The annotated tag, tevent-0.11.0 has been created at c5fbc95ad68ce740ecab2fdec991d92bd58523ce (tag) tagging de4e8a1af9564f6056f9af90867c2f013449051c (commit) replaces samba-4.14.0rc1 tagged by Stefan Metzmacher on Thu Jul 8 09:44:13 2021 +0200
- Log ----------------------------------------------------------------- tevent: tag release tevent-0.11.0 -----BEGIN PGP SIGNATURE----- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAmDmrM0ACgkQR5ORYRMI QCXVVQgAs4EPvAqzBL1A2uPi3p6gN7kug7QooKMSyUipfmvowFnN30ZKvnMPafNL nUrpS586lC2l4SUmhFid9sCjYjb3bJIR//U5j72m1L3BDyVpHWHQM7IUskLsUqni vCC1QTtU9JNxMpm40hylIwu5/xW+oU8mFdqmfZX8QVx6pz54qkuBwLUdla/V6oFU u+RjRQb7/AWfqylWLfCS4XalK8QbiDhW9W3rU14wIZ1PDKV/dsZ8cBYKOs5k1LHR BRj+CwrcHzKtGkWnRSOO5taMftblomJ5BtHpyAs+uNpEcVr8bwvO5zYartk+agSV OmrWQPeSFsGZPz6SxuHYs3hFSHt2uQ== =ApYL -----END PGP SIGNATURE----- Amitay Isaacs (4): ctdb-locking: Pass additional arguments to debug locks script ctdb-utils: Add tdb_mutex_check utility ctdb-scripts: Add lock debugging for tdb mutex locks torture: Fix build on freebsd, missing deps on cmdline Andreas Schneider (304): s4:gensec: Fix overflow issues in switch statement lib:ldb: Add missing break in switch statement s3:lib: Add missing break in switch statement s3:printing: Add missing break in switch statement s4:rpc_server: Add missing break in switch statement s3:rpcclient: Add missing break in switch statement s3:smbd: Add missing break in switch statement s4:ntvfs: Add missing break in switch statement s4:registry: Add missing break in switch statement s4:registry: Mark fall through switch statement s3:printing: Correctly mark fall through switch statements libndr: Use better and more clear check for empty flags lib:texpect: Check the format string of err() lib:krb5_wrap: Check the format string of krb5_warnx() s3:libsmb: Use C99 initializer for py_cli_notify_state_methods selftest: Disable detection of ODR violations s3:smbd: Fix invalid memory access in posix_sys_acl_blob_get_fd() python:subunit: Use UTC timezone from datatime module selftest: Directly import python-iso8601 selftest: Add support for python-dateutil >= 2.7.1 selftest: Fix libasan preload s4:kdc:mit: Fix heap-use-after-free lib:util: Add basic memcache unit test lib:util: Add cache oversize test for memcache lib:util: Avoid free'ing our own pointer s3:testparm: Warn about 'server schannel = no' s3:param: Fix segfault trying to add pcap printer without a [printers] share s3:netapi: Implement public libnetapi_get_(username|password) functions s3:netapi: Use public getters in remote_machine example s3:netapi: Use public getters in getjoinableous example s3:netapi: Make 'struct libnetapi_ctx' opaque s3:netapi: Remove unused ctx->krb5_cc_env s3:netapi: Add a cli_credentials pointer to struct libnetapi_ctx s3:netapi: Fill also cli_credentials with netapi setters s3:netapi: Get username/password from cli_credentials in netapi.c s3:netapi: Get username/password from cli_credentials in joindomain.c s3:netapi: Use public functions for username/password s3:netapi: Remove username from 'struct libnetapi_ctx' s3:netapi: Remove password from 'struct libnetapi_ctx' s3:netapi: Remove workgroup from 'struct libnetapi_ctx' s3:netapi: Remove use_kerberos from struct libnetapi_ctx s3:netapi: Remove use_ccache from 'struct libnetapi_ctx' s4:lib:cmdline: Rename cli_credentials_set_cmdline_callbacks() auth:creds: Add command line function for standard password callback auth:creds: Use our own cli_credentials_set_cmdline_callbacks() s3:netapi: Get rid of set_cmdline_auth_info_*() s3:netapi: Add libnetapi_set_creds() auth:creds: Don't include credentials_internal.h twice auth:creds: Free the uname pointer in cli_credentials_parse_string() s3:libnetapi: Remove unused header file s3:utils: Fix net_context_creds() with machine password s3:utils: Use libnetapi_set_creds() in net_rpc s3:utils: Use libnetapi_set_creds() in net_rpc_shell s3:utils: Use libnetapi_set_creds() in net_dom s3:passdb: Add secrets_store_creds() s3:utils: Use secrets_store_creds() in net utility s3:utils: The 'net ads keytab' commands should use machine credentials selftest: Allow to set the 'log level' for clients s3:auth: Use cli_credentials_init_server() s4:ldap_server: Use cli_credentials_init_server() s4:ntvfs: Use cli_credentials_init_server() s4:ntvfs: Use cli_credentials_init_server() s4:rpc_server: Use cli_credentials_init_server() s4:torture: Use cli_credentials_init_server() waf: Check correctly if gnutls has been compiled with fips mode support s3:script: Remove findsmb from default installation lib:texpect: Do not link against nsl lib:util: Remove NIS support from string_match() s3:lib: Remove NIS support from substitute s3:smbd: Remove NIS support lib:replace: Remove NIS support docs-xml: Update documentation for removal of NIS support lib:ldb: Change page size of guidindexpackv1.ldb lib:replace: Fix resource leak in os2_delete test lib:replace: Fix a memleak in test_strdup() lib:replace: Fix a memleak in test_strndup() lib:replace: Fix memory leak in test_asprintf() lib:replace: Fix possible resource leaks in test_closefrom() lib:replace: Fix a posible double free s3:utils: Link py_net only against needed cmdline_contexts library file_server: Add a missing no memory check file_server: Pass the 'samba' daemon config file to smbd s4:winbind: Add a missing no memory check s3:winbind: Pass the 'samba' daemon config file to winbindd selftest: Specify /dev/null as the smbd config file docs-xml: Use 'desired' and 'required' for option 'client signing' docs-xml: Use 'desired' and 'required' for option 'client ipc signing' tests: Use ldbsearch '--scope instead of '-s' testprogs: Use --suppress-prompt instead of -s for testparm tests: Use --configfile instead of -s s3:tests: Check for 'Client started' in the log lib:param: Add 'client use kerberos' config parameter selftest: Check the return code of setup_namespaces() s4:rpc_server: Set Kerberos to desired auth:creds: Add obtained arg to cli_credentials_set_kerberos_state() auth:creds:tests: Add test for cli_credentials_set_kerberos_state() lib:param: Add 'client protection' config option auth:creds: Use 'client protection' option for smb sign and encrypt defaults auth:creds: Add obtained arg to cli_credentials_set_gensec_features() auth:creds:tests: Add test for cli_credentials_set_gensec_features() auth:creds: Add cli_credentials_get_username_and_obtained() auth:creds:tests: Add test for cli_credentials_get_username_and_obtained() auth:creds: Add cli_credentials_get_password_and_obtained() auth:creds:tests: Add test for cli_credentials_get_password_and_obtained() lib:cmdline: Add initial code for new cmdline option parser lib:cmdline: Add client credentials lib:cmdline: Add callback for loading the config file lib:cmdline: Parse cmdline options with popt lib:cmdline: Implement legacy kerberos options lib:cmdline: Set kerberos=required for --use-krb5-ccache=CCACHE lib:cmdline: Add samba_cmdline_burn() lib:cmdline: Add sanity check for options docs-xml: Add doc entities for the options of the new cmdline parser WHATSNEW: Document removal of NIS support s3:nmbd: Migrate nmbd to new cmdline option parser s3:smbd: Migrate smbd to new cmdline option parser s3:winbind: Migrate winbindd to new cmdline option parser lib:util: Add debug_get_log_type() function s3: Remove --log-stdout from daemons docs-xml: Update nmbd manpage for new cmdline opition parser docs-xml: Update smbd manpage for new cmdline opition parser docs-xml: Update winbindd manpage for new cmdline opition parser s4:samba: Pass a talloc memory context to binary_smbd_main() s4:samba: Migrate samba daemon to new cmdline option parser docs-xml: Update samba.8 manpage for new cmdline opition parser s3:utils: Tell users that workgroup/realm is required for ADS mode s3:winbind: For 'security = ADS' require realm/workgroup to be set s3:winbindd: Simplfy sequence number caching s3:winbindd: Do not call backends sequence number code s3:winbindd: Remove obsolete sequence_number callback from msrpc backend s3:winbindd: Remove obsolete sequence_number callback from samr backend s3:winbindd: Remove obsolete sequence_number callback from ads backend s3:winbindd: Remove unused rpc_sequence_number() lib:cmdline: Improve error message for duplicate options lib:cmdline: Rename to cmdline_sanity_checker lib:cmdline: Also set logfilebase for -l|--log-basename lib:cmdline: We need to always set a log file lib:cmdline: Align integer types lib:replace: Do not build strndup test with gcc 11 or newer bootstrap: Remove libnsl as we dropped NIS support bootstrap: Add Fedora 34 CI runner selftest: Also add SERVER_LOG_LEVEL support for s3 targets selftest: Pass down the machine account name to provision_ad_member selftest: Add ad_member_offline_logon env selftest: Turn on offline logon for ad_member_offline_logon selftest: Add skip_wait to check_or_start selftest: Set winbind offline in ad_member_offline_logon target testprogs: Add test for offline logon support autobuild: Add ad_member_offline_logon s3:winbind: Remove global variable for winbindd_offline_state s3:winbind: Code cleanup for initialize_winbindd_cache() lib:util: Fix return value of tdb_fetch_uint32_byblob() lib:cmdline: Fix setting 'log file' from smb.conf selftest: Rename offline logon env to ad_member_offlogon s3:client: Migrate smbclient to new cmdline option parser s3:client: Remove duplicate name-resolv (R) options s3:client: Use samba_popt_get_context() docs-xml: Update smbclient manpage for new cmdline opition parser testprogs: Add more smbclient kerberos tests for new cmdline options s3:rpcclient: Pass cli_credentials to do_cmd() s3:rpcclient: Pass cli_credentials to process_cmd() s3:rpcclient: Migrate rpcclient to new cmdline option parser docs-xml: Update rpcclient manpage for new cmdline opition parser testprogs: Rename test_rpc_getusername_legacy() testprogs: Add additional rpcclient tests for new cmdline options lib:cmdline: Add a debug only option lib:cmdline: Add SAMBA_CMDLINE_CONFIG_NONE s3:param: Migrate test_lp_load to new cmdline option parser s3:lib: Migrate smbconftort to new cmdline option parser s3:rpc_server: Migrate test_mdsparser_es to new cmdline option parser s3:torture: Migrate vfstest to new cmdline option parser docs-xml: Update vfstest manpage for new cmdline opition parser s3:torture: Migrate pdbtest to new cmdline option parser s3:utils: Migrate tevent_glib_tracker to new cmdline option parser s3:smbd: Initialize command for spools printer control gitlab-ci: Install devel files for tracker-sparql (spotlight backend) s3:utils: Migrate profiles to new cmdline option parser docs-xml: Update profiles manpage for new cmdline opition parser s3:utils: Migrate dbwrap_tool to new cmdline option parser docs-xml: Update dbwrap_tool manpage for new cmdline opition parser s3:utils: Remove duplicate '-R' option from nmblookup s3:utils: Migrate nmblookup to new cmdline option parser docs-xml: Update nmblookup manpage for new cmdline opition parser lib:cmdline: Add a --option only parser for testparm s3:utils: Migrate testparm to new cmdline option parser docs-xml: Update testparm manpage for new cmdline opition parser s3:utils: Migrate mdfind to new cmdline option parser docs-xml: Update mdfind manpage for new cmdline opition parser lib:cmdline: Add a --configfile only parser for ntlm_auth s3:utils: Migrate ntlm_auth to new cmdline option parser docs-xml: Update ntlm_auth manpage for new cmdline opition parser s3:utils: Migrate smbstatus to new cmdline option parser docs-xml: Update smbstatus manpage for new cmdline opition parser s3:utils: Migrate dbwrap_torture to new cmdline option parser s3:utils: Migrate smbcontrol to new cmdline option parser docs-xml: Update smbcontrol manpage for new cmdline opition parser s3:utils: Migrate spilt_tokens to new cmdline option parser s3:utils: Remove '-V' for '--viewsddl' from sharesec s3:utils: Migrate sharesec to new cmdline option parser docs-xml: Update sharesec manpage for new cmdline opition parser s3:utils: Migrate pdbedit to the new cmdline option parser docs-xml: Update pdbedit manpage for new cmdline opition parser s3:utils: Pass cli_credentials to connect_one() s3:utils: Use cli_credentials in 'struct cacl_callback_state' s3:utils: Migrate smbcacls to new cmdline option parser docs-xml: Update smbcacls manpage for new cmdline opition parser s3:utils: Migrate samba-regedit to new cmdline option parser docs-xml: Update samba-regedit manpage for new cmdline opition parser s3:utils: Use samba_cmdline_burn() in smbget s3:utils: Rename --user to --quota-user in smbcquotas s3:utils: Migrate smbcquotas to the new cmdline option parser docs-xml: Update smbcquotas manpage for new cmdline opition parser s3:utils: Migrate smbtree to new cmdline option parser docs-xml: Update smbtree manpage for new cmdline opition parser examples: Pass cli_credentials to connect_one in smb2mount examples: Migrate smb2mount to new cmdline option parser s3:utils: Remove '-l' for '--long' from net s3:utils: Migrate net to new cmdline option parser s3:utils: Add cli_credentials and loadparm_context to net_context s3:utils: Use connection and credentials parser in net util docs-xml: Update net manpage for new cmdline opition parser s3:libsmb: Use cli_credentials to store traversal creds s3:printing: Migrate samba-bgqd to new cmdline option parser s3:lib: Remove popt_samba3 s3:lib: Remove util_cmdline lib:cmdline: Also set logfile for the debug system lib:mscat: Don't use deprecated types s3:tests: Fix the test_smbclient_netbios_aliases s3:smbd: Make sure smb_fname is set and not NULL in dos_mode_post() librpc: Make sure num_protocols is initialized s3:smbd: Remove unnessesary NULL check for fsp s3:smbd: Remove unnessesary NULL check for req s3:tests: Fix passing the configuration to Smbclient_netbios_aliases test selftest: Only set netbios aliases for the ad_member env testprogs: Remove --debuglevel from test_kinit_trusts_mit.sh s4:client: Use a creds helper variable s4:client: Migrate smbclient4 to new cmdline option parser testprogs: Use new kerberos options for smbclient(4) tests s4:client: Migrate cifsdd to new cmdline option parser s4:torture: Remove unused include s4:torture: Write better error on invalid cmdline option s4:torture: For NTLM make sure we have CRED_USE_KERBEROS_DESIRED s4:torture: Pass the pkinit ccache via a torture variable s4:torture: Migrate smbtorture to new cmdline option parser testprogs: Add smbtorture tests with new options s4:torture: Change -U|--user to --user1 and --user2 s4:torture: Migrate gentest to new cmdline option parser s4:torture: Change -U|--user to --user1 and --user2 s4:torture: Migrate locktest to new cmdline option parser s4:torture: Migrate masktest to new cmdline option parser lib:ldb: Use C99 initializers for builtin_popt_options[] lib:ldb-samba: Improve calculate_popt_array_length() lib:ldb-samba: Use talloc_zero_array() and use ldb as the mem context lib:ldb-samba: Migrate samba extensions to new cmdline option parser s3:modules: Reduce debug level if file doesn't exists on dfs share python:tests: Fix contact_edit test with system libldb python:tests: Fix user_edit test with system libldb python:tests: Fix group_edit test with system libldb s4:registry: Migrate regshell to new cmdline option parser s4:registry: Migrate regdiff to new cmdline option parser s4:registry: Migrate regtree to new cmdline option parser s4:registry: Migrate regpatch to new cmdline option parser s4:utils: Migrate oLschema2ldif to new cmdline option parser libcli:nbt: Migrate nmblookup4 to new cmdline option parser nsswitch: Migrate wbinfo to new cmdline option parser docs-xml: Update wbinfo.1 manpage for new cmdline opition parser librpc:tools: Remove '-l' which conflicts with '-l|--log-basename' librpc:tools: Migrate ndrdump to new cmdline option parser s4:lib: Remove obsolete popt cmdline parser winexe: Use the new cmdline option parser winexe: Some code cleanup and fixes docs-xml: Update winexe.1 manpage for new cmdline opition parser docs-xml: Use new cmdline entities for traffic_replay.7 manpage python: Streamline option parser of python tools docs-xml: Update samba-tool manpage for option parser changes docs-xml: Remove unused manpage entities lib:cmdline: Improve doxygen documentation WHATSNEW: Improved cmdline user experience lib:ldb-samba: Set log level for ldb tracing to 11 lib:ldb-samba: Use debug level defines docs-xml: Fix description of `winbind use krb5 enterprise principals` docs-xml: Enable `winbind use krb5 enterprise principals` by default docs-xml: Disable `winbind scan trusted domains` by default WHATSNEW: Document changes of trusted domains scanning and enterpise principals auth:creds: Return a bool for cli_credentials_set_conf() auth:creds: Check return code of cli_credentials_set_conf() s3:auth: Check return code of cli_credentials_set_conf() s3:libsmb: Check return code of cli_credentials_set_conf() s3:passdb: Check return code of cli_credentials_set_conf() s3:winbindd: Check return code of cli_credentials_set_conf() s4:auth: Check return code of cli_credentials_set_conf() s4:auth: Check return code of cli_credentials_set_conf() s4:dns:bind_dlz: Check return codes of cli_credentials functions s4:dns_server: Check return code of cli_credentials_set_conf() s4:kpasswd: Check return code of cli_credentials_set_conf() s4:rpc_server: Check return code of cli_credentials_set_conf() auth:creds: Add sanity check for env variables auth:creds: Return bool for cli_credentials_guess() lib:cmdline: Ignore the return code of cli_credentials_guess() auth:creds: Check return code of cli_credentials_guess() s3:libnetapi: Check return code of cli_credentials_guess() s3:libsmb: Check return code of cli_credentials_guess() s4:dsdsb: Check return code of cli_credentials_guess() third_party:cmocka: Fix build when used in lib/tevent Andrew Bartlett (45): selftest: Confirm that we fix any errors on the Deleted Objects container itself dbcheck: Check Deleted Objects and reduce noise in reports about expired tombstones lib/param: Remove unused functions in lib/param/loadparm.c lib/param: Remove lpcfg_volume_label() and only caller in NTVFS file server lib/util: Replace buggy string_sub_talloc() with talloc_string_sub() in lib/util smb.conf: Remove "share backend" option build: Consolidate --with-ntvfs-fileserver into --enable-selftest when building the AD DC build: Consolidate --with-dnsupdate with --with-ads (which implied HAVE_KRB5) build: Notice if flex is missing at configure time auth4: Remove unused auth_unix heimdal_build: Do not use LMDB in Heimdal even if we have it in Samba selftest: Improve test names in kinit test for improved debugging debug: Synchronise "log level" in smb.conf with the code docs: Add missing documentation on dsdb_group_audit and dsdb_group_audit_json docs: Add proper explination on why transactions need to be audited. docs: Further discourage the use of the "event notification" options docs: underline special words in the audit logging part of "log level" in man smb.conf docs: Expand the "log level" docs on audit logging .gitlab-ci.yml and autobuild: Publish the current HTML docs with the code coverage torture: Avoid -Werror=strict-overflow in -O3 coverage build tests: Fix "-Werror=maybe-uninitialized" errors only seen with -O3 and --enable-coverage s3-modules: Fix "-Werror=maybe-uninitialized" errors only seen with -O3 and --enable-coverage .gitlab-ci.yml: Return code coverage reporting for "none" tasks .gitlab-ci.yml: Always build the ubuntu1804-samba-o3 with --enable-coverage heimdal_build: Make HEIMDAL_BINARY be based on HEIMDAL_SUBSYSTEM heimdal: use correct prototype of yyparse() build: Use bison at build time rather than lexyacc.sh to build the embedded heimdal spoolss: Avoid indirection via ndr_get_array_size() selftest: Add test of NDR marshalling from python, starting with wbint libndr: Return error code from ndr_token_peek() librpc: Add const to cookie pointer in ndr_check_array_{size,length} librpc: Use helper function ndr_get_array_size() in ndr_check_array_size() pidl: Avoid leaving array_length NDR tokens around pidl: Avoid leaving array_size NDR tokens around selftest: standardise and shorten winbind socket name dbcheck: check correct RID set attributes when looking for SID conflicts heimdal_build: Rework Heimdal warning handling heimdal_build: Set up new build groups for the Heimdal hostcc components heimdal_build: check for secure_getenv gse_krb5: Provide keytab name in fill_mem_keytab_from_dedicated_keytab() error strings. heimdal_build: Use lib/asn1/rfc2459.opt rather than hard-coded heimdal_build: Improve error and warning handling on old and new compilers python/samba/tests: Remove DCs joined to test samba-tool behaviour testprogs/blackbox: Remove joined dc for ldapcmp selftest: Remove -d10 from test startup Andrew Walker (2): s3:smbd - support streams larger than 64 KiB s3:param:py_param - allocate buffer for nt_name and comment Anubhav Rakshit (3): torture: Add couple of compound related test cases to verify that server should return NTSTATUS of the failed Create for succeeding requests. torture: smbtorture test case to verify Compound related handling torture: add smbtorture testcase "related7" for failure in compound related chain Bernd Kuhls (1): dcesrv_core: fix build Björn Baumbach (10): selftest: fix typos in README files s3:libsmb: fix a typo in a comment s4:dsdb/dirsync: fix a typo in a comment samba-tool user: fix some typos samba-tool user: use remote domain information test: samba-tool user show: Test ';format=[GeneralizedTime,UnixTime,TimeSpec] attributes samba-tool gpo: add missing newline to admxload warning pyldb: fix a typo test samba-tool group listmembers: test listing contacts as group members samba-tool group listmembers: always list objects which can not expire Björn Jacke (4): pam_winbind: improve pam message if minimum password age strikes classicupgrade: treat old never expires value right wscript: use --as-needed only if tested successfully dosmode: retry reading dos attributes as root for unreadable files Christof Schmitt (3): winbind: Only use unixid2sid mapping when module reports ID_MAPPED idmap_rfc2307: Do not return SID from unixids_to_sids on type mismatch idmap_nss: Do not return SID from unixids_to_sids on type mismatch David Disseldorp (1): Bug 9931: change pytalloc source to LGPL David Mulder (100): gpo: Test Group Policy VGP Symlink Policy gpo: Apply Group Policy Symlink Policy from VGP samba-tool: Test gpo manage symlink list command samba-tool: Add a gpo command for listing VGP Symbolic Link Group Policy samba-tool: Test gpo manage symlink add command samba-tool: Add a gpo command for adding VGP Symbolic Link Group Policy samba-tool: Test gpo manage symlink remove command samba-tool: Add a gpo command for removing VGP Symbolic Link Group Policy gpo: Test Group Policy VGP Files Policy gpo: Apply Group Policy Files Policy from VGP samba-tool: Test gpo manage files list command samba-tool: Add a gpo command for listing VGP Files Group Policy samba-tool: Test gpo manage files add command samba-tool: Add a gpo command for adding VGP Files Group Policy samba-tool: Test gpo manage files remove command samba-tool: Add a gpo command for removing VGP Files Group Policy gpo: Test Group Policy OpenSSH for VGP gpo: Apply Group Policy OpenSSH settings from VGP samba-tool: Test gpo manage openssh list command samba-tool: Add a gpo command for listing VGP OpenSSH Group Policy samba-tool: Test gpo manage openssh set command samba-tool: Add a gpo command for setting VGP OpenSSH Group Policy gpo: Test that empty Security sections are removed gpo: Ensure empty Security sections are removed gpo: Test that Security gpext rsop lists only own policies gpo: Security gpext rsop list only own policies gpo: Test that VGP Sudoers policy handles group principals gpo: VGP Sudoers policy must handle group principals samba-tool: Test gpo manage vgp sudoers list command samba-tool: Replace gpo command for listing Sudoers Group Policy samba-tool: Test VGP sudoers add command samba-tool: Replace gpo command for adding Sudoers Group Policy samba-tool: Test gpo manage vgp sudoers remove command samba-tool: Replace gpo command for removing Sudoers Group Policy gpo: Test Group Policy VGP Startup Script Policy gpo: Apply Group Policy Startup Scripts from VGP samba-tool: Test gpo manage script startup list command samba-tool: Add a gpo command for listing VGP Startup Scripts Group Policy samba-tool: Test gpo manage script startup add command samba-tool: Add a gpo command for adding VGP Startup Scripts Group Policy samba-tool: Test gpo manage script startup remove command samba-tool: Add a gpo command for removing VGP Startup Scripts Group Policy gpo: Test to ensure that samba-gpupdate doesn't require ad-dc gpo: Ensure that samba-gpupdate doesn't require ad-dc gpo: Add admxload warning about Windows templates gpo: Improve the samba-gpupdate --rsop output gpo: vgp_openssh_ext create the config dir gpo: Add rsop output for vgp_openssh_ext gpo: Ensure that vgp_sudoers_ext handles missing/dispersed principal names gpo: vgp_sudoers_ext handle missing and dispersed principal names gpo: Don't free talloc pointer held elsewhere gpo: Test Group Policy VGP MOTD Policy gpo: Apply Group Policy MOTD setting from VGP samba-tool: Test gpo manage motd list command samba-tool: Add a gpo command for listing VGP MOTD Group Policy samba-tool: Test gpo manage motd set command samba-tool: Add a gpo command for setting VGP MOTD Group Policy gpo: Test Group Policy VGP Issue Policy gpo: Apply Group Policy Issue setting from VGP samba-tool: Test gpo manage issue list command samba-tool: Add a gpo command for listing VGP Issue Group Policy samba-tool: Test gpo manage issue set command samba-tool: Add a gpo command for setting VGP Issue Group Policy python: Test samdb import samba-tool: Enable pydsdb without ad dc samba-tool: Enable pydns without ad dc python: Disable calls to _dsdb_garbage_collect_tombstones without addc samba-tool: Ensure that gpo manage sudoers handles missing/dispersed principal names samba-tool: gpo manage sudoers handle missing and dispersed principal names samba-gpupdate: Enable the Startup Scripts Extension samba-gpupdate: Test that sysvol paths download in case-insensitive way samba-gpupdate: Check sysvol download paths in case-insensitive way gpo: Test Group Policy Host Access Configuration for VGP gpo: Apply Group Policy Host Access configuration from VGP samba-tool: Test gpo manage access list command samba-tool: Add a gpo command for listing VGP Host Access Group Policy samba-tool: Test gpo manage access add command samba-tool: Add a gpo command for adding VGP Host Access Group Policy samba-tool: Test gpo manage access remove command samba-tool: Add a gpo command for removing VGP Host Access Group Policy gpo: Open ssh config to write bytes s3: Add s3 net python bindings python: Test s3 net join and leave python: glue function for detecting if selftest is enabled samba-tool: Use s3 net join for member join gpo: Correct name of files gpo gpo: Add GNOME Settings ADMX templates gpo: Test Group Policy GNOME Setting gpo: Apply Group Policy GNOME Settings samba-tool: gpo admxload mkdir -p samba-tool: Enable samba-tool without ad dc (but with ads) samba-tool: Disable AD DC options in samba-tool domain dns: Enable dnsserver_common install when not ad dc samba-tool: Ensure commands don't crash without ad-dc samdb: Create user in wellknown user container samdb: Create group in wellknown user container samdb: Create computer in wellknown user container samba-tool: Demote computer to wellknown container samba-tool: Provision search DnsAdmins from wellknown container samba-tool: dbcheck search DnsAdmins from wellknown container Derek Lambert (1): sambadns: Create BINDDNS_DIR/dns.keytab link to PRIVATE_DIR/dns.keytab on DC join Dmytro Bagrii (1): lib:util: Fix log level for normal startup message Douglas Bagnall (169): selftest/gdb_backtrace: add an off switch pytest:segfault: avoid gdb_backtrace on knownfail selftest: preforkrestartdc doesn't need gdb-backtraces pytest/segfaults: drop a useless line pytest/segfault: fix the rpc.echo test ldb: remove some 'if PY3's in tests ldb_match: trailing chunk must match end of string ldb: add tests for ldb_wildcard_compare ldb_match: remove redundant check ldb: dn tests use cmocka print functions util: don't mark impure functions as pure util:str_sub: talloc_free on error ldb: correct comments in attrib_handers val_to_int64 autobuild: fuzz: correctly spell AFL build option fuzz/afl main: don't treat fuzzer as fuzzee fuzz:afl main: add a diagnostic message fuzz: add a LLVMFuzzerInitialize() to all fuzzers fuzz:afl main: run the initialisation function ldb.h: remove undefined async_ctx function signatures pdb_samba_dsdb: remove #if 0 block ldb/test/ldb_tdb: correct introductory comments ldb: improve comments for ldb_module_connect_backend() knownfail: remove python[23] lines selftest/flapping: remove python[23] lines py/provision: remove unused variable, thence import py/provision: provision_become_dc(): remove unused arguments py bindings: write 'bytes', not 'PY_DESC_PY3_BYTES' py3compat: remove obsolete comments kcc: use py3 compatible sort in rarely visited branch pytests: dns_base: remove a py2 compat thing samba-tool: domain tombstones expunge reminds on semi-noop py.join: remove unused untested get_naming_master CVE-2021-20277 ldb tests: ldb_match tests with extra spaces CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds CVE-2020-27840: pytests:segfault: add ldb.Dn validate test CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode CVE-2020-27840: pytests: move Dn.validate test to ldb dns common: always check a talloc NULL. dns: add common dns_timestamp util functions pydns: expose dns timestamp utils to python, and test dns: use unix_to_dns_timestamp almost everywhere dsdb/scavange dns: reserve NTTIME type for NTTIME values dsdb/dns scavange: make a helper function static pytest/dns: remove redundant argument pytest/dns: use self.assertIn() and .assertNotIn() pytest/dnsserver: extend record_type_int to all types librpc/idl: dnsp tombstone timestamp name matches MS-DNSP rpc/idl dnsserver s/DNS_RPC_DATA/DNS_RPC_RECORD_DATA/ ldb-samba: avoid leak in dsdb_match_for_dns_to_tombstone_time ldb-samba: avoid VLA in dsdb match dns tombstone ldb-samba: remove redundant negative check ldb: fix ldb_comparison_fold off-by-one overrun ldb/attrib_handler casefold: simplify space dropping pydns: rename s/CNameRecord/CNAMERecord/ for consistency py/dnsserver: replace obsolete comments with useful ones py/provision/sambadns: rename CNameRecord -> CNAMERecord py/provision/sambadns: Add a comment about DNS types py/dnsserver: remove workaround of fixed bug py/dnsserver: add .from_string() methods py/dnsserver: add record_from_string helper function py/dnsserver add flag from string function pytest/dcerpcdnsserver: use record_from_string helper pytest/dcerpc/dnsserver.py: use dnsserver.flag_from_string pytests/dns: import dnsserver.TXTRecord directly pytests/dns: use dnsserver.record_from_string samba-tool dns: use dnsserver.record_from_string samba-tool dns: use dnsserver.flag_from_string() pytests/dns_forwarder: remove unused import samba-tool: add dns zoneoptions for aging control python: remove all 'from __future__ import print_function' python: remove all 'from __future__ import division' python/hostconfig: remove 'from __future__ import absolute_import' python: remove 'from __future__ import unicode_literals' dlz torture: update to supported DLZ API dlz: do not build for Bind 9.8 or 9.9 dlz: remove support for ancient binds samba-tool dns: move dns_record_match to dnsserver.py samba-tool dns: remove unused imports pytest:samba-tool dns: more robust clean-up samba-tool dns zoneoptions: timestamp manipulation options samba-tool domain: improve error message when `patch` fails python: remove obsolete samba_external directory s3:pylibsmb: avoid small leaks in cli_notify_get_changes s3:pylibsmb: improve return types (false => NULL) idl: two comment typos in two lines samba-tool dns zoneoptions --help improvement samba-tool: stick to the point with --version selftest/gdb_backtrace: remove duplicate assignment. dlz_bind9: remove redundant logging in b9_record_match() dns: merge dlz/internal dns_records_match() dns common: dns_records_match() matches tombstones dns_record_match: drop pretense of HINFO support dlz: remove pretense of HINFO support dns: merge dns_records_match and dns_record_match pydns: expose dns_records_match() as dsdb_dns.records.match() pytest:dns_base: make_txt_update can set arbitrary TTL py: samba.dnsserver: add helper for record buffers pytests: add dns_aging, embracing and extending ageing tests torture: talloc_string_sub tests for utf-8 brevity util/iconv: reject improperly packed UTF-8 util/charset: warn loudly on unexpected E2BIG pytests: dns_aging get informative assertions pytest: adjust dns_aging to handle some non-TXT records pytest: add A and AAAA aging tests pytest: dns_aging: use assert_timestamps_equal() widely pytest: dns_aging: remind developers to use fl2003 pytest: dns_aging: correct typo mis-assertions in 2 tests pytest: dns_aging: add helper for DNS delete updates pytest: dns_aging: helper to get non-tombstoned records pytest: dns_aging: remove/fix unused helper functions pytest: dns_aging tests deletions using DNS update pytest: dns_aging: try queries of recently tombstoned nodes pytest: dns_aging: add Samba-specific scavenging test pytest: dns_aging: remove a test that fails on Windows pytest dns_aging: test tombstone timestamp ranges dns scavenging: tombstone deletion uses correct time units dns scavenging: correctly set tombstome timestamp dns scavenging: avoid a small memory leak dns scavenging: avoid another small memory leak dns scavenging: avoid setting same flags twice dns scavenging: ensure usual ownership of element values dns scavenging: avoid passing blobs dns scavenging: simplify copy_current_records dns scavenging: avoid useless copy of msg dns scavenging: tighten lifetime of filtered records dns scavenging: log tombstone inconsistency dns scavenging: avoid leak in dns_tombstone_records dns scavenging: ensure tombstoned node has one record dns scavenging: add an explanatory comment dsdb periodic: DNS: split aging from tombstone deletion python dns: dns_record_match() matches IPv6 semantically pytest: dns_aging: test RPC updates of disparate types pytest: dns_aging: test delete multiple records pytest: samba-tool dns: allow valid updates pytest: samba-tool dns: allow identical updates pytest dns_aging: add simple delete tests pytest dns_aging: add sibling tests pytest: dns_aging: fix two tests (bad arithmetic) pytest dns_aging: add windows_variation pytest: dns_aging sibling test fails on windows pytest: dns_aging: do not insist on non-aging timestamp updates pytest samba-tool dns: avoid testing update of '.' PTR pytest segfaults: add a couple more failing tests pytest/dns_forwarder: remove unused function and imports pytest: dcerpc/dnsserver: fix tombstone test rpc:dnsserver: split off record rank setting logic rpc:dnsserver: allow update replacing with similar record rpc dnsserver: updates reset more than timestamp rpc dnsserver: set the record rank rpc dnsserver: improve handling of serial numbers rpc/dnsserver: check talloc_strndup return dlz_bind9: fix a copy-pasted comment dlz_bind9: insert missing words into error message dns update: emit warnings upon unexpected occurrances dnsserver/update: add a few comments py/dnsserver: TXTRecord copes with single strings dnsserver_common: comments about record sorting dns_common_replace: do logging in needs_add case dns_common_replace: comment in needs_add case s4/dns_common_replace: add comments about tombstones dns_server: free old zones when reloading ldb-samba: dns tombstone matching: constrict value length pydns: fix a comment in replace_by_dn() samba-tool: dns update rejects malformed addresses dns_common_replace: do not leak dns update: zero flags and reserved fuzz: fix multiple comment headers fuzz: add fuzz_parse_lpq_entry printing: avoid crash in LPRng_time Garming Sam (4): join: provision_fill does not return anything perf_tests: Implicit string concatenation upgradeprovision: Remove duplicate key netcmd: Incorrect arguments to Exception constructor Gary Lockyer (6): s3 lib system: Fix clang compilation error s3 lib system: Change signature of sys_proc_fd_path nsswitch pam_winbind: Fix clang compilation error libcli smb smb2: Use correct enumeration type tests python krb5: MS-KILE client principal look-up lib:ldb: Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream Gordon Ross (1): Fix sigsegv in check_stream in smbtorture smb2.streams.io Günther Deschner (2): Fix gcc11 compiler issue "-Werror=maybe-uninitialized" Fix gcc11 compiler issue "-Werror=stringop-overflow=" Jelmer Vernooij (1): Suggest running './configure' rather than 'waf configure'. Jeremy Allison (470): VFS: cap: Fixup cap_mknodat() to cope with translating dirfsp path. VFS: full_audit: Fixup smb_full_audit_mknodat() to log the dirfsp path. VFS: media_harmony: Fixup mh_mknodat() to correctly use the dirfsp path. VFS: shadow_copy2: Fixup shadow_copy2_mknodat() to correctly use the dirfsp path. VFS: syncops: Fixup all uses of the SYNCOPS_NEXT_SMB_FNAME macro to correctly use the dirfsp path. VFS: time_audit: Fixup smb_time_audit_mknodat() to log the dirfsp path. VFS: unityed_media: Fix um_mkdirat() to correctly look at the full pathname. VFS: unityed_media: Fixup um_mknodat() to correctly use the dirfsp path. smbd: In conn_force_tdis_done() when forcing a connection closed force a full reload of services. VFS: cap: Fixup cap_symlinkat() to cope with translating dirfsp path. VFS: full_audit: Fixup smb_full_audit_symlinkat() to log the dirfsp path. VFS: media_harmony: Fixup mh_symlinkat() to correctly use the dirfsp path. VFS: shadow_copy2: Fixup shadow_copy2_symlinkat() to correctly use the dirfsp path. VFS: syncops: SMB_VFS_SYMLINKAT only changes one directory so we can use the SYNCOPS_NEXT_SMB_FNAME macro directly. VFS: time_audit: Fixup smb_time_audit_symlinkat() to log the dirfsp path. VFS: unityed_media: Fixup um_symlinkat() to correctly use the dirfsp path. s3: smbd: Add missing lock free and file close in error path. s3: tests: Add regression test for bug 13992. s3: libsmb: Ensure we disconnect the temporary SMB1 tcon pointer on failure to set up encryption. s3: smbtorture3: Ensure we *always* replace the saved saved_tcon even in an error condition. s3: smbtorture3: Ensure run_tcon_test() always replaces any saved tcon and shuts down correctly even in error paths. s3: torture: Change the SMB1-only UID-REGRESSION-TEST to do an explicit copy of the tcon struct in use. s3: libsmb: cli_state_save_tcon(). Don't deepcopy tcon struct when temporarily swapping out a connection on a cli_state. Revert "VFS: shadow_copy2: Fixup shadow_copy2_symlinkat() to correctly use the dirfsp path." Revert "VFS: shadow_copy2: Fixup shadow_copy2_mknodat() to correctly use the dirfsp path." s3: VFS: cap: Fix cap_linkat() to cope with real directory fsps. s3: VFS: ceph: Fix cephwrap_linkat() to cope with real directory fsps. s3: VFS: gluster: Fix vfs_gluster_linkat() to cope with real directory fsps. s3: VFS: full_audit: Fix smb_full_audit_linkat() to cope with real directory fsps. s3: VFS: media_harmony: Fix mh_linkat() to cope with real directory fsps. s3: VFS: time_audit: Fix smb_time_audit_linkat() to cope with real directory fsps. s3: VFS: unityed_media: Fix um_linkat() to cope with real directory fsps. s3: VFS: syncops: Fix syncops_linkat() to cope with real directory fsps. s3: smbd: Centralize error exits to an 'out' label in hardlink_internals(). s3: smbd: Change hardlink_internals() to use a real directory fsp for SMB_VFS_LINKAT(). vfs: update status of SMB_VFS_LINKAT() s3: VFS: expand_msdfs: Since we moved to SMB_VFS_READ_DFS_PATHAT() this module has looked at the wrong function. s3: VFS: cap: Fix cap_readlinkat() to cope with real directory fsps. s3: VFS: ceph: Fix cephwrap_readlinkat() to cope with real directory fsps. s3: VFS: ceph_snapshots: Fix ceph_snap_gmt_readlinkat() to cope with real directory fsps. s3: VFS: full_audit: Fix smb_full_audit_readlinkat() to cope with real directory fsps. s3: VFS: glusterfs: Fix vfs_gluster_readlinkat() to cope with real directory fsps. s3: VFS: media_harmony: Fix mh_readlinkat() to cope with real directory fsps. s3: VFS: shadow_copy2: Fix shadow_copy2_readlinkat() to cope with real directory fsps. 3: VFS: snapper: Fix snapper_gmt_readlinkat() to cope with real directory fsps. s3: VFS: time_audit: Fix smb_time_audit_readlinkat() to cope with real directory fsps. s3: VFS: unityed_media: Fix um_readlinkat() to cope with real directory fsps. s3: smbd: Factor out the SMB1 UNIX extensions read symlink code into a function. s3: smbd: Change smb_unix_read_symlink() to use a real directory fsp for SMB_VFS_READLINKAT(). vfs: update status of SMB_VFS_READLINKAT() VFS: ceph: Ensure cephwrap_flistxattr() only uses an io fd for a handle based call. VFS: ceph: Ensure cephwrap_fsetxattr() only uses an io fd for a handle based call. VFS: glusterfs: Ensure vfs_gluster_flistxattr() only uses an io fd for a handle based call. VFS: glusterfs: Ensure vfs_gluster_fsetxattr() only uses an io fd for a handle based call. s3: VFS: Remove vfs_tru64acl.[c|h] s3: tests: Change logfile for printing expansion tests. s3: Remove last vestiges of Tru64 ACL support (missed in earlier patch). s3: VFS: ceph: cephwrap_create_dfs_pathat() isn't restricted to dirfsp->conn->cwd_fsp anymore. s3: VFS: gluster: vfs_gluster_create_dfs_pathat() isn't restricted to dirfsp->conn->cwd_fsp anymore. s3: VFS: full_audit: Log full pathname as smb_full_audit_create_dfs_pathat() isn't restricted to dirfsp->conn->cwd_fsp anymore. s3: VFS: time_audit: Log full pathname as smb_time_audit_create_dfs_pathat() isn't restricted to dirfsp->conn->cwd_fsp anymore. s3: VFS: default: vfswrap_create_dfs_pathat() isn't restricted to dirfsp->conn->cwd_fsp anymore. s3: vxfs: Remove unused vxfs_listxattr_path(). s3: vxfs: Remove unused vxfs_setxattr_path(). s3: torture: Add a test for setting and getting ACLs on stream handles (SMB2-STREAM-ACL). s3: smbd: Fix SMB_VFS_FGET_NT_ACL/SMB_VFS_FSET_NT_ACL on stream handles. s4: torture. Add smb2.lease.rename_wait test to reproduce regression in delay rename for lease break code. s3: torture: Add an SMB1 POSIX specific test POSIX-SYMLINK-PARENT. s3: smbd: Fix parent_pathref() to cope with symlink parents. VFS: nfs4acl_xattr: Ensure nfs4acl_get_blob() always gets a valid fsp pointer. VFS: nfs4acl_xattr: Ensure remove smb_fname argument from nfs4acl_get_blob(). VFS: nfs4acl_xattr: Change nfs4acl_validate_blob() to use the fsp instead of the name. VFS: ceph: Allow cephwrap_fremovexattr() to cope with pathref fsps. VFS: gluster: Allow vfs_gluster_fremovexattr() to cope with pathref fsps. VFS: fake_acls: Clean up fake_acls_sys_acl_delete_def_file(). lib: adouble: Use FREMOVEXATTR in preference to REMOVEXATTR. VFS: streams_xattr: In streams_xattr_renameat(), change SMB_VFS_REMOVEXATTR() -> SMB_VFS_FREMOVEXATTR(). VFS: posixacl_xattr: In posixacl_xattr_acl_delete_def_file() change SMB_VFS_REMOVEXATTR() -> SMB_VFS_FREMOVEXATTR(). s3: smbd: Change SMB_VFS_REMOVEXATTR -> SMB_VFS_FREMOVEXATTR. s3: torture: Change cmd_removexattr to use SMB_VFS_FREMOVEXATTR(). s3: VFS: vxfs: Remove vxfs_remove_xattr() - no longer called. s3: VFS: xattr_tdb: Remove xattr_tdb_removexattr(). No longer called. s3: VFS: cap: Remove cap_removexattr(). No longer called. s3: VFS: catia: Remove catia_removexattr(). No longer called. s3: VFS: ceph: Remove cephwrap_removexattr(). No longer called. s3: VFS: ceph_snapshots: Remove ceph_snap_gmt_removexattr(). No longer called. s3: VFS: full_audit: Remove smb_full_audit_removexattr(). No longer called. s3: VFS: glusterfs: Remove vfs_gluster_removexattr(). No longer called. s3: VFS: media_harmony: Remove mh_removexattr(). No longer called. s3: VFS: posix_eadb: Remove posix_eadb_removexattr(). No longer called. s3: VFS: shadow_copy2: Remove shadow_copy2_removexattr(). No longer called. s3: VFS: snapper: Remove snapper_gmt_removexattr(). No longer called. s3: VFS: time_audit: Remove smb_time_audit_removexattr(). No longer called. s3: VFS: unityed_media: Remove um_removexattr(). No longer called. VFS: Remove SMB_VFS_REMOVEXATTR, no longer used Update status of SMB_VFS_REMOVEXATTR s3: VFS: streams_xattr: Now we know we will never be doing ACL operations on streams, delete the now unneeded code. s3: torture: Add samba3.smbtorture_s3.plain.POSIX-SYMLINK-CHMOD s3: smbd: Prevent fchmod on a symlink. s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success. s3/modules: VFS: glusterfs: Remove SMB_VFS_STREAMINFO s3: smbd: Allow check_parent_exists() to return the errno from STAT/LSTAT on the parent name. s3: smbd: Remove a STAT/LSTAT call on the parent pathname in a hot code path. build: wscript. Fix the build on FreeBSD with the clang ld.lld-XX linker. s3: VFS: Add SMB_VFS_SYS_ACL_DELETE_DEF_FD(), s3: VFS: aixacl: Add aixacl_sys_acl_delete_def_fd(). s3: VFS: aixacl2: Add aixjfs2_sys_acl_delete_def_fd(). s3: VFS: posixacl_xattr: Add posixacl_xattr_acl_delete_def_fd(). s3: VFS: ceph: Make ceph call posixacl_xattr_acl_delete_def_fd(). s3: VFS: glusterfs: Make gluster call posixacl_xattr_acl_delete_def_fd(). s3: VFS: gpfs: Add gpfsacl_sys_acl_delete_def_fd(). s3: VFS: fake_acls: Add fake_acls_sys_acl_delete_def_fd(). s3: VFS: hpuxacl. Add hpuxacl_sys_acl_delete_def_fd(). s3: VFS: nfs4acl_xattr. Add nfs4acl_xattr_fail__sys_acl_delete_def_fd(). s3: VFS: posixacl: Add posixacl_sys_acl_delete_def_fd(). s3: VFS: solarisacl: Add solarisacl_sys_acl_delete_def_fd(). s3: VFS: zfsacl: Add zfsacl_fail__sys_acl_delete_def_fd(). s3: lib: sysacls: Add sys_acl_delete_def_fd(). s3: VFS: default. In vfswrap_sys_acl_delete_def_file() remove the placeholder code and call sys_acl_delete_def_fd(). s3: smbd: Change SMB_VFS_SYS_ACL_DELETE_DEF_FILE() -> SMB_VFS_SYS_ACL_DELETE_DEF_FD(). s3: torture: cmd_sys_acl_delete_def_file: Move SMB_VFS_SYS_ACL_DELETE_DEF_FILE() -> SMB_VFS_SYS_ACL_DELETE_DEF_FD(). s3: VFS: aixacl: Remove aixacl_sys_acl_delete_def_file(). s3: VFS: aixacl2: Remove aixjfs2_sys_acl_delete_def_file(). s3: VFS: cap: Remove cap_sys_acl_delete_def_file(). s3: VFS: catia: Remove catia_sys_acl_delete_def_file(). s3: VFS: ceph: Remove sys_acl_delete_def_file_fn() pointer. s3: VFS: fake_acls: Remove fake_acls_sys_acl_delete_def_file(). s3: VFS: glusterfs: Remove sys_acl_delete_def_file_fn pointer. s3: VFS: gpfs: Remove gpfsacl_sys_acl_delete_def_file(). s3: VFS: hpuxacl: Remove hpuxacl_sys_acl_delete_def_file(). s3: VFS: media_harmony: Remove mh_sys_acl_delete_def_file(). s3: VFS: nfsacl_xattr: Remove nfs4acl_xattr_fail__sys_acl_delete_def_file(). s3: VFS: solarisacl: Remove solarisacl_sys_acl_delete_def_file(). s3: VFS: unityed_media: Remove um_sys_acl_delete_def_file(). s3: VFS: zfsacl: Remove zfsacl_fail__sys_acl_delete_def_file(). s3: VFS: posixacl: Remove sys_acl_delete_def_file_fn pointer. s3: VFS: posixacl_xattr: Remove posixacl_xattr_acl_delete_def_file(). vfs: RIP SMB_VFS_SYS_ACL_DELETE_DEF_FILE() s3: smbd: Remove all references to utility and backend functions supporting sys_acl_delete_def_file(). s3: VFS: Update status of SMB_VFS_SYS_ACL_DELETE_DEF_FILE() and SMB_VFS_SYS_ACL_DELETE_DEF_FD(). s3: lib: Fix the solaris build. Commit 8d0ea8bafa00 added SMB_ACL_TYPE_T type to solarisacl_sys_acl_set_fd() in the .c file, but not the .h. s3: torture: Add test for bug 14708 - POSIX default ACL not mapped into returned Windows ACL for directory handles. s3: smbd: Ensure POSIX default ACL is mapped into returned Windows ACL for directory handles. s3: smbd: Change set_create_timespec_ea() to take the existing fsp. s3: smbd: Remove use of synthetic_pathref() in rename_internals_fsp(). s3: torture: Add regression test for renaming SMB1+POSIX symlinks, dangling and real. s3: smbd: Allow SMB1+UNIX extensions rename of dangling symlink. s3: smbd: Fix uninitialized memory read in process_symlink_open() when used with vfs_shadow_copy2(). s3: lib: Fix talloc heirarcy error in parent_smb_fname(). s3: VFS: Add SMB_VFS_PARENT_PATHNAME(). s3: VFS: shadow_copy2. Implement SMB_VFS_PARENT_PATHNAME(). s3: VFS: acl_common. parent_smb_fname() -> SMB_VFS_PARENT_PATHNAME(). s3: VFS: error_inject. parent_smb_fname() -> SMB_VFS_PARENT_PATHNAME(). s3: VFS: gpfs. parent_smb_fname() -> SMB_VFS_PARENT_PATHNAME(). s3: VFS: linux_xfs_sgid. parent_smb_fname() -> SMB_VFS_PARENT_PATHNAME(). s3: smbd: In can_delete_file_in_directory(), parent_smb_fname() -> SMB_VFS_PARENT_PATHNAME(). s3: smbd: In parent_pathref(), parent_smb_fname() -> SMB_VFS_PARENT_PATHNAME(). s3: smbd: copy_internals(). parent_smb_fname() -> SMB_VFS_PARENT_PATHNAME(). s3: smbd: In check_parent_access(), parent_smb_fname() -> SMB_VFS_PARENT_PATHNAME(). s3: smbd: open_file_ntcreate(), parent_smb_fname() -> SMB_VFS_PARENT_PATHNAME(). s3: smbd: In inherit_new_acl(), parent_smb_fname() -> SMB_VFS_PARENT_PATHNAME(). s3: smbd: non_widelink_open(), parent_smb_fname() -> SMB_VFS_PARENT_PATHNAME(). s3: smbd: parent_dirname_compatible_open(), parent_smb_fname() -> SMB_VFS_PARENT_PATHNAME(). s3: smbd: check_reduced_name_with_privilege(), parent_smb_fname() -> SMB_VFS_PARENT_PATHNAME(). s3: smbd: check_reduced_name(), parent_smb_fname() -> SMB_VFS_PARENT_PATHNAME(). s3: smbd: Remove parent_smb_fname(), no longer used. s3: smbd: Fix bug (only in master) introduced by 60ddee64f6e6c178766325591e80d63a673ad111. smbd: fix pathref unlinking in create_file_unixpath() s3: VFS: posixacl: Missing acl_free() in error code path. s3: VFS: posixacl: Fix the fallback code in posixacl_sys_acl_set_fd(). s3: VFS: shadow_copy2: Code cleanup. In shadow_copy2_get_shadow_copy_data() preserve errno accross cleanup syscalls. s3: smbd: Cleanup. open_file_ntcreate(). This returns NTSTATUS, don't set errno explicitly internally. s3: smbd: Cleanup. open_file(). This returns NTSTATUS, don't set errno explicitly internally. s3: smbd: Cleanup. open_file(). If SMB_VFS_FSTAT() fails report the error. s3: smbd: Make open_file() fail early for an existing directory we are trying to open. s3: smbd: In open_file(), remove post-open check for opening a directory. s3: smbd: In open_directory() move the call to smbd_check_access_rights() until after the fsp is set up. s3: smbd: Cleanup - fix the comment for dptr_SearchDir(). s3: smbd: Cleanup - make SearchDir() static. s3: smbd: Subtle change to semantics needed for smbd_check_access_rights_fsp(). s3: smbd: Fix smbd_check_access_rights_fsp() to cope with fake/printer fsp's. s3: smbd: smbd_check_access_rights_fsp(), for a symlink handle just check the handle bits. s3: smbd: rmdir_internals(). Coding cleanup. Always use ISDOT(dname) || ISDOTDOT(dname). s3: smbd: rmdir_internals(). Coding cleanup. Move TALLOC_FREE(dir_hnd) into the generic exit path. s3: smbd: rmdir_internals(), when calling synthetic_pathref() for a directory entry we've already stat()'ed, re-use the stat struct. s3: smbd: recursive_rmdir(), when calling synthetic_pathref() for a directory entry we've already stat()'ed, re-use the stat struct. s3: smbd: Remove the NULL fsp use of refuse_symlink(). s3: smbd: Change refuse_symlink() -> refuse_symlink_fsp() s3: smbd: Make refuse_symlink_fsp() public so we can reuse in nttrans.c s3: smbd: Re-use refuse_symlink_fsp() in set/get security descriptors. s3: smbd: In smb_query_posix_acl(), remove a use of SMB_VFS_SYS_ACL_GET_FILE(). s3: VFS: vxfs: Change use of SMB_VFS_SYS_ACL_GET_FILE() -> SMB_VFS_SYS_ACL_GET_FD(). s3: torture: cmd_sys_acl_get_file(), SMB_VFS_SYS_ACL_GET_FILE() -> SMB_VFS_SYS_ACL_GET_FD(). s3: smbd: Ensure we only call get_acl_group_bits() with a valid smb_fname->fsp. s3: smbd: In get_acl_group_bits(), SMB_VFS_SYS_ACL_GET_FILE() -> SMB_VFS_SYS_ACL_GET_FD(). s3: smbd: directory_has_default_posix_acl(), SMB_VFS_SYS_ACL_GET_FILE() -> SMB_VFS_SYS_ACL_GET_FD(). s3: smbd: copy_access_posix_acl(), SMB_VFS_SYS_ACL_GET_FILE() -> SMB_VFS_SYS_ACL_GET_FD(). s3: torture: Change cmd_sys_acl_blob_get_file() to be handle based. s3: smbd: Add check_parent_access_fsp(). s3: smbd: Make mkdir_internal() use check_parent_access_fsp(). s3: smbd: Change rename_internals_fsp() to use check_parent_access_fsp(). s3: smbd: Get a parent pathref in create_file_unixpath(). s3: smbd: Pass in the newly created parent_dir_fname and smb_fname_atname to open_directory(). s3: smbd: Pass parent_dir_fname_in, smb_fname_atname_in to mkdir_internal(). s3: smbd: In mkdir_internal() assign the passed in parent_dir_fname_in, smb_fname_atname_in to the local variables. s3: smbd: In mkdir_internal(), use the passed in 'smb_fname_atname' instead of a local 'base_name' variable. s3: smbd: In mkdir_internal(), remove the local parent_dir_fname. We pass it in from the caller now. s3: smbd: Pass parent_dir_fname_in, smb_fname_atname_in from create_file_unixpath() to open_file_ntcreate(). s3: smbd: In open_file_ntcreate() initialize the local parent_dir_fname from the passed in parent_dir_fname_in. s3: smbd: In open_file_ntcreate(), remove the local parent_dir_fname and rename the passed in parameter to be the same. s3: smbd: Change open_file() to use check_parent_access_fsp() instead of check_parent_access(). s3: smbd: Remove check_parent_access(). s3: Add directory_has_default_acl_fsp(). s3: smbd: Change directory_has_default_acl() -> directory_has_default_acl_fsp(). s3: smbd: Remove directory_has_default_acl(). s3: smbd: Pass parent_dir_fname parameter to inherit_new_acl(). s3: smbd: Inside inherit_new_acl(), change from SMB_VFS_GET_NT_ACL_AT() -> SMB_VFS_FGET_NT_ACL(). s3: smbd: get_nt_acl_conn(), SMB_VFS_GET_NT_ACL_AT() -> SMB_VFS_FGET_NT_ACL() s3: torture: cmd_get_nt_acl(), SMB_VFS_GET_NT_ACL_AT() -> SMB_VFS_FGET_NT_ACL() s3: eventlog: get_nt_acl_no_snum(), SMB_VFS_GET_NT_ACL_AT() -> SMB_VFS_FGET_NT_ACL(). s3: smbd: Add can_write_to_fsp(). Not yet used. s3: smbd: In reply_ntcreate_and_X(), can_write_to_file() -> can_write_to_fsp(). s3: smbd: call_nt_transact_create(), can_write_to_file() -> can_write_to_fsp(). s3: smbd: set_ea_dos_attribute(), can_write_to_file() -> can_write_to_fsp(). s3: smbd: Change acl_group_override() -> acl_group_override_fsp(). s3: smbd: dos_mode_from_sbuf(), can_write_to_file() -> can_write_to_fsp(). s3: smbd: file_set_dosmode(), can_write_to_file() -> can_write_to_fsp(). s3: smbd: file_ntimes(), can_write_to_file() -> can_write_to_fsp(). s3: smbd: reply_setatr(), smbd_check_access_rights() -> smbd_check_access_rights_fsp(). s3: smbd: set_ea_dos_attribute(), smbd_check_access_rights() -> smbd_check_access_rights_fsp(). s3: smbd: Add is_visible_fsp(). s3: smbd: Add user_can_read_fsp(). s3: smbd: Add user_can_write_fsp(). s3: smbd: Change recursive_rmdir(), is_visible_file() -> is_visible_fsp(). s3: smbd: In rmdir_internals(), Change is_visible_file() -> is_visible_fsp(). s3: smbd: Allow rmdir_internals() to cope with veto'ed symlinks. s3: smbd: rmdir_internals(), fix the initial directory scan pass to use is_visible_fsp(). s3: smbd: In unlink_internals(), is_visible_file() -> is_visible_fsp(). s3: smbd: rename_internals(), is_visible_file() -> is_visible_fsp(). s3: smbd: reply_copy(), is_visible_file() -> is_visible_fsp(). s3: smbd: Fix old bug in reply_copy() where is_visible_file(), now is_visible_fsp() wasn't checking VETO files. s3: smbd: is_visible_file() is now static to dir.c. s3: smbd: Allow is_visible_fsp() to cope with POSIX symlinks/MSDFS links. s3: smbd: In can_delete_directory_fsp() explicitly call IS_VETO_PATH(). s3: smbd: In can_delete_directory_fsp(), is_visible_file() -> is_visible_fsp(). s3: smbd: In smbd_dirptr_get_entry(), add an early check for VETO_PATH. s3: smbd: In smbd_dirptr_get_entry() add a call to is_visible_fsp(). s3: smbd: Remove is_visible_file() from dptr_ReadDirName(). s3: smbd: Now all callers of is_visible_fsp() pass 'false' for the use_veto parameter, remove it. s3: smbd: Now smbd_dirptr_get_entry() is doing the filtering, dptr_normal_ReadDirName() is an unneeded wrapper for ReadDirName(). s3: smbd: Remove dptr_normal_ReadDirName(). s3: smbd: Remove is_visible_file(). s3: smbd: Remove user_can_read_file(). s3: smbd: Remove user_can_write_file(). s3: smbd: Remove can_write_to_file(). Pathname call no longer used. s3: VFS: shadow_copy2: In shadow_copy2_get_shadow_copy_data(), check for DIR_LIST access once we already have a handle on the snap directory. s3: VFS: vfs_shadow_copy2: Remove check_access_snapdir(). s3: VFS: ceph_snapshots: In ceph_snap_enum_snapdir(), re-use the directory handle for checking SEC_DIR_LIST permission. s3: VFS: ceph_snapshots: In ceph_snap_gmt_convert_dir(), re-use the directory handle for checking SEC_DIR_LIST permission. s3: smbd: In notify, user_can_stat_name_under_fsp(), smbd_check_access_rights -> smbd_check_access_rights_fsp s3: smbd: open_file(), smbd_check_access_rights() -> smbd_check_access_rights_fsp(). s3: smbd: check_base_file_access(), smbd_check_access_rights() -> smbd_check_access_rights_fsp(). s3: smbd: open_directory(), smbd_check_access_rights() -> smbd_check_access_rights_fsp(). s3: smbd: open_file(), smbd_check_access_rights() -> smbd_check_access_rights_fsp(). s3: smbd: open_file(). Cleanup debug message to refer to correct function. s3: smbd: open_file(). Cleanup debug message to refer to correct function. s3: smbd: open_directory(). Cleanup debug message to refer to correct function. s3: smbd: Add new smbd_calculate_access_mask_fsp() function. s3: smbd: Add smbd_calculate_access_mask_fsp(). s3: smbd: Change check_base_file_access() to take an fsp as the first argument. s3: smbd: smbd_smb2_create_after_exec(), smbd_calculate_access_mask() -> smbd_calculate_access_mask_fsp(). s3: VFS: fruit: fruit_freaddir_attr(), smbd_calculate_access_mask() -> smbd_calculate_access_mask_fsp(). s3: smbd: open_file_ntcreate(), smbd_calculate_access_mask() -> smbd_calculate_access_mask_fsp(). s3: smbd: open_directory(), smbd_calculate_access_mask() -> smbd_calculate_access_mask_fsp(). s3: smbd: open_fake_file(). Move the smbd_calculate_access_mask() check until after we've initialized the file handle. s3: smbd: open_fake_file(), smbd_calculate_access_mask() -> smbd_calculate_access_mask_fsp(). s3: smbd: Remove smbd_calculate_access_mask(). No longer used. s3: smbd: Remove smbd_calculate_maximum_allowed_access(). No longer used. s3: smbd: In can_delete_file_in_directory(), move a fast-path exit to before any pathname manipulation. s3: smbd: In can_delete_file_in_directory(), remove the assertion that dirfsp == conn->cwd_fsp. s3: smbd: In can_delete_file_in_directory(), get a real parent pathref. s3: smbd: can_delete_file_in_directory(), we no longer need to do the SMB_VFS_STAT() call. s3: smbd: can_delete_file_in_directory(), smbd_check_access_rights() -> smbd_check_access_rights_fsp(). s3: smbd: Remove smbd_check_access_rights(). No longer used. s3: smbd: smbd_calculate_maximum_allowed_access_fsp(), add parent dirfsp parameter and pass to can_delete_file_in_directory(). s3: smbd: smbd_calculate_access_mask_fsp(). Add dirfsp parameter. s3: smbd: open_file_ntcreate(). Start passing a real parent dirfsp to smbd_calculate_access_mask_fsp(). s3: smbd: open_directory(). Start passing a real parent dirfsp to smbd_calculate_access_mask_fsp(). s3: smbd: parent_override_delete(). Add dirfsp parameter. s3: smbd: smbd_check_access_rights_sd(). Add dirfsp parameter. s3: smbd: smbd_check_access_rights_fsp(). Add dirfsp parameter. s3: smbd: open_file(). Pass down the real parent_dir->fsp to smbd_check_access_rights_fsp(). s3: smbd: open_directory(). Pass down the real parent_dir->fsp to smbd_check_access_rights_fsp(). s3 VFS: glusterfs: Remove get_nt_acl_at_fn(). s3: VFS: shadow_copy2: Remove shadow_copy2_get_nt_acl_at(). s3: VFS: afsacl: Remove afsacl_get_nt_acl_at(). s3: VFS: aixacl2: Remove aixjfs2_get_nt_acl_at(). s3: VFS: acl_tdb. Remove acl_tdb_get_nt_acl_at(). s3: VFS: acl_tdb: Remove unused get_acl_blob_at(). s3: VFS: acl_xattr: Remove acl_xattr_get_nt_acl_at(). s3: VFS: acl_xattr: Remove unused get_acl_blob_at(). s3: VFS: catia. Remove catia_get_nt_acl_at(). s3: VFS: ceph_snapshots. Remove ceph_snap_gmt_get_nt_acl_at(). s3: VFS: gpfs. Remove gpfsacl_get_nt_acl_at(). s3: VFS: media_harmony. Remove mh_get_nt_acl_at(). s3: VFS: nfs4acl_xattr: Remove nfs4acl_xattr_get_nt_acl_at(). s3: VFS: snapper: Remove snapper_gmt_get_nt_acl_at(). s3: VFS: zfsacl: Remove zfsacl_get_nt_acl_at(). s3: VFS: acl_common: Remove get_nt_acl_common_at(). s3: VFS: acl_common: Remove the pathname-based calls in validate_nt_acl_blob(). s3: VFS: acl_common: Remove the dirfsp parameter from validate_nt_acl_blob(). vfs: RIP SMB_VFS_GET_NT_ACL_AT() s3: VFS: Update status of SMB_VFS_NT_ACL_AT. s3: smbd: Remove posix_get_nt_acl().No longer used. s3: VFS: aixacl: Remove aixacl_sys_acl_get_file(). s3: VFS: aixacl2: Remove aixjfs2_sys_acl_get_file(). s3: VFS: cap: Remove cap_sys_acl_get_file(). s3: VFS: catia: Remove catia_sys_acl_get_file(). s3: VFS: ceph: Remove call to posixacl_xattr_acl_get_file(). s3: VFS: fake_acls: Remove fake_acls_sys_acl_get_file(). s3: VFS: glusterfs: Remove call to posixacl_xattr_acl_get_file(). s3: VFS: gpfs: Remove gpfsacl_sys_acl_get_file(). s3: VFS: hpuxacl: Make hpuxacl_sys_acl_get_file() static. s3: VFS: media_harmony: Remove mh_sys_acl_get_file(). s3: VFS: nfs4acl_xattr: Remove nfs4acl_xattr_fail__sys_acl_get_file(). s3: VFS: solarisacl: Make solarisacl_sys_acl_get_file() static. Still called internally. s3: VFS: unityed_media: Remove um_sys_acl_get_file(). s3: VFS: zfsacl: Remove zfsacl_fail__sys_acl_get_file(). s3: VFS: posixacl: Remove call to posixacl_sys_acl_get_file(). s3: VFS: RIP SMB_VFS_SYS_ACL_GET_FILE() s3: VFS: Update status of SMB_VFS_SYS_ACL_GET_FILE s3: VFS: afsacl: Remove afsacl_sys_acl_blob_get_file(). s3: VFS: aixacl: Remove call to posix_sys_acl_blob_get_file(). s3: VFS: aixaxcl2: Remove aixjfs2_sys_acl_blob_get_file(). s3: VFS: ceph: Remove call to posix_sys_acl_blob_get_file(). s3: VFS: fake_acls: Remove call to posix_sys_acl_blob_get_file(). s3: VFS: glusterfs: Remove call to posix_sys_acl_blob_get_file(). s3: VFS: gpfs: Remove gpfsacl_sys_acl_blob_get_file(). s3: VFS: hpuxacl: Remove call to posix_sys_acl_blob_get_file(). s3: VFS: nfs4acl_xattr: Remove call to nfs4acl_xattr_fail__sys_acl_blob_get_file(). s3: VFS: Remove call to posix_sys_acl_blob_get_file(). s3: VFS: Remove zfsacl_fail__sys_acl_blob_get_file(). s3: VFS: posixacl: Remove call to posix_sys_acl_blob_get_file(). s3: VFS: RIP SMB_VFS_SYS_ACL_BLOB_GET_FILE() s3: VFS: Update status of SMB_VFS_SYS_ACL_BLOB_GET_FILE s3: lib: sysacls: Remove sys_acl_get_file(). No longer used. s3: VFS: posixacl: Remove posixacl_sys_acl_get_file(). s3: VFS: non_posix_acls: Remove non_posix_sys_acl_blob_get_file_helper(). No longer used. s3: lib: sysacls: Add the 'SMB_ACL_TYPE_T type' parameter to sys_acl_set_fd(). s3: VFS: hpuxacl: Fix the funtion signature for hpuxacl_sys_acl_set_fd() s3: VFS: default: Remove the sys_proc_fd_path() fallback code in vfswrap_sys_acl_set_fd(). s3: lib: sysacls: Remove all implementations of sys_acl_set_file(). s3: VFS: posixacl: Remove posixacl_sys_acl_set_file(). s3: VFS: aixacl: Remove aixacl_sys_acl_set_file(). s3: VFS: solarisacl: Remove solarisacl_sys_acl_set_file(). s3: VFS: default: Add proc_fd's fallback for vfswrap_fchown(). smbd: remove more dead code from dos_mode_at_vfs_get_dosmode_done() s3: smbd: Cleanup - Remove #ifdef'ed out load_inherited_info(). s3: smbd: Protect dos_mode_at_send() from running into a symlink. s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in change_file_owner_to_parent() error path. s3: torture: Add POSIX-SYMLINK-GETPATHINFO regression test. s3: torture: Add POSIX-SYMLINK-SETPATHINFO regression test. s3: smbd: Fix smbd crash on dangling symlink with posix connection calling several non-posix info levels. s3: smbd: open_directory(). Cleanup. We don't need 'int flags' here. s3: smbd: Change change_dir_owner_to_parent() -> change_dir_owner_to_parent_fsp(). s3: smbd: change_dir_owner_to_parent_fsp(). Don't re-stat the pathref. s3: smbd: Make change_file_owner_to_parent() static. s3: smbd: Change change_file_owner_to_parent() -> change_file_owner_to_parent_fsp(). s3: smbd: change_file_owner_to_parent_fsp(). Don't re-stat the pathref. s3: smbd: Optimization in non_widelink_open(). Don't need to vfs_ChDir(parent_dir_fname) if parent is "." s3: VFS: Cleanup. Remove SMB_VFS_FSYNC() macro. s3: lib: In adouble_path(), if the parent directory name is ".", don't prepend "./" to the outgoing filename. s3: VFS: syncops. Add 'connection_struct *conn' to syncops_smb_fname(). s3: VFS: Add 'connection_struct *conn' parameter to syncops_two_names(). s3: VFS: syncops: Add 'connection_struct *conn' to syncops_sync_directory(). s3: VFS: syncops: Remove direct system calls and use OpenDir()/smb_vfs_fsync_sync()/TALLOC_FREE() to sync a directory. s3: VFS: syncops: Do early returns in SYNCOPS_NEXT_SMB_FNAME() macro. s3: VFS: syncops. Do early return in syncops_linkat() s3: VFS: syncops. Do early return in syncops_renameat(). s3: smbd: Make copy_internals() public. vfs_crossrename() will be changed to use this. s3: VFS: crossrename. Use real dirfsp for SMB_VFS_RENAMEAT() s3: VFS: audit: Use real dirfsp for SMB_VFS_RENAMEAT() s3: VFS: cap: Use real dirfsp for SMB_VFS_RENAMEAT() s3: VFS: ceph: Use real dirfsp for SMB_VFS_RENAMEAT() s3: VFS: extd_audit: Use real dirfsp for SMB_VFS_RENAMEAT() s3: VFS: full_audit.c: Use real dirfsp for SMB_VFS_RENAMEAT() s3: VFS: glusterfs: Use real dirfsp for SMB_VFS_RENAMEAT() s3: VFS: media_harmony: Use real dirfsp for SMB_VFS_RENAMEAT() s3: VFS: syncops: Use real dirfsp for SMB_VFS_RENAMEAT() s3: VFS: time_audit: Use real dirfsp for SMB_VFS_RENAMEAT() s3: VFS: unityed_media: Use real dirfsp for SMB_VFS_RENAMEAT() s3: VFS: streams_depot: Use real dirfsp for SMB_VFS_RENAMEAT() s3: VFS: streams_xattr: Use real dirfsp for SMB_VFS_RENAMEAT() s3: smbd: Make SMB_VFS_RENAMEAT() a relative call. s3: VFS: Update status of SMB_VFS_RENAMEAT. s3: VFS: posixacl_xattr: Remove posixacl_xattr_acl_get_file(). No longer used. s3: VFS: posixacl_xattr: Remove posixacl_xattr_acl_set_file(). No longer used. s4: torture: Improve error messages in check_stream() and read_stream() to include the filename and NTSTATUS. s3: smbd: In openat_pathref_fsp(), just check we're opening the same file type, not dev and inode. s3: smbd: On startup file_name_hash() can be called with an absolute pathname. s3: smbd: Move the call to fsp_set_fd(conn->cwd_fsp, AT_FDCWD) to just after SMB_VFS_CHDIR(). s3: smbd: get_ea_value(). If we have an fsp, *always* use it for SMB_VFS_FGETXATTR(). s3: smbd: Temporarily add protection to get_ea_value() for fsp==NULL and smb_fname==NULL. s3: modules: acl_xattr: getxattr_do(). Remove the smb_fname parameter. s3: smbd: fload_inherited_info(). Always use SMB_VFS_FGETXATTR(). s3: smbd: get_ea_list_from_fsp(). Make it clear we're using only the fsp by replacing the fsp->fsp_name with NULL. s3: torture: In cmd_getxattr(), SMB_VFS_GETXATTR() -> SMB_VFS_FGETXATTR(). s3: lib: adouble: Protect ad_read_meta() from accidently using a NULL fsp. s3: lib: adouble: Remove ad_set() - Dead code. Not used anywhere. s3: VFS: streams_depot: file_is_valid(), SMB_VFS_GETXATTR() -> SMB_VFS_FGETXATTR(). s3: VFS: fake_acls: In fake_acls_lstat() - remove call to get_full_smb_filename(). s3: VFS: fake_acls: In fake_acls_lstat() - get a pathref on whatever the link points to and use the handle-based functions. s3: VFS: fake_acls: In fake_acls_stat() - remove call to get_full_smb_filename(). s3: VFS: fake_acls: In fake_acls_stat() - if we have a pathref fsp, use it. s3: VFS: fake_acls: In fake_acls_stat() - use openat_pathref_fsp() to always get a pathref fsp. s3: VFS: fake_acls: In fake_acls_stat() - Now we always have a valid fsp, remove the calls to the path-based functions. s3: VFS: fake_acls: Remove unused fake_acls_uid()/fake_acls_gid(). s3: VFS: ceph_snapshots: Add ceph_snap_get_btime_fsp(). s3: VFS: ceph_snapshots: In ceph_snap_fill_label() - pass in dirfsp instead of the raw path. s3: VFS: ceph_snapshots: In ceph_snap_fill_label(), use ceph_snap_get_btime_fsp() instead of ceph_snap_get_btime(). s3: VFS: ceph_snapshots: In ceph_snap_gmt_convert_dir() - change to use ceph_snap_get_btime_fsp(). s3: VFS: ceph_snapshots: Remove ceph_snap_get_btime(). s3: VFS: streams_xattr: In streams_xattr_pwrite() - remove conditional. s3: VFS: streams_xattr: In streams_xattr_pwrite() - use the fsp->base_fsp argument for get_ea_value(). s3: VFS: streams_xattr: In streams_xattr_pwrite() - remove smb_fname_base. s3: VFS: streams_xattr: In streams_xattr_pread() - use the fsp->base_fsp argument for get_ea_value(). s3: VFS: streams_xattr: In streams_xattr_pread() - remove smb_fname_base. s3: VFS: streams_xattr: In streams_xattr_ftruncate() - remove conditional. s3: VFS: streams_xattr: In streams_xattr_ftruncate() - use the fsp->base_fsp argument for get_ea_value(). s3: VFS: streams_xattr: In streams_xattr_ftruncate() - remove smb_fname_base. s3: VFS: streams_xattr: In walk_xattr_streams() use smb_fname->fsp for get_ea_value(). s3: VFS: streams_xattr: In streams_xattr_openat() we can assume fsp->base_fsp != NULL. s3: VFS: streams_xattr: Add an fsp parameter to get_xattr_size(). s3: VFS: streams_xattr: Use fsp->base_fsp for the fsp parameter to get_xattr_size() in streams_xattr_fstat(). s3: VFS: streams_xattr: Simplify streams_xattr_lstat(). s3: VFS: streams_xattr: Bring streams_xattr_stat_base() inline into streams_xattr_stat(). s3: VFS: streams_xattr: In streams_xattr_stat(), make use of smb_fname->fsp->base_fsp if it has one. s3: VFS: streams_xattr: Use openat_pathref_fsp() to create a smb_fname->fsp (and the smb_fname->fsp->base_fsp) if the incoming name doesn't have one. s3: VFS: streams_xattr: In streams_xattr_stat() - ~S_IFMT already removes S_IFDIR. s3: VFS: streams_xattr: Rename get_xattr_size() -> get_xattr_size_fsp(). s3: smbd: Rename get_ea_value() -> get_ea_value_fsp(). s3: smbd: Cleanup - rename get_ea_names_from_file() -> get_ea_names_from_fsp(). s3: VFS: fake_acls. Add missing NULL check for return of cp_smb_filename(). s3: VFS: fake_acls. Remove two static 'recursion' global booleans. s3: smbd: Code inside non_widelink_open() breaks an invarient inside the VFS. Demonstrate this. s3: smbd: Fix fsp->base_fsp->fsp_name->fsp == fsp->base_fsp invarient in non_widelink_open(). s3: lib: In ad_read_meta(), allow use of SMB_VFS_FGETXATTR() as well as SMB_VFS_GETXATTR(). s3: VFS: fruit: Inside fruit_open_meta_netatalk() change to use fsp->base_fsp->fsp_name in ad_get() instead of smb_fname. s3: VFS: fruit: In fruit_stat_meta_netatalk(), move the call to fruit_stat_base() before the ad_get() call. s3: VFS: fruit: In the fruit handle->fruit_config_data, add a recursion guard we will set before calling openat_pathref_fsp(). s3: VFS: fruit: Add helper function ad_get_meta_fsp(). s3: VFS: fruit: In update_btime(), ad_get() -> ad_get_meta_fsp(). s3: VFS: fruit: In readdir_attr_meta_finderi_netatalk(), ad_get() -> ad_get_meta_fsp(). s3: VFS: fruit: In fruit_stat_meta_netatalk(), ad_get() -> ad_get_meta_fsp(). s3: VFS: fruit: In fruit_streaminfo_meta_netatalk(), ad_get() -> ad_get_meta_fsp(). s3: lib: adouble.c: In ad_read_meta() we can now guarantee a valid fsp. s3: VFS: cap: Remove cap_getxattr. s3: VFS: catia: Remove catia_getxattr. s3: VFS: ceph: Remove cephwrap_getxattr. s3: VFS: ceph_snapshots: Remove ceph_snap_gmt_getxattr. s3: VFS: glusterfs: Remove vfs_gluster_getxattr. s3: VFS: media_harmony: Remove mh_getxattr. s3: VFS: posix_eadb: Remove posix_eadb_getxattr. s3: VFS: shadow_copy2: Remove shadow_copy2_getxattr. s3: VFS: snapper: Remove snapper_gmt_getxattr. s3: VFS: unityed_media: Remove um_getxattr. s3: VFS: vxfs: Remove vxfs_get_xattr. s3: VFS: xattr_tdb: Remove xattr_tdb_getxattr. vfs: RIP SMB_VFS_GETXATTR() s3: VFS: Update status of SMB_VFS_GETXATTR. Joseph Sutton (94): netcmd: Add test for an offline backup of a directory containing hardlinks netcmd: Add test for an offline backup of nested directories netcmd: Determine which files are to be copied for an offline domain backup netcmd: Avoid database corruption by opting not to create database files during an offline domain backup netcmd: Fix typos in offline domain backup test netcmd: Fix opening SamDB database for offline backup asn1: Remove unused function asn1_check_enumerated() provision tests: Add test for the CryptSHA256 and CryptSHA512 password hashing schemes s4:dsdb/password_hash: Don't generate crypt() password for krbtgt account provision: Decrease the length of random machine passwords s4:dsdb/password_hash: Add additional check for crypt() and crypt_r() failure provision tests: Add a test for hashing overly long passwords s4:dsdb/password_hash: Add a more useful error message for passwords too long to be hashed auth/credentials: Add test for binding with a domain SID cracknames: Add support for SID string format auth/credentials: Add test for binding with a canonical name auth/credentials: Add test for binding with an extended canonical name cracknames: Allow auto-conversion from an extended canonical name auth/credentials: Remove unneeded try/except syntax util: Ensure debugger can be attached to process util: Ensure debugger is not started until it is allowed to attach audit logging tests: Fix flapping test samba-tool:testparm: Test that --section-name works without --parameter-name samba-tool:testparm: Fix error with --section-name samba-tool:testparm: Test error handling for unknown sections and parameters samba-tool:testparm: Display nicer parameter dump error messages auth:creds: Remove unused variable auth:creds: Fix parameter in creds.set_named_ccache() pygensec: Fix method documentation Revert "s4-test: fixed ndrdump test for top level build" krb5ccache.idl: Add definition for a Kerberos credentials cache librpc: Test parsing a Kerberos 5 credentials cache with ndrdump krb5: Add Python functions to create a credentials cache containing a service ticket python: Add credentials cache test python: Add LDAP credentials cache test python: Add RPC credentials cache test Revert "libsmb: Use sid_parse()" libsmb: Remove overflow check libsmb: Avoid undefined behaviour when parsing whoami state libsmb: Check to see that whoami is not receiving more data than it requested libsmb: Ensure that whoami parses all the data provided to it pylibsmb: Add posix_whoami() python: Add SMB credentials cache test python: Ensure reference counts are properly incremented python: Fix erroneous increments of reference counts python: Fix ticket timestamp conversion when local timezone is not UTC python: Make credentials cache test run against Windows pytest:segfault: Add test for assigning to an inline array pidl: Handle assigning to an inline array from Python selftest: Remove duplicate variable assignment samldb: Fix function name typo in error message pytest: Fix typo in docstring sambadns: Fix docstring for create_dns_dir() pyldb: Add test for Message.items() pyldb: Fix Message.items() for a message containing elements testprogs: Test that dns.keytab is created after a dns upgrade samba_upgradedns: Create binddns_dir if it doesn't already exist provision: Refactor another usage of create_dns_dir_keytab_link netcmd: Fix error-checking condition netcmd: Ignore rIDUsedPool attribute in offline domain backup test tests: Specify additional modules for 'vfs objects' parameter netcmd: Use correct path for state directory during offline backup netcmd: Refactor seizing DNS roles while restoring from a backup netcmd: Add tests for performing an offline backup immediately after joining a domain dsdb: Add next_free_rid() function to allocate a RID without modifying the database python/tests/dsdb: Add tests for RID allocation functions netcmd: Use next_free_rid() function to calculate a SID for restoring a backup ridalloc: Don't skip the first RID of a pool netcmd: Avoid conflicting SIDs when creating an offline backup dbcheck: Refactor RID Set check to use free_rid_bounds() dbcheck: formatting python:subunit: Fix skipping a test with no reason given python:subunit: Remove write_traceback() python:subunit: Avoid misleading "Test was never started" error message tests/krb5/kdc_base_test.py: Defer account deletion until tearDownClass() is called tests/krb5/raw_testcase.py: Add get_admin_creds() tests/krb5/kdc_base_test.py: Create database connection only when needed tests/krb5/kdc_base_test.py: Remove 'credentials' class attribute tests/krb5/kdc_base_test.py: Create loadparm only when needed tests/krb5/kdc_base_test.py: Add methods to determine supported encryption types tests/krb5/raw_testcase.py: Add method to obtain Kerberos keys over DRS tests/krb5/raw_testcase.py: Make env_get_var() a standalone method tests/krb5/raw_testcase.py: Add allow_missing_keys parameter for getting creds tests/krb5/raw_testcase.py: Cache obtained credentials tests/krb5/raw_testcase.py: Allow specifying a fallback credentials function tests/krb5/raw_testcase.py: Simplify conditionals tests/krb5/kdc_base_test.py: Add fallback methods to obtain client and krbtgt credentials tests/krb5/as_req_tests.py: Automatically obtain credentials tests/krb5/as_req_tests.py: Check the client kvno tests/krb5/raw_testcase.py: Check for an explicit 'unspecified kvno' value tests/krb5: Deduplicate 'host' attribute initialisation tests/krb5/as_canonicalization_tests.py: Refactor account creation tests/krb5: Use admin creds for SamDB rather than user creds s4:torture/krb5/kdc-heimdal: Automatically determine AS-REP enctype to check against Julien ROPÉ (1): Fix for https://bugzilla.samba.org/show_bug.cgi?id=9634 Karolin Seeger (2): VERSION: Bump version up to 4.15.0pre1... WHATSNEW: Start release notes for Samba 4.15.0pre1. Martin Schwenke (15): lib: Fix the build on FreeBSD ctdb-tests: Actually wait for record to migrate to lmaster node build: Only add -Wl,--as-needed when supported ctdb-scripts: Factor out function dump_stacks() ctdb-scripts: Avoid direct /proc access ctdb-tests: Fix nonsense arguments to ps stub ctdb-tests: Add debug_locks.sh testing ctdb-scripts: Move current lock debugging to a function ctdb-scripts: Update debug_locks.sh to handle arguments ctdb-scripts: Simplify logic in debug_via_proc_locks() ctdb-tests: Add debug_locks.sh tests for mutexes ctdb-daemon: Close server socket when switching to client ctdb-common: Drop unused include of mkdir_p.h ctdb-tests: Force stub version of service in eventscript tests ctdb-scripts: Ignore ShellCheck SC3013 for test -nt Mathieu Parent (1): Rename mdfind to mdsearch Noel Power (140): s3/smbd: call get_ea_list_from_file with smb_fname->fsp s3/modules: Ensure vfs_streaminfo gets passed valid pathref smb_filename s3/smbd: use SMB_VFS_FLISTXATTR() alone (also added assert fsp is not NULL) s3/smbd: modify get_ea_names_from_file signature fn to take fsp alone s3/smbd: use smb_fname->fsp for get_ea_list_from_file_path in estimate_ea_size() s3/smbd: modify estimate_ea_size fn signature to take fsp only s3/smbd: modify get_ea_list_from_file_path fn signature to take fsp only s3/smbd: prepare get_ea_list_from_file to receive fsp alone s3/smbd: no longer pass smb_fname to get_ea_list_from_file s3/smbd: rename get_ea_list_from_path -> get_ea_list_from_fsp s3/smbd: remove connection_struct param from get_ea_list_from_file s3/torture: migrate SMB_VFS_FLISTXATTR calls to SMB_VFS_FLISTXATTR s3/smsbd: prepare to remove connection_struct param from get_ea_list_from_file_path s3/smbd: remove connection_struct from get_ea_list_from_file_path s3/smbd: Create new file get_ea_list_from_fsp_new (not used) s3/smbd: rename get_ea_list_from_fsp_new to get_ea_list_from_fsp s3/smbd: replace get_ea_list_from_file_path with get_ea_list_from_fsp s3/smbd: let canonicalize_ea_name accept fsp and fstring only in sig s3/smbd: Adjust estimate_ea_size to take files_struct alone s3/smbd: Remove connection_struct from get_ea_names_from_file VFS: Remove SMB_VFS_LISTXATTR, no longer used vfs: update status of SMB_VFS_LISTXATTR s3/smbd: set_ea SMB_VFS_FSETXATTR => SMB_VFS_FSETXATTR s3/lib: adouble SMB_VFS_SETXATTR => SMB_VFS_FSETXATTR s3/modules: posixacl convert from SMB_VFS_SETXATTR -> SMB_VFS_FSETXATTR s3/smbd: posix_acls SMB_VFS_SETXATTR -> SMB_VFS_FSETXATTR s3/modules: ensure catia_set_dos_attributes passes on pathref s3/smb3: ensure file_set_dosmode is passed valid smb_fname->fsp s3/smb3: ensure file_set_dosmode is passed valid smb_fname->fsp s3/smb3: ensure file_set_dosmode is passed valid smb_fname->fsp s3/smbd: set_create_timespec_ea should create smb_fname with valid fsp s3/smbd: SMB_VFS_SETXATTR => SMB_VFS_FSETXATTR s3/smbd: Detect and fail attempt to set_ea_dos_attribute on link s3/modules: vfs_acl_xattr SMB_VFS_SETXATTR -> SMB_VFS_FSETXATTR streams_xattr_openat SMB_VFS_SETXATTR -> SMB_VFS_FSETXATTR s3/modules: streams_xattr_pwrite SMB_VFS_SETXATTR -> SMB_VFS_FSETXATTR s3/modules: streams_xattr_ftruncate SMB_VFS_SETXATTR -> SMB_VFS_FSETXATTR s3/modules: streams_xattr: Fix fname passed to SETXATTR s3/modules: streams_xattr_renameat SMB_VFS_SETXATTR -> SMB_VFS_FSETXATTR s3/modules: stream_dir make sure mark_file_valid is called with fsp s3/torture: SMB_VFS_SETXATTR -> SMB_VFS_FSETXATTR s3/lib: SMB_VFS_NEXT_SETXATTR -> SMB_VFS_NEXT_FSETXATTR s3/modules: fake_acls: SMB_VFS_NEXT_SETXATTR -> SMB_VFS_NEXT_FSETXATTR s3/modules: fake_acls_lchown use SMB_VFS_NEXT_FSET s2/modules: nfs4acl_smb4acl_set_fn SMB_VFS_NEXT_SETXATTR -> SMB_VFS_NEXT_FFSETXATTR s3/modules: ceph_snapshots: Add missing fsetxattr_fn implementation s3/modules: shadow_copy2: Add new fsetxattr_fn implementation s3/modules: snapper: Add missing fsetxattr_fn impl VFS: Remove SMB_VFS_SETXATTR, no longer used Update status of SMB_VFS_SETXATTR s3/smbd: VFS Fix incorrect VFS_FIND s3/smbd: SMB_VFS_SET_DOS_ATTRIBUTES -> SMB_VFS_FSET_DOS_ATTRIBUTES VFS: Remove SMB_VFS_SET_DOS_ATTRIBUTE, no longer used VFS: Fix version SMB_VFS_GET_DOS_ATTRIBUTES was removed in VFS: gluster: Allow vfs_gluster_fchmod() to cope with pathref fsps. VFS: ceph: Allow cephwrap_fchmod() to cope with pathref fsps. s3/modules: make chmod_acl_module_common less strict so fchmod can run s3/modules: VFS: ceph_snapshots: Add new fchmod_fn implementation s3/modules: VFS: fruit: Add new fchmod_fn implementation s3/modules: VFS: shadow_copy2: Add new fchmod_fn implementation s3/modules: VFS: snapper: Add new fchmod_fn implementation s3/smbd: SMB_VFS_CHMOD -> SMB_VFS_FCHMOD s3/smbd: file_set_dosmode SMB_VFS_CHMOD => SMB_VFS_FCHMOD s3/modules: nfs4acl_xattr_fset_nt_acl VFS_SMB_NEXT_CHMOD => VFS_SMB_NEXT_FCHMOD s3/modules: linux_xfs_sgid_mkdirat() SMB_VFS_NEXT_FCHMOD => SMB_VFS_NEXT_CHMOD s3/torture: Make cmd_chmod now use SMB_VFS_FCHMOD s3/modules: VFS: acl_tdb: Remove call to chmod_acl_module_common() s3/modules: VFS: acl_xattr: Remove call to chmod_acl_module_common() s3/modules: VFS: acl_common: Remove chmod_acl_module_common() function s3/modules: VFS: audit: Remove audit_chmod s3/modules: VFS: cap: remove cap_chmod s3/modules: VFS: catia: Remove catia_chmod() function s3/modules: VFS: ceph: Remove cephwrap_chmod() function s3/modules: VFS: cep_snapshots: remove ceph_snap_gmt_chmod() function s3/modules: VFS: extd_audit: Remove audit_chmod() function s3/modules: VFS: fake_acls: Remove fake_acls_chmod() function s3/modules: VFS: fruit: Remove fruit_chmod s3/modules: VFS: full_audit: Remove smb_full_audit_chmod() function s3/modules: VFS: Remove vfs_gluster_chmod() function s3/modules: VFS: gpfs: Remove vfs_gpfs_chmod() function s3/modules: VFS: media_harmony: Remove mh_chmod s3/modules: VFS: shadow_copy2: Remove shadow_copy2_chmod s3/modules: VFS: snapper: Remove snapper_gmt_chmod s3/modules: VFS: time_audit: Remove smb_time_audit_chmod s3/modules: VFS: unityed_media: Remove um_chmod function VFS: Remove SMB_VFS_CHMOD, no longer used VFS: Update status of SMB_VFS_CHMOD VFS: Add SMB_VFS_FSTREAMINFO s3: VFS: catia: Implement SMB_VFS_FSTREAMINFO s3: vfs: fruit: Implement SMB_VFS_FSTREAMINFO s3: VFS: glusterfs: Initialise fstreaminfo_fn to NULL s3: VFS: streams_depot SMB_VFS_FSTREAMINFO impl s3: VFS: streams_xattr: Add impl for SMB_VFS_FSTREAMINFO s3/smbd: add new toplevel vfs_fstreaminfo wrapper s3/smbd: ntrans: vfs_streaminfo -> vfs_fstreaminfo s3/smbd: trans2: vfs_streaminfo -> vfs_fstreaminfo s3/smbd: close vfs_streaminfo->vfs_fstreaminfo s3/smbd: filename: vfs_streaminfo -> vfs_fstreaminfo s3/smbd: open: vfs_streaminfo -> vfs_fstreaminfo s3/lib: adouble: vfs_streaminfo -> vfs_fstreaminfo s3/module: VFS: fruit: vfs_streaminfo -> vfs_fstreaminfo s3: Remove vfs_streaminfo function s3/modules: VFS: catia: Remove SMB_VFS_STREAMINFO s3/modules: VFS: fruit: Remove SMB_VFS_STREAMINFO s3/modules: VFS: media_harmony: Remove SMB_VFS_STREAMINFO s3/modules: VFS: streams_depo: Remove SMB_VFS_STREAMINFO s3/modules: VFS: stream_xattr: Remove SMB_VFS_STREAMINFO s3/modules: VFS: unityed_media: Remove SMB_VFS_STREAMINFO s3: VFS: Remove SMB_VFS_STREAMINFO(), no longer used VFS: Update status of SMB_VFS_STREAMINFO s3/smbd: Fix stray line introduced in 470b6223e7283ce1308e0b273eb893d20ab72d5b VFS: SMB_VFS_SYS_ACL_GET_FD: Add SMB_ACL_TYPE_T type arg VFS: SMB_VFS_SYS_ACL_GET_FD: Modify api to take additional type param s3/smbd: make posix_sys_acl_blob_get_fd actually use handle api with the changes to underlying sys_acl_get_fd_fn we now can pass the acl type down s3/smbd: pysmbd: SMB_VFS_SYS_ACL_GET_FILE -> SMB_VFS_SYS_ACL_GET_FD s3/smbd: pysmbd: Ensure SMB_VFS_GET_NT_ACL_AT() has an fsp when called. s3/smbd: call dos_mode_post with fsp s3/smbd: dos_mode_post: remove smb_fname param s3/smbd: dos_mode_check_compressed: remove smb_fname, conn fn parms s3/smbd: Remove unecessary 'else' block VFS: vxfs: ifdef out vxfs_sys_acl_set_fd VFX: vxfs: Fixup some warnings s3: VFS: virusfilter: Use real dirfsp for SMB_VFS_RENAMEAT() VFS: Add initial implemenataion for SMB_VFS_FCHFLAGS VFS: ceph: Add SMB_VFS_FCHFLAGS implementation VFS: ceph_snapshots: Add SMB_VFS_FCHFLAGS implementation VFS: glusterfs: Add SMB_VFS_FCHFLAGS implementation VFS: shadow_copy2: Add SMB_VFS_FCHFLAGS implementation VFS: snapper: Add SMB_VFS_FCHFLAGS implementation s3/smbd: smb_set_file_unix_info2: SMB_VFS_CHFLAGS -> SMB_VFS_FCHFLAGS VFS: ceph: Remove SMB_VFS_CHFLAGS VFS: ceph_snapshot Remove SMB_VFS_CHFLAGS VFS: catia: Remove SMB_VFS_CHFLAGS VFS: glusterfs Remove SMB_VFS_CHFLAGS VFS: media_harmony: Remove SMB_VFS_CHFLAGS VFS: shadow_copy2: Remove SMB_VFS_CHFLAGS VFS: snapper: Remove SMB_VFS_CHFLAGS VFS: unityed_media: Remove SMB_VFS_CHFLAGS VFS: Remove SMB_VFS_CHFLAGS, not used anymore s3: VFS: Update status of SMB_VFS_CHFLAGS Paul Wise (1): HEIMDAL: krb5_storage_free(NULL) should work Pavel Březina (4): tevent: add support for cmocka unit tests tevent: add custom tag to events tevent: add event trace api tevent: bump the version number to 0.11.0 Pavel Filipenský (5): s3:rpcclient: Document command of witness protocol docs: Update list of available commands in rpcclient docs-xml: Update smbcacls manpage idl: secrets_domain_info1_change is not a recursive structure s3:libads: Remove extra new line in keytab list output Peter Eriksson (1): s3: VFS: nfs4_acls. Add missing TALLOC_FREE(frame) in error path. Philipp Gesang (3): lib/audit_logging/test: fix typos lib/util: fix timespec normalization allow tests to be run against a PAM-less build Ralph Boehme (148): selftest: use correct DNS domain name for wrapper hosts file winbind: move config-reloading code to winbindd_dual.c winbind: set logfile after reloading config winbind: handle MSG_SMB_CONF_UPDATED in the winbinds children selftest: add a test for "winbind:ignore domains" winbind: move "winbind:ignore domain" logic to a seperate function winbind: check for allowed domains in winbindd_dual_pam_auth() winbind: check for allowed domains in winbindd_dual_pam_auth_crap() winbind: check for allowed domains in winbindd_dual_pam_chng_pswd_auth_crap() winbind: check for allowed domains in winbindd_dual_pam_chauthtok() winbind: check for allowed domains in winbindd_pam_auth_pac_verify() s3/auth: implement "winbind:ignore domains" winbind: remove legacy flags fallback vfs_error_inject: add unlinkat hook selftest: add force_user_error_inject share in maptoguest env selftest: add a test that verifies unlink works when "force user" is set smbd: use fsp->conn->session_info for the initial delete-on-close token vfs_aixacl: fix regression from f4c2f867f035fcbe3d547d5635d058b0aec7636a vfs: make fsp arg of vfs_[memctx|fetch]_fsp_extension const vfs_audit: support real dirfsps in audit_unlinkat() vfs_cap: support real dirfsps in cap_unlinkat() vfs_catia: forward pathref fsp in catia_unlinkat() vfs_catia: support real dirfsps in catia_unlinkat() vfs_ceph: support real dirfsps in cephwrap_unlinkat() vfs_default: support real dirfsps in vfswrap_unlinkat() vfs_extd_audit.c: support real dirfsps in audit_unlinkat() vfs_full_audit: support real dirfsps in smb_full_audit_unlinkat() vfs_glusterfs: support real dirfsps in vfs_gluster_unlinkat() vfs_media_harmony: support real dirfsps in mh_unlinkat() vfs_posix_eadb: support real dirfsps in posix_eadb_unlink_internal() vfs_posix_eadb: support real dirfsps in posix_eadb_rmdir_internal() vfs_posix_eadb: support real dirfsps in posix_eadb_unlinkat() vfs_recycle: support real dirfsps in recycle_unlinkat() vfs_streams_depot: remove indentation vfs_streams_depot: support real dirfsps in streams_depot_unlink_internal() vfs_streams_depot: support real dirfsps in streams_depot_rmdir_internal() vfs_streams_depot: support real dirfsps in streams_depot_unlinkat() smbd: add synthetic_pathref() vfs_fruit: use synthetic_pathref() in readdir_attr_meta_finderi_stream() printing: use synthetic_pathref() in driver_unlink_internals() smbd: use synthetic_pathref() in delete_all_streams() vfs_streams_xattr: use pathref in streams_xattr_unlink_internal() vfs_fruit: fix use after free in delete_invalid_meta_stream() vfs_fruit: use synthetic_pathref() in delete_invalid_meta_stream() vfs_time_audit: support real dirfsps in smb_time_audit_unlinkat() vfs_unityed_media: support real dirfsps in um_unlinkat() vfs_virusfilter: support real dirfsps in virusfilter_vfs_unlinkat() vfs_xattr_tdb: support real dirfsps in xattr_tdb_unlinkat() vfs_acl_common: support real dirfsps in acl_common_remove_object() vfs_fruit: use SMB_VFS_FREMOVEXATTR() in fruit_unlink_meta_netatalk() vfs_fruit: support real dirfsps in fruit_unlink_rsrc_stream() vfs_fruit: support real dirfsps in fruit_unlink_rsrc_adouble() vfs_fruit: support real dirfsps in fruit_unlinkat() s4/torture: move deletion out of close loop in torture_smb2_maxfid() smbd: add parent_pathref() smbd: use parent_pathref() in mkdir_internal() smbd: use parent_pathref() in smb_unix_mknod() smbd: use parent_pathref() in smb_set_file_unix_link() pysmbd: use parent_pathref() in py_smbd_mkdir() smbd: use real dirfsp and atname when deleting file in close_remove_share_mode() smbd: simplify recursive_rmdir() smbd: add some space in recursive_rmdir() smbd: add dir_hnd_fetch_fsp() smbd: use real dirfsp for SMB_VFS_UNLINKAT() in recursive_rmdir() smbd: README.Coding fixes in rmdir_internals() smbd: simplify rmdir_internals() smbd: reduce indentation in rmdir_internals() smbd: use real dirfsp with SMB_VFS_UNLINKAT() in rmdir_internals() smbd: use real dirfsp for SMB_VFS_UNLINKAT() in create_msdfs_link() smbd: use real dirfsp for SMB_VFS_CREATE_DFS_PATHAT() in create_msdfs_link() vfs: update status of SMB_VFS_CREATE_DFS_PATHAT() smbd: use real dirfsp for SMB_VFS_UNLINKAT() in remove_msdfs_link() smbd: use real dirfsp for SMB_VFS_UNLINKAT() in py_smbd_unlink() s3/libadouble: remove dirfsp arg from ad_convert() s3/libadouble: remove dirfsp arg from ad_convert_delete_adfile() s3/libadouble: use real dirfsp in ad_convert_delete_adfile() vfs: update status of SMB_VFS_UNLINKAT() vfs: restore platform specific POSIX sys_acl_set_file() functions CI: verify a symlink has FILE_ATTRIBUTE_NORMAL set smbd: don't overwrite _mode if neither a msdfs symlink nor get_dosmode is requested s3/libadouble: stat path before calling openat_pathref_fsp() in ad_unconvert_open_ad() smbd: stat path before calling openat_pathref_fsp() in unlink_internals() smbd: fix a resource leak in create_file_unixpath() smbd: call stat before openat_pathref_fsp() in create_file_unixpath() smbd: remove a redundant fstat()in create_file_unixpath() smbd: stat path before calling openat_pathref_fsp() in open_pathref_base_fsp() smbd: move smb_fname creation to earlier point in smbd_dirptr_get_entry() smbd: stat path before calling openat_pathref_fsp() in smbd_dirptr_get_entry() smbd: expect valid stat info in openat_pathref_fsp() smbd: simplify error codepath in openat_pathref_fsp() smbd: don't return NT_STATUS_STOPPED_ON_SYMLINK in openat_pathref_fsp() net: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from openat_pathref_fsp() smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from get_file_handle_for_metadata() smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from synthetic_pathref() smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from parent_pathref() smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from open_streams_for_delete() smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from create_file_unixpath() smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from reply_search() smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from rename_internals() smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from rename_internals() smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from copy_file() smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from copy_file() smbd: remove NT_STATUS_STOPPED_ON_SYMLINK status code check from call_trans2findfirst() printing: use correct error out in file_version_is_newer() when openat_pathref_fsp() fails printing: use correct error out in file_version_is_newer() when openat_pathref_fsp() fails printing: use correct error out in get_correct_cversion() when openat_pathref_fsp() fails selftest: add a test for %U variable expansion in spoolssd smbd: call set_current_user_info() in smbd_become_authenticated_pipe_user() selftest: fix cleanup of test_printing_var_exp.sh smbd: reset dangling watch_req pointer in poll_open_done smbd: cancel pending poll open timer in poll_open_done() smbd: free open_rec state in remove_deferred_open_message_smb2_internal() s3: smbd: fix deferred renames pidl: set the per-request memory context in the pidl generator spools: avoid leaking memory into the callers mem_ctx smbd: reduce loglevel for failed openat_pathref_fsp() calls torture: add smbtorture compound SMB2 requests test "related8" torture: add another smbtorture compound SMB2 requests test "related9" smbd: SMB2 Compound related chain handling when generation of FileId has failed vfs_default: require fchmod() s3/modules: fchmod: fallback to path based chmod if pathref winbindd: remove obsolete sequence_number() from winbindd_reconnect_ads.c winbindd: remove obsolete sequence_number() from winbindd_reconnect.c winbindd: remove obsolete sequence_number from struct winbindd_methods torture: add a test that verifies SMB2 close fields without postqueryattrib smbd: correctly initialize close timestamp fields torture/smb2: ACL inheritance flags test with non-canonical behaviour smbd: pass fsp to canonicalize_inheritance_bits() loadparam: add option "acl flag inherited canonicalization" smbtorture: verify attributes on fake quota file handle smbd: add dosmode_from_fake_filehandle() smbd: handle fake file handles in fdos_mode() smbd: return correct timestamps for quota fake file smbd: remove unneeded code from dos_mode_at_vfs_get_dosmode_done() mdssvc: use a helper variable in mds_add_result() mdssvc: don't fail mds_add_result() if result is not found in CNID set mdssvc: pass messaging context to mds_init_ctx() smbd: pass tevent context to create_conn_struct_as_root() smbd: add create_conn_struct_cwd() mdssvc: maintain a connection struct in the mds_ctx mdssvc: chdir() to the conn of the RPC request mdssvc: avoid direct filesystem access, use the VFS replace: copy_file_range() vfs_default: properly track written bytes for copy-chunk lib: add sys_io_ranges_overlap() smbd: use sys_io_ranges_overlap() in fsctl_dup_extents_check_overlap() vfs_default: use copy_file_range() vfs_default: use fsp_get_io_fd() for copy_file_range() Richard Sharpe (2): s3: utils: Remove debug2html utility. Not used, installed or tested. s3: lib: If we're reporting getaddrinfo fail, print the name we were looking up in the same debug. Rowland Penny (1): man winbind: Remove untrue statement, you can run winbind without running nmbd. Sachin Prabhu (1): smbd: Ensure errno is preserved across fsp destructor Samuel Cabrero (57): s4-torture: Add a test for GUID_from_data_blob s4-torture: Add a test for ndr_syntax_id_from_string() lib:util: Move variable initialization out of conditional compilation block daemons: Do not notify systemd in child processes started by main samba winbind: Remove noisy error message in wb_open_internal_pipe() librpc: Lower dcesrv_call_dispatch_local() errors from DBG_ERR to DBG_INFO netcmd: Workaround issue backing up offline domain with lmdb >= 0.9.26 oss-fuzz: Update build script to be compatible with rpm distros selftest: Test RPC handles and association groups from different connection s3: rpc_server: Search for already created association groups s3: rpc_server: Store new association groups in the id tree s3-iremotewinspool: set the per-request memory context s3: VFS: default: ntimes profile not ended when times not changed build: Do not check for unused functions futimes() and futimens() VFS: Add SMB_VFS_FNTIMES s3: VFS: catia: Implement SMB_VFS_FNTIMES() s3: VFS: ceph: Implement SMB_VFS_FNTIMES() s3: VFS: ceph_snapshots: Implement SMB_VFS_FNTIMES() s3: VFS: delay_inject: Implement SMB_VFS_FNTIMES() s3: VFS: fruit: Implement SMB_VFS_FNTIMES() s3: VFS: glusterfs: Implement SMB_VFS_FNTIMES() gpfswrap: Add wrapper for gpfs_set_times() s3: VFS: gpfs: Implement SMB_VFS_FNTIMES() s3: VFS: shadow_copy2: Implement VFS_SMB_FNTIMES() s3: VFS: snapper: Implement SMB_VFS_FNTIMES() s3: smbd: Use new debug macros s3: smbd: Update file times right before closing the underlying fd s3: smbd: Pass full fsp to file_ntimes() s3: smbd: Use SMB_VFS_FNTIMES() instead of SMB_VFS_NTIMES() s3: VFS: recycle: set the recycled file times using SMB_VFS_FNTIMES() s3: torture: Change cmd_utime to use SMB_VFS_FNTIMES() s3: VFS: cap: Remove SMB_VFS_NTIMES() s3: VFS: catia: Remove SMB_VFS_NTIMES() s3: VFS: ceph: Remove SMB_VFS_NTIMES() s3: VFS: ceph_snapshots: Remove SMB_VFS_NTIMES() s3: VFS: delay_inject: Remove SMB_VFS_NTIMES() s3: VFS: fruit: Remove SMB_VFS_NTIMES() s3: VFS: full_audit: Remove SMB_VFS_NTIMES() s3: VFS: glusterfs: Remove SMB_VFS_NTIMES() s3: VFS: gpfs: Remove SMB_VFS_NTIMES() gpfswrap: Remove wrapper for gpfs_set_times_path() s3: VFS: media_harmony: Remove SMB_VFS_NTIMES() s3: VFS: not_implemented: Remove SMB_VFS_NTIMES() s3: VFS: shadow_copy2: Remove SMB_VFS_NTIMES() s3: VFS: snapper: Remove SMB_VFS_NTIMES() s3: VFS: time_audit: Remove SMB_VFS_NTIMES() s3: VFS: unityed_media: Remove SMB_VFS_NTIMES() s3: VFS: default: Remove SMB_VFS_NTIMES() s3: VFS: Remove SMB_VFS_NTIMES(), no longer used VFS: Add SMB_VFS_FREADDIR_ATTR() s3: VFS: fruit: Implement SMB_VFS_FREADDIR_ATTR() s3: smbd: Switch from SMB_VFS_READDIR_ATTR() to SMB_VFS_FREADDIR_ATTR() s3: smbd: Skip calling SMB_VFS_FREADDIR_ATTR() for symlinks s3: VFS: catia: Remove SMB_VFS_READDIR_ATTR() s3: VFS: fruit: Remove SMB_VFS_READDIR_ATTR() s3: VFS: Remove SMB_VFS_READDIR_ATTR(), no longer used nmbd: Reduce the wait interface loop sleep time Stefan Metzmacher (171): s3:adouble: rewrite ad_open_rsrc() as adouble_open_rsrc_fsp() using create_internal_fsp() share_mode_lock: DEBUG/ASSERT recursion deadlock detection s3:adouble: allow ad_fget/ad_get_internal to be used with a backend fsp s3:adouble: add adouble_open_from_base_fsp() vfs_fruit: let fruit_open_rsrc_adouble() return errno = EISDIR vfs_fruit: add fruit_get_complete_fio() helper vfs_fruit: make use of adouble_open_from_base_fsp(ADOUBLE_RSRC) in fruit_open_rsrc_adouble() s3:idmap_hash: reliable return ID_TYPE_BOTH Makefile: add support for 'make testonly' selftest: allow a prefix under /m/username/ selftest:Samba4: avoid File::Path 'make_path' in setup_dns_hub_internal() selftest/Samba4: make more use of get_cmd_env_vars() selftest/Samba4: correctly pass KRB5CCNAME to provision selftest/Samba4: allow get_cmd_env_vars() to take an overwrite dictionary s3:selftest: run test_smbclient_tarmode.pl with a fixed subdirectory name s4:selftest: use plansmbtorture4testsuite() for 'rpc.echo' selftest: make/use a copy of GNUPGHOME script/autobuild.py: split out a rmdir_force() helper function script/autobuild.py: let cleanup() ignore errors from rmdir_force() by default examples/fuse/smb2mount: fix compiler warning on ubuntu20.04 with -O3 selftest/gdb_backtrace: use 'unset LD_PRELOAD' third_party: Update socket_wrapper to version 1.3.2 s3:pysmbd: fix fd leak in py_smbd_create_file() pyldb: catch potential overflow error in py_timestring pyglue: add float2nttime() and nttime2float() samba-tool user: use an implicit_attrs list instead of add_ATTR variables samba-tool user: add ';format=[GeneralizedTime,UnixTime,TimeSpec]' support samba-tool user: add ';format=[GeneralizedTime,UnixTime,TimeSpec]' support in "samba-tool user show" docs-xml: clarify "smb2 disable lock sequence checking" section smbd: let smbd_request_guid() use smb1req->xconn->channel_id s4:torture/smb2: use %t (timestamp) instead of %R for lease.dynamic_share test selftest: enable 'server multi channel support = yes' smbd: improve smbXsrv_connection_dbg() for debugging multi-channel problems smbd: introduce a smbXsrv_connection_destructor() s4:torture/smb2: add a smb2.session.two_logoff test smbXsrv_tcon: explicitly set tcon->db_rec = NULL after tcon->db_rec = local_rec smbXsrv_session: set session->db_rec = NULL after session->db_rec = local_rec s4:torture/smb2: add smb2.lease.timeout-disconnect test smbd: make sure that xconn is alive for the lifetime of smbXsrv_connection_shutdown_send/recv smbXsrv_client: move the connection passing to smb2srv_client_mc_negprot_send/recv s4:libnet_rpc: avoid reusing the assoc_group_id of the lsa connection libcli/smb: prepare smb2_key_derivation() for keys larger than 16-bytes libcli/smb: pass the length of the resulting key to smb2_key_derivation() libcli/smb: split out smb2_signing_calc_signature() from smb2_signing_check_pdu() libcli/smb: assert that smb2_signing_{sign,check}_pdu() gets 2-4 iovec elements libcli/smb: make use of smb2_signing_calc_signature() in smb2_signing_sign_pdu() libcli/smb: add smb2_signing_derivations_fill_const_stack() libcli/smb: make use of smb2_signing_derivations_fill_const_stack() smb2cli_session_set_session_key() smb2_sesssetup: use smb2_signing_derivations_fill_const_stack() smbXsrv_session: let smbXsrv_session_global_verify_record() use talloc_keep_secret() for keys libcli/smb: maintain smbXcli_conn.smb2.server.sign_algo smb2_negotiate: maintain xconn->smb2.server.sign_algo libcli/smb: add smb2_signing_key_{copy,sign_create,cipher_create}() helpers libcli/smb: make use of smb2_signing_key_{copy,sign_create,cipher_create}() in smbXcli_base. smbd: make use of smb2_signing_key_{copy,sign_create,cipher_create}() helpers smb2_server: use struct smb2_signing_key for first_enc_key and last_sign_key libcli/smb: make smb2_signing_key_destructor static libcli/smb: no longer pass protocol to smb2_signing_{sign,check}_pdu() libcli/smb: no longer pass protocol to smb2_signing_{encrypt,decrypt}_pdu() libcli/smb: don't copy the key to a stack variable in smb2_signing_{encrypt,decrypt}_pdu() libcli/smb: introduce struct struct smb311_capabilities s4:libcli/raw: add smb3_capabilities to struct smbcli_options libcli/smb: pass smb3_capabilities to smbXcli_conn_create() libcli/smb: introduce struct smb3_encryption_capabilities s3:libsmb: fill in smb3_capabilities.ciphers s4:param: let lpcfg_smbcli_options() fill smb3_capabilities.ciphers libcli/smb: make use of smb3_capabilities.encryption s4:torture/smb2: improve smb2.notify.invalid-reauth s4:torture/smb2: add smb2.session.bind_negative_{smb202,smb210,smb2to3,smb3to2,smb3to3} s4:torture: add a torture_user2_credentials() helper to pass additional credentials s4:torture/smb2: add smb2.session.bind_{invalid_auth,different_user} s3:selftest: pass alice credentials to the smb2.session tests for ad_dc smbXsrv_session: split out smbXsrv_session_remove_channel() smb2_server: fallback global session lookup if the session belongs to a different client smb2_sesssetup: don't shutdown a session on failure when it's not valid yet on the connection smb2_sesssetup: only set NT_STATUS_MORE_PROCESSING_REQUIRED if a reauth can start smb2_sesssetup: a bind dialect mismatch should always result in INVALID_PARAMETER smb2_sesssetup: a session bind with a different user results in ACCESS_DENIED smb2_sesssetup: validate that sign_algo and encryption_cipher match on a session bind third_party: Update socket_wrapper to version 1.3.3 ldb: bump version to 2.4.0, in order to be used for Samba 4.15 s3: smbd: Raise debug level when synthetic_pathref() can't find the file. vfs_aio_pthread: don't allow async opens when multi channel is enabled. s4:torture/smb2: make use of torture_reset_lease_break_info() in lease.c s4:torture/smb2: make use of torture_reset_break_info() in replay.c s4:torture/smb2: add smb2_util_lease_state_string() s4:torture/smb2: provide verbose output when we're waiting for potential lease/oplock breaks s4:torture/smb2: add smb2.replay.dhv2-pending* tests s4:torture/smb2: add smb2.session.bind2 smbXsrv_session: smbXsrv_session_remove_channel() should also remove the last channel smbXsrv_open: intruduce smbXsrv_open_replay_cache to support FILE_NOT_AVAILABLE smb2_server: let smbd_smb2_flush_send_queue() destroy pending elements on dead connection smb2_server: don't cancel pending request if at least one channel is still alive smbXsrv_session: always cancel pending requests in smb2srv_session_shutdown_send() in the same way smb2_tcon: also try to cancel pending compound requests on tdis s3:script:tests: create temporary files under $PREFIX/SELFTEST_TMPDIR python:tests:samba_tool: create temporary files under $SELFTEST_TMPDIR s4:client:tests: create temporary files under $PREFIX/SELFTEST_TMPDIR testprogs:blackbox: create temporary files under $PREFIX/SELFTEST_TMPDIR script/autobuild.py: change the task definitions into an dictionary script/autobuild.py: split out a CLEAN_SOURCE_TREE_CMD script/autobuild.py: pass --with-selftest-prefix via make instead of configure script/autobuild.py: defer cp and git clone script/autobuild.py: store the directory for the running builder in self.builder_dir script/autobuild.py: add support for dependencies script/autobuild.py: split out "samba-{def,mit}-build" .gitlab-ci.yml: print out information of the available cpus .gitlab-ci.yml: split out samba-{def,mit}-build into the build_first stage .gitlab-ci.yml: specify explicit job timeouts .gitlab-ci.yml: be more resilient to intrastructure failures script/autobuild.py: split out samba-{nt4,h5l,no-opath}-build .gitlab-ci.yml: let private runners also make use of pre-builds script/autobuild.py: move ad_dc_backup to samba-ad-dc-6 script/autobuild.py: split samba-ad-dc-backup into samba-ad-back{1,2} .gitlab-ci.yml: move samba-ad-back{1,2} and samba-schemaupgrade to shared runners .gitlab-ci.yml: move the content to .gitlab-ci-main.yml .gitlab-ci-main.yml: build coverity using --with-cluster-support bootstrap/.gitlab-ci.yml: make sure we force gitlab.com runners for now .gitlab-ci*.yml: only use gitlab.org shared runners if possible .gitlab-ci-main.yml: specify the image only by SAMBA_CI_JOB_IMAGE script/autobuild.py: skip lcov step for samba-fips script/autobuild.py: split samba-no-opath into two tests script/autobuild.py: split samba-nopython out of samba-minimal-smbd again script/autobuild.py: split samba-ad-dc-4* tests into two add .gitlab-ci-coverage.yml for a scheduled build heimdal_build: use TO_LIST from wafsamba.samba_utils wafsamba: let 'use_hostcc=True' result in -D_SAMBA_HOSTCC_ lib/replace: don't set -D_SAMBA_HOSTCC_ explicitly heimdal_build: avoid cflags='-DSOCKET_WRAPPER_DISABLE=1 -D_SAMBA_HOSTCC_' s3:cmdline: Use D_ERR() instead of DBG_ERR() for talloc log lib:cmdline: Use getprogname() to avoid possible issues with setproctitle() heimdal_build: Provide C defines showing which Kerberos library is in use build: in SAMBA_BINARY use TO_LIST(cflags) heimdal_build: Add C99 struct initializer in source4/heimdal_build/krb5-glue.c s3:torture: add STR-MATCH-MSWILD test for is_in_path() s3:lib: add a new samba_path_matching* infrastructure s3:lib: add samba_path_matching_regex_sub1_create() lib/util: improve debug message about unknown classes docs-xml: document dynamic debug classes from modules vfs_preopen: introduce "preopen" debug class vfs_preopen: only try to preopen if we can construct an absolute path vfs_preopen: make use of new samba_path_matching_* infrastructure vfs_preopen: only reset the queue state if preopen_parse_fname() found matching digits vfs_preopen: completely reset the queue if the name structure changes vfs_preopen: introduce helper variables in preopen_parse_fname() vfs_preopen: cap the queue length to the maximum number that fits into the digits space vfs_preopen: make use of any hints from samba_path_matching_check_last_component() docs-xml:vfs_preopen.8: improve the documentation of the current detection algorithm vfs_preopen: introduce support for "preopen:posix-basic-regex = yes" vfs_preopen: add useful debug messages which can be configured on adjustable log levels WHATSNEW: document new preopen:* options auth/credentials: allow credentials.Credentials to act as base class Rename python/samba/tests/krb5/{rfc4120_pyasn1_regen.sh => pyasn1_regen.sh} tests/krb5/rfc4120.asn1: Improve definitions to allow expanded testing tests/krb5/raw_testcase.py: Add get_{client,server,krbtgt}_creds() tests/krb5/raw_testcase.py: introduce STRICT_CHECKING=0 in order to relax the checks in future tests/krb5/raw_testcase.py: add assertElement*() tests/krb5/raw_testcase.py: Allow prettyPrint of more RFC-defined values tests/krb5/raw_testcase.py: Allow prettyPrint of more MS-KILE-defined values tests/krb5/raw_testcase.py: split KDC_REQ_BODY_create() from KDC_REQ_create() tests/krb5/raw_testcase.py: add KERB_PA_PAC_REQUEST_create() tests/krb5/raw_testcase.py: add methods to iterate over etype permutations tests/krb5/raw_testcase.py: Add TicketDecryptionKey_from_creds() tests/krb5/raw_testcase.py: introduce a _generic_kdc_exchange() infrastructure tests/krb5/as_req_tests.py: add new tests to cover more of the AS-REQ protocol selftest: run new as_req_tests against fl2008r2dc and fl2003dc tests/krb5/as_req_tests.py: add simple test_as_req_enc_timestamp test s4:kdc: prefer newer enctypes for preauth responses gensec_krb5: restore ipv6 support for kpasswd testprogs: Consistantly use kinit -c $KRB5CCNAME smbXsrv_{open,session,tcon}: protect smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records Steven Price (1): clitar: restore mtime on files Trever L. Adams (2): s3:modules:vfs_virusfilter: Recent talloc changes cause infinite start-up failure s3:modules:vfs_virusfilter: Recent New_VFS changes break vfs_virusfilter_openat. Viktor Dukhovni (1): HEIMDAL: Avoid yydebug compiler warning Volker Lendecke (261): rpc_server: Fix a typo lib: Avoid an "includes.h" lib: Use hex_byte() in strhex_to_str() vfs: Simplify vfs_gluster_getwd() rpc_server: Slightly simplify dcesrv_bind() rpc_server: Slightly simplify dcesrv_bind() lib: Make accept_recv() return struct samba_sockaddr smbcacls: Simplify sec_desc_parse() libsmb: Simplify sec_desc_parse() libsmb: Simplify add_ace() smbcacls: Simplify add_ace_with_ctx() libcli: make_sec_acl() copies the ace_list, make that const sharesec: Simplify add_ace() smbd: Simplify sendfile_short_send() librpc: Fix a small memleak in epm_floor_string() lib: Align integer types torture: Align integer types rpc_server: Fix a typo rpc_server: Fix a "bool==true" condition lib: Make accept_recv() return the listening socket torture: Fix a gcc qualifier ordering warning vfs: Remove an unused variable from zfs_get_nt_acl_common() vfs: Fix the FreeBSD build rpc_server: Remove an unused function parameter rpc_server: Pass dcerpc_binding to dcesrv_create_ncalrpc_socket() rpc_server: Pass dcerpc_binding to dcesrv_create_ncacn_ip_tcp_sockets() rpc_server: Pass dcerpc_binding to dcesrv_create_ncacn_np_socket() rpc_server: Factor out e->ep_description in dcesrv_create_endpoint_sockets() rpc_server: Move socket creation to rpc_sock_helper.[ch] rpc_server: Consolidate transport-specific socket creation lib: Provide a meaningful errno if FD_CLOEXEC is missing rpc_server: Add CLOEXEC to the listening sockets libndr: Simplify ndr_print_GUID() librpc: Add a NULL check to dcerpc_binding_build_tower() librpc: Add ndr_syntax_id_buf_string() librpc: Use ndr_syntax_id_buf_string() in dcerpc_sec_vt_pctx_check() librpc: Use ndr_syntax_id_buf_string() in dcerpc_binding_set_abstract_syntax() librpc: Simplify dcerpc_binding_set_abstract_syntax() dsdb: Avoid an unneeded #include lib: Simplify parse_guid_string() and ndr_syntax_id_from_string() libwbclient: Fix wbcStringToGuid rpc_server: Introduce "goto nomem;" to dcesrv_endpoint_connect() epmapper: Simplify _epm_Map() librpc: Simplify dcerpc_binding_string() librpc: Simplify dcerpc_binding_string() epmapper: Simplify endpoints_match() librpc: Simplify dcesrv_check_or_create_context() librpc: Fix a typo lib: Fix file_ploadv_send()/_recv() librpc: Convert find_interface_by_uuid to search by syntax_id librpc: Simplify find_interface_by_syntax_id() librpc: Simplify find_interface_by_binding() vfs_aixacl2: Fix "mem_ctx" and "ppdesc" smb_fget_nt_acl_nfs4 args locking: Fix an uninitialized variable read g_lock: Fix uninitalized variable reads dsdb: Fix CID 1473453: Null pointer dereferences dsdb: Fix CID 1473454: Null pointer dereferences samba: Fix indentation rpc_server: Fix a typo rpc_server: Align integer types ctdb: Fix a typo lib: Fix a typo rpc_client: Fix a typo lib: Fix a typo winbindd: Fix a typo rpc_server: Fix a typo librpc: Fix a typo, while there linewrap the comment smbd: Fix a typo (recieve->receive), reformat comment librpc: Fix typos lib: Fix an uninitialized variable read lib: Make socket options output less chatty lib: Avoid ZERO_STRUCT in pidfile_pid() lib: Avoid a memleak in pidfile_unlink() lib: Avoid a cast in messages_dgm lib: Align integer types rpcclient: talloc_stackframe() panics on failure rpc_client: Save a few lines with direct struct initialization rpc_server: talloc_stackframe() panics on failure epmapper: talloc_stackframe() panics on failure rpc_server: Use direct struct initialization instead of ZERO_STRUCT rpc_server: Use any_nt_status_not_ok() in srv_netlog_nt.c lib: Protect "messaging_dgm_init()" from NULL dirs lib: Fix samba_sockaddr_[get|set]_port libcli: Add a NULL check to tstream_npa libcli: Simplify tstream_npa_connect_readv_done() librpc: Simplify struct dcesrv_handle g_lock: Add extensive debug information lib: Fix file_ploadv_send/recv cleanup srvsrvc: Reload conf after changing a share smbd: Fix a DEBUG message winbindd: Apply some const to normalize_name_map() winbind: Simplify winbindd_samr.c printing: Fix a typo tests: Fix a typo lib: Use FIONREAD in wait_for_read_send/recv printing: Remove simple wrapper function pcap_printer_read_fn() printing: Introduce printer_list_printername_exists() printing: Move rap2jobid functions to their own file librpc: Add "private_data" to struct dcesrv_context_callbacks rpc_server4: Make "srv_callbacks" static torture: Make srv_cb static librpc: Make "dcesrv_context->callbacks" a pointer lib: Make pidfile_path_create() return the existing PID on conflict lib: Decouple is_myname() from init_names() lib: Unfold calls to my_netbios_names() in util_names.c nmbd: Move my_netbios_names() to nmbd lib: Remove init_names() auth3: Align integer types auth3: Make it a bit easier to #include "source3/include/auth.h" rpc_server: Save roundtrips into samr for machine pwd changes rpc_server: Initialize variables in get_md4pw() rpcclient: Avoid a few implicit NULL assignments rpcclient: Simplify do_cmd rpcclient: Add RPC_RTYPE_BINDING rpcclient: Convert binding-related commands to RPC_RTYPE_BINDING rpcclient: Factor out cmd_set_auth() winbindd: Improve a DEBUG message in sam_name_to_sid() rpcclient: Fix a DBG msg: This is not dcerpc_winreg_int_openkey() rpc_server: Fix a -Werror=format-truncation error rpcclient: Remove pipe_default_auth globals rpcclient: Don't put a port into the epm_map request rpcclient: No need to use an object id in epm_map rpc_client: Factor out rpccli_epm_map_interface() from rpc_pipe_get_tcp_port() rpcclient: Let rpc_pipe_open_ncalrpc() figure out the dst sock itself mdfind: Use cli_rpc_pipe_open_noauth() in mdfind util librpc: Simplify dcerpc_binding_dup() with common nomem handling rpcclient: Enable ncalrpc: transport lib: Properly return errno from open_socket_in() messaging: Fix receiving file descriptors winbindd: Fix a startup race with allocate_gid libcli: Add file specific access flags to sddl printing: Passing a fn pointer does not need "&" printing: Remove code to upgrade from before b0909cfa14f printing: Fix typos printing: Remove "else" branches, reduce indentation printing: Align a few integer types vfs_ceph: Fix CID 1474440: Null pointer dereferences nmbd: Fix CID 1474439: Incorrect expression nmbd: Fix socket cleanup in make_subnet() rpc_client: cli_winreg_spoolss.h references spoolss structs rpc_server3: Fix a memleak for internal pipes lib: Add required includes to source3/lib/background.h lib: Fix rundown of jobs sent with background_job_send() test: Add a test for background_job_send crash smbd: Factor out a bool expr into a descriptive variable printing: Align integer types srv_winreg: Align integer types dynconfig: Introduce and expose SAMBA_LIBEXECDIR wbinfo: Allow SID for -R tstream_npa: Keep "named_pipe_auth_req" around in tstream_npa_accept_existing_send()/recv() tstream_npa: Return named_pipe_auth_req_info4 from accept_existing tstream_npa: Allow NULL output parameters tstream: Add tstream_npa_existing_stream() rpc_server: tstream_npa_connect_recv() returns errno into sys_errno winbindd: Avoid deadlock in sam_name_to_sid() winbindd: Use samr instead of lsa in sam_name_to_sid() winbindd: Make sam_sid_to_name use samr instead of lsa winbindd: Use samr in sam_rids_to_names() instead of lsa winbindd: Remove unused code gensec: Remove gensec_security_all(), it was only used internally rpc: Give dcerpc_util.c its own header librpc: Remove the gensec dependency from library dcerpc-binding auth4: Make auth_anonymous pseudo-async auth4: Make auth_developer pseudo-async auth4: Make auth_unix pseudo-async auth4: Make auth_sam pseudo-async auth4: Remove sync check_password from auth_operations lib: Fix includes in strv.h lib: Fix includes in util_tdb.h lib: Fix nonempty line endings lib: Remove unused tdb_traverse_delete_fn() lib: Simplify tdb_fetch_uint32_t() lib: Simplify tdb_fetch_int32() printing: Make winreg_get_printer() a bit easier to read printing: Make winreg_get_printer() a bit easier to understand printing: Straighten winreg_get_printer() slightly printing: talloc_stackframe() aborts on failure rpc_client: Direct struct initialization in dcerpc_winreg_enumvals() rpc_client: talloc_stackframe() aborts on failure registry: Fix a typo winbindd: Fix a typo auth3: Use talloc_move() instead of talloc_steal() auth3: Fix a error path memleak lib: Replace a call to TALLOC_ZERO() vfs: Replace a call to TALLOC_ZERO() vfs: Remove a call to TALLOC_ZERO() lib: Remove two unused historic macros auth: Simplify DEBUG statements in make_auth3_context_for_ntlm() smbd: Fix a typo auth3: Simplify check_samba4_security() auth3: Fix a typo auth3: Fix a few error path memleaks in create_local_token() create_local_token: Add error checks auth3: Remove auth_skel.c auth3: Make load_auth_module() static dsdb: Slightly tune get_new_descriptor() auth3: Remove unnecessary talloc_unlink() calls auth3: Add an error check to auth_generic_prepare() libcli: Simplify sddl_encode_ace() py_security: Avoid casts in py_random_sid() librpc: Use GUID_buf_string() in python wrappers librpc: Add py_descriptor_richcmp() equality function torture: Move sddl tests to python auth3: Make auth3_session_info_create() static lib: Fix a typo libcli: Factor out sddl_map_flag() torture: Show sddl_decode() failure for "GWFX" access mask libcli: Fix parsing access flags from multiple tables printing: Remove the pause_pipe[] from queue_process.c printing: Remove dead code printing: Reduce indentation in start_background_queue() printing: Avoid zombies in the background daemon smbd: Replace call to close_low_fds() with direct calls lib: Directly call close_low_fd() in become_daemon() lib: Remove close_low_fds() gensec: Slightly simplify gensec_generate_session_info_pac() auth3: Apply some const to auth3_context_set_challenge() auth3: Use auth3_context_set_challenge() in auth3_set_challenge() auth3: Fix a typo auth3: if (ret==False) just looks weird passdb: Add error checks in samu_set_unix_internal() auth: Fix a typo auth3: talloc_strackframe() panics on failure CVE-2021-20254 passdb: Simplify sids_to_unixids() printing: Consolidate add_to_jobs_list() smbd: Make share_mode_lock.h includable on its own lib: Simplify str_list_make_empty() printing: Simplify calling print commands param: Enable including source3/param/param_proto.h without vfs.h printing: Factor out register_printing_bq_handlers() lib: Add parent_watch_fd() lib: Add str_list_add_printf() printing: Introduce samba-bgqd printing: Avoid a few references to background_lpq_updater_pid ctdb: fix typos ctdb: Call run_event_recv() in a callback function ctdb: Introduce a helper variable in run_event_test.c ctdb: Wait for SIGCHLD if script timed out ctdb: Introduce output before and after the 10-second timeout ctdb: Fix a crash in run_proc_signal_handler() dbwrap: Remove unused dbwrap_try_fetch_locked() dbwrap: Remove "db_context->try_fetch_locked()" fn pointer dbwrap_ctdb: Remove "tryonly" from fetch_locked_internal() lib: Fix a typo printing: Simplify pack_devicemode() printing: Factor out remove_from_jobs_list() rpc_server: Avoid a cast lib: Open tdb files with O_CLOEXEC tevent: Remove single-use ev_str_list_[length|add] rpc_server: Use correct PRIu16 for printf of a uint16 nsswitch: Fix a typo libnet: Align a few integer types libnet: Initialize pointers smbd: Simplify share_mode_entry_do() lib: Slightly simplify server_id_set_disconnected() rpc_server: Don't rely on TCP-bind() to return EADDRINUSE rpc_server: Make errno return of get_logged_on_userlist explicit rpc_server: Make get_domain_userlist() independent of errno libsmb: Factor out cli_status_to_errno() from cli_errno() libsmbclient: Avoid a call to SMBC_errno() in SMBC_mkdir_ctx() docs: Improve wording, fix a typo pavel.filipensky (1): s3:passdb: Fix 'return 1' in secrets_store_creds() xzhao9 (1): s3:registry Renaming get_charset() to smbreg_get_charset() ----------------------------------------------------------------------- -- Samba Shared Repository