[SCM] Samba Shared Repository - annotated tag talloc-2.4.0 created
Jule Anger
janger at samba.org
Wed Jan 18 17:37:10 UTC 2023
The annotated tag, talloc-2.4.0 has been created
at 82a8bbe15996f0c2c21a89e05bd22d68dbc76c5f (tag)
tagging 5224ed98eeba43f22b5f5f87de5947fbb1c1c7c1 (commit)
replaces samba-4.17.0rc1
tagged by Jule Anger
on Wed Jan 18 18:37:06 2023 +0100
- Log -----------------------------------------------------------------
talloc: tag release talloc-2.4.0
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAmPILkIACgkQR5ORYRMI
QCX3/wgAnz8XJ9sG12kQ82off7vzZxTiuPBhnMR6knJQFF5kmjJyX+b1yh1ZzWlD
ac+4e9oCMX4xQtiIvCRyl+slsijYJ+O/03HUtxDba9KXPifbSolCTVqz9HtzrfvG
74GKY6MW12ZosFQNDJAJ8dLD/4iz6mNuTYbFQDF04LQ6kgoIx8PUd3NEI6ulrOT/
N6ITnQSCb29/9pgMlx2JAVpI7AVgmEx7DapeFPbA3VDfJLfBBgZ0ZSv7X7DaebWt
8/FA3/c4hS21R8s1oTJ9IgjO6/bWHwXxuhF4nl6muz93lWuma65oMrH4SQsj5+SR
pXW4qB3K42+dbHCq44nCFf7Tw4Ynaw==
=UmDL
-----END PGP SIGNATURE-----
Andreas Schneider (165):
testprogs: Reformat test_ldb.sh
testprogs: Reformat test_ldb_simple.sh
testprogs: Reformat test_net_ads.sh
testprogs: Reformat test_net_ads_dns.sh
testprogs: Reformat test_net_ads_fips.sh
testprogs: Reformat test_net_offline.sh
testprogs: Reformat test_net_rpc_user.sh
testprogs: Reformat test_offline_logon.sh
testprogs: Reformat test_old_enctypes.sh
testprogs: Reformat test_password_settings.sh
testprogs: Reformat test_pdbtest.sh
testprogs: Reformat test_pkinit_pac.sh
testprogs: Reformat test_pkinit_simple.sh
testprogs: Reformat test_primary_group.sh
testprogs: Reformat test_rpcclient_schannel.sh
testprogs: Reformat test_s4u_heimdal.sh
testprogs: Reformat test_samba-tool_ntacl.sh
testprogs: Reformat test_samba_upgradedns.sh
testprogs: Reformat test_smbtorture_test_names.sh
testprogs: Reformat test_special_group.sh
testprogs: Reformat test_trust_ntlm.sh
testprogs: Reformat test_trust_token.sh
testprogs: Reformat test_trust_user_account.sh
testprogs: Reformat test_trust_utils.sh
testprogs: Reformat test_weak_crypto.sh
testprogs: Reformat test_weak_crypto_server.sh
testprogs: Reformat test_weak_disable_ntlmssp_ldap.sh
testprogs: Reformat test_wintest.sh
testprogs: Reformat tombstones-expunge.sh
testprogs: Reformat upgradeprovision-oldrelease.sh
testsuite: Reformat shell scripts
third_party: Reformat shell scripts
s3:util: Initialize json_object structures so we can call json_free()
s3:utils: Fix NULL check
waf: Fix SO version number of libsamba-errors
bootstrap: Install ShellCheck and shfmt
script: Add script to run shellcheck on shell scripts
s3:script: Fix variable asignment in test_dfree_command.sh
testprogs: Fix variable asignment in test_wintest.sh
examples: Fix shellcheck error in get_next_oid
examples: Remove trailing spaces in VampireDriversFunctions
examples: Fix shellcheck error in VampireDriversFunctions
nsswitch: Fix shellcheck errors in test_rfc2307_mapping.sh
lib:fuzzing: Fix shellcheck errors in build_samba.sh
release-script: Fix shellcheck errors
s3:script: Fix shellcheck errors in mksyms.sh
s3:script: Fix shellcheck errors in dlopen.sh
s3:script: Fix shellcheck errors in test_dfree_command.sh
s3:script: Fix shellcheck errors in test_dfree_quota.sh
s3:script: Fix shellcheck errors in test_net_cred_change.sh
s3:script: Fix shellcheck errors in test_net_lookup.sh
s3:script: Fix shellcheck errors in test_net_registry_check.sh
s3:script: Fix shellcheck errors in test_net_registry_roundtrip.sh
s3:script: Fix shellcheck errors in test_preserve_case.sh
s3:script: Fix shellcheck errors in test_rpcclient_samlogon.sh
s3:script: Fix shellcheck errors in test_smbclient_s3.sh
s3:script: Fix shellcheck errors in test_smbspool.sh
s3:script: Fix shellcheck errors in test_smbstatus.sh
testprogs: Fix shellcheck errors in common_test_fns.inc
s4:client: Fix shellcheck errors in test_smbclient.sh
s4:script: Fix shellcheck errors in find_unused_options.sh
s4:selftest: Fix shellcheck errors in test_w2k3.sh
s4:selftest: Fix shellcheck errors in wintest_2k3_dc.sh
s4:setup: Fix shellcheck errors in provision_fileperms.sh
s4:selftest: Fix shellcheck errors in wintest_net.sh
s4:selftest: Fix shellcheck errors in wintest_rpc.sh
s4:torture: Fix shellcheck errors in test_gentest.sh
s4:tortue: Fix shellcheck errors in test_locktest.sh
s4:torture: Fix shellcheck errors in test_masktest.sh
s4:utils: Fix shellcheck errors in test_samba_tool.sh
testprogs: Fix shellcheck errors in dbcheck-oldrelease.sh
testprogs: Fix shellcheck errors in test_chgdcpass.sh
testprogs: Fix shellcheck errors in test_export_keytab_heimdal.sh
testprogs: Fix shellcheck errors in test_export_keytab_mit.sh
testprogs: Fix shellcheck errors in test_kinit_mit.sh
testprogs: Fix shellcheck errors in test_kinit_trusts_heimdal.sh
testprogs: Fix shellcheck errors in test_kinit_heimdal.sh
testprogs: Fix shellcheck errors in test_kinit_trusts_mit.sh
testprogs: Fix shellcheck errors in test_kpasswd_heimdal.sh
testprogs: Fix shellcheck errors in test_password_settings.sh
testprogs: Fix shellchecks errors in test_pdbtest.sh
testprogs: Fix shellcheck errors in test_weak_crypto_server.sh
testprogs: Fix shellcheck errors in test_wintest.sh
testprogs: Fix shellcheck errors in upgradeprovision-oldrelease.sh
gitlab-ci: Add a shellcheck runner
s4:gensec: Do not link subsystems against dlopen() modules!
waf: Do not use as-needed if we build with Address Sanitizer
selftest: Remove tailing whitspaces in selftest.pl
selftest: Fix address sanitizer with python3
selftest: Create asan_options variable
selftest: Add Address Sanitizer suppressions
s4:kdc: Set kerberos debug class for kdc service
s4:kdc: Set Kerberos debug class for all KDC files
s3:auth: Flush the GETPWSID in memory cache for NTLM auth
s3:librpc: Improve GSE error message
s3:rpcclient: Pass salt down to init_samr_CryptPasswordAES()
s4:libnet: If we successfully changed the password we are done
s3:param: Fix old-style function definition
s3:client: Fix old-style function definition
s3:utils: Fix old-style function definition
wafsamba: Add -Werror=old-style-definition
wafsamba: Add -Werror=implicit-int
lib:replace: Fix trailing whitespace in wscript
lib:replace: Require bool from C99
third_party: Update nss_wrapper to version 1.1.13
gitlab-ci: Update Fedora to version 37
s3:tests: Add substitution test for include directive
s3:tests: Add substitution test for listing shares
s3:rpc_server: Fix include directive substitution when enumerating shares
s4:torture: Fix segfault in multichannel test
lib:compression: Initialize variables
testprogs: If built against system db use the system tools in test_primary_group.sh
testprogs: If built against system db use the system tools in test_trust_token.sh
testprogs: If built against system db use the system tools in test_net_ads_dns.sh
testprogs: If built against system db use the system tools in ldapcmp_restoredc.sh
testprogs: Do not run tests if undump.sh is not available
nsswitch:tests: Use ldb(modify|search) from the system
s3:utils: Fix stack smashing in net offlinejoin
testprogs: Use new kerberos options for ldb and samba-tool in test_kinit_mit.sh
testprogs: Use new kerberos options for samba-tool in test_export_keytab_mit.sh
testprogs: Use new kerberos options for samba-tool in test_kpasswd_mit.sh
s4:torture: Fix stack variable used out of scope in test_devmode_set_level()
s4:torture: Pass the dcerpc struct 'q' for GetPrinter down to the macro
s4:torture: Pass the dcerpc struct 's' for SetPrinter down to the macro
s4:torture: Fix stack variable used out of scope in test_devicemode_full()
third_party: Update resolv_wrapper to version 1.1.8
autobuild: Don't use deprecated distutils
s3:script: Improve test_chdir_cache.sh
s3:client: Fix a use-after-free issue in smbclient
lib:ldb: Fix trailing whitespaces in common/attrib_handlers.c
lib:ldb: Fix trailing whitespaces in common/ldb_utf8.c
lib:ldb: Remove trailing white spaces in ldb_private.h
lib:ldb: Add ldb_ascii_toupper()
lib:ldb: Use ldb_ascii_toupper() for case folding
waf: Run python tests also with tr_TR locale
testprogs: Fix remove_directory()
testprogs: Add system_or_builddir_binary()
testprogs: Use system_or_builddir_binary() for dbcheck and runtime tests
testprogs: Use system_or_builddir_binary() for dbcheck-oldrelease
testprogs: Use system_or_builddir_binary() for demote-saveddb
testprogs: Use system_or_builddir_binary() for functionalprep
testprogs: Use system_or_builddir_binary() for ldapcmp_restoredc
testprogs: Use system_or_builddir_binary() for renamedc
testprogs: Use system_or_builddir_binary() for test_client_kerberos
testprogs: Use system_or_builddir_binary() for test_kinit_heimdal
testprogs: Use system_or_builddir_binary() for test_kinit_mit
testprogs: Use system_or_builddir_binary() for test_ktpass
testprogs: Use system_or_builddir_binary() for test_ldb
testprogs: Use system_or_builddir_binary() for test_ldb_simple
testprogs: Use system_or_builddir_binary() for test_net_ads
testprogs: Use system_or_builddir_binary() for test_net_ads_dns
testprogs: Use system_or_builddir_binary() for test_old_enctypes
testprogs: Use system_or_builddir_binary() for test_pkinit_pac
testprogs: Use system_or_builddir_binary() for test_pkinit_simple
testprogs: Use system_or_builddir_binary() for test_primary_group
testprogs: Use system_or_builddir_binary() for test_special_group
testprogs: Use system_or_builddir_binary() for test_trust_token
testprogs: Use system_or_builddir_binary() for tombstones-expunge
testprogs: Use system_or_builddir_binary() for upgradeprovision-oldrelease
nsswitch:tests: Use system_or_builddir_binary() for test_rfc2307_mapping
python:tests: Use system ldbsearch if we build with system libldb
python:tests: Use system ldbdump if we build with system ldb
python:tests: Use system ldbsearch if we built against system libldb
s4:setup:tests: Use system ldbdump if we build with system ldb
third_party: Update waf to version 2.0.25
Andrew (1):
rpc_server:srvsvc - retrieve share ACL via root context
Andrew Bartlett (26):
CVE-2021-20251 s4-rpc_server: Use authsam_search_account() to find the user
CVE-2021-20251 auth4: Reread the user record if a bad password is noticed.
CVE-2021-20251 s4 auth: make bad password count increment atomic
CVE-2021-20251 auth4: Add missing newline to debug message on PSO read failure
CVE-2021-20251 auth4: Split authsam_calculate_lastlogon_sync_interval() out
CVE-2021-20251 auth4: Inline samdb_result_effective_badPwdCount() in authsam_logon_success_accounting()
CVE-2021-20251 auth4: Avoid reading the database twice by precaculating some variables
CVE-2020-25720 s4:dsdb/descriptor: explain lack of dSHeuristics check
selftest: Prepare for "old Samba" mode regarding getncchanges GET_ANC/GET_TGT
selftest: Add tests for GetNCChanges GET_ANC using samba-tool drs clone-dc-database
s4-rpc_server:getncchanges Add "old Samba" mode regarding GET_ANC/GET_TGT
selftest: Enable "old Samba" mode regarding GET_ANC/GET_TGT
s4-libnet: Add messages to object count mismatch failures
python-drs: Add client-side debug and fallback for GET_ANC
lib/tsocket: Add tests for loop on EAGAIN
Add Heimdal test file test_base.c to bi-directional encoding ignore list
third_party/heimdal: import lorikeet-heimdal-202210310104 (commit 0fc20ff4144973047e6aaaeb2fc8708bd75be222)
tests: Replace OpenSSL MD4 invocation with a python3 call
bootstrap: Spelling fix in bootstrap from Michael Tokarev
CVE-2022-44640 selftest: Exclude Heimdal fuzz-inputs from source_chars test
selftest: make filter-subunit much more efficient for large knownfail lists
CVE-2022-37966 selftest: Allow krb5 tests to run against an IP by using the target_hostname binding string
CVE-2022-37966 HEIMDAL: Look up the server keys to combine with clients etype list to select a session key
CVE-2022-37966 param: Add support for new option "kdc force enable rc4 weak session keys"
CVE-2022-37966 kdc: Implement new Kerberos session key behaviour since ENC_HMAC_SHA1_96_AES256_SK was added
build: Convert winexe to use enabled= in wscript
Andrew Walker (4):
nsswitch:libwbclient - fix leak in wbcCtxPingDc2
s3:modules - fix read of uninitialized memory
s3:params:lp_do_section - protect against NULL deref
lib/replace - add extra check to bsd_attr_list
Anoop C S (21):
vfs_glusterfs: Accept fsp with const qualifier
source3/wscript: Detect glusterfs-api with *at() calls support
vfs_glusterfs: Use glfs_openat() for SMB_VFS_OPENAT
vfs_glusterfs: Use glfs_mkdirat() for SMB_VFS_MKDIRAT
vfs_glusterfs: Use glfs_renameat() for SMB_VFS_RENAMEAT
vfs_glusterfs: Use glfs_unlinkat() for SMB_VFS_UNLINKAT
vfs_glusterfs: Use glfs_symlinkat() for SMB_VFS_SYMLINKAT
vfs_glusterfs: Use glfs_readlinkat() for SMB_VFS_READLINKAT
vfs_glusterfs: Use glfs_linkat() for SMB_VFS_LINKAT
vfs_glusterfs: Use glfs_mknodat() for SMB_VFS_MKNODAT
vfs_glusterfs: Use glfs_symlinkat() for SMB_VFS_CREATE_DFS_PATHAT
vfs_glusterfs: Use glfs_readlinkat() for SMB_VFS_READ_DFS_PATHAT
vfs_glusterfs: Use glfs_fgetxattr() for SMB_VFS_GET_REAL_FILENAME_AT
vfs_glusterfs: Implement SMB_VFS_FSTATAT
vfs_glusterfs: Remove special handling of O_CREAT flag
vfs_glusterfs: Simplify SMB_VFS_GET_REAL_FILENAME_AT implementation
vfs_glusterfs: Do not use glfs_fgetxattr() for SMB_VFS_GET_REAL_FILENAME_AT
vfs_glusterfs: Add path based fallback mechanism for SMB_VFS_FGETXATTR
vfs_glusterfs: Simplify SMB_VFS_FDOPENDIR implementation
vfs_glusterfs: Add path based fallback mechanism for SMB_VFS_FNTIMES
lib/compression: Include missing stat header file
Björn Baumbach (4):
auth/creds: fix a typo in a comment
samba-tool domain: fix a typo in samba-tool passwordsettings option description
s3/libsmb: fix a typo in parameter description
lib/tsocket: fix a typo in the tsocket guide doc
Björn Jacke (2):
docs-xml: some fixes and updates for ea and acl docs in smb.conf
docs-xml: some fixes to acl parameter documentation
Christian Ambach (1):
s3:utils remove documentation of -l as alias for --long
Christian Merten (13):
libcli security_descriptor: Add function to delete a given ace from a security descriptor
libcli security_descriptor: Compare object type and inherited object type when comparing ACEs
libcli security/sddl: Make sddl_encode_ace visible
librpc ndr/py_security: Export ACE deletion functions to python
librpc ndr/py_security: Export security_ace_equal as richcmp to python
librpc ndr/py_security: Export sddl_encode_ace to python
samba-tool dsacl: Add subcommand to delete ACEs
samba-tool dsacl: Add unit tests for delete subcommand
samba-tool dsacl: Create helper functions to remove code duplication
samba-tool dsacl: Create common superclass for dsacl commands
samba-tool dsacl: Add get and delete subcommand to samba-tool dsacl man section
python security: Add unit tests for comparing ACEs and exporting as SDDL
samba-tool dsacl: Add additional unit test for delete subcommand
Christof Schmitt (7):
vfs_gpfs: Remove support for old GPFS without DACL_PROTECTED support
vfs_gpfs: Remove documentation for removed gpfs:refuse_dacl_protected option
posix_acls: Remove redundant call to save mode
posix_acl: Move chown checks to new function
nfs4_acls: Call chown_if_needed function to remove duplicate code
posix_acls: Make try_chown and unpack_nt_owners static
nfs4_acl: Add comment for setting ACL as root
Daniel Kobras (2):
s3: smbd: Consistently map EAs to user namespace
docs-xml: ea support option restricted to user ns
David Mulder (58):
winbind: Fix potential memory leak in winbind gpupdate
winbind: Enforce user group policy when enabled
gpo: Test to ensure startup scripts don't crash w/out params
gpo: Fix startup scripts to not fail w/out params
winbind: Fix user gpupdate called with NULL smb.conf
winbind: Add smbconf fallback for gpupdate_callback
smbd: Correct store_smb2_posix_info size check
gp: Move GNOME admx templates
gpo: Install the GNOME Settings admx templates
gpo: GPME doesn't permit nesting of admx categories in builtin
gp: Ignore crontab -l error, since it means empty
gp: Password and Kerberos policies fail on unknown key
gp: Test that Password and Kerberos policies fail on unknown key
gp: Fix startup scripts add args
gp: startup scripts add clarify 'args' option
gp: startup scripts list enclude newline in output
gp: Fix startup scripts list not fail with empty args
gp: Fix startup scripts add not always set runonce
gp: Test that samba-tool gpo manage lists gpme sudoers
gp: Make samba-tool gpo manage sudoers list backward compatible
gp: Test that samba-tool gpo manage removes gpme sudoers
gp: Make samba-tool gpo manage sudoers remove backward compatible
gp: samba-tool manage gpo access add don't fail w/out upn
gp: PAM Access should implicitly deny ALL w/ allow
gp: Test PAM Access with DENY_ALL
libsmb: Make info_level configurable in dir listing
libsmb: Allow listing with posix context
tests/s3: Test SMB2_FIND_POSIX_INFORMATION dir query
smbd: Implement SMB2_FILE_POSIX_INFORMATION in smbd_marshall_dir_entry
tests/s3: Test reserved chars in posix filename
libcli: Add client support for SMB2_FILE_POSIX_INFORMATION
tests/s3: Test delete on close with SMB3 posix
tests/s3: Test case sensitive open with SMB3 posix
tests/s3: Test file/dir permissions with SMB3 posix
smbd: Implement SMB2_FS_POSIX_INFORMATION_INTERNAL
s3: smbd: store_smb2_posix_info hide info for '..'
s3: Test that store_smb2_posix_info hides info for '..'
gp: Fix Firewalld RSoP output skipping Zones
gp: Fix GNOME Settings writing unreadable user profile
gp: Implement appliers for monitoring policy changes
gp: Modify Symlink CSE to use new files applier
gp: Modify PAM Access CSE to use new files applier
gp: Modify OpenSSH CSE to use new files applier
gp: Modify Sudoers CSEs to use new files applier
gp: Modify Files CSE to use new files applier
gp: Modify Machine Scripts CSE to use new files applier
gp: Modify GNOME Settings CSE to use new files applier
gp: Modify Startup Scripts CSE to use new files applier
gp: Modify Centrify Crontab compatible CSE to use new files applier
gp: Modify Cert Auto Enroll CSE to use new applier
gp: Modify Chromium CSE to use new files applier
gp: Test that files are re-created if manually removed
gp: Re-create files if manually removed
gp: Ensure policy changes don't leave files behind
gp: Enable gpupdate output when testing
gp: Fix rsop when final value isn't a str
gp: Ensure rsop is tested for every CSE
gp: Don't hide managed/recommended directories
Douglas Bagnall (152):
pytest/segfault: abort for generate_random_bytes(-1)
pyglue: check talloc buffer for random bytes
pyglue: generate_random_bytes/str accept positive numbers only
pyglue: generate_random_[machine]_password: reject negative numbers
pyglue:generate_random_[machine]_password: ValueError for bad values
pytest: add file removal helpers for TestCaseInTempDir
pytest/downgradedatabase: use TestCaseInTempDir.rm_files
pytest/samdb_api: use TestCaseInTempDir.rm_files
pytest/join: use TestCaseInTempDir.rm_files/dirs
pytest/samdb: use TestCaseInTempDir.rm_files/.rm_dirs
pytest/samba_tool_drs: use TestCaseInTempDir.rm_files/.rm_dirs
pytest/samba_tool_drs_no_dns: use TestCaseInTempDir.rm_files/.rm_dirs
pytests: move ValidNetbiosNameTests to samba.tests.netbios
pytest: SambaToolCmdTest allows easier StringIO replacement
pytest/samba-tool visualize: fix docstring
pytest samba-tool visualize: extend colour tests for $NO_COLOR
samba-tool visualize: respect $NO_COLOR
samba-tool visualize: remove py2 compat for colour calculations
pytest/samba-tool visualize: test '--color' aliases
samba-tool visualise: expand set of --color switches
python/colour: helper functions to read all signs
py/samba/logger: respect NO_COLOR env variable
samba-tool: respect NO_COLOR env variable and --color options
s4/tests/samba-tool drs showrepl: use vars for common strings
s4/tests/samba-tool drs showrepl: test NO_COLOR and --color variants
samba-tool: reduce repetitious jargon on credentials failure
samba-tool: avoid traceback for options errors
py/getopt: improve messages for bad --debug arg
py/getopt: improve messages for bad --realm
py/getopt: allow --option arguments to contain '='
samba-tool: avoid traceback for NT_STATUS_NETWORK_UNREACHABLE
samba-tool: do not force a traceback on CommandError
samba-tool domain provision: better message if tdbbackup missing
samba-tool dbcheck: improve --help for --reset-well-known-acls
samba-tool domain: fix error string for account lockout duration
samba-tool dns: add a wrapper for better error messages
samba-tool dns: use DnsConnWrapper widely
samba-tool dns: catch DS_UNAVAILABLE errors as CommandErrors
samba-tool dns: catch ZONE_ALREADY_EXISTS errors as CommandErrors
samba-tool dns: RECORD_DOES_NOT_EXIST errors as CommandErrors
samba-tool dns: NAME_DOES_NOT_EXIST errors; add docstring
samba-tool dns: zonedelete uses DnsConnWrapper messages
samba-tool dns: query uses DnsConnWrapper messages
samba-tool dns: add uses DnsConnWrapper messages
samba-tool dns: delete uses DnsConnWrapper messages
samba-tool dns: update_record uses DnsConnWrapper
samba-tool dns: use DnsconnWrapper in zonecreate
samba-tool dns: catch werror.WERR_ACCESS_DENIED
samba-tool ldapcmp: use ValueError, not Exception
samba-tool ldapcmp: use shorter names in cmp_attrs
samba-tool ldapcmp: do not assume common attributes
samba-tool ldapcmp: use CommandError, not assertion
samba-tool ldapcmp: use CommandError on auth failure
samba-tool domain: helper function for domain level names
samba-tool domain show: use level_to_string()
samba-tool domain show: report level 2016
samba-tool domain: expand string_version_to_constant range
samba-tool domain: add string_to_level() helper
samba-tool domain: use string_to_level helper()
pytest: samba-tool ntacl should report errors better
pytest: posixacl getntacl should raise OSError
pybindings: xattr_native raises OSError not TypeError
pysmbd: avoid leaks in get_nt_acl()
pysmbd: get_nt_acl() raises FileNotFoundError if appropriate
pysmbd: set_nt_acl() can raise FileNotFoundError
samba-tool ntacl: better messages for missing files
samba-tool: do not crash on unimplemented .run()
samba-tool: separate ._run() from command resolution
samba-tool: more conventional usage of parser.parse_args
samba-tool: _resolve() can set outf, errf
samba-tool: command that has exception, shows exception
samba-tool: add a convenience function that does it all
pytest/netcmd: fix for new samba-tool api
pytest/samba_dnsupdate: fix using samba-tool function
pytest/password-lockout: fix using samba_tool function
pytest/samba-tool: entry function follows too logic
samba-tool: binary uses samba_tool function
pytest: samba-tool: coalesce run*cmd functions
make runcmd, runsubcmd, exact aliases
pytest samba-tool forest: use runcmd
samba-tool: simplify and clarify SuperCommand._run() a little
pytest/password_lockout: be less verbose by default
libaddns: remove duplicate declaration
s4/server: stop suggesting ntvfs in error message
ldb: ldb_build_search_req() check for a talloc failure
libcli/auth/proto.h: remove unneeded path details.
pytest: samba-tool visualize: fix filename
py:colour: colour_if_wanted() returns the result
samba-tool: make --color a general option
samba-tool: save --color choice for subcommands
samba-tool drs showrepl: use global --color option
samba-tool: --color=auto looks at stderr and stdout
py:colour: is_colour_wanted() can take filenames
samba-tool visualise: use global --color
samba-tool visualize: simplify --color-scheme calculations
samba-tool: write ERROR in red if colour is wanted
samba-tool: no stack trace on missing ldb tdb
pytest: samba-tool visualize: improve a message
pytests: remove backwards compat workaround for python 2.6
pytests:s4/drs/ridalloc_exop: avoid unused imports
pytests:s4/drs/linked_attributes_drs: avoid unused imports
pytests:s4/drs/repl_rodc: avoid unused imports
pytests:s4/drs/repl_move: avoid unused and star imports
pytests:s4/drs/getnc_schema: avoid unused imports
pytests:s4/dsdb/passwords: avoid unused imports
py/dbchecker: dbcheck prints bits of colour if asked
samba-tool dbcheck: use colour if wanted
dbcheck: do not crash on empty DN
dbcheck: don't recommend --fix for errors we can't fix
py/dbcheck: improve 'please --fix' message
docs/man/samba-tool explain --color
WHATSNEW: samba-tool: fewer tracebacks, more colour
CVE-2007-4559 python: ensure sanity in our tarfiles
util: add stable sort functions
fuzz: add fuzzers for stable_sort
lib/compression: move lzxpress_plain test into tests/
test/source_chars: ignore testdata/compression
testdata: add test vectors for LZ77+Huffman [de-]compression
lib/compression: add LZ77 + Huffman decompression
lib/compression: LZ77 + Huffman compression
lib/compression/lzhuff: add debug flag to skip LZ77
lib/compression: debug routines for lzxpress-huffman
lib/compression/tests: add lzhuffman timer functions
fuzz: add fuzz_lzxpress_huffman_decompress
fuzz: add fuzz_lzxpress_huffman_compress
fuzz: add fuzz_lzxpress_huffman_round_trip
lib/compression: add a debug script to describe headers
lib/compression: helper script to make unbalanced data
lib/compression: script to test 3 byte hash
lib/compression: Windows utility to generate test vectors
lib/compression: test util to generate fuzzing seeds
lib/compression: add test scripts README
selftest: be less confident in commending st/summary
lib/comression: convert test_lzxpress_plain to cmocka
lib/compression/lzx-plain: relax size requirements on long file
testdata: move compression examples to re-use with lzxpress plain
lib/compression: add test data for lzxpress plain compression
lib/compression: more tests for lzxpress plain compression
lib/compression/lzxpress compression: use a write context struct
lib/compression/lzxpress: shift encoding into helper functions
lib/compression/lzxpress: fix our slow compression
s4/torture/smb2: avoid possibly closing undefined handle
compression/huffman: avoid semi-defined behaviour in decompress
fuzz: fix lzxpress plain round-trip fuzzer
compression/huffman: tighten bit_len checks (fix SUSE -O3 build)
compression/huffman: check again for invalid codes (CID 1517302)
compression/tests: calm the static analysts (CID: numerous)
compression tests: avoid div by zero in failure (CID 1517297)
compression: fix sign extension of long matches (CID 1517275)
compression/huffman: double check distance in matches (CID 1517278)
compression/huffman: debug function bails upon disaster (CID 1517261)
lib/compression: add simple python bindings
Florian Weimer (3):
buildtools/wafsamba: Avoid calling lib_func without a prototype
source3/wscript: Fix detection of major/minor macros
source3/wscript: Remove implicit int and implicit function declarations
Gary Lockyer (4):
CVE-2021-20251 auth4: split samdb_result_msds_LockoutObservationWindow() out
CVE-2021-20251 s4 auth: Prepare to make bad password count increment atomic
CVE-2021-20251 s4 auth test: Unit tests for source4/auth/sam.c
CVE-2021-20251 auth4: Return only the result message and free the surrounding result
Günther Deschner (3):
s3-librpc: add ads.idl and convert ads_struct to talloc.
s3-librpc: use nbt_server_type in ads.idl
s4-auth: fix sam test binary ntstatus include path
Jeremy Allison (141):
s3: smbd: Fix cosmetic bug logging pathnames from Linux kernel clients using SMB1 DFS calls.
s3: smbd: Add new function check_path_syntax_smb2_msdfs() for SMB2 MSDFS paths.
s3: smbd: Add helper function check_path_syntax_smb2().
s3: smbd: In smbd_smb2_create_send() call the helper function check_path_syntax_smb2().
s3: smbd: Make sure we have identical check_path_syntax logic in smbd_smb2_create_durable_lease_check(), as for smb2_create.
s3: smbd: Ensure smb2_file_rename_information() uses the SMB2 pathname parsers, not the SMB1 parsers.
s3: smbd: Add TALLOC_CTX * parameter to parse_dfs_path().
s3: smbd: Remove use of 'struct dfs_path'. Not needed for a (hostname, servicename, path) tuple.
s3: smbd: Remove definition of struct dfs_path.
s3: smbd: Add helper function msdfs_servicename_matches_connection().
s3: smbd: Use helper function msdfs_servicename_matches_connection() in parse_dfs_path().
s3: smbd: Use helper function msdfs_servicename_matches_connection() in dfs_redirect().
s3: smbd: Add dfs_filename_convert(). Simple wrapper around parse_dfs_path().
s3: smbd: In get referred_path(), make sure check_path_syntax() is called on returned reqpath.
s3: smbd: In get create_junction(), make sure check_path_syntax() is called on returned reqpath.
s3: smbd: Allow openat_pathref_dirfsp_nosymlink() to return NT_STATUS_PATH_NOT_COVERED for a DFS link on a DFS share.
s3: smbd: In filename_convert_dirfsp_nosymlink(), allow a NT_STATUS_PATH_NOT_COVERED error to be returned.
s3: smbd: In filename_convert_dirfsp_nosymlink(), cope with an MS-DFS link as the terminal component.
s3: smbd: Remove call to dfs_redirect() from filename_convert_smb1_search_path().
s3: smbd: Remove call to dfs_redirect() from filename_convert_dirfsp_nosymlink().
s3: smbd: Remove dfs_redirect().
s3: smbd: Add new version of dfs_path_lookup() that uses filename_convert_dirfsp().
s3: smbd: Switch get_referred_path() over to use the new dfs_path_lookup().
s3: smbd: Remove the old dfs_path_lookup() code.
s3: smbd: Remove unix_convert() and associated functions.
s3: tests: Add samba3.blackbox.test_veto_files.
s3: smbd: Add IS_VETO_PATH check to openat_pathref_dirfsp_nosymlink().
s3: smbd: Add IS_VETO_PATH checks to openat_pathref_fsp_case_insensitive().
s3/smbd: Use after free when iterating smbd_server_connection->connections
s3/smbd: Use after free when iterating smbd_server_connection->connections
s3: smbd: Add "enum file_close_type close_type" parameter to close_cnum().
s3: smbd: Add "enum file_close_type close_type" parameter to file_close_conn().
s3: smbd: Plumb close_type parameter through close_file_in_loop(), file_close_conn()
s3: smbd: Add a new function parse_dfs_path_strict().
s3: smbd: In dfs_filename_convert(), don't ask for hostname, sharename and then just free them.
s3: smbd: Add a comment explaing why dfs_filename_convert() must continue to use parse_dfs_path().
s3: smbd: Change get_referred_path() to use parse_dfs_path_strict().
s3: smbd: Change create_junction() to use parse_dfs_path_strict().
s3: smbd: In create_junction() remove hostname check. parse_dfs_path_strict() already does this.
s3: smbd: In create_junction() don't read hostname from parse_dfs_path_strict().
s3: smbd: Remove unneeded NULL check inside msdfs_servicename_matches_connection().
s3: smbd: Remove allow_broken_path from get_referred_path() and it's callers.
s3: smbd: Remove allow_broken_path from create_junction().
s3: smbd: Now parse_dfs_path() is only called from dfs_filename_convert() replace allow_broken_path with an SMB1 check.
s3: smbd: Remove allow_broken_path parameter from parse_dfs_path().
s3: smbd: parse_dfs_path() - Fix comment explaining where this is called from and with what kind of path.
s3: torture: Add a comprehensive SMB2 DFS path torture tester.
s3: torture: Add a comprehensive SMB1 DFS path torture tester.
s3: smbtorture3: Fix invalid tests for file identity.
s3: smbtorture: In run_smb1_dfs_paths() ensure we're actually reading and testing crtimes from the filesystem.
CVE-2021-20251 s3: ensure bad password count atomic updates
s3: smbtorture3: Add a new test SMB2-NON-DFS-SHARE.
s3: smbtorture3: Add an SMB1 operations torture tester.
s3: smbtorture3: Add test_smb1_mkdir() DFS test to run_smb1_dfs_operations().
s3: smbtorture3: Add test_smb1_rmdir() DFS test to run_smb1_dfs_operations().
s3: smbtorture3: Add test_smb1_ntcreatex() DFS test to run_smb1_dfs_operations().
s3: smbtorture3: Add test_smb1_nttrans_create() DFS test to run_smb1_dfs_operations().
s3: smbtorture3: Add test_smb1_openx() DFS test to run_smb1_dfs_operations().
s3: smbtorture3: Add test_smb1_open() DFS test to run_smb1_dfs_operations().
s3: smbtorture3: Add test_smb1_create() DFS test to run_smb1_dfs_operations().
s3: smbtorture3: Add test_smb1_getatr() DFS test to run_smb1_dfs_operations().
s3: smbtorture3: Add test_smb1_setatr() DFS test to run_smb1_dfs_operations().
s3: smbtorture3: Add test_smb1_chkpath() DFS test to run_smb1_dfs_operations().
s3: smbtorture3: Add test_smb1_ctemp() DFS test to run_smb1_dfs_operations().
s3: smbtorture3: Add test_smb1_qpathinfo() DFS test to run_smb1_dfs_operations().
s3: libsmb: Add missing memory allocation fail checks in cli_ntcreate1_send().
s3: libsmb: Add missing memory allocation fail check in cli_openx_create().
s3: libsmb: Cleanup - remove unused fname_src parameter from cli_dfs_target_check().
s3: libsmb: Add pair cli_state_save_tcon_share()/cli_state_restore_tcon_share().
s3: libsmb: In cli_lsa_lookup_sid() replace cli_state_save_tcon()/cli_state_restore_tcon() with cli_state_save_tcon_share()/cli_state_restore_tcon_share().
s3: libsmb: In cli_lsa_lookup_name() replace cli_state_save_tcon()/cli_state_restore_tcon() with cli_state_save_tcon_share()/cli_state_restore_tcon_share().
s3: libsmb: In cli_check_msdfs_proxy() replace cli_state_save_tcon()/cli_state_restore_tcon() with cli_state_save_tcon_share()/cli_state_restore_tcon_share().
s3: torture: In run_smb2_basic(), replace cli_state_save_tcon()/cli_state_restore_tcon() with cli_state_save_tcon_share()/cli_state_restore_tcon_share().
s3: torture: In run_tcon_test() replace cli_state_save_tcon()/cli_state_restore_tcon() with cli_state_save_tcon_share()/cli_state_restore_tcon_share().
s3: utils: In show_userlist() replace cli_state_save_tcon()/cli_state_restore_tcon() with cli_state_save_tcon_share()/cli_state_restore_tcon_share().
s3: smbcacls: In cli_lsa_lookup_domain_sid(), replace cli_state_save_tcon()/cli_state_restore_tcon() with cli_state_save_tcon_share()/cli_state_restore_tcon_share().
s3: libsmb: Make cli_state_save_tcon()/cli_state_restore_tcon() static.
s3: libsmb: In cli_list_old_send(), push state->mask into the packet, not just mask.
s3: libsmb: Add cli_dfs_is_already_full_path() function.
s3: libsmb: For SMB2 opens on a DFS share, convert to a DFS path if not already done.
s3: libsmb: Add smb1_dfs_share_path() to convert a name into a DFS path if needed.
s3: libsmb: Fix SMB1 cli_list_trans_send() (SMBtrans2:TRANSACT2_FINDFIRST) to cope with DFS paths.
s3: libsmb: Fix SMB1 cli_list_old_send() to cope with DFS paths.
s3: libsmb: Fix cli_resolve_path() to cope with DFS paths passed in as well as local paths.
s3: smbcacls: Now cli_resolve_path() and cli_list() can handle DFS names we no longer need local_cli_resolve_path().
s3: libsmb: Make cli_setpathinfo_send() (SMBtrans2: TRANSACT2_SETPATHINFO) DFS path aware.
s3: libsmb: In cli_cifs_rename_send() (SMBmv) check for DFS source pathname.
s3: libsmb: In cli_cifs_rename_send() (SMBmv) check for DFS dst pathname.
s3: libsmb: In cli_ntrename_internal_send() (SMBntrename) check for DFS source pathname.
s3: libsmb: In cli_ntrename_internal_send() (SMBntrename) check for DFS dst pathname.
s3: libsmb: In cli_unlink_send() (SMBunlink) check for DFS pathname.
s3: libsmb: In cli_mkdir_send() (SMBmkdir) check for DFS pathname.
s3: libsmb: In cli_rmdir_send() (SMBrmdir) check for DFS pathname.
s3: libsmb: In cli_ntcreate1_send() (SMBntcreateX) check for DFS pathname.
s3: libsmb: In cli_nttrans_create_send() (SMBnttrans:NT_TRANSACT_CREATE) check for DFS pathname.
s3: libsmb: In cli_openx_create() (SMBopenX) check for DFS pathname.
s3: libsmb: In cli_getatr_send() (SMBgetatr) check for DFS pathname.
s3: libsmb: In cli_setatr_send() (SMBsetatr) check for DFS pathname.
s3: libsmb: In cli_chkpath_send() (SMBcheckpath) check for DFS pathname.
s3: libsmb: In cli_ctemp_send() (SMBctemp) check for DFS pathname.
s3: libsmb: In cli_set_ea_path() (SMBtrans2:TRANSACT2_SETPATHINFO) check for DFS pathname.
s3: libsmb: In cli_qpathinfo_send() (SMBtrans2:TRANSACT2_QPATHINFO) check for DFS pathname.
s3: libsmb: In cli_posix_open_internal_send() (SMBtrans2:TRANSACT2_SETPATHINFO) check for DFS pathname.
s3: smbd: Fix memory leak in smbd_server_connection_terminate_done().
s3: torture: Fix test SMB2-DFS-PATHS to pass against Windows server 2022.
s3: smbtorture3: Add new SMB2-DFS-SHARE-NON-DFS-PATH test.
s4: smbtorture: Add fsync_resource_fork test to fruit tests.
s3: VFS: fruit. Implement fsync_send()/fsync_recv().
s3: VFS: vfs_full_audit. Remove SMB_VFS_OP_FSYNC, it no longer exists in sync form.
s4: torture: libsmbclient: Add a torture test to ensure smbc_stat() returns ENOENT on a non-existent file.
s3: libsmbclient: Fix smbc_stat() to return ENOENT on a non-existent file.
s4: torture: Show return value for smbc_getxattr() is incorrect (returns >0 for success, should return zero).
s3: libsmbclient: Fix smbc_getxattr() to return 0 on success.
s4: libcli: Ignore errors when getting A records after fetching AAAA records.
s3: smbd: Add test to show smbd crashes when doing an FSCTL on a named stream handle.
s3: smbd: Always use metadata_fsp() when processing fsctls.
s3: smbd: In synthetic_pathref() change DBG_ERR -> DBG_NOTICE to avoid spamming the logs.
nsswitch: Fix pam_set_data()/pam_get_data() to use pointers to a time_t, not try and embedd it directly.
s4: torture: Add an async SMB2_OP_FLUSH + SMB2_OP_CLOSE test to smb2.compound_async.
s4: torture: Add an async SMB2_OP_FLUSH + SMB2_OP_FLUSH test to smb2.compound_async.
s3: smbd: Add utility function smbd_smb2_is_last_in_compound().
s3: smbd: Cause SMB2_OP_FLUSH to go synchronous in a compound anywhere but the last operation in the list.
s3: smbd: Add SMB2_FILE_POSIX_INFORMATION getinfo info level (100 on the wire).
smbd: Plumb SMB2_FIND_POSIX_INFORMATION through the directory reading code.
s3: tests: Change smb2.compound_async to run against share aio_delay_inject instead of tmp.
s4: torture: Tweak the compound padding basefile test to send 3 reads instead of 2, and check the middle read padding.
s4: torture: Tweak the compound padding streamfile test to send 3 reads instead of 2, and check the middle read padding.
s4: torture: Add compound_async.write_write test to show we don't go async on the last write in a compound.
s4: torture: Add compound_async.read_read test to show we don't go async on the last read in a compound.
s3: smbd: Fix schedule_aio_smb2_write() to allow the last write in a compound to go async.
s3: smbd: Fix schedule_smb2_aio_read() to allow the last read in a compound to go async.
s3: smbd: Make extract_snapshot_token() a wrapper for extract_snapshot_token_internal().
s3: lib: Add new clistr_smb2_extract_snapshot_token() function.
libsmb: Use clistr_smb2_extract_snapshot_token() in cli_smb2_create_fnum_send()
s3: smbtorture: Add SMB2-DFS-FILENAME-LEADING-BACKSLASH test.
s3: smbd: Strip any leading '\\' characters if the SMB2 DFS flag is set.
s3: smbd: SMB1 check_fsp_open() implicitly calls reply_nterror(.., NT_STATUS_INVALID_HANDLE) on error so don't duplicate in reply_close().
s3: smbd: Ensure check_fsp_ntquota_handle() doesn't send SMB1 error packets.
s3: smbd: Move check_fsp_open() and check_fsp() to smb1_reply.c
selftest: Show vfs_virusscanner crashes when traversing a 2-level directory tree.
s3: smbd: Tweak openat_pathref_dirfsp_nosymlink() to NULL out fsp->fsp_name after calling fd_close() on intermediate directories, rather than before.
Jones Syue (2):
s3:smbstatus: go to cmdline_messaging_context_free
s3:utils:mdsearch go to cmdline_messaging_context_free
Joseph Sutton (155):
libcli/smb: Ensure we call tevent_req_nterror() on failure
libcli/smb: Set error status if 'iov' pointer is NULL
schema_samba4.ldif: Allocate previously added OIDs
python:tests: Allocate OID range for testing to avoid collisions
s3:tests: Create test directory and file prior to revoking permissions
s3:tests: Transfer test files into temporary directory
claims.idl: Add claim type definitions
krb5pac.idl: Add definitions for claims PAC buffers
tests/krb5: Add function for creating claims
tests/krb5: Add xpress (de)compression functions
tests/krb5: Check claims buffers
tests/krb5: Allow specifying sname for getting service ticket
tests/krb5: Add claims tests
s3:rpc_server: Fix typo in error message
lib:crypto: Zero auth_tag array in encryption test
s4:torture: Zero samr_UserInfo union in password set test
lib:crypto: Check for overflow before filling pauth_tag array
lib:crypto: Use constant time memory comparison to check HMAC
CVE-2021-20251 lib:crypto: Add des_crypt_blob_16() for encrypting data with DES
CVE-2021-20251 lib:crypto: Add md4_hash_blob() for hashing data with MD4
CVE-2021-20251 lib:crypto: Add Python functions for AES SAMR password change
CVE-2021-20251 tests/krb5: Add tests for password lockout race
CVE-2021-20251 auth4: Detect ACCOUNT_LOCKED_OUT error for password change
CVE-2021-20251 s4-auth: Pass through error code from badPwdCount update
CVE-2021-20251 s4:dsdb: Update bad password count inside transaction
CVE-2021-20251 s4:dsdb: Make badPwdCount update atomic
CVE-2021-20251 s4:kdc: Move logon success accounting code into existing branch
CVE-2021-20251 s4:kdc: Check return status of authsam_logon_success_accounting()
CVE-2021-20251 s4:kdc: Check badPwdCount update return status
CVE-2021-20251 s4-rpc_server: Check badPwdCount update return status
CVE-2021-20251 s4:auth_winbind: Check return status of authsam_logon_success_accounting()
CVE-2021-20251 s3: Ensure bad password count atomic updates for SAMR password change
lib:util: Check memset_s() error code in talloc_keep_secret_destructor()
libcli:auth: Keep passwords from convert_string_talloc() secret
s3:rpc_server: Use BURN_STR() to zero password
CVE-2021-20251 s4-rpc_server: Use authsam_search_account() to find the user
CVE-2021-20251 s4-rpc_server: Use user privileges for SAMR password change
CVE-2021-20251 s4-rpc_server: Extend scope of transaction for ChangePasswordUser3
CVE-2021-20251 dsdb/common: Remove transaction logic from samdb_set_password()
CVE-2021-20251 s3:rpc_server: Split change_oem_password() call out of samr_set_password_aes()
CVE-2021-20251 s3: Ensure bad password count atomic updates for SAMR AES password change
CVE-2020-25720 s4:tests/sec_descriptor: Add missing security descriptor modify
CVE-2020-25720 python:tests: Ensure that access checks don't succeed
CVE-2020-25720 s4/dsdb/util: Add functions for dsHeuristics 28, 29
CVE-2020-25720 pydsdb: Add dsHeuristics constant definitions
CVE-2020-25720 pydsdb: Add AD schema GUID constants
CVE-2020-25720: s4-acl: Move definition of acl_check_self_membership()
CVE-2020-25720 s4:ntvfs: Use se_file_access_check() to check file access rights
CVE-2020-25720 s4-acl: Omit sDRightsEffective for computers unless all rights are granted
CVE-2020-25720 s4:dsdb/descriptor: Validate owner SIDs written to security descriptors
tevent: Fix flag clearing
selftest: Simplify krb5 test environments
pdb_samba_dsdb: Handle dsdb_search_one() errors
python/samba: Fix typos in error messages
pyldb: Have functions operating on DNs raise LdbError
python: Handle LdbError thrown from functions operating on DNs
tests/krb5: Make use of client_opts for TGS-REQs
tests/krb5: Add create_ccache_with_ticket()
s4-auth: Add missing newlines to log messages
lib:krb5_wrap: Use case-sensitive comparison against 'krbtgt'
lib:crypto: Change error return to SMB_ASSERT()
pyldb: Fix tests going unused
pytest: samba-tool: Fix undefined escape sequence
docs-xml: Fix section links
docs-xml: Fix reference to obsolete 'lock spin count' parameter
docs-xml: Remove references to obsolete 'write cache size' parameter
docs-xml: Fix reference to 'read only' parameter
docs-xml: Fix reference to 'wide links' parameter
docs-xml: Fix references to 'encrypt passwords' parameter
docs-xml: 'security = auto' is now the default parameter
docs-xml: Remove reference to invalid 'user' parameter
docs-xml: Remove nested calls to translate()
dbcheck: Fix truncation of warning messages
lib:krb5_wrap: Add helper functions to make krb5_data structure
s4:kdc: Refactor samba_make_krb5_pac()
s4:kdc: Make use of smb_krb5_data_from_blob() helper function
s4:kdc: Don't copy data for empty PAC buffer
pyldb: Fix typos in function names
tests/krb5: Add test requesting a service ticket expiring post-2038
tests/krb5: Add test requesting a TGT expiring post-2038
krb5: Add compatability for krb5_const_pac type
s4-kdc: Fix typo in MIT glue
s4-kdc: Correct MIT talloc ctx names
librpc/ndr: Fix incorrect error string in SID parser
s4-auth: Fix typo in erberos_pac_to_user_info_dc()
s4-auth: Mention correct PAC buffer in error msg
s4-dsdb: Rename user_attrs to attrs to avoid conflict and add static const
s4-dsdb: Make tdo_attrs static const
s4-dsdb: Use a raw python string to avoid creating and invalid escape sequence
s4-dsdb: remove unused Python variables
s4-dsdb: Use Python 'del' rather than assigning over with None
libcli/security: Fix function header comments in SID handling
libcli/security: Make null_sid static const, not just const
s3-utils: Fix typo in error message in net groupmap
s4-dsdb: Remove unused import in token_group python test
s4-dsdb: simplify conditional in python token_group test
s4-dsdb: Remove unused variables in token_group python test
ldb: don't call comparison() directly in LDB_TYPESAFE_QSORT
s4-join: Fix typos in recent GET_ANC patch set
testprogs: fix CVE reference in kpassed test
docs: Fix double-word in "inherit owner" manpage
docs: Fix double-word in "prefork backoff increment"
samba-tool: Fix double-word in samba-tool domain passwordsettings
python: Use list comprehension in string_to_byte_array()
python: Fix invalid escape by using a raw string
python: Remove unused imports in auth_log tests
s4:gensec Avoid memory leak in error case in gensec_gssapi
docs-xml: Fix outdated comment in documentation
CVE-2022-3437 third_party/heimdal: Remove __func__ compatibility workaround
CVE-2022-3437 third_party/heimdal_build: Add gssapi-subsystem subsystem
CVE-2022-3437 s4/auth/tests: Add unit tests for unwrap_des3()
CVE-2022-3437 third_party/heimdal: Use constant-time memcmp() for arcfour unwrap
CVE-2022-3437 third_party/heimdal: Use constant-time memcmp() in unwrap_des3()
CVE-2022-3437 third_party/heimdal: Don't pass NULL pointers to memcpy() in DES unwrap
CVE-2022-3437 third_party/heimdal: Avoid undefined behaviour in _gssapi_verify_pad()
CVE-2022-3437 third_party/heimdal: Check the result of _gsskrb5_get_mech()
CVE-2022-3437 third_party/heimdal: Check buffer length against overflow for DES{,3} unwrap
CVE-2022-3437 third_party/heimdal: Check for overflow in _gsskrb5_get_mech()
CVE-2022-3437 third_party/heimdal: Pass correct length to _gssapi_verify_pad()
third_party/heimdal: Introduce macro for common plugin structure elements
third_party/heimdal_build: Update fallthrough macro for switch statements
build: Remove unused dependencies
wscript: Correctly determine dependencies for system Heimdal build
wafsamba: Have CHECK_C_PROTOTYPE() pass through 'lib' into CHECK_CODE()
krb5: Detect support for krb5_const_pac type
s4-auth: Make PAC parameters const
tests/krb5: Remove unused copy-and-paste remnant
tests/krb5: Remember to pass in expected_groups parameter
tests/krb5: Fix bits_to_etypes() to not fail on Resource SID compression bit
tests/krb5: Allow creating groups with a specified type
tests/krb5: Allow adding multiple members to a group
tests/krb5: Allow creating accounts without Resource SID compression support
tests/krb5: Add (un)expected group parameters to get_service_ticket() and get_tgt()
tests/krb5: Overhaul PAC logon info group checking
tests/krb5: Allow checking domain SID in PAC
tests/krb5: Add tests of PAC group handling
CVE-2022-42898 third_party/heimdal: PAC parse integer overflows
bootstrap: Remove duplicate line from CentOS 8 powertools install
CVE-2022-37966 tests/krb5: Split out _tgs_req() into base class
CVE-2022-37966 tests/krb5: Add 'etypes' parameter to _tgs_req()
CVE-2022-37966 tests/krb5: Add a test requesting tickets with various encryption types
CVE-2022-37967 Add new PAC checksum
CVE-2022-37966 param: Add support for new option "kdc default domain supportedenctypes"
CVE-2022-37966 third_party/heimdal: Fix error message typo
CVE-2022-37966 samba-tool: Fix 'domain trust create' documentation
CVE-2022-37966 samba-tool: Declare explicitly RC4 support of trust objects
CVE-2022-37966 tests/krb5: Test different preauth etypes with Protected Users group
CVE-2022-37966 selftest: Add tests for Kerberos session key behaviour since ENC_HMAC_SHA1_96_AES256_SK was added
CVE-2022-37966 selftest: Run S4U tests against FL2003 DC
CVE-2022-37966 kdc: Assume trust objects support AES by default
lib/talloc: Zero-initialise chunk pointers
lib/tfork: Don't overwrite 'ret' in cleanup phase
s4:rpc_server/dnsserver: Zero-initialise pointers
lib/compression: Fix length check
tests/krb5: Use Python bindings for LZ77+Huffman compression
Jule Anger (5):
VERSION: Bump version up to 4.18.0pre1...
WHATSNEW: Start release notes for Samba 4.18.0pre1.
ldb: change the version to 2.7.0 for Samba 4.18
s3:tests: let smbstatus json tests fail if jq is not installed
manpages: add smbstatus option --json with sample output
Martin Schwenke (25):
ctdb-tests: Reformat script using shfmt -w -p -i 0 -fn
ctdb-tests: Fix typos
ctdb-tests: Simplify IP address checking
ctdb-tests: Avoid shellcheck warnings
ctdb-scripts: Drop assumption that there are VLANs with no '@'
ctdb-tests: Reformat script with "shfmt -w -p -i 0 -fn"
ctdb-tests: Avoid ShellCheck warnings
ctdb-tests: Implement "ip -brief link show" in ip stub
ctdb-scripts: Simplify determination of real interface
ctdb-tests: Avoid shellcheck warnings in remaining test stubs
ctdb-tests: Include eventscript stub commands in shellcheck test
ctdb-tests: Reformat remaining test stubs with "shfmt -w -p -i 0 -fn"
ctdb-build: Use pcap-config when available
ctdb-build: Add --enable-pcap configure option
ctdb-common: Move a misplaced comment
ctdb-common: Do not use raw socket when ENABLE_PCAP is defined
ctdb-common: Fix a warning in the pcap code
ctdb-common: Stop a pcap-related crash on error
ctdb-common: Use pcap_get_selectable_fd()
ctdb-common: Improve/add debug
ctdb-tools: Improve/add debug
ctdb-common: Add packet type detection to pcap-based capture
ctdb-common: Support "any" interface for pcap-based capture
ctdb-common: Support IB in pcap-based capture
ctdb-scripts: Add debugging variable CTDB_KILLTCP_DEBUGLEVEL
Michael Tokarev (1):
Fix spelling mistakes.
Mikhail Novosyolov (1):
manpages: samba-dcerpcd: fix typo (add missing space)
Nadezhda Ivanova (4):
CVE-2020-25720 s4-acl: Test Create Child permission should not allow full write to all attributes
CVE-2020-25720: s4-acl: Change behavior of Create Children check
CVE-2020-25720: s4-acl: Adjusted some tests to work with the new behavior
CVE-2020-25720: s4-acl: Owner no longer has implicit Write DACL
Nicolas Williams (1):
CVE-2022-44640 HEIMDAL: asn1: invalid free in ASN.1 codec
Nikola Radovanovic (1):
samba-tool: Use authentication file to pass credentials
Noel Power (15):
s3/winbindd: Fix bad access to sid array (with debug level >= info)
s3/rpcclient: Duplicate string returned from poptGetArg
s3/param: Fix use after free with popt-1.19
s3/utils: Add missing poptFreeContext
s3/utils: Fix use after free with popt 1.19
s3/utils: Fix use after free with popt 1.19
s4/lib/registry: Fix use after free with popt 1.19
s3/param: Check return of talloc_strdup
s3/utils: Check return of talloc_strdup
s3/utils: check result of talloc_strdup
s4/rpc_server/sambr: don't mutate the return of samdb_set_password_aes
python/samba/tests: fix samba.tests.auth_log_pass_change for later gnutls
s4:lib:tls: Don't negotiate session resumption with session tickets
nsswitch: Fix uninitialized memory when allocating pwdlastset_prelim
python/samba: use s3 param samba config parsing
Pavel Filipenský (39):
s3:include: Fix trailing whitespaces in secrets.h
s3:passdb: Remove unused function secrets_fetch_trust_account_password()
s3:passdb: Remove upgrade support of samba-2.2 style ldap password
s3:passdb: Consolidate error checking in fetch_ldap_pw()
s3:libads: Fix trailing whitespaces in util.c
s3:libsmb: Fix trailing whitespaces in trusts_util.c
lib:util: Add BURN_FREE() and BURN_FREE_STR()
lib:replace: Add macro BURN_STR() to zero memory of a string
lib:util: Zero memory in generate_random_machine_password()
s3:libads: Zero memory in ads_change_trust_account_password()
s3:libsmb: Zero memory in trust_pw_change()
s3:passdb: Zero memory using BURN_FREE() in secrets_fetch_trust_account_password_legacy() and secrets_fetch_domain_info1_by_key()
s3:passdb: Zero memory using BURN_FREE_STR() in secrets_fetch_or_upgrade_domain_info()
s3:passdb: Zero memory using BURN_FREE_STR() in get_trust_pw_hash2()
s3:passdb: Zero password in secrets_{fetch,store}_trusted_domain_password()
s3: Zero memory of idmap_fetch_secret() users
s3:lib: Fix trailing whitespaces in smbldap.c
s3:passdb: Fix trailing whitespaces in pdb_ldap.c
s3:passdb: Zero password in fetch_ldap_pw()
s3:passdb: Zero password in fetch_ldap_pw() callers
s3:passdb: Fix whitespaces in pdb_get_set.c
s3:passdb: Zero memory for plaintext_pw from 'struct samu'
s3:auth: Zero memory in sam_password_ok()
s3:passdb: s/BURN_PTR_SIZE/BURN_STR/ in samu_destroy()
s3:passdb: Zero memory in pdb_set_plaintext_passwd()
s3:passdb: Zero memory in pdb_set_pw_history()
s3:net: Fix trailing whitespace in net.c
s3:passdb: Zero password in secrets_fetch_ipc_userpass()
s3:passdb: Fix possible memory leak in secrets_fetch_ipc_userpass()
s3:net: Zero password in secrets_fetch_ipc_userpass() callers
s3:afs: Zero memory for afs_keyfile
lib:krb5: Change memset() to BURN_PTR_SIZE()
s3:passdb: Zero local memory in secrets_fetch()
s3:passdb: Zero local memory in secrets_domain_info_kerberos_keys()
s3:passdb: Zero secrets_domain_info1_password created via secrets_fetch()
s3:passdb: Zero secrets_domain_info1_password created via secrets_domain_info_password_create()
s3:passdb: Zero sensitive memory in lsa_secret_{set/get}_common()
s3:winbind: Avoid unnecessary locking in wb_parent_idmap_setup_send()
s3:libads: Fix debug message
Philipp Gesang (1):
s3-lib: restore truncating behavior of push_ascii_nstring()
Ralph Boehme (88):
smdb: use fsp_is_alternate_stream() in open_file()
vfs_xattr_tdb: move close_xattr_db()
vfs_xattr_tdb: add a module config
vfs_xattr_tdb: add "xattr_tdb:ignore_user_xattr" option
CI: add a test trying to delete a stream on a pathref ("stat open") handle
smbd: use metadata_fsp() with SMB_VFS_FGET_NT_ACL()
smbd: use metadata_fsp() with SMB_VFS_FSET_NT_ACL()
smbd: use metadata_fsp() with SMB_VFS_FGET_DOS_ATTRIBUTES()
smbd: use metadata_fsp() with SMB_VFS_FSET_DOS_ATTRIBUTES()
smbd: ignore request to set the SPARSE attribute on streams
smbd: use metadata_fsp() in get_acl_group_bits()
smbd: skip access checks for stat-opens on streams in open_file()
vfs_streams_xattr: restrict which fcntl's are allowed on streams
vfs_default: assert all passed in fsp's and names are non-stream type
smbtorture: rename smb2.streams.attributes to smb2.streams.attributes1
smbtorture: add test smb2.stream.attributes2
smbd: add and use vfs_fget_dos_attributes()
smbd: directly pass fsp to SMB_VFS_FGETXATTR() in fget_ea_dos_attribute()
s4/libcli/smb2: avoid using smb2_composite_setpathinfo() in smb2_util_setatr()
smbtorture: check required access for SMB2-GETINFO
smbd: implement access checks for SMB2-GETINFO as per MS-SMB2 3.3.5.20.1
smbd: add missing check for IPC share for TRANS2_GET_DFS_REFERRAL
smbtorture: close handle and delete file in tree_base()
smbtorture: turn maximum_allowed test into a test suite
smbtorture: add a test opening a READ-ONLY file with SEC_FLAG_MAXIMUM_ALLOWED
smbd: remove const from smb_fname arg of set_ea_dos_attribute()
smbd: update smb_fname->st btime with the rounded value with NTTIME granularity
smbd: cache DOS attributes in struct smb_filename.cached_dos_attributes
smbd: fix opening a READ-ONLY file with SEC_FLAG_MAXIMUM_ALLOWED
smbtorture: add a test trying to create a stream on share without streams support
smbd: return NT_STATUS_OBJECT_NAME_INVALID if a share doesn't support streams
vfs_fruit: add missing calls to tevent_req_received()
net: use correct printf format, fi3_id is an uint32_t
torture: add a test trying to set FILE_ATTRIBUTE_TEMPORARY on a directory
smbd: reject FILE_ATTRIBUTE_TEMPORARY on directories
smbd: factor out reference_smb_fname_fsp_link() from parent_pathref()
smbd: use reference_smb_fname_fsp_link() in rename_internals_fsp()
smbd: add fsp_search_ask_sharemode() and fsp_getinfo_ask_sharemode()
smbd: use fsp_search_ask_sharemode() and fsp_getinfo_ask_sharemode()
smbd: use fsp_getinfo_ask_sharemode() in open_file_ntcreate()
s3/locking: Revert "s3:locking: Remove dead code"
smbd: debug in smbd_smb2_close_send()
g_lock: check for zero timeout in g_lock_lock()
smbd: introduce 'delete_on_close' helper variables
lib/cmdline/tests: add missing includes
vfs_zfsacl: remove unused function
vfs_zfsacl: fix mixed declaration and code error
s4:torture: remove remaining checks if alloc_size is 0 on empty files
torture: add another simple DOS attributes test
torture: increase find buffer to 1 MB in multiple_smb2_search()
torture: print duration of smb2.dir.test_large_files
torture: add another large directory enumeration performance test
lib/torture: fix tctx arg usage in torture_assert_nttime_equal() macro
torture: add a test veryfing timestamps across rename
smbd: remove oplock paranoia check from file_find_dif()
torture: add an interactive test that works out maximum name and path lenghts
torture: convert mangling test to a suite
torture: test that a find with a mangled name works
CVE-2022-38023 docs-xml: improve wording for several options: "takes precedence" -> "overrides"
CVE-2022-38023 docs-xml: improve wording for several options: "yields precedence" -> "is over-riden"
lib/util: add process_set_title()
smbd: prepare smbd for calling setproctitle()
lib/util: use process_set_title() in tfork()
s4/samba: use process_set_title()
winbindd: Use process_set_title() instead of setproctitle()
smbd: explicitly call process_set_title()
smbd: remove process shortname arg from smbd_reinit_after_fork()
smbd: remove process shortname arg from reinit_after_fork()
smbd: set long process name of smbd child processes to "smbd: <CLIENT IP>"
tests: add a Python test for case insensitive access
winbindd: do an early exit in cm_open_connection()
winbindd: simplify find_new_dc()
winbindd: simplify cm_open_connection()
winbindd: More simplification of cm_open_connection()
winbindd: Add force_dc to bypass cached connection and DC lookup
winbindd: add dcname arg to ChangeMachineAccount request
libwbclient: add wbc[Ctx]ChangeTrustCredentialsAt()
wbinfo: Add --change-secret-at=dcname
CI: join ad_member_s3_join to vampire_dc
CI: add a test for wbinfo --change-secret-at=DC
libreplace: update comment on __thread support
libreplace: require TLS support if pthread support is available
nsswitch/stress-nss-libwbclient: also test after fork
nsswitch: prepare for removing global locking by using TLS
nsswitch: leverage TLS if available in favour over global locking
nsswitch: remove winbind_nss_mutex
nsswitch: avoid calling pthread_getspecific() on an uninitialized key
CI: add a test for @GMT mask in SMB1 find
Samuel Cabrero (10):
bootstrap: Update to openSUSE 15.4
CVE-2022-38023 s3:rpc_server/netlogon: 'server schannel != yes' warning to dcesrv_interface_netlogon_bind
CVE-2022-38023 selftest:Samba3: avoid global 'server schannel = auto'
CVE-2022-38023 s4:rpc_server:wscript: Reformat following pycodestyle
CVE-2022-38023 s4:rpc_server/netlogon: Move schannel and credentials check functions to librpc
CVE-2022-38023 s3:rpc_server/netlogon: Use dcesrv_netr_creds_server_step_check()
CVE-2022-38023 s3:rpc_server/netlogon: make sure all _netr_LogonSamLogon*() calls go through dcesrv_netr_check_schannel()
CVE-2022-38023 s3:rpc_server/netlogon: Check for global "server schannel require seal"
CVE-2022-38023 docs-xml/smbdotconf: The "server schannel require seal[:COMPUTERACCOUNT]" options are also honoured by s3 netlogon server.
CVE-2022-38023 s3:rpc_server/netlogon: Avoid unnecessary loadparm_context allocations
Saurabh Singh (1):
Cleanup and bug fixes in vxfs vfs code.
Stefan Metzmacher (257):
s3:include: remove unused update_stat_ex_file_id() prototype
smbd: avoid calling SMB_VFS_FGET_NT_ACL() if do_not_check_mask already covers all
s3:g_lock: use TDB_VOLATILE to avoid fcntl locks
s4:param: add --option="libsmb:client_guid=6112f7d3-9528-4a2a-8861-0ca129aae6c4" support...
s4:torture/smb2: teach smb2.bench.path-contention-shared about --option="torture:qdepth=4"
s4:torture/smb2: add smb2.bench.echo
s3:tests: add a lot more tests to test_symlink_traversal_smb2.sh
wafsamba: allow cflags for CHECK_TYPE[_IN]()
vfs_io_uring: hide a possible definition of struct open_how in liburing/compat.h
vfs_btrfs: fix include order, includes.h or replace.h should be first
lib/replace: add a replacement for openat2() that returns ENOSYS
lib/replace: always include <sys/syscall.h> in replace.c if available
lib/replace: use syscall(__NR_openat2) if available
lib/replace: add fallback defines for __NR_openat2
lib/replace: let DISABLE_OPATH also undef __NR_openat2
s3:smbd: let openat_pathref_dirfsp_nosymlink() do a verification loop against . and .. first
s3:smbd: let openat_pathref_dirfsp_nosymlink() handle ELOOP similar to ENOTDIR
vfs_default: prepare O_PATH usage with openat2()
selftest/Samba3: let nt4_dc* use vfs_default:VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS=no
s3:vfs.h: add comment about VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS
s3:vfs.h: change SMB_VFS_INTERFACE_VERSION to 48 for 4.18
s3:smbd: share_mode_flags_set() takes SMB2_LEASE_* values
s4:torture/smb2: add smb2.lease.v[1,2]_bug_15148
s3:smbd: only clear LEASE_READ if there's no read lease is left
lib/util: add unlikely() to SMB_ASSERT()
s3:g_lock: add some const to the shared array passed via g_lock_dump*()
s3:g_lock: avoid useless talloc_array(0) in g_lock_dump()
s3:smbd: only run validate_oplock_types() with smbd:validate_oplock_types = yes
s3:locking: pass lease_key explicitly to set_share_mode()
s3:locking: move get_existing_share_mode_lock() to share_mode_lock.[ch]
s3:smbd: inline fsp_lease_type_is_exclusive() logic into contend_level2_oplocks_begin_default
s3:smbd: lease_match_break_fn() only needs leases_db_get() once
s3:smbd: let delay_for_oplock_fn() only call leases_db_get() once
s3:tests: let test_smbXsrv_client_dead_rec.sh cleanup the correct files
s3:tests: add test_smbXsrv_client_cross_node.sh
smbXsrv_client: correctly check in negotiate_request.length smbXsrv_client_connection_pass[ed]_*
smbXsrv_client: notify a different node to drop a connection by client guid.
s3:libads: split out ads_fill_cldap_reply() out of ads_try_connect()
s3:libads: let cldap_ping_list() use cldap_multi_netlogon()
s3:torture: fix strict aliasing warnings in cmd_vfs.c
s3:locking: remove unused NO_LOCKING_COUNT
s3:locking: let reset_share_mode_entry() report errors to the caller
s3:smbd: let lease_match() call TALLOC_FREE(lck); on error
s3:g_lock: fix error handling in g_lock_watch_data_send()
s3:smbd: let smbXsrv_{session,tcon,open}_global.tdb use TDB_VOLATILE
s3:open_files.idl: add share_mode_entry_op_type
s3:locking: log all locking_tdb_data_{get,fetch}() errors at level 0
s3:locking: log all g_lock_writev_data() errors at level 0
s3:locking: let fsp_update_share_mode_flags() log all errors at level 0
s3:locking: log g_lock_locks() error at level 0
s3:locking: log add locking_tdb_data_store() errors at level 0
s3:locking: log g_lock_dump() error in locking_tdb_data_fetch() at level 0
s3:locking: let set_delete_on_close_lck() log errors and panic
s3:locking: let share_mode_forall_leases() log all errors at level 0
s3:locking: log all share_mode_forall_entries() errors at level 0
s3:locking: change some debug messages to level unless we got NT_STATUS_NOT_FOUND
s3:locking: introduce share_mode_data->not_stored
s3:locking: split out share_mode_data_ltdb_store()
s3:locking: let share_mode_forall_entries() call TALLOC_FREE(ltdb)
s3:locking: replace locking_tdb_data_store() with share_mode_data_ltdb_store()
s3:locking: move fsp_update_share_mode_flags* related functions further down
s3:locking: just use g_lock_dump() for fsp_update_share_mode_flags()
s3:smbd: move locking related vfs functions to smbd/vfs.c
s3:smbd: move VFS_FIND() to smbd/vfs.c
s3:smbd: add helpers to deny vfs calls in some sections
s3:smbd: add smb_vfs_assert_allowed() to kernel oplock code
s3:locking: add share_mode_do_locked_vfs_{denied,allowed}()
s3:smbd: protect smbd_do_unlocking() with share_mode_do_locked_vfs_allowed()
s3:locking: protect do_lock() with share_mode_do_locked_vfs_allowed()
s3:locking: make share_mode_do_locked() static
s3:locking: let share_mode_wakeup_waiters() use share_mode_do_locked_vfs_denied()
s3:locking: add share_mode_lock_access_private_data()
s3:locking: let rename_share_filename_state maintain a struct share_mode_data pointer
s3:locking: make use of share_mode_lock_access_private_data() in rename_share_filename()
s3:locking: add share_mode_lock_file_id()
s3:locking: let remove_lease_if_stale() use share_mode_lock_file_id()
s3:locking: let reset_delete_on_close_lck() use share_mode_lock_access_private_data()
s3:locking: let set_delete_on_close_lck() use share_mode_lock_access_private_data()
s3:locking: let get_delete_on_close_token() use share_mode_lock_access_private_data()
s3:locking: let is_delete_on_close_set() use share_mode_lock_access_private_data()
s3:locking: let set_sticky_write_time() use share_mode_lock_access_private_data()
s3:locking: let set_write_time() use share_mode_lock_access_private_data()
s3:locking: let get_share_mode_write_time() use share_mode_lock_access_private_data()
s3:locking: add and use share_mode_lock_assert_private_data()
s3:locking: make use of share_mode_lock_file_id() in share_mode_watch_send()
s3:locking: make use of share_mode_lock_access_private_data() in share_mode_forall_entries()
s3:locking: pass struct share_mode_data to share_mode_entry_do()
s3:locking: make use of share_mode_lock_access_private_data() in reset_share_mode_entry()
s3:locking: make 'struct share_mode_lock' private to share_mode_lock.c
s3:smbd: move get_existing_share_mode_lock() into setup_poll_open()
s3:smbd: let setup_poll_open() use share_mode_do_locked_vfs_denied()
s3:locking: add share_mode_set_{changed,old}_write_time() helpers
s3:locking: make use of new share_mode_set_{changed,old}_write_time() helpers
s3:locking: let set_delete_on_close() use share_mode_do_locked_vfs_denied()
s3:smbd: let lease_match() use share_mode_do_locked_vfs_denied()
s3:locking: make use of share_mode_do_locked_vfs_denied() in file_has_open_streams()
s3:locking: make use of share_mode_do_locked_vfs_denied() in set_write_time()
s3:locking: make use of share_mode_do_locked_vfs_denied() in set_sticky_write_time()
s3:smbd: let update_write_time_on_close() use share_mode_{old,changed}_write_time()
s3:smbd: let update_write_time_on_close() use share_mode_do_locked_vfs_denied()
s3:smb2_trans2: make use of share_mode_do_locked_vfs_allowed() in smb_posix_unlink()
s3:locking: move from uint8_t share_mode_lock_key_data[] to struct file_id
s3:locking: remove static_share_mode_data_refcount
s3:locking: split out get_share_mode_lock_internal()
s3:locking: split out put_share_mode_lock_internal()
s3:locking: let _share_mode_do_locked_vfs_* use get/put_share_mode_lock_internal
s3:dbwrap_watch: let dbwrap_watched_watch_skip_alerting() also clear the selected watcher
s3:dbwrap_watch: add dbwrap_watched_watch_reset_alerting() helper
s3:dbwrap_watch: add dbwrap_watched_watch_force_alerting()
lib/dbwrap: allow dbwrap_merge_dbufs() to update an existing buffer
s3:g_lock: reorder the logic in g_lock_lock_simple_fn()
s3:g_lock: add g_lock_lock_cb_state infrastructure
s3:g_lock: add g_lock_ctx->busy and assert it to false
s3:g_lock: remove redundant code in g_lock_trylock()
s3:g_lock: reorder the logic in g_lock_trylock()
s3:g_lock: add callback function to g_lock_trylock()
s3:g_lock: add callback function to g_lock_lock_simple_fn()
s3:g_lock: add callback function to g_lock_lock_send()
s3:g_lock: add callback function to g_lock_lock()
s3:locking: add current_share_mode_glck helper functions
s3:locking: optimize share_mode_do_locked_vfs_denied() with g_lock_lock callback
s3:locking: add share_mode_entry_prepare_{lock,unlock}() infrastructure
s3:smbd: add more detailed debugging to delay_for_oplock()
s3:smbd: move grant_fsp_lease()/set_file_oplock() out of delay_for_oplocks()
s3:smbd: move grant_fsp_lease()/set_file_oplock() out of handle_share_mode_lease()
s3:smbd: call grant_fsp_lease() after set_share_mode()
s3:smbd: call set_file_oplock() after set_share_mode()
s3:smbd: prepare delay_for_oplock() for directories
s3:smbd: also call handle_share_mode_lease for directories
s3:smbd: split out check_and_store_share_mode()
s3:smbd: maintain all SHARE_MODE_LEASE_* flags not only _READ
s3:smbd: remove static from release_file_oplock()
s3:smbd: let close_directory() hold the lock during delete_all_streams/rmdir_internals
s3:smbd: improve !delete_file logic in close_remove_share_mode()
s3:smbd: let close_directory() use the same delete_dir logic as close_remove_share_mode()
s3:smbd: remove one indentation level in close_directory()
s3:smbd: let close_directory() only change the user if needed
s3:smbd: avoid remove_oplock() in close_remove_share_mode()
s3:smbd: split out some generic code from close_remove_share_mode()
s3:smbd: make use of close_share_mode_lock_{prepare,cleanup}() in close_directory()
s3:smbd: make use of share_mode_entry_prepare_{lock_del,unlock}() in close_{remove_share_mode,directory}()
s3:smbd: let open_file_ntcreate() calculate info = FILE_WAS_* before get_share_mode_lock()
s3:smbd: make use of share_mode_entry_prepare_{lock_add,unlock}() in open_{file_ntcreate,directory}()
s3:locking: remove unused get_share_mode_lock()
smbXsrv_client: ignore NAME_NOT_FOUND from smb2srv_client_connection_passed
smbXsrv_client: fix a debug message in smbXsrv_client_global_verify_record()
smbXsrv_client: call smb2srv_client_connection_{pass,drop}() before dbwrap_watched_watch_send()
smbXsrv_client: make sure we only wait for smb2srv_client_mc_negprot_filter once and only when needed
smbXsrv_client: handle NAME_NOT_FOUND from smb2srv_client_connection_{pass,drop}()
s4:messaging: add imessaging_init_discard_incoming()
s3:auth_samba4: make use of imessaging_init_discard_incoming()
s4:messaging: let imessaging_client_init() use imessaging_init_discard_incoming()
lib/tsocket: split out tsocket_bsd_error() from tsocket_bsd_pending()
lib/tsocket: check for errors indicated by poll() before getsockopt(fd, SOL_SOCKET, SO_ERROR)
lib/tsocket: remember the first error as tstream_bsd->error
lib/tsocket: avoid endless cpu-spinning in tstream_bsd_fde_handler()
s4:ldap_server: let ldapsrv_call_writev_start use conn_idle_time to limit the time
lib/krb5_wrap: remove unused keep_old_entries argument from smb_krb5_kt_add_entry()
lib/krb5_wrap: remove unused keep_old_entries argument from smb_krb5_kt_seek_and_delete_old_entries()
lib/krb5_wrap: document the enctype argument of smb_krb5_kt_seek_and_delete_old_entries()
s3:libads: ads_keytab_flush() doesn't need a valid kvno
lib/krb5_wrap: add explicit keep_old_kvno/enctype_only args to smb_krb5_kt_seek_and_delete_old_entries()
s3:libads: add ads_keytab_delete_entry()
s3:util: add 'net ads keytab delete'
testprogs/blackbox: let test_net_ads.sh consistently use the tmp WORKDIR
testprogs/blackbox: fix prinicple => principal in test_net_ads.sh
testprogs/blackbox: add 'net ads keytab delete' tests to test_net_ads.sh
s4:kdc: pass client_claims, device_info, device_claims into samba_make_krb5_pac()
s4:kdc: fetch client_claims_blob from samba_kdc_get_pac_blobs()
s4:kdc: add initial support for compound claims
lib/replace: fix memory leak in snprintf replacements
CVE-2021-20251: s4:auth: fix use after free in authsam_logon_success_accounting()
s4:messaging: add irpc_bh_do_ndr_print() in order to debug irpc calls
s4:kdc: make sure reset_bad_password_netlogon() stops subreq before return
s3:locking: relax __SHARE_MODE_LOCK_SPACE check for 32bit platforms
lib/replace: let rep_openat2() inject O_LARGEFILE as needed
third_party: Update socket_wrapper to version 1.3.5
CVE-2022-42898: HEIMDAL: lib/krb5: fix _krb5_get_int64 on systems where 'unsigned long' is just 32-bit
selftest: samba-ktest-mit also needs $ENV{KRB5RCACHETYPE} = "none"
selftest: add --default-ldb-backend option
gitlab-ci: do some basic testing on ubuntu1804-32bit
vfs: fix the build of nfs4acl_xattr_ without rpc/xdr.h support
s3:locking: re-add saved_errno handling to fd_close_posix()
s3:locking: split out del_share_mode_open_id()
CVE-2022-38023 libcli/auth: pass lp_ctx to netlogon_creds_cli_set_global_db()
CVE-2022-38023 libcli/auth: add/use netlogon_creds_cli_warn_options()
CVE-2022-38023 s3:net: add and use net_warn_member_options() helper
CVE-2022-38023 s3:winbindd: also allow per domain "winbind sealed pipes:DOMAIN" and "require strong key:DOMAIN"
CVE-2022-38023 docs-xml/smbdotconf: change 'reject md5 servers' default to yes
CVE-2022-38023 s4:rpc_server/netlogon: 'server schannel != yes' warning to dcesrv_interface_netlogon_bind
CVE-2022-38023 s4:rpc_server/netlogon: add a lp_ctx variable to dcesrv_netr_creds_server_step_check()
CVE-2022-38023 s4:rpc_server/netlogon: add talloc_stackframe() to dcesrv_netr_creds_server_step_check()
CVE-2022-38023 s4:rpc_server/netlogon: re-order checking in dcesrv_netr_creds_server_step_check()
CVE-2022-38023 s4:rpc_server/netlogon: improve CVE-2020-1472(ZeroLogon) debug messages
CVE-2022-38023 selftest:Samba4: avoid global 'server schannel = auto'
CVE-2022-38023 s4:torture: use NETLOGON_NEG_SUPPORTS_AES by default
CVE-2022-38023 s4:rpc_server/netlogon: split out dcesrv_netr_ServerAuthenticate3_check_downgrade()
CVE-2022-38023 s4:rpc_server/netlogon: require aes if weak crypto is disabled
CVE-2022-38023 docs-xml/smbdotconf: change 'reject md5 clients' default to yes
CVE-2022-38023 s4:rpc_server/netlogon: defer downgrade check until we found the account in our SAM
CVE-2022-38023 s4:rpc_server/netlogon: add 'server reject md5 schannel:COMPUTERACCOUNT = no' and 'allow nt4 crypto:COMPUTERACCOUNT = yes'
CVE-2022-38023 docs-xml/smbdotconf: document "allow nt4 crypto:COMPUTERACCOUNT = no"
CVE-2022-38023 docs-xml/smbdotconf: document "server reject md5 schannel:COMPUTERACCOUNT"
CVE-2022-38023 s4:rpc_server/netlogon: debug 'reject md5 servers' and 'allow nt4 crypto' misconfigurations
CVE-2022-38023 selftest:Samba4: avoid global 'allow nt4 crypto = yes' and 'reject md5 clients = no'
CVE-2022-38023 s4:rpc_server/netlogon: split out dcesrv_netr_check_schannel() function
CVE-2022-38023 s4:rpc_server/netlogon: make sure all dcesrv_netr_LogonSamLogon*() calls go through dcesrv_netr_check_schannel()
CVE-2022-38023 docs-xml/smbdotconf: add "server schannel require seal[:COMPUTERACCOUNT]" options
CVE-2022-38023 s4:rpc_server/netlogon: add a per connection cache to dcesrv_netr_check_schannel()
CVE-2022-38023 s4:rpc_server/netlogon: implement "server schannel require seal[:COMPUTERACCOUNT]"
CVE-2022-38023 testparm: warn about server/client schannel != yes
CVE-2022-38023 testparm: warn about unsecure schannel related options
CVE-2022-37966 docs-xml/smbdotconf: "kerberos encryption types = legacy" should not be used
CVE-2022-37966 testparm: warn about 'kerberos encryption types = legacy'
CVE-2022-37966 libcli/auth: let netlogon_creds_cli_warn_options() about "kerberos encryption types=legacy"
CVE-2022-37966 s4:kdc: also limit the krbtgt history to their strongest keys
CVE-2022-37966 wafsamba: add support for CHECK_VARIABLE(mandatory=True)
CVE-2022-37966 system_mitkrb5: require support for aes enctypes
CVE-2022-37966 lib/krb5_wrap: remove unused ifdef HAVE_ENCTYPE_AES*
CVE-2022-37966 s3:libads: remove unused ifdef HAVE_ENCTYPE_AES*
CVE-2022-37966 s3:libnet: remove unused ifdef HAVE_ENCTYPE_AES*
CVE-2022-37966 s3:net_ads: remove unused ifdef HAVE_ENCTYPE_AES*
CVE-2022-37966 lib/krb5_wrap: no longer reference des encryption types
CVE-2022-37966 s3:libads: no longer reference des encryption types
CVE-2022-37966 s3:libnet: no longer reference des encryption types
CVE-2022-37966 s3:net_ads: no longer reference des encryption types
CVE-2022-37966 s3:net_ads: let 'net ads enctypes list' pretty print AES256-SK and RESOURCE-SID-COMPRESSION-DISABLED
CVE-2022-37966 s4:pydsdb: add ENC_HMAC_SHA1_96_AES256_SK
CVE-2022-37966 s4:kdc: use the strongest possible keys
CVE-2022-37966 drsuapi.idl: add trustedDomain related ATTID values
CVE-2022-37966 s4:libnet: initialize libnet_SetPassword() arguments explicitly to zero by default.
CVE-2022-37966 s4:libnet: add support LIBNET_SET_PASSWORD_SAMR_HANDLE_18 to set nthash only
CVE-2022-37966 s4:libnet: allow python bindings to force setting an nthash via SAMR level 18
CVE-2022-37966 python:tests/krb5: fix some tests running against Windows 2022
CVE-2022-37966 python:tests/krb5: allow ticket/supported_etypes to be passed KdcTgsBaseTests._{as,tgs}_req()
CVE-2022-37966 python:tests/krb5: ignore empty supplementalCredentials attributes
CVE-2022-37966 python:tests/krb5: add 'force_nt4_hash' for account creation of KDCBaseTest
CVE-2022-37966 python:tests/krb5: add better PADATA_SUPPORTED_ETYPES assert message
CVE-2022-37966 python:tests/krb5: test much more etype combinations
CVE-2022-37966 s4:kdc: announce PA-SUPPORTED-ETYPES like windows.
CVE-2022-37966 param: don't explicitly initialize "kdc force enable rc4 weak session keys" to false/"no"
CVE-2022-37966 param: let "kdc default domain supportedenctypes = 0" mean the default
CVE-2022-37966 param: Add support for new option "kdc supported enctypes"
CVE-2022-37966 s4:kdc: apply restrictions of "kdc supported enctypes"
CVE-2022-37966 samba-tool: add 'domain trust modify' command
CVE-2022-37966 python:/tests/krb5: call sys.path.insert(0, "bin/python") before any other imports
s4:libnet: fix error string for failing samr_ChangePasswordUser4()
s4:libnet: correctly handle gnutls_pbkdf2() errors
smbd/locking: make use of the same tdb hash_size and flags for all SMB related tdb's
selftest: add samba3.blackbox.registry_share
s3:rpc_server/srvsvc: make sure we (re-)load all shares as root.
Happy New Year 2023!
s4:lib/messaging: fix interaction between imessaging_context_destructor and irpc_destructor
third_party: Update socket_wrapper to version 1.4.0
third_party: Update uid_wrapper to version 1.3.0
bootstrap: Update to Ubuntu 22.04 as base default OS
talloc: version 2.4.0
Sushmita Bhattacharya (1):
Fix memleak in _nss_winbind_initgroups_dyn
Volker Lendecke (316):
smbd: Use dirfsp where we have it
smbstatus: Fix the 32-bit build on FreeBSD
vfs: define VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS
s3:smbd: let openat_pathref_dirfsp_nosymlink() try VFS_OPEN_HOW_RESOLVE_NO_SYMLINKS first
vfs_default: Use openat2(RESOLVE_NO_SYMLINKS) if available
vfs_gpfs: Prevent mangling of GPFS timestamps after 2106
lib: Map ERANGE to NT_STATUS_INTEGER_OVERFLOW
libsmbclient: Fix a typo
smbd: Adapt a call to setup_dfs_referral() to README.Coding
vfs: Fix a copy&paste error
dfs_server: Fix typos
lib: Fix a typo
smbd: Save a line with tevent_req_nomem()
examples: Make libsmbclient samples look a *bit* less ugly
smbd: Adapt np_[read|write]_send() to more recent tevent_req conventions
libsmb: Slightly simplify SMBC_parse_path()
libsmb: Fix a typo
libsmb: Tab-indent SMBC_module_[init|terminate]()
examples: A tiny bit of README.Coding for teststat.c
libsmb: Move static strings to the .text segment
smbd: Modernize DBG statements in open_fake_file()
lib: Fix a typo
libsmb: Add tevent_req_received() to cli_posix_readlink_recv()
libsmb: Save a few lines in cli_unix_extensions_version()
libsmb: Correctly return ioctl error from cli_readlink()
libsmb: Remove map_fnum_to_smb2_handle() from cli_smb2_getatr()
libsmb: Remove map_fnum_to_smb2_handle() from cli_smb2_qpathinfo2()
libsmb: Remove unused code
libsmb: Remove cli_full_connection_creds_sess_start()
libsmb: Introduce helper var to cli_tree_connect_*_done()
smbXcli: Pass negotiate contexts through smbXcli_negprot_send/recv
smbd: Introduce "conn" helper var in smbd_smb2_create_after_exec()
smbd: Convert smb2_posix_cc_info() to use an existing blob
smbd: Convert store_smb2_posix_info() to use an existing blob
smbXcli: Detect the SMB311 posix negotiate context
libsmb: Allow to request SMB311 posix in source3/libsmb
pylibsmb: Allow requesting Posix extensions
pylibsmb: Add "have_posix" function
param: Add "smb3 unix extensions"
tests: Add smb3 posix negotiate tests
libsmb: Allow smb2 neg ctx in cli_full_connection_creds_send()
pylibsmb: Allow passing negotiate contexts
tests: Test invalid smb3 unix negotiate contexts
pylibsmb: Add smb2 create tag strings
pylibsmb: Add create_ex()
smbd: Introduce helper var in smbd_smb2_create_fetch_create_ctx()
smbd: Handle SMB2_CREATE_TAG_POSIX at the smb2 layer
tests: Test basic handling of SMB2_CREATE_TAG_POSIX
smbd: Catch streams on non-stream shares
smbd: Save a few lines by using tevent_req_nterror()'s retval
librpc: Simplify ndr_size_dom_sid28()
librpc: Simplify ndr_size_dom_sid28()
ldb: Fix a typo
ldb: Fix a typo
smbtorture3: Avoid an "else"
smbd: Shorten long lines
smbd: Remove unused variables
torture3: Remove an unused variable
smbd: Remove an unused variable
torture3: Pass NULL to ReadDirName
ntlm_auth: Remove an unused #include
vfs: Add dirfsp to connectpath_fn()
shadow_copy2: Use dirfsp for connectpath
shadow_copy2: Use dirfsp if it's around
smbd: Slightly simplify non_widelink_open()
smbd: Make readlink_talloc() public
smbd: Rewrite non_widelink_open()
smbd: Remove non_widelink_open() support code
shadow_copy2: Remove an intermediate if-statement
libsmb: Use tevent_req_nterror()'s retval
vfs: Avoid a talloc in vfswrap_parent_pathname()
vfs: Simplify vfswrap_parent_pathname()
registry3: Remove some unused functions
registry3: Move registry_value_cmp() to its only user
source3: A few whitespace fixes
shadow_copy2: Avoid a few ZERO_STRUCT()s
shadow_copy2: Don't implicitly return memory off talloc_tos()
smbd: Use PATH_MAX as symlink target buffer
smbd: Fix a typo
streams_xattr: Avoid a talloc_strdup
vfs: Simplify xattr_tdb_mkdirat()
lib: Move extract_snapshot_token() to util_path.c
lib: Add separator argument to find_snapshot_token()
libsmb: Use find_snapshot_token() for clistr_is_previous_version_path()
vfs_gpfs: Protect against timestamps before the Unix epoch
vfs: Fix a typo
torture3: Align integer types
python: whitespace fixes
smbXcli: Align smb2cli_req_create() with tevent_req conventions
libsmb: Centralize the SMB2 protocol check
libsmb: Add cli_smb2_fsctl_send/recv
libsmb: Add cli_fsctl_send/recv
libsmb: Convert cli_readlink() to cli_fsctl_send/recv
libsmb: Remove unused cli_smb2_get_reparse_point_fnum_send/recv
libsmb: Convert cli_symlink to cli_fsctl
libsmb: Remove unused cli_smb2_set_reparse_point_fnum_send/recv
libsmb: Fix the smbclient readlink command
ctdb: Fix a use-after-free in run_proc
full_audit: whitespace fixes
vfs-docs: Fix the list of full_audit operations
CVE-2022-3592 smbd: No empty path components in openat_pathref_dirfsp_nosymlink()
CVE-2022-3592 torture3: Show that our symlink traversal checks are insecure
CVE-2022-3592 lib: lib/util/fault.h requires _SAMBA_DEBUG_H for SMB_ASSERT()
CVE-2022-3592 lib: Move subdir_of() to source3/lib/util_path.c
CVE-2022-3592 smbd: Slightly simplify filename_convert_dirfsp()
smbd: Remove a comment left by copy&paste
smbd: Remove "link_depth" parameter from non_widelink_open()
smbd: Cut long lines
torture3: Fix an error message
gensec: Align an integer type
lib: Remove two unused macros
lib: Avoid an includes.h
pyrpc4: Simplify py_ndr_syntax_id() with GUID_buf_string()
librpc: Add a pair of {}
librpc: Fix a typo
librpc: Align integer types
librpc: Avoid an else
lib: Avoid an #include includes.h
lib: Avoid an #include includes.h
rpc_server: Remove an unneeded #include
ntvfs: Remove orphans from 2006
lib: Whitespace fixes
tests: Rename python/samba/tests/libsmb.py
tests: Factor out libsmb environment setup
tests: Use samba.tests.libsmb.LibsmbTests in libsmb-basic.py
tests: Use samba.tests.libsmb.LibsmbTests in smb3unix.py
smbd: Apply some const to a variable that's never changed
pylibsmb: Simplify py_cli_create_contexts()
pylibsmb: Simplify py_cli_create_returns()
heimdal: Fix the 32-bit build on FreeBSD
torture3: Fix a copy&paste error and a typo
torture3: Run the "hidenewfiles" test against SMB2
torture: Show that "hide new files timeout" also hides directories
smbd: Don't hide directories with "hide new files timeout"
smbd: Some whitespace fixes
smbd: Add "server addresses" parameter
lib: Add lp_allow_local_address()
smbd: Implement "server addresses" for tree connect
srvsvc: Only list shares in "server addresses"
testprogs: Add testit_grep_count() helper
testprogs: Fix testit_expect_failure_grep()
torture: Test the "server addresses" parameter
pam_winbind: Fix a memleak
lib: Make lib/util/iov_buf.h self-contained
libcli: Make "attr_strs" static
idl: Fix whitespace
lib: Whitespace fixes
pylibsmb: Add template code
libsmb: Fix removing a rogue reparse point
libsmb: Fix cli_smb2_fsctl_recv()
libsmb: Fix cli_fsctl()
libsmb: Add "DOMAIN" to authentication creds
tests: Fix an incorrect comment
smbd: Factor out safe_symlink_target_path()
smbd: Pass error_context_count through smbd_smb2_request_error_ex()
smbd: Pass unparsed_path_length to symlink_reparse_buffer_marshall()
libsmb: Keep name_utf16 around in smb2cli_create()
libsmb: Parse the smb2 symlink error response in smb2cli_create()
libsmb: Return symlink error struct from smb2cli_create_recv()
libsmb: Pass symlink error up through cli_smb2_create_fnum_recv()
pylibsmb: Pass symlink error to create_ex exception
pylibsmb: Add smb1_posix() to request smb1 posix extensions
pylibsmb: Add smb1_readlink()
pylibsmb: Add smb1_symlink()
pylibsmb: Add create options
pylibsmb: Add fsctl()
libsmb: Factor out reparse_buffer_marshall from symlink_reparse_buffer_marshall()
libcli: Add python wappers to reparse_symlink.c
pylibsmb: Add FSCTL codes
pylibsmb: Add CreateDisposition values
pylibsmb: Add protocol()
tests: Start testing reparsepoints
tests: Add nosymlinks_smb1allow share
tests: Start testing smb2 symlink error returns
smbd: Allow POSIX getinfo levels for smb3 unix extensions
tests: IO_REPARSE_TAG_NOT_HANDLED is acceptable for unlink
tests: Show that a directory with a reparse point can't be populated
tests: Show that we can write to a reparse point file
tests: Fix use of self.assertRaises()
lib: Add symlink trust flags from dochelp
pylibsmb: Add symlink flags
tests: Ignore symlink trusts flags in symlink error returns
tests: Try setting a 0-sized reparse point
tests: Test error codes for SET_REPARSE_POINT
smbd: Slightly simplify smb_posix_unlink()
smbd: Fix a comment
libsmb: Make readlink issue posix_readlink
smbclient: Use cli_readlink
libsmb: Remove sync cli_posix_readlink() wrapper
smbd: No dfs_filename_convert() in filename_convert_smb1_search_path()
smbd: Simplify readlink_talloc()
smbd: Simplify symlink_target_below_conn()
smbd: Centralize error handling in smbd_smb2_create_after_exec()
smbd: Close the opened file in smbd_smb2_create_after_exec() error case
smbd: Fix whitespace
nsswitch: Align integer types
tsocket: Fix the build on FreeBSD
smbd: Simplify is_visible_fsp()
cldap_server: Align integer types
smbd: Simplify dos_mode_msdfs()
lib: Remove fstring_sub() that was used just once
lib: Remove unused octal_string()
vfs: Remove an unnecessary if statement
lib: Make substitute.c's "remote_proto" static
lib: Add get_current_user_info_domain()
smbd: Remove a few "extern userdom_struct current_user_info"
lib: Fix whitespace
lib: Move talloc_asprintf_addbuf() to talloc
lib: Use talloc_asprintf_addbuf() in debug.c
lib: Use talloc_asprintf_addbuf() in str_list_join()
lib: Use talloc_asprintf_addbuf() in str_list_join_shell()
lib: Use talloc_asprintf_addbuf() in ldif_write_prefixMap()
lib: Use talloc_asprintf_addbuf() in print_socket_options()
lib: Use talloc_asprintf_addbuf() in ldb_module_call_chain()
lib: Use talloc_asprintf_addbuf() in rdn_name_add()
dns_server: Use talloc_asprintf_addbuf() in b9_format()
libcldap: Save lines in cldap_netlogon_create_filter() with talloc_asprintf_addbuf()
auth4: Save lines with talloc_asprintf_addbuf() in authsam_domain_group_filter()
winbind: Save an intermediate NULL check with talloc_asprintf_addbuf()
winbind: Save lines with talloc_asprintf_addbuf()
lib: Save intermediate NULL checks with talloc_asprintf_addbuf()
libads: Save intermediate NULL checks with talloc_asprintf_addbuf()
smbd: Make set_current_case_sensitive() static
smbd: Slightly simplify set_current_case_sensitive()
smbd: Slightly simplify set_current_case_sensitive()
vfs: Fix whitespace
smbd: Remove source3/smbd/statcache.c
tests: Show that in smb1 posix we don't treat dirs as case sensitive
smbd: Add "posix" flag to openat_pathref_dirfsp_nosymlink()
libsmb: Don't mess up pathnames in cli_smb2_create_fnum_send()
smbd: Fix a debug message
smbd: Use direct struct initialization, avoid explicit ZERO_STRUCT()
smbd: Remove a pointless NULL check from readlink_talloc()
tdb: Move 160 bytes from R/W data segment to R/O text
lib: Align an integer type
lib: Avoid an includes.h
lib: Move 448 bytes from R/W data segment to R/O text
libsmb: Make a r/w copy of fname in cli_smb2_create_fnum_send()
libsmb: Slightly simplify cli_smb2_create_fnum_send()
libsmb: Simplify clistr_is_previous_version_path()
smbd: Print the file name in reparse point functions
smbd: Rename "ctx" to the more common "mem_ctx" in reparse functions
smbd: Implement SET_REPARSE_POINT buffer size checks
smbd: Reduce indentation in ucf_flags_from_smb_request()
smbd: Simplify filename_convert_dirfsp_nosymlink()
smbd: Simplify filename_convert_dirfsp_nosymlink()
smbd: Hide the SMB1 posix symlink behaviour behind UCF_LCOMP_LNK_OK
smbd: Make send_trans2_replies() static
smbd: Fix setfileinfo profiling
smbd: Simplify call_trans2setfilepathinfo()
smbd: Factor out handle_trans2setfilepathinfo_result()
smbd: Remove call_trans2setfilepathinfo()
smbd: Fix qfileinfo profiling
smbd: Simplify call_trans2qfilepathinfo()
smbd: Factor out handle_trans2qfilepathinfo_result()
smbd: Make store_file_unix_basic[_info2] public
smbd: Move smb_posix_open() to smb1_trans2.c
smbd: Make smb_set_file_disposition_info() public
smbd: Move smb_posix_unlink() to smb1_trans2.c
smbd: Move smb_set_file_unix_link() to smb1_trans2.c
smbd: Move smb_set_file_unix_hlink() to smb1_trans2.c
smbd: Move handling smb_set_posix_lock() to smb1_trans2.c
smbd: Make smb_set_file_size() public
smbd: Make map_info2_flags_to_sbuf() public
smbd: Move SMB_SET_FILE_UNIX_[BASIC|INFO2] to smb1_trans2.c
smbd: Remove two variables never set after initialization
smbd: Handle SMB_QUERY_POSIX_LOCK() in call_trans2qfileinfo()
smbd: smbd_do_qfilepathinfo() does not need lock_data anymore
smbd: Make get_posix_fsp() public
smbd: Move smb_set_posix_acl() to smb1_trans2.c
smbd: Remove an unnecessary if-statement
smbd: Remove an unnecessary if-statement
smbd: Move SMB_QUERY_FILE_UNIX_[BASIC|INFO2] to smb1_trans2.c
smbd: Move SMB_QUERY_POSIX_ACL to smb1_trans2.c
smbd: Move get_posix_fsp() to smb1_trans2.c
smbd: Move SMB_QUERY_FILE_UNIX_LINK to smb1_trans2.c
torture: Fix whitespace
smbd: Remove duplicate/unused #defines
smbd: Shorten a few lines
smbd: Modernize a DBG statement
pylibsmb: Get reparse tag when listing directories
pylibsmb: Add reparse tag definitions
smbd: Factor out get_dirent_ea_size()
smbd: Use get_dirent_ea_size() also for BOTH_DIRECTORY_INFO
smbd: Fix CID 1518902 Use after free
smbd: Fix CID 1518901 Logically dead code
smbd: Fix indentation
smbd: Make get_safe_[[SI]VAL|ptr] static to smb1_lanman.c
lib: Make map_share_mode_to_deny_mode() static to smbstatus
lib: Move tab_depth() to reg_parse_prs.c
lib: Remove unused smb_mkstemp prototype
lib: Move 16 bytes to readonly .text segment
smbd: Move bytes from r/w data to r/o text section
smbd: Avoid explicit ZERO_STRUCT()
lib: Add tdb_data_dbg()
lib: Use tdb_data_dbg() where appropriate
smbd: Use talloc_tos() for pushing smbXsrv_open_globalB
smbd: Remove a "can't happen" NULL check
smbd: Remove smbXsrv_open->db_rec
lib: Add "starting_id" to idr_get_new_random()
smbd: Simplify smbXsrv_open_set_replay_cache() with a struct assignment
smbd: Simplify smbXsrv_open_set_replay_cache() with dbwrap_store_bystring()
lib: Remove idtree from samba_util.h
smbd: Use an idtree for local IDs
build: Don't compile source3/lib/util_sd.c four times
lib: Use talloc_asprintf_addbuf() in print_ace_flags()
lib: Fix out-of-bounds access in print_ace_flags()
lib: Fix a use-after-free in "net vfs getntacl"
smbd: Slightly simplify smb2srv_open_recreate()
smbd: Remove smbXsrv_open_global_destructor()
smbd: Slightly simplify smbXsrv_open_create()
smbd: Remove unused smbXsrv_open_global_key_to_id()
smbd: Directly initialize key in smbXsrv_open_global_fetch_locked()
smbd: Make smbXsrv_open_global_id_to_key() a bit more type-safe
smbd: Modernize DBG statements in smbXsrv_open_global_store()
ctdb: Fix the build on FreeBSD
vporpo (1):
smbget: Adds a rate limiting option --limit-rate in KB/s
-----------------------------------------------------------------------
--
Samba Shared Repository
More information about the samba-cvs
mailing list