subject:"\[SCM\] Samba Shared Repository \- branch v4\-2\-stable updated"

[SCM] Samba Shared Repository - branch v4-2-stable updated

2016-07-07 Thread Karolin Seeger

The branch, v4-2-stable has been updated
   via  c7c5fe1 VERSION: Disable git snapshots for the 4.2.14 release.
   via  eb480ea WHATSNEW: Add release notes for Samba 4.2.14.
   via  13437f9 CVE-2016-2019: s3:selftest: add regression tests for guest 
logins and mandatory signing
   via  db256b6 CVE-2016-2019: s3:libsmb: add comment regarding 
smbXcli_session_is_guest() with mandatory signing
   via  b9200a6 CVE-2016-2019: libcli/smb: don't allow guest sessions if we 
require signing
   via  7e73588 ctdb-common: For AF_PACKET socket types, protocol is in 
network order
   via  8368f6f ctdb-common: Use documented names for protocol family in 
socket()
   via  ea9ddb4 ctdb-common: Protocol argument must be in host order for 
socket() call
   via  434aaaf dcerpc.idl: remove unused DCERPC_NCACN_PAYLOAD_MAX_SIZE
   via  f772649 s4:rpc_server: use a variable for the max total reassembled 
request payload
   via  d069b66 s4:librpc/rpc: allow a total reassembled response payload 
of 240 MBytes
   via  6509689 dcerpc.idl: add 
DCERPC_NCACN_{REQUEST,RESPONSE}_DEFAULT_MAX_SIZE
   via  9c6e913 VERSION: Bump version up to 4.2.14...
  from  f03201a VERSION: Disable git snapshots for the 4.2.13 release.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-2-stable


- Log -
commit c7c5fe127366aa8edb69247f80a4e015969cf1b3
Author: Karolin Seeger 
Date:   Tue Jul 5 12:58:16 2016 +0200

VERSION: Disable git snapshots for the 4.2.14 release.

CVE-2016-2119: Client side SMB2 signing downgrade.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11860

Signed-off-by: Karolin Seeger 

commit eb480ea5ee84ca73519b8b9667664cff0aa04e1f
Author: Karolin Seeger 
Date:   Tue Jul 5 12:57:02 2016 +0200

WHATSNEW: Add release notes for Samba 4.2.14.

CVE-2016-2119: Client side SMB2 signing downgrade.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11860

Signed-off-by: Karolin Seeger 

commit 13437f93b7bf52eefe8dfa824e31b24722f9ea44
Author: Stefan Metzmacher 
Date:   Thu Apr 28 02:24:52 2016 +0200

CVE-2016-2019: s3:selftest: add regression tests for guest logins and 
mandatory signing

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11860

Signed-off-by: Stefan Metzmacher 

commit db256b6163fc010b4d895366327a81ee7e0eb24a
Author: Stefan Metzmacher 
Date:   Thu Apr 28 02:36:35 2016 +0200

CVE-2016-2019: s3:libsmb: add comment regarding smbXcli_session_is_guest() 
with mandatory signing

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11860

Signed-off-by: Stefan Metzmacher 

commit b9200a6fe1f2e78d714420d162e00590de6827b0
Author: Stefan Metzmacher 
Date:   Wed Apr 20 11:26:57 2016 +0200

CVE-2016-2019: libcli/smb: don't allow guest sessions if we require signing

Note real anonymous sessions (with "" as username) don't hit this
as we don't even call smb2cli_session_set_session_key() in that case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11860

Signed-off-by: Stefan Metzmacher 

commit 7e73588cdd3280a1866c27a9309cb5fc65b21a00
Author: Amitay Isaacs 
Date:   Thu Mar 3 14:17:40 2016 +1100

ctdb-common: For AF_PACKET socket types, protocol is in network order

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11770

From man page of packet(7):

 protocol is the  IEEE  802.3
   protocol  number  in  network  byte  order.  See the 
   include file for a list of allowed protocols.  When protocol is set  to
   htons(ETH_P_ALL),  then all protocols are received.

Protocol argument was changed from network order to host order wrongly
in commit 9f8395cb7d49b63a82f75bf504f5f83920102b29.

Specifying "protocol" field to socket(AF_PACKET, ...) call only affects
the packets that are recevied.  So use protocol = 0 when sending raw
packets.

Signed-off-by: Amitay Isaacs 
Reviewed-by: Martin Schwenke 

Autobuild-User(master): Martin Schwenke 
Autobuild-Date(master): Fri Mar  4 12:58:50 CET 2016 on sn-devel-144

(cherry picked from commit f5b6a5b13406c245ab9cc8c1699483af9eb21f88)

commit 8368f6fb9617f066d88deb41da902c5c59aa280e
Author: Amitay Isaacs 
Date:   Fri Jan 29 00:06:18 2016 +1100

ctdb-common: Use documented names for protocol family in socket()

Instead of using PF_*, use AF_*.

https://bugzilla.samba.org/show_bug.cgi?id=11705

Signed-off-by: Amitay Isaacs 
Reviewed-by: Volker Lendecke 
(cherry picked from commit

[SCM] Samba Shared Repository - branch v4-2-stable updated

2016-06-17 Thread Karolin Seeger

The branch, v4-2-stable has been updated
   via  f03201a VERSION: Disable git snapshots for the 4.2.13 release.
   via  1ff9b09 WHATSNEW: Add release notes for Samba 4.2.13.
   via  3af9006 s3: krb5: keytab - The done label can be jumped to with 
context == NULL.
   via  4759f64 smbd: Fix an assert
   via  0ab3ef3 s3: auth: Move the declaration of struct dom_sid tmp_sid to 
function level scope.
   via  615516b s3:rpcclient: make use of SMB_SIGNING_IPC_DEFAULT
   via  b6c9438 s3:smbd: fix anonymous authentication if signing is 
mandatory
   via  93155fa s3:ntlm_auth: make ntlm_auth_generate_session_info() more 
complete
   via  e410d79 libcli/auth: let msrpc_parse() return talloc'ed empty 
strings
   via  0ef06ee VERSION: Bump version up to 4.2.12...
  from  e4e16a1 VERSION: Disable git snapshots for the 4.2.12 release.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-2-stable


- Log -
---

Summary of changes:
 VERSION  |  2 +-
 WHATSNEW.txt | 58 ++--
 libcli/auth/msrpc_parse.c| 24 ++---
 source3/auth/token_util.c|  2 +-
 source3/libads/kerberos_keytab.c | 18 ++---
 source3/rpcclient/rpcclient.c| 13 -
 source3/smbd/oplock.c|  1 +
 source3/smbd/sesssetup.c |  8 --
 source3/utils/ntlm_auth.c| 51 +++
 9 files changed, 151 insertions(+), 26 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 9c39699..fb30286 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=2
-SAMBA_VERSION_RELEASE=12
+SAMBA_VERSION_RELEASE=13
 
 
 # If a official release has a serious bug  #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 8b3fcc8..d061b6c 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,59 @@
==
+   Release Notes for Samba 4.2.13
+June 17, 2016
+   ==
+
+
+Although Samba 4.2 is in the security only mode, the Samba Team decided to ship
+this very last bug fix release to address some important issues.
+
+
+Changes since 4.2.12:
+-
+
+o  Jeremy Allison 
+   * BUG 10618: s3: auth: Move the declaration of struct dom_sid tmp_sid to
+ function level scope.
+   * BUG 11959: s3: krb5: keytab - The done label can be jumped to with
+ context == NULL.
+
+
+o  Volker Lendecke 
+   * BUG 11844: smbd: Fix an assert.
+
+
+o  Stefan Metzmacher 
+   * BUG 11910: s3:smbd: Fix anonymous authentication if signing is mandatory.
+   * BUG 11912: libcli/auth: Let msrpc_parse() return talloc'ed empty strings.
+   * BUG 11914: s3:ntlm_auth: Make ntlm_auth_generate_session_info() more
+ complete.
+   * BUG 11927: s3:rpcclient: Make use of SMB_SIGNING_IPC_DEFAULT.
+
+
+###
+Reporting bugs & Development Discussion
+###
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+==
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==
+
+
+Release notes for older releases follow:
+
+
+   ==
Release Notes for Samba 4.2.12
 May 02, 2016
==
@@ -124,8 +179,7 @@ database (https://bugzilla.samba.org/).
 ==
 
 
-Release notes for older releases follow:
-
+--
 
 
==
diff --git a/libcli/auth/msrpc_parse.c b/libcli/auth/msrpc_parse.c
index d499d9e..74a7bcc 100644
--- a/libcli/auth/msrpc_parse.c
+++ b/libcli/auth/msrpc_parse.c
@@ -262,7 +262,11 @@ bool msrpc_parse(TALLOC_CTX *mem_ctx,
 
ps = va_arg(ap, char **);
if

[SCM] Samba Shared Repository - branch v4-2-stable updated

2016-05-02 Thread Karolin Seeger

The branch, v4-2-stable has been updated
   via  e4e16a1 VERSION: Disable git snapshots for the 4.2.12 release.
   via  4ce9415 WHATSNEW: Add release date.
   via  7f48c16 WHATSNEW: Last bugfix release.
   via  a107bcb WHATSNEW: Update release notes.
   via  ec6c73a s3:selftest: add smbclient_ntlm tests
   via  53ce995 selftest:Samba4: let fl2000dc use Windows2000 style 
SPNEGO/NTLMSSP
   via  ea33b55 selftest:Samba4: let fl2000dc use Windows2000 
supported_enctypes
   via  f83d138 s3:test_smbclient_auth.sh: this script reqiures 5 arguments
   via  89bc1eb selftest:Samba4: provide DC_* variables for fl2000dc and 
fl2008r2dc
   via  7f1596f auth/ntlmssp: add ntlmssp_{client,server}:force_old_spnego 
option for testing
   via  e23df9d auth/spnego: add spnego:simulate_w2k option for testing
   via  30f511f auth/ntlmssp: do map to guest checking after the 
authentication
   via  2ceed5d s3:smbd: only mark real guest sessions with the GUEST flag
   via  a2e3c76 s3:smbd: make use SMB_SETUP_GUEST constant
   via  4b5e95a libcli/security: implement SECURITY_GUEST
   via  5f10f25 s3:auth_builtin: anonymous authentication doesn't allow a 
password
   via  00f2691 s4:auth_anonymous: anonymous authentication doesn't allow a 
password
   via  d7e9f09 auth/spnego: only try to verify the mechListMic if signing 
was negotiated.
   via  40c1d53 s3:libsmb: use anonymous authentication via spnego if 
possible
   via  0eebd68 s3:libsmb: don't finish the gensec handshake for guest 
logins
   via  163b9ac s3:libsmb: record the session setup action flags
   via  5c18afa libcli/smb: add smbXcli_session_is_guest() helper function
   via  d84dde7 libcli/smb: add SMB1 session setup action flags
   via  1b1ae2b libcli/smb: add smb1cli_session_set_action() helper function
   via  bba0194 libcli/smb: fix NULL pointer derreference in 
smbXcli_session_is_authenticated().
   via  8c6865d s3:libsmb: use password = NULL for anonymous connections
   via  abbb1ab auth/ntlmssp: don't require NTLMSSP_SIGN for smb connections
   via  9dc49c9 auth/ntlmssp: don't require any flags in the ccache_resume 
code
   via  26351cd auth/spnego: handle broken mechListMIC response from 
Windows 2000
   via  44ddc56 auth/spnego: change log level for 'Failed to setup SPNEGO 
negTokenInit request: NT_STATUS_INTERNAL_ERROR'
   via  e17baf8 s3:librpc:crypto:gse: increase debug level for 
gse_init_client().
   via  d82ec8a lib:krb5_wrap:krb5_samba: increase debug level for 
smb_krb5_get_default_realm_from_ccache().
   via  64df993 s3:libads/sasl: allow wrapped messages up to a size of 
0xfff
   via  2bebe80 s4:gensec_tstream: allow wrapped messages up to a size of 
0xfff
   via  65cdf7e WHATSNEW: Start release notes for Samba 4.2.12.
   via  e3a7138 configure: Don't check for inotify on illumos
   via  e16c8ed nwrap: Fix the build on Solaris
   via  aec25b0 libads: record session expiry for spnego sasl binds
   via  9729bdc build: mark explicit dependencies on pytalloc-util
   via  e29becc s3:wscript: pylibsmb depends on pycredentials
   via  452d393 libsmb/pysmb: add pytalloc-util dependency to fix the build.
   via  cb827b7 pydsdb: Fix returning of ldb.MessageElement.
   via  513b5d7 pydsdb: Also accept ldb.MessageElement values to dsdb 
routines
   via  75f26e3 vfs_catia: Fix bug 11827, memleak
   via  b7e46c1 tevent: version 0.9.28
   via  a8fb85f lib: tevent: Fix memory leak reported by Pavel Březina 
 when old signal action restored.
   via  331383c tevent: version 0.9.27
   via  c496c85 Fix ETIME handling for Solaris event ports.
   via  a10d492 tevent: Only set public headers field when installing as a 
public library.
   via  0345678 Simplify handling of dependencies on external libraries in 
test_headers.
   via  06a87da lib: tevent: Whitespace cleanup.
   via  1ca26ea lib: tevent: Fix bug in poll backend - 
poll_event_loop_poll()
   via  316ce07 tevent: version 0.9.26
   via  78f5f86 lib: tevent: docs: Add tutorial on thread usage.
   via  b88f6e9 lib: tevent: tests: Add a second thread test that does 
request/reply.
   via  a050245 lib: tevent: Initial test of tevent threaded context code.
   via  46d3bb7 lib: tevent: Initial checkin of threaded tevent context 
calling code.
   via  4882bde VERSION: Bump version up to 4.2.12
   via  47f3a1f Merge tag 'samba-4.2.11' into v4-2-test
   via  0dd1749 smbd: Only check dev/inode in open_directory, not the full 
stat()
   via  ffccce5 s3:smbd: add negprot remote arch detection for OSX
   via  bd11d39 s3:smbd: rework negprot remote arch detection
   via  0108e51 VERSION: Bump version up to 4.2.10...
   via  a93f708 Merge tag 'samba-4.2.9' into v4-2-test
   via  fe4a09d Real memeory leak(buildup) issue in loadparm.
   via

[SCM] Samba Shared Repository - branch v4-2-stable updated

2016-03-08 Thread Karolin Seeger

The branch, v4-2-stable has been updated
   via  c0aa427 VERSION: Disable git snapshots for the 4.2.9 release.
   via  c3eeba3 WHATSNEW: Add release notes for Samba 4.2.9.
   via  981cbe1 CVE-2016-0771: tests/dns: Remove dependencies on env 
variables
   via  4dfa41d CVE-2016-0771: tests/dns: change samba.tests.dns from being 
a unittest
   via  409ec58 CVE-2016-0771: tests: rename test getopt to get_opt
   via  93662cf CVE-2016-0771: tests/dns: RPC => DNS roundtrip test
   via  b9c595f CVE-2016-0771: dnsserver: don't force UTF-8 for TXT
   via  43de2c0 CVE-2016-0771: tests/dns: modify tests to check via RPC
   via  18a1a7c CVE-2016-0771: tests/dns: Add some more test cases for TXT 
records
   via  1cae991 CVE-2016-0771: tests/dns: Correct error code for formerly 
unrun test
   via  ffe5757 CVE-2016-0771: tests/dns: restore formerly segfaulting test
   via  9f1f669 CVE-2016-0771: tests/dns: Add a comment regarding odd 
Windows behaviour
   via  5462a4c CVE-2016-0771: tests/dns: FORMERR can simply timeout 
against Windows
   via  356cc26 CVE-2016-0771: tests/dns: prepare script for further testing
   via  d076289 CVE-2016-0771: tests/dns: Modify dns tests to match new IDL
   via  9c50144 CVE-2016-0771: dns.idl: make use of dnsp_hinfo
   via  50972cc CVE-2016-0771: s4:dns_server: fix idl for dns_txt_record
   via  69a4def CVE-2016-0771: librpc: add ndr_dnsp_string_list_copy() 
helper function
   via  192a619 CVE-2016-0771: librpc: add RPC_NDR_DNSSERVER to 
dcerpc-samba library
   via  8070e38 CVE-2016-0771: s4:librpc: python_dns and python_dcerpc_dnsp 
doesn't require client bindings
   via  6296447 CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-EA test.
   via  db00d27 CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-ACL test.
   via  6122a71 CVE-2015-7560: s3: libsmb: Add SMB1-only POSIX 
cli_posix_setacl() functions. Needed for tests.
   via  10e5700 CVE-2015-7560: s3: libsmb: Rename cli_posix_getfaclXX() 
functions to cli_posix_getacl() as they operate on pathnames.
   via  5923745 CVE-2015-7560: s3: smbd: Refuse to set EA's on a symlink.
   via  e77fb42 CVE-2015-7560: s3: smbd: Silently return no EA's available 
on a symlink.
   via  ef5f235 CVE-2015-7560: s3: smbd: Set return values early, allows 
removal of code duplication.
   via  3898806 CVE-2015-7560: s3: smbd: Refuse to get a POSIX ACL on a 
symlink.
   via  cb5b446 CVE-2015-7560: s3: smbd: Refuse to set a POSIX ACL on a 
symlink.
   via  478ed76 CVE-2015-7560: s3: smbd: Refuse to set an ACL from a POSIX 
file handle on a symlink.
   via  cc73ba9 CVE-2015-7560: s3: smbd: Refuse to get an ACL from a POSIX 
file handle on a symlink.
   via  e20deaf CVE-2015-7560: s3: smbd: Add refuse_symlink() function that 
can be used to prevent operations on a symlink.
   via  0549f6e VERSION: Bump version up to 4.2.9...
  from  ba74960 VERSION: Disable git snapshots for the 4.2.8 release.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-2-stable


- Log -
commit c0aa42785d6b942b58a167da80f5e64385beff02
Author: Karolin Seeger 
Date:   Wed Feb 24 12:23:53 2016 +0100

VERSION: Disable git snapshots for the 4.2.9 release.

Signed-off-by: Karolin Seeger 

commit c3eeba393fb92e006597fffb09720ce33be5795b
Author: Karolin Seeger 
Date:   Wed Feb 24 12:22:26 2016 +0100

WHATSNEW: Add release notes for Samba 4.2.9.

CVE-2015-7560 Getting and setting Windows ACLs on symlinks can change
permissions on link target.
CVE-2016-0771: Read of uninitialized memory DNS TXT handling

Signed-off-by: Karolin Seeger 

commit 981cbe1e9be9de8d9775ba1fc9a53b2f719472d6
Author: Garming Sam 
Date:   Fri Jan 29 17:28:54 2016 +1300

CVE-2016-0771: tests/dns: Remove dependencies on env variables

Now that it is invoked as a normal script, there should be less of them.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686

Signed-off-by: Garming Sam 
Reviewed-by: Stefan Metzmacher 
Reviewed-by: Andrew Bartlett 

commit 4dfa41df9a87cb4793de3e9cd36d9b38f215d7cb
Author: Garming Sam 
Date:   Fri Jan 29 17:03:56 2016 +1300

CVE-2016-0771: tests/dns: change samba.tests.dns from being a unittest

This makes it easier to invoke, particularly against Windows.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686

Signed-off-by: Garming Sam 
Reviewed-by: Stefan Metzmacher 
Reviewed-by: Andrew Bartlett 

commit

[SCM] Samba Shared Repository - branch v4-2-stable updated

2016-02-02 Thread Karolin Seeger

The branch, v4-2-stable has been updated
   via  ba74960 VERSION: Disable git snapshots for the 4.2.8 release.
   via  4464e65 WHATSNEW: Add release notes for Samba 4.2.8.
   via  be4f52b s4:torture: add SMB2 test for directory creation initial 
allocation size
   via  e33472d s3:smbd: Ignore initial allocation size for directory 
creation
   via  279246d smbcacls: fix uninitialized variable
   via  d63f0b11 s3:smbd/oplock obey kernel oplock setting when releasing 
oplocks
   via  c1f06fe s3:smbd: fix a corner case of the symlink verification
   via  6b1c418 s3: libsmb: Correctly initialize the list head when keeping 
a list of primary followed by DFS connections.
   via  76213b0 vfs_streams_xattr: fix and simplify streams_xattr_get_name()
   via  73dac61 vfs_fruit: hide the Netatalk metadata xattr in streaminfo
   via  9bedefb vfs_fruit: add and use define for the Netatalk metadata 
xattr
   via  6d7e711 s4:torture:vfs_fruit: add test test_read_afpinfo
   via  985d331 s4:torture:vfs_fruit: add tests for AFP_Resource 
delete-on-close and eof
   via  3892a74 vfs_fruit: ignore delete on the AFP_Resource stream
   via  a48eb89 s4:torture:vfs_fruit: update AFP_AfpInfo IO tests
   via  c99c910 vfs_fruit: fix offset and len handling for AFP_AfpInfo 
stream
   via  d8511c0 s4:torture:vfs_fruit: test nulling out AFP_AfpInfo stream
   via  293363b vfs_fruit: writing all 0 to AFP_AfpInfo stream
   via  95699b3 s4:torture:vfs_fruit: add tests for AFP_AfpInfo 
delete-on-close and eof
   via  642b62b vfs_fruit: handling of ftruncate() on AFP_AfpInfo stream
   via  a4e0639 s4:torture:vfs_fruit: file without AFP_AfpInfo
   via  d26b979 vfs_fruit: stat AFP_AfpInfo must fail when it doesn't exist
   via  aa95842 vfs_fruit: fix some debug messages
   via  8a25a0a s3:lib/errmap_unix: map EOVERFLOW to 
NT_STATUS_ALLOTTED_SPACE_EXCEEDED
   via  b32587e s4:torture:vfs_fruit: fix flakey test_write_atalk_rfork_io 
with OS X
   via  7b2f35b s4:torture:vfs_fruit: fix test_rename_dir_openfile() to 
work with OS X
   via  b8512d4 s4:torture:vfs_fruit: fix test_aapl() to work with OS X
   via  08f61fa s4:torture:vfs_fruit: skip test_stream_names() without 
"localdir"
   via  4d7b2ab s4:torture:vfs_fruit: skip test_adouble_conversion() 
without "localdir"
   via  6a9f21c s4:torture:vfs_fruit: skip test test_read_atalk_metadata() 
without "localdir" and rename it
   via  6dba57e s4:torture:vfs_fruit: add explicit cleanup of testfiles
   via  432e9a1 s4:torture:vfs_fruit: add --option=torture:osx for 
enable_aapl()
   via  3bf1846 s4:torture:vfs_fruit: enhance check_stream
   via  b883c09 s4:torture:vfs_fruit: use AFPINFO_STREAM_NAME
   via  62a455a s4:torture:vfs_fruit: tweak check_stream_list()
   via  4eeb6db s4:torture:vfs_fruit: rename tree1 -> tree
   via  468c551 s4:torture:vfs_fruit: remove unused tree2
   via  2028bac docs: Fix typos in man vfs_gpfs.
   via  fd92549 smbd: make "hide dot files" option work with "store dos 
attributes = yes"
   via  6d1ee8b lib/async_req: do not install async_connect_send_test.
   via  3f05db5 lib/param: add a fixed unified 
lpcfg_string_{free,set,set_upper}() infrastructure
   via  417eca7 s4:torture:vfs_fruit: add a test for POSIX rename
   via  8b3e19b vfs_fruit: enable POSIX directory rename semantics
   via  3a1a67e vfs_fruit: add a flag that tracks whether use of AAPL was 
negotiated
   via  b5a081b s3:smbd: file_struct: seperate POSIX directory rename cap 
from POSIX open
   via  c91214f s3:smbd: convert file_struct.posix_open to a bitmap with 
flags
   via  b73894c VERSION: Bump version up to 4.2.8...
   via  f51d78c Merge tag 'samba-4.2.7' into v4-2-test
   via  b8077d8 Fix bug #11394 - Crash: Bad talloc magic value - access 
after free
  from  add4fe9 VERSION: Disable git snapshots for the 4.2.7 release.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-2-stable


- Log -
---

Summary of changes:
 VERSION |2 +-
 WHATSNEW.txt|   76 +-
 docs-xml/manpages/vfs_gpfs.8.xml|6 +-
 lib/async_req/wscript_build |3 +-
 lib/dbwrap/dbwrap_rbt.c |  208 +++---
 lib/param/loadparm.c|   56 +-
 source3/include/vfs.h   |   12 +-
 source3/lib/errmap_unix.c   |3 +
 source3/libsmb/libsmb_server.c  |4 +-
 source3/locking/locking.c   |3 +-
 source3/modules/vfs_acl_common.c|4 +-
 source3/modules/vfs_fruit.c |  185 +++--
 source3/modules/vfs_streams_xattr.c |   39 +-
 source3/param/loadparm.c|  212 +++---
 source3/selftest/tests.py   |4 +-
 source3/smbd/close.c|6 +-

[SCM] Samba Shared Repository - branch v4-2-stable updated

2015-12-16 Thread Karolin Seeger

The branch, v4-2-stable has been updated
   via  add4fe9 VERSION: Disable git snapshots for the 4.2.7 release.
   via  e59d852 WHATSNEW: Add release notes for Samba 4.2.7.
   via  2483d66 CVE-2015-8467: samdb: Match MS15-096 behaviour for 
userAccountControl
   via  41e1e8b CVE-2015-5296: libcli/smb: make sure we require signing 
when we demand encryption on a session
   via  3e8f112 CVE-2015-5296: s3:libsmb: force signing when requiring 
encryption in SMBC_server_internal()
   via  05d09fb CVE-2015-5296: s3:libsmb: force signing when requiring 
encryption in do_connect()
   via  1d8efe6 CVE-2015-5299: s3-shadow-copy2: fix missing access check on 
snapdir
   via  79e5023 CVE-2015-5252: s3: smbd: Fix symlink verification (file 
access outside the share).
   via  6dc18a6 ldb: bump version of the required system ldb to 1.1.24
   via  aa68bd3 CVE-2015-5330: ldb_dn_explode: copy strings by length, not 
terminators
   via  75b3ce6 CVE-2015-5330: next_codepoint_handle_ext: don't 
short-circuit UTF16 low bytes
   via  9c06833 CVE-2015-5330: strupper_talloc_n_handle(): properly count 
characters
   via  405170b CVE-2015-5330: Fix handling of unicode near string endings
   via  06f2d95 CVE-2015-5330: ldb_dn_escape_value: use known string 
length, not strlen()
   via  813ecea CVE-2015-5330: ldb_dn: simplify and fix 
ldb_dn_escape_internal()
   via  3c68b50 CVE-2015-3223: lib: ldb: Use memmem binary search, not 
strstr text search.
   via  9c7e988 CVE-2015-3223: lib: ldb: Cope with canonicalise_fn 
returning string "", length 0.
   via  5f9d311 VERSION: Bump version up to 4.2.7...
  from  0a7b693 VERSION: Disable git snapshots for the 4.2.6 release.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-2-stable


- Log -
commit add4fe9079dda8fb0bfd9763da85d65ed0063523
Author: Karolin Seeger 
Date:   Thu Dec 10 12:49:10 2015 +0100

VERSION: Disable git snapshots for the 4.2.7 release.

Signed-off-by: Karolin Seeger 

commit e59d852d7dbc828ca810180a62189c96d68d8104
Author: Karolin Seeger 
Date:   Thu Dec 10 12:24:44 2015 +0100

WHATSNEW: Add release notes for Samba 4.2.7.

This is a security to address CVE-2015-3223, CVE-2015-5252,
CVE-2015-5299, CVE-2015-5296, CVE-2015-8467, CVE-2015-5330.

Signed-off-by: Karolin Seeger 

commit 2483d66af2a298e1722dbe45ccadddf609817d67
Author: Andrew Bartlett 
Date:   Wed Nov 18 17:36:21 2015 +1300

CVE-2015-8467: samdb: Match MS15-096 behaviour for userAccountControl

Swapping between account types is now restricted

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11552

Signed-off-by: Andrew Bartlett 
Reviewed-by: Jeremy Allison 
Reviewed-by: Ralph Boehme 

commit 41e1e8b9a25ef1052258f4355e2d2c2f41e29b14
Author: Stefan Metzmacher 
Date:   Wed Sep 30 21:23:25 2015 +0200

CVE-2015-5296: libcli/smb: make sure we require signing when we demand 
encryption on a session

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Jeremy Allison 

commit 3e8f1123b2f89951b498d3d9a9af7f8dd68038c9
Author: Stefan Metzmacher 
Date:   Wed Sep 30 21:17:02 2015 +0200

CVE-2015-5296: s3:libsmb: force signing when requiring encryption in 
SMBC_server_internal()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Jeremy Allison 

commit 05d09fb2415f386ce9f2a3f4a86d10ef1abca020
Author: Stefan Metzmacher 
Date:   Wed Sep 30 21:17:02 2015 +0200

CVE-2015-5296: s3:libsmb: force signing when requiring encryption in 
do_connect()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Jeremy Allison 

commit 1d8efe6abf1c98f62f07c4c4b869d8169d6904b4
Author: Jeremy Allison 
Date:   Fri Oct 23 14:54:31 2015 -0700

CVE-2015-5299: s3-shadow-copy2: fix missing access check on snapdir

Fix originally from 

https://bugzilla.samba.org/show_bug.cgi?id=11529

Signed-off-by: Jeremy Allison 
Reviewed-by: David Disseldorp 

commit 79e5023a77b851b60a3a3e723013539f1e39b99b
Author: Jeremy Allison 
Date:   Thu Jul 9 10:58:11 2015 -0700

CVE-2015-5252: s3: smbd: Fix symlink verification (file access outside the 
share).

Ensure matching component ends in '/' or '\0'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11395

Signed-off-by: Jeremy Allison

[SCM] Samba Shared Repository - branch v4-2-stable updated

2015-12-08 Thread Karolin Seeger

The branch, v4-2-stable has been updated
   via  0a7b693 VERSION: Disable git snapshots for the 4.2.6 release.
   via  a6f9a79 WHATSNEW: Add release notes for Samba 4.2.6.
   via  785158f docs: Fix some typos in the idmap backend section.
   via  b83e261 doc: fix a typo in the smb.conf manpage, explanation of 
idmap config
   via  fdac7f1 s3: smbd: have_file_open_below() fails to enumerate open 
files below an open directory handle.
   via  6f47535 wafsamba: Also build libraries with RELRO protection
   via  6033569 fix writev(vector[...]) points to uninitialised bytes in 
call_trans2findfirst
   via  1eb6f36 fix 'Invalid read of size 1' in reply_search
   via  9e8475e fix writev(vector[...]) points to uninitialised bytes in 
call_trans2findnext
   via  579c13de fix uninitialised read in process_host_announce
   via  6a7f87b remove many valgrind errors for base.lock test
   via  7cbca2f nss_wins: Use lp_global_no_reinit()
   via  92cc4e0 s3: winbind: Prevent null ptr access by returning error if 
no creds available
   via  d9afa70 s3: rpcclient: Prevent null ptr access by returning error 
if no creds available
   via  01ca2cf s3: smbd: If EA's are turned off on a share don't allow an 
SMB2 create containing them.
   via  c63638e vfs_gpfs: Re-enable share modes
   via  95232e6 Changing log level of two entries to from 1 to 3
   via  2aded40 lib: util: Make non-critical message a warning.
   via  6f95e55 manpage: corrected small typo error
   via  1998b07 ctdb: strip trailing spaces from nodes file.
   via  f0238b7 ctdb: open the RO tracking db with perms 0600 instead of 

   via  1bbb6bf selftest: Avoid system krb5.conf in "none" test env
   via  fbf5c79 selftest: Avoid system krb5.conf in some test envs that 
don't use kerberos
   via  0d3fd03 selftest: Avoid system krb5.conf in testenv provisioning
   via  52e3615 auth: gensec: Parameters out_mem_ctx and ev are passed in 
the wrong order to gensec_spnego_server_try_fallback().
   via  fc280ca async_req: fix non-blocking connect()
   via  c016c1a selftest: add a test for async_connect_send()
   via  a915f8f s3-torture: Remove (incorrect) samba3-specific behavior in 
samba3.raw.unlink now the server is correct
   via  7c535ad s3-torture: Add WILDDELETE test to smbtorture3 to test old 
wildcard delete with zero attribute
   via  84f6010 s3-smbd: Fix old DOS client doing wildcard delete - gives a 
attribute type of zero
   via  d098372 smbd: Send SMB2 oplock breaks unencrypted
   via  929166e VERSION: Bump version up to 4.2.6...
  from  851ea18 VERSION: Disable git snapshots for the 4.2.5 release.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-2-stable


- Log -
---

Summary of changes:
 VERSION  |   2 +-
 WHATSNEW.txt |  91 +++-
 auth/gensec/spnego.c |   2 +-
 buildtools/wafsamba/wafsamba.py  |   2 +
 ctdb/server/ctdb_ltdb_server.c   |   2 +-
 ctdb/server/ctdb_server.c|  15 ++-
 ctdb/tools/ctdb.c|  15 ++-
 docs-xml/smbdotconf/security/aclgroupcontrol.xml |   2 +-
 docs-xml/smbdotconf/winbind/idmapconfig.xml  |  15 +--
 lib/async_req/async_connect_send_test.c  | 130 +++
 lib/async_req/async_sock.c   |  56 +-
 lib/async_req/wscript_build  |   4 +
 lib/util/util.c  |   2 +-
 nsswitch/wins.c  |   2 +-
 selftest/selftest.pl |   5 +-
 selftest/target/Samba3.pm|  14 +++
 selftest/target/Samba4.pm|  18 +++-
 source3/auth/auth_generic.c  |   2 +-
 source3/auth/user_krb5.c |   2 +-
 source3/locking/brlock.c |   2 +
 source3/modules/vfs_gpfs.c   |   3 +-
 source3/nmbd/nmbd_incomingdgrams.c   |   2 +
 source3/rpcclient/cmd_netlogon.c |   5 +
 source3/script/tests/test_async_req.sh   |  11 ++
 source3/selftest/tests.py|   5 +-
 source3/smbd/dir.c   |  13 ++-
 source3/smbd/reply.c |  12 ++-
 source3/smbd/smb2_create.c   |   6 ++
 source3/smbd/smb2_server.c   |   2 +-
 source3/smbd/trans2.c|  11 +-
 source3/torture/torture.c|  67 
 source3/winbindd/winbindd_pam.c  |   7 +-
 source4/torture/raw/unlink.c |   7 +-
 33 files changed, 457 insertions(+), 77

[SCM] Samba Shared Repository - branch v4-2-stable updated

2015-10-27 Thread Karolin Seeger

The branch, v4-2-stable has been updated
   via  851ea18 VERSION: Disable git snapshots for the 4.2.5 release.
   via  0c46d4a WHATSNEW: Add release notes for Samba 4.2.5.
   via  bf344f7 dcerpc.idl: accept invalid dcerpc_bind_nak pdus
   via  4cb9657 s3:smbstatus: add stream name to share_entry_forall()
   via  2b1a40d s3: lsa: lookup_name() logic for unqualified (no DOMAIN\ 
component) names is incorrect.
   via  8bd6345 s3:lib: validate domain name in lookup_wellknown_name()
   via  8c5990a s3:locking: initialize lease pointer in 
share_mode_traverse_fn()
   via  f1ea5fd s4: torture: Add SMB2 access-based enumeration test. Passes 
against Win2k12R2.
   via  b13c829 lib: cli: Add accessor function smb2cli_tcon_flags() to get 
tcon flags.
   via  3695d46 s3: smbd: Fix our access-based enumeration on "hide 
unreadable" to match Windows.
   via  deaa748 smbd: Fix file name buflen and padding in notify repsonse
   via  dd39bd2 vfs_fruit: return value of ad_pack in vfs_fruit.c
   via  95b17d5 tdb: Fix bug 11381, deadlock
   via  0349f95 vfs_commit: set the fd on open before calling SMB_VFS_FSTAT
   via  ba280e6 s3:ctdbd_conn: make sure we destroy tevent_fd before 
closing the socket
   via  5bc3a2f kerberos: make sure we only use prompter type when 
available.
   via  b6f1310 winbind: Fix 100% loop
   via  f9a820a s3: smbd: Fix NULL pointer bug introduced by previous 'raw' 
stream fix (bug #11522).
   via  d69db57 s3: smbd: fix a crash in unix_convert()
   via  2df7b85 net: fix a crash with net ads keytab create
   via  2e516a7 s3: tests: smbclient test to ensure we can create and see a 
:foobar stream on the top level directory in a share.
   via  22d55ca s3: smbd: Fix opening/creating :stream files on the root 
share directory.
   via  29f057c s3: smbd: Remove unused parameter from build_stream_path().
   via  eb1aa45 s3: smbclient: Move cmd_setmode out of clitar.c and back 
into client.c
   via  6c6b62f pam_winbind: Fix a segfault if initialization fails
   via  d2105b7 s4: torture: Test mkdir race condition.
   via  d194836 s3: smbd: Fix mkdir race condition.
   via  105f949 s3: dfs: Fix a crash when the dfs targets are disabled.
   via  68801fb nss_winbind: fix hang on Solaris on big groups
   via  f4bc73f build: use as-needed linker flag also on OpenBSD
   via  7cabb4c VERSION: Bump version up to 4.2.5...
  from  413fb83 VERSION: Disable git snapshots for the 4.2.4 release.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-2-stable


- Log -
---

Summary of changes:
 VERSION   |   2 +-
 WHATSNEW.txt  |  95 +++-
 lib/tdb/common/traverse.c |  14 +-
 libcli/smb/smbXcli_base.c |   5 +
 libcli/smb/smbXcli_base.h |   1 +
 librpc/idl/dcerpc.idl |   6 +-
 librpc/idl/notify.idl |   4 +-
 librpc/ndr/ndr_dcerpc.c   |  49 +++
 nsswitch/pam_winbind.c|  19 ++-
 nsswitch/winbind_nss_solaris.c|   6 +
 selftest/knownfail|   2 +
 source3/client/client.c   | 118 +++
 source3/client/client_proto.h |   6 +
 source3/client/clitar.c   | 130 -
 source3/lib/ctdbd_conn.c  |   6 +-
 source3/lib/util_wellknown.c  |  13 +-
 source3/libads/kerberos.c |  26 
 source3/libads/ldap.c |   7 +
 source3/libsmb/clidfs.c   |   4 +-
 source3/locking/proto.h   |   3 +-
 source3/locking/share_mode_lock.c |  21 ++-
 source3/modules/vfs_commit.c  |  11 +-
 source3/modules/vfs_fruit.c   |  14 +-
 source3/passdb/lookup_sid.c   |  31 +++-
 source3/rpc_server/srvsvc/srv_srvsvc_nt.c |  21 ++-
 source3/script/tests/test_smbclient_s3.sh |  36 +
 source3/smbd/dir.c|  64 -
 source3/smbd/filename.c   |  35 -
 source3/smbd/notify.c |  14 +-
 source3/smbd/open.c   |  19 +++
 source3/utils/status.c|   6 +-
 source4/heimdal_build/wscript_configure   |   1 +
 source4/torture/smb2/acls.c   | 230 ++
 source4/torture/smb2/create.c | 151 
 wscript   |   3 +-
 wscript_configure_system_mitkrb5  |   2 +
 36 files changed, 987 insertions(+), 188 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 381f62e..967a8fa 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@

[SCM] Samba Shared Repository - branch v4-2-stable updated

2015-09-08 Thread Karolin Seeger

The branch, v4-2-stable has been updated
   via  413fb83 VERSION: Disable git snapshots for the 4.2.4 release.
   via  a10eacd WHATSNEW: Add release notes for Samba 4.2.4.
   via  e806635 s4:torture:vfs_fruit: created empty resourceforks
   via  1f796a5 s4:torture:vfs_fruit: add a resource fork truncation test
   via  33bc5d2 vfs_fruit: delete ._ file when deleting the basefile
   via  aeda612 vfs_fruit: split and simplify fruit_ftruncate
   via  09653dc vfs_fruit: handling of empty resource fork
   via  9bc968a samr4: Use

[SCM] Samba Shared Repository - branch v4-2-stable updated

2015-07-14 Thread Karolin Seeger

The branch, v4-2-stable has been updated
   via  baf4349 VERSION: Disable git snapshots for the 4.2.3 release.
   via  d770ed8 WHATSNEW: Add release notes for Samba 4.2.3.
   via  74ae99f ncacn_http: fix GNUism
   via  4c8b66e s4:torture:vfs_fruit: check offset and length when reading 
AFP_AfpInfo stream
   via  0691890 vfs_fruit: check offset and length for AFP_AfpInfo read 
requests
   via  a70531c winbindd: disconnect child process if request is cancelled 
at main process
   via  1f51989 s4:selftest: also run rpc.winreg with kerberos and all 
possible auth options
   via  05a0995 s4:selftest: run rpc.echo tests also with krb5 krb5,sign 
krb5,seal
   via  30b9074 s4:rpc_server: fix padding caclucation in 
dcesrv_auth_response()
   via  ae37b34 s4:rpc_server: let dcesrv_auth_response() handle sig_size 
== 0 with auth_info as error
   via  eac0b78 s4:rpc_server: let dcesrv_reply() use a sig_size for a 
padded payload
   via  a0fbd5e s4:rpc_server: let dcesrv_reply() use 
DCERPC_AUTH_PAD_ALIGNMENT define
   via  1dae656 s4:librpc/rpc: fix padding caclucation in 
ncacn_push_request_sign()
   via  f9fce60 s4:librpc/rpc: let ncacn_push_request_sign() handle 
sig_size == 0 with auth_info as internal error
   via  97bedee s4:librpc/rpc: let dcerpc_ship_next_request() use a 
sig_size for a padded payload
   via  db644ad s4:librpc/rpc: let dcerpc_ship_next_request() use 
DCERPC_AUTH_PAD_ALIGNMENT define
   via  452a2f8 s3:rpc_server: remove pad handling from 
api_pipe_alter_context()
   via  8249470 s3:librpc/rpc: fix padding calculation in 
dcerpc_guess_sizes()
   via  dba57bd s3:librpc/rpc: allow up to DCERPC_AUTH_PAD_ALIGNMENT 
padding bytes in dcerpc_add_auth_footer()
   via  50d7029 librpc/rpc: add DCERPC_AUTH_PAD_LENGTH(stub_length) helper 
macro
   via  3467356 dcerpc.idl: add DCERPC_AUTH_PAD_ALIGNMENT (=16)
   via  f6e6167 auth/gensec: make sure gensec_start_mech_by_authtype() 
resets SIGN/SEAL before starting
   via  685876a auth/gensec: gensec_[un]seal_packet() should only work with 
GENSEC_FEATURE_DCE_STYLE
   via  c53828d s3:auth_domain: fix talloc problem in 
connect_to_domain_password_server()
   via  2429bd6 s3:smb2_setinfo: fix memory leak in the defer_rename case
   via  27aa4d4 winbindd: winbindd_raw_kerberos_login - ensure logon_info 
exists in PAC.
   via  8782e06 kerberos auth info3 should contain resource group ids 
available from pac_logon
   via  fcc7112 docs: overhaul the description of smb encrypt to include 
SMB3 encryption.
   via  645ec21 pidl: Make the compilation of PIDL producing the same 
results if the content hasn't change
   via  cbd98bf s3: smbd: Codenomicon crash in do_smb_load_module().
   via  251544b selftest: Change chgdcpass environment to use winbindd
   via  4bacf0d winbindd: Sync secrets.ldb into secrets.tdb on startup
   via  fc6074c winbindd: Use pdb_get_domain_info() to get exactly the 
local domain info when we are an AD DC
   via  7896b84 selftest: Run winbind tests in chgdcpass environment
   via  4099e13 s3: smbd: Use separate flag to track 
become_root()/unbecome_root() state.
   via  b02152f docs-xml: Update sharesec manpage to reflect current output
   via  94c5af4 selftest: Add test for sharesec command
   via  8fafa9d sharesec: Use non-numerical output for sharesec
   via  3e219f4 ctdb-ib: make sure the tevent_fd is removed before the fd 
is closed
   via  a66870b libcli/smb: make sure we remove the writev_send() request 
when a request is destroyed
   via  b909752 libcli/smb: add smb1 requests to the pending array before 
writev_send()
   via  1fdf3b3 libcli/smb: make sure the writev_send of 
smbXcli_conn_samba_suicide() is removed before closing the socket
   via  2eeecae libcli/smb: remove unused split of read_fd and write_fd
   via  92c456d libcli/smb: close the socket fd at the end of 
smbXcli_conn_disconnect()
   via  1b55fab libcli/smb: use tevent_req_received(req) in read_smb_recv()
   via  e34065b lib/async_req: remove the tevent_fd as early as possible 
via a wait_for_read_cleanup() hook
   via  4d10c2b lib/async_req: remove the tevent_fd as early as possible 
via a read_packet_cleanup() hook
   via  41b593a lib/async_req: use tevent_req_nomem/tevent_req_post in 
read_packet_send()
   via  cc01ff4 lib/async_req: s/result/req/ in read_packet_send()
   via  4b39759 lib/async_req: remove the tevent_fd as early as possible 
via a writev_cleanup() hook
   via  d7d9f4e lib/async_req: simplify async_connect_* using a _cleanup() 
hook
   via  ad8c901 lib/async_req: s/result/req/ in async_connect_send()
   via  65dc14c lib/async_req: remove unused sendto_{send,recv} and 
recvfrom_{send,recv}
   via  a9e2d2a s3:libsmb: convert nb_trans_send/recv internals to tdgram
   via  109e579 s3:libsmb: convert nb_packet_reader to tstream_* functions

[SCM] Samba Shared Repository - branch v4-2-stable updated

2015-05-27 Thread Karolin Seeger

The branch, v4-2-stable has been updated
   via  f312bf9 VERSION: Disable git snapshot for the 4.2.2 release.
   via  0ce6ad8 WHATSNEW: Add release notes for Samba 4.2.2.
   via  c78585f s4: libcli/finddcs_cldap: continue processing CLDAP until 
all addresses are used
   via  c7e4454 torture: Add smb2.notify.rmdir
   via  b3e3e41 smbd: Cancel pending notifies if the directory goes away
   via  bd09b15 smbd: Remove bool arg from set_delete_on_close_lck
   via  e41c7a7 smbd: Use reset_delete_on_close_lck directly
   via  d754099 smbd: Introduce reset_delete_on_close_lck
   via  fa55c75 s3:winbindd: make sure we remove pending io requests before 
closing client sockets
   via  60f1f76 libads: record service ticket endtime for sealed ldap 
connections
   via  6db3de7 gencache: don't fail gencache_stabilize if there were 
records to delete.
   via  691a887 s3: torture: Add regression test for bug #11249.
   via  80db448 s3: smbd: VFS: fake_acl module called 
get_full_smb_filename() with a stream path, then used the result to call XATTR 
functions directly.
   via  177d620 s3: smbd: VFS: For all EA and ACL calls use 
synthetic_smb_fname(), not synthetic_smb_fname_split().
   via  cf8235a s3: smbd: VFS: All the places that are currently calling 
vfs_stat_smb_fname() and vfs_lstat_smb_fname() should be calling 
vfs_stat_smb_basename().
   via  87f2dd8 s3: smbd: VFS: Add vfs_stat_smb_basename() - to be called 
when we *know* stream name parsing has already been done.
   via  86ed62a vfs_gpfs: move failure label before END_PROFILE
   via  08a72cb vfp_gpfs: ensure END_PROFILE is always called
   via  c071f95 vfs_fruit: comment fix: the options are documented
   via  37e5d67 vfs_fruit: add option nfs_aces that controls the NFS ACEs 
stuff
   via  ea27c56 s3:smbXsrv: refactor duplicate code into 
smbXsrv_session_clear_and_logoff()
   via  688352c s3:selftest: run smb2.notify with --signing=required
   via  f8e64d7 s3:smb2_tcon: cancel pending requests on all connections on 
tdis
   via  abe61f4 s3:smb2_sesssetup: remove unused smbd_smb2_session_setup_* 
destructors
   via  3a2b5ec s3:smb2_sesssetup: add 
smbd_smb2_session_setup_wrap_send/recv()
   via  7a56711 s3:smb2_sesssetup: always assign smb2req-session when a 
session was created.
   via  b653861 s3:smb2_sesssetup: let smbd_smb2_logoff_* use 
smbXsrv_session_shutdown_*
   via  6233772 s3:smbXsrv_session: cancel pending requests when we logoff 
a previous session
   via  03263c7 s3:smbXsrv_session: add smb2srv_session_shutdown_send/recv 
helper functions
   via  1340130 s3:smbXsrv_session: clear smb2req-session of pending 
requests in smbXsrv_session_logoff_all_callback()
   via  72ceb73 s3:smbXsrv_session: clear smb2req-session of pending 
requests in smbXsrv_session_destructor()
   via  09a5282 s4:torture/smb2: add smb2.notify.session-reconnect test
   via  398400b s4:torture/smb2: add smb2.notify.invalid-reauth test
   via  e3bb691 s4:torture/smb2: add smb2.notify.close test
   via  ef5a649 s4:torture/smb2: verify STATUS_NOTIFY_CLEANUP return value
   via  06a7050 s3:smbd: use STATUS_NOTIFY_CLEANUP on smb2 logoff (explicit 
and implicit) and tdis
   via  26496f9 s3:smbd: use STATUS_NOTIFY_CLEANUP when closing a smb2 
directory handle
   via  a4f1a49 s3:smbd: add a smbd_notify_cancel_by_map() helper function
   via  bd7bc99 s3: nmbd: Don't set work_changed = True inside 
update_server_ttl().
   via  c79abc9 s3: nmbd: Ensure we only set work_changed = true if we 
modify the record.
   via  82f7a0c vfs: kernel_flock and named streams
   via  509f2bb s4: torture: Test for incorrect file size returned in the 
response of FILE_SUPERSEDE Create.
   via  251accf s3: smbd: Incorrect file size returned in the response of 
FILE_SUPERSEDE Create
   via  794cc5d s4: rpc: Refactor dcesrv_alter() function into setup and 
send steps.
   via  e0aead2 sharesec: Use common parse_ace function
   via  d79a504 sharesec: Print ACEs in similar format as expected in input
   via  667b3a3 util_sd: Make server conncection optional
   via  af26539 smbcacls: Move sec_desc_print to common file
   via  f4ac982 smbcacls: Move print_ace and parse_ace to common file
   via  5bad1a2 smbcacls: Move StringToSid to common file
   via  989ec37 smbcacls: Move SidToString to common file
   via  cb564bf smbcacls: Use defines for security flags
   via  2d2702a smbcacls: Make 'numeric' a local variable
   via  f330a2e Add DCERPC flag to call unbind hooks without destroying the 
connection itself upon termination of a connection with outstanding pending 
calls.
   via  69d632d Add multiplex state to dcerpc flags and control over 
multiplex PFC flag in bind_ack and and dcesrv_alter replies
   via  967679c Make sure we initialize conn to NULL, because a routine we 
call may give an

[SCM] Samba Shared Repository - branch v4-2-stable updated

2015-04-15 Thread Karolin Seeger

The branch, v4-2-stable has been updated
   via  c2633a9 VERSION: Disable git snapshot for the 4.2.1 release.
   via  172cdbd WHATSNEW: Add release notes for Samba 4.2.1.
   via  be7b660 s3-passdb: Fix 'force user' with winbind default domain
   via  57f54da s4-process_model: Do not close random fds while forking.
   via  fad13d7 s3: libsmbclient: Add missing talloc stackframe.
   via  100cd28 lib: tdb: Use sigaction when testing for robust mutexes.
   via  6cab690 s4:auth/gensec_gssapi: let gensec_gssapi_update() return 
NT_STATUS_LOGON_FAILURE for unknown errors
   via  f4525a5 s3: client - client use spnego principal = yes code 
checks wrong name.
   via  faaf9af docs: Mark 'client use spnego principal' as deprecated and 
also a bad idea.
   via  c286a17 vfs_fruit: enhance handling of malformed AppleDouble files
   via  f93f74c s3:winbind:grent: don't stop group enumeration when a group 
has no gid
   via  903dfd6 backupkey: Use ndr_pull_struct_blob_all()
   via  1dca6ee Ensure we always initialise the winbind context
   via  84782d4 replace: Remove superfluous check for gcrypt header.
   via  b8253f2 backupkey: Explicitly link to gnutls and gcrypt
   via  2ee70a1 lib/tls: Fix behaviour of --disable-gnutls and remove link 
to gcrypt
   via  1f4edb0 s3: lib: libsmbclient: If reusing a server struct, check 
every cli-timout miliseconds if it's still valid before use.
   via  a5156c6 s3: libcli: smb1: Ensure we correctly finish a tevent req 
if the writev fails in the SMB1 case.
   via  6b4a52c s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't 
set, cope with servers that don't send the 2 unused fields.
   via  6f262f6 s4: lib: auth: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, 
cope with servers that don't send the 2 unused fields.
   via  e1bf5b7 docs/idmap_rid: remove deprecated base_rid from example
   via  1346811 libcli/auth: Match Declaration of 
netlogon_creds_cli_context_tmp with implementation
   via  7b7602c Update libwbclient version to 0.12
   via  fe5ac73 Move wbc global variables into global context instead
   via  bb70e50 Add context versions of wbclient functions
   via  b9d75f6 Add wbcContext to wbcRequestResponse
   via  a52f418 Add wbcContext struct, create and free functions
   via  ae434f4 Use global context for winbindd_request_response
   via  7f787b4 Make winbind client library thread-safe by adding context
   via  f56d56e talloc: version 2.1.2
   via  0693e46 talloc: fix _talloc_total_limit_size prototype
   via  f6df1e9 lib: talloc: Test suite for the new destructor reparent 
logic.
   via  a21e4e2 lib: talloc: Allow destructors to reparent the object 
they're called on.
   via  599ca10 lib: talloc: Fix bug when calling a destructor.
   via  bb97c5e s3-winbind: Fix chached user group lookup of trusted 
domains.
   via  e92a548 Be consistent about what functions add $LISTOPT and 
$LOADLIST to the command-line.
   via  ebcba7a selftest: Add separate command line for listing tests, 
allowing us of subunit-filter (which doesn't support subunit v2).
   via  d8aafcd selftest/tests.py: Remove testsuite samba.tests.samdb which 
does not have any tests.
   via  b953fbd Re-use add_prefix function.
   via  df04a81 selftest: Drop support for TESTSUITE-IDLIST, and remove its 
last user.
   via  6bf5d33 sam: Use samba.tests.subunitrun.
   via  f847bb0 Use samba.tests.subunitrun in dsdb ldap and ldap_schema 
tests.
   via  84547fa Use samba.tests.subunitrun in urgent replication test.
   via  502f424 Include mimeparse, which is used by subunit/testtools.
   via  c845ccb ldap: Use samba.tests.subunitrun.
   via  fbf9611 deletetest: use samba.tests.subunitrun.
   via  6fbfee3 ldap_syntaxes: Use samba.tests.subunitrun.
   via  2494914 password lockout: Use samba.tests.subunitrun.
   via  0bd1fde passwords: Use samba.tests.subunitrun.
   via  fb37077 sec_descriptor: Use samba.tests.subunitrun.
   via  17f62c0 token_group: Use samba.tests.subunitrun.
   via  c42d07e sites: Use samba.tests.subunitrun.
   via  84d21d8 speedtest: Use samba.tests.subunitrun.
   via  c41dfc5 credentials test: Use samba.tests.subunitrun.
   via  8f76884 sec_descriptor test: Simplify, use samba.tests.subunitrun 
module.
   via  368e50f Move option handling into samba.tests.subunitrun.
   via  247974b Move option parsing to samba.tests.subunitrun.
   via  2969bbe subunitrun: Use new samba.tests.subunitrun module.
   via  4e1e255 Add convenience class for old-style Samba subunit python 
tests.
   via  5ef9651 Add bundled copy of 'extras' python module used by newer 
versions of testtools/subunit.
   via  48a92dd filter-subunit: Consistently use spaces rather than tabs.
   via  88b864a Support using system ldbmodify.
   via  daa54fd Fix subunit test suite name.
   via

[SCM] Samba Shared Repository - branch v4-2-stable updated

2015-03-04 Thread Karolin Seeger

The branch, v4-2-stable has been updated
   via  1d4445a VERSION: Disable git snapshot for the 4.2.0 release.
   via  b32bc91 WHATSNEW: Add release notes for Samba 4.2.0.
   via  1309af4 tevent: version 0.9.24
   via  5db8d19 tevent: Ignore unexpected signal events in the same way the 
epoll backend does.
   via  7ad61f9 backupkey: Explain more why we use GnuTLS here
   via  19796dc torture-backupkey: Check the dcerpc call return code before 
calling ndr pull
   via  defd635 backupkey: replace heimdal rsa key generation with GnuTLS
   via  b39c155 build: Require GnuTLS if building with Active Directory
   via  3e03d5f torture-backupkey: Add tests that read the secret from the 
server, and validate
   via  c39dccc backupkey: Better handling for different wrap version 
headers
   via  a29cf10 backupkey: Add tests for ServerWrap protocol
   via  3b27850 backupkey: Change expected error codes to match Windows 
2008R2 and Windows 2012R2
   via  ff5494a backupkey: Implement ServerWrap Decrypt
   via  2533cef backupkey: Handle more clearly the case where we find the 
secret, but it has no value
   via  b66edeb backupkey: Improve variable names to make clear this is 
client-provided data
   via  b3dd7ae backupkey: Use the name lsa_secret rather than just secret
   via  9408f0c backupkey: Implement ServerWrap Encrypt protocol
   via  a0bf67d backupkey: Improve function names and comments for clarity
   via  8d45cf5 backupkey: Move SID comparison to inside 
get_and_verify_access_check()
   via  9372640 backupkey: Improve IDL
   via  c6b61e1 backupkey: begin by factoring out the server wrap functions
   via  9ddd067 torture-backupkey: Assert dcerpc_bkrp_BackupKey_r call was 
successful
   via  bad22e6 torture-backupkey: Add consistent assertions that 
createRestoreGUIDStruct() suceeds
   via  3d44076 s4:torture/rpc/backupkey: Require 2048 bit RSA key
   via  2ff5c42 s4-backupkey: consistent naming of werr variable
   via  0168673 s4-backupkey: improve variable name
   via  48a659d s4-backupkey: typo fix
   via  a701eeb s4-backupkey: IDL for ServerWrap subprotocol
   via  87c525d s4-backupkey: fix ndr_pull error on empty input
   via  2ee3031 s4-backupkey: Initialize ndr-switchlist for print
   via  a03df47 s4-backupkey: Comply with [MS-BKRP] 2.2.1
   via  0d6e32f s4-backupkey: Set defined cert serialnumber
   via  0dd6cfa s4-backupkey: de-duplicate error handling
   via  c998e9d s4-backupkey: check for talloc failure
   via  0b75a0c s4-backupkey: Cert lifetime of 365 days, not secs
   via  899f4db s4-backupkey: Ensure RSA modulus is 2048 bits
   via  93fe498 Add link to the Samba User Survey 2015 to WHATSNEW.txt
   via  f158785 doc-xml: Add 'sharesec' reference to 'access based share 
enum'
   via  f645571 snprintf: Try to support %j
   via  d0a5a6f tevent: version 0.9.23
   via  bc8585b Add Solaris ports as a tevent backend.
   via  2f50cd2 Update the tevent_data.dox tutrial stuff to fix some 
errors, including white space problems.
   via  3c4e071 ctdb-io: Do not use sys_write to write to client sockets
   via  811fad3 smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT.
   via  a8d285f vfs: Add a brief vfs_ceph manpage.
   via  aadfc40 doc:man:vfs_glusterfs: improve the configuration section.
   via  081a730 doc:man:vfs_glusterfs: improve and update description.
   via  9c5e310 doc:man:vfs_glusterfs: remove extra % signs.
   via  38d6d20 debug: Set close-on-exec for the main log file FD
   via  3a1f881 VERSION: Bump version up to 4.2.0...
  from  6c9d254 VERSION: Disable git snapshots for the 4.2.0rc5 release.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-2-stable


- Log -
---

Summary of changes:
 VERSION|2 +-
 WHATSNEW.txt   |   72 +-
 ctdb/common/ctdb_io.c  |6 +-
 .../manpages/{vfs_snapper.8.xml = vfs_ceph.8.xml} |   65 +-
 docs-xml/manpages/vfs_glusterfs.8.xml  |   61 +-
 .../smbdotconf/security/accessbasedshareenum.xml   |5 +-
 docs-xml/wscript_build |1 +
 lib/replace/snprintf.c |4 +
 lib/replace/system/select.h|4 +
 lib/replace/wscript|5 +
 .../ABI/{tevent-0.9.21.sigs = tevent-0.9.23.sigs} |0
 .../ABI/{tevent-0.9.21.sigs = tevent-0.9.24.sigs} |0
 lib/tevent/doc/tevent_data.dox |   30 +-
 lib/tevent/tevent.c|5 +-
 lib/tevent/tevent_internal.h   |3 +
 lib/tevent/tevent_port.c   |  785 ++

[SCM] Samba Shared Repository - branch v4-2-stable updated

2015-02-24 Thread Karolin Seeger

The branch, v4-2-stable has been updated
   via  6c9d254 VERSION: Disable git snapshots for the 4.2.0rc5 release.
   via  5ab7f96 WHATSNEW: Add release notes for Samba 4.2.0rc5.
   via  3bd8850 s3-netlogon: Make sure we do not deference a NULL pointer.
   via  9988930 CVE-2015-0240: s3: netlogon: Ensure we don't call 
talloc_free on an uninitialized pointer.
   via  bba7796 s3: smbd: SMB2 close. If a file has delete on close, store 
the return info before deleting.
   via  381e601 s3: smbd: SMB2 close. Call utility function 
setup_close_full_information()
   via  66acf5b s3: smbd: SMB2 close. Add utility function 
setup_close_full_information()
   via  22578e8 s4: smbtorture: leases - show stat opens grant leases and 
can be broken.
   via  6eadda1 s3: smbd: leases - losen paranoia check. Stat opens can 
grant leases.
   via  8b7e8ee s3: smbd: leases - new torture test shows stat opens can 
get leases.
   via  8409939 samba-tool: Create NIS enabled users and unixHomeDirectory 
attribute
   via  b4f965d s3: smbclient: Allinfo leaves the file handle open.
   via  9cfaed4 printing/cups: pack requested-attributes with 
IPP_TAG_KEYWORD
   via  26f58b7 s3:smb2_server: protect against integer wrap with smb2 max 
credits = 65535
   via  fc8cab8 s3:smb2_server: always try to grant the credits the client 
just consumed
   via  a4fdd14 wafsamba: create unique names when building shared modules
   via  47c1038 wafsamba: remove unused variable in SAMBA_MODULE()
   via  3e865e1 wafsamba: passing 'subsystem' to SAMBA_MODULE() is not 
optional
   via  f9fbb92 wafsamba: make it possible to pass bundled_name to 
SAMBA_LIBRARY()
   via  23a4ba8 wafadmin: backported the openbsd fixes from waf 1.7
   via  aada20e wafsamba: remove commented out code.
   via  8001ec4 Revert waf: added suncc_wrap
   via  deb4041 wafsamba: generate an empty.c file if a 
SAMBA_{LIBRARY,SUBSYSTEM} doesn't have any source files
   via  b2bb6ae wafsamba: flags from enviroment are put before our own 
internal versions
   via  573c452 wafsamba: filter out standard library paths from RPATH and 
LIBPATH
   via  28e48f3 wafsamba: fix ordering problems with lib-provided and 
internal RPATHs
   via  c2a5e08 wafsamba: make it possible to specify 
ADDITIONAL_{CFLAGS,LDFLAGS} as env var to ./configure
   via  320ee4e wafsamba: improve -fvisibility=hidden, we should check it 
together this WERROR_CFLAGS
   via  f36016e wafsamba: let CURRENT_CFLAGS() use bld.env.VISIBILITY_CFLAGS
   via  c6f5361 wafsamba: move -fvisibility=hidden checks from lib/replace 
to wafsamba
   via  57855ba wafsamba: move '-fstack-protector' checks from lib/replace 
to wafsamba
   via  1e84abd0 wafsamba: move WERROR_CFLAGS checks from lib/replace to 
wafsamba
   via  17ae6ba wafsamba: move compiler / cflags related stuff from 
lib/replace to wafsamba
   via  cb71b4b wafsamba: let TO_LIST(mylist) return a copy of mylist
   via  1b57443 wafsamba: check for rpath compiler/linker flags
   via  fe9897b wafsamba: fill PRIVATE_NAME() logic again
   via  5a257a0 wafsamba: add -Werror=return-type for developer builds
   via  1b31b8e Reduce the no-op build times by 30%
   via  94aceed Don't use a nested function when testing for visibility 
attribute support.
   via  ac06d67 Fix more pep8 issues in code I touched recently.
   via  488def5 Remove last instances of pep8 error E712 (use 'is' rather 
than '==' for booleans)
   via  99b4213 s3: lib, s3: modules: Fix compilation on Solaris.
   via  8a5df7d s4:dsdb/tests: add test_timevalues1() to verify timestamp 
values
   via  a707d53 ldb: version 1.1.20
   via  cd82192 lib/ldb: fix logic in ldb_val_to_time()
   via  62487b6 Remove use of the staticforward macro
   via  84008fe ldb: bump to version 1.1.19
   via  3a97cea ldb: Allow to register extended match rules
   via  f45d30c s3-pam_smbpass: Fix memory leak in pam_sm_authenticate().
   via  e38f3ea utils: Fix 'net time' segfault.
   via  a5d30bd cli_connect_nb_send: don't segfault on host == NULL.
   via  69dd558 vfs_snapper: encode and decode Snapper DBus strings
   via  428c582 vfs_snapper: add DBus string encoding and decoding helpers
   via  1381ac0 vfs_snapper: free dbus req messages in error paths
   via  f922899 s3-vfs: Fix developer build of vfs_ceph module.
   via  ffc1cca vfs_glusterfs: Add comments to the pipe(2) code.
   via  0c9e53b vfs: Fix a typo
   via  7e0e0e0 vfs:glusterfs: whitespace fix.
   via  42b9b52 vfs_glusterfs: Replace eventfd with pipes, for AIO use
   via  1d05617 vfs/glusterfs: Change xattr key to match gluster key.
   via  d35fa8e vfs_glusterfs: Implement AIO support
   via  bab4805 vfs_glusterfs: Change sys_get_acl_file/fd to return ACLs 
corresponding to mode bits when there are no ACLs set.
   via  d56da88

[SCM] Samba Shared Repository - branch v4-2-stable updated

2015-01-16 Thread Karolin Seeger

The branch, v4-2-stable has been updated
   via  c88a4f4 VERSION: Disable git snapshots for the 4.2.0rc4 release.
   via  8fdb354 WHATSNEW: Add release notes for Samba 4.2.0rc4.
   via  2a699e4 CVE-2014-8143:dsdb-samldb: Check for extended access rights 
before we allow changes to userAccountControl
   via  df1f7ce CVE-2014-8143:dsdb: Allow use of 
dsdb_autotransaction_request outside util.c
   via  0b97e8b CVE-2014-8143:pydsdb: Pull in UF_USE_AES_KEYS flag
   via  239c0f2 CVE-2014-8143:auth: Force talloc type of session_info 
pointer to match
   via  923827c vfs_fruit: mmap under FreeBSD needs PROT_READ
   via  e3d7893 vfs_fruit: fix base_fsp name conversion
   via  eaeeb51 s3-libads: Fix a possible segfault in kerberos_fetch_pac().
   via  ec80439 lib/util: Avoid collision which alread defined consumer 
DEBUG macro.
   via  a756e65 spoolss: clear PrinterInfo on GetPrinter error
   via  4e3e5e7 spoolss: clear info on GetPrinterDriverDirectory error
   via  d2d2f8a spoolss: clear info on GetPrintProcessorDirectory error
   via  e9e576a spoolss: clear FormInfo on GetForm error
   via  9762d72 spoolss: clear DriverInfo on GetPrinterDriver2 error
   via  2141975 spoolss: clear JobInfo on GetJob error
   via  f0040c6 [PATCH] vfs: Add glusterfs manpage.
   via  92b34c5 net: Fix sam addgroupmem
   via  561eb6c s3:passdb: fix logic in pdb_set_pw_history()
   via  bdc182f s3-util: Fix authentication with long hostnames.
   via  d196b54 winbind: Retry after SESSION_EXPIRED error in ping-dc
   via  ec07387 winbind: Retry LogonControl RPC in ping-dc after session 
expiration
   via  4701d74 tdb_wrap: Make mutexes easier to use
   via  c6dc67a nss_wrapper: check for nss.h
   via  2201a3c ctdb-daemon: Use correct tdb flags when enabling robust 
mutex support
   via  2887007 tdb: version 1.3.4
   via  4a52345 tdb/toos: allow transactions with TDB_MUTEX_LOCKING
   via  9ec5518 tdb/test: add tdb1-run-mutex-transaction1 test
   via  953d373 tdb: allow transactions on on tdb's with TDB_MUTEX_LOCKING
   via  93b73bf VERSION: Bump version up to 4.2.0rc4 and...
  from  f139544 VERSION: Disable git snapshots for the 4.2.0rc3 release.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-2-stable


- Log -
---

Summary of changes:
 VERSION|   2 +-
 WHATSNEW.txt   |  48 -
 ctdb/client/ctdb_client.c  |  30 +++-
 ctdb/server/ctdb_lock.c|  30 +++-
 ctdb/server/ctdb_lock_helper.c |  28 +--
 ctdb/server/ctdb_ltdb_server.c |   4 +-
 docs-xml/manpages/vfs_glusterfs.8.xml  | 151 
 docs-xml/wscript_build |   1 +
 lib/nss_wrapper/wscript|   4 +-
 lib/tdb/ABI/{tdb-1.3.0.sigs = tdb-1.3.4.sigs} |   0
 lib/tdb/common/transaction.c   |   2 +-
 lib/tdb/test/run-mutex-transaction1.c  | 236 +
 lib/tdb/tools/tdbtorture.c |   1 -
 lib/tdb/wscript|   3 +-
 lib/tdb_wrap/tdb_wrap.c|   7 +
 lib/util/debug.h   |   6 +-
 lib/util/fault.h   |   5 +
 librpc/idl/security.idl|  13 +-
 source3/lib/util.c |   4 +-
 source3/libads/authdata.c  |  26 +--
 source3/modules/vfs_fruit.c|   4 +-
 source3/passdb/pdb_get_set.c   |  15 +-
 source3/rpc_server/spoolss/srv_spoolss_nt.c|  78 +---
 source3/utils/net_sam.c|   8 +-
 source3/winbindd/winbindd_dual_srv.c   |  18 ++
 source4/auth/session.c |   5 +
 source4/dsdb/common/util.c |   4 +-
 source4/dsdb/pydsdb.c  |   1 +
 source4/dsdb/samdb/ldb_modules/samldb.c| 190 +++-
 source4/dsdb/samdb/samdb.h |   6 +
 source4/rpc_server/lsa/dcesrv_lsa.c|  15 +-
 source4/setup/schema_samba4.ldif   |   1 +
 32 files changed, 856 insertions(+), 90 deletions(-)
 create mode 100644 docs-xml/manpages/vfs_glusterfs.8.xml
 copy lib/tdb/ABI/{tdb-1.3.0.sigs = tdb-1.3.4.sigs} (100%)
 create mode 100644 lib/tdb/test/run-mutex-transaction1.c


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 507ad30..7d26f52 100644
--- a/VERSION
+++ b/VERSION
@@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE=
 # e.g. SAMBA_VERSION_RC_RELEASE=1  #
 #  -  3.0.0rc1  #
 
-SAMBA_VERSION_RC_RELEASE=3

[SCM] Samba Shared Repository - branch v4-2-stable updated

2014-12-20 Thread Karolin Seeger

The branch, v4-2-stable has been updated
   via  f139544 VERSION: Disable git snapshots for the 4.2.0rc3 release.
   via  2277f6a WHATSNEW: Add release notes for Samba 4.2.0rc3.
   via  60748d1 s3:passdb: let pdb_get_trust_credentials() try 
pdb_get_trusteddom_creds() first
   via  26c011d s3:passdb: add optional get_trusteddom_creds() hooks
   via  611e95e pdb: fix build issues with shared modules
   via  ddc2bba s3:idmap_cache: remove unused idmap_cache_set_sid2[u|g]id()
   via  dac59a2 pdb: Increase version number to fix ABI
   via  1a91c09 idmap: return the correct id type to *id_to_sid methods
   via  d655b56 idmap: unify passdb *id_to_sid methods
   via  0c32df4 s3:passdb: avoid invalid pointer type warnings in 
pdb_wbc_sam.c
   via  f87e9b1 s3:passdb: always copy the history in 
pdb_set_plaintext_passwd()
   via  f1f0ca3 pdb_tdb: Avoid a nasty error message with ctdb
   via  a681688 pdb_tdb: don't leak state_path onto talloc tos
   via  741ac3b account_pol: don't leak state_path onto talloc tos
   via  b14bed4 passdb: Use common code in 
cli_credentials_set_machine_account_db_ctx()
   via  d26278a auth/credentials: Ensure that we set the realm when reading 
secrets.tdb
   via  e3b6d3b credentials: Allow the secret.tdb handle to be passed in to 
cli_credentials_set_machine_account()
   via  a81b814 credentials: Improve error message on failure to set 
machine account password
   via  a13c21b credentials: Set secure_channel_type from secrets.tdb in 
cli_credentials_set_machine_account
   via  f80a108 s3:locking: fix uninitialiazed variable in 
brl_get_locks_readonly_parser()
   via  5d3a3c8b ctdb-build: fix build without xsltproc
   via  c0d778c packaging: Include CTDB man pages in the tarball
   via  6c01512 ctdb-build: Fix the installation of config files for 
top-level build
   via  d09a0e0 ctdb-build: Fix the indentation
   via  27219c0 libcli/smb: only force signing of smb2 session setups when 
binding a new session
   via  8bb6039 s3:smb2_server: allow reauthentication without signing
   via  c0aee74 vfs_streams_xattr: add missing call to SMB_VFS_NEXT_CONNECT
   via  4190813 testprogs/test_ldb: check rootdse search with extended-dn 
control
   via  23e43c3 s4:dsdb/rootdse: expand extended dn values with the 
AS_SYSTEM control
   via  02ad559 s3:utils/profiles fix a use after free
   via  adb4618 s3:registry/regfio fix some valgrind warnings
   via  238eb48 s3:registry/regfio read SD from the correct location
   via  0055b0d ctdb-tests: Need to drop public IPs in kill-failover tests
   via  12c1e89 ctdb-daemon: Gratuitous ARP equivalent for IPv6 is neighbor 
advertisement
   via  7787cfa ctdb-tests: More debug on SSH failure
   via  bdaa7f2 ctdb-tests: Make tcpdump output more verbose
   via  67bda03 ctdb-tests: Use ip neigh command instead of arp
   via  fe23b5b ctdb-tests: Generalise the gratarp and tickle sniffing code 
for IPv6
   via  aa84dec ctdb-tests: Match IPv6 connections in netstat output
   via  1e6681f ctdb-tests: Use ping_wrapper to do relevant ping or ping6
   via  2b9facf ctdb-tests: Extend regexps to handle IPv6 address matching
   via  6299649 ctdb-tests: Bracket IP addresses in NFS mounts and scp 
command (for IPv6)
   via  4f05acc ctdb-tests: Try to handle IPv6 addresses for local daemons
   via  5d4a412 ctdb-tests: Extend regexp to match IPv6 addresses
   via  6c245c5 ctdb-tools: Bracket IP addresses in onnode (for IPv6)
   via  78f35cb ctdb-daemon: Fix IP address comparisons for IPv6 addresses
   via  dd6534f ctdb-scripts: Wait until IPv6 addresses are not tentative
   via  fee8c94 ctdb-eventscripts: Specify broadcast optionally to ip addr 
add
   via  6e59d32 ctdb-daemon: Trust vnn-interface for an IP when releasing 
it
   via  cd26059 ctdb-scripts: Make 10.interface IPv6-safe
   via  231fab1 ctdb-scripts: New functions ip6tables() and 
iptables_wrapper()
   via  fd796e6 ctdb-scripts: Add IPv6 addresses support in 
ip_maskbits_iface()
   via  410c785 ctdb-utils: Update Nagios code to use ctdb -X
   via  4d3d4bc ctdb-doc: Update examples to use ctdb -X
   via  2524621 ctdb-tool: Fix ctdb -Y ifaces output to have trailing 
delimiters
   via  645f1e2 ctdb-tests: Update integration tests to use ctdb -X
   via  dbda14a ctdb-tools: Update onnode and ctdb-diagnostics to use ctdb 
-X
   via  8df3a81 ctdb-scripts: Update eventscripts to use ctdb -X instead of 
ctdb -Y
   via  a5ffa96 ctdb-tools: Add -X option for machine parsable output with 
separator '|'
   via  dbfc67a ctdb-tools: Add -x option to specify delimiter for machine 
readable output
   via  9acafe9 ctdb-tools: Produce machine readable output with new 
function printm()
   via  decb761 ctdb-recoverd: Process all the records for vacuum fetch in 
a loop
   via  7d4e0f0

[SCM] Samba Shared Repository - branch v4-2-stable updated

2014-11-05 Thread Karolin Seeger

The branch, v4-2-stable has been updated
   via  3011777 VERSION: Bump version up to 4.2.0rc1...
   via  1ef2be6 vfs_fruit: deal with vfs_catia not being loaded
   via  b2626c2 vfs_fruit: remove redundant assignment
   via  04ebed1 vfs_fruit: fix possible uninitialized use
   via  26ff9f3 libcli/smb: call smb2cli_validate_negotiate_info*() after 
each authenticated tcon
   via  7729ba5 libcli/smb: add smb2cli_validate_negotiate_info*()
   via  6a82cb7 libcli/smb: list NT_STATUS_FILE_CLOSED as expected ioctl 
response.
   via  a51b623 s4:libcli/tcon: remove unused smb2_tree_connect*()
   via  609b31a s4:torture/smb2: remove unused variable in 
torture_smb2_con_sopt()
   via  fe13b0c s4:torture/smb2: use smb2cli_tcon*() in 
torture_smb2_tree_connect()
   via  04d0110 s4:torture/smb2: use torture_smb2_tree_connect() in notify.c
   via  a8d1f26 s4:torture/smb2: torture_smb2_tree_connect() creates a 
secondary tree connect
   via  c723d57 s4:libcli/smb2: make use of smb2cli_tcon*() in connect.c
   via  d11b0c4 s3:libsmb: remove unused smb2cli.h
   via  b77bb5a libcli/smb: move smb2cli_tcon.c to the toplevel
   via  7ee18fb s3:smb2cli_tcon: use smb2 signing if possible
   via  8c846f7 libcli/smb: add smb2cli_tcon_{should_sign,is_signing_on}()
   via  e954f92 libcli/smb: add smb2cli_tcon_should_encrypt()
   via  ca1081e libcli/smb: add smbXcli_session_is_authenticated()
   via  aa4310b libcli/smb: support additional_flags = SMB2_HDR_FLAG_SIGNED
   via  e9a5074 s3:libsmb: remove unused ';'
   via  854f579 s4:libcli/smb_composite: don't try anonymous smb signing
   via  760f23a s3:smb2_negprot: allow really large io sizes up to allmost 
16MB
   via  703ef59 tdb: Fix a comment
   via  93e81d423 s3: lib: Signal handling - ensure smbrun and change 
password code save and restore existing SIGCHLD handlers.
   via  fc8e105 lib: util [ctdb]: Signal handling - change CatchChild() and 
CatchChildLeaveStatus() to return the previous handler.
   via  16e460e s3: nmbd: Ensure the main nmbd process doesn't create 
zombies.
   via  ba33426 s3:torture: transfer 1M message with fds in 
LOCAL-MESSAGING-FDPASS2 test
   via  d4bf2be s3:torture: wait in tevent-loop for child to confirm 
receive in FDPASS2 msg test
   via  3628102 s3:torture: fix a message in LOCAL-MESSAGING-FDPASS2 test
   via  bc5c029 selftest: run LOCAL-MESSAGING-READ4
   via  f16dd64 s3:torture: add LOCAL-MESSAGING-READ4 - send 1MB message
   via  797ada1 s3:messaging: explain why the messaging_send*() functions 
need a tevent-loop.
   via  d7d9ec3 s3:unix_msg: document closing of fds in the receive handler
   via  0ab5e89 s3:unix_msg: close the fds in unix_dgram_recv_handler() 
after the callback has run
   via  6e47886 s3:messaging: upon receiving fds, dup them so the caller 
can safely close them.
   via  00d9ee0 s3:messaging: allow the messaging receive callback to 
change the fds
   via  d8af3e7 s3:unix_msg: don't fill cmsg buffer in unix_dgram_send_job()
   via  b38ed73 s3:unix_msg: add close_fd_array_cmsg()
   via  20cd934 s3:unix_msg: factor extract_fd_array_from_msghdr() out of 
unix_dgram_recv_handler()
   via  67684dc s3:unix_msg: simplify queue_msg() by moving space 
calculations up.
   via  a96f0f4 s3:unix_msg: use an iov in unix_dgram_msg/queue_msg instead 
of buffer and length
   via  e38f4f4 s3:unix_msg: rename a variable buflen-data_len in 
queue_msg()
   via  2564a5f s3:unix_msg: use a buffer pointer instead of array indexes 
for the iov buffer
   via  9ddb661 s3:unix_msg: remember errno in unix_dgram_send_job in case 
of send error.
   via  9fa673b s3:unix_msg: don't close the fd-array at the end of 
unix_dgram_send_job()
   via  698e8a2 s3:unix_msg: add close_fds exit point to unix_msg_recv()
   via  2795bdf s3:messaging: msg_type int-uint32_t in struct messaging_hdr
   via  40b4853 s3:messaging: fix uninitialized data introduced by padding
   via  1dbd0be tevent: version 0.9.22
   via  a65df7e tevent: remove unused exit_code in tevent_select.c
   via  1ea3364 tevent: remove unused exit_code in tevent_poll.c
   via  22eb416 repl: Specify the target realm in 
dreplsrv_get_target_principal()
   via  736098e WHATSNEW: Include info on secured winbindd connections
   via  afe02d1 winbindd: Change value of ldap sasl wrapping to sign
   via  e2cd325 winbindd: Do not make anonymous connections by default
   via  b9701a0 provision: Change the default functional level of new Samba 
domains to 2008R2.
   via  bf0ee5f ldb: fix a typo in the comment, LDB_FLAGS_MOD_xxx - 
LDB_FLAG_MOD_xxx
   via  9c92164 s3-winbindd: Do not use domain SID from LookupSids for 
Sids2UnixIDs call
   via  16594e7 s3: Move init_lsa_ref_domain_list to lib
   via  f3ce6b4 s3:net_rpc_printer: make use of 
cli_credentials_get_username()

[SCM] Samba Shared Repository - branch v4-2-stable updated

2014-10-15 Thread Karolin Seeger

The branch, v4-2-stable has been updated
   via  e05a432 VERSION: Set version to 4.2.0rc2...
   via  8309ab7 WHATSNEW: Add release notes for Samba 4.2.0rc2.
   via  9164e5f build: do not install texpect binary anymore.
   via  2cd5450 libcli/smb: fix smb2cli_validate_negotiate_info with 
min=PROTOCOL_NT1 max=PROTOCOL_SMB2_02
   via  066fb45 [PATCH] WHATSNEW: Added information about the VFS WORM 
module that is
   via  4cc2dda WHATSNEW: Fix typo.
   via  721033d WHATSNEW: Fix typos.
   via  63017ac [PATCH] WHATSNEW: Add more features for Samba 4.2
   via  25d26f4 WHATSNEW: Add samba-regedit.
   via  3430afa idmap_rfc2307: Fix a crash after connection problem to DC
   via  02e1c6b SO_PROTOCOL is platform-dependent
   via  13c7b80 regedit: remove an old comment
   via  a38ad98 regedit: print error msg if opening registry fails
   via  96a5321 regedit: handle pgup/pgdn/home/end keys on lists
   via  0b70ddd regedit: handle del and backspace in hexeditor
   via  fb01459 regedit: grow hexedit buffer as the user types
   via  0f548f9 regedit: add a button to resize hexedit buffer
   via  6c736e2 regedit: add a number input box
   via  cf71665 regedit: don't expand single line text field buffer with 
cursor movement
   via  7720184 regedit: handle DEL key in text fields
   via  27e99f6 regedit: adjust some variable names to make them more 
distinct
   via  d9b67e6 regedit: find previous items
   via  05be096 regedit: search values and repeat search from cursor 
positions
   via  45afe22 regedit: flesh out search dialog and simplify search opts
   via  60b6297 regedit: don't use subwindows in hexedit
   via  afafda2 regedit: use pad as a canvas for dialogs
   via  77d9d4c regedit: clear value list after creating new key
   via  00ff031 regedit: use the right function to reopen a hive
   via  a226a52 regedit: move cursor to edited value in list and report 
edit errors
   via  47caf0b regedit: Introduce a new API to build the dialogs.
   via  ceafd11 regedit: improvements for hexedit
   via  7e11ecb regedit: add padding to fit REG_MULTI_SZ to the text field
   via  bff6822 regedit: simplify cleanup after loading children
   via  1fb0690 regedit: add a panic handler to restore terminal
   via  5e3df48 regedit: make all hives descend from a root node
   via  8bc4a73 regedit: add a refresh command to clear cache and reload 
current path
   via  ee89de1 regedit: reopen key after editing or removing values
   via  894f516 regedit: reopen parent keys when adding or removing subkeys
   via  6d61540 regedit: set cursor after creating a new key
   via  36cd9af regedit: set cursor to the parent node when ascending
   via  92d302f regedit: don't fail loading keys if just a few are 
unavailable
   via  d4c1b36 regedit: include error description in popups
   via  544c4ec regedit: notify user if there's a failure loading subkeys
   via  4867e76 regedit: handle awkward window sizes better
   via  2b74ee0 regedit: use talloc typesafety features
   via  fe5b9cd regedit: restore list cursor when window is resized
   via  db7aef6 regedit: make value list display data in multiple columns
   via  1ca1c74 regedit: add multicolumn list widget
   via  ca81665 regedit: add search feature.
   via  f5ac8ec regedit: add a color scheme for path and context help 
sections
   via  1ab3b87 regedit: sort keys
   via  196055d regedit: free value list subwindow
   via  93aa394 regedit: add borders around key and value lists, and change 
headings
   via  bb1b0ab regedit: add padding for key labels when there's not a 
prefix.
   via  c7802fc regedit: add white on blue color scheme
   via  0288af3 regedit: silence some warnings
   via  c7ebcd6 s3: smb2cli: query info return length check was reversed.
   via  ce0c5f6 registry: Don't leave dangling transactions
   via  ff9dd62 WHATSNEW: Fix typo.
   via  137c096 VERSION: Re-enable git snapshots.
  from  3011777 VERSION: Bump version up to 4.2.0rc1...

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-2-stable


- Log -
---

Summary of changes:
 VERSION |2 +-
 WHATSNEW.txt|  123 ++-
 lib/socket_wrapper/socket_wrapper.c |3 +
 lib/texpect/wscript |6 +-
 libcli/smb/smb2cli_query_info.c |2 +-
 libcli/smb/smbXcli_base.c   |6 +-
 source3/registry/reg_api.c  |2 +-
 source3/utils/regedit.c |  483 +--
 source3/utils/regedit.h |   18 +-
 source3/utils/regedit_dialog.c  | 2738 ---
 source3/utils/regedit_dialog.h  |  204 +++-
 source3/utils/regedit_hexedit.c |  243

[SCM] Samba Shared Repository - branch v4-2-stable updated

2014-10-15 Thread Karolin Seeger

The branch, v4-2-stable has been updated
   via  8428085 WHATSNEW: Remove double entry.
  from  e05a432 VERSION: Set version to 4.2.0rc2...

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-2-stable


- Log -
commit 8428085139aac09c0f47a03f0a9507eb51ac704c
Author: Karolin Seeger ksee...@samba.org
Date:   Wed Oct 15 10:06:14 2014 +0200

WHATSNEW: Remove double entry.

Signed-off-by: Karolin Seeger ksee...@samba.org
(cherry picked from commit e10ffb3bb3f61e25faf913b48d233cace6427abe)

---

Summary of changes:
 WHATSNEW.txt |4 
 1 files changed, 0 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 47f3697..fc17aae 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -44,10 +44,6 @@ to (other) domain controllers was rewritten in order to 
maintain
 global state in a netlogon_creds_cli.tdb. This is the proper fix
 for a large number of bugs:
 
-
-
-o   Volker Lendecke v...@samba.org
-* BUG 10860: registry: Don't leave dangling transactions.
   https://bugzilla.samba.org/show_bug.cgi?id=6563
   https://bugzilla.samba.org/show_bug.cgi?id=7944
   https://bugzilla.samba.org/show_bug.cgi?id=7945


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-2-stable updated

[SCM] Samba Shared Repository - branch v4-2-stable updated

[SCM] Samba Shared Repository - branch v4-2-stable updated

[SCM] Samba Shared Repository - branch v4-2-stable updated

[SCM] Samba Shared Repository - branch v4-2-stable updated

[SCM] Samba Shared Repository - branch v4-2-stable updated

[SCM] Samba Shared Repository - branch v4-2-stable updated

[SCM] Samba Shared Repository - branch v4-2-stable updated

[SCM] Samba Shared Repository - branch v4-2-stable updated

[SCM] Samba Shared Repository - branch v4-2-stable updated

[SCM] Samba Shared Repository - branch v4-2-stable updated

[SCM] Samba Shared Repository - branch v4-2-stable updated

[SCM] Samba Shared Repository - branch v4-2-stable updated

[SCM] Samba Shared Repository - branch v4-2-stable updated

[SCM] Samba Shared Repository - branch v4-2-stable updated

[SCM] Samba Shared Repository - branch v4-2-stable updated

[SCM] Samba Shared Repository - branch v4-2-stable updated

[SCM] Samba Shared Repository - branch v4-2-stable updated

[SCM] Samba Shared Repository - branch v4-2-stable updated

19 matches

Site Navigation

Mail list logo

Footer information