The annotated tag, tevent-0.12.0 has been created
at 355edbaebad11d45987d21d9caea04917638bcdc (tag)
tagging a20d41accdc999262da94531627c7e1e8ec7677f (commit)
replaces samba-4.16.0rc1
tagged by Stefan Metzmacher
on Tue Apr 12 01:59:10 2022 +0200
- Log -----------------------------------------------------------------
tevent: tag release tevent-0.12.0
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAmJUwM4ACgkQR5ORYRMI
QCVQcwf+Pzla6PjTpGPLth3+Ch62X+QhTg5JbDjgs5eYSw986RnLXs7pwqFZfNgJ
kXe6T8cE8P4qe4MrwdTK2fZ/355E/kBS4OtBkLn62r2VvhaM+FBb8rjSsHRtz0Qb
FD5SbsDWmsLMVcC16x/71Uvn2Cn4HoaKuzmJ6S7vNsJ3m6njyuVrgLS8ei8WDQ3d
fmpeGV0VCe60Mi9tgrqt4xDheerokvdoDupbrHu1JE8JAHpbv9g8uaJzyFpYFzTR
Cbi4fWV9DBlsrWpmCN5WytKUqR5pamPvCfdFYgDCF0v9VyrIEcLx9RptWkE4bgMs
3AMJlR8zYe/G4R2TPhjFyUSm5ElVIg==
=nth+
-----END PGP SIGNATURE-----
Andreas Schneider (107):
s4:kdc: Add a HDB to SDB mask
s4:kdc: Remove trailing spaces in hdb-samba4.c
s4:kdc: Translate HDB flags to SDB flags
bootstrap: Fix CentOS8 runner
bootstrap: Migrate to CentOS8 Stream
selftest: Do not force -d0 for smbd/nmbd/winbindd
builtools: Make abi_gen.sh less prone to errors
bootstrap: If the mold linker is available prefer it over gold
bootstrap: Install mold linker on Fedora 35
s3:winbindd: Add a sanity check for the range
s3:utils: Add a testparm check for idmap autorid
docs-xml: Fix idmap_autorid documentation
editorconfig: Final newlines are pycodestyle
third_party:waf: Print the version of waf at the end of the update script
third_party: Update waf to verison 2.0.23
s3:utils: Fix missing space in testparm output
autobuild: Rewrite the symbol checking
editorconfig: Change shell to tabs with tab width 8
configure: Reformat wrapper script
buildtools: Reformat shell scripts
docs-xml: Reformat shell scripts
examples: Reformat shell scripts
selftest: Add ad member with idmap_autorid backend
s3:tests: Run test_idmap_rid.sh against admem_idmap_autorid
autobuild: Run admem_idmap_autorid tests
lib:fuzzing: Reformat shell scripts
lib:ldb: Reformat shell scripts
lib:replace: Reformat shell scripts
lib:tdb: Reformat shell scripts
lib:tevent: Reformat shell scripts
nsswitch: Reformat shell scripts
packaging: Reformat shell scripts
editorconfig: We always inserted a new line so keep doing that
python: Reformat shell scripts
release-scripts: Reformat shell scripts
script: Reformat shell scripts
selftest: Reformat shell scripts
s3:locale: Reformat shell scripts
s3:script: Reformat shell scripts
s4:kdc: Align sflags type
s4:kdc: Also cannoicalize krbtgt principals when enforcing
canonicalization
selftest: More tests are passing with MIT KRB5 >= 1.20
s4:mitkdc: Set KRB5_KDB_NO_AUTH_DATA_REQUIRED based on sdb
no_auth_data_reqd
s4:mitkdc: Add support for MIT Kerberos 1.20
s4:mitkdc: Add support for S4U2Self & S4U2Proxy
s4:kdc: Implement new Microsoft forwardable flag behavior
s4:auth: Remove trailing spaces in sam.c
s4:auth: Also look up msDS-AllowedToActOnBehalfOfOtherIdentity for RBCD
s4:kdc: Implement samba_kdc_check_s4u2proxy_rbcd()
s4:mitkdc: Implement mit_samba_check_allowed_to_delegate_from() for RBCD
s4:mitkdc: Implement support for Resource Based Constrained Delegation
(RBCD)
gitlab-ci: Print the krb5 version
gitlab-ci: Run krb5 tests also with MIT Kerberos 1.20 (prerelease)
WHATSNEW: Bronze bit, S4U and RBDC support with MIT Kerberos 1.20
testprogs: Add test that local krb5.conf has been created
s3:libads: Remove trailing spaces in kerberos.c
s3:libads: Leave early on error in get_kdc_ip_string()
s3:libads: Improve debug messages for get_kdc_ip_string()
s3:libads: Use talloc_asprintf_append() in get_kdc_ip_string()
s3:libads: Allocate all memory on the talloc stackframe
s3:libads: Remove obsolete free's of kdc_str
s3:libads: Check print_canonical_sockaddr_with_port() for NULL in
get_kdc_ip_string()
s3:libads: Fix creating local krb5.conf
python:tests: Fix type error in raw_testcase.py
s4:kdc: Fix return code in mit_samba_update_pac()
s4:kdc: Make sure ret is set if we goto bad_option
s4:kdc: Fix comparison in samba_kdc_check_s4u2proxy()
auth: Add required headers to auth_sam_reply.h
lib:krb5_wrap: Implement smb_krb5_principal_is_tgs()
s4:kdc: Cleanup include files in pac-glue.c
s4:kdc: Make pac parameter of samba_client_requested_pac() const
s4:kdc: Implement common samba_kdc_update_pac()
s4:kdc: Use samba_kdc_update_pac() in mit_samba_reget_pac()
s4:kdc: Use samba_kdc_update_pac() in mit_samba_update_pac()
s4:kdc: Remove ks_is_tgs_principal()
s4:kdc: Remove trailing whitespace in wdc-samba4.c
s4:kdc: Use samba_kdc_update_pac() in Heimdal DB plugin
gitlab-ci: Remove unused variable for ubuntu1604
gitlab-ci: Use Ubuntu 20.04 for Coverity
gitlab-ci: Drop Fedora 34
gitlab-ci: Update to openSUSE 15.3
gitlab-ci: Drop Debian 10
s4:kdc: Improve debug message of samba_kdc_fetch_server()
s4:kdc: Remove trailing white spaces in kdc-service-mit.c
s4:kdc: If we set the kerberos debug level to 10 write a trace file
s4:tests: Run Heimdal PKINIT tests only against ad_dc env
s4:kdc: Add Smart Card and file based PKINIT support
selftest: Setup PKINIT for MIT Kerberos
testprogs: Fix kerberos_kinit with additional options
testprogs: Rename test_pkinit_heimdal.sh
testprogs: Format test_pkinit_simple.sh with shfmt
testprogs: Fix calculating failed in test_pkinit_simple.sh
testprogs: Manually reformat testit commands in test_pkinit_simple.sh
testprogs: Remove the usage of enctype in test_pkinit_simple.sh
testprogs: A PKINIT test which runs against Heimdal and MIT Kerberos
testprogs: Rename test_pkinit_pac_heimdal.sh
testprogs: Reformat test_pkinit_pac.sh with shfmt
testprogs: Manually reformat test_pkinit_pac.sh
testprogs: A PKINIT PAC test which runs against Heimdal and MIT Kerberos
s4:selftest: Remove ad_dc_ntvfs env from several tests
Add missing final newline to end of c file
Add missing final newline to end of sh file
Move LSP stuff to buildtools/devel_env.sh
script: Fix check_symbols() with gcov build
waf: Import Logs in wscript_configure_system_gnutls
waf: Check for GnuTLS earlier
third_party:waf: Do not recurse in aesni-intel if GnuTLS provides the
cipher
Andrew Bartlett (39):
s4-kdc: Adapt to move from HDB auditing to KDC auditing constants
s4-kdc: Fix memory leak in FAST cookie handling
selftest: Use more torture_assert_goto() et al in rpc.samlogon test
selftest: Allow samba.tests.ntlm_auth to fail rather than error checking
--diagnostics
selftest: Remove duplicate run of rpc.samr tests against ad_dc as "samba3"
selftest: Remove duplicate run of rpc.lsa tests against ad_dc as "samba3"
selftest: run s4member tests less
dsdb: No longer supply exact password hashes in a control to indicate
password changes
dsdb: Return dsdb_password_change control name to
DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID
kdc: Remove pre-check for existing NT and LM hash from kpasswd
s4-rpc_server: Remove pre-check for existing NT and LM hash from netlogon
s4/dsdb: Remove LM password generation and storage from password_hash
s4-auth: Disable LM authenticaton in the AD DC despite "lanman auth = yes"
s4-auth: Do not supply the LM hash to the AD DC authentication code
s4-rpc_server: Do not use LM hash in password changes
dsdb: Remove parsing of LM password hash from "dBCSPwd" attribute
selftest: Cope with LM hash not being stored in the tombstone_reanimation
test
selftest: Allow RPC-SAMR to cope with OemChangePasswordUser2 being
un-implemented
dsdb: Remove LM hash parameter from samdb_set_password() and callers
s3-ntlm_auth: Convert table of tests in --diagnostics to designated
initialisers
ntlm_auth: Adapt --diagnostics mode to expect that the DC does not
support LANMAN by default
selftest: Remove auth_log test for RAP password change
torture: Update rpc.samlogon to match Win19 and newer Samba behaviour for
LM key
torture: Do not expect LM passwords to be accepted except by samba3
torture: Allow Samba as an AD DC to use zeros for LM key
WHATSNEW: Mention our matrix room as well
lib/replace: Do not typedef int bool
s4:kdc: Pass supported enctypes to samba_kdc_set_fixed_keys()
s4:kdc: Pass supported enctypes to samba_kdc_set_random_keys()
s4:kdc: Add const to "msg" parameter in samba_kdc_message2entry_keys()
s4:kdc: Pull auth_sam_trigger_repl_secret() up one layer to
samba_kdc_message2entry()
s4:kdc: Move supported enc-type handling out of
samba_kdc_message2entry_keys()
s4:kdc: Expose samba_kdc_message2entry_keys()
testprogs: Change from $foo to "${foo}" variable style
waf: Document the confusing --nonshared-binary, --builtin-libraries,
--private-libraries and --bundled-libraries
s4-auth: Remove unused acct_flags parameter
s4-auth: Do not trigger RODC replication unless missing all passwords
s4-auth: Only build auth_developer module in developer mode
s4-auth: Remove last traces of LanMan authentiation support in the AD DC.
Archana (3):
ctdb-packaging: Remove deprecated networking command netstat and replace
with "ss" command
ctdb-tools: Remove deprecated networking commands and replace with new
commands
vfs: Getting exact attribute value during gpfs_stat_x calls
Bjoern Jacke (2):
vfs_gpfs: use linux oplock specific funcions only when available
vfs_aixacl: add proper header file
Björn Jacke (6):
dnsp.idl: add missing DNS_RPC_RECORD defines
dns.idl/dnsp.idl: add missing DNS ressource record types
acl: fix function arguments for AIX' and Solaris' sys_acl_get_fd()
wscript: s/default/required/ _static_modules for the acl modules
readlink test: inverse return code
waf: re-add missing readlink test
Christof Schmitt (1):
vfs_gpfs: Initialize litemask to 0
David Mulder (101):
samba-gpupdate: Implement enhanced logging
gpo: Certificate Auto Enrollment default Kerberos auth
gpo: Improve Certificate Auto Enroll Debug messages
smbd: Add WITH_SMB1SERVER enabled for now
smbd: Move message.c -> smb1_message.c
smbd: Move sesssetup.c -> smb1_sesssetup.c
smbd: Move lanman.c -> smb1_lanman.c
smbd: Disable build for SMB1 only files
smbd: Allow disabling SMB1 in struct smbXsrv_connection
smbd: Move schedule_aio_read_and_X to smb1_aio.c
smbd: Move schedule_aio_write_and_X to smb1_aio.c
smbd: Move aio.c -> smb2_aio.c
smbd: Move nt_status_np_pipe to smb2_ipc.c
smbd: Move ipc.c -> smb1_ipc.c
smbd: Move negprot_spnego to smb2_negprot.c
smbd: negprot_spnego allow disabling smb1 spnego set
smbd: Move negprot.c -> smb1_negprot.c
smbd: Move set_sd to smb2_nttrans.c
smbd: Move set_sd_blob to smb2_nttrans.c
smbd: Move copy_internals to smb2_nttrans.c
smbd: Move smbd_do_query_security_desc to smb2_nttrans.c
smbd: Move smbd_do_query_getinfo_quota to smb2_nttrans.c
smbd: Move nttrans.c -> smb1_nttrans.c
smbd: Move new_break_message_smb1 to smb1_oplock.c
smbd: Move send_break_message_smb1 to smb1_oplock.c
smbd: Disable smb1 oplock calls when smb1 is disabled
smbd: Move oplock.c -> smb2_oplock.c
smbd: Move reply_open_pipe_and_X to smb1_pipes.c
smbd: Move reply_pipe_write_and_X to smb1_pipes.c
smbd: Move reply_pipe_read_and_X to smb1_pipes.c
smbd: Move pipes.c -> smb2_pipes.c
smbd: Move check_path_syntax* to smb2_reply.c
smbd: Move srvstr_get_path* to smb2_reply.c
smbd: Move srvstr_pull_req_talloc to smb2_reply.c
smbd: Move check_fsp_open to smb2_reply.c
smbd: move check_fsp to smb2_reply.c
smbd: Move check_fsp_ntquota_handle to smb2_reply.c
smbd: Move reply_special to smb2_reply.c
smbd: Move unlink_internals to smb2_reply.c
smbd: Move fake_sendfile to smb2_reply.c
smbd: Move sendfile_short_send to smb2_reply.c
smbd: Move rename_internals_fsp to smb2_reply.c
smbd: Move rename_internals to smb2_reply.c
smbd: Move copy_file to smb2_reply.c
smbd: Move get_lock_offset to smb2_reply.c
smbd: Move smbd_do_unlocking to smb2_reply.c
smbd: Move reply.c -> smb1_reply.c
smbd: Disable call to smb1_srv_is_signing_active without smb1
smbd: Move make_connection to smb1_service.c
smbd: Move service.c -> smb2_service.c
smbd: Move smb2_srv_init_signing to smb2_signing.c
smbd: Move srv_init_signing to smb2_signing.c
smbd: Disable call to smb1_srv_init_signing without smb1
smbd: Move signing.c -> smb1_signing.c
smbd: Split process_smb() into process_smb1() and process_smb2()
smbd: Split srv_send_smb into smb1_srv_send/smb2_srv_send
smbd: Move srv_send_smb/smb2_srv_send to smb2_process.c
smbd: Move srv_set_message to smb2_process.c
smbd: Move read_packet_remainder to smb2_process.c
smbd: Split receive_smb_talloc into
smb1_receive_talloc/smb2_receive_talloc
smbd: Move receive_smb_talloc/smb2_receive_talloc to smb2_process.c
smbd: Move remove_deferred_open_message_smb to smb2_process.c
smbd: Move schedule_deferred_open_message_smb to smb2_process.c
smbd: Move open_was_deferred to smb2_process.c
smbd: Move get_deferred_open_message_state to smb2_process.c
smbd: Separate smb1 code from push_deferred_open_message_smb
smbd: Move push_deferred_open_message_smb to smb2_process.c
smbd: Move reply_outbuf and construct_reply_common_req to smb2_process.c
smbd: Move process_smb to smb2_process.c
smbd: Disable smb1 in smbXsrv_connection_init_tables
smbd: Move smbXsrv_connection_init_tables to smb2_process.c
smbd: Move smbXsrv_connection_dbg to smb2_process.c
smbd: Disable smb1 in smbd_add_connection
smbd: Disable smb1 in smbd_server_connection_handler
smbd: Disable smb1 in smbd_smb2_server_connection_read_handler
smbd: Move smbd_add_connection to smb2_process.c
smbd: Disable smb1 in smbd_process
smbd: Move smbd_process to smb2_process.c
smbd: Move process.c -> smb1_process.c
smbd: Move smb1_utils.h include to smbd.h
smbd: Move send_trans2_replies to smb1_trans2.c
smbd: Move smb_set_posix_lock to smb1_trans2.c
smbd: Move reply_trans2 to smb1_trans2.c
smbd: Move reply_transs2 to smb1_trans2.c
smbd: Move trans2.c -> smb2_trans2.c
torture: Disable vfs chain test dependant on SMB1
smbd: Disable use of smb_fn_name without SMB1 in error.c
smbd: Disable SMB_QUERY_CIFS_UNIX_INFO when SMB1 is disable
smbd: Disable SMB_SET_POSIX_LOCK when SMB1 is disabled
smbd: Remove duplicate read_nttrans_ea_list function prototype
smbd: Disable use of smb_fn_name when SMB1 is disabled
smbd: Move valid_smb_header to smb2_process.c
smbd: Move init_smb_request to smb2_process.c
smbd: Enable multi-protocol negotiate w/out SMB1
smbd: Process error reply if SMB1 negprot parsing fails
smbd: Move reply_pipe_write to smb1_pipes.c
smbd: Remove uses of srv_send_smb
smbd: Remove srv_send_smb
configure: Add option for disabling the smb1 server
configure: Fail smbd w/o smb1 if selftest when configured with ad_dc
ci: Create samba-fileserver-without-smb1 environment
David Seifert (1):
tevent: add missing `#include <sys/types.h>`
Douglas Bagnall (3):
s3/torture/pdbtest: fix always false condition
pytest:auth_log: expect TLS connections when using ldaps
s4/auth/simple_bind: correctly report TLS state
Elia Geretto (1):
s3:libsmb: Fix errno for failed authentication in SMBC_server_internal()
FeRD (Frank Dana) (1):
printing/bgqd: Disable systemd notifications
Garming Sam (1):
rodc: Add tests for simple BIND alongside NTLMSSP binds
Isaac Boukris (1):
krb5-mit: Enable S4U client support for MIT build
Jeremy Allison (121):
s3: smbd: Cleanup - Split out smbd_fetch_security_desc() from
smbd_do_query_security_desc().
s3: smbd: Cleanup - Split out smbd_marshall_security_desc() from
smbd_do_query_security_desc().
s3: smbd: Cleanup - In smbd_do_query_security_desc() we don't need a
talloc frame.
s3: smbd: Rename "unix extensions" -> "smb1 unix extensions".
CVE-2021-44141: s3: torture: Add
samba3.blackbox.test_symlink_traversal.SMB2.
CVE-2021-44141: s3: torture: Add
samba3.blackbox.test_symlink_traversal.SMB1.
CVE-2021-44141: s3: torture: Add
samba3.blackbox.test_symlink_traversal.SMB1.posix
CVE-2021-44141: s3: torture: In test_smbclient_s3, change the error codes
expected for test_widelinks() and test_nosymlinks() from ACCESS_DENIED to
NT_STATUS_OBJECT_NAME_NOT_FOUND.
CVE-2021-44141: s3: torture: Change expected error return for
samba3.smbtorture_s3.plain.POSIX.smbtorture.
CVE-2021-44141: s3: smbd: For SMB1+POSIX clients trying to open a
symlink, always return NT_STATUS_OBJECT_NAME_NOT_FOUND.
CVE-2021-44141: s3: smbd: Inside check_reduced_name() ensure we return
the correct error codes when failing symlinks.
CVE-2021-44141: s3: smbd: Fix a subtle bug in the error returns from
filename_convert().
CVE-2021-44141: s3: torture: Add a test
samba3.blackbox.test_symlink_rename.SMB1.posix that shows we still leak target
info across a SMB1+POSIX rename.
CVE-2021-44141: s3: smbd: Inside rename_internals_fsp(), we must use
vfs_stat() for existence, not SMB_VFS_STAT().
s3: smbd: Add an SMB2 server flag posix_extensions_negotiated.
libcli: Add SMB2 posix negotiate context flag.
s3: smbd: Add the definition for SMB2_FILE_POSIX_INFORMATION info level.
s3: smbd: Add the definition for SMB2_FIND_POSIX_INFORMATION info level.
s3: smbd: Add lp_smb2_unix_extensions() function. Always returns false
for now.
s3: smbd: lp_widelinks(). Turn off widelinks if either SMB1 or SMB2 unix
extensions are turned on.
s3: smbd: Update widelinks_warning() to cope with SMB1 and SMB2 unix
extensions.
s3: smbd: Plumb in POSIX lock requests through SMB2 lock calls if done on
a POSIX handle. Currently not allowed.
s3: smbd: smbd_smb2_request_process_negprot() - Allow SMB2 unix
extensions to be negotiated. Currently not allowed.
s3: smbd: Add two new functions in a new file, smb2_posix.c:
smb2_posix_cc_info(), store_smb2_posix_info()
s4: test: Add samba4.libsmbclient.rename test. Currently fails for SMB3.
lib: libsmbclient: Ensure cli_rename() always sets cli->raw_status.
s3: tests: Add a new test test_msdfs_hardlink() that does simple
hardlinks on MSDFS root shares.
s3: tests: Add a new test test_msdfs_rename() that does simple renames on
MSDFS root shares.
s3: libsmb: Add cli_dfs_target_check() function.
s3: libsmb: Call cli_dfs_target_check() from cli_smb2_hardlink_send().
s3: libsmb: Call cli_dfs_target_check() from cli_ntrename_internal_send().
s3: libsmb: Call cli_dfs_target_check() from cli_smb1_rename_send().
s3: libsmb: Call cli_dfs_target_check() from cli_cifs_rename_send().
s3: libsmb: Call cli_dfs_target_check() from cli_smb2_rename_send().
s4: torture: Add new SMB2 lease test test_lease_duplicate_create().
s4: torture: Add new SMB2 lease test test_lease_duplicate_open().
s3: smbd: Fix our leases code to return the correct error in the
non-dynamic share case.
s3: VFS: ceph_snapshots: Move two more uses of OpenDir() ->
OpenDir_nstatus().
s3: VFS: fruit: Move two more uses of OpenDir() -> OpenDir_nstatus().
s3: VFS: shadow_copy: Move one more use of OpenDir() -> OpenDir_nstatus().
s3: VFS: syncops: Move one more use of OpenDir() -> OpenDir_nstatus().
s3: smbd: In recursive_rmdir(), Move one more use of OpenDir() ->
OpenDir_nstatus()
s3: smbd: In rmdir_internals(), Move one more use of OpenDir() ->
OpenDir_nstatus()
s3: smbd: In count_dfs_links(), Move one more use of OpenDir() ->
OpenDir_nstatus()
s3: smbd: In form_junctions(), Move one more use of OpenDir() ->
OpenDir_nstatus()
s3: torture: In cmd_vfs, Move two more uses of OpenDir() ->
OpenDir_nstatus().
s3: smbd: Remove now unused OpenDir().
s3: smbd: Rename OpenDir_ntstatus() -> OpenDir().
s3: smbd: Cleanup - make recursive_rmdir() return a more expressive
NTSTATUS not bool.
s3: smbd: Cleanup - Make rmdir_internals() use NTSTATUS internally
without depending on errno.
s3: smbd: notify_mid_maps is used by both SMB1 and SMB2.
s3: Simple rename 'struct smb_signing_state' -> 'struct
smb1_signing_state'
s3: smbd: Add 'bool signing_mandatory' to struct smbXsrv_connection.smb2
component.
s3: smbd: Add smb2_srv_init_signing(). Initializes
conn->smb2.signing_mandatory.
s3: smbd: Split srv_init_signing() into 2 static functions
smb1_srv_init_signing() and smb2_srv_init_signing().
s3: smbd: Look at the correct signing state for the debug messages in
make_connection_snum().
s3: libcli: Rename static smb_signing_reset_info() ->
smb1_signing_reset_info()
s3: libcli: Rename smb_signing_init_ex() -> smb1_signing_init_ex()
s3: libcli: Rename smb_signing_init() -> smb1_signing_init()
s3: libcli: Rename smb_signing_good() -> smb1_signing_good()
s3: libcli: Rename smb_signing_md5() -> smb1_signing_md5()
s3: libcli: Rename smb_signing_next_seqnum() -> smb1_signing_next_seqnum()
s3: libcli: Rename smb_signing_cancel_reply() ->
smb1_signing_cancel_reply()
s3: libcli: Rename smb_signing_sign_pdu() -> smb1_signing_sign_pdu()
s3: libcli: Rename smb_signing_check_pdu() -> smb1_signing_check_pdu()
s3: libcli: Rename smb_signing_activate() -> smb1_signing_activate()
s3: libcli: Rename smb_signing_is_active() -> smb1_signing_is_active()
s3: libcli: Remove unused smb_signing_is_allowed()
s3: libcli: Rename smb_signing_is_desired() -> smb1_signing_is_desired()
s3: libcli: Rename smb_signing_is_mandatory() ->
smb1_signing_is_mandatory()
s3: libcli: Rename smb_signing_set_negotiated() ->
smb1_signing_set_negotiated()
s3: libcli: Rename smb_signing_is_negotiated() ->
smb1_signing_is_negotiated()
s3: libcli: Rename smb_key_derivation() -> smb1_key_derivation()
s3: smbd: Rename srv_check_sign_mac() -> smb1_srv_check_sign_mac().
s3: smbd: Rename srv_calculate_sign_mac() ->
smb1_srv_calculate_sign_mac().
s3: smbd: Rename srv_cancel_sign_response() ->
smb1_srv_cancel_sign_response().
s3: smbd: Rename srv_set_signing_negotiated() ->
smb1_srv_set_signing_negotiated().
s3: smbd: Rename srv_is_signing_active() -> smb1_srv_is_signing_active().
s3: smbd: Rename srv_is_signing_negotiated() ->
smb1_srv_is_signing_negotiated().
s3: smbd: Rename srv_set_signing() -> smb1_srv_set_signing()
s3: smbd: Rename smbd_server_connection_read_handler()
smbd_smb1_server_connection_read_handler()
s3: smbd: Add SMB2-only smbd_smb2_server_connection_read_handler().
s3: smbd: Plumb in and use smbd_smb2_server_connection_read_handler()
when server min protocol > NT1 (i.e. SMB2-only).
s3: torture: Add 2 new tests SMB2-DEL-ON-CLOSE-NONWRITE-DELETE-NO,
SMB2-DEL-ON-CLOSE-NONWRITE-DELETE-YES.
s3: smbd: Don't allow setting the delete on close bit on a directory if
it contains non-visible files and "delete veto files = no".
s4: torture: Add regression test for re-opening a durable handle after
calling SMB2 setinfo (end of file).
s3: smbd: In set_ea_dos_attribute() cause root fallback code to exit via
the same place.
s3: smbd: In set_ea_dos_attribute(), if we've stored btime and set
XATTR_DOSINFO_CREATE_TIME successfully, we need to clear
ST_EX_IFLAG_CALCULATED_BTIME.
s3: VFS: vxfs: All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st)
clobber fsp->fsp_name->st.st_ex_iflags.
s3: smbd: mdssvc: All calls to SMB_VFS_FSTAT(fsp, &fsp->fsp_name->st)
clobber fsp->fsp_name->st.st_ex_iflags.
s3: smbd: open_internal_dirfsp() add missing file_free() in error path.
s3: smbd: open_internal_dirfsp(). All calls to SMB_VFS_FSTAT(fsp,
&fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
s3: smbd: non_widelink_open(). All calls to SMB_VFS_FSTAT(fsp,
&fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
s3: smbd: open_file(). All calls to SMB_VFS_FSTAT(fsp,
&fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
s3: smbd: mkdir_internal(). 1 of 2. All calls to SMB_VFS_FSTAT(fsp,
&fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
s3: smbd: mkdir_internal(). 2 of 2. All calls to SMB_VFS_FSTAT(fsp,
&fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
s3: smbd: rename_internals_fsp(). All calls to SMB_VFS_FSTAT(fsp,
&fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
s3: smbd: call_trans2qfilepathinfo(). All calls to SMB_VFS_FSTAT(fsp,
&fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
s3: smbd: call_trans2setfilepathinfo(). All calls to SMB_VFS_FSTAT(fsp,
&fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
s3: pysmbd.c: init_files_struct(). All calls to SMB_VFS_FSTAT(fsp,
&fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
s3: cmd_vfs: cmd_open(). All calls to SMB_VFS_FSTAT(fsp,
&fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
s3: cmd_vfs: cmd_set_nt_acl(). All calls to SMB_VFS_FSTAT(fsp,
&fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
s3: smbd: smbd_smb2_getinfo_send(). All calls to SMB_VFS_FSTAT(fsp,
&fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
s3: smbd: smbd_smb2_setinfo_send(). All calls to SMB_VFS_FSTAT(fsp,
&fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags.
s3: tests.py: Only run smb2.rename against fileserver.
s4: torture: Add CHECK_VAL macro to smb2/rename.c. Not yet used.
s4: torture: Add CHECK_CREATED macro to smb2/rename.c. Not yet used.
s4: torture: Add test_smb2_close_full_information() test to smb2.rename.
s3: smbd: Preserve the fsp->fsp_name->st bufs across rename_open_files()
s3: smbd: Preserve the fsp->fsp_name->st buf across a MSG_SMB_FILE_RENAME
message.
s3: smbget: Fix auth_fn, order of //server/share parameters is mixed in
prompt.
s3: smbd: Move reply_findclose() from trans2.c to smb1_reply.c
s3: smbd: Move reply_findnclose() from trans2.c to smb1_reply.c
s3: smbd: Rename valid_smb_header() -> valid_smb1_header()
s3: smbd: Rename srv_set_message() -> srv_smb1_set_message().
s3: smbd: Rename construct_reply_common() ->
construct_smb1_reply_common().
s3: smbd: Rename construct_reply_common_req() ->
construct_smb1_reply_common_req()
s3: smbd: Rename create_outbuf() -> create_smb1_outbuf()
s3: smbd: Rename reply_outbuf() -> reply_smb1_outbuf().
s3: smbd: Rename init_smb_request() -> init_smb1_request().
WHATSNEW.txt: Add explaination of --without-smb1-server and
--with-smb1-server configure options.
Joseph Sutton (66):
CVE-2022-0336: pytest: Add a test for an SPN conflict with a re-added SPN
CVE-2022-0336: s4/dsdb/samldb: Don't return early when an SPN is re-added
to an object
auth: Cope with NULL upn_name in PAC
third_party/heimdal_build: Add KDC_LIB macro definitions
s4:kdc: Don't pass empty PAC buffers to krb5_pac_add_buffer()
third_party/heimdal_build: Determine whether time_t is signed
third_party/heimdal_build: Define fallthrough macro for switch statements
third_party/heimdal: import lorikeet-heimdal-202203010107 (commit
0e7a12404c388e831fe6933fcc3c86e7eb334825)
third_party/heimdal_build: Add source files to build
s4:kdc: Refactor HDB API
s4:kdc: Adapt to removal of auth event details
s4:kdc: Add 'not authorised' auth events
s4:kdc: Add referral policy callback
s4:kdc: Rename windc to kdc plugin
s4:kdc: Adapt to removal of auth audit event types
third_party/heimdal_build: Add SFU source file
s4:kdc: Explicitly set plugin minor version
third_party/heimdal_build: Don't generate .x source files
s4:kdc: Increment plugin minor version
s4:kdc: Adapt to hdb_entry_ex removal
s4:kdc: Adapt to removal of publicly accessible request structure members
s4-kdc: Handle previously unhandled auth event types
samba-tool: Fix typo
dsdb audit tests: Fix flapping test
dsdb audit tests: Use assert_in_range() for comparing timestamps
s4:policy: Fix ACE type comparison
python/ntacls.py: Fix ACE type comparison
s4-smbtorture: Fix typo in assertion message
wafsamba: Fix call to sorted()
python:tests: Add tests for SDDL SID strings
python: Use explicit SIDs instead of SDDL abbreviations
s4:rpc_server/lsa: Use explicit SID instead of SDDL abbreviation
sddl: Fix incorrect SDDL SID strings
sddl: Add new SDDL SID strings
sddl: Remove SDDL SID strings unsupported by Windows
python: Restore SDDL abbreviations for SIDs
selftest: Simplify krb5 test environments
tests/krb5: Improve mock RODC creation
tests/krb5: Simplify logic
s4:kdc: Fix copy-paste typo
tests/krb5: Remove accounts in reverse order of addition
tests/krb5: Add more encryption type constants
tests/krb5: Add account to cleanup list before adding it to database
tests/krb5: Remove unused import
tests/krb5: Add helper function to modify ticket flags
selftest/dbcheck: Fix up msDS-RevealedUsers links with deleted target DN
auth/credentials: Add encrypt_samr_password()
tests/krb5: Add tests for the Protected Users group
tests/password_lockout: Test NTLM and SAMR password changes with
Protected Users
tests/passwords: Test that LDAP password changes work for Protected Users
s4:provision_users.ldif: Add Protected Users group
dsdb/common: Add helper function for determining if account is in
Protected Users group
s4:kdc: Add function to get user_info_dc from database
s4:kdc: Add KDC support for Protected Users group
s4:auth: Disable NTLM authentication for Protected Users
s4:rpc_server/samr: Simplify lp_ctx expression
tests/sam: Ensure that Protected Users group cannot be deleted
functionalprep.sh: Add test for samba-tool add group --special
samba-tool group: Add --special parameter to add predefined special group
s4:rpc_server/samr: Use extended DN when searching for user
samba-tool delegation: Add function to display security descriptor for
RBCD
samba-tool delegation show: Display information for RBCD
samba-tool delegation: Add commands to add/remove principals for RBCD
samba-tool delegation: Clarify msDS-AllowedToDelegateTo delegation
command documentation
samba-tool: Return correct result for _get_user_realm_domain()
samba-tool: Check specified domain and realm against our own
Jule Anger (3):
VERSION: Bump version up to 4.17.0pre1...
s3:tests: Add a test to check the output of smbstatus.
s3:utils: assign ids to struct to list shares correctly
Martin Schwenke (37):
ctdb-recoverd: Always cancel election in progress
ctdb-recoverd: Consistently have caller set election-in-progress
ctdb-recoverd: Always send unknown leader broadcast when starting election
ctdb-recoverd: Consistently log start of election
ctdb-tests: Factor out functions to detect when generation changes
ctdb-tests: Add a test for stalled node triggering election
ctdb-tests: Add iteration support for protocol tests
ctdb-tests: Iterate protocol tests internally
util: Drop unused variable num_chars
util: Drop unused variable num_received
util: Drop unused variable mask_perms
vfs_not_implemented: do not mark structs with _PUBLIC_
source4/torture: Avoid unused variable
source4/torture: Drop unused variable tdif
source4/torture: Drop unused variable mask
source4/torture: Drop unused variable attribute
util: CID 1499409: Memory - corruptions (OVERLAPPING_COPY)
ctdb-tests: Dump a stack trace on abort
ctdb-tests: Fix missing #include for sigaction(2)
ctdb-protocol: CID 1499395: Uninitialized variables (UNINIT)
ctdb-packaging: Move RPM spec file to examples directory
ctdb-common: Add function ctdb_tunable_load_file()
ctdb-tests: Reformat script
ctdb-tests: Strip trailing newlines from expected result output
ctdb-tests: Add function test_case(), tweak unit test header format
ctdb-tests: Add unit tests for tunables code
ctdb-daemon: New function ctdb_tunables_load()
ctdb-daemon: Load tunables from ctdb.tunables
ctdb-scripts: No longer load tunables via 00.ctdb.script setup event
ctdb-doc: Update documentation for tunables configuration
ctdb-config: Drop CTDB_STARTUP_TIMEOUT
ctdb-scripts: Drop all public IPs in the "shutdown" event
ctdb-daemon: Don't release all public IPs during shutdown sequence
ctdb-scripts: Remove failsafe that drops all IPs on failed shutdown
ctdb-scripts: Drop uses of ctdbd_wrapper
ctdb-scripts: Drop unused ctdbd_wrapper
WHATSNEW: Document some CTDB changes
Pavel Filipenský (23):
s4:libnet: Fix trailing whitespace in libnet_vampire.c
s4:libnet: Fix uninitialized value "seq_num"
lib:replace: Fix trailing whitespace in os2_delete.c
lib:replace: Fix NULL issue reported by covscan
s3:modules: Implement dummy virus scanner that uses filename matching
docs-xml:manpages: Document 'dummy' virusfilter and 'virusfilter:infected
files'
selftest: Fix trailing whitespace in Samba3.pm
s3:selftest: Add test for virus scanner
s3:modules: Fix virusfilter_vfs_openat
s3:lib: Fix possible 32-bit arithmetic overflow
s3:script: Blackbox tests for the rpcclient DFS commands
s3:rpcclient: Fix trailing whitespace in cmd_dfs.c
s3:rpcclient: Fix crash in rpcclient
selftest: Create users "jackthemapper" and "jacknomapper"
selftest: Create groups "jackthemappergroup" and "jacknomappergroup"
selftest: Add to "username.map" mapping for jackthemappergroup
s3:tests Test "username map" for UNIX groups
s3:auth: Fix user_in_list() for UNIX groups
tevent: Fix trailing whitespaces
tevent: Move the code below the trigger check
tevent: Use internally an empty trigger function for blocker requests
tevent: Add tevent queue tracing support
tevent:tests: Test queue entry tags
Ralph Boehme (24):
s3/rpc_server: install elasticsearch_mappings.json
CVE-2021-44142: libadouble: add defines for icon lengths
CVE-2021-44142: smbd: add Netatalk xattr used by vfs_fruit to the list of
private Samba xattrs
CVE-2021-44142: libadouble: harden ad_unpack_xattrs()
CVE-2021-44142: libadouble: add basic cmocka tests
CVE-2021-44142: libadouble: harden parsing code
s3/libads: simplify storing existing ads->ldap.ss
s3/libads: ensure a sockaddr variable is correctly zero initialized
CI: remove shares referencing removed functionality
smbd: check "store dos attributes" settings in the async dosmode code
CI: add test "smb2.async_dosmode"
smbd: also check for NT_STATUS_NOT_SUPPORTED
CI: enable "smbd async dosmode" on shadow_write share
CI: add a test for async dosmode on a file in a shadow_copy2 snapshot
vfs_shadow_copy2: remove async getxattrat
smbd: expand DEBUG statement in smbd_dirptr_get_entry() to include the
dir and direntry name
CI: avoid smb2.twrp being run by plansmbtorture4testsuite() directly
CI: add a test listing a snapshotted directory
vfs_shadow_copy2: implement readdir()
vfs_fruit: change default for "fruit:zero_file_id" option to yes
CI: consolidate SMB2-FILEID and SMB2-FILEID-UNIQUE torture test suites
vfs: bump VFS version to 47
smbd: remove itime and file_id logic and code
smbd: consolidate nested if expressions
Samuel Cabrero (43):
s3:winbind: Reduce the level and improve a couple of debug messages
s3:libads: Fix memory leak in kerberos_return_pac() error path
lib:krb5_wrap: Improve debug message and use newer debug macro
lib:krb5_wrap: Fix wrong debug message and use newer debug macro
s3:libads: Return canonical principal and realm from kerberos_return_pac()
s3:winbind: Store canonical principal and realm in ccache entry
s3:winbind: Use the canonical principal name to renew the credentials
s3:winbind: Move the function to list trusted domains to
winbindd_dual_srv.c
s3:winbind: Remove list_all_domains condition always false
s3:winbind: Convert ListTrustedDomains parent/child call to NDR
examples: Update winbindd.stp and its generator script
s3:winbind: Convert wcache_opnum_cacheable() to a whitelist
s3:winbind: Return NTSTATUS from wbint_Ping() RPC function
s3:winbind: Convert Ping parent/child call to NDR
examples: Update winbindd.stp and its generator script
s3:winbind: Move functions to enable or disable cache to winbindd-lib
subsystem
s3:winbind: Move imessaging context init function to winbindd-lib
subsystem
s3:winbind: Move the function to get the privileged pipe dir to
winbindd-lib subsystem
s3:winbind: Move function to flush cache to winbindd-lib subsystem
s3:winbind: Move servide reload related functions to winbindd-lib
subsystem
s3:winbind: Rename terminate() function to winbindd_terminate()
s3:winbind: Move sigterm handling functions to winbindd-lib subsystem
s3:winbind: Move sighup handling related functions to winbindd-lib
subsystem
s3:winbind: Refactor check_info3_in_group() to take a wbint_SidArray
struct
s4:rpc_server: Fix duplicated function name between s3 and s4
s4:rpc_server: Fix duplicated function name between s3 and s4
selftest: Extend test_wbc_logon_user to test WBFLAG_PAM_UNIX_NAME flag
selftest: Add a test for PamLogOff
s3:winbind: Refactor append_unix_username(), do not take
winbindd_response struct as parameter
s3:winbind: Refactor append_afs_token(), do not take winbindd_response
struct as parameter
s3:winbind: Refactor winbindd_dual_pam_auth_kerberos(), do not take
winbindd_cli_state struct parameter
s3:winbind: Refactor winbindd_dual_pam_auth_kerberos(), return
netr_Validation
s3:winbind: Refactor winbindd_dual_pam_auth_cached(), use temporary
memory context
s3:winbind: Refactor winbindd_dual_pam_auth_cached(), delay out variable
assignment
s3:winbind: Refactor winbindd_dual_pam_auth_cached(), return krb5ccname
as out parameter
s3:winbind: Refactor winbindd_dual_pam_auth_cached(), avoid
winbindd_cli_state parameter
s3:winbind: Refactor winbindd_dual_pam_auth_cached(), return
netr_Validation
s3:winbind: Refactor fake_password_policy(), take netr_Validation as
argument
s3:winbind: Refactor log_authentication(), do not take winbindd_cli_state
struct parameter
s3:winbind: Make extra_data_to_sid_array() public
s3:winbind: Set local and remote addresses in the crafted dcesrv_conn
s3:winbind: Convert PamAuth from struct based to NDR based
examples: Update winbindd.stp and generate script
Sergey V. Lobanov (1):
wafsamba: replace 'echo -n' with printf
Stefan Metzmacher (131):
ldb: bump version to 2.6.0 for Samba 4.17.x releases
WHATSNEW: Start release notes for Samba 4.17.0pre1.
dcesrv_core: wrap gensec_*() calls in [un]become_root() calls
lib/util: split out a dump_data_block16() helper
blackbox.ndrdump: adjust example files to changed dump_data() output.
lib/util: add dump_data_diff*() helpers
ndrdump: make use of dump_data_file_diff() in order to show differences
blackbox.ndrdump: adjust example files to the usage of dump_data_diff
output.
s4:torture/ndr: demonstrate the ndr_push_string(STR_NOTERM|REMAINING) of
"" is wrong
librpc/ndr: let ndr_push_string() let s_len == 0 result in d_len = 0
blackbox.ndrdump: fix
test_ndrdump_fuzzed_NULL_struct_ntlmssp_CHALLENGE_MESSAGE test
selftest/quick: add smb2.session
libcli/smb: fix error checking in smb2_signing_decrypt_pdu() invalid
ptext_len
libcli/smb: let smb2_signing_decrypt_pdu() cope with
gnutls_aead_cipher_decrypt() ptext_len bug
script/autobuild.py: let nm_grep_symbols ignore __gcov_ symbols
s3:py_net: allow machinepass=None to py_net_join_member()
samba-tool/join_member: let py_net_join_member() choose the password
provision: use 120 characters for the dns account password
upgradehelpers.py: let update_machine_account_password() use 120
character passwords
provision: add a comment that the value of krbtgtpass is ignored in the
backend
upgradehelpers.py: add a comment to update_krbtgt_account_password()
s3:trusts_utils: use a password length of 120 for machine accounts
s4:sam: Don't use talloc_steal for msg attributes in
authsam_make_user_info_dc()
s4:kdc: hdb_samba4_audit() is only called once per request
third_party/heimdal: import lorikeet-heimdal-202203031927 (commit
7abc451ddd74d0c2e57dbb32f3198bde8def73ab)
s4:kdc: let pac functions in wdc-samba4.c take astgs_request_t
s4:kdc: redirect pre-authentication failures to an RWDC
python:tests: let insta_creds() also copy the bind_dn from the template
dsdb/tests: passwords.py don't need to import BasePasswordTestCase
dsdb/tests: let all BasePasswordTestCase tests provide
self.host_url[_ldaps]
dsdb/tests: make use of assertLoginFailure helper
dsdb/tests: introduce assertLoginSuccess
dsdb/tests: prepare BasePasswordTestCase for simple bind tests
dsdb/tests: add test_login_basics_simple()
s3:auth: let make_user_info_netlogon_interactive() set
USER_INFO_INTERACTIVE_LOGON
s4:auth_sam: use USER_INFO_INTERACTIVE_LOGON as inducation for an
interactive logon
s3:rpc_client: let rpccli_netlogon_network_logon() fallback to
workstation = lp_netbios_name()
s4:auth: a simple bind uses the DCs name as workstation
s4:auth: encrypt_user_info() should set password_state instead of
mapped_state
auth/ntlmssp: don't set mapped_state explicitly in auth_usersupplied_info
s4:smb_server: don't set mapped_state explicitly in auth_usersupplied_info
s4:dsdb: don't set mapped_state in auth_usersupplied_info for audit
logging
s4:kdc: don't set mapped_state in auth_usersupplied_info for audit logging
s4:rpc_server/samr: don't set mapped_state in auth_usersupplied_info for
audit logging
s4:auth: check for user_info->mapped.account_name if it needs to be filled
s4:auth: fix confusing DEBUG message in authsam_want_check()
s3:auth: make_user_info_map() should not set mapped_state
nsswitch: let test_wbinfo.sh also test wbinfo -a $USERNAME@$DOMAIN
winbindd: don't set mapped_state in winbindd_dual_auth_passdb()
s4:auth: rename user_info->mapped_state to user_info->cracknames_called
auth: let auth logging prefer
user_info->orig_client.{account,domain}_name if available
s4:auth: let authenticate_ldap_simple_bind() pass down the mapped nt4names
third_party/heimdal: import lorikeet-heimdal-202203101709 (commit
47863866da25cc21d292ce335a976b8b33fa1864)
docs-xml: add 'kdc enable fast' option
s4:kdc: make use of the 'kdc enable fast' option
selftest: use 'kdc enable fast = no' for fl2000 fl2003
third_party/heimdal: import lorikeet-heimdal-202203101710 (commit
df8d801544144949931cd742169be1207b239c3d)
s4:kdc: tunnel the check_client_access status to hdb_samba4_audit()
s4:kdc: simplify samba_kdc_message2entry by using
data_blob_string_const("computer")
replace: add explicit function pointer casting from dlsym() to avoid
warnings
s4:kdc: strictly have 2 16-bit parts in krbtgt kvnos
s4:kdc: remove unused mkvno from sdb_key
s4:kdc: let sdb_entry_to_hdb_entry() initialize *h at the beginning
s4:kdc: let sdb_entry_ex_to_krb5_db_entry() initialize 'k' at the
beginning
s4:kdc: let sdb_free_entry clear sdb_entry_ex at the end
s4:libnet: sdb_free_entry() already clears everything
s4:libnet: ask for SDB_F_ADMIN_DATA in order to create a keytab entry
s4:kdc: remove unused sdb_entry_ex->free_entry()
s4:kdc: call krb5_free_keyblock_contents() in free_sdb_key()
s4:kdc: don't leak salt in free_sdb_key()
s4:kdc: let samba_kdc_entry_destructor() call sdb_free_entry()
s4:kdc: make free_sdb_entry() static
s4:kdc: rename free_sdb_key() as public sdb_key_free() function
s4:kdc: split out a sdb_keys_free() helper function
s4:kdc: remove unused samba_kdc_entry->entry_ex
s4:kdc: let sdb_entry have a typed samba_kdc_entry pointer
s4:kdc: make the logic between ZERO_STRUCTP(entry_ex) and
sdb_free_entry(entry_ex) clearer
s4:kdc: let samba_kdc_entry take references to sdb_entry and kdc_entry
s4:kdc: expose a sdb_entry_to_krb5_db_entry() function
s4:kdc: expose sdb_entry_to_hdb_entry() function
s4:kdc: expose a sdb_entry_free() function
s4:kdc: add a samba_kdc_sort_keys() function using TYPESAFE_QSORT()
s4:kdc: only pass sdb_keys to samba_kdc_set_fixed_keys()
s4:kdc: only pass keys to samba_kdc_set_random_keys()
s4:kdc: remove Primary:Kerberos usage from samba_kdc_message2entry_keys()
s4:kdc: split out a samba_kdc_fill_user_keys() helper function
s4:kdc: remove unused principal argument to
samba_kdc_trust_message2entry()
s4:kdc: only pass sdb_entry to samba_kdc_message2entry_keys()
s4:kdc: s/entry_ex->entry\./entry->/g in samba_kdc_message2entry()
s4:kdc: only ZERO and free sdb_entry in samba_kdc_message2entry()
s4:kdc: s/entry_ex->entry\./entry->/g in samba_kdc_trust_message2entry()
s4:kdc: only ZERO and free sdb_entry in samba_kdc_trust_message2entry()
s4:kdc: only pass sdb_entry to samba_kdc_trust_message2entry()
s4:kdc: only pass sdb_entry to samba_kdc_message2entry()
s4:kdc: samba_kdc_lookup_realm() only needs sdb_entry
s4:kdc: samba_kdc_fetch_client() only needs sdb_entry
s4:kdc: samba_kdc_fetch_krbtgt() only needs sdb_entry
s4:kdc: samba_kdc_fetch_server() only needs sdb_entry
s4:kdc: samba_kdc_seq() only needs sdb_entry
s4:kdc: hdb_samba4_fetch_fast_cookie() don't need sdb_entry_ex
s4:kdc: use sdb_entry_to_hdb_entry() directly
s4:kdc: remove unused sdb_entry_ex_to_hdb_entry_ex()
s4:kdc: use sdb_entry_to_krb5_db_entry() directly
s4:kdc: remove unused sdb_entry_ex_to_kdb_entry_ex()
s4:kdc: samba_kdc_fetch() only needs sdb_entry
s4:kdc: samba_kdc_{first,next}key() only need sdb_entry
s4:libnet: avoid using sdb_entry_ex and use sdb_entry directly
s4:kdc: avoid using sdb_entry_ex in samba_wdc_reget_pac()
s4:kdc: avoid using sdb_entry_ex in mit_samba_get_principal()
s4:kdc: avoid using sdb_entry_ex in mit_samba_get_{first,next}key()
s4:kdc: avoid using sdb_entry_ex in netr_samlogon_generic_logon()
s4:kdc: avoid using sdb_entry_ex in hdb_samba4_fetch_kvno()
s4:kdc: avoid using sdb_entry_ex in hdb_samba4_{first,next}key()
s4:kdc: finally remove unused 'struct sdb_entry_ex'
s4:kdc: pass flags and kvno down to samba_kdc_message2entry_keys()
s4:kdc: add old and older keys to sdb_entry
s4:kdc: teach samba_kdc_message2entry_keys() to handle old and older keys
too
buildtools: remove unused testwaf.sh
lib/fuzzing/README.md: don't use waf directly
s4:selftest/provisions: make use of 'make testenv' and avoid direct waf
wafsamba: let test_duplicate_symbol.sh export PYTHONHASHSEED=1
configure/Makefile: export PYTHONHASHSEED=1 in all 'configure/Makefile'
scripts
ctdb/packaging/RPM: don't use waf directly
wafsamba: require PYTHONHASHSEED=1 to be exported
python/join: improve logging of join_replicate()
s4:dsdb/descriptor: split out struct descriptor_transaction
s4:dsdb/descriptor: add statistics for security descriptor propagation
s4:dsdb/descriptor: skip duplicates in
descriptor_extended_sec_desc_propagation()
s4:dsdb/descriptor: pass parent guid to
dsdb_module_schedule_sd_propagation()
s4:dsdb/descriptor: sort descriptor_changes tree based
s4:dsdb/descriptor: skip duplicates in descriptor_sd_propagation_object()
Thomas Debesse (2):
WHATSNEW: IRC is irc.libera.chat according to
https://www.samba.org/samba/irc.html
s4: dns: Add customizable dns port option
Vinit Agnihotri (1):
packaging: move CTDB service file to top-level
Volker Lendecke (136):
mdssvc: Align an integer type
torture: Align an integer type
smbd: Modernize a debug statement
smbd: Make directory_has_default_posix_acl() just take "dirfsp"
smbd: chmod_acl_internals() does not need connection_struct anymore
smbd: copy_access_posix_acl() just needs fsps these days
smbd: Simplify reopen_from_fsp() with an early return
vfs: Simplify fake_acls_stat() with an early return
sharesec: Add SEC_DIR_DELETE_CHILD to CHANGE permissions
lib: Fix CID 1465285 Double close
smbd: Fix CID 1497981: Null pointer dereferences (REVERSE_INULL)
libsmb: Avoid a call to SMBC_errno()
libsmb: Avoid a call to SMBC_errno()
libsmb: Avoid two calls to SMBC_errno()
libsmb: Avoid a call to SMBC_errno()
libsmb: Avoid a call to SMBC_errno()
libsmb: Avoid a call to SMBC_errno()
libsmb: Convert SMBC_getatr() to NTSTATUS
smbd: Fix open_pathref_base_fsp()'s implicit conn_cwd assumption
smbd: Avoid an "else" in file_set_dosmode()
smbd: Pass "dirfsp" and "smb_fname" to fd_open_atomic()
vfs: Fix a typo
lib: Simplify pm_process()
smbd: Slightly simplify create_file_unixpath()
smbd: Move the call to file_free() out of close_directory()
smbd: Move the call to file_free() out of close_normal_file()
smbd: Move the call to file_free() out of close_fake_file()
smbd: Call file_free() just once in close_file()
smbd: NULL out "fsp" in close_file()
smbd: No base fsps to close_file_free() from file_close_conn()
smbd: Factor out close_file_in_loop() from file_close_conn_fn()
smbd: No base fsps to close_file_free() from file_close_user()
smbd: Simplify the flow in close_file_free()
torture: Add a test to show that full_audit uses a ptr after free
smbd: Factor out fsp_unbind_smb() from file_free()
smbd: Introduce close_file_smb()
smbd: Only file_free() a self-created fsp in create_file_unixpath()
smbd: Introduce fsp_is_alternate_stream()
smbd: Introduce metadata_fsp()
smbd: Use fsp_is_alternate_stream() where an fsp is available
vfs: Simplify streams_xattr_unlinkat()
vfstest: Align two integer types
smbd: Safeguards for getpwuid
libsmb: Use fstrcpy where possible
ndrdump: Small simplification
torture: Align integer types
smbd: Simplify smbd_dirptr_lanman2_mode_fn()
libsmb: Avoid a call to SMBC_errno()
libsmb: Avoid a call to SMBC_errno()
vfs: Use fsp_get_pathref_fd() in aio_pthread
smbd: Slightly simplify openat_pathref_fsp()
smbd: Use fsp_is_alternate_stream(), we checked for fsp!=NULL above
vfs: Use is_named_stream() for checking if we have an ADS
smbd: Only open base_fsp for non-"::$DATA" streams
smbd: Simplify open_file_ntcreate()
smbd: Filter out "::$DATA" for query name information
smbd: Use ISDOT/ISDOTDOT
vfs: Fix a typo
vfs: Don't go through strnorm(..., CASE_LOWER)
smbd: Make strnorm() static to filename.c
smbd: Initialize a pointer
smbd: Make OpenDir_fsp() return NTSTATUS
smbd: Factor out OpenDir_ntstatus()
smbd: can_delete_directory_fsp() returns NTSTATUS
vfs: walk_streams() returns NTSTATUS
smbd: Initialize a pointer
smbd: Convert get_real_filename_full_scan() to OpenDir_ntstatus()
smbd: Fix a typo
smbd: We have the fsp available, use fsp_is_alternate_stream()
samba-dcerpcd: Silence a DEBUG message
lib: Use cp_smb_filename_nostream() in adouble_path()
lib: Simplify parent_dirname() by using talloc_strndup()
vfs: Fix a typo
vfs: Fix a typo
vfs: Set errno in an error return
smbd: Fix a typo
smbd: Fix a use-after-free
smbd: Remove a deref forgotten in c2ac6a9cd7b
smbd: Inherit acl from an fsp instead of a fname
smbd: Pass dirfsp instead of an fname to open_file()
smbd: Log close_file_free() failure in copy_internals()
smbd: Pass dirfsp instead of a parent filename to unix_mode
smbd: Remove unused "lret" variable from file_set_dosmode()
smbd: Save a few lines in file_set_dosmode() with "goto done;"
smbd: Fix indentation in rename_internals_fsp()
smbd: Make complex if-expression in file_set_dosmode() easier to read
vfs: Don't mask shadow_copy2_convert()'s errno
vfs: Add SMB_VFS_FSTATAT
vfs: Convert get_real_filename() to NTSTATUS
smbd: Simplify non_widelink_open()
smbd: Avoid some casts
printing: Fix a DBG message
vfs: Format a comment
smbd: Avoid two else statements
smbd: Avoid an else
smbd: Fix a typo
smbd: get_acl_group_bits() needs a fsp, not a name
smbd: Simplify dos_mode_check_compressed()
smbd: Simplify dos_mode_from_name() with ISDOT()/ISDOTDOT()
smbd: Pass dirfsp instead of fname to inherit_new_acl
smbd: Pass "dirfsp" and "smb_fname" to reopen_from_fsp()
smbd: Always use O_NONBLOCK in openat_pathref_fsp()
smbd: Mark fsp as directory after calling fstat()
smbd: No need to set O_DIRECTORY in openat_pathref_fsp()
smbd: Don't require a valid stat for openat_pathref_fsp()
smbd: Return ISLNK from non_widelink_open() in smb_fname
smbd: Remove a few vfs_stat() calls
smbd: Make non_widelink_open() robust for non-cwd dirfsp
lib: Slightly simplify add_interface()
lib: Add a pair of {}
lib: Use talloc_zero, save a ZERO_STRUCT
smbd: Avoid an "else"
smbd: Fix a misleading comment
smbd: Use ISDOT/ISDOTDOT in ReadDirName()
smbclient: strequal() -> ISDOT/ISDOTDOT
smbd: Make an if-statement in ReadDirName() a bit more readable
smbd: Fix a typo
lib: GENCACHE_RAM isn't used anymore
smbd: Fix create_file_unixpath()'s stream handling
smbd: Add a DEBUG to create_file_unixpath()
smbd: Simplify reply_rmdir()
smbd: Don't NULL out the "::$DATA" in openat_pathref_fsp()
smbd: Don't NULL out "::$DATA"
torture: Introduce error labels for vfstest's cmd_open()
torture: Create a base_fsp for a named stream in vfstest
vfs: Ensure we have a base fsp openat() for named streams
vfs: streams_xattr uses fsetxattr by now, remove an assert
smbd: Don't loose base_fsp statinfo in non_widelink_open
vfs: Simplify streams_depot_openat()
lib: Stay ASCII-compatible for toupper_m/tolower_m
streams_depot: Pass base_sbuf to stream_smb_fname()
streams_depot: Only create the subdirectories with O_CREAT
streams_depot: Simplify stream_dir()
modules: Use conn->cwd_fsp in fruit_open_rsrc_adouble()
smbd: Align open_file() argument order with reopen_from_fsp()
smbd: Use dirfsp and atname passed to open_file()
-----------------------------------------------------------------------
--
Samba Shared Repository
