[SCM] Samba Shared Repository - annotated tag talloc-2.4.1 created
Stefan Metzmacher
metze at samba.org
Thu Jul 20 10:48:01 UTC 2023
The annotated tag, talloc-2.4.1 has been created
at 07be14a36896de8f1a31e768853c3b8e1dcb306e (tag)
tagging 791e2817e13182344447590313f7e372a27c1d48 (commit)
replaces tevent-0.14.1
tagged by Stefan Metzmacher
on Thu Jul 20 12:47:51 2023 +0200
- Log -----------------------------------------------------------------
talloc: tag release talloc-2.4.1
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAmS5ENcACgkQR5ORYRMI
QCWEHAgAtXcN3rjitPAt42/P2i0t1d58H/pK3K+aju6R4a8AEtavzFQCUq0A95jU
UQvp1e3xzu2T7MUqC+x8TCbCk7ggmnq7WN+UHtkJrcTJ9xTnnzVQvsI8TEAJ2Ccc
UFtuxfLre/MDfHni+HMI5qiRvOuh/0zvYPaMWZZHPT9450kdt2FuxzqS6yl9Al6L
TeP32fB+cXy5ZqVh01MmlkSUnfmWYsBtb4mjr4l7tX5aAjO3uyY1n+qvQD3MpVgh
7JiZZLD4UXmoTKjwLf+jvdS8TWDnFhFHr+9zh0QyYYjVIUDncnvT3dwDMWefISxQ
ihNjlET+Ct64y73vdvFAmFk7cGNksA==
=GEZE
-----END PGP SIGNATURE-----
Alexander Bokovoy (2):
Add ROLE_IPA_DC into two more places
wafsamba: Normalize strings in gdb output when comparing ABI
Amir Goldstein (4):
s4:torture:basic: fix SET_INFO_* macros in delayed_write_update*
lib: add NTTIME_[U|m]SEC macros
s4:torture:basic: use milliseconds granularity in delayed_write_update7
torture/smb2: do not use client time in delayed timestamp updates test
Andreas Schneider (266):
s3:libsmb: Remove unused variable 'i'
s3:smbd: Don't assign variable to itself
s3:rpcsrv:eventlog: Remove unused variable
s3:winbind: Remove unused variable
s4:samdb: Remove trailing whitespaces
s4:samdb: Remove unused variable
nsswitch: Fix getting data out of pam_get_data()
lib:ldb-samba: Correctly handle search scope
s3:printing: Remove trailing whitespaces in vlp.c
s3:printing: Remove unused variable
s3:modules: Ignore -Wunused-but-set-variable for autogenerated code
s4:modules: Move structs with dynamic arrays to end of struct
s3:modules: Initialize pointer with NULL
s3:netapi: Remove unused variables
s3:utils: Remove unused variable
s3:torture: Remove unused variable
waf: Add support for MemorySanitizer
lib:ldb: Add the location to ldb_kv_parse_data_unpack() debug output
lib:ldb: Print a debug message in case we have a corrupted MDB
testprogs: Use random usernames for kinit tests
testprogs: Use random usernames for export keytab tests
testprogs: Use random user names for kpasswd tests
python:tests: Correctly escape $ in user_edit.sh
python:tests: Use a random username for user_edit.sh tests
python:tests: Correctly escape $ in contact_edit.sh
python:tests: Use a random username for contact_edit.sh test
python:tests: Correctly escape $ in computer_edit.sh
python:tests: Use a random machine name for computer_edit.sh test
python:tests: Make sure we do not run into issues with already existing users
python:tests: Fix domain_backup test with Python 3.11
python:tests: Tell dns.resolver to not read /etc/resolv.conf
python:tests: Add missing result checks for samba_tool.gpo tests
python:tests: Make sure we delete the OU for movetest
s3:utils: Check if the autorid rangesize is a multiple of the range
s3:winbind: Improve warning message if we are out of autorid ranges
python:netcmd: Decode return value of find_netbios() from bytes into string
lib:ldb: Correctly cast pointers for assert_string_equal()
ctdb:client: Fix code spelling
ctdb:common: Fix code spelling
ctdb:include: Remove trailing whitespaces in ctdb_protocol.h
ctdb:include: Fix code spelling
ctdb:server: Remove trailing whitespaces in ctdb_recover.c
ctdb:server: Remove trailing whitespaces in ctdb_server.c
ctdb:server: Fix code spelling
ctdb:tcp: Fix code spelling
ctdb:tests: Fix code spelling
ctdb:tool: Fix code spelling
ctdb:utils: Remove trailing whitespaces in scsi_io.c
ctdb:utils: Fix code spelling
s3:utils: Fix grammar in testparm
auth: Fix code spelling
buildtools: Fix code spelling
examples: Remove trailing whitespaces in ol-schema-migrate.pl
examples: Remove trailing whitespaces in mklogon.conf
examples: Fix code spelling
examples: Remove trailing whitespaces in smb.conf.default
examples: Improve comment in smb.conf.default
s3:libsmb: Remove trailing whitespaces in clientgen.c
s3:libsmb: Fix conflicting declaration/implementation
s3:waf: Fix One Definition Rule (ODR) violation of libsecrets3
Add .clangd configuration file
buildtools: Remove compile_commands.json symlink
lib:talloc: Move talloc_get_size() out of the talloc reference group
lib:addns: Rename additionals to additional
lib:addns: Fix code spelling
lib:audit_logging: Fix code spelling
lib:cmdline: Fix code spelling
lib:compression: Fix code spelling
lib:crypto: Improve comment about weak crypto
lib:dbwrap: Fix code spelling
lib:fuzzing: Fix code spelling
lib:krb5_wrap: Fix code spelling
Fix spelling in README.Coding.md
bootstrap: Fix spelling in README.md
ctdb:doc: Fix code spelling
docs-xml: Fix spelling in manpages
docs-xml: Fix spelling in smb.conf manpage
docs-xml: Fix spelling in Samba-Developers-Guide
lib:ldb:common: Fix code spelling
lib:ldb:include: Fix code spelling
lib:ldb:ldb_key_value: Fix code spelling
lib:ldb:ldb_map: Fix code spelling
lib:ldb:ldb_sqlite3: Fix code spelling
lib:ldb:nssldb: Fix code spelling
lib:ldb:tests: Fix code spelling
s3:selftest: Move the smbget share to the provision function
s3:selftest: Move samba3.blackbox.smbget to ad_member
s3:selftest: Pass REALM to samba.blackbox.smbget
s3:tests: Also clear the download area in smbget msdfs_link test
s3:tests: Add domain and UPN test for smbget
s3:tests: Add smbget msdfs link test with domain and UPN
s3:utils: Always cleanup when leaving smbget main()
s3:utils: Add support for parsing domain/UPN in username for smbget
s3:tests: Use long options for smbget in test_smbget.sh
s3:utils: Use common command line parser for smbget
docs-xml: Update smbget manpage
docs-xml: Remove smbgetrc manpage
s3:utils: Correctly wire encryption for smbget
s3:tests: Add encryption test for smbget
s3:utils: Correctly wire Kerberos support for smbget
s3:tests: Add kerberos test for smbget
s3:tests: Add a kerberos trust test for smbget
s3:tests: Add test with testdenied_upn at REALM.upn
auth: Remove trailing white spaces in credentials.h
auth: Remove trailing white spaces in credentials_ntlm.c
auth: Add cli_credentials_is_password_nt_hash()
s3:utils: Correctly wire NT hash support for smbget
s3:utils: s3:utils: Correctly wire winbind ccache support for smbget
Update WHATSNEW.txt
lib:ldb:tests: Fix signedness build error
s3:selftest: Remove ad_dc_ntvfs for smbclient_machine_auth.plain
s3:tests: Use the CONFIGURATION passed down to the test
s3:tests: Correctly implement tests for forceuser/forcegroup
s3:tests: Use CONFIGURATION passed down to the test
s3:tests: Add exit code with failed tests
s4:torture: Remove trailing white spaces
s4:torture: Fix warning messages for smb.raw.session
s4:torture: Fix warning messages for smb2.session
s4:torture: Extend smb2 session requested_life_time
testprogs: Fix running export.keytab heimdal test
s4:tests: Reformat kerberos tests
s4:selftest: Use smbclient3 for kinit tests
s4:selftest: Use ad_dc environment for kinit tests
testprogs: Correctly set configuration in test_kinit_mit.sh
testprogs: Correctly set configuration in test_kinit_heimdal.sh
testprogs: Pass configuration to test_export_keytab_heimdal.sh
testprogs: Pass configuration to test_export_keytab_mit.sh
testprogs: Specify the KRB5CCNAME on the command line
testprogs: Pass configuration to test_kpasswd_heimdal.sh
testprogs: Pass configuration to test_kpasswd_mit.sh
s4:selftest: Reformat samba4.blackbox.password_settings
s4:selftest: Use ad_dc env for samba4.blackbox.password_settings
testprogs: Pass configuration to test_password_settings.sh
testprogs: Remove UID_WRAPPER_ROOT export
testprogs: Pass configuration to test_kinit_trusts_heimdal.sh
testprogs: Pass configuration to test_kinit_trusts_mit.sh
s4:selftest: Reformat samba4.blackbox.rfc2307_mapping
s4:selftest: Move rfc2307_mapping test to ad_dc
nsswitch:tests: Use configuration variable passed to test_rfc2307_mapping.sh
testprogs: Reformat test_kinit_heimdal.sh
testprogs: Fix shell arithmetic in test_kinit_heimdal.sh
testprogs: Use common binary detection functions in test_kinit_heimdal.sh
testprogs: Reformat test_kinit_mit.sh
testprogs: Fix shell arithmetic in test_kinit_mit.sh
testprogs: Merge kinit tests into a single script for MIT and Heimdal
testprogs: Remove unused test_kinit_(heimdal|mit).sh
testprogs: Reformat test_kinit_trusts_heimdal.sh
testprogs: Reformat test_kinit_trusts_mit.sh
testprogs: Fix shell arithmetic in test_kinit_trusts_mit.sh
testprogs: Fix shell arithmetic in test_kinit_trusts_heimdal.sh
testprogs: Merge kinit trust tests into a single script for MIT and Heimdal
testprogs: Remove unused test_kinit_trusts_(heimdal|mit).sh
testprogs: Reformat test_export_keytab_heimdal.sh
testprogs: Fix shell arithmetic in test_export_keytab_heimdal.sh
testprogs: Reformat test_export_keytab_mit.sh
testprogs: Fix shell arithmetic in test_export_keytab_mit.sh
testprogs: Merge export keytab tests into a single script for MIT and Heimdal
testprogs: Remove unused test_export_keytab_(heimdal|mit).sh
python:tests: Correctly skip some GPO tests in release tarball
s3:libads: Remove executable bit from ldap.c
Makefile: Fix spelling
ctdb: Fix code spelling
docs-xml: Fix spelling
dynconfig: Fix code spelling
examples: Fix spelling
lib:ldb: Fix code spelling
lib:messaging: Fix code spelling
lib:param: Fix code spelling
lib:pthreadpool: Fix code spelling
lib:replace: Fix code spelling
lib:replace: Fix snprintf of rep_inet_ntop()
lib:replace: Remove trailing white spaces in xattr.c
lib:replace: Fix code spelling
lib:smbconf: Fix code spelling
lib:socket: Fix code spelling
lib:talloc: Fix code spelling
lib:tdb: Fix code spelling
lib:tevent: Fix code spelling
lib:tsocket: Fix code spelling
lib:util: Remove trailing white spaces in byteorder.h
lib:util: Fix code spelling
s3:tests: Create a temporary directory for test_veto_files.sh
s3:tests: Add test that veto files works for hidden files
s3:lib: Do not try to match '.' and '..' directories in is_in_path()
s3:libsmb: Mark smbc_set_credentials() as deprecated
s3:utils: Use smbc_set_credentials_with_fallback() for smbget
s3:libsmb: Also deprecate smbc_init()
s3:client: Remove unused tree.c
python:tests: Skip the source_chars test if not a git dir
lib:krb5_wrap: Fix debug statements when princ_s is NULL
dfs_server: Fix debug statement if searched_site is NULL
s3:torture: Remove trailing white spaces in locktest2.c
s3:torture: Fix possible array out of bounds access
selftest:knownfail: Update S4U knownfail for MIT KRB5 1.20
gitlab-ci: Update Fedora to version 38
s3:lib: Move ad_unpack() debug message to notice level
s3:lib: Give better warnings about corrupted AppleDobule files
libcli:auth: Fix code spelling
libcli:drsuapi: Fix code spelling
libcli:ldap: Fix code spelling
libcli:security: Fix code spelling
libcli:smb: Fix code spelling
python:tests: Adopt safe_tarfile for extraction_filter raises
python:safe_tarfile: Set extraction_filter for pythons providing it
python:safe_tarfile: Implement safer extractall()
python:safe_tarfile: Improve safe extract()
testprogs:subunit: Fix assigning an array to a string
testprogs:subunit: Fix integer comparisons
testprogs: Do not export UID_WRAPPER_ROOT in test_samba-tool_ntacl.sh
testprogs: Do not export UID_WRAPPER_ROOT in test_net_ads_dns.sh
testprogs: Do not export UID_WRAPPER_ROOT in test_pdbtest.sh
testprogs: Do not export UID_WRAPPER_ROOT in test_kpasswd_mit.sh
testprogs: Do not export UID_WRAPPER_ROOT in test_kpasswd_heimdal.sh
testprogs: Do not export UID_WRAPPER_ROOT in test_net_rpc_oldjoin.sh
s3:tests: Do not export UID_WRAPPER_ROOT in test_net_machine_account
s3:tests: Do not export UID_WRAPPER_ROOT in test_smbXsrv_client_dead_rec.sh
s3:tests: Do not export UID_WRAPPER_ROOT in test_smbXsrv_client_cross_node.sh
s3:winbind: Fix talloc parent in find_dc() leading to a segfault
libcli:smbreadline: Fix code spelling
libgpo:admx: Fix code spelling
librpc:idl: Fix code spelling
librpc:ndr: Fix code spelling
librpc:rpc: Fix code spelling
nsswitch: Fix code spelling
packaging:systemd: Fix code spelling
pidl: Fix code spelling
python:samba:emulate: Fix code spelling
python:samba:gp: Fix code spelling
python:samba:gp_parse: Fix code spelling
python:samba:kcc: Fix code spelling
python:samba:netcmd: Fix code spelling
python:samba:provision: Fix code spelling
python:samba:samba3: Fix code spelling
python:samba:subunit: Fix code spelling
python:samba:tests: Fix code spelling
python:samba: Fix code spelling
third_party: Update socket_wrapper to version 1.4.2
python:tests: Fix code spelling
script: Fix code spelling
selftest: Fix code spelling
s3:auth: Fix code spelling
s3:auth: Use new debug macros for logging
s4:client: Fix code spelling
s3:include: Fix code spelling
examples: Make codespell happy
examples: Fix code spelling
python: Fix code spelling
python:tests: Fix code spelling
s3:include: Remove trailing whitepaces in MacExtensions.h
s3:include: Fix code spelling
s3:lib: Fix code spelling
s3:libads: Fix code spelling
s3:libsmb: Fix code spelling
example: Remove outdated config files from tridge
examples: Remove outdated validchars
wscript: Fix code spelling
s3:librpc: Fix code spelling
s3:locking: Fix code spelling
s3:modules: Remove trailing white spaces of vfs_hpuxacl.c
s3:modules: Remove trailing white spaces of README.nfs4acls.txt
s3:modules: Remove fruit:ressource option with incorrect spelling
s3:modules: Fix code spelling
s3:nmbd: Fix trailing white spaces in nmbd.c
s3:nmbd: Fix trailing white spaces in nmbd_incomingdgrams.c
s3:nmbd: Fix trailing white spaces in nmbd_incomingrequests.c
s3:nmbd: Fix code spelling
Andrew Bartlett (86):
s4-auth: Free user_info_dc in KDC caller to authsam_update_user_info_dc()
tsocket: Increase tcp_user_timeout max_loops
selftest/drs: Demonstrate ERROR(ldb): uncaught exception - Deleted target CN=NTDS Settings... in join
dsdb: Avoid ERROR(ldb): uncaught exception - Deleted target CN=NTDS Settings... in join
lib/ldb: Avoid allocation and memcpy() for every wildcard match candidate
selftest: Use setUpClass() to reduce "make test TESTS=large_ldap" time
script/autobuild: Use python logger to print times on log lines to aid in debugging.
script/autobuild: Use --verbose to control python logger verbosity
script/autobuild: Use logger.debug() for debug messages (visible with --verbose)
librpc/idl: Explain why PAC_TYPE_CLIENT_CLAIMS_INFO is not directly decoded
selftest: Add python test that verifies that we can parse a PAC
pidl: Allow variable expansion (eg of a value() attribute) in compression_alg argument
lib/compression: Add helper function lzxpress_huffman_max_compressed_size()
lib/compression: Fix documentation of lzxpress_huffman_compress()
ndrdump: Allow a long string of hexidecimal digits as well as a hex dump for --hex-input
librpc: Remove incorrect NDR_COMPRESSION dependency from NDR_KRB5CCACHE
librpc/ndr: Remove incorrect comment that ndr_compression.h is autogenerated
librpc/ndr: Unimplement DRSUAPI_COMPRESSION_TYPE_XPRESS and rename
libndr/ndr: Add NDR_COMPRESSION_INVALID
libndr/ndr: Remove unused argument from ndr_push_compression_{start,end}()
librpc/ndr: Add a "NONE" compression format to libndr
librpc/ndr: Implement lzxpress_huffman() compression in libndr for Kerberos Claims
pidl: Automatically manage creating and freeing the compression state in generated code
librpc/ndr: Make ndr_push_compression_state_free() a talloc destructor
librpc/ndr: Use libndr compression for claims
sefltest: Extend python NDR parsing tests to compressed and uncompressed claims
selftest: Add test parsing krb5 PAC claims via ndrdump
CVE-2023-0614 dsdb: Alter timeout test in large_ldap.py to be slower by matching on large objects
CVE-2023-0614 dsdb: Add DSDB_MARK_REQ_UNTRUSTED
CVE-2023-0614 dsdb: Add pre-cleanup and self.addCleanup() of OU created in match_rules tests
CVE-2023-0614 lib/ldb-samba: Add test for SAMBA_LDAP_MATCH_RULE_TRANSITIVE_EVAL / LDAP_MATCHING_RULE_IN_CHAIN with and ACL hidden attributes
CVE-2023-0614 lib/ldb-samba Ensure ACLs are evaluated on SAMBA_LDAP_MATCH_RULE_TRANSITIVE_EVAL / LDAP_MATCHING_RULE_IN_CHAIN
dsdb: Remove remaining references to DC_MODE_RETURN_NONE and DC_MODE_RETURN_ALL
dsdb/tests: Move SD modification on class-created objects to classSetUp
dsdb/tests: Double number of expressions in large_ldap.py ldap_timeout test
lib/util: Add "debug syslog format = always", which logs to stdout in syslog style
selftest: Use "debug syslog format = always" in selftest
s3-client: Provide more information on protocol negotiation failures
pytest:sddl Samba had the wrong value for FA, now fix the tests
pytest:sddl: show the correct handling of the "FA" SDDL flag
librpc: Fix talloc hierarchy for ndr_compression_state
librpc: Always call ndr_push_compression_state_init() for compression
python: Move helper functions for functional levels into a new file
samba-tool domain provision: Use common functional_level.string_to_level()
param: Add new parameter "ad dc functional level"
python: Add function to get the functional level as a python intger from smb.conf
samba-tool domain join: Allow "ad dc functional level" to change which
selftest: Move linked_attributes test to ad_dc selftest environment
Use --base-schema=2008_R2 on ad_dc_ntvfs, which opeates at FL2008
selftest: Return fl2008dc to being an alias for ad_dc_ntvfs
selftest: Allow provision_ad_dc() to take functional_level as an argument
selftest: Change ad_dc environment to be 2016 functional level
librpc/idl: Merge missing bits into nbt_server_type in nbt.idl
librpc/idl: Use nbt_server_type instead of netr_DsR_DcFlags netlogon.idl
librpc/idl: Alias the DS_ constants in netlogon.idl to the NBT_SERVER equivilants
selftest: Assert that we have a trust in samba.tests.getdcname
selftest: Rework samba.tests.getdcname not to use ncalrpc
selftest: Confirm that the flags like DS_DIRECTORY_SERVICE_9_REQUIRED work
selftest: Change self.assertTrue(x is not None) -> self.assertIsNotNone(x)
selftest: Fix remaining incorrect references to 2012 -> 2012R2 FL in GetDCNameEx test
sefltest: Improve getdcname test by confirming the _REQUIRED flag behaviours
librpc: No longer consider the DS_DIRECTORY_SERVICE_{8,9,10}_REQUIRED bits as invalid
s4-libads: Confirm newer functional levels in check_cldap_reply_required_flags()
s3-libads: Also handle the DS_WEB_SERVICE_REQUIRED flag in check_cldap_reply_required_flags()
s4-rpc_server: Filter via dsdb_dc_functional_level() before we are returning a lookup directly
selftest: Specify that DCs prepared with prepare_dc_testenv() to be 2016 capable
selftest: Split up tests in dsdb.py to avoid creating a user when not required
dsdb: Indicate in rootdse.c why samdb_ntds_settings_dn() is not used
dsdb: Add routine to check the DB vs lp functional levels
python/tests: Make helpful, stateless methods @classmethod and @staticmethod
selftest: Add unit tests of the DC startup FL check/update code
s4-server: Call dsdb_check_and_update_fl() during startup transaction.
samba-tool: Fix missing import for "domain level raise --forest-level=2016"
WHATSNEW: Mention new default schema and Functional Level prep
Align samba_kdc_update_pac() prototype in pac-glue.h with the implementation in pac-glue.c
build: Set minimum required GnuTLS version to 3.6.13
crypto: Rely on GnuTLS 3.6.13 and gnutls_pbkdf2()
Remove check for gnutls_set_default_priority_append as it unused
Remove rudundent check for gnutls_pkcs7_get_embedded_data_oid as we now require GnuTLS 3.6.13
Remove rudundent check/workaround for buggy GnuTLS 3.5.2 as we now require GnuTLS 3.6.13
Remove rudundent check and fallback for AES CFB8 as we now require GnuTLS 3.6.13
crypto: Remove aesni-intel accelerated AES crypto functions
Remove redundant check and fallback for AES CMAC 128 as we now require GnuTLS 3.6.13
build: Remove unused check for SHA1_Update and SHA1_RENAME_NEEDED
libcli/smb: Remove unused fallback case for ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_GCM
WHATSNEW: Update minimum GnuTLS version
Björn Baumbach (18):
testprogs: fix some "net ads dns" tests
testprogs: net ads dns tests: remove test user after usage.
testprogs: adapt return values of testit_expect_failure_grep and testit_grep_count to function description
testprogs: use uniqe names in "net ads dns" tests to avoid conflicts
testprogs: remove only used dns records in "net ads dns" tests
testprogs: use more unique names in "net ads dns" tests
testprogs: remove used records in "net ads dns" tests
testprogs: net ads dns: do not increase the $failed counter in "net ads dns" when test is OK
testprogs/blackbox/test_net_ads_dns.sh: verify test results ($failed)
testprogs/blackbox/test_special_group.sh: verify test results ($failed)
testprogs/blackbox/test_weak_disable_ntlmssp_ldap.sh: verify test results ($failed)
net: add new --dns-ttl option to specify the ttl of dns records
docs: documentation for new net --dns-ttl option
testprogs: add test for new net ads dns register --dns-ttl option
net: add hint which options can be used with net ads dns register command
docs: fix a typo in history file
samba-tool: add new --dns-directory-partition option to dns zonecreate command
samba-tool: print default (domain) for --dns-directory-partition option in help message
Björn Jacke (22):
smbcacls/smbcquotas: check for valid UNC path
docs-xml: remove completely outdated Samba-Developers-Guide
nmbd: use DBG_ macros and raise some log levels
nmbd_sendannounce.c: use DBG* macros instead of static log level numbers
nmbd/asyncdns.c: use DBG* macros instead of static log level numbers
nmbd_become_lmb.c: use DBG* macros instead of static log level numbers
oplock_linux.c: use DBG macros instead of static log level
dns_update.c: use DBG* macros instead of static log level numbers
smbXsrv_session.c: use DBG* macros instead of static log level numbers
smb2_service.c: use DBG* macros instread of static log level numbers
dcesrv_drsuapi.c:use DBG* macros instead of static log level numbers
smbXsrv_tcon.c: use DBG* macros instead of static log level numbers
vfs_default.c: use DBG* macros instead of static log level numbers
winbindd_cache: adjust some debug levels to more appropriate severities
winbindd_cache.c: move some some notice messages from ERR to NOTICE level
winbindd_cache.c: use DBG* macros instead of static log level numbers
garbage_collect_tombstones.c: move info log message to appropriate level
garbage_collect_tombstone.c: use DBG* macros instead of static numeric log levels
tallocmsg.c: move info log message to appropriate level
wb_dsgetdcname.c: don't use statis log level numbers
wb_dsgetdcname.c: move common message to higher log level
wb_dsgetdcname: log also the domain name for failures
Christof Schmitt (7):
librpc: Fix compile error for libnet_join.idl
debug: Only initialize gpfs wrapper when gpfs logging is enabled
ctdb-recovery: Use correct struct ban_node_state type for state
gpfswrap: Add wrapper for gpfs_register_cifs_export
vfs_gpfs: Register smbd process with GPFS
vfs_gpfs: Check error from gpfswrap_lib_init
vfs_gpfs: Move call to load GPFS library
David Disseldorp (1):
s3:modules: call rpcgen only if vfs_nfs4acl_xattr is enabled
David Mulder (20):
gp: samba-tool gpo cse register/unregister/list
gp: Test samba-tool gpo cse register/unregister/list
gp: Log ext failure with file and line number
gp: gp_sudoers_ext warn w/out visudo installed
samba-tool: Clarify cse register command file dest
samba-tool: Subclass GPOCommand for calling samdb_connect
samba-tool: Test that modifying GPO increments GPT.INI vers
samba-tool: Ensure modifying GPO increments GPT.INI vers
gpupdate: Test that PAM Access uses winbind separator
gpupdate: Use winbind separator in PAM Access Policies
smbd: Ensure share root POSIX attrs are cleared after mode_fn
gp: Fix NameError: free variable 'cron_dir' in Crontab CSE
gpupdate: Implement get_gpo_list in python
gpupdate: Deprecate libgpo.get_gpo_list
gpo: Group Policy tests require a s3 loadparam
Add a WHATSNEW entry indicating libgpo py deprecation
gp: Add site-dn fallback when rpc call fails
gp: get_gpo() should re-raise the Exception, not return
gp: sshd policy correctly sort policy
gp: Fix user apply failure when droping privs
Dmitry Antipov (8):
lib:util: prefer mallinfo2() over mallinfo() if available
s4:libnet: cleanup py_net_time()
lib:registry: drop unused argument of reg_open_remote()
s4:lib:policy: cleanup and handle errors in push_recursive()
lib:ldb: do not offset against NULL pointer in ldb_ldif_read()
s4:ntvfs:posix: avoid parsing empty blob in posix_eadb_add_list()
lib:util: prefer size_t for random data generation functions
pyglue: use Py_ssize_t in random data generation functions
Douglas Bagnall (82):
ldb/pyldb: remove py2 ifdefs
s4/ndr/py_misc: remove python 2 ifdefs
s4/ndr/py_security: remove python 2 ifdefs
tdb/pytdb: remove py ifdefs
tdb/pytdb: remove useless HAVE_ITER non-flag
tevent/pytevent: remove py2 ifdefs
tevent/pytevent: remove no-op define
pidl: avoid py compile issues with --pidl-developer
s4/wmi: begone
talloc: remove Python 2 #if clauses
s4: remove unused lib/com/*
CVE-2023-0225 pytest/acl: test deleting dNSHostName as unprivileged user
lib/fuzzing: add fuzzer for sddl_parse
librpc/ndr/pysecurity: use better exceptions
pytest:upgradeprovision: don't use misleading SDDL in tests
librpc/py_security: exception message blames the bad SID
pytest:sid_strings: same timestamp for all tests in the run
pytest:sid_strings: use hashed instead of random unique numbers
pytest:sid_strings: add a superclass, allowing for derivatives
pytest:sid_strings: allow other errors to be specified
pytest:sid_strings: add explicit S-1-* sid tests
pytest:sid_strings: separate out expected_sid formatting
pytest:sid_strings: test the strings with local parsing
pytest:sid_strings: Windows and Samba divergent tests
pytest:sid_strings: test SIDs as search base
pytest:sid_strings: test SID DNs with ldb parsing
pytest:sid_strings: do bad SIDS work in search filters?
pytest:sid_strings: Do bad SIDs fail differently in simple-bind?
libcli/security/dom_sid: remove a couple of lost comments
libcli/security: avoid overflow in revision number
libcli/security: stricter identauth parsing
libcli/security: avoid overflow in subauths
libcli/security/dom_sid: hex but not octal is OK for sub-auth
libcli/security/dom_sid: use (unsigned char) in isdigit()
libcli/sec/sddl decode: don't ignore random junk.
libcli/sec/sddl decode: allow hex numbers in SIDs
pytest:sddl: test empty DACL with flags
lib/sec/sddl: allow empty non-trailing ACL with flags
libcli/security: allow decimal/octal numbers in SDDL access mask
libcli/security: disallow sddl access masks greater than 32 bits
libcli/security: ace type is not enum not flags
libcli/security: do not pad sddl flags with zeros
test:bb/samba-tool ntacl: let return acl flag lack hex padding
s3:test_larg_acl: adapt for the canonical ACE flags format
pytest:ntacls: adapt for canonical flag format
py:provision: use canonical representation of ACE flags
pytest:samba-tool ntacl: expect canonical ACE flag format
pytest:posixacl: expect canonical ACE flag format
pytests/sddl: clarify boundaries between sddl cases
pytest/sddl: give test more of a name
pytest/sddl: remove duplicate test case
pytest/sddl: assert sddl string equality
pytest/sddl: rework to allow multiple lists, no early stop
pytest/sddl: remove unused imports
pytest/sddl: split tests into canonical and non-canonical
pytest:sddl: tweak some test strings
pytest:sddl: split each string into it's own test
pytest:sddl: allow tests to make negative assertions
pytest:sddl: Add negative tests of unparseable strings
pytest:sddl: SDDL strings where Windows behaviour differs
libcli/security: SDDL parse tests to run on Windows
pytest:sddl: helpers to exchange SDDL strings with Windows testprogram
pytest:sddl: let hex numbers differ in case (0xa == 0xA)
pytest:sddl: add tests for long DACLs, differing flag interpretations
s3:torture:LOCAL-IDMAP-TDB-COMMON: avoid talloc stacktrace
s3:torture: sid2unixid2: DEBUG blames the right function
libcli:security: sddl_map_flags rejects trailing nonsense
libcli/security: sddl_decode_access rejects trailing rubbish
libcli:security: sddl_decode_ace: don't allow junk after SID
pytest:sddl debugging: should_fail test says how it failed
pytest:sddl: tests around spaces in access flags and SIDs
libcli:security:sddl_decode_access allows spaces between flags
pytest:sddl: test we only accept normal GUIDs
pytest:large_ldap: use a valid ACE
libcli:security:sddl: accept only 8-4-4-4-12 GUIDs
libcli/security/tests: test strings for windows and samba SDDL tests
configure: ensure sizeof(int) >= 4
lib/fuzzing: add fuzz_sddl_access_check
lib/fuzzing: add fuzzer for arbitrary token/sd access checks
lib/fuzzing: adapt fuzz_security_token_vs_descriptor for AD variant
lib/fuzzing: adapt fuzz_sddl_access_check for AD variant
lib/fuzzing: patch for collecting fuzz_security_token_vs_descriptor seeds
Günther Deschner (1):
s3-net: no secrets access required when processing a ODJ provisioning
Helmut Grohne (1):
Skip running a C program during cross compilation
Jelmer Vernooij (1):
Add a git-blame-ignore-revs file
Jeremy Allison (23):
s3: smbd: Fix log spam. Change a normal error message from DBG_ERR (level 0) to DBG_INFO (level 5).
s3: provision: Add new streams_xattr_nostrict share - needs "strict rename = no".
s3: tests: Add new test_stream_dir_rename.sh test.
s3: smbd: Fix fsp/fd leak when looking up a non-existent stream name on a file.
tests: Add samba3.blackbox.zero_readsize test.
s3: libcli: Refuse to connect to any server with zero values for max_trans_size, max_read_size, max_write_size.
s3: smbd: Cleanup - don't set the FLAGS2_DFS_PATHNAMES in flags2 in the glue struct if it's not a DFS server or share.
s3: smbd: Cleanup. smb2_file_rename_information() can never have a @GMT path in the destination.
s3: smbd: Duplicate smb_file_link_information() hardlink handling as smb2_file_link_information().
s3: smbd: In smb2_file_link_information(), don't ever expect @GMT tokens in the pathname.
s3: smbd: Change smb2_file_link_information() to use srvstr_pull_talloc()/check_path_syntax_smb2().
s3: smbd: Add utility function smb2_strip_dfs_path().
s3: smbd: Remove all DFS path prefixes before passing to check_path_syntax_smb2().
s3: smbd: Add assertion to filename_convert_dirfsp_nosymlink() that shows SMB2 is *never* dealing with a DFS path here.
s3: smbd: Remove 'is_dfs' parameter to check_path_syntax_smb2().
s3: smbd: Remove unused and commented out check_path_syntax_smb2_msdfs().
s3: smbd: In smb_file_link_information() and smb_file_rename_information() the target path is never DFS.
s3: smbd: Remove now unused dfs_filename_convert().
s3: smbd: Fix dumb typos that meant smb1.SMB1-DFS-* tests were running against an SMB2-only fileserver.
s3: smbd: Flatten the check_path_syntax_smb2() wrapper.
s3: smbd: Add check_path_syntax_smb2_posix().
s3: smbd: Correctly set smb2req->smb1req->posix_pathnames from the calling fsp on SMB2 calls.
s3: smbd: Correctly process SMB3 POSIX paths in create.
John Mulligan (7):
vfs_ceph: use fsp_get_pathref_fd in ceph fstatat and close vfs calls
vfs_ceph: split ceph mount logic into a new function
vfs_ceph: cache ceph mounts based on share configuration params
vfs_ceph: add support to select ceph file system
doc/vfs_ceph: update confusing default hint for ceph:user_id param
doc/vfs_ceph: document ceph:filesystem parameter
python:join: fix reused variable name in provision func
Jones Syue (2):
smbd: remove comments about deprecated 'write cache size'
s3:utils: smbget fix a memory leak
Joseph Sutton (619):
tests/krb5: Declare supported encryption types of service account
s4:torture: Zero-initialise netr_NetworkInfo structure
s4:torture: Skip over asserted identity SIDs when comparing groups
auth.idl: Add auth_SidAttr type
libcli/security: Add auth_SidAttr utility functions
s4-dsdb: Add samdb_result_dom_sid_attrs()
auth: Store group attributes in auth_user_info_dc
s4:torture: Assert that group attributes match
auth: Exclude resource groups from a TGT
auth: Remove early return from make_user_info_dc_pac()
auth: Only process resource groups if NETLOGON_RESOURCE_GROUPS flag is set
s4-dsdb: Check for talloc failure in dsdb_expand_nested_groups()
s4-dsdb: Make sid_list_match() static
s4: Add 'const' to some parameters
tests/krb5: Remove tests of KDCs without resource SID compression support
tests/krb5: Improve assertion failure message
tests/krb5: Add some more test cases for PAC group handling
tests/krb5: Allow changing the SID of a user's PAC
tests/krb5: Add group tests simulating PACs from a trusted domain
tests/krb5: Allow setting or resetting PAC flags
tests/krb5: Add tests of NETLOGON_RESOURCE_GROUPS flag handling
s4:torture: Make use of torture_assert_sid_equal()
named_pipe_auth: Bump info5 to info6
auth: Pass through entire PAC flags value in auth_user_info
s4:kdc: Add resource SID compression
auth: Shorten long SID flags combinations
auth: Make more liberal use of SID index constants
ldap: Cut down on string substitution
ldap: Make use of LDB_OID_COMPARATOR constants
s4-dsdb: Simplify search expression
auth: Align integer types
tests/krb5: Add tests for the primary group
s4:torture: Remove assertion that primary group is not duplicated in user_info_dc
s4-dsdb: Use correct primary group SID in token group test
auth: Correct primary group handling
selftest: Expect setting domain-local group as primary group to fail
s4/dsdb/samldb: Disallow setting a domain-local group as a primary group
tests/krb5: Move _test_samlogon() to base class
tests/krb5: Allow tests to set SamLogon validation level
tests/krb5: Return validation structure from _test_samlogon()
tests/krb5: Test groups returned by SamLogon
auth: Discard non-base SIDs when creating SamInfo2
tests/krb5: Use consistent ordering for etypes
auth: Free empty SID arrays
tests/krb5: Refactor decode_service_ticket()
tests/krb5: Lazily fetch SamDB in get_default_enctypes()
tests/krb5: Request only supported encryption types in get_tgt()
tests/krb5: Remove client_as_etypes parameter
tests/krb5: Move get_target() to base class
tests/krb5: Refactor claims tests to use get_target()
tests/krb5: Fix typo
tests/krb5: Fix typo
tests/krb5: Refactor setup_groups() to admit multiple preexisting principals and primary groups
tests/krb5: Remove unused constant
tests/krb5: Move some utility functions from group_tests to base class
tests/krb5: Support nested SID structures in map_sids()
tests/krb5: Move ticket_with_sids() to base class
tests/krb5: Avoid duplicate group members
tests/krb5: Refactor out map_to_sid()
tests/krb5: Add map_to_dn()
tests/krb5: Generate more readable string representation
tests/krb5: Split out setup_claims()
tests/krb5: Permit modifying claim attributes mid-test
tests/krb5: Add tests adding a user to a group prior to a TGS-REQ
tests/krb5: Fix typo
source3/wscript: Fix configure-time checks
tests: Fix old-style function definitions
s4-dsdb: Make array static
nsswitch: Fix CID 1518966 Resource leaks (RESOURCE_LEAK)
s4:dnsserver: Check all records, not just one
lib:ldb: Fix typo
lib:pyldb: Throw error on invalid controls
selftest: Fix invalid escape sequences
s3:modules: Fix invalid escape sequences
wscript: Fix invalid escape sequences
samba_version.py: Avoid resource leak
selftest: Don't use invalid escape sequences
python/samba: Avoid resource leak
s4:samba_spnupdate: Avoid resource leak
s4:samba_dnsupdate: Avoid resource leaks
selftest: Fix typo
s4:samba_spnupdate: Fix typo
gp: Avoid shadowing import
gp: Don't use invalid escape sequences
samba-tool: Don't use invalid escape sequences
auth/credentials: Fix off-by-one buffer write
python/samba/common: Fix typos
python/schema: Fix conversion to UTF-8 string
auth/credentials: Fix typos
lib:cmdline: Fix typo
pytest/samba_tool_drs: Convert bytes to UTF-8 string
pytest/samba_tool_drs: Remove unused variables
pytest/samba_tool_drs_no_dns: Remove unused variables
pytest/samba_tool_drs_critical: Remove unused variables
pytest/ridalloc_exop: Remove unused variables
pytest/replica_sync: Remove unused variable
pytest/repl_rodc: Remove unused variable
pytest/repl_move: Remove unused variables
pytest/getnc_exop: Remove unused variable
pytest/delete_object: Remove unused variables
torture/backupkey: Fix flapping test
torture/backupkey: Fix possibly wrong typo'd array index
s3:rpc_server/netlogon: Fix typo
tests/krb5: Remove unused import
tests/krb5: Unconditionally check compressed claims
tests/krb5: Allow comparing UnorderedLists only with one another
tests/krb5: Add type to expect a value is one of a set of possible types
tests/krb5: Move some claims tests around
tests/krb5: Fix typo
tests/krb5: Split out device info checking into new method
tests/krb5: Make arguments to get_target() keyword arguments
tests/krb5: Allow creating accounts supporting claims or compound identity separately
tests/krb5: Document and tidy up existing claims tests
tests/krb5: Test more descriptive security descriptor
tests/krb5: Allow group_setup to be None in setup_groups()
tests/krb5: Require domain_sid to be non-None when passing a RID to map_to_sid()
tests/krb5: Test we get correct values for integer syntax claims
tests/krb5: Add test for compressed claim
tests/krb5: Allow adding members to a group and changing its type in a single operation
tests/krb5: Don't specify extra enctypes for the krbtgt
tests/krb5: Allow creating a target server account with or without compound ID support
tests/krb5: Overhaul check_device_info()
tests/krb5: Add tests for device info
tests/krb5: Add tests for device claims
tests/krb5: Remove old device info and device claims tests
ldb: Make ldb_msg_remove_attr O(n)
s4-dsdb:tests: Fix AD DC performance tests
s4-dsdb:tests: Correctly handle LdbError
python:ndr: Use f-string to format exception message
tests/krb5: Generate full ticket signatures with trailing RODC id
tests/krb5: Cache drsuapi connection
tests/krb5: Only add AES enctype bits at domain functional level 2008 and above
tests/krb5: Add simple resource-based constrained delegation test
tests/krb5: Fix additional_details account creation caching
tests/krb5: Move issued_by_rodc() to base class
tests/krb5: Add signed_by_rodc()
tests/krb5: Let ticket_with_sids() create RODC-issued tickets
tests/krb5: Add remove_client_claims_tgt_from_rodc()
tests/krb5: Add tests for constrained delegation with RODC-issued tickets
tests/krb5: Add tests for RODC-issued armor tickets
tests/krb5: Test that RODC-issued claims are regenerated
tests/krb5: Test that RODC-issued device groups are regenerated
tests/krb5: Test that claims are generated even if PAC-OPTIONS are not set
tests/krb5: Check that test parameters are not going unseen
tests/krb5: Add functions to fetch the schemaIDGUID of an attribute or class
tests/krb5: Test that denied attributes are still issued in claims
selftest: Don't use invalid escape sequences
selftest: Clean up socket when finished
wafsamba: Remove unused configure check
winbindd: Show warning message on tc connection errors too
dsdb periodic: DNS: Add missing newlines to debug messages
auth: Clear EXTRA_SIDS flag if no Extra SIDs are present
s4:kdc: Replace 'is_untrusted' with 'is_trusted'
s4:kdc: Comment parameter names
s4:kdc: Make some parameters const
s4:kdc: Fix typo
s4:kdc: Don't pass a NULL pointer into krb5_pac_add_buffer()
s4:kdc: Avoid copying data if not needed
s4:kdc: Refactor PAC handling
s4:kdc: Add client claims blob if it is present
libcli/security: Reorder SDDL access flags table to match Windows
ldb: Don't create error string if there is no error
s4/dsdb/repl_meta_data: Pass NULL into ldb_msg_add_empty
libcli/security: Correctly handle ACL deletion
s4:kdc: Don't pass a NULL pointer to krb5_pac_add_buffer()
s4:kdc: Have samba_kdc_update_pac() take device parameters
s4:kdc: Don't check PAC-OPTIONS claims-supported bit
s4:kdc: Don't modify cached user_info_dc SIDs
s4:kdc: Fix leak
s4:kdc: Rename claims_blob to client_claims_blob
s4:kdc: Split samba_kdc_get_pac_blobs() into smaller functions
s4:kdc: Fix typo
third_party/heimdal: Import lorikeet-heimdal-202303200103 (commit 2ee541b5e963f7cffb1ec4acd1a8cc45426a9f28)
third_party/heimdal_build: Remove MD2
s4:kdc: Split verifying a PAC out of updating it
ldb: Split out ldb_val_as_dn() helper function
ldb: Add ldb_val -> bool,uint64,int64 parsing functions
s4:dsdb/schema: Add dsdb_attribute_by_cn_ldb_val()
s4:kdc: Add utility functions for AD claims
libcli/security: Add dom_sid_has_account_domain() to confirm a S-1-5-21 prefix
tests/krb5: Don't expect client claims to be missing
s4:torture: Assert that SID parsing succeeds
s4:torture: Make use of torture_assert_sid_equal()
s4-dsdb: Account for Claims Valid SID in tokenGroups
selftest: Account for have_fast_support in determining whether FAST is supported
s4:kdc: Add support for AD client claims
s4:kdc: Add support for AD device claims
librpc/ndr: Fix NULL pointer dereference
tests/krb5: Check only for the canonical representation of a security descriptor
tests/krb5: Add methods to get authentication policy DNs
tests/krb5: Add method to create an authentication silo
tests/krb5: Add method to create authentication silo claim
tests/krb5: Add tests for constructed (authentication silo) claims
s4:kdc: Allocate claim value on values context
CVE-2023-0614 libcli/security: Make some parameters const
CVE-2023-0614 s4:dsdb: Use talloc_get_type_abort() more consistently
CVE-2023-0614 s4-acl: Make some parameters const
CVE-2023-0614 ldb: Add functions for handling inaccessible message elements
CVE-2023-0614 s4-acl: Use ldb functions for handling inaccessible message elements
CVE-2023-0614 ldb:tests: Ensure ldb_val data is zero-terminated
CVE-2023-0614 ldb:tests: Ensure all tests are accounted for
CVE-2023-0614 ldb: Add function to take ownership of an ldb message
CVE-2023-0614 ldb: Add function to remove excess capacity from an ldb message
CVE-2023-0614 ldb: Add function to add distinguishedName to message
CVE-2023-0614 ldb: Add function to filter message in place
CVE-2023-0614 ldb: Make ldb_filter_attrs_in_place() work in place
CVE-2023-0614 ldb: Make use of ldb_filter_attrs_in_place()
CVE-2023-0614 s4:dsdb/extended_dn_in: Don't modify a search tree we don't own
CVE-2023-0614 s4:dsdb:tests: Fix <GUID={}> search in confidential attributes test
CVE-2023-0614 schema_samba4.ldif: Allocate previously added OID
CVE-2023-0614 tests/krb5: Add test for confidential attributes timing differences
CVE-2023-0614 ldb: Add ldb_parse_tree_get_attr()
CVE-2023-0614 s4-acl: Split out logic to remove access checking attributes
CVE-2023-0614 s4-dsdb: Add samdb_result_dom_sid_buf()
CVE-2023-0614 s4-acl: Split out function to set up access checking variables
CVE-2023-0614 ldb: Prevent disclosure of confidential attributes
CVE-2023-0614 s4-acl: Avoid calling dsdb_module_am_system() if we can help it
CVE-2023-0614 ldb: Use binary search to check whether attribute is secret
CVE-2023-0614 ldb: Centralise checking for inaccessible matches
CVE-2023-0614 ldb: Filter on search base before redacting message
CVE-2023-0614 s4-dsdb: Treat confidential attributes as unindexed
ldb: Use correct member of union
s4-dsdb: Remove DSDB_ACL_CHECKS_DIRSYNC_FLAG
CVE-2023-0225 s4-acl: Don't return early if dNSHostName element has no values
tests/krb5: Remove unused variable
tests/krb5: Fix comment indentation
s4-dsdb:large_ldap: Fix typos in variable names
s4-dsdb:large_ldap: Correctly increment count variable
s4-dsdb:large_ldap: Fix disabled test
s4-dsdb:large_ldap: Assert that we got all the entries
s4-dsdb:large_ldap: Note that we don't check that an error was raised
pytest/acl: Remove unused remnants of source4/dsdb/tests/python/acl.py
samba-tool domain: Initialise variables before attempting to use them
s4:kdc: Remove unused parameter
s4:kdc: Allocate memory on a temporary context
s4:kdc: Fix typos in comments
s4:kdc: Fix typos
talloc: Put comment back in appropriate place
talloc: Remove unneeded va_copy()
ldb: Remove old misleading comments
ldb: Remove misleading comment
ldb: Don't wrongly claim to return message elements
ldb: Fix function documentation to be consistent
ldb: Avoid undefined pointer arithmetic
s4/dsdb/util: Make some arrays static
s4-dsdb: Remove is_attr_in_list()
s4-dsdb: Check correct ldb opaque variable
s4/dsdb/cracknames: Remove unneeded attribute
s4-acl: Make parameter const
posix_acls: Don't skip ACEs in merge_default_aces()
s4-drs: Don't skip over elements in uref_del_dest()
pysmbd: Fix typo in error message
librpc/ndr: Add missing newlines to error messages
ctdb:tool: Remove unnecessary strlen()
pyldb: Handle allocation failure
libndr: Handle allocation failure
smbd/notify: Handle allocation failure
s3:net_usershare: Handle allocation failure
s4-dsdb: Handle allocation failure
s3:net_usershare: Correctly escape newline in error message
testprogs: Fix comparison
testprogs: Make testit_expect_failure() return 0 on success
nsswitch:tests: Remove unused functions
testprogs: Make test_smbclient_expect_failure() return 0 on success
testprogs: Return correct status code
testprogs: Make test_rpcclient_expect_failure_grep() return 0 on success
testprogs: Have testfail() return 0 on success
s3:script: Always return a non-zero status code on failure
testprogs: Return correct status code
s3:tests: Correct condition
s3:selftest: Enable winbindd for maptoguest environment
s4:torture: Fix typo
selftest: Fix typo
s4:rpc_server: Handle LDB_ERR_NO_SUCH_ATTRIBUTE when deleting group
s4:rpc_server: Ensure EnumDomainUsers() doesn't return a NULL array
s4:torture: Correctly zero structure
s4:torture: Don't try to close the connection after running disconnect tests
lib/torture: Don't overwrite test outcomes
selftest: Only run clusteredmember tests if ctdb is built
selftest: Fix samba3.clustered.smb2.deny.deny2 test
selftest: Catch error codes from failing testsuites
s3:utils: Use floating-point arithmetic when result is assigned to a double
s3:utils: Use ‘int’ for popt parameters
s3:utils: Move error-handling code into more suitable spot (CID 1524680)
auth/credentials: Allow resetting bind DN on Credentials object
tests/krb5: Split out functions for testing logons and password changes
tests/krb5: Remove test for OemChangePasswordUser2()
tests/krb5: Pass client credentials down into kdc_exchange_dict
tests/krb5: Handle NT hashes being disabled
tests/krb5: Generify protected users test methods
tests/krb5: Add method to create an authentication policy
tests/krb5: Allow creating an account with an assigned policy or silo
tests/krb5: Remove unneeded assertions
s4:dsdb: Fix leak
tests/krb5: Remove unused import
tests/krb5: Always heed the add_dollar parameter
libds: Add Managed Service Accounts well-known GUID
pydsdb: Add Managed Service Accounts GUID constant
tests/krb5: Allow creating managed service accounts
tests/krb5: Test that the salt for a managed service account is computed correctly
tests/krb5: Remove unused parameter
tests/krb5: Fix parameter default
tests/krb5: Allow setting a servicePrincipalName on a user account
lib/http: Remove unused structure
python/samba: Fix invalid escape sequence
param: Fix resource leak
lib:util: Fix undefined bitshift
tests/krb5: Refactor _test_samlogon()
auth/credentials: Fix NULL dereference
docs-xml: Fix typos
s4:kdc: Use correct target principal name in log message
tests/krb5: Delete non-resuable accounts as soon as possible
tests/krb5: Create account cache key only if needed
s4:kdc: Fix typo
s4/scripting/bin: Fix resource leak
s4/scripting/bin: Remove unused imports
tests/krb5: Rename ‘auth_silo’ to ‘authn_silo’
tests/krb5: Rename ‘objectclass’ to use correct case
tests/krb5: Allow specifying an encoded security descriptor
tests/krb5: Make use of check_tgs_reply()
tests/krb5: Make _tgs_req() more configurable
s4:kdc: Remove unused parameter
s3:lib: Fix typos
auth/credentials: Add set_nt_hash()
tests/krb5: Have set_forced_key() also set the NT hash
tests/krb5: Add remove_attribute() helper function
tests/krb5: Don’t delete silo until all tests have finished
tests/krb5: Improve _test_samr_change_password() method
lib:addns: Don’t call memcpy() with a NULL pointer
s4:kdc: Don’t call memcpy() with a NULL pointer
build:wafsamba: Fix TypeError in read_submodule_status()
samba-tool domain provision: Use "ad dc functional level" to control max functional level
s4:dsdb:tests: Refactor ACL test
s4:dsdb:tests: Refactor confidential attributes test
s4:dsdb:tests: Refactor security descriptor test
samba-tool domain: Use result of setup_local_server() instead of object field
samba-tool domain: Remove unnecessary variable
pytest/password_lockout: Remove unused imports
pytest/password_lockout: Use more specific assertion methods
pytest/password_lockout: Use correct variable
pytest/password_lockout: Remove unused variables
s4-dsdb:large_ldap: Remove unused imports
s4-dsdb:large_ldap: Remove unused variables
auth: Return status code if configuration prohibits NTLM
python:tests: Remove unused variables
python: Safely clear structure members
samba-tool domain: Run in interactive mode if no args are supplied
netlogon:schannel: Fix typo
s4-auth: Log correct function name
s4:auth: Check ldb_binary_encode_string() return value
s4:dsdb: Check ldb_binary_encode_string() return value
s4:dsdb: Fix leaks
s4:dsdb: Check return value of allocation functions
s4:torture: Replace calls to deprecated function
samba-tool domain: Remove unused variables
samba-tool domain: Clean up code
tests/krb5: Remove unused import
tests/krb5: Improve edata checking
tests/krb5: Test that NT_STATUS_ACCOUNT_LOCKED_OUT is returned in KDC reply e-data
netlogon:schannel: Fix NULL pointer dereference
tests/krb5: Rename ‘server’ to ‘dc_server’
tests/krb5: Allow specifying machine credentials to _test_samlogon()
tests/krb5: Allow server and workstation accounts to perform a SamLogon
tests/krb5: Allow specifying whether PA-DATA types are to be checked
tests/krb5: Add tests for authentication policies
s4:kdc: Make use of KDC_REQUEST_KV_PA_NAME constant
s4:kdc: Include missing headers
libcli: Add missing include
s4:kdc: Add missing includes and declarations
s4:kdc: Factor out PAC blob functions into new source file
s4:kdc: Fix typos
s4:kdc: Fix debugging strings
s3:utils: Fix typo
auth: Remove unnecessary return statements
s4:auth: Split out new function to generate a security token
s4:auth: Fix typos
s4:kdc: Make use of auth_generate_security_token()
s4:kdc: Fix leaks
s4:kdc: Remove double-free
s4:kdc: Remove double-free
s4:kdc: Check ldb_dn_new() return value
s4:kdc: Fix error messages
s4:kdc: Fix diagnostic messages
auth: Correct parameter order in header
auth: Fix leaks
s4:auth: Fix leak
s4:auth: Remove superfluous semicolon
lib:audit_logging: Add function to add flags to a JSON message
lib:audit_logging: Add function to add an optional boolean value to a JSON message
lib:audit_logging: Add function to add a formatted time value to a JSON message
lib:audit_logging: Fix typo in log message
s4:kdc: Add NTSTATUS strings to log messages
s4:auth: Add function to make a shallow copy of an auth_user_info_dc structure
s4:kdc: Make a proper shallow copy of the auth_user_info_dc structure
s4:kdc: Add helper functions for authentication policies
third_party/heimdal: Import lorikeet-heimdal-202305160500 (commit 8836d64dee78a74aa740e31b7ad406b8a8cfdad0)
s4:kdc: Add SDB_F_ARMOR_PRINCIPAL flag
s4:kdc: Make maximum lifetime and renew time signed
s4:kdc: Look up authentication policies for Kerberos clients and servers
s4:kdc: Enforce TGT lifetime authentication policy
s4:kdc: Have get_claims_for_principal() take the entire principal
s4:kdc: Don’t perform unnecessary search to get account objectClass
s4:kdc: Make use of dsdb_search_one()
s4:kdc: Add support for constructed claims (for authentication silos)
s4:kdc: Use talloc_get_type_abort()
tests/krb5: Be less particular about expected status codes for S4U tests
tests/krb5: Be less particular about getting NTSTATUS codes for KDC TGS tests
tests/krb5: Set expected_status even if expect_status is not true
s4:kdc: Use more suitable type for final_ret
s4:kdc: Add function to attach an NTSTATUS code to a Kerberos request structure
third_party/heimdal: Import lorikeet-heimdal-202305170245 (commit 9c903d03c31ec96af79e2723e3ae41890dd83122)
s4:kdc: Add NTSTATUS e-data to KDC reply
s4:kdc: Remove manual addition of error data
tests/krb5: Move modify_requester_sid_time() to RawKerberosTest
tests/krb5: Use consistent time between get_KerberosTime() calls
tests/krb5: Change ‘sid’ parameter into optional ‘requester_sid’ parameter
tests/krb5: Rename modify_requester_sid_time() to modify_lifetime()
tests/krb5: Add tests presenting short-lived ticket in various scenarios
third_party/heimdal: Import lorikeet-heimdal-202305172147 (commit dedb12e3db6e3e5b87869e77f1f1d2ee1f0d32a0)
s4:kdc: Check lifetime of correct ticket
s4:kdc: Note correct constant
pyglue: Fix typo
pyglue: Check generate_random_str() return value
pyglue: Raise an exception on error
s4/messaging/py: Remove incorrect function names in messaging.Messaging()
s4/messaging/py: Document lp_ctx parameter of messaging.Messaging()
s4/messaging/py: Add more helpful error message for a wrongly-sized tuple
s4/messaging/py: Fix typo
s4/messaging: Return the number of previously-registered functions that are removed
s4/messaging/py: Fix leaks
s4/messaging/py: Fix leak
s4/messaging/py: Fix callback return value leak
s4/messaging/py: Check py_return_ndr_struct() return value
s4/messaging/py: Fix leak of p_server_id
s4/messaging/py: Fix leaks
s4/messaging/py: Fix typo
selftest: Report better error message if environment is unknown
s4:kdc: Allocate user_info_dc->sids on correct talloc context
s4:auth: Allocate user_info_dc->sids on correct talloc context
s4:kdc: Make functions static
s4:kdc: Make parameters const
s4:kdc: Use talloc_steal() rather than talloc_reference()
lib:audit_logging: Check return value of json_new_object()
lib:audit_logging:tests: Check return value of json_new_{object,array}()
s3:utils: Check return value of json_new_object()
audit_tests: Check return value of json_new_array()
s4:kdc: Move parameter comments adjacent to parameters
tests/audit_log: Pre-compile GUID regex
tests/auth_log_winbind: Expect an empty remote address
tests/auth_log: Don’t silently override remoteAddress
tests/auth_log: Call setUpClass() method of base class
tests/auth_log: Rename ‘self’ parameter to ‘cls’
tests/auth_log: Simplify isRemote()
pyldb: Fix leak
pytest: dcerpc/dnsserver: Remove unused import
pytest: dcerpc/dnsserver: Call setUpClass() method of base class
s4-dsdb:large_ldap: Call setUpClass() method of base class
tests/krb5: Move TestCaseInTempDir to more appropriate place in class hierarchy
tests/krb5: Don’t cache accounts with an assigned policy or silo
tests/auth_log: Pre-compile GUID regex
tests/audit_log: Correctly check for GUID
tests/auth_log: Correctly check for GUID
tests/auth_log: Rename ‘self’ parameter to ‘cls’
tests/auth_log: Rename ‘self’ parameter to ‘cls’
tests/audit_log: Remove unneeded len() call
tests/auth_log: Remove unneeded len() call
tests/auth_log: Correctly get lp_ctx
tests/audit_log: Make discardMessages() more reliable
tests/auth_log: Expect no messages when changing a non-existent user’s password
tests/auth_log: Make discardMessages() more reliable
tests/auth_log: Call discardMessages() on class
tests/audit_log: Remove unnecessary checks
tests/auth_log: Remove unnecessary check
tests/audit_log: Add missing call to tearDown()
tests/auth_log: Add missing call to tearDownClass()
tests/auth_log: Remove debugging code
librpc/idl: Fix indentation
samba-tool domain: Handle new NBT_SERVER_* flags
net_ads: Handle new NBT_SERVER_* flags
s4:torture: Handle new NBT_SERVER_* flags
s4:torture: Consistently use NBT_SERVER_* flags
s4:rpc_server/samr: Log correct authentication description for samr_ChangePasswordUser2()
python:tests: Fix f-strings
python:tests: Exclude Python test directories
python:tests: Remove unused imports
python:tests: Initialize global variable
python:tests: Make script executable
python:tests: Ensure that we don’t overwrite tests
libcli: Don’t call memcpy() with a NULL pointer
tests/auth_log: Factor out isRemote()
selftest: Assert trust realm is not None
pyldb: Raise an exception if ldb_dn_get_parent() fails
pyldb: Check for allocation failure in py_ldb_dn_get_parent()
samba-tool: Fix typo
samba-tool ou: Remove unused import
samba-tool ou: Remove unused variables
param: Remove reference to unrecognized parameter ‘directory name cache size’
selftest: Fix typo
selftest: Remove duplicate knownfails
s4/scripting/bin: Add NT_STATUS_OK to list of definitions
tests/auth_log: Make samba.tests.auth_log test executable
tests/auth_log: Properly expect authentication failures
s4:kdc: Don’t log authentication failures as successes
s4:kdc: Consolidate assignments to r->error_code and final_ret
librpc/idl: Add authentication policy event IDs
tests/krb5: Keep track of the type of each created account
tests/krb5: Cache created authentication policies
tests/krb5: Test authentication logging of TGT lifetimes
tests/krb5: Add a couple of authentication policy tests
tests/krb5: Fix overlong lines
tests/krb5: Keep track of account SIDs
tests/krb5: Make use of KerberosCredentials.get_sid()
s4:kdc: Fix typo
tests/krb5: Remove unneeded ‘dn’ parameter
tests/krb5: Test S4U2Self followed by constrained delegation with authentication policies
tests/krb5: Test authentication with policy restrictions and a wrong password
tests/auth_log: Add method to fetch the next relevant message from the messaging bus
tests/auth_log: Refactor waitForMessages() to use nextMessage()
auth: Move authn_policy code into auth subsystem
s4:kdc: Rename authn_kerberos_client_policy::tgt_lifetime to tgt_lifetime_raw
s4:kdc: Rename ‘lifetime’ to indicate that it is measured in seconds
s4:kdc: Add structure containing authentication policy auditing information
s4:kdc: Add helper functions to create optional int64 values
s4:kdc: Add functions to create structures of auditing information for authentication policies
s4:kdc: Add getter functions for authn_audit_info
s4:kdc: Add function to perform an authentication policy access check with a device
s4:kdc: Move NTLM device restrictions to ‘authn_policy_util’
s4:kdc: Generate auditing infomation for NTLM device restrictions
s4:kdc: Add function to perform an access check to a service
lib:audit_logging: Add function to create JSON object containing auditing information
auth: Add new ‘KDC Authorization’ log type
tests/auth_log: Add support for new ‘KDC Authorization’ log type
tests/auth_log: Ensure tests continue to pass when new log types are added
s4:kdc: Log TGS-REQs in the Heimdal KDC
s4:auth: Enforce device restrictions for NTLM authentication
s4:auth: Enforce machine authentication policy for NTLM authentication
s4:auth: Remove unneeded ‘sam_ctx’ parameter
tests/krb5: Test that FX-COOKIE matches cookie returned by Windows
third_party/heimdal: Import lorikeet-heimdal-202306112240 (commit c7f4ffe1a6e8dafc86ec3357c498d31c97ece386)
s4:kdc: Replace FAST cookie with dummy string
s4:kdc: Gate claims, auth policies and NTLM restrctions behind 2012/2016 FLs
tests/krb5: Improve authentication policy creation
tests/krb5: Test more authentication logging of TGT lifetimes
tests/krb5: Test authentication policy audit logging
netcmd: domain: Fix typo
python:tests: Fix typos
lib:audit_logging: Add function to return the JSON null object
auth: Add functionality to log client and server policy information
s4:auth: Set ‘authoritative’ even if there is an error
s4:auth: Add audit info parameters to check_password_recv()
s4:auth: Log authentication policies for NTLM authentication
s4:kdc: Add functionality to log client and server authentication policies
s4:kdc: Add helper function to determine whether authentication to a server is allowed
s4:kdc: Add helper function to determine whether a device is allowed to authenticate
s4:kdc: Make krb5_principal parameters const
s4:kdc: Add singular out path to samba_kdc_update_pac_blob()
s4:kdc: Have samba_kdc_update_pac_blob() return krb5_error_code
s4:kdc: Log errors in samba_kdc_update_pac_blob()
s4:kdc: Remove unused PAC_SIGNATURE_DATA parameters
s4:kdc: Have samba_kdc_update_pac_blob() do less
s4:kdc: Move adding compounded authentication SID out of samba_kdc_obtain_user_info_dc()
s4:kdc: Use samba_kdc_obtain_user_info_dc() for !client_pac_is_trusted case
s4:kdc: Unify common code paths
s4:kdc: Flip sense of condition
s4:kdc: Return NTSTATUS and auditing information from samba_kdc_update_pac() to be logged
s4:kdc: Create a temporary talloc context on which to allocate
s4:kdc: Use talloc_get_type_abort()
netcmd: domain: Fix typo
tests/auth_log_pass_change: Fix flapping test
tests/krb5: Add test for authenticating with disabled account and wrong password
third_party/heimdal: Import lorikeet-heimdal-202306192129 (commit 0096f9c1dc105d8ac9f7dd96d653b05228f7d280)
s4:kdc: Update Samba KDC plugin to match new Heimdal version
s4:kdc: Ensure that we don’t log PREAUTH_REQUIRED errors
s4:kdc: Handle new KDC_AUTH_EVENT_CLIENT_FOUND audit event
s4:kdc: Remove unused ‘server’ parameter in pac_verify()
tests/krb5: Don’t unnecessarily specify ‘id’
tests/krb5: Fix RBCD comments
tests/krb5: Test that client policies are not enforced with S4U
s4:kdc: Add comment stating that policies aren’t looked up for S4U clients
s4:kdc: Check authentication policy device restrictions
s4:kdc: Check authentication policy server restrictions
s4:kdc: Enforce authentication policy service restrictions when getting a PAC
s4:kdc: Remove unnecessary NULL check
s4:kdc: Make [client,device]_claims_blob const pointers
s4:kdc: Add comment to clarify that we fetch the client claims
s4:kdc: Don’t overwrite error code
third_party/heimdal: Import lorikeet-heimdal-202306200407 (commit fc2894beeaa71897753975154a5f7fd80b923325)
s4:kdc: Initialize pointers with NULL
s4:kdc: Remove useless sdb → hdb error code translation
tests/krb5: Be less strict regarding acceptable delegation error codes
tests/krb5: Adjust authentication policy RBCD tests to expect appropriate failure statuses
s4:kdc: Implement Heimdal hook for resource-based constrained delegation
s4:kdc: Include default groups in security token
librpc:ndr: Fix overflow in ndr_push_expand
librpc/nbt: Avoid reading invalid member of union
tests/krb5: Remove unused variables
s4:kdc: Fix wrong debug message
tests/krb5: Add PKINIT error codes
tests/krb5: Add PKINIT typed data errors
tests/krb5: Add PKINIT pre-authentication types
tests/krb5: Add PK-INIT ASN1 definitions and include licence
tests/krb5: Refactor encryption type selection
tests/krb5: Add helper methods for PK-INIT testing
tests/krb5: Allow KerberosCredentials to have associated RSA private key
tests/krb5: Add PK-INIT testing framework
tests/krb5: Check PAC_TYPE_CREDENTIAL_INFO PAC buffer
tests/krb5: Remove unused methods
tests/krb5: Add tests for PK-INIT Freshness Extension (RFC 8070)
tests/krb5: Add ASN.1 definitions for Windows 2000 PK-INIT
tests/krb5: Test Windows 2000 variant of PK-INIT
third_party/heimdal: Import lorikeet-heimdal-202307040259 (commit 33d117b8a9c11714ef709e63a005d87e34b9bfde)
third_party/heimdal_build: Make Heimdal version strings const
s4:kdc: Add auth_data_reqd flag to SDBFlags
tests/krb5: Factor out a method to create a certificate
tests/krb5: Factor out a method to fetch the CA certificate and private key
tests/krb5: Have the caller of create_certificate() fetch the CA certificate and private key
tests/krb5: Allow passing a pre-created certificate into _pkinit_req()
tests/krb5: Add a test for PK-INIT with a revoked certificate
third_party/heimdal: Import lorikeet-heimdal-202307050413 (commit e0597fe1d01b109e64d9c2a5bcada664ac199498)
Li Yuxuan (2):
audit_logging:tests: Add big_int test for `json_add_int`
audit_logging: Use `json_int_t` instead of `int` for `json_add_int` value type
Martin Schwenke (20):
ctdb-scripts: Reformat script with "shfmt -w -p -i 0 -fn"
ctdb-scripts: Do not replace commas with spaces in "smb ports" list
ctdb-scripts: Avoid using testparm to process its own output
ctdb-tools: Avoid ShellCheck warning SC2317
ctdb-scripts: Avoid ShellCheck warnings SC2317, SC2086
ctdb-tests: Avoid ShellCheck warning SC2086
ctdb-tests: Drop unused test code for tunables
ctdb-tests: Reformat with "shfmt -w -p -i 0 -fn"
ctdb-tests: Drop unreachable code
ctdb-tests: Avoid ShellCheck warnings SC2046, SC2005
ctdb-tests: Avoid ShellCheck warning SC2059
ctdb-tests: Avoid ShellCheck warnings
ctdb-tests: Run ShellCheck on event-script unit test support scripts
ctdb-logging: Really make NOTICE the default debug level
ctdb-tools: Fix a typo in a log message
ctdb-tools: Switch tickle ACK sending message to INFO level
ctdb-server: Avoid logging a count of 0 resent calls
docs-xml: Fix rid idmap backend documentation
docs-xml: Tweak autorid idmap backend documentation
docs-xml: Fix script idmap backend documentation
Nathaniel W. Turner (1):
dsgetdcname: do not assume local system uses IPv4
Noel Power (3):
s3/utils: value for ace_flags value "FA" is incorrect
s3/utils: when encoding ace string use "FA", "FR", "FW", "FX" string rights
s3/utils: avoid erronous NO MEMORY detection
Pavel Filipenský (32):
auth/credentials: Fix trailing whitespaces
auth/credentials: Fix unitialized data
Add gitleaks configuration file to avoid false positives
s3:winbind: Fix wrong string zero termination for empty groups
testprogs: Set PREFIX_ABS before it is used in test_primary_group.sh
s3:script: Add samba-log-parser
docs-xml:manpages: Add man page for samba-log-parser
WHATSNEW.txt: Improved winbind logging and samba-log-parser
s3:winbind: Fix trailing whitespace in winbindd_msrpc.c
s3:winbind: Fix trailing whitespace in winbindd_reconnect.c
s3:winbind: Fix trailing whitespace in winbindd_cache.c
s3:winbind: Add lookup_aliasmem to winbindd_methods and implement it in all backends
s3:winbind: Add wbint_LookupAliasMembers to winbind interface
s3:winbind: Add wb_alias_members_{send/recv}
s3:winbind: Convert wb_group_members_send() to resolve array of groups
lib:dbwrap: Fix trailing whitespace in lib/dbwrap/dbwrap.h
lib:dbwrap: Add dbwrap_merge_dbs()
s3:winbind: s/wb_group_members_send/wb_alias_members_send/ for SID_NAME_ALIAS in wb_getgrsid_sid2gid_done()
s3:winbind: Remove SID_NAME_ALIAS code from rpc_lookup_groupmem()
s3:winbind: Include local groups in _wbint_QueryGroupList
s3:winbind: Fix the default group for the 'Guest' user
s4:torture: Skip test_membership_user for users that get incorrectly assigned group sid
selftest: set 'winbind expand groups = 10' for ad_member_idmap_rid
tests: Fix idmap.rid.getgrnam for ad_member_idmap_rid with 'winbind expand groups = 10'
s3:selftest: Add environ parameter to plansmbtorture4testsuite
s3:selftest: Pass environ to local.nss
s4:torture: Limit run of test_membership_user() only to ad_member_idmap_rid
testprogs: Add test_alias_membership
third_party: Update nss_wrapper to version 1.1.15
s3:tests: Add rpcclient 'dfsgetinfo' test
s3:rpc_server: Initialize consumedcnt to 0 in _dfs_GetInfo()
s3:rpc_server: Fix double blackslash issue in dfs path
Ralph Boehme (41):
mdssvc: fix kMDScopeArray parsing
s3: smbd: Add utility function smb1_strip_dfs_path().
smbd: use smb1_strip_dfs_path() in reply_ntcreate_and_X()
smbd: use smb1_strip_dfs_path() in call_nt_transact_create()
smbd: use smb1_strip_dfs_path() in reply_ntrename()
smbd: use smb1_strip_dfs_path() in reply_ntrename()
smbd: use smb1_strip_dfs_path() in reply_checkpath()
smbd: use smb1_strip_dfs_path() in reply_getatr
smbd: use smb1_strip_dfs_path() in reply_setatr()
smbd: use smb1_strip_dfs_path() in reply_open()
smbd: use smb1_strip_dfs_path() in reply_open_and_X()
smbd: use smb1_strip_dfs_path() in reply_mknew()
smbd: use smb1_strip_dfs_path() in reply_ctemp()
smbd: use smb1_strip_dfs_path() in reply_unlink()
smbd: use smb1_strip_dfs_path() in reply_mkdir()
smbd: use smb1_strip_dfs_path() in reply_rmdir()
smbd: use smb1_strip_dfs_path() in reply_mv()
smbd: use smb1_strip_dfs_path() in reply_mv()
smbd: use smb1_strip_dfs_path() in call_trans2open()
smbd: use smb1_strip_dfs_path() in call_trans2qpathinfo()
smbd: use smb1_strip_dfs_path() in smb_set_file_unix_hlink()
smbd: use smb1_strip_dfs_path() in call_trans2setpathinfo()
smbd: use smb1_strip_dfs_path() in call_trans2mkdir()
smbd: use smb1_strip_dfs_path() in reply_search()
smbd: use smb1_strip_dfs_path() in call_trans2findfirst()
smbd: RIP DFS pathname processing in filename_convert_dirfsp_nosymlink()
smbd: squash check_path_syntax() variants
CI: add a test creating a vetoed file
smbd: Prevent creation of vetoed files
rpcd_mdssvc: initialize POSIX locking
CI: add a test that checks the dosmode of symlinks
smbd: zero intialize SMB_STRUCT_STAT in vfswrap_readdir()
smbd: also reset struct stat_ex.cached_dos_attributes in SET_STAT_INVALID()
CI: add a test for fruit AppleDouble conversion when deletion triggers conversion
vfs_fruit: return ENOENT instead of EISDIR when trying to open AFP_Resource for a directory
vfs_fruit: never return AFP_Resource stream for directories
libadouble: allow FILE_SHARE_DELETE in ad_convert_xattr()
vfs_fruit: just log failing AppleDouble conversion
vfs_fruit: add fruit:convert_adouble parameter
smbd: call exit_server_cleanly() to avoid panicking
smbd: don't leak the fsp if close_file_smb() fails
Remi Collet (2):
libsmb: fix regression on smbc_getxattr and fix doc
libsmb: Fix test for smbc_getxattr
Rob van der Linde (84):
Python: remove pydoctor
selftest: Fix some typos in selftest tests.py
selftest: pep8: too many blank lines
selftest: remove unused import
selftest: specify env rather than picking it up from loop
selftest: make two samba-tool drs tests generic
selftest: fix flapping samba-tool drs showrepl test
selftest: fix invalid loop variables uid and gid
selftest: fix scope and attrs not passed to search
selftest: fix typo in test comment
selftest: fix mutable default arguments
buildtools: fix mutable default arguments
selftest: source4: fix mutable default arguments
selftest: source3: fix mutable default arguments
python: fix mutable default arguments
netcmd: domain: turn domain.py into a module
netcmd: domain: fix unused imports
netcmd: domain: move domain_backup.py to domain/backup.py
netcmd: domain: move classicupgrade command to domain/classicupgrade.py
netcmd: domain: move dcpromo command to domain/dcpromo.py
netcmd: domain: move demote command to domain/demote.py
netcmd: domain: move functional_prep command to domain/functional_prep.py
netcmd: domain: move info command to domain/info.py
netcmd: domain: move join command to domain/join.py
netcmd: domain: move keytab command to domain/keytab.py
netcmd: domain: move leave command to domain/leave.py
netcmd: domain: move level command to domain/level.py
netcmd: domain: move paswordsettings command to domain/passwordsettings.py
netcmd: domain: move provision command to domain/provision.py
netcmd: domain: move samba3upgrade command to domain/samba3upgrade.py
netcmd: domain: move schemaupgrade command to domain/schemaupgrade.py
netcmd: domain: move tombstones command to domain/tombstones.py
netcmd: domain: move trust command to domain/trust.py
netcmd: simplify boolean check
sd_utils: fix typo in get_sd_as_sddl docstring
netcmd: add claim sub-commands to samba-tool domain
netcmd: tests for claims client tool
docs: update manpage for samba-tool
CVE-2023-0922 set default ldap client sasl wrapping to seal
dsdb: fix spelling in password_hash.c
dsdb/tests: Add test for modification of unicodePwd over a cleartext/signed connection
dsdb: modify unicodePwd requires encrypted connection
dsdb/tests: fix assignment to for loop variable
s4/scripting: fix a few invalid docstring args
s4/scripting: fix a few trailing semicolons in gen_{hresult,ntstatus,werror}.py
s4/dsdb: fix unnecessary backslash
s4/scripting: fix % len(res) was in the wrong place
netcmd: add optparse validators and Range validator
netcmd: add custom json encoder for object type fields
netcmd: add domain models and basic model layer
netcmd: domain: add authentication silo commands
netcmd: domain: tests for auth silo command line tools
netcmd: domain: rename claim tests for consistency
netcmd: domain: claim: show err if assertIsNone fails
netcmd: domain: fix attributes created by test setUp method
netcmd: domain: fix claims constant name was wrong should be claim type CN
netcmd: domain: claim commands use the model layer
netcmd: domain: claims: use consistent naming for options
netcmd: PEP257 fix incorrect docstring quotes
netcmd: move ldb_connect method to base class
netcmd: fix import sort/grouping as per python standard
netcmd: move method print_json to command base class
netcmd: move get_policy method from base class to the model
netcmd: domain: add test for silo if policy is a dn
netcmd: auth silos: remove base class
netcmd: domain: add models for ClassSchema and AttributeSchema
netcmd: domain: claims: make use of AttributeSchema and ClassSchema models
netcmd: domain: claims: move claim value type lookup by attribute to model
netcmd: domain: claims: base class is no longer required
netcmd: domain: remove parse_guid and parse_text as they are no longer used
netcmd: domain: silo member add and remove does not write whole list
netcmd: domain: model field tests
netcmd: domain: silo member command tests
netcmd: domain: man page updates for auth silo and policy cli
netcmd: domain: model stores ldb message for save
netcmd: domain: add model exceptions and error handling
netcmd: domain: add error handling to domain auth commands
netcmd: domain: add error handling to domain claims commands
netcmd: add Subnet and Site models
netcmd: add list and view commands for sites and subnets
netcmd: sites: make use of ldb_connect from base class
netcmd: sites: tests for list and view sites and subnet
netcmd: sites: add missing subnet commands to samba-tool manpage
netcmd: sites: add sites and subnet list and view commands to manpage
SATOH Fumiyasu (5):
build:wafsamba: Allow lib for CHECK_VALUEOF()
build:waf: Check value of GNU_TLS_* with detected env
selftest: Report "unknown environment" if setup returns "UNKNOWN"
tests: Replace iconv(1) UTF-16LE conversion with a python3 call
third_party: Fix version of socket_wrapper and uid_wrapper
Samuel Cabrero (1):
selftests: Make sure print queue is empty before printing_var_exp test ends
Stefan Metzmacher (149):
smbd: rename 'op' into 'global' in smbXsrv_open_cleanup_fn()
winbindd: don't call set_domain_online_request() in the idmap child
idmap_autorid: fix ID_REQUIRE_TYPE for more than one SID for an unknown domain
idmap_hash: provide ID_TYPE_BOTH mappings also for unixids_to_sids
idmap_hash: fix comments about the algorithm
idmap_hash: remove unused error checks
idmap_hash: we don't need to call idmap_hash_initialize() over an over again
idmap_hash: mirror the NT_STATUS_NONE_MAPPED/STATUS_SOME_UNMAPPED logic from idmap_autorid
idmap_hash: split out a idmap_hash_id_to_sid() helper function
idmap_hash: split out a idmap_hash_sid_to_id() helper function
idmap_hash: return ID_REQUIRE_TYPE only if there's a chance to get a mapping later
idmap_hash: only return ID_REQUIRE_TYPE if we don't know about the domain yet
idmap_hash: don't return ID_REQUIRE_TYPE if the domain is known in the netsamlogon cache
idmap_hash: remember new domain sids in idmap_hash_sid_to_id()
libcli/security: introduce struct sddl_transition_state
libcli/security: simplify rid-based SDDL sid strings
libcli/security: simplify sddl_encode_sid()
libcli/security: prepare sddl machine/forest_sid handling
lib/ldb-samba: let ldif_read_ntSecurityDescriptor() only try sddl if isupper()
replace: add ARRAY_INSERT_ELEMENT() helper
libcli/security: prepare security_descriptor_acl_add() to place the ace at a position
libcli/security: add security_descriptor_[s|d]acl_insert() helpers
py_security: allow idx argument to descriptor.[s|d]acl_add()
python/samba/ndr: add ndr_deepcopy() helper
python:sd_utils: introduce update_aces_in_dacl() helper
python:sd_utils: add dacl_{prepend,append,delete}_aces() helpers
samba-tool: rewrite dsacl.py to use the new sd_utils helpers
s4:dsdb/tests: let OwnerGroupDescriptorTests.test_141() set the required ACE explicitly
s4:dsdb/tests: let OwnerGroupDescriptorTests() remove temporary ACEs on cleanup
s4:dsdb/tests: let AclUndeleteTests.test_undelete() remove the temporary ACE again
s4:dsdb/tests: convert sec_descriptor.py to use assert[Not]In()
s4:dsdb/tests: allow sec_descriptor.py to run against Windows 2022
s4:dsdb/tests: add more detailed tests to sec_descriptor.py
libcli/security: rewrite calculate_inherited_from_parent()
blackbox/dbcheck: also run currently unused dbcheck_reset_well_known_acls
s4:dsdb/tests: use changetype: modify in order to delete a single attribute
python/tests: use changetype: modify in order to delete a single attribute
schema_upgrade: add support for ntdsschemamodrdn and ntdsschemadelete
functional_prep: fix error handling in order to stop on the first error
forest_update: ignore ldb.ERR_ATTRIBUTE_OR_VALUE_EXISTS in operation_ldif()
forest_update: only update SDDL for schema objects
forest_update: we don't need any controls to update sddl attributes
forest_update: make use of self.sd_utils.update_aces_in_dacl()
forest_update: be more verbose about updates
domain_update: be more verbose about updates
domain_update: make use of '"CN"' in sddl instead of using an explicit SID
domain_update: remove useless searches to '(objectClass=samDomain)'
domain_update: make use of self.sd_utils.update_aces_in_dacl()
lib/ldb: let ldb_ldif_parse_modrdn() handle names without 'rdn_name=' prefix
lib/ldb: re-order code in ldb_ldif_to_pyobject()
python/samba: let modify_ldif() verify the changetype value
lib/ldb: add LDB_CHANGETYPE_DELETE support to ldb_ldif_to_pyobject()
python/samba: add support for LDB_CHANGETYPE_DELETE to modify_ldif()
lib/ldb: add LDB_CHANGETYPE_MODRDN support to ldb_ldif_to_pyobject()
python/samba: add support for LDB_CHANGETYPE_MODRDN to modify_ldif()
python/samba: adapt ms_forest_updates_markdown.py to the latest Forest-Wide-Updates.md
python/samba: adapt ms_schema[_markdown].py to the latest schema definitions
setup/ad-schema: add the latest v1803 and v1903 schema files from Microsoft
setup/adprep: import the latest {Domain-Wide,Forest-Wide,Read-Only-Domain-Controller,Schema}-Updates.md
forest_update: behave more like a Windows 2022 server
domain_update: implement updates 82-89 in order to reach the latest w2016 level
python/samba: let get_domain_descriptor() include adprep 2016 ACEs
samba-tool: allow 'domain level raise' to support level 2016
samba-tool: let 'domain functionalprep' to use functional level 2016 by default
samba-tool: let 'domain schemaupgrade' to use the 2019 schema by default
samba-tool: let 'domain provision' to use the 2019 schema by default
python:provision: run adprep as part of provision
python:join: run domain adprep as part of join_provision_own_domain()
s4:dsdb/tests: let linked_attributes.py use a container as testbase
s4:dsdb/tests: let a test to demonstrate the behavior of invisible backlinks
s4:dsdb/schema: remember if a backlink attribute is not allowed on class 'top'
s3:dsdb/repl_meta_data: fix possible memleak on error in replmd_modify_la_add()
s4:dsdb/repl_meta_data: check replmd_add_backlink() result in replmd_modify_la_add()
s4:dsdb/util: split out dsdb_module_obj_by_guid() from dsdb_module_dn_by_guid()
s4:dsdb/repl_meta_data: let replmd_process_backlink() use dsdb_module_obj_by_guid()
s4:dsdb/repl_meta_data: let replmd_process_backlink() use the source_dn variable
s4:dsdb/common: rename DSDB_RMD_FLAG_INVISIBLE to DSDB_RMD_FLAG_HIDDEN_BL
s4:dsdb/repl_meta_data: let replmd_process_backlink() set DSDB_RMD_FLAG_HIDDEN_BL is needed
s4:dsdb/objectclass_attrs: allow all backlinks even if not allowed by the schema
s4:dsdb/extended_dn_out: make use of the existing have_reveal_control variable
s4:dsdb/extended_dn_out: use dsdb_dn_val_rmd_flags() instead of dsdb_dn_is_deleted_val()
s4:dsdb/extended_dn_out: hide backlinks with DSDB_RMD_FLAG_HIDDEN_BL by default
testprogs/blackbox: add test_net_ads_search_server.sh
net_ads: fill ads->auth.realm from c->creds
smbXsrv_tcon: avoid storing temporary (invalid!) records.
vfs_fruit: avoid using 'conn->tcon->compat', we can just use 'conn'!
selftest:Samba3: use the correct NSS_WRAPPER_HOSTNAME
s3:locking: fix debug level for NT_STATUS_NOT_FOUND messanges in get_static_share_mode_data
python:descriptor: add missing schema 2019 aces in builtin and dns partition
librpc/rpc: allow smb3_sid_parse() to accept modern encryption algorithms
smb2_server: optimize SMB2_OP_KEEPALIVE (SMB2 Echo)
smbprofile: add smbprofile_active() helper
s3:smbd: only do profiling overhead in smbd_tevent_trace_callback() when needed
smb2_server: use MSG_DONTWAIT to get non-blocking send/recvmsg
lib/util: use RUNNING_ON_VALGRIND to check if valgrind is used
lib/replace: check for valgrind/callgrind.h
smb2_negprot: add CALLGRIND_START_INSTRUMENTATION after SMB2 negprot
s4:torture/smb2: move benchmarking tests to bench.c
s4:torture/smb2: add --option="torture:looplimit=150000" to smb2.bench.echo
s4:torture/smb2: add smb2.bench.read test
third_party/heimdal: Import lorikeet-heimdal-202306091507 (commit 7d8afc9d7e3d309ddccc2aea6405a8ca6280f6de)
selftest: run tests with LANGUAGE=en_US
bootstrap: force use of LANGUAGE=en_US
bootstrap: make sure we have gnutls-cli from gnutls-bin/gnutls-utils
docs-xml/smbdotconf: also allow 2012[_R2] for 'ad dc functional level'
samba-tool: check for invalid 'domain level' subcommands first
samba-tool: let 'domain level raise --domain-level' use the correct crossRef dn
samba-tool: move some parts of 'domain level [show|raise]' in to try/except
samba-tool: move some parts of 'domain level [show|raise]' in to subfunctions
samba-tool: let 'domain level raise' call check_and_update_fl() in a transaction
testprogs/blackbox: also prepare for to 2016 (schema=2019) in functionalprep.sh
testprogs/blackbox: also raise the levels to 2012_R2/2016 in functionalprep.sh
tests/krb5/s4u_tests.py: add test_constrained_delegation_with_enc_auth_data_[no_]subkey()
tests/krb5/s4u_tests.py: add test_constrained_delegation_authtime
vfs_aio_pthread: don't crash without a pthreadpool
samba-tool/ntacl: let changedomsid ignore symlinks
samba-tool/ntacl: don't announce -q,--quiet in --help as it's not used at all
samba-tool/ntacl: add set --verbose and print out the file/directory name
samba-tool/ntacl: implement set --recursive
testprogs/blackbox: pass $CONFIGURATION to test_samba-tool_ntacl.sh
testprogs/blackbox: move 'ntacl get' out of test_changedomsid() in test_samba-tool_ntacl.sh
testprogs/blackbox: add --recursive tests to test_samba-tool_ntacl.sh
s4:kdc: handle passwords from the history in hdb_samba4_auth_status()
s4:dsdb/tests: Test Kerberos login with old password fails (but badPwdCount=0)
s4:dsdb/tests: also verify too old, older password interaction with badPwdCount
s4:kdc: translate sdb_entry->old[er]_keys into hdb_add_history_key()
s4:kdc: adjust formatting of samba_kdc_update_pac() documentation
s4:kdc: pass krbtgt skdc_entries to samba_kdc_update_pac()
s4:kdc: clear client and device claims from trusts
s4:kdc: don't log an error if msDS-AllowedToActOnBehalfOfOtherIdentity is missing
.gitlab-ci:bootstrap: remove ubuntu1804*, add debian12, upgrade opensuse 15.5
wb_dsgetdcname: don't use stack variables for async code
s3:libads: re-initialize num_requests to 0 for cldap_ping_list retries
s3:winbindd: call reset_cm_connection_on_error() in wb_cache_query_user_list()
s3:winbindd: make use of reset_cm_connection_on_error() for winbindd_lookup_{names,sids}()
s3:winbindd: let winbind_samlogon_retry_loop() always start with authoritative = 1
s3:winbindd: make use of reset_cm_connection_on_error() in winbind_samlogon_retry_loop()
s3:winbindd: let winbind_samlogon_retry_loop() fallback to NT_STATUS_NO_LOGON_SERVERS
netlogon.idl: add support for netr_LogonGetCapabilities response level 2
s4:torture/rpc: let rpc.schannel also check netr_LogonGetCapabilities with different levels
s4:rpc_server:netlogon: generate FAULT_INVALID_TAG for invalid netr_LogonGetCapabilities levels
s3:rpc_server:netlogon: generate FAULT_INVALID_TAG for invalid netr_LogonGetCapabilities levels
netlogon.idl: add some comments to netr_OsVersionInfoEx
ldapcmp: also ignore operatingSystem similar to operatingSystemVersion
upgradeprovision: handle operatingSystem similar to operatingSystemVersion
s4:dsdb: let dsdb_check_and_update_fl() also operatingSystem[Version]
s4:pydsdb: add dc_operatingSystemVersion() helper
s4:provision: use better values for operatingSystem[Version]
talloc: release 2.4.1
Volker Lendecke (204):
smbd: Use generate_nonce_buffer() in smbXsrv_open_global_allocate()
smbd: Move smbXsrv_open_global_verify_record() down in smbXsrv_open.c
smbd: Simplify smbXsrv_open_global_store()
smbd: Make smbXsrv_open_global_allocate() store the record
smbd: Use dbwrap_do_locked() in smbXsrv_open_global_allocate()
smbd: Use dbwrap_do_locked() in smbXsrv_open_update()
smbd: Use dbwrap_do_locked() in smbXsrv_open_close()
smbd: Use dbwrap_do_locked() in smbXsrv_open_cleanup()
smbd: let smbXsrv_open_cleanup() delete broken records
smbd: Use dbwrap_do_locked() in smb2srv_open_recreate()
smbd: Remove smbXsrv_open_global0->db_rec
smbd: Use ISDOT() in dptr_create()
lib: Simplify ms_has_wild() with strpbrk()
lib: Fix a typo
smbd: Simplify struct dptr_struct
smbd: Simplify SeekDir() with an early return
smbd: Remove dptr_struct->spid
smbd: Remove dptr_struct->expect_close
vfs: Fix whitespace in vfs_aixacl_util.c
tests: Move libsmb-basic to fileserver_smb1 environment
tests: Show that the case sensitive large dir optimization is broken
smbd: Fix case normalization in for directories
librpc: Make rpc_pipe_open_np() public and async
librpc: Remove unused sync rpc_transport_np_init()
torture3: test rpc scalability
rpcd: Increase listening queue
rpcd: Do blocking connects to local pipes
rpcd: With npa->need_idle_server we can have more than 256 servers
Fix a typo
libsmb: Avoid a duplicate memset(.., 0, ..);
vfs: Replace a "== false" with a "!"
smbd: Fix a typo
smbd: Remove a variable only ever set to NULL
lib: Fix whitespace
lib: librpc/gen_ndr/security.h needs DATA_BLOB
libcli/security: Avoid includes.h
libcli/util: Avoid an includes.h
lib: Remove a talloc_stackframe()
lib: Fix a typo
lib: Move the dump_data_pw() prototype to the other dump_data_* ones
lib: Add dump_data_addbuf()
smbd: DBG_DEBUG raw create contexts received from the client
smbd: Directly initialize a "fsp1"
rpcd: Use size_t for walking an array
build: Fix a long line
libcli: Shrink .data segment by 43264 bytes
libcli: Shrink .data segment by 43264 bytes
librpc: Simplify dcerpc_default_transport_endpoint()
libsmb: Convert cli_posix_stat_send/recv() to modern conventions
winbind: Factor out idmap_config_name()
winbind: Add idmap_config_string_list()
idmap: Initialize struct idmap_ad_context
idmap_ad: Add "deny ous" and "allow ous" options
tests: Slightly simplify test_idmap_ad.sh
test: Add a test for "deny ous"
pyldb: Fix a copy&paste error, CID 1524512 DEADCODE
torture3: Add tdb-validate test
lib: Fix tdb_validate() for incorrect tdb entries
smbd: Indicate posix pathnames if SMB311 POSX cc requested
streams_depot: Create files when requested
tests: Show that streams_depot and shadow_copy2 don't play together
shadow_copy2: Fix stream open for streams_depot paths
libsmb: Introduce type-safe struct cli_smb2_create_flags
libsmb: Make cli_qpathinfo2_done() parse the results
libsmb: Make cli_smb2_qpathinfo2() asynchronous
libsmb: Slightly simplify smbc_init()
libsmb: Avoid an explicit ZERO_STRUCTP with calloc
libsmb: Simplify SMBC_add_cached_server()
libsmb: Make setting errno safer in SMBC_add_cached_server()
smbd: Fix a DBG statement
libsmb: Adapt cli_echo_send() to modern conventions
smbd: Save 488 bytes RSS
libsmb: Return [MS-SMB2] 2.2.14 SMB2 CREATE Response flags field
pylibsmb: Return "flags" in create_returns
ldb: Add the RFC4532 LDB_EXTENDED_WHOAMI_OID definition
ldb: Allow extended operations through ildap
ldb: Implement ldap_whoami in pyldb
ldap_server: Implement the rfc4532 whoami exop
tests: Test ldap whoami exop
winbind: Test wbinfo -u with more than 1000 users
winbind: Fix "wbinfo -u" on a Samba AD DC with >1000 users
libcli: Add security_token_count_flag_sids()
smbd: Use security_token_count_flag_sids() in open_np_file()
librpc: Simplify dcerpc_is_transport_encrypted()
rpc: Add global_sid_Samba_NPA_Flags SID
rpc_server3: Use global_sid_Samba_NPA_Flags to pass "need_idle"
rpc: Remove named_pipe_auth_req_info6->need_idle_server
lib: Add security_token_del_npa_flags() helper function
rpc_server3: Pass winbind_env_set() state through to rpcd_*
tests: Make timelimit available to test scripts
tests: Show that we 100% loop in cli_list_old_recv()
libsmb: Fix directory listing against old servers
smbd: Remove unused smb2_srv_send()
smbd: Remove SMB_PERFCOUNT_ macros
modules: Remove perfcount_test module
smbd: Remove unused "pcd" arg from smb1_srv_send()
smbd: Remove unused "deferred_pcd" from process_smb2()
smbd: Remove unused "deferred_pcd" from construct_reply_chain()
smbd: Remove unused "pcd" from struct smb_request
smbd: Remove unused "deferred_pcd" from construct_reply()
smbd: Remove unused "deferred_pcd" from process_smb1()
smbd: Remove unused "deferred_pcd" from process_smb()
smbd: Remove unused "pcd" from struct pending_message_list
smbd: Remove smb1-only perfcount subsystem
smbclient: Fix fd leak with "showacls;ls"
smbd: Fix a typo
smbd: Make SeekDir()/TellDir() static to dir.c
smbd: Simplify make_dir_struct()
smbd: Add dptr_FileNumber()
smbd: Add dptr_RewindDir()
smbd: Do an early talloc_free() in fsp_attach_smb_fname()
smbd: Do an early talloc_free() in reply_search()
smbd: Make reply_search() easier to understand
smbd: Remove unused dptr_fill() and dptr_fetch_fsp()
lib: Fix whitespace
vfs: Fix a typo
vfs: Modernize a few DEBUG statements
vfs: Remove two "== true"
smbd: Use ISDOT() in exact_match()
testparm: Fix a typo
conf: Fix wrong language in "dos charset" smb.conf.5 entry
smbd: Modernize a few overlog DEBUG statements
smbd: Remove unused "pst" parameter from dptr_SearchDir()
smbd: Remove unused "poffset" parameter from dptr_SearchDir()
smbd: Remove unused "poffset" parameter from SearchDir()
smbd: Introduce "dir_hnd" helper variable in smbd_dirptr_get_entry()
smbd: Apply some README.Coding to call_trans2findfirst/next()
smbd: Use dptr_RewindDir() instead of dptr_SeekDir(.., 0)
smbd: Eliminiate some dead code
smbd: Slightly simplify smbd_dirptr_lanman2_entry()'s overflow logic
smbd: Make get_dir_entry() static in SMB1-only code
smbd: Avoid a few else branches in smb2_query_directory_next_entry()
smbd: Simplify dptr_ReadDirName()
smbd: Add smbd_dirptr_push_overflow()
smbd: Avoid dptr_SeekDir() when overflowing the dir buffer
smbd: Remove unused dptr_SeekDir()
smbd: Remove unused _prev_offset arg from smbd_dirptr_get_entry()
smbd: Add dptr_struct->last_name_sent
smbd: Make dptr_ReadDirName() public
smbd: Do the "skip to resume name" in call_trans2findnext()
smbd: Remove unused dptr_SearchDir() and the dir cache
smbd: Remove the offset argument from ReadDirName()
vfs: Remove vfs telldir/seekdir functions
libcli: Simplify dom_sid_dup()
libcli: Simplify security_token_is_sid()
smbd: Fix a typo
docs: Remove seekdir/telldir reference
smbd: Modernize a DEBUG statement in smbd_dirptr_get_entry()
smbd: Remove references to get_Protocol()
lib: Simplify two if-expressions
winbind: Fix a typo
lib: Add a few required #includes
WHATSNEW: Mention removed "directory name cache size" parameter
profiling: Factor out functions to read smbprofile.tdb
rpc_server: Fix talloc hierarchy in _srvsvc_NetSrvGetInfo()
libsmb: Add SMB1 posix cli_mknod
pylibsmb: Add mknod()
pylibsmb: Add smb1_stat()
libsmb: Test smb1 mknod
smbd: Remove "a heuristic to avoid seeking the dirptr"
smbd: Remove a smb1-only optimization findfirst/findnext
smbd: smbd_dirptr_lanman2_match_fn(): Remove "exact_match" handling
smbd: Don't set security_descriptor_hash_v4->time
smbd: Make sure smb_fname->st is valid in smbd_dirptr_get_entry
smbd: Don't use "sbuf" in smbd_dirptr_get_entry()
smbd: Remove unused "pst" argument from dptr_ReadDirName()
smbd: Remove unused "sbuf" argument from ReadDirName()
smbd: Remove unused "sbuf" argument from vfs_readdirname()
vfs: Remove "sbuf" from readdir_fn()
error_inject: map EROFS
error_inject: Enable returning EROFS for O_CREAT
tests: Show smbd returns wrong error code when creating on r/o fs
smbd: Don't mask open error if fstatat() fails
smbd: Slightly simplify smbd_dirptr_get_entry()
smbd: Move dos_mode_from_name() up in dosmode.c
smbd: Simplify dos_mode_msdfs()
smbd: Apply some README.Coding to dos_mode_from_sbuf()
smbd: Add read_symlink_reparse()
smbd: Factor out full_path_extend()
smbd: Lift up conn->cwd from openat_pathref_dirfsp_nosymlink()
smbd: Fully fill in fsp in openat_pathref_fsp_nosymlink_internal()
test: skip the open-eintr test
smbd: Extend openat_pathref_dirfsp_nosymlink()
smbd: Pass stat_ex and files_struct to dos_mode_from_sbuf()
smbd: Pass "char*" to dos_mode_from_name()
smbd: Pass name and stat_ex to dos_mode_msdfs()
smbd: Modernize two DEBUG statements
smbd: Introduce dir_fname helper var in smbd_dirptr_get_entry()
smbd: Factor out full_path_from_dirfsp_at_basename()
smbd: Rewrite smbd_dirptr_get_entry()
smbd: Remove "atname" from smbd_dirptr_get_entry()'s mode_fn
smbd: Factor out create_open_symlink_err()
smbd: Merge openat_pathref_fsp_nosymlink() into _internal()
utils3: Remove the "split_tokens" utility
smbclient3: Use talloc_asprintf(), no explicit SAFE_FREE required
smbd: Avoid a direct reference to smb_messages[]
smbd: Save 76 bytes of .text
tests: Enable a few tests for FreeBSD
torture4: Fix an error message
error_inject: Reduce indentation with an early return
smbd: Fix a typo
lib: Translate ENXIO to NT_STATUS_ILLEGAL_FUNCTION
lib: Move IO_REPARSE_TAG_NFS subtypes to toplevel
build: We don't need SEEKDIR_RETURNS_VOID
baixiangcpp (1):
lib:util: File descriptor being closed repeatedly.
Łukasz Stelmach (2):
Configure builtin heimdal to use KEYRING ccache
bootstrap: Add a note about cleaning bootstrap/
-----------------------------------------------------------------------
--
Samba Shared Repository
More information about the samba-cvs
mailing list