The annotated tag, ldb-1.1.15 has been created at b49e3c4ed5525b4a49f55d994c9182af76162d1f (tag) tagging 1d1ea72574cfa22ee6207d0e9787d0271db3b5c2 (commit) replaces ldb-1.1.14 tagged by Stefan Metzmacher on Sun Jan 27 13:17:00 2013 +0100
- Log ----------------------------------------------------------------- ldb: tag release ldb-1.1.15 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAABAgAGBQJRBRq8AAoJEEeTkWETCEAl6DwH/3D8Ph7zSmkHVaONKKRE8qUG mRB4nu6krk+2poD65Cv5KaR/aOKsLVQ4EJ+gAByX6dvdpXnMonpD7cK2aVTLhq5j 7Q1RBzO74aK1OgiOFb6LXVmD0duBAfSByuvy4r0iQt+egcldYVqe2FoDxX9rWS6V oOy1rN9dbKblVgDBj8ZhTMS3RRcxtnnhiB3h/wjVvTCwEWbTPZ/lnezU/vOupH0c l1b/YG1XbMUm854ZOn7rZK087RLC3MJcLmJHl7WgqSfZ6eK1mk3tPTzdXJ3/VmV5 jT3JUI024RMa9mMCeWU5KHgmJwEbgk80DXpa+p+OZ7rWkKZDscRO57A0Otwqt24= =nrxA -----END PGP SIGNATURE----- Alexander Bokovoy (2): wafsamba: Make sure md5 is really work before using it or overriding the hash function wafsamba: replace try:except: case with explicit comment about FIPS mode Andreas Schneider (112): BUG 9436: Fix leaking sockets of SMB connections to a DC. s3-reg: Fix copy and paste error in debug message. torture: Fix copy and paste error. torture: Fix copy and paste error in debug message. libnet: Fix copy and paste error in dbsync error message. util: Add a UNIX platform independent samba_getpass(). wbinfo: Use new samba_getpass() function. smbclient: Use new samba_getpass() function. util: Use new samba_getpass() function. torture: Use new samba_getpass() in locktest2. torture: Use new samba_getpass() in smbtorture3. torture: Use new samba_getpass() in masktest. net: Use new samba_getpass() function for 'net ads'. net: Use new samba_getpass() function for 'net rpc'. net: Use samba_getpass() function in net util. ntlm_auth: Use new samba_getpass() function. util: Use new samba_getpass() function for passwd util. smbget: Use new samba_getpass() function. cmdline: Use new samba_getpass() function. ntlm_auth4: Use new samba_getpass() function. replace: Remove deprecated getpass() support. BUG 9459: Install manpages only if we install the target. winbind: Make the code more readable in trustdom_list_done(). s3-registry: Check return code of push_reg_sz(). s3-rpcclient: Check return value of add_string_to_array(). s3-net: Check return value of string_to_sid(). s3-net: Check the return value of strlower_m(). idl: Fix spoolss check for the size of the struct. s3-printing: Don't call talloc_free on an uninitialized pointer. vfs: Make sure we don't call talloc_free on an uninitialized pointer. s3-netapi: Fix zeroing policy handles in NetLocalGroupAdd_r(). torture: Fix torture_rpc_spoolss_printer_teardown_common(). s3-netapi: Initialize group_handle of NetUserSetGroups_r. s3-auth: Make sure we work on valid data_blobs. s4-netapi: Initialize group_handle of NetGroupGetUsers_r(). s3-netapi: Initialize group_handle of NetGroupSetUsers_r(). util: Don't use the pid ret value uninitialized. dfs_server: Don't allocate a subcontext twice. misc: Add a config for clang complete. tdb: Fix possible crash bugs in the python tdb code. tdb: Improve the documentation of tdb_reopen() and tdb_close(). winbind: Use talloc in resolve_alias_to_username(). winbind: Use talloc in resolve_username_to_alias(). s3-lib: Remove unsused variable from sys_get_nfs_quota(). s3-nmbd: Cleanup code to make it more readable. s4-libnet: Don't call talloc_get_type() for the same struct twice. nsswitch: Cleanup code in parse_wbinfo_domain_user(). nsswitch: Remove unused variable in _pam_winbind_change_pwd(). nsswitch: Fix pam_get_{item,data} build warnings. s3-utils: Cleanup code in wait_replies(). s4-client: Make sure we have a valid count if we goto cleanup. s3-utils: Correctly handle getenv() for the later system() call. s4-libcli: Fix comparison of chosen_oid. s3-libsmb: Fix possible comparsion problems. torture: Make sure we use the correct size for cxd. s3-ctdb: Make sure addr.sun_path is null terminated. s4-socket: Make sure unix socket addresses are null terminated. s3-registry: Fix counters_directory() dir creation. s3-printing: Correctly create the printing cache path. s3-lib: Don't close the listener twice if we goto failed. util: Remove unused fde_stdin in samba_runcmd. s4-libnet: Fix setting the group handle and return codes. s4-client: Check return codes in do_connect(). s3-smbd: Check return code of SMB_VFS_{L}STAT. s4-lib: Use directory_create_or_exist() to create messaging dir. s3-winbind: Check if we created the directories correctly. s4-regsitry: Check return value of ldb_msg_add_empty(). s3-eventlog: Make sure the eventlog directory exists. s3-nmbd: Check if we created the directories correctly. s4-libnet: Checkr return codes in samsync_ldb_handle_domain(). ndr: Check return code of ndr_pull_advance(). librpc: Check return codes of ndr functions. param: Correctly create directory and create common function. s3-net: Check return values of push_reg_sz(). s3-utils: Check return value of secrets_init(). libcli: Check schannel state return value of tdb_transaction_commit(). nsswitch: Fix wbclient BAIL macros. krb5_wrap: Remove dead code in smb_krb5_renew_ticket(). s4-librpc: Remove dead code in smb_send_request(). s3-tldap: Fix dead code in tldap_sasl_bind_send(). s3-lib: Fix push_ucs2() for-loop. s3-libads: Fix copy&paste error in ads_keytab_add_entry(). s3-rpc_server: Fix useless check if we still have a valid string. libwbclient: Fix null check in process_domain_info_string(). libcli: Fix smb2cli_ioctl_send() if clause. s3-vfs: Fix typo in readonly_connect(). s3-rpc_server: Fix a possible null pointer dereference. s3-vfs: Fix a null pointer deferference in vfs_media_harmony. s3-winbind: Fix null pointer dereference in store_memory_creds(). s3-rpc_server: Fix null pointer derefs in rpc_pipe_open_interface(). s3-libsmb: Fix a possible null pointer dereference. s3-netapi: Add missing break in NetUserSetInfo_r(). s3-lib: Make it clear that we want to fall trough here. s3-rpc_server: Make it clear we want to fall trough here. s4-dsdb: Make it clear that we want to fall trough here. libgpo: Make it clear that we want to fall trough here. s3-lib: Cleanup transfer_file_internal() a bit. s4-libcli: Use a do-while loop. s3-rpc_server: Fix username and remote check. s3-libsmb: Remove check if array is NULL. s3-prefork: Directly fail if tevent_req_is_unix_error() fails. s3-idmap: Check return value of string_to_sid(). s3-rpcclient: Fix cmd_eventlog_readlog() null pointer passing. s3-rpcclient: Fix cmd_eventlog_loginfo() null pointer passing. s3-net: Fix rpc_service_list_internal() null pointer passing. util: Add a strict directory_create_or_exist function. Use the new directory_create_or_exist_strict() function. s3-lib: Use new strict directory create function in create_pipe_sock(). printing: Create default architecture directories on init. BUG 9574: Fix a possible null pointer dereference in spoolss. ldap: Remove obsolete convertSambaAccount script. waf: Fix pdb_ldap which cannot be built as a module. Andrew Bartlett (68): Ensure we Correctly set fsp->is_directory before dealing with ACLs. smbd: Correctly set fsp->is_directory before dealing with ACLs Change get_nt_acl_no_snum() to return an NTSTATUS, not a struct security_descriptor *. smbd: Remove NT4 compatability handling in posix -> NT ACL conversion ntvfs: Fill in sd->type based on the new ACL being added scripting ntacls: Do not place a SACL in the GPO filesystem ACL samba-tool: Add new samba-tool gpo aclcheck and test s3-param: Handle setting default AD DC per-share settings in init_locals() dsdb: Make secrets_tdb_sync cope with -H secrets.ldb lib/replace: Do not use STRERROR_R_PROTO_COMPATIBLE as only roken.h sets this build: Use ntlm_auth from source3 as the only ntlm_auth installed on the system torture: remove source3 locktest and masktest build: Be consistent with the name of smbtorture binaries build: Remove --enable-smbtorture, require bin/smbtorture (from waf) for make test packaging: Remove long-gone --disable-merged-build from RHEL-CTDB packaging build: Do not install testing binaries scripting: Handle missing LDAP entries in samba-tool domain classicupgrade build: Install .po files for SWAT intl support smbd: Split create_conn_struct into a fn that does not change the working dir smbd: Fix calls to create_conn_struct_cwd to be correctly indented. pysmbd: Convert pysmbd to take an optional service to connect to scripting-ntacls: Optionally allow the service to be specified. scripting-provision: Set sysvol ACLs on the sysvol share pysmbd: Change to keyword based arguments samba-tool Add --service argument to samba-tool ntacl get/set smbd: Rework create_conn_struct to use conn_new() selftest: show that Samba honours "write list" and valid users build: Remove bashism from SAMBAMANPAGES rule vfs: Fix compilation of solaris ACL module passdb: Add discard_const_p() to pdb_samba_dsdb swat: move russian swat files alongside ja and tr build: Make install_with_python.sh executable build: In install_with_python.sh force using the python from the install we just made build: Make install_with_python.sh more portable build: Set LD_LIBRARY_PATH in install_with_python.sh s4-dbcheck: Allow forcing an override of an old @MODULES record dsdb-acl: give error string if we can not obtain the schema selftest: Add test for rfc2307 mapping handling s4-idmap: Remove requirement that posixAccount or posixGroup be set for rfc2307 samba-tool classicupgrade: Do not print the admin password during upgrade scripting/samba_upgradedns: Only look for IPv4/IPv6 addresses if we actually them selftest: skip base.dir2 tests as they just spin on modern ext4 dsdb: Make linked_attributes module GUID based for renames libcli/security: Ensure to fill in remaining_access for the initial case (bug #9554 - CVE-2013-0172) dsdb-acl: Run sec_access_check_ds on each attribute proposed to modify (bug #9554 - CVE-2013-0172) dsdb: Add test for modification of two attributes, one permitted, one denied (bug #9554 - CVE-2013-0172) drs-fsmo: Improve handling of FSMO role takeover. selftest: also skip raw.search as it also spins dsdb: Do not hold the transaction over the IRPC call to perform a role transfer torture: Fix fsmo test to use correct -H samba-tool syntax printing: Free talloc_stackframe() on all exit paths heimdal_build: Try again to sort out the strerror_r mess dsdb-acl: Add helper function dsdb_get_structural_oc_from_msg() dsdb-acl: Use dsdb_get_structural_oc_from_msg() in acl_modify() dsdb-acl: Use dsdb_get_structural_oc_from_msg() in acl_rename() dsdb-acl: use dsdb_get_structural_oc_from_msg() rather than class_schemaid_guid_by_lDAPDisplayName dsdb-acl: ask for the objectClass attribute if it's not in the scope of the clients search dsdb-acl: Remove unused get_oc_guid_from_message() dsdb-acl: Pass the structural objectClass into acl_check_access_on_attribute dsdb-acl: Use the structural objectClass in acl_check_access_on_attribute() libcli/security: handle node initialisation in one spot in insert_in_object_tree() libcli/security: remove useless if (root->num_of_children > 0) statements dsdb: Ensure "authenticated users" is processed for group memberships dsdb: Explain ordering constraints on the ACL module as well. libcli/auth: fix void function cannot return value error gensec: Allow login without a PAC by default (bug #9581) bug9598: s4-process_single: Use pid,fd as cluster_id in process_single just like process_prefork ldb: Ensure to decrement the transaction_active whenever we delete a transaction Arvid Requate (2): s4:samba-tool: Fix samba-tool fsmo --role=schema s4-resolve: Fix parsing of IPv6/AAAA in dns_lookup (bug #9555) Björn Baumbach (9): samba_dnsupdate: set KRB5_CONFIG for nsupdate command smb.conf(5): update list of available protocols (bug #9552) docs-xml: add dbwrap_tool.1 manual page build(waf): docs-xml: build new dbwrap_tool.8 manual page ntlm_auth(1): fix many format issues and and make examples visible build(waf)-libreplace: remove redundant check for flistea function smb.conf(5): server min protocol: add hint at list of available protocols smb.conf(5): client min protocol: add hint at list of available protocols wafsamba: use additional xml catalog file (bug #9512) Christian Ambach (9): s3:vfs_gpfs fix memory leaks in gpfs_getacl_alloc s3:vfs_gpfs fix memory leak in gpfs_get_nfs4_acl s3:vfs_gpfs fix memory corruption in gpfs2smb_acl s3:vfs_gpfs fix a memory leak in gpfsacl_get_posix_acl s3:modules:nfs4_acls fix memory hierarchy in smb_create_smb4acl s3:modules:nfs4_acls remove unused mem_ctx parameter to smbacl4_fill_ace4 build(waf): fix a typo examples: fix build on AIX6 s3:smbd/aio do not mark file modified during reads David Disseldorp (23): spoolss: fix segfault when "default devmode" is disabled selftest: configure printer with default devmode = no rpcclient: fix usage docs for rpcclient adddriver s3-printing: add missing carriage return to debug str smb2_ioctl: split ioctl handlers into separate funtions smb2_ioctl: split ioctl handler code on device type smb2_ioctl: add FSCTL_SRV_REQUEST_RESUME_KEY support s3-vfs: add copy_chunk vfs hooks smb2_ioctl: add support for FSCTL_SRV_COPYCHUNK smb2_ioctl: remove ioctl error response assumptions selftest: enable samba3.smb2.ioctl tests against s3fs torture: skip FSCTL_SRV_ENUM_SNAPS test when not supported smbd: split out file_fsp_get from file_fsp_smb2 smb2_ioctl: perform locking around copychunk requests torture: add locking tests for copychunk torture: replace ioctl failure returns with helper calls smb2_ioctl: only pass through to VFS on a valid fsp torture: copychunk test suite improvements smb2_ioctl: copychunk CHECK_READ and CHECK_WRITE smb2_ioctl: track copychunk response output state smb2_ioctl: copychunk request max output validation printing: Remove invalid free from error path. BUG 9378: Add extra attributes for AD printer publishing. Günther Deschner (70): s3-rpc_client: lookup nametype 0x20 in rpc_pipe_open_tcp_port(). (bug #9426) s3-rpc_client: try to use socket_addr if available in rpc_pipe_open_tcp() (bug #9426) s3-rpc_cli: Remove some unused wrapping code. s3-winbindd: add cm_connect_lsat(). s3-rpc_cli: make dcerpc_lsa_lookup_sids_generic() public. s3-rpc_client: make dcerpc_lsa_lookup_names_generic() public. s3-winbindd: remove lookup_names_fn_t. s3-winbindd: remove lookup_sids_fn_t. s3-winbindd: rework reconnect logic in winbindd_lookup_sids(). s3-winbindd: rework reconnect logic in winbindd_lookup_names(). s3-winbind: use new reconnect logic in rpc_lookup_sids() also. libcli/auth: add netlogon_creds_aes_{en|de}crypt routines. s3-rpc_client: use netlogon_creds_arcfour_crypt() in init_netr_CryptPassword. s3-rpc_client: support AES encryption in netr_ServerPasswordSet2 client. s3-rpc_server: support AES decryption in netr_ServerPasswordSet2 server. s4-torture: remove trailing whitespace from netlogon test. s4-torture: pass down netlogon flags in netr_ServerPasswordSet2 tests. s4-torture: add AES support for netr_ServerPasswordSet2 tests. s4-rpc_server: support AES decryption in netr_ServerPasswordSet2 server. s3-rpc_client: use netlogon_creds_aes_encrypt in interactive netlogon samlogon. s4-torture: remove trailing whitespace in smbtorture remote_pac test. s4-torture: use names for r.in.logon_level of netlogon samlogon requests. s4-torture: support AES encryption in pac_verify/generic samlogon netlogon tests. s4-torture: support AES encryption in interactive samlogon tests in rpc.samr. s4-torture: exit early when join fails in samba3rpc tests. s4-torture: use netlogon_creds_arcfour_crypt() in samba3rpc test. s3-rpc_server: pass down netlogon cred state in _netr_ServerGetTrustInfo(). s4-torture: validate owf password hash and negotiate AES ServerGetTrustInfo test. s4-torture: validate owf password hash and negotiate AES in forest trust test. s3-rpc_server: we need to encrypt OWFs using DES in _netr_ServerGetTrustInfo(). s4-rpc_server: support AES encryption in interactive and generic samlogon. s3-rpc_server: support AES for interactive netlogon samlogon password decryption. s3-auth: session keys in validation level 6 samlogon replies are *not* encrypted. s3-rpc_server: Remove obsolete process_creds boolean in samlogon server. s3-auth: remove crypto from serverinfo_to_SamInfoX calls. libcli/auth: remove trailing whitespace. libcli/auth: support AES decryption in netlogon_creds_decrypt_samlogon(). s4-torture: precalculate expected session keys from samlogon in schannel test. s4-torture: call the s4u2self tests with arcfour and aes. s4-torture: move samr_ValidatePassword test out of main samr test. s3-rpc_server: limit allowed transports for samr_ValidatePassword(). s4-rpc_server: limit allowed transports for samr_ValidatePassword(). s3-selftest: make sure to test rpc.samr.passwords.validate over ncacn_ip_tcp. s4-selftest: make sure to test rpc.samr.passwords.validate over ncacn_ip_tcp. libcli/auth: rename netlogon_creds_decrypt_samlogon() to netlogon_creds_decrypt_samlogon_validation(). libcli/auth: add netlogon_creds_encrypt_samlogon_validation(). s3-rpc_server: use netlogon_creds_encrypt_samlogon(). s4-rpc_server: use netlogon_creds_encrypt_samlogon(). spoolss: add Windows ARM architecture defines to IDL. spoolss: add SPOOLSS_DRIVER_VERSION_2012 (4) define to IDL. spoolss: add stubs for new JobNamedProperty dcerpc calls. spoolss: Make OpenPrinterEx work with NDR64 by using UserInfo Container. s4-torture: allow to do ndr tests with flags, not only ndr_flags. s4-torture: add ndr64 spoolss openprinterex to ndr test. spoolss: make spoolss deal with ndr64 ULONG_PTR of devmode_ptr and secdesc_ptr. s4-torture: add ndr64 spoolss_SetPrinter ndr test. spoolss: make spoolss deal with ndr64 AddForm by using proper container object. spoolss: make spoolss deal with ndr64 SetForm by using proper container object. s3-spoolss: use configurable spoolss architecture in compose_spoolss_server_path(). BUG 9474: Downgrade v4 printer driver requests to v3. s3-winbind: fix the build of idmap_ldap. spoolss: add more spoolss_DriverAttributes values. spoolss: make spoolss deal with ndr64 StartDocPrinter by using proper container object. s3-spoolss: Make it easier to manipulate the returned OSVersion at runtime. s3-rpcclient: decode OsVersion{Ex} binary blobs when displaying printerdata. spoolss: fill in spoolss_PlayGDIScriptOnPrinterIC IDL. spoolss: Add UNIVERSAL_FONT_ID. spoolss: add UNIVERSAL_FONT_ID_ctr for debugging. s3-rpcclient: add cmd_spoolss_play_gdi_script_on_printer_ic. s4-torture: add some basic tests for PlayGDIScriptOnPrinterIC. Ira Cooper (2): s3: Fix vfs_zfsacl to compile. nsswitch: Fix two bitfield constants being the same. Jelmer Vernooij (17): testtools: Update to latest version. subunit: Update to latest upstream version. s4/web_server: Fix typo in URL. web_server/wsgi: Don't segfault when wsgi app doesn't return iterable. web_server: Create a string object for SERVER_PORT variable. web_server: Properly set SCRIPT_NAME and PATH_INFO. web_server: Properly decrement reference counters for python objects in wsgi. web_server: the web server is not multi-process, indicate so in WSGI. web_server: Load SWAT if it is available. wsgi: When encountering error in Python code, print traceback to logs. web_server: Make second argument to websrv_output const. wsgi: Serve '500 Internal Server Error' page when errors occur. tdr: Strip trailing whitespace. wafsamba: python-config is not always a script. selftest.pl: Fix typo 'snprintf' -> 'sprintf'. testtools: Update to latest upstream version. subunit: Update to latest upstream version. Jeremy Allison (48): Another fix needed for bug #9236 - ACL masks incorrectly applied when setting ACLs. Add comments explaining exactly *why* we don't check FILE_READ_ATTRIBUTES when evaluating file/directory ACE's. More for #9374 - Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend. Remove unused append_parent_acl(). Documentation fixes for bug #9462 - Users can not be given write permissions any more by default s3:auth: Tidy up some of the API confusion in create_token_from_XXX() calls. Fix bug #9196 - defer_open is triggered multiple times on the same request. Recent coverity changes added directory_create_or_exist() checks to many directories. Allow create_conn_struct() to be called with snum == -1. smbd/posix_acls.c: Use create_conn_struct(). Don't hand-create connection structs. source3/smbd/pysmbd.c: Always use create_conn_struct(). Don't hand create connection structs. torture/vfstest.c: Always use create_conn_struct(). Don't hand create connection structs. Start to tidy-up check_user_ok(). Move the definition of struct vuid_cache_entry *ent outside blocks. Remove one set of enclosing {} braces, no longer needed. Remove the second set of {} braces, no longer needed. Remove dead code now vuser can no longer be NULL. Remove unneeded variable "const struct auth_session_info *session_info" Clean up struct connection_struct, make struct vuid_cache a pointer not inline. Add uint32_t share_access to vuid_cache_entry. Remove static from create_share_access_mask(). Fix API for create_share_access_mask(). Change API for create_share_access_mask() to pass in the token. Change API for create_share_access_mask() - remove conn struct. Correctly setup the conn->share_access based on the current user token. Add check_user_share_access() which factors out the share security and read_only flag setting code. Initialize stack variables. Prelude to factoring out calls to check_user_share_access(). Factor code out of check_user_ok() into a call to check_user_share_access(). Fix bug #9518 - conn->share_access appears not be be reset between users. Move create_share_access_mask() from smbd/service.c to smbd/uid.c. Fixup the change_to_user_by_session() case as called from become_user_by_session() lib/replace: Add missing check for sys/wait.h lib/replace: Add ucontext configure waf checks. lib/replace: Add ucontext configure autoconf checks. lib/replace: Include sys/ucontext.h if available. tevent: Fix bug 9550 - sigprocmask does not work on FreeBSD to stop further signals in a signal handler Move handle checking code to copychunk_check_handles(). Add additional copychunk checks. Move copychunk locking to be local to the read/write calls. Remove locking across the lifetime of the copychunk call. Sort winbind request flags. Ira saw we have a duplicate. Remove some unused variables. Fix warnings with mismatched sizes in arguments to DEBUG statements. Fix bug #9586 - smbd[29175]: disk_free: sys_popen() failed" message logged in /var/log/message many times. Revert "s3:smbd: SMB ReadX with size > 0xffff should only possible for samba clients." Fix bug #9572 - File corruption during SMB1 read by Mac OSX 10.8.2 clients. Fix bug #9587 - archive flag is always set on directories. Regression test for bug #9587 - archive flag is always set on directories. Jesper Larsen (1): replace: Fix compilation of rep_mkstemp Kai Blin (2): utils: Remove unused samba-dig tool samba-tool dns: Don't use "localhost" to connect to local host Karolin Seeger (38): popt_common: Fix typos. docs: Fix version in man smb.conf. docs: Add some binaries to the "SEE ALSO" section docs: Rename man ntlm_auth. docs: man ldb.3: Add missing meta data. docs: man ldbadd: Add missing meta data. docs: man ldbdel: Add missing meta data. docs: man ldbedit: Add missing meta data. docs: man ldbmodify: Add missing meta data. docs: man ldbrename: Add missing meta data. docs: man ldbsearch: Add missing meta data. docs: man talloc: Add missing meta data. docs: man tdbtool: Add missing meta data. docs: man ndrdump: Add missing meta data. docs: man regdiff: Add missing meta data. docs: man regpatch: Add missing meta data. docs: man regshell: Add missing meta data. docs: man regtree: Add missing meta data. docs: man 8 samba: Add missing meta data. docs: man gentest: Add missing meta data. docs: man locktest: Add missing meta data. docs: man masktest: Add missing meta data. docs: man smbtorture: Add missing meta data. docs: man ntlm_auth4: Add missing meta data. docs: man oLschema2ldif: Add missing meta data. docs: Fix typo in the howto collection. lib/tdb: Rename manpages/ to man/. lib/talloc: Move manpage to man/. docs: Update man 7 samba. docs: Add samba.8 and samba-tool manpage to waf build. docs: Merge both samba.8 manpages. docs: ldb.3.xml: Correct meta data. docs: ldbadd.1.xml: Correct meta data. docs: ldbdel.1.xml: Correct meta data. docs: ldbedit.1.xml: Correct meta data. docs: ldbmodify.1.xml: Correct meta data. docs: ldbrename.1.xml: Correct meta data. docs: ldbsearch.1.xml: Correct meta data. Matthieu Patou (20): Fix MD5 detection in the autoconf build libnet: set the invocation_id earlier in order to avoid annoying messages script: Add a script to display testsuite runtime sorted libnet-vampire: reports Exops as they rather than sync on some partitions dsdb-acl: Do not apply ACL on special DNs to hide attributes that the user shouldn't see dsdb-operational: Avoid doing the ldb_attr_cmp if bypass flag is not set Tests: rewrite ldap_schema to specify attributes Tests: avoid adding python options that are functions in the env Tests: remove redondent testsuites in provision dsdb: Fix warning about unused var dbcheck: look in hasMasterNCs as well for determining the instance type of a NC libcli-security: Add documentation for object_tree_modify_access security: Add documentation devel-getncchange: try to find the dest_dsa automatically devel-scripts: ask with WRIT_REP by default devel-script: add options for RODC and partial replica for replicate flags drepl-notify: change misleading message drsuapi: Add documentation libcli-acl: add documentation Tests: Fix the display of test vars in screen --testenv Michael Adam (76): s3:param: make init_locals() static. configure(waf): Fail "configure --with-ads" if ads support is not available libnet: Fix a typo in dbsync error message. ldb: fix a typo in the comment for ldb_req_is_untrusted() s4:tests/samba_tool/gpo.py: fix accidential line break s3:winbindd:util: add a comment explaining the function parse_sidlist() s3:winbindd: simplify winbindd_sids_to_xids_recv() a bit. s3:winbindd: factor lsa_SidType_to_id_type() out of winbindd_sids_to_xids_lookupsids_done() s3:winbindd: add explaining comment winbindd_sids_to_xids_send() s3:winbindd: convert some spaces to tabs in winbindd_sids_to_xids_send() s3:winbindd: factor winbindd_sids_to_xids into external and internal part s3:winbindd: use wb_sids2xids instead of wb_sid2uid in winbindd_sid_to_uid s3:winbindd: use wb_sids2xids instead of wb_sid2gid in winbindd_sid_to_gid s3:winbindd: add an explanatory comment to _wbint_Sids2UnixIDs() s3:winbindd: add an explanatory comment to _wbint_Sids2UnixIDs() s3:winbindd: use struct unixid instead of uint64 in Sids2Xids parent<->child selftest:Samba3: provision the domain adminstrators group in the s3 environments s3:winbindd: rename idmap_init_passdb_domain() -> idmap_passdb_domain() s3:winbindd: add idmap_find_domain_with_sid() s3:winbindd: also use idmap_passdb for own sam and builtin in wbint_Sids2UnixIDs() s3:winbindd: make idmap_find_domain() static. selftest:Samba3: call wait_for_start() from check_or_start() selftest:Samba3: add nmbd, winbindd smbd arguments to wait_for_start() selftest:Samba3: add "wbinfo -p" test to wait_for_start() selftest:Samba3: provision the BUILTIN\Users group if the environment runs winbindd s3:winbindd: change wb_fill_pwent to use wb_sids2xids instead of wb_sid2[ug]id s3:winbindd: change wb_getgrsid to use wb_sids2xids instead of wb_sid2gid s3:winbindd: change winbindd_getgroups to use wb_sids2xids instead of wb_sid2gid s3:winbindd: remove now unused wb_sid2uid and wb_sid2gid modules s3:winbindd: remove wbint_Sid2Uid() from the wbint.idl s3:winbindd: remove wbint_Sid2Gid from the wbint.idl s3:winbindd: remove unused server implementation of wbint_Sid2Uid() s3:winbindd: remove unused server implementation of wbint_Sid2Gid() s3:winbindd: remove unused idmap_sid_to_uid() s3:winbindd: remove unused idmap_sid_to_gid() s3:idmap_rid: force mapping type to ID_TYPE_BOTH for sid->unixid mapping s3:idmap_autorid: force mapping type to ID_TYPE_BOTH for sid->unixid mapping s3:test: fix intialization of WBINFO in test_wbinfo_sids2xids.sh s3:test:wbinfo_sids2xids: test the results with singular calls with filled and with empty cache s3:winbindd: remove unused function idmap_backends_sid_to_unixid() s3:lib: add utility function sid_check_is_for_passdb() build the new sid_check_is_for_passdb() function into passdb s3:winbindd: use the new sid_check_is_for_passdb() in idmap_find_domain_with_sid() s3:passdb: don't bail out in pdb_default_sid_to_id() if sid is not in our sam s3:passdb: factor pdb_sid_to_id_unix_users_and_groups() out of pdb_default_sid_to_id() s3:passdb: add sid_check_object_is_for_passdb() s3:passdb:pdb_ldap: pre-validate sid with sid_check_object_is_for_passdb() s3:passdb:pdb_ldap: treat "Unix User" and "Unix Group" in sid_to_id() s3:passdb: don't look into group mappings in legacy_sid_to_unixid() s3:selftest: extend sids2xids test script to cope with "ID_TYPE_BOTH mappings s3:passdb: fix building pdb_ldap as shared module s3:smbd:vfs_acl: fix a PANIC when setting an ACL fails with ACCESS_DENIED s3:smbd: don't apply create/directory mask and modes in apply_default_perms() s3:smbd: fix a cut and paste error in a debug message s3:auth: fix header comment for user_sid_in_group_sid() s3:auth: fix create_token_from_sid() to not fail in the winbindd case pidl: change strange spelling __donnot_use_enum_* to __do_not_use_enum_* s3:auth: fix function header comment for user_sid_in_group_sid() s4:torture:rpc:samr: add debugging of result of (many) dcerpc_samr_* calls s4:dsdb/password_hash: do the min password age checks first s4:rpc_server/samr: do WRONG_PASSWORD checks after the complexity checks s4:torture/samr: allow STATUS_PASSWORD_RESTRICTIONS from ChangePasswordUser s4:torture:rpc:samr: fix password age calculation in test_ChangePasswordUser3() selftest: skip the samba4.rpc.samr.passwords test in ncacn_np(dc) and s4member environments s3:auth: fix dereference level in talloc checks in create_token_from_sid() docs: add an entity stdarg.option for the "--option" command line parameter docs: use the stdarg.option entity in the popt.common.samba entity docs: fix the stdarg.configfile entity to print a "=" sign after the long option docs: add popt.common.samba.server and popt.common.samba.client entities docs: use the entities popt.common.samba.server and stdarg.help in samba(8) docs: use the popt.common.samba.client entity in samba-tool(8) docs: document the command line options in dbwrap_tool(1) dbwrap: add dbwrap_is_persistent() s3:dbwrap_tool: add --persistent switch and mode for non-persistent DBs docs: document the "--persistent" option in dbwrap_tool(1) build(waf): fix the abi_match for the pdb library Richard Sharpe (3): A small error message fix in source3/smbd/server.c smbd_open_one_socket does not use the messaging_context variable so why pass it in? Fix bug #9460 - Samba 3.6.x and Master respond incorrectly to FILE_STREAM_INFO requests. Ricky Nance (2): samba-tool processes: Make the output a bit neater s3fs: make the log warning go away Samba-JP oota (2): docs: Remove superfluous bracket. docs: Fix typo in vfs_tsmsm.8.xml. Scott Lovenberg (1): Clean up client timeout definitions [rev. 2] Stefan Metzmacher (164): lib/replace: replace all *printf function if we replace snprintf (bug #9390) s3:param: set "map archive = no" in ROLE_ACTIVE_DIRECTORY_DC s4:torture/rpc/handles: move a torture_comment() s4:torture/rpc/handles: try to make the assoc_group test less flakey s3:librpc: add support for PFC_FLAG_OBJECT_UUID when parsing packets (bug #9382) librpc/idl: teach ndrdump about dumping security.idl structures s4:torture/rpc/handles: try to make all assoc_group tests less flakey s3:vfs_aixacl2: make use of vfs_aixacl_util.h s4:smbd/open: add missing TALLOC_FREE(frame) to inherit_new_acl() s3:vfs_gpfs: make sure we return the correct errno in gpfs2smb_acl() s3:vfs_gpfs: add no memory check in gpfs2smb_acl() s3:util: fix usage of popt_burn_cmdline_password() s3:popt_common: Fix password processing. s4:dsdb/schema_data: fix debug message in schema_data_modify() s4:dsdb/dirsync: check result of replUpToDateVector fetch on nc_root s4:dsdb/dirsync: use the correct nc_root to fetch replUpToDateVector s4:dsdb/dirsync: explicitly ask for sdctr->secinfo_flags = 0xF s4:netcmd/gpo.py: s/ntSecurityDescriptor/nTSecurityDescriptor s4:netcmd/gpo.py: the nTSecurityDescriptor may not be visible for the current user s4:netcmd/gpo.py: only ask for OWNER/GROUP/DACL when validating the nTSecurityDescriptor s4:netcmd/gpo.py: let get_gpo_info explicitly ask for the full ntSecurityDescriptor s4:tests/samba_tool/gpo.py: add test_show_as_admin() s4:dsdb/rootdse: remove unused variable s4:dsdb/rootdse: do helper searches AS_SYSTEM s4:dsdb/objectclass: do helper searches AS_SYSTEM and with SHOW_RECYCLED s4:dsdb/extended_dn_in: do helper searches AS_SYSTEM and with SHOW_RECYCLED s4:dsdb/extended_dn_store: do helper searches AS_SYSTEM s4:dsdb/acl_util: do helper searches AS_SYSTEM s4:dsdb/acl_util: add dsdb_request_sd_flags() helper function s4:dsdb/descriptor: do searches for nTSecurityDescriptor AS_SYSTEM and with SHOW_RECYCLED s4:dsdb/descriptor: always use descriptor_search_callback if we return nTSecurityDescriptor s4:dsdb/descriptor: make use of dsdb_request_sd_flags() s4:dsdb/descriptor: make it clear that the SD Flags are ignored on add s4:dsdb/acl: do helper searches AS_SYSTEM and with SHOW_RECYCLED s4:dsdb/acl: remove unused "acl:perform" option s4:dsdb/acl: don't protect confidential attributes when "acl:search = yes" is set s4:dsdb/acl: calculate the correct access_mask when modifying nTSecurityDescriptor s4:dsdb/acl_read: do search for instanceType AS_SYSTEM and with SHOW_RECYCLED s4:dsdb/acl_read: specify the correct access_mask for nTSecurityDescriptor s4:dsdb/acl_read: enable acl checking on search by default (bug #8620) s4:dsdb/descriptor: give SYSTEM the correct default owner (group) sid s4:dsdb/descriptor: if the caller specifies no DACL/SACL the objects gets a default one s4:provision: add get_empty_descriptor() s4:samba_upgradeprovision: use the sd_flags:1:15 control with an empty sd s4:dsdb/descriptor: move special dn check to the start of descriptor_{add,modify,rename} s4:dsdb/descriptor: remove support for unused LDB_CONTROL_RECALCULATE_SD_OID s4:dsdb/descriptor: add some error checks to descriptor_{add,modify} s4:dsdb/descriptor: remove some unnecessary nesting s4:dsdb/descriptor: remove some nesting from descriptor_modify s4:dsdb/descriptor: make explicit that we don't support MOD_DELETE on nTSecurityDescriptor s4:dsdb/descriptor: the old nTSecurityDescriptor is always expected there on modify s4:dsdb/acl: also add DSDB_SECRET_ATTRIBUTES into the password attributes s4:dsdb/common: add pekList and msDS-ExecuteScriptPassword to DSDB_SECRET_ATTRIBUTES_EX s4:provision: add pekList and msDS-ExecuteScriptPassword to @KLUDGEACL s4:dsdb/dirsync: remove unused 'deletedattr' variable s4:dsdb/acl: require SEC_ADS_DELETE_TREE if the TREE_DELETE control is given (bug #7711) s4:dsdb/objectclass: do not pass the callers controls on helper searches s4:dsdb/subtree_delete: do an early return and avoid some nesting s4:dsdb/subtree_delete: do the recursive delete AS_SYSTEM/TRUSTED (bug #7711) s4:dsdb/subtree_delete: delete from the leafs to the root (bug #7711) s4:dsdb: define DSDB_CONTROL_SEC_DESC_PROPAGATION_OID s4:dsdb/objectclass_attrs: allow DSDB_CONTROL_SEC_DESC_PROPAGATION_OID on modify s4:dsdb/repl_meta_data: allow DSDB_CONTROL_SEC_DESC_PROPAGATION_OID on modify s4:dsdb/schema_data: allow DSDB_CONTROL_SEC_DESC_PROPAGATION_OID on modify s4:dsdb/descriptor: handle DSDB_CONTROL_SEC_DESC_PROPAGATION_OID s4:dsdb: define DSDB_EXTENDED_SEC_DESC_PROPAGATION_OID s4:dsdb/descriptor: implement DSDB_EXTENDED_SEC_DESC_PROPAGATION_OID s4:dsdb/acl_util: add dsdb_module_schedule_sd_propagation() s4:dsdb/descriptor: recalculate nTSecurityDescriptor after a rename (bug #8621) s4:dsdb/descriptor: inherit nTSecurityDescriptor changes to children (bug #8621) s4:dsdb/repl_meta_data: call dsdb_module_schedule_sd_propagation() for replicated changes s4:dsdb/tests: add SdAutoInheritTests s4:dsdb/descriptor: NULL out user_descriptor elements depending on the sd_flags s3:smbd/open: use Builtin_Administrators as owner of files (if possible) s3:smbd/open: try the primary sid (user) as group_sid if the token has just one sid s3:smbd/open: fall back to Builtin_Administrators if SYSTEM doesn't map to a group libcli/security: remove duplicate aces in se_create_child_secdesc() s3:libsmb: add cli_{query,set}_security_descriptor() which take sec_info flags s3:smbcacls: add --query-security-info and --set-security-info options s4:libcli/finddcs_cldap: try all NBT#1C addresses s4:libcli/finddcs_cldap: allow io->in.server_address as hostname s4:samba-tool/gpo: use the dns_domain from the server when creating gpos s4:samba-tool/gpo: use 'gPCFileSysPath' when deleting gpos s4:samba-tool/gpo: fix the operation order when creating gpos s4:python/ntacl: allow string or objects for sd/sid in setntacl() s4:python/ntacl: add 'as_sddl' option to dsacl2fsacl() s4:dsdb/password_hash: Honor password complexity settings. s4:dsdb/schema: fix dsdb_schema_set_el_from_ldb_msg() (bug #9470) s4:dsdb/schema_data.c: correctly move the CN=Aggregate attributes to msg->elements[i].values (bug #9470) s4:dsdb/acl_read: keep the ldb_message of the sub search (bug #9470) s4:dsdb/acl_read: improve debugging for fatal error s4:dsdb/descriptor: fix replication of NC heads s4:dsdb/dirsync: fix potential talloc hierachy problems (bug #9470) s4:dsdb/acl_read: check the ldb_attr_list_copy_add() result s4:dsdb/acl_read: fix the calculation of the attribute array for the sub search s4:dsdb/acl_read: give some variables a better name s4:dsdb/acl_read: return the nTSecurityDescriptor attr if the sd_flags control is given (bug #9470) s4:dsdb/operational: fix stripping of the nTSecurityDescriptor attribute s4:dsdb/tests/sec_descriptor: verify the nTSecurityDescriptor and sd_flags interaction s4:dsdb/tests/sec_descriptor: verify the search of a windows dc join keeps working libcli/security: implement object_in_list() libcli/security: calculate the correct inherited_object GUID s4:dsdb/descriptor: pass object_list to create_security_descriptor() s4:provision: set the correct nTSecurityDescriptor on CN=Partitions,CN=Configuration... (bug #9481) s4:provision: set the correct nTSecurityDescriptor on CN=Sites,CN=Configuration... (bug #9481) s4:provision: set the correct nTSecurityDescriptor on CN=Infrastructure,... (bug #9481) s4:provision: set the correct nTSecurityDescriptor on CN=Builtin,... (bug #9481) s4:provision: set the correct nTSecurityDescriptor on CN=Computers,... (bug #9481) s4:provision: set the correct nTSecurityDescriptor on CN=Users,... (bug #9481) s4:provision: set the correct nTSecurityDescriptor on CN=Domain Controllers,... (bug #9481) Revert "s4:dsdb/password_hash: Honor password complexity settings." s4:dsdb/password_hash: Honor password complexity settings. s4:dsdb/common: only pass the DSDB_CONTROL_PASSWORD_HASH_VALUES_OID if required selftest/flapping: mark samba4.rpc.samr.large-dc.two as knownfail lib/param: use the correct path names again Happy New Year 2013 selftest/flapping: more samba4.rpc.samr.large-dc.two subtests are flakey s4:scripting/python: always treat the highwatermark as opaque (bug #9508) s4:dsdb/repl_meta_data: always treat the highwatermark as opaque (bug #9508) s4:dsdb/repl_meta_data: store the last results and timestamps in the repsFrom s4:dsdb/repl_meta_data: also update the last_sync_success in replUpToDateVector s4:dsdb/repl_meta_data: don't merge highwatermark and uptodatevector (bug #9508) s4:dsdb/common: use LDB_SEQ_HIGHEST_SEQ for our entry in the uptodatevector s4:dsdb/common: use 01.01.1970 as last_sync_success for our entry in the uptodatevector s4:dsdb/drepl: update the source_dsa_obj/invocation_id in repsFrom s4:drsuapi: move struct drsuapi_getncchanges_state to the top of getncchanges.c s4:drsuapi: remove unused 'highest_usn' from drsuapi_getncchanges_state s4:drsuapi: avoid a ldb_dn_copy() and use talloc_move() instead s4:drsuapi: always use the current uptodateness_vector s4:drsuapi: add drsuapi_DsReplicaHighWaterMark_cmp() s4:drsuapi: make sure we never return the same highwatermark twice in a replication cycle (bug #9508) s4:drsuapi: check the source_dsa_invocation_id (bug #9508) s4:drsuapi: make sure we report the meta data from the cycle start (bug #9508) s4:drsuapi: make use of LDB_TYPESAFE_QSORT() and pass getnc_state s4:drsuapi: try to behave more like windows for usn order (bug #9508) s4:lib/messaging: terminate the irpc_servers_byname() result with server_id_set_disconnected() (bug #9540) s3:smb2_negprot: set the 'remote_proto' value dsdb-acl: don't call dsdb_user_password_support() if we don't use the result dsdb-acl: talloc_free the private context when we pass to the next module dsdb-acl: fix the order of special and system checks libcli/security: don't look at the inherited type in get_ace_object_type() dsdb-acl: add helper variable 'ldb' in acl_sDRightsEffective dsdb-acl: calculate sDRightsEffective based on "nTSecurityDescriptor" dsdb-schema: make schema_subclasses_order_recurse() static dsdb-schema: make sure use clean caches in schema_inferiors.c dsdb-schema: make sure we build [system]PossibleInferiors completely dsdb-acl: introduce a 'msg' helper variable to acl_modify() dsdb-acl: introduce a 'el' helper variable to acl_modify() dsdb-acl: dsdb_attribute_by_lDAPDisplayName() is needed for all attributes dsdb-acl: attr is not optional to acl_check_access_on_attribute() dsdb-acl: add acl_check_access_on_objectclass() helper dsdb-acl: use acl_check_access_on_objectclass() instead of acl_check_access_on_class() dsdb-acl: remove unused acl_check_access_on_class() dsdb-acl: make use of acl_check_access_on_attribute() in acl_modify() dsdb-acl: make use of acl_check_access_on_{attribute,objectclass} in acl_rename() dsdb-acl: make use of acl_check_access_on_objectclass() for the object in acl_delete() dsdb-acl: the SEC_ADS_DELETE_CHILD checks need objectclass->schemaIDGUID libcli/security: fix whitespaces in access_check.c libcli/security: fix formating in access_check.c libcli/security: simplify get_ace_object_type() libcli/security: avoid usage of dom_sid_parse_talloc() in sec_access_check_ds() libcli/security: add init_mask to existing children in insert_in_object_tree dsdb-acl: remove unused variable ldb: fix a warning by converting from TDB_DATA to struct ldb_val Stephen Gallagher (1): ldb: Move doxygen comments for ldb_connect to the right place Tsukasa Hamano (1): Fix bug #9471 - SEGV when using second vfs module. Volker Lendecke (68): s3: Fix some blank line endings s3: Fix Coverity ID 741407 -- resource leak s3: Do not free a string where we should not s3: Do not free a string where we should not s3: Fix bug 9428 -- inotify detection broken s3: Avoid some transaction_commit on gencache.tdb s3: Open gencache_notrans with TDB_NOSYNC s3: Use dbwrap_parse_record in fetch_share_mode_unlocked dbwrap: Use dbwrap_parse_record in dbwrap_fetch_uint32_bystring s3: test dbwrap_ctdb s3: Remove header==NULL code from db_ctdb_marshall_record s3: Slightly simplify db_ctdb_transaction_commit s3: Add db_ctdb_ltdb_parse s3: Use db_ctdb_ltdb_parse in db_ctdb_ltdb_fetch s3: Use db_ctdb_ltdb_parse in db_ctdb_fetch_db_seqnum_from_db s3: Slightly simplify db_ctdb_marshall_loop_next s3: Factor out db_ctdb_marshall_loop_next_key from db_ctdb_marshall_loop_next s3: reduce db_ctdb_marshall_loop_next to specialized db_ctdb_marshall_buf_parse s3: Factor out parse_newest_in_marshall_buffer from pull_newest_from_marshall_buffer s3: Avoid db_ctdb_fetch for persistent databases s3: Remove unused code for fetching persistent ctdb records s3: Factor out db_ctdb_can_use_local_hdr from db_ctdb_can_use_local_copy s3: Directly parse local existing records in db_ctdb_parse_record s3: Remove db_ctdb_fetch dbwrap: Use talloc_zero in db_open_cache dbwrap: Use talloc_zero in db_open_rbt dbwrap: No need to NULL out a talloc_zero'ed structure element dbwrap: Remove an unnecessary if-statement dbwrap: Do not rely on dbwrap_record_get_value to return a talloc object Fix Bug 9422 - large read requests cause server to issue malformed reply s3: Fix clear_if_first for the async echo handler s3: Fix a typo in a debug message tdb: Fix a missing CONVERT tdb: Fix a typo tdb: Fix a comment tdb: Fix blank line endings tdb: Slightly simplify tdb_lock_list tdb: Simplify logic in tdb_lock_list slightly tdb: Factor out tdb_lock_covered_by_allrecord_lock from tdb_lock_list tdb: Use tdb_lock_covered_by_allrecord_lock in tdb_unlock tdb: Fix a typo tdb: Fix a typo tdb: Make tdb_new_database() follow a more conventional style tdb: Add a comment explaining the "check" tdb: Fix \n in error messages tdb: Fix undefined prototype warnings smbd: Fix bug 9549 -- Memleak in the async echo handler smbd: Fix a typo smbd: Simplify an if-expression smbd: Remove some () dbwrap: Use INCOMPATIBLE_HASH for dbwrap_watchers.tdb winbind: Fix error check in unpack_tdc_domains winbind: Fix some missing NULL checks samr: Split up an assignment from an if condition samr: Make use of posix_openpt Fix bug 9548: Correctly detect O_DIRECT configure: Fix bug 9546, aio_suspend detection on FreeBSD smbd: Always compile vfs_commit smbd: Fix bug 9544, part 1 smbd: Fix bug 9544, part 2 test: dbwrap_tool requires --persistent for the registry now tevent: Fix a comment winbind: Use standard tevent_context_init winbind: Introduce "struct child_handler_state" winbind: Handle child requests in a tevent_fd smbtorture: Satisfy a linker dependency smbd: Fix a NULL vs false return error Avoid a very small memleak on talloc_tos() ----------------------------------------------------------------------- -- Samba Shared Repository