The annotated tag, tdb-1.3.5 has been created at 897c98bc484c2d22e365b650e7f52fa830dba864 (tag) tagging 3f35c1d52ee77f7cabd52dd503565cec360f1de2 (commit) replaces talloc-2.1.2 tagged by Stefan Metzmacher on Wed Apr 29 11:25:51 2015 +0200
- Log ----------------------------------------------------------------- tdb: tag release tdb-1.3.5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAABAgAGBQJVQKOfAAoJEEeTkWETCEAlLv8H/2Fz7gvazdeDLrm6fXNLdVoB eVMA0BXEa73Y+PXmWjABi4tt6/8p3ynZMtlXsK4WZcUuVKBZnneLEvC+VJJuceIq bKFMOFN6iw3KdXYDF6SgQjLzPT1nBngcuT2Pha7M8PLEtAtb8Cc09mGm9d5YVCSo +xKL+gsH1FEj7P+kuGu0VFe0BbYxH3EnfxVnRZnCnbgzCcNiJZ3P5OZC4cxMX28C lEIVf0gxV+ciA/hmI0SrwC75GodYLS2tSHjYLJVQ8isZ/Lob5aPDz3cOUVF26J20 JwZmV+n82ZONeLkF23fD6GamQY8ibqBjGfNsjW5HpQ3RhaZlt9jmLq3RI1NFPOk= =nrXn -----END PGP SIGNATURE----- Alexander Drozdov (2): tdb: introduce tdb_chainlock_read_nonblock(), a nonblock variant of tdb_chainlock_read() tdb: version 1.3.5 Amitay Isaacs (7): ctdb-scripts: Simplify 00.ctdb event script ctdb-tests: Avoid early exits in scripts that appear on tail of a pipe ctdb-recoverd: Fix typo in comment ctdb-daemon: Drop tunable that is no longer in use ctdb-scripts: Use tcp connection for checking RPC services ctdb-tests: Switch to tcp check in rpcinfo stub tdb: Do not build test binaries if it's not a standalone build Andreas Schneider (21): replace: Remove superfluous check for gcrypt header. selftest: Add missing variable to @exported_envvars YouCompleteMe: Add missing path. dlz_bind9: Fix keytab location. s3-winbind: Correct debug message for starting winbind. kdc-db-glue: Fix a NULL pointer dereference. kdc-db-glue: Fix function format of samba_kdc_message2entry() kdc-db-glue: Fix memory cleanup to avoid crashes. kdc-db-glue: Do not allocate memory for the principal kdc-db-glue: Remove unused code. torture: Fix the usage of the MEMORY credential cache. Revert "lib: tdb: Use sigaction when testing for robust mutexes." s4-gensec: Check if we have delegated credentials. s4-process_model: Do not close random fds while forking. s4-process_model: Panic if the standard init function fails s3-passdb: Fix 'force user' with winbind default domain waf: Fix systemd detection rpcclient: Fix the timeout command torture: Correctly invalidate the memory ccache. torture: Free the temporary memory context s4-setup: Add saltPrincipal to secrets_dns.ldif Andrew Bartlett (34): kdc: Fix S4U2Self handling with KRB5_NT_ENTERPRISE_PRINCIPAL containing a UPN torture-krb5: Add an initial test for s4u2self behaviour auth/kerberos: Do a string comparison in kerberos_decode_pac() not a principal comparison auth/kerberos: Use KRB5_PRINCIPAL_UNPARSE_DISPLAY in kerberos_create_pac() torture-krb5: Test accepting the ticket to ensure PAC is well-formed dsdb: Allow spaces in userPrincipalName values selftest: Change testsuite to use a UPN with a space in it dsdb: Ensure we cope with a samAccountName with a space in it in DsCrackName() kdc: Ensure we cope with a samAccountName with a space in it selftest: Change testsuite to use a samAccountName with a space in it lib/tls: Fix behaviour of --disable-gnutls and remove link to gcrypt backupkey: Explicitly link to gnutls and gcrypt pygensec: Add bindings for gensec_set_target_service and gensec_set_target_hostname selftest: Fix comments in provision_promoted_dc s4-process_model: Remove prefork and onefork dsdb-repl: Always set DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING when we are an RODC selftest: Run LOCAL-WBCLIENT against a test environment, not none torture3: Rename LOCAL-WBCLIENT to WBCLIENT-MULTI-PING samba-tool drs: Ensure we do not replicate all secrets to an RODC, even with --local smb.conf.5: Mark "dgram port" and "nbt port" as deprecated param: Use IDL-based constants for NBT and NBT dgram ports Do not use popt_common.h in dlz_bind9 s4-process_standard: Remove signal(SIGCHLD, SIG_IGN) lib/util: Make ECHILD in samba_runcmd_io_handler an error build: Add talloc and samba-debug dep for gensec_external module dsdb-tests: Give more helpful information about attribute differences backupkey: Use ndr_pull_struct_blob_all() torture-lsa: Allow rpc.lsa.trusted.domains to run successfully torture: Run lsa.trusted.domains auth tests against samba4 autobuild: Do not wait when running just one target .gitignore: Ignore pidl/MYMETA.json Improve output of check-clean-tree.sh script autobuild: Do not consider IDL.pm and Expr.pm changes to make a build bad autobuild: Add options to set mail host and send e-mail with logs Anoop C S (5): libnetapi: Fix CID 1272947 Fix logically dead code registry: Fix 1273042 Identical code for if/else branch libnetapi: Fix 241166 Fixing logically dead code rpc_server/srvsvc: Fix CID 241162 Logically dead code libads: Fix CID 1272956 Fixing wrong if condition Björn Jacke (1): vfs_fruit: also map characters below 0x20 Christof Schmitt (37): brlock: Use 0 instead of empty initializer list build: Move systemd checks to lib/util debug: Remove FORMAT_BUFR_MAX, use FORMAT_BUFR_SIZE - 1 instead debug: Remove some unneeded function declarations debug: Always store short version of prog_name in debug state debug: Move logging to callback to separate function debug: Move mapping from level to syslog priority to helper function debug: Add infrastructure for supporting multiple backends debug: Add file backend debug: Add syslog backend param: Add new 'logging' parameter debug: Set backends from logging parameter in smb.conf debug: Remove codepath to open file in Debug1 debug: Use backends instead of explicitly logging to syslog or file debug: Simplify Debug1 debug: Remove now unused syslog variables from debug_settings param: Mark syslog and syslog_only as deprecated debug: Add systemd backend debug: Add lttng backend gpfswrap: Move gpfswrap to lib/util gpfswrap: Add wrappers for tracing API debug: Add GPFS tracing backend WHATSNEW: Add logging backends selftest: Use 'logging' parameter instead of 'syslog' vfs_gpfs: Remove warning after failure of get_gpfs_fset_id vfs_gpfs: Remove check for fileset quota vfs_gpfs: Remove vfs_gpfs_get_quotas docs: Update vfs_gpfs manpage for the removed fileset quota check smbcacls: Make 'numeric' a local variable smbcacls: Use defines for security flags smbcacls: Move SidToString to common file smbcacls: Move StringToSid to common file smbcacls: Move print_ace and parse_ace to common file smbcacls: Move sec_desc_print to common file util_sd: Make server conncection optional sharesec: Print ACEs in similar format as expected in input sharesec: Use common parse_ace function David Disseldorp (48): lib/system: remove useless HAVE_LINUX_FALLOCATE64 logic s3/vfs: change fallocate mode flags from enum->uint32_t build: check for fallocate hole-punch support system: add hole punch support to sys_fallocate() smbd/ioctl: add FSCTL_SET_ZERO_DATA support idl/ioctl: change QAR response array to a DATA_BLOB build: check for SEEK_HOLE and SEEK_DATA support smbd/ioctl: add FSCTL_QUERY_ALLOCATED_RANGES support s3/statvfs: expose FILE_SUPPORTS_SPARSE_FILES capability torture/ioctl: remove 64K chunk size assumptions torture/ioctl: remove FS specific sparse punch check torture/ioctl: remove FS specific sparse copy-chunk expectations torture/ioctl: add sparse_punch_invalid test torture/ioctl: rework and reduce pattern helper IO sizes torture/ioctl: add ioctl_sparse_perms test s3/smbd: fix FSCTL_SET_SPARSE permission checks torture/ioctl: test sparse file operation locking torture/ioctl: add QAR off-by-one bug paranoia test torture/ioctl: add multi-range QAR test torture/ioctl: add range overflow QAR test idl: define FSCTL_DUPLICATE_EXTENTS_TO_FILE smbd/trans2: function scope qfsinfo bytes_per_sector s3/smbd: support FS_SECTOR_SIZE_INFORMATION query-info s4/client: add FS_SECTOR_SIZE_INFORMATION query support s4/ntvfs: support FS_SECTOR_SIZE_INFORMATION query-info torture: test FS_SECTOR_SIZE_INFORMATION queries idl: FSCTL_FILE_LEVEL_TRIM request & response structs torture/ioctl: add simple FSCTL_FILE_LEVEL_TRIM test util_tdb: mark tdb_pack() and friends as deprecated replace: clean-up strlcpy and add note on return value librpc: add FSRVP server state idl fsrvp: add server state storage back-end torture: add local FSRVP server state tests vfs: add snapshot create/delete hooks replace: check for dirname() and basename() vfs_btrfs: add snapshot create/delete calls vfs_snapper: create/delete snapshot support fsrvp: add remote snapshot RPC server doc: "prune stale" and "sequence timeout" fssd parameters doc: explain vfs_snapper remote snapshot configuration doc: explain vfs_btrfs remote snapshot configuration vfs: add vfs_shell_snap module doc: add vfs_shell_snap manpage selftest: add snapshot share configuration selftest: run the FSRVP test suite against s3fs ctdb: check for talloc_asprintf() failure spoolss: purge the printer name cache on name change spoolss: cache_key handle allocation failures early Gregor Beck (1): librpc: further fixes for witness.idl. Günther Deschner (121): netlogon.idl: netr_ServerPasswordGet returns NTSTATUS not WERROR. s4-torture: add ndr test for lsa_lsaRQueryForestTrustInformation(). s4-scripting: fix hresult generator python script indentation. s4-scripting: add string representation of error code define to generated table. libcli/util/hresult: re-generate hresult.c. s4-scripting: generate a hresult_errstr() function. libcli/util/hresult: add generated hresult_errstr() function. lib/util: globally include herrors in error.h librpc/ndr: add ndr_{pull|push|print}_HRESULT and release new 0.0.5 ABI. pidl: support HRESULT in pidl. pidl/python: support HRESULT errors in generated python bindings. librpc: add clusapi idl version 3.0. librpc: build clusapi.idl s3-rpcclient: add very basic clusapi client. clusapi: add more enums to IDL. clusapi: use ClusterEnumType. s4-torture: add clusapi torture test. s4-torture: add tests for ClusterName and ClusterVersion. s4-torture: add test for clusapi_CreateEnum. s4-torture: add tests for cluster resources. librpc: use WERROR in the clusapi interface. s4-torture: add test for clusapi_GetClusterVersion2(). s4-torture: add test for clusapi_CreateResEnum. s4-torture: add tests for cluster nodes. s4-torture: add tests for clusapi_OpenGroup and clusapi_CloseGroup. s4-torture: use a real cluster group handle in cluster resource tests. s4-torture: rename clusapi testcase to cluster testcase. s4-torture: use a specific resource clusapi testcase. librpc: add clusapi_ClusterResourceState enum to IDL. s4-torture: use clusapi_ClusterResourceState enum in torture test. librpc: add clusapi_ClusterNodeState enum to IDL. s4-torture: use clusapi_ClusterNodeState enum in torture test. s4-torture: fix clusapi_SetClusterName test by re-setting existing cluster name. librpc: add clusapi_ClusterGroupState enum to IDL. clusapi: add clusapi_CreateResourceFlags to IDL and torture test. s4-torture: add test for clusapi_SetResourceName. s4-torture: add more cluster group tests. librpc: add clusapi_ClusterNetworkState and clusapi_ClusterNetInterfaceState. s4-torture: pass down resource name down to clusapi_OpenResource. s4-torture: test all available resources on the cluster. librpc: add clusapi_DesiredAccessMask to IDL. s4-torture: add test for clusapi_OpenClusterEx. s4-torture: add test for clusapi_OpenResourceEx. s4-torture: pass down group name down to clusapi_OpenGroup. s4-torture: add test for clusapi_OpenGroupEx. s4-torture: pass down node name down to clusapi_OpenNode. s4-torture: test all available nodes on the cluster. s4-torture: test all available groups on the cluster. s4-torture: add tests for clusapi_BackupClusterDatabase and clusapi_SetServiceAccountPassword. s4-torture: add testing for clusapi Networks. s4-torture: add testing for clusapi NetInterfaces. s4-torture: add testing for clusapi Registry. pidl: add --template3 option to generate s3 server stubs. pidl: align s4 dcesrv template generation with coding standards. librpc: add ncacn_ip_tcp: endpoint to clusapi. s4-torture: establish a torture_clusapi_context to make it easier to keep state librpc: use the correct "MSServerClusterMgmtAPI" auth service for clusapi. s4-dsdb/samdb: use abstract functions for MIT compatibility. s4-rpc_server: only build backup_key rpc service when Heimdal is available. s4-libnet: only build python_dckeytab when heimdal is available. s4-kdc/pac-glue: use kerberos_free_data_contents(). s4-kdc/db_glue: fix Debug messages. s4-kdc/db_glue: remove unused hdb_entry_ex from samba_kdc_seq(). s4-kdc/db_glue: no need to NULL entry_ex->entry.generation. s4-kdc/db_glue: no need to include kdc/kdc-glue.h header here. s4-kdc/db_glue: use smb_krb5_keyblock_init_contents(). s4-kdc/db_glue: use smb_krb5_make_principal(). s4-kdc/db_glue: use krb5_copy_principal(). s4-kdc/db_glue: use smb_krb5_principal_set_realm(). s4-kdc/db_glue: use smb_krb5_principal_get_realm(). s4-kdc/db_glue: use krb5_princ_size() instead of inspecting private structs. s4-kdc/db_glue: use krb5_principal_get_comp_string() to access members of private structs. s4-kdc/db_glue: use time_t directly instead of KerberosTime. s4-kdc/db_glue: use KRB5_KEY_TYPE to access private key members. s4-kdc/db_glue: use smb_krb5_principal_get_type() to access private members s4-kdc/db_glue: use KRB5_PW_SALT instead of hdb type. s4-kdc/pac_glue: use krb5_copy_data_contents in samba_make_krb5_pac(). s4-kdc/db-glue: use krb5_copy_data_contents in samba_kdc_message2entry_keys(). s4-kdc/pac_glue: use ENCTYPE_ARCFOUR_HMAC just like in db_glue. s4-kdc/pac_glue: only include required headers. s4-kdc/db_glue: bad idea to free parent mem_ctx when sub function got a failure. pidl/python: add prototypes into header section of generated c-files. s4-kdc/db_glue: workaround different CLIENT_NAME_MISMATCH error codes. lib/krb5_wrap: provide KRB5KDC_ERR_KEY_EXPIRED error code matching MIT. s4-kdc: build some kdc components only for Heimdal KDCs. s4-kdc/db_glue: pass down only a samba_kdc_entry to samba_kdc_check_s4u2self(). s4-kdc/db_glue: pass down only a samba_kdc_entry to samba_kdc_check_pkinit_ms_upn_match(). s4-kdc/db_glue: pass down only a samba_kdc_entry to samba_kdc_check_s4u2proxy(). s4-kdc: pass down only a samba_kdc_entry to samba_princ_needs_pac(). s4-kdc: pass down only a samba_kdc_entry to samba_kdc_get_pac_blob(). s4-kdc: pass down only a samba_kdc_entry to samba_krbtgt_is_in_db(). s4-kdc/db-glue: add principal_comp_str{case}cmp s4-kdc/db-glue: use principal_comp_str{case}cmp. s4-kdc/db-glue: use smb_krb5_principal_get_comp_string in dbglue. s4-auth: avoid double free of krb5 kt_entries when compiling with MIT kerberos library. lib/krb5_wrap: use krb5_const_principal in smb_krb5_create_key_from_string. lib/krb5_wrap: use krb5_const_principal in smb_krb5_get_pw_salt(). s4-kdc/db-glue: make sure to use smb_krb5_get_pw_salt and smb_krb5_create_key_from_string. gensec: map KRB5KRB_AP_ERR_BAD_INTEGRITY to logon failure. s4-auth: fix DEBUG statement. krb5_wrap: add smb_krb5_principal_set_type(). krb5_wrap: fix documentation for smb_krb5_principal_get_comp_string(). s4-kdc/db_glue: use smb_krb5_principal_set_type(). s4-kdc/db_glue: avoid accessing private struct members when there are accessor funcs. s4-torture: use tctx variable name in raw notify test consistently. s4-torture: use torture_comment instead of printf in raw notify test. s4-torture: add test to verify nbt_name with "." ending handling. s4-torture: add witness torture ndr testsuite. srvsvc: add cluster specific share types to IDL. s4-torture: add witness torture rpc testsuite. s4-torture: skip witness_AsyncNotify test for now. witness: add WITNESS_UNSPECIFIED_VERSION to IDL. s3-passdb: fix memleak in pdb_default_get_trusted_domain(). s4-torture: strip trailing whitespace. s4-torture: use tctx torture_context argument consistently. s4-torture: pass down struct torture_context to some more calls in mgmt test. s4-torture: use torture_comment instead of printf in mgmt test. s4-torture: use torture_assert() macros in mgmt test. s4-torture: do some additional length checks for the mgmt_inq_princ_name test. s4-torture: fix invalid dereference of binding handle in mgmt test. s4-torture: add one more test for witness_RegisterEx() and invalid sharenames. Jelmer Vernooij (15): Require at least Python 2.6. lib/param: Add hook that allows modification of default settings. Update the copy of waf to current 1.5 Update update-external.sh to use mirrors of third party projects on git.samba.org. Explicitly include util/debug.h from server stubs generated by pidl. Move waf into third_party/. Merge update-waf.sh into update-external.sh Move update-external.sh to third_party/ Pass --recursive to 'git clone' in autobuild. Move configure part of third party to third_party/wscript. Check for third party Python modules during configure. Add refentryinfo date. pep8: Move to third_party/. Drop unused and uninstalled SWIG wrapper for talloc. Add set date to tdb manpages. Jeremy Allison (16): lib: docs: talloc: Add a threads tutorial and samples showing how to use talloc with threads. lib: talloc: tests - add test_pthread_talloc_passing() testing talloc in a pthread environment. s4: lib: auth: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with servers that don't send the 2 unused fields. s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with servers that don't send the 2 unused fields. s3: libcli: smb1: Ensure we correctly finish a tevent req if the writev fails in the SMB1 case. s3: lib: libsmbclient: If reusing a server struct, check every cli->timout miliseconds if it's still valid before use. lib: tdb: Use sigaction when testing for robust mutexes. docs: Mark 'client use spnego principal' as deprecated and also a bad idea. s3: client - "client use spnego principal = yes" code checks wrong name. lib: tdb: Use sigaction when testing for robust mutexes. s3: libsmbclient: Add missing talloc stackframe. waf: Remove 'linkflags.remove(x)' line added in error. s3: libsmbclient: After getting attribute server, ensure main srv pointer is still valid. lib: memcache. Add a new talloc cache type - SHARE_MODE_LOCK_CACHE. s3: locking: Add a memcache based lock cache. s4: rpc: Refactor dcesrv_alter() function into setup and send steps. Julien Kerihuel (2): Add multiplex state to dcerpc flags and control over multiplex PFC flag in bind_ack and and dcesrv_alter replies Add DCERPC flag to call unbind hooks without destroying the connection itself upon termination of a connection with outstanding pending calls. Lukas Slebodnik (1): lib/util: Include DEBUG macro in internal header files before samba_util.h Martin Schwenke (57): ctdb-common: New function ctdb_set_helper() ctdb-daemon: Use statically allocated arrays for helper paths ctdb-eventscripts: Make 11.natgw stateful ctdb-tests: Add ctdb_ctrl_setrecmode() stub ctdb-tests: Support CTDB_DEBUGLEVEL in tool tests ctdb-tests: Handle deleted nodes when loading fake nodemap ctdb-tests: Test stub fixes ctdb-tests: Add stubs for some CTDB client messaging functions ctdb-tests: Add stub for ctdb_ctrl_reload_nodes_file() ctdb-tests: Add stub for ctdb_client_async_control() ctdb-tools: Drop a debug message to DEBUG level ctdb-tests: Add tests for "ctdb reloadips" and "ctdb recover" ctdb-tests: Add asserts to ensure that pointers are set ctdb-tests: Fix error return for ctdb_client_async_control_stub() ctdb-daemon: Move VNN map initialisation out of node loading ctdb-daemon: Set node PNN in one place ctdb-daemon: Remove function ctdb_add_deleted_node() ctdb-common: Drop ctdb context from ctdb_parse_address() ctdb-daemon: Store node addresses as ctdb_sock_addr rather than strings ctdb-daemon: Factor out node parsing code ctdb-daemon: Move ctdb_read_nodes_file() to utilities ctdb-tools: Reimplement read_nodes_file() using ctdb_get_nodes_file() ctdb-tools: Reimplement read_natgw_nodes_file() using ctdb_read_nodes_file() ctdb-tools: Remove unused struct pnn_node and function read_pnn_node_file() ctdb-tools: "reloadnodes" should only run against current node ctdb-daemon: New control CTDB_CONTROL_GET_NODES_FILE ctdb-tests: Test stub for ctrl_getnodesfile() ctdb-tools: Add cross-node file comparison to "reloadnodes" ctdb-tests: Add "ctdb reloadnodes" unit tests ctdb-tools: Sanity check changes before processing "reloadnodes" ctdb-tests: Add unit tests for "reloadnodes" sanity checking ctdb-tools: Use a broadcast to connected nodes for "reloadnodes" ctdb-scripts: Respect $RPCMOUNTDOPTS when restarting rpc.mountd ctdb-tools: Fix spurious messages about deleted nodes being disconnected ctdb-tests: Add "ctdb reloadnodes" test for "node remains deleted" ctdb-daemon: Pass on consistent flag information to recovery daemon ctdb-recoverd: Add a new abstraction ctdb_op_disable() ctdb-recoverd: Reimplement disabling takeover runs using ctdb_op_disable() ctdb-recoverd: Use a goto for do_recovery() failures ctdb-recoverd: Reimplement ReRecoveryTimeout using ctdb_op_disable() ctdb-recoverd: Add slightly more abstraction for disabling takeover runs ctdb-recoverd: Simplify disable_ip_check_handler() using ctdb_op_disable() ctdb-recoverd: New message ID CTDB_SRVID_DISABLE_RECOVERIES ctdb-tool: Update "reloadnodes" to disable recoveries ctdb-recoverd: Avoid nodemap-related checks when recoveries are disabled ctdb-daemon: Don't delay reloading the nodes file ctdb-tools: Drop the recovery from "reloadnodes" ctdb-daemon: Factor out new function ctdb_node_list_to_map() ctdb-common: Move ctdb_node_list_to_map() to utilities ctdb-tests: Use ctdb_node_list_to_map() in tool stubs ctdb-scripts: New function ctdb_get_pnn() does cached retrieval of PNN ctdb-tests: New function ctdb_set_pnn() to change PNN ctdb-scripts: Changed uses of "ctdb xpnn" to ctdb_get_pnn() ctdb-scripts: Replace uses of "ctdb pnn" with ctdb_get_pnn() ctdb-scripts: Simplify a command pipeline ctdb-doc: Move --listen documentation from debugging options ctdb-scripts: New configuration variable CTDB_NODE_ADDRESS Matthew Newton (8): Make winbind client library thread-safe by adding context Use global context for winbindd_request_response Add wbcContext struct, create and free functions Add wbcContext to wbcRequestResponse Add context versions of wbclient functions Move wbc global variables into global context instead Update libwbclient version to 0.12 Ensure we always initialise the winbind context Michael Adam (95): s3-winbind: Fix chached user group lookup of trusted domains. selftest: modify python.samba.test.posixacl to cope with nss_winbind active selftest: extend setup_plugin_s4_dc to allow for not using nss_winbindd selftest: add a new environment plugin_s4_dc_no_nss selftest: also test python.samba.tests.posixacl against plugin_s4_dc_no_nss dsdb: fix the user_account_control test. s3:winbind:grent: don't stop group enumeration when a group has no gid s3:util_sid: donate an empty line. s3:winbind:util: fix comment typo s3:winbind:pwent: use wb_next_find_domain() s3:winbind:pwent: rename wb_next_find_domain to wb_next_domain s3:winbind:pwent: move wb_next_domain() to winbindd_util.c for re-use s3:winbind:pwent: move resetting next_user up. s3:winbind:pwent: refactor duplication into wb_next_pwent_send_do() s3:winbind:grent: fix a debug message. s3:winbind:grent: use wb_next_domain() in wb_next_grent.c s3:winbind:grent: move resetting next_group up. s3:winbind:grent: refactor duplication into wb_next_grent_send_do() s3:winbind: add wb_query_group_list module - async query group list s3:winbind:grent: convert wb_next_grent to use wb_query_group_list. s3:winbind:grent: don't stop when querying one domain fails. doc: fix the idmap_script manpage to be named idmap_script selftest:test_kinit: remove commented out line with outdated content. selftest: make blackbox.passwords test independent of test environment. selftest: make blackbox.ktpass test independent of test environment. selftest: make blackbox.pkinit test independent of test environment. selftest: rename env plugin_s4_dc to ad_dc selftest: rename env dc to ad_dc_ntvfs selftest: rename env s3member to ad_member. selftest: rename env s3member_rfc2307 to ad_member_rfc2307 selftest: rename env s3dc to nt4_dc selftest: rename env s3dc_schannel to nt4_dc_schannel selftest: rename env member to nt4_member dsdb: fix error message in sam test dsdb: fix error message in tombstone_reanimation test. selftest: the tombstone_reanimation test is currently flakey. selftest: the drs.delete_object is currently flakey. selftest: fix the flapping entry for the tombstone reanimation test selftet: fix the flapping entry for the drs.delete_object test. s3:torture: prepare the FDPASS2 test to be run with variable payload sizes. s3:torture: add samba3.smbtorture_s3.LOCAL-MESSAGING-FDPASS2a test. s3:torture: add samba3.smbtorture_s3.LOCAL-MESSAGING-FDPASS2b test. selftest: mark the samba4.blackbox.samba_tool_demote test flakey. selftest: mark the samba4.blackbox.dbcheck test as flapping. lib/crypto: fix header guard for crypto.h s4:torture: avoid free of uninitialized variables in error-case. s4:torture: avoid free of uninitialized variable in error case. s4:torture: avoid free of uninitialized variable in error case. s4:torture: avoid use of uninitialized variable in error case. docs: fix duplicate word in explanation of parameter 'logging'. torture: add torture_assert_int_not_equal_goto torture: add torture_assert_not_null[_goto] s4:torture:raw:notify: remove CHECK_STATUS. s4:torture:raw:notify: remove CHECK_VAL. s4:torture:raw:notify: remove CHECK_WSTR2. s4:torture:raw:notify: make check_rename_reply() properly use torture_result s4:torture:raw:notify: improve the CHECK_WSTR() macro s4:torture:raw:notify: add a few comments to torture_assert calls s4:torture:raw:notify: use torture_assert with torture_setup_dir s4:torture:raw:notify: treat torture_open_connection calls with torture_assert s4:torture:raw:notify: remove superfluous conditional goto s4:torture:raw:notify: use torture_assert instead of printf in failure case s4:torture:raw:notify: remove extra do-loop in NOTIFY_MASK_TEST macro. s4:torture:raw:notify: let NOTIFY_MASK_TEST use torture_assert macros s4:torture:raw:notify: use torture_assert instead of printf in test_notify_tree s4:torture:raw:notify: torture_assert on creation of secondary tcon build:wafsamba: fix a typo s3:spoolss: use lp_load() wrapper lp_load_global(). s3:lsasd: use lp_load() wrapper lp_load_global() s3:param: let lp_load_global() call lp_load(), not lp_load_ex(). s3:param: add wrapper lp_load_with_shares(). s3:param: let lp_load_global_no_reinit() call lp_load() instead of lp_load_ex() s3:smbd: use lp_load_with_shares() in reload_services(). nsswitch/wins: use lp_load_global() wrapper of lp_load(). s3:auth: use lp_load_with_shares() in auth3_generate_session_info_pac() s3:auth: use lp_load_with_shares() in auth3_check_password() s3:param: remove "global_only" parameter from lp_load_with_registry_shares(). s3:param: remove "add_ipc" parameter from lp_load_with_registry_shares(). s4:torture:libnetapi: use lp_load_global() instead of lp_load() s3:torture:msg: use lp_load()-wrapper lp_load_global() s3:param: add lp_load_no_reinit() s3:param: use lp_load_no_reinit() in lp_load_for_s4_ctx() vfstest: use lp_load_with_shares() in cmd_conf s3:param: make lp_load() static s3:param: in lp_load_initial_only(), make sure to save defaults. s3:param: factor lp_enforce_ad_dc_settings() out of lp_load_ex() s3:param: use GLOBAL_SECTION_SNUM in lp_enforce_ad_dc_settings() s3:param: fix a comment s3:param: rename arg initialize_globals->reinit_globals in lp_load_ex() s3:param: rename arg initialize_globals->reinit_globals in lp_load() s3:param: remove arg initialize_globals from lp_load_with_registry_shares() s3:param: remove arg save_defaults from lp_load_with_registry_shares() param: remove two unused #defines docs: overhaul the description of "smb encrypt" to include SMB3 encryption. docs: correctly depend on used xsl files and catalog for building manpages.t Noel Power (2): fix failing fd passing message by passing needed buffer size fsrvp: prune shadow copies if associated path doesn't exist Petr Viktorin (5): pytalloc: Fix comparison of disparate types wafsamba: Add install argument to SAMBA_PYTHON pytalloc: Add tests buildtools: Honor LDVERSION when looking for Python library buildtools: Use all of pyext_PATTERN in map_shlib_extension Rajesh Joseph (4): ctdb: Coverity fix for CID 1291643 rpc_server: Coverity fix for CID 1273079 ctdb: Coverity fix for CID 1125625 ctdb: Coverity fix for CID 1125630 Ralph Boehme (7): vfs_fruit: enhance handling of malformed AppleDouble files s3:lib: use talloc_get_type_abort s3:smbd: missing tevent_req_nterror s3:smbd: update comment to correctly reflect MS-SMB2 s3:smbd: add wrapper around reinit_after_fork s3:smbd: use smbd_reinit_after_fork Revert "wafsamba: flags from enviroment are put before our own internal versions" Ralph Wuerthner (1): vfs_gpfs: Fix ENODATA for getacl on .snapshot dirs Richard Sharpe (6): Rename SMB2_OP_FIND to SMB2_OP_QUERY_DIRECTORY so that it conforms with the MS document MS-SMB2. Change the registry subsystem to use uint32_t from uint32. Also change session.h. s3: smbd: Make sure we do not pass paths with ./ on the front to VFS routines. Change all uses of uint16/uint32/uint64 to uintXX_t in smb.h. Convert all uses of uint8/16/32 to uint8/16/32_t in the libads code. Make sure we initialize conn to NULL, because a routine we call may give an error and not touch conn, and then we get an error when trying to TALLOC_FREE it. Roel van Meer (1): Fix incorrect order of arguments in error string Stefan Metzmacher (122): heimdal:lib/krb5: remove KRB5_PADATA_CLIENT_CANONICALIZED handling heimdal:kdc: remove KRB5_PADATA_CLIENT_CANONICALIZED handling heimdal:krb5.asn1: remove KRB5_PADATA_CLIENT_CANONICALIZED handling heimdal:lib/krb5: allow enterprise principals in verify_logonname() heimdal:lib/krb5: let build_logon_name() use KRB5_PRINCIPAL_UNPARSE_DISPLAY selftest: fix the basedn for local accounts in non-DC environments e.g. s4member s4:pydsdb: add DSDB_CONTROL_PERMIT_INTERDOMAIN_TRUST_UAC_OID auth/credentials: add a missing talloc check to cli_credentials_set_nt_hash() auth/credentials: add cli_credentials_[g|s]et_old_nt_hash() auth/credentials: add cli_credentials_set_old_utf16_password() s3:cli_netlogon: cli_credentials_get_old_nt_hash() in rpccli_setup_netlogon_creds_with_creds() s3:rpc_client: remove unused auth_level paramter of cli_rpc_pipe_open_schannel() s3:rpc_client: use cli_credentials based functions in cli_rpc_pipe_open_schannel() s3:rpc_client: handle !NETLOGON_NEG_AUTHENTICATED_RPC in cli_rpc_pipe_open_schannel() s3:rpcclient: make use of rpccli_[create|setup]_netlogon_creds_with_creds() s3:auth_domain: fix talloc problem in connect_to_domain_password_server() s3:auth_domain: make use of cli_rpc_pipe_open_schannel() s3:libnet: use cli_credentials based functions in libnet_join_ok() s3:rpc_client: remove unused cli_rpc_pipe_open_schannel_with_key() s3:pdb_samba_dsdb: return the previous password and the kvno in pdb_samba_dsdb_get_trusteddom_creds() s3:pdb_samba_dsdb: return the domain sid in pdb_samba_dsdb_get_trusteddom_pw() s3:pdb_samba_dsdb: implement pdb_samba_dsdb_set_trusteddom_pw() s3:winbindd_cm: improve detection for the anonymous fallback. s3:winbindd: make open_internal_lsa_conn() non static s4:trust_utils: store new trust/machine passwords before trying it remotely. s4:librpc: add auth_type=ncalrpc_as_system as binding option s4:py_net: make domain and address fully optional to py_net_finddc drsblobs.idl: make replPropertyMetaData1 public ldb-samba: implement --show-binary for msDS-RevealedUsers netlogon.idl: improve idl for netr_ServerTrustPasswordsGet() netlogon.idl: remove netr_SupportedEncTypes and use kerb_EncTypes instead security.idl: add KERB_ENCTYPE_{FAST_SUPPORTED,COMPOUND_IDENTITY_SUPPORTED,CLAIMS_SUPPORTED,RESOURCE_SID_COMPRESSION_DISABLED} lsa.idl: fix idl for lsa_ForestTrustRecordType lsa.idl: use 'boolean8 check_only' instead of 'uint8 check_only' lsa.idl: improve idl for lsa_ForestTrust*Record* drsblobs.idl: improve idl for ForestTrustInfoRecord* s4:rpc_server/lsa: only return collision_info if filled in lsaRSetForestTrustInformation() s3:rpc_server/lsa: only return collision_info if filled in lsaRSetForestTrustInformation() s4:auth/gensec_gssapi: let gensec_gssapi_update() return NT_STATUS_LOGON_FAILURE for unknown errors selftest: use server_maxtime = 9000 by default s4:kdc: fix realm for outgoing trusts in samba_kdc_trust_message2entry() libcli/auth: add some const to netlogon_creds_server_{init,step_check}() libcli/auth: add forward declaration for struct wkssvc_PasswordBuffer s3:libnet: remove unused variables s3:wscript_build: remove allow_warnings=True from LIBNET_DSSYNC spoolss.idl: add SPOOLSS_JOB_CONTROL_NOOP = 0 s3:rpc_server/spoolss: make use of SPOOLSS_JOB_CONTROL_NOOP s3:rpc_server/wscript_build: remove allow_warnings=True from RPC_SPOOLSS s4:rpc_server/drsuapi: fix warnings in dcesrv_drsuapi_DsGetDomainControllerInfo_1() s4:rpc_server/drsuapi: remove unused variable in dcesrv_drsuapi_DsWriteAccountSpn() s4:rpc_server/drsuapi: fix const warning in writespn_check_spn() s4:rpc_server/drsuapi: remove allow_warnings=True s4:rpc_server/samr: remove unused variables s4:rpc_server/samr: handle ROLE_AUTO explicit to avoid a compiler warning s4:rpc_server/samr: use the same logic in *info_DomInfo7() as in info_DomGeneralInformation() s4:rpc_server/samr: remove allow_warnings=True s4:lib/tls: add tls_cert_generate() prototype to tls.h s4:lib/tls: remove allow_warnings=True auth/kerberos: avoid compiler warnings auth/kerberos: remove allow_warnings=True s4:auth/gensec_gssapi: remove compiler warnings s4:auth/gensec_gssapi: remove allow_warnings=True s4:auth/gensec_cyrus_sasl: remove compiler warnings s4:auth/gensec_cyrus_sasl: allow_warnings=True ldb:tests/sample_module: don't be lazy and use ldb_msg_copy_shallow/ldb_build_add_req ldb:wscript: remove allow_warnings=True for ldb_sample s4:torture/smb2: avoid compiler warnings s4:torture/smb2: remove allow_warnings=True s4:torture/ndr: #if 0 unused code s4:torture/wscript_build: remove allow_warnings=True for TORTURE_NDR s4:torture/raw: avoid compiler warnings s4:torture/wscript_build: remove allow_warnings=True for TORTURE_RAW s4:torture/rpc: avoid compiler warnings s4:torture/wscript_build: remove allow_warnings=True for torture_rpc s4:torture/winbind: avoid compiler warnings s4:torture/winbind: remove allow_warnings=True s4:torture/libnetapi: avoid compiler warning s4:torture/libnetapi: remove allow_warnings=True s4:kdc/db-glue: pass a valid principal from samba_kdc_seq() to samba_kdc_message2entry() lib/util: fix the default code path for debug_set_settings() s4:heimdal_build: remove allow_warnings=True from HEIMDAL_ASN1() nsswitch: improve error messages in wbinfo calls libcli/util: let WERR_UNKNOWN_LEVEL be an alias to WERR_INVALID_LEVEL s4:torture/rpc: don't use the same names for 3 different tests s4:torture/rpc: let test_LogonControl() also accept WERR_NOT_SUPPORTED for NETLOGON_CONTROL_TRUNCATE_LOG s3:rpc_server/netlogon: improve the netr_LogonControl*() error returns s4:torture/rpc: let rpc.netlogon.admin pass against windows 2012r2 s4:torture/rpc: sync test_LogonControl2Ex with test_LogonControl2 s4:torture/rpc: use unique sids and names for trusted domains s4:rpc_server/lsa: correctly set *r->out.resume_handle with NT_STATUS_OK in lsa_EnumTrustedDomainsEx() s4:torture/rpc: fix test_EnumTrustDomEx() with existing domains s4:torture/rpc: use torture_assert*() macros for rpc.lsa.forest.trust s4:torture/rpc: really use LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE in rpc.lsa.forest.trust s4:torture/rpc: test the old password in test_validate_trust() for rpc.lsa.forest.trust s4:torture/rpc: use torture_skip() if torture:Forest_Trust_Dom2_Binding isn't specified for rpc.lsa.forest.trust s4:selftest: run rpc.netlogon.admin against also ad_dc lsa.idl: add LSA_POLICY_NOTIFICATION to LSA_POLICY_ALL_ACCESS librpc/ndr_nbt: we need to keep a trailing '.' in the last component of an nbt_string selftest: use dns_lookup_* = true in krb5.conf docs-xml/Samba3-HOWTO: add reference to WERR_INVALID_PASSWORD were we had only WERR_BAD_PASSWORD libcli/auth: use WERR_INVALID_PASSWORD instead of WERR_BAD_PASSWORD libcli/util: remove unused WERR_BAD_PASSWORD s4:kdc/db-glue: samba_kdc_trust_message2entry() should use the normalized principal as salt s3:rpcclient: only require netlogon_creds for specified netlogon calls libcli/security: support "IS" in SDDL for SID_NT_IUSR libcli/security: add security_descriptor_for_client() helper function s4:rpc_server/lsa: normalize the access_mask for lsa account objects s4:rpc_server/lsa: implement the policy security descriptor s4:selftest: run dbcheck against the ad_dc environment too lsa.idl: mark lsa_TrustDomainInfoInfoEx as public s3:winbindd: add MSG_WINBIND_NEW_TRUSTED_DOMAIN that takes a lsa_TrustDomainInfoInfoEx s4:rpc_server/lsa: notify winbindd about new trusted domains s4:rpc_server/lsa: we need to normalize the trustAuth* blobs before storing them s3:rpc_server/lsa: we need to normalize the trustAuth* blobs before storing them s3:trusts_util: add support for SEC_CHAN_DNS_DOMAIN in trust_pw_change() s3:trusts_util: make use of pdb_get_trust_credentials() and pdb_get_trusted_domain() in trust_pw_change() s3:trusts_util: pass new_trust_version to netlogon_creds_cli_ServerPasswordSet() in trust_pw_change() s3:trusts_util: generate completely random passwords in trust_pw_change() selftest/knownfail: remove unused ^samba4.winbind.struct.show_sequence\(ad_dc\) line selftest/Samba4: use 'testallowed account' instead of 'test allowed' s4:torture/local: add more torture_assert() checks s4:torture/winbind: add torture:winbindd_domain_without_prefix option Steve Howells (1): s4.2/fsmo.py: fixed fsmo transfer exception Thomas Nagy (2): Transition to waf 1.8: replaced on_results by update_outputs Transition to waf 1.8: wrapped conf.check_cfg Thomas Schulz (1): libcli/auth: Match Declaration of netlogon_creds_cli_context_tmp with implementation Volker Lendecke (88): torture4: Fix systems with a 32-bit "long" registry: Fix CID 241075 Unchecked return value registry: Fix CID 240989 Buffer not null terminated ctdb: Fix 1125553 Buffer not null terminated libreplace: Fix CID 1034926 Destination buffer too small smbcontrol: Simplify do_winbind_offline lib: Fix CID 1034838 Resource leak lib: Fix CID 1034839 Resource leak lib: Fix CID 1034840 Resource leak tdb: Fix CID 1034841 Resource leak tdb: Fix CID 1034842 Resource leak ctdb: Fix CID 1288201 Array compared against 0 lib: Fix whitespace lib: Avoid a malloc/realloc in getgroups_unix_user smbd: Put a variable definition closer to its use smbd: Streamline the gids handling in create_token_from_sid() smbd: Simplify create_token_from_sid() smbd: Simplify create_token_from_sid() ctdb: Fix whitespace ctdb: Make for-loop in ctdb_get_script_list more idiomatic ctdb: Fix memleak in ctdb_get_script_list ctdb: Introduce a helper var in ctdb_get_script_list ctdb: Fix CID 1125613 Destination buffer too small passdb: Fix the O3 developer build samdb: Ignore ntdb in secrets_tdb_sync Remove callers of lp_use_ntdb lib: Remove "use_ntdb" param from secrets_init_path dbwrap: Remove ntdb logic from dbwrap_local_open dbwrap: Remove dbwrap_ntdb lib: Remove unused util_ntdb.[ch] param: Remove "use ntdb" Revert "Samba3-HOWTO: mention NTDB." param: Remove "use ntdb" reference Remove ntdb from scripts autobuild: Remove ntdb target python: Remove ntdb references Docs: Remove some ntdb references Remove ntdb protection from tdb_wrap Remove ntdb protection from db_open_tdb dbwrap: Remove a ntdb reference waf: Do not recurse into ntdb lib: Remove ntdb lib: Remove tdb_open_compat Remove tdb_[first|next]key_compat lib: Remove tdb_errorstr_compat lib: Remove tdb_fetch_compat lib: Remove tdb_compat smbd: Remove an unused #include source3: Replace ccan hash calls with tdb_jenkins_hash source3: Remove ccan-hash dependency texpect: Do not depend on ccan lib: Remove ccan smbd: Fix a typo dsdb: Fix CID 1034681 Copy-paste error lib: Move get_iconv_handle() call down lib: Fix CID 1272834 Unchecked return value lib: Convert [up|low]case.dat to C lib: Remove load_case_tables_library() lib: load_case_tables() -> smb_init_locale() smbd: Convert valid.dat to C code codepages/*.dat are gone lib: Remove unused [un]map_file loadparm: Fix CID 1273054 Improper use of negative value lib: Fix CID 1273009 Dereference after null check ctdb: Fix CID 1125634 Out-of-bounds write ctdb: Fix CID 1125615 Copy into fixed size buffer heimdal: Fix a warning heimdal: Fix a warning groupdb: Fix a typo fss: Fix CID 1293354 Wrong operator used winbind: Use tdb_parse_record in wcache_fetch_seqnum winbind: Avoid a few talloc_tos() in winbindd_cache.c ctdb: Fix the O3 developer build lib: Fix a few CIDs for Resource Leak tevent: Fix CID 1035381 Unchecked return value lib: Fix CID 1107218 Resource leak smbd: Save a few lines of C :-) smbd: Introduce reset_delete_on_close_lck smbd: Use reset_delete_on_close_lck directly smbd: Remove bool arg from set_delete_on_close_lck smbd: Cancel pending notifies if the directory goes away torture: Add smb2.notify.rmdir lib: Use isspace on unsigned char lib: Remove procid_str_static Fix the O3 developer build lib: Fix a typo lib: Simplify dom_sid_parse_length lib: Remove server_id_str() Yan, Zheng (4): vfs_ceph: fix ntimes_fn callback vfs_ceph: remove cephwrap_init_stat_ex_from_stat() vfs_ceph: use 'file descriptor' version xattr functions when possible vfs_ceph: add empty ACL callbacks Youzhong Yang (1): s3-unix_msg: remove socket file after closing socket fd ----------------------------------------------------------------------- -- Samba Shared Repository