The annotated tag, talloc-2.1.12 has been created at 52933e59df9c5ca06a5cce1ab85034b27d7f45c6 (tag) tagging 80f9ec016496087bca06d3c34b6f687f0dc145ac (commit) replaces ldb-1.3.2 tagged by Stefan Metzmacher on Thu Mar 22 07:25:36 2018 +0100
- Log ----------------------------------------------------------------- talloc: tag release talloc-2.1.12 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAABAgAGBQJas0xgAAoJEEeTkWETCEAlnVIIAL+jaVruICy/3ELvm7qie2Tc waIwZxPDEob+99PgYZ7EUxRqZKXotSrfaoh4bl4x+XDfxiOg8ZXb4Dn6WB0lMZDG PthnxTBNT3luG9cSlV088hagxxVdvj8A2+9ey2x/nJyxf4ftUnJF5alKHQyQ60uB O+nAN+MSaUm8RCrj+q/cHvkOVJ1IR0B2a7YXyJF0UD3FyqIrO2RK+vJML4MDDuWv FPQqHfEOau0uNZecfM41NyBYI8VL7E+aLVfBSoxxZnErklwgPgshcdMbu7CkkEvl dPiS6uF7J2JOZcMvy2sr2jysyaUooYgfn6NdP2SJ3ocK9bjVfPGmr8AQMQqZmoQ= =Brv4 -----END PGP SIGNATURE----- Amitay Isaacs (8): ctdb-pmda: Use modified API in pcp library 4.0 ctdb-ib: Avoid fall through case statements ctdb-client: Client code should never free the client context ctdb-tools: Wait for ctdb daemon to go away in shutdown ctdb-tools: Drop ipiface command from ctdb tool ctdb-common: Drop unused function ctdb_sys_find_ifname() ctdb-tools: Event script commands cannot be run without daemon ctdb-tools: Fix documentation for ctdb ping command Andreas Schneider (105): s4:lib:com: Fix function declartions lib:texpect: Avoid some compiler warnings lib:replace: Add FALL_THROUGH support lib:replace: Add FALL_THROUGH statements in strptime.c lib:ldb: Add FALL_THROUGH statements in common/ldb_dn.c lib:ldb: Add FALL_THROUGH statements in ldb_map/ldb_map_inbound.c lib:ldb: Add FALL_THROUGH statements in ldb_map/ldb_map.c lib:ldb: Add FALL_THROUGH statements in ldb_map/ldb_map_outbound.c lib:param: Add FALL_THROUGH statements in loadparm.c lib:util: Add FALL_THROUGH statements in substitute.c lib:util: Add FALL_THROUGH statements in charset/charset_macosxfs.c lib:util: Add FALL_THROUGH statements in util_file.c s3:lib: Add FALL_THROUGH statements in substitute_generic.c s3:lib: Add FALL_THROUGH statements in util_path.c s3:lib: Add FALL_THROUGH statements in util_str.c lib:tdb: Add FALL_THROUGH statements in hash.c lib:tdb: Add FALL_THROUGH statements in tdbtool.c lib:tdb: Add FALL_THROUGH statements in common/summary.c libgpo: Add FALL_THROUGH statements in gpo_sec.c librpc:ndr: Add FALL_THROUGH statements in ndr_cab.c s3:auth: Add FALL_THROUGH statements in auth_sam.c s3:auth: Add FALL_THROUGH statements in pampass.c s3:lib: Add FALL_THROUGH statements in cbuf.c s3:lib: Add FALL_THROUGH statements in sysacls.c s3:lib: Add FALL_THROUGH statements in util_sd.c s3:libsmb: Add FALL_THROUGH statements in dsgetdcname.c s3:modules: Add FALL_THROUGH statements in vfs_acl_common.c s3:smbd: Add FALL_THROUGH statements in nttrans.c s3:smbd: Add FALL_THROUGH statements in trans2.c s3:utils: Add FALL_THROUGH statements in regedit.c s3:utils: Add FALL_THROUGH statements in net_conf.c s3:utils: Add FALL_THROUGH statements in net_rpc_conf.c s3:rpc_server: Add FALL_THROUGH statements in rpc_server.c s4:samdb: Add FALL_THROUGH statements in cracknames.c s4:samdb: Add FALL_THROUGH statements in linked_attributes.c s4:auth: Add FALL_THROUGH statements in auth_util.c s4:auth: Add FALL_THROUGH statements in auth_sam.c s4:auth: Add FALL_THROUGH statements in gensec_krb5.c s4:rpc_server: Add FALL_THROUGH statements in dcesrv_srvsvc.c s4:torture: Add FALL_THROUGH statements in basic/misc.c s4:torture: Add FALL_THROUGH statements in rpc/spoolss.c auth:credentials: Add FALL_THROUGH statements in credentials_secrets.c auth:gensec: Add FALL_THROUGH statements in spnego.c nsswitch: Add FALL_THROUGH statements in pam_winbind.c s3:libnet: Add FALL_THROUGH statements in libnet_join.c s3:modules: Add FALL_THROUGH statements in getdate.c s3:lsa: Add FALL_THROUGH statements in srv_lsa_nt.c s3:rpcclient: Add FALL_THROUGH statements in rpcclient.c s3:smbd: Add FALL_THROUGH statements in reply.c s3:utils: Add FALL_THROUGH statements in net_registry_check.c s3:utils: Add FALL_THROUGH statements in ntlm_auth.c s3:winbindd: Add FALL_THROUGH statements in idmap_autorid.c s4:dsdb: Add FALL_THROUGH statements in password_hash.c s4:lib: Add FALL_THROUGH statements in http.c s3:spoolss: Remove incorrect fall through comment in srv_spoolss_nt.c libsmb: Remove incorrect fall through comment in trusts_util.c third_party: Update pam_wrapper to version 1.0.5 third_party: Add missing config.h in libpamtest auth:credentials: Add FALL_THROUGH statements in credentials.c auth:credentials: Avoid an 'else' branch wafsamba: Build with -Wimplicit-fallthrough if supported s3:smbd: Do not crash if we fail to init the session table util: Fix the logic in ms_fnmatch_protocol() s3:tests: Skip smbd error test if we do not log to stdout testprogs: Return the correct error status code selftest: Impove test names for samba.wbinfo_simple ldb: Directly return an error and do not fall through wbinfo: Improve the wording for --online-status heimdal: Fix size types s4:ntvfs: Fix size type in pvfs functions s3:libads: Fix size types in kerberos functions s4:dns_server: Fix size types s4:rpc_server: Fix size types in dcerpc dnsserver s4:ldap_server: Fix size types s4:cldap_server: Fix size types libcli:smb: Fix size types s3:param: Fix size types s4:utils: Fix size types s4:rpc_server: Fix size types s4:torture: Fix size types in qsinfo test s4:torture: Fix size types in qfileinfo test s3:torture: Fix size types in spoolss test s3:libsmb: Fix size types in nmblib s4:torture: Fix size types in nss tests s4:client: Fix size types s3:client: Fix size types s3:avahi: Fix size types s3:printing: Fix size type in printing_db s3:winbindd: Fix size types in idmap_tdb_common s3:vfs_nettalk: Fix size types s3:rpc_server: Fix size types in srvsvc s3:utils: Fix size type in log2pcaphex s3:nmbd: Fix size type in nmbd_browsesync.c s3:modules: Fix size type in getdate s3:passdb: Fix size types s3:rpc_server: Fix size types in spoolss s3:rpcclient: Fix size types ldb: Fix size types in ldb_ldif functions lib:socket: Return early if we have only one interface s4:dsdb: Fix integer operations s3:nmbd: Fix possible integer overflow s3:locking: Fix integer overflow check in posix_lock_in_range() s3:vfs_preopen: Change to a do-while loop and fix the check s3:registry: Fix size types and length calculations talloc: Fix size type and checks in _vasprintf_tc Andrej Gessel (1): bugfix memory leak. partition_dn is only used to search and compare and is not freed at the function end. Andrew Bartlett (1): partition: Use a transaction to write and a read lock to read the LDB_METADATA_SEQ_NUM Anton Nefedov via samba-technical (1): s3:smbd: map nterror on smb2_flush errorpath Björn Baumbach (2): ms_schema: fix python2.6 incompatibility samba-tool visualize: fix python2.6 incompatibility Bob Campbell (1): samdb/schema_load: do schema loading with one search Christof Schmitt (1): Fix autobuild for user names starting with c Dan Robertson (1): libsmb: Use smb2 tcon if conn_protocol >= SMB2_02 David Disseldorp (3): tests: Add basic ms_fnmatch unit test ctdb/pmda: fix num_recoveries metric store build: fix standalone ctdb build --with-systemd Douglas Bagnall (3): py3compat: add strings describing bytes/unicode in both versions tests/smbcontrol: reduce ping test false positive rate samba-tool ldapcmp: remove duplicate takes_optiongroups attribute Garming Sam (25): tests/dbcheck: Provision using the old schema and ignore displayName domain.py: Give some advice if the schema upgrade command fails schema: Do not read different schema sequence values during a read transaction partition: Leave metadata.tdb unlocking until last schema_set: Add a missing newline between functions dsdb: The schema should be reloaded during the transaction ldb_tdb: Begin abstracting out the base key value operations ldb_tdb: Replace exists, name and error_map with key value ops ldb_tdb: Replace tdb transaction code with generic key value ones ldb_tdb: Add lock_read and unlock_read to key value ops ldb_tdb: Remove tdb_get_seqnum and use a generic 'has_changed' ldb_tdb: factor out the (to be) common init code ldb_tdb: Use key value ops for fetch command ldb_tdb: Implement a traversal function in key value ops partition: Allow a different backend store from @PARTITION ldb_tdb: Build a key value operation library ldb_tdb: Remove unnecessary call to tdb_get_seqnum join.py: Add missing NTSTATUSError import kcc_utils: Add a routine for automatic site coverage kcc_utils: Keep a count of the DCs in each site kcc_utils: Prevent multiple sites attached to a sitelink covering a site kcc_utils: Use lower name in automatic sites covered tests/kcc_util: Add unit tests for automatic site coverage tests/samba_dnsupdate: Add a trivial test of automatic site coverage samba_dnsupdate: Introduce automatic site coverage Gary Lockyer (14): ldb_tdb: Add support for an option to restrict the key length ldb_tdb: Do not fail in GUID index mode if there is a duplicate attribute ldb_tdb: Cope with key truncation ldb_tdb: Do not give the warning of duplicate attributes in truncation ldb_tdb: Refuse to store a value in a unique index that is too long ldb_tdb: Combine identical not GUID index and special DN cases ldb_tdb: Add tests for truncated index keys ldb_mod_op_test: Fix core dump on ldb_case_attrs_index_test_teardown remove_dc.py: Abort transaction before throwing an exception ldb_tdb: Add errorstr to the key value ops ldb: Remove python warning in tests/python/index.py selftest: Change name to sam.ldb to align with new partition module assumptions ldb_mod_op_test: Add new nested transactions test ldb_mod_op_test: Make sure that closing the database frees locks Jeremy Allison (10): s3: vfs_fruit. Ensure we only return one set of the 'virtual' UNIX ACE entries. s3: vfs_fruit: Ensure we operate on a copy of the incoming security descriptor. s3: vfs_fruit. If the security descriptor was modified, ensure we set the flags correctly to reflect the ACE's left. s3: vfs_fruit. Change check_ms_nfs() to remove the virtual ACE's generated by fruit_fget_nt_acl(). CVE-2018-1050: s3: RPC: spoolss server. Protect against null pointer derefs. s3: smbd: vfs_fruit: Add remove_virtual_nfs_aces() a generic NFS ACE remover. s3: smbd: vfs_fruit: Replace code in check_ms_nfs() with remove_virtual_nfs_aces(). s3: smbd: vfs_fruit: Replace code in fruit_fget_nt_acl() with remove_virtual_nfs_aces(). s4: vfs: fruit tests: Add regression test for dealing with NFS ACE entries. s3: smbd: Fruit. Make the use of dom_sid_compare_domain() much clearer. Jonathan Hunter (1): Update help text for dbcheck Martin Schwenke (94): ctdb-packaging: Make the ctdb package own more directories ctdb-packaging: Package event scripts via a wildcard ctdb-scripts: Do not use ctdb_service_reconfigure() for policy routing ctdb-scripts: Add default for public addresses file where missing ctdb-tests: Fix a double-typo bug ctdb-tests: Use consistent NAT gateway nodes file ctdb-tests: Drop unneccessary unset of variable ctdb-tests: Clean up PATH setting for stubs/ subdirectory ctdb-tests: Check for errors when adding stubs/ subdirectory to PATH ctdb-tests: Avoid creating files in /tmp. ctdb-common: Drop debugging variable CTDB_EXTERNAL_TRACE ctdb-tools: Change onnode to use ONNODE_SSH and ONNODE_SSH_OPTS ctdb-tools: Introduce a variable to hold the ssh command ctdb-tools: Revisit stray file descriptor avoidance in onnode ctdb-tests: Add fake ssh command for local daemons tests ctdb-tests: Use fake ssh script for onnode in local daemons tests ctdb-tools: Remove test hooks from onnode ctdb-tools: Reindent parts of onnode ctdb-scripts: Avoid no-op "ctdb ptrans" call ctdb-tests: Exit on statd-callout sub-test failure ctdb-scripts: Clean up statd-callout ctdb-tests: Generalise SM_NOTIFY output format in statd-callout tests ctdb-scripts: Move script state to its own directory ctdb-scripts: Factor out function ctdb_setup_state_dir() ctdb-scripts: Use ctdb_setup_state_dir() ctdb-scripts: Drop unused function ctdb_setup_service_state_dir() ctdb-scripts: Move the reconfigure flag to the script state directory ctdb-scripts: Move failure counters to the service state directory ctdb-scripts: Simplify the names of NFS fail counter files ctdb-packaging: Use RPM's local state directory ctdb-tests: Rework simple tests daemon start/stop ctdb-scripts: Drop broken wrapper code that uses PID ctdb-scripts: Drop unnecessary complexity from wrapper ctdb-packaging: Package up relevant /var subdirectories ctdb-scripts: Don't create directory for PID file ctdb-scripts: Drop init script PID directory backward compatibility ctdb-daemon: Provide default location for ctdbd PID file ctdb-daemon: CTDB_PIDFILE environment variable overrides default ctdb-scripts: Drop PID file argument from wrapper ctdb-tests: Factor out setup of fake CTDB_BASE ctdb-tests: Use setup_ctdb_base() for eventscript unit tests ctdb-tests: Use setup_ctdb_base() for onnode unit tests ctdb-tests: New directory for simple test state ctdb-tests: Use SIMPLE_TESTS_VAR_DIR for data for local daemons tests ctdb-tests: Clean up nodes and public address file setup ctdb-tests: Reindent setup_ctdb() function ctdb-tests: Use setup_ctdb_base() for simple tests ctdb-tests: Make fake ssh script set CTDB_BASE ctdb-tests: Depend on setup_ctdb_base() to install events.d/ Revert "ctdb-doc: Fix monitoring bug in example NFS Ganesha call-out" ctdb-tests: Don't use nc -d or -w options ctdb-ib: Drop a bit-rotted test example from the README ctdb-scripts: Drop CTDB_PIDFILE configuration option ctdb-daemon: Drop ctdbd --pidfile option ctdb-scripts: Drop CTDB_EVENT_SCRIPT_DIR configuration option ctdb-tests: Drop ctdbd --event-script-dir option ctdb-tests: Use CTDB_SOCKET environment variable to specify socket ctdb-daemon: Allow CTDB_SOCKET environment variable to be used ctdb-tests: Use environment variable for specifying socket ctdb-tools: Drop a couple of unnecessary exports of CTDB_SOCKET ctdb-scripts: Drop CTDB_SOCKET configuration option ctdb-daemon: Drop ctdbd --socket option ctdb-tools: Move handling of CTDB_SOCKET to process_command() ctdb-tools: Drop ctdb --socket option ctdb-tests: Add some options to setup_ctdb() ctdb_tests: Reconfigure the cluster when restarting CTDB ctdb-tests: Update some tests to use setup_ctdb() options ctdb-tests: Don't allow simple tests to use environment for config ctdb-daemon: Provide a default location for public addresses file ctdb-tests: Use default public addresses file in local daemon tests ctdb-tests: Use default public addresses file for event script tests ctdb-scripts: Drop 10.external event script ctdb-tests: Allow tests access to CTDB_BASE ctdb-scripts: Drop CTDB_PUBLIC_ADDRESSES configuration option ctdb-tests: Remove unused function get_ctdbd_command_line_option() ctdb-daemon: Drop ctdbd --public-addresses option ctdb-scripts: Drop CTDB_PUBLIC_INTERFACE configuration option ctdb-daemon: Drop ctdbd --public-interface option ctdb-tests: Use default location for nodes file ctdb-tools: Drop onnode CTDB_NODES_FILE environment variable ctdb-tests: Drop an orphaned comment ctdb-tests: Use setup_base() in tool unit tests ctdb-tests: Improve setting of helper paths ctdb-tests: Put configuration, socket and PID file in CTDB_BASE ctdb-tests: Simplify nodes file handling in tool tests ctdb-tools: Drop testing hook from ctdb tool ctdb-scripts: Drop CTDB_NODES configuration option ctdb-tools: No longer honour CTDB_NODES environment variable ctdb-daemon: Drop ctdbd --nlist option ctdb-tests: Use onnode to start/stop local daemons ctdb-tests: Use CTDB_BASE instead of node_dir ctdb-tests: Construct values for CTDB_BASES by hand ctdb-tests: Drop unused functions ctdb-scripts: Drop CTDBD_CONF internal test variable Matt Selsky (1): auth/kerberos: Fix typo in error message regarding fetching PAC using Heimdal Noel Power (28): samba-tool: convert octal 'O1234' format to python3 compatible '0o1234' samba python libs: convert 'O1234' format to python3 compatible '0o1234' python tests: convert oct 'O1234' format to python3 compatible '0o1234' samba python libs: convert 'except X, (tuple)' to 'except X as e' samba-tool: convert 'except X, (tuple)' to 'except X as e' samba python tests: convert 'except X, (tuple)' to 'except X as e' drs torture python: convert 'except X, (tuple)' to 'except X as e' dsdb python tests: convert 'except X, (tuple)' to 'except X as e' s3:libads: ads_get_dnshostname & ads_get_samaccountname don't use param s3:libads: Clean up code a little rename 'ads_get_samaccountname()' s3:libads: Add a basic Windows SPN parser. s3:libads: change ads_add_service_principal_name implementation s3:utils: add new 'net ads setspn list' subcommand s3:utils: add new 'net ads setspn add' subcommand s3:utils: add new 'net ads setspn delete' subcommand testprocs/blackbox: Add tests for net ads setspn (add|delete|list) s3:libads: Allow 'net ads keytab add' handle Windows SPN(s) part 1 s3:libads: Allow 'net ads keytab add' handle Windows SPN(s) part 2 testprogs:: Add blackbox tests for 'net ads keytab add' s3:libads: add param to prevent writing spn(s) to ads s3:utils: Modify default behaviour of 'net ads keytab add' testprogs: Switch expected failure tests to expected pass s3:libads: 'net ads keytab create' shouldn't write SPN(s) testprogs: 'net ads keytab create' expected failures should now pass docs: Add manpage for 'net ads keytab' subcommand docs: Add manpage for new 'net ads setspn' subcommand WHATSNEW: Add info for 'net ads keytab' and 'net ads setspn' changes lib:replace: Fix linking when libtirpc-devel overwrites system headers Ralph Boehme (32): nsswitch: fix wbinfo -m --verbose trust type "Local" CVE-2018-1057: s4:dsdb/tests: add a test for password change with empty delete CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for LDB_FLAG_MOD_TYPE CVE-2018-1057: s4:dsdb/password_hash: add a helper variable for passwordAttr->num_values CVE-2018-1057: s4:dsdb/acl: only call dsdb_acl_debug() if we checked the acl in acl_check_password_rights() CVE-2018-1057: s4:dsdb/acl: remove unused else branches in acl_check_password_rights() CVE-2018-1057: s4:dsdb/acl: check for internal controls before other checks CVE-2018-1057: s4:dsdb/acl: add check for DSDB_CONTROL_PASSWORD_HASH_VALUES_OID control CVE-2018-1057: s4:dsdb/acl: add a NULL check for talloc_new() in acl_check_password_rights() CVE-2018-1057: s4/dsdb: correctly detect password resets CVE-2018-1057: s4:dsdb/acl: run password checking only once CVE-2018-1057: s4:dsdb/samdb: define DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control CVE-2018-1057: s4:dsdb: use DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID CVE-2018-1057: s4:dsdb/acl: changing dBCSPwd is only allowed with a control libds: rename UF_MACHINE_ACCOUNT_MASK to UF_TRUST_ACCOUNT_MASK s4: dsdb/password_hash: use UF_TRUST_ACCOUNT_MASK winbindd: add and use ldap_reconnect_need_retry() in winbindd_reconnect_ads.c winbindd: check for NT_STATUS_IO_DEVICE_ERROR in reset_cm_connection_on_error() winbindd: make reset_cm_connection_on_error() public winbindd: call reset_cm_connection_on_error() from reconnect_need_retry() winbindd: force netlogon reauth for certain errors in reset_cm_connection_on_error() winbindd: call dcerpc_binding_handle_is_connected() from reset_cm_connection_on_error() winbindd: fix logic calling dcerpc_binding_handle_is_connected() winbindd: use reset_cm_connection_on_error() instead of dcerpc_binding_handle_is_connected() winbindd: add retry to _wbint_LookupSids() winbindd: add retry to _wbint_DsGetDcName winbindd: add retry to _winbind_DsrUpdateReadOnlyServerDnsRecords winbindd: add retry to _winbind_SendToSam libcli/security: only announce a session as GUEST if 'Builtin\Guests' is there without 'Authenticated User' s3: gse: use "gensec_gssapi:requested_life_time" selftest: run vfs.fruit_netatalk test against seperate share selftest: vfs.fruit: add xattr_tdb where possible Simo Sorce (3): Use "localhost" to be ipv6 only friendly Revert "Use "localhost" to be ipv6 only friendly" Remove dead code Stefan Metzmacher (63): winbindd: disable support for CROSS_ORGANIZATION domains s4:kdc: make use of dsdb_trust_parse_tdo_info() in samba_kdc_trust_message2entry() s4:kdc: only support LSA_TRUST_TYPE_UPLEVEL domains in samba_kdc_trust_message2entry() s4:kdc: disable support for CROSS_ORGANIZATION domains s3:torture: add SMB2-ANONYMOUS which asserts no GUEST bit for anonymous s3:selftest: run SMB2-ANONYMOUS s3:auth: remove unused auth_serversupplied_info->system s3:auth: add the "Unix Groups" sid for the primary gid s3:auth: move add_local_groups() out of finalize_local_nt_token() s3:passdb: handle dom_sid=NULL in create_builtin_{users,administrators}() s3:auth: only call secrets_fetch_domain_sid() once in finalize_local_nt_token() s3:auth: add add_builtin_guests() handling to finalize_local_nt_token() s3:auth: don't try to expand system or anonymous tokens in finalize_local_nt_token() s3:auth: pass AUTH_SESSION_INFO_* flags to finalize_local_nt_token() s3:auth: remove static from finalize_local_nt_token() auth: add auth_user_info_copy() function s3:auth: add auth3_user_info_dc_add_hints() and auth3_session_info_create() s3:auth: base make_new_session_info_system() on auth_system_user_info_dc() and auth3_create_session_info() s3:auth: pass the whole auth_session_info from copy_session_info_serverinfo_guest() to create_local_token() s3:auth: add make_{server,session}_info_anonymous() s3:rpc_server: make use of make_session_info_anonymous() s3:auth: make use of make_{server,session}_info_anonymous() test_smbclient_s3.sh: force LANG=C during test_utimes() libcli/security: fix some SID values in comments s3:auth: rename "guest" methods to "anonymous" s3:passdb: add create_builtin_guests() s3:libnet_join: make use of create_builtin_guests() s3:auth: make use of create_builtin_guests() in finalize_local_nt_token() s3:auth: support AUTH_SESSION_INFO_NTLM in finalize_local_nt_token() drsuapi.idl: add DN/fpo-enabled attributes as DRSUAPI_ATTID_* values dsdb:extended_dn_store: ignore DRSUAPI_ATTID_distinguishedName attributes dsdb:extended_dn_store: we need to pass down our altered request down on NO_SUCH_OBJECT dsdb:extended_dn_store: pass the full 'struct dsdb_attribute' to extended_store_replace() dsdb:extended_dn_store: We need to ignore self references on add operation dsdb:extended_dn_store: rename extended_replace_dn to extended_replace_callback dsdb:extended_dn_store: split out a extended_replace_dn() function tests/dsdb.py: prove the difference between linked and non-linked DN references dsdb:extended_dn_store: make sure reject storing references to deleted objects in linked attributes provision: use the provision control when adding foreignSecurityPrincipals tests/dsdb.py: verify that foreignSecurityPrincipal objects require the provision control dsdb:samldb: require as_system or provision control to create foreignSecurityPrincipal objects tests/dsdb.py: test creation of foreignSecurityPrincipal via 'attr: <SID=...>' dsdb:extended_dn_store: add support for FPO (foreignSecurityPrincipal) enabled attributes dsdb:repl_meta_data: improve error message in get_parsed_dns() selftest/Samba4: use DOMAIN/REALM from the dcvars instead of using hardcoded values selftest: generate a ramdon domain sid during provision and export as SAMSID/[TRUST_]DOMSID samba-tool: allow sid strings for 'group {add,remove}members' selftest/Samba4: create add ${TRUST_DOMSID}-513 to a local group testprogs/blackbox: add test_trust_token.sh s4:selftest: run samba4.blackbox.trust_token against fl2003dc and fl2008r2dc s4:auth: split out a authsam_domain_group_filter() function s4:auth: add authsam_update_user_info_dc() that implements SID expanding for the local domain s4:auth_winbind: only call authsam_logon_success_accounting() for local users s4:auth_winbind: make sure we expand group memberships of the local domain s4:kdc: remember is_krbtgt, is_rodc and is_trust samba_kdc_entry s4:kdc: pass krbtgt and server to samba_kdc_update_pac_blob() s4:kdc: make sure we expand group memberships of the local domain s3:libsmb/samlogon_cache: zero session keys before storing the info3 structure libcli/security: add dom_sid_is_valid_account_domain() s4:rpc_server/lsa: make use of dom_sid_is_valid_account_domain() pdb_samba_dsdb: make use of dom_sid_is_valid_account_domain() talloc: use a library destructor instead of atexit() if available talloc: version 2.1.12 Swen Schillig (5): Zero libnet_LookupName out struct before using Minor cleanup of libnet_LookupName_recv Replace NT_STATUS_HAVE_NO_MEMORY macro s3: Fix max indentation and max column s3: Fix possible mem leak Timur I. Bakeyev (1): Remove some bashisms from the test scripts Uri Simchoni (1): README.Coding: codify line splitting on function calls Volker Lendecke (14): winbind: Implement forall_children() winbind: Use forall_children in winbind_child_died() winbind: "internal" children never have a domain set winbind: Remove unused winbindd_internal_child() winbind: Use forall_domain_children in winbind_msg_offline() winbind: Use forall_domain_children in winbind_msg_online winbind: Use forall_children in winbind_msg_ip_dropped_parent() winbind: Use forall_children in reinit_after_fork() winbind: Remove the "winbindd_children" global winbind: Fix a race between the sigchld and 0-sized socket read winbind: Fix --ping-dc error handling utils: Add destroy_netlogon_creds_cli winbind: Add smbcontrol disconnect-dc winbind: Keep "force_reauth" in invalidate_cm_connection ----------------------------------------------------------------------- -- Samba Shared Repository