[SCM] Samba Shared Repository - annotated tag talloc-2.4.2 created
Jule Anger
janger at samba.org
Mon Jan 29 16:18:30 UTC 2024
The annotated tag, talloc-2.4.2 has been created
at a5a070980d6ae59f73b31fdd7c634f04252088b6 (tag)
tagging f28966c1638806a5af1fa4e451b668af638491ce (commit)
replaces tevent-0.16.0
tagged by Jule Anger
on Mon Jan 29 17:18:17 2024 +0100
- Log -----------------------------------------------------------------
talloc: tag release talloc-2.4.2
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAmW3z8kACgkQR5ORYRMI
QCWYKgf/VC0HKvlpusnMw0lgfZQ3TANB+wMEfxB3ausZCHYTLoTHGfuIZwxSy4hA
JJvBLNRKQ+jNVvpfnQZe7VNQLBwLYseweospw9fXryCNE7l2ez18lSZev7De1Yms
sQQF2bcpEy2qh0U5A+H7fBHCNi4rpHTva0NAEKG3wldrDYOPdoUjeUZbVAMMGh/B
Czs7u1nkL0kNabtYU5hDhNrls4+Ht+Uno268gHB9cEhkT2Hz5lRLwOtNERf0ZLTS
HMf4EokMcdhuL6E1eKDUBeQiyLOTNhHTp5YKsyTsGX/JhrVFKFmpU4uXlFBnNswS
RZqVZgZX8z0Y8Zj6E6NgxaR9nBZDtA==
=8bqN
-----END PGP SIGNATURE-----
Andreas Schneider (88):
s4:torture: Increase multichannel timeout
s3:utils: Call gfree_all() before exit in net
s3:utils: Call gfree_all() before exit in ntlm_auth
s3:utils: Call gfree_all() before exit in pdbedit
s3:utils: Call gfree_all() before exit in regedit
s3:utils: Call gfree_all() before exit in sharesec
s3:utils: Call gfree_all() before exit in smbcacls
s3:utils: Call gfree_all() before exit in smbcontrol
s3:utils: Call gfree_all() before exit in smbcquotas
s3:utils: Remove trailing white spaces in smbfilter.c
s3:utils: Call gfree_all() before exit in smbfilter
s3:utils: Call gfree_all() before exit in smbget
s3:utils: Remove trailing white spaces in smbpasswd.c
s3:utils: Call gfree_all before exit in smbpasswd
s3:utils: Call gfree_all() before exit in smbtree
s3:client: Call gfree_all() before exit in smbclient
s3:client: Call gfree_all() before exit in smbspool
s3:param: Use a talloc stackframe in pyparam
s3:param: Use the memory context we just created instead of tos
s3:param: Make init_globals() public
lib:param: Set a memory context for the globals if not initialized yet
s3:utils: Initialize row variable in wspsearch
lib:util: Add boolean return type for memcache_add()
lib:util: Add boolean return type for memcache_add_talloc()
s3:passdb: Do not leak memory if memcache add fails
lib:util: Add a gfree_memcache()
s3:util: Add gfree_memcache() to gfree_all()
s3:utils: Initialize the memcache for smbpasswd
lib:replace: Add python.h
Use python.h from libreplace
third_party: Build pypamtest with -Wno-error=declaration-after-statement
python:tests: Fix assertEquals which doesn't exist in Python 3.12
python:tests: SHA1 is no longer supported by cryptography module
gitlab-ci: Update Fedora to version 39
s4:rpc_server: Remove trailing white spaces from lsa_init.c
s4:torture: Adapt LSA tests for newer Windows versions
s4:rpc_server: Implement dcesrv_lsa_OpenPolicy3()
s3:rpc_server: Implement _lsa_OpenPolicy3()
s4:torture: Implement lsa_OpenPolicy3 tests
s3:rpc_client: Implement dcerpc_lsa_open_policy3()
s3:rpc_client: Implement dcerpc_lsa_open_policy_fallback()
s3:rpc_server: Use dcerpc_lsa_open_policy_fallback() for netlogon
s3:utils: Use dcerpc_lsa_open_policy_fallback() in net_rpc_trust.c
s3:libnetapi: Use dcerpc_lsa_open_policy_fallback() in localgroup.c
s3:rpcclient: Remove trailing white spaces from cmd_lsarpc.c
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c
s3:utils: Use dcerpc_lsa_open_policy_fallback() in net_rpc.c
s3:utils: Use dcerpc_lsa_open_policy_fallback() in net_rpc_rights.c
s3:utils: Use goto to close the policy in rpc_rights_grant_internal()
s3:utils: Use any_nt_status_not_ok() in rpc_rights_grant_internal()
s3:winbind: Use dcerpc_lsa_open_policy_fallback() in winbindd_cm.c
s3:winbind: Always close the policy handle we opened
s3:rpc_client: Remove unused rpccli_lsa_open_policy2()
third_party: Update waf to version 2.0.26
lib:crypto: Use bytearray macros
selftest: Show that 'allow trusted domains = no' firewalls Unix User|Group
s3:auth: Remove trailing white spaces from auth_util.c
s3:auth: Allow 'Unix Users' and 'Unix Groups' to create a local token
s3:tests: Add smbget test for smb://DOAMIN;user%password@server/share/file
s3:utils: Fix setting the debug level
s3:tests: Fix authentication with smbget_user in smbget tests
selftest: Remove trailing tabs/white spaces in Samba4.pm
selftest: Add DOMAIN_ADMIN and DOMAIN_USER variables
s3:tests: Pass down a normal domain user for test_smbget.sh
s3:tests: Fix test_kerberos in smbget tests
s3:tests: Fix the test_kerberos_trust in smbget testsuite
s3:tests: Remove the non-working test_kerberos_upn_denied of smbget
s3:tests: Fix smbget test
auth:creds:tests: Add test for password callback
auth:creds: Fix cli_credentials_get_password_and_obtained() with callback
auth:creds: Add cli_credentials_get_domain_and_obtained()
s3:tests: Add interactive smbget test for password entry
s3:utils: Fix auth callback with smburl
s3:utils: Handle the domain before username and password
s3:utils: Fix the auth function to print correct values to the user
s3:rpc_server: Mark _lsa_CreateTrustedDomain as NOT_IMPLMENTED
s3:rpc_server: Mark _lsa_CreateTrustedDomainEx as NOT_IMPLMENTED
python:gp: Print a nice message if cepces-submit can't be found
docs: Update idmap_ad.8 that rfc2307 is the default
s3:passdb: Do not leak memory in pdb_tdb
s3:libads: Fix memory leaks in ads_create_machine_acct()
s3:passdb: Fix memory leak caused by recursion of get_global_sam_sid()
python:gp: Avoid path check for cepces-submit
python:gp: Improve logging for certificate enrollment
python:gp: Do not print an error, if CA already exists
python:gp: Do not print an error if template already exists
python:gp: Log an error if update fails
python:gp: Improve working of log messages to avoid confusion
Andrew Bartlett (36):
codespell: Ignore .git
librpc/ndr: Remove confusing case where returned string pointer "as" could be NULL
librpc/ndr: Add support for LIBNDR_FLAG_STR_NO_EMBEDDED_NUL
libcli/security: conditional aces: don't allow U+0000 in unicode
s4-scripting/devel: Fix repl_cleartext_pwd to use built-in RC4
s4-scripting/devel: Fix str() vs bytes() issue in repl_cleartext_pwd.py
s4-scripting: Remove repl_cleartext_pwd.py
docs-xml: Improve and consolidate "samba-tool domain auth policy create/modify" docs
samba-tool: Improve help messages for "samba-tool domain auth policy"
third_party/heimdal: Provide krb5_init_creds_opt_set_fast_ccache() and krb5_init_creds_opt_set_fast_flags() (import lorikeet-heimdal-202311290114 (commit 4c8517e161396330c76240bf09609a0dd5f9ea20))
build: Add build time detection for the MIT FAST ccache API
auth/credentials: Add API to allow requesting a Kerberos ticket to be protected with FAST
auth/credentials: Add Python bindings for association of a connection for FAST
python/tests: Import samba.gensec, not gensec
python/tests: Lock in key-word arguments as key-word only in samba.tests.gssapi
python/tests: Add test for creds.set_krb5_fast_credentials()
s4-auth/kerberos: Use FAST credentials for armor if specified in cli_credentials
selftest: Run samba.tests.gensec in an enviroment build also with MIT Krb5
python: Use constants from hresult.h for python constants
python: Correct Python2 super() calls that called the wrong class
python/samba/tests: Fix incorrect superclass in test_min_domain_uid.py
python/samba/tests: Fix incorrect super-class in cred_opt.py setUp()
third_party/heimdal: import lorikeet-heimdal-202311290849 (commit 84fb4579594a5fd8f8462450777eb24d5832be07)
pycredentials: Properly check type in creds.set_nt_hash() and samr.encrypt_samr_password()
selftest: Avoid assertTrue() and assertFalse() where a better test exists
samba-tool: Prepare to allow samba-tool user getpasswords to operate against a remote server
samba-tool user getpassword: Use UTF16_MUNGED charcnv to map "UTF16" to UTF8
samba-tool: Add support for getting the generated unicodePwd for a gMSA account
selftest: Modify expected output of 'samba-tool user getpassword' to be more consistant
samba-tool user getpassword: Prepare to support a ;previous=1 option, change behaviour for ;rounds=
samba-tool: Make samba-tool user getpassword support a ';previous=1' option
WHATSNEW: Add entry for "samba-tool user getpassword" changes
python/netcmd: Add "samba-tool user get-kerberos-ticket" to get a ticket for a gMSA
python/netcmd: Improve documentation for "samba-tool user getpassword"
selftest: Add tests for "samba-tool user get-kerberos-ticket"
WHATSNEW: Add entry for "samba-tool user get-kerberos-ticket"
Anoop C S (13):
vfs_ceph: Add path based fallback mechanism for SMB_VFS_CHOWN
vfs_ceph: Fix a comment in cephwrap_fchmod()
vfs_ceph: Fix the comment quoting module usage
vfs_ceph: Replace libceph with libcephfs in comments
docs-xml: Fix a usage for case sensitive parameter
vfs_ceph: Fix some uninitialized structs and pointers
source3/lib: Properly log the change in capability
Revert "vfs_acl_xattr.c: prefer capabilities over become_root"
vfs_ceph: Fix a usage in comments
vfs_ceph: Indicate a successful connection in logs
source3/wscript: Announce deprecation of old Ceph version support
vfs_ceph: Implement SMB_VFS_FSTATAT
vfs_ceph: Use ceph_fdopendir() when available for SMB_VFS_FDOPENDIR
Bjoern Jacke (1):
system.c: fix fake directory create times
Björn Jacke (50):
system.c: fall back to become_root if CAP_DAC_OVERRIDE isn't usable
dosmode.c: prefer use of capabilities at two places over become_root
token_util.c: prefer capabilities over become_root
nfs4_acls.c: prefer capabilities over become_root
vfs_acl_common.c: prefer capabilities over become_root
vfs_acl_xattr.c: prefer capabilities over become_root
vfs_default.c: prefer capabilities over become_root
vfs_posix_eadb.c: prefer capabilities over become_root
vfs_recycle.c: prefer capabilities over become_root
open.c: prefer capabilities over become_root
posix_acls.c: prefer capabilities over become_root
lib/util: move copyright define to copyright.h
debug.h: introduce DEBUG_STARTUP_NOTICE
logging: use DBG_STARTUP_NOTICE for startup message
README.Coding.md: add DBG_STARTUP_NOTICE macro
lib/util/become_daemon.c: use DBG_STARTUP_NOTICE
source3/nmbd/nmbd.c: use DBG_STARTUP_NOTICE
profile: issues info message with lower log level
s4/server.c: move some log messages from ERR to NOTICE
libgpo: fix wrong lineending in admx files
dosmode: prefer capabilities over become_root
doc-xml: fix name of vfs_linux_xfs man page
docs-xml: use XML_CATALOG_FILES env var if defined
winbind_nss_netbsd: fix missing semicolon
s4/ldap_backend: fix a NULL dereference
s4/ldap_backend: change a printf %d to %u for results
s4/ldap_backend: encode: use modern DBG_ macro
s4/ldap_backend: unwilling: use modern DBG_ macro
s4/ldap_backend: SearchRequest: use modern DBG_ macro
s4/ldap_backend: modifyrequest: use modern DBG_ macro
s4/ldap_backend: addrequest: use modern DBG macros
s4/ldap_backend: delrequest: use modern DBG macros
s4/ldap_backend: modifydnrequest: use modern DBG macros
s4/ldap_backend: CompareRequest: use modern DBG macros
s4/ldap_backend: abandonrequest: use modern DBG macros
s4/ldap_backend: do_call: use modern DBG macros
set_process_capability: log which capability was set or failed to be set
vfs_worm: add connect function to cache parameters
selftest: let list_servers.NT1 really use NT1 protocol
test_smbget.sh: reduce sleep time
time.c: fix ctime which was feeded with the mtime seconds
tests: add a test for vfs_recycle
vfs_recycle: add connect function to cache parameters
vfs_worm: factor out readonly check
vfs_worm: move write_access_flags to global
vfs_worm: add some more vfs functions that worm needs to take care of
vfs_worm: add my copyright
vfs_worm: add FILE_WRITE_EA to write access mask
tests: add test for vfs_worm
tests: add a test for "fake directory create times"
Christof Schmitt (17):
build: Add 'make printversion' to provide version string
vfs_gpfs: Use O_PATH for opening dirfd for stat with CAP_DAC_OVERRIDE
vfs_gpfs: Move fstatat with DAC_CAP_OVERRIDE to helper function
vfs_gpfs: Implement CAP_DAC_OVERRIDE for fstat
vfs_gpfs: Implement CAP_DAC_OVERRIDE for fstatat
nfs4_acls: Implement fstat with DAC_CAP_OVERRIDE
vfs_gpfs: Move fstatat_with_cap_dac_override to nfs4_acls.c
vfs_gpfs: Move stat_with_capability to nfs4_acls.c and rename function
vfs_gpfs: Move vfs_gpfs_stat to nfs4_acls.c and rename function
vfs_gpfs: Move vfs_gpfs_fstat to nfs4_acls.c and rename function
vfs_gpfs: Move vfs_gpfs_lstat to nfs4_acls.c and rename function
vfs_gpfs: Move vfs_gpfs_fstatat to nfs4_acls.c and rename function
nfs4_acls: Make fstatat_with_cap_dac_override static
nfs4_acls: Make stat_with_cap_dac_override static
nfs4_acls: Make fstat_with_cap_dac_override static
vfs_aixacl2: Call stat DAC_CAP_OVERRIDE functions
vfs_zfsacl: Call stat CAP_DAC_OVERRIDE functions
David Mulder (3):
gpupdate: Test Drive Maps Client Side Extension
gpdupate: Implement Drive Maps Client Side Extension
gp: Skip site GP list if no site is found
Douglas Bagnall (121):
lib/util/charset: @param typos
util/charset: disambiguate docs for convert_string twins
idl/spoolss: fix spelling of UTF16 charset
librpc/ndr_basic: attempt only IPv4 addresses in push_ipv4
s4/dsdb: try not to leak on access check failure
s4:dns_server: loudly warn when a tombstone record has other records
docs/manpages: fix links to mod_ntlm_winbind and squid
s4/torture/gentest: remove redundant op entry
util/convert string: remove inaccurate misspelt comment
s4/torture/gentest: explain seemingly redundant initialisation
util/charset/torture: test convert_string_talloc with emptyish strings
libutil/iconv: don't allow wtf-8 surrogate pairs
libutil/iconv: avoid overflow in surrogate pairs
libcli/security: SDDL accepts lowercase "s-" in SIDs
libcli/security: sddl: check a talloc_zero
libcli/security: sddl_conditional_ace: ensure message is talloced
libcli/security: add sddl_decode_err_msg()
libcli/security: sddl_decode_ace/acl pass through messages
libcli/security: sddl: remove unreachable debug
libcli/security: sddl: guard against inconsistent msg pointers
libcli/security: conditional ace err messages don't hardcode offset
lib/ldb: py LDBError avoids leak and checks for alloc failure
lib/ldb: pyldb search iterator avoids exception leak
ndr/py_security: mod patch reports errors
s4/librpc/py_security: add SDDLValueError
pytest: sid_strings: handle SDDLValueError
pytest:security_descriptors: handle SDDLValueError
pytest:sddl: handle SDDLValueError
s4/librpc/py_security: use SDDLValueError for better error messages
pytest:sddl: assert SDDLValueError values make sense
samba-tool: try to present diagnostics for SDDL errors.
pytest: samba_tool domain auth policy fix for SDDL err msg
pytest:samba-tool domain test policy: test SDDL diagnostics
pytests: sid_strings: do not fail if epoch ending has zeros
libcli/security:sddl_decode_err_msg(): don't pretend msg is optional (CID1548624)
pytest:samba-tool domain auth policy: expect error message detail
libcli/security:sddl_decode_ace: turn DBG_WARNINGs into messages
libcli/security: adjust log verbosity in sddl_decode
libcli/security:sddl_decode_ace: add more messages
libcl/security:sddl_decode_acl: add a message
libcli/security:sddl_decode_ace: fix ';' count message
libcl/security:sddl_decode_acl: expand a comment
libcli/security:sddl_parse: add some top level error messages
libcli/security/test_sddl_conditional_ace: add message tests
libcli/security:sddl_decode message offset safety latch
pytest: security_descriptors tests get enumerator in name
libcli/security: initialise conditional ACE token flags
libcli/security:sddl_condtional_ace: log compiler errors at some debug levels
libcli/security/test_sddl_conditional_ace: adjust RA octet parse tests
libcli/security: un-invert parse_resource_attr_list, check type first
libcli/security: sddl_conditional_ace: add parse_uint for RA aces
libcli/security: sddl_conditional_ace: add parse_bool for RA aces
libcli/security: sddl_conditional_ace: remove check_resource_attr_type()
libcli/security: add a parser for resource attribute ACE byte strings
libcli/security/sddl: write RA octet strings the Windows way
libcli/security: parse resource attribute ace SIDs separately
libcli/security: conditional ACE sid parser no longer expects RA ACEs
libcli/security: improve error messages in RA ACE SDDL
libcli/security:sddl: remove vestiges of shared conditional/resource ACE SID parsing
libcli/security/tests: remove duplicate TX-integer tests from oversized-ACLs
libcli/security/tests: gunzip the oversized-acls test vectors
libcli/security: avoid leak when converting SID claims
libcli/security: remove redundant claim SID size check
librpc/idl:conditional_ace: make a flags field 32 bit
librpc/idl:condtional_ace: shift CONDITIONAL_ACE_FLAG_TOKEN_FROM_ATTR to last bit
librpc/idl:security: add a couple of claims flags
librpc/idl:security: add claims flag indicating orderly and unique members
libcli/security: test_run_conditional_ace can set debug levels
libcli/security: test_run_conditional_ace tests more comparisons
libcli/security: add test_claims_conversion
libcli/security: CA: tokens_are_comparable() considers the obvious
lib/security:CA: tokens_are_comparable() accepts NULL operator
libcli/security: conditional ACE sddl writers take const tokens
libcli/security: sddl_conditional_ace: check a talloc_new()
pytest: token_factory separate out list_to_claim() helper
pytest: token_factory claims can have case_sensitive flag
pytest: token_factory copes with empty claims
pytest: token_factory note that a flag is not set
pytest: conditional_ace_claims: write_c_test_on_failure() copes with claims
libcli/security/sddl: improve some SDDL error messages
pytest: conditional_ace_claims tests large composite comparisons
libcli/security: simplify wire claim conversion mem, 1/3: avoid NULL parent
libcli/security: simplify wire claim conversion mem, 2/3: one tree
libcli/security: simplify wire claim conversion mem, 3/3: rm tmp_ctx
libcli/security: int wire claims drop uniqueness check
libcli/security: wire claims conversion: remove strings uniqueness check
libcli/security: don't allow two NULL string claims
libcli/security: begin claim_v1_check_and_sort with Boolean checks
libcli/security: claim_v1_check_and_sort(): add all types
libcli/security: wire claim conversion uses claim_v1_check_and_sort()
libcli/security: resource attribute claims use claim_v1_check_and_sort()
libcli/security: add_claim_to_token() re-sorts/checks claims
libcli/security: claim_v1_to_ace_token(): avoid unnecessary re-sort
libcli/security: avoid leak on SDDL encode failure
libcli/security: separate out claim_v1_to_ace_composite_unchecked()
libcli/security: improve conditional ACE composite comparison
libcli/security: add shortcuts for conditional ACE compare
libcli/security: shift comparability check to shortcut exits
libcli/security: comparability check: claim members are of one type
libcli/security: note suboptimality of conditional ACE Contains operators
selftest: add an expectedfail directory
selftest/knownfail.d: README memntions expectedfail.d
selftest/knownfail.d: remove empty files
selftest/knownfail.d: move labdc to expectedfail.d
selftest/knownfail.d: move samba-4.5-emulation to expectedfail.d
selftest/knownfail.d: move ntlmv1-restrictions to expectedfail.d
selftest/knownfail.d: move encrypted_secrets to expectedfail.d
selftest/knownfail: move some parts to expectedfail.d/ntlm-auth
selftest/knownfail: move more parts to expectedfail.d/ntlm-auth
libcli/security: SDDL decode stops earlier with too many ACEs
libcli/security: don't allow conditional ACE SIDs to have trailing bytes
libcli/security: clarify tests for SDDL round trips
libcli/security: fix tests for SDDL conditional ACE round-trip
libcli/security: tests for conditional ACE integer base persistence
libcli/security: allow round-trip for conditional ACE octal integers
libcli/security: allow round-trip for conditional ACE hex integers
libcli/security: allow SDDL conditional ACE round-trip for -00 and -0x0
libcli/security: tests for signed zeros in sddl condtional ACEs
libcli/security: rearrange conditional ACE sddl_write_int
libcli/security: sddl conditional ACE: write -0 when asked
fuzz: allow max size conditional ACE round-trip failure
Gabriel Nagy (6):
gp_pol: Test empty multi_sz roundtrip
gp_pol: Allow null data for REG_MULTI_SZ
gp_pol: Test multiple values multi_sz roundtrip
gpo: Test certificate policy without NDES
gpo: Decode base64 root cert before importing
gpo: Do not get templates list on first run
Günther Deschner (14):
svcctl: unify operation names and always prefix with svcctl_
svcctl: rename SERVICE_FAILURE_ACTIONS to SERVICE_FAILURE_ACTIONSW
librpc: add various new commands and types to SVCCTL IDL.
librpc: use SERVICE_CONTROL enum in ControlService calls
s4-torture: add test for svcctl_QueryServiceConfigEx
librpc: add svcctl_ServiceStopReason enums
s4-torture: add test for svcctl_ControlServiceExW()
librpc: add missing service control defines
pidl: include scompat headers and servers in s3 server template
s3-rpcclient: add winreg_enumval command
s4-torture: add torture_assert_werr_equal_goto and torture_assert_werr_ok_goto macros
s4-torture: add test to check for Windows behavior of EnumValue call
s3-winreg: fix _winreg_EnumValue behavior
s4-winreg: fix dcesrv_winreg_EnumValue behavior
Jeremy Allison (1):
s3: smbd: Allow fchmod from the NFS-style mode ACL in set_nt_acl() for a SMB2 POSIX handle.
Jones Syue (2):
s3:smbd multichannel: always refresh the network information
s3:passdb: smbpasswd reset permissions only if not 0600
Joseph Sutton (426):
buildtools: Don’t call normpath() repeatedly
buildtools: Correctly raise exception
tests/krb5: Don’t consider RODC‐issued tickets to be banned with RBCD
tests/krb5: Expect a status code with policy errors
tests/krb5: Fix tests that crash Windows
tests/krb5: Don’t expect groups if we’re expecting an error
tests/krb5: Fix ASN.1 source
s4:dsdb: Check return value of ldb_msg_add_empty() (CID 1449667)
s4:kdc: Make ‘struct user_info_dc’ members const
s4:kdc: Explicitly initialize SDBFlags structures
s4:kdc: Remove unused function int2SDBFlags()
s4:torture: Check return values of talloc functions
s4:torture: Fix leaks
s4:torture: Check return values of gnutls functions (CID 1547212)
tests/krb5: Remove marker
tests/krb5: Fix comment
tests/krb5: Add ‘expect_edata’ parameter to _user2user()
tests/krb5: Add KDC_ERR_SERVER_NOMATCH error code
tests/krb5: Correctly pass arguments to _modify_tgt()
tests/krb5: Have _modify_tgt() accept only keyword arguments
tests/krb5: Update method names to be consistent with other tests
tests/krb5: Remove incorrect functional level check
tests/krb5: Move assignments closer to where the variables are used
tests/krb5: Use None for the default values of parameters
tests/krb5: Add parameter to _tgs() specifying whether FAST is to be used
tests/krb5: Don’t expect edata if no error is expected
tests/krb5: Make ‘keybytes’ a bytes object rather than a list
tests/krb5: Fix DES3CBC random_to_key()
tests/krb5: Remove unused imports
tests/krb5: Remove unnecessary f‐strings
tests/krb5: Fix RC4‐only Protected Users tests
tests/krb5: Remove unreachable exception handlers
tests/krb5: Make ‘services’ parameter required
tests/krb5: Delete connection variable
s4:dsdb: Remove reference to non‐existent code
s4:kdc: Always regard device info when the client performs RBCD
s4:kdc: Use HDB flag constants instead of SDB ones
s4:kdc: Add flag to indicate the upper sixteen bits of the kvno are specified
s4:kdc: Permit RODC‐issued evidence tickets for constrained delegation
tests/krb5: Remove unnecessary target_creds variables
tests/krb5: Work around Samba’s incorrect krbtgt principal handling
tests/krb5: Test whether the device belongs to some default groups
s4:kdc: Make a copy of the device SIDs to be placed in the security token
s4:kdc: Add a flag indicating that the device should be added to the default groups
s4:kdc: Add device to default groups for authentication policy evaluation
s4:kdc: Add a flag indicating that the device should be added to Authenticated Users
s4:kdc: Add device to Authenticated Users for authentication policy evaluation
lib/torture: Use portable format specifiers
lib/torture: Add torture_assert_size_*() macros
s4:torture: Produce more output to help debug smb2.multichannel.bugs.bug_15346
s3:rpc_server: Correctly reset DEVMODE bit
.gitattributes: Treat file containing test SDDL as binary
libcli/security: Fix leak on reallocation failure in pull_composite()
libcli/security: Fix leak on reallocation failure in conditional_ace_encode_binary()
python: Remove unnecessary f‐strings
python:tests: Remove unnecessary f‐strings
tests/krb5: Don’t pass parameters unnecessarily
tests/krb5: Sort imports
s3:libads: Update code reference in comment
s3:passdb: Fix code formatting
s4:dsdb:tests: Remove unnecessary f‐strings
s4:ntvfs: Avoid signed integer overflow
selftest: Remove ubsan suppressions
tests/krb5: Add more tests of the device belonging to certain groups
tests/krb5: Add tests for group membership with RBCD
s4:kdc: Add device to default groups for RBCD conditions evaluation
s4:kdc: Add device to Authenticated Users for RBCD conditions evaluation
SECURITY.md: Fix spelling
auth: Fix code spelling
docs-xml: Fix documentation
examples: Fix code spelling
ldb: Fix code spelling
lib/fuzzing: Fix code spelling
talloc: Fix documentation
tevent: Fix code spelling
lib/util: Fix comment
libcli/security: Fix code spelling
libcli: Fix code spelling
security.idl: Fix code spelling
librpc:ndr: Fix code spelling
pidl: Fix code spelling
python:tests: Fix code spelling
tests/krb5: Fix code spelling
s3:auth: Add missing word to comment
s3:lib: Fix code spelling
s3:libads: Fix code spelling
s3:libsmb: Fix code spelling
s3:passdb: Fix code spelling
s3:rpc_server: Fix code spelling
s3:smbd: Fix code spelling
s3:utils: Fix code spelling
s4:auth: Fix code spelling
s4:dsdb: Fix code spelling
s4:kdc: Fix code spelling
s4:lib: Fix code spelling
s4:librpc: Fix code spelling
s4:ntvfs: Fix code spelling
s4:rpc_server: Fix code spelling
s4:torture: Fix code spelling
script: Fix code spelling
testdata: Fix spelling
third_party/heimdal_build: Fix spelling
tests/krb5: Also consider single‐component krbtgt principals to be TGS principals
tests/krb5: Add tests for single‐component krbtgt principals
lib/krb5_wrap: Check return value of krb5_principal_get_comp_string()
s4:dsdb: Initialize pointers to NULL
s4:kdc: Have smb_krb5_principal_get_comp_string() properly indicate an error
s4:kdc: Change signature of is_kadmin_changepw() to accommodate failure cases
s4:kdc: Make use of smb_krb5_principal_is_tgs()
third_party/heimdal: Import lorikeet-heimdal-202309250010 (commit b73ae22b9b1c6fc06d0d79afe55517367a5f9670)
s4:kdc: Consider a single‐component krbtgt principal to be the TGS
s4:kdc: Have principal_comp_strcmp_int() properly indicate an error
s4:kdc: Check for overflow before calling smb_krb5_princ_component()
s4:kdc: Simplify principal_comp_strcmp_int() to handle only equality
tests/krb5: Test that the Service Asserted Identity SID is not regarded from an RODC‐issued PAC
tests/krb5: Test that the Claims Valid SID is added to RODC‐issued PACs
tests/krb5: Add tests to see how SIDs are conveyed from PACs
s4:kdc: Add Claims Valid SID to info regenerated from RODC‐issued PACs
s4:dsdb: Align integer type
libcli/security: Remove unnecessary return statement
libcli/security: Correct function documentation
s4:dsdb: Make sids_contains_sid() usable by other Samba modules
libcli/security: Rename sids_contains_sid() to sids_contains_sid_attrs()
libcli/security: Make use of sids_contains_sid_attrs()
libcli/security: Add sids_contains_sid()
libcli/security: Make use of sids_contains_sid()
libcli/security: Add sid_attrs_contains_sid()
s4:auth: Check that the PAC is not NULL before dereferencing it
s4:kdc: Add the Asserted Identity SID to the PAC only if the original RODC‐issued PAC contained it
tests/krb5: Use __slots__ to indicate which attributes are used by classes
tests/krb5: Don’t pass unnecessary parameter
tests/krb5: Rename ‘krbtgt_creds’ to ‘rodc_krbtgt_creds’
s4:kdc: Do not add Claims Valid SID twice
tests/krb5: Test device info generated from RODC‐issued tickets without certain SIDs
s4:kdc: Have samba_kdc_get_device_info_blob() call samba_kdc_get_user_info_dc() instead of adding special SIDs itself
s4:auth: Remove trailing whitespace
s4:auth: Comment about claims in the security token
third_party/heimdal: Import lorikeet-heimdal-202310310018 (commit 3a433861903ff7c35f3a42c2e88aef2fab7bb5b4) (CID 1544591, CID 1544617)
s4:kdc: Call kdc_request_set_e_data() instead of kdc_set_e_data()
dcerpc.idl: Use simple boolean value instead of flag
librpc:ndr: Fix code spelling
s4:torture: Make static variables constant
librpc:ndr: Introduce ‘libndr_flags’ type
librpc:ndr: Introduce ‘ndr_flags_type’ type
librpc:ndr: Increase size of ‘libndr_flags’ type to 64 bits
third_party/heimdal: Import lorikeet-heimdal-202311012221 (commit 87159bd32148be80a0d9bfc984db481e4a0f2831)
libcli/security: Remove reference to conditional ACE recursive composites
libcli/security: Allow empty composites and resource attribute lists
selftest: Sort conditional ACE knownfails
tests/krb5: Test conditional ACE expressions with empty composite literals
s3:smbd: Remove unreachable code (CID 710840)
s3:utils: Remove unused‐but‐set variable
s3:utils: Fix code spelling
s3:utils: Check return value of samba_cmdline_init() (CID 1548345)
s3:utils: Remove condition that cannot be true (CID 1548341)
s3:utils: Align integer type
s3:utils: Avoid integer overflow (CID 1548343)
s3:utils: Initialize flags (CID 1499396)
s3:rpc_client: Align integer types (CID 1548342)
s3:rpc_client: Add missing ‘break’ statement
s4:rpc_server: Properly initialize ‘lsa_CreateTrustedDomainEx2’ structure (CID 1499407)
s4:rpc_server: Properly initialize ‘lsa_CreateTrustedDomainEx2’ structure (CID 1499404)
selftest/flapping: Mark smb2.multichannel.bugs.bug_15346(nt4_dc) flapping
tests/krb5: Remove unused import
tests/krb5: No longer pass two‐component form of TGS principal
tests/krb5: Ensure that device SIDs and claims are present only if we expect them to be
tests/krb5: Always expect client claims
tests/krb5: Add support to test framework for existing device info or claims buffers
tests/krb5: Test performing a FAST‐armored TGS‐REQ when the TGT already contains device info/claims
tests/krb5: Pass a list of PAC modification functions
tests/krb5: Add tests for PACs containing extraneous buffers
tests/krb5: Test target authentication policies when the TGT already contains device info/claims
tests/krb5: Don’t reuse SID S-1-2-3-4
tests/krb5: Test RODC‐issued TGTs that already contain device info/claims
tests/krb5: Fix comments
third_party/heimdal: Import lorikeet-heimdal-202311030123 (commit 2346a67fe25cbf16128501665db41f6840546e15)
tests/krb5: Remove unused parameter ‘expected_device_groups’
tests/krb5: Remove unused parameter ‘expected_device_groups’
tests/krb5: Correct authentication policy SDDL
tests/krb5: Add test for an authentication policy that allows a specific account
tests/krb5: Add tests for AllowedToAuthenticateTo with SamLogon
s4:auth: Remove trailing whitespace
s4:auth: Add comment about claims going ignored for SamLogon
s4:kdc: Move return code checks closer to where the return codes are set
s4:kdc: Don’t convey PAC buffers from an RODC‐issued PAC
tests/krb5: Move ‘rfc4120_pyasn1’ to ‘rfc4120_pyasn1_generated’
tests/krb5: Encode KerberosString objects as UTF‐8
tests/krb5: Add ‘expected_sname’ parameter to _fast_as_req()
tests/krb5: Test Kerberos principal names containing non–BMP Unicode characters
third_party/heimdal: Import lorikeet-heimdal-202311082119 (commit 844610f06bac2b7b2a208cbabc7414bde23abac7)
s4:librpc: Remove trailing whitespace
s4:librpc: Fix leak
libcli/security: Reassign flags
libcli/security: Include missing headers
ilbcli/security: Fix duplicated words
libcli/security: Mark arrays ‘const’
netcmd:tests: Test authentication policies containing device‐specific attributes and operators
libcli/security: Optionally disallow device‐specific attributes and operators where they are not applicable
s4:librpc: Add ‘allow_device_in_sddl’ parameter to security.descriptor.from_sddl()
netcmd: Add ‘allow_device_in_sddl’ parameter to SDDLField()
netcmd: Disallow device‐specific attributes and operators for allowed‐to‐authenticate‐from fields
third_party/heimdal: krb5: Try to decode e-data as KERB-ERROR-DATA (falling back to METHOD-DATA) (Import lorikeet-heimdal-202311092338 (commit 50996e5f0b0f22a4eb755a6f22cb7b4ecab2aeea))
librpc:ndr: Fix error messages
librpc:ndr: Check return values of talloc functions
librpc:ndr: Prohibit STR_NULLTERM|STR_NOTERM flags combination
libndr:ndr: Allow only one string encoding flag
librpc:ndr: Fix comment
librpc:ndr: Convert NDR flags types to enumerations
util/charset: Remove trailing whitespace
s4:libcli: Remove trailing whitespace
s4:smb_server: Remove trailing whitespace
util/charset: Rename utf16_len_n() to utf16_null_terminated_len_n()
util/charset: Rename utf16_len() to utf16_null_terminated_len()
util/charset: Add utf16_len()
util/charset: Include final UTF‐16 code unit in length calculation loop
util/charset: Add utf16_len_n()
s4:torture: Remove trailing whitespace
util/charset/tests: Add tests for UTF‐16 string length functions
util/charset: Prefer PULL_LE_U16() to older SVAL() macro
python:tests: Fix crashing pymessaging tests
python:tests: Ensure we clean up callbacks in pymessaging tests
util/charset: Remove unnecessary cast
util/charset: Include missing headers
util/charset: Add talloc_utf16_str[n]dup()
librpc:ndr: Fix code formatting
librpc:ndr: Fix error message
librpc:ndr: Introduce common out path in ndr_push_string()
librpc:ndr: Move call to convert_string_talloc() on to its own line
librpc:ndr: Don’t duplicate strings needlessly
librpc:ndr: Fix comment
pidl: Remove trailing whitespace
pidl: Don’t overwrite exception set by PyUnicode_AsEncodedString()
tests/krb5: Allow creating Group Managed Service Accounts
s4:librpc: Remove trailing whitespace
s4:librpc: Add functions converting between bytes and UTF‐16 strings
librpc:ndr: Don’t try to log always‐NULL string
util/charset: Have talloc_utf16_str[n]dup() accept NULL pointers
s4:librpc: Produce more helpful error message when bytes length is odd
pidl: Add a helper function to determine whether a type is a string type
pidl: Add new ‘u16string’ type
gmsa.idl: Add definition for MANAGEDPASSWORD_BLOB
librpc: Add NDR test for GMSA Managed Password blobs
python:tests: Move NDR tests to their own directory
tests/ndr: Add tests for GMSA Managed Password blobs
python:tests: Add ndrdump test for GMSA Managed Password blobs
pidl: Remove unused imports
pidl: Remove trailing whitespace
pidl: Fix grammar in warning message
pidl: Remove unneeded casts
pidl: Fix subscripts of dereferenced arrays
conditional_ace.idl: Fix undefined shift
pidl: Make sure to cast whole expressions
docs-xml: Add missing closing parenthesis
librpc:ndr: Remove trailing whitespace
librpc:ndr: Use correct libndr flags type
selftest: Remove knownfail entries for non‐existent tests
libcli/smb: Include missing headers
libcli/auth: Use correct enumeration constant
libcli/auth: Call correct function to get HMAC output length
libcli/smb: Call correct function to get HMAC output length
s4:libcli: Remove trailing whitespace
s4:libcli: Call correct function to get HMAC output length
s4:utils: Remove trailing whitespace
s4:utils: Use correct enumeration constant
auth/gensec: Return more consistent status codes on gnutls hashing failure
libcli/auth: Return more consistent status code on gnutls HMAC failure
libcli/smb: Add ‘algorithm’ parameter to smb2_key_derivation()
lib:crypto: Remove unused imports
lib:crypto: Remove unused variable
lib:crypto: Add samba_gnutls_sp800_108_derive_key()
lib:crypto: Add tests for samba_gnutls_sp800_108_derive_key()
lib:crypto: Split out core of samba_gnutls_sp800_108_derive_key()
lib:crypto: Add common out path to samba_gnutls_sp800_108_derive_key()
lib:crypto: Add missing call to gnutls_hmac_deinit()
lib:crypto: Clean up HMAC handle in one place
lib:crypto: Have samba_gnutls_sp800_108_derive_key() support various output key lengths
lib:crypto: Add ‘FixedData’ parameter to samba_gnutls_sp800_108_derive_key()
lib:crypto: Add test for samba_gnutls_sp800_108_derive_key() using NIST test vectors
python:tests: Permit newer copyright notice
gkdi.idl: Add definitions for the Group Key Distribution Service
tests/ndr: Add tests for Group Key Distribution Service blobs
auth:gensec: Zero digest array in error case
buildtools: Update docstring to be more accurate
ctdb: Remove trailing whitespace
ctdb: Fix code spelling
docs-xml: Fix code spelling
lib:crypto: Remove redundant array zeroing
lib:crypto: Remove unused Rijndael cipher header
ldb: Fix code spelling
lib/fuzzing: Fix code spelling
talloc: Fix documentation
lib/torture: Remove trailing whitespace
util/charset: Remove trailing whitespace
util/data_blob: Remove trailing whitespace
util/data_blob: Fix code spelling
libcli/security: Remove unused includes
libcli/security: Fix code spelling
librpc: Remove trailing whitespace
librpc: Fix code spelling
security.idl: Remove trailing whitespace
gp: Remove unused import
python: Fix code spelling
python: Add missing word to comment
python:tests: Remove unnecessary f‐strings
python:tests: Remove unused imports
python:tests: Remove leftover debugging message
tests/dcerpc: Correct docstring
tests/dcerpc: Remove unused imports
tests/krb5: Fix indentation
tests/krb5: Remove unused parameter
s3:include: Remove trailing whitespace
s3:include: Fix code spelling
s3:modules: Fix code spelling
s3:rpc_server: Fix code spelling
s4:auth: Fix code spelling
s4:dsdb: Remove trailing whitespace
s4:dsdb: Remove unused includes
s4:dsdb: Use portable integer constant INT64_MIN
s4:dsdb: Use portable integer constant INT64_MAX
s4:dsdb: Use portable integer constant INT64_MAX
s4:dsdb: Remove trailing whitespace
s4:dsdb: Fix code spelling
s4:include: Remove trailing whitespace
s4:include: Fix code spelling
s4:kdc: Remove unused includes
pymessaging: Remove trailing whitespace
s4:ntvfs: Remove trailing whitespace
Revert "s4:torture: Increase multichannel timeout"
selftest: Remove unused import
buildtools: Remove unused parameter ‘env’
buildtools: Fix code spelling
s4:librpc: Fix code spelling
buildtools: Pass through parameter ‘keep_underscore’
buildtools: Remove useless ‘keep_underscore’ parameter
buildtools: Remove ‘keep_underscore’ parameter
python: Remove unfinished join method
python: Remove unused variable ‘machinesid’
python: Make use of ‘serverdn’ parameter
python: Remove unused parameter ‘targetdir’
python: Remove unused parameter ‘lp’
python: Make use of ‘prefix’ parameter
python: Remove unused parameter ‘logger’
python: Remove unused parameter ‘lp’
python: Remove unused parameter ‘backend_store’
python: Remove unused parameter ‘targetdir’
python: Remove unused parameter ‘targetdir’
python: Remove unused parameter ‘lp’
python: Remove unused parameter ‘lp’
python: Remove unused parameter ‘backend_store’
python: Remove unused parameter ‘targetdir’
python: Remove unused parameter ‘message’
python: Remove unused parameter ‘lp’
python: Remove unused parameter ‘samdb’
python: Remove unused parameter ‘netlogon’
python: Remove unused parameter ‘name’
python: Remove unused parameters ‘maxuid’ and ‘maxgid’
python: Remove unused parameters ‘maxuid’ and ‘maxgid’
python: Remove unused parameter ‘root_gid’
python: Remove unused parameter ‘backend_store_size’
python: Remove unused parameter ‘erase’
python: Remove unused parameter ‘keytab_path’
python: Remove unused parameter ‘fill’
python: Remove unused parameters ‘backend_store’ and ‘backend_store_size’
python: Remove unused parameters ‘backend_store’ and ‘backend_store_size’
python: Remove unused parameter ‘am_rodc’
python: Remove unused parameter ‘am_rodc’
python: Remove unused parameter ‘serverrole’
python: Remove unused parameter ‘backup’
python: Remove references to removed parameters
lib:util: Define TIME_FIXUP_CONSTANT_INT using INT64_C() macro
s3:lib: Define TIME_FIXUP_CONSTANT_INT using INT64_C() macro
s4:auth: Clarify comment about requiring FAST armor
lib:util: Parenthesize macro parameters
lib:util: Cast macro parameter ‘val’ to expected type
lib:util: Don’t unnecessarily parenthesize macro arguments
lib:util: Remove redundant casts in PUSH_*() macros
librpc:ndr: Don’t unnecessarily parenthesize macro arguments
python:tests: Use ‘False’ in boolean expression rather than ‘None’
python:tests: Raise exception of more specific type NotImplementedError
python:tests: Rename parameter to be consistent with overridden method
s3:param: Remove unnecessary use of discard_const_p()
lib:util: Use portable integer constants
python:tests: Don’t needlessly create single‐element tuple
pyglue: Remove unnecessary uses of discard_const_p()
lib:cmdline: Fix code spelling
buildtools: Use correct variable in error message
ldb: Fix code spelling
tests/krb5: Remove redundant definitions
s3:utils: Do not pass invalid file descriptor to close() (CID 1550131)
gkdi.idl: Comment on domain and forest name fields
gkdi.idl: Add ‘additional_info’ field to KeyEnvelope structure
selftest: Rename ‘samba.unittests.test_gnutls_sp800_108’ to something more consistent with existing tests
python:tests: Catch strings passed to utf16_encoded_len() with embedded nulls
s4:libcli: Remove trailing whitespace
s4:libcli: Fix conversion from HRESULT and WERROR to Python objects
gkdi.idl: Verify magic numbers of pulled GKDI structures
lib:crypto: Add GKDI module with some constants
pyglue: Fix code spelling
pyglue: Export some more HRESULT constants
pyglue: Export some GKDI constants
python: Add NT Time utility functions
tests/krb5: Add Python implementation and tests for Group Key Distribution Service
librpc: Add missing spaces to error messages
librpc: Change type of ‘u16string’ from ‘const uint16_t *’ to ‘const unsigned char *’
librpc: Do not allow u16string to be encoded in a big‐endian context
tests/krb5: Check properties of current GKDI key
tests/krb5: Create root key just for implicit root key tests
tests/krb5: Test that root key data is the correct length in bytes
tests/krb5: Raise an error if root key data is the wrong length
lib:crypto: Add implementation of GKDI key derivation
lib:crypto: Add tests for GKDI key derivation
s4:scripting: Align integer types
libcli:util: Update HRESULT definitions
libcli:util: Update NTSTATUS definitions
s4:scripting: Initialize ‘isWinError’ in constructor
s4:scripting: Initialize line number to (possibly) more appropriate value
s4:scripting: Let error definition generation scripts tolerate empty lines
s4:scripting: Correctly report number of parsed lines
s4:scripting: Remove blank line
s4:scripting: Use common function to parse error descriptions
s4:scripting: Remove global list of errors
s4:scripting: Ensure generated error definition files are closed after use
s4:scripting: Generate HRESULT definitions as part of the build process
s4:scripting: Remove trailing whitespace
s4:scripting: Remove obsolete references to function prototypes
python: Generate HRESULT definitions automatically
Jule Anger (1):
talloc: release 2.4.2
Martin Schwenke (3):
ctdb-scripts: Update detect_init_style to use /etc/os-release
ctdb-daemon: Use ctdb_connection_to_buf() to simplify
ctdb-server: Drop unnecessary copy of destination address
Michael Adam (1):
gitignore: add WAF lockfile
MikeLiu (2):
shadow_copy2: Add missing TALLOC_FREE
vfs_fruit: ignore ENAMETOOLONG in fruit_unlink_rsrc_adouble()
Noel Power (47):
s3/winbind: Ensure parse_domain_user() can't write beyond the end of domain[]
s3/winbindd: rename canonicalize_username to canonicalize_username_fstr
s3/winbindd: Add new canonicalize_username function
s3/winbindd: in winbindd_ccache_save use canonicalize_username
s3/winbindd: in winbindd_pam_logoff_send use canonicalize_username
s3/winbindd: in winbindd_pam_auth_send use canonicalize_username
s3/winbindd: in winbindd_pam_chauthtok_send use canonicalize_username
s3/winbindd: remove canonicalize_username_fstr
s3/winbindd: rename parse_domain_user to parse_domain_user_fstr
s3/winbindd: Add new parse_domain_user function
s3/winbindd: use parse_domain_user_fstr instead of parse_domain_user
s3/winbindd: use parse_domain_user instead of parse_domain_user_fstr
s3/winbindd: use parse_domain_user instead of parse_domain_user_fstr
s3/winbindd: replace parse_domain_user_fn with parse_domain_user
s3/winbindd: replace use of parse_domain_user_fstr with parse_domain_user
s3/winbindd: use parse_domain_user instead of parse_domain_user_fstr
s3:/winbindd: remove parse_domain_user_fstr
codespellignore: ignore some spellings introduced with wsp files
libcli/smb: Allow dynamic setting of the max_data in SMB Pipe transaction.
librpc/idl: Add idl for WSP and also some required helper functions.
s3/build: Add support for WSP in configure script.
librpc/rpc: Add windows propertyset info and associated accessor and helper api.
docs-xml: Add config param for defining extra wsp properties
librpc/wsp: adjust the wsp property api to additionally use a csv file
librpc/wsp: add some helper functions needed to support AQS
libcli/wsp: Add support for simplified Advanced Query Syntax
librpc/wsp: Add functions to dump restriction as string
libcli/wsp: Test AQS parser
librpc/wsp: Add some util functions needed for wsp client api
remove problematic include (seems to bring in conflicted definitions)
add accessor for tstream_context
libcli/wsp: Add simple client api for wsp client code.
s3/utils: Add search client
docs-xml: add manpage for wspsearch cli client
s3/utils: ensure sddl_encode/sddl_decode both use domain_sid
s3/utils: Add save and restore config switches (and help output)
s3/utils: Add recursive option to smcacls
s3/utils: Add functionality to smbcacls to save dacl(s) to a restore file
s3/utils: Add support to smbcacls to restore dacls from file
docs-xml: Update manpages for new -T, --save & --restore options
python/samba/tests: Add smbcacl tests for save/restore
libcli/security: Debug only when we failed to decode
s3/utils: Detect (and report) failure to parse sddl
s3/utils: Use sddl_decode_err_msg instead of sddl_decode
s3: Make build of wspsearch client enabled by default
WHATSNEW: Add entry for wspsearch client utility
WHATSNEW: Add entry for new save/restore options for smbcacls
Oleg Kravtsov (1):
s4/torture: fix exit status of raw.bench-lookup
Pavel Filipenský (8):
s3:tests: The correct name of shell variable is 'samba_smbspool_krb5'
s3:tests: Add smbspool test using kerberos authentication: test_smbspool_krb.sh
s3:tests: Plan test_smbspool_krb.sh for environment ad_member_fips
s3:winbindd: Improve logging for failover scenarios in winbindd_cm.c
s3:winbindd: Improve logging for failover scenarios in winbindd_pam.c
s3:libsmb: Improve logging for failover scenarios
s3:libads: Improve logging for failover scenarios
autobuild: Run ad_member_idmap_nss tests as part of samba-admem
Ralph Boehme (87):
smbd: put back code to fill in user and group SID
clang-format: tweak config to bring us closer to README.Coding.
clang-format: sort alphabetically
vfs_fruit: add option fruit:validate_afpinfo = yes|no (default: yes)
smbtorture: add test for fruit:validate_afpinfo option
libcli/util: add tstream_full_request_u32 and tstream_full_request_u16
libcli/util: add struct tstream_context to tstream_read_pdu_blob_full_fn_t
s4/lib: remove packet_full_request_u16, not used anymore
libcli: Implement a tstream dcerpc_binding_handle
libcli/smb: add FSCTL_PIPE_WAIT
smbd: fix group marshalling in smb3_file_posix_information_init
s3/libsmb: reuse smbXcli_conn_have_posix()
smbd: add nlinks marshalling in smb3_file_posix_information_init()
smbd: add inode marshalling in smb3_file_posix_information_init()
libcli/smb: add IO_REPARSE_TAG_RESERVED_ZERO
pylibsmb: add IO_REPARSE_TAG_RESERVED_ZERO
CI: smb3unix.py: use libsmb.SMB2_FIND_POSIX_INFORMATION
libsmb: infer posix context from info_level
libsmb: info-level SMB2_FIND_POSIX_INFORMATION doesn't return short name
libsmb: use K format for parsing unsigned long long
libsmb: remove mode from struct file_info
libsmb: add all fields from SMB2_FIND_POSIX_INFORMATION in list_posix_helper()
CI: smb3unix.py: check basic CreateContexts response
smbd: remove call to fdos_mode() when setting DOS attrs
smbd: add and use helper function possibly_set_archive()
smbd: ignore symlinks in file_set_dosmode()
smbd: in file_set_dosmode() do an early exit if smb_fname->fsp is NULL
smbd: move POSIX check from possibly_set_archive() to file_set_dosmode()
smbd: allow POSIX opens for file_set_dosmode() in mark_file_modified()
smbd: allow POSIX opens for file_set_dosmode() in mkdir_internal()
smbd: allow POSIX opens for file_set_dosmode() in rename_internals_fsp()
smbtorture3: reduce indentation in posix_ls_fn()
smbd: s/FILE_ATTRIBUTES_INVALID/FILE_ATTRIBUTE_INVALID/g
smbtorture3: remove unused initializers
smbtorture3: prepare POSIX tests for differentianting between client flavour in the list callback
smbd: allow setting ARCHIVE bit in POSIX context with "store dos attributes"
smbtorture3: also check test file and it's attributes in two POSIX tests
CI: smb3unix.py: check more attributes of test files (and dirs) in test_posix_perm_files()
python: move clean_file() to samba/tests/libsmb.py
CI/smb3unix: add test_delete_on_close
smbd: fix has_other_nonposix_opens_fn()
smbd: remove now unneccessary wrapper vfs_fget_dos_attributes()
smbd: fix close order of base_fsp and stream_fsp in smb_fname_fsp_destructor()
smbd: leave comment on broken SMB1 POSIX open handling of SMB_O_DIRECT
smbd: pass fsp to smbd_do_qfsinfo()
smbd: pass fsp to fsinfo_unix_valid_level()
smbd: check is POSIX is enabled on the fsp in fsinfo_unix_valid_level()
smbd: tweak POSIX check in smbd_do_qfilepathinfo()
smbd: factor out smb2_negotiate_context_process_posix()
smbd: bring back "smb3 unix extensions" option
s3/lib: factor out call_panic_action() from smb_panic_s3()
s3/lib: add log_panic_action()
selftest: remove error_inject from shadow_write share
s4/libcli/raw: implemement RAW_SFILEINFO_LINK_INFORMATION
smbtorture: expand smb2.twrp.write test
smbd: return the correct error in can_rename()
smbd: set fsp_flags.is_fsa to true on printer file handles
smbd: rename check_access_fsp() to check_any_access_fsp()
smbd: fix check_any_access_fsp() for non-fsa fsps
smbd: return correct error when trying to create a hardlink to a VSS file
smbd: set fsp->fsp_flags.can_write to false for access to previous-versions
smbd: replace CHECK_WRITE() macro with calls to check_any_access_fsp()
smbd: use check_any_access_fsp() for all access checks
smbd: check for previous versions in check_any_access_fsp()
smbd: move access override for previous versions to the SMB layer
examples/scripts: add smbXsrvdump
net: remove a newline
net: fix credentials in trustdom establish
net: support NT4 trusts in "net rpc trust create"
net: create creds for other domain
winbindd: also apply schannel logic as an NT4 DC
winbindd: make add_trusted_domains_dc() public
winbindd: call add_trusted_domains_dc() in smbcontrol reload-config handler
selftest: fix domain name of nt4_dc_smb1 environment
selftest: do early exit in setup_fl2008r2dc() if provision_fl2008r2dc() fails
selftest: rename a variable in setup_fl2008r2dc()
selftest: create trust between fl2008r2dc and nt4_dc
selftest: add a test for NT4 trusts
s4/rpc_server: return NULL dns_name for NT4 trusts
selftest: test listing trusted domains that includes an NT4 domain
winbindd: fix listing trusted domains with NT trusts
vfs_default: allow disabling /proc/fds and RESOLVE_NO_SYMLINK at compile time
CI: disable /proc/fds and RESOLVE_NO_SYMLINK in samba-no-opath-build runner
smbd: pass symlink target path to safe_symlink_target_path()
smbd: add a directory argument to safe_symlink_target_path()
smbd: use safe_symlink_target_path() in symlink_target_below_conn()
smbd: use dirfsp and atname in open_directory()
Rob van der Linde (126):
tests: minor indentation and whitespace fixes
netcmd: tests: make check_run and related methods classmethod for consistency
python: PEP8 fixup whitespace in getopt.py first
python: move comment for check_bytes to docstring
python: getopt: update super calls to python3 style
python: getopt: correctly group and sort imports
python: getopt: move SambaOption to the top of the file
netcmd: correctly pass Samba option class to OptionParser
netcmd: move comment above class to docstring
netcmd: PEP8: minor whitespace fix, file did not pass PEP8
netcmd: don't turn exception into CommandError in run_validators
python: getopt: move validators logic to parent class
python: move Validator base class and ValidationError to getopt
python: add docstrings to Validator and ValidationError
python: tests: fix some hidden tab characters in tests.py
python: netcmd: ntacl: fix import grouping and order
python: netcmd: dbcheck: fix import grouping and order
python: netcmd: SUPPRESS_HELP constant has no effect here
python: netcmd: remove redundant Option subclass
python: netcmd: fix import grouping and sorting in base first
python: netcmd: parser class in getSamDB should set option_class
python: getopt: rename SambaOption to Option
python: netcmd: catch parent exception class OptParseError instead
python: netcmd: remove OptionError alias to OptionValueError
netcmd: tests: stop checking for ERROR prefix from CommandError
python: getopt: subclass OptionParser to populate option_class
python: getopt: implement required flag on options and OptionParser
python: netcmd: make use of required flag on Option for claims commands
python: getopt: Add HostOptions to avoid need to manually add -H
python: netcmd: make use of HostOptions for claims and sites commands
netcmd: auth policy: add OptionGroup classes for user, service and computer options
python: getopt: HostOptions and other option groups inherit from samba OptionGroup class
netcmd: silo command remove combined --policy which set all 3
netcmd: silo command uses more consistent naming for policy args
netcmd: silo command uses more consistent naming for tgt args
netcmd: claims: rename claims and silo tests
netcmd: tests: make use of addCleanup
python: tests: function to generate a unique name from caller
python: tests: addCleanup is always before create operation
python: tests: qa and developers were not in the correct case
python: tests: improve comments for auth silo and policy tests
python: tests: claims and silo tests make use of unique_name
python: silos: add some missing tests for auth policy command
python: move method escaped_claim_id from test to samba.sd_utils
python: add docstring for escaped_claim_id function
python: silos: add support for allowed to authenticate from silo shortcut
netcmd: user: PEP8 E117: code is overindented
netcmd: user: PEP8 E502: backslash is redundant between brackets
netcmd: user: PEP8 E127: fix hanging indent not lining up
netcmd: user: PEP8 E221: fix multiple spaces before operator
netcmd: user: PEP8 E225: missing whitespace around operator
netcmd: user: PEP8 E303 E305: fix too many or too little blank lines
netcmd: model: add missing assigned_policy field on User model
netcmd: model: add a find method to User model to avoid repeating code
netcmd: silo member: make use of User.find function
netcmd: silo member add and remove should not set assigned_silo
netcmd: silo member uses consistent output with other commands
netcmd: tests: make use of unique_name
netcmd: model: User model str method returns username not cn
netcmd: silo member: Make output consistent with user command
netcmd: add auth silo and policy sub-commands to samba-tool user
netcmd: tests: rename base class to be used by more tests
netcmd: tests: rename domain_auth_base.py to silo_base.py
netcmd: tests: add tests for user auth policy and silo commands
netcmd: docs: document samba-tool user auth silo and policy commands
netcmd: models: add Query class to replace simple generator
netcmd: models: Model.query method makes use of Query class
netcmd: models: fix incorrect return type should not be User
netcmd: silo member: rename exceptions to grant and revoke
netcmd: silo member: rename model methods to grant and revoke
netcmd: silo member: update model docstrings and exception text
netcmd: silo member: rename add and remove commands to grant and revoke
netcmd: silo member: update command line options help text for grant + revoke
netcmd: silo member: update docstrings comments and print statements for grant + revoke
netcmd: tests: rename add_silo_member and remove_silo_member methods in test
netcmd: tests: rename silo member tests to grant + revoke
netcmd: tests: update silo member grant and revoke docstings and comments
netcmd: docs: update docs for silo member grant + revoke
tests: gensec: docstrings in the middle of code should be comments
selftest: move planoldpythontestsuite up so it can be used by blackbox tests
netcmd: fix typo in groups and computer commands
netcmd: models: use correct SDDL for authentication silos
netcmd: models: add SIDField field
netcmd: models: get_base_dn returns default rather than be abstract
netcmd: models: add readonly attribute on fields to exclude it from save
netcmd: models: ensure that backlinks are always readonly
netcmd: models: make systemFlags and systemOnly fields readonly
netcmd: models: add a Group model
netcmd: models: add field test for SIDField
netcmd: auth policy: add allowed to authenticate to by silo attributes
netcmd: auth policy: document allowed to authenticate from silo and to by silo attributes
netcmd: auth policy: rename "from silo" to "from device silo"
netcmd: auth policy: add allowed-to-authenticate-to-by-group attributes
netcmd: auth policy: fix missing 'by' in help string
netcmd: auth policy: add allowed-to-authenticate-from-device-group attributes
Claims initial black box tests
netcmd: auth: set better metavar that matches the docs
tests: claims: blackbox device tests
tests: claims blackbox: use raw strings rather than escaping \
python: tests: claims blackbox tests use ntstatus constants
tests: claims blackbox: add device and server silo restrictions test
python: fix missing colon around param in docstring
python: PEP275: docstrings should always use double quotes
python: tests: make HRES_SEC_E_* constant an int
python: move HRES_SEC_* constants to samba module
python: get rid of pointless empty overridden methods
python: tests: update all super calls to python 3 style in tests
python: pep257: docstring should use double quotes
netcmd: getpassword: get rid of pointless overridden constructors
python: use python3 style super statements
netcmd: add shell command
selftest: function _get_attribute() was in two places
selftest: remove unused imports from virtualCryptSHA tests
selftest: pep8: fix incorrect number of blank lines
selftest: make _get_attribute a method on base class
selftest: make _get_attribute use parse_ldif
selftest: make get_loadparm a classmethod
selftest: add get_env_credentials()
selftest: require named parameters for callers of connect_samdb() and connect_samdb_ex()
netcmd: getpassword: print OK message on stderr
netcmd: models: add object sid field to User model
netcmd: user: samba-tool support to allow non-windows use of GMSA accounts (show password)
selftest: fix failing user setpassword test
samba-tool: fix some grammar in getpassword docstrings
samba-tool: document that -H can be used with gMSA accounts
python: tests: blackbox test for GMSA
Samuel Cabrero (11):
s3:rpc_server/wkssvc: Remove get logged on user list from utmp
WHATSNEW: Mention logged on users list removal
s3:winbind: talloc the static idmap child
s3:winbind: talloc the static locator child
s3:winbind: Register a messaging filter foreach domain child
docs: Document idmap_nss "range" option
idmap_nss: Increase debug on failures
idmap_nss: Add a parameter to use UPNs instead of plain names
idmap_nss: Install a messaging filter to reload the configuration
tests: Add a test for the idmap_nss : use_upn setting
witness.idl: Set cifs as auth service name for the witness interface
Shachar Sharon (2):
vfs_ceph: call 'ceph_fgetxattr' only if valid fd
vfs_ceph: use extra 'ceph_*at()' calls when available
Stefan Metzmacher (134):
CVE-2018-14628: python:descriptor: add get_deletedobjects_descriptor()
CVE-2018-14628: python:provision: make DELETEDOBJECTS_DESCRIPTOR available in the ldif files
CVE-2018-14628: s4:setup: set the correct nTSecurityDescriptor on the CN=Deleted Objects container
CVE-2018-14628: s4:dsdb: remove unused code in dirsync_filter_entry()
CVE-2018-14628: dbchecker: use get_deletedobjects_descriptor for missing deleted objects container
CVE-2018-14628: python:descriptor: let samba-tool dbcheck fix the nTSecurityDescriptor on CN=Deleted Objects containers
tests/krb5/kdc_tgs_tests: add user2user tests using a normal user account
third_party/heimdal kdc: introduce HDB_F_USER2USER_PRINCIPAL (import lorikeet-heimdal-202310152331 (commit a571340c9e1b75d4f5d96f08fcf9fd660d3ba3d4))
s4:kdc: fix user2user tgs-requests for normal user accounts
libcli/util: let win_errstr() fallback to hresult_errstr()
s3:selftest: also run rpc.mgmt against the nt4_dc (and ad_dc)
s4:torture/rpc: let test_inq_princ_name_size also test for princ_name_size = 0 and BAD_STUB_DATA
librpc/rpc: apply some code cleanup and error checks to dcesrv_mgmt.c
librpc/rpc: let dcesrv_mgmt_inq_if_ids() filter out the mgmt syntax_id
librpc/rpc: implement dcesrv_mgmt_inq_princ_name infrastructure
librpc/rpc: add dcesrv_register_default_auth_types[_machine_principal]() helpers
s3:rpc_server: let register_ep_server() errors result in DBG_ERR()
s3:rpc_server: let get_servers() callback of rpc_worker_main() return NTSTATUS
s3:rpc_server: make use of dcesrv_register_default_auth_types[_machine_principal]()
s3:rpc_server: call reopen_logs before we print the copyright notice
rpc_host.idl: change server_index from uint8 to uint32
s3:rpc_server: correctly allow up to 65536 workers processes
s3:rpc_server: simplify rpc_host_find_worker()
s3:rpc_server: improve debugging in rpc_host_distribute_clients()
dcesrv_core: maintain the number of allocated association groups per dce_ctx
s3:rpc_server: distribute clients based on available association group slots
librpc/rpc: allow dcesrv_context to propose the preferred ndr syntax
librpc/rpc: add dcesrv_async_reply() helper that disconnects as needed
s4:rpc_server/echo: make use of dcesrv_async_reply()
s4:rpc_server/common: make use of dcesrv_async_reply()
s4:rpc_server/lsa: make use of dcesrv_async_reply()
s4:rpc_server/netlogon: make use of dcesrv_async_reply()
s4:rpc_server/remote: make use of dcesrv_async_reply()
s3:rpc_server: let create_policy_hnd() return a pointer
librpc/rpc: add dcerpc_floor_pack_uuid_full() helper function
librpc/rpc: also get the 2nd half of the ndr_syntax_id from a floor
s4:rpc_server: simplify logic in dcesrv_epm_Map matching
s4:rpc_server/epmapper: check dcerpc_floor_get_uuid_full() result in dcesrv_epm_Map()
s4:rpc_server/epmapper: use ndr_syntax_id_equal() in dcesrv_epm_Map() to match the request
lib/util: add samba_socket_{poll,sock,poll_or_sock}_error()
lib/tsocket: make use of samba_socket_poll_or_sock_error()
lib/tsocket: make use of samba_socket_sock_error()
lib/async_req: let async_connect_send use TEVENT_FD_ERROR instead of TEVENT_FD_READ
lib/async_req: let writev_send/recv use TEVENT_FD_ERROR
lib/tsocket: let tstream_bsd_connect_send() use TEVENT_FD_ERROR instead of TEVENT_FD_READ
lib/tsocket: make use of TEVENT_FD_ERROR in tstream_bsd_fde_handler()
lib/tsocket: add tstream_bsd_fail_readv_first_error()
s4:kdc: make use of tstream_bsd_fail_readv_first_error(true)
s4:ldap_server: make use of tstream_bsd_fail_readv_first_error(true)
s4:dns_server: make use of tstream_bsd_fail_readv_first_error(true)
s3:libsmb: the unexpected handler use tstream_bsd_fail_readv_first_error(true)
s4:ntp_signd: make use of tstream_bsd_fail_readv_first_error(true)
s4:libcli/wrepl: make use of tstream_bsd_fail_readv_first_error(false)
s4:wrepl_server: make use of tstream_bsd_fail_readv_first_error(true)
libcli/named_pipe_auth: let tstream_npa_existing_socket use tstream_bsd_fail_readv_first_error(true)
s4:service_named_pipe: make use of tstream_bsd_fail_readv_first_error(true)
s4:rpc_server: make use of tstream_bsd_fail_readv_first_error(true)
s3:rpc_server: make use of tstream_bsd_fail_readv_first_error(true)
smb2_server: monitor connections with TEVENT_FD_ERROR
lsa.idl: Add new functions and types
lsa.idl: Backport changes from wireshark
lib/util: add debug_set_forced_log_priority()
lib/util: convert DBG_STARTUP_NOTICE() to use debug_set_forced_log_priority(DBGLVL_NOTICE)
Revert "README.Coding.md: add DBG_STARTUP_NOTICE macro"
VERSION: move COPYRIGHT_STARTUP_MESSAGE as SAMBA_COPYRIGHT_STRING into version.h
ctdb: remove unused ctdb->client_ip_list and print debug on ctdb_tcp_list instead
ctdb: add ctdb_canonicalize_ip_inplace() helper
ctdb: make use of ctdb_canonicalize_ip_inplace() in ctdb_control_tcp_client()
ctdb: add ctdb_connection_same() helper
ctdb: add/implement CTDB_CONTROL_TCP_CLIENT_DISCONNECTED
ctdb: add/implement CTDB_CONTROL_TCP_CLIENT_PASSED
ctdbd_conn: don't use uninitialized memory in ctdbd_register_ips()
ctdbd_conn: let register_with_ctdbd() call CTDB_CONTROL_REGISTER_SRVID just once
ctdbd_conn: add ctdbd_unregister_ips()
ctdbd_conn: add ctdbd_passed_ips()
selftest: export/use CTDB related envvars in order to run the ctdb command
s3:selftest: add samba3.blackbox.smbXsrv_client_ctdb_registered_ips
s3:ctdbd_conn: fix ctdbd_public_ip_foreach() for ipv6 addresses
Happy New Year 2024!
ctdb: send a CTDB_SRVID_IPREALLOCATED message after CTDB_EVENT_IPREALLOCATED
ctdb: let "moveip" also use disable_takeover_runs()
ctdb: remove unused ctdb_message_disable_ip_check()
ctdb: let "moveip" end with CTDB_CONTROL_IPREALLOCATED to all connected nodes
ctdb: add comments to "addip"/"delip" when CTDB_{CONTROL,EVENT,SRVID}_IPREALLOCATED happens
wafsamba: introduce SAMBA_LIBRARY(force_unversioned=False)
third_party/*_wrapper: use SAMBA_LIBRARY(force_unversioned=True)
script/autobuild.py: nonshared-test works now
wscript: use opt.PRIVATE_EXTENSION_DEFAULT('private-samba')
wafsamba: fix the usage of --private-extension-exception
script/autobuild.py: add some --private-libraries=ALL testing
libcli/smb: add new SMB2_SHAREFLAG_ defines in smb2_constants.h
libcli/security: remove PRIMARY_{USER,GROUP}_SID_INDEX defines from security.h
s3:smbd multichannel: always allow multichannel to the ip of the queried connection
s3:smbd multichannel: let a cross-node session binding NT_STATUS_REQUEST_NOT_ACCEPTED
s3:smbd multichannel: improve smbXsrv_connection_dbg()
lib/util: let is_zero_addr() return true for AF_UNSPEC
s3:sessionid: export smbXsrv_session_global via sessionid->global
smbXsrv_session: store session_global->client_guid
smbstatus: let --json report the client_guid a session belongs to
smbstatus: let --json dump also session channels
smbXsrv.idl: add python bindings
tdb: fix python/tdbdump.py example
witness.idl: make some types public in order to be used elsewhere
witness.idl: add flag(NDR_PAHEX) to some hex based enums
dcesrv_core: add dcesrv_call_state->subreq in order to allow tevent_req_cancel() on termination
dcesrv_reply: just drop responses if the connection is already terminating
smbstatus: let --json include session.{creation,expiration,auth}_time
witness.idl: make witness_interfaceList public to that ndr_print works in python
s3:ctdbd_conn: pass vnn to ctdbd_control_get_public_ips()
s3:ctdbd_conn: split out ctdbd_control_get_nodemap()
s3:ctdbd_conn: add ctdbd_all_ip_foreach() helper
s3:rpc_server: add basic rpcd_witness template
s3:rpc_server/witness: add implementation based on CTDB_SRVID_IPREALLOCATED and ctdbd_all_ip_foreach()
selftest/Samba3: get NETBIOSNAME correct for clusteredmember
selftest/Samba3: remove unused variable in setup_clusteredmember
selftest/Samba3: start samba_dcerpcd in clusteredmember
selftest/Samba: export CTDB_PREFIX in clusteredmember testenv
script/autobuild.py: also pass PYTHONPATH to make test of 'samba-ctdb'
python/tests: add TestCase.get_loadparm(s3=True) support
python/blackbox: add rpcd_witness_samba_only.py test
s3:rpcd_witness.idl: introduce definitions for rpcd_witness_registration.tdb records
s3:rpc_server/witness: let Register[Ex] store rpcd_witness_registration.tdb records
s3:utils: add 'net witness list' command
python:tests/rpcd_witness_samba_only: add tests for 'net witness list'
messaging.idl: add MSG_RPCD_WITNESS_REGISTRATION_UPDATE
s3:rpcd_witness.idl: add rpcd_witness_registration_updateB message definitions
s3:rpc_server/witness: add handling of MSG_RPCD_WITNESS_REGISTRATION_UPDATE messages
s3:utils: add 'net witness client-move' and 'net witness share-move'
python:tests/rpcd_witness_samba_only: add tests for 'net witness {client,share}-move'
s3:utils: add 'net witness force-unregister'
python:tests/rpcd_witness_samba_only: add tests for 'net witness force-unregister'
s3:utils: add 'net witness force-response'
python:tests/rpcd_witness_samba_only: add tests for 'net witness force-response'
smb2_tcon: add "smb3 share cap:{CONTINUOUS AVAILABILITY,SCALE OUT,CLUSTER,ASYMMETRIC}" options
Volker Lendecke (97):
tests: Get a file through an absolute symlink within a subdirectory
smbd: Fix read_symlink_reparse()
smbd: Simplify sys_proc_fd_path()
smbd: Simplify reopen_from_fsp()
smbd: Simplify reopen_from_fsp()
smbd: Fix whitespace
smbd: Fix whitespace
smbd: Fix a typo
smbd: Save errno around unbecome_root()
smbd: Fix some whitespace
smbd: Remove code #ifdef'ed out >23years ago
smbd: "have_proc_fds" can only work for a real fd
libcli: SMBntcreateX can return STOPPED_ON_SYMLINK
manpages: Add a missing space
smbd: Fix previous_slash()
smbd: Move filename_convert_smb1_search_path() to smb1-only code
smbd: Remove unused FAKE_FILE_TYPE_NAMED_PIPE enum
smbd: Open file as REPARSE_POINT in smb_posix_unlink()
smbd: Open file as REPARSE_POINT in rename_internals()
smbd: Open file as REPARSE_POINT in reply_rmdir()
smbd: Open file as REPARSE_POINT in unlink_internals()
tests: Allow to specify share names in smb2symlink tests
tests: Make clean_file() handle directories
tests: Convert the regression test for bug15505 to python
librpc: Fix error path cleanups in start_rpc_host_send()
smbd: Remove an assert that never triggers
smbd: Protect ea-reading on symlinks
smbd: Remove a few pointless return; statements
smbd: We don't reopen anything but dirs and files
libcli: Fix whitespace
smbd: Return open_symlink_err from filename_convert_dirfsp_nosymlink()
smbd: Return OBJECT_NAME_NOT_FOUND if lcomp points outside the share
smbd: Correct PATH_ vs NAME_NOT_FOUND for not following lcomp
smbd: Simplify fsp_fullbasepath()
smbd: Make a fake file's stat a valid regular file
smbd: Make in_create_options available in smbd_smb2_create_after_exec()
smbd: Make create_open_symlink_err() public
smbd: We want to delete symlinks as such in reply_unlink()
smbd: Make get_real_filename_cache_key() public
smbd: Simplify openat_pathref_fsp_case_insensitive()
smbd: Make get_real_filename_cache_key() static in files.c
librpc: Fix #define header guard
librpc: Fix the build on FreeBSD
torture3: Correct use of enum client_flavour defines
smbd: Alternative fix for smb2.stream.attributes2 test
smbd: Modernize a DEBUG statement
smbd: Remove a NULL check that became obsolete
smbd: Directly print errno in openat_pathref_fsp_lcomp()
smbd: Rename "fsp" to "dirfsp" in smbd_smb2_query_directory_state
smbd: Simplify smbd_dirptr_8_3_mode_fn()
smbd: Simplify smbd_dirptr_get_entry()
smbd: Move mask_match_search() to smb1_reply.c
smbd: Slightly simplify smbd_dirptr_get_entry()
smbd: Remove a pointless NULL check
smbd: Simplify smbd_dirptr_get_entry()
smbd: Centralize wiping the ".." stat info
smbd: Centralize fdos_mode() in smbd_dirptr_get_entry()
smbd: Get the symlink mode for posix through fdos_mode()
smbd: Convert a void* into the real DIR*
smbd: Fix a comment
smbd: Fix/remove a comment that became irrelevant
utils: Fix Coverity ID 240113
samr4: Fix Coverity ID 1499378
lsa4: Fix Coverity ID 1499410
winbind: Fix Coverity ID 1398910
smbd: Fix Coverity ID 1499372 Uninitialized scalar variable
ctdbd_conn: Add deregister_from_ctdbd()
smbd: Remove callback for release_ip when "state" is free'ed
lib: Fix some whitespace
lib: Remove duplicate prototypes
smbd: Remove "conn" from struct dptr_struct
profile: Fix a small memleak
profile: Fix rusage reporting
smbd: Introduce srv_put_dos_date2_ts()
smbd: Use srv_put_dos_date2_ts() in reply_printqueue()
smbd: Remove unused srv_put_dos_date2()
smbd: Give source3/smbd/dir.c its own header file
smbd: Slightly simplify smbd_smb2_query_directory_send()
smbd: Remove an unused function prototype
smbd: Modernize a few DEBUG statements
rpcd_classic: Open share_info.tdb as root
Revert "rpc_server:srvsvc - retrieve share ACL via root context"
shadow_copy: Add test for missing directory in "current" fileset
smbd: Fix traversing snapshot dirs that vanished in current fileset
lib: Avoid memcpy in debug_systemd_log()
lib: Avoid memcpy in debug_lttng_log()
lib: Confine the copy_no_nl memcpy to debug_gpfs_log()
testing: case insensitive lookups fail in shadow_copy2 snapshots
vfs: Remove shadow_copy2_get_real_filename_at()
lib: Simplify hresult.c
lib: Avoid 70k of r/w memory
libsmb: Fix whitespace and a typo
lib: Modernize (and fix) a DBG statement
lib: Simplify grant_privilege_bitmap()
samr_server: Avoid a DEBUGADD()
samr_server: Modernize a DBG statement
smbd: Some README.Coding in smbd_do_qfilepathinfo()
-----------------------------------------------------------------------
--
Samba Shared Repository
More information about the samba-cvs
mailing list