[SCM] Samba Shared Repository - annotated tag tevent-0.16.0 created

Stefan Metzmacher metze at samba.org
Mon Oct 16 08:16:38 UTC 2023

The annotated tag, tevent-0.16.0 has been created
        at  af9580411a92603c958fe83245780fb645bb8172 (tag)
   tagging  acd9248b13cba06d5b748f17aa9bc5d62079d9cc (commit)
  replaces  samba-4.19.0rc1
 tagged by  Stefan Metzmacher
        on  Mon Oct 16 10:16:27 2023 +0200

- Log -----------------------------------------------------------------
tevent: tag release tevent-0.16.0


Andreas Schneider (58):
      lib:fuzzing: Fix code spelling
      lib:tevent: Fix code spelling
      s3:utils: Fix code spelling
      s3:spoolss: Remove dead code
      s4:auth: Fix code spelling
      s4:cldap_server: Fix code spelling
      s4:client: Fix code spelling
      s4:dns_server: Fix code spelling
      s4:dsdb:common: Fix code spelling
      s4:dsdb:kcc: Fix code spelling
      s4:dsdb:repl: Fix code spelling
      s4:dsdb:samdb: Fix code spelling
      s4:dsdb:schema: Fix trailing white spaces
      s4:dsdb:schema: Fix code spelling
      s4:dsdb:tests: Fix code spelling
      s4:kdc: Fix code spelling
      bootstrap: Install codespell
      s4:lib: Fix code spelling
      s4:libcli: Remove tailing white spaces
      s4:libcli: Fix code spelling
      s4:libnet: Fix code spelling
      s4:librpc: Fix code spelling
      s4:ntvfs: Fix code spelling
      s4:rpc_server: Fix code spelling
      s4:samba: Fix code spelling
      s4:scripting: Fix code spelling
      s4:selftest: Fix code spelling
      s3:ldap_server: Fix code spelling
      s4:setup: Fix code spelling
      s4:smb_server: Fix code spelling
      s4:torture:auth: Fix code spelling
      s4:torture:dfs: Fix code spelling
      s4:torture:drs: Fix code spelling
      s4:torture:basic: Fix code spelling
      s4:torture:dns: Fix code spelling
      s4:torture:krb5: Fix code spelling
      s4:torture:ldap: Remove trailing white spaces
      s4:torture:ldap: Fix code spelling
      s4:torture:ldb: Fix code spelling
      s4:torture:libnetapi: Fix code spelling
      s4:torture:nbench: Fix code spelling
      s4:torture:nbt: Fix code spelling
      s4:torture:raw: Fix code spelling
      s4:torture:rpc: Fix code spelling
      s4:torture:smb2: Fix code spelling
      s4:torture: Fix code spelling
      s4:wrepl_server: Remove trailing white spaces
      s4:wrepl_server: Fix code spelling
      testprogs: Fix code spelling
      tests: Fix code spelling
      wintest: Fix code spelling
      scripts: Add codespell check
      gitlab-ci: Add running codespell
      waf: Build nmbd with -Wno-error=stringop-overflow
      s3:torture: Remove masktest.c
      s4:samdb: Avoid memory leaks in partition_metadata_get_uint64()
      s3:client: Use lpcfg_set_cmdline()
      s3:param: Remove unused lp_set_cmdline()

Andrew Bartlett (82):
      dsdb: Add new function samdb_system_container_dn()
      dsdb: Use samdb_system_container_dn() in samldb.c
      dsdb: Use samdb_get_system_container_dn() to get Password Settings Container
      s4-rpc_server/lsa: Use samdb_system_container_dn() in dcesrv_lsa_get_policy_state()
      s4-rpc_server/netlogon: Use samdb_system_container_dn() in fill_trusted_domains_array()
      s4-rpc_server/backupkey: Use samdb_system_container_dn() in set_lsa_secret()
      s4-rpc_server/backupkey: Use samdb_system_container_dn() in get_lsa_secret()
      dsdb: Use samdb_system_container_dn() in dsdb_trust_*()
      dsdb: Use samdb_system_container_dn() in pdb_samba_dsdb_*()
      lib/util: Move DEBUG() calls in gendb_search_v to common levels and new DBG_*() pattern
      dsdb: Add dsdb_search_scope_as_string() and use in ldap_backend.c
      dsdb: Add tracing to dsdb_search() similar to gendb_search_v()
      dsdb: Add tracing to dsdb_search_dn() similar to gendb_search_v()
      selftest: Add test for combination of anr and paged_results
      dsdb: Replace talloc_steal() with a shallow copy and reference in dsdb_paged_results
      dsdb: Make a shallow copy of ldb_parse_tree in operational module
      s4-rpc_server/drsuapi: Add tmp_highest_usn tracking to replication log
      s4-rpc_server/drsuapi: Improve debugging of invalid DNs
      s4-rpc_server/drsuapi: Improve debug message for drs_ObjectIdentifier_to_dn_and_nc_root() failure
      s4-dsdb: Improve logging for drs_ObjectIdentifier_to_dn_and_nc_root()
      s4-rpc_server/drsuapi: Remove rudundant check for valid and non-NULL ncRoot_dn
      s4-torture/drs: Save the server dnsname on the DcConnection object
      s4-torture/drs: Create temp OU with a unique name per test
      s4-torture/drs: Use addCleanup() in getchanges.py for OU handling
      s4-torture/drs: Add a test matching Azure AD Connect REPL_OBJ behaviour
      s4-torture/drs: Add test demonstrating that a GetNCChanges REPL_OBJ will not reset the replication cookie
      s4-torture/drs: Add test showing that if present in the set the NC root leads and tmp_highest_usn moves
      s4-rpc_server/drsuapi: Only keep and invalidate replication cycle state for normal replication
      s4-rpc_server/drsuapi: Fix indentation in GetNCChanges()
      s4-rpc_server/drsuapi: Avoid modification to ncRoot input variable in GetNCChanges
      s4-rpc_server/drsuapi: Rename ncRoot -> untrusted_ncRoot to avoid misuse
      s4-rpc_server/drsuapi: Update getnc_state to be != NULL
      s4-rpc_server/drsuapi: Ensure logs show DN for replicated objects, not (null)
      s4-rpc_server/drsupai: Avoid looping with Azure AD Connect by not incrementing temp_highest_usn for the NC root
      WHATSNEW: Remove unusual box around 'REMOVED FEATURES'
      bootstrap: Heimdal no longer requires perl-JSON
      selftest: Allow MIT Krb5 1.21 to still start to fl2000dc
      krb5: Increase the minimum MIT Krb5 version to 1.21
      .gitlab-ci: Do builds under /builds as this is never an overlayfs
      .gitlab-ci.yml: Move coverity build to internal Heimdal
      .gitlab-ci: Allow ext4 jobs to run on shared runners
      build: Remove -Wno-error=missing-field-initializers from Heimdal build
      build: Reduce heimdal_no_error_flags to a more minimal set
      s3-lib/util_nttoken: Reimplement dup_nt_token() with NDR pull/push
      librpc: Add context as to if this token should be used for claims evaluation
      docs-xml: Add new parameter "acl claims evaluation"
      s4-auth: pass lp_ctx to auth_generate_session_info() where possible
      libcli/security: Pass in claims evaluation state when building any security token
      s3-net_rpc: Use security_token_initialise() to create struct security_token
      s3-net_rpc: Make the struct user_token array the parent talloc context
      s3-winbind: Use token as parent for token->sids in check_info3_in_group()
      libcli/security: Move dup_nt_token() to libcli/security
      libcli/security: Rename dup_nt_token() -> security_token_duplicate()
      libgpo: Reimplmeent registry_create_system_token() using get_system_token()
      python: Change the generic merge_nt_token() to being specific to the system_token
      s3-lib: Modify merge_nt_token() into a GPO-specifc merge with SYSTEM
      libcli/security: Hook in ability to disable conditional ACE evaluation
      conditional_aces: Avoid manual parsing for ace_condition_sid
      conditional_aces: Avoid manual parsing for ace_condition_bytes, use DATA_BLOB
      Make blob->data pointer in ace_sid_to_claim_v1_sid() a child of the DATA_BLOB
      libcli/security: Make failure parsing where consumed == -1 clear
      libcli/security: Check for sddl_from_conditional_ace() failure in test_sddl_conditional_ace
      conditional_aces: Avoid manual parsing for ace_condition_int
      libndr: Add support for pulling strings with LIBNDR_FLAG_STR_SIZE4|LIBNDR_FLAG_STR_NOTERM|LIBNDR_FLAG_STR_BYTESIZE
      conditional_aces: Avoid manual parsing for ace_condition_unicode
      add comment that ace_condition_composite is not representative of the wire format
      CVE-2023-4154 dsdb/tests: Do not run SimpleDirsyncTests twice
      CVE-2023-4154 dsdb/tests: Use self.addCleanup() and delete_force()
      CVE-2023-4154 dsdb/tests: Force the test attribute to be not-confidential at the start
      CVE-2023-4154 dsdb/tests: Check that secret attributes are not visible with DirSync ever.
      CVE-2023-4154 dsdb/tests: Speed up DirSync test by only checking positive matches once
      CVE-2023-4154 dsdb/tests: Add test for SEARCH_FLAG_RODC_ATTRIBUTE behaviour
      CVE-2023-4154 dsdb/tests: Extend attribute read DirSync tests
      CVE-2023-4154: Unimplement the original DirSync behaviour without LDAP_DIRSYNC_OBJECT_SECURITY
      CVE-2023-42669 s4-rpc_server: Disable rpcecho server by default
      CVE-2023-42669 s3-rpc_server: Disable rpcecho for consistency with the AD DC
      s4-echo: Remove the "echo" server (port 7, RFC 862) in production builds
      CVE-2023-42670 s3-rpc_server: Strictly refuse to start RPC servers in conflict with AD DC
      CVE-2023-42670 s3-rpc_server: Remove cross-check with "samba" EPM lookup
      s4-kdc: Do not modify the returned user_info_dc from samba_kdc_get_user_info_dc()
      s4:kdc: Change the type of ‘compounded_auth’ to boolean
      third_party/heimdal: import lorikeet-heimdal-202310092248 (commit cd12cddd8058d9fe627b5b203e471b8d761dcfbb)

Arvid Requate (2):
      For Bug #9959: local talloc frame for next commit
      Bug #9959: Don't search for CN=System

David Mulder (19):
      gp: Ensure Firewalld tests don't flop
      gp: Test modifying firewalld policy enforces changes
      gp: Test modifying firefox policy enforces changes
      gp: Test modifying MOTD policy enforces changes
      gp: Test modifying Messages policy enforces changes
      gp: Test modifying Issue policy enforces changes
      gp: Test modifying smb.conf policy enforces changes
      gp: Test modifying script user policy enforces changes
      gp: Test modifying centrify crontab user policy enforces changes
      gp: Ensure Firewalld preforms proper cleanup
      gp: Add a misc applier, to assist some gp exts
      gp: Ensure Firefox policy preforms proper cleanup
      gp: Ensure Messages policy preforms proper cleanup
      gp: Ensure Issue policy preforms proper cleanup
      gp: Ensure MOTD policy preforms proper cleanup
      gp: Ensure smb.conf policy preforms proper cleanup
      gp: Ensure script user policy performs proper cleanup
      gp: Ensure centrify crontab user policy performs proper cleanup
      gp: Cleanup some unused code

Douglas Bagnall (119):
      lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t*
      lib/fuzzing:fuzz_sddl_access_check fix nul-term check
      util/base64: add a note about zero length strings
      libcli:auth:sess_crypt_blob: ensure key has 7 bytes
      fuzz: add fuzzer for sess_crypt_blob
      fuzz: add fuzzer for ldb_comparison_fold
      tldap: avoid infinite loop when filter contains "\)"
      lib/replace: fix strlcat/strlcpy compile for Honggfuzz
      lib/util: strhex_to_data_blob checks talloc
      libcli/security/pysecurity: use NULL to mean NULL in C
      pytests: add helper to grab a directory from environment
      pytest/sddl: replace/export tests based on environment vars
      pytest/sddl: environment option for exporting as fuzz seeds
      pytest/sddl: add option for case-insensitive tests
      pytest/sddl: tests for more invalid or weird cases
      s4/torture: initialise ACE structs to zero
      s4/ntfvfs/pvfs_acl: initialise ACEs to zeroes
      libcli/security: sddl ACL decode avoids early splitting on parenthesis
      librpc/security.idl: adjust size calculations for upcoming ace types
      libcli/security: used sec_ace_object() in sddl encoding
      libcli/security: avoid leak in calculate_inherited_from_parent()
      libcli/security: remove unused tmp_ctx in calculate_inherited_from_parent()
      libcli/security: script to turn token/descriptor pairs into sddl
      libcli/security: add some test more Windows SDDL test strings
      python/colour: add a colour diff helper
      libcli/security: rewrite SDDL tests for running on Windows
      libcli/security: move Windows test script to windows subdir
      libcli/security: test helper script extracts fuzz SDDL
      pytest: compare Samba vs Windows SDDL security descriptors
      libcli/security: rm unused sec_ace_copy()
      selftest:ndrdump: adjust xattr_NTACL test for ACE coda
      pytests:security: don't use invalid domain SID S-2-0-0
      libcli/security: make sddl_encode_sid an external function
      librpc/idl: add conditional ACE structures and constants
      libcli/security: create_descriptor handles unknown ACE types
      librpc:security.idl: add more ACE enum types, with annotations
      libcli:sec:display: print callback ace types
      libcli:sec:display: use macro for more ace types
      librpc:security.idl: add enums for resource attribute aces
      librpc:security.idl: add Resource Attribute claim types
      security.idl: extend security token for claims
      s3:rpc: bump named_pipe_auth_req_info version number
      security.idl: extend security token with device SIDs
      security.idl: use sec_ace_object() in object switch
      libcli/security: helper to find callback/conditional aces
      libcli/security: helper to find resource attribute ACEs
      libcli/security: helper to find ACEs with meaningful codas
      libcli/security: use tabs in sec_ace_object()
      libcli/security: callback object aces are object aces
      librpc:security.idl: ace->coda can be resource attribute
      libcli/sec: reformat long line in wscript_build
      librpc:security.idl: add conditional ace coda
      ndr_sec_helper: ndr_size_security_ace: do less work
      ndr_sec_helper: ace length should be multiple of 4
      libcli/security: whitespace repair in sddl.c
      libcli/security: find SDDL coda for RA and conditional ACEs
      libcli/security: add stub of conditional ACE code.
      libcli:security: outline for sddl_conditional_ace.c
      libcli:security: helpers for converting claim types
      libcli/security: add conditional ACE SDDL functions
      libcli:security: add functions to decode and decode RA ACEs
      libcli:security: add code to interpret conditional ACES
      libcli/security: add conditional ace files to samba-security
      libcli/security: sdd_decode_ace handles callback types
      libcli/security: sdd_decode_ace handles resource attribute types
      libcli/security: sddl_encode_ace encodes conditional ACEs
      libcli/security: sddl_encode_ace encodes resource attribute ACEs
      libcli/security: SDDL: add callback and resource ace type flags
      libcli/security/create_descriptor: calc_inherited handles new types
      lbcli/security: callback object ACES fall back with no GUID
      libcli/security: test SDDL compilation in cmocka
      lib/fuzzing: fuzz SDDL conditional ACEs
      s4/librpc: build conditional ace Python bindings
      pytest: security_descriptors comparison is quieter
      pytest: security_descriptors test for repetitive ACLs
      librpc/ndr:ndr_sec_helper: fix a typo
      libcli/security: use sec_object_ace() in size_security_ace
      pytest: security_descriptors: tests without revision number hack
      pytest: security descriptors: test some conditional and RA ACEs
      pytest:security descriptors: hack to capture results as json
      pytest:security_descriptors: test collected conditional ACEs
      libcli/security: windows-sddl-test: fix typo in --help
      libcli/security: windows-sddl-test: fix read of text examples
      pytest: sddl tests can be only externally defined
      pytest: sddl strings dir can be defined in class
      libcli/security/tests: add some test strings
      pytest: sddl tests with conditional ACEs
      security.idl: drop claim v1 reserved field
      libcli/security/conditional ACEs: compare composites as sets
      libcli/security: cmocka test for running conditional ACEs
      pytest: tools for creating security tokens
      pytest: tests for conditional ACEs with security tokens
      pytest:conditional_ace_claims: ease export of failing tests to C
      libcli/security: conditional ace access checks for AD
      libcli/security: conditional ace access checks for file server
      lib/fuzzing: adapt fuzz_sddl_access_check for claims
      lib/fuzzing: fuzz_conditional_ace_blob
      lib/fuzzing: adjust access-check seed patch
      pytest: assembler for conditional ACEs
      libcli/security: beginning of tests for conditional ACE bytes
      pytest: conditional_ace assembler assembles full descriptor
      librpc/ndr_claims: avoid 'bin/default' in #include
      libcli/security: adjust tests for evaluate_claims flag
      libcli/security: access_check with MAXIMUM_ALLOWED checks callbacks
      libcli/security: sec_access_check_ds uses new callback ACE checks
      libcli/security: se_access_check uses new callback checks
      libcli/security: access_check handles CALLBACK_OBJECT types
      lib/fuzzing: fuzz_sddl_parse: allow non-round-trip with long strings
      libcli/security/sddl_conditional_ace: ban empty expressions in SDDL
      libcl/security: conditional ACE sddl >= ops take literal parens only
      libcli/security: conditional ACE sddl doesn't have string escapes
      util/str: helper to check for utf-8 validity
      fuzzing: fuzz_sddl_parse forgives bad utf-8
      libcli/security: conditional ace sddl: do not write nested composites
      libcli/security: conditional ace sddl: do not read nested composites
      libcli/security: condtional ACE recursive composites are not supported
      libcli/security: conditional ACEs check again for NULL/empty claims
      libcli/security: test_run_condtional_ace: va_end() on errors
      libcli/security: fix talloc context for integer values (CID 1545156)

Gabriel Nagy (9):
      gp: Support more global trust directories
      gp: Support update-ca-trust helper
      gp: Change root cert extension suffix
      gp: Test with binary content for certificate data
      gp: Convert CA certificates to base64
      gp: Test adding new cert templates enforces changes
      gp: Template changes should invalidate cache
      gp: Test disabled enrollment unapplies policy
      gp: Send list of keys instead of dict to remove

Günther Deschner (5):
      s3-iremotewinspool: add PAR->RPRN mapping table
      s3-iremotewinspool: properly map incoming PAR to RPRN requests.
      s4-torture: add testcase to iremotewinspool suite to explore object_uuid handling
      s3-iremotewinspool: check for correct object_uuid in dispatch fn.
      s4-torture: add another test to demonstrate identical functions

Jeremy Allison (25):
      s3: smbd: Deliberately currupt an uninitialized pointer.
      s3: torture: Add SMB1-TRUNCATED-SESSSETUP test.
      s3: smbd: Ensure srvstr_pull_req_talloc() always NULLs out *dest.
      s3: smbd: Uncorrupt the pointer we were using to prove a crash.
      s3: smbd: Ensure all callers to srvstr_pull_req_talloc() pass a zeroed-out dest pointer.
      s3: torture: Add a test doing an SMB1 negotiate+exit.
      s3: smbd: Add missing 'return;'s in exit paths in reply_exit_done().
      s3: smbd: init_smb1_request() isn't being passed zero'ed memory from any codepath.
      s3: torture: Add SMB1-NEGOTIATE-TCON that shows the SMB1 server crashes on the uninitialized req->session.
      s3: smbd: Ensure init_smb1_request() zeros out what the incoming pointer points to.
      s3: libsmb: Add a missing return statement in the timeout case.
      s3: smbd: rename_internals_fsp() has to reopen the parent directory of the target as a pathref to check permissions.
      s3: smbd: Now we've proved dst_dirfsp parameter is always NULL, remove the parameter from rename_internals_fsp().
      s3: smbd: As rename_internals() calls rename_internals_fsp(), show we can pass dst_dirfsp as NULL here too.
      s3: smbd: Now we have shown dst_dirfsp is always NULL, remove the parameter from rename_internals().
      s3: smbd: hardlink_internals() never looks at src_dirfsp or dst_dirfsp.
      s3: smbd: Now we have proved hardlink_internals() doesn't use src_dirfsp and dst_dirfsp, remove the parameters.
      s3: smbd: Add some DEVELOPER-only code to panic if the destructor for an aio_lnk is called and the associated fsp doesn't exist.
      s3: smbd: named pipe reads are async. Use the same logic as for named pipe transacts to avoid crashes on shutdown.
      s3: smbd: named pipe writes are async. Use the same logic as for named pipe transacts to avoid crashes on shutdown.
      s3: torture: Add a new SMB2 test: SMB2-PIPE-READ-ASYNC-DISCONNECT
      s3: smbd: Ensure we remove any pending aio values for named pipes on forced shutdown.
      CVE-2023-3961:s3:smbd: Catch any incoming pipe path that could exit socket_dir.
      CVE-2023-3961:s3:torture: Add test SMB2-INVALID-PIPENAME to show we allow bad pipenames with unix separators through to the UNIX domain socket code.
      CVE-2023-3961:s3: smbd: Remove the SMB_ASSERT() that crashes on bad pipenames.

Jones Syue (2):
      vfs_aio_pthread: fix segfault if samba-tool ntacl get
      mdssvc: Do an early talloc_free() in _mdssvc_open()

Joseph Sutton (701):
      third_party/heimdal: Import lorikeet-heimdal-202308030152 (commit 2a036a6fd80833799316b8a85623cdea3a1135df)
      lib:dbwrap: Remove unneeded space in debug message
      lib/replace: Const-qualify sys_errlist
      auth: Add missing newlines to logging messages
      auth: Fix code spelling
      ctdb: Add missing newlines to logging messages
      lib/util: Add missing newlines to logging messages
      lib/ldb-samba: Add missing newline to logging message
      s4:auth: Add missing newlines to logging messages
      libcli: Add missing newlines to logging messages
      libcli/auth: Fix code spelling
      libcli/security: Remove unnecessary code
      libcli/security: Cast isupper() argument to ‘unsigned char’
      librpc/rpc: Add missing newline to logging message
      librpc/ndr: Remove unneeded casts
      ndr_string: Add overflow check in ndr_pull_charset_to_null()
      ndr_string: Fix typo
      ndr_string: Remove dodgy-looking casts
      ndr/dns-utils: Make error message slightly more readable
      librpc/ndr: Format NDR pull sizes as ‘size_t’
      librpc/py_security: Don’t pass a NULL pointer to PyUnicode_FromString()
      librpc/ndr: Fix code spelling
      pidl: Remove unneeded semicolon
      s3:eventlog: Fix code spelling
      s3:utils: Fix debug message formatting
      nmbd_become_lmb.c: Fix debug message formatting
      s4:dsdb: Add missing newlines to logging messages
      s4:dsdb: Move comment to more appropriate place
      s4:dsdb: Fix code spelling
      s4:kdc: Add missing newlines to logging messages
      s4:kdc: Check that client and server are not NULL (CID 1534695)
      s4:kdc: Fix code spelling
      s4:kdc: Remove unused variable
      s4:kdc: Remove redundant comment
      s4:kdc: Remove casts in debug messages
      s4:kdc: Use portable format specifiers
      s4:kdc: Use newer debugging macros
      s4:kdc: Inline some variables
      s4:kdc: Fix comment
      s4:kdc: Avoid operator precedence issues
      s4:libcli/ldap: Fix code spelling
      s4:libcli/smb_composite: Fix code spelling
      s4:librpc: Fix code spelling
      s4:rpc_server: Add missing newlines to debugging messages
      s4:rpc_server/backupkey: Fix code spelling
      selftest: Fix code spelling
      selftest: Add missing import
      testprogs: Fix code spelling
      samba-tool/ntacl: Remove unused and unnecessary return
      samba-tool/ntacl: Remove unused variable
      samba-tool/ntacl: Remove unused imports
      python: Use correct function signatures
      python:samba:kcc: Fix log message formatting
      python: Fix leak
      python: Check return value of talloc_strndup()
      pyglue: Fix leak
      pyglue: Add missing whitespace in docstrings
      python:tests: Remove references to now-gone files
      tests/krb5: Correct comment
      libgpo:admx: Fix code spelling
      libcli/ldap: Don’t try to encode NULL name
      ldb: Don’t pass NULL pointer into strcasecmp()
      ldb: Account for ‘name’ possibly being NULL
      ldb: Fix leaks
      ldb: Don’t decrement reference count until object is no longer needed
      ldb: Check talloc_strdup() return value
      ldb: Don’t leak ‘msg’
      ldb: Check talloc_zero_array() return value
      ldb: Don’t leak ‘el’
      ldb: Clarify documentation for PyObject_AsMessageElement()
      ldb: Work around inconsistent behaviour in PyObject_AsMessageElement()
      smbXcli: Remove call to utf16_len_n()
      ndr_string: Move string length calculation fallback into default case
      lib:charset: Update NUM_CHARSETS to reflect true value
      nsswitch:libwbclient: Fix memory leak
      auth: Add missing newlines to logging messages
      ctdb: Add missing newline to logging message
      talloc: Fix typo
      lib:mscat: Add missing newlines to logging messages
      lib:socket: Add missing newlines to logging messages
      lib/util: Fix code spelling
      libcli/auth: Add missing newline to logging message
      libcli/security: Call dom_sid_compare_domain() instead of sid_compare_domain()
      s3:modules: Call dom_sid_compare_domain() instead of sid_compare_domain()
      libcli/security: Remove unused function sid_compare_domain()
      libcli/security: Fix integer overflow
      libcli/security: Use portable format specifiers
      libcli/security: Remove unnecessary cast
      librpc:ndr: Fix leaks
      librpc: Fix typo
      s3:auth: Add missing newlines to logging messages
      s3:client: Add missing newlines to logging messages
      s3:lib: Consistently return a string with a trailing newline
      s3:client: Remove unnecessary newline from logging message
      s3:groupdb: Add missing newline to logging message
      s3:lib: Add missing newlines to logging messages
      s3:lib: Use portable format specifiers
      tldap: Use portable integer constant
      s3:libads: Add missing newlines to logging messages
      s3:libnet: Add missing newline to logging message
      s3:librpc: Add missing newline to logging message
      s3:libsmb: Add missing newlines to logging messages
      s3:libsmb: Add missing parenthesis to logging message
      s3:modules: Add missing newlines to logging messages
      s3:modules: Remove redundant newlines in logging messages
      s3:modules: Correct escape sequence
      s3:modules: Fix error message
      s3:nmbd: Add missing newlines to logging messages
      s3:passdb: Add missing newlines to logging messages
      s3:passdb: Fix typo
      s3:printing: Add missing newlines to logging messages
      s3:printing: Add missing spaces to error messages
      s3:printing: Fix code spelling
      s3:registry: Add missing newlines to logging messages
      s3:rpc_client: Add missing newlines to logging messages
      s3:rpc_server: Add missing newlines to logging messages
      s3:rpc_server: Fix incomplete logging messages
      s3:rpc_server: Add missing space to debug message
      s3:rpc_server: Fix typo
      s3:smbd: Add missing newlines to logging messages
      s3:smbd Remove unnecessary newlines from logging messages
      s3:smbd: Fix code spelling
      s3:smbd: Add missing space to warning message
      s3:utils: Add missing newlines to logging messages
      s3:utils: Fix code spelling
      s3:vfs: Add missing space in debug message
      s3:winbindd: Add missing newlines to logging messages
      s3:winbindd: Fix debug messages
      s4:auth: Fix leaks
      s4:auth: Check return value of talloc_reference()
      s4:auth: Correct condition and remove redundant check
      s4:cldap_server: Add missing newline to logging message
      s4:client: Add missing newlines to logging messages
      s4:dns_server: Add missing newline to logging message
      s4:dsdb: Add missing newlines to logging messages
      s4:dsdb: Improve grammar
      s4:dsdb: Remove unnecessary parentheses
      s4:dsdb: Fix leaks
      s4:dsdb: Correct error messages
      s4:dsdb: Check result of talloc functions
      s4:dsdb: Do not dereference a NULL pointer
      s4:dsdb:tests: Use control that was (presumably) intended
      s4:dsdb:tests: Remove unused variables
      s4:ldap_server: Add missing newlines to logging messages
      s4:lib: Add missing newlines to logging messages
      s4:libnet: Add missing newlines to logging messages
      s4:librpc: Add missing newline to logging message
      s4:ntvfs: Add missing newline to logging message
      s4:param: Add missing newlines to logging messages
      s4:policy: Fix leak
      s4:rpc_server: Add missing newlines to logging messages
      s4:rpc_server/backupkey: Fix leaks
      s4:rpc_server: Remove unnecessary parentheses
      s4:rpc_server: Fix typo
      s4:samba: Add missing newline to logging message
      s4:smb_server: Add missing newlines to logging messages
      s4:smb_server: Fix code spelling
      s4:torture: Fix code spelling
      auth: Remove unnecessary casts
      auth: Use portable format specifier
      docs-xml: Fix code spelling
      ldb: Fix code spelling
      ldb:ldb_sqlite3: Access correct member of union
      lib:krb5_wrap: Remove unnecessary cast
      lib/replace: Ensure that __STDC_WANT_LIB_EXT1__ is set to 1
      tsocket: Fix code spelling
      librpc:ndr: Format sizes as ‘size_t’
      s3:lib: Use portable format specifiers
      s3:registry: Fix code spelling
      s4:auth: Fix code spelling
      s4:dsdb: Remove unnecessary casts
      s4:dsdb: Access correct member of union
      s4:kdc: Remove unnecessary casts
      s4:kdc: Correct comments mentioning Heimdal
      s4:rpc_server: Fix code spelling
      s4:torture: Fix code spelling
      s4:kdc: Refer to correct function in error messages
      tests/krb5: Allow cached=True with an assigned silo or policy
      tests/krb5: Rename compatability_tests class
      tests/krb5: Keep claim types for subsequent tests
      tests/krb5: Move some functions round to prepare for splitting the class
      tests/krb5: Split out new AuthnPolicyBaseTests class
      tests/krb5: Allow specifying additional details for a test account
      tests/krb5: Allow specifying KDC options when requesting a TGT
      tests/krb5: Test that neither forwardable nor proxiable tickets are issued to Protected Users
      s4:kdc: Don’t issue forwardable or proxiable tickets to Protected Users
      s4:kdc: Don’t log secret keys
      s4:kdc: Initialize entry->modified_by
      s4:kdc: Check result of samdb_result_dom_sid()
      s4:kdc: Ensure we don’t increase the value of entry->etypes->len
      s4:kdc: Fix leak of sdb_entry
      s4:kdc: Check return value from ldb_dn_get_linearized()
      s4:kdc: Free samba_kdc_seq context on failure to allocate memory
      s4:kdc: Call krb5_free_principal() directly after to-be-freed principal is used
      s4:kdc: Remove unnecessary talloc context
      s4:kdc: Move calls to talloc_steal() out of the ‘out’ paths
      s4:kdc: Fix leaks
      s4:kdc: Fix code spelling
      s4:kdc: Return an error code if sdb_entry_to_hdb_entry() fails
      s4:kdc: Correct error message
      s4:kdc: Use portable format specifier
      s4:kdc: Correctly report length of KDC packet
      s4:kdc: Fail PAC checksum verification if the krbtgt entry has no keys
      s4:kdc: Fix leaks of sdb_entry’s members
      s4:kdc: Consistently zero HDB structures
      s4:kdc: Ensure the value of h->len is accurate
      s4:kdc: Erase key data
      s4:kdc: Use type bool for ‘is_tgs’
      s4:auth: Add missing space to error message
      s4:auth: Fix leaks
      s4:auth: Check return value of talloc_new()
      s4:kdc: Return (possibly) more appropriate error codes
      s4:kdc: Make some functions static
      s4:kdc: Return krb5_error_code
      s4:kdc: Switch to using samdb_result_dom_sid_buf()
      s4:kdc: Don’t enforce a server authentication policy for the krbtgt
      s4:kdc: Inline samba_get_claims_blob()
      s4:kdc: Use common out path in mit_samba_kpasswd_change_password()
      s4:kdc: Free error message returned by krb5_get_error_message()
      s4:dsdb: Use uint32_t for ‘num_sids’
      s4:dsdb: Make ‘sids’ parameter const
      s4:dsdb: Check for overflow in security_token_create()
      s4:kdc: Have encode_claims_set return NTSTATUS
      s4:kdc: Remove ldb_context parameter as being no longer needed
      s4:kdc: Properly allocate claims set on a talloc context
      s4:kdc: Ensure that we don’t dereference a NULL pointer
      s4:kdc: Rename get_claims_for_principal() to get_claims_blob_for_principal()
      s4:kdc: Rename ‘claims_blob’ parameter to ‘claims_blob_out’
      s4:kdc: Add get_claims_set_for_principal()
      tests/krb5: Remove unused import
      tests/krb5: Shorten long lines
      tests/krb5: Add a test decoding INT64 PAC claims issued by Windows
      librpc:ndr: Add ‘int64’ type
      claims.idl: Use ‘int64’ instead of ‘dlong’ for INT64 claims
      tests/krb5: Remove incorrect comments
      lib:krb5_wrap: Fix code spelling
      lib:krb5_wrap: Fix references to incorrect function names
      libcli/auth: Remove unnecessary casts
      librpc:ndr: Use portable integer types
      pidl: Use non-existent function dissect_ndr_int64()
      python:netcmd: Add missing newlines to error messages
      python:netcmd: Remove semicolon
      python:subunit: Fix docstring
      python:subunit: Use ‘is’ to compare variables with singletons
      python:tests: Make getSamDB() a static method
      python:tests: Reuse claims created by setUp() across all tests
      python:tests: Reuse policies and silos created by setUp() across all tests
      python:tests: Fix spelling
      python:tests: Save files with intended contents
      s3:libnet: Remove unnecessary cast
      s3:libnet: Fix reference to incorrect function names
      s3:rpc_server: Remove unnecessary cast
      s4:kdc: Do not panic if authsam_logon_success_accounting() fails
      s4:kdc: Remove support code for older versions of MIT Kerberos
      s4:kdc: Set SAMBA_KDC_FLAG_PROTOCOL_TRANSITION flag for MIT Kerberos
      s4:kdc: Use ‘krb5_error_code’ for return types
      s4:kdc: Use smb_krb5_make_data()
      s4:smb_server: Fix code spelling
      s4:torture: Fix code spelling
      selftest: Remove semicolon
      selftest: Remove unused variable
      selftest: Remove leftover from debugging
      selftest: Fix subunit reporting the time incorrectly
      selftest: Report time at which testsuite starts
      samba-tool: Allow LDB URL to be None
      pyldb: Check whether Python object is a list
      pyldb: Check return values of talloc functions
      pyldb: Check return values of Python functions
      pyldb: Fix leaks
      buildtools: Fix comments and documentation
      buildtools: Use ‘is’ to compare with singletons
      buildtools: Prefer ‘x not in y’ to ‘not x in y’
      buildtools: Properly set global variable
      lib:ldb:tests: Remove explicit comparison with False
      ldb: Remove unused import
      ldb: Heed return code from Python testsuite
      python: Fix spelling
      python: Remove unused imports
      python: Remove redundant backslashes
      python: Fix invalid escape sequences
      python:join: Fix references to undefined variables
      samba-tool: Remove useless return
      python: Fix reference to undefined name ‘samba’
      python:tests: Fix usage line
      python:tests: Complete assertion messages
      python:tests: Rename test method so as not to mask previously-defined method
      pytest/dns_aging: Check value of ‘dtime’
      pytest/dns_aging: Correctly check that record is tombstoned
      pytest/dns_aging: Assert that the name of the node to search for is a string
      gp: Add missing import
      gp: Don’t shadow imports
      gp: Prefer ‘x not in y’ to ‘not x in y’
      gp: Check correct variables
      gp: Use assertEqual() instead of assertEquals()
      gp: Fix resource leaks
      gp: Use read_file() instead of readfp()
      tests/krb5: Remove test of pre-1.20 MIT Kerberos behaviour
      tests/krb5: Move KDC TGT tests to new file
      tests/krb5: Remove local variable
      tests/krb5: Correctly assert that we found a LOGON_INFO PAC buffer
      tests/krb5: Re-raise any LdbError other than ERR_ENTRY_ALREADY_EXISTS
      tests/krb5: Add KerberosCredentials.get_rid()
      tests/krb5: Have modified_ticket() not modify its arguments
      s4:dsdb:tests: Fix spelling
      s4:dsdb:tests: Remove unused imports
      s4:dsdb:tests: Fix usage lines
      selftest: Remove unused imports
      selftest: Remove star imports
      selftest: Don’t use invalid escape sequences
      third_party/heimdal_build: Remove unused imports
      third_party/heimdal_build: Remove semicolons
      third_party/heimdal_build: Use ‘is’ to compare with singletons
      wscript: Remove unused variable
      wscript: Use ‘is’ to compare with singletons
      wscript: Remove unused imports
      wscript: Remove semicolons
      wscript: Refer to correct ConfigSet variable
      libcli/security: make sddl_decode_sid an external function
      Makefile: Fix spelling
      auth: Fix code spelling
      ctdb: Fix code spelling
      docs-xml: Fix spelling
      lib:compression: Fix code spelling
      lib:crypto: Fix code spelling
      lib:krb5_wrap: Fix spelling in documentation
      ldb: Fix code spelling
      lib:printer_driver: Fix code spelling
      tdb: Fix code spelling
      tevent: Fix code spelling
      lib:charset: Fix code spelling
      libcli: Fix code spelling
      libgpo: Fix code spelling
      librpc: Fix code spelling
      pidl: Fix code spelling
      python:tests: Fix code spelling
      selftest: Fix code spelling
      s3:auth: Fix code spelling
      s3:lib: Fix code spelling
      s3:libads: Fix code spelling
      s3:libnet: Fix code spelling
      s3:librpc: Fix code spelling
      s3:nmbd: Fix code spelling
      s3:registry: Fix code spelling
      s3:rpc_client: Fix code spelling
      s3:rpc_server: Fix code spelling
      s3:smbd: Fix code spelling
      s3:utils: Fix code spelling
      s3:winbindd: Fix code spelling
      s4:auth: Fix code spelling
      s4:client: Fix code spelling
      s4:dns_server: Fix code spelling
      s4:dsdb: Fix code spelling
      s4:kdc: Fix code spelling
      s4:libcli: Fix code spelling
      s4:libnet: Fix code spelling
      s4:ntvfs: Fix code spelling
      s4:rpc_server: Fix code spelling
      s4:samba: Fix code spelling
      s4:torture: Fix code spelling
      s4:wrepl_server: Fix code spelling
      lib:mscat: Remove unnecessary casts
      lib:tdr: Remove unnecessary cast
      libgpo: Remove unnecessary cast
      librpc:ndr: Avoid overflow in size calculation
      python:tests: Remove unused imports
      s4:scripting: Remove unused imports
      libcli:security: Prefer explicit initialization to ZERO_STRUCTP()
      s4:kdc: Prefer explicit initialization to ZERO_STRUCT()
      s4:kdc: Remove duplicate function signature
      s4:kdc: Use smb_krb5_data_from_blob()
      s4:kdc: Remove unused flags
      s4:kdc: Check result of dom_sid_parse()
      s4:kdc: Handle invalid enum values
      s4:kdc: Check result of talloc_realloc()
      s4:kdc: Make functions to add special SIDs non‐static
      claims.idl: Allow empty claim value buffers
      claims.idl: Be more lenient in our expectations for the compression of claims
      s4:kdc: Check return value of samdb_result_dom_sid()
      s4:kdc: Remove unused talloc context
      s4:kdc: Check return value of smb_krb5_principal_get_comp_string()
      s4:kdc: Correct error message
      s4:kdc: Initialize pointers to NULL
      s4:kdc: Fix error message
      s4:kdc: Inline samba_get_requester_sid_pac_blob()
      s4:kdc: Allocate contents of PAC blobs on blob talloc contexts
      s4:kdc: Don’t operate directly on caller‐owned pointer
      s4:kdc: Fix leaks
      docs-xml: Add missing paragraph section
      python:tests: Remove unused variables
      python:tests: Fix invalid escape sequence
      s3:rpc_server: Fix inverted error messages
      s4:kdc: Inline samba_get_pac_attrs_blob()
      s4:scripting: Fix comments
      s4:scripting: Prefer ‘x not in y’ to ‘not x in y’
      s4:dsdb: Parenthesize macro expression
      s4:dsdb: Prefer explicit initialization to ZERO_STRUCT()
      s4:auth: Check return values of talloc functions
      s4:auth: Fix leaks
      s4:kdc: Add correct Asserted Identity SID in response to an S4U2Self request
      s4:kdc: Fix leaks
      s4:kdc: Use common exit point for functions
      s4:kdc: Fix leak
      s4:kdc: Avoid potential use‐after‐free
      s4:kdc: Check for overflow when adding a domain group SID
      s4:kdc: Don’t corrupt domain groups structure if talloc_realloc() fails
      s4:kdc: Assign RID and attribute together
      s4:kdc: Directly zero‐initialize PAC_DOMAIN_GROUP_MEMBERSHIP structure
      s4:kdc: Increment PAC_DEVICE_INFO::domain_group_count only after SID has been successfully added
      s4:kdc: Allocate variables on to more suitable memory context
      s4:kdc: Fix leak
      s4:kdc: Use temporary memory context in samba_kdc_verify_pac()
      s4:kdc: Introduce a temporary talloc context in samba_kdc_update_pac()
      s4:kdc: Add common out path to pac_blobs_from_krb5_pac()
      s4:kdc: Don’t corrupt pac_blobs structure if talloc_realloc() fails
      s4:kdc: Make ‘struct pac_blobs’ memory handling safer and more consistent
      s4:kdc: Make pac_blobs_remove_blob() never fail
      s4:kdc: Have samba_krbtgt_is_in_db() return a krb5_error_code
      s4:kdc: Have samba_krbtgt_is_in_db() take a const KDC entry
      s4:kdc: Rename ‘status’ variables to ‘reply_status’
      s4:kdc: Make RODC ID checks easier to understand with more clearly‐named variables
      s4:kdc: Prefer explicit initialization to ZERO_STRUCTP()
      s4:kdc: Be sure not to pass a NULL pointer into strcmp()
      s4:kdc: Fix leaks
      lib:krb5_wrap: Eliminate redundant code from smb_krb5_sockaddr_to_kaddr()
      lib:krb5_wrap: Have smb_krb5_principal_get_realm() check the return values of intermediate functions
      lib:krb5_wrap: Add smb_krb5_princ_component()
      lib:krb5_wrap: Add Heimdal‐specific smb_krb5_princ_component() implementation
      s4:dsdb: Switch to using smb_krb5_princ_component()
      s4:kdc: Switch to using smb_krb5_princ_component()
      s4:rpc_server: Switch to using smb_krb5_princ_component()
      lib:krb5_wrap: Remove Heimdal‐only krb5_princ_component() implementation
      nsswitch: Fix script usage
      s3:script: Fix script usage lines
      s4:selftest: Fix script usage lines
      s4:setup: Fix script usage line
      testprogs: Fix script usage lines
      s4:kdc: Remove ks_is_tgs_principal()
      ldb: Prefer explicit initialization to ZERO_STRUCT()
      s4:wrepl_server: Correctly read ‘type’ element
      s4:kdc: Don’t prepend useless colon to MIT KDC logging messages
      s3:net: Check return value of data_blob_talloc()
      tests/krb5: Rename ‘client_claims’ to ‘claims_metadata’
      fsrvp.idl: Remove excess zero digit from literal
      dsgetdcname: Remove excess zero digits from literals
      s3:winbindd: Add zero digit to literal
      s4:dsdb: Fix comment
      libcli/security: Add header guard
      libcli/security: Use correct union member
      libcli/security: Remove bool_value member
      libcli/security: Const‐qualify function parameters
      libcli/security: Add some missing declarations
      libcli/security: Add function to convert token claims to security attribute claims
      libcli/security: Emit error message if program is too large
      tests/krb5: Match filter after transforming test name
      python:tests: Fix invalid escape sequences
      libcli:security: Add SELF SID constant
      libcli:security: Use SELF SID constant
      libcli:security: Correct Asserted Identity SID definitions
      s4:dsdb: Use NULL SID constant
      s4:kdc: Use Asserted Identity SID constants
      libcli:security: Add Compounded Authentication and Claims Valid SID constants
      s4:kdc: Use Compounded Authentication and Claims Valid SID constants
      s4:auth: Use Anonymous and System SID constants
      s4:dsdb: Use Builtin SID constant
      s4:ntvfs: Use World and System SID constants
      s4:rpc_server: Use Builtin SID constant
      s4:torture: Use SID constants
      s4:auth: Correct error message
      python:tests: Remove unused import
      libcli/security: Remove unused macro
      libcli/security: Remove unused flag SDDL_FLAG_EXPECTING_END
      libcli/security: Remove unused flag SDDL_FLAG_IS_ATTR
      libcli/security: Remove unused flag SDDL_FLAG_IS_LITERAL
      libcli/security: Remove unused flag SDDL_FLAG_IS_FAKE_OP
      libcli/security: Refer to UTF‐16 code units rather than to codepoints
      libcli/security: Use ACL revision constants
      libcli/security: Fix code formatting
      libcli/security: Test hex‐escapes that should be literals
      lib/krb5_wrap: Make use of smb_krb5_make_data()
      lib/krb5_wrap: Simplify assignments
      lib:audit_logging: Initialize ‘tm’ structure
      s3:lib: Initialize ‘tm’ structure
      s3:modules: Initialize ‘tm’ structure
      s3:passdb: Initialize ‘tm’ structure
      s3:rpc_server: Initialize ‘tm’ structure
      s3:smbd: Initialize ‘tm’ structure
      s4:kdc: Initialize ‘tm’ structure
      s4:kdc: Fix ldb_msg_find_krb5time_ldap_time()
      s4:torture: Initialize ‘tm’ structure
      s4:auth: Make returning resource groups the last thing we do
      s4:auth: Introduce helper variable ‘resource_groups_in’
      s4:auth: Return a talloc‐allocated resource groups structure
      s4:auth: Fix ‘user_info_dc_out’ leak
      s4:kdc: Move encode_claims_set() into the auth_session subsystem
      s4:auth: Include missing headers
      s4:auth: Add functions to convert between different claims formats
      testdata: Mark compression test data as binary
      ndr: Display values for failed range checks
      pidl: Use portable format specifiers
      librpc/ndr: Use portable format specifiers
      librpc: Use portable format specifiers
      pidl: Use INT_MAX as enum constant for portability
      librpc: Fix typos in error messages
      tests/krb5: Sort imports
      tests/krb5: Allow variation in PADATA_PW_SALT
      tests/krb5: Allow filter for tests that crash Windows
      tests/krb5: Allow multiple ticket modification functions
      tests/krb5: Don’t bother regenerating the PAC if modify_pac_fn or update_pac_checksums are false
      tests/krb5: Allow passing mapping=None to map_to_sid()
      tests/krb5: Make set_pac_sids() parameters keyword‐only
      tests/krb5: Make optional ‘user_rid’ parameter to set_pac_sids()
      tests/krb5: Make optional ‘domain_sid’ parameter to set_pac_sids()
      tests/krb5: Have set_pac_sids() accept lone RIDs as well as full SIDs
      tests/krb5: Add method to replace the device SIDs in a PAC
      tests/krb5: Add method to replace client or device claims in a PAC
      tests/krb5: Add samba.tests.krb5.conditional_ace_tests
      lib:compression: Fix building with FORTIFY_SOURCE=2
      lib/ldb-samba: Fix building with FORTIFY_SOURCE=2
      ldb: Fix building with FORTIFY_SOURCE=2
      lib/util: Fix building with FORTIFY_SOURCE=2
      s3:libads: Don’t do first loop iteration if ‘attr’ is NULL
      s3:libads: Fix building with FORTIFY_SOURCE=2
      s3:rpc_server: Fix building with FORTIFY_SOURCE=2
      s3:smbd: Fix building with FORTIFY_SOURCE=2
      s4:ntvfs: Fix building with FORTIFY_SOURCE=2
      s4:torture: Fix building with FORTIFY_SOURCE=2
      libcli/security: Conform to Samba’s brace style
      libcli/security: Parenthesize macro parameter
      libcli/security: Have security_ace_equal() handle callback and resource ACEs
      libcli/security: Handle new ACE types with sec_ace_object()
      s4:auth: Ensure that some parameters are not NULL
      lib:krb5_wrap: Include missing headers
      .gitattributes: Mark large data file as binary
      s4:kdc: Prefer explicit initialization to ZERO_STRUCTP()
      s4:kdc: Check that principal being copied is not NULL
      s4:kdc: Remove unnecessary assignments
      s4:kdc: Initialize pointer to NULL
      ndr: Parenthesize expressions to be cast
      pidl: Parenthesize expression to be cast
      s4:dsdb: Add parameters for claims and device SIDs to security_token_create()
      s4:dsdb: Add session info flag to indicate authentication with a device
      s4:auth: Rename parameter to match function implementation
      s4:auth: Reformat function calls
      s4:kdc: Reformat function call
      s4:auth: Add parameters for claims and device info to auth_generate_security_token()
      s4:kdc: Add parameters for claims and device info to authn_policy_access_check()
      s4:kdc: Add claims parameter to authn_policy_authenticate_from_device()
      s4:kdc: Add parameters for claims and device info to authn_policy_authenticate_to_service()
      s4:kdc: Remove unused memory context from samba_kdc_lookup_realm()
      s4:kdc: Remove ‘compounded_auth’ parameter from samba_kdc_get_user_info_dc()
      s4:kdc: Have callers of samba_kdc_get_user_info_dc() themselves add the Claims Valid SID
      s4:kdc: Remove ‘claims_valid’ parameter from samba_kdc_get_user_info_dc()
      s4:kdc: Have callers of samba_kdc_get_user_info_dc() themselves add an Asserted Identity SID
      s4:kdc: Remove ‘asserted_identity’ parameter from samba_kdc_get_user_info_dc()
      tests/krb5: Initialize variable
      tests/krb5: Add method to perform an armored AS‐REQ
      tests/krb5: Add tests performing AS‐REQs armored with unacceptable tickets
      s4:kdc: Remove device PAC validation
      s4:kdc: Remove unused parameters from samba_kdc_verify_pac()
      tests/krb5: Add Device Restriction tests for silos and authentication policies in the KDC
      third_party/heimdal_build: Define HAVE_KRB5_PAC_IS_TRUSTED when using embedded Heimdal
      s4:kdc: Add ‘samba_kdc_entry_pac’ wrapper type
      s4:kdc: Remove unused declaration
      s4:kdc: Fix indentation
      s4:kdc: Add function to determine whether a KDC entry represents a trust
      s4:kdc: Add function to get device PAC entry from Heimdal request structure
      s4:kdc: Make use of ‘samba_kdc_entry_pac’ wrapper type
      tests/krb5: Test that the correct Asserted Identity SID is added when inner FX‐FAST padata is used
      libcli/security: Initialize conditional ACE token
      s4:kdc: Rename ‘skdc_entry’ parameter of samba_kdc_get_user_info_from_db() to ‘entry’
      s4:kdc: Rename ‘user_info_dc’ parameter of samba_kdc_get_user_info_from_db() to ‘info_out’
      s4:kdc: Rename ‘skdc_entry’ parameter of samba_kdc_get_user_info_dc() to ‘entry’
      s4:kdc: Rename ‘user_info_dc_out’ parameter of samba_kdc_get_user_info_dc() to ‘info_out’
      s4:kdc: Add ‘msg’ parameter to samba_kdc_get_user_info_dc()
      s4:kdc: Replace calls to samba_kdc_get_user_info_from_db() with calls to samba_kdc_get_user_info_dc()
      s4:kdc: Inline samba_kdc_get_user_info_from_db() into its only caller
      s4:kdc: Rename samba_kdc_get_user_info_dc() to samba_kdc_get_user_info_from_db()
      s4:kdc: Rename samba_kdc_entry::user_info_dc to samba_kdc_entry::info_from_db
      s4:kdc: Pass Kerberos context into samba_kdc_get_device_info_blob()
      s4:kdc: Modify samba_kdc_get_user_info_from_db() to return a Kerberos error code
      s4:kdc: Make boolean members into bit‐fields
      s4:kdc: Add ‘samdb’ parameter to samba_kdc_verify_pac()
      s4:kdc: Add ‘samdb’ parameter to samba_kdc_get_device_info_blob()
      s4:kdc: Pass ‘samdb’ into samba_kdc_get_user_info_from_db()
      s4:kdc: Rename local variable ‘user_info_dc’ to ‘info’
      s4:kdc: Check parameters of samba_kdc_get_user_info_from_db()
      s4:kdc: Initialize out parameter of samba_kdc_get_user_info_from_db()
      s4:kdc: Introduce intermediate variable ‘resource_groups’
      s4:kdc: Fix leak
      s4:kdc: Rename parameter ‘user_info_dc_out’ to ‘info_out’
      s4:kdc: Rename variable ‘user_info_dc’ to ‘info’
      s4:kdc: Split samba_kdc_get_user_info_from_pac() out of samba_kdc_obtain_user_info_dc()
      s4:kdc: Remove common out path from samba_kdc_obtain_user_info_dc()
      s4:kdc: Simplify memory management with talloc stackframe
      s4:kdc: Check parameters of samba_kdc_get_user_info_from_pac()
      s4:kdc: Make ‘resource_groups_out’ parameter const
      s4:kdc: Pass resource groups parameter only if we are creating a TGT
      s4:kdc: Pass AUTH_EXCLUDE_RESOURCE_GROUPS into samba_kdc_obtain_user_info_dc()
      s4:kdc: Remove ‘group_inclusion’ parameter from samba_kdc_obtain_user_info_dc()
      s4:kdc: Label ‘resource_groups_out’ parameter
      s4:kdc: Always fetch resource groups
      s4:kdc: Cache user info and resource groups from PACs
      s4:kdc: Rename samba_kdc_obtain_user_info_dc() to samba_kdc_get_user_info_dc()
      s4:kdc: Declare ‘auth_entry’ to be of type ‘samba_kdc_entry_pac’
      s4:auth: Have claims_data_encoded_claims_set() return a reference to the encoded claims
      s4:auth: Explicitly initialize claims structures
      s4:kdc: Add functions to fetch claims from the DB or from the PAC
      s4:kdc: Modify samba_kdc_get_claims_blob() to use claims_data functions
      s4:kdc: Remove unused function get_claims_blob_for_principal()
      s4:kdc: Create the Requester SID blob only if we actually need it
      s4:kdc: Simplify samba_kdc_check_device() by calling samba_kdc_get_user_info_dc()
      s4:kdc: Note use of parent memory context
      s4:kdc: Simplify creation of device claims blob
      s4:kdc: Introduce helper variable ‘server_restrictions_present’
      s4:kdc: Remove ‘claims_valid’ parameter from samba_kdc_add_claims_valid()
      s4:kdc: Remove ‘compounded_auth’ parameter from samba_kdc_add_compounded_auth()
      s4:kdc: Make samba_kdc_add_compounded_auth() static
      tests/krb5: Correctly test services that do not support Compound Identity
      s4:kdc: Do not perform compound authentication for services without Compound Identity support
      s4:kdc: Fetch device claims for server restrictions
      s4:kdc: Have samba_kdc_allowed_to_authenticate_to() take claims and device info
      s4:kdc: Use claims and device info to evaluate server authentication policy
      s4:kdc: Use device claims to evaluate client authentication policy
      s4:kdc: Use ‘claims_data’ functions to create client claims blob
      s4:kdc: Make samba_kdc_get_user_info_dc() non‐static
      s4:kdc: Use claims and device info to evaluate server authentication policy
      third_party/heimdal: Fix PKINIT freshness token memory handling (Import lorikeet-heimdal-202310092148 (commit 38aa80e35b6b1e16b081fa9c005c03b1e6994204))
      s4:kdc: Adapt interface to new Heimdal revision
      s4:kdc: Factor creation of user_info_dc out of samba_kdc_check_s4u2proxy_rbcd() into its callers
      s4:kdc: Add comment regarding RODC‐issued evidence tickets for constrained delegation
      s4:kdc: Call samba_kdc_get_user_info_dc() to get client information
      s4:kdc: Rename ‘user_info_dc’ to ‘client_info’
      s4:kdc: Pass claims and device info into samba_kdc_check_s4u2proxy_rbcd()
      s4:kdc: Use device info to evaluate RBCD conditions
      s4:kdc: Use claims to evaluate RBCD conditions
      s4:dsdb: Skip allocation of empty device SIDs array
      s4:kdc: Always regard device info when checking a server authentication policy
      lib:compression: Correctly fix sign extension of long matches (CID 1517275)
      lib:printer_driver: Check return value of gp_inifile_enum_section() (CID 1444835)
      lib:replace: Properly check result of write() and read() (CID 1034925)
      tdb: Do not pass non–null‐terminated strings to strcmp() (CID 1449485)
      util: Remove redundant assertion (CID 1497841)
      lib:util: Remove always‐false comparison (CID 242193)
      smbXcli: Remove unreachable code (CID 1444978)
      s3:client: Correctly call setgroups() (CID 1449449)
      s3:lib: Rearrange preprocessor directives to avoid structurally dead code (CID 242032)
      Revert "s3:libads: Don’t do first loop iteration if ‘attr’ is NULL"
      s3:libnet: Remove always‐false comparison (CID 241309)
      s3:libsmb: Fix array traversal (CID 1034683)
      s3:modules: Remove unreachable code (CID 1508998)
      s3:modules: Initialize mask_permset (CID 1435850)
      s3:nmbd: Remove redundant code (CID 1414756)
      s3:rpcclient: Do not pass uninitialized pointer to printf() (CID 1476170)
      s3:smbd: Avoid integer overflow (CID 1035487)
      Revert "smbd: Fix CID 1504457 Resource leak"
      smb2_server: Remove unreachable code (CID 1444981)
      smb2_server: Check status codes (CID 1474441)
      s3:utils: Avoid integer overflow (CID 1035488)
      s3:utils: Check return value of cli_RNetServiceEnum() (CID 1273313)
      s4:auth: Fix resource leak (CID 1107222)
      s4:auth: Remove event context on failure
      s4:dns_server: Merge similar code paths
      s4:dns_server: Check return value of ldb_transaction_commit() (CID 1034631)
      s4:dsdb: Check whether ‘p’ is NULL before dereferencing it (CID 240875)
      s4:dsdb: Permit forward link to be missing in linked_attributes_fix_forward_link()
      s4:dsdb: Check return code (CID 1444824/1444844)
      s4:dsdb: Remove unreachable code (CID 1034686)
      s4:dsdb: Fix unreachable code (CID 1435967)
      s4:dsdb: Check return value of ldb_msg_add_empty() (CID 1272827)
      s4:dsdb: Replace early ‘continue’ with ‘if’ statement (CID 1414738)
      s4:dsdb: Log correct ldb error
      s4:dsdb: Don’t overwrite existing error code (CID 1445263)
      s4:libcli: Remove unnecessary casts
      s4:libcli: Check return value of convert_string_talloc() (CID 1272839)
      s4:messaging: Remove redundant code
      s4:ntvfs: Remove unneeded NULL check (CID 240771)
      s4:ntvfs: Remove dead code path
      s4:ntvfs: Correctly acknowledge PVFS_FLAG_STRICT_SYNC flag (CID 241154)
      s4:rpc_server: Check mkdir() return value (CID 1034649)
      s4:rpc_server: Check return values of gnutls functions (CID 1452111)
      buildtools: Remove semicolons
      examples: Don’t use deprecated method ‘has_key()’
      examples: Fix invalid escape sequences
      python:colour: Fix exception message
      python:subunit: Use now() instead of utcnow()
      python:tests: Use assertEqual() instead of assertEquals()
      python:tests: Fix exception message
      python:tests: Fix comment
      python:tests: Correct search expression
      python:tests: Remove semicolons
      python:tests: Use now() instead of utcnow()
      tests/krb5: Use assertEqual() instead of assertEquals()
      tests/krb5: Fix assertion messages
      s3:script: Remove semicolons
      s4:dsdb:tests: Remove unused imports
      s4:dsdb:tests: Remove unused variables
      s4:dsdb:tests: Fix assertion messages
      s4:dsdb:tests: Use loadTestsFromTestCase() instead of makeSuite()
      s4:torture: Use assertEqual() instead of assertEquals()
      selftest: Use now() instead of utcnow()
      wintest: Fix invalid escape sequences

Jule Anger (1):
      ldb: change the version to 2.9.0 for Samba 4.20

Kacper (1):
      samba-tool: Fix for gpo restore not working without --tmpdir

Martin Schwenke (12):
      ctdb-tools: Fix CID 1539212 - signed/unsigned issue
      ctdb-doc: Fix documentation for ctdb event status
      ctdb-common: Improve error handling
      ctdb-common: Replace pcap_open_live() by lower level calls
      ctdb-common: Set immediate mode for pcap capture
      util: Avoid logging to multiple backends for stdout/stderr
      ctdb-daemon: Call setproctitle_init()
      ctdb-doc: Update CTDB manual pages to UTF-8
      ctdb-doc: Add some subsection names in description
      ctdb-scripts: Avoid errors for uninitialised counters
      ctdb-scripts: Implement failcount handling with thresholds
      ctdb-scripts: Convert 40.vsftpd to use threshold-based fail counting

Michael Tokarev (1):
      python/samba/netcmd/domain/schemaupgrade.py: fix missing newline

MikeLiu (2):
      vfs_aio_pthread: use SMB_VFS_NEXT_OPENAT() in aio_pthread_openat_fn()
      streams_depot: Goto done if FSETXATTR SAMBA_XATTR_MARKER failed

Noel Power (6):
      selftest: Add new dfs share (with widelinks enabled)
      sefltest: Add new regression test dfs with widelinks = yes
      s3/modules: Add flag indicating if connected share is a dfs share
      s3/modules: Fix DFS links when widelinks = yes
      pidl/lib: Add recursion detection logic to prevent looping.
      pidl/tests: Add tests for hang with nested struct.

Pavel Filipenský (16):
      s4:auth: Fix trailing whitespaces in kerberos_util.c
      auth:kerberos: Fix resource leak in parse_principal()
      auth:kerberos: Fix resource leak in smb_krb5_get_keytab_container()
      auth:kerberos: Fix resource leak in smb_krb5_update_keytab()
      auth:credentials: Fix resource leak in cli_credentials_set_from_ccache()
      lib:krb5_wrap: Fix resource leak in smb_krb5_kt_seek_and_delete_old_entries
      s3:winbindd: Avoid doing the same assignment twice
      s3:winbindd: Use a correct value for the length of domain children
      docs:smbdotconf: Inform that changing 'winbind max domain connections' needs a restart
      s3:tests: Fix smbspool_argv_wrapper.c
      s3:tests: test_smbspool.sh should be calling smbspool_argv_wrapper
      s3:tests: Fix init of samba_kdestroy in test_smbclient_kerberos.sh
      s3:tests: Fix syntax error in test_smbclient_kerberos.sh
      s3:tests: Check if test_smbclient_kerberos.sh was successful
      s3:winbindd: Skip check_negative_conn_cache() if saf_servername == NULL
      s3:winbindd: Call winbind_add_failed_connection_entry() for the correct dc name

Pavel Kalugin (27):
      s3:param: Use lpcfg_set_cmdline()
      examples: Use lpcfg_set_cmdline()
      s3:rpcclient: Use lpcfg_set_cmdline()
      s3:rpc_server: Use lpcfg_set_cmdline() in test_mdsparser_es
      s3:utils: Use lpcfg_set_cmdline() in dbwrap_tool
      s3:utils: Use lpcfg_set_cmdline() in dbwrap_torture
      s3:utils: Use lpcfg_set_cmdline() in mdsearch
      s3:utils: Use lpcfg_set_cmdline() in net
      s3:utils: Remove trailing spaces in pdbedit; no changes
      s3:utils: Use lpcfg_set_cmdline() in pdbedit
      s3:utils: Use lpcfg_set_cmdline() in regedit
      s3:utils: Use lpcfg_set_cmdline() in sharesec
      s3:utils: Use lpcfg_set_cmdline() in smbcacls
      s3:utils: Remove trailing spaces in smbcacls; no changes
      s3:utils: Use lpcfg_set_cmdline() in smbcontrol
      s3:utils: Remove trailing spaces in smbcontrol; no changes
      s3:utils: Use lpcfg_set_cmdline() in smbcquotas
      s3:utils: Remove trailing spaces in smbcquotas; no changes
      s3:utils: Use lpcfg_set_cmdline() in smbstatus
      s3:utils: Use lpcfg_set_cmdline() in testparm
      s3:utils: Use lpcfg_set_cmdline() in vfstest
      s3:notifyd: Use lpcfg_set_cmdline()
      s3:torture: Use lpcfg_set_cmdline()
      s3:utils: Use lpcfg_set_cmdline() in smbpasswd
      libnetapi: Use lpcfg_set_cmdline()
      s3:netapi: Fix a leak in libnetapi_net_init()
      s3:libsmb: Use lpcfg_set_cmdline()

Ralph Boehme (6):
      mdssvc: better support for search with mdfind from Macs
      smbd: make vfs_stat_fsp() a no-op on fake file-handles
      s3: smbd: Ignore fstat() error on deleted stream in fd_close().
      CVE-2023-4091: smbtorture: test overwrite dispositions on read-only file
      CVE-2023-4091: smbd: use open_access_mask for access check in open_file()
      s4:torture/smb2: fix typo in acls.c

Rob van der Linde (41):
      netcmd: user: turn user.py into module netcmd.user
      netcmd: user: move user add command
      netcmd: user: move user delete command
      netcmd: user: move user enable command
      netcmd: user: move user disable command
      netcmd: user: move user list command
      netcmd: user: move user setexpiry command
      netcmd: user: move common code used by various password commands
      netcmd: user: move user password command
      netcmd: user: move user getgroups command
      netcmd: user: move user setprimarygroup command
      netcmd: user: move user setpassword command
      netcmd: user: move user getpassword and syncpasswords commands
      netcmd: user: move user edit command
      netcmd: user: move user show command
      netcmd: user: move user move command
      netcmd: user: move user rename command
      netcmd: user: move user unlock command
      netcmd: user: move user add_unix_attrs command
      netcmd: user: move user sensitive command
      netcmd: user: readpasswords: turn getpassword.py into readpasswords module
      netcmd: user: readpasswords: move show command to readpasswords
      netcmd: user: readpasswords: move common.py to readpasswords
      netcmd: user: readpasswords: move getpassword command to readpasswords
      netcmd: user: readpasswords: move syncpasswords command to readpasswords
      netcmd: tests: avoid the need to create a random command in GetSamDB
      netcmd: tests: bugfix: argument -U was already in creds so listed twice
      python: tests: implement setUpTestData overridable class method
      netcmd: tests: make _run a classmethod in SambaToolCmdTest
      netcmd: tests: tests tidyup and make use of setUpTestData
      netcmd: tests: test that create objects make use of addCleanup
      netcmd: tests: modify claim cli tests setup their own test data
      netcmd: tests: modify auth policy cli tests setup their own test data
      netcmd: tests: modify auth silo cli tests setup their own test data
      netcmd: models: field to_db_value needs ldb param
      netcmd: models: add FieldError subclass which stores the field
      netcmd: models: add SDDL model field
      netcmd: models: add SDDL fields to AuthenticationPolicy model
      netcmd: auth: add new SDDL fields to create and modify auth policy commands
      netcmd: tests: add some tests for valid and invalid SDDL in cli commands
      netcmd: auth: manpage documentation for conditional ace fields

Samuel Cabrero (15):
      s3:libnetapi: Return error from RequestOfflineJoin
      s3:libnetapi: Add some comments to document ODJ blob charset conversions
      s3:libnetapi: Add NetComposeOfflineDomainJoin() to IDL
      s3:libnetapi: Add NetComposeOfflineDomainJoin() boilerplate
      s3:libnetapi: Add NetComposeOfflineDomainJoin() to API.
      s3:libnetapi: Implement NetComposeOfflineDomainJoin_l()
      s3:net: Add "net offlinejoin composeodj" command
      s3:net: Load ODJ blob from file only if "loadfile" parameter is present
      s3:net: Allow to load ODJ blob from stdin
      testprogs: Cleanup machine account in net offlinejoin tests
      testprogs: Add net offlinejoin composeodj tests
      netapi: Pass loadparm_context to libnetapi_net_init()
      netapi: Pass net's cmdline credentials to libnetapi_net_init()
      auth:credentials: Check if password_obtained > obtained
      testparm: Allow idmap ranges overlap for idmap_nss

Stefan Metzmacher (43):
      VERSION: Bump version up to 4.20.0pre1...
      WHATSNEW: Start release notes for Samba 4.20.0pre1.
      paged_results: add no memory checks in paged_search()
      s4:torture/ndr: add tests for DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED
      librpc/rpc: let dcerpc_read_ncacn_packet_next_vector() handle fragments without any payload
      dcerpc.idl: fix definitions for DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED payload
      s4:torture/smb2: let torture_smb2_con_sopt() use smb2_connect()
      s4:torture/smb2: let us have a common torture_smb2_con_share()
      s4:torture/smb2: make it possible to pass existing_conn to smb2_connect_ext()
      s4:torture/smb2: add smb2.multichannel.bugs.bug_15346
      s3:smbd: always clear filter_subreq in smb2srv_client_mc_negprot_next()
      s3:smbd: fix multichannel connection passing race
      smb2_server: avoid ZERO_STRUCT*() in the core code
      smb2_server: move struct msghdr to smbd_smb2_request_read_state
      smb2_server: remove state->hdr.done and always set state->vector first
      smb2_server: split smbd_smb2_advance_incoming() out of smbd_smb2_io_handler()
      lib/util: inline iov_{buflen,buf,advance}()
      smb2_server: change smbd_smb2_advance_incoming() to use iov_advance()
      smb2_server: simplify smbd_smb2_advance_incoming() recvfile logic
      smb2_server: split out smbd_smb2_advance_send_queue() out of smbd_smb2_flush_send_queue()
      smb2_server: split out smbd_smb2_flush_with_sendmsg() out of smbd_smb2_flush_send_queue()
      smb2_server: move struct msghdr to smbd_smb2_send_queue
      .gitlab-ci: restore starting ubuntu2204-samba-o3 for the default pipeline
      .gitlab-ci: make it explicit that some tests require ext4/5.15 kernel
      nsswitch: add test for pthread_key_delete missuse (bug 15464)
      nsswitch/wb_common.c: fix build without HAVE_PTHREAD
      nsswitch/wb_common.c: winbind_destructor can always use get_wb_global_ctx()
      nsswitch/wb_common.c: don't operate on a stale wb_global_ctx.key
      nsswitch/wb_common.c: fix socket fd and memory leaks of global state
      selftest: add some basic testing for the io_uring vfs module
      .codespellignore: adjust in order to pass on ubuntu 22.04
      bootstrap: install codespell, shfmt and shellcheck also on debian/ubuntu
      gitlab-ci: run samba-codecheck on ubuntu22.04
      tevent: introduce DLIST_DEMOTE_SHORT()
      lib/util: sync DLIST_DEMOTE_SHORT() changes to dlinklist.h
      ldb: sync DLIST_DEMOTE_SHORT() changes to include/dlinklist.h
      tevent: split out a tevent_common_fd_disarm() helper
      tevent: add tevent_common_fd_mpx infrastructure
      tevent: let tevent_epoll.c use new generic mpx infrastructure
      tevent: add test_fd_speed3
      tevent: add test_event_fd3
      tevent: add support for TEVENT_FD_ERROR
      tevent: version 0.16.0

Volker Lendecke (152):
      smbd: Don't crash in cli_fsctl_send()
      libcli: Make symlink_reparse_buffer_parse() more flexible
      libcli: Add general reparse point data parsing
      libsmb: Use reparse_data_buffer_parse() in cli_readlink()
      libsmb: Use reparse_data_buffer_parse() to get symlink error resp
      pylibsmb: Use reparse_data_buffer_parse()
      libsmb: Some README.Coding for symlink_reparse_buffer_parse()
      libsmb: Move symlink_reparse_buffer_parse() to reparse.c
      libsmb: Factor out cli_get_reparse_data() from cli_readlink()
      smbclient3: Get all reparse data for allinfo
      passdb: Fix a DBG message
      passdb: Fix whitespace
      passdb: Fix a DBG statement
      idmap: Fix whitespace
      idmap_tdb: Remove a variable never used
      idmap:fix whitespace
      lib: Move few bytes of R/W data to R/O text
      smbd: Use struct initialization
      smbd: Fix DBG macro
      dbwrap: Simplify dbwrap_change_uint32_atomic_action()
      dbwrap: Simplify dbwrap_change_int32_atomic_action()
      smbstatus: Fix CID 1507870 Uninitialized pointer read
      smbstatus: Fix CID 1507865 Uninitialized pointer read
      smbd: Use "dirfsp" in smb_posix_open()
      smbd: Use "dirfsp" in smb_posix_unlink()
      smbd: Pass down "dirfsp" to smb_unix_mknod()
      libsmb: A bit README.Coding for cli_qpathinfo2()
      tevent: Fix a typo
      audit_logging: Simplify json_add_stringn() with json_stringn()
      libsmb: Add cli_smb2_qpathinfo_send/recv()
      libsmb: Use cli_smb2_qpathinfo() for streams
      libsmb: Use cli_smb2_qpathinfo() in cli_qpathinfo2()
      libsmb: Use cli_smb2_qpathinfo_basic() in cli_getatr()
      smbclient: Don't give up in allinfo if getting advanced info fails
      torture3: Avoid unused variables
      libsmb: Move cli_qpathinfo1() to torture3
      libsmb: Move cli_raw_ioctl() to torture3
      libsmb: Use tevent_req_oom() where appropriate
      libsmb: Remove a duplicate TALLOC_FREE()
      libsmb: Use tevent_req_nterror() properly
      clifuse: Use direct FSCC info level
      libcli: Add required #includes to smbXcli_base.h
      tests: Create symlinks using posix extensions
      tests: Add test_symlink_reparse_data_buffer_parse
      libsmb: Fix parsing symlink reparse points
      tests: Add reproducer for BZ15481
      smbd: Fix BZ15481
      conf: Remove "smb3 unix extensions" parameter
      libsmb: Add sync cli_mknod() for smbclient3's use
      smbclient: Add mkfifo command
      libsmb: Add reparse_data_buffer_marshall()
      libsmb: Use reparse_data_buffer_marshall() in py_reparse_symlink_put()
      libsmb: Factor out cli_create_reparse_point() from cli_symlink()
      libsmb: Use reparse_data_buffer_marshall() in cli_symlink_send()
      libsmb: Use reparse_data_buffer_marshall() in py_reparse_put()
      libsmb: Remove reparse_symlink.c
      libsmb: Extend cli_mknod to create NFS reparse points
      smbclient: Save lines with talloc_asprintf_addbuf()
      libsmb: Remove unused cli_is_nt_error()
      libsmb: Remove a call to SMBC_errno()
      libsmb: Remove a call to SMBC_errno()
      libsmb: Remove a call to SMBC_errno()
      libsmb: Remove SMBC_errno()
      libsmb: Eliminate a reader of cli->raw_status
      libsmb: Remove unused cli_dos_error()
      libsmb: Remove unused cli_is_dos_error()
      lib: Modernize tdb_fetch_lifetime()
      lib: Avoid a tdb handle leak
      examples: Use explicit SMBCCTX
      smbd: Modernize a few DBG statements
      libsmb: Remove two #defines just used once
      examples: Slightly modernize printfs in teststat
      clifuse: Use an empty array for holding the inode path
      clifuse: Start implementing forget()
      libcli: Correct guard #define
      libsmb: Make libsmb/clispnego.c static to libads/
      libsmb: Pass neg contexts through sync smbXcli_negprot_recv()
      tests: We always do smb3 unix extensions
      tests: Run smb3unix tests with SMB1
      pylibsmb: Py_BuildValue can build tuples directly
      libsmb: Allow NULL print_name in reparse_data_buffer_marshall()
      idl: Add smb3posix.idl
      smbd: Use smb3posix marshalling in smbd_smb2_create_after_exec()
      smbd: Add smb3_file_posix_information_init()
      smbd: Modernize a DEBUG statement
      smbd: Use Use smb3posix marshalling in in smbd_marshall_dir_entry()
      smbd: Use Use smb3posix marshalling in in smbd_do_qfilepathinfo()
      smbd: Remove unused marshalling of smb3posix file information
      libndr: Factor out ndr_pull_struct_blob_noalloc()
      libsmb: Pass NTTIME to interpret_long_date()
      libsmb: Use pidl generated parsing for posix file info
      smbd: Pass "struct vfs_open_how" to reopen_from_procfd()
      smbd: Pass "struct vfs_open_how" to fd_open_atomic()
      smbd: Pass "struct vfs_open_how" to reopen_from_fsp()
      smbd: Slightly simplify open_file()
      smbd: Remove variable "accmode" from open_file()
      smbd: Don't change incoming flags in open_file()
      smbd: Simplify open_file()
      smbd: Simplify an if-condition in open_file()
      smbd: Simplify open_file()
      smbd: Simplify open_file()
      smbd: Simplify open_file()
      smbd: Make open_file() a bit safer
      smbd: Remove "local_flags" from open_file()
      smbd: Pass struct vfs_open_how to open_file()
      smbd: Remove "flags2" from open_file_ntcreate()
      libsmb: Add "flags" to cli_smb2_close_fnum_send()
      libsmb: Pass "flags" through cli_close_send() and pylibsmb
      pylibsmb: Add SMB2_CLOSE_FLAGS_FULL_INFORMATION constant
      tests: Add reproducer for bug 15487
      ctdb: Fix whitespace
      ctdb: Reduce indentation in get_tunable_values()
      ctdb: Align variable signedness
      ctdb: setup $CTDB_BASE for deterministic ip alloc tests
      ctdb: Add "home_nodes" file to deterministic IP allocation
      smbd: Expand IS_DOS_* macros
      libsmb: Expand IS_DOS_* macros
      smbd: Expand IS_DOS_ARCHIVE() macros
      smbd: Expand IS_DOS_READONLY() macros
      examples: Expand IS_DOS_DIR() macros
      libsmb: Expand IS_DOS_DIR() macro
      Remove IS_DOS_*() macros
      pdb: Slightly simplify pdb_samba_dsdb_set_trusteddom_pw()
      lsa_srv4: Fix a typo
      dsdb: Slightly simplify dsdb_trust_get_incoming_passwords()
      rpc_netlogon4: Simplify dcesrv_netr_ServerAuthenticate3_helper()
      rpc_server3: Remove a duplicate comment
      rpc_server3: Avoid a pointless DEBUGADD
      smbd: Avoid casts in a DBG statement
      libsmb: Remove unused smb2_create_blob_remove()
      smbd: Reduce indentation, remove a nested if-statement
      smbd: Modernize two DBG statements
      vfs: Fix a typo
      smbd: Fix a typo
      smbd: Use SMB_VFS_FSTATAT() instead of SMB_LSTAT()
      smbd: Remove a pointless NULL check
      smbd: is_in_path() deals with a NULL namelist
      libcli: Convert security_token_debug_privileges() to talloc_asprintf
      libcli: Make security_token_debug() use just one DEBUG statement
      libcli: Make debug_unix_user_token() use just one DEBUG statement
      smbclient: Always ask for SMB311 posix in negprot
      libsmb: Ask for posix semantics if requested
      examples: Print file type as part of teststat
      libsmb: Add placeholder "mode" parameter to cli_qpathinfo2()
      libsmb: Query reparse tag in cli_qpathinfo2
      libsmb: Parse reparse tag in query_directory response
      libsmbclient: Add smbc_[gs]etOptionPosixExtensions()
      libsmbclient: Read the file type from the server with posix enabled
      examples: Enable posix for teststat
      libsmb: Use cli_smb2_qpathinfo_send() for SMB_QUERY_FILE_ALT_NAME_INFO


Samba Shared Repository

More information about the samba-cvs mailing list