[SCM] SAMBA-CTDB repository - annotated tag 3.6.0rc1-ctdb-11 created - 3.6.0rc1-ctdb-11

Michael Adam obnox at samba.org
Fri May 20 06:15:42 MDT 2011

The annotated tag, 3.6.0rc1-ctdb-11 has been created
        at  e784f032598f3bef3f4a51624007bfe7d75f636a (tag)
   tagging  3bd93db713761a85e395bde9838f08dda55e70f2 (commit)
 tagged by  Michael Adam
        on  Fri May 20 14:14:01 2011 +0200

- Log -----------------------------------------------------------------
tag release 3.6.0rc1-ctdb-11
Version: GnuPG v1.4.10 (GNU/Linux)


Abhidnya Chirmule (1):
      To set file create/birth time in GPFS. Signed-off-by: Abhidnya Chirmule <achirmul at in.ibm.com>

Abhidnya P Chirmule (5):
      s3: Add access_mask to the flock VFS call
      File BirthTime test
      File winattr test
      s3: Add a vfs_time_audit module
      s3: Add a vfs_time_audit module

Alexander Bokovoy (281):
      Fix typo in WIFSIGNALED (as per Waider's report)
      Add support for krb5-config from recent MIT and Heimdal. And fallback to traditional guessing only if krb5-config was not found.
      When checking for tgetent, include libtinfo from recent Ncurses as well
      Merger krb5-config and libtinfo to SAMBA_3_0
      Third-party configuration scripts may produce undesirable additions to CFLAGS/CPPFLAGS
      Merge from head CFLAGS/CPPFLAGS and LIBS/LDFLAGS sanitizing
      Improve detection of iconv(3) for various platforms. M4 code is similar to what I use in Midgard for past few years, modified for Samba needs.
      Fix SGML errors in development documents
      Merge cifsntdomain.sgml fixes from 3.0 branch
      Merge encryption.sgml fixes from HEAD
      Merge more SGML strictness fixes from HEAD
      Fix missing tag pairs
      Fixed opened-but-not-closed listitem/varlistentry for LDAPADMINDN
      Fix another opened-but-not-closed tag
      Document results of smb.conf(5) inspection. We have 13 undocumented parameters for HEAD
      Tidy XML formating
      Add new framework for smb.conf(5). Please read README before trying to compile.
      1. Fix  generate-file-list.sh to produce a list sorted by parameter name, not parameter section.
      Reflect current conversion status
      Fix vfs to work with P_LIST-ed lp_vfsobj() -- the traversal is reversed. Based on patch from Metze
      Convert 'Security' section of smb.conf to new format
      Update doc-status
      Fix some mixture of FLAG_GLOBAL|FLAG_SHARE in synonyms
      Convert more parameters to new smb.conf(5) style. Document found occurences of non-documented parameters in doc-status
      Finish conversion of Printing parameters
      Update smbmount to include unicode and lfs capabilities options -- smbfs supports this already
      Update smbmount to include unicode and lfs capabilities options -- smbfs supports this already
      Next batch of conversions: File names.
      Finish conversion of Filenames
      Convert Logon parameters.
      Finish conversion of Browse options
      Finish conversion of WINS options
      Finish conversion of Locking options
      Finish conversion of LDAP options
      Finish conversion of VFS options. This section is not complete yet -- we miss documentation for parametric options and new modules stuff
      Finish conversion of Winbind options. Only Misc section left!
      Fix typos in printing
      Fix current status of conversion
      Update docs-status
      Convert a part of Misc section. More to come after a sleep
      Convert another group of options in Misc section
      Convert another group of options in Misc section
      Fix some minor typos
      Final bits of smb.conf(5) are converted!
      Final touch:
      Fix smb.conf.5.xml and friends:
      Fix a typo spotted when working on PDF version
      Fix typos
      Fix SGML/XML incompability before starting conversion to XML
      Docbook XML conversion: devdoc
      Docbook XML conversion: faq
      Docbook XML conversion: manpages
      Docbook XML conversion: projdoc
      Remove strip-links.pl, not needed anymore
      Docbook XML conversion: XSLT and build infrastructure
      Fix FAQ build
      small fixes
      Rebuild docs
      Fix ulink in winbind section
      Ignore generated file
      Fix VFS layer:
      Add new files needed for VFS fixes.
      Add NT quota support. Patch from Stefan (metze) Metzemacher
      Small fix for HAVE_SYS_QUOTAS usage, spotted by build farm
      Small fix for HAVE_SYS_QUOTAS usage, spotted by build farm
      Better isolate quota stuff
      Forgot to actually change default for quotas to -no- in configure.in
      Forgot to actually change default for quotas to -no- in configure.in
      Wrap into WITH_QUOTAS yet another place in trans2
      Fix a wrong define check.
      GCC accepts unnamed initalization of sub-structure. Let's see how AIX behave with this. Previous fix was incorrect.
      Eliminate NULL pointers from VFS interface. All hooks now really callable, producing either correct result or returning error if the feature isn't supported in the configuration
      Prefix VFS API macros with SMB_ for consistency and to avoid problems with VFS_ macros at system side. We currently have one clash with AIX and its VFS_LOCK. Compiled and tested -- no new functionality or code, just plain rename of macros for yet-unreleased VFS API version. Needs to be done before a24 is out
      Evolve quotas configure check more. Patch from Stefan (metze) Metzemacher. Now we are defaulting to --with-quotas=no but anyway trying to test them in configure. This is done to get information about as much quota API variations as possible -- when --with-quotas=no this does not affect build but provides us with more detailed information on build farm.
      This was actually a24 release (fixed changelog entry), add note about VFS API changes
      Fix macros for next and opaque quota ops. Spotted by metze
      Fixed linkend problems with some links in passdb
      Make inter-paragraph space in latex targets 1.5\baselineskip and do not indent paragraphs
      Sync VFS API changes for vfs_nt_*get_acl. Patch from Stefan Metzmacher <mezte at metzemix.de>
      Fix compiler warnings for vfstest. Patch from Stefan Metzmacher <mezte at metzemix.de>
      First version of VFS API developers documentation. Needs work on both formatting and content.
      Move VFS example skel.c to two different examples: one for opaque operations and one for transparent. Also add configure support for compiling third-party modules. Patch from Stefan Metzmacher <metze at metzemix.de>
      Update WHATSNEW.txt with information from release branch
      Document name resolve order suggested settings for security=ads as mentioned by Jerry
      Propagate changes to WHATSNEW.txt from release tree so that they would not be out of sync with reality.
      Fix memleak in groupdb. Spotted by Metze
      Small documentation fixes from Metze
      Add mandir to installdir target. Otherwise installman fails for clean DESTDIR
      Fix cut&paste bug in strdup() usage example. Found by Metze
      Accept --with-expsam=no as valid option (do nothing on it). Simplifies automatic option generation for spec files
      Add support for MSG_SMB_CONF_UPDATED and MSG_SHUTDOWN to all daemons (smbd, nmbd, winbindd). Reviewed by jerry and tridge.
      Fix comment
      Rise debug level to 5 for not-found-nt-quota message (quota setting for user wasn't found)
      Add a macro to check whether module-specific data set already or not. Returns True or False. Should support further encapsulation of VFS-specific structs
      Add NT quotas support. Users allowed now to manage quotas on systems with sysquotas interface detected (Linux at least) using native Windows tools. Also move default quota support for NT quotas to VFS module default_quota. Code by Metze
      Return proper error when it is impossible to change quota flags
      Mention security=ads in introductory paragraph too
      Add vfs_readonly module which allows to enforce periodic read-only limit on a share based on a specified start and end dates according to date(1) format
      Fix syntax error.
      Use path relative to source/ for modules/getdate.h
      VFS layer should be TRANSPARENT, not OPAQUE
      ntlm_auth should be installed as well. It is now of use by Squid and Midgard and is stable enough so it make sense to provide it in a Samba Team's binary packages
      Try to honor predefined CPPFLAGS when finding correct iconv flags
      Fix charset detection code in configure.
      Do not cache iconv checks because we are looking for it now in different places and negative result does not mean we don't have iconv unless we checked everything
      Fallback to our defaults (CP850/ASCII/UTF8) if there is no native iconv on the platform. This allows to compile and complain about it at runtime
      Ignore modules/*.c in make proto
      Ignore only getdate.* in modules/, not the whole directory. Fixes static builds of modules
      Fix for #150.
      Fix typo in configure.in for libsmbclient
      Ignore smbiconv binary as well
      Add CAP VFS module from Monyo. Primary purpose of this module is to provide CAP-compatible encoded file names for CJKV
      skel_ -> cap_
      Refactor charset plugins a bit and add CP437 module.
      Remove cap_set_quota as it is the same as default one
      Fix CP437 and CP850 syntax for old compilers removing ANSI C99-specifics
      Proper fix for #380 -- use different algorithm to generate codepages
      Now that CAN-2003-0689 is published officially, we need to make possible
      Support for CAN-2003-0689 port from SAMBA_3_0
      Back out --with-good-getgrouplist patch
      Back out --with-good-getgrouplist patch
      Alias charset 646 internally as it is same as ASCII. Should solve Solaris problems where ASCII was not detected and 646.so were requested through dynamic loading
      Alias charset 646 internally
      Update WHATSNEW.txt with information from release branch, SAMBA_3_0 talks only about RC3 while release branch explains RC3->RC4 differences
      Fix scripts to generate correct tables for compilers which have character constants as signed chars instead of unsigned
      Fix warnings on Sun cc Workshop Compilers 5.0. Reported by "Richard Bollinger" <rabollinger at comcast.net>. Also fixed script/gaptab.awk to produce compatible tables.
      Fix pdb_mysql. Jelmer will look into details tonight.
      Merge latest fixes from the release tree for WHATSNEW.txt
      Fix segfault in mount.cifs helper when there is no options specified during mount
      Fix segfault in mount.cifs helper when there is no options specified during mount
      Update WHATSNEW.txt with proper version from release branch
      Update WHATSNEW.txt with text from release branch
      Fix #558 -- support ISO-8859-1 internally. Makes Solaris users a bit happier
      Fix #558 -- support ISO-8859-1 internally. Makes Solaris users a bit happier
      Fix uninitialized variable in passdb code. Reported by Andy Polyakov <appro at fy.chalmers.se>
      Fix uninitialized variable in passdb code. Reported by Andy Polyakov <appro at fy.chalmers.se>
      Fix string overflow due to wrong size calculation
      Fix string overflow due to wrong size calculation
      Fix build after Jeremy -- yet another place where convert_string() wasn't updated
      Fix build after Jeremy -- yet another place where convert_string() wasn't updated
      Fix problems with very long filenames in both smbd and smbclient.
      Fix problems with very long filenames in both smbd and smbclient.
      Fix check_path_syntax() for multibyte encodings which have no '\' as second byte.
      Fix check_path_syntax() for multibyte encodings which have no '\' as second byte.
      r76: Fix smbfs problem with Tree Disconnect issued before smbfs starts its work.
      r516: On GNU/Linux distributions which allow to use both 2.4 and 2.6 kernels
      r517: Remove wrong commit I did by mistake
      r4704: Fix encoding while receiving of a message which was actually sent using STR_ASCII. Patch from Grigory Batalov <bga at altlinux.org>
      r12935: After discussion with Volker fix bug #3397 using a variant of the patch by Alex Deiter (tiamat at komi.mts.ru).
      r13695: Make code consistent with documentation. :-)
      r14158: Fix coverity CID #147 -- do not dereference pointers before checking their existence
      r15152: Fix a case when target is offline. Jerry, this needs to be in 3.0.23pre1
      r16136: By default, rootsbindir relies on SBINDIR so import it here
      r16138: By default, rootsbindir relies on SBINDIR so import it here
      r17198: Fix wins_nss dependencies
      r17338: Add support for multiple shares test inspired by Samba 4 torture's --unclist option. Triggered by -b sharelist_file option.
      r17353: Add support for JFS2 NFS4/AIXC and GPFS acls based on NFSv4 ACLs.
      r17354: Revert -r 17353 per Volker request while gpfs compatibility layer code will be released.
      r17358: Re-add JFS2 NFS4 ACLs support, move readme for it into AIX-specific examples directory.
      r21467: Add GPFS-provided DMAPI support based on their GPL library
      r21885: Chown logic should be activated only if nfs4:chown=yes
      r22172: FSCTL_RECALL_FILE is 0x90117 according to my traces. Record it here.
      r22505: Fix build
      r22840: Add -pie support to Python's setup.py. This should fix build of python libs on recent distributions that take care of security.
      r22867: With Samba4's IDL, we now have two new flags for share types: STYPE_TEMPORARY and STYPE_HIDDEN
      r22973: Apparently, 3.0.25 broke smb4k badly ;-)
      r23302: Refactor vfs_gpfs module, fix problems with chmod Tridge has found during ctdb tests
      r23831: Fix vfs_readahead: transparent modules should always pass through
      r4799: comparison_fn_t is under __USE_GNU on GNU systems, therefore, we need _GNU_SOURCE defined in the test
      r5169: As provisioning script generates everything under $newdb/ directory, put generated domain zone there as well
      r5173: Refer to a proper zone file name in resulting message
      r5538: Fix typo in comment -- non-existant constant name mentioned
      r5646: state->loadfile might be NULL after allocation so this is really
      r6352: Two new composite calls:
      r6597: Make use of libblkid (part of e2fsprogs) for reporting volume GUID, if possible.
      r6599: Fix formating using 'linux' C style
      r8830: Fix provision script after data split
      r8831: Clarify data wipe-out statement
      r9320: Fix premature dereference bug found by Coverty and also get rid of non-used memory context
      r9321: Fix potential bug found by Coverity. src_len has to be int but later we do pass it as size_t. In case src_len is negative, we need to register a failure and return to the caller
      r9476: Make intention to ignore result of receiving excplicit. Fixes warning found by Coverity
      r9478: Fix NTVFS POSIX module to work with EA and blkid after build system changes
      r9479: More fixes for explicit ignoring of returned result to fix Coverity warnings
      r14548: fix build after generated prototypes
      r15036: Add out of tree build support and see how buildfarm will respond to make constructs
      r15051: Remove directory creation from this rule; we use script/buildtree.pl for external build dir instead
      r15052: Do not add builddir variants into include paths when building in-tree
      r15061: Use $(PERL) to run cflags.pl as actual perl binary might not be in /usr/bin
      r15062: Theoretically, this should allow NetBSD make to handle VPATH-like lookups
      r15063: Theoretically, this should allow NetBSD make to handle VPATH-like lookups
      r15064: Remove the change until I find proper solution
      r15099: An attempt to fix BSD make portability issues. With these changes Samba 4 builds successfully on NetBSD 3.0
      r15206: Heimdal is always compiled with _GNU_SOURCE enabled (in its configure.in it is defined unconditionally).
      r15208: Change _GNU_SOURCE propagation to apply only to generated files as Andrew B. suggests
      r15211: REQUIRED_SUBSYSTEMS for binaries are gone, use PRIVATE_DEPENDENCIES here
      r17478: Add BENCH-READWRITE test to simulate read/write workload from simultaneous async clients. This code is based on concept from Mathias Dietz <mdietz at de.ibm.com>
      r23505: Use RAW_READ_READX, not RAW_READ_READ in BENCH-READWRITE test (we already write with RAW_WRITE_WRITEX). Noticed by Gomati Mohanan
      r23506: Turn back to RAW_READ_READ because buildfarm fails. Investigating.
      r23529: When using READX, fill in readx fields. Thanks to Metze for spotting it.
      r23540: Continue fixing bench-readwrite. We need to initialize state->readcnt not only when file is written but at initial write as well.
      r23862: Explain who requested unknown dependency. Helps a lot in chasing dependency hell when trimming down s4 platform
      Correctly free memory in regfio paths
      Fix pam_smbpass build
      Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into v3-2-test
      Fix codepagedir to follow predefined libdir when using FHS. Fixes x86_64 build.
      Fix crash in winbind clients: instead of talloc-based pointer we passed address of a local variable.
      Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into v3-2-test
      Fix crash in winbind clients: instead of talloc-based pointer we passed address of a local variable.
      Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into v3-2-test
      Merge CTDB-related fixes from samba-ctdb 3.0 branch (http://samba.org/~tridge/3_0-ctdb)
      Add support for offline files support, remote storage, and Async I/O force operations to VFS
      Merge latest fixes to vfs_gpfs and NFS4 ACLs from Samba 3.0 CTDB branch (from http://samba.org/~tridge/3_0-ctdb)
      Support GPFS prealloc interface
      Merge a variant of Shadow Copy module for exposing snapshots to windows clients as shadow copies from Samba 3.0 CTDB
      Add offline storage support with Tivoli Storage Manager Space Manager
      idmap TDB2 backend, used for clustered Samba setups.
      Enable building of VFS modules: vfs_tsmsm, vfs_shadowcopy2 and IDMAP module idmap_tdb2
      Fix build for pam_smbpass
      Fix build for pam_smbpass
      Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into ctdb-merge
      Convert old sid-string handling in idmap_tdb2 to a new one
      Merge branch 'ctdb-merge' into v3-2-test
      Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into v3-2-test
      Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into v3-2-test
      Fix more VFS API mixup with offline files
      Rework of VFS is_offline() function to only return boolean offline/online result for a file.
      Remove is_remotestorage() call from VFS. We already have statvfs() there to handle FS capabilities.
      Merge DMAPI fixes from CTDB Samba
      Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into ctdb-merge
      Merge branch 'ctdb-merge' into dmapi-integration
      Merge DMAPI fixes from Tridge
      Fix BOOL introduced by last commit
      Fix typos and replace statvfs call with fs_capabilities()
      Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into dmapi-integration
      Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into dmapi-integration
      Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into dmapi-integration
      Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into dmapi-integration
      Allow actual call to set file offline
      Change the file time before we change the file mode.
      Allow broader range of HSM systems in vfs_tsmsm
      Destroy DMAPI session when main smbd daemon exits.
      Use more error-prone form of testing dm_destroy_session() return code after discussing with Tridge
      Ignore Emacs' semantic.cache
      Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into v3-2-test
      Fix samba-docs build after svn conversion and Samba3 By Example addition.
      Fix Development documentation as well
      Change 'release' target: remove 'htmlfaq' (outdated) and add 'guide'
      Document --require-membership-of={SID|Name}
      Another round of fixes (projdoc -> howto) for images
      This really should be 'max stat cache size', not stat cache
      Fix a dangerous bug in Makefile which actually allows 'make release' to skip
      Code in Samba 3 states "use sendfile = false" so documentation must reflect it
      Document async I/O options
      Fix Samba documentation build for manpages
      Fix another bunch of samba-docs bugs. Use <literal> to escape slashes with text
      And more fixes for slashes: use <literal/> in <command/> and <value/> automatically
      Embed db2latex as interim solution before migration to dblatex
      - Activate embedded db2latex
      Add man page metadata fields that are used by temprorary manpages XSLT
      Refresh our XSL templates to work with current docbook xslt for manpages
      Insert space inside this very long string. It is arguable how to fix it properly but at least man pages good now
      Fix typo
      Fix more entries with back slashes that need to use literal formatting
      Forgot to add these macros to a samba-docs repository
      Attempt to add DTDs as svn external repository for build
      Add first cut at networkless build instructions for samba-docs
      Add small preface to a VFS guide. More to come.
      Prettify attributions
      Remove smbconfexample check from test index.xml, it is not used anymore
      Switch to SVG and Inkscape to generate pictures instead of Dia.
      Fix numbering in the Samba3 developer's guide
      Use indexterm instead of term in expansion xslts
      Use title from a linked item to show up as text of the link if there is no endterm or content in the link itself
      Next update of VFS modules development guide
      Fix documentation build: manpages, links in the HTML documents.
      Ignore intermediary documentation files in git
      Fix yet another set of documentation links
      Fix link for Using Samba
      Fix breakage for connect function after API change (connect -> connect_fn)
      Pass absolute file paths to Inkscape when transforming .svg files
      Merge branch 'master' of ssh://git.samba.org/data/git/samba

Alexander Zagrebin (1):
      Missing break in conversion function prevents tdb password database update.

Alexandre Oliva (28):
      implemented du and tar -n
      major autoconf clean-up
      replace getpass() with getsmbpass() if getsmbpass.c compiles
      check whether system type is the same as stored in the cache (full
      wait_keyboard must still be defined if readline is not available
      automated generation of .dummy files for each subdirectory;
      added WITH_SMBMOUNT
      get away with dummy and .dummy files
      optimize creation of directories in build tree
      fix directory creation mechanism; the optimized version would not work :-(
      added stamp-h
      Avoid the message `make: [.deps/.P] Error 1 (ignored)'
      bin/cvsignore: deleted, so that bin can be removed from the repository
      Speed up directory creation for the common case (i.e., it exists already)
      added 64-bit file support
      rm object files created by mkdir probes
      just try to rmdir bin after removing bin/.dummy, in realclean
      revert 64-bit file support; it's hard-coded already
      added Solaris 2.5
      modify dependency tracking code so that it:
      looks like someone forgot to commit these...
      do not print garbage just because someone does not want dependencies :-)
      * client/client.c (dir_total): use SMB_BIG_UINT
      use double instead of SMB_BIG_UINT for dir_total and ttarf
      declare ttarf as double, as in client.c
      Use ${1+"$@"} instead of $*
      Avoid multiple ``Updating dependencies'' messages before .deps/.stamp
      Make sure that the stamp file is newer than configure.in

Amin Azez (6):
      Fix sending of large nttrans responses.
      Samba4 poor mans debug_ctx()
      Fix open file tracking in vfs_cifs so that oplock breaks can propagate
      Use 32 bit storage for nttrans counts
      Re-order smbsrv_recv_smb_request and smb_messages
      Flag smb messages array with AND_X and LARGE_REQUEST

Anatoliy Atanasov (72):
      Handle schema reloading request.
      dsdb_create_prefix_mapping() implementation checks for existing prefix maping in ldb.
      Fix for schemaUpdateNow command
      Test for schemaUpdateNow command
      Fix for DSSYNC test against Windows 2003
      Fix the dsdb_syntax_OID_ldb_to_drsuapi function
      First attempt to implement dcesrv_drsuapi_DsGetNCChanges
      Fill the meta data vector in the responce struct.
      Fix up-to-dateness vector creation.
      Fix up-to-dateness vector creation.
      Add drs_security_level_check for dcesrv calls security checks
      Move replmd_drsuapi_DsReplicaCursor2_compare to a common place.
      Handle dsdb_class_by_lDAPDisplayName returned values in schema_inferiors.c
      Add tests for MS-ADTS: Naming Constraints
      Add support in the ldb_dn.c code for MS-ADTS: Naming Constraints
      Move the check above the talloc
      s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_CRITICAL_ONLY req in getncchanges
      idl: regenerate idl
      s4: Handle DRSUAPI_DS_REPLICA_NEIGHBOUR_ASYNC_REP in getncchanges
      s4/drs:kccdrs_replica_get_info_obj_metadata implementation
      s4/drs: add DRSUAPI_ATTRIBUTE_options attribute
      s4/rodc: change the libnet_become_dc code to do RODC join
      s4/libnet: Fix misleading comment
      s4/rodc: Implement samdb_rodc with ldb context
      s4/rodc: RODC FAS initial implementation
      s4/rodc: Implement msDS-isRODC constructed attr
      s4/test: Implement tests for msDS-isRODC constructed attribute
      s4/rodc: Fix the callbacks up the stack to handle referrals on modify requests
      s4/rodc: Support read-only database
      s4/waf: ABI update for lib/ldb
      s4-rodc: Fix provision warnings by creating ntds objectGUID in provision
      Revert "s4-rodc: Fix provision warnings by creating ntds objectGUID in provision"
      s4-rodc: Cache am_rodc flag
      s4-rodc: Set am_rodc flag during provision
      s4: check the sacl and dacl pointers on the old sd
      s4:auth/session.c - free "group_string" when not needed
      s4:schema/schema_set.c - free LDB message diffs
      s4/schema: remove unnecessary deletion of dsdb_schema cached pointer
      s4/vampire: update dNSHostName for the Server object
      s4/drs: update repsFrom only when we are not in getncchanges extended op
      s4/fsmo: Added python tests for schema master transfer op
      s4/fsmo: Fix callback declaration
      s4/fsmo: Change return type from NTSTATUS to WERROR for drepl_takeFSMOrole
      s4/fsmo: Remove empty new lines
      s4/fsmo: Handle infrastructure, pdc and rid extended ops
      s4/fsmo: Extended fsmo test with infrastructure, pdc and rid roles
      s4/fsmo: Naming master support added
      s4/drs: Added the rest of the enum drsuapi_DsNameFormat values
      s4/drs: use type enum drsuapi_DsNameFormat in DsCrackNames code
      s4/fsmo: Create separate function for retrieving fsmo role dn and owner dn.
      s4/dcdiag: Handle ListRoles command for dcdiag:KnowsOfRoleHolders test
      s4/dsdb:kcc: cleanup and improve readability
      s4/eventlog6: Add idl for EventLog6 RPC
      s4/eventlog6: Add endpoint server for EventLog6 RPC
      s4/eventlog6: Build and hook EventLog6 RPC endpont mapper and idl
      s4/eventlog6: Add dummy implementation for calls 0x5 and 0xB
      s4/irpc: Add function to add security token to the binding handle
      s4/irpc: Add security token to the binding handle when doing irp call forwarding
      s4/test: Added test for simple bind with machine account
      s4/auth: Add logon_parameters to authenticate_username_pw
      s4/syntax: Add tests for DN+String and DN+Binary
      s4/test: Add bind.py to make test
      s4/test: Expand BindTest
      s4/ldap: ldap_syntaxes.py cleanup
      s4/operational: Fix swapped parameters for ldb_msg_copy_attr
      s4/ldapcmp: Fix the parsing of the second set of credentials
      s4/ldapcmp: Check if creds2 is actualy set by the command line
      Revert "s4/ldapcmp: Check if creds2 is actualy set by the command line"
      Revert "s4/ldapcmp: Fix the parsing of the second set of credentials"
      s4/ldapcmp: Correct fix for creds2

Andreas Schneider (759):
      Remove trailing slashes from service name
      Don't restart winbind if a corrupted tdb is found during initialization.
      Prevent winbindd from segfaulting due to corrupted cache tdb.
      Windows 2008 (Longhorn) auth2 flag fixes.
      Fix Windows 2008 (Longhorn) join.
      Add variable to define if a share should be hidden.
      Rename the 'hidden' variable to 'administrative share'.
      Rename the 'hidden' variable to 'administrative share'.
      Fix saving of the config file in SWAT; [#5516].
      Fix empty input fields in SWAT; [#5515].
      Add krb5 support for the testbrowse example.
      Add documentation for kerberos support in libsmbclient.
      Release still reachable memory if the smbclient context is freed.
      The buf in the smbclient write function should be const.
      Simplify samba_version_string.
      Use the macro to call samba_version_string().
      Update the developers documentation for the new vendor version options.
      Remove trailing withespace from wbinfo -m which breaks gdm auth.
      Set the right return value if wbc_status is set to an error.
      Delete the krb5 ccname variable from the PAM environment if set.
      Create a function out of pam_sm_close_session to delete the credentials.
      Improve the Gemand pam_winbind translation.
      Fix circular dependency error with autoconf 2.6.3.
      Move the doxygen comments of wbclient to the header file.
      Fix a segfault if ? is there but the options are NULL. This is the case if SMBC_parse_path is called by SMBC_stat_ctx.
      Avoid flooding of syslog with failing pam_putenv messages.
      Document default of the printing config variable.
      Add a synopsis section to the pam_winbind manpage.
      Document the try_first_pass option in the pam_winbind manpage.
      Dcoument the PAM data exports in the pam_winbind manpage.
      Move pam_winbind to the right manpage section (8).
      Fix the section of the pam_winbind manpage.
      tsocket: Fixed typo in LGPL header.
      tsocket: Fixed documentation for tsocket_address_bsd_sockaddr().
      tsocket: Fixed tsocket_guide.txt asciidoc syntax.
      s4-kdc: Migrate to tsocket_address.
      s4: Fixed the programming guide to reflect the current tree.
      s4-gensec: Added remote and local setter/getter using tsocket.
      s4-gensec: Replace gensec_set_my_addr() with new tsocket based fn.
      s4-gensec: Replace gensec_get_my_addr with new tsocket based fn.
      s4-gensec: Replace gensec_set_peer_addr with new tsocket based fn.
      s4-gensec: Replace gensec_get_peer_addr with new tsocket based fn.
      s4-gensec: Remove obsolete socket_address vars and fns.
      s4-kdc: Migrate tcp connections to tsocket.
      tsocket: Added complete doxygen documentation.
      tsocket: Added doxygen config file.
      s4-ntp_signd: Migrate to tsocket.
      s4-torture: Migrate ntp_signd test to tsocket.
      s4-winbind: Migrated winbind connection to tsocket.
      s4-libcli: Fixed a talloc_reference error.
      talloc: Documented talloc with doxygen.
      talloc: Added doxygen config file.
      Move the talloc details to the mainpage.
      s3-print: Remove obsolete signal type cast.
      s3-passdb: Remove obsolete signal type cast.
      s3-pam_smbpass: Remove obsolete signal type cast.
      s3-nmbd: Remove obsolete signal type cast.
      s3-libads: Remove obsolete signal type cast.
      s3-lib: Remove obsolete signal type cast.
      s3-smb: Remove the obsolete signal type cast.
      s4-smbd: Remove obsolete singal type cast from the thread process model.
      libutil: Remove obsolete signal type cast.
      libreplace: Remove the obsolete signal type cast.
      s4-smb: Migrate named_pipe_server to tsocket.
      tstream: Added a typedef for the function prototype.
      tsocket: Improve the tsocket_address_bsd_sockaddr documentation.
      s4-smb: Migrate named_pipe_server to tsocket.
      s4-kdc: Fixed the memory context of tstream_bsd_existing()
      s4-ntp: Fixed the memory context of tstream_bsd_existing()
      s4-winbind: Fixed the memory context of tstream_bsd_existing()
      s4-winrepl: Migrated the wins replication server to tsocket.
      s3-rpc_server: Document rpc_pipe_open_internal.
      s3-rpcclient: Leave setprinterdata directly if not enough args were passed.
      s4-gensec: Fixed wrong usage of error_string.
      Fix developer build, remove malloc
      s3-smbd: Don't close stdout if we want to log to stdout.
      s3-selftest: Don't log to stdout, use logfiles instead.
      s3-spoolss: Added a function to open a regkey using the winreg pipe.
      s3-spoolss: Added a set_printer_dataex function using the winreg pipe.
      s3-spoolss: Added a get_printer_dataex function using the winreg pipe.
      s3-spoolss: Added a enum_printer_dataex function using the winreg pipe.
      s3-spoolss: Added a delete_printer_dataex function using the winreg pipe.
      s3-spoolss: Added a enum_printer_key function using the winreg pipe.
      s3-spoolss: Added a delete_printer_key function using the winreg pipe.
      s3-spoolss: Fixed winreg_printer_openkey to be used in a more generic way.
      s3-spoolss: Added a winreg_enumforms1 function.
      s3-spoolss: Added a winreg_addform1 function.
      s3-spoolss: Added a winreg_deleteform1 function.
      s3-spoolss: Added a winreg_setform1 function.
      s3-spoolss: Added a winreg_getform1 function.
      s3-winreg_nt: Fixed QueryValue with data=NULL to get the length.
      s3-time: Added a function to get the startup time of the server.
      s3-spoolss: Use const values for notify functions.
      s3-spoolss: Added missing return value to winreg_printer_enumforms1 docs.
      s3-spoolss: Fixed return values of winreg_printer_deleteform1.
      s3-spoolss: Added winreg helper functions to write registry values.
      s3-spoolss: Added a function to update the ChangeID of a printer.
      s3-spoolss: Added a function to get the ChangeID from a printer.
      s3-spoolss: Added a winreg function to query a dword.
      s3-spoolss: Added more winreg hepler functions.
      s3-spoolss: Fixed winreg_delete_printer_key if key is NULL or emtpy.
      s3-spoolss: Added a winreg_update_printer function.
      s3-spoolss: Added a winreg_create_printer function.
      s3-spoolss: Added a winreg_get_printer function.
      tsocket: Fixed the documentation of tsocket_address_bsd_sockaddr.
      s3-lib: Create a sec_desc_merge and sec_desc_merge_buf function.
      s4-torture: Fixed spoolss dsspooler printername test.
      s4-torture: Added the printername to the AddPrinter comment.
      tsocket: Added the warning again to tsocket_address_bsd_sockaddr.
      s3-libsmb: Fixed a recursion in cli_pull_print.
      tevent: Added basic doxygen documentation.
      tevent: Add doxygen tevent config file.
      tevent: Create a typedef for the debug function callback.
      tevent: Document the missing tevent async request callback functions.
      tevent: Document missing callback typedefs.
      tevent: Document the tevent helper functions.
      tevent: Document the tevent_queue functions.
      tevent: Started a tevent_queue tutorial.
      libwbclient: Fixed doxygen errors.
      s3-spoolss: Added missing Printer Driver in winreg_{update,get}_printer.
      s3-spoolss: Added missing servername option to winreg_{create,get}_printer.
      s3-spoolss: Added a sharename arg to winreg_update_printer.
      s3-spoolss: Fixed memory error in winreg_get_driver.
      s3-spoolss: Added a function to create a default spoolss_DeviceMode.
      s3-spoolss: Added a generic spoolss_create_default_secdesc function.
      s3-spoolss: Added a winreg_printer_query_binary function.
      s3-spoolss: Migrated winreg to spoolss_create_default_secdesc.
      s3-spoolss: Added winreg security descriptor functions.
      s3-spoolss: Fixed the DeviceMode handling in winreg.
      s3-spoolss: Create default DsSpooler values.
      talloc: Documented the missing string functions.
      talloc: Fixed a doxygen problem with PRINTF_ATTRIBUTE.
      tevent: Fixed a doxygen problem with PRINTF_ATTRIBUTE.
      tevent: Added an introduction to the tevent_queue tutorial.
      tevent: Added a description for tevent queue.
      s3-spoolss: Sorted the builtin forms alphabetically.
      s3-spoolss: Added EN ISO 216, A0 and A1 to builtin forms.
      s3-spoolss: Use better names for set_last_from_to.
      s3-spoolss: Create a spoolss_map_to_os2_driver function.
      s3-spoolss: Use the spoolss_map_to_os2_driver to modify drivername.
      s3-spoolss: Added EN ISO 216, A0 and A1 to builtin forms.
      s3-net: Created a migration tool for printing TDBs.
      s4-torture: Try to fix the winreg tests.
      s4-torture: Disable the security descriptor tests.
      s4-torture: Improved the winreg symlink test.
      s3-auth: Added a function to get the server_info from the system user.
      s3-waf: Fixed dependencies of the the avahi subsystem.
      s3-smbd: Remove unneeded dependency of map_username to globals.c.
      s3-auth: Moved smbd user functions to a generic place.
      s3-rpc: Seperate rpc_srv_register for plain connection.
      s3-rpc: Create a file with all functions for a internal named pipe.
      s3-waf: Build rpc_server/srv_spoolss_util.c too.
      s3-winbind: Fixed setting default sequence number.
      s3:misc make use of server_[event/messaging]_context directly
      s3-spoolss: Provide a memory context for clean_up_driver_struct().
      s3-tdb: Added missing out of memory check in rename_file_with_suffix().
      wbinfo: Document the deprecated sequence option correctly.
      doc: Remove the documentation of the sequence command of wbinfo.
      s3-registry: Added a db upgrade function to normalize the key delimiter.
      s3-registry: Convert registry key delimiter from slash to backslash.
      nss_wrapper: Fixed a possible NULL pointer problem.
      librpc: Use switch in GUID_from_data_blob().
      s3-passdb: Make sure that we don't assign garbage.
      s3-libsmb: Make sure that finfo is initialized.
      s3-nmbd: Leave the sync function if there are no syncs.
      s3-lanman: Make sure that job_info is not undefined.
      s3-passdb: Make sure we don't call free on a garbage pointer.
      s3-passdb: Make sure dn is initialized and don't free it.
      s3-vfs: Make sure that retval isn't used uninitialized.
      s3-lanman: Make sure count is not used uninitialized if we jump to out.
      s3-smbd: Make sure that status is initialized when used.
      s3-registry: Fixed keyname delimiter in KEY_CURRENT_VERSION_NORM.
      s3-eventlog: Fixed the keyname delimiter for the registry key.
      s3-net: Make sure that the data blob is initialized.
      s3-librpc: Fixed GUID_from_data_blob() with length of 32.
      s3-net: Use talloc_asprintf and return if file is in wrong format.
      s3-net: Make sure we don't call free on garbage.
      s3-winbind: Make sure we crash if domain is really not found.
      s3-client: Make sure we only write to an opened file.
      libcli: Fixed a build warning for a missing prototype.
      s3-winbind: Free some memory which isn't needed anymore.
      s3-rpc_client: Use the right memory context for array elements.
      s3-winbind: Initialize the server_info on winbindd start.
      s3-winbind: Added a skeleton for samr based functions.
      s3-winbind: Implemented samr backend function sam_query_user_list.
      s3-winbind: Implemented samr backend function sam_enum_dom_groups.
      s3-winbind: Implemented samr backend function sam_query_user.
      s3-winbind: Implemented samr backend function sam_trusted_domains.
      s3-winbind: Implemented samr backend function sam_lookup_groupmem.
      s3-winbind: Implemented samr backend function common_enum_local_groups.
      s3-winbind: Implemented samr backend function common_name_to_sid.
      s3-winbind: Implemented samr backend function common_sid_to_name.
      s3-winbind: Implemented samr backend function common_rids_to_names.
      s3-winbind: Implemented samr backend function common_lockout_policy.
      s3-winbind: Implemented samr backend function common_password_policy.
      s3-winbind: Implemented samr backend function common_lookup_usergroups.
      s3-winbind: Implemented samr backend function common_lookup_useraliases.
      s3-winbind: Implemented samr backend function common_sequence_number.
      s3-winbind: Replace the passdb backend with a samr/lsa based backend.
      s3-winbind: Rename winbindd_rpc.c to winbindd_msrpc.c.
      s3-winbind: Added a common rpc_enum_dom_groups function.
      s3-winbind: Use rpc_enum_dom_groups in msrpc.
      s3-winbind: Use rpc_enum_dom_groups in samr.
      s3-winbind: Added a common rpc_query_user_list function.
      s3-winbind: Use rpc_query_user_list in msrpc.
      s3-winbind: Use rpc_query_user_list in samr.
      s3-winbind: Added a common rpc_enum_local_groups function.
      s3-winbind: Use rpc_enum_local_groups in msrpc.
      s3-winbind: Use rpc_enum_local_groups in samr.
      s3-winbind: Added a common rpc_name_to_sid function.
      s3-winbind: Use rpc_name_to_sid in samr.
      s3-winbind: Added a common rpc_sid_to_name function.
      s3-winbind: Use rpc_sid_to_name in samr.
      s3-winbind: Added a common rpc_rids_to_names function.
      s3-winbind: Use rpc_rids_to_names in samr.
      s3-winbind: Added a common rpc_query_user function.
      s3-winbind: Use rpc_query_user in msrpc.
      s3-winbind: Use rpc_query_user in samr.
      s3-winbind: Added a common rpc_lookup_usergroups function.
      s3-winbind: Use rpc_lookup_usergroups in samr.
      s3-winbind: Use rpc_lookup_usergroups in msrpc.
      s3-winbind: Added a common rpc_lookup_useraliases function.
      s3-winbind: Use rpc_lookup_useraliases in samr.
      s3-winbind: Use rpc_lookup_useraliases in msrpc.
      s3-winbind: Added a common rpc_lookup_groupmem function.
      s3-winbind: Use rpc_lookup_groupmem in samr.
      s3-winbind: Added a common rpc_sequence_number function.
      s3-winbind: Use rpc_sequence_number in samr.
      s3-winbind: Use rpc_sequence_number in msrpc.
      s3-winbind: Rename common_lockout_policy to sam_lockout_policy.
      s3-winbind: Rename common_password_policy to sam_password_policy.
      s3-winbind: Added a common rpc_trusted_domains function.
      s3-winbind: Use rpc_trusted_domains in samr.
      s3-winbind: Use rpc_trusted_domains in msrpc.
      s3-winbind: Rename lookup_groupmem to msrpc_lookup_groupmem.
      s3-winbind: Create all logfiles in the same directory.
      s3-winbind: Make sure we close all policy handles in sam.
      s3-winbind: Make sure that the policy handles are closed.
      s3-winbind: Fixed debug messages of open_internal_lsa_pipe().
      s3-winbind: Use same format for all msrpc debug messages.
      s3-winbind: Handle aliases in rpc_lookup_groupmem().
      s3-build: Add a gdbtestenv environment for Samba3.
      s3-winbind: Set status before we leave in some msrpc functions.
      s3-winbind: Don't cache queries to builtin and own sam domain.
      s3-waf: Fixed the build.
      s3-rpc_client: Fixed a segfault in rpccli_samr_chng_pswd_auth_crap().
      s3-rpc_server: Don't register the same rpc commands twice.
      s3-rpc_server: Added callbacks for init and shutdown of a rpc service.
      s4-torture: Disable setting REG_BINARY printer data with size 0.
      s3-registry: Init all needed registry keys for printing.
      s3-registry: Redirect KEY_CONTROL_PRINTERS to KEY_WINNT_PRINTERS.
      s3-spoolss: Migrated spoolss_SetPrinterDataEx to the winreg functions.
      s3-spoolss: Migrated spoolss_GetPrinterDataEx to the winreg functions.
      s3-spoolss: Migrated spoolss_EnumPrinterDataEx to the winreg functions.
      s3-spoolss: Migrated spoolss_EnumPrinterKey to the winreg functions.
      s3-spoolss: Migrated spoolss_DeletePrinterDataEx to the winreg functions.
      s3-spoolss: Migrated spoolss_DeletePrinterKey to the winreg functions.
      s3-spoolss: Migrated spoolss_EnumForms to the winreg function.
      s3-spoolss: Migrated spoolss_AddForm to the winreg function.
      s3-spoolss: Migrated spoolss_DeleteForm to the winreg function.
      s3-spoolss: Migrated spoolss_SetForm to the winreg function.
      s3-spoolss: Migrated spoolss_GetForm to the winreg function.
      s3-spoolss: Migrated spoolss_Forms to use the winreg changeid function.
      s3-spoolss: Migrated spoolss_AddPrinter and spoolss_SetPrinter.
      s3-spoolss: Removed unused function convert_printer_info().
      s3-spoolss: Removed unused function printer_info2_to_nt_printer_info2().
      s3-spoolss: Migrated spoolss_OpenPrinter to create defaults with winreg_create_printer.
      s3-spoolss: Migrated spoolss_GetPrinter and spoolss_EnumPrinters to winreg_update_printer.
      s3-spoolss: Migrated spoolss_DeletePrinter to cleanup winreg keys.
      s3-spoolss: Set c_setprinter always to 0.
      s3-spoolss: Fixed the driver unc strings for dependent files.
      s3-spoolss: Don't return the printer devicemode in spoolss_EnumJobs.
      s3-spoolss: Use the existing memory context for winreg_get_printer.
      s3-spoolss: Use a temporary talloc context in update_printer.
      s3-spoolss: Create and update DsSpooler values.
      s3-spoolss: Removed the last free_a_printer() call in spoolss_nt.c.
      s3-spoolss: Moved shared printing functions to nt_printing.h
      s3-spoolss: Removed wrong comment.
      s3-printing: Removed unused get_a_printer functions.
      s3-printing: Removed unused mod_a_printer functions.
      s3-printing: Removed unused free_a_printer function.
      s3-printing: Removed unsuded c_setprinter functions.
      s3-printing: Removed unused nt_forms.
      s3-printing: Removed unused security descriptor functions.
      s3-printing: Remove unused printer registry key functions.
      s3-printing: Moved remaining prototypes to nt_printing.h.
      s3-spoolss: Create winprint print processor key.
      Revert "s4-smbtorture: skip driverName and printerName DsSpooler tests for now."
      s3-printing: Move all tdb upgrade functions to a separate file.
      s3-printing: Added automatic migration of printing tdbs.
      s4-torture: Enable tests with keynames including a slash.
      s3-spoolss: Remove unused MAGIC_DISPLAY_FREQUENCY
      s3-spoolss: Remove the program global current_user_info.
      s3-lib: Make the standard_mapping parameter const.
      s3-spoolss: Move the standard mappings to spoolss.
      s3-printing: Added automatic migration of printing tdbs.
      s3-spoolss: Correctly set the default values.
      s3-spoolss: Fixed FILL_DRIVER_STRING leading to wrong results.
      s3-lib: Remove redefinition of RL_COMPLETION_CAST.
      pidl: Use struct pipes_struct.
      s3-rpc_server: Use struct pipes_struct.
      s3-dfs: Use struct pipes_struct.
      s3-dssetup: Use struct pipes_struct.
      s3-echo: Use struct pipes_struct.
      s3-eventlog: Use struct pipes_struct.
      s3-initshutdown: Use struct pipes_struct.
      s3-lsa: Use struct pipes_struct.
      s3-netlogon: Use struct pipes_struct.
      s3-ntsvcs: Use struct pipes_struct.
      s3-rpc_pipe: Use struct pipes_struct.
      s3-samr: Use struct pipes_struct.
      s3-spoolss: Use struct pipes_struct.
      s3-srvsvc: Use struct pipes_struct.
      s3-svcctl: Use struct pipes_struct.
      s3-winreg: Use struct pipes_struct.
      s3-wkssvc: Use struct pipes_struct.
      s3-uid: Use struct pipes_struct.
      s3-winbind: Use struct pipes_struct.
      s3-include: Use struct pipes struct and get rid of the typedef.
      s3-lib: Remove redefinition of RL_COMPLETION_CAST.
      pidl: Use struct pipes_struct.
      s3-rpc_server: Use struct pipes_struct.
      s3-dfs: Use struct pipes_struct.
      s3-dssetup: Use struct pipes_struct.
      s3-echo: Use struct pipes_struct.
      s3-eventlog: Use struct pipes_struct.
      s3-initshutdown: Use struct pipes_struct.
      s3-lsa: Use struct pipes_struct.
      s3-netlogon: Use struct pipes_struct.
      s3-ntsvcs: Use struct pipes_struct.
      s3-rpc_pipe: Use struct pipes_struct.
      s3-samr: Use struct pipes_struct.
      s3-spoolss: Use struct pipes_struct.
      s3-srvsvc: Use struct pipes_struct.
      s3-svcctl: Use struct pipes_struct.
      s3-winreg: Use struct pipes_struct.
      s3-wkssvc: Use struct pipes_struct.
      s3-uid: Use struct pipes_struct.
      s3-winbind: Use struct pipes_struct.
      s3-include: Use struct pipes struct and get rid of the typedef.
      s3-rpc: Use struct pipes_struct.
      s3-rpc: Use struct pipes_struct.
      s3-spoolss: Fixed debug statements and increased level.
      s3-spoolss: Increased debug level for trace output.
      s3-spoolss: Use a stackframe to allocat memory.
      s3-spoolss: Fixed some C++ build warnings.
      s3-spoolss: Move some debug message to a higher level.
      s3-spoolss: Fixed a segfault if a value has no data.
      idl: Fixed a possible crash bug.
      s3-spoolss: Use a stackframe to allocat memory.
      s3-spoolss: Fixed some C++ build warnings.
      s3-spoolss: Move some debug message to a higher level.
      s3-spoolss: Fixed a segfault if a value has no data.
      idl: Fixed a possible crash bug.
      s3-popt: Only include popt-common.h when needed.
      s3-spoolss: Use the correct value for the data length.
      s4-torture: Fixed the winreg EnumValue test against Windows.
      s3-torture: Correctly cleanup the winreg volatile key test.
      s3-torture: Improve the winreg deletekey torture comments.
      s3-spoolss: Fixed setting driver version correctly.
      s3-spoolss: Make sure we convert a 4 byte value to uint32_t.
      s3-spoolss: Fixed debug statements and increased level.
      s3-spoolss: Increased debug level for trace output.
      s3-spoolss: Use the correct value for the data length.
      s3-spoolss: Fixed setting driver version correctly.
      s3-spoolss: Make sure we convert a 4 byte value to uint32_t.
      s3-popt: Only include popt-common.h when needed.
      s4-torture: Fixed the winreg EnumValue test against Windows.
      s3-torture: Correctly cleanup the winreg volatile key test.
      s3-torture: Improve the winreg deletekey torture comments.
      s4-rpc_server: Fixed the build of the dcerpc_server library.
      s3-smbd: Make sure the event context is initialized.
      s3-smbd: Cleanup the order of the init functions.
      s3-loadparm: Added some comments to lp_load_ex calls.
      s3-smbd: Fixed indent.
      s3-smbd: Regroup some init functions.
      s3-smbd: Move rpc services init to smbd parent.
      s3-smbd: Publish nt printers.
      s3-test: Try to fix the build farm subunit parsing.
      s3-auth: Remove obsolete 'update encrypted' option.
      s3-auth: Remove docs about obsolete 'update encrypted' option.
      s3-waf: Fixed the build.
      s3-waf: Fixed the rpc_client build.
      waf: Generate the ntprinting ndr functions.
      s3-waf: Create a variable for LIBNDR_NTPRINTING_SRC.
      s3-waf: Try to fix the idl build.
      s3-waf: Added missing client option to pidl list for wbint.
      s3-samr: Fixed some build warnings.
      s3-samr: Correctly fix the transition from enum to uint32_t.
      s3-printing: Rename jobs_changed functions to jobs_added.
      s3-printing: Added function to update the queue.
      s3-lib: Fixed a possible crash bug.
      s3-build: Add a test-buildfarm target to stay UNIX Makefile compatible.
      s3-build: Use a wrapper script to run the tests.
      s3-build: Don't paste the summary.
      s3-auth: Use SamInfo3_for_guest to create guest server_info.
      s3-passdb: Added a pdb_try_account_unlock function.
      s3-passdb: Try to unlock the account if it is locked out.
      s3-auth: The unlock of the account is now done by the get_sampwnam call.
      s3-spoolss: Fixed a possible crash bug.
      s3-spoolss: Move spoolss winreg to new dcerpc client funtions.
      s3-spoolss: Fixed a possible crash bug.
      s3-spoolss: Fixed some build warnings.
      s3-auth: Added get_server_info_system function.
      s3-rpcint: Make auth_serversupplied_info const.
      s3-msdfs: Make auth_serversupplied_info const.
      s3-printing: Make auth_serversupplied_info const.
      s3-spoolss: Make auth_serversupplied_info const.
      s3-spoolss: Use systerm server_info for winreg connection.
      s3-printing: Make missing auth_serversupplied_info const.
      s3-spoolss: Don't leak memory on the session counter list.
      s3-printing: Document the printer list functions.
      s3-rpc_server: Added new parametric option 'rpc_server'
      s3-rpc_server: Use talloc_stackframe.
      s3-waf: Fixed the rpc_client build.
      s3-waf: Fixed the build.
      s3-waf: Create a variable for LIBNDR_NTPRINTING_SRC.
      s3-waf: Try to fix the idl build.
      s3-waf: Link smbd against RPCECHO.
      s3-spoolss: Fixed print_access_check server_info.
      s3-spoolss: Fixed print job access.
      s3-winbind: Fixed the build of idmap_rid.
      s3-rpc_server: Make auth_serversupplied_info const.
      s3-rpc_server: Normalize rpc_pipe_open_interface pipe name.
      s4-gensec: Add dependency on com_err to GENSEC_KRB5.
      s3-winbind: Fixed init order.
      s3-smbd: Call all the rpc services in the right order.
      s3-build: Remove broken RPC modules support.
      s3-smbd: Call the rpc service shutdown functions.
      s3-waf: Fixed the static rpc service build.
      s3-rpcecho: Only register rpcecho in the developer build.
      s3-rpc_client: Added dcerpc_lsa_open_policy.
      s3-rpc_client: Added dcerpc_lsa_open_policy2.
      s3-rpc_client: Added dcerpc_lsa_lookup_sids and dcerpc_lsa_lookup_sids3.
      s3-rpc_client: Added dcerpc_lsa_lookup_names.
      s3-netlogon: Move to new dcerpc client funtions.
      s3-rpc_client: Fixed the dcerpc_lsa_LookupSids3 lookup_options.
      s3-rpc_client: Fixed the dcerpc_lsa_LookupSids3 client_revision.
      s3-rpc_client: Fixed the dcerpc_lsa_LookupNames4 lookup_options.
      s3-rpc_client: Fixed the dcerpc_lsa_LookupNames4 client_revision.
      s3-auth: Fixed account lockout check.
      s3-rpc_client: Fixed return values of dcerpc_lsa_lookup_sids_generic.
      s3-rpc_client: Fixed status check of dcerpc_lsa_lookup_sids_noalloc.
      tdb: Added doxygen documentation.
      s3-smbd: Fixed a possible null pointer dereference.
      s3-param: Fixed code block in max_open_files().
      s3-rpc_client: Added header information to cli_lsarpc.h.
      s3-rpc_client: Added header information to cli_samr.h.
      s3-rpc_client: Added dcerpc_samr_chgpasswd_user.
      s3-rpc_client: Added dcerpc_samr_chgpasswd_user2.
      s3-rpc_client: Added dcerpc_samr_chng_pswd_auth_crap.
      s3-rpc_client: Added dcerpc_samr_chgpasswd_user3.
      s3-rpc_client: Rename get_query_dispinfo_params.
      s3-rpc_client: Added dcerpc_try_samr_connects.
      s3-smbd: Call all the rpc services in the right order.
      s3-build: Remove broken RPC modules support.
      s3-smbd: Call the rpc service shutdown functions.
      s3-waf: Fixed the static rpc service build.
      s3-rpcecho: Only register rpcecho in the developer build.
      s3-rpc_client: Added dcerpc_lsa_open_policy.
      s3-rpc_client: Added dcerpc_lsa_open_policy2.
      s3-rpc_client: Added dcerpc_lsa_lookup_sids and dcerpc_lsa_lookup_sids3.
      s3-rpc_client: Added dcerpc_lsa_lookup_names.
      s3-netlogon: Move to new dcerpc client funtions.
      s3-rpc_client: Fixed the dcerpc_lsa_LookupSids3 lookup_options.
      s3-rpc_client: Fixed the dcerpc_lsa_LookupSids3 client_revision.
      s3-rpc_client: Fixed the dcerpc_lsa_LookupNames4 lookup_options.
      s3-rpc_client: Fixed the dcerpc_lsa_LookupNames4 client_revision.
      s3-rpc_client: Fixed return values of dcerpc_lsa_lookup_sids_generic.
      s3-rpc_client: Fixed status check of dcerpc_lsa_lookup_sids_noalloc.
      s3-auth: Fixed account lockout check.
      s3-smbd: Fixed a possible null pointer dereference.
      s3-param: Fixed code block in max_open_files().
      s3-rpc_client: Added header information to cli_lsarpc.h.
      s3-rpc_client: Added header information to cli_samr.h.
      s3-rpc_client: Added dcerpc_samr_chgpasswd_user.
      s3-rpc_client: Added dcerpc_samr_chgpasswd_user2.
      s3-rpc_client: Added dcerpc_samr_chng_pswd_auth_crap.
      s3-rpc_client: Added dcerpc_samr_chgpasswd_user3.
      s3-rpc_client: Rename get_query_dispinfo_params.
      s3-rpc_client: Added dcerpc_try_samr_connects.
      tdb: Added doxygen documentation.
      s3-lib: Fixed a missing return value in tldap.
      s3-modules: Fixed the for-loop code block.
      s3-utils: Fixed possible resource leak in smbfilter.
      s3-utils: Fixed possible resource leak in smbget.
      s3-utils: Fixed possible resource leak in net_usershare.
      s3-utils: Fixed a resource leak in smbta-util.
      s3-lib: Fixed a missing return value in tldap.
      s3-modules: Fixed the for-loop code block.
      s3-utils: Fixed possible resource leak in smbfilter.
      s3-utils: Fixed possible resource leak in smbget.
      s3-utils: Fixed possible resource leak in net_usershare.
      s3-utils: Fixed a resource leak in smbta-util.
      s3-utils: Fixed a resource leak in net_afs.
      s3-utils: Fixed a resource leak in net_afs.
      librpc: Added support to accept netbios names.
      idl: Added missing endpoint mapper defines.
      s4-selftest: Mark epmapper as knownfail.
      s4-torture: Start with a clean epm_Insert_noreplace test.
      s4-torture: Added test_LookupHandleFree.
      s4-torture: Added a clean test_Lookup_simple.
      s4-torture: Added a clean test_Lookup_terminate_search.
      s4-torture: Added a clean test_Map_simple.
      s4-torture: Comment out the test_InqObject.
      s4-torture: Use binding handle in epm_Delete test.
      s4-torture: Added a test_Insert for epmapper.
      s4-torture: Added a full epm_Map test.
      s4-torture: Reorder the epmapper tests.
      librpc: Added support to accept netbios names.
      idl: Added missing endpoint mapper defines.
      s4-selftest: Mark epmapper as knownfail.
      s4-torture: Start with a clean epm_Insert_noreplace test.
      s4-torture: Added test_LookupHandleFree.
      s4-torture: Added a clean test_Lookup_simple.
      s4-torture: Added a clean test_Lookup_terminate_search.
      s4-torture: Added a clean test_Map_simple.
      s4-torture: Comment out the test_InqObject.
      s4-torture: Use binding handle in epm_Delete test.
      s4-torture: Added a test_Insert for epmapper.
      s4-torture: Added a full epm_Map test.
      s4-torture: Reorder the epmapper tests.
      replace: Try to fix broken sys/capabilites.h on Linux.
      s3-epmapper: Added a endpoint mapper skeleton.
      s3-epmapper: Added epm_Insert function.
      s3-epmapper: Added epm_Delete function.
      s3-epmapper: Added epm_Map function from Samba4.
      s3-epmapper: Added arg to match uuid in build_ep_list().
      s3-epmapper: Implemented epm_LookupHandleFree.
      s3-epmapper: Implemented epm_Lookup.
      s3-epmapper: Improved the epm_Map function.
      s3-epmapper: Commented unimplemented functions.
      s3-librpc: Added dcerpc register endpoint functions.
      s3-librpc: Added dcerpc_binding_vector_create function.
      s3-rpc_server: Only allow registering endpoints on priviledged pipes.
      s3-smbd: Added a function to setup rpc services.
      s3-smbd: Disable the endpoint mapper by default.
      replace: Try to fix broken sys/capabilites.h on Linux.
      s3-selftest: Enable RPC-EPMAPPER tests.
      s3-epmapper: Added a endpoint mapper skeleton.
      s3-epmapper: Added epm_Insert function.
      s3-epmapper: Added epm_Delete function.
      s3-epmapper: Added epm_Map function from Samba4.
      s3-epmapper: Added arg to match uuid in build_ep_list().
      s3-epmapper: Implemented epm_LookupHandleFree.
      s3-epmapper: Implemented epm_Lookup.
      s3-epmapper: Improved the epm_Map function.
      s3-epmapper: Commented unimplemented functions.
      s3-librpc: Added dcerpc register endpoint functions.
      s3-librpc: Added dcerpc_binding_vector_create function.
      s3-rpc_server: Only allow registering endpoints on priviledged pipes.
      s3-smbd: Added a function to setup rpc services.
      s3-smbd: Disable the endpoint mapper by default.
      s3-selftest: Enable RPC-EPMAPPER tests.
      s3-rpc_client: Added dcerpc_winreg_int_openkey().
      s3-rpc_client: Added winreg query dword helper.
      s3-rpc_client: Added winreg query binary helper.
      s3-rpc_client: Added a winreg set dword helper.
      s3-rpc_client: Added a winreg set sz helper.
      s3-rpc_client: Added a winreg set expand sz helper.
      s3-rpc_client: Added a winreg set multi sz helper.
      s3-rpc_client: Added a winreg query multi sz helper.
      s3-rpc_client: Added a winreg add multi sz helper.
      s3-rpc_client: Added a winreg helper to enum keys.
      s3-rpc_client: Added a winreg query sz helper.
      s3-rpc_client: Added a winreg set binary helper.
      s3-rpc_client: Added a winreg set security descriptor helper.
      s3-rpc_client: Added a winreg query security descriptor helper.
      s3-rpc_server: Migrated eventlog to winreg.
      s3-rpc_server: Added a winreg based eventlog registry init.
      s3-util: Moved eventlog_add_source to admin util.
      s3-smbd: Init the eventlog registry on service startup.
      s3-registry: Remove obsolete reg_eventlog.
      s3-services: Migrated svcctl registry functions to winreg.
      s3-rpc_server: Added a svcctl shutdown function.
      s3-rpc_server: Added a winreg based svcctl registry init.
      s3-smbd: Init the svcctl registry keys on service startup.
      s3-services: Remove obsolete services_db.c.
      s3-rpc_server: Migrated spoolss to dcerpc_winreg_enum_keys.
      s3-rpc_server: Migrated spoolss to dcerpc_winreg_set_sz..
      s3-rpc_server: Migrated spoolss to dcerpc_winreg_set_dword.
      s3-rpc_server: Migrated spoolss to dcerpc_winreg_set_X.
      s3-rpc_server: Migrated spoolss to dcerpc_winreg_set_X.
      s3-rpc_server: Migrated spoolss to dcerpc_winreg_query_dword.
      s3-rpc_server: Migrated spoolss to dcerpc_winreg_set_multi_sz.
      s3-perfcount: Create the directory on tdb open.
      s3-rpc_client: Added dcerpc_winreg_int_openkey().
      s3-rpc_client: Added winreg query dword helper.
      s3-rpc_client: Added winreg query binary helper.
      s3-rpc_client: Added a winreg set dword helper.
      s3-rpc_client: Added a winreg set sz helper.
      s3-rpc_client: Added a winreg set expand sz helper.
      s3-rpc_client: Added a winreg set multi sz helper.
      s3-rpc_client: Added a winreg query multi sz helper.
      s3-rpc_client: Added a winreg add multi sz helper.
      s3-rpc_client: Added a winreg helper to enum keys.
      s3-rpc_client: Added a winreg query sz helper.
      s3-rpc_client: Added a winreg set binary helper.
      s3-rpc_client: Added a winreg set security descriptor helper.
      s3-rpc_client: Added a winreg query security descriptor helper.
      s3-rpc_server: Migrated eventlog to winreg.
      s3-rpc_server: Added a winreg based eventlog registry init.
      s3-util: Moved eventlog_add_source to admin util.
      s3-smbd: Init the eventlog registry on service startup.
      s3-registry: Remove obsolete reg_eventlog.
      s3-services: Migrated svcctl registry functions to winreg.
      s3-rpc_server: Added a svcctl shutdown function.
      s3-rpc_server: Added a winreg based svcctl registry init.
      s3-smbd: Init the svcctl registry keys on service startup.
      s3-services: Remove obsolete services_db.c.
      s3-rpc_server: Migrated spoolss to dcerpc_winreg_enum_keys.
      s3-rpc_server: Migrated spoolss to dcerpc_winreg_set_sz..
      s3-rpc_server: Migrated spoolss to dcerpc_winreg_set_dword.
      s3-rpc_server: Migrated spoolss to dcerpc_winreg_set_X.
      s3-rpc_server: Migrated spoolss to dcerpc_winreg_set_X.
      s3-rpc_server: Migrated spoolss to dcerpc_winreg_query_dword.
      s3-rpc_server: Migrated spoolss to dcerpc_winreg_set_multi_sz.
      s3-perfcount: Create the directory on tdb open.
      s3: Added missing files in .gitignore.
      s3: Added file for clang complete support in vim.
      s3-rpc_server: Fixed possible segfault with client_id.
      s3-rpc_server: We need a messaging context for rpc.
      s3-rpc_server: Fixed possible segfault with client_id.
      s3-rpc_server: We need a messaging context for rpc.
      s3-rpc_server: Fixed possible segfaults in svcctl server.
      s3-rpc_client: Fixed winreg int documentation.
      s3-rpc_client: Added dcerpc_winreg_int_openkey() which dectects the hive.
      s3-rpc_client: Fixed an uninitialized variable.
      s3-rpc_server: Fixed possible segfaults in svcctl server.
      s3-rpc_client: Fixed winreg int documentation.
      s3-rpc_client: Added dcerpc_winreg_int_openkey() which dectects the hive.
      s3-rpc_client: Fixed an uninitialized variable.
      s3-librpc: Only register NCACN_NP.
      s3-rpc_server: Rename named_pipe_read_packet().
      s3-rpc_server: Create a common ncacn listen state.
      s3-rpc_server: Pass tevent_context to dcerpc endpoints.
      s3-rpc_server: Rename srv_rpc_register.
      s3-rpc_server: Rename srv_rpc_register.c.
      s3-rpc_server: Added function to setup tcpip listener!
      s3-rpc_server: Added port option to _rpc_ep_register.
      s3-rpc_server: Added event and msg ctx to _rpc_ep_register.
      s3-rpc_server: Let enpoint mapper listen on port 135.
      s3-rpc_client: Move client pipe functions to own header.
      s3-smbd: Pass tevent context to messaging functions.
      s3-librpc: Added tcpip support for dcerpc_binding_vector_create.
      s3-librpc: Free memory we don't need.
      s3-rpc_server: Added tcpip listener for each rpc service.
      s3-rpc_server: Set client and server connection info.
      s3-rpc_server: Added server address to pipes struct.
      s3-epmap: Return the correct ip address.
      s3-rpc_server: Added prototype to setup a ncalrpc socket.
      s3-rpc_client: Added DCERPC_AUTH_TYPE_NCALRPC bind.
      selftest: Added ncalrpc dir to config.
      s3-librpc: Register endpoints using ncalrpc.
      s3-rpc_server: Created an Endpoint Mapper Daemon.
      s3-rpc_server: Start the Endpoint Mapper Dameon if enabled.
      s3-rpc_server: Introduce transport in pipe_struct.
      s3-rpc_server: Only allow epm insert and delete on NCALRPC.
      s3-rpc_server: Fixed ncalrpc connection accept.
      s3-rpc_server: Remove unneeded ncacn wrappers.
      s3-rpc_server: Improved the dcerpc_ncacn_accept switch.
      s3-rpc_server: Add server support for NCALRPC system user pipe.
      s3-rpc_server: Create the ncalrpc endpoints.
      s3-librpc: Register NCALRPC pipes.
      s3-rpc_server: Fixed the accept() for named_pipe_listener.
      s3-rpc_server: Fixed the accept() for tcpip_listener.
      s3-rpc_server: Fixed the accept() for ncalrpc_listener.
      s3-winbind: Fixed the accept() for new_connection.
      s3-rpc_server: Free unused memory.
      s3-rpc_server: Added IPv6 support for epmapper.
      tevent: Fixed tevent_wakeup_send code example.
      s3-smbd: Increase debug level von context messages.
      s3-rpc_client: Don't ask endpoint mapper for its own port.
      s3-rpc_server: Change irritating debug message.
      s3-rpc_server: Add tevent based endpoint setup functions.
      s3-rpc_server: Use the new endpoint register functions.
      s3-rpc_server: Remove unused _rpc_ep_register.
      s3-rpc_server: Rename system_user to ncalrpc_as_system.
      s3-epmapper: Use DCERPC_AUTH_LEVEL_CONNECT for ep ncalrpc.
      s3-epmapper: Added a cleanup function.
      s3-epmapper: Shutdown the embedded epmapper cleanly.
      s3-epmd: Cleanup endpoint mapper correctly.
      s3-librpc: Leave the epm registration connection open.
      s3-rpc_server: Added a memory context to the ep regsiter state.
      s3-rpc_server: Implement an endpoint monitor loop.
      s3-rpc_server: Rename req to subreq.
      s3-rpc_server: Added disconnect callback function.
      s3-epmapper: Added function to delete endpoint entries.
      s3-epmd: Cleanup endpoints on service pipe disconnect.
      s3-epmapper: Remove unregister on shutdown.
      s3-epmapper: Setup epm in smbd to forward np requests.
      s3-epmapper: Log error if we can't register the endpoint.
      s3-epmapper: Use strcmp instead of strequal and check IPv6.
      s3-epmapper: Refactor the cleanup of endpoints.
      librpc: Added a dcerpc_binding_dup() function.
      s3-epmapper: Make sure we work on a description duplicate.
      librpc: Return an error if we a broken floor.
      s3-spoolssd: Fixed reopening of logs.
      s3-spoolssd: Pass down event and messanging context.
      s3-spoolssd: Added missing include.
      s3-spoolssd: Fixed logfile creation.
      s3-epmap: Make rpc_ep_setup_register an internal function.
      s3-spoolssd: Register spoolssd endpoints.
      s3-spoolssd: Start the spoolss service correctly.
      s3-rpc_server: Only allow embedded, daemon and external server type.
      s3-rpc_server: Fixed rpc_pipe_open_internal documentation.
      s3-winbindd: Use the correct enums for samr_QueryDomainInfo.
      s3-smbd: Added a change_to_user_by_session() function.
      s3-smbd: Added a become_user_by_session() function.
      s3-printing: Use become_user_by_session() function.
      libsmbconf: Introduce a sbcErrType.
      libsmbconf: Added a sbcErrorString() function.
      libsmbconf: Convert smbconf_init() to sbcErr.
      libsmbconf: Convert smbconf_open() to sbcErr.
      libsmbconf: Convert smbconf_drop() to sbcErr.
      libsmbconf: Convert smbconf_get_share_names() to sbcErr.
      libsmbconf: Convert smbconf_create_share() to smbErr.
      libsmbconf: Convert smbconf_get_share() to sbcErr.
      libsmbconf: Convert smbconf_delete_share() to sbcErr.
      libsmbconf: Convert smbconf_set_parameter() to sbcErr.
      libsmbconf: Convert smbconf_get_parameter() to sbcErr.
      libsmbconf: Convert smbconf_delete_parameter() to sbcErr.
      libsmbconf: Convert smbconf_get_includes() to sbcErr.
      libsmbconf: Convert smbconf_set_includes() to sbcErr.
      libsmbconf: Convert smbconf_delete_includes() to sbcErr.
      libsmbconf: Convert smbconf_transaction_*() to sbcErr.
      libsmbconf: Convert smbconf_get_config() to sbcErr.
      s3-waf: Create a registry private library.
      s3-waf: Create a public libsmconf.
      libsmbconf: Document smbconf_backend_requires_messaging().
      libsmbconf: Document smbconf_is_writeable().
      libsmbconf: Document smbconf_shutdown().
      libsmbconf: Document smbconf_changed().
      libsmbconf: Document smbconf_drop().
      libsmbconf: Document smbconf_get_config().
      libsmbconf: Document smbconf_get_share_names().
      libsmbconf: Document smbconf_share_exists().
      libsmbconf: Document smbconf_create_share().
      libsmbconf: Document smbconf_get_share().
      libsmbconf: Document smbconf_delete_share().
      libsmbconf: Document smbconf_set_parameter().
      libsmbconf: Document smbconf_set_global_parameter().
      libsmbconf: Document smbconf_get_parameter().
      libsmbconf: Document smbconf_get_global_parameter().
      libsmbconf: Document smbconf_delete_parameter().
      libsmbconf: Document smbconf_delete_global_parameter().
      libsmbconf: Document smbconf_get_includes().
      libsmbconf: Document smbconf_get_global_includes().
      libsmbconf: Document smbconf_set_includes().
      libsmbconf: Document smbconf_set_global_includes().
      libsmbconf: Document smbconf_delete_includes().
      libsmbconf: Document smbconf_delete_global_includes().
      libsmbconf: Document smbconf_transaction_start().
      libsmbconf: Document smbconf_transaction_commit().
      libsmbconf: Document smbconf_transaction_cancel().
      libsmbconf: Define a doxygen group for libsmbconf.
      s3-spoolss: Get the printer location from cups.
      s3-printing: Remove obsolete and unused cups_pull_comment_location().

Andrew Bartlett (5608):
      Remove warning about trapdoor systems for non-root mode.
      Added the basic tests of smb functionality for HEAD
      Changed some of the tests around, made failures for parts actualy count
      Add the generic funcions file for the basicsmb tests
      Jigger around with the tests a bit more
      This should return the build to normallity.
      Make smbtorture return status values for use in the build_farm tests.
      Not all OSs have setbuffer, so we better check for it.
      Start of smbtorture based testing.  Not all of smbtorture's facilites
      We need strict locking to pass LOCK4
      Fix the torture test, we had the wrong file-name in the tests
      This fix from Eelco Vriezekolk <eelco at nexus.com.na> is for a SIG11 bug where we
      Running torture-RANDOMIPC on the build farm doesn't go down as a 'good idea' as its logsfiles are BIG!
      See if we can stick to slightly valid C..
      This brings HEAD into line with SAMBA_2_2, they now both use bindir.
      Allow us to vary the log-level, so we can run at level 1 normally,
      Allow user to specify CFLAGS even when using configure.developer
      Update smbtorture in line with SAMBA_2_2
      You can't dump_data() a function pointer...
      Add backend encryption support for NTLMv2.
      Add a new paramater:  add machine script
      Fix the loading of configuration files using the include syntax.
      This removes unused paramaters from various authtication functions, and should
      Update tests, start testing password server code, now I have it working and
      Try to avoid clashes with OpenSSL when built --with-ssl, they also have md5.h,
      This fixes security=domain, which has been broke since the big charset
      Fix tree breakage, the last change was entirly non-portable, and we already
      This backs out my last change, which broke some of the finer points of RPC
      I think this was just a typo...  If there was some method to the madness then
      Some minor doco on what the build_farm dir does
      This should fix the build, I think tpot just missed the file for his CVS
      This patch fixes up a few issues where we would do lookups in the local system
      This is my 'Authentication Rewrite' version 1.01, mostly as submitted to
      This is the fix for the PAM bug I probably introduced in the previous commit,
      Record the NT_STATUS constant rather than its number in the logfiles
      Some better debugs for our security=server code.  I want to track down why
      Try to set the socket options early for some OSs (like Sol 8) where they
      This patch does a number of things, mostly smaller than they look :-)
      Kill of idra's extra become_root()/unbecome_root() now I have fixed the actual
      One less getpwnam() call...
      Style cleanup for the last vuid change.
      smbd/auth_server: Doco, we want to use cli_nt_error here soon
      Restore a debug I think I dropped earlier
      Move read only check into a helper funcion.  Ensure conn->service is set
      Move admin user check into a helper function.
      Move the claim_connection stuff till a little later in the process.
      OK, so not freeing these was a mistake.  I'll try to be less exuberent next
      Add comment to clarify why we call this twice.
      Add a new option to disable our paranoid server check.
      A few changes:
      Fix up some unused variables  and functions, fix up formatting
      Fix to only send the status32 error for status32 clients, not to other
      As per plug-fest discussions this paramater no longer defaults to the value
      Fix up some compile issues.  We can't have C99 comments and add a smattering
      Change the description on --with-pam_smbpass to make it clearer - some peope
      Finally commit my fix to this little mess...
      Now that we always get back an NTSTATUS code actually pass it on to the
      Update manpage for new 'add machine script' paramater
      Actually fill in the status for sainity checks
      Restore the profiling data shmem parinoia.  This whole area needs to be
      Fix up NTSTATUS stuff in rpcclient's help function
      This looked suspicious now we are attempting to to NTLMv2.
      Oops...  For reference, NTLMv2 passwords are > 24 chars in length, while
      update for .proto.stamp
      Kill off the //server/share%user hack in share level security.
      Looks like it missed these.  make_connection now no longer takes a 'username'
      Kill off the dangerous passwd program default, as its both very
      Start pushing the NTSTATUS stuff out to the wire for session setups.
      Fix up workstaion and kickoff time checks, moved to auth_smbpasswd.c where
      Minor tidy-up.
      Fix (I hope) for a number of little compile warnings found by the IRIX
      Fix compile warnings on IRIX's cc.
      Reverse some of the breakage I commited a day or two ago, as we need to
      fix debug
      Fix (I hope) compile on HP-UX.  Found by the build farm.
      Remove the ugly hacks to get around the Get_Pwnam() calls in pass_check.c by
      passdb/pampass.c and passdb/pass_check.c are not passdb related at all,
      Use lp_private_dir() not magic on the lp_smb_passwd_file() output.
      This isn't used anymore
      printf() -> d_printf()
      Add the ability to display Samba's build options with smbd -b and as a level 4
      Adding the appropirate files might help...
      Reran autoconf, autoheader
      Try to fix up the shell syntax
      - Fix up to use sampass->username insted of user_info->smb_username
      Revert this one:  The NTLMv2 checks need the original username as found
      Fix for MiXed and UPPER case usernames with plaintext PAM passwords.
      Add and modify some of the various tests I have had sitting around here for a
      Rearrange the ordering of the checks in make_connection().  The new order has
      Check 'hosts equiv' and 'use rhosts' compatability with 'hostname
      Fix up the test for some of the quirkier hosts on the farm, and enable one
      We are not meant to touch the username, so use the pass->pw_name output rather
      Move pass_check.c over to NTSTATUS, allowing full NTSTATUS from PAM to wire!
      These are RIDs not Unix UIDs so make this clear in the feild names.
      Fix up NT_STATUS return for session setups, Win2k objects to anything other
      Zero out these pstrings before we start: makes for much easier debugging.
      Lets call an NTSTATUS an nt_status, not an ecode.
      Add .headers.stamp
      If we disable hostname lookups we can at least get a uniform answer for testing
      Try to fix up manpage installation
      Change ./configure.developer to stay in effect across a
      Fix up the ./configure for the BSDs:
      Don't segfault when deleting accounts not in /etc/passwd.  The RID we want is
      Finish Jeremy's passdb merge :-).
      Update build_options.c in line with new configure options.
      We don't use a modified 'user' in any case, so don't modifiy it.
      More updates to prevent account-guessing.
      Add a new interface pdb_set_plaintext_passwd() to the passdb.  This simply
      Fix up pdbedit to initialise its structures with the standard functions,
      Fix up TDB_SAM with repect to case sensitvity.  (need to use unix_strlower)
      Fix the uninitialised variable, but more importantly fix the SEGFAULT.
      Make use of the pdb_set_plaintext_passwd() update to vastly simplify
      Update for new pdb_set_plaintext_passwd() interface.
      Fix this to use the plaintext password code directly, like SWAT does.
      Rearrange the order of the checks in auth_smbpasswd.c, always check passwords
      Process the workstation trust account code INSIDE the authenticaion subsystem,
      Kill of the reply.c end of the workstaion trust account mess.
      Fix memory leak in get_sampwd_entries(), reindent for clarity.
      Kill unused variables
      Major update to pdbedit's import and export code, in line with reqests for it
      How the heck I missed this I don't know, but somehow I got a copy-and-paste
      Add a few const statements to various odd bits of the tree.  (Fixes some
      Fix up a number of intertwined issues:
      This is the passdb section of the previously mentioned commit.
      Finally kill off the SMBENCRYPT() macro.
      Make header comment clearer, these are RIDs, not UIDs.
      Small changes to register_vuid ahead of a larger restructure.
      Don't try to write the LM password in the NT password feild.
      move libsmb/domain_client_validate.o around in the makefile again, it really is
      Fix up indenting in out SAM password check code.
      Fix for compilation on non-krb5 systems
      Restore the intended behaviour for .headers.stamp
      samba-bugs at samba.org -> samba at samba.org
      A few spelling fixes from Vance.  <vance at digital-host.net>
      Fix up the Makefile for now (thanks herb).
      This commit is number 1 of 4.
      This commit is number 2 of 4.
      This commit is number 3 of 4.
      This commit is number 4 of 4.
      This patch applied, except without the structure changes to nmblib.c
      More spelling and grammer from Vance. <vance at digital-host.net>
      Add a bit of 'const' for the data_blob code.
      Fix up auth_smbpasswd.c to use the password interface, rather than the
      Fix up smbpasswd -e/-d  so that it doesn't change the password under you any
      Spnego on the 'server' end of security=server just does not work, so set the
      Parionia to ensure people don't install libsmb based programs setuid root.
      Small 'const' updates ahead of some AuthRewrite merging.
      SPNEGO works perfectly well with security=domain, so don't exclude it.
      More const.
      This is a farily large patch (3300 lines) and reworks most of the AuthRewrite
      Small changes for guest authenticated pipes.
      ... and clean up the unused variables.
      Fix up domain logons.  Tested with NT4.
      When you make a data_blob() then you probably need to free it too...
      This should fix up the compile with krb5.
      Various post AuthRewrite cleanups, fixups and tidyups.
      Return 1 (rather than 0) on failure.  This may well help get the build farm
      Move the test for non-SPNEGO session setups when using SPNEGO, becouse its a
      Minor cleanups/fixes in the NTLMv2 code
      anonymous logins are guest logins, so mark them as such. (Otherwise they can
      Fix up pdbedit so that it at least compiles without warnings.
      Fixup for accounts without a local /etc/passwd entry.
      Fix up authenticated pipes in line with vuser changes.  This ensures that global
      Fix segfault. sup_tok might not always be with us.
      Initilising these variables before appending the domain groups to them
      UGLY HACK to get machines to join tdbsam domains again.
      Change to guest logon code.
      This change updates lp_guestaccount() to be a *global* paramater, rather than
      Remove built-in support for clear-text kerberos authentication.
      Minor updates.  A small dose of const.
      This extra check isn't needed, we can only get here if secuirty=domain
      make sam_account_ok static.
      Add back the not null checks in a better place.
      Fix up some DEBUG()s
      Kill off 'restrict anonymous' becouse it is useless in its current form.
      Code duplication is bad.  So add an add_signiture() function and just refernce
      Fix up the build again...
      Update some of the error mapping, based on on-the-wire observations of an NT4 server.
      Kill off that crazy copy_sam_passwd().  You simply can't do that if the
      This is another rather major change to the samba authenticaion
      And add the winbind module I missed in the last run.
      Fix ./configure --enable-developer warnings (shadow of global)
      Unless the error is exactly NT_STATUS_OK, we might not have a server info, so
      Add a new torture test to extract a NT->DOS error map from an NT member of a
      oops, I forgot to include the header file
      Add the PDC end of the smbtorture test for creating an NT_STATUS -> DOS error
      This compleats the of the authenticaion subystem into the new 'auth'
      And delete domain_client_validate.c...
      Fix up the build farm again.
      prevent proto from picking up this as a defintion for 'main()' becoue it conflicts with nmbd's definition.
      A number of things to clean up the auth subsytem a bit...
      Fix debug
      Fix --enable-developer shadow warning
      Some random updates for the ADS-HOWTO
      Allow kerberos to work on RedHat and other non /usr systems again
      Make better use of the ads_init() function to get the kerberos relam etc.
      Fix up the ./configure tests for kerberos.  This ensures a more consistant
      This is another major rework of the 'net' command.
      Forgot this one with the last commit...
      This change reworkes the connection code for both rpcclient and net new
      This comment no longer applies.
      Fix up funtion name, as this finds local, not domain master browsers.
      Some changes to the name resolution code in 'net' to allow us to find a
      Add 'net rpc join' to match the ADS equiv.
      smbpasswd is *ugly*!
      Const religion for some of the RPC code.
      Ditto on the const religion.
      Add a mechinism to allow for sane porting of rpcclient components into the new
      Follow herb's suggestion and don't strdup a string to itself.
      Follow herb's suggestion and don't strdup a string to itself
      Split out the name resolution code into a seperate function
      Make it easier to construct anonymous connections with a new flag and helper
      Add a new flag for anonymous connections
      Ensure we fill in the %U for NTLMSSP connections
      Add a couple of extra debugs for the secrets.tdb stuff
      OK.  Smbpasswd -j is DEAD.
      Ensure that 'use spnego' restricts, rather than just advises our clients.
      Leak less memory.
      Fix segfault, and add a comment.
      By popular demand: a new config.guess and config.sub
      Make Samba compile on RH 6.2 again.
      Fix the compile on systems without a full kerberos kit.
      Finish idra's cleanup of the RPC remote shutdown code.
      Finally remove these files, which moved (by cvs backend magic) to source/auth
      Add a pile of doxygen style comments to various parts of Samba.  Many of these
      Allow this to build without LDAP, as per the example below it.
      Make --with-tdbsam compile again, given the new 'am I setting a default' flags.
      Give the main loop talloc context a name (using mbp's new talloc naming
      Fix up the comment in the copyright header
      Add 'net rpc shutdown' and 'net rpc abortshutdown'.
      Ensure the output cli can't have spurious values if the connection fails...
      Named constants are always much better than magic numbers...
      Fix up C99 comment.
      Add a specialised version of tpot's libsmb samlogon code for use with
      A farily large commit:
      Further rpc_client removal, this time from winbindd.
      Now that winbind doesn't rely on this, we may as well remove it...
      Allow usernames in the form of 'NT_STATUS_....' to map to that as the error
      Add a function to convert 'NT_STATUS...' strings back into their actual error
      This brings the NT->DOS error mapping into better line with what NT does.
      Minor update to make the output 'real C'.  (The output is intended to be a C
      Another touch of 'const'
      Actually enforce the passdb API.
      We go to a lot of effort to avoid strcpy() in Samba, but its not much use if
      Re-add bail on failure.
      Workaround some 'smarts' in Win2k.
      A few changes to always output the erorr mapping even when the error was
      Make a couple more of the warnings also be C comments
      Update the NT_STATUS -> DOS error table.
      Add a touch of const
      One line fix to get smbmount working again.
      Add a comment on how this error map was derrived.
      Add a talloc varient of the data_blob functions.
      I've decided to move the auth code around a bit more...
      Fix up the SPNEGO segfault.
      Some more SPNEGO fixes.
      Get this code back to where it belongs...
      This changes the winbind protcol a bit:
      Return the winbind separator over the socket, so programs don't have to parse
      Take a stab at keeping the doco current :-)
      Fix up 'net ads join' to delete and rejoin if the account already exists.
      Back out the crazy notion that the NTLMSSP flags actually mean anything...
      The DC is meant to be sent the *unmapped* username...
      Make this error match Win2k.
      Move all the pdb_get...() and pdb_set...() functions to a new file.
      Thanks to vance for spotting the missing Makefile.in commit.
      Many thanks to Alexander Bokovoy <a.bokovoy at sam-solutions.net>.
      I'm doing some things towards the NamedPipes game with lckl and he has asked me
      Re-indent these two functions to make it actually possible to understand their
      A couple of coding syle updates to follow the re-indent.
      Fix a segfault in auth/auth_domain.c error cases.
      Initialise cli variables and try not to do a cli_shutdown() of uninitialsed
      I like --enable-developer, but I find it rather usless when all it gets me is a
      rerun autoconf
      Change the passdb interface to use allocated strings.
      Commit the auth associated changes I missed from the last commit.
      For some reason I wasn't thinking about failure cases this morning...
      Move the bang (!) command back to the bottom of the list, allowing smbclient
      A nice *big* change to the fundemental way we do things.
      This is the 'winbind default domain' patch from Alexander Bokovoy
      Don't do tridge's crazy 'am I a trusted domain' lookup for guests.
      Update the build farm's test runlist and make it a bit easier to read.
      Fix up runlist botchup.
      This patch makes the 'winbind use default domain' code interact better with
      This is the current patch from Luke Leighton <lckl at samba-tng.org> to add a
      Fix a couple of memory leaks in the cli_establish_connection() code's failure
      Add a touch of 'const' to some auth components, and move the simple plaintext
      Kill off the old varient of 'check_plaintext_password' (new version just
      Fix up an embarrsing bug I introduced when I moved the id21/id23 -> SAM_ACCOUNT
      Kill off another ugly wart from the side of the passdb subsystem.
      This is another *BIG* change...
      Try to see if we can get these tests working...
      Vance and his eagle eyes spotted a copy and paste error in my smb.conf updates.
      A couple more little fixes for the domain security tests.
      This should get the oldstyle domain join tests working again.
      Also echo the smbpasswd command line
      Fix the negation of the extra parinoia check on machine password changes.
      Inititialise the gid to what standard_sub_advanced wants for 'no value'.
      Add the -s command to keep smbpasswd quiet during the tests.
      One less Get_Pwnam_Modify call!
      getpwnam -> getpwnam_alloc
      getpwnam -> getpwnam_alloc
      Change the order of this a bit - as unix password change can fail.
      getpwnam -> getpwnam_alloc.
      Bring auth_winbind into line with the protocol changes
      Fix a 'const' warning.
      Passdb changes:
      Change this code so that we don't do a lookup_name() on root.
      Add some information tidbits to an error DEBUG().
      Try to move towards slightly sane linking for Samba by removing some pdb_...()
      Try to get the compiler not to complain about assignments and truth values...
      These changes commited on a 'no less broken' basis.
      The new plugable password backend system needs to be initialised after
      fix typo
      Fix up a security issue with the way we handle domain groups retuned on the
      This always points at a string literal, so it probably should be 'const'.
      Remove the 'direct to winbind' hacks, as they should (if I understand
      Allow a winbind client to obtain the server's domain name.
      Change the winbind interface to use seperate 'domain' and 'username' feilds for
      local_lookup_name() doens't acutally use its 'domain' argument, so drop it and
      We may as well not use these temporary variables - they are only used once and
      Move the lsa code across to the changed args for lookup_name, and surround it
      Add the become_root()/unbecome_root() wrapper around the lookup_name() call,
      Rework lookup_name() to take seperate username/domain args, and to remove
      Make a talloc'ed copy of this strings so we can pass the right kind of pointer
      Bring this code into line with new winbind_lookup_name() interface.  I think
      Back out some of the less well thought out ideas from last weeks work on
      - Provide sid->name lookup support for non-unix accounts.
      Give pdbedit a -D paramater for setting the DEBUGLEVEL (makes debugging passdb
      Patch from Kevin Stefanik <kstef at mtppi.org> to do some more error checking for
      Yes, dev is an 'input/output' paramater...
      Some more 'winbind default domain' support patches from Alexander Bokovoy
      Name another talloc.
      An attempt at producing the correct Makefile magic for wrepld_proto.h to be
      Back out herb's changes (to allow smbpasswd -x to work on accounts outside
      Initialise some SAM_ACCOUNT structs to NULL, and add some more error checking.
      Make smbgroupedit a little easier on the user.
      A new simpiler syntax demands a new simpiler HOWTO.  (This can all be reverted
      Drastic impromvents to pam_winbind.
      See if we can get slightly valid C for the non-PAM case here.
      Fix use of uninitialsed variable in PAM code
      Try to get this finally working.  (Note to self: *always* check build farm...)
      Fix up some of the DEBUG lines in winbind_pam.c
      Do the reverse DNS lookup, but only if 'hostname lookups = yes'
      Fix up some braindamage in the testsuite.
      A few small winbind updates:
      Winbind cleanup.
      Try not to malloc -1 bytes (apx 4GB) when the data is already in error.
      dont strdup() possibly null values.
      in dos_unmangle() the only function call was to *mangle()*.  Adding the
      Patch from Hasch at t-online.de (Juergen Hasch) to add UTF-8 as an explict
      Thanks to David Edward Shapiro <David.Edward.Shapiro at btitele.com> for spotting
      This fixes a bug (spotted by Rafal Szczesniak <mimir at diament.ists.pwr.wroc.pl>)
      Try to catch the compilers that don't handle immidiate structures as well as we
      rerun autoconf
      Add the pdb_plugin module from Jelmer Vernooij <jelmer at nl.linux.org>.
      Also add the matching example pdb module.
      Get rid of the unused WL variable from the previous patch.  I think these were
      We can't build shared libs on sco, so no point attempting to export dynamic
      Rerun configure
      Make this function static
      This apparently makes winbind work on Solaris again
      "user doesn't exist" isn't worthy of a level 1 debug.  Make it level 3.
      This should fix up the level 0 'convert_string' debug messages that we have
      This should kill off the 'cannot convert' error messages on non-iconv hosts.
      Fix up the pull_utf8_fstring/pstring functions, and add their push eqivilants.
      Move wbinfo over to d_printf().  Patch by Hasch at t-online.de (Juergen Hasch)
      Various comment fixes from Rafal Szczesniak <mimir at diament.ists.pwr.wroc.pl>
      See if we can get a slight chance of this actually working...
      use the variable passed as a paramater, not just one randomly in our namespace.
      Another comment fix for mirmir
      The beginning of trusted and trusting domain support from
      Missed the Makefile.in update...
      Add a dash of const here and there...
      And a little more const.
      Fix up the trusted domains secrets code so as to have a slight chance of
      Missing include file update for the secrets.c trustdom changes
      Remove util_list.h, as its matching .c file has already gone, and nobody is
      Allow Samba to trust NT4 Domains.
      more const
      This patch merges my private LDAP tree into HEAD.
      This is now unused
      Move these inside the #ifdef to fix the compile on non-LDAPsam systems.
      This patch allows NT4 domains to trust Samba.
      Matching header files for the last netlogon cleanup.
      Some more fixes to enusre we execute the same code pathes as before this
      Move the directory creation process outside the 'installbin.sh' script, and
      I don't need my name on this twice :-)
      Fix typo in copyright
      Ensure we never use "" as a domain name (Win9X apparently does this for 'net use' duirng login).
      Actually include some *information* in the mangle debug messages.
      Allow us to see the difference between these two errors.  (We need to chase
      Fix a double-free bug in wbinfo -t's call in winbindd.
      Allow a zero rid in pdb_smbpasswd.  When given a zero rid the pdb backend
      Make ldapsam compile again.
      Make sure to initaliase SAM_ACCOUNT pointers to NULL, otherwise pdb_init_sam()
      Don't leak memory on failure.
      There is no reason we can't join a domain with secuirty=user.  In fact we
      Join as a server trust account if the server role is either PDC or BDC.
      Various winbind updates:
      Minor fixes:
      Patch from Hasch at t-online.de (Juergen Hasch) to add allocate and talloc
      Update some of the DEBUG()s in Get_Pwnam_internal()
      Make a number of the lookup tables 'const'.  I'm told this assists in sharing
      rerun autoconf
      Correctly store the hostname of the remote machine if so configured.  If the
      Extra parinoa and DEBUG()s for the make_user_info_map() code.
      Documentation updates.
      add {push,pull}_ucs2{allocate,talloc}() functions.
      More winbind for HPUX updates from Don Mccall.  I think JRA has already
      Fix up major logic reversal flaws in pdb_ldap.
      Reintroduce the 2.2 name mangling code, until we get are more flexible solution.
      Add a become_root()/unbecome_root() pair to allow acces to the passdb for
      Much better support for both non-algorithic RIDs (where the RID is stored in
      Remove : from the list seperators, as this is used to seperate out components
      Make our atomic increment code actually do this during its first/second run.
      This is the 'multiple pdb backends' patch from ctrlsoft, aka Jelmer Vernooij
      Better handling of uid/gid -> RID and RID -> uid/gid code.
      More updates from ctrlsoft. (Jelmer Vernooij <jelmer at nl.linux.org>)
      Doco update from Hasch at t-online.de (Juergen Hasch)
      Fix the compile-bug in pdb_ldap from my last patch.
      Patch for arbitary smb.conf paramaters (to make the life of plugin maintainers
      Fix the build on platforms that use our internal popt.
      As always, vance looks after the grammer... :-)
      Partly based on the work by mimir (Rafal Szczesniak
      Extra file for the tdb search code (linked list definition).
      Another patch from jelmer:
      Spelling fixes from vance
      Allow -c to specify the location of the config file, and fix up some handling
      Get the sco boxes compiling again - use the sys_ intefaces for all the dl*
      more dl* -> sys_dl* for sco
      Update the doco for the LDAP options in smb.conf, in line with code changes
      This removes --with-ssl from Samba.
      A few more trusted domains updates from mimir.
      Make Get_Pwnam use getpwnam_alloc() in an attempt to make it segfault rather
      Check paramters for NULL.
      Add a touch of const
      Make non-static for some later work (pushing the info3 across the winbind
      This is meant to be accessed via the helper fn, not directly.
      Make --with-ldapsam 'go away'.  This is now a standard, stable, feature
      A few things in this commit:
      As per rsharpe's request, require only a Masters in Astrophysics to
      Make smbpasswd at least slightly sane.  This kills off some of the
      Include the extra #define for the last set of smbpasswd mods.
      Remove const from some functions to match the changed prototype in a
      Oops, I missed commiting this earlier.
      Move client_receive_smb to clientgen.c as a static, as proposed by Elrond.
      Remove unused files.
      Keep the compiler happy
      Updates for sane storage of ldap root DN passwords (tested, with upgrade
      Commit the header file for the LDAP/secrets  changes
      Fix a silly memory (getpnam_alloc()) leak spotted by Elrond, and move
      Add a bit more const, and kill of (finally!) sys_getpwnam and sys_getpwuid.
      Nobody uses this function, and there really doesn't seem much point to
      Given Jeremy's positive response, and a lack of one from tpot, I'll commit
      Nobody uses this, and its really just a layer of internal implementation.
      This function is unused, and doesn't make any sense to me anyway.
      Make function match the defintion require for assignment as a function
      Don't duplicat this here, use the existing function prototype.
      Move the authenticaion subsystem over to the same 'module:options' syntax
      Remove the password length paramater from cli_full_connection - it really
      Some of the updates from ctrlsoft's 'Various' patch:
      Some grammar fixes picked up from the bugs.debian.org, submitted by
      Name the authentication modules, and therfore fix up both the build farm
      Remove unused variable, fix functions to match prototypes in the various
      Only reterive the attributes we are actually going to use - rather than
      Clean up a few unused functions, add a bit of static etc.
      Update some of the LM hash code to better respect the seperation between
      Add support for NTLMv2 (tested!) with NTLMSSP.
      Updates to better report some NTSTATUS errors into PAM, and update to PAM
      Update the SAMR pipe for more use of NTSTATUS and to talloc the stored list of
      A couple of updates for the SmbEncrypt code, and some of its users.
      Add flags2 for security signitures
      Move the code from lib/util_sid.c that deals with the global_sam_sid into
      Globally replace 'global_sam_sid' with get_global_sam_sid(), a self
      Fix comment
      This (hopefully) fixes a bug reported by Kai Krueger <kai at kruegernetz.de>
      This paragraph is irrelevent and misleading  (needs fix for 2.2 as well)
      Fix up comment on netbios scopes, and remove paragraph about international
      With this file being automaticly regenerated, and cleaned up with 'make clean'
      Remove "sids.h" as it really wasn't being used anywhere, and was exporting
      Latest patch from metze <metze at metzemix.de> to move most of samba across
      Add const, kill of useless casts and therefore eliminate warnings.
      Patch (from ctrlsoft <jelmer at nl.linux.org>) to poptify testparm, and the
      Patch from ctrlsoft to make the pluggable passdb subsystem use an lp_list
      Add some comments on writing new pdb modules. (from ctrlsoft)
      Convenience function to allow a SID to be specified as a string.
      Kill useless cast
      Debug fixes from ctrlsoft
      Some updates from ctrlsoft <jelmer at nl.linux.org> to return failure if *any* of
      It looks like we never tested the 'cleanup' code, so when I triggered it
      Patch from ctrlsoft to use the pdb_sethexpwd function in smbpasswd - instead
      Allow non unix accounts to be added to an ldap directory without NUA accounts
      Add a touch of const to this - helps with some yet-to-be-commited changes
      Add back sys_getpwnam() and freinds to the system.c interface, but don't
      It appears that to match NT we should not use the 'samstrict' behaviour,
      Add another 'trivial' built in authentication module - this one is a
      This patch does 2 things:
      Add the missing makefile from previous commit
      Update the netlogon code to better cope with trusted domains, where things
      Rework much of the service.c code:
      Unsused function since last commit
      Simplify this code further.  Just substitute %H, and let the normal code
      When adding popt to an application, you need to ensure it builds on non-popt
      Fix up some of the SMB signing code:
      Two things:  Check how many paramaters that the LDAP libs take for the
      Further updates to the service.c code.  authorise_login() is now a bit simpiler
      Cope with the requirement for constant initialisers on some unix C compilers.
      make the echo'ed command match the actual command run.
      Raise some debug levels.
      Add module versioning to the passdb module system
      Try to get security=domain at least slightly working.
      Add a couple more DEBUG()s to winbindd.
      Break up samba's object dependencies, and its prototype includes.
      Kill off unnecessary cast.
      Add a .cvsignore file
      And another .cvsignore
      Update cli_full_connection() to take a 'flags' paramater, and try to get a
      Try to avoid infinite loops when reteriving users - even from broken servers.
      I'm going to try and check this against Win2k shortly, but I'm certain that
      Fix the smbmnt compile.
      And fix another missing ubiqx...
      Qualify some of the hexidecimal responses with 0x
      Another bug fix from metze.
      We don't use SSL any more...
      Jelmer has been keeping on top of the typos.
      Kill off codepage related stuff, now we don't use codepages any more.
      Remove invalid comment - these are all 'unix' strings now.
      Fix the forword prototype to be a static for this static function.
      Fix the spelling in the LDAP attributes
      Add my copyright (which I should have added months ago...)
      Make these functions static.  These are not mentioned in the external header,
      Break up the passdb objects (to allow RPC clients to link without brining in
      Always free_conn() after all the DEBUG()s etc.
      Patch to add security descriptors to the SAMR pipe.
      More code from "Kai Krueger" <kai at kruegernetz.de>, this time starting to make
      Fix debug comment.
      Increse the maximum non-unix-account ID (becouse the Compaq Test Drive systems
      Copy the NT_TOKEN to the pipe, so the SAMR can use it for access control.
      Updates to the 'name -> sid' code:
      (this should have been part of the previous commit)
      Jerry:  Sorry if I am stepping on toes here, but this should fix the compile on
      Fix const warning
      Kill off const warnings - add a pile of const to various places.
      Make it clear that the debug comment is the same as the command being tested
      If we get a SID from group mapping, no need to check it's prefix.
      This makes smbcacls a bit easier to use and debug.
      Make smbpasswd behave like all the other backends, where a NULL or invalid
      I just noticed that I never added my copyright when I messed with this
      Make smbmnt a standalone program from a linker point of view.  Hopefully this
      make this a ZERO_STRUCTP for consitancy with the rest of Samba.
      Move nttrans.c into the NTSTATUS age.
      Fix up a botched prevoius commit.
      Apply patch from "Kai Krueger" <kai at kruegernetz.de> to make it easier to
      Show the account flags in the 'verbose' listing of pdbedit.
      NT_STATUS_UNSUCCESSFUL just gets clients confused - move to NO_LOGON_SERVERS
      Add a wrapper for dup2() to our system.c
      Update the usage for smbgroupedit to document -d for 'description'.
      Add support for a weird behaviour apparently used by Win9X pass-through
      Add support for duplicating stderr into our logfiles.
      Move some startup time initialisation to server.c, so it is all in one place.
      If we can't connect, make sure its a level 0 so we see it, and the reason.
      Fix up char/uchar casts etc.  Fix up comments on some of the password hash
      Update the smbd reply code a little:
      Make it clear that the 'service' isn't to be touched.  (Make it const).
      Add some const to try and get less warnings.
      Try to fix up warnings - particularly on the IRIX 64 bit compiler (which had a
      correctly declare global_myworkgroup to be the right size.
      More fixes towards warnings on the IRIX compiler
      Oops, my bad.  I forgot to assign this, so lookupnames wasn't doing much :-)
      And a little more 'const'.
      Compilers do find bugs :-)
      More use of intermediate variables to avoid issues with pointer size and casts.
      Looks like I missed this earlier.  We should connect as the specified workgroup
      Tpot missed one...
      Another smattering of static and const
      Add some const & static, remove unused functions.
      More cleanups, and add a comment/hint not to clean somthing up in future :-)
      Give an idea what service didn't have the directory.
      Add another message rather than 'internal module error'
      We must be root to access the passdb, so ensure all calls to local_lookup_sid()
      Actually check the return value of the account_policy_get() call.
      Make it possible to query account policy values from pdbedit (set to come soon).
      If lp_add_home() fails, don't go any further, just return -1.
      Clarify this comment.
      I think this makes the debug statement clearer.
      Mimir has been busy with patches again, and sent in the following
      (another patch from mimir)
      Rafal 'Mimir' Szczesniak <mimir at diament.ists.pwr.wroc.pl> has been busy
      This should fix a nastly little bug where if a user had already done one
      Update the rebind code in pdb_ldap.
      A very long time ago (actually 6 months ago) I promised to commit this code
      Clean this code up a little.  If it's alrady asprintf()ed, I see no
      It seems I didn't need to write a dup2() wrapper - as we already use it a
      Another item off my long-term todo list:
      Warn about n^2 algorithm with utmp=yes.
      Fix a missing 'no memory' return in last night's svrsvc code, and use
      Add the ability to set account policies too.
      This patch does two things:
      We don't need this silly unix username stuff.  NT username is basicly unused,
      Add quotes so we can see 0 length strings.
      These are not critical errors, they should not be a level 0.
      These pointers should be for the service we just cloned, not the new service
      Make some of the charconv code a bit easier to read and work with - when we
      Update a pile of Samba's SID lookup code to ensure:
      Only allow 'security=ads' when we HAVE_ADS.
      fix debug, at idra's suggestion.
      Don't accidenity mess with the wrong domain's sids.
      Rework parinioa to ensure we never get passwords longer than MAX_PASS_LEN, nor
      Winbind updates!
      Let everybody enjoy my new toy - make it the default!
      Add the current working document on the interface to the tree that we have
      Now that I got the function arguments sane, remove the silly (void **) casts
      Try to make this easier to debug - display the username that failed.
      I must have missed this when I was adding 'const' to these earlier...
      Back out idra's change (at his request) - the values in the tdb *should* be
      Try to bind with LDAPv3 if possible.
      Add const to a pile of const to *DOM_SID paramaters.
      Add some more const :-)
      Add 'const' to the function prototypes to match the recent commit.
      Patch from Steve Langasek <vorlon at netexpress.net> to split up our -l
      Samba dependency hell claim's another victim...
      Fix the %m security bug again - and try to make it harder to reintroduce in
      Make 'remote_machine' private to lib/substitute.c, and fix all the user to use
      Fix segfault in the new NTLMSSP code.  jmcd:  can you look at this - what
      Add some const to the 'in' paramaters for these functions.
      Make the 'guest account' always have a RID of DOMAIN_USER_RID_GUEST.
      Return the error if get_group_domain_entries() fails.
      Rework the 'guest account get's RID 501' code again...
      The idea of this function is not to touch the argument, so make it const too...
      Becouse of changes to the meaning of this feild over time, this doesn't
      Add 'const'.
      Add const.
      Move tridge's getgrouplist() replacement function from replace.c to a new
      Quick hack to get around the inadequacy of pdb_smbpasswd.  This should make the
      Change which session key we negotiate.  This uses the NT-based session key that
      Based orginally by work by Kai, this patch moves our NT_TOKEN generation into
      Handle wrap-around on this number by making it unsigned.
      Fix pam_smbpass to always check the return value of pdb_getsampwnam() to
      Use the 'init' flag to determine if the UID is set, rather than testing the
      Cope with non-unix accounts - we just won't get the groups for those users.
      This is like jht's (abortive) patch for showing only non-default testparm
      Add tridge's backtrace script - it should at least work for systems with
      More hacks for 'guest account' to get it to show up with the right rid...
      Move comment
      A few fixes towards libsmbclient and rpcclient - get pointer types right and
      Make samsync use popt
      Ensure we don't change to a user that we can't get an NT_TOKEN for.
      We need to return the value here...
      Fix from kai to correctly decode ntlmssp flags.
      Patch from mimir to back out idra's attempted DOS mitigation patch.
      Use a function that actually exists for the keepalive send.
      Steve Langasek <vorlon at netexpress.net> has again attempted to simplify Samba's
      Clarify function comments
      Try to support non-root-mode systems without getgrouplist().
      Our 'guest' login still requires an entry in the SAM - and build farm machines
      Header file change from last commit.
      Some fixes for SMB signing.  I can now get Win2k to correctly respond with a
      I think this should fix the compile on some of the CUPS based machines.
      We don't need the RTLD_GLOBAL.
      paranoid server security defaults to yes
      Add a fix for 'query_disp_info level 2', which should return all machines in
      Avoid writing unitialised bytes to the wire (and consequent valgrind warnings)
      Add a bit of 'const' and move a lot of our 'repeditive' DEBUG() statements to
      Add a dash of static.
      Set default ACB attributes on 'unixsam' accounts.  This means that machine
      Only cache the user list on the SAMR handle for a particular
      Move the fancy NT_STATUS macros to a new file, so we can include them earlier
      Detect and use syslog.h or sys/syslog.h corretly.  Fixes lack of prototype for
      One less user of Get_Pwnam_modify()...
      Add some DEBUG()s to some libads failure modes.
      Patch from "Stefan (metze) Metzmacher" <metze at metzemix.de>
      Revert accidental commit - I'll need to do a fair bit more testing before I
      patch from metze:  add a 'vfs' debug class
      This commit includes part of the patch from metze posted to the list, and a few
      Updates to sam_skel from metze, add sam/group.c and add a DEBUG() to the
      Make it possible to actually build these modules - process the Makefile.in at
      Get our consts back in line with current norms - only for pointer protection.
      Fix some missing ; on the end of our SAM_ASSERT()...
      This is the 'easy' parts of the trusted domains patch n+3 patch from
      Seems I missed commiting this when I added the rest of metze's ADS patch.
      As per the 'OK' at CIFS2002, only use the readline headers (and this crasy
      Winbind client-side cleanups.
      Don't leak file desciptors in this (impossible?) error case.
      This is the 'main' inclue for for winbind clients - all clients should include
      Fix typo.
      Avoid a segfault in net join when you have not done an kinit, and it's falling
      Move to common user token debugging, and ensure we always print both the
      If adding a user to ldap, make sure we have the 'account' structural class, or
      Actually pick up the kerberos libs in RedHat - the previous shell construct
      Header files should not include includes.h - therein lies maddness, particuarly
      Another patch from metze, towards his work on sam_ads.
      Kill of Get_Pwnam_Modify and smb_getpwnam().  The latter assumes some things
      At least try to get this function picked up by the autoprototyper
      This patch from "Stefan (metze) Metzmacher" <metze at metzemix.de> cleans up
      Whenever we deal with adding machine/trusted domain accounts, always reset the
      Metze claims that without this his win2k server gets horribly confused looking
      Fix the circular dependency that was preventing 'domain master = auto' (the
      Make it clear what this if statement applies to, and what it doesn't
      Patch from "Stefan (metze) Metzmacher" <metze at metzemix.de> to do a *much*
      Patch from "Kai Krueger" <kai at kruegernetz.de> to get some more of our access
      Readd the 2.2 --with-ldapsam paramaters so as to allow a smooth upgrade path to
      When compiled --with-ldapsam, make ldapsam the default passdb backend.
      Fix typo
      I missed committing this - all updates to configure.in adding --with-foo
      Some small cleanups to the libads code (mainly error checking), and give a
      Minor updates:
      Vance picked up a pile of typos etc at the CIFS confernce, and finally got them
      Doco patch from metze.  This reformats the 'ldap ssl' docs, and add doco for
      Move a number of ADS related functions out into utility libs, so that things
      Back our volker's patch as was breaking the build.
      Add const.
      This needs to be #ifdef HAVE_LDAP.
      Add const.
      Add the beginings of sam_ads to the tree.
      Second stab at Volker's 'make shadow passwords work' patch.
      Back out one of the API changes, now I recall how it was meant to work.
      Forgot to commit this in the patch changing back the create_user API.
      Try to compile as much as possible with only ldap, but not kerberos.
      Updates for sam_ads by metze - add the start of domain policy searching, and a
      Remove sam/api.c.
      Fix the compile issue in bin/samtest, and make the 'system' token just have the
      Updates from Samba HEAD:
      We are going to need to track the SAM sequence number too.
      Patch from Steve Langasek <vorlon at netexpress.net> to use nice big integers when
      Another patch from Steve Langasek <vorlon at netexpress.net>, again from the
      Patch from Steve Langasek <vorlon at netexpress.net>:
      VFStest uses all of smbd's .o files, so needs -lpam and crypt.
      We already set LDAPv3 at connect time, no need to set it again.
      Nice *big* patch from metze.
      It seems that I'm meant to be using the helper function here, not the struct
      Updates to winbind's PAM client and server - make the debug logs
      Make sure that we always return False if the password change never returns.
      One more step towards to better PDC.
      Try to catch up on the code I've put into HEAD that should be in 3.0:
      Fix a nice little memory leak in our uid changing code.
      Merges from HEAD:
      Fixes for pdb_ldap:
      Return the result code, not false (0 == success) on error...
      Merge passdb from HEAD -> 3.0
      Add a 'ldap trust ids' option that lets pdb_ldap check for posixAccount
      Clean up this a little - add comments describing a bit of what is going on
      Fix typo
      Merge of my 'ldap trust ids' patch from HEAD.
      Extra little fix to vl's patch.  Make sure the passdb and testparm messages
      Any conversion to POPT must *always* add @BUILD_POPT@ or it just won't work on
      Try to fix popt dependencies - we were linking to popt before we built with it.
      Move to the use of the 'initialised' flag, rather than the fact the pointer is
      Fix debug
      Allow 'normal' accounts in the non-unix-account range for smbpasswd - I hope
      Becouse lib/popt_common.c uses POPT, we must not include it in LIB, we must
      VFStest already has pop_common via smbd, so don't link it twice.
      Merge vl's 'algorithmic rid base' patch, and my changes to pdb_smbpasswd's NUA
      Make smbpasswd tell people to use 'net join', not 'net rpc join' now we have
      Make it easier to track things down here - add some debugs on failure.
      Make smbpasswd use the group mapping, and fix spelling in ldapsam.
      Compleatly remove support for logfile truncation.  All logs are opened for
      Merge from HEAD:
      Fix bug where not specifying '-S PDC' in 'net join' would cause it to attempt
      Merge fix for uninitialised IP variable from HEAD
      Kill append_log from smbmount (thanks vance for reminding me).
      Merge append_log fix from HEAD
      - Add some more warning flags for --enable-developer.
      Undo the new --enable-developer flags that caused breakage on gcc != 3.2, and
      Try to bring libsmbclient in line with the new global_myname stuff
      Merge from HEAD
      Updates to the build farm tests:
      Add const to DEBUG() macro.
      When testing for /usr/include/heimdal, don't include /usr/heimdal/include
      Rerun autoconf
      Merge from HEAD:
      Add the rename torture test.
      patch from aedil at alchar.org to correctly detect solaris workshop CC's ability
      Small auth updates:
      Include the hostname we are trying to match with $@, to allow easier debugging.
      Add const to PACKS()
      Add samdump and vampire to 'net rpc help'
      Updates from HEAD:
      Remove the assumption that all Solaris has -lsendfile.
      /bin/sh on solaris swallows the failure code, so exec this directly.
      Merge from HEAD:  Remove assumption that all solaris has -lsendfile
      Merge from HEAD - updates to the build farm, /bin/sh can swallow return values,
      Add support for 'restrict anonymous=2' and make the doco give a slight hint
      Restrict anonymous=2 support merged from HEAD
      Add ntlm_auth, a new program to provide a stable interface to winbind's
      No need to #include smb.h, when we already #include include.h
      Remove silly ideas about taking the LM or NT hash as a password in pam_smbpass.
      Try to twiddle with the makefile to avoid having a trailing \ when we
      Move from NT_STATUS_UNSUCCESSFUL to NT_STATUS_NO_SUCH_USER, and other slightly
      Add support to switch between Squid 2.4 and 2.5 protocols - squid doesn't
      Instead of walking the entire group database, grabbing all members of each
      Having waited for *way* too long, this is mimir's namecache and trusted domain
      After consultation with tpot, remove the 'winbind_domain' environment
      Merge tridge's fixes to pdb_ldap (don't look for number of results in a
      Patch from Paul Green to detect exe extensions, needed for Stratus VOS.
      POSIX indicates that this is always in network byte order, so we don't need the
      Merge from HEAD - Patch from Paul Green to detect exe suffix for Stratus VOS.
      Merge from HEAD, struct in_addr is always in network byte order, so we don't
      Make it clear that we might not be talking to a PDC here.
      Dereference the correct thing here, so we don't segfault
      Remove extra headers, and ensure that we correctly bail out of winbindd if we
      No need for fstring manipulation here (Tcon&X), just use string pointers.
      Link less with smbmnt and smbumount.  Also change from a pstrcpy() to a
      As per Jeremy's request back this out, so as to re-gain the implicit length
      Add a new VFS module, that just fiddles the file permissions.  Still need to
      Move our password change code along a little - use NTSTATUS, and implmenet
      BIG patch...
      Add a dash of static.
      Call me parinoid, but I don't like the idea that we could ever have dbf point
      Add PRINTF_ATTRIBUTE() to a few more printf() style functions.  Aids in
      debugparse is a seperate utility, no need to include it in the main ubiqx
      Becouse these functions return a size_t, they can't return negitive numbers.
      We already have one function to move unistr2 -> multibyte-static, so we
      Merge from HEAD - remove silly 'NT or LM# as password' stuff from pam_smbpass.
      Merge from HEAD - tridge's new timegm() that actually works on solaris.
      Merge from HEAD - add PRINTF_ATTRIBUTE to a few more functions.
      Merge from HEAD - make Samba compile with -Wwrite-strings without additional
      Fix another pstring/fstring typo
      Merge from HEAD - idra's fix for the fact that the shutdown command takes two 1
      Missed from previous commit - merge from HEAD the changes to the remote
      Merge from HEAD - move user password changes into the NTSTATUS era, and add
      Merge from HEAD - mimir's new gencache based namecache code.
      Merge from HEAD - baseless parinoia about never having a closed dbf (the debug
      Merge from HEAD - don't base RID on a name being the lp_guest_account(), let
      Merge from HEAD - extract user's list of SIDs from their NT_TOKEN and return
      Merge from HEAD - we already have one function for converting a unistr2 to a
      Make it clear that the credentials are being setup on the NETLOGON channel, and
      Merge from HEAD - do an nt_errstr(nt_status) *after* assiging nt_status with
      The winbind in Samba 3.0 doesn't use the 'proof' for ntlm_auth_crap, so don't
      Merge from HEAD - vl's fix to my const patch.  Also update the 'not have_krb5'
      Merge from HEAD - whitespace :-)
      The last of the merge of idra's shutdown changes from head...
      Even when I can't manage to do QA, at least the build farm will catch some of
      Merge from HEAD - get the test the right way around, so that we can change
      Clear up the auth_sam password checking code (the core of our password checking
      Merge from HEAD - updates to correctly recognise LMv2, and NT# in LM feild.
      Fix a segfault when we don't correctly load a VFS module (don't keep it in
      Merge from HEAD - handle VFS module load failures, change some error returns to
      No point having this for both parts of the 'if' statement.
      Return the 'freindly' NT error message if at all possible.
      Patch from Nik Conwell <nik at bu.edu>.  Don't reference free()ed data when trying
      Fix a number of client-side fstring/pstring mixups.
      Remove an unused paramter for our old LM-only password change code, and fix a
      A couple more fstring/pstring issues - and move from sizeof(fstring) to
      Use size_t for the counter vars, to match the type they are assigned from
      While the usage is most bisarre, this fixes up another fstring/pstring mixup.
      Make the 'service' in make_connection() use an fstrcpy(), and an fstring,
      Oops, this is the change to use an fstring for the incoming service buffer -
      Keep all the const warnings in one place, by adding a utility function to
      Ensure we do not pass uninitialised data to the kernel.  (Picked up by
      Don't force the DOS password into a 14 char space, as this would imply null
      Fix to debian bug #171071 - we had the wrong dereference on the pointer to be
      Accessing data after it's been free()ed really is a no-no...
      Updates to our NTLMSSP code:
      Patch from ab, to make findsmb omit -r most of the time.
      Patch from metze to to make testparm show values for 'workgroup', 'netbios
      Patch from metze to add what he feels is the correct semantics for a Domain
      Fix typo, and the build.
      Always initialise this variable - and don't set the 'must change now' if it was
      A couple more pstcpy/fstrcpy mixups - doing an fstrcpy into a pstring is
      The last of the fstring/pstring mixups, and an extra 'static'.
      Commit my (disabled) fstring/pstring mixup detection code.
      Merge indirection, signed/unsigned and uninitialiased-value fixes from HEAD.
      Merge from HEAD - eliminated unused arguments.
      Merge from HEAD:
      Merge from HEAD:
      Merge from HEAD:
      Merge from HEAD - patch by metze to fill in 'workgroup' etc in testparm output,
      Fix some debug lines, and add a bit more info to help track down ldap
      Crash fixes:
      Fix warnings by getting the function into a shape the autoprototyper will
      Doing a malloc(strlen(s)) then a pstrpcp(y, s) is just silly, make it a strdup
      Refactor the NTLMSSP code again - this time we use function pointers to
      Missed auth_ntlmssp.c in last night's checkin.  Also keep track of the current
      Fix a signed/unsigned warning.
      Updates to the NTLMSSP code again - moving the base64 decode fuctionality out
      Add LIBSMB_OBJ for the new ntlm_auth functionality.
      (missed in last commit)
      Factor out common code in the NTLMSSP/SPNEGO code.
      The previous patch (NTLMSSP common code factoring) was missing a minor detail -
      Make this an fstrcat(), as this seems to fix some weird issue with the server
      As per a comment by herb a little while back, this should be >=, not == to keep
      Merge from HEAD:
      Make the vampire code use just pdb calls - allowing better operation on systems
      Fix to findsmb by Waider
      Merge from HEAD - fix to findsmb by Waider
      Clear up the winbind doco on ADS support, and specify 'net join' not 'net rpc
      Clarifications for the ADS docs.
      Minor doco updates - with a slightly bigger change to the
      A couple more signed/unsigned issues.
      Make it clear that the magic value is (size_t)-1.
      Clarify that 'use spnego = yes' is fine in all known situations.
      More doco updates, in particular the fact that you must configure the smb.conf
      Always escape ldap filter strings.  Escaping code was from pam_ldap, but I'm to
      More ldap parinoia - if we ever get more than one result, bail.  The order we
      Prompted by RedHat bugzilla bug #77999, convert the user's username and
      Non-error connection numbers are always positive
      One more signed/unsigned fix
      Makefile.in change for ldap escaping fixes
      Bitmap offsets and counts are always positive.
      Merge of signed/unsigned fixes from HEAD.
      Merge from HEAD - convert username/password to unix before checking them in
      Merge LDAP filter parinoia from HEAD, a few other pdb_ldap updates and some
      We now have client-side SMB signing support!
      More signing updates - start checking that the server isn't being spoofed.
      Send the user's session key in the SAMLOGON reply, so that a member server can
      Merge from HEAD: Send the session key to the client, allowing it to perform SMB
      Add some return values, and don't attempt signing for NTLMSSP yet (it uses a
      Patch from Edmund Lam <epl at unimelb.edu.au> to fix braindead Tru64 behaviour:
      Merge from HEAD: avoid braindead #define on Tru64.
      Actually checking both the account and password tests would be a good idea...
      Merge HEAD: check both the account and password...
      Add autogen.sh from distcc via mbp.
      Merge autogen.sh from HEAD - to allow removal of configure.
      Remove configure and config.h.in from CVS.
      (merge from HEAD)
      .cvsignore for configure and config.h.in
      Ensure we don't get problems between FILE and X_FILE buffers - always use the
      Merge from HEAD - don't mix FILE and X_FILE - fixes debian bug
      One more fix for the difference between FILE and X_FILE.
      merge from HEAD - x_fileno, not fileno on an XFILE
      (only for HEAD at the moment).
      Some cleanups:
      Failure to find a CUPS printer, when auto-adding printers is not a level 0 error.
      Use safe_strcpy() instead of pstrcpy() for malloced strings.
      perl might not be in /usr/bin/perl, so try and find it in the path.
      As metze mentioned, this is the proper way to find perl...
      Cleanups:  (merge from HEAD)
      Clean up our NTLMv2 code by moving the grunt work into a helper function.
      Patch from Anthony Liguori <aliguor at us.ibm.com> to remove scandir() portability
      Merge from HEAD: Patch by Anthony Liguori <aliguor at us.ibm.com> to replace scandir() with portable readdir() calls.
      Prevent NULL-pointer induced segfaults.
      Merge from HEAD: Fix NULL pointer de-reference in arguments to tdb_pack.
      Match Samba 2.2 by chosing the correct desired access, and getting cupsaddsmb
      merge desired_access for open_printer_ex from HEAD, allowing cupsaddsmb to
      Further extract our NTLMv2 code into smbencrypt.c, prior to merge into our
      NTLMSSP parinoia - we really don't want to run over the end of our blob,
      Oops, forgot the header file changes.
      Move our NTLMSSP code into easily seperated peices, not relying on the whole
      Antti Andreimann <Antti.Andreimann at mail.ee> has done some changes to enable
      Move our NTLMSSP client code into ntlmssp.c.  The intention is to provide a
      Don't return NULL pointers for now.
      Add the 'session key' output of the NTLMSSP exchange to the cli struct, so
      Merge from HEAD - allow "" as a domain in the NLTMv2 hash calculations.  Fixes
      People were being tripped up by the fact that we havn't updated acconfig.h
      People were being tripped up by the fact that we havn't updated acconfig.h
      If we didn't make the server_info correctly, then don't segfault trying to
      Try to make our getgrouplist replacement better match the 'real' implemenations.
      Set the length back to zero when we free the data_blob.
      Don't leak a session_key worth of memory at the end of the NTLMSSP auth.
      This patch fixes one of my longest-standing pet hates with Samba :-).
      This is a very nice way to detect pstrcpy() into a malloc()ed string, but
      The cli_send_tconX code already determines to send \\server\share to port 139
      Patch from vorlon at debian.org to split out our -lacl dependency to only smbd
      Only do a kinit if we got told to use kerberos.
      Fix logfile formatting, we were missing a "\n"
      After a talloc_zero(), we don't need to ZERO_STRUCTP too..
      Move to a in-memory ccache for winbind, and replace setenv() properly.
      Check return values of various join-related functions, and ensure we always
      Now we have setenv() in replace.c, we don't need a seperate copy here.
      Missed one use of SETENV.  (Compat macro no longer needed, as we have a
      Merge minor library fixes from HEAD to 3.0.
      Merge from HEAD: We don't need this any more, setenv() is in replace.c now
      for some (very weird) reason, the domain I was testing aginst would not
      Like for NTLM logins, lookup the 'winbind' user first, then the 'local' user.
      For a number of months now, support for being a domain member without also
      Fix a DEBUG() formatting, add some more debug to our SID pulling code and
      First check if the user is in the passdb, then check Get_Pwnam().
      Remove 'unixsam' from the default passdb backends.
      With assuptions about unixsam gone, we can forget about looking up
      Add static
      Fix comment - the other bits of code don't call this any more.
      Fixes from Paul Green and vorlon at debian.org for building shared libraries
      More signed/unsigned fixes (yes, I run with funny compiler options) and
      See if I can make this look slightly like C.  It compiled locally, honest...
      Make sure we set the error code to indicate failure...
      Fix 2 off-by-one bugs in the use of malloc()ed strings and safe_strcpy().
      Add const
      Merge of server-side authentication changes to 3.0:
      Missed one in the previous merge - user_ok() and user_in_group() now take
      Merge from HEAD client-side authentication changes:
      Merge off-by-one fix from HEAD (caused crash with --enable-developer)
      Missed a couple of files from the client-side kerberos merge
      Makefile updates for the client-side auth/kerberos merge.
      Merge doxygen, signed/unsigned, const and other small fixes from HEAD to 3.0.
      Fix a small stuffup in the HEAD -> 3.0 merge
      Merge paramaters for client-side-auth updates.
      Merge crypt(), ACL lib and shared lib changes from HEAD.
      Signed/unsigned fix from HEAD
      Iconv as seperate library fixes from HEAD
      Cleint-side-auth/kerberos fixes from HEAD, and don't connect to a share
      Make sure these values are never uninitialsised.
      Always initialise
      Fix off-by-one bugs, and move to strdup() rather than malloc()/strcpy().
      If it's a pstring, use pstrcpy().
      setenv takes 3 arguments...
      Patch from Luke Howard to add mutual kerberos authentication, and SMB session
      Move off-by-one buggy malloc()/safe_strcpy() combination to strdup() instead.
      Finish removing setenv replacements from smbwrapper.
      Clean up non-krb5 breakages from my modifications to luke howard's patch.
      Whenever we have a password, use the in-memory ccache.  This fixes a bug where
      Fix a really nasty bug where some users in AD domains (particularly child
      tokenGroups are SIDs, so dump them as such.
      For some reason some attributes in ADS do not appear (and are not available)
      After some comments from tridge, clean the new usergroups code into a helper
      Kill RID-only and domain+RID madness from winbind.
      Netlogon-unigroup changes needed for the winbind RID-to-SID conversion.
      Add -Wwrite-strings to our --enable-developer settings.
      Merge adding -Wwrite-strings to our CFLAGS when --enable-developer is set
      Fix possible memory leak on failure.
      Add const
      Fixes to the vfs_fake_perms modules - we only need to specify the VFS
      Try the PASSWD environment variable if we don't have one from the command line.
      Another pstrcpy() into malloc()ed buffer fix.
      Fix another 'off by one' bug with safe_strcpy().  It is unclear if the intent
      This file has not been maintained for a while - if we really want this
      also ignore the autom4te-2.53.cache
      Add a test for a useful property of the compiler - we can get link-time
      A couple more fixes for fstrcpy() into a malloced region.  In this case it's
      Use new configure test to turn on this automated test for correct string
      More safe_strcpy() off-by-one bug fixes. (mostly moves to pstrcpy()/fstrcpy())
      more off-by-one safe_strcpy()
      Make smbtorture use the same cli_full_connection() framework as the rest of
      safe_strcpy() -> fstrcpy() fix, and a cleanup to how rpcclient calls the
      Limit the number of SIDs that may be looked up, in line with existing code
      Make it clear that this is a fstrcpy().
      Make sure that the 'remote' machine name can only be set once.  For some weird
      Testparm needs the extra arg to set_local_machine_name() too.
      This is C, not C++
      Don't fault on error returns (ptr == 0) for this LSA query.
      Change the way we sign SMB packets, to a function pointer interface.
      Try not to clobber the session request.
      Further work on NTLMSSP-based SMB signing.  Current status is that I cannnot
      Makefile.in for NTLMSSP singing update
      Don't segfault on make_server_info_guest() failure - instead return the
      After 'consultation' with idra, this is how I think the server roles should work...
      Some further tought on the server role issue - try not to break it compeatly.
      security=domain and domain logons = yes should be a BDC (of sorts).
      This patch attemptes to clean up winbindd's mutex locking.
      Patch from Ken Cross <kcross at nssolutions.com> to take a username in the form
      - Fix a double-free (I can't say I understand the code, but it matches the other
      Add const
      Found by metze with the clobber-region check - if it's a pstring, use pstrcpy().
      Now that mimir has done the grunt work, I'll fix up the comment
      strictly, you can't #if on somthing that may or may not be defined.
      Found by my new checking code (yet to be commited):
      Clean up the VFS module loading logic by making the parameter an P_LIST,
      If it's an fstring, use fstrcpy().
      Add const, and a signed/unsigned fix.
      client-side smbpasswd fixes - use pstrcpy_base to avoid clobber_region bugs
      Be parinoid, malloc an extra SAFETY_MARGIN on the client's inbuf and outbuf.
      Specify buffer sizes
      If the server went away, don't segfault by attempting to FD_SET -1.
      specify the size of these buffers
      Truncate the machinename manually, so as not to generate level 0 debugs for
      Fix off-by-one bug in safe_strcpy size paramater.
      String handling parinoia fixes.
      signed/unsigned fix
      Fix signed/unsigned issues - mostly 'i' counters.
      Remove an unused function and fix the build.
      Minor fixes.
      Fix the non-DEVELOPER case of my macro madness...
      Fix the 'non-optomizing compiler' case...
      Fix non-gmake syntax error.
      A hack to get us building on a slightly older heimdal kerberos.  It appears
      More work on my macro mess - we need function prototypes of different types,
      Changes to help the kerberos change password code work on systems that
      Fix nmbd under -DDEVELOPER (pstrcpy on not-pstring).
      New statcache internals - this time it's actually possible to follow what's
      Try to avoid dereferencing a null pointer.
      - Make ReadDirName return a const char*.
      Add const.
      Make sure we mark the assumption of a fstring parameter for 'devicetype'
      Missed one when I move 'share_sanity_checks' to use an fstring for 'dev'.
      Fix memory leaks and add parinoioa code to our stat() cache.
      Fix a memory leak - 'smbcontrol smbd pool-usage' is your freind!
      More statcache fixes - and add a bit more doco.
      Add const.
      Fix const warnings.
      Brain fart - make sure we truncate the right string...
      Fix invalid SAFE_FREE() of talloc()ed memory.
      Add copyright.
      Merge new statcache.c from HEAD.
      Merge from HEAD:
      pstrcpy_base merges for client-side smbpasswd.
      merge from HEAD - dump tokenGroups as sids.
      Merge from (earlier) HEAD - doxygen.
      Mege from HEAD - doxygen.
      Merge from HEAD - doxygen
      Merge from HEAD - sync up SessionSetup code to HEAD, including Luke Howard's
      The kerberos_verify compoenent of the SessionSetup sync with HEAD.
      Merge from HEAD:
      Merge from HEAD:
      Merge from HEAD:
      Merge from HEAD - make winbindd locking sane again:
      Add const.
      Add an extra parameter to our 'set_remote_machine_name' and
      Merge whitespace to match HEAD.
      Fix segfault on FD_SET() when we have an fd of -1
      One more on set_local_machine_name() taking a new 'perm' argument.
      Merge signed/unsigned fix from HEAD.
      Jeremy merged across my string parinoia fixes, but forgot to enable them! :-)
      NTLMSSP updates from HEAD.
      NMBD string parinoia and memcpy() parinoia fixes from HEAD.
      Merge from HEAD:
      Parinoia fixes from HEAD - malloc() some extra room after the allocated
      Makefile updates for new SMB signing code.
      Add const.
      Give volker a hand, and let domain joins with existing user accounts work
      (merge from HEAD)
      Patch from colo (on IRC) to get libsmbclient building due to pstring/fstring
      Clobber our SMB buffers between packets.  I hope this will help find bugs
      Clobber the 'SAFETY_MARGIN' in libsmb.
      Patch from Jianliang Lu <j.lu at tiesse.com> to set the 'minimum password age'
      Merge from HEAD - patch from Jianliang Lu <j.lu at tiesse.com> to set the
      Thanks to volker, merge passdb changes from HEAD:
      Merge fixes to libsmbclient (fstring/pstring) from HEAD.
      It seems that this causes some problems on some linux platforms - it's a
      This caused problems on the build farm.
      Fix compile on IA64 by noting that this should be the integer, not a pointer
      Fix compile on IA64 by noting that this should be the integer, not a pointer
      Small clenaup patches:
      Revert bogus part of previous patch.
      (merge from HEAD)
      Valgrind found a few memory leaks!
      (merge from HEAD) Valgrind found some memory leaks!
      Patch from waider to update our samsync (net rpc vampire) code:
      Merge of patch by waider to our samsync code.
      NTLM Authentication:
      Fix compile.
      (merge from HEAD)
      Make these functions static, keep them out of proto.
      Fix debug (thanks metze)
      local_gid_to_sid() could use pdb_ldap, which for now requires ROOT.
      pdb_ldap may require ROOT privilages to access the group mapping. (yes, it's ugly :-)
      Allow the new modules system to function with builtin vfs modules.
      Try to get meaningful errors out of ldap more often - get the error string
      Merge from HEAD - get better error strings from the ldap server in pdb_ldap.
      Don't modify the incoming packet when checking the signiture.
      Merge from HEAD - leave the SMB buffer untouched when checking it's SMB sig.
      smbpasswd -> net
      Don't try and dlsym or dlclose a NULL pointer.
      Success is not a level-0 issue...
      NT4 is particularly fussy about getting this right.
      Fix a botched merge from appliance-head...
      OHKAWA Yuichi (kuri at makino.ecei.tohoku.ac.jp) points out that using
      Don't set zero length for the base64 decoded string (fixes swat auth).
      Fix a crash bug if LDAP doesn't fill in ld_error.
      Clean up ntlm_auth a bit, and add a --diagnositics swtich, to check that
      error_string, not error_message...
      Update ntlm_auth and winbind manpages.
      Print out the 'freindly' error message from winbind.  Also print useful
      Map a useless error code to a useful one...
      Ensure we don't segfault if ldap doesn't fill in the ld_error string (merge from HEAD).
      Fix bigballofmud.so, and add a test to show a bug I'm having with push_ucs2.
      If the string does not convert back, print the buggy result.
      Don't bail if we have a badly formed record, just move on to the next one.
      Fix memory leak of the key.
      SMB signing updates - this gets NTLMSSP signing workin to the point where I
      Fix the interface of pull_ucs2_charcnv() to take a (char **) arg, not a (void **)
      Clean up error messages on cli pipe disconnection, including adding the message
      Restore previous behaviour to update on pdb_unix (auto-upgrade to new account)
      Merge from HEAD - restore previous behaviour of pdb_unix (auto upgrade to
      Merge the ntlm_auth updates (refactor, add --diagnostics) into Samba 3.0
      Winbind merges from HEAD:
      Make this match head.
      Only warn about short packets if we are already 'doing signing'.
      We never actually got an 'ads' auth module, so don't send the auth subsystem
      Cause the winbind auth module to call the ntdomain module if winbind is not
      Make this code actually compile (--with-ldapsam).
      Store the type of 'sec channel' that we establish to the DC.  If we are a
      NTSTATUS strings are much more use than raw numbers...
      Put this comment in a better place...
      Add some static and #ifdef DEVELOPER
      Expand this magic number into the #defines it is made up of.
      This code is no longer referenced - moved to the new libsmb/ldap.c
      Adjust comment to respect change to no longer use unixsam by default...
      Merge valgrind header usage from HEAD.
      We changed 'net' so change the torture tests that use it.
      Up the debug level for the second run of the test (client side)
      Fix segfault by getting this the right way around
      I've changed 'net rpc join', so I should doco it...
      Use fstrcpy/pstrcpy when that's what we really mean...
      Remove unused (#ifdef'ed) code.
      For NTLM2 (not yet even close to real implementation) we must use the
      Merge SMB signing, cli buffer clobber and NTLMSSP signing tweaks from HEAD.
      Header updates for smb signing merge
      Merge whitespace and const from HEAD
      Add const, static and fix a double free() (merge from HEAD).
      Merge from HEAD - save the type of channel used to contact the DC.
      The 'net' syntax has changed, so update the testsuite.
      Make it easier to select which domain to show the sid for.
      Use the -W domain option to select the SID to show
      Fix up bugs in the new 'store sec_channel type' code - we were always joining
      Merge from 3.0 - fix domain joins not to always join as BDC.
      Make our 'get DNS domain name' code try a bit harder - if gethostname() doesn't
      Bail out early when we fail on the rw_torture test.
      Merge from 3.0 - try harder to get our real DNS domain name, and send this
      Start merging mimir's trusted domain code from HEAD to 3.0.  (for HEAD trusting
      Merge comment with HEAD
      Make the mangleing code actually use a common prefix, not just the same
      Always initialise this, to assist callers doing loops over this call.
      Merge mimir's trusted domain code from HEAD -> 3.0, plus some memory
      Merge (HEAD->3.0) mbp's fixes to our charcnv code - don't use a staic buffer,
      Make pdb_ldap use a random factor in deciding how long we need to sleep.
      Add configure test for previous ldap modifications - we now check if the
      This is meant to be initialised to the size of the buffer.
      Remove ldapsam_search_one_user_by_uid from pdb_ldap.
      Merge idra's fix for pdb_tdb segfaults from HEAD to 3.0 - sombody changed
      - Merge a memory leak fix from HEAD
      Now that Volker fixed the real issues with ldapsam and adding null attributes
      Don't leak the session identifier string when we shut down a vuid.
      Try to avoid setting *SMBSERVER as a 'local name'.
      Fix this for both *SMBSERVER and *SMBSERV as per comments in loadparm.c.
      Try to keep existing behaviour for our printing code - never return
      Merge torture tests from HEAD - it looks like we had rather an incomplete
      Start testing a few more things out of smbtorture in the build farm.
      Add a check to ensure that the server returns the correct device type, not
      add test file for FDSESS
      This const isn't quite vaild C.
      Make this safe for -DDEVELOPER checks.
      Parinoia for compleatly broken SMB servers that don't send back the right
      Add some more info to the diags output.
      Fix up non-constant initialisers for Sun's CC.
      This define does not always seem to be present, so define it if need be.
      Make the variable name match the comment.
      Don't try to continue if initialisation fails (merge from HEAD)
      Merge case handling table changes from 3.0 to HEAD.
      Merge HEAD's winbind into 3.0.
      We don't have IDMAP in 3.0 yet.
      Merge the 'safe' parts of my StrnCpy patch - many of the users really wanted
      StrnCpy -> safe_strcpy() on a over-malloced struct.
      More fun with Sun CC needing constant initializers
      Patch by Metze to ensure that we always at least initialize our output string
      Patch by Vance Lankhaar <vlankhaar at linux.ca> to automaticly regenerate the
      Thanks to a reminder from vance - delete build_options.c from CVS, now
      This is really trying to be a StrnCpy (most names will overflow the 10 char
      When possible, store the IP address of the connecting client, not just the
      Add vfs_fake_perms to Samba 3.0
      Make sure that we don't compile pdb_ldap on systems with ldap.h, but without
      Irix CC reminds us that this is non-standard.
      Merge auth changes from HEAD:
      Merge from HEAD - always initailise this to zero - helps callers in loops.
      Use the kerberos error from ads_kinit_password() in the return value from
      Revert patch - we need to try the NTLMSSP code below...
      This function is a duplicate.
      Based on a patch by Alex Deiter <tiamat at komi.mts.ru>, make sure that we convert
      After a quick run with the 'weird' charset, squash a few bugs in our new
      Remove the unpopular pdb_unix, which has served it's time well.
      Merge compile and other fixes from 3.0 to HEAD.
      Merge compile warning fixes from 3.0
      Merge memory leak fixes in our trusted domain list from 3.0 to HEAD
      inet_pton isn't portable, so use interpret_addr2.
      A new pdb_ldap!
      Guenther Deschner <gd at suse.de> notes that I missed out setting the default
      The RID must be 'SET', not 'DEFAULT' or we won't set it into LDAP, and try
      The caller must always set the RID on the SAM_ACCOUNT, so don't try and guess
      We don't use 'non unix account range' any more
      In HEAD, idra removed _nua and renamed it to 'idmap uid'
      Add cast for compiler
      Use current 3.0 paramater names
      Remove extra file
      Fix for format string warning from vance
      Use a common function to create the SAM_ACCOUNT being used to add accounts
      Merge 3.0's change to how we add users onto HEAD, including a few other bits
      Merge Samba 3.0 pdb_ldap from 3.0 into HEAD, so as to allow idra to continue
      Some passdb backends really don't like having no primary group - so always
      Sun CC requires constant initialisers, so use a static here.
      Get pam_smbpass to compile again (it probably won't link or run, but at least
      pam_smbpass will need at least IDMAP.
      Fix for AIX - you can't qualify a return type as const, when it's not a
      Trailing , is non-standard (warning from IRIX)
      Try to fix IRIX build - add quotes and never call libns_winbind by name - we
      Merge from HEAD - the usual popt-needs-static for Sun CC.
      Turn down some DEBUG()s and remove some duplicate code spotted by dfenwick.
      Fix use of uninitialised value in TCONDEV test - found by sun1 on the build farm
      Add a comment about the use of string functions in the modules code, and
      configure.in updates:
      Fix up the setting up of the build_farm smb.conf from the templates in their
      Add doco to our SMB signing code.
      Patch from Ken Cross to allow an ADS domain join with a username of the form
      Add some more tests to the ntlm_auth diagnositics package.
      Allow the NTLMv2 functions to spit out both possible varients on the session
      Add some comments.
      We also get back the LM session key on pure 'NTLM' logins.
      Domain Controller -> Domain Member Server.
      Set our 'global sam name' in one place.  For domain controllers, this is
      SMB Signing with NTLMv2 works!
      Fix the spinning bug for 'net rpc user' as well - there are more errors in
      Always initialise this - it helps callers who use this in a loop...
      When checking if a SID is in a domain, make sure that indeed the user RID is
      Elsewhere, we use a #define for this environment variable name, so do the
      Make sure we always have some client data, not just the hash.  An NTLMv2 or
      Fix comment - we now have 5 types of error...
      Finally get NTLMv2 working on the client!
      Cleanups.  My NTLMv2 changes also changed the preference from using an implicit
      Makefile changes to allow new NTLMv2 patch to work.
      Using /dev/urandom for determining an ldap server backoff is a waste of system
      As discussed on samba-technical - move to 'primaryGroupSid' insted of
      Fix compile.
      Make it possible to actually use --user-SID and --group-SID on a standard command line.
      Give up on the idea of avoiding lp_load() in ntlm_auth....
      Fix up a bit of my sloppy C.
      Fix up the build-farm testsuite again - I forgot to move some files into the
      Try to fix up some code in pdb_smbpasswd that assumed we still had a 'uid'.
      Fix non-constant initialiser for Sun CC.
      Restore a number of fixes that idra removed when he merged his
      David Lee <t.d.lee at durham.ac.uk> provides some corrections to the comments
      Well spotted typo by Marco Berger <MARCOB at voelcker.com>
      Get 'add user script' working again for Samba 3.0.
      Add samstrict_dc from metze (been sitting in HEAD for way to long waiting for
      Update the doco on 'restrict anonymous' (note that 'guest ok' kills off the
      No matter how special this session key is, it's not worth a level 0.
      Don't assume that the SAM knows the unix home directory - look it up by
      Try to fix memory leaks found by valgrind in pdb_ldap code.
      Rework our smb signing code again, this factors out some of the common
      Make sure that we use schannel (if configured) when checking for a valid
      Enforce 'client plaintext auth', 'client lanman auth' and 'client ntlmv2 auth'.
      Fix some memory leaks and extra cache startups/shutdowns from the trusted
      This patch modifies 'net rpc vampire' to add new and existing users to both
      This patch works towards to goal of common code shared between idmap_ldap
      Always initialize.
      This patch fixes some issues with idmap_tdb as raised by bug #181
      This removes the StrCaseCmp() stuff from 'net idmap' and 'net
      (fixing bug in my last commit)
      Fix pdb_ldap segfaults, and wrong default values for ldapsam_compat.
      Patch to move functions directly from pdb_ldap.c into lib/smbldap.c
      Make smbpasswd use the higher log level for the second run - this should
      Grr, the order of these arguments matters
      This patch takes the work the jerry did for beta2, and generalises it:
      Missed this in the previous patch - we now have a seperate idea of the
      This patch cleans up some of our ldap code, for better behaviour:
      Update WHATSNEW with the further LDAP schema changes in previous commit.
      Don't allow RIDs (in our domain) below  1000 (or algorithmic rid base) to be
      Clear up the difference between 'smb signing' and 'sign&seal' - which has to
      Allow modification of an existing entry.
      PAM should operate on the Unix username, not the NT username (which might not
      Fixes to our LDAP/vampire codepaths:
      Add some debug statments to our vampire code - try to make it easier to track
      Fix comment
      This parameter is unused.
      This changes our Unix primary GID behaviour back to what most people expect:
      Fix ldapsam_getsampwsid to correctly only say 'no such user' when indeed there
      Jeremy requested that I get my NTLMSSP patch into CVS.  He didn't request
      Fix SMB signing when using NTLMSSP...
      Fix compile error noticed by Ken Cross, use the utility function instead
      SPNEGO SMB signing is now fixed for NTLMSSP, with kerberos to follow shortly.
      Fix up our auth_pipe code to always cope with fragmented datagrams,
      In the presense of RPC fragments, schannel is not strictly request/reply,
      Fix StrCaseCmp() to avoid calling smb_panic() on invalid multibyte strings.
      Schannel, once setup, may be used on *ANY* TCP/IP connection until the
      Some small fixes to our charset conversion code:
      Use push_ucs2_allocate(), rather than convert_string_allocate() directly.
      When removing an 'unused' function, it helps to remove the 'unused' callers...
      If we strupper_m after the alpha_strcpy() we know that it is less likaly
      Try again to fix up 'session request' name exchange.  This time we actualy
      Allow the stat cache to better handle invalid multibyte strings, by using
      Use the specified workgroup in 'net ads'.  (Defaults to lp_workgroup()).
      the testsuite lib needs dummyroot too.
      Fix comment
      Fix comment
      As described in http://davenport.sourceforge.net/ntlm.html add NTLM2
      Change Samba to always use extended security for it's guest logins, (ie,
      Win2k never returns 'no such user' here, so when we do it, the clients freak
      Break up 'cli_full_connection' to allow for the session setups to be done
      - Fix the kerberos downgrade problem:
      - Make 'net' use a single funciton for setting the 'use machine account' code.
      We now know a lot more about SMB signing, and this comment no longer applies
      Start to put some real 'meat' into the ntlm_auth docs.
      Remove duplicate function (now in rpc_parse/parse_prs.c) and fix a RPC debug
      Match Samba 2.2, and make ACB_NORMAL the default ACB value.
      Match Samba 2.2, and make ACB_NORMAL the default ACB value.
      Add newline to debug message
      Remove compleatly wrong comments.  (There were correct, 2 years ago...)
      I agree with vl's #if 0 here, and am not quite sure what I was
      Merge from 3.0:
      Changes all over the shop, but all towards:
      (merge from 3.0)
      Add support for variable-length session keys in our client code.
      Add server-side support for variable-length session keys (as used by
      Patch by emil at disksites.com <Emil Rasamat> to ensure we always always
      Merge from 3.0:
      (Merge from 3.0)
      Do not add NTLM2 to the NTLMSSP flags unconditionally - allow the
      Add a comment, and a useful debug message.
      Merge from 3.0:
      Match Win2k and return 'invalid parameter' for creating of a new account with
      My first stab at Samba4 IDL!
      Without 'non unix accounts' we can't test security=domain on the build farm.
      Picked up by the build farm - despite all my efforts, security=server was
      Merge from 3.0:
      Thanks to Serassio Guido for noticing issues in our Squid NTLMSSP
      (merge from 3.0)
      Fix bug 916 - do not perform a + -> space substitution for squid URL encoded
      (merge from 3.0)
      ldap rebind sleep -> ldap replication sleep
      (merge from 3.0)
      Based on patch by Petri Asikainen <paca at sci.fi> fix bug #387 and #330.
      Show the error message for failure to set the ldap password.
      Check the return value of string_to_sid in a few more places.  (But
      This patch corrects some errors in the NTLMSSP implementation, that
      Shutting down the connection closes outstanding sessions, so we don't need
      Add the alignment required before all 2-byte quantities in NDR.  Allows us
      Refactor our authentication and authentication testing code.
      Move our basic password checking code from inside the authentication
      Remove testing hack
      Make the name of the NTLMSSP client more consistant before we lock it in stone.
      Try to gain a bit more consistancy in the output of usernames from ntlm_auth:
      Get the DOMAIN\username around the right way (I had username\domain...)
      Jerry rightly complained that we can't assume that the first domain is
      Forgot to commit this for the 'get our primary domain' change.
      Changes to our PAM code to cope with the fact that we can't handle some
      JHT came up with a nasty (broken) torture case in preparing examples for
      Having no members of a group is a perfectly valid (if unusual) situation.
      Under certain error conditions (a talloc() failure above) this would cause
      Match Win2k, and return NT_STATUS_INVALID_PARAMETER
      There is not a particularly good excuse for complaining to the *client* that
      Even if the 'device type' is always an ascii string, use push_string to get
      Automaticly initialise the signing engine, if we have a session key.
      Make it clear that we cannot sign if we don't have a session key.
      Add a utilty function for converting a sid to a DN.
      Make arbitary binary data unsigned char.
      We can't possilby get 'ok' here, as the if statement above just checked for it.
      I'm not quite sure what happened here - but replace the ads_sid_to_dn
      Fix for bug 707, getent group for huge ads groups (>1500 members)
      Change (unused) structure parameter for cli_ds_enum_domain_trusts() cleanup.
      There is some memory corruption hidden somewhere in our winbind code.  If I
      Add const.
      Change our Domain controller lookup routines to more carefully seperate
      Correctly handle per-pipe NTLMSSP inside a NULL session.  Previously we
      Always call the auto-init funciton - this avoids tdb segfaulting under
      Show the sid type in name->sid translatons in a way that can be easily
      Grumble... grumble... fix the build...
      Try to keep vl happy - shorten some of these lines.
      shorten some more lines.
      Don't free the encrypted_session_key early - that causes the subsequent
      Fix more cases to ensure that as a server, we don't complain to the client
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      Ensure that for wbinfo --set-auth-user, we actually use the domain.
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      Merge winbind from Samba 3.0 onto HEAD.
      (merge from 3.0)
      GUID is struct uuid in HEAD.
      Merge NTLMSSP fixes from 3.0 to HEAD.
      merge torture changes from Samba 3.0 -> HEAD
      Patch by Stefan Metzmacher <metze at metzemix.de>:
      Fix segfualt caused by incorrect configuration.  If lp_realm() was not set,
      (merge from 3.0)
      Don't duplicate pulling the 'IPC' username from secrets.tdb, instead
      Machines are people too!
      The correct test for 'is our primary domain' is domain->primary
      Move more of winbind to use 'find_our_domain()' rather than the dangerous
      Make it clearer that the domain here is the domain of the user for
      In tdb_allocate(), we would create a new record by writing a local variable
      This merges in my 'always use ADS' patch.  Tested on a mix of NT and ADS
      use SAFE_FREE(), not free().
      We might not have the 'samba' directory in the samba_3_0 build.
      Add a new type of name lookup 'ads'.  This seperates this from normal
      Romve debugging assertions (oops...)
      First stab at cracklib support (password quality checking) in Samba 3.0
      On systems without a working cracklib, ensure we don't include the header
      Finish adding cracklib support - this adds the configure test to enable
      Remove duplicate comment.
      Fix for debian Bug#225328 by LaMont Jones <lamont at debian.org>, where
      (merge from 3.0)
      (merge from 3.0)
      A Samba DC is nothing special these days - so every domain controller
      (merge from 3.0)
      Fix removal of attributes in LDAP - we would not actually remove the old
      If we are providing strndup(), ensure we provide a prototype too.
      Fix the initialisation vectors for NTLM2, so that they at least make sense,
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      Patch by Luca Bolcioni <Luca.Bolcioni at yacme.com>.  Ensure we always
      (merge from 3.0)
      Add a few more NTSTATUS <=> PAM error mappings.
      This adds client-side support for the unicode/SAMR password change scheme.
      (merge from 3.0)
      Revise our server-side password change code to cope with the various
      (merge from 3.0)
      Clarify comment on set_effective_uid()
      (merge from 3.0)
      If we are setting the NT or LM password to NULL, remove the attribute
      (merge from 3.0)
      Merge the 'use cracklib' parameter from HEAD back to 3.0
      Always at least try to compile in cracklib support.
      (merge from 3.0)
      This would appear to restore smbtorture to be able to use the syntax
      This should be the correct fix for the lack of a prototype for
      (merge from 3.0)
      Fix const warning
      I should have done this years ago...
      Bug found by gd - the new range-reterival code did still had 'member'
      Make get_dc_list static - we only ask for a sorted list externally.
      Remove unused utility function.
      Make this table static const.
      Another static function.
      Remove more unused functions - this time parts of the 'password cache'.
      Remove more unused portions of the 'password cache'.
      Samba hasn't used this function for ages - it's now handled deep in the
      Make more functions static, and remove duplication in the use of functions
      Add some help for 'net rpc password'.
      Make it possible to 'net rpc samdump' of any domain you are currently joined
      More 'static' work.
      Add static, and assert that we will never overflow the static fstring
      When we set a domain sid, force get_global_sam_sid() to do it's work again.
      Add more static...
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      (merge from 3.0)
      Actually remove this (now empty) file from the repository.
      Found by Fabien Chevalier <fabien.chevalier at supelec.fr> and
      (merge from 3.0)
      I *hate* global variables...
      (merge from 3.0)
      Fix bug in previous global_sam_sid() commit.  I broke the 'read from
      (merge from 3.0)
      JRA's recent strstr_m work really badly broke our string_sub code.
      Given how core this code is, I figure it should have it's own testsuite.
      Merge fixes and tests for jra's broken strstr_m() function from 3.0
      Commit to HEAD the updates to smb signing code that I was propsing for 3.0.
      Given how often a panic has to do with malloc() problems, don't tempt
      As I raised (without objection) on the mailing list a while back, this
      Ensure we correctly set cli->nt_pipe_fnum on failure to correctly open the
      Merge from HEAD the SMB signing patch that I developed a couple of weeks
      Make it clearer that this error refers to the peer, as this code is in both
      Based on the detective work of Jianliang Lu <j.lu at tiesse.com>, allow yet
      Add a few comments explaining KEY_EXCH
      Revert bogus part of smb signing commit - when Win2k supports singing/SPNEGO,
      Let the comment match the function...
      Fix most of bug #169.
      r21: Ensure 'net' follows the behaviour of all other samba client tools,
      r49: Support SMB signing on connections using only the
      r69: Global rename of 'nt_session_key' -> 'user_session_key'.  The session key could
      r84: Implement --required-membership-of=, an ntlm_auth option that restricts
      r85: Update the winbind interface version, as I just extended the struct.
      r86: This function was moved to lib/nterr.h
      r104: Fix ntlm_auth by adding the new strhex_to_data_blob() call.
      r148: Ensure we do not dereference a null pointer when we return the user
      r171: Continue the 'rename nt_session_key' work.  This attempts to rename
      r175: Move this comment to the right place...
      r176: Improve our fallback code for password changes - this would be better
      r177: Split ntlm_auth --diagnostics into a seperate file, so as not to clutter
      r188: Add a new 'helper protocol' to ntlm_auth.
      r191: Only send the ntlm_auth 'ntlm-server-1' helper client a '.' after the
      r201: Fix bugs in the --helper-protocol=ntlm-server-1 implementation.
      r240: I'm pretty happy with the 'ntlm-server-1' helper protocol now, and as
      r780: Fix segfault in ntlm_auth --diagnostics
      r936: Fix a rather weird error that crippled my site, when we upgraded to
      r1121: Fix memory leak in the trans2 signing code.
      r1122: As spotted by lha at stacken.kth.se we don't actually use this variable any more.
      r1124: ntlm_auth memory leak fixes by James Wilkinson - jwilk at alumni.cse.ucsc.edu
      r1125: Remove bougus comments. (The real fix was to the sealed pipe padding)
      r1126: Allow more flexible GSS-SPENGO client and server operation.  The
      r1127: Finding trusted domains is not so important as to require a DEBUG(1).
      r1128: The end-of-file is not the end of the world, so don't make a load DEBUG() about it.
      r1428: Remove *completly bogus* memset.  (No doubt my bug, too...).
      r1487: Remove unused parameter for the client-side signing functions.
      r1492: Rework our random number generation system.
      r1581: 'NULL' NTLMSSP is both a pain to get right, and compleatly and utterly
      r1582: On failure, print the length of the right variable.
      r1583: Patch by Fabien Chevalier <fabien.chevalier at supelec.fr>
      r1612: Fix bug #1571 found by Guenter Kukkukk <guenter.kukkukk at kukkukk.com>
      r2137: This is a patch I've been running at Hawker for a while.
      r2147: Fix utility name in error message (pre-emptivly merged to trunk ;-)
      r2157: This parameter in loadparm appears compleatly unused.
      r2755: Fix NTLMv2 for use with pam_winbind, the plaintext ntlm_auth modes,
      r2761: Print the decrypted, not encrypted key.
      r2762: Remove silly conversion to and from UTF8 on the winbind pipe.  Fix the
      r2779: Some fixes to pam_winbind.c.:
      r2865: Add static and remove unused functions that only cload the blame-game
      r2868: Well, I'm not quite sure what I'm doing back in Samba 3.0, but anyway...
      r3616: Merge for 3.0.8.
      r4337: Produce a slightly different error message is lanman authentication is
      r4976: Try to scare people off from trying to write authentication modules
      r5455: Remove bogus DEBUG messages (dump for a failure to parse NTLMSSP,
      r5536: Avoid intermediate copy of NT and LM responses in NETLOGON client.
      r8912: Samba 3.0 was failing from a Vista client, because it was using 'raw'
      r8913: Fix memory leak in -r 8912: Free the right thing, rather than blob1 'twice'.
      r15492: Without this patch, the LDAP client libs will call abort() in
      r17005: Add a new helper mode to ntlm_auth: ntlm-change-password-1
      r17007: Increment winbind protocol version number.
      r17216: From Kai Blin <kai.blin at gmail.com>:
      r17487: Allocate some OID space for Samba4, so we don't trip on each other.
      r20402: Fix spelling: samba bug #4292 debian #402392
      r20403: Cleaning out my Samba 3.0 tree:
      r20996: Build fix from Kai Blin
      r22020: Make it more clear that both the vuser struct and it's contents are
      r22022: - Clarify the comments
      r22023: I don't like this cache, but I think Jeremy is right, the consequences
      r22024: Don't leak, actually use the provided memory context...
      r22026: Missed in my last commit, another case where we need to copy, not reference.
      r22071: Make the error message for incorrect use of '-c' show the parameter as used.
      r25049: Set new, more secure defaults for Samba 3.2.
      r443: Update Samba4 to the auth and NTLMSSP code from Samba3.
      r448: Fix 'auth' in Samba4, by making 'auth methods' a normal smb.conf
      r451: More NTLMSSP work.
      r607: When our code is looking for an 'empty' data blob
      r610:  - Merge the Samba3 'ntlm_auth --diagnostics' testsuite to Samba4.
      r611: Fix breakage from my last commit:
      r613: Fix the RPC-SAMR torture test, for my session_key changes.
      r614: Clean out the POSIX assumptions from the Samba4 auth subsystem.
      r619: Remove more code that is no longer called.
      r620: Remove more ununsed code.
      r683: Remove the trailing ; from this macro, so it can be used in an 'if' expression.
      r684: Note the fact that NTLMv2 provides a weath of futher testcases...
      r685: The SAM is dead!  Long live the new SAM!  ;-)
      r707: Chainsaw work - SAM_ACCOUNT can die, along with passdb
      r708: Clean up copyright headers, to reflect code that has come and gone
      r715: Finish the ldb conversion for the auth_sam module.
      r719: Follow the trend - remove more unused functions.
      r743: Start on a NETLOGON server in Samba4.
      r745: Move netr_ServerPasswordSet up with the other secure channel
      r751: Fix debug message to print the right variable.
      r752: Remove debugging hack (make sure the cleanup test account after we
      r754: Implement the SetPassword operation on the netlogon pipe.
      r816:  - Make use of tridge's new samdb_result_sid_prefix() helper function.
      r831: These functions duplicate the push/pull charcnv interfaces that we use
      r874: This patch is a pile of work on NTLMSSP:
      r877: This attempt at IDL was accidently included in the pervious commit.
      r892: Actually add the NTLMSSP self-check torture code this time...
      r929: Remove more unused code from util_sid.c (the old-style sid code is
      r1009: Make all users of NT and LM passwords use the samr_Password structure.
      r1019: Push the auth subsystem away from using typedef, and over to the 'all
      r1020: Add an (untested, until the other end is hooked in) method for
      r1021: Because auth_serversupplied_info is not reference counted, this may
      r1023: Prepare the auth subsystem interfaces for netlogon SamLogon to use.
      r1024: Use samr_Password for the machine password here - this ensures we can
      r1025: Rename (across the samr and netlogon pipes, so far)
      r1027: More rename:
      r1028: More consistancy fixes, which should also fix the build.
      r1031: Move more code dealing with passwords to struct samr_Password.
      r1058: The start of work on the SamLogon call for NETLOGON.
      r1061: The start of the SamLogon call for the NETLOGON pipe.
      r1063: userdom_struct dies!
      r1064: Remove the unused userdom_struct from the user_context struct
      r1080: Make sure to initialise all the returned elements in the SamLogon
      r1123: Make all lp_ string functions return 'const char *'.
      r1129: Remove unused function.
      r1142: I think this should fix the interactive logins for tridge - don't take
      r1161: Include a few more self-check NTLMSSP examples.
      r1163: Add const.
      r1169: Some more updates to the NTLMSSP NTLM2 code:
      r1170: Remove bogus part of previous commit - session keys, even in NTLMSSP
      r1173: A quick little test to show that we cannot bind twice to a single endpoint.
      r1186: Clarify why this is a 'bogus' negitive test.  If we pass it, we may
      r1187: * Remove testing hack (actually check signatures on NTLM2).
      r1189: Now that we use a common 'base' return structure for the SamLogon
      r1196: Remove unused pstring/fstring functions.
      r1197: Fix my build breakage, variables at the top of a block only...
      r1198: Merge the Samba 3.0 ntlm_auth, including the kerberos and SPENGO parts.
      r1199: Make talloc_asprintf_append() work on a NULL source string as if it were
      r1200: Add 'gensec', our generic security layer.
      r1250: We no longer use these #defines
      r1292: Add const to the subsystem/module registration code.
      r1293: Indent
      r1294: A nice, large, commit...
      r1305: Grrr, fix my build breakage...
      r1352: Add a 'peek' function to our ASN1 code, so we can safely perform the
      r1353: Fix compile with new ASN1 peek code.
      r1354: Make it clear that the first gensec_update takes a NULL data_blob.
      r1355: Add const (I missed this when I changed the function prototype earlier)
      r1356: Fix logic bugs in ntlm_auth.
      r1357: Work on GENSEC:
      r1358: Re-indent the SPENGO implementation, and work on the basis of a
      r1372: Remove the 'default' case from the SPENGO state machine, and fix up
      r1418: Merge Samba 3.0's recent kerberos changes into Samba4.  None of this
      r1422: StrnCaseCmp now needs to be non-static.
      r1423: Make sure to destory the mem_ctx.
      r1426: Fix some of my silly compile errors...
      r1434: Merge this function in from Samba 3.0, but use a mem_ctx rather than
      r1435: talloc_steal is very useful - add a function to do it with a DATA_BLOB
      r1436: Move GENSEC across to config.mk
      r1437: Intermediate commit of krb5 for GENSEC.
      r1438: Record the principal name we are sent in the SPENGO mechListMIC in a
      r1439: Once we are authenticated, always return NT_STATUS_OK. (Makes SPENGO
      r1440: GENSEC improvements:
      r1441: Indentation and comment fixes.
      r1442: I was going to rename kerberos.c -> kerberos_kinit.c, but didn't.
      r1443: More changes towards Kerberos in Samba4's GENSEC.
      r1445: Ensure get_auth_data_from_tkt doesn't get into proto.h
      r1446: Another funciton to avoid in proto.h
      r1447: Fix compile.
      r1448: Indent this so proto doesn't pick it up.
      r1452: Thanks to Volker for spotting that this code was certainly not tested...
      r1456: Rename this parameter to avoid shadowing a badly-named GTK global.
      r1457: Add the GSSAPI layer to our gensec_krb5 code.
      r1458: Add a new configure option, to make it possible to both find errors,
      r1460: Avoid a compile warning.
      r1461: ntlm_check.c is a server-side peice of code, so it belongs in AUTH.
      r1462: GENSEC Kerberos and SPENGO work:
      r1474: It is useful if talloc_strdup() behaves like strdup()
      r1475: More kerberos work
      r1476: Don't print messages about the CCACHE not being found - this is normal.
      r1498: (merge from 3.0)
      r1521: Updates to our SMB signing code.
      r1522: Oops - I forgot this file in the prvevious commit.
      r1604: Samba4 avoids memcpy() as much as possible - we don't need to make a copy here.
      r1605: GENSEC krb5 updates - fix a valgrind found uninitialised variable, and
      r1685: Add the ability to lookup RPC auth types for the RPC-MGMT torture test.
      r1686: Don't use a void* for the context inside the SMB signing code.
      r1687: Fix bogus requirement for SMB signing on guest connections.
      r1723: Make sure we bail out on error in reading a OID.
      r1724: Add a new function to return the list of available OIDs.
      r1725: Remove a silly 'utility' function.
      r1726: Fix up the comments and indenting.
      r1727: SPNEGO session setup replies need to include the blob, even on error
      r1729: Make the SMB signing code more generic (to share more between client and servers).
      r1730: We cannot dereference c->tree here, as there is not a tree yet.
      r1731: Add server-side SPNEGO support to Samba (disabled, until SMB signing
      r1735: Clean up SMB signing - we don't have more than one 'real' way to sign
      r1745: More work on cleaning up SMB signing.
      r1746: Remove more cruft from the SMB signing code.
      r1752: Fix compile bugs on C (rather than C++) tolerant compilers.
      r1762: Ensure that a user (as opposed to guest) cannot login without SPNEGO,
      r1768: Add some debugs to assist in SMB signing debugging.
      r1769: Add a new torture test to check vuid properties, and SPNEGO/non-SPNEGO games.
      r1795: Fix the multiple session setup torture tests.
      r1796: Enable server-side SPNEGO, now that I have fixed the server-side SMB
      r1990: Fix breakage caused by the recent talloc changes.  (Failure to process
      r1991: After finding a talloc inconsistancy is a very good time to smb_panic(),
      r1992: Make the NTLMSSP torture test show more detail, and return failure etc.
      r1993: Allow WinXP domain logon to progress a bit further (it seems broken for me).
      r2035: Fix spelling.
      r2041: Fix NTLMSSP RPC sealing, client -> win2k3 server.
      r2047: Warn on 'declaration after statement' (breaks non-gcc).
      r2053: All RPC sessions 'want' a session key.  Of course, the key they
      r2054: Fix compile warnings/build failures on non-gcc.
      r2055: Add PRINTF_ATTRIBUTE to many more parts of the code, and a new
      r2056: Allow the compiler to check this format string.
      r2062: Fix a couple more of the printf warnings (real bugs).
      r2063: Ensure the first argument to a printf() like function (talloc_init()
      r2096: Enable use of NTLM2 for connections that do not got on to be NTLMSSP
      r2098: The first 8 bytes of this sig is not used in the 'is it correct' calculation.
      r2099: Get rid of another private ARCFOUR implementation from the codebase.
      r2119: Noticed by jra:
      r2220: Updates to the NETLOGON torture test.  This copes with 'long'
      r2281: Add a few comments.
      r2282: Remove one more magic constant from the source, replace with sizeof().
      r2283: Change from tridge (in his ntlm2 patch).
      r2284: Thanks to some great detective work by tridge, NTLM2 signing now works.
      r2285: Remove more static data, fix spelling in a comment.
      r2286: Fixes towards krb5 logins into Samba's CIFS server.
      r2287: Add static.
      r2288: Remove the claim/yield connection code - this will need to be redone
      r2290: Fix 'lsakey' for the server-side, it is static for
      r2307: Fix the use of 'raw' NTLMSSP to hosts that support extended security,
      r2313: Make these attributes case insensitive in the default provision.ldif
      r2504: Add printf attribute, for format argument checking.
      r2505: Remove unused function.  If/when we implement plaintext authenticaton
      r2506: Add more printf attributes for format checking.
      r2507: Allow a case-insensitive lookup when converting strings into NTSTATUS
      r2512: Remove unused stub functions.
      r2513: Avoid strupper/strlower when you can.  This developers module
      r2514: Remove unused funcions, and add static.
      r2515: Fixes from smbtorture - these session keys are not individually encrypted.
      r2534: Change NTLMSSP parsing to avoid a seperate str_chrnum() call - storing
      r2535: Make certain, that even if we have invalid ASN.1 here, and the caller does not check the return value, that we don't return uninitialised memory here.
      r2536: This is a classic case for the use of our new talloc code, and
      r2537: Add static and use strlen_m instead of str_charnum().
      r2541: Add a TODO:  This is one place we can grab the remote netbios name.
      r2542: I really don't like the 'substitute' code, and I particularly don't
      r2543: Catch one more use of sub_get_remote_machine().
      r2544: (missed from the last commit)
      r2545: str_charnum -> strlen_m.
      r2546: Remove another strupper_m() that we don't need.
      r2547: Another place to use convert_string_talloc().
      r2550: survive our own BASE-NEGNOWAIT torture test.
      r2551: Add const.
      r2552: Character set conversion and string handling updates.
      r2611: Try to make Samba4's ntlm_auth more consistant with Samba 3.0.
      r2612: Ensure ntlm_auth always logs to stderr.
      r2859: It seems useful to allow the seal/unseal functions in gensec to pass
      r3073: Fix bug in the handling of null-terminated ASCII strings in RPC.
      r3074: Add in a new 'field present' flag samr.idl for the Account Flags
      r3075: Initialise (and check for intialisation) of the private pointer to
      r3076: Fix memory leak.
      r3077: Add initial handling of Account Flags in SAMR user info level 21 and 25.
      r3078: Allow more things to be set as command line options to provision.
      r3079: make code more pretty :-)
      r3080: Make the Samba4 SAMR server pass the new, nasty torture test (now that
      r3104: My Win2k3 server, with current updates, still sends the LM key for level 6.
      r3109: Give krbtgt and our machine account a random password in provision.
      r3110: Fix the krb5 client and server, so that it doesn't segfault.  There
      r3115: Bugfixes and extra debug in our kerberos verify code.
      r3128: Return the correct error code for a secrets/kerberos login, but
      r3170: Add winbind client support back into Samba4.  This is to allow
      r3175: Add winbind back into includes.h (spotted by tpot)
      r3185: Machines can login with krb5, so we need to allow them to map to a unix account.
      r3186: Use the properties of the new talloc() system to handle the auth
      r3187: This 'optional' part of the ASN.1 in SPNEGO is required by Samba3 (but
      r3190: When we don't have a PAC, do a lookup in the local ldb instead.
      r3358: Try to put all the basic struct dom_sid manipulation functions in one
      r3359: Add magic auto-initialisation hooks here, to match the rest of
      r3361: Allow Samba4 (I'm interested in ntlm_auth in particular) to use
      r3362: Change netlogon.idl so we can parse the 'info3' seperate from it's surroundings, and rename user_id -> rid, as it could be a user or group id.
      r3364: Add parameter to fix the compile.
      r3365: Fill in the user and primary group SIDs into the 'server info' before
      r3394: Give the user a clue why we are blasting them with the usage brick.
      r3519: Include time headers to fix the build.
      r3524: Remove unused variable.
      r3541: Add support (to be verified with the squid team) for the Squid 3.0
      r3542: Re-indent, and fix a use-after-free by doing the talloc_destroy just a
      r3553: Allow talloc_reference to take a NULL pointer for the "ptr" argument.
      r3554: Use the new talloc_reference changes to simply the conversion of
      r3555: Fix auth_winbind to work with the new auth_util conversion code.
      r3556: Remove --enable-krb5developer and --enable-gtkdeveloper, as the new
      r3557: Use a switch, not a series of if/else if statements.
      r3558: We don't seem to need these as [public] any more.
      r3565: Move PAC parsing into the session_info generation, and out of the
      r3570: Export the user's group list from ntlm_auth, via a new command 'UG'
      r3572: Thanks to tridge for his patience with my build breakage.
      r3609: Lets spew out a few less error messages for tridge, and hope to get
      r3612: This appears to be the 'offical' way to initialise this struct.
      r3651: Add a new configure option --with-eparserdir
      r3652: Fix malloc-history dependent failures in smbtorture.
      r3653: Move Interactive login tests up with the rest of the logon tests.
      r3654: Add static and fix indentation.
      r3655: As required by the new torture test, add the LM session key output
      r3657: More netlogon torture.  We now test both function calls (SamLogon and SamLogonWithFlags).
      r3676: Add a negitive test for NTLM2 session security (which should not
      r3677: Seperate the SamLogon tests from the main RPC-NETLOGON test into a
      r3678: Remove testing code accidentily commited.
      r3679: We now know a few more of the Netlogon negotiate flags.
      r3680: Move the multiple runs of this test into a loop.  Also check that no
      r3686: The results of some work on the NETLOGON pipe:
      r3687: Gaah - I forgot to add the new file for the RPC-SAMSYNC test...
      r3716: Improvements in the RPC-SAMSYNC tests:
      r3721: We cracked the NTLM2 puzzle long ago, and set the flags elsewhere.
      r3723: Now that timestring() always returns talloc'ed memory, we don't need
      r3724: Rename a number of structures, for better consistance between SAMR and
      r3725: The new RPC-SAMSYNC test, complete with SAMR comparisons.  This is
      r3804: Add more comparison tests in RPC-SAMSYNC.
      r3805: Fix the LSA portions of the RPC-SAMSYNC test - I was not using the LSA
      r3807: Cross-check the basic attributes for groups and aliases in RPC-SAMSYNC.
      r3808: Put these in the same order as the IDL, to make it easier to spot what's unimplemetned (tests of the group members)
      r3885: Add security descriptor comparison to our RPC-SAMSYNC test.  We now
      r3904: * Add new LSA calls to open trusted domains
      r3905: (oops, missing file: samsync.c)
      r3907: * Rename lsa_Name to lsa_String
      r3908: We know that this field is a flag of some kind, and matches the output on LSA.
      r3909: Fix cross-reference test for trusted domains.
      r3917: A few more LSA RPCs found in my wanderings (for trusted domains, these
      r3919: Add more info levels to the QueryTrustedDomainInfo structures, with
      r3921: Cross-test SIDs in RPC-SAMSYNC, fix the build.
      r3922: Add yet another NETLOGON RPC.  This is another varient of SamLogon,
      r4342: Fix a memory leak in init_globals().
      r4349: Start to fix the long-standing pain that --with-krb5 would be ignored if krb5-config was in the path.
      r4354: The ldb databases do not go in lib/private, but in private/ under PREFIX
      r4355: More work from the elves on Christmas eve:
      r4356: Allow anonymous connections to use NTLMSSP.  The silly bugs that
      r4357: Return a more sensible error code if a NULL (as opposed to the valid
      r4358: At metze's request, the Christmas elves have removed gensec_end in
      r4379: Merge more Kerberos related configure checks (by jra, gd and Lars
      r4384: Try again to fix compiling against a specified KRB5 library.
      r4385: Set the correct target service.
      r4386: Grr, fix copy-and-paste bug.
      r4400: Pass rootdse.ldif past the subst code.
      r4441: gensec_krb5 update:
      r4459: GENSEC refinements:
      r4460: Add a new GENSEC module: gensec_gssapi
      r4470: Try not to have GSSAPI built unless we detected krb5.  We should split
      r4494: Allow gensec_gssapi to use the SPNEGO mech provided by Heimdal (off by
      r4499: Almost make our Samba4 server pass the RPC-SAMLOGON torture test.
      r4500: Allow GENSEC modules to be disabled by setting a flag on their module
      r4504: Setting
      r4510: Some more tests for RPC-NETLOGON, checking the idea that we could
      r4530: Start adding a bit of Doxygen compatible documentation comments to GENSEC.
      r4531: Include the OID locally, as it seems to be hard to get the includes
      r4565: Make the order of the initialisation more sensible.
      r4566: Fix Samba4 to pass it's own RPC-SAMLOGON torture test.
      r4567: Fix the build for metze.
      r4590: Make RPC-SAMSYNC pass againt Win2k3.
      r4594: Add more testes to the standard 'passes against win2k3' script.
      r4603: Test creating local and global secrets over LSA.
      r4610: You can't join as a BDC and test against trusted domains.  This test
      r4614: Fix RPC-SAMLOGON, to use the workstation context (forgot to globally replace).
      r4635: Fix NTLMSSP to return NT_STATUS_OK when it has constructed the auth
      r4636: Per tridge's wish (and probably correct behaviour), don't key off a
      r4641: Push a few more details into the schannel ldb, and into the
      r4657: This really should be made a structure, so we can't get it wrong, but
      r4658: (grr, commited wrong file last time).
      r4659: Revert -r 4657 committed by mistake, until I review and test the
      r4660: Test what we should return for a secret that does not exist.
      r4667: Don't follow a NULL pointer for an idle event handler.
      r4671: Expand the RPC-LSA test to set secret values twice.
      r4673: Fix the IDL for the QuerySecret LSA call.
      r4674: Test SetSecret behaviour for local and global secrets, when setting
      r4675: Prevent global warming, and save tridge's sainity by short-cutting the
      r4678: Add some const to LDB.
      r4679: Remove the void* from samdb.  We now use structures without full
      r4680: Make more efficient use of memory in SAMR:
      r4681: Another entry for structs.h
      r4682: A LDB-based secrets implementation in Samba4.
      r4691: Make the DCE-RPC bind code compleatly generic to the number of passes
      r4692: Make the client SPNEGO code bail out in a couple more cases.
      r4693: Add another test (RPC-MULTIBIND) that should always pass.
      r4694: 'fix' the behaviour for setting only the old, but not the new secret.
      r4695: Leave less memory handing around on long-term TALLOC_CTX.
      r4698:  - Initial implementation of trusted domains in LSA.
      r4699: Move the test_EnumTrustDom() test into the test_CreateTrustedDomain
      r4703: Add support for EnumTrustDomain, and expand the testsuite.
      r4706: Fix the build, after I renamed these elements in the IDL.
      r4708: Comparing with LDAP, it is clear that these 'flags' are in fact the
      r4713: Add initial support for QueryTrustedDomainInfo on LSA.
      r4720: Reformat, rename, and convert to enums parts of the LSA IDL specification.
      r4721: Changes to libnet_passwd to take advantage of the new easier to call
      r4722: Start to add 'net join' to Samba4.
      r4762: Store the results of a 'net join' in the LDB.
      r4763: Join Samba4 to itself during the provision process.
      r4764: Add some more structs to keep the proto.h compile happy.
      r4766: Add another useful helper function: samdb_msg_set_value()
      r4768: Until I can prove it, we should not have these elements marked as
      r4774: It appears the SensitiveData contains the password history, as the
      r4776: Add more debugs to SamSync test.
      r4890: Try to cope with mechanism mismatch in the client speaks first version
      r4893: Move to using secrets.ldb for the Kerberos verify, instead of
      r4895: I missed this in my previous 'use secrets.ldb' commit.
      r4897: Unbreak the LDAP server.  Somehow the generic service structures
      r4914: Fill in the realm for the self-join.
      r4923: Avoid using krb5-config in the path if a krb5 prefix was already set.
      r5086: Fix list of binaries to install:
      r5088: Push some of the heimdal tests into a 'if we didn't have krb5-config' block.
      r5089: Fix indentation.
      r5090: Fix up the IDL for LogonGetDomainInfo in NETLOGON.
      r5091: The Kerberos secrets are queried by realm
      r5092: Add a bit more const - moving it further into the LDB layer.
      r5093: Make debugs less confusing when a 0 NTTIME is printed.
      r5330: Remove #include <sys/time.h> from includes.h.
      r5334: Bah, it's all to hard...
      r5667: Move schannel state into libcli/auth (as it belongs with schannel,
      r5668: Add tests to RPC-SAMLOGON to test for user at REALM style logins.  These
      r5783: Test renaming of accounts in the RPC-SAMR test, and add support into
      r5876: Add a test account for the duration of the samsync - to ensure we have
      r5877: It is not an error to have a zero-length secret, after decryption.
      r5878: Be clear which machine name (We have one worksation, and one BDC) we
      r5879: Rename SAMR_FIELD_WORKSTATION to SAMR_FIELD_WORKSTATIONS - it is a list.
      r5895: Remove old auth_domain code - to be replaced with entirely new implementation.
      r5898: Handle errors in the 'sync' name and IP address handling code.
      r5899: Fix spelling.
      r5900: Use flatname to specify the netbios domain name (matches what win2k3
      r5901: Add another option to the test script - the realm, which must match
      r5902: A rather large change...
      r5903: While I can't test IPv6, metze asked me to commit a matching change
      r5941: Commit this patch much earlier than I would normally prefer, but metze needs a working tree...
      r5942: A couple of small changes to fix things up with the new credentials
      r5983: Start support for being a domain member in Samba4.
      r5984: Add index and attributes to default ldif for secrets.ldb
      r5985: Actually adding auth_domain.c in -r 5983 would probably have been a
      r5988: Fix the -P option (use machine account credentials) to use the Samba4
      r5992: Rename schannel.c -> schannel_sign.c.  The rest of the schannel code
      r6010: Change the testing order, so we test all transports for each binding
      r6024: Some of the ordering constraints on the popt callbacks were getting
      r6025: Remove unused variables.  This code will be modified again for the new
      r6026: Update the kerberos keytab code to match Samba3 again.
      r6027: Add copyright, and add a useful debug message.
      r6028: A MAJOR update to intergrate the new credentails system fully with
      r6030: Missing from previous commit, a small header file to link
      r6032: Fix up SetServerPassword2 on NETLOGON for [bigendian].  Clearly nobody
      r6033: Patch from 'lifeless' to clarify behaviour with NULL pointers.
      r6078: Correctly fix the failures for NT1 (not SPNEGO) session setups in the
      r6079: Add inline documentation on the credentials context API.
      r6094: Work on the Kerberos code recently merged from Samba 3.0.  This fixes
      r6113: Move GENSEC and the kerberos code out of libcli/auth, and into
      r6270: Move the VUID handling to a IDR tree.  This should avoid O(n)
      r6271: Don't zero the cli_credentials structure - instead allow valgrind to
      r6272: For 'programmed' use of an anonymous account, we should use
      r6286: Add back metze's test of setting a trust password to ''.  I removed
      r6309: Remove this file it is empty and unreferenced.  (In preperation for
      r6310: Rename password.c to session.c, and remove the linked list of all
      r6312: Metze reminds me this header is no longer required.
      r6313: Much better handling of LogoffAndX when the vuid is invalid (ie, don't
      r6314: A more complete RAW-CONTEXT test.  This Samba4 currently fails, but it
      r6315: Allow sane session setup behaviour on SPNEGO regarding VUIDs.
      r6451: Ensure we correctly initialise the credentials structure in the schannel test.
      r6452: This particular credentials feature needs to be NULL by default.
      r6453: Move verbose errors for the schannel 'not in the DB, or DB corrupt' error cases.
      r6454: Start to migrate NTLMSSP away from it's own API to just use GENSEC.
      r6455: Remove wrapper functions, and ntlmssp_end (which is well handed by talloc() now).
      r6456: The RPC-SCHANNEL test is an important test that passes against Win2k3 (well, not SP1, but we are working on that detail).
      r6457: Simply the RPC server code for the choice of GENSEC mech - it's just
      r6458: Split up NTLMSSP into a new directory, and into seperate files for the
      r6460: Push the client credentials into NTLMSSP, allowing logins of the form
      r6462: Move the arcfour sbox state into it's own structure, and allocate it
      r6463: Move NTLM2 and NTLM (v1) specific variables into a union for DCE/RPC.
      r6464: Remove the last of the Samba3 NTLMSSP API.  This removes the rudundent
      r6465: Use talloc_zero for the gensec_ntlmssp_state structure, as the history
      r6467: keep the compiler quiet with another entry in structs.h
      r6468: Fix LOCAL-NTLMSSP test with new NTLMSSP structure.
      r6498: Add comments in line with those I already added to 3.0.
      r6522: I have no idea why this change was made, but it not only breaks
      r6523: Another string that isn't filled in.  I wonder why this is, but for
      r6524: Fix the error we print when the RPC-ECHO test fails.
      r6525: Remove incorrect comment.
      r6526: Rename this RPC fault.  Everybody else calls this ACCESS_DENIED, and
      r6534: Patch from lieschen to fix our vital user creation tools :-)
      r6544: Use common structures between SAMR, NETLGON and the Krb5 PAC.
      r6565: Cludge, cludge, cludge...
      r6573: Start on my project to implement an NT4 compatible BDC in Samba4.
      r6582: Remove the hack that metze needed because Samba4 didn't have a samdump
      r6598: Make it easy to point the test_echo.sh at remote servers, without
      r6603: More work on the samdump puzzle.  This implements a function pointer
      r6698: Our domain join code requires that the secureChannelType be set.  Type
      r6699: Windows clients seem to ask for CIFS/, ie in upper case, so match it.
      r6700: Upper case realms in kerberos-specific parts of the code, as this is
      r6701: Updates to our server-side ticket verification code, we now use the
      r6702: Revert -r 6699, as I think this is a win2k v win2k3 issue.
      r6711: Clarify that we are dealing with a salting principal in the kerberos
      r6714: We can only ask GENSEC questions if we are authenticated.
      r6727: One more step down the long march to the 'Kerberos domain join'.
      r6728: Microsoft relies very strongly on getting the OIDs it expects, so we
      r6729: Fix silly copy-paste bug spotted by metze.
      r6736: Revert metze's -r 6734, as metze and I made the same changes at the
      r6737: Explain these error returns a bit better.
      r6738: My version of the patch by metze that I just reverted (-r 6734).
      r6791: My early notes on the particular things I have discovered as I learn
      r6792: Allow a mech to fail on the first pass at the packet, and still fall
      r6793: Move auth_sam to use the dnsDomain rather than the
      r6796: Remove the gensec_gsskrb5 module, which had had all of it's special
      r6798: Valgrind pain is not something I look forward to - if we ever fall
      r6799: Remove a rudundent variable from the context structure - we can figure
      r6800: A big GENSEC update:
      r6801: It appears that krb5_make_principal, while convenient, is not portable.
      r6803: Try to bring in the correct GSSAPI headers for the krb5 mech.  This
      r6806: Try again to fix the build on various kerberos libs.
      r6811: Another attempt at better kerberos/gssapi headers.
      r6819: More notes on krb5 requirements
      r6879: Another attempt at including the 'right' kerberos headers on
      r6882: Put in configure tests and #ifdef to keep Samba building on older Heimdal.
      r6883: Move to what simo assures me is the 'correct' way to find the NetBIOS
      r6902: Turn the LDAP server on by default.  It is no worse than the others...
      r6927: Make it easier to program with the SamSync callback interface, perform
      r6928: Add support for printing trusted domain names, sids and passwords in
      r7043: Patch from Julien Kerihuel <j.kerihuel at openchange.org> to reenable
      r7203: Fill in the error message and fail if we can't open the secrets database.
      r7204: Also fall back to different password set methods on WRITE_FAULT, as
      r7218: Don't use an uninitialised variable in an error message.
      r7219: Don't allow 'binding' to be used uninitilaised.
      r7220: Fix comment
      r7221: Add the start of a KDC service (to be built on a 'libkdc' from a to be
      r7226: Forgot file to disable building the new kdc
      r7240: Don't call our fancy error message routines on a null context.
      r7241: The KDC almost links...
      r7257: Ensure the error message can never be uninitialised.
      r7258: Fix the final linking error with libkdc - we need to link libhdb as well.
      r7259: Move the recv handler out into a seperate function (suggestion from
      r7269: talloc_steal() is preferred where possible, as it can't fail and does
      r7270: A big revamp to the way we handle kerberos errors in Samba4.  We now
      r7285: It appears that MIT Kerberos does not have the log redirection
      r7291: Additional notes on what we require from a kerberos implementation.
      r7292: Fix up the build system support for derrell's sqlite3 ldb backend.
      r7293: Turn sqlite3 support off by default, use --with-sqlite3 to re-enable.
      r7304: Make the libkdc actually work:
      r7306: Use a consistant #define for detecting support for the Heimdal krb5
      r7367: Replace the list of what our internal heimdal can do with data from a
      r7378: Lowercase netbios name when forming the DNS name of the DC in the
      r7508: Fix memory leak of outgoing packets in the KDC.
      r7509: With the update to Heimdal 20050612 we no longer need krb5_freelog(),
      r7520: Fix memory leak in hdb-ldb.c
      r7521: Remove useless loops from SAMLOGON test, which speeds it up a lot.
      r7525: Unify lp_load(), load_interfaces and logging setup into popt().
      r7530: Simply calling convention of lp_load().
      r7531: Finally fix lp_load().  I had left hooks in place which restricted us
      r7637: Another useful Heimdal feature we need.
      r7651: Only convert SERVER requests to KRBTGT requests.
      r7673: With current Heimdal we don't need this (correct) fix.
      r7674: Fix the printf() attribute suggestion by correctly prototyping, then
      r7675: Use correct memory context for anonymous session setup auth context
      r7676: Make VUID and TID choice random, as this gives us protection against
      r7680: Move to using our own private enum for the principal type inside the
      r7681: This #define is unused.
      r7682: Move the properties of our heimdal build from heimdal_build/config.h
      r7683: The other file from the last commit.  And it's include/system/kerberos.h that I'm putting the #defines in...
      r7684: Add a test aimed at checking we have agreement between client and
      r7685: Simply the test for session key logic, so we pass against NT4.
      r7686: Check for a type of invalid account name.
      r7687: Some more tests that must be done only when krb5_config is absent.
      r7688: Fix the internal heimdal build - push one #define back to
      r7689: Add new file from previous commit (seperate file for session key test).
      r7690: Move the NT hash generation into the credentials system, rather than
      r7756: Don't segfault by trying to search for the NULL DN, if the wrong
      r7757: Add NTLMv2 support to the NT1 Session setup (ie, not SPNEGO/NTLMSSP)
      r7758: When not running on the build farm, print out the failed command line again.
      r7765: Thanks to Maurice Massar <massar at unix-ag.uni-kl.de> for spotting that
      r7827: Add in-memory keytab to Samba4, using the new MEMORY_WILDCARD keytab
      r7843: Use the new Heimdal gsskrb_acquire_creds API.  This has the right
      r7862: Updates to the Kerberos notes, based on recent changes and discoveries.
      r7935: auth_unix now uses crypt(), so depend on -lcrypt.
      r7965: Remove the GENSEC password callback structure members, as these are no
      r7966: We need a better way to do this, but enable the KDC by default, if we
      r7967: We don't have the ms_krb5 stuff any more.
      r7968: Pull the PAC from within GSSAPI, rather than only when using our own
      r7969: It seems reasonable that our tickets be marked renewable, in the
      r7970: This SMB signing code (merged from 3.0) turned out to be bogus.
      r7971: structs.h update
      r7978: A start again on PAC verification.  I have noticed that the kerberos
      r7979: Metze reminded me to try one more combination, and we can now verify
      r7980: Forgot to add kerberos_pac.c to this config.mk file.
      r7986: Fix the compile, thanks to HotaruT.
      r7988: Store the KVNO for the machine account, and set it up in the provision.
      r7989: Allow the use of hashed passwords in the kerberos client and server,
      r7990: An attempt at documenting the current state of cludges required to get
      r7991: I forgot to free the keyblock once we are done with it.
      r7993: Further work on the Krb5 PAC.
      r8000: It seems make proto is required, for reasons I can't explain.
      r8001: Also fill in the krbtgt checksum, and make sure to put the right
      r8013: Remember to add the header containing the prototype for the pac
      r8016: Get the keyblock arguments correct.  (the context struct changed, but
      r8108: Fix indentation, and remove a discard_const_p() that we don't need any more.
      r8109: Try to print out more helpful debug messages on DCERPC server-side
      r8110: More PAC work.  I still can't get WinXP to accept the PAC, but we are
      r8112: Remove extra headers, and add #ifdef to allow the 'not yet using
      r8161: Update Samba4 for the new Heimdal update.
      r8162: Revert my pad8 hack.
      r8181: Allow host/foo.realm/realm at REALM requests, assuming that the realm
      r8245: Add const.
      r8246: Don't try and set the element after the end off the array to NULL.
      r8248: Make these comments more accurate.
      r8249: Clarify (with a comment) why we are playing these games here.
      r8250: More PAC work.  We now sucessfully verify the KDC signature from my DC
      r8252: Steal metze's thunder, and prove that with a few small tweaks, we can
      r8511: This 'can't happen', but GCC gives warnings because it thinks it can.
      r8644: This is a more useful error than unsuccesful.
      r8650: Use the timestamps and a new objectguid module rather than placing
      r8660: Use templates for the initial provision of user and computer accounts.
      r8662: Revert change to CN=Cert Publishers, this group still needs to
      r8663: Since simo constructed the samdb module, he and tridge have worked on
      r8664: I got caught out not testing...
      r8666: The same fix as the last commit, I was caught out on a move from a
      r8667: Further simply the provision script, by removing the 'name' attribute.
      r8669: The objectguid module belongs in Samba's ldb module collection, not in
      r8670: Remove GUID code from SAMR, it is handled lower down now.  I notice
      r8674: With the rdn_name module, we don't need this duplication in the samdb
      r8677: The first part of the domain name may not be equal to the netbios domain name.
      r8699: removed invalid comment
      r8700: Propmted by tridge's need to do plaintext auth in ejs, rework the
      r8701: Fix up auth_developer for recent changes.
      r8706: My previous patch oversimplied the previous change to session setup -
      r8738: Test (using ejs!) the basic operation of the ldb modules.
      r8740: Extend the rdn_name module to handle adding the rdn as an attribute.  ie:
      r8741: Kill warnings about enums not fully enumerated, as we will never use
      r8744: Split 'net samdump' out into a separate file
      r8752: With all the infrustructure done, details like a SamSync migration
      r8771: Extend the SamSync code out to groups and aliases, as well as deleting.
      r8772: Include the ldap ejs test in the standard 'make test'
      r8775: More SamSync work.  This is really just mechanical...
      r8790: Finish the migration of aliases and privilages with SamSync, by adding
      r8791: (missing from previous commit)
      r8792: Clarify comments
      r8820: Push this common block of code into the caller.
      r8823: I don't know why I added this test, it appears bogus.
      r8824: Fix indentation, and don't send 'invalid' LM password.
      r8844: Actually, both types of provision wipe the DB.  But we do need a way
      r8846: Test yet more NTLMv2 combinations.
      r8847: Rework the Samba4 'net join' code.  I'm trying to get this closer to
      r8854: #if 0 out the right things this time.  (Sorry about the build breakage)
      r8855: Share this enum (describing the SamSync databases) between nbt and netlogon.
      r8901: Fix ntlm_auth segfault (invalid free()).  We have moved to talloc
      r8939: Do an open domain in the schannel SAMR test.  This should test some of
      r8952: Partial work commit to find the DN of the new machine account - we
      r8970: Add 'ADS' join support to Samba4.
      r8980: Make Samba4 honour account control flags (we were asking for a
      r8981: Add comments, fix typos (in attribute names) and check for errors in
      r8982: "name" is not the netbios name, but the RDN.  Return the correct
      r8983: The KVNO (Kerberos key version number) should be incremented with
      r8984: Use the correct cross-reference search in DRSUAPI, rather than making
      r8986: As far as I can tell, given the ldif I get from behind this, we have a
      r8998: More work on the RPC server code to avoid abusing the name attribute
      r8999: Use the timestamps module to ensure we update times.
      r9011: Remove more references to "name" as a netbios name, using the
      r9015: Fix access to BUILTIN again.
      r9016: More work to avoid abuse of the "name" attribute, this time on
      r9022: One more step in the game of whack-a-mole with the PAC.
      r9084: 'resign' the sample PAC for the validation of the signature algorithms.
      r9085: Missing structs.h entry.
      r9165: Fix inverted error check in untested code path.  (My untested code...)
      r9166: This checks more of auth subsystem in the PAC test.
      r9167: Further PAC parionia:  ensure the checksum fails if we modify it.
      r9217: Add 'make clean' hooks to the ans1 depedency generator.
      r9221: Try to merge Heimdal across from lorikeet-heimdal to samba4.
      r9233: Ensure that the output variable is initialised in this conversion from
      r9234: Ensure we always change the end of the PAC, no matter what it is.  Fix
      r9235: Remove attribute search we no longer reference.
      r9305: Use the check-var.m4 from roken to really, really detect h_errno correctly.
      r9396: ntlm_auth updates, including again support for the NTLMSSP client
      r9406: Add const.
      r9411: Ensure we don't send a challenge without first getting a negotiate in
      r9412: Simplfy this NTLM authentication code by requiring the caller to
      r9413: Bring Samba4 back up to date with lorikeet-heimdal.
      r9414: Fix failure to find own domain info due to recent ldb_dn upgrade - we
      r9415: Remove old kerberos code (including salt guessing code) that has only
      r9416: Cleanups inspired by jra's work to migrate Samba4's NTLMSSP code back
      r9417: Ask for the ASYNC_REPLIES feature, as will want that.
      r9418: SPNEGO fixes:
      r9419: Silly, silly, untested mistake...
      r9420: Fix the SPNEGO system again: Update the state position after
      r9421: Move arcfour code into it's own file, in lib/crypto.
      r9422: Include crypto.h header.
      r9490: Fix typo
      r9505: Work on GENSEC and the code that calls it, for tighter interface
      r9516: Try a full-on matrix test of all the combinations in DRSUAPI
      r9547: A pile more completeness testing for DsCrackNames.
      r9678: Remove unused variables.
      r9680: Update Heimdal to current lorikeet-heimdal (which was itself updated
      r9681: We don't need the full smb_krb5_context here, so just pass the krb5_context.
      r9693: Move the smb_krb5_context setup code to use the new pattern of
      r9696: Update prototypes for new name of short parsing function.
      r9701: Provide correct parameters.
      r9727: A simplier test I can aim at passing when I get the cracknames code done.
      r9728: A *major* update to the credentials system, to incorporate the
      r9731: Fix typo
      r9733: Test conversion from known sids in CrackNames.
      r9772: Make credentials callbacks more consistant with the abstraction
      r9778: Test for particular error returns, rather than just OK/not OK.
      r9859: Enable (blocking) KDC resolution with DNS.
      r9861: I need to convert this to table-driven, but anyway...
      r9877: Merge from lorikeet-heimdal, to try and fix build failures.
      r9878: This is getting a bit out of control, but a few more tests.
      r9927: Extend copyright for all the hard work I've done this year.
      r9928: ncName is a DN, and needs to use DN matching rules.
      r9929: Fix indentation
      r9930: Use a single samdb_base_dn() function rather than lots of silly
      r9931: Make use of new 'norealm' parsing functions rather than strchr(p '@').
      r9940: When guessing, don't make DEBUG(1,... errors.
      r9941: Update the CrackNames test, and provide a much improved server-side
      r9942: CN=Configuration is always under the database-wide base dn, so don't
      r10021: More kerberos notes.
      r10022: Merge tpot's fix for IRIX and AIX_rea build problems from lorikeet-heimdal
      r10035: This patch removes the need for the special case hack
      r10044: Microsoft has defined this bit:
      r10045: metze reminded me to use the correct enum entry, rather than 0 for the
      r10066: This is the second in my patches to work on Samba4's kerberos support,
      r10072: Fix mismerge weridness in error handling.
      r10145: Allow a variable length signature, so we can support signing with
      r10146: Clarify which test is failing in error messages.
      r10148: Use samdb_base_dn() to find the local domain.
      r10149: Update Samba4 to current lorikeet-heimdal.
      r10153: This patch adds a new parameter to gensec_sig_size(), the size of the
      r10155: Add more notes on required gsskrb5 functions.
      r10171: This seems to work for encoding/decoding a PAC at the buffers only
      r10174: This patch implements generic PAC verification, without assumptions
      r10286: This patch is ugly and disgusting, but for now it works better than the other
      r10291: The patch optionally (off by default, not available in all cases) allows
      r10292: This is set below from lp_server_role().
      r10314: Apply the controvertial 'server role =' patch after discussion on the list:
      r10337: This grubby little hack is the implementation of a concept discussed
      r10345: Add more add-hock tests.
      r10364: Turn gensec:gssapi on by default, except for a login of the form
      r10372: Having gone to all the effort to uppercase the realm, actually set the
      r10373: Fix segfault in LookupSids.
      r10382: In the absence of client support for the full KDC-side
      r10383: This patch is on the road to implementing servers (such as kpasswd) that
      r10386: Merge current lorikeet-heimdal into Samba4.
      r10387: By exporting KRB5_CONFIG pointing at a file of our choosing, we can
      r10398: Don't do DNS lookups on short names (no .).
      r10402: Make the RPC-SAMLOGON test pass against Win2k3 SP0 again.
      r10440: Start passing against Win2k3 SP1 again, with the NTLMv2 changes
      r10464: Use more consistant names.
      r10486: This is a merge of Brad Henry's 'net join' rework, to better perform
      r10488: (Missing file from previous commit, adding a new RPC-JOIN test)
      r10520: The join is a nice quick RPC test.
      r10561: This patch takes over KDC socket routines in Heimdal, and directs them
      r10562: Ensure we initalise the error table with hdb errors.  This ensures we
      r10563: a null 'join' is a no-op.
      r10564: Make the RPC-SCHANNEL test use the libnet_join code via torture_join_domain
      r10565: Try to make Kerberos authentication a bit more friendly.
      r10566: Clean up error messages to provide more accurate info.
      r10593: Add printf attribute
      r10595: Use a server name of 'localtest' not 'localhost', so we can move to
      r10596: Move the credentials code into it's own subsystem, and push it under auth/
      r10597: And add the .mk files for the new credentials subsystem.
      r10598: Factor out common code, in preperation for a move elsewhere.
      r10599: Use localhost again for now, until I trace where we are leaking name lookups.
      r10670: Add notes on things that are TODO in Samba4 kerberos land.
      r10695: strupper() of NULL should be NULL, not panic.
      r10696: Return the realm to the caller, not NULL...
      r10697: Change the torture join code to return a credentials structure, as
      r10701: Ensure we return the right user handle.
      r10702: Fix a silly error that caused a rejoin/delete in the torture code to fault...
      r10703: Add a new user account, change the password and test it in the SAMLOGON test.
      r10711: An error of 'user exists' is not an error, just an indication of how
      r10712: Use data_blob_talloc, thanks to valgrind for finding the errors.
      r10763: PROOF of the single, easily understood cause of all of our schannel PAIN!
      r10764: To match Win2k3 SP1, we need to set an anonymous user token for
      r10791: Add copyright, fix comments (this isn't the timestamps module any more)
      r10796: Make getting an anonymous session info a utility function.
      r10800: Indent
      r10803: Remove a duplicate krbtgt test, and add a test looking for the
      r10804: Move the DRSUAPI cracknames test into a seperate file, and collapse
      r10805: Move RPC-SAMLOGON to C99 initialisation
      r10806: Add missing file.
      r10807: Make the split-out files actually compile...
      r10809: Add struct decl
      r10810: This adds the hooks required to communicate the current user from the
      r10811: Revert accidental commit, I still need to finish the displayName and
      r10812: Fix capitalisation (thanks tridge).
      r10820: Use talloc_get_type as suggested by tridge.
      r10844: Add challenge-response authentication to Samba4's winbindd for VL.
      r10845: Add new function to decrypt the session keys in samlogon responses.
      r10847: Fix up new 'decrypt samlogon reply' routine to be more robust, and use
      r10855: Put the domain SID in secrets.ldb by default, and add http as a
      r10945: Free the salt after we are done with it.  May need a merge to similar
      r10946: Use the right name for the remote workstation, and always initialise it.
      r10950: More cracknames variations (including expected values) than you can
      r10953: Add a new function to form a canonicalName out of a DN to ldb_dn.c
      r10956: Tridge thought some comments might be a good idea :-)
      r10980: Use ldb_attr_cmp and ldb_dn_escape_value
      r10981: Pull code to decide between and implement NTLMv2, NTLM and LM
      r10982: Move credentials.h into auth/credentials, and add flags needed by
      r10983: Another case were we want to avoid DNS for unqualified names.
      r10985: To aid in testing, this allows us to easily force kerberos to use UDP or TCP.
      r11106: Make the KDC handler plugable, as I want to drop kpasswdd into exactly
      r11194: Use the special ldb attribute "canonicalName" (therefore testing that
      r11195: Add a new helper function (needed by my kpasswdd work, but hooked in
      r11196: Clean up memory leaks (pointed out by vl), and handle the case where
      r11197: indent
      r11198: The recent changes to netlogon changed this from a RID to a SID.
      r11199: Push an objectSid into the schannel state database, to match the new header.
      r11200: Reposition the creation of the kerberos keytab for GSSAPI and Krb5
      r11201: New filters for searching in secrets.ldb
      r11202: Add more structs to structs.h
      r11203: Use different variable names to make it easier to tell which assert fired.
      r11204: Allow us to read credentials from secrets.ldb without a
      r11205: Another test for cracknames.
      r11206: It appears to me that any account may operate as a server.
      r11207: Correct principal search define
      r11208: Add DNS entries for finding the kpasswd server to the default zone.
      r11209: We can't read the priorSecret unless we ask for it.
      r11212: Enable sealing of data with raw krb5, consolidate some code into the
      r11215: Remove no-op prompter intended to work around bugs in old kerberos libs.
      r11216: Upgrade to gd's PAC extraction code from Samba3.  While I still want
      r11217: Ensure the realm is substituted in UPPER case.
      r11218: Always return the mutual authentication reply (needed for kpasswd),
      r11219: Now that we have the credentials hooked in here, we have a much more
      r11220: Add the ability to handle the salt prinicpal as part of the
      r11221: I don't quite know how I tested this before, but clearly I didn't.
      r11222: Small provision fixes: canonicalName is now generated, and the DC=
      r11223: Only pass around the ldb handle (make this code easier to seperate
      r11225: Remove pointless goto.
      r11226: Cope with Samba3's behaviour on LDAP with GSS-SPNEGO.
      r11239: Use ${REALM} for the realm in rootdse.ldif
      r11270: Move the core CrackNames code from rpc_server/drsuapi to dsdb/samdb.
      r11272: In trying to track down why Win2k3 is again rejecting our PAC, ensure
      r11273: Initialise the new server_info->logon_server element.
      r11282: Fix memory leak in LOCAL-PAC test.
      r11287: Understand the new behaviour of the LSA pipe on ncacn_ip_tcp in Win2k3 SP1.
      r11288: Fill out LSA LookupNames4 and LookupSids3, including a server-side
      r11289: Fix comment.
      r11290: Make it clear that Heimdal is always included, no need for the test
      r11291: Fix implementation of LookupNames4.
      r11293: Use the right search when forming the data for the PAC.
      r11294: Update Heimdal in Samba4 to lorikeet-heimdal (which is in turn updated
      r11297: Move the RPC-SCHANNEL test to using the credentials system for
      r11298: Consolidate the 'short' samlogon tests, and move to using the
      r11310: Free the 'if_relevent' portion of the PAC when we build it.
      r11312: Make it clear we are looking at the 'domain ref', not the domain
      r11313: Typo
      r11314: Use a patch from lha to have the kerberos libs extract the PAC, rather
      r11315: Sorry gd, I just removed all of your code that I just merged...
      r11316: Kill off a bit more of the old secrets system...
      r11317: An ugly hack to setup the global gssapi_krb5_context early, when we
      r11321: Fix typos in warnings.
      r11322: Start moving towards using the cracknames code in the KDC.
      r11325: Fix up some kerberos notes.
      r11333: Push service principal lookups into the cracknames code, rather than
      r11334: Print error status in debug.
      r11339: Fix the build by adding the serviceprincial name cracknames helper.
      r11342: Remove unused variables.
      r11348: Fixes for 'net join':
      r11349: Actually add all the new spns...
      r11350: Add some debugs to assist tracking down kerberos issues in future.
      r11351: Another add-hoc test.
      r11352: Add newly discovered (via the radiator lists) flags for controlling
      r11355: Test for error returns when we don't specify the newly discovered
      r11356: More cracknames work. This copes with a lookup for a
      r11357: Add more standard 'servicePrincaipalName' entries to our host account
      r11358: Ensure domains are always upper-case as well.  Helps NTLMv2.
      r11359: More lovely cracknames tests...
      r11360: Pass down a flag indicating that this is an 'old password', and to
      r11361: Test user at DOMAIN userPrincipalNames
      r11366: Pass around the flags which indicate if we should support plaintext
      r11367: Ensure to intialise the new logon_parameters (0 for session setups).
      r11370: Samba4 now passes it's own RPC-SAMLOGON test again.
      r11371: Fix the ntlm_auth build.
      r11372: Now RPC-SAMLOGON works, place it into the default 'make test'.
      r11373: Handle an apparent alias in NBT ntlogin replies.
      r11374: On request from VL, put the plaintext auth patch in.
      r11393: Avoid error messages and get more correctness with long plaintext passwords.
      r11394: Allow KDC unreachable as another 'forget about gssapi' error on SPNEGO.
      r11399: Add another case where we need to fallback, if the KDC isn't there.
      r11401: A simple hack to have our central credentials system deny sending LM
      r11402: In response to comments by volker, expand our Netlogon DsRGetDCName
      r11404: Another torture test and a new WERR.
      r11405: Ensure we can never have secret4 be uninitialised.  Found after
      r11406: Clean up uninitialised value warnings found by -01.
      r11407: Push 'recreate account' logic into libnet/libnet_join.c.  We don't
      r11409: The use of 'password server = ' here is still bogus, but for now at
      r11410: Fix rejoin as a BDC by modifying, rather than trying to recreate, the
      r11411: Add to Samba4 the Samba3 patch I just posted for machine account
      r11412: These comments may not be much, but my eyes scan code with even
      r11413: More comments, plus always check (and update) the credentials chain,
      r11414: Add passing around of logon_parameters to Samba4 auth_winbind
      r11437: Fix (valid!) use of uninitialised value warnings.
      r11438: Move enum samr_RejectReason into misc.idl so I can use it in a global
      r11439: Make presedence on strcmp comparison clear, and fill in
      r11440: Actually check the right thing for 'is this a machine account' (thanks metze).
      r11441: Remove the auth_domain module from Samba4, as we will only do things
      r11442: Don't use BASE-NEGNOWAIT any more.  It is a mostly meaningless test.
      r11452: Update Heimdal to current lorikeet, including removing the ccache side
      r11453: Fix warning, for a case that just can't happen.
      r11462: Fix the build:  somehow I lost the header for this samba-specific hack.
      r11466: Clear up some memory leaks in smbclient.
      r11468: Merge a bit more of init_sec_context from Heimdal CVS into our
      r11469: Fix typo, and use the correct (RFC4120) session key for delegating
      r11470: To a server trusted for delegation (checked for in the gss libs),
      r11471: Describe how kerberos forwarding works with the ntvfs.
      r11477: This seems really nasty, but as I understand it an attacker cannot
      r11497: Don't name parameters 'floor'.  Rename fl and floor to epm_floor for
      r11512: fix typo
      r11513: Add the ability to use the local machine account instead of a static
      r11514: Fixup debug message
      r11520: indent
      r11521: Add in client support for checking supportedSASLmechanisms, and then
      r11522: Add support for delegated credentials and machine account credentials
      r11523: Working towards having Samba3 join Samba4, this allows the SASL
      r11524: More work on our hdb backend in the KDC.
      r11525: Move lookups (including the attribute search) for users from
      r11529: Disable DNS lookups for forwarded credentials, unless really, really
      r11536: Add a hook for client-principal access control to hdb-ldb, re-using
      r11537: Make the authsam_account_ok routine callable by external users (the KDC).
      r11538: More notes on things we need.
      r11540: Some notes to myself on RFC complience.
      r11541: More logical (I think...) delegation semantics.
      r11542: Add the netbios name type.  We will need it when we start to handle
      r11543: A major upgrade to our KDC and PAC handling.
      r11544: Allow delegation in a Samba4 realm.
      r11545: Remove old #define.
      r11568: Debuging aids: Let the administrator know when a key/entry expired,
      r11572: Add support for accountExpires and password expiry (should cause the
      r11928: More Kerberos musings...
      r11929: Add static, comments.
      r11930: Add socket/packet handling code for kpasswdd
      r11931: Add a short README explaining what this directory is all about.
      r11940: Love has clarified why this code does what it does.
      r11987: Clarify the accountExpires behaviour in the KDC.
      r11988: Setup the sessionInfo just before the connect, rather than earlier
      r11989: Rather than grabbing the machine account details at this point, grab
      r11990: Set the password set time as 'now', so it isn't expired back in 2004.
      r11991: Null termainte the list of backends.  (Makes it easier to walk the list).
      r11992: Potentially allow SPNEGO to be disabled (as occours on WinXP
      r11993: As well as making an in-MEMORY keytab, allow a file-based keytab to be updated.
      r11994: This function no longer needs a special declaration.
      r11995: A big kerberos-related update.
      r12000: Update to current lorikeet-heimdal, including in particular support
      r12035: Fix memory leaks in the KDC.
      r12036: Fix more KDC memory leaks (and there are probably still more...).
      r12037: Fix malloc corruption caused by double-free(), where realloc(ptr, 0)
      r12056: Some clarification fixes for the keytab code, and use the right
      r12058: Set an anonymous fallback, if the machine account isn't available.
      r12059: Use random keytab names (so we get different keytabs, rather than
      r12060: Work towards allowing the credentials system to allow/deny certain
      r12061: Add missing file to previous commit.  This provides a hook on which to
      r12062: SASL negotiation now requires a gensec_security context, so that we
      r12178: Make ldb_ildap work against localhost again, by setting the event
      r12179: Allow our KDC to use LDAP to get to the backend database.
      r12227: I realised that I wasn't yet seeing authenticated LDAP for the ldb
      r12232: I hate SWAT code being outside 'source'.  Add in code to push the
      r12252: With this change (hack) we can now do an provision onto Samba4's LDAP
      r12267: Try to avoid segfault in kerberos libs, because we talloc_free()'ed
      r12268: Use transactions to ensure that the schannel db is consistant.
      r12269: Update to current lorikeet-heimdal.  This changed the way the hdb
      r12310: Link simple bind support in our internal LDAP libs to LDB and the
      r12320: Add command-line processing hooks for simple bind DN, and password callback.
      r12327: ENT_TYPE_ANY isn't used anywhere in Samba4, so don't implement it in hdb-ldb.
      r12360: Add simple bind support into our LDAP server.
      r12361: Add a new function: ldb_binary_encode_string()
      r12362: Along with a cracknames change in the previous commit, this should
      r12373: Add RPC-JOIN as a test to always run.
      r12381: Try not to segfault on an anonymous LDAP bind, and map to a guest login.
      r12382: Ensure to return OK on anonymous mapping.
      r12383: Fixes for Apple's AD client.  Don't segfualt in the KDC, and they
      r12384: I can't spell...
      r12411: Add 'net samdump keytab <keytab>'.
      r12421: Handle the case where we are a joining as different account types far better.
      r12422: Some kerberos comments and clarifications.
      r12423: Remove DEBUG(0) printouts in favor of more information to the caller.
      r12427: Move SAMR CreateUser2 to transactions, and re-add support for
      r12430: Clarify libnet_join code. Add/fix comments.
      r12432: Re-indent and consistantly cancel the transaction.
      r12433: Add comment describing this function.
      r12436: Fix Samba4 as a server to Win2000 for the domain join.
      r12439: No need to keep walking this list if we find the match.
      r12502: A bit of work on the RPC-SAMR torture test.  Prove that ridToSid is
      r12503: This function was just too simple to leave unimplemented.
      r12504: Fix one more transaction cancel bail-out path, and correct comments.
      r12505: Cope better with NT_STATUS_PASSWORD_RESTRICTION (due to minimum
      r12506: Fix up issues shown up by the expanded RPC-SAMR testsuite, and add ldb
      r12507: This file has had my grubby paws all over it ;-)
      r12533: Get the ldb.errstring() out to the user on failure.  It helps a lot
      r12534: Make the transaction code fill the error string on failure.
      r12538: Clarify why we are doing the delete here.
      r12540: Provide more information in the ldb error string.
      r12553: Steal the error string onto this context, so that the caller doesn't
      r12594: Jelmer pushed some proposed header reductions to the list today.  This
      r12595: There was no comment on the mailing list, so kill the 'ldapsrv:samdb'
      r12596: This variable is unused.
      r12597: One less void *
      r12598: Make the 'objectClass' part of the templating process actually work.
      r12599: This new LDB module (and associated changes) allows Samba4 to operate
      r12600: Add a new module to sort the objectclass attribute on store.  The
      r12601: Syncronise both copies of dlinklist.h.
      r12625: More 'useful' names for the DNS zone.
      r12627: This magic comment keeps minimal_includes.pl from suggesting the
      r12629: Add a comment so minimal_includes.pl doesn't try and remove this.
      r12630: Remove attributes which should be automaticly generated.
      r12631: Now we have fixed the provision script, we don't need to work around
      r12632: Build fixes from Brad Hards <bradh at frogmouth.net>
      r12681: Allow an entry to have no kerberos keys.  This occours when an entry
      r12682: This patch finally fixes our kpasswdd implementation to be compatible
      r12683: Fix declaration and initialisation placement.
      r12684: A better error code for SAMR transaction failures.
      r12685: Add comments on builtin LDAP and KDC.
      r12686: Push the real SASL list into the rootdse.
      r12687: Push the real list of supported GENSEC mechanisms out on
      r12708: This is equivilant, but doesn't cause a warning.
      r12710: Fix socket_wrapper: Make sure to fill in the socket family on the
      r12716: Tridge points out that the request argument to ldb_next_request must
      r12717: Always compile the skel module, so we know when we break it.
      r12718: We don't use unicodePwd directly any more.
      r12719: Rename unicodePwd -> sambaPassword.
      r12720: By metze's request, rename the ntPwdHistory attribute to
      r12728: Revive testparm.
      r12729: Implement the --section-name option, for dumping only one section.
      r12730: Reimplement --parameter-name, and bring in common samba options.
      r12731: Simplify and re-implemenet support for --parameter-name=foo
      r12732: This option does nothing.
      r12738: Use a talloc_reference to ensure this doesn't get free()'ed too early.
      r12739: Add support for using credentials in the provision process.
      r12744: For correctly written scripts, we don't need this anymore.  Only use
      r12746: An initial version of the kludge_acls module.
      r12747: Add a couple more token tests, used by the kludge ACL module.
      r12749: Fix the newuser script.
      r12750: Clean up more asn1 generated files (pointed out by <HotaruT>).
      r12751: Another make clean fix.
      r12752: Clean up compile_et and asn1_compile as well.
      r12753: Try to fix the build after a 'make clean'.  (the wildcards will not
      r12762: Simo correctly asked that the policy logic (which attributes contain
      r12763: Oops.  If you call ldb_search from within an ldb module's search
      r12782: Don't segfault if we cannot setup messaging.
      r12804: This patch reworks the Samba4 sockets layer to use a socket_address
      r12807: I'm wondering if this might fix AIX on the build farm...
      r12808: Actually, with that we can avoid roken compleatly.
      r12813: Remove unused file to avoid confusion.  We now go via the auth
      r12816: Ugly hacks to the auth_unix code to make a SYSTEM token for root.  If
      r12817: Create a ESP variable with the struct socket_address * in it, so we
      r12818: When denying an operation, include what we think the username is in
      r12819: Fix swat authentication again.  We need to pass the socket_address
      r12820: Remove duplicate entry caused by merge.
      r12821: Fix typos.
      r12822: Given that talloc gives us this extra level of safety, use it.
      r12823: Fix up the provison and newuser code in SWAT.  This also cleans up the
      r12824: Another typo.
      r12826: The base DN is very tied to the realm.  Allowing it to be changed here
      r12858: This moves the libnet_LookupPdc code to use a GetDC request to find
      r12859: Make Samba4 match the Samba3 winbindd interface.  trunk has moved too
      r12860: Remove unused function.  (we handle this in the password_hash module).
      r12861: Cope when we are not supplied the messaging context.  This is just
      r12862: Need to trim spaces off the end of the node status reply.
      r12863: As lha suggested to me a while back, it appears that the
      r12864: Fix valgrind errors in NET-API-LOOKUP* tests.
      r12865: Upgrade the librpc and libnet code.
      r12866: This removes the abstraction layer in winbindd intended to deal with
      r12867: Remove deleted header.
      r12868: Remove unused code.  This has moved to libcli/finddcs.c.
      r12869: I have removed this hack.  We now just do the lookups (netbios for now).
      r12872: Add some more detail to debug message.
      r12873: Fix valgrind-found uninitialised value.
      r12874: Try to give the startup a few more seconds, so that hosts with
      r12881: Hard-coded defaults are silly.  We have smb.conf for a reason.
      r12882: Allow the netbios name to be specified at all times.
      r12883: Fix the build...
      r12886: Rename 'secure_channel_type' parameter to domain join as 'join_type'.
      r12887: Add the icon from samba.org to SWAT.
      r12891: We no longer manually set the 'name' attribute.
      r12892: Add a 'Migrate from Windows' page to our installation section in SWAT.
      r12893: Filling in *error_string is critical for SWAT, as the errors otherwise
      r12894: Add more detail to error messages.
      r12895: Error strings save lives.
      r12902: Fix 'make quicktest'.
      r12903: Factor out a new routine libnet_RpcConnectDCInfo, to both connect to
      r12918: Don't tell the user the difference between 'no such user' and 'wrong
      r12919: Ensure we never 'extend' the session key length, or fill in past the
      r12926: Syncronsise GUIDs on users and domains from the server.  These also
      r12927: Fix typo.
      r12928: This patch improves the interaction between the vampire and provsion code.
      r12929: Fix more implict global and shadowing variables.
      r12930: Fix ADS join:  I wasn't filling in the flag 'realm' variable any more.
      r12931: Remove some prefixes.  We have:
      r12943: Generate a SID for the domain join account using the modules, rather
      r12944: Update scripts in setup to match changes in the provision.js
      r12945: Try to move closer to getting Samba3 import working again.
      r12976: Patch from Brad Henry <j0j0 at riod.ca>:
      r12979: Grr, I forgot to commit this file (from Brad Henry's libnet_site
      r12995: Don't allow overrides on "name" from above, as it can't be correct.
      r12996: Restrict this search to domain objects.
      r12997: Feed the right event context to libnet in ejsnet and the auth code.
      r12998: A big update to samldb.c
      r13018: Fix (correct) warning about mixing C/js interface function types.  I
      r13019: Again protect us against format string mismatches, with the new split
      r13031: A first stab at some release notes.  Much work needed.
      r13033: Thankyou very much to Brad Henry for fixing up many aspects of the
      r13034: A couple of clarifications on the release notes.
      r13103: Walk the names in the node status request, so I can find a server
      r13104: Migrate and set secrets keytab values in the 'net join' code.  This
      r13107: Follow the lead of Heimdal's kpasswdd and use the HDB (hdb-ldb in our
      r13144: This seems to be required for Samba4 to talk to Samba4, and to get the
      r13149: DEBUG is a bad choice for 'net', it should print to stderr
      r13150: Correct comment.
      r13152: Jelmer assures me that this won't break anything, but does make it
      r13153: Try to move closer to FHS.  This probably breaks everything...
      r13203: Make this comment clearer.
      r13204: Remove extra newline we don't need.
      r13205: Add another useful comment.
      r13206: This patch finally re-adds a -k option that works reasonably.
      r13207: Use the new API for using/not using kerbeors in hdb-ldb.c
      r13239: Silly little patch:  make the order of declaration match the order of use.
      r13240: Make the test scripts use the new smb.conf location (in PREFIX/etc).
      r13244: Allow control of the location of the Samba3-compatible winbindd pipe
      r13245: Don't segfault if we don't have a credentials structure on this gensec
      r13246: Print winbindd pipe location correctly.
      r13247: Try to make better use of talloc in the auth/ and auth/gensec code.
      r13250: I missed a couple of talloc_free()'s
      r13252: Cleanup, both in code, comments and talloc use:
      r13253: More work to ensure that we don't keep data on long-term contexts.
      r13256: Free temporary memory on error cases, and try to clean up what's left
      r13258: Fix the talloc heirachy for ldb_tdb.
      r13265: Clarify how delegation works with the remote RPC backend.
      r13269: ${prefix} is a special case in the autoconf/build system, and should
      r13281: Use TALLOC_CTX * not a void *, and use tmp_ctx as the name for consistancy.
      r13282: Indentation, and ensure we handle the talloc_free in the right place
      r13317: Create a new function messaging_client_init() which can be used when
      r13320: Fix kpasswd's use of the local HDB.  /dev/null was a bad idea, we want
      r13321: Bind to each interface and to the interface on the KDC.  This
      r13334: Add comments describing what these functions do.
      r13339: Propogate more error infomation into the error packet and reformat the
      r13340: The gensec_init() needs to be after the popt processing, as it
      r13341: Trivial.
      r13342: Make the GSSAPI SASL mech actually work, by (shock horror) reading the spec.
      r13344: Trust SASL to have subtle distinctions between NULL and zero-length
      r13380: Drop the socket, then try SAMR operations secured with netlogon on the new socket.
      r13381: Test the SamLogonEx SamLogon call in the schannel test.  This is only
      r13402: Make Samba4 pass a nastier RPC-SCHANNEL test.
      r13403: Try to better handle a case where SPNEGO isn't available (allow us to
      r13404: Comments, whitespace.
      r13405: Allow a fallback if SPNEGO is somehow disabled in the client, to just NTLMSSP.
      r13466: Make it easier to understand what this function actually does.
      r13467: Add new parametric options (for testing) controlling LM_KEY and 56-bit
      r13470: Thanks to a report from VL:
      r13471: With more 'try all options' testing, I found this 'simple' but in the
      r13472: After Volker's advise, try every combination of parameters.  This
      r13479: Return the joined domain SID and user SID as structures, not strings.
      r13480: Explain a little about how these credentials structures should be used.
      r13481: As far as I can tell, my changes in -r 12863 were dangerously untested.
      r13516: We can't bind to both and specific network interfaces at the
      r13551: Add an accessor function for the user sid.
      r13582: Indent
      r13583: Realise that the member server name appears in all calls that use the
      r13584: Another try at SPNEGO stuff.  I need to write a better testsuite for this.
      r13605: Use $BASEDN to ensure this works outside of the 'make test' rig.
      r13606: An attempt to fix #3525.
      r13616: Add new ldb functions: ldb_msg_add_steal_string() and
      r13850: Test (and fix) not using SPNEGO at all, but instead using raw NTLMSSP.
      r13907: By ordering things this way, we allow the password_hash module to set
      r13908: Improve the RPC-SAMSYNC test to cross-check some attributes I wasn't
      r13909: Make this code clearer.
      r13910: Fix the 'your password has expired' on every login.  We now consider
      r13911: Make these debug messages clearer.
      r14058: Try to make the continuation on the list of password set mechs clearer.
      r14180: The PAC isn't so special that it deserves a level 0 debug any more.
      r14181: This doesn't need level 1 debug, it happens whenever the DNS name is looked up.
      r14198: Update Samba4 to current lorikeet-heimdal.
      r14199: This isn't pretty, but it makes the network interface detection work again.
      r14200: Now we have real USN support, don't force the values in the provision
      r14201: I don't think including roken is going to be a good solution.  Let's
      r14202: Oops.  When removing a header, we need to replace it.
      r14203: Include less private heimdal headers.
      r14312: Formatting and comments.
      r14313: Add comments describing some of the dependencies here.
      r14494: Add comments to clarify that we deliberatly fall though here
      r14502: Supply both needed arguments for the backend logoff processing.
      r14589: This morning, I think I can spell...
      r14598: 'logfile' may be a poor choice for a global variable name, but for now
      r14635: - Remove lex.c from SVN (it is built anyway, and having it in SVN
      r14636: Print an error on torture connect failure.  (Helps with debugging).
      r14637: Extend the ACB -> userParameters flag mapping based on the ovbious connections.
      r14662: To allow the RPC-SAMR test to pass, we need to look for both domains
      r14665: More testing in RPC-SAMR.  It looks like we will probably need another
      r14671: We don't really need this in our releases...
      r14673: Don't double-free conn, it is below 'c' free'ed by
      r14700: Fix spelling, and change these informational messages to debug level 5.
      r14701: Allow, with non-default options, NTLMSSP to access the LM session key,
      r14702: Accept our netbios aliases as valid names in the SPOOLSS server.
      r14707: Initialise default value (the rest of this function sets it to 1 if
      r14708: Add a (bogus) UUID and a comment to the PAC defintion.
      r14712: Do not proceed in event of failure to obtain a policy handle.
      r14713: For testing, it is sometimes useful to specify a hostname for kerberos
      r14714: On DCE/RPC, we need the name of the remote server used on the socket,
      r14715: Correct the definition of the DCE/RPC bind_nak, per the OpenGroup spec.
      r14716: Remove username from debug message, it just causes valgrind assertions.
      r14717: Don't provision the system as 'localhost', but instead list localhost
      r15176: Ensure we don't segfault when we try and delete @FOO records.
      r15192: Update Samba4 to use current lorikeet-heimdal.
      r15199: Try to make these prototypes match, to get the build on S390 linux going.
      r15219: Look for gai_strerror in more places, so we don't conflict with the
      r15221: We don't need to have these rcsid strings in Samba's use of Heimdal.
      r15222: Use more standard UUIDs.  Should help AIX build.
      r15225: Use talloc_zero() to avoid use of uninitialised values later on.
      r15316: I don't understand quite why this function was ever like this, but we
      r15317: Because LDB is now async, there are more places were we might run the
      r15329: I'm sick of this patch being in my local tree...
      r15330: Add comment for IBM checker.
      r15356: Remove unused 'flags' argument from socket_send() and friends.
      r15357: Fix the build on systems without GNUTLS.
      r15372: Don't look at possibly undefined controls in failure cases.
      r15400: Move the TLS code behind the socket interface.
      r15415: Use Jelmer's new credentials 'wrong password' code to give the user 3
      r15416: Point out that this doesn't work, but for servers this old, I just
      r15420: Add a new function to print a the 'unparsed' string format for usernames.
      r15421: Correct function comments.
      r15426: Implement SPNEGO as the default RPC authentication mechanism.  Where
      r15433: Add a todo.
      r15480: Patch from lha, to ensure we don't leave a free()'ed element in the
      r15481: Update heimdal/ to match current lorikeet-heimdal.
      r15482: Don't shadow the global function pipe() with a local variable name.
      r15484: Make accept_security_context() more compatible with how Samba3 (and
      r15485: This 'fake' GSSAPI doesn't do the extra SASL negotiation correctly, so
      r15486: Ensure that our Samba3-like implementation of fake-GSSAPI is tested.
      r15491: Always initialise is_cfx (found by Valgrind)
      r15497: I'm not really sure this is correct in terms of how we should be responding to
      r15498: Initialise the callback_running field, and get the flag set/clear the
      r15499: This test can't run if the remote server won't let us open a policy handle.
      r15500: Add support for interactive prompting on bad passwords to the RPC libraries.
      r15501: Allow interactive password prompting on kerberos as well.
      r15503: I may shortly have to revert all of this, but be clearer about how we
      r15504: Revert -r 15500 and -r 15503 until I'm awake, and can get my head
      r15510: As discussed on samba-technical, move the VERSION system back to a
      r15511: Using this name causes less warnings on the IBM checker, due to using
      r15515: Syncronsise with current lorikeet-heimdal.
      r15999: password_hash module changes:
      r16007: If no error string was setup by the backend, ensure that we always get
      r16028: Re-add the objectclass module, in the new async scheme.
      r16051: Move the XATTR compatability code into a new file, so I can use it for
      r16052: Add .m4 file for XATTR detection (from ntvfs/posix/config.m4)
      r16053: Allow entries without an objectClass.  We need this to permit the
      r16056: Fix errors found by trying to use our kpasswd server and the Apple client.
      r16061: Prove that removing the objectClass list in the samldb module breaks things.
      r16062: objectCategory is a DN, and needs to be matched as such.
      r16063: Make is clearer when we can't write to the smb.conf
      r16066: The OSX AD plugin uses objectCategory searches a lot, and uses them
      r16067: Remove const, it isn't required and just causes a warning.
      r16068: Check against the correct result in the ldap.js test
      r16069: Remove unused destructor and an unused variable.
      r16072: Do basic wildcard searching in the ejs LDAP test.
      r16073: On an incoming wildcard search, it is critical that the size be
      r16082: Index objectCategory like objectClass, as it is searched on a lot.
      r16083: Make it possible to initialise a backend module, without it setting up
      r16084: Add private prototype for new ldb_connect_backend() function.
      r16085: Set the error string if we fail to find a valid op to execute.  Helps
      r16086: Ensure we can never dereference NULL pointers, and that describe what
      r16087: Fix silly cut-and-paste typo that cost me much of my afternoon...
      r16108: Fixes from working with the partition module.
      r16109: Make this module simpiler, don't intercept operations we are not going
      r16110: Start some simple rootDSE LDAP tests in ejs.
      r16125: Add another helpful utility function: samdb_msg_add_int()
      r16129: Further clean up the samldb module.
      r16159: Even more work on samldb error reporting.  Make sure to get the
      r16166: Remove hexidecimal constants from the Samba4 provision files.
      r16167: Add tests for the changes to use hex digits, including some tests
      r16168: Make the example match the actual function.
      r16172: Translate the ldb error codes into appropriate messages for the
      r16218: If a connection is forced as 'anonymous', don't treat it as
      r16226: Fixes for various segfault bugs found against a buggy Samba4.  With
      r16227: Don't segfault if the ldb_search() fails.
      r16232: Avoid searching on domainDns, as it is not an AD attribute in the
      r16234: Set the request timeout from the LDAP search.  Without this, the
      r16235: Don't update minor_status when cleaning up on error.  This restores
      r16236: Add a proper baseDN to a large number of queries.  Searching the NULL
      r16237: Use an appropriate basedn for these searches, so they occour into the
      r16238: Use a baseDN for the auth_sam searches, to allow continued function
      r16239: Search for the domain in the correct partition, so this will work with
      r16240: Add better error reporting in the password_hash module
      r16262: Another basedn fix.
      r16263: A number of these searches need to be under the partitions DN, and the
      r16264: Add, but do not yet enable, the partitions module.
      r16265: Fix 'newuser' command.
      r16489: Because the torture/ui.h file isn't automaticly generated, the
      r16768: Add a simple script to set a user's password.  This should grow into a
      r16769: Working on fixing the RPC-SAMR test against Samba4.  This fixes
      r16770: Get closer to having Samba4 pass some of the RPC-SAMR test, by
      r16771: Add const and some better debug messages.
      r16772: Clarify comment.
      r16773: Fix one more RPC-SAMR test (an alias level), and make it clear that
      r16774: This patch modifies the tdb API to allow the logging function to be used
      r16794: Make Samba4 pass it's own RPC-SAMR test, at least in part.  There are
      r16795: Fix crash found by Dave Fenwick <djf at samba.org>.
      r16825: Make ldb_sainity_check() set an error string.  This makes it much
      r16826: Ensure we don't segfault if the remote server fails to set a password
      r16827: Factor out some code into common samdb functions:
      r16828: Add RPC-LSA as a test that passes, and remove RAW-ACLs until someone
      r16829: Fix a number of issues raised by the IBM checker, or gcc warnings.
      r16830: Fix IBM checker and GCC warnings.
      r16831: Use a valid memory context (found by the IBM checker).
      r16832: I should be more careful (and test!) when trying to make compilers and
      r16833: Add a base DN to more search calls, we need to look for an ID over the
      r16835: Remove RPC-SAMR from the test, until I can clear up the unexplained failure.
      r16846: Try not to segfault if the domain SID isn't there, or the search
      r16847: Add the parts of the SAMR test that pass back into 'make test'.
      r16850: Disable NBT-WINSREPLICATION-OWNED until it always passes (currently it still has intermittant failures).
      r16851: Put a clue in as to which domain might have failed, due to the length
      r16852: I thought we passed RPC-SAMR-PASSWORDS, but we don't.  Disable that
      r16854: Fix the RPC-SAMR-PASSWORDS test.  It failed because we allocated users
      r16858: The RPC-SAMR-PASSWORDS test now passes.
      r16860: Fix (and reactivate) the RPC-SAMR test.  We need to allow these sids
      r16908: Set an error string if we can't find a backend for an operation.
      r16914: Add more tests for the partition module.
      r16916: Implement metze's proposed changes to the tdb logging API.
      r16917: Fix compile errors found by the testing of tdb on the build farm.
      r16932: Consistanly use the macro for these DNs and attributes.
      r16933: Sort the partitions in order from most, to least specific.
      r16934: Expand the ldb test to demonstrate partition behaviour, including the
      r16936: Correct comment in this comparison function
      r16937: Add const, to make it clear that it is invalid to talloc_free() the DN
      r16938: Fix breakage of TDB on VOS (declaration after statement)
      r16961: Merge 'seperate policy from logic' changes from Samba3.  The 56-bit
      r16964: Remove extra debugs no longer required in a working KDC
      r16965: Take a better stab at comparison functions between string and binary
      r16966: Fix compile warnings.
      r16967: Test another NTLMSSP flags combination.
      r16972: Replace the sequence_number function pointer in ldb with the ldb flags.
      r17031: When I first revived the objectclass sorting module, simo complained
      r17103: Big updates to the not-yet-enabled partitions module.  It now services
      r17104: Rename function parameters and variables to avoid shadowing global
      r17167: indent
      r17168: Now that TLS (and soon SASL) is below the socket layer, we need to
      r17169: Test LDAP with testnonblock.
      r17170: Catch some more out-of-memory cases, and provide some clues when
      r17171: Add a gensec function to determine the maximum negotiated buffer size,
      r17173: Check for oversize output, not oversize input, and fix the GSSAPI mech
      r17174: Enable gnutls code, which requires the HAVE_GNUTLS CPP macro.
      r17196: Clarify that SSL is used for LDAP as well as SWAT.
      r17197: This patch moves the encryption of bulk data on SASL negotiated security
      r17215: Prepare the SASL socket before actually settting it.  This allows
      r17221: Add some integer wrap parinoia to data_blob_append().
      r17222: Change the function prototypes for the GENSEc and TLS socket creation
      r17223: In some protocols it is not possible to negoitate off some features,
      r17224: Accept the start-tls extended request.  Getting OpenLDAP to recognise
      r17225: Fix the build by fixing the spelling of START-TLS.
      r17250: Fix comment, the Samba3 winbind protocol uses the host byte order here.
      r17286: Simply fail the tls_initialise if we don't have TLS compiled in.
      r17287: Add the local_password module to the tree, so it doesn't get lost in
      r17288: Don't mess with entries in the local password prefix, and fix const
      r17289: Fix the build: I havn't commited this module yet.
      r17297: Some compilers don't seem to like the ;;
      r17298: Fix up the local_password module to the current LDB API, and build it by default.
      r17299: Improve the partition module to replicate attribute records into all
      r17300: Try to fix some segfaults in ldb_ildap module, when the remote server
      r17301: Add a new function to copy a list of attributes, while adding one to
      r17302: Testing!
      r17303: More testing results: Don't try and call a NULL callback, and use the
      r17304: Improve ldb_tdb error strings a bit more.
      r17330: Enable the partitions module.
      r17331: Oops, how did I commit this empty file...
      r17332: May as well make this a round number
      r17349: We can't just return sucess here, modules below us expect the async
      r17351: Remove extra LDB partition we don't actually use (these are in the
      r17352: Don't do a modify on the objectClasses, as OpenLDAP doesn't like
      r17368: Add 'const' to ldb_match_msg().
      r17377: This attribute is maintained by the modules, don't override it.
      r17379: Pre-generate DH parameters, to avoid doing this at runtime in our testsuite.
      r17380: An expanded test, cross-referencing the global catalog to the main port.
      r17394: Pregenerate all the files for TLS.  Make the 'make test' startup *much* faster.
      r17395: Add some more time to the default runtime.   Now 7.5 mins.
      r17396: Bump the time up again.  RPC-SAMR can slow, I probably need to break
      r17397: Add const, and use a more local memory context.
      r17411: Try and compile on older versions of GnuTLS.
      r17473: Split loading a list of modules and initialising them into a seperate
      r17474: Allow the partitions module to load modules for specific backends.
      r17499: Open the main database only the minimum times during a provision.
      r17517: Fix declaration after statement, which breaks the build on older GCC.
      r17520: If the blkid library fails, I don't see any reason to return more of
      r17522: Fix another declaration after statement.
      r17523: FIXME is a macro (I think) on some platforms (AIX), and this caused pain.
      r17524: Lets see if we can try and get the socket_wapper includes to be
      r17525: This is a merge from the Google Summer of Code 2006 project by Martin Kühl
      r17526: Move timestamp generation into the objectGUID module.  It probably
      r17527: Don't duplicate the entire test setup just to allow testing of the new
      r17528: This is an additional item of schema we require.
      r17529: Simo doesn't like the use of the internal ldb_errstring in functions
      r17530: Watching the build farm mails carefully pays off...
      r17534: Try another group for 'wheel' on True64.
      r17542: In using ldb_map, I ran across some very odd behaviours when we search
      r17543: Patch from Martin Kühl <martin.kuehl at gmail.com> to extend the
      r17544: Add execute bit to js script.
      r17545: I forgot to commit this file, a source file for the the samba3sam
      r17546: Test the loading of per-partition modules.
      r17547: Add test by mkhl for some of our variable substituion behaviour.
      r17548: It is a good idea to commit the fix (from mkhl) before the test that
      r17553: Actually enable the samba3sam module.  Should help 'make test'.
      r17577: Patch from Kai Blin <kai.blin at gmail.com>:
      r17580: Add a new tools to convert back from AD-like schema to OpenLDAP.
      r17581: Add tool to convert AD schema back to OpenLDAP's schema formatting.
      r17582: Fix dependenies for oLschema2ldif.
      r17598: Patch from Martin Kühl <mkhl at samba.org> to update the samba3sam test
      r17599: Improvements to the AD-like to OpenLDAP format schema conversion utility.
      r17600: Finish the schema conversion tool, and add a mapping file, used to map
      r17601: Fix declaration after statement.
      r17609: Kill one more use of the fake dnsDomain attribute.
      r17633: Return NULL at the end of the file, or else we can't tell the
      r17634: Kill off another case where we used dnsDomain, and point it again at
      r17639: Martin Kuhl noticed that we loaded an incorrect value for
      r17646: Use authentication if specified.
      r17661: A patch from Martin Kuehl:
      r17682: Add newline to end of file
      r17690: Demonstrate how we can read the schema to find out details needed for
      r17691: Make the structure more public, so we have somewhere for calling
      r17694: Don't use printf() in a module...
      r17698: The original code assumed that &data->context was a valid talloc
      r17699: Remove more printf calls.
      r17700: Despite our best hopes, the way module initialisation tends to happen,
      r17703: Fixes to enable the entryUUID module to work for it's objectClass ->
      r17704: Add comments suggesting how to get the LDAP backend working.
      r17705: Use the paged_searches module by default against the LDAP backend, if
      r17707: Match the output (aside from dividers) the output of
      r17870: This module (for the moment) handles the modifyTimestamp generation.  For that, it needs to hook into the modify operation.
      r17871: Add an option to make the system account behave as anonymous on the
      r17876: Require one less patch for the LDAP backend to work.
      r17925: Another class we need.
      r17954: Avoid including \n in error strings (left over from DEBUG() conversion).
      r17955: Don't search for the dnsDomain attribute, it is invented (not in the
      r17956: LSA Cleanup!
      r17967: Somewhere along the line we lost unixName here, and so lost the
      r17968: Consolidate the DSSETUP and LSA pipes into a single file, as DSSETUP
      r17982: One final hack...
      r17983: Use the UTF8-correct strcasecmp_m call for sorting these entries,
      r17986: Add a copy of the Heimdal licence to our source tree, to make it very
      r17987: Make the LSA pipe listen on the \pipe\netlogon interface.
      r17988: Add 'not for Samba4' hacks into the RPC-NETLOGON torture test.
      r17989: Add RPC-NETLOGON as a test we now run against Samba4.
      r17991: Implement a few more calls (with not implemented :-).
      r18021: Add ldapi support to our LDAP client.  To be used for testing an
      r18022: Increment number of records converted, and print number of records skipped.
      r18023: Add support infrusructure for testing against an OpenLDAP server.
      r18024: The %c sscanf format I'm using doesn't null terminate.
      r18025: Don't try to set a target host if there isn't one (such as with ldapi://).
      r18068: This splits the handling of multiple SASL packets between the GENSEC
      r18072: Really delete things in the base partition, after we changed where the
      r18155: Add my work in progress, a module to link with Cyrus-SASL, for a
      r18198: Fix callbacks to use allocated or constant memory, not the stack.
      r18240: Make it clearer when we store the plaintext password.
      r18242: The cyrus-sasl encode/decode routines process the entire input.
      r18245: Ensure we don't keep the rootdse record around (steal it onto the
      r18246: Let our openldap slapd.conf include the magic to have DIGEST-MD5 on
      r18248: Bail out with a error message if this search fails for some reason.
      r18249: Keep trying to start an GENSEC mech from the list until one actually
      r18250: Add an ordering of GENSEC modules, so we do preferred modules first.
      r18252: Make sure to NULL terminate these lists of attributes.
      r18253: Turn Cyrus-SASL DIGEST-MD5 off by default for now.
      r18255: Remove the SMB_ASSERT(), as these are not talloc()'ed structures.
      r18257: Order the GENSEC modules, with unknown modules last.
      r18354: It seems safe to enable the DIGEST-MD5 module now.
      r18357: Convert more crypto tests from using function results as initialisers.
      r18361: Invert the way we handle LookupSids2/LookupSids3 and LookupNames3/LookupNames4
      r18362: Make LookupSids map onto LookupSids2, as they both take a policy
      r18363: Found a rather nasty bug in our fragment handling.
      r18364: Get us closer to schema compliance.  The corrent names for "secret"
      r18365: When adding a new structure member, always remember to fragment it.
      r18367: When converting to entryUUID, ensure we don't double-convert a
      r18368: Don't list GENSEC mechs that only have client implementations in our
      r18408: Only output a message if the async request fails.
      r18409: Make sure to print a DEBUG message if this LDB search fails.
      r18410: Reduce noise in the ldb_ildap backend.  We regularly search for things
      r18416: We need to look for both builtinDomain and domain, in the OpenDomain call.
      r18433: Make sure to search below the partitions baseDN for the netbios name.
      r18434: Fix typo...
      r18441: Allow searching for the high bit in these bitfields, when the client
      r18459: Set access to test LDAP server as system to anonymous, but also note
      r18495: More work on the LDAP backend (which now passes a lot of our tests!)
      r18498: While passing stack values into torture_tcase_add_test is bad, values
      r18504: Handle mappings for RENAME and KEEP attributes better.  We don't need
      r18770: Avoid crashes and fix up other issues in the client-side paged_searches module.
      r18774: This allows an automated way to setup the test environment in a shell,
      r18775: Performing an ldb op of 'do nothing' is pointless, and breaks against
      r18779: Not simo's fault, this is actually a bug I introduced a week ago, when I fixed the previous bug in this code.
      r18781: Move the usnCreated and usnChanged handling around again.
      r18786: I moved the usnChanged code around, and it now loaded in a different
      r18826: Allow 'enterprise' principal names to log in.
      r18827: I forgot to commit this:
      r18828: Export some more useful environment varibles, particularly for use in
      r18829: Print a nice welcome message when we enter the test environment.
      r18933: Add helpful emacs marker
      r18977: Seperate these asserts, so we know which fired.
      r18978: Fix bug found by:
      r18979: With these extra indexes (also added for the normal case) and a
      r18989: Fixes found by these two LDAP testsuites:
      r19115: Add the mapping required between Samba4's AD schema OIDs and what
      r19216: Merge from SAMBA_4_0_RELEASE:
      r19217: Merge from SAMBA_4_0_RELEASE:
      r19225: 30 seconds is too short for a Samba4 provision to finish.  Make the
      r19258: Don't delete the contents of the partitions twice, and in particular
      r19261: Fix use of unitialised variables.  (The binding string is used, if not
      r19262: Don't DEBUG() an unitialised variable
      r19264: Clarify behaviour in ldb_search_callback() and provide more
      r19265: It is not an error to set the target hostname to NULL.
      r19266: Add a target_hostname element to the binding struct.  This allows us
      r19308: Merge samsync fixes from SAMBA_4_0_RELEASE
      r19309: Split out checks for LDB_SUCCESS from checks for the expected number
      r19310: Add another conflicting oid
      r19311: Try to keep the schema map files fairly similar (hope for less weird bugs).
      r19315: Record some OID allocations.
      r19318: Because we don't test the vampire code in SWAT very regularly, it bit-rotted.
      r19321: Merge from release branch:
      r19336: Merge from release branch: new Mapped OIDs, in own subtree.
      r19462: This isn't an encrypted attribute.
      r19463: Make it clear what argument is incorrect
      r19464: Reject passwords that cannot be converted into UCS2.
      r19465: Rather than use the non-standard API for determining the signature
      r19478: Remove unused functions, and make static functions used only in this
      r19479: Remove more unused functions.  These are handled via authentication
      r19520: Try not to read past the end of the ldb buffer.
      r19521: Fix memory leak.
      r19522: Remove gensec and credentials dependency from the rootdse module (less
      r19523: Remove unused functions.
      r19538: This is getting silly, but I needed an easy way to run 'make testenv'
      r19566: Predeclare some useful structures.
      r19567: Make it easier to control the debug level in the test scripts, by not
      r19568: When we get back a skew error, try with no skew.  This allows us to
      r19589: Because we what we really wanted was coverage of seal and non-seal,
      r19590: Make it less noisy to run the session_key test outside 'make test',
      r19595: Seperate debug messages between database failure and simple lack of
      r19597: Ahead of the merge to current lorikeet-heimdal:
      r19598: Ahead of a merge to current lorikeet-heimdal:
      r19603: Make it easier to control the debug level of smbd.
      r19604: This is a massive commit, and I appologise in advance for it's size.
      r19606: Remove generated files
      r19628: This hint via Love at the IETF meeting:
      r19629: No need to special case use of DCE_STYLE sign and seal away any more...
      r19632: This got missed in the heimdal merge.  Without this, we don't keep the
      r19633: Merge to lorikeet-heimdal, removing krb5_rd_req_return_keyblock in favour of a more tasteful replacement.
      r19635: It appears that under CFX, different keys are used in each direction
      r19644: Merge up to current lorikeet-heimdal, incling adding
      r19649: Fix indentation.
      r19650: Allow Samba to use Heimdal's SPNEGO code.  Currently this can only
      r19660: Forgot to tell gsskrb5 not to canonicalize hostnames.  Shoudl fix
      r19681: Update to current lorikeet-heimdal.  I'm looking at using the realm
      r19682: Fix comments.
      r19683: Guard GUID_from_string from walking off the end.
      r19731: Modify the ldb_map infrustructure to always map from requested
      r19732: The 'res' from ldb_search is only valid if the call returns LDB_SUCCESS.
      r19733: More work to fix ldb_map.  With the wildcard present,
      r19757: Don't do the strrchr twice.  Pointed out by Martin Kuhl.
      r19759: Allow a join to occour against ncacn_ip_tcp again (useful for torture
      r19760: Create a DC account for the drsuapi tests to work on, rather than
      r19761: This may need work, but here is an initial implementation of
      r19805: Add the (harmless, but apparently default)
      r20099: Add some comments, and correct others.
      r20102: Do not reference remote_ldb before we initialise it.  This should fix
      r20113: Update the DRSUAPI CrackNames test to explore a few more cases, and in
      r20134: The IBM Checker correctly notes that *p cannot be \0 and still satisfy
      r20149: Remove the smb.conf distinction between PDC and BDC.  Now the correct
      r20152: Commit missing files from last night's commit.  We no longer maintain
      r20294: Without this we don't do the ADS join against Win2k3 SP1
      r20295: Add a couple more tests to the CrackNames test.
      r20297: Finally got to the bottom of why we were failing the RPC-CRACKNAMES
      r20314: I think some hosts need this to get the right ASN1 header deps
      r20315: Implement the server side of DsGetDomainControllerInfo.  This is a
      r20352: Use the common function to find the DN for a domain.
      r20353: Restructure the DRSUAPI DsGetDomainControllerInfo test, because as
      r20354: Trusted domains don't have a surname, I think we want 'cn' here.
      r20369: Remember to break if we find a match.
      r20373: When adding a base to a "" DN, don't precede it with a comma (,)
      r20374: It's still 2006 (just...).   Add copyright.
      r20375: Work to improve our CrackNames implementation.
      r20377: Rework the CrackNames implementation to handle some of the BUILTIN sid
      r20395: Decode more unknowns in the IDL.  These are language and codepage IDs!
      r20396: Missed one user of the renamed elements.
      r20397: Another user of the DsCrackNames call needs a rename following IDL clarification.
      r20398: Revert this patch, which caused failures in the samba3sam.js build farm test.
      r20406: Metze's change in -r 19662 broke Kerberos logins from Win2k3.
      r20455: Apply some of the patches from Martin Kuehl <kuehl at univention.de> to
      r20456: Rename variables to avoid shadowing global function names.
      r20457: Print more information before asserting
      r20458: This data is invalid, and causes the samba3sam test to fail, because
      r20459: LDB map cleanup:
      r20460: Simplfy the handling of password hashes in the samba3sam module.
      r20464: Make it clear what does the process group stuff
      r20467: Don't segfault if we don't have an OID map
      r20468: Patch from Martin Kuehl <kuehl at univention.de> to make it easier to load
      r20492: Add in instructions/sample LDIF to setup Fedora DS as a backend.
      r20493: Add support for the 'Netscape' varient of GUID formatting, used in the
      r20494: Dave CB <davecb at spamcop.net> found some stray characters in the docs,
      r20495: Further notes on joining with fedora DS.
      r20505: I had the wrong ldif name here.
      r20622: Add in a hack to avoid permitting searches on the value of protected
      r20639: Commit part 1 of 2.
      r20640: Commit part 2/2
      r20642: This bit of autoconf causes us pain.  Revert back to how we had things
      r20643: Remove generated files accidentilly committed.
      r20645: Commit the build system changes to allow scripts in config.mk files.
      r20648: Closer to a build...  Add missing header file.
      r20949: Looking over some lcov output, try and walk some error paths.
      r20958: Inspired by the lcov output, check the PASSWD_FILE and
      r20964: Show the domain name we figured out, rather than a null pointer (in
      r20984: Try to ensure we can't have sig_state dissapear before se.
      r20988: Call out to Heimdal's krb5.conf processing to configure many aspects
      r20997: Add in more certificate and key blobs, to enable PKINIT.
      r21008: We added a new argument to the provision() function, but I forgot to
      r21022: Trying out a new style for some of our WHATSNEW and README
      r21023: Brad Henry pointed out some typos.
      r21026: Add a helpful script to do the things we need to do to make a release
      r21027: Print the name we fail on.  I need to fix Samba4 to pass this.
      r21039: Test some more failure paths (trying to increase the lcov score).
      r21043: Work towards allowing Fedora DS to backend Samba4 in 'make test'.
      r21068: Code to configure, start and stop Fedora DS.
      r21069: Try to split up the mktestsetup.sh script into parts to deal with each
      r21071: Move some of the key path variables into the mk-keyblobs.sh script.
      r21103: This seems to do the 'right thing' in applying the correct access
      r21135: Instead of having hooks to update keytabs as an explicit thing, update
      r21175: Fix the kerberos keytab update code to handle deletes.
      r21179: Anything more complex than this causes the keytab never to be updated...
      r21255: Add a debugging option to avoid rid decryption in the samsync output.
      r21305: Change the skel module a little, so make it names clearer.
      r21491: Verify that the DNS domain name is filled in on GUID searches in the
      r21496: A number of ldb control and LDAP changes, surrounding the
      r21497: Pass more of the RPC-CRACKNAMES test by using the new search_options control.
      r21513: I don't know how long this has been wrong, but fix this up so we can
      r21553: Remove bogus comment.
      r21554: Use a snippet from tridge's junkcode to cause us to wait for smbd to
      r21649: Update self test scripts to start Fedora DS.  This requires current
      r21686: Do enable TLS, as we have solved the key setup problems, and we need
      r21687: Always test LDAP and LDAPS
      r21689: Try to walk a bit more of the param/loadparm.c functions, as well as
      r21692: Test with LDAP, but without the non-block testing.  This is not
      r21693: Fix the RPC-SCANNER test.  Share some code with the RPC-MGMT test to
      r21696: Run the RPC-COUNTCALLS test to try and walk some of the NDR layer for
      r21697: Try to cover the 'bad session key' codepaths too.
      r21698: Check for talloc failures.
      r21699: Because TALLOC_CTX is a void*, I didn't get a compiler warning about
      r21719: Try to cover more of the server-side password processing.
      r21720: Try to make 'TEST_LDAP=yes make test' work again.  These recent
      r21721: Push the 'Success!  Your new directory server instance was created'
      r21727: Walk some more of the error branches in the ChangePasswordUser server.
      r21728: Perhaps we don't need this on recent OpenLDAP servers.  This overlay
      r21736: Fix the smbclient test to do something more interesting with the last
      r21737: Print the error strings in the ejs ldb test.
      r21739: Make it easy to change the log level for the slapd processes, and have
      r21741: Like starting smbd, ensure we have acutally started slapd, and it is
      r21743: Always use the 'escaped' LDAPI path.
      r21744: Test more talloc failure cases.
      r21745: indent
      r21746: We don't link in this file any more.
      r21751: These 2 tests pass for me, so add them to the standard test script.
      r21760: Try to pin down were some errors are coming from.  Ensure we at least
      r21761: - Give more detail on LDAP client library failures (make it clear
      r21771: We just don't need to test this on more than one transport.
      r21789: We do actually need this, to get a contextCSN attribute, which we need
      r21790: Setup the socket_wrapper_dir when we set the environment variable.
      r21791: This test is still just as valid without as much CPU time wasted.
      r21806: I've been working over the last week to fix up the LDAP backend for
      r21836: Assume that if an OpenLDAP system is 'modular' then everything is a
      r21970: Ensure that Fedora DS can be shut down correctly with the stop script:
      r21971: Fill in some more values in config files from variables, so we can
      r22075: Configure the bitwise match plugin, until it becomes accepted upstream.
      r22076: Fill in short and long domain names into the generated krb5.conf
      r22086: Bail out early on some of these failures.
      r22088: export PIDDIR to make the smbd pid show in 'make testenv' again.
      r22115: I don't like the DOMAIN environment variable.  It really isn't a good
      r22116: Only query by SID if we have a SID
      r22118: Add another RPC-CRACKNAMES test, but allow a way to skip sub-parts of
      r22119: Where we get a request to 'crack' a user principal name from a
      r22120: Expand the RPC-CRACKNAMES test, to test more values and expose patterns.
      r22121: The RPC-CRACKNAMES test now passes against Samba4.  This should help
      r22160: Only use test environment names that actually exist (get make
      r22161: Clarify exactly where the socket_wrapper should be handled (early),
      r22162: get the TEST_LDAP mode working again
      r22166: Stop heimdal from trying to prototype innetgr in roken, now we don't
      r22167: This seems to get Fedora DS to run the tests again.
      r22168: Ensure we actually run all the transports for the slow tests
      r22170: To get the smbclient blackbox test to pass again, we need to get the
      r22171: At least walk over the test_SetupCredentials2 before bailing as 'we
      r22176: Make the LOCAL-MESSAGING test pass again.  Messaging sockets are in
      r22177: Restore the PIDDIR mapping for the client 'pid directory', as this is
      r22180: Re-add testing of the CIFS backend.
      r22182: Skip a few tests that will not pass against the ntvfs/posix layer,
      r22183: Perl might not be in /usr/bin/perl, so use $(PERL) from the makefile
      r22184: On some hosts, parsing a compleatly invalid principal causes heimadal
      r22187: Test kerberos logins in the smbclient blackbox tests, including with a
      r22191: Add a samba4kinit binary to the build, so I can test using an existing
      r22208: Print the target principal name, to help with kdc unreachable errors.
      r22233: Allow 'REALM' as a global environment variable in the tests.
      r22235: Test kinit, and PKINIT functionality by means of a new blackbox test.
      r22236: Update to Heimdal's socket_wrapper, which supports IPv6.
      r22238: Because these utilities compile in socket_wrapper.ho, they may need
      r22284: Make this script executable
      r22288: Somehow, Jelmer lost a few capital letters.  I'll send him a new batch.
      r22290: Fedora DS is incredibly picky about newlines...
      r22292: Start the LDAP server inside the same fifo as smbd, as OpenLDAP (like
      r22293: Try to make it more clear what failed to parse.
      r22294: Lock the delegated credentials to being kerberos only, we just don't
      r22295: Use delegated credentials and kerberos to test the pass-though
      r22322: Cut timelimits for BENCH tests run in quicktest.
      r22333: Use kerberos and the ntvfs/cifs backend for just one test, in the
      r22427: Abort in a few more cases of failure to provision.
      r22443: It isn't fatal to get the case wrong on this stuff.
      r22474: If ldb does not return sucess, then the res variable may not be valid.
      r22475: Rather than segfault, show the name of the malformed entry.
      r22476: The OID match is used very oddly in AD, as it is often used for fields
      r22477: When an invaild base is specified to ldb_search, it should return
      r22478: Update the LDAP backend code to handle initialisation of multiple
      r22494: Skip subSchema again, but we will need to remap this objectClass.
      r22497: Support renaming objectclasses and attributes for the LDAP backend.
      r22498: The initial LDIF import into Fedora DS didn't work, so just push this
      r22521: Don't fail the module load just because we don't have a schema yet.
      r22522: Print why we can't find these entries.
      r22523: Give a hint why this test fails (helped debugging backend issues).
      r22531: Fix up OpenLDAP schema map to almost pass 'make test'.
      r22556: Make the slapd command valid.
      r22557: Simo has long bugged me that the paths in the sam.ldb partitions were
      r22558: Move to a static list of enctypes to put into our keytab.  In future,
      r22559: Make the ad2OLschema tool case insensitive.
      r22572: Don't manually set objectGUID values
      r22582: Cleanups towards making winbind work again.  We still have a long way to go, as this has bitrotted over the past months.
      r22594: This helped coax out valgrind errors last night, but we don't need it any more.
      r22612: Fix more cases where we have uninitialised values in the
      r22756: Make it easier to setup an LDAP replica.  Provision with
      r22838: Add in an explority test for what QFSINFO operations are valid on IPC$
      r22873: Make the RAW-QFILEINFO-IPC test pass against Win2k3.
      r22874: Expand the RPC-QFILEINFO-IPC test, and add a server implementation to match.
      r22875: We want to skip this test, it will fail unless run against IPC$ (which the pattern does not).
      r22877: Remove stray 'l'
      r22882: It seems entirly reasonable to follow metze's suggestion and check for
      r22883: Indentation.
      r22884: Be consistant with the case of these constants.
      r22921: This index saves another 7 seconds off a 'make quicktest', and is a common search operator.
      r22966: Make sure to return LOGON_FAILURE if the user's kerberos password is
      r22967: Move to the TCP packet interface for the krb5_send_to_kdc plugin.
      r22983: This should ensure that torture_create_testuser() can be called,
      r22987: Clarify how the events are handled in the kerberos code, and
      r23026: Add groupPolicyContainer, as we now require this schema element.
      r23027: Make sure the parent object always exists.
      r23028: I've now got a patch to Fedora DS to make it only install the very base schema.
      r23032: Remove calls to println(), and ensure we print the ldb errstring().
      r23034: Thanks to metze for providing some vital clues in the 'kerberos ccache
      r23035: We don't need to add this entry, and I hope to figure out how to avoid
      r23063: Make sure to invalidate the ccache when we set a
      r23064: Clarify comment and indent
      r23089: This is upstream now, so we don't need to add it manually.
      r23132: Resolve an issue where we would use the ccache after we free()ed it.
      r23133: I felt pity on Kai, as he starts work on winbind in Samba4, so I
      r23134: Set the event context onto the cli_credentials.
      r23136: Set the event context onto the credentials in more places.
      r23141: Use the finddcs() library call rather than a winbind-specific version.
      r23149: Fix up the trusted domain lookup code to use the new structures.
      r23176: Note that we only return one DC from this call at the moment.
      r23177: Add in a new provision-backend script.  This helps set up the OpenLDAP or Fedora DS backend.
      r23189: Work towards a totally scripted setup of LDAP backends, so others can
      r23191: Use the new provision-backend script to setup Fedora DS for make test.
      r23232: Add in some extra files required by the new provision-backend.
      r23233: Use the schema and basedn files generated by the provision-backend script.
      r23235: Don't do a seperate LDAP provision step.  Instead, everything we need
      r23257: Newer OpenLDAP versions don't seem to need this, so simplfy.
      r23261: Merge WHATSNEW back into the main branch.  Comments/omissions greatly
      r23262: Fix mkrelease.sh to work in the right directories
      r23264: Make it more clear what this is actually setting up
      r23281: Ensure we wipe all the right things in distclean.
      r23286: In SWAT, it was not possible to use a domain name other than the default.
      r23325: Remove items from menu that have been removed from SVN long ago, with
      r23351: Merge from SAMBA_4_0_RELEASE:
      r23361: Merge from SAMBA_4_0_RELEASE:
      r23365: Try to make Windows Vista join again.  On my new test environment, it
      r23373: Fix spelling...
      r23412: We don't need hdb.h here any more
      r23455: These buffers may not be null terminated. Ensure we don't run past the
      r23456: Update Samba4 to current lorikeet-heimdal.
      r23503: use hdb_dbc not hdb_openp.
      r23551: Change data_blob_equal to data_blob_cmp, suitable for sorting with qsort().
      r23557: Ensure that we don't reorder the objectClass list, if we don't have
      r23558: MMC seems to ask for this, so I think we need to include it in our schema.
      r23560: - Activate metze's schema modules (from metze's schema-loading-13 patch).
      r23677: When I removed data_blob_equal, I clearly didn't test the PIDL code.
      r23678: Update to current lorikeet-heimdal (-r 767), which should fix the
      r23679: invocationID is a GUID too.
      r23680: Make it easier to setup a domain member server - the 'server role'
      r23693: Give the process a chance to write out it's coverage data, before we
      r23695: By not using the NULL context for these large structures, we don't
      r23703: Start to get Samba4 to again work with LDAP backends, after I turned
      r23715: Make the provision-backend script print out the exact commands to run,
      r23716: Clarify LDAP Manager DN and fix slapd startup syntax.
      r23717: We need to remove the _ in LDAP_MANAGERPASS for the
      r23718: Make Samba4 work against the LDAP backend again.
      r23719: ejs being case sensitive, while LDAP is not is a real pain when
      r23720: Allow the member server to work against an LDAP Backend.  Another case
      r23737: Validate that we object to duplicate values in an add or replace.
      r23754: Make sure to check the status return before we de-reference the
      r23762: Fix DN renames over LDAP, and instrument the partition module.  Add a
      r23809: Don't give users the fantasy that we can control choice of GENSEC
      r23810: Make things static, and remove unsued code.
      r23811: Try to ensure struct nbt_name is always pre-declared.  Might fix the
      r23812: Remove more code found as dead by the find_static script, and make
      r23815: Thanks to Matthias Wallnoefer <mwallnoefer at yahoo.de> for pointing out
      r23816: A little more static, but leave the dead code testjoin.c as documentation.
      r23848: Thanks to derrell for pointing out that I had not finished my patch to
      r23849: ldap_server:  Provide more info in debug traces
      r23852: Merge Samba 3.2's wbinfo into Samba4, so Kai can use it for testing.
      r23859: Work to have Group Policy work 'out of the box' in Samba4.
      r23875: As pointed out by mwallnoefer at yahoo.de:
      r23880: Don't crash when we run wbinfo -a against our own winbind when we are a DC.
      r23881: A quick fix from davecb at spamcop.net to be more portable to non-GNU
      r23890: Allow wbinfo -a to work against Samba4's winbind.
      r23905: SATOH Fumiyasu <fumiyas at osstech.jp> points out that we want &&, not ; here...
      r23907: Fix bug 4790 reported by mwallnoefer at yahoo.de:
      r23912: We always accept / as a seperator, and it is far less confusing
      r23960: Don't destory the 'reason' for terminating the service before printing it.
      r23961: Allow SWAT to operate on x86_64 machines.
      r23964: Update blackbox selftest scripts to cover more code, and to more
      r23965: Add testing the 'net time' command to the script.
      r23966: It isn't great, but at least now we have some access control in SWAT
      r23982: Fix use-after-realloc() found by valgrind and mwallnoefer at yahoo.de.
      r23993: Attempt to fix bug #4808, reported by mwallnoefer at yahoo.de.  The issue
      r23994: Finish my work to ensure that non-root and non-administrator users
      r23995: Work to allow mimir's libnet code to be called from winbind.
      r24010: Fix warning for the function paramter to qsort().
      r24011: Keep the connect handle around in libnet, in case we want it.
      r24012: Remove duplicate code block (from bad merge).
      r24052: Fix some of the NT4 usrmgr.exe portions of bug 4815.
      r24053: Ensure we filter EnumDomainUsers with the supplied mask.
      r24059: Fix bug 4822 reported by Matthias Wallnöfer <mwallnoefer at yahoo.de>.
      r24060: Fix bug #4806 by Matthias Wallnöfer <mwallnoefer at yahoo.de>: We need to
      r24061: Anther part of bug #4823, which is that until now Samba4 didn't parse
      r24074: Test both permitted logon hours and permitted workstations in the
      r24075: As suggested by metze, match the behaviour of ntvfs_posix, and remove
      r24076: Make ldap.js pass against Win2k3 again (looks like we don't match AD
      r24080: Set the primary group (matching windows) when creating new users in
      r24081: Domain Controllers are also shown in this enumeration.
      r24082: Following the removal of a fanstsy condition from the SAMR testsuite,
      r24083: Don't fail the test (looking for the user in the enum) if we didn't
      r24110: I hate seeing callers manually filling in the composite context.  Use
      r24111: Untested code is broken code, untested code is broken code...
      r24112: Complete initialistion of the libnet_ctx when setting up the domain.
      r24118: Start fixing #4842 (usrmgr polcies menu not working) by removing range
      r24127: Set the Domain SID into the libnet context, and have libnet_UserInfo
      r24146: It is not an error for a Win2k3-only server not to support the NT4
      r24245: Fix bug #4828 - we need to set the samba LDB debug handler early, so
      r24246: Avoid the annoying 'probable memory leak in ldb' messages, by fixing
      r24247: Remove extra newlines from ldb_debug() calls - it already adds one.
      r24248: Attempt to fix bug #4830 by <mwallnoefer at yahoo.de>.  If there is no
      r24249: Thse generated attributes should not be pushed this far down the stack
      r24259: Rework the objectclass module to use the new schema, rather than the
      r24260: Ensure we always override any existing values for these generated
      r24261: Fix the standalone ldb build after I moved the objectclass module out.
      r24262: Set the objectCategory by default in the objectclass module, rather than using templates.
      r24263: Fix bug 4846 (unable to copy users in MMC Active Directory Users and
      r24273: Fix bug #4817 by <mwallnoefer at yahoo.de>.  (Unable to add a computer
      r24277: Tidyup as requested by metze.
      r24282: Try to fix the occasional Samba4 crash in BASE-BENCH-READWRITE, as
      r24285: A number of machines on the build farm fail because while they use
      r24286: (missed from previous commit)
      r24300: Try to get the LOCAL-EVENT test to pass on hosts with epoll() in
      r24301: The less escape characters the better.  This changes the winbind
      r24390: Another attempt to find out why we fail the LOCAL-EVENT test on some build farm hosts.
      r24459: Fix up ldap.js and test_ldb.sh to test the domain_scope control, and
      r24479: Typo fix - this makes 'make test' pass against OpenLDAP again.
      r24502: More work to get LOCAL-EVENT passing on all platforms:
      r24503: Make 'make test TEST_LDAP=yes' pass on Fedora 7, by trying more
      r24504: Try to return more useful error information on why a bind failed.
      r24566: Remove trailing newlines in ldb_debug(), these are not required.
      r24567: Try much harder not to leak memory when comparing objectCategory entires.
      r24568: Fix the build, caused by a conflict betwen mimir's work and metze's bulk rename.
      r24611: Following up on the re-opening of bug 4817 is it pretty clear that
      r24612: Revert this part of -r 24611.  This isn't related to my SAMR password
      r24613: Missed this in my recent commit -r 24611.  We don't discriminate on
      r24614: Merge with current lorikeet-heimdal.  This brings us one step closer
      r24631: Fix up format warnings, found on my Fedora 7 x86_64 workstation.
      r24633: Try to start on a set of release notes for Samba4 alpha1.
      r24640: Add a suggested BIND configuration snippit, to help with DNS configuration.
      r24648: Found out the meaning of a few more flags.
      r24655: Fix bug 4919 reported by Matthias Wallnöfer <mwallnoefer at yahoo.de>:
      r24690: Further fix to bug 4919: Ensure we don't supply a NULL URL argument to
      r24693: Test search options in ldb blackbox testing.
      r24694: Remove objectCategory entries from the setup templates.  These can be
      r24695: Now the Samba4 passes this test, remove the skip...
      r24696: Fix bug 4918 reported by Matthias Wallnöfer <mwallnoefer at yahoo.de>
      r24697: Excelent patch and detective work by Matthias Wallnöfer
      r24698: Patch from Andrew Kroeger <andrew at sprocks.gotdns.com> to fix Bug
      r24729: First try and publishing a DNS service account, for folks to play with.
      r24730: Allow secrets entries to be for service principals.
      r24731: Remove unused code - if we hit these error conditions, then we are
      r24760: Ensure we base64 encode any password being put into LDIF, to avoid
      r24761: Permit subtree renames in Samba4.
      r24793: The subtree_rename module is a work of fiction.  An resemblance to a
      r24822: Merge from SAMBA_4_0_RELEASE:
      r24819: We are preparing for alpha1, so update the mkversion script to cope with that.
      r24859: Merge from SAMBA_4_0_RELEASE:
      r24909: Patch from Andrew Kroeger <andrew at sprocks.gotdns.com> on the slow road
      r24911: Make better use of substituted variables in example named.conf
      r24913: Fix typo
      r24914: In response to bug #4892 by Matthias Wallnöfer <mwallnoefer at yahoo.de>,
      r24915: Try to quiet down this warning - the 'classic' share code doesn't
      r24918: Fix the build (forgot to include dcesrv_lsa.c in the previous commit)
      r24941: Simplify samdb_result_nttime(), and remove nttime_from_string()
      r24942: Patch from Matthias Wallnöfer <mwallnoefer at yahoo.de> and a testsuite
      r24945: The behaviour of the SAMR server on a member server is worth testing
      r24959: Merge back changes from release branch, and set new VERSION on main tree.
      r24971: Test more combinations for resetting the account expiry.
      r24972: Try to rat out this SAMR failure with some more cross-tests, and
      r24973: Try to make it really clear we are dealing with 64 bit numbers here.
      r24985: Start to revert us back to the old-style SWAT, while trying not to
      r24986: LDB has a function for comparing things that must meet the rules of
      r24987: Clarify error conditions in secrets handling, before I add ACLs to
      r25048: From the archives (patch found in one of my old working trees):
      r25051: Move SWAT back to the old-style form-submit modal.
      r25052: This missing 'break' caused problems on 32 bit platforms only, due to
      r25053: Show the user class alongside the username.
      r25071: Add some more testcases for RPC-DRSUAPI-CRACKNAMES, proving I can't
      r25073: Correct test name so make test can pass again.
      r25194: A major rework of the Samba4 LSA LookupNames and LookupSids code, with
      r25196: Thanks to id10ts on IRC for finding some typos in my well-known names
      r25203: Don't use subclasses in Samba4, as we always fill out the full
      r25204: Patch by Andrew Kroeger <andrew at sprocks.gotdns.com> fixing bug #4958 -
      r25218: After discussion with Simo, remove the subclass support from LDB.
      r25249: Thanks to Andrew Kroeger for pointing out this silly typo (calling
      r25268: Thanks to Andrew Kroeger for pointing out on IRC that this is
      r25299: Modify the provision script to take an additional argument:  --server-role
      r25300: Update howto.txt with modified provision syntax.
      r25303: Print out the options the provision script generated.  This should
      r25304: Thankyou to Amin Azez <azez at ufomechanic.net> for pointing out that I
      r25354: Thanks to Amin Azez <azez at ufomechanic.net> for finally getting me to
      r25383: Patch from Amin Azez <azez at ufomechanic.net> to give better message
      r25450: Make it easier to test with a particular version of OpenLDAP, by
      r25451: Rework the display of provision options to use printf syntax, and
      r25452: Move the creation of the server entry to the self join, as this makes
      r25596: It isn't valid to take the address of an array on the stack, and this
      r24821: Update the mkrelease.sh script and mkversion.sh to make releasing correct
      r24823: Without any better ideas as to how to fill out the WHATSNEW, I've
      r24858: Make the 'vampire' code work again - clearly nobody uses this...
      r24910: Merge named.conf patch by Andrew Kroeger <andrew at sprocks.gotdns.com>
      r24912: Merge 'use more substituted variables' patch to release branch.
      r24916: (merge to release branch)
      r24917: More thoughts on Samba4 release notes, readme etc.
      r24919: Merge build fix and improved error strings to release branch.
      r24944: Merge acct_expiry fix to release branch.
      r24947: Forgot to merge this to release branch, so we got weird subs in
      r24958: This is the final text, and the final version. I'll send the release
      r25616: Fedora DS now has a way to install the schema and extra configuration
      r25618: I'm sick of the fstring warnings turning up here. Let's see how much
      r25619: As perhaps could have been expected, the CFLAGS hack broke all non-gcc
      r25660: Add a new interface 'generate_secret_buffer()', to be used when we
      r25661: We don't actually need to know with DEBUG(0, ... every time we ask for
      r25693: Implement the rest of subtree renames, now that tridge waved his magic
      r25694: Move subtree_rename above the partitions module. The next step is to
      r25701: Clarify comment
      r25702: Clarify comments and make this module more strict on objectclasses.
      r25703: Use less entropy by using the pointer value as a process-unique token.
      r25704: Handle the chicken-and-egg problem of setting up the LDB before we get
      r25705: Ensure we return the out value to the caller.
      r25710: Finally fix subtree renames. Untested code is broken code and in this
      r25723: Add a check to prevent deletion of entries with children. Sadly MMC
      r25729: Fix silly regression in the subtree_rename - I broke normal renames.
      r25747: Implement linked attributes, for add operations.
      r25748: Don't segfault if we don't have a schema yet.
      r25749: Add function required by linked_attributes module.
      r25750: Update the objectclass module to improve consistency in Samba4.
      r25753: Move cn=rootdse to @ROOTDSE to avoid being caught up in schema restrictions.
      r25754: More work on normal forms for ldb input.
      r25755: Fix a couple of memory leaks, in particular a new leak onto the NULL
      r25759: catch up the samba3sam tests with the change from cn=rootdse to @ROOTDSE
      r25760: Test out relative distinguished name behaviour under renames.
      r25761: Rename to be a DN to be a child of itself wasn't being checked for.
      r25762: This test belongs best with the other checks for a valid parent, in
      r25763: Handle modifies, in the easy case (add/delete of elements), for the
      r25781: Handle and test linked attribute renames.
      r25786: Add function required by linked_attributes module (We need a list of
      r25787: Assert that we handle the group membership updating correctly,
      r25788: Use a single routine to handle the creation of modify requests in the
      r25825: Don't print the user's password hash at level 0.
      r25826: Prove that adding a user or computer via LDAP doesn't magicly give
      r25856: If the search fails, it is not valid to steal 'res'.
      r25857: Indent
      r25891: Test that we get the correct return value when we attempt to reference
      r25921: Now also listen on ldapi by default in the LDAP server
      r25922: Make it easier to bind to a unix domain socket, without messing with
      r25923: Make sure to install phpldapadmin-config.php
      r25933: LDB: Don't free errstring until after the printf, in case it is one of
      r25934: Handle a LDB_ERR_NO_SUCH_OBJECT return value when looking for the
      r25938: We don't need the CLDAP server unless we are a DC.
      r25939: Rework the CLDAP server not to use gendb_search but to call ldb_search
      r25940: Rework the samldb and templates handling.
      r25941: Use samdb_relative_path() (new function in samdb.c) in the partitions
      r25942: Make various ldb modules handle an LDB backend that enforces validity
      r25948: Fix up the samba3sam test (which is very fragile) to work with the new
      r25949: Make error messages clearer and more correct.
      r25950: Enable seperate module to prevent subtree deletes.
      r25952: Add in new data file required by samba3sam test.
      r25957: Rework the cracknames code to use less gendb_search() and instead call
      r25958: Callers of gendb_search_dn() don't expect to get
      r25959: Add a new special DN to LDB: @OPTIONS
      r25960: Enable checks on the validity of the search base on sam.ldb in Samba4.
      r25961: Add new tests to verify basedn validation in LDAP searches.
      r25962: Move to more modern ldb functions loading module list.
      r25964: Fix comment and use talloc hirachy in ldb_tdb initialisation.
      r25965: Remove duplicate block - thanks metze!
      r25966: Don't force an 8 byte width to generated SIDs, as this can actually
      r25981: Don't create an ldb_request on NULL.
      r26131: Ensure we show the right errors in the NULL base DN case. Based on
      r26135: Remove samdb_add(), samdb_delete() and samdb_modify(), which were just
      r26137: Rename the entryUUID module to better match it's purpose: being a
      r26138: Don't talloc_free() res if an error occoured.
      r26139: Based on a report by Theodor Chirana, don't assert() on invalid
      r26140: Add a new test for searches by distinguieshedName and dn, and
      r26182: Extend our linked attribute testsuite to cover many more possible
      r26183: The idea of a self-seeding secrets.ldb is nice, but in practice we do
      r26192: Handle, test and implement the style of extended_dn requiest that MMC uses.
      r26193: In the LDAP server, use the new 'controls_decoded' element to
      r26244: Add a module (sans tests for the moment) that implements ranged
      r26245: Make it easier to handle the LDAP backend, with it's differing needs,
      r26246: Make it easier to debug assert()s in the provision, if messages are
      r26282: These modules expect errors, but if we don't wipe the error string, we
      r26283: fix typo
      r26284: Rather than just debug, push the error back up the stack as the error
      r26297: Correct error message. This function verifies attributes, not
      r26298: Use metze's schema loading code to pre-initialise the schema into the
      r26299: Print out which module failed to initialise.
      r26300: Don't segfault when called from the ntptr libs.
      r26301: Collapose ldb_next_init() into being a caller of ldb_init_module_chain
      r26302: Print the error string for failed rootdse searches.
      r26303: Fix up error reporting during the delete of previous entries in the
      r26304: More work to remove silly error printouts.
      r26305: Update template files and testsuite to try and work with current
      r26324: Fix includes for Jelmer.
      r26354: In trying to chase down why we have reports that WinXP won't join
      r26361: Ensure this test cannot proceed if the pipe connection failed.
      r26362: Fix segfault in NET-API-DELSHARE torture test.
      r26365: This will now be the alpha3 tree (once I release alpha2).
      r26386: We need to test in more than just 'interactive' mode...
      r26389: Merge SWAT changes from alpha2 back into main Samba4 tree.
      r26412: Add comments and refactor to reuse common code.
      r26419: Add a module to implement 'ambigious name resolution' by munging the
      r26420: Don't print a blow-by-blow description of every search we do, just the
      r26424: Patch and hits from Howard Chu <hyc at symas.com> for our automated setup
      r26479: Further test behaviour of 'attribute or value exists'.
      r26485: Fix indent, remove left-over debug.
      r26488: Implement tests for the ranged_results module.
      r26529: Indeed, this belongs in the schema module. Ranged results need to use
      r26364: Branch Samba 4.0 for an alpha2 release.
      r26387: Merge logfile segfault into alpha2 branch.
      r26388: Fix up SWAT provision (again...), after changes I made to the
      r26390: Start on a WHATSNEW for the alpah2 release.
      r26489: Merge fixed ranged results module to release branch.
      r26490: Update WHATSNEW. Unless some fancy new words arive soon, this is what
      r26501: Merge kblin's updated README
      r26541: Mark this as the release
      r26556: Make Fedora DS consistant use FEDORA_DS_ROOT, now we use OPENLDAP_ROOT.
      r26557: sync WHATSNEW with release branch of Samba4
      r26609: Try a few more variatations to get the selftest to run against
      r26610: Write out a memberof.conf, to run the memberof plugin on all linked
      r26611: Tridge didn't write this...
      r26612: Tests show that we don't need to use a callback.
      r26613: Add a function to write a DATA_BLOB into an LDAPString.
      r26635: The OpenLDAP folks have been very accommodating, and their memberof plugin allows the error being returned to be adjusted.
      r26636: Remove useless 'backend' parameter, and make the memberof overlay use global.
      r26647: Mark 'valgrind_run' as executable
      r26648: Move detection of global catalog captability to a central function, so
      r26649: Only claim to be a PDC if we are a PDC.
      r26679: It is very bad to free the ldb handle when you didn't create it...
      r26680: Don't always advertise GC functionality.
      r26681: Use fewer magic numbers.
      r26682: Move CLDAP to the modern torture system, and add value checking.
      r26683: Add another testcase. I still don't know what's wrong here.
      r26684: Trivial cleanup from Matthias Dieter Wallnöfer, from bug 5090
      r26685: Fix bug 5137 by Mark Ridley. The RPC-ATSVC test is not tested, so was
      r26686: Fix bug 5143 by Jason Tarbet. This prevented an easy cut-and-paste of
      r26697: Leak less memory into the ldb context.
      Native move servers will refuse these SamSync operations, so don't
      Return 'not implemented' on more RPCs.  (easy way to 'pass' the
      Merge commit 'origin/v4-0-test' into 4-0-local
      Make Samba4 and Fedora DS happier
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      Add in new module to normalise DNs being returned from OpenLDAP.  This
      Fix segfault when sorting LDAP replies on the client.
      Rework ldbsearch to avoid segfault when remote LDAP server returns
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      Remove 'dn' from mapping, it isn't a valid attribute in AD, and causes
      Use 'dn' less, as this is not a valid attribute in AD, and I want to
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      Rework control handling to remove the 'domain_scope' control
      Make ldap.js test easier to re-run in failure cases, by deleting more
      Test the behaviour of mixed domain_scope and search_options controls.
      Make the Fedora DS LDAP backend 'aci' actually work, with better quoting.
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      Start generating a configuration for the refint overlay.  This
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-abartlet
      Allow the 'extra' objectclass added to objectClass attributes by
      Rework linked_attributes module for the REPLACE case.
      Print out the reason we can't delete the user in SAMR.
      ldb_map objectClass munging: Don't hard-code 'extensibleObject'.
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      OpenLDAP backend: Place the refint overlay after the memberof overlay
      provision: simplfy by removing old code to manually create baseDNs.
      Add in a new module to handle instanceType
      Correct authorship of instanceType module
      Remove --ldap-base from the python provision script
      Search for memberOf when clients ask for a wildcard against OpenLDAP
      Use syncrepl on all OpenLDAP databases (creates contextCSN attribute)
      Don't manually specify instanceID in the template files.
      Add showInAdvancedViewOnly to every new object
      Merge commit 'origin/v4-0-test' into 4-0-local
      Don't set 'name' in the LDIF, this is handled by the rdn_name module.
      Only set showOnlyInAdvancedView: TRUE when adding default values.
      Remove default 'showInAdvancedViewOnly' values.
      Be sure to pass iconv handle down to compression subcontexts (fixes
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-abartlet
      ranged_results: fix use of uninitialised variable (end)
      Make ranged results tests in ldap.js easier to debug.
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      Fix segfaults in codepaths only tested by the NET-API-BECOME-DC test.
      Fix DRSUAPI replication test - NET-API-BECOME-DC.
      Get more information from ldb when reporting a failed replication.
      Remove useless subs from the ejs provision
      Kill another sub that the modules will handle for us.
      Use the repl_meta_data module by default.
      Make the repl_meta_data module the default for domain controllers.
      Ensure we set subobj.BACKEND_MOD for the 'partitions only' case.
      Tidy up the last regresesions on the python smbscript, from my work
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-abartlet
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-abartlet
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-abartlet
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-abartlet
      Rework service init functions to pass down service name.  This is
      Rework cluster_id() to take an additional argument, as we need
      Rework process_single.c to take advantage of cluster_id() now taking an additional argument.
      Remaining changes to implement the prefork process model
      Remove useless layer of indirection, where every service called
      Fix a few more breakages from our recent changes to the server_id
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-abartlet
      Clarify nomaclature of socket names in process_single and process_prefork
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-abartlet
      Ensure expected errors do not leak up to the application.
      Fix LDAP backend with python provision
      Remove unused ldap_backend argument from provision.py
      LDAP backend provision now works with python.
      Remove unused argument to provision().
      Revert to ejs for 'provision'
      Fix syntax in LDAP test
      Reset error strings
      Fix LDAP backend with python
      LDAP now works with the python provision!
      Remove unused parameter from provision()
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      From a request from Peter Huang, include IPsec sechema.
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      Make the provision test more real, use a foo.example.com for the realm.
      Give a more useful error when the templates.ldb can't be found.
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      Remove the forced 'krb5' from the NET-API-BECOME-DC test.
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      A couple more ipsec classes for the schema.
      Explain that these OIDs are DNs
      To partially simplfy our gcov handling, move to the new --coverage option.
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-abartlet
      Simpler specification of CFLAGS and LDFLAGS
      Until the new ldb changes land, make ldb_wait set the error string.
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      Be consistant about --ldap-backend-type
      Make use of smbpython clear.
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      Remove more cruft about smbscript.
      Do not re-randomise in an individual test.
      Extend the ldap.js test
      Fix rdn_name errors.
      Reorder modules to have rdn_name before objectclass.
      Users and computers now share the same template.
      Generate ACB_PW_EXPIRED correctly
      Check for and reject invalid account flags.
      Fix up the libnet tests.
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      Ensure we don't try and set the acct_flags if they are 0 (meaning
      Simplify the 'password must change' logic
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      Prove that not supporting ldapi is a bit problem.
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      fix typo
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      Fix failure to re-provision.
      Don't hardcode objectCategory into the schema, even in the schema.
      The DN in objectCategory should, if possible, be returned pretty...
      Try to return sane ldb error strings
      Make Samba4 pass the NET-API-BECOMEDC test against Win2k3 (again).
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-abartlet
      Ensure we get this option from the command line, not the internal
      Fix typo
      Start to rework provision for LDAP backends
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      Fixup the NET-API-USERMOD test.
      Rework provision scripts for more testing
      Try to fix up part of the upgrade test.
      Make error handling in ldb more consistant.
      Extend testsuite to cover specifying a domain SID.
      Fix provision script to work without smb.conf location specified.
      Upgrade provision-backend to python.
      Don't talloc_free() the UUID before we return.
      Update the provision scripts and selftest for LDAP
      Merge branch 'v4-0-test' of git://git.samba.org/samba into 4-0-local
      Don't segfault on invalid objectClass input.
      Rework to have member server 'domains' be CN=NETBIOSNAME
      Don't search the whole tree for the domains's sid
      Correctly normalise records against OpenLDAP.
      Bail out, rather than segfault on no domain sid.
      Report binding in libnet failure message.
      Show why a LookupName fails (help debugging)
      Don't use 'dn', this attribute does not exist with the LDAP backend,
      Rework SAMR functions to avoid gendb_search()
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Check for Administrator as a Alias (copy&paste bug)
      Rework our SAMR test and SAMR server.
      Allow more 'domain' objects when looking for a unqiue SID.
      Rework memberof handling in slapd.conf (used for OpenLDAP backend)
      Don't require users of credentials.h to have krb5.h and gssapi.h
      Merge lorikeet-heimdal -r 787 into Samba4 tree.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Merge branch 'v4-0-logon' of git://git.id10ts.net/samba into 4-0-local
      Supply HDB_DB_DIR macro
      More safety around ldb_dn C functions in python bindings.
      Remove unused variable.
      Extend the ldap.js test to prove faults with the LDAP backend.
      More kludge ACLs!
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Explain why this attribute should be skipped.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Remove useless extra argument to samdb_result_account_expires().
      Remove pointless cast
      Clean up the ldb python bindings to be 64 bit safe.
      Remove old js versions of newuser and provision.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Prepare for Samba4 alpha3.
      Make oplocks a per-share option.
      Merge with metze's change for oplocks to be on by default
      Fix references to ntvfs share config
      Actually call into lp_oplocks() in share_classic backend.
      Fix how we initialise the oplocks parameter.
      Add change about account expiry
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Make the setup/newuser and setup/setpassword scripts actually work...
      Merge branch 'v4-0-local' of git://git.id10ts.net/samba into 4-0-local
      Remove references to the new SWAT.
      Add tool for enabling accounts
      Fix 'oplocks' in loadparm.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Don't specify what should be a default option in the generated smb.conf
      No longer install SWAT files
      Fix and test python scripts and kerberos
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Finally found the magic string to skip the python registry tests.
      Fix some valgrind issues.
      Fix more valgrind issues.
      Merge branch 'v4-0-test' of git://git.id10ts.net/samba into 4-0-local
      Don't leave release trees hanging around
      Add a few more safety catches to the mkrelease.sh script.
      Rework 'compleated' message in provision to be more useful.
      Merge branch 'v4-0-local' of git://git.id10ts.net/samba into 4-0-local
      This is Samba4 alpha3!
      Mark as GIT snapshots again
      On our way to alpha4...
      Remove references to setting the host GUID, as the repl_meta_data
      Fix merge of my host GUID removal and the IPv6 addition to provision
      Fix conflicts in setup/provision script.
      Clean up provision and rootdse module to hard-code less stuff.
      Pass discovered server DN down to provision.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Extend credentials python API to include set_machine_account.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Rework talloc hirarchy for C provision setup.
      Re-add support for the --ldap-backend-port option to provision-backend
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Start implementation of real 'net vampire' code.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Be consistant in using ${SEVERDN}.
      Remove dns_name element
      Factor out filling in the secrets database.
      Don't fill in the secrets DB unless we make the entries.
      Link the new vampire code togeather.
      Fix up provision to specify SERVERDN in more places.
      Set a netbios name into provision, and zero the rest.
      Fix merge errors on C provision interface after jelmer's good work.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Far less cryptic traceback when you have an existing smb.conf
      Use the python-provided ldb and lp_ctx pointers in libnet_vampire.c
      Don't reopen the sam.ldb again
      Don't specify the ntds_guid to the C -> python provision interface
      Reuse the lp_ctx and samdb returned by the python provision.
      Actually test the different 'fill levels' in the provision process.
      Add in a way to get at the private_path() function from python
      Fix newuser and setpassword scripts, and port to idmap.
      Re-run SWIG
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Include the smbconf parameter to the provision
      Ensure we initialise s->lp_ctx for the way into the provision.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Add blackbox test for ndrdump, to ensure it at least does not
      Test a few more bits of smbclient
      Test password change with 'net password change'.
      Fix provision-backend script
      Fix winbind to check machine account.
      Fix some of the winbind tests.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Re-add 'db' subdirectory for LDAP backend provision
      Now that we don't create a new event context, don't free it.
      Fix wbinfo --trusted-domains.
      Fix struct_based winbind test for 'check machine account'.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Adjust the expectations of the struct based winbind test.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Use the struct based winbind tests, but mark as known fail.
      Skip strcmp() on 2 NULL pointers.
      Run more tests that were previously skipped.
      Fix the expectations on the unixinfo test.
      Fix build not to always use code coverage.
      Run samba3sam.js with bin/smbscript explicitly.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Fix samba3sam test.
      Don't exclude all tests mentioning 'samba3', but only those actually
      Fix bug in registry test on big-endian machines.
      More work to avoid endian bugs in registry tests.
      Fix typo
      More endian fixes in the registry
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Fix samba3 protocol to correctly include the NULL terminator
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Add in a nice big comment explaining why SamLogonEx matters.
      Having killed it from Samba 3.0 and trunk, kill 'unicode' from samba-docs.
      The whole point of the 'privileged' pipe is that it is not world accessible...
      See, I really can write documentation when I put my mind to it...
      It appears that <program> isn't valid here, but <command> is.
      Add links to squid, and mod_ntlm_winbind.
      Add a note warning against the use of wbinfo -a for authenticacation
      Explain that winbind does not cache authentication requests.
      Remove bogus comment from 'client use spnego'.
      Clarify that turning off lanman authentiation applies to password
      Address some inaccracies (such as BDC solutions that might have
      Fix debian bug #404702 and clarify some points about 'net rpc vampire'
      Clarify that you don't want to use %m in 'add machine script'.
      Update docs to match the new defaults in Samba 3.2.0 and later.
      Remove unused KANJI and terminal code options.
      Add documentation to session token functions.
      Add comment explaining why io.in.workgroup isn't important.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Remove vampire.py as the 'net' binary is the right interface.
      When a test harness program fails, make the testsuite fail.
      Don't compile files twice when the compilation fails.
      Make the composite 'connect to server' code useful for security=server
      Revert to using the old CIFS connection API.
      Fix dependencies on gensec_krb5 and the NTLMSSP code.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Reorder this function in the file, so it reads bottom-up.
      Allow an NTLM response to be specified into the auth subsystem.
      Add a new implementation of security=server.
      Move NTLM authentication details into auth/ntlm
      Fix the build after the auth/ -> auth/ntlm/ rename
      Cope with an empty mapping file in ad2oLschema
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Remove JavaScript provision-backend script
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Rework the CLDAP and NBT netlogon requests and responses.
      Put back the old netlogn parsing code - for the request only
      Test the use of the domain SID on the NETLOGON mailslot
      Convert the CLDAP server to use the new netlogon structures.
      Make the IRPC GetDC request use SAM_LOGON packets.
      Explain that the sid must be absent on the NTLOGON mailslot.
      Show that the NTLOGON and NETLOGON mailslots are *very* similar.
      Modify the LDAP-CLDAP test for better coverage.
      Handle netbios domains in the CLDAP server too.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Ensure we don't send a reply if we couldn't push the CLDAP blob
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Don't regenerate pam_errors.h any more.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Add the core of the new CLDAP/NBT 'netlogon' parsing library.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Fix prototype generation in new syntax for netlogon.c
      Revert addition of 'mailslot' parameter.
      Fix number of arguments to IRPC getdc callback.
      Fix irpc GetDC requests.
      Further tests show NTLOGON and NETLOGON to be identical.
      Re-add alignment removed by metze in 0e2f6d481b3e35ed392b2b3340b244c77593819c
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Extend the 'netlogon' CLDAP and NBT implementation.
      Manually handle the NETLOGON_SAM_LOGON_REQUEST too.
      Extend the NBT-DGRAM torture test again.
      Include flags.h into samdb.h
      Fix creation of sockaddr in netlogon datagram generator.
      Merge branch 'v4-0-local' of git://git.id10ts.net/samba into 4-0-local
      Correct an assertion in the testsuite.
      Start an 'NTP signing server' in Samba4.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Bring up the ntp signing deamon
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Fix dependency list for NDR_TABLE
      Try adding a stub to fix the build
      Install the ntp_signd NDR headers...
      Another (useless) header to install
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Don't make the NTP signd headers public.
      Final fixes to for a functional NTP signing deamon.
      Allow the ntp_signd socket to be set from configure.
      Add in an enum for two future NTP signing ops.
      Merge branch 'v4-0-local' of git://git.id10ts.net/samba into 4-0-local
      Print prefixMap in a human-readable format.
      Finish the LDIF parsers for the prefixMap attribute.
      Remove extra spaces on prefixMap input and output.
      Remove test from samba4-skip, it is avoided in samba4_tests.sh
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Fix up provision and samdb tests.
      Don't pass an smb.conf to provision tests.
      Reorder the linking of objects into a binary.
      Fix rpcecho test.
      Place the NTP signd socket in the selftest area
      Fix the samba4.dcerpc.bare.python test.
      Skip the samba4.samdb.python test.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Revert Jelmer's CFLAGS commit e2b71a0ecbf10a78a59a8ec6371bdee57b1bfa6c
      First draft of a WHATSNEW for a new release.
      Fix WHATSNEW.
      Clarify that our build farm status really sucks at the moment...
      Mark as the real Samba4 alpha4 release.
      I probably should warn about GnuTLS bad mojo...
      Remove outdated README
      Merge branch 'v4-0-stable' of ssh://git.samba.org/data/git/samba into 4-0-local
      On the road to alpha5...
      Align the Python and EJS ldap tests.
      Tone down the warnings in the WHATSNEW.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Without stdlib.h we don't get a prototype for free().
      Merge branch 'v3-3-test' of ssh://git.samba.org/data/git/samba into 3-3-abartlet
      Don't sign NTP packets to disabled accounts
      Add a blackbox test for the provision-backend script.
      Remove old ldap.js test, we have replicated it in python now.
      Fix segfault caused by talloc_free() being called while still processing
      Change detection of objectCategory short fomm
      Depend on NDR_DRSBLOBS explicity.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Fix installation of Samba4 into an empty tree.
      Fix the wbinfo test on the LDAP backend.
      Tone down the language in BUGS.txt
      Place the Fedroa package into Samba4's GIT tree
      Update WHATSNEW towards an alpha5 release.
      More work to use %{name} rather than 'samba'
      Use a configure-specified directory for the winbind priv pipe
      dynconfig changes for 'winbind privileged dir' changes.
      selftest changes for 'winbind privileged dir' change.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Loosen ldap.py tests on the LDAP backend.
      Relax the ldap.py tests so that they pass against OpenLDAP CVS.
      Rework samdb handling for 'netlogon' packets.
      Update Fedora packaging per feedback on review ticket.
      Fix small formatting details in WHATSNET for an alpha5 release.
      Mark as alpha5 release
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Prepare for alpha5 tarball.
      Mark as 'not a git snapshot'.
      Ensure we install smbd as well...
      More updates for spec file, for alpha5
      Merge branch '4-0-local' into v4-0-stable
      Merge branch '4-0-stable' into 4-0-local
      On the way to alpha6!
      A couple more package updates
      Create PREFIX/var/lib and PREFIX/var/run in 'make install'.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Collapse auxillary classes in LDAP schema conversion.
      Fill in the auxiliary classes into the dsdb_schema.
      Move ad2oLschema and oLschema2ldif into Samba4, out of LDB
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Make ad2oLschema even simpler, by moving the heavy work into dsdb.
      Avoid the use of extensibleObject in ldap mapping backend.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Use common code to fill in allowedAttributes in kludge_acl.
      rename sambaPassword -> userPassword.
      Remove C++ keywords from events.h header.
      Fix 'make gdbtest-enb' and the GDB_PROVISION option.
      Try to make NTLMSSP less fussy for unimportant messages.
      Allow ldap credentials to be (optionally) stored in secrets.ldb
      Use secrets.ldb to store credentials to contact LDAP backend.
      Cleanup ldap_bind_sasl.
      Add a standard filter for finding the LDAP secrets.
      Make up a full hostname for ldapi connections.
      Connect to the LDAP backend with SASL credentials.
      Rework provision to handle both simple and SASL binds.
      Fix asking for credentials for non-LDAP provisions.
      Kill of some bogus debugs for the world who does not use the LDAP backend
      Revert Fedrora DS backend to use extensibleObject.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Lock down the LDAP backend - only samba may read or write
      Simplify the contextCSN determination.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Don't keep an extra ldb around forever.
      Ignore and handle more NT Create & X options.
      Reorder whitespace in generated slapd.conf
      Fix the build - this element was renamed.
      Another kludge to let the OpenLDAP backend catch up.
      More 'must be ignored' options from the MS-SMB doc.
      Put the memberof template into a seperate setup/ file.
      Make a seperate template for the refint configuration too
      Make invalid 'member' detection work again.
      Fix ldb_map to add/remove the same 'extra' objectclass
      Sleep longer in the hope that the OpenLDAP backend might catch up
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Remove bogus test in 'enum trusted domains' LSA server.
      Rename structures to better match the names in the WSPP IDL.
      Fix winbindd not to sit in a busy loop...
      Install'named.txt' to private/ as documentation.
      Explain where some other OIDs are allocated.
      Remove the 'accoc_group_id' check in the RPC server.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      The SMB session key must not be more than 16 bytes in SAMR (and
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Clarify how we are doing the 'this is a rootdse query' check.
      Complain if we are told to use an ldap backend, without the type
      Try to avoid a memory leak if we re-set the global schema
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Make a new define to ensure the accoc_group_id we use is always in common.
      Per feedback, remove epoch and ldconfig requires.
      Fix warnings in new prefixMap code
      Remove unused function and make sensitive directories private.
      Remove unused variable
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Always print the slapd startup command
      Make it even clearer what to do next in the LDAP backend setup
      We don't use EXTENSIBLEOBJECT any more.
      Update trustAuthInOutBlob in line with MS-ADTS
      Start implementind domain trusts in our KDC.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Don't fail if the domain has a trust already.
      Use the cldap reply to avoid segfaulting in RPC-DSSYNC
      Print trustAuthOutgoing and trustAuthIncoming in RPC-DSSYNC
      Update to a working trustAuthIncoming and trustAuthOutgoing parser.
      Start implementind domain trusts in our KDC.
      We can't use ndr_pull_struct_blob_all in combinatin with relative pointers
      More work towards trusted domain support in the KDC.
      We can't use ndr_pull_struct_blob_all in combinatin with relative pointers
      Clarify comment
      Always set a session key, even for the 'no password' case.
      Clarify comment
      Always set a session key, even for the 'no password' case.
      Merge branch '4-0-abartlet' into pac-verify
      Only allow trust accounts access to the NTP signing service.
      Add GenericInfo level for SamLogon calls from the WSPP IDL.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Rework the trustAuthInOutBlob with the help of a hand parser.
      Assert on failure to join domain in NBT-DGRAM
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Don't segfault in RPC-ATSVC.
      Paramaterise the seperator in ad2OLschema
      Rework generation of the objectClass and attributeType lines.
      Generate the subSchema in cn=Aggregate
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Trusted domains implementation for the KDC.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Fix the build, after the ad2oLschema changes.
      Merge the two attribute syntax tables.
      Remove references to the unused @SUBCLASS feature.
      Ensure we fail to proceed if the schema won't load.
      Fix segfaults when loading the schema fails.
      Allow attributes to be overwritten, not just added to
      Note the ldb syntax for attribute syntaxes in the table.
      Fix templates.ldb reprovision handling.
      Fix up new OpenLDAP MMR code.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Update OpenLDAP MMR configuration per comments by Oliver Liebel
      Remove last traces of the old 'subclass' feature
      Split schema_init.c into smaller bits.
      Add schema search flags from MS-ADTS
      Apply attributes (and their syntax) from the schema into ldb
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Use the new SEARCH_FLAG_ANR define
      Don't maniplate control entries in samldb
      Don't allow a NULL syntax
      Correct anr search commants and error messages in ldap.js
      Don't hardcode attributes to be treated as a DN
      All these syntaxes are now handled by the schema.
      Set both attributes and indexes into the database on schema load.
      The index handling is now configured from the schema load, not by a
      Handle error cases in attribute handlers better.
      Validate input in the CLDAP and DGRAM 'netlogon' responder.
      Stop every ldb startup doing a write to the database.
      Push loading the objectGUID and objectSID handlers earlier.
      Don't walk past the end of ldb values.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
      Update RPC-LSA to (almost) pass against Windows 2008.
      Only allow the trust in the correct direction (per the flags).
      Fix LSA server to pass more of RPC-LSA and match Windows 2008
      Implement matching logic to Windows 2008 on handling of secrets.
      Make RPC-LSA test deterministic with an msleep(200).
      More LSA server and testuite work.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into pac-verify
      Don't use lsa_Delete any more, as smbd now refuses it.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into pac-verify
      Add definition for NT_STATUS_DOWNGRADE_DETECTED
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into pac-verify
      Fix the build on Win32, and use NEGOTIATE security (to allow kerberos)
      Put the internal gensec_gssapi state into a header.
      Add a test to explore Netlogon PAC validation
      Add missing file - netlogon.h
      Don't wipe the PAC checksums, the caller may actually need them.
      Heimdal provides Kerberos PAC parsing routines.  Use them.
      Further rework the RPC-PAC test.
      Update packaging per suggestions on the review
      It turns out that the Netlogon PAC verification is encrypted.
      Start implementing the server-sde NETLOGON PAC verification.
      Follow MS-LSAD and set defaults when creating a trust.
      Share IDL between the LSA and drsblob representations of trusts
      Start testing CreateTrustedDomainEx2
      Test a few more error cases in RPC-PAC
      Merge krb5_cksumtype_to_enctype from Heimdal svn -r 23719
      Implement NETLOGON PAC verfication on the server-side
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Merge commit 'origin/v4-0-test' into trusted-domains
      More work to implement LSA CreateTrustedDomainEx2
      With a windows 2008 client, even anonymous requires signing...
      Move our DC to implement mandetory signing.
      Update copyright, I've been working here many long years...
      Update copyright
      Add a new error code
      Make SMB signing work with Windows 2008 and kerberos.
      More work towards trusted domains support in Samba4's LSA
      Don't expose passwords, even to the administrator.
      Try to implement the right logic for systemFlags
      Simplfy SetSecrets behaviour in line with RPC-LSA and Win2008.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into trusted-domains
      Move blackbox.smbclient to test against the member server.
      Add definition for SYSTEM_FLAG_ATTR_IS_RDN
      Make it clear that the MMR password can differ from the admin passsword
      Fix bug #5713 by correcting the generated schema.
      Fix reversed test trying to fix bug #5713
      Return the same privilaged winbindd socket as we actually use.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
      Fix failures in the winbind struct-based test.
      Make cn=aggregate output less pretty, by more like Win2008.
      Remove the complexity of transactions from the attributes-setting code.
      Fix failure to load the schema on read-only DB.
      Skip strcmp() on 2 NULL pointers.
      This torture test and skipping of the server-side check was bogus.
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into abartlet-devel
      Test re-setting the challenge after an auth3 in RPC-NETLOGON
      Explain why we use signing for DCs, but not file servers
      Remove unused variable
      Remove unused parameter from decode_pw_buffer and fail on invalid
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into abartlet-devel
      NetApp found that we never set the smb signing flags2.
      Rename hdb_ldb to hdb_samba4 and load as a plugin into the kdc.
      Use the new 'samba4' name for our internal hdb plugin.
      Fix parsing of the trust passwords in LSA CreateTrustedDomainEx*
      Rework to match new trustDomainPasswords IDL
      Fix Domain Trust creation with Windows 2008 (and many other tools)
      Remove DESCRIPTION from generated schema lines.
      Remove compleatly bogus rename test in partitions module.
      Implement 'type unknown' names in the CrackNames code.
      Clarify use of manual parsers in trustInOutBlob (drsblobs.idl)
      Add in secure channel type used by AD trusts
      Make RPC-LSA test for enumeration conditions more strict
      Store trusted domain passwords in the LSA server
      Start implementing AD-style trusted domains in Samba4's NETLOGON server
      Use the trust password version as kvno for trusts in Kerberos.
      Allow the PAC to be passed along during cross-realm authentication
      Fix cross-realm authentication in Samba4's KDC.
      Set default trust kvno to -1
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into abartlet-devel
      Assert that the server provides allowedAttributes (etc) on each entry
      Move the password_hash module up the module stack.
      Create a 'straight paper path' for UTF16 passwords.
      Fix errrors in new password handling code found by RPC-SAMR.
      Improve RPC-SAMR tests to check random passwords
      Add a test to RPC-NETLOGON for random machine account passwords.
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into master-devel
      Add samba4kpasswd and rkpty binaries
      Ensure the hdb_method structure is not on the stack.
      Actually test the kpasswd server
      Mark clearTextPassword as a privilaged attribute
      Make the updated RPC-LSA pass against Win2008, and Samba4 to match
      Rework mkrelease.sh to exclude Samba3 files
      Clarify the linked attribute module behaviour with comments
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into master-devel
      Fix use of wrong union arm in linked_attributes module
      Use ldb_dn_from_ldb_val to avoid possible over-run of the value.
      Give a better error when ldb_dn_from_ldb_val fails
      Re-add support for supporting the PAC over domain trusts.
      Use ldb_dn_from_ldb_val() to create a DN in the SAMR server
      It is not valid to talloc_free() ldb_dn_get_linearized()
      Add a new function to parse a DATA_BLOB into a GUID
      Always validate a DN when constructing from a string in python
      Remove restrictions on number of DN components in LDAP server
      Use new GUID_from_data_blob
      The samba3sam test does not really need the extended_dn module
      Print unconvertable ldb element values as base64.
      Improve debug when SASL search fails
      Remove timeout event once we are calling the callback.
      Add helpful function for comparison of DATA_BLOB elements
      Run the original operation before we update linked attrs
      Use the direct pointer to the syntax
      Don't treat the DN+binary syntax as a DN.
      Add AD schema from Microsoft's WSPP documentation.
      A more-commented version of rpc_server crash fix, matching closer the
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into abartlet-devel
      Fix sequence number generation against OpenLDAP
      Make greater use of 'GUID_from_data_blob'
      Add hint to use passwordAttributes in @KLUDGE_ACL in future
      s4:ldb: add infrastructure for extended dn handlers
      s4:ldb_ildap: try to pass extended DNs to the server
      s4:libcli/ldap: split out a ldap_decode_attribs_bare() function
      s4:dsdb: add support for DSDB_OPENLDAP_DEREFERENCE_CONTROL
      s4:ldb: use try to print the extended dn in the ldif output
      s4:ldb.i: hang the dn on the NULL context as the python destructor will free it
      s4:samldb: improve error strings
      s4:samldb: make use of dom_sid_split_rid()
      s4:ldb-samba: register samba specific extended dn handlers
      s4:ldap_server: return the extended dn to the LDAP client if available
      s4:torture: add ldb tests
      s4:setup: don't set objectCategory: CN=Domain-DNS,${SCHEMADN}
      s4:setup: fix cut-n-paste error Builtin-Domain => Samba4-Local-Domain
      s4:selftest: lower debug level for slapd
      s4:ldb: make it possible to return per entry controls
      s4:rootdse: fix the logic to indentify a rootdse search
      s4:dsdb: Make the linked_attributes module set an extended dn
      s4:dsdb: split extended_dn into extended_dn_in, extended_dn_out and extended_dn_store.
      s4:provision: use extended_dn_out_ldb or extended_dn_out_dereference depending on the backend
      s4:dsdb: remove normalise module
      s4:ldb: add some python tests for extended dns
      s4:testprogs: improve extended dn testing of the ldb blackbox tests
      Rename ldb index pointer wrapper function
      Print error strings when transactions fail in ldb tools
      Parse options (and open the database) before starting transactions
      Handle different failure modes when we wipe the db in provision
      Fix failures setting a random password
      Move aggregate schema stub to it's own file
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into master-devel
      Fix compiler warning when parsing a SID in a data blob
      Now store the GUID and SID from a DN over DRSUAPI into ldb.
      Don't trust sscanf not to run off the end of the string
      Treat DN+STring as a binary string for now
      Corrections to Microsoft's schema and the OpenLDAP mapping file
      More work to have OpenLDAP accept the full AD schema
      Initialise 'flags' in new python ldb binding for ldb_connect
      Ensure libreplace is included into the tevent python bindings
      Raise a python exception when the ldb search fails
      Use new error constant (missing from 6efb7ff9)
      Only do special DN tracking for normal DNs in OpenLDAP backend.
      Fix error message in mkrelease to refer to source4, not source
      Don't give fatal python errors when guessing the realm
      Delete more Samba3-specific files
      Print more useful suggestion for the main provision command line
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into abartlet-devel
      Remove auth/ntlm as a dependency of GENSEC by means of function pointers.
      Push sam_get_server_info_principal into the auth subsystem
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into master-devel
      Remove useless invocation of messaging_init() in RPC-PAC test
      paper over failure to reprovision with os.unlink()
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into master-devel
      Make the 'modules.conf' generation in the LDAP selftest simpler
      Tolerate more whitespace errors
      Don't parse the schema data twice
      Add the new, updated AD schema file from Microsoft
      Prepare for a quick alpha7 release to help simo meet Fedora deadlines
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into master-devel
      Work around ndr_unpack failing on structures with relative pointers.
      Credit tridge's work on fixing GnuTLS
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into master-devel
      A simple hack to avoid the segfault in #6138
      Mark as the Samba 4.0 alpha7 release
      Allow 'net vampire' to work without an existing smb.conf
      Don't print the admin password if we don't set one.
      Pull in all the schema information during DRS schema fetch
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into abartlet-devel
      Update talloc version so we don't fail on system talloc 1.2.0
      Remove parse_control from header, long after the function was removed
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into master-devel
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into wspp-schema
      Remove ad2oLschema, insted call it directly from provision-backend
      Sort output of schema for OpenLDAP during conversion
      Load the schema for provision-backend in a transaction
      Load the schema with a more efficient single search
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into wspp-schema
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into wspp-schema
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into wspp-schema
      s4:provision  load_schema in provision.py no longer takes a hostname
      s4:schema Don't rely on objectCategory 'magic' when loading the schema
      s4:password_hash Only store the LM hash if 'lanman auth = yes'
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into wspp-schema
      s4:ldb Fix the paged_searches module
      s4:ldb Ensure to pass down options to LDB from python
      s4:minschma Fix aggregate schema generation in minschema
      Add minschema like tool to extract and dump the full schema from AD
      s4: Remove autogenerated attributes from minschema and fullschema output
      s4:ldb Allow paged_searches to be mixed with other controls
      s4:fullschema Use server-side sort to make the output deterministic
      s4:schema Remove 'cn' from the final output of ms_schema.py
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into wspp-schema
      Add parentGUID as an allowed attribute in samba4Top
      Remove minschema generated schema - we now generate from setup/ad-schema/
      s4:schema Update Windows 2008 schema from Microsoft to latest version
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into wspp-schema
      s4:schema Don't free mem_ctx before it is initilised
      s3:smbldap Remove smbldap_get_dn
      s3:printing Convert nt_printer_publish_ads() to use talloc better
      s3:libads Make ads_get_dn() take a talloc context
      s3:smbtorture Convert charcnv torture suite to use push_ucs2_talloc()
      s3:kerberos Rework smb_krb5_unparse_name() to take a talloc context
      s3:smbldap convert the easy cases to push_utf8_talloc()
      s3:charcnv Remove unused ucs2_to_unistr2()
      s3:charcnv Remove unused unistr2 functions
      s3:rpc_parse remove unused prs_unistr2()
      s3:charcnv Remove unused unistrcpy() and unistrlen()
      s3:lib Use push_ucs2_talloc() in ms_fnmatch()
      Rework util_strlist prototypes to use a bit more and less const
      Make the schema_inferiors generation code to compile
      s4:ldb Make it possible to re-run ldap.py again
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into master-devel
      Solve some of the conflict between Samba3 and Samba4 push_string
      Convert Samba3 to use the common lib/util/charset API
      Add some harmless use of talloc_tos() in ntlm_auth
      s3:charcnv remove now unused malloc() based conversion functions
      Move libcli/auth to the top level
      Move DRSUAPI per-attribute decryption into a common file
      Move MSRPC-PARSE into the common libcli/auth
      Rework trivial msrpc parser to use convert_string_talloc()
      Merge smbencrypt.c between Samba3 and Samba4
      Rework Samba3 to use new libcli/auth code (partial)
      Move ntlm_check.h into the common libcli/auth
      Port Samba4 to the new combined libcli/auth functions
      libcli/auth Don't compile against un-needed Samba4 headers
      Adapt to common crypto functions: sam_pwd_hash() -> sam_rid_crypt()
      More work to adapt to merged libcli/auth function prototypes
      Use common samsync delta decryption functions in libnet_samsync.c
      Push schannel_state.c into the top level.
      Rework netlogon credentials for the top level
      Rework Samba4 to use the new common libcli/auth code
      Make Samba3 use the new common libcli/auth code
      libcli/auth Push schannel check into common libcli/auth
      Link in the common samsync decryption code
      Rework to use new API for common netlogon credential chaining
      s3: Fix ntlm_auth and winbindd to use new common libcli/auth APIs
      common:libcli/auth Add missing samsync config.mk
      Add missing header, remove generated header
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into libcli-auth-merge-without-netlogond
      Fix Samba4 build errors with common libcli/samsync
      Fix building the common libcli/samsync code
      Fix building the now common msrpc_parse code
      Use an absolute path to ensure that we can always regenerate tables.c
      Fix crash bug in NTLMSSP caused by msrpc_parse() moving to talloc
      s3:ntlmssp Fix segfault: msrpc_gen now uses talloc()
      s3:auth Fix segfault: Always initialise returned session keys
      Remove unused headers
      libcli/auth: Don't pass back lm_sess_key as the same pointer as user_sess_key
      s3:ntlmssp Remove use of talloc(NULL) in NTLMSSP code
      libcli/auth Ensure we cancel the transaction when schannel not detected
      Remove use of talloc_reference in cli_rpc_pipe_open_schannel_with_key()
      Merge commit 'origin/master' into libcli-auth-merge-without-netlogond
      Fix to use modified cli_rpc_pipe_open_schannel_with_key API
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into libcli-auth-merge-without-netlogond
      python/rpc: Add custom GUID.__str__, GUID.__repr__, GUID.__init__ and GUID.__cmp__.
      python/dcerpc: Custom implementations of policy_handle.__init__ and policy_handle.__repr__
      Add str() for policy_handles.
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into abartlet-devel
      Revert "pidl/python: Add explicit casts, fixing implicit cast warnings."
      Add the implicit [ref] to the connect_handle in EnumDomains
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into abartlet-devel
      s4:samr Use ldb_context * rather than void *
      s4:test Fix 'make lcov' in Samba4
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into abartlet-devel
      s4:test Include 'source4' in directories to find lcov in
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into abartlet-devel
      s4:torture use common libcli/auth crypto code
      More lcov code coverage generation work
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into abartlet-devel
      s4:torture Add tests for prefixMap custom attribute handler
      s4:torture Fix segfault in RPC-SAMSYNC
      Add new functions and tests: str_list_make_empty(), str_list_make_single()
      s4:torture Use str_list_make_single where appropriate
      dsdb:schema Use str_list_make_empty() to create an empty list
      s4:libnet Use str_list_make_single() in resolv code
      s4:nbtd Use str_list_make_single() to turn iname->wins_server into a list
      Add extensive tests for str_list function behaviour
      Add support for sendmsg() in socket_wrapper
      Don't use crossRef records to find our own domain
      Add DOMAIN_RID_KRBTGT define to security.idl
      Handle the krbtgt special case by looking for RID -514
      Detect missing 'witch' before detecting missing autoconf
      Fix incorrect RID for KRBTGT.  (was incorectly 514, should be 502)
      Fix incorrect RID for KRBTGT.  (was incorectly 514, should be 502)
      s4:torture Make the RPC-SAMR-PWDLASTET more efficient
      s4:client Match Samba3 and remove smbmount from the distribution
      s4:torture Half the repeditive tests run by RPC-SAMR-PASSWORDS-PWDLASTSET
      s4:torture Clean up users and groups added in RPC-SAMR-LARGE-DC
      s4:torture Don't run QueryDisplayInfo test for SAMR-USERS-PRIVILEGES
      s4:setup Remove generated attributes from provision_configuration
      s4:torture Don't try to Close a Deleted handle
      Win2k3 don't allow creating of domain trust accounts over SAMR
      s4:torture Make Samba4 build on hosts with an older libnetapi
      Don't run the RPC-SAMR-LARGE-DC test multiple times
      socket_wrapper Cope with SOCK_CLOEXEC and SOCK_NONBLOCK flags
      s4:torture assert that we get a Mailslot allocated before we dereference
      s4:torture Cut the RPC-SAMR-LARGE-DC test down to size
      pidl Fix samba4.pidl.typelist test after addition of 'double'
      Update WHATSNEW for an alpha8 release this week.
      Remove copy of kerberos-notes.txt added in incorrect location
      Don't recurse in reopen_logs().
      Fix build of recurusion fix in reopen_logs()
      s4:heimdal: import lorikeet-heimdal-200906080040 (commit 904d0124b46eed7a8ad6e5b73e892ff34b6865ba)
      Add supportedCapabilities to our rootDSE
      Add const to cast, to fix warning
      Require the new tdb 1.1.5 (for performance reasons)
      s4:gensec Print GSSAPI error message when unable to find PAC
      s4:setup Add an option to 'setpassword' to force password change at next login
      s4:kdc Allow a password change when the password is expired
      s4:libnet Allow 'net password change' to work on expired passwords
      s4:testprogs Don't specify a username/password when checking the ccache
      s4: Add tests and 'must change password' flags in setpassword and newuser
      Bump the ldb version and the version Samba4 requires.
      Remove unused variable
      s3:netlogon Cope with recent rename in netlogon.idl
      s4:ldb Add test for integer normalisation behaviour
      Partially revert restriction of socket_wrapper to 1500 byte writes
      s4:ldapsrv Place the 'privilaged' ldapi socket under an #ifdef
      Partially revert restriction of socket_wrapper to 1500 byte writes
      Mark as release version
      On our way to alpha9!
      Allow developers access the the privilaged ldapi socket for the moment
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into master-devel
      Revert "s4:debug: make setup_logging() a bit more compatible with samba3"
      Fix ndrdump to use a common setup_logging() API
      s4:dsdb Explain the parsing steps for userPrincipalName cracknames calls
      Rework hdb-samba4 to remove useless abstractions.
      s4:kdc Only get the lp_ctx once for a LDB_fetch()
      s4:heimdal Allow KRB5_NT_ENTERPRISE names in all DB lookups
      s4: dsdb Avoid using the internal ldb_private.h header
      s4:ldb Allow rootdse module to build without ldb_private.h
      s4:param use talloc_unlink() to free iconv context holding references
      s4:ldb Fix talloc hirarchy in LDIF parsing code
      s4:ldb Rework use of talloc and ldif objects in python wrapper
      s4:net Move net_vampire() to net_vampire.c
      s4:auth It is easier to copy the session key than get talloc right.
      Add const
      s4:dsdb Allow unicodePwd to be set when adding a user
      Add a way to set an opaque integer onto a samdb
      s4:dsdb Handle dc/domain/forest functional levels properly
      s4:gensec Allow mutual auth to be turned off in 'fake_gssapi_krb5'
      s4:heimdal The implied GSS_C_MUTUAL_FLAG depends on AP_OPTS_MUTUAL_REQUIRED
      s4:gensec Rework gensec_krb5 mutual authentication defaults
      s4:heimdal: import lorikeet-heimdal-200907152325 (commit 2bef9cd5378c01e9c2a74d6221761883bd11a5c5)
      s4:kdc Initialise new hdb function pointers.
      s4:kdc rename functions from LDB_ to hdb_samba4
      s4:kdc Rework KDC to pull in less attributes for krbtgt lookups
      s4:heimdal: import lorikeet-heimdal-200907162216 (commit d09910d6803aad96b52ee626327ee55b14ea0de8)
      Revert "s4:heimdal_build: predefine GSSAPI_DEPRECATED depending on the compiler version"
      s4:kdc Add in a simple check for constrained delegation to self
      s4:provision Fix provision on FreeBSD
      s4:kdc Tidy up hdb_samba4 some more
      s4:heimdal Extend the 'hdb as a keytab' code
      s4:setup add 'cn' attribute to Samba4 local schema
      s4:kdc Push context to hdb_samba4 by way of the 'name' of the DB
      s4:kerberos Add 'net export keytab' command for wireshark decryption
      s4:kerberos Add test to show that we actually export the keytab
      s4:kerberos Add 'net export keytab' command for wireshark decryption
      s4:kerberos Add support for user principal names in certificates
      s4:tls Enable GnuTLS back to version 1.4 (an into the future)
      s4:libnet Add in a 'credentials' parameter for python libnet_Join
      Fix compile of py_net.c
      s4:provision We no longer add krbtgt or kpasswd account into secrets.ldb
      s4:samba3sam Remove extra newlines that broke samba3sam test
      Use smbclient binary for the test file in smbclient test
      s4:torture rework LDAP sort test
      s4:netlogon Fix warnings and segfault in GetDomainInfo call
      s4:ldif_handlers Allow a binary nTsecurityDescriptor when parsing LDIF
      Add const
      s4:torture Make RPC-NETLOGON pass against ncaclrpc servers
      s4:dsdb Don't cast an ldb_val into a const char * for schema lookups
      s4:ldb initialise e->values[i].length before use in python bindings
      s4:heimdal: import lorikeet-heimdal-200908050050 (commit 8714779fa7376fd9f7761587639e68b48afc8c9c)
      s4:heimdal: import lorikeet-heimdal-200908052208 (commit 370a73a74199a5a55188340906e15fd795f67a74)
      Merge branch 'master' of ssh://git.samba.org/data/git/samba into master-devel
      s4:ldb Make error message in rnd_name more useful
      s4:torture Add test for the NTP signd server
      s4:provision Assume the OpenLDAP backend can find it's own modules
      s4:provision Make the --ol-slapd paramter take the full path to slapd
      s4:selftest Make OpenLDAP guess it's own modules from now on
      s4:selftest Don't start the slapd for the provision, only for the run
      s4:provision Allow provision-backend to not run slapd for 'make test'
      s4:ldap_server Don't talloc_steal (with references) in ldap_backend
      s4:ldap_server Remove another talloc_steal (with references)
      s4:ldap_server Correct removal of talloc_steal()
      s4:schema Provide a way to reference a loaded schema between ldbs
      s4:provision  Remove the ACI element from the provision templates
      s4:schema Allow a schema load on an unconnected database
      s4:python Push some helper functions from SamDB into samba.Ldb
      s4:setup Don't manually set @ATTRIBUTES any more
      s4:provision Move helper functions back to provision
      s4:provision Rework provision-backend into provision
      s4:provision A crude update of the OpenLDAP backend HOWTO
      s4:provision Keep a single transaction for the erase and rebuild
      s4:python Allow 'no such object' on the delete of the DN
      s4: Re-add --ldapadminpass as an option to provision
      s4:selftest Confirm that there isn't a listener on the ldapi:// socket
      s4:provison Print the LDAP backend admin username/password
      s4:provision Make sure that we don't use Kerberos to our LDAP backend
      s4:install Remove provision-backend script from 'make install'
      s4:provision Fix existing ldapi:// backend detection exception
      s4:libcli/ldap Explain why we set a hostname for ldapi:// connections
      s4:selftest Remove the 'subunit filter' from make testenv etc
      s4:ldb Remove obsolete comment about ldb_tdb's sequence num
      s4:provision Avoid one more call to ltdb_reindex
      s4:provision Add comments to the provision script
      s4:kerberos Use MIT compatible names for these enc types
      s4:ldb Use length-limited printf to avoid walking off end of strings
      s4:ldb Python requires that a 'compare' handler return -1, 0 or 1
      s4:ntp_signd Fix bug 6656 - Set protocol version to 0, as used by ntpd
      s4:dsdb use talloc_strndup() in GET_STRING_LDB() rather than walk off the end
      s4:dsdb remove unused variable
      s4:dsdb Add const
      s4:ldb Add python binding and test for ldb_msg_diff()
      s4:dsdb Use talloc_strndup() to ensure OIDs are null terminated
      s4:dsdb Rework show_deleted module not to liniearise the LDAP filter
      s4:python Fix the reprovision test by deleting 'deleted' objects too.
      s4:dsdb Use helper function to add 'show deleted' control
      s4:dsdb Rework dsdb_write_prefixes_to_ldb() to take a schema
      s4:scheam quiet a 'const' warning
      s4:provision Only create references to our server DN after the self join
      s4:provison Add prefixes to ldb using same code a later modify will use
      s4:schema Rework dsdb_write_prefixes_from_schema_to_ldb() to use talloc
      s4:ldb Add hooks to get/set the flags on a ldb_message_element
      s4:ldb Add ldb_ldif_write_string() and python wrappers
      s4:provision Ensure that @OPTIONS is mirrored into each partition
      s4:python Add helper to get at the domain SID
      s4:ldb Don't sleep(100) in this error case, but debug the LDIF
      s4:setup Add DisplaySpecifiers from Microsoft.
      s4:selftest Fix 'make testenv-gdb' and 'make valgrindtest' etc
      s4:idl Add generated code for netlogon.idl changes
      s4:provision Don't reference provision_backend when using LDB
      libcli:drsuapi Add function to encrypt data for transport over DRSUAPI
      s4:provision Only delete SASL mappings with Fedora DS, not OpenLDAP
      s4:setup Updated Display Specifiers from Microsoft (with #s)
      s4:rpc_server netgotiate max xmit size with RPC client
      s4:kdc In the kpasswd server, don't use the client address in mk_priv
      s4:heimdal_build Love pointed me at the --one-code-file option to asn1_compile
      s4:heimdal_build Fix build breakages caused by asn1compile change
      s4:provision Prevent some invalid combinations of realm and domain
      libcli:nbt make the lmhosts parsing code and dependicies common
      s4:schema Add code to provide an index into the subClass tree
      libcli:nbt put util_net.c protos in new header file
      s4:utils Explian fix for testparm -v
      libcli:nbt move prototypes of lmhosts functions to libnbt.h
      s4:dsdb Print the partition we failed to suggest replication for
      s4:utils Remove typo...
      s4:provision split provision of DNS zone and self join keytab
      s4:ldb print out which LDB the transaction is still active on.
      s4:provision Use code to store domain join in 'net join' as well
      s4:py_security Add missing header
      s4:provision Make us Windows 2008 level by defualt again
      s4:provision Make our default salt match our server behaviour
      s4:kerberos Fix the salt to match Windows 2008.
      s4:dsdb Run the new 'descriptor' module by default.
      s4:ldb Add 'single-value' support to LDB.
      s4:ldif_handlers Fix memory leak in objectCategory LDIF handler
      s4:Ensure the selected RDN is the right one per the schema
      s4:ntvfs Don't attempt to follow NULL in unixuid_setup_security()
      s4:ldb-samba Use temp talloc contexts and talloc_steal avoid leaks.
      s4:ldb Fix ldb_list_find() folowing the change from char * to TDB_DATA
      s4:ldb always talloc_free() the ldb_ldif_write context, even on success
      s4:ldb Remove LTDB_PACKING_FORMAT_NODN
      s4-ldb: merged with master
      s4:provision Ensure we add the schema with the 'relax' control
      s4:ldap_server Ensure we don't segfault when sent a NULL new RDN
      s4:dsdb Add 'lazy_commit' module to swallow the 'lazy commit' OID
      s4:dsdb Don't allow creating of new objects with an isDefunct schema class
      s4:dsdb rework instanceType module - put instanceType in provision
      s4:dsdb Fix crash from LDAP login of DOM\\
      s4:dsdb Pass down the exact error code on failure in repl_meta_data
      s4:dsdb Return correct error on invalid attribute
      s4:ldb Don't allow modifcation of distinguishedName
      s4:ldb Don't allow RDN to be modified with an LDB modify message
      s4:dsdb Add objectClass and RDN constraints to objectClass module
      s4:dsdb add systemPossibleInferiors to schema code
      s4:dsdb Use possibleInferiors to restrict creation of child objects
      s4:provision Remove unused parameters from provision scripts
      s4:param Remove duplicate argument to python provision
      s4:drs-development Scripts to assist testing of DRS replication with AD
      s4:provision Clarify that we set, rather than modify, objectGUID values
      s4:provision Remove all references to samba4LocalDomain
      s4:dsdb Add new functions to help modules do an ldb_search()
      s4:dsdb Search for the schema with dsdb_module_search(), in schema_fsmo
      s4:ldb Allow a module string of ""
      s4:ldb Reload the 'ltdb_cache' when @OPTIONS changes
      s4:dsdb Make dsdb_read_prefixes_from_ldb static
      s4:schema Add some error checking to the schema load
      Allow (and ignore) distinguishedName on special records
      s4:ldb Allow a NULL module list
      s4:heimdal A real fix for bug 6801
      Revert "s4:hdb-samba4 - Don't double-free "db""
      s4:dsdb Rework modules create new partitions at runtime
      s4:provision Set @OPTIONS in the provision_init.ldif
      s4:dsdb Set 'notification' after the success of a change.
      s4:dsdb Be strict in selecting on-disk names for partitions
      s4:dsdb Fix tests for samba3sam to pass after partitions module changes
      s4:dsdb Fix partition_create not to return early
      s4:dsdb Don't try and casefold DNs during startup for partition load
      s4:Handle reprovision with existing partitions
      s4:dsdb Split 'set per-partition metadata' into it's own function
      s4:provison Allow the NTDS guid on the command line (for testing)
      s4:provision Test ability to set GUIDs from provision command line
      s4:dsdb Reload partition metadata if the main db updates
      s4:dsdb Only reload partition metadata on search and transaction start
      s4:dsdb Load new partitions in a running LDB if metadata changes
      s4:ldb Add function to add controls to an LDB reply
      s4:dsdb In partitions module, tell the caller what partition was used.
      s4:repl Pass schema as argument to replmd_update_rpmd()
      s4:dsdb Use 'partition modified' information to update @REPLCHANGED
      s4:dsdb Remove workaround for two partition head records
      s4:dsdb Remove default instanceType from repl_meta_data
      s4:provision Use schema to casefold partitions on 'upgrade'.
      s4:dsdb Allow creation of new partitions
      s4:epmapper Create a proper talloc tree of endpoint floors
      librpc Make talloc tree in binding tower match the floors
      s4:samr Don't leak the whole user onto the long-term handle
      s4:ldb Add new function to create a cut down list of controls
      s4:dsdb Remove potentially confusing 'partition' control from result
      s4:rpc_server Ensure we talloc_free handles when we delete objects
      s4:ldb Put ltdb_private under the 'module'
      s4:dsdb talloc_steal the backend module to under the partition
      s4:ldb_map Fix use-after-free of memory in ldb_map
      s4:dsdb Make the 'relative path' code in partitions handle tdb://
      s4:dsdb Allow loading of old-style partition records
      s4:dsdb Add note explaining about the partition format upgrade
      s4:dsdb Add default modules list to samba3sam
      s4:dsdb Use the 'correct' case for the namingContext values in rootDSE
      s4:torture Silence const warning by use of data_blob_const()
      s4:dsdb Set partitions metadata as soon as it is set up.
      s4:dsdb Split schema loading and schema data management
      util:ldb Allow multiple entries to be added in one LDIF snippit
      s4:gensec Use an index on computerName in schannel.ldb
      s4:secrets Look for LDAP secret with a name that is indexed
      s4:setup Mark 'cn' in secrets as case insensitive
      s4:dsdb Do less allocation when searching for partitions modules
      s4:dsdb Remove unused variables
      s4:dsdb Add error string in 'no such object' because of 0 replies case
      s4:dsdb Fix samba3sam test again.
      s4:dsdb 'attrs' must be static (otherwise segv with async)
      s4:dsdb Remove partition_extended_schema_update_now
      s4:ldb Add additional tracing of the ldb API
      s4:dsdb Rework partitions module for better tracing
      s4:ldb Add detail to failures in the indexing code
      s4:ldb Remove debug traces duplicated by the new generic trace code
      s4:credentials Put the 'secrets.keytab' in the same directory as secrets.ldb
      lib/util Add rfc1738 escape/unescape code from Squid
      lib/util Use rfc1738.c from Squid for all our URL encode/decode needs.
      s4:dsdb Revert back to using DN:filename in the partitions record
      Remove special case logic in 'samdb_relative_path'.
      s4:provision Rework provision to always have a ProvisionBackend
      s4:provision Make 'linked_attributes' and 'dnsyntax_attributes' a property of the Schema
      s4:provision Move 'Schema' into it's own file
      s4:provision Fix samdb test with new provision code
      s4:provision Inline 'ldap_backend_shutdown' for clarity
      s4:provision Split ProvisionBackend out of the main provision script
      s4:provision Remove LDB backend files in provision
      s4:dsdb Fix up after the MAP_ constants became LDB_MAP_
      lib/util Fix comments in rfc1738.c.
      libcli/nbt Move more of lmhosts lookup into common code
      lib/util Split data_blob_hex_string() into upper and lower
      s4:ldb Add a helper function for 'canonicalise' both strings base compares
      s4:dsdb Add new dsdb_dn to handle DN+Binary and DN+String
      s4:ldb-samba Use new ldb_any_comparison helper function in ldb-samba
      s4:dsdb Use new dsdb_dn code in LDB modules and Samba4 schema
      s4:ldb Remove DN+Binary code from the core ldb_dn
      s4:dsdb Add extensive tests for the behaviour of dsdb_dn
      s4:ldb Add Well Known GUID (WKGUID) tests to ldap.py
      s4:dsdb Ensure we allow 'odd' lengths for DN+String
      s4:dsdb Cosmetic fixes found by metze in review of dsdb_dn changes
      s4:vampire Print error message when we fail on the CLDAP ping
      s4:dsdb/schema Simplify schema loading from ldb messages
      s4:dsdb/repl Split the 'convert' or 'commit' stages in the DRS import
      s4:provision Remove unused 'sambadn' parameter
      s4:provision Add C binding to get at the generate schema
      s4:Fix regression in dsdb_dn code - all parses of the DN would be rejected
      s4:dsdb Add expected value tests for most DRS syntax conversions
      s4:torture Convert RPC-DSSYNC test to use LDB rather than raw LDAP
      s4:ldb Change ldb_request_add_control to the normal 'for loop' pattern
      s4:ldb Don't segfault if we somehow get an unknown extended dn element
      s4:dsdb/schema Allow a schema set when bound against a remote LDAP server
      s4:ldb Allow ldb_msg_canonicalize to handle empty elements
      s4:torture Add const
      s4:torture/dsdb Add verification of the push-to-LDB functions in RPC-DSSYNC
      s4:torture Remove _drs_util_verify_attids() from RPC-DSSYNC
      s4:dsdb Improve debug message in extended_dn_out
      s4:torture Use (some) torture_assert() calls in RPC-DSSYNC test
      s4:dsdb/schema Add more unit tests for DN+Binary syntaxes
      s4:repl_meta_data Parse linked attributes with schema syntaxes
      s4:libcli/ldap Add 'relax' OID to known network representations
      s4:selftest Mark the RPC-DSSYNC test as knownfail for now
      s4:dsdb Make callbacks in extended_dn_out clearer to follow
      s4:heimdal: import lorikeet-heimdal-200909210500 (commit 290db8d23647a27c39b97c189a0b2ef6ec21ca69)
      s4:heimdal: import lorikeet-heimdal-200911122202 (commit 9291fd2d101f3eecec550178634faa94ead3e9a1)
      s4:heimdal Import generated files from heimdal tree
      s4:SAMLDB module - Add support for required and generated schema attributes
      s4:dsdb LDB attribute lists must always be a static const char **.
      s4:dsdb Add 'dsdb_flags' to dsdb_module_search() to enable often-used features
      s4:dsdb Break up 'parse a DN from DRSUAPI' into a subfunction
      s4:dsdb Use the new flags to dsdb_module_search in schema_load
      s4:dsdb Load objectGUID and extended DN defaultObjectCategory into the schema
      s4:provision Generate a random objectGUID for each schema record
      s4:dsdb Rework samdb code to use 'storage format' DNs for defaultObjectCategory
      s4:schema Add the GUID to each defaultObjectCategory when loading from LDIF
      s4:provision Split up reference creation, load schema earlier in the stack
      s4:dsdb With these workarounds, we now pass the RPC-DSSYNC test
      s4:heimdal: import lorikeet-heimdal-200911170333 (commit b532c294d974cead40a1183c71be644c6ccc2832)
      s4:provision Simplify the module list
      s4:dsdb Move module configuration from each ldb into samba_dsdb.c
      s4:provision Remove 'operational' from secrets.ldb module list
      s4:dsdb Add function to return the CN=Aggregate schema DN
      s4:dsdb Return the subSchemaSubEntry operational attribute on every object
      s4:dsdb Use new helper function to obtain CN=Aggregate schema DN in schema_data
      s4:ldap.py Add tests for subSchemaSubEntry
      s4:operational LDB module - Prevent the modification of operational attributes
      s4:provision Move secrets.ldb over to .c file module lists, like sam.ldb
      s4:provision Don't bother with a template for the LDAP backend startup script.
      s4:provision Move exceptions into a new file
      s4:dsdb Handle LDAP backends correctly with new samba_dsdb system
      heimdal Fix invalid format string
      s4: update valgrind suppressions for use on build farm
      s4:dsdb Make samba_dsdb easier to use in upgrades - assume default values
      The start of a WHATSNEW for Samba4 alpha9
      Fix path to upgradeprovision
      s4:provision Make setting the domain SID in the self join optional
      s4:ldb Provide bindings for ldb_transaction_prepare_commit()
      s4:upgradeprovision Rework script, and reset machine account pw
      s4:selftest Add tests for upgradeprovision
      s4:upgradeprovision Use mkdtemp to create unique tempoary directory names
      s4:upgradeprovision add 'exit $failed' to blackbox test
      s4:dsdb Don't segfault with ldb_transaction_prepare_commit() without begin()
      s4:upgradeprovision Rework update_machine_account_password() tranactions
      s4:WHATSNEW Nadezhda's acl module handles modifies
      s4:ldap.py Add test of namingContext behaviour after tridge found a bug
      s4:setup Adjust upgradeprovision blackbox test now we don't have --targetdir
      This is alpha9
      Improve upgrade instructions
      Fix build of Samba4 from tarball generated by mkrelease.sh
      On our way to Samba4 alpha10!
      Merge commit 'origin/master' into abartlet-devel
      s4:dsdb Hide the LM password by default too
      s4:build torturedir and -DTORTUREDIR is unused
      s4:dsdb Make parentGUID handler use dsdb_module_search_dn()
      s4:dsdb Make primaryGroupToken calculation more efficient and correct
      s4:ldap.py Improve testsuite for primaryGroupToken behaviour
      s4:ldb Add a function to match a message against an objectClass
      s4:dsdb Use ldb_match_msg_objectclass in operational.c
      s4:build Bump ldb and tdb required versions.
      A WHATSNEW for alpha10
      This is alpha10
      s4: On the way to alpha11
      Merge commit 'origin/master' into abartlet-devel
      s4:provision Give a more useful error message in guess_names
      Samba4 and LDB requires talloc 2.0.1
      s4:auth generate the prototype file in the right place
      s4:auth Change 'get_challenge' API to be more like Samba3
      s4:gensec Don't give a warning when Windows client connects with NTLM
      libcli/auth Make gd's NDR NTLMSSP parsers helpers common
      s3:ntlmssp: rename enum NTLMSSP_ROLE into enum ntlmssp_role
      s3:ntlmssp: move to C99 integer types in ntlmssp.h
      s3:ntlmssp: remove the typedef NTLMSSP_STATE
      s3:ntlmssp: only include ntlmssp.h where actually needed
      release notes for Samba4 alpha11 (to be released this week)
      This is Samba4 alpha11!
      more WHATSNEW4
      and we move on towards Samba4 alpha12!
      Merge remote branch 'origin/master' into alpha11release
      s4:provision Just 'do the right thing' with empty smb.conf files
      s4:provision Be more polite to long-suffering Samba testers.
      s4:param Modify secrets_get_domain_sid to give more useful errors
      s4:winbind Make the 'no SID found' message even more detailed
      s4:rpc_server Record the remote connections association group ID
      misc.idl:  Add reference to the slightly odd representation of if_version
      s4:selftest Add infrastructure for testing against an RPC proxy
      s4:selftest Add test for the RPC proxy
      librpc When sending endpoint mapper requests, include the minor if_version
      s4:rpc_server Add a 'if_version' parameter to the bind operation.
      s4:credentials Add hooks to extract a named Kerberos credentials cache
      librpc/ndr Remove unused macros
      s4:scripting/devel Allow tmpfs script to be re-run
      s4:install Fix bug #7149 reported by JHT.
      s4:ldb Fix segfault in ldbsearch store_referral callback
      s4:python Add bindings to set GENSEC flags on credentials in python
      s4/rpc_server Don't segfault over replPropertyMetaData contents
      Move prototype to header of common code for set_sockaddr_port
      s4:lib/socket Add function to set a port on the socket address
      s4:libcli/resolve Use a more robust way to return the string address
      s4:lib/socket Don't go via a string when resolving addresses in connect_multi
      s4:samba_dnsupdate Add a 'file based' mode to samba_dnsupdate
      libcli/nbt Add parser for a 'hosts' file that takes DNS record types
      s4:libcli/resovle File based lookup module for DNS name types
      s4:libcli Use integrated name resolution when connecting SMB
      s4:provision Improve the handling of provision errors
      Explain why we don't use certain characters in the generated pw
      selftest: Remove dns_host_file every time we start
      s4:selftest Add file based DNS resolver to selftest environment
      s4:dsdb Don't error out if we can't get the Aggregate schema DN yet
      s4:dsdb Add a memory context for dsdb_get_schema()
      s4:dsdb/acl Reduce calls to dsdb_get_schema() and add memory context
      s4:dsdb Fix warnings in DEBUG() by casting to unsigned long int
      s4:dsdb Change dsdb_get_schema() callers to use new talloc argument
      s4:dsdb Show more detail in failure to compute the aggregate DN.
      s4:dsdb Move rdn_name down the stack
      s4:dsdb Don't load the schema unconditionally
      s4:dsdb Add 'const' to some struct dsdb_schema variables
      s4:dsdb Remove unused 'dsdb_make_schema_global' call from pyglue
      s4:schema Expand the schema structure
      s4:dsdb Move dsdb_save_partition_usn() to be a module helper function
      s4:dsdb Rework schema loading and add schema reloading
      s4:dsdb Add a shortcut sequence number for schema reloads
      s4:ntlmssp Ensure that we always negotiate signing if we negotiate sealing.
      s4:cmdline Add --sign and --encrypt options to our common command line
      s4:selftest Test --sign and --encrypt options to ldbsearch
      s4:kdc Add support for changing password of a servicePrincipalName
      s4:selftest Add testing of kpasswd password set on servicePrincipalName
      s4:heimdal: import lorikeet-heimdal-201001120029 (commit a5e675fed7c5db8a7370b77ed0bfa724196aa84d)
      s4:heimdal New files and supporting logic for heimdal update
      s4:testprogs Fix kinit test for updated Heimdal
      s4:heimdal: import lorikeet-heimdal-201003262338 (commit f4e0dc17709829235f057e0e100d34802d3929ff)
      s4:testprogs Update test to match current Heimdal
      s4:heimal Update generated files (cp from Heimdal)
      s4:heimdal_build Remove forced HAVE_STRERROR_R
      s4:heimdal Use correct variable to advance past -- options in kpasswd
      tsocket_bsd: Always use a real length for the sa_socklen, and keep it around
      pidl:python Allow 'nopython' to work
      librpc/idl Use [nopython] on some drsblobs.idl 'functions' as an example
      s4:credentials talloc_free() any previous salt_principal
      s4:credentials Add the functions needed to do S4U2Self with cli_credentials
      s4:heimdal Add hooks to check with the DB before we allow s4u2self
      s4:kdc Add functions to hdb-samba4 for the new s4u2self callback.
      s4:heimdal Create a new PAC when impersonating a user with S4U2Self
      s4:schema Try to fix OpenLDAP backend after schema reload support.
      s4:rpc_server Add all SIDs into the netlogon SamLogon reply
      s4:provision Don't make the 'slaptest' call produce errors
      s4:rpc_server Fix segfault in modified SamLogon handling
      s4:ldif_handlers tokenGroups are SIDs
      s4:dsdb Improve error message in extended_dn_in
      s4:rootdse Implement "tokenGroups" in the rootDSE
      s4:dsdb Don't return operational attributes on special DNs
      s4:dsdb Don't use the permissive modify control on schemaInfo updates
      s4:auth Remove event context from anonymous_session()
      s4:auth Allow the simple 'struct auth_session_info' generator for all users
      s4:auth Change auth_generate_session_info to take an auth context
      s4:provision Pass in the invoication ID and NTDS Settings DN to Schema()
      s4:provisionbackend Print the command we failed to start slapd with
      s4:provision Use more reasonable values for DB_CONFIG
      s4:dsdb Revert accidentilly commited change for LDAP backends
      s4:OpenLDAP-backend Use the new rdnval module in OpenLDAP
      s4:selftest Ensure we don't fsync() all day in the LDAP backend test
      s4:provison Pass nosync in for the OpenLDAP cn=config too
      s4:ldap-backend Fix LSA test failures with OpenLDAP backend - convert SIDs
      s4:provision Make OpenLDAP backend more robust
      s4:provision Remove moduleload for 'hdb' (wrong name).
      s4:kerberos Give a better error message than "Could not allocate memory"
      s4:gensec Use a different form of 'name' in GSSAPI import_name()
      s4:provisionbackend Don't loop forever waiting for OpenLDAP
      s4:howto Improve OpenLDAP backend instructions
      s4:libnet Make 'net vampire' more robust to command line arguments
      s4:dsdb Fix use of memory after free in repl_meta_data
      s4:credentials Make the CCACHE in credentials depend on the things that built it
      s4:dsdb Use replPropertyMetaData as the basis for msDS-KeyVersionNumber
      buildtools: Add 'make testenv' to Samba4 make targets
      s4:dsdb Provide an intelegent fallback if not CN=Subnets is found
      s3:kerberos Return PAC_LOGON_INFO rather than the full PAC_DATA
      s3:auth Make get_ntlm_challenge more like Samba4
      s3:winbindd Remove call to namecache_enable().
      s3:smbd Remove calls to namecache_enable()
      s3:libsmb/namecache Remove namecache_enable()
      s3:winbindd Rename 'children' to 'winbindd_children' and make static
      s3:Winbindd Move winbindd_event_context to a different file
      s3:winbindd Split helper functions to allow s3compat to call them
      s3:winbindd Provide a winbindd_register_handlers() helper function for s3compat
      Revert "s4: remove unused references to swat"
      waf: Make waf handle IDL files from Samba3
      s4:ntvfs Prepare for a possible future sharing of notify.idl
      s4:credentials Allow setting of an empty Kerberos CCACHE
      s4:process_modals Add another process modal - 'onefork'
      s4:process_model Fix process_standard and process_onefork not to use
      s4:winbindd Rework some winbind structures to make s3compat easier
      s4:gensec expose gensec_set_target_principal for use outside GENSEC
      s4:auth Make it clear to the callers the talloc lifetime.
      s4:provision Remove unused 'account_name' parameter
      s4:credentials Add in tracking of the password last set time
      s4:winbindd Record the privilaged pipe dir
      s4:ntvfs Prepare for a possible future sharing of notify.idl
      pidl: Allow new property 'no_srv_register'.
      s3:winbind use no_srv_register to avoid needing rpc_srv_register
      s3:split secrets.c to put machine account secrets in a new file
      s4:dsdb disable tokenGroups until end of rewrite
      s4:auth Move BUILTIN group addition into session.c
      s4:torture Add tests to demonstrate S2U4Self in the RPC-PAC test
      s4:auth Allow the operational module to get a user's tokenGroups from auth
      s4:auth Add dependency from the operational module onto auth
      s4:auth Push check for messaging context into winbind backend
      s4:auth Change auth_generate_session_info to take flags
      s4:auth handle addition of nested aliases of domain groups.
      s4:auth Error out when a memberOf DN does not have a SID
      Revert "Make -k a simple non-bool option."
      s4:auth Fix previous commit - segfault in determinging a user's groups
      s4:auth Remove un-needed headers.
      s4:libcli/ldap Rename ldap.h to libcli_ldap.h
      s3:passdb Remove use of uint8 uint16 and uint32 in favour of C99 types
      s3:dom_sid Global replace of DOM_SID with struct dom_sid
      s4:libcli/ldap Update headermap.txt (autotools build) and wscript_build for libcli_ldap.h
      s4:ntvfs rename notify.idl to s4_notify.idl until we can merge this IDL
      s4:dsdb Allow a NULL search expression in dsdb_search()
      s4:samr Split the guts of samr_CreateUser2 into a helper function
      s4:samr Split most of samr_CreateDomainGroup into a helper function
      s4:samr Move most of samr_CreateDomAlias into a helper function
      s4:samr Push most of samr_QueryGroupMember into a helper function
      s4:samr Push most of samr_LookupRids into a helper function
      s4:idmap Seperate idmap structures from winbind.idl and match to source3/ idmap
      s4:idmap Adjust code to new idmap structure names and layout.
      s4:winbind Fix up includes after seperation of idmap.idl from winbind.idl
      s4:winbind Change include guard so as not to conflict with idmap.h in source3
      s4:winbind Change idmap API to match that used by the source3/ idmap subsystem
      s4:winbind Give more detail on the parameters when reporting idmap failure
      waf Read VERSION file inside WAF to set package version
      s4:kdc Remove special talloc_free of the ldb context
      waf Add DIST_BLACKLIST to list files that we cannot include in a release
      s4:waf Exclude the autotools based build environment from a Samba4 release
      waf Provide release signing capability in 'waf dist'
      s4:build use autotools for mkrelease.sh
      s4:build Don't automatically mark as 'not a git snapshot'.
      s3:smbd split smbd/server.c into smbd/server.c and smbd/server_exit.c
      s3:smbd split reload services/printers functions from server.c
      s3:smbd move messaging_context and memcache into globals.c
      s3:lib split out global workgroup and netbios name functions.
      s3:lib s3:lib move get_global_sam_name to util_names.c
      s3:winbind Kill amusing but un-used winbindd_kill_all_clients
      s3:auth Fix segfault when the user cannot be found by getpwnam()
      s3:auth Make AUTH_NTLMSSP_STATE a private structure.
      s3:auth Remove AUTH_NTLMSSP_STATE typedef.
      s3:ntlmssp Add two unused variables to match the Samba4 ntlmssp.h
      ntlmssp: Make the ntlmssp.h from source3/ a common header
      s3:ntlmssp Use a TALLOC_CTX for ntlmssp_sign_packet() and ntlmssp_seal_packet()
      s3:ntlmssp Move ntlmssp_sign.c from source3 to common code.
      Revert "s3:winbindd Split helper functions to allow s3compat to call them"
      s3:winbind tidy up connecting the winbind sockets.
      s3:winbind Make state->mem_ctx a talloc child of state
      s3:winbindd move reinit_after_fork() back out of winbindd_register_handlers
      s3:param Add helper function to get at Gobals.iDomainMaster
      s3:param Put 'server_role' functions in another file.
      s4:ntlmssp Merge ntlmssp structures with version from source3/
      s4:ntlmssp Use the new common ntlmssp.h
      s4:ntlmssp Use common code for ntlmssp_sign.c
      s3:auth Rename wksta_name -> workstation_name in auth_usersupplied_info
      s3:idmap Use idmap.idl defined structures and constants
      s3:winbind Ensure we always init idmap_passdb before we use it
      s3:auth Rename user_info->smb_name -> user_info->client.account_name
      s3:auth Rename user_info->internal_username -> user_info->mapped.account_name
      s3:auth fix header comment for internal_username -> mapped.account_name
      s3:auth Rename user_info->client_domain -> user_info->client.domain_name
      s3:auth Rename user_info->domain -> user_info->mapped.domain_name
      s3:smbd Fix segfault if register_existing_vuid() fails
      named_pipe_auth Always lower case the incoming pipe name
      s3:smbd Give the kerberos session key a parent
      s3:named pipe proxy Improve error messages when named pipes fail to forward
      s3:auth Change auth_ntlmssp_server_info API to return NTSTATUS
      s3:auth add hooks to indicate if signing or sealing is desired with NTLMSSP
      s4:dsdb Put back the reference and set_attributes in dsdb_reference_schema
      s4:dsdb Add more debugs to help track down failures to parse the prefixmap
      s4:dsdb Provide a function to convert from DRS prefix maps to the LDB prefixmap
      s4:dsdb Allow a binary prefix map to be specified in the LDIF
      s4:provision Allow both additional and override prefixmaps in Schema
      s4:dsdb Simplfy match of objectclass in dsdb_schema_set_el_from_ldb_msg
      s4:dsdb Add debug
      s4:dsdb Allow calling dsdb_convert_object_ex() directly
      s4:libnet Make the libnet_vampire default callbacks non-static
      s4:libnet Steal ldb and lp_ctx from python result into correct structures.
      s4:torture Rework NET-API-BECOMEDC test to use libnet_vampire callbacks.
      s4:dsdb Use the schema from our local provision to decode the schema
      s4:dsdb Allow the setting an override on the schema
      s4:dsdb Keep the DRS-based prefix map for use in provision-based schema
      s4:provision Allow a specific prefix map to be loaded into a new schema provision
      s4:dsdb Rework the vampire schema handling to convert 3 times.
      s4:selftest Remove becomedc tests from knownfail, these should now pass
      s4:selftest Remove unused basedn specification in selftest env setup
      s4:dsdb Add const to dsdb_dn functions that operate on an ldb_val.
      s4:dsdb Move linked attribute restrictions to objectclass_attrs
      s4:dsdb Add control for signaling between repl_meta_data and linked_attributes
      s4:dsdb Handle backlinks for Windows 2000 level linked attributes
      s4:dsdb use dsdb_module_modify() rather than ldb_next_request()
      s4:selftest Add vampire_dc test environment
      s4:provision Allow functional level 2000 to be chosen
      s4:provision Add import for DS_DOMAIN_FUNCTION_2000
      s4:selftest Add test environment for functional level 2000
      s4:dsdb Assert that we can't get backlinks as input in linked_attributes
      s4:dsdb Fix linked_attributes to cope with the Feb 2010 changes to DLIST
      s4:libnet Remove 'ads min function level' checks.
      s4:selftest Change domain name for functional level 2000 DC
      s4:dsdb Allow renames with (now removed) linked attributes
      s4:ldif-handlers Add a custom handler for DNs that knows about deleted values
      s4:kdc Use msDS-SupportedEncTypes in our KDC
      libds:common Remove DS_DC_* domain functionality flags
      s4:libnet When joining a domain, update msDS-SupportedEncryptionTypes
      s4:provision Remove am_rodc from Schema
      s4:provision Raise default max functional level to 2008R2
      s4:net Remove warnings for 2000 native mode and Samba4.
      s4:selftest Add 2003 and 2008R2 test environments and tests
      s4:selftest Change netbios aliases to shorter names.
      s4:selftest For the moment the server role '2008_R2' is case sensitive
      s4:selftest Fix up netbios names for rpc_echo test
      libcli/auth make open_schannel_session_store() public
      s4:schannel Open the schannel_store.tdb at startup
      s3:schannel Open the schannel_state.tdb at startup
      schannel Change to TDB_CLEAR_IF_FIRST to reduce fsync()
      s4:provision Add an msDS-SupportedEncryptionTypes entry to our DC
      s4:libnet_join Fix typo in msDS-SupportedEncryptionTypes
      s4:kerberos Add functions to convert msDS-SupportedEncryptionTypes
      s4:auth Query LDB for msds-SupportedEncryptionTypes for the KDC
      s4:kdc Rework the 'allowed enc types' calculation
      s4:selftest Split out PKINIT tests from test_kinit.sh and test enc types
      s4:secrets Ensure secrets.ldb uses the same hooks as the rest of Samba
      s4:dsdb Fix possible schema segfaults for DRS-replication based schema
      s4:dsdb Ensure we free old schema copies
      s3:smbd Fix segfault if register_existing_vuid() fails
      s3:smbd Give the kerberos session key a parent
      s3:auth Change auth_ntlmssp_server_info API to return NTSTATUS
      s4:testprogs Prove kerberos still works after a password change
      s4:pyldb Fix memory handling for ldb_message_element
      s4:pyldb whitespace fix
      s4:provision Handle machine account password changes while keeping keytab
      s4:testprogs Show that we no longer delete the old keytab entries
      s4:testprogs Operate the blackbox kinit and net tests using the :local config
      s4:ntlmssp Adjust Samba4 ntlmssp code to look more like the code in Samba3.
      s4:ntlmssp Always setup the session keys and signing state
      s4:ntlmssp Re-add gensec_ntlmssp wrapper to allow merge with source3/
      s4:ntlmssp Merge more aspects of the source3/ NTLMSSP layer
      libcli/auth Move some source3/ NTLMSSP functions to the common code.
      s3:ntlmssp Redirect lp_lanman_auth() via 'allow_lm_key'
      s3:ntlmssp Add extra DEBUG() message for auth system failures
      s3:ntlmssp Don't use the lm key if the user didn't supply one.
      s3:ntlmssp Don't reply with the LM_KEY negotiation flag when not available
      s3:ntlmssp Don't permit LM_KEY in combination with NTLMv2
      s3:ntlmssp Don't use talloc_tos() for NTLMSSP blobs for now
      s3:ntlmssp Always call ntlmssp_sign_init()
      s3:ntlmssp Split the NTLMSSP server into before and after authentication
      libcli/auth Make the source3/ implementation of the NTLMSSP server common
      s3:libnet Add other required headers for libnet_samsync_keytab.c
      s3-krb5 Only build ADS support if arcfour-hmac-md5 is available
      s3-krb5 Only build ADS support if arcfour-hmac-md5 is available
      s3:libnet Add other required headers for libnet_samsync_keytab.c
      s4:auth Move struct auth_usersupplied_info to a common location
      s3:auth Make Samba3 use the new common struct auth_usersupplied_info
      s3:auth Whitespace fixes after auth merge
      s3:auth Change 'make_user_info' to be talloc based
      s3:auth Change winbindd -> auth interface to more standard structures
      s3:auth Add error paths for invalid password_state values
      s4:security Bring in #defines for the user and primary group token location
      s4:ntvfs Don't treat the user SID and primary group SID special for idmap
      s4:security Remove use of user_sid and group_sid from struct security_token
      s4:auth Remove special case constructor for admin_session()
      s4:auth Remove the system:anonymous parameter used for the LDAP backend
      s4:auth Remove system_session_anon() from python bindings
      s4:auth Avoid doing database lookups for NT AUTHORITY users
      s4:auth Change {anonymous,system}_session to use common session_info generation
      s4:ldap_server use talloc_unlink() to avoid talloc_free() with references
      s3:selftest This test does not fail anymore (Samba4's smbtorture has been fixed)
      s3:param Clarify parameter name on init_globals()
      s3:pdbtest Fix command name of pdbtest
      s4:security Change struct security_token->sids from struct dom_sid * to struct dom_sid
      s3-auth Rename NT_USER_TOKEN user_sids -> sids
      s3-auth Rename NT_USER_TOKEN privileges -> privilege_mask
      s4:provision Allow OpenLDAP backend to provision again
      s4:dsdb Don't reload the schema against OpenLDAP backend
      s4:dsdb Make the dereference control critical if input is critical
      s4:dsdb Fix attribute being searched for in dereference against Fedora DS
      s4-setup Make krb5.conf use DNS by default
      s4-dsdb Change debug levels for startup messages
      s3:privileges Change SE_PRIV to be just a uint64_t
      s3:Change SE_PRIV to uint64_t
      s3:privs Change to new host endian neutral privilages tdb format
      privs Move privilege bitmasks to security.idl
      s3-privs Further changes to remove SE_PRIV
      s4-privs Remove link between enum sec_privilege and the privilege bitmap
      s3-privs Use constants from security.idl
      s3-privs Remove comment already moved to security.idl
      security.idl clarify which privilages are LUID and bitmap values
      privs Add my Copyright
      s4-privs Add a lookup by index of privilages
      s3-privs Only store low bits of luid in privileges table
      security.idl Update Windows privileges list to Win2008R2
      security.idl Add comments
      s3-auth Change type of num_sids to uint32_t
      s3-auth Change struct nt_user_token -> struct security_token
      s3:auth Remove NT_USER_TOKEN
      s3-privs Rename mask -> privilege_mask to be more clear
      s3-privs More clarity in variable names
      s3-privs Rename structure elements for greater clarity
      s3-privs Move source3/ privileges implmentation into common
      libcli/security Use true and false, not True and False
      libcli/security Use C99 types
      libcli/security Use talloc_realloc() not TALLOC_REALLOC_ARRAY()
      s3-privs Inline dump_se_priv into callers now that it's just a uint64_t
      s3-privs Move manual prototypes to common privileges.h
      libcli/security Move source4/ privileges code into the common libcli/security
      libcli/security Make the two privileges tables share a common struct definition
      libcli/security Fix and clarify privilege manipulation function comments
      libcli/security Use ARRAY_SIZE() consistantly.
      libcli/security Don't memcpy a uint64_t value, just assign it.
      libcli/privileges Simplify get_privilege_luid() to return just the enum
      libcli/security Return number of entries in the old source3 list
      libcli/security Merge privilege lists from source3 and source4
      s3-lsa Use sec_privilege_id() to lookup name to LUID
      libcli/security Don't export privs[] as a global variable
      s3-privs Remove a pointer indirection from revoke_privilege()
      s3-privs Call security_token_set_privilege() rather than manual assignment
      s3-privs Remove pointer indirection from se_priv_to_privilege_set()
      s3-privs Remove a pointer from grant_privilege()
      s3-privs Convert from user_has_privileges() -> security_token_has_privilege()
      libcli/security Improve dump of privileges:  Just walk the table
      libcli/security Add an invalid LUID privilege value
      s3-privs Directly manipulate the privileges bitmap.
      libcli/security Remove luid_to_se_priv() and luid_to_privilege_name()
      s3-privs Rework privilege enumeration to also use new DB format
      libcli/security Rename all privilege bitmaps constants
      s3-privs Rework access_check_object() to take two privileges
      libcli/security Remove unused functions and constants.
      libcli/security make sec_privilege_id() return SEC_PRIV_INVALID on failure.
      libcli/security Expose sec_privilege_mask()
      s3-privs Make privilege_enum_sids() take an LUID, not a bitmap
      s3-privs Hide the bitmap-based grant_privilege and revoke_privilege
      s3-privs Overhaul PRIVILEGE_SET handling, avoid dealing with the bitmap
      s3-privs Remove unused function
      libcli/security Remove unused declarations from privileges.h
      libcli/security Make sec_privilege_from_index() return SEC_PRIV_INVALID on failure
      s3-privs Remove extra pointer on privilege mask
      s3-privs Add const
      libcli/auth Failure to find the cached session key for SCHANNEL isn't level 0
      s4-rpc_server Put all 'logon failure' messages at the same debug level 4
      s3-util_sid Tidy up global struct security_token
      libcli/security Remove 'always true' return from se_priv_put_all_privileges
      s3-samr Explian better the use of two privileges in this call
      libcli/security Move 'private' privileges functions to another header
      libcli/security Remove unused SE_NONE define
      s3-krb5 Fix Kerberos on FreeBSD with Samba4 DCs
      s4-privs Seperate rights and privileges
      libcli/privileges Fix comment
      libcli/security Use talloc_zero when making a struct security_token
      security.idl Clarify that this is not a network structure
      s4:gensec Put the "NTLM" string for NTLMSSP's SASL name in a header
      s3-auth Fix typo in comment
      s4-privs Fix enum privileges in LSARPC server
      s3-dom_sid Use C99 types in dom_sid handling
      s3-util_sid Accept S-1-5 as a SID
      s3-util_sid use ARRAY_SIZE() to ensure we never overflow the dom_sid
      libcli/security Merge source3/ string_to_sid() to common code
      libcli/security Use sid_append_rid() in dom_sid_append_rid()
      s3-util_sid Use the NDR parser to parse struct dom_sid
      s3-torture Add tests to show that the dom_sid parsing was faulty.
      s3-dom_sid Use C99 types in dom_sid handling
      s3-util_sid Accept S-1-5 as a SID
      s3-util_sid use ARRAY_SIZE() to ensure we never overflow the dom_sid
      libcli/security Merge source3/ string_to_sid() to common code
      libcli/security Use sid_append_rid() in dom_sid_append_rid()
      s3-util_sid Use the NDR parser to parse struct dom_sid
      s3-torture Add tests to show that the dom_sid parsing was faulty.
      libcli/auth/ntlmssp Be clear about talloc parents for session keys
      s4-torture assert that we get a temp datagram socket.
      torture/raw Allow one more 'not implemented' status return as a valid response
      s4-winbind Add a proxy method to update DNS records with a read-write DC
      libcli/ldap Add const to ldap_encode_ndr_dom_sid()
      s3: Replace sid_binstring and sid_guidstring with PIDL-based alternatives
      s3-uuid Remove unused smb_uuid_pack()
      s3-libads call common GUID_from_ndr_blob()
      s3-lib/util Remove unused smb_uuid_unpack()
      s4:ntlmssp Adjust Samba4 ntlmssp code to look more like the code in Samba3.
      s4:ntlmssp Always setup the session keys and signing state
      s4:ntlmssp Re-add gensec_ntlmssp wrapper to allow merge with source3/
      s4:ntlmssp Merge more aspects of the source3/ NTLMSSP layer
      s4:auth Move struct auth_usersupplied_info to a common location
      s4-kerberos Fix kerberos_enctype_bitmap_to_enctypes()
      s4-libnet Remove libnet_samdump_keytab() and net samdump keytab
      s4-kerberos Move 'set key into keytab' code out of credentials.
      s4-libnet_join Use header constant for 'all encryption types' in msDS-SupportedEncryptionTypes
      s4-selftest Run slow tests less often
      selftest Don't run 'speed' tests for very long
      s3-krb5 Fix Kerberos on FreeBSD with Samba4 DCs
      s4-kerberos Rework keytab handling to export servicePrincipalName entries
      s4-kerberos Don't segfault if the password isn't specified in keytab generation
      s4-dsdb Fix segfault in error case in rootdse module
      s4-kdc Use msDS-SecondaryKrbTgtNumber to fill in the full KVNO
      s4-kdc Add function to determine if a hdb entry is a RODC
      s4-dsdb Make samdb_reference_dn() use dsdb_search() and DSDB_SEARCH_ONE_ONLY
      s4-dsdb Add ldb_reset_err_string() when we set error codes.
      s4-kdc Add common setup, handle RODC setup case
      heimdal Add support for extracting a particular KVNO from the database
      heimdal Add an error code for use in the RODC
      s4-kdc Handle the case where we may be given a ticket from an RODC in db layer
      heimdal Fix DNS name qualification to not mangle IP addresses
      heimdal Use a seperate krb5_auth_context for the delegated credentials
      s4-kdc Ensure that an RODC may act as a server (needed to fill
      heimdal: added verbose logging of hemimdal crypto errors
      heimdal use returned server entry from HDB to compare realms
      s4-auth Allocate domain SIDs under the sids array, not server_info
      s4-auth Add make_server_info_pac() to include 'resource domain' groups
      s4-kdc Rework 'allowed encryption types' handling in the KDC
      s4-kerberos Don't regenerate key values for each alias in keytab
      s4-gensec Always honour the set server principal
      s4-heimdal_build fix up build after heimdal import
      s4-heimdal We don't need HDBDIR any more
      s4:heimdal: import lorikeet-heimdal-201010022046 (commit 1bea031b9404b14114b0272ecbe56e60c567af5c)
      Add new files for sha512 support
      s4-kdc Fix up after import of new lorikeet-heimdal
      s4-kdc Remove special case kerberos restriction in the KDC
      s4-libnet_vampire use a linked list to handle schema objects pending conversion
      s4-kerberos Remove unsued variable
      s4-kerberos Remove unused parameter
      s4-param Refactor secrets code to not require an event context.
      s4-credentials Add explicit event context handling to Kerberos calls (only)
      s4-smbd Remove event_context_set_default()
      s4-tevent Remove event_contex_find() and event_context_set_default()
      s4-ldb Don't use talloc_autofree_context() in ldb
      s4-ldb Allow a NULL event context in samba_ldb_init()
      ldb The use of a private event context isn't a hack
      lib/torture:  Add function to clean up the output directory
      s4:smbtorture Create a new random output directory each time, and delete it
      libcli/security Move most of security_token.c to common code.
      lib/debug Add DEBUGC and DEBUGADDC as dummies
      libcli/security Add debug class to security_token_debug() et al
      s4-libcli/security Use seperate subsystem for session related functions
      s4-credentials Allocate ldb result on correct memory context
      libcli/security Use common security.h
      libcli/security Provide a common, top level libcli/security/security.h
      s3 Replace is_sid_in_token() with security_token_has_sid() from common code
      s3-auth use security_token_has_sid() from the common code
      s3-auth Use security_token_debug() from common code
      s3-util_nttoken.c Also copy the rights_mask when copying a security_token
      s3-acl Merge source4-supported privileges into se_access_check
      s3-acl Use uint32_t for counting the ACEs
      s4-acl Merge sec_access_check() with se_access_check() from source3/
      libcli/security Move source3/lib/util_seaccess.c into the common code
      libcli/security Define traditional constants in terms of IDL macros
      libcli/auth Merge source4/libcli/security and util_sid.c into the common code
      libcli/security Use static SIDs rather than parsing from strings
      Revert "s4:dsdb - make the RELAX control private"
      dsdb simple_ldap_map depends on LDBSAMBA
      s4-provision Use --ldap-backend-nosync rather than just --nosync
      s4-openldap-backend Don't set 'dbnosync' on cn=config
      ldb Ensure we mark ongoing LDAP requests as PENDING
      s4-selftest Make GDB_PROVISION work again
      s4-ldb Add LDB_REQ_SET_LOCATION to help track handler use
      s4-provision Remove serverdn parameter from Schema()
      s4-provisionbackend Allow a fixed URI to be specified for LDAP backend
      s4-gensec Don't upgrade all DIGEST-MD5 connections to seal
      s4-gensec Don't give more to sasl_encode() than it will permit
      s4-auth Add DEBUG() for invalid DNs and errors expanding user groups.
      s4-dsdb Allow LDB_ERR_INVALID_DN_SYNTAX in dsdb_load_partition_usn
      s4-dsdb Add module to send only 'simple' DNs to OpenLDAP backends
      s4-dsdb Reset the error string after 'expected' errors.
      s3-waf Use LIBSECRUITY subsystem from the common wscript_build
      libcli/ldap Don't try and encode a control with a NULL OID
      s4-dsdb extended_dn_out: Move lazy dereference control creation to lazy-init
      libcli/security Remove unused sec_acl_equal()
      s3-smbd Remove manual override of DEBUGELVEL during exit
      librpc Make ndrdump use printf() rather than having to mess with DEBUG()
      auth/credentials Give a sensible behaviour for resetting the krb5 context
      lib/util Remove setup_logging_stdout()
      s4-torture Remove torture/locktest2.c (no longer compiled and unused)
      lib/debug Use vdprintf rather than manually allocate
      s3-debug Impove setup_logging() to specify logging to stderr
      s3-debug Remove 'AllowDebugChange' and use lp_set_cmdline() instead
      s3-debug Remove last direct assignements to DEBUGLEVEL
      s3-debug Convert from x_file to real file descriptors.
      s3-debug Move 'load_case_tables()' before lp_set_cmdline() and popt calls
      s3-debug Clarify the handling of invalid state.fd values in debug.c
      debug Explain the behaviour of setup_logging() more clearly
      s3-libsmbclient-examples Add tests for debug behaviour.
      s3-libsmbclient Add comments to describe the behaviour of DEBUG()
      s3-libsmbclient Don't store 'debug_stderr' on the libsmbclient context
      s3-param Fix up lp_set_cmdline() not to re-store cmdline options on each reload
      heimdal Add handling for PAC signatures over all encryption types
      s4-selftest Allow weak crypto so we can test DES-only behaviour.
      s4-torture Add tests for DES-only accounts PAC behaviour/validation.
      s4-process_model Fix valgrind-found use of un-initialised variable
      s4-selftest Run RPC-PAC against all the DC environments.
      s4-dsdb Fix urgent_replication test not to set an invalid userAccountControl
      s4-ldap_server Don't DEBUG() at level 2 every time a caller disconnects
      s4-kerberos Mention the remote address we fail to contact the KDC on
      s4-selftest fix indentation
      s4-dsdb Explain why we may not use the GC name in some situations.
      s4-auth Supply more useful error messages on Kerberos failure
      heimdal Add clock-skew handling to DCE-style GSSAPI
      s4-dsdb Return an error if we can't convert UTF16MUNGED -> UTF8
      s4-dsdb Convert new krbtgt_xxx password into UTF16
      s4-dsdb Remove incorrectly declared ** variable used as *.
      s4-provision UTF16 encode the password in sam.ldb, not secrets.ldb
      heimdal Don't dereference NULL in error verify_checksum error path
      heimdal Return HDB_ERR_NOT_FOUND_HERE to the caller
      s4-kdc Return HDB_ERR_NOT_FOUND_HERE on un-revealed accounts on an RODC
      s4:heimdal: import lorikeet-heimdal-201011102149 (commit 5734d03c20e104c8f45533d07f2a2cbbd3224f29)
      Add attribute macros for Heimdal to use
      heimdal regenate lex and yacc files
      heimdal Extra files required for merge up to current heimdal
      s4-kdc Remove use of heimdal private headers in kpasswd server.
      s4-kdc update startup routines after heimdal update
      auth/gensec Handle incorrect username or password in Kerberos client code
      s4-kdc Fix realm handling in our KDC
      heimdal Fix handling of backwards cross-realm detection for Samba4
      s4-gensec Indicate if GENSEC is in client or server mode in the debug
      heimdal Fetch the client before the PAC check, but after obtaining krbtgt_out
      s4-kdc Don't always regenerate the PAC
      s4-kdc Don't regenerate the PAC for cross-realm tickets
      s4-kdc Add 'flags' parameter to db fetch calls
      s4-kdc use 'flags' to only create the 'admin data' elements when requested
      s4-kdc Fix the realm handling again, this time pay attention to the flags
      heimdal Build ticket with the canonical server name
      s4-test_kinit Add tests for lowercase realm combinations
      s4-ldif_handlers Add handler for printing supplementalCredentials
      samba-tool pwsettings Allow setting 'store cleartext'
      samba-tool Add test for --store-plaintext
      s4-kdc Rework supported encryption type logic to match Microsoft
      wintest Force krb5.conf for BIND so we use the one generated for this test
      wintest Set the virtual machine IP to match it's dynamic IP, but don't use DHCP
      wintest Allow substitute to cope with objects like pexpect.EOF
      wintest example configuration file for a KVM based wintest
      wintest Explian that this is my KVM/libvirt configuration
      wintest Improve wintest's handling of IP addresses and add more auto-setup
      wintest Evolve wintest to handle it's own BIND nameserver
      s4-setup correct the require BIND version for Dynamic DNS
      wintest Don't connect to localhost or unqualified hostname, bind interface only
      lib/debug Add clarifying comments
      s3-netapi Add libnetapi_net_init(), don't double-init common Samba subsystems
      s3-libnetapi Add function header comments
      s3-libnetapi Load case tables earlier
      s4-dsdb Remove mem_ctx argument from dsdb_module_find_dsheuristics().
      s4-dsdb Add 'block anonymous' checks to the rootdse module
      s4-dsdb Remove rootDSE and anonymous checks from acl_read
      s4-objectclass Use a specific local variable name, not 'value'
      s4-dsdb Reorganise and clarify the LSA objectClass check (forbidden on LDAP)
      s3-param Fix lp_set_cmdline() to set the flag on alias values too
      s4-librpc Handle all types of GUID in the GUID() initialiser
      s4-smb_server Return why the ntvfs_connect() failed.
      wintest Add more VMs and correct titles
      wintest Add automatic dcpromo is the host isn't a DC yet
      wintest Fix case of BASEDN variables
      wintest Add a function to shut down all the managed VMs at the start
      wintest Set WIN_LCREALM and WIN_BASEDN automatically
      wintest Make the new --vms option default to running all tests.
      s4-samba-tool Show when we have created the user successfully
      wintest Allow 'samba-tool newuser' to run a few times waiting for the RID Set
      wintest Add more retries and fix up RODC handling after auto-dcpromo
      wintest Another way to work out if a Windows machine is a DC
      wintest Wipe the BIND data directory just before we restart bind
      s4:heimdal: import lorikeet-heimdal-201012010201 (commit 81fe27bcc0148d410ca4617f8759b9df1a5e935c)
      wintest Move stopping of BIND into a new step
      s4-provision Add an invalid names check for 'domain == netbiosname'
      s4-provision Always run slaptest to convert the config file
      libcli/auth bring ADS_IGNORE_PRINCIPAL in common
      s4-spnego use "not_defined_in_RFC4178 at please_ignore" if no principal specified
      s4-param Allow +foo syntax in smb.conf list parsing
      s4-client Use NTLMv2 by default in the Samba4 client.
      s4-tests Workaround new default of 'client ntlmv2 auth = yes' in tests
      s4-lsa Implement kerberos ticket life policy
      s4-spnego Match Windows 2008, and no longer supply a name in the CIFS Negprot
      wintest Remove the password expiry as the first step
      s3-libads Default to NOT using the server-supplied principal from SPNEGO
      s3-smbd Don't send SPNEGO principal (rfc4178 hint) by default
      s3-client Use NTLMv2 by default in the Samba client
      s3-docs Explain change to NTLMv2 by default in the client
      s3-docs Add docs for 'client use spnego principal' and 'send spengo principal'
      s3-libsmb Don't ever ask for machine$ principals as a target.
      s3-winbind Don't send the LM password to the server, ever
      s3-winbind Improve memory handling in NTLMv2-backend plaintext authentication
      wintest Share more of the S4 test code with the s3 test
      s3-net Allow 'net ads dns register' to take an optional hostname argument
      wintest More work to make test-s3.py work
      s3-dns Don't use SEQUENCE_FLAG in DNS update, Windows 2008R2 does not like it
      s3-dns Don't use DELEG_FLAG in DNS update, Windows 2008R2 does not like it
      wintest flush DNS on Windows clients to improve reliablity
      s3-libsmb Improve error message when denying LM encryption
      wintest Add testing of kerberos connections to Windows members of an AD domain
      libcli/auth bring ADS_IGNORE_PRINCIPAL in common
      s4-spnego use "not_defined_in_RFC4178 at please_ignore" if no principal specified
      s4-client Use NTLMv2 by default in the Samba4 client.
      s4-tests Workaround new default of 'client ntlmv2 auth = yes' in tests
      s4-spnego Match Windows 2008, and no longer supply a name in the CIFS Negprot
      s3-libads Default to NOT using the server-supplied principal from SPNEGO
      s3-smbd Don't send SPNEGO principal (rfc4178 hint) by default
      s3-client Use NTLMv2 by default in the Samba client
      s3-docs Explain change to NTLMv2 by default in the client
      s3-docs Add docs for 'client use spnego principal' and 'send spengo principal'
      s3-libsmb Don't ever ask for machine$ principals as a target.
      s3-winbind Don't send the LM password to the server, ever
      s3-winbind Improve memory handling in NTLMv2-backend plaintext authentication
      s3-net Allow 'net ads dns register' to take an optional hostname argument
      s3-dns Don't use SEQUENCE_FLAG in DNS update, Windows 2008R2 does not like it
      s3-dns Don't use DELEG_FLAG in DNS update, Windows 2008R2 does not like it
      s3-libsmb Improve error message when denying LM encryption
      libcli/security Add sid_blob_parse() to directly parse a binary SID blob
      s4-dsdb Use sid_blob_parse()
      s4-dsdb Don't talloc_free() ares on failure, as LDB might free it later
      lib/ldb Remove talloc_free() that causes double-free in callbacks.
      Revert "s4-dsdb Don't talloc_free() ares on failure, as LDB might free it later"
      s4-auth Remove obsolete comment
      s4-auth Remove event context from privilage database handling
      s4-auth rework session_info handling not to require an auth context
      s4-auth Remove duplicate copies of session_info creation code
      s4-auth Ensure that we always copy across domain groups
      libcli/security Add sid_blob_parse() to directly parse a binary SID blob
      s4-lsa Implement kerberos ticket life policy
      s4-heimdal_build Remove talloc dependency from hdb-glue.c
      s4-heimdal_build Remove talloc dep for krb5-glue.c
      nsswitch Add talloc depencency for nsstest
      s4-ldap_server Allow multiple binds on LDAP server
      s4-dsdb Implement tokenGroups expansion directly in ldb operational module
      s4-auth use new dsdb_expand_nested_groups()
      s4-auth Add function to obtain any user's session_info from a given LDB
      s4-auth Add get and set methods for auth_session_info python wrapper
      pyldb Simplify python wrappers for struct ldb_val (LdbValue)
      libcli/security Add python bindings for se_access_check
      s4-samba_tool Added ACL checking to python GPO management tool
      s4-gensec Don't steal the auth_context, reference it.
      s4-pyauth Use py_talloc_get_type() for greater talloc binding safety
      s4-pyauth Add bindings for auth_context_create() as AuthContext()
      s4-pygensec Add bindings for server_start() and update()
      s4-pyldb Fix tp_basicsize for PyLdbDn
      s4-torture Remove unused temp dirs from the RPC-PAC test.
      s4-pygensec Fix indentation of py_gensec_start_mech_by_name()
      s4-auth Extend python bindings to allow ldb and message to be specified
      s4-gensec Extend python bindings for GENSEC and the associated test
      s4-gensec Remove special case 'for SASL' that is not required any more.
      s4-dsdb Add a test of the tokenGroups behaviour on the user's DN.
      s4-auth Allow NULL methods to be specified to auth_context_create_methods()
      s4-pyauth Fix AuthContext wrapper
      s4-dsdb Add PAC validation test to tokengroups test.
      s4-dsdb Don't use None as the input to the GENSEC loop in tokengroups test
      s4-selftest Remove knownfail for tokengroups test
      libcli/auth move ntlmssp_wrap() and ntlmssp_unwrap() into common code.
      s4-gensec Add prototype for gensec_ntlmssp_init()
      s4-auth Remove special case for account_sid from auth_serversupplied_info
      nsswitch Add talloc depencency for nsstest
      s4:heimdal: import lorikeet-heimdal-201101310455 (commit aa88eb1a05c4985cc23fb65fc1bad75bdce01c1f)
      Remove unused installmisc.sh script, from old build system
      s4-python Remove unused missing.py (used by old build system)
      waf: Replace python installation rule to allow PYTHONARCHDIR and PYTHONDIR
      s4-python Ensure we add the Samba python path first.
      s4-python Remove manipuation of python path from samba module
      s4-waf Don't install any Samba packages into PYTHONDIR
      wintest Return debug info when dcpromo fails from the log
      s4-dsdb Fix generation of rootDSE domainControllerFunctionality
      s4-dsdb Add tests to ensure we don't break the rootDSE function levels again
      s4-waf Don't include ../librpc in paths
      s4-provision Remove setup_path, setup_dir and find_setup_dir
      s4-waf Add PYTHONDIR and PYTHONARCHDIR to the 'different on install' list
      s4-python Don't force "bin" into the python sys.path
      s4-wintest Use top level build for wintest
      s4-auth Add auth.idl to encode auth subsystem structures in IDL
      s4-auth Rework auth subsystem to remove struct auth_serversupplied_info
      s4-selftest Fix valgrind and gdb options for top level build
      s4-auth Fix setting of bad_password_count in auth_convert_user_info_dc_sambaseinfo()
      s4-waf Remove source4 build system.
      waf Remove debugging hacks left in the top level build
      auth Move auth_sam_reply into the top level.
      libcli/named_pipe_auth Remove support for unused levels 0-2.
      auth.idl fix size_is() reference in IDL
      libcli/named_pipe_auth Change from 'info3' to auth_session_info_transport
      s3-auth Rename cryptic 'ptok' to security_token
      s3-auth Remove unused pam_handle
      s4-waf Don't include ../librpc in paths
      waf Fix dependencies for .pc (pkg-config) files
      s3-auth Fix memory leak in security=share and force user =
      s3-auth Fix memory leak in security=share and force user =
      wintest upper case the --vms paramter arguments to wintest.py
      Add support for testing a Win2k3 domain member
      heimdal Pass F_CANON down to the hdb layer for servers in AS-REP as well
      s3-cluster Always fill in the clustering vnn element
      s3-cluster remove more CLUSTER_SUPPORT #ifdef stuff
      lib/util/charset add functions isupper_m and islower_m
      lib/util/charset use a path to dynconfig.h that works in s3 and s4
      lib/util/charset split codepoints.c into it's own subsystem
      lib/util/charset use get_dyn_CODEPAGEDIR(), which is in common
      lib/util Make UTIL_LDB conditional on an s4 build
      s3-waf use lib/util/wscript_build, and avoid duplicate subsystems
      s3-libads Remove MIT-specific krb5_princ_realm macro calls.
      charset Remove use of {isupper,islower,toupper,tolower}_w functions
      librpc push NDR_SECURITY and NDR_DCERPC to the top level wscript files
      librpc make ndr-standard a common library
      lib/util/charset Use top level iconv.c in source3
      lib/util Remove #if _SAMBA_BUILD_ == 4 that isn't required any more
      s3-charcnv Don't genreate valid_table on the fly, rely on valid.dat
      lib/util/charcnv Move iconv handle setup in common
      lib/util/charset Add back setlocale(), but only when called from binaries
      Add tests for various s3 auth modes
      s3-tests use $PREFIX to ensure tests don't work outside the test area
      selftest move selftesthelpers to a top level helper script
      selftest split $PERL into multiple arguments for Test::More check
      s3-selftest convert tests.sh to python
      smbtorture Remove random file name before we start RW2
      selftest pass in srcdir into Samba3 target module
      selftest: Improve gdb_backtrace to run in batch mode
      s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_info
      s4-auth Move libcli/security/session.c to the top level
      selftest the raw.mux test is flaky:
      smbtorture Remove random file name before we start RW2
      heimdal_build omit #line statments to allow valgrind to work again
      lib/util/time: Merge time functions from source3/lib/time.c
      s3-build __FUNCTION__ is always available, always use it
      s3-debug Always use C99 true/false rather than True and False
      lib/util move debug.[ch] out of the way
      lib/util: new merged debug system
      s3-rpc_server Handle session key as a constant buffer
      pidl Add support for uid_t and gid_t types
      librpc/idl Add helper structures for use by samba3 in auth_session_info
      s3-auth struct security_unix_token replaces UNIX_USER_TOKEN
      libcli/security Add unix_token and unix_info to auth_session_info too
      s4-dsdb: Ensure we permit multi-valued backlinks on single-valued attributes
      librpc/ndr use hyper for uid_t/gid_t rather than udlong
      selftest the raw.mux test is flaky:
      s3-selftest Add tests for security=server
      s3-selftest Allow LM passwords and turn of NTLMv2 for security=share test
      s3-selftest Fix test_smbclient_auth.sh
      s3-lib Remove unused #define
      s3-lib Remove unused skip_unibuf()
      selftest: put the target on the environment
      s3-smb Use FILE_ATTRIBUTE_READONLY intead of aRONLY
      s3-smb Use FILE_ATTRIBUTE_HIDDEN intead of aHIDDEN
      s3-smb Use FILE_ATTRIBUTE_SYSTEM intead of aSYSTEM
      s3-smb Use FILE_ATTRIBUTE_VOLUME intead of aVOLID
      s3-smb Use FILE_ATTRIBUTE_DIRECTORY intead of aDIR
      s3-smb Use FILE_ATTRIBUTE_ARCHIVE intead of aARCH
      lib/util Move more network utility functions from source3 into lib/util
      lib/util Move source3 tdb_wrap_open() into the common code.
      s3-build Remove distinct LOCALEDIR subsystem

Andrew Klosterman (1):
      s3:smbd: Fix bug 6690, wrong error check

Andrew Kroeger (77):
      registry: Properly check return values from ldb_*() functions.
      When Windows initially creates a new value, the value name is "New Value #1".
      When Windows attempts to create a new key, it looks for an available key name
      registry: Implement recursive deletes for ldb-backed registry.
      registry: Implement recursive deletes for dir-backed registry.
      registry: Implement recursive deletes for regf-backed registry.
      registry: Add an explicit test for recursive deletion.
      torture/rpc-winreg: General fixes for a number of tests.
      torture/rpc-winreg: Modify test cases to work with recursive key deletion.
      torture/rpc-winreg: Split out the security descriptor tests.
      samba4-knownfail: Only the "*-security" rpc-winreg tests are expected to fail.
      Fix blackbox.kinit test by issuing new certificates good for 25 years.
      ldb_wrap: Debug at derived samba_level, not the level of the ldb debug enum.
      accountExpires: Windows default is 9223372036854775807, not -1.
      Add samdb_result_account_expires() function.
      Update account expiration to use new samdb_result_account_expires() function.
      Enhance mappings of NTSTATUS to KRB5KDC errors.
      Treat maxPwdAge == 0 as passwords never expire.
      heimdal: Add parameter to windc_plugin to allow extended return codes.
      kdc: Provide extended error information in AS-REP error replies.
      WHATSNEW: Update information in preparation of Alpha3.
      provision: Increase max NetBIOS name length from 13 to 15.
      Convert some more files to GPLv3.
      Merge branch 'v4-0-test' of git://git.samba.org/samba into v4-0-local
      mkrelease: Update to work with Git instead of SVN.
      mkrelease: Add checks to ensure run from top-level directory of repository.
      howto: Clarify differences when working from a tarball instead of Git.
      Makefile: Allow "make" with no arguments to build all that will be installed.
      howto: Simplify the commands needed and remove reference to removed script.
      provision: Add support for IPv6 (bz #4593).
      howto: Update git clone command to something that actually works.
      provision: Allow DNS GSS-TSIG updates to work.
      provision: Create instructions for enabling DNS GSS-TSIG updates.
      subunit.sh: Properly capture and pass on the command output.
      gitignore: Ignore some output files from make test.
      provision: Generate krb5.conf template separate from named.conf template.
      enableaccount: Use correct command name in usage output.
      GPO: Do not provision Default Domain Policy as initially enforced. (bz #5480)
      provision: Add missing string parameter token when assigning ldap_backend.
      howto: Remove smbpython.
      s4:provision: Update DisplaySpecifiers (#5139).
      s4:Added Extended-Rights and subentries.
      s4:provision: Added ComPartitionSets entry.
      gitignore: Ignore additional auto-generated files.
      s4:ldb:modules: Correct typos.
      s4:ldb_modules: Correct typos.
      s4:tevent: Increase trace debug level to 50.
      s4: Add additional well-known SID's/RID's.
      s4: Add additional 2-letter SID/RID mappings.
      gitignore: Ignore additional auto-generated file
      s4:mkproto: Add NET_API_STATUS return type.
      s3: Call va_end() after all va_start()/va_copy() calls.
      s4: Call va_end() after all va_start()/va_copy() calls.
      ldb: Properly handle NULL when copying attr lists.
      selftest: Account for 0-based months in date parsing and printing.
      util:tests: Correct time tests for negative UTC offsets.
      s4:setup: Change license headers to LDIF comments.
      s4:setup: Added script to parse Microsoft DisplaySpecifiers document.
      s4:setup: Use ms_display_specifiers script for provision.
      s4:setup: Updated comment to reflect new DisplaySpecifiers location.
      s4:setup: Remove display_specifiers.ldif.
      gitignore: Ignore additional auto-generated files.
      s4:pwsettings: Correct off by factor of 10 for ticks.
      s4:pwsettings: Added --quiet option.
      s4:pwsettings: Run all updates as a single modify() operation.
      s4:pwsettings: Don't assume a value for pwdProperties.
      s4:pwsettings: Added validation.
      s4:pwsettings: Add 'default' option for password complexity.
      s4:pwsettings: Show default values in help messages.
      testprogs:subunit.sh: Add function for expected failures.
      s4:pwsettings: Added blackbox tests.
      s4:srvsvc: Fix logic on error checking.
      s4:ldb_map: Don't free ares too early.
      s4:provision: Update schema version number to W2K8.
      s4:provision: Show domains and forests are W2K8 DC capable.
      s4:torture: data_blob_hex_string() output is now lowercase.
      s4:provision: Make gc._msdcs DNS entries A/AAAA records

Andrew Tridgell (9741):
      updated README for new samba.anu.edu.u alias
      use the new issafe() macro instead of isalnum() and strchr()
      move the dot_pos calculation down a bit
      fix a netgroup bug (innetgr() was being called with the args in the
      - use issafe()
      fix a dst bug, we had a sign wrong in the calculation :-(
      updates to wall.perl from michal at ellpspace.math.ualberta.ca
      removed obscene comment added by Dan
      - close the listening socket in the child process when running as a daemon
      change version number to 1.9.16p2
      removed old -S option from nmbd manpage
      documented -W option
      ignore some files
      - handle CORE protocol better
      handle being passed a dptr of -1 to mean "close all open dir handles".
      turn on KEEP_PASSWORD_SERVER_OPEN by default
      move quotas support out of server.c
      - fix a bug hanlding very log filenames
      - added hostname support to smbstatus
      made dptr_num signed to handle -1 from OS/2
      fixed version number (again!)
      cleaned up the way the max log size stuff works and fixed a potential
      added comments about trapdoor uids
      cleanups to make thinsg compile cleanly
      fixed a typo
      handle errors from receive_smb better, and print error string
      - added an entry on WinDD to samba.faq
      comment out the code that tries to handle the NT bug where the 2nd
      add my private makefile to the ignore list
      Lots of changes!
      - moved the uid handling to uid.c
      a huge pile of changes :-)
      add dummy quotas fn
      Did more integration of Lukes code ready for the first release.
      - changed some debug levels in clientutil.c
      - remove some incorrect prototypes from server.c
      add sunos private makefile to .ignore
      fix a bug that meant alpha6 couldn't compile.
      added some notes on the new "interfaces" option
      - added interface.c and removed all the references to myip, bcast_ip
      - added predict.c, moving the routines from util.c
      - added comments to byteorder.h explaining how it works.
      patches fromk Luke putting in symbolic names for time constants
      moved MSBROWSE into nameserv.h
      changes from Luke
      fixed the apana MIRRORS entry
      more changes from Luke
      updates from Luke to rename "domains" more accurately to "subnets"
      moved some more locking routines to locking.c, and moved replacement
      documented the "max disk size" option.
      got rid of a lot of redundent header files as we now globally generate
      a cleanup of the receive_smb() usage, adding timeouts in some places
      minor patch to allow host announcements to remote subnets
      demo of cvs - ignore
      - change date as a demo for john
      - moved the protocol defs in the client to keep sill C compilers happy
      fix Makefile - remove Lukes private stuff :-)
      fixed conflict with global variable updatecount
      fixed conflict between two variables called d
      generated new proto.h
      removed some debug stuff from luke
      minor cleanups ready for another release
      fix up problems with "smbclient -L". It now uses a generic
      minor debug output fix
      added a bunch of comments to Lukes docs.
      added lots of comments to the docs that Luke wrote on the internals of
      removed the remote interfaces stuff.
      the client now loads the smb.conf config file so it can get the
      minor cleanups
      fix a bug that we've had for a long time where we don't handle EOF
      minor fix to write_data() for EOF handling
      new docs for japanses extensions from Fujita
      - added docs on new "printer driver" option
      - sequent-ptx support from bressler at iftccu.ca.boeing.com (Rick
      don't allow newlines in printer status messages
      - add the 0x1c name for all interfaces if we are a logon server
      doc updates
      added the validchars package written by tino at augsburg.net. This
      minor cleanups
      disabled SETFS (which was only enabled for Linux) until we resolve a
      fixed an obvious bug that meant that DosPrintQEnum could never
      changed "unsigned long" to "uint32" in several places (for IP
      added notes on the new FAST_SHARE_MODES code
      - added FAST_SHARE_MODES code
      change email address
      added Printing.txt and Tracing.txt
      SVR4 startup scripts from Timo Knuutila (knuutila at cs.utu.fi)
      added support for the Bull Operating System (BOS)
      - document the "remote announce" option
      documented the new syntax of lmhosts
      - added the "remote announce" option
      fixed installscripts.sh so it no longer creates ] and [ directories
      - added support for Amiga-unix (based on BSD I think)
      added a note about the homes share and WinDD
      - made FAST_SHARE_MODES standard for Linux
      a bunch of man page cleanups from a kind contributor
      - added "netbios name" option in smb.conf to make controlling the name
      fix a bug in the new chaining code
      add a bit more about the "trapdoor uid" messsage
      - fix a bug in NetServerEnum where counted and total were not counted
      - add NMB_REG_REFRESH capability to initiate_netbios_packet(). I think
      - removed ServerComment and instead set the comment string in nmbd
      update "server string" docs
      give names more time when refreshing
      - new faxing doc from Gerhard Zuber <zuber at berlin.snafu.de
      - new handling of ST_TYPE bits, they are now consolidated much more in
      - remove the date markers from the man pages. I never keep them uptodate
      - bit a bit manipulation bug in find_name_search()
      fix compiler warning
      handle sigpipe better for server security
      update the docs ready for a new release
      - fix a bug handling readraw packets that caused the timeout to be 30
      minor fixes to docs
      - add timeouts to connect() for password server connections. This
      minor doc fix
      - fix client for pathworks 4 access
      added debug info
      - accept either NT or lanman passwords in tconX
      - a huge pile of changes from Luke which implement the browse.conf
      backout all the changes to nmbd.
      - fix the EALREADY bug so connections to slow hosts with smbclient get
      - changed the umask handling. We now set the umask to 0 and explicitly
      - added a new support entry
      - use workgroup from smb.conf in smbclient
      - added docs on the new "fake oplocks" option.
      I have fixed quite a few important bugs in this commit.
      - added a mirror entry and added a new Support.txt entry
      - replace the base36 function with one that works on more systems
      - use waitpid for ultrix
      add DEBUGLEVEL to replace.c
      - added an entry to the MIRRORS list
      - changed the default nmbd loop timout to 10 seconds (2 seconds was much
      - continue when failing to load config file in nmblookup and smbclient
      - revert to old idle dir code (marty pointed out a problem with the
      - updated the ENCRYPTION.txt stuff to point to the newer des
      - correctly handle non-encrypted share mode session-setup. We were
      - set default printer driver string to "NULL"
      - fixed listproc mail address in faq
      - added support for TMPDIR env variable
      added a new type to mkproto.awk so it can handle shmem.c
      fixed a bug in the printjob encoding/decoding. We weren't doing it for
      cgi.c is a simple set of CGI manipulation routines
      some minor modifications to loadparm.c to support the necessary
      add the stdout parameter to lp_dump()
      prototype updates for new functions
      fix a couple of "declaration shadows previous local" warnings.
      This is a written from scratch DES implementation. I couldn't find a
      This commit does 3 main things:
      no longer needed
      rewrote md4.c from scratch. This implementation should be portable and
      - change a lot of occurances of errno to use strerror(errno). We can't
      - if the user already exists then ignore the -add command
      bug fix in the new des code.
      - change generate_challenge() to use md4 instead of des
      add a cast
      change the encryption instructions to reflect the fact that the code
      John asked the other day about using the tar feature in smbclient to
      added some debug stuff
      add error string reporting to clitar
      change the semantics of hosts allow/hosts deny so that a global
      change a debug level in reply.c
      add "static" to a couple of functions that are only used locally.
      This is all the NT error codes less than 1000. I extracted them using
      a little hack to smbclient to support extracting NT error codes
      a bit of bounds checking
      fix some "shadows global" errors.
      get rid of SIGCLD_IGNORE for HPUX. A user reported it causing lots
      increase the debug level in the "added interface" debug line
      bracket some macros
      an implementation of the NT domain credentials protocol
      fixed the log wrapping bug.
      remove { and } from the list of illegal characters in filenames. The
      updated the "comment =" entry a bit
      reverted a change made by Luke at his request.
      force the salt to be a maximum of 2 characters long in calls
      fixed a stack overflow bug in api_lsa_req_chal()
      fixed the freeze on logout bug. The fix has several parts:
      added loopback_ip. This is used to detect packets from ourselves
      add the port number to a debug statement
      the usual proto.h update
      fixed the problem that browsing breaks if you put quote marks around
      add ERRDOS/67 ERRnosuchshare to the client.c list of error strings
      added -a "append log" option
      document -a "append log" option
      fix the handling of negative name query responses and the handling of
      remove a spurious error message from nmbd. The message was:
      put the new example config file in here as well
      add a note about running testparm after modifying smb.conf
      add a section on encryption and change the formatting a bit
      update the timestamp on config files in our linked list when we notice
      move calls to smbhash() inside smbdes.c (for legal reasons)
      I am removing these from the source code in preparation for an
      casting cleanups
      a major share modes reorganisation.
      add some debug info
      get rid of the KEEP_PASSWORD_SERVER_OPEN define
      This is a set of generic SMB client routines. I needed this in a hurry
      rewrote the password server code using the new clientgen.c client
      some cleanups in the clientutil.c code.
      prototype updates
      added a note about which netbios name is use in server level security
      add a note on how to map usernames with spaces in them
      fix the order of become_uid() and become_gid() in become_root(). This
      don't check lp_alternate_permissions() in the new utime workaround
      check for EPERM or EACCESS in file_utime()
      damn, I spelt EACCES wrong.
      don't send any statistics in the node status reply
      Implemented asynchronous DNS lookups in nmbd.
      shared memory code cleanups (partly preparing for a possible sysV
      The browse synchronisation code in nmbsync.c now uses the clientgen.c
      fix some casting errors in smbencrypt and some multiply-defined errors
      added -U option to nmblookup. This is similar to -B except that it
      Fixed 2 oplock bugs:
      also disable read prediction in 1.9.18
      change the default file permissions on the SHARE_MEM_FILE* to
      refuse pathworks type R connect (patch from Stephen Tweedie)
      SYSV IPC implementation of fast share modes.
      define USE_SYSV_IPC on a bunch more systems.
      define USE_SYSV_IPC on sunos4
      lower the default hash size if SEMMSL isn't defined
      define semun for broken solaris sysvipc
      fix cast
      fix for broken sunos4 includes (doesn't have SHM_R)
      need includes.h to compile on some systems (eg. sunos4)
      enable sysv ipc and fast share modes on OSF1
      clean up the hash entry code a bit. Got rid of lp_shmem_hash_size()
      - don't allow locking to initialise twice
      damn. We need root privilages to do semaphore operations even if we
      moved ubi_ modules back into the ubiqx directory.
      Chris will be pleased to know that mkproto.awk no longer runs on the
      - cleanup some warnings
      removing the files that are now in rpc_pipes
      this is now in the rpc_pipes directory
      no Makefile needed here either
      pm_process() never closed the file (a memory and file descriptor leak)
      OSF1 doesn't define union semun either.
      define NO_SEMUN for svr4
      change from * to ^ in hashing of device/inode. Using * meant that if
      re-initialise the timezone on each new connection. This means you
      some locking code cleanups
      don't use SEM_UNDO because of ridiculously small undo limits on some
      change a debug level
      a simple SMB torture tester. This will allow us to evaluate locking
      set O_CREAT on lock file
      minor async DNS cleanups
      don't print the progress so often - it slows down the client too much
      to avoid any possibility of the pipe getting full and blocking we now
      fix comments
      got rid of redundent rpc_pipes/rpc_proto.h
      convert the credentials code back to uchar[8] from uint32[2]
      fix some uchar/char conflicts
      add NO_SEMUN for HP
      no asm/signal.h for linux as this is not portable
      change from %D to %m/%d/%Y in timestring(). This doesn't really matter
      added two more sets of tests to the smbtorture test. The tests I added
      a few more tests added, including one that tests whether the server
      auto-create the locks directory on startup
      fixed a bug which caused nmbd to core dump.  The problem was incorrect
      added code to test the cli_NetServerEnum() function in clientgen.c
      don't do the mapping for group names if the name type
      fixed typo
      changed nmblookup to only set recursion_desired in queries if the -R
      added some debug lines to the rename code
      use LocTimeDiff() not TimeDiff() to ensure that longdate conversion is
      added true enumerated types in loadparm.c. Now we don't need all those
      the usual :-)
      fixed some typecasts of (char *) to (unsigned char *)
      this new cgi code includes the ability to act as a mini web server,
      added a test for the NT SMBgetatr bug in smbtorture
      minor wsmbconf and cgi changes
      test SMBsetatr as well
      added some QPATHINFO and QFILEINFO tests into smbtorture.
      added a SMB_QUERY_FILE_ALL_INFO test into smbtorture
      added cli_rmdir and cli_mkdir
      get rid of stat command (it is a hangover from an old experiment)
      oh no! my favourite hack is broken. You can't do:
      fixed a very nasty oplock bug. We could send oplock break requests on
      there was a bug in my oplock bugfix :-)
      get_entries is an int not a bool
      pass the mailslot name to process_logon_packet()
      added a sent_oplock_break element to Files[] as a paranoia check so we
      use -1 not 0xffffffff in SIVALS() macros
      don't display locks for dead processes in smbstatus
      the logon script example should use %U.bat not %u.bat
      dont try getpeername() when Client isn't initialised
      get rid of some things out of smb.h that are already in local.h
      HPUX trusted systems need to use bigcrypt() not crypt()
      the default GUEST_ACCOUNT should be here not in smb.h
      changing the comment in find_new_file() to say why a base of 1 is used
      add the null string to SMBsetatr calls
      fixed the help message for -p (someone complained!)
      fix toupper(c) on a already uppercase char and tolower(c) on an
      hopefully handle "ready and waiting" messages in print queue output a
      I'm slowly getting though the todo list :-)
      make the "printing" option a per share option rather than global. When
      allow users to disable the NetWkstaUserLogon call in server level
      add a warning if the timezone is not a multiple of 1 minute. This
      allow local_machine and remote_machine (%L and %m macros) to contain
      change the "username map" option to allow the user to stop the
      applied a patch from Norm Jacobs to allow "printcap name = lpstat"
      put the default PRINTCAP_NAME def in includes.h not local.h so that
      slight cleanup to the linked list handling
      Makefile.lib does nothing, so remove it
      don't use free and alloc as structure elements
      added optonal MEM_MAN code
      got rid of the WRAP_MALLOC code - mem_man does it better
      allow for zero size reads in asyncdns. These can happen after a signal
      catch signals in the async dns daemon and allow it to auto-restart if
      fix a bug that sometimes prevented smbclient from connecting with
      allow name_type 0x20 as well as name_type 0x0 in dns proxying
      give out file handles differently on each new connection because of a
      - handle ENOSPC in shmem init.
      use _exit to exit a child
      fixed a couple of illegal uses of scanf() in the nmbd wins code. They
      fixed another couple of minor type errors (they could cause incorrect
      a dummy change to shmem_sysv.c to try and break CVS out of a problem
      avoid the ~ operator in netmask operations as apparently it causes
      *** empty log message ***
      *** empty log message ***
      *** empty log message ***
      propogate my cgi changes to the main branch
      always align both the parameter and data bytes on a 4 byte boundary in
      fixed typo
      make the initial logfile names consistent. This should mean that smbd
      Jeremy is going to hate me ...
      allow for non-authenticated SWAT for demo purposes
      - remove redundent strstr()
      added Date and Expires headers in the mini web server so clients know
      added a "home" icon
      added status page to SWAT. Similar to smbstatus output but in a HTML
      report the max size of raw reads as 65536 not 65535 (this now matches
      use FSTYPE_STRING not "SAMBA" for filesystem type
      add FLAG_HIDE to "config file" option (so it can't be set in swat)
      these have been replaced by swat
      add swat to .cvsignore
      use password_ok() instead of calling crypt()
      move setup_groups() into password.c so that swat can link without
      moved cgi.c and swat.c into a source/web/ directory. Note that you
      some initial help and images files for swat
      added an install target for SWAT
      a brief description of how to install and run SWAT
      remove an unnecessary #ifdef
      fixed instructions in installswat.sh (thanks to Herb again!)
      removed a redundent return statement
      fixed support for running swat via cgi-bin
      another fix for running under cgi-bin
      updated to give instructions on running via cgi-bin
      another makeover of loadparm to support new stuff in swat and
      - added separators
      added another pathetic looking icon
      prototype updates
      if a local parameter is changed at the global level then propogate the
      added the ability to start/stop the server from SWAT.
      new files to support starting/stopping the server
      put in the longer welcome blurb
      updated blurb
      updated blurb some more
      added a background image based on Pauls SAMBA logo but manipulated a
      a smaller background
      install jpeg files
      - added the ability to kill off individual connections from SWAT (from
      safer killing of connections - it ensures the process is still a valid
      - claim the null connection after the session request to mak sure we
      updated the images
      changed the date formatting
      changed the default "keepalive" value to 300 seconds.
      changed the default MAXSTATUS from 1000 to 100000
      fixed call to execl() to get argv[0] right (thanks to Herb)
      show full path in ps by setting it in argv[0]
      - added "Full View"/"Normal View" on the "view config" page
      this isn't a big commit, it just looks like it :-)
      when CGI_LOGGING is on log the host name and IP
      oops, I got the sense of the show_defaults parameter to lp_dump()
      changed the method used for auto-reload on the status page to use
      moved the refresh script to the end of the page so that silly things
      don't set the Expires header on any page generated from a POST. This
      - added a check for broken RH5 include files. With the standard RH5
      a pointless commit to check on a problem Luke reported with CVS
      the default for old style accounts should be workstation trust
      support O_SYNC in opens for smbtorture
      if the resolve order is blank then assume "host"
      support O_SYNC at open time in files (previously we only supported it
      some hacks to the torture code
      minor reformatting of debug messages (so people don't think there is a
      fixed a memory leak in close_file(). Each time a file was opened
      improved the secret buffer generation a bit. It now uses /etc/shadow
      many systems don't have /etc/shadow but do have another system for
      much faster pstrcpy() and fstrcpy()
      changed to use slprintf() instead of sprintf() just about
      changed to use slprintf() instead of sprintf() just about
      include includes.h in all the ubiqx files. I know Chris won't like
      don't use system functions as arguments to qsort() as otherwise you
      a new slprintf() function. This one is totally portable but a bit of a
      we don't need a typedef for string
      initialise a variable
      test for overflow in nmb name parsing code
      initialise some variables (stops warning)
      fix slprintf for sunos4 in head branch
      point people at the main web site for a up to date list of mirrors
      merge from the autoconf2 branch to the main branch
      some merge cleanups
      checkin configure again in order to get permissions right
      still trying to get permissions right - CVS doesn't commit permissions changes it seems
      hopefully permissions are right now
      updated the UNIX install instructions to include ./configure
      removed some feedback request comments - we get enough email :)
      get rid of the runtime test for broken getgroups() and add a compile
      added Makefile to .cvsignore in the hope that this will prevent people
      ignore the auto-generated dummy file
      test for a broken inet_ntoa and replace it if necessary (for
      fixed a bug in the replacement inet_ntoa
      updated prototypes
      fixed a make proto bug pointed out by Chris.
      fixed sin_len test for FreeBSD
      added HAVE_FUNCTION_MACRO test
      added test for getpwanam().
      added --with-nisplus-home option
      we have to have the test for -lsocket before the test for some
      new directory structure in configure.in
      the autoconf scripts are now converted to the new directory structure
      these dummy files are needed for autoconf processing
      added ignore rules for the dummy files
      another dummy file
      removed the if statements from the DEBUG() macro definitions.
      this gets smbd compiling and linking correctly with the new layout.
      close to having nmbd linking (just a bit of repository hacking to go)
      nmbd compiles and links. I had to do some ugly stuff, putting files in
      swat compiles, with some even uglier hacks. we really have to do
      a few more things compile.
      the rest of the binaries now compile and link
      fixed the installation scripts for the new layout
      smbtorture now compiles
      moved username.c into lib/ so we no longer $(PASSDB_OBJ) in most
      split the system password checking routines out of smbd/password.c and
      moved access.c into lib/ from smbd/ as it is needed by testparm. I
      make sure that a fault cannot occur twice. The new Debug1() code is
      fixed a nasty bug in debug.c
      fixed the nested comment - Jeremy, do you want that unbecome_user() or
      define INADDR_NONE if not already defined
      remove an unused variable
      this is the bug change to using connection_struct* instead of cnum.
      moved the printing related files to a separate printing/ directory.
      some more dummy files to ignore
      use user instead of this_user to prevent global shadowing
      this checkin gets rid of the global Files[] array and makes it local
      changed find_free_file() to file_new().
      server.c: fixed a bug in close_file() with the new files.c handling code
      got rid of the Files[] array completely (previously I'd just made it
      added include of sys/resource.h
      fixed some bugs in the locking_slow code caused by the recent changes.
      - some tidying up in files.c
      I think it is pretty much decided that the next major version will be
      some cleanups from the conversion of Pipes[] to a linked list. I also
      much cleaner chain pointer handling for both files and pipes.
      converted the policy code to use a linked list and bitmap. This saves
      moved connection_struct handling code into smbd/conn.c and changed it
      reduced the memory footprint a bit by changing some large static int
      added some optimisation for the case where the number of open files is
      now that we have no global arrays we can start to split up the monster
      more splitting of server.c
      this completes the splitup of server.c.
      move soem variables from server.c that don't belong there.
      removed some of the rough edges from the splitup
      added a test for a working setresuid
      testparm now prints a warning if the lock directory doesn't have 0644
      fixed a bug in trans2_qfilepathinfo() where we used the length of the
      silly me.
      and get the message right ...
      added a macro ZERO_STRUCT() which is useful for initialising
      use ZERO_STRUCT() to initialise lots of structures.
      added new smb.conf option "panic action". see my samba-technical
      don't attempt to answer QFILEINFO/SMB_QUERY_FILE_STREAM_INFO queries -
      expanded MAX_LOOKUP_SIDS to 30 (I saw 21 in a packet)
      added ASSERT() and ASSERT_ARRAY() macros and sprinkled them liberally
      changed the default permissions code to do this:
      some smbtorture hacks (random IPC calls)
      proto changes
      note that "alternate permissions" is deprecated in man page
      added a warning when loading a parameter that is deprecated
      took all the rpc includes back out until we can work out _why_ freebsd
      get includes right for systems that use getpwanam()
      use a separate ZERO_ARRAY() macro instead of ZERO_STRUCT() for
      nmbd would core dump if a large number of netbios aliases is set. The
      don't exit on a SIGPIPE
      got rid of calls to update_protected_database(). It was causing core
      added some defensive programming to nmbd. This mostly means zeroing
      changed the size of a char array in the userdata_struct from 1 to 16
      added a function zero_free(void *, int size) that zeros an area of
      - zero shared memory before freeing it
      allow smbclient to connect to IPC$ as an IPC service
      changed the format of the wins.dat file slightly.
      don't put two spaces at the start of lines if logging to stdout
      include our netbios names list and our workgroup in the wins.dat hash
      changed the way that name query records are sorted in replies. They
      we we have successfully done a query on *<1b> from a wins server and
      This should fix the zombie problem that luke noticed.
      finished the asynchronous browse synchronisation code. It even seems
      a couple of debug lines
      added a dest_port parameter to send_mailslot() so we send replies to
      bounds check next_token() to prevent possible buffer overflows
      cast the qsort to prevent warnings
      set a maximum name refresh time of 20 minutes.
      updated the WHATSNEW in preparation for an alpha release
      fixed a comment
      I realised that my DMB<->DMB sync code has the property that the
      if an address is ipzero in cli_connect() then do a name query
      minor fixes to the DMB<->DMB sync code. We now get the dmb name from
      I looked at the refresh issue a bit more and discovered that Samba
      check that a valid pipe is passed before doing a pipe close.
      fixed a bug in the base64 hanlding that led to auth failures for some
      spruced up SWAT a bit - it now uses the new Samba logo at the top and
      need to istall new files
      Matthew is no longer wokring on SWAT
      use /swat/ prefix in both inetd and cgi modes, to enable a static header.html
      changed ref to samba.gif to use /swat/ prefix
      we are never interested in SIGPIPE so just ignore (block) it
      fixed a bug in the name mangling code. It implicitly assumed that
      we were setting the strings 1 too long in make_srv_share_info1_str()
      changed the SMBtrans reply code to align at the same alignment as
      got rid of interpret_security(). Thanks to Jean-Francois for pointing
      tridge the destroyer returns!
      ahh, the joy of deleting large chunks of code that someone else has
      some people are foolishly running ./configure from other than the
      some cleanups to use ZERO_STRUCT() and friends
      expand the sysv shmem test to look for semaphores as well as shared
      added a configuration summary at the end of ./configure. It also
      fixed a stat cache bug (the one found by Matthew Geier).
      add a "stat cache" boolean smb.conf option. (defaults to on)
      fixed a bug in the wins database writer that caused the database to be
      fixed a potential problem with wins_write_database() child processes.
      fixed a typo in my last commit
      fixed the nmbd fork bomb. It was a silly mistake, as
      fixed another potential fork bomb where the wins file becomes
      got rid of some #ifdef LARGE_XXXX stuff and got rid of non-portable LL
      fixed a usage of off_t that should have been SMB_OFF_T
      removed another use of the LL suffix. Hopefully this is the last one
      fixed a typo (LLARGE_SMB_OFF_T instead of LARGE_SMB_OFF_T)
      added a SMB_OFF_T_BITS define, allowing us to get rid of most of the
      gto ri of a bunch more #ifdef LARGE_SMB_OFF_T checks by introducing a
      got rid of SMB_STRUCT_STATVFS. I don't think we should be defining
      oops ... I got the filenames wrong in my cleanup of the wins database
      add a define for SMB_SEARCH_BITS and change comment on FSTYPE_STRING
      added a per-share parameter "fstype" that allows you to select the
      3 changes:
      lp_fstype() proto
      look at the CAP_NT_SMBS bit in the client capabilities to determine if
      some changes to the autoconf support
      automatically detect changes in the system type and exit, telling
      I've disabled the conversion of null filenames to "." until we solve
      changed the default filesystem type to NTFS (from Samba)
      fixed the docs for "domain controller" parameter.
      made bad boolean values stand out a little better
      got rid of the memcpy() prototype and used includes.h instead.
      set the default fstype for IPC$ to "IPC". I'm not sure if this will
      got rid of USE_FILES_ARRAY code (it was unused)
      makefile support for smbwrapper
      a couple of mode for smbwrapper
      use sys_stat() not file_exist() for codepages. (we don't want dos
      added sys_getwd()
      several clientgen mods to support smbwrapper. In particular added
      the guts of the smbwrapper code. I may change the layout of this at
      some changes in smbtorture as a result of clientgen interface changes
      added capabilities ab win95 fields to client structure. Used for
      - remove .p files in make clean
      updated prototypes
      - ignore *.p files
      - ignore *.p files
      - ignore *.p files
      lots of improvements to smbwrapper. It now works with Samba, Win95 and
      ignore *.p files
      added unlink() and rename() support to smbwrapper
      added basic chmod(), chown() and utime() support (not fully
      added lseek
      define O_ACCMODE if not defined
      updated prototypes
      - always open for reading (otherwise getattrE won't work).
      use O_ACCMODE
      added lseek() to smbwrapper
      fixed a bug in name_len() (thanks to kooros at kooros.netrack.net)
      added lseek() support for directories
      added a bit more to the docs
      added simple device/inode number support based on a checksum of the
      added mkdir() and rmdir() support
      support getcwd() in smbwrapper
      fixed wrapper for access(). This gets xedit working.
      fixed vi on smbwrappper (it was a problem in cli_read())
      added fchdir() support
      don't call functions that aren't there yet. (Luke had the code
      fixed initialisation bug in rpcclient (stdout is not a constant)
      fixed a authentication problem with non-encrypting servers
      use __XXXdir() instead of __libc_XXXdir()
      we need to do a load_interfaces() at startup to support broadcast
      simplied the layout of the smbwrapper code. All those 3 line files
      use const char
      support a few more function types (like ino_t and off_t)
      - split smbw directory code into smbw_dir.c
      more smbw cleanups.
      use dummy file descriptors opened on /dev/null to ensure that the smbw
      modified cli_read() and cli_write() to issue multiple outstanding
      fix an error code in cli_error()
      refuse symlinks to or from a smb path
      set a default 16k client buffer size
      use CLI_BUFFER_SIZE instead of BUFFER_SIZE
      add support for dup() and dup2()
      added support for printing via smbwrapper
      add support for unlink() on printer shares in smbwrapper. unlink()
      use *SMBSERVER convention in smbwrapper to allow us to connect to
      support using #xx at end of netbios name to connect to the specified name type
      support NetServerEnum in smbwrapper. You can now do a ls in /smb/ and
      - modified resolve_name() to take a name_type
      started basic support for solaris 2.5 in smbwrapper.
      don't list the IPC$ share in directory listings (it causes infinite
      fixed some stuff for Linux that porting to Solaris broke
      warn user if LIBDIR isn't set right
      ignore .po files
      more solaris 2.5 fixups. It now seems to be working pretty well.
      drat. We can't include sys/fcntl.h because that gives
      we need to use __readdir() in preference to SYS_readdir for systems
      don't define creat() under linux until we get the CREAT_BITS stuff
      some tests for stat64() and friends
      reran autoconf
      tests for readdir64
      this gets smbwrapper working under Solaris 2.6. Not tested much yet.
      added a function set_maxfiles() to set our file rlimit to the max
      added pread pread64 pwrite pwrite64 and open64
      - added pread pread64 pwrite pwrite64 and open64
      handle ENOTDIR errno in cli_error()
      removed requirement of having a smb.conf for smbwrapper to work.
      it's a bit dangerous to use rm -rf
      test for loff_t and offset_t to support llseek() on Solaris and Linux.
      get type of callback right
      updated README
      got rid of all assembly code and gcc special features. I'm hoping to
      need to use SYS_open64 not _open64 for solaris 2.6 or stdio doesn't
      IRIX uses -shared for shared libray creation.
      new file realcalls.c
      fixed typo in getgroups code
      ported smbwrapper to SunOS4. It seems to work. pity so many binaries on
      handle systems that are missing either SYS_utime or SYS_utimes
      test for creat64()
      this gets it compiling under IRIX 6.4. Doesn't work yet though.
      fixed Makefile for IRIX make (it doesn't know %.o=%.po, leaving off
      got smbwrapper working on IRIX 6.4. Things got a bit tricky,
      reran autoconf for IRIX changes
      fixed a cast warning
      new prototypes
      - fixed cast warnings
      fixed some cast warnings from "cc -64" on IRIX
      ignore *.po32 files
      - keep IRIX cc -64 happy
      - fixed errno return in smbw_open()
      the IRIX make is very fussy amount comment lines. If a comment line
      tell the user we are producing -32 code for the .32.so library
      clean needs to delete po32 and .so files
      set HOST_OS after canonical system test
      use smbw_errno() not smbw_error()
      remove unused arguments from some static functions.
      removed unused variable
      added SMBW_PREFIX environment variable (allowing you to specify root
      implemented attribute mapping and chmod. file attributes are mapped in
      fixed a bug in time setting (utime() call)
      added a wrapper for fork()
      implemented unix semantics for rename in smbwrapper
      fixed rename error code from NT servers
      do an anonymous login if the username/password is rejected.
      put #if BROKEN_CODE around all the bits of code in rpc_parse.c that
      somehow "in_client" got included twice in two places.
      added some comments
      added a document on how to port smbwrapper to a new system
      some changes for OSF1 support in smbwrapper (just preliminary changes,
      fixed a bug in real_seekdir()
      fix typo
      reran autoconf
      - no getdents on OSF1
      test whether seekdir() returns void or not
      more OSF1 changes as well as changes to allow us to use the standard
      won't need wrapper.h anymore
      possibly use __sys_llseek()
      detect __sys_llseek()
      fix the SEEKDIR_RETURNS_VOID test
      not needed any more
      yet another attempt at making this stuff portable. This time I use
      return type cleanups for IRIX
      remoevd a misplaced comma
      fixed __xstat() under linux
      fixed facl() bug for solaris
      - updated docs to say OSF1 works
      more solaris acl fixes
      fixed fork() on SunOS4
      use double for dummy arrays to ensure alignment
      fixed a warning on SunOS
      SunOS doesn't need any ld flags
      we need realcalls.h in realcalls.c
      restore errno after smbw initialisation
      compile to .po.o first then mv to .po in order to make the sun
      don't prototype the acl() functions
      removed lukes acl check in configure (not needed)
      added some comments
      fixed a problem with fchdir() that broke "cvs -d" in smbsh
      use 1 second resolution calls if possible
      auto-detect the right flag for the compiler to produce PIC code
      removed extra comma (some compilers don't like it).
      add "smbtorture" alias for building smbtorture
      - fixed a bunch of warnings and minor errors
      - don't generate 0 params in torture
      fixed a warning
      really fixed the warning this time :)
      fixed a bug in the readline support
      fixed bug pointed out by Herb.
      made smbsh a standard binary
      smbsh launch program is now in C
      use level 0 for DEBUG() of malformed password entry in smbpasswd
      set recursion desired for bcast name query
      use the username GUEST if no other username is available
      - use large buffers for netshareenum
      only do the MAC extensions if we are a NTFS filesystem
      changed some debug levels
      added maxfid test
      add an option to enable/disable nt pipes
      check for lp_nt_pipe_support() in open calls
      redid proto.h
      - added smbrapper/shared.o
      - don't use env variables for passwords and usernames (yeah!)
      removed an incorrect comment
      return the resolved IP on a cli_connect() call so it can be cached
      prototype new functions
      improved session reestablishment
      added command line options to smbsh
      removed my badly-done attempt at handling compilers that don't handle
      add -Bshareable for *bsd*
      fixes for solaris
      new prorotypes
      removed setenv(), replaced with smbw_setenv()
      fixed a connection bug in torture test
      use putenv() more portably
      oops, I ot the return type of putenv() wrong
      at the interop Isaac (at least I _think_ it was Isaac) said that if a
      make the shared variable stuff slightly more sophisticated
      fixed problems with PWD - we no longer use the PWD env variable
      don't use SMBW_PWD_ENV any more
      don't enable smbsh/smbwrapper on systems where we can't work out how
      make sure that apps can't close one of the internal smbw file
      volker was concerned about unique inode numbers and smbsh. This set of
      handle the case of an intermediate binary not loading smbwrapper.so
      fix for John.
      added a couple more error codes to cli_error()
      report ourselves as HTTP/1.0 not HTTP/1.1
      added a vsnprintf() implementation from cvslock. See the notes on the
      add ifdef for "long double"
      fixed handling of %.0f in replacement snprintf.c
      use abort() instead of exit() in smb_panic()
      fixed problem with snprintf.c and mkproto
      yet another person asked me where the name Samba came from, so I put
      added copyright notice from Patrick Powell
      took out Lukes change as it breaks domain logons for Win95 clients
      don't core dump in smbstatus if we can't open the shmem system
      check return value of locking_init()
      don't bother trying QFILEINFO/QUERY_FILE_ALL_INFO with win95 as it
      converted smbclient to use clientgen.c rather than clientutil.c
      I talked to Dave Miller and he thinks that we should have TCP_NODELAY
      changed is_root() to am_root() to prevent clash with variable names.
      largely rewrote smbpasswd so that the code is understandable. This
      char -> uchar fix
      extracted the password change code from smbpasswd and used it in swat
      fixed demo mode
      show all buttons in demo mode
      handle null usernames
      remove my name from welcome page so I don't get mail about it.
      please remember to check that code compiles before checkin!
      changed the fonts in the images a bit to be readable at a higher
      no longer needed
      we don't have any jpeg images any more
      %\ is an interesting printf argument, but I prefer %s
      fixed compile for FreeBSD
      fixes for OSF1 compilation
      reverted includes change for FreeBSD as it breaks IRIX
      removed information on installing via cgi
      remove code that allows installation via cgi
      allow all user to view the config
      - new prototypes
      prompt for password on smbclient -L
      - handle servers that don't support getattrE (ie. NT)
      fixed setmode in smbclient
      automatically uppercase server and share names (win95 won't handle
      support.txt is now maintained solely on the web pages
      compile with optimisation by default on all compilers
      change ROUNDUP to SMB_ROUNDUP to prevent conflicts with system macros
      fixed lmhosts parsing. We were using sizeof(name) where name was char*
      use bindir not sbindir in Makefile to ensure that we don't break
      formatting change
      add a error code when failed to get lock
      try to use *SMBSERVER to connect to password server if the first
      make SWAT obey the global "hosts allow" and "hosts deny" settings.
      global change from samba.anu.edu.au to samba.org
      use http://samba.org/ not http://samba.org/samba/
      deleted some old DEBUG() code that wasn't used
      changed string_sub() to replace " ; and ` in the inserted string with _
      replace ' with _ as well
      updated SWAT README to remove cgi-bin instructions
      got rid of a dangerous message command example
      re-ran yodl
      install all html docs in yodl help directory
      better layout of password options.
      - removed smb.conf.5.html as it now comes as part of htmldocs
      make the help links appear in a separate window, so you can read the
      don't allow ".." in service name when doing "default service"
      removed include of net/route.h because it prevents compilation under
      replaced the icons in SWAT with real icons
      fixed pidfile handling to check for a lock on the file, so we can be
      oops - lock test was the wrong way around
      fixed a link to testparm.1.html
      fixed warnings (and potential errors) due to integer overflow when
      removed the SID stuff from the head branch as well.
      on Linux force fcntl/mmap based shared memory and on other systems
      and in head branch:
      Ken McDonell from SGI was interested in adding some profiling
      new files needed by profiling code
      damn, new files need to be added to the head branch first, I've told
      fixed a typo
      open_socket_in() takes a different number of parameters in the head
      use /dev/urandom not /dev/random in head branch.
      first pass at updating head branch to be to be the same as the SAMBA_2_0 branch
      2nd phase of head branch sync with SAMBA_2_0 - this delets all the files that were in the head branch but weren't in SAMBA_2_0
      util_sec.c from 2.0.6
      interfaces.c from 2.0.6
      interfaces.h from 2.0.6
      printing/print_cups.c from 2.0.6
      lib/fnmatch.c from 2.0.6
      client/smbspool.c from 2.0.6
      update version to pre-3.0.0
      more files from 2.0.6
      added basic nsswitch support - this allows you to use a "wins" entry
      first pass at the database code for Samba. This also includes a test
      this was left out from the 2.0.6 merge
      first cut at using the tdb code for the connections structure, the
      converted all our existing shared memory code to use a tdb database
      changed message is connections.tdb doesn't exist
      changed %g to %3.1f to be friendly to our poor snprintf() code
      expanded the tdb documentation
      when no shares are returned the *shares pointer must be set to null
      added some paranoia code
      fixed a bug in the handling of tdb version number upgrade
      improved error message in case the lock list is truncated
      fixed locking code
      fixed more locking bugs - all seems OK now
      a useful locking tester - it uses lots of simultaneous writers
      - optimise tdb_store() a little
      show test result in ops/sec
      - added tdb_flags option to tdb_open()
      updated docs
      don't close the database after each claim_connection()
      fixed active shares display
      drop the alignment to 4 bytes - this makes tdb more space efficient
      added the unexpected packet database (unexpected.tdb)
      the bulk of the unexpected packet handling code is in here
      got rid of mem_man
      ignore a few files
      added suppport for unexpected udp/138 packets
      use a minimal hash size in the unexpected packet database. A large
      lower the default hash size a bit
      implemented talloc() as described on samba-technical. This fixes the
      - patch from Rusty to neaten up the code a bit
      don't require readline
      don't use strcpy
      this looks like a big commit, but it isn't really :)
      added "netbios scope" docs
      remove scope parameter here too
      always restart nmbd and smbd when asked, even if they appear not to be
      netbios scope is a DOS_STRING
      the -i options are gone from nmbd and smbd - use the smb.conf
      fixed a comment
      improved the error checking
      added a DENY test that tests deny mode handling. It produces a matrix
      cli_open() wasn't handling DENY_FCB or O_WRONLY correctly.
      fix a error in access_table revealed by the new deny test in smbtorture. We now exactly match NT for normal files. We still don't match for *.exe files though
      extent smbtorture to test with both an exe file and a dat file
      don't treat a packet as a oplock break unless it is a request, not a
      I'm currently designing a new locking system (using a tdb database!)
      added locking/brlock.c, a byte range locking system
      defined br_off as a type for byte range offsets. For now I've set it
      new prototypes
      added Enosuchshare and a lock_type enum
      the lock routines now take a enumerated type for read/write locks, and
      the bulk of the new byte range locking coode
      changes to reflect the new syntax of the locking calls.
      greatly expanded the lock4 locking test. we now pass all but one test
      some more work on the byte range locking
      we now pass all byte range locking tests
      damn, Solaris already has a "enum lock_type"
      casts and defines to make solaris happy
      make a br_off a SMB_BIG_UINT
      make string_init() static
      fixed a formatting error
      added code to allow traversal of the byte range lock database
      use string_set() instead of string_init()
      rewrote the access_table() code to get it right for *.exe, *.dll,
      a consequence of the access_table() fixes is that we can't treat
      proto update
      use GET_DENY_MODE() macro instead of the bit shift
      as obelix would say "these romans are crazy"
      use GET_DENY_MODE() macro
      renamed DENY to DENY1
      made access_table() a pure logic function - makes it simpler to apply
      fixed some typos in access_table() which, amaziingly enough, make no
      we need -lc when making shared objects or glibc doesn't do its magic
      added masktest to head branch, in preparation for another assault on
      update masktest for new make_nmb_name() syntax
      the beginnings of a fnmatch() based wildcard matching routine
      damn, masktest now needs the mangle code from smbd
      load smb.conf and interfaces in masktest (to allow for netbios name
      merge from tng ...
      when doing a "secure nbns" wack response and check with owner for a
      fixed the hanlding of recursion desired when sending packets from
      the final part of the nmbd merge between head and tng - this gets the
      changed the definition of dos_PutUniCode
      damn, the test was the wrong way around for short_resuest
      I finally got sick of configure being run automaticaly when I run make
      utmp compile fix from peter at cadcamlab.org
      don't echo warning messages twice
      split out the lpq parsing code into a separate file
      removed the read prediction code from the head branch. I think the
      got rid of the file_fd_struct structure completely.
      the first of a bunch of changes to code with getting rid of the fd_ptr
      rather than doing print file open processing in open.c we now handle
      the bulk of the changes to get rid of fd_ptr and move print open
      new prototypes
      initialise fsp->fd to -1
      two minor bugfixes for SCO UnixWare. The first is to catch SIGPIPE so that putmsg() inside their send() doesn't kill swat and the scond is to open /dev/null to replace stdin after we close that
      added a cheap and nasty skip_unibuf() fn to allow easier merging from
      finally got sick of the "extern int Client" code and the stupid
      new prototypes
      some updates to the process logon code to reflect lukes latest
      add an align4() function
      add a comment
      use interpret_addr2() instead of inet_aton()
      use open() not fopen() on codepage files.
      a quick hack to reduce the size of the unicode map table headers from
      don't need this monster any more
      use macros for table boundaries
      added standard_sub_snum() function for modules that don't have
      The following series of commits are for the new tdb based printing
      the fsp needs a jobid in it now
      the new file_lines_load() and file_lines_free() routines. Very useful!
      the bulk of the changes. Also split the loadparm related code into printing/load.c
      JF and Jeremy - please have a look at what I did to the spoolss
      the changes to the main smb code
      added tdb_get_int() and tdb_store_int()
      - put the job status in english not french!
      added helper fns to change from internal status codes to nt spoolss codes
      use some symbolic names for print queue status
      improved the error handling and added queue pause and resume
      removed old comments
      added fdprintf()
      got rid of all the FILE* calls in the NT print system.
      got rid of FILE* in the unix name mapping code
      converted a bunch more functions to use a fd instead of a FILE*
      converted a couple more functions to use a fd instead of a FILE*
      moved standard_sub() and friends into a separate module
      removed some obsolete configure tests (sysv ipc etc)
      got rid of some more old configure tests and includes
      fixed some crash bugs in the nt forms parsing
      don't parse blank lines
      updates from the TNG branch
      - got rid of the "passive" option
      patch from luke to split out lanman code from ipc.c into lanman.c
      split fsusage() into a separate module (to fix linking problems with
      use sys_fsusage() not disk_free() in printing.c
      fixed uninitialised snum
      fixed overlapping strcpy() found by insure
      don't copy a null groups list
      return NULL for a zero size memdup
      if using insure then don't close fd 2
      fixed a prs memory leak (weren't freeing input buffer)
      avoided a memory leak in the ubi code by deleting a mangled cache
      insure caught an uninitialised memory reference - ensure it starts as
      trick to get full stack trace when using the free version of insure
      fixed two uninitialised memory references
      split fsp specific routines out of printing.c to fix linking problem
      Makefile.in change for split of printfsp.c
      check for a valid snum when running a printing command
      we can't pass a fstring to a routine expecting a pstring
      split out standard_sub_basic() again to fix a bug where %p was being
      fixed a memory leak I caused last week with my lines[] changes
      fixed another spoolss memory leak
      another fstring/pstring fix
      don't close high fd's in smbrun when using insure (prevents closing
      fixed a locking database bug - it was actually harmless except that
      more pstring/fstring errors found by insure
      moved the INSURE hook into util.c
      fixed a parameter bug found by insure
      fixed another memory leak
      moved INSURE hook into util.c
      use an size_t not a ssize_t when checking for out of bounds errors
      dump in a binary format
      don't qsort a list less than 2 entries
      fixed a memory leak of devmode in spoolss
      fixed a memory leak in nmblookup
      added TDB_MODIFY flag - patch from from luke
      split clientgen.c into several parts
      moved trans2.h and nterr.h into includes.h with all our other includes
      quick hack to get smbtorture working again
      put tdb utility functions in a separate file
      - removed all our old wildcard matching code and replaced it with a
      changed masktest to test the internal algorithm against one server,
      we don't need fnmatch.c any more
      some cleanups
      added cli_list_old() to allow for old style directory listing from
      - get the findclose code right
      fix handing of ascii_to_unistr
      fixed our smbsearch code. We now store the mask with the dptr, this
      go back to ascii in SMB_FIND_FILE_BOTH_DIRECTORY_INFO
      removed more cruft from our old wildcard matching code
      handle the special rule of *.* for old style listings when old_list is
      fixed parsing of broken NT short name
      fixed dptr_wcard handling (need to use strdup)
      - added some error checking
      added TDB_INTERNAL, TDB_NOLOCK and TDB_NOMMAP flags.
      fixed typo
      allow a DEFAULT_PRINTING to be specified in CFLAGS
      handle tabs in printcap files
      fixed a memory leak
      fixed a memory leak (calling hash_table_init twice)
      and yet another memory leak - this one in the client
      split the username in the vuser structure into a separate
      added support for deleting printers into the spoolss system
      added a nasty lock testing program
      - clear dead locks at startup
      improved the lock test program
      added ability to present lock tests
      fixed a uninit memory read that insure found
      found a much simpler case that kills the posix locking
      added -A analyze mode to locktest - it can now automatically prune
      if the stat cache is off then don't initialise it
      fixed message text
      more locktest improvements
      need LOCKING_OBJ in locktest now
      - use full_name instead of real_name
      an even simpler example of NT gettings its locking code wrong. This
      added a test for the NT byte range lock into smbtorture
      parameterize the lock timeout
      a minimal change to get appliance mode to work with winbindd
      example of broken posix lock behaviour
      nasty hack to print posix locks
      make debug easier to read
      make debug easier to read
      signed/unsigned fixes so we can handle a lock base close to 2^32
      fixed a vfs crash bug
      added winbindd options in head branch, so it is possible to combine
      added secrets.tdb and changed storage of trust account password to use
      the beginnings of a description of how to setup a Samba appliance
      added some rules for winbindd and pam_winbind
      brought the winbindd code into head
      brought across some rpc header files from tng
      don't attempt to build rpcclient in the head branch
      the beginnings of a new scheme I've working on to allow an easier
      fixed some winbind cache bugs
      - use smb_gwtpwnam() in another couple of places
      - add some reserved space to every tdb, this will be
      more merging
      more merging voodoo
      patch from Dominik Kubla <dominik.kubla at uni-mainz.de>
      remove autoloaded printers that are no longer in /etc/printcap when we
      formatting fix
      I found a better way of handling deleted auto printers
      fail a print start on a deleted auto printer
      check for sighup on each packet - otherwise it can take a _long_ time
      proto rebuild
      when creating the database zero the reserved space
      treat a blank "password server =" line as a "*" if in domain security
      in head as well ...
      updated appliance Makefile
      - changed smb_getpwnam() to use winbind style usernames
      an imcompatible tdb format change (sorry!)
      updated the appliance README
      use our primary domain trust account for trusted domain authentication
      add winbind manual in SWAT welcome page
      use gcc not insure by default in tdb build
      fixed a problem with appliance operation
      fixed a typo
      added winbindd man page to spec file
      don't install winbind man page twice
      fixed error code for buffer_too_large in trans reply
      exclude CVS files from rpm build
      fixed tar command line
      added packaging section to README
      updated appliance Makefile
      build in /usr/src/redhat
      use "winbind separator" in tng as well
      compile with -O2
      use "winbind separator" option for domain/user separator character
      fixed two uninitialised variables
      - added example config section to winbindd man page
      added spool_io_printer_driver_info_level_6()
      changed uniarray_2_ascarray to uniarray_2_dosarray
      rebuilt proto
      this is a awk based code generator. Very primitive at the moment, but
      preliminary support for unions
      renamed the harness program to vluke (for "virtual luke")
      removed old files ready for new awk parser
      vastly improved awk based code generator
      moved *.tpl templates into templates/ subdirectory
      add uint16 support, start to parse more of spoolss
      make prs_dump() store up to 100 variants of each msg type
      add prs_dump() at the top level rpc switch
      added grow_size to prs structure
      use grow_size to determine size of dump
      align at the end of every structure parser
      need to allocate the union pointer
      addd grow_size to prs_struct so we know how much data is actually in
      update grow_size in prs_grow
      don't call prs_dump() here
      call prs_dump() on every input and output packet so we have plenty of
      started update to handle arbitrary arrays
      another awk parser update
      added the ".trailer" type, to mark where a packet turns into a trailer
      take the sructure name to run through vluke on the command line
      the vluke program now takes a structure name on the command line
      a useful script, just go "./build foo.struct" and you get a full
      minor parse updates
      - added typedefs
      added primitive define macros
      started converting matty's srvsvc.idl to a .struct file
      error check in vluke.c
      more aparser stuff - we now handle everything but the idl headers in srvsvc.idl
      use lp_workgroup()
      use lp_workgroup()
      use \\ in front of filenames
      a fairly big change in spoolss.
      a fairly big change in spoolss.
      a fairly big change in spoolss.
      got rid of lp_revalidate()
      added tdb_pack() and tdb_unpack()
      added -u hide_unlock_fails option
      we don't do "revalidate = yes" any more
      new prototypes
      removed lp_revalidate()
      minor fixes
      move srandom to after connect so random stuff in clientgen doesn't
      fixed bugs in fdpass tests
      fixed call of firstkey/nextkey to traverse driver database
      fixed return from nt_printing_init()
      getting and setting security descriptors on printers now works
      fixed a couple of bugs in the driver return code
      fixed return error code that had 0xC with not enough zeros
      don't free a driver structure from the stack!
      don't build cli_reg in rpc client library until we merge that from tng
      init_unistr takes a const 2nd arg
      updated proto.h
      don't return a passwd struct for usernames that don't
      fixed some more crashes
      if the tdb stored driver isn't formatted right then return a default
      moved secrets handling into secrets.c
      added %J and %T to run_print_command()
      moved secrets fns into secrets.c
      moved secrets fns into secrets.c
      fixed some ptr declarations
      new protos
      someone forgot a !
      added a MANGLE_DRIVER_PATH define to chooose whether we stuff with the
      fixed the pack/unpack of the devicemode
      added some debug code to track down pack/unpack problems
      some printer parameters are getting corrupted, possibly by the client
      sec_desc_size() needs to handle a null secdesc
      no space was being reserved for the security descriptor in the parse
      we no longer need the code to cope with setprinter having corrupted
      added -O (use oplocks) option to locktest
      fixed a off by one bug in ntforms read from the database
      added locktest2
      don't ue nasty /proc/locks hack by default
      simple increment bug in uniarray_2_dosarray
      fixed sizeof() typo
      started adding support for relative, plus options for autoalignment
      split some of the irix kernel oplocks code into a function
      some templates needed for the new aparser stuff
      the Linux F_GETLEASE value has changed
      clean up oplock capability code ready for Linux code
      continued the split of the kernel level oplocks code into a more
      continued the split of the kernel level oplocks code into a more
      a first pass at Linux kernel oplocks support
      Linux kernel oplocks now seem to work, but need a _lot_ of testing
      fixed Linux capabilities handling
      a better test for oplocks being enabled in this kernel
      split all the change notify code out into a separate module
      fixed comments at top of module
      fixed a bug in BlockSignals() for systems that don't have
      totally rewrote the async signal, notification and oplock notification
      enable the Linux change notify code and change some notify debug code
      forgot to checkin select.c
      always use the DN_CREATE mask (NT expects file creation always to
      fixed the change notify bit definitions
      use DN_ATTRIB kernel change notify attribute
      added -L switch to tell smbtorture to use oplocks
      add some brackets
      allow posix locking database to be opened read-only (for smbstatus)
      allow for lots of connections per server
      argv parsing fixes
      proto update
      fixed autoconf test for kernel change notify support
      allow the notify implementation to choose the select timeout change
      add -d debuglevel option
      added support for kernel level share modes. These are a (small) hack,
      open files with O_NONBLOCK when available. This is necessary to
      use the right MMAP flag
      - use read locks when possible
      support both read and write locks inside the tdb
      reverted lukes changes in param/
      fixed two minor bugs in new sys_select()
      fixed size alignment in talloc
      slightly saner defaults
      simpler configure test
      got smbw to compile again on Linux
      added -L option
      wrote a little sample smbw program
      don't need shmem any more
      the smbw sample prog
      new protos
      if the sids are not the same pointer and either of the sids are NULL
      fixed help string
      added printer admin option
      add printer admin docs
      got error code right for printer update/add failure
      - fixed the %U macro so that the old (and documented) semantics work
      made reopen_logs() always re-open logs, not try and be smart about not
      fixed "admin users" option with new security code
      make sure a couple of variables are initialised
      the first cut of the internal messaging system.
      a simple test program I use to test the debug message system
      debug messages now work for nmbd
      much nicer message interface. We now register dispatch functions,
      we should not lowercase the username we receive in
      - changed the msg_type to be an int instead of an enum so that it is
      - fixed some memory leaks in the messages code
      fixed a race in the pipe() setup in sys_select()
      first cut at smbcontrol program. It currently allows syntax like:
      don't show equivalent enum options in swat
      added cli_lock64() and cli_unlock64()
      fixed a harmess mixup of bitops and a boolean
      use the 64 bit locking interface in locktest
      added a hack to get 64 bit locking working with the broken fcntl()
      new prototypes
      don't use gets() !
      added tdb_lock_bystring() and tdb_unlock_bystring()
      got rid of tdb_writelock() and instead lock a chain. tdb_writelock()
      an attempt to get the handling of fields in printer info structures
      use process_exists() not kill(pid, 0)
      the duplicate checking code will cause unaligned accesses on non-intel
      save and restore errno in select
      support smbcontrol sending messages to itself (for testing purposes)
      fixed the problem with messages not getting through
      we don't need the separate lp_status() connection records any more
      fixed a potential locking deadlock in tdb
      fixed messaging bug - use strlen() instead of sizeof() in key length
      change the split threahold for the free list to prevent freelist
      split the RPC_PARSE object into two pieces. The first is included as
      - added client support for nttrans calls
      a prootype program for querying/setting a security decsriptor on a
      new proto
      make sure we don't duplicate object files
      added basic ability to dump remote file acls
      getting/setting acls now works. The SIDs are still numeric, the next
      - better parsing
      changed an error message
      cleaner parsing and default handling
      new protos
      - added help
      - with -D only delete first match
      fixed SACL bug
      no longer pass the type to make_sec_desc(), instead the type is
      new proto
      fixed acls set bug
      c++ style comments are NOT allowed
      signed/unsigned warning fixed
      in cli_session_setup() accept usernames of the form DOMAIN/USER or
      document -U change
      removed SACL support (as it doesn't work with w2k if you ask for
      fixed indentation
      fixed setting ACLs on directories
      pass the desired access into cli_nt_create()
      fixed the parsing again and got setting acls working with w2k
      added a comment
      fixed a typo
      exposed the broadcast name resolution routine outside namequery.c
      added support for browsing the list of workgroups at the top level in
      new prototypes
      first version
      This commit was generated by cvs2svn to compensate for changes in r2,
      - fixed FlattenHash bug
      added a comment
      fixed help
      added header generation
      beginnings of the C parser generator
      changed auto-generated comment for headers
      implemented a much nicer name_status() interface. It now returns a
      removed unnecessary process_exists() call in message_send_pid()
      fixed pipe in smb.conf description
      reverted *.* patch until someone explains to me what the test case is
      initial client side unicode support (needed for netapp filer)
      pipe opening now works with unicode
      playing with CAP_NT_SMBS
      optimise by default
      setup workgroup when found
      up the debug level of the debug level change msg
      converted cli_mkdir()
      converted cli_list()
      converted cli_chkpath()
      converted cli_open()
      - neater setting of bcc
      converted nt_create and setatr
      converted a bunch more fns
      yipee! client unicode now works well with nt
      don't need _uni hack now
      added support for a CLISTR_ASCII flag so we can use a uniform
      reverted richards cli_NetServerEnum changes - they broke lots of things
      the unicode conversion of our client code is complete enough to be
      fixed a crash bug in smbpasswd
      converted the last couple of functions in libsmb to be unicode
      make ascii_to_unistr always use little-endian. This fn is never used
      rpc_parse_samr.c doesn't exist in head ...
      but it is needed for linking ...
      cope better with broken filer expectations
      make sure we don't free non-allocated data
      cope with filer/NT/samba all in one binary. yeah.
      - workaround filer lsa lookup bug for unknown sids
      fixed character set init in smbw_sample
      don't crash on null acl sort
      - fixed the sort_acl bug, sorting now works right
      cast the qsort
      make sure denied aces are first
      the -m option to the client is back
      neater negprot code using the new cli_setup_bcc() call
      use cli_list_old() when negotiating the older protocols
      a snapshot of my attempts to get wildcard matching right for LANMAN1
      add cli_list_new() for forced new protocol listing
      fixed a bug in non-terminated unicode strings with clistr_pull()
      made some progress in masktest
      updated prototypes
      made some LANMAN1 wildcard progress
      I have now found that despite initial appearences the lanman1 wildcard
      almost there with lanman1 wildcards. We now seem to correctly handle
      remove some test code
      better handling of '.'
      to use the same macros in the client and server rename the CLISTR_
      started support for unicode on the wire in smbd. Using a very similar
      converted reply_open, reply_open_and_x and reply_fclose
      this patch does a number of things:
      converted findnext to unicode
      - convert chkpath
      added STR_ASCII flag to srvstr_pull()
      converted a bunch more server functions to unicode
      converted reply_tcon()
      simpler and more correct srvstr_push()
      converted a bunch more fns to unicode
      fixed srvstr_push() call
      converted a bunch more trans2 calls for unicode. This got quite tricky :(
      converted the smb messaging code to unicode
      simpler clistr interface which handles individual packets having
      don't need srvstr_push_size or srvstr_pull_size
      enable unicode on the wire by default in smbd
      added STR_ASCII support to clistr_pull()
      converted reply_search
      converted reply_printqueue
      converted the nttrans code to unicode on the wire
      finished the conversion to unicode of the last of the trans2 fns
      fixed volume_name(). It used dos_to_unix() which uses a static buffer,
      don't need to force unicode strings in flg2 anymore
      removed useless debug msg
      ADMIN$ is an IPC share, not a disk share
      fix this in rpc calls as well
      much better readline support from Simo Sorce, with some mods from me
      fixed some compilation errors with IRIX cc
      much simpler readline code
      fixed unused variable
      added basic command completion support
      fixed rpcclient readline code
      added option "enhanced browsing"
      added "enhanced browsing" option docs
      latest attempt at lanman1 wildcard matching
      added -E option (for exit on errors)
      a much simpler talloc() implementation. This version has the following
      started converting some of the only-ascii code to use srvstr_*
      test commit for jeremy
      hide unreadable patch from idra
      merge from 2.2
      new files for head
      merge from 2_2
      merging from 2.2 to head
      a couple of minor merges from 2_2
      merge from 2_2
      merge some of the nsswitch code from tng to head
      added solaris wrapper from tng
      fixed typo
      added test for C99 compliant vsnprintf
      added much better snprintf code, plus new function asprintf
      C99 test for snprintf
      got asprintf defn right
      added asprintf test
      use asprintf for hideunreadable option
      - added test for vasprintf
      don't need slprintf.c any more
      - fixed some compiler warnings
      fixed %u/%U example
      make clean should remove PROGS
      fixed comment-in-comment
      fixed some uninitialised variables
      added more complete C99 snprintf test
      added error msgs to fcntl_lock test
      added sys/wait.h to fcntl_lock test
      use O_EXCL for fcntl_lock.c test in case some fool runs on /tmp
      merge from 2.2
      clearer tdb_mmap code
      add an alarm to fcntl test to stop tru64 from freezing on the test
      allow env variable TESTDIR for directory for fcntl_lock test
      replace modf so we don't need the math library
      new mput code from idra that doesn't need a call to find
      fix interfaces.c for aix 3.2.5
      merge some fixes from 2.2
      rebuild proto.h
      removed need for scandir in client.c
      latest config.guess and config.sub from gnu.org
      statcache initialisation fix
      make the max_connections code less horrendously inefficient
      remember to close tdb after use
      make sure that when a tdb expands we fill the expanded area, otherwise ENOSPC could be very bad
      ran make proto
      - added ability for swat to run under CGI. This needs
      return an error code on password attack, rather than exiting.
      try to make the tailer code much more robust. When a record
      make sure the umask is set in swat
      more portable TDB_LOG macro
      added a tdb_open_log() function that opens a tdb and enables logging
      - fixed an off-by-1 bug in the delayed deletion code that I believe
      use the new tdb_open_log() fn on connections database
      make swat recover from previously bad umask from xinetd
      new proto.h
      added list function to tdbtool
      merged fix for tdb_unpack from 2_2
      - added AC_HAVE_DECL() macro to aclocal.m4, so we can easily add
      fixed asprintf declaration
      removed SHLIBS until someone has time to get it to compile on more platforms (Richard?)
      use LDSHFLAGS not -shared in several places
      fixed solaris compilation error (don't add to a void*)
      don't use c++ style comments
      added a oplock break handler hook to the client code, this allows for more complete testing of oplocks from smbtorture and would also be essential if a client app ever really did want to use oplocks properly
      torture code is moving to its own directory
      moved all our torture code to a separate directory
      added a torture target for building all torture progs. Fixed a typo in locktest
      added a close-share smbcontrol message that forcibly closes a share in smbd (to allow unmount)
      Added STR_NOALIGN flags to clistr and srvstr fns. Yes, NT actually does
      next_token() was supposed to be a reentrant replacement for strtok(),
      added some comments to make the cli read code clearer
      the BAD_PTR idea in talloc.h is actually a bad idea - it means callers have no way of telling if the call really failed
      auto-build proto.h if its not there, but don't make it depend
      add an ignore on proto.h
      added the ability to test smbd safely as an ordinary user. The way it works is
      - make the regresison test mode code build in by default. This should
      added a -L option to smbpasswd to force it to run locally so we can test smbpasswd as non-root
      make sure we have BOOL in autoconf usage of util_sec.c
      fixed usage of socklen_t and also tidied up SIG_ATOMIC_T, using a typedef instead of a define
      got rid of the date headers off all text docs
      fall back to "unsigned" for uint32 on systems that don't have one
      fixed build
      handle EISCONN in socketpair_tcp
      on sco2 socketpair_tcp needs a bind
      temporarily made smbclient a non-error target so that builds will succeed when it fails. This will give richard a chance to fix problems without breaking the tree
      fixed guest account for build farm boxes
      cli_read() was reading too many bytes.
      fixed socketpair_tcp for OpenBSD
      check for bad usernames early in session setup
      removed some debug code
      The big character set handling changeover!
      strchr and strrchr are macros when compiling with optimisation in gcc, so we can't redefine them. damn.
      missed a couple of strchr calls
      we don't need the codepages any more
      we don't need the codepage sources any more
      fixed uninitialised variable
      got rid of __FUNCTION__ debug
      portability fixes
      more portability fixes
      added builtin support for UTF8
      make sure we reset the shift state on error for charsets like SJIS
      optimised the 7 bit case for utf8 conversion
      use alpha_strcpy on the domain as it comes off the wire
      use alpha_strcpy on DNS names
      fixed compilation of masktest on AIX
      fixed a bug in the parameters SMBctemp uses in open_file_shared()
      added line-feed at end of templates
      this fixes the failure of MS office on VFAT partitions on Linux
      removed an unreachable statement
      added some comments and removed an unnecessary check
      fixed inetd operation as non-root
      got rid of insanely verbose debug messages on startup
      fixed bug where we looked at the first byte of a password to determine
      fixed a silly bug in the internal UTF8 implementation
      check for initialisation in convert_string()
      formatting fixes
      fixed strrchr_m
      fixed some unicode and LANMAN2 bugs in trans2 find first
      fixed some unicode and LANMAN2 bugs in trans2 find first/next
      fixed the auto-initialisation of the iconv descriptors
      added sec_initial_uid() function so we can ask if a file is owned by
      formatting fix
      allow winbindd to run as non-root so we can test it more easily
      improved the command line parsing of rpcclient
      removed remnants of libtool
      fixed anonymous login in rpcclient
      added winbind_exclude_domain() so smbd can tell the winbind client
      much better handling of broken DNS servers
      removed some unnecessary code
      the nss and pam modules in winbind don't have strchr_m() yet, so use
      switch from UCS2 to UCS-2LE
      changed the iconv interface to go via ucs2 for all conversions. This
      if EILSEQ doesn't exist then use EIO. It doesn't really matter what
      build smbtree by default. It's a very useful utility.
      added a --with-libiconv=BASEDIR/ option to allow easier use of an
      a better test for unix domain sockets
      ucs2 is always a multiple of 2 bytes
      nicer smbtree output
      got rid of INFO: msgs at debug level 1
      - don't try to print pointers
      need to push smb_search strings in client charset
      we need to pull passwords in client charset for crypto to work
      removed unused file
      removed unused file
      a bunch of fixes from the sflight to seattle
      added -b option
      allow for the NULL in make_nmb_name()
      two fixes for NT clients -> share level Samba server
      string terminate in mkdir
      a fix for directory listing with the dave/thursby client
      minor bug fixes to smbtorture
      added ERRbadmcb
      added port 445 support to our client code
      the beginnings of a TRANS2 scanner
      better error reporting for servers that don't do port 445
      use 32 bit locking if client doesn't do 64 bit
      more minor torture updates
      fixed shortname length in trans2 list
      0 byte lock ranges ARE valid
      flush on a invalid fsp should give an error
      allow for 0 range locks in locktest
      tests for 0 length locks
      fixed handling of 139/445 in clients
      fixed level2 find first for unisys clients
      we now have all but the dreaded 0/0 lock working
      converted smbd to use NTSTATUS by default
      started converting NTSTATUS to be a structure on systems with gcc in order to make it type incompatible with BOOL so we catch errors sooner. This has already found a number of bugs
      forgot to commit the scanner code
      converted another bunch of stuff to NTSTATUS
      fixed typo
      more NTSTATUS changes
      use a name not a number for ERRinsufficientbuffer
      updated copyright for Michael Sweet
      the next step in our error code handling change
      tidied up some unused vars in JFs new fns
      more NTSTATUS/WERROR conversion
      the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but the client code still needs some work
      it now all compiles - so try enabling it by default and see what explodes on the build farm
      a fix for fussy compilers
      cope with pam being off
      fixed compilation of torture
      don't do pointer arithmetic on void* (some compilers can't do it)
      fixed a bunch of compilation errors on Solaris, mostly people getting NSS_STATUS and WINBINDD error codes mixed up
      more warning fixes on solaris
      fixed some compilation errors in cli_netlogon.c - tim, you need to rerun configure to get the new NTSTATUS stuff right
      added filename to error_packet()
      use cli_is_error() instead of looking in smb_rcls, otherwise NT status
      fixed formatting to make the code vaguely readable. It's still a dogs
      when you update the share mode in the db you must also update
      2nd DELETE_ON_CLOSE_FLAG fix ...
      use NTSTATUS not BOOL in do_lock()
      it turns out that XP agrees with the samba head branch over the right
      enable strict locking by default. This will be slow, so now we just
      actually obey the "use mmap" smb.conf option
      use a different test tdb name for tdbtest and tdbtorture
      flush stdout in test logging fns
      - fixed proto.h build on systems using a parallel make
      got rid of USE_TDB_MMAP_FLAG as its not needed any more
      added "display charset" option in smb.conf, along with d_printf()
      convert more code to using d_printf
      fixed missing const on d_printf declaration
      removed pointless parameter from readfile()
      fixed typo
      replaced stdio in many parts of samba with a XFILE. XFILE is a cut-down
      added xfile
      passdb/smbpassfile ain't needed any more - it only provided migration from an ancient file format, not relevant for Samba 3.0
      made a couple of local fns static
      kill a dead fn and make a local one static
      more static/dead fns
      declare dbf in one spot
      convert more code to use XFILE
      convert more code to use XFILE
      - enable MSDFS by default, there seems no reason not to have it enabled
      added a new global option "hostname lookups = yes/no"
      fixed compilation error in smbw
      fixed compilation of groupdb
      fixed ctemp in server and client. It turns out that ctemp on NT is completely broken, and it's pointless to emulate their brokenness completely in this case, but at least this makes us use approximately the same packet format. The spec is complelet wrong in this case
      don't try to initgroups in non root mode
      got rid of bogus write list substitution error messages
      *llist being NULL is not an error
      added a hook to reopen all tdb's after the server fork
      removed anti-race code that could cause a classic ABBA deadlock
      fixed character set for user name pull
      fixed the error code handling in can_delete() by converting it to
      fixed the Makefile so we don't rebuild libsmbclient and build_env.h
      convert all POST variables from display to unix charset
      tdbtorture updates from when I was trying to track down the hp tdb bug
      fixed bug in POST var handling
      fixed a silly off by 1 bug
      added cli_qpathinfo_alt_name() for fetching the 8.3 name of a file
      allow all ucs2 chars in utf8, rather than mapping some to a single
      added a little smbtorture test for dumping the unicode table of a
      fixed a typo
      fixed the really awful performance problem with the stat cache when it
      fixed compilation of tdbtorture
      make strupper() and strlower() not modify the string if it doesn't
      - fix handling of 0 last_change_time and must_change_time
      honor the ACB_PWNOEXP flag in smbpasswd
      the CASETABLE torture target now generates the complete unicode
      better method of generating the case equivalence table
      switched over to a new method of handling uppercase/lowercase mappings
      removed old unused files
      set ACB_PWNOEXP by default on new accounts.
      fixed basic ucs2 operation on big endian boxes. Still a bit more to
      fixed lame valid table
      initial kerberos/ADS/SPNEGO support in libsmb and smbclient. To
      profile.h is now known as smbprofile.h due to a conflict with badly
      first step in converting the head branch to use lang_tdb.c instead
      fixed some memory leaks, started adding asn1 decoder for server side
      added a ASN.1 parser, so now I can properly parse the negTokenInit
      improve the error handling in the ASN1 code a bit
      added NTLMSSP authentication to libsmb. It seems to work well so I have enabled it by default if the server supports it. Let me know if this breaks anything. Choose kerberos with the -k flag to smbclient, otherwise it will use SPNEGO/NTLMSSP/NTLM
      moved some OIDs to the ASN.1 header
      fixed two bugs in the NTLMSSP code
      fixed NTLMSSP with XP servers (who don't send the duplicate challenge
      minor Realloc() fix - pedantic
      bit neater talloc_asprintf() implementation
      the next step in the intl changeover. This should get us compiling agian,
      return of vsnprintf doesn't include termination
      forgot to add intl.h
      fixed typo
      fixed the --with-krb5=dir option.
      include more libs needed for kerberos5 on some systems (eg. solaris)
      removed unused gettext code
      always install swat language files
      split session setup code out of reply.c in preparation for adding
      - renamed *.po message files to *.msg
      updated copyright notices
      fixed finding the resolv library
      fix linking of k5crypto library on openbsd
      fix heimdal compilation
      added basic NTLMSSP support in smbd. This is still quite rough, and
      removed some debug code
      the beginnings of kerberos support in smbd. It doesn't work yet, but
      got rid of start_background_queue()
      quick fix for krb5 compilation. I've told vance how to fix this module
      fixed LDSHFLAGS when using non-standard lib locations
      don't need KRB5_DIR define
      removed an unused variable
      add non_root_mode() check
      finished auth when we get a valid kerberos ticket
      better krb5 error handling (thanks andrewb!)
      crude fix for anonymous session setup with extended security
      fixed the spnego detection code in session setup
      support both old and new kerberos OIDs
      made smbclient cope better with arbitrary principle forms
      change smbd to use HOST/hostname principle form until I work out how
      change smbd to use HOST/hostname principle form until I work out how
      patch for neater output() function from vance
      - fixed link order of krb5 libs
      a quick fix to get rpcclient working again. This just disables
      zero the data, not a pointer to the data ...
      remove {} from default valid char list
      get the string lengths right in domain logons
      free the negTokenInit structure
      fix the tree so it compiles again
      - make sure we use a non-zero session id so we can have multiple conns
      add asn1 integer handling ready for the ldap netjoin code
      fix locktest default parameters
      fix maxfd test to start deleting at right file
      add a hook to save the krb5 PAC
      added strlcpy() and strlcat()
      added ANS1 integer define
      added the beginnings of ADS support in smbd
      forgot this file
      forgot a file
      rewrote net.c
      removed unused function
      added "net join" command
      better auto-selection of realm and ldap server
      stop popt from doing its own intl stuff
      made a "net ads" command, currently with "net ads join" and "net ads leave"
      added "net ads status" command
      added "net ads user" and "net ads group" commands
      use generate_random_str()
      better help
      check for liblber separately
      added HAVE_LDAP_H check
      move popt out of proto objs
      add popt build dependency
      fixed typo
      portability fixes
      added 'security=ADS'
      fixed spnego, non-kerberos negprot
      use DEBUG() not d_printf() in libraries
      we can safely give NO_SUCH_USER if the ticket decodes but the local
      updated server_role for ADS
      add SEC_ADS auth method
      basic ADS HOWTO
      increment the value not the pointer
      don't die with a FPE if there are no DCs
      automatically look for /usr/kerberos to make redhat happy
      don't try to auto-change the trust password unless we are in domain
      fix sense of lp_allow_trusted_domains()
      prevent a memory leak of cli structures
      unable to open smbpasswd on initial create should only be a warning
      more memory leak fixes
      added -i option to nmbd, giving interactive mode (like winbindd)
      prevent a bogus insure wild ptr message
      fixed another memory leak
      another memory leak bites the dust
      fixed leak in free_user_info()
      reverted incorrect patch
      fixed the panics on basicsmb-sharelist on sun1
      allow printing of NULL pointers with internal snprintf
      added test for krb5.h
      don't use /dev/null for a smbpasswd file
      up the log level for server level security to try to track down the
      always send an OID list until we handle raw (unwrapped) NTLMSSP
      fix a bunch of places where we can double-free a cli structure
      turn off the insure xterm hack for now
      fixed a core dump in server level security
      minor update
      fixed some krb5 ifdefs
      fixed lame char tables on big endian machines
      2nd attempt at fixing lame char tables on big endian machines
      fixed toupper_w() and friends on big-endian
      fixed typo
      define LDAP_PORT when not available
      ads->realm must not be NULL
      we need to look for liblber before libldap
      more specific DNS instructions
      not used any more
      The beginnings of alternative backends for winbindd
      init group db before use
      re-enabled insure backtrace, calling /usr/bin/backtrace
      split winbindd_enum_dom_groups into the new backend structure
      fixed the nsswitch initgroups code
      fixed default location of libnss_winbind.so
      added nsstest target
      added a basic ADS backend to winbind. More work needed, but at
      make proto should build winbindd_proto.h as well
      added another ATYPE_
      const religion
      added name_to_sid to the backend
      put sid_to_name behind the winbindd backend interface
      changed query_dispinfo to query_user_list
      when using non-encrypted password ignore the ntpass variable to
      const religion in talloc calls
      typo fix
      added a query_user backend
      moved init_account_policy() to the right place
      moved lookup_usergroups() into the backend structure
      allow for passwords other than "samba2"
      added ads_search_dn() and ads_pull_sids()
      added lookup_groups() to the ads backend
      fixed an off by 1 bug in talloc_asprintf()
      added functions that convert a ads binary blob to a string (for
      finally worked out how to do ldap lookups by binary blobs, so I can
      added the last winbindd/ads backend function
      plugged most of the memory leaks
      more memory leak fixes
      added very basic ads connection cacheing
      fixed another leak - memory usage now seems to be quite small
      paranoia fixes in based ldap routines for potential memory leaks
      don't double free ldap message lists
      moved the sequence number fetch into the backend, and fetch the
      added timeouts and retries to ldap operations
      auto-init secrets.tdb
      added a REALLY gross hack into kerberos_kinit_password so that
      handle ldap server down better
      fix link error
      fixed a memory leak
      fixed a minor password memory leak
      fixed a return value
      added a propoer kerberos_kinit_password call
      allow a MAX_DEBUG_LEVEL setting in local.h (or the Makefile)
      put the winbindd krb5 credentials cache in the lock directory
      allow nsstest to test any nss module
      added a "use spnego" option
      added internal sasl/gssapi code. This means we are no longer dependent on cyrus-sasl which makes the code much less fragile. Also added code to auto-determine the server name or realm
      fix a DEBUG() line
      check for gssapi_generic.h
      fixed used of string after free
      fixed type passed to ads_search
      - use accountype not accountcontrol
      - check for correct error codes
      better error checking in nsstest
      set return value to total errors
      added a simple tdbdump utility
      add smb_xvasprintf() panic wrapper around vasprintf
      completely new winbindd cache infrastructure
      removed a debug line
      explicitly encode NULL strings in the cache
      make sid_binstring available without HAVE_ADS
      added some comments
      moved the domain sid lookup and enumeration of trusted domains into
      added some comments
      switch off level 100 debug for server security
      cleanup a little namespace pollution
      shrank the winbindd_cache.tdb somewhat
      winbindd backends can now be marked "consistent" or "inconsistent"
      use objectCategory instead of objectClass for faster searching
      robustness fixes and moved ccache location into winbindd_ads code
      moved ccache location change into winbindd code
      reinstated all the rap commands as top level commands until we get the
      got rid of start_ndx from query_user_list()
      removed the start_ndx parameter from group enumeration
      allow overriding the local time in kerberos_kinit_password()
      detect attempts to connect to names of the type NAME#xx and do a
      added a net time command. Allow display or set of system time based on
      added a comment about /bin/date
      better error handling
      handle a NULL hostname in cli_connect()
      handle systems without setenv()
      prevent double free
      allow join of already joined domain
      ads howto update
      pam_smbpass updates from a.bokovoy at sam-solutions.net
      added "net time zone" command to show the timezone on a computer
      improved error message from failed connect
      try the PDC for our workgroup if we can't find the ldap server
      better error handling
      make sure we find NSS_STATUS struct
      added "net ads info" to fetch basic ADS info without any auth
      -Insswitch/ breaks the build by preventing include of <nss.h> from working
      don't use -u switch to /bin/date - too many systems don't honor it
      removed unused variable
      obey "use mmap" on case tables
      allow selection of the organisational unit when joining a realm
      fixed handling of empty or dead domain in wbinfo -g
      fixed sid_compare_domain()
      better nsstest error checking
      - added initial support for trusted domains in winbindd_ads
      added trusted realm support to ADS authentication
      we only have gss_ fns on a krb5 capable box
      much better ADS error handling system
      add support for mixtures of ADS/NT4 domains, as long as the primary
      use "ads server" option if set for primary domain
      net ads password and net ads chostpass commands from Remus Koos
      mark '.' as a valid character
      much better auto-init of valid_table[]. This should just about remove
      fixed long filenames on win98
      net now sends its debug to stderr so its output can be relied upon in
      added net lookup command
      forgot to commit this file from remus
      support "map to guest" with spnego
      don't use server_info after its been freed
      fixed sscanf() of gid_t values
      fixed warnings on irix and crash bug on big endian machines
      fixed more warnings on irix
      added ads_domain_sid() function
      make sure we store the domain sid when joining a ADS domain
      check for a winbindd username when doing a kerberos auth
      lp_setup_logfile() doesn't exist any more
      fixed a typo in vsyslog()
      updated ldap test to test for less common function
      try to handle end of packet for not null terminated domain strings
      - handle kerberos session setup reply with broken null termination
      - portablitity fixes for cc -64 on irix
      more irix -64 portability fixes
      cope with systems that don't have full gssapi libs
      added a simple test to see whether building shared libraries actually
      renamed ans1.h to asn_1.h to prevent conflict caused by krb5 headers
      try to handle broken const in headers on cray unicos
      fixed ERRMAPEXTRACT torture to work with win2k
      added nTSecurityDescriptor field to host acct dump
      print the timezone in the same format as 'date +%z' - much better for scripting
      simple fix for creating blank data blobs
      fixed another DATA_BLOB constructor
      - use CFLAGS when linking shared libs (for things like -64 on irix)
      - fixed my breakage of CPPFLAGS
      make sure resolve_name() only returns valid IP addresses
      cope with direct IP addresses in resolve_name()
      make the winbind sequence number code more robust
      force the time difference in cache comparisons to be unsigned to cope
      fixed a crash in merge_aces()
      fixed a crash bug in domain auth caused by an uninitialised nt_status
      don't try to allocate zero bytes
      much better support for organisational units in ADS join
      don't use O_NONBLOCK in open(). This was added erroneously for kernel
      fixed a typo in the error map for WRONG_PASSWORD
      handle filenames like .bashrc better in the new mangling code
      this fixes the problem of not being able to add a SD to a file on a
      added 'wbinfo --sequence' to show sequence numbers of all domains
      reduced memory usage in winbindd with a rpc backend by using a
      fixed a bug in qpathinfo client code
      support double functions
      check for empty parameters in qpathinfo
      rewrote smbtorture to use the new dbench 2 format and methods
      fixed the directory removal for when the dir doesn't exit
      - only show 1 cleanup msg per client
      got rid of a silly '*' in printout
      when a trusted domain is down an ADS server will return a success on a
      reverted tims patch that broke configure
      serialise all domain auth requests
      fixed a memory leak thanks to dleducq at arkoon.net
      we definately don't want RCS $id tags in Samba. They make merging much
      fixed the gssapi lib configure test to not do the test twice
      enable large readwrite by default
      added cli_qfilename(), used in trans2 torture test
      this fixes the security tab on mapped drives for unicode clients.
      added a cli_qfilename() test to the trans2 tests
      don't do an ADS init when not in ADS mode
      made the domain secret key in secrets.tdb domain specific. This allows
      added a "XCOPY" test that simulates the open calls made by xcopy /O
      This fixes 4 info levels in a trans2 find_first that should not be null
      This is a nasty hack to fix "xcopy /o" from win2000 on a Samba share
      this allows us to support foreign SIDs in winbindd and smbd
      enable locking on the idmap database to make it safe to dump/restore
      fixed -c option to NBENCH test
      handle clock skew in getatr test
      make default unix charset UTF8
      added -k options for kerberos to smbtorture and locktest
      allow setting of lock range and base in locktest
      fixed NBENCH code for NT4 server ntcreatex semantics
      added -M option for minimum lock size
      show a progress bar during the deny tests
      accept the 0/0 lock but don't treat it in any sort of special way
      nicer message for --sequence when the server is disconnected
      get the right return code for batch vs exclusive oplocks
      added a tdb backup utility
      added -v and -s options
      build tdbbackup by default
      don't use -pg by default when building standalone
      added a bunch of explanation about tdbbackup
      better detection of dead ADS connections, so we have some chance of
      prevent a segv when a trusted domain is unavailable at startup
      a more informitive debug message when a SID can't be validated
      removed bogus prepend_domain() call which was screwing up getpwuid()
      make sure we use consistent keys in secrets.tdb by uppercasing domain
      rewrote the machine sid storage code to store the SID in secrets.tdb
      return the correct SID and domain name for the samr enum_domain and
      prevent bogus compiler complaints about comments in comments
      remove an unused variable
      add a note about the meaning of global_sam_sid
      try to use our workstation account password for ADS leave
      yipee! Finally put in the patch from Alexey Kotovich
      forgotten file, oops
      make tdbbackup more portable
      better handling of a zero timeout in cli_lock
      this attempts to handle the rather bizarre lock cache semantics in
      added -E and -Z options, and allow for the 2 servers to have different
      failed timed locks always give LOCK_CONFLICT not LOCK_NOT_GRANTED
      a bit more portability for tdbbackup
      added cli_locktype() for testing different lockingX lock types
      make sure we give an error for unknown lockingX locktype bits
      added a LOCK6 test for weird lockingX lock type bits
      expanded the lock6 test a bit to try lsarpc as well
      put in the ADS DNS hack, but commented out
      only try an ordinary file in lock6
      always make winbindd try for the PDC first before trying for a BDC
      get the test for disconnection the right way around!
      fixed 2 reconnection bugs in the ADS backend support
      fixed mapping of SIDs for local users
      if we know that the SID is local then don't try via winbindd
      detect SIZELIMIT_EXCEEDED in ldap queries and truncate
      lower the debug level of failing to map a file
      this tdb was being opened without locking, which is unsafe for shared
      added a -h usage option to winbindd
      enable locking on the winbindd cache tdb so it can be backed up and
      nicer output from "net rpc user add"
      the SEC_DOMAIN tests also apply to SEC_ADS
      if our lock spin code fails then return the first error code, not the
      fixed paged controls on my box. The problem seems to be incorrect
      added a ads_do_search_all() call, which is a more convenient interface
      updated winbindd to used paged ldap searches for all ldap queries
      make "net ads user" and "net ads group" also use the new paged interface
      the beginning of a test to determine and display a servers properties
      fixed the secondary group mappings for ADS users
      make net ads info work with -S
      a dodgy fix for a dodgy race condition in smbtorture child startup
      reverted Herbs smbpasswd commit as it completely broke setting a
      cope with a missing PAM define
      try to get the summary test working on OpenBSD
      not all versions of gcc support -rdynamic
      fixed a return value for a help function
      This split the mangling code up to allow for the possibility of multiple
      this adds a completely new hash based mangling scheme
      some optimisations to the new mangling system
      added some more comments
      - tidier flag checking code
      don't treat '.' as FLAG_ASCII, instead handle it separately
      a few debug statements (disabled)
      - the 36^6 hash space gives 31 bits, not 32 bits. We need to mask the
      possibly fix the 15000 user problem
      don't try to return a void
      added strndup() for systems that don't have it
      - added a mangling test suite that measures the collision rate on
      better mangling test. We now test that we can create by long name and
      nicer measurement of failures and collisions
      set the default hashing scheme in head to "hash2"
      merged the mangling test and passdb bugfixes into SAMBA_3_0
      fixed the display of the 'size on disk' property of files from w2k.
      when background printing wasn't enabled printing was completely broken
      two time handling bugfixes
      modified the ADS backend to accept either the long or short versions
      hanle the case where the win2000 username is completely different from
      pull_username() is a local function
      win2000 does not check the permissions on the share directory on
      it looks like it is possible for a w2k client to send a spnego auth without sending the negotiate - try to cope
      by using a prompter function we can avoid the bug in the MIT kerberos
      better handling of DOS LANMAN2.1 protocol
      this fixes the displaying of free disk space for DOS6 clients. Win2000
      make sure that we leave the tree unused after disconnecting
      make sure we don't walk past the end of the current SMB buffer when
      i forgot to commit these parts of the string handling patch earlier. Sorry.
      fixed the handling of STR_TERMINATE
      reran configure after adding a test for strnlen()
      ignore a few more files
      fixed a problem with the smb_buf() macro on some compilers
      stricter conditions on termination in strings
      make suure we get the return value from the pull_*() functions right
      disabled the traversal of the brlock database at startup and
      - fixed the is_mangled() interface to handle multiple components
      nicer strndup() function
      fixed the fallback to a BDC for ADS connections
      fixed a namequery bug caused by my recent string length patches
      fixed trust relationships in ADS winbindd after breaking them with my BDC changes ...
      try to cope better with the take ownership operation for foreign SIDs
      prototypes for some systems that don't have them
      a new "dual daemon" operating mode for winbindd
      made a couple of variables static
      main() needs to be indented to make sure it doesn't generate a
      damn! I forgot to commit winbindd_dual.c
      patch from Alexander Bokovoy needed for dlopen on bsd systems
      auto-recover from the fairly common case of a non-clean tdb shutdown
      added a 'net ads search' command, similar to 'ldapsearch' but using the
      fixed a spelling mistake
      fixed some debug messages
      put the ifdef for HAVE_VA_COPY in one place rather than in lots of
      a useful script for finding global variables or functions that could
      when nmbd starts up it is possible that dhcp hasn't started the local
      much better findstatic script
      fixed a bug in handling select in the main daemon - this stops the daemon spinning if a signal is received at an inconvenient moment
      reverted some bogus test code that jeremy accidentally committed
      fixed 3 bugs in jeremys trans2 merge. Hopefully it now works.
      - completely rewrote the wins_srv.c code. It is now much simpler, and
      fixed we_are_multihomed() to cope with dynamic interfaces (ie. don't
      mumble ... fix typo ... mumble
      made the wins list handling a littler clearer
      removed the wins name registration code from libsmbclient
      we never pass any userdata when doing name registrations on the
      This commit finally gives us multiple wins server groups. We now
      resolve_wins() now needs to be a public function
      The next phase in the WINS rewrite!
      fixed a link problem with global_in_nmbd
      don't warn on the loading of zero length files. This fixes the
      don't warn on non-existant files in map_file(), let the caller handle any warning
      make net join a bit less verbose
      don't backup to a newer file
      fixed a makefile syntax error that was breaking the build on some
      fixed a bug handling startup when the ads server is not contactable
      sort name query responses by how far they are from our interface
      bias the lookup sorting towards directly reachable IPs
      don't start the async dns process unless we actually need it!
      fixed multi-homed re-registration of names when we are a WINS
      ads_mod_ber should be static, not public
      used findstatic.pl to make some variables static and remove some dead
      fixed a prototype problem in client.c
      fixed our winreg parsing to handle a diifferent form given to us by
      the last WINS update broke self registration when we are a WINS
      fix declaration of global_in_nmbd
      make sure we disable referrals in all ldap searches - they are badly
      this fixes the ads dump code
      this implements a completely new strategy for fetching group
      fix setting machine passwords in the case where a user account of the
      - fixed a crash bug for 'print -'
      fixed a stdin bug in XFILE that prevented 'print -' from working
      fix directory listing on win9x.
      added --machine-pass option to net. This allows you to authenticate as
      added useful 'net rpc info' command
      move opt_machine_pass to keep some compilers happy
      removed some meaningless const casts that were causing thousands of
      this is a trick to work around the fact that posix does not supply
      after thinking about the env variable hack for avoiding group membership
      don't report the faiilure of non-blocking locks. They are supposed to
      fixed a problem with getgroups() where it could include our current
      don't use C++ comments in C - it doesn't work on many compilers
      fixed a call to get_current_groups()
      updated the 3.0 branch from the head branch - ready for alpha18
      checking for NULL really is counter-productive, and this one was also
      enum_group_mapping takes an enum not an int
      fixed a number of real bugs found by warnings on the 64 bit irix compiler
      more bug updates from head
      new files from HEAD
      fixed line buffer mode in XFILE
      fixed a segv in net time when the host is unavailable
      removed the freebsd getgroups check now that we don't use it
      added LDAP_SET_REBIND_PROC_ARGS in acconfig.h
      reran configure
      implemented getgrouplist() for systems that don't have it and use it
      reran configure
      I had forgotten to commit this after running configure
      fixed typo
      fixed logfile location to honor configure
      fixed man install
      partial apply of samba-patches 960
      good security patch from Timothy.Sell at unisys.com
      fix minor nits in nmbd from adtam at cup.hp.com
      make sure async dns nmbd child dies
      this is an interim fix for nmbd not registering DOMAIN#1b with WINS
      fix for smbtar filename matching
      minor portability fix
      an initial fix for handling sparse files in smbd
      introduced a get_file_size() macro in trans2.c to make it easier to
      - if we are in ADS mode then avoid an expensive netbios lookup to find
      removed a gratuitous standard_sub_basic() on the 'password server'
      2nd try at a fix for netbiosless connections to a ADS DC. This also
      a couple more minor tweaks. This now allows us to operate in ADS mode
      always include the (void) for void fns ...
      this fixes plaintext passwords with win2000
      net ads info now reports the IP of the LDAP server as well as its name - very useful in scripts
      make sure that 'net ads info' gives info on the server we specify, not
      the ads_connect() here doesn't need to actually succeed, as its only
      added support for smbd listening on port 445 and 139. It now listens
      fixed a net crash bug if we can't find a DC in a 'net rpc' command
      added 'disable netbios = yes/no' option, default is no
      make sure we zero the unusued elements in a SID when parsing
      fixed multi-line strings for portability
      support netbiosless search for the DC using ADS in the winbindd AUTH
      fixed the length checking for plaintext passwords (thanks to andrewb
      make sure we null terminate plaintext passwords
      fixed a bug where we were truncating the returned names in a netbios
      This fixes a number of ADS problems, particularly with netbiosless
      fixed wbinfo -t for netbiosless domains
      added 'net rpc testjoin' and 'net ads testjoin' commands
      fixed a memory corruption bug in the wins code
      fixed a memory corruption bug in ads_try_dns()
      when using netbios lookup methods make sure we try any BDCs even if
      fixed 'net ads chostpass' for new ads structures
      amazing! we've had a reversed comparison in our blocking lock code
      get the error code right in case of a blocking lock timeout.
      be a bit more paranoid about not getting duplicate domain names (can
      make the LOCK1 test randomise the time for the blocking lock test
      nicer locking timeout test
      added exact timing semantics on blocking locks
      round lock timeouts in lockingX upwards to multiples of 1 second, so a
      added a 'net ads lookup' command that does a CLDAP NetLogon query to a
      we now receive and parse the main cldap netlogon reply.
      we now parse the cldap reply and print its contents. There are a
      added a generic print_guid utility, and get the byte order handing
      make rpcclient use print_guid()
      print out the GUID in the CLDAP reply
      the SMBD_SELECT_TIMEOUT_WITH_PENDING_LOCKS macro isn't needed any more
      fixed memory corruption in cli_full_connection()
      added a useful unistr2 display function
      added a 'net rpc samdump' command for dumping the whole sam via
      a few minor cleanups in the cldap request
      made the CAP_UNIX test a bit cleaner
      don't use spnego in the client unless enabled in smb.conf
      a ASN.1 fix from anthony
      added smb_xstrndup()
      slprintf() takes a size argument
      show builtin groups in samdump
      fix connecting to a BDC when the PDC is down but in WINS and no bcast
      fix connecting to a BDC when the PDC is down but in WINS and no bcast
      removed a debug line
      ensure that we unlock in case we hit a tdb error
      convert the LDAP/SASL code to use GSS-SPNEGO if possible
      don't use ENCTYPE_ARCFOUR_HMAC unless the kerberos lib supports it
      initial mem_ctx to NULL
      added gencache implementation from mimir - thanks!
      another const cleanup
      more const cleanups
      disable stat cache when case sensitive
      Add clock skew handling to our kerberos code. This allows us to cope with
      allow --with-krb5 to override the location of the kerberos libs on
      change ADS negprot to match more closely the options used by w2k. This
      enable 'map hidden' and 'create mask' to allow the new OPEN test to
      fixed 3 bugs in the wins server code related to precedence of ! and &
      .NET likes both forms of servicePrincipalName in the machine account
      support all permitted encoding types in tickets. This allows us to
      only set UF_USE_DES_KEY_ONLY if we are using krb5 libraries that can't
      fixed a crash bug on 64 bit systems. Thanks to Anton Blanchard for
      - we need to rescan the trusted domain list regularly to cope with
      a space is a standard valid character in a filename
      reverted an incorrect fix. What I was trying to do was fix a problem
      add a 'mangle prefix' option to allow people to tune the number of
      fixed a possible segv when dealing with a blank password
      if trusted domains are disabled then we should not try to connect to
      much simpler code to choose a DC to contact in winbindd. We now always
      added a timegm() function for systems that don't have it
      make_server_info_guest() can need root for the ldapsam backend
      when doing a 'net rpc vampire' a pdb_init_sam_pw() is used to create a
      fixed some formatting errors and improved some debug statements in
      make sure that if kerberos fails we can fall back on NTLMSSP for SASL
      make sure we don't try to decode any null password buffers during a
      the change in the way %U is handled to use current_user has broken
      a better for for using %U in smb.conf
      more %U fixes for head
      merged the %U changes to 3.0
      fixed a number of places where we can try to free a wild pointer or
      a working timegm() function for systems that don't have it
      the 'padding' field in the query domain info reply is not a padding
      add help text for 'net ads lookup'
      clearer debug message when the user is already in the ldap db
      query_alt_name takes a forced unicode string in win2000. It is not
      merge alt_name patch from head
      added cli_lsa_enum_account_rights() call. Note that this is in
      allow a couple of LSA functions to take a username instead of a SID,
      fix some undefined behaviour with increments in C. In theory a
      the 'static' keyword here is useless as we are not declaring a
      This removes the 3rd argument from init_unistr2(). There were 240
      reverted this patch till I sort out the craziness with UNIHDR
      cleaned up the lsa_enum_acct_rights function and added a
      added LsaRemoveAccountRights
      added the LSA privileges server backend stubs. Right now they just log
      ignore configure in cvs
      ignore config.h.in in cvs as generated by autoheader
      make sure we don't run over the end of 'name' in unix_convert()
      merge from head
      added the 'lsaenumacctwithright' command to rpcclient. This allows you
      added server stubs for lsa_enum_acct_with_right
      removed a duplicate copy of smb_io_sid_array()
      pull_ucs2_talloc() should pull to a char**, not a void**
      add a note about a better method for finding netbios name of workgroup
      add a note about relative opens with blank paths - its a re-open!
      setup the %U substitution in winbindd for the homedir template
      initial server side privileges implementation, using a tdb. This needs to be hooked into pdb, and we need some access control on changing privileges. That's next
      - added help on -P option
      fixed a crash bug in the new winbindd 'sids rule!' code
      the new DEVELOPER checks for string overflows have (as expected)
      i forgot to commit the privilege db init call
      added -i option for ignoring dot errors in masktest
      fixed use_oplocks and the timeout in smbtorture startup
      make sure we have an empty directory when we start the utable test
      fixed the MANGLE smbtorture test with the new paranoid string code
      having sticky create times is not a bug
      fixed a strcat noticed by metze
      fixed a strcat noticed by metze
      win2000 can take much longer than the specified time to respond to a
      fixed the unmarshalling of the queryaliasmem SAMR call
      show which files we fail to create in the casetable test
      removed a duplicate lump of module stuff in configure.in
      it is possible for some of the real time signals to be used by glibc,
      merged real time signal fixes from head
      added a simple test for the old SMBtcon interface
      updated the TCON test so that win2000 passes. Samba now fails this
      fixed the -U option in nmblookup
      fixed the -B option as well
      added simple tests for SMBchkpath and SMBioctl
      reversed the sense of the TCON test, now that we know that win2003
      changed the order of checking whether a SID is a UID or a GID in posix
      don't rely on realloc() working on NULL
      strequal() returns True for equal, not an int
      fixed the popt option handling in nmbd, so that -i now works
      we weren't filling in the keylength in LANMAN1 and LANMAN2.1 negprot
      merge LANMAN1/LANMAN2.1 fixes from head
      installman needs to depend on installdirs, to fix parallel
      installman needs to depend on installdirs, to fix parallel
      fixed the ALL_INFO and ALL_INFORMATION trans2 QFILEINFO levels. The
      added the COMPRESSION_INFO trans2 QFILEINFO level and fixed the
      fixed the arbitrary 256 limit on the size of aliases in parse_samr
      shouldn't null terminate trans2 qfileinfo all_info/name
      fixed the termination of several trans2 strings
      removed the 'valgrind fix' that (although it may well remove a
      fixed the layout of the FULL_DIRECTORY_INFO trans2 findfirst level
      fixed the string alignment of the QUERY_EA_SIZE trans2 findfirst level
      - the 8.3 name in BOTH_DIRECTORY_INFO is supposed to be always unicode
      fixed a pstrcpy() that is not on a pstring
      make the allocation_size consistent between trans2 QFILEINFO and SMBgetattrE
      - the ALL_INFO trans2 QFILEINFO level uses a forced UCS2 name
      2 more places where win2003 forces UCS2
      SMBlockingX timeouts are in units of 2 milliseconds, not 1
      changed 'winbind uid' to 'idmap uid' in build farm tests
      mark the HEAD branch as deprecated. Nothing that a determined
      applied patch from bug#140
      when creating aliased parameters in loadparm.c you *must* place the
      don't call a function error_message() as that conflicts with a
      added an auth flag that indicates if we should be allowed to fallback
      use ZERO_STRUCT() instead of memset
      - fixed the bug that forced us not to use the winbindd cache when we
      use lp_realm() to find the default realm for 'net ads password'
      fixed smbtorture LOCK1 test to know about the correct multiplier for
      fixed libsmb code to set correct timeout in cli_state when waiting for
      removed editreg from standard build until it is portable. Right now it
      on AIX FD_ZERO() is defined in terms of bzero(), so we can't have
      i'm getting rather sick of this
      several places in client.c rely in commands[i].name == NULL being a
      made a debug statement more useful
      another improved debug statement
      reverted locale patch put in by jht (originally from vorlon).
      we need to call ads_first_entry() before using a ldap result,
      fixed a bug found by volker
      lp_security() is a function not an integer
      - added LOCALE patch from vorlon at debian.org (Steve Langasek) (bug #122)
      fixed the pstrcpy() bug in directory recursion properly
      this fixes a bug where Samba would under some circumstances return
      make sure we don't allow the creation of directories containing
      fixed segv in calls to pstrcpy() in cliprint.c
      This is a critical bug fix for a data corruption bug. If you
      CVAL_NC() doesn't need the (unsigned) fix and breaks the IRIX build
      first public release of samba4 code
      This commit was generated by cvs2svn to compensate for changes in r30,
      use the \\server\share form of tconx to work with servers that don't
      add support for 32 bit pid using the PIDHIGH field. This allows the
      check for an invalid TID in reply_exit()
      make sure we give the chosen workgroup in gentest
      - cope with servers that don't properly implement SMBexit
      added config.guess
      put config.guess in the right place!
      - added SMBntrename test suite
      disabled autoconf 2.53 requirement until we know exactly why it is
      process_model.h is not used at all - hangover from earlier design
      - expanded the ntrename test
      - added test for position_information via paths
      - added a raw smb scanner
      added read/write seek testing
      added seek to gentest
      added SMBopen to gentest
      added the ancient SMBcreate operation to the testsuite and client lib
      fixed allinfo bug reported by metze
      test resume by name before resume by flags
      don't give detailed errors for levels that fail
      nicer formatting in getattre
      fixed a comment typo
      some servers don't return a fs_type and dev_type
      try to cope with servers that return a blank alt_name field
      a few build fixes to try to get irix building
      fixed some places where we don't brace (flags & STR_UNICODE)
      fixed an enumerated type error found on irix
      more fixes from the IRIX compiler (thanks herb!)
      more fixes from the IRIX compiler (thanks herb!)
      fix handling of parametric smb.conf parms with embedded spaces
      - patch to fix a memory leak from metze
      ascii/unicode fixes in ascii mode found by smbtorture
      fix a segv when server doesn't support ATTRIBUTE_TAG_INFORMATION
      expanded the RAW-READ test to make it clearer that all locks conflict
      I think I've finally got the ascii/unicode issues right in trans2 find
      thanks to ntfsd and some google searches I worked out what the unknown
      - use deltree to setup base directory
      better child synchronisation at startup in NBENCH
      when we don't have a working iconv library we must default to using only builtin charsets. Defaulting to CP850 when we have just determined that it doesn't work just guarantees that Samba won't work at all (in fact it just seg faults at startup). This fixes Samba on AIX, and I expect on a bunch of other platforms.
      fixed snprintf.c for systems that have only some of the *printf() family of functions
      fixed spinlocks in tdb
      fixed a number of bugs and memory leaks in the AIX winbind shim
      the beginnings of a samba4 programming guide
      added some NTVFS info, and started the process model section
      much better synchronised startup in smbtorture - this allows us to run
      parameterise the listen backlog in smbd and make it larger by default. A backlog of 5 is way too small these days.
      - a few portability fixes from Jim Myers
      a major revamp of the low level dcerpc code in samba4, We can now do a
      we only want the per-call stub data
      started adding RPC-ECHO torture cases
      added a helper function to make building rpc functions a bit easier
      actually use the passed parameters!
      added rpcecho EchoData test
      added SinkData and SourceData tests for rpcecho
      added fragmentation support on receive for dcerpc packets. I have
      added support for fragmented sends
      yipee! we can now do lsaOpenPolicy() via the new interfaces, without
      lsa_OpenPolicy2 now works
      lsa_EnumSids() now works
      fixed some error found by valgrind
      fixed another error found by valgrind
      finished off the ndr_sec.c module
      allow qfsinfo to continue with just 10 levels supported in the server
      updated pidl to auto-generate the ndr_push_*() functions for the
      another major bit of restructuring of rpc in Samba4. Mostly moving
      a bit of a tidy up before I add the ndr_pull_*() side of things
      - generate both the pull and push side
      - corrected some lsa idl
      - more generation fixes
      - include includes.h
      added fixes for the pushing of arrays and handling non-ref pointers in
      added idl, generated code and test code for lsa_LookupSids
      check for pidl.pl in path, not $HOME/pidl/
      added support for arrays as function arguments and for unistr_noterm
      lsa_LookupNames now works
      get rid of some prototypes that aren't needed any more
      use a more consistent style for the client stubs
      - handle void functions
      converted the rpcecho pipe to use IDL
      added a module for auto-generating the client calls. We can now go
      - added the rest of the LSA calls as stubs
      i forgot to commit the rpcecho idl file
      added a test for lsa_Close()
      added lsa_EnumPrivs idl and test code
      added lsa_EnumTrustDom
      - fixed lsa_EnumTrustDom
      much cleaner handling of the different types of variables
      added IDL and test for lsa_EnumPrivsAccount()
      added IDL and test for lsa_EnumAccountRights()
      added idl and test code for lsa_LookupPrivName()
      - added support for the pull side of unions
      started adding support for lsa_QueryInfoPolicy
      automatically generate ndr_print_*() functions for every IDL
      automatic printing of unions
      start using automatic union printing
      fixed handling on pointers to arrays of structures in unions
      support lsa_AuditEventsInfo
      fixed the NDR structure alignment rules
      added QueryPolicyInfo/PrimaryDomainInfo idl and test code
      added support for 8 byte aligned HYPER_T
      added 9 more info levels to lsa_QueryInfoPolicy
      added support for "make pch" to build a precompiled header. Note that
      a small include file rearrangement that doesn't affect normal
      handle constant sized arrays
      lsa_PrivilegeSet seems to be a very strange beast indeed. It has a
      I think we now handle conformant arrays in structures correctly - the
      * fixed conformant arrays in structures
      more dfs work
      removed a bunch of the old rpc code in preparation for replacing it all with auto-generated code
      removed some obsolete .cvsignore files
      fixed rpcecho EchoData debug code
      * differentiate between pointers and non-pointers in switch_is union
      fixed the handling of unions of pointers
      we can now do a level1 NetDfsEnum()
      fixed another problem with pointers to arrays in structures
      * fixed lsa_LookupPrivName
      * added levels 4, 200 and 300 to NetDfsEnum. 200 and 300 don't work
      * make pidl.pl exit with an error on a parse error
      added the dfs_GetInfo all - all levels
      it turns out that all MS servers ignore the artifact struct_len fields
      added lsa_QuerySecObj() and the necessary sec_desc_buf supporting code
      added the first couple of calls from samr as IDL
      support a new value() attribute that allows us to auto-fill certain
      run LookupDomain on each domain returned from EnumDomains in samr
      added samr_OpenDomain() and samr_QueryDomainInfo() level 1
      fixed alignment of the buffers part structures
      added another 11 levels of QueryDomainInfo
      added samr_EnumDomainGroups and samr_EnumDomainUsers
      added samr_OpenUser, samr_EnumDomainAliases and samr_QueryUserInfo level 1
      added support for varying conformant arrays (needed for samr
      added samr_UserInfo2 and samr_UserInfo3
      added samr UserInfo levels 4 to 20
      added UserInfo level 21
      don't encode my own servers name in the test :)
      added OpenGroup and QueryGroupInfo levels 1 to 4
      added OpenAlias and QueryAliasInfo levels 1 to 3
      remember to samr_Close() policy handles after use
      the returned policy handle in spoolss_OpenPrinterEx() is pass by
      simple method for auto-building rpc files if idl changes, and
      run the basic build tests on sub-builds like "make torture" as well
      fixed the handling of much more general C expressions in value()
      slightly more efficient strlen setting in lsa and samr strings (calls
      added the "subcontext" attribute for auto-handling of user-marshalled
      use the "subcontext" magic flag for sec_desc_buf
      ignore .pidl files
      added support for "relstr", structure and union properties and public
      added support for level1 of EnumPrinters in spoolss. This uses a
      * the beginnings of non-constant fixed arrays
      use nstring and [relative] to support levels 1 and 2 of EnumPrinters
      better [relative] handling, allowing for nested relative structures
      nicer method of handling spoolss EnumPrinters
      handle non-NTSTATUS return types
      * more info levels for EnumPrinter
      added OpenPrinter and a test function. Note that the Samba3 structure
      call OpenPrinterEx on each printer on the server, and then call
      * support inline arrays
      security descriptors are no longer a "special" type, they are handled
      started documenting the extension to IDL that pidl implements
      use [subcontext] to make GetPrinter a bit easier in smbtorture
      auto-generate functions for printing top-level function
      * add another WERR err code
      added wkssvc.idl and test code
      remove an unused variable
      auto-generate top-level debug print functions when a flag is set on
      * use the new auto-generated debug code method.
      ignore c and h files in the idl dir. This makes it easier to
      support the 'default' case in IDL unions
      fill in skeletons for the rest of the function calls in wkssvc (based
      auto-generate the pipe UUID version and name
      remove some old junk from the Makefile
      use the auto-generated UUID, version and name rather than listing them
      added samr_QuerySecurity() call that displays the ACL for any handle.
      changed wks to wkssvc (suggestion from metze). Started adding samr_CreateUser().
      cope with no printers returned from EnumPrinters
      get rid of the old rpcclient code - it needs to be rewritten to use the new rpc infrastructure
      added samr_CreateUser() samr_DeleteUser(). The test suite creates a
      added another wkssvc info level
      added a thanks to Todd Sabin (with his permission)
      separate the reason and result codes in a bind_ack. This is needed for
      init samr and lsa names so the debug display looks right
      possibly better handling of NULL secdesc (thanks to lukeh)
      fixed country code field in samr_UserInfo5
      change to AuditEventsInfo struct from lukeh
      removed an unused structure
      slightly more accurate structure alignment code - I need to do proper
      after discussions with lukeh, I think we found a alignment bug in old
      as discussed on irc, this is a small patch that allows a few more
      added a wbtest program that shows how to access winbindd extended nss
      srvsvc IDL and test code from metze. Thanks!
      started to expand the echo tests to include more interesting test
      switched to a new way of handling unions, so that we can handle
      switched to a new way of handling unions, so that we can handle
      updated copyright year
      fixed wkssvc idl and test code for TransportEnum
      make the socket send code a little clearer
      * added support for empty case elements (including default cases)
      * changed to midl syntax using [case(x)] instead of case(x)
      some errors are expected in SAMR and LSA tests - don't fail the test
      * added a 'lstring' type for spoolss
      EnumPrinterData in spoolss now works
      make the echo idl match the win32 IDL again
      use strict perl package everywhere for error checking
      damn, "use strict;" in util.pm breaks pidl - but why?
      its LoadStructure() in util.pm that doesn't like strict perl - any
      avoid compiler warnings for unused variables with [relative] pointers
      added samr_LookupNames() and test code
      added samr_LookupRids() and test code
      use a precompiled grammer in pidl. This speeds up pidl by about a
      fixed srvsvc_NetShareEnumAll()
      * cope with pidl not being in $HOME/pidl
      fixed a comment
      a bit neater way of emitting code
      fixed pushing structures containing pointers inside unions
      started on samr_SetUserInfo()
      make sure we don't try to use c++ style variable declaration
      * fixed level2 of QueryUserInfo
      extensive samr_SetUserInfo/samr_QueryUserInfo testing, with
      moved the pidl auto-generated files out of CVS
      * fixed libndr.h header
      added samr_QueryDisplayInfo() (only level 1 so far)
      we now use a copy of pidl inside the samba4 source tree at
      Todd Sabin pointed out that a couple of the values I marked as hyper_t
      ignore generated idl.pm
      added support for 'ascstr', a ascii string in MSRPC !
      added 4 more levels to samr_QueryDisplayInfo()
      only display really verbose packet dumps when smbtorture is run at
      avoid calling the print routines completely if debug level < 2
      * changed the way strings are handled in pidl to a much more general
      print out the UUIDs from the end point mapper
      forgot to commit this, sorry
      don't ignore .h files here
      cleaner handling of relative pointers to strings
      fix a smbtorture memory leak
      fixed a bug with pushing non-pointer unions
      added some explanations for epmapper IDL and dom_sid2
      added Parse::RecDescent module into pidl to ensure we all use the same
      * you can't have two parameters with the same name (pidl doesn't enforce
      a fairly major upgrade to the dcerpc system
      * enable RPC/NDR validation in all smbtorture code
      * fixed NDR flag inheritance across push subcontexts
      dfs torture test now passes
      * fixed handling of relative subcontext unions
      * fixed null terminated string handling
      added the beginnings of an IDL validator, to give clearer errors when
      added support for 'const' in IDL files. This makes it easy to define
      added support for enumerated types in IDL files. This makes unions
      changed to perl for mkproto, patch from vance
      get rid of our awk scripts
      we don't need awk now
      reduced the number of magic types we need in mkproto.pl
      nicer base type handling
      fixed loadparm handling properly
      much faster inner loop and neater code
      final bit of tidyup and speedup
      by using a single proto.h we gain another factor of 4 in the speed of
      get rid of some more unused headers
      save about 35% of the time for "make idl" by processing multiple IDL
      ooh, this is fun!
      fixed the handling of value() attributes on scalars in IDL that
      added a tool called 'ndrdump' that allows you to dump NDR data
      * better diagnostics in ndrdump
      added the dcerpc remote management interfaces as mgmt.idl, and wrote a
      added tests for the remaining calls on the rpc management interface
      make sure we don't try to update a constant
      give far more detail in the EPMAPPER results
      added tests for epm_Map endpointer map calls
      removed the STFS specific flags in the Makefile.
      * prepared the dcerpc subsystem for adding the RPC over TCP transport
      initial implementation of dcerpc over tcp. RPC-EPMAPPER works, now to
      * fixed byte order in epmapper parsing
      added some paranoid checking for enums
      signed DCERPC over TCP now works !
      fixed some memory leaks in the dcerpc use of ntlmssp signing
      added auto-determination of the DCERPC over TCP port number by asking
      use the IDL defined NDR version number
      transfer syntax V2 isn't as magic as I thought
      show an error when the epmapper fails to find an interface
      added a link to opengroup PDU definitions
      by default sign RPC over TCP but not RPC over SMB. I will add command line control soon
      fixed default port handling pointed out by Tom Jansen
      added -m for 'max protocol' as a standard option
      switched to WERROR return codes in the management IDL
      a couple of tidyups
      use EPMAPPER_PORT constant instead of 135
      added an rpc scanner. This prints messages like this:
      more epmapper and mgmt magic
      added auto-generation of the IDL interface tables. This makes two less
      * support multiple interfaces in one IDL file in pidl
      * added a bunch of placeholder IDL files
      make sure there is at least one valid interface in an IDL file
      the beginnings of an automated tool for working out IDL properties of
      fixed some warnings
      got rid of a bunch of unused header files (now replaced with IDL
      more unused headers
      * removed a bunch of unused code
      * got rid of UNISTR2 and everything that depends on it
      got rid of more group mapping code
      removed more old code
      started adding netlogon IDL and test suite
      added netr_ServerReqChallenge and cleaned up byte array printing
      added netr_ServerAuthenticate() and test code
      added netr_LogonSamLogon() and test code
      fixed NTLMSSP_SIGN_VERSION (which I broke earlier today)
      neater credentials handling in netlogon client code
      * another small API change in the credentials code
      * netr_ServerPasswordSet() now works - the test suite changes the
      another big improvement in the credentials API. I think it now
      added netr_DatabaseSync(). It doesn't work as I haven't done schannel
      initial netlogon database sync partly works - needs some IDL tweaks
      netr_DatabaseSync() now works fully for database 0
      netr_DatabaseSync() now works fully for databases 0, 1 and 2
      don't pollute the structure name space so much
      * made some field names more consistent, and worked out that
      netr_DatabaseDeltas() now works. We ask for the deltas associated with
      make sure we can expand the critical versions structure without
      added netr_AccountDeltas(), which w2k3 gives
      added netr_AccountSync(), another NT_STATUS_NOT_IMPLEMENTED call
      added netr_GetDcName() - quite a useful call
      added netr_LogonControl() and netr_GetAnyDCName()
      added netr_LogonControl2() and netr_ServerAuthenticate2()
      added netr_DatabaseSync2()
      added netr_LogonControl2Ex()
      my debian unstable box uses "autoconf2.50" - i wish there were a
      some OSes already have a uint_t
      don't use c++ style comments
      we can't have two functions with the same name
      don't use c++ comments
      * patch based on work by Jim Myers to unify the ioctl handling to be
      * added a debug thread id hook from jim myers
      merged more updates from Jim Myers
      removed an unused file
      fixed a problem with "net rpc vampire" mis-parsing the alias member
      re-wrote pidl to use Parse::Yapp instead of Parse::RecDescent, This
      make pidl a little less verbose
      a bit more speed and better line matching in errors
      don't save the intermediate form to disk unless we need to
      * reduced the number of grammer conflicts a lot using (arbitrary)
      commit idl.pm now, as many build farm machines don't have 'yapp'
      "make proto" now depends on "make idl_test"
      cope with yapp not being installed
      fixed shell scripting error
      some systems don't have "which" and some systems don't have the "-nt"
      remove the tdbsam code for now. I have other plans for SAM backends :)
      * removed some unused code
      initial rpc server side infrastructure
      the rest of the initial rpc server side infrastructure
      more portable array of endpoints code from pidl
      the next step in the dcerpc server code. Added the link between the
      * the RPC-ECHO pipe now works in smbd, as long as the data sizes
      handle the auto-allocation of [ref] output arrays in pidl. This
      added handling of fragmented requests in the rpc server
      we now support pdu fragmentation on both input and output in the rpc
      added the echo pipe test calls
      added support for sending bind_nak replies in the rpc server
      after chatting with jeremy I decided to use a separate directory for
      added a basic dcerpc endpoint mapper to Samba4. Currently only
      added the epm_Map() call.
      rpcdump.exe now works fine against a Samba4 server
      dcerpc over tcp in the samba4 server now works to some extent. It
      make the IO in the dcerpc over TCP server completely async, handling
      completed the linkage between the endpoint mapper and the dcerpc
      add the ntlmssp calls back into smbtorture on rpc over tcp. The samba4
      fixed a bug handling multiple PDUs being read from a socket at one
      fixed some memory leaks in the rpc server code
      fix _ptr_ declaration
      ntlmssp over rpc over tcp now fully works
      fixed fragmented signed connections to our rpc server over SMB
      added auto-generation of the server side boilerplate code for each
      fixed the transfer syntax in the dcerpc bind reply
      zero length echo is not an error
      fixed the handling of zero-length top level arrays in pidl
      switch off the default of ntlmssp on rpc on smb as some windows pipes
      allow the specification of full dcerpc endpoint binding strings on the
      added some ncacn_* binding string examples
      more flexible handling of [] in binding strings
      don't try and build the libclient stuff in samba4 yet
      disable pam in samba4 until someone fixes it (hi andrew!)
      a script fix for the build farm
      "make idl" is now incremental and "make idl_full" is a full idl build
      fixed a typo in the m4 file
      make pidl no longer dependent on Data::Dumper, which isn't installed
      make sure we allow clients to negotiate ntlmssp seal if they want it
      patch from metze with updates to srvsvc and changes to pidl to allow
      fixed srvsvc DiskEnum call
      added "pidl.pl --template" to dump a rough template to save typing
      lots of shells don't have the -nt test, so use hackish find command
      lets see if "cc -E" keeps more of the build farm happy then "cpp"
      use the @CPP@ value from configure if possible when determining cpp in
      cope with different cpp formatting on some systems, and make sure we
      remove a redundent second check for PAM
      make sure we have a value for DEFAULT_PRINTING on all platforms
      don't rely on the ability of perl 5.6.x to remove elements from arrays
      use smb_rwlock_t instead of rwlock_t to avoid conflicts with system
      more portability fixes. We now almost compile on solaris
      some compilers can't handle structures with no elements. Generate
      more mutex portability.
      enable rep_inet_ntoa() for non-pthread builds
      the out substructure is not empty if there is a return from the
      a fairly large commit!
      added support for big-endian ucs2 strings (as used by big-endian
      it turns out that a wire policy handle isn't a blob either, its a
      much better docs on the smbtorture ncacn syntax, including how to
      use bigendian mode to fix the idl for samr_LogonHours
      no longer require the pipe name or tcp port number to be the first
      fixed the RPC-MGMT and RPC-SCANNER tests to work with the new
      added a define for the DCERPC little-endian data representation flag
      fixed formatting of uuids in debug output
      removed some unused functions
      added a smb.conf flag "rpc big endian" that tells our rpc server to
      fixed a bug in the acct_flags checking on CreateUser2 in the RPC-SAMR test
      fixed a segv in RPC-* when debug level > 2
      added code to the IDL validator to check for common errors with
      added a bunch of alias functions in samr.idl based on work by Kai.
      fixed the AddAliasMem test code
      fixed removal of moe than one ncacn_* option from option list
      addition of samr_SetSecurity() from kai
      tim, I'm guessing you really didn't want to add this :)
      latest srvsvc and wkssvc IDL from metze
      wkssvc test updates from metze
      minor updates to make the srvsvc test compile
      remove some unused files
      "subsystems" should be static
      the endpoint mapper now works in bigendian mode
      fixed the rpc epmapper server. This fixes rpc over tcp.
      added dom_sid_string() function
      * fixed a segv when -U is not used in smbtorture.
      make sure we initialise r.out.handle in openeventlog
      avoid a copy of the data being input to the dcerpc server in the most
      dcerpc server output now copes with the client blocking part way
      added code to the RPC-SPOOLSS test that demonstrates that policy
      check for the correct fault code when the server fails a use of a
      cope with a wider range of broken servers in the RAW-QFILEINFO test
      added a little bit of const magic to get rid of the data in librpc/gen_ndr/*.o
      completely rewrote the AIX UESS backend (UESS is the AIX equivalent of
      updated the head branch as well
      the conversion from int to size_t in charcnv did not take into account
      there are places in the samba3 code that don't check properly for
      - modified the dcerpc client security code to be generic, so ntlmssp
      don't always use the same schannel context number
      we can close the netlogon pipe used to setup the schannel session key
      don't force debug in the RPC-MGMT test
      fixed a couple of uninitialised returns spotted by valgrind
      fixed a void return spotted by metze
      fixed a problem with the smb client code spinning when the connection
      added the simple HOLDCON torture test. This is used to establish
      split up the schannel rpc client code into separate key establishment
      fixed compilation with --enable-dmalloc
      fixed two writex client bugs
      in the async socket handling routines in the cifs backend don't assume
      added the "nbench" ntvfs backend. This is used to capture NBENCH load
      fixed a typo
      fixed the label for search requests
      greatly improved NBENCH netbench simulator
      handle incomplete load files
      don't check return fields (like search count) on an expected failure
      make sure the tags in the NBENCH test match the tags in the generated
      added the -C option to smbtorture
      added a 5% warmup time to NBENCH to make the results more consistent
      add config hints for cifs backend
      make the warmup and execute phases clearer
      as a special case don't check the status of the create of \clients -
      nicer way of handling \clients
      readx reply packets can be over-sized
      put the "max xmit" option back into Samba4
      fixed the handling of level II oplocks in samba4, especially when
      use client1, client2 not client0, client1 to better match netbench
      - use a linked list for the ftable in the nbench load generator. This
      - moved some of the base tests into torture/basic/
      copy with a null volume name in a trans2 QFSINFO call
      removed the state parameter to tdb_traverse and the TDB_MODIFY flag
      added a private pointer to tdb_traverse() to allow callers to supply
      added a TDB_MODIFY flag to tdb_store() that says "if the record
      after discussion with the copyright holders tdb is now under the LGPL
      switch from SIG_ATOMIC_T to sig_atomic_t
      merge some recent tdb changed from samba3
      merge tdb changes from samba4 - this means tdb is now under the LGPL, as discussed and agreed previously
      make a more recent snapshot of ldb available to interested
      building with Makefile.ldb now works
      added lsaCreateAccount() and a test in the RPC-LSA test suite
      allow "struct TDB_DATA" as well as just "TDB_DATA"
      added the rest of the ldb_modify() code, which required a fairly large
      added idl and test suite for lsa_CreateTrustedDomain()
      added IDL and test suite for lsa_CreateSecret()
      added IDL and test for lsa_OpenSecret()
      r59: revert session key problem
      r426: fixed bug noticed by wim.delvaux at adaptiveplanet.com in handling of timeout in socket connections
      r2160: fixed the uuid pack/unpack routines (they could go past the end of the UUID structure)
      r2163: converted samba3 to use the new utf-16 aware iconv code. Also changed
      r2233: fixed 3 places where == is mistakenly used instead of = in bourne
      r2778: merged the new samba4 ms_fnmatch code to Samba3. Thanks to Rusty
      r2824: restored the is_case_sensitive option to ms_fnmatch() in Samba3. It is
      r3008: when checking for the existance of a lock we are only doing a single
      r3954: bring Samba3 into line with the Samba4 password change code
      r8673: merged from samba4
      r15007: fixed usage of cli_list() in smbwrapper so it compiles. This doesn't get smbwrapper really working again, but at least it will help Timur Bakeyev in his question to make it work
      r17124: fixed a bug which caused resolve_ads() to spin forever if one of the
      r18856: fixed HAVE_IMMEDIATE_STRUCTURES and thus checking of NTSTATUS/BOOL
      r18858: arrgh! - since HAVE_IMMEDIATE_STRUCTURES were last enabled the code
      r18863: the test for immediate structures has moved to lib/replace/
      r18864: merge lib/replace changes from samba4
      r18865: fixed some of the most obvious NTSTATUS/WERROR mixups in Samba3. It
      r18866: Jeremy and Volker have given the go-ahead on the group mapping ldb
      r18867: change the group mapping code to use ldb instead of tdb
      r18868: just in case there is a disaster (with our code? never ...) use a
      r18869: two build fixes for systems without ldap
      r18870: - enable the ldb ldap backend properly based on configure tests for
      r18910: Change ldb_msg_add_string() to not actually add an attribute if the
      r18912: we don't need the special case for comments now in the
      r18938: fixed a group map bug reported by Jerry. The caller in mapping.c
      r18939: don't rely on the umask being right in ldb creation. Both Samba3 and
      r18966: this bug affects Samba3 too. I'm actually surprised nobody has
      r19125: merge from samba4
      r19426: merge nearly all the differences between Samba3 tdb and Samba4
      r19429: moved tdb/common/tdbutil.c into lib/util_tdb.c
      r19430: merge recent ldb changes from Samba4. This includes memory leak fixes
      r19431: merge recent talloc performance improvements from Samba4
      r20690: fix a bug that causes smbd to 'hang' intermittently.
      r21176: merged va_end() changes from Samba4
      r21813: fixed an integer overflow error in the ndr push code.
      r21814: use ndr_push_error in the ndr layer, not just a NTSTATUS failure
      r22784: fixed change notify for delete on close
      r23323: merged ldb changes from 3.0.26
      r23367: check the "use mmap" option for ldb too
      r23783: Processing the UAS change message was causing problems on ppc64 Linux
      r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text
      r23785: use the GPLv3 boilerplate as recommended by the FSF and the license text
      r23786: Use linux/dqblk_xfs.h rather than a private copy of this header in the
      r23787: Remove the pcp example code until SGI have given us approval to use it
      r23788: the pcp Makefile is also GPLv2 only.
      r23789: more pcp files under v2-only
      r23790: LGPLv3+ conversion for our LGPLv2+ library code
      r23791: found some more v2->v3 conversions
      r23793: fixed incorrect v2-only licensing template for debian packaging files
      r23794: convert more code from LGPLv2+ to LGPLv3+
      r23795: more v2->v3 conversion
      r23797: started fixing old FSF addresses. Fixed pcap2nbench COPYING file
      r23798: updated old Temple Place FSF addresses to new URL
      r23799: updated old Franklin Street FSF addresses to new URL
      r23800: LGPL is now called GNU Lesser General Public License
      r23801: The FSF has moved around a lot. This fixes their Mass Ave address.
      r23802: fixed URL in XML
      r23804: here too
      r23: get rid of def_finfo
      r34: a test commit
      r35: a test commit - 2
      r65: added support for file streams in the simple NTVFS backend
      r66: fixed a segv when printing an error from a session setup failure. This
      r67: added a destroy hook in the policy handle -> wire handle code to allow backends
      r99: make sure we reap child processes in the standard process model
      r100: remember the user session key during session setup so it can be used in various crypto
      r101: added lsa_SetSecret() and lsa_QuerySecret()
      r106: add an idea about SMB UNC names
      r107: a test commit
      r108: a test commit
      r109: a test commit 2
      r112: the simple backend now registers as both "simple" and "default"
      r113: added support for "read only = yes" in simple backend
      r114: - remember to initialise open_files
      r130: added DCERPC_COMMON_OBJS to Makefile.in
      r131: mark some scripts executable
      r132: fill in the correct default case for the WKSSVC GetInfo call
      r133: don't try to do a database deltas with a -1 seq num
      r134:  - added ldb to the build of smbd
      r135: some test ldif for an idea I am playing with to replace smb.conf with a ldb
      r136: I forgot to add config.m4 for ldb in my ldb commit
      r152: a quick airport commit ....
      r157: cope with or without LDAP in ldb sample Makefile
      r158: cope with or without LDAP in samba build of ldb
      r159: nicer usage messages when no URL is given
      r163:  - enable ldap in the sample makefile, and use /usr prefix
      r194: fixed compile with ldap
      r218: added a comment regarding the %c strftime() warning
      r255: added samr_SetDomainInfo IDL and test code
      r256: added samr_CreateDomainGroup() and samr_DeleteDomainGroup() IDL and test code
      r257: added samr_SetGroupInfo() IDL and test code
      r258: added samr_AddGroupMember() IDL and test code
      r259: added samr_DeleteGroupMember() IDL and test code
      r265: fixed a bug in the string to sid conversion code
      r266: modified autoidl to deal with policy handles (this helped me work out
      r267: added IDL and test code for samr_ChangePasswordUser(),
      r268: added IDL and test code for samr_QueryDomainInfo2(),
      r275: added IDL and test code for samr_QueryDisplayInfo3(),
      r287: patch from Richard Renard to add AcctLockStr and the delete user and
      r295: more correct IDL for the netr_AcctLock structure (I hope)
      r305: - added IDL and test code for samr_RidToSid()
      r306: added another define for a DCERPC fault code
      r307: added IDL and test code for samr_GetDomPwInfo(), samr_SetUserInfo2(),
      r322: use the -C option to configure for developers (makes a huge speed difference)
      r323: added rough password quality checking in generate_random_str(), so we generate passwords
      r324:  - don't reseed on every password generate
      r325: added IDL and test code for samr_ChangePasswordUser3().
      r326: tweaks to the RPC-SAMR test code to allow win2003 to pass the test (for example, not filling in extra
      r327: fixed an uninitialised variable found by valgrind
      r335: added much better handling of servers that die unexpectedly during a
      r336: added a -X command line option to smbtorture to enable dangerous or
      r343: added automatic reindexing of the database when the index list changes
      r344: fixed deletion of index records
      r357: added share browsing to smbclient using the SRVSVC MSRPC pipe
      r358: added some more annotation on the samr unknown attributes
      r359: moved the share type definitions to srvsvc.idl
      r360: use the STYPE_* definitions from srvsvc.idl
      r361: allow anonymous browsing
      r362: after setting domain info query it again so we can see what attributes stick
      r363: nicer error handling in pidl
      r364: finally worked out the ancient samr_ChangePasswordUser() interface
      r365: improved the IDL for samr_Connect5()
      r372: automatically create a fake BDC machine account and delete it
      r373: use a much larger default tdb hash size in ldb
      r374: allow for a policy_handle fetch using a handle type of
      r380: make sure that ldbedit -a works with all tdb and LDAP backends
      r381: make the code more C++ friendly
      r387: more C++ friendly changes
      r388: added IDL for 3 more set user info levels (all of which set the
      r389: added a test for set user info level 26 (set password extended)
      r390: added my best guess for how session keys are supposed to work when you
      r392: added IDL for 3 more netlogon Delta levels, thanks to a dump from Richard Renard
      r420: added nicer names for the field bits in userinfo21
      r435: a major upgrade for ldb
      r436: fixed indexing of objectclass with subclasses
      r437: fixed handling of a corner case with multi-valued indexing
      r441: added an example of how to use the remote rpc interface
      r442: fixed some uninitialised variables pointed out by gcc -O3
      r444:  - added the beginnings of a ldb test suite and benchmark
      r445: fixed the bind_nak code
      r452: move from first-fit to best-fit in tdb record allocation. For a
      r453: added a comment about indexing on objectclass
      r454: allow a non-URL form of a filename to be used in ldb_connect(). This
      r456:  - added -i option to ldbsearch
      r457: added some more samr tests to help me work out the right error codes
      r458: this is the (very primitive) beginnings of a SAMR server for
      r459: added an initial provision.ldif - this is temporary, and needs to be
      r462: added an explanation about the rather complex ltdb_key() function
      r463: build ldb with debugging when standalone
      r464: a big improvement to the API for writing server-side RPC
      r465: we need common.h in two more rpc server pipes
      r466: implemented samr_OpenDomain() and samr_GetDomPwInfo() server side calls
      r468: fixed timegm() on broken systems
      r469: considerably improved the ChangePasswordUser3() IDL thanks to an idea from abartlet
      r476: i forgot the argument to get_time_zone()
      r490: - expanded the test suite to test modify and delete operations
      r502: modified ldb to allow the use of an external pool memory
      r503: we don't need to include ldb_parse.h any more
      r504: fixed a bad call to list_union()
      r506: got rid of unused function secrets_get_trusted_domains()
      r507: the new ldb code will use talloc_free() a lot, so I have made
      r508: fixed a place where we used free() on memory from a talloc(). The new
      r509: fixed a memory handling bug that affects ldb with memory pools that
      r510: converted the samdb code to give ldb a talloc context rather than letting ldb use malloc
      r511: fix some const handling
      r513: added a generic ldb debug system to allow the Samba debug functions to
      r514: added a context pointer to the samdb interface, as suggested by
      r549: added support for DOS error codes in NTSTATUS returns. This uses a
      r574:  - another attempt at const cleanliness in ldb
      r575: moved the SID_NAME_USE enum into samr.idl
      r576: added a ldap_timestring() function (needed for fields like whenChanged in SAM db)
      r577: extended the LookupNames test to check for correct handling of unmapped names
      r578: initial server side implementation of samr_CreateUser(),
      r582: added the LMSessKey in SamInfo and SamInfo2, thanks to work by abartlet
      r583: fixed two bugs in the handling of index entry deletion
      r586: removed --clientfns from build_idl.sh (tim removed that code from pidl)
      r587: added server code for samr_EnumDomainUsers, and started adding
      r591: don't need to init non-ref out ptrs (thanks to abartlet for spotting this)
      r593: add a constant for the records size multiplier for max_size in samr_EnumDomainUsers
      r594:  - make sure all users in the domain have the same base sid!
      r595: nicer handling on max_size multiplier
      r596: log all ldb searches at level 4 in samdb
      r601: added the server code for all the samr_SetUserInfo and samr_QueryUserInfo levels except for the password
      r606: added a HIDDEN attribute on fields in ldb (in @ATTRIBUTES). This allows you to mark
      r608: - a couple of very minor fixes to the CreateGroup code
      r609: allow ldbedit to take a list of attributes to edit, just like
      r612: fixed a timezone call typo noticed by abartlet
      r622: removed some unused functions to make smbd compile again after
      r623: setUserInfo level 24 (password set) now works in the SAMR server. This includes all
      r624: all templates should be in class Template
      r625:  - handle passwords longer than length 14 (thanks to abartlet for pointing out the bug)
      r711: don't hide attributes inside the special ldb_tdb records (so the fact
      r712: fixed a bug in the NetShareGetInfo idl, and added another info level
      r713: added a NetShareGetInfo torture test (thanks to abartlet for pointing
      r714: make sure ldb formats are portable between big/little endian machines
      r718: removed some more unused code, and two source files
      r781: added level6 for logon level in SamLogon netlogon.idl
      r782: added torture test for level 6 logon level in netr_LogonSamLogon
      r790: started working on some documentation (manual pages) for ldb
      r791: added ldb man page build to ldb makefile
      r792:  - changed the ldb ldif_* functions to be in the ldb_ namespace
      r793:  - don't make templates members of any class that would make them show
      r796: fixed samr_OemChangePasswordUser2() to replace attributes, not add
      r811: make the ldb_modify REPLACE semantics better match LDAP (ie. no error
      r812: added a new samdb_replace() call that simplifies the code in the main samr server a bit.
      r813: gcc has fixed its huge debug sizes with -g now, so drop the -gstabs,
      r815: include our netbios name in the negprot response (this matches win2003)
      r818: added server side SMB signing to Samba4
      r826: removed a pile of old code, in preparation for a new ACL handling system. I'd like to get rid of DOM_SID completely soon
      r827: remove a few more unused functions that we are unlikely to use again
      r836: get rid of SEC_DESC and related structure definitions
      r837: get rid of some more old rpc headers, and the genparser headers
      r838: got rid of rpc_misc.h
      r839: password set/change in the samr server is complex enough that it
      r867: removed a couple of unused structures
      r868: we should issue a rpc fault OP_RANGE_ERROR not a WERR_NOT_SUPPORTED for
      r870: we should issue a rpc fault OP_RANGE_ERROR not a WERR_NOT_SUPPORTED for
      r871: add a comment about how samdb_set_password() works
      r873: converted samba4 to use real 64 bit integers instead of
      r879: fixed a typo in the password fetch wrapper
      r893: a few more _t conversions
      r894: use _t in generated pidl code
      r895: use _t in base ndr fns
      r896: - use andrews samdb_result_passwords() for the remaining password change mechanisms
      r897: - user/group creation needs to create unique names across both the
      r898: - remove some unused macros
      r900: when DEBUGLEVEL > 10 print the full deocde of all RPC calls in the server
      r901: w2k3 completely ignores the domain name argument to GetDomPwInfo,
      r902: added torture tests for sending rubbish in the domain name field of GetDomPwInfo
      r903: used samdb_result_passwords() in samr_ChangePasswordUser2() and fix the error handling on a bad change.
      r904: - fixed account expiry testing in auth_sam
      r917: - added the start of a LSA server to samba4.
      r918:  - dcerpc endpoint name are case insensitive
      r919: - added lsa_QueryInfoPolicy2() to IDL, test suite and server
      r920: a placeholder lsads.idl file (lack of this is why the build farm is unhappy for samba4)
      r924: got rid of the global well-known SIDs, instead using const defines in misc.idl
      r934: on ascii strings STR_TERMINATE_ASCII should trigger STR_TERMINATE behaviour
      r935: remove unused variable
      r937:  - added a simple QuerySecurity implementation in samr server
      r950: - added netr_ServerAuthenticate3(). This is used by WinXP clients who try to login to Samba4, as
      r951: from w2k3 behaviour, the netlogon server is supposed to give back the negotiate flags it can support.
      r952: fixed schannel from my last commit
      r975: slight improvemet to nt_errstr(), still needs to be fixed properly
      r976:  - added -W for workgroup to locktest
      r995: - renamed many of our crypto routines to use the industry standard
      r1014: change the handling of r->out to auto-zero the structure, and auto-copy
      r1015: commit the schannel session key handling code now, so abartlet and
      r1016: - store the schannel session key after it is established
      r1017: - move to a centralised way of handling talloc/ldb interaction
      r1018: fix a const and unsigned int problem in ldb
      r1029: cope wiith samdb_result_passwords() returning a null machine password
      r1030: added server side schannel support
      r1040: make sure main() doesn't get auto-prototyped
      r1041: - pulled the domain join code out of the netlogon test and made it a separate utility function, to allow
      r1042: added testing of 128 bit schannel session keys
      r1043: allocate signature from the right mem_ctx. Samba4 now passes the schannel torture test.
      r1044: don't use sub_get_remote_machine()
      r1046: initialise a structure element caught by valgrind
      r1048: - moved the schannel definitions into a separate schannel.idl
      r1056: fixed a comment on handling of the initial challenge in the ntlmssp rpc server backend
      r1057: added rpc packet logging for packets that generate rpc faults. This
      r1060: check for an invalid session key in samr_set_password()
      r1130: remove some pointless debug messages
      r1131: remove an error msg for failing to open unexpected.tdb
      r1132: add a PRINTF_ATTRIBUTE to ndr_pull_error() to catch printf style coding errors
      r1133: - add ndr_pull_ptr() as a separate call instead of ndr_pull_uint32()
      r1134: added a TODO regarding schannel credentials
      r1135:  - allow integer function numbers in ndrdump
      r1136: - added IDL for netr_LogonGetDomainInfo()
      r1137: - added torture test for netr_LogonGetDomainInfo() call
      r1138: allow for a user in no groups
      r1139: added IDL and server code for netr_LogonSamLogonWithFlags()
      r1140: added IDL and test code for validation level 6 in sam logon
      r1141: - consolidated the netr_SamInfo structures using a netr_SamBaseInfo
      r1143: fixed spelling of sAMAccountName
      r1144: added logon level 5 for sam logon
      r1145: added server support for logon level 5 in sam logon
      r1146: initially zero server info
      r1148: fixed a minor formatting error in generated code
      r1149: fixed the handling of NDR_SET_VALUES in the debug print of rpc structures in the generated rpc server code
      r1150: - fixed interactive sam logon in the rpc server
      r1151: fixed fill-in of force_password_change field in auth_sam
      r1165: fixed handling of SMBtrans replies that should return STATUS_BUFFER_OVERFLOW when more data is present.
      r1168: fixed a little-endian/big-endian mixup in the rpc server code
      r1464: the recent build changes completely lost the speed advantage of using
      r1465: always do a full C prototype, even if its only (void).
      r1466: the name "oid" is taken by some silly system headers - avoid it in our code
      r1507: fixed the handling of SMB chaining with the new server structure. You
      r1508: simple fix for broken server side signing. This may need more work for
      r1509: in order to interoperate with NT3.1 we need to ignore extra data at the end of RPC PDUs.
      r1510: add a commented out routine I used to test password change on NT3.
      r1511: fixed a free() that should be ldb_free()
      r1512: fixed a bug where we could reference the timer event handler after destruction
      r1517: change event_remove_timed() to remove by structure not by handler.
      r1518: check for ldb_search giving -1 (indicating db corruption)
      r1519: show the ldb_errstring() value in the log for failed ldb calls
      r1520: only call write handler or read handler, not both. This copes with the
      r1523: declaring variables "in" and "out" in every C module is a bad idea!
      r1578: the first stage of the async client rewrite.
      r1602: make sure we honor the use_spnego flag
      r1603: fixed in.size to not overstate the packet size by 4 bytes
      r1606: make the low level socket read/write routines cope properly with non-blocking sockets
      r1618: fixed the receipt of multi-part replies to SMBtrans2
      r1619:  - add support for older systems to cli_list*()
      r1627: make sure we initialise write_time in the deprecated function cli_ctemp()
      r1628:  - fixed the comment on run_deferopen. (I also think that the
      r1629: server_zone needs to be "int" not "int16_t" as it can hold values
      r1630: - fixed the replacement timegm() function to work correctly for DST changes
      r1631: don't use req->transport after req has been destroyed
      r1632: in case of error don't send uninitialised fnums on the wire
      r1633: fixed a couple of async oplock handling errors
      r1634: to get signing right for async requests we must send requests in
      r1635: when a transport dies, setup errors for all pending sends and recvs, plus disalllow any more sends
      r1636: improved the negnowait test so it is standalone (taking advantage of the async APIs)
      r1637: - w2k3 can't handle more than 1000 names in a LookupNames request
      r1644: changed the way [relative] pointers work in pidl, making them much
      r1645: added a debug when a RPC fault is received
      r1646: disable testing of group rename in the RPC-SAMR test, as it leaves the
      r1657: fixed the string types of two strings in svcctl.
      r1662: add a copy of the GPL text to the samba4 svn tree
      r1671: make [relative] pointers in idl much more generic, treating them just
      r1673: using the new [relative] pidl handling, the PAC decode is now much closer
      r1674: fixed a bug in the handling of STR_LEN8BIT flagged strings
      r1675: netlogon deltas IDL update from Richard Renard
      r1676: - improved the handling of username/password in locktest and gentest
      r1677: security descriptors are always little-endian, regardless of DCE/RPC
      r1712: this should fix a bug with a spinning client when a server dies
      r1738: honor the "unicode=yes/no" option in the SMB client library
      r1739: fixed the padding in setpathinfo, noticed when forcing negotiated ascii strings
      r1740: fixed the torture suite for ASCII-only servers
      r1741: fixed padding of setpathinfo in server
      r1749: added some random stuff that captures some discussions volker and I
      r1757: much simpler (and smaller, faster etc) way of doing relative pointers
      r1817: fixed fault code generation for unimplemented functions in epmapper
      r1818: _really_ fixed epmapper this time, it was using more than one old rpc interface method.
      r1819: changed "smb ports" to be a LIST parameter type in loadparm (its a classic case for a list)
      r1820: added a strcmp_safe() that handles NULL pointers. Needed for the
      r1821: fixed reference to "status" that should be "result"
      r1824: nicer handling of NBT session replies, and handling of bad packets
      r1892: this adds talloc_get_context(), which is something I discussed at the
      r1893: add a commented out lump of code to implement the "by the SPEC"
      r1895: added a note about OPEN_BY_FILE_ID to the ntcreatex interface definition
      r1896: stricter check on packet parsing for NBT session replies
      r1897: added a choose_called_name() function that allows us to more sanely
      r1941: - fixed an allocation error with querying security descriptors remotely
      r1972: cmdline_auth_info does not need to be declared global
      r1973: for systems that don't have strtoull() try strtouq(). This should fix
      r1982: i is not initialised or used
      r1983: a completely new implementation of talloc
      r1984: this change is what you should read to understand the new talloc()
      r1985: take advantage of the new talloc in a few more places
      r1989: fixed a couple of bugs in code that assumes sizeof(time_t) == sizeof(int)
      r2003: got rid of next_token_nr(), which involved some horrible globals
      r2029: changed our client side dcerpc padding to match what w2k3 does - a 16
      r2030: quick hack to allow the simple NTVFS backend to handler base directories with mixed case names
      r2031: add a check for a blank secret return in lsa secret tests
      r2036: switched the spnego code to use talloc
      r2037: switched the asn.1 code to use talloc
      r2038: get rid of the optimisation in the dcerpc server that tries to avoid a
      r2039: got rid of the free() ptr in DATA_BLOB
      r2040: fixed a memory handling error in clisocket (caught with valgrind)
      r2042: missed a couple of places that should be talloc_free()
      r2043: data_blob() now returns a talloc'd pointer. If everyone has been
      r2044: fixed two unin
      r2045: fixed a date format push in SMBsearch
      r2046: fixed two server packet format errors found with the RAW-* tests
      r2049: talloc now has destructors and reference counts
      r2050: fixed a case where code assumed you could Realloc the result of a data_blob()
      r2051: switched the samdb over to using the new destructor and reference
      r2052: rewrote the talloc section of the programming guide
      r2074: fixed a typo
      r2100: rework the dcerpc client side library so that it is async. We now
      r2101: fixed a signed/unsigned char warning
      r2102: fixed a race condition when handling dos errors that are in our
      r2103: in the conversion to async rpc I simplified the smb backend to only
      r2104: fixed typo that causes a segv
      r2105: added a TestSleep() operation to the echo pipe and extended the
      r2106: try to cope with a wider range of UTF-16 characters when we are using
      r2107: added a SAMR async test - this one seems to work
      r2118: fixed the receipt of bigendian rpc packets with the new async code.
      r2125: the lp_use_mmap() in map_file() is inappropriate for 2 reasons, so I have removed it.
      r2126: two more lsa functions worked out by richard renard
      r2127: more lsa IDL updates from Richard Renard
      r2128: netlogon DELTA_POLICY fix from rrenard
      r2158: removed a misleading comment (the extra uint16 is just padding)
      r2159: converted samba4 over to UTF-16.
      r2164: put the latest "accept either form" utf-16 iconv code in samba4
      r2165: generalise the charset torture test to add testing of CP850
      r2169: switch core iconv code to use talloc
      r2170: if we don't have a native iconv library then we can't build this test
      r2179: two more lsa torture tests from Richard Renard. Thanks!
      r2180: added RPC flags "padcheck" which enables checking of all received pad
      r2181: an rpc async test on the netlogon pipe
      r2182: force the torture test domain join to happen on SMB to prevent the
      r2184: use the smb.conf socket options for client code too
      r2185: add a callback function to the dcerpc async API
      r2186: setting [ref] output pointers in dcerpc calls is pointless. Removed it
      r2192: removed an erroneous free() call on an error path
      r2199: the unknown 16 bit number in lsa_LookupPrivDisplayName() is a language
      r2200: solved another piece of the lsakey puzzle - the session key for lsa
      r2201: removed an exit I accidentially left in
      r2202: don't close the smb pipe after the puzzle test
      r2203: delete the key after testing, so as not to clutter the server with random keys
      r2204: added [flag(RELATIVE_CURRENT)] to change [relative] pointer behaviour
      r2205: fixed an incorrect cast that broke relative strings in spoolss
      r2206: another (untested) attempt to make RELATIVE_CURRENT work for volker,
      r2207: this bug caued valgrind to consume infinite memory till the kernel killed it :(
      r2209: patch from volker to add EnumPorts spoolss IDL and test code
      r2238: the tdb_debug() function was totally bogus - remove it (you can't
      r2242: some older versions of gcc don't properly handle the
      r2249: got rid of some more mem_ctx elements in structures
      r2250: removed unnecessary mem_ctx
      r2251: forgot to add vfs_posix.h in my last commit
      r2252: don't register the same name twice
      r2266: yay! LSA session keys on TCP now work!
      r2267: we no longer need to force the domain join to happen on NCACN_NP - it
      r2271: fixed the popt argument array for smbtorture, getting rid of some
      r2272: fixed another couple of errors in the popt option arrays
      r2273: disable the async samr tests unless -X option is used, as windows
      r2274: fixed some popt option clashes between smbtorture and the standard options
      r2275: don't crash on a rpc BIND_NAK response ...
      r2280: fixed the session key choice for ncacn_np and ncacn_ip_tcp in the rpc server
      r2293: fixed older NTLM sign/seal in the server
      r2294: this fixes the NTLM2 sign+seal combination. I have now tested:
      r2301: add a server side warning when we receive more RPC data than we
      r2302: added a '--option' option, allowing any global or default option in
      r2303: allow setting of many ntlmssp options from smb.conf or the command
      r2304: fixed a bug in old style NTLM signing
      r2305: a useful test script for trying a wide variety of DCE/RPC options with the echo pipe
      r2306: in lp_set_cmdline(), also set any aliases as having been set by the commandline
      r2308: make talloc_vasprintf() available outside talloc.c
      r2309: make loadparm handling much more consistent, by using do_parameter()
      r2310: fixed some broken if statements in handling --with-krb5
      r2339: my first python commit!
      r2376: added a way to disable krb5 on the command line. Just use
      r2377: added a more generic way of disabling gensec subsystems. For example,
      r2380: nicer error reporting in convert_string()
      r2381: added a -v debugging option to ldbedit
      r2382: considerably improved the Bind and Unbind IDL and test code. We can
      r2383: fixed the handling of sending zero length dcerpc packets (I broke this
      r2384: i missed "nt status support" in my change to the new globals init code
      r2385: the gensec:krb5 test is not needed here any more, as we do it in the registration code
      r2386: fixed some indentation
      r2400: make ms_fnmatch() case insensitive. This is much more efficient than
      r2402: to make ms_fnmatch() case-insensitive we need toupper_w() exposed
      r2403: got rid of a unnecessary mem_ctx in the simple backend
      r2404: the first large lump of posix vfs stuff.
      r2405: expose unix_perms_to_wire() for use by the posix backend, in supporting the UNIX extensions
      r2406: fixed a couple of typos
      r2407: extend mkproto.pl to handle smb_ucs2_t for toupper_w()
      r2430: got rid of StrnCaseCmp and added an accelerated version of StrCaseCmp()
      r2431: got rid of strnequal() in a couple of places
      r2432: more string function updates.
      r2433: attrib_string() is now a generally available library function (it will be used by the new RAW-SEARCH test)
      r2434: separate "attrib" and "ex_attrib" elements for DOS attributes is pointless
      r2435: got rid of another pointless strnequal()
      r2436: the second big lump of posix vfs code.
      r2437: implemented a suggestion from abartlet that if we cannot convert
      r2438: compile on systems without O_DIRECTORY (probably won't work, but I'll get to that later)
      r2454: fixed the accelerated StrCaseCmp() so it compares in the right order
      r2455: don't use the uninitialised sess structure when auth fails
      r2456: got rid of some outdated global macros
      r2457: expanded the RAW-SEARCH test to test for what happens when a directory
      r2459: added STATUS_NO_MORE_FILES nt status code
      r2460: fixed the spnego code that I recently broke
      r2462: added a test for the error code for no matching filename
      r2463: make sure we don't send the password in a tconx unless we really have to
      r2465: modify the autoidl hack to work for DRSUAPI
      r2469: complete overhaul of the old-style RAW_SEARCH_ calls (the OS/2 and
      r2484: allow ldb to build standalone again
      r2485: - add a test case in ldbtest for a bug pointed out by Jon Haswell.
      r2493: allow tdb to build standalone
      r2494: fixed connecting to a share mode server (tested and really works now)
      r2495: cope properly with STATUS_NO_MORE_FILES in old search client code
      r2497: fixed an uninitialised 4 bytes in old style session setup (found with valgrind)
      r2498: added STATUS_NO_MORE_FILES to nt status codes that we can map to a string
      r2499: - use more efficient wildcard delete in smbclient
      r2500: disable the sleep test in echo until we have a win32 echo server that
      r2503: the RAW-SEARCH test now mostly passes against the posix backend
      r2520: - finished implementing the server side of the old style search requests
      r2521: fixed two uninitialised data errors found with valgrind when
      r2524: a simple pvfs rename implementation to make testing easier
      r2553: fixed ldbtest so it passes the ldap schema restrictions and thus can be used on the ldap backend
      r2554: added a test for a bug that jelmer pointed out (handling of -s one)
      r2556: fixed the -s one bug that jelmer pointed out
      r2561: completely redid the ntvfs module chaining code, You can now do something like:
      r2562: got rid of the "reference" backend that never happened - the code is
      r2572: fixed two places where status is not initialised in the nbench backend
      r2573: - added a configure test for nanosecond time resolution in struct stat
      r2577: - I recently found out that charaters below 0x3F are guaranteed not to
      r2580: fixed an uninitialised byte found by valgrind
      r2581: added "hosts allow" and "hosts deny" checking in smbd. I needed this
      r2583: mkproto.pl now treats "int main" as a special case and avoids it.
      r2586: updated the nbench example in the README to reflect the new chaining syntax
      r2587: fixed a couple of authentication memory leaks. There are more to be
      r2588: connect/disconnect is common enough that I don't think a level 0 DEBUG
      r2589: a simple test to help find security related memory leaks. Run valgrind on smbd with
      r2590: fixed one of the server security memory leaks. There are more :(
      r2591: fixed two errors in simple backend found with valgrind
      r2592: this fixes one of the security memory leaks in the server
      r2593: don't crash if the server doesn't know that 0 count searches mean 1
      r2613: use a talloc destructor to ensure that file descriptors are not leaked
      r2614: support CONNECT level DCE/RPC security in both client and
      r2615: fixed a bug in the server side support for CONNECT level security
      r2616: the cascading nature of talloc_free() can lead to some surprises. In
      r2617: add connect testing to the rpc test suite
      r2618: before we had refererence counts in talloc I added a hack in the
      r2621: - now that the client code is non-blocking, we no longer need
      r2622: to implement the SOCKET_FLAG_BLOCK option in the socket library we
      r2623: don't do pointer arithmetic on void*, as it doesn't work with non-GNU compilers
      r2624: - save some system calls by only trying read/write operations that select has indicated are possible
      r2625: use talloc_p, not talloc when possible (when allocating a structure in particular), as it gives us type checking.
      r2626: the symbol gai_error is defined in /usr/include, so don't use that name in our code
      r2627: use the new talloc capabilities in a bunch more places in the rpc
      r2628: got rid of some warnings and converted a few more places to use hierarchical memory allocation
      r2629: convert gensec to the new talloc model
      r2630: I missed a couple of places in the gensec talloc conversion
      r2631: the strchr family of functions should not return const strings.
      r2632: a new approach to handling const errors. We have had huge numbers of
      r2633: fixed some function types in the (unused) print backend
      r2634: use discard_const_p() in a few places
      r2635: mem_ctx cleanups on the lsa and netlogon pipes in the rpc server
      r2638: do lazy initialisation of iconv handles, so we don't initialise a
      r2639: we doon't need the valid_table code, so get rid of it
      r2640: valgrind does a great job on some types of memory leaks, but is slow
      r2641: talloc_p() now produces a named talloc pointer, with the name
      r2642: smb_iconv_t is a pointer, so checks against -1 errors should use a cast
      r2643: convert more of the auth subsyystem to the new talloc methods. This
      r2644: removed an unused function
      r2645: converted the NTLMSSP code to the new style of talloc
      r2646: - use a talloc destructor to ensure that sockets from the new socket
      r2648: - use a destructor on struct server_connection to simplify the
      r2649: - used some cpp tricks to make users of talloc() and talloc_realloc()
      r2650: fixed a memory leak in make_server_info()
      r2653: - data_blob() and data_blob_talloc() now get automatic names
      r2654: fixed some more server memory leaks. We are now down to a single leak
      r2655: fixed an error in the shutdown of the sock->transport->session->tree
      r2656: moved the seteuid configure tests into the posix backend (these tests
      r2657: if we are already fully authenticated in session setup then the vuid is ignored
      r2658: fixed a couple of error codes found with RAW-CONTEXT
      r2659: removed some extraneous debug msgs
      r2660: - converted the libcli/raw/ library to use talloc_increase_ref_count()
      r2661: fixed a client side memory leak in the clilist code.
      r2662: make --leak-check completely silent if not blocks are allocated
      r2663: fix an epmapper server leak - another talloc_realloc(NULL, ) leak
      r2664: fixed the final server leak for normal operation. We now get a clean report from --leak-check
      r2668: steal the cli pointer into the pipe context so a single free destroys the cli context too
      r2669: convert make_user_info() and associated functions from malloc to talloc
      r2670: use a destructor to auto-close the samr ldb when the last user
      r2671: we're getting too many errors caused by the talloc_realloc() API not
      r2672: don't call a variable "dup" as that conflicts with a standard system call name
      r2673: in the rpc server, free up the old call when we decide to extend an
      r2674: I have realised that talloc() should have its context marked const, as
      r2675: added a convenience function
      r2676: add a test of the reference counting logic in the SAMR server into the
      r2677: - fixed a bug in the recursive logic talloc_free() when there are
      r2678: from_name and to_name aren't needed in smb_iconv_t
      r2679: fixed an uninitialised variable found with valgrind
      r2680: switched the libcli/raw/ code over to use talloc_reference(), which simplifies things quite a bit
      r2709: finally solved the talloc reference problem.
      r2710: continue with the new style of providing a parent context whenever
      r2711: added a simple talloc speed tester. I get the following on my laptop:
      r2712: fixed a bug in ldbtest to make it cope with an existing index
      r2713: better handling of binary values in index key creation
      r2716: created a separate detailed talloc_guide.txt document, after volker
      r2717: added talloc_p() docs
      r2718: - added a talloc_unreference() function as requested by metze.
      r2719: an additional note on talloc_unreference()
      r2721: added a -b option to ldbtest so it can be used with the new smbd ldap server
      r2725: fixed ldbtest to give the basedn to ldb_search()
      r2726: added a -r option to ldbdel to allow easy delete of a whole
      r2733: added a note on performance
      r2734: the samdb_destructor can be static
      r2737: fixed up a corner case where talloc_unreference() and talloc_free()
      r2738: free up the session information as soon as it is invalidated in the
      r2742: - fixed a bug in talloc_unreference()
      r2743: fixed some errors in the description of talloc_reference(). Volker
      r2744: ben elliston taught me about gcov today, which allows you to measure
      r2745: added some example talloc reports
      r2763: use no-auth bind on ncacn_np unless we specify at least one of "sign", "seal" or "connect"
      r2773: allow zero sized array talloc
      r2774: get rid of the lanman specific code in masktest, and add a -l option
      r2775: rewrote our ms_fnmatch code to be much more efficient, and to exactly
      r2776: if there are no wildcard characters then use StrCaseCmp()
      r2783: got rid of the unused remote architecture detection code
      r2784: - fixed alignment of ascii directory listings
      r2785: call init_iconv() in smbtorture to ensure we have no memory allocated
      r2786: - match on both long and short name for search posix backend
      r2787: force masktest to use RAW_SEARCH_BOTH_DIRECTORY_INFO so it can obtain the short name
      r2788: prevent a memory leak in the pvfs search backend
      r2791: got rid of talloc_unreference() and instead created talloc_unlink(),
      r2792: got rid of talloc_ldb_alloc() and instead created talloc_realloc_fn(),
      r2793: fixed the handling of primaryGroupID in auth_sam. There were two bugs,
      r2794: a very simple version of the unixuid NTVFS pass-thru module. In
      r2796: - changed ldap attributes "UnixID" to "unixID" and "UnixName" to "unixName" to be more ldap traditional
      r2797: don't free the server_info before using it for anonymous connections
      r2798: get rid of a unnecessary static
      r2799: removed one last occurance of torture_ldb_alloc()
      r2800: removed the warning about using the posix ntvfs handler, as it is now
      r2802: a better provisioning script
      r2803: allow unixuid module to work with foreign security principles
      r2804: - setup some reasonable default SAM to unixName mappings in the provisioning.
      r2808: added auto-detection of unix user and groups names during provision.
      r2833: - added a call to SamrQueryGroupMember for every group, and fix the
      r2836: removed a couple of unused variables
      r2854: added a RPC-COUNTCALLS torture test - a useful varient on the full scanner in RPC-SCANNER
      r2856: fixed a minor memory leak in the auth code
      r2857: this commit gets rid of smb_ucs2_t, wpstring and fpstring, plus lots of associated functions.
      r2871: - got rid of the last bits of non-threadsafe data in util_str.o
      r2872: got rid of a couple of unused (and horrible) functions
      r2893: added very primitive name mangling support to pvfs
      r2900: rusty pointed out to me that discard_const() can be done via a macro
      r2901: if we can't load upcase.dat or lowcase.dat then don't waste 256k
      r2902: make toupper_w() and tolower_w() slightly faster by putting the most common
      r2903: a considerably more efficient (both in terms of CPU and memory)
      r2904: - fixed the old style SMBsearch to return the pvfs shortname, not a truncated long name.
      r2906: fixed a memory leak in the smbclient -L code
      r2907: auto destroy iconv memory handles on exit, to make valgrind leak
      r2909: fix some RAW-SEARCH torture mem leaks
      r2910: I noticed that the samr torture test was doing its own DOS->UNIX
      r2916: longhorn client doesn't bother setting the directory bit in ntcreatex
      r2925: added the definition for a new rpc fault code I am seeing on epmapper from lhorn
      r2926: name->dos.attrib is not valid unless name->exists is true
      r2927: imported the hash2 name mangling code from Samba3 into Samba4, but
      r2928: - fixed the handling of reserved names (rejecting them with ACCESS_DENIED)
      r2929: longhorn does not produce sorted directory listings! This is
      r2930: added a security context cache to the unixuid module. The module
      r2931: use next_codepoint() to ensure we properly handle multi-byte characters in pvfs_unix_path()
      r2932: character expansion in strlower_m or strupper_m is considered fatal
      r2934: - changed the unixuid module to use the nt_user_token instead of the server supplied info structure.
      r2941: added pvfs_flush() implementation to the posix backend
      r2948: added support for the [range(low,high)] attribute in pidl. This allows
      r2949: added some range checks in samr.idl
      r2950: 0x40000 is clearer than 262144
      r2951: fixed the intptr_t test for discard_const()
      r2958: the warnings from the swig code in pidl were totally swamping valid
      r2960: during a lunchtime discussion I found out that all powerpc processors
      r2961: fixed a silly typo
      r2968: fixed the byte order problem with the new RHS parsing on ncacn_ip_tcp
      r2969: inet_ntoa() takes an address in network byte order, so now that we
      r2982: added a test that shows the amount of time a server takes to update
      r2983: report a failure if a server doesn't update the write time at all
      r2984: fixed the error code for a non-terminal component of a path name not existing
      r2985: got rid of the unused tdb_lockkeys() and tdb_unlockkeys() functions
      r2987: added support for signed 32 bit integers in pidl
      r2988: this should fix support for negative switch levels in PIDL
      r2989: fix the printing of unions with negative cases when :print is used
      r3004: removed some unused functions
      r3005: added talloc wrappers around tdb_open() and ldb_connect(), so that the
      r3011: separated the locktest code into a separate module in smbtorture
      r3012: added initial support for byte range locking in the posix vfs. This is
      r3013: added support for unix domain sockets in the generic socket library. I
      r3014: got rid of the old intra-smbd messaging system in preparation for the new one
      r3015: fixed typo noticed by abartlett
      r3016: - converted the events code to talloc
      r3017: nicer memory handling for event_context_merge()
      r3018: handle STATUS_MORE_ENTRIES from socket_recv() in the messaging code
      r3019: make the LOCAL-MESSAGING test a 2 process test
      r3020: better error handling in socket_unix
      r3021: under heavy load the listen queue for messaging unix domain socket can fill up, leading to refused
      r3023: added immediate send of messages when they are first queued. This makes things a bit more efficient
      r3024: run the *_connect() NTVFS initialisation operation as root, to allow
      r3025: don't warn about no path in a service, as some backends (like cifs) don't need a path
      r3026: - added automatic retry to messages when the servers listen queue is
      r3027: got rid of some configure checks we don't need any more
      r3028: use talloc_free() instead of talloc_unlink(), as the
      r3029: implemented byte range lock timeouts.
      r3030: added testing of lock cancel, and some more special offsets (locks
      r3031: added support for lock cancelation, which effectively just triggers an early lock timeout
      r3034:  - fixed a bug in message dispatch, when the dispatch function called messaging_deregister()
      r3035: if the ntvfs layers prior to us have said that we can't perform an
      r3039: This solves the problem of async handlers in ntvfs backends not being
      r3052: added talloc_zero_p() and talloc_zero_array_p() calls, for allocating zeroed memory
      r3053: make the maxfid test use subdirectories, so it doesn't create 64k
      r3054: use talloc_zero_array_p() in a couple of places
      r3055: use talloc_zero_p()
      r3056: added a id -> pointer data structure (a type of radix tree). This is
      r3057: - moved the idtree.c code into lib/
      r3058: we don't use the bitmap code any more, delete it
      r3059: completely get rid of the MAX_CONNECTIONS limit, as a idle tree
      r3061: change a debug to help track down a charset problem
      r3062: handle spaces at the start of options in lp_set_cmdline()
      r3063: our default dos charset is CP850, but some systems don't have that, so
      r3064:  - use UINT8_MAX and UINT16_MAX instead of hex values for idr_get_new() limits
      r3081: several updates to ntvfs and server side async request handling in
      r3082: added a "cifs:mapgeneric" option, which tells the cifs backend to use
      r3083: fixed a couple of generic mapping errors found with RAW-* and cifs:mapgeneric
      r3084: mincnt and maxcnt were the wrong way around in readbraw server code
      r3085: make the RAW-WRITE tests more robust to errors in previous parts of the test
      r3086: fixed smbpid handling in the cifs backend
      r3087: fixed a typo
      r3103: use a destructor to ensure that on abnormnal rpc request termination
      r3105: using __location__ instead of __LINE__ to give info on error locations is more useful
      r3106: don't call a tree disconnect in the cifs backend, as during a smbd
      r3107: slight tweak to the openx -> ntcreatex mapping routine. This mapping
      r3108: try to cope with servers that put FILE_ATTRIBUTE_NONINDEXED on files in the RAW-OPEN test
      r3126: in the brlock code I had used a void* for the brl context as I didn't
      r3127: added the initial code for the open files database. Doesn't do
      r3130: - added a LOCAL-IDTREE test suite
      r3131: - make map_nt_error_from_unix() return NT_STATUS_UNSUCCESSFUL if errno is 0
      r3132: - fixed a type conflict found by talloc_array_p()
      r3133: - more consistent error checking in rename and setfileinfo
      r3134: use struct idr_context * in tid allocation
      r3135: split the "create new" logic out from the "open existing" logic in
      r3142: fill in all the ntcreatex response fields explicitly, rather than
      r3147: added basic share modes support for pvfs (or more precisely, ntcreatex
      r3148: make --failures work for the BASE-DENY1 and BASE-DENY2 tests
      r3149: separate the delete on close test into torture/basic/delete.c
      r3150: printing __location__ is more useful than a operation number
      r3152: reformatted some of the delete test code
      r3153: pvfs now passes the first 9 of the BASE-DELETE tests
      r3154: pvfs now passes all of BASE-DELETE
      r3155: reformat a delete test
      r3159: use easy to recognise file handle numbers for new file, old file and directory
      r3160: recognise RAW_SFILEINFO_DISPOSITION_INFORMATION (fixes temporary files from excel)
      r3161: pvfs now passes the RAW-SEEK test
      r3171: in qfileinfo getattre and standard have identical structures, so
      r3172: much better qfileinfo implementation in pvfs. We now pass RAW-QFILEINFO
      r3173: make the RAW-QFILEINFO test cope better with null strings from the server
      r3174: added pvfs_is_open() to allow us to check for open files on unlink. We
      r3176: added a script to run all the filesystem torture tests that are
      r3177: check for open files on rename
      r3178: honor the write_time on pvfs_close()
      r3179: - fixed error return on utime failure
      r3180: - basic support for SEC_RIGHT_MAXIMUM_ALLOWED in pvfs
      r3181: shutdown the secrets db on exit so we don't constantly get talloc leak warnings
      r3182: separate out the BASE-RENAME test into torture/basic/rename.c
      r3183: moved the unlink of the messaging unixdom socket to the messaging destructor
      r3184: don't setup socket options on unix domain sockets (our smb.conf socket options are really meant for tcp)
      r3188: tidy up the rename test a bit more
      r3189: improved the share_conflict() logic (both in terms of readability and
      r3191: use __location__ in RAW-UNLINK test
      r3192: make sure we don't call pvfs_can_delete() until after we have confirmed that name->exists
      r3193: improved the initial permissions choice for file create, based upon dos attribute
      r3194: fixed an uninitialised variable
      r3195: fill in more of the fsinfo fields, and avoid calling the potentially
      r3197: fixed error code mapping for ENOTDIR
      r3198: check for too many .. components in filenames
      r3199: added a couple more test paths to RAW-CHKPATH
      r3200: - improved the accuracy of openx emulation. We now nearly pass the openx portion of RAW-OPEN
      r3201: we now pass the BASE-OPEN test
      r3202: return a old DOS error code ERRSRV:ERRbaduid for a bad vuid. This means we now pass the BASE-VUID test.
      r3203: moved more test functions into torture/basic/*.c
      r3206: - added the reverse map for ERRbaduid to NT_STATUS_INVALID_HANDLE
      r3207: - reformat error msgs in BASE-DIR* tests
      r3208: fixed permissions of ncalrpc directory creation
      r3210: split lib/replace.o into a separate build subsystem LIBREPLACE, and
      r3223: continue the effort on LIBREPLACE to try to get the ldb tools to
      r3224: add the LOCAL-* tests to test_posix.sh
      r3227: added a per-share option "case insensitive filesystem", that tells the
      r3234: in SMBreadx, if the client asks for exactly 65535 bytes then don't try
      r3235: try readx beyond 64k in RAW-READ
      r3236: test a few more combinations in RAW-UNLINK
      r3237: - allow for readx calls larger than 64k
      r3238: rename null_mtime() to the more accurate name "null_time()", and
      r3239: reads of more than UINT16_MAX bytes should return 0 bytes
      r3240: - update the rules for what error codes should be given on the
      r3241: don't skip the read completely for a zero-length read, as it could give a lock conflict
      r3242: make the RAW-READ test not exercise the 0-0 lock, which is not deterministic
      r3243: read the high offset count in SMBreadx in the server
      r3244: pvfs now passes the RAW-UNLINK and RAW-READ tests
      r3245: use __location__ in RAW-SEARCH
      r3246: new files should get created with FILE_ATTRIBUTE_ARCHIVE
      r3247: FILE_ATTRIBUTE_NORMAL is only a null-op for setattr and setattre, not basic_info
      r3248: don't stop searches on failed fill_search_info()
      r3249: - change_time is closer to ctime than mtime
      r3251: - move the openattr test code into basic/attr.c
      r3252: pvfs now passes BASE-TRANS2
      r3253: - added rudimentary support for ntioctl in pvfs
      r3254: - expanded the RAW-IOCTL test
      r3255: - fixed 2 uninitialised data errors found with valgrind
      r3256: get rid of the unused session_claim() and session_yield() calls
      r3257: make the RAW-SEARCH test less sensitive to the servers directory ordering
      r3258: fixed "don't change" attribute for RAW_SFILEINFO_BASIC_INFO
      r3259: expanded the RAW-SEARCH test some more
      r3260: redid the pvfs_dirlist() interface in preparation for a "keep
      r3261: added seek to RAW-SEARCH test
      r3262: - new pvfs_dirlist code that reopens the directory between search
      r3263: - pvfs now passes RAW-SEARCH
      r3267: make LIBTDB depend on LIBREPLACE. This is needed for building the tdb tools on Solaris.
      r3268: - fixed wildcard handling in new dirlist code
      r3269: fixed return value
      r3270: - added another unlink test
      r3271: use "struct messaging_context *" instead of "void *" in messaging API
      r3276: - allow for more than 256 open old style searches (limit currently set at an arbitrary 5000)
      r3277: don't use the non-portable getaddrinfo() function, instead use
      r3278: - rewrote the client side rpc connection code to use lib/socket/
      r3279: Removed MSG_DONTWAIT flags as many platform don't have it.
      r3280: fixed byte order of rhs IP
      r3281: some compilers can't handle empty structures, so for empty IDL
      r3282: some C pre-processors don't like expressions like
      r3283: converted to quoted uuid() defines in all our IDL. This should help
      r3284: - don't use a enum for bit-fields. It isn't legal C (as C is limited to
      r3285: fixed another IDL typo
      r3286: filled in more missing SV_TYPE_* defines
      r3288: - updated the path processing in pvfs to pass the RAW-CHKPATH test. This
      r3300: initialise *sendlen on failure, to allow for callers to check only for
      r3304: changed the API to lib/socket/ a little.
      r3305: added ncalrpc to the list of rpc transports tested by test_echo.sh, so
      r3306: the main smb server code now handles non-blocking socket receives. I
      r3307: fixed the send side of the smb_server code to be non-blocking. This
      r3312: in the brlock code, we prevent lock stampedes by attempting to not
      r3313: in socket_accept() make the new socket non-blocking unless SOCKET_FLAG_BLOCK is set.
      r3314: added a option "socket:testnonblock" to the generic socket code. If
      r3315: converted the libcli/raw/ code to use the generic socket library. This
      r3316: give the LDAP server a chance of operating correctly non-blocking (it
      r3318: generate random STATUS_MORE_ENTRIES errors (1 in 10 packets) as well
      r3319: fixed a bug in the client library found by the new non-block testing code
      r3320: fixed bugs in the rpc_server code in handling partial packet receives and sends
      r3321: make the test_echo.sh test suite test non-blocking on all rpc transports
      r3322: fixed a bunch of warnings in the build, including one case where it was a real bug
      r3323: more warning reductions
      r3324: made the smbtorture code completely warning free
      r3325: missed one of the torture changes ...
      r3327: fixed another warning
      r3333: added configure tests for ipv6 support
      r3335: better configure support for ipv6 - thanks to a quick tutorial from metze
      r3341: - don't zero the async structure (makes valgrind more useful)
      r3346: - simplified vfs_nbench.c a bit, by using req->async_state->ntvfs inside
      r3347: fixed an uninitialised variable bug. Surprisingly hard to track down,
      r3349: fixed more uninitialised variable problems with the nbench module
      r3350: fixed a bug with sending multiple replies for the one request, as
      r3351: handle far more operations on open directory handles. pvfs was failing
      r3352: make smbcli_read() and smbcli_write() work with very small negotiated SMB buffer sizes
      r3353: don't reference dos.attrib unless its initialised
      r3354: honor "max xmit" and "max mux" from smb.conf in our client code. This
      r3355: fixed the old style search code in smb_server to correctly handle
      r3356: in the standard process model we need to make sure we close all
      r3357: removed the need to use TDB_CLEAR_IF_FIRST in Samba4.
      r3360: improved the deletion of tmp files. smbd now puts all tmp files in var/locks/smbd.tmp/
      r3363: added basic support for SA_RIGHT_FILE_EXECUTE, needed for opening .dll files
      r3366: updates from the junkcode version of talloc.
      r3371: fixed endpoint for browser.idl
      r3372: fixed the initial directory permissions for pvfs_mkdir()
      r3373: added better error reporting in pvfs_open
      r3375: changed the default max xmit until I fix a problem with the SMBtrans multi-part code
      r3380: - changed the default behaviour of server signing. We now have a default
      r3383: avoid multi-part SMBtrans and SMBtrans2 replies until our client library can handle
      r3384: added SA_RIGHT_FILE_WRITE_APPEND, which is a combination of write and append
      r3385: when discarding a unmatched reply print the command type to help debugging
      r3386: - fixed --seed option in smbtorture
      r3387: fixed pvfs to pass the NTDENY tests. The tricky bit was
      r3388: when doing schannel use a anonymous session setup (as the machine acct
      r3389: fixed schannel client side code. RPC-SCHANNEL now works against w2k3
      r3390: fixed schannel server side support. RPC-SCHANNEL now works against Samba4.
      r3391: fixed some memory leaks in the schannel code
      r3392: fixed schannel over ncalrpc
      r3393: added test_rpc.sh. The idea is that this script will test all the
      r3395: added support for "string32" type, to fix the fixed width string
      r3400: - allow callers to control the flags2 field in raw packets
      r3418: added BASE-NTDENY1 and BASE-NTDENY2 to the lists of tests that pvfs passes
      r3419: moved the libcli/raw structures into libcli/raw/libcliraw.h
      r3421: got rid of some unused code
      r3422: allow for subsystems that don't get included in the list of auto-prototype objects, using
      r3423: auto-generate prototypes for all external functions in pidl
      r3424: don't run mkproto.pl on pidl generated code, instead rely on pidl generating the
      r3425: got rid of a bunch of cruft from rewrite.h
      r3426: removed 2 unused files, and some unused variables
      r3427: split the openx logic out from the other open mapping code
      r3428: switched to using minimal includes for the auto-generated RPC code.
      r3441: some include file cleanups and general housekeeping
      r3443: the next stage in the include files re-organisation.
      r3445: made the gtk tooks use minimal includes. This approximately halves the
      r3446: created include/system/iconv.h and include/system/shmem.h
      r3447: more include/system/XXX.h include files
      r3448: some systems don't have stdint.h
      r3449: more include file reduction
      r3450: portability fixes
      r3453: - split out the auth and popt includes
      r3454: moved a few more things out if includes.h into the include/system/ include files.
      r3455: some more portability fixes. We nearly compile on solaris again now.
      r3457: s_addr is a macro on solaris, so we can't use it in structure names. arrgh.
      r3458: more solaris portability fixes, the main one being that we can't use a
      r3461: another place where "open" was used as a structure element
      r3462: separate out the crypto includes
      r3463: separated out some more headers (asn_1.h, messages.h, dlinklist.h and ioctl.h)
      r3464: split out registry.h, rap.h and ldap_server.h
      r3466: split out request.h, signing.h, and smb_server.h
      r3468: split out dcerpc_server.h
      r3470: removed some unused functions (should fix the build on IRIX 6.4)
      r3471: split out capabilities code from lib/system.c - should fix IRIX 6.5 build
      r3472: fixed build of reg_backend_gconf
      r3475: don't pass a ptr to an enum as a ptr to an int (bug found by tcc)
      r3476: fixed some const warnings
      r3478: split out some more pieces of includes.h
      r3480: moved some signal defines into include/system
      r3481: split out client.h and events.h
      r3482: fixed a warning and an error from the IRIX 6.4 build
      r3483: IRIX 6.4 now builds
      r3493: fixed a bug in readx reply where the client specifies an invalid high
      r3494: got rid of include/rewrite.h, and split out the dynconfig.h header
      r3497: removed some include cruft, and split out librpc/gen_ndr/tables.h
      r3499: setting an out param for a non-pointer doesn't do anything (and
      r3500: cleaned up the AS_USER/AS_GUEST stuff in the core smb packet processing
      r3507: - added deferred replies on sharing violation in pvfs open. The
      r3518: fixed some includes to be consistent.
      r3520: minor portability fix (for struct timeval)
      r3522: added async support to most of the ntvfs_map_*() functions, allowing functions like
      r3523: removed a useless level 0 DEBUG()
      r3528: added support for the SMBntcancel() operation, which cancels any
      r3529: fixed signing support for SMBntcancel requests (no reply means seq
      r3530: make sure we match ntvfs_async_state_pop() with ntvfs_async_state_push()
      r3531: add support for RAW_OPEN_MKNEW, RAW_OPEN_CREATE and RAW_OPEN_CTEMP in pvfs
      r3532: make sharing violation delay in pvfs configurable with "posix:sharedelay = usecs"
      r3539: much nicer async open delay code.
      r3540: added testing of SMBntcancel in the open/open/close mux
      r3543: fixed some #include lines to make them more consistent, and fixed
      r3544: fixed some #include lines to make them more consistent
      r3545: initial support for using extended attributes to hold extended dos attributes of files.
      r3546: including includes.h twice causes gcc 3.4 to crash with pch
      r3547: fixed waitpid in fcntl_lock.c (thanks to jbm for pointing this out)
      r3548: removed extra net/if.h include
      r3549: added support for DOS extended attribute lists (name/value pairs)
      r3550: fixed initial attribute on file create (inlusion of FILE_ATTRIBUTE_ARCHIVE)
      r3551: these utils need system/filesys.h
      r3552: fixed sense of ACL test
      r3571: rough guesses at what abartlet really wanted to do in his last commit
      r3573: added trans2open support to smbd and pvfs, and fine-tuned the open->generic ntvfs mapping code.
      r3574: the RAW-OPEN test changes broke a couple of the other tests. This
      r3575: fixed attribute normalisation in xattr code. RAW-SEARCH now passes again.
      r3576: don't consider short share delay timeouts to be an error, so we can
      r3578: a couple of include changes that should help with FreeBSD
      r3579: with the gcc warning flag from abartlet we don't need sys_strftime()
      r3580: - on file overwrite in ntcreatex we need to replace the file permissions.
      r3591: to get a bit more useful info from valgrind I'm disabling the
      r3592: auto-cleanup the test.$$ log files in these test scripts on control-C
      r3593: fixed the trans2 t2open reply to initialise all bytes (bug found by valgrind)
      r3594: continue conversion to __location__ from __LINE__ for error reporting
      r3595: - fixed a talloc_free ordering problem on cleanup with pending requests
      r3596: MODE_INFORMATION tests now pass. Only RENAME_INFORMATION level left to
      r3597: implement a suggestion from abartlet. By taking a refernce to the
      r3598: hopefully fix the build on stratos
      r3599: fixed a couple of memory errors in the rpc netlogon server
      r3600: fixed two debug typos
      r3608: added BASE-DENYDOS test
      r3610: prevent segv with heimdal and password krb5 init
      r3613: fixed a typo
      r3615: split out struct pvfs_file_handle from struct pvfs_file. This is in
      r3618: - this adds the special case for DENY_DOS semantics, as shown by the BASE-DENYDOS test.
      r3631: a couple of tweaks to the talloc hierarchy for async requests in
      r3632: added an index on "member" in default provision. This speeds up my
      r3633: - moved module init functions to after smb.conf and command line
      r3634: - fixed BASE-DISCONNECT test to force the async packets to be sent by
      r3635: fixed the crash from the BASE-DISCONNECT test
      r3656: allow easy testing of the "realloc changes the pointer" type of problem that abartlet
      r3658: use handle->fd == -1 as the primary indicator of a directory. This
      r3694: added support for the RENAME_INFORMATION level of setfileinfo and
      r3698: mark RAW-SFILEINFO as working
      r3699: - split the delayed write testing out of RAW-WRITE, as it is not yet
      r3700: pvfs passes RAW-WRITE but not BASE-DELAYWRITE
      r3717: - expanded the RAW-RENAME test a little
      r3718: added support for the ntrename level in pvfs_rename().
      r3719: pvfs now passes the RAW-RENAME test
      r3720: fixed the pulling of zero length ucs2 strings in smbd. I found this
      r3729: permission changes on directories always include the FILE_ATTRIBUTE_DIRECTORY bit
      r3741: FILE_ATTRIBUTE_DIRECTORY is illegal in open of a file
      r3742: make test-ldap give a sane error message when the openldap schema files are missing
      r3743: auto-support the RH schema location as well
      r3745: fixed the posix backend after the recent build changes (it had lost
      r3746: added RAW-STREAMS and RAW-EAS tests to smbtorture
      r3747: - added some of the infrastructure needed for streams support in pvfs
      r3748: pvfs passes RAW-EAS but not RAW-STREAMS yet
      r3749: don't consider it a failure if we fail to re-encode a codepoint above
      r3791: fixed declaration of torture_rpc_login
      r3792: improved the posix -> nt error mapping, so we get things like
      r3793: add some streams tests that show how the :$DATA suffix is handled
      r3798: added support for alternate data streams in xattrs into pvfs.
      r3799: - added the bit for FS_ATTR_NAMED_STREAMS support into qfsinfo filesystem attribute reply
      r3800: - fixed delete-on-close behaviour for streams
      r3801: added allocation size rounding. This is needed for ifstest.
      r3803: fixed detection of xattr support
      r3806: added support to smb_server and pvfs for the NTTRANS Create call. This
      r3821: added client side code and test code for NTTRANS_CREATE
      r3826: - added testing of ea lists in NTTRANS CREATE
      r3827: fixed copyright notices to remove simo and lkcl who have no code left in this file
      r3828: added testing of opening an existing file with EAs (the EAs are ignored)
      r3829: added a RAW-ACLS test suite that tests query/set of ACLs on a file
      r3830: unified the query/set security descriptor code with the rest of the
      r3831: added nttrans server code for query/set security descriptor. This
      r3832: added NT ACL query/set to the posix NTVFS backend. The default ACL is
      r3833: NTACL is a better xattr name than DosAcl (tpot suggested this)
      r3834: - fixed XATTR_NTACL_NAME
      r3835: - added testing of setting an initial ACL on a file using NTTRANS create
      r3836: - fixed the handling of NT_STATUS_BUFFER_TOO_SMALL in nttrans server
      r3837: added support for LsaLookupSids in the LSA rpc server. This allows the GUI ACL editor on w2k to
      r3838: use "security.NTACL" instead of "security.NTAcl" for the xattr name for ACLs
      r3916: w2k3 does not check the max_setup count in nttrans requests
      r3938: cleaned some old stuff out of loadparm
      r3939: - added "posix:fakeoplocks" option for testing with oplocks forced on
      r3941: make sure we don't keep pounding on a ncacn_ip_tcp connection after it is dead
      r3945: expanded the BASE-PROPERTIES test to print a nicely formatted list of
      r3952: added validation of the lm and nt verifiers to our server side password change code.
      r3953: the lm verifier key in passwoed ChangePasswordUser3 is based on the nt
      r3975: added LFN filesystem attribute bit definition from ethereal
      r3976: changed NBENCH to use the same recording method as the latest dbench,
      r3977: fixed the lmPwdHash change in the rpc server (we were not fetching the
      r3978: added IDL and test code for lsa_LookupSids2() and lsa_LookupNames2()
      r3979: added server side code for lsa_LookupSids2() and fixed authority_name
      r3980: added server side support for lsa_LookupNames() and lsa_LookupNames2()
      r3982: split out the sid -> uid/gid mapping routines into a ntvfs_sidmap
      r3983: posix:fakeoplocks should default to False, not True !
      r3988: made dom_sid_add_rid() allocate the new sid with proper parent/child talloc
      r3989: added a linear algorithmic mapping for uid->sid and gid->sid within
      r3990: take advantage of the uid->sid and gid->sid code to create a much
      r3991: for uid->sid and gid->sid to be efficient we need to index on unixID
      r3992: provide hooks for lsa to lookup sids allocated using the linear id->sid mapping
      r3993: use distinctive fnums in the ipc backend, to make monitoring sniffs easier
      r3994: - removed the unused reference count code in lsa server
      r3995: improved the default ACL mapping from unix perms
      r4010: fixed parsing of null attributes in the ldb ldif parser
      r4011: get rid of rpc_secdes.h and replace it with a single sane set of
      r4012: split out the lsa lookup single name logic into a separate function
      r4013: got rid of a bunch of unused or unmaintained code
      r4014: removed unused MacExtension.h header
      r4015: correct copyright attributions
      r4025: added a sec_access_check() function for checking security descriptors
      r4026: added NT ACL checking on pvfs_open() for existing files. I need to
      r4033: removed a pointless comment
      r4034: add a function security_descriptor_create() which can be used to
      r4035: more effort on consistent naming of the access mask bits.
      r4036: expanded the RAW-ACLS torture test to include tests for the
      r4037: fixed a bunch of "might be uninitialised" warnings after enabling -O1 in my compile
      r4039: added a test for an element > 128 bytes in length, to ensure we test
      r4048: a very simple howto for new developers to tell them how to build and install samba4
      r4049: a simple perl script to add a new user to Samba4 ldb
      r4050: make sure we add objectClass and sAMAccountName
      r4051: use talloc_array() instead of talloc() when allocating arrays in auto-generated ndr code
      r4052: fixed a bunch of code to use the type safe _p allocation macros
      r4053: expanded and fixed a bug in the RAW-ACLS test
      r4054: got rid of Realloc(), replacing it with the type safe macro realloc_p()
      r4055: fixed more places to use type safe allocation macros
      r4056: modified the access check code based on results from RAW-ACLS
      r4058: added a type safe version of smb_xmalloc()
      r4059: moved the ldb -o option parsing to a common routine
      r4060: removed an unused file
      r4061: more additions to the RAW-ACLS test, to help me work out some details for pvfs
      r4062: the RAW-ACLS test now passes. The SEC_STD_DELETE bit is rather strange
      r4065: fixed ntstatus->dos error code for NT_STATUS_NO_SUCH_FILE
      r4066: add a mapping for NT_STATUS_NO_MORE_ENTRIES
      r4067: no matches in findnext is not an error
      r4068: added LANMAN2.1 to list of supported protocols (for OS/2)
      r4069: better error code for SMBwriteBMPX
      r4071: - ldap does allow adding additional attribute values with a modify
      r4072: - changed the names of some of the well known sids to be more consistent
      r4073: - added a set of lsa helper routines to make lsa lookups that are
      r4074: make the RAW-ACLS test use the new lsa helper functions to determine
      r4095: smbsrv_terminate_connection() doesn't exit() in single processor mode, so after we
      r4098: catch null guid string so RPC-DRSUAPI works against my server
      r4101: ignore secondary session requests to cope with a OS/2 bug reported by
      r4109: fixed an uninitialised socket write found by kukks
      r4110: fixed pidl to allow arrays to have size_is() and length_is() elements
      r4111: fixed winreg to use much simpler (and I believe correct) IDL for QueryValue
      r4112: when a pointer is NULL on the wire ensure it is null in the structure
      r4113: modified EnumValue in winreg to take advantage of the new pidl handling
      r4114: added have_features bits to gensec schannel code. This fixes our
      r4115: check for gensec errors before calling memcpy on a set of credentials,
      r4116: fixed compilation of EnumValue code in winreg rpc backend
      r4117: fixed EnumValue in winreg server
      r4118: don't assume that "unsigned int" is the same type as uint32_t
      r4123: set locale to C to ensure ascii string functions work
      r4124: include locale.h to get LC_ALL in include/system/iconv.h
      r4135: improve a debug message
      r4136: when we have a size or switch variable that is a pointer we need to check that the server
      r4138: initialise 'type' in RPC-WINREG EnumValue test
      r4139: 2nd attempt at fixing the null ptr in size_is() problem.
      r4145: make sure we don't set the 32-bit error codes flag unless the client
      r4146: an attempted fix for a OS/2 rename problem found by kukks - seems OS/2
      r4147: converted from NT_USER_TOKEN to struct security_token
      r4148: add a default set of privileges to the core builtin accounts in the
      r4150: - add fns for manipulating the privilege_mask in a security_token
      r4151: added privilege attribute handling on samdb.
      r4159: fixed error return for writebraw
      r4160: fixed the file_type in ntcreatex reply on a named pipe. NT4 requires this to be right.
      r4161: two more fixes for NT4 clients. Bugs found by kukks.
      r4162: this should fix the delete/findnext problem from OS/2 clients. Thanks
      r4163: 2nd attempt at fixing the OS/2 "del *" problem
      r4164: added a test that simulates a OS/2 file delete. This includes seek by
      r4165: added a 100 element name cache to cope with some amount of seeking
      r4170: don't check array size for conformant arrays (they are checked separately)
      r4171: an attempt at better IDL for DsReplicaSync
      r4173: - new t2open code, that can cope with "create with EAs". Many thanks
      r4182: fixed trans2 mkdir, allowing mkdir with an initial EA list
      r4183: expanded the RAW-MKDIR torture test to test creation of EA lists
      r4192: added server side implementation of lsa_EnumAccountRights
      r4193: added server side implementation of lsa_EnumAccountsWithUserRight
      r4194: added server side implementation of lsa_EnumPrivs
      r4195: added IDL, test suite and server side code for lsa_LookupPrivValue
      r4196: - added server side code for lsa_LookupPrivDisplayName
      r4198: - added server side code for lsa_AddAccountRights
      r4199: - added server side code for lsa_RemoveAccountRights (sharing code
      r4202: added smbclient commands "addprivileges" and "delprivileges" for
      r4205: fixed the default acl mapping from posix permissions to use the mapped
      r4206: fixed a status code check in lsa_LookupNames2 that could cause a segv
      r4207: remove "lookupname" and "lookupsid", and instead have a single "lookup" command that
      r4214: possibly fix the "no-EAs" bug from OS/2
      r4227: index the privilege attribute to make lsa privilege calls efficient
      r4228: make sure the caller knows the packet is in error when a signing error occurs
      r4229: - added support for multi-part SMBtrans and SMBtrans2 requests in the
      r4230: now that we set the FLAGS2_EXTENDED_ATTRIBUTES flag, we should mark
      r4232: added server support for multi-part SMBtrans requests, while
      r4242: added support for storing xattrs in a tdb. This allows all advanced NT
      r4243: a sniff from kukks showed that the ea_set interface in trans2 setfileinfo allows
      r4244: add more calls to pvfs_xattr_unlink_hook() on file/dir create, to try to beat race
      r4245: add a note about using a tdb to store xattr information, so you can
      r4246: some very brief notes to myself on solving the case insensitivity
      r4247: two more places that need the unlink hook
      r4261: added the RAW_FILEINFO_EA_LIST trans2 qfileinfo and qpathinfo
      r4262: a sniff from kukks showed that the FILE_ATTRIBUTE_NORMAL handling in
      r4263: added support for the trans2 RAW_SEARCH_EA_LIST information
      r4264: fix acl handling on systems without xattr support
      r4267: fixed the charset code to use the builtin_functions.
      r4269: expanded the note about what you need on linux for xattr support
      r4274: make the prototype RAP netshareenum call return something a bit more sensible.
      r4275: improve the share type info
      r4276: added server side support for lsa_OpenAccount()
      r4277: - added server support for lsa_EnumAccounts()
      r4278: - added server support for lsa_EnumPrivsAccount()
      r4279: added IDL and test code for lsa_AddPrivilegesToAccount() and lsa_RemovePrivilegesFromAccount()
      r4280: added server side support for lsa_AddPrivilegesToAccount() and lsa_RemovePrivilegesFromAccount()
      r4281: fixed an ldb indexing bug in ldb found by volker.
      r4282: removed a spurious error message now we remove index entries in the modify call
      r4283: adding a privilege that an account already has is not an error
      r4284: fixed a problem with very large EA lists and OS/2 clients. These
      r4302: fixed all of the annoying gtk warnings. The code all seems to still work, but
      r4303: a bit more consistent help on privileges commands in smbclient
      r4310: fixed the authority_name field in lsa_GetUserName()
      r4313: fixed a bug in handling new xattrs in the tdb xattr backend
      r4314: added ACL checking on unlink
      r4315: use the remote hosts max_xmit, not the local hosts, in calculating max trans2 data sizes
      r4316: - now that the trans2 code properly supports multi-part requests, we can set
      r4317: check the count of replies in the os2 ea_list torture test
      r4319: make it easy to use valgrind in the test_posix.sh test suite
      r4364: - added support for testing of chained SMB operations in smbtorture
      r4365: added command 'eainfo' to smbclient for displaying binary EA contents
      r4382: check for bad tid in SMBtdis
      r4383: in order to cope with overfilled buffers on trans2 findfirst we need to use 32 bit offsets and lengths
      r4387: added a TODO about the NTCREATEX_FLAGS_OPEN_DIRECTORY flag - it seems to open
      r4388: - allow ACE flags to be specified in security_descriptor_create()
      r4389: added checking for the default inherited ACL, which is used when no ACEs
      r4391: bring the default ACL inline with what w2k3 uses
      r4401: stricter test for correct ACL inheritance in RAW-ACLS
      r4402: use __location__ instead of __LINE__ in the RAW-RENAME test
      r4403: - added ACL inheritance in the pvfs backend. ACLs are now inherited on
      r4404: check for SEC_ACE_FLAG_INHERIT_ONLY in the "maximum allowed" logic
      r4405: added acl inheritance to the mkdir and t2mkdir backends.
      r4406: - don't call the xattr unlink hook on unlink unless the link count is 1, otherwise
      r4407: stricter checking of parameters on hard link creation in the RAW-RENAME test
      r4408: added the remaining access check hooks into pvfs. All calls should now have acl checking,
      r4409: fixed handling of zero access masks for the POSITION_INFORMATION query/set levels
      r4410: pvfs_rename_one() should not check for create permissions, as the rename
      r4411: when checking for create permissions, we need to check the parent, not the child!
      r4412: SEC_FILE_READ_ATTRIBUTE is always granted, even if not requested. This was being done
      r4413: login failure doesn't warrant a level 1 debug (its filling my logs during torture tests)
      r4424: fixed a simple bug in the '|' handling in indexed ldb searches. I'm
      r4427: - added ldb_msg_*() functions for sorting, comparing and copying messages
      r4428: use minimum open permissions in the 'acl' command in smbclient, so the user is
      r4429: the owner of a file always gets SEC_STD_DELETE
      r4430: - fixed the BASE-LOCK* tests to use a subdirectory, and properly setup the directory before each test,
      r4433: added the boilerplate for the new w2k3 LSA functions in preparation
      r4437: added IDL and test code for lsa_LookupSids3() and lsa_LookupNames3().
      r4442: fix lsa_TranslatedSid3 (its a dom_sid2 not a dom_sid)
      r4443: test lsa_LookupNames3() even when lsa_LookupSids3() fails
      r4444: - initialise registry:HKEY_LOCAL_MACHINE to a reasonable default (where
      r4445: put the unlink test in a subdirectory, and ensure it cleans up
      r4446: attempt to fix the build - andrew, can you check I've done this right?
      r4447: implement server side of lsa_LookupSids3() and lsa_LookupNames3()
      r4448: - fixed access_mask checking on acl set
      r4449: fixed the helpstring for LSA IDL
      r4450: the beginnings of IDL for the dssetup pipe. I need this pipe for ACL editing from w2k3
      r4451: added initial RPC-DSSETUP torture test. It works for level1 of
      r4452: the beginnings of a dssetup rpc server.
      r4453: use lp_server_role(), which currently returns 3, for the dssetup
      r4454: This is the patch I use to Samba3 nmbd to allow a WinXP box
      r4455: LSADS was a duplicate of DSSETUP, and is now gone
      r4461: finished the remaining information levels in the DSSETUP pipe. The pipe is now complete!
      r4462: - enable DSSETUP on ncalrpc
      r4463: added testing of the special SID_CREATOR_OWNER inheritance rules
      r4464: added pvfs backend support for the special CREATOR_OWNER and CREATOR_GROUP inheritance rules
      r4465: remove unused file
      r4466: rather than defining "STANDALONE" for building tdb, ldb and talloc
      r4467: - tdb standalone build doesn't need -DSTANDALONE any more
      r4472: improve the discard_const() macro for standalone build of talloc
      r4473: - moved talloc into its own lib/talloc/ area
      r4474: - converted ldb to use talloc internally
      r4475: fixed smbd to work with the small changes in the ldb API (the most important
      r4476: added a little gcov howto for ldb
      r4477: expanded the test suite to increase code coverage a lot
      r4479: added the function talloc_autofree_context() which returns a talloc context that
      r4480: autofree the dcom proxy tables
      r4481: get rid of the last leak
      r4486: fixed some memory leaks in the new ldb code, by ensuring that memory is always
      r4487: fixed the use of ldb_msg_add_*() in the samr password backend
      r4488: removed an unused variable
      r4490: when implementing one rpc server call in terms of another call, you
      r4491: don't dereference q1.out.sam unless we know it is not NULL
      r4492: r.in.info is a pointer that needs to be allocated before use
      r4493: change name of README.gcov so it doesn't get deleted by "make clean" :-)
      r4496: expanded info on testing your filesystem for xattr support
      r4497: fixed a typo
      r4498: arrgh, really fix the typo this time
      r4501: when copying files it is common for clients to copy the ACL. When the
      r4518: added proper support for "typedef enum" in pidl. We can now use enums as types in switch
      r4519: added the enum print function in ndr_basic.c
      r4520: added a enum test function to the echo pipe
      r4521: fixed up the handling of PROPERTIES elements after the change to support enum
      r4522: PROPERTIES are now handled at the typedef level
      r4523: the PROPERTIES change for typedef was not quite as simple as I thought. This puts in a workaround
      r4524: converted a few bits of samr.idl to use enum properly
      r4526: - much simpler (and more accurate!) ndr_size_*() code generation. It
      r4547: - added talloc_new(ctx) macro that is a neater form of the common talloc(ctx, 0) call.
      r4549: got rid of a lot more uses of plain talloc(), instead using
      r4550: talloc() is now typesafe. It is exactly equivalent to the old talloc_p() macro. Use
      r4556: neater (and faster) way of doing alignments and scalars
      r4559: prevent the RPC-EPMAPPER test from looping forever against w2k3
      r4560: - fixed crash bugs in the RPC-SCHANNEL and RPC-NETLOGON tests
      r4563: fixed lsa_EnumAccounts() server side to return all accounts that have privileges, as
      r4564: added a comment on lsa_EnumAccounts IDL
      r4582: finally worked out what is going on with the inherited ACLs test and win2003. It is a
      r4583: print which bit failed in the owner bits check
      r4584: fix pvfs backend to pass the new enhanced RAW-ACLS test. Easy once I really the
      r4585: don't consider LookupSids3 failing with NT_STATUS_ACCESS_DENIED (as w2k3 does) or
      r4586: RPC-LSA now passes against w2k3
      r4587: fixed dcerpc_secondary_connection() for ncacn_ip_tcp
      r4588: fixed the double bind in ncalrpc with dcerpc_secondary_connection()
      r4589: forgot to commit the new NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED error code
      r4591: - converted the other _p talloc functions to not need _p
      r4592: fixed typo from talloc testsuite fixup for the new syntax
      r4593: don't use the _p function in the testsuite, as when built standalone it doesn't
      r4595: on create check access against parent not child ...
      r4596: added a dynamic inheritance ACLs test. As far as I can tell w2k3 does not do
      r4611: - renamed add_socket() to smb_add_socket() as that is less confusing
      r4612: make the output for the w2k3 acl bug a bit clearer
      r4615: added acl checking on directory search in pvfs
      r4616: the first phase in the addition of proper support for
      r4617: basic alter_context requests now work in our client library. The test
      r4618: - tidied up the alter_context client code a bit
      r4625: added a test that demonstrates that once a context_id is established,
      r4626: Jelmer, can you look at why this init is failing? It is preventing all tools from working
      r4627: - simplified the dcerpc auth code using a common function
      r4630: for ncacn_np if we don't have an explicit request for one of the
      r4631: don't consider an epmapper insert as a failure for the moment
      r4632: added spnego testing and no-auth testing in test_w2k3.sh
      r4638: expose lsa and drsuapi on ncalrpc
      r4640: first stage in the server side support for multiple context_ids on one pipe
      r4642: added support for alter_context in the server for adding new interfaces to an existing pipe
      r4643: RPC-ALTERCONTEXT now passes
      r4644: allow DSSETUP on ncacn_ip_tcp
      r4663: fixed SPNEGO auth in the rpc server
      r4664: SPNEGO auth in our rpc server now works, so add it to the battery of
      r4669: a timeval_to_nttime() function as requested by abartlet. Andrew, its
      r4670: abartlet was worried about floating point precision with my first
      r4672: added the "spnego" flag to the binding string docs
      r4700: first attempt at a composite async function, smb_composite_loadfile(),
      r4710: added a smb_composite_savefile() function, and expanded the test suite a little
      r4711: - deprecate talloc_destroy()
      r4712: slight tidy up in alter_context server
      r4717: fixed our usage of VA_COPY to be more standards compliant
      r4718: don't use the deprecated __va_copy() unless va_copy() is unavailable
      r4719: snprintf.c is used outside of samba, so don't use our special types
      r4744: until we decide what to do about attribute aliasing (see my recent
      r4745: remove the distinguishedName attribute adds from samr. See the
      r4748: removed unnecessary distinguishedName from provisioning
      r4753: added the ability for the generic socket library to handle async
      r4754: tidied up the composite function infrastructure to make it easier to
      r4755: the recent change in the definition of lp_passwordserver() breaks this
      r4756: a slight tidy up in the events code
      r4757: added the ability of the clisocket level of libcli to handle async
      r4758: - added async support to the session request code
      r4765: simplify the async socket code to always go via the event handler
      r4767: handle the different NBT session request refusals, and map them to
      r4769: added a smb_composite_connect() function that provides a simple async
      r4772: fixed checking of the conformant size for dom_sid2
      r4777: added a smb_composite_sesssetup() async composite function. This
      r4778: I forgot to set the session key for the spnego path. Fixed.
      r4779: demonstrate doing 50 parallel loadfile operations, with a callback for completion
      r4781: the tolower() in schema.c is a premature optimisation. I suspect the
      r4782: volker quite rightly pointed out that there is too much of a
      r4783: got rid of another void* in the composite code. This brings us down to
      r4790: added type checking helper macros in talloc. These take advantage of
      r4791: used the new talloc type safety macros to make the "void *private"
      r4792: use type safety int the test suite too
      r4793: minor doc updates
      r4794: - disabled the ntacl command line utilities until they are rewritten to use the same
      r4795: stronget type checking in composite connect function
      r4800: proper fix for the _GNU_SOURCE problem with comparison_fn_t
      r4801: remove the two bogus ctype.h includes
      r4810: fixed anonymous connections with smbclient. Thanks to jbm for pointing this out.
      r4811: now that the event context is at the socket level, the event cleanup
      r4812: removed dependence on Data::Dumper
      r4813: this is a temporary solution to a link problem we have on some
      r4814: cope with perl not being in /usr/bin for idl building
      r4817: ccache was being made ineffective on all the build farm machines
      r4818: missed version.h here
      r4819: its just not my day today ....
      r4828: don't apply the schema until we get it working properly
      r4831: added udp support to our generic sockets library.
      r4832: added simple testing of tcp sockets to LOCAL-SOCKET test
      r4833: added LOCAL-SOCKET to the list of tests that are expected to pass
      r4843: fixed the alignment handling of enumerated types
      r4858: a better fix for alignment of enumerated types (I'm not even sure why
      r4863: schema_find_attribute() should be static
      r4883: support ndr_size_ generation on unions as well as structures
      r4884: - 2nd part of support ndr_size_ generation on unions as well as structures
      r4885: added a new NBT client library. Features include:
      r4886: fixed two places where we process the send side of a socket after the
      r4887: removed a bogus cast
      r4888: use the neater calling convention
      r4889: make sure ndr print flags are initialised in ndrdump
      r4891:  - added a generic resolve_name() async interface in libcli/resolve/,
      r4892: we don't need nameserv.h any more
      r4894: namecache.c is not used any more either
      r4896: make sure the event context doesn't go away while waiting for event completion
      r4898: - removed the unused wins_srv_*() code
      r4899: fixed build
      r4900: build fix for IRIX 6.5
      r4901: a bit more info on nbt packets under high debug level
      r4909: fixed name_trn_id generation (thanks to metze for spotting the bug!)
      r4911: make sure we fill in the transport called name on port 445 as well
      r4915: free temp context _before_ the async callback, as the async callback might destroy our top level context
      r4916: added "host" name resolution using fork() per gethostbyname()
      r4919: if a caller doesn't provide an event context to the resolver library,
      r4922: fixed an infinite loop in the name resolve code when handling a method
      r4924: continue the effort to simplify and generalise the composite
      r4927: parse the NBT session request in the smb server. This gets rid of that
      r4935: fixed a bug where "c->status = xxx_handler(x);" could write to c after
      r4936: moved to a convention where the completion function is only called in
      r4937: simplify the connect code in the same way
      r4938: allow the caller to supply an existing event_context if they want to
      r4939: make a few more private pointers type safe (this might help abartlet
      r4942: converted the cifs backend to not use event_context_merge(). Instead,
      r4943: Smplified the events handling code a lot. The first source of
      r4944: every event_add_*() caller was having to call talloc_steal() to take
      r4945: the te element isn't needed any more
      r4950: removed some excessive debugging messages
      r4951: some of the code dealing with libcli was getting too complex trying to
      r4952: removed a bogus talloc_steal() that was trying to cope with the
      r4953: - enable easy valgrind use in all our test scripts
      r4954: we don't need the separate event_remove_*() calls any more, as you now
      r4955: fixed a couple of minor memory leaks in the auth_sam code
      r4956: - moved the definition of the mangle context structure into a pvfs_shortname
      r4957: the fetchfile _recv() function was neglecting to steal the data and
      r5003: delete old nmblookup.c code
      r5004: add current samba3 nmblookup.c ready for updating to new nbt lib
      r5027: added the IDL license to the IDL directory
      r5032: get rid of the init fns in eparser
      r5034: - added a type mapping function in pidl, so the type names in our IDL
      r5035: fixed composite test to use --num-ops command line option
      r5036: changed HYPER_T to the more standard "hyper"
      r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for the
      r5038: we don't need these defines any more
      r5039: fixed eparser not to generate talloc_p()
      r5040: attempt to get solaris10 building by defining _XOPEN_SOURCE
      r5042: another attempt to get solaris10 building
      r5043: this broke more systems than it helped. Remove it and try to work
      r5048: made the provision.pl script much less error prone (you don't need to
      r5049: updated howto.txt with new provisioning instructions
      r5050: make sure we translate the generic to the specific bits before doing a
      r5051: initialise all elements of an array (thanks to Mike Allan for pointing
      r5052: minor formatting fix
      r5053: - fix up the library dependencies so that tools that need nbt don't
      r5054: added a nmblookup tool, based on the new nbt library
      r5079: don't look for gss_display_status() in libgssapi_krb5 unless we
      r5080: patch from ronnie to make our samr IDL a little more consistent
      r5083: removed the libcrypto test that is forcing the pull in of the MIT krb5 libs when you
      r5084: - handle arbitrary data in the NULL record reply type for nbt name queries
      r5085: add net and nmblookup to installed binaries
      r5102: This is a major simplification of the logic for controlling top level
      r5103: forgot to add two new files
      r5104: - added support for task based servers. These are servers that within
      r5105: removed some unused events functions. These are no longer needed as
      r5106: removed a bunch of unused socket functions. We still need
      r5107: moved the horrible ldap socket code, and the even worse
      r5108: the beginnings of a nbtd server for Samba4. Currently just displays
      r5109: - fixed handling of zero-length subcontexts in the ndr library
      r5114: the nbtd task can now act as a basic B-node server. It registers its
      r5115: enable the nbt daemon by default
      r5116: fixed build of the nbtlist code
      r5117: used a composite function to add 4 stage name registration. We send 3
      r5118: added support for node status replies in nbtd. nmblookup -S now works against Samba4.
      r5119: fflush after talloc reports to ensure they are fully on disk when using tee
      r5120: encode outgoing nbt packets when queueing them rather than in the send
      r5121: added periodic name refresh requests for all our registered names, reporting any
      r5122: fixed name of winbind stream ops
      r5123: fixed a bug in the timed events handling. It was possible for a timed
      r5126: the composite code is no longer client specific or smb specific, so
      r5129: make sure we don't spin chewing CPU time due to my last change
      r5130: added a single NBT name query benchmark. It keeps 10 queries in flight at a time.
      r5155: define ipv4address as a based IDL type, mapped to a "const char *" in
      r5156: started on test driven development of the nbt server. This adds a
      r5170: fixed a bug handling events that have already timed out - they were
      r5171: added support for "bind interfaces only" in nbtd. The solution was to
      r5172: actually bind to the right address for the wildcard interface ....
      r5185: make all the events data structures private to events.c. This will
      r5187: ordered the timed events in the events code, which makes processing
      r5189: fixed a double free bug in the ltdb indexing code
      r5193: make sure we mark the event dead when we free it on a dead connection
      r5194: added support for using epoll instead of select() on systems that have
      r5195: most events don't need the time of the event, so save a gettimeofday() call
      r5196: fixed sily bug (that metze found)
      r5197: moved events code to lib/events/ (suggestion from metze)
      r5198: don't consider failure to remove an epoll event as enough reason to
      r5210: changed server side nbt functions to be prefixed with nbtd_ instead of
      r5211: added broadcast name defense against both registration and refresh
      r5212: added checking for receiving our own packets as broadcasts
      r5213: do our name broadcast refresh requests as register packets not refresh
      r5214: added support for "netbios aliases" in smb.conf
      r5215: register aliases as both client and server node types, so nmblookup can see them
      r5216: don't defend group names against incoming name registration requests
      r5217: avoid epoll_ctl() if the event flags are already set correctly
      r5221: replace the str_list_*() code with new code based on talloc(). This is
      r5222: made the nbtd_self_packet() code more efficient
      r5248: fixed a silly bug in DLIST_ADD_AFTER()
      r5249: don't include ';' in the default list separators for parsing
      r5250: - added low level support for retrying nbt name queries, rather than
      r5251: - renamed the nbtd server side structures to have a nbtd_ prefix, to
      r5252: - fixed nmblookup for the nbt api changes
      r5253: need to pre-declare some structures
      r5259: make sure we give the ip of the interface that a name query comes in
      r5260: - show an error message on nmblookup failure
      r5261: translate nbt rcode errors to NTSTATUS codes
      r5273: fixed another bug in the code that keeps timed events
      r5274: fixed some const warnings by making the str_list_ functions return "const char **"
      r5275: - added support for NBT_OPCODE_MULTI_HOME_REG (opcode 0xf) for WINS name registrations
      r5276: - added support for NBT_OPCODE_REFRESH2 (type 0x9)
      r5277: initialise the multi_homed flag in the name registration test
      r5291: fixed ncacn_ip_tcp against windows
      r5292: ensure we cleanup the epoll_fd on event context destruction
      r5294: - added a separate NBT-WINS test for WINS operations (register, refresh, release and query)
      r5296: - only include the tdb headers where they are needed
      r5297: ensure pstring is not in the generated prototypes
      r5298:  - got rid of pstring.h from includes.h. This at least makes it a bit
      r5299: fixed an include ordering problem
      r5300: more uint32 and system/filesys.h build fixes when developer mode is enabled
      r5301: fixed pthreads build
      r5302: fixed a compilation problem on solaris caused by the recent include
      r5303: fixed build of gconf registry backend
      r5304: removed lib/socket/socket.h from includes.h
      r5305: removed libcli/ldap/ldap.h from includes.h
      r5306: removed all the unused mutex functions from mutex.c. When (if?) we
      r5307: removed db_wrap.h from includes.h
      r5308: trimmed back a lot of the old macros from smb_macros.h
      r5309: removed ads.h from includes.h
      r5310: allow for rounding errors in the sleep test
      r5321: added a program that works out the minimal set of #include lines
      r5322: removed a whole bunch of #include lines that minimal_includes.pl
      r5325: - expanded the NBT-WINS test to include scopes
      r5326: removed the charset conversion from the nbtname code, so we no longer
      r5328:  - allow case sensitive nbt name lookups
      r5329: made the nbt server case sensitive
      r5333: weird, w2k3 always sends a positive name release response, even for names that
      r5346: - a bit more preparation for the WINS server going in
      r5347: fixed the NBT-REGISTER test now that the nbt layer is case sensitive
      r5352: added a function nbt_name_string() that formats a nbt_name structure
      r5356: fixed the hex coding for nbt names
      r5357: added ldb_msg_add_fmt(), for creating formatted ldb record values
      r5358: - added initial WINS server code. It passes most of the NBT-WINS test, but doesn't yet
      r5370: epoll gives more precise event bits like EPOLLHUP instead of just EPOLLIN. We need to map
      r5371: on port 139 the called name needs to be in uppercase
      r5372: fixed the build
      r5374: - changed the dn key code in the ldb tdb backend to correctly honor
      r5375: use a real DN in the WINS database. We now pass the NBT-WINS test.
      r5382: another place where we need to uppercase the called name for port 139 connects
      r5384: for RPC-NETLOGON to pass we need to set the realm as well as the domain to the target
      r5386: added testing of registration of group names
      r5387: - added automatic WINS server record expiry
      r5388: uppercase the server name on ncacn_ip_tcp
      r5389: initialise the WINS ttl max/min values to something sensible
      r5390: use __location__ to make tracking down errors in RPC-SAMSYNC easier
      r5391: cope with w2k3 getting the timeout wrong in wack replies
      r5392: added "secure" WINS server processing. Send a WACK on name
      r5395: fixed some loadparm memory leaks
      r5396: fixed parsing of NBT type 0xc0 compressed name pointers
      r5397: added testing and server support for the special handling required for the 0x1d local master browser name
      r5398: fixed encoding of *SMBSERVER name (thanks to Karl Melcher for spotting this)
      r5401: using talloc_array() is neater here
      r5402: a initial attempt at a IDL definition of the WINS replication protocol
      r5403: a simple WINS benchmarking program
      r5404: allow spaces in the string representation of nbt names
      r5405: try to use NBT name pointers when a netbios name is repeated in a NBT
      r5406: fixed dependencies for the WREPL subsystem
      r5408: - added testing for the behaviour of the special 0x1c name
      r5411: make network interface selection a bit saner
      r5412: don't force initial debug level up in ndrdump
      r5413: enable standard samba command line options in ndrdump (so -d works)
      r5414: - added libcli/wins/, a basic client library for WINS replication
      r5415: added a NBT-WINSREPLICATION torture test. It asks the server for the
      r5416: nicer output when trying to replicate with a server that hasn't been setup as
      r5418: - added version numbers to WINS database records in preparation for adding server side
      r5448: another portability fix for solaris
      r5451: - added separate wrepl_associate(), wrepl_pull_table() and wrepl_pull_names() functions, with reasonable
      r5454: moved the WINS server code into its own directory
      r5664: simo, please look into this. It is possible for the number of elements
      r5665: the data within el2->values can still be used at this point, so don't free
      r5666: winxp will use a NTTIME of -1 to mean "don't change" in setfileinfo
      r5937: - performance improvement to talloc_asprintf_append()
      r5938: - allow NULL string argument to talloc_vasprintf_append()
      r5939: improve talloc_realloc() docs after feedback from lifeless
      r6031: don't try to send errors when the socket has been destroyed
      r6074: fixed non-spnego connections for new credentials code
      r6075: added talloc_enable_null_tracking() (asked for by lifeless)
      r6086: default to stderr for error messages in ldb, so we get errors in ldb_connect()
      r6087: - remove the dlopen code for now (before it goes back, it needs to be
      r6147: The maxfd was being recalculated on every event loop, which made us
      r6150: fixed a few socket_wrapper bugs.
      r6165: fixed up the userinfo composite code. Fixes include:
      r6184: the beginnings of the libcli/dgram/ library, and the dgram
      r6185: added LIBCLI_DGRAM to the list of libs to be built as part of LIBCLI
      r6209: started added code to support mailslot requests over UDP/138
      r6222: fixed the socket wrapper code for getsockname()
      r6223: added a bit more datagram infrastructure and the beginnings of a test
      r6245: receive and parse the GETDC response in the NBT-DGRAM test. The test
      r6246: stop waiting when we get a reply
      r6247: added the server side code for receiving mailslot requests, and
      r6248: added parsing of type 10 UAS announce netlogon packets
      r6287: sorted out a small but surprisingly tricky dependency problem with the
      r6288: the nbt dgram server now responds to GETDC requests. It works with our
      r6320: some minor netlogon datagram fixes - NT4 can now join a Samba4 domain without
      r6321: added IDL and test suite for NBT dgram 'sam logon' request (sent by
      r6323: added server side support for dgram NTLOGON requests. NT4 workstations can now login
      r6331: added IDL and test suite for the ADS style response to a datagram netlogon query.
      r6333: removed an extraneous line (pointed out by metze)
      r6335: at debug level 10, save netlogon and ntlogon packets that fail to parse
      r6338: ADS style GETDC response now works well enough that WinXP can join
      r6339: set the NBT_SERVER_LDAP and NBT_SERVER_KDC bits based on config
      r6340: - added an easy to use function to initialise a temporary ldb with some ldif
      r6341: fixed the schannel idl to handle dotted names correctly
      r6342: fixed a bad union assumption that caused ACLs to fail on 64 bit machines
      r6474: - added a simple talloc web page at http://talloc.samba.org/
      r6479: - added a simple web page
      r6480: fixed whitespace typo
      r6481: change download instructions to include tdb and talloc
      r6509: fixed a crash bug found by a-jutley at microsoft.com in RPC-RAP test
      r6528: - in tdb_fetch() we effectively disallowed zero length records by
      r6529: fixed locktest with new credentials code
      r6530: the server ID of a connection in the single process model should be
      r6531: fixed gentest with new credentials code
      r6541: added double pointer test to win32 echo client
      r6545: some notes and experiments on ref ptrs, testing with midl
      r6549: a simple ldap test script
      r6556: added BENCH-RPC test, useful for simple rpc load testing
      r6557: make srvsvc available on ncalrpc and ncacn_ip_tcp so we can do each
      r6560: added a tdb_chainlock_read() call in ldb_search(). This guarantees
      r6561: re-did the internal message system based on DGRAM unix domain
      r6562: added support for datagram unix domain sockets in the socket library
      r6563: - fixed the local messaging torture test not to fork, as this causes
      r6578: brown paper bag time with the new messaging code ....
      r6579: improved the handling of lock timeouts and cancels in the pvfs locking
      r6580: fixed the bug that caused the truncation of the main file on a stream
      r6581: improved the error message for RAW-LOCK timeouts
      r6604: solved a memory hierarchy ordering problem that led to crashes on
      r6618: only print the netlogon packets we receive if it is an unknown packet type
      r6619: realm should not be forced uppercase
      r6620: the type 23 schannel bind uses a workstation name, not an account name
      r6661: fix up talloc autoconf to have a chance of working on the build farm
      r6662: add an installcheck target for talloc
      r6663: only use -Wall for gcc
      r6687: added a idr helper function for creating random IDs
      r6688: removed unused binary_string() function
      r6689: minor ldap client library work
      r6690: added ndr_pull_struct_blob_all(), which is like ndr_pull_struct_blob() but checks
      r6691: fixed a comment
      r6692: used idr_get_new_random() in the nbt client library
      r6693: first version of cldap client library, with async interface
      r6694: a simple CLDAP torture test
      r6719: pidl need to be told that the external type netr_SchannelType is an enum, otherwise
      r6720: added support for the remaining 2 types of CLDAP netlogon
      r6724: added "cldap port" smb.conf parameter
      r6725: the beginnings of a cldap server
      r6726: support binary search elements in ldap_decode()
      r6740: make gensec_gssapi.c compile again
      r6741: prevent talloc_strndup() from reading one byte past the end of a buffer,
      r6744: added support for reply packets in libcli/cldap/
      r6745: - escape spaces in binary ldap blobs
      r6746: added ndr_push_union_blob() for pushing IDL unions into a DATA_BLOB
      r6747: first working version of cldapd server. It is missing 'sites' support, and
      r6750: some minor tweaks to the cldapd server
      r6751: dnsDomain should be CASE_INSENSITIVE (winxp will sometimes do a cldap query with this
      r6761: - not everyone is in my domain :-)
      r6762: with the zone right we don't need a fully qualified site name at all
      r6763: added functions in libcli/ldap/ to binary encode some NDR structures into
      r6764: added support for DomainGuid, DomainSid, AAC, and User attributes in
      r6765: expanded the cldap test suite to test the usage of the DomainGuid,
      r6766: some more cldap tests ...
      r6776: make the cldap torture test not dependent on the realm being set
      r6802: - fixed CFLAGS
      r6808: - test for gcov not needed
      r6809: ifeq is not portable in make - jelmer, you'll need to find some other way of doing
      r6812: more talloc portability tweaks
      r6814: fill in two more unknown values in cldap responses
      r6815: fill in values in cldap server as well
      r6816: - fixed debug display of ndr netlogon union
      r6817: - fixed empty ldap search elements in filters
      r6829: include the talloc autoconf tests when building ldb standalone
      r6830: put header checks in config.m4 so when it is included by other projects the right
      r6831: talloc now requires config.h (this fixes ldb build)
      r6833: split out the routine that calculates the diff between two ldb messages from ldbedit,
      r6845: make the talloc header align to 40 bytes, which costs us an extra 4
      r6846: make smbd terminate immediately on EOF from stdin
      r6852: implement an idea from kinkie to make the 'make test' target automatically kill smbd
      r6853: again fixed SOCKET_WRAPPER_DIR in 'make test'
      r6869: removed completely bogus BASE-RW2 test
      r6873: fixed exec bit
      r6875: added a BENCH-CLDAP test. Speed of the cldap server isn't all that important, but it does
      r6876: - fixed a memory leak in the cldap server
      r6877: added CLDAP testing to test_ldap.sh
      r6967: fixed the new multi-value dn=@ATTRIBUTES so it actually works :-)
      r6968: fixed a typo in the event macros. I'm surprised this one didn't show up earlier!
      r6980: added data_blob_append(), which I use in the web server
      r6981: first version of the builtin web server for Samba4
      r6982: install the swat pages with 'make installswat'
      r6983: add some sample esp pages to demonstrate the use of some of the features of the server
      r6985: rearranged the directory structure so as to make it possible to support esp include() call
      r6986: added support for <% include("somefile.ejs") %> for including common scripts
      r6987: - make sure esp pages cannot read data outside of the swat directory
      r6988: added a test of esp include() calls
      r6989: - added support for esp style includes (which include a esp file, instead of a ejs file)
      r6990: apparently some systems define UNUSED :-)
      r6997: added a private pointer to the task structure. This is needed by the session data
      r6998: - added support for application[] data, which is global to all clients using the web server.
      r6999: - renamed our html files to esp
      r7000: only keep session data if not empty - this saves us using lots of memory needlessly
      r7001: make sure we install the esp files
      r7002: added support for getting at loadparm config parameters via lpGet() in esp scripts
      r7003: added an example script for fetching smb.conf parameters from esp scripts
      r7004: added support for exceptions generated in the esp library. If the OS
      r7005: added a esp page to demonstrate exception handling
      r7007: try to get ejs compiling again
      r7008: - split out the loadparm type definitions so loadparm internals can be accessed externally
      r7011: when using macros, the parameters should be specified unless its a
      r7012: added smb.conf parameters
      r7013: added tls support to the builtin web server. It auto-detects if the client
      r7014: added Content-Length header to both esp and non-esp output
      r7015: use a scripting trick to force images to be sent with http instead of https, which
      r7016: - added smb.conf parm 'web tls = true/false'
      r7017: added a esp variable server['TLS_SUPPORT'] which tells the script if the server
      r7018: take advantage of the server[TLS_SUPPORT] variable to auto-redirect the home
      r7019: - added esp call lpServices() which returns a list of services in smb.conf.
      r7023: reduced the number of warnings in building ejs and esp
      r7044: vance is right that mixing http and https elements gives a warning in IE
      r7047: rearranged the tls code a bit, and improved the error messages when it fails
      r7048: added auto-generation of TLS self-signed certificates if none exist already
      r7049: auto-create the private/tls/ directory on install
      r7051: remove an unused file
      r7052: added a case insensitive str_list_check_ci() version of str_list_check()
      r7053: added a ldbSearch() call to esp
      r7054: added a example script showing ldbSearch() usage
      r7055: automatically add the dn to all ldbSearch results
      r7056: added links to ejs and esp info pages
      r7067: older versions of gnutls don't have GNUTLS_KP_TLS_WWW_SERVER
      r7071: allow access to the current mpr memory context from ejs calls
      r7072: moved the esp hooks calls to the ejs level, so we can call them from
      r7073: added some simple example scripts for use with smbscript
      r7074: we should load all shares in smbscript
      r7075: added support for ARGV[] in ejs scripts
      r7076: added demos of using ARGV[]
      r7077: pull in a bunch more libs for smbscript. I plan on making a whole lot
      r7078: - fix an uninitialised variable in smbscript
      r7079: remember to register the esp calls
      r7085: fixed a bug in ejs with setting up the arguments[] array
      r7086: make include() recognise the ".esp" extension and include the file as
      r7087: always run the /scripting/preauth.esp page before processing any
      r7088: start on some real structure for the SWAT web pages
      r7089: ensure that headers['HOST'] is setup
      r7090: added back in the showvars test
      r7091: added some more useful links
      r7092: added some js for formatting table results in a nicer fashion
      r7093: - added a new Form() ejs object for producing simple forms.
      r7094: use the Form() object in a few more places
      r7095: more html tidying
      r7096: added support for select lists in forms
      r7097: removed a debug line
      r7101: moved favicon into images/
      r7104: add support into the web server for session[] variables without cookies by using
      r7105: fixed a typo
      r7106: the web interface now works completely with or without cookies. If you have cookies
      r7107: detect when a users session has expired and set request['SESSION_EXPIRED']
      r7108: display a session expired message
      r7124: fixed a bug in array construction (see ECMA standard section
      r7125: demonstrate some bugs in ejs
      r7127: allow for recursive ejs functions
      r7128: added recursion to bugs list
      r7131: support sub-object arrays when displaying objects. This allows the ldb test to
      r7132: - start a convention of making object constructors end in Obj, so we
      r7134: a number of small changes to make the pages HTML compliant. The
      r7135: make typeof() complient with ECMA 11.4.3
      r7136: fixed a typo
      r7162: a test commit to trigger anon update with new svn fsfs backend
      r7163: a 2nd test commit to trigger anon update with new svn fsfs backend
      r7205: added support for sendto() on unix domain sockets
      r7206: changed the messaging library to use sendto instead of a connected
      r7211: - use ioctl(FIONREAD) to remove the artificial limit on messaging size
      r7227: added a socket_pending() call to abstract away the FIONREAD ioctl. It
      r7228: use socket_pending() instead of the direct ioctl in the messaging code
      r7229: use socket_pending() to get rid of the max packet size limits in the
      r7230: use socket_pending() to get rid of the max packet size limits in the
      r7264: fix up the socket handling for abartlet. Still only udp, but it won't
      r7265: fixed d_printf() so it works again.
      r7271: added the ability to specify a target specific set of CFLAGS for
      r7272: this is a sample mk file for building a heimdal library using the
      r7289: split out the list of *.mk files for the build, so you don't need to modify the perl
      r7290: comment out heimdal config for now
      r7294: implemented the irpc messaging system. This is the core of the
      r7295: added an irpc benchmark. It gets about 16k messages/sec on my laptop,
      r7296: avoid two stat() calls per message. This increases the raw message
      r7298: ensure messages are sent in order even when under extreme load. This
      r7309: started adding IDL for nbt management calls. This adds a
      r7320: added support for a private pointer in irpc registered handlers
      r7321: add nbtd statistics serving over irpc
      r7322: the beginnings of a in-tree heimdal
      r7352: the internal heimdal build change. This changes quite a few things:
      r7355: this should fix the link problem metze hit with smbscript
      r7356: fixed the problem mkaplan reported with not being able to run without -i
      r7358: make the irpc test use two messaging contexts, not one, so it better
      r7359: add configure test for strsep (might helps abartlets build of heimdal)
      r7360: added a few more heimdal configure tests
      r7361: fixed the 'file becomes a directory' bug that marc kapland found.
      r7419: when we have both --enable-developer and --enable-debug we don't need -g twice in the
      r7431: this should fix the bug that mkaplan and I noticed which is that
      r7459: fixed pvfs for the RAW-MUX test
      r7460: fixed several problems with the socket wrapper code and unbound sockets
      r7461: this is the start of some code for mapping IDL onto ejs. This is hand
      r7475: removed RPC-SAMLOGON test until we get a lighter version of it. It is
      r7476: ensure dgram sockets are created non-blocking. As they usually skip
      r7478: fixed a problem with a backgrounded smbd looping to handle continuous
      r7483: ensure we try reading from a socket if epoll says we can, and don't
      r7484: the previous bug can also affect the kdc
      r7485: - allow test_xxx.sh to run outside of 'make test' by ensuring $PREFIX is setup
      r7493: add a --maximum-runtime option to smbd. If this time is exceeeded then it exits.
      r7494: added --maximum-runtime to smbtorture as well. I have seen smbtorture
      r7495: used --maximum-runtime=300 for each smbtorture call, to prevent it
      r7496: removed an unused variable
      r7497: add timeouts to all rpc requests. The default timeout is 60
      r7499: ensure that the account we run tests as ("Administrator") maps to the
      r7502: the sleep test in echo is already run on the main rpc test, so no need to run it with every combination in
      r7503: turn off the sleep test here too
      r7504: missed one
      r7506: handle the case where cron does not setup $USER
      r7507: fixed the problem with users being shown too many times in acl
      r7510: fixed error code for using a bad tid.
      r7513: don't try to write to the smbd log file between tests. zeroing a file
      r7514: make the ldb_parse code not depend on a ldb_context, so we can now potentially use
      r7515: merge in the binary encode/decode enhancements from the libcli/ldap/
      r7516: make sure binary decoding gives us something we can run string functions on
      r7517: handle zero length equality tests
      r7518: don't use an uninitialised ldb debug function when failing to load modules in the ldap
      r7519: rip the copy of the ldap expression parser out of libcli/ldap/ and use
      r7522: added a ldb_filter_from_tree() function that takes a ldb_parse_tree
      r7523: blergh
      r7524: make the ldap ASN.1 filter parse code go via a struct
      r7526: make test should depend on the bins
      r7527: - added a ldb_search_bytree() interface, which takes a ldb_parse_tree
      r7528: cleaned up the QueryDisplayInfo_continue test
      r7533: don't show compile flags for each file
      r7557: trigger a probe at tconx time to see if xattrs are really supported by
      r7558: added support in ldb for extended ldap search requests. These are
      r7559: support 64 bit matching in bitops
      r7560: added tests for extended bitop search functions
      r7564: added a test showing the search expression that w2k is actually giving
      r7565: fixed handling of sasl data in ldap server
      r7566: added support for LDAPString types in the asn.1 library
      r7567: added wire parsing of NOT and extended ldap search requests. This
      r7568: enable the NTLMSSP bulk data sign/seal code for out ldap server. This
      r7571: fixed the generation of the filter string for extended filters
      r7572: fixed filter in test suite
      r7593: simplified the memory management in the ldap code. Having a mem_ctx
      r7594: abartlet is right that this hack is not actually necessary, it just
      r7596: next step in ldap cleanup. I'm aiming to get rid of the cut&pasted
      r7597: removed the bogus get_myfullname() and get_mydomname() calls, and put
      r7598: take advantage of struct data_blob and struct ldb_val being the same
      r7599: it turns out we were not using the ldif code in libcli/ldap/ at all,
      r7626: a new ldap client library. Main features are:
      r7633: this patch started as an attempt to make the dcerpc code use a given
      r7650: fixed a typo
      r7652: use event friendly connect in dcerpc socket code
      r7653: when a dcerpc request times out, we need to ensure that if the server
      r7654:  - add a timeout to all smb requests (default 60 seconds)
      r7655: test the evnt friendly socket_connect() in the LOCAL-SOCKET test
      r7656: added testing of rpc request timeouts and destruction
      r7657: test addone again after request timeout and destruction to ensure the pipe is still OK
      r7658: don't timeout at the smb level for rpc requests as otherwise some rpc
      r7659: fixup the ordering of socket destruction for ncacn_ip_tcp so we don't try and
      r7660: improved error handling in socket_connect_ev() (it matters when name
      r7661: patch from tburdi1 at uic.edu to fix autogen.sh on freebsd
      r7665: - added a ildap_*() interface to our internal ldap library. This
      r7666: fixed a memory leak in the ldap ldb backend
      r7667: added a ldb ildap backend, using our internal ldap client library. Next step is to
      r7668: - setup HAVE_ILDAP to enable the ildap backend in ldb
      r7669: removed ldap from our configure tests
      r7670: fixed rootDSE search in ldap server
      r7671: added ldap testing to the set of standard tests
      r7672: this should fix the crypt dependency problem (I hope!)
      r7677: fixed ldap server to honor 'private path'
      r7678: fixed typo
      r7704: - fixed open_nbt_connection() to return NULL when the connection failed
      r7705: prevent SIGPIPE. this is what causes BASE-NEGNOWAIT to sometimes fail
      r7709: - convert ldb to use popt, so that it can interact with the samba
      r7710: new command line handling code for ldb
      r7711: update callers of ldb_connect() for new syntax
      r7712: ldb/common/util.c is gone
      r7713: fixed error display in ildap_search()
      r7714: enable samba credentials handling in ldb tools. So you can now do a
      r7715: ensure we don't print null strings in ldap_errstr()
      r7716: a single wrapped ldap blob can contain multiple ldap messages
      r7717: fixed some typos
      r7719: make the ildap ldb backend use the defaultNamingContext if the basedn
      r7720: - simplify the asn1 decode of ldap_search() a lot, taking advantage of
      r7721: solve a problem with null arguments to testit()
      r7722: when we get a zero read, the connection is dead
      r7723: - fix a mismatched asn1 push/pop on bind
      r7724: added encoding of LDB_OP_NOT search components
      r7725: fixed a bug with partial asn1 frames in the ldap client
      r7726: - removed some unused variables
      r7727: we need to mark some attributes as INTEGER, so that the standard searches
      r7728: handle 64 bit integers in INTEGER match
      r7739: fixed an off by one bug in the base64 decoder for ldb ldif
      r7740: get rid of our duplicate base64 routines
      r7741: fixed the verbose option in ldbedit
      r7742: abstracted out the tls code from the web server, so that our other servers
      r7743: be consistent in how stdin is supported for ldbadd and ldbmodify
      r7744: converted the web server to use the lib/tls/ generic tls code
      r7745: better handling of recv errors in tls library
      r7746: - added TLS support to our ldap server
      r7747: - simplified the ldap server buffer handling
      r7749: some bug fixes from testing with socket:testnonblock
      r7750: handle STATUS_MORE_ENTRIES on send in tls
      r7751: only enable tls on the ldaps port in ldap server, and reject non-tls
      r7753: removed debugging code :-)
      r7754: fixed the local port of accepted sockets in socket_wrapper. This fixes
      r7755: fixed an uninitialised event_ctx found by abartlet
      r7759: allow ldb_errstring() to be used when not connected
      r7760: make client tools get the right config file in 'make test'
      r7763: fixed some circular dependencies
      r7767: fixed ldb dependencies
      r7768: use _ALL_OBJS in clean target
      r7769: added client support in the tls library api
      r7770: added ldaps support to our ldap client library
      r7771: - added ldaps and NTLMSSP testing to ldap tests
      r7772: actually give the auth options to ldbsearch ....
      r7773: fixed the tls code for the non-GNUTLS case
      r7774: put $CONFIGURATION in one more place
      r7775: solaris uses 'lo0' for loopback network, so by using lo* we should cover both
      r7776: add a method for getting arbitrary opaque data into a ldb context, for use by backends.
      r7777: allow for overriding the location of the sam databasein the ldap server, using
      r7778: added talloc_find_parent_bytype() and talloc_find_parent_byname()
      r7779: use the parent event context in ldb_wrap_connect(). See the comment in
      r7780: fixed a bug in talloc_find_parent_byname()
      r7781: finding the parent of a talloc ptr is trickier than it looks due to the two-way
      r7782: fixed an ordering problem with smb requests. I found this when I had "sam database"
      r7783: the whenChanged attribute is now handled by the timestamps module, and
      r7784: give an error in ldb_tdb for invalid modify flags. The "whenChanged"
      r7792: make the allocation size rounding in pvfs configurable
      r7793: allow integers in smb.conf to be specified in octal or hex
      r7795: use a share specific allocation rounding
      r7800: added the same request serialisation logic to our socket based rpc
      r7801: the ldap server needs this logic too
      r7803: added support in ldb for callers to setup ldif read/write functions,
      r7804: added the samba specific ldif handlers into the tree, but don't enable
      r7808: fixed the build of ldb after the binary file support in ldif was added
      r7810: don't give errors when the ldap server sends us reference replies
      r7831: use cn=TEST as base of test DNs so we don't interfere with potentially real records
      r7832: missed one
      r7833: changed ldbsearch and ldbedit to have command line syntax closer to
      r7834: added comment about the "((" search test
      r7854: only enable wrapping in the ldap server if it was negotiated by gensec
      r7855: fixed a typo
      r7856: fixed warning of 'methods' shadowed variable
      r7857: improved the handling of end-of-file on sockets in the smb server
      r7858: removed some unused variables
      r7860: switch our ldb storage format to use a NDR encoded objectSid. This is
      r7863: removed an unused variable
      r7864: fixed some const bugs
      r7865: changed pidl to take a "const void *" instead of a "void *" for the
      r7867: a couple of bug fixes for newuser.pl from kukks
      r7868: canonicalise the message before using ldb_add() in the ldbadd utility.
      r7869: revert the configure changes from jelmers commit for heimdal_build
      r7870: fixed the RPC-SCHANNEL test. It turned out it was my const changes, as
      r7871: setup spoolss, wins and hklm dbs correctly in selftest
      r7872: another place we were relying on the old behaviour of value()
      r7873: hopefully fixed build of ldb_explode_dn() on AIX
      r7874: reverted metzes patch svn 7837 as it is not portable to make on
      r7894: remove portability experiments until its working in the smb-build test project
      r7895: hopefully this will fix the popt build on solaris
      r7896: don't output null rules for blank targets (caued make failure on irix)
      r7898: don't die on bad iconv libs in LOCAL-ICONV test
      r7899: fixed a crash bug in the RAW-CONTEXT test
      r7900: the existing ltdb indexing code does in fact cope with binary fields, so re-enable
      r7901: check if system supports UTF-16LE at all in LOCAL-ICONV test
      r7905: this should fix installswat on FreeBSD. Thanks to nodie for testing this for me
      r7906: some portability fixes for ldap testing on solaris (solaris grep doesn't handle ^)
      r7907: the old solaris perl doesn't handle mkdir() without a mode
      r7909: don't consider not finding a list of network interfaces from the kernel a fatal error,
      r7910: fixed typo in _SAMBA_BUILD_ macro
      r7911: task_terminate() is defined in the macosx headers, so change the name
      r7912: make private_path() recognise a non-relative filename, so we can have
      r7913: prevent recursion in the socket wrapper code
      r7914: - we don't need to override the database locations in selftest any more
      r7915: report the number of failed tests so far when running 'make test' interactively
      r7916: - got rid of the in_client global
      r7917: macosx doesn't have a group called 'users'
      r7918: fixed a crash bug in the ldap server
      r7919: use more portable shell syntax for MALLOC_CHECK_
      r7920: another attempt at making installswat.sh portable
      r7921: fixed newuser script (letting samldb module allocate the sid)
      r7923: removed dependence on Data::Dumper
      r7925: small tidyup (please keep lines at a reasonable length)
      r7926: poptGetNextOpt() returns int, not char
      r7927: fixed an error on partial socket writes in the rpc server
      r7929: yet another attempt at fixing installswat on freebsd 5
      r7930: - added testing of the cifs passthru backend
      r7931: fixed a bug in the cifs backend found with the new test code
      r7933: darn, forgot to add this
      r7939: fix default hostname in provision
      r7940: use local path first for ldbadd in provisioning
      r7941: fixed handling of ASN.1 objects bigger than 64k
      r7977: split up 'make clean' a little more as it is overflowing the command line size limits
      r8002: favor addresses on our local interfaces in NBT name resolution if
      r8003: ensure that we don't try to send a trans request with more than 64k data or params
      r8004: added a maximum EAs size test from Kukks.
      r8005: escape '"' characters in ldap expressions. Makes scripting easier.
      r8006: I have seen w2k3 send multiple encoding syntaxes in rpc bind
      r8009: expanded the ldb test suite. It worried me that some changes I have
      r8010: added testing of wildcard attributes
      r8011: arrgh, commit the right version this time
      r8032: added loop detection into talloc. Robert Collins found a way to make a
      r8033: - add easier valgrind testing
      r8035: added indexing tests. current ldb fails the integer indexing, will be fixed shortly
      r8037: a fairly major update to the internals of ldb. Changes are:
      r8038: - fixed indexing on binary values that need base64 encoding and canonicalisation
      r8039: allow ldb test suite to be run outside of the ldb directory
      r8040: run ldb test suite as part of samba 'make test'
      r8041: remove a mis-spelled debug message :-)
      r8043: increase shell compatibility of ldb tests
      r8051: separate out the MAX EAs test, as it fills disk too much to be run regularly
      r8053: requests from mmc show that the auth info for a bind should be 4 byte aligned, not
      r8055: added canonicalName to our domainDns record
      r8056: make the realm lowercase in our ldb (better matches w2k3)
      r8057: use our defined push/pull types in the validate code (fixes a warning)
      r8058: added testing of delete on close for files and directories
      r8059: fixed handling of delete on close fir directories
      r8065: don't run the LOCAL-ICONV test in selftest. It does cross-checking of
      r8067: added a method for disabling the password prompt in programs that want
      r8068: reduced the verbosity of the EPM code
      r8069: the beginnings of code to allow rpc calls to be made from ejs
      r8070: a (as yet not working) example of how rpc calls might be made from js scripts
      r8071: reduce the size of the default ldb tests. We run on some pretty low powered machines
      r8073: a successful rpc call from ejs!
      r8074: demonstrate calling echo_AddOne() from ejs
      r8104: - added support for our client library to not negotiate nt status codes, controlled
      r8106: the use of a static string for dos error codes was causing problems in
      r8107: now that we properly separate DOS and NT status codes all the places
      r8111: fixed the client library to work against w2k3 with nt status codes
      r8113: this should fix the build on systems without heimdal
      r8114: fixed the build after tpots ejs commit ....
      r8115: added support for 2 more dos error codes found during testing
      r8116: demonstrate a little trick that can be used to track down where an
      r8117: fixed a bunch more dos error code handing.
      r8118: remove a debugging hack that should not have been in the last commit
      r8119: fixed two error code returns in the smb server now that we have
      r8120: added in the newly found DOS locking error codes into the pvfs backend
      r8121: yuck. w2k3 seems to choose ERRDOS:ERRbaduid or
      r8122: more fixes from testing dos error code handling against w2k3
      r8123: fixed the RAW-NOTIFY and RAW-QFSINFO tests against w2k3
      r8124: added a set of file sharing tests that pass against w2k3
      r8125: fixed an error code mapping based on the updated torture tests
      r8126: - moved to 16 byte alignment for talloc. This is in response to a bug
      r8127: fixed code in function error
      r8191: updated the ejs code generator in pidl to generate enough code for
      r8192: updated the glue code for the generated ejs functions from pidl
      r8193: fixed the echo.js example code to work with the new syntax for rpc
      r8194: delete the old hand-written ejs code for echo_AddOne. This is now
      r8195: - fixed handling of simple arrays. To keep the logic simple, I moved to making all push
      r8196: - added testing of the EchoData interface in the echo test script
      r8197: added testing of echo_SinkData() and echo_SourceData()
      r8198: - handled push/pull of simple strings in ejs
      r8199: - we don't need to pre-declare 'var status;' everywhere
      r8200: - added stub functions for union pull/push
      r8213: I've started to understand the LEVELS stuff in pidl much better now,
      r8214: added testing of echo_TestCall2(), which tests the union push code
      r8215: switched the pull side of the ejs generator over to the recursive LEVELS based approach.
      r8216: - handle union pull in ejs pidl generation
      r8217: added testing of echo_TestSleep() and echo_TestEnum() in echo js code
      r8218: added testing of echo_TestSurrounding() and
      r8220: added auto-generation of ENUM constants in ejs wrapper. So we can now use the enum name
      r8230: prevent authentication dying on a NULL domain
      r8233: - added support for more base types in pidl ejs
      r8234: started on testing samr calls from ejs. So far it only does samr_Connect()
      r8236: fixed support for arrays of structures
      r8237: expanded the samr.js test to do a samr_Connect(), samr_EnumDomains() and samr_Close()
      r8238: - fixed handling of NULL pointers from ejs
      r8239: - added testing of LookupDomain, OpenDomain and EnumDomainUsers
      r8240: support comparing pointers in ejs. This allows for
      r8241: - take advantage of pointer comparison
      r8242: support bitmap constants from ejs calls
      r8243: fixed indentation of generated ejs interface code
      r8244: need to be careful about local vs global variables in js
      r8247: remove the free of fullname in nbtname.c for now.
      r8251: fixed a couple of valgrind errors in the unix auth code. Simo, can you
      r8253: fixed two crash bugs in ejs. I will send these fixes off to the appweb guys soon.
      r8254: fixed a valgrind error in the unix auth code
      r8255: enable access to the ejs constants generated by pidl from the web server esp pages
      r8256: - allow rpc calls from non-command line ejs contexts by creating a set
      r8257: add a samr rpc test page in the web server. It lists all level3
      r8260: added an init based registration system for the generated ejs rpc code, so
      r8261: charset style strings in pidl should be const, just like old style ndr strings
      r8262: - simplify the dependency handling for ejs modules
      r8267: re-generated the yapp parser with correct paths
      r8268: added the 'needed' logic to ehs generation, so we don't generate
      r8269: added automatic testing of rpc calls from ejs in 'make test'
      r8271: make the ejs test scripts directly executable scripts using:
      r8272: added the hooks for adding a name to a messaging context, so we will
      r8273: fixed some memory leaks in smbscript. This required converting
      r8275: possibly a more portable way to export symbols in perl?
      r8276: fixed the remaining memory leaks in smbscript. We can now loop doing
      r8277: filled in the code for finding irpc server ids by name, storing the
      r8278: this should fix the heimdal h_errno warnings
      r8279: make sure we hold a lock when manipulating the irpc names db
      r8280: - added irpc_connect() for connecting to a irpc server by name
      r8281: pass the callnum and rpc interface table directly from the generated
      r8282: make the deletion of the smbd.tmp directory recursive. This cleans up the messaging
      r8283: make sure we build constant variables for both pull and push side of enums
      r8284: - fixed some uninitialised variables in the irpc code
      r8285: generate some real stats in the nbt server for the irpc client code to look at
      r8286: it makes more sense to combine the refresh count with the register count, as they
      r8287: yay! finally irpc calls from ejs are all working.
      r8289: fallback to the group 'other' for users
      r8295: turn off the delete on close test in the build farm until someone gets
      r8296: - split out the ejs auth functions into a separate file
      r8297: add libinclude() function in ejs, which is like include() but searches a js library
      r8298: - started building a library of js routines in scripting/libjs/
      r8299: make the samr swat test use the samr.js lib
      r8300: get the js include path right in selftest
      r8301: use ncalrpc: for ejs tests, to avoid name resolution timeouts as smbd is just starting up
      r8303: a workaround for forcing HEIMDAL_EXTERNAL to build.
      r8305: another attempt at getting heimdal building in the farm
      r8306: some more heimdal configure checks
      r8307: try to cope with flex and bison not being installed, in a similar fashion to yapp for pidl
      r8308: use the configured C compiler, instead of forcing gcc in external heimdal tool build
      r8309: more heimdal configure checks needed for FreeBSD
      r8310: replace the heimdal networking interface scanning code with glue code that uses the Samba
      r8311: krb5 uses ENOMEM for out of memory
      r8312: fixed some heimdal header checks from watching the build farm failures
      r8313: moved PRINTF_ATTRIBUTE to replace.h to try to get irix building with heimdal
      r8314: - added an 'installmisc' target for installing miscellaneous files.
      r8315: fixed the generation of the serial number in the dns zone file (bind9
      r8316: give full access to the popt command line parsing in ejs scripts, including
      r8317: convert the example scripts over to the new GetOptions() call
      r8318: added a bunch more ejs calls.
      r8319: the start of a provision script in ejs. This is why I've been adding
      r8320: make sure all our returned objects are full objects, which means they
      r8331: added split(), join() and FileLoad() functions to ejs.
      r8332: not done yet, but a lot closer
      r8333: merged with latest upstream ejs sources
      r8334: fixed a ejs bug that prevented functions variables from being called in local context
      r8335: removed some duplicated code
      r8336: enable 64 bit integer support in ejs
      r8337: - use 64 bit access functions in ejs calls
      r8338: - added a substitute_var() js library function for doing hash driven
      r8339: added ldbAdd(), ldbModify(), ldbDelete() and ldbRename() to ejs ldb functions
      r8340: - added sys_gmtime()
      r8341: enable floating point support in ejs
      r8342: allow ldb_ldif_read_string() to continue in the string, so you can
      r8343: removed a debugging message
      r8344: added a "setup directory" smb.conf parameter, pointing at the setup template files
      r8345: make the dn on the hklm ldif valid
      r8346: added a sprintf test suite for ejs
      r8347: replace the perl provision script with a ejs script
      r8348: switch selftest to use the new provision script
      r8349: as we don't use standard dirs, we need to create smb.conf before we run provision
      r8350: fixed the --root option to provision
      r8352: we need to override "setup directory" for the build farm hosts
      r8354: work around a js bug found by tpot
      r8355: - added a vsprintf() function
      r8364: fixed a valgrind bug spotted by simo
      r8365: fixed a problem on netbsd
      r8367: another configure test needed by netbsd for heimdal
      r8369: update the configure script I use
      r8372: - split out provisioning logic into a separate ejs library
      r8374: avoid running flex and bison unless needed
      r8397: merged an upstream fix for the expression bug tpot found yesterday
      r8399: move the ejs and esp code closer to the directory layout used by the
      r8400: separate out the mpr code, as it is in the upstream appweb sources
      r8401: add a readme pointing to the upstream sources
      r8404: small upstream merges of appweb code
      r8405: update var.c from upstream
      r8406: make sure we give an error in ldbAdd() if any record fails
      r8407: fixed a bug left over from our old socket code.
      r8408: its quite common in our code to free up a connection when we get an
      r8409: fixed another error found on netbsd.
      r8410: converted the newuser script to js
      r8411: we need to use mprVarToNumber() instead of var->integer now, to cope with
      r8412: cope with some lost messages in the ping test (netbsd gets this)
      r8413: mark exprbug() as fixed, and add a new bug
      r8415: get rid of the last 2 runtime perl scripts
      r8416: added the extra_cflags.txt system from smb-build
      r8417: fixed handling of PRINTF_ATTRIBUTE for heimdal portion of build
      r8418: PRINTF_ATTRIBUTE declaration has to come before it is used :-)
      r8419: in order to use our replace.h, heimdal needs stdarg.h
      r8420: slowly getting my way through some more heimdal portability fixes
      r8421: needed for build on solaris10
      r8422: needed on irix 6.4
      r8423: remove the dependency on the full roken lib for asn1_compile
      r8424: bring in some more of heimdals m4 macros, and remove the hard-coding of several test
      r8425: add err() and errx() functions needed by for compile_et on some systems
      r8439: removed an accidential commit
      r8440: - several build farm hosts were failing 'make clean' as the list of
      r8441: don't build tdbtest by default as there are too many systems that
      r8442: remove tdbtest from our build. If you want it, then do
      r8443: added talloc.3 to the tree to try to allow talloc to build on systems without xsltproc
      r8445: if a system doesn't have "nogroup" then try "nobody"
      r8446: if provisioning fails then don't try to run the test suite!
      r8447: fixed make install in the farm
      r8448: - added a test target for tdb
      r8449: - search for lex and yacc properly
      r8450: more configure tests for solaris. It now builds some binaries, but
      r8451: samba4 finally builds on solaris 8 sparc with heimdal and ejs
      r8452: allow for the ugly hack:
      r8453: my solaris10 box doesn't have math.h
      r8456: avoid double inclusion of roken.h (this was breaking the build on irix 6.4)
      r8458: next target is irix - this gets the socket wrapper code building
      r8459: move to the more portable script execution method
      r8460: removed the unused function krb5_locate_kdc(). It causes a build failure on irix.
      r8461: fixed integer64 handling on bit endian platforms. The ejs code used
      r8462: added a test for %lld support to our snprintf() configure test.
      r8463: more irix fixes. This one adds some missing addrinfo functions
      r8464: the last few functions needed by irix 6.4.
      r8465: once we define socklen_t, then tell other include files we have it. This prevents roken
      r8466: it is not portable to assert() a va_list (it breaks on alpha for example)
      r8467: using both math.h and float.h breaks popt on freebsd 5.4
      r8469: the extra pidl args need to be normal args, not after a --, otherwise pidl tries to compile
      r8470: looks like popt portability is going to be a bit of a fight :(
      r8471: --ejs taking an optional arguments interferes with the pidl extra args
      r8480: fixed a typo
      r8481: switched ldb ejs called over to an OO interface, so you do:
      r8482: gnutls_x509_crt_set_subject_key_id is not available in some versions
      r8483: switched our generated ejs rpc code over to the new OO interface. This
      r8484: switched the sys_*() calls to the OO interface
      r8485: - be friendly to shells other than bash
      r8486: switched to a separate connection operation in ldb interface
      r8487: kfixed a typo
      r8488: after discussions with simo, moved to a full OO interface, so you don't need to keep
      r8489: neaten up the object handling
      r8490: make the ldb tests more portable
      r8491: lower the offset limit that filesystems need to support to pass RAW-WRITE to 2^33
      r8494: fixed a bug in RAW-SFILEINFO that caused inconsistent results on different platforms
      r8495: allow for up 10% change in allocated disk space during QFSINFO tests
      r8496: speed up the test_echo.sh test a lot, while still providing good coverage
      r8497: prevent a fd leak in RAW-SEARCH test
      r8498: more test suite speedups. It's down to 5 minutes on my box now
      r8500: greatly reduce the number of build warnings on x86-64 (every NDR macro
      r8517: fixed a crash bug in ldb_dn_compare_base()
      r8518: ensure all constructed NDR packets are null terminated. This is needed
      r8519: better method of ensuring null termination
      r8520: fixed a pile of warnings from the build farm gcc -Wall output on
      r8522: fixed another couple of size_t warnings
      r8523: match a zero message id in ldap replies to the last request sent. Thanks to simo
      r8525: added two more test targets:
      r8527: found an uninitialised variable in 'make valgrindtest'
      r8532: this miight fix cross compilation for reactos
      r8533: improve --help output
      r8535: no longer rely on seekdir working after a closedir. Instead, keep
      r8536: - use smbd pid file to kill at end of selftest
      r8537: cope better with the small file handle limit on some systems in the build farm
      r8539: $LOGNAME is a common varient of $USER on some systems
      r8540: fixed network interface detection on several hosts
      r8541: this might take a few tries ...
      r8557: expose ldb_errstring() in ldb ejs code
      r8558: move newuser logic into the provision.js lib
      r8560: added a newuser page in swat
      r8561: as with the other ejs subsystems, make nss into a object
      r8562: small merge with upstream
      r8565: put the docs menu on the right
      r8567: fixed the build after the com idl changes
      r8568: change missing templates to warnings, so that provisioning with an existing db
      r8569: delete is a js reserved word, so use del instead
      r8570: delete all records in the old db when provisioning, rather than using
      r8574: added server side irpc calls for listing the current sessions
      r8575: the beginnings of a smbstatus command
      r8576: install scripts from scripting/bin/
      r8577: added management calls to list current tree connects
      r8579: recognise the name 'localhost' as This solves a problem
      r8580: try to fix the build on stratus
      r8581: fixed handling of 64 bit integers in rpc calls from ejs
      r8582: added sys.httptime() call, to display a NTTIME as a http time string
      r8583: nicer smbstatus output
      r8584: added --nbt option to smbstatus for nbt server statistics
      r8586: register the kdc with irpc so we can tell that it is up
      r8587: - fixed ref allocation in irpc replies
      r8588: register wins server with irpc
      r8589: - support --version option to smbstatus
      r8590: added server status utility functions for checking on the status of a task via irpc
      r8591: - added a simple 2 level menu structure to swat. Deryck, I know this
      r8593: register the rpc server with irpc
      r8594: more placeholder pages for server status
      r8598: move provisioning to /install/ directory from /esptest/
      r8599: null terminate the argv list in string C functions
      r8600: fixed null termination on some error messages in ldb
      r8601: fixed null termination in ltdb connect error
      r8602: allow options in ldb connect calls
      r8603: we have to use the same db name as the rest of smbd uses so the ldb connect
      r8624: removed valgrind comment on tdb that no longer applies
      r8625: move the ldb_wrap logic into the ldb code. This logic is meant to
      r8626: fixed a typo
      r8627: fixed a big memory leak in the spnego gensec code in session
      r8628: add retries to the normal paths of nbt name resolution. UDP broadcasts are not 100% reliable :)
      r8629: - moved the getDomainList() call out of smbcalls_auth.c and into libjs/auth.js
      r8630: give a much nicer backtrace on assert() failures in ejs
      r8631: give an error on incorrect argument count
      r8632: use <pre> around displayed exceptions
      r8633: check for valid input to ejs_userAuth()
      r8634: we are still getting occasional test failures due to disk space
      r8635: make object inheritance with the builtin objects easy by allowing
      r8636: fixed the ejs ldb test to work with the new ldb.search() syntax, and
      r8637: added sys.stat() and sys.lstat() calls
      r8638: continue the trend of maknig our C functions true ejs objects by making the string functions
      r8639: moved loadparm calls into an ejs object
      r8640: continue the trend by moving the ejs random calls into an object
      r8642: - fixed install of new swat files
      r8643: - make lp_configfile() work again
      r8645: updated the ldb esp test for the new ldb ejs syntax
      r8646: update install howto for new provision code
      r8648: automatically redirect to provisioning if not yet provisioned when the
      r8649: added smbscript to the list of binaries to install
      r8651: fixed a boolean expression bug (submitted upstream)
      r8652: added a test for the boolean bug just fixed
      r8658: move use of lp_security() and lp_nt_status_support() into the connection structure.
      r8659: return ldif formatted attributes in the ejs ldb search call, so sids show up as strings
      r8661: added strstr() ejs function in string lib
      r8665: fixed a segv at high debug level in the web server
      r8668: fixed a segv during upgrade of a very old ldb.
      r8671: use much shorter names for the selftest directory and socket wrapper
      r8676: attribute lists in ldb searches must be NULL terminated
      r8678: setup for gdb backtrace in 'make test'
      r8679: only call fault setup once (thanks to andrew for pointing this out)
      r8680: try harder to find the binary for gdb in the backtrace
      r8681: if SOCKET_WRAPPER_DIR starts with ./ then strip it internally. This saves us 2 more chars
      r8684: this should fix the panic on x86_64, and possibly alpha
      r8685: an alpha in the build farm is dying with a floating point
      r8696: fixed ejs to more strictly follow the va_list rules. Might fix that
      r8698: attempt to cope with lack of strtoull() on HPUX
      r8702: fixed ntlm_auth build. Andrew, can you check I got this right?
      r8703: cope with null string in interpret_addr()
      r8707: this typedef isn't used, and breaks the build on HPUX, so I've removed it
      r8708: fixed an assert that abartlet found
      r8709: fixed the assumption in RAW-SEARCH that directories are returned in sorted order
      r8710: another attempt at fixing HPUX
      r8711: add m4 for finding return type for signal handlers
      r8712: cleanup old search test code to use talloc
      r8715: - revert the %PRIi64 stuff. Tim, we explicitly check for %llu support
      r8718: try to improve the 2 level menu a bit.
      r8720: split form object out to separate include file, and make it a real
      r8722: make the menu handling considerably saner and easier to follow. The whole
      r8723: fix esptest menu
      r8724: some boilerplate installation text
      r8725: redirect to the base install page not the provisioning page on first
      r8726: increase default session timeout to 15 minutes to be less painful for developers
      r8729: make the RAW-SEARCH test more robust to servers with hash based directory ordering
      r8734: fixed the wins server for the new ldb DN restrictions.
      r8735: added NBT and WINS testing to 'make test' so we will know if it breaks again
      r8736: this fixes the ldb speed (raises BENCH-WINS from 15 ops/sec to over 4000)
      r8742: fixed handling of zero length names in mprObject()
      r8743: automatically find the basedn in ldap.js
      r8745: make ldap.js cleanup after itself
      r8746: replace opendir/readdir/telldir/seekdir/closedir on systems where they
      r8747: remove unused code
      r8748: fixed build. Andrew, please check.
      r8749: for completeness, add rewinddir() and dirfd()
      r8750: drat, on some systems dirfd() is a macro
      r8753: fixed directory handling on systems that do not return . and .. as the
      r8773: fixed another dependency on directory ordering in RAW-SEARCH
      r8774: make some gensec errors a bit less verbose
      r8776: fixed SMB connections for IP addresses, even when name resolve order
      r8777: make sure that the tree connect is a child of the return cli state structure.
      r8778: index on nCName in sam.ldb. This was costing us about 75% of the time in each smb login
      r8780: make numops controllable in BASE-DISCONNECT
      r8781: - fixed a memory leak in BASE-SECLEAK (ironic, isn't it). There is
      r8817: - fixed return result from LOCAL-MESSAGING test
      r8818: - fix LOCAL-IRPC test for new ref-alloc semantics of irpc
      r8819: fixed a memory leak in irpc_call()
      r8821: continue the trend to move to a more OO style of interface for our js
      r8822: fixed number of arguments in samr lib
      r8852: fixed the build
      r8853: fixed path to smb.conf
      r8857: please don't get fancy with embedded boolean statements in js
      r8858: just to make sure it works on the main trees, deliberately break the samba4 build
      r8859: having been successfully mailbombed by build at samba.org, fix the build again
      r8879: more expansion of the irpc test to try to uncover the ia64 mystery
      r8882: - enable the domain master
      r8884: valgrind error logs only matter if non-zero in size
      r8885: fixed shell syntax
      r8887: fixed the irpc error that caused ia64 to fail the LOCAL-IRPC test
      r8893: fixed the valgrind error on stream termination due to prototol errors
      r8895: work around broken glibc strrchr function that gives valgrind errors on some boxes
      r8905: don't try to do DNS lookups on interface names with wildcards
      r8923: put the IRPC default timeout back to 10s (I didn't mean to commit this, it was
      r9002: a workaround for the current build problems. I hope this will allow
      r9003: add testing for non-empty directory delete on close
      r9006: expanded RAW-UNLINK test to test directory delete on close with non-empty directory,
      r9007: fixed error code for setting delete on close on a non-empty directory
      r9008: check the return status for the directory handle creations
      r9009: directory not empty is not an error on failure to delete directory in delete on close
      r9010: forgot to commit the change to create_directory_handle()
      r9042: fixed the valgrind error in the RAW-SFILEINFO test
      r9043: fixed return code in RAW-STREAMS test
      r9044: added a comment so you can see what this test does :-)
      r9045: be friendly towards servers that don't understand the 'share' form for tconx, instead of the \\server\share
      r9046: fixed display of privileges in RAW-ACLS test
      r9047: show the order of the server/correct output to make it easier to demo this test ;)
      r9048: added a new DOS error code (thanks to EMC)
      r9054: removed incorrect paranoia check on opening streams (this caused RAW-STREAMS to fail)
      r9059: add a basic credentials object for mimir
      r9074: cope with a null ntvfs context in disconnect, so the destructor that
      r9082: added the ECMA functions encodeURIComponent() and
      r9119: added a lp.categories() call in the loadparm js object, to allow
      r9120: added the BASE-DISCONNECT test to our set of standard tests
      r9121: use the older non-passthru level for setting delete on close
      r9122: cope with trailing garbage in POST contents in the web server
      r9131: started adding the server side code for "AJAJ" (asynchronous javascript and javascript)
      r9132: 'pointer' is better for typedef than 'C pointer'
      r9133: a huge import of the qooxdoo infrastructure. I decided to import all the widgets to make experimenting easy during development. We can trim this back later to only the pieces we use
      r9134: added the client side js library code for handling remote 'AJAJ' calls
      r9135: added a sample page that demonstrates using AJAJ to make remote calls
      r9136: made the 'AJAJ' code portable to IE and Opera
      r9137: fixed installswat to handle the deep directory structure of qooxdoo
      r9139: cleanup the layout a bit
      r9140: fixed a typo
      r9146: - enable winreg pipe from ejs
      r9153: added a sample program for enumerating winreg via js
      r9159: abstract the winreg js functions into a nice library interface
      r9160: use the winreg lib in the test program
      r9171: - support putting a credentials object in a rpc pipe object to allow authentication
      r9172: - fixed a nasty bug in the 'deep copy' mpr code that caused variables
      r9173: catch ep->local being NULL
      r9174: ejs does not include the special variable 'length' in for loops over objects,
      r9175: simplify the example code a bit
      r9176: added a much neater method of calling printf on the server from client side js. Just
      r9177: setup a credentials object in authinfo on login
      r9178: remove the old server printf code
      r9179: cope with simultaneous web requests using the same session variable
      r9183: more workarounds for the global variables in ejs. I will discuss getting rid of these
      r9209: - fixed the ldb registry backend to work with the new provision ldif
      r9210: fixed support for a credentials element in a rpc object in ejs to not
      r9211: don't try to encode functions in the AJAJ object encoder
      r9212: the beginnings of a registry editor in SWAT, using client side javascript and AJAJ
      r9213: some improvements to the registry editor code
      r9218: make the winreg library code handle arbitrary paths more efficiently
      r9219: by default be a DC, as the provisioning scripts assume that in other parts
      r9226: make sure we catch rpc faults in the ejs rpc wrappers
      r9227: cleanup and simplify the AJAJ code
      r9228: cleanup and simplify the AJAJ code - part 2
      r9298: pull non-array elements before array elements to overcome the problem
      r9299: fixed the evaluation of pointer expressions that evaluate to boolean
      r9300: cope with zero length in ndr_pull_charset()
      r9319: updated newuser script for new OO style for nss object
      r9335: only copy the in side of an array to the out side of an array when the
      r9337: defer the checking of array sizes until the end of the
      r9338: fixed the winreg IDL to be correct for the EnumKey and EnumValue
      r9339: treat arrays of uint8 values as a special DATA_BLOB type in the ejs
      r9340: print the [in] contents when debugging even if the marshalling
      r9341: updated the winreg test program to take advantage of the new EnumValue
      r9342: removed extra libinclude of base.js
      r9344: started adding calls for manipulation of data blobs in ejs
      r9345: used the data blob functions in the echo.js test code
      r9346: allow test_ldap.sh to be called when $CONFFILE is not set
      r9347: this array bounds checking is harder than it looks ...
      r9355: return the EnumKey and EnumValue list we have so far when we get a rpc fault
      r9356: a better way of coping with NULL arrays in the array bounds checking. This copes with the
      r9358: - opening a winreg key of "" is the same as re-opening the hive. The
      r9359: don't check for size overflow if value is NULL
      r9360: fixed the IDL for winreg_SetValue()
      r9369: an attempt to fix the build on HPUX. This is based on work by Don
      r9370: need a configure test for setresuid()
      r9374: HPUX is also missing setegid()
      r9377: made winreg a user tool (I find it quite useful). I expect it to get the ability
      r9378: initialise the last_mod attribute in the ldb backend. Better to return
      r9379: the valgrind test box is now just going past the max 30 minute smbd
      r9383: remove unused file
      r9384: added a debug to show the dcerpc fault code for any calls we fault
      r9386: OpenKey with a bad name must return WERR_BADFILE (w2k3 regedit relies on this)
      r9387: regedit uses "New Key #nn" for newly created keys, which conflicts with the stricter
      r9388: we should fault bad handles given to winreg_GetVersion()
      r9389: handle errors reading from files in web server
      r9390: fixed mixing of code and data
      r9409: fix a problem that volker noticed with web page timeouts causing smbd
      r9410: - a winreg_CloseKey() should return a zero key on success (zeroing the
      r9434: moved the registry editor into a common js library. Deryck, does this
      r9464: fixed a problem with child pointers copied into non-allocated mpr variables. We
      r9465: handle encoding and decoding of pointers, representing them as a
      r9466: add display of values as well as keys in the registry editor
      r9470: non-working attempt to add a little table for values to the reg editor
      r9491: fixed up a few scripts that need to be updated for the new GetOptions syntax. Mimir, its
      r9492: it is more usual to return 'undefined' instead of 'false' on a call failing (unless the
      r9493: our test scripts need to use testok at the end or the errors don't annumulate between scripts
      r9495: - added an enum for winreg key types, making it easier to read the debug logs
      r9496: added a regToVar() function that converts a registry blob variable to a ejs variable.
      r9497: - converted the winreg library to a more OO style of interface
      r9498: converted the SWAT regedit backend code to use the OO calls
      r9499: added error checking to the userAuth() call. SWAT is still failing, but at least it now
      r9500: userAuth() takes a creds object, not a general object now ...
      r9501: fixed the SWAT login page for the changes to the userAuth() function that Mimir made
      r9503: removed duplicate REG_* defines from registry.h now that they are
      r9504: use some low level ejs hackery to give much better exception error messages in both
      r9566: fix an uninitialised variable
      r9567: fixed the winreg IDL for CreateKey, including a security
      r9568: updated the winreg js library for CreateKey, and add a --createkey
      r9569: fixed an uninitialised variable
      r9573: fixed a comment
      r9574: - made the sec_info fields in lsa and samr use a IDL bitmap
      r9575: more automatic cleanup code in winreg test
      r9578: fixed an endless loop and memory leak in the QueryMultipleValues test
      r9580: put the libinclude() after the GetOptions so the smb.conf is loaded to
      r9599: fix formatting of echo output
      r9600: fixed the intermittent failures we were getting with ejs in the build
      r9603: allow the LOCAL-PAC test to use keys and pac data from the command line
      r9608: don't validate the hard-coded sid for an external pac file
      r9610: use a list of allowable extensions for unauthenticated access rather than
      r9643: fixed samsync code for the new dn explode semantics
      r9644: add LOCAL-PAC to the list of 'make test' tests
      r9645: fixed the ejs GetOptions() call to look at the first option passed (this is what broke --help)
      r9646: fixed error message
      r9647: saved_pac is binary data, so prevent any possible portability problems with signed chars
      r9648: this fixes the krb5 based login with the pac. The key to this whole saga was
      r9649: missed a spot .....
      r9671: patch from Kai Blin fixing a bug in our base64 encoder
      r9674:  r9678 at blu:  tridge | 2005-08-27 16:32:30 +1000
      r9702:  r9680 at blu:  tridge | 2005-08-27 18:45:08 +1000
      r9703:  r9683 at blu:  tridge | 2005-08-27 18:56:05 +1000
      r9704:  r9684 at blu:  tridge | 2005-08-27 19:38:31 +1000
      r9705:  r9685 at blu:  tridge | 2005-08-27 19:43:44 +1000
      r9706:  r11042 at blu:  tridge | 2005-08-28 12:40:09 +1000
      r9707:  r11080 at blu:  tridge | 2005-08-28 12:41:12 +1000
      r9769:  r11592 at blu:  tridge | 2005-08-30 10:40:19 +1000
      r9773:  r11599 at blu:  tridge | 2005-08-30 11:55:57 +1000
      r9774:  r11605 at blu:  tridge | 2005-08-30 12:02:19 +1000
      r9775:  r11607 at blu:  tridge | 2005-08-30 12:16:19 +1000
      r9776:  r11609 at blu:  tridge | 2005-08-30 12:20:11 +1000
      r9791:  r11611 at blu:  tridge | 2005-08-30 21:48:22 +1000
      r9794:  r11627 at blu:  tridge | 2005-08-30 22:55:27 +1000
      r10192:  r11631 at blu:  tridge | 2005-08-30 23:06:37 +1000
      r10193:  r11632 at blu:  tridge | 2005-08-30 23:08:27 +1000
      r10199: added a LOCAL-RESOLVE torture test, useful for measuring the overhead of
      r10200: added a composite_trigger_done() call that allows a composite function
      r10213: fixed a memory leak in the ldap client and server code spotted by Karl
      r10216: Chris Samuel pointed out that we should note the need to run provision
      r10252: a recent checkin from simo changed the handling of BASE and SUBTREE
      r10253: a fairly large tdb cleanup and re-organise. Nearly all of this change
      r10368: when building the epm tower, don't put host names in the ip address
      r10370: only validate the re-generated binding string for hostnames with IPs
      r10384: add _GNU_SOURCE in tdb configure
      r10385: removed obsolete comment
      r10403: fixed the basedn for testing, and add a debug showing the size of the test in ldbtest
      r10404: make sure we use the right smb.conf in the ldap testing
      r10405: added transactions into tdb, and hook them into ldb. See my
      r10406: added --nosync option to all ldb tools, so that you can control if
      r10407: the schannel database does not need to be synchronous (and thus crash
      r10408: now that we are using tdb transactions we don't need any additional
      r10409: allow smb.conf override of ldb synchronous transactions with "ldb:nosync = yes/no"
      r10410: blindly update the scons file for tdb. I'm not sure how this works,
      r10411: we don't need the 10 times retry on rid allocation now, as
      r10421: following on discussions with simo, I have worked out a way of
      r10422: ldb_search() can now use tdb_traverse_read() to ensure it can run in
      r10423: minor changes to the ldb test suite to allow it to work correctly with
      r10424: for caller convenience, automatically turn a tdb_traverse() into a
      r10459: fixed some portability problems
      r10460: fixed portability of transaction code to systems with integer
      r10461: fixed tdb build on systems without stdint.h
      r10462: cope better with compilers that don't put the object file in the same directory
      r10463: consider it an error if tdbtorture produces any log messages
      r10465: separate out a read_only db from a read-only traversal to ensure we
      r10466: work around missing pread/pwrite declaration on openbsd
      r10467: aix doesn't like zero length malloc :(
      r10468: - terminate tdbtorture quickly when an error is detected
      r10469: use the older style of structure initialisation for tdb to make it
      r10470: solaris8 has a problem with tdbtorture with 3 processes. To see if
      r10471: stratos doesn't have getpagesize(), so guess 8k on systems that don't
      r10475: make sure we report failures in tdbtorture (ie. get the exit status right)
      r10483: fixed some uninitialised variables warnings
      r10484: try to fix the pread/pwrite declaration problems
      r10485: run autoheader before autoconf
      r10489: added the ability for irpc server to defer replies instead of replying
      r10490: - allow deferred irpc replies to set the status
      r10492: work around a bug in solaris which cases lock upgrades to fail with
      r10493: we need sys/select.h to enable select() in the solaris workaround
      r10494: - don't generate a tdb log message for any type of failed lock probe
      r10495: older redhat boxes need sys/time.h for select()
      r10496: - added configure test for sys/time.h
      r10522: finally got the locking working on solaris10. This adds a read lock on
      r10523: fixed timegm() to not depend on get_time_zone(), so it works in lib/replace/
      r10524: SAFE_FREE() in tdb does not need the discard_const_p()
      r10525: change from AC_CHECK_TYPES() to AC_CHECK_TYPE() for intptr_t, so the
      r10526: BASEDIR must be set or we end up installing most of the binaries into lib/
      r10527: don't attempt self gdb attach if running under valgrind. This was
      r10535: fixed the pidfile code (it didn't survive the recent pstring changes)
      r10603: neaten up the ldb module initialisation code
      r10641: fixed the error handling on search errors in the ildap backend
      r10643: increase smbd max runtime when using valgrind
      r10665: fixed some crash errors and an error encoding AND and OR operations in the expression parsing code
      r10666: - reverse the ildap ldb backend so tree based searches go through
      r10667: cope with a NULL tree for base searches in ldb_search()
      r10668: added a ildap_search_bytree() function
      r10669: reverted jelmers commit 10663 as it was causing lots of panics in 'make test'
      r10682: force the free of the fd event first when a stream terminates. That ensures
      r10699: fixed the dcerpc code so that you can shutdown the pipe safely from
      r10700: removed volkers temporary timer hack now that freeing the netlogon
      r10704: don't try to free the netlogon pipe twice
      r10705: fixed a crash bug in the getdcname irpc server for winbind. The
      r10706: split out the irpc server functions in the NBT server, so the mainline
      r10708: a bit more error checking in the idap ldb backend
      r10709: fixed a crash bug rather similar to the one volker found in the dcerpc
      r10726: fix to talloc_parent() from Michael O'Brien
      r10752: make sure we set the exist status correctly for the tdb tests
      r10753: don't require every ldb module to implement both a search_bytree() and
      r10754: fixed a valgrind error for unmatched SMB replies
      r10755: fixed the construction of expressions from subtrees for SUBSTRING searches
      r10756: another fix for the construction of expressions from subtrees for
      r10757: remove the proxy module (it is not complete yet)
      r10759: make modules easier to write by allowing modules to only implement the
      r10790: allow updating of existing ldb opaque values (thanks to abartlet for
      r10856: we need aclocal.m4 in ldb for standalone configure
      r10889: make searches for dn's less of a special case, and much faster when
      r10891: I noticed that the secrets.db was not being backed up on my system due
      r10892: - improved the handling of the special distinguishedName attribute
      r10893: add configure test for utime (needed for the previous utime patch)
      r10894: make the handling of dn/distinguishedName much closer to real
      r10895: allow 'dn=string' searches to work again. Windows doesn't allow these,
      r10896: added a strcasestr() replacement function
      r10897: added in a hackish ldb proxy module that I am using to experiment with
      r10912: added a test for supporting batch oplock upgrades
      r10913: This patch isn't as big as it looks ...
      r10914: moved the ldap time string functions into ldb so they can be used by
      r10915: added a standard attribute handler for a ldap UTC time string
      r10916: - finished the 'operational' ldb module
      r10917: copy the element name in a ldb_msg_rename_attr() and ldb_msg_copy_attr() to ensure
      r10918: - fixed standalone ldb build
      r10919: fixed the ldb test for the new operational module
      r10920: in case of a accept() failure just failing and trying again is no
      r10954: added support for canonicalName in the operational module, using the
      r10955: finally worked out why our computer accounts were being identified as users in mmc.
      r10957: make a comment clearer
      r10990: the beginnings of a program designed to work out the minimal schema
      r11109: fixed the error code return from most ldb functions (the change to use
      r11110: make ldb_oom() also set the ldb error string
      r11111: fixed a talloc error in the dn shortcut code
      r11112: listen on the global catalog ldap server port as well if we are a
      r11113: fixed two small bugs in newuser
      r11114: - fixed error handling on bad bind in ildap client
      r11285: fixed winreg.js for the recent change to winreg.idl
      r11353: a bit of an improvement to the ldb_tdb error handling
      r11354: - generate a ejs error on bad ldif to add/modify
      r11363: fixed a problem with provisioning when hklm already exists (the
      r11364: added a ldb_attr_dn() function for testing if an attribute name is
      r11365: fixed a comment typo
      r11403: improved the error handling in the ildap ldb backend. Now passes
      r11408: fixed the mapping of ldb errors to ldap errors in the ldap server
      r11436: this is work in progress for generating the schema we need for our ADS
      r11447: fixed a problem with the ldap server spinning using CPU time
      r11456: fixed a ejs parser bug for delete() statements
      r11457: fixed the winreg IDL and torture code so key and value enumerations
      r11458: fixed our ejs smbscript interfaces to use arrays where appropriate. In
      r11459: display a schemaIDGUID as a guid in ldif, making it easier to work
      r11463: more progress on the schema generator. mmc now accepts all parts
      r11467: yay! mmc now accepts our schema. The trick was to get all the OID
      r11472: use talloc_get_type() to try to catch an intermittent failure I'm seeing in the ldb winreg backend
      r11474: - enable ldb transactions from ejs
      r11475: removed a extraneous ldb_delete() call (i had it there for debugging)
      r11476: finally fixed the intermittent registry server bug! This has been
      r11496: add a minimal ads-compatible schema into our sam.ldb setup. This is
      r11498: added an optional extra argument to split to limit the number of
      r11499: added a minimal set of display specifiers for mmc to use to display
      r11500: fixed a bug in the variable substition code using the new limit argument to split()
      r11501: change provision code to use the new display specifiers
      r11592: fixed a crash bug from the ldb_result changes (res was being used after being freed)
      r11593: added a data_blob_realloc() function
      r11594: ensure ldb_search() sets *res to NULL on failure (some of the updated
      r11595: added a helper layer to parse streams into individual packets. This is
      r11596: switched the libcli/raw/ code over to using the lib/stream/ generic
      r11598: fixed strhaslower() and strhasupper() to not falsely recognise
      r11602: added packet_set_serialise() to allow the generic packet layer to
      r11603: converted the smb server to use the new generic packet code
      r11604: converted the kdc code to use the new packet lib. Andrew, I'm not sure
      r11605: added handling of the send queue to the generic packet handling code
      r11606: use the generic packet send code in libcli/raw/
      r11607: switched the smb server to use the generic packet send code
      r11608: switched the kdc to use the generic packet send code
      r11609: fixed handling of one way requests with new send code
      r11618: added a generic '32 bit length prefix' full packet helper to the packet code
      r11619: use the 32 bit length helper in the kdc.
      r11620: switch the ldap client code over to using the generic packet code
      r11621: some minor fixes from comments by metze
      r11622: convert the ldap server to the generic packet code
      r11623: convert the dcerpc socket layer to the generic packet code
      r11627: give the caller much more control over the stream to packet process,
      r11628: fixed a valgrind error in the rpc echo test
      r11629: fixed a bug found with the socket:testnonblock code. With randomised
      r11630: another fix for over-reading in the packet code. This time get the
      r11631: fixed a signed/unsigned warning
      r11632: removed 2 unused functions
      r11636: a bit neater solution to the nt_cancel problem
      r11638: fixed handling of null volume name in RAW-QFSINFO test
      r11639: fixed some create_time tests that should be change_time tests
      r11659: allow the max runtime for smbtorture and smbd to be controlled on a
      r11660: - the libcli/raw/ lib no longer uses the SMBCLI_REQUEST_SEND state, or
      r11662: the beginnings of a SMB2 client library. Very hackish, meant for experimentation
      r11663: start of a SMB2 torture test. Just does a negprot and prints some fields for now.
      r11664: forgot to commit the structs.h change
      r11665: started to put some meat on the structure used for the SMB2 library
      r11666: filled in the basic session setup. Vista happily accepts the first
      r11668: yay! we get a successful session setup with SMB2, and get back a 64bit uid
      r11674: SMB2 tree connect now works. We do 2 session setups and 2 tree
      r11679: opening/creating files in SMB2 now works. Lots of unknown parameters
      r11680: added smb2_close(). This also demonstrates that file handles are 16
      r11681: filled in a few more smb2_create() fields
      r11682: filled in access_mask in tcon reply
      r11683: fixed create call
      r11687: filled in 3 more fields in the close reply
      r11691: added reply buffer code checks and oplock flags for create request/reply
      r11692: added a full composite (async) spnego session setup for SMB2. This
      r11693: added a full async composite function for SMB2 that does:
      r11694: fixed 2 valgrind errors
      r11695: added SMB2-SCAN torture test for scanning for active SMB2 opcodes
      r11696: added a few more opcode names
      r11697: - added a generic SMB2 getinfo call
      r11698: added some more level names
      r11699: use create_complex_file() to setup a file with a wide range of
      r11700: added structure definitions for many of the getinfo structures
      r11710: added function iface_same_net()
      r11711: fixed the nbt server to use the right interface for outgoing requests
      r11712: avoid changing the fde flags unless really needed
      r11713: separate out the setting of the fde in the packet context from the
      r11714: put in a workaround for a winbind problem volker asked me about. The
      r11715: added SMB2 read and write requests
      r11716: added a read/write test
      r11730: added parsing and tests for a bunch more SMB2 getinfo levels
      r11731: fixed typo noticed by metze
      r11735: fixed the ALL_EAS smb2 level parsing
      r11736: display EAs and streams in smb2 torture tests
      r11737: use _smb_setlen2() to allow for 24 bit lengths in SMB2 packets
      r11738: test larger read/write calls. If you run smbtorture with -X (to enable
      r11751: fixed the req->out.size calculation (it needs to be the complete
      r11752: setup the dynamic pointer for incoming packets too
      r11753: change the getinfo scanner to scan with both a file and a directory, and to use files
      r11754: make the SMB2 blob push routines take offsets, so they fit better with
      r11755: added names for all of the SMB2 qfs info levels (they all map exactly
      r11756: split out the parsers for the pass-through levels of QFSINFO and
      r11758: unified the parse code for the SMB and SMB2 qfsinfo and qfileinfo calls
      r11771: - split out the setinfo blob construction in the libcli/raw code
      r11772: - setfileinfo needs a smb2_handle for SMB2 support
      r11773: added a SMB2-SETINFO test suite. This tests the following levels:
      r11775: added support for creating files on SMB2 with initial EA lists and an ACL
      r11776: no need to call out to SMB to setup test files for SMB2 any more
      r11777: display the security_descriptor in torture_smb2_all_info()
      r11780: it turns out that the MxAc tag isn't a security descriptor, its a
      r11791: simplify the SMB2 connect code following some suggestions from volker
      r11794: - fixed a valgrind error in libnet, caused by using a stack variable
      r11795: used a couple more of volkers composite helper functions. They
      r11800: - filled in unknown fields in SMB2 all_info level
      r11801: - added basic SMB2 find support
      r11816: this fixes some of the problems with the recent async rpc changes and
      r11817: fixed the problem with the RPC join tests. The problem was that
      r11818: - changed the option torture:echo_TestSleep=yes/no to the more generic
      r11819: simplified the async rpc bind code a little.
      r11820: fixed some problems with the socket socket.c code.
      r11821: got rid of two more unnecessary variables and made the variable names
      r11822: reworked the socket_connect_multi() code so it is built on top of
      r11823: make the socket_connect_send() context a child of the local state
      r11824: fixed a valgrind error in the dcerpc_smb code
      r11838: lower the default numops in smbtorture. When people want lots of
      r11843: fixed a valgrind error in the RPC-SAMLOGON test
      r11848: separate out the info levels common to SMB and SMB2 for raw_search
      r11849: added mapping between SMB2 and SMB find/search levels
      r11850: added a test suite for the SMB2 find calls
      r11870: fixed the problem volker reported with the RPX-XPLOGIN test. The
      r11871: fixed a problem volker found with the async bind code, and a callback
      r11872: another attempt at fixing the data_blob_free in async dcerpc bind,
      r11888: - added SMB2 trans support
      r11889: added support for dcerpc ncacn_np over SMB2. You use it by giving the
      r11890: added tests for the last few fields in SMB2 find requests
      r11891: - added pipe_flags field in smb2_trans
      r11892: forgot to commit these changes
      r11893: fixed a dependency problem
      r11894: fixed SMB2 trans code for pipe_flags
      r11901: added smb2_logoff() support (metze correctly guessed opcode 2 was
      r11902: added smb2_logoff() testing
      r11903: added smb2_tdis() (opcode 4)
      r11904: added smb2_tdis() testing
      r11905: added SMB2_FLUSH as opcode 7. Thanks to metze and volker for help
      r11906: opcode 13 appears to be keepalive. Metze guessed this one :-)
      r11907: added testing of SMB2 keepalive
      r11949: make sure we ask gensec to give us a session key
      r11952: added a rootdse module. This will replace the existing rootdse code in
      r11953: enabled the rootdse module in the ldb modules code
      r11954: add the static rootdse content to the sam ldb,and enable the rootdse
      r11955: got rid of the old rootDSE code in the ldap server.
      r11956: removed the old rootdse.ldif, and the provision.js code that uses it
      r11957: fixed up code meant for debugging
      r11958: - fixed memory leaks in the ldb_result handling in ldb operations
      r11969: got rid of the very annoying 'failed to open /secrets.tdb'
      r11970: fixed a valgrind error. The auth info from the alter_context reply was
      r11980: ronnie worked out that opcode 0xb in SMB2 is in fact ioctl, and that
      r11981: we should allocate request specific memory in ldb modules off the
      r11982: ensure the fde event gets freed before the socket itself, as otherwise
      r11983: make talloc LGPL. This makes more sense given that ldb depends on
      r11984: LGPL on header and testsuite as well
      r12004: added some SEC_ADS_* security flags. Needed for a SDDL parser.
      r12005: added a SDDL (Security Descriptor Description Language) parser. Not
      r12006: don't require callers to fill in pad bytes in SMB2 calls
      r12007: fixed a valgrind error in the SMB2-SETINFO test
      r12008: added a simple LOCAL-SDDL test suite. Only one example so far. Will be
      r12009: made the LOCAL-SDDL test less verbose by default, and add it to the
      r12010: - added support for domain specific SID codes in SDDL strings
      r12011: fixed another 'mixed code and declarations' bug
      r12016: fixed a valgrind error
      r12057: fixed authentication in ldb client tools
      r12063: fixed the krb5 client code to handle ICMP port unreachable errors, and
      r12064: pass back the socket level error correctly (so we get
      r12082: fixed a valgrind error found by kukks in the transs server handling
      r12084: added a comment on what is appropriate for parameter_control
      r12085: wkssvc.idl updated based on work by Ronnie Sahlberg to bring the
      r12086: reverted the utf8string change in xattr.idl. See the discussion on
      r12116: got rid of composite_trigger_done() and composite_trigger_error(), and
      r12136: fixed a bug in NetWkstaTransportEnum() from the recent merge with ethereal idl
      r12137: added sddl_encode(), the reverse of the sddl_decode() function added a
      r12138: added use of 2 letter SID codes in sddl_encode_sid()
      r12139: - fixed up the ace object flags checking
      r12156: added samdb_domain_sid(), a routine to get the domain sid by looking
      r12157: ldb_dump_results() is useful to call from within gdb, so you can see a
      r12158: added ldif handlers for the ntSecurityDescriptor attribute, so when
      r12322: automatically use cmdline_credentials if the ldb object doesn't have
      r12323: fixeed the use of options.get_credentials() for ldb
      r12324: use command line credentials if available in ldap.js
      r12363: minor fixes for win2000 join/login
      r12531: 'make quicktest' was taking 15 minutes on my system due to failing DNS
      r12532: log a message giving the IPs of non-partner clients trying WINS replication
      r12535: - simplify string list handling in a couple of places using str_list_add()
      r12536: kerberos is on port 88, not port 389
      r12537: finally found the difference between us and w2k3 that caused w2k
      r12549: fixed the problem with serialisation and the RAW-OPLOCK test
      r12550: - fixed 'make pch' to always rebuild the gch file. The dependencies
      r12551: fixed oplock serialisation problem in gentest as well
      r12554: get rid of the pesky NTLMSSP warnings about being called after processing is finished
      r12556: added 'make gdbtest'
      r12626: some systems need time.h here (for asctime())
      r12633: expose talloc_vasprintf_append()
      r12634: make the [validate] binding string switch also check to see if the
      r12635: use the new [validate] value() checking to fix the string types for
      r12636: fixed some torture code for the changed lsa string types
      r12637: test CLDAP with both NULL and non-NULL user
      r12783: add a comment about matching more than 1 handler per message (andrew
      r12785: make the iface_*() functions return strings which do not get
      r12811: valgrind on RPC-ECHO with validate is extremely slow - speed it up if
      r12812: speed up RPC-ECHO with validate some more, and re-enable it under
      r12947: added some error checking that I stumbled across while testing domain migration
      r13069: adding a hack on instructions from andrew
      r13075: tell the admin what needs to be done to finish the install
      r13076: catch a easy to make error during vampire install
      r13078: fixed the ldb comparison function for objectSids
      r13096: explain what YOURDOM and YOUR.REALM are (in case people confuse the
      r13097: move the creation of the default sam name -> unix name mappings into
      r13098: make check for workgroup and realm case insensitive
      r13099: allow shares that point to /
      r13100: removed unused menu item
      r13102: fixed the vampire code to correctly setup foreign sids and default
      r13268: fixed typo noticed by Aaron Seigo
      r13276: start to work towards the BASE-DELETE test passing. This change
      r13277: print a useful error message when test 17 fails
      r13278: remove a silly strcasecmp() replacement
      r13283: added two optimisations to the tdb transactions code. The first is to
      r13358: removed some unused functions and make some local functions static
      r13401: remove the rename of the snprintf functions that simo accidentially
      r13504: add back in a comment noting fred as the contributor of the address
      r13505: allow servers to bind to non-broadcast interfaces. Servers now
      r13699: restore the system/select.h include, as otherwise we don't detect
      r13700: added highestCommittedUSN, uSNChanged and uSNCreated support, using
      r13701: removed some unnecessary casts
      r13707: expanded the delete on close test some more, and make it easier to
      r13738: added support for a "pointer" type in pidl. This will be used in the
      r13739: a fairly major overhaul of the opendb code to allow the BASE-DELETE
      r13740: the BASE-DELETE test now passes, and is a quick test
      r13741: make the pointer type in pidl handle any size pointer, just in case we
      r13745: remove some code I was experimenting with and forgot was there when I
      r13803: fixed two errors found with 'make valgrindtest'
      r13853: fixed the BASE-NEGNOWAIT test to not fail with a sigpipe if the server
      r13854: we now pass BASE-NEGNOWAIT
      r13856: fixed a misleading comment
      r14011: - added a ntvfs_notify op to allow backends to support change notify
      r14012: added support for the SMBntcancel operation in the cifs ntvfs
      r14013: added construction of the notify reply buffer in the nttrans server
      r14016: use type safe talloc when constructing operation structures in smb server
      r14059: change notify is quite a bit more complex than we thought. These tests
      r14141: fixed bugzilla 2921, forcing correct alignment when in ascii mode
      r14142: fixed ascii padding of nttrans create in server too
      r14208: removed use of req->flags2 inside the ntvfs layer. This should help
      r14209: don't timeout notify requests in the cifs backend, as they are
      r14288:  - make the snprintf call in talloc portable to older solaris boxes
      r14293: fixed some errors found with beam
      r14294: conditionally define _PUBLIC_, so you can disable it easily with -D_PUBLIC_=
      r14295: make sure we return a valid data blob
      r14296: added an abort() to SMB_ASSERT() so that static analysers know it doesn't return
      r14297: make sure we can go through the loop for than once
      r14305: fixed a memory leak and a break error
      r14306: fixed two break errors
      r14307: fixed dereference of my_address->addr when NULL
      r14308: fixed an out of range shift and an uninitialised error
      r14309: make sure ret is initialised
      r14310: length needs to be initialised
      r14311: canon needs to be initialised
      r14409: quieten warnings
      r14410: init a var
      r14411: mark smb_panic() as a noreturn function using gcc attributes, which
      r14412: init a var
      r14413: don't do memcpy of length 0
      r14414: added some error checks
      r14415: remove an unusued var
      r14420: arrgh, make sure I test compile even little patches ....
      r14422: ensure that domain_attrs does not refer to a stack variable in a freed
      r14423: don't die on no controls
      r14424: another empty controls case
      r14425: fixed an hmac-md5 error for keys longer than 64 (using deallocated
      r14426: ensure res is initialised
      r14427: don't reference short_princ after it is freed
      r14429: charset_t cannot be used to loop over charset_t, as otherwise it can
      r14430: ret can be NULL at the end of this loop
      r14431: don't call qsort with a null array
      r14433: sort_result must be initialised when we call do_result
      r14434: use the right enum type
      r14435: return after an error
      r14436: mixing of boolean expressions and integers isn't allowed
      r14539: get rid of a pointless union layer in struct smb_notify
      r14612: added strncasecmp_m() and fixed strcasecmp_m() for invalid codepoints
      r14613: fixed ntvfs_notify_next()
      r14614: handle zero timers in pvfs_wait()
      r14615: add notify to unixuid ntvfs module
      r14616: added notify change support to the posix backend
      r14755: the change notify code now passes most of the RAW-NOTIFY test. Still
      r14792: when we enable fake oplocks, give out batch oplocks not exclusive oplocks
      r14793: the RAW-NOTIFY test now passes. Next I need to make it efficient, and
      r14794: added a test to see what happens when you send a notify request on a
      r14795: queue notify requests on the same handle
      r14796: handle overflows in the notify buffer. The pending events are dumped
      r14797: added checking of the filter in notify requests
      r14799: added a tdb_get_seqnum() call, and the TDB_SEQNUM flag. This allows
      r14800: use tdb_get_seqnum() in the change notify code to avoid reloading the
      r14803: copy with the root directory, which has /. on the end of the path
      r14805: use tdb_lock_bystring() to prevent race conditions in notify add/remove
      r14807: fixed the format of notify responses (forgot to commit this earlier)
      r14808: added notify_trigger() calls for rename and setfileinfo calls
      r14835: split out the config rules for the ntvfs/common/ directory
      r14837: fixed build error
      r14838: fix the build. Looks like I still haven't quite got the hang of the
      r14845: expanded the number of info levels tested for continue in the
      r14876: added ENOSYS to unix error mapping
      r14877: added support for the kernel inotify mechanism. This passes basic
      r14902: change charcnv code to fail the conversion when it hits bad
      r14903: rewrote ndr_push_string() to be much simpler, and correctly handle
      r14904: fixed LIBNDR_FLAG_STR_CHARLEN (thanks to Metze for noticing this)
      r14916: print errno so I can work out why OpenBSD is failing the test for tdb
      r14917: fixed length strings don't count any trailing nulls in the length
      r14918: cleaner handling of systems without inotify
      r14919: disable the BASE-DEFER_OPEN test until it gets fixed (it sleeps for
      r14920: allow a notify backend to separately specify if it has handled the
      r14921: I forgot to commit the IDL change for the subdir_filter
      r14924: when handling recursive change notify, the client expects a windows
      r14925: trigger NOTIFY_ACTION_OLD_NAME and NOTIFY_ACTION_NEW_NAME events for
      r14926: change the inotify backend to implement the rather unusual semantics
      r14927: expand the RAW-NOTIFY test to test recursive and rename handling
      r14928: demonstrate that the completion filter is only set on the first notify
      r14932: ensure that we send a NOTIFY_ACTION_OLD_NAME and
      r14933: fix the handling of notify filters to be much closer to the behaviour
      r14934: greatly expand the RAW-NOTIFY testing of completion filters. We now
      r14935: try to avoid a race condition in the recursion test
      r14936: remove a duplicate line
      r14937: fix a crash that can be caused by a notify triggering during a share
      r14938: add smbcli_fsetatr() as a convenient interface to a setfileinfo for
      r14941: a rename of a file (but not a directory) triggers 3 events. The first
      r14942: make the RAW-NOTIFY test check the strange file rename semantics. Also
      r14943: bring the inotify backend up to date with all the strange rename
      r14945: allow the notify backend to be specified per share
      r14946: added a smbcli_ftruncate() call, useful for torture testing
      r14947: add support for file truncate events
      r14948: add testing of truncate events, and add truncate support to inotify
      r14949: re-add the two lex.c files for heimdal, these are needed for systems
      r14956: change the notify search to be much more efficient by using a
      r14957: fixed shell syntax for config.h creation, and move after AC_OUTPUT
      r14958: fixed big-endian dcerpc connections for the new string handling code
      r14959: allow change notify to be disabled completely using
      r14960: don't declare variables mid-function
      r14962: fixed a valgrind error
      r14963: check talloc returns
      r14969: ensure that even on slow machines we leave plenty of time for a series
      r14972: fix an uninitialised warning from ibm checker
      r14973: req cannot be NULL in smb_raw_t2open_recv() (found by IBM checker)
      r14974: work around an ibm checker bug
      r14975: use the magic comment recognised by the IBM checker for deliberate
      r14976: another use of the magic comment recognised by the IBM checker for
      r14977: more IBM checker fixes
      r14978: fixed a print of NULL
      r14979: avoid a null ptr deref
      r14980: fixed several IBM checker errors in gentest and masktest
      r14981: fixed a use of a wild ptr in regshell
      r14982: mark a deliberate missing break
      r14983: fix an uninitialised var
      r14984: marking mprBreakpoint() as a __noreturn__ function should reduce the
      r15014: added a simple batch oplock benchmark
      r15015: add an explanation for this test
      r15016: add a test for a 2nd open with an exclusive oplock. It does not cause
      r15029: fixed the detection of inotify
      r15032: change BENCH-NBENCH to always break to none, rather than accepting a
      r15033: expanded the RAW-OPLOCK test to include the different cases where the
      r15048: started on the server side implementation of oplocks. The code is not
      r15049: for really efficient oplock handling with thousands of open files we
      r15050: fixed a double free in the new messaging code.
      r15517: fixed the segv in provision. The problem was that SAMBA_VERSION_STRING
      r15518: the 'password' option in POPT_COMMON_CREDENTIALS was conflicting with
      r15524: fix a problem with rpc faults from bind and alter context
      r15530: added testing of generic CLDAP requests, looking at the rootDSE. Jerry
      r15731: module init functions should return NTSTATUS, not void
      r15794: fixed a problem with DOS status codes - found by kukks (thanks!)
      r15796: this talloc_reference() was causing a memory leak on every NTVFS
      r15797: fixed a notify bug, where a notify_remove() is beyond the current max
      r15798: shortcut the lookup of "localhost" in the ipv6 backend
      r15799: fixed the problem with BASE-DISCONNECT after the recent memory leak
      r15824: fixed a subtle talloc bug to do with memory context loops. When you
      r15825: there are quite subtle semantics with change notify events being sent
      r15826: ensure we don't dereference sec when NULL
      r15827: fixed a spelling error
      r15828: a talloc steal optimisation spotted by metze
      r15830: fixed two kdc memory leaks
      r15831: fixed a memory leak in the netlogon server
      r15832: put a talloc leak report in the log file at the end of each test run
      r15833: fixed two delete on close memory leaks
      r15834: fixed a memory leak in the session code
      r15835: fixed locking in the client library
      r15849: ensure we don't try to talloc_steal() an invalid error_string in
      r15850: another spot where r->out.error_string can be uninitialied
      r15851: the conversion of loadparm to BOOL broke all big-endian platforms as
      r15852: patch from Rusty to make talloc_set_destructor() and talloc_steal()
      r15853: started the process of removing the warnings now that
      r15854: more talloc_set_destructor() typesafe fixes
      r15855: more talloc_set_destructor() typesafe fixes. nearly done ...
      r15856: fixed talloc_asprintf_append() on solaris
      r15859: fixed a crash bug in the ldb password_hash module. This one is quite
      r15879: strtok_r() replacement, for solaris
      r15880: the ntvfs_handle changes broke rpc on big-endian boxes, as the
      r15881: fixed the RAW-ACLS test for 64 bit systems (was failing on ppc64)
      r15882: I forgot to add in this prototype for strtok_r()
      r15896: we're getting a lot of crashes on the build farm due to people
      r15897: switch to d_printf() in the libnet_share test, and neaten up the code
      r15898: use d_printf() in some more places to fix more torture seg faults on
      r15902: more test code that should be using d_printf()
      r15950: another printf() crash on solaris
      r15953: our timegm() replacement still doesn't work, so grab the one from
      r17255: fixed BENCH-NBENCH for new smb_raw_find_first() syntax
      r17578: in standalone talloc build ensure we get intptr_t if available (which
      r17579: make ldb build g++ friendly
      r17644: change the ldap server to always use the single process model. We are
      r17645: gcc 4.1.x has started producing "value computed is not used" warnings
      r17647: the init fns should not take a mem_ctx
      r17656: some systems (like older solaris) don't return ENOTEMPTY on rmdir()
      r17658: several replacement snprintf() fixes.
      r17659: cope with systems without the x509 gnutls functions
      r17660: fixed configure test
      r17674: fixed a problem on with our configure logic on systems that have
      r17675: increase max torture test runtime - we have some v slow hosts in the
      r17678: don't free result message twice
      r17679: - fix 'make test-ldap' to skip ldb specials
      r17680: make standalone tdb support building and testing in a different
      r17681: fixed standalone talloc build to support building in a separate
      r17683: to pick up config.h we need -I. as well for talloc
      r17684: and we need -Iinclude for tdb
      r17685: talloc.pc is in the build directory
      r17686: tdb.pc is in the build directory
      r17687: remove circular dependency
      r17688: the commit/test cycle for getting this to work in the build farm sure
      r17689: build works, this should fix install ....
      r17692: - don't try and run ldap tests unless we have slapd
      r17693: only install man pages if we have managed to generate them with
      r17695: added installcheck target
      r17696: attempt to allow ldb to use an external popt directory, so we can
      r17697: - enable test for slapd
      r17701: doxygen (if installed!) needs to be run in the src directory
      r17702: test for gcc, and only enable gcc flags if true
      r17706: remove the dependence on gnu make in the standalone build
      r17708: make the automated testing of the ldb ldap backend more portable
      r17718: don't consider a slapadd failure in the ldap backend tests as a ldb
      r17719: ldb_cmdline needs to be static for cc on solaris
      r17720: in standalone ldb build, some systems need sys/stat.h and a defn of
      r17721: fixed the dlopen and MODULESDIR handling in the standalone build
      r17722: better to use talloc_vasprintf() than vasprintf() directly, as it
      r17724: don't rely on strnlen() as MacOSX 10.4 doesn't have it. Someday apple
      r17725: VPATH and builds out of the source directory causes problems with the
      r17726: not having slapd installed isn't a ldb test failure
      r17729: remove the dependence on an internet connection for building
      r17730: cast dlsym result to try to avoid a compiler crash on hpux
      r17731: try to cope with freebsd handling of .a dependencies
      r17732: after some help from Jelmer, changed builddocs.sh not to rely on
      r17733: doxygen is way too noisy to build every time, and it doesn't do
      r17734: tru64 needs these for standalone build
      r17735: a (probably useless) attempt to workaround stupidity in HPs version of
      r17737: fixed a 'declaration in code' error
      r17738: solving the seemingly trivial problem of timegm() being missing on
      r17739: forgot to add replace/*
      r17740: get rid of dependence on asprintf(), using talloc_asprintf() instead
      r17741: tru64 uses inttypes.h not stdint.h.
      r17745: got rid of the final asprintf() in ldb
      r17746: the automatic archive creation in make breaks on 3 platforms. Lets try
      r17749: more HPUX madness
      r17750: these have moved to ldb/replace/ now
      r17762: HPUX needs setenv
      r17763: moved setenv to ldb/replace/
      r17764: more portable setenv() replacement
      r17765: fix handling of old solaris /bin/sh in ldb build/test
      r17768: This merges in the current version of Brad Henry's windows testing
      r17769: only look for dlopen in -ldl if not found in libc. Needed for us4
      r17770: don't force -L/usr/lib, it breaks us4
      r17771: add a comment explaing the odd cast
      r17820: simplify the code flow a little
      r17821: changed ldb_search() and the ldbsearch command line utility to
      r17822: the ildap ldb backend doesn't need the auto rootDSE logic any more
      r17823: get rid of most of the samdb_base_dn() calls, as they are no longer
      r17824: add a wrapper for the common partitions_basedn calculation
      r17825: I broken cracknames in my last patch - fix it up
      r17828: set the auto_baseDN opaque even on failure to fetch rootDSE. That
      r17978: make the ldap backend test for ldb work both with and without modules
      r17980: handle NULL arguments without crashing in strcasecmp_m() and
      r17990: added timeout checking on dcerpc connection establishment. This should
      r17992: reverted r17842
      r17993: as metze pointed out, the composite_error() already calls the async
      r18026: patch from Brad allowing the windows testing to be configured
      r18032: added a 'make distclean'
      r18033: added install-sh, needed for standalone libreplace build
      r18034: fixed build of libreplace outside of source directory
      r18035: - fixed 'make clean' to remove test objects
      r18037: added 'make installcheck' target
      r18038: make test fns static
      r18041: started on the bodies of the testsuite functions for libreplace
      r18042: testsuite needs to link to libreplace.a :-)
      r18043: added strlcpy() test
      r18044: timegm.c needs to be in a separate file
      r18051: - add gcc warning flags
      r18052: discard_const_p() isn't part of the libreplace API, so we can't use it
      r18053: the sig_atomic_t test needs to be in libreplace for getpass.c to
      r18054: snprintf.c needs to use replace.h to get the rep_vasprintf and related
      r18055: aix needs time.h for timegm.c to compile
      r18056: includes needed for O_CREAT
      r18057: fixed an #ifdef
      r18058: we don't actually need __VA_ARGS__ yet (its another C99 feature which
      r18059: another cpp error
      r18060: use gmake for libreplace if available
      r18061: this should fix the libreplace build on us4 with gcc
      r18067: some tweaks for irix and hpux
      r18073: next step in grab libreplace plan - see IRC logs for very detailed
      r18074: config.m4 is now libreplace.m4
      r18075: with the new scheme, we now use config.h again (thanks jelmer!)
      r18076: convert talloc to the new libreplace system
      r18077: move some configure tests out of talloc that are now in libreplace
      r18078: these tests came from talloc
      r18079: fix for in-tree build with samba4 dir layout
      r18080: added distclean target to talloc
      r18081: libreplace now uses config.h again
      r18082: bring talloc in line with new conventions
      r18083: i should sleep more ....
      r18084: we don't need the double sinclude() any more
      r18085: using m4_include() instead of sinclude() means we get an error if the
      r18086: here too
      r18108: move tdb to use the same build methods
      r18109: move ldb to use the same build methods
      r18110: renamed config.m4 for popt
      r18111: base inclusion of replacement printf fns on function existance, not
      r18112: really make use of libreplace in ldb
      r18115: comparison_fn_t is defined in libreplace now
      r18117: first steps in making samba4 use libreplace
      r18118: its the job of libreplace to handle things like this
      r18119: forgot to commit this
      r18129: moved the system includes into libreplace - this gives much more
      r18130: the move to system/ in libreplace broke some things ... should be
      r18131: fixed tdb subsystem to use right tdb.h
      r18132: getpass can't depend on fns in lib/util/
      r18133: ad2oLschema needs ctype.h on some systems
      r18134: the lib/replace/system/filesys.h in this patch should be
      r18135: almost there ....
      r18137: more LIBREPLACE deps
      r18139: irix needs system/network.h here
      r18140: and this reduces warnings about toupper()
      r18141: an accidental nested C comment!
      r18143: the 'showflags' convention from Samba is useful for the other packages
      r18146: we need signal.h in some places
      r18154: try to get the heimdal_build code to use libreplace in a better way
      r18156: fix platforms that need timegm replacement
      r18160: - pread and pwrite replacements need to be non-static
      r18176: reg_util.c needs LIBREPLACE for strndup
      r18178: another place needs LIBREPLACE to get strndup
      r18202: moved the overrides for HAVE_xxx from heimdal_build/config.h to
      r18203: rearranged the overrides in heimdal_build/*.h to avoid the use of
      r18204: darn, compilers always look in the directory the source is in for
      r18205: need rep_ macros for seteuid and setegid
      r18206: need rep_ macro for setlinebuf
      r18207: not all readline libs have rl_event_hook
      r18208: Mac OS X also doesn't have history_list()
      r18209: fix the ifdef for HAVE_HISTORY_LIST
      r18211: wct is not a size, so don't use size_t
      r18216: a special override for the broken HP-UX C compiler. It does support
      r18218: setenv() is guaranteed by libreplace
      r18219: move some more portability checks out of samba4 and info lib/replace
      r18221: moved more configure checks into lib/replace/
      r18243: when setting up a composite continuation, if the context has already
      r18244: more portable shell scripting
      r18247: more shell portability fixes
      r18251: skip pidl tests unless the platform has Test::More
      r18254: reverted r18231
      r18256: use the right status variable
      r18258: need to use .priority not .order here
      r18277: on some of our slower hosts we need more than 2700 seconds for smbd to
      r18278: move more header checks and _GNU_SOURCE into libreplace
      r18279: libreplace.m4 needs to come first or autoconf complains, as libreplace
      r18280: more portability tidyups, ensuring we use libreplace everywhere
      r18281: a workaround for an infinite dependency loop in the dependency
      r18282: dynconfig.o build rule needs cflags.pl too
      r18283: libreplace.m4 needs to be early in configure.ac in other packages too
      r18284: enable _XOPEN_SOURCE_EXTENDED to fix a HP-UX bug with the definition
      r18285: tdb now needs install-sh
      r18286: ldb now needs install-sh too
      r18287: add support for the -qlanglvl=extc99 and -qlanglvl=stdc99 flags,
      r18288: autoconf already has a C99 test builtin!
      r18289: don't check for inline till we've worked out the main compiler flags
      r18290: finally worked out why we were failing tests on solaris. It has
      r18295: pass write type for packet_size
      r18298: fixed mmap failure test
      r18299: POPT_CREDENTIALS should depend on LIBPOPT
      r18300: fixed a type bug in heimdal - lha, you happy with this upstream? It
      r18301: I discovered how to load the warnings from a build farm build into
      r18302: fixed test_cifsdd.sh - the unnecessary sum operations were breaking on
      r18304: fixed misuse of size_t in dopr()
      r18307: fixed a warning
      r18308: get this right ....
      r18309: FreeBSD 6.1 has a symbol ldap_new_connection() in the system ldap
      r18319: fixed the directory search resume code on IRIX
      r18320: the raw write size limit test hurts too many hosts. Limit it to 2^33
      r18321: fixed some warnings on AIX
      r18322: fixed a compilation problem on AIX caused by lex not putting config.h
      r18323: this function returns a pointer, not a bool
      r18324: fixed a uninitialised variable
      r18325: more warnings and one compile error on aix fixed
      r18327: 'struct token' is defined on some hosts
      r18328: when we bail out early, set *offset to 0
      r18330: don't mix pointer types in RPC replies
      r18331: fixed a warning
      r18332: added back in our shared mmap test code
      r18334: AIX 5.1 doesn't have any of 'users', 'guest', 'other' or 'unknown'
      r18335: more portable bool tests
      r18336: autoconf tries to force on C89 mode on HP-UX, using the -Ae
      r18337: more -Ae tests in check_cc.m4
      r18339: need these checks for roken.h on hpux
      r18340: some HPUX boxes don't have ptrdiff_t
      r18341: ooh this gets subtle - this needed for xfs on linux
      r18342: a bit more explanation of these strange values
      r18343: fixed setlinebuf() prototype, added test for it, and use it in two
      r18346: make sure we kill off the slapd process
      r18347: run slapd in the foreground so timelimit can kill it
      r18348: fixed a valgrind error in RPC-SRVSVC
      r18349: don't do validation when using valgrind. It's way too slow (can be
      r18350: we have to check for lstat() to keep roken happen on hpux
      r18351: functions as initialisers in structures doesn't work on some compilers
      r18352: printf("%s") is not safe for NULL strings on all platforms, but
      r18353: try to fix the assumption of NULL being handled in printf()
      r18355: increase the delays waiting for all events to propogate in the
      r18356: doing 1000 of these requests can take over an hour under
      r18358: handle errors in the RPC-LSA async test
      r18359: better handling of child process killing in standard mode
      r18360: better handling of child process killing in standard mode
      r18370: allow system inotify to be disabled
      r18371: made the directory depth notify test independent of timing
      r18372: don't use the system inotify until in the build farm until we work out
      r18374: don't go past the end of this array
      r18375: Volker noticed that this is in fact an 8bit number - well spotted!
      r18376: added iconv:native=false option to turn off native iconv. Needed under
      r18377: disable native iconv with valgrind
      r18378: try enabling _OSF_SOURCE to see if it fixes the tru64 build problems -
      r18400: move MAP_FAILED define to lib/replace/system/shmem.h
      r18401: some of our code also relies on fprintf() handling C99
      r18406: disable local iconv test as well when iconv:native=false
      r18407: test for epoll.h and select.h
      r18431: use this to suppress things on fort in the build farm
      r18432: ensure roken doesn't try to include both inttypes.h and stdint.h. The
      r18435: added a function talloc_move() which is like talloc_steal(), but is
      r18436: converted ldb to use talloc_move() instead of talloc_steal() when
      r18437: added a 'make valgrindtest' target for ldb
      r18438: I should have examined these uses of talloc_move() more
      r18439: 2nd try at a talloc_move() api. This type with the ** ptr interface
      r18488: we have to make sure any extensions flags also make it into
      r18489: dlopen is so amazingly broken on linux
      r18490: on irix _XOPEN_SOURCE_EXTENDED needs to be defined to 1, not just
      r18491: fixed a warning
      r18492: an attempt at replacing readdir() with something based on
      r18493: another "blind coding" attempt at a getdirentries() based readdir()
      r18494: don't count 'DWARF2 CFI reader' messages as valgrind failures
      r18496: yet another dlopen valgrind suppression
      r18497: fixed crash bug in irpc test - the torture_tcase_add_test() call
      r18516: I'm surprised that compilers allowed this at all
      r18517: I find it less confusing if tests are run in the order they are
      r18518: we replace snprintf() if its not C99, so we should also add the rep_
      r18521: implement volkers suggestion for avoiding the type punning warnings
      r18528: work around what appears to be a compiler bug in gcc on irix. It
      r18535: move the AC_CANONICAL_HOST and host specific flag tests into
      r18536: fixed the loading of external binary files from ldif into ldb
      r18537: after testing for poptGetContext, if the test fails, don't try to use
      r18538: we need a pipe here, not a logical OR
      r18539: 'make distclean' should delete config.cache
      r18540: show the additional smbd output from each test, rather than only
      r18541: with 100 old style searches we can run out of file descriptors on some
      r18563: - move more of the header checks into lib/replace/
      r18566: fixed the winreg pipe and winreg tests
      r18567: fixed the winreg js code for the new names of the fields in winreg.idl
      r18568: this warning is not needed now that it is the job of the unixuid ntvfs
      r18569: add really simple testing of the 'simple' ntvfs backend, so we know
      r18571: try to make it a lot more obvious when 'make test' or 'make quicktest'
      r18573: disable the echo.js testing of echo_TestCall() for now.
      r18574: re-enable the echo pipe in smbscript. I suspect disabling this was an
      r18575: - use the right variable to teststatus
      r18576: unfortunately our current build farm results are a bit too good!
      r18577: reduce the number of tests run in 'make quicktest' again, so it
      r18578: steve, I think you may have forgotten to commit test_cifsposix.sh ?
      r18579: fixed boolean parameters on big endian hosts which have
      r18580: map the PVFS_FLAG_READONLY bit in the posix backend onto
      r18581: also check for SEC_STD_DELETE, and split out the check into a separate
      r18582: disable synchronous ldb in the build farm. Some hosts have very slow
      r18583: a nasty hack to allow me to monitor the number of open file
      r18584: found one of the fd leaks. The registry backend was using a
      r18585: 50 open searches is still too many for some of the build farm hosts,
      r18586: fixed a potential fd and memory leak in the socket_wrapper code
      r18587: fixed a potential memory leak in libnet
      r18588: save one more character in the socket wrapper path - seems it still
      r18589: make inclusion of net/if.h conditional. It breaks HPUX with gcc.
      r18594: fail the configure step if the required library is not found for tdb,
      r18595: try an experiment of adding a RPC test into the windows testing
      r18596: removed superfluous semicolon
      r18599: the netr_CryptPassword structure needs to use a uint8, as the data is
      r18600: - fix shell syntax in tests for libraries
      r18601: updated web page for new talloc build method
      r18602: updated web page for new ldb build method
      r18604: fixed shell syntax
      r18715: 0x8 style status returns should also fail here (thanks metze)
      r18716: put in a commented out useful hack for some RPC servers
      r18805: make error message match function name
      r18806: fixed two spelling errors
      r18807: don't overtax the imaginations of servers that can't do mkdir on \\dirname\\
      r18808: added SMB2-MAXWRITE test and SMB2-DIR tests
      r18824: fixed a bug in cifsdd when the file is exactly a multiple of the block
      r18825: speed up the test_cifsdd.sh test by using a smaller file. It was
      r18830: ensure backends aren't added twice (needed for samba3)
      r18831: minor build changes for samba3. The logging changes will be removed
      r18832: fixed standalone build
      r18833: darn, forgot to commit this
      r18834: get the log context code right
      r18835: expand IO limits on SMB2. Samba4 now tops out at 16.7MB IOs.
      r18838: make sure we cleanup after SMB2-MAXWRITE (it creates a large file)
      r18839: align all directory search blobs on an 8 byte boundary to keep the
      r18840: make these compatible with g++ warnings
      r18859: finally worked out what is going wrong with immediate structures. The
      r18860: fixed some code that bitrotted while we didn't have the safety check
      r18861: merge from samba3
      r18862: as andrew pointed our on irc, if we are going to define _TRUE, then
      r18872: when converting IDL to use out,ref pointers, you also must fix any
      r18910: Change ldb_msg_add_string() to not actually add an attribute if the
      r18913: an attempt to get tdb/ldb working on the HPUX box 'gwen'. This idea
      r18914: this bug fix needs to be for just hpux 11.11
      r18916: fixed the messaging layer on *BSD systems. When a socket was full we
      r18917: having 255 virtual interfaces available in socket wrapper means we
      r18936: hopefully fix the test for negative enum values. When a compiler
      r18939: don't rely on the umask being right in ldb creation. Both Samba3 and
      r18942: add a ldb_set_create_perms() function in ldb. I didn't call it
      r18943: Samba4 wants its databases private to root. I know some of them could
      r18965: fixed the bug with RPC-NETLOGON and solaris sparc machines. This bug
      r18968: EWOULDBLOCK should also be mapped to STATUS_MORE_ENTRIES
      r18970: avoid strndup and strnlen on AIX. They are quite broken. See
      r18971: avoid strndup is a few places. Fixes a minor memory leak, and should
      r18972: we don't need this now all builds in the build farm are limited to 150
      r19009: ensure that data values from ldap libs are null terminated, to allow
      r19111: fixed basic web server operation
      r19112: fixed a checker warning.
      r19113: fixed another checker warning.
      r19114: fixed another checker warning and a possible error on allocation
      r19116: fixed a checker warning
      r19117: I've changed the checker wrapper on snab to allow for a
      r19118: get rid of a bunch of bool misuse warnings
      r19120: silence a warning about a test function
      r19199: split out the xattr NTACL code into a separate part of the posix
      r19252: - fixed 'erase' argument to setup_ldb()
      r19253: its not so useful to index on objectclass. Much better to search on
      r19273: - fixed error handling with the ldap backend
      r19274: fix ldbdel and ldbmodify to return an error if the underlying ldb call
      r19282: make the recent qooxdoo work that Derrell has done available via the
      r19289: fixed a memory leak in ldb_dn_string_compose()
      r19294: a little speed tester for ldb/tdb
      r19296: added a leak detector to ldb_wrap_connect()
      r19297: fixed a leak in the ejs ldb interface
      r19298: make sure torture_fail() gives a useful message
      r19322: fix a minor memory leak in the ltdb cache code
      r19323: fixed a leak in the ldif parse code
      r19324: fixed a leak on deleting records when no index is in place
      r19325: leak fix from lha
      r19326: don't leak a ndr_push structure on ndr_push_struct_blob()
      r19327: fixed a leak in ldif_canonicalise_objectCategory()
      r19328: another leak plugged ....
      r19329: fixed a leak in the password hash module
      r19360: improve the ldb leak detector - it now takes into account the number
      r19361: added a comment
      r19362: - don't need to store the baseinfo message after cache load
      r19363: - don't need to store the baseinfo message after cache load
      r19365: fixed a memory leak in the ldb attribute handling
      r19366: don't fail async echo tests due to rounding errors
      r19400: fixed a valgrind error in the directory registry backend (name was
      r19401: make tdb_lockall() much more efficient, and add a tdb_lockall_read()
      r19402: - use the new tdb_lockall_read() to make ldb_search() more efficient,
      r19403: try to fix the crashes in the buildfarm related to timegm
      r19404: fixed the LOCAL-ICONV test
      r19405: the talloc speed test suite was not giving an accurate picture of the
      r19408: I think tm_mon is ending up as -1 on some platforms
      r19410: - fixed checker error
      r19411: sigh - we can't call close here as its mapped to swrap_close() in the
      r19412: some rather strange looking changes to talloc that gain us about 50%
      r19423: merge some tdb changes from SAMBA_3_0 to SAMBA_4_0
      r19425: two more tdb functions from samba3
      r19428: moved tdbutil.c from lib/tdb/common/ to lib/util/util_tdb.c
      r19433: Metze, please take a look at this one!
      r19434: we need to force line buffering as the new torture code doesn't create
      r19435: fixed the subunit code on platforms with small pipe buffers, and use
      r19436: fixed stderr in piped_child() as well
      r19437: don't run the LOCAL-ICONV test on systems that don't have CP850
      r19438: try to fix up the build breakages on BSD systems due to incorrectly
      r19439: revert my change to a torture assert - expected is a bool
      r19440: merged from samba3
      r19441: work in progress support for NFS4 ACLs in Samba4 on Linux. Still work
      r19498: the autofree test cannot be run as part of smbtorture
      r19501: fix the hangs in the build farm in RPC-SECRETS
      r19502: fixed the RPC-SECRETS test with kerberos. Andrew, can you look at this
      r19503: it only makes sense to run the LOCAL-ICONV test on 'known good'
      r19504: - fixed a free error in file_lines_parse
      r19505: fixed a valgrind error
      r19506: fixed remaining parts of RAW-READ and RAW-WRITE tests to check for
      r19508: fixed SMB2-SETINFO
      r19548: this talloc_free() is definately wrong.
      r19549: fixed some indentation
      r19550: the sense of this test was wrong
      r19563: - make --num-progs a valid smbtorture option again. It's commonly
      r19564: testing build farm scripts, apologies for the noise
      r19565: the scripts do work :)
      r20059: james was asking about CAP_LARGE_READX and reads close to the 64k
      r20077: support large readx replies, as done by samba3 (and the snia spec),
      r20078: support the large samba3 reads in RAW-READ test
      r20091: remove blank lines at the end of text lines loaded from a file
      r20092: added a locking benchmark that should be good for benchmarking
      r20104: this is a alternative events backend, which uses a hybrid of aio and
      r20234: metze pointed out that we are re-loading the cache records on each
      r20301: add an option torture:readonly which allows the NBENCH test to be run
      r20302: added support for 64 bit file offsets in NBENCH
      r20351: ensure these variables are set in the right place in the Makefile
      r20539: - split the common timer related events code into events_timed.c
      r20540: darn, also need to fix this event_context reference
      r20621: - enable the aio events backend on systems that support it
      r20623: change where the smb.conf parm event:backend is checked to ensure it
      r20624: added AIO read to pvfs backend
      r20646: first preparations for cluster enablement. This changes "
      r20647: add cluster code
      r20649: fixed strlower_talloc() and strupper_talloc() to end with right size,
      r20650: revert a bunch of code I didn't mean to commit yet
      r20665: put in my version of aio.h
      r20698: added AIO writing support
      r20886: fixed a valgrind error
      r20887: allow the registration of multiple cluster backends
      r20888: local cluster backend
      r20889: import ctdb cluster backend from bzr
      r20890: spelling fix
      r20891: enable multiple brlock backends. The tdb backend is the default. The
      r20892: add parameter for enabling ctdb self connect
      r20893: brlock notifies are currently disabled in the ctdb backend. Use a #if
      r20894: the new brlock.c is needed (seems a svn rename + new file didn't make
      r20895: enable ctdb backend at startup (if configured)
      r20896: make the maximum lacount configurable in smb.conf
      r20918: a bit more debugging, and remove the hackish /dev/null writes I used
      r20919: add a function cluster_tdb_tmp_open() which can be used in a cluster
      r20920: use cluster_tdb_tmp_open() in ntvfs backend code
      r20928: added signal events to lib/events
      r20929: fixed typo
      r20930: use sigaction() instead of signal()
      r20938: use a double counter trick to avoid the need for atomic increment
      r20939: reduce the amount of static state for signal handlers from 96k to 1.2k
      r20940: allow SA_SIGINFO signals to be oneshot. Why you would ever want this
      r20941: avoid races in the block/unblock code
      r20943: use offsetof() instead of sizeof() - 1 for the packet length
      r20944: if a call has been destroyed before a reply comes in then discard the
      r20945: fixed the bug causing locktest to fail with the ctdb backend after a
      r20946: fixed another couple of bugs in the brlock ctdb backend. It now
      r20947: fixed a bug in the unlock logic in the brlock tdb backend
      r20948: a very simple example on how to setup and test ctdb
      r20960: attempt to fix a valgrind error in the signals backend.
      r20989: don't mark epoll as set until after the io_submit() succeeds
      r20990: check for errors from event_loop_once()
      r20991: use relative includes for ctdb headers. This works with both
      r21044: - merge struct ctdb_call API changes from bzr tree
      r21045: every call in brlock_ctdb ended up neededing a 32 bit status code, so
      r21139: make the RAW-MUX test fail if the locking subsystem doesn't trigger
      r21140: enable the pending lock notify code in the ctdb backend so that timed
      r21171: fixed a bug related to recursive event handling.
      r21172: fixed a comment
      r21173: - keep the ctdb queue when reconnecting (this will need to be more
      r21174: many thanks to Paul Wayper for pointing out that C99 requires a
      r21206: - a couple more nttrans places were a memcpy() should be used
      r21208: fix a crash bug caused by r21205
      r21211: fixed 3 places that assumed that torture_fail() didn't call
      r21212: detect if the kernel does not support integrated epoll/aio when the
      r21213: the build farm seems to show that FreeBSD 6.2 has two different error
      r21214: fixed a valgrind error that can be caused by a semi-async call inside
      r21215: extend the RAW-MUX test to test cancelling a async lock request using
      r21216: fail the RAW-BENCH-LOCK test if the locking doesn't happen evenly
      r21230: added the hooks needed in the cluster layer and the messaging code for
      r21232: added a raw ctdb messaging api - allowing ctdb applications to take
      r21233: first version of samba4 messaging using ctdb is working. This means we
      r21234: fixed a subtle bug with talloc reference counting and async ntvfs
      r21256: - msg_type is not needed in the cluster messaging API
      r21535: - fixed a crash in the RAW-ACLS test. When a dcerpc_pipe is created
      r21570: added a RPC-HANDLES test that tries to show that rpc policy handles
      r21571: added RPC-HANDLES test to make test
      r21618: an attempt to fix the problem with lcov and yacc generated C code
      r21620: commit updated versions (with correct paths)
      r21735: skip the smbclient test until jelmer can take a look at it. The
      r21740: this fixes the real cause of the large log files we had. The problem
      r21742: reenable the smbclient test now that the d_printf bug is fixed
      r21807: modularise the opendb code, so different backends can be
      r21811: fixed a queueing error in the dcerpc client code. WHen the
      r21812: fixed an integer overflow error in the ndr push code.
      r21814: use ndr_push_error in the ndr layer, not just a NTSTATUS failure
      r21835: fixed a rpc server bug where we failed to remove a call from one
      r22021: use the pid specified in the individual locks, not the request pid, in
      r22025: patch from Ronnie to make locktest also test the behaviour of pid
      r22070: merge in the changes from the bzr ctdb tree, and convert the brlock
      r22072: in order to implement the opendb ctdb backend, I've found that the
      r22081: transaction_brlock() should be static
      r22082: merged the ctdb changes from bzr
      r22083: opendb backend to ctdb now passes simple tests
      r22084: use a TDB_INTERNAL tdb for the local ctdb tdb for now
      r22085: correct copyright on opendb_ctdb.c
      r22087: added a RAW-BENCH-OPEN test that can be used to stress out a clustered
      r22089: check the return value of interpret_addr2()
      r22090: fix error handling in cldap client library to cope with bad host names
      r22098: merged from bzr tree
      r22114: merge from bzr tree
      r22117: merged from bzr
      r22165: merge transaction fix from samba3
      r22231: merge from bzr ctdb tree
      r22232: add a special message handler ID meaning "all messages please"
      r22234: merge test suite changes from bzr tree
      r22237: this init fn doesn't exist yet
      r22242: ctdb init now takes a process model
      r22421: merged in latest ctdb changes from bzr
      r22422: merged tdb changes from ctdb
      r22423: don't need popt here
      r22424: fixed the bad merge (thanks to metze for pointing out)
      r22616: allow the unclist file to not specify a share name, and instead
      r22632: merged volkers select events fix
      r22634: make the events system much less dependent on the samba4 build system
      r22670: changed the RAW-NOTIFY test to support clustered testing (two nodes)
      r22813: improve error messages in RAW-NOTIFY test
      r22829: system/select.h needs to bring in epoll.h for epoll usage in
      r22830: merged the latest lib/events updates from ctdb to Samba4. This
      r22831: take advantage of EVENT_FD_AUTOCLOSE in the inotify code
      r22832: merged the latest tdb changes from ctdb to Samba4
      r22833: use EVENT_FD_AUTOCLOSE in our event test suite
      r22834: fixed a memory leak in the torture_open_connection() code, and removed
      r22835: it's useful to see how much time is remaining in this test (so we can
      r22836: started adding auto-reconnect logic to lockbench. This needs to be
      r22837: make RAW-BENCH-LOCK reconnect asynchronously when one of its servers
      r22876: - try to reconnect once per second, not continously
      r22881: show number of connected clients
      r22885: now we use kernberos more, we need to index on userPrincipalName
      r22887: and servicePrincipalName ....
      r22959: cope with a rather interesting interaction between epoll() and
      r22960: added a SOCKET_FLAG_NOCLOSE to allow us to tell the socket layer that
      r22961: use EVENT_FD_AUTOCLOSE and SOCKET_FLAG_NOCLOSE to fix up some hairy
      r22962: show progress separately for each client in RAW-BENCH-LOCK, this is
      r22963: fixed the epoll/fork interaction in the epoll and aio backends
      r22964: log an error on epoll_create failing on reopen
      r22965: changed RAW-LOCK-BENCH to remove the scheduling uncertainty. We should
      r22968: andrew bartlett pointed out that the parent process could add a fd to
      r22969: fix some more places where we could end up with more than one event
      r22970: the events code calls close(), which needs to use socket_wrapper.h in
      r22971: fix build on systems without epoll
      r22972: added the basic ldif needed to support group policies in Samba4. WinXP
      r22984: not everyone uses tridgell.net (fortunately)
      r22985: don't do checkins late at night ....
      r22988: fixed 2 bugs in our unsetenv() replacement code
      r23011: initialisation functions must return NTSTATUS, otherwise we get bus
      r23012: we need a POLICYGUID in provision
      r23013: fixed a bug in the string_replace_w() test that caused OpenBSD to die
      r23017: fixed the warning we have been getting for a long time:
      r23018: fixed a memory leak in our server side session setup code for failed
      r23019: revert r23018 - this will require more thought.
      r23020: a better fix for the memory leak - this one doesn't stuff up spnego :)
      r23021: test some boundary conditions for idtree, after I saw some suspicious
      r23029: fixed formatting
      r23030: finally fixed up our asn1 code to use better memory allocation. This
      r23031: removed bogus event_loop_once() calls in RAW-CONTEXT test - they could
      r23036: error checking on asn1_init() failure
      r23056: added automatic reconnect to RAW-BENCH-OPEN, similar to RAW-BENCH-LOCK
      r23057: only call the async recv function for the first pending receive, not
      r23058: the cldap code was getting too intimate with the internals of struct
      r23059: reject_free needs to be initialised
      r23060: use #include <roken.h> consistently. Using "roken.h" in this directory
      r23061: keep the RAW-BENCH-OPEN test balanced
      r23062: make sure one node doesn't get ahead of the others at the start
      r23090: a test showing two netlogon pipes open at once, using the LogonEx ops
      r23138: added a raw interface for SMBecho operations
      r23139: use echo operations once a second in lockbench and openbench to ensure
      r23140: send send echos while disconnected
      r23142: added error checking and reconnect on echo replies
      r23143: error found by valgrind
      r23152: fixed some async retry issues in openbench
      r23153: a first cut at a fix for the dgram flood problem that volker
      r23180: auto-reconnect on both NT_STATUS_END_OF_FILE and NT_STATUS_LOCAL_DISCONNECT
      r23181: prevent attempts to reopen the connection twice at the same time
      r23182: fixed valgrind error
      r23237: update lib/replace from ctdb
      r23238: merged transaction lock changes from ctdb
      r23301: merged from ctdb
      r23364: add LDB_FLG_NOMMAP flag
      r23519: added libcli code for fetching shadow copy information
      r23520: display shadow copy information in 'allinfo'
      r23521: NT_STATUS_OBJECT_NAME_NOT_FOUND is not an error either
      r23531: added optional latency reporting in BENCH-NBENCH. To use it, you need
      r23532: added lp_parm_double()
      r23533: added --option torture:targetrate=rate to target a particular
      r23534: honour the targetrate even for loadfiles with timestamps
      r23535: accept numeric ntstatus codes in nbench load files (ronnies wireshark
      r23696: added the create mask and related share permissions options to Samba4,
      r23697: use the file perm options in the posix backend
      r23698: fixed notify:backend so it actually works again
      r23699: when we create the global schema, remember to set the ldb opaque so we
      r23700: pre-open the sam in the parent smbd. This has the effect of loading
      r23701: when we create a new socket with socket_accept(), clear any flags that
      r23702: fixed a "falling back to select" error in the standard process
      r23792: convert Samba4 to GPLv3
      r23794: convert more code from LGPLv2+ to LGPLv3+
      r23795: more v2->v3 conversion
      r23796: main COPYING file for samba4, plus some formatting varients
      r23797: started fixing old FSF addresses. Fixed pcap2nbench COPYING file
      r23798: updated old Temple Place FSF addresses to new URL
      r23799: updated old Franklin Street FSF addresses to new URL
      r23800: LGPL is now called GNU Lesser General Public License
      r23801: The FSF has moved around a lot. This fixes their Mass Ave address.
      r23802: fixed URL in XML
      r23805: this directory is not used any more
      r23806: update Samba4 with the latest ctdb code.
      r23807: added hex_encode_talloc()
      r24274: - merge from ctdb bzr tree
      r24275: - setup the connection to the ctdb daemon
      r24276: don't mark a stream readable until after the messaging setup is
      r24283: added a dbwrap API for temporary databases, based on the one from the
      r24284: change brlock_tdb.c to use the dbwrap API. This actually makes the
      r24585: put in the right state variable when doing a SMBecho - this caused the
      r24586: same bug in RAW-BENCH-OPEN
      r24587: the elements of the array are not talloc pointers
      r24588: use the right type
      r24641: fixed several memory leaks in the brlock code
      r24642: prevent recursion with fetch_locked
      r24643: add a ctdb_fetch() function to the ctdb client code
      r24644: add a ctdb_fetch() function to the ctdb client code
      r24645: add in the ctdb dbwrap backend
      r24646: fixed the handling of case insensitive paths with wildcards
      r24647: this passes now
      r24700: added auto-reconnect to BENCH-NBENCH. Used for testing cluster
      r24765: added a RAW-HOLD-OPLOCK test. This is a manual test, meant to be used
      r24766: forgot to commit this before. It is needed as this never terminates.
      r25351: disable swig for now to get the build working
      added a syncops VFS module for filesystems which do not guarantee meta-data operations are immediately committed to disk in stable form. Essential for clustered Samba setups
      r25676: fixed a valgrind error in the epoll event backend. The linked list
      r25689: test with a non-zero size file
      r25690: - only use a readonly traverse in ldb_search when not in a transaction. When we are in a transaction then we could be in a top level modify operation (such as rename), so we must use a writeable traverse so that the async callbacks can do the modifies while the search is progressing.
      r25691: make "server role" case insensitive
      r25692: fixed another example where the free of fde and the free of the socket
      merged tdb fix from ctdb tree
      samba3 already has tdb_validate()
      merged tdb from ctdb bzr tree
      merged tdb changes from ctdb
      merged changes from v3-2-test
      merged changes from v4-0-test
      Added PFIF notice to Samba 3.2 tree
      Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into v3-2-test
      Added PFIF notice to Samba 4.0 tree
      added a offline file torture test BASE-OFFLINE
      more useful output
      this is in seconds
      added latency reporting
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-test
      merged tdb transaction fix
      merged tdb transaction fix
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-test
      make the multiplier in the RAW-OFFLINE test settable
      merge growing tdb for tdb_wipe_all() fix from ctdb
      merge growing tdb for tdb_wipe_all() fix from ctdb
      merge tdb changes from ctdb
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-test
      merge tdb changes from ctdb
      fixed up the .in side of SMB2 negprot
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-test
      added some helper functions for GUID handling
      converted the out side of SMB2 negprot handling
      converted SMB2 session setup to use WSPP protocol field names
      updated SMB2 header defines to match WSPP docs
      fixed crash when 0 dialects (thanks metze!)
      updated SMB2 tcon as per WSPP docs
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-test
      updated SMB2 create operation to match WSPP.
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-test
      missed a spot in the SMB2 create conversion
      missed another spot in the SMB2 create conversion
      Convert SMB and SMB2 code to use a common buffer handling structure
      Fixed SMB2 rename operations from Vista clients
      we need to refuse a root_fid in rename on SMB but not SMB2
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-test
      A better way to handle the different format of RenameInformation in SMB2
      updated SMB2 code for getinfo according to WSPP docs
      fixed loadparm handling in standalone tests
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-test
      add some info on running tests
      added blackbox testing for locktest
      converted locktest to use popt and cmdline utility code
      fixed masktest to use popt, and fixed the incorrect pstring conversion
      added a blackbox test for masktest
      fix typo
      make sure lp_ctx is initialised
      convert gentest to use popt and the cmdline library
      added blackbox testing of gentest
      fixed some options that could not be overridden on the command line
      remove redundent code
      fixed handling of zero sized buffers versus NULL buffers in
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-test
      fixed RAW-READ after the bufinfo changes. Thanks to Metze for spotting
      handle pushing of zero length smb2 strings
      3 places where the VFS backend doesn't handle NULL strings.
      open a root handle in SMB2 should use a NULL filename, not a zero length
      disable the EAS level in SMB2-GETINFO test until we get some feedback
      [samba-3-0-ctdb.tridge @ tridge at samba.org-20070602053809-kpw5kjkcyjs8yjbl]
      Fixed a crash bug in unixuid module on failed ID mapping
      show what type of idmapping has failed
      fill in unknown fields in SMB2 READ call
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-test
      fixed an unitialised write warning in valgrind
      fixed a valgrind error in id mapping
      make the SMB2 negotiated read and write size settable in smb.conf
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-test
      fixed popt handling on 64bit boxes in gentest
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-test
      make smb2 read and write size configurable
      use uintptr_t instead of intptr_t where appropriate
      fix the overflow/wrap checks in Samba4 for new gcc optimisation behavior
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-test
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-test
      change the default idmap range to 3M -> 4M
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-test
      fixed a double free in winbind
      merge in spec file from Michael
      fixed version in spec file
      started new vfs_smb2 module
      use a newer fsinfo level in smbclient, to support larger disks
      update some SMB2 find flags
      better match WSPP doc name for find flags
      added handlers for connect, search_first and fsinfo.
      merge build changes from Mathias
      fixed file_index reference
      fixed warning
      added SMB2 proxying for unlink
      started adding SMB2 composite functions that emulate common SMB calls
      - added a composite_wait_free() call
      declare composite_wait_free()
      build the smb2 composite calls
      private -> private_data for struct smb2_request
      added mkdir to SMB2 proxy
      Merge commit 'origin/v4-0-test' into vfs_smb2
      added SMB2 proxying of rmdir
      Merge commit 'origin/v4-0-test' into vfs_smb2
      remember the server time fields on negotiate. Needed for gentest
      added some SMB2 utility functions
      check the creation options where the client can require a path to be a
      moved these util functions into libcli
      first version of gentest_smb2. Only generates create and close so far.
      added SMB2 setpathinfo composite wrapper
      specify which server failed to deltree
      added smb2_util_setatr
      added read and write handlers. Fixed --analyse
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-test
      fixed SMB2 locking
      fixed SMB2 flush call, and added flush to gentest_smb2
      fixes to the SMB2 lock test after recent SMB2 locking changes
      badly formed SMB2 packets get NT_STATUS_INVALID_PARAMETER
      added SMB2 gentest generation of SMB2 echo packets
      fixed parsing of the SMB2 ALL_INFO qfileinfo level
      minor cleanup in SMB2 getinfo test
      added --maskindexing and qfileinfo testing
      added EAs in the generated SMB2 create operation
      added testing of SMB2 setfileinfo in gentest_smb2
      Merge commit 'origin/v4-0-test' into v4-0-test
      check for invalid file attribute values in create
      added a define for all valid file attributes
      pass in the required alignment to the EA construction routines
      added a --noeas option to gentest_smb2
      fixes for EAs and filename in gentest_smb2 results
      SMB2 read returns NT_STATUS_END_OF_FILE on read past end of file
      Merge commit 'origin/v4-0-test' into v4-0-test
      fix make test for EAs again
      allow larger streams using the TDB backend
      fill in reserved field on SMB2 flush
      check use of mincnt past EOF in SMB
      stricter checks for valid inputs in SMB2 open and lock
      remove temporary test code
      the start of a SMB2 create test suite
      don't alter the in blobs in a SMB2 create, otherwise two calls in a
      check invalid create options in the right order
      cleanup some warnings and add --skip-cleanup
      cope better with read only files in smb2_deltree
      add a mask of invalid security bits
      Vista returns ACCESS_DENIED here
      check for some more invalid bits in smb2 create
      expanded the SMB2 create testing
      SEC_STD_SYNCHRONIZE is only invalid on SMB2
      make the SEC_STD_SYNCHRONIZE test more specific
      another gentest derived test
      disable the SEC_STD_SYNCHRONIZE test until we know what it means
      it seems that lock flags are only validated when UNLOCK is set
      another attempt at the damn SEC_STD_SYNCHRONIZE flag
      added some SMB2 locking tests from gentest
      added support for the output fields of SMB2 close
      enforce lock ordering in SMB2
      re-enable some tests
      added a basic SMB2 read test suite
      ensure that we honor SMB2 read min_count properly
      fixed file_attributes test
      fixed uninitialised variable
      make sure we send a reply packet for bad create options
      fix error code for read on a directory
      fixed error code for write on a directory
      added --skip-cleanup to gentest
      added --valid option to gentest_smb2
      answer SMB2_ALL_EAS qfileinfo
      add exceptions for some of the strange windows SMB2 locking behaviour
      expanded the SMB2-READ test, including the windows position bug
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-test
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-test
      added support for all of the known SMB2 create tags in our client
      expose a function for pushing all SMB2 create blobs
      implement the documented SMB2 create blobs in the server
      added testing of SMB2 create blobs
      ensure we don't change the incoming blobs in a SMB2 create
      added some of the new SMB2 create tags to gentest_smb2
      test unknown tags and bad tag lengths
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-test
      added a newline at the end of the IDL
      add testing of creating a file with an initial ACL on SMB2
      don't allow a file to be changed to a directory with setfileinfo
      generate security descriptors in gentest_smb2
      added testing of some strange read semantics on windows
      check that we can't change a file to a directory
      updated comment based on MS-SMB2 docs
      SMB2 doesn't have NAME_INFORMATION level
      added --noacls options and checking for same mismatch in backtracking
      fixed create_action for truncated files
      fixed current_op.mismatch for more cases
      check the set of file attributes which are ignored
      fixed offset for maximal access response
      SEC_FILE_READ_ATTRIBUTE is only automatically granted on SMB, not SMB2
      querying the ACCESS_INFORMATION is always allowed
      added support for returning the maximal access MXAC tag in SMB2 create
      test the maximal access return
      check maximal_access here too
      fix from WSPP SMB2 test 11
      fixed the error code for bad SMB2 ioctls
      merged gentest.c and gentest_smb2.c
      don't mask out SEC_FILE_READ_ATTRIBUTE on SMB2
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-test
      don't emulate broken SMB2 locking behaviour from windows
      the docs shows that this is a o16s32 blob
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-test
      fixed a segv in the python messaging code on 64 bit systems
      two more places where the wrong type is passed to PyArg_ParseTupleAndKeywords()
      implemented client side SMB2 signing
      more useful output in scan
      check for requested buffer size in getinfo call
      fixed a warning
      updated some info levels based on WSPP docs
      smbpid needs to be 32 bit now to cope with SMB2
      smbpid is 32 bit, and update SMB2 locking per MS-SMB2
      remove unused macros
      remove a pstring
      more updates for new info levels
      it is not valid to set a UNLOCK flag on a lock request
      setpassword should be executable
      SMB2 signing now works. The spec was wrong (and will be fixed in the
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-test
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-test
      copied the Heimdal sha256 functions into lib/crypto to avoid a link
      fixed SMB2-LOCK test for new semantics (from docs)
      another SMB2-LOCK fix now that we know that the UNLOCK flag is only
      ensure we don't end up with a partially initialised EA structure
      handle NULL fields in blob comparison
      added server side SMB2 signing
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-test
      fixed mandatory signing
      make signing per session in the SMB2 client library
      fixed for per session session_key here too
      Change our module code to not use the special symbol name init_module()
      make parametic options case insensitive
      fixd a bug in the signal handling code - we could get phantom signals
      fixed spelling error
      make sure we initialise query_maximal_access
      initialise query_maximal_access here too
      we can't query the ACL on a new file till it exists!
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-test
      fixed a fd leak when trying to regain contact to a domain controller
      fixed permissions on ctdb databases
      ensure we give an error code to any routines above that are looking
      I found lots of places where we assume error will be set when calling
      update configure.rpm for clustered Samba usage
      keep compatibility with v3-0-ctdb name for fileid:mapping option
      got rid of the redundent cache database
      first cut at adding full transactions for ctdb to samba3
      cleanup debugging and fix handling of empty transaction
      samba3 can't handle NOREPLY yet
      fixed fetch of empty records
      use transactions in idmap_tdb2
      all persistent databases now do all stores via automatic transactions
      removed more unused code
      we need to commit, not cancel, on record destruction
      put a limit on the number of retries. I found a case where a recovery
      mark this release as a transactions test release
      handle two special cases
      up release number
      cope with the control failing completely without returning a status
      don't leave a dangling transaction on retry error
      fixed lots of places that paniced on a failed transaction_commit,
      up release to transactions3
      use CTDB_CONTROL_TRANS2_COMMIT_RETRY to prevent the counter getting
      drop retries to 5
      update to transactions4 release
      update to ctdb.42 release
      allow nested ctdb transactions in the same manner that they are
      increase version to 43
      update configure.rpm
      register the ctdbd reconfigure message
      log unclean shutdowns
      fixed child exit handling and IP release handling
      ensure we exit with non-zero status on EOF on socket, so the parent
      added a explanatory comment on tcon check
      up to release 44
      disable the DNS update code, as it breaks clustering
      up to release 45 now
      up release to 46
      cope with not knowing the kdc key
      cope with arbitrary unknown pac buffer types, so when MS adds
      expanded the SMB2-CREATE and RAW-OPEN tests to explore more of how the
      added some comments at the request of a frustrated abartlet
      added a LDB_ATTR_FLAG_FIXED so the schema module can mark attributes
      Merge commit 'origin/v4-0-test' into v4-0-test
      don't overwrite fixed attributes with @ATTRIBUTES
      fixed error handling in ANR code
      fixed a problem with length limited ldap values
      Merge branch 'abartlet-4-0-local' into v4-0-test
      fixed a speellling erra
      fixed the GUID and objectSID canonicalisation functions
      Merge commit 'origin/v4-0-test' into v4-0-test
      fixed the DomainDNS searches in the netlogon code
      now that ldap integers are 32 bit, we need to put the right 32 bit
      disable the anr== tests until they are understood
      don't use zero data for the first file in RAW-OFFLINE
      show the bad data in RAW-OFFLINE
      fixed the data in SAVEFILE op in RAW-OFFLINE
      fixed tsmsm_sendfile(). The logic was totally broken.
      fixed an errno handling bug that could lead to an infinite loop
      Avoid a race condition in glibc between AIO and setresuid().
      become root for AIO operations
      EINVAL is also a valid error return, meaning "this filesystem
      Handle arbitrary new PAC types
      ldb: Fix permissions of group_mapping.ldb.
      added a simple script for setting password expiry
      Add a setexpiry operation in samdb.py
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-test
      Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-test
      added some debug code
      fixed readonly handling in deltree
      fixed a memory error in change notify handling in gentest
      added FULL_EA_INFORMATION setea call
      test setinfo FULL_EA_INFORMATION in gentest
      Merge branch 'master' of ssh://git.samba.org/data/git/samba
      fixed problem with ACLs with an empty DACL list
      stricter checking of SMB2 echo body (per the spec)
      fixed error code for bad keepalive
      support NT_STATUS_XX:NT_STATUS_YY syntax in ignore files
      fixed uninitialised variable bug
      fixed setpathinfo in gentest to not zero the filename/handle
      check error code for zero desired_access in SMB2 create
      be friendlier in smb2_deltree to some of the SMB2 implementations that
      added the structure for LINK_INFORMATION setfileinfo call
      - use the current dialect first, for servers that only look at the
      - SMB2 uses INVALID_PARAMETER not BUFFER_TOO_SMALL for buffer size
      zero access mask should give ACCESS_DENIED
      the offset is 16 bits in SMB2 fileinfo
      check for a 0 byte in the buffer in SMB2 read
      cope with body_size zero in SMB2 receive
      log stream termination
      record highest seq number in SMB2 to check for seqnum going backwards
      - add reserved field in basic_information level
      for use in python we need to use global_loadparm
      we should terminate the connection on a bad negprot packet size
      empty access mask is only denied on SMB2
      fixed expansion of $USERNAME in signing tests
      we need different error handling for truncated packets in NETPROT and
      fixed segv on startup with trusted domains
      removed unused variables
      fixed a segfault on the ctdb destructor code
      fixed an (unlikely) memory leak
      re-added "winbind:ignore domains" patch
      make the schannel creentials persistent
      added some more well known SIDs - thanks to the WSPP LSAT test suite
      unmapped SIDs should be rid 0 not rid -1
      we need to return NT_STATUS_INVALID_PARAMETER for bad levels in
      WSPP docs say we need to check that root_dir is NULL
      added new level for lsalookupnames2
      return a more useful error message when no name resolution methods are
      setup the loadparm context for ldb in testjoin
      merged a bugfix for the idtree code from the Linux kernel. This
      The author of the upstream code asked for this code to be GPLv2+ not GPLv3
      - make bcast name resolution match other name resolution modules for
      cope with NULL attr
      check call status not rpc fault code when calling to different levels
      Merge branch 'master' of ssh://git.samba.org/data/git/samba
      fixed a number of places in our LSA server where we should return the
      handle NULL strings in strchr_m() and strrchr_m()
      add a test for a LSA lookupnames with a NULL string
      we need to listen on all interfaces in the CLDAP server as the windows
      fixed a talloc error in the rpc handle desctructor - destructors
      fixed the sense of ldb base dn comparisons in two places, and use a
      fixed the partition module and the GC handling
      Merge commit 'master/master'
      fixed the ldb blackbox test to work with non-bourne shells (as needed
      expanded the netlogon test to better simulate the WSPP NRPC test that
      updated the LSA and NETLOGON servers with fixes resulting from the AD
      Merge branch 'master' of ssh://git.samba.org/data/git/samba
      removed some debug lines I left in the last commit
      remove dependencies on my home domain
      use glibc sys/inotify.h header
      use glibc sys/inotify.h header
      added a new charset for string2key
      Merge branch 'master' of ssh://git.samba.org/data/git/samba
      finished adding UTF16_MUNGED charset
      use the new CH_UTF16_MUNGED charset for utf16 password buffers
      we need to remove the pidl Makefile on "make clean" to handle upgrades
      don't give errors when an empty modules list is given to ldb
      fixed options argument to ldb connect in python
      Merge branch 'master' of ssh://git.samba.org/data/git/samba
      Merge branch 'master' of ssh://git.samba.org/data/git/samba
      make tdbbackup use transactions
      imported the tdb_repack() code from CTDB
      use transactions in ldbadd, ldbmodify and ldbedit
      repack the ldb after re-indexing
      an experimental patch for fixing ldb bloat
      Merge branch 'master' of ssh://git.samba.org/data/git/samba
      added support for stream renames in Samba4
      fixed two problems with the DsRGetDCNameEx2 call, as used by
      added a workaround to the handling of unicodePwd for Win7-beta
      fixed some of the TLS problems
      Worked around a problem with select/poll/epoll and gnutls
      added a missing linefeed
      fixed the event context for net vampire
      Merge branch 'master' of ssh://git.samba.org/data/git/samba
      added a test that triggers a bug in the Samba3 notify code
      fixed a bug in message handling for code the change notify code
      removed leading spaces from embedded ldif
      fixed more embedded spaces in LDIF
      use a base64 encoded password when changing passwords
      added support for parentGUID
      Merge branch 'master' of ssh://git.samba.org/data/git/samba
      fixed a logic bug in the tevent nesting code
      use the tevent nesting code to avoid the uid problem in the VFS
      flush after showing the prompt in smbclient
      Merge branch 'master' of ssh://git.samba.org/data/git/samba
      Merge branch 'master' of ssh://git.samba.org/data/git/samba
      Merge branch 'master' of ssh://git.samba.org/data/git/samba
      the start of a possibleInferiors test suite
      Merge branch 'master' of ssh://git.samba.org/data/git/samba
      fixed possibleinferiors.py so it matches windows behaviour
      Merge branch 'master' of ssh://git.samba.org/data/git/samba
      added a --wspp option
      Merge branch 'master' of ssh://git.samba.org/data/git/samba
      Merge branch 'master' into wspp-schema
      added basic testing of tdb_transaction_prepare_commit() in tdbtorture
      Merge branch 'master' of ssh://git.samba.org/data/git/samba
      up the version to 1.1.4 with the addition of
      added support for a prepare_commit() op in ldb modules
      use the prepare_commit op in the partition code
      change ldb version number (as ldb_module structure has changed)
      Merge branch 'master' into wspp-schema
      possibleInferiors is a generated attribute - we can't pull it over DRS
      Merge commit 'master/master' into wspp-schema
      major upgrade to the ldb attribute handling
      Merge commit 'abartlet/wspp-schema' into wspp-schema
      added a str_list_append() function
      fixed internal handling of attribute deletion
      don't load @ATTRIBUTES if we have an override handler in place
      first cut at a C version of the possible inferiors code
      added str_list_unique() and str_list_show()
      hook the new possibleInferiors calculation into the schema
      slightly nicer output in our possibleInferiors test code
      fixed the possibleInferiors calculation so it now passes the test
      we should not be supplying a generated attribute in our schema
      added _const versions of some of the str_list_*() functions
      make the memory usage of possibleInferiors much more efficient
      enable testing of possibleInferiors generation
      Merge branch 'wspp-schema'
      cope with lanman auth being disabled in old password change code
      fixed the client side password change code
      fixed interpretation of ACB_PWNOTREQ
      added some more speed tests to tdbtool
      Merge branch 'master' of ssh://git.samba.org/data/git/samba
      Merge branch 'master' of ssh://git.samba.org/data/git/samba
      use domain_dn not ncname
      make TDB_NOSYNC affect all the fsync/msync calls in transactions
      enable one-level indexing in sam.ldb
      fixed one-level indexing
      a useful debugging tool
      Merge branch 'master' of ssh://git.samba.org/data/git/samba
      fixed tdbbackup to give tdb error messages
      Merge branch 'master' of ssh://git.samba.org/data/git/samba
      Merge branch 'master' of ssh://git.samba.org/data/git/samba
      when comp_num is zero, the case folded DN is always ""
      auto-repack in transactions that expand the tdb
      overallocate all records by 25%
      fix uninitialised use of samctx
      added support for unique indexing in ldb
      mark samAccountName, objectGUID and objectSID as unique indexed
      we don't need the unique checks in the samldb code now
      use the unique flag on ldb attributes to optimise & clauses
      Merge branch 'master' of ssh://git.samba.org/data/git/samba
      add gendb_search_single_extended_dn()
      fixed ldb rename now that we have unique indexes
      changed the auth path to use extended DN ops to avoid non-indexed searches
      fixed handling of change notify buffer overruns
      fixed socket wrapper to determine family from the right structure
      work around conflict in pidfile() prototype for heimdal on NetBSD5
      try to get PICFLAG right for HP-UX with gcc
      It seems that IRIX doesn't have IOV_MAX
      fixed server side sorting of case-insensitive strings
      fixed server side sort control
      added asn1 functions for handling booleans in a simple context
      fixed the encoding/decoding of the reverse attribute for server side sort
      fixed some places where RPC-SECRETS needs to be changed to RPC-LSA-SECRETS
      always enable RPC debugging with a debug level >= 100.
      avoid crashes in ndr_print_*() calls
      two more NT status codes that we get on DRS with w2k8-R2
      Revert "avoid crashes in ndr_print_*() calls"
      added a sample script for the "idmap script" option
      added some basic documentation for the idmap script option
      fixed rpc smb code to not reply on talloc_free being a function pointer
      fixed the use of talloc_steal in ntlmssp_server
      removed a redundent talloc_steal
      fixed the reference to the global_schema
      use a talloc_unlink() as ops may have a reference
      fixed use of reference in pytalloc
      py_talloc_import now uses a steal, so this free is incorrect
      use py_talloc_reference instead of py_talloc_import
      another case that should use py_talloc_reference
      A rather strange varient of talloc_unlink
      gensec_start now steals the auth_context
      changes to remove the ambiguity in talloc_free() and talloc_steal()
      use the new talloc_reparent in two places
      use a talloc_reparent in a very ugly way
      removed a generated file
      a talloc_realloc() to zero size needs to use an unambiguous free
      fixed the talloc testsuite for the recent changes
      LDB_ERR_INVALID_DN_SYNTAX doesn't exist ...
      the settings structure needs to be initialised
      fixed the pull of drs schema elements
      change talloc to 2.0.0
      decrypt all objects in a DRS record, not just the first one
      we can't use the unique index code for samAccountName
      show attribute values in sorted order to make comparison easier
      fixed support for readx greater than 64k
      Merge branch 'master' of ssh://git.samba.org/data/git/samba
      added a uid_wrapper library
      make the UID_WRAPPER skip checks at runtime
      skip the readbraw tests if the server does not support it
      fixed the sense of the pvfs_acl uwrap check
      s4 now supports the large readx extension
      fixed a uid_wrapper bug that caused a segv in the RAW-ACLS test
      handle large directories in smb2_deltree()
      fixed a problem with group policy writes causing policy corruption
      on buffer overflow windows gives SMBSRV:ERRerror here
      changed BCC handling for SMBwriteX to handle broken MacOSX client
      define uwrap_enabled() on Samba3
      set uidwrappersrcdir
      deliberately break the build
      Revert "deliberately break the build"
      make sure we never look past the end of either string in ldb_comparison_fold()
      fixed several places that unnecessarily take a reference to the event context
      use talloc with the global schema consistently
      prime the sam ldb schema in the parent samba process
      ensure that child tasks die when the parent dies
      fixed another ambiguous talloc call
      print server log on stderr as well as to log file
      Allow selection of the samba4 process model for 'make test'
      raise the debug level for a common message
      no need to shout about getting an oplock
      when we get an NDR error in the logs, it is useful to know where it happened
      try to give some hint as to what is causing NDR string errors
      fixed TESTS= in make test to allow multiple tests
      fixed the updateNow schema test to use a canonical OID
      make sure we update the current schema->prefixes when we add a new prefix
      fixed up some provision errors from the recent changes
      skip the autoidl test
      more fixups from provision changes
      fixed up add_foreign again
      sigh - still not right
      fixed the build
      fixed make test reporting success when provision fails
      we need the Deleted Objects container for replication
      added basic support for rename in DRS replication
      fixed getpass m4
      make lib/replace more usable in standalone builds
      updated talloc guide for recent API changes
      added talloc_set_log_* documentation
      updated XML source for talloc man page
      LIBREPLACEOBJ now contains the full path
      fixed typo in talloc doc XML
      note the semantic change in talloc_free from 2.0
      fixed a double free bug on error in net export
      fixed DRS rename of deleted objects
      added ldb_ldif_message_string()
      fixed spelling
      add a ref to the WSPP docs
      Wrap DRS changes in a transaction
      Display ldif formatted versions of all DRS changes at log level 4
      don't allow two controls to be added with the same OID
      change the dsdb_control_current_partition to not include internal variables
      add the partition_control control to replication requests
      added ldb_cmdline_help()
      use ldb_cmdline_help() in ldbsearch
      wrap the entire vampire operation in a transaction
      move the repl_meta_data module up the ldb module stack
      s4:dsdb rewrite the linked_atrributes code to commit in the end_transaction hook
      repl_meta_data should only be included when we are a DC
      traverse the ac list in reverse order
      show the full set of command line options for ldb tools
      support config files in the current directory
      fix the ndr print routines for samba4
      added dsdb_find_dn_by_guid()
      tell the server that we support linked attribute replication
      add the the linked attributes elements to the repl structure
      fixed transaction handling in linked_attributes module
      change repl_meta_data to process linked_attributes structures in end_transaction
      allow setting of the debug level in python from C
      added dsdb_find_guid_by_dn()
      always use prepare_commit in ldb transaction commits if possible
      show more reasonable object counts during a vampire
      greatly simplify the transaction processing in the partition module
      hook on prepare_commit instead of transaction_end
      another large change to the linked_attribute module
      report the location of the original talloc_free on double free
      s4: fixed a missing NULL termination in a attribute list passed to ldb_search
      ldb: ensure we cancel a ldb transaction
      ldb: make ldb module programming less error prone
      s4:python  fixed subunit tests of dcerpc
      s4: the secrets.ldb module needs the loadparm opaque setup
      s4: fixed the secrets.ldb construction in libnet
      s4: bring nsupdate-gss into the s4 tree
      s4:nsupdate-gss allow forcing of the realm
      s4:setup_dns.sh fixed the update of the GUID CNAME
      s4: fixed some shadowed variable warnings
      s4: removed an unused variable
      s4: fixed a unsigned printf warnings
      s4: 'index' is a libc function
      s4/ldb: fixed spelling
      s4: implemented server side of DSUpdateRefs call
      s4: fixed updaterefs options bitmap
      s4: added the structure for repsTo
      s4: commit generated DRS changes
      s4/ldb: added --show-binary command line option
      s4/ldb: don't line wrap ldif when --show-binary is used
      s4/ldb: expose the ldb flags with ldb_get_flags()
      s4/ldb: added ldif handler for repsFrom/repsTo
      s4/ldb: allow printing ntSecurityDescriptor in full
      s4/ldb: allow prefixMap to be shown as NDR
      s4/ldb: support NDR printing for 2 more replication types
      s4: allow repl:RODC=true/false to set ourselves as a RODC
      s4: fixed format of repsTo in samdb
      s4/repl: added refresh of repsTo
      s4/repl: implement DsReplicaSync
      s4:drs split addentry and getncchanges into separate files
      s4:drs level_out is a pointer
      s4/drs: broke out the core of the getncchanges code
      s4:drs match the meta_data and attributes array
      s4/vampire: fixed i/j index mixup in vampire code
      s4/drs: when we don't find an attribute use zero values
      s4/drsuapi: tech the IDL about some more key attribute names
      s4/schema: don't crash if we don't have subClassOf
      s4/schema: teach the schema_syntax code how to encode/decode more attributes
      s4: regenerate drsuapi IDL
      s4/torture: don't mix declarations and code
      s4/provision: another fix for breakage from b1dabb1133
      s4: fix spelling
      s4/drs: correctly fill in the GUID of DRS objects
      s4/drs: changed the UpdateRefs server to use the dn instead of the GUID
      libcli: added a drsuapi attribute encryption function
      s4/repl: give a useful error message if we can't decode an object
      s4: kludge_acl needs to be above repl_meta_data
      s4/drs: enable attribute encryption
      s4/torture: fixed lots of crash bugs in the DRS tests
      s4/libcli: when we get a DNS lookup failure show the name
      s4/drs: parentGUID needs to be specififcally asked for
      s4/provision: add the nTDSDSA GUID based DNS entries and SPNs
      s4-drs: add the magic DRS SPNs on AddEntry
      s4-drs: actually call the new drsuapi_add_SPNs() code
      s4-provision: use DNS name, not domain name
      s4-ldb: don't remove a message element beyond the end of the array
      s4-repl: don't add the RDN if it is already there
      s4-repl: on every ldb modify we need to update replPropertyMetaData
      s4-idl: added the IDL for the DsReplica* calls
      Merge branch 'master' of ssh://git.samba.org/data/git/samba
      s4-repl: don't update replPropertyMetaData for non-replicated attributes
      s4-kcc: add a very simple KCC
      s4-idl: added the IDL for the DsReplica* calls
      s4-repl: don't update replPropertyMetaData for non-replicated attributes
      s4-kcc: add a very simple KCC
      Merge branch 'master' of /home/tridge/samba/git/combined
      Merge branch 'master' of /home/tridge/samba/git/combined
      s4-repl: refresh the partitions on each cycle
      s4-provision: revert _gc_tcp priority
      s4-drs: fixed the ldap SPN in AddEntry
      s4-vampire: cope with no invocationID when vampiring the schema
      Merge branch 'master' of /home/tridge/samba/git/combined
      s4-kcc: we should only add to the repsFrom if it doesn't already exist
      s4-repl: we should only update uSNChanged when replication data changes
      s4-repl: use common functions to simplify updaterefs.c
      s4-drs: fixed the cursor generation to always be filled in
      Merge branch 'master' of /home/tridge/samba/git/combined
      s4-kcc: we should only add to the repsFrom if it doesn't already exist
      s4-repl: we should only update uSNChanged when replication data changes
      s4-repl: use common functions to simplify updaterefs.c
      s4-drs: fixed the cursor generation to always be filled in
      Merge branch 'master' of /home/tridge/samba/git/combined
      s4-samdb: internal s4 ldb modules should be GPL not LGPL
      s4-repl: don't be too eager to allocate new sequence numbers
      s4-drs: spelling fix, and simpler search expression
      s4-drs: return objects with uSN > highest_usn
      s4-drs: also fill in tmp_highest_usn
      Merge branch 'master' of /home/tridge/samba/git/combined
      s4-ndr: fixed memory leaks in ndr_pull_*_blob()
      s4-repl: fixed memory leaks
      s4-drs: change debug level
      s4-samdb: make it possible to ask for the sequence number of a partition
      Merge branch 'master' of /home/tridge/samba/git/combined
      s4-scripts: allow setup_dns.sh to take a PRIVATEDIR
      Merge branch 'master' of /home/tridge/samba/git/combined
      ndr: added --ndr64 flag to ndrdump
      idl: added DsExecuteKCC IDL
      idl: rebuild drsuapi.idl
      idl: added DRS GetNCChanges level 10
      s4-repl: keep a @REPLCHANGED object on each partition
      s4-sam: allow a search to specify a partition
      s4-dsdb: added dsdb_load_partition_usn and dsdb_save_partition_usn
      s4-repl: use the new dsdb partition uSN helper fns
      s4-drs: fixed search expression
      s4-repl: added a preiodic notification check to the repl task
      s4-repl: fall back to repsFrom if repsTo not set
      s4-repl: fixed a memory error handling linked attributes
      s4-drs: allow replication of renames
      s4-repl: handle rename in repl_meta_data
      Merge branch 'master' of /home/tridge/samba/git/combined
      s4-repl: add a debug to make it easier to monitor replication
      talloc: when we enable NULL tracking, reparent the autofree context
      s4-ldb: cope better with corruption of tdb records
      s4-dsdb: use DLIST_ADD() not DLIST_ADD_END()
      Merge branch 'master' of /home/tridge/samba/git/combined
      s4-repl: add a debug to make it easier to monitor replication
      talloc: when we enable NULL tracking, reparent the autofree context
      s4-ldb: cope better with corruption of tdb records
      s4-dsdb: use DLIST_ADD() not DLIST_ADD_END()
      s4-repl: make sure we marshal the replPropertyMetaData after the last change
      s4-drs: filter based on local_usn
      Merge branch 'master' of /home/tridge/samba/git/combined
      tdb: allow reads after prepare commit
      s4-repl: don't do double replication
      s4-ldb: expose ldb_transaction_prepare_commit() in ldb
      s4-ldb: ldap attribute names can contain a '.'
      Merge branch 'master' of /home/tridge/samba/git/combined
      s4-libnet: use updated dsdb commit function
      Merge branch 'master' of /home/tridge/samba/git/combined
      s4-repl: add a debug to make it easier to monitor replication
      talloc: when we enable NULL tracking, reparent the autofree context
      s4-ldb: cope better with corruption of tdb records
      s4-dsdb: use DLIST_ADD() not DLIST_ADD_END()
      s4-repl: make sure we marshal the replPropertyMetaData after the last change
      s4-drs: filter based on local_usn
      tdb: allow reads after prepare commit
      s4-repl: don't do double replication
      s4-ldb: expose ldb_transaction_prepare_commit() in ldb
      s4-ldb: ldap attribute names can contain a '.'
      Merge branch 'master' of /home/tridge/samba/git/combined
      s4-repl: add a debug to make it easier to monitor replication
      talloc: when we enable NULL tracking, reparent the autofree context
      s4-ldb: cope better with corruption of tdb records
      s4-dsdb: use DLIST_ADD() not DLIST_ADD_END()
      s4-repl: make sure we marshal the replPropertyMetaData after the last change
      s4-drs: filter based on local_usn
      tdb: allow reads after prepare commit
      s4-repl: don't do double replication
      s4-ldb: expose ldb_transaction_prepare_commit() in ldb
      s4-ldb: ldap attribute names can contain a '.'
      Merge branch 'master' of /home/tridge/samba/git/combined
      s4-security: added a new security level SECURITY_DOMAIN_CONTROLLER
      s4-drs: lock down key DRS calls
      Merge branch 'master' of /home/tridge/samba/git/combined
      s4-rpc: added a module for forwarding RPC requests
      s4-repl: take advantage of async RPC forwarding
      Merge branch 'master' of /home/tridge/samba/git/combined
      s4-dsdb: treat uSNHighest as 0 if @REPLCHANGED doesn't exist
      Merge branch 'master' of /home/tridge/samba/git/combined
      Merge branch 'master' of ssh://git.samba.org/data/git/samba
      s4-repl: raise a debug level
      Merge branch 'master' of /home/tridge/samba/git/combined
      s4-dsdb: treat uSNHighest as 0 if @REPLCHANGED doesn't exist
      s4-repl: raise a debug level
      Merge branch 'master' of /home/tridge/samba/git/combined
      libreplace: added likely()/unlikely() macros for gcc
      util: use likely/unlikely for NT_STATUS_* macros
      ndr: added support for NDR64
      s4-rpc: added NDR64 support
      s4-pidl: add support for NDR64
      idl: recompile our IDL
      ndr: split out ndr enum functions
      ndr: num_auths is an array size, thus a uint3264
      ndrdump: fixed help
      s4-sam: add a note about the solaris client
      idl: regenerate IDL for NDR64 changes
      Merge branch 'master' of /home/tridge/samba/git/combined
      libreplace: added likely()/unlikely() macros for gcc
      util: use likely/unlikely for NT_STATUS_* macros
      ndr: added support for NDR64
      s4-rpc: added NDR64 support
      s4-pidl: add support for NDR64
      idl: recompile our IDL
      ndr: split out ndr enum functions
      ndr: num_auths is an array size, thus a uint3264
      ndrdump: fixed help
      s4-sam: add a note about the solaris client
      s3-rpc: samba3 needs the DCERPC_NDR64 define
      talloc: don't crash if f is NULL in talloc_report_*
      Merge branch 'master' of /home/tridge/samba/git/combined
      s4-drs: cope with dupliate linked attributes
      Merge branch 'master' of /home/tridge/samba/git/combined
      s4-kdc: ignore unknown keytypes
      s4-server: kill main daemon if a task fails to initialise
      s4-pipes: convert pipe names to lowercase and validate
      s4-resolve: fixed a crash bug on timeout
      s4-netlogon: implement dcesrv_netr_DsRAddressToSitenamesExW
      pidl: update expected output for NDR64 changes
      s4-rpc: remove some unnecessary #include lines
      s4-rpc_server: removed remaining unnecessary #includes
      s4-testparm: fixed -v option
      s4-smbd: minimise includes in smbd/ and smb_server
      s4-scripts: make minimal_includes handle our -I overrides
      s4-smbd: removed unnecessary includes
      tdb: increase minor version
      more include minimisation
      s4-ldb: bump minimum version in ldb too
      s4-repl: need param.h for lp_parm_bool
      s4-ldb: display an error if we can't decode a NDR blob
      s4-drs: security checking on DRS needs to default to on
      s4-auth: add SID_NT_ENTERPRISE_DCS is a server trust account
      talloc: fixed talloc_disable_null_tracking()
      s4-selftest: disable RPC-COUNTCALLS
      s4-selftest: disable RAP-SCAN test
      s4-dsdb: fixed a printf format warning
      s4-ldb: add support for extended DNs in the rootDSE
      s4-ldap: default edn type is 0
      s4-ldb: add a LDB_FLG_ENABLE_TRACING for full ldb tracing
      s4-ldb: add --trace command line option to ldb tools
      s4-schema: don't trace the schema load (too verbose)
      s4-samdb: enable ldb tracing when log level >= 10
      s4-ldb: fixed O(n^2) string handling in ldif debug print
      s4-ldb: bit prettier output
      s4-ldb: don't show timestamps on every line of ldb traces
      s4-ldb: only show the outer level of ldb ops when tracing
      s4-rpc: remove two unused functions
      s4-rpcserver: run all RPC operations in a single task
      s4-rpcserver: added shared association groups
      s4-lsa: added support for QuerySecurity on LSA
      s4-rpcserver: added support for shared handles
      s4-torture: add some debug info to RPC-HANDLES
      s4-util: windows only accepts lowercase hex encodings for extended DNs
      s4-ldbmodules: allow instanceType to be specified by clients
      s4-ldb: when tracing, show ldb_set_debug messages
      s4-ldb: added a bunch more debug for DC join
      s4-ldb: fixed call argument order for ldb_dn_from_ldb_val
      s4-ldb: server side sort args are const char *
      s4-drsserver: sort by DN to give tree order
      s4-nbt: added NBT_SERVER_DNS_FOREST
      idl: fixed string termination for netlogon GetDomainInfo
      s4-cldap: return domainFunctionality from SAM
      s4-netlogon: make GetDomainInfo response match w2k8
      regenerate IDL
      s4-netlogon: always set the dNSHostName in GetDomainInfo
      s4-drs: ignore zero value elements in DRS add operations
      fixed spelling
      s4-drsserver: fixed addition of sort control
      s4-dsdb: added dsdb_find_sid_by_dn()
      s4-dsdb: cope with windows sending extra pad bytes
      s4-drs: fill in more guids and SIDs, plus filter rDN
      s4-libnet: avoid a steal with references error
      s4-libnet: allow the functional level of becomeDC to be specified
      s4-drs: add SHOW_DELETED control on dsdb utility calls
      s4-drs: include deleted objects in getncchanges reply
      s4-drs: fixed the size of DN binary blobs on the wire
      s4-ldb: add instanceType in repl_meta_data module
      s4-ldb: sort replPropertyMetaData by attid
      s4-drs: add defines for replication flags on attributes
      s4-drs: regenerate IDL after ndr size change
      s4-drs: el may not be a talloc pointer
      s4-drs: fixed sorting of replPropertyMetaData
      libds: fixed spelling error
      s4-acl: fixed SD creation
      s4-dsdb: make dsdb_search_dn_with_deleted public for repl_meta_data module
      s4-dsdb: ask for an extended DN in dsdb_find_dn_by_guid()
      s4-repl: use GUID to resolve target in linked attributes
      s4-samdb: free the linked_attributes list on prepare commit failure
      s4-repl: free the la list on prepare commit failure
      s4-samdb: when UF_SERVER_TRUST_ACCOUNT is set mark object as critical
      s4-ldap: fixed spelling
      s4-drsutil: allow NULL filter
      s4-dsruapi: plugfest updates
      s4-drsuapi: state variable for getncchanges
      s4-drs: removed debug code that replicated a maximum of 10 objects at a time
      s4-dsdb: fixed searching for GUID based DNs between partitions
      s4-dsdb: update replPropertyMetaData on linked attribute source attributes
      s4-dsdb: removed extraneous debug messages
      s4-libnet: fixed debug formatting
      s4-make: add libds to etags/ctags source list
      s4-dsdb: don't return the partition root objects
      s4-kcc: remove stale repsFrom entries in kcc run
      s4-kcc: fixed corruption of repsFrom records by kcc
      pidl: added union padding for NDR64
      idl: ntsvcs.idl depends on misc.idl, not winreg.idl
      idl: use common netlogon bit definitions
      s3-ads: removed 3 unused defines
      ds-flags: use the new name DS_DNS_FOREST_ROOT
      s4-cldap: match w2k8-r2 for cldap netlogon bits
      s4-ldb: Add support for binary blobs in DNs
      s4-ldb: accept the binary DN OIDs in extended DN modules
      ndr64: added support for trailing gap alignment
      s4-libnet: give sane error messages when functional levels don't match
      idl: rebuilt the IDL for the build farm
      s4-samr: fake up a samr_ValidatePassword response
      s4-torture: added a very simple samr ValidatePassword test
      pid: update ndr testsuite for new union alignment
      pidl: fixed unit tests for trailer alignment
      s4-pygensec: a bit closer to working
      s4-test: skip python gensec test until its finished
      s4-samdb: added some debugging
      s4-samldb: the samldb module requires that the primary group exists
      s4-ldb: overallocate idxptr to reduce memory fragmentation
      s4-ldb: fixed a memory leak
      s4-winbind: support the Samba3 TXT form of the info3 for wbinfo -a
      s4-winbind: support the s3 response flags on krb5 auth too
      Revert "s4-ldb: fixed a memory leak"
      Revert "s4-ldb: overallocate idxptr to reduce memory fragmentation"
      Revert "s4-ldb: merged with master"
      Revert "s4:ldb Remove LTDB_PACKING_FORMAT_NODN"
      Revert "s4:ldb always talloc_free() the ldb_ldif_write context, even on success"
      Revert "s4:ldb Fix ldb_list_find() folowing the change from char * to TDB_DATA"
      Revert "s4:ldb-samba Use temp talloc contexts and talloc_steal avoid leaks."
      pidl: added int3264 as a base type
      idl: some lsa vars are uint3264
      ndr: rebuild lsa IDL after recent change
      s4-seftest: skip hold.oplock for SMB2 as well
      s4-repl: added RELAX control and fix transactions
      s4-ldb: fixed error on single value error
      s4-drs: open samdb with system credentials when authorised
      s4-drs: fixed error message for drs_security_level_check
      s4-drs: take advantage of system session auth in dsbind
      s4-drs: added some debug lines to DsAddEntry()
      s4-provision: match win2003 functional level
      pidl: get the alignment right for uint1632 enums (NDR64)
      idl: recompile IDL for uint1632 change
      pidl: update PIDL tests for uint1632 enums
      tdr: teach TDR about uint1632 enums
      s4-torture: removed an accidental commit of a local test hack
      torture: disable the ValidatePassword test
      s4-drs: fixed a memory error introduced yesterday
      Merge branch 'master' of ssh://git.samba.org/data/git/samba
      s4-drs: make DsBind a bit less verbose
      scripts: handle non-C files in minimal_includes.pl
      torture: fixed socket leak in BENCH-TCON test
      s4-selftest: don't run benchmarks on the build farm hosts
      pidl: don't warn for compatible scalar types in unions
      Merge branch 'master' of ssh://git.samba.org/data/git/samba
      s4-repl: check that a DsGetNCChanges is a continuation, and fix sorting
      s3: Fix vfs_shadow_copy2 to allow in-path @GMT-xxx
      idl: added WSPP DrsOptions bit names
      libds: added nTDSDSA options flags
      s4-dsdb: added samdb_rodc() and samdb_ntds_options()
      drs: improved error checking
      ldb: fixed display of replUpToDateVector
      s4-drs: implement more of DsUpdateRefs
      s4-drs: support DRSUAPI_DRS_ADD_REF flag
      s4-devel: for devel scripts its better to use bin/ than $PREFIX/bin
      s4-script: flush DNS after adding new addresses
      s4-ldb: removed bugus RDN length check
      s4-ldb: removed incorrect rDN length test
      s4-dsdb: implement limit on rDN length
      s4-ldap: test the rDN size limit
      s4-ldaptest: "testgroup" is a bit too common
      s4-pvfs: fixed handling of SEC_FLAG_MAXIMUM_ALLOWED
      s4-smb: declare root_fid as a file handle
      s4-pvfs: implement root_fid support in posix backend
      s4-torture: catch bad command line options
      s4-libcli: fixed structure element bug in ntcreatexreadx
      s4-smbserver: fixed root_fid in nttrans create
      s4-selftest: mark some CIFS backend tests as known fail
      s4-smb: fill in fnum as well for root_fid
      idl: added bit definition for privilege masks
      s4-torture: take privileges into account in BASE-MAXIMUM_ALLOWED
      s4-pvfs: fixed mask handling for SEC_FLAG_MAXIMUM_ALLOWED
      s3: fixed krb5 build problem on ubuntu karmic
      s4-winsrepl: don't put in attributes with no elements
      s4-privileges: moved privileges to private/privilege.ldb
      s4-torture: show the sid we are basing privilege tests on
      s4-provision: removed the old privilege attributes
      s4-provision: added the default privileges db
      s4-lsasrv: make sure only admins can alter privileges
      s4-torture: add a special check for administrators and privileges
      s4-security: honor more of the privilege access bits
      s4-pvfs: use privileges rather than "uid == 0" in unix access check
      s4-torture: cleanup after the MAXIMUM_ALLOWED test
      s4-torture: the BASE-CREATEX_ACCESS test is broken for non-administrators
      s4-acl: SEC_FLAG_MAXIMUM_ALLOWED doesn't auto-apply privilege access masks
      s4-pvfs: don't auto-apply privilege bits in unix acl handling either
      s4-schema: We should not need Samba4TopExtra now
      s4-torture: minor debugging enhancements
      s4-torture: fixed the default ACL for s4
      s4-pvfs: when uwrap is enabled, ignore chown errors
      s4-smbserver: removed bogus initialisation of two union arms
      s4: fixed howto for new binary name
      smb2-torture: samba4 allows SEC_FLAG_SECURITY to be used with privileges
      s4-pvfs: change the handling of access checking on create
      s4-smb2: fixed SMB2 find commands
      s4-pvfs: more fixes for ACLs on file creation
      s4-pvfs: fixed update of stream sizes
      s4-pvfs: the STREAM_INFORMATION calls don't need any access flags
      s4-pvfs: when reporting the file name, don't include the :$DATA suffix
      s4-pvfs: rename with full name gives SHARING_VIOLATION
      s4-streams: fixed handling of stream rename and overwrite
      s4-torture: fixed the streams tests for Samba4
      s4: spelling error
      s4-test: SMB2 oplocks in s4 are a mess
      s4-test: the ldap secdesc test is expected to fail for now
      s4-pvfs: fixed uninitialised variable
      s4-pvfs: another uninitialised variable
      s4-test: removed duplicate knownfail entry
      selftest: fixed filter to know about a "error" result
      s4-selftest: move secdesc.python test to skip list
      Revert "selftest: fixed filter to know about a "error" result"
      s4-pvfs: fill in alignment_requirement (valgrind error)
      s4-libnet: fixed privilege handling in samsync to use the right db
      s4-idmap: the idmap database should be indexed
      s4-pyldb: fixed 64 bit issues
      s4-selftest: fixed 'make testenv'
      util: fixed generate_unique_strs() to be portable
      selftest: try to get the valgrind errors showing again in the build farm
      tdb: fixed the intermittent failure of tdbtorture in the build farm
      lib-util: check for too many combinations in generate_unique_strs()
      s4-idl: don't call a variable 'stat'
      s4-dsdb: fixed empty structure error on solaris8
      s4-selftest: skip the trans2.scan test
      s4-torture: fixed a fd/mem leak in the RPC-LSA-SECRETS test
      s4-selftest: skip two more scanners
      s4-script: cleanup tmp files in minimial_includes.pl
      s4-torture: ran minimal_includes.pl over source4/torture
      s4: ran minimal_includes.pl on source4/winbind
      s4: ran minimal_includes.pl on source4/rpc_server
      s4: ran minimal_includes.pl on source4/client
      s4: ran minimal_includes.pl on source4/auth/ntlm
      s4: ran minimal_includes.pl on source4/auth/ntlmssp
      s4: ran minimal_includes.pl on source4/auth/gensec
      s4-selftest: the secleak test is not designed for automated running
      s4-torture: fixed a pipe leak
      s4-ldb: allow for non-null terminated ldb_val in ldb_dn_from_ldb_val
      s4-ldb: ldb_oom() for modules
      s4-ldb: ldb indexing rewrite - part1
      s4-ldb: when taking a list intersection, the result can be as long as the first list
      idl-drsblobs: mark some more reserved values as value(0)
      util: fixed place where we could look one byte past end of string
      selftest: make python run unbuffered
      s4-ldb: fast path for equal pointers
      s4-ldb: expose ltdb_err_map and ltdb_delete_noindex
      s4-ldb: do more validation of idxptr lists
      s4-ldb: delete empty index records
      s4-ldb: fixed tdb error handling in ldb_index.c
      s4-ldb: over-allocate index records to save on realloc costs
      s4-ldb: ensure new dn_list elements are not owned by caller
      s4-selftest: removed raw.unlink from quicktest
      s4-ldb: don't try to index non-indexed attributes
      s4-ldb: fixed some memory leaks in new indexing code
      s4-ldb: added a TODO about checking the indexlist
      s4-lsa: fixed the lsa server to cope with the new tests from gd
      s4-torture: fixed double free in libnet_group test
      s4-lsa: fixed breakage of lsa server
      s4-dsdb: create a static system_session context
      s4-dsdb: add a static samdb_credentials
      s4-ldbwrap: added re-use of ldb contexts in ldb_wrap_connect()
      s4-server: pre-open the main ldb databases in the server
      s4-server: call the ldb_wrap_fork_hook() after a fork()
      s4-ldb: added ldb_transaction_cancel_noerr()
      s4-ldb: use ldb_wrap_fork_hook() to cancel child transactions
      s4-ldb: move the tdb_reopen_all() calls to ldb_wrap.c
      s4-samdb: make sure the static credentials are never freed
      s4-selftest: lower some of the timeouts during make test
      s4-python: we need to include Python.h first
      s4-python: fixed annoyance where control-C doesn't kill our python scripts
      s4-ldb: fixed re-index during a complex transaction
      s4-ldb: don't allow modifies outside a transaction.
      tdb: detect tdb store of identical records and skip
      s4-dsdb: ensure that new partitions inherit any transaction
      s4-ldb: fixed string length handling on index records
      s4-ldb: ensure DNs pass validity tests in indexing
      s4-samdb: reduce the number of samdb opens at startup
      s4-ldb: allow for unescaped '=' in a index DN
      Merge branch 'master' of ssh://git.samba.org/data/git/samba
      s4-ldb: fixed request handling for schemaUpdateNow op
      s4-ldb: '+' can also happen in base64 encoded index DNs
      s4-dsdb: always cancel transactions on all partitions
      s4-dsdb: call dsdb_make_schema_global() from ldb_wrap
      s4-hdb: go back to a separate samdb for the KDC
      s4-samdb: remove the rDN size constraint of 64
      s4-ldb: make DN escaping/unescaping consistent
      s4-ldb: changed the DN checks for \n to warnings
      fixed the build
      s4-ldb: allow ldap.py test suite to run directly against a file
      s4-ldb: fixed an issue in rename/modify indexing
      s4-ldb: make ldb tools line buffered
      s4-ldb: when -v is specified, show progress of ldbadd/ldbmodify
      s4-ldb: added a double-rename test
      s4-dsdb: make sure mod_usn list is zeroed on each transaction
      s4-dsdb: removed attributes that should not be displayed by default
      s4-ldb: added a warning about ldb_msg_add_dn
      s4-drs: we need to specifically ask for ntSecurityDescriptor
      s4-dsdb: some more attribuutes that we should only give if asked for
      libcli: allow ntstatus.h to be used by openchange
      s4-install: fixed install path for python scripts
      s4-smb2: check for an invalid lock flags combination
      s4-smb2: check for invalid SMB2 lock ranges
      torture: fixed SMB2-LOCK valgrind error
      s4-smb2: sequence numbers are not checked in SMB2_OP_CANCEL
      s4-smb2: SMB2 uses NT_STATUS_CANCELLED for cancelled locks
      s4-ldb: better to test for valid arguments in ldb library than commandline
      s4-ldb: improve detection of whether the server has a GC port
      s4-pvfs: fixed access check failure in SFILEINFO test
      s4-drstest: don't use getenv("LDB_URL") in test suites
      s4-torture: fixed expected error codes for s4 in SMB2-LOCK
      s4-ntvfs: move valid lock range test from smb2 layer to generic code
      s4-torture: mark s4 as doing valid lock range tests on SMB
      s4-selftest: s4 passes this test now
      s4-ntvfs: win7 does not check for the NONE smb2 lock flag on unlock
      s4-torture: fixed error code for s4 in SMB2-LOCK test
      s4-selftest: s4 passes all the SMB2-LOCK tests now
      s4-install: old systems don't have sed -i
      s4-drs: cope with bogus empty attributes from w2k8-r2
      s4-ldb: make it much easier to use common ldb controls
      s4-dsdb: don't call ldb_next_init() twice in objectclass module
      s4-ldb: check for -ve value for page size
      s4-ldb: the '1' form of extended_dn search is easier to read
      s4-drs: fixed updating of uSNChanged in replmd_modify
      s4-drs: fixed UDV and overlapping sync calls in DRS
      s4-drsutil: fixed a memory leak in samdb_search_count
      s4-ldb: fixed show_deleted module not to corrupt parse trees
      s4-selftest: don't consider spoolss failures to be an error in s4
      s4-ldb: fixed ldbdel with -r (recursive deletion)
      s4-drs: use -r to ldbdel in unvampire devel script
      s4-heimdal: fixed a use-after-free heimdal bug
      s4-selftest: show the test summary at the end of 'make test' in the build farm
      s4-dsdb: fixed steal of parentGUID for empty msg
      s4-dsdb: use dsdb_module_search_dn in repl_meta_data
      s4-ldb: added a missing ltdb_unlock_read()
      s4-ldb: fixed nested searches inside ldb modules
      s4-drs: use parentGUID attribute in getncchanges
      s4-drs: ensure we fill in ncRoot_dn in getncchanges
      s4-dsdb: added dsdb_functional_level() helper function
      librpc: split out a separate GUID_from_ndr_blob() function
      s4-dsdb: use GUID_from_ndr_blob() to create dsdb_get_extended_dn_guid()
      s4-libcli: use new GUID functions in libcli
      s4-smb2: use new GUID function in smb2 negprot
      s4-dsdb: simplify schema code using new GUID functions
      s4-dsdb: simplify linked attributes code using GUID functions
      s4-dsdb: simplify samdb_result_guid()
      s4-ldb: simplify ldif handlers using new GUID functions
      libndr: added a GUID_to_ndr_blob() helper function
      s3-ldb: use GUID_to_ndr_blob()
      libcli: use GUID_to_ndr_blob()
      s4-server: use GUID_to_ndr_blob() in cldap and smb servers
      s4-libcli: use GUID_to_ndr_blob()
      s4-libnet: use GUID_to_ndr_blob()
      s4-ldb: use GUID_to_ndr_blob()
      s4-dsdb: use GUID_to_ndr_blob()
      util: added binsearch.h for binary array searches
      s4-schema: use binsearch.h
      s4-schema: use GUID_to_ndr_blob()
      s4-libcli: GUID_from_ndr_blob() is strict about the blob size
      s4-ldb: fixed 2 bugs in ldb_dn_set_extended_component()
      s4-ldb: sort the linearized extended DN by component name
      s4-ldb: added a new "reveal" control
      s4-ldb: added a function to filter extended components of a ldb_dn
      s4-ldb: added new ldb_dn extended components for linked attributes
      s4-dsdb: use the reveal control to hide/show extended DN components
      heimdal: work around differences between GNU and XSI strerror_r()
      s4-dsdb: return a zero guid on error in samdb_result_guid()
      s4-loadparm: call reload_charcnv() also for a missing smb.conf
      s4-devel: support vampire_ad.sh with no initial smb.conf
      s4-dsdb: added REVEAL_INTERNALS flag to dsdb_module_search_handle_flags()
      s4-ntvfs: try to fix bug 6989
      s4-dsdb: added dsdb_dn_is_deleted_val()
      s4-dsdb: use dsdb_dn_is_deleted_val()
      s4-dsdb: added dsdb_module_dn_by_guid()
      s4-dsdb: rename dsdb_module_search_handle_flags to dsdb_request_add_controls
      s4-dsdb: dsdb_flags should be unsigned
      s4-dsdb: fixed dsdb_module_dn_by_guid()
      s4-dsdb: added dsdb_module_modify()
      s4-dsdb: added a dsdb_module_rename() call
      libds: added GUIDs for wellknown AD objects
      s4-dsdb: added dsdb_wellknown_dn()
      s4-dsdb: added dsdb_find_nc_root()
      s4-dsdb: added dsdb_get_deleted_objects_dn()
      ldap: give a debug error when we don't know a control
      s4-ldb: added --show-deactivated-link command line option
      s4-ldb: fixed a transaction error on prepare_commit
      s4-ldb: show the OID of any unhandled critical controls
      s4-dsdb: don't actually remove the sd_flags control, just mark it non-critical
      s4-dsdb: when the SD_FLAGS control is set, don't remove nTSecurityDescriptor
      s4-dsdb: it is a better pattern to mark a control as done than remove it
      s4-dsdb: also mark the relax control non-critical when done
      s4-ldb: canonicalise the message on ldb_add
      s4-scripts: add a enablerecyclebin script
      s4-ldb: display msDS-OptionalFeatureGUID as a GUID
      s4-dsdb: fixed the sort in dsdb_find_nc_root()
      s4-dsdb: added ldb_dn_update_components()
      s4-dsdb: declare ldb_dn_update_components()
      s4-dsdb: greatly simplify the subtree_delete module
      s4-ldb: fixed a valgrind error in ldbtest
      s4-dsdb: stop warnings about unknown struct GUID in prototypes
      s4-dsdb: give us an invocationID when in standalone mode
      s4-provision: added a note about where invocationIDs come from
      s4-dsdb: added two new dsdb_get_extended_dn_*() helper functions
      s4-dsdb: use varargs expression in dsdb_module_search()
      s4-dsdb: added dsdb_get_extended_dn_uint64()
      s4-dsdb: added DSDB_MODIFY_RELAX flag to the dsdb_module_*() calls
      s4-dsdb: don't use a non-constant format string for a printf format
      s4-repl: lower debug level of a common message
      librpc: fixed the GUID_compare() function
      s4-drs: another two unsigned comparison bugs
      s4-schema: a unsigned comparison bug in the schema code
      s4-torture: another unsigned comparison bug
      s4-repl: only try to replicate for NCs that we are a master for
      s4-kcc: don't crash with a NULL ntds connection list
      s4-repl: give a reason why the prepare commit failed
      s4-torture: update uuid_compare test for new behaviour
      s4-schema: fixed the sorting of schema attributes
      s4-net: fixed pwsettings command
      s4-testpasswords: fixed CONFIG and quoting
      s4-net: fixed finddcs to use empty SID instead of NULL sid (NDR error)
      s4-dsdb: add support for storing linked attribute meta data in extended DNs
      s4-dsdb: add a TODO item for linked attributes in extended_dn_out
      s4-dsdb: implemeneted replmd_modify_la_replace()
      s4-dsdb: added support for backlinks in repl_meta_data
      s4-dsdb: linked_attributes_modify no longer handles modifies
      s4-dsdb: add a comment on the use of ldb_rename()
      s4-dsdb: repl_meta_data now replaces objectguid in all cases
      s4-dsdb: the linked_attributes module no longer handles deletes
      s4-dsdb: added replmd_delete, based on Eduardos work
      s4-dsdb: add linked attributes meta_data handling to replmd_add
      s4-dsdb: remove linked_attributes_add
      s4-dsdb: some backlinks can be processed immediately
      s4-dsdb: do the rename after the modify in replmd_delete
      s4-dsdb: simplify the linked_attributes module
      s4-dsdb: handle links with no backlinks in replmd_delete
      s4-dsdb: split RMD_USN into RMD_LOCAL_USN and RMD_ORIGINATING_USN
      s4-dsdb: allow the component name to be specified in dsdb_get_extended_dn_guid()
      s4-dsdb: add REVEAL_INTERNALS in the search for linked_attributes
      s4-dsdb: store full meta data from DRS for linked attributes
      s4-dsdb: minor cleanup in DRS replicated objects code
      s4-dsdb: ask for REVEAL_INTERNALS in getncchanges
      s4-drs: added linked attribute replication to getncchanges
      s4-dsdb: auto-upgrade w2k formatted linked attributes when modified
      s4-ldb: use the RELAX control to disable single value checking on replace
      s4-dsdb: added dsdb_dn_is_upgraded_link_val()
      s4-drs: handle mixtures of old and new style links in getncchanges
      s4-dsdb: added dsdb_check_single_valued_link()
      s4-dsdb: move checking for single valued links to samba modules
      s4-dsdb: fill in the correct version number of links that come over DRS
      s4-drs: some useful debugging options for getncchanges
      s4-drs: fixed the UDV return in getncchanges
      s4-dsdb: use a common method for finding a link pair
      s4-ldb: added ldb_module_get_ops()
      s4-dsdb: added DSDB_FLAG_OWN_MODULE
      sd-schema: order DRS classes on the wire in reverse order
      s4-schema: don't fill in the extended DN with a zero GUID
      s4-drs: give a reason when an AddEntry commit fails
      s4-drs: we are doing the sorting for getncchanges in the app code now
      s4-drs: implemented sorting functions based on replication flags
      s4-drs: use the extended linearized form for DRS replication
      s4-drs: send all linked attributes at the end of a replication cycle
      s4-drs: update highwatermark after successfully encoding the object
      s4-drs: treat a zero GUID as not present in replmd_add_fix_la
      s4-drs: give an error message in repl_meta_data if we don't get a partition control
      s4-drs: cope better with NULL GUIDS from DRS
      s4-drs: use dsdb_module_guid_by_dn()
      s4-drs: fixed typo for uSNCreated
      s4-drs: update comment to refect only forward link in this fn
      s4-drs: use DSDB_FLAG_OWN_MODULE
      s4-drs: isRecycled only exists in FL W2K8-R2
      s4-drs: don't try to remove backlinks directly
      s4-dsdb: fixed valgrind error in replmd modify
      s4-ldb: show the error code as well as errstr
      s4-drs: set flag to indicate that we do support linked attributes
      s4-dsdb: added parse functions for DRS linked attribute blobs
      s4-drs: use dsdb linked attribute parse functions
      s4-drs: use dsdb_module_rename()
      s4-drs: re-resolve the DN in linked attribute processing
      s4-drs: sort linked attributes
      s4-ldb: added ldb_val_to_time()
      s4-dsdb: use ldb_val_to_time() instead of ldb_string_to_time()
      s4-dsdb: use safe length limiting in string->integer conversion
      s4-ldb: use safe length limited conversions for int64 and time
      s4-ldb: declate ldb_val_to_time()
      s4-ldbmodify: show the error code as well as error string
      s4-ldb: allow modules to override error return values
      s4-ldbtest: fixed message element in modify
      s4-dsdb: added dsdb_set_extended_dn_guid()
      s4-drs: make sure the DNs we put in the db have a extended GUID
      s4-ldb: show an error string, as well as error message
      s4-ldaptest: need to use MessageElement for modify messages
      s4-dsdb: allow system to remove deleted objects
      s4-dsdb: added dsdb_tombstone_lifetime()
      s4-dsdb: make sure 'whenChanged' is set on modify
      s4-ldb: fixed valgrind error: ares can be freed by callback
      s4-dsdb: fixed samdb_create_foreign_security_principal() to use the wellknown GUID
      s4-dsdb: fixed several memory leaks
      s4-kcc: added a preiodic task to remove deleted objects
      s4-dsdb: switched to using RMD_FLAGS instead of DELETED in extended DNs
      libreplace: some systems don't have memmem()
      s4-sddl: DRS replication needs REVISION_ADS for SDs
      s4-drs: don't give an error on repsTo delete if add is also specified
      s4-dsdb: force REVISION_ADS for new and updated ACLs in dsdb
      s4-dsdb: added samdb_reference_dn()
      s4-ldb: added nice ldif display of 64 bit ranges for RIDs
      s4-provision: added an initial RID Set
      s4-dsdb: added samdb_rid_set_dn()
      s4-provision: the DC object itself needs a fixed objectSID
      s4-samldb: use RID Set to allocate user/group RIDs
      s4-dsdb: move the RID allocation logic into ridalloc.c
      s4-provision: allow provision modifies to add records
      s4-dsdb: added dsdb_module_add()
      s4-dsdb: added dsdb_module_reference_dn()
      s4-dsdb: added dsdb_module_constrainted_update_integer()
      s4-dsdb: added dsdb_next_callback()
      s4-dsdb: use dsdb_next_callback()
      s4-dsdb: implement creation of the RID Set object
      s4-provision: don't hard wire the creation of the RID Set object
      s4-dsdb: implement refresh of RID Set pool for a local RID Manager
      s4-dsdb: fixed usage of rIDAllocationPool and rIDPreviousAllocationPool
      s4-dsdb: clarify who is responsible for each attribute
      s4-dsdb: added dsdb_module_set_integer()
      s4-ridalloc: copy with missing rIDNextRid and rIDAllocationPool
      s4-dsdb: added dsdb_find_guid_attr_by_dn()
      s4-repl: added request for RID allocation in drepl task
      s4-messaging: added a new msg type MSG_DREPL_ALLOCATE_RID
      s4-dsdb: send a message to the drepl task when we need another RID pool
      s4-dsdb: the dsdb ldb modules now need messagiing
      s4-repl: allow for callbacks when a repl operation completes
      s4-repl: implement MSG_DREPL_ALLOCATE_RID
      s4-dsdb: added an extended operation for allocating a new RID pool
      s4-dsdb: added support for DRSUAPI_EXOP_FSMO_RID_ALLOC
      s4-event: added s4_event_context_set_default()
      s4-drs: added some debug messages
      s4-dsdb: improve error messages in schema and pdc_fsmo modules
      s4-ldb: improve error handling in indexing code
      s4-provision: RID 1000 is consumed by the machine account
      s4-provision: re-open sam.ldb after creating the schema
      s4-devel: a useful script to setup bin/ and st/ as tmpfs filesystems
      s4-partition: don't ignore errors from other modules
      s4-libnet: better error messages in libnet_vampire.c
      s4-idl: added some more wellknown attributeIDs
      s4-idl: regenerate DRS IDL
      s4-schema: make ldb_val to string comparison safer with nul termination
      s4-schema: added dsdb_attribute_by_lDAPDisplayName_ldb_val
      s4-schema: added generic attributeID conversion functions
      s4-provision: do a self join for all server types
      s4-dsdb: no longer need special invocationID handling for standalone servers
      s4-dsdb: added DSDB_FLAG_TOP_MODULE
      s4-dsdb: ensure we will in all the attributes for RID Set
      s4-dsdb: poke the RID Manager when completely out of RIDs too
      s4-drs: we need to wrap extended operations in transactions
      s4-smbd: setup the default event contexts for other process models
      s4-scripting: we need to use a base search for the NTDS GUID
      s4-partition: fixed selection of partitions on exact match
      s4-dsdb: squash some unknown structure warnings
      s4-dsdb: added dsdb_module_am_system()
      s4-dsdb: allow specification of a SID if we are system
      s4-dsdb: use dsdb_module_am_system() in acl module
      s4-dsdb: fixed const misuse in acl module
      s4-samba3samtest: use system credentials for creating users
      s4-secdesc: fixed the sec_descriptor.py test
      s4-acl: fixed acl.py test to use correct ldif
      s4-dsdb: added a samba3sid module
      s4-samba3sam: use samba3sid module
      s4-samba3sid: the sambaNextRid attribute is actually the previous RID
      s4-samba3samtest: force workgroup so the domain is right
      s4-samba3sid: fixed error returns when res->count != 1 and oom
      s4-samba3samtest: we need to force netbios name as well
      s4-provision: added W2K8-R2 schema as provided by WSPP
      s4-schema: added some debug for bad attributes
      s4-schema: added adminDisplayName and adminDescription
      s4-schema: switch to W2K8-R2 schema
      s4-schema: fixed attributes of aggregate schema
      s4-schema: added msDS-NcType to schema container
      s4-schema: fixes for W2K8-R2 schema
      s4-drs: added two more SPNs in addentry
      s4-ldb: validate the type of the ldb argument to ldb_dn_new()
      s4-drs: fixed usage of ldb_dn_new()
      s4-messaging: fixed a memory leak in messaging_path()
      s4-messaging: remove only usage of debug_ctx()
      s4-debug: removed debug_ctx(). It didn't catch on :-)
      s4-drs: fixed the NC in the getncchanges RID alloc reply
      s4-idl: give a enum for attribute cn and a 'NONE' attribute
      s4-drs: added filtering by udv in getncchanges
      s4-drs: be less verbose when we filter objects by UDV
      s4-drs: calculate and send a uptodateness_vector with replication requests
      s4-drs: need to set the getncchanges extended_ret on success too
      s4-libnet: dsdb_wellknown_dn() in vampire code
      s4-drs: moved the DsWriteAccountSpn call to its own file
      s4-dsdb: added samdb_ldb_val_case_cmp()
      s4-drs: fixed writespn to ignore add/delete errors
      s4-drs: having no SPNs to change is not an error
      s4-drs: base is_nc_prefix on instanceType
      s4-drs: give DN of failed replication partition
      s4-drs: add a local UDV entry even when no replUpToDateVector present on NC
      s4-schema: fixed the SDDL for the schema root security descriptor
      s4-samldb: fixed primaryGroupID when promoting a machine to a DC
      s4-debug: lower the verbosity of a couple of common log messages
      s4-drs: instanceType is always sent, regardless of UDV values
      s4-dsdb: added samdb_domain_sid_cache_only()
      s4-ldb: display security descriptors with correct SDL for known SIDs
      s4-test: fixed make test without having done make install
      s4-selftest: when a command fails show both normal and expanded command
      Revert "s4:provision_users.ldif - Add objects for IIS"
      Revert "s4:provision_users.ldif - Fix memberships regarding the denied password RODC replication group"
      Revert "s4:provision_users.ldif - Remove foreign security principal S-1-5-17 for now"
      Revert "s4:provision_users.ldif - Import all essential groups for Windows Server 2008 mode"
      s4-idl: update the DRS_OPTIONS bits based on the latest WSPP docs
      s4-drepl: switch drepl over to using the generic DRS options flags
      s4-torture: switch to generic DRS options flags
      s4-drs: switch the DRS server to the generic DRS options flags
      s4-torture: switch smbtorture to the generic DRS options
      s4-idl: get rid of the operation specific DRS options flags
      s4-ldb: cope with bad ptr alignment in ldb_index.c
      s4-dsdb: added isGlobalCatalogReady
      s4-drs: give better debug info on unsupported DRS calls
      s4-drs: framework for DsGetReplInfo(), includes the DS_REPL_INFO_NEIGHBORS infoType.
      s4-dsdb: require admin access for DsReplicaGetInfo
      s4-drs: better debug info when security checks fail
      s4-kcc: squash a warning
      s4-kcc: simplify the ReplicaGetInfo implementation a bit
      s4-dsdb: added dsdb_load_udv_v2() and dsdb_load_udv_v1()
      s4-dsdb: use dsdb_load_udv_v2() in repl task
      s4-drs: use dsdb_load_udv_v2() in getncchanges code
      s4-dsdb: add our local cursor and sort in dsdb_load_udv_*()
      s4-dsdb: take advantage of local cursor and sort
      s4-kcc: added support for CURSORS info level in DsReplicaGetInfo
      s4-idl: in DsReplicaGetInfo unknown2 is actually an enumeration_context
      s4-kcc: added DsReplicaGetInfo CURSORS2 level
      s4-provision: added "check-names ignore;" to allow for _msdcs A records
      s4-devel: added rebuild_zone.sh
      s4-provision: added w2k8r2 ldap capabilities
      s4-kcc: added DsReplicaGetInfo pending ops call
      s4-torture: fixed DsReplicaGetInfo elements
      s4-kerberos: raise the general kerberos debug level to 3
      s4-dsdb: isGlobalCatalogReady should be shown by default
      s4-drs: allow for security bypass for DsReplicaGetInfo
      idl: switched to using the WSPP names for the 'neighbour' DRS options
      s4-ldbtest: fixed python import
      s4-torture: handle NT_STATUS_CONNECTION_RESET
      s4-ldb: fixed api.py selftest
      s3-brlock: add a minimim retry time for pending blocking locks
      s3-brlock: we don't need these MSG_SMB_UNLOCK calls now
      s3-smbd: add a rate limited cleanup of brl, connections and locking db
      s3-events: make the old timed events compatible with tevent
      s4-registry: fixed byte order assumptions
      talloc: fixed doc typo
      nbt: don't reference the event_ctx in nbtsock
      s4-torture: more useful error message in SMB2-DIR
      s4-torture: allow host-only in unc lists in smbtorture
      s4-ldb: update ldb_tdb to use new DLIST_ macros
      s3-nmbd: update nmbd to use new DLIST_ macros
      s3-ldb: update the old ldb in s3 to use new DLIST macros
      s3-memcache: update memcache to use new DLIST macros
      s3-libsmb: update libsmb to use new DLIST macros
      s3-locking: update to use DLIST_ADD_AFTER()
      s3-perfcount: update to use new DLIST macros
      s3-registry: update to use new DLIST macros
      s3-smbd: update to use new DLIST macros
      util: rewrite dlinklist.h so that DLIST_ADD_END() is O(1)
      test:local added LOCAL-DLINKLIST testsuite
      s4-provision: move zone file to dns subdirectory
      s4-provision: pre-create a named.conf.update file
      libreplace: added replacements for dprintf() and vdprintf()
      util: added file_compare() utility function
      s4-provision: cope with umask in creating private/dns
      s4-dns: added a dns update task
      s4-selftest: don't run rndc reload in selftest
      s4-dns: don't leave behind a tmp file
      s4-net-drs: fix some coding style issues
      libds: added recyclebin feature GUID
      s4-pyldb: null terminate string ldb message elements from python
      s4-script: make enablerecyclebin use system_session
      s4-provision: fixed --function-level option to provision
      s4-build: avoid finding python symlinks
      s4-provision: import the R2 functional level
      util: added TYPESAFE_QSORT() macro
      libreplace: add fdatasync() if not available
      tdb: use fdatasync() instead of fsync() in transactions
      s4-dsdb: use TYPESAFE_QSORT() in dsdb code
      s4-auth: use TYPESAFE_QSORT() in gensec
      s4-socket: use TYPESAFE_QSORT() in netif code
      s4-ntvfs: use TYPESAFE_QSORT() in notify code
      s4-rpcserver: use TYPESAFE_QSORT() in rpc servers
      s4-torture: use TYPESAFE_QSORT() in smbtorture
      s4-wrepl: use TYPESAFE_QSORT() in wins repl code
      s4-ldb: added LDB_TYPESAFE_QSORT()
      s4: use LDB_TYPESAFE_QSORT() instead of ldb_qsort()
      s4-rpc: be more careful about DCERPC auth padding
      s4-smbd: fix crash in notify code on client termination
      s4-ldb: use TYPESAFE_QSORT() in the rest of the ldb code
      s3-includes: enable TYPESAFE_QSORT() in s3
      lib: use TYPESAFE_QSORT() in lib/ and libcli/
      s3-lib: use TYPESAFE_QSORT() in s3 interfaces code
      s3-libsmb: use TYPESAFE_QSORT() in namequery code
      s3-lib: use TYPESAFE_QSORT() in remaining s3 library code
      s3-vfs: use TYPESAFE_QSORT() in s3 VFS modules
      s3-nmbd: note TODO item for qsort
      s3: convert registry and printing code to TYPESAFE_QSORT()
      s3-locking: convert brlock to TYPESAFE_QSORT()
      s3-rpc: convert wkssvc to use TYPESAFE_QSORT()
      s3-smbd: convert lanman and notify code to TYPESAFE_QSORT()
      s3: last part of TYPESAFE_QSORT() conversion
      util: update three other copies of our dlinklist.h macros
      a4-dcerpc: another attempt at dcerpc auth padding
      s4-rpcserver: teach the rpc server to cope with bad sig_size estimates
      s4-dsdb: added dsdb_modify_permissive()
      s4-drs: use a permissive modify in addentry
      s4-drs: replace manual checks with dsdb_modify_permissive()
      s4-test: minor fixes to urgent_replication.py
      s4-ldb: fixed permissions on urgent_replication.py
      s4-test: use local ldb for urgent_replication test
      s4-dsdb: don't change replPropertyMetaData if the value hasn't changed
      s4-kcc: remove C++ comment
      s4-rootdse: we don't need DSDB_FLAG_OWN_MODULE here
      s4-dsdb: move dsdb_request_add_controls() into dsdb/common/util.c
      s4-dsdb: replace dsdb_modify_permissive() with dsdb_modify() and dsdb_flags
      s4-dsdb: change samdb_replace() to dsdb_replace() and allow for dsdb_flags
      s4-dsdb: change dsdb_search_dn_with_deleted() to dsdb_search_dn() with dsdb_flags
      s4-dsdb: replace dsdb_find_dn_by_guid() with a dsdb_search() call
      s4-dsdb: added dsdb_search_one() and cleanup dsdb_find_dn_by_guid()
      s4-dsdb: removed gendb_search_single_extended_dn()
      s4-kcc: remove search_onelevel_with_deleted() in kcc
      s4-samdb: use dsdb_search() in cracknames
      s4-dsdb: return LDB_ERR_CONSTRAINT_VIOLATION on num_recs != 1
      s4-dcerpc: fixed auth padding to be relative to the stub, not packet
      s4-rpc: don't use auth padding in rpc bind requests as it breaks s3
      s4-kcc: remove a qsort() that snuck into the new topology code
      s4-rpc: paranoid check for auth_length
      s4-provision: fix permissions on generated DNS zone file
      examples: add bind9 patches for TSIG-GSS support
      util: added samba_runcmd()
      s4-param: added "rndc command" smb.conf option
      s4-dnsupdate: use samba_runcmd() in the dns update task
      s4-provision: freeze the DNS zone before creating the zone file
      s4-config: add dyn_SBINDIR
      s4-param: added "dns update command" smb.conf option
      s4-dns: call out to the dns update command every 10 minutes
      s4-pyglue: added interface_ips() call
      s4-dns: improved logging, and run name check at startup
      s4-selftest: disable rndc and dns update in build farm
      Revert "s4:AD content - adequate some revision levels to match Windows Server 2008"
      s4-dsdb: fixed the fetch of the server site name
      dns: dummy samba_dnsupdate script
      dns: install samba_dnsupdate
      s4-krb5: propogate errors from a lot more kerberos functions
      pyglue: don't return IPs in interface_ips()
      pyglue: added py_samdb_ntds_invocation_id()
      py-samdb: added get_invocation_id() method
      pyglue: added py_samdb_server_site_name()
      py-samdb: added server_site_name method
      samdb: added get_ntds_GUID() method
      s4-param: added 'nsupdate command' option, default to /usr/bin/nsupdate -g
      s4-provision: fixed port number for gc ldap DNS SRV entry
      s4-dns: add automatic dynamic DNS updating script
      dns: auto-delete incorrect SRV entries for our hostname
      s4-provision: if we aren't doing variable substitution then don't check for vars
      s4-provision: setup the dns_update_list at provision time
      s4-provision: added dns_update_list
      s4-dns: use a loadparm list for samba_runcmd() commands
      s4-dns: fixed CNAME automatic DNS updates
      s4-provision: also create the dns_update_list when running net vampire
      s4-provision: fixed use of rndc command from python
      devel: get the ownership of the directories right in tmpfs.sh
      s4-posix: allow change ownership of files if the user has the right privileges
      dns: make dns update script use unbuffered IO
      s4-messaging: use auto-close on the socket
      s4-dns-ex: use autoclose on the dns child pipe
      s4-python: allow us to have samba copies of python libraries we depend on
      s4-dns: use samba.external to pull in the dns.resolver library
      s4-python: import a copy of the python dns library
      s4-python: only install external python libs that are missing
      s4-torture: fixed commas separating C statements
      s4-rpc: don't use s->credentials after it is freed
      s4-pvfs: move the private ntcreatex flags to private_flags
      s4-pvfs: log more error conditions in NTVFS backend
      s4-privs: add root_privileges_original_uid()
      s4-pvfs: added new pvfs flag PVFS_FLAG_PERM_OVERRIDE
      s4-pvfs: new pvfs_sys module
      s4-pvfs: use pvfs_sys_*() functions to wrap posix calls
      replace: added get_current_dir_name()
      s4-pvfs: use O_FOLLOW one level at a time for security overrides
      s4-pvfs: set default for perm override based on system features
      s4-pvfs: use pvfs_sys_fchmod()
      s4-pvfs_sys: talloc_free should be before errno restore
      s4-pvfs_sys: build on systems without O_NOFOLLOW or O_DIRECTORY
      charset: fixed a problem with the global use of the iconv_convenience structure
      subunit: keep total error and failure counts
      subunit: fixed reporting of unexpected failures
      build: useful shell vars for setting up selftest
      build: fixed nss_wrapper on solaris
      s4-provision: solaris uses the group "other"
      s4-provision: FreeBSD uses 'staff' for users
      libreplace: fixed declaration of dprintf() on FreeBSD
      python: use '#!/usr/bin/env python' to cope with varying install locations
      s4-ldb: removed unused command line options -I and -O
      s4-ldb: fixed command line parsing in oLschema2ldif
      tsocket: not all systems have IPV6_V6ONLY
      libreplace: strerror_r() is needed by heimdal on solaris8
      libutil: moved the networking defines to util_net.h
      util: on FreeBSD true is in /usr/bin. Use execvp to find it
      tevent: added tevent_re_initialise()
      s4-smbd: use tevent_re_initialise()
      s3-event: switch s3 to using tevent_re_initialise()
      s4-selftest: use CONFIG_H environment variable to find config.h
      s4: added a simple implementation of bin/samba -b
      talloc: testsuite should use <talloc.h> not "talloc.h"
      pytalloc: allow for using a system libtalloc-dev with pytalloc
      s4-waf: use the libreplace strerror_r if needed
      s4-heimdal: a better way of handling dirfd()
      charset: look for the codepages in the right place
      s4-heimdal: for use of libreplace setegid and seteuid
      s4-heimdal: use the HAVE_INET_* functions from libreplace
      s4-test: oLschema2ldif doesn't take -H any more
      selftest: reason may be None
      replace: allow memmem() with an empty string to return NULL
      s4-torture: using typeof() is not portable
      s4-torture: removed more uses of typeof()
      talloc: limit the depth that talloc will go for talloc_is_parent()
      talloc: change talloc minor version to 2.0.2
      talloc: add a define for TALLOC_MAX_DEPTH
      talloc: a useful bit of debug code
      debug: enable talloc logging
      pyrpc: do the pipe connect on a real memory context
      s4-pyglue: setup talloc logging in python modules
      s4-python: added --debuglevel to our python scripts
      s4-rpc: fixed a talloc loop in continue_ntlmssp_connection()
      socket-wrapper: not all systems have FIONREAD defined
      build: a first attempt at waf build for talloc and libreplace
      build: updates to waf scripts for replace and talloc
      build: renamed autoconf.py to wafsamba.py and added SAMBA_*() functions
      build: added waf build for tdb
      build: more binaries for waf tdb build
      build: added some comments for tdb build
      build: added waf to the tree, so everyone uses the same version
      build: neater way to find libreplace and start on tevent waf build
      build: added target directory options
      build: added recursive library handling
      build: some more config checks
      build: added waf build rules for ldb
      build: tdb does not depend on talloc
      build: moved lib -> shared
      build: SAMBA_BUILD_ENV() is now in conf.*
      build: added ADD_CFLAGS() and started of Samba4 build
      build: first attempt at a script to auto-convert config.mk files to wscript
      build: add dummy flags for auto-generated scripts
      build: s4 wants config.h in include/
      build: more developer flags
      build: allow override of config.h location
      build: put config.h in top dir by default
      build: added top level script
      build: LIBLDB alias
      build: added autoproto stub
      build: recognise manpages keyword
      build: added BUILD_SUBDIR() wrapper
      build: added public_headers support
      build: use runonce for config checks
      build: more header checks
      build: simpler BUILD_SUBDIR
      build: death to singletons
      build: check for circular build dependencies
      build: auto-remove circular dependencies
      build: improve the wscript generator
      build: on the fly dependency checking
      build: LIBLDB hack not needed any more
      build: fixed handling of heimdal_build/internal.mk
      build: add libresolv
      build: add heimdal_build
      build: don't distinguish system and local libs in wscript files
      build: added LIBREPLACE_NETWORK
      build: auto-strip empty dependencies
      build: auto generate ASN1 and ET rules
      build: added ASN1 and ERRTABLE build targets
      build: run the lib/replace rules first
      build: add LIBREPLACE_EXT
      build: added gettext/libintl to libreplace
      build: make CHECK_FUNCS_IN() smarter about mandatory libraries
      build: heimdal_build waf support
      build: DEFUN->DEFINE, and fixed CFLAGS handling
      build: recursive dependency calculation
      build: added build groups
      build: added svn version of waf. It has better exception display
      build: added ASN1, PIDL and ET build rules
      build: cope with empty source lists for libs
      build: moved wafsamba.py to buildtools
      build: aded wafsamba README
      build: started to split up wafsamba.py into separate modules
      build: add output_type and realname for mit_samba library
      build: another missing subsystem .....
      build: split out the extension based build patterns
      build: fixed --includedir options for PIDL
      build: added librpc build script
      build: dynconfig build rules
      build: mail IDL build rules
      build: fixed location of gen_ndr files
      build: rewrote PIDL rules, breaking them into a separate waf tool
      build: using deps= for deps is clearer
      build: source= is clearer for source lists
      build: fixed formatting
      build: fixes from ita
      build: added heimdal_build table rules
      build: add README to explain gen_ndr, and ensure directory exists
      build: result of hack session with ita
      build: use shell for TDR rule, as -- confuses the build rule
      build: allow selection of build group in HEIMDAL_AUTOPROTO()
      build: moved main autoproto rule into samba_autoproto.py
      build: a useful example of a debug technique in waf
      build: added generation of version.h
      useful tools for finding missing configure steps
      build: check for pkgconfig
      build: waf build for lib/tls
      build: added define and always options to CHECK_VARIABLE()
      build: more headers and variables in configure
      build: h_errno for heimdal
      build: ignore the bin/ directory
      build: useful test script
      build: ignore some waf files
      build: add_headers flag to CHECK_HEADER()
      build: ntvfs/sysdep configure checks
      build: another typo
      build: check for backtrace
      build: return values for autoconf-like tests
      build: backtrace and crypt tests
      build: added CHECK_DECLS()
      build: improve autoconf macros
      build: smarter list splitting
      build: added CHECK_SIZEOF()
      build: check signal functions
      build: check size of types
      build: check for offset_t and pw*_r functions
      build: more config checks
      build: check for volatile
      build: added help on fns
      build: check xattr and frsize
      build: check freeaddrinfo
      build: added CHECK_CODE_COMPILES()
      build: more config checks
      build: expand CHECK_CODE() function
      build: added interface checking and nicer snprintf checking
      build: gcrypt functions
      build: move gettimeofday check to libreplace
      build: check immediate structures
      build: fixed iuserok test
      build: zlib checks
      build: define HAVE_LIBxxx when we find a library
      build: check for pam
      build: check for libgpg-error
      build: fix name of libs with - in them
      build: check for libsasl2
      build: new waf version
      build: added CHECK_CFLAGS()
      build: more libreplace config checks
      build: fixed winsize check
      build: check for xattr support
      build: fixed cflags in CHECK_CODE()
      build: iconv checks
      build: fixed sockaddr_in6 test
      build: new waf version - fixes mkstemp problem
      build: fixed _Bool va_copy and VA_ARGS tests
      build: added IPV6 test
      build: check for RETSIGTYPE
      build: added wrapper options
      build: added local_include option to CHECK_CODE()
      build: added statvfs64 test
      build: emulate autoconf PACKAGE_* variables
      build: fixed LDB_MODULESDIR
      build: added SUBST_ENV_VAR()
      build: make CONFIG_PATH() understand absolute paths
      build: added getpass() tests
      build: added ENFORCE_GROUP_ORDERING()
      build: back to stricter deps
      build: enable ENFORCE_GROUP_ORDERING()
      build: saner CFLAGS handling for defines
      build: fixed heimdal include lists
      build: use export_incdirs
      build: much nicer pidl rules
      build: assert on missing dependency
      build: better target name for lib link
      build: nearly there on samba4 build
      build: separate out dependencies and python rules
      build: commit all the waf build files in the tree
      build: waf quicktest nearly works
      build: waf test now works (at least for some tests)
      build: need the sample ldb module for our testsuite
      build: waf test now depends on build
      build: added ldb 'skel' module
      build: fixed group for heimdal autoproto
      build: added test targets for make
      build: default to waf -p
      build: fixed cflags in CHECK_CODE
      build: use a plain build, at request of metze :)
      build: fixed termcap build
      build: fixed samba_deps.py for python 2.4
      build: updates for current master build
      build: cope with the common gen_ndr files being in the git tree
      build: allow shared and python staging areas to be referenced in build tree
      build: check that the symlink doesn't exist before creating
      build: fixed the build without sasl libraries
      build: updated waf version
      build: more efficient pidl rules from ita
      build: try faster includes processing
      build: allow waf to cache include lists more efficiently
      build: an optimisation for includes file handling
      build: remove hacks from top level wscript
      build: we don't need varients in samba, so we can optimise a bit more
      build: fixed init function sentinal for python modules
      build: added a lot more options to waf test
      build: fixed some more missing targets
      build: go into system includes for dependencies on configure
      build: allow configure -C to work again
      build: removed unused file
      build: don't use -W warning option for developer build
      build: optionally enable builtin popt
      build: enable pytdb
      build: don't remove Makefile
      build: enable com library
      build: added a cflags_end SAMBA_SUBSYSTEM() option
      build: fixed the build of the com.so library
      build: only enable pytdb on s4 build
      build: teach samba_pild.py about the --com-header and --dcom-proxy options
      build: don't need the S4 in the PIDL prefix
      build: added 'waf etags' target
      build: alias the libiconv target name for subsystems that depend on 'ICONV'
      build: compatibility makefile targets
      build: disable WAFCACHE by default
      build: new waf version (fixed python install bug)
      build: cleanup the ASN1 rules a bit
      build: split build and install libraries/binaries
      build: fixed the install name for python modules
      build: ensure that the 'build' command appears in waf --help
      build: fixed config.h generation when we have source -> source4 symlink
      build: default to 1 job in make, to be build farm friendly
      build: fixed st_done test completion code
      build: python modules need the libs from broken lib loops too
      build: make bin/sambadeps depend on samba_deps.py modtime
      build: trim whitespace from CC options
      build: use RUN_COMMAND() to wrap os.system()
      build: fixed git version in samba -V
      build: don't default to WAFCACHE in configure
      build: install codepage files
      build: more optimisations from Thomas
      build: rename samba_includes.py to samba_optimisation.py
      build: updated waf-svn (lower preproc recursion limit)
      build: added SUBST_VARS_RECURSIVE()
      build: use SUBST_VARS_RECURSIVE() for install_path
      build: fixed includes paths for CHECK_CODE()
      build: don't install talloc_testsuite and ldbtest
      build: don't install the heimdal compilers
      build: install samba in sbin
      build: added --enable-gccdeps option
      build: tool to find missing install components
      build: check for pam headers
      build: conditionally enable inotify
      build: spelling fix, and syntax highlighting fix
      build: don't assume bash in configure.waf
      build: added WORDS_BIGENDIAN test
      build: gccdeps fixes from ita
      build: also need to put stripped CC in conf.env
      build: fixed REPLACE_GETPASS
      build: check libc first for several libraries
      build: don't add curses.h to incremental confdefs.h
      build: more non-incremental headers
      build: these cause problems incrementally too
      build: don't look for gettext twice
      build: cope with multiple checks for the same function/library
      build: cope with multiple libs in CHECK_FUNCS_IN()
      build: ensure all libs in CHECK_FUNCS_IN() get a target type
      build: lib needs to take a list when more than 1
      build: inet_n*() are normally in libc
      build: libreplace now depends on nsl and socket
      build: compile_et needs lib/com_err includes
      build: cope with double check for functions
      build: more functions that are in -lsocket -lnsl on some systems
      build: CONFIG_SET() takes conf argument
      build: more careful library list handling
      build: fixed check for pthread_create()
      build: fixed gnutls check
      build: don't use gcc warnings during configure
      build: if a library is found, but not the fn, still define the library
      build: fixed ifaddrs.h for heimdal (from template)
      build: tevent_epoll.c is conditional on HAVE_EPOLL
      build: 'makefile' (lowercase) is now a generated file
      build: cope with subsystems with no enabled modules
      build: removed testing cflags
      build: support systems without rpath
      build: fixed issue with CC="ccache cc" on solaris
      build: fixed libcli/ndr_netlogon.c dependency rules
      build: commented the missing subsystems
      build: optimise and re-enable check_duplicate_sources
      build: added --disable-shared option
      build: enable real cacheing with waf configure -C
      build: fixed build of heimdal/lib/roken/err.h
      build: rkpty should not directly include socket_wrapper.c
      build: more complete implementation of waf configure -C
      build: check if a simple C program runs
      build: added etags and ctags make targets
      build: mark wafsamba as unbuffered, so stdout and stderr are better in sync
      build: don't use double binaries/libs if not needed
      build: fixed handling of full dependencies for --disable-shared
      build: expand indirect syslibs after loop unrolling
      build: sun c compiler wants a newline
      build: python 2.4 doesn't support multiple union arguments for sets
      build: added CHECK_C_PROTOTYPE() configure function
      build: added checks for solaris getXXent_r() functions
      build: fixed prototype test
      build: rewrote the autoconf-like macros to be more consistent
      build: updated configure checks or new syntax
      build: fixed headers for C prototype check
      build: added --with-selftest-prefix
      build: socklen_t is in sys/socket.h
      build: configure fixes for opensolaris
      build: finer grained rpath checking for binary/install
      build: add additional libreplace conditional sources
      build: sys_lease_linux needs to be conditionally enabled
      build: setnttoken depends on libreplace
      build: test all the developer cflags before adding them
      build: add cflags from pkg_config results to header/function tests
      build: added msg argument to CHECK_TYPE()
      build: use shell=True for SAMBA_GENERATOR
      s3-waf: added build subdir for dynconfig generation
      s3-waf: more configure tests and minor fixes
      s3-waf: the start of the main build for s3
      build: use gzip for waf packing, to try to make it work on irix
      build: split out the base waf rules into buildtools/wafsamba/wscript
      build: fixed the cflags for pkg_config libs
      build: honor both --enable-gnutls and --disable-gnutls
      build: need to mark disabled libraries as DISABLED
      build: cope with systems that don't have md5 in python
      s4-waf: don't hardcode python path
      s4-waf: disable_gnutls is gone
      build: fixed case of system library deps
      build: a few more build rules that should have on_results=True
      s4-waf: remove the need for some of the lib aliases
      build: attempt to fix md5 problem on solaris8
      build: need to set h_file on Utils
      build: we need to replace md5 in Task as well
      build: old versions of perl don't understand the -W option
      build: honor existing LD_LIBRARY_PATH settings when adding shared lib paths
      build: solaris8 doesn't honor the -f flag to ln.
      s4-waf: replace stdint.h and stdbool.h on systems that don't have them
      s4-waf: update torture for new ndr/drsblobs.c tests
      s3-waf: modulesdir is in the base set of options now
      build: support variable expansion in source= arguments to build rules
      s3-waf: use new variable expansion feature
      build: started a library of common config tests for s3/s4
      build: a better way of calculating syslib dependencies
      build: much better rpath test function
      build: improved exception handling for systems without rpath
      build: fixed copy_script typo
      s4-waf: cope with systems with zlib versions that are too old
      s4-waf: another place where broken ln -f on solaris8 matters
      s4-waf: added checks for all the different statvfs varients
      s4-waf: look for libiconv before checking libc
      libreplace: add a replacement for strerror_r (needed on solaris8)
      s4-waf: added rap/rpc.c
      s4-waf: fdatasync is in librt on solaris8
      s3-waf: fixed tests for charsets
      build: added quote option to conf.DEFINE()
      s3-waf: charsets needs to be quoted as strings in config.h
      s3-waf: build version.h
      s3-waf: added options for static/shared module building
      build: these chdir() calls break waf on HPUX. They are not needed
      build: fixed EXPAND_VARIABLES() for env expansion
      s4-waf: started adding auto-install of include files
      s4-waf: forgot these files
      s4-waf: test/simple.c is not needed any more
      s4-waf: set CONFIG_H variable for selftest
      build: support wildcard mappings for header_path
      s4-waf: install the rest of the headers
      s4-waf: install pidl
      build: install build python modules correctly
      build: support wildcard excludes in INSTALL_WILDCARD()
      s4-waf: install the rest of our python files
      s4-waf: install PIDL modules
      build: only depend on the actual pidl source files in the pidl rule
      build: a hack to get perl to put its generated blib files in the build directory
      s4-waf: build and install the PIDL manpages
      s4-waf: only build the pidl manpages if we have MakeMaker.pm
      build: added support for pc_files= for pkgconfig files
      s4-waf: enable the pc_files in the build rules
      s4-waf: enable the configuration and options for pidl
      build: fixed destination name for pc_files
      s4-waf: install dcerpc_atsvc.pc
      build: fixed the python path in installed python scripts
      build: substitute @VAR@ variables in pkgconfig .pc.in files
      s4-waf: move the gnu dirs check to the generic wafsamba code
      build: throw an error on all bad variable substitutions
      s4-waf: ensure all the ldb.pc.in vars are set
      build: mark python rules as being part of the "main" group
      s4-waf: mark the wscript files as python so vim/emacs knows how to highlight them
      build: fixed build group for the PIDL tables generation
      build: add an ls -lR blib/ to the pidl build to help debug things in the build farm
      ldb-waf: rename libldb.so to libldb-s4.so if built as part of s4
      build: added support for controlling library types
      s4-waf: set the bundled library extension for some libs
      s4-waf: don't auto-include bundled library headers
      build: better waf test script
      build: better control over bundled library extensions
      s4-waf: set default for bundled libraries
      s4-waf: fixed some deps now we don't auto-include tevent and replace
      s4-waf: we need a recent version of perls MakeMaker module
      s4-waf: support the use of system libraries
      s4-waf: cleanup use of LIBPOPT vs popt dependency
      s4-waf: cleaned up tevent dependency
      build: only add -fPIC if it is supported
      build: auto-detect platforms which don't support shared libs
      s4-waf: more dependencies on talloc
      s4-waf: change bundled extension to 'samba4'
      waf-pidl: don't need this debug ls any more
      s4-waf: merge in the latest changes from master
      build: fixed popt subsystem on systems without popt
      build: work around missing defaults from gnu_dirs.py
      s4-waf: added libreplace dep for the conditional heimdal modules
      s4-waf: fixed dirfd() detection for heimdal
      s4-waf: added auto-detection of perl manpage extensions
      s4-waf: more places missing libreplace
      s4-waf: sys_lease depends on talloc
      build: tidy up the wafsamba rules a bit
      s4-waf: heimdal wants to look for dd_fd in DIR
      s4-waf: get the sense of the tests for the HAVE_INET_* replacements right
      s4-waf: ensure we don't end up with mixed versions of talloc/tdb/tevent
      build: move waf into buildtools/bin
      build: use 'Compiling foo.c' and 'Linking foo' like old build system
      build: fixed progress display
      pidl-waf: re-enable the pidl man pages
      build: reuse SAMBA_LIBRARY() to build python modules
      build: override PACKAGE_VERSION in pkg-config generation for libraries
      build: nicer progress display for a standard build
      s4-waf: added pydoctor and wafdocs targets
      build: added pattern option for recursive_dirlist
      ldb-waf: ldb needs HAVE_CONFIG_H for building a bundled popt
      build: fixed missing nodes display on errors
      talloc-waf: don't build the talloc testsuite in s4
      build: fixed the on_results problem with SAMBA_AUTOPROTO()
      s4-waf: added --enable-fhs configure option
      s4-waf: updated for new perl subunit options and filter name
      s4-waf: added rules for rebuilding the yapp parser in pidl
      s4-waf: removed the AUTOGENERATED markers
      s4-waf: install in /usr/local/samba by default
      s4-waf: added implied_deps for system libraries
      build: fixed a configure error with a totally clean tree
      s4-waf: don't assume perl takes -W option
      s4-waf: use the versions of perl/python found by configure
      build: removed debug line
      build: new waf version with local patches replaced by upstream changes
      s4-waf: show the fully expanded test command
      build: tweak the strategy for finding functions
      s4-waf: added a --enable-selftest option as a shortcut
      s4-waf: added test for dlopen prototype
      build: don't link when checking a C prototype
      build: added functions for compound configuration testing
      build: fixed install target for systems with rpath disabled
      build: expand indirect includes to fix disable-shared build
      s4-waf: add getaddrinfo.c replacement if needed
      s4-waf: look in libintl for dgettext()
      s4-waf: fixed some of the group ordering
      build: add require_headers option to CHECK_BUNDLED_SYSTEM()
      build: python libs need to be built shared, regardless of --disable-shared
      build: add python library object reduction
      build: finally got LIBRARY<->LIBRARY reductions working
      s4-waf: we don't need strerror_r from roken
      build: don't define vars in config.h for CONFIG_PATH()
      build: sys.exit is better than raise here
      s4-waf: use cflags for LDB_MODULESDIR
      s4-waf: remove PYTHONDIR from config.h
      build: refactor the object reduction code
      build: enable 'nothreads' when JOBS=1
      s4-waf: set JOBS=1 during configure.waf
      build: fixed the task counter when nothreads is used
      s4-waf: disable MAKEMAKER until a dependency problem is solved
      build: fixed the dependencies of the install targets
      build: enable nothreads workaround only with WAF_NOTHREADS=1
      build: only link install targets at install time
      build: much simpler and faster rpath install handler
      s4-waf: updates for the new python installer from jelmer
      s4-waf: filter-subunit has been renamed
      s4-waf: added new install system for external python libs
      s4-waf: format-subunit and filter-subunit are in python now
      build: a bit more information for tracking --target deps
      s4-waf: fixed install location of external python libs
      s4-waf: create a blank __init__.py in samba/external
      build: nicer display of command type for prototypes and generators
      build: make sure the directory exists in TOUCH_FILE()
      build: loop until all object reductions are complete
      talloc-waf: match version number with main build
      build: don't depend on the blib/ files in SAMBA_PIDL()
      pidl-waf: build pidl man pages and parsers separately
      pidl-waf: better handling of the man page generation
      pidl-waf: disable pidl manpages
      build: initial version of a tru64 compiler module
      build: added 'generic' cc support and a simple irix cc support module
      build: update wav-svn
      build: try the generic C compiler on hpux if gcc not found
      build: use waf from waf-svn.git repo
      build: try to fix the python link problem on SerNet-imini
      build: waf update to fix macos build error
      build: fixed DESTDIR for TOUCH_FILE()
      build: fixed the expansions in pkgconfig files
      talloc-waf: install talloc.pc if standalone
      build: removed some unused imports found by pyflakes
      s4-waf: added 'waf dist' to build the tarball
      s4-waf: added 'waf dist' to our standalone libs as well
      s4-waf: allow standalone tarball build of libraries
      build: nicer error msg when git ls-files fails
      s4-waf: avoid having to run waf configure before waf dist
      ldb-waf: fixed buildtools path
      s4-waf: fixed finding of buildtools and srcdir
      s4-waf: move to a universal method of recursing into subdirs
      s4-waf: use a common pattern for finding buildtools and libs
      s4-waf: new autogen-waf.sh
      s4-waf: autogen-waf.sh for the standalone library builds
      build: fixed LOAD_ENVIRONMENT for out of tree builds
      s4-waf: added python_dsdb from merge with master
      s4-waf: added simple 'waf test' support for tdb, talloc and ldb
      s4-waf: fixed waf distcheck for our standalone libs and s4
      build: simpler symlink_bin and symlink_lib methods
      s4-waf: replace TOUCH_FILE() with normal install rules
      build: update version of waf to add subdir argument to distcheck
      s4-waf: add subdir argument to distcheck for source4
      build: run distcheck in testwaf.sh
      s4-waf: don't need TOUCH_FILE() any more
      build: cope with binaries with subdir prefixes (for s3 waf build)
      build: use a target_in_list() function for more flexible builtin control
      s4-build: remove any 'makefile' that may have been left by the waf build
      build: make the handling of relative paths a bit saner
      build: the exceptions here are not useful
      build: we need this isinstance() check for distcheck
      build: added --picky-developer and --fatal-errors
      build: no need to re-create the lib and bin symlinks if they exist
      s4-waf: added --gdbtest option for waf test
      build: nicer error message on missing file in waf dist
      build: use Logs.error() and Logs.info() instead of print()
      s4-waf: only enable the python uuid module if python <= 2.4
      build: added --minimum-library-version configure option
      build: cope with symlinks between build components in waf dist
      build: use a common autogen-waf.sh for all builds
      s4-waf: move the KRB5_DEPRECATED check into lib/replace
      build: allow target upgrades from EMPTY to SYSLIB
      s4-ldb: fixed a crash bug for non-UTF8 strings
      build: added cross-compilation configure options
      s4-ldb: enable waf build of ldb without ldap backend
      build: cope with existing binaries in bin/ left over from the old build
      build: fixed a typo that prevented --bundled-libraries from working correctly
      build: check the type of implied dependencies
      s4-tevent: up tevent version number
      build: allow cross-builds to use shared libraries
      build: cope with spaces in options passed to ./configure
      build: added autoconf compatible configure options
      talloc-waf: added the manpage generation and talloc1-compat generation
      build: for unbundled libraries install devel link too
      talloc-waf: the talloc1-compat lib depends on talloc
      tdb-waf: added build of manpages and config options for RPM build
      tevent-waf: added man page and pkgconfig file
      s4-waf: don't try to use the system lib for the library build
      s4: prevent the autoconf build from removing source4/librpc/gen_ndr/README
      build: try to honor MAKEFLAGS from make
      Merge branch 'master' of ssh://git.samba.org/data/git/samba
      build: check that the user is not using an old /usr/bin/waf
      build: make the 'wrong version of waf' message even clearer
      build: ensure we don't recreate library loops in expansions
      s4-waf: removed a duplicate declaration of python_netbios
      build: throw a fatal error for duplicate target declarations
      s4-test: check that a weak password is rejected by kpasswd
      s4-test: added KRB5_CONFIG to selftest-vars.sh
      s4-net: nicer error message (and no exception)
      s4-net: allow a username to be displayed in setpassword errors
      s4-rpc: fixed the build with the old build system
      build: added a script for generating ABI signatures from shared libraries
      build: added ABI checking to the WAF build
      s4-waf: put the --xxx-wrapper options in 'developer options' group
      libreplace: added _PUBLIC_ and _PRIVATE_ to replace.h
      replace-waf: hide symbols in libreplace if a builtin library
      talloc-waf: added ABI checking for talloc
      talloc: mark public functions as _PUBLIC_
      tdb-waf: added ABI checking for tdb
      tevent: mark backend init fns as _PRIVATE_
      tevent-waf: enabled ABI checking in tevent
      ldb: mark the tdb backend in ldb as _PRIVATE_
      ldb-waf: enable ABI checking in ldb
      build: added abi type maps for _Bool and __va_list_tag
      s4-waf: rebuild signature files with the api type maps
      build: don't depend on the word size of nm output
      build: added abi_type_maps for FC12 struct va_list
      build: more adjustments for the ABI type name maps
      build: support make V=1 for verbose build
      build: fixed install of binary targets that are in subdirs
      s4-waf: removed the unused installdir= option to SAMBA_BINARY()
      build: cope with perl not being in /usr/bin/perl
      build: more dependencies on /usr/bin/perl -> ${PERL}
      build: expanded testwaf to include cross-compiling and python versions
      build: fixed a python-3 indent error
      s4-python: PyErr_SetString() will crash on NULL strings
      s4-dev: expanded selftest-vars.sh to match current testenv
      build: added --cross-answers support
      runcmd: use tevent_re_initialise() to close sockets
      s4-param: set SMB_CONF_PATH when we load a smb.conf
      s4-dns: use neater python for reading lines
      s4-test: we don't need -s set for samba_dnsupdate
      s4-waf: fixed WINBINDD_SOCKET_DIR for wb_common in s4
      build: make compare_install.sh also check for missing directories
      s4-waf: install some missing empty directories
      build: update waf from svn
      s4-waf: follow the configure directories for the empty install dirs
      build: allow "waf --abi-check" to force a re-check of the ABI
      build: quote cross-answer strings
      build: include uninitialised data in the ABI symbols
      tdb: update tdb ABI to use hide_symbols=True
      talloc: there is no ambiguity when freeing a ptr with a null parent
      pytalloc: ensure talloc_ctx is directly after PyObject_HEAD
      s4-dynconfig: added dyn_PYTHONDIR
      s4-python: added PYTHONDIR to python search path
      s4-net: show a list of commands when someone runs "net" with no arguments
      s4-net: don't show a full python exception when you can't open sam.ldb
      util-runcmd: ignore spurious ECHILD errors
      build: added uname display and SYSTEM_UNAME define
      s4-netlogon: fixed dc_unc and dc_address_type
      s4-pynet: accept None for target_dir in vampire
      s4-devel: allow extra net command line options and gdb
      s4-python: accept --option arguments in python cmdline parsing
      s4-schema: allow revision numbers of zero
      s4-provision: set "setup_dir" to the right path
      s4-python: added --realm option to python scripts
      s4-waf: create the smbd.tmp/messaging directory
      s4-provision: cope with --realm being in getopt.py
      s4-drs: accept zero revision in drs selftest
      s4-upgradeprovision: fixed --realm option duplicate in upgrade_from_s3
      build: fixed uname output to be on target machine when cross compiling
      s4-server: show build host in samba -b output
      waftest: updated the cross compilation environment I test with
      build: make python development headers not mandatory in standalone libs
      s4-waf: python devel headers are mandatory for the source4 build
      build: added --nonshared-binary=LIST option
      build: recalculate project deps when NONSHARED_BINARIES changes
      build: added --enable-auto-reconfigure
      s4-dsdb: moved rodc schema validation to samldb.c
      build: we don't need this makefile magic any more
      s4-dsdb: added dsdb_get_extended_dn_sid()
      s4-dsdb: added dsdb_validate_invocation_id()
      s4-dsdb: removed an unused variable
      s4-drs: only allow replication with the right invocationId
      s4-drs: removed dsdb_validate_client_flags()
      s4-libnet: fixed two compiler warnings
      s4-torture: fixed a initialiser
      s4-net: fixed two compiler warnings
      s4-drs: added new SECURITY_RO_DOMAIN_CONTROLLER level
      s4-drs: validate RODC credentials via the user_sid
      s4-cldap: we should set the w2k8 flags even if not the PDC emulator
      build: use 'waf distclean' for make distclean
      build: give a more useful error when the source dir has moved
      build: cope with duplicates in source lists
      build: use option_group() not add_option_group()
      build: a library is only empty if it has no deps
      build: normalise paths in unique source checking
      s4-heimdalbuild: remove LIBNETIF dependency from HEIMDAL_GSSAPI
      build: automatically run autogen-waf.sh when needed
      s4-drs: make links to foreign partitions non-fatal
      build: cope with realname for install of non-python libs
      s4-drepl: don't send an UpdateRefs unless its a plain replication
      s4-drs: don't send uninstantiated objects in getncchanges
      s4-drs: allow getncchanges requests to non WRIT_REP partitions for extended ops
      s4-ddb: don't create partitions with the UNINSTANT flag set
      s4-repl: don't delete repsTo entry on DsReplicaSync
      s4-repl: end repl request when not doing an UpdateRefs
      s4-repl: on a failed request, clear the current ptr
      s4-repl: these messages are common, and don't deserve debug level 1
      s4-getncchanges: honor DRSUAPI_DRS_REF_GCSPN
      s4-drepl: don't setup a repsFrom from a DC that isn't a master for a NC
      s4-drs: add entries to repsTo based on calculated repsFrom
      s4-dns: fixed dc.dc duplication in DNS update list
      s4-repl: added a workaround for WERR_DS_DRA_NO_REPLICA DsReplicaSync errors
      s4-vampire: show main CLDAP response attributes during vampire
      s4-drsdevel: support sites in drs developer scripts
      s4-netlogon: fixed breakage of dcesrv_netr_GetAnyDCName in sites patch
      s4-libnet: cope with an empty client site name from CLDAP
      s4-dns: cope better with comments in dns_update_list
      s4-dns: explain what the file is for
      s4-dsdb: added samba_spnupdate
      s4-param: added a "spn update command" option
      s4-dns: call spn update command alongside dns update
      s4-dns: install samba_spnupdate
      s4-provision: setup spn_update_list in provision
      s4-test: make spnupdate work without make install
      s4-torture: not all platforms have defines like AF_AX25
      s4-netlogon: fixed getDcNameEx2 for blank inputs
      build: added enabled=True/False option to SAMBA_BINARY()
      s4-waf: added --enable-build-farm configure option
      s4-idl: added generated files from rap.idl
      idl: we only need ndr_rap.[ch] and rap.h
      s4-ldb: use a parent context in the ldb utils
      build: uname on opensolaris returns 1 for success
      s4-waf: switch Samba4 over to the waf build by default
      s4-waf: fixed symlink path for autogen.sh
      build: fix for combined configure/build in one command
      build: added a check for group ordering within target dependencies
      s4-waf: fixed target group for SOCKET_WRAPPER
      build: use the waf patterns for RPATH
      build: allow use of target names as commands in waf
      s4-script: added a --waf option to minimal_includes.pl
      s4-waf: fixed indentation for python 3.1
      build: fixed wildcard handling for python 3.x
      build: enable python 3.0 and 3.1 in testwaf.sh
      idl: removed the generated gen_ndr/ files from pidl
      s3-idl: removed gen_ndr files from source3/ as well
      .gitignore: simplify the .gitignore after gen_ndr removal
      s4-waf: we don't need the symlink hack for gen_ndr any more
      s3-idl: auto-build IDL files in Samba3
      s3-idl: rebuild IDL files based on all outputs
      s3-idl: update the 2nd build_idl.sh script
      s4-ldb: add msg saying which build system is being used
      build: exit with an error if waf configure fails
      build: mark cloned task generators as not posted
      build: added a distcheck target
      build: use the wrapper commands in testwaf.sh
      build: update version of waf
      build: added configure test for inline
      s3-build: don't rebuild/link on every make run
      s4-ldb: check for ldap_initialize
      build: added a reconfigure target
      s4-devel: a useful script for giving DRS replication demos
      s4-devel: auto-delete any leftover IPs
      build: treat a blank --build or --host as not a cross-compile
      build: fixed pc file variable substitution
      s4-devel: a very useful script when dealing with library/linking issues
      s4-dynconfig: make dynconfig more compatible with s3
      s3compat: use right variable for STATEDIR
      s3-waf: All sorts of nasty hacks to finally get smbd to build/link
      s3-waf: correctly handle cups dependencies when cups development packages are not installed
      s3-waf: correctly handle the libcap dependency when libcap is not installed
      s3-waf: Add enable selftest configuration option
      s3-waf: move the KRB5_DEPRECATED check into lib/replace
      s3-waf: merged auth subsystem changes from master
      s3-waf: fixed SWATDIR to match old build
      s3-waf: fixed install path for sbin binaries
      s3-waf: install swat files
      build: get the SONAME right for installed libraries
      s4-python: python is not always in /usr/bin
      build: check if the manpages stylesheet is available locally
      s4-ldb: use CHECK_XSLTPROC_MANPAGES()
      build: allow always=True/False on SAMBA_GENERATOR()
      build: allow LOAD_ENVIRONMENT() to pass when no configure has been run
      build: only use git when found by configure
      s4-dsdb: fixed spelling of supportedSASLMechanisms
      s4-dsdb: fixed use after free of sasl mechanisms opaque
      s4-ldb: fixed the parsing of references in the openldap backend
      s4-ldb: fixed error handling in openldap backend
      s4-ldb: added ldb_options_find()
      s4-ldb: added support for simple binds on ldb_ldap backend
      s4-ldb: added ldb_error() and ldb_operr()
      s4-dsdb: use ldb_operr() in the dsdb code
      s4-net: the net binary depends on the auth subsystem
      s4-loadparm: change lp_*() to lpcfg_*() and provide s3 compatibility lp_*()
      s4-loadparm: 2nd half of lp_ to lpcfg_ conversion
      waf-idl: put the gen_ndr/README file for source3 back
      waf: make the error msg when gen_ndr directory is missing clearer
      lib: added samba-util.pc creation
      dns: first version of dsnRecord parser
      s4-ldb: added ldif handler for the dnsRecord attribute
      pidl: added a new type dnsp_name
      s4-dns: expanded the DNSP code to handle more record type
      s4-dns: fix dnsp for old build
      s4-dns: ndr_dnsp helper functions
      s3-printing: cope with missing printers in print migration
      s3-printing: cope with missing printers in print migration
      s4-build: use @PACKAGE_VERSION@ in s4 pc.in files
      dnsp: dnsp_name is 2 byte aligned
      ndr: allow ndr_print to print DATA_BLOB
      s4-build: fixed library name in dcerpc_server.pc.in
      waf: enable gccdeps in developer mode
      s4-ldb: add some comments explaining the ltdb_index_idxptr() function
      s4-ldb: fixed the ldb 'displayName=a,b' indexing bug
      s3-provision: cope with the policy directory already existing
      s4-ldb: test the 'displayName=a,b' bug
      s4-ldap: use common functions for ldap flag controls encode/decode
      s4-dsdb: added support for LDB_CONTROL_RODC_DCPROMO_OID
      s4-ldapserver: support controls on ldap add and rename
      s4-dsdb: fixed test for LDB_CONTROL_RODC_DCPROMO_OID
      s4-dsdb: support LDB_CONTROL_RODC_DCPROMO_OID for nTDSDSA add
      s4-ldb: use LDB_FLAG_MOD_TYPE() to extract element type from messages
      s4-ldb: added LDB_FLAG_INTERNAL_MASK
      s4-dsdb: set LDB_FLAG_INTERNAL_DISABLE_VALIDATION for msDS-SecondaryKrbTgtNumber
      s4-dsdb: cope with cracknames of form dnsdomain\account
      s4-dsdb: added support for UF_PARTIAL_SECRETS_ACCOUNT
      s4-drs: fixed check for SECURITY_RO_DOMAIN_CONTROLLER
      s4-drs: added domain_sid to DRS security checks
      s4-drs: allow getncchanges from RODC with WRIT_REP set
      s4-dsdb: check the type of session_info from the opaque
      s4-net: use an encrypted ldap session when setting passwords
      s4-netlogon: added SEC_CHAN_RODC
      s4-rpcserver: log unknown RPC calls at debug level 3
      s4-ldbwrap: ensure session_info in ldb opaque remains valid
      s4-ldb: ensure element flags are zero in ldb search return
      s4-drs: added sam_ctx_system on DRS bind state
      s4-drs: implement RODC attribute filtering override
      idl: added the RODC allow/deny secrets RIDs
      s4-dsdb: fixed dsdb_get_extended_dn_sid()
      s4-drs: bring us much closer to the docs for DRS secret replication
      s4-drs: fixed the error code for EXOP_REPL_SECRET getncchanges calls
      s4-ldb: added support for rodc_control in ldb
      s4-pysamdb: fixed get_domain_sid()
      s4-dsdb: the RODC_JOIN control also changes samAccountName
      pidl: added a __ndr_print__() method on python NDR objects
      pidl: cope with bad type conversions in unions
      pidl: give the varible name for bad type in python calls
      pyldb: do type checking on the list form of ldb add
      librpc: add python bindings for the netlogon pipe
      s4-net: better error message on net setpassword
      s4-waf: re-use SAMBA_LIBRARY() in building shared modules
      libreplace: fixed the strptime() waf test
      pidl-python: fixed the docstrings for ndr_print, ndr_pack and ndr_unpack
      s4-python: added ndr_print() method in ndr
      s4-libnet: added join type constants to python interface
      s4-net: moved the net join command to python
      s4-libnet: show the DN when DsAddEntry() fails
      s4-libnet: split libnet_Vampire() into two parts
      libnet-s4: added replicate() command in pynet
      s4-net: added initial implemention of RODC join
      s4-drs: removed the warning on WRIT_REP being set
      s4-drs: show the user sid that does the GetNCChanges call
      s4-net: role should be case insensitive for join
      s4-event: event_context_find() should use s4_event_context_init()
      s4-pyregistry: use s4_event_context_init()
      s4-pyrpc: use s4_event_context_init()
      s4-devel: added a getncchanges developer script
      idl-nbt: fixed typo
      s4-libnet: added libnet_vampire_replicate_init()
      s4-pynet: added replicate_init() and replicate_chunk() calls
      s4-rodc: next step in RODC join code
      s4-dsdb: added get_attid_from_lDAPDisplayName() on samdb
      s4-dsdb: add more DS flags to the dsdb module
      s4-rodc: added REPL_SECRET exop replication of accounts
      s4-rodc: broke up RODC join into separate functions
      s4-dsdb: make more of the UF_* flags available on pydsdb
      s4-pytalloc: use better names for python talloc objects
      s4-repl: load RODC partitions using msDS-hasFullReplicaNCs
      s4-pyglue: added talloc_report_full() and talloc_enable_null_tracking()
      s4-rodc: setup secrets database at end of RODC join
      s4-pyglue: pyglue now depends on pytalloc
      pytalloc: fixed py_talloc_steal()
      s4-python: reference substructures onto the parent structure
      s4-rodc: removed python memory workaround
      s4-pyglue: added talloc_total_blocks() python call
      s4-pyrpc: added a test for talloc behaviour in pidl python code
      s4-pynet: some systems don't have Py_TYPE()
      s4-pyrpc: convert rpc_talloc.py test to unittest framework
      s4-drs: split out drs utility python functions
      s4-net: added "net rodc preload" command
      s4-net: fixed docstring on spn command
      s4-devel: added enumprivs developer script
      pidl-python: ensure we allocate ref ptrs before use
      s4-pynet: pynet depends on pyrpc_util
      s4-net: use CommandError() in net rodc
      pytalloc: treat a NULL ptr as Py_None
      pidl-python: cope with NULL pointers in more places
      pynet: fixed ref count error on Py_None
      doc: patched bind9 is no longer needed
      pidl: cope with dom_sid28 in python generator
      s4-pidl: added a test for all generated rpc interfaces
      s4-resolve: add a default domain for unqualified names in file backend
      s4-selftest: try DNS before bcast in selftest
      s4-auth: make the disabled acct messages a bit less verbose
      s4-resolve: added resolve_name_ex_send()
      s3-param: added lp_set_cmdline() and --option= parameter
      util: added samba_start_debugger()
      waf: fixed make test with TESTS="test1 test2"
      selftest: run client tests with log level 1
      torture-lsa: cope with STATUS_SOME_UNMAPPED errors
      s4-process: fixed the thread process model so it compiles
      s4-packet: make packet_recv_disable() a lot more efficient
      s4-ldapserver: serialise ldap server operations
      waf-abi: fixed small uninitialised data on PPC64
      librpc: bitten by the strncasecmp define again
      s4-rodc: s->schema need initialisation
      s4-pydsdb: expose samdb_partitions_dn() as get_partitions_dn() in python
      s4-provision: fixed error format string
      pyldb: expose PyLdbDn_FromDn()
      s4-rodc: get the domain name from the partitions DN
      s4-test: added a RODC to our testing
      s4-test: added a RODC test using rpcecho
      s4-rodc: cope with missing searchFlags
      s4-fsmo: update FSMO changes for recent IRPC work
      privileges: privilege luids are not all below 64
      s4-lsa: privilege IDs should use the enum, not an int
      s3-privileges: add handling of both old and new formats in database
      s4-credentials: get all attributes in cli_credentials_set_secrets()
      s4-param: move back to auto-generation of loadparm prototypes
      s4-param: removed the lp_ varients of the functions
      winbind-waf: the installed name is libnss_winbind.so.2
      nss-waf: use the right winbind pipe path
      s4-anr: check for allocation failure before use
      s4-dsdb: defer ac->msg after check for NULL ac
      s4-dsdb: free right context on failure
      s4-dsdb: fixed use after free for RODC
      s4-rootdse: setup length after NULL check
      s4-dsdb: check for invalid backend type
      s4-smb: smbsrv_blob_push_string() can return -1
      s4-kcc: removed redundent loop check
      s4-messaging: add support for no_reply in irpc messages
      s4-rodc: add a trigger message for REPL_SECRET to auth_sam
      talloc: fixed spelling errors in comment
      s4-smb: serialise session setup operations
      s4-auth: allow multiple active auth backends
      s4-schannel: fixed reference to context after free
      s4-auth: set the RODC bit for RODC schannel
      s4-auth: when we are a DC enable winbind auth
      s4-secrets: fetch secure channel type with domain SID
      s4-libnet: converted finddcs call to tevent_req
      s4: fixed some printf format errors
      s4-dns: fixed lookup of SRV records using dns_ex
      s4-resolve: added resolve_name_multiple_recv()
      cldap: use ipv4 not up for unbound cldap sockets
      s4-secrets: fixed shadowed variable warning
      s4-finddcs: added finddcs_cldap()
      s4-cldap: don't set the writable bit when we are a RODC
      s4-libnet: use finddcs_cldap() in libnet_lookup
      s4-winbind: use finddcs_cldap() in winbind
      s4-finddcs: rename finddcs to finddcs_nbt
      s4-libcli: change finddcs.h -> finddc.h
      s4-pynet: added finddc call
      s4-rodc: use python finddc code to avoid the need for --server
      s4-join: give a clear error when using short domain form
      s4-selftest: use the full domain name in joins
      s4-finddc: use NBT lookup for a 1C name if joining a short domain name
      s4-netlogon: fixed logic for setting DS_SERVER_WRITABLE
      s4-repl: use consistent API calls for getting DN GUID
      s4-finddcs: show required server type bits on failure
      s4-resolve: the file backend should not look at the name type
      s4-libnet: force IDL printing for high debug levels
      s4-libnet: print the domain name on domain open failure
      tsocket: we return -1 on error, not fd
      s4-rpc: fixed double free in RPC proxy
      s4-selftest: enable logging in valgrind server xterm
      s4-finddcs: ensure we free previous cldap requests before starting a new one
      s4-server: check the return of irpc_binding_handle_by_name
      cldap: prevent crashes when freeing cldap socket
      s4-rpcserver: set unbind method to NULL in remote server
      s4-repl: cleanup getncchanges extended op calls
      s4-repl: split out the extended op handling
      s4-pyrpc: added py_return_ndr_struct()
      s4-drs: get lpcfg_dnsdomain() instead of lpcfg_realm()
      s4-pyjoin: fill in the dns name in the python replication method
      s4-pynet: return the full netlogon response from python finddc
      s4-pyjoin: use new pynet finddc interface
      s4-repl: cleanup the extended op calls in repl server
      s4-repl: added repl_secret handling
      s4-repl: added min_usn to extended replication call
      s4-repl: add partial attribute set to getncchanges calls for RODCs
      s4-repl: if we are an RODC don't set WRIT_REP in replication
      s4-pydrs: fix for python 2.4
      s4-test: enable valgrind on wbinfo tests
      s4-drs: removed a debug print in repl secret
      s4-drs: initial skeleton for DrsReplica{Add,Del,Mod} calls
      s4-drs: make debugging DsUpdateRefs a bit easier
      s4-credentials: added ability to control forwardable attribute on krb5 tickets
      s4-pycredentials: expose forwardable setting via python
      s4-kerberos: obey the credentials setting for forwardable tickets
      s4-dns: use a non-forwardable ticket in samba_dnsupdate
      pidl: prevent ndr_print_*() dying on NULL pointers
      s4-rpcserver: allow saving of bad RPC packets
      s4-netlogon: added IDL for netr_DsrUpdateReadOnlyServerDnsRecords
      s4-kdc: prevent segfault on bad trust strings
      tdb: added TDB_NO_FSYNC env variable
      wbclient: paranoid check for double free
      wbclient: gr_mem can be NULL
      s4-winbind: fixed two valgrind errors
      tdb: added TDB_NO_FSYNC env variable
      wbclient: paranoid check for double free
      wbclient: gr_mem can be NULL
      pidl: prevent ndr_print_*() dying on NULL pointers
      idl: build python interfaces for winbind and idmap IDL
      s4-pyrpc: allow python to access irpc interfaces
      s4-devel: developer script for adding DNS entries via netlogon RPC
      s4-pydsdb: don't force am_rodc unless it is set by caller
      s4-pydsdb: added am_rodc() method on samdb
      s4-finddcs: added some debug messages on failure
      s4-rodc: added RODC DNS update support to samba_dnsupdate
      s4-cldap: improved debug msgs in finddcs_cldap()
      s4-libnet: use the right domain name in libnet_lookup
      s4-dns: added --all-names option to samba_dnsupdate
      s4-dns: fixed the dns_domain_info_type for netlogon DNS calls
      s4-rodc: override client site from cldap response
      s4-rootdse: mark registered controls as non-critical
      s4-kcc: a bit more debug info on repsFrom creation
      s4-rodc: fixed repsFrom store on RODC
      s4-pyrpc: fixed build on python 2.4
      s4-drepl: use the partition UDV and hwm for extended getncchanges ops
      s4-kcc: pass the service context into the kcc connection code
      s4-kcc: added service->am_rodc
      s4-gensec: fixed a GSSAPI SASL negotiation bug
      s4-gensec: prevent a double free in the error path of GSSAPI auth
      s4-drs: we don't need to decode to utf8 in python dcerpc strings any more
      s4-gensec: fixed a client side bug in GENSEC/SASL/SSF negotiation
      s4-kcc: the kcc should not be setting the repsTo attribute
      lib-subunit: fixed build on systems without subunit devel library
      torture: fixed a valgrind error in SMB2-CREATE
      s4-repl: use dreplsrv_partition_source_dsa_by_guid to find source dsa
      s4-repl: force on WRIT_REP when we are a writable replica
      s4-repl: use namingContexts from rootDSE to initialise partition list
      s4-pycredentials: avoid a tallloc_free on ref
      s4-repl: don't store repsFrom on DNs other than NC heads
      s4-finddcs: allow override of server IP address
      s4-libnet: added server_address option in libnet context
      s4-pynet: added server keyword to Net() initialisation
      s4-net: added --ipaddress option to net commands
      s4-repl: make getncchanges a bit less verbose
      ldb: added request location tracking
      s4-dsdb: added tagging of requests in dsdb modules
      ldb: mark the location of a lot more ldb requests
      script: added autobuild.py automatic build test script
      autobuild: added --rebase option
      autobuild: added a EDITOR script to mark successful autobuilds
      autobuild: added --rebase-master and --push-master
      autobuild: added --fix-whitespace option
      autobuild: enable ccache
      s4-provision: switch to dns-HOSTNAME instead of dns
      s4-dns: the DNS/${HOSTNAME} SPN should be on the DNS account only
      autobuild: added --retry option
      s4-spn: don't try to do SPN updates as a RODC
      s4-drs: use the system sam_ctx for updaterefs
      idl-pac: add a decoder for the pac info ctr
      s3-selftest: added samba3.posix_s3.rap.printing as a knownfail
      autobuild: fixed detection of master changes
      s4-auth: fixed the SID list for DCs in the PAC
      autobuild: exit immediately if no changes from master
      autobuild: use killbysubdir if available
      s4-provision: fixed the generation of the krb5.conf for vampire
      s4-dns: use the generated krb5.conf in samba_dnsupdate
      s4-gensec: fixed a valgrind error in gensec
      s4-drs: fixed comment in getncchanges code
      s4-ildap: fixed a talloc_steal with references error
      heimdal: avoid DNS search domain expansion
      s4-dns: avoid search domains expansion in DNS resolver
      s4-drs: make getncchanges debug less verbose
      s4-kcc: don't print "Testing kcctpl_create_intersite_connections"
      s4-ildap: two more places that need talloc_reparent()
      s4-auth: removed unused variable dom_sid
      s4-dsdb: added samdb_find_site_for_computer() and samdb_find_ntdsguid_for_computer()
      s4-kcc: fixed a incorrect context to kcctpl_get_all_bridgehead_dcs
      s4-ldb: removed an unused variable
      s4-kdc: added ifdef guards in kdc.h
      pidl: added ifdef guards around ndr headers
      s4-dns: added --update-list option to samba_dnsupdate
      s4-netlogon: added RODC DNS update call fwded to dnsupdate task
      s4-dns: implemented RODC DNS update in dns update task
      s4-provision: fixed the authority response for our SOA record
      filter-subunit: added a --fail-immediately option
      s4-selftest: added a --fail-immediately option to s4 test
      waf: we don't need the preprocessor recursion limit any more
      s4-drs: moved the drs_ObjectIdentifier handling to dsdb_dn.c
      s4-drs: use drs_ObjectIdentifier_*() calls in getncchanges
      ldb-tdb: ignore failure to register control on rootdse
      s4-drs: added support for DRSUAPI_EXOP_REPL_OBJ
      selftest: enable FAIL_IMMEDIATELY in autobuild make test
      autobuild: use git notes for autobuild messages
      ldb-dn: don't crash on NULL in ldb_binary_encode_string()
      s4-sam: fixed termination of krbtgt_attrs (comma and NULL)
      heimdal: fixed timegm UTC/GMT bug
      s4-kdc: RODC DCs should be able to produce forwardable tickets
      s4-provision: simplify our generated krb5.conf
      s4-kerberos: use TZ=GMT when we are invoking krb5 code in helpers
      s4-drsutils: expose DsBind() call in drs_utils.py
      s4-spnupdate: when we are a RODC we need to use the WriteSPN DRS call
      libds: added more UF_ -> ACB_ flags mappings
      s4-sam: added DOMAIN_RID_ENTERPRISE_READONLY_DCS for RODCs in the PAC
      util: added BINARY_ARRAY_SEARCH_V()
      s4-drs: added drs_security_access_check_nc_root()
      s4-drs: implement PAS checks and access checks for getncchanges
      s4-devel: added new options to getncchanges script
      s4-samldb: also set a password on the krbtgt_NNNN account
      s4-dns: send A record updates via TKEY
      idl-drsuapi: fixed another replica_flags that should use the bitmap
      s4-kcc: fixed the replica_flags in repsFrom in the kcc
      s4-drepl: fixed the checking of replica_flags in the drepl server
      s4-drepl: don't call UpdateRefs on a RODC
      s4-drs: added support for level 10 of getncchanges
      autobuild: fixed exit status
      autobuild: added much better email reporting
      s4-dsdb: silence the domainFunctionality not setup warning
      s4-libnet: wipe the old keytab when exporting
      s4-drs: put the GCSPN flag into the repsTo if requested
      s4-rodc: fixed the keyVersionNumber on the RODC account in secrets.keytab
      s4-provision: wipe the old keytabs when provisioning
      autobuild: push of ref/notes/commits isn't allowed in master
      selftest: fixed a selftest error on sn
      s4-spn: don't try and send an empty SPN list
      autobuild: fixed the --tail option for new log locations
      s3-selftest: added samba3.posix_s3.rpc.spoolss.printer to knownfail
      s4-dsdb: fail the transaction instead of asserting on error
      s4-rpmd: fixed a use after realloc bug
      autobuild: cwd is needed on all command types
      autobuild: fixed the tuples in the retry_task
      autobuild: disable the subuit changes for now - they break error checking
      autobuild: revert a bit more of the subunit changes
      s4-auth: fixed a vagrind error when creating keytabs
      autobuild: fixed tuple count for retry
      s4-kcc: remove stale repsTo entries in the KCC
      s4-drs: fixed comparison login in replicated renames
      s4-dsdb: added dsdb_search_by_dn_guid()
      s4-rpc: added target_principal binding handle option
      s4-repl: use the GC principal name for DRS replication connection
      autobuild: include autobuild.log in logs.tar.gz
      autobuild: show top commit in emails
      script: added bisect-test.py git bisect script
      bisect: more bisection options
      s4-selftest: fixed up exit codes on signals for make test
      s4-selftest: added --screen option for test
      s4-server: exit with status 127 on SIGTERM
      s4-ldif: get rid of the ndr_pull_error message on startup
      s4-test: silence the Failed to chown message in make test
      s4-test: silence a tap2subunit error
      s4-selftest: silence warnings about bind chown
      s4-selftest: support 'make testenv SCREEN=1'
      s4-kcc: silence "Testing kcctpl_create_intersite_connections" message
      autobuild: override the editor when marking the commit
      waf: workaround for the 'make install' breakage
      s4-test: changed the gentest test to use a fixed seed.
      waf: fixed the problem with com_err on Ubuntu 9.04
      s4-heimdal: disable using the system compile_et for now
      waf: update to waf version 1.5.19
      waf: fixed some python3.x portability issues
      autobuild: only add autobuild.log if it exists
      s3-spoolss: added another intermittent failure to knownfail
      waf: allow for commands like "make bin/smbtorture"
      s3-build: use the simpler "make bin/smbtorture" for s4 torture
      maintainers: added initial MAINTAINERS.txt
      maintainers: delete the old MAINTAINERS file
      waf: fixed exit status of test suites
      script: improvements to bisect-test.py
      s4: mark us as not supporting python3 yet
      autobuild: add an extra blank line before the autobuild markers
      autobuild: send email failure if rebase fails
      ldb: when running from build directory, use the build modules
      s4-dynconfig: use the build modules when running from build directory
      autobuild: do make install after make test
      s4: don't rebuild all of heimdal when dynconfig options change
      s4-torture: fixed uninitialised variable error
      s4-torture: zero all of trans before the test starts
      s4-ldb: added an optional operator_fn in the schema syntax
      s4-ldb: implement an operator_fn for the ldb-samba syntaxes
      s4-ldb: use operator_fn syntax function in ldb_match code
      s4-schema: don't name variables after standard libc functions
      s4-ldb: take advantage of ldb_match_msg_error() in more places
      ldb: raise minor version number for new ldb_msg_match_error() function
      s4: show samba version in bin/samba -b
      security: ensure the merge of libcli/security doesn't change s3 behaviour
      s4-heimdal: fixed some trailing commas in heimdal build
      s4-waf: automatically remove stale C and header files
      s4-net: fix the dependence on command line ordering
      s4-finddcs: better debug messages to help track down DNS problems
      script: the --tests option has been replaced by --test-command
      s4-net: exit with a failure when a command is unknown
      s4-test: fixed test_kinit.sh time command test
      s4-test: fixed a typo in test_kinit.sh
      replace: cope with systems that have fdatasync(), but don't have the prototype
      readline: fixed the test for history_list()
      waf: automap shared library names from .so to the right extension
      waf: don't save deps on install
      waf: put -Wl,-no-undefined only in the linker flags, not when compiling C
      s4-ldb: added ldb_req_mark_untrusted() and ldb_req_is_untrusted()
      s4-ldb: added --relax cmdline option
      s4-ldb: cope with NULL oid in controls
      s4-dsdb: filter unregistered controls in the rootdse module
      s4-ldap: mark all ldap:// requests as untrusted
      s4-ldb: increase minor version for 2 new functions
      selftest: terminate selftest if we can't setup the environment
      s4-dsdb: register the DCPROMO_OID control with the rootdse
      s4-mailslot: fixed handling of random collision in temporary mailslot names
      autobuild: create an autobuild.pid file
      waf: added --show-deps and --show-duplicates
      waf: rework expand_subsystem_deps()
      waf: allows libraries to be marked as private_library=True
      waf: fixed expansion of direct_objects and direct_libs
      libcli: make the LIBSECURITY subsystem into a private library
      s4-dsdb: make SAMDB_COMMON into a private library
      waf: re-work the module alias code
      wrapper: make socket_wrapper, uid_wrapper and nss_wrapper private libs
      libcli: make LIBCLI_NBT a private library
      s4-ndr: make NDR_TABLE a private library
      replace: make libreplace a private library
      s4-auth: make auth a private library
      s4-libcli: make LIBCLI_LDAP a private library
      waf: cope with libraries with a specified version number
      build: subunit and popt need to be marked as private libraries
      s4-build: fixed some formatting
      waf: added the concept of a grouping_library
      waf: replace the is_bundled option with private_library
      s4-waf: removed dependencies on missing subsystems
      waf-build: create a samba_sockets grouping library
      waf-build: create a NDR_SAMBA grouping library
      s4-build: make LIBSAMBA-NET a private library
      s4-waf: make NDR_STANDARD a grouping library and add NDR_SAMBA4
      s4-dsdb: moved a bunch of fuctions from schema/schema_info_attr.c to samdb/ldb_modules/schema_util.c
      s4-lib: make SMBPASSWD a private library
      s4-libcli: make LIBSAMBA-ERRORS a private library
      lib: add UTIL_TEVENT to samba_sockets grouping library
      nsswitch: make LIBWBCLIENT a private library
      nsswitch: make LIBWINBIND-CLIENT a private library
      s4-dsdb: make ldb_password_hash depend on hdb not HEIMDAL_HDB_KEYS
      s4-kdc: make DB_GLUE a private library
      s4-events: make LIBEVENTS a private library
      s4-socket: make LIBNETIF a private library
      s4-libcli: make LIBSECURITY_SESSION a private library
      waf: prevent the global deps list creating depenency loops
      s4-waf: removed the XATTR and SASL aliases
      s4-waf: don't depend directly on python modules
      waf: raise an error on a dependency on a python module
      s3-waf: mark some libraries as private
      s4-param: added a libshares grouping library
      s4-python: added a samba_python grouping library
      librpc: added NDR_XATTR and NDR_UNIXINFO to the NDR_SAMBA grouping library
      waf: added pyext option to SAMBA_LIBRARY()
      lib: make WRAP_XATTR a private library
      librpc: added RPC_NDR_SAMBA grouping library
      s4-ldb: make pyldb_util a private library
      librpc: added a few more NDR_* targets to NDR_SAMBA
      s4-waf: removed the dependency loop between ntvfs and dcerpc_server
      waf: show duplicate objects in python modules as well as libraries
      s4-python: python_samba needs pyext
      s4-rpc_server: split out DCERPC_SHARE as a separate subsystem
      s4-events: LIBEVENTS depends on LIBSAMBA-UTIL
      s4-dsdb: fixed depenencies for -no-undefined
      libcli: LIBSECURITY depends on NDR_SECURITY
      s4-librpc: fixed depenencies for libcli/security
      waf: fixed the handling of -Wl,-no-undefined
      waf-python: make the pyext flag add the pyembed features for libraries
      waf: loosen the restriction on depending on python libs
      s4-ldb: make ldb_options_find() public
      s4-dsdb: force LDB_ERR_NO_SUCH_ATTRIBUTE on missing schemaInfo
      waf: check the linker accepts a set of ldflags before using them
      waf: RPC_NDR_WINBIND is samba4 specific
      autobuild: don't cleanup the pid file within the retry loop
      s4-waf: we don't need the smbtorture.static for s3 any more
      s3-waf: fixed waf configure for recent changes
      s3-waf: fixed paths in s3 waf build for rpc_server
      waf: moved the -Wl,-no-undefined flags to source4 and ldb
      waf: quote subsystem names to make them clearer
      s3-waf: fixed the s3 waf build
      waf: sped up the project rules checking
      s4-ldb: create a private library ldb-cmdline
      replace: create a private replace-test library
      s4-heimdal: fixed the use of error_message() in heimdal
      s4-heimdal: removed the use of signal.c from roken
      s4-kdc: create a 'pac' private grouping library
      waf: added suncc_wrap
      waf: added env.DEVELOPER_MODE flag
      waf: display the paths in library loops
      waf: separate out get_tgt_list()
      waf: cope with rules with no inputs
      waf: use Utils.WafError() instead of raising an AssertionError
      waf: build all libraries after all object files
      waf: added --symbol-check option
      waf: don't auto-depend on subsystems
      waf: cope with subsystems with no static modules
      waf: give a better error on a bad grouping library
      waf: save the samba_deps_extended
      s4-smbd: don't initialise process models more than once
      s4-smbd: make our process models into real modules
      s4-torture: simplify the depenencies for TORTURE_DRS
      s4-modules: remove LD_SAMBA_MODULE_PATH
      s4-rpc: split the dcesrv reply code out of dcerpc_server
      zlib: use the real library name 'z' instead of ZLIB
      s4-ldbwrap: split ldb-wrap out from the LDBSAMBA subsystem
      s4-ldb: add explicit depenencies on ldb library in ldb modules
      s4-credentials: make a private library from CREDENTIALS subsystem
      s4-auth: make KERBEROS subsystem into authkrb5 private library
      s4-tdb: make tdb-wrap into a private library
      s4-replace: make libreplace a private shared lib in s4
      s4-cluster: make cluster a private shared lib
      s4-dns: make the dns update task an external module
      s4-cmdline: make cmdline-credentials a private library
      s4-ndr: make ndr-table a subsystem
      s4-build: removed some unnecessary dependencies
      waf: get rid of target aliases in wafsamba
      s4-test: don't override modules dir
      s4-waf: added a lexyacc.sh script that manually rebuilds the heimdal parsers
      s4-heimdal: lex_err_message() should not be static
      waf: fixed building of non-shared binaries that contain modules
      s4-smbd: leave the single process model as internal
      s4-smbd: initialise process models in smbtorture before use
      s4-auth: added a dependency on com_err
      s4-server: avoid using environ as it is not portable
      waf: added module_init_name parameter to SAMBA_MODULE()
      s4-ldb: support a new type of ldb module loading
      s4-ldb: convert the ildap module to the new type of ldb module
      s4-ldb: convert the openldap ldb backend to the new style of module
      s4-dsdb: convert the extended_dn_out module to the new ldb module style
      s4-dsdb: convert the simple_ldap_map module to the new module style
      waf: added automatic prototyping of static module init functions
      s4-process_model: use the static module prototyping
      s4-ldb: convert the rest of the ldb modules to the new style
      s4-ldb: removed the old ldb module loading style
      s4-test: we don't need to set LDB_MODULES_PATH any more
      s4-dsdb: convert the rest of the ldb modules to the new module type
      waf: removed the module aliases code
      s4-modules: get rid of the remaining static prototypes for modules
      s4-ldb: it is not an error for the modules directory to not exist
      s4-ldb: added an override flag to ldb_register_backend()
      s4-ldb: added support for general ldb hooks in modules
      s4-ldb: moved the ldb_ildap backend into lib/ldb-samba
      s4-ldb: added samba_extensions ldb module
      s4-ldb: added ldb command line hook support
      s4-ldb: convert existing ldb tools to use new command line hooks
      s4-ldb: fixed build of oLschema2ldif
      s4-ldb: fixed build of paged searches
      s4-ldb: added support for ldb module version checking
      s4-ldb: enable ldb module version checking
      s4-ldb: enable version checking in dsdb ldb modules
      s4-ldb: use ldb_set_modules_dir() to load additional ldb modules
      s4-ldb: removed ldb_includes.h
      s4-ldb: expose some more ldb module functions
      s4-dsdb: removed the use of ldb_private.h from s4
      s4-ldb: give the user a hint as to what may be wrong
      waf: fixed wildcard build
      waf: rerun deps calculation on LDFLAGS or