The annotated tag, talloc-2.1.3 has been created at 39f95f7944ba37461ab4f29172549306959436b1 (tag) tagging e05cb33511da81a2916b7504308552bcb4cbd587 (commit) replaces tdb-1.3.6 tagged by Stefan Metzmacher on Tue Jul 21 22:34:23 2015 +0200
- Log ----------------------------------------------------------------- talloc: tag release talloc-2.1.3 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAABAgAGBQJVrqzPAAoJEEeTkWETCEAlChoIAIuWpVLIaVxgBfc7ughln6Ne +QFKxW8syzb8c+qMls9ypn96WIk98VWfxBqZwxNP1xv9G7UZlD4N4FteRtfGAgYM DuFEB1BuFzs9xvaHj1B0GhI84jR19wXke8yXD0pxAyKrmeZzO1kNtI42B5+p3fk4 0VOr1tHgCGGwqGV6KH+6o9RxhZvu4aQFdjfr0J2KiyshEmh/QhWjT/e+mUJspW4g Dee7um7e8dUtjrqHVy0znuWtb1bz8urTQuVg2DxoI4DeHlazw5WSQ3gVYwkL8C0C MaVTQAFudlbvKjHb8/Xxpqxp3d6UgInEkiiMlJxLhryIk0iOKEPEMTO7fOu3VoQ= =ZWZD -----END PGP SIGNATURE----- Alexander Bokovoy (1): auth/credentials: if credentials have principal set, they are not anonymous anymore Amitay Isaacs (12): wafsamba: Cache final_libs for each target ctdb-packaging: Pass extra arguments to rpmbuild from commandline ctdb-packaging: Package private libraries ctdb-tests: Add simple test harnesses for running unit tests ctdb-tests: Remove extra_header and extra_footer variables ctdb-tests: Remove unsed code ctdb-tests: Add test cleanup hooks ctdb-tests: Refactor code using simple test harness functions ctdb-daemon: Fix valgrind invalid read error in db_statistics control ctdb-daemon: Remove control CTDB_CONTROL_SET_CALL ctdb-daemon: Avoid double-free during monitor cancellation ctdb-daemon: Return correct sequence number for CONTROL_GET_DB_SEQNUM Andreas Schneider (27): wafsamba: Also build libraries with RELRO protection auth: Explain why GSS_KRB5_CRED_NO_CI_FLAGS_X is needed tests: Add test_preserve_case.sh selftest: Plan samba3.blackbox.preserve_case testcase CID 1311763: Fix incorrect return value CID 1311764: Fix logical compare in if clause CID 1311767: Cast enum type to avoid compiler warnings CID 1311771: Fix a null pointer dereference CID 1311772: Fix null pointer check docs: Documents length limitations for NetBIOS name s4-samdb: Correctly cast data pointer s4-auth: Add smb_krb5_create_principals_array() s4-auth: Add smb_krb5_remove_obsolete_keytab_entries() s4-auth: Use kerberos util functions in srv_keytab s4-auth: Always pass down the salt principal s4-waf: Reformat torture_rpc s4-torture: Make the backupkey test as a noop with MIT Kerberos. selftest: Do not lookup the realm with Kerberos s4-kerberos: Make sure we handle kvno's in keytabs correctly s3-auth: Fix a possible null pointer dereference s3-smbd: Leave sys_disk_free() if dfree command is used s3-smbd: Remove the global dfree_broken variable selftest: Add test for the dfree command s4-kdc: Fix a typo s4-kdc: Fix a casting warning waf: Make mit_samba a subsystem and do not build with Heimdal s4-auth: Make sure error_string is correctly initialized Andrew Bartlett (10): selftest: Run winbind tests in chgdcpass environment winbindd: Use pdb_get_domain_info() to get exactly the local domain info when we are an AD DC winbindd: Sync secrets.ldb into secrets.tdb on startup selftest: Change chgdcpass environment to use winbindd Allow winbind removal by matching delays to Samba3.pm s4-winbindd: Remove the winbind rewrite from the samba4 effort Remove support for OpenPGP certificates in our TLS client and server lib/tls: Add new 'tls priority' option lib/tls: Change default supported TLS versions. selftest: Add knownfail entry required to disable tombstone_reanimation Anoop C S (4): source3/registry: Fix CID 1273421 Useless call source3/registry: Fix CID 1273100 Stray semicolon source/libsmb: Fix CID 1272955 Logically dead code lib/sysquota_linux: Handle the quota flags properly Anubhav Rakshit (2): s3:libsmb: Fix a bug in conversion of ea list to ea array. s3:client: Add "scopy" cmd to perform Server Side copy using smbclient. Aurelien Aptel (1): tdb python binding: raise KeyError(key) when the key doesn't exist Christof Schmitt (19): sharesec: Use non-numerical output for sharesec selftest: Add test for sharesec command docs-xml: Update sharesec manpage to reflect current output selftest: Add callout scripts for RPC SRVSVC share modifications selftest: Add blackbox test for srvsvc calls from rpcclient sharesec: Remove error message for unmarshall_sec_desc failure ctdb: Accept the key in hex format for the pstore command ctdb: Create helper function for optional hex input ctdb: Accept hex format for pdelete and ptrans commands vfs_gpfs: Use ACL defines from GPFS 3.5 header files vfs_gpfs: Use C99 initializers instead of ZERO_STRUCT gpfswrap: Remove unused wrapper for gpfs_fnctl gpfswrap: Use gpfs.h instead of gpfs_fcntl.h vfs: Make entry message for check_reduced_name a debug message vfs: Change final message in check_reduce_name to "info" dosmode: Change message of result to informational rpcclient: Set internal log level to 0 smbstatus: Set internal log level to 0 smbcontrol: Set internal log level to 0 Douglas Bagnall (13): Byte order reversal shouldn't assume size_t is 64 bit. Treat unsigned 64 bit IDL values as unsigned long long in Python remove trailing whitespace in Pidl/Samba4/Python.pm Use large enough unsigned values in server_id IDL Avoid casting pointer to unsigned long long for NULL check correct sense of macro variable name in SMB2 durable open test Avoid segfault in durable_open tests Revert "lib: Fix deps for LIBCRYPTO" Treat uid_t, git_t as 64 bit in Pidl Python bindings Fix gensec_gssapi compilation for i386 Fix ldap_bind compilation for i386 Fix format size errors for i386 in source3/librpc/crypto/gse.c Use uintptr_t for pointer int cast in SMBC_getdents_ctx() Felix Janda (1): replace: Replace BSD strtoll by wrapping strtoll instead of strtoq Günther Deschner (46): s3-smbd: reset protocol in smbXsrv_connection_init_tables failure paths. ntlmssp: add NTLMSSP_WINDOWS_MINOR_VERSION_3 as seen from Windows 8.1 clients. librpc: prevent invalid NULL pointer derref in dcerpc_binding_get_auth_info(). s4-torture: open a clusapi connection to get list of cluster nodes, etc. s4-torture: minor cleanup in test_witness_Register(). s4-torture: make setup of the clusapi pipe non-critical in witness test. s4-torture: add some more tests for witness_AsyncNotify and RegisterEx with different timeouts. s3-rpcclient: add cmdline tools to toggle online/offline cluster resource state. witness: add default case to witness_notifyResponse_message union. witness: autogenerate the marshalling of the witness_notifyResponse_message. s3-rpcclient: add clusapi_get_resource_state command. libndr: better debug message in ndr_pull_subcontext_start(). s3-rpcclient: use witness defines in witness rpcclient. s3-rpcclient: close policy handle in cmd_clusapi_open_resource(). s4-torture: make some clusapi torture tests public. s4-torture: add clusapi resource online/offline toggle code to witness test. s3-rpcclient: remove old extra hand marshalling from witness cmds. s4-torture: finally enable witness_AsyncNotify ndr test. s4-torture: move torture_assert_sid_equal() out of ndr headers. lib/torture: be more verbose about ndr failures. s4-torture: using async dcerpc for witness async notifications. libndr: reformat libndr torture_suite macros to make differences more visible. s4-torture: add torture_ndr_push_struct_blob_flags() in order to manipulate push flags. s4-torture: add new torture_suite_add_ndr_pullpush_fn_test_flags(). s4-torture: pull, push and compare a witness Notify struct in ndr test. s4-torture: use smb_krb5_make_principal() in lsa forest krb5 tests. s4-torture: use smb_krb5_principal_get_type in lsa forest krb5 tests. lib/krb5: add new KRB5_ERROR_CODE() abstraction macro. s4-torture: use smb_krb5_free_error() in lsa forest krb5 tests. s4-torture: use krb5_error in lsa forest trust tests. s4-torture: use smb_krb5_principal_set_type() in lsa forest krb5 tests. s4-torture: add test for ClusterControl to clusapi testsuite. s4-torture: do some more inspection on expected witness_AsyncNotify replies. s4-torture: make sure to always seal the clusapi connection in witness test. s4-torture: add more tests for dcerpc_clusapi_CreateEnum. clusapi: use winreg_AccessMask in clusapi.idl. s4-torture: add test for clusapi_QueryValue. s3-rpcclient: add cmd_clusapi_get_cluster_version2. clusapi: add and use clusapi_ClusterControlCode to IDL. s4-torture: add test for ClusterControl to clusapi testsuite. s4-kdc/wdc-samba4: add a copy of samba_kdc_build_edata_reply for Heimdal. s4-kdc/mit_samba: add a copy of samba_kdc_build_edata_reply for MIT. s4-kdc/pac_glue: remove old samba_kdc_build_edata_reply(). s4-kdc: only use a void* in samba_kdc_entry instead of hdb_entry_ex. s4-kdc: move kdc_check_pac() to a new subsystem KDC-GLUE. s4-kdc_kpasswd: split out some code to a KPASSWD_GLUE subsystem. Jeremy Allison (8): lib: ldap: Properly check talloc error returns. smbd: Fix clients connecting unencrypted with PROTOCOL_SMB2_24 or higher. s3: smbd - Fix SMB3.11 protocol encryption selection. dcerpc: NULL pointer deref crash in handling rpc request. s3: smbd: Codenomicon crash in do_smb_load_module(). s3: smbd: Use separate flag to track become_root()/unbecome_root() state. docs: Document new scopy command. s3: tests: Add blackbox test for scopy. Kamen Mazdrashki (1): dsdb: Disable tombstone_reanimation module until we isolate what causes flaky tests Karolin Seeger (1): docs: Bump version up to 4.3. Marc Muehlfeld (1): Group creation: Add msSFU30Name only when --nis-domain was given Martin Schwenke (52): ctdb-tests: Run transaction tests with externally imposed timeout ctdb-scripts: Create the directory containing the recovery lock ctdb-recoverd: Add new function clear_ip_assignment_tree() ctdb-recoverd: Clear IP assignment tree on election loss ctdb-daemon: Promote debug messages about --start-as-* to NOTICE level ctdb-scripts: Only write to /proc route flush files if they exist ctdb-build: Fix building of PCP PMDA module ctdb-scripts: Use an "if" statement instead of "&&" ctdb-tests: Remove statd-callout when running NFS tests ctdb-scripts: Fix regression in VLAN interface support ctdb-scripts: Support monitoring of interestingly named VLANs on bonds ctdb-tests: Interface number in "ip link show" stub defaults to 42 ctdb-tests: Add VLAN support to the "ip link" stub ctdb-tests: Add some 10.interfaces VLAN tests ctdb-tools: Avoiding printing "(null)" on "ctdb eventscript" error ctdb-daemon: Improve error messages when eventscript control is cancelled ctdb-daemon: Allow a new monitor event to cancel one already in progress ctdb-tests: Factor out stack dumping and background marking code ctdb-tests: Default fail count for rpc_set_service_failure_response() is 1 ctdb-tests: Don't flag failure when there are no rpcinfo check failures ctdb-tests: rpc_set_service_failure_response() should take RPC service name ctdb-tests: New function nfs_iterate_test() ctdb-tests: Update NFS tests to use nfs_iterate_test() ctdb-tests: Automate expected NFS test results instead of hard-coding ctdb-tests: Allow 2nd argument of nfs_iterate_test() to be null ctdb-tests: New NFS test with all services up and 10 iterations ctdb-tests: Remove remaining uses of iterate_test() ctdb-tests: Remove function iterate_test() ctdb-tests: setup_nfs() should mark nfslock as started/stopped ctdb-scripts: NFS RPC checks should be simple and consistent ctdb-scripts: Clean up ctdb_check_rpc() ctdb-scripts: Move "ERROR:" prefix out of ctdb_check_rpc() ctdb-scripts: Factor out new function ctdb_counter_get() ctdb-scripts: Add new NFS service checking infrastructure ctdb-scripts: Switch NFS checks to new style ctdb-scripts: Remove old NFS checking code ctdb-scripts: Parameterise 60.nfs with $CTDB_NFS_CALLOUT ctdb-scripts: Remove configuration variable CTDB_MONITOR_NFS_THREAD_COUNT ctdb-scripts: Remove functions startstop_nfs() and startstop_nfslock() ctdb-scripts: Extend NFS .check files with service_check_cmd variable ctdb-scripts: Remove 60.ganesha, replace with callout for 60.nfs ctdb-scripts: Remove unused function startstop_ganesha() ctdb-scripts: Drop configuration variable CTDB_NFS_DUMP_STUCK_THREADS ctdb-scripts: Move NFS support functions to 60.nfs ctdb-scripts: Add portmapper NFS .check file ctdb-tests: Add some simple tests for CTDB_NFS_CALLOUT ctdb-scripts: Add registration for CTDB_NFS_CALLOUT operations ctdb-scripts: Implement registration in nfs-linux-kernel-callout doc: Fix documentation for "ctdb timeout" parameter ctdb-scripts: Support RPC checks for tcp6 and udp6 ctdb-scripts: Move 60.nfs Ganesha callout to doc/examples/ ctdb-daemon: Ignore SIGUSR1 Mathieu Parent (1): ctdb-build: Fix ctdb --with-socketpath configure option Michael Adam (19): ctdb: remove useless setting of variable domain_socket_name ctdbd_conn: lower the debug level 0 for failing connection to ctdbd. ctdbd_conn: use the right error code from ctdbd_connect for debug and return ctdb: strip trailing spaces from nodes file. net:conf:import: print error message when importing fails. selftest: skip the ntvfs based base.defer_open tests s3:libsmb: fix resolve_ads return if there were no answers Introduce setting "desired" for 'smb encrypt' and 'client/server signing' smbXsrv: add bools encryption_desired to session and tcon smbd:smb2: separate between encryption required and enc desired smbd:smb2: only enable encryption in session if desired smbd:smb2: only enable encryption in tcon if desired smbd:smb2: use encryption_desired in send_break docs:smb.conf: explain effect of new setting 'desired' of smb encrypt librpc:ndr:witness: fix CID 1311245: Memory - illegal accesses (UNINIT) smbd:trans2: treat new SMB_SIGNING_DESIRED in case librpc:ndr:witness: move variables into scope librpc:ndr:witness: remove an unneeded block, reducing indentation. docs:smb.conf: fix typo in 'smb encrypt' text. Paul Wayper (2): Spelling correction: exlusive -> exclusive Spelling correction: exlusive -> exclusive and semantincs -> semantics Petr Viktorin (8): buildtools: Don't configure Python more than once buildtools: Fix crash on invalid --extra-python option pytdb: Allow nextkey() to be called pytdb: Port to Python 3 pytdb: Build for two versions of Python at once pytdb: Use new dict API on Python 3 pyldb: Add a text-based interface for Python 3 pytdb: Add tests for text interface Ralph Boehme (26): vfs_fruit: simplify lp_parm_bool check smbd/smb2_ioctl: fix error handling s3:util: use pread/pwrite in transfer_file smb2:ioctl: support for OS X AAPL copyfile style copy_chunk vfs:fruit: implement copyfile style copy_chunk s4:torture:vfs_fruit: copyfile debug: get rid of DBGC_MAX_FIXED tevent: add and use debug class for tevent s3:vfs: copy_chunk buffer size vfs_fruit: check offset and length for AFP_AfpInfo read requests s4:torture:vfs_fruit: check offset and length when reading AFP_AfpInfo stream s3-mdssvc: add configure option --enable-spotlight mdssvc: IDL file for new RPC service s3-mdssvc: add Spotlight RPC stubs s3-mdssvc: add new option 'spotlight' s3-mdssvc: dalloc: dynamic object store based on talloc s3-mdssvc: (un)marshalling Spotlight RPC blob s3-mdssvc: Spotlight attribute mappings s3-mdssvc: main Spotlight code s3-mdssvc: lexer and parser for Spotlight queries s3-mdssvc: add mdssd RPC service daemon for mdssvc s3-mdssvc: add documentation for mdssvc and mdssd WHATSNEW: Spotlight lib/util/charset: reduce loglevel for push_ucs2_talloc error vfs_shadow_copy2: change log level from 0 to 1 and log share path s3:smbd: change a loglevel from 0 to 1 when SMB_VFS_CONNECT fails Robin Hack (1): selftest: Add setup_fileserver() Robin McCorkell (4): Replace random() and related calls with generate_random_buffer() dfs_server: Fix whitespace Fix MSDFS with POSIX paths in vfs_dfs_samba4 dfs_server: Use multi-byte string handling Rowland Penny (1): samba-tool: make 'samba-tool fsmo *' aware of all 7 fsmo roles Stefan Metzmacher (147): s3:smb2_setinfo: fix memory leak in the defer_rename case s4:heimdal_build: define HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X auth/credentials: use HAVE_GSS_KRB5_CRED_NO_CI_FLAGS_X instead of SAMBA4_USES_HEIMDAL auth/gensec: gensec_[un]seal_packet() should only work with GENSEC_FEATURE_DCE_STYLE auth/gensec: make sure gensec_start_mech_by_authtype() resets SIGN/SEAL before starting dcerpc.idl: add DCERPC_AUTH_PAD_ALIGNMENT (=16) librpc/rpc: add DCERPC_AUTH_PAD_LENGTH(stub_length) helper macro s3:librpc/rpc: allow up to DCERPC_AUTH_PAD_ALIGNMENT padding bytes in dcerpc_add_auth_footer() s3:librpc/rpc: fix padding calculation in dcerpc_guess_sizes() s3:rpc_server: remove pad handling from api_pipe_alter_context() s3:include: remove used unused {CLIENT,SERVER}_NDR_PADDING_SIZE s4:librpc/rpc: let dcerpc_ship_next_request() use DCERPC_AUTH_PAD_ALIGNMENT define s4:librpc/rpc: let dcerpc_ship_next_request() use a sig_size for a padded payload s4:librpc/rpc: let ncacn_push_request_sign() handle sig_size == 0 with auth_info as internal error s4:librpc/rpc: fix padding caclucation in ncacn_push_request_sign() s4:rpc_server: let dcesrv_reply() use DCERPC_AUTH_PAD_ALIGNMENT define s4:rpc_server: let dcesrv_reply() use a sig_size for a padded payload s4:rpc_server: let dcesrv_auth_response() handle sig_size == 0 with auth_info as error s4:rpc_server: fix padding caclucation in dcesrv_auth_response() s4:selftest: run rpc.echo tests also with krb5 krb5,sign krb5,seal s4:selftest: also run rpc.winreg with kerberos and all possible auth options s4:gensec/gssapi: use gensec_gssapi_max_{input,wrapped}_size() for all backends s4:gensec/gssapi: make calculation of gensec_gssapi_sig_size() for aes keys more clear s3:libads/sasl: use gensec_max_{input,wrapped}_size() in ads_sasl_spnego_ntlmssp_bind s4:lib/tls: fix tstream_tls_connect_send() define s4:lib/tls: ignore non-existing ca and crl files in tstream_tls_params_client() s4:libcli/ldap: conversion to tstream s4:auth/gensec: remove unused and untested cyrus_sasl module s4:auth/gensec: remove unused include of lib/socket/socket.h s4:auth/gensec: remove unused gensec_socket_init() auth/gensec: remove unused gensec_[un]wrap_packets() hooks s3:ntlm_auth: don't start gensec backend twice s4:kdc/db-glue: fix memory leak in samba_kdc_lookup_server() s4:kdc/db-glue: allow principals in form of compu...@example.com s4:selftest: run samba4.rpc.lsa.secrets with more principal combinations s4:torture/krb5: add a --option=torture:run_removedollar_test=true option to kdc-conon s4:selftest: add torture:run_removedollar_test=true to the machine account kdc tests heimdal:lib/gssapi/krb5: make _gssapi_verify_pad() more robust heimdal:lib/gssapi/krb5: fix indentation in _gk_wrap_iov() heimdal:lib/gssapi/krb5: clear temporary buffer with cleartext data. heimdal:lib/gssapi/krb5: add const to arcfour_mic_key() heimdal:lib/gssapi/krb5: split out a arcfour_mic_cksum_iov() function heimdal:lib/gssapi/krb5: implement gss_[un]wrap_iov[_length] with arcfour-hmac-md5 auth/kerberos: add gssapi_get_sig_size() and gssapi_{seal,unseal,sign,check}_packet() helper functions s3:librpc/gse: make use of add gssapi_get_sig_size() and gssapi_{seal,unseal,sign,check}_packet() helper functions s4:gensec/gssapi: make use of add gssapi_get_sig_size() and gssapi_{seal,unseal,sign,check}_packet() helper functions s3:winbindd: remove unused argument 'server' from winbind_samlogon_retry_loop() selftest: use server_maxtime = 10800 by default s3:libads: improve debug levels/messages in ads_find_dc() s4:ntvfs/ipc: fix ipc_close() auth/credentials: anonymous should not try to use kerberos midltests: add valid/midltests_DRS_EXTENSIONS.* librpc/rpc: add faultcode to nt_status mappings librpc/rpc: add dcerpc_fault_from_nt_status() librpc/rpc: add dcerpc_[extract|construct]_bind_time_features() s4:pyrpc: add base.bind_time_features_syntax(features) lib/util: fix output format in dump_data*() librpc/ndr: make use of dump_data_cb() in ndr_dump_data() python/samba/tests: move hexdump() from DNSTest to TestCase python/samba/tests: let the output of hexdump() match our C code in dump_data_cb() python/samba/tests: add fallbacks for assert{Less,Greater}[Equal]() s3:winbindd: use check dcerpc_binding_handle_is_connected() instead of a specific status libcli/smb: let tstream_smbXcli_np report connection errors as EPIPE instead of EIO s4:torture/rpc: expect NT_STATUS_CONNECTION_DISCONNECTED when a dcerpc connection is not connected s4:torture/rpc: expect NT_STATUS_CONNECTION_DISCONNECTED in torture_rpc_alter_context() python:samba/tests: don't use the x.alter_context() method in dcerpc/bare.py s4:pyrpc: remove pointless alter_context() method lib/util: add strlen_m_ext_term_null() helper function lib/util: let strlen_m_term[_null]() use strlen_m_ext_term[_null]() lib/util:charset/tests: improve strlen_m[_term[_null]]() testing pidl:Samba3/ServerNDR: simplify CallWithStruct() pidl:Samba3/ServerNDR: make CallWithStruct() more flexible pidl:Samba3/ServerNDR: add pidl_reset() and pidl_return() helper functions pidl:Samba4/NDR/Parser: always initialize _mem_save_ pointers to NULL dcerpc.idl: fix calculatin of uint16 secondary_address_size; s4:librpc/rpc: add dcerpc_secondary_auth_connection() s4:libcli/clilsa: only remember the dcerpc_binding_handle s4:libnet: make use of dcerpc_secondary_auth_connection_send/recv() s4:torture/samba3rpc: move pipe_bind_smb() to the top s4:torture/samba3rpc: use pipe_bind_smb() in more places s4:torture/samba3rpc: add pipe_bind_smb2() s4:torture/samba3rpc: use pipe_bind_smb2() s4:torture/samba3rpc: add pipe_bind_smb_auth() s4:torture/samba3rpc: use pipe_bind_smb_auth() s4:torture/rpc: use dcerpc_secondary_auth_connection with anon creds s4:torture/rpc: use dcerpc_secondary_auth_connection with creds s3:wscript_build: fix the build using dmapi and fam together s4:kdc/db-glue: allow invalid kvno numbers in samba_kdc_trust_message2entry() s4:kdc/db-glue: preferr the previous password for trust accounts s4:kdc/db-glue: let samba_kdc_trust_message2entry always generate the principal heimdal:lib/krb5: correctly follow KRB5_KDC_ERR_WRONG_REALM client referrals heimdal:lib/krb5: add krb5_mk_error_ext() helper function heimdal:kdc: generic support for 3part servicePrincipalNames heimdal:kdc: add support for HDB_ERR_WRONG_REALM s4:dsdb/common: add helper functions for trusted domain objects (tdo) s4:kdc/db-glue: implement cross forest routing by return HDB_ERR_WRONG_REALM s4:dsdb/common: add dsdb_trust_search_tdo*() helper functions s4:kdc/db-glue: make use of dsdb_trust_search_tdo() s3:pdb_samba_dsdb: make use of dsdb_trust_search_tdo() s4:auth/sam: remove unused sam_get_results_trust() s4:dsdb/netlogon: add support for CLDAP requests with AAC=0x00000400(ACB_AUTOLOCK) and user="example.com." s4:dsdb/common: pass optional new_version to samdb_set_password_sid() s4:dsdb/common: make use of dsdb_search_one() in samdb_set_password_sid() s4:dsdb/common: supported trusted domains in samdb_set_password_sid() s4:dsdb/password_hash: reject interdomain trust password changes via LDAP s4:rpc_server/netlogon: extract and pass down the password version in dcesrv_netr_ServerPasswordSet2() s4:dsdb/common: add dsdb_trust_get_incoming_passwords() helper function s4:rpc_server/netlogon: let dcesrv_netr_ServerAuthenticate3() fallback to the previous hash for trusts s4:rpc_server/netlogon: implement dcesrv_netr_ServerGetTrustInfo() s4:rpc_server/netlogon: implement dcesrv_netr_ServerTrustPasswordsGet() s4:rpc_server/lsa: fix dcesrv_lsa_CreateTrustedDomain() s4:rpc_server/lsa: improve dcesrv_lsa_CreateTrustedDomain_base() s4:rpc_server/lsa: implement dcesrv_lsa_lsaRQueryForestTrustInformation() s4:dsdb/common: add dsdb_trust_forest_info_from_lsa() helper function s4:dsdb/common: add dsdb_trust_xref_tdo_info() helper function s4:dsdb/common: dsdb_trust_normalize_forest_info_step[1,2]() and dsdb_trust_verify_forest_info() s4:dsdb/common: add dsdb_trust_merge_forest_info() helper function s4:rpc_server/lsa: use dsdb_trust_*() helper functions in dcesrv_lsa_lsaRSetForestTrustInformation() s4:rpc_server/lsa: remove unused code librpc/idl: add winbind_LogonControl() s3:winbindd: implement _winbind_LogonControl*() s3:winbindd: add wb_irpc_LogonControl() s4:rpc_server/netlogon: implement NETLOGON_CONTROL_{QUERY,REDISCOVER,TC_QUERY,TC_VERIFY,CHANGE_PASSWORD} librpc/idl: add winbind_GetForestTrustInformation() s3:winbindd: implement winbind_GetForestTrustInformation() s3:winbindd: add wb_irpc_GetForestTrustInformation() s4:rpc_server/netlogon: implement netr_DsRGetForestTrustInformation with trusted domains s4:rpc_server/netlogon: make use of dsdb_trust_xref_forest_info() s4:rpc_server/netlogon: check domain state in netr_*GetForestTrustInformation() python/samba: add current_unix_time() python/samba: add on optional 'special_name' argument to CredentialsOptions() samba-tool: add 'domain trust *' commands selftest/Samba4: setup trusts between forest:fl2008r2dc/ad_dc and externl:fl2003dc/ad_dc testprogs/blackbox: add test_kinit_trusts.sh selftest/Samba4: setup forest UPN and SPN namespaces for ad_dc and fl2008r2dc testprogs/blackbox: let test_kinit_trusts.sh test a enterprise upn from the other foreset testprogs/blackbox: let test_kinit_trusts.sh verify that setpassword (via LDAP) is rejected testprogs/blackbox: add test_trust_utils.sh s4:torture/rpc: handle NT_STATUS_NO_SUCH_DOMAIN in test_query_each_TrustDom() s4:torture/rpc: add missing \n in comments s4:torture/rpc: extend and improve rpc.lsa.trusted.domains script/librelease.sh: use download-master.samba.org:~ftp/pub/ for uploading s3:winbindd: initialize an [in,out] variable in rpc_try_lookup_sids3() s3:winbindd: initialize acct_desc fields in rpc_enum_{dom,local}_groups() s3:winbindd: initialize dst->primary_gid with (gid_t)-1 testsuite/headers: remove unused checks for ntdb.h talloc: version 2.1.3 Thomas Nagy (2): Remove PYTHONDIR and PYTHONARCHDIR in a single place Always use Samba's CHECK_CFG instead of waf check_cfg Uri Simchoni (29): libads: fix indentation in generated krb5.conf namequery: fix get_kdc_list() to look for _kerberos records kerberos: Move DEFAULT_KRB5_PORT to a header file namequery: correctly merge kdc ip address list libads: Keep 'good' server at the head of custom KDC list namequery: remove dead code libads: Fix fallback logic when finding a domain controller libads: further split resolve_and_ping into dns and netbios implementations heimdal: fix endless loop for specific KDC error code winbindd: disconnect child process if request is cancelled at main process docs: Correct list of supported socket options util.c: fix order of inclusion to correctly consume config.h net: fix the order of DC lookup methods when joining a domain winbindd: set file descriptor limit according to configuration winbindd: cleanup client connection if the client closes the connection async_req: check for errors when monitoring socket for readability winbindd: verify that client has closed the connection winbind client: avoid vicious cycle created by client retry winbindd: periodically remove timed out clients doc: clarify "winbind max clients" winbindd: add service routines to support a sorted client list winbindd: keep client list sorted by access time winbindd: shorten client list scan libads: disable dns_lookup_realm in auto-generated krb5.conf files tdbrestore: include config.h before any glibc headers lib/util: include config.h before any glibc headers source3/lib: include config.h before any glibc headers fssd: include config.h before any glibc headers torture: include config.h before any glibc headers Volker Lendecke (85): ctdbd_conn: Fix a leak on talloc_tos() net: Fix messaging_init for clustering lib: Fix CID 1306764 Unchecked return value lib: Fix CID 1306765 Unchecked return value from library Fix a typo rpc: Simplify dcerpc_binding_handle_raw_call() lib: Strip genrand.c a bit lib: Fix whitespace lib: Streamline genrand.c includes lib: Simplify arcfour_crypt lib: Fix deps for LIBCRYPTO lib: Make time-basic a library lib: Make genrand independent lib: Fix CID 1272913 Calling risky function lib: Fix CID 1034723 Explicit null dereferenced lib: Fix CID 1273234 Untrusted value as argument lib: Fix CID 710685 Unchecked return value from library lib: Fix CID 1272858 Copy-paste error lib: Fix CID 1128556 Dereference after null check lib: Remove unused functions smbd: Fix CID 1273096 Dereference before null check dsdb: Fix CID 1034745 Dereference after null check dsdb: Fix CID 1034804 Dereference null return value dsdb: Fix CID 1034803 Dereference null return value dsdb: Fix CID 1034743 Dereference after null check dsdb: Fix CID 1034742 Dereference after null check dsdb: Fix CID 1034802 Dereference null return value dsdb: Fix CID 1034719 Evaluation order violation dsdb: Fix CID 1034687 Logically dead code dsdb: Fix CID 1034902 Dereference before null check libsmb: Streamline smb1cli_trans a bit libsmb: Use fstr_sprint in convert_sid_to_string lib: Fix rundown of open_socket_out() libldap: Fix CID 1308982 Unchecked return value from library dsdb: Rename a parameter lib: Trim blocking.c docs: Document smbclient "notify" command vfs_fruit: Fix CID 1311244 Out-of-bounds read lib: Add tevent_req_poll_unix lib: Add server_id_db_prune_name lib: Add server_id_db_pid() lib: Add server_id_db_set_exclusive param: Make "change notify" global param: Make "kernel change notify" global smbd: Add direct notify_fam support smbd: Add the notify daemon smbd: Start the notify daemon smbd: Don't start the notify cleanup anymore smbd: Replace the tdb-based notify_internal with notify_msg smbd: Kernel change notify is done by notifyd smbd: Remove the notify_fam module notifyd: Add notifyd_parse_db() notify: Re-add notify_walk() smbd: Remove SMB_VFS_NOTIFY_WATCH notify: Remove two now unused stubs utils: add net notify notifyd: Add notifydd Remove ctdb_conn.[ch] librpc: Fix a "ignoring asprint return" warning tdb: Fix bug 11381, deadlock tdb: Reproducer for Bug 11381 dalloc: Fix a typo dalloc: Fix CID 1097369 API usage errors (VARARGS) smbd: Fix CID 1311337 Error handling issues (CHECKED_RETURN) smbd: Fix CID 1311338 Error handling issues (CHECKED_RETURN) rpc_server: Fix CID 1311339 Error handling issues (CHECKED_RETURN) rpc_server: Fix CID 1311340 Null pointer dereferences (NULL_RETURNS) rpc_server: Fix CID 1311341 Integer handling issues (OVERFLOW_BEFORE_WIDEN) rpc_server: Fix CID 1311342 Null pointer dereferences (REVERSE_INULL) libsmb: Implement smbc_notify vfs_fruit: Fix the 32-bit build torture-notify: Give nonrecursive updates 200ms ctdbd_conn: Fix a memleak ctdbd_conn: Rename "ret"->"ok" ctdbd_conn: Make ctdb_read_packet return 0/errno ctdbd_conn: Convert ctdb_handle_message to return 0/errno ctdbd_conn: Convert ctdb_read_req to return 0/errno ctdbd_conn: Make register_with_ctdbd use an int-returning callback ctdbd_conn: Return early from ctdbd_msg_call_back ctdbd_conn: Do an early return from ctdb_read_req ctdbd_conn: Move release_ip handling into process.c vfs: Fix CID 1035384 Unchecked return value from library vfs: Consolidate failure paths in vfswrap_init_asys_ctx dbwrap_rbt: Make "key" and "value" aligned to 16 byte pdb_tdb: Use fstr_sprintf ----------------------------------------------------------------------- -- Samba Shared Repository