The annotated tag, ldb-1.1.14 has been created at ae3f7139cf13ee222beeb7468977e5c8d2484f28 (tag) tagging 6f47497610352f72128bdbcd3b45313ea9a265ab (commit) replaces ldb-1.1.13 tagged by Stefan Metzmacher on Fri Nov 30 09:50:10 2012 +0100
- Log ----------------------------------------------------------------- ldb: tag release ldb-1.1.14 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAABAgAGBQJQuHNCAAoJEEeTkWETCEAlj4sH/RkMg/tO7q7u25comSE21hRr YuTxqEGpZ5v0DEW0pi10necOWKdzRsnd1aTHj7VMhYhupxb6uKUi0uZ8BpJ+snzf jJyneDDWm9yUhQsbF2lyBEqjix/F/L6jxE7QDe6XOotJhF/uNIfT52ireFfqfT9J GQHwO1nnnkgnP2C/geWlht1MEuf6WJISPNju5Xtu+58TzdAFu6eImaUhwsp4pSL2 6BU+wueWpYbe6JSQr67CMpg71gDGK3C1kw4p3p5Nj9yXjw1vxn/irLPXWEqL3m3k u5+9DbVIQWCK2rVdI8w07n9AMfd8wzFAxsXT6oo4+ryOED4EEYwZLO2+azksgDQ= =Hlq3 -----END PGP SIGNATURE----- Alexander Bokovoy (1): Fix release script to build full set of documentation Alexander Wuerstlein (3): Set RFC2307 attributes in samba-tool create Tests for 'samba-tool user create' with RFC2307 attributes Warn when setting UID/GID without idmap_ldb:use rfc2307 = Yes Amitay Isaacs (3): s4-dns: dlz_bind9: Ignore zones that are not used by BIND9 DLZ plugin s4-rpc: dnsserver: Ignore DNS zones that are not used by RPC dnsserver s4-dns: Fix format string vulnerability in an error message (bug #9354) Andreas Schneider (24): s3-printing: Increase debug level for info that the db is empty. s3-smbd: Don't segfault if user specified ports out for range. s3-spoolss: Fix builtin forms order to match Windows again. s3fs-smbd: Move housekeeping to the background process. waf: Build pam_smbpass module only if enabled. s3fs-smbd: Make sure the registry is set up before we init printing. s3fs-printing: Fix RAW printing for normal users. packaging: Add config for systemd-tmpfiles. packaging: Add support for reloading systemd services. s3fs-printing: Simplify the comment and location handling. BUG #9295: Build standard auth modules as internal modules. wafsamba: If we define a realname and a soname create a symlink. waf: Create a libnss_winbind.so symlink. waf: Create a libnss_wins.so symlink. ntlm_auth: Increase debug level if we use config domain name. packaging: Move smbprint to a comman location. BUG 9326: Fix net ads join message for the dns domain. packaging: Add NetworkManager dispatcher script for winbind. s3fs-net: Use talloc for memory allocation. s3fs-utils: Free the popt context in smbcacls and smbquotas. s3fs-popt: Add function to burn the commandline password. s3fs-client: Burn commandline password of client utils. torture: Fix smb2.create.blob test. s3:winbind: BUG 9386: Failover if netlogon pipe is not available. Andrew Bartlett (128): libwbclient: bump ABI to 0.11 as wbcAuthenticateUserEx now provides PAC parsing auth/kerberos: add HAVE_KRB5 guard to fix non-krb5 build after winbindd pac changes build: Try not build with LDAP if we do not have ldap.h build: Fix enabled handling for HAVE_LDAP, we need to use bld.CONFIG_SET ntdb: Try to fix the build on Solaris which does not have err lib/replace: Try to fix build on HP-UX for os2_delete test build: Remove unused IRIX and IRIX6 defines lib/util: Remove unbuilt file util_getent.c and BROKEN_GETGRNAM build: Rework waf STAT_ST_BLOCKSIZE to match autoconf, with 512 as the default build: Make waf configure match autoconf for HPUX ACLs lib/replace: Remove unused nap and therefore the SCO define build: Remove unused define UNIXWARE lib/replace: Improve mkstemp test in autoconf and waf lib/replace: Look for special flags needed for c99 build: Add missing dep on tdb_compat torture: tidy up rpc.lsa OpenPolicy2 test to more clearly use torture_fail() torture: use torture_assert rather than return false in rpc.lsa torture: More torture_assert() calls in rpc.lsa build: Fix detection of quotas on macos client: Fix talloc_stackframe() free order assertion in developer mode docs: Update TOSHARG-Install docs: Remove references to default paramters in TOSHARG-PDC docs: Explain the no-domain-logons restriction applies to all HOME editions docs: Add mention of AD DC support in TOSHARG-PDC docs: Remove Win9X/WinMe mentions from TOSHARG-PDC docs: Fix typo in TOSHARG-Passdb docs: Remove mention of auth methods in TOSHARG-Passdb docs: Change TOSHARG-VFS to avoid suggesting VFS modules are Linux/IRIX only lib/util/charset: Try to find iconv on HP-UX lib/util/charset: We do not use fucntions from wchar.h any more selftest: Remove invalid security=share and rename secshare to simpleserver samba_dnsupdate: Move to using tmpfile/rename to keep the dns_hosts_file consistent samba_dnsupdate: Safely update/create names for Samba3 targets as well build: Add waf configure support for non-linux quotas build: Remove unused samba_cv_sysquotas_file variable from autoconf configure build: Set HAVE_SYS_QUOTAS and WITH_QUOTAS if we have any supported sysquota backend build: Remove unused --with-sys-quotas option nsswitch: Add waf tests for solaris special cases lib/replace: Add test for what flag we need for -Werror behaviour build: Fix quota tests, including move of sysquotas.c to the top level build: Remove duplicate check for struct getquota_rslt member getquota_rslt_u selftest: use an array when starting testenv with system() selftest: Always build a linux-style nss_winbind for nss_wrapper nsswitch: Build nss_winbind on all supported platforms wintest: bump version to 4.1 wintest: Add config file for a second host wintest: Give netdom join more time to complete wintest: Give dcpromo more time samba-tool: skip chown in sysvolreset when it would fail on a GID posixacls: Add IDL changes for vfs_acl_xattr using hash of the sys acl build: Add vfs_media_harmony to the waf build smbd: Add mem_ctx to sys_acl_init() and all callers smbd: Add mem_ctx to {f,}get_nt_acl VFS call vfs: Remove type parameter from sys_acl_blob_get_{fd,file} vfs: Implement a sys_acl_blob_get_{fd,file} for POSIX ACL backends vfs: Use a blocking function in vfs_afsacl for system ACL blobs vfs: Use posix_sys_acl_blob_get_file in vfs_aixacl vfs: Use posix_sys_acl_blob_get_file in vfs_aixacl2 for posix ACLs vfs: Use posix_sys_acl_blob_get_file in vfs_default for posix ACLs vfs: Use posix_sys_acl_blob_get_file in vfs_fake_acls for posix ACLs vfs: Use posix_sys_acl_blob_get_file in vfs_gpfs for posix ACLs vfs: Use posix_sys_acl_blob_get_file in vfs_hpux for posix ACLs vfs: Use posix_sys_acl_blob_get_file in vfs_irix for posix ACLs vfs: Use posix_sys_acl_blob_get_file in vfs_posixacl for posix ACLs vfs: Use posix_sys_acl_blob_get_file in vfs_solarisacl for posix ACLs vfs: Use posix_sys_acl_blob_get_file in vfs_tru64acl for posix ACLs vfs: Use a blocking function in vfs_zfsacl for system ACL blobs examples: Re-indent and reformat skel VFS modules vfs: Improve formatting of vfs_default vfs: Improve formatting of vfs_fake_acls vfs: Fix alternative posix and no-op sys acl implementations to take a mem_ctx vfs: Remove irixacl module (all the fucntions in it are unimplemented) build: Remove --disable-shared rpc_server:srvsvc Remove psd variable that was no longer set by SMB_VFS_FGET_NT_ACL smbd: Always free the talloc_stackframe() before leaving smbd_do_query_security_desc dns_server: Try and use the dns-SERVER account if we were configured with it provision: No longer use the wheel group in new AD Domains build: Assert that auth_domain, auth_builtin, auth_sam, auth_winbind are builtin vfs: Fix compilation of ACL support on solaris lib/replace: Fix detection of rpcsrv/yp_prot.h on FreeBSD lib/replace: Fix detection of prctl lib/replace: Fix configure on FreeBSD: define_ret is not correct here build: Add #define FREEBSD on FreeBSD dsdb-cracknames: Always use talloc_zero() dsdb-cracknames: Return DRSUAPI_DS_NAME_STATUS_NO_MAPPING when there is no SID pysmbd: Fix pysmbd octal mode handling selftest: Add many more tests for our posix ACL handling selftest: Cover one more NT ACL invalidation case and improve comments selftest: Cover the important non-Samba invalidation of the NT ACL selftest: Always unlink the tempf in posixacl test dbwrap: use talloc_stackframe() in db_tdb_log_key() python-ntacls: Cope with ACL revision 4 pysmbd: Add hook for unlink() so python scripts can remove xattr.tdb entries pysmbd: Remember to close files after setting the NT ACL pysmbd: Set umask to 0 during smbd operations vfstest: set umask(0) in vfstest provision: Fix comments in checksysvolacl sefltest: use TestCaseInTempDir and setUp/tearDown for posixacl.py temp file lib/replace: Return size of xattr if size argument is 0 build: Remove support for IDL-generated files in git tree pidl: Remove depends_on=PIDL_MISC as it sets -I/ into CFLAGS imessaging: Add irpc_all_servers() to list all available servers pymessaging: Use the server_id IDL structure rather than a tuple pymessaging: Add irpc_servers_byname() and irpc_all_servers() samba-tool: Add samba-tool processes subcommand ldb: Change ltdb_unpack_data to take an ldb_context ldb: Remove no-longer-existing ltdb_unpack_data_free from ldb_tdb.h ldb: Add ldbdump, based on tdbdump file_server: put set create mask and directory mask in fileserver.conf s3-param: Move the options needed for running smbd in the AD DC to loadparm vfs_acl_common: In add_directory_inheritable_components allocate on psd as parent selftest: Add skip for DIR1 test which loops on 64 bit ext4 libads: Always free the talloc_stackframe() on error path buildtools: Remove extra space from global: line selftest: check that samba-tool gpo works for basic operations wintest: Try harder to recover from apparent failure to dcpromo provision: Also walk directories checking ACLs provision: Make dsacl2fsacl() take a security.dom_sid, not str samba-tool: Rework ldap attribute fetch in classicupgrade for missing attributes selftest: Make samba.tests.ntacl also use TestCaseInTempDir pysmbd: Add SMB_ACL_EXECUTE to the mask set by make_simple_acl() selftest: Add tests for expected behaviour on directories as well as files selftest: Avoid test cross-contamination in samba.tests.posixacl ntp_signd: move socket directory to var/lib not var/run for permissions change ntp_signd: Only allow group access to the ntp signd directory. selftest: Avoid returning errors (rather than failures) in gpo test Revert "selftest/skip: add samba.tests.samba_tool.gpo until it's stable" selftest: Add --tmpdir to 'samba-tool gpo create' test Andrew Tridgell (12): auth: added cli_credentials_failed_kerberos_login() libcli: use cli_credentials_failed_kerberos_login() to cope with server changes test_chgdpass: added test for kerberos retry s4-librpc: use cli_credentials_failed_kerberos_login to cope with stale tickets test_chgdpass: use drs bind to test password change on RPC ldb: move ldb_pack.c into common ldb: fixed callers for ldb_pack_data() and ldb_unpack_data() s4-librpc: try a 2nd logon for more error cases samba-tool: "drs options" does not need a samdb connection s4-librpc: set error code to LOGON_FAILURE on RPC fault with access denied s4-ldapclient: cope with logon failure retry in LDAP test-chgdcpass: test the ldap case for server password change Arvid Requate (1): s3:smbd: Fix typo in got_duplicate_group check Björn Baumbach (14): s3: make recursive_rmdir function non-static s3: vfs_streams_depot: add delete_lost option s4: samba_backup: Fix typos. s3-docs: Fix opening and ending tag mismatch in Samba3-HOWTO (Bug #9235) s3-docs: add delete_lost option to vfs_streams_depot.8 docs: fix opening and ending tag mismatch: para docs: fix opening and ending tag mismatch: para docs-xml: fix use of <smbconfoption> tag (fix bug #9345) build(autoconf): fix check for ctdb_private.h build(autoconf): check if we have ctdb_protocol.h in the cluster checks build(waf): check if we have ctdb_protocol.h in the cluster checks s3:ctdb library: fix the build against older ctdb versions s3-torture:test_ctdbconn: fix the build against older ctdb versions build(waf): Fail "configure --with-cluster-support" if ctdb support is not available. Björn Jacke (9): quota: add supprt for gfs2 replace: fix 520c9b0b0ae33 wfabuild: fix the -errwarn compile flag test wafbuild: merge the missing IBM compiler Werror flag "-qhalt=w" to waf wafbuild: reorder the Werror checks so that the ambigous w2 option is being checked last ccan/wafbuild: use WERROR_CFLAGS instead of -Werror wafbuild: use WERROR_FLAGS in wscript_configure_system_mitkrb5 wafbuild: use -Wstack-protector if available util: remove accidently committed hunk Christian Ambach (21): s3:utils/net fix a compiler warning s3:rpcclient fix a compiler warning s3:pdb_ldap remove unused function s3:winbindd fix a compiler warning s3:vfs_fake_acls fix a compiler warning s3-pylibsmb: move py_tevent_req_wait_exc up in the file s3:printing only do printing_subsystem_update when printing is enabled s3:winbindd fix a compiler warning s3:passdb formatting changes s3:nfs4acls pass down fsp instead of just the filename s3:nfs4acls filter away inheritance flags on files Revert "smb.conf(5): Remove 'idmap config' documentation - the parameter has" s3:vfs_gpfs skip local flock when gpfs sharemodes are disabled s3:vfs_gpfs remove a trailing space s3:vfs_gpfs fix the build s3:vfs_gpfs re-indent run-away lines s3:smb2_getinfo ensure proper error for not yet present quota support s3:docs document shadow:snapdirseverywhere option of vfs_shadow_copy2 s3:utils fix a whitespace error build(waf): support AIX 6.1 build: add DMAPI configure option and checks Christof Schmitt (3): winbind: Extend wbcAuthenticateUserEx to provide PAC auth/kerberos: Adjust log level for failed PAC signature verification s4-torture: Complete test for winbindd PAC parsing Daniele Dario (1): Correct command help message David Disseldorp (9): vfs: fix lock logging in vfs_full_audit vfs: fix acl_blob_get* in vfs_full_audit vfs: add missing pwrite ops to full_audit vfs: check full_audit enum->str mapping on startup s3-rpc_server: fix build warning pam_winbind: fix segfault in pam_sm_authenticate() Revert "s3-winbindd: make sure we obey the -n switch also for samlogon cache access." doc: describe samlogon cache caveat for winbindd -n doc: list arguments for rpcclient FSRVP commands Gregor Beck (26): s3:dbwrap: let dbwrap_fetch_uint32 distinguish between "not found" and "wrong format" s3:dbwrap: remove unused args from db_open_file() libtorture: factor out simple ui backend s3:dbwrap_ctdb: set errno = ENOSYS if clustering is not supported s3:auth: use const in smb_pam_xxx_session() s3:rpc_server/srvsvc: remove function net_enum_pipes() s3:lib: remove unused function connections_traverse() s3:smbcontrol: don't do stack_trace by connection but by server_id. s3:count_current_connections: do not clear orphaned entries from connections.tdb s3:net_status_shares: use connections_forall_read for a read only traversal s3:smbd: pass smbXsrv_session instead of user_struct to session_claim() and session_yield() s3:smbd: remove smbd_server_connection argument from session_claim() s3:smbd: initialize session->global before calling session_claim s3:smbd: use session_global_id as session number for pam and utmp s3:smbXsrv_session: add smbXsrv_session_global_traverse() s3:smbXsrv_tcon: add smbXsrv_tcon_global_traverse() s3:build: move sessionid_tdb.o and conn_tdb.o to SMBD_OBJ_BASE s3:smbd:setup_new_vc_session: traverse sessions instead of connections to shutdown other smbds s3:smbd/connection: use smbXsrv_tcon_traverse to count connections s3:lib: implement sessionid_traverse_read with smb2srv_session_traverse_read s3:smbd: don't use (fill) sessionid.tdb in session_claim/yield any more. s3:net_serverid: remove sessionid_traverse from "net serverid wipedbs" s3:lib: remove unused sessionid_*() functions s3:net_serverid: remove connections_forall from "net serverid wipedbs" s3:lib: remove function connections_forall() s3:lib/conn_tdb: implement connections_forall_read() based on smbXsrv_*_global_traverse() Günther Deschner (10): pam_winbind: match more return codes when wbcGetPwnam has failed. s3-lsa: Flesh out the returned info in _lsa_EnumTrustedDomainsEx(). s3-winbindd: Adjust error code loop logic in rpc_trusted_domains(). s3-krb5: use and request AES keys in kerberos operations. s3-kerberos: add aes enctypes to generated krb5.conf. s3-net: pass down struct net_context to the dns update calls. s3-net: move out some prototypes to net_dns.h. s3-net: pass down a flags field to DoDNSUpdate(). s3-net: give more control how to update/register DNS entries. s3-net: Fix DEBUG() location. Ira Cooper (3): waf: Make samba "ok" with directories for install being symlinks s3: Compound requests should continue processing. s3: Fix libnss_winbind.so's build on Illumos/Solaris Jelmer Vernooij (114): samba-tool domain-provision: Fix docstring. samba-tool domain-provision: Avoid python2.5-isms. replace: Support setproctitle(). Remove compatibility code for setproctitle() now moved to libreplace. samba-tool domain provision: DNS forwarder is not a boolean. replace: Avoid returning value in void setproctitle() replacement. s4-python: Override SIGINT handler in scripts only. samba-tool: Hide 'samba-tool domain samba3upgrade'. Remove obsolete land-remote.py and land.py scripts. undocumented: Drop extension from helper scripts. smb.conf.5: Document 'cldap port'. Remove unused neatquotes script. smb.conf(5): Remove 'idmap config' documentation - the parameter has smb.conf(5): Remove documentation for removed 'lock spin count' netlogon: Per MS-NRPC, don't send unknown workstation flags back to the find_missing_manpages: Ignore make variables. find_missing_manpages: convert to python find_missing_doc: Convert to python. smb.conf(5): Distinguish parametric options. smb.conf(5): 'write ok' is a reverse synonym for 'read only'. smb.conf(5): Add basic documentation for 'krb5 port'. smb.conf(5): Add basic documentation for 'nbt port'. smb.conf(5): Add basic documentation for 'web port'. smb.conf(5): Add basic documentation for 'unicode'. smb.conf(5): Add basic documentation for 'dgram port'. smb.conf(5): Add basic documentation for 'kpasswd port'. smb.conf(5): Add basic documentation for 'rpc bigendian'. smb.conf(5): Consistent spelling of parameter names. smb.conf(5): Extend 'server min protocol' description. smb.conf(5): Add basic documentation for 'server min protocol'. smb.conf(5): Document 'share backend' parameter. smb.conf(5): Add basic documentation for 'client min protocol'. smb.conf(5): Add documentation for 'client max protocol'. smb.conf(5): List 'protocol' as alias for 'server max protocol'. smb.conf(5): Add basic documentation for 'dcerpc endpoint servers'. samba.tests.source: Check for trailing whitespace in Python files. s4-python: Various formatting fixes. sanba.upgradehelpers: Use standard functionality for getting temp dir. samba4-tests: Move 'samba.tests.source' up. provision: Use logger rather than print. wafsamba: Ignore some more symbols when checking for dupes. provision: Always create DNS user. samba.provision.sambadns: Use == to compare strings, not 'is'. selftests.tests: Remove reference to Samba 4. selftest: Move some tests to common test script. samba.join: Fix multiple spaces. selftest: Move more tests to common list script. smb.conf(5): Extend 'server min protocol' description. smb.conf(5): Add basic documentation for 'winbindd socket directory'. smb.conf(5): Add basic documentation for 'winbindd privileged socket directory'. smb.conf(5): Add : to idmap config description to mark it as parametric. smb.conf(5): Add basic documentation for 'ntvfs handler'. smb.conf(5): Add basic documentation for 'dns forwarder'. smb.conf(5): Add basic documentation 'winbind sealed pipes'. samba-tool user: Fix typos, improve messages. smb.conf(5): Add basic documentation for 'samba kcc command'. smb.conf(5): Add basic documentation for 'server services'. smb.conf(5): Add basic documentation for 'dns update command'. smb.conf(5): Add basic documentation for 'rndc command'. smb.conf(5): Add basic documentation for 'allow dns updates'. smb.conf(5): Add basic documentation for 'spn update command'. smb.conf(5): Add basic documentation for 'ntp signd socket directory'. smb.conf(5): Add basic documentation for 'log nt token command'. smb.conf(5): Add basic documentation for 'tls cafile'. smb.conf(5): Add basic documentation for 'tls keyfile'. smb.conf(5): Add basic documentation for 'tls certfile'. smb.conf(5): Add basic documentation for 'tls crlfile'. smb.conf(5): Add basic documentation for 'tls enabled'. smb.conf(5): Add basic documentation for 'tls dh params file'. smb.conf(5): Add 'socket address' as alias for 'nbt client socket address'. smb.conf(5): Add 'ldap password sync' as synonym for 'ldap passwd sync'. smb.conf(5): Add basic documentation for 'afs token lifetime'. smb.conf(5): Add basic documentation for 'nsupdate command'. smb.conf(5): Fix mixing of tabs and spaces. tests: Convert find_missing_doc into a unit test. samba.tests.docs: Distinguish between unknown and undocumened parameters. samba.tests.docs: Support synonyms. samba.tests.docs: Support spaces before synonyms. smb.conf(5): Consistent spelling of parameter names. samba.tests.docs: Skip tests if xsltproc is not present. samba.tests.docs: Write error output from xsltproc to standard out. samba.tests.docs: Assume docs are generated by waf. smb.conf(5): Mark four removed parameters as such. samba.tests.docs: Ignore removed parameters. samba-tool user test: Fix expected output. pyglue: Mention parameters in interface_ips() docstring. pyglue: Make all_interfaces argumen to interface_ips() optional. source4.selftest.tests: Consistent naming of smbtorture binary. source4.selftest.tests: Rename plansmbtorturesuite() to plansmbtorture4suite(). selftesthelpers: Share code for listing smbtorture4 tests. selftest/selftesthelpers.py: Share configuration variable, strip whitespace. selftest/selftesthelpers: Share environment handling for extra smbtorture options. selftest: Move determining of smbtorture4 options to selftesthelpers. selftesthelpers: Add function for printing smbtorture4 version. source4.selftest.tests: Add suffix for smbclient4/nmblookup4. source3.selftest.tests: Remove tabs. source3.selftest.tests: Add suffix for smbclient3/ntlm_auth3. source3.selftests.tests: Use common plansmbtorture4testsuite() function. selftesthelpers: Simplify detection of tap2subunit. source4.selftest.tests: Add FIXME about database verification. selftest: Add --random-order option. TestCaseInTempDir: Use addCleanup rather than tearDown. selftesthelpers: Fix detection of tap2subunit. source3.selftest: Move more variables to be in common. source3.selftest: Move last variables to selftesthelpers. wafsamba.samba_abi: Refactor abi_write_vscript to take file argument. wafsamba.samba_abi: Add basic unit tests. wafsamba.abi: Fix abi_match with both excludes and includes. dsdb: Rename _res argument to _result. ldb_secrets_tdb_sync: Add dependency on gssapi. heimdal_build: HEIMDAL_LIBRARY(): Remove unused cflags argument. heimdal_build: Fix finding of system heimdal. configure: Support specifying PYTHON environment variable to run waf. Makefile: Allow specifying PYTHON environment variable. Jeremy Allison (29): Fix bug #9189 - SMB2 Create doesn't return correct MAX ACCESS access mask in blob. We now pass "samba3.raw.acls.generic" and "samba3.smb2.acls.GENERIC" with the max access change. Fix bug #9213 - Bad ASN.1 NegTokenInit packet can cause invalid free. Fix bug #9209 - Parse of invalid SMB2 create blob can cause smbd crash. s3: Fix bug 8966, Fix net rpc share allowedusers to work with 2008r2 Add samba3.samba3badnameblob test to check regressions in bug #9215. Reformat spacing to be even. Use is_default_acl variable in canonicalise_acl(). Only apply masks on non-default ACL entries when setting the ACL. When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER and SMB_ACL_GROUP entries. Add functions to programatically set the security mask and directory security mask parameters. When creating a new file/directory, we need to obey the create mask/directory mask parameters. Fix bug #9222 - smbd ignores the "server signing = no" setting for SMB2. Fix bug #9214 - Bad user supplied SMB2 credit value can cause smbd to call smb_panic. Revert "Fix bug #9222 - smbd ignores the "server signing = no" setting for SMB2." Correct fix for bug #9222 - smbd ignores the "server signing = no" setting for SMB2. Revert "When creating a new file/directory, we need to obey the create mask/directory mask parameters." Revert "Add functions to programatically set the security mask and directory security mask parameters." Remove all uses of lp_security_mask/lp_force_security_mode/lp_dir_security_mask/lp_force_dir_security_mode Remove the parameters: Update WHATSNEW.txt with removed parameters. Ensure the masks don't conflict with the ACL checks. Simplify ensure_canon_entry_valid by splitting out the _get codepath. Modify ensure_canon_entry_valid() into ensure_canon_entry_valid_on_set() - makes the logic clearer. We should never just assign an st_mode to an ace->perms field, theoretically Move setting of psd->dacl->revision and protect against null SD's. Make sure the returned sd is on the right context, and if not it's always freed. Fix bug #9329 - Directory listing with SeBackup can crash smbd. Add regression test for bug #9329 - Directory listing with SeBackup can crash smbd. Joachim Schmitz (1): libreplace: Bug 8107, Fix poll replacement to become a msleep replacement Kai Blin (3): s4 dns: Get rid of deprecated allocation result check s4 dns: Fix return code for deleted records libcli/dns: Time out requests after a while Karolin Seeger (15): RHEL packaging: Try to fix makerpms.sh on RHEL. WHATSNEW: Start release notes for Samba 4.0.0rc2. WHATSNEW: Add changed parameters. librelease.sh: Move the GPG data to the library section. docs: Remove duplicate synonym min protocol. html docs: Remove link to Using Samba. samba-tool: Fix typo in usage. samba-tool: Clarify usage of --help. docs: Add man 8 samba-tool. samba-tool: Unify usage messages. samba-tool: Some more unifications... docs: Add '-V' to the list of options. docs: Add very basic samba manpage. smb2_server: Fix typo in comment. samba-tool: Fix typo in --help output. Matthias Dieter Wallnöfer (1): s4:dns_server - introduce the wildcard binding feature Matthieu Patou (25): panic action is defined as GLOBAL_VAR(szPanicAction) not GLOBAL_VAR(panic_action) s4-dns: fix a non handled memory out of memory s4-provision: do not skip setting the acls on sysvol getdcinfo: Check that the server object has a serverreference objects pointing to a DC object Implement the LIST_INFO_FOR_SERVER input format devel-crackname: Print if count > 0 drs-crackname: if there is no sid do not return the domain kcc: return invalid parameter if the taskId is not 0 drs-getncchanges: do not set the highestUsn to 0 s4-drs: EXOP_REPL_SECRETS can be called by RW DC as well s4-drs: fix the logic to allow REPL_SECRET if the account has GET_ALL_CHANGES ldap-server: remove warning for the ret not being used ldap-server: sscanf result was never used to mistyped var lib-addns: ensure that allocated buffer are pre set to 0 drs-replica-info: level_not_supported is wrong when we do support (partialy the level) drsuapi-idl: Fix the encoding of the source_dsa_dns drsuapi: check more carefully the validity of the NC drsuapi: Validate the input parameters for the drsuapi_UpdateRefs function s4-repl: make dreplsrv_partition_find_for_nc return BAD_NC only s4-join: add some documentation s4-join: factorize code, add info s4-dns: Ignore zones that shouldn't be returned currently s4-dns: fix a warning s4-dns: Fix the comments about ignoring zones in internal server s4-drs: Remove unused var Michael Adam (39): source3/script: fix installman.sh after the last build-manpages-nogit change libcli: add a define for the APP_INSTANCE_ID smb2 create context s4:libcli: add a app_instance_id member to the smb2_create input struct s4:libci: add a SMB2_CREATE_APP_INSTANCE_ID blob to the request if the in.app_instance_id is present s4:torture:smb2: add a new test durable-v2-open.app-instance selftest: we currently fail smb2.durable-v2-open.app-instance s3:winbind:idmap_tdb_common: improve readability of assignment by adding an "if" s3:winbind:idmap_tdb_common: improve readability of assignment by adding an "if" s4:torture:smb2: fix compound.related3 test to work against windows s4:torture:smb2: fix the compound.invalid3 test to work against windows s3:smbd:smb2: add check for session_status for compound requests s3:smbd:smb2: simplify smbd_smb2_request_validate() and smbd_smb2_request_dispatch() s3:smbd: remove struct member smbd_smb2_request.cancelled - it was only written s4:torture:smb2: don't skip the compound.interim1 test for non win7/win2k8 s4:torture:smb2: don't skip the compound.interim2 test for non win7/win2k8 s4:torture:smb2:compound: remove two unused macros selftest: we fail samba3.smb2.compound.interim2 s3:smbd:smb2: initialize variable in vfs_default_durable_reconnect() selftest: skip the samba4.smb2.compound testsuite s4:torture:smb2: add a durable-open.read-only test s3:smbd: also log the "offline" flag when debugging the dos-mode s3:smbd: fix brace placements in validate_my_share_entries() for readability s3: fix comment header description for smbd_shim s3:smbd: move initialization of the smbd_shim from smbd_init_globals() to main() s3:smbd: remove duplicate prototypes for sys_utmp_claim() an sys_utmp_yield() s3:auth: remove duplicate propotypes for smb_pam_claim_session and smb_pam_close_session s3:smbd/durable: remove an extra blank line from vfs_default_durable_reconnect() s3:open_files.idl: add stat-info to vfs_default_durable_cookie. s3:smbd:durable: store stat info for disconnected durables and check at reconnect. build(waf): Fix the --with-cluster build s3:smbd:durable: factor stat checks out into vfs_default_durable_reconnect_check_stat() s3:smbd:durable: remove a TODO comment about write time updates lib/param: fix function name (lpcfg_file_list_changed) in a debug message lib/param: fix function name (set_variable) in debug statements lib/param: fix line length of DEBUG statments touched in previous commit in set_variable() s3:winbindd:cache: fix offline logons with cached credentials (bug #9321) s3:smbd:smb2: fix a comment typo in the crediting code. build(waf): fix a tab indentation to spaces build(waf): fix the cluster(ctdb) build without system talloc installed Pierre Lejeune (1): pyntdb: Fix init function for ntdb python module. Ricky Nance (3): wscript: Removed executable bit. samba-tool domain provision: DNS forwarder default Removed phpldapadmin inclusion for Samba 4. Rusty Russell (6): tdb: add tdb_rescue() tdb: tdbdump should log errors, and fail in that case. tdb: add -e option to tdbdump (and docment it). tdb: Make robust against shrinking tdbs ntdb: remove unused local variable. ccan: check for all the used config.h defines Simo Sorce (4): Support UPN_DNS_INFO in the PAC Add memory limiting capability to talloc Add tests for talloc_memlimit talloc: Convert error cecking macros into fns Stefan Metzmacher (85): packaging/RHEL-CTDB: fix the build packaging/RHEL-CTDB: try harder to set $RPMVER packaging/RHEL-CTDB: add "BUILD_GPFS=no configure.rpm" and "BUILD_GPFS=no makerpms.sh" libcli/smb: fix padding in smb2_create_blob* s4:torture/smb2: improve the smb2.create.blob test s3:smb2_server: fix usage of invalid memory in smb2_signing_check_pdu() dynconfig/config.m4: disallow --prefix=/usr and --prefix=/usr/local without --enable-fhs s3:smbd: release the share mode lock before calling exit_server() (bug #9191) libcli/echo: validate the message length lib/tsocket: fix receiving of udp packets from 0 bytes (bug #9184) s4:dns.py: reproducer for (bug #9184) s3:smb2_server: reset req->last_session_id and req->last_tid after using it s3:smb2_server: do the req->next_status check before the signing checks s4:torture:smb2: extend the compound.invalid1 test s3:smb2_server: avoid segfault in smbd_smb2_request_pending_queue() s3:smb2_lock: let smbd_smb2_lock_cancel() trigger NT_STATUS_CANCELED s3:smb2_notify: don't call tevent_req_done() from smbd_smb2_notify_cancel() s3:smb2_notify: make use of tevent_req_defer_callback() instead of custom tevent_immediate s3:smb2_lock: smbd_smb2_notify_recv() can already return NT_STATUS_CANCELED s3:smb2_lock: let smbd_smb2_create_cancel() trigger NT_STATUS_CANCELED script/autobuild.py: use some variables for rebase_remote and rebase_branch script/autobuild.py: use some variables for push_remote and push_branch script/autobuild.py: add --branch option script/autobuild.py: add log_base variable to avoid hardcoded values script/autobuild.py: add --log-base option script/autobuild.py: remove --rebase-master and --push-master options script/autobuild.py: set the default for --log-base to the current gitroot s4:rpc_server/drsuapi: fix a crash in dcesrv_drsuapi_DsGetDomainControllerInfo_1() s4:rpc_server/drsuapi: use talloc_zero instead of talloc() in dcesrv_drsuapi_DsBind() s3:smb2_create: don't take 'state->te' as indication for "was_deferred" (bug #9196) s4:torture/smb2: remove samba specific stuff from smb2.oplock selftest/knownfail: samba*.smb2.oplock.stream1 doesn't work libcli/smb: use an explicit TALLOC_FREE(subreq) in smb2cli_* libcli/smb: add smb2cli_echo* libcli/smb: add smb1cli_echo* s3:libsmb: make cli_echo* protocol independent s3:libsmb: use smbXcli_conn_remote_name() in smb2_tcon_send() s4:tortore/rpc/lsa: make more use of torture_assert* s4:samba-tool: add optional epilog to _create_parser() s4:samba-tool: use normal option parsing in SuperCommand s4:samba-tool: allow 'samba-tool --version' s4:scripting/python: add '-V' as alias for '--version' Revert "provision: Always create DNS user." selftest/knownfail: add samba3.rpc.lsa.privileges.lsa.Privileges buildtools/wafsamba: only display 'ok' if the result is True s3:smbd: update sconn->remote_hostname after the netbios session request s3:smbd: add exit_server to the smbd_shim hooks s3:smbd/utmp: remove ip address from utmp record s3:configure: check that struct utmp.ut_line is large enough for our use case s3:utils/net: remove unused "net connections" doc-xml: remove "net connections" documentation s3:smbXsrv.idl: add session_global_id to smbXsrv_tcon_global s3:smbd: fill tcon->global->session_global_id s3:smbd: don't call claim/yield_connection() in make_connection_snum/close_cnum() s3:smbd: remove unused claim_connection/yield_connection s3:lib: remove unused connections_fetch_entry*() and connections_init() docs-xml:smbd.8: document new smbXsrv_*_global.tdb files s3:smbd/durable: trigger pending write_time updates before disconnecting the file s3:smbd/durable: update the low level write_time before disconnecting the file. s3:open_files.idl: add write_time specific stuff to vfs_default_durable_cookie s3:smbd/durable: add write_time specific stuff to vfs_default_durable_cookie s3:rpc_server: avoid a level 0 DEBUG if tstream_npa_connect_recv fails (bug #9309) lib/tsocket: fix loop in tdgram_bsd_recvfrom() (bug #9184) s4:dns_server: fix formatting difference compared to v4-0-test libcli/smb: fix unitialized padding in smb2_create_blob_push_one() (bug #9209) s3:smb2_read: fix SMBD_SMB2_NUM_IOV_PER_REQ check for sendfile() support (bug #9341) lib/krb5_wrap: request enc_types in the correct order (bug #9272) libcli/smb: add smbXcli_session_set_disconnect_expired() (bug #9175) s3:winbindd: disconnection after getting NETWORK_SESSION_EXPIRED (bug #9175) s3:winbindd: use PROTOCOL_LATEST instead of PROTOCOL_SMB2_02 (bug #9175) lib/tsocket: disable the syscall optimization for recvfrom/readv by default lib/tsocket: optimize syscalls in tstream_readv_pdu_send() s3:vfs_default: optimize vfswrap_asys_finished() and read as much as we can s3:smbd: pass the current time to make_connection[_smb1]() selftest/skip: add samba.tests.samba_tool.gpo until it's stable s4:dsdb/acl: fix search filter cleanup for password attributes s4:dsdb/acl: reorganize the logic flow in the password filtering checks s4:dsdb/acl: only give administrators access to attributes marked as confidential (bug #8620) s4:dsdb/acl_read: fix whitespace formatting errors s4:dsdb/acl_read: make sure confidential attributes require CONTROL_ACCESS (bug #8620) lib/addns: remove pointless check for resp->num_additionals != 1 lib/addns: don't depend on the order in resp->answers[] lib/addns: remove compiler warnings s4:samba-tool/testparm: report a CommandError if loading of the config file fails lib/ldb: add missing newline in the output of ldb_ldif_write_trace() Sumit Bose (2): s3-winbindd: Allow DNS resolution of trusted domains if DNS name is avaliable Use work around for 'winbind use default domain' only if it is set Vladimir Marek (1): Fix service control for non-internal services. Volker Lendecke (54): s3: Fix some nonempty line endings s3: Use SBVAL in put_long_date_timespec s3: Fix idmap_hash auth: Fix some nonempty blank lines s3-pylibsmb: Factor out py_tevent_cond_wait s3: Fix some nonempty line endings s3: Add "readdir" to pylibsmb s3: Convert cli_oplock_break_waiter to smbXcli s3-pylibsmb: Reduce the number of warnings s3-pylibsmb: Factor out py_tevent_cond_signal s3-pylibsmb: Add get_oplock_break s3-pylibsmb: Use Py_RETURN_NONE s3: Fix indentation of if-expressions s4-torture: Fix some nonemtpy blank lines lib: Make async_sock includable on its own s3: Make is_stat_open() a bit more readable s3: Slightly simplify is_stat_open pysmbd: Fix cut&paste errors s3: Fix a typo s3: Fix some blank line endings s3: Slightly simplify smbd_smb2_request_process_negprot s3: Factor out calculate_open_access_flags s3: Slightly simplify calculate_open_access_flags s3: Slightly simplify calculate_open_access_flags Coding: Add comment disproving control-flow changing macros s3: Slightly simplify open_file() s4: Fix a -Wunused-value warning s3: Fix rejecting mkdir on read-only shares s3: For read-only shares, filter out write bits from conn->access_mask s3: Fix some blank line endings s3: Copy share mode handling from before to after open_file s3: Fix fcb_or_dos_open after logic change s3: Remove share mode handling before we open the file s3: No code change, just re-indent s3: Close the now opened file descriptor in error paths s3: Remove a SMB_ASSERT s3: Fix opening a file under kernel oplocks tdb: Fix a typo tdb: Make tdb robust against improper CLEAR_IF_FIRST restart s3: Add two tests a CLEAR_IF_FIRST crash s3: Pass down smb_filename to smbacl4_fill_ace4 s3: Remove some calls to procid_self s3: Fix a typo s3: Make winbindd_register_handlers static s3: Add "msg_ctx" param to winbindd_register_handlers() s3: Remove a call to procid_self() s3: Use talloc_stackframe in token_contains_name_in_list s3: Fix some blank line endings s3: Fix some nonempty line endings s3: Use file_id_string in file_id_string_tos dsdb: Simplify DsCrackNameOneFilter a bit lib/util: Make "struct bitmap" abstract lib/util: Simplify bitmap.c a bit Remove two unused variables ----------------------------------------------------------------------- -- Samba Shared Repository