I think the original post got stuck in the moderator queue because it
was too big.
Here is a brief explanation of each patch.
1) winbindd/winbindd.c
Limit maximum simutaneous connections to 200
(Centrify will probably drop this patch next Samba synch up).
2) utils/testparm.c
HPUX - Guard against invalid uid/gid.
3) utils/smbpasswd.c,
Automatically prepend the host machine name when setting a users'
password so that it does not need to be typed.
smbpasswd -r rh9v2 -U rh9v2\\normal
(Centrify will review and possibly drop this patch in the next Samba
synch up).
4) sasl.c
clikrb5.c
kerberos_verify.c
Add support for AES encryption types (Windows 2008)
net ads user will fail if these encryption types exist in
/etc/krb5.conf - MIT kerberos
net ads user
root's password:
[2008/04/07 23:24:19, 0] libads/kerberos.c:ads_kinit_password(228)
kerberos_kinit_password root at EASY.THING failed: Client not found in
Kerberos database
5) cliconnect.c
Makefile.in
Add support for NTLM authentication for AD users, where the assigned
Unix name is not the same as the user's samAccountName. This may only
apply to Centrify zones.
6) rpc_server/srv_srvsvc_nt.c
Added a lp_pathexist array to save the path status. If the directory
path for a shared resource does not exist do not present the share to
the client.
7) vfs_hpuxacl.c
initialized pointer before using it, so that SAFE_FREE() won't free
an uninitialized pointer
8) proto.h
loadparm.c
sec_ctx.c
Solaris 10 SPARC
The smb server stopped responding when ad user who belong to more
than 20 AD groups connect the smb server.
3.3.X, samba will panic if sys_setgroups fails
Resolution: Add a new smb.conf option "ignore syssetgroups error",
default value is "No", allow the customers
to set it to Yes when necessary
(This is a controversial patch in that the Solaris system does not
get the real group list, but at least it prevents the crash).
9) libtdb.c
libtdb.h
Centrify created - wrapper functions around LGPL'D tdb sources to
help with maintaining secrets.tdb file
Samba team probably has no interest in these - especially since they
now have a library with the same name!
This library is only kept around if we run into problems in the
field again with
exec'ing "net change secretpw" (which we have reverted to doing).
10) configure
includes.h
capibility.h
filesys.h
Resolve some SUSE-8 related build errors using GNU 3.2 compiler
1) update configure, remove CFLAGS +z for gcc 3.3 doesn't support
this
2) update includes.h, we should change the order for capability.h
and filesys.h
3) update capability.h, to prevent redefinition on struct statfs.
11) winbind_nss_hpux.h
Fix a compile error conflict for h_error and /usr/include/netdb.h
~~~~~~~~~~~~~~~~~~~~~
From: Volker Lendecke [mailto:Volker.Lendecke at SerNet.DE]
Sent: Wednesday, December 02, 2009 12:28 AM
Hi!
On Tue, Dec 01, 2009 at 11:48:19AM -0800, Dave Daugherty wrote:
> Here is the latest set of patches from Centrify along with a brief
> explanation of each patch. Some of these have been submitted to the
> list before. If you are interested in more details about these let us
> know.
Dave has sent me a unified diff off-list, thanks for that!
For reference, I've attached it for consumption by git am.
Now to look at it more closely :-)
Volker