The annotated tag, tdb-1.3.14 has been created at fd0fc0effe9803faea43749f0f9cd97cdca2926c (tag) tagging 49c45fbb41f30c6a4d532039c811b43c7284e0f6 (commit) replaces tevent-0.9.32 tagged by Stefan Metzmacher on Sun Jul 2 22:22:31 2017 +0200
- Log ----------------------------------------------------------------- tdb: tag release tdb-1.3.14 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAABAgAGBQJZWVYHAAoJEEeTkWETCEAlLoAH/0OpWGUWne6h+HcUqNAMSNYT 6X8AfYcoFPgNttgWBmG1ISGIt+SDQIbjHSJKhNwRaQwtwrH4tJv9NcgdC7dcEXjt 9KqXe7CMqvKU3eD1eSS/AUOKz6shDZfLDCbbXTxIPe8CYcY2YNfPIwLwCnSAV+hd 4wXEWepSXp4mWKqVrVSs+xy3Ok4LbL0NEf2oTFCTERlEKAgGohNqji5m3FjhgJXw d0WT9FmAZB+FGkcmVIMLQQW0ntkP/0L4FS7QyABkage09Betz6nOcknX/91rOiVd l5tTrw429Lr7lF+nrLTmV3U9+gpoUlyA/UbWadoTRs6lgi106o7Nrmog+3iyl/Y= =lQHT -----END PGP SIGNATURE----- Amitay Isaacs (47): ctdb-recovery: Assign banning credits if database fails to freeze ctdb-recovery: Setting up of recmode should be idempotent ctdb-recovery: Simplify logging of recovery mode setting ctdb-recovery: Finish processing for recovery mode ACTIVE first ctdb-recovery: Get recmode unconditionally in the main_loop ctdb-recovery: Do not run local ip verification when in recovery ctdb-scripts: Don't send empty argument string to logger ctdb-daemon: Once database is attached, do not modify tdb flags ctdb-daemon: Store tdb flags just after tdb is opened in ctdb_local_attach() ctdb-locking: Get tdb open flags from tdb instead of re-calculating ctdb-daemon: Refactor calculation of tdb open flags based on database type ctdb-daemon: Ignore tdb open flags passed to DB attach controls ctdb-client: Stop sending tdb_flags with DB_ATTACH controls ctdb-client: Drop tdb_flags argument to ctdb_attach() ctdb-daemon: Drop extra boolean arguments to ctdb_local_attach() ctdb-protocol: Add new control to get database open flags ctdb-daemon: Implement DB_OPEN_FLAGS control ctdb-protocol: Add protocol marshalling for control DB_OPEN_FLAGS ctdb-client: Add sync api for control DB_OPEN_FLAGS ctdb-client: Add a function to get db open flags ctdb-client: Ask daemon for db open flags ctdb-client: Ask daemon for db open flags ctdb-client: Remove calaculation of tdb flags ctdb-client: Do not pass tdb open flags to db attach api ctdb-protocol: Do not pass tdb open flags to DB attach controls ctdb-tests: Fix control reply data for DB_ATTACH_PERSISTENT control ctdb-protocol: Add DB_OPEN_FLAGS control to debug ctdb-daemon: Add accessors for CTDB_DB_FLAGS_PERSISTENT flag ctdb-daemon: Add accessors for CTDB_DB_FLAGS_READONLY flag ctdb-daemon: Add accessors for CTDB_DB_FLAGS_STICKY flag ctdb-daemon: Store db_flags instead of individual boolean flags ctdb-daemon: Pass db_flags instead of passing persistent flag ctdb-recovery: Use db_flags instead of a boolean persistent flag ctdb-client: Store db_flags instead of a boolean persistent flag ctdb-protocol: Add CTDB_DB_FLAGS_REPLICATED for new type of database ctdb-daemon: Calculate tdb flags for replicated databases ctdb-daemon: Add accessors for CTDB_DB_FLAGS_REPLICATED flag ctdb-protocol: Add new control CTDB_CONTROL_DB_ATTACH_REPLICATED ctdb-daemon: Add implementation for CTDB_CONTROL_DB_ATTACH_REPLICATED control ctdb-protocol: Add marshalling for CTDB_CONTROL_DB_ATTACH_REPLICATED control ctdb-client: Add sync api for DB_ATTACH_REPLICATED control ctdb-client: Add db support for CTDB_DB_FLAGS_REPLICATED ctdb-tools: Allow attach for replicated databases ctdb-tests: Add database type option for tests ctdb-tests: Support replicated db in tool tests ctdb-tests: Generalize transaction_loop test ctdb-tests: Add transaction/recovery test for replicated database Andreas Schneider (8): s4:torture: Do not segfault in torture_rpc_spoolss_printer_teardown_common() s3:tests: Do not delete the contets of LOCAL_PATH with tarmode test s3:param: Allow to add usershare if uid_wrapper is loaded s3:tests: Add blackbox test for 'net usershare' selftest: Do *NOT* flush the complete gencache! s3:tests: Do *NOT* flush the complete gencache! s3:winbind: Move debug statement into the error handling nsswitch: Add ad_member tests for wbinfo --domain-info and --dc-info Andrew Bartlett (12): smbtorture: Add more tests around NETLOGON challenge reuse s4-netlogon: Provide logs for machine account success and failures s4-netlogon: Escape user-supplied computer name in Bad credentials log line debug: new debug class for kerberos selftest: Allow selftest.pl to run just some environments autobuild: Use new selftest.pl feature to run only some environments travis-ci: Also build samba-systemkrb5 dsdb: Add a dummy module to replace show_deleted drsuapi: Improve debugging in DsAddEntry() tdb: Remove locking from tdb_traverse_read() tdb: Improve documentation for tdb_transaction_start() tdb: Add new function tdb_transaction_active() Bernhard M. Wiedemann via samba-technical (1): docs-xml: Sort input file list Björn Baumbach (2): waf:lib/replace: Fix building with older GCC versions build: fix build of vfs_posix_eadb module Daniel Kobras (1): s3: smbd: fix regression with non-wide symlinks to directories over SMB3. Douglas Bagnall (8): perftest: add a new medley test add provision performance tests python/getopt: -d/--debuglevel saves value in options for scripts waf/wafadmin/3rdparty: fix paranoid.py variable names samba_kcc: avoid crash on odd networks with --dot-file-dir third_party/dnspython: fix variable name in dnssec samba_kcc: comment typo samba_kcc: drop all connections from non-existent DSAs Garming Sam (5): samba_kcc: debugging: say intrasite when we mean intrasite show-deleted: Do not indicate an error if an object is missing. show-deleted: Remove an unnecessary search during connect show-deleted: Simplify the code to require as little logic as needed show-deleted: Rename attr_filter to exclude_filter for clarity Gary Lockyer (1): tests py_credentials: Fix encrypt_netr_crypt_password test Jeremy Allison (7): s3: smbd: Add regression test for non-wide symlinks to directories fail over SMB3. s3: VFS: Change SMB_VFS_CHDIR to use const struct smb_filename * instead of const char *. s3: VFS: Change SMB_VFS_GETWD to return struct smb_filename * instead of char *. s3: VFS: Change SMB_VFS_REALPATH to take and return struct smb_filename * instead of char *. s3: smbd: Add missing out of memory check. S3: smbd: Finish plumbing struct smb_filename * through the check_name() stack. s3: VFS: Change SMB_VFS_CONNECTPATH to take const struct smb_filename * instead of const char *. Karolin Seeger (1): WHATSNEW: Fix typo... Michael Saxl (1): s3:gse_krb5: fix a possible crash in fill_mem_keytab_from_system_keytab() Ralph Boehme (1): s4:auth_winbind: remove a block nesting level and fix indentation Richard Sharpe (1): Bug 15852. There are valid paths where conn->lsa_pipe_tcp->transport is NULL. Protect against this. Stefan Metzmacher (121): pidl:NDR/Parser: fix "skip" for pointers pidl:NDR/Parser: add "skip_noinit" element ntprinting.idl: make use of [skip_noinit] for string_flags pidl:NDR/Parser: initialize [skip] values in ndr_pull_* s3:smbd: only set user_info->auth_description on success s3:smbd: inline check_guest_password() into reply_sesssetup_and_X() s3:smbd: introduce a reply_sesssetup_and_X_state s3:smbd: call auth_check_password_session_info() only in one central place s4:auth/unix_token: remove unused tevent_context from security_token_to_unix_token() s4:auth/unix_token: remove unused tevent_context from auth_session_info_fill_unix() s4:dsdb/samdb: pass an existing 'struct ldb_context' to crack_name_to_nt4_name() s4:dsdb/samdb: pass an existing 'struct ldb_context' to crack_auto_name_to_nt4_name() auth/ntlmssp: remove useless talloc_steal calls in ntlmssp_server_check_password() auth/ntlmssp: make ntlmssp_server_check_password() shorter auth/ntlmssp: enforce NTLMSSP_NEGOTIATE_NTLM2 for the NTLMv2 client case s3:test_smbclient_basic.sh: make use of $ADDARGS s3:test_smbclient_basic.sh: make use of $incdir/common_test_fns.inc s3:selftest: run test_smbclient_basic.sh against nt4_dc_schannel with various protocols selftest: run nt4_dc_schannel with 'server max protocol = SMB2_02' s3:smbd: unimplement FSCTL_VALIDATE_NEGOTIATE_INFO with "server max protocol = SMB2_02" pidl:NDR/Parser: add missing {start,end}_flags() to ParseElementPrint() librpc/ndr: align the definition of LIBNDR_STRING_FLAGS with currently defined flags librpc/ndr: add LIBNDR_FLAG_IS_SECRET handling idl_types.h: add NDR_SECRET shortcut s3:librpc: let NDR_SECRETS depend on NDR_SECURITY s3:libads: remove unused kerberos_secrets_store_salting_principal() krb5_wrap: add smb_krb5_salt_principal() krb5_wrap: add smb_krb5_salt_principal2data() s3:libnet_join: remove dead code from libnet_join_connect_ads() s3:libnet_join: calculate r->out.account_name in libnet_join_pre_processing() s3:libnet_join.idl: return the domain_guid in libnet_JoinCtx s3:libnet_join: remember the domain_guid for AD domains s3:libnet_join.idl: add krb5_salt to libnet_JoinCtx s3:libnet_join: remember r->out.krb5_salt in libnet_join_derive_salting_principal() s3:libnet_join: move kerberos_secrets_store_des_salt() out of libnet_join_derive_salting_principal() s3:libnet_join: split libnet_join_post_processing_ads() into modify/sync s3:libnet_join: call do_JoinConfig() after we did remote changes on the server s3:libnet_join: move libnet_join_joindomain_store_secrets() to libnet_join_post_processing() s3:libnet_join: move kerberos_secrets_store_des_salt() to libnet_join_joindomain_store_secrets() s3:libads: remove kerberos_secrets_fetch_salting_principal() fallback s3:libads: provide a simpler kerberos_fetch_salt_princ() function s3:gse_krb5: simplify fill_keytab_from_password() by using kerberos_fetch_salt_princ() s3:libnet: make use of kerberos_secrets_fetch_salt_princ() s3:libads: make use of kerberos_secrets_fetch_salt_princ() in ads_keytab_add_entry() s3:libads: remove unused kerberos_fetch_salt_princ_for_host_princ() s3:secrets: move kerberos_secrets_*salt related functions to machine_account_secrets.c s3:secrets: rework des_salt_key() to take the realm as argument s3:secrets: split out a domain_guid_keystr() function s3:secrets: add some const to secrets_store_domain_guid() s3:secrets: make use of des_salt_key() in secrets_store_machine_pw_sync() s3:secrets: rename secrets_delete() to secrets_delete_entry() s3:secrets: re-add secrets_delete() helper to simplify deleting optional keys s3:secrets: make use of secrets_delete() in secrets_store_machine_pw_sync() s3:secrets: let secrets_store_machine_pw_sync() delete the des_salt_key when there's no value s3:secrets: replace secrets_delete_prev_machine_password() by secrets_delete() s3:secrets: rewrite secrets_delete_machine_password_ex() using helper variables s3:secrets: let secrets_delete_machine_password_ex() remove SID and GUID too s3:secrets: let secrets_delete_machine_password_ex() also remove the des_salt key s3:secrets: use secrets_delete for all keys in secrets_delete_machine_password_ex() s3:trusts_util: pass dcname to trust_pw_change() libcli/auth: pass an array of nt_hashes to netlogon_creds_cli_auth*() libcli/auth: add const to set_pw_in_buffer() libcli/auth: pass the cleartext blob to netlogon_creds_cli_ServerPasswordSet*() s3:trusts_util: also pass the previous_nt_hash to netlogon_creds_cli_auth() lsa.idl: make lsa_DnsDomainInfo [public] netlogon.idl: make netr_TrustFlags [public] netlogon.idl: use lsa_TrustType and lsa_TrustAttributes in netr_trust_extension secrets.idl: add secrets_domain_info that will be used in secrets.tdb for machine account trusts s3:secrets: add infrastructure to use secrets_domain_infoB to store credentials net: add "net primarytrust dumpinfo" command that dumps the details of the workstation trust s3:libnet: make use of secrets_store_JoinCtx() s3:trusts_util: make use the workstation password change more robust net: make use of secrets_*_password_change() for "net changesecretpw" s3:libads: make use of secrets_*_password_change() in ads_change_trust_account_password() s3:secrets: remove unused secrets_store_[prev_]machine_password() selftest:Samba3: call "net primarytrust dumpinfo" setup_nt4_member() after the join s4:password_hash: make use of smb_krb5_salt_principal() and smb_krb5_salt_principal2data() auth/credentials: make use of smb_krb5_salt_principal() in cli_credentials_get_keytab() auth/credentials: remove unused smb_krb5_create_salt_principal() s3:smb2_create: avoid reusing the 'tevent_req' within smbd_smb2_create_send() s3:smb2_create: remove unused timer pointer from smbd_smb2_create_state s3:test_smbclient_s3.sh: improve the error handling s3:smbclient: remove unreliable Domain=[...] OS=[Windows 6.1] Server=[...] banner s3:libsmb: remove unused show_sessetup handling from do_connect() s3:libsmb: remove unused 'bool show_hdr' from cli_cm_connect() s3:libsmb: remove unused 'bool show_hdr' from cli_cm_open() WHATSNEW: document the new smbclient banner s3:selftest: also run test_smbclient_s3.sh with PROTO=SMB3 s3:test_acl_xattr.sh: allow passing additional arguments for smbclient and smbcacls Revert "s3:test_acl_xattr.sh: use -mNT1 for the 'getfacl' commands" s3:test_acl_xattr.sh: add more assertion about the expected output. s3:selftest: run samba3.blackbox.acl_xattr with NT1 and SMB3 s3:selftest: run samba3.blackbox.inherit_owner tests with NT1 and SMB3 s3:selftest: run samba3.blackbox.large_acl tests with NT1 and SMB3 s3:selftest: run samba3.blackbox.smbclient_tar* tests with NT1 and SMB3 s3:selftest: also run samba3.blackbox.smbclient_krb5 with the new ccache s3:test_smbclient_posix_large.sh: there's no posix test to rename to test_smbclient_large_file.sh s3:selftest: run samba3.blackbox.smbclient_large_file (NTLM) with NT1 and SMB3 param: change the effective default for "client max protocol" to the latest supported protocol WHATSNEW: document "client max protocol" change to SMB3_11 s4:auth_winbind: fix error checking in winbind_check_password() s4:auth_winbind: rename 's' to 'state' in winbind_check_password() s4:auth/ntlm: move auth_check_password_wrapper() further down s4:auth/ntlm: introduce auth_check_password_next() s4:auth/ntlm: allow auth_operations to specify check_password_send/recv() auth/spnego: make use of data_blob_null instead of using data_blob(NULL, 0) auth/spnego: move gensec_spnego_update_wrapper() into gensec_spnego_update_send() auth/spnego: set state_position = SPNEGO_DONE in gensec_spnego_update_cleanup() auth/spnego: move gensec_spnego_update_in() after gensec_spnego_update_send() auth/spnego: move some more logic to gensec_spnego_update_in() auth/spnego: move gensec_spnego_update_out() behind gensec_spnego_update_in() auth/spnego: rename spnego_state->no_response_expected to ->sub_sec_ready auth/spnego: consitently set spnego_state->sub_sec_ready = true after gensec_update_ev() auth/spnego: remove useless spnego_state->sub_sec_ready check auth/spnego: add gensec_spnego_update_sub_abort() helper function auth/spnego: remove unused out_mem_ctx = spnego_state fallback in gensec_spnego_update() auth/spnego: split out gensec_spnego_update_{client,server}() functions auth/spnego: move gensec_spnego_update() into gensec_spnego_update_send() auth/spnego: do basic state_position checking in gensec_spnego_update_in() wafsamba: add maxversion and version_blacklist to CHECK_BUNDLED_SYSTEM[_PKG]() tdb: version 1.3.14 Volker Lendecke (3): net: Dump data for net_g_lock dump lib: Give util_paths.c its own header lib: Use ctdb_protocol instead of ctdb_private ----------------------------------------------------------------------- -- Samba Shared Repository