[SCM] Samba Shared Repository - annotated tag talloc-2.4.2 created
Jule Anger
janger at samba.org
Mon Jan 29 16:18:30 UTC 2024
The annotated tag, talloc-2.4.2 has been created
at a5a070980d6ae59f73b31fdd7c634f04252088b6 (tag)
tagging f28966c1638806a5af1fa4e451b668af638491ce (commit)
replaces tevent-0.16.0
tagged by Jule Anger
on Mon Jan 29 17:18:17 2024 +0100
- Log -----------------------------------------------------------------
talloc: tag release talloc-2.4.2
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAmW3z8kACgkQR5ORYRMI
QCWYKgf/VC0HKvlpusnMw0lgfZQ3TANB+wMEfxB3ausZCHYTLoTHGfuIZwxSy4hA
JJvBLNRKQ+jNVvpfnQZe7VNQLBwLYseweospw9fXryCNE7l2ez18lSZev7De1Yms
sQQF2bcpEy2qh0U5A+H7fBHCNi4rpHTva0NAEKG3wldrDYOPdoUjeUZbVAMMGh/B
Czs7u1nkL0kNabtYU5hDhNrls4+Ht+Uno268gHB9cEhkT2Hz5lRLwOtNERf0ZLTS
HMf4EokMcdhuL6E1eKDUBeQiyLOTNhHTp5YKsyTsGX/JhrVFKFmpU4uXlFBnNswS
RZqVZgZX8z0Y8Zj6E6NgxaR9nBZDtA==
=8bqN
-----END PGP SIGNATURE-----
Andreas Schneider (88):
s4:torture: Increase multichannel timeout
s3:utils: Call gfree_all() before exit in net
s3:utils: Call gfree_all() before exit in ntlm_auth
s3:utils: Call gfree_all() before exit in pdbedit
s3:utils: Call gfree_all() before exit in regedit
s3:utils: Call gfree_all() before exit in sharesec
s3:utils: Call gfree_all() before exit in smbcacls
s3:utils: Call gfree_all() before exit in smbcontrol
s3:utils: Call gfree_all() before exit in smbcquotas
s3:utils: Remove trailing white spaces in smbfilter.c
s3:utils: Call gfree_all() before exit in smbfilter
s3:utils: Call gfree_all() before exit in smbget
s3:utils: Remove trailing white spaces in smbpasswd.c
s3:utils: Call gfree_all before exit in smbpasswd
s3:utils: Call gfree_all() before exit in smbtree
s3:client: Call gfree_all() before exit in smbclient
s3:client: Call gfree_all() before exit in smbspool
s3:param: Use a talloc stackframe in pyparam
s3:param: Use the memory context we just created instead of tos
s3:param: Make init_globals() public
lib:param: Set a memory context for the globals if not initialized yet
s3:utils: Initialize row variable in wspsearch
lib:util: Add boolean return type for memcache_add()
lib:util: Add boolean return type for memcache_add_talloc()
s3:passdb: Do not leak memory if memcache add fails
lib:util: Add a gfree_memcache()
s3:util: Add gfree_memcache() to gfree_all()
s3:utils: Initialize the memcache for smbpasswd
lib:replace: Add python.h
Use python.h from libreplace
third_party: Build pypamtest with -Wno-error=declaration-after-statement
python:tests: Fix assertEquals which doesn't exist in Python 3.12
python:tests: SHA1 is no longer supported by cryptography module
gitlab-ci: Update Fedora to version 39
s4:rpc_server: Remove trailing white spaces from lsa_init.c
s4:torture: Adapt LSA tests for newer Windows versions
s4:rpc_server: Implement dcesrv_lsa_OpenPolicy3()
s3:rpc_server: Implement _lsa_OpenPolicy3()
s4:torture: Implement lsa_OpenPolicy3 tests
s3:rpc_client: Implement dcerpc_lsa_open_policy3()
s3:rpc_client: Implement dcerpc_lsa_open_policy_fallback()
s3:rpc_server: Use dcerpc_lsa_open_policy_fallback() for netlogon
s3:utils: Use dcerpc_lsa_open_policy_fallback() in net_rpc_trust.c
s3:libnetapi: Use dcerpc_lsa_open_policy_fallback() in localgroup.c
s3:rpcclient: Remove trailing white spaces from cmd_lsarpc.c
s3:rpcclient: Use dcerpc_lsa_open_policy_fallback() in cmd_lsarpc.c
s3:utils: Use dcerpc_lsa_open_policy_fallback() in net_rpc.c
s3:utils: Use dcerpc_lsa_open_policy_fallback() in net_rpc_rights.c
s3:utils: Use goto to close the policy in rpc_rights_grant_internal()
s3:utils: Use any_nt_status_not_ok() in rpc_rights_grant_internal()
s3:winbind: Use dcerpc_lsa_open_policy_fallback() in winbindd_cm.c
s3:winbind: Always close the policy handle we opened
s3:rpc_client: Remove unused rpccli_lsa_open_policy2()
third_party: Update waf to version 2.0.26
lib:crypto: Use bytearray macros
selftest: Show that 'allow trusted domains = no' firewalls Unix User|Group
s3:auth: Remove trailing white spaces from auth_util.c
s3:auth: Allow 'Unix Users' and 'Unix Groups' to create a local token
s3:tests: Add smbget test for smb://DOAMIN;user%password@server/share/file
s3:utils: Fix setting the debug level
s3:tests: Fix authentication with smbget_user in smbget tests
selftest: Remove trailing tabs/white spaces in Samba4.pm
selftest: Add DOMAIN_ADMIN and DOMAIN_USER variables
s3:tests: Pass down a normal domain user for test_smbget.sh
s3:tests: Fix test_kerberos in smbget tests
s3:tests: Fix the test_kerberos_trust in smbget testsuite
s3:tests: Remove the non-working test_kerberos_upn_denied of smbget
s3:tests: Fix smbget test
auth:creds:tests: Add test for password callback
auth:creds: Fix cli_credentials_get_password_and_obtained() with callback
auth:creds: Add cli_credentials_get_domain_and_obtained()
s3:tests: Add interactive smbget test for password entry
s3:utils: Fix auth callback with smburl
s3:utils: Handle the domain before username and password
s3:utils: Fix the auth function to print correct values to the user
s3:rpc_server: Mark _lsa_CreateTrustedDomain as NOT_IMPLMENTED
s3:rpc_server: Mark _lsa_CreateTrustedDomainEx as NOT_IMPLMENTED
python:gp: Print a nice message if cepces-submit can't be found
docs: Update idmap_ad.8 that rfc2307 is the default
s3:passdb: Do not leak memory in pdb_tdb
s3:libads: Fix memory leaks in ads_create_machine_acct()
s3:passdb: Fix memory leak caused by recursion of get_global_sam_sid()
python:gp: Avoid path check for cepces-submit
python:gp: Improve logging for certificate enrollment
python:gp: Do not print an error, if CA already exists
python:gp: Do not print an error if template already exists
python:gp: Log an error if update fails
python:gp: Improve working of log messages to avoid confusion
Andrew Bartlett (36):
codespell: Ignore .git
librpc/ndr: Remove confusing case where returned string pointer "as" could be NULL
librpc/ndr: Add support for LIBNDR_FLAG_STR_NO_EMBEDDED_NUL
libcli/security: conditional aces: don't allow U+0000 in unicode
s4-scripting/devel: Fix repl_cleartext_pwd to use built-in RC4
s4-scripting/devel: Fix str() vs bytes() issue in repl_cleartext_pwd.py
s4-scripting: Remove repl_cleartext_pwd.py
docs-xml: Improve and consolidate "samba-tool domain auth policy create/modify" docs
samba-tool: Improve help messages for "samba-tool domain auth policy"
third_party/heimdal: Provide krb5_init_creds_opt_set_fast_ccache() and krb5_init_creds_opt_set_fast_flags() (import lorikeet-heimdal-202311290114 (commit 4c8517e161396330c76240bf09609a0dd5f9ea20))
build: Add build time detection for the MIT FAST ccache API
auth/credentials: Add API to allow requesting a Kerberos ticket to be protected with FAST
auth/credentials: Add Python bindings for association of a connection for FAST
python/tests: Import samba.gensec, not gensec
python/tests: Lock in key-word arguments as key-word only in samba.tests.gssapi
python/tests: Add test for creds.set_krb5_fast_credentials()
s4-auth/kerberos: Use FAST credentials for armor if specified in cli_credentials
selftest: Run samba.tests.gensec in an enviroment build also with MIT Krb5
python: Use constants from hresult.h for python constants
python: Correct Python2 super() calls that called the wrong class
python/samba/tests: Fix incorrect superclass in test_min_domain_uid.py
python/samba/tests: Fix incorrect super-class in cred_opt.py setUp()
third_party/heimdal: import lorikeet-heimdal-202311290849 (commit 84fb4579594a5fd8f8462450777eb24d5832be07)
pycredentials: Properly check type in creds.set_nt_hash() and samr.encrypt_samr_password()
selftest: Avoid assertTrue() and assertFalse() where a better test exists
samba-tool: Prepare to allow samba-tool user getpasswords to operate against a remote server
samba-tool user getpassword: Use UTF16_MUNGED charcnv to map "UTF16" to UTF8
samba-tool: Add support for getting the generated unicodePwd for a gMSA account
selftest: Modify expected output of 'samba-tool user getpassword' to be more consistant
samba-tool user getpassword: Prepare to support a ;previous=1 option, change behaviour for ;rounds=
samba-tool: Make samba-tool user getpassword support a ';previous=1' option
WHATSNEW: Add entry for "samba-tool user getpassword" changes
python/netcmd: Add "samba-tool user get-kerberos-ticket" to get a ticket for a gMSA
python/netcmd: Improve documentation for "samba-tool user getpassword"
selftest: Add tests for "samba-tool user get-kerberos-ticket"
WHATSNEW: Add entry for "samba-tool user get-kerberos-ticket"
Anoop C S (13):
vfs_ceph: Add path based fallback mechanism for SMB_VFS_CHOWN
vfs_ceph: Fix a comment in cephwrap_fchmod()
vfs_ceph: Fix the comment quoting module usage
vfs_ceph: Replace libceph with libcephfs in comments
docs-xml: Fix a usage for case sensitive parameter
vfs_ceph: Fix some uninitialized structs and pointers
source3/lib: Properly log the change in capability
Revert "vfs_acl_xattr.c: prefer capabilities over become_root"
vfs_ceph: Fix a usage in comments
vfs_ceph: Indicate a successful connection in logs
source3/wscript: Announce deprecation of old Ceph version support
vfs_ceph: Implement SMB_VFS_FSTATAT
vfs_ceph: Use ceph_fdopendir() when available for SMB_VFS_FDOPENDIR
Bjoern Jacke (1):
system.c: fix fake directory create times
Björn Jacke (50):
system.c: fall back to become_root if CAP_DAC_OVERRIDE isn't usable
dosmode.c: prefer use of capabilities at two places over become_root
token_util.c: prefer capabilities over become_root
nfs4_acls.c: prefer capabilities over become_root
vfs_acl_common.c: prefer capabilities over become_root
vfs_acl_xattr.c: prefer capabilities over become_root
vfs_default.c: prefer capabilities over become_root
vfs_posix_eadb.c: prefer capabilities over become_root
vfs_recycle.c: prefer capabilities over become_root
open.c: prefer capabilities over become_root
posix_acls.c: prefer capabilities over become_root
lib/util: move copyright define to copyright.h
debug.h: introduce DEBUG_STARTUP_NOTICE
logging: use DBG_STARTUP_NOTICE for startup message
README.Coding.md: add DBG_STARTUP_NOTICE macro
lib/util/become_daemon.c: use DBG_STARTUP_NOTICE
source3/nmbd/nmbd.c: use DBG_STARTUP_NOTICE
profile: issues info message with lower log level
s4/server.c: move some log messages from ERR to NOTICE
libgpo: fix wrong lineending in admx files
dosmode: prefer capabilities over become_root
doc-xml: fix name of vfs_linux_xfs man page
docs-xml: use XML_CATALOG_FILES env var if defined
winbind_nss_netbsd: fix missing semicolon
s4/ldap_backend: fix a NULL dereference
s4/ldap_backend: change a printf %d to %u for results
s4/ldap_backend: encode: use modern DBG_ macro
s4/ldap_backend: unwilling: use modern DBG_ macro
s4/ldap_backend: SearchRequest: use modern DBG_ macro
s4/ldap_backend: modifyrequest: use modern DBG_ macro
s4/ldap_backend: addrequest: use modern DBG macros
s4/ldap_backend: delrequest: use modern DBG macros
s4/ldap_backend: modifydnrequest: use modern DBG macros
s4/ldap_backend: CompareRequest: use modern DBG macros
s4/ldap_backend: abandonrequest: use modern DBG macros
s4/ldap_backend: do_call: use modern DBG macros
set_process_capability: log which capability was set or failed to be set
vfs_worm: add connect function to cache parameters
selftest: let list_servers.NT1 really use NT1 protocol
test_smbget.sh: reduce sleep time
time.c: fix ctime which was feeded with the mtime seconds
tests: add a test for vfs_recycle
vfs_recycle: add connect function to cache parameters
vfs_worm: factor out readonly check
vfs_worm: move write_access_flags to global
vfs_worm: add some more vfs functions that worm needs to take care of
vfs_worm: add my copyright
vfs_worm: add FILE_WRITE_EA to write access mask
tests: add test for vfs_worm
tests: add a test for "fake directory create times"
Christof Schmitt (17):
build: Add 'make printversion' to provide version string
vfs_gpfs: Use O_PATH for opening dirfd for stat with CAP_DAC_OVERRIDE
vfs_gpfs: Move fstatat with DAC_CAP_OVERRIDE to helper function
vfs_gpfs: Implement CAP_DAC_OVERRIDE for fstat
vfs_gpfs: Implement CAP_DAC_OVERRIDE for fstatat
nfs4_acls: Implement fstat with DAC_CAP_OVERRIDE
vfs_gpfs: Move fstatat_with_cap_dac_override to nfs4_acls.c
vfs_gpfs: Move stat_with_capability to nfs4_acls.c and rename function
vfs_gpfs: Move vfs_gpfs_stat to nfs4_acls.c and rename function
vfs_gpfs: Move vfs_gpfs_fstat to nfs4_acls.c and rename function
vfs_gpfs: Move vfs_gpfs_lstat to nfs4_acls.c and rename function
vfs_gpfs: Move vfs_gpfs_fstatat to nfs4_acls.c and rename function
nfs4_acls: Make fstatat_with_cap_dac_override static
nfs4_acls: Make stat_with_cap_dac_override static
nfs4_acls: Make fstat_with_cap_dac_override static
vfs_aixacl2: Call stat DAC_CAP_OVERRIDE functions
vfs_zfsacl: Call stat CAP_DAC_OVERRIDE functions
David Mulder (3):
gpupdate: Test Drive Maps Client Side Extension
gpdupate: Implement Drive Maps Client Side Extension
gp: Skip site GP list if no site is found
Douglas Bagnall (121):
lib/util/charset: @param typos
util/charset: disambiguate docs for convert_string twins
idl/spoolss: fix spelling of UTF16 charset
librpc/ndr_basic: attempt only IPv4 addresses in push_ipv4
s4/dsdb: try not to leak on access check failure
s4:dns_server: loudly warn when a tombstone record has other records
docs/manpages: fix links to mod_ntlm_winbind and squid
s4/torture/gentest: remove redundant op entry
util/convert string: remove inaccurate misspelt comment
s4/torture/gentest: explain seemingly redundant initialisation
util/charset/torture: test convert_string_talloc with emptyish strings
libutil/iconv: don't allow wtf-8 surrogate pairs
libutil/iconv: avoid overflow in surrogate pairs
libcli/security: SDDL accepts lowercase "s-" in SIDs
libcli/security: sddl: check a talloc_zero
libcli/security: sddl_conditional_ace: ensure message is talloced
libcli/security: add sddl_decode_err_msg()
libcli/security: sddl_decode_ace/acl pass through messages
libcli/security: sddl: remove unreachable debug
libcli/security: sddl: guard against inconsistent msg pointers
libcli/security: conditional ace err messages don't hardcode offset
lib/ldb: py LDBError avoids leak and checks for alloc failure
lib/ldb: pyldb search iterator avoids exception leak
ndr/py_security: mod patch reports errors
s4/librpc/py_security: add SDDLValueError
pytest: sid_strings: handle SDDLValueError
pytest:security_descriptors: handle SDDLValueError
pytest:sddl: handle SDDLValueError
s4/librpc/py_security: use SDDLValueError for better error messages
pytest:sddl: assert SDDLValueError values make sense
samba-tool: try to present diagnostics for SDDL errors.
pytest: samba_tool domain auth policy fix for SDDL err msg
pytest:samba-tool domain test policy: test SDDL diagnostics
pytests: sid_strings: do not fail if epoch ending has zeros
libcli/security:sddl_decode_err_msg(): don't pretend msg is optional (CID1548624)
pytest:samba-tool domain auth policy: expect error message detail
libcli/security:sddl_decode_ace: turn DBG_WARNINGs into messages
libcli/security: adjust log verbosity in sddl_decode
libcli/security:sddl_decode_ace: add more messages
libcl/security:sddl_decode_acl: add a message
libcli/security:sddl_decode_ace: fix ';' count message
libcl/security:sddl_decode_acl: expand a comment
libcli/security:sddl_parse: add some top level error messages
libcli/security/test_sddl_conditional_ace: add message tests
libcli/security:sddl_decode message offset safety latch
pytest: security_descriptors tests get enumerator in name
libcli/security: initialise conditional ACE token flags
libcli/security:sddl_condtional_ace: log compiler errors at some debug levels
libcli/security/test_sddl_conditional_ace: adjust RA octet parse tests
libcli/security: un-invert parse_resource_attr_list, check type first
libcli/security: sddl_conditional_ace: add parse_uint for RA aces
libcli/security: sddl_conditional_ace: add parse_bool for RA aces
libcli/security: sddl_conditional_ace: remove check_resource_attr_type()
libcli/security: add a parser for resource attribute ACE byte strings
libcli/security/sddl: write RA octet strings the Windows way
libcli/security: parse resource attribute ace SIDs separately
libcli/security: conditional ACE sid parser no longer expects RA ACEs
libcli/security: improve error messages in RA ACE SDDL
libcli/security:sddl: remove vestiges of shared conditional/resource ACE SID parsing
libcli/security/tests: remove duplicate TX-integer tests from oversized-ACLs
libcli/security/tests: gunzip the oversized-acls test vectors
libcli/security: avoid leak when converting SID claims
libcli/security: remove redundant claim SID size check
librpc/idl:conditional_ace: make a flags field 32 bit
librpc/idl:condtional_ace: shift CONDITIONAL_ACE_FLAG_TOKEN_FROM_ATTR to last bit
librpc/idl:security: add a couple of claims flags
librpc/idl:security: add claims flag indicating orderly and unique members
libcli/security: test_run_conditional_ace can set debug levels
libcli/security: test_run_conditional_ace tests more comparisons
libcli/security: add test_claims_conversion
libcli/security: CA: tokens_are_comparable() considers the obvious
lib/security:CA: tokens_are_comparable() accepts NULL operator
libcli/security: conditional ACE sddl writers take const tokens
libcli/security: sddl_conditional_ace: check a talloc_new()
pytest: token_factory separate out list_to_claim() helper
pytest: token_factory claims can have case_sensitive flag
pytest: token_factory copes with empty claims
pytest: token_factory note that a flag is not set
pytest: conditional_ace_claims: write_c_test_on_failure() copes with claims
libcli/security/sddl: improve some SDDL error messages
pytest: conditional_ace_claims tests large composite comparisons
libcli/security: simplify wire claim conversion mem, 1/3: avoid NULL parent
libcli/security: simplify wire claim conversion mem, 2/3: one tree
libcli/security: simplify wire claim conversion mem, 3/3: rm tmp_ctx
libcli/security: int wire claims drop uniqueness check
libcli/security: wire claims conversion: remove strings uniqueness check
libcli/security: don't allow two NULL string claims
libcli/security: begin claim_v1_check_and_sort with Boolean checks
libcli/security: claim_v1_check_and_sort(): add all types
libcli/security: wire claim conversion uses claim_v1_check_and_sort()
libcli/security: resource attribute claims use claim_v1_check_and_sort()
libcli/security: add_claim_to_token() re-sorts/checks claims
libcli/security: claim_v1_to_ace_token(): avoid unnecessary re-sort
libcli/security: avoid leak on SDDL encode failure
libcli/security: separate out claim_v1_to_ace_composite_unchecked()
libcli/security: improve conditional ACE composite comparison
libcli/security: add shortcuts for conditional ACE compare
libcli/security: shift comparability check to shortcut exits
libcli/security: comparability check: claim members are of one type
libcli/security: note suboptimality of conditional ACE Contains operators
selftest: add an expectedfail directory
selftest/knownfail.d: README memntions expectedfail.d
selftest/knownfail.d: remove empty files
selftest/knownfail.d: move labdc to expectedfail.d
selftest/knownfail.d: move samba-4.5-emulation to expectedfail.d
selftest/knownfail.d: move ntlmv1-restrictions to expectedfail.d
selftest/knownfail.d: move encrypted_secrets to expectedfail.d
selftest/knownfail: move some parts to expectedfail.d/ntlm-auth
selftest/knownfail: move more parts to expectedfail.d/ntlm-auth
libcli/security: SDDL decode stops earlier with too many ACEs
libcli/security: don't allow conditional ACE SIDs to have trailing bytes
libcli/security: clarify tests for SDDL round trips
libcli/security: fix tests for SDDL conditional ACE round-trip
libcli/security: tests for conditional ACE integer base persistence
libcli/security: allow round-trip for conditional ACE octal integers
libcli/security: allow round-trip for conditional ACE hex integers
libcli/security: allow SDDL conditional ACE round-trip for -00 and -0x0
libcli/security: tests for signed zeros in sddl condtional ACEs
libcli/security: rearrange conditional ACE sddl_write_int
libcli/security: sddl conditional ACE: write -0 when asked
fuzz: allow max size conditional ACE round-trip failure
Gabriel Nagy (6):
gp_pol: Test empty multi_sz roundtrip
gp_pol: Allow null data for REG_MULTI_SZ
gp_pol: Test multiple values multi_sz roundtrip
gpo: Test certificate policy without NDES
gpo: Decode base64 root cert before importing
gpo: Do not get templates list on first run
Günther Deschner (14):
svcctl: unify operation names and always prefix with svcctl_
svcctl: rename SERVICE_FAILURE_ACTIONS to SERVICE_FAILURE_ACTIONSW
librpc: add various new commands and types to SVCCTL IDL.
librpc: use SERVICE_CONTROL enum in ControlService calls
s4-torture: add test for svcctl_QueryServiceConfigEx
librpc: add svcctl_ServiceStopReason enums
s4-torture: add test for svcctl_ControlServiceExW()
librpc: add missing service control defines
pidl: include scompat headers and servers in s3 server template
s3-rpcclient: add winreg_enumval command
s4-torture: add torture_assert_werr_equal_goto and torture_assert_werr_ok_goto macros
s4-torture: add test to check for Windows behavior of EnumValue call
s3-winreg: fix _winreg_EnumValue behavior
s4-winreg: fix dcesrv_winreg_EnumValue behavior
Jeremy Allison (1):
s3: smbd: Allow fchmod from the NFS-style mode ACL in set_nt_acl() for a SMB2 POSIX handle.
Jones Syue (2):
s3:smbd multichannel: always refresh the network information
s3:passdb: smbpasswd reset permissions only if not 0600
Joseph Sutton (426):
buildtools: Don’t call normpath() repeatedly
buildtools: Correctly raise exception
tests/krb5: Don’t consider RODC‐issued tickets to be banned with RBCD
tests/krb5: Expect a status code with policy errors
tests/krb5: Fix tests that crash Windows
tests/krb5: Don’t expect groups if we’re expecting an error
tests/krb5: Fix ASN.1 source
s4:dsdb: Check return value of ldb_msg_add_empty() (CID 1449667)
s4:kdc: Make ‘struct user_info_dc’ members const
s4:kdc: Explicitly initialize SDBFlags structures
s4:kdc: Remove unused function int2SDBFlags()
s4:torture: Check return values of talloc functions
s4:torture: Fix leaks
s4:torture: Check return values of gnutls functions (CID 1547212)
tests/krb5: Remove marker
tests/krb5: Fix comment
tests/krb5: Add ‘expect_edata’ parameter to _user2user()
tests/krb5: Add KDC_ERR_SERVER_NOMATCH error code
tests/krb5: Correctly pass arguments to _modify_tgt()
tests/krb5: Have _modify_tgt() accept only keyword arguments
tests/krb5: Update method names to be consistent with other tests
tests/krb5: Remove incorrect functional level check
tests/krb5: Move assignments closer to where the variables are used
tests/krb5: Use None for the default values of parameters
tests/krb5: Add parameter to _tgs() specifying whether FAST is to be used
tests/krb5: Don’t expect edata if no error is expected
tests/krb5: Make ‘keybytes’ a bytes object rather than a list
tests/krb5: Fix DES3CBC random_to_key()
tests/krb5: Remove unused imports
tests/krb5: Remove unnecessary f‐strings
tests/krb5: Fix RC4‐only Protected Users tests
tests/krb5: Remove unreachable exception handlers
tests/krb5: Make ‘services’ parameter required
tests/krb5: Delete connection variable
s4:dsdb: Remove reference to non‐existent code
s4:kdc: Always regard device info when the client performs RBCD
s4:kdc: Use HDB flag constants instead of SDB ones
s4:kdc: Add flag to indicate the upper sixteen bits of the kvno are specified
s4:kdc: Permit RODC‐issued evidence tickets for constrained delegation
tests/krb5: Remove unnecessary target_creds variables
tests/krb5: Work around Samba’s incorrect krbtgt principal handling
tests/krb5: Test whether the device belongs to some default groups
s4:kdc: Make a copy of the device SIDs to be placed in the security token
s4:kdc: Add a flag indicating that the device should be added to the default groups
s4:kdc: Add device to default groups for authentication policy evaluation
s4:kdc: Add a flag indicating that the device should be added to Authenticated Users
s4:kdc: Add device to Authenticated Users for authentication policy evaluation
lib/torture: Use portable format specifiers
lib/torture: Add torture_assert_size_*() macros
s4:torture: Produce more output to help debug smb2.multichannel.bugs.bug_15346
s3:rpc_server: Correctly reset DEVMODE bit
.gitattributes: Treat file containing test SDDL as binary
libcli/security: Fix leak on reallocation failure in pull_composite()
libcli/security: Fix leak on reallocation failure in conditional_ace_encode_binary()
python: Remove unnecessary f‐strings
python:tests: Remove unnecessary f‐strings
tests/krb5: Don’t pass parameters unnecessarily
tests/krb5: Sort imports
s3:libads: Update code reference in comment
s3:passdb: Fix code formatting
s4:dsdb:tests: Remove unnecessary f‐strings
s4:ntvfs: Avoid signed integer overflow
selftest: Remove ubsan suppressions
tests/krb5: Add more tests of the device belonging to certain groups
tests/krb5: Add tests for group membership with RBCD
s4:kdc: Add device to default groups for RBCD conditions evaluation
s4:kdc: Add device to Authenticated Users for RBCD conditions evaluation
SECURITY.md: Fix spelling
auth: Fix code spelling
docs-xml: Fix documentation
examples: Fix code spelling
ldb: Fix code spelling
lib/fuzzing: Fix code spelling
talloc: Fix documentation
tevent: Fix code spelling
lib/util: Fix comment
libcli/security: Fix code spelling
libcli: Fix code spelling
security.idl: Fix code spelling
librpc:ndr: Fix code spelling
pidl: Fix code spelling
python:tests: Fix code spelling
tests/krb5: Fix code spelling
s3:auth: Add missing word to comment
s3:lib: Fix code spelling
s3:libads: Fix code spelling
s3:libsmb: Fix code spelling
s3:passdb: Fix code spelling
s3:rpc_server: Fix code spelling
s3:smbd: Fix code spelling
s3:utils: Fix code spelling
s4:auth: Fix code spelling
s4:dsdb: Fix code spelling
s4:kdc: Fix code spelling
s4:lib: Fix code spelling
s4:librpc: Fix code spelling
s4:ntvfs: Fix code spelling
s4:rpc_server: Fix code spelling
s4:torture: Fix code spelling
script: Fix code spelling
testdata: Fix spelling
third_party/heimdal_build: Fix spelling
tests/krb5: Also consider single‐component krbtgt principals to be TGS principals
tests/krb5: Add tests for single‐component krbtgt principals
lib/krb5_wrap: Check return value of krb5_principal_get_comp_string()
s4:dsdb: Initialize pointers to NULL
s4:kdc: Have smb_krb5_principal_get_comp_string() properly indicate an error
s4:kdc: Change signature of is_kadmin_changepw() to accommodate failure cases
s4:kdc: Make use of smb_krb5_principal_is_tgs()
third_party/heimdal: Import lorikeet-heimdal-202309250010 (commit b73ae22b9b1c6fc06d0d79afe55517367a5f9670