The annotated tag, samba-4.14.0rc1 has been created
at 439b54d04b0d73efa977a1493b5441a02f85c7c2 (tag)
tagging 60cae14db1bbabe8459bb19e01f090303920bedc (commit)
replaces samba-4.13.0rc1
tagged by Karolin Seeger
on Thu Jan 21 14:32:56 2021 +0100
- Log -----------------------------------------------------------------
samba: tag release samba-4.14.0rc1
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmAJgogACgkQqplEL7aA
tiAAnxAAnfQ6I4s9yYzqbtpVsFhKP0oqNcvfeAsyUsg/lMsn2yLdh76KitAgGJnY
A+c22Bv3Mm6Uw2ElHnlTLdsaqkRqhU5J9No2uox7A2II1zjdMXRarFJE2kG09t2a
+6/cEqHxTuT+LLbdvMTuspCo05iDCMHU4HVtmqX13NaWed/acjvnpmRcZvJJihyw
wj7rZ1PkHb8TyIUYEK/MFL7xEYcEpONY5smXv+Z9yPlLrZjxmAR0owx3g0hPbEhL
5MgUQfn7rLSh5U+8NIWZenLwAEey1fsCBj3TiHL3E4Z00w3ZH/mc7gAmHl40gHdA
G0hayB1Wy4my55hOFuORVdefQsHCr9N5rQ91x92tLxs4pwcg+xGyN2nplNzrNql+
AK01e3/F1fpwb8DNm9o9AhVmPiChK0iQ98NAxCWeejYo0BSuTOPcgwmed1DCIn/w
cwVA6mQjh220Cw7vKw6GGJhLMb+13JCdKfFuTbjo8gP0ncSCWRCNrJSD3fUqfKtU
ibl7rQ1yNp/UB1+Q7wHZojrpw5qQDuzFTnDEChUMO9HWk+D6AFDwdSWUmZ3fHNjS
7zotCaSa6ArhcTeT0AoKInj/fhJtNCRp5VTZ1F2NeCtClrK8Dg2Lu+pIRQXs+fPs
lnaoS5W8AdfngbvJk1Ly7GjJMYbY7wxzc4kKfI0PJUCOznAOdvs=
=kVpe
-----END PGP SIGNATURE-----
Alexander Bokovoy (12):
Fix build after removal of an extra safe_string.h
smb.conf.5: add clarification how configuration changes reflected by Samba
DNS Resolver: support both dnspython before and after 2.0.0
daemons: report status to systemd even when running in foreground
cli_credentials_parse_string: fix parsing of principals
cli_credentials: add a helper to parse user or group names
lookup_name: allow lookup for own realm
Revert "cli_credentials_parse_string: fix parsing of principals"
Revert "cli_credentials: add a helper to parse user or group names"
Revert "lookup_name: allow lookup for own realm"
lookup_name: allow lookup names prefixed with DNS forest root for FreeIPA
DC
auth_sam: use pdb_get_domain_info to look up DNS forest information
Amitay Isaacs (10):
bind9-dlz: Bind 9.13.x switched to using bool as isc_boolean_t instead of
int.
provision: BIND 9.13.x is not supported
bind9-dlz: Add support for BIND 9.14.x
provision: Add support for BIND 9.14.x
provision: BIND 9.15.x is not supported
bind9-dlz: Add support for BIND 9.16.x
provision: Add support for BIND 9.16.x
provision: BIND 9.17.x is not supported
ctdb-common: Avoid aliasing errors during code optimization
libndr: Avoid assigning duplicate versions to symbols
Andreas Schneider (142):
docs: Fix documentation for require_membership_of of pam_winbind
docs: Fix documentation for require_membership_of of pam_winbind.conf
s3:tests: Add test for 'valid users = DOMAIN\%U'
s3:smbd: Fix %U substitutions if it contains a domain name
libcli:smb2: Do not leak ptext on error
libcli:smb2: Use talloc NULL context if we don't have a stackframe
param: Add 'server smb encrypt' parameter
param: Create and use enum_smb_encryption_vals
s3:smbd: Use 'enum smb_encryption_setting' values
docs-xml: Add 'client smb encrypt'
lib:param: Add lpcfg_parse_enum_vals()
libcli:smb: Add smb_signing_setting_translate()
libcli:smb: Add smb_encryption_setting_translate()
s3:lib: Use smb_signing_setting_translate for cmdline parsing
auth:creds: Remove unused credentials autoproto header
auth:creds: Add cli_credentials_(get|set)_smb_signing()
auth:creds: Add python bindings for (get|set)_smb_signing
auth:creds: Add cli_credentials_(get|set)_smb_ipc_signing()
auth:creds: Add python bindings for (get|set)_smb_ipc_signing
auth:creds: Add cli_credentials_(get|set)_smb_encryption()
auth:creds: Add python bindings for (get|set)_smb_encryption
auth:creds: Add python bindings for cli_credentials_set_conf()
auth:creds: Bump library version
s3:lib: Use cli_credential_(get|set)_smb_signing()
s3:lib: Set smb encryption also via cli creds API
python: Remove unused sign argument from smb_connection()
python: Set smb signing via the creds API
s3:libsmb: Introduce CLI_FULL_CONNECTION_IPC
s3:pylibsmb: Add ipc=True support for CLI_FULL_CONNECTION_IPC
python:tests: Mark libsmb connection as an IPC connection
python:tests: Set smb ipc signing via the creds API
s3:libsmb: Use 'enum smb_signing_setting' in cliconnect.c
s3:client: Turn off smb signing for message op
s3:libsmb: Remove signing_state from cli_full_connection_creds_send()
s3:libsmb: Remove signing_state from cli_full_connection_creds()
python: Add a test for SMB encryption
s3:net: Use cli_credentials_set_smb_encryption()
s3:libsmb: Use cli_credentials_set_smb_encryption()
s3:client: Remove unused smb encryption code
s3:utils: Remove obsolete force encryption from smbacls
s3:utils: Remove obsolete force encryption from mdfind
s3:utils: Remove obsolete force encryption from smbcquotas
s3:rpcclient: Remove obsolete force encryption from rpcclient
examples: Remove obsolete force encryption from smb2mount
s3:libsmb: Make cli_cm_force_encryption_creds() static
s4:libcli: Return NTSTATUS errors for smb_composite_connect_send()
s4:libcli: Return if encryption is requested for SMB1
s3:libcli: Split out smb2_connect_tcon_start()
s4:libcli: Add smb2_connect_enc_start()
s4:libcli: Require signing for SMB encryption
python:tests: Add test for SMB encrypted DCERPC connection
selftest: Catch exception from dns_hub.py
third_party: Update resolv_wrapper to version 1.1.7
s3:smbd: Fix strict aliasing in get_socket_port()
s3:libads: Remove DES legacy types for Kerberos
s3:libads: Only add RC4 if weak crypto is allowed
s3:libads: Also add a realm entry for the domain name
auth:creds: Add cli_credentials_init_server()
s4:rpc_server: Use cli_credentials_init_server()
s4:smb_server: Use cli_credentials_init_server() for negprot
gitlab-ci: Fix the sha1sum
waf: Only use gnutls_aead_cipher_encryptv2() for GnuTLS > 3.6.14
selftest: Rename 'smb encrypt' to 'server smb encrypt'
selftest: Move enc_desired to provision to have it in 'fileserver' too
s3:tests: Add smbclient tests for 'client smb encrypt'
s3:client: Remove global smb_encrypt
s3:libsmb: Remove force_encrypt from cli_cm_open()
s3:libsmb: Remove force_encrypt from cli_cm_connect()
s3:libsmb: Remove force_encrypt from clidfs do_connect()
s3:libsmb: Remove force_encrypt from cli_check_msdfs_proxy()
s3:libsmb: Pass cli_credentials to clidfs do_connect()
s3:libsmb: Pass cli_credentials to cli_cm_connect()
s3:libsmb: Pass cli_credentials to cli_cm_open()
s3:libsmb: Pass cli_credentials to cli_resolve_path(), using helper
variables.
s3:client: Remove global max_protocol
s3:libsmb: Remove max_protocol from cli_cm_open()
s3:libcmb: Remove max_protocol from cli_cm_connect()
s3:libsmb: Remove max_protocol from clidfs do_connect()
s3:include: Move loadparm prototypes to own header file
s3:lib: Move interface prototypes to own header file
s3:tests: Improve test_force_close_share test
python: Create targetdir recursively
testprogs: Add remove_directory to common test functions
testprogs: Fix and improve demote-saveddb test
testprogs: Fix and improve tombstones-expunge test
testprogs: Fix and improve runtime-links test
testprogs: Fix and improve dbcheck-links test
testprogs: Fix and improve functionalprep test
testprogs: Fix and improve dbcheck-oldrelease test
testprogs: Fix and improve upgradeprovision-oldrelease test
s3:script: Fix test_dfree_quota.sh
buildtools: Do not install binaries which are for selftest
unittests: Mark test binaries for selftest
s3:modules: Do not install vfs modules only used for testing
examples:auth: Do not install example plugin
s4:torture: Pass buffer correctly to write()
idl: Add SID_SAMBA_SMB3
s3:smbd: Add SMB3 connection information to session info
librpc: Add dcerpc helper dcerpc_is_transport_encrypted()
s3:smbd: Use defines to set 'srv_smb_encrypt'
s3:rpc_server: Allow to use RC4 for setting passwords
s4:rpc_server: Allow to use RC4 for setting passwords
s4:param: Add 'weak crypto' getter to pyparam
python:tests: Add SAMR password change tests for fips
python:tests: Add SAMR password change tests for fips
auth:creds: Rename CRED_USE_KERBEROS values
auth:creds:tests: Migrate test to a cmocka unit test
s3:vfs: Document the encryption_required flag in vfs.h
bootstrap: Add Fedora 33
s3:rpc_server: Use gnutls_cipher_decrypt() in get_trustdom_auth_blob()
s4:rpc_server: Use gnutls_cipher_decrypt() in get_trustdom_auth_blob()
s3:rpc_server: Allow to use RC4 for creating trusts
s4:rpc_server: Allow to use RC4 for creating trusts
sefltest: Enable the dcerpc.createtrustrelax test against ad_dc_fips
s3:smbd: Fix possible null pointer dereference in token_contains_name()
testprogs: Fix MIT KRB5 export keytab with > 1.18
s3:smbd: Fix a possible null pointer deref in oplock code
s3:winbind: Check return code of set_blocking()
libcli:smb: Check return code of set_blocking
s3:smbd: Check return code of set_blocking()
s3:lib: Check return code of set_blocking()
s3:libsmb: Fix clang warnings that fnum might be used uninitialized
winexe: Fix a possible null pointer derference
s3:spoolssd: Fix creating binding string for error message
s3:lsasd: Fix creating binding string for error message
s3:mdssd: Fix creating binding string for error message
s3:libsmb: Return early if dir is NULL
docs-xml: Add a section about weak crypto in testparm manpage
auth:creds: Add cli_credentials_dump()
lib:util: Add directory_create_or_exists_recursive()
s3:lib: Create the cache path of user gencache recursively
s3:utils: Remove unused header and deps from destroy_netlogon_creds_cli
s3:utils: Fix header and deps of mvxattr
s3:utils: Remove unused popt_common.h header from net_rpc_shell.c
s3:utils: Remove unused popt_common.h header from net_vfs.c
s3:utils: Remove unused popt_common.h header from log2pcaphex.c
s3:waf: Do not link smbspool against popt_samba3
s3:waf: Do not link tevent_glib_glue_test against popt_samba3
s3:libsmb: Pass cli_credentials to get_ipc_connect()
s3:libsmb: Pass cli_credentials to get_ipc_connect_master_ip()
s3:libsmb: Use cli_credentials directly
libcli:smb: Fix a typo in a debug message
Andrew (1):
s3:util:net_conf - allow empty path for [homes]
Andrew Bartlett (56):
dbcheck: Allow a dangling forward link outside our known NCs
heimdal: Exclude more of plugin.c if HAVE_DLOPEN (which Samba unsets) is
not set
Compile .l files (flex) with the waf rule at runtime
Revert "build: fix the coverage build"
heimdal_build: Add missing dependency on heimbase
selftest: Work around existing CA certificates to get PKINIT tests working
kdc: Remind us that these values need to match other values
selftest: Add test for suppression of deprecation warnings
param: Allow tests to silence deprecation warnings
selftest: Do not let deprecated option warnings muck this test up
docs: Deprecate NT4-like domains and SMBv1-only protocol options
docs: deprecate "client use spnego"
docs: deprecate "client lanman auth"
docs: deprecate "client NTLMv2 auth"
docs: deprecate "client plaintext auth"
docs: deprecate "raw NTLMv2 auth"
WHATSNEW: list deprecated parameters
bootstrap: Fix spelling of README.md
bootstrap: Fix python dependencies
Remove pyiso8601 from third_party
python: Add checks for some more required python packages
python: Remove remaining references to third_party python libs
oss-fuzz: Try harder to ensure we always fail fast
oss-fuzz: Ensure a UTF8 locale is set for the samba build
oss-fuzz: standardise on RUNPATH for the static-ish binaries
bootstrap: Fix the spelling of README.md (again) and get a new GnuTLS
autobuild.py: Combine samba-static and samba-nopython
build: Remove Python2 support from the build
build: Remove Python2 handling in SAMBA_CHECK_PYTHON_HEADERS()
.gitlab-ci.yml: Set interuptable: true
selftest: Move some more tests from the samba-o3 job
autobuild: Remove the os.getpid() from the autobuild directory
.gitlab-ci.yml: Remove echo of (incorrect due previous commit) command
autobuild: Remove more "make install" steps
autobuild: Merge no-modules test with the library --disable-python build
fuzzing: Fix the oss-fuzz coverage build
fuzzing: Improve robustness and documentation of the ldd-base library copy
oss-fuzz: standardise on RPATH for the static-ish binaries
oss-fuzz: update comment to reference RPATH for the static-ish binaries
oss-fuzz: Always run the check, even on the oss-fuzz platform
oss-fuzz: Add very verbose explaination for RPATH vs RUNPATH
.gitlab-ci.yml: Run the coverity submission job in parallel with the
builds
.gitlab-ci.yml: Ensure we compile before we start the main parallel
testing
selftest: Send enterprise principals tagged as such
selftest: Fix flipped machine and user constants
selftest: Make as_canonicalization_tests.py easier to run outside "make
test"
samdb: Add samdb.domain_netbios_name()
selftest: Make as_canonicalization_tests.py auto-detect the NT4 domain
name
selftest: Fix formatting of failure (traceback and options swapped in
format string)
selftest: Add in encrypted-pa-data from RFC 6806
selftest: Windows 2019 implements the RemoveDollar behaviour for
Enterprise principals
samba-tool domain backup: Confirm the sidForRestore we will put into the
backup is free
torture: Do not call destroy_dlz() on uninitialised memory
Do not create an empty DB when accessing a sam.ldb
samba_upgradedns: Do not print confusing logs about missing .zone files
samba-tool: Give better error information when the 'domain backup
restore' fails with a duplicate SID
Andrew Walker (9):
vfs_zfsacl: Add new parameter to stop automatic addition of special
entries
vfs_zfsacl: only grant DELETE_CHILD if ACL tag is special
vfs_zfsacl: add zfs configuration guidance to manpage
lib:util:loadparm - fix leak in lpcfg_dump_a_parameter
s3:param:service - ensure registry shares loaded before home check
s3:rpcclient fix NULL - deref caused by misuse of chgpasswd3
s4:libnet:py_net - free event context in dealloc fn
s3:smbd:trans2.c - add twrp to tmp smb_fname in smbd_do_qfsinfo
s3:utils - explicitly free cmdline_messaging_context
Anoop C S (3):
vfs_shadow_copy2: Avoid closing snapsdir twice
manpages/vfs_glusterfs: Mention silent skipping of write-behind translator
vfs_shadow_copy2: Preserve all open flags assuming ROFS
Archana (1):
vfs_gpfs:Logging filename for smbd_gpfs_set_times_path()
Arne Kreddig (1):
vfs_virusfilter: Allocate separate memory for config char*
Arran Cudbard-Bell (2):
lib: talloc: Add more debugging text for existing memlimit + pool tests
lib: talloc: More tests for realloc when used with memlimited pools
Björn Baumbach (17):
samba-tool user: add new user 'rename' command
samba-tool: add new "user unlock" command
selftest: add test for new "samba-tool user unlock" command
docs:smbdotconf: fix a typo in oldpasswordallowedperiod.xml
blackbox/test_samba-tool_ntacl.sh: script requires two arguments
s3:libsmb: set min smb protocol when enforcing smb1 on connect
s3:libsmb: set correct min and max smb protocol when smb2 is enforced on
connect
python/ntacls.py: add SMBHelper.set_acl() helper function
python/tests: add tests for smb notify and the dependency to the TRAVERSE
privilege
selftest: add option to pass args to tests to planpythontestsuite()
selftest: add tests for smb notify, using the a special share
smbd/notify: add option "honor change notify privilege"
doc/samba-tool: describe command parameters for "group listmembers"
command
doc/samba-tool: describe command parameters for "user list" command
samba-tool: Optionally hide disabled/expired accounts in "user list"
samba-tool: Optionally hide disabled/expired accounts in "group
listmembers"
WHATSNEW.txt: Miscellaneous samba-tool changes
Björn Jacke (41):
srv_spoolss_nt.c: fix wrong value in debug message
cli_winreg_spoolss: handle also printer sharename
nt_printing_ads: add missing printShareName attribute when publishing
printers
docs: fix default value of spoolss:architecture
nt_printing_ads: support more attributes for AD published printers
talloc: also use portable __has_attribute macro to check for "deprecated"
attribute
replace: also use portable __has_attribute macro to check for
"deprecated" attribute
tevent: also use portable __has_attribute macro to check for "deprecated"
attribute
spoolss.idl: add some missing PROCESSOR_ARCHITECTURE defines
spoolss.idl: add some missing processor defines
spoolss.idl: add spoolss architecture defines, that we require
printing: move archi_table declarations into nt_printing.h
printing/spoolss: add ARM64 support
spoolss.idl: remove obviously bogous PROCESSOR_ARM 0 define
pam_winbind/ro.po: fix error from previous patch merge
replace/waf: fix libnsl checking on Solaris
waf/texpect: add required nsl dependency for Solaris
replace: define BOOL_DEFINED to fix header yp_prot header check on Solaris
heimdal_build: silence warning: macro redefined
waf: use _POSIX_PTHREAD_SEMANTIC on Solaris
debug: remove a cast, which makes the Solaris Studio compiler unhappy
http_conn.c: fix "void function cannot return value" error
auth_generic: fix empty initializer compile warning
talloc: fix studio compiler build
talloc/pytalloc: fix studio compler build
tdb: fix studio compiler build
pidl: use unused attribute only if supported by feature macro
torture/sharemode: fix empty initializer compile warning
ldb_kv_index: fix empty initializer compile warning
ldb_key_value_test: studio compiler doesn't like empty struct definitions
ldb_parse_test: studio compiler doesn't like empty struct definitions
util_net: fix a statement not reached warning
waf: check for pragma init/fini support for constructors/destructors
talloc: alternatively use prama init for constructors if supported
winbind: alternatively use prama fini for destructors if supported
dns_update.c: handle DNS_QTYPE_ALL
tests: also test v6 for async dns test by using dig
tests: also test net ads dns (un)register with IPv6
dnsupdates: clean up all RRSets and not only type A
net: remove obsolete net ads dns gethostbyname command
WHATSNEW: printing changes
Bradley M. Kuhn (3):
Update Samba's DCO license in compliance with CC-BY-SA 4.0
Rename Samba's DCO to Samba Developer's Declaration
VFS-License-clarification: minor improvements aligning w/ GPLv3 text
Christof Schmitt (25):
smbd: Remove code inside #ifdef NEXT2
s4:client: Remove code inside #ifdef NEXT2
lib/util: Remove code inside #ifdef NEXT2
lib/util: Remove code inside #ifdef HAVE_BROKEN_READDIR_NAME
smbd: Remove code inside #ifdef HAVE_BROKEN_READDIR_NAME
pam_winbind: Fix CID 242274 Time of check time of use
test_vfs_posixacl: Add unit test for Linux POSIX ACL mapping
vfs_posixacl: Remove unnecessary call to acl_set_permset
util: Allow symlinks in directory_create_or_exist
util: Add cmocka unit test for directory_create_or_exists
lib/util: Remove unnecessary semicolon from wscript_build
lib/util: Fix cleanup in unit test
lib/util: Remove wrong return statement in unit test
lib/util: Move cleanup for unit test in teardown function
wscript: Make list of shared modules available in STRING_SHARED_MODULES
selftest: Add function for checking whether a module is enabled
selftest: Add unit test for vfs_gpfs
test_vfs_gpfs: Add test for lease mapping function
test_vfs_gpfs: Add test for winattr mappings
test_vfs_gpfs: Add test for file id generation
idmap_ad: Honor "client ldap sasl wrapping" config setting
s3:VFS: Remove function declaration for vfs_posixacl_init
lib: Make get_share_security_default static
smbclient: Remove unused reference to extern override_logfile
third_party: Update gpfs.h to 5.0.5.3 version
David Disseldorp (16):
doc: describe smbcacls --propagate-inheritance
build: toggle vfs_snapper using --with-shared-modules
build: avoid unnecessary TO_LIST() calls for static strings
build: avoid some unnecessary list.extend() calls
s4:torture/rpc: run tests in the order that they're added
s4:torture/rpc: flip order of netlogon tests
s4:torture/rpc: move test_fsrvp_seq_timeout as last
ctdb/ceph: register recovery lock holder with ceph-mgr
ctdb/doc: mention ctdb_mutex_ceph_rados_helper mgr registration
ctdb/test_ceph_rados_reclock: check for service registration
Revert "vfs_ceph: drop fdopendir handler"
smb2_ioctl_network_fs: fix minor leak in error path
s3:smbd: rename has_ctdb_public_ip to has_cluster_movable_ip
s3:ctdbd_conn: simplify get_public_ips() / find_in_public_ips() API
build: put quotes around '!vfs_snapper' module instructions
doc: improve --with-shared-modules documentation
David Mulder (75):
gpo: Test gpo hourly scripts apply
gpo: Apply Group Policy Hourly Scripts
gpo: Test gpo monthly scripts apply
gpo: Apply Group Policy Monthly Scripts
gpo: Test gpo weekly scripts apply
gpo: Apply Group Policy Weekly Scripts
gpo: Move all scripts to a sub-category in samba.admx
gpo: Scripts extension use 'gp_' prefix, not 'tmp'
gpo: Scripts gpo add warning about generated scripts
gpo: Test Group Policy Sudo Rights
gpo: Apply Group Policy Sudo Rights
gpo: Test proper decoding of utf-16 inf files
gpo: Properly decode utf-8/16 inf files from bytes
gpo: Add --rsop option to samba-gpupdate
gpo: Test samba-gpupdate --rsop
gpo: Add RSOP output for Security Extension
gpo: Add RSOP output for Scripts Extension
gpo: Extract Kerberos policy from Security extension
gpo: Extract Access policy from Security extension
gpo: Remove unused gp_ext_setter code
python compat: remove ConfigParser
Add WHATSNEW section on Client Group Policy
gpo: Test rsop output for Sudoers policy
gpo: Add rsop output for Sudoers policy
gpo: Clarify the contents of deleted_gpo_list in process_group_policy
gpo: Avoid using distutils since it will be deprecated
gpo: Cleanup script policy test
gpo: Cleanup sudoers policy test
gpo: Script ext should not crash if script missing
gpo: Sudoers ext should not crash if policy missing
gpo: Test multiple extention unapply
gpo: Fix unapply failure when multiple extensions run
gpo: Display Security Extension RSOP on ADDC only
gpo: Move gp_sec_ext conversion functions to top
gpo: gp_krb_ext always uses set_kdc_tdb to update
gpo: Add admx files for smb.conf parameters
gpo: Test Group Policy smb.conf Extension
gpo: Add CSE for applying smb.conf
GPO: Test rsop output for smb.conf policy
GPO: Add rsop output for smb.conf policy
gpo: Test Group Policy Message of the day
gpo: Apply Group Policy Message of the day
gpo: Test Group Policy Login Prompt Message
gpo: Apply Group Policy Login Prompt Message
GPO: Test rsop output for Messages policy
GPO: Add rsop output for Messages policy
samba-tool: Test creating unix user with modified template homedir
samba-tool: Create unix user with modified template homedir
gpo: Test rsop function for success
gpo: Pass necessary parameters to rsop
GPO: Update the samba-gpupdate man page
waf: upgrade to 2.0.20
ctdb: Prevent man page duplication
python: Move dsdb_Dn to samdb
python2 reduction: Merge remaining compat code into common
py3: Add is_ad_dc_built option to python glue
Test password removal via python proctitle
samba-tool: Test gpo Sudoers list command
samba-tool: Add a gpo command for listing Sudoers Group Policies
samba-tool: Test gpo Sudoers add command
samba-tool: Add a gpo command for adding Sudoers Group Policy
samba-tool: Test gpo Sudoers remove command
samba-tool: Add a gpo command for removing Sudoers Group Policy
samba-tool: Test gpo Security set command
samba-tool: Add a gpo command for setting Security Group Policy
samba-tool: Test gpo Security list
samba-tool: Add a gpo command for listing Security Group Policies
samba-tool: Test gpo smb.conf list command
samba-tool: Add a gpo command for listing smb.conf Group Policies
samba-tool: Test gpo smb.conf set command
samba-tool: Add a gpo command for setting smb.conf Group Policy
WHATSNEW: samba-tool gpo manage command
gpo: Add gp_xml_ext parser for group policy
gpo: Test Group Policy VGP Sudo Rights
gpo: Apply Group Policy Sudo Rights from VGP
Denis Karpelevich (1):
s3:tests: Add tests for 'valid users'.
Dimitry Andric (1):
lib: Avoid declaring zero-length VLAs in various messaging functions
Douglas Bagnall (67):
s4/torture/smb2/oplock: fix compilation by initialising variable
s4/torture: fix compilation in smb2/multichannel
dbcheck: omit unused argument in err_wrong_default_sd
python/ms_forest_updates_markdown: avoid implicit global variable
s4/scripting/samba_dnsupdate: remove unreachable code
samba-tool ntacl: remove unused imports and variables
python/upgradehelpers: remove unused imports and variables
python/join: use the provided krbtgt link in cleanup_old_accounts
python: wrap 'import dckeytab' in an explanatory function
python: samba.compat rejects Python 2
ldb_controls: control_to_string avoids crash
oss-fuzz: use uninstrumented dynamic python
ndr: maintain proper talloc tree in pull_string_array
ndr: avoid excessive reallocing in pull_string_array
python tests: drop python 2.6 compatibility functions
README.Coding: target Python 3.6+
ndr: fix ndr_pull_string_array() off by one alloc
libprc/test: add pull_string_array large array test
python compat: remove integer_types
python compat: remove string_types
python compat: remove StringIO
python compat: reduce use of 'if PY3:'
python compat: remove binary_type
python compat: remove text_type
s4: dns: Ensure variable initialization with NULL.
s4/dns: do not crash when additional data not found
tests/vlv: remove redundant assignments
tests/vlv: attempt to cause trouble by changing sort attribute
lib/util/asn1: avoid technically undefined shift
lzxpress: avoid technically undefined shift
utils/asn1: avoid undefined behaviour warning
fuzz: add fuzz_dcerpc_parse_binding
fuzz: add fuzz_cli_credentials_parse_string
fuzz_dcerpc_parse_binding: don't leak
fuzzing/README: link to wiki
fuzz/oss-fuzz/build-samba: note the calling site
fuzz/oss-fuzz/build_samba: fetch fuzz seeds
rpc: avoid undefined behaviour when parsing bindings
dsdb/mod/operational: correct comment arithmetic
samba-tool domain: move timestamp functions to common
samba-tool pso uses common timestamp functions
samba-tool drs: move attr_default to common
samba-tool gpo: use common attr_default
python: remove unused provision.check_install()
drs_utils: remove unused sendRemoveDsServer()
selftest/subunit: python file modernisation
dbcheck: fix documentation for err_duplicate_values
dbcheck: fix documentation for err_base64_userParameters
dbcheck: fix documentation and typo for err_utf_userParameters
dbcheck: fix documentation for err_doubled_userParameters
dbcheck: add docstring for err_odd_userParameters
dbcheck: don't try to stringify values list twice
dbcheck: drop py2 support from dump_attr_values()
dbcheck: improve some duplicate doc strings
dbcheck: remove unused fix_incorrect_deleted_objects flag
dbcheck: fix doc for do_rename()
dbcheck: fix doc for err_normalise_mismatch*
dbcheck: err_normalise-mismatch_replace: no msg if no error
dbcheck: make rIDSetReferences attr check case-insensitve
dbcheck: check_object() caches of lower case attr names
dbcheck: do not add duplicate attrs for checking
dbcheck: add a helper function for attr tracking
dbcheck: split out attr calculations from check_object()
dbcheck: better disambiguate 'attrs'
dbcheck: reduce useless use of str(attrname)
dbcheck: check_object/userparams: use variable for clarity
dbcheck: clarify check_object userparams
Gary Lockyer (40):
heimdal: Use #ifdef HAVE_DLOPEN around functions used only by HAVE_DLOPEN
heimdal: Use #ifdef HAVE_DLOPEN around function used by HAVE_DLOPEN
Make HEIMDAL_WARN_UNUSED_RESULT_ATTRIBUTE available in krb5.h
heimdal_build: Include keys.c in the hdb autoproto
heimdal_build: provide a prototype with the dummy afs header-only
function stubs
heimdal_build: Do not allow warnings in the heimdal code!
Fix clang 9 format-nonliteral warning
CVE-2020-1472(ZeroLogon): s4 torture rpc: Test empty machine acct pwd
CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated bytes in client
challenge
CVE-2020-1472(ZeroLogon): rpc_server/netlogon: Fix confounder check
CVE-2020-1472(ZeroLogon): Add zerologon test suite
CVE-2020-1472(ZeroLogon): torture: Move existing tests
CVE-2020-1472(ZeroLogon): torture: ServerSetPassword2 all zero enc req
CVE-2020-1472(ZeroLogon): torture: ServerSetPassword2 all zero password
CVE-2020-1472(ZeroLogon): torture: ServerSetPassword2 confounder
CVE-2020-1472(ZeroLogon): torture: ServerSetPassword2 all zero password
CVE-2020-1472(ZeroLogon): torture: ServerSetPassword2 max len password
CVE-2020-1472(ZeroLogon): torture: ServerSetPassword2 zero password
selftest: add mit kdc specific known fail
tests python krb5: Make PrincipalName_create a class method
tests python krb5: Add canonicalize flag to ASN1
tests python krb5: Add python kerberos canonicalization tests
selftest: add heimdal kdc specific known fail
tests python krb5: Add python kerberos compatability tests
tests python krb5: Add constants module
tests python krb5: Refactor canonicalization test constants
tests python krb5: Refactor compatability test constants
tests python krb5: raw_testcase permit RC4 salts
tests python krb5: Convert kdc-heimdal to python
tests python krb5: refactor compatability tests
tests python krb5: add arcfour salt tests
tests python krb5: Extra canonicalization tests
tests python krb5: Add Authorization data ad-type constants
tests python krb5: add test base class
tests python krb5: initial TGS tests
pep8 tidy up config
tests python krb5: Add key usage constants
tests python krb5: use key usage constants
tests python krb5: PEP8 cleanups
s4 auth ntlm: Fix integer overflow in authsam_password_check_and_record
Günther Deschner (8):
docs: Add missing winexe manpage
CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: refactor
dcesrv_netr_creds_server_step_check()
CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: support "server require
schannel:WORKSTATION$ = no"
CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: log warnings about
unsecure configurations
s3-vfs_glusterfs: refuse connection when write-behind xlator is present
s3-vfs_glusterfs: always disable write-behind translator
s4-torture: test file_line_parse as well
vfs_glusterfs: print exact cmdline for disabling write-behind translator
Heiko Baumann (1):
Remove password from samba-tool proctitle
Hezekiah (1):
Fixed arrow keys typo to the computer move command utility
Isaac Boukris (18):
selftest: add tests for net-ads over TLS
Decouple ldap-ssl-ads from ldap-ssl option
Fix ads_set_sasl_wrap_flags to only change sasl flags
ads: set sasl-wrapping to plain when over TLS
net: ignore possible SIGPIPE upon ldap_unbind when over TLS
s3-libads: Pass timeout to open_socket_out in ms
Add a test with old msDS-SupportedEncryptionTypes
Revert "selftest: add tests for net-ads over TLS"
Remove depracated "ldap ssl ads" smb.conf option
lib:crypto: Add py binding for set_relax/strict fips mode
Add smb2cli_session_get_encryption_cipher()
Add dcerpc_transport_encrypted()
Add py binding for dcerpc_transport_encrypted
selftest: add a test for py dce transport_encrypted
Add CreateTrustedDomainRelax wrapper for fips mode
Use the new CreateTrustedDomainRelax()
selftest: add a test for the CreateTrustedDomainRelax wrapper
Remove source4/scripting/devel/createtrust script
Jeremy Allison (293):
s3: lib: Fix missing TALLOC_FREE in error code path.
s3: lib: Cleanup - all the ipstr_XXX() functions are only used in
namecache.c.
s3: lib: Cleanup - nothing uses ipstr_list_free(). Remove it.
s3: lib: Cleanup - make ipstr_list_make() and ipstr_list_parse() private
to the only user.
s3: libsmb: Cleanup modern coding standards. 'True/False' -> 'true/false'.
s3: libsmb: Cleanup - move talloc frame out of inner scope.
s3: libsmb: Cleanup - namecache_store() initialize stack variables.
s3: libsmb: Cleanup - namecache_store() - use common out.
s3: libsmb: Cleanup - make namecache_key() use talloc.
s3: libsmb: Cleanup - make namecache_status_record_key() use talloc.
s3: libsmb: Cleanup - Move DEBUG -> DBG_XXX() macros.
s3: libsmb: Cleanup - Make ipstr_list_make() talloc rather than malloc.
s3: libsmb: Namecache. Fix bug missed by me in previous cleanup.
s3: scripts: Selfttest. samba3.blackbox.smbclient_iconv.*
s3: libsmb: Cleanup - ensure we don't try and continue resolving names on
failure of convert_ss2service().
s3: libsmb: Cleanup - change to early continue in internal_resolve_name()
for resolve_hosts().
s3: libsmb: Cleanup - change to early continue in internal_resolve_name()
for KDC resolve_ads().
s3: libsmb: Cleanup - change to early continue in internal_resolve_name()
for resolve_ads().
s3: libsmb: Cleanup - change to early continue in internal_resolve_name()
for resolve_lmhosts_file_as_sockaddr().
s3: libsmb: Cleanup - change to early continue in internal_resolve_name()
for 0x1D name in resolve_wins().
s3: libsmb: Cleanup - change to early continue in internal_resolve_name()
for resolve_wins().
s3: libsmb: Cleanup - change to early continue in internal_resolve_name()
for name_resolve_bcast().
s3: libsmb: Cleanup - use helper 'ok' bool for resolve_hosts().
s3: libsmb: Cleanup - use helper 'ok' bool for
resolve_lmhosts_file_as_sockaddr().
s3: libsmb: Cleanup - use helper 'ok' bool for resolve_wins().
s3: libsmb: Cleanup - use helper 'ok' bool for name_resolve_bcast().
s3: libsmb: Cleanup - use helper 'ok' bool for internal_resolve_name().
s3: libsmb: Cleanup - split allocation and NULL check in
internal_resolve_name().
s3: libsmb: Cleanup - modernize DEBUG -> DBG_ in internal_resolve_name()
s3: libsmb: Cleanup - Remove incorrect comment in resolve_ads(). The DNS
code copes fine with IPv6 addresses.
s3: libsmb: Cleanup - reformatting resolve_hosts() parameters inside
internal_resolve_name().
s3: libsmb: Cleanup - reformatting resolve_ads() parameters inside
internal_resolve_name().
s3: libsmb: Cleanup - reformatting 2nd use of resolve_ads() parameters
inside internal_resolve_name().
s3: libsmb: Cleanup - reformatting resolve_lmhosts_file_as_sockaddr()
parameters inside internal_resolve_name().
s3: libsmb: Cleanup - reformatting resolve_wins() parameters inside
internal_resolve_name().
s3: libsmb: Cleanup - reformatting name_resolve_bcast() parameters inside
internal_resolve_name().
s3: libsmb: Cleanup - put talloc parameter first in resolve_hosts().
s3/s4: Cleanup. Move TALLOC_CTX * parameter to be first in
resolve_lmhosts_file_as_sockaddr() to match modern conventions.
s3: libsmb: Cleanup - put talloc parameter first in resolve_wins().
s3: libsmb: Cleanup - put talloc parameter first in name_resolve_bcast().
s3: libsmb: Cleanup - ensure ss_list variables are initialized with NULL.
s3: libsmb: Pass in TALLOC_CTX * parameter to resolve_ads() instead of
creating one internally.
s3: libsmb: Add in (currently unused) function dns_lookup_list().
s3: libsmb: Rewrite resolve_ads() to use the previously added
dns_lookup_list() function.
s3: libsmb: Change resolve_ads() to return a talloc'ed ss_list, matching
the other name resolution methods.
s3: libsmb: Now all resolution functions return a ss_list on success, we
only need one local variable for this.
s3: libsmb: Move all calls to convert_ss2service() to one place now all
methods return a sockaddr_storage.
lib: addns: Add code for asynchronously looking up A records.
lib: addns: Add code for asynchronously looking up AAAA records.
s3: net: Add new 'net ads dns async <name>' command.
s4: tests: Add new async DNS unit test -
samba4.blackbox.net_ads_dns_async(ad_member:local).
s3: Parameters. Add 'async dns timeout' parameter. Default to 10. Minimum
value 1.
s3: libsmb: Add dns_lookup_list_async() - not yet used.
s3: libsmb: Use dns_lookup_list_async() instead of dns_lookup_list().
s3: libsmb: Remove dns_lookup_list(). No longer used.
s3: libsmb: Make dns_lookup_list_async() available to other Samba callers.
s3: libsmb: Make discover_dc_dns() use async DNS.
s3: libsmb: Add utility function sockaddr_storage_to_samba_sockaddr().
s3: libsmb: Change dns_lookup_list_async() and associated functions to
return a struct samba_sockaddr * array.
s3: libsmb: Cleanup - Move dsgetdcname.c to using struct samba_sockaddr
internally.
s3: libsmb: Cleanup - Remove the last use of a struct sockaddr_storage
variable in dsgetdcname.c
s3: libads: Add utility function ads_zero_ldap().
s3: libads: Where we implicitly zero out ads->ldap in ads_init() or
ads_destroy() ensure we call ads_zero_ldap() after.
s3: libads: In ads_connect(), and ads_disconnect(), replace
ZERO_STRUCT(ads->ldap) with calls to ads_zero_ldap(ads)
s3: libads: ads_connect can be passed in an ADS_STRUCT with an existing
IP address.
s3: libads: Don't re-do DNS lookups in ads_current_time() if not needed.
s3: libads: Don't re-do DNS lookups in ads_domain_func_level() if not
needed.
s3: libsmb: Cleanup - Remove one call to set_socket_addr_v4().
s3: libsmb: Cleanup - change parameter and callers of
set_socket_addr_v4() to samba_sockaddr.
s3: libsmb: Cleanup - Longlines cleanup for README.Coding standards.
s3: libsmb: Cleanup - make node_status_query_send() use samba_sockaddr
internally.
s3: libsmb: Cleanup - make name_status_lmhosts() use samba_sockaddr
internally.
s3: libsmb: Cleanup - make name_query_send() use samba_sockaddr
internally.
s3: libsmb: Cleanup - convert addr_compare() to using samba_sockaddr
internally.
s3: libsmb: Cleanup - Use samba_sockaddr as intended in resolve_name() to
make ugly casts go away.
s3: libsmb: Cleanup - Remove two more sockaddr casts inside
remove_duplicate_addrs2().
s3: libsmb: Cleanup - Remove the last two sockaddr casts in namequery.c
in name_query_validator().
s3: libsmb: Cleanup - Remove a union in sock_packet_read_got_socket()
that was an early attempt a samba_sockaddr.
s3: libsmb: Cleanup - Pass samba_sockaddr directly to nb_trans_send().
s3: libads: Cleanup - Remove two more ugly const struct sockaddr * casts
in get_kdc_ip_string().
s3: libsmb: Cleanup - remove an ugly sockaddr_in cast inside
resolve_wins_send().
s3: libsmb: Inside get_dc_list() move one more sockaddr_storage ->
samba_sockaddr.
s3: libsmb: Remove one more ugly sockaddr cast in resolve_name_list() by
converting to samba_sockaddr.
s3: libsmb: discover_dc_netbios(). Remember to free on error return.
s3: libsmb: Cleanup - ensure we initialize all stack variables to 'safe'
values when calling get_kdc_list() that may not touch returns on error.
s3: libsmb: Cleanup - ensure we initialize all stack variables to 'safe'
values when calling get_sorted_dc_list() that may not touch returns on error.
s3: libsmb: Cleanup - correctly error on
sockaddr_storage_to_samba_sockaddr() fail.
s3: libsmb: Cleanup - Use helper variable for return from
namecache_fetch() in internal_resolve_name().
s3: libsmb: Add utility funtion dup_ip_service_array().
s3: libsmb: Add get_kdc_list_talloc().
s3: libads: Make get_kdc_ip_string() use get_kdc_list_talloc().
s3: utils: net_lookup. Convert to use get_kdc_list_talloc().
s3: libsmb: Remove now unused get_kdc_list() (non-talloc version).
s3: libads: Rename get_kdc_list_talloc() -> get_kdc_list().
s3: libsmb: Add get_sorted_dc_list_talloc().
s3: libads: Move callers of get_sorted_dc_list() ->
get_sorted_dc_list_talloc().
s3: libsmb: Move callers of get_sorted_dc_list() ->
get_sorted_dc_list_talloc().
s3: net lookup: Move callers of get_sorted_dc_list() ->
get_sorted_dc_list_talloc().
s3: winbindd: Move callers of get_sorted_dc_list() ->
get_sorted_dc_list_talloc().
s3: libsmb: Remove get_sorted_dc_list().
s3: libsmb: Rename get_sorted_dc_list_talloc() -> get_sorted_dc_list()
s3: libsmb: Cleanup - rename ctx -> frame for a talloc_stackframe to
match modern coding standards.
s3: libsmb: Change to an early return in get_dc_list().
s3: libsmb: Change get_dc_list() to return a size_t count parameter.
s3: libsmb: Cleanup - use early return in get_dc_list().
s3: libsmb: Make get_dc_list() internal to namequery.c return talloc'ed
ip_service array.
s3: libsmb: namequery - Add internal_resolve_name_talloc().
s3: libsmb: namequery - Make resolve_name() use
internal_resolve_name_talloc().
s3: libsmb: Make resolve_name_list() use internal_resolve_name_talloc().
s3: libsmb: Make find_master_ip() use internal_resolve_name_talloc().
s3: libsmb: Make get_pdc_ip() use internal_resolve_name_talloc().
s3: libsmb: Make get_dc_list() use internal_resolve_name_talloc().
s3: libsmb: Make discover_dc_netbios() use internal_resolve_name_talloc().
s3: libsmb: Remove internal_resolve_name() externally. All callers now
use internal_resolve_name_talloc().
s3: libsmb: Rename internal_resolve_name_talloc() ->
internal_resolve_name().
s3: libsmb: Move talloc_stackframe() initialization to the front of
_internal_resolve_name().
s3: libsmb: Change remove_duplicate_addrs2() to take and return size_t,
not int.
s3: libsmb: Cleanup the code to do one address return given an IP address
to _internal_resolve_name().
s3: libsmb: Convert namecache_fetch() and it's only caller to return a
talloc'ed array of struct samba_sockaddr.
s3: libsmb: _internal_resolve_name(). Remove unused free(s).
s3: libsmb: Make namecache_store() take an unsigned count.
s3: libsmb: Change convert_ss2service() and it's one caller to take and
return unsigned counts.
s3: libsmb: Cleanup coding in convert_ss2service().
s3: libsmb: _internal_resolve_name() code cleanup.
s3: libsmb: _internal_resolve_name() code cleanup.
s3: libsmb: Make _internal_resolve_name() return a size_t pointer for
count.
s3: libsmb: Finally change _internal_resolve_name() to return a talloc'ed
ip_service array.
s3: libsmb: Remove now unused dup_ip_service_array().
s3: libsmb: Comment out wrapper function internal_resolve_name(). Rename
_internal_resolve_name() -> internal_resolve_name().
s3: libsmb: Remove commented out wrapper for internal_resolve_name().
s3: libsmb: Cleanup - resolve_name() get names from
internal_resolve_names() which is guaranteed not to return zero addresses.
s3: libsmb: Add internal ipstr_list_make_sa().
s3: libsmb: Add namecache_store_sa(). Doesn't store ports and takes a
samba_sockaddr array.
s3: libsmb: Use namecache_store_sa() instead of namecache_store().
s3: winbindd: Use namecache_store_sa() inside dcip_check_name().
s3: libsmb: Add internal conversion function
ip_service_to_samba_sockaddr().
s3: libsmb: Remove the last caller of namecache_store().
s3: libsmb: Remove use of struct ip_service from the namecache code.
s3: libsmb: Now we only have namecache_store_sa(), rename it back to
namecache_store().
s3: libsmb: Fix bug in get_dc_list() introduced by ip-service cleanup.
s3: libsmb: Convert node_status_query() and associated functions and
callers to expect a size_t * return.
s3: libsmb: Convert the WINS and broadcast name functions to return
size_t * num addresses.
libcli: nbt: cleanup resolve_lmhosts_file_as_sockaddr() - don't change
return values on fail.
libcli: nbt: Fix resolve_lmhosts_file_as_sockaddr() to return size_t *
count of addresses.
s3: libsmb: cleanup resolve_hosts() - don't change return values on fail.
s3: libsmb: Fix resolve_hosts() to return size_t * count of addresses.
s3: libsmb: Make resolve_ads() return a size_t * address count.
s3: libsmb: internal_resolve_name() - get rid of the icount variables.
lib: addns: Fix ads_dns_lookup_srv() and functions to return size_t * num
servers.
lib: addns: Fix ads_dns_lookup_ns(), ads_dns_query_dcs(),
ads_dns_query_gcs(), ads_dns_query_kdcs(), ads_dns_query_pdc() to return size_t
*.
s3: libsmb: Fix the count returns in discover_dc_netbios(),
discover_dc_dns(), process_dc_dns() to return size_t * counts.
s3: libsmb: Make prioritize_ipv4_list() use size_t counts.
s3: libads: Reformat args to cldap_ping_list().
s3: libads: Use size_t counts inside cldap_ping_list().
s3: libsmb: Make sort_addr_list() and sort_service_list() take size_t
counts.
s3: libsmb: Add sort_sa_list() compare function. Not yet used.
s3: libsmb: Add get_kdc_list_sa() returns samba_sockaddr array.
s3: utils: Make net_lookup_kdc() use get_kdc_list_sa().
s3: libads: Convert get_kdc_ip_string() to use get_kdc_list_sa().
s3: libsmb: Remove get_kdc_list(). No more callers.
s3: libsmb: Rename get_kdc_list_sa() back to get_kdc_list().
s3: libsmb: Add function get_sorted_dc_list_sa(). Returns samba_sockaddr
array.
s3: utils: Make net_lookup_dc() use get_sorted_dc_list_sa().
s3: libads: Add an alternate version of cldap_ping_list() that takes an
array of samba_sockaddrs.
s3: libads: Make resolve_and_ping_netbios() use get_sorted_dc_list_sa().
s3: libads: Make resolve_and_ping_dns() use get_sorted_dc_list_sa().
s3: libads: Remove cldap_ping_list().
s3: libads: Rename cldap_ping_list_sa() -> cldap_ping_list().
s3: winbind: Fix get_dcs() to use get_sorted_dc_list_sa().
s3: libsmb: Remove last caller of get_sorted_dc_list() from rpc_dc_name().
s3: libsmb: Remove get_sorted_dc_list(). No longer used.
s3: libsmb: Rename get_sorted_dc_list_sa() -> get_sorted_dc_list().
s3: libsmb: Convert internal function get_dc_list() to return a
samba_sockaddr array.
s3: libsmb: Add remove_duplicate_addrs2_sa() - uses samba_sockaddr.
3: torture: Use remove_duplicate_addrs2_sa() instead of
remove_duplicate_addrs2() in LOCAL-remove_duplicate_addrs2 test.
s3: libsmb: Add prioritize_ipv4_list_sa().
s3: libsmb: Add internal_resolve_name_sa(). A wrapper for
internal_resolve_name().
s3: libsmb: Fix discover_dc_netbios() to call internal_resolve_name_sa().
s3: libsmb: Remove the internal_resolve_name() external interface.
s3: libsmb: Rename internal_resolve_name_sa() -> internal_resolve_name()
s3: libsmb: Convert resolve_name() to call internal_resolve_name() not
_internal_resolve_name().
s3: libsmb: Convert resolve_name_list() to call internal_resolve_name()
not _internal_resolve_name().
s3: libsmb: Convert find_master_ip() to call internal_resolve_name() not
_internal_resolve_name().
s3: libsmb: Convert get_pdc_ip() to call internal_resolve_name() not
_internal_resolve_name().
s3: libsmb: Remove now unused internal functions ip_service_compare() and
sort_service_list().
s3: libsmb: Convert get_dc_list() to call internal_resolve_name() not
_internal_resolve_name().
s3: libsmb: Tidy up the talloc heirarchy allocation in get_dc_list().
s3: libsmb: Remove unused prioritize_ipv4_list().
s3: libsmb: Rename prioritize_ipv4_list_sa() -> prioritize_ipv4_list()
now it's the only use.
s3: libsmb: namequery: Add utility function
sockaddr_array_to_samba_sockaddr_array().
3: libsmb: namequery: Convert _internal_resolve_name() ->
internal_resolve_name() returning talloced samba_sockaddr arrays.
s3: libsmb: namequery.c: Remove now unused ip_service_to_samba_sockaddr().
s3: libsmb: namequery.c: Remove now unused convert_ss2service().
s3: libsmb: namequery.c: Remove now unused internal_resolve_name()
wrapper.
s3: libsmb: namequery.c: Remove unused remove_duplicate_addrs2().
s3: libsmb: namequery. Rename remove_duplicate_addrs2_sa() to
remove_duplicate_addrs2()
s3: Remove struct ip_service.
s3: libsmb: Cleanup - in internal_resolve_name() only write the out
parameters on success.
CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Fix mem leak onto
p->mem_ctx in error path of _netr_ServerPasswordSet2().
CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: protect
netr_ServerPasswordSet2 against unencrypted passwords
s3: smbd: Don't overwrite contents of fsp->aio_requests[0] with NULL via
TALLOC_FREE().
s3: smbd: dptr_create() doesn't need a separate wcard_has_wild parameter.
s3: smbd: SMB1 reply_unlink() - the UCF_COND_ALLOW_WCARD_LCOMP makes no
sense.
s3: smbd: SMB1 reply_mv() - the UCF_COND_ALLOW_WCARD_LCOMP makes no sense.
s3: smbd: SMB1 reply_copy() - the UCF_COND_ALLOW_WCARD_LCOMP makes no
sense.
s3: smbd: SMB1 reply_ntrename() - the UCF_COND_ALLOW_WCARD_LCOMP makes no
sense.
s3: smbd: MS-DFS - We no longer ever set UCF_COND_ALLOW_WCARD_LCOMP so
don't check for it.
s3: smbd: SMB1 Remove the crazy semantics in filename_convert_internal()
using UCF_COND_ALLOW_WCARD_LCOMP.
s3: smbd: SMB1 comment out unused UCF_COND_ALLOW_WCARD_LCOMP flag.
s3: smbd: SMB1 reply_ntrename() - the source cannot have a wildcard.
s3: smbd: SMB1 reply_ntrename() - Move the call to get_original_lcomp()
to before filename_convert() for the destination name.
s3: smbd: SMB1 reply_ntrename() - set dest_has_wcard from the parsed last
component.
s3: smbd: SMB1 reply_ntrename() - now we set dest_has_wcard separately we
can use srvstr_get_path_req() instead of srvstr_get_path_req_wcard().
s3: smbd: SMB1 reply_ntrename() - now we set dest_has_wcard separately we
don't need to pass it to filename_convert().
s3: smbd: srvstr_get_path_req_wcard() is now static to reply.c
s3: smbd: In SMB2 query directory we don't need to do full path
resolution of the mask component.
s3: smbd: SMB1 reply_search() doesn't actually care if the mask contains
a wildcard or not.
s3: smbd: SMB1 reply_search(). The dptr already knows if the mask has a
wildcard.
s3: smbd: SMB1 reply_search(). Use srvstr_get_path_req() not
srvstr_get_path_req_wcard()
s3: smbd: SMB1 reply_fclose() doesn't need wcard, use
srvstr_get_path_req() not srvstr_get_path_req_wcard().
s3: smbd: unlink_internals() can figure out if the mask has a wildcard on
its own.
s3: smbd: SMB1 call_trans2findfirst(). Don't need the wildcard status of
the mask here.
s3: smbd: SMB1 call_trans2findnext() doesn't need the mask_contains_wcard
bool.
s3: smbd: SMB1 reply_unlink() - use srvstr_get_path_req() not
srvstr_get_path_req_wcard()
s3: smbd: SMB1 rename_internals() can figure out the wildcard status of
the paths by itself.
s3: smbd: SMB1 reply_mv() no longer needs the XX_has_wcard variables.
s3: smbd: SMB1 reply_copy() - set the xxx_has_wild flags from the
processed names.
s3: smbd: SMB1 reply_copy(). Use srvstr_get_path_req() not
srvstr_get_path_req_wcard()
s3: smbd: SMB1 call_nt_transact_rename() never needs wcard bool.
s3: smbd: smb_file_rename_information() doesn't need to use the wildcard
status of the destination.
s3: smbd: srvstr_get_path_wcard_posix() is no longer used.
s3: smbd: Remove srvstr_get_path_wcard() - no longer used.
s3: smbd: Remove the wrapper srvstr_get_path_req_wcard().
s3: smbd: All callers to srvstr_get_path_wcard_internal() pass 'ignore'
as the last parameter.
s3: smbd: Rename srvstr_get_path_wcard_internal() ->
srvstr_get_path_internal().
s3: smbd: As srvstr_get_path_internal() ignores the wcard parameter, use
check_path_syntax() instead of check_path_syntax_wcard()
s3: smbd: All callers to filename_convert() pass in NULL for the 'bool
*ppath_contains_wcard' parameter.
s3: smbd: The only caller of filename_convert_with_privilege() passes in
NULL for the 'bool *ppath_contains_wcard' parameter.
s3: smbd: Remove the 'bool *ppath_contains_wcard' parameter from
filename_convert_internal()
s3: smbd: Remove unused 'bool *ppath_contains_wcard' parameter from
resolve_dfspath_wcard()
s3: smbd: Remove unused 'bool *ppath_contains_wcard' parameter from
dfs_redirect()
s3: smbd: Remove wrapper resolve_dfspath_wcard(). Just call
dfs_redirect() directly.
s3: smbd: Implement the 'allow_wcards' parameter inside parse_dfs_path().
s3: smbd: Remove unused 'bool *ppath_contains_wcard' parameter from
parse_dfs_path().
s3: smbd: Remove unused check_path_syntax_wcard().
s3: smbd: Remove the ignored last parameter 'bool
*p_last_component_contains_wcard' from check_path_syntax_internal().
nsswitch: Add an async DNS kerberos locator plugin.
s3: selftest: Add new SMB1-only wildcard unlink regression test.
s3: selftest: Add new SMB1-only wildcard rename regression test.
s3: smbd: SMB1 reply_copy. Check untouched last component for wildcards
in src and dst.
s3: smbd: Pure reformatting of unlink_internals() to make it obvious when
I add a parameter.
s3: smbd: Fix SMB1 reply_unlink() to handle wildcards.
s3: smbd: Add a 'const char *src_orginal_lcomp' (last component)
parameter to rename_internals().
s3: smbd: Fix SMB1 reply_mv() to handle wildcards.
Add VFS-License-clarification.txt as discussed on the Team list.
s4: torture: Add smb2.notify.handle-permissions test.
s3: smbd: Ensure change notifies can't get set unless the directory
handle is open for SEC_DIR_LIST.
s3: modules: vfs_glusterfs: Fix leak of char **lines onto mem_ctx on
return.
lib: talloc: Cleanup. Use consistent preprocessor logic macros.
lib: talloc: Fix pool object accounting when doing talloc_realloc() in
the ALWAYS_REALLOC compiled case.
lib: talloc: Fix memlimit on pool realloc.
s3: spoolss: Make parameters in call to user_ok_token() match all other
uses.
lib: talloc: Remove the ALWAYS_REALLOC code paths.
s3: modules: gluster. Fix the error I made in preventing talloc leaks
from a function.
lib: create a wrapper for file_lines_parse().
lib: Fix file_lines_parse() to do what people expect. Much safer to use.
libcli: smb2: Never print length if smb2_signing_key_valid() fails for
crypto blob.
s3: smbd: Fix misleading comment I added for commit
382a5c4e7ec08ec9291453ffad9541ab36aca274
s3/script/tests: Ensure all remote test files are removed
s3: smbd: Quiet log messages from usershares for an unknown share.
smbd: smb_info_set_ea() can only get fsp==NULL in POSIX mode accessing a
symlink.
smbd: set_ea() must have an fsp, so remove uses of the smb_fname
parameter.
smbd: Remove the smb_fname parameter from set_ea().
smbd: Fix debugs in file_new() and fsp_new().
smbd: dup_file_fsp() for old DOS style opens also needs to copy the new
flags.
smbd: If an smb_filename already has a pathref fsp don't overwrite it.
smbd: On error exit in create_file_unixpath(), we can't call close_file()
on uncompleted opens.
smbd: Move closing a print file out of close_normal_file() (it isn't a
normal file) and into close_file().
smbd: Ensure close_directory() and close_normal_file() only deal with
is_fsa files.
smbd: close_file() should never see an internal dirfsp.
s3: smbd: Factor out setting up case parameters for a share to a function
- conn_setup_case_options().
s3: smbd: Add call to conn_setup_case_options() to
create_conn_struct_as_root().
libcli/smb: Allow smb2cli_validate_negotiate_info_done() to ignore
NT_STATUS_INVALID_PARAMETER.
s3: VFS: ceph: Fix cephwrap_mkdirat() to cope with real directory fsps.
s3: VFS: ceph: Fix cephwrap_mknodat() to cope with real directory fsps.
s3: VFS: glusterfs: Fix missing END_PROFILE() in mkdirat() return.
s3: VFS: glusterfs: Fix vfs_gluster_mknodat() to cope with a real dirfsp.
s3: smbd: Move creation of parent_fname out of lp_inherit_permissions()
clause in smb_unix_mknod().
s3: smbd: Change smb_unix_mknod() to use a real directory fsp for
SMB_VFS_MKNODAT().
s3: VFS: ceph: Fix cephwrap_symlinkat() to cope with real directory fsps.
s3: VFS: glusterfs: Fix vfs_gluster_symlinkat() to cope with a real
dirfsp.
s3: smbd: Change smb_set_file_unix_link() to use a real directory fsp for
SMB_VFS_SYMLINKAT().
vfs: update status of SMB_VFS_SYMLINKAT()
Jones Syue (1):
interface: fix if_index is not parsed correctly
Jule Anger (27):
samdb: add prepare_attr_replace() method
samdb: add fullname_from_names() method
testsuite: add test suite for samba-tool contact commands
doc: add samba-tool user rename command to samba-tool man page
samba-tool tests: add test-cases for 'user rename'
samba-tool group: add new group 'rename' command
doc: add samba-tool group rename command to samba-tool man page
samba-tool tests: add test-cases for 'group rename'
samba-tool contact: add new contact 'rename' command
doc: add samba-tool contact rename command to samba-tool man page
samba-tool tests: add test-cases for 'contact rename'
samba-tool ou: rename 'ou create' to 'ou add'
doc: rename 'ou create' to 'ou add'
samba-tool tests: rename 'ou create' to 'ou add'
samba-tool user: rename 'user create' to 'user add'
doc: rename 'user create' to 'user add'
samba-tool tests: rename 'user create' to 'user add'
samba-tool computer: rename 'computer create' to 'computer add'
doc: rename 'computer create' to 'computer add'
samba-tool tests: rename 'computer create' to 'computer add'
samba-tool group: add 'group create' as synonym for 'group add'
doc: add 'group create' as synonym for 'group add'
samba-tool tests: rename 'group create' to 'group add'
samba-tool contact: rename 'contact create' to 'contact add'
doc: rename 'contact create' to 'contact add'
samba-tool tests: rename 'contact create' to 'contact add'
tests: avoid returning an already used ID in randomXid()
Karolin Seeger (10):
VERSION: Bump version to 4.14.0pre1...
WHATSNEW: Start release notes for Samba 4.14.0pre1.
script/release.sh: Use new GPG key.
python/wscript: python3-asn1 -> python3-pyasn1
WHATSNEW: Add new parameters.
WHATSNEW: Change order.
script/release.sh: always select the GPG key by it's ID
ReleaseKey: add GnuPG key transition statement for the Samba release key
WHATSNEW: Add release notes for Samba 4.14.0rc1.
VERSION: Disable GIT_SNAPSHOT for the 4.14.0rc1 release.
Khem Raj (1):
nsswitch/nsstest.c: Avoid nss function conflicts with glibc nss.h
Laurent Menase (1):
winbind: Fix a memleak
Martin Schwenke (115):
tdb: Fix some signed/unsigned comparisons
util: Fix a signed/unsigned comparison
ctdb-tools: Drop undocumented ONNODE_SSH_OPTS variable
ctdb-tools: Whitespace fixups
ctdb-tools: Allow onnode -P to respect ONNODE_SSH
ctdb-tools: Improve onnode's ShellCheck credibility
ctdb-build: Don't build/install tests in top-level build by default
ctdb-tests: Enable SOCKET_WRAPPER_DIR_ALLOW_ORIG
ctdb-tests: Show hung script debugging output
ctdb-tests: Redirect stderr too when checking for shellcheck
ctdb-tests: Drop unreachable line
ctdb-tests: Update preamble for INTEGRATION tests
ctdb-tests: Use "#!/usr/bin/env bash" for improved portability
ctdb-tests: Make integration.bash pass shellcheck
ctdb-tests: Make unit.sh pass shellcheck
ctdb-tests: Do not trigger ctdb_test_error() from ctdb_init()
ctdb-tests: Separate custom cluster startup from test initialisation
ctdb-tests: Don't bother shutting down daemons in ctdb_init()
ctdb-tests: Drop uses of "onnode any ..." in testcases
ctdb-tests: Improve test portability
ctdb-tests: Improve test quality
ctdb-tests: Improve test portability
ctdb-tests: Improve test quality
ctdb-tests: Improve test portability/quality
ctdb-tests: Stop cat command failure from causing test failure
Revert "ctdb-tests: Stop cat command failure from causing test failure"
Revert "ctdb-tests: Improve test portability/quality"
Revert "ctdb-tests: Improve test quality"
Revert "ctdb-tests: Improve test portability"
Revert "ctdb-tests: Improve test quality"
Revert "ctdb-tests: Improve test portability"
Revert "ctdb-tests: Drop uses of "onnode any ..." in testcases"
Revert "ctdb-tests: Don't bother shutting down daemons in ctdb_init()"
Revert "ctdb-tests: Separate custom cluster startup from test
initialisation"
Revert "ctdb-tests: Do not trigger ctdb_test_error() from ctdb_init()"
Revert "ctdb-tests: Make unit.sh pass shellcheck"
Revert "ctdb-tests: Make integration.bash pass shellcheck"
Revert "ctdb-tests: Use "#!/usr/bin/env bash" for improved portability"
Revert "ctdb-tests: Update preamble for INTEGRATION tests"
Revert "ctdb-tests: Drop unreachable line"
Revert "ctdb-tests: Redirect stderr too when checking for shellcheck"
Revert "ctdb-tests: Show hung script debugging output"
Revert "ctdb-tests: Enable SOCKET_WRAPPER_DIR_ALLOW_ORIG"
Revert "ctdb-build: Don't build/install tests in top-level build by
default"
ctdb-tests: Stop cat command failure from causing test failure
ctdb-build: Don't build/install tests in top-level build by default
ctdb-tests: Enable SOCKET_WRAPPER_DIR_ALLOW_ORIG
ctdb-tests: Show hung script debugging output
ctdb-tests: Redirect stderr too when checking for shellcheck
ctdb-tests: Drop unreachable line
ctdb-tests: Update preamble for INTEGRATION tests
ctdb-tests: Use "#!/usr/bin/env bash" for improved portability
ctdb-tests: Make integration.bash pass shellcheck
ctdb-tests: Make unit.sh pass shellcheck
ctdb-tests: Do not trigger ctdb_test_error() from ctdb_init()
ctdb-tests: Separate custom cluster startup from test initialisation
ctdb-tests: Don't bother shutting down daemons in ctdb_init()
ctdb-tests: Drop uses of "onnode any ..." in testcases
ctdb-tests: Improve test portability
ctdb-tests: Improve test quality
ctdb-tests: Improve test portability
ctdb-tests: Improve test quality
ctdb-tests: Improve test portability/quality
ctdb-recoverd: Drop unused nodemap argument from
update_flags_on_all_nodes()
ctdb-recoverd: Change update_flags_on_all_nodes() to take rec argument
ctdb-recoverd: Introduce some local variables to improve readability
ctdb-recoverd: Use update_flags_on_all_nodes()
ctdb-recoverd: Improve a call to update_flags_on_all_nodes()
ctdb-recoverd: Move ctdb_ctrl_modflags() to ctdb_recoverd.c
ctdb-recoverd: Flatten update_flags_on_all_nodes()
ctdb-recoverd: Do not retrieve nodemap from recovery master
ctdb-recoverd: Correctly find nodemap entry for pnn
ctdb-recoverd: Simplify calculation of new flags
ctdb: Change NAT gateway to use leader/follower
ctdb: Change LVS to use leader/follower
WHATSNEW: Document CTDB NAT gateway and LVS changes
WHATSNEW: Fix description of CTDB NAT gateway and LVS changes
ctdb-scripts: Use nfsconf as a last resort to set NFS_HOSTNAME
ctdb-scripts: Use nfsconf as a last resort get nfsd thread count
ctdb-tools: Drop "ctdb isnotrecmaster" command
WHATSNEW: Document removal of "ctdb isnotrecmaster" command
ctdb-doc: Link to CTDB page in wiki
ctdb-recoverd: Basic cleanups for get_remote_nodemaps()
ctdb-recoverd: Fix a local memory leak
ctdb-recoverd: Change signature of get_remote_nodemaps()
ctdb-recoverd: Move memory allocation into get_remote_nodemaps()
ctdb-recoverd: Add an intermediate state struct for nodemap fetching
ctdb-recoverd: Add fail callback to assign banning credits
ctdb-recoverd: Fix node_pnn check and assignment of nodemap into array
ctdb-recoverd: Change get_remote_nodemaps() to use connected nodes
ctdb-recoverd: Do not fetch the nodemap from the recovery master
ctdb-recoverd: Get remote nodemaps earlier
ctdb-recoverd: Change update_local_flags() to use already retrieved
nodemaps
ctdb-recoverd: Rename update_local_flags() -> update_flags()
ctdb-recoverd: Broadcast takeover run message when verifying IPs
ctdb-tests: Simplify comment in large database recovery test
ctdb-recovery: Remove use of old pull and push controls
ctdb-recovery: Simplify database pull function names
ctdb-recovery: Drop passing of capabilities into database pull
ctdb-recovery: Drop unnecessary database push wrapper
ctdb-recovery: Simplify database push function names
ctdb-client: Drop unused synchronous functions for database pull/push
ctdb-protocol: Drop client functions for old-style database pull/push
ctdb-protocol: Drop marshalling functions for old-style database pull/push
ctdb-daemon: Drop implementation of old-style database pull/push controls
ctdb-recoverd: Drop unnecessary code
ctdb-recoverd: Drop unnecessary and broken code
ctdb-tests: Strengthen node state checking in ctdb disable/enable test
s3:ctdbd_conn: Fix the build on FreeBSD
ctdb-daemon: Clean up socket bind/secure/listen
ctdb-daemon: Clean up call to bind socket
ctdb-daemon: Do not attempt to chown Unix domain socket in test mode
selftest: Drop dummy environment variables for CTDB daemons
bootstrap: Cope with case changes in CentOS 8 repo names
bootstrap: Update distro list in README.md
Mathieu Parent (1):
Fix FTBFS / Increase the over-estimation for sparse files
Matthew DeVore (7):
s3: lib: Fix unneeded relative path in #include.
lib/util: Standardize use of st_[acm]time ns
s3: safe_string: remove unnecessary include
lib/util: do not make string_wrappers.h public
string_wrappers: include replace.h
s3: safe_string: do not include string_wrappers.h
lib/util: remove extra safe_string.h file
Mikhail Novosyolov (5):
s3: fix running genmsg in pure git
s3: update paths in genmsg of pam_winbind
s3: update list of languages in genmsg of pam_winbind
s3: Rerun genmsg to update pam_winbind after 10 years
s3: update Russian translation of pam_winbind
Noel Power (31):
python/samba/tests/blackbox: Fix undetected deltree fail
python/samba/tests:blackbox: Fix local file delete test tree fallback
python/samba/tests/blackbox: Preparatory change to support custom share
add new '--propagate-inheritance' option for smbcacls
doc: describe smbcacls --propagate-inheritance expanding INHERITANCE
section
python/samba/tests/blackbox: python smbcacls '--propagate-inherit' test
s3/utils: If dfs path is an ordinary path then really just return it
s3/utils: restore client share connection after call to sec_desc_parse
python/samba/tests/blackbox: Tests with nested DFS container
s3: libsmb: Cleanup - ensure we initialize all stack variables to 'safe'
values when calling resolve_name_list()
s3: libsmb: Cleanup in resolve_name_list().
s3/libads: Only set result to kdc_str on success
s3/libads: Cleanup() get_kdc_ip_string, free kdc_str on error
s3/libsmb: resolve_name_list don't update out params except for success
s3/libsmb: Cleanup, don't modify out params except on success
s3/libsmb: Cleanup coding in convert_ss2service()
s3: libsmb: Cleanup in get_dc_list()
s3/libsmb: Cleanup parse_node_status() only set out params on success
s3/libsmb: cleanup discover_dc_dns, only set out params on success
s3/libsmb: cleanup discover_dc_dns() Fix potential leak
s3/script/tests: Fix 'Unrecognized option(s) passed to mkpath()' error
selftest: Add a new tarmode shares
s3/script/test: Use different testdir for
samba3.blackbox.smbclient_tarmode
s3/script/tests: Use tarmode share for samba3.blackbox.smbclient_tar*
s3/script: Use smbclient deltree to clean up smbclient_tarmode subdir
s3/script/tests: Fix samba3.blackbox.smbclient_tarmode cleanup
selftest: make samba3.blackbox.smbclient_tar runnable (even manually)
s3/script/tests: Remove make_path (for remote dir)
s3/script/tests: Make smb_client 'die' behaviour configurable
s3/script/tests: call smbclient deltree to remove remote files
selftest: Remove samba3.blackbox.smbclient_tar from flapping tests
Ralph Boehme (310):
smbd: ensure we do a base open for internal stream deletes
smbd: remove unused NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE
smbd: use a helper variable in open_file()
smbd: check for conn->cwd_fsp in file_free()
smbd: check for conn->cwd_fsp in fd_close()
smbd: use (global) POSIX pathname state in non_widelink_open()
smbd: remove a nested block in non_widelink_open()
smbd: remove errno saving from fd_open()
smbd: use helper variable for fd in fd_open()
s3/lib: fsp_str_dbg() doesn't show a possible stream name
smbd: don't mess with smb_dname->base_name in call_trans2findfirst()
smbd: factor out fsp_bind_smb()
smbd: consolidate fsp allocation for open_directory() and
open_file_ntcreate()
smbd: build smb_fname per file to delete in unlink_internals()
smbd: remove get_current_vuid()
lib: relicense smb_strtoul(l) under LGPLv3
lib: fix smb_strtox.[c|h] license header
winbind: directly use dcerpc_binding_handle_is_connected() in
reset_connection_on_error() SAMR code
s3: fix fcntl waf configure check
build: remove smbd_conn private library
vfs: add and use vfs_fake_fd()
vfs_default: realign vfswrap_fgetxattr() args
s4/torture: use unique filename for torture_samba3_hide() test
vfs_fruit: ensure the buffer passed to file_lines_parse() is 0-terminated
smbd: switch caller of fd_openat() to fd_open()
vfs_fruit: use VFS ftruncate function in fruit_ftruncate_rsrc_adouble()
smbd: remove dirfsp arg from mkdir_internal()
smbd: remove dirsp arg from open_directory()
smbd: remove dirfsp arg from create_file_unixpath()
vfs_fruit: avoid using fsp->dirsp
smbd: avoid using dirfsp arg in create_file_default()
smbd: remove fsp->dirfsp
vfs: remove dirfsp arg from SMB_VFS_CREATE_FILE()
vfs_zfsacl: use handle based facl() call to query ZFS filesytem ACL
vfs_zfsacl: README.Coding fix
vfs_zfsacl: use a helper variable in zfs_get_nt_acl_common()
wb_sids2xids: split out wb_sids2xids_next_sids2unix()
vfs: make dirfsp arg to SMB_VFS_READLINKAT() const
smbd: fix order of smb_fname flags and twrp args in unlink_internals()
smbd: fix order of smb_fname flags and twrp args in call_trans2findfirst()
vfs_streams_xattr: only assert AT_FDCWD for streams
vfs_streams_depot: only assert AT_FDCWD for streams
selftest: remove POSIX test from planned tests for ad_dc_ntvfs environ
vfs_default: allow dirfsps in the link VFS functions
smbd: base POSIX semantics in call_trans2findfirst() on
req->posix_pathnames
smbd: let directory entries inherit the smb_fname->flags from the
directory
smbd: base POSIX semantics of call_trans2findfirst() on
SMB_FILENAME_POSIX_PATH flag
smbd: use UCF_POSIX_PATHNAMES flag for path validation logic in
filename_convert_internal()
smbd: remove use of UCF_UNIX_NAME_LOOKUP
smbd: mark UCF_UNIX_NAME_LOOKUP as unused
smbd: split out POSIX info_levels from smbd_do_setfilepathinfo() into own
function
smb: rename NTCREATEX_OPTIONS_PRIVATE_DENY_DOS to NTCREATEX_FLAG_DENY_DOS
smb: rename NTCREATEX_OPTIONS_PRIVATE_DENY_FCB to NTCREATEX_FLAG_DENY_FCB
smb: rename NTCREATEX_OPTIONS_PRIVATE_DELETE_ON_CLOSE to
NTCREATEX_FLAG_DELETE_ON_CLOSE
smb: rename NTCREATEX_OPTIONS_PRIVATE_STREAM_BASEOPEN to
NTCREATEX_FLAG_STREAM_BASEOPEN
smb: update comments on the NTCREATEX_FLAG_* flags
s3: add and use MS-FSCC Codes from 2.4 and 2.5
smbd: add and use SMB2_FILE_FULL_EA_INFORMATION
smbd: add and use SMB2_FILE_ALL_INFORMATION
selftest: remove selftest/knownfail.d/samba3.smbtorture_s3
docs-xml: add "smbd force process locks"
torture: avoid OPLOCK-CANCEL flapping on busy gitlab CI
smbd: use SMB2_INFO_SPECIAL in call_trans2qfilepathinfo()
smbd: replace calls to check_access() with smbd_check_access_rights()
smbd: avoid a smb_fname copy in call_trans2qfilepathinfo()
smbd: avoid a smb_fname copy in call_trans2setfilepathinfo()
s4: rename source4/smbd/ to source4/samba/
vfs_zfsacl: reformatting
vfs_zfsacl: add missing inherited flag on hidden "magic" everyone@ ACE
loadparm: setup debug subsystem setting max_log_size from config
debug: pass struct debug_class *config to reopen_one_log()
debug: pass struct debug_class *config to do_one_check_log_size()
debug: detect logrotation by checking inode number
s4: add samba server tevent trace helper stuff
s4: install tevent tracing hooks to trigger logfile rotation
s4: replace low-level SIGUP handler with a tevent handler
s4: call reopen_logs_internal() in the SIGHUP handler of the prefork
process model
s4/samba: call force_check_log_size() in prefork_reload_after_fork()
s4/samba: call force_check_log_size() in standard_accept_connection()
s4/samba: call force_check_log_size() in standard_new_task()
CI: add samba-no-opath
CI: skip kernel-oplocks tests on older kernels
vfs: add "is_pathref" to struct files_struct
vfs: add "is_fsa" flag to struct files_struct
smbd: add fd_handle.[c|h]
smbd: use fsp_set_fd()
smbd: use fsp_get_io_fd() when accessing a file or it's associated
metadata
smbd: use fsp_get_pathref_fd() as part of DEBUG and syslog messages
smbd: use fsp_get_pathref_fd() when close()ing fds
smbd: use fsp_get_pathref_fd() for *at related directory handles
smbd: use fsp_get_pathref_fd() for "internal" xattr functions
smbd: use fsp_get_pathref_fd() for fstat() calls
smbd: use fsp_get_pathref_fd() for logical fd comparisons
smbd: use fh_[get|set]_pos() and fh_[get|set]_position_information()
smbd: use fh_[get|set]_gen_id()
smbd: use fh_[get|set]_private_options()
smbd: use fh_[get|set]_refcount()
smbd: use fd_handle_create()
smbd: remove redundant initialisation of the fsp fd
vfs: make struct fd_handle private
s3/lib: add proc fds infrastructure
vfs_error_inject: ignore path_ref_fd's
vfs: add struct connection_struct flag "have_proc_fds"
vfs: add fsp flag "have_proc_fds"
vfs_default: fix indentation
vfs_default: initialize conn->have_proc_fds
vfs_default: support pathref fd's in vfswrap_fgetxattr()
vfs_default: support pathref fd's in vfswrap_flistxattr()
vfs_default: support pathref fd's in vfswrap_fremovexattr()
vfs_default: support pathref fd's in vfswrap_fsetxattr()
vfs_fruit: skip Netatalk locking checks for path-ref fd's
vfs_posixacl: support pathref fd's in posixacl_sys_acl_get_fd()
vfs_posixacl: support pathref fd's in posixacl_sys_acl_set_fd()
smbd/posix_acls: support pathref fd's in posix_sys_acl_blob_get_fd()
vfs_default: implement pathref opens in vfswrap_openat()
vfs_ceph: implement pathref opens in cephwrap_openat()
vfs_glusterfs: implement pathref opens with become_root() fallback
s3: add full_path_from_dirfsp_atname()
vfs_shadow_copy2: deal with real dirfsps in shadow_copy2_openat()
smbd: check for pathref fd's in vfs_set_blocking()
smbd: already set fsp fd in non_widelink_open()
smbd: catch O_PATH opens of symlinks in in non_widelink_open()
smbd: pass a dirfsp to fd_open() and rename it to fd_openat()
smbd: pass dirfsp down to non_widelink_open() and process_symlink_open()
smbd: remove unused cwdfsp from non_widelink_open()
smbd: use orig_fsp_name as variable name in non_widelink_open()
smbd: simplify setting and resetting fsp->fsp_name in non_widelink_open()
smbd: deal with real dirfsps in non_widelink_open()
smbd: pass private_flags to open_file()
smbd: maps NT_STATUS_STOPPED_ON_SYMLINK to
NT_STATUS_OBJECT_PATH_NOT_FOUND in open_file()
smbd: convert non_widelink_open() and process_symlink_open() to return
NTSTATUS
smbd: always fstat in non_widelink_open()
smbd: remove SMB_VFS_FSTAT() from open_file()
smbd: add openat_pathref_fsp()
smbd: add smb_fname_fsp_unlink()
smbd: add move_smb_fname_fsp_link()
smbd: maintain correct destructor order in fsp_free()
smbd: use move_smb_fname_fsp_link() in fsp_set_smb_fname()
smbd: README.Coding fixes in file_find_dif()
smbd: reduce indentation in file_find_dif()
smbd: ignore non FSA fsps in file_find_dif()
smbd: add need_fsa arg and logic to file_find_di_(first|next)
smbd: use common exit in filename_convert_internal()
smbd: use open_pathref_fsp() in filename_convert_internal()
s3/libadouble: use openat_pathref_fsp() in ad_convert_xattr()
s3/libadouble: use openat_pathref_fsp() in ad_convert_finderinfo()
s3/libadouble: use openat_pathref_fsp() in ad_unconvert_open_ad()
s3/libadouble: use openat_pathref_fsp() in ad_unconvert_get_streams()
s3/libadouble: use openat_pathref_fsp() in ad_collect_one_stream()
s3/libadouble: use openat_pathref_fsp() in ad_open_rsrc()
s3/libadouble: use openat_pathref_fsp() in
readdir_attr_meta_finderi_stream()
printing: use openat_pathref_fsp() in file_version_is_newer()
printing: use openat_pathref_fsp() in file_version_is_newer()
printing: use openat_pathref_fsp() in get_correct_cversion()
smbd: use openat_pathref_fsp() in get_file_handle_for_metadata()
smbd: use openat_pathref_fsp() in open_streams_for_delete()
smbd: use openat_pathref_fsp() in reply_search()
printing: use openat_pathref_fsp() in driver_unlink_internals()
smbd: use openat_pathref_fsp() rename_internals()
smbd: use openat_pathref_fsp() in copy_file()
smbd: un-const smb_fname in get_posix_fsp()
smbd: use openat_pathref_fsp() in call_trans2findfirst()
smbd: unconst smb_fname arg of all setfileinfo worker functions
smbd: avoid a smb_fname copy in smb_set_file_size()
net: use openat_pathref_fsp() in net_vfs_get_ntacl()
smbd: prevent non-POSIX stat-opens of symlinks in open_file()
smbd: call open_pathref_fsp() in unlink_internals() in wildcard matching
loop
smbd: we DO NEED the low level fd
smbd: replace a stat() with an fstat() in create_file_unixpath()
smbd: reuse smb_fname->fsp in create_file_default()
vfs_xattr_tdb: don't leak the fd into the caller
vfs_fruit: disable fd reopening optimisations for the two special macOS
streams
smbd: optimisation using pathref fd to open real fd if possible
s3/torture: add torture_conn_set_sockopt() wrapper
s3/torture: add POSIX-LS-WILDCARD test
s3/torture: add POSIX-LS-SINGLE test
s3/torture: add POSIX-READLINK test
s3/torture: add POSIX-STAT test
smbd: add vfs_stat()
smbd: use vfs_stat() in dptr_ReadDirName()
smbd: use vfs_stat() in more places
vfs: Add dirfsp arg to SMB_VFS_READDIR()
vfs_default: simplify vfswrap_readdir()
vfs_default: return stat info for symlinks in POSIX context
smbd: use get_dosmode in smbd_dirptr_8_3_mode_fn()
smbd: call open_pathref_fsp() in smbd_dirptr_get_entry()
smbd: factor out smbd_check_access_rights_sd() from
smbd_check_access_rights()
smbd: add smbd_check_access_rights_fsp()
smbd: adjust allocation size check across handles in
smbd_do_qfilepathinfo()
smbd: check for valid FSA fsp in smb_query_posix_acl()
smbd: check for valid FSA fsp in smb_set_posix_acl()
smbd: unconst fsp arg of check_access_fsp()
smbd: deal with non FSA fsps in check_access_fsp()
smbd: check for non FSA fsps in smb_file_rename_information()
smbd: use SMB_VFS_CREATE_FILE() in call_trans2mkdir()
smbd: use pathref fsp in call_trans2qfilepathinfo()
smbd: use pathref fsp in call_trans2setfilepathinfo()
smbd: use check_access_fsp() in set_ea()
smbd: in reply_setatr() pass pathref fsp to smb_set_file_time()
smbd: always use check_access_fsp() in smb_set_file_basic_info()
smbd: always use check_access_fsp() in smb_set_info_standard()
smbd: use fsp in smb_set_file_time()
vfs_gpfs: fix bogus compiler warning
smbd: add fdos_mode()
smbd: use fdos_mode() in smbd_dirptr_lanman2_mode_fn()
smbd: use fdos_mode() in smbd_dirptr_8_3_mode_fn()
smbd: use fdos_mode() in file_set_sparse()
vfstest: use filename_convert() in cmd_utime()
smbd: un-const smb_fname_dst_in arg of rename_internals_fsp()
smbd: drop pathref from smb_fname_dst_in in rename_internals_fsp()
smbd: use fdos_mode() in set_create_timespec_ea()
smbd: use fdos_mode() in vfs_default_durable_reconnect()
smbd: use fdos_mode() in mark_file_modified()
smbd: use fdos_mode() in reply_ntcreate_and_X()
smbd: use fdos_mode() in call_nt_transact_create()
smbd: use fdos_mode() in copy_internals()
smbd: use fdos_mode() in check_base_file_access()
smbd: use fdos_mode() in open_file_ntcreate()
smbd: use fdos_mode() in reply_getatr()
smbd: use fdos_mode() in reply_open()
smbd: use fdos_mode() in reply_open_and_X()
smbd: use fdos_mode() in can_rename()
smbd: use fdos_mode() in do_unlink()
smbd: call rename_open_files() a bit earlier in rename_internals_fsp()
smbd: use SMB_VFS_FSTAT() in rename_internals_fsp()
smbd: README.Coding fixes in rename_internals_fsp()
smbd: use fdos_mode() in rename_internals_fsp()
smbd: use fdos_mode() in copy_file()
smbd: use fdos_mode() in reply_getattrE()
smbd: use fdos_mode() in setup_close_full_information()
smbd: use fdos_mode() in smbd_smb2_create_after_exec()
smbd: use fdos_mode() in call_trans2open()
smbd: use fdos_mode() in smbd_do_qfilepathinfo()
smbd: pass fsp to smb_set_file_dosmode()
smbd: use fdos_mode() in smb_set_file_dosmode()
smbd: use fdos_mode() in smb_set_file_disposition_info()
smbd: use fdos_mode() in dos_mode_at_vfs_get_dosmode_done()
smbd: use fdos_mode() in tsmsm_set_dos_attributes()
smbd: use fdos_mode() in tsmsm_fset_dos_attributes()
smbd: RIP dos_mode()
smbd: use SMB_VFS_FGET_DOS_ATTRIBUTES() in open_file_ntcreate()
vfs: add and use fget_ea_dos_attribute()
vfs: RIP SMB_VFS_GET_DOS_ATTRIBUTES()
smbd: remove unused get_ea_dos_attribute()
vfs: SMB_VFS_GET_COMPRESSION() -> SMB_VFS_FGET_COMPRESSION()
smbd: mark fsp as valid FSA fsp after Durable Handle reconnect succeeded
smbd: remove fd_close() from open_directory()
vfs: add acl type arg to SMB_VFS_SYS_ACL_SET_FD()
posixacl_xattr: add support for SMB_ACL_TYPE_DEFAULT in
posixacl_xattr_acl_set_fd()
vfs_aixacl: use passed in ACL type in aixacl_sys_acl_set_fd()
vfs_aixacl2: use ACL type in aixjfs2_sys_acl_set_fd()
vfs_fake_acls: add support for SMB_ACL_TYPE_DEFAULT in
fake_acls_sys_acl_set_fd()
vfs_gpfs: add support for SMB_ACL_TYPE_DEFAULT in gpfsacl_sys_acl_set_fd()
vfs_posixacl: support SMB_ACL_TYPE_DEFAULT in posixacl_sys_acl_set_fd()
vfs_solarisacl: add support for SMB_ACL_TYPE_DEFAULT in
solarisacl_sys_acl_set_fd()
vfs_tru64acl: add support for SMB_ACL_TYPE_DEFAULT to
tru64acl_sys_acl_set_fd()
vfs_vxfs: add support for SMB_ACL_TYPE_DEFAULT in vxfs_sys_acl_set_fd()
vfs_aixacl: handle pathref fsps in aixacl_sys_acl_set_fd()
vfs_aixacl2: handle pathref fsps in aixjfs2_sys_acl_set_fd()
vfs_default: add support for SMB_ACL_TYPE_DEFAULT and pathref fsps in
vfswrap_sys_acl_set_fd()
posix_acls: use SMB_VFS_SYS_ACL_SET_FD() in set_canon_ace_list()
posix_acls: use SMB_VFS_SYS_ACL_SET_FD() in set_unix_posix_default_acl()
pysmbd: use SMB_VFS_SYS_ACL_SET_FD() in set_sys_acl_conn()
smbd: move mode logic out of vfswrap_mkdirat() to the caller
mkdir_internal()
vfs_default: remove assert from vfswrap_mkdirat()
vfs_unityed_media: support real dirfsps in um_mkdirat()
vfs_syncops: support real dirfsps in syncops_mkdirat()
vfs_media_harmony: support real dirfsps in mh_mkdirat()
vfs_xattr_tdb: support real dirfsps in xattr_tdb_mkdirat()
vfs_extd_audit: support real dirfsps in audit_mkdirat()
vfs_audit: support real dirfsps in audit_mkdirat()
vfs_glusterfs: support real dirfsps in vfs_gluster_mkdirat()
vfs_linux_xfs_sgid: support real dirfsps in linux_xfs_sgid_mkdirat()
smbd: check for absolute paths in full_path_from_dirfsp_atname()
vfs_shadow_copy2: support real dirfsps in shadow_copy2_mkdirat()
vfs_full_audit: support real dirfsps in smb_full_audit_mkdirat()
vfs_time_audit: support real dirfsps in smb_time_audit_mkdirat()
smbd: open a pathref fsp on the parent directory
smbd: pass fsp to mkdir_internal()
smbd: after creating a directory, open the fsp as pathref fsp
smbd: use a real dirfsp/atname in mkdir_internal() with SMB_VFS_MKDIRAT()
smbd: use pathref fsp in change_dir_owner_to_parent()
posix_acls: use pathref fsp in copy_access_posix_acl()
vfs: RIP SMB_VFS_SYS_ACL_SET_FILE()
vfs_acl_xattr: reformatting
vfs_acl_common: add and use a function exit label
vfs_acl_common: add an fsp extension when setting ACL
vfs_acl_xattr: avoid removing the ACL xattr
vfs_acl_tdb: avoid deleting the NT ACL from the tdb
vfs_fruit: use "fake_fd" instead of "created"
vfs_fruit: check fake_fd in fruit_pread_meta_stream()
vfs_fruit: fix close for fake_fd
smbd: move S_ISDIR check up a bit in openat_pathref_fsp()
smbd: pass O_DIRECTORY to fd_openat() for directories
vfs_glusterfs: support read dirfsps in vfs_gluster_openat()
s3:smbd: turn assignment into assert check in call_trans2findfirst()
s3:smbd: close pathref fsp in call_trans2findfirst()
s3/rpc_server: add deps of rpc_mdssvc_module
pysmbd: call vfs_stat() in set_sys_acl_conn()
libadouble: call vfs_stat() in ad_convert_xattr()
libadouble: call vfs_stat() in ad_convert_finderinfo()
libadouble: assert valid stat in ad_unconvert_get_streams()
printing: call vfs_stat() in driver_unlink_internals()
smbd: call vfs_stat() in mkdir_internal()
smbd: inherit st_ex_mode to basename from stream name in
create_file_unixpath()
vfs: The New VFS
vfs: update status of SMB_VFS_MKNODAT()
pysmbd: use real dirfsp for SMB_VFS_MKDIRAT()
vfs: update status of SMB_VFS_MKDIRAT()
vfs: directory enumeration is now handle based
Rowland Penny (3):
docs-xml: pam_winbind manpage: grammar and typos
idmap_nss.8.xml: update manpage as discussed on the samba mailing
uptodateness.py: remove what appears to be debugging lines
SATOH Fumiyasu (1):
autobuild: Encode text/plain into base64 to wrap long-lines
Sachin Prabhu (1):
docs-xml/manpages: Add warning about write-behind translator for
vfs_glusterfs
Samuel Cabrero (4):
selftest: Create client directories in a loop
selftest: set pid directory in client's smb.conf
tests: Disable kerberos for weak crypto test
bootstrap: Add OpenSUSE 15.2
Samuel Thibault (1):
ldap_server: fix hurd build
Simo Sorce (1):
Restrict GSSAPI query to the krb5 mechanism
Stefan Metzmacher (130):
s4:torture/smb2: split replay_smb3_specification into durable handle and
multichannel
s4:torture/smb2: make smb2.durable-v2-delay tests more robust
s3:smbd: move exit_firsttime checking to the start of exit_server_common()
s3:smbd: stop accepting multichannel connections early in
exit_server_common()
kdc:db-glue: ignore KRB5_PROG_ETYPE_NOSUPP also for Primary:Kerberos
wafsamba: run SAMBA_GENERATOR('VERSION') with group='setup'
s3:rpc_client: reverse rpccli_{is_connected,set_timeout}() and
rpccli_bh_{is_connected,set_timeout}()
lzxpress: add bounds checking to lzxpress_decompress()
auth:creds: Introduce CRED_SMB_CONF
s3:libsmb: Add encryption support to cli_full_connection_creds*()
idmap_ad: Pass tldap debug messages on to DEBUG()
s3:selftest: also run durable_v2_reconnect_delay_msec in
samba3.blackbox.durable_v2_delay
s3:share_mode_lock: reproduce problem with stale disconnected share mode
entries
s3:share_mode_lock: let share_mode_forall_entries/share_entry_forall
evaluate e.stale first
s3:share_mode_lock: consistently debug share_mode_entry records
s3:share_mode_lock: add missing 'goto done' in
share_mode_cleanup_disconnected()
s3:share_mode_lock: make sure share_mode_cleanup_disconnected() removes
the record
s3:share_mode_lock: remove unused reproducer for bug #14428
python/tests/gpo: this should fix a Popen deadlock
bootstrap: document git push -o ci.variable='SAMBA_CI_REBUILD_IMAGES=yes'
bootstrap: install perl-JSON on on rpm distributions
auth:gensec: Add gensec_security_sasl_names()
s4:ldap_server: Use samba_server_gensec_start() in ldapsrv_backend_Init()
auth:gensec: Make gensec_use_kerberos_mechs() a static function
auth:gensec: Pass use_kerberos and keep_schannel to
gensec_use_kerberos_mechs()
auth:gensec: If Kerberos is required, keep schannel for machine account
auth
lib/replace: move lib/replace/closefrom.c from ROKEN_HOSTCC_SOURCE to
REPLACE_HOSTCC_SOURCE
CVE-2020-1472(ZeroLogon): libcli/auth: add
netlogon_creds_random_challenge()
CVE-2020-1472(ZeroLogon): s4:torture/rpc: make use of
netlogon_creds_random_challenge()
CVE-2020-1472(ZeroLogon): libcli/auth: make use of
netlogon_creds_random_challenge() in netlogon_creds_cli.c
CVE-2020-1472(ZeroLogon): s3:rpc_server:netlogon: make use of
netlogon_creds_random_challenge()
CVE-2020-1472(ZeroLogon): s4:rpc_server:netlogon: make use of
netlogon_creds_random_challenge()
CVE-2020-1472(ZeroLogon): libcli/auth: add
netlogon_creds_is_random_challenge() to avoid weak values
CVE-2020-1472(ZeroLogon): libcli/auth: reject weak client challenges in
netlogon_creds_server_init()
CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: protect
netr_ServerPasswordSet2 against unencrypted passwords
CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: refactor
dcesrv_netr_creds_server_step_check()
CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: support "server require
schannel:WORKSTATION$ = no"
CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: log warnings about
unsecure configurations
CVE-2020-1472(ZeroLogon): docs-xml: document 'server require
schannel:COMPUTERACCOUNT'
python/tests: add DynamicTestCase setUpDynamicTestCases() infrastructure
s4:dsdb:tests: add AclVisibiltyTests
s4:dsdb:acl_read: introduce aclread_check_object_visible() helper
s4:dsdb:acl_read: fully set up 'struct aclread_context' before the search
base acl check
s4:dsdb:acl_read: make use of aclread_check_object_visible() for the
search base
s4:dsdb:acl_read: defer LDB_ERR_NO_SUCH_OBJECT
s4:dsdb:util: add dsdb_do_list_object() helper
s4:dsdb:acl_read: Implement "List Object" mode feature
winbind.idl: rename wbint_TransID.type to wbint_TransID.type_hint
s3:passdb: use ID_TYPE_* instead of WBC_ID_TYPE_*
test_idmap_tdb_common: correctly initialize the idmap domain with an init
function
winbindd/idmap: apply const to struct idmap_methods pointers
winbindd/idmap: apply const to struct nss_info_methods pointers
wb_queryuser: avoid idmap_child() and use idmap_child_handle() instead
wb_xids2sids: avoid idmap_child() and use idmap_child_handle() instead
wb_sids2xids: avoid idmap_child() and use idmap_child_handle() instead
winbindd: add and use idmap_child_pid()
winbindd: add and use is_idmap_child()
winbindd: add generic wb_parent_idmap_setup_send/recv() helpers
wb_xids2sids: make use of the new wb_parent_idmap_setup_send/recv()
helpers
wb_sids2xids: call wb_parent_idmap_setup_send/recv as the first step
wb_queryuser: explain why wb_parent_idmap_setup_send/recv is not needed
winbindd: assert wb_parent_idmap_setup_send/recv() was called before
idmap_child_handle()
winbindd: defer the setup_child() from init_idmap_child()
wb_sids2xids: maintain struct wbint_TransIDArray all_ids as cache
wb_sids2xids: rename 'non_cached' to 'lookup_sids'
wb_sids2xids: move more checks to wb_sids2xids_next_sids2unix()
wb_sids2xids: inline wb_sids2xids_extract_for_domain_index() into
wb_sids2xids_next_sids2unix()
wb_sids2xids: refactor wb_sids2xids_done() a bit
wb_sids2xids: change 'i' to 'li' in wb_sids2xids_lookupsids_done()
wb_sids2xids: directly use state->all_ids to collect results
wb_sids2xids: fill cache as soon as possible
wb_sids2xids: build state->idmap_doms based on wb_parent_idmap_config
winbindd: allow idmap backends to mark entries with
ID_[TYPE_WB_]REQUIRE_TYPE
wb_sids2xids: defer/skip wb_lookupsids* unless we get
ID_TYPE_WB_REQUIRE_TYPE
librpc/dcesrv_core: move two rpcint_dispatch() copies into
dcesrv_call_dispatch_local()
librpc/dcesrv_core: make use of dcerpc_fault_to_nt_status() in
dcesrv_call_dispatch_local()
librpc/dcesrv_core: assert that dcesrv_call_dispatch_local() never gets
async.
librpc/dcesrv_core: let dcesrv_call_dispatch_local() call
context->iface->reply()
testprogs/blackbox: make sure subunit.sh always terminates DETAILS with
'\n]\n'
SambaToolCmdTest: let assertCmdSuccess() escape ']\n' lines
selftest/subunithelper: only let ']\n' lines to terminate
selftest/subunithelper: also output as much of unterminated DETAILS
waf: upgrade to 2.0.21
WHATSNEW.txt: fix version to 4.14
s3/wscript: remove unused check for F_NOTIFY
s3/wscript: only check for F_SETLEASE being available at compile time
s3:smbd: remove unused fallback defines in oplock_linux.c
s4:torture:smb2: remove unused fallback defines in oplock.c
wafsamba: move clang_compilation_database usage behind an
--enable-clangdb option
autobuild.py: use --enable-clangdb for the "samba-ctdb" task
libcli/smb: add smbXcli_conn_send_queue()
s3:pylibsmb: PyErr_NTSTATUS_IS_ERR_RAISE => PyErr_NTSTATUS_NOT_OK_RAISE
s3:pylibsmb: add echo() support
s3:pylibsmb: add notify() support
s3:pylibsmb: remove unused SECINFO_DEFAULT_FLAGS
libsmb_samba_internal: don't send SECINFO_[UN]PROTECTED_{S,D}ACL by
default
libsmb_samba_internal: calculate the access_mask for {g,s}et_acl() based
on the secinfo flags
python/ntacls.py: let SMBHelper.get_acl() use the default values of
self.smb_conn.get_acl()
Happy New Year 2021!
s4:torture/fruit: avoid sleep(10000000); if write_stream() fails
s3:smbd: add vfs_fake_fd_close() helper
vfs_fruit: make use of vfs_fake_fd_close()
vfs_streams_xattr: make use of vfs_fake_fd_close()
s3:smbd: rearrange move_smb_fname_fsp_link a bit
s3:smbd: let fsp_smb_fname_link() set both sides of the link
s3:smbd: let fsp_set_smb_fname() always link fsp to fsp->fsp_name->fsp
s3:smbd: split out a fsp_attach_smb_fname() helper function
s3:smbd: let openat_pathref_fsp() allocate fsp->fsp_name directly on fsp
s3:smbd: let openat_pathref_fsp() make use of fsp_attach_smb_fname()
s3:smbd: let open_pathref_base_fsp() make use of smb_fname_fsp_unlink()
s3:smbd: let open_directory() also use fd_open_atomic() as
reopen_from_procfd() fallback
s3:smbd: don't pass an unused smb_fname to reopen_from_procfd()
s3:smbd: introduce a reopen_from_fsp() helper function
s3:smbd: make sure openat_pathref_fsp() calls fd_close(fsp->base_fsp);
s3:smbd: let call_trans2findfirst() use file_free() instead of fsp_free()
s3:smbd: let vfs_default_durable_reconnect() use file_free()
s3:smbd: make fsp_free() static, it should only ever be called by
file_free()
s3:smbd: split out create_internal_fsp() from create_internal_dirfsp()
s3:smbd: fix the error cleanup in create_file_unixpath()
s3:smbd: remove duplicate assignment of base_fsp in create_file_unixpath()
s3:smbd: add fsp_set_base_fsp() helper
s3:smbd: make use of fsp_set_base_fsp() when changing fsp->base_fsp
s3:smbd: make sure a SHUTDOWN_CLOSE applies to a stream fsp before its
base fsp
s3:smbd: allow close_file() with a non-fsa fsp for {SHUTDOWN,ERROR}_CLOSE
s3:smbd: simplify the error handling in create_file_unixpath()
libcli/smb: Change some checks to SMB_ASSERTS
libcli/smb: split out smb2cli_ioctl_parse_buffer()
s4:torture/smb2: add samba3.smb2.ioctl.bug14607
smbd: implement FSCTL_SMBTORTURE_IOCTL_RESPONSE_BODY_PADDING8 as
reproducer for bug 14607
libcli/smb: allow unexpected padding in SMB2 IOCTL responses
Volker Lendecke (319):
libcli/ldap: Test decoding an exop response
libcli/ldap: Fix decoding struct ldap_ExtendedResponse
torture3: Silence two signed/unsigned warnings
torture3: Align integer types
winbind: Add test for lookuprids cache problem
winbind: Fix lookuprids cache problem
libcli/ldap: Fix CID 1465278 Resource leak
libcli/ldap: Fix CID 1462696 Resource leak
libcli/ldap: Fix CID 1462695 Resource leak
libsmb: Fix CID 1465656 Resource leak
libsmb: Fix CID 1465860 Control flow issues (DEADCODE)
ldap_server: Avoid talloc_memdup() for ldap_decode()
ldap_server: Do an early TALLOC_FREE()
lib: Move send_keepalive() to smbd/smb1_utils.c
lib: Move read_udp_v4_socket() to nmbd
lib: Remove unused open_udp_socket()
lib: Remove unused client_addr()
lib: Remove unused client_socket_addr()
lib: Align integer types in same_net()
lib: Remove unused client_socket_port()
lib: Move get_socket_port() to its only consumer
test: Fix a typo
auth_log_test: Fix a typo
gensec: Fix a typo
torture: Fix a typo
torture: Fix a typo
torture: Align a few integer types
ldap_server: Fix a typo
Fix a comment typo copied around
tests: Fix typos
auth: Fix a typo
torture: Add subunit output to ldap.basic test
torture: Pass DN and password to ldap.basic test
torture: Inline test_bind_simple()
torture: Fix ldap.basic multibind test
build: Wrap a long line
torture: Test ldap session expiry
ldap_server: Add the krb5 expiry to conn->limits
ldap_server: Terminate LDAP connections on krb ticket expiry
tldap: Only free() ld->pending if "req" is part of it
tldap: Fix tldap_msg_received()
tldap: Always remove ourselves from ld->pending at cleanup time
tldap: Maintain the ldap read request in tldap_context
tldap: Centralize connection rundown on error
tldap: Make sure all requests are cancelled on rundown
tldap: Add PRINTF_ATTRIBUTE declaration to tldap_debug()
test: Test winbind idmap_ad ticket expiry behaviour
tldap: Receiving "msgid == 0" means the connection is dead
tests: Make sure that idmap_ad retrieves unix nss attributes
libsmb: Use direct struct initialization
libsmb: README.Coding for resolve_hosts()
libsmb: Protect against rogue getaddrinfo result
libsmb: Use talloc_realloc() correctly in resolve_hosts()
libsmb: Fix CID 1467087: Resource leaks
smbd: Propagate reload-config message to all worker smbds
libsmb: Make cli_list() prototype more descriptive
libsmb: Make cli_smb2_list() prototype more descriptive
smbd: Align integer types in gid_in_use()
smbd: process.c does not need libsmb.h
spoolss: Align some integer types
spoolss: Align some integer types
lib: Remove an optimization in string_replace()
smbclient: Remove the "abort_mget" variable
smbclient: Slightly simplify do_mget()
test3: Add a test showing that smbclient recursive mget is broken
smbclient: Fix recursive mget
libads: Improve a debug message
libads: Improve a debug message
libcli: Remove a pointless if-expression
libcli: Don't leave a pointer uninitialized
vfs: Fix a typo
torture3: Fix a cut&paste error in a printf message
vfs: Fix a typo
smbd: Use ISDOT/ISDOTDOT instead of strcmp
vfs_fruit: Fix typos
lib: Avoid a use of includes.h
libcli: Align some integer types
mdssvc: Slightly simplify dalloc_size()
librpc: Add GUID_to_ndr_buf()
librpc: Use GUID_to_ndr_buf() in GUID_to_ndr_blob()
libcli: Use GUID_to_ndr_buf() in ldap_encode_ndr_GUID()
smbd: Use GUID_to_ndr_buf() in smbXsrv_client_global_id_to_key()
smbd: Use GUID_to_ndr_buf() in fsctl_validate_neg_info()
libcli: Use GUID_to_ndr_buf() in smbcli_push_guid()
libcli: Use GUID_to_ndr_buf() in smb2_create_send()
libcli: Use GUID_to_ndr_buf() in smbXcli_negprot_smb2_subreq()
libcli: Use GUID_to_ndr_buf() in smb2cli_validate_negotiate_info_send()
test: Use the smb2-based deny2 test in clusteredmember_smb1
test: Lift clusteredmember_smb1 to use smb2
test: Get the clusteredmember environment out of its smb1 corner
smbd: Fix a typo
libsmb: Fix a typo
smbd: Remove an unused anonymous struct definition
notifyd: Modernize DBG statements
smbd: Modernize DBG statements in notify_msg.c
libcli: Align integer types
smbcacls: Use ISDOT[DOT] instead of strequal
smbcacls: Use direct struct initialization
libsmb: Use "struct" in self-references
libsmb: Use ZERO_STRUCTP
libsmb: Use a direct struct initialization to avoid a memset
libsmb: Fix a typo
includes: nt_printing.h does not need client.h
libsmb: Factor out cli_conn_have_dfs() from cli_resolve_path()
libsmb: Simplify cli_resolve_path()
lib: Add tevent_req_received() to messaging_filtered_read_recv()
lib: Fix includes for messages.h
notify: Remove an unused structure definition
notifyd: Fix a typo
notifyd: Factor out notifyd_parse_entry() into its own file
notifyd: Factor out notify_walk() into its own file
notifyd: Add fcn_wait_send()/recv()
test: Add a first unit test for notifyd
test: Check that notifyd messages actually change the database
CVE-2020-14323 winbind: Fix invalid lookupsids DoS
CVE-2020-14323 torture4: Add a simple test for invalid lookup_sids
winbind call
libsmb: Improve wording of a comment in cli_smb2_list
libsmb: Fix a typo
libreplace: Compare a pointer against NULL, not 0
smbd: Align two integer types
libsmb: Fix a signed/unsigned warning
torture: Show that recursive ls across dfs is broken
smbclient: Move variable declarations closer to their use
smbclient: Wrap a few long lines
smbclient: Introduce struct do_list_helper_state
smbclient: Add "mask" to do_list_helper_state
smbclient: Fix recursive "ls" across DFS links
libsmb: Remove "mntpoint" argument from cli_list() callback
libsmb: Remove "mntpoint" argument from cli_list_trans() callback
libsmb: Remove cli_state->dfs_mountpoint
lib: Move generate_unique_u64_state into generate_unique_u64()
locking: Remove an unused anonymous struct reference
smbd: Use ISDOT[DOT] in can_delete_directory_fsp()
lib: Fix a signed/unsigned warning
lib: Fix a theoretical out-of-bounds write
lib: Slightly optimize smb_fname_str_dbg()
vfs_error_inject: Align integer types
auth: Align an integer type
passdb: Align integer types
smbd: Align integer types
smbd: Give locking/share_mode_lock.c its own header file
smbd: Move share_mode_cleanup_disonnected() to scavenger.c
smbd: Move "struct share_mode_lock" to share_mode_lock.h
locking: Make share_mode_watch_send() take "share_mode_lock"
smbd: Move setting d->modified=true to reset_share_mode_entry()
locking: Add share_mode_changed_write_time() accessor function
smbd: Use share_mode_changed_write_time() in durable_disconnect()
smbd: Use share_mode_changed_write_time() in smbd/close.c
locking: Add share_mode_filename() accessor function
smbstatus: Use share_mode_filename()
smbd: Use share_mode_filename() in scavenger.c
smbd: Avoid share_mode_lock dereference in scavenger
locking: Add share_mode_servicepath() accessor function
smbd: Use share_mode_servicepath() in scavenger.c
net_tdb: Slightly restructure net_tdb_locking()
net_tdb: Use share_mode_servicepath()
net_tdb: Use share_mode_filename()
locking: Add share_mode_data_dump() accessor function
net_tdb: Use share_mode_data_dump()
smbd: Don't set share_mode_lock modified in grant_new_fsp_lease()
smbd: Remove a variable used just once
smbd: Avoid references to share_mode_data->id
locking: move share_mode_flags_[gs]et to share_mode_lock.c
locking: hide share_mode_lock definition
pylibsmb: Add a compatible python-level wrapper
pylibsmb: Move deltree to python code
pylibsmb: Merge unlink_file() into its only caller
pylibsmb: Merge remove_dir() into its only caller
pylibsmb: Export a few SMB constants
torture3: cli_query_security_descriptor() does smb2 as well
libsmb: Make cli_query_security_descriptor() async
libsmb: Remove unused sync cli_smb2_query_security_descriptor()
pylibsmb: Add get_sd()
pylibsmb: Move get_acl() to python
torture3: cli_set_security_descriptor() does smb2 as well
libsmb: Make cli_set_security_descriptor() async
libsmb: Remove unused sync cli_smb2_set_security_descriptor()
pylibsmb: Add set_sd()
pylibsmb: Move set_acl() to python
libsmb: Make get_fnum_from_path() async
libsmb: Make cli_smb2_rename async
libsmb: Make cli_rename_send()/_recv() a proper tevent_req engine
libsmb: Make cli_rename_send()/recv() smb2-capable
libsmb: Remove unused sync cli_smb2_rename()
libsmb: Make cli_smb2_list() asynchronous
libsmb: Convert cli_list_recv() to single-recv
libsmb: Prepare cli_list_send()/recv() for single-issue subreqs
libsmb: Use async cli_smb2_list_send() in cli_list_send()
pylibsmb: Remove SMB2 special case for cli_list()
libsmb: Remove unused sync cli_smb2_list()
pylibsmb: Remove unused py_cli_state->is_smb1
pylibsmb: Multi-threaded use is now possible with SMB2
build: fcvt() and fcvtl() are not used
lib: Remove unused security_descriptor_append()
lib: g_lock.h references "struct server_id", add #include
libsmb: Make cli_nt_pipes_close() static
tests: Factor out prep_creds()
pylibsmb: Add rename()
tests: SMB2 rename fails to check del-on-close on dst dir
smbd: Fix failure to check dstdir for delete on close
dsgetdcname: Fix talloc hierarchy
loadparm: Simplify lp_get_async_dns_timeout()
docs: Fix "async dns timeout" manpage entry
libcli: Align a few integer types
librpc: Fix a talloc_stackframe() leak
librpc: Make ep_register a bit easier to understand
librpc: talloc_stackframe() panics on failure
libcli: Align integer types
winbind: Align integer types
libsmb: Fix a typo
libsmb: Align integer types
test: smbtorture3's OPLOCK5 test only available with kernel oplocks
samldb: Align two integer types
libsmb: Move a variable closer to its use in internal_resolve_name()
libsmb: Slightly beautify internal_resolve_name()
torture: Align integer types
lib: Change make_file_id_from_itime() prototype
wbinfo: Align some integer types
smbd: Fix the 32-bit build on FreeBSD
test: Fix the FreeBSD build
clitar: Use do_list()'s recursion in clitar.c
lib: Align integer types
clitar: Align integer types
spoolssd: Align integer types
smbd: Align integer types
build: Fix kernel oplock test
smbd: Simplify share_mode_memcache_fetch()
smbd: Simplify open_mode_check()
smbd: Remove unused share_mode_have_entries()
smbd: Simplify share_mode_lock_destructor()
smbd: Remove a comment that was not helpful for me
smbd: Simplify share_mode_entry_do()
smbd: Remove "have_share_modes" from "struct share_mode_data"
lib: Make dnsquery.h #ifdef align to our conventions
libcli: Add required #includes to libcli/dns/dns.h
libcli: Add required #includes to dnsquery.h
build: Wrap a long line
libcli: Add ads_dns_query_srv_send()/recv()
libsmb: Use ads_dns_query_srv() in resolve_ads()
libsmb: No need to call dns_lookup_list_async() in resolve_ads()
libsmb: Use ads_dns_query_srv() in discover_dc_dns()
libsmb: No need to call dns_lookup_list_async() in discover_dc_dns()
net: Add "sitename" support to "net lookup ldap"
net: Use ads_dns_query_srv() in net_lookup_ldap()
net: Use dns_rr_srv->ss_s in "net lookup ldap"
test: test site-aware DC lookup via "net lookup ldap"
libsmb: Remove unused dns_lookup_list_async()
libsmb: Remove unused ads_dns_query_* routines
auth: Reformat a comment
auth: Fix a typo
dsdb: Fix comment wording
dsdb: Fix a typo
lib: Add "hex_byte()" to replace.h
tdb: Use hex_byte() in read_data()
tdb: Use hex_byte() in parse_hex()
ldb: Use hex_byte() in ldb_binary_decode()
lib: Use hex_byte() in rfc1738_unescape()
lib: Use hex_byte() in ucs2hex_pull()
ctdb: Use hex_byte() in hex_to_data()
libsmb: Use hex_byte() in urldecode_talloc()
lib: give global_contexts.c its own header file
librpc: Fix an error path memleak
lib: Make pfh_daemon_config take a const default config
rpc_server: Make default prefork configs const
lib: Fix error path memleaks in prefork_create_pool()
lib: Initialize pointers in server_prefork.c
passdb: Fix a typo
s3: Remove "developer.c" module
lib: Move sockaddr_storage_to_samba_sockaddr() to lib/
lib: Add samba_sockaddr_[gs]et_port()
rpc_server: Factor out dcesrv_open_ncacn_ip_tcp_sockets()
rpc_server: Use dcesrv_open_ncacn_ip_tcp_sockets() in
dcesrv_setup_ncacn_ip_tcp_sockets()
rpc_server: Lift logic to fill in pf_listen_fd one level
rpc_server: Lift ph_listen_fd logic one level
rpc_server: Add dcesrv_create_endpoint_list_fd_listen_fds()
rpc_servers: Fix crash with many interfaces
rpc_servers: Remove unused variables
librpc: Use GUID_buf_string in dcerpc_binding_string()
smbd: Slightly simplify smbd_smb2_create_send()
lib: Move ucs2_align() to 'charset' subsystem
lib: Simplify "weird" charset code
build: Move weird.c and charset_macosxfs.c to ICONV_WRAPPER
lib: Avoid all_string_sub() in smb_panic()
build: Make smb_panic() available as a subsystem of its own
lib: Move utf16_len[_n]() to lib/util/charset/
auth4: Use global_sid_System
auth4: Use global_sid_Anonymous
rpc_server: Fix a typo
rpc_server: Move a variable closer to its use
rpc_server: Avoid a pointless ZERO_STRUCTP
rpc_server: Fix an error path memleak
epmapper3: Fix a typo
epmapper3: Fix a DEBUG message
rpc_client: Error from rpc_pipe_open_ncalrpc() for path overflow
rpc_client: Fix an error path memleak in rpc_pipe_open_ncalrpc()
rpc_client: Use common "goto fail" for all error cases
rpc_client: Simplify rpc_pipe_open_ncalrpc()
librpc: Align a few integer types
librpc: gen_ndr/dcerpc.h references DATA_BLOB
lib: lib/param/param.h references TALLOC_CTX
lib: Remove using talloc_stack from lib/util/charset/
lib: Avoid "includes.h" in lib/util/charset/
lib: Fix 'charset' dependencies
tdb: Fix CID 1471761 String not null terminated
vfs_fruit: Fix CID 1471760 Dereference null return value
vfs_fruit: Fix CID 1471764 Dereference null return value
rpc_server: Simplify find_policy_by_hnd_internal()
rpc_server: Use make_base_pipes_struct() in dcesrv_ncacn_accept_step2()
rpc_server: Use make_base_pipes_struct() in
make_internal_rpc_pipe_socketpair()
rpc_server: Remove unused make_server_pipes_struct()
tsocket: Fix a few typos
rpc_server: Make dcerpc_ncacn_accept() take tsocket_address **
lib: Fix typos
lib: Initialize variables in prefork_listen_accept_handler()
rpc_server: Direct pointer initialization in dcesrv_ncacn_np_accept_done()
rpc_server: Move setting ip-based socket options
rpc_server: Add dcesrv_setup_ncacn_listener()
rpc_server: Use dcesrv_setup_ncacn_listener() in
dcesrv_setup_endpoint_sockets()
rpc_server: Remove protocol-specific dcerpc_setup_ routines
Yvan Masson (1):
Fix small typo in manpage
-----------------------------------------------------------------------
--
Samba Shared Repository
