[SCM] Samba Shared Repository - annotated tag talloc-2.1.12 created

Stefan Metzmacher metze at samba.org
Thu Mar 22 06:25:58 UTC 2018

The annotated tag, talloc-2.1.12 has been created
        at  52933e59df9c5ca06a5cce1ab85034b27d7f45c6 (tag)
   tagging  80f9ec016496087bca06d3c34b6f687f0dc145ac (commit)
  replaces  ldb-1.3.2
 tagged by  Stefan Metzmacher
        on  Thu Mar 22 07:25:36 2018 +0100

- Log -----------------------------------------------------------------
talloc: tag release talloc-2.1.12
Version: GnuPG v1


Amitay Isaacs (8):
      ctdb-pmda: Use modified API in pcp library 4.0
      ctdb-ib: Avoid fall through case statements
      ctdb-client: Client code should never free the client context
      ctdb-tools: Wait for ctdb daemon to go away in shutdown
      ctdb-tools: Drop ipiface command from ctdb tool
      ctdb-common: Drop unused function ctdb_sys_find_ifname()
      ctdb-tools: Event script commands cannot be run without daemon
      ctdb-tools: Fix documentation for ctdb ping command

Andreas Schneider (105):
      s4:lib:com: Fix function declartions
      lib:texpect: Avoid some compiler warnings
      lib:replace: Add FALL_THROUGH support
      lib:replace: Add FALL_THROUGH statements in strptime.c
      lib:ldb: Add FALL_THROUGH statements in common/ldb_dn.c
      lib:ldb: Add FALL_THROUGH statements in ldb_map/ldb_map_inbound.c
      lib:ldb: Add FALL_THROUGH statements in ldb_map/ldb_map.c
      lib:ldb: Add FALL_THROUGH statements in ldb_map/ldb_map_outbound.c
      lib:param: Add FALL_THROUGH statements in loadparm.c
      lib:util: Add FALL_THROUGH statements in substitute.c
      lib:util: Add FALL_THROUGH statements in charset/charset_macosxfs.c
      lib:util: Add FALL_THROUGH statements in util_file.c
      s3:lib: Add FALL_THROUGH statements in substitute_generic.c
      s3:lib: Add FALL_THROUGH statements in util_path.c
      s3:lib: Add FALL_THROUGH statements in util_str.c
      lib:tdb: Add FALL_THROUGH statements in hash.c
      lib:tdb: Add FALL_THROUGH statements in tdbtool.c
      lib:tdb: Add FALL_THROUGH statements in common/summary.c
      libgpo: Add FALL_THROUGH statements in gpo_sec.c
      librpc:ndr: Add FALL_THROUGH statements in ndr_cab.c
      s3:auth: Add FALL_THROUGH statements in auth_sam.c
      s3:auth: Add FALL_THROUGH statements in pampass.c
      s3:lib: Add FALL_THROUGH statements in cbuf.c
      s3:lib: Add FALL_THROUGH statements in sysacls.c
      s3:lib: Add FALL_THROUGH statements in util_sd.c
      s3:libsmb: Add FALL_THROUGH statements in dsgetdcname.c
      s3:modules: Add FALL_THROUGH statements in vfs_acl_common.c
      s3:smbd: Add FALL_THROUGH statements in nttrans.c
      s3:smbd: Add FALL_THROUGH statements in trans2.c
      s3:utils: Add FALL_THROUGH statements in regedit.c
      s3:utils: Add FALL_THROUGH statements in net_conf.c
      s3:utils: Add FALL_THROUGH statements in net_rpc_conf.c
      s3:rpc_server: Add FALL_THROUGH statements in rpc_server.c
      s4:samdb: Add FALL_THROUGH statements in cracknames.c
      s4:samdb: Add FALL_THROUGH statements in linked_attributes.c
      s4:auth: Add FALL_THROUGH statements in auth_util.c
      s4:auth: Add FALL_THROUGH statements in auth_sam.c
      s4:auth: Add FALL_THROUGH statements in gensec_krb5.c
      s4:rpc_server: Add FALL_THROUGH statements in dcesrv_srvsvc.c
      s4:torture: Add FALL_THROUGH statements in basic/misc.c
      s4:torture: Add FALL_THROUGH statements in rpc/spoolss.c
      auth:credentials: Add FALL_THROUGH statements in credentials_secrets.c
      auth:gensec: Add FALL_THROUGH statements in spnego.c
      nsswitch: Add FALL_THROUGH statements in pam_winbind.c
      s3:libnet: Add FALL_THROUGH statements in libnet_join.c
      s3:modules: Add FALL_THROUGH statements in getdate.c
      s3:lsa: Add FALL_THROUGH statements in srv_lsa_nt.c
      s3:rpcclient: Add FALL_THROUGH statements in rpcclient.c
      s3:smbd: Add FALL_THROUGH statements in reply.c
      s3:utils: Add FALL_THROUGH statements in net_registry_check.c
      s3:utils: Add FALL_THROUGH statements in ntlm_auth.c
      s3:winbindd: Add FALL_THROUGH statements in idmap_autorid.c
      s4:dsdb: Add FALL_THROUGH statements in password_hash.c
      s4:lib: Add FALL_THROUGH statements in http.c
      s3:spoolss: Remove incorrect fall through comment in srv_spoolss_nt.c
      libsmb: Remove incorrect fall through comment in trusts_util.c
      third_party: Update pam_wrapper to version 1.0.5
      third_party: Add missing config.h in libpamtest
      auth:credentials: Add FALL_THROUGH statements in credentials.c
      auth:credentials: Avoid an 'else' branch
      wafsamba: Build with -Wimplicit-fallthrough if supported
      s3:smbd: Do not crash if we fail to init the session table
      util: Fix the logic in ms_fnmatch_protocol()
      s3:tests: Skip smbd error test if we do not log to stdout
      testprogs: Return the correct error status code
      selftest: Impove test names for samba.wbinfo_simple
      ldb: Directly return an error and do not fall through
      wbinfo: Improve the wording for --online-status
      heimdal: Fix size types
      s4:ntvfs: Fix size type in pvfs functions
      s3:libads: Fix size types in kerberos functions
      s4:dns_server: Fix size types
      s4:rpc_server: Fix size types in dcerpc dnsserver
      s4:ldap_server: Fix size types
      s4:cldap_server: Fix size types
      libcli:smb: Fix size types
      s3:param: Fix size types
      s4:utils: Fix size types
      s4:rpc_server: Fix size types
      s4:torture: Fix size types in qsinfo test
      s4:torture: Fix size types in qfileinfo test
      s3:torture: Fix size types in spoolss test
      s3:libsmb: Fix size types in nmblib
      s4:torture: Fix size types in nss tests
      s4:client: Fix size types
      s3:client: Fix size types
      s3:avahi: Fix size types
      s3:printing: Fix size type in printing_db
      s3:winbindd: Fix size types in idmap_tdb_common
      s3:vfs_nettalk: Fix size types
      s3:rpc_server: Fix size types in srvsvc
      s3:utils: Fix size type in log2pcaphex
      s3:nmbd: Fix size type in nmbd_browsesync.c
      s3:modules: Fix size type in getdate
      s3:passdb: Fix size types
      s3:rpc_server: Fix size types in spoolss
      s3:rpcclient: Fix size types
      ldb: Fix size types in ldb_ldif functions
      lib:socket: Return early if we have only one interface
      s4:dsdb: Fix integer operations
      s3:nmbd: Fix possible integer overflow
      s3:locking: Fix integer overflow check in posix_lock_in_range()
      s3:vfs_preopen: Change to a do-while loop and fix the check
      s3:registry: Fix size types and length calculations
      talloc: Fix size type and checks in _vasprintf_tc

Andrej Gessel (1):
      bugfix memory leak. partition_dn is only used to search and compare and is not freed at the function end.

Andrew Bartlett (1):
      partition: Use a transaction to write and a read lock to read the LDB_METADATA_SEQ_NUM

Anton Nefedov via samba-technical (1):
      s3:smbd: map nterror on smb2_flush errorpath

Björn Baumbach (2):
      ms_schema: fix python2.6 incompatibility
      samba-tool visualize: fix python2.6 incompatibility

Bob Campbell (1):
      samdb/schema_load: do schema loading with one search

Christof Schmitt (1):
      Fix autobuild for user names starting with c

Dan Robertson (1):
      libsmb: Use smb2 tcon if conn_protocol >= SMB2_02

David Disseldorp (3):
      tests: Add basic ms_fnmatch unit test
      ctdb/pmda: fix num_recoveries metric store
      build: fix standalone ctdb build --with-systemd

Douglas Bagnall (3):
      py3compat: add strings describing bytes/unicode in both versions
      tests/smbcontrol: reduce ping test false positive rate
      samba-tool ldapcmp: remove duplicate takes_optiongroups attribute

Garming Sam (25):
      tests/dbcheck: Provision using the old schema and ignore displayName
      domain.py: Give some advice if the schema upgrade command fails
      schema: Do not read different schema sequence values during a read transaction
      partition: Leave metadata.tdb unlocking until last
      schema_set: Add a missing newline between functions
      dsdb: The schema should be reloaded during the transaction
      ldb_tdb: Begin abstracting out the base key value operations
      ldb_tdb: Replace exists, name and error_map with key value ops
      ldb_tdb: Replace tdb transaction code with generic key value ones
      ldb_tdb: Add lock_read and unlock_read to key value ops
      ldb_tdb: Remove tdb_get_seqnum and use a generic 'has_changed'
      ldb_tdb: factor out the (to be) common init code
      ldb_tdb: Use key value ops for fetch command
      ldb_tdb: Implement a traversal function in key value ops
      partition: Allow a different backend store from @PARTITION
      ldb_tdb: Build a key value operation library
      ldb_tdb: Remove unnecessary call to tdb_get_seqnum
      join.py: Add missing NTSTATUSError import
      kcc_utils: Add a routine for automatic site coverage
      kcc_utils: Keep a count of the DCs in each site
      kcc_utils: Prevent multiple sites attached to a sitelink covering a site
      kcc_utils: Use lower name in automatic sites covered
      tests/kcc_util: Add unit tests for automatic site coverage
      tests/samba_dnsupdate: Add a trivial test of automatic site coverage
      samba_dnsupdate: Introduce automatic site coverage

Gary Lockyer (14):
      ldb_tdb: Add support for an option to restrict the key length
      ldb_tdb: Do not fail in GUID index mode if there is a duplicate attribute
      ldb_tdb: Cope with key truncation
      ldb_tdb: Do not give the warning of duplicate attributes in truncation
      ldb_tdb: Refuse to store a value in a unique index that is too long
      ldb_tdb: Combine identical not GUID index and special DN cases
      ldb_tdb: Add tests for truncated index keys
      ldb_mod_op_test: Fix core dump on ldb_case_attrs_index_test_teardown
      remove_dc.py: Abort transaction before throwing an exception
      ldb_tdb: Add errorstr to the key value ops
      ldb: Remove python warning in tests/python/index.py
      selftest: Change name to sam.ldb to align with new partition module assumptions
      ldb_mod_op_test: Add new nested transactions test
      ldb_mod_op_test: Make sure that closing the database frees locks

Jeremy Allison (10):
      s3: vfs_fruit. Ensure we only return one set of the 'virtual' UNIX ACE entries.
      s3: vfs_fruit: Ensure we operate on a copy of the incoming security descriptor.
      s3: vfs_fruit. If the security descriptor was modified, ensure we set the flags correctly to reflect the ACE's left.
      s3: vfs_fruit. Change check_ms_nfs() to remove the virtual ACE's generated by fruit_fget_nt_acl().
      CVE-2018-1050: s3: RPC: spoolss server. Protect against null pointer derefs.
      s3: smbd: vfs_fruit: Add remove_virtual_nfs_aces() a generic NFS ACE remover.
      s3: smbd: vfs_fruit: Replace code in check_ms_nfs() with remove_virtual_nfs_aces().
      s3: smbd: vfs_fruit: Replace code in fruit_fget_nt_acl() with remove_virtual_nfs_aces().
      s4: vfs: fruit tests: Add regression test for dealing with NFS ACE entries.
      s3: smbd: Fruit. Make the use of dom_sid_compare_domain() much clearer.

Jonathan Hunter (1):
      Update help text for dbcheck

Martin Schwenke (94):
      ctdb-packaging: Make the ctdb package own more directories
      ctdb-packaging: Package event scripts via a wildcard
      ctdb-scripts: Do not use ctdb_service_reconfigure() for policy routing
      ctdb-scripts: Add default for public addresses file where missing
      ctdb-tests: Fix a double-typo bug
      ctdb-tests: Use consistent NAT gateway nodes file
      ctdb-tests: Drop unneccessary unset of variable
      ctdb-tests: Clean up PATH setting for stubs/ subdirectory
      ctdb-tests: Check for errors when adding stubs/ subdirectory to PATH
      ctdb-tests: Avoid creating files in /tmp.
      ctdb-common: Drop debugging variable CTDB_EXTERNAL_TRACE
      ctdb-tools: Change onnode to use ONNODE_SSH and ONNODE_SSH_OPTS
      ctdb-tools: Introduce a variable to hold the ssh command
      ctdb-tools: Revisit stray file descriptor avoidance in onnode
      ctdb-tests: Add fake ssh command for local daemons tests
      ctdb-tests: Use fake ssh script for onnode in local daemons tests
      ctdb-tools: Remove test hooks from onnode
      ctdb-tools: Reindent parts of onnode
      ctdb-scripts: Avoid no-op "ctdb ptrans" call
      ctdb-tests: Exit on statd-callout sub-test failure
      ctdb-scripts: Clean up statd-callout
      ctdb-tests: Generalise SM_NOTIFY output format in statd-callout tests
      ctdb-scripts: Move script state to its own directory
      ctdb-scripts: Factor out function ctdb_setup_state_dir()
      ctdb-scripts: Use ctdb_setup_state_dir()
      ctdb-scripts: Drop unused function ctdb_setup_service_state_dir()
      ctdb-scripts: Move the reconfigure flag to the script state directory
      ctdb-scripts: Move failure counters to the service state directory
      ctdb-scripts: Simplify the names of NFS fail counter files
      ctdb-packaging: Use RPM's local state directory
      ctdb-tests: Rework simple tests daemon start/stop
      ctdb-scripts: Drop broken wrapper code that uses PID
      ctdb-scripts: Drop unnecessary complexity from wrapper
      ctdb-packaging: Package up relevant /var subdirectories
      ctdb-scripts: Don't create directory for PID file
      ctdb-scripts: Drop init script PID directory backward compatibility
      ctdb-daemon: Provide default location for ctdbd PID file
      ctdb-daemon: CTDB_PIDFILE environment variable overrides default
      ctdb-scripts: Drop PID file argument from wrapper
      ctdb-tests: Factor out setup of fake CTDB_BASE
      ctdb-tests: Use setup_ctdb_base() for eventscript unit tests
      ctdb-tests: Use setup_ctdb_base() for onnode unit tests
      ctdb-tests: New directory for simple test state
      ctdb-tests: Use SIMPLE_TESTS_VAR_DIR for data for local daemons tests
      ctdb-tests: Clean up nodes and public address file setup
      ctdb-tests: Reindent setup_ctdb() function
      ctdb-tests: Use setup_ctdb_base() for simple tests
      ctdb-tests: Make fake ssh script set CTDB_BASE
      ctdb-tests: Depend on setup_ctdb_base() to install events.d/
      Revert "ctdb-doc: Fix monitoring bug in example NFS Ganesha call-out"
      ctdb-tests: Don't use nc -d or -w options
      ctdb-ib: Drop a bit-rotted test example from the README
      ctdb-scripts: Drop CTDB_PIDFILE configuration option
      ctdb-daemon: Drop ctdbd --pidfile option
      ctdb-scripts: Drop CTDB_EVENT_SCRIPT_DIR configuration option
      ctdb-tests: Drop ctdbd --event-script-dir option
      ctdb-tests: Use CTDB_SOCKET environment variable to specify socket
      ctdb-daemon: Allow CTDB_SOCKET environment variable to be used
      ctdb-tests: Use environment variable for specifying socket
      ctdb-tools: Drop a couple of unnecessary exports of CTDB_SOCKET
      ctdb-scripts: Drop CTDB_SOCKET configuration option
      ctdb-daemon: Drop ctdbd --socket option
      ctdb-tools: Move handling of CTDB_SOCKET to process_command()
      ctdb-tools: Drop ctdb --socket option
      ctdb-tests: Add some options to setup_ctdb()
      ctdb_tests: Reconfigure the cluster when restarting CTDB
      ctdb-tests: Update some tests to use setup_ctdb() options
      ctdb-tests: Don't allow simple tests to use environment for config
      ctdb-daemon: Provide a default location for public addresses file
      ctdb-tests: Use default public addresses file in local daemon tests
      ctdb-tests: Use default public addresses file for event script tests
      ctdb-scripts: Drop 10.external event script
      ctdb-tests: Allow tests access to CTDB_BASE
      ctdb-scripts: Drop CTDB_PUBLIC_ADDRESSES configuration option
      ctdb-tests: Remove unused function get_ctdbd_command_line_option()
      ctdb-daemon: Drop ctdbd --public-addresses option
      ctdb-scripts: Drop CTDB_PUBLIC_INTERFACE configuration option
      ctdb-daemon: Drop ctdbd --public-interface option
      ctdb-tests: Use default location for nodes file
      ctdb-tools: Drop onnode CTDB_NODES_FILE environment variable
      ctdb-tests: Drop an orphaned comment
      ctdb-tests: Use setup_base() in tool unit tests
      ctdb-tests: Improve setting of helper paths
      ctdb-tests: Put configuration, socket and PID file in CTDB_BASE
      ctdb-tests: Simplify nodes file handling in tool tests
      ctdb-tools: Drop testing hook from ctdb tool
      ctdb-scripts: Drop CTDB_NODES configuration option
      ctdb-tools: No longer honour CTDB_NODES environment variable
      ctdb-daemon: Drop ctdbd --nlist option
      ctdb-tests: Use onnode to start/stop local daemons
      ctdb-tests: Use CTDB_BASE instead of node_dir
      ctdb-tests: Construct values for CTDB_BASES by hand
      ctdb-tests: Drop unused functions
      ctdb-scripts: Drop CTDBD_CONF internal test variable

Matt Selsky (1):
      auth/kerberos: Fix typo in error message regarding fetching PAC using Heimdal

Noel Power (28):
      samba-tool: convert octal 'O1234' format to python3 compatible '0o1234'
      samba python libs: convert 'O1234' format to python3 compatible '0o1234'
      python tests: convert oct 'O1234' format to python3 compatible '0o1234'
      samba python libs: convert 'except X, (tuple)' to 'except X as e'
      samba-tool: convert 'except X, (tuple)' to 'except X as e'
      samba python tests: convert 'except X, (tuple)' to 'except X as e'
      drs torture python: convert 'except X, (tuple)' to 'except X as e'
      dsdb python tests: convert 'except X, (tuple)' to 'except X as e'
      s3:libads: ads_get_dnshostname & ads_get_samaccountname don't use param
      s3:libads: Clean up code a little rename 'ads_get_samaccountname()'
      s3:libads: Add a basic Windows SPN parser.
      s3:libads: change ads_add_service_principal_name implementation
      s3:utils: add new 'net ads setspn list' subcommand
      s3:utils: add new 'net ads setspn add' subcommand
      s3:utils: add new 'net ads setspn delete' subcommand
      testprocs/blackbox: Add tests for net ads setspn (add|delete|list)
      s3:libads: Allow 'net ads keytab add' handle Windows SPN(s) part 1
      s3:libads: Allow 'net ads keytab add' handle Windows SPN(s) part 2
      testprogs:: Add blackbox tests for 'net ads keytab add'
      s3:libads: add param to prevent writing spn(s) to ads
      s3:utils: Modify default behaviour of 'net ads keytab add'
      testprogs: Switch expected failure tests to expected pass
      s3:libads: 'net ads keytab create' shouldn't write SPN(s)
      testprogs: 'net ads keytab create' expected failures should now pass
      docs: Add manpage for 'net ads keytab' subcommand
      docs: Add manpage for new 'net ads setspn' subcommand
      WHATSNEW: Add info for 'net ads keytab' and 'net ads setspn' changes
      lib:replace: Fix linking when libtirpc-devel overwrites system headers

Ralph Boehme (32):
      nsswitch: fix wbinfo -m --verbose trust type "Local"
      CVE-2018-1057: s4:dsdb/tests: add a test for password change with empty delete
      CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for LDB_FLAG_MOD_TYPE
      CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for passwordAttr->num_values
      CVE-2018-1057: s4:dsdb/acl: only call dsdb_acl_debug() if we checked the acl in acl_check_password_rights()
      CVE-2018-1057: s4:dsdb/acl: remove unused else branches in acl_check_password_rights()
      CVE-2018-1057: s4:dsdb/acl: check for internal controls before other checks
      CVE-2018-1057: s4:dsdb/acl: add check for DSDB_CONTROL_PASSWORD_HASH_VALUES_OID control
      CVE-2018-1057: s4:dsdb/acl: add a NULL check for talloc_new() in acl_check_password_rights()
      CVE-2018-1057: s4/dsdb: correctly detect password resets
      CVE-2018-1057: s4:dsdb/acl: run password checking only once
      CVE-2018-1057: s4:dsdb/samdb: define DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control
      CVE-2018-1057: s4:dsdb/acl: changing dBCSPwd is only allowed with a control
      s4: dsdb/password_hash: use UF_TRUST_ACCOUNT_MASK
      winbindd: add and use ldap_reconnect_need_retry() in winbindd_reconnect_ads.c
      winbindd: check for NT_STATUS_IO_DEVICE_ERROR in reset_cm_connection_on_error()
      winbindd: make reset_cm_connection_on_error() public
      winbindd: call reset_cm_connection_on_error() from reconnect_need_retry()
      winbindd: force netlogon reauth for certain errors in reset_cm_connection_on_error()
      winbindd: call dcerpc_binding_handle_is_connected() from reset_cm_connection_on_error()
      winbindd: fix logic calling dcerpc_binding_handle_is_connected()
      winbindd: use reset_cm_connection_on_error() instead of dcerpc_binding_handle_is_connected()
      winbindd: add retry to _wbint_LookupSids()
      winbindd: add retry to _wbint_DsGetDcName
      winbindd: add retry to _winbind_DsrUpdateReadOnlyServerDnsRecords
      winbindd: add retry to _winbind_SendToSam
      libcli/security: only announce a session as GUEST if 'Builtin\Guests' is there without 'Authenticated User'
      s3: gse: use "gensec_gssapi:requested_life_time"
      selftest: run vfs.fruit_netatalk test against seperate share
      selftest: vfs.fruit: add xattr_tdb where possible

Simo Sorce (3):
      Use "localhost" to be ipv6 only friendly
      Revert "Use "localhost" to be ipv6 only friendly"
      Remove dead code

Stefan Metzmacher (63):
      winbindd: disable support for CROSS_ORGANIZATION domains
      s4:kdc: make use of dsdb_trust_parse_tdo_info() in samba_kdc_trust_message2entry()
      s4:kdc: only support LSA_TRUST_TYPE_UPLEVEL domains in samba_kdc_trust_message2entry()
      s4:kdc: disable support for CROSS_ORGANIZATION domains
      s3:torture: add SMB2-ANONYMOUS which asserts no GUEST bit for anonymous
      s3:selftest: run SMB2-ANONYMOUS
      s3:auth: remove unused auth_serversupplied_info->system
      s3:auth: add the "Unix Groups" sid for the primary gid
      s3:auth: move add_local_groups() out of finalize_local_nt_token()
      s3:passdb: handle dom_sid=NULL in create_builtin_{users,administrators}()
      s3:auth: only call secrets_fetch_domain_sid() once in finalize_local_nt_token()
      s3:auth: add add_builtin_guests() handling to finalize_local_nt_token()
      s3:auth: don't try to expand system or anonymous tokens in finalize_local_nt_token()
      s3:auth: pass AUTH_SESSION_INFO_* flags to finalize_local_nt_token()
      s3:auth: remove static from finalize_local_nt_token()
      auth: add auth_user_info_copy() function
      s3:auth: add auth3_user_info_dc_add_hints() and auth3_session_info_create()
      s3:auth: base make_new_session_info_system() on auth_system_user_info_dc() and auth3_create_session_info()
      s3:auth: pass the whole auth_session_info from copy_session_info_serverinfo_guest() to create_local_token()
      s3:auth: add make_{server,session}_info_anonymous()
      s3:rpc_server: make use of make_session_info_anonymous()
      s3:auth: make use of make_{server,session}_info_anonymous()
      test_smbclient_s3.sh: force LANG=C during test_utimes()
      libcli/security: fix some SID values in comments
      s3:auth: rename "guest" methods to "anonymous"
      s3:passdb: add create_builtin_guests()
      s3:libnet_join: make use of create_builtin_guests()
      s3:auth: make use of create_builtin_guests() in finalize_local_nt_token()
      s3:auth: support AUTH_SESSION_INFO_NTLM in finalize_local_nt_token()
      drsuapi.idl: add DN/fpo-enabled attributes as DRSUAPI_ATTID_* values
      dsdb:extended_dn_store: ignore DRSUAPI_ATTID_distinguishedName attributes
      dsdb:extended_dn_store: we need to pass down our altered request down on NO_SUCH_OBJECT
      dsdb:extended_dn_store: pass the full 'struct dsdb_attribute' to extended_store_replace()
      dsdb:extended_dn_store: We need to ignore self references on add operation
      dsdb:extended_dn_store: rename extended_replace_dn to extended_replace_callback
      dsdb:extended_dn_store: split out a extended_replace_dn() function
      tests/dsdb.py: prove the difference between linked and non-linked DN references
      dsdb:extended_dn_store: make sure reject storing references to deleted objects in linked attributes
      provision: use the provision control when adding foreignSecurityPrincipals
      tests/dsdb.py: verify that foreignSecurityPrincipal objects require the provision control
      dsdb:samldb: require as_system or provision control to create foreignSecurityPrincipal objects
      tests/dsdb.py: test creation of foreignSecurityPrincipal via 'attr: <SID=...>'
      dsdb:extended_dn_store: add support for FPO (foreignSecurityPrincipal) enabled attributes
      dsdb:repl_meta_data: improve error message in get_parsed_dns()
      selftest/Samba4: use DOMAIN/REALM from the dcvars instead of using hardcoded values
      selftest: generate a ramdon domain sid during provision and export as SAMSID/[TRUST_]DOMSID
      samba-tool: allow sid strings for 'group {add,remove}members'
      selftest/Samba4: create add ${TRUST_DOMSID}-513 to a local group
      testprogs/blackbox: add test_trust_token.sh
      s4:selftest: run samba4.blackbox.trust_token against fl2003dc and fl2008r2dc
      s4:auth: split out a authsam_domain_group_filter() function
      s4:auth: add authsam_update_user_info_dc() that implements SID expanding for the local domain
      s4:auth_winbind: only call authsam_logon_success_accounting() for local users
      s4:auth_winbind: make sure we expand group memberships of the local domain
      s4:kdc: remember is_krbtgt, is_rodc and is_trust samba_kdc_entry
      s4:kdc: pass krbtgt and server to samba_kdc_update_pac_blob()
      s4:kdc: make sure we expand group memberships of the local domain
      s3:libsmb/samlogon_cache: zero session keys before storing the info3 structure
      libcli/security: add dom_sid_is_valid_account_domain()
      s4:rpc_server/lsa: make use of dom_sid_is_valid_account_domain()
      pdb_samba_dsdb: make use of dom_sid_is_valid_account_domain()
      talloc: use a library destructor instead of atexit() if available
      talloc: version 2.1.12

Swen Schillig (5):
      Zero libnet_LookupName out struct before using
      Minor cleanup of libnet_LookupName_recv
      Replace NT_STATUS_HAVE_NO_MEMORY macro
      s3: Fix max indentation and max column
      s3: Fix possible mem leak

Timur I. Bakeyev (1):
      Remove some bashisms from the test scripts

Uri Simchoni (1):
      README.Coding: codify line splitting on function calls

Volker Lendecke (14):
      winbind: Implement forall_children()
      winbind: Use forall_children in winbind_child_died()
      winbind: "internal" children never have a domain set
      winbind: Remove unused winbindd_internal_child()
      winbind: Use forall_domain_children in winbind_msg_offline()
      winbind: Use forall_domain_children in winbind_msg_online
      winbind: Use forall_children in winbind_msg_ip_dropped_parent()
      winbind: Use forall_children in reinit_after_fork()
      winbind: Remove the "winbindd_children" global
      winbind: Fix a race between the sigchld and 0-sized socket read
      winbind: Fix --ping-dc error handling
      utils: Add destroy_netlogon_creds_cli
      winbind: Add smbcontrol disconnect-dc
      winbind: Keep "force_reauth" in invalidate_cm_connection


Samba Shared Repository

More information about the samba-cvs mailing list