[SCM] Samba Shared Repository - annotated tag tevent-0.12.0 created

Stefan Metzmacher metze at samba.org
Mon Apr 11 23:59:20 UTC 2022

The annotated tag, tevent-0.12.0 has been created
        at  355edbaebad11d45987d21d9caea04917638bcdc (tag)
   tagging  a20d41accdc999262da94531627c7e1e8ec7677f (commit)
  replaces  samba-4.16.0rc1
 tagged by  Stefan Metzmacher
        on  Tue Apr 12 01:59:10 2022 +0200

- Log -----------------------------------------------------------------
tevent: tag release tevent-0.12.0


Andreas Schneider (107):
      s4:kdc: Add a HDB to SDB mask
      s4:kdc: Remove trailing spaces in hdb-samba4.c
      s4:kdc: Translate HDB flags to SDB flags
      bootstrap: Fix CentOS8 runner
      bootstrap: Migrate to CentOS8 Stream
      selftest: Do not force -d0 for smbd/nmbd/winbindd
      builtools: Make abi_gen.sh less prone to errors
      bootstrap: If the mold linker is available prefer it over gold
      bootstrap: Install mold linker on Fedora 35
      s3:winbindd: Add a sanity check for the range
      s3:utils: Add a testparm check for idmap autorid
      docs-xml: Fix idmap_autorid documentation
      editorconfig: Final newlines are pycodestyle
      third_party:waf: Print the version of waf at the end of the update script
      third_party: Update waf to verison 2.0.23
      s3:utils: Fix missing space in testparm output
      autobuild: Rewrite the symbol checking
      editorconfig: Change shell to tabs with tab width 8
      configure: Reformat wrapper script
      buildtools: Reformat shell scripts
      docs-xml: Reformat shell scripts
      examples: Reformat shell scripts
      selftest: Add ad member with idmap_autorid backend
      s3:tests: Run test_idmap_rid.sh against admem_idmap_autorid
      autobuild: Run admem_idmap_autorid tests
      lib:fuzzing: Reformat shell scripts
      lib:ldb: Reformat shell scripts
      lib:replace: Reformat shell scripts
      lib:tdb: Reformat shell scripts
      lib:tevent: Reformat shell scripts
      nsswitch: Reformat shell scripts
      packaging: Reformat shell scripts
      editorconfig: We always inserted a new line so keep doing that
      python: Reformat shell scripts
      release-scripts: Reformat shell scripts
      script: Reformat shell scripts
      selftest: Reformat shell scripts
      s3:locale: Reformat shell scripts
      s3:script: Reformat shell scripts
      s4:kdc: Align sflags type
      s4:kdc: Also cannoicalize krbtgt principals when enforcing canonicalization
      selftest: More tests are passing with MIT KRB5 >= 1.20
      s4:mitkdc: Set KRB5_KDB_NO_AUTH_DATA_REQUIRED based on sdb no_auth_data_reqd
      s4:mitkdc: Add support for MIT Kerberos 1.20
      s4:mitkdc: Add support for S4U2Self & S4U2Proxy
      s4:kdc: Implement new Microsoft forwardable flag behavior
      s4:auth: Remove trailing spaces in sam.c
      s4:auth: Also look up msDS-AllowedToActOnBehalfOfOtherIdentity for RBCD
      s4:kdc: Implement samba_kdc_check_s4u2proxy_rbcd()
      s4:mitkdc: Implement mit_samba_check_allowed_to_delegate_from() for RBCD
      s4:mitkdc: Implement support for Resource Based Constrained Delegation (RBCD)
      gitlab-ci: Print the krb5 version
      gitlab-ci: Run krb5 tests also with MIT Kerberos 1.20 (prerelease)
      WHATSNEW: Bronze bit, S4U and RBDC support with MIT Kerberos 1.20
      testprogs: Add test that local krb5.conf has been created
      s3:libads: Remove trailing spaces in kerberos.c
      s3:libads: Leave early on error in get_kdc_ip_string()
      s3:libads: Improve debug messages for get_kdc_ip_string()
      s3:libads: Use talloc_asprintf_append() in get_kdc_ip_string()
      s3:libads: Allocate all memory on the talloc stackframe
      s3:libads: Remove obsolete free's of kdc_str
      s3:libads: Check print_canonical_sockaddr_with_port() for NULL in get_kdc_ip_string()
      s3:libads: Fix creating local krb5.conf
      python:tests: Fix type error in raw_testcase.py
      s4:kdc: Fix return code in mit_samba_update_pac()
      s4:kdc: Make sure ret is set if we goto bad_option
      s4:kdc: Fix comparison in samba_kdc_check_s4u2proxy()
      auth: Add required headers to auth_sam_reply.h
      lib:krb5_wrap: Implement smb_krb5_principal_is_tgs()
      s4:kdc: Cleanup include files in pac-glue.c
      s4:kdc: Make pac parameter of samba_client_requested_pac() const
      s4:kdc: Implement common samba_kdc_update_pac()
      s4:kdc: Use samba_kdc_update_pac() in mit_samba_reget_pac()
      s4:kdc: Use samba_kdc_update_pac() in mit_samba_update_pac()
      s4:kdc: Remove ks_is_tgs_principal()
      s4:kdc: Remove trailing whitespace in wdc-samba4.c
      s4:kdc: Use samba_kdc_update_pac() in Heimdal DB plugin
      gitlab-ci: Remove unused variable for ubuntu1604
      gitlab-ci: Use Ubuntu 20.04 for Coverity
      gitlab-ci: Drop Fedora 34
      gitlab-ci: Update to openSUSE 15.3
      gitlab-ci: Drop Debian 10
      s4:kdc: Improve debug message of samba_kdc_fetch_server()
      s4:kdc: Remove trailing white spaces in kdc-service-mit.c
      s4:kdc: If we set the kerberos debug level to 10 write a trace file
      s4:tests: Run Heimdal PKINIT tests only against ad_dc env
      s4:kdc: Add Smart Card and file based PKINIT support
      selftest: Setup PKINIT for MIT Kerberos
      testprogs: Fix kerberos_kinit with additional options
      testprogs: Rename test_pkinit_heimdal.sh
      testprogs: Format test_pkinit_simple.sh with shfmt
      testprogs: Fix calculating failed in test_pkinit_simple.sh
      testprogs: Manually reformat testit commands in test_pkinit_simple.sh
      testprogs: Remove the usage of enctype in test_pkinit_simple.sh
      testprogs: A PKINIT test which runs against Heimdal and MIT Kerberos
      testprogs: Rename test_pkinit_pac_heimdal.sh
      testprogs: Reformat test_pkinit_pac.sh with shfmt
      testprogs: Manually reformat test_pkinit_pac.sh
      testprogs: A PKINIT PAC test which runs against Heimdal and MIT Kerberos
      s4:selftest: Remove ad_dc_ntvfs env from several tests
      Add missing final newline to end of c file
      Add missing final newline to end of sh file
      Move LSP stuff to buildtools/devel_env.sh
      script: Fix check_symbols() with gcov build
      waf: Import Logs in wscript_configure_system_gnutls
      waf: Check for GnuTLS earlier
      third_party:waf: Do not recurse in aesni-intel if GnuTLS provides the cipher

Andrew Bartlett (39):
      s4-kdc: Adapt to move from HDB auditing to KDC auditing constants
      s4-kdc: Fix memory leak in FAST cookie handling
      selftest: Use more torture_assert_goto() et al in rpc.samlogon test
      selftest: Allow samba.tests.ntlm_auth to fail rather than error checking --diagnostics
      selftest: Remove duplicate run of rpc.samr tests against ad_dc as "samba3"
      selftest: Remove duplicate run of rpc.lsa tests against ad_dc as "samba3"
      selftest: run s4member tests less
      dsdb: No longer supply exact password hashes in a control to indicate password changes
      dsdb: Return dsdb_password_change control name to DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID
      kdc: Remove pre-check for existing NT and LM hash from kpasswd
      s4-rpc_server: Remove pre-check for existing NT and LM hash from netlogon
      s4/dsdb: Remove LM password generation and storage from password_hash
      s4-auth: Disable LM authenticaton in the AD DC despite "lanman auth = yes"
      s4-auth: Do not supply the LM hash to the AD DC authentication code
      s4-rpc_server: Do not use LM hash in password changes
      dsdb: Remove parsing of LM password hash from "dBCSPwd" attribute
      selftest: Cope with LM hash not being stored in the tombstone_reanimation test
      selftest: Allow RPC-SAMR to cope with OemChangePasswordUser2 being un-implemented
      dsdb: Remove LM hash parameter from samdb_set_password() and callers
      s3-ntlm_auth: Convert table of tests in --diagnostics to designated initialisers
      ntlm_auth: Adapt --diagnostics mode to expect that the DC does not support LANMAN by default
      selftest: Remove auth_log test for RAP password change
      torture: Update rpc.samlogon to match Win19 and newer Samba behaviour for LM key
      torture: Do not expect LM passwords to be accepted except by samba3
      torture: Allow Samba as an AD DC to use zeros for LM key
      WHATSNEW: Mention our matrix room as well
      lib/replace: Do not typedef int bool
      s4:kdc: Pass supported enctypes to samba_kdc_set_fixed_keys()
      s4:kdc: Pass supported enctypes to samba_kdc_set_random_keys()
      s4:kdc: Add const to "msg" parameter in samba_kdc_message2entry_keys()
      s4:kdc: Pull auth_sam_trigger_repl_secret() up one layer to samba_kdc_message2entry()
      s4:kdc: Move supported enc-type handling out of samba_kdc_message2entry_keys()
      s4:kdc: Expose samba_kdc_message2entry_keys()
      testprogs: Change from $foo to "${foo}" variable style
      waf: Document the confusing --nonshared-binary, --builtin-libraries, --private-libraries and --bundled-libraries
      s4-auth: Remove unused acct_flags parameter
      s4-auth: Do not trigger RODC replication unless missing all passwords
      s4-auth: Only build auth_developer module in developer mode
      s4-auth: Remove last traces of LanMan authentiation support in the AD DC.

Archana (3):
      ctdb-packaging: Remove deprecated networking command netstat and replace with "ss" command
      ctdb-tools: Remove deprecated networking commands and replace with new commands
      vfs: Getting exact attribute value during gpfs_stat_x calls

Bjoern Jacke (2):
      vfs_gpfs: use linux oplock specific funcions only when available
      vfs_aixacl: add proper header file

Björn Jacke (6):
      dnsp.idl: add missing DNS_RPC_RECORD defines
      dns.idl/dnsp.idl: add missing DNS ressource record types
      acl: fix function arguments for AIX' and Solaris' sys_acl_get_fd()
      wscript: s/default/required/ _static_modules for the acl modules
      readlink test: inverse return code
      waf: re-add missing readlink test

Christof Schmitt (1):
      vfs_gpfs: Initialize litemask to 0

David Mulder (101):
      samba-gpupdate: Implement enhanced logging
      gpo: Certificate Auto Enrollment default Kerberos auth
      gpo: Improve Certificate Auto Enroll Debug messages
      smbd: Add WITH_SMB1SERVER enabled for now
      smbd: Move message.c -> smb1_message.c
      smbd: Move sesssetup.c -> smb1_sesssetup.c
      smbd: Move lanman.c -> smb1_lanman.c
      smbd: Disable build for SMB1 only files
      smbd: Allow disabling SMB1 in struct smbXsrv_connection
      smbd: Move schedule_aio_read_and_X to smb1_aio.c
      smbd: Move schedule_aio_write_and_X to smb1_aio.c
      smbd: Move aio.c -> smb2_aio.c
      smbd: Move nt_status_np_pipe to smb2_ipc.c
      smbd: Move ipc.c -> smb1_ipc.c
      smbd: Move negprot_spnego to smb2_negprot.c
      smbd: negprot_spnego allow disabling smb1 spnego set
      smbd: Move negprot.c -> smb1_negprot.c
      smbd: Move set_sd to smb2_nttrans.c
      smbd: Move set_sd_blob to smb2_nttrans.c
      smbd: Move copy_internals to smb2_nttrans.c
      smbd: Move smbd_do_query_security_desc to smb2_nttrans.c
      smbd: Move smbd_do_query_getinfo_quota to smb2_nttrans.c
      smbd: Move nttrans.c -> smb1_nttrans.c
      smbd: Move new_break_message_smb1 to smb1_oplock.c
      smbd: Move send_break_message_smb1 to smb1_oplock.c
      smbd: Disable smb1 oplock calls when smb1 is disabled
      smbd: Move oplock.c -> smb2_oplock.c
      smbd: Move reply_open_pipe_and_X to smb1_pipes.c
      smbd: Move reply_pipe_write_and_X to smb1_pipes.c
      smbd: Move reply_pipe_read_and_X to smb1_pipes.c
      smbd: Move pipes.c -> smb2_pipes.c
      smbd: Move check_path_syntax* to smb2_reply.c
      smbd: Move srvstr_get_path* to smb2_reply.c
      smbd: Move srvstr_pull_req_talloc to smb2_reply.c
      smbd: Move check_fsp_open to smb2_reply.c
      smbd: move check_fsp to smb2_reply.c
      smbd: Move check_fsp_ntquota_handle to smb2_reply.c
      smbd: Move reply_special to smb2_reply.c
      smbd: Move unlink_internals to smb2_reply.c
      smbd: Move fake_sendfile to smb2_reply.c
      smbd: Move sendfile_short_send to smb2_reply.c
      smbd: Move rename_internals_fsp to smb2_reply.c
      smbd: Move rename_internals to smb2_reply.c
      smbd: Move copy_file to smb2_reply.c
      smbd: Move get_lock_offset to smb2_reply.c
      smbd: Move smbd_do_unlocking to smb2_reply.c
      smbd: Move reply.c -> smb1_reply.c
      smbd: Disable call to smb1_srv_is_signing_active without smb1
      smbd: Move make_connection to smb1_service.c
      smbd: Move service.c -> smb2_service.c
      smbd: Move smb2_srv_init_signing to smb2_signing.c
      smbd: Move srv_init_signing to smb2_signing.c
      smbd: Disable call to smb1_srv_init_signing without smb1
      smbd: Move signing.c -> smb1_signing.c
      smbd: Split process_smb() into process_smb1() and process_smb2()
      smbd: Split srv_send_smb into smb1_srv_send/smb2_srv_send
      smbd: Move srv_send_smb/smb2_srv_send to smb2_process.c
      smbd: Move srv_set_message to smb2_process.c
      smbd: Move read_packet_remainder to smb2_process.c
      smbd: Split receive_smb_talloc into smb1_receive_talloc/smb2_receive_talloc
      smbd: Move receive_smb_talloc/smb2_receive_talloc to smb2_process.c
      smbd: Move remove_deferred_open_message_smb to smb2_process.c
      smbd: Move schedule_deferred_open_message_smb to smb2_process.c
      smbd: Move open_was_deferred to smb2_process.c
      smbd: Move get_deferred_open_message_state to smb2_process.c
      smbd: Separate smb1 code from push_deferred_open_message_smb
      smbd: Move push_deferred_open_message_smb to smb2_process.c
      smbd: Move reply_outbuf and construct_reply_common_req to smb2_process.c
      smbd: Move process_smb to smb2_process.c
      smbd: Disable smb1 in smbXsrv_connection_init_tables
      smbd: Move smbXsrv_connection_init_tables to smb2_process.c
      smbd: Move smbXsrv_connection_dbg to smb2_process.c
      smbd: Disable smb1 in smbd_add_connection
      smbd: Disable smb1 in smbd_server_connection_handler
      smbd: Disable smb1 in smbd_smb2_server_connection_read_handler
      smbd: Move smbd_add_connection to smb2_process.c
      smbd: Disable smb1 in smbd_process
      smbd: Move smbd_process to smb2_process.c
      smbd: Move process.c -> smb1_process.c
      smbd: Move smb1_utils.h include to smbd.h
      smbd: Move send_trans2_replies to smb1_trans2.c
      smbd: Move smb_set_posix_lock to smb1_trans2.c
      smbd: Move reply_trans2 to smb1_trans2.c
      smbd: Move reply_transs2 to smb1_trans2.c
      smbd: Move trans2.c -> smb2_trans2.c
      torture: Disable vfs chain test dependant on SMB1
      smbd: Disable use of smb_fn_name without SMB1 in error.c
      smbd: Disable SMB_QUERY_CIFS_UNIX_INFO when SMB1 is disable
      smbd: Disable SMB_SET_POSIX_LOCK when SMB1 is disabled
      smbd: Remove duplicate read_nttrans_ea_list function prototype
      smbd: Disable use of smb_fn_name when SMB1 is disabled
      smbd: Move valid_smb_header to smb2_process.c
      smbd: Move init_smb_request to smb2_process.c
      smbd: Enable multi-protocol negotiate w/out SMB1
      smbd: Process error reply if SMB1 negprot parsing fails
      smbd: Move reply_pipe_write to smb1_pipes.c
      smbd: Remove uses of srv_send_smb
      smbd: Remove srv_send_smb
      configure: Add option for disabling the smb1 server
      configure: Fail smbd w/o smb1 if selftest when configured with ad_dc
      ci: Create samba-fileserver-without-smb1 environment

David Seifert (1):
      tevent: add missing `#include <sys/types.h>`

Douglas Bagnall (3):
      s3/torture/pdbtest: fix always false condition
      pytest:auth_log: expect TLS connections when using ldaps
      s4/auth/simple_bind: correctly report TLS state

Elia Geretto (1):
      s3:libsmb: Fix errno for failed authentication in SMBC_server_internal()

FeRD (Frank Dana) (1):
      printing/bgqd: Disable systemd notifications

Garming Sam (1):
      rodc: Add tests for simple BIND alongside NTLMSSP binds

Isaac Boukris (1):
      krb5-mit: Enable S4U client support for MIT build

Jeremy Allison (121):
      s3: smbd: Cleanup - Split out smbd_fetch_security_desc() from smbd_do_query_security_desc().
      s3: smbd: Cleanup - Split out smbd_marshall_security_desc() from smbd_do_query_security_desc().
      s3: smbd: Cleanup - In smbd_do_query_security_desc() we don't need a talloc frame.
      s3: smbd: Rename "unix extensions" -> "smb1 unix extensions".
      CVE-2021-44141: s3: torture: Add samba3.blackbox.test_symlink_traversal.SMB2.
      CVE-2021-44141: s3: torture: Add samba3.blackbox.test_symlink_traversal.SMB1.
      CVE-2021-44141: s3: torture: Add samba3.blackbox.test_symlink_traversal.SMB1.posix
      CVE-2021-44141: s3: torture: In test_smbclient_s3, change the error codes expected for test_widelinks() and test_nosymlinks() from ACCESS_DENIED to NT_STATUS_OBJECT_NAME_NOT_FOUND.
      CVE-2021-44141: s3: torture: Change expected error return for samba3.smbtorture_s3.plain.POSIX.smbtorture.
      CVE-2021-44141: s3: smbd: For SMB1+POSIX clients trying to open a symlink, always return NT_STATUS_OBJECT_NAME_NOT_FOUND.
      CVE-2021-44141: s3: smbd: Inside check_reduced_name() ensure we return the correct error codes when failing symlinks.
      CVE-2021-44141: s3: smbd: Fix a subtle bug in the error returns from filename_convert().
      CVE-2021-44141: s3: torture: Add a test samba3.blackbox.test_symlink_rename.SMB1.posix that shows we still leak target info across a SMB1+POSIX rename.
      CVE-2021-44141: s3: smbd: Inside rename_internals_fsp(), we must use vfs_stat() for existence, not SMB_VFS_STAT().
      s3: smbd: Add an SMB2 server flag posix_extensions_negotiated.
      libcli: Add SMB2 posix negotiate context flag.
      s3: smbd: Add the definition for SMB2_FILE_POSIX_INFORMATION info level.
      s3: smbd: Add the definition for SMB2_FIND_POSIX_INFORMATION info level.
      s3: smbd: Add lp_smb2_unix_extensions() function. Always returns false for now.
      s3: smbd: lp_widelinks(). Turn off widelinks if either SMB1 or SMB2 unix extensions are turned on.
      s3: smbd: Update widelinks_warning() to cope with SMB1 and SMB2 unix extensions.
      s3: smbd: Plumb in POSIX lock requests through SMB2 lock calls if done on a POSIX handle. Currently not allowed.
      s3: smbd: smbd_smb2_request_process_negprot() - Allow SMB2 unix extensions to be negotiated. Currently not allowed.
      s3: smbd: Add two new functions in a new file, smb2_posix.c: smb2_posix_cc_info(), store_smb2_posix_info()
      s4: test: Add samba4.libsmbclient.rename test. Currently fails for SMB3.
      lib: libsmbclient: Ensure cli_rename() always sets cli->raw_status.
      s3: tests: Add a new test test_msdfs_hardlink() that does simple hardlinks on MSDFS root shares.
      s3: tests: Add a new test test_msdfs_rename() that does simple renames on MSDFS root shares.
      s3: libsmb: Add cli_dfs_target_check() function.
      s3: libsmb: Call cli_dfs_target_check() from cli_smb2_hardlink_send().
      s3: libsmb: Call cli_dfs_target_check() from cli_ntrename_internal_send().
      s3: libsmb: Call cli_dfs_target_check() from cli_smb1_rename_send().
      s3: libsmb: Call cli_dfs_target_check() from cli_cifs_rename_send().
      s3: libsmb: Call cli_dfs_target_check() from cli_smb2_rename_send().
      s4: torture: Add new SMB2 lease test test_lease_duplicate_create().
      s4: torture: Add new SMB2 lease test test_lease_duplicate_open().
      s3: smbd: Fix our leases code to return the correct error in the non-dynamic share case.
      s3: VFS: ceph_snapshots: Move two more uses of OpenDir() -> OpenDir_nstatus().
      s3: VFS: fruit: Move two more uses of OpenDir() -> OpenDir_nstatus().
      s3: VFS: shadow_copy: Move one more use of OpenDir() -> OpenDir_nstatus().
      s3: VFS: syncops: Move one more use of OpenDir() -> OpenDir_nstatus().
      s3: smbd: In recursive_rmdir(), Move one more use of OpenDir() -> OpenDir_nstatus()
      s3: smbd: In rmdir_internals(), Move one more use of OpenDir() -> OpenDir_nstatus()
      s3: smbd: In count_dfs_links(), Move one more use of OpenDir() -> OpenDir_nstatus()
      s3: smbd: In form_junctions(), Move one more use of OpenDir() -> OpenDir_nstatus()
      s3: torture: In cmd_vfs, Move two more uses of OpenDir() -> OpenDir_nstatus().
      s3: smbd: Remove now unused OpenDir().
      s3: smbd: Rename OpenDir_ntstatus() -> OpenDir().
      s3: smbd: Cleanup - make recursive_rmdir() return a more expressive NTSTATUS not bool.
      s3: smbd: Cleanup - Make rmdir_internals() use NTSTATUS internally without depending on errno.
      s3: smbd: notify_mid_maps is used by both SMB1 and SMB2.
      s3: Simple rename 'struct smb_signing_state' -> 'struct smb1_signing_state'
      s3: smbd: Add 'bool signing_mandatory' to struct smbXsrv_connection.smb2 component.
      s3: smbd: Add smb2_srv_init_signing(). Initializes conn->smb2.signing_mandatory.
      s3: smbd: Split srv_init_signing() into 2 static functions smb1_srv_init_signing() and smb2_srv_init_signing().
      s3: smbd: Look at the correct signing state for the debug messages in make_connection_snum().
      s3: libcli: Rename static smb_signing_reset_info() -> smb1_signing_reset_info()
      s3: libcli: Rename smb_signing_init_ex() -> smb1_signing_init_ex()
      s3: libcli: Rename smb_signing_init() -> smb1_signing_init()
      s3: libcli: Rename smb_signing_good() -> smb1_signing_good()
      s3: libcli: Rename smb_signing_md5() -> smb1_signing_md5()
      s3: libcli: Rename smb_signing_next_seqnum() -> smb1_signing_next_seqnum()
      s3: libcli: Rename smb_signing_cancel_reply() -> smb1_signing_cancel_reply()
      s3: libcli: Rename smb_signing_sign_pdu() -> smb1_signing_sign_pdu()
      s3: libcli: Rename smb_signing_check_pdu() -> smb1_signing_check_pdu()
      s3: libcli: Rename smb_signing_activate() -> smb1_signing_activate()
      s3: libcli: Rename smb_signing_is_active() -> smb1_signing_is_active()
      s3: libcli: Remove unused smb_signing_is_allowed()
      s3: libcli: Rename smb_signing_is_desired() -> smb1_signing_is_desired()
      s3: libcli: Rename smb_signing_is_mandatory() -> smb1_signing_is_mandatory()
      s3: libcli: Rename smb_signing_set_negotiated() -> smb1_signing_set_negotiated()
      s3: libcli: Rename smb_signing_is_negotiated() -> smb1_signing_is_negotiated()
      s3: libcli: Rename smb_key_derivation() -> smb1_key_derivation()
      s3: smbd: Rename srv_check_sign_mac() -> smb1_srv_check_sign_mac().
      s3: smbd: Rename srv_calculate_sign_mac() -> smb1_srv_calculate_sign_mac().
      s3: smbd: Rename srv_cancel_sign_response() -> smb1_srv_cancel_sign_response().
      s3: smbd: Rename srv_set_signing_negotiated() -> smb1_srv_set_signing_negotiated().
      s3: smbd: Rename srv_is_signing_active() -> smb1_srv_is_signing_active().
      s3: smbd: Rename srv_is_signing_negotiated() -> smb1_srv_is_signing_negotiated().
      s3: smbd: Rename srv_set_signing() -> smb1_srv_set_signing()
      s3: smbd: Rename smbd_server_connection_read_handler() smbd_smb1_server_connection_read_handler()
      s3: smbd: Add SMB2-only smbd_smb2_server_connection_read_handler().
      s3: smbd: Plumb in and use smbd_smb2_server_connection_read_handler() when server min protocol > NT1 (i.e. SMB2-only).
      s3: smbd: Don't allow setting the delete on close bit on a directory if it contains non-visible files and "delete veto files = no".
      s4: torture: Add regression test for re-opening a durable handle after calling SMB2 setinfo (end of file).
      s3: smbd: In set_ea_dos_attribute() cause root fallback code to exit via the same place.
      s3: smbd: In set_ea_dos_attribute(), if we've stored btime and set XATTR_DOSINFO_CREATE_TIME successfully, we need to clear ST_EX_IFLAG_CALCULATED_BTIME.
      s3: VFS: vxfs: All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
      s3: smbd: mdssvc: All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
      s3: smbd: open_internal_dirfsp() add missing file_free() in error path.
      s3: smbd: open_internal_dirfsp(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
      s3: smbd: non_widelink_open(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
      s3: smbd: open_file(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
      s3: smbd: mkdir_internal(). 1 of 2. All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
      s3: smbd: mkdir_internal(). 2 of 2. All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
      s3: smbd: rename_internals_fsp(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
      s3: smbd: call_trans2qfilepathinfo(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
      s3: smbd: call_trans2setfilepathinfo(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
      s3: pysmbd.c: init_files_struct(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
      s3: cmd_vfs: cmd_open(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
      s3: cmd_vfs: cmd_set_nt_acl(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
      s3: smbd: smbd_smb2_getinfo_send(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
      s3: smbd: smbd_smb2_setinfo_send(). All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
      s3: tests.py: Only run smb2.rename against fileserver.
      s4: torture: Add CHECK_VAL macro to smb2/rename.c. Not yet used.
      s4: torture: Add CHECK_CREATED macro to smb2/rename.c. Not yet used.
      s4: torture: Add test_smb2_close_full_information() test to smb2.rename.
      s3: smbd: Preserve the fsp->fsp_name->st bufs across rename_open_files()
      s3: smbd: Preserve the fsp->fsp_name->st buf across a MSG_SMB_FILE_RENAME message.
      s3: smbget: Fix auth_fn, order of //server/share parameters is mixed in prompt.
      s3: smbd: Move reply_findclose() from trans2.c to smb1_reply.c
      s3: smbd: Move reply_findnclose() from trans2.c to smb1_reply.c
      s3: smbd: Rename valid_smb_header() -> valid_smb1_header()
      s3: smbd: Rename srv_set_message() -> srv_smb1_set_message().
      s3: smbd: Rename construct_reply_common() -> construct_smb1_reply_common().
      s3: smbd: Rename construct_reply_common_req() -> construct_smb1_reply_common_req()
      s3: smbd: Rename create_outbuf() -> create_smb1_outbuf()
      s3: smbd: Rename reply_outbuf() -> reply_smb1_outbuf().
      s3: smbd: Rename init_smb_request() -> init_smb1_request().
      WHATSNEW.txt: Add explaination of --without-smb1-server and --with-smb1-server configure options.

Joseph Sutton (66):
      CVE-2022-0336: pytest: Add a test for an SPN conflict with a re-added SPN
      CVE-2022-0336: s4/dsdb/samldb: Don't return early when an SPN is re-added to an object
      auth: Cope with NULL upn_name in PAC
      third_party/heimdal_build: Add KDC_LIB macro definitions
      s4:kdc: Don't pass empty PAC buffers to krb5_pac_add_buffer()
      third_party/heimdal_build: Determine whether time_t is signed
      third_party/heimdal_build: Define fallthrough macro for switch statements
      third_party/heimdal: import lorikeet-heimdal-202203010107 (commit 0e7a12404c388e831fe6933fcc3c86e7eb334825)
      third_party/heimdal_build: Add source files to build
      s4:kdc: Refactor HDB API
      s4:kdc: Adapt to removal of auth event details
      s4:kdc: Add 'not authorised' auth events
      s4:kdc: Add referral policy callback
      s4:kdc: Rename windc to kdc plugin
      s4:kdc: Adapt to removal of auth audit event types
      third_party/heimdal_build: Add SFU source file
      s4:kdc: Explicitly set plugin minor version
      third_party/heimdal_build: Don't generate .x source files
      s4:kdc: Increment plugin minor version
      s4:kdc: Adapt to hdb_entry_ex removal
      s4:kdc: Adapt to removal of publicly accessible request structure members
      s4-kdc: Handle previously unhandled auth event types
      samba-tool: Fix typo
      dsdb audit tests: Fix flapping test
      dsdb audit tests: Use assert_in_range() for comparing timestamps
      s4:policy: Fix ACE type comparison
      python/ntacls.py: Fix ACE type comparison
      s4-smbtorture: Fix typo in assertion message
      wafsamba: Fix call to sorted()
      python:tests: Add tests for SDDL SID strings
      python: Use explicit SIDs instead of SDDL abbreviations
      s4:rpc_server/lsa: Use explicit SID instead of SDDL abbreviation
      sddl: Fix incorrect SDDL SID strings
      sddl: Add new SDDL SID strings
      sddl: Remove SDDL SID strings unsupported by Windows
      python: Restore SDDL abbreviations for SIDs
      selftest: Simplify krb5 test environments
      tests/krb5: Improve mock RODC creation
      tests/krb5: Simplify logic
      s4:kdc: Fix copy-paste typo
      tests/krb5: Remove accounts in reverse order of addition
      tests/krb5: Add more encryption type constants
      tests/krb5: Add account to cleanup list before adding it to database
      tests/krb5: Remove unused import
      tests/krb5: Add helper function to modify ticket flags
      selftest/dbcheck: Fix up msDS-RevealedUsers links with deleted target DN
      auth/credentials: Add encrypt_samr_password()
      tests/krb5: Add tests for the Protected Users group
      tests/password_lockout: Test NTLM and SAMR password changes with Protected Users
      tests/passwords: Test that LDAP password changes work for Protected Users
      s4:provision_users.ldif: Add Protected Users group
      dsdb/common: Add helper function for determining if account is in Protected Users group
      s4:kdc: Add function to get user_info_dc from database
      s4:kdc: Add KDC support for Protected Users group
      s4:auth: Disable NTLM authentication for Protected Users
      s4:rpc_server/samr: Simplify lp_ctx expression
      tests/sam: Ensure that Protected Users group cannot be deleted
      functionalprep.sh: Add test for samba-tool add group --special
      samba-tool group: Add --special parameter to add predefined special group
      s4:rpc_server/samr: Use extended DN when searching for user
      samba-tool delegation: Add function to display security descriptor for RBCD
      samba-tool delegation show: Display information for RBCD
      samba-tool delegation: Add commands to add/remove principals for RBCD
      samba-tool delegation: Clarify msDS-AllowedToDelegateTo delegation command documentation
      samba-tool: Return correct result for _get_user_realm_domain()
      samba-tool: Check specified domain and realm against our own

Jule Anger (3):
      VERSION: Bump version up to 4.17.0pre1...
      s3:tests: Add a test to check the output of smbstatus.
      s3:utils: assign ids to struct to list shares correctly

Martin Schwenke (37):
      ctdb-recoverd: Always cancel election in progress
      ctdb-recoverd: Consistently have caller set election-in-progress
      ctdb-recoverd: Always send unknown leader broadcast when starting election
      ctdb-recoverd: Consistently log start of election
      ctdb-tests: Factor out functions to detect when generation changes
      ctdb-tests: Add a test for stalled node triggering election
      ctdb-tests: Add iteration support for protocol tests
      ctdb-tests: Iterate protocol tests internally
      util: Drop unused variable num_chars
      util: Drop unused variable num_received
      util: Drop unused variable mask_perms
      vfs_not_implemented: do not mark structs with _PUBLIC_
      source4/torture: Avoid unused variable
      source4/torture: Drop unused variable tdif
      source4/torture: Drop unused variable mask
      source4/torture: Drop unused variable attribute
      util: CID 1499409:  Memory - corruptions  (OVERLAPPING_COPY)
      ctdb-tests: Dump a stack trace on abort
      ctdb-tests: Fix missing #include for sigaction(2)
      ctdb-protocol: CID 1499395: Uninitialized variables (UNINIT)
      ctdb-packaging: Move RPM spec file to examples directory
      ctdb-common: Add function ctdb_tunable_load_file()
      ctdb-tests: Reformat script
      ctdb-tests: Strip trailing newlines from expected result output
      ctdb-tests: Add function test_case(), tweak unit test header format
      ctdb-tests: Add unit tests for tunables code
      ctdb-daemon: New function ctdb_tunables_load()
      ctdb-daemon: Load tunables from ctdb.tunables
      ctdb-scripts: No longer load tunables via 00.ctdb.script setup event
      ctdb-doc: Update documentation for tunables configuration
      ctdb-config: Drop CTDB_STARTUP_TIMEOUT
      ctdb-scripts: Drop all public IPs in the "shutdown" event
      ctdb-daemon: Don't release all public IPs during shutdown sequence
      ctdb-scripts: Remove failsafe that drops all IPs on failed shutdown
      ctdb-scripts: Drop uses of ctdbd_wrapper
      ctdb-scripts: Drop unused ctdbd_wrapper
      WHATSNEW: Document some CTDB changes

Pavel Filipenský (23):
      s4:libnet: Fix trailing whitespace in libnet_vampire.c
      s4:libnet: Fix uninitialized value "seq_num"
      lib:replace: Fix trailing whitespace in os2_delete.c
      lib:replace: Fix NULL issue reported by covscan
      s3:modules: Implement dummy virus scanner that uses filename matching
      docs-xml:manpages: Document 'dummy' virusfilter and 'virusfilter:infected files'
      selftest: Fix trailing whitespace in Samba3.pm
      s3:selftest: Add test for virus scanner
      s3:modules: Fix virusfilter_vfs_openat
      s3:lib: Fix possible 32-bit arithmetic overflow
      s3:script: Blackbox tests for the rpcclient DFS commands
      s3:rpcclient: Fix trailing whitespace in cmd_dfs.c
      s3:rpcclient: Fix crash in rpcclient
      selftest: Create users "jackthemapper" and "jacknomapper"
      selftest: Create groups "jackthemappergroup" and "jacknomappergroup"
      selftest: Add to "username.map" mapping for jackthemappergroup
      s3:tests Test "username map" for UNIX groups
      s3:auth: Fix user_in_list() for UNIX groups
      tevent: Fix trailing whitespaces
      tevent: Move the code below the trigger check
      tevent: Use internally an empty trigger function for blocker requests
      tevent: Add tevent queue tracing support
      tevent:tests: Test queue entry tags

Ralph Boehme (24):
      s3/rpc_server: install elasticsearch_mappings.json
      CVE-2021-44142: libadouble: add defines for icon lengths
      CVE-2021-44142: smbd: add Netatalk xattr used by vfs_fruit to the list of private Samba xattrs
      CVE-2021-44142: libadouble: harden ad_unpack_xattrs()
      CVE-2021-44142: libadouble: add basic cmocka tests
      CVE-2021-44142: libadouble: harden parsing code
      s3/libads: simplify storing existing ads->ldap.ss
      s3/libads: ensure a sockaddr variable is correctly zero initialized
      CI: remove shares referencing removed functionality
      smbd: check "store dos attributes" settings in the async dosmode code
      CI: add test "smb2.async_dosmode"
      smbd: also check for NT_STATUS_NOT_SUPPORTED
      CI: enable "smbd async dosmode" on shadow_write share
      CI: add a test for async dosmode on a file in a shadow_copy2 snapshot
      vfs_shadow_copy2: remove async getxattrat
      smbd: expand DEBUG statement in smbd_dirptr_get_entry() to include the dir and direntry name
      CI: avoid smb2.twrp being run by plansmbtorture4testsuite() directly
      CI: add a test listing a snapshotted directory
      vfs_shadow_copy2: implement readdir()
      vfs_fruit: change default for "fruit:zero_file_id" option to yes
      CI: consolidate SMB2-FILEID and SMB2-FILEID-UNIQUE torture test suites
      vfs: bump VFS version to 47
      smbd: remove itime and file_id logic and code
      smbd: consolidate nested if expressions

Samuel Cabrero (43):
      s3:winbind: Reduce the level and improve a couple of debug messages
      s3:libads: Fix memory leak in kerberos_return_pac() error path
      lib:krb5_wrap: Improve debug message and use newer debug macro
      lib:krb5_wrap: Fix wrong debug message and use newer debug macro
      s3:libads: Return canonical principal and realm from kerberos_return_pac()
      s3:winbind: Store canonical principal and realm in ccache entry
      s3:winbind: Use the canonical principal name to renew the credentials
      s3:winbind: Move the function to list trusted domains to winbindd_dual_srv.c
      s3:winbind: Remove list_all_domains condition always false
      s3:winbind: Convert ListTrustedDomains parent/child call to NDR
      examples: Update winbindd.stp and its generator script
      s3:winbind: Convert wcache_opnum_cacheable() to a whitelist
      s3:winbind: Return NTSTATUS from wbint_Ping() RPC function
      s3:winbind: Convert Ping parent/child call to NDR
      examples: Update winbindd.stp and its generator script
      s3:winbind: Move functions to enable or disable cache to winbindd-lib subsystem
      s3:winbind: Move imessaging context init function to winbindd-lib subsystem
      s3:winbind: Move the function to get the privileged pipe dir to winbindd-lib subsystem
      s3:winbind: Move function to flush cache to winbindd-lib subsystem
      s3:winbind: Move servide reload related functions to winbindd-lib subsystem
      s3:winbind: Rename terminate() function to winbindd_terminate()
      s3:winbind: Move sigterm handling functions to winbindd-lib subsystem
      s3:winbind: Move sighup handling related functions to winbindd-lib subsystem
      s3:winbind: Refactor check_info3_in_group() to take a wbint_SidArray struct
      s4:rpc_server: Fix duplicated function name between s3 and s4
      s4:rpc_server: Fix duplicated function name between s3 and s4
      selftest: Extend test_wbc_logon_user to test WBFLAG_PAM_UNIX_NAME flag
      selftest: Add a test for PamLogOff
      s3:winbind: Refactor append_unix_username(), do not take winbindd_response struct as parameter
      s3:winbind: Refactor append_afs_token(), do not take winbindd_response struct as parameter
      s3:winbind: Refactor winbindd_dual_pam_auth_kerberos(), do not take winbindd_cli_state struct parameter
      s3:winbind: Refactor winbindd_dual_pam_auth_kerberos(), return netr_Validation
      s3:winbind: Refactor winbindd_dual_pam_auth_cached(), use temporary memory context
      s3:winbind: Refactor winbindd_dual_pam_auth_cached(), delay out variable assignment
      s3:winbind: Refactor winbindd_dual_pam_auth_cached(), return krb5ccname as out parameter
      s3:winbind: Refactor winbindd_dual_pam_auth_cached(), avoid winbindd_cli_state parameter
      s3:winbind: Refactor winbindd_dual_pam_auth_cached(), return netr_Validation
      s3:winbind: Refactor fake_password_policy(), take netr_Validation as argument
      s3:winbind: Refactor log_authentication(), do not take winbindd_cli_state struct parameter
      s3:winbind: Make extra_data_to_sid_array() public
      s3:winbind: Set local and remote addresses in the crafted dcesrv_conn
      s3:winbind: Convert PamAuth from struct based to NDR based
      examples: Update winbindd.stp and generate script

Sergey V. Lobanov (1):
      wafsamba: replace 'echo -n' with printf

Stefan Metzmacher (131):
      ldb: bump version to 2.6.0 for Samba 4.17.x releases
      WHATSNEW: Start release notes for Samba 4.17.0pre1.
      dcesrv_core: wrap gensec_*() calls in [un]become_root() calls
      lib/util: split out a dump_data_block16() helper
      blackbox.ndrdump: adjust example files to changed dump_data() output.
      lib/util: add dump_data_diff*() helpers
      ndrdump: make use of dump_data_file_diff() in order to show differences
      blackbox.ndrdump: adjust example files to the usage of dump_data_diff output.
      s4:torture/ndr: demonstrate the ndr_push_string(STR_NOTERM|REMAINING) of "" is wrong
      librpc/ndr: let ndr_push_string() let s_len == 0 result in d_len = 0
      blackbox.ndrdump: fix test_ndrdump_fuzzed_NULL_struct_ntlmssp_CHALLENGE_MESSAGE test
      selftest/quick: add smb2.session
      libcli/smb: fix error checking in smb2_signing_decrypt_pdu() invalid ptext_len
      libcli/smb: let smb2_signing_decrypt_pdu() cope with gnutls_aead_cipher_decrypt() ptext_len bug
      script/autobuild.py: let nm_grep_symbols ignore __gcov_ symbols
      s3:py_net: allow machinepass=None to py_net_join_member()
      samba-tool/join_member: let py_net_join_member() choose the password
      provision: use 120 characters for the dns account password
      upgradehelpers.py: let update_machine_account_password() use 120 character passwords
      provision: add a comment that the value of krbtgtpass is ignored in the backend
      upgradehelpers.py: add a comment to update_krbtgt_account_password()
      s3:trusts_utils: use a password length of 120 for machine accounts
      s4:sam: Don't use talloc_steal for msg attributes in authsam_make_user_info_dc()
      s4:kdc: hdb_samba4_audit() is only called once per request
      third_party/heimdal: import lorikeet-heimdal-202203031927 (commit 7abc451ddd74d0c2e57dbb32f3198bde8def73ab)
      s4:kdc: let pac functions in wdc-samba4.c take astgs_request_t
      s4:kdc: redirect pre-authentication failures to an RWDC
      python:tests: let insta_creds() also copy the bind_dn from the template
      dsdb/tests: passwords.py don't need to import BasePasswordTestCase
      dsdb/tests: let all BasePasswordTestCase tests provide self.host_url[_ldaps]
      dsdb/tests: make use of assertLoginFailure helper
      dsdb/tests: introduce assertLoginSuccess
      dsdb/tests: prepare BasePasswordTestCase for simple bind tests
      dsdb/tests: add test_login_basics_simple()
      s3:auth: let make_user_info_netlogon_interactive() set USER_INFO_INTERACTIVE_LOGON
      s4:auth_sam: use USER_INFO_INTERACTIVE_LOGON as inducation for an interactive logon
      s3:rpc_client: let rpccli_netlogon_network_logon() fallback to workstation = lp_netbios_name()
      s4:auth: a simple bind uses the DCs name as workstation
      s4:auth: encrypt_user_info() should set password_state instead of mapped_state
      auth/ntlmssp: don't set mapped_state explicitly in auth_usersupplied_info
      s4:smb_server: don't set mapped_state explicitly in auth_usersupplied_info
      s4:dsdb: don't set mapped_state in auth_usersupplied_info for audit logging
      s4:kdc: don't set mapped_state in auth_usersupplied_info for audit logging
      s4:rpc_server/samr: don't set mapped_state in auth_usersupplied_info for audit logging
      s4:auth: check for user_info->mapped.account_name if it needs to be filled
      s4:auth: fix confusing DEBUG message in authsam_want_check()
      s3:auth: make_user_info_map() should not set mapped_state
      nsswitch: let test_wbinfo.sh also test wbinfo -a $USERNAME@$DOMAIN
      winbindd: don't set mapped_state in winbindd_dual_auth_passdb()
      s4:auth: rename user_info->mapped_state to user_info->cracknames_called
      auth: let auth logging prefer user_info->orig_client.{account,domain}_name if available
      s4:auth: let authenticate_ldap_simple_bind() pass down the mapped nt4names
      third_party/heimdal: import lorikeet-heimdal-202203101709 (commit 47863866da25cc21d292ce335a976b8b33fa1864)
      docs-xml: add 'kdc enable fast' option
      s4:kdc: make use of the 'kdc enable fast' option
      selftest: use 'kdc enable fast = no' for fl2000 fl2003
      third_party/heimdal: import lorikeet-heimdal-202203101710 (commit df8d801544144949931cd742169be1207b239c3d)
      s4:kdc: tunnel the check_client_access status to hdb_samba4_audit()
      s4:kdc: simplify samba_kdc_message2entry by using data_blob_string_const("computer")
      replace: add explicit function pointer casting from dlsym() to avoid warnings
      s4:kdc: strictly have 2 16-bit parts in krbtgt kvnos
      s4:kdc: remove unused mkvno from sdb_key
      s4:kdc: let sdb_entry_to_hdb_entry() initialize *h at the beginning
      s4:kdc: let sdb_entry_ex_to_krb5_db_entry() initialize 'k' at the beginning
      s4:kdc: let sdb_free_entry clear sdb_entry_ex at the end
      s4:libnet: sdb_free_entry() already clears everything
      s4:libnet: ask for SDB_F_ADMIN_DATA in order to create a keytab entry
      s4:kdc: remove unused sdb_entry_ex->free_entry()
      s4:kdc: call krb5_free_keyblock_contents() in free_sdb_key()
      s4:kdc: don't leak salt in free_sdb_key()
      s4:kdc: let samba_kdc_entry_destructor() call sdb_free_entry()
      s4:kdc: make free_sdb_entry() static
      s4:kdc: rename free_sdb_key() as public sdb_key_free() function
      s4:kdc: split out a sdb_keys_free() helper function
      s4:kdc: remove unused samba_kdc_entry->entry_ex
      s4:kdc: let sdb_entry have a typed samba_kdc_entry pointer
      s4:kdc: make the logic between ZERO_STRUCTP(entry_ex) and sdb_free_entry(entry_ex) clearer
      s4:kdc: let samba_kdc_entry take references to sdb_entry and kdc_entry
      s4:kdc: expose a sdb_entry_to_krb5_db_entry() function
      s4:kdc: expose sdb_entry_to_hdb_entry() function
      s4:kdc: expose a sdb_entry_free() function
      s4:kdc: add a samba_kdc_sort_keys() function using TYPESAFE_QSORT()
      s4:kdc: only pass sdb_keys to samba_kdc_set_fixed_keys()
      s4:kdc: only pass keys to samba_kdc_set_random_keys()
      s4:kdc: remove Primary:Kerberos usage from samba_kdc_message2entry_keys()
      s4:kdc: split out a samba_kdc_fill_user_keys() helper function
      s4:kdc: remove unused principal argument to samba_kdc_trust_message2entry()
      s4:kdc: only pass sdb_entry to samba_kdc_message2entry_keys()
      s4:kdc: s/entry_ex->entry\./entry->/g in samba_kdc_message2entry()
      s4:kdc: only ZERO and free sdb_entry in samba_kdc_message2entry()
      s4:kdc: s/entry_ex->entry\./entry->/g in samba_kdc_trust_message2entry()
      s4:kdc: only ZERO and free sdb_entry in samba_kdc_trust_message2entry()
      s4:kdc: only pass sdb_entry to samba_kdc_trust_message2entry()
      s4:kdc: only pass sdb_entry to samba_kdc_message2entry()
      s4:kdc: samba_kdc_lookup_realm() only needs sdb_entry
      s4:kdc: samba_kdc_fetch_client() only needs sdb_entry
      s4:kdc: samba_kdc_fetch_krbtgt() only needs sdb_entry
      s4:kdc: samba_kdc_fetch_server() only needs sdb_entry
      s4:kdc: samba_kdc_seq() only needs sdb_entry
      s4:kdc: hdb_samba4_fetch_fast_cookie() don't need sdb_entry_ex
      s4:kdc: use sdb_entry_to_hdb_entry() directly
      s4:kdc: remove unused sdb_entry_ex_to_hdb_entry_ex()
      s4:kdc: use sdb_entry_to_krb5_db_entry() directly
      s4:kdc: remove unused sdb_entry_ex_to_kdb_entry_ex()
      s4:kdc: samba_kdc_fetch() only needs sdb_entry
      s4:kdc: samba_kdc_{first,next}key() only need sdb_entry
      s4:libnet: avoid using sdb_entry_ex and use sdb_entry directly
      s4:kdc: avoid using sdb_entry_ex in samba_wdc_reget_pac()
      s4:kdc: avoid using sdb_entry_ex in mit_samba_get_principal()
      s4:kdc: avoid using sdb_entry_ex in mit_samba_get_{first,next}key()
      s4:kdc: avoid using sdb_entry_ex in netr_samlogon_generic_logon()
      s4:kdc: avoid using sdb_entry_ex in hdb_samba4_fetch_kvno()
      s4:kdc: avoid using sdb_entry_ex in hdb_samba4_{first,next}key()
      s4:kdc: finally remove unused 'struct sdb_entry_ex'
      s4:kdc: pass flags and kvno down to samba_kdc_message2entry_keys()
      s4:kdc: add old and older keys to sdb_entry
      s4:kdc: teach samba_kdc_message2entry_keys() to handle old and older keys too
      buildtools: remove unused testwaf.sh
      lib/fuzzing/README.md: don't use waf directly
      s4:selftest/provisions: make use of 'make testenv' and avoid direct waf
      wafsamba: let test_duplicate_symbol.sh export PYTHONHASHSEED=1
      configure/Makefile: export PYTHONHASHSEED=1 in all 'configure/Makefile' scripts
      ctdb/packaging/RPM: don't use waf directly
      wafsamba: require PYTHONHASHSEED=1 to be exported
      python/join: improve logging of join_replicate()
      s4:dsdb/descriptor: split out struct descriptor_transaction
      s4:dsdb/descriptor: add statistics for security descriptor propagation
      s4:dsdb/descriptor: skip duplicates in descriptor_extended_sec_desc_propagation()
      s4:dsdb/descriptor: pass parent guid to dsdb_module_schedule_sd_propagation()
      s4:dsdb/descriptor: sort descriptor_changes tree based
      s4:dsdb/descriptor: skip duplicates in descriptor_sd_propagation_object()

Thomas Debesse (2):
      WHATSNEW: IRC is irc.libera.chat according to https://www.samba.org/samba/irc.html
      s4: dns: Add customizable dns port option

Vinit Agnihotri (1):
      packaging: move CTDB service file to top-level

Volker Lendecke (136):
      mdssvc: Align an integer type
      torture: Align an integer type
      smbd: Modernize a debug statement
      smbd: Make directory_has_default_posix_acl() just take "dirfsp"
      smbd: chmod_acl_internals() does not need connection_struct anymore
      smbd: copy_access_posix_acl() just needs fsps these days
      smbd: Simplify reopen_from_fsp() with an early return
      vfs: Simplify fake_acls_stat() with an early return
      sharesec: Add SEC_DIR_DELETE_CHILD to CHANGE permissions
      lib: Fix CID 1465285 Double close
      smbd: Fix CID 1497981: Null pointer dereferences (REVERSE_INULL)
      libsmb: Avoid a call to SMBC_errno()
      libsmb: Avoid a call to SMBC_errno()
      libsmb: Avoid two calls to SMBC_errno()
      libsmb: Avoid a call to SMBC_errno()
      libsmb: Avoid a call to SMBC_errno()
      libsmb: Avoid a call to SMBC_errno()
      libsmb: Convert SMBC_getatr() to NTSTATUS
      smbd: Fix open_pathref_base_fsp()'s implicit conn_cwd assumption
      smbd: Avoid an "else" in file_set_dosmode()
      smbd: Pass "dirfsp" and "smb_fname" to fd_open_atomic()
      vfs: Fix a typo
      lib: Simplify pm_process()
      smbd: Slightly simplify create_file_unixpath()
      smbd: Move the call to file_free() out of close_directory()
      smbd: Move the call to file_free() out of close_normal_file()
      smbd: Move the call to file_free() out of close_fake_file()
      smbd: Call file_free() just once in close_file()
      smbd: NULL out "fsp" in close_file()
      smbd: No base fsps to close_file_free() from file_close_conn()
      smbd: Factor out close_file_in_loop() from file_close_conn_fn()
      smbd: No base fsps to close_file_free() from file_close_user()
      smbd: Simplify the flow in close_file_free()
      torture: Add a test to show that full_audit uses a ptr after free
      smbd: Factor out fsp_unbind_smb() from file_free()
      smbd: Introduce close_file_smb()
      smbd: Only file_free() a self-created fsp in create_file_unixpath()
      smbd: Introduce fsp_is_alternate_stream()
      smbd: Introduce metadata_fsp()
      smbd: Use fsp_is_alternate_stream() where an fsp is available
      vfs: Simplify streams_xattr_unlinkat()
      vfstest: Align two integer types
      smbd: Safeguards for getpwuid
      libsmb: Use fstrcpy where possible
      ndrdump: Small simplification
      torture: Align integer types
      smbd: Simplify smbd_dirptr_lanman2_mode_fn()
      libsmb: Avoid a call to SMBC_errno()
      libsmb: Avoid a call to SMBC_errno()
      vfs: Use fsp_get_pathref_fd() in aio_pthread
      smbd: Slightly simplify openat_pathref_fsp()
      smbd: Use fsp_is_alternate_stream(), we checked for fsp!=NULL above
      vfs: Use is_named_stream() for checking if we have an ADS
      smbd: Only open base_fsp for non-"::$DATA" streams
      smbd: Simplify open_file_ntcreate()
      smbd: Filter out "::$DATA" for query name information
      smbd: Use ISDOT/ISDOTDOT
      vfs: Fix a typo
      vfs: Don't go through strnorm(..., CASE_LOWER)
      smbd: Make strnorm() static to filename.c
      smbd: Initialize a pointer
      smbd: Make OpenDir_fsp() return NTSTATUS
      smbd: Factor out OpenDir_ntstatus()
      smbd: can_delete_directory_fsp() returns NTSTATUS
      vfs: walk_streams() returns NTSTATUS
      smbd: Initialize a pointer
      smbd: Convert get_real_filename_full_scan() to OpenDir_ntstatus()
      smbd: Fix a typo
      smbd: We have the fsp available, use fsp_is_alternate_stream()
      samba-dcerpcd: Silence a DEBUG message
      lib: Use cp_smb_filename_nostream() in adouble_path()
      lib: Simplify parent_dirname() by using talloc_strndup()
      vfs: Fix a typo
      vfs: Fix a typo
      vfs: Set errno in an error return
      smbd: Fix a typo
      smbd: Fix a use-after-free
      smbd: Remove a deref forgotten in c2ac6a9cd7b
      smbd: Inherit acl from an fsp instead of a fname
      smbd: Pass dirfsp instead of an fname to open_file()
      smbd: Log close_file_free() failure in copy_internals()
      smbd: Pass dirfsp instead of a parent filename to unix_mode
      smbd: Remove unused "lret" variable from file_set_dosmode()
      smbd: Save a few lines in file_set_dosmode() with "goto done;"
      smbd: Fix indentation in rename_internals_fsp()
      smbd: Make complex if-expression in file_set_dosmode() easier to read
      vfs: Don't mask shadow_copy2_convert()'s errno
      vfs: Add SMB_VFS_FSTATAT
      vfs: Convert get_real_filename() to NTSTATUS
      smbd: Simplify non_widelink_open()
      smbd: Avoid some casts
      printing: Fix a DBG message
      vfs: Format a comment
      smbd: Avoid two else statements
      smbd: Avoid an else
      smbd: Fix a typo
      smbd: get_acl_group_bits() needs a fsp, not a name
      smbd: Simplify dos_mode_check_compressed()
      smbd: Simplify dos_mode_from_name() with ISDOT()/ISDOTDOT()
      smbd: Pass dirfsp instead of fname to inherit_new_acl
      smbd: Pass "dirfsp" and "smb_fname" to reopen_from_fsp()
      smbd: Always use O_NONBLOCK in openat_pathref_fsp()
      smbd: Mark fsp as directory after calling fstat()
      smbd: No need to set O_DIRECTORY in openat_pathref_fsp()
      smbd: Don't require a valid stat for openat_pathref_fsp()
      smbd: Return ISLNK from non_widelink_open() in smb_fname
      smbd: Remove a few vfs_stat() calls
      smbd: Make non_widelink_open() robust for non-cwd dirfsp
      lib: Slightly simplify add_interface()
      lib: Add a pair of {}
      lib: Use talloc_zero, save a ZERO_STRUCT
      smbd: Avoid an "else"
      smbd: Fix a misleading comment
      smbd: Use ISDOT/ISDOTDOT in ReadDirName()
      smbclient: strequal() -> ISDOT/ISDOTDOT
      smbd: Make an if-statement in ReadDirName() a bit more readable
      smbd: Fix a typo
      lib: GENCACHE_RAM isn't used anymore
      smbd: Fix create_file_unixpath()'s stream handling
      smbd: Add a DEBUG to create_file_unixpath()
      smbd: Simplify reply_rmdir()
      smbd: Don't NULL out the "::$DATA" in openat_pathref_fsp()
      smbd: Don't NULL out "::$DATA"
      torture: Introduce error labels for vfstest's cmd_open()
      torture: Create a base_fsp for a named stream in vfstest
      vfs: Ensure we have a base fsp openat() for named streams
      vfs: streams_xattr uses fsetxattr by now, remove an assert
      smbd: Don't loose base_fsp statinfo in non_widelink_open
      vfs: Simplify streams_depot_openat()
      lib: Stay ASCII-compatible for toupper_m/tolower_m
      streams_depot: Pass base_sbuf to stream_smb_fname()
      streams_depot: Only create the subdirectories with O_CREAT
      streams_depot: Simplify stream_dir()
      modules: Use conn->cwd_fsp in fruit_open_rsrc_adouble()
      smbd: Align open_file() argument order with reopen_from_fsp()
      smbd: Use dirfsp and atname passed to open_file()


Samba Shared Repository

More information about the samba-cvs mailing list