[SCM] Samba Shared Repository - annotated tag talloc-2.1.12 created
Stefan Metzmacher
metze at samba.org
Thu Mar 22 06:25:58 UTC 2018
The annotated tag, talloc-2.1.12 has been created
at 52933e59df9c5ca06a5cce1ab85034b27d7f45c6 (tag)
tagging 80f9ec016496087bca06d3c34b6f687f0dc145ac (commit)
replaces ldb-1.3.2
tagged by Stefan Metzmacher
on Thu Mar 22 07:25:36 2018 +0100
- Log -----------------------------------------------------------------
talloc: tag release talloc-2.1.12
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJas0xgAAoJEEeTkWETCEAlnVIIAL+jaVruICy/3ELvm7qie2Tc
waIwZxPDEob+99PgYZ7EUxRqZKXotSrfaoh4bl4x+XDfxiOg8ZXb4Dn6WB0lMZDG
PthnxTBNT3luG9cSlV088hagxxVdvj8A2+9ey2x/nJyxf4ftUnJF5alKHQyQ60uB
O+nAN+MSaUm8RCrj+q/cHvkOVJ1IR0B2a7YXyJF0UD3FyqIrO2RK+vJML4MDDuWv
FPQqHfEOau0uNZecfM41NyBYI8VL7E+aLVfBSoxxZnErklwgPgshcdMbu7CkkEvl
dPiS6uF7J2JOZcMvy2sr2jysyaUooYgfn6NdP2SJ3ocK9bjVfPGmr8AQMQqZmoQ=
=Brv4
-----END PGP SIGNATURE-----
Amitay Isaacs (8):
ctdb-pmda: Use modified API in pcp library 4.0
ctdb-ib: Avoid fall through case statements
ctdb-client: Client code should never free the client context
ctdb-tools: Wait for ctdb daemon to go away in shutdown
ctdb-tools: Drop ipiface command from ctdb tool
ctdb-common: Drop unused function ctdb_sys_find_ifname()
ctdb-tools: Event script commands cannot be run without daemon
ctdb-tools: Fix documentation for ctdb ping command
Andreas Schneider (105):
s4:lib:com: Fix function declartions
lib:texpect: Avoid some compiler warnings
lib:replace: Add FALL_THROUGH support
lib:replace: Add FALL_THROUGH statements in strptime.c
lib:ldb: Add FALL_THROUGH statements in common/ldb_dn.c
lib:ldb: Add FALL_THROUGH statements in ldb_map/ldb_map_inbound.c
lib:ldb: Add FALL_THROUGH statements in ldb_map/ldb_map.c
lib:ldb: Add FALL_THROUGH statements in ldb_map/ldb_map_outbound.c
lib:param: Add FALL_THROUGH statements in loadparm.c
lib:util: Add FALL_THROUGH statements in substitute.c
lib:util: Add FALL_THROUGH statements in charset/charset_macosxfs.c
lib:util: Add FALL_THROUGH statements in util_file.c
s3:lib: Add FALL_THROUGH statements in substitute_generic.c
s3:lib: Add FALL_THROUGH statements in util_path.c
s3:lib: Add FALL_THROUGH statements in util_str.c
lib:tdb: Add FALL_THROUGH statements in hash.c
lib:tdb: Add FALL_THROUGH statements in tdbtool.c
lib:tdb: Add FALL_THROUGH statements in common/summary.c
libgpo: Add FALL_THROUGH statements in gpo_sec.c
librpc:ndr: Add FALL_THROUGH statements in ndr_cab.c
s3:auth: Add FALL_THROUGH statements in auth_sam.c
s3:auth: Add FALL_THROUGH statements in pampass.c
s3:lib: Add FALL_THROUGH statements in cbuf.c
s3:lib: Add FALL_THROUGH statements in sysacls.c
s3:lib: Add FALL_THROUGH statements in util_sd.c
s3:libsmb: Add FALL_THROUGH statements in dsgetdcname.c
s3:modules: Add FALL_THROUGH statements in vfs_acl_common.c
s3:smbd: Add FALL_THROUGH statements in nttrans.c
s3:smbd: Add FALL_THROUGH statements in trans2.c
s3:utils: Add FALL_THROUGH statements in regedit.c
s3:utils: Add FALL_THROUGH statements in net_conf.c
s3:utils: Add FALL_THROUGH statements in net_rpc_conf.c
s3:rpc_server: Add FALL_THROUGH statements in rpc_server.c
s4:samdb: Add FALL_THROUGH statements in cracknames.c
s4:samdb: Add FALL_THROUGH statements in linked_attributes.c
s4:auth: Add FALL_THROUGH statements in auth_util.c
s4:auth: Add FALL_THROUGH statements in auth_sam.c
s4:auth: Add FALL_THROUGH statements in gensec_krb5.c
s4:rpc_server: Add FALL_THROUGH statements in dcesrv_srvsvc.c
s4:torture: Add FALL_THROUGH statements in basic/misc.c
s4:torture: Add FALL_THROUGH statements in rpc/spoolss.c
auth:credentials: Add FALL_THROUGH statements in credentials_secrets.c
auth:gensec: Add FALL_THROUGH statements in spnego.c
nsswitch: Add FALL_THROUGH statements in pam_winbind.c
s3:libnet: Add FALL_THROUGH statements in libnet_join.c
s3:modules: Add FALL_THROUGH statements in getdate.c
s3:lsa: Add FALL_THROUGH statements in srv_lsa_nt.c
s3:rpcclient: Add FALL_THROUGH statements in rpcclient.c
s3:smbd: Add FALL_THROUGH statements in reply.c
s3:utils: Add FALL_THROUGH statements in net_registry_check.c
s3:utils: Add FALL_THROUGH statements in ntlm_auth.c
s3:winbindd: Add FALL_THROUGH statements in idmap_autorid.c
s4:dsdb: Add FALL_THROUGH statements in password_hash.c
s4:lib: Add FALL_THROUGH statements in http.c
s3:spoolss: Remove incorrect fall through comment in srv_spoolss_nt.c
libsmb: Remove incorrect fall through comment in trusts_util.c
third_party: Update pam_wrapper to version 1.0.5
third_party: Add missing config.h in libpamtest
auth:credentials: Add FALL_THROUGH statements in credentials.c
auth:credentials: Avoid an 'else' branch
wafsamba: Build with -Wimplicit-fallthrough if supported
s3:smbd: Do not crash if we fail to init the session table
util: Fix the logic in ms_fnmatch_protocol()
s3:tests: Skip smbd error test if we do not log to stdout
testprogs: Return the correct error status code
selftest: Impove test names for samba.wbinfo_simple
ldb: Directly return an error and do not fall through
wbinfo: Improve the wording for --online-status
heimdal: Fix size types
s4:ntvfs: Fix size type in pvfs functions
s3:libads: Fix size types in kerberos functions
s4:dns_server: Fix size types
s4:rpc_server: Fix size types in dcerpc dnsserver
s4:ldap_server: Fix size types
s4:cldap_server: Fix size types
libcli:smb: Fix size types
s3:param: Fix size types
s4:utils: Fix size types
s4:rpc_server: Fix size types
s4:torture: Fix size types in qsinfo test
s4:torture: Fix size types in qfileinfo test
s3:torture: Fix size types in spoolss test
s3:libsmb: Fix size types in nmblib
s4:torture: Fix size types in nss tests
s4:client: Fix size types
s3:client: Fix size types
s3:avahi: Fix size types
s3:printing: Fix size type in printing_db
s3:winbindd: Fix size types in idmap_tdb_common
s3:vfs_nettalk: Fix size types
s3:rpc_server: Fix size types in srvsvc
s3:utils: Fix size type in log2pcaphex
s3:nmbd: Fix size type in nmbd_browsesync.c
s3:modules: Fix size type in getdate
s3:passdb: Fix size types
s3:rpc_server: Fix size types in spoolss
s3:rpcclient: Fix size types
ldb: Fix size types in ldb_ldif functions
lib:socket: Return early if we have only one interface
s4:dsdb: Fix integer operations
s3:nmbd: Fix possible integer overflow
s3:locking: Fix integer overflow check in posix_lock_in_range()
s3:vfs_preopen: Change to a do-while loop and fix the check
s3:registry: Fix size types and length calculations
talloc: Fix size type and checks in _vasprintf_tc
Andrej Gessel (1):
bugfix memory leak. partition_dn is only used to search and compare and is not freed at the function end.
Andrew Bartlett (1):
partition: Use a transaction to write and a read lock to read the LDB_METADATA_SEQ_NUM
Anton Nefedov via samba-technical (1):
s3:smbd: map nterror on smb2_flush errorpath
Björn Baumbach (2):
ms_schema: fix python2.6 incompatibility
samba-tool visualize: fix python2.6 incompatibility
Bob Campbell (1):
samdb/schema_load: do schema loading with one search
Christof Schmitt (1):
Fix autobuild for user names starting with c
Dan Robertson (1):
libsmb: Use smb2 tcon if conn_protocol >= SMB2_02
David Disseldorp (3):
tests: Add basic ms_fnmatch unit test
ctdb/pmda: fix num_recoveries metric store
build: fix standalone ctdb build --with-systemd
Douglas Bagnall (3):
py3compat: add strings describing bytes/unicode in both versions
tests/smbcontrol: reduce ping test false positive rate
samba-tool ldapcmp: remove duplicate takes_optiongroups attribute
Garming Sam (25):
tests/dbcheck: Provision using the old schema and ignore displayName
domain.py: Give some advice if the schema upgrade command fails
schema: Do not read different schema sequence values during a read transaction
partition: Leave metadata.tdb unlocking until last
schema_set: Add a missing newline between functions
dsdb: The schema should be reloaded during the transaction
ldb_tdb: Begin abstracting out the base key value operations
ldb_tdb: Replace exists, name and error_map with key value ops
ldb_tdb: Replace tdb transaction code with generic key value ones
ldb_tdb: Add lock_read and unlock_read to key value ops
ldb_tdb: Remove tdb_get_seqnum and use a generic 'has_changed'
ldb_tdb: factor out the (to be) common init code
ldb_tdb: Use key value ops for fetch command
ldb_tdb: Implement a traversal function in key value ops
partition: Allow a different backend store from @PARTITION
ldb_tdb: Build a key value operation library
ldb_tdb: Remove unnecessary call to tdb_get_seqnum
join.py: Add missing NTSTATUSError import
kcc_utils: Add a routine for automatic site coverage
kcc_utils: Keep a count of the DCs in each site
kcc_utils: Prevent multiple sites attached to a sitelink covering a site
kcc_utils: Use lower name in automatic sites covered
tests/kcc_util: Add unit tests for automatic site coverage
tests/samba_dnsupdate: Add a trivial test of automatic site coverage
samba_dnsupdate: Introduce automatic site coverage
Gary Lockyer (14):
ldb_tdb: Add support for an option to restrict the key length
ldb_tdb: Do not fail in GUID index mode if there is a duplicate attribute
ldb_tdb: Cope with key truncation
ldb_tdb: Do not give the warning of duplicate attributes in truncation
ldb_tdb: Refuse to store a value in a unique index that is too long
ldb_tdb: Combine identical not GUID index and special DN cases
ldb_tdb: Add tests for truncated index keys
ldb_mod_op_test: Fix core dump on ldb_case_attrs_index_test_teardown
remove_dc.py: Abort transaction before throwing an exception
ldb_tdb: Add errorstr to the key value ops
ldb: Remove python warning in tests/python/index.py
selftest: Change name to sam.ldb to align with new partition module assumptions
ldb_mod_op_test: Add new nested transactions test
ldb_mod_op_test: Make sure that closing the database frees locks
Jeremy Allison (10):
s3: vfs_fruit. Ensure we only return one set of the 'virtual' UNIX ACE entries.
s3: vfs_fruit: Ensure we operate on a copy of the incoming security descriptor.
s3: vfs_fruit. If the security descriptor was modified, ensure we set the flags correctly to reflect the ACE's left.
s3: vfs_fruit. Change check_ms_nfs() to remove the virtual ACE's generated by fruit_fget_nt_acl().
CVE-2018-1050: s3: RPC: spoolss server. Protect against null pointer derefs.
s3: smbd: vfs_fruit: Add remove_virtual_nfs_aces() a generic NFS ACE remover.
s3: smbd: vfs_fruit: Replace code in check_ms_nfs() with remove_virtual_nfs_aces().
s3: smbd: vfs_fruit: Replace code in fruit_fget_nt_acl() with remove_virtual_nfs_aces().
s4: vfs: fruit tests: Add regression test for dealing with NFS ACE entries.
s3: smbd: Fruit. Make the use of dom_sid_compare_domain() much clearer.
Jonathan Hunter (1):
Update help text for dbcheck
Martin Schwenke (94):
ctdb-packaging: Make the ctdb package own more directories
ctdb-packaging: Package event scripts via a wildcard
ctdb-scripts: Do not use ctdb_service_reconfigure() for policy routing
ctdb-scripts: Add default for public addresses file where missing
ctdb-tests: Fix a double-typo bug
ctdb-tests: Use consistent NAT gateway nodes file
ctdb-tests: Drop unneccessary unset of variable
ctdb-tests: Clean up PATH setting for stubs/ subdirectory
ctdb-tests: Check for errors when adding stubs/ subdirectory to PATH
ctdb-tests: Avoid creating files in /tmp.
ctdb-common: Drop debugging variable CTDB_EXTERNAL_TRACE
ctdb-tools: Change onnode to use ONNODE_SSH and ONNODE_SSH_OPTS
ctdb-tools: Introduce a variable to hold the ssh command
ctdb-tools: Revisit stray file descriptor avoidance in onnode
ctdb-tests: Add fake ssh command for local daemons tests
ctdb-tests: Use fake ssh script for onnode in local daemons tests
ctdb-tools: Remove test hooks from onnode
ctdb-tools: Reindent parts of onnode
ctdb-scripts: Avoid no-op "ctdb ptrans" call
ctdb-tests: Exit on statd-callout sub-test failure
ctdb-scripts: Clean up statd-callout
ctdb-tests: Generalise SM_NOTIFY output format in statd-callout tests
ctdb-scripts: Move script state to its own directory
ctdb-scripts: Factor out function ctdb_setup_state_dir()
ctdb-scripts: Use ctdb_setup_state_dir()
ctdb-scripts: Drop unused function ctdb_setup_service_state_dir()
ctdb-scripts: Move the reconfigure flag to the script state directory
ctdb-scripts: Move failure counters to the service state directory
ctdb-scripts: Simplify the names of NFS fail counter files
ctdb-packaging: Use RPM's local state directory
ctdb-tests: Rework simple tests daemon start/stop
ctdb-scripts: Drop broken wrapper code that uses PID
ctdb-scripts: Drop unnecessary complexity from wrapper
ctdb-packaging: Package up relevant /var subdirectories
ctdb-scripts: Don't create directory for PID file
ctdb-scripts: Drop init script PID directory backward compatibility
ctdb-daemon: Provide default location for ctdbd PID file
ctdb-daemon: CTDB_PIDFILE environment variable overrides default
ctdb-scripts: Drop PID file argument from wrapper
ctdb-tests: Factor out setup of fake CTDB_BASE
ctdb-tests: Use setup_ctdb_base() for eventscript unit tests
ctdb-tests: Use setup_ctdb_base() for onnode unit tests
ctdb-tests: New directory for simple test state
ctdb-tests: Use SIMPLE_TESTS_VAR_DIR for data for local daemons tests
ctdb-tests: Clean up nodes and public address file setup
ctdb-tests: Reindent setup_ctdb() function
ctdb-tests: Use setup_ctdb_base() for simple tests
ctdb-tests: Make fake ssh script set CTDB_BASE
ctdb-tests: Depend on setup_ctdb_base() to install events.d/
Revert "ctdb-doc: Fix monitoring bug in example NFS Ganesha call-out"
ctdb-tests: Don't use nc -d or -w options
ctdb-ib: Drop a bit-rotted test example from the README
ctdb-scripts: Drop CTDB_PIDFILE configuration option
ctdb-daemon: Drop ctdbd --pidfile option
ctdb-scripts: Drop CTDB_EVENT_SCRIPT_DIR configuration option
ctdb-tests: Drop ctdbd --event-script-dir option
ctdb-tests: Use CTDB_SOCKET environment variable to specify socket
ctdb-daemon: Allow CTDB_SOCKET environment variable to be used
ctdb-tests: Use environment variable for specifying socket
ctdb-tools: Drop a couple of unnecessary exports of CTDB_SOCKET
ctdb-scripts: Drop CTDB_SOCKET configuration option
ctdb-daemon: Drop ctdbd --socket option
ctdb-tools: Move handling of CTDB_SOCKET to process_command()
ctdb-tools: Drop ctdb --socket option
ctdb-tests: Add some options to setup_ctdb()
ctdb_tests: Reconfigure the cluster when restarting CTDB
ctdb-tests: Update some tests to use setup_ctdb() options
ctdb-tests: Don't allow simple tests to use environment for config
ctdb-daemon: Provide a default location for public addresses file
ctdb-tests: Use default public addresses file in local daemon tests
ctdb-tests: Use default public addresses file for event script tests
ctdb-scripts: Drop 10.external event script
ctdb-tests: Allow tests access to CTDB_BASE
ctdb-scripts: Drop CTDB_PUBLIC_ADDRESSES configuration option
ctdb-tests: Remove unused function get_ctdbd_command_line_option()
ctdb-daemon: Drop ctdbd --public-addresses option
ctdb-scripts: Drop CTDB_PUBLIC_INTERFACE configuration option
ctdb-daemon: Drop ctdbd --public-interface option
ctdb-tests: Use default location for nodes file
ctdb-tools: Drop onnode CTDB_NODES_FILE environment variable
ctdb-tests: Drop an orphaned comment
ctdb-tests: Use setup_base() in tool unit tests
ctdb-tests: Improve setting of helper paths
ctdb-tests: Put configuration, socket and PID file in CTDB_BASE
ctdb-tests: Simplify nodes file handling in tool tests
ctdb-tools: Drop testing hook from ctdb tool
ctdb-scripts: Drop CTDB_NODES configuration option
ctdb-tools: No longer honour CTDB_NODES environment variable
ctdb-daemon: Drop ctdbd --nlist option
ctdb-tests: Use onnode to start/stop local daemons
ctdb-tests: Use CTDB_BASE instead of node_dir
ctdb-tests: Construct values for CTDB_BASES by hand
ctdb-tests: Drop unused functions
ctdb-scripts: Drop CTDBD_CONF internal test variable
Matt Selsky (1):
auth/kerberos: Fix typo in error message regarding fetching PAC using Heimdal
Noel Power (28):
samba-tool: convert octal 'O1234' format to python3 compatible '0o1234'
samba python libs: convert 'O1234' format to python3 compatible '0o1234'
python tests: convert oct 'O1234' format to python3 compatible '0o1234'
samba python libs: convert 'except X, (tuple)' to 'except X as e'
samba-tool: convert 'except X, (tuple)' to 'except X as e'
samba python tests: convert 'except X, (tuple)' to 'except X as e'
drs torture python: convert 'except X, (tuple)' to 'except X as e'
dsdb python tests: convert 'except X, (tuple)' to 'except X as e'
s3:libads: ads_get_dnshostname & ads_get_samaccountname don't use param
s3:libads: Clean up code a little rename 'ads_get_samaccountname()'
s3:libads: Add a basic Windows SPN parser.
s3:libads: change ads_add_service_principal_name implementation
s3:utils: add new 'net ads setspn list' subcommand
s3:utils: add new 'net ads setspn add' subcommand
s3:utils: add new 'net ads setspn delete' subcommand
testprocs/blackbox: Add tests for net ads setspn (add|delete|list)
s3:libads: Allow 'net ads keytab add' handle Windows SPN(s) part 1
s3:libads: Allow 'net ads keytab add' handle Windows SPN(s) part 2
testprogs:: Add blackbox tests for 'net ads keytab add'
s3:libads: add param to prevent writing spn(s) to ads
s3:utils: Modify default behaviour of 'net ads keytab add'
testprogs: Switch expected failure tests to expected pass
s3:libads: 'net ads keytab create' shouldn't write SPN(s)
testprogs: 'net ads keytab create' expected failures should now pass
docs: Add manpage for 'net ads keytab' subcommand
docs: Add manpage for new 'net ads setspn' subcommand
WHATSNEW: Add info for 'net ads keytab' and 'net ads setspn' changes
lib:replace: Fix linking when libtirpc-devel overwrites system headers
Ralph Boehme (32):
nsswitch: fix wbinfo -m --verbose trust type "Local"
CVE-2018-1057: s4:dsdb/tests: add a test for password change with empty delete
CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for LDB_FLAG_MOD_TYPE
CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for passwordAttr->num_values
CVE-2018-1057: s4:dsdb/acl: only call dsdb_acl_debug() if we checked the acl in acl_check_password_rights()
CVE-2018-1057: s4:dsdb/acl: remove unused else branches in acl_check_password_rights()
CVE-2018-1057: s4:dsdb/acl: check for internal controls before other checks
CVE-2018-1057: s4:dsdb/acl: add check for DSDB_CONTROL_PASSWORD_HASH_VALUES_OID control
CVE-2018-1057: s4:dsdb/acl: add a NULL check for talloc_new() in acl_check_password_rights()
CVE-2018-1057: s4/dsdb: correctly detect password resets
CVE-2018-1057: s4:dsdb/acl: run password checking only once
CVE-2018-1057: s4:dsdb/samdb: define DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control
CVE-2018-1057: s4:dsdb: use DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID
CVE-2018-1057: s4:dsdb/acl: changing dBCSPwd is only allowed with a control
libds: rename UF_MACHINE_ACCOUNT_MASK to UF_TRUST_ACCOUNT_MASK
s4: dsdb/password_hash: use UF_TRUST_ACCOUNT_MASK
winbindd: add and use ldap_reconnect_need_retry() in winbindd_reconnect_ads.c
winbindd: check for NT_STATUS_IO_DEVICE_ERROR in reset_cm_connection_on_error()
winbindd: make reset_cm_connection_on_error() public
winbindd: call reset_cm_connection_on_error() from reconnect_need_retry()
winbindd: force netlogon reauth for certain errors in reset_cm_connection_on_error()
winbindd: call dcerpc_binding_handle_is_connected() from reset_cm_connection_on_error()
winbindd: fix logic calling dcerpc_binding_handle_is_connected()
winbindd: use reset_cm_connection_on_error() instead of dcerpc_binding_handle_is_connected()
winbindd: add retry to _wbint_LookupSids()
winbindd: add retry to _wbint_DsGetDcName
winbindd: add retry to _winbind_DsrUpdateReadOnlyServerDnsRecords
winbindd: add retry to _winbind_SendToSam
libcli/security: only announce a session as GUEST if 'Builtin\Guests' is there without 'Authenticated User'
s3: gse: use "gensec_gssapi:requested_life_time"
selftest: run vfs.fruit_netatalk test against seperate share
selftest: vfs.fruit: add xattr_tdb where possible
Simo Sorce (3):
Use "localhost" to be ipv6 only friendly
Revert "Use "localhost" to be ipv6 only friendly"
Remove dead code
Stefan Metzmacher (63):
winbindd: disable support for CROSS_ORGANIZATION domains
s4:kdc: make use of dsdb_trust_parse_tdo_info() in samba_kdc_trust_message2entry()
s4:kdc: only support LSA_TRUST_TYPE_UPLEVEL domains in samba_kdc_trust_message2entry()
s4:kdc: disable support for CROSS_ORGANIZATION domains
s3:torture: add SMB2-ANONYMOUS which asserts no GUEST bit for anonymous
s3:selftest: run SMB2-ANONYMOUS
s3:auth: remove unused auth_serversupplied_info->system
s3:auth: add the "Unix Groups" sid for the primary gid
s3:auth: move add_local_groups() out of finalize_local_nt_token()
s3:passdb: handle dom_sid=NULL in create_builtin_{users,administrators}()
s3:auth: only call secrets_fetch_domain_sid() once in finalize_local_nt_token()
s3:auth: add add_builtin_guests() handling to finalize_local_nt_token()
s3:auth: don't try to expand system or anonymous tokens in finalize_local_nt_token()
s3:auth: pass AUTH_SESSION_INFO_* flags to finalize_local_nt_token()
s3:auth: remove static from finalize_local_nt_token()
auth: add auth_user_info_copy() function
s3:auth: add auth3_user_info_dc_add_hints() and auth3_session_info_create()
s3:auth: base make_new_session_info_system() on auth_system_user_info_dc() and auth3_create_session_info()
s3:auth: pass the whole auth_session_info from copy_session_info_serverinfo_guest() to create_local_token()
s3:auth: add make_{server,session}_info_anonymous()
s3:rpc_server: make use of make_session_info_anonymous()
s3:auth: make use of make_{server,session}_info_anonymous()
test_smbclient_s3.sh: force LANG=C during test_utimes()
libcli/security: fix some SID values in comments
s3:auth: rename "guest" methods to "anonymous"
s3:passdb: add create_builtin_guests()
s3:libnet_join: make use of create_builtin_guests()
s3:auth: make use of create_builtin_guests() in finalize_local_nt_token()
s3:auth: support AUTH_SESSION_INFO_NTLM in finalize_local_nt_token()
drsuapi.idl: add DN/fpo-enabled attributes as DRSUAPI_ATTID_* values
dsdb:extended_dn_store: ignore DRSUAPI_ATTID_distinguishedName attributes
dsdb:extended_dn_store: we need to pass down our altered request down on NO_SUCH_OBJECT
dsdb:extended_dn_store: pass the full 'struct dsdb_attribute' to extended_store_replace()
dsdb:extended_dn_store: We need to ignore self references on add operation
dsdb:extended_dn_store: rename extended_replace_dn to extended_replace_callback
dsdb:extended_dn_store: split out a extended_replace_dn() function
tests/dsdb.py: prove the difference between linked and non-linked DN references
dsdb:extended_dn_store: make sure reject storing references to deleted objects in linked attributes
provision: use the provision control when adding foreignSecurityPrincipals
tests/dsdb.py: verify that foreignSecurityPrincipal objects require the provision control
dsdb:samldb: require as_system or provision control to create foreignSecurityPrincipal objects
tests/dsdb.py: test creation of foreignSecurityPrincipal via 'attr: <SID=...>'
dsdb:extended_dn_store: add support for FPO (foreignSecurityPrincipal) enabled attributes
dsdb:repl_meta_data: improve error message in get_parsed_dns()
selftest/Samba4: use DOMAIN/REALM from the dcvars instead of using hardcoded values
selftest: generate a ramdon domain sid during provision and export as SAMSID/[TRUST_]DOMSID
samba-tool: allow sid strings for 'group {add,remove}members'
selftest/Samba4: create add ${TRUST_DOMSID}-513 to a local group
testprogs/blackbox: add test_trust_token.sh
s4:selftest: run samba4.blackbox.trust_token against fl2003dc and fl2008r2dc
s4:auth: split out a authsam_domain_group_filter() function
s4:auth: add authsam_update_user_info_dc() that implements SID expanding for the local domain
s4:auth_winbind: only call authsam_logon_success_accounting() for local users
s4:auth_winbind: make sure we expand group memberships of the local domain
s4:kdc: remember is_krbtgt, is_rodc and is_trust samba_kdc_entry
s4:kdc: pass krbtgt and server to samba_kdc_update_pac_blob()
s4:kdc: make sure we expand group memberships of the local domain
s3:libsmb/samlogon_cache: zero session keys before storing the info3 structure
libcli/security: add dom_sid_is_valid_account_domain()
s4:rpc_server/lsa: make use of dom_sid_is_valid_account_domain()
pdb_samba_dsdb: make use of dom_sid_is_valid_account_domain()
talloc: use a library destructor instead of atexit() if available
talloc: version 2.1.12
Swen Schillig (5):
Zero libnet_LookupName out struct before using
Minor cleanup of libnet_LookupName_recv
Replace NT_STATUS_HAVE_NO_MEMORY macro
s3: Fix max indentation and max column
s3: Fix possible mem leak
Timur I. Bakeyev (1):
Remove some bashisms from the test scripts
Uri Simchoni (1):
README.Coding: codify line splitting on function calls
Volker Lendecke (14):
winbind: Implement forall_children()
winbind: Use forall_children in winbind_child_died()
winbind: "internal" children never have a domain set
winbind: Remove unused winbindd_internal_child()
winbind: Use forall_domain_children in winbind_msg_offline()
winbind: Use forall_domain_children in winbind_msg_online
winbind: Use forall_children in winbind_msg_ip_dropped_parent()
winbind: Use forall_children in reinit_after_fork()
winbind: Remove the "winbindd_children" global
winbind: Fix a race between the sigchld and 0-sized socket read
winbind: Fix --ping-dc error handling
utils: Add destroy_netlogon_creds_cli
winbind: Add smbcontrol disconnect-dc
winbind: Keep "force_reauth" in invalidate_cm_connection
-----------------------------------------------------------------------
--
Samba Shared Repository
More information about the samba-cvs
mailing list