My TODO before RC1

Andrew Bartlett abartlet at
Mon Sep 10 06:59:30 MDT 2012


You asked for my TODO list before (and after, at this rate) RC1 to see
if others might be able to help.

It is (in rough order):
 - Call for last changes to our WHATSNEW
 - Find out if what (else!) folks need to be in RC1 beyond what is
already discussed.
 - Sort out ACLs after classicupgrade.  Essentially I think the issue is
that the idmap isn't reflexive.  I'm trying to implement the posix ACL
hash stuff we discussed a couple of months ago. 
 - have 'waf dist' run source3/ and incorporate the outputs. 
   - this would be easier if that script would run with builddir !=
srcdir so we could just point it at a blank directory and collect the
outputs (but certainly don't have the energy for that). 
 - Merge the outstanding patches from Christof Schmitt
<christof.schmitt at>.  
  - The PAC patch looks good.  However, as has been ovbious over the
past week, I'm a stickler for testing, and I'm still waiting for the
tests for the PAC patch.  I prepared the framework in winbind.pac but I
was leaving this to Chrisof to finish.  
  - The rfc2307 idmap patch seems like a reasonable idea, except for the
user/group suffixes (I still dislike them as a concept, even if they are
required).  However, I again would like some tests - particularly
because we already have folks complaining that idmap_ad doesn't work,
and re-using the tests in that configuration could prove that either way
(idmap_ad is also modified by the patch). 
 - Do the DNS tests that I promised Kai earlier this evening
 - Have the WAF and autoconf config.h be identical (enough).  The great
work by Björn Jacke <bjacke at> to merge and finish my quota
patches means we are close, with only some waf quota checks to go. 
 - Run a wintest before doing RC1. 
 - Look into the patch for ntlm_auth TLS channel binding.  (There is no
practical way i can do this for RC1, but it's almost a year since the
patch was posted)
 - Look into the whole 'map untrusted to domain' saga properly.  Make
winbind return a special NTSTATUS return if the 'authoriative' flag is
not set, rather than basing things on the known list of domains.
 - many other things I can't think of at this time of night.

I plan RC1 on Wednesday, and I don't have a clone army, so clearly I
won't get most of this done.  Any assistance would be most welcome.


Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 

More information about the samba-technical mailing list