: Support MIT Kerberos 1.16 KDB API changes.
+
+o  G√ľnther Deschner <gd at samba.org>
+   * BUG 13277: build: Fix libceph-common detection.
+
+o  Poornima G <pgurusid at redhat.com>
+   * BUG 13297: vfs_glusterfs: Fix the wrong pointer being sent in
+     glfs_fsync_async.
+
+o  Volker Lendecke <vl at samba.org>
+   * BUG 13305: vfs_fileid: Fix the 32-bit build.
+
+o  Stefan Metzmacher <metze at samba.org>
+   * BUG 13206: Unable to authenticate with an empty string domain ''.
+   * BUG 13276: configure aborts without libnettle/gnutls.
+   * BUG 13278: winbindd (on an AD DC) should only use netlogon/lsa against
+     trusted domains.
+   * BUG 13287: Fix numerous trust related bugs in winbindd and s4 LSA RPC
+     server.
+   * BUG 13290: A disconnecting winbind client can cause a problem in 
+     the winbind parent child communication.
+   * BUG 13291: tevent: version 0.9.36.
+   * BUG 13292: winbind requests could get stuck in the queue of a busy child,
+     while later requests could get served fine by other children.
+   * BUG 13293: Minimize the lifetime of winbindd_cli_state->{pw,gr}ent_state.
+   * BUG 13294: Avoid using fstrcpy(domain->dcname,...) on a char *.
+   * BUG 13295: winbind parent should find the dc of a foreign domain via the
+     primary domain.
+   * BUG 13299: Disable support for CROSS_ORGANIZATION domains.
+   * BUG 13306: ldb: version 1.3.2.
+
+o  Sachin Prabhu <sprabhu at redhat.com>
+   * BUG 13303: vfs_glusterfs: Add fallocate support for vfs_glusterfs.
+
+o  Garming Sam <garming at catalyst.net.nz>
+   * BUG 13031: subnet: Avoid a segfault when renaming subnet objects.
+   * BUG 13269: RODC may skip objects during replication due to naming
+     conflicts.
+
+
 CHANGES SINCE 4.8.0rc2
 ======================
 
diff --git a/auth/credentials/tests/bind.py b/auth/credentials/tests/bind.py
index 91e493d..4aa4498 100755
--- a/auth/credentials/tests/bind.py
+++ b/auth/credentials/tests/bind.py
@@ -43,6 +43,7 @@ creds_machine = copy.deepcopy(creds)
 creds_user1 = copy.deepcopy(creds)
 creds_user2 = copy.deepcopy(creds)
 creds_user3 = copy.deepcopy(creds)
+creds_user4 = copy.deepcopy(creds)
 
 class BindTests(samba.tests.TestCase):
 
@@ -64,7 +65,7 @@ class BindTests(samba.tests.TestCase):
         self.config_dn = self.info_dc["configurationNamingContext"][0]
         self.computer_dn = "CN=centos53,CN=Computers,%s" % self.domain_dn
         self.password = "P at ssw0rd"
-        self.username = "BindTestUser_" + time.strftime("%s", time.gmtime())
+        self.username = "BindTestUser"
 
     def tearDown(self):
         super(BindTests, self).tearDown()
@@ -113,6 +114,7 @@ unicodePwd:: """ + base64.b64encode("\"P at ssw0rd\"".encode('utf-16-le')) + """
                                       expression="(samAccountName=%s)" % self.username)
         self.assertEquals(len(ldb_res), 1)
         user_dn = ldb_res[0]["dn"]
+        self.addCleanup(delete_force, self.ldb, user_dn)
 
         # do a simple bind and search with the user account in format user at realm
         creds_user1.set_bind_dn(self.username + "@" + creds.get_realm())
@@ -138,5 +140,27 @@ unicodePwd:: """ + base64.b64encode("\"P at ssw0rd\"".encode('utf-16-le')) + """
                                               lp=lp, ldap_only=True)
         res = ldb_user3.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
 
+    def test_user_account_bind_no_domain(self):
+        # create user
+        self.ldb.newuser(username=self.username, password=self.password)
+        ldb_res = self.ldb.search(base=self.domain_dn,
+                                      scope=SCOPE_SUBTREE,
+                                      expression="(samAccountName=%s)" % self.username)
+        self.assertEquals(len(ldb_res), 1)
+        user_dn = ldb_res[0]["dn"]
+        self.addCleanup(delete_force, self.ldb, user_dn)
+
+        creds_user4.set_username(self.username)
+        creds_user4.set_password(self.password)
+        creds_user4.set_domain('')
+        creds_user4.set_workstation('')
+        print "BindTest (no domain) with: " + self.username
+        try:
+            ldb_user4 = samba.tests.connect_samdb(host, credentials=creds_user4,
+                                              lp=lp, ldap_only=True)
+        except:
+            self.fail("Failed to connect without the domain set")
+
+        res = ldb_user4.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
 
 TestProgram(module=__name__, opts=subunitopts)
diff --git a/ctdb/tests/run_tests.sh b/ctdb/tests/run_tests.sh
index ffc81d4..a7ca44e 100755
--- a/ctdb/tests/run_tests.sh
+++ b/ctdb/tests/run_tests.sh
@@ -14,7 +14,7 @@ Options:
   -H		No headers - for running single test with other wrapper
   -N		Don't print summary of tests results after running all tests
   -q		Quiet - don't show tests being run (hint: use with -s)
-  -S            Enable socket wrapper
+  -S <lib>      Use socket wrapper library <lib> for local integration tests
   -v		Verbose - print test output for non-failures (only some tests)
   -V <dir>	Use <dir> as TEST_VAR_DIR
   -x		Trace this script with the -x option
@@ -36,7 +36,6 @@ with_desc=false
 quiet=false
 exit_on_fail=false
 no_header=false
-socket_wrapper=false
 
 export TEST_VERBOSE=false
 export TEST_COMMAND_TRACE=false
@@ -46,8 +45,10 @@ export TEST_LOCAL_DAEMONS
 [ -n "$TEST_LOCAL_DAEMONS" ] || TEST_LOCAL_DAEMONS=3
 export TEST_VAR_DIR=""
 export TEST_CLEANUP=false
+export TEST_TIMEOUT=3600
+export TEST_SOCKET_WRAPPER_SO_PATH=""
 
-temp=$(getopt -n "$prog" -o "AcCdDehHNqSvV:xX" -l help -- "$@")
+temp=$(getopt -n "$prog" -o "AcCdDehHNqS:T:vV:xX" -l help -- "$@")
 
 [ $? != 0 ] && usage
 
@@ -64,7 +65,8 @@ while true ; do
 	-H) no_header=true ; shift ;;
 	-N) with_summary=false ; shift ;;
 	-q) quiet=true ; shift ;;
-	-S) socket_wrapper=true ; shift ;;
+	-S) TEST_SOCKET_WRAPPER_SO_PATH="$2" ; shift 2 ;;
+	-T) TEST_TIMEOUT="$2" ; shift 2 ;;
 	-v) TEST_VERBOSE=true ; shift ;;
 	-V) TEST_VAR_DIR="$2" ; shift 2 ;;
 	-x) set -x; shift ;;
@@ -114,6 +116,9 @@ ctdb_test_end ()
 	    interp="PASSED"
 	    statstr=""
 	    echo "ALL OK: $*"
+	elif [ $status -eq 124 ] ; then
+	    interp="TIMEOUT"
+	    statstr=" (status $status)"
 	else
 	    interp="FAILED"
 	    statstr=" (status $status)"
@@ -137,7 +142,7 @@ ctdb_test_run ()
     $no_header || ctdb_test_begin "$name"
 
     local status=0
-    "$@" || status=$?
+    timeout $TEST_TIMEOUT "$@" || status=$?
 
     $no_header || ctdb_test_end "$name" "$status" "$*"
 
@@ -247,20 +252,25 @@ mkdir -p "$TEST_VAR_DIR"
 TEST_VAR_DIR=$(cd "$TEST_VAR_DIR"; echo "$PWD")
 echo "TEST_VAR_DIR=$TEST_VAR_DIR"
 
-if $socket_wrapper ; then
-    export SOCKET_WRAPPER_DIR="${TEST_VAR_DIR}/sw"
-    mkdir -p "$SOCKET_WRAPPER_DIR"
-fi
-
 export TEST_SCRIPTS_DIR="${CTDB_TEST_DIR}/scripts"
 
+unit_tests="
+	cunit
+	eventd
+	eventscripts
+	onnode
+	shellcheck
+	takeover
+	takeover_helper
+	tool
+"
+
 # If no tests specified then run some defaults
 if [ -z "$1" ] ; then
-    if [ -n "$TEST_LOCAL_DAEMONS" ] ; then
-	set -- onnode takeover takeover_helper tool eventscripts \
-	    cunit eventd shellcheck simple
-    else
-	set -- simple complex
+	if [ -n "$TEST_LOCAL_DAEMONS" ] ; then
+		set -- UNIT simple
+	else
+		set -- simple complex
     fi
 fi
 
@@ -287,7 +297,19 @@ cleanup_handler ()
 
 trap cleanup_handler SIGINT SIGTERM
 
+declare -a tests
+i=0
 for f ; do
+	if [ "$f" = "UNIT" ] ; then
+		for t in $unit_tests ; do
+			tests[i++]="$t"
+		done
+	else
+		tests[i++]="$f"
+	fi
+done
+
+for f in "${tests[@]}" ; do
     find_and_run_one_test "$f"
 
     if [ $status -eq 127 ] ; then
diff --git a/ctdb/tests/simple/14_ctdb_statistics.sh b/ctdb/tests/simple/14_ctdb_statistics.sh
index 3dd55e0..5ff22d7 100755
--- a/ctdb/tests/simple/14_ctdb_statistics.sh
+++ b/ctdb/tests/simple/14_ctdb_statistics.sh
@@ -1,4 +1,3 @@
-
 #!/bin/bash
 
 test_info()
diff --git a/ctdb/tests/simple/scripts/local_daemons.bash b/ctdb/tests/simple/scripts/local_daemons.bash
index a0c8077..512d11f 100644
--- a/ctdb/tests/simple/scripts/local_daemons.bash
+++ b/ctdb/tests/simple/scripts/local_daemons.bash
@@ -17,6 +17,12 @@ fi
 
 export CTDB_NODES="${TEST_VAR_DIR}/nodes.txt"
 
+if [ -n "$TEST_SOCKET_WRAPPER_SO_PATH" ] ; then
+	export LD_PRELOAD="$TEST_SOCKET_WRAPPER_SO_PATH"
+	export SOCKET_WRAPPER_DIR="${TEST_VAR_DIR}/sw"
+	mkdir -p "$SOCKET_WRAPPER_DIR"
+fi
+
 #######################################
 
 config_from_environment ()
diff --git a/ctdb/tests/src/sock_daemon_test.c b/ctdb/tests/src/sock_daemon_test.c
index 5641d37..ebc0b85 100644
--- a/ctdb/tests/src/sock_daemon_test.c
+++ b/ctdb/tests/src/sock_daemon_test.c
@@ -668,7 +668,8 @@ static void test4(TALLOC_CTX *mem_ctx, const char *pidfile,
  * Start daemon, multiple client connects, requests, disconnects
  */
 
-#define TEST5_MAX_CLIENTS	10
+#define TEST5_VALID_CLIENTS	10
+#define TEST5_MAX_CLIENTS	100
 


-- 
Samba Shared Repository



More information about the samba-cvs mailing list